diff options
Diffstat (limited to 'id/server/idserverlib/src/main/java/at/gv')
235 files changed, 25381 insertions, 5268 deletions
diff --git a/id/server/idserverlib/src/main/java/at/gv/e_government/reference/namespace/mandates/_20040701_/Issued.java b/id/server/idserverlib/src/main/java/at/gv/e_government/reference/namespace/mandates/_20040701_/Issued.java new file mode 100644 index 000000000..7219ada8f --- /dev/null +++ b/id/server/idserverlib/src/main/java/at/gv/e_government/reference/namespace/mandates/_20040701_/Issued.java @@ -0,0 +1,134 @@ +// +// This file was generated by the JavaTM Architecture for XML Binding(JAXB) Reference Implementation, vJAXB 2.1.10 in JDK 6 +// See <a href="http://java.sun.com/xml/jaxb">http://java.sun.com/xml/jaxb</a> +// Any modifications to this file will be lost upon recompilation of the source schema. +// Generated on: 2013.06.19 at 11:53:10 AM CEST +// + + +package at.gv.e_government.reference.namespace.mandates._20040701_; + +import javax.xml.bind.annotation.XmlAccessType; +import javax.xml.bind.annotation.XmlAccessorType; +import javax.xml.bind.annotation.XmlElement; +import javax.xml.bind.annotation.XmlRootElement; +import javax.xml.bind.annotation.XmlSchemaType; +import javax.xml.bind.annotation.XmlType; +import javax.xml.bind.annotation.adapters.CollapsedStringAdapter; +import javax.xml.bind.annotation.adapters.XmlJavaTypeAdapter; +import javax.xml.datatype.XMLGregorianCalendar; + + +/** + * <p>Java class for anonymous complex type. + * + * <p>The following schema fragment specifies the expected content contained within this class. + * + * <pre> + * <complexType> + * <complexContent> + * <restriction base="{http://www.w3.org/2001/XMLSchema}anyType"> + * <sequence> + * <element name="Place" type="{http://www.w3.org/2001/XMLSchema}token"/> + * <element name="Date" type="{http://reference.e-government.gv.at/namespace/mandates/20040701#}DateType"/> + * <element name="Time" type="{http://www.w3.org/2001/XMLSchema}time" minOccurs="0"/> + * </sequence> + * </restriction> + * </complexContent> + * </complexType> + * </pre> + * + * + */ +@XmlAccessorType(XmlAccessType.FIELD) +@XmlType(name = "", propOrder = { + "place", + "date", + "time" +}) +@XmlRootElement(name = "Issued") +public class Issued { + + @XmlElement(name = "Place", required = true) + @XmlJavaTypeAdapter(CollapsedStringAdapter.class) + @XmlSchemaType(name = "token") + protected String place; + @XmlElement(name = "Date", required = true) + protected String date; + @XmlElement(name = "Time") + @XmlSchemaType(name = "time") + protected XMLGregorianCalendar time; + + /** + * Gets the value of the place property. + * + * @return + * possible object is + * {@link String } + * + */ + public String getPlace() { + return place; + } + + /** + * Sets the value of the place property. + * + * @param value + * allowed object is + * {@link String } + * + */ + public void setPlace(String value) { + this.place = value; + } + + /** + * Gets the value of the date property. + * + * @return + * possible object is + * {@link String } + * + */ + public String getDate() { + return date; + } + + /** + * Sets the value of the date property. + * + * @param value + * allowed object is + * {@link String } + * + */ + public void setDate(String value) { + this.date = value; + } + + /** + * Gets the value of the time property. + * + * @return + * possible object is + * {@link XMLGregorianCalendar } + * + */ + public XMLGregorianCalendar getTime() { + return time; + } + + /** + * Sets the value of the time property. + * + * @param value + * allowed object is + * {@link XMLGregorianCalendar } + * + */ + public void setTime(XMLGregorianCalendar value) { + this.time = value; + } + +} diff --git a/id/server/idserverlib/src/main/java/at/gv/e_government/reference/namespace/mandates/_20040701_/Mandate.java b/id/server/idserverlib/src/main/java/at/gv/e_government/reference/namespace/mandates/_20040701_/Mandate.java new file mode 100644 index 000000000..11e0b274e --- /dev/null +++ b/id/server/idserverlib/src/main/java/at/gv/e_government/reference/namespace/mandates/_20040701_/Mandate.java @@ -0,0 +1,346 @@ +// +// This file was generated by the JavaTM Architecture for XML Binding(JAXB) Reference Implementation, vJAXB 2.1.10 in JDK 6 +// See <a href="http://java.sun.com/xml/jaxb">http://java.sun.com/xml/jaxb</a> +// Any modifications to this file will be lost upon recompilation of the source schema. +// Generated on: 2013.06.19 at 11:53:10 AM CEST +// + + +package at.gv.e_government.reference.namespace.mandates._20040701_; + +import java.util.ArrayList; +import java.util.List; +import javax.xml.bind.annotation.XmlAccessType; +import javax.xml.bind.annotation.XmlAccessorType; +import javax.xml.bind.annotation.XmlAttribute; +import javax.xml.bind.annotation.XmlElement; +import javax.xml.bind.annotation.XmlRootElement; +import javax.xml.bind.annotation.XmlSchemaType; +import javax.xml.bind.annotation.XmlType; +import javax.xml.bind.annotation.adapters.CollapsedStringAdapter; +import javax.xml.bind.annotation.adapters.XmlJavaTypeAdapter; +import at.gv.e_government.reference.namespace.persondata._20020228_.PhysicalPersonType; +import org.w3._2000._09.xmldsig_.SignatureType; + + +/** + * <p>Java class for anonymous complex type. + * + * <p>The following schema fragment specifies the expected content contained within this class. + * + * <pre> + * <complexType> + * <complexContent> + * <restriction base="{http://www.w3.org/2001/XMLSchema}anyType"> + * <sequence> + * <element ref="{http://reference.e-government.gv.at/namespace/mandates/20040701#}Annotation" minOccurs="0"/> + * <element ref="{http://reference.e-government.gv.at/namespace/mandates/20040701#}StatusInformationService" minOccurs="0"/> + * <element ref="{http://reference.e-government.gv.at/namespace/mandates/20040701#}Representative"/> + * <element ref="{http://reference.e-government.gv.at/namespace/mandates/20040701#}Mandator"/> + * <element ref="{http://reference.e-government.gv.at/namespace/mandates/20040701#}Intermediary" maxOccurs="unbounded" minOccurs="0"/> + * <element ref="{http://reference.e-government.gv.at/namespace/mandates/20040701#}Issued"/> + * <element ref="{http://reference.e-government.gv.at/namespace/mandates/20040701#}Properties" minOccurs="0"/> + * <choice maxOccurs="unbounded"> + * <element ref="{http://reference.e-government.gv.at/namespace/mandates/20040701#}SimpleMandateContent"/> + * </choice> + * <element ref="{http://www.w3.org/2000/09/xmldsig#}Signature"/> + * </sequence> + * <attribute name="MandateID" use="required" type="{http://www.w3.org/2001/XMLSchema}token" /> + * </restriction> + * </complexContent> + * </complexType> + * </pre> + * + * + */ +@XmlAccessorType(XmlAccessType.FIELD) +@XmlType(name = "", propOrder = { + "annotation", + "statusInformationService", + "representative", + "mandator", + "intermediary", + "issued", + "properties", + "simpleMandateContent", + "signature" +}) +@XmlRootElement(name = "Mandate") +public class Mandate { + + @XmlElement(name = "Annotation") + @XmlJavaTypeAdapter(CollapsedStringAdapter.class) + protected String annotation; + @XmlElement(name = "StatusInformationService") + @XmlSchemaType(name = "anyURI") + protected String statusInformationService; + @XmlElement(name = "Representative", required = true) + protected Representative representative; + @XmlElement(name = "Mandator", required = true) + protected Mandator mandator; + @XmlElement(name = "Intermediary") + protected List<PhysicalPersonType> intermediary; + @XmlElement(name = "Issued", required = true) + protected Issued issued; + @XmlElement(name = "Properties") + protected PropertiesType properties; + @XmlElement(name = "SimpleMandateContent") + protected List<SimpleMandateContentType> simpleMandateContent; + @XmlElement(name = "Signature", namespace = "http://www.w3.org/2000/09/xmldsig#", required = true) + protected SignatureType signature; + @XmlAttribute(name = "MandateID", required = true) + @XmlJavaTypeAdapter(CollapsedStringAdapter.class) + @XmlSchemaType(name = "token") + protected String mandateID; + + /** + * Gets the value of the annotation property. + * + * @return + * possible object is + * {@link String } + * + */ + public String getAnnotation() { + return annotation; + } + + /** + * Sets the value of the annotation property. + * + * @param value + * allowed object is + * {@link String } + * + */ + public void setAnnotation(String value) { + this.annotation = value; + } + + /** + * Gets the value of the statusInformationService property. + * + * @return + * possible object is + * {@link String } + * + */ + public String getStatusInformationService() { + return statusInformationService; + } + + /** + * Sets the value of the statusInformationService property. + * + * @param value + * allowed object is + * {@link String } + * + */ + public void setStatusInformationService(String value) { + this.statusInformationService = value; + } + + /** + * Gets the value of the representative property. + * + * @return + * possible object is + * {@link Representative } + * + */ + public Representative getRepresentative() { + return representative; + } + + /** + * Sets the value of the representative property. + * + * @param value + * allowed object is + * {@link Representative } + * + */ + public void setRepresentative(Representative value) { + this.representative = value; + } + + /** + * Gets the value of the mandator property. + * + * @return + * possible object is + * {@link Mandator } + * + */ + public Mandator getMandator() { + return mandator; + } + + /** + * Sets the value of the mandator property. + * + * @param value + * allowed object is + * {@link Mandator } + * + */ + public void setMandator(Mandator value) { + this.mandator = value; + } + + /** + * Gets the value of the intermediary property. + * + * <p> + * This accessor method returns a reference to the live list, + * not a snapshot. Therefore any modification you make to the + * returned list will be present inside the JAXB object. + * This is why there is not a <CODE>set</CODE> method for the intermediary property. + * + * <p> + * For example, to add a new item, do as follows: + * <pre> + * getIntermediary().add(newItem); + * </pre> + * + * + * <p> + * Objects of the following type(s) are allowed in the list + * {@link PhysicalPersonType } + * + * + */ + public List<PhysicalPersonType> getIntermediary() { + if (intermediary == null) { + intermediary = new ArrayList<PhysicalPersonType>(); + } + return this.intermediary; + } + + /** + * Gets the value of the issued property. + * + * @return + * possible object is + * {@link Issued } + * + */ + public Issued getIssued() { + return issued; + } + + /** + * Sets the value of the issued property. + * + * @param value + * allowed object is + * {@link Issued } + * + */ + public void setIssued(Issued value) { + this.issued = value; + } + + /** + * Gets the value of the properties property. + * + * @return + * possible object is + * {@link PropertiesType } + * + */ + public PropertiesType getProperties() { + return properties; + } + + /** + * Sets the value of the properties property. + * + * @param value + * allowed object is + * {@link PropertiesType } + * + */ + public void setProperties(PropertiesType value) { + this.properties = value; + } + + /** + * Gets the value of the simpleMandateContent property. + * + * <p> + * This accessor method returns a reference to the live list, + * not a snapshot. Therefore any modification you make to the + * returned list will be present inside the JAXB object. + * This is why there is not a <CODE>set</CODE> method for the simpleMandateContent property. + * + * <p> + * For example, to add a new item, do as follows: + * <pre> + * getSimpleMandateContent().add(newItem); + * </pre> + * + * + * <p> + * Objects of the following type(s) are allowed in the list + * {@link SimpleMandateContentType } + * + * + */ + public List<SimpleMandateContentType> getSimpleMandateContent() { + if (simpleMandateContent == null) { + simpleMandateContent = new ArrayList<SimpleMandateContentType>(); + } + return this.simpleMandateContent; + } + + /** + * Gets the value of the signature property. + * + * @return + * possible object is + * {@link SignatureType } + * + */ + public SignatureType getSignature() { + return signature; + } + + /** + * Sets the value of the signature property. + * + * @param value + * allowed object is + * {@link SignatureType } + * + */ + public void setSignature(SignatureType value) { + this.signature = value; + } + + /** + * Gets the value of the mandateID property. + * + * @return + * possible object is + * {@link String } + * + */ + public String getMandateID() { + return mandateID; + } + + /** + * Sets the value of the mandateID property. + * + * @param value + * allowed object is + * {@link String } + * + */ + public void setMandateID(String value) { + this.mandateID = value; + } + +} diff --git a/id/server/idserverlib/src/main/java/at/gv/e_government/reference/namespace/mandates/_20040701_/Mandator.java b/id/server/idserverlib/src/main/java/at/gv/e_government/reference/namespace/mandates/_20040701_/Mandator.java new file mode 100644 index 000000000..0fb50c06a --- /dev/null +++ b/id/server/idserverlib/src/main/java/at/gv/e_government/reference/namespace/mandates/_20040701_/Mandator.java @@ -0,0 +1,101 @@ +// +// This file was generated by the JavaTM Architecture for XML Binding(JAXB) Reference Implementation, vJAXB 2.1.10 in JDK 6 +// See <a href="http://java.sun.com/xml/jaxb">http://java.sun.com/xml/jaxb</a> +// Any modifications to this file will be lost upon recompilation of the source schema. +// Generated on: 2013.06.19 at 11:53:10 AM CEST +// + + +package at.gv.e_government.reference.namespace.mandates._20040701_; + +import javax.xml.bind.annotation.XmlAccessType; +import javax.xml.bind.annotation.XmlAccessorType; +import javax.xml.bind.annotation.XmlElement; +import javax.xml.bind.annotation.XmlRootElement; +import javax.xml.bind.annotation.XmlType; +import at.gv.e_government.reference.namespace.persondata._20020228_.CorporateBodyType; +import at.gv.e_government.reference.namespace.persondata._20020228_.PhysicalPersonType; + + +/** + * <p>Java class for anonymous complex type. + * + * <p>The following schema fragment specifies the expected content contained within this class. + * + * <pre> + * <complexType> + * <complexContent> + * <restriction base="{http://www.w3.org/2001/XMLSchema}anyType"> + * <choice> + * <element ref="{http://reference.e-government.gv.at/namespace/persondata/20020228#}PhysicalPerson"/> + * <element ref="{http://reference.e-government.gv.at/namespace/persondata/20020228#}CorporateBody"/> + * </choice> + * </restriction> + * </complexContent> + * </complexType> + * </pre> + * + * + */ +@XmlAccessorType(XmlAccessType.FIELD) +@XmlType(name = "", propOrder = { + "physicalPerson", + "corporateBody" +}) +@XmlRootElement(name = "Mandator") +public class Mandator { + + @XmlElement(name = "PhysicalPerson", namespace = "http://reference.e-government.gv.at/namespace/persondata/20020228#") + protected PhysicalPersonType physicalPerson; + @XmlElement(name = "CorporateBody", namespace = "http://reference.e-government.gv.at/namespace/persondata/20020228#") + protected CorporateBodyType corporateBody; + + /** + * Gets the value of the physicalPerson property. + * + * @return + * possible object is + * {@link PhysicalPersonType } + * + */ + public PhysicalPersonType getPhysicalPerson() { + return physicalPerson; + } + + /** + * Sets the value of the physicalPerson property. + * + * @param value + * allowed object is + * {@link PhysicalPersonType } + * + */ + public void setPhysicalPerson(PhysicalPersonType value) { + this.physicalPerson = value; + } + + /** + * Gets the value of the corporateBody property. + * + * @return + * possible object is + * {@link CorporateBodyType } + * + */ + public CorporateBodyType getCorporateBody() { + return corporateBody; + } + + /** + * Sets the value of the corporateBody property. + * + * @param value + * allowed object is + * {@link CorporateBodyType } + * + */ + public void setCorporateBody(CorporateBodyType value) { + this.corporateBody = value; + } + +} diff --git a/id/server/idserverlib/src/main/java/at/gv/e_government/reference/namespace/mandates/_20040701_/ObjectFactory.java b/id/server/idserverlib/src/main/java/at/gv/e_government/reference/namespace/mandates/_20040701_/ObjectFactory.java new file mode 100644 index 000000000..19e9eba0b --- /dev/null +++ b/id/server/idserverlib/src/main/java/at/gv/e_government/reference/namespace/mandates/_20040701_/ObjectFactory.java @@ -0,0 +1,286 @@ +// +// This file was generated by the JavaTM Architecture for XML Binding(JAXB) Reference Implementation, vJAXB 2.1.10 in JDK 6 +// See <a href="http://java.sun.com/xml/jaxb">http://java.sun.com/xml/jaxb</a> +// Any modifications to this file will be lost upon recompilation of the source schema. +// Generated on: 2013.06.19 at 11:53:10 AM CEST +// + + +package at.gv.e_government.reference.namespace.mandates._20040701_; + +import javax.xml.bind.JAXBElement; +import javax.xml.bind.annotation.XmlElementDecl; +import javax.xml.bind.annotation.XmlRegistry; +import javax.xml.bind.annotation.adapters.CollapsedStringAdapter; +import javax.xml.bind.annotation.adapters.XmlJavaTypeAdapter; +import javax.xml.namespace.QName; +import at.gv.e_government.reference.namespace.persondata._20020228_.PhysicalPersonType; + + +/** + * This object contains factory methods for each + * Java content interface and Java element interface + * generated in the at.gv.e_government.reference.namespace.mandates._20040701_ package. + * <p>An ObjectFactory allows you to programatically + * construct new instances of the Java representation + * for XML content. The Java representation of XML + * content can consist of schema derived interfaces + * and classes representing the binding of schema + * type definitions, element declarations and model + * groups. Factory methods for each of these are + * provided in this class. + * + */ +@XmlRegistry +public class ObjectFactory { + + private final static QName _Intermediary_QNAME = new QName("http://reference.e-government.gv.at/namespace/mandates/20040701#", "Intermediary"); + private final static QName _ParameterisedDescription_QNAME = new QName("http://reference.e-government.gv.at/namespace/mandates/20040701#", "ParameterisedDescription"); + private final static QName _ParameterisedText_QNAME = new QName("http://reference.e-government.gv.at/namespace/mandates/20040701#", "ParameterisedText"); + private final static QName _TextualDescription_QNAME = new QName("http://reference.e-government.gv.at/namespace/mandates/20040701#", "TextualDescription"); + private final static QName _Annotation_QNAME = new QName("http://reference.e-government.gv.at/namespace/mandates/20040701#", "Annotation"); + private final static QName _AnyConstraints_QNAME = new QName("http://reference.e-government.gv.at/namespace/mandates/20040701#", "AnyConstraints"); + private final static QName _ValidFrom_QNAME = new QName("http://reference.e-government.gv.at/namespace/mandates/20040701#", "ValidFrom"); + private final static QName _SimpleMandateContent_QNAME = new QName("http://reference.e-government.gv.at/namespace/mandates/20040701#", "SimpleMandateContent"); + private final static QName _StatusInformationService_QNAME = new QName("http://reference.e-government.gv.at/namespace/mandates/20040701#", "StatusInformationService"); + private final static QName _Properties_QNAME = new QName("http://reference.e-government.gv.at/namespace/mandates/20040701#", "Properties"); + private final static QName _ValidTo_QNAME = new QName("http://reference.e-government.gv.at/namespace/mandates/20040701#", "ValidTo"); + + /** + * Create a new ObjectFactory that can be used to create new instances of schema derived classes for package: at.gv.e_government.reference.namespace.mandates._20040701_ + * + */ + public ObjectFactory() { + } + + /** + * Create an instance of {@link SimpleMandateContentType } + * + */ + public SimpleMandateContentType createSimpleMandateContentType() { + return new SimpleMandateContentType(); + } + + /** + * Create an instance of {@link Issued } + * + */ + public Issued createIssued() { + return new Issued(); + } + + /** + * Create an instance of {@link ParameterisedTextType } + * + */ + public ParameterisedTextType createParameterisedTextType() { + return new ParameterisedTextType(); + } + + /** + * Create an instance of {@link SimpleMandateContentType.CollectiveConstraint } + * + */ + public SimpleMandateContentType.CollectiveConstraint createSimpleMandateContentTypeCollectiveConstraint() { + return new SimpleMandateContentType.CollectiveConstraint(); + } + + /** + * Create an instance of {@link SetParameter } + * + */ + public SetParameter createSetParameter() { + return new SetParameter(); + } + + /** + * Create an instance of {@link PasteParameter } + * + */ + public PasteParameter createPasteParameter() { + return new PasteParameter(); + } + + /** + * Create an instance of {@link SimpleMandateContentType.TimeConstraint } + * + */ + public SimpleMandateContentType.TimeConstraint createSimpleMandateContentTypeTimeConstraint() { + return new SimpleMandateContentType.TimeConstraint(); + } + + /** + * Create an instance of {@link Representative } + * + */ + public Representative createRepresentative() { + return new Representative(); + } + + /** + * Create an instance of {@link ParameterDefinition } + * + */ + public ParameterDefinition createParameterDefinition() { + return new ParameterDefinition(); + } + + /** + * Create an instance of {@link SimpleMandateContentType.References.MandateID } + * + */ + public SimpleMandateContentType.References.MandateID createSimpleMandateContentTypeReferencesMandateID() { + return new SimpleMandateContentType.References.MandateID(); + } + + /** + * Create an instance of {@link Mandate } + * + */ + public Mandate createMandate() { + return new Mandate(); + } + + /** + * Create an instance of {@link PropertiesType } + * + */ + public PropertiesType createPropertiesType() { + return new PropertiesType(); + } + + /** + * Create an instance of {@link SimpleMandateContentType.TransactionLimit } + * + */ + public SimpleMandateContentType.TransactionLimit createSimpleMandateContentTypeTransactionLimit() { + return new SimpleMandateContentType.TransactionLimit(); + } + + /** + * Create an instance of {@link ParameterisedDescriptionType } + * + */ + public ParameterisedDescriptionType createParameterisedDescriptionType() { + return new ParameterisedDescriptionType(); + } + + /** + * Create an instance of {@link Mandator } + * + */ + public Mandator createMandator() { + return new Mandator(); + } + + /** + * Create an instance of {@link SimpleMandateContentType.References } + * + */ + public SimpleMandateContentType.References createSimpleMandateContentTypeReferences() { + return new SimpleMandateContentType.References(); + } + + /** + * Create an instance of {@link JAXBElement }{@code <}{@link PhysicalPersonType }{@code >}} + * + */ + @XmlElementDecl(namespace = "http://reference.e-government.gv.at/namespace/mandates/20040701#", name = "Intermediary") + public JAXBElement<PhysicalPersonType> createIntermediary(PhysicalPersonType value) { + return new JAXBElement<PhysicalPersonType>(_Intermediary_QNAME, PhysicalPersonType.class, null, value); + } + + /** + * Create an instance of {@link JAXBElement }{@code <}{@link ParameterisedDescriptionType }{@code >}} + * + */ + @XmlElementDecl(namespace = "http://reference.e-government.gv.at/namespace/mandates/20040701#", name = "ParameterisedDescription") + public JAXBElement<ParameterisedDescriptionType> createParameterisedDescription(ParameterisedDescriptionType value) { + return new JAXBElement<ParameterisedDescriptionType>(_ParameterisedDescription_QNAME, ParameterisedDescriptionType.class, null, value); + } + + /** + * Create an instance of {@link JAXBElement }{@code <}{@link ParameterisedTextType }{@code >}} + * + */ + @XmlElementDecl(namespace = "http://reference.e-government.gv.at/namespace/mandates/20040701#", name = "ParameterisedText") + public JAXBElement<ParameterisedTextType> createParameterisedText(ParameterisedTextType value) { + return new JAXBElement<ParameterisedTextType>(_ParameterisedText_QNAME, ParameterisedTextType.class, null, value); + } + + /** + * Create an instance of {@link JAXBElement }{@code <}{@link String }{@code >}} + * + */ + @XmlElementDecl(namespace = "http://reference.e-government.gv.at/namespace/mandates/20040701#", name = "TextualDescription") + @XmlJavaTypeAdapter(CollapsedStringAdapter.class) + public JAXBElement<String> createTextualDescription(String value) { + return new JAXBElement<String>(_TextualDescription_QNAME, String.class, null, value); + } + + /** + * Create an instance of {@link JAXBElement }{@code <}{@link String }{@code >}} + * + */ + @XmlElementDecl(namespace = "http://reference.e-government.gv.at/namespace/mandates/20040701#", name = "Annotation") + @XmlJavaTypeAdapter(CollapsedStringAdapter.class) + public JAXBElement<String> createAnnotation(String value) { + return new JAXBElement<String>(_Annotation_QNAME, String.class, null, value); + } + + /** + * Create an instance of {@link JAXBElement }{@code <}{@link String }{@code >}} + * + */ + @XmlElementDecl(namespace = "http://reference.e-government.gv.at/namespace/mandates/20040701#", name = "AnyConstraints") + @XmlJavaTypeAdapter(CollapsedStringAdapter.class) + public JAXBElement<String> createAnyConstraints(String value) { + return new JAXBElement<String>(_AnyConstraints_QNAME, String.class, null, value); + } + + /** + * Create an instance of {@link JAXBElement }{@code <}{@link String }{@code >}} + * + */ + @XmlElementDecl(namespace = "http://reference.e-government.gv.at/namespace/mandates/20040701#", name = "ValidFrom") + public JAXBElement<String> createValidFrom(String value) { + return new JAXBElement<String>(_ValidFrom_QNAME, String.class, null, value); + } + + /** + * Create an instance of {@link JAXBElement }{@code <}{@link SimpleMandateContentType }{@code >}} + * + */ + @XmlElementDecl(namespace = "http://reference.e-government.gv.at/namespace/mandates/20040701#", name = "SimpleMandateContent") + public JAXBElement<SimpleMandateContentType> createSimpleMandateContent(SimpleMandateContentType value) { + return new JAXBElement<SimpleMandateContentType>(_SimpleMandateContent_QNAME, SimpleMandateContentType.class, null, value); + } + + /** + * Create an instance of {@link JAXBElement }{@code <}{@link String }{@code >}} + * + */ + @XmlElementDecl(namespace = "http://reference.e-government.gv.at/namespace/mandates/20040701#", name = "StatusInformationService") + public JAXBElement<String> createStatusInformationService(String value) { + return new JAXBElement<String>(_StatusInformationService_QNAME, String.class, null, value); + } + + /** + * Create an instance of {@link JAXBElement }{@code <}{@link PropertiesType }{@code >}} + * + */ + @XmlElementDecl(namespace = "http://reference.e-government.gv.at/namespace/mandates/20040701#", name = "Properties") + public JAXBElement<PropertiesType> createProperties(PropertiesType value) { + return new JAXBElement<PropertiesType>(_Properties_QNAME, PropertiesType.class, null, value); + } + + /** + * Create an instance of {@link JAXBElement }{@code <}{@link String }{@code >}} + * + */ + @XmlElementDecl(namespace = "http://reference.e-government.gv.at/namespace/mandates/20040701#", name = "ValidTo") + public JAXBElement<String> createValidTo(String value) { + return new JAXBElement<String>(_ValidTo_QNAME, String.class, null, value); + } + +} diff --git a/id/server/idserverlib/src/main/java/at/gv/e_government/reference/namespace/mandates/_20040701_/ParameterDefinition.java b/id/server/idserverlib/src/main/java/at/gv/e_government/reference/namespace/mandates/_20040701_/ParameterDefinition.java new file mode 100644 index 000000000..703d48005 --- /dev/null +++ b/id/server/idserverlib/src/main/java/at/gv/e_government/reference/namespace/mandates/_20040701_/ParameterDefinition.java @@ -0,0 +1,78 @@ +// +// This file was generated by the JavaTM Architecture for XML Binding(JAXB) Reference Implementation, vJAXB 2.1.10 in JDK 6 +// See <a href="http://java.sun.com/xml/jaxb">http://java.sun.com/xml/jaxb</a> +// Any modifications to this file will be lost upon recompilation of the source schema. +// Generated on: 2013.06.19 at 11:53:10 AM CEST +// + + +package at.gv.e_government.reference.namespace.mandates._20040701_; + +import java.util.ArrayList; +import java.util.List; +import javax.xml.bind.annotation.XmlAccessType; +import javax.xml.bind.annotation.XmlAccessorType; +import javax.xml.bind.annotation.XmlElement; +import javax.xml.bind.annotation.XmlRootElement; +import javax.xml.bind.annotation.XmlType; + + +/** + * <p>Java class for anonymous complex type. + * + * <p>The following schema fragment specifies the expected content contained within this class. + * + * <pre> + * <complexType> + * <complexContent> + * <restriction base="{http://www.w3.org/2001/XMLSchema}anyType"> + * <sequence maxOccurs="unbounded" minOccurs="0"> + * <element ref="{http://reference.e-government.gv.at/namespace/mandates/20040701#}SetParameter"/> + * </sequence> + * </restriction> + * </complexContent> + * </complexType> + * </pre> + * + * + */ +@XmlAccessorType(XmlAccessType.FIELD) +@XmlType(name = "", propOrder = { + "setParameter" +}) +@XmlRootElement(name = "ParameterDefinition") +public class ParameterDefinition { + + @XmlElement(name = "SetParameter") + protected List<SetParameter> setParameter; + + /** + * Gets the value of the setParameter property. + * + * <p> + * This accessor method returns a reference to the live list, + * not a snapshot. Therefore any modification you make to the + * returned list will be present inside the JAXB object. + * This is why there is not a <CODE>set</CODE> method for the setParameter property. + * + * <p> + * For example, to add a new item, do as follows: + * <pre> + * getSetParameter().add(newItem); + * </pre> + * + * + * <p> + * Objects of the following type(s) are allowed in the list + * {@link SetParameter } + * + * + */ + public List<SetParameter> getSetParameter() { + if (setParameter == null) { + setParameter = new ArrayList<SetParameter>(); + } + return this.setParameter; + } + +} diff --git a/id/server/idserverlib/src/main/java/at/gv/e_government/reference/namespace/mandates/_20040701_/ParameterisedDescriptionType.java b/id/server/idserverlib/src/main/java/at/gv/e_government/reference/namespace/mandates/_20040701_/ParameterisedDescriptionType.java new file mode 100644 index 000000000..e064e5379 --- /dev/null +++ b/id/server/idserverlib/src/main/java/at/gv/e_government/reference/namespace/mandates/_20040701_/ParameterisedDescriptionType.java @@ -0,0 +1,99 @@ +// +// This file was generated by the JavaTM Architecture for XML Binding(JAXB) Reference Implementation, vJAXB 2.1.10 in JDK 6 +// See <a href="http://java.sun.com/xml/jaxb">http://java.sun.com/xml/jaxb</a> +// Any modifications to this file will be lost upon recompilation of the source schema. +// Generated on: 2013.06.19 at 11:53:10 AM CEST +// + + +package at.gv.e_government.reference.namespace.mandates._20040701_; + +import javax.xml.bind.annotation.XmlAccessType; +import javax.xml.bind.annotation.XmlAccessorType; +import javax.xml.bind.annotation.XmlElement; +import javax.xml.bind.annotation.XmlType; + + +/** + * complex type for a parameterised description + * + * <p>Java class for ParameterisedDescriptionType complex type. + * + * <p>The following schema fragment specifies the expected content contained within this class. + * + * <pre> + * <complexType name="ParameterisedDescriptionType"> + * <complexContent> + * <restriction base="{http://www.w3.org/2001/XMLSchema}anyType"> + * <sequence> + * <element ref="{http://reference.e-government.gv.at/namespace/mandates/20040701#}ParameterisedText"/> + * <element ref="{http://reference.e-government.gv.at/namespace/mandates/20040701#}ParameterDefinition"/> + * </sequence> + * </restriction> + * </complexContent> + * </complexType> + * </pre> + * + * + */ +@XmlAccessorType(XmlAccessType.FIELD) +@XmlType(name = "ParameterisedDescriptionType", propOrder = { + "parameterisedText", + "parameterDefinition" +}) +public class ParameterisedDescriptionType { + + @XmlElement(name = "ParameterisedText", required = true) + protected ParameterisedTextType parameterisedText; + @XmlElement(name = "ParameterDefinition", required = true) + protected ParameterDefinition parameterDefinition; + + /** + * Gets the value of the parameterisedText property. + * + * @return + * possible object is + * {@link ParameterisedTextType } + * + */ + public ParameterisedTextType getParameterisedText() { + return parameterisedText; + } + + /** + * Sets the value of the parameterisedText property. + * + * @param value + * allowed object is + * {@link ParameterisedTextType } + * + */ + public void setParameterisedText(ParameterisedTextType value) { + this.parameterisedText = value; + } + + /** + * Gets the value of the parameterDefinition property. + * + * @return + * possible object is + * {@link ParameterDefinition } + * + */ + public ParameterDefinition getParameterDefinition() { + return parameterDefinition; + } + + /** + * Sets the value of the parameterDefinition property. + * + * @param value + * allowed object is + * {@link ParameterDefinition } + * + */ + public void setParameterDefinition(ParameterDefinition value) { + this.parameterDefinition = value; + } + +} diff --git a/id/server/idserverlib/src/main/java/at/gv/e_government/reference/namespace/mandates/_20040701_/ParameterisedTextType.java b/id/server/idserverlib/src/main/java/at/gv/e_government/reference/namespace/mandates/_20040701_/ParameterisedTextType.java new file mode 100644 index 000000000..7d086cf67 --- /dev/null +++ b/id/server/idserverlib/src/main/java/at/gv/e_government/reference/namespace/mandates/_20040701_/ParameterisedTextType.java @@ -0,0 +1,81 @@ +// +// This file was generated by the JavaTM Architecture for XML Binding(JAXB) Reference Implementation, vJAXB 2.1.10 in JDK 6 +// See <a href="http://java.sun.com/xml/jaxb">http://java.sun.com/xml/jaxb</a> +// Any modifications to this file will be lost upon recompilation of the source schema. +// Generated on: 2013.06.19 at 11:53:10 AM CEST +// + + +package at.gv.e_government.reference.namespace.mandates._20040701_; + +import java.util.ArrayList; +import java.util.List; +import javax.xml.bind.annotation.XmlAccessType; +import javax.xml.bind.annotation.XmlAccessorType; +import javax.xml.bind.annotation.XmlElementRef; +import javax.xml.bind.annotation.XmlMixed; +import javax.xml.bind.annotation.XmlType; + + +/** + * complex type for describing a parameterised text + * + * <p>Java class for ParameterisedTextType complex type. + * + * <p>The following schema fragment specifies the expected content contained within this class. + * + * <pre> + * <complexType name="ParameterisedTextType"> + * <complexContent> + * <restriction base="{http://www.w3.org/2001/XMLSchema}anyType"> + * <sequence maxOccurs="unbounded" minOccurs="0"> + * <element ref="{http://reference.e-government.gv.at/namespace/mandates/20040701#}PasteParameter"/> + * </sequence> + * </restriction> + * </complexContent> + * </complexType> + * </pre> + * + * + */ +@XmlAccessorType(XmlAccessType.FIELD) +@XmlType(name = "ParameterisedTextType", propOrder = { + "content" +}) +public class ParameterisedTextType { + + @XmlElementRef(name = "PasteParameter", namespace = "http://reference.e-government.gv.at/namespace/mandates/20040701#", type = PasteParameter.class) + @XmlMixed + protected List<Object> content; + + /** + * complex type for describing a parameterised text Gets the value of the content property. + * + * <p> + * This accessor method returns a reference to the live list, + * not a snapshot. Therefore any modification you make to the + * returned list will be present inside the JAXB object. + * This is why there is not a <CODE>set</CODE> method for the content property. + * + * <p> + * For example, to add a new item, do as follows: + * <pre> + * getContent().add(newItem); + * </pre> + * + * + * <p> + * Objects of the following type(s) are allowed in the list + * {@link String } + * {@link PasteParameter } + * + * + */ + public List<Object> getContent() { + if (content == null) { + content = new ArrayList<Object>(); + } + return this.content; + } + +} diff --git a/id/server/idserverlib/src/main/java/at/gv/e_government/reference/namespace/mandates/_20040701_/PasteParameter.java b/id/server/idserverlib/src/main/java/at/gv/e_government/reference/namespace/mandates/_20040701_/PasteParameter.java new file mode 100644 index 000000000..d8a64b374 --- /dev/null +++ b/id/server/idserverlib/src/main/java/at/gv/e_government/reference/namespace/mandates/_20040701_/PasteParameter.java @@ -0,0 +1,72 @@ +// +// This file was generated by the JavaTM Architecture for XML Binding(JAXB) Reference Implementation, vJAXB 2.1.10 in JDK 6 +// See <a href="http://java.sun.com/xml/jaxb">http://java.sun.com/xml/jaxb</a> +// Any modifications to this file will be lost upon recompilation of the source schema. +// Generated on: 2013.06.19 at 11:53:10 AM CEST +// + + +package at.gv.e_government.reference.namespace.mandates._20040701_; + +import javax.xml.bind.annotation.XmlAccessType; +import javax.xml.bind.annotation.XmlAccessorType; +import javax.xml.bind.annotation.XmlAttribute; +import javax.xml.bind.annotation.XmlRootElement; +import javax.xml.bind.annotation.XmlSchemaType; +import javax.xml.bind.annotation.XmlType; +import javax.xml.bind.annotation.adapters.CollapsedStringAdapter; +import javax.xml.bind.annotation.adapters.XmlJavaTypeAdapter; + + +/** + * <p>Java class for anonymous complex type. + * + * <p>The following schema fragment specifies the expected content contained within this class. + * + * <pre> + * <complexType> + * <complexContent> + * <restriction base="{http://www.w3.org/2001/XMLSchema}anyType"> + * <attribute name="Name" type="{http://www.w3.org/2001/XMLSchema}token" /> + * </restriction> + * </complexContent> + * </complexType> + * </pre> + * + * + */ +@XmlAccessorType(XmlAccessType.FIELD) +@XmlType(name = "") +@XmlRootElement(name = "PasteParameter") +public class PasteParameter { + + @XmlAttribute(name = "Name") + @XmlJavaTypeAdapter(CollapsedStringAdapter.class) + @XmlSchemaType(name = "token") + protected String name; + + /** + * Gets the value of the name property. + * + * @return + * possible object is + * {@link String } + * + */ + public String getName() { + return name; + } + + /** + * Sets the value of the name property. + * + * @param value + * allowed object is + * {@link String } + * + */ + public void setName(String value) { + this.name = value; + } + +} diff --git a/id/server/idserverlib/src/main/java/at/gv/e_government/reference/namespace/mandates/_20040701_/PropertiesType.java b/id/server/idserverlib/src/main/java/at/gv/e_government/reference/namespace/mandates/_20040701_/PropertiesType.java new file mode 100644 index 000000000..f3ffa5100 --- /dev/null +++ b/id/server/idserverlib/src/main/java/at/gv/e_government/reference/namespace/mandates/_20040701_/PropertiesType.java @@ -0,0 +1,109 @@ +// +// This file was generated by the JavaTM Architecture for XML Binding(JAXB) Reference Implementation, vJAXB 2.1.10 in JDK 6 +// See <a href="http://java.sun.com/xml/jaxb">http://java.sun.com/xml/jaxb</a> +// Any modifications to this file will be lost upon recompilation of the source schema. +// Generated on: 2013.06.19 at 11:53:10 AM CEST +// + + +package at.gv.e_government.reference.namespace.mandates._20040701_; + +import java.util.ArrayList; +import java.util.List; +import javax.xml.bind.annotation.XmlAccessType; +import javax.xml.bind.annotation.XmlAccessorType; +import javax.xml.bind.annotation.XmlAnyElement; +import javax.xml.bind.annotation.XmlElement; +import javax.xml.bind.annotation.XmlType; +import org.w3c.dom.Element; + + +/** + * complex type for describing arbitrary properties of mandates + * + * <p>Java class for PropertiesType complex type. + * + * <p>The following schema fragment specifies the expected content contained within this class. + * + * <pre> + * <complexType name="PropertiesType"> + * <complexContent> + * <restriction base="{http://www.w3.org/2001/XMLSchema}anyType"> + * <sequence> + * <element name="SubstitutionAllowed" type="{http://www.w3.org/2001/XMLSchema}boolean" minOccurs="0"/> + * <any processContents='lax' namespace='##other' maxOccurs="unbounded" minOccurs="0"/> + * </sequence> + * </restriction> + * </complexContent> + * </complexType> + * </pre> + * + * + */ +@XmlAccessorType(XmlAccessType.FIELD) +@XmlType(name = "PropertiesType", propOrder = { + "substitutionAllowed", + "any" +}) +public class PropertiesType { + + @XmlElement(name = "SubstitutionAllowed", defaultValue = "false") + protected Boolean substitutionAllowed; + @XmlAnyElement(lax = true) + protected List<Object> any; + + /** + * Gets the value of the substitutionAllowed property. + * + * @return + * possible object is + * {@link Boolean } + * + */ + public Boolean isSubstitutionAllowed() { + return substitutionAllowed; + } + + /** + * Sets the value of the substitutionAllowed property. + * + * @param value + * allowed object is + * {@link Boolean } + * + */ + public void setSubstitutionAllowed(Boolean value) { + this.substitutionAllowed = value; + } + + /** + * Gets the value of the any property. + * + * <p> + * This accessor method returns a reference to the live list, + * not a snapshot. Therefore any modification you make to the + * returned list will be present inside the JAXB object. + * This is why there is not a <CODE>set</CODE> method for the any property. + * + * <p> + * For example, to add a new item, do as follows: + * <pre> + * getAny().add(newItem); + * </pre> + * + * + * <p> + * Objects of the following type(s) are allowed in the list + * {@link Element } + * {@link Object } + * + * + */ + public List<Object> getAny() { + if (any == null) { + any = new ArrayList<Object>(); + } + return this.any; + } + +} diff --git a/id/server/idserverlib/src/main/java/at/gv/e_government/reference/namespace/mandates/_20040701_/Representative.java b/id/server/idserverlib/src/main/java/at/gv/e_government/reference/namespace/mandates/_20040701_/Representative.java new file mode 100644 index 000000000..ba18566a0 --- /dev/null +++ b/id/server/idserverlib/src/main/java/at/gv/e_government/reference/namespace/mandates/_20040701_/Representative.java @@ -0,0 +1,101 @@ +// +// This file was generated by the JavaTM Architecture for XML Binding(JAXB) Reference Implementation, vJAXB 2.1.10 in JDK 6 +// See <a href="http://java.sun.com/xml/jaxb">http://java.sun.com/xml/jaxb</a> +// Any modifications to this file will be lost upon recompilation of the source schema. +// Generated on: 2013.06.19 at 11:53:10 AM CEST +// + + +package at.gv.e_government.reference.namespace.mandates._20040701_; + +import javax.xml.bind.annotation.XmlAccessType; +import javax.xml.bind.annotation.XmlAccessorType; +import javax.xml.bind.annotation.XmlElement; +import javax.xml.bind.annotation.XmlRootElement; +import javax.xml.bind.annotation.XmlType; +import at.gv.e_government.reference.namespace.persondata._20020228_.CorporateBodyType; +import at.gv.e_government.reference.namespace.persondata._20020228_.PhysicalPersonType; + + +/** + * <p>Java class for anonymous complex type. + * + * <p>The following schema fragment specifies the expected content contained within this class. + * + * <pre> + * <complexType> + * <complexContent> + * <restriction base="{http://www.w3.org/2001/XMLSchema}anyType"> + * <choice> + * <element ref="{http://reference.e-government.gv.at/namespace/persondata/20020228#}PhysicalPerson"/> + * <element ref="{http://reference.e-government.gv.at/namespace/persondata/20020228#}CorporateBody"/> + * </choice> + * </restriction> + * </complexContent> + * </complexType> + * </pre> + * + * + */ +@XmlAccessorType(XmlAccessType.FIELD) +@XmlType(name = "", propOrder = { + "physicalPerson", + "corporateBody" +}) +@XmlRootElement(name = "Representative") +public class Representative { + + @XmlElement(name = "PhysicalPerson", namespace = "http://reference.e-government.gv.at/namespace/persondata/20020228#") + protected PhysicalPersonType physicalPerson; + @XmlElement(name = "CorporateBody", namespace = "http://reference.e-government.gv.at/namespace/persondata/20020228#") + protected CorporateBodyType corporateBody; + + /** + * Gets the value of the physicalPerson property. + * + * @return + * possible object is + * {@link PhysicalPersonType } + * + */ + public PhysicalPersonType getPhysicalPerson() { + return physicalPerson; + } + + /** + * Sets the value of the physicalPerson property. + * + * @param value + * allowed object is + * {@link PhysicalPersonType } + * + */ + public void setPhysicalPerson(PhysicalPersonType value) { + this.physicalPerson = value; + } + + /** + * Gets the value of the corporateBody property. + * + * @return + * possible object is + * {@link CorporateBodyType } + * + */ + public CorporateBodyType getCorporateBody() { + return corporateBody; + } + + /** + * Sets the value of the corporateBody property. + * + * @param value + * allowed object is + * {@link CorporateBodyType } + * + */ + public void setCorporateBody(CorporateBodyType value) { + this.corporateBody = value; + } + +} diff --git a/id/server/idserverlib/src/main/java/at/gv/e_government/reference/namespace/mandates/_20040701_/SetParameter.java b/id/server/idserverlib/src/main/java/at/gv/e_government/reference/namespace/mandates/_20040701_/SetParameter.java new file mode 100644 index 000000000..5c85ebe25 --- /dev/null +++ b/id/server/idserverlib/src/main/java/at/gv/e_government/reference/namespace/mandates/_20040701_/SetParameter.java @@ -0,0 +1,103 @@ +// +// This file was generated by the JavaTM Architecture for XML Binding(JAXB) Reference Implementation, vJAXB 2.1.10 in JDK 6 +// See <a href="http://java.sun.com/xml/jaxb">http://java.sun.com/xml/jaxb</a> +// Any modifications to this file will be lost upon recompilation of the source schema. +// Generated on: 2013.06.19 at 11:53:10 AM CEST +// + + +package at.gv.e_government.reference.namespace.mandates._20040701_; + +import javax.xml.bind.annotation.XmlAccessType; +import javax.xml.bind.annotation.XmlAccessorType; +import javax.xml.bind.annotation.XmlAttribute; +import javax.xml.bind.annotation.XmlRootElement; +import javax.xml.bind.annotation.XmlSchemaType; +import javax.xml.bind.annotation.XmlType; +import javax.xml.bind.annotation.XmlValue; +import javax.xml.bind.annotation.adapters.CollapsedStringAdapter; +import javax.xml.bind.annotation.adapters.XmlJavaTypeAdapter; + + +/** + * <p>Java class for anonymous complex type. + * + * <p>The following schema fragment specifies the expected content contained within this class. + * + * <pre> + * <complexType> + * <simpleContent> + * <extension base="<http://www.w3.org/2001/XMLSchema>token"> + * <attribute name="Name" type="{http://www.w3.org/2001/XMLSchema}token" /> + * </extension> + * </simpleContent> + * </complexType> + * </pre> + * + * + */ +@XmlAccessorType(XmlAccessType.FIELD) +@XmlType(name = "", propOrder = { + "value" +}) +@XmlRootElement(name = "SetParameter") +public class SetParameter { + + @XmlValue + @XmlJavaTypeAdapter(CollapsedStringAdapter.class) + @XmlSchemaType(name = "token") + protected String value; + @XmlAttribute(name = "Name") + @XmlJavaTypeAdapter(CollapsedStringAdapter.class) + @XmlSchemaType(name = "token") + protected String name; + + /** + * Gets the value of the value property. + * + * @return + * possible object is + * {@link String } + * + */ + public String getValue() { + return value; + } + + /** + * Sets the value of the value property. + * + * @param value + * allowed object is + * {@link String } + * + */ + public void setValue(String value) { + this.value = value; + } + + /** + * Gets the value of the name property. + * + * @return + * possible object is + * {@link String } + * + */ + public String getName() { + return name; + } + + /** + * Sets the value of the name property. + * + * @param value + * allowed object is + * {@link String } + * + */ + public void setName(String value) { + this.name = value; + } + +} diff --git a/id/server/idserverlib/src/main/java/at/gv/e_government/reference/namespace/mandates/_20040701_/SimpleMandateContentType.java b/id/server/idserverlib/src/main/java/at/gv/e_government/reference/namespace/mandates/_20040701_/SimpleMandateContentType.java new file mode 100644 index 000000000..30fdcbab1 --- /dev/null +++ b/id/server/idserverlib/src/main/java/at/gv/e_government/reference/namespace/mandates/_20040701_/SimpleMandateContentType.java @@ -0,0 +1,605 @@ +// +// This file was generated by the JavaTM Architecture for XML Binding(JAXB) Reference Implementation, vJAXB 2.1.10 in JDK 6 +// See <a href="http://java.sun.com/xml/jaxb">http://java.sun.com/xml/jaxb</a> +// Any modifications to this file will be lost upon recompilation of the source schema. +// Generated on: 2013.06.19 at 11:53:10 AM CEST +// + + +package at.gv.e_government.reference.namespace.mandates._20040701_; + +import java.util.ArrayList; +import java.util.List; +import javax.xml.bind.JAXBElement; +import javax.xml.bind.annotation.XmlAccessType; +import javax.xml.bind.annotation.XmlAccessorType; +import javax.xml.bind.annotation.XmlElement; +import javax.xml.bind.annotation.XmlElementRef; +import javax.xml.bind.annotation.XmlElementRefs; +import javax.xml.bind.annotation.XmlSchemaType; +import javax.xml.bind.annotation.XmlType; +import javax.xml.bind.annotation.XmlValue; +import javax.xml.bind.annotation.adapters.CollapsedStringAdapter; +import javax.xml.bind.annotation.adapters.XmlJavaTypeAdapter; +import at.gv.e_government.reference.namespace.persondata._20020228_.CorporateBodyType; +import at.gv.e_government.reference.namespace.persondata._20020228_.PhysicalPersonType; + + +/** + * complex type for describing the mandate using some textual descriptions + * + * <p>Java class for SimpleMandateContentType complex type. + * + * <p>The following schema fragment specifies the expected content contained within this class. + * + * <pre> + * <complexType name="SimpleMandateContentType"> + * <complexContent> + * <restriction base="{http://www.w3.org/2001/XMLSchema}anyType"> + * <sequence> + * <choice maxOccurs="unbounded"> + * <element ref="{http://reference.e-government.gv.at/namespace/mandates/20040701#}TextualDescription"/> + * <element ref="{http://reference.e-government.gv.at/namespace/mandates/20040701#}ParameterisedDescription"/> + * </choice> + * <element name="References" minOccurs="0"> + * <complexType> + * <complexContent> + * <restriction base="{http://www.w3.org/2001/XMLSchema}anyType"> + * <sequence maxOccurs="unbounded"> + * <element name="MandateID"> + * <complexType> + * <simpleContent> + * <extension base="<http://www.w3.org/2001/XMLSchema>token"> + * </extension> + * </simpleContent> + * </complexType> + * </element> + * </sequence> + * </restriction> + * </complexContent> + * </complexType> + * </element> + * <group ref="{http://reference.e-government.gv.at/namespace/mandates/20040701#}ConstraintsGroup"/> + * </sequence> + * </restriction> + * </complexContent> + * </complexType> + * </pre> + * + * + */ +@XmlAccessorType(XmlAccessType.FIELD) +@XmlType(name = "SimpleMandateContentType", propOrder = { + "textualDescriptionOrParameterisedDescription", + "references", + "timeConstraint", + "collectiveConstraint", + "transactionLimit", + "anyConstraints" +}) +public class SimpleMandateContentType { + + @XmlElementRefs({ + @XmlElementRef(name = "ParameterisedDescription", namespace = "http://reference.e-government.gv.at/namespace/mandates/20040701#", type = JAXBElement.class), + @XmlElementRef(name = "TextualDescription", namespace = "http://reference.e-government.gv.at/namespace/mandates/20040701#", type = JAXBElement.class) + }) + protected List<JAXBElement<?>> textualDescriptionOrParameterisedDescription; + @XmlElement(name = "References") + protected SimpleMandateContentType.References references; + @XmlElement(name = "TimeConstraint") + protected SimpleMandateContentType.TimeConstraint timeConstraint; + @XmlElement(name = "CollectiveConstraint") + protected SimpleMandateContentType.CollectiveConstraint collectiveConstraint; + @XmlElement(name = "TransactionLimit") + protected SimpleMandateContentType.TransactionLimit transactionLimit; + @XmlElement(name = "AnyConstraints") + @XmlJavaTypeAdapter(CollapsedStringAdapter.class) + protected List<String> anyConstraints; + + /** + * Gets the value of the textualDescriptionOrParameterisedDescription property. + * + * <p> + * This accessor method returns a reference to the live list, + * not a snapshot. Therefore any modification you make to the + * returned list will be present inside the JAXB object. + * This is why there is not a <CODE>set</CODE> method for the textualDescriptionOrParameterisedDescription property. + * + * <p> + * For example, to add a new item, do as follows: + * <pre> + * getTextualDescriptionOrParameterisedDescription().add(newItem); + * </pre> + * + * + * <p> + * Objects of the following type(s) are allowed in the list + * {@link JAXBElement }{@code <}{@link ParameterisedDescriptionType }{@code >} + * {@link JAXBElement }{@code <}{@link String }{@code >} + * + * + */ + public List<JAXBElement<?>> getTextualDescriptionOrParameterisedDescription() { + if (textualDescriptionOrParameterisedDescription == null) { + textualDescriptionOrParameterisedDescription = new ArrayList<JAXBElement<?>>(); + } + return this.textualDescriptionOrParameterisedDescription; + } + + /** + * Gets the value of the references property. + * + * @return + * possible object is + * {@link SimpleMandateContentType.References } + * + */ + public SimpleMandateContentType.References getReferences() { + return references; + } + + /** + * Sets the value of the references property. + * + * @param value + * allowed object is + * {@link SimpleMandateContentType.References } + * + */ + public void setReferences(SimpleMandateContentType.References value) { + this.references = value; + } + + /** + * Gets the value of the timeConstraint property. + * + * @return + * possible object is + * {@link SimpleMandateContentType.TimeConstraint } + * + */ + public SimpleMandateContentType.TimeConstraint getTimeConstraint() { + return timeConstraint; + } + + /** + * Sets the value of the timeConstraint property. + * + * @param value + * allowed object is + * {@link SimpleMandateContentType.TimeConstraint } + * + */ + public void setTimeConstraint(SimpleMandateContentType.TimeConstraint value) { + this.timeConstraint = value; + } + + /** + * Gets the value of the collectiveConstraint property. + * + * @return + * possible object is + * {@link SimpleMandateContentType.CollectiveConstraint } + * + */ + public SimpleMandateContentType.CollectiveConstraint getCollectiveConstraint() { + return collectiveConstraint; + } + + /** + * Sets the value of the collectiveConstraint property. + * + * @param value + * allowed object is + * {@link SimpleMandateContentType.CollectiveConstraint } + * + */ + public void setCollectiveConstraint(SimpleMandateContentType.CollectiveConstraint value) { + this.collectiveConstraint = value; + } + + /** + * Gets the value of the transactionLimit property. + * + * @return + * possible object is + * {@link SimpleMandateContentType.TransactionLimit } + * + */ + public SimpleMandateContentType.TransactionLimit getTransactionLimit() { + return transactionLimit; + } + + /** + * Sets the value of the transactionLimit property. + * + * @param value + * allowed object is + * {@link SimpleMandateContentType.TransactionLimit } + * + */ + public void setTransactionLimit(SimpleMandateContentType.TransactionLimit value) { + this.transactionLimit = value; + } + + /** + * Gets the value of the anyConstraints property. + * + * <p> + * This accessor method returns a reference to the live list, + * not a snapshot. Therefore any modification you make to the + * returned list will be present inside the JAXB object. + * This is why there is not a <CODE>set</CODE> method for the anyConstraints property. + * + * <p> + * For example, to add a new item, do as follows: + * <pre> + * getAnyConstraints().add(newItem); + * </pre> + * + * + * <p> + * Objects of the following type(s) are allowed in the list + * {@link String } + * + * + */ + public List<String> getAnyConstraints() { + if (anyConstraints == null) { + anyConstraints = new ArrayList<String>(); + } + return this.anyConstraints; + } + + + /** + * <p>Java class for anonymous complex type. + * + * <p>The following schema fragment specifies the expected content contained within this class. + * + * <pre> + * <complexType> + * <complexContent> + * <restriction base="{http://www.w3.org/2001/XMLSchema}anyType"> + * <choice maxOccurs="unbounded"> + * <element ref="{http://reference.e-government.gv.at/namespace/persondata/20020228#}PhysicalPerson"/> + * <element ref="{http://reference.e-government.gv.at/namespace/persondata/20020228#}CorporateBody"/> + * <element ref="{http://reference.e-government.gv.at/namespace/mandates/20040701#}AnyConstraints"/> + * </choice> + * </restriction> + * </complexContent> + * </complexType> + * </pre> + * + * + */ + @XmlAccessorType(XmlAccessType.FIELD) + @XmlType(name = "", propOrder = { + "physicalPersonOrCorporateBodyOrAnyConstraints" + }) + public static class CollectiveConstraint { + + @XmlElementRefs({ + @XmlElementRef(name = "PhysicalPerson", namespace = "http://reference.e-government.gv.at/namespace/persondata/20020228#", type = JAXBElement.class), + @XmlElementRef(name = "AnyConstraints", namespace = "http://reference.e-government.gv.at/namespace/mandates/20040701#", type = JAXBElement.class), + @XmlElementRef(name = "CorporateBody", namespace = "http://reference.e-government.gv.at/namespace/persondata/20020228#", type = JAXBElement.class) + }) + protected List<JAXBElement<?>> physicalPersonOrCorporateBodyOrAnyConstraints; + + /** + * Gets the value of the physicalPersonOrCorporateBodyOrAnyConstraints property. + * + * <p> + * This accessor method returns a reference to the live list, + * not a snapshot. Therefore any modification you make to the + * returned list will be present inside the JAXB object. + * This is why there is not a <CODE>set</CODE> method for the physicalPersonOrCorporateBodyOrAnyConstraints property. + * + * <p> + * For example, to add a new item, do as follows: + * <pre> + * getPhysicalPersonOrCorporateBodyOrAnyConstraints().add(newItem); + * </pre> + * + * + * <p> + * Objects of the following type(s) are allowed in the list + * {@link JAXBElement }{@code <}{@link CorporateBodyType }{@code >} + * {@link JAXBElement }{@code <}{@link PhysicalPersonType }{@code >} + * {@link JAXBElement }{@code <}{@link String }{@code >} + * + * + */ + public List<JAXBElement<?>> getPhysicalPersonOrCorporateBodyOrAnyConstraints() { + if (physicalPersonOrCorporateBodyOrAnyConstraints == null) { + physicalPersonOrCorporateBodyOrAnyConstraints = new ArrayList<JAXBElement<?>>(); + } + return this.physicalPersonOrCorporateBodyOrAnyConstraints; + } + + } + + + /** + * <p>Java class for anonymous complex type. + * + * <p>The following schema fragment specifies the expected content contained within this class. + * + * <pre> + * <complexType> + * <complexContent> + * <restriction base="{http://www.w3.org/2001/XMLSchema}anyType"> + * <sequence maxOccurs="unbounded"> + * <element name="MandateID"> + * <complexType> + * <simpleContent> + * <extension base="<http://www.w3.org/2001/XMLSchema>token"> + * </extension> + * </simpleContent> + * </complexType> + * </element> + * </sequence> + * </restriction> + * </complexContent> + * </complexType> + * </pre> + * + * + */ + @XmlAccessorType(XmlAccessType.FIELD) + @XmlType(name = "", propOrder = { + "mandateID" + }) + public static class References { + + @XmlElement(name = "MandateID", required = true) + protected List<SimpleMandateContentType.References.MandateID> mandateID; + + /** + * Gets the value of the mandateID property. + * + * <p> + * This accessor method returns a reference to the live list, + * not a snapshot. Therefore any modification you make to the + * returned list will be present inside the JAXB object. + * This is why there is not a <CODE>set</CODE> method for the mandateID property. + * + * <p> + * For example, to add a new item, do as follows: + * <pre> + * getMandateID().add(newItem); + * </pre> + * + * + * <p> + * Objects of the following type(s) are allowed in the list + * {@link SimpleMandateContentType.References.MandateID } + * + * + */ + public List<SimpleMandateContentType.References.MandateID> getMandateID() { + if (mandateID == null) { + mandateID = new ArrayList<SimpleMandateContentType.References.MandateID>(); + } + return this.mandateID; + } + + + /** + * <p>Java class for anonymous complex type. + * + * <p>The following schema fragment specifies the expected content contained within this class. + * + * <pre> + * <complexType> + * <simpleContent> + * <extension base="<http://www.w3.org/2001/XMLSchema>token"> + * </extension> + * </simpleContent> + * </complexType> + * </pre> + * + * + */ + @XmlAccessorType(XmlAccessType.FIELD) + @XmlType(name = "", propOrder = { + "value" + }) + public static class MandateID { + + @XmlValue + @XmlJavaTypeAdapter(CollapsedStringAdapter.class) + @XmlSchemaType(name = "token") + protected String value; + + /** + * Gets the value of the value property. + * + * @return + * possible object is + * {@link String } + * + */ + public String getValue() { + return value; + } + + /** + * Sets the value of the value property. + * + * @param value + * allowed object is + * {@link String } + * + */ + public void setValue(String value) { + this.value = value; + } + + } + + } + + + /** + * <p>Java class for anonymous complex type. + * + * <p>The following schema fragment specifies the expected content contained within this class. + * + * <pre> + * <complexType> + * <complexContent> + * <restriction base="{http://www.w3.org/2001/XMLSchema}anyType"> + * <choice> + * <sequence> + * <element ref="{http://reference.e-government.gv.at/namespace/mandates/20040701#}ValidFrom" minOccurs="0"/> + * <element ref="{http://reference.e-government.gv.at/namespace/mandates/20040701#}ValidTo" minOccurs="0"/> + * </sequence> + * </choice> + * </restriction> + * </complexContent> + * </complexType> + * </pre> + * + * + */ + @XmlAccessorType(XmlAccessType.FIELD) + @XmlType(name = "", propOrder = { + "validFrom", + "validTo" + }) + public static class TimeConstraint { + + @XmlElement(name = "ValidFrom") + protected String validFrom; + @XmlElement(name = "ValidTo") + protected String validTo; + + /** + * Gets the value of the validFrom property. + * + * @return + * possible object is + * {@link String } + * + */ + public String getValidFrom() { + return validFrom; + } + + /** + * Sets the value of the validFrom property. + * + * @param value + * allowed object is + * {@link String } + * + */ + public void setValidFrom(String value) { + this.validFrom = value; + } + + /** + * Gets the value of the validTo property. + * + * @return + * possible object is + * {@link String } + * + */ + public String getValidTo() { + return validTo; + } + + /** + * Sets the value of the validTo property. + * + * @param value + * allowed object is + * {@link String } + * + */ + public void setValidTo(String value) { + this.validTo = value; + } + + } + + + /** + * <p>Java class for anonymous complex type. + * + * <p>The following schema fragment specifies the expected content contained within this class. + * + * <pre> + * <complexType> + * <complexContent> + * <restriction base="{http://www.w3.org/2001/XMLSchema}anyType"> + * <sequence> + * <element name="Amount" type="{http://www.w3.org/2001/XMLSchema}float"/> + * <element name="Currency" type="{http://www.w3.org/2001/XMLSchema}token"/> + * </sequence> + * </restriction> + * </complexContent> + * </complexType> + * </pre> + * + * + */ + @XmlAccessorType(XmlAccessType.FIELD) + @XmlType(name = "", propOrder = { + "amount", + "currency" + }) + public static class TransactionLimit { + + @XmlElement(name = "Amount") + protected float amount; + @XmlElement(name = "Currency", required = true, defaultValue = "EUR") + @XmlJavaTypeAdapter(CollapsedStringAdapter.class) + @XmlSchemaType(name = "token") + protected String currency; + + /** + * Gets the value of the amount property. + * + */ + public float getAmount() { + return amount; + } + + /** + * Sets the value of the amount property. + * + */ + public void setAmount(float value) { + this.amount = value; + } + + /** + * Gets the value of the currency property. + * + * @return + * possible object is + * {@link String } + * + */ + public String getCurrency() { + return currency; + } + + /** + * Sets the value of the currency property. + * + * @param value + * allowed object is + * {@link String } + * + */ + public void setCurrency(String value) { + this.currency = value; + } + + } + +} diff --git a/id/server/idserverlib/src/main/java/at/gv/e_government/reference/namespace/mandates/_20040701_/package-info.java b/id/server/idserverlib/src/main/java/at/gv/e_government/reference/namespace/mandates/_20040701_/package-info.java new file mode 100644 index 000000000..79c3dae88 --- /dev/null +++ b/id/server/idserverlib/src/main/java/at/gv/e_government/reference/namespace/mandates/_20040701_/package-info.java @@ -0,0 +1,9 @@ +// +// This file was generated by the JavaTM Architecture for XML Binding(JAXB) Reference Implementation, vJAXB 2.1.10 in JDK 6 +// See <a href="http://java.sun.com/xml/jaxb">http://java.sun.com/xml/jaxb</a> +// Any modifications to this file will be lost upon recompilation of the source schema. +// Generated on: 2013.06.19 at 11:53:10 AM CEST +// + +@javax.xml.bind.annotation.XmlSchema(namespace = "http://reference.e-government.gv.at/namespace/mandates/20040701#", elementFormDefault = javax.xml.bind.annotation.XmlNsForm.QUALIFIED) +package at.gv.e_government.reference.namespace.mandates._20040701_; diff --git a/id/server/idserverlib/src/main/java/at/gv/e_government/reference/namespace/persondata/_20020228_/AbstractAddressType.java b/id/server/idserverlib/src/main/java/at/gv/e_government/reference/namespace/persondata/_20020228_/AbstractAddressType.java new file mode 100644 index 000000000..406073972 --- /dev/null +++ b/id/server/idserverlib/src/main/java/at/gv/e_government/reference/namespace/persondata/_20020228_/AbstractAddressType.java @@ -0,0 +1,144 @@ +// +// This file was generated by the JavaTM Architecture for XML Binding(JAXB) Reference Implementation, vJAXB 2.1.10 in JDK 6 +// See <a href="http://java.sun.com/xml/jaxb">http://java.sun.com/xml/jaxb</a> +// Any modifications to this file will be lost upon recompilation of the source schema. +// Generated on: 2013.06.19 at 11:53:10 AM CEST +// + + +package at.gv.e_government.reference.namespace.persondata._20020228_; + +import java.util.ArrayList; +import java.util.HashMap; +import java.util.List; +import java.util.Map; +import javax.xml.bind.annotation.XmlAccessType; +import javax.xml.bind.annotation.XmlAccessorType; +import javax.xml.bind.annotation.XmlAnyAttribute; +import javax.xml.bind.annotation.XmlAttribute; +import javax.xml.bind.annotation.XmlElement; +import javax.xml.bind.annotation.XmlID; +import javax.xml.bind.annotation.XmlSchemaType; +import javax.xml.bind.annotation.XmlSeeAlso; +import javax.xml.bind.annotation.XmlType; +import javax.xml.bind.annotation.adapters.CollapsedStringAdapter; +import javax.xml.bind.annotation.adapters.XmlJavaTypeAdapter; +import javax.xml.namespace.QName; + + +/** + * main structure of address data + * + * <p>Java class for AbstractAddressType complex type. + * + * <p>The following schema fragment specifies the expected content contained within this class. + * + * <pre> + * <complexType name="AbstractAddressType"> + * <complexContent> + * <restriction base="{http://www.w3.org/2001/XMLSchema}anyType"> + * <sequence minOccurs="0"> + * <element name="Identification" type="{http://reference.e-government.gv.at/namespace/persondata/20020228#}IdentificationType" maxOccurs="unbounded"/> + * </sequence> + * <attribute name="Id" type="{http://www.w3.org/2001/XMLSchema}ID" /> + * <anyAttribute namespace='##other'/> + * </restriction> + * </complexContent> + * </complexType> + * </pre> + * + * + */ +@XmlAccessorType(XmlAccessType.FIELD) +@XmlType(name = "AbstractAddressType", propOrder = { + "identification" +}) +@XmlSeeAlso({ + TelephoneAddressType.class, + InternetAddressType.class, + TypedPostalAddressType.class +}) +public abstract class AbstractAddressType { + + @XmlElement(name = "Identification") + protected List<IdentificationType> identification; + @XmlAttribute(name = "Id") + @XmlJavaTypeAdapter(CollapsedStringAdapter.class) + @XmlID + @XmlSchemaType(name = "ID") + protected String id; + @XmlAnyAttribute + private Map<QName, String> otherAttributes = new HashMap<QName, String>(); + + /** + * Gets the value of the identification property. + * + * <p> + * This accessor method returns a reference to the live list, + * not a snapshot. Therefore any modification you make to the + * returned list will be present inside the JAXB object. + * This is why there is not a <CODE>set</CODE> method for the identification property. + * + * <p> + * For example, to add a new item, do as follows: + * <pre> + * getIdentification().add(newItem); + * </pre> + * + * + * <p> + * Objects of the following type(s) are allowed in the list + * {@link IdentificationType } + * + * + */ + public List<IdentificationType> getIdentification() { + if (identification == null) { + identification = new ArrayList<IdentificationType>(); + } + return this.identification; + } + + /** + * Gets the value of the id property. + * + * @return + * possible object is + * {@link String } + * + */ + public String getId() { + return id; + } + + /** + * Sets the value of the id property. + * + * @param value + * allowed object is + * {@link String } + * + */ + public void setId(String value) { + this.id = value; + } + + /** + * Gets a map that contains attributes that aren't bound to any typed property on this class. + * + * <p> + * the map is keyed by the name of the attribute and + * the value is the string value of the attribute. + * + * the map returned by this method is live, and you can add new attribute + * by updating the map directly. Because of this design, there's no setter. + * + * + * @return + * always non-null + */ + public Map<QName, String> getOtherAttributes() { + return otherAttributes; + } + +} diff --git a/id/server/idserverlib/src/main/java/at/gv/e_government/reference/namespace/persondata/_20020228_/AbstractPersonType.java b/id/server/idserverlib/src/main/java/at/gv/e_government/reference/namespace/persondata/_20020228_/AbstractPersonType.java new file mode 100644 index 000000000..201b285dd --- /dev/null +++ b/id/server/idserverlib/src/main/java/at/gv/e_government/reference/namespace/persondata/_20020228_/AbstractPersonType.java @@ -0,0 +1,144 @@ +// +// This file was generated by the JavaTM Architecture for XML Binding(JAXB) Reference Implementation, vJAXB 2.1.10 in JDK 6 +// See <a href="http://java.sun.com/xml/jaxb">http://java.sun.com/xml/jaxb</a> +// Any modifications to this file will be lost upon recompilation of the source schema. +// Generated on: 2013.06.19 at 11:53:10 AM CEST +// + + +package at.gv.e_government.reference.namespace.persondata._20020228_; + +import java.util.ArrayList; +import java.util.HashMap; +import java.util.List; +import java.util.Map; +import javax.xml.bind.annotation.XmlAccessType; +import javax.xml.bind.annotation.XmlAccessorType; +import javax.xml.bind.annotation.XmlAnyAttribute; +import javax.xml.bind.annotation.XmlAttribute; +import javax.xml.bind.annotation.XmlElement; +import javax.xml.bind.annotation.XmlID; +import javax.xml.bind.annotation.XmlSchemaType; +import javax.xml.bind.annotation.XmlSeeAlso; +import javax.xml.bind.annotation.XmlType; +import javax.xml.bind.annotation.adapters.CollapsedStringAdapter; +import javax.xml.bind.annotation.adapters.XmlJavaTypeAdapter; +import javax.xml.namespace.QName; + + +/** + * main structure of person data + * + * <p>Java class for AbstractPersonType complex type. + * + * <p>The following schema fragment specifies the expected content contained within this class. + * + * <pre> + * <complexType name="AbstractPersonType"> + * <complexContent> + * <restriction base="{http://www.w3.org/2001/XMLSchema}anyType"> + * <sequence minOccurs="0"> + * <element name="Identification" type="{http://reference.e-government.gv.at/namespace/persondata/20020228#}IdentificationType" maxOccurs="unbounded"/> + * </sequence> + * <attribute name="Id" type="{http://www.w3.org/2001/XMLSchema}ID" /> + * <anyAttribute namespace='##other'/> + * </restriction> + * </complexContent> + * </complexType> + * </pre> + * + * + */ +@XmlAccessorType(XmlAccessType.FIELD) +@XmlType(name = "AbstractPersonType", propOrder = { + "identification" +}) +@XmlSeeAlso({ + PhysicalPersonType.class, + CorporateBodyType.class, + PersonDataType.class +}) +public abstract class AbstractPersonType { + + @XmlElement(name = "Identification") + protected List<IdentificationType> identification; + @XmlAttribute(name = "Id") + @XmlJavaTypeAdapter(CollapsedStringAdapter.class) + @XmlID + @XmlSchemaType(name = "ID") + protected String id; + @XmlAnyAttribute + private Map<QName, String> otherAttributes = new HashMap<QName, String>(); + + /** + * Gets the value of the identification property. + * + * <p> + * This accessor method returns a reference to the live list, + * not a snapshot. Therefore any modification you make to the + * returned list will be present inside the JAXB object. + * This is why there is not a <CODE>set</CODE> method for the identification property. + * + * <p> + * For example, to add a new item, do as follows: + * <pre> + * getIdentification().add(newItem); + * </pre> + * + * + * <p> + * Objects of the following type(s) are allowed in the list + * {@link IdentificationType } + * + * + */ + public List<IdentificationType> getIdentification() { + if (identification == null) { + identification = new ArrayList<IdentificationType>(); + } + return this.identification; + } + + /** + * Gets the value of the id property. + * + * @return + * possible object is + * {@link String } + * + */ + public String getId() { + return id; + } + + /** + * Sets the value of the id property. + * + * @param value + * allowed object is + * {@link String } + * + */ + public void setId(String value) { + this.id = value; + } + + /** + * Gets a map that contains attributes that aren't bound to any typed property on this class. + * + * <p> + * the map is keyed by the name of the attribute and + * the value is the string value of the attribute. + * + * the map returned by this method is live, and you can add new attribute + * by updating the map directly. Because of this design, there's no setter. + * + * + * @return + * always non-null + */ + public Map<QName, String> getOtherAttributes() { + return otherAttributes; + } + +} diff --git a/id/server/idserverlib/src/main/java/at/gv/e_government/reference/namespace/persondata/_20020228_/CorporateBodyType.java b/id/server/idserverlib/src/main/java/at/gv/e_government/reference/namespace/persondata/_20020228_/CorporateBodyType.java new file mode 100644 index 000000000..382307a46 --- /dev/null +++ b/id/server/idserverlib/src/main/java/at/gv/e_government/reference/namespace/persondata/_20020228_/CorporateBodyType.java @@ -0,0 +1,245 @@ +// +// This file was generated by the JavaTM Architecture for XML Binding(JAXB) Reference Implementation, vJAXB 2.1.10 in JDK 6 +// See <a href="http://java.sun.com/xml/jaxb">http://java.sun.com/xml/jaxb</a> +// Any modifications to this file will be lost upon recompilation of the source schema. +// Generated on: 2013.06.19 at 11:53:10 AM CEST +// + + +package at.gv.e_government.reference.namespace.persondata._20020228_; + +import java.util.ArrayList; +import java.util.List; +import javax.xml.bind.annotation.XmlAccessType; +import javax.xml.bind.annotation.XmlAccessorType; +import javax.xml.bind.annotation.XmlAnyElement; +import javax.xml.bind.annotation.XmlElement; +import javax.xml.bind.annotation.XmlSchemaType; +import javax.xml.bind.annotation.XmlType; +import javax.xml.bind.annotation.adapters.CollapsedStringAdapter; +import javax.xml.bind.annotation.adapters.XmlJavaTypeAdapter; +import org.w3c.dom.Element; + + +/** + * juridical person, organisation + * + * <p>Java class for CorporateBodyType complex type. + * + * <p>The following schema fragment specifies the expected content contained within this class. + * + * <pre> + * <complexType name="CorporateBodyType"> + * <complexContent> + * <extension base="{http://reference.e-government.gv.at/namespace/persondata/20020228#}AbstractPersonType"> + * <sequence minOccurs="0"> + * <element name="Type" type="{http://www.w3.org/2001/XMLSchema}anyURI" maxOccurs="unbounded" minOccurs="0"/> + * <element name="FullName" type="{http://www.w3.org/2001/XMLSchema}token" minOccurs="0"/> + * <element name="AlternativeName" type="{http://www.w3.org/2001/XMLSchema}token" maxOccurs="unbounded" minOccurs="0"/> + * <element name="LegalForm" type="{http://www.w3.org/2001/XMLSchema}anyURI" minOccurs="0"/> + * <element name="Organisation" type="{http://www.w3.org/2001/XMLSchema}token" minOccurs="0"/> + * <any processContents='lax' namespace='##other' maxOccurs="unbounded" minOccurs="0"/> + * </sequence> + * <anyAttribute namespace='##other'/> + * </extension> + * </complexContent> + * </complexType> + * </pre> + * + * + */ +@XmlAccessorType(XmlAccessType.FIELD) +@XmlType(name = "CorporateBodyType", propOrder = { + "type", + "fullName", + "alternativeName", + "legalForm", + "organisation", + "any" +}) +public class CorporateBodyType + extends AbstractPersonType +{ + + @XmlElement(name = "Type") + @XmlSchemaType(name = "anyURI") + protected List<String> type; + @XmlElement(name = "FullName") + @XmlJavaTypeAdapter(CollapsedStringAdapter.class) + @XmlSchemaType(name = "token") + protected String fullName; + @XmlElement(name = "AlternativeName") + @XmlJavaTypeAdapter(CollapsedStringAdapter.class) + @XmlSchemaType(name = "token") + protected List<String> alternativeName; + @XmlElement(name = "LegalForm") + @XmlSchemaType(name = "anyURI") + protected String legalForm; + @XmlElement(name = "Organisation") + @XmlJavaTypeAdapter(CollapsedStringAdapter.class) + @XmlSchemaType(name = "token") + protected String organisation; + @XmlAnyElement(lax = true) + protected List<Object> any; + + /** + * Gets the value of the type property. + * + * <p> + * This accessor method returns a reference to the live list, + * not a snapshot. Therefore any modification you make to the + * returned list will be present inside the JAXB object. + * This is why there is not a <CODE>set</CODE> method for the type property. + * + * <p> + * For example, to add a new item, do as follows: + * <pre> + * getType().add(newItem); + * </pre> + * + * + * <p> + * Objects of the following type(s) are allowed in the list + * {@link String } + * + * + */ + public List<String> getType() { + if (type == null) { + type = new ArrayList<String>(); + } + return this.type; + } + + /** + * Gets the value of the fullName property. + * + * @return + * possible object is + * {@link String } + * + */ + public String getFullName() { + return fullName; + } + + /** + * Sets the value of the fullName property. + * + * @param value + * allowed object is + * {@link String } + * + */ + public void setFullName(String value) { + this.fullName = value; + } + + /** + * Gets the value of the alternativeName property. + * + * <p> + * This accessor method returns a reference to the live list, + * not a snapshot. Therefore any modification you make to the + * returned list will be present inside the JAXB object. + * This is why there is not a <CODE>set</CODE> method for the alternativeName property. + * + * <p> + * For example, to add a new item, do as follows: + * <pre> + * getAlternativeName().add(newItem); + * </pre> + * + * + * <p> + * Objects of the following type(s) are allowed in the list + * {@link String } + * + * + */ + public List<String> getAlternativeName() { + if (alternativeName == null) { + alternativeName = new ArrayList<String>(); + } + return this.alternativeName; + } + + /** + * Gets the value of the legalForm property. + * + * @return + * possible object is + * {@link String } + * + */ + public String getLegalForm() { + return legalForm; + } + + /** + * Sets the value of the legalForm property. + * + * @param value + * allowed object is + * {@link String } + * + */ + public void setLegalForm(String value) { + this.legalForm = value; + } + + /** + * Gets the value of the organisation property. + * + * @return + * possible object is + * {@link String } + * + */ + public String getOrganisation() { + return organisation; + } + + /** + * Sets the value of the organisation property. + * + * @param value + * allowed object is + * {@link String } + * + */ + public void setOrganisation(String value) { + this.organisation = value; + } + + /** + * Gets the value of the any property. + * + * <p> + * This accessor method returns a reference to the live list, + * not a snapshot. Therefore any modification you make to the + * returned list will be present inside the JAXB object. + * This is why there is not a <CODE>set</CODE> method for the any property. + * + * <p> + * For example, to add a new item, do as follows: + * <pre> + * getAny().add(newItem); + * </pre> + * + * + * <p> + * Objects of the following type(s) are allowed in the list + * {@link Element } + * {@link Object } + * + * + */ + public List<Object> getAny() { + if (any == null) { + any = new ArrayList<Object>(); + } + return this.any; + } + +} diff --git a/id/server/idserverlib/src/main/java/at/gv/e_government/reference/namespace/persondata/_20020228_/DefinedAlternativeNameTypeType.java b/id/server/idserverlib/src/main/java/at/gv/e_government/reference/namespace/persondata/_20020228_/DefinedAlternativeNameTypeType.java new file mode 100644 index 000000000..26d021556 --- /dev/null +++ b/id/server/idserverlib/src/main/java/at/gv/e_government/reference/namespace/persondata/_20020228_/DefinedAlternativeNameTypeType.java @@ -0,0 +1,67 @@ +// +// This file was generated by the JavaTM Architecture for XML Binding(JAXB) Reference Implementation, vJAXB 2.1.10 in JDK 6 +// See <a href="http://java.sun.com/xml/jaxb">http://java.sun.com/xml/jaxb</a> +// Any modifications to this file will be lost upon recompilation of the source schema. +// Generated on: 2013.06.19 at 11:53:10 AM CEST +// + + +package at.gv.e_government.reference.namespace.persondata._20020228_; + +import javax.xml.bind.annotation.XmlEnum; +import javax.xml.bind.annotation.XmlEnumValue; +import javax.xml.bind.annotation.XmlType; + + +/** + * <p>Java class for DefinedAlternativeNameTypeType. + * + * <p>The following schema fragment specifies the expected content contained within this class. + * <p> + * <pre> + * <simpleType name="DefinedAlternativeNameTypeType"> + * <restriction base="{http://www.w3.org/2001/XMLSchema}string"> + * <enumeration value="ArtistName"/> + * <enumeration value="NickName"/> + * <enumeration value="FormerName"/> + * <enumeration value="Alias"/> + * <enumeration value="MaidenName"/> + * </restriction> + * </simpleType> + * </pre> + * + */ +@XmlType(name = "DefinedAlternativeNameTypeType") +@XmlEnum +public enum DefinedAlternativeNameTypeType { + + @XmlEnumValue("ArtistName") + ARTIST_NAME("ArtistName"), + @XmlEnumValue("NickName") + NICK_NAME("NickName"), + @XmlEnumValue("FormerName") + FORMER_NAME("FormerName"), + @XmlEnumValue("Alias") + ALIAS("Alias"), + @XmlEnumValue("MaidenName") + MAIDEN_NAME("MaidenName"); + private final String value; + + DefinedAlternativeNameTypeType(String v) { + value = v; + } + + public String value() { + return value; + } + + public static DefinedAlternativeNameTypeType fromValue(String v) { + for (DefinedAlternativeNameTypeType c: DefinedAlternativeNameTypeType.values()) { + if (c.value.equals(v)) { + return c; + } + } + throw new IllegalArgumentException(v); + } + +} diff --git a/id/server/idserverlib/src/main/java/at/gv/e_government/reference/namespace/persondata/_20020228_/DefinedRelationType.java b/id/server/idserverlib/src/main/java/at/gv/e_government/reference/namespace/persondata/_20020228_/DefinedRelationType.java new file mode 100644 index 000000000..703db6a6f --- /dev/null +++ b/id/server/idserverlib/src/main/java/at/gv/e_government/reference/namespace/persondata/_20020228_/DefinedRelationType.java @@ -0,0 +1,79 @@ +// +// This file was generated by the JavaTM Architecture for XML Binding(JAXB) Reference Implementation, vJAXB 2.1.10 in JDK 6 +// See <a href="http://java.sun.com/xml/jaxb">http://java.sun.com/xml/jaxb</a> +// Any modifications to this file will be lost upon recompilation of the source schema. +// Generated on: 2013.06.19 at 11:53:10 AM CEST +// + + +package at.gv.e_government.reference.namespace.persondata._20020228_; + +import javax.xml.bind.annotation.XmlEnum; +import javax.xml.bind.annotation.XmlEnumValue; +import javax.xml.bind.annotation.XmlType; + + +/** + * <p>Java class for DefinedRelationType. + * + * <p>The following schema fragment specifies the expected content contained within this class. + * <p> + * <pre> + * <simpleType name="DefinedRelationType"> + * <restriction base="{http://www.w3.org/2001/XMLSchema}string"> + * <enumeration value="family:Parent"/> + * <enumeration value="family:Child"/> + * <enumeration value="family:Sibling"/> + * <enumeration value="family:Grandparent"/> + * <enumeration value="family:Grandchild"/> + * <enumeration value="family:Spouse"/> + * <enumeration value="function:LegalGuardian"/> + * <enumeration value="function:IsGuardedBy"/> + * <enumeration value="function:Cohabitant"/> + * </restriction> + * </simpleType> + * </pre> + * + */ +@XmlType(name = "DefinedRelationType") +@XmlEnum +public enum DefinedRelationType { + + @XmlEnumValue("family:Parent") + FAMILY_PARENT("family:Parent"), + @XmlEnumValue("family:Child") + FAMILY_CHILD("family:Child"), + @XmlEnumValue("family:Sibling") + FAMILY_SIBLING("family:Sibling"), + @XmlEnumValue("family:Grandparent") + FAMILY_GRANDPARENT("family:Grandparent"), + @XmlEnumValue("family:Grandchild") + FAMILY_GRANDCHILD("family:Grandchild"), + @XmlEnumValue("family:Spouse") + FAMILY_SPOUSE("family:Spouse"), + @XmlEnumValue("function:LegalGuardian") + FUNCTION_LEGAL_GUARDIAN("function:LegalGuardian"), + @XmlEnumValue("function:IsGuardedBy") + FUNCTION_IS_GUARDED_BY("function:IsGuardedBy"), + @XmlEnumValue("function:Cohabitant") + FUNCTION_COHABITANT("function:Cohabitant"); + private final String value; + + DefinedRelationType(String v) { + value = v; + } + + public String value() { + return value; + } + + public static DefinedRelationType fromValue(String v) { + for (DefinedRelationType c: DefinedRelationType.values()) { + if (c.value.equals(v)) { + return c; + } + } + throw new IllegalArgumentException(v); + } + +} diff --git a/id/server/idserverlib/src/main/java/at/gv/e_government/reference/namespace/persondata/_20020228_/IdentificationType.java b/id/server/idserverlib/src/main/java/at/gv/e_government/reference/namespace/persondata/_20020228_/IdentificationType.java new file mode 100644 index 000000000..d9f6541b3 --- /dev/null +++ b/id/server/idserverlib/src/main/java/at/gv/e_government/reference/namespace/persondata/_20020228_/IdentificationType.java @@ -0,0 +1,318 @@ +// +// This file was generated by the JavaTM Architecture for XML Binding(JAXB) Reference Implementation, vJAXB 2.1.10 in JDK 6 +// See <a href="http://java.sun.com/xml/jaxb">http://java.sun.com/xml/jaxb</a> +// Any modifications to this file will be lost upon recompilation of the source schema. +// Generated on: 2013.06.19 at 11:53:10 AM CEST +// + + +package at.gv.e_government.reference.namespace.persondata._20020228_; + +import java.util.ArrayList; +import java.util.HashMap; +import java.util.List; +import java.util.Map; +import javax.xml.bind.annotation.XmlAccessType; +import javax.xml.bind.annotation.XmlAccessorType; +import javax.xml.bind.annotation.XmlAnyAttribute; +import javax.xml.bind.annotation.XmlAnyElement; +import javax.xml.bind.annotation.XmlAttribute; +import javax.xml.bind.annotation.XmlElement; +import javax.xml.bind.annotation.XmlID; +import javax.xml.bind.annotation.XmlSchemaType; +import javax.xml.bind.annotation.XmlType; +import javax.xml.bind.annotation.XmlValue; +import javax.xml.bind.annotation.adapters.CollapsedStringAdapter; +import javax.xml.bind.annotation.adapters.XmlJavaTypeAdapter; +import javax.xml.namespace.QName; +import org.w3c.dom.Element; + + +/** + * unique identifier + * + * <p>Java class for IdentificationType complex type. + * + * <p>The following schema fragment specifies the expected content contained within this class. + * + * <pre> + * <complexType name="IdentificationType"> + * <complexContent> + * <restriction base="{http://www.w3.org/2001/XMLSchema}anyType"> + * <sequence> + * <element name="Value"> + * <complexType> + * <simpleContent> + * <extension base="<http://www.w3.org/2001/XMLSchema>string"> + * <attribute name="Id" type="{http://www.w3.org/2001/XMLSchema}ID" /> + * </extension> + * </simpleContent> + * </complexType> + * </element> + * <element name="Type" type="{http://www.w3.org/2001/XMLSchema}anyURI"/> + * <element name="Authority" type="{http://www.w3.org/2001/XMLSchema}anyURI" minOccurs="0"/> + * <any processContents='lax' namespace='##other' maxOccurs="unbounded" minOccurs="0"/> + * </sequence> + * <attribute name="Id" type="{http://www.w3.org/2001/XMLSchema}ID" /> + * <anyAttribute namespace='##other'/> + * </restriction> + * </complexContent> + * </complexType> + * </pre> + * + * + */ +@XmlAccessorType(XmlAccessType.FIELD) +@XmlType(name = "IdentificationType", propOrder = { + "value", + "type", + "authority", + "any" +}) +public class IdentificationType { + + @XmlElement(name = "Value", required = true) + protected IdentificationType.Value value; + @XmlElement(name = "Type", required = true) + @XmlSchemaType(name = "anyURI") + protected String type; + @XmlElement(name = "Authority") + @XmlSchemaType(name = "anyURI") + protected String authority; + @XmlAnyElement(lax = true) + protected List<Object> any; + @XmlAttribute(name = "Id") + @XmlJavaTypeAdapter(CollapsedStringAdapter.class) + @XmlID + @XmlSchemaType(name = "ID") + protected String id; + @XmlAnyAttribute + private Map<QName, String> otherAttributes = new HashMap<QName, String>(); + + /** + * Gets the value of the value property. + * + * @return + * possible object is + * {@link IdentificationType.Value } + * + */ + public IdentificationType.Value getValue() { + return value; + } + + /** + * Sets the value of the value property. + * + * @param value + * allowed object is + * {@link IdentificationType.Value } + * + */ + public void setValue(IdentificationType.Value value) { + this.value = value; + } + + /** + * Gets the value of the type property. + * + * @return + * possible object is + * {@link String } + * + */ + public String getType() { + return type; + } + + /** + * Sets the value of the type property. + * + * @param value + * allowed object is + * {@link String } + * + */ + public void setType(String value) { + this.type = value; + } + + /** + * Gets the value of the authority property. + * + * @return + * possible object is + * {@link String } + * + */ + public String getAuthority() { + return authority; + } + + /** + * Sets the value of the authority property. + * + * @param value + * allowed object is + * {@link String } + * + */ + public void setAuthority(String value) { + this.authority = value; + } + + /** + * Gets the value of the any property. + * + * <p> + * This accessor method returns a reference to the live list, + * not a snapshot. Therefore any modification you make to the + * returned list will be present inside the JAXB object. + * This is why there is not a <CODE>set</CODE> method for the any property. + * + * <p> + * For example, to add a new item, do as follows: + * <pre> + * getAny().add(newItem); + * </pre> + * + * + * <p> + * Objects of the following type(s) are allowed in the list + * {@link Element } + * {@link Object } + * + * + */ + public List<Object> getAny() { + if (any == null) { + any = new ArrayList<Object>(); + } + return this.any; + } + + /** + * Gets the value of the id property. + * + * @return + * possible object is + * {@link String } + * + */ + public String getId() { + return id; + } + + /** + * Sets the value of the id property. + * + * @param value + * allowed object is + * {@link String } + * + */ + public void setId(String value) { + this.id = value; + } + + /** + * Gets a map that contains attributes that aren't bound to any typed property on this class. + * + * <p> + * the map is keyed by the name of the attribute and + * the value is the string value of the attribute. + * + * the map returned by this method is live, and you can add new attribute + * by updating the map directly. Because of this design, there's no setter. + * + * + * @return + * always non-null + */ + public Map<QName, String> getOtherAttributes() { + return otherAttributes; + } + + + /** + * <p>Java class for anonymous complex type. + * + * <p>The following schema fragment specifies the expected content contained within this class. + * + * <pre> + * <complexType> + * <simpleContent> + * <extension base="<http://www.w3.org/2001/XMLSchema>string"> + * <attribute name="Id" type="{http://www.w3.org/2001/XMLSchema}ID" /> + * </extension> + * </simpleContent> + * </complexType> + * </pre> + * + * + */ + @XmlAccessorType(XmlAccessType.FIELD) + @XmlType(name = "", propOrder = { + "value" + }) + public static class Value { + + @XmlValue + protected String value; + @XmlAttribute(name = "Id") + @XmlJavaTypeAdapter(CollapsedStringAdapter.class) + @XmlID + @XmlSchemaType(name = "ID") + protected String id; + + /** + * Gets the value of the value property. + * + * @return + * possible object is + * {@link String } + * + */ + public String getValue() { + return value; + } + + /** + * Sets the value of the value property. + * + * @param value + * allowed object is + * {@link String } + * + */ + public void setValue(String value) { + this.value = value; + } + + /** + * Gets the value of the id property. + * + * @return + * possible object is + * {@link String } + * + */ + public String getId() { + return id; + } + + /** + * Sets the value of the id property. + * + * @param value + * allowed object is + * {@link String } + * + */ + public void setId(String value) { + this.id = value; + } + + } + +} diff --git a/id/server/idserverlib/src/main/java/at/gv/e_government/reference/namespace/persondata/_20020228_/InternetAddressType.java b/id/server/idserverlib/src/main/java/at/gv/e_government/reference/namespace/persondata/_20020228_/InternetAddressType.java new file mode 100644 index 000000000..be59e85a8 --- /dev/null +++ b/id/server/idserverlib/src/main/java/at/gv/e_government/reference/namespace/persondata/_20020228_/InternetAddressType.java @@ -0,0 +1,143 @@ +// +// This file was generated by the JavaTM Architecture for XML Binding(JAXB) Reference Implementation, vJAXB 2.1.10 in JDK 6 +// See <a href="http://java.sun.com/xml/jaxb">http://java.sun.com/xml/jaxb</a> +// Any modifications to this file will be lost upon recompilation of the source schema. +// Generated on: 2013.06.19 at 11:53:10 AM CEST +// + + +package at.gv.e_government.reference.namespace.persondata._20020228_; + +import java.util.ArrayList; +import java.util.List; +import javax.xml.bind.annotation.XmlAccessType; +import javax.xml.bind.annotation.XmlAccessorType; +import javax.xml.bind.annotation.XmlAnyElement; +import javax.xml.bind.annotation.XmlElement; +import javax.xml.bind.annotation.XmlSchemaType; +import javax.xml.bind.annotation.XmlType; +import org.w3._2000._09.xmldsig_.KeyInfoType; +import org.w3c.dom.Element; + + +/** + * internet based communication + * + * <p>Java class for InternetAddressType complex type. + * + * <p>The following schema fragment specifies the expected content contained within this class. + * + * <pre> + * <complexType name="InternetAddressType"> + * <complexContent> + * <extension base="{http://reference.e-government.gv.at/namespace/persondata/20020228#}AbstractAddressType"> + * <sequence minOccurs="0"> + * <element ref="{http://www.w3.org/2000/09/xmldsig#}KeyInfo" minOccurs="0"/> + * <element name="Address" type="{http://www.w3.org/2001/XMLSchema}anyURI"/> + * <any processContents='lax' namespace='##other' maxOccurs="unbounded" minOccurs="0"/> + * </sequence> + * <anyAttribute namespace='##other'/> + * </extension> + * </complexContent> + * </complexType> + * </pre> + * + * + */ +@XmlAccessorType(XmlAccessType.FIELD) +@XmlType(name = "InternetAddressType", propOrder = { + "keyInfo", + "address", + "any" +}) +public class InternetAddressType + extends AbstractAddressType +{ + + @XmlElement(name = "KeyInfo", namespace = "http://www.w3.org/2000/09/xmldsig#") + protected KeyInfoType keyInfo; + @XmlElement(name = "Address") + @XmlSchemaType(name = "anyURI") + protected String address; + @XmlAnyElement(lax = true) + protected List<Object> any; + + /** + * certificate for secure communication + * + * @return + * possible object is + * {@link KeyInfoType } + * + */ + public KeyInfoType getKeyInfo() { + return keyInfo; + } + + /** + * Sets the value of the keyInfo property. + * + * @param value + * allowed object is + * {@link KeyInfoType } + * + */ + public void setKeyInfo(KeyInfoType value) { + this.keyInfo = value; + } + + /** + * Gets the value of the address property. + * + * @return + * possible object is + * {@link String } + * + */ + public String getAddress() { + return address; + } + + /** + * Sets the value of the address property. + * + * @param value + * allowed object is + * {@link String } + * + */ + public void setAddress(String value) { + this.address = value; + } + + /** + * Gets the value of the any property. + * + * <p> + * This accessor method returns a reference to the live list, + * not a snapshot. Therefore any modification you make to the + * returned list will be present inside the JAXB object. + * This is why there is not a <CODE>set</CODE> method for the any property. + * + * <p> + * For example, to add a new item, do as follows: + * <pre> + * getAny().add(newItem); + * </pre> + * + * + * <p> + * Objects of the following type(s) are allowed in the list + * {@link Element } + * {@link Object } + * + * + */ + public List<Object> getAny() { + if (any == null) { + any = new ArrayList<Object>(); + } + return this.any; + } + +} diff --git a/id/server/idserverlib/src/main/java/at/gv/e_government/reference/namespace/persondata/_20020228_/MaritalStatusType.java b/id/server/idserverlib/src/main/java/at/gv/e_government/reference/namespace/persondata/_20020228_/MaritalStatusType.java new file mode 100644 index 000000000..fa2130290 --- /dev/null +++ b/id/server/idserverlib/src/main/java/at/gv/e_government/reference/namespace/persondata/_20020228_/MaritalStatusType.java @@ -0,0 +1,64 @@ +// +// This file was generated by the JavaTM Architecture for XML Binding(JAXB) Reference Implementation, vJAXB 2.1.10 in JDK 6 +// See <a href="http://java.sun.com/xml/jaxb">http://java.sun.com/xml/jaxb</a> +// Any modifications to this file will be lost upon recompilation of the source schema. +// Generated on: 2013.06.19 at 11:53:10 AM CEST +// + + +package at.gv.e_government.reference.namespace.persondata._20020228_; + +import javax.xml.bind.annotation.XmlEnum; +import javax.xml.bind.annotation.XmlEnumValue; +import javax.xml.bind.annotation.XmlType; + + +/** + * <p>Java class for MaritalStatusType. + * + * <p>The following schema fragment specifies the expected content contained within this class. + * <p> + * <pre> + * <simpleType name="MaritalStatusType"> + * <restriction base="{http://www.w3.org/2001/XMLSchema}token"> + * <enumeration value="single"/> + * <enumeration value="married"/> + * <enumeration value="divorced"/> + * <enumeration value="widowed"/> + * </restriction> + * </simpleType> + * </pre> + * + */ +@XmlType(name = "MaritalStatusType") +@XmlEnum +public enum MaritalStatusType { + + @XmlEnumValue("single") + SINGLE("single"), + @XmlEnumValue("married") + MARRIED("married"), + @XmlEnumValue("divorced") + DIVORCED("divorced"), + @XmlEnumValue("widowed") + WIDOWED("widowed"); + private final String value; + + MaritalStatusType(String v) { + value = v; + } + + public String value() { + return value; + } + + public static MaritalStatusType fromValue(String v) { + for (MaritalStatusType c: MaritalStatusType.values()) { + if (c.value.equals(v)) { + return c; + } + } + throw new IllegalArgumentException(v); + } + +} diff --git a/id/server/idserverlib/src/main/java/at/gv/e_government/reference/namespace/persondata/_20020228_/MobileTelcomNumberType.java b/id/server/idserverlib/src/main/java/at/gv/e_government/reference/namespace/persondata/_20020228_/MobileTelcomNumberType.java new file mode 100644 index 000000000..7a361f12d --- /dev/null +++ b/id/server/idserverlib/src/main/java/at/gv/e_government/reference/namespace/persondata/_20020228_/MobileTelcomNumberType.java @@ -0,0 +1,67 @@ +// +// This file was generated by the JavaTM Architecture for XML Binding(JAXB) Reference Implementation, vJAXB 2.1.10 in JDK 6 +// See <a href="http://java.sun.com/xml/jaxb">http://java.sun.com/xml/jaxb</a> +// Any modifications to this file will be lost upon recompilation of the source schema. +// Generated on: 2013.06.19 at 11:53:10 AM CEST +// + + +package at.gv.e_government.reference.namespace.persondata._20020228_; + +import javax.xml.bind.annotation.XmlAccessType; +import javax.xml.bind.annotation.XmlAccessorType; +import javax.xml.bind.annotation.XmlAttribute; +import javax.xml.bind.annotation.XmlType; + + +/** + * <p>Java class for MobileTelcomNumberType complex type. + * + * <p>The following schema fragment specifies the expected content contained within this class. + * + * <pre> + * <complexType name="MobileTelcomNumberType"> + * <complexContent> + * <extension base="{http://reference.e-government.gv.at/namespace/persondata/20020228#}TelcomNumberType"> + * <attribute name="smsEnabled" type="{http://www.w3.org/2001/XMLSchema}boolean" /> + * </extension> + * </complexContent> + * </complexType> + * </pre> + * + * + */ +@XmlAccessorType(XmlAccessType.FIELD) +@XmlType(name = "MobileTelcomNumberType") +public class MobileTelcomNumberType + extends TelcomNumberType +{ + + @XmlAttribute + protected Boolean smsEnabled; + + /** + * Gets the value of the smsEnabled property. + * + * @return + * possible object is + * {@link Boolean } + * + */ + public Boolean isSmsEnabled() { + return smsEnabled; + } + + /** + * Sets the value of the smsEnabled property. + * + * @param value + * allowed object is + * {@link Boolean } + * + */ + public void setSmsEnabled(Boolean value) { + this.smsEnabled = value; + } + +} diff --git a/id/server/idserverlib/src/main/java/at/gv/e_government/reference/namespace/persondata/_20020228_/ObjectFactory.java b/id/server/idserverlib/src/main/java/at/gv/e_government/reference/namespace/persondata/_20020228_/ObjectFactory.java new file mode 100644 index 000000000..07cb0c099 --- /dev/null +++ b/id/server/idserverlib/src/main/java/at/gv/e_government/reference/namespace/persondata/_20020228_/ObjectFactory.java @@ -0,0 +1,420 @@ +// +// This file was generated by the JavaTM Architecture for XML Binding(JAXB) Reference Implementation, vJAXB 2.1.10 in JDK 6 +// See <a href="http://java.sun.com/xml/jaxb">http://java.sun.com/xml/jaxb</a> +// Any modifications to this file will be lost upon recompilation of the source schema. +// Generated on: 2013.06.19 at 11:53:10 AM CEST +// + + +package at.gv.e_government.reference.namespace.persondata._20020228_; + +import javax.xml.bind.JAXBElement; +import javax.xml.bind.annotation.XmlElementDecl; +import javax.xml.bind.annotation.XmlRegistry; +import javax.xml.namespace.QName; + + +/** + * This object contains factory methods for each + * Java content interface and Java element interface + * generated in the at.gv.e_government.reference.namespace.persondata._20020228_ package. + * <p>An ObjectFactory allows you to programatically + * construct new instances of the Java representation + * for XML content. The Java representation of XML + * content can consist of schema derived interfaces + * and classes representing the binding of schema + * type definitions, element declarations and model + * groups. Factory methods for each of these are + * provided in this class. + * + */ +@XmlRegistry +public class ObjectFactory { + + private final static QName _TypedPostalAddress_QNAME = new QName("http://reference.e-government.gv.at/namespace/persondata/20020228#", "TypedPostalAddress"); + private final static QName _Extension_QNAME = new QName("http://reference.e-government.gv.at/namespace/persondata/20020228#", "Extension"); + private final static QName _Mobile_QNAME = new QName("http://reference.e-government.gv.at/namespace/persondata/20020228#", "Mobile"); + private final static QName _AreaCityCode_QNAME = new QName("http://reference.e-government.gv.at/namespace/persondata/20020228#", "AreaCityCode"); + private final static QName _TTYTDD_QNAME = new QName("http://reference.e-government.gv.at/namespace/persondata/20020228#", "TTYTDD"); + private final static QName _PersonName_QNAME = new QName("http://reference.e-government.gv.at/namespace/persondata/20020228#", "PersonName"); + private final static QName _InternetAddress_QNAME = new QName("http://reference.e-government.gv.at/namespace/persondata/20020228#", "InternetAddress"); + private final static QName _InternationalCountryCode_QNAME = new QName("http://reference.e-government.gv.at/namespace/persondata/20020228#", "InternationalCountryCode"); + private final static QName _Pager_QNAME = new QName("http://reference.e-government.gv.at/namespace/persondata/20020228#", "Pager"); + private final static QName _PersonData_QNAME = new QName("http://reference.e-government.gv.at/namespace/persondata/20020228#", "PersonData"); + private final static QName _SubscriberNumber_QNAME = new QName("http://reference.e-government.gv.at/namespace/persondata/20020228#", "SubscriberNumber"); + private final static QName _NationalNumber_QNAME = new QName("http://reference.e-government.gv.at/namespace/persondata/20020228#", "NationalNumber"); + private final static QName _PhysicalPerson_QNAME = new QName("http://reference.e-government.gv.at/namespace/persondata/20020228#", "PhysicalPerson"); + private final static QName _CorporateBody_QNAME = new QName("http://reference.e-government.gv.at/namespace/persondata/20020228#", "CorporateBody"); + private final static QName _Telephone_QNAME = new QName("http://reference.e-government.gv.at/namespace/persondata/20020228#", "Telephone"); + private final static QName _Address_QNAME = new QName("http://reference.e-government.gv.at/namespace/persondata/20020228#", "Address"); + private final static QName _Person_QNAME = new QName("http://reference.e-government.gv.at/namespace/persondata/20020228#", "Person"); + private final static QName _Fax_QNAME = new QName("http://reference.e-government.gv.at/namespace/persondata/20020228#", "Fax"); + private final static QName _PostalAddress_QNAME = new QName("http://reference.e-government.gv.at/namespace/persondata/20020228#", "PostalAddress"); + private final static QName _TelephoneAddress_QNAME = new QName("http://reference.e-government.gv.at/namespace/persondata/20020228#", "TelephoneAddress"); + private final static QName _FormattedNumber_QNAME = new QName("http://reference.e-government.gv.at/namespace/persondata/20020228#", "FormattedNumber"); + + /** + * Create a new ObjectFactory that can be used to create new instances of schema derived classes for package: at.gv.e_government.reference.namespace.persondata._20020228_ + * + */ + public ObjectFactory() { + } + + /** + * Create an instance of {@link TelephoneAddressType } + * + */ + public TelephoneAddressType createTelephoneAddressType() { + return new TelephoneAddressType(); + } + + /** + * Create an instance of {@link PersonNameType.FamilyName } + * + */ + public PersonNameType.FamilyName createPersonNameTypeFamilyName() { + return new PersonNameType.FamilyName(); + } + + /** + * Create an instance of {@link PersonNameType.FormattedName } + * + */ + public PersonNameType.FormattedName createPersonNameTypeFormattedName() { + return new PersonNameType.FormattedName(); + } + + /** + * Create an instance of {@link PostalAddressType.DeliveryAddress } + * + */ + public PostalAddressType.DeliveryAddress createPostalAddressTypeDeliveryAddress() { + return new PostalAddressType.DeliveryAddress(); + } + + /** + * Create an instance of {@link TypedPostalAddressType } + * + */ + public TypedPostalAddressType createTypedPostalAddressType() { + return new TypedPostalAddressType(); + } + + /** + * Create an instance of {@link MobileTelcomNumberType } + * + */ + public MobileTelcomNumberType createMobileTelcomNumberType() { + return new MobileTelcomNumberType(); + } + + /** + * Create an instance of {@link PersonDataType.AdditionalData } + * + */ + public PersonDataType.AdditionalData createPersonDataTypeAdditionalData() { + return new PersonDataType.AdditionalData(); + } + + /** + * Create an instance of {@link PostalAddressType.Recipient } + * + */ + public PostalAddressType.Recipient createPostalAddressTypeRecipient() { + return new PostalAddressType.Recipient(); + } + + /** + * Create an instance of {@link PersonDataType } + * + */ + public PersonDataType createPersonDataType() { + return new PersonDataType(); + } + + /** + * Create an instance of {@link PhysicalPersonType } + * + */ + public PhysicalPersonType createPhysicalPersonType() { + return new PhysicalPersonType(); + } + + /** + * Create an instance of {@link TelcomNumberType } + * + */ + public TelcomNumberType createTelcomNumberType() { + return new TelcomNumberType(); + } + + /** + * Create an instance of {@link PhysicalPersonType.RelatedPerson } + * + */ + public PhysicalPersonType.RelatedPerson createPhysicalPersonTypeRelatedPerson() { + return new PhysicalPersonType.RelatedPerson(); + } + + /** + * Create an instance of {@link PostalAddressType } + * + */ + public PostalAddressType createPostalAddressType() { + return new PostalAddressType(); + } + + /** + * Create an instance of {@link TelcomNumberListType } + * + */ + public TelcomNumberListType createTelcomNumberListType() { + return new TelcomNumberListType(); + } + + /** + * Create an instance of {@link PersonNameType } + * + */ + public PersonNameType createPersonNameType() { + return new PersonNameType(); + } + + /** + * Create an instance of {@link PhysicalPersonType.AlternativeName } + * + */ + public PhysicalPersonType.AlternativeName createPhysicalPersonTypeAlternativeName() { + return new PhysicalPersonType.AlternativeName(); + } + + /** + * Create an instance of {@link PersonNameType.Affix } + * + */ + public PersonNameType.Affix createPersonNameTypeAffix() { + return new PersonNameType.Affix(); + } + + /** + * Create an instance of {@link IdentificationType.Value } + * + */ + public IdentificationType.Value createIdentificationTypeValue() { + return new IdentificationType.Value(); + } + + /** + * Create an instance of {@link IdentificationType } + * + */ + public IdentificationType createIdentificationType() { + return new IdentificationType(); + } + + /** + * Create an instance of {@link InternetAddressType } + * + */ + public InternetAddressType createInternetAddressType() { + return new InternetAddressType(); + } + + /** + * Create an instance of {@link CorporateBodyType } + * + */ + public CorporateBodyType createCorporateBodyType() { + return new CorporateBodyType(); + } + + /** + * Create an instance of {@link JAXBElement }{@code <}{@link TypedPostalAddressType }{@code >}} + * + */ + @XmlElementDecl(namespace = "http://reference.e-government.gv.at/namespace/persondata/20020228#", name = "TypedPostalAddress") + public JAXBElement<TypedPostalAddressType> createTypedPostalAddress(TypedPostalAddressType value) { + return new JAXBElement<TypedPostalAddressType>(_TypedPostalAddress_QNAME, TypedPostalAddressType.class, null, value); + } + + /** + * Create an instance of {@link JAXBElement }{@code <}{@link String }{@code >}} + * + */ + @XmlElementDecl(namespace = "http://reference.e-government.gv.at/namespace/persondata/20020228#", name = "Extension") + public JAXBElement<String> createExtension(String value) { + return new JAXBElement<String>(_Extension_QNAME, String.class, null, value); + } + + /** + * Create an instance of {@link JAXBElement }{@code <}{@link MobileTelcomNumberType }{@code >}} + * + */ + @XmlElementDecl(namespace = "http://reference.e-government.gv.at/namespace/persondata/20020228#", name = "Mobile") + public JAXBElement<MobileTelcomNumberType> createMobile(MobileTelcomNumberType value) { + return new JAXBElement<MobileTelcomNumberType>(_Mobile_QNAME, MobileTelcomNumberType.class, null, value); + } + + /** + * Create an instance of {@link JAXBElement }{@code <}{@link String }{@code >}} + * + */ + @XmlElementDecl(namespace = "http://reference.e-government.gv.at/namespace/persondata/20020228#", name = "AreaCityCode") + public JAXBElement<String> createAreaCityCode(String value) { + return new JAXBElement<String>(_AreaCityCode_QNAME, String.class, null, value); + } + + /** + * Create an instance of {@link JAXBElement }{@code <}{@link TelcomNumberType }{@code >}} + * + */ + @XmlElementDecl(namespace = "http://reference.e-government.gv.at/namespace/persondata/20020228#", name = "TTYTDD") + public JAXBElement<TelcomNumberType> createTTYTDD(TelcomNumberType value) { + return new JAXBElement<TelcomNumberType>(_TTYTDD_QNAME, TelcomNumberType.class, null, value); + } + + /** + * Create an instance of {@link JAXBElement }{@code <}{@link PersonNameType }{@code >}} + * + */ + @XmlElementDecl(namespace = "http://reference.e-government.gv.at/namespace/persondata/20020228#", name = "PersonName") + public JAXBElement<PersonNameType> createPersonName(PersonNameType value) { + return new JAXBElement<PersonNameType>(_PersonName_QNAME, PersonNameType.class, null, value); + } + + /** + * Create an instance of {@link JAXBElement }{@code <}{@link InternetAddressType }{@code >}} + * + */ + @XmlElementDecl(namespace = "http://reference.e-government.gv.at/namespace/persondata/20020228#", name = "InternetAddress") + public JAXBElement<InternetAddressType> createInternetAddress(InternetAddressType value) { + return new JAXBElement<InternetAddressType>(_InternetAddress_QNAME, InternetAddressType.class, null, value); + } + + /** + * Create an instance of {@link JAXBElement }{@code <}{@link String }{@code >}} + * + */ + @XmlElementDecl(namespace = "http://reference.e-government.gv.at/namespace/persondata/20020228#", name = "InternationalCountryCode") + public JAXBElement<String> createInternationalCountryCode(String value) { + return new JAXBElement<String>(_InternationalCountryCode_QNAME, String.class, null, value); + } + + /** + * Create an instance of {@link JAXBElement }{@code <}{@link TelcomNumberType }{@code >}} + * + */ + @XmlElementDecl(namespace = "http://reference.e-government.gv.at/namespace/persondata/20020228#", name = "Pager") + public JAXBElement<TelcomNumberType> createPager(TelcomNumberType value) { + return new JAXBElement<TelcomNumberType>(_Pager_QNAME, TelcomNumberType.class, null, value); + } + + /** + * Create an instance of {@link JAXBElement }{@code <}{@link PersonDataType }{@code >}} + * + */ + @XmlElementDecl(namespace = "http://reference.e-government.gv.at/namespace/persondata/20020228#", name = "PersonData") + public JAXBElement<PersonDataType> createPersonData(PersonDataType value) { + return new JAXBElement<PersonDataType>(_PersonData_QNAME, PersonDataType.class, null, value); + } + + /** + * Create an instance of {@link JAXBElement }{@code <}{@link String }{@code >}} + * + */ + @XmlElementDecl(namespace = "http://reference.e-government.gv.at/namespace/persondata/20020228#", name = "SubscriberNumber") + public JAXBElement<String> createSubscriberNumber(String value) { + return new JAXBElement<String>(_SubscriberNumber_QNAME, String.class, null, value); + } + + /** + * Create an instance of {@link JAXBElement }{@code <}{@link String }{@code >}} + * + */ + @XmlElementDecl(namespace = "http://reference.e-government.gv.at/namespace/persondata/20020228#", name = "NationalNumber") + public JAXBElement<String> createNationalNumber(String value) { + return new JAXBElement<String>(_NationalNumber_QNAME, String.class, null, value); + } + + /** + * Create an instance of {@link JAXBElement }{@code <}{@link PhysicalPersonType }{@code >}} + * + */ + @XmlElementDecl(namespace = "http://reference.e-government.gv.at/namespace/persondata/20020228#", name = "PhysicalPerson") + public JAXBElement<PhysicalPersonType> createPhysicalPerson(PhysicalPersonType value) { + return new JAXBElement<PhysicalPersonType>(_PhysicalPerson_QNAME, PhysicalPersonType.class, null, value); + } + + /** + * Create an instance of {@link JAXBElement }{@code <}{@link CorporateBodyType }{@code >}} + * + */ + @XmlElementDecl(namespace = "http://reference.e-government.gv.at/namespace/persondata/20020228#", name = "CorporateBody") + public JAXBElement<CorporateBodyType> createCorporateBody(CorporateBodyType value) { + return new JAXBElement<CorporateBodyType>(_CorporateBody_QNAME, CorporateBodyType.class, null, value); + } + + /** + * Create an instance of {@link JAXBElement }{@code <}{@link TelcomNumberType }{@code >}} + * + */ + @XmlElementDecl(namespace = "http://reference.e-government.gv.at/namespace/persondata/20020228#", name = "Telephone") + public JAXBElement<TelcomNumberType> createTelephone(TelcomNumberType value) { + return new JAXBElement<TelcomNumberType>(_Telephone_QNAME, TelcomNumberType.class, null, value); + } + + /** + * Create an instance of {@link JAXBElement }{@code <}{@link AbstractAddressType }{@code >}} + * + */ + @XmlElementDecl(namespace = "http://reference.e-government.gv.at/namespace/persondata/20020228#", name = "Address") + public JAXBElement<AbstractAddressType> createAddress(AbstractAddressType value) { + return new JAXBElement<AbstractAddressType>(_Address_QNAME, AbstractAddressType.class, null, value); + } + + /** + * Create an instance of {@link JAXBElement }{@code <}{@link AbstractPersonType }{@code >}} + * + */ + @XmlElementDecl(namespace = "http://reference.e-government.gv.at/namespace/persondata/20020228#", name = "Person") + public JAXBElement<AbstractPersonType> createPerson(AbstractPersonType value) { + return new JAXBElement<AbstractPersonType>(_Person_QNAME, AbstractPersonType.class, null, value); + } + + /** + * Create an instance of {@link JAXBElement }{@code <}{@link TelcomNumberType }{@code >}} + * + */ + @XmlElementDecl(namespace = "http://reference.e-government.gv.at/namespace/persondata/20020228#", name = "Fax") + public JAXBElement<TelcomNumberType> createFax(TelcomNumberType value) { + return new JAXBElement<TelcomNumberType>(_Fax_QNAME, TelcomNumberType.class, null, value); + } + + /** + * Create an instance of {@link JAXBElement }{@code <}{@link PostalAddressType }{@code >}} + * + */ + @XmlElementDecl(namespace = "http://reference.e-government.gv.at/namespace/persondata/20020228#", name = "PostalAddress") + public JAXBElement<PostalAddressType> createPostalAddress(PostalAddressType value) { + return new JAXBElement<PostalAddressType>(_PostalAddress_QNAME, PostalAddressType.class, null, value); + } + + /** + * Create an instance of {@link JAXBElement }{@code <}{@link TelephoneAddressType }{@code >}} + * + */ + @XmlElementDecl(namespace = "http://reference.e-government.gv.at/namespace/persondata/20020228#", name = "TelephoneAddress") + public JAXBElement<TelephoneAddressType> createTelephoneAddress(TelephoneAddressType value) { + return new JAXBElement<TelephoneAddressType>(_TelephoneAddress_QNAME, TelephoneAddressType.class, null, value); + } + + /** + * Create an instance of {@link JAXBElement }{@code <}{@link String }{@code >}} + * + */ + @XmlElementDecl(namespace = "http://reference.e-government.gv.at/namespace/persondata/20020228#", name = "FormattedNumber") + public JAXBElement<String> createFormattedNumber(String value) { + return new JAXBElement<String>(_FormattedNumber_QNAME, String.class, null, value); + } + +} diff --git a/id/server/idserverlib/src/main/java/at/gv/e_government/reference/namespace/persondata/_20020228_/PersonDataType.java b/id/server/idserverlib/src/main/java/at/gv/e_government/reference/namespace/persondata/_20020228_/PersonDataType.java new file mode 100644 index 000000000..2d3cd9315 --- /dev/null +++ b/id/server/idserverlib/src/main/java/at/gv/e_government/reference/namespace/persondata/_20020228_/PersonDataType.java @@ -0,0 +1,247 @@ +// +// This file was generated by the JavaTM Architecture for XML Binding(JAXB) Reference Implementation, vJAXB 2.1.10 in JDK 6 +// See <a href="http://java.sun.com/xml/jaxb">http://java.sun.com/xml/jaxb</a> +// Any modifications to this file will be lost upon recompilation of the source schema. +// Generated on: 2013.06.19 at 11:53:10 AM CEST +// + + +package at.gv.e_government.reference.namespace.persondata._20020228_; + +import java.util.ArrayList; +import java.util.List; +import javax.xml.bind.annotation.XmlAccessType; +import javax.xml.bind.annotation.XmlAccessorType; +import javax.xml.bind.annotation.XmlAnyElement; +import javax.xml.bind.annotation.XmlElement; +import javax.xml.bind.annotation.XmlMixed; +import javax.xml.bind.annotation.XmlType; +import org.w3._2000._09.xmldsig_.SignatureType; +import org.w3c.dom.Element; + + +/** + * signed person datastructure. The first Identification elements (from the base type) denote the record as such (e.g. database key for this record) - not to be mistaken for identifiers of the person or of an address (they have their own Identification elements). + * + * <p>Java class for PersonDataType complex type. + * + * <p>The following schema fragment specifies the expected content contained within this class. + * + * <pre> + * <complexType name="PersonDataType"> + * <complexContent> + * <extension base="{http://reference.e-government.gv.at/namespace/persondata/20020228#}AbstractPersonType"> + * <sequence> + * <element ref="{http://reference.e-government.gv.at/namespace/persondata/20020228#}Person"/> + * <element ref="{http://reference.e-government.gv.at/namespace/persondata/20020228#}Address" maxOccurs="unbounded" minOccurs="0"/> + * <element ref="{http://www.w3.org/2000/09/xmldsig#}Signature" maxOccurs="unbounded" minOccurs="0"/> + * <element name="AdditionalData" minOccurs="0"> + * <complexType> + * <complexContent> + * <restriction base="{http://www.w3.org/2001/XMLSchema}anyType"> + * <sequence maxOccurs="unbounded" minOccurs="0"> + * <any processContents='lax'/> + * </sequence> + * </restriction> + * </complexContent> + * </complexType> + * </element> + * </sequence> + * <anyAttribute namespace='##other'/> + * </extension> + * </complexContent> + * </complexType> + * </pre> + * + * + */ +@XmlAccessorType(XmlAccessType.FIELD) +@XmlType(name = "PersonDataType", propOrder = { + "person", + "address", + "signature", + "additionalData" +}) +public class PersonDataType + extends AbstractPersonType +{ + + @XmlElement(name = "Person", required = true) + protected AbstractPersonType person; + @XmlElement(name = "Address") + protected List<AbstractAddressType> address; + @XmlElement(name = "Signature", namespace = "http://www.w3.org/2000/09/xmldsig#") + protected List<SignatureType> signature; + @XmlElement(name = "AdditionalData") + protected PersonDataType.AdditionalData additionalData; + + /** + * Gets the value of the person property. + * + * @return + * possible object is + * {@link AbstractPersonType } + * + */ + public AbstractPersonType getPerson() { + return person; + } + + /** + * Sets the value of the person property. + * + * @param value + * allowed object is + * {@link AbstractPersonType } + * + */ + public void setPerson(AbstractPersonType value) { + this.person = value; + } + + /** + * Gets the value of the address property. + * + * <p> + * This accessor method returns a reference to the live list, + * not a snapshot. Therefore any modification you make to the + * returned list will be present inside the JAXB object. + * This is why there is not a <CODE>set</CODE> method for the address property. + * + * <p> + * For example, to add a new item, do as follows: + * <pre> + * getAddress().add(newItem); + * </pre> + * + * + * <p> + * Objects of the following type(s) are allowed in the list + * {@link AbstractAddressType } + * + * + */ + public List<AbstractAddressType> getAddress() { + if (address == null) { + address = new ArrayList<AbstractAddressType>(); + } + return this.address; + } + + /** + * one or more electronic signatures applied on fields above Gets the value of the signature property. + * + * <p> + * This accessor method returns a reference to the live list, + * not a snapshot. Therefore any modification you make to the + * returned list will be present inside the JAXB object. + * This is why there is not a <CODE>set</CODE> method for the signature property. + * + * <p> + * For example, to add a new item, do as follows: + * <pre> + * getSignature().add(newItem); + * </pre> + * + * + * <p> + * Objects of the following type(s) are allowed in the list + * {@link SignatureType } + * + * + */ + public List<SignatureType> getSignature() { + if (signature == null) { + signature = new ArrayList<SignatureType>(); + } + return this.signature; + } + + /** + * Gets the value of the additionalData property. + * + * @return + * possible object is + * {@link PersonDataType.AdditionalData } + * + */ + public PersonDataType.AdditionalData getAdditionalData() { + return additionalData; + } + + /** + * Sets the value of the additionalData property. + * + * @param value + * allowed object is + * {@link PersonDataType.AdditionalData } + * + */ + public void setAdditionalData(PersonDataType.AdditionalData value) { + this.additionalData = value; + } + + + /** + * <p>Java class for anonymous complex type. + * + * <p>The following schema fragment specifies the expected content contained within this class. + * + * <pre> + * <complexType> + * <complexContent> + * <restriction base="{http://www.w3.org/2001/XMLSchema}anyType"> + * <sequence maxOccurs="unbounded" minOccurs="0"> + * <any processContents='lax'/> + * </sequence> + * </restriction> + * </complexContent> + * </complexType> + * </pre> + * + * + */ + @XmlAccessorType(XmlAccessType.FIELD) + @XmlType(name = "", propOrder = { + "content" + }) + public static class AdditionalData { + + @XmlMixed + @XmlAnyElement(lax = true) + protected List<Object> content; + + /** + * Gets the value of the content property. + * + * <p> + * This accessor method returns a reference to the live list, + * not a snapshot. Therefore any modification you make to the + * returned list will be present inside the JAXB object. + * This is why there is not a <CODE>set</CODE> method for the content property. + * + * <p> + * For example, to add a new item, do as follows: + * <pre> + * getContent().add(newItem); + * </pre> + * + * + * <p> + * Objects of the following type(s) are allowed in the list + * {@link String } + * {@link Element } + * {@link Object } + * + * + */ + public List<Object> getContent() { + if (content == null) { + content = new ArrayList<Object>(); + } + return this.content; + } + + } + +} diff --git a/id/server/idserverlib/src/main/java/at/gv/e_government/reference/namespace/persondata/_20020228_/PersonNameType.java b/id/server/idserverlib/src/main/java/at/gv/e_government/reference/namespace/persondata/_20020228_/PersonNameType.java new file mode 100644 index 000000000..9e68a544c --- /dev/null +++ b/id/server/idserverlib/src/main/java/at/gv/e_government/reference/namespace/persondata/_20020228_/PersonNameType.java @@ -0,0 +1,620 @@ +// +// This file was generated by the JavaTM Architecture for XML Binding(JAXB) Reference Implementation, vJAXB 2.1.10 in JDK 6 +// See <a href="http://java.sun.com/xml/jaxb">http://java.sun.com/xml/jaxb</a> +// Any modifications to this file will be lost upon recompilation of the source schema. +// Generated on: 2013.06.19 at 11:53:10 AM CEST +// + + +package at.gv.e_government.reference.namespace.persondata._20020228_; + +import java.util.ArrayList; +import java.util.List; +import javax.xml.bind.annotation.XmlAccessType; +import javax.xml.bind.annotation.XmlAccessorType; +import javax.xml.bind.annotation.XmlAttribute; +import javax.xml.bind.annotation.XmlElement; +import javax.xml.bind.annotation.XmlSeeAlso; +import javax.xml.bind.annotation.XmlType; +import javax.xml.bind.annotation.XmlValue; + + +/** + * <p>Java class for PersonNameType complex type. + * + * <p>The following schema fragment specifies the expected content contained within this class. + * + * <pre> + * <complexType name="PersonNameType"> + * <complexContent> + * <restriction base="{http://www.w3.org/2001/XMLSchema}anyType"> + * <sequence> + * <element name="FormattedName" maxOccurs="unbounded" minOccurs="0"> + * <complexType> + * <simpleContent> + * <extension base="<http://www.w3.org/2001/XMLSchema>string"> + * <attribute name="type" default="presentation"> + * <simpleType> + * <restriction base="{http://www.w3.org/2001/XMLSchema}string"> + * <enumeration value="presentation"/> + * <enumeration value="legal"/> + * <enumeration value="sortOrder"/> + * </restriction> + * </simpleType> + * </attribute> + * </extension> + * </simpleContent> + * </complexType> + * </element> + * <element name="LegalName" type="{http://www.w3.org/2001/XMLSchema}string" minOccurs="0"/> + * <element name="GivenName" type="{http://www.w3.org/2001/XMLSchema}string" maxOccurs="unbounded" minOccurs="0"/> + * <element name="PreferredGivenName" type="{http://www.w3.org/2001/XMLSchema}string" minOccurs="0"/> + * <element name="MiddleName" type="{http://www.w3.org/2001/XMLSchema}string" minOccurs="0"/> + * <element name="FamilyName" maxOccurs="unbounded" minOccurs="0"> + * <complexType> + * <simpleContent> + * <extension base="<http://www.w3.org/2001/XMLSchema>string"> + * <attribute name="primary" default="undefined"> + * <simpleType> + * <restriction base="{http://www.w3.org/2001/XMLSchema}string"> + * <enumeration value="true"/> + * <enumeration value="false"/> + * <enumeration value="undefined"/> + * </restriction> + * </simpleType> + * </attribute> + * <attribute name="prefix" type="{http://www.w3.org/2001/XMLSchema}string" /> + * </extension> + * </simpleContent> + * </complexType> + * </element> + * <element name="Affix" maxOccurs="unbounded" minOccurs="0"> + * <complexType> + * <simpleContent> + * <extension base="<http://www.w3.org/2001/XMLSchema>string"> + * <attribute name="type" use="required"> + * <simpleType> + * <restriction base="{http://www.w3.org/2001/XMLSchema}string"> + * <enumeration value="academicGrade"/> + * <enumeration value="aristocraticPrefix"/> + * <enumeration value="aristocraticTitle"/> + * <enumeration value="familyNamePrefix"/> + * <enumeration value="familyNameSuffix"/> + * <enumeration value="formOfAddress"/> + * <enumeration value="generation"/> + * <enumeration value="qualification"/> + * </restriction> + * </simpleType> + * </attribute> + * </extension> + * </simpleContent> + * </complexType> + * </element> + * </sequence> + * </restriction> + * </complexContent> + * </complexType> + * </pre> + * + * + */ +@XmlAccessorType(XmlAccessType.FIELD) +@XmlType(name = "PersonNameType", propOrder = { + "formattedName", + "legalName", + "givenName", + "preferredGivenName", + "middleName", + "familyName", + "affix" +}) +@XmlSeeAlso({ + at.gv.e_government.reference.namespace.persondata._20020228_.PhysicalPersonType.AlternativeName.class +}) +public class PersonNameType { + + @XmlElement(name = "FormattedName") + protected List<PersonNameType.FormattedName> formattedName; + @XmlElement(name = "LegalName") + protected String legalName; + @XmlElement(name = "GivenName") + protected List<String> givenName; + @XmlElement(name = "PreferredGivenName") + protected String preferredGivenName; + @XmlElement(name = "MiddleName") + protected String middleName; + @XmlElement(name = "FamilyName") + protected List<PersonNameType.FamilyName> familyName; + @XmlElement(name = "Affix") + protected List<PersonNameType.Affix> affix; + + /** + * Gets the value of the formattedName property. + * + * <p> + * This accessor method returns a reference to the live list, + * not a snapshot. Therefore any modification you make to the + * returned list will be present inside the JAXB object. + * This is why there is not a <CODE>set</CODE> method for the formattedName property. + * + * <p> + * For example, to add a new item, do as follows: + * <pre> + * getFormattedName().add(newItem); + * </pre> + * + * + * <p> + * Objects of the following type(s) are allowed in the list + * {@link PersonNameType.FormattedName } + * + * + */ + public List<PersonNameType.FormattedName> getFormattedName() { + if (formattedName == null) { + formattedName = new ArrayList<PersonNameType.FormattedName>(); + } + return this.formattedName; + } + + /** + * Gets the value of the legalName property. + * + * @return + * possible object is + * {@link String } + * + */ + public String getLegalName() { + return legalName; + } + + /** + * Sets the value of the legalName property. + * + * @param value + * allowed object is + * {@link String } + * + */ + public void setLegalName(String value) { + this.legalName = value; + } + + /** + * Gets the value of the givenName property. + * + * <p> + * This accessor method returns a reference to the live list, + * not a snapshot. Therefore any modification you make to the + * returned list will be present inside the JAXB object. + * This is why there is not a <CODE>set</CODE> method for the givenName property. + * + * <p> + * For example, to add a new item, do as follows: + * <pre> + * getGivenName().add(newItem); + * </pre> + * + * + * <p> + * Objects of the following type(s) are allowed in the list + * {@link String } + * + * + */ + public List<String> getGivenName() { + if (givenName == null) { + givenName = new ArrayList<String>(); + } + return this.givenName; + } + + /** + * Gets the value of the preferredGivenName property. + * + * @return + * possible object is + * {@link String } + * + */ + public String getPreferredGivenName() { + return preferredGivenName; + } + + /** + * Sets the value of the preferredGivenName property. + * + * @param value + * allowed object is + * {@link String } + * + */ + public void setPreferredGivenName(String value) { + this.preferredGivenName = value; + } + + /** + * Gets the value of the middleName property. + * + * @return + * possible object is + * {@link String } + * + */ + public String getMiddleName() { + return middleName; + } + + /** + * Sets the value of the middleName property. + * + * @param value + * allowed object is + * {@link String } + * + */ + public void setMiddleName(String value) { + this.middleName = value; + } + + /** + * Gets the value of the familyName property. + * + * <p> + * This accessor method returns a reference to the live list, + * not a snapshot. Therefore any modification you make to the + * returned list will be present inside the JAXB object. + * This is why there is not a <CODE>set</CODE> method for the familyName property. + * + * <p> + * For example, to add a new item, do as follows: + * <pre> + * getFamilyName().add(newItem); + * </pre> + * + * + * <p> + * Objects of the following type(s) are allowed in the list + * {@link PersonNameType.FamilyName } + * + * + */ + public List<PersonNameType.FamilyName> getFamilyName() { + if (familyName == null) { + familyName = new ArrayList<PersonNameType.FamilyName>(); + } + return this.familyName; + } + + /** + * Gets the value of the affix property. + * + * <p> + * This accessor method returns a reference to the live list, + * not a snapshot. Therefore any modification you make to the + * returned list will be present inside the JAXB object. + * This is why there is not a <CODE>set</CODE> method for the affix property. + * + * <p> + * For example, to add a new item, do as follows: + * <pre> + * getAffix().add(newItem); + * </pre> + * + * + * <p> + * Objects of the following type(s) are allowed in the list + * {@link PersonNameType.Affix } + * + * + */ + public List<PersonNameType.Affix> getAffix() { + if (affix == null) { + affix = new ArrayList<PersonNameType.Affix>(); + } + return this.affix; + } + + + /** + * <p>Java class for anonymous complex type. + * + * <p>The following schema fragment specifies the expected content contained within this class. + * + * <pre> + * <complexType> + * <simpleContent> + * <extension base="<http://www.w3.org/2001/XMLSchema>string"> + * <attribute name="type" use="required"> + * <simpleType> + * <restriction base="{http://www.w3.org/2001/XMLSchema}string"> + * <enumeration value="academicGrade"/> + * <enumeration value="aristocraticPrefix"/> + * <enumeration value="aristocraticTitle"/> + * <enumeration value="familyNamePrefix"/> + * <enumeration value="familyNameSuffix"/> + * <enumeration value="formOfAddress"/> + * <enumeration value="generation"/> + * <enumeration value="qualification"/> + * </restriction> + * </simpleType> + * </attribute> + * </extension> + * </simpleContent> + * </complexType> + * </pre> + * + * + */ + @XmlAccessorType(XmlAccessType.FIELD) + @XmlType(name = "", propOrder = { + "value" + }) + public static class Affix { + + @XmlValue + protected String value; + @XmlAttribute(required = true) + protected String type; + + /** + * Gets the value of the value property. + * + * @return + * possible object is + * {@link String } + * + */ + public String getValue() { + return value; + } + + /** + * Sets the value of the value property. + * + * @param value + * allowed object is + * {@link String } + * + */ + public void setValue(String value) { + this.value = value; + } + + /** + * Gets the value of the type property. + * + * @return + * possible object is + * {@link String } + * + */ + public String getType() { + return type; + } + + /** + * Sets the value of the type property. + * + * @param value + * allowed object is + * {@link String } + * + */ + public void setType(String value) { + this.type = value; + } + + } + + + /** + * <p>Java class for anonymous complex type. + * + * <p>The following schema fragment specifies the expected content contained within this class. + * + * <pre> + * <complexType> + * <simpleContent> + * <extension base="<http://www.w3.org/2001/XMLSchema>string"> + * <attribute name="primary" default="undefined"> + * <simpleType> + * <restriction base="{http://www.w3.org/2001/XMLSchema}string"> + * <enumeration value="true"/> + * <enumeration value="false"/> + * <enumeration value="undefined"/> + * </restriction> + * </simpleType> + * </attribute> + * <attribute name="prefix" type="{http://www.w3.org/2001/XMLSchema}string" /> + * </extension> + * </simpleContent> + * </complexType> + * </pre> + * + * + */ + @XmlAccessorType(XmlAccessType.FIELD) + @XmlType(name = "", propOrder = { + "value" + }) + public static class FamilyName { + + @XmlValue + protected String value; + @XmlAttribute + protected String primary; + @XmlAttribute + protected String prefix; + + /** + * Gets the value of the value property. + * + * @return + * possible object is + * {@link String } + * + */ + public String getValue() { + return value; + } + + /** + * Sets the value of the value property. + * + * @param value + * allowed object is + * {@link String } + * + */ + public void setValue(String value) { + this.value = value; + } + + /** + * Gets the value of the primary property. + * + * @return + * possible object is + * {@link String } + * + */ + public String getPrimary() { + if (primary == null) { + return "undefined"; + } else { + return primary; + } + } + + /** + * Sets the value of the primary property. + * + * @param value + * allowed object is + * {@link String } + * + */ + public void setPrimary(String value) { + this.primary = value; + } + + /** + * Gets the value of the prefix property. + * + * @return + * possible object is + * {@link String } + * + */ + public String getPrefix() { + return prefix; + } + + /** + * Sets the value of the prefix property. + * + * @param value + * allowed object is + * {@link String } + * + */ + public void setPrefix(String value) { + this.prefix = value; + } + + } + + + /** + * <p>Java class for anonymous complex type. + * + * <p>The following schema fragment specifies the expected content contained within this class. + * + * <pre> + * <complexType> + * <simpleContent> + * <extension base="<http://www.w3.org/2001/XMLSchema>string"> + * <attribute name="type" default="presentation"> + * <simpleType> + * <restriction base="{http://www.w3.org/2001/XMLSchema}string"> + * <enumeration value="presentation"/> + * <enumeration value="legal"/> + * <enumeration value="sortOrder"/> + * </restriction> + * </simpleType> + * </attribute> + * </extension> + * </simpleContent> + * </complexType> + * </pre> + * + * + */ + @XmlAccessorType(XmlAccessType.FIELD) + @XmlType(name = "", propOrder = { + "value" + }) + public static class FormattedName { + + @XmlValue + protected String value; + @XmlAttribute + protected String type; + + /** + * Gets the value of the value property. + * + * @return + * possible object is + * {@link String } + * + */ + public String getValue() { + return value; + } + + /** + * Sets the value of the value property. + * + * @param value + * allowed object is + * {@link String } + * + */ + public void setValue(String value) { + this.value = value; + } + + /** + * Gets the value of the type property. + * + * @return + * possible object is + * {@link String } + * + */ + public String getType() { + if (type == null) { + return "presentation"; + } else { + return type; + } + } + + /** + * Sets the value of the type property. + * + * @param value + * allowed object is + * {@link String } + * + */ + public void setType(String value) { + this.type = value; + } + + } + +} diff --git a/id/server/idserverlib/src/main/java/at/gv/e_government/reference/namespace/persondata/_20020228_/PhysicalPersonType.java b/id/server/idserverlib/src/main/java/at/gv/e_government/reference/namespace/persondata/_20020228_/PhysicalPersonType.java new file mode 100644 index 000000000..c858f9e8f --- /dev/null +++ b/id/server/idserverlib/src/main/java/at/gv/e_government/reference/namespace/persondata/_20020228_/PhysicalPersonType.java @@ -0,0 +1,550 @@ +// +// This file was generated by the JavaTM Architecture for XML Binding(JAXB) Reference Implementation, vJAXB 2.1.10 in JDK 6 +// See <a href="http://java.sun.com/xml/jaxb">http://java.sun.com/xml/jaxb</a> +// Any modifications to this file will be lost upon recompilation of the source schema. +// Generated on: 2013.06.19 at 11:53:10 AM CEST +// + + +package at.gv.e_government.reference.namespace.persondata._20020228_; + +import java.util.ArrayList; +import java.util.List; +import javax.xml.bind.annotation.XmlAccessType; +import javax.xml.bind.annotation.XmlAccessorType; +import javax.xml.bind.annotation.XmlAnyElement; +import javax.xml.bind.annotation.XmlAttribute; +import javax.xml.bind.annotation.XmlElement; +import javax.xml.bind.annotation.XmlSchemaType; +import javax.xml.bind.annotation.XmlType; +import javax.xml.bind.annotation.adapters.CollapsedStringAdapter; +import javax.xml.bind.annotation.adapters.XmlJavaTypeAdapter; +import org.w3c.dom.Element; + + +/** + * physical person + * + * <p>Java class for PhysicalPersonType complex type. + * + * <p>The following schema fragment specifies the expected content contained within this class. + * + * <pre> + * <complexType name="PhysicalPersonType"> + * <complexContent> + * <extension base="{http://reference.e-government.gv.at/namespace/persondata/20020228#}AbstractPersonType"> + * <sequence minOccurs="0"> + * <element name="Name" type="{http://reference.e-government.gv.at/namespace/persondata/20020228#}PersonNameType" minOccurs="0"/> + * <element name="AlternativeName" maxOccurs="unbounded" minOccurs="0"> + * <complexType> + * <complexContent> + * <extension base="{http://reference.e-government.gv.at/namespace/persondata/20020228#}PersonNameType"> + * <attribute name="Type" type="{http://reference.e-government.gv.at/namespace/persondata/20020228#}AlternativeNameTypeType" /> + * </extension> + * </complexContent> + * </complexType> + * </element> + * <element name="MaritalStatus" type="{http://reference.e-government.gv.at/namespace/persondata/20020228#}MaritalStatusType" minOccurs="0"/> + * <element name="Sex" type="{http://reference.e-government.gv.at/namespace/persondata/20020228#}SexType" minOccurs="0"/> + * <element name="DateOfBirth" type="{http://reference.e-government.gv.at/namespace/persondata/20020228#}DateOfBirthType" minOccurs="0"/> + * <element name="PlaceOfBirth" type="{http://www.w3.org/2001/XMLSchema}token" minOccurs="0"/> + * <element name="CountryOfBirth" type="{http://www.w3.org/2001/XMLSchema}token" minOccurs="0"/> + * <element name="Nationality" type="{http://www.w3.org/2001/XMLSchema}token" maxOccurs="unbounded" minOccurs="0"/> + * <element name="Confession" type="{http://www.w3.org/2001/XMLSchema}token" minOccurs="0"/> + * <element name="relatedPerson" maxOccurs="unbounded" minOccurs="0"> + * <complexType> + * <complexContent> + * <restriction base="{http://www.w3.org/2001/XMLSchema}anyType"> + * <sequence> + * <element name="TypeOfRelation" type="{http://reference.e-government.gv.at/namespace/persondata/20020228#}RelationType" maxOccurs="unbounded"/> + * <element ref="{http://reference.e-government.gv.at/namespace/persondata/20020228#}Person"/> + * </sequence> + * </restriction> + * </complexContent> + * </complexType> + * </element> + * <any processContents='lax' namespace='##other' maxOccurs="unbounded" minOccurs="0"/> + * </sequence> + * <anyAttribute namespace='##other'/> + * </extension> + * </complexContent> + * </complexType> + * </pre> + * + * + */ +@XmlAccessorType(XmlAccessType.FIELD) +@XmlType(name = "PhysicalPersonType", propOrder = { + "name", + "alternativeName", + "maritalStatus", + "sex", + "dateOfBirth", + "placeOfBirth", + "countryOfBirth", + "nationality", + "confession", + "relatedPerson", + "any" +}) +public class PhysicalPersonType + extends AbstractPersonType +{ + + @XmlElement(name = "Name") + protected PersonNameType name; + @XmlElement(name = "AlternativeName") + protected List<PhysicalPersonType.AlternativeName> alternativeName; + @XmlElement(name = "MaritalStatus") + protected MaritalStatusType maritalStatus; + @XmlElement(name = "Sex") + protected SexType sex; + @XmlElement(name = "DateOfBirth") + protected String dateOfBirth; + @XmlElement(name = "PlaceOfBirth") + @XmlJavaTypeAdapter(CollapsedStringAdapter.class) + @XmlSchemaType(name = "token") + protected String placeOfBirth; + @XmlElement(name = "CountryOfBirth") + @XmlJavaTypeAdapter(CollapsedStringAdapter.class) + @XmlSchemaType(name = "token") + protected String countryOfBirth; + @XmlElement(name = "Nationality") + @XmlJavaTypeAdapter(CollapsedStringAdapter.class) + @XmlSchemaType(name = "token") + protected List<String> nationality; + @XmlElement(name = "Confession") + @XmlJavaTypeAdapter(CollapsedStringAdapter.class) + @XmlSchemaType(name = "token") + protected String confession; + protected List<PhysicalPersonType.RelatedPerson> relatedPerson; + @XmlAnyElement(lax = true) + protected List<Object> any; + + /** + * Gets the value of the name property. + * + * @return + * possible object is + * {@link PersonNameType } + * + */ + public PersonNameType getName() { + return name; + } + + /** + * Sets the value of the name property. + * + * @param value + * allowed object is + * {@link PersonNameType } + * + */ + public void setName(PersonNameType value) { + this.name = value; + } + + /** + * Gets the value of the alternativeName property. + * + * <p> + * This accessor method returns a reference to the live list, + * not a snapshot. Therefore any modification you make to the + * returned list will be present inside the JAXB object. + * This is why there is not a <CODE>set</CODE> method for the alternativeName property. + * + * <p> + * For example, to add a new item, do as follows: + * <pre> + * getAlternativeName().add(newItem); + * </pre> + * + * + * <p> + * Objects of the following type(s) are allowed in the list + * {@link PhysicalPersonType.AlternativeName } + * + * + */ + public List<PhysicalPersonType.AlternativeName> getAlternativeName() { + if (alternativeName == null) { + alternativeName = new ArrayList<PhysicalPersonType.AlternativeName>(); + } + return this.alternativeName; + } + + /** + * Gets the value of the maritalStatus property. + * + * @return + * possible object is + * {@link MaritalStatusType } + * + */ + public MaritalStatusType getMaritalStatus() { + return maritalStatus; + } + + /** + * Sets the value of the maritalStatus property. + * + * @param value + * allowed object is + * {@link MaritalStatusType } + * + */ + public void setMaritalStatus(MaritalStatusType value) { + this.maritalStatus = value; + } + + /** + * Gets the value of the sex property. + * + * @return + * possible object is + * {@link SexType } + * + */ + public SexType getSex() { + return sex; + } + + /** + * Sets the value of the sex property. + * + * @param value + * allowed object is + * {@link SexType } + * + */ + public void setSex(SexType value) { + this.sex = value; + } + + /** + * Gets the value of the dateOfBirth property. + * + * @return + * possible object is + * {@link String } + * + */ + public String getDateOfBirth() { + return dateOfBirth; + } + + /** + * Sets the value of the dateOfBirth property. + * + * @param value + * allowed object is + * {@link String } + * + */ + public void setDateOfBirth(String value) { + this.dateOfBirth = value; + } + + /** + * Gets the value of the placeOfBirth property. + * + * @return + * possible object is + * {@link String } + * + */ + public String getPlaceOfBirth() { + return placeOfBirth; + } + + /** + * Sets the value of the placeOfBirth property. + * + * @param value + * allowed object is + * {@link String } + * + */ + public void setPlaceOfBirth(String value) { + this.placeOfBirth = value; + } + + /** + * Gets the value of the countryOfBirth property. + * + * @return + * possible object is + * {@link String } + * + */ + public String getCountryOfBirth() { + return countryOfBirth; + } + + /** + * Sets the value of the countryOfBirth property. + * + * @param value + * allowed object is + * {@link String } + * + */ + public void setCountryOfBirth(String value) { + this.countryOfBirth = value; + } + + /** + * Gets the value of the nationality property. + * + * <p> + * This accessor method returns a reference to the live list, + * not a snapshot. Therefore any modification you make to the + * returned list will be present inside the JAXB object. + * This is why there is not a <CODE>set</CODE> method for the nationality property. + * + * <p> + * For example, to add a new item, do as follows: + * <pre> + * getNationality().add(newItem); + * </pre> + * + * + * <p> + * Objects of the following type(s) are allowed in the list + * {@link String } + * + * + */ + public List<String> getNationality() { + if (nationality == null) { + nationality = new ArrayList<String>(); + } + return this.nationality; + } + + /** + * Gets the value of the confession property. + * + * @return + * possible object is + * {@link String } + * + */ + public String getConfession() { + return confession; + } + + /** + * Sets the value of the confession property. + * + * @param value + * allowed object is + * {@link String } + * + */ + public void setConfession(String value) { + this.confession = value; + } + + /** + * Gets the value of the relatedPerson property. + * + * <p> + * This accessor method returns a reference to the live list, + * not a snapshot. Therefore any modification you make to the + * returned list will be present inside the JAXB object. + * This is why there is not a <CODE>set</CODE> method for the relatedPerson property. + * + * <p> + * For example, to add a new item, do as follows: + * <pre> + * getRelatedPerson().add(newItem); + * </pre> + * + * + * <p> + * Objects of the following type(s) are allowed in the list + * {@link PhysicalPersonType.RelatedPerson } + * + * + */ + public List<PhysicalPersonType.RelatedPerson> getRelatedPerson() { + if (relatedPerson == null) { + relatedPerson = new ArrayList<PhysicalPersonType.RelatedPerson>(); + } + return this.relatedPerson; + } + + /** + * Gets the value of the any property. + * + * <p> + * This accessor method returns a reference to the live list, + * not a snapshot. Therefore any modification you make to the + * returned list will be present inside the JAXB object. + * This is why there is not a <CODE>set</CODE> method for the any property. + * + * <p> + * For example, to add a new item, do as follows: + * <pre> + * getAny().add(newItem); + * </pre> + * + * + * <p> + * Objects of the following type(s) are allowed in the list + * {@link Element } + * {@link Object } + * + * + */ + public List<Object> getAny() { + if (any == null) { + any = new ArrayList<Object>(); + } + return this.any; + } + + + /** + * <p>Java class for anonymous complex type. + * + * <p>The following schema fragment specifies the expected content contained within this class. + * + * <pre> + * <complexType> + * <complexContent> + * <extension base="{http://reference.e-government.gv.at/namespace/persondata/20020228#}PersonNameType"> + * <attribute name="Type" type="{http://reference.e-government.gv.at/namespace/persondata/20020228#}AlternativeNameTypeType" /> + * </extension> + * </complexContent> + * </complexType> + * </pre> + * + * + */ + @XmlAccessorType(XmlAccessType.FIELD) + @XmlType(name = "") + public static class AlternativeName + extends PersonNameType + { + + @XmlAttribute(name = "Type") + protected String type; + + /** + * Gets the value of the type property. + * + * @return + * possible object is + * {@link String } + * + */ + public String getType() { + return type; + } + + /** + * Sets the value of the type property. + * + * @param value + * allowed object is + * {@link String } + * + */ + public void setType(String value) { + this.type = value; + } + + } + + + /** + * <p>Java class for anonymous complex type. + * + * <p>The following schema fragment specifies the expected content contained within this class. + * + * <pre> + * <complexType> + * <complexContent> + * <restriction base="{http://www.w3.org/2001/XMLSchema}anyType"> + * <sequence> + * <element name="TypeOfRelation" type="{http://reference.e-government.gv.at/namespace/persondata/20020228#}RelationType" maxOccurs="unbounded"/> + * <element ref="{http://reference.e-government.gv.at/namespace/persondata/20020228#}Person"/> + * </sequence> + * </restriction> + * </complexContent> + * </complexType> + * </pre> + * + * + */ + @XmlAccessorType(XmlAccessType.FIELD) + @XmlType(name = "", propOrder = { + "typeOfRelation", + "person" + }) + public static class RelatedPerson { + + @XmlElement(name = "TypeOfRelation", required = true) + protected List<String> typeOfRelation; + @XmlElement(name = "Person", required = true) + protected AbstractPersonType person; + + /** + * Gets the value of the typeOfRelation property. + * + * <p> + * This accessor method returns a reference to the live list, + * not a snapshot. Therefore any modification you make to the + * returned list will be present inside the JAXB object. + * This is why there is not a <CODE>set</CODE> method for the typeOfRelation property. + * + * <p> + * For example, to add a new item, do as follows: + * <pre> + * getTypeOfRelation().add(newItem); + * </pre> + * + * + * <p> + * Objects of the following type(s) are allowed in the list + * {@link String } + * + * + */ + public List<String> getTypeOfRelation() { + if (typeOfRelation == null) { + typeOfRelation = new ArrayList<String>(); + } + return this.typeOfRelation; + } + + /** + * Gets the value of the person property. + * + * @return + * possible object is + * {@link AbstractPersonType } + * + */ + public AbstractPersonType getPerson() { + return person; + } + + /** + * Sets the value of the person property. + * + * @param value + * allowed object is + * {@link AbstractPersonType } + * + */ + public void setPerson(AbstractPersonType value) { + this.person = value; + } + + } + +} diff --git a/id/server/idserverlib/src/main/java/at/gv/e_government/reference/namespace/persondata/_20020228_/PostalAddressType.java b/id/server/idserverlib/src/main/java/at/gv/e_government/reference/namespace/persondata/_20020228_/PostalAddressType.java new file mode 100644 index 000000000..4f6c80200 --- /dev/null +++ b/id/server/idserverlib/src/main/java/at/gv/e_government/reference/namespace/persondata/_20020228_/PostalAddressType.java @@ -0,0 +1,611 @@ +// +// This file was generated by the JavaTM Architecture for XML Binding(JAXB) Reference Implementation, vJAXB 2.1.10 in JDK 6 +// See <a href="http://java.sun.com/xml/jaxb">http://java.sun.com/xml/jaxb</a> +// Any modifications to this file will be lost upon recompilation of the source schema. +// Generated on: 2013.06.19 at 11:53:10 AM CEST +// + + +package at.gv.e_government.reference.namespace.persondata._20020228_; + +import java.util.ArrayList; +import java.util.List; +import javax.xml.bind.annotation.XmlAccessType; +import javax.xml.bind.annotation.XmlAccessorType; +import javax.xml.bind.annotation.XmlAttribute; +import javax.xml.bind.annotation.XmlElement; +import javax.xml.bind.annotation.XmlType; + + +/** + * <p>Java class for PostalAddressType complex type. + * + * <p>The following schema fragment specifies the expected content contained within this class. + * + * <pre> + * <complexType name="PostalAddressType"> + * <complexContent> + * <restriction base="{http://www.w3.org/2001/XMLSchema}anyType"> + * <sequence> + * <element name="CountryCode" minOccurs="0"> + * <simpleType> + * <restriction base="{http://www.w3.org/2001/XMLSchema}string"> + * <pattern value="[A-Z]{2}"/> + * </restriction> + * </simpleType> + * </element> + * <element name="PostalCode" type="{http://www.w3.org/2001/XMLSchema}string" minOccurs="0"/> + * <element name="Region" type="{http://www.w3.org/2001/XMLSchema}string" maxOccurs="unbounded" minOccurs="0"/> + * <element name="Municipality" type="{http://www.w3.org/2001/XMLSchema}string" minOccurs="0"/> + * <element name="DeliveryAddress" minOccurs="0"> + * <complexType> + * <complexContent> + * <restriction base="{http://www.w3.org/2001/XMLSchema}anyType"> + * <sequence> + * <element name="AddressLine" type="{http://www.w3.org/2001/XMLSchema}string" maxOccurs="unbounded" minOccurs="0"/> + * <element name="StreetName" type="{http://www.w3.org/2001/XMLSchema}string" minOccurs="0"/> + * <element name="BuildingNumber" type="{http://www.w3.org/2001/XMLSchema}string" minOccurs="0"/> + * <element name="Unit" type="{http://www.w3.org/2001/XMLSchema}string" minOccurs="0"/> + * <element name="PostOfficeBox" type="{http://www.w3.org/2001/XMLSchema}string" minOccurs="0"/> + * </sequence> + * </restriction> + * </complexContent> + * </complexType> + * </element> + * <element name="Recipient" maxOccurs="unbounded" minOccurs="0"> + * <complexType> + * <complexContent> + * <restriction base="{http://www.w3.org/2001/XMLSchema}anyType"> + * <sequence> + * <element name="PersonName" type="{http://reference.e-government.gv.at/namespace/persondata/20020228#}PersonNameType" minOccurs="0"/> + * <element name="AdditionalText" type="{http://www.w3.org/2001/XMLSchema}string" maxOccurs="unbounded" minOccurs="0"/> + * <element name="Organization" type="{http://www.w3.org/2001/XMLSchema}string" minOccurs="0"/> + * <element name="OrganizationName" type="{http://www.w3.org/2001/XMLSchema}string" minOccurs="0"/> + * </sequence> + * </restriction> + * </complexContent> + * </complexType> + * </element> + * </sequence> + * <attribute name="type" default="undefined"> + * <simpleType> + * <restriction base="{http://www.w3.org/2001/XMLSchema}string"> + * <enumeration value="postOfficeBoxAddress"/> + * <enumeration value="streetAddress"/> + * <enumeration value="militaryAddress"/> + * <enumeration value="undefined"/> + * </restriction> + * </simpleType> + * </attribute> + * </restriction> + * </complexContent> + * </complexType> + * </pre> + * + * + */ +@XmlAccessorType(XmlAccessType.FIELD) +@XmlType(name = "PostalAddressType", propOrder = { + "countryCode", + "postalCode", + "region", + "municipality", + "deliveryAddress", + "recipient" +}) +public class PostalAddressType { + + @XmlElement(name = "CountryCode") + protected String countryCode; + @XmlElement(name = "PostalCode") + protected String postalCode; + @XmlElement(name = "Region") + protected List<String> region; + @XmlElement(name = "Municipality") + protected String municipality; + @XmlElement(name = "DeliveryAddress") + protected PostalAddressType.DeliveryAddress deliveryAddress; + @XmlElement(name = "Recipient") + protected List<PostalAddressType.Recipient> recipient; + @XmlAttribute + protected String type; + + /** + * Gets the value of the countryCode property. + * + * @return + * possible object is + * {@link String } + * + */ + public String getCountryCode() { + return countryCode; + } + + /** + * Sets the value of the countryCode property. + * + * @param value + * allowed object is + * {@link String } + * + */ + public void setCountryCode(String value) { + this.countryCode = value; + } + + /** + * Gets the value of the postalCode property. + * + * @return + * possible object is + * {@link String } + * + */ + public String getPostalCode() { + return postalCode; + } + + /** + * Sets the value of the postalCode property. + * + * @param value + * allowed object is + * {@link String } + * + */ + public void setPostalCode(String value) { + this.postalCode = value; + } + + /** + * Gets the value of the region property. + * + * <p> + * This accessor method returns a reference to the live list, + * not a snapshot. Therefore any modification you make to the + * returned list will be present inside the JAXB object. + * This is why there is not a <CODE>set</CODE> method for the region property. + * + * <p> + * For example, to add a new item, do as follows: + * <pre> + * getRegion().add(newItem); + * </pre> + * + * + * <p> + * Objects of the following type(s) are allowed in the list + * {@link String } + * + * + */ + public List<String> getRegion() { + if (region == null) { + region = new ArrayList<String>(); + } + return this.region; + } + + /** + * Gets the value of the municipality property. + * + * @return + * possible object is + * {@link String } + * + */ + public String getMunicipality() { + return municipality; + } + + /** + * Sets the value of the municipality property. + * + * @param value + * allowed object is + * {@link String } + * + */ + public void setMunicipality(String value) { + this.municipality = value; + } + + /** + * Gets the value of the deliveryAddress property. + * + * @return + * possible object is + * {@link PostalAddressType.DeliveryAddress } + * + */ + public PostalAddressType.DeliveryAddress getDeliveryAddress() { + return deliveryAddress; + } + + /** + * Sets the value of the deliveryAddress property. + * + * @param value + * allowed object is + * {@link PostalAddressType.DeliveryAddress } + * + */ + public void setDeliveryAddress(PostalAddressType.DeliveryAddress value) { + this.deliveryAddress = value; + } + + /** + * Gets the value of the recipient property. + * + * <p> + * This accessor method returns a reference to the live list, + * not a snapshot. Therefore any modification you make to the + * returned list will be present inside the JAXB object. + * This is why there is not a <CODE>set</CODE> method for the recipient property. + * + * <p> + * For example, to add a new item, do as follows: + * <pre> + * getRecipient().add(newItem); + * </pre> + * + * + * <p> + * Objects of the following type(s) are allowed in the list + * {@link PostalAddressType.Recipient } + * + * + */ + public List<PostalAddressType.Recipient> getRecipient() { + if (recipient == null) { + recipient = new ArrayList<PostalAddressType.Recipient>(); + } + return this.recipient; + } + + /** + * Gets the value of the type property. + * + * @return + * possible object is + * {@link String } + * + */ + public String getType() { + if (type == null) { + return "undefined"; + } else { + return type; + } + } + + /** + * Sets the value of the type property. + * + * @param value + * allowed object is + * {@link String } + * + */ + public void setType(String value) { + this.type = value; + } + + + /** + * <p>Java class for anonymous complex type. + * + * <p>The following schema fragment specifies the expected content contained within this class. + * + * <pre> + * <complexType> + * <complexContent> + * <restriction base="{http://www.w3.org/2001/XMLSchema}anyType"> + * <sequence> + * <element name="AddressLine" type="{http://www.w3.org/2001/XMLSchema}string" maxOccurs="unbounded" minOccurs="0"/> + * <element name="StreetName" type="{http://www.w3.org/2001/XMLSchema}string" minOccurs="0"/> + * <element name="BuildingNumber" type="{http://www.w3.org/2001/XMLSchema}string" minOccurs="0"/> + * <element name="Unit" type="{http://www.w3.org/2001/XMLSchema}string" minOccurs="0"/> + * <element name="PostOfficeBox" type="{http://www.w3.org/2001/XMLSchema}string" minOccurs="0"/> + * </sequence> + * </restriction> + * </complexContent> + * </complexType> + * </pre> + * + * + */ + @XmlAccessorType(XmlAccessType.FIELD) + @XmlType(name = "", propOrder = { + "addressLine", + "streetName", + "buildingNumber", + "unit", + "postOfficeBox" + }) + public static class DeliveryAddress { + + @XmlElement(name = "AddressLine") + protected List<String> addressLine; + @XmlElement(name = "StreetName") + protected String streetName; + @XmlElement(name = "BuildingNumber") + protected String buildingNumber; + @XmlElement(name = "Unit") + protected String unit; + @XmlElement(name = "PostOfficeBox") + protected String postOfficeBox; + + /** + * Gets the value of the addressLine property. + * + * <p> + * This accessor method returns a reference to the live list, + * not a snapshot. Therefore any modification you make to the + * returned list will be present inside the JAXB object. + * This is why there is not a <CODE>set</CODE> method for the addressLine property. + * + * <p> + * For example, to add a new item, do as follows: + * <pre> + * getAddressLine().add(newItem); + * </pre> + * + * + * <p> + * Objects of the following type(s) are allowed in the list + * {@link String } + * + * + */ + public List<String> getAddressLine() { + if (addressLine == null) { + addressLine = new ArrayList<String>(); + } + return this.addressLine; + } + + /** + * Gets the value of the streetName property. + * + * @return + * possible object is + * {@link String } + * + */ + public String getStreetName() { + return streetName; + } + + /** + * Sets the value of the streetName property. + * + * @param value + * allowed object is + * {@link String } + * + */ + public void setStreetName(String value) { + this.streetName = value; + } + + /** + * Gets the value of the buildingNumber property. + * + * @return + * possible object is + * {@link String } + * + */ + public String getBuildingNumber() { + return buildingNumber; + } + + /** + * Sets the value of the buildingNumber property. + * + * @param value + * allowed object is + * {@link String } + * + */ + public void setBuildingNumber(String value) { + this.buildingNumber = value; + } + + /** + * Gets the value of the unit property. + * + * @return + * possible object is + * {@link String } + * + */ + public String getUnit() { + return unit; + } + + /** + * Sets the value of the unit property. + * + * @param value + * allowed object is + * {@link String } + * + */ + public void setUnit(String value) { + this.unit = value; + } + + /** + * Gets the value of the postOfficeBox property. + * + * @return + * possible object is + * {@link String } + * + */ + public String getPostOfficeBox() { + return postOfficeBox; + } + + /** + * Sets the value of the postOfficeBox property. + * + * @param value + * allowed object is + * {@link String } + * + */ + public void setPostOfficeBox(String value) { + this.postOfficeBox = value; + } + + } + + + /** + * <p>Java class for anonymous complex type. + * + * <p>The following schema fragment specifies the expected content contained within this class. + * + * <pre> + * <complexType> + * <complexContent> + * <restriction base="{http://www.w3.org/2001/XMLSchema}anyType"> + * <sequence> + * <element name="PersonName" type="{http://reference.e-government.gv.at/namespace/persondata/20020228#}PersonNameType" minOccurs="0"/> + * <element name="AdditionalText" type="{http://www.w3.org/2001/XMLSchema}string" maxOccurs="unbounded" minOccurs="0"/> + * <element name="Organization" type="{http://www.w3.org/2001/XMLSchema}string" minOccurs="0"/> + * <element name="OrganizationName" type="{http://www.w3.org/2001/XMLSchema}string" minOccurs="0"/> + * </sequence> + * </restriction> + * </complexContent> + * </complexType> + * </pre> + * + * + */ + @XmlAccessorType(XmlAccessType.FIELD) + @XmlType(name = "", propOrder = { + "personName", + "additionalText", + "organization", + "organizationName" + }) + public static class Recipient { + + @XmlElement(name = "PersonName") + protected PersonNameType personName; + @XmlElement(name = "AdditionalText") + protected List<String> additionalText; + @XmlElement(name = "Organization") + protected String organization; + @XmlElement(name = "OrganizationName") + protected String organizationName; + + /** + * Gets the value of the personName property. + * + * @return + * possible object is + * {@link PersonNameType } + * + */ + public PersonNameType getPersonName() { + return personName; + } + + /** + * Sets the value of the personName property. + * + * @param value + * allowed object is + * {@link PersonNameType } + * + */ + public void setPersonName(PersonNameType value) { + this.personName = value; + } + + /** + * Gets the value of the additionalText property. + * + * <p> + * This accessor method returns a reference to the live list, + * not a snapshot. Therefore any modification you make to the + * returned list will be present inside the JAXB object. + * This is why there is not a <CODE>set</CODE> method for the additionalText property. + * + * <p> + * For example, to add a new item, do as follows: + * <pre> + * getAdditionalText().add(newItem); + * </pre> + * + * + * <p> + * Objects of the following type(s) are allowed in the list + * {@link String } + * + * + */ + public List<String> getAdditionalText() { + if (additionalText == null) { + additionalText = new ArrayList<String>(); + } + return this.additionalText; + } + + /** + * Gets the value of the organization property. + * + * @return + * possible object is + * {@link String } + * + */ + public String getOrganization() { + return organization; + } + + /** + * Sets the value of the organization property. + * + * @param value + * allowed object is + * {@link String } + * + */ + public void setOrganization(String value) { + this.organization = value; + } + + /** + * Gets the value of the organizationName property. + * + * @return + * possible object is + * {@link String } + * + */ + public String getOrganizationName() { + return organizationName; + } + + /** + * Sets the value of the organizationName property. + * + * @param value + * allowed object is + * {@link String } + * + */ + public void setOrganizationName(String value) { + this.organizationName = value; + } + + } + +} diff --git a/id/server/idserverlib/src/main/java/at/gv/e_government/reference/namespace/persondata/_20020228_/SexType.java b/id/server/idserverlib/src/main/java/at/gv/e_government/reference/namespace/persondata/_20020228_/SexType.java new file mode 100644 index 000000000..7533e2fd4 --- /dev/null +++ b/id/server/idserverlib/src/main/java/at/gv/e_government/reference/namespace/persondata/_20020228_/SexType.java @@ -0,0 +1,61 @@ +// +// This file was generated by the JavaTM Architecture for XML Binding(JAXB) Reference Implementation, vJAXB 2.1.10 in JDK 6 +// See <a href="http://java.sun.com/xml/jaxb">http://java.sun.com/xml/jaxb</a> +// Any modifications to this file will be lost upon recompilation of the source schema. +// Generated on: 2013.06.19 at 11:53:10 AM CEST +// + + +package at.gv.e_government.reference.namespace.persondata._20020228_; + +import javax.xml.bind.annotation.XmlEnum; +import javax.xml.bind.annotation.XmlEnumValue; +import javax.xml.bind.annotation.XmlType; + + +/** + * <p>Java class for SexType. + * + * <p>The following schema fragment specifies the expected content contained within this class. + * <p> + * <pre> + * <simpleType name="SexType"> + * <restriction base="{http://www.w3.org/2001/XMLSchema}token"> + * <enumeration value="male"/> + * <enumeration value="female"/> + * <enumeration value="unknown"/> + * </restriction> + * </simpleType> + * </pre> + * + */ +@XmlType(name = "SexType") +@XmlEnum +public enum SexType { + + @XmlEnumValue("male") + MALE("male"), + @XmlEnumValue("female") + FEMALE("female"), + @XmlEnumValue("unknown") + UNKNOWN("unknown"); + private final String value; + + SexType(String v) { + value = v; + } + + public String value() { + return value; + } + + public static SexType fromValue(String v) { + for (SexType c: SexType.values()) { + if (c.value.equals(v)) { + return c; + } + } + throw new IllegalArgumentException(v); + } + +} diff --git a/id/server/idserverlib/src/main/java/at/gv/e_government/reference/namespace/persondata/_20020228_/TelcomNumberListType.java b/id/server/idserverlib/src/main/java/at/gv/e_government/reference/namespace/persondata/_20020228_/TelcomNumberListType.java new file mode 100644 index 000000000..55db75831 --- /dev/null +++ b/id/server/idserverlib/src/main/java/at/gv/e_government/reference/namespace/persondata/_20020228_/TelcomNumberListType.java @@ -0,0 +1,181 @@ +// +// This file was generated by the JavaTM Architecture for XML Binding(JAXB) Reference Implementation, vJAXB 2.1.10 in JDK 6 +// See <a href="http://java.sun.com/xml/jaxb">http://java.sun.com/xml/jaxb</a> +// Any modifications to this file will be lost upon recompilation of the source schema. +// Generated on: 2013.06.19 at 11:53:10 AM CEST +// + + +package at.gv.e_government.reference.namespace.persondata._20020228_; + +import javax.xml.bind.annotation.XmlAccessType; +import javax.xml.bind.annotation.XmlAccessorType; +import javax.xml.bind.annotation.XmlElement; +import javax.xml.bind.annotation.XmlType; + + +/** + * <p>Java class for TelcomNumberListType complex type. + * + * <p>The following schema fragment specifies the expected content contained within this class. + * + * <pre> + * <complexType name="TelcomNumberListType"> + * <complexContent> + * <restriction base="{http://www.w3.org/2001/XMLSchema}anyType"> + * <sequence> + * <element ref="{http://reference.e-government.gv.at/namespace/persondata/20020228#}Telephone" minOccurs="0"/> + * <element ref="{http://reference.e-government.gv.at/namespace/persondata/20020228#}Mobile" minOccurs="0"/> + * <element ref="{http://reference.e-government.gv.at/namespace/persondata/20020228#}Fax" minOccurs="0"/> + * <element ref="{http://reference.e-government.gv.at/namespace/persondata/20020228#}Pager" minOccurs="0"/> + * <element ref="{http://reference.e-government.gv.at/namespace/persondata/20020228#}TTYTDD" minOccurs="0"/> + * </sequence> + * </restriction> + * </complexContent> + * </complexType> + * </pre> + * + * + */ +@XmlAccessorType(XmlAccessType.FIELD) +@XmlType(name = "TelcomNumberListType", propOrder = { + "telephone", + "mobile", + "fax", + "pager", + "ttytdd" +}) +public class TelcomNumberListType { + + @XmlElement(name = "Telephone") + protected TelcomNumberType telephone; + @XmlElement(name = "Mobile") + protected MobileTelcomNumberType mobile; + @XmlElement(name = "Fax") + protected TelcomNumberType fax; + @XmlElement(name = "Pager") + protected TelcomNumberType pager; + @XmlElement(name = "TTYTDD") + protected TelcomNumberType ttytdd; + + /** + * Gets the value of the telephone property. + * + * @return + * possible object is + * {@link TelcomNumberType } + * + */ + public TelcomNumberType getTelephone() { + return telephone; + } + + /** + * Sets the value of the telephone property. + * + * @param value + * allowed object is + * {@link TelcomNumberType } + * + */ + public void setTelephone(TelcomNumberType value) { + this.telephone = value; + } + + /** + * Gets the value of the mobile property. + * + * @return + * possible object is + * {@link MobileTelcomNumberType } + * + */ + public MobileTelcomNumberType getMobile() { + return mobile; + } + + /** + * Sets the value of the mobile property. + * + * @param value + * allowed object is + * {@link MobileTelcomNumberType } + * + */ + public void setMobile(MobileTelcomNumberType value) { + this.mobile = value; + } + + /** + * Gets the value of the fax property. + * + * @return + * possible object is + * {@link TelcomNumberType } + * + */ + public TelcomNumberType getFax() { + return fax; + } + + /** + * Sets the value of the fax property. + * + * @param value + * allowed object is + * {@link TelcomNumberType } + * + */ + public void setFax(TelcomNumberType value) { + this.fax = value; + } + + /** + * Gets the value of the pager property. + * + * @return + * possible object is + * {@link TelcomNumberType } + * + */ + public TelcomNumberType getPager() { + return pager; + } + + /** + * Sets the value of the pager property. + * + * @param value + * allowed object is + * {@link TelcomNumberType } + * + */ + public void setPager(TelcomNumberType value) { + this.pager = value; + } + + /** + * Gets the value of the ttytdd property. + * + * @return + * possible object is + * {@link TelcomNumberType } + * + */ + public TelcomNumberType getTTYTDD() { + return ttytdd; + } + + /** + * Sets the value of the ttytdd property. + * + * @param value + * allowed object is + * {@link TelcomNumberType } + * + */ + public void setTTYTDD(TelcomNumberType value) { + this.ttytdd = value; + } + +} diff --git a/id/server/idserverlib/src/main/java/at/gv/e_government/reference/namespace/persondata/_20020228_/TelcomNumberType.java b/id/server/idserverlib/src/main/java/at/gv/e_government/reference/namespace/persondata/_20020228_/TelcomNumberType.java new file mode 100644 index 000000000..dfff3a208 --- /dev/null +++ b/id/server/idserverlib/src/main/java/at/gv/e_government/reference/namespace/persondata/_20020228_/TelcomNumberType.java @@ -0,0 +1,209 @@ +// +// This file was generated by the JavaTM Architecture for XML Binding(JAXB) Reference Implementation, vJAXB 2.1.10 in JDK 6 +// See <a href="http://java.sun.com/xml/jaxb">http://java.sun.com/xml/jaxb</a> +// Any modifications to this file will be lost upon recompilation of the source schema. +// Generated on: 2013.06.19 at 11:53:10 AM CEST +// + + +package at.gv.e_government.reference.namespace.persondata._20020228_; + +import javax.xml.bind.annotation.XmlAccessType; +import javax.xml.bind.annotation.XmlAccessorType; +import javax.xml.bind.annotation.XmlElement; +import javax.xml.bind.annotation.XmlSeeAlso; +import javax.xml.bind.annotation.XmlType; + + +/** + * <p>Java class for TelcomNumberType complex type. + * + * <p>The following schema fragment specifies the expected content contained within this class. + * + * <pre> + * <complexType name="TelcomNumberType"> + * <complexContent> + * <restriction base="{http://www.w3.org/2001/XMLSchema}anyType"> + * <choice> + * <element ref="{http://reference.e-government.gv.at/namespace/persondata/20020228#}FormattedNumber"/> + * <group ref="{http://reference.e-government.gv.at/namespace/persondata/20020228#}TelcomNumberGroup"/> + * </choice> + * </restriction> + * </complexContent> + * </complexType> + * </pre> + * + * + */ +@XmlAccessorType(XmlAccessType.FIELD) +@XmlType(name = "TelcomNumberType", propOrder = { + "formattedNumber", + "internationalCountryCode", + "nationalNumber", + "areaCityCode", + "subscriberNumber", + "extension" +}) +@XmlSeeAlso({ + MobileTelcomNumberType.class +}) +public class TelcomNumberType { + + @XmlElement(name = "FormattedNumber") + protected String formattedNumber; + @XmlElement(name = "InternationalCountryCode") + protected String internationalCountryCode; + @XmlElement(name = "NationalNumber") + protected String nationalNumber; + @XmlElement(name = "AreaCityCode") + protected String areaCityCode; + @XmlElement(name = "SubscriberNumber") + protected String subscriberNumber; + @XmlElement(name = "Extension") + protected String extension; + + /** + * Gets the value of the formattedNumber property. + * + * @return + * possible object is + * {@link String } + * + */ + public String getFormattedNumber() { + return formattedNumber; + } + + /** + * Sets the value of the formattedNumber property. + * + * @param value + * allowed object is + * {@link String } + * + */ + public void setFormattedNumber(String value) { + this.formattedNumber = value; + } + + /** + * Gets the value of the internationalCountryCode property. + * + * @return + * possible object is + * {@link String } + * + */ + public String getInternationalCountryCode() { + return internationalCountryCode; + } + + /** + * Sets the value of the internationalCountryCode property. + * + * @param value + * allowed object is + * {@link String } + * + */ + public void setInternationalCountryCode(String value) { + this.internationalCountryCode = value; + } + + /** + * Gets the value of the nationalNumber property. + * + * @return + * possible object is + * {@link String } + * + */ + public String getNationalNumber() { + return nationalNumber; + } + + /** + * Sets the value of the nationalNumber property. + * + * @param value + * allowed object is + * {@link String } + * + */ + public void setNationalNumber(String value) { + this.nationalNumber = value; + } + + /** + * Gets the value of the areaCityCode property. + * + * @return + * possible object is + * {@link String } + * + */ + public String getAreaCityCode() { + return areaCityCode; + } + + /** + * Sets the value of the areaCityCode property. + * + * @param value + * allowed object is + * {@link String } + * + */ + public void setAreaCityCode(String value) { + this.areaCityCode = value; + } + + /** + * Gets the value of the subscriberNumber property. + * + * @return + * possible object is + * {@link String } + * + */ + public String getSubscriberNumber() { + return subscriberNumber; + } + + /** + * Sets the value of the subscriberNumber property. + * + * @param value + * allowed object is + * {@link String } + * + */ + public void setSubscriberNumber(String value) { + this.subscriberNumber = value; + } + + /** + * Gets the value of the extension property. + * + * @return + * possible object is + * {@link String } + * + */ + public String getExtension() { + return extension; + } + + /** + * Sets the value of the extension property. + * + * @param value + * allowed object is + * {@link String } + * + */ + public void setExtension(String value) { + this.extension = value; + } + +} diff --git a/id/server/idserverlib/src/main/java/at/gv/e_government/reference/namespace/persondata/_20020228_/TelephoneAddressType.java b/id/server/idserverlib/src/main/java/at/gv/e_government/reference/namespace/persondata/_20020228_/TelephoneAddressType.java new file mode 100644 index 000000000..ae87ba6ce --- /dev/null +++ b/id/server/idserverlib/src/main/java/at/gv/e_government/reference/namespace/persondata/_20020228_/TelephoneAddressType.java @@ -0,0 +1,147 @@ +// +// This file was generated by the JavaTM Architecture for XML Binding(JAXB) Reference Implementation, vJAXB 2.1.10 in JDK 6 +// See <a href="http://java.sun.com/xml/jaxb">http://java.sun.com/xml/jaxb</a> +// Any modifications to this file will be lost upon recompilation of the source schema. +// Generated on: 2013.06.19 at 11:53:10 AM CEST +// + + +package at.gv.e_government.reference.namespace.persondata._20020228_; + +import java.util.ArrayList; +import java.util.List; +import javax.xml.bind.annotation.XmlAccessType; +import javax.xml.bind.annotation.XmlAccessorType; +import javax.xml.bind.annotation.XmlAnyElement; +import javax.xml.bind.annotation.XmlElement; +import javax.xml.bind.annotation.XmlSchemaType; +import javax.xml.bind.annotation.XmlType; +import org.w3c.dom.Element; + + +/** + * phone numbers + * + * <p>Java class for TelephoneAddressType complex type. + * + * <p>The following schema fragment specifies the expected content contained within this class. + * + * <pre> + * <complexType name="TelephoneAddressType"> + * <complexContent> + * <extension base="{http://reference.e-government.gv.at/namespace/persondata/20020228#}AbstractAddressType"> + * <sequence minOccurs="0"> + * <element name="Type" type="{http://www.w3.org/2001/XMLSchema}anyURI" maxOccurs="unbounded" minOccurs="0"/> + * <element name="Number" type="{http://reference.e-government.gv.at/namespace/persondata/20020228#}TelcomNumberType"/> + * <any processContents='lax' namespace='##other' maxOccurs="unbounded" minOccurs="0"/> + * </sequence> + * <anyAttribute namespace='##other'/> + * </extension> + * </complexContent> + * </complexType> + * </pre> + * + * + */ +@XmlAccessorType(XmlAccessType.FIELD) +@XmlType(name = "TelephoneAddressType", propOrder = { + "type", + "number", + "any" +}) +public class TelephoneAddressType + extends AbstractAddressType +{ + + @XmlElement(name = "Type") + @XmlSchemaType(name = "anyURI") + protected List<String> type; + @XmlElement(name = "Number") + protected TelcomNumberType number; + @XmlAnyElement(lax = true) + protected List<Object> any; + + /** + * Gets the value of the type property. + * + * <p> + * This accessor method returns a reference to the live list, + * not a snapshot. Therefore any modification you make to the + * returned list will be present inside the JAXB object. + * This is why there is not a <CODE>set</CODE> method for the type property. + * + * <p> + * For example, to add a new item, do as follows: + * <pre> + * getType().add(newItem); + * </pre> + * + * + * <p> + * Objects of the following type(s) are allowed in the list + * {@link String } + * + * + */ + public List<String> getType() { + if (type == null) { + type = new ArrayList<String>(); + } + return this.type; + } + + /** + * Gets the value of the number property. + * + * @return + * possible object is + * {@link TelcomNumberType } + * + */ + public TelcomNumberType getNumber() { + return number; + } + + /** + * Sets the value of the number property. + * + * @param value + * allowed object is + * {@link TelcomNumberType } + * + */ + public void setNumber(TelcomNumberType value) { + this.number = value; + } + + /** + * Gets the value of the any property. + * + * <p> + * This accessor method returns a reference to the live list, + * not a snapshot. Therefore any modification you make to the + * returned list will be present inside the JAXB object. + * This is why there is not a <CODE>set</CODE> method for the any property. + * + * <p> + * For example, to add a new item, do as follows: + * <pre> + * getAny().add(newItem); + * </pre> + * + * + * <p> + * Objects of the following type(s) are allowed in the list + * {@link Element } + * {@link Object } + * + * + */ + public List<Object> getAny() { + if (any == null) { + any = new ArrayList<Object>(); + } + return this.any; + } + +} diff --git a/id/server/idserverlib/src/main/java/at/gv/e_government/reference/namespace/persondata/_20020228_/TypedPostalAddressType.java b/id/server/idserverlib/src/main/java/at/gv/e_government/reference/namespace/persondata/_20020228_/TypedPostalAddressType.java new file mode 100644 index 000000000..4838c4cc7 --- /dev/null +++ b/id/server/idserverlib/src/main/java/at/gv/e_government/reference/namespace/persondata/_20020228_/TypedPostalAddressType.java @@ -0,0 +1,142 @@ +// +// This file was generated by the JavaTM Architecture for XML Binding(JAXB) Reference Implementation, vJAXB 2.1.10 in JDK 6 +// See <a href="http://java.sun.com/xml/jaxb">http://java.sun.com/xml/jaxb</a> +// Any modifications to this file will be lost upon recompilation of the source schema. +// Generated on: 2013.06.19 at 11:53:10 AM CEST +// + + +package at.gv.e_government.reference.namespace.persondata._20020228_; + +import java.util.ArrayList; +import java.util.List; +import javax.xml.bind.annotation.XmlAccessType; +import javax.xml.bind.annotation.XmlAccessorType; +import javax.xml.bind.annotation.XmlAnyElement; +import javax.xml.bind.annotation.XmlElement; +import javax.xml.bind.annotation.XmlSchemaType; +import javax.xml.bind.annotation.XmlType; +import org.w3c.dom.Element; + + +/** + * postal address + * + * <p>Java class for TypedPostalAddressType complex type. + * + * <p>The following schema fragment specifies the expected content contained within this class. + * + * <pre> + * <complexType name="TypedPostalAddressType"> + * <complexContent> + * <extension base="{http://reference.e-government.gv.at/namespace/persondata/20020228#}AbstractAddressType"> + * <sequence minOccurs="0"> + * <element name="Type" type="{http://www.w3.org/2001/XMLSchema}anyURI" minOccurs="0"/> + * <element ref="{http://reference.e-government.gv.at/namespace/persondata/20020228#}PostalAddress"/> + * <any processContents='lax' namespace='##other' maxOccurs="unbounded" minOccurs="0"/> + * </sequence> + * <anyAttribute namespace='##other'/> + * </extension> + * </complexContent> + * </complexType> + * </pre> + * + * + */ +@XmlAccessorType(XmlAccessType.FIELD) +@XmlType(name = "TypedPostalAddressType", propOrder = { + "type", + "postalAddress", + "any" +}) +public class TypedPostalAddressType + extends AbstractAddressType +{ + + @XmlElement(name = "Type") + @XmlSchemaType(name = "anyURI") + protected String type; + @XmlElement(name = "PostalAddress") + protected PostalAddressType postalAddress; + @XmlAnyElement(lax = true) + protected List<Object> any; + + /** + * Gets the value of the type property. + * + * @return + * possible object is + * {@link String } + * + */ + public String getType() { + return type; + } + + /** + * Sets the value of the type property. + * + * @param value + * allowed object is + * {@link String } + * + */ + public void setType(String value) { + this.type = value; + } + + /** + * Gets the value of the postalAddress property. + * + * @return + * possible object is + * {@link PostalAddressType } + * + */ + public PostalAddressType getPostalAddress() { + return postalAddress; + } + + /** + * Sets the value of the postalAddress property. + * + * @param value + * allowed object is + * {@link PostalAddressType } + * + */ + public void setPostalAddress(PostalAddressType value) { + this.postalAddress = value; + } + + /** + * Gets the value of the any property. + * + * <p> + * This accessor method returns a reference to the live list, + * not a snapshot. Therefore any modification you make to the + * returned list will be present inside the JAXB object. + * This is why there is not a <CODE>set</CODE> method for the any property. + * + * <p> + * For example, to add a new item, do as follows: + * <pre> + * getAny().add(newItem); + * </pre> + * + * + * <p> + * Objects of the following type(s) are allowed in the list + * {@link Element } + * {@link Object } + * + * + */ + public List<Object> getAny() { + if (any == null) { + any = new ArrayList<Object>(); + } + return this.any; + } + +} diff --git a/id/server/idserverlib/src/main/java/at/gv/e_government/reference/namespace/persondata/_20020228_/package-info.java b/id/server/idserverlib/src/main/java/at/gv/e_government/reference/namespace/persondata/_20020228_/package-info.java new file mode 100644 index 000000000..c866662d1 --- /dev/null +++ b/id/server/idserverlib/src/main/java/at/gv/e_government/reference/namespace/persondata/_20020228_/package-info.java @@ -0,0 +1,9 @@ +// +// This file was generated by the JavaTM Architecture for XML Binding(JAXB) Reference Implementation, vJAXB 2.1.10 in JDK 6 +// See <a href="http://java.sun.com/xml/jaxb">http://java.sun.com/xml/jaxb</a> +// Any modifications to this file will be lost upon recompilation of the source schema. +// Generated on: 2013.06.19 at 11:53:10 AM CEST +// + +@javax.xml.bind.annotation.XmlSchema(namespace = "http://reference.e-government.gv.at/namespace/persondata/20020228#", elementFormDefault = javax.xml.bind.annotation.XmlNsForm.QUALIFIED) +package at.gv.e_government.reference.namespace.persondata._20020228_; diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/AuthenticationServer.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/AuthenticationServer.java index d783c74d9..89adbce3f 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/AuthenticationServer.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/AuthenticationServer.java @@ -23,17 +23,19 @@ package at.gv.egovernment.moa.id.auth; +import iaik.asn1.ObjectID; import iaik.pki.PKIException; +import iaik.x509.CertificateFactory; import iaik.x509.X509Certificate; +import iaik.x509.X509ExtensionInitException; import java.io.ByteArrayInputStream; -import java.io.File; import java.io.IOException; import java.io.InputStream; import java.security.GeneralSecurityException; import java.security.Principal; import java.security.cert.CertificateException; -import java.security.cert.CertificateFactory; +//import java.security.cert.CertificateFactory; import java.util.ArrayList; import java.util.Calendar; import java.util.Date; @@ -57,6 +59,7 @@ import org.opensaml.xml.util.Base64; import org.opensaml.xml.util.XMLHelper; import org.w3c.dom.Document; import org.w3c.dom.Element; +import org.w3c.dom.Node; import org.w3c.dom.NodeList; import org.xml.sax.SAXException; @@ -66,7 +69,6 @@ import at.gv.egovernment.moa.id.MOAIDException; import at.gv.egovernment.moa.id.ParseException; import at.gv.egovernment.moa.id.ServiceException; import at.gv.egovernment.moa.id.auth.builder.AuthenticationBlockAssertionBuilder; -import at.gv.egovernment.moa.id.auth.builder.AuthenticationDataAssertionBuilder; import at.gv.egovernment.moa.id.auth.builder.BPKBuilder; import at.gv.egovernment.moa.id.auth.builder.CertInfoVerifyXMLSignatureRequestBuilder; import at.gv.egovernment.moa.id.auth.builder.CreateXMLSignatureRequestBuilder; @@ -75,7 +77,6 @@ import at.gv.egovernment.moa.id.auth.builder.GetIdentityLinkFormBuilder; import at.gv.egovernment.moa.id.auth.builder.InfoboxReadRequestBuilder; import at.gv.egovernment.moa.id.auth.builder.InfoboxValidatorParamsBuilder; import at.gv.egovernment.moa.id.auth.builder.PersonDataBuilder; -import at.gv.egovernment.moa.id.auth.builder.SAMLArtifactBuilder; import at.gv.egovernment.moa.id.auth.builder.SelectBKUFormBuilder; import at.gv.egovernment.moa.id.auth.builder.VerifyXMLSignatureRequestBuilder; import at.gv.egovernment.moa.id.auth.data.AuthenticationSession; @@ -89,13 +90,13 @@ import at.gv.egovernment.moa.id.auth.data.VerifyXMLSignatureResponse; import at.gv.egovernment.moa.id.auth.invoke.SignatureVerificationInvoker; import at.gv.egovernment.moa.id.auth.parser.CreateXMLSignatureResponseParser; import at.gv.egovernment.moa.id.auth.parser.ExtendedInfoboxReadResponseParser; +import at.gv.egovernment.moa.id.auth.parser.IdentityLinkAssertionParser; import at.gv.egovernment.moa.id.auth.parser.InfoboxReadResponseParser; import at.gv.egovernment.moa.id.auth.parser.SAMLArtifactParser; import at.gv.egovernment.moa.id.auth.parser.VerifyXMLSignatureResponseParser; import at.gv.egovernment.moa.id.auth.servlet.AuthServlet; import at.gv.egovernment.moa.id.auth.servlet.PEPSConnectorServlet; import at.gv.egovernment.moa.id.auth.stork.STORKAuthnRequestProcessor; -import at.gv.egovernment.moa.id.auth.stork.STORKException; import at.gv.egovernment.moa.id.auth.validator.CreateXMLSignatureResponseValidator; import at.gv.egovernment.moa.id.auth.validator.IdentityLinkValidator; import at.gv.egovernment.moa.id.auth.validator.InfoboxValidator; @@ -107,6 +108,8 @@ import at.gv.egovernment.moa.id.auth.validator.parep.client.szrgw.CreateIdentity import at.gv.egovernment.moa.id.auth.validator.parep.client.szrgw.SZRGWClient; import at.gv.egovernment.moa.id.auth.validator.parep.client.szrgw.SZRGWClientException; import at.gv.egovernment.moa.id.auth.validator.parep.client.szrgw.SZRGWConstants; +import at.gv.egovernment.moa.id.commons.db.dao.config.IdentificationNumber; +import at.gv.egovernment.moa.id.commons.db.ex.MOADatabaseException; import at.gv.egovernment.moa.id.config.ConfigurationException; import at.gv.egovernment.moa.id.config.ConfigurationProvider; import at.gv.egovernment.moa.id.config.ConnectionParameter; @@ -117,6 +120,9 @@ import at.gv.egovernment.moa.id.config.auth.VerifyInfoboxParameters; import at.gv.egovernment.moa.id.config.stork.CPEPS; import at.gv.egovernment.moa.id.config.stork.STORKConfig; import at.gv.egovernment.moa.id.data.AuthenticationData; +import at.gv.egovernment.moa.id.moduls.IRequest; +import at.gv.egovernment.moa.id.storage.AssertionStorage; +import at.gv.egovernment.moa.id.storage.AuthenticationSessionStoreage; import at.gv.egovernment.moa.id.util.HTTPUtils; import at.gv.egovernment.moa.id.util.MOAIDMessageProvider; import at.gv.egovernment.moa.id.util.Random; @@ -130,7 +136,9 @@ import at.gv.egovernment.moa.util.Constants; import at.gv.egovernment.moa.util.DOMUtils; import at.gv.egovernment.moa.util.DateTimeUtils; import at.gv.egovernment.moa.util.FileUtils; +import at.gv.egovernment.moa.util.MiscUtil; import at.gv.egovernment.moa.util.StringUtils; +import at.gv.egovernment.moa.util.XPathUtils; import eu.stork.mw.messages.saml.STORKAuthnRequest; import eu.stork.vidp.messages.builder.STORKMessagesBuilder; import eu.stork.vidp.messages.common.STORKConstants; @@ -154,18 +162,18 @@ public class AuthenticationServer implements MOAIDAuthConstants { /** single instance */ private static AuthenticationServer instance; /** session data store (session ID -> AuthenticationSession) */ - private static Map sessionStore = new HashMap(); - /** authentication data store (assertion handle -> AuthenticationData) */ - private static Map authenticationDataStore = new HashMap(); + //private static Map sessionStore = new HashMap(); + /** * time out in milliseconds used by {@link cleanup} for session store */ - private long sessionTimeOut = 10 * 60 * 1000; // default 10 minutes + private long sessionTimeOutCreated = 15 * 60 * 1000; // default 10 minutes + private long sessionTimeOutUpdated = 10 * 60 * 1000; // default 10 minutes /** * time out in milliseconds used by {@link cleanup} for authentication data * store */ - private long authDataTimeOut = 2 * 60 * 1000; // default 2 minutes + private long authDataTimeOut = 2 * 60 * 1000; // default 2 minutes /** * Returns the single instance of <code>AuthenticationServer</code>. @@ -185,132 +193,144 @@ public class AuthenticationServer implements MOAIDAuthConstants { super(); } - /** - * Processes request to select a BKU. <br/> - * Processing depends on value of - * {@link AuthConfigurationProvider#getBKUSelectionType}. <br/> - * For <code>bkuSelectionType==HTMLComplete</code>, a <code>returnURI</code> - * for the "BKU Auswahl" service is returned. <br/> - * For <code>bkuSelectionType==HTMLSelect</code>, an HTML form for BKU - * selection is returned. - * - * @param authURL - * base URL of MOA-ID Auth component - * @param target - * "Geschäftsbereich" - * @param oaURL - * online application URL requested - * @param bkuSelectionTemplateURL - * template for BKU selection form to be used in case of - * <code>HTMLSelect</code>; may be null - * @param templateURL - * URL providing an HTML template for the HTML form to be used - * for call <code>startAuthentication</code> - * @return for <code>bkuSelectionType==HTMLComplete</code>, the - * <code>returnURI</code> for the "BKU Auswahl" service; for - * <code>bkuSelectionType==HTMLSelect</code>, an HTML form for BKU - * selection - * @throws WrongParametersException - * upon missing parameters - * @throws AuthenticationException - * when the configured BKU selection service cannot be reached, - * and when the given bkuSelectionTemplateURL cannot be reached - * @throws ConfigurationException - * on missing configuration data - * @throws BuildException - * while building the HTML form - */ - public String selectBKU(String authURL, String target, String oaURL, - String bkuSelectionTemplateURL, String templateURL) - throws WrongParametersException, AuthenticationException, - ConfigurationException, BuildException { - - // check if HTTP Connection may be allowed (through - // FRONTEND_SERVLETS_ENABLE_HTTP_CONNECTION_PROPERTY) - String boolStr = AuthConfigurationProvider - .getInstance() - .getGenericConfigurationParameter( - AuthConfigurationProvider.FRONTEND_SERVLETS_ENABLE_HTTP_CONNECTION_PROPERTY); - if ((!authURL.startsWith("https:")) - && (false == BoolUtils.valueOf(boolStr))) - throw new AuthenticationException("auth.07", new Object[] { authURL - + "*" }); - if (isEmpty(authURL)) - throw new WrongParametersException("StartAuthentication", - "AuthURL", "auth.05"); - if (isEmpty(oaURL)) - throw new WrongParametersException("StartAuthentication", PARAM_OA, - "auth.05"); - - ConnectionParameter bkuConnParam = AuthConfigurationProvider - .getInstance().getBKUConnectionParameter(); - if (bkuConnParam == null) - throw new ConfigurationException("config.08", - new Object[] { "BKUSelection/ConnectionParameter" }); - OAAuthParameter oaParam = AuthConfigurationProvider.getInstance() - .getOnlineApplicationParameter(oaURL); - if (oaParam == null) - throw new AuthenticationException("auth.00", new Object[] { oaURL }); - - if (!oaParam.getBusinessService()) { - if (isEmpty(target)) - throw new WrongParametersException("StartAuthentication", - PARAM_TARGET, "auth.05"); - } else { - if (!isEmpty(target)) { - Logger - .info("Ignoring target parameter thus application type is \"businessService\""); - } - target = null; - } - - AuthenticationSession session = newSession(); - Logger.info("MOASession " + session.getSessionID() + " angelegt"); - session.setTarget(target); - session.setOAURLRequested(oaURL); - session.setPublicOAURLPrefix(oaParam.getPublicURLPrefix()); - session.setAuthURL(authURL); - session.setTemplateURL(templateURL); - session.setBusinessService(oaParam.getBusinessService()); - String returnURL = new DataURLBuilder().buildDataURL(authURL, - REQ_START_AUTHENTICATION, session.getSessionID()); - String bkuSelectionType = AuthConfigurationProvider.getInstance() - .getBKUSelectionType(); - if (bkuSelectionType - .equals(AuthConfigurationProvider.BKU_SELECTION_TYPE_HTMLCOMPLETE)) { - // bkuSelectionType==HTMLComplete - String redirectURL = bkuConnParam.getUrl() + "?" - + AuthServlet.PARAM_RETURN + "=" + returnURL; - return redirectURL; - } else { - // bkuSelectionType==HTMLSelect - String bkuSelectTag; - try { - bkuSelectTag = readBKUSelectTag(AuthConfigurationProvider - .getInstance(), bkuConnParam); - } catch (Throwable ex) { - throw new AuthenticationException("auth.11", new Object[] { - bkuConnParam.getUrl(), ex.toString() }, ex); - } - String bkuSelectionTemplate = null; - // override template url by url from configuration file - if (oaParam.getBkuSelectionTemplateURL() != null) { - bkuSelectionTemplateURL = oaParam.getBkuSelectionTemplateURL(); - } - if (bkuSelectionTemplateURL != null) { - try { - bkuSelectionTemplate = new String(FileUtils - .readURL(bkuSelectionTemplateURL)); - } catch (IOException ex) { - throw new AuthenticationException("auth.03", new Object[] { - bkuSelectionTemplateURL, ex.toString() }, ex); - } - } - String htmlForm = new SelectBKUFormBuilder().build( - bkuSelectionTemplate, returnURL, bkuSelectTag); - return htmlForm; - } - } +// /** +// * Processes request to select a BKU. <br/> +// * Processing depends on value of +// * {@link AuthConfigurationProvider#getBKUSelectionType}. <br/> +// * For <code>bkuSelectionType==HTMLComplete</code>, a <code>returnURI</code> +// * for the "BKU Auswahl" service is returned. <br/> +// * For <code>bkuSelectionType==HTMLSelect</code>, an HTML form for BKU +// * selection is returned. +// * +// * @param authURL +// * base URL of MOA-ID Auth component +// * @param target +// * "Geschäftsbereich" +// * @param oaURL +// * online application URL requested +// * @param bkuSelectionTemplateURL +// * template for BKU selection form to be used in case of +// * <code>HTMLSelect</code>; may be null +// * @param templateURL +// * URL providing an HTML template for the HTML form to be used +// * for call <code>startAuthentication</code> +// * @return for <code>bkuSelectionType==HTMLComplete</code>, the +// * <code>returnURI</code> for the "BKU Auswahl" service; for +// * <code>bkuSelectionType==HTMLSelect</code>, an HTML form for BKU +// * selection +// * @throws WrongParametersException +// * upon missing parameters +// * @throws AuthenticationException +// * when the configured BKU selection service cannot be reached, +// * and when the given bkuSelectionTemplateURL cannot be reached +// * @throws ConfigurationException +// * on missing configuration data +// * @throws BuildException +// * while building the HTML form +// */ +// public String selectBKU(String authURL, String target, String oaURL, +// String bkuSelectionTemplateURL, String templateURL) +// throws WrongParametersException, AuthenticationException, +// ConfigurationException, BuildException { +// +// // check if HTTP Connection may be allowed (through +// // FRONTEND_SERVLETS_ENABLE_HTTP_CONNECTION_PROPERTY) +// String boolStr = AuthConfigurationProvider +// .getInstance() +// .getGenericConfigurationParameter( +// AuthConfigurationProvider.FRONTEND_SERVLETS_ENABLE_HTTP_CONNECTION_PROPERTY); +// if ((!authURL.startsWith("https:")) +// && (false == BoolUtils.valueOf(boolStr))) +// throw new AuthenticationException("auth.07", new Object[] { authURL +// + "*" }); +// if (isEmpty(authURL)) +// throw new WrongParametersException("StartAuthentication", +// "AuthURL", "auth.05"); +// if (isEmpty(oaURL)) +// throw new WrongParametersException("StartAuthentication", PARAM_OA, +// "auth.05"); +// +// ConnectionParameter bkuConnParam = AuthConfigurationProvider +// .getInstance().getBKUConnectionParameter(); +// if (bkuConnParam == null) +// throw new ConfigurationException("config.08", +// new Object[] { "BKUSelection/ConnectionParameter" }); +// OAAuthParameter oaParam = AuthConfigurationProvider.getInstance() +// .getOnlineApplicationParameter(oaURL); +// if (oaParam == null) +// throw new AuthenticationException("auth.00", new Object[] { oaURL }); +// +// if (!oaParam.getBusinessService()) { +// if (isEmpty(target)) +// throw new WrongParametersException("StartAuthentication", +// PARAM_TARGET, "auth.05"); +// } else { +// if (!isEmpty(target)) { +// Logger +// .info("Ignoring target parameter thus application type is \"businessService\""); +// } +// target = null; +// } +// +// AuthenticationSession session = newSession(); +// Logger.info("MOASession " + session.getSessionID() + " angelegt"); +// session.setTarget(target); +// session.setOAURLRequested(oaURL); +// session.setPublicOAURLPrefix(oaParam.getPublicURLPrefix()); +// session.setAuthURL(authURL); +// session.setTemplateURL(templateURL); +// session.setBusinessService(oaParam.getBusinessService()); +// +// try { +// AuthenticationSessionStoreage.storeSession(session); +// +// } catch (MOADatabaseException e) { +// throw new AuthenticationException("", null); +// } +// +// String returnURL = new DataURLBuilder().buildDataURL(authURL, +// REQ_START_AUTHENTICATION, session.getSessionID()); +// String bkuSelectionType = AuthConfigurationProvider.getInstance() +// .getBKUSelectionType(); +// if (bkuSelectionType +// .equals(AuthConfigurationProvider.BKU_SELECTION_TYPE_HTMLCOMPLETE)) { +// // bkuSelectionType==HTMLComplete +// String redirectURL = bkuConnParam.getUrl() + "?" +// + AuthServlet.PARAM_RETURN + "=" + returnURL; +// return redirectURL; +// } else { +// // bkuSelectionType==HTMLSelect +// String bkuSelectTag; +// try { +// bkuSelectTag = readBKUSelectTag(AuthConfigurationProvider +// .getInstance(), bkuConnParam); +// } catch (Throwable ex) { +// throw new AuthenticationException("auth.11", new Object[] { +// bkuConnParam.getUrl(), ex.toString() }, ex); +// } +// String bkuSelectionTemplate = null; +// +// //removed in MOAID 2.0 +// // override template url by url from configuration file +//// if (oaParam.getBkuSelectionTemplateURL() != null) { +//// bkuSelectionTemplateURL = oaParam.getBkuSelectionTemplateURL(); +//// } +// +//// if (bkuSelectionTemplateURL != null) { +//// try { +//// bkuSelectionTemplate = new String(FileUtils +//// .readURL(bkuSelectionTemplateURL)); +//// } catch (IOException ex) { +//// throw new AuthenticationException("auth.03", new Object[] { +//// bkuSelectionTemplateURL, ex.toString() }, ex); +//// } +//// } +// +// String htmlForm = new SelectBKUFormBuilder().build( +// bkuSelectionTemplate, returnURL, bkuSelectTag); +// return htmlForm; +// } +// } /** * Method readBKUSelectTag. @@ -382,131 +402,78 @@ public class AuthenticationServer implements MOAIDAuthConstants { * @see GetIdentityLinkFormBuilder * @see InfoboxReadRequestBuilder */ - public String startAuthentication(String authURL, String target, - String targetFriendlyName, String oaURL, String templateURL, - String bkuURL, String useMandate, String sessionID, String scheme, - String sourceID) throws WrongParametersException, + public String startAuthentication(AuthenticationSession session, String scheme) throws WrongParametersException, AuthenticationException, ConfigurationException, BuildException { - String useMandateString = null; - boolean useMandateBoolean = false; - if ((useMandate != null) && (useMandate.compareTo("") != 0)) { - useMandateString = useMandate; - } else { - useMandateString = "false"; + if (session == null) { + throw new AuthenticationException("auth.18", new Object[] { }); } - - if (useMandateString.compareToIgnoreCase("true") == 0) - useMandateBoolean = true; - else - useMandateBoolean = false; - - if (isEmpty(sessionID)) { - if (isEmpty(authURL)) - throw new WrongParametersException("StartAuthentication", - "AuthURL", "auth.05"); - - // check if HTTP Connection may be allowed (through - // FRONTEND_SERVLETS_ENABLE_HTTP_CONNECTION_PROPERTY) - String boolStr = AuthConfigurationProvider - .getInstance() - .getGenericConfigurationParameter( - AuthConfigurationProvider.FRONTEND_SERVLETS_ENABLE_HTTP_CONNECTION_PROPERTY); - if ((!authURL.startsWith("https:")) - && (false == BoolUtils.valueOf(boolStr))) - throw new AuthenticationException("auth.07", - new Object[] { authURL + "*" }); - if (isEmpty(oaURL)) - throw new WrongParametersException("StartAuthentication", - PARAM_OA, "auth.05"); - } - AuthenticationSession session; - OAAuthParameter oaParam; - if (sessionID != null) { - session = getSession(sessionID); - oaParam = AuthConfigurationProvider.getInstance() - .getOnlineApplicationParameter( - session.getPublicOAURLPrefix()); - } else { - oaParam = AuthConfigurationProvider.getInstance() - .getOnlineApplicationParameter(oaURL); - if (oaParam == null) - throw new AuthenticationException("auth.00", - new Object[] { oaURL }); - if (!oaParam.getBusinessService()) { - if (isEmpty(target)) - throw new WrongParametersException("StartAuthentication", - PARAM_TARGET, "auth.05"); - } else { - if (useMandateBoolean) { - Logger - .error("Online-Mandate Mode for bussines application not supported."); - throw new AuthenticationException("auth.17", null); - } - target = null; - targetFriendlyName = null; + + //load OnlineApplication configuration + OAAuthParameter oaParam = + AuthConfigurationProvider.getInstance().getOnlineApplicationParameter(session.getPublicOAURLPrefix()); + if (oaParam == null) + throw new AuthenticationException("auth.00", new Object[] { session.getPublicOAURLPrefix() }); + + //load Template + String template = null; + if (session.getTemplateURL() != null) { + try { + template = new String(FileUtils.readURL(session.getTemplateURL())); + } catch (IOException ex) { + throw new AuthenticationException("auth.03", new Object[] { + session.getTemplateURL(), ex.toString() }, ex); } - session = newSession(); - Logger.info("MOASession " + session.getSessionID() + " angelegt"); - session.setTarget(target); - session.setTargetFriendlyName(targetFriendlyName); - session.setOAURLRequested(oaURL); - session.setPublicOAURLPrefix(oaParam.getPublicURLPrefix()); - session.setAuthURL(authURL); - session.setTemplateURL(templateURL); - session.setBusinessService(oaParam.getBusinessService()); - if (sourceID != null) - session.setSourceID(sourceID); } - // BKU URL has not been set yet, even if session already exists - if (bkuURL == null) { - if (scheme != null && scheme.equalsIgnoreCase("https")) { - bkuURL = DEFAULT_BKU_HTTPS; - } else { - bkuURL = DEFAULT_BKU; + + String infoboxReadRequest = ""; + + if (session.isSsoRequested()) { + //load identityLink with SSO Target + boolean isbuisness = false; + String domainIdentifier = ""; + IdentificationNumber ssobusiness = AuthConfigurationProvider.getInstance().getSSOBusinessService(); + if (ssobusiness != null) { + isbuisness = true; + domainIdentifier = ssobusiness.getValue(); } - } - session.setBkuURL(bkuURL); - session.setDomainIdentifier(oaParam.getIdentityLinkDomainIdentifier()); - session.setUseMandate(useMandateString); - String infoboxReadRequest = new InfoboxReadRequestBuilder().build( - oaParam.getSlVersion12(), oaParam.getBusinessService(), oaParam + + //build ReadInfobox request + infoboxReadRequest = new InfoboxReadRequestBuilder().build( + oaParam.isSlVersion12(), isbuisness, domainIdentifier); + + } else { + //build ReadInfobox request + infoboxReadRequest = new InfoboxReadRequestBuilder().build( + oaParam.isSlVersion12(), oaParam.getBusinessService(), oaParam .getIdentityLinkDomainIdentifier()); + } + String dataURL = new DataURLBuilder().buildDataURL( session.getAuthURL(), REQ_VERIFY_IDENTITY_LINK, session .getSessionID()); - String template = null; - // override template url by url from configuration file - if (oaParam.getTemplateURL() != null) { - templateURL = oaParam.getTemplateURL(); - } else { - templateURL = session.getTemplateURL(); - } - if (templateURL != null) { - try { - template = new String(FileUtils.readURL(templateURL)); - } catch (IOException ex) { - throw new AuthenticationException("auth.03", new Object[] { - templateURL, ex.toString() }, ex); - } - } - + + //removed in MOAID 2.0 String pushInfobox = ""; - VerifyInfoboxParameters verifyInfoboxParameters = oaParam - .getVerifyInfoboxParameters(); - if (verifyInfoboxParameters != null) { - pushInfobox = verifyInfoboxParameters.getPushInfobox(); - session.setPushInfobox(pushInfobox); - } +// VerifyInfoboxParameters verifyInfoboxParameters = oaParam +// .getVerifyInfoboxParameters(); +// if (verifyInfoboxParameters != null) { +// pushInfobox = verifyInfoboxParameters.getPushInfobox(); +// session.setPushInfobox(pushInfobox); +// } + + //build CertInfo request String certInfoRequest = new CertInfoVerifyXMLSignatureRequestBuilder() - .build(oaParam.getSlVersion12()); + .build(oaParam.isSlVersion12()); String certInfoDataURL = new DataURLBuilder() .buildDataURL(session.getAuthURL(), REQ_START_AUTHENTICATION, session.getSessionID()); + String htmlForm = new GetIdentityLinkFormBuilder().build(template, - bkuURL, infoboxReadRequest, dataURL, certInfoRequest, + session.getBkuURL(), infoboxReadRequest, dataURL, certInfoRequest, certInfoDataURL, pushInfobox); + return htmlForm; } @@ -535,12 +502,12 @@ public class AuthenticationServer implements MOAIDAuthConstants { * @return String representation of the * <code><CreateXMLSignatureRequest></code> */ - public String verifyIdentityLink(String sessionID, + public String verifyIdentityLink(AuthenticationSession session, Map infoboxReadResponseParameters) throws AuthenticationException, BuildException, ParseException, ConfigurationException, ValidateException, ServiceException { - if (isEmpty(sessionID)) + if (session == null) throw new AuthenticationException("auth.10", new Object[] { REQ_VERIFY_IDENTITY_LINK, PARAM_SESSIONID }); @@ -553,10 +520,11 @@ public class AuthenticationServer implements MOAIDAuthConstants { throw new AuthenticationException("auth.10", new Object[] { REQ_VERIFY_IDENTITY_LINK, PARAM_XMLRESPONSE }); - AuthenticationSession session = getSession(sessionID); - if (session.getTimestampIdentityLink() != null) - throw new AuthenticationException("auth.01", - new Object[] { sessionID }); +// AuthenticationSession session = getSession(sessionID); +// if (session.getTimestampIdentityLink() != null) +// throw new AuthenticationException("auth.01", +// new Object[] { sessionID }); + session.setTimestampIdentityLink(); AuthConfigurationProvider authConf = AuthConfigurationProvider .getInstance(); @@ -639,11 +607,15 @@ public class AuthenticationServer implements MOAIDAuthConstants { session.setIdentityLink(identityLink); // now validate the extended infoboxes - verifyInfoboxes(session, infoboxReadResponseParameters, !oaParam - .getProvideStammzahl()); + + //TODO: check correctness +// verifyInfoboxes(session, infoboxReadResponseParameters, !oaParam +// .getProvideStammzahl()); + verifyInfoboxes(session, infoboxReadResponseParameters, false); - return getCreateXMLSignatureRequestAuthBlockOrRedirect(session, - authConf, oaParam); + + //TODO: make it better!! + return "found!"; } /** @@ -671,31 +643,40 @@ public class AuthenticationServer implements MOAIDAuthConstants { * @return String representation of the * <code><CreateXMLSignatureRequest></code> */ - public String verifyCertificate(String sessionID, + public String verifyCertificate(AuthenticationSession session, X509Certificate certificate) throws AuthenticationException, BuildException, ParseException, ConfigurationException, - ValidateException, ServiceException { + ValidateException, ServiceException, MOAIDException{ - if (isEmpty(sessionID)) + if (session == null) throw new AuthenticationException("auth.10", new Object[] { REQ_VERIFY_CERTIFICATE, PARAM_SESSIONID }); // check if person is a Organwalter // if true - don't show bPK in AUTH Block - boolean isOW = false; -// String oid = null; -// if (oid.equalsIgnoreCase(MISMandate.OID_ORGANWALTER)) -// isOW = true; -// - AuthenticationSession session = getSession(sessionID); + try { + for (ObjectID OWid : MOAIDAuthConstants.OW_LIST) { + if (certificate.getExtension(OWid) != null) { + session.setOW(true); + } + + } + + } catch (X509ExtensionInitException e) { + Logger.warn("Certificate extension is not readable."); + session.setOW(false); + } + AuthConfigurationProvider authConf = AuthConfigurationProvider .getInstance(); OAAuthParameter oaParam = AuthConfigurationProvider.getInstance() .getOnlineApplicationParameter(session.getPublicOAURLPrefix()); - return getCreateXMLSignatureRequestAuthBlockOrRedirectForOW(session, - authConf, oaParam, isOW); + String returnvalue = getCreateXMLSignatureRequestAuthBlockOrRedirect(session, + authConf, oaParam); + + return returnvalue; } /** @@ -717,22 +698,15 @@ public class AuthenticationServer implements MOAIDAuthConstants { * @return String representation of the * <code><CreateXMLSignatureRequest></code> */ - public void verifyMandate(String sessionID, MISMandate mandate) + public void verifyMandate(AuthenticationSession session, MISMandate mandate) throws AuthenticationException, BuildException, ParseException, ConfigurationException, ValidateException, ServiceException { - if (isEmpty(sessionID)) + if (session == null) throw new AuthenticationException("auth.10", new Object[] { GET_MIS_SESSIONID, PARAM_SESSIONID }); - String sMandate = new String(mandate.getMandate()); - if (sMandate == null | sMandate.compareToIgnoreCase("") == 0) { - Logger.error("Mandate is empty."); - throw new AuthenticationException("auth.16", - new Object[] { GET_MIS_SESSIONID }); - } - - AuthenticationSession session = getSession(sessionID); + //AuthenticationSession session = getSession(sessionID); OAAuthParameter oaParam = AuthConfigurationProvider.getInstance() .getOnlineApplicationParameter(session.getPublicOAURLPrefix()); @@ -740,6 +714,10 @@ public class AuthenticationServer implements MOAIDAuthConstants { // sets the extended SAML attributes for OID (Organwalter) setExtendedSAMLAttributeForMandatesOID(session, mandate, oaParam .getBusinessService()); + + validateExtendedSAMLAttributeForMandates(session, mandate, oaParam.getBusinessService()); + + } catch (SAXException e) { throw new AuthenticationException("auth.16", new Object[] { GET_MIS_SESSIONID }, e); @@ -753,27 +731,7 @@ public class AuthenticationServer implements MOAIDAuthConstants { throw new AuthenticationException("auth.16", new Object[] { GET_MIS_SESSIONID }, e); } - - if (oaParam.getProvideFullMandatorData()) { - try { - // set extended SAML attributes if provideMandatorData is true - setExtendedSAMLAttributeForMandates(session, mandate, oaParam - .getBusinessService(), oaParam.getProvideStammzahl()); - } catch (SAXException e) { - throw new AuthenticationException("auth.16", - new Object[] { GET_MIS_SESSIONID }, e); - } catch (IOException e) { - throw new AuthenticationException("auth.16", - new Object[] { GET_MIS_SESSIONID }, e); - } catch (ParserConfigurationException e) { - throw new AuthenticationException("auth.16", - new Object[] { GET_MIS_SESSIONID }, e); - } catch (TransformerException e) { - throw new AuthenticationException("auth.16", - new Object[] { GET_MIS_SESSIONID }, e); - } - } - + } /** @@ -802,17 +760,19 @@ public class AuthenticationServer implements MOAIDAuthConstants { .getOnlineApplicationParameter( session.getPublicOAURLPrefix()); + //TODO: CHECK!! is moved to buildAuthenticationBlock to hold the baseID in identitylink // if (!fromMandate) { // BZ.., calculate bPK for signing to be already present in AuthBlock - IdentityLink identityLink = session.getIdentityLink(); - if (identityLink.getIdentificationType().equals( - Constants.URN_PREFIX_BASEID)) { - // only compute bPK if online application is a public service and we - // have the Stammzahl - String bpkBase64 = new BPKBuilder().buildBPK(identityLink - .getIdentificationValue(), session.getTarget()); - identityLink.setIdentificationValue(bpkBase64); - } +// IdentityLink identityLink = session.getIdentityLink(); +// if (identityLink.getIdentificationType().equals( +// Constants.URN_PREFIX_BASEID)) { +// // only compute bPK if online application is a public service and we +// // have the Stammzahl +// String bpkBase64 = new BPKBuilder().buildBPK(identityLink +// .getIdentificationValue(), session.getTarget()); +// identityLink.setIdentificationValue(bpkBase64); +// identityLink.setIdentificationType(Constants.URN_PREFIX_CDID + "+" + session.getTarget()); +// } // ..BZ // } @@ -821,81 +781,88 @@ public class AuthenticationServer implements MOAIDAuthConstants { // session.setAuthBlock(authBlock); // builds the <CreateXMLSignatureRequest> - String[] transformsInfos = oaParam.getTransformsInfos(); - if ((transformsInfos == null) || (transformsInfos.length == 0)) { + List<String> transformsInfos = oaParam.getTransformsInfos(); + if ((transformsInfos == null) || (transformsInfos.size() == 0)) { // no OA specific transforms specified, use default ones transformsInfos = authConf.getTransformsInfos(); } String createXMLSignatureRequest = new CreateXMLSignatureRequestBuilder() .build(authBlock, oaParam.getKeyBoxIdentifier(), - transformsInfos, oaParam.getSlVersion12()); + transformsInfos, oaParam.isSlVersion12()); return createXMLSignatureRequest; } - /** - * - * @param session - * @param authConf - * @param oaParam - * @return - * @throws ConfigurationException - * @throws BuildException - * @throws ValidateException - */ - public String getCreateXMLSignatureRequestAuthBlockOrRedirectForOW( - AuthenticationSession session, AuthConfigurationProvider authConf, - OAAuthParameter oaParam, boolean isOW) throws ConfigurationException, - BuildException, ValidateException { - - // check for intermediate processing of the infoboxes - if (session.isValidatorInputPending()) - return "Redirect to Input Processor"; - - if (authConf == null) - authConf = AuthConfigurationProvider.getInstance(); - if (oaParam == null) - oaParam = AuthConfigurationProvider.getInstance() - .getOnlineApplicationParameter( - session.getPublicOAURLPrefix()); - - // BZ.., calculate bPK for signing to be already present in AuthBlock - IdentityLink identityLink = session.getIdentityLink(); - if (identityLink.getIdentificationType().equals( - Constants.URN_PREFIX_BASEID)) { - // only compute bPK if online application is a public service and we - // have the Stammzahl - if (isOW) { - // if person is OW, delete identification value (bPK is calculated via MIS) - identityLink.setIdentificationValue(null); - identityLink.setIdentificationType(null); - } - else { - String bpkBase64 = new BPKBuilder().buildBPK(identityLink - .getIdentificationValue(), session.getTarget()); - identityLink.setIdentificationValue(bpkBase64); - } - } - // ..BZ - // } - - // builds the AUTH-block - String authBlock = buildAuthenticationBlockForOW(session, oaParam, isOW); - - // session.setAuthBlock(authBlock); - // builds the <CreateXMLSignatureRequest> - String[] transformsInfos = oaParam.getTransformsInfos(); - if ((transformsInfos == null) || (transformsInfos.length == 0)) { - // no OA specific transforms specified, use default ones - transformsInfos = authConf.getTransformsInfos(); - } - String createXMLSignatureRequest = new CreateXMLSignatureRequestBuilder() - .build(authBlock, oaParam.getKeyBoxIdentifier(), - transformsInfos, oaParam.getSlVersion12()); - - System.out.println("XML: " + createXMLSignatureRequest); - - return createXMLSignatureRequest; - } +// /** +// * +// * @param session +// * @param authConf +// * @param oaParam +// * @return +// * @throws ConfigurationException +// * @throws BuildException +// * @throws ValidateException +// */ +// public String getCreateXMLSignatureRequestAuthBlockOrRedirectForOW( +// AuthenticationSession session, AuthConfigurationProvider authConf, +// OAAuthParameter oaParam, boolean isOW) throws ConfigurationException, +// BuildException, ValidateException { +// +// // check for intermediate processing of the infoboxes +// if (session.isValidatorInputPending()) +// return "Redirect to Input Processor"; +// +// if (authConf == null) +// authConf = AuthConfigurationProvider.getInstance(); +// if (oaParam == null) +// oaParam = AuthConfigurationProvider.getInstance() +// .getOnlineApplicationParameter( +// session.getPublicOAURLPrefix()); +// +// // BZ.., calculate bPK for signing to be already present in AuthBlock +// IdentityLink identityLink = session.getIdentityLink(); +// if (identityLink.getIdentificationType().equals( +// Constants.URN_PREFIX_BASEID)) { +// +// // only compute bPK if online application is a public service and we +// // have the Stammzahl +//// if (isOW) { +//// // if person is OW, delete identification value (bPK is calculated via MIS) +//// identityLink.setIdentificationValue(null); +//// identityLink.setIdentificationType(null); +//// } +//// else { +// +// //TODO: check correctness!!! bpk calcultion is done during Assertion generation +//// String bpkBase64 = new BPKBuilder().buildBPK(identityLink +//// .getIdentificationValue(), session.getTarget()); +//// identityLink.setIdentificationValue(bpkBase64); +//// +//// //TODO: insert correct Type!!!! +//// identityLink.setIdentificationType(Constants.URN_PREFIX_CDID + "+" + session.getTarget()); +//// } +// +// } +// // ..BZ +// // } +// +// // builds the AUTH-block +// String authBlock = buildAuthenticationBlockForOW(session, oaParam, isOW); +// +// // session.setAuthBlock(authBlock); +// // builds the <CreateXMLSignatureRequest> +// List<String> transformsInfos = oaParam.getTransformsInfos(); +// if ((transformsInfos == null) || (transformsInfos.size() == 0)) { +// // no OA specific transforms specified, use default ones +// transformsInfos = authConf.getTransformsInfos(); +// } +// String createXMLSignatureRequest = new CreateXMLSignatureRequestBuilder() +// .build(authBlock, oaParam.getKeyBoxIdentifier(), +// transformsInfos, oaParam.isSlVersion12()); +// +// System.out.println("XML: " + createXMLSignatureRequest); +// +// return createXMLSignatureRequest; +// } /** * Returns an CreateXMLSignatureRequest for signing the ERnP statement.<br> * <ul> @@ -909,16 +876,16 @@ public class AuthenticationServer implements MOAIDAuthConstants { * @return String representation of the * <code><CreateXMLSignatureRequest></code> */ - public String createXMLSignatureRequestForeignID(String sessionID, + public String createXMLSignatureRequestForeignID(AuthenticationSession session, X509Certificate cert) throws AuthenticationException, BuildException, ParseException, ConfigurationException, ValidateException, ServiceException { - if (isEmpty(sessionID)) + if (session == null) throw new AuthenticationException("auth.10", new Object[] { REQ_VERIFY_CERTIFICATE, PARAM_SESSIONID }); - AuthenticationSession session = getSession(sessionID); +// AuthenticationSession session = getSession(sessionID); AuthConfigurationProvider authConf = AuthConfigurationProvider .getInstance(); @@ -926,6 +893,8 @@ public class AuthenticationServer implements MOAIDAuthConstants { OAAuthParameter oaParam = AuthConfigurationProvider.getInstance() .getOnlineApplicationParameter(session.getPublicOAURLPrefix()); + //session.setSignerCertificate(cert); + return getCreateXMLSignatureRequestForeigID(session, authConf, oaParam, cert); } @@ -986,7 +955,7 @@ public class AuthenticationServer implements MOAIDAuthConstants { throw new AuthenticationException("auth.10", new Object[] { REQ_GET_FOREIGN_ID, PARAM_XMLRESPONSE }); - AuthenticationSession session = getSession(sessionID); + //AuthenticationSession session = getSession(sessionID); /* * if (session.getTimestampIdentityLink() != null) throw new * AuthenticationException("auth.01", new Object[] { sessionID }); @@ -1077,85 +1046,148 @@ public class AuthenticationServer implements MOAIDAuthConstants { */ private String buildAuthenticationBlock(AuthenticationSession session, OAAuthParameter oaParam) throws BuildException { + IdentityLink identityLink = session.getIdentityLink(); String issuer = identityLink.getName(); String gebDat = identityLink.getDateOfBirth(); - String identificationValue = identityLink.getIdentificationValue(); - String identificationType = identityLink.getIdentificationType(); - - String issueInstant = DateTimeUtils.buildDateTime(Calendar - .getInstance(), oaParam.getUseUTC()); - session.setIssueInstant(issueInstant); - String authURL = session.getAuthURL(); - String target = session.getTarget(); - String targetFriendlyName = session.getTargetFriendlyName(); - // Bug #485 - // (https://egovlabs.gv.at/tracker/index.php?func=detail&aid=485&group_id=6&atid=105) - // String oaURL = session.getPublicOAURLPrefix(); - String oaURL = session.getPublicOAURLPrefix().replaceAll("&", "&"); - List extendedSAMLAttributes = session.getExtendedSAMLAttributesAUTH(); - String authBlock = new AuthenticationBlockAssertionBuilder() - .buildAuthBlock(issuer, issueInstant, authURL, target, - targetFriendlyName, identificationValue, - identificationType, oaURL, gebDat, - extendedSAMLAttributes, session); - return authBlock; - } - - /** - * Builds an authentication block <code><saml:Assertion></code> from - * given session data. - * - * @param session - * authentication session - * - * @return <code><saml:Assertion></code> as a String - * - * @throws BuildException - * If an error occurs on serializing an extended SAML attribute - * to be appended to the AUTH-Block. - */ - private String buildAuthenticationBlockForOW(AuthenticationSession session, - OAAuthParameter oaParam, boolean isOW) throws BuildException { - IdentityLink identityLink = session.getIdentityLink(); - String issuer = identityLink.getName(); - String gebDat = identityLink.getDateOfBirth(); - String identificationValue = identityLink.getIdentificationValue(); - String identificationType = identityLink.getIdentificationType(); + String identificationValue = null; + String identificationType = null; + + if (identityLink.getIdentificationType().equals( + Constants.URN_PREFIX_BASEID)) { + // only compute bPK if online application is a public service and we + // have the Stammzahl + + + if (session.isSsoRequested()) { + identificationType = ""; + identificationValue = ""; + + } else { + String bpkBase64 = new BPKBuilder().buildBPK(identityLink + .getIdentificationValue(), session.getTarget()); + identificationValue = bpkBase64; + identificationType = Constants.URN_PREFIX_CDID + "+" + session.getTarget(); + } + +// identityLink.setIdentificationValue(bpkBase64); +// identityLink.setIdentificationType(Constants.URN_PREFIX_CDID + "+" + session.getTarget()); + + } else { + identificationValue = identityLink.getIdentificationValue(); + identificationType = identityLink.getIdentificationType(); + + } + //set empty AuthBlock BPK in case of OW + if (session.isOW()) { + identificationType = ""; + identificationValue = ""; + } + String issueInstant = DateTimeUtils.buildDateTime(Calendar .getInstance(), oaParam.getUseUTC()); session.setIssueInstant(issueInstant); String authURL = session.getAuthURL(); String target = session.getTarget(); String targetFriendlyName = session.getTargetFriendlyName(); + // Bug #485 // (https://egovlabs.gv.at/tracker/index.php?func=detail&aid=485&group_id=6&atid=105) // String oaURL = session.getPublicOAURLPrefix(); - String oaURL = session.getPublicOAURLPrefix().replaceAll("&", "&"); + List extendedSAMLAttributes = session.getExtendedSAMLAttributesAUTH(); - Iterator it = extendedSAMLAttributes.iterator(); - // delete bPK attribute from extended SAML attributes - if (isOW) { - ExtendedSAMLAttribute toDelete = null; - while (it.hasNext()) { - ExtendedSAMLAttribute attr = (ExtendedSAMLAttribute)it.next(); - if (attr.getName().equalsIgnoreCase("bPK")) - toDelete = attr; - } - if (toDelete != null) - extendedSAMLAttributes.remove(toDelete); - } - String authBlock = new AuthenticationBlockAssertionBuilder() + + if (session.isSsoRequested()) { + String oaURL =new String(); + try { + oaURL = AuthConfigurationProvider.getInstance().getSSOPublicUrl(); + + if (MiscUtil.isNotEmpty(oaURL)) + oaURL = oaURL.replaceAll("&", "&"); + + } catch (ConfigurationException e) { + } + String authBlock = new AuthenticationBlockAssertionBuilder() + .buildAuthBlockSSO(issuer, issueInstant, authURL, target, + targetFriendlyName, identificationValue, + identificationType, oaURL, gebDat, + extendedSAMLAttributes, session, oaParam); + return authBlock; + + } else { + String oaURL = session.getPublicOAURLPrefix().replaceAll("&", "&"); + String authBlock = new AuthenticationBlockAssertionBuilder() .buildAuthBlock(issuer, issueInstant, authURL, target, targetFriendlyName, identificationValue, identificationType, oaURL, gebDat, - extendedSAMLAttributes, session); + extendedSAMLAttributes, session, oaParam); + return authBlock; + } + - return authBlock; + + + } + +// /** +// * Builds an authentication block <code><saml:Assertion></code> from +// * given session data. +// * +// * @param session +// * authentication session +// * +// * @return <code><saml:Assertion></code> as a String +// * +// * @throws BuildException +// * If an error occurs on serializing an extended SAML attribute +// * to be appended to the AUTH-Block. +// */ +// private String buildAuthenticationBlockForOW(AuthenticationSession session, +// OAAuthParameter oaParam, boolean isOW) throws BuildException { +// IdentityLink identityLink = session.getIdentityLink(); +// String issuer = identityLink.getName(); +// String gebDat = identityLink.getDateOfBirth(); +// String identificationValue = identityLink.getIdentificationValue(); +// String identificationType = identityLink.getIdentificationType(); +// +// String issueInstant = DateTimeUtils.buildDateTime(Calendar +// .getInstance(), oaParam.getUseUTC()); +// session.setIssueInstant(issueInstant); +// String authURL = session.getAuthURL(); +// String target = session.getTarget(); +// String targetFriendlyName = session.getTargetFriendlyName(); +// // Bug #485 +// // (https://egovlabs.gv.at/tracker/index.php?func=detail&aid=485&group_id=6&atid=105) +// // String oaURL = session.getPublicOAURLPrefix(); +// String oaURL = session.getPublicOAURLPrefix().replaceAll("&", "&"); +// +// +// List extendedSAMLAttributes = session.getExtendedSAMLAttributesAUTH(); +// Iterator it = extendedSAMLAttributes.iterator(); +// // delete bPK attribute from extended SAML attributes +// if (session.isOW()) { +// ExtendedSAMLAttribute toDelete = null; +// while (it.hasNext()) { +// ExtendedSAMLAttribute attr = (ExtendedSAMLAttribute)it.next(); +// if (attr.getName().equalsIgnoreCase("bPK")) +// toDelete = attr; +// } +// if (toDelete != null) +// extendedSAMLAttributes.remove(toDelete); +// } +// +// String authBlock = new AuthenticationBlockAssertionBuilder() +// .buildAuthBlock(issuer, issueInstant, authURL, target, +// targetFriendlyName, identificationValue, +// identificationType, oaURL, gebDat, +// extendedSAMLAttributes, session, oaParam); +// +// return authBlock; +// } /** * Verifies the infoboxes (except of the identity link infobox) returned by @@ -1184,18 +1216,26 @@ public class AuthenticationServer implements MOAIDAuthConstants { .getInstance(); // get the default VerifyInfobox parameters Map defaultInfoboxParameters = null; - VerifyInfoboxParameters defaultVerifyInfoboxParameters = authConfigurationProvider - .getDefaultVerifyInfoboxParameters(); - if (defaultVerifyInfoboxParameters != null) { - defaultInfoboxParameters = defaultVerifyInfoboxParameters - .getInfoboxParameters(); - } + + //removed in MOA-ID 2.0 +// VerifyInfoboxParameters defaultVerifyInfoboxParameters = authConfigurationProvider +// .getDefaultVerifyInfoboxParameters(); +// if (defaultVerifyInfoboxParameters != null) { +// defaultInfoboxParameters = defaultVerifyInfoboxParameters +// .getInfoboxParameters(); +// } + // get the OA specific VerifyInfobox parameters Map infoboxParameters = null; OAAuthParameter oaParam = authConfigurationProvider .getOnlineApplicationParameter(session.getPublicOAURLPrefix()); - VerifyInfoboxParameters verifyInfoboxParameters = oaParam - .getVerifyInfoboxParameters(); + + //TODO: check correctness!!!! + //removed in MOAID 2.0 +// VerifyInfoboxParameters verifyInfoboxParameters = oaParam +// .getVerifyInfoboxParameters(); +// VerifyInfoboxParameters verifyInfoboxParameters = null; + session.setExtendedSAMLAttributesAUTH(new Vector()); // Initialize SAML // Attributes session.setExtendedSAMLAttributesOA(new Vector()); @@ -1203,191 +1243,191 @@ public class AuthenticationServer implements MOAIDAuthConstants { // System.out.println("SAML set: " + // session.getExtendedSAMLAttributesAUTH().size()); - if (verifyInfoboxParameters != null) { - - infoboxParameters = verifyInfoboxParameters.getInfoboxParameters(); - // get the list of infobox identifiers - List identifiers = verifyInfoboxParameters.getIdentifiers(); - if (identifiers != null) { - // step through the identifiers and verify the infoboxes - Iterator it = identifiers.iterator(); - while (it.hasNext()) { - String identifier = (String) it.next(); - // get the infobox read response from the map of parameters - String infoboxReadResponse = (String) infoboxReadResponseParams - .get(identifier); - // get the configuration parameters - VerifyInfoboxParameter verifyInfoboxParameter = null; - Object object = infoboxParameters.get(identifier); - // if not present, use default - if ((object == null) && (defaultInfoboxParameters != null)) { - object = defaultInfoboxParameters.get(identifier); - } - if (object != null) { - verifyInfoboxParameter = (VerifyInfoboxParameter) object; - } - if (infoboxReadResponse != null) { - if (verifyInfoboxParameter == null) { - // should not happen because of the pushinfobox - // mechanism; check it anyway - Logger.error("No validator for verifying \"" - + identifier + "\"-infobox configured."); - throw new ValidateException("validator.41", - new Object[] { identifier }); - } else { - String friendlyName = verifyInfoboxParameter - .getFriendlyName(); - boolean isParepRequest = false; - - // parse the infobox read reponse - List infoboxTokenList = null; - try { - infoboxTokenList = ExtendedInfoboxReadResponseParser - .parseInfoboxReadResponse( - infoboxReadResponse, - friendlyName); - } catch (ParseException e) { - Logger - .error("InfoboxReadResponse for \"" - + identifier - + "\"-infobox could not be parsed successfully: " - + e.getMessage()); - throw new ValidateException("validator.43", - new Object[] { friendlyName }); - } - // set compatibility mode for mandates infobox and - // all infoboxes (it is possible to be a parep - // infobox) - // session.setMandateCompatibilityMode(ParepConfiguration.isMandateCompatibilityMode(verifyInfoboxParameter.getApplicationSpecificParams())); - // check for party representation in mandates - // infobox - if (Constants.INFOBOXIDENTIFIER_MANDATES - .equalsIgnoreCase(identifier) - && !((infoboxTokenList == null || infoboxTokenList - .size() == 0))) { - // We need app specific parameters - if (null == verifyInfoboxParameter - .getApplicationSpecificParams()) { - throw new ValidateException("validator.66", - new Object[] { friendlyName }); - } - Element mandate = ParepValidator - .extractPrimaryToken(infoboxTokenList); - // ParepUtils.serializeElement(mandate, - // System.out); - String mandateID = ParepUtils - .extractRepresentativeID(mandate); - if (!isEmpty(mandateID) - && ("*".equals(mandateID) || mandateID - .startsWith(MOAIDAuthConstants.PARTY_REPRESENTATION_OID_NUMBER))) { - isParepRequest = true; - } - if (!isParepRequest) { - // if mandates validator is disabled we must - // throw an error in this case - if (!ParepUtils - .isValidatorEnabled(verifyInfoboxParameter - .getApplicationSpecificParams())) { - throw new ValidateException( - "validator.60", - new Object[] { friendlyName }); - } - } - } - - // get the class for validating the infobox - InfoboxValidator infoboxValidator = null; - try { - Class validatorClass = null; - if (isParepRequest) { - // Mandates infobox in party representation - // mode - validatorClass = Class - .forName("at.gv.egovernment.moa.id.auth.validator.parep.ParepValidator"); - } else { - validatorClass = Class - .forName(verifyInfoboxParameter - .getValidatorClassName()); - } - infoboxValidator = (InfoboxValidator) validatorClass - .newInstance(); - } catch (Exception e) { - Logger - .error("Could not load validator class \"" - + verifyInfoboxParameter - .getValidatorClassName() - + "\" for \"" - + identifier - + "\"-infobox: " - + e.getMessage()); - throw new ValidateException("validator.42", - new Object[] { friendlyName }); - } - Logger - .debug("Successfully loaded validator class \"" - + verifyInfoboxParameter - .getValidatorClassName() - + "\" for \"" - + identifier - + "\"-infobox."); - // build the parameters for validating the infobox - InfoboxValidatorParams infoboxValidatorParams = InfoboxValidatorParamsBuilder - .buildInfoboxValidatorParams(session, - verifyInfoboxParameter, - infoboxTokenList, oaParam); - - // now validate the infobox - InfoboxValidationResult infoboxValidationResult = null; - try { - infoboxValidationResult = infoboxValidator - .validate(infoboxValidatorParams); - } catch (ValidateException e) { - Logger.error("Error validating " + identifier - + " infobox:" + e.getMessage()); - throw new ValidateException("validator.44", - new Object[] { friendlyName }); - } - if (!infoboxValidationResult.isValid()) { - Logger.info("Validation of " + identifier - + " infobox failed."); - throw new ValidateException("validator.40", - new Object[] { - friendlyName, - infoboxValidationResult - .getErrorMessage() }); - } - - Logger.info(identifier - + " infobox successfully validated."); - // store the validator for post processing - session.addInfoboxValidator(identifier, - friendlyName, infoboxValidator); - - // get the SAML attributes to be appended to the - // AUTHBlock or to the final - // SAML Assertion - AddAdditionalSAMLAttributes(session, - infoboxValidationResult - .getExtendedSamlAttributes(), - identifier, friendlyName); - } - } else { - if ((verifyInfoboxParameter != null) - && (verifyInfoboxParameter.isRequired())) { - Logger - .info("Infobox \"" - + identifier - + "\" is required, but not returned from the BKU"); - throw new ValidateException("validator.48", - new Object[] { verifyInfoboxParameter - .getFriendlyName() }); - } - Logger.debug("Infobox \"" + identifier - + "\" not returned from BKU."); - } - } - } - } +// if (verifyInfoboxParameters != null) { +// +// infoboxParameters = verifyInfoboxParameters.getInfoboxParameters(); +// // get the list of infobox identifiers +// List identifiers = verifyInfoboxParameters.getIdentifiers(); +// if (identifiers != null) { +// // step through the identifiers and verify the infoboxes +// Iterator it = identifiers.iterator(); +// while (it.hasNext()) { +// String identifier = (String) it.next(); +// // get the infobox read response from the map of parameters +// String infoboxReadResponse = (String) infoboxReadResponseParams +// .get(identifier); +// // get the configuration parameters +// VerifyInfoboxParameter verifyInfoboxParameter = null; +// Object object = infoboxParameters.get(identifier); +// // if not present, use default +// if ((object == null) && (defaultInfoboxParameters != null)) { +// object = defaultInfoboxParameters.get(identifier); +// } +// if (object != null) { +// verifyInfoboxParameter = (VerifyInfoboxParameter) object; +// } +// if (infoboxReadResponse != null) { +// if (verifyInfoboxParameter == null) { +// // should not happen because of the pushinfobox +// // mechanism; check it anyway +// Logger.error("No validator for verifying \"" +// + identifier + "\"-infobox configured."); +// throw new ValidateException("validator.41", +// new Object[] { identifier }); +// } else { +// String friendlyName = verifyInfoboxParameter +// .getFriendlyName(); +// boolean isParepRequest = false; +// +// // parse the infobox read reponse +// List infoboxTokenList = null; +// try { +// infoboxTokenList = ExtendedInfoboxReadResponseParser +// .parseInfoboxReadResponse( +// infoboxReadResponse, +// friendlyName); +// } catch (ParseException e) { +// Logger +// .error("InfoboxReadResponse for \"" +// + identifier +// + "\"-infobox could not be parsed successfully: " +// + e.getMessage()); +// throw new ValidateException("validator.43", +// new Object[] { friendlyName }); +// } +// // set compatibility mode for mandates infobox and +// // all infoboxes (it is possible to be a parep +// // infobox) +// // session.setMandateCompatibilityMode(ParepConfiguration.isMandateCompatibilityMode(verifyInfoboxParameter.getApplicationSpecificParams())); +// // check for party representation in mandates +// // infobox +// if (Constants.INFOBOXIDENTIFIER_MANDATES +// .equalsIgnoreCase(identifier) +// && !((infoboxTokenList == null || infoboxTokenList +// .size() == 0))) { +// // We need app specific parameters +// if (null == verifyInfoboxParameter +// .getApplicationSpecificParams()) { +// throw new ValidateException("validator.66", +// new Object[] { friendlyName }); +// } +// Element mandate = ParepValidator +// .extractPrimaryToken(infoboxTokenList); +// // ParepUtils.serializeElement(mandate, +// // System.out); +// String mandateID = ParepUtils +// .extractRepresentativeID(mandate); +// if (!isEmpty(mandateID) +// && ("*".equals(mandateID) || mandateID +// .startsWith(MOAIDAuthConstants.PARTY_REPRESENTATION_OID_NUMBER))) { +// isParepRequest = true; +// } +// if (!isParepRequest) { +// // if mandates validator is disabled we must +// // throw an error in this case +// if (!ParepUtils +// .isValidatorEnabled(verifyInfoboxParameter +// .getApplicationSpecificParams())) { +// throw new ValidateException( +// "validator.60", +// new Object[] { friendlyName }); +// } +// } +// } +// +// // get the class for validating the infobox +// InfoboxValidator infoboxValidator = null; +// try { +// Class validatorClass = null; +// if (isParepRequest) { +// // Mandates infobox in party representation +// // mode +// validatorClass = Class +// .forName("at.gv.egovernment.moa.id.auth.validator.parep.ParepValidator"); +// } else { +// validatorClass = Class +// .forName(verifyInfoboxParameter +// .getValidatorClassName()); +// } +// infoboxValidator = (InfoboxValidator) validatorClass +// .newInstance(); +// } catch (Exception e) { +// Logger +// .error("Could not load validator class \"" +// + verifyInfoboxParameter +// .getValidatorClassName() +// + "\" for \"" +// + identifier +// + "\"-infobox: " +// + e.getMessage()); +// throw new ValidateException("validator.42", +// new Object[] { friendlyName }); +// } +// Logger +// .debug("Successfully loaded validator class \"" +// + verifyInfoboxParameter +// .getValidatorClassName() +// + "\" for \"" +// + identifier +// + "\"-infobox."); +// // build the parameters for validating the infobox +// InfoboxValidatorParams infoboxValidatorParams = InfoboxValidatorParamsBuilder +// .buildInfoboxValidatorParams(session, +// verifyInfoboxParameter, +// infoboxTokenList, oaParam); +// +// // now validate the infobox +// InfoboxValidationResult infoboxValidationResult = null; +// try { +// infoboxValidationResult = infoboxValidator +// .validate(infoboxValidatorParams); +// } catch (ValidateException e) { +// Logger.error("Error validating " + identifier +// + " infobox:" + e.getMessage()); +// throw new ValidateException("validator.44", +// new Object[] { friendlyName }); +// } +// if (!infoboxValidationResult.isValid()) { +// Logger.info("Validation of " + identifier +// + " infobox failed."); +// throw new ValidateException("validator.40", +// new Object[] { +// friendlyName, +// infoboxValidationResult +// .getErrorMessage() }); +// } +// +// Logger.info(identifier +// + " infobox successfully validated."); +// // store the validator for post processing +// session.addInfoboxValidator(identifier, +// friendlyName, infoboxValidator); +// +// // get the SAML attributes to be appended to the +// // AUTHBlock or to the final +// // SAML Assertion +// AddAdditionalSAMLAttributes(session, +// infoboxValidationResult +// .getExtendedSamlAttributes(), +// identifier, friendlyName); +// } +// } else { +// if ((verifyInfoboxParameter != null) +// && (verifyInfoboxParameter.isRequired())) { +// Logger +// .info("Infobox \"" +// + identifier +// + "\" is required, but not returned from the BKU"); +// throw new ValidateException("validator.48", +// new Object[] { verifyInfoboxParameter +// .getFriendlyName() }); +// } +// Logger.debug("Infobox \"" + identifier +// + "\" not returned from BKU."); +// } +// } +// } +// } } /** @@ -1406,18 +1446,23 @@ public class AuthenticationServer implements MOAIDAuthConstants { * @throws IOException * @throws SAXException */ - private void setExtendedSAMLAttributeForMandates( + private void validateExtendedSAMLAttributeForMandates( AuthenticationSession session, MISMandate mandate, - boolean business, boolean provideStammzahl) + boolean business) throws ValidateException, ConfigurationException, SAXException, IOException, ParserConfigurationException, TransformerException { - ExtendedSAMLAttribute[] extendedSamlAttributes = addExtendedSamlAttributes( - mandate, business, provideStammzahl); + ExtendedSAMLAttribute[] extendedSAMLAttributes = addExtendedSamlAttributes( + mandate, business, false); - AddAdditionalSAMLAttributes(session, extendedSamlAttributes, - "MISService", "MISService"); + int length = extendedSAMLAttributes.length; + for (int i = 0; i < length; i++) { + ExtendedSAMLAttribute samlAttribute = extendedSAMLAttributes[i]; + Object value = verifySAMLAttribute(samlAttribute, i, "MISService", + "MISService"); + + } } /** @@ -1449,56 +1494,56 @@ public class AuthenticationServer implements MOAIDAuthConstants { } - /** - * Intermediate processing of the infoboxes. The first pending infobox - * validator may validate the provided input - * - * @param session - * The current authentication session - * @param parameters - * The parameters got returned by the user input fields - */ - public static void processInput(AuthenticationSession session, - Map parameters) throws ValidateException { - - // post processing of the infoboxes - Iterator iter = session.getInfoboxValidatorIterator(); - if (iter != null) { - while (iter.hasNext()) { - Vector infoboxValidatorVector = (Vector) iter.next(); - InfoboxValidator infoboxvalidator = (InfoboxValidator) infoboxValidatorVector - .get(2); - if (!ParepUtils.isEmpty(infoboxvalidator.getForm())) { - String identifier = (String) infoboxValidatorVector.get(0); - String friendlyName = (String) infoboxValidatorVector - .get(1); - InfoboxValidationResult infoboxValidationResult = null; - try { - infoboxValidationResult = infoboxvalidator - .validate(parameters); - } catch (ValidateException e) { - Logger.error("Error validating " + identifier - + " infobox:" + e.getMessage()); - throw new ValidateException("validator.44", - new Object[] { friendlyName }); - } - if (!infoboxValidationResult.isValid()) { - Logger.info("Validation of " + identifier - + " infobox failed."); - throw new ValidateException("validator.40", - new Object[] { - friendlyName, - infoboxValidationResult - .getErrorMessage() }); - } - AddAdditionalSAMLAttributes( - session, - infoboxValidationResult.getExtendedSamlAttributes(), - identifier, friendlyName); - } - } - } - } +// /** +// * Intermediate processing of the infoboxes. The first pending infobox +// * validator may validate the provided input +// * +// * @param session +// * The current authentication session +// * @param parameters +// * The parameters got returned by the user input fields +// */ +// public static void processInput(AuthenticationSession session, +// Map parameters) throws ValidateException { +// +// // post processing of the infoboxes +// Iterator iter = session.getInfoboxValidatorIterator(); +// if (iter != null) { +// while (iter.hasNext()) { +// Vector infoboxValidatorVector = (Vector) iter.next(); +// InfoboxValidator infoboxvalidator = (InfoboxValidator) infoboxValidatorVector +// .get(2); +// if (!ParepUtils.isEmpty(infoboxvalidator.getForm())) { +// String identifier = (String) infoboxValidatorVector.get(0); +// String friendlyName = (String) infoboxValidatorVector +// .get(1); +// InfoboxValidationResult infoboxValidationResult = null; +// try { +// infoboxValidationResult = infoboxvalidator +// .validate(parameters); +// } catch (ValidateException e) { +// Logger.error("Error validating " + identifier +// + " infobox:" + e.getMessage()); +// throw new ValidateException("validator.44", +// new Object[] { friendlyName }); +// } +// if (!infoboxValidationResult.isValid()) { +// Logger.info("Validation of " + identifier +// + " infobox failed."); +// throw new ValidateException("validator.40", +// new Object[] { +// friendlyName, +// infoboxValidationResult +// .getErrorMessage() }); +// } +// AddAdditionalSAMLAttributes( +// session, +// infoboxValidationResult.getExtendedSamlAttributes(), +// identifier, friendlyName); +// } +// } +// } +// } /** * Adds given SAML Attributes to the current session. They will be appended @@ -1609,7 +1654,7 @@ public class AuthenticationServer implements MOAIDAuthConstants { * @throws TransformerException */ - private static ExtendedSAMLAttribute[] addExtendedSamlAttributes( + protected static ExtendedSAMLAttribute[] addExtendedSamlAttributes( MISMandate mandate, boolean business, boolean provideStammzahl) throws SAXException, IOException, ParserConfigurationException, TransformerException { @@ -1761,7 +1806,7 @@ public class AuthenticationServer implements MOAIDAuthConstants { return doc.getDocumentElement(); } - private static void replaceExtendedSAMLAttribute(List attributes, + protected static void replaceExtendedSAMLAttribute(List attributes, ExtendedSAMLAttribute samlAttribute) { if (null == attributes) { attributes = new Vector(); @@ -1807,18 +1852,20 @@ public class AuthenticationServer implements MOAIDAuthConstants { * @return SAML artifact needed for retrieving authentication data, encoded * BASE64 */ - public String verifyAuthenticationBlock(String sessionID, + public String verifyAuthenticationBlock(AuthenticationSession session, String xmlCreateXMLSignatureReadResponse) throws AuthenticationException, BuildException, ParseException, ConfigurationException, ServiceException, ValidateException { - if (isEmpty(sessionID)) + if (session == null) throw new AuthenticationException("auth.10", new Object[] { REQ_VERIFY_AUTH_BLOCK, PARAM_SESSIONID }); if (isEmpty(xmlCreateXMLSignatureReadResponse)) throw new AuthenticationException("auth.10", new Object[] { REQ_VERIFY_AUTH_BLOCK, PARAM_XMLRESPONSE }); - AuthenticationSession session = getSession(sessionID); + + //AuthenticationSession session = getSession(sessionID); + AuthConfigurationProvider authConf = AuthConfigurationProvider .getInstance(); // parses <CreateXMLSignatureResponse> @@ -1837,9 +1884,13 @@ public class AuthenticationServer implements MOAIDAuthConstants { REQ_VERIFY_AUTH_BLOCK, PARAM_XMLRESPONSE }); } // validates <CreateXMLSignatureResponse> - new CreateXMLSignatureResponseValidator().validate(csresp, session); + if (session.isSsoRequested()) + new CreateXMLSignatureResponseValidator().validateSSO(csresp, session); + else + new CreateXMLSignatureResponseValidator().validate(csresp, session); + // builds a <VerifyXMLSignatureRequest> for a MOA-SPSS call - String[] vtids = authConf.getMoaSpAuthBlockVerifyTransformsInfoIDs(); + List<String> vtids = authConf.getMoaSpAuthBlockVerifyTransformsInfoIDs(); String tpid = authConf.getMoaSpAuthBlockTrustProfileID(); Element domVsreq = new VerifyXMLSignatureRequestBuilder().build(csresp, vtids, tpid); @@ -1876,7 +1927,8 @@ public class AuthenticationServer implements MOAIDAuthConstants { // TODO See Bug #144 // Compare AuthBlock Data with information stored in session, especially // date and time - + CreateXMLSignatureResponseValidator.getInstance().validateSigningDateTime(csresp); + // compares the public keys from the identityLink with the AuthBlock VerifyXMLSignatureResponseValidator.getInstance().validateCertificate( vsresp, session.getIdentityLink()); @@ -1920,27 +1972,45 @@ public class AuthenticationServer implements MOAIDAuthConstants { } } - OAAuthParameter oaParam = AuthConfigurationProvider.getInstance() - .getOnlineApplicationParameter(session.getPublicOAURLPrefix()); - boolean useUTC = oaParam.getUseUTC(); - boolean useCondition = oaParam.getUseCondition(); - int conditionLength = oaParam.getConditionLength(); +// OAAuthParameter oaParam = AuthConfigurationProvider.getInstance() +// .getOnlineApplicationParameter(session.getPublicOAURLPrefix()); +// boolean useUTC = oaParam.getUseUTC(); +// boolean useCondition = oaParam.getUseCondition(); +// int conditionLength = oaParam.getConditionLength(); - // builds authentication data and stores it together with a SAML - // artifact - AuthenticationData authData = buildAuthenticationData(session, vsresp, - useUTC, false); + + //TL: moved to Authentification Data generation +// AuthenticationData authData = buildAuthenticationData(session, vsresp, +// useUTC, false); +// +// //set Authblock +// session.setAuthData(authData); + + session.setXMLVerifySignatureResponse(vsresp); + session.setSignerCertificate(vsresp.getX509certificate()); + vsresp.setX509certificate(null); + session.setForeigner(false); + if (session.getUseMandate()) { // mandate mode - // session.setAssertionAuthBlock(assertionAuthBlock) - - // set signer certificate - session.setSignerCertificate(vsresp.getX509certificate()); - return null; + } else { - + + session.setAuthenticatedUsed(false); + session.setAuthenticated(true); + + String oldsessionID = session.getSessionID(); + + //Session is implicte stored in changeSessionID!!! + String newMOASessionID = AuthenticationSessionStoreage.changeSessionID(session); + + Logger.info("Changed MOASession " + oldsessionID + " to Session " + newMOASessionID); + Logger.info("Daten angelegt zu MOASession " + newMOASessionID); + + return newMOASessionID; + /* String samlAssertion = new AuthenticationDataAssertionBuilder() .build(authData, session.getAssertionPrPerson(), session .getAssertionAuthBlock(), session @@ -1973,7 +2043,7 @@ public class AuthenticationServer implements MOAIDAuthConstants { Logger.info("Anmeldedaten zu MOASession " + sessionID + " angelegt, SAML Artifakt " + samlArtifact); return samlArtifact; - + */ } } @@ -2004,171 +2074,8 @@ public class AuthenticationServer implements MOAIDAuthConstants { * @return SAML artifact needed for retrieving authentication data, encoded * BASE64 */ - public String verifyAuthenticationBlockMandate(String sessionID, - Element mandate) throws AuthenticationException, BuildException, - ParseException, ConfigurationException, ServiceException, - ValidateException { - - if (isEmpty(sessionID)) - throw new AuthenticationException("auth.10", new Object[] { - REQ_VERIFY_AUTH_BLOCK, PARAM_SESSIONID }); - AuthenticationSession session = getSession(sessionID); - // AuthConfigurationProvider authConf = - // AuthConfigurationProvider.getInstance(); - - IdentityLink tempIdentityLink = null; - - if (session.getUseMandate()) { - tempIdentityLink = new IdentityLink(); - Element mandator = ParepUtils.extractMandator(mandate); - String dateOfBirth = ""; - Element prPerson = null; - String familyName = ""; - String givenName = ""; - String identificationType = ""; - String identificationValue = ""; - if (mandator != null) { - boolean physical = ParepUtils.isPhysicalPerson(mandator); - if (physical) { - familyName = ParepUtils.extractText(mandator, - "descendant-or-self::pr:Name/pr:FamilyName/text()"); - givenName = ParepUtils.extractText(mandator, - "descendant-or-self::pr:Name/pr:GivenName/text()"); - dateOfBirth = ParepUtils - .extractMandatorDateOfBirth(mandator); - } else { - familyName = ParepUtils.extractMandatorFullName(mandator); - } - identificationType = ParepUtils.getIdentification(mandator, - "Type"); - identificationValue = ParepUtils.extractMandatorWbpk(mandator); - - prPerson = ParepUtils.extractPrPersonOfMandate(mandate); - if (physical - && session.getBusinessService() - && identificationType != null - && Constants.URN_PREFIX_BASEID - .equals(identificationType)) { - // now we calculate the wbPK and do so if we got it from the - // BKU - identificationType = Constants.URN_PREFIX_WBPK + "+" - + session.getDomainIdentifier(); - identificationValue = new BPKBuilder().buildWBPK( - identificationValue, session.getDomainIdentifier()); - ParepUtils - .HideStammZahlen(prPerson, true, null, null, true); - } - - tempIdentityLink.setDateOfBirth(dateOfBirth); - tempIdentityLink.setFamilyName(familyName); - tempIdentityLink.setGivenName(givenName); - tempIdentityLink.setIdentificationType(identificationType); - tempIdentityLink.setIdentificationValue(identificationValue); - tempIdentityLink.setPrPerson(prPerson); - try { - tempIdentityLink.setSamlAssertion(session.getIdentityLink() - .getSamlAssertion()); - } catch (Exception e) { - throw new ValidateException("validator.64", null); - } - - } - - } - - // builds authentication data and stores it together with a SAML - // artifact - AuthenticationData authData = session.getAssertionAuthData(); // buildAuthenticationData(session, - // vsresp, - // replacementIdentityLink); - - - Element mandatePerson = tempIdentityLink.getPrPerson(); -// try { -// System.out.println("MANDATE: " + -// DOMUtils.serializeNode(mandatePerson)); -// } -// catch(Exception e) { -// e.printStackTrace(); -// } - String mandateData = null; - boolean useCondition = false; - int conditionLength = -1; - try { - OAAuthParameter oaParam = AuthConfigurationProvider.getInstance() - .getOnlineApplicationParameter( - session.getPublicOAURLPrefix()); - boolean provideStammzahl = oaParam.getProvideStammzahl(); - useCondition = oaParam.getUseCondition(); - conditionLength = oaParam.getConditionLength(); - - String isPrPerson = mandatePerson.getAttribute("xsi:type"); - - if (!StringUtils.isEmpty(isPrPerson)) { - if (isPrPerson.equalsIgnoreCase("pr:PhysicalPerson")) { - Element prIdentification = (Element) mandatePerson - .getElementsByTagNameNS(Constants.PD_NS_URI, - "Identification").item(0); - String baseid = getBaseId(mandatePerson); - Element identificationBpK = createIdentificationBPK(mandatePerson, - baseid, session.getTarget()); - - if (!provideStammzahl) { - prIdentification.getFirstChild().setTextContent(""); - } - - mandatePerson.insertBefore(identificationBpK, - prIdentification); - } - } - - mandateData = DOMUtils.serializeNode(mandatePerson); - - } catch (TransformerException e1) { - throw new AuthenticationException("auth.16", - new Object[] { GET_MIS_SESSIONID }); - } catch (IOException e1) { - throw new AuthenticationException("auth.16", - new Object[] { GET_MIS_SESSIONID }); - } - - String samlAssertion = new AuthenticationDataAssertionBuilder() - .buildMandate(authData, session.getAssertionPrPerson(), - mandateData, session.getAssertionAuthBlock(), session - .getAssertionIlAssertion(), - session.getBkuURL(), session - .getAssertionSignerCertificateBase64(), session - .getAssertionBusinessService(), session - .getSourceID(), session - .getExtendedSAMLAttributesOA(), useCondition, - conditionLength); - authData.setSamlAssertion(samlAssertion); - String assertionFile = AuthConfigurationProvider.getInstance() - .getGenericConfigurationParameter( - "AuthenticationServer.WriteAssertionToFile"); - if (!ParepUtils.isEmpty(assertionFile)) - try { - ParepUtils.saveStringToFile(samlAssertion, new File( - assertionFile)); - } catch (IOException e) { - throw new BuildException("builder.00", new Object[] { - "AuthenticationData", e.toString() }, e); - } - - String samlArtifact = new SAMLArtifactBuilder().build(session - .getAuthURL(), session.getSessionID(), session.getSourceID()); - storeAuthenticationData(samlArtifact, authData); - - // invalidates the authentication session - sessionStore.remove(sessionID); - Logger.info("Anmeldedaten zu MOASession " + sessionID - + " angelegt, SAML Artifakt " + samlArtifact); - return samlArtifact; - - } - - private Element createIdentificationBPK(Element mandatePerson, + protected Element createIdentificationBPK(Element mandatePerson, String baseid, String target) throws BuildException { Element identificationBpK = mandatePerson.getOwnerDocument() .createElementNS(Constants.PD_NS_URI, "Identification"); @@ -2189,7 +2096,7 @@ public class AuthenticationServer implements MOAIDAuthConstants { } - private String getBaseId(Element mandatePerson) + protected String getBaseId(Element mandatePerson) throws TransformerException, IOException { NodeList list = mandatePerson.getElementsByTagNameNS( Constants.PD_NS_URI, "Identification"); @@ -2225,15 +2132,17 @@ public class AuthenticationServer implements MOAIDAuthConstants { * @return SAML artifact needed for retrieving authentication data, encoded * BASE64 */ - public String getForeignAuthenticationData(String sessionID) + public String getForeignAuthenticationData(AuthenticationSession session) throws AuthenticationException, BuildException, ParseException, ConfigurationException, ServiceException, ValidateException { - if (isEmpty(sessionID)) + //TODO: CHECK if STORK parts works correct!!!! + + if (session == null) throw new AuthenticationException("auth.10", new Object[] { REQ_VERIFY_AUTH_BLOCK, PARAM_SESSIONID }); - AuthenticationSession session = getSession(sessionID); + //AuthenticationSession session = getSession(sessionID); // AuthConfigurationProvider authConf = // AuthConfigurationProvider.getInstance(); @@ -2280,14 +2189,32 @@ public class AuthenticationServer implements MOAIDAuthConstants { X509Certificate cert = session.getSignerCertificate(); vsresp.setX509certificate(cert); - OAAuthParameter oaParam = AuthConfigurationProvider.getInstance() - .getOnlineApplicationParameter(session.getPublicOAURLPrefix()); - boolean useUTC = oaParam.getUseUTC(); - boolean useCondition = oaParam.getUseCondition(); - int conditionLength = oaParam.getConditionLength(); - AuthenticationData authData = buildAuthenticationData(session, vsresp, - useUTC, true); +// OAAuthParameter oaParam = AuthConfigurationProvider.getInstance() +// .getOnlineApplicationParameter(session.getPublicOAURLPrefix()); +// boolean useUTC = oaParam.getUseUTC(); + +// boolean useCondition = oaParam.getUseCondition(); +// int conditionLength = oaParam.getConditionLength(); + + //TL: moved to Assertion generation. +// AuthenticationData authData = buildAuthenticationData(session, vsresp, +// useUTC, true); +// +// session.setAuthData(authData); + + session.setAuthenticatedUsed(false); + session.setAuthenticated(true); + + session.setXMLVerifySignatureResponse(vsresp); + session.setSignerCertificate(vsresp.getX509certificate()); + vsresp.setX509certificate(null); + session.setForeigner(true); + + return "new Session"; + + //TODO: regenerate MOASession ID! + /* String samlAssertion = new AuthenticationDataAssertionBuilder().build( authData, session.getAssertionPrPerson(), session .getAssertionAuthBlock(), session @@ -2319,7 +2246,7 @@ public class AuthenticationServer implements MOAIDAuthConstants { Logger.info("Anmeldedaten zu MOASession " + sessionID + " angelegt, SAML Artifakt " + samlArtifact); - return samlArtifact; + return samlArtifact;*/ } /** @@ -2339,23 +2266,28 @@ public class AuthenticationServer implements MOAIDAuthConstants { * @throws BuildException * while building the <code><saml:Assertion></code> */ - private AuthenticationData buildAuthenticationData( - AuthenticationSession session, - VerifyXMLSignatureResponse verifyXMLSigResp, boolean useUTC, boolean isForeigner) + public static AuthenticationData buildAuthenticationData( + AuthenticationSession session, OAAuthParameter oaParam, String target) throws ConfigurationException, BuildException { IdentityLink identityLink = session.getIdentityLink(); AuthenticationData authData = new AuthenticationData(); - OAAuthParameter oaParam = AuthConfigurationProvider.getInstance() - .getOnlineApplicationParameter(session.getPublicOAURLPrefix()); + + VerifyXMLSignatureResponse verifyXMLSigResp = session.getXMLVerifySignatureResponse(); + boolean useUTC = oaParam.getUseUTC(); boolean businessService = oaParam.getBusinessService(); + authData.setMajorVersion(1); authData.setMinorVersion(0); authData.setAssertionID(Random.nextRandom()); authData.setIssuer(session.getAuthURL()); authData.setIssueInstant(DateTimeUtils.buildDateTime(Calendar .getInstance(), useUTC)); + + //baseID or wbpk in case of BusinessService without SSO or BusinessService SSO + authData.setIdentificationValue(identityLink.getIdentificationValue()); authData.setIdentificationType(identityLink.getIdentificationType()); + authData.setGivenName(identityLink.getGivenName()); authData.setFamilyName(identityLink.getFamilyName()); authData.setDateOfBirth(identityLink.getDateOfBirth()); @@ -2366,84 +2298,68 @@ public class AuthenticationServer implements MOAIDAuthConstants { .getPublicAuthorityCode()); authData.setBkuURL(session.getBkuURL()); authData.setUseUTC(oaParam.getUseUTC()); - boolean provideStammzahl = oaParam.getProvideStammzahl(); - if (provideStammzahl) { - authData.setIdentificationValue(identityLink - .getIdentificationValue()); - } - String prPerson = new PersonDataBuilder().build(identityLink, - provideStammzahl); - + try { - String signerCertificateBase64 = ""; - if (oaParam.getProvideCertifcate()) { - X509Certificate signerCertificate = verifyXMLSigResp - .getX509certificate(); - if (signerCertificate != null) { - signerCertificateBase64 = Base64Utils - .encode(signerCertificate.getEncoded()); - } else { - Logger - .info("\"provideCertificate\" is \"true\", but no signer certificate available"); - } - } - authData.setSignerCertificate(signerCertificateBase64); - if(!isForeigner) { - //we have Austrian citizen - if (businessService) { - authData.setWBPK(identityLink.getIdentificationValue()); - } else { - authData.setBPK(identityLink.getIdentificationValue()); - - // BZ.., calculation of bPK already before sending AUTHBlock - /* - * if(identityLink.getIdentificationType().equals(Constants. - * URN_PREFIX_BASEID)) { // only compute bPK if online - * application is a public service and we have the Stammzahl - * String bpkBase64 = new BPKBuilder().buildBPK( - * identityLink.getIdentificationValue(), session.getTarget()); - * authData.setBPK(bpkBase64); } - */ - - } + + //TODO: resign the IdentityLink!!! + + + if (session.getUseMandate() && session.isOW()) { + MISMandate mandate = session.getMISMandate(); + authData.setBPK(mandate.getOWbPK()); + authData.setBPKType(Constants.URN_PREFIX_CDID + "+" + "OW"); + } else { - //we have foreigner, thus we have to calculate bPK and wbPK now (after receiving identity link from SZR-GW + if (businessService) { //since we have foreigner, wbPK is not calculated in BKU - if(identityLink.getIdentificationType().equals(Constants.URN_PREFIX_BASEID)) { - String wbpkBase64 = new BPKBuilder().buildWBPK(identityLink.getIdentificationValue(), session.getDomainIdentifier()); - authData.setWBPK(wbpkBase64); - } + if(identityLink.getIdentificationType().equals(Constants.URN_PREFIX_BASEID)) { + + String registerAndOrdNr = oaParam.getIdentityLinkDomainIdentifier(); + + if (registerAndOrdNr.startsWith(AuthenticationSession.REGISTERANDORDNR_PREFIX_)) { + // If domainIdentifier starts with prefix + // "urn:publicid:gv.at:wbpk+"; remove this prefix + registerAndOrdNr = registerAndOrdNr + .substring(AuthenticationSession.REGISTERANDORDNR_PREFIX_.length()); + Logger.debug("Register and ordernumber prefix stripped off; resulting register string: " + + registerAndOrdNr); + } + + String wbpkBase64 = new BPKBuilder().buildWBPK(identityLink.getIdentificationValue(), registerAndOrdNr); + authData.setBPK(wbpkBase64); + authData.setBPKType( Constants.URN_PREFIX_WBPK + "+" + registerAndOrdNr); + + } else { + authData.setBPK(identityLink.getIdentificationValue()); + authData.setBPKType(identityLink.getIdentificationType()); + } + + Element idlassertion = session.getIdentityLink().getSamlAssertion(); + //set bpk/wpbk; + Node prIdentification = XPathUtils.selectSingleNode(idlassertion, IdentityLinkAssertionParser.PERSON_IDENT_VALUE_XPATH); + prIdentification.getFirstChild().setNodeValue(authData.getBPK()); + //set bkp/wpbk type + Node prIdentificationType = XPathUtils.selectSingleNode(idlassertion, IdentityLinkAssertionParser.PERSON_IDENT_TYPE_XPATH); + prIdentificationType.getFirstChild().setNodeValue(authData.getBPKType()); - } else { + IdentityLinkAssertionParser idlparser = new IdentityLinkAssertionParser(idlassertion); + IdentityLink idl = idlparser.parseIdentityLink(); + authData.setIdentityLink(idl); - if(identityLink.getIdentificationType().equals(Constants.URN_PREFIX_BASEID)) { - // only compute bPK if online application is a public service and we have the Stammzahl - String bpkBase64 = new BPKBuilder().buildBPK(identityLink.getIdentificationValue(), session.getTarget()); - authData.setBPK(bpkBase64); - } + } else { + + if(identityLink.getIdentificationType().equals(Constants.URN_PREFIX_BASEID)) { + // only compute bPK if online application is a public service and we have the Stammzahl + String bpkBase64 = new BPKBuilder().buildBPK(identityLink.getIdentificationValue(), target); + authData.setBPK(bpkBase64); + authData.setBPKType(Constants.URN_PREFIX_CDID + "+" + oaParam.getTarget()); + } - + authData.setIdentityLink(identityLink); } - - } - String ilAssertion = oaParam.getProvideIdentityLink() ? identityLink - .getSerializedSamlAssertion() - : ""; - if (!oaParam.getProvideStammzahl()) { - ilAssertion = StringUtils.replaceAll(ilAssertion, identityLink - .getIdentificationValue(), ""); } - String authBlock = oaParam.getProvideAuthBlock() ? session - .getAuthBlock() : ""; - - session.setAssertionAuthBlock(authBlock); - session.setAssertionAuthData(authData); - session.setAssertionBusinessService(businessService); - session.setAssertionIlAssertion(ilAssertion); - session.setAssertionPrPerson(prPerson); - session.setAssertionSignerCertificateBase64(signerCertificateBase64); - + return authData; } catch (Throwable ex) { @@ -2453,117 +2369,6 @@ public class AuthenticationServer implements MOAIDAuthConstants { } /** - * Retrieves <code>AuthenticationData</code> indexed by the SAML artifact. - * The <code>AuthenticationData</code> is deleted from the store upon end of - * this call. - * - * @return <code>AuthenticationData</code> - */ - public AuthenticationData getAuthenticationData(String samlArtifact) - throws AuthenticationException { - String assertionHandle; - try { - assertionHandle = new SAMLArtifactParser(samlArtifact) - .parseAssertionHandle(); - } catch (ParseException ex) { - throw new AuthenticationException("1205", new Object[] { - samlArtifact, ex.toString() }); - } - AuthenticationData authData = null; - synchronized (authenticationDataStore) { - // System.out.println("assertionHandle: " + assertionHandle); - authData = (AuthenticationData) authenticationDataStore - .get(assertionHandle); - if (authData == null) { - Logger.error("Assertion not found for SAML Artifact: " - + samlArtifact); - throw new AuthenticationException("1206", - new Object[] { samlArtifact }); - } - boolean keepAssertion = false; - try { - String boolStr = AuthConfigurationProvider.getInstance() - .getGenericConfigurationParameter( - "AuthenticationServer.KeepAssertion"); - if (null != boolStr && boolStr.equalsIgnoreCase("true")) - keepAssertion = true;// Only allowed for debug purposes!!! - } catch (ConfigurationException ex) { - throw new AuthenticationException("1205", new Object[] { - samlArtifact, ex.toString() }); - } - if (!keepAssertion) { - authenticationDataStore.remove(assertionHandle); - } - } - long now = new Date().getTime(); - if (now - authData.getTimestamp().getTime() > authDataTimeOut) - throw new AuthenticationException("1207", - new Object[] { samlArtifact }); - Logger.debug("Assertion delivered for SAML Artifact: " + samlArtifact); - return authData; - } - - /** - * Stores authentication data indexed by the assertion handle contained in - * the given saml artifact. - * - * @param samlArtifact - * SAML artifact - * @param authData - * authentication data - * @throws AuthenticationException - * when SAML artifact is invalid - */ - private void storeAuthenticationData(String samlArtifact, - AuthenticationData authData) throws AuthenticationException { - - try { - SAMLArtifactParser parser = new SAMLArtifactParser(samlArtifact); - // check type code 0x0001 - byte[] typeCode = parser.parseTypeCode(); - if (typeCode[0] != 0 || typeCode[1] != 1) - throw new AuthenticationException("auth.06", - new Object[] { samlArtifact }); - String assertionHandle = parser.parseAssertionHandle(); - synchronized (authenticationDataStore) { - Logger.debug("Assertion stored for SAML Artifact: " - + samlArtifact); - authenticationDataStore.put(assertionHandle, authData); - } - } catch (AuthenticationException ex) { - throw ex; - } catch (Throwable ex) { - throw new AuthenticationException("auth.06", - new Object[] { samlArtifact }); - } - } - - /** - * Creates a new session and puts it into the session store. - * - * @param id - * Session ID - * @return AuthenticationSession created - * @exception AuthenticationException - * thrown when an <code>AuthenticationSession</code> is - * running already for the given session ID - */ - private static AuthenticationSession newSession() - throws AuthenticationException { - String sessionID = Random.nextRandom(); - AuthenticationSession newSession = new AuthenticationSession(sessionID); - synchronized (sessionStore) { - AuthenticationSession session = (AuthenticationSession) sessionStore - .get(sessionID); - if (session != null) - throw new AuthenticationException("auth.01", - new Object[] { sessionID }); - sessionStore.put(sessionID, newSession); - } - return newSession; - } - - /** * Retrieves a session from the session store. * * @param id @@ -2573,11 +2378,20 @@ public class AuthenticationServer implements MOAIDAuthConstants { */ public static AuthenticationSession getSession(String id) throws AuthenticationException { - AuthenticationSession session = (AuthenticationSession) sessionStore - .get(id); - if (session == null) - throw new AuthenticationException("auth.02", new Object[] { id }); - return session; + + AuthenticationSession session; + try { + session = AuthenticationSessionStoreage.getSession(id); + + /*(AuthenticationSession) sessionStore + .get(id);*/ + if (session == null) + throw new AuthenticationException("auth.02", new Object[] { id }); + return session; + + } catch (MOADatabaseException e) { + throw new AuthenticationException("parser.04", new Object[] { id }); + } } /** @@ -2585,33 +2399,15 @@ public class AuthenticationServer implements MOAIDAuthConstants { */ public void cleanup() { long now = new Date().getTime(); - synchronized (sessionStore) { - Set keys = new HashSet(sessionStore.keySet()); - for (Iterator iter = keys.iterator(); iter.hasNext();) { - String sessionID = (String) iter.next(); - AuthenticationSession session = (AuthenticationSession) sessionStore - .get(sessionID); - if (now - session.getTimestampStart().getTime() > sessionTimeOut) { - Logger.info(MOAIDMessageProvider.getInstance().getMessage( - "cleaner.02", new Object[] { sessionID })); - sessionStore.remove(sessionID); - } - } - } - synchronized (authenticationDataStore) { - Set keys = new HashSet(authenticationDataStore.keySet()); - for (Iterator iter = keys.iterator(); iter.hasNext();) { - String samlAssertionHandle = (String) iter.next(); - AuthenticationData authData = (AuthenticationData) authenticationDataStore - .get(samlAssertionHandle); - if (now - authData.getTimestamp().getTime() > authDataTimeOut) { - Logger.info(MOAIDMessageProvider.getInstance().getMessage( - "cleaner.03", - new Object[] { authData.getAssertionID() })); - authenticationDataStore.remove(samlAssertionHandle); - } - } - } + + //clean AuthenticationSessionStore + //TODO: acutally the StartAuthentificaten timestamp is used!!!!! + //TODO: maybe change this to lastupdate timestamp. + AuthenticationSessionStoreage.clean(now, sessionTimeOutCreated, sessionTimeOutUpdated); + + //clean AssertionStore + AssertionStorage assertionstore = AssertionStorage.getInstance(); + assertionstore.clean(now, authDataTimeOut); } /** @@ -2620,8 +2416,12 @@ public class AuthenticationServer implements MOAIDAuthConstants { * @param seconds * Time out of the session in seconds */ - public void setSecondsSessionTimeOut(long seconds) { - sessionTimeOut = 1000 * seconds; + public void setSecondsSessionTimeOutCreated(long seconds) { + sessionTimeOutCreated = seconds * 1000; + } + + public void setSecondsSessionTimeOutUpdated(long seconds) { + sessionTimeOutUpdated = seconds * 1000; } /** @@ -2631,7 +2431,7 @@ public class AuthenticationServer implements MOAIDAuthConstants { * Time out for signing AuthData in seconds */ public void setSecondsAuthDataTimeOut(long seconds) { - authDataTimeOut = 1000 * seconds; + authDataTimeOut = seconds * 1000; } /** @@ -2658,7 +2458,7 @@ public class AuthenticationServer implements MOAIDAuthConstants { * the friendly name of the infobox for messages * @return the SAML attribute value (Element or String) */ - private static Object verifySAMLAttribute( + protected static Object verifySAMLAttribute( ExtendedSAMLAttribute samlAttribute, int i, String identifier, String friendlyName) throws ValidateException { String name = samlAttribute.getName(); @@ -2776,42 +2576,21 @@ public class AuthenticationServer implements MOAIDAuthConstants { public static void startSTORKAuthentication( HttpServletRequest req, HttpServletResponse resp, - String ccc, - String oaURL, - String target, - String targetFriendlyName, - String authURL, - String sourceID) throws MOAIDException, AuthenticationException, WrongParametersException, ConfigurationException { + AuthenticationSession moasession) throws MOAIDException, AuthenticationException, WrongParametersException, ConfigurationException { - //read configuration paramters of OA - OAAuthParameter oaParam = AuthConfigurationProvider.getInstance().getOnlineApplicationParameter(oaURL); - if (oaParam == null) - throw new AuthenticationException("auth.00", new Object[] { oaURL }); - - if (!oaParam.getBusinessService()) { - if (StringUtils.isEmpty(target)) - throw new WrongParametersException("StartAuthentication", PARAM_TARGET, "auth.05"); - } else { - target = null; + if (moasession == null) { + throw new AuthenticationException("auth.18", new Object[] { }); } - //create MOA session - AuthenticationSession moaSession = newSession(); - Logger.info("MOASession " + moaSession.getSessionID() + " angelegt"); - moaSession.setTarget(target); - moaSession.setTargetFriendlyName(targetFriendlyName); - moaSession.setOAURLRequested(oaURL); - moaSession.setPublicOAURLPrefix(oaParam.getPublicURLPrefix()); - moaSession.setAuthURL(authURL); - moaSession.setBusinessService(oaParam.getBusinessService()); - moaSession.setDomainIdentifier(oaParam.getIdentityLinkDomainIdentifier()); - if (sourceID != null) - moaSession.setSourceID(sourceID); + //read configuration paramters of OA + OAAuthParameter oaParam = AuthConfigurationProvider.getInstance().getOnlineApplicationParameter(moasession.getPublicOAURLPrefix()); + if (oaParam == null) + throw new AuthenticationException("auth.00", new Object[] { moasession.getPublicOAURLPrefix() }); //Start of STORK Processing STORKConfig storkConfig = AuthConfigurationProvider.getInstance().getStorkConfig(); - CPEPS cpeps = storkConfig.getCPEPS(ccc); + CPEPS cpeps = storkConfig.getCPEPS(moasession.getCcc()); Logger.debug("Preparing to assemble STORK AuthnRequest witht the following values:"); String destination = cpeps.getPepsURL().toExternalForm(); @@ -2824,19 +2603,22 @@ public class AuthenticationServer implements MOAIDAuthConstants { String issuerValue = HTTPUtils.getBaseURL(req); Logger.debug("Issuer value: " + issuerValue); - QualityAuthenticationAssuranceLevel qaaLevel = STORKMessagesBuilder.buildQualityAuthenticationAssuranceLevel(oaParam.getQaaLevel().getValue()); - Logger.debug("QAALevel: " + qaaLevel.getValue()); - RequestedAttributes requestedAttributes; + QualityAuthenticationAssuranceLevel qaaLevel = STORKMessagesBuilder.buildQualityAuthenticationAssuranceLevel(oaParam.getQaaLevel().getValue()); + //Logger.debug("QAALevel: " + qaaLevel.getValue()); + + RequestedAttributes requestedAttributes = null; requestedAttributes = oaParam.getRequestedAttributes(); requestedAttributes.detach(); List<RequestedAttribute> reqAttributeList = new ArrayList<RequestedAttribute>(); - List<RequestedAttribute> oaReqAttributeList = new ArrayList<RequestedAttribute>(oaParam.getRequestedAttributes().getRequestedAttributes()); + List<RequestedAttribute> oaReqAttributeList = null; + oaReqAttributeList = new ArrayList<RequestedAttribute>(oaParam.getRequestedAttributes().getRequestedAttributes()); + //check if country specific attributes must be additionally requested if (!cpeps.getCountrySpecificRequestedAttributes().isEmpty()) { //add country specific attributes to be requested (Hierarchy: default oa attributes > country specific attributes > oa specific attributes - Logger.debug("We have addtional country specific attributes to be requested from the C-PEPS of country: " + ccc); + Logger.debug("We have addtional country specific attributes to be requested from the C-PEPS of country: " + moasession.getCcc()); Logger.debug("The following attributes are requested for this specific country:"); List<RequestedAttribute> countrySpecificReqAttributeList = new ArrayList<RequestedAttribute>(cpeps.getCountrySpecificRequestedAttributes()); for (RequestedAttribute csReqAttr : countrySpecificReqAttributeList) { @@ -2874,13 +2656,15 @@ public class AuthenticationServer implements MOAIDAuthConstants { } } - String spSector = StringUtils.isEmpty(target) ? "Business" : target; + + //TODO: check Target in case of SSO!! + String spSector = StringUtils.isEmpty(moasession.getTarget()) ? "Business" : moasession.getTarget(); String spInstitution = StringUtils.isEmpty(oaParam.getFriendlyName()) ? "UNKNOWN" : oaParam.getFriendlyName(); String spApplication = spInstitution; String spCountry = "AT"; String textToBeSigned = - CreateXMLSignatureRequestBuilder.buildForeignIDTextToBeSigned("wie im Signaturzertifikat (as in my signature certificate)", oaParam, moaSession); + CreateXMLSignatureRequestBuilder.buildForeignIDTextToBeSigned("wie im Signaturzertifikat (as in my signature certificate)", oaParam, moasession); //generate AuthnRquest STORKAuthnRequest storkAuthnRequest = STORKAuthnRequestProcessor.generateSTORKAuthnRequest( @@ -2930,9 +2714,9 @@ public class AuthenticationServer implements MOAIDAuthConstants { Logger.debug("STORK AuthnRequest successfully internally validated."); //send - moaSession.setStorkAuthnRequest(storkAuthnRequest); + moasession.setStorkAuthnRequest(storkAuthnRequest); HttpSession httpSession = req.getSession(); - httpSession.setAttribute("MOA-Session-ID", moaSession.getSessionID()); + httpSession.setAttribute("MOA-Session-ID", moasession.getSessionID()); Logger.debug("Preparing to send STORK AuthnRequest."); @@ -2972,12 +2756,21 @@ public class AuthenticationServer implements MOAIDAuthConstants { InputStream is = new ByteArrayInputStream(Base64.decode(base64CertString)); - CertificateFactory cf; - X509Certificate cert = null; - cf = CertificateFactory.getInstance("X.509"); - cert = (X509Certificate)cf.generateCertificate(is); - - return cert; + X509Certificate cert; + try { + cert = new X509Certificate(is); + return cert; + + } catch (Throwable e) { + throw new CertificateException(e); + } + +// CertificateFactory cf; +// X509Certificate cert = null; +// cf = CertificateFactory.getInstance("X.509"); +// CertificateFactory +// cert = (X509Certificate)cf.generateCertificate(is); +// return cert; } } diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/MOAIDAuthConstants.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/MOAIDAuthConstants.java index 7d5835f20..edc43da0c 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/MOAIDAuthConstants.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/MOAIDAuthConstants.java @@ -24,6 +24,9 @@ package at.gv.egovernment.moa.id.auth; +import java.util.Arrays; +import java.util.List; + import iaik.asn1.ObjectID; @@ -43,6 +46,9 @@ public interface MOAIDAuthConstants { public static final String PARAM_OA = "OA"; /** servlet parameter "bkuURI" */ public static final String PARAM_BKU = "bkuURI"; + public static final String PARAM_MODUL = "MODUL"; + public static final String PARAM_ACTION = "ACTION"; + public static final String PARAM_SSO = "SSO"; /** servlet parameter "sourceID" */ public static final String PARAM_SOURCEID = "sourceID"; /** servlet parameter "BKUSelectionTemplate" */ @@ -112,9 +118,25 @@ public interface MOAIDAuthConstants { * used for checking the authorisation for signing the identity link for identity links signed after february 19th 2007 */ public static final ObjectID IDENTITY_LINK_SIGNER_OID = new ObjectID(IDENTITY_LINK_SIGNER_OID_NUMBER); + /** the number of the certifcate extension for party representatives */ public static final String PARTY_REPRESENTATION_OID_NUMBER = "1.2.40.0.10.3"; - /** the number of the certifcate extension for party organ representatives */ - public static final String PARTY_ORGAN_REPRESENTATION_OID_NUMBER = PARTY_REPRESENTATION_OID_NUMBER + ".10"; + +// /** the number of the certifcate extension for party organ representatives */ +// public static final String PARTY_ORGAN_REPRESENTATION_OID_NUMBER = PARTY_REPRESENTATION_OID_NUMBER + ".10"; + + /** OW */ + public static final String OW_ORGANWALTER = PARTY_REPRESENTATION_OID_NUMBER + ".4"; + + /** List of OWs */ + public static final List<ObjectID> OW_LIST = Arrays.asList( + new ObjectID(OW_ORGANWALTER)); + + /**BKU type identifiers to use bkuURI from configuration*/ + public static final String REQ_BKU_TYPE_LOCAL = "local"; + public static final String REQ_BKU_TYPE_ONLINE = "online"; + public static final String REQ_BKU_TYPE_HANDY = "handy"; + public static final List<String> REQ_BKU_TYPES = Arrays.asList(REQ_BKU_TYPE_LOCAL, REQ_BKU_TYPE_ONLINE, REQ_BKU_TYPE_HANDY); + } diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/MOAIDAuthInitializer.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/MOAIDAuthInitializer.java index cf5615a13..725773b75 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/MOAIDAuthInitializer.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/MOAIDAuthInitializer.java @@ -28,6 +28,7 @@ import iaik.pki.PKIException; import iaik.pki.jsse.IAIKX509TrustManager; import java.io.IOException; +import java.math.BigInteger; import java.security.GeneralSecurityException; import java.util.Properties; @@ -93,7 +94,7 @@ public class MOAIDAuthInitializer { // Mapping OpenSSL - Java // OpenSSL Java // http://www.openssl.org/docs/apps/ciphers.html http://docs.oracle.com/javase/6/docs/technotes/guides/security/SunProviders.html -// via “openssl ciphers -tls1 HIGH –v” +// via !openssl ciphers -tls1 HIGH !v! // // ADH-AES256-SHA TLS_DH_anon_WITH_AES_256_CBC_SHA // DHE-RSA-AES256-SHA TLS_DHE_RSA_WITH_AES_256_CBC_SHA @@ -139,6 +140,7 @@ public class MOAIDAuthInitializer { // Loads the configuration AuthConfigurationProvider authConf = AuthConfigurationProvider.reload(); + ConnectionParameter moaSPConnParam = authConf .getMoaSpConnectionParameter(); @@ -158,6 +160,7 @@ public class MOAIDAuthInitializer { // Initializes IAIKX509TrustManager logging String log4jConfigURL = System.getProperty("log4j.configuration"); + Logger.info("Log4J Configuration: " + log4jConfigURL); if (log4jConfigURL != null) { IAIKX509TrustManager.initLog(new LoggerConfigImpl(log4jConfigURL)); } @@ -170,39 +173,27 @@ public class MOAIDAuthInitializer { AxisSecureSocketFactory.initialize(ssf); } + // sets the authentication session and authentication data time outs - String param = authConf - .getGenericConfigurationParameter(AuthConfigurationProvider.AUTH_SESSION_TIMEOUT_PROPERTY); + BigInteger param = authConf.getTimeOuts().getMOASessionCreated(); if (param != null) { - long sessionTimeOut = 0; - try { - sessionTimeOut = new Long(param).longValue(); - } catch (NumberFormatException ex) { - Logger - .error(MOAIDMessageProvider - .getInstance() - .getMessage( - "config.05", - new Object[] { AuthConfigurationProvider.AUTH_SESSION_TIMEOUT_PROPERTY })); - } + long sessionTimeOut = param.longValue(); if (sessionTimeOut > 0) AuthenticationServer.getInstance() - .setSecondsSessionTimeOut(sessionTimeOut); + .setSecondsSessionTimeOutCreated(sessionTimeOut); } - param = authConf - .getGenericConfigurationParameter(AuthConfigurationProvider.AUTH_DATA_TIMEOUT_PROPERTY); + + param = authConf.getTimeOuts().getMOASessionUpdated(); if (param != null) { - long authDataTimeOut = 0; - try { - authDataTimeOut = new Long(param).longValue(); - } catch (NumberFormatException ex) { - Logger - .error(MOAIDMessageProvider - .getInstance() - .getMessage( - "config.05", - new Object[] { AuthConfigurationProvider.AUTH_DATA_TIMEOUT_PROPERTY })); - } + long sessionTimeOut = param.longValue(); + if (sessionTimeOut > 0) + AuthenticationServer.getInstance() + .setSecondsSessionTimeOutUpdated(sessionTimeOut); + } + + param = authConf.getTimeOuts().getAssertion(); + if (param != null) { + long authDataTimeOut = param.longValue(); if (authDataTimeOut > 0) AuthenticationServer.getInstance() .setSecondsAuthDataTimeOut(authDataTimeOut); diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/AuthenticationBlockAssertionBuilder.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/AuthenticationBlockAssertionBuilder.java index 412f1db81..ee2313070 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/AuthenticationBlockAssertionBuilder.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/AuthenticationBlockAssertionBuilder.java @@ -26,8 +26,13 @@ package at.gv.egovernment.moa.id.auth.builder; import java.io.StringWriter; import java.text.MessageFormat; +import java.text.SimpleDateFormat; +import java.util.Calendar; +import java.util.Date; import java.util.List; +import java.util.Locale; +import javax.xml.bind.DatatypeConverter; import javax.xml.transform.Result; import javax.xml.transform.Source; import javax.xml.transform.Transformer; @@ -49,10 +54,12 @@ import at.gv.egovernment.moa.id.config.ConfigurationException; import at.gv.egovernment.moa.id.config.TargetToSectorNameMapper; import at.gv.egovernment.moa.id.config.auth.AuthConfigurationProvider; import at.gv.egovernment.moa.id.config.auth.OAAuthParameter; +import at.gv.egovernment.moa.id.config.proxy.OAConfiguration; import at.gv.egovernment.moa.id.util.Random; import at.gv.egovernment.moa.logging.Logger; import at.gv.egovernment.moa.util.Constants; import at.gv.egovernment.moa.util.DOMUtils; +import at.gv.egovernment.moa.util.MiscUtil; import at.gv.egovernment.moa.util.StringUtils; /** @@ -79,6 +86,7 @@ public class AuthenticationBlockAssertionBuilder extends AuthenticationAssertion " <saml:AttributeValue>{6}</saml:AttributeValue>" + NL + " </saml:Attribute>" + NL + "{7}" + + "{8}" + " </saml:AttributeStatement>" + NL + "</saml:Assertion>"; @@ -97,6 +105,11 @@ public class AuthenticationBlockAssertionBuilder extends AuthenticationAssertion " </saml:AttributeValue>" + NL + " </saml:Attribute>" + NL; + private static String SPECIAL_TEXT_ATTRIBUTE = + " <saml:Attribute AttributeName=''SpecialText'' AttributeNamespace=''" + MOA_NS_URI + "''>" + NL + + " <saml:AttributeValue>{0}</saml:AttributeValue>" + NL + + " </saml:Attribute>" + NL; + private static String PR_IDENTIFICATION_ATTRIBUTE = " <pr:Identification xmlns:pr=\"" + PD_NS_URI + "\">" + NL + @@ -107,7 +120,8 @@ public class AuthenticationBlockAssertionBuilder extends AuthenticationAssertion /** * The number of SAML attributes included in this AUTH-Block (without the extended SAML attributes). */ - public static final int NUM_OF_SAML_ATTRIBUTES = 3; + public static final int NUM_OF_SAML_ATTRIBUTES = 4; + public static final int NUM_OF_SAML_ATTRIBUTES_SSO = 3; /** * Constructor for AuthenticationBlockAssertionBuilder. @@ -156,25 +170,16 @@ public class AuthenticationBlockAssertionBuilder extends AuthenticationAssertion String oaURL, String gebDat, List extendedSAMLAttributes, - AuthenticationSession session) + AuthenticationSession session, + OAAuthParameter oaParam) throws BuildException { session.setSAMLAttributeGebeORwbpk(true); String gebeORwbpk = ""; String wbpkNSDeclaration = ""; - - //reading OA parameters - OAAuthParameter oaParam; - try { - oaParam = AuthConfigurationProvider.getInstance().getOnlineApplicationParameter( - session.getPublicOAURLPrefix()); - } catch (ConfigurationException e) { - Logger.error("Error on building AUTH-Block: " + e.getMessage()); - throw new BuildException("builder.00", new Object[] { "AUTH-Block", e.toString()}); - } - - + if (target == null) { + // OA is a business application if (!Constants.URN_PREFIX_HPI.equals(identityLinkType)) { // Only add wbPKs to AUTH-Block. HPIs can be added to the AUTH-Block by the corresponding Validator @@ -191,6 +196,7 @@ public class AuthenticationBlockAssertionBuilder extends AuthenticationAssertion // We do not have a wbPK, therefore no SAML-Attribute is provided session.setSAMLAttributeGebeORwbpk(false); } + } else { // OA is a govermental application String sectorName = TargetToSectorNameMapper.getSectorNameViaTarget(target); @@ -205,7 +211,6 @@ public class AuthenticationBlockAssertionBuilder extends AuthenticationAssertion //no business service, adding bPK - System.out.println("identityLinkValue: " + identityLinkValue); if (identityLinkValue != null) { Element bpkSamlValueElement; try { @@ -252,6 +257,21 @@ public class AuthenticationBlockAssertionBuilder extends AuthenticationAssertion extendedSAMLAttributes.add(oaFriendlyNameAttribute); + + String text = ""; + try { + OAAuthParameter oaparam = AuthConfigurationProvider.getInstance().getOnlineApplicationParameter(session.getPublicOAURLPrefix()); + if (MiscUtil.isNotEmpty(text = oaparam.getAditionalAuthBlockText())) + Logger.info("Use addional AuthBlock Text from OA=" + oaparam.getPublicURLPrefix()); + } catch (ConfigurationException e) { + Logger.warn("Addional AuthBlock Text can not loaded from OA!", e); + } + + + + String specialText = MessageFormat.format(SPECIAL_TEXT_ATTRIBUTE, + new Object[] { generateSpecialText(text, issuer, issueInstant) }); + String assertion; try { assertion = MessageFormat.format( @@ -263,6 +283,7 @@ public class AuthenticationBlockAssertionBuilder extends AuthenticationAssertion gebeORwbpk, oaURL, gebDat, + specialText, buildExtendedSAMLAttributes(extendedSAMLAttributes)}); } catch (ParseException e) { Logger.error("Error on building AUTH-Block: " + e.getMessage()); @@ -385,6 +406,18 @@ public class AuthenticationBlockAssertionBuilder extends AuthenticationAssertion extendedSAMLAttributes.add(oaFriendlyNameAttribute); //..BZ + String text = ""; + try { + OAAuthParameter oaparam = AuthConfigurationProvider.getInstance().getOnlineApplicationParameter(session.getPublicOAURLPrefix()); + if (MiscUtil.isNotEmpty(text = oaparam.getAditionalAuthBlockText())) + Logger.info("Use addional AuthBlock Text from OA=" + oaparam.getPublicURLPrefix()); + } catch (ConfigurationException e) { + Logger.warn("Addional AuthBlock Text can not loaded from OA!", e); + } + + String specialText = MessageFormat.format(SPECIAL_TEXT_ATTRIBUTE, + new Object[] { generateSpecialText(text, issuer, issueInstant) }); + String assertion; try { assertion = MessageFormat.format( @@ -396,6 +429,7 @@ public class AuthenticationBlockAssertionBuilder extends AuthenticationAssertion gebeORwbpk, oaURL, gebDat, + specialText, buildExtendedSAMLAttributes(extendedSAMLAttributes)}); } catch (ParseException e) { Logger.error("Error on building AUTH-Block: " + e.getMessage()); @@ -406,6 +440,17 @@ public class AuthenticationBlockAssertionBuilder extends AuthenticationAssertion } + public static String generateSpecialText(String inputtext, String issuer, String issueInstant) { + Calendar datetime = DatatypeConverter.parseDateTime(issueInstant); + SimpleDateFormat dateformat = new SimpleDateFormat("dd.MM.yyyy"); + SimpleDateFormat timeformat = new SimpleDateFormat("HH:mm:ss"); + + String text = inputtext.replaceAll("#NAME#", issuer); + text = text.replaceAll("#DATE#", dateformat.format(datetime.getTime())); + text = text.replaceAll("#TIME#", timeformat.format(datetime.getTime())); + + return text; + } public static String xmlToString(Node node) { try { @@ -424,4 +469,92 @@ public class AuthenticationBlockAssertionBuilder extends AuthenticationAssertion return null; } + public String buildAuthBlockSSO( + String issuer, + String issueInstant, + String authURL, + String target, + String targetFriendlyName, + String identityLinkValue, + String identityLinkType, + String oaURL, + String gebDat, + List extendedSAMLAttributes, + AuthenticationSession session, + OAAuthParameter oaParam) + throws BuildException + { + session.setSAMLAttributeGebeORwbpk(true); + String gebeORwbpk = ""; + String wbpkNSDeclaration = ""; + + if (target != null) { + + boolean useMandate = session.getUseMandate(); + if (useMandate) { + String mandateReferenceValue = Random.nextRandom(); + // remove leading "-" + if (mandateReferenceValue.startsWith("-")) + mandateReferenceValue = mandateReferenceValue.substring(1); + + session.setMandateReferenceValue(mandateReferenceValue); + + ExtendedSAMLAttribute mandateReferenceValueAttribute = + new ExtendedSAMLAttributeImpl("mandateReferenceValue", mandateReferenceValue, Constants.MOA_NS_URI, ExtendedSAMLAttribute.ADD_TO_AUTHBLOCK); + + extendedSAMLAttributes.add(mandateReferenceValueAttribute); + } + } + + //adding friendly name of OA + String friendlyname; + try { + friendlyname = AuthConfigurationProvider.getInstance().getSSOFriendlyName(); + + ExtendedSAMLAttribute oaFriendlyNameAttribute = + new ExtendedSAMLAttributeImpl("oaFriendlyName", friendlyname, Constants.MOA_NS_URI, ExtendedSAMLAttribute.ADD_TO_AUTHBLOCK_ONLY); + + extendedSAMLAttributes.add(oaFriendlyNameAttribute); + + + String text = AuthConfigurationProvider.getInstance().getSSOSpecialText(); + + if (MiscUtil.isEmpty(text)) + text=""; + String specialText = MessageFormat.format(SPECIAL_TEXT_ATTRIBUTE, + new Object[] { generateSpecialText(text, issuer, issueInstant) }); + + + + + String assertion; + + assertion = MessageFormat.format( + AUTH_BLOCK, new Object[] { + wbpkNSDeclaration, + issuer, + issueInstant, + authURL, + gebeORwbpk, + oaURL, + gebDat, + specialText, + buildExtendedSAMLAttributes(extendedSAMLAttributes)}); + + return assertion; + + } catch (ParseException e) { + Logger.error("Error on building AUTH-Block: " + e.getMessage()); + throw new BuildException("builder.00", new Object[] { "AUTH-Block", e.toString()}); + + } catch (ConfigurationException e) { + Logger.error("Error on building AUTH-Block: " + e.getMessage()); + throw new BuildException("builder.00", new Object[] { "AUTH-Block", e.toString()}); + } + + + + } + + } diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/AuthenticationDataAssertionBuilder.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/AuthenticationDataAssertionBuilder.java index 0742261a7..839ebe7a4 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/AuthenticationDataAssertionBuilder.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/AuthenticationDataAssertionBuilder.java @@ -255,8 +255,8 @@ public class AuthenticationDataAssertionBuilder extends AuthenticationAssertionB String pkType; String pkValue; if (businessService) { - pkType = authData.getIdentificationType(); - pkValue = authData.getWBPK(); + pkType = authData.getBPKType(); + pkValue = authData.getBPK(); } else { // <saml:NameIdentifier NameQualifier> always has the bPK as type/value @@ -350,7 +350,6 @@ public class AuthenticationDataAssertionBuilder extends AuthenticationAssertionB String bkuURL, String signerCertificateBase64, boolean businessService, - String sourceID, List extendedSAMLAttributes, boolean useCondition, int conditionLength) @@ -377,8 +376,8 @@ public class AuthenticationDataAssertionBuilder extends AuthenticationAssertionB String pkType; String pkValue; if (businessService) { - pkType = authData.getIdentificationType(); - pkValue = authData.getWBPK(); + pkType = authData.getBPKType(); + pkValue = authData.getBPK(); } else { // <saml:NameIdentifier NameQualifier> always has the bPK as type/value diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/BPKBuilder.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/BPKBuilder.java index fa9789530..9bec06135 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/BPKBuilder.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/BPKBuilder.java @@ -27,6 +27,8 @@ package at.gv.egovernment.moa.id.auth.builder; import java.security.MessageDigest; import at.gv.egovernment.moa.id.BuildException; +import at.gv.egovernment.moa.id.auth.data.AuthenticationSession; +import at.gv.egovernment.moa.logging.Logger; import at.gv.egovernment.moa.util.Base64Utils; import at.gv.egovernment.moa.util.Constants; @@ -59,7 +61,12 @@ public class BPKBuilder { new Object[] {"BPK", "Unvollständige Parameterangaben: identificationValue=" + identificationValue + ",target=" + target}); } - String basisbegriff = identificationValue + "+" + Constants.URN_PREFIX_CDID + "+" + target; + String basisbegriff; + if (target.startsWith(Constants.URN_PREFIX_CDID + "+")) + basisbegriff = identificationValue + "+" + target; + else + basisbegriff = identificationValue + "+" + Constants.URN_PREFIX_CDID + "+" + target; + try { MessageDigest md = MessageDigest.getInstance("SHA-1"); byte[] hash = md.digest(basisbegriff.getBytes("ISO-8859-1")); @@ -89,7 +96,13 @@ public class BPKBuilder { new Object[] {"wbPK", "Unvollständige Parameterangaben: identificationValue=" + identificationValue + ",Register+Registernummer=" + registerAndOrdNr}); } - String basisbegriff = identificationValue + "+" + Constants.URN_PREFIX_WBPK + "+" + registerAndOrdNr; + + String basisbegriff; + if (registerAndOrdNr.startsWith(Constants.URN_PREFIX_WBPK + "+" )) + basisbegriff = identificationValue + "+" + registerAndOrdNr; + else + basisbegriff = identificationValue + "+" + Constants.URN_PREFIX_WBPK + "+" + registerAndOrdNr; + try { MessageDigest md = MessageDigest.getInstance("SHA-1"); byte[] hash = md.digest(basisbegriff.getBytes("ISO-8859-1")); diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/CreateXMLSignatureRequestBuilder.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/CreateXMLSignatureRequestBuilder.java index 2da7db2b2..23596abda 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/CreateXMLSignatureRequestBuilder.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/CreateXMLSignatureRequestBuilder.java @@ -26,6 +26,7 @@ package at.gv.egovernment.moa.id.auth.builder; import java.text.MessageFormat; import java.util.Calendar; +import java.util.List; import at.gv.egovernment.moa.id.auth.data.AuthenticationSession; import at.gv.egovernment.moa.id.config.TargetToSectorNameMapper; @@ -80,17 +81,22 @@ public class CreateXMLSignatureRequestBuilder implements Constants { * @param slVersion12 specifies whether the Security Layer version number is 1.2 or not * @return String representation of <code><CreateXMLSignatureRequest></code> */ - public String build(String authBlock, String keyBoxIdentifier, String[] dsigTransformInfos, boolean slVersion12) { + public String build(String authBlock, String keyBoxIdentifier, List<String> dsigTransformInfos, boolean slVersion12) { String sl10Prefix; String sl11Prefix; String slNsDeclaration; String dsigTransformInfosString = ""; - for (int i = 0; i < dsigTransformInfos.length; i++) { - dsigTransformInfosString += dsigTransformInfos[i]; + + for (String element : dsigTransformInfos) { + dsigTransformInfosString += element; } +// for (int i = 0; i < dsigTransformInfos.length; i++) { +// dsigTransformInfosString += dsigTransformInfos[i]; +// } + if (slVersion12) { // replace the SecurityLayer namespace prefixes and URIs within the transforms @@ -180,8 +186,8 @@ public class CreateXMLSignatureRequestBuilder implements Constants { // request += "</style>"; request += "</head>"; request += "<body>"; - request += "<h4 class=\"h4style\">Anmeldedaten für (Requesting Application Access for):</h4>"; - request += "<p class=\"titlestyle\">Persönliche Daten (Personal Data)</p>"; + request += "<h4 class=\"h4style\">Anmeldedaten für (Requesting Application Access for):</h4>"; + request += "<p class=\"titlestyle\">Persönliche Daten (Personal Data)</p>"; request += "<table class=\"parameters\">"; request += "<tr>"; request += "<td class=\"italicstyle\">Name:</td>"; @@ -201,7 +207,7 @@ public class CreateXMLSignatureRequestBuilder implements Constants { request += "</tr>"; request += "<tr>"; request += "<td class=\"italicstyle\">Land (Country):</td>"; - request += "<td class=\"normalstyle\">Österreich (Austria)</td>"; + request += "<td class=\"normalstyle\">Österreich (Austria)</td>"; request += "</tr>"; request += "</table>"; request += "<p class=\"titlestyle\">Technische Parameter (Technical Parameters)</p>"; @@ -253,14 +259,14 @@ public class CreateXMLSignatureRequestBuilder implements Constants { request += "</tr>"; request += "</table>"; - request += "<p class=\"normalstyle\">Mit der Anmeldung erfolgt eine Abfrage des Ergänzungsregister für " + - "natürliche Personen (ERnP), damit ich meinen elektronischen " + - "Identitätsnachweis (meine elektronische Identitätskarte) unmittelbar " + - "als Österreichische Bürgerkarte verwenden kann. Ich bin nicht im " + + request += "<p class=\"normalstyle\">Mit der Anmeldung erfolgt eine Abfrage des Ergänzungsregister für " + + "natürliche Personen (ERnP), damit ich meinen elektronischen " + + "Identitätsnachweis (meine elektronische Identitätskarte) unmittelbar " + + "als Österreichische Bürgerkarte verwenden kann. Ich bin nicht im " + "Zentralen Melderegister eingetragen und stimme, sofern ich nicht im " + "ERnP eingetragen bin, einer Eintragung ins ERnP zu. Ich nehme zur " + - "Kenntnis, dass die Eintragung ins ERnP ausschließlich der Aufzeichnung " + - "jener Daten, die für die eindeutige Identität notwendig sind, dient.</p>"; + "Kenntnis, dass die Eintragung ins ERnP ausschließlich der Aufzeichnung " + + "jener Daten, die für die eindeutige Identität notwendig sind, dient.</p>"; request += "<p class=\"normalstyle\">I affirm that I am not registered with the Austrian Central " + "Register of Residents or the Supplementary Register for Natural Persons. I therefore " + @@ -277,7 +283,7 @@ public class CreateXMLSignatureRequestBuilder implements Constants { // "Residents Registry and that I am not obliged to register with the Austrian " + // "Central Residents Registry according to Austrian law.<br/>" + // "In the event I am not yet registered with the Supplementary Register, I " + -// "explicitly grant to do so according to §6 (5) E-Government Act (EGovG, idF: " + +// "explicitly grant to do so according to §6 (5) E-Government Act (EGovG, idF: " + // "BGBl. I Nr. 7/2008 und BGBl. I Nr. 59/2008).</p>"; request += "</body>"; diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/CreateXMLSignatureRequestBuilderForeign.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/CreateXMLSignatureRequestBuilderForeign.java index 6368713db..650f1578d 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/CreateXMLSignatureRequestBuilderForeign.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/CreateXMLSignatureRequestBuilderForeign.java @@ -123,19 +123,19 @@ public class CreateXMLSignatureRequestBuilderForeign extends Builder { out.write("<");
else if (ch == '>')
out.write(">");
- else if (ch == 'ä')
+ else if (ch == 'ä')
out.write("ä");
- else if (ch == 'ö')
+ else if (ch == 'ö')
out.write("ö");
- else if (ch == 'ü')
+ else if (ch == 'ü')
out.write("ü");
- else if (ch == 'Ä')
+ else if (ch == 'Ä')
out.write("Ä");
- else if (ch == 'Ö')
+ else if (ch == 'Ö')
out.write("Ö");
- else if (ch == 'Ü')
+ else if (ch == 'Ü')
out.write("Ü");
- else if (ch == 'ß')
+ else if (ch == 'ß')
out.write("ß");
else
out.write(ch);
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/DataURLBuilder.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/DataURLBuilder.java index 4dd6ac78b..9b7cc41ba 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/DataURLBuilder.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/DataURLBuilder.java @@ -60,27 +60,23 @@ public class DataURLBuilder { String individualDataURLPrefix = null; String dataURL; - try { - //check if an individual prefix is configured - individualDataURLPrefix = AuthConfigurationProvider.getInstance(). - getGenericConfigurationParameter(AuthConfigurationProvider.INDIVIDUAL_DATA_URL_PREFIX); - - if (null != individualDataURLPrefix) { - - //check individualDataURLPrefix - if(!individualDataURLPrefix.startsWith("http")) - throw(new ConfigurationException("config.13", new Object[] { individualDataURLPrefix})); - - //when ok then use it - dataURL = individualDataURLPrefix + authServletName; - } else - dataURL = authBaseURL + authServletName; - - } catch (ConfigurationException e) { - Logger.warn(e); - Logger.warn(MOAIDMessageProvider.getInstance().getMessage("config.12", new Object[] { authBaseURL } )); - dataURL = authBaseURL + authServletName; - } + + //is removed from config in MOA-ID 2.0 + //check if an individual prefix is configured +// individualDataURLPrefix = AuthConfigurationProvider.getInstance(). +// getGenericConfigurationParameter(AuthConfigurationProvider.INDIVIDUAL_DATA_URL_PREFIX); +// +// if (null != individualDataURLPrefix) { +// +// //check individualDataURLPrefix +// if(!individualDataURLPrefix.startsWith("http")) +// throw(new ConfigurationException("config.13", new Object[] { individualDataURLPrefix})); +// +// //when ok then use it +// dataURL = individualDataURLPrefix + authServletName; +// } else + + dataURL = authBaseURL + authServletName; dataURL = addParameter(dataURL, AuthServlet.PARAM_SESSIONID, sessionID); return dataURL; diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/GetIdentityLinkFormBuilder.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/GetIdentityLinkFormBuilder.java index d40cd1909..bd8d52031 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/GetIdentityLinkFormBuilder.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/GetIdentityLinkFormBuilder.java @@ -154,19 +154,19 @@ public class GetIdentityLinkFormBuilder extends Builder { out.write("<"); else if (ch == '>') out.write(">"); - else if (ch == 'ä') + else if (ch == 'ä') out.write("ä"); - else if (ch == 'ö') + else if (ch == 'ö') out.write("ö"); - else if (ch == 'ü') + else if (ch == 'ü') out.write("ü"); - else if (ch == 'Ä') + else if (ch == 'Ä') out.write("Ä"); - else if (ch == 'Ö') + else if (ch == 'Ö') out.write("Ö"); - else if (ch == 'Ü') + else if (ch == 'Ãœ') out.write("Ü"); - else if (ch == 'ß') + else if (ch == 'ß') out.write("ß"); else out.write(ch); diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/InfoboxValidatorParamsBuilder.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/InfoboxValidatorParamsBuilder.java index fa1de87de..0a526ebbe 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/InfoboxValidatorParamsBuilder.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/InfoboxValidatorParamsBuilder.java @@ -59,48 +59,52 @@ public class InfoboxValidatorParamsBuilder { * * @return Parameters for validating an infobox token. */ - public static InfoboxValidatorParams buildInfoboxValidatorParams( - AuthenticationSession session, - VerifyInfoboxParameter verifyInfoboxParameter, - List infoboxTokenList, - OAAuthParameter oaParam) - { - InfoboxValidatorParamsImpl infoboxValidatorParams = new InfoboxValidatorParamsImpl(); - IdentityLink identityLink = session.getIdentityLink(); - - // the infobox token to validate - infoboxValidatorParams.setInfoboxTokenList(infoboxTokenList); - // configuration parameters - infoboxValidatorParams.setTrustProfileID(verifyInfoboxParameter.getTrustProfileID()); - infoboxValidatorParams.setSchemaLocations(verifyInfoboxParameter.getSchemaLocations()); - infoboxValidatorParams.setApplicationSpecificParams(verifyInfoboxParameter.getApplicationSpecificParams()); - // authentication session parameters - infoboxValidatorParams.setBkuURL(session.getBkuURL()); - infoboxValidatorParams.setTarget(session.getTarget()); - infoboxValidatorParams.setDomainIdentifier(oaParam.getIdentityLinkDomainIdentifier()); - infoboxValidatorParams.setBusinessApplication(session.getBusinessService()); - // parameters from the identity link - infoboxValidatorParams.setFamilyName(identityLink.getFamilyName()); - infoboxValidatorParams.setGivenName(identityLink.getGivenName()); - infoboxValidatorParams.setDateOfBirth(identityLink.getDateOfBirth()); - if (verifyInfoboxParameter.getProvideStammzahl()) { - infoboxValidatorParams.setIdentificationValue(identityLink.getIdentificationValue()); - } - infoboxValidatorParams.setIdentificationType(identityLink.getIdentificationType()); - infoboxValidatorParams.setPublicKeys(identityLink.getPublicKey()); - if (verifyInfoboxParameter.getProvideIdentityLink()) { - Element identityLinkElem = (Element)identityLink.getSamlAssertion().cloneNode(true); - if (!verifyInfoboxParameter.getProvideStammzahl()) { - Element identificationValueElem = - (Element)XPathUtils.selectSingleNode(identityLinkElem, IdentityLinkAssertionParser.PERSON_IDENT_VALUE_XPATH); - if (identificationValueElem != null) { - identificationValueElem.getFirstChild().setNodeValue(""); - } - } - infoboxValidatorParams.setIdentityLink(identityLinkElem); - } - infoboxValidatorParams.setHideStammzahl(!oaParam.getProvideStammzahl()); - return infoboxValidatorParams; - } +// public static InfoboxValidatorParams buildInfoboxValidatorParams( +// AuthenticationSession session, +// VerifyInfoboxParameter verifyInfoboxParameter, +// List infoboxTokenList, +// OAAuthParameter oaParam) +// { +// InfoboxValidatorParamsImpl infoboxValidatorParams = new InfoboxValidatorParamsImpl(); +// IdentityLink identityLink = session.getIdentityLink(); +// +// // the infobox token to validate +// infoboxValidatorParams.setInfoboxTokenList(infoboxTokenList); +// // configuration parameters +// infoboxValidatorParams.setTrustProfileID(verifyInfoboxParameter.getTrustProfileID()); +// infoboxValidatorParams.setSchemaLocations(verifyInfoboxParameter.getSchemaLocations()); +// infoboxValidatorParams.setApplicationSpecificParams(verifyInfoboxParameter.getApplicationSpecificParams()); +// // authentication session parameters +// infoboxValidatorParams.setBkuURL(session.getBkuURL()); +// infoboxValidatorParams.setTarget(session.getTarget()); +// infoboxValidatorParams.setDomainIdentifier(oaParam.getIdentityLinkDomainIdentifier()); +// infoboxValidatorParams.setBusinessApplication(session.getBusinessService()); +// // parameters from the identity link +// infoboxValidatorParams.setFamilyName(identityLink.getFamilyName()); +// infoboxValidatorParams.setGivenName(identityLink.getGivenName()); +// infoboxValidatorParams.setDateOfBirth(identityLink.getDateOfBirth()); +// if (verifyInfoboxParameter.getProvideStammzahl()) { +// infoboxValidatorParams.setIdentificationValue(identityLink.getIdentificationValue()); +// } +// infoboxValidatorParams.setIdentificationType(identityLink.getIdentificationType()); +// infoboxValidatorParams.setPublicKeys(identityLink.getPublicKey()); +// if (verifyInfoboxParameter.getProvideIdentityLink()) { +// Element identityLinkElem = (Element)identityLink.getSamlAssertion().cloneNode(true); +// if (!verifyInfoboxParameter.getProvideStammzahl()) { +// Element identificationValueElem = +// (Element)XPathUtils.selectSingleNode(identityLinkElem, IdentityLinkAssertionParser.PERSON_IDENT_VALUE_XPATH); +// if (identificationValueElem != null) { +// identificationValueElem.getFirstChild().setNodeValue(""); +// } +// } +// infoboxValidatorParams.setIdentityLink(identityLinkElem); +// } +// +// //TODO: check if this is Protocol specific +// //infoboxValidatorParams.setHideStammzahl(!oaParam.getProvideStammzahl()); +// infoboxValidatorParams.setHideStammzahl(true); +// +// return infoboxValidatorParams; +// } } diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/LoginConfirmationBuilder.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/LoginConfirmationBuilder.java new file mode 100644 index 000000000..69e654f56 --- /dev/null +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/LoginConfirmationBuilder.java @@ -0,0 +1,79 @@ +package at.gv.egovernment.moa.id.auth.builder; + + +public class LoginConfirmationBuilder { + /** private static String NL contains the NewLine representation in Java*/ + private static final String nl = "\n"; + + private static final String OA_URL_TAG = "<OA_URL>"; + private static final String FORM_METHOD_TAG = "<FORM_METHOD_URL>"; + private static final String ATTR_NAME_TAG = "<ATTR_NAME_URL>"; + private static final String ATTR_VALUE_TAG = "<ATTR_VALUE_URL>"; + private static final String ATTR_TEMP_TAG = "<ATTR_TEMP_URL>"; + private static final String OA_TAG = "<OA_TAG>"; + private static final String NAME_TAG = "<NAME_URL>"; + + private static final String METHOD_GET = "GET"; + private static final String METHOD_POST = "POST"; + + + private static final String ATTR_TEMPLATE = + " <input type=\"hidden\" " + nl + + " name=\"" + ATTR_NAME_TAG + "\"" + nl + + " value=\"" + ATTR_VALUE_TAG + "\"/>" + nl; + + /** default HTML template */ + private static final String DEFAULT_HTML_TEMPLATE = + "<html>" + nl + + "<head>" + nl + + "<meta http-equiv=\"content-type\" content=\"text/html; charset=UTF-8\">" + nl + + "<title>Anmeldung mit Bürgerkarte</title>" + nl + + "</head>" + nl + + "<body>" + nl + + "<p>Wollen Sie sich als <b>"+NAME_TAG+"</b> bei <b>"+OA_TAG+ + "</b> anmelden?</p>" + nl + + "<form name=\"GetIdentityLinkForm\"" + nl + + " action=\"" + OA_URL_TAG + "\"" + nl + + " method=\"" + FORM_METHOD_TAG + "\">" + nl + + ATTR_TEMP_TAG + + " <input type=\"submit\" value=\"Anmeldung durchführen\"/>" + nl + + "</form>" + nl + + "</body>" + nl + + "</html>"; + + private String template; + + public LoginConfirmationBuilder(){ + init(METHOD_GET); + } + + public LoginConfirmationBuilder(String method) { + init(method); + } + + public void init(String method) { + if(method.equals(METHOD_POST)) { + template = DEFAULT_HTML_TEMPLATE.replace(FORM_METHOD_TAG, METHOD_POST); + } else { + template = DEFAULT_HTML_TEMPLATE.replace(FORM_METHOD_TAG, METHOD_GET); + } + } + + public void addParameter(String name, String value) { + String attr_template = ATTR_TEMPLATE + ATTR_TEMP_TAG; + //Logger.info("Attr Template: " + attr_template); + attr_template = attr_template.replace(ATTR_NAME_TAG, name); + //Logger.info("Attr Template: " + attr_template); + attr_template = attr_template.replace(ATTR_VALUE_TAG, value); + //Logger.info("Attr Template: " + attr_template); + template = template.replace(ATTR_TEMP_TAG, attr_template); + //Logger.info("Template: " + template); + } + + public String finish(String oaURL, String userName, String oa) { + template = template.replace(NAME_TAG, userName); + template = template.replace(OA_TAG, oa); + template = template.replace(OA_URL_TAG, oaURL); + return template.replace(ATTR_TEMP_TAG, ""); + } +} diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/LoginFormBuilder.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/LoginFormBuilder.java new file mode 100644 index 000000000..a80fcfa25 --- /dev/null +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/LoginFormBuilder.java @@ -0,0 +1,107 @@ +package at.gv.egovernment.moa.id.auth.builder; + +import java.io.File; +import java.io.FileInputStream; +import java.io.FileNotFoundException; +import java.io.InputStream; +import java.io.StringWriter; +import java.net.URI; + +import org.apache.commons.io.IOUtils; + +import at.gv.egovernment.moa.id.auth.servlet.GenerateIFrameTemplateServlet; +import at.gv.egovernment.moa.id.config.OAParameter; +import at.gv.egovernment.moa.id.config.auth.AuthConfigurationProvider; +import at.gv.egovernment.moa.id.config.auth.OAAuthParameter; +import at.gv.egovernment.moa.id.protocols.saml1.SAML1Protocol; +import at.gv.egovernment.moa.logging.Logger; + +public class LoginFormBuilder { + + private static final String HTMLTEMPLATESDIR = "htmlTemplates/"; + private static final String HTMLTEMPLATEFULL = "loginFormFull.html"; + private static final String HTMLTEMPLATEIFRAME = "loginFormIFrame.html"; + + private static String AUTH_URL = "#AUTH_URL#"; + private static String MODUL = "#MODUL#"; + private static String ACTION = "#ACTION#"; + private static String OANAME = "#OAName#"; + private static String BKU_ONLINE = "#ONLINE#"; + private static String BKU_HANDY = "#HANDY#"; + private static String BKU_LOCAL = "#LOCAL#"; + private static String CONTEXTPATH = "#CONTEXTPATH#"; + private static String MOASESSIONID = "#SESSIONID#"; + + private static String SERVLET = CONTEXTPATH+"/GenerateIframeTemplate"; + + private static String getTemplate(boolean isIFrame) { + + String template = null; + + try { + String pathLocation; + + InputStream input; + + String rootconfigdir = AuthConfigurationProvider.getInstance().getRootConfigFileDir(); + + if (isIFrame) + pathLocation = rootconfigdir + HTMLTEMPLATESDIR + HTMLTEMPLATEIFRAME; + else + pathLocation = rootconfigdir + HTMLTEMPLATESDIR + HTMLTEMPLATEFULL; + + try { + File file = new File(new URI(pathLocation)); + input = new FileInputStream(file); + + } catch (FileNotFoundException e) { + + Logger.warn("No LoginFormTempaltes found. Use Generic Templates from package."); + + if (isIFrame) + pathLocation = "resources/templates/" + HTMLTEMPLATEIFRAME; + else + pathLocation = "resources/templates/" + HTMLTEMPLATEFULL; + + input = Thread.currentThread() + .getContextClassLoader() + .getResourceAsStream(pathLocation); + + } + + StringWriter writer = new StringWriter(); + IOUtils.copy(input, writer); + template = writer.toString(); + template = template.replace(AUTH_URL, SERVLET); + template = template.replace(BKU_ONLINE, OAAuthParameter.ONLINEBKU); + template = template.replace(BKU_HANDY, OAAuthParameter.HANDYBKU); + template = template.replace(BKU_LOCAL, OAAuthParameter.LOCALBKU); + + input.close(); + + } catch (Exception e) { + Logger.error("Failed to read template", e); + } + return template; + } + + public static String buildLoginForm(String modul, String action, String oaname, String contextpath, boolean isIFrame, String moaSessionID) { + String value = getTemplate(isIFrame); + + if(value != null) { + if(modul == null) { + modul = SAML1Protocol.PATH; + } + if(action == null) { + action = SAML1Protocol.GETARTIFACT; + } + value = value.replace(MODUL, modul); + value = value.replace(ACTION, action); + value = value.replace(OANAME, oaname); + value = value.replace(CONTEXTPATH, contextpath); + value = value.replace(MOASESSIONID, moaSessionID); + } + return value; + } + +} diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/RedirectFormBuilder.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/RedirectFormBuilder.java new file mode 100644 index 000000000..6d10f5519 --- /dev/null +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/RedirectFormBuilder.java @@ -0,0 +1,43 @@ +package at.gv.egovernment.moa.id.auth.builder; + +import java.io.InputStream; +import java.io.StringWriter; + +import org.apache.commons.io.IOUtils; + +import at.gv.egovernment.moa.id.auth.servlet.GenerateIFrameTemplateServlet; +import at.gv.egovernment.moa.id.protocols.saml1.SAML1Protocol; +import at.gv.egovernment.moa.logging.Logger; + +public class RedirectFormBuilder { + + private static String URL = "#URL#"; + private static String template; + + private static String getTemplate() { + + if (template == null) { + try { + String classpathLocation = "resources/templates/redirectForm.html"; + InputStream input = Thread.currentThread() + .getContextClassLoader() + .getResourceAsStream(classpathLocation); + StringWriter writer = new StringWriter(); + IOUtils.copy(input, writer); + template = writer.toString(); + } catch (Exception e) { + Logger.error("Failed to read template", e); + } + } + + return template; + } + + public static String buildLoginForm(String url) { + String value = getTemplate(); + value = value.replace(URL, url); + + return value; + } + +} diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/SAMLArtifactBuilder.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/SAMLArtifactBuilder.java index a0fe0de1b..304a5b70c 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/SAMLArtifactBuilder.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/SAMLArtifactBuilder.java @@ -72,7 +72,7 @@ public class SAMLArtifactBuilder { MessageDigest md = MessageDigest.getInstance("SHA-1"); byte[] sourceID; // alternative sourceId - String alternativeSourceID = AuthConfigurationProvider.getInstance().getGenericConfigurationParameter(GENERIC_CONFIG_PARAM_SOURCEID); + String alternativeSourceID = AuthConfigurationProvider.getInstance().getAlternativeSourceID(); // if sourceID is given in GET/POST param - use this as source id if (!ParepUtils.isEmpty(sourceIdParam)) { diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/SendAssertionFormBuilder.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/SendAssertionFormBuilder.java new file mode 100644 index 000000000..956593237 --- /dev/null +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/SendAssertionFormBuilder.java @@ -0,0 +1,98 @@ +package at.gv.egovernment.moa.id.auth.builder; + +import java.io.File; +import java.io.FileInputStream; +import java.io.FileNotFoundException; +import java.io.InputStream; +import java.io.StringWriter; +import java.net.URI; + +import org.apache.commons.io.IOUtils; + +import at.gv.egovernment.moa.id.auth.servlet.GenerateIFrameTemplateServlet; +import at.gv.egovernment.moa.id.config.OAParameter; +import at.gv.egovernment.moa.id.config.auth.AuthConfigurationProvider; +import at.gv.egovernment.moa.id.config.auth.OAAuthParameter; +import at.gv.egovernment.moa.id.protocols.saml1.SAML1Protocol; +import at.gv.egovernment.moa.logging.Logger; + +public class SendAssertionFormBuilder { + + private static final String HTMLTEMPLATESDIR = "htmlTemplates/"; + private static final String HTMLTEMPLATEFULL = "sendAssertionFormFull.html"; + private static final String HTMLTEMPLATEIFRAME = "sendAssertionFormIFrame.html"; + + private static String URL = "#URL#"; + private static String MODUL = "#MODUL#"; + private static String ACTION = "#ACTION#"; + private static String ID = "#ID#"; + private static String OANAME = "#OAName#"; + private static String CONTEXTPATH = "#CONTEXTPATH#"; + + private static String SERVLET = CONTEXTPATH+"/SSOSendAssertionServlet"; + + private static String getTemplate(boolean isIFrame) { + + String template = null; + + try { + String pathLocation; + InputStream input; + + String rootconfigdir = AuthConfigurationProvider.getInstance().getRootConfigFileDir(); + + if (isIFrame) + pathLocation = rootconfigdir + HTMLTEMPLATESDIR + HTMLTEMPLATEIFRAME; + else + pathLocation = rootconfigdir + HTMLTEMPLATESDIR + HTMLTEMPLATEFULL; + + try { + File file = new File(new URI(pathLocation)); + input = new FileInputStream(file); + + } catch (FileNotFoundException e) { + + Logger.warn("No LoginFormTempaltes found. Use Generic Templates from package."); + + if (isIFrame) + pathLocation = "resources/templates/" + HTMLTEMPLATEIFRAME; + else + pathLocation = "resources/templates/" + HTMLTEMPLATEFULL; + + input = Thread.currentThread() + .getContextClassLoader() + .getResourceAsStream(pathLocation); + + } + + StringWriter writer = new StringWriter(); + IOUtils.copy(input, writer); + template = writer.toString(); + template = template.replace(URL, SERVLET); + } catch (Exception e) { + Logger.error("Failed to read template", e); + } + + return template; + } + + public static String buildForm(String modul, String action, String id, String oaname, String contextpath, boolean isIFrame) { + String value = getTemplate(isIFrame); + + if(value != null) { + if(modul == null) { + modul = SAML1Protocol.PATH; + } + if(action == null) { + action = SAML1Protocol.GETARTIFACT; + } + value = value.replace(MODUL, modul); + value = value.replace(ACTION, action); + value = value.replace(ID, id); + value = value.replace(OANAME, oaname); + value = value.replace(CONTEXTPATH, contextpath); + } + return value; + } + +} diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/StartAuthenticationBuilder.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/StartAuthenticationBuilder.java new file mode 100644 index 000000000..8a9c2b4fd --- /dev/null +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/StartAuthenticationBuilder.java @@ -0,0 +1,56 @@ +package at.gv.egovernment.moa.id.auth.builder; + +import javax.servlet.http.HttpServletRequest; +import javax.servlet.http.HttpServletResponse; + +import at.gv.egovernment.moa.id.AuthenticationException; +import at.gv.egovernment.moa.id.MOAIDException; +import at.gv.egovernment.moa.id.auth.AuthenticationServer; +import at.gv.egovernment.moa.id.auth.WrongParametersException; +import at.gv.egovernment.moa.id.auth.data.AuthenticationSession; +import at.gv.egovernment.moa.id.config.auth.AuthConfigurationProvider; +import at.gv.egovernment.moa.id.config.stork.STORKConfig; +import at.gv.egovernment.moa.logging.Logger; +import at.gv.egovernment.moa.util.StringUtils; + +public class StartAuthenticationBuilder { + + private static StartAuthenticationBuilder instance = null; + + public static StartAuthenticationBuilder getInstance() { + if (instance == null) { + instance = new StartAuthenticationBuilder(); + } + return instance; + } + + + public String build(AuthenticationSession moasession, HttpServletRequest req, + HttpServletResponse resp) throws WrongParametersException, MOAIDException { + + if (moasession == null) { + throw new AuthenticationException("auth.18", new Object[] { }); + } + + STORKConfig storkConfig = AuthConfigurationProvider.getInstance().getStorkConfig(); + + Logger.info("Starting authentication for a citizen of country: " + (StringUtils.isEmpty(moasession.getCcc()) ? "AT" : moasession.getCcc())); + // STORK or normal authentication + if (storkConfig.isSTORKAuthentication(moasession.getCcc())) { + //STORK authentication + Logger.trace("Found C-PEPS configuration for citizen of country: " + moasession.getCcc()); + Logger.debug("Starting STORK authentication"); + + AuthenticationServer.startSTORKAuthentication(req, resp, moasession); + return ""; + + } else { + //normal MOA-ID authentication + Logger.debug("Starting normal MOA-ID authentication"); + + String getIdentityLinkForm = AuthenticationServer.getInstance().startAuthentication(moasession, req.getScheme()); + + return getIdentityLinkForm; + } + } +} diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/VerifyXMLSignatureRequestBuilder.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/VerifyXMLSignatureRequestBuilder.java index 5e6d47bdf..b65b3db0d 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/VerifyXMLSignatureRequestBuilder.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/VerifyXMLSignatureRequestBuilder.java @@ -24,6 +24,8 @@ package at.gv.egovernment.moa.id.auth.builder; +import java.util.List; + import javax.xml.parsers.DocumentBuilder; import javax.xml.parsers.DocumentBuilderFactory; @@ -253,7 +255,7 @@ public class VerifyXMLSignatureRequestBuilder { */ public Element build( CreateXMLSignatureResponse csr, - String[] verifyTransformsInfoProfileID, + List<String> verifyTransformsInfoProfileID, String trustProfileID) throws BuildException { //samlAssertionObject @@ -286,13 +288,25 @@ public class VerifyXMLSignatureRequestBuilder { // add the transform profile IDs Element referenceInfoElem = requestDoc_.createElementNS(MOA_NS_URI, "ReferenceInfo"); signatureManifestCheckParamsElem.appendChild(referenceInfoElem); - for (int i = 0; i < verifyTransformsInfoProfileID.length; i++) { - Element verifyTransformsInfoProfileIDElem = - requestDoc_.createElementNS(MOA_NS_URI, "VerifyTransformsInfoProfileID"); - referenceInfoElem.appendChild(verifyTransformsInfoProfileIDElem); - verifyTransformsInfoProfileIDElem.appendChild( - requestDoc_.createTextNode(verifyTransformsInfoProfileID[i])); - } + +// for (int i = 0; i < verifyTransformsInfoProfileID.length; i++) { +// +// Element verifyTransformsInfoProfileIDElem = +// requestDoc_.createElementNS(MOA_NS_URI, "VerifyTransformsInfoProfileID"); +// referenceInfoElem.appendChild(verifyTransformsInfoProfileIDElem); +// verifyTransformsInfoProfileIDElem.appendChild( +// requestDoc_.createTextNode(verifyTransformsInfoProfileID[i])); +// } + + for (String element : verifyTransformsInfoProfileID) { + + Element verifyTransformsInfoProfileIDElem = + requestDoc_.createElementNS(MOA_NS_URI, "VerifyTransformsInfoProfileID"); + referenceInfoElem.appendChild(verifyTransformsInfoProfileIDElem); + verifyTransformsInfoProfileIDElem.appendChild( + requestDoc_.createTextNode(element)); + } + Element returnHashInputDataElem = requestDoc_.createElementNS(MOA_NS_URI, "ReturnHashInputData"); requestElem_.appendChild(returnHashInputDataElem); diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/data/AuthenticationSession.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/data/AuthenticationSession.java index e861c62fa..4560e69cf 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/data/AuthenticationSession.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/data/AuthenticationSession.java @@ -21,59 +21,73 @@ * that you distribute must include a readable copy of the "NOTICE" text file. */ - package at.gv.egovernment.moa.id.auth.data; - - import iaik.x509.X509Certificate; +import java.io.IOException; +import java.io.Serializable; +import java.security.cert.CertificateEncodingException; +import java.security.cert.CertificateException; import java.util.ArrayList; import java.util.Date; import java.util.Iterator; import java.util.List; import java.util.Vector; +import javax.xml.parsers.ParserConfigurationException; + +import org.w3c.dom.Element; +import org.xml.sax.SAXException; + import at.gv.egovernment.moa.id.auth.validator.InfoboxValidator; import at.gv.egovernment.moa.id.auth.validator.parep.ParepUtils; import at.gv.egovernment.moa.id.data.AuthenticationData; +import at.gv.egovernment.moa.id.protocols.pvp2x.exceptions.PVP2Exception; +import at.gv.egovernment.moa.id.util.client.mis.simple.MISMandate; import at.gv.egovernment.moa.logging.Logger; import at.gv.egovernment.moa.util.Constants; +import at.gv.egovernment.moa.util.DOMUtils; import eu.stork.mw.messages.saml.STORKAuthnRequest; /** - * Session data to be stored between <code>AuthenticationServer</code> API calls. + * Session data to be stored between <code>AuthenticationServer</code> API + * calls. * * @author Paul Ivancsics * @version $Id$ */ -public class AuthenticationSession { - - private static String TARGET_PREFIX_ = Constants.URN_PREFIX_CDID + "+"; - private static String REGISTERANDORDNR_PREFIX_ = Constants.URN_PREFIX_WBPK + "+"; - +public class AuthenticationSession implements Serializable { + + /** + * + */ + private static final long serialVersionUID = 1L; + + public static final String TARGET_PREFIX_ = Constants.URN_PREFIX_CDID + "+"; + public static final String REGISTERANDORDNR_PREFIX_ = Constants.URN_PREFIX_WBPK + + "+"; + /** * session ID */ private String sessionID; /** - * "Geschäftsbereich" the online application belongs to; maybe <code>null</code> - * if the online application is a business application + * "Geschäftsbereich" the online application belongs to; maybe + * <code>null</code> if the online application is a business application */ private String target; /** - * Friendly name for the target, if target is configured via MOA-ID configuration + * Friendly name for the target, if target is configured via MOA-ID + * configuration */ private String targetFriendlyName; - + /** * SourceID */ private String sourceID; - /** - * Indicates if target from configuration is used or not - */ - private boolean useTargetFromConfig; + /** * public online application URL requested */ @@ -86,758 +100,1037 @@ public class AuthenticationSession { * URL of MOA ID authentication component */ private String authURL; - /** - * HTML template URL - */ - private String templateURL; - - /** - * URL of the BKU - */ - private String bkuURL; - - /** - * Use mandate - */ - private boolean useMandate; - - /** - * Reference value for mandate - */ - private String mandateReferenceValue; - - /** - * Authentication data for the assertion - */ - private AuthenticationData assertionAuthData; - - /** - * Persondata for the assertion - */ - private String assertionPrPerson; - - /** - * Authblock for the assertion - */ - private String assertionAuthBlock; - - /** - * Identitylink assertion for the (MOA) assertion - */ - private String assertionIlAssertion; - - /** - * Signer certificate (base64 encoded) for the assertion - */ - private String assertionSignerCertificateBase64; - - /** - * bussiness service for the assertion - */ - boolean assertionBusinessService; - - /** - * SessionID for MIS - */ - private String misSessionID; + /** + * HTML template URL + */ + private String templateURL; + + /** + * URL of the BKU + */ + private String bkuURL; + + /** + * Indicates whether the corresponding online application is a business + * service or not + */ + private boolean businessService; + + //Store Mandate + /** + * Use mandate + */ + private boolean useMandate; + + + private boolean isOW = false; + + + /** + * STORK + */ + private String ccc; + + /** + * + * Mandate element + */ + private MISMandate mandate; + + /** + * Reference value for mandate + * bussiness service for the assertion + */ + private String mandateReferenceValue; + + /** + * SessionID for MIS + */ + private String misSessionID; + + //store Identitylink /** * identity link read from smartcard */ private IdentityLink identityLink; + + /** + * timestamp logging when identity link has been received + */ + private Date timestampIdentityLink; + + //store Authblock /** * authentication block to be signed by the user */ private String authBlock; + /** - * timestamp logging when authentication session has been created + * The issuing time of the AUTH-Block SAML assertion. */ - private Date timestampStart; + private String issueInstant; + + //Signer certificate /** - * timestamp logging when identity link has been received + * Signer certificate of the foreign citizen or for mandate mode */ - private Date timestampIdentityLink; - /** - * Indicates whether the corresponding online application is a business - * service or not - */ - private boolean businessService; - - /** - * Signer certificate of the foreign citizen or for mandate mode - */ - private X509Certificate signerCertificate; - /** - * SAML attributes from an extended infobox validation to be appended - * to the SAML assertion delivered to the final online application. - */ - private List extendedSAMLAttributesOA; - - /** - * The boolean value for either a target or a wbPK is provided as - * SAML Attribute in the SAML Assertion or not. - */ - private boolean samlAttributeGebeORwbpk; - - /** - * SAML attributes from an extended infobox validation to be appended - * to the SAML assertion of the AUTHBlock. - */ - private List extendedSAMLAttributesAUTH; - - /** - * The issuing time of the AUTH-Block SAML assertion. - */ - private String issueInstant; - - /** - * If infobox validators are needed after signing, they can be stored in - * this list. - */ - private List infoboxValidators; - - /** - * The register and number in the register parameter in case of a business - * service application. - */ - private String domainIdentifier; - - /** - * This string contains all identifiers of infoboxes, the online application - * is configured to accept. The infobox identifiers are comma separated. - */ - private String pushInfobox; - - /** - * The STORK AuthRequest to be sent to the C-PEPS - */ - private STORKAuthnRequest storkAuthnRequest; - - /** - * Constructor for AuthenticationSession. - * - * @param id Session ID - */ - public AuthenticationSession(String id) { - sessionID = id; - setTimestampStart(); - infoboxValidators = new ArrayList(); - } - - public X509Certificate getSignerCertificate() { - return signerCertificate; - } - - public void setSignerCertificate(X509Certificate signerCertificate) { - this.signerCertificate = signerCertificate; - } - - /** - * Returns the identityLink. - * @return IdentityLink - */ - public IdentityLink getIdentityLink() { - return identityLink; - } - - /** - * Returns the sessionID. - * @return String - */ - public String getSessionID() { - return sessionID; - } - - /** - * Sets the identityLink. - * @param identityLink The identityLink to set - */ - public void setIdentityLink(IdentityLink identityLink) { - this.identityLink = identityLink; - } - - /** - * Sets the sessionID. - * @param sessionId The sessionID to set - */ - public void setSessionID(String sessionId) { - this.sessionID = sessionId; - } - - /** - * Returns the oaURLRequested. - * @return String - */ - public String getOAURLRequested() { - return oaURLRequested; - } - - /** - * Returns the oaURLRequested. - * @return String - */ - public String getPublicOAURLPrefix() { - return oaPublicURLPrefix; - } - - /** - * Returns the BKU URL. - * @return String - */ - public String getBkuURL() { - return bkuURL; - } - - /** - * Returns the target. - * @return String - */ - public String getTarget() { - return target; - } - - /** - * Returns the sourceID. - * @return String - */ - public String getSourceID() { - return sourceID; - } - - /** - * Returns the target friendly name. - * @return String - */ - public String getTargetFriendlyName() { - return targetFriendlyName; - } - - /** - * Sets the oaURLRequested. - * @param oaURLRequested The oaURLRequested to set - */ - public void setOAURLRequested(String oaURLRequested) { - this.oaURLRequested = oaURLRequested; - } - - /** - * Sets the oaPublicURLPrefix - * @param oaPublicURLPrefix The oaPublicURLPrefix to set - */ - public void setPublicOAURLPrefix(String oaPublicURLPrefix) { - this.oaPublicURLPrefix = oaPublicURLPrefix; - } - - /** - * Sets the bkuURL - * @param bkuURL The BKU URL to set - */ - public void setBkuURL(String bkuURL) { - this.bkuURL = bkuURL; - } - - /** - * Sets the target. If the target includes the target prefix, the prefix will be stripped off. - * @param target The target to set - */ - public void setTarget(String target) { - if (target != null && target.startsWith(TARGET_PREFIX_)) - { - // If target starts with prefix "urn:publicid:gv.at:cdid+"; remove prefix - this.target = target.substring(TARGET_PREFIX_.length()); - Logger.debug("Target prefix stripped off; resulting target: " + this.target); - } - else - { - this.target = target; - } - } - - /** - * Sets the sourceID - * @param sourceID The sourceID to set - */ - public void setSourceID(String sourceID) { - this.sourceID = sourceID; - } - - /** - * Sets the target. If the target includes the target prefix, the prefix will be stripped off. - * @param target The target to set - */ - public void setTargetFriendlyName(String targetFriendlyName) { - this.targetFriendlyName = targetFriendlyName; - } - - /** - * Returns the authURL. - * @return String - */ - public String getAuthURL() { - return authURL; - } - - /** - * Sets the authURL. - * @param authURL The authURL to set - */ - public void setAuthURL(String authURL) { - this.authURL = authURL; - } - - /** - * Returns the authBlock. - * @return String - */ - public String getAuthBlock() { - return authBlock; - } - - /** - * Sets the authBlock. - * @param authBlock The authBlock to set - */ - public void setAuthBlock(String authBlock) { - this.authBlock = authBlock; - } - - /** - * Returns the timestampIdentityLink. - * @return Date - */ - public Date getTimestampIdentityLink() { - return timestampIdentityLink; - } - - /** - * Returns the businessService. - * @return <code>true</code> if the corresponding online application is - * a business application, otherwise <code>false</code> - */ - public boolean getBusinessService() { - return businessService; - } - - /** - * Sets the businessService variable. - * @param businessService the value for setting the businessService variable. - */ - public void setBusinessService(boolean businessService) { - this.businessService = businessService; - } - - /** - * Returns the timestampStart. - * @return Date - */ - public Date getTimestampStart() { - return timestampStart; - } - - /** - * Sets the current date as timestampIdentityLink. - */ - public void setTimestampIdentityLink() { - timestampIdentityLink = new Date(); - } - - /** - * Sets the current date as timestampStart. - */ - public void setTimestampStart() { - timestampStart = new Date(); - } - - /** - * @return template URL - */ - public String getTemplateURL() { - return templateURL; - } - - - /** - * @param string the template URL - */ - public void setTemplateURL(String string) { - templateURL = string; - } - - - /** - * Returns the SAML Attributes to be appended to the AUTHBlock. Maybe <code>null</code>. - * - * @return The SAML Attributes to be appended to the AUTHBlock. Maybe <code>null</code>. - */ - public List getExtendedSAMLAttributesAUTH() { - return extendedSAMLAttributesAUTH; - } - - /** - * Sets the SAML Attributes to be appended to the AUTHBlock. - * - * @param extendedSAMLAttributesAUTH The SAML Attributes to be appended to the AUTHBlock. - */ - public void setExtendedSAMLAttributesAUTH( - List extendedSAMLAttributesAUTH) { - this.extendedSAMLAttributesAUTH = extendedSAMLAttributesAUTH; - } - - /** - * Returns the SAML Attributes to be appended to the SAML assertion - * delivered to the online application. Maybe <code>null</code>. - * - * @return The SAML Attributes to be appended to the SAML assertion - * delivered to the online application - */ - public List getExtendedSAMLAttributesOA() { - return extendedSAMLAttributesOA; - } - - /** - * Sets the SAML Attributes to be appended to the SAML assertion - * delivered to the online application. - * - * @param extendedSAMLAttributesOA The SAML Attributes to be appended to the SAML - * assertion delivered to the online application. - */ - public void setExtendedSAMLAttributesOA( - List extendedSAMLAttributesOA) { - this.extendedSAMLAttributesOA = extendedSAMLAttributesOA; - } - - /** - * Returns the boolean value for either a target or a wbPK is - * provided as SAML Attribute in the SAML Assertion or not. - * - * @return true either a target or a wbPK is provided as SAML Attribute - * in the SAML Assertion or false if not. - */ - public boolean getSAMLAttributeGebeORwbpk() { - return this.samlAttributeGebeORwbpk; - } - - /** - * Sets the boolean value for either a target or a wbPK is - * provided as SAML Attribute in the SAML Assertion or not. - * - * @param samlAttributeGebeORwbpk The boolean for value either a target or - * wbPK is provided as SAML Attribute in the SAML Assertion or not. - */ - public void setSAMLAttributeGebeORwbpk(boolean samlAttributeGebeORwbpk) { - this.samlAttributeGebeORwbpk = samlAttributeGebeORwbpk; - } - - /** - * Returns the issuing time of the AUTH-Block SAML assertion. - * - * @return The issuing time of the AUTH-Block SAML assertion. - */ - public String getIssueInstant() { - return issueInstant; - } - - /** - * Sets the issuing time of the AUTH-Block SAML assertion. - * - * @param issueInstant The issueInstant to set. - */ - public void setIssueInstant(String issueInstant) { - this.issueInstant = issueInstant; - } - - /** - * Returns the iterator to the stored infobox validators. - * @return Iterator - */ - public Iterator getInfoboxValidatorIterator() { - if (infoboxValidators==null) return null; - return infoboxValidators.iterator(); - } - - /** - * Adds an infobox validator class to the stored infobox validators. - * @param infoboxIdentifier the identifier of the infobox the validator belongs to - * @param infoboxFriendlyName the friendly name of the infobox - * @param infoboxValidator the infobox validator to add - */ - public Iterator addInfoboxValidator(String infoboxIdentifier, String infoboxFriendlyName, InfoboxValidator infoboxValidator) { - if (infoboxValidators==null) infoboxValidators = new ArrayList(); - Vector v = new Vector(3); - v.add(infoboxIdentifier); - v.add(infoboxFriendlyName); - v.add(infoboxValidator); - infoboxValidators.add(v); - return infoboxValidators.iterator(); - } - - /** - * Tests for pending input events of the infobox validators. - * @return true if a validator has a form to show - */ - public boolean isValidatorInputPending() { - boolean result = false; - Iterator iter = getInfoboxValidatorIterator(); - if (iter != null) { - while (!result && iter.hasNext()) { - Vector infoboxValidatorVector = (Vector) iter.next(); - InfoboxValidator infoboxvalidator = (InfoboxValidator) infoboxValidatorVector.get(2); - if (!ParepUtils.isEmpty(infoboxvalidator.getForm())) result=true; - } - } - return result; - } - - /** - * Returns the first pending infobox validator. - * @return the infobox validator class - */ - public InfoboxValidator getFirstPendingValidator() { - Iterator iter = getInfoboxValidatorIterator(); - if (iter != null) { - while (iter.hasNext()) { - Vector infoboxValidatorVector = (Vector) iter.next(); - InfoboxValidator infoboxvalidator = (InfoboxValidator) infoboxValidatorVector.get(2); - String form = infoboxvalidator.getForm(); - if (!ParepUtils.isEmpty(form)) return infoboxvalidator; - } - } - return null; - } - - /** - * Returns the input form of the first pending infobox validator input processor. - * @return the form to show - */ - public String getFirstValidatorInputForm() { - Iterator iter = getInfoboxValidatorIterator(); - if (iter != null) { - while (iter.hasNext()) { - Vector infoboxValidatorVector = (Vector) iter.next(); - InfoboxValidator infoboxvalidator = (InfoboxValidator) infoboxValidatorVector.get(2); - String form = infoboxvalidator.getForm(); - if (!ParepUtils.isEmpty(form)) return form; - } - } - return null; - } - - /** - * Returns domain identifier (the register and number in the register parameter). - * <code>null</code> in the case of not a business service. - * - * @return the domainIdentifier - */ - public String getDomainIdentifier() { - return domainIdentifier; - } - - /** - * Sets the register and number in the register parameter if the application - * is a business service. - * If the domain identifier includes the registerAndOrdNr prefix, the prefix - * will be stripped off. - * - * @param domainIdentifier the domain identifier to set - */ - public void setDomainIdentifier(String domainIdentifier) { - if (domainIdentifier != null && domainIdentifier.startsWith(REGISTERANDORDNR_PREFIX_)) - { - // If domainIdentifier starts with prefix "urn:publicid:gv.at:wbpk+"; remove this prefix - this.domainIdentifier = domainIdentifier.substring(REGISTERANDORDNR_PREFIX_.length()); - Logger.debug("Register and ordernumber prefix stripped off; resulting register string: " + this.domainIdentifier); - } - else - { - this.domainIdentifier = domainIdentifier; - } - } - - /** - * Gets all identifiers of infoboxes, the online application - * is configured to accept. The infobox identifiers are comma separated. - * - * @return the string containing infobox identifiers - */ - public String getPushInfobox() { - if (pushInfobox==null) return ""; - return pushInfobox; - } - - /** - * @param pushInfobox the infobox identifiers to set (comma separated) - */ - public void setPushInfobox(String pushInfobox) { - this.pushInfobox = pushInfobox; - } - - /** - * - * @param useMandate indicates if mandate is used or not - */ - public void setUseMandate(String useMandate) { - if (useMandate.compareToIgnoreCase("true") == 0) - this.useMandate = true; - else - this.useMandate = false; - - } - - /** - * Returns if mandate is used or not - * @return - */ - public boolean getUseMandate() { - return this.useMandate; - } - - /** - * - * @param useTargetFromConfig indicates if target from config is used or not - */ - public void setUseTargetFromConfig(boolean useTargetFromConfig) { - this.useTargetFromConfig = useTargetFromConfig; - - } - - /** - * Returns if target is used from mandate or not - * @return - */ - public boolean getUseTargetFromConfig() { - return this.useTargetFromConfig; - } - - /** - * - * @param misSessionID indicates the MIS session ID - */ - public void setMISSessionID(String misSessionID) { - this.misSessionID = misSessionID; - } - - /** - * Returns the MIS session ID - * @return - */ - public String getMISSessionID() { - return this.misSessionID; - } - - /** - * @return the assertionAuthData - */ - public AuthenticationData getAssertionAuthData() { - return assertionAuthData; - } - - /** - * @param assertionAuthData the assertionAuthData to set - */ - public void setAssertionAuthData(AuthenticationData assertionAuthData) { - this.assertionAuthData = assertionAuthData; - } - - /** - * @return the assertionPrPerson - */ - public String getAssertionPrPerson() { - return assertionPrPerson; - } - - /** - * @param assertionPrPerson the assertionPrPerson to set - */ - public void setAssertionPrPerson(String assertionPrPerson) { - this.assertionPrPerson = assertionPrPerson; - } - - /** - * @return the assertionAuthBlock - */ - public String getAssertionAuthBlock() { - return assertionAuthBlock; - } - - /** - * @param assertionAuthBlock the assertionAuthBlock to set - */ - public void setAssertionAuthBlock(String assertionAuthBlock) { - this.assertionAuthBlock = assertionAuthBlock; - } - - /** - * @return the assertionIlAssertion - */ - public String getAssertionIlAssertion() { - return assertionIlAssertion; - } - - /** - * @param assertionIlAssertion the assertionIlAssertion to set - */ - public void setAssertionIlAssertion(String assertionIlAssertion) { - this.assertionIlAssertion = assertionIlAssertion; - } - - /** - * @return the assertionSignerCertificateBase64 - */ - public String getAssertionSignerCertificateBase64() { - return assertionSignerCertificateBase64; - } - - /** - * @param assertionSignerCertificateBase64 the assertionSignerCertificateBase64 to set - */ - public void setAssertionSignerCertificateBase64(String assertionSignerCertificateBase64) { - this.assertionSignerCertificateBase64 = assertionSignerCertificateBase64; - } - - /** - * @return the assertionBusinessService - */ - public boolean getAssertionBusinessService() { - return assertionBusinessService; - } - - /** - * @param assertionBusinessService the assertionBusinessService to set - */ - public void setAssertionBusinessService(boolean assertionBusinessService) { - this.assertionBusinessService = assertionBusinessService; - } - - /** - * @return the mandateReferenceValue - */ - public String getMandateReferenceValue() { - return mandateReferenceValue; - } - - /** - * @param mandateReferenceValue the mandateReferenceValue to set - */ - public void setMandateReferenceValue(String mandateReferenceValue) { - this.mandateReferenceValue = mandateReferenceValue; - } - - /** - * Gets the STORK SAML AuthnRequest - * @return STORK SAML AuthnRequest - */ - public STORKAuthnRequest getStorkAuthnRequest() { - return storkAuthnRequest; + //private X509Certificate signerCertificate; + private byte[] signerCertificate; + + + /** + * SAML attributes from an extended infobox validation to be appended to the + * SAML assertion delivered to the final online application. + */ + private List extendedSAMLAttributesOA; + + /** + * The boolean value for either a target or a wbPK is provided as SAML + * Attribute in the SAML Assertion or not. + */ + private boolean samlAttributeGebeORwbpk; + + /** + * SAML attributes from an extended infobox validation to be appended to the + * SAML assertion of the AUTHBlock. + */ + private List extendedSAMLAttributesAUTH; + + + //TODO: check if it is in use! + /** + * If infobox validators are needed after signing, they can be stored in + * this list. + */ + private List infoboxValidators; + + /** + * The register and number in the register parameter in case of a business + * service application. + */ + private String domainIdentifier; + + /** + * This string contains all identifiers of infoboxes, the online application + * is configured to accept. The infobox identifiers are comma separated. + */ + private String pushInfobox; + + /** + * The STORK AuthRequest to be sent to the C-PEPS + */ + private STORKAuthnRequest storkAuthnRequest; + + + + //private AuthenticationData authData; + + //protocol selection + private String action; + private String modul; + + private boolean authenticated; + private boolean authenticatedUsed = false; + + private boolean ssoRequested = false; + +// /** +// * Indicates if target from configuration is used or not +// */ +// private boolean useTargetFromConfig; + +// /** +// * Authentication data for the assertion +// */ +// private AuthenticationData assertionAuthData; +// +// /** +// * Persondata for the assertion +// */ +// private String assertionPrPerson; +// +// /** +// * Authblock for the assertion +// */ +// private String assertionAuthBlock; +// +// /** +// * Identitylink assertion for the (MOA) assertion +// */ +// private String assertionIlAssertion; +// +// /** +// * Signer certificate (base64 encoded) for the assertion +// */ +// private String assertionSignerCertificateBase64; +// +// /** +// * bussiness service for the assertion +// */ +// boolean assertionBusinessService; +// +// /** +// * timestamp logging when authentication session has been created +// */ +// private Date timestampStart; +// private CreateXMLSignatureResponse XMLCreateSignatureResponse; + + private VerifyXMLSignatureResponse XMLVerifySignatureResponse; + + private boolean isForeigner; + +// private String requestedProtocolURL = null; + + public String getModul() { + return modul; + } + + public void setModul(String modul) { + this.modul = modul; + } + + public String getAction() { + return action; + } + + public void setAction(String action) { + this.action = action; + } + +// public AuthenticationData getAuthData() { +// return authData; +// } +// +// public void setAuthData(AuthenticationData authData) { +// this.authData = authData; +// } + + + public boolean isAuthenticatedUsed() { + return authenticatedUsed; + } + + public void setAuthenticatedUsed(boolean authenticatedUsed) { + this.authenticatedUsed = authenticatedUsed; } - /** - * Sets the STORK SAML AuthnRequest - * @param storkAuthnRequest STORK SAML AuthnRequest - */ + public boolean isAuthenticated() { + return authenticated; + } + + public void setAuthenticated(boolean authenticated) { + this.authenticated = authenticated; + } + + +// public String getRequestedProtocolURL() { +// return requestedProtocolURL; +// } +// +// public void setRequestedProtocolURL(String requestedProtocolURL) { +// this.requestedProtocolURL = requestedProtocolURL; +// } + + /** + * Constructor for AuthenticationSession. + * + * @param id + * Session ID + */ + public AuthenticationSession(String id) { + sessionID = id; +// setTimestampStart(); + infoboxValidators = new ArrayList(); + } + + public X509Certificate getSignerCertificate(){ + try { + return new X509Certificate(signerCertificate); + } catch (CertificateException e) { + Logger.warn("Signer certificate can not be loaded from session database!", e); + return null; + } + } + + public byte[] getEncodedSignerCertificate() { + return this.signerCertificate; + } + + public void setSignerCertificate(X509Certificate signerCertificate) { + try { + this.signerCertificate = signerCertificate.getEncoded(); + } catch (CertificateEncodingException e) { + Logger.warn("Signer certificate can not be stored to session database!", e); + } + } + + /** + * Returns the identityLink. + * + * @return IdentityLink + */ + public IdentityLink getIdentityLink() { + return identityLink; + } + + /** + * Returns the sessionID. + * + * @return String + */ + public String getSessionID() { + return sessionID; + } + + /** + * Sets the identityLink. + * + * @param identityLink + * The identityLink to set + */ + public void setIdentityLink(IdentityLink identityLink) { + this.identityLink = identityLink; + } + + /** + * Sets the sessionID. + * + * @param sessionId + * The sessionID to set + */ + public void setSessionID(String sessionId) { + this.sessionID = sessionId; + } + + /** + * Returns the oaURLRequested. + * + * @return String + */ + public String getOAURLRequested() { + return oaURLRequested; + } + + /** + * Returns the oaURLRequested. + * + * @return String + */ + public String getPublicOAURLPrefix() { + return oaPublicURLPrefix; + } + + /** + * Returns the BKU URL. + * + * @return String + */ + public String getBkuURL() { + return bkuURL; + } + + /** + * Returns the target. + * + * @return String + */ + public String getTarget() { + return target; + } + + /** + * Returns the sourceID. + * + * @return String + */ + public String getSourceID() { + return sourceID; + } + + /** + * Returns the target friendly name. + * + * @return String + */ + public String getTargetFriendlyName() { + return targetFriendlyName; + } + + /** + * Sets the oaURLRequested. + * + * @param oaURLRequested + * The oaURLRequested to set + */ + public void setOAURLRequested(String oaURLRequested) { + this.oaURLRequested = oaURLRequested; + } + + /** + * Sets the oaPublicURLPrefix + * + * @param oaPublicURLPrefix + * The oaPublicURLPrefix to set + */ + public void setPublicOAURLPrefix(String oaPublicURLPrefix) { + this.oaPublicURLPrefix = oaPublicURLPrefix; + } + + /** + * Sets the bkuURL + * + * @param bkuURL + * The BKU URL to set + */ + public void setBkuURL(String bkuURL) { + this.bkuURL = bkuURL; + } + + /** + * Sets the target. If the target includes the target prefix, the prefix + * will be stripped off. + * + * @param target + * The target to set + */ + public void setTarget(String target) { + if (target != null && target.startsWith(TARGET_PREFIX_)) { + // If target starts with prefix "urn:publicid:gv.at:cdid+"; remove + // prefix + this.target = target.substring(TARGET_PREFIX_.length()); + Logger.debug("Target prefix stripped off; resulting target: " + + this.target); + } else { + this.target = target; + } + } + + /** + * Sets the sourceID + * + * @param sourceID + * The sourceID to set + */ + public void setSourceID(String sourceID) { + this.sourceID = sourceID; + } + + /** + * Sets the target. If the target includes the target prefix, the prefix + * will be stripped off. + * + * @param target + * The target to set + */ + public void setTargetFriendlyName(String targetFriendlyName) { + this.targetFriendlyName = targetFriendlyName; + } + + /** + * Returns the authURL. + * + * @return String + */ + public String getAuthURL() { + return authURL; + } + + /** + * Sets the authURL. + * + * @param authURL + * The authURL to set + */ + public void setAuthURL(String authURL) { + this.authURL = authURL; + } + + /** + * Returns the authBlock. + * + * @return String + */ + public String getAuthBlock() { + return authBlock; + } + + /** + * Sets the authBlock. + * + * @param authBlock + * The authBlock to set + */ + public void setAuthBlock(String authBlock) { + this.authBlock = authBlock; + } + + /** + * Returns the timestampIdentityLink. + * + * @return Date + */ + public Date getTimestampIdentityLink() { + return timestampIdentityLink; + } + + /** + * Returns the businessService. + * + * @return <code>true</code> if the corresponding online application is a + * business application, otherwise <code>false</code> + */ + public boolean getBusinessService() { + return businessService; + } + + /** + * Sets the businessService variable. + * + * @param businessService + * the value for setting the businessService variable. + */ + public void setBusinessService(boolean businessService) { + this.businessService = businessService; + } + +// /** +// * Returns the timestampStart. +// * +// * @return Date +// */ +// public Date getTimestampStart() { +// return timestampStart; +// } + + /** + * Sets the current date as timestampIdentityLink. + */ + public void setTimestampIdentityLink() { + timestampIdentityLink = new Date(); + } + +// /** +// * Sets the current date as timestampStart. +// */ +// public void setTimestampStart() { +// timestampStart = new Date(); +// } + + /** + * @return template URL + */ + public String getTemplateURL() { + return templateURL; + } + + /** + * @param string + * the template URL + */ + public void setTemplateURL(String string) { + templateURL = string; + } + + /** + * Returns the SAML Attributes to be appended to the AUTHBlock. Maybe + * <code>null</code>. + * + * @return The SAML Attributes to be appended to the AUTHBlock. Maybe + * <code>null</code>. + */ + public List getExtendedSAMLAttributesAUTH() { + return extendedSAMLAttributesAUTH; + } + + /** + * Sets the SAML Attributes to be appended to the AUTHBlock. + * + * @param extendedSAMLAttributesAUTH + * The SAML Attributes to be appended to the AUTHBlock. + */ + public void setExtendedSAMLAttributesAUTH(List extendedSAMLAttributesAUTH) { + this.extendedSAMLAttributesAUTH = extendedSAMLAttributesAUTH; + } + + /** + * Returns the SAML Attributes to be appended to the SAML assertion + * delivered to the online application. Maybe <code>null</code>. + * + * @return The SAML Attributes to be appended to the SAML assertion + * delivered to the online application + */ + public List getExtendedSAMLAttributesOA() { + return extendedSAMLAttributesOA; + } + + /** + * Sets the SAML Attributes to be appended to the SAML assertion delivered + * to the online application. + * + * @param extendedSAMLAttributesOA + * The SAML Attributes to be appended to the SAML assertion + * delivered to the online application. + */ + public void setExtendedSAMLAttributesOA(List extendedSAMLAttributesOA) { + this.extendedSAMLAttributesOA = extendedSAMLAttributesOA; + } + + /** + * Returns the boolean value for either a target or a wbPK is provided as + * SAML Attribute in the SAML Assertion or not. + * + * @return true either a target or a wbPK is provided as SAML Attribute in + * the SAML Assertion or false if not. + */ + public boolean getSAMLAttributeGebeORwbpk() { + return this.samlAttributeGebeORwbpk; + } + + /** + * Sets the boolean value for either a target or a wbPK is provided as SAML + * Attribute in the SAML Assertion or not. + * + * @param samlAttributeGebeORwbpk + * The boolean for value either a target or wbPK is provided as + * SAML Attribute in the SAML Assertion or not. + */ + public void setSAMLAttributeGebeORwbpk(boolean samlAttributeGebeORwbpk) { + this.samlAttributeGebeORwbpk = samlAttributeGebeORwbpk; + } + + /** + * Returns the issuing time of the AUTH-Block SAML assertion. + * + * @return The issuing time of the AUTH-Block SAML assertion. + */ + public String getIssueInstant() { + return issueInstant; + } + + /** + * Sets the issuing time of the AUTH-Block SAML assertion. + * + * @param issueInstant + * The issueInstant to set. + */ + public void setIssueInstant(String issueInstant) { + this.issueInstant = issueInstant; + } + + /** + * Returns the iterator to the stored infobox validators. + * + * @return Iterator + */ + public Iterator getInfoboxValidatorIterator() { + if (infoboxValidators == null) + return null; + return infoboxValidators.iterator(); + } + + /** + * Adds an infobox validator class to the stored infobox validators. + * + * @param infoboxIdentifier + * the identifier of the infobox the validator belongs to + * @param infoboxFriendlyName + * the friendly name of the infobox + * @param infoboxValidator + * the infobox validator to add + */ + public Iterator addInfoboxValidator(String infoboxIdentifier, + String infoboxFriendlyName, InfoboxValidator infoboxValidator) { + if (infoboxValidators == null) + infoboxValidators = new ArrayList(); + Vector v = new Vector(3); + v.add(infoboxIdentifier); + v.add(infoboxFriendlyName); + v.add(infoboxValidator); + infoboxValidators.add(v); + return infoboxValidators.iterator(); + } + + /** + * Tests for pending input events of the infobox validators. + * + * @return true if a validator has a form to show + */ + public boolean isValidatorInputPending() { + boolean result = false; + Iterator iter = getInfoboxValidatorIterator(); + if (iter != null) { + while (!result && iter.hasNext()) { + Vector infoboxValidatorVector = (Vector) iter.next(); + InfoboxValidator infoboxvalidator = (InfoboxValidator) infoboxValidatorVector + .get(2); + if (!ParepUtils.isEmpty(infoboxvalidator.getForm())) + result = true; + } + } + return result; + } + + /** + * Returns the first pending infobox validator. + * + * @return the infobox validator class + */ + public InfoboxValidator getFirstPendingValidator() { + Iterator iter = getInfoboxValidatorIterator(); + if (iter != null) { + while (iter.hasNext()) { + Vector infoboxValidatorVector = (Vector) iter.next(); + InfoboxValidator infoboxvalidator = (InfoboxValidator) infoboxValidatorVector + .get(2); + String form = infoboxvalidator.getForm(); + if (!ParepUtils.isEmpty(form)) + return infoboxvalidator; + } + } + return null; + } + + /** + * Returns the input form of the first pending infobox validator input + * processor. + * + * @return the form to show + */ + public String getFirstValidatorInputForm() { + Iterator iter = getInfoboxValidatorIterator(); + if (iter != null) { + while (iter.hasNext()) { + Vector infoboxValidatorVector = (Vector) iter.next(); + InfoboxValidator infoboxvalidator = (InfoboxValidator) infoboxValidatorVector + .get(2); + String form = infoboxvalidator.getForm(); + if (!ParepUtils.isEmpty(form)) + return form; + } + } + return null; + } + + /** + * Returns domain identifier (the register and number in the register + * parameter). <code>null</code> in the case of not a business service. + * + * @return the domainIdentifier + */ + public String getDomainIdentifier() { + return domainIdentifier; + } + + /** + * Sets the register and number in the register parameter if the application + * is a business service. If the domain identifier includes the + * registerAndOrdNr prefix, the prefix will be stripped off. + * + * @param domainIdentifier + * the domain identifier to set + */ + public void setDomainIdentifier(String domainIdentifier) { + if (domainIdentifier != null + && domainIdentifier.startsWith(REGISTERANDORDNR_PREFIX_)) { + // If domainIdentifier starts with prefix + // "urn:publicid:gv.at:wbpk+"; remove this prefix + this.domainIdentifier = domainIdentifier + .substring(REGISTERANDORDNR_PREFIX_.length()); + Logger.debug("Register and ordernumber prefix stripped off; resulting register string: " + + this.domainIdentifier); + } else { + this.domainIdentifier = domainIdentifier; + } + } + + /** + * Gets all identifiers of infoboxes, the online application is configured + * to accept. The infobox identifiers are comma separated. + * + * @return the string containing infobox identifiers + */ + public String getPushInfobox() { + if (pushInfobox == null) + return ""; + return pushInfobox; + } + + /** + * @param pushInfobox + * the infobox identifiers to set (comma separated) + */ + public void setPushInfobox(String pushInfobox) { + this.pushInfobox = pushInfobox; + } + + /** + * + * @param useMandate + * indicates if mandate is used or not + */ + public void setUseMandate(String useMandate) { + if (useMandate.compareToIgnoreCase("true") == 0) + this.useMandate = true; + else + this.useMandate = false; + + } + + /** + * Returns if mandate is used or not + * + * @return + */ + public boolean getUseMandate() { + return this.useMandate; + } + +// /** +// * +// * @param useTargetFromConfig +// * indicates if target from config is used or not +// */ +// public void setUseTargetFromConfig(boolean useTargetFromConfig) { +// this.useTargetFromConfig = useTargetFromConfig; +// +// } +// +// /** +// * Returns if target is used from mandate or not +// * +// * @return +// */ +// public boolean getUseTargetFromConfig() { +// return this.useTargetFromConfig; +// } + + /** + * + * @param misSessionID + * indicates the MIS session ID + */ + public void setMISSessionID(String misSessionID) { + this.misSessionID = misSessionID; + } + + /** + * Returns the MIS session ID + * + * @return + */ + public String getMISSessionID() { + return this.misSessionID; + } + +// /** +// * @return the assertionAuthData +// */ +// public AuthenticationData getAssertionAuthData() { +// return assertionAuthData; +// } +// +// /** +// * @param assertionAuthData +// * the assertionAuthData to set +// */ +// public void setAssertionAuthData(AuthenticationData assertionAuthData) { +// this.assertionAuthData = assertionAuthData; +// } +// +// /** +// * @return the assertionPrPerson +// */ +// public String getAssertionPrPerson() { +// return assertionPrPerson; +// } +// +// /** +// * @param assertionPrPerson +// * the assertionPrPerson to set +// */ +// public void setAssertionPrPerson(String assertionPrPerson) { +// this.assertionPrPerson = assertionPrPerson; +// } +// +// /** +// * @return the assertionAuthBlock +// */ +// public String getAssertionAuthBlock() { +// return assertionAuthBlock; +// } +// +// /** +// * @param assertionAuthBlock +// * the assertionAuthBlock to set +// */ +// public void setAssertionAuthBlock(String assertionAuthBlock) { +// this.assertionAuthBlock = assertionAuthBlock; +// } +// +// /** +// * @return the assertionIlAssertion +// */ +// public String getAssertionIlAssertion() { +// return assertionIlAssertion; +// } +// +// /** +// * @param assertionIlAssertion +// * the assertionIlAssertion to set +// */ +// public void setAssertionIlAssertion(String assertionIlAssertion) { +// this.assertionIlAssertion = assertionIlAssertion; +// } +// +// /** +// * @return the assertionSignerCertificateBase64 +// */ +// public String getAssertionSignerCertificateBase64() { +// return assertionSignerCertificateBase64; +// } +// +// /** +// * @param assertionSignerCertificateBase64 +// * the assertionSignerCertificateBase64 to set +// */ +// public void setAssertionSignerCertificateBase64( +// String assertionSignerCertificateBase64) { +// this.assertionSignerCertificateBase64 = assertionSignerCertificateBase64; +// } +// +// /** +// * @return the assertionBusinessService +// */ +// public boolean getAssertionBusinessService() { +// return assertionBusinessService; +// } +// +// /** +// * @param assertionBusinessService +// * the assertionBusinessService to set +// */ +// public void setAssertionBusinessService(boolean assertionBusinessService) { +// this.assertionBusinessService = assertionBusinessService; +// } + + /** + * @return the mandateReferenceValue + */ + public String getMandateReferenceValue() { + return mandateReferenceValue; + } + + /** + * @param mandateReferenceValue + * the mandateReferenceValue to set + */ + public void setMandateReferenceValue(String mandateReferenceValue) { + this.mandateReferenceValue = mandateReferenceValue; + } + + /** + * Gets the STORK SAML AuthnRequest + * + * @return STORK SAML AuthnRequest + */ + public STORKAuthnRequest getStorkAuthnRequest() { + return storkAuthnRequest; + } + + /** + * Sets the STORK SAML AuthnRequest + * + * @param storkAuthnRequest + * STORK SAML AuthnRequest + */ public void setStorkAuthnRequest(STORKAuthnRequest storkAuthnRequest) { this.storkAuthnRequest = storkAuthnRequest; } - - - -} + public String getCcc() { + return ccc; + } + + public void setCcc(String ccc) { + this.ccc = ccc; + } + + + +// public CreateXMLSignatureResponse getXMLCreateSignatureResponse() { +// return XMLCreateSignatureResponse; +// } +// +// public void setXMLCreateSignatureResponse(CreateXMLSignatureResponse xMLCreateSignatureResponse) { +// XMLCreateSignatureResponse = xMLCreateSignatureResponse; +// } + + public boolean isForeigner() { + return isForeigner; + } + + public void setForeigner(boolean isForeigner) { + this.isForeigner = isForeigner; + } + + public VerifyXMLSignatureResponse getXMLVerifySignatureResponse() { + return XMLVerifySignatureResponse; + } + + public void setXMLVerifySignatureResponse(VerifyXMLSignatureResponse xMLVerifySignatureResponse) { + XMLVerifySignatureResponse = xMLVerifySignatureResponse; + } + + public MISMandate getMISMandate() { + return mandate; + } + + public void setMISMandate(MISMandate mandate) { + this.mandate = mandate; + } + + public Element getMandate() { + try { + byte[] byteMandate = mandate.getMandate(); + String stringMandate = new String(byteMandate); + return DOMUtils.parseDocument(stringMandate, false, + null, null).getDocumentElement(); + + }catch (Throwable e) { + Logger.warn("Mandate content could not be generated from MISMandate."); + return null; + } + } + + /** + * @return the ssoRequested + */ + + //TODO: SSO only allowed without mandates, actually!!!!!! + public boolean isSsoRequested() { + return ssoRequested && !useMandate; + } + + /** + * @param ssoRequested the ssoRequested to set + */ + public void setSsoRequested(boolean ssoRequested) { + this.ssoRequested = ssoRequested; + } + + /** + * @return the isOW + */ + public boolean isOW() { + return isOW; + } + + /** + * @param isOW the isOW to set + */ + public void setOW(boolean isOW) { + this.isOW = isOW; + } + + +} diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/data/ExtendedSAMLAttributeImpl.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/data/ExtendedSAMLAttributeImpl.java index 276e6414c..7523d7eaf 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/data/ExtendedSAMLAttributeImpl.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/data/ExtendedSAMLAttributeImpl.java @@ -24,15 +24,22 @@ package at.gv.egovernment.moa.id.auth.data; +import java.io.Serializable; + /** * This class contains SAML attributes to be appended to the SAML assertion delivered to * the Online application. * * @author Harald Bratko */ -public class ExtendedSAMLAttributeImpl implements ExtendedSAMLAttribute { +public class ExtendedSAMLAttributeImpl implements ExtendedSAMLAttribute, Serializable{ /** + * + */ + private static final long serialVersionUID = 1L; + +/** * The value of this SAML attribute. Must be either of type <code>java.lang.String</code> * or <code>org.w3c.Element</code>. */ diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/data/IdentityLink.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/data/IdentityLink.java index 0d11dc4f0..b03f23ce4 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/data/IdentityLink.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/data/IdentityLink.java @@ -25,6 +25,7 @@ package at.gv.egovernment.moa.id.auth.data; import java.io.IOException; +import java.io.Serializable; import java.security.PublicKey; import javax.xml.transform.TransformerException; @@ -41,7 +42,10 @@ import at.gv.egovernment.moa.util.DOMUtils; * @author Paul Ivancsics * @version $Id$ */ -public class IdentityLink { +public class IdentityLink implements Serializable{ + + private static final long serialVersionUID = 1L; + /** * <code>"identificationValue"</code> is the translation of <code>"Stammzahl"</code>. */ diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/data/VerifyXMLSignatureResponse.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/data/VerifyXMLSignatureResponse.java index ce418de01..ed54683ca 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/data/VerifyXMLSignatureResponse.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/data/VerifyXMLSignatureResponse.java @@ -24,6 +24,9 @@ package at.gv.egovernment.moa.id.auth.data; +import java.io.Serializable; +import java.util.Date; + import iaik.x509.X509Certificate; /** @@ -34,8 +37,11 @@ import iaik.x509.X509Certificate; * @version $Id$ * */ -public class VerifyXMLSignatureResponse { - /** The xmlDsigSubjectName to be stored */ +public class VerifyXMLSignatureResponse implements Serializable{ + + private static final long serialVersionUID = 1L; + +/** The xmlDsigSubjectName to be stored */ private String xmlDsigSubjectName; /** The signatureCheckCode to be stored */ private int signatureCheckCode; @@ -59,6 +65,8 @@ public class VerifyXMLSignatureResponse { */ private int signatureManifestCheckCode = -1; + private Date signingDateTime; + /** * Returns the certificateCheckCode. * @return int @@ -221,4 +229,13 @@ public class VerifyXMLSignatureResponse { this.signatureManifestCheckCode = signatureManifestCheckCode; } + public Date getSigningDateTime() { + return signingDateTime; + } + + public void setSigningDateTime(Date signingDateTime) { + this.signingDateTime = signingDateTime; + } + + } diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/parser/IdentityLinkAssertionParser.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/parser/IdentityLinkAssertionParser.java index cb3ed5ad9..a468caf73 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/parser/IdentityLinkAssertionParser.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/parser/IdentityLinkAssertionParser.java @@ -122,7 +122,7 @@ public class IdentityLinkAssertionParser { + "Value"; /** Xpath expression to the Identification Value element */ - private static final String PERSON_IDENT_TYPE_XPATH = + public static final String PERSON_IDENT_TYPE_XPATH = PERSON_XPATH + "/" + PDATA diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/parser/StartAuthentificationParameterParser.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/parser/StartAuthentificationParameterParser.java new file mode 100644 index 000000000..58194361c --- /dev/null +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/parser/StartAuthentificationParameterParser.java @@ -0,0 +1,268 @@ +package at.gv.egovernment.moa.id.auth.parser; + +import java.io.UnsupportedEncodingException; + +import javax.servlet.http.HttpServletRequest; +import javax.servlet.http.HttpServletResponse; +import javax.servlet.http.HttpSession; + +import org.apache.commons.lang.StringEscapeUtils; + +import at.gv.egovernment.moa.id.AuthenticationException; +import at.gv.egovernment.moa.id.MOAIDException; +import at.gv.egovernment.moa.id.auth.MOAIDAuthConstants; +import at.gv.egovernment.moa.id.auth.WrongParametersException; +import at.gv.egovernment.moa.id.auth.data.AuthenticationSession; +import at.gv.egovernment.moa.id.config.auth.AuthConfigurationProvider; +import at.gv.egovernment.moa.id.config.auth.OAAuthParameter; +import at.gv.egovernment.moa.id.moduls.IRequest; +import at.gv.egovernment.moa.id.moduls.RequestStorage; +import at.gv.egovernment.moa.id.protocols.saml1.SAML1Protocol; +import at.gv.egovernment.moa.id.util.ParamValidatorUtils; +import at.gv.egovernment.moa.logging.Logger; +import at.gv.egovernment.moa.util.BoolUtils; +import at.gv.egovernment.moa.util.MiscUtil; +import at.gv.egovernment.moa.util.StringUtils; +import at.gv.egovernment.moa.util.URLEncoder; + +public class StartAuthentificationParameterParser implements MOAIDAuthConstants{ + + public static void parse(AuthenticationSession moasession, + String target, + String oaURL, + String bkuURL, + String templateURL, + String useMandate, + String ccc, + String module, + String action, + HttpServletRequest req) throws WrongParametersException, MOAIDException { + + String targetFriendlyName = null; + +// String sso = req.getParameter(PARAM_SSO); + + // escape parameter strings + target = StringEscapeUtils.escapeHtml(target); + oaURL = StringEscapeUtils.escapeHtml(oaURL); + bkuURL = StringEscapeUtils.escapeHtml(bkuURL); + templateURL = StringEscapeUtils.escapeHtml(templateURL); + useMandate = StringEscapeUtils.escapeHtml(useMandate); + ccc = StringEscapeUtils.escapeHtml(ccc); + // sso = StringEscapeUtils.escapeHtml(sso); + + // check parameter + + //pvp2.x can use general identifier (equals oaURL in SAML1) +// if (!ParamValidatorUtils.isValidOA(oaURL)) +// throw new WrongParametersException("StartAuthentication", PARAM_OA, "auth.12"); + + if (!ParamValidatorUtils.isValidUseMandate(useMandate)) + throw new WrongParametersException("StartAuthentication", PARAM_USEMANDATE, "auth.12"); + if (!ParamValidatorUtils.isValidCCC(ccc)) + throw new WrongParametersException("StartAuthentication", PARAM_CCC, "auth.12"); +// if (!ParamValidatorUtils.isValidUseMandate(sso)) +// throw new WrongParametersException("StartAuthentication", PARAM_SSO, "auth.12"); + + //check UseMandate flag + String useMandateString = null; + boolean useMandateBoolean = false; + if ((useMandate != null) && (useMandate.compareTo("") != 0)) { + useMandateString = useMandate; + } else { + useMandateString = "false"; + } + + if (useMandateString.compareToIgnoreCase("true") == 0) + useMandateBoolean = true; + else + useMandateBoolean = false; + + moasession.setUseMandate(useMandateString); + + + //load OnlineApplication configuration + OAAuthParameter oaParam; + if (moasession.getPublicOAURLPrefix() != null) { + oaParam = AuthConfigurationProvider.getInstance() + .getOnlineApplicationParameter( + moasession.getPublicOAURLPrefix()); + + if (oaParam == null) + throw new AuthenticationException("auth.00", + new Object[] { moasession.getPublicOAURLPrefix() }); + + } else { + oaParam = AuthConfigurationProvider.getInstance() + .getOnlineApplicationParameter(oaURL); + + if (oaParam == null) + throw new AuthenticationException("auth.00", + new Object[] { oaURL }); + + + // get target and target friendly name from config + String targetConfig = oaParam.getTarget(); + String targetFriendlyNameConfig = oaParam.getTargetFriendlyName(); + + if (StringUtils.isEmpty(targetConfig)) { + // no target attribut is given in OA config + // target is used from request + // check parameter + if (!ParamValidatorUtils.isValidTarget(target)) + throw new WrongParametersException("StartAuthentication", PARAM_TARGET, "auth.12"); + + } else { + // use target from config + target = targetConfig; + targetFriendlyName = targetFriendlyNameConfig; + } + + +// //check useSSO flag +// String useSSOString = null; +// boolean useSSOBoolean = false; +// if ((sso != null) && (sso.compareTo("") != 0)) { +// useSSOString = sso; +// } else { +// useSSOString = "false"; +// } + // +// if (useSSOString.compareToIgnoreCase("true") == 0) +// useSSOBoolean = true; +// else +// useSSOBoolean = false; + + //moasession.setSsoRequested(useSSOBoolean); + moasession.setSsoRequested(true && oaParam.useSSO()); //make always SSO if OA requested it!!!! + + //Validate BKU URI + if (!ParamValidatorUtils.isValidBKUURI(bkuURL, oaParam.getBKUURL())) + throw new WrongParametersException("StartAuthentication", PARAM_BKU, "auth.12"); + + if (!oaParam.getBusinessService()) { + if (isEmpty(target)) + throw new WrongParametersException("StartAuthentication", + PARAM_TARGET, "auth.05"); + + } else { + if (useMandateBoolean) { + Logger.error("Online-Mandate Mode for bussines application not supported."); + throw new AuthenticationException("auth.17", null); + } + target = null; + targetFriendlyName = null; + } + + moasession.setPublicOAURLPrefix(oaParam.getPublicURLPrefix()); + + moasession.setTarget(target); + moasession.setBusinessService(oaParam.getBusinessService()); + moasession.setTargetFriendlyName(targetFriendlyName); + moasession.setDomainIdentifier(oaParam.getIdentityLinkDomainIdentifier()); + } + + //check OnlineApplicationURL + if (isEmpty(oaURL)) + throw new WrongParametersException("StartAuthentication", + PARAM_OA, "auth.05"); + moasession.setOAURLRequested(oaURL); + + //check AuthURL + String authURL = req.getScheme() + "://" + req.getServerName(); + if ((req.getScheme().equalsIgnoreCase("https") && req.getServerPort()!=443) || (req.getScheme().equalsIgnoreCase("http") && req.getServerPort()!=80)) { + authURL = authURL.concat(":" + req.getServerPort()); + } + authURL = authURL.concat(req.getContextPath() + "/"); + + if (isEmpty(authURL)) + throw new WrongParametersException("StartAuthentication", + "AuthURL", "auth.05"); + + // check if HTTP Connection may be allowed (through + // FRONTEND_SERVLETS_ENABLE_HTTP_CONNECTION_PROPERTY) + //INFO: removed from MOA-ID 2.0 Config +// String boolStr = AuthConfigurationProvider +// .getInstance() +// .getGenericConfigurationParameter( +// AuthConfigurationProvider.FRONTEND_SERVLETS_ENABLE_HTTP_CONNECTION_PROPERTY); + + if ((!authURL.startsWith("https:")) +// && (false == BoolUtils.valueOf(boolStr)) + ) + throw new AuthenticationException("auth.07", + new Object[] { authURL + "*" }); + + moasession.setAuthURL(authURL); + + //check and set SourceID + if (oaParam.getSAML1Parameter() != null) { + String sourceID = oaParam.getSAML1Parameter().getSourceID(); + if (MiscUtil.isNotEmpty(sourceID)) + moasession.setSourceID(sourceID); + } + + // BKU URL has not been set yet, even if session already exists + if (bkuURL == null) { + if (req.getScheme() != null && req.getScheme().equalsIgnoreCase("https")) { + bkuURL = DEFAULT_BKU_HTTPS; + } else { + bkuURL = DEFAULT_BKU; + } + } + moasession.setBkuURL(bkuURL); + + + if (!ParamValidatorUtils.isValidTemplate(req, templateURL, oaParam.getTemplateURL())) + throw new WrongParametersException("StartAuthentication", PARAM_TEMPLATE, "auth.12"); + moasession.setTemplateURL(templateURL); + + moasession.setCcc(ccc); + + } + + public static void parse(HttpServletRequest req, HttpServletResponse resp, + AuthenticationSession moasession, IRequest request) throws WrongParametersException, MOAIDException { + + + String modul = request.requestedModule();//req.getParameter(PARAM_MODUL); + String action = request.requestedAction();//req.getParameter(PARAM_ACTION); + + modul = StringEscapeUtils.escapeHtml(modul); + action = StringEscapeUtils.escapeHtml(action); + if(modul == null) { + modul = SAML1Protocol.PATH; + } + + if(action == null) { + action = SAML1Protocol.GETARTIFACT; + } + moasession.setModul(modul); + moasession.setAction(action); + + //get Parameters from request + String target = req.getParameter(PARAM_TARGET); + String oaURL = req.getParameter(PARAM_OA); + String bkuURL = req.getParameter(PARAM_BKU); + String templateURL = req.getParameter(PARAM_TEMPLATE); + String useMandate = req.getParameter(PARAM_USEMANDATE); + String ccc = req.getParameter(PARAM_CCC); + + oaURL = request.getOAURL(); + target = request.getTarget(); + + parse(moasession, target, oaURL, bkuURL, templateURL, useMandate, ccc, modul, action, req); + + } + + /** + * Checks a parameter. + * + * @param param + * parameter + * @return true if the parameter is null or empty + */ + private static boolean isEmpty(String param) { + return param == null || param.length() == 0; + } +} diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/AuthServlet.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/AuthServlet.java index 16041f8cb..022f21491 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/AuthServlet.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/AuthServlet.java @@ -21,7 +21,6 @@ * that you distribute must include a readable copy of the "NOTICE" text file. */ - package at.gv.egovernment.moa.id.auth.servlet; import java.io.ByteArrayOutputStream; @@ -47,228 +46,314 @@ import org.apache.commons.fileupload.disk.DiskFileItemFactory; import org.apache.commons.fileupload.servlet.ServletFileUpload; import at.gv.egovernment.moa.id.AuthenticationException; -import at.gv.egovernment.moa.id.auth.AuthenticationServer; import at.gv.egovernment.moa.id.auth.MOAIDAuthConstants; import at.gv.egovernment.moa.id.auth.WrongParametersException; -import at.gv.egovernment.moa.id.auth.builder.DataURLBuilder; -import at.gv.egovernment.moa.id.auth.data.AuthenticationSession; import at.gv.egovernment.moa.id.config.ConfigurationException; import at.gv.egovernment.moa.id.config.auth.AuthConfigurationProvider; +import at.gv.egovernment.moa.id.entrypoints.DispatcherServlet; +import at.gv.egovernment.moa.id.storage.ExceptionStoreImpl; +import at.gv.egovernment.moa.id.storage.IExceptionStore; +import at.gv.egovernment.moa.id.util.ServletUtils; import at.gv.egovernment.moa.logging.Logger; import at.gv.egovernment.moa.util.BoolUtils; import at.gv.egovernment.moa.util.URLDecoder; -import at.gv.egovernment.moa.util.URLEncoder; /** - * Base class for MOA-ID Auth Servlets, providing standard error handling - * and constant names. + * Base class for MOA-ID Auth Servlets, providing standard error handling and + * constant names. * * @author Paul Ivancsics * @version $Id$ */ public class AuthServlet extends HttpServlet implements MOAIDAuthConstants { - - /** + /** * */ private static final long serialVersionUID = -6929905344382283738L; - - + protected static final String ERROR_CODE_PARAM = "errorid"; + @Override protected void doGet(HttpServletRequest req, HttpServletResponse resp) - throws ServletException, IOException { - Logger.debug("GET " + this.getServletName()); + throws ServletException, IOException { + Logger.debug("GET " + this.getServletName()); this.setNoCachingHeadersInHttpRespone(req, resp); -} -/** - * Handles an error. <br>> - * <ul> - * <li>Logs the error</li> - * <li>Places error message and exception thrown into the request - * as request attributes (to be used by <code>"/errorpage-auth.jsp"</code>)</li> - * <li>Sets HTTP status 500 (internal server error)</li> - * </ul> - * - * @param errorMessage error message - * @param exceptionThrown exception thrown - * @param req servlet request - * @param resp servlet response - */ - protected void handleError( - String errorMessage, Throwable exceptionThrown, HttpServletRequest req, HttpServletResponse resp) { + } - - if(null != errorMessage) { + protected void handleErrorNoRedirect(String errorMessage, Throwable exceptionThrown, + HttpServletRequest req, HttpServletResponse resp) { + + if (null != errorMessage) { Logger.error(errorMessage); - req.setAttribute("ErrorMessage", errorMessage ); + req.setAttribute("ErrorMessage", errorMessage); } - - + if (null != exceptionThrown) { - if(null == errorMessage) errorMessage = exceptionThrown.getMessage(); + if (null == errorMessage) + errorMessage = exceptionThrown.getMessage(); Logger.error(errorMessage, exceptionThrown); req.setAttribute("ExceptionThrown", exceptionThrown); } - + if (Logger.isDebugEnabled()) { - req.setAttribute("LogLevel", "debug"); + req.setAttribute("LogLevel", "debug"); } - - //forward this to errorpage-auth.jsp where the HTML error page is generated + + // forward this to errorpage-auth.jsp where the HTML error page is + // generated ServletContext context = getServletContext(); - RequestDispatcher dispatcher = context.getRequestDispatcher("/errorpage-auth.jsp"); - try { - - resp.setHeader(MOAIDAuthConstants.HEADER_EXPIRES,MOAIDAuthConstants.HEADER_VALUE_EXPIRES); - resp.setHeader(MOAIDAuthConstants.HEADER_PRAGMA,MOAIDAuthConstants.HEADER_VALUE_PRAGMA); - resp.setHeader(MOAIDAuthConstants.HEADER_CACHE_CONTROL,MOAIDAuthConstants.HEADER_VALUE_CACHE_CONTROL); - resp.addHeader(MOAIDAuthConstants.HEADER_CACHE_CONTROL,MOAIDAuthConstants.HEADER_VALUE_CACHE_CONTROL_IE); - - dispatcher.forward(req, resp); - } catch (ServletException e) { - Logger.error(e); - } catch (IOException e) { + RequestDispatcher dispatcher = context + .getRequestDispatcher("/errorpage-auth.jsp"); + try { + + resp.setHeader(MOAIDAuthConstants.HEADER_EXPIRES, + MOAIDAuthConstants.HEADER_VALUE_EXPIRES); + resp.setHeader(MOAIDAuthConstants.HEADER_PRAGMA, + MOAIDAuthConstants.HEADER_VALUE_PRAGMA); + resp.setHeader(MOAIDAuthConstants.HEADER_CACHE_CONTROL, + MOAIDAuthConstants.HEADER_VALUE_CACHE_CONTROL); + resp.addHeader(MOAIDAuthConstants.HEADER_CACHE_CONTROL, + MOAIDAuthConstants.HEADER_VALUE_CACHE_CONTROL_IE); + + dispatcher.forward(req, resp); + } catch (ServletException e) { Logger.error(e); - } - + } catch (IOException e) { + Logger.error(e); + } } - /** - * Handles a <code>WrongParametersException</code>. - * @param req servlet request - * @param resp servlet response - */ - protected void handleWrongParameters(WrongParametersException ex, HttpServletRequest req, HttpServletResponse resp) { - Logger.error(ex.toString()); - req.setAttribute("WrongParameters", ex.getMessage()); - - // forward this to errorpage-auth.jsp where the HTML error page is generated - ServletContext context = getServletContext(); - RequestDispatcher dispatcher = context.getRequestDispatcher("/errorpage-auth.jsp"); - try { - resp.setHeader(MOAIDAuthConstants.HEADER_EXPIRES,MOAIDAuthConstants.HEADER_VALUE_EXPIRES); - resp.setHeader(MOAIDAuthConstants.HEADER_PRAGMA,MOAIDAuthConstants.HEADER_VALUE_PRAGMA); - resp.setHeader(MOAIDAuthConstants.HEADER_CACHE_CONTROL,MOAIDAuthConstants.HEADER_VALUE_CACHE_CONTROL); - resp.addHeader(MOAIDAuthConstants.HEADER_CACHE_CONTROL,MOAIDAuthConstants.HEADER_VALUE_CACHE_CONTROL_IE); + + /** + * Handles an error. <br>> + * <ul> + * <li>Logs the error</li> + * <li>Places error message and exception thrown into the request as request + * attributes (to be used by <code>"/errorpage-auth.jsp"</code>)</li> + * <li>Sets HTTP status 500 (internal server error)</li> + * </ul> + * + * @param errorMessage + * error message + * @param exceptionThrown + * exception thrown + * @param req + * servlet request + * @param resp + * servlet response + */ + protected void handleError(String errorMessage, Throwable exceptionThrown, + HttpServletRequest req, HttpServletResponse resp, String pendingRequestID) { + + if (null != errorMessage) { + Logger.error(errorMessage); + req.setAttribute("ErrorMessage", errorMessage); + } + + if (null != exceptionThrown) { + if (null == errorMessage) + errorMessage = exceptionThrown.getMessage(); + Logger.error(errorMessage, exceptionThrown); + req.setAttribute("ExceptionThrown", exceptionThrown); + } + + if (Logger.isDebugEnabled()) { + req.setAttribute("LogLevel", "debug"); + } + + IExceptionStore store = ExceptionStoreImpl.getStore(); + String id = store.storeException(exceptionThrown); + + String redirectURL = null; + + redirectURL = ServletUtils.getBaseUrl(req); + redirectURL += "/dispatcher?" + ERROR_CODE_PARAM + "=" + id + + "&" + DispatcherServlet.PARAM_TARGET_PENDINGREQUESTID + "=" + pendingRequestID; - dispatcher.forward(req, resp); - } catch (ServletException e) { - Logger.error(e); - } catch (IOException e) { - Logger.error(e); - } - } - - /** - * Logs all servlet parameters for debugging purposes. - */ - protected void logParameters(HttpServletRequest req) { - for (Enumeration params = req.getParameterNames(); params.hasMoreElements(); ) { - String parname = (String)params.nextElement(); - Logger.debug("Parameter " + parname + req.getParameter(parname)); - } - } - - /** - * Parses the request input stream for parameters, assuming parameters are encoded UTF-8 - * (no standard exists how browsers should encode them). - * - * @param req servlet request - * - * @return mapping parameter name -> value - * - * @throws IOException if parsing request parameters fails. - * - * @throws FileUploadException if parsing request parameters fails. - */ - protected Map getParameters(HttpServletRequest req) - throws IOException, FileUploadException { - - Map parameters = new HashMap(); - - - if (ServletFileUpload.isMultipartContent(req)) - { - // request is encoded as mulitpart/form-data - FileItemFactory factory = new DiskFileItemFactory(); - ServletFileUpload upload = null; - upload = new ServletFileUpload(factory); - List items = null; - items = upload.parseRequest(req); - for (int i = 0; i < items.size(); i++) - { - FileItem item = (FileItem) items.get(i); - if (item.isFormField()) - { - // Process only form fields - no file upload items - String logString = item.getString("UTF-8"); - - // TODO use RegExp - String startS = "<pr:Identification><pr:Value>"; - String endS = "</pr:Value><pr:Type>urn:publicid:gv.at:baseid</pr:Type>"; - String logWithMaskedBaseid = logString; - int start = logString.indexOf(startS); - if (start > -1) { - int end = logString.indexOf(endS); - if (end > -1) { - logWithMaskedBaseid = logString.substring(0, start); - logWithMaskedBaseid += startS; - logWithMaskedBaseid += "xxxxxxxxxxxxxxxxxxxxxxxx"; - logWithMaskedBaseid += logString.substring(end, logString.length()); - } - } - parameters.put(item.getFieldName(), item.getString("UTF-8")); - Logger.debug("Processed multipart/form-data request parameter: \nName: " + - item.getFieldName() + "\nValue: " + - logWithMaskedBaseid); - } - } - } - - else - { - // request is encoded as application/x-www-urlencoded - InputStream in = req.getInputStream(); - - String paramName; - String paramValueURLEncoded; - do { - paramName = new String(readBytesUpTo(in, '=')); - if (paramName.length() > 0) { - paramValueURLEncoded = readBytesUpTo(in, '&'); - String paramValue = URLDecoder.decode(paramValueURLEncoded, "UTF-8"); - parameters.put(paramName, paramValue); - } - } - while (paramName.length() > 0); - in.close(); - } - - return parameters; - } - - /** - * Reads bytes up to a delimiter, consuming the delimiter. - * @param in input stream - * @param delimiter delimiter character - * @return String constructed from the read bytes - * @throws IOException - */ - protected String readBytesUpTo(InputStream in, char delimiter) throws IOException { - ByteArrayOutputStream bout = new ByteArrayOutputStream(); - boolean done = false; - int b; - while (! done && (b = in.read()) >= 0) { - if (b == delimiter) - done = true; - else - bout.write(b); - } - return bout.toString(); - } + resp.setContentType("text/html"); + resp.setStatus(302); + resp.addHeader("Location", redirectURL); + Logger.debug("REDIRECT TO: " + redirectURL); + + return; + /* + // forward this to errorpage-auth.jsp where the HTML error page is + // generated + ServletContext context = getServletContext(); + RequestDispatcher dispatcher = context + .getRequestDispatcher("/errorpage-auth.jsp"); + try { + + resp.setHeader(MOAIDAuthConstants.HEADER_EXPIRES, + MOAIDAuthConstants.HEADER_VALUE_EXPIRES); + resp.setHeader(MOAIDAuthConstants.HEADER_PRAGMA, + MOAIDAuthConstants.HEADER_VALUE_PRAGMA); + resp.setHeader(MOAIDAuthConstants.HEADER_CACHE_CONTROL, + MOAIDAuthConstants.HEADER_VALUE_CACHE_CONTROL); + resp.addHeader(MOAIDAuthConstants.HEADER_CACHE_CONTROL, + MOAIDAuthConstants.HEADER_VALUE_CACHE_CONTROL_IE); + + dispatcher.forward(req, resp); + } catch (ServletException e) { + Logger.error(e); + } catch (IOException e) { + Logger.error(e); + } + */ + } + + /** + * Handles a <code>WrongParametersException</code>. + * + * @param req + * servlet request + * @param resp + * servlet response + */ + protected void handleWrongParameters(WrongParametersException ex, + HttpServletRequest req, HttpServletResponse resp) { + Logger.error(ex.toString()); + req.setAttribute("WrongParameters", ex.getMessage()); + + // forward this to errorpage-auth.jsp where the HTML error page is + // generated + ServletContext context = getServletContext(); + RequestDispatcher dispatcher = context + .getRequestDispatcher("/errorpage-auth.jsp"); + try { + resp.setHeader(MOAIDAuthConstants.HEADER_EXPIRES, + MOAIDAuthConstants.HEADER_VALUE_EXPIRES); + resp.setHeader(MOAIDAuthConstants.HEADER_PRAGMA, + MOAIDAuthConstants.HEADER_VALUE_PRAGMA); + resp.setHeader(MOAIDAuthConstants.HEADER_CACHE_CONTROL, + MOAIDAuthConstants.HEADER_VALUE_CACHE_CONTROL); + resp.addHeader(MOAIDAuthConstants.HEADER_CACHE_CONTROL, + MOAIDAuthConstants.HEADER_VALUE_CACHE_CONTROL_IE); + + dispatcher.forward(req, resp); + } catch (ServletException e) { + Logger.error(e); + } catch (IOException e) { + Logger.error(e); + } + } + + /** + * Logs all servlet parameters for debugging purposes. + */ + protected void logParameters(HttpServletRequest req) { + for (Enumeration params = req.getParameterNames(); params + .hasMoreElements();) { + String parname = (String) params.nextElement(); + Logger.debug("Parameter " + parname + req.getParameter(parname)); + } + } + + /** + * Parses the request input stream for parameters, assuming parameters are + * encoded UTF-8 (no standard exists how browsers should encode them). + * + * @param req + * servlet request + * + * @return mapping parameter name -> value + * + * @throws IOException + * if parsing request parameters fails. + * + * @throws FileUploadException + * if parsing request parameters fails. + */ + protected Map getParameters(HttpServletRequest req) throws IOException, + FileUploadException { + + Map parameters = new HashMap(); + + if (ServletFileUpload.isMultipartContent(req)) { + // request is encoded as mulitpart/form-data + FileItemFactory factory = new DiskFileItemFactory(); + ServletFileUpload upload = null; + upload = new ServletFileUpload(factory); + List items = null; + items = upload.parseRequest(req); + for (int i = 0; i < items.size(); i++) { + FileItem item = (FileItem) items.get(i); + if (item.isFormField()) { + // Process only form fields - no file upload items + String logString = item.getString("UTF-8"); + + // TODO use RegExp + String startS = "<pr:Identification><pr:Value>"; + String endS = "</pr:Value><pr:Type>urn:publicid:gv.at:baseid</pr:Type>"; + String logWithMaskedBaseid = logString; + int start = logString.indexOf(startS); + if (start > -1) { + int end = logString.indexOf(endS); + if (end > -1) { + logWithMaskedBaseid = logString.substring(0, start); + logWithMaskedBaseid += startS; + logWithMaskedBaseid += "xxxxxxxxxxxxxxxxxxxxxxxx"; + logWithMaskedBaseid += logString.substring(end, + logString.length()); + } + } + parameters + .put(item.getFieldName(), item.getString("UTF-8")); + Logger.debug("Processed multipart/form-data request parameter: \nName: " + + item.getFieldName() + + "\nValue: " + + logWithMaskedBaseid); + } + } + } + + else { + // request is encoded as application/x-www-urlencoded + InputStream in = req.getInputStream(); + + String paramName; + String paramValueURLEncoded; + do { + paramName = new String(readBytesUpTo(in, '=')); + if (paramName.length() > 0) { + paramValueURLEncoded = readBytesUpTo(in, '&'); + String paramValue = URLDecoder.decode(paramValueURLEncoded, + "UTF-8"); + parameters.put(paramName, paramValue); + } + } while (paramName.length() > 0); + in.close(); + } + + return parameters; + } + + /** + * Reads bytes up to a delimiter, consuming the delimiter. + * + * @param in + * input stream + * @param delimiter + * delimiter character + * @return String constructed from the read bytes + * @throws IOException + */ + protected String readBytesUpTo(InputStream in, char delimiter) + throws IOException { + ByteArrayOutputStream bout = new ByteArrayOutputStream(); + boolean done = false; + int b; + while (!done && (b = in.read()) >= 0) { + if (b == delimiter) + done = true; + else + bout.write(b); + } + return bout.toString(); + } + /** * Calls the web application initializer. * @@ -277,51 +362,73 @@ public class AuthServlet extends HttpServlet implements MOAIDAuthConstants { public void init(ServletConfig servletConfig) throws ServletException { super.init(servletConfig); } - + /** * Set response headers to avoid caching - * @param request HttpServletRequest - * @param response HttpServletResponse + * + * @param request + * HttpServletRequest + * @param response + * HttpServletResponse */ - protected void setNoCachingHeadersInHttpRespone(HttpServletRequest request, HttpServletResponse response) { - response.setHeader(MOAIDAuthConstants.HEADER_EXPIRES,MOAIDAuthConstants.HEADER_VALUE_EXPIRES); - response.setHeader(MOAIDAuthConstants.HEADER_PRAGMA,MOAIDAuthConstants.HEADER_VALUE_PRAGMA); - response.setHeader(MOAIDAuthConstants.HEADER_CACHE_CONTROL,MOAIDAuthConstants.HEADER_VALUE_CACHE_CONTROL); - response.addHeader(MOAIDAuthConstants.HEADER_CACHE_CONTROL,MOAIDAuthConstants.HEADER_VALUE_CACHE_CONTROL_IE); - + protected void setNoCachingHeadersInHttpRespone(HttpServletRequest request, + HttpServletResponse response) { + response.setHeader(MOAIDAuthConstants.HEADER_EXPIRES, + MOAIDAuthConstants.HEADER_VALUE_EXPIRES); + response.setHeader(MOAIDAuthConstants.HEADER_PRAGMA, + MOAIDAuthConstants.HEADER_VALUE_PRAGMA); + response.setHeader(MOAIDAuthConstants.HEADER_CACHE_CONTROL, + MOAIDAuthConstants.HEADER_VALUE_CACHE_CONTROL); + response.addHeader(MOAIDAuthConstants.HEADER_CACHE_CONTROL, + MOAIDAuthConstants.HEADER_VALUE_CACHE_CONTROL_IE); + } - + /** - * Adds a parameter to a URL. - * @param url the URL - * @param paramname parameter name - * @param paramvalue parameter value - * @return the URL with parameter added - */ - protected static String addURLParameter(String url, String paramname, String paramvalue) { - String param = paramname + "=" + paramvalue; - if (url.indexOf("?") < 0) - return url + "?" + param; - else - return url + "&" + param; - } - - /** - * Checks if HTTP requests are allowed - * @param authURL requestURL - * @throws AuthenticationException if HTTP requests are not allowed - * @throws ConfigurationException - */ - protected void checkIfHTTPisAllowed(String authURL) throws AuthenticationException, ConfigurationException { + * Adds a parameter to a URL. + * + * @param url + * the URL + * @param paramname + * parameter name + * @param paramvalue + * parameter value + * @return the URL with parameter added + */ + protected static String addURLParameter(String url, String paramname, + String paramvalue) { + String param = paramname + "=" + paramvalue; + if (url.indexOf("?") < 0) + return url + "?" + param; + else + return url + "&" + param; + } + + /** + * Checks if HTTP requests are allowed + * + * @param authURL + * requestURL + * @throws AuthenticationException + * if HTTP requests are not allowed + * @throws ConfigurationException + */ + protected void checkIfHTTPisAllowed(String authURL) + throws AuthenticationException, ConfigurationException { // check if HTTP Connection may be allowed (through - // FRONTEND_SERVLETS_ENABLE_HTTP_CONNECTION_PROPERTY) - String boolStr = AuthConfigurationProvider.getInstance().getGenericConfigurationParameter( - AuthConfigurationProvider.FRONTEND_SERVLETS_ENABLE_HTTP_CONNECTION_PROPERTY); - if ((!authURL.startsWith("https:")) - && (false == BoolUtils.valueOf(boolStr))) - throw new AuthenticationException("auth.07", - new Object[] { authURL + "*" }); - - } + // FRONTEND_SERVLETS_ENABLE_HTTP_CONNECTION_PROPERTY) + + //Removed from MOA-ID 2.0 config +// String boolStr = AuthConfigurationProvider +// .getInstance() +// .getGenericConfigurationParameter( +// AuthConfigurationProvider.FRONTEND_SERVLETS_ENABLE_HTTP_CONNECTION_PROPERTY); + if ((!authURL.startsWith("https:")) + //&& (false == BoolUtils.valueOf(boolStr)) + ) + throw new AuthenticationException("auth.07", new Object[] { authURL + + "*" }); + + } } diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/GenerateIFrameTemplateServlet.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/GenerateIFrameTemplateServlet.java new file mode 100644 index 000000000..d4484a97c --- /dev/null +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/GenerateIFrameTemplateServlet.java @@ -0,0 +1,147 @@ +package at.gv.egovernment.moa.id.auth.servlet; + +import java.io.IOException; +import java.io.PrintWriter; +import java.util.Arrays; +import java.util.List; + +import javax.servlet.ServletConfig; +import javax.servlet.ServletException; +import javax.servlet.http.HttpServletRequest; +import javax.servlet.http.HttpServletResponse; +import javax.servlet.http.HttpSession; + +import org.apache.commons.lang.StringEscapeUtils; +import org.bouncycastle.asn1.x509.Target; + +import com.trilead.ssh2.Session; + +import at.gv.egovernment.moa.id.AuthenticationException; +import at.gv.egovernment.moa.id.MOAIDException; +import at.gv.egovernment.moa.id.auth.MOAIDAuthInitializer; +import at.gv.egovernment.moa.id.auth.WrongParametersException; +import at.gv.egovernment.moa.id.auth.builder.StartAuthenticationBuilder; +import at.gv.egovernment.moa.id.auth.data.AuthenticationSession; +import at.gv.egovernment.moa.id.auth.parser.StartAuthentificationParameterParser; +import at.gv.egovernment.moa.id.commons.db.ConfigurationDBUtils; +import at.gv.egovernment.moa.id.commons.db.ex.MOADatabaseException; +import at.gv.egovernment.moa.id.config.auth.AuthConfigurationProvider; +import at.gv.egovernment.moa.id.config.auth.OAAuthParameter; +import at.gv.egovernment.moa.id.moduls.AuthenticationManager; +import at.gv.egovernment.moa.id.storage.AuthenticationSessionStoreage; +import at.gv.egovernment.moa.id.util.MOAIDMessageProvider; +import at.gv.egovernment.moa.logging.Logger; +import at.gv.egovernment.moa.util.StringUtils; + +public class GenerateIFrameTemplateServlet extends AuthServlet { + + private static final long serialVersionUID = 1L; + + public void init(ServletConfig servletConfig) throws ServletException { + try { + super.init(servletConfig); + MOAIDAuthInitializer.initialize(); + Logger.debug("default platform file.encoding: " + System.getProperty("file.encoding")); + Logger.info(MOAIDMessageProvider.getInstance().getMessage("init.00", null)); + } + catch (Exception ex) { + Logger.fatal(MOAIDMessageProvider.getInstance().getMessage("init.02", null), ex); + throw new ServletException(ex); + } + } + + protected void doGet(HttpServletRequest req, HttpServletResponse resp) + throws ServletException, IOException { + Logger.info("Receive " + GenerateIFrameTemplateServlet.class + " Request"); + + String pendingRequestID = null; + + try { + String bkuid = req.getParameter(PARAM_BKU); + String useMandate = req.getParameter(PARAM_USEMANDATE); + String ccc = req.getParameter(PARAM_CCC); + String moasessionid = req.getParameter(PARAM_SESSIONID); + + AuthenticationSession moasession = null; + + try { + //moasessionid = (String) req.getSession().getAttribute(AuthenticationManager.MOA_SESSION); + + pendingRequestID = AuthenticationSessionStoreage.getPendingRequestID(moasessionid); + + moasession = AuthenticationSessionStoreage.getSession(moasessionid); + + String newmoasessionid = AuthenticationSessionStoreage.changeSessionID(moasession); + + } catch (MOADatabaseException e) { + Logger.info("MOASession with SessionID="+ moasessionid + " is not found in Database"); + throw new MOAIDException("init.04", new Object[] { + moasessionid}); + + } catch (Throwable e) { + Logger.info("No HTTP Session found!"); + throw new MOAIDException("auth.18", new Object[] {}); + } + + //load OA Config + OAAuthParameter oaParam = AuthConfigurationProvider.getInstance() + .getOnlineApplicationParameter(moasession.getOAURLRequested()); + + if (oaParam == null) + throw new AuthenticationException("auth.00", new Object[] { moasession.getOAURLRequested() }); + + else { + + //load Parameters from config + String target = oaParam.getTarget(); + + String bkuURL = oaParam.getBKUURL(bkuid); + String templateURL = AuthConfigurationProvider.getInstance().getSLRequestTemplates(bkuid); + + //parse all OA parameters i + StartAuthentificationParameterParser.parse(moasession, + target, + moasession.getOAURLRequested(), + bkuURL, + templateURL, + useMandate, + ccc, + moasession.getModul(), + moasession.getAction(), + req); + } + + StartAuthenticationBuilder startauth = StartAuthenticationBuilder.getInstance(); + String getIdentityLinkForm = startauth.build(moasession, req, resp); + + //store MOASession + try { + AuthenticationSessionStoreage.storeSession(moasession); + + } catch (MOADatabaseException e) { + Logger.error("Database Error! MOASession is not stored!"); + throw new MOAIDException("init.04", new Object[] { + moasession.getSessionID()}); + } + + if (!StringUtils.isEmpty(getIdentityLinkForm)) { + resp.setContentType("text/html;charset=UTF-8"); + PrintWriter out = new PrintWriter(resp.getOutputStream()); + out.print(getIdentityLinkForm); + out.flush(); + Logger.debug("Finished GET "+GenerateIFrameTemplateServlet.class); + } + } + catch (WrongParametersException ex) { + handleWrongParameters(ex, req, resp); + } + + catch (MOAIDException ex) { + handleError(null, ex, req, resp, pendingRequestID); + } + + finally { + ConfigurationDBUtils.closeSession(); + } + } +} diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/GetForeignIDServlet.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/GetForeignIDServlet.java index 6516e64b7..02c751a0a 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/GetForeignIDServlet.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/GetForeignIDServlet.java @@ -49,10 +49,12 @@ import at.gv.egovernment.moa.id.auth.parser.CreateXMLSignatureResponseParser; import at.gv.egovernment.moa.id.auth.parser.IdentityLinkAssertionParser; import at.gv.egovernment.moa.id.auth.validator.parep.client.szrgw.CreateIdentityLinkResponse; import at.gv.egovernment.moa.id.auth.validator.parep.client.szrgw.SZRGWClientException; +import at.gv.egovernment.moa.id.commons.db.ex.MOADatabaseException; +import at.gv.egovernment.moa.id.moduls.ModulUtils; +import at.gv.egovernment.moa.id.storage.AuthenticationSessionStoreage; import at.gv.egovernment.moa.id.util.ParamValidatorUtils; import at.gv.egovernment.moa.logging.Logger; import at.gv.egovernment.moa.util.DOMUtils; -import at.gv.egovernment.moa.util.URLEncoder; /**
* Servlet requested for getting the foreign eID
@@ -112,7 +114,10 @@ public class GetForeignIDServlet extends AuthServlet { resp.setHeader(MOAIDAuthConstants.HEADER_CACHE_CONTROL,MOAIDAuthConstants.HEADER_VALUE_CACHE_CONTROL);
resp.addHeader(MOAIDAuthConstants.HEADER_CACHE_CONTROL,MOAIDAuthConstants.HEADER_VALUE_CACHE_CONTROL_IE);
- Map parameters;
+ Map parameters; + + String pendingRequestID = null; +
try
{
parameters = getParameters(req);
@@ -121,7 +126,8 @@ public class GetForeignIDServlet extends AuthServlet { Logger.error("Parsing mulitpart/form-data request parameters failed: " + e.getMessage());
throw new IOException(e.getMessage());
}
- String sessionID = req.getParameter(PARAM_SESSIONID);
+ String sessionID = req.getParameter(PARAM_SESSIONID); + pendingRequestID = AuthenticationSessionStoreage.getPendingRequestID(sessionID);
// escape parameter strings
sessionID = StringEscapeUtils.escapeHtml(sessionID);
@@ -177,18 +183,38 @@ public class GetForeignIDServlet extends AuthServlet { session.setIdentityLink(identitylink);
String samlArtifactBase64 =
- AuthenticationServer.getInstance().getForeignAuthenticationData(sessionID); + AuthenticationServer.getInstance().getForeignAuthenticationData(session); + + + //session is implicit stored in changeSessionID!!!! + String newMOASessionID = AuthenticationSessionStoreage.changeSessionID(session); + + Logger.info("Changed MOASession " + sessionID + " to Session " + newMOASessionID); + Logger.info("Daten angelegt zu MOASession " + newMOASessionID); + if (!samlArtifactBase64.equals("Redirect to Input Processor")) { - redirectURL = session.getOAURLRequested(); + /*redirectURL = session.getOAURLRequested(); if (!session.getBusinessService()) { redirectURL = addURLParameter(redirectURL, PARAM_TARGET, URLEncoder.encode(session.getTarget(), "UTF-8")); } redirectURL = addURLParameter(redirectURL, PARAM_SAMLARTIFACT, URLEncoder.encode(samlArtifactBase64, "UTF-8")); + redirectURL = resp.encodeRedirectURL(redirectURL);*/ + + redirectURL = new DataURLBuilder().buildDataURL(session.getAuthURL(), + ModulUtils.buildAuthURL(session.getModul(), session.getAction(), pendingRequestID), newMOASessionID); redirectURL = resp.encodeRedirectURL(redirectURL); - } else { - redirectURL = new DataURLBuilder().buildDataURL(session.getAuthURL(), AuthenticationServer.REQ_PROCESS_VALIDATOR_INPUT, session.getSessionID()); + } else { + redirectURL = new DataURLBuilder().buildDataURL(session.getAuthURL(), AuthenticationServer.REQ_PROCESS_VALIDATOR_INPUT, newMOASessionID); + }
+ + try { + AuthenticationSessionStoreage.storeSession(session); + } catch (MOADatabaseException e) { + throw new MOAIDException("Session store error", null); + } + resp.setContentType("text/html");
resp.setStatus(302);
@@ -198,10 +224,10 @@ public class GetForeignIDServlet extends AuthServlet { }
catch (MOAIDException ex) {
- handleError(null, ex, req, resp);
+ handleError(null, ex, req, resp, pendingRequestID);
}
catch (SZRGWClientException ex) {
- handleError(null, ex, req, resp);
+ handleError(null, ex, req, resp, pendingRequestID);
}
}
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/GetMISSessionIDServlet.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/GetMISSessionIDServlet.java index 04fbc0588..e461197e2 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/GetMISSessionIDServlet.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/GetMISSessionIDServlet.java @@ -21,9 +21,8 @@ * that you distribute must include a readable copy of the "NOTICE" text file. */ +package at.gv.egovernment.moa.id.auth.servlet; -package at.gv.egovernment.moa.id.auth.servlet;
-
import iaik.pki.PKIException; import java.io.IOException; @@ -41,6 +40,7 @@ import org.apache.commons.lang.StringEscapeUtils; import org.w3c.dom.Element; import org.xml.sax.SAXException; +import at.gv.egovernment.moa.id.AuthenticationException; import at.gv.egovernment.moa.id.MOAIDException; import at.gv.egovernment.moa.id.auth.AuthenticationServer; import at.gv.egovernment.moa.id.auth.MOAIDAuthConstants; @@ -48,8 +48,11 @@ import at.gv.egovernment.moa.id.auth.WrongParametersException; import at.gv.egovernment.moa.id.auth.builder.BPKBuilder; import at.gv.egovernment.moa.id.auth.builder.DataURLBuilder; import at.gv.egovernment.moa.id.auth.data.AuthenticationSession; +import at.gv.egovernment.moa.id.commons.db.ConfigurationDBUtils; import at.gv.egovernment.moa.id.config.ConnectionParameter; import at.gv.egovernment.moa.id.config.auth.AuthConfigurationProvider; +import at.gv.egovernment.moa.id.moduls.ModulUtils; +import at.gv.egovernment.moa.id.storage.AuthenticationSessionStoreage; import at.gv.egovernment.moa.id.util.ParamValidatorUtils; import at.gv.egovernment.moa.id.util.SSLUtils; import at.gv.egovernment.moa.id.util.client.mis.simple.MISMandate; @@ -58,160 +61,181 @@ import at.gv.egovernment.moa.id.util.client.mis.simple.MISSimpleClientException; import at.gv.egovernment.moa.logging.Logger; import at.gv.egovernment.moa.util.DOMUtils; import at.gv.egovernment.moa.util.URLEncoder; -
-/**
- * Servlet requested for getting the foreign eID
- * provided by the security layer implementation.
- * Utilizes the {@link AuthenticationServer}.
- *
- */
-public class GetMISSessionIDServlet extends AuthServlet {
-
- /** + +/** + * Servlet requested for getting the foreign eID provided by the security layer + * implementation. Utilizes the {@link AuthenticationServer}. + * + */ +public class GetMISSessionIDServlet extends AuthServlet { + + /** * */ private static final long serialVersionUID = 4666952867085392597L; -/**
- * Constructor for GetMISSessionIDServlet.
- */
- public GetMISSessionIDServlet() {
- super();
- }
-
- /**
- * GET requested by security layer implementation to verify
- * that data URL resource is available.
- * @see javax.servlet.http.HttpServlet#doGet(HttpServletRequest, HttpServletResponse)
- */
- protected void doGet(HttpServletRequest req, HttpServletResponse resp)
- throws ServletException, IOException {
-
- doPost(req, resp);
-
-// Logger.debug("GET GetMISSessionIDServlet");
-//
-// resp.setHeader(MOAIDAuthConstants.HEADER_EXPIRES,MOAIDAuthConstants.HEADER_VALUE_EXPIRES);
-// resp.setHeader(MOAIDAuthConstants.HEADER_PRAGMA,MOAIDAuthConstants.HEADER_VALUE_PRAGMA);
-// resp.setHeader(MOAIDAuthConstants.HEADER_CACHE_CONTROL,MOAIDAuthConstants.HEADER_VALUE_CACHE_CONTROL);
-// resp.addHeader(MOAIDAuthConstants.HEADER_CACHE_CONTROL,MOAIDAuthConstants.HEADER_VALUE_CACHE_CONTROL_IE);
- }
-
- /**
- * Gets the signer certificate from the InfoboxReadRequest and
- * responds with a new
- * <code>CreateXMLSignatureRequest</code>.
- * <br>
- * Request parameters:
- * <ul>
- * <li>MOASessionID: ID of associated authentication session</li>
- * <li>XMLResponse: <code><InfoboxReadResponse></code></li>
- * </ul>
- * @see javax.servlet.http.HttpServlet#doPost(HttpServletRequest, HttpServletResponse)
- */
- protected void doPost(HttpServletRequest req, HttpServletResponse resp)
- throws ServletException, IOException {
-
- Logger.debug("POST GetMISSessionIDServlet");
-
- resp.setHeader(MOAIDAuthConstants.HEADER_EXPIRES,MOAIDAuthConstants.HEADER_VALUE_EXPIRES);
- resp.setHeader(MOAIDAuthConstants.HEADER_PRAGMA,MOAIDAuthConstants.HEADER_VALUE_PRAGMA);
- resp.setHeader(MOAIDAuthConstants.HEADER_CACHE_CONTROL,MOAIDAuthConstants.HEADER_VALUE_CACHE_CONTROL);
- resp.addHeader(MOAIDAuthConstants.HEADER_CACHE_CONTROL,MOAIDAuthConstants.HEADER_VALUE_CACHE_CONTROL_IE);
-
-// Map parameters;
-// try
-// {
-// parameters = getParameters(req);
-// } catch (FileUploadException e)
-// {
-// Logger.error("Parsing mulitpart/form-data request parameters failed: " + e.getMessage());
-// throw new IOException(e.getMessage());
-// }
-
- String sessionID = req.getParameter(PARAM_SESSIONID);
-
- // escape parameter strings
- sessionID = StringEscapeUtils.escapeHtml(sessionID);
-
- AuthenticationSession session = null;
- try {
- // check parameter
- if (!ParamValidatorUtils.isValidSessionID(sessionID))
- throw new WrongParametersException("VerifyCertificate", PARAM_SESSIONID, "auth.12");
-
- session = AuthenticationServer.getSession(sessionID);
-
- String misSessionID = session.getMISSessionID();
-
- AuthConfigurationProvider authConf= AuthConfigurationProvider.getInstance();
- ConnectionParameter connectionParameters = authConf.getOnlineMandatesConnectionParameter();
- SSLSocketFactory sslFactory = SSLUtils.getSSLSocketFactory(AuthConfigurationProvider.getInstance(), connectionParameters);
-
- List list = MISSimpleClient.sendGetMandatesRequest(connectionParameters.getUrl(), misSessionID, sslFactory);
-
- if (list == null) {
- Logger.error("Keine Vollmacht gefunden.");
- throw new MISSimpleClientException("Keine Vollmacht gefunden");
- }
- if (list.size() == 0) {
- Logger.error("Keine Vollmacht gefunden.");
- throw new MISSimpleClientException("Keine Vollmacht gefunden");
- }
-
- // for now: list contains only one element
- MISMandate mandate = (MISMandate)list.get(0); -
-
- // verify mandate signature
- AuthenticationServer.getInstance().verifyMandate(sessionID, mandate);
- - byte[] byteMandate = mandate.getMandate(); - String stringMandate = new String(byteMandate); - Element mandateDoc = DOMUtils.parseDocument(stringMandate, false, null, null).getDocumentElement(); - - //TODO OW bPK (Offen: was bei saml:NameIdentifier NameQualifier="urn:publicid:gv.at:cdid+bpk"> und <saml:Attribute AttributeName="bPK" ) - System.out.println("\n\n\n OW BPK: " + mandate.getOWbPK()); - // TODO wenn OW bPK vorhanden - in SAML Assertion setzen! - - String redirectURL = null; - String samlArtifactBase64 = - AuthenticationServer.getInstance().verifyAuthenticationBlockMandate(sessionID, mandateDoc); - - - if (!samlArtifactBase64.equals("Redirect to Input Processor")) { - redirectURL = session.getOAURLRequested(); - if (!session.getBusinessService()) { - redirectURL = addURLParameter(redirectURL, PARAM_TARGET, URLEncoder.encode(session.getTarget(), "UTF-8")); - } - redirectURL = addURLParameter(redirectURL, PARAM_SAMLARTIFACT, URLEncoder.encode(samlArtifactBase64, "UTF-8")); - redirectURL = resp.encodeRedirectURL(redirectURL); - } else { - redirectURL = new DataURLBuilder().buildDataURL(session.getAuthURL(), AuthenticationServer.REQ_PROCESS_VALIDATOR_INPUT, session.getSessionID()); - } - resp.setContentType("text/html"); - resp.setStatus(302); - - resp.addHeader("Location", redirectURL); - Logger.debug("REDIRECT TO: " + redirectURL); -
-
- }
- catch (MOAIDException ex) {
- handleError(null, ex, req, resp);
- } catch (GeneralSecurityException ex) {
- handleError(null, ex, req, resp);
- } catch (PKIException e) {
- handleError(null, e, req, resp);
- } catch (MISSimpleClientException e) {
- handleError(null, e, req, resp);
+ /** + * Constructor for GetMISSessionIDServlet. + */ + public GetMISSessionIDServlet() { + super(); + } + + /** + * GET requested by security layer implementation to verify that data URL + * resource is available. + * + * @see javax.servlet.http.HttpServlet#doGet(HttpServletRequest, + * HttpServletResponse) + */ + protected void doGet(HttpServletRequest req, HttpServletResponse resp) + throws ServletException, IOException { + + doPost(req, resp); + + // Logger.debug("GET GetMISSessionIDServlet"); + // + // resp.setHeader(MOAIDAuthConstants.HEADER_EXPIRES,MOAIDAuthConstants.HEADER_VALUE_EXPIRES); + // resp.setHeader(MOAIDAuthConstants.HEADER_PRAGMA,MOAIDAuthConstants.HEADER_VALUE_PRAGMA); + // resp.setHeader(MOAIDAuthConstants.HEADER_CACHE_CONTROL,MOAIDAuthConstants.HEADER_VALUE_CACHE_CONTROL); + // resp.addHeader(MOAIDAuthConstants.HEADER_CACHE_CONTROL,MOAIDAuthConstants.HEADER_VALUE_CACHE_CONTROL_IE); + } + + /** + * Gets the signer certificate from the InfoboxReadRequest and responds with + * a new <code>CreateXMLSignatureRequest</code>. <br> + * Request parameters: + * <ul> + * <li>MOASessionID: ID of associated authentication session</li> + * <li>XMLResponse: <code><InfoboxReadResponse></code></li> + * </ul> + * + * @see javax.servlet.http.HttpServlet#doPost(HttpServletRequest, + * HttpServletResponse) + */ + protected void doPost(HttpServletRequest req, HttpServletResponse resp) + throws ServletException, IOException { + + Logger.debug("POST GetMISSessionIDServlet"); + + resp.setHeader(MOAIDAuthConstants.HEADER_EXPIRES, + MOAIDAuthConstants.HEADER_VALUE_EXPIRES); + resp.setHeader(MOAIDAuthConstants.HEADER_PRAGMA, + MOAIDAuthConstants.HEADER_VALUE_PRAGMA); + resp.setHeader(MOAIDAuthConstants.HEADER_CACHE_CONTROL, + MOAIDAuthConstants.HEADER_VALUE_CACHE_CONTROL); + resp.addHeader(MOAIDAuthConstants.HEADER_CACHE_CONTROL, + MOAIDAuthConstants.HEADER_VALUE_CACHE_CONTROL_IE); + + // Map parameters; + // try + // { + // parameters = getParameters(req); + // } catch (FileUploadException e) + // { + // Logger.error("Parsing mulitpart/form-data request parameters failed: " + // + e.getMessage()); + // throw new IOException(e.getMessage()); + // } + + String sessionID = req.getParameter(PARAM_SESSIONID); + + // escape parameter strings + sessionID = StringEscapeUtils.escapeHtml(sessionID); + + AuthenticationSession session = null; + String pendingRequestID = null; + try { + // check parameter + if (!ParamValidatorUtils.isValidSessionID(sessionID)) + throw new WrongParametersException("VerifyCertificate", + PARAM_SESSIONID, "auth.12"); + + pendingRequestID = AuthenticationSessionStoreage.getPendingRequestID(sessionID); + + session = AuthenticationServer.getSession(sessionID); + + String misSessionID = session.getMISSessionID(); + + AuthConfigurationProvider authConf = AuthConfigurationProvider + .getInstance(); + ConnectionParameter connectionParameters = authConf + .getOnlineMandatesConnectionParameter(); + SSLSocketFactory sslFactory = SSLUtils.getSSLSocketFactory( + AuthConfigurationProvider.getInstance(), + connectionParameters); + + List list = MISSimpleClient.sendGetMandatesRequest( + connectionParameters.getUrl(), misSessionID, sslFactory); + + if (list == null) { + Logger.error("Keine Vollmacht gefunden."); + throw new MISSimpleClientException("Keine Vollmacht gefunden"); + } + if (list.size() == 0) { + Logger.error("Keine Vollmacht gefunden."); + throw new MISSimpleClientException("Keine Vollmacht gefunden"); + } + + // for now: list contains only one element + MISMandate mandate = (MISMandate) list.get(0); + + String sMandate = new String(mandate.getMandate()); + if (sMandate == null | sMandate.compareToIgnoreCase("") == 0) { + Logger.error("Mandate is empty."); + throw new AuthenticationException("auth.16", + new Object[] { GET_MIS_SESSIONID }); + } + + //check if it is a parsable XML + byte[] byteMandate = mandate.getMandate(); + String stringMandate = new String(byteMandate); + Element mandateDoc = DOMUtils.parseDocument(stringMandate, false, + null, null).getDocumentElement(); + + // extract RepresentationType + AuthenticationServer.getInstance().verifyMandate(session, mandate); + + session.setMISMandate(mandate); + session.setAuthenticatedUsed(false); + session.setAuthenticated(true); + + String oldsessionID = session.getSessionID(); + + //Session is implicite stored in changeSessionID!!! + String newMOASessionID = AuthenticationSessionStoreage.changeSessionID(session); + + Logger.info("Changed MOASession " + oldsessionID + " to Session " + newMOASessionID); + Logger.info("Daten angelegt zu MOASession " + newMOASessionID); + + String redirectURL = new DataURLBuilder().buildDataURL( + session.getAuthURL(), + ModulUtils.buildAuthURL(session.getModul(), + session.getAction(), pendingRequestID), newMOASessionID); + redirectURL = resp.encodeRedirectURL(redirectURL); + + resp.setContentType("text/html"); + resp.setStatus(302); + resp.addHeader("Location", redirectURL); + Logger.debug("REDIRECT TO: " + redirectURL); + + } catch (MOAIDException ex) { + handleError(null, ex, req, resp, pendingRequestID); + } catch (GeneralSecurityException ex) { + handleError(null, ex, req, resp, pendingRequestID); + } catch (PKIException e) { + handleError(null, e, req, resp, pendingRequestID); + } catch (MISSimpleClientException e) { + handleError(null, e, req, resp, pendingRequestID); } catch (SAXException e) { - handleError(null, e, req, resp); + handleError(null, e, req, resp, pendingRequestID); } catch (ParserConfigurationException e) { - handleError(null, e, req, resp); - }
- } - -
-
- }
+ handleError(null, e, req, resp, pendingRequestID); + } + + finally { + ConfigurationDBUtils.closeSession(); + } + } + +} diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/LogOutServlet.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/LogOutServlet.java new file mode 100644 index 000000000..8dc5d7469 --- /dev/null +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/LogOutServlet.java @@ -0,0 +1,144 @@ +/* + * Copyright 2003 Federal Chancellery Austria + * MOA-ID has been developed in a cooperation between BRZ, the Federal + * Chancellery Austria - ICT staff unit, and Graz University of Technology. + * + * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by + * the European Commission - subsequent versions of the EUPL (the "Licence"); + * You may not use this work except in compliance with the Licence. + * You may obtain a copy of the Licence at: + * http://www.osor.eu/eupl/ + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the Licence is distributed on an "AS IS" basis, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the Licence for the specific language governing permissions and + * limitations under the Licence. + * + * This product combines work with different licenses. See the "NOTICE" text + * file for details on the various modules and licenses. + * The "NOTICE" text file is part of the distribution. Any derivative works + * that you distribute must include a readable copy of the "NOTICE" text file. + */ + + +package at.gv.egovernment.moa.id.auth.servlet; + +import java.io.IOException; +import java.io.PrintWriter; +import java.util.List; + +import javax.servlet.ServletConfig; +import javax.servlet.ServletException; +import javax.servlet.http.HttpServletRequest; +import javax.servlet.http.HttpServletResponse; +import javax.servlet.http.HttpSession; +import javax.swing.text.StyleContext.SmallAttributeSet; + +import org.apache.commons.lang.StringEscapeUtils; +import org.opensaml.saml2.metadata.RequestedAttribute; + +import at.gv.egovernment.moa.id.AuthenticationException; +import at.gv.egovernment.moa.id.MOAIDException; +import at.gv.egovernment.moa.id.auth.AuthenticationServer; +import at.gv.egovernment.moa.id.auth.MOAIDAuthInitializer; +import at.gv.egovernment.moa.id.auth.WrongParametersException; +import at.gv.egovernment.moa.id.auth.data.AuthenticationSession; +import at.gv.egovernment.moa.id.auth.stork.STORKAuthnRequestProcessor; +import at.gv.egovernment.moa.id.commons.db.ex.MOADatabaseException; +import at.gv.egovernment.moa.id.config.auth.AuthConfigurationProvider; +import at.gv.egovernment.moa.id.config.auth.OAAuthParameter; +import at.gv.egovernment.moa.id.config.stork.CPEPS; +import at.gv.egovernment.moa.id.config.stork.STORKConfig; +import at.gv.egovernment.moa.id.moduls.AuthenticationManager; +import at.gv.egovernment.moa.id.moduls.IRequest; +import at.gv.egovernment.moa.id.moduls.RequestStorage; +import at.gv.egovernment.moa.id.moduls.SSOManager; +import at.gv.egovernment.moa.id.protocols.saml1.SAML1Protocol; +import at.gv.egovernment.moa.id.storage.AuthenticationSessionStoreage; +import at.gv.egovernment.moa.id.util.HTTPUtils; +import at.gv.egovernment.moa.id.util.MOAIDMessageProvider; +import at.gv.egovernment.moa.id.util.ParamValidatorUtils; +import at.gv.egovernment.moa.logging.Logger; +import at.gv.egovernment.moa.util.StringUtils; +import eu.stork.mw.messages.saml.STORKAuthnRequest; +import eu.stork.vidp.messages.builder.STORKMessagesBuilder; +import eu.stork.vidp.messages.exception.SAMLException; +import eu.stork.vidp.messages.exception.SAMLValidationException; +import eu.stork.vidp.messages.stork.QualityAuthenticationAssuranceLevel; +import eu.stork.vidp.messages.stork.RequestedAttributes; + +public class LogOutServlet extends AuthServlet { + + private static final long serialVersionUID = 3908001651893673395L; + + private static final String REDIRECT_URL = "redirect"; + + protected void doGet(HttpServletRequest req, HttpServletResponse resp) + throws ServletException, IOException { + + Logger.debug("receive LogOut Request"); + + String redirectUrl = (String) req.getParameter(REDIRECT_URL); + + SSOManager ssomanager = SSOManager.getInstance(); + + try { + //get SSO token from request + String ssoid = ssomanager.getSSOSessionID(req); + + if (ssomanager.isValidSSOSession(ssoid, req)) { + + //TODO: Single LogOut Implementation + + //delete SSO session and MOA session + AuthenticationManager authmanager = AuthenticationManager.getInstance(); + String moasessionid = AuthenticationSessionStoreage.getMOASessionID(ssoid); + + RequestStorage.removePendingRequest(RequestStorage.getPendingRequest(req.getSession()), + AuthenticationSessionStoreage.getPendingRequestID(moasessionid)); + + authmanager.logout(req, resp, moasessionid); + Logger.info("User with SSO Id " + ssoid + " is logged out and get redirect to "+ redirectUrl); + } else { + Logger.info("No active SSO session found. User is maybe logout already and get redirect to "+ redirectUrl); + } + + //Remove SSO token + ssomanager.deleteSSOSessionID(req, resp); + + } catch (Exception e) { + Logger.warn(LogOutServlet.class.getName() + " has an LogOut Error. Redirect to Applikation " + redirectUrl, e); + } + + //Redirect to Application + resp.setStatus(301); + resp.addHeader("Location", redirectUrl); + } + + + protected void doPost(HttpServletRequest req, HttpServletResponse resp) + throws ServletException, IOException { + + doGet(req, resp); + } + + + /** + * Calls the web application initializer. + * + * @see javax.servlet.Servlet#init(ServletConfig) + */ + public void init(ServletConfig servletConfig) throws ServletException { + try { + super.init(servletConfig); + MOAIDAuthInitializer.initialize(); + Logger.info(MOAIDMessageProvider.getInstance().getMessage("init.00", null)); + } + catch (Exception ex) { + Logger.fatal(MOAIDMessageProvider.getInstance().getMessage("init.02", null), ex); + throw new ServletException(ex); + } + } + +} diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/PEPSConnectorServlet.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/PEPSConnectorServlet.java index 4ec894d47..f6412f897 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/PEPSConnectorServlet.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/PEPSConnectorServlet.java @@ -23,11 +23,13 @@ import at.gv.egovernment.moa.id.auth.data.ExtendedSAMLAttribute; import at.gv.egovernment.moa.id.auth.data.IdentityLink;
import at.gv.egovernment.moa.id.auth.stork.STORKException;
import at.gv.egovernment.moa.id.auth.stork.STORKResponseProcessor;
+import at.gv.egovernment.moa.id.commons.db.ex.MOADatabaseException;
+import at.gv.egovernment.moa.id.moduls.ModulUtils;
+import at.gv.egovernment.moa.id.storage.AuthenticationSessionStoreage;
import at.gv.egovernment.moa.id.util.HTTPUtils;
import at.gv.egovernment.moa.logging.Logger;
import at.gv.egovernment.moa.util.DOMUtils;
import at.gv.egovernment.moa.util.StringUtils;
-import at.gv.egovernment.moa.util.URLEncoder;
import eu.stork.mw.messages.saml.STORKAuthnRequest;
import eu.stork.mw.messages.saml.STORKResponse;
import eu.stork.vidp.messages.util.XMLUtil;
@@ -54,6 +56,8 @@ public class PEPSConnectorServlet extends AuthServlet { */
protected void doPost(HttpServletRequest request, HttpServletResponse response) throws ServletException, IOException {
+ String pendingRequestID = null;
+
try {
Logger.info("PEPSConnector Servlet invoked, expecting C-PEPS message.");
@@ -78,6 +82,8 @@ public class PEPSConnectorServlet extends AuthServlet { httpSession.invalidate();
}
+ pendingRequestID = AuthenticationSessionStoreage.getPendingRequestID(moaSessionID);
+
Logger.info("Found MOA sessionID: " + moaSessionID);
Logger.debug("Beginning to extract SAMLResponse out of HTTP Request");
@@ -194,21 +200,39 @@ public class PEPSConnectorServlet extends AuthServlet { Logger.debug("Starting to assemble MOA assertion");
//produce MOA-Assertion and artifact
String samlArtifactBase64 =
- AuthenticationServer.getInstance().getForeignAuthenticationData(moaSessionID);
+ AuthenticationServer.getInstance().getForeignAuthenticationData(moaSession);
Logger.info("MOA assertion assembled and SAML Artifact generated.");
+ //session is implicit stored in changeSessionID!!!!
+ String newMOASessionID = AuthenticationSessionStoreage.changeSessionID(moaSession);
+
+ Logger.info("Changed MOASession " + moaSessionID + " to Session " + newMOASessionID);
+ Logger.info("Daten angelegt zu MOASession " + newMOASessionID);
+
//redirect
String redirectURL = null;
if (!samlArtifactBase64.equals("Redirect to Input Processor")) {
- redirectURL = moaSession.getOAURLRequested();
+ /*redirectURL = moaSession.getOAURLRequested();
if (!moaSession.getBusinessService()) {
redirectURL = addURLParameter(redirectURL, PARAM_TARGET, URLEncoder.encode(moaSession.getTarget(), "UTF-8"));
}
redirectURL = addURLParameter(redirectURL, PARAM_SAMLARTIFACT, URLEncoder.encode(samlArtifactBase64, "UTF-8"));
+ redirectURL = response.encodeRedirectURL(redirectURL);*/
+
+ redirectURL = new DataURLBuilder().buildDataURL(moaSession.getAuthURL(),
+ ModulUtils.buildAuthURL(moaSession.getModul(), moaSession.getAction(), pendingRequestID), newMOASessionID);
redirectURL = response.encodeRedirectURL(redirectURL);
} else {
- redirectURL = new DataURLBuilder().buildDataURL(moaSession.getAuthURL(), AuthenticationServer.REQ_PROCESS_VALIDATOR_INPUT, moaSession.getSessionID());
+
+ redirectURL = new DataURLBuilder().buildDataURL(moaSession.getAuthURL(), AuthenticationServer.REQ_PROCESS_VALIDATOR_INPUT, newMOASessionID);
}
+
+ try {
+ AuthenticationSessionStoreage.storeSession(moaSession);
+ } catch (MOADatabaseException e) {
+ throw new MOAIDException("Session store error", null);
+ }
+
response.setContentType("text/html");
response.setStatus(302);
response.addHeader("Location", redirectURL);
@@ -217,9 +241,9 @@ public class PEPSConnectorServlet extends AuthServlet { } catch (AuthenticationException e) {
- handleError(null, e, request, response);
+ handleError(null, e, request, response, pendingRequestID);
} catch (MOAIDException e) {
- handleError(null, e, request, response);
+ handleError(null, e, request, response, pendingRequestID);
}
}
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/ProcessValidatorInputServlet.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/ProcessValidatorInputServlet.java index b5c57d5cf..ba8698934 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/ProcessValidatorInputServlet.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/ProcessValidatorInputServlet.java @@ -46,8 +46,10 @@ import at.gv.egovernment.moa.id.auth.data.AuthenticationSession; import at.gv.egovernment.moa.id.auth.validator.InfoboxValidator;
import at.gv.egovernment.moa.id.auth.validator.ValidateException;
import at.gv.egovernment.moa.id.auth.validator.parep.ParepUtils;
+import at.gv.egovernment.moa.id.commons.db.ex.MOADatabaseException; import at.gv.egovernment.moa.id.config.auth.AuthConfigurationProvider;
import at.gv.egovernment.moa.id.config.auth.OAAuthParameter;
+import at.gv.egovernment.moa.id.storage.AuthenticationSessionStoreage; import at.gv.egovernment.moa.id.util.ParamValidatorUtils; import at.gv.egovernment.moa.logging.Logger;
import at.gv.egovernment.moa.util.FileUtils;
@@ -133,7 +135,7 @@ public class ProcessValidatorInputServlet extends AuthServlet { handleWrongParameters(ex, req, resp); }
catch (MOAIDException ex) {
- handleError(null, ex, req, resp);
+ handleError(null, ex, req, resp, null); //TODO: is this Class required?
}
}
@@ -145,114 +147,122 @@ public class ProcessValidatorInputServlet extends AuthServlet { protected void doPost(HttpServletRequest req, HttpServletResponse resp)
throws ServletException, IOException {
- Logger.debug("POST ProcessInput"); - - resp.setHeader(MOAIDAuthConstants.HEADER_EXPIRES,MOAIDAuthConstants.HEADER_VALUE_EXPIRES); - resp.setHeader(MOAIDAuthConstants.HEADER_PRAGMA,MOAIDAuthConstants.HEADER_VALUE_PRAGMA); - resp.setHeader(MOAIDAuthConstants.HEADER_CACHE_CONTROL,MOAIDAuthConstants.HEADER_VALUE_CACHE_CONTROL); - resp.addHeader(MOAIDAuthConstants.HEADER_CACHE_CONTROL,MOAIDAuthConstants.HEADER_VALUE_CACHE_CONTROL_IE); -
- Map parameters;
- try {
- parameters = getParameters(req);
- } catch (FileUploadException e) {
- Logger.error("Parsing mulitpart/form-data request parameters failed: " + e.getMessage());
- throw new IOException(e.getMessage());
- } - - String sessionID = req.getParameter(PARAM_SESSIONID);
- if (sessionID==null) sessionID = (String) req.getAttribute(PARAM_SESSIONID);
- if (sessionID==null) sessionID = (String) parameters.get(PARAM_SESSIONID);
- if (sessionID==null) sessionID = (String) parameters.get(PARAM_SESSIONID+"_");
- - // escape parameter strings - sessionID = StringEscapeUtils.escapeHtml(sessionID); -
- try { - - if (!ParamValidatorUtils.isValidSessionID(sessionID)) - throw new WrongParametersException("ProcessInput", PARAM_SESSIONID, "auth.12"); -
- AuthenticationSession session = AuthenticationServer.getSession(sessionID);
- AuthenticationServer.processInput(session, parameters);
- String createXMLSignatureRequestOrRedirect = AuthenticationServer.getInstance().getCreateXMLSignatureRequestAuthBlockOrRedirect(session, null, null);
- if (!createXMLSignatureRequestOrRedirect.startsWith("Redirect")) {
- // Now sign the AUTH Block
- String dataURL = new DataURLBuilder().buildDataURL(
- session.getAuthURL(), AuthenticationServer.REQ_VERIFY_AUTH_BLOCK, sessionID);
-
- String htmlForm = null;
-
- boolean doInputProcessorSign = false; // If sign process should be within an extra form, provide a parameter. Otherwise transport through security layer is assumed
- - String inputProcessorSignForm = req.getParameter("Sign_Form");
- if (inputProcessorSignForm==null) inputProcessorSignForm = (String) req.getAttribute("Sign_Form");
- if (inputProcessorSignForm==null) inputProcessorSignForm = (String) parameters.get("Sign_Form");
- if (inputProcessorSignForm==null) inputProcessorSignForm = (String) parameters.get("Sign_Form_"); - // escape parameter strings - inputProcessorSignForm = StringEscapeUtils.escapeHtml(inputProcessorSignForm);
- if (!ParepUtils.isEmpty(inputProcessorSignForm)) doInputProcessorSign = inputProcessorSignForm.equalsIgnoreCase("true");
- if (doInputProcessorSign) {
- // Test if we have a user input form sign template -
- String inputProcessorSignTemplateURL = req.getParameter(PARAM_INPUT_PROCESSOR_SIGN_TEMPLATE); - - if (!ParamValidatorUtils.isValidSignUrl(inputProcessorSignTemplateURL)) - throw new WrongParametersException("ProcessInput", PARAM_INPUT_PROCESSOR_SIGN_TEMPLATE, "auth.12"); -
- String inputProcessorSignTemplate = null;
- OAAuthParameter oaParam =
- AuthConfigurationProvider.getInstance().getOnlineApplicationParameter(session.getOAURLRequested());
- // override template url by url from configuration file
- if (oaParam.getInputProcessorSignTemplateURL() != null) {
- inputProcessorSignTemplateURL = oaParam.getInputProcessorSignTemplateURL();
- }
- if (inputProcessorSignTemplateURL != null) {
- try {
- inputProcessorSignTemplate = new String(FileUtils.readURL(inputProcessorSignTemplateURL));
- } catch (IOException ex) {
- throw new AuthenticationException(
- "auth.03",
- new Object[] { inputProcessorSignTemplateURL, ex.toString()},
- ex);
- }
- }
-
- htmlForm = new GetVerifyAuthBlockFormBuilder().build(
- inputProcessorSignTemplate, session.getBkuURL(), createXMLSignatureRequestOrRedirect, dataURL, session.getPushInfobox());
- htmlForm = ParepUtils.replaceAll(htmlForm, "<BASE_href>", session.getAuthURL());
- htmlForm = ParepUtils.replaceAll(htmlForm, "<MOASessionID>", sessionID);
- htmlForm = ParepUtils.replaceAll(htmlForm, "<BKU>", session.getBkuURL());
- htmlForm = ParepUtils.replaceAll(htmlForm, "<DataURL>", dataURL);
- htmlForm = ParepUtils.replaceAll(htmlForm, "<PushInfobox>", session.getPushInfobox());
- resp.setContentType("text/html;charset=UTF-8");
- } else {
- htmlForm = createXMLSignatureRequestOrRedirect;
- resp.setStatus(307);
- resp.addHeader("Location", dataURL);
- //TODO test impact of explicit setting charset with older versions of BKUs (HotSign)
- resp.setContentType("text/xml;charset=UTF-8");
- }
-
- OutputStream out = resp.getOutputStream();
- out.write(htmlForm.getBytes("UTF-8"));
- out.flush();
- out.close();
- Logger.debug("Finished POST ProcessInput");
- } else {
- String redirectURL = new DataURLBuilder().buildDataURL(session.getAuthURL(), AuthenticationServer.REQ_PROCESS_VALIDATOR_INPUT, session.getSessionID());
- resp.setContentType("text/html");
- resp.setStatus(302);
- resp.addHeader("Location", redirectURL);
- Logger.debug("REDIRECT TO: " + redirectURL);
- }
- } - catch (WrongParametersException ex) { - handleWrongParameters(ex, req, resp); - }
- catch (MOAIDException ex) {
- handleError(null, ex, req, resp);
- }
+// Logger.debug("POST ProcessInput"); +// +// resp.setHeader(MOAIDAuthConstants.HEADER_EXPIRES,MOAIDAuthConstants.HEADER_VALUE_EXPIRES); +// resp.setHeader(MOAIDAuthConstants.HEADER_PRAGMA,MOAIDAuthConstants.HEADER_VALUE_PRAGMA); +// resp.setHeader(MOAIDAuthConstants.HEADER_CACHE_CONTROL,MOAIDAuthConstants.HEADER_VALUE_CACHE_CONTROL); +// resp.addHeader(MOAIDAuthConstants.HEADER_CACHE_CONTROL,MOAIDAuthConstants.HEADER_VALUE_CACHE_CONTROL_IE); +//
+// Map parameters;
+// try {
+// parameters = getParameters(req);
+// } catch (FileUploadException e) {
+// Logger.error("Parsing mulitpart/form-data request parameters failed: " + e.getMessage());
+// throw new IOException(e.getMessage());
+// } +// +// String sessionID = req.getParameter(PARAM_SESSIONID);
+// if (sessionID==null) sessionID = (String) req.getAttribute(PARAM_SESSIONID);
+// if (sessionID==null) sessionID = (String) parameters.get(PARAM_SESSIONID);
+// if (sessionID==null) sessionID = (String) parameters.get(PARAM_SESSIONID+"_");
+// +// // escape parameter strings +// sessionID = StringEscapeUtils.escapeHtml(sessionID); +//
+// try { +// +// if (!ParamValidatorUtils.isValidSessionID(sessionID)) +// throw new WrongParametersException("ProcessInput", PARAM_SESSIONID, "auth.12"); +//
+// AuthenticationSession session = AuthenticationServer.getSession(sessionID);
+// AuthenticationServer.processInput(session, parameters);
+// String createXMLSignatureRequestOrRedirect = AuthenticationServer.getInstance().getCreateXMLSignatureRequestAuthBlockOrRedirect(session, null, null);
+// if (!createXMLSignatureRequestOrRedirect.startsWith("Redirect")) {
+// // Now sign the AUTH Block
+// String dataURL = new DataURLBuilder().buildDataURL(
+// session.getAuthURL(), AuthenticationServer.REQ_VERIFY_AUTH_BLOCK, sessionID);
+//
+// String htmlForm = null;
+//
+// boolean doInputProcessorSign = false; // If sign process should be within an extra form, provide a parameter. Otherwise transport through security layer is assumed
+// +// String inputProcessorSignForm = req.getParameter("Sign_Form");
+// if (inputProcessorSignForm==null) inputProcessorSignForm = (String) req.getAttribute("Sign_Form");
+// if (inputProcessorSignForm==null) inputProcessorSignForm = (String) parameters.get("Sign_Form");
+// if (inputProcessorSignForm==null) inputProcessorSignForm = (String) parameters.get("Sign_Form_"); +// // escape parameter strings +// inputProcessorSignForm = StringEscapeUtils.escapeHtml(inputProcessorSignForm);
+// if (!ParepUtils.isEmpty(inputProcessorSignForm)) doInputProcessorSign = inputProcessorSignForm.equalsIgnoreCase("true");
+// if (doInputProcessorSign) {
+// // Test if we have a user input form sign template +//
+// String inputProcessorSignTemplateURL = req.getParameter(PARAM_INPUT_PROCESSOR_SIGN_TEMPLATE); +// +// if (!ParamValidatorUtils.isValidSignUrl(inputProcessorSignTemplateURL)) +// throw new WrongParametersException("ProcessInput", PARAM_INPUT_PROCESSOR_SIGN_TEMPLATE, "auth.12"); +//
+// String inputProcessorSignTemplate = null;
+// OAAuthParameter oaParam =
+// AuthConfigurationProvider.getInstance().getOnlineApplicationParameter(session.getOAURLRequested());
+// // override template url by url from configuration file
+// if (oaParam.getInputProcessorSignTemplateURL() != null) {
+// inputProcessorSignTemplateURL = oaParam.getInputProcessorSignTemplateURL();
+// }
+// if (inputProcessorSignTemplateURL != null) {
+// try {
+// inputProcessorSignTemplate = new String(FileUtils.readURL(inputProcessorSignTemplateURL));
+// } catch (IOException ex) {
+// throw new AuthenticationException(
+// "auth.03",
+// new Object[] { inputProcessorSignTemplateURL, ex.toString()},
+// ex);
+// }
+// }
+//
+// htmlForm = new GetVerifyAuthBlockFormBuilder().build(
+// inputProcessorSignTemplate, session.getBkuURL(), createXMLSignatureRequestOrRedirect, dataURL, session.getPushInfobox());
+// htmlForm = ParepUtils.replaceAll(htmlForm, "<BASE_href>", session.getAuthURL());
+// htmlForm = ParepUtils.replaceAll(htmlForm, "<MOASessionID>", sessionID);
+// htmlForm = ParepUtils.replaceAll(htmlForm, "<BKU>", session.getBkuURL());
+// htmlForm = ParepUtils.replaceAll(htmlForm, "<DataURL>", dataURL);
+// htmlForm = ParepUtils.replaceAll(htmlForm, "<PushInfobox>", session.getPushInfobox());
+// resp.setContentType("text/html;charset=UTF-8");
+// } else {
+// htmlForm = createXMLSignatureRequestOrRedirect;
+// resp.setStatus(307);
+// resp.addHeader("Location", dataURL);
+// //TODO test impact of explicit setting charset with older versions of BKUs (HotSign)
+// resp.setContentType("text/xml;charset=UTF-8");
+// }
+//
+// OutputStream out = resp.getOutputStream();
+// out.write(htmlForm.getBytes("UTF-8"));
+// out.flush();
+// out.close();
+// Logger.debug("Finished POST ProcessInput");
+// } else {
+// String redirectURL = new DataURLBuilder().buildDataURL(session.getAuthURL(), AuthenticationServer.REQ_PROCESS_VALIDATOR_INPUT, session.getSessionID());
+// resp.setContentType("text/html");
+// resp.setStatus(302);
+// resp.addHeader("Location", redirectURL);
+// Logger.debug("REDIRECT TO: " + redirectURL);
+// } +// +// try { +// AuthenticationSessionStoreage.storeSession(session); +// +// } catch (MOADatabaseException e) { +// throw new AuthenticationException("", null); +// } +//
+// } +// catch (WrongParametersException ex) { +// handleWrongParameters(ex, req, resp); +// }
+// catch (MOAIDException ex) {
+// handleError(null, ex, req, resp);
+// }
}
}
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/RedirectServlet.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/RedirectServlet.java new file mode 100644 index 000000000..5a0bd33bf --- /dev/null +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/RedirectServlet.java @@ -0,0 +1,54 @@ +package at.gv.egovernment.moa.id.auth.servlet; + +import java.io.IOException; +import java.io.PrintWriter; + +import javax.servlet.ServletException; +import javax.servlet.http.HttpServletRequest; +import javax.servlet.http.HttpServletResponse; + +import at.gv.egovernment.moa.id.auth.builder.RedirectFormBuilder; +import at.gv.egovernment.moa.logging.Logger; +import at.gv.egovernment.moa.util.MiscUtil; +import at.gv.egovernment.moa.util.URLEncoder; + + + +public class RedirectServlet extends AuthServlet{ + + private static final long serialVersionUID = 1L; + + public static final String REDIRCT_PARAM_URL = "redirecturl"; + + + protected void doGet(HttpServletRequest req, HttpServletResponse resp) + throws ServletException, IOException { + Logger.info("Receive " + RedirectServlet.class + " Request"); + + String url = req.getParameter(REDIRCT_PARAM_URL); + String target = req.getParameter(PARAM_TARGET); + String artifact = req.getParameter(PARAM_SAMLARTIFACT); + + Logger.info("Redirect to " + url); + + if (MiscUtil.isNotEmpty(target)) { +// redirectURL = addURLParameter(redirectURL, PARAM_TARGET, +// URLEncoder.encode(session.getTarget(), "UTF-8")); + url = addURLParameter(url, PARAM_TARGET, + URLEncoder.encode(target, "UTF-8")); + + + } + url = addURLParameter(url, PARAM_SAMLARTIFACT, + URLEncoder.encode(artifact, "UTF-8")); + url = resp.encodeRedirectURL(url); + + String redirect_form = RedirectFormBuilder.buildLoginForm(url); + + resp.setContentType("text/html;charset=UTF-8"); + PrintWriter out = new PrintWriter(resp.getOutputStream()); + out.write(redirect_form); + out.flush(); + } + +} diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/SSOSendAssertionServlet.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/SSOSendAssertionServlet.java new file mode 100644 index 000000000..9b559770f --- /dev/null +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/SSOSendAssertionServlet.java @@ -0,0 +1,149 @@ +package at.gv.egovernment.moa.id.auth.servlet; + +import iaik.util.logging.Log; + +import java.io.IOException; +import java.io.PrintWriter; + +import javax.servlet.ServletException; +import javax.servlet.http.HttpServletRequest; +import javax.servlet.http.HttpServletResponse; +import javax.servlet.http.HttpSession; + +import org.apache.commons.lang.StringEscapeUtils; + +import at.gv.egovernment.moa.id.AuthenticationException; +import at.gv.egovernment.moa.id.auth.AuthenticationServer; +import at.gv.egovernment.moa.id.auth.WrongParametersException; +import at.gv.egovernment.moa.id.auth.builder.DataURLBuilder; +import at.gv.egovernment.moa.id.auth.builder.RedirectFormBuilder; +import at.gv.egovernment.moa.id.auth.data.AuthenticationSession; +import at.gv.egovernment.moa.id.commons.db.ex.MOADatabaseException; +import at.gv.egovernment.moa.id.moduls.IRequest; +import at.gv.egovernment.moa.id.moduls.ModulUtils; +import at.gv.egovernment.moa.id.moduls.RequestStorage; +import at.gv.egovernment.moa.id.moduls.SSOManager; +import at.gv.egovernment.moa.id.storage.AuthenticationSessionStoreage; +import at.gv.egovernment.moa.id.util.ParamValidatorUtils; +import at.gv.egovernment.moa.logging.Logger; +import at.gv.egovernment.moa.util.MiscUtil; +import at.gv.egovernment.moa.util.URLEncoder; + + + +public class SSOSendAssertionServlet extends AuthServlet{ + + private static final long serialVersionUID = 1L; + + private static final String PARAM = "value"; + private static final String MODULE = "mod"; + private static final String ACTION = "action"; + private static final String ID = "identifier"; + + protected void doPost(HttpServletRequest req, HttpServletResponse resp) + throws ServletException, IOException { + + String id = null; + Logger.info("Receive " + SSOSendAssertionServlet.class + " Request"); + try { + + Object idObject = req.getParameter(ID); + + if (idObject != null && (idObject instanceof String)) { + id = (String) idObject; + } + + String value = req.getParameter(PARAM); + value = StringEscapeUtils.escapeHtml(value); + if (!ParamValidatorUtils.isValidUseMandate(value)) + throw new WrongParametersException("SSOSendAssertionServlet", PARAM, null); + + //get module and action + Object moduleObject = req.getParameter(MODULE); + String module = null; + if (moduleObject != null && (moduleObject instanceof String)) { + module = (String) moduleObject; + } + + + Object actionObject = req.getParameter(ACTION); + String action = null; + if (actionObject != null && (actionObject instanceof String)) { + action = (String) actionObject; + } + + if (MiscUtil.isEmpty(module) || MiscUtil.isEmpty(action) || MiscUtil.isEmpty(id)) { + Logger.warn("No Moduel or Action parameter received!"); + throw new WrongParametersException("Module or Action is empty", "", "auth.10"); + } + + + SSOManager ssomanager = SSOManager.getInstance(); + //get SSO Cookie for Request + String ssoId = ssomanager.getSSOSessionID(req); + + //check SSO session + if (ssoId != null) { + String correspondingMOASession = ssomanager.existsOldSSOSession(ssoId); + + if (correspondingMOASession != null) { + Log.warn("Request sends an old SSO Session ID("+ssoId+")! " + + "Invalidate the corresponding MOASession with ID="+ correspondingMOASession); + + + AuthenticationSessionStoreage.destroySession(correspondingMOASession); + + ssomanager.deleteSSOSessionID(req, resp); + } + } + + boolean isValidSSOSession = ssomanager.isValidSSOSession(ssoId, req); + + String moaSessionID = null; + + if (isValidSSOSession) { + + + //check UseMandate flag + String valueString = null;; + if ((value != null) && (value.compareTo("") != 0)) { + valueString = value; + } else { + valueString = "false"; + } + + if (valueString.compareToIgnoreCase("true") == 0) { + moaSessionID = AuthenticationSessionStoreage.getMOASessionID(ssoId); + AuthenticationSession moasession = AuthenticationSessionStoreage.getSession(moaSessionID); + AuthenticationSessionStoreage.setAuthenticated(moaSessionID, true); + + String redirectURL = new DataURLBuilder().buildDataURL(moasession.getAuthURL(), + ModulUtils.buildAuthURL(module, action, id), ""); + + resp.setContentType("text/html"); + resp.setStatus(302); + + resp.addHeader("Location", redirectURL); + Logger.debug("REDIRECT TO: " + redirectURL); + + } + + else { + throw new AuthenticationException("auth.21", new Object[] {}); + } + + } else { + handleError("SSO Session is not valid", null, req, resp, id); + } + + + } catch (MOADatabaseException e) { + handleError("SSO Session is not found", e, req, resp, id); + } catch (WrongParametersException e) { + handleError("Parameter is not valid", e, req, resp, id); + } catch (AuthenticationException e) { + handleError(e.getMessage(), e, req, resp, id); + } + } + +} diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/SelectBKUServlet.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/SelectBKUServlet.java index d544e2f85..2deece26f 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/SelectBKUServlet.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/SelectBKUServlet.java @@ -91,94 +91,94 @@ public class SelectBKUServlet extends AuthServlet { Logger.debug("GET SelectBKU"); - resp.setHeader(MOAIDAuthConstants.HEADER_EXPIRES,MOAIDAuthConstants.HEADER_VALUE_EXPIRES); - resp.setHeader(MOAIDAuthConstants.HEADER_PRAGMA,MOAIDAuthConstants.HEADER_VALUE_PRAGMA); - resp.setHeader(MOAIDAuthConstants.HEADER_CACHE_CONTROL,MOAIDAuthConstants.HEADER_VALUE_CACHE_CONTROL); - resp.addHeader(MOAIDAuthConstants.HEADER_CACHE_CONTROL,MOAIDAuthConstants.HEADER_VALUE_CACHE_CONTROL_IE); - - String authURL = req.getScheme() + "://" + req.getServerName(); - if ((req.getScheme().equalsIgnoreCase("https") && req.getServerPort()!=443) || (req.getScheme().equalsIgnoreCase("http") && req.getServerPort()!=80)) { - authURL = authURL.concat(":" + req.getServerPort()); - } - authURL = authURL.concat(req.getContextPath() + "/"); - - String target = req.getParameter(PARAM_TARGET); - String oaURL = req.getParameter(PARAM_OA); - String bkuSelectionTemplateURL = req.getParameter(PARAM_BKUTEMPLATE); - String templateURL = req.getParameter(PARAM_TEMPLATE); - - // escape parameter strings - target = StringEscapeUtils.escapeHtml(target); - oaURL = StringEscapeUtils.escapeHtml(oaURL); - templateURL = StringEscapeUtils.escapeHtml(templateURL); - bkuSelectionTemplateURL = StringEscapeUtils.escapeHtml(bkuSelectionTemplateURL); - - - resp.setHeader(HEADER_EXPIRES,HEADER_VALUE_EXPIRES); - resp.setHeader(HEADER_PRAGMA,HEADER_VALUE_PRAGMA); - resp.setHeader(HEADER_CACHE_CONTROL,HEADER_VALUE_CACHE_CONTROL); - resp.addHeader(HEADER_CACHE_CONTROL,HEADER_VALUE_CACHE_CONTROL_IE); - - try { - - // check parameter - if (!ParamValidatorUtils.isValidOA(oaURL)) - throw new WrongParametersException("SelectBKU", PARAM_OA, "auth.12"); - if (!ParamValidatorUtils.isValidTemplate(req, templateURL)) - throw new WrongParametersException("SelectBKU", PARAM_TEMPLATE, "auth.12"); - if (!ParamValidatorUtils.isValidTemplate(req, bkuSelectionTemplateURL)) - throw new WrongParametersException("SelectBKU", PARAM_TEMPLATE, "auth.12"); - - if (!ParamValidatorUtils.isValidTarget(target)) - throw new WrongParametersException("SelectBKU", PARAM_TARGET, "auth.12"); - - OAAuthParameter oaParam = - AuthConfigurationProvider.getInstance().getOnlineApplicationParameter(oaURL); - if (oaParam == null) - throw new AuthenticationException("auth.00", new Object[] { oaURL }); - - // get target and target friendly name from config - String targetConfig = oaParam.getTarget(); - - String returnValue = null; - if (StringUtils.isEmpty(targetConfig)) { - // no target attribut is given in OA config - // target is used from request - // check parameter - if (!ParamValidatorUtils.isValidTarget(target)) - throw new WrongParametersException("StartAuthentication", PARAM_TARGET, "auth.12"); - - returnValue = AuthenticationServer.getInstance().selectBKU(authURL, target, oaURL, bkuSelectionTemplateURL, templateURL); - } - else { - // use target from config - returnValue = AuthenticationServer.getInstance().selectBKU(authURL, targetConfig, oaURL, bkuSelectionTemplateURL, templateURL); - } - - - String bkuSelectionType = AuthConfigurationProvider.getInstance().getBKUSelectionType(); - if (bkuSelectionType.equals(AuthConfigurationProvider.BKU_SELECTION_TYPE_HTMLCOMPLETE)) { - // bkuSelectionType==HTMLComplete - String redirectURL = returnValue; - resp.setContentType("text/html"); - resp.sendRedirect(redirectURL); - Logger.info("REDIRECT TO: " + redirectURL); - } else { - // bkuSelectionType==HTMLSelect - String htmlForm = returnValue; - resp.setContentType("text/html;charset=UTF-8"); - Logger.debug("HTML-Form: " + htmlForm); - Writer out = new OutputStreamWriter(resp.getOutputStream(), "UTF8"); - out.write(htmlForm); - out.flush(); - Logger.debug("Finished GET SelectBKU"); - } - } - catch (WrongParametersException ex) { - handleWrongParameters(ex, req, resp); - } - catch (Throwable ex) { - handleError(null, ex, req, resp); - } +// resp.setHeader(MOAIDAuthConstants.HEADER_EXPIRES,MOAIDAuthConstants.HEADER_VALUE_EXPIRES); +// resp.setHeader(MOAIDAuthConstants.HEADER_PRAGMA,MOAIDAuthConstants.HEADER_VALUE_PRAGMA); +// resp.setHeader(MOAIDAuthConstants.HEADER_CACHE_CONTROL,MOAIDAuthConstants.HEADER_VALUE_CACHE_CONTROL); +// resp.addHeader(MOAIDAuthConstants.HEADER_CACHE_CONTROL,MOAIDAuthConstants.HEADER_VALUE_CACHE_CONTROL_IE); +// +// String authURL = req.getScheme() + "://" + req.getServerName(); +// if ((req.getScheme().equalsIgnoreCase("https") && req.getServerPort()!=443) || (req.getScheme().equalsIgnoreCase("http") && req.getServerPort()!=80)) { +// authURL = authURL.concat(":" + req.getServerPort()); +// } +// authURL = authURL.concat(req.getContextPath() + "/"); +// +// String target = req.getParameter(PARAM_TARGET); +// String oaURL = req.getParameter(PARAM_OA); +// String bkuSelectionTemplateURL = req.getParameter(PARAM_BKUTEMPLATE); +// String templateURL = req.getParameter(PARAM_TEMPLATE); +// +// // escape parameter strings +// target = StringEscapeUtils.escapeHtml(target); +// oaURL = StringEscapeUtils.escapeHtml(oaURL); +// templateURL = StringEscapeUtils.escapeHtml(templateURL); +// bkuSelectionTemplateURL = StringEscapeUtils.escapeHtml(bkuSelectionTemplateURL); +// +// +// resp.setHeader(HEADER_EXPIRES,HEADER_VALUE_EXPIRES); +// resp.setHeader(HEADER_PRAGMA,HEADER_VALUE_PRAGMA); +// resp.setHeader(HEADER_CACHE_CONTROL,HEADER_VALUE_CACHE_CONTROL); +// resp.addHeader(HEADER_CACHE_CONTROL,HEADER_VALUE_CACHE_CONTROL_IE); +// +// try { +// +// // check parameter +// if (!ParamValidatorUtils.isValidOA(oaURL)) +// throw new WrongParametersException("SelectBKU", PARAM_OA, "auth.12"); +// if (!ParamValidatorUtils.isValidTemplate(req, templateURL)) +// throw new WrongParametersException("SelectBKU", PARAM_TEMPLATE, "auth.12"); +// if (!ParamValidatorUtils.isValidTemplate(req, bkuSelectionTemplateURL)) +// throw new WrongParametersException("SelectBKU", PARAM_TEMPLATE, "auth.12"); +// +// if (!ParamValidatorUtils.isValidTarget(target)) +// throw new WrongParametersException("SelectBKU", PARAM_TARGET, "auth.12"); +// +// OAAuthParameter oaParam = +// AuthConfigurationProvider.getInstance().getOnlineApplicationParameter(oaURL); +// if (oaParam == null) +// throw new AuthenticationException("auth.00", new Object[] { oaURL }); +// +// // get target and target friendly name from config +// String targetConfig = oaParam.getTarget(); +// +// String returnValue = null; +// if (StringUtils.isEmpty(targetConfig)) { +// // no target attribut is given in OA config +// // target is used from request +// // check parameter +// if (!ParamValidatorUtils.isValidTarget(target)) +// throw new WrongParametersException("StartAuthentication", PARAM_TARGET, "auth.12"); +// +// returnValue = AuthenticationServer.getInstance().selectBKU(authURL, target, oaURL, bkuSelectionTemplateURL, templateURL); +// } +// else { +// // use target from config +// returnValue = AuthenticationServer.getInstance().selectBKU(authURL, targetConfig, oaURL, bkuSelectionTemplateURL, templateURL); +// } +// +// +// String bkuSelectionType = AuthConfigurationProvider.getInstance().getBKUSelectionType(); +// if (bkuSelectionType.equals(AuthConfigurationProvider.BKU_SELECTION_TYPE_HTMLCOMPLETE)) { +// // bkuSelectionType==HTMLComplete +// String redirectURL = returnValue; +// resp.setContentType("text/html"); +// resp.sendRedirect(redirectURL); +// Logger.info("REDIRECT TO: " + redirectURL); +// } else { +// // bkuSelectionType==HTMLSelect +// String htmlForm = returnValue; +// resp.setContentType("text/html;charset=UTF-8"); +// Logger.debug("HTML-Form: " + htmlForm); +// Writer out = new OutputStreamWriter(resp.getOutputStream(), "UTF8"); +// out.write(htmlForm); +// out.flush(); +// Logger.debug("Finished GET SelectBKU"); +// } +// } +// catch (WrongParametersException ex) { +// handleWrongParameters(ex, req, resp); +// } +// catch (Throwable ex) { +// handleError(null, ex, req, resp); +// } } } diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/StartAuthenticationServlet.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/StartAuthenticationServlet.java deleted file mode 100644 index 012ed4c14..000000000 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/StartAuthenticationServlet.java +++ /dev/null @@ -1,224 +0,0 @@ -/* - * Copyright 2003 Federal Chancellery Austria - * MOA-ID has been developed in a cooperation between BRZ, the Federal - * Chancellery Austria - ICT staff unit, and Graz University of Technology. - * - * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by - * the European Commission - subsequent versions of the EUPL (the "Licence"); - * You may not use this work except in compliance with the Licence. - * You may obtain a copy of the Licence at: - * http://www.osor.eu/eupl/ - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the Licence is distributed on an "AS IS" basis, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the Licence for the specific language governing permissions and - * limitations under the Licence. - * - * This product combines work with different licenses. See the "NOTICE" text - * file for details on the various modules and licenses. - * The "NOTICE" text file is part of the distribution. Any derivative works - * that you distribute must include a readable copy of the "NOTICE" text file. - */ - - -package at.gv.egovernment.moa.id.auth.servlet; - -import java.io.IOException; -import java.io.PrintWriter; -import java.util.List; - -import javax.servlet.ServletConfig; -import javax.servlet.ServletException; -import javax.servlet.http.HttpServletRequest; -import javax.servlet.http.HttpServletResponse; - -import org.apache.commons.lang.StringEscapeUtils; -import org.opensaml.saml2.metadata.RequestedAttribute; - -import at.gv.egovernment.moa.id.AuthenticationException; -import at.gv.egovernment.moa.id.MOAIDException; -import at.gv.egovernment.moa.id.auth.AuthenticationServer; -import at.gv.egovernment.moa.id.auth.MOAIDAuthInitializer; -import at.gv.egovernment.moa.id.auth.WrongParametersException; -import at.gv.egovernment.moa.id.auth.stork.STORKAuthnRequestProcessor; -import at.gv.egovernment.moa.id.config.auth.AuthConfigurationProvider; -import at.gv.egovernment.moa.id.config.auth.OAAuthParameter; -import at.gv.egovernment.moa.id.config.stork.CPEPS; -import at.gv.egovernment.moa.id.config.stork.STORKConfig; -import at.gv.egovernment.moa.id.util.HTTPUtils; -import at.gv.egovernment.moa.id.util.MOAIDMessageProvider; -import at.gv.egovernment.moa.id.util.ParamValidatorUtils; -import at.gv.egovernment.moa.logging.Logger; -import at.gv.egovernment.moa.util.StringUtils; -import eu.stork.mw.messages.saml.STORKAuthnRequest; -import eu.stork.vidp.messages.builder.STORKMessagesBuilder; -import eu.stork.vidp.messages.exception.SAMLException; -import eu.stork.vidp.messages.exception.SAMLValidationException; -import eu.stork.vidp.messages.stork.QualityAuthenticationAssuranceLevel; -import eu.stork.vidp.messages.stork.RequestedAttributes; - -/** - * Servlet requested for starting a MOA ID authentication session. - * Utilizes the {@link AuthenticationServer}. - * - * @author Paul Ivancsics - * @version $Id$ - * @see AuthenticationServer#startAuthentication - */ -public class StartAuthenticationServlet extends AuthServlet { - - /** - * - */ - private static final long serialVersionUID = 3908001651893673395L; - - -/** - * Responds with an HTML form which upon submit requests the identity link - * from the security layer implementation. - * <br> - * Response: - * <ul> - * <li>Content type: <code>"text/html"</code></li> - * <li>Content: see return value of {@link AuthenticationServer#startAuthentication}</li> - * <li>Error status: <code>500</code> - * </ul> - * @see javax.servlet.http.HttpServlet#doGet(HttpServletRequest, HttpServletResponse) - */ - protected void doGet(HttpServletRequest req, HttpServletResponse resp) - throws ServletException, IOException { - - Logger.debug("GET StartAuthentication"); - String authURL = req.getScheme() + "://" + req.getServerName(); - if ((req.getScheme().equalsIgnoreCase("https") && req.getServerPort()!=443) || (req.getScheme().equalsIgnoreCase("http") && req.getServerPort()!=80)) { - authURL = authURL.concat(":" + req.getServerPort()); - } - authURL = authURL.concat(req.getContextPath() + "/"); - - String target = req.getParameter(PARAM_TARGET); - String sourceID = req.getParameter(PARAM_SOURCEID); - String oaURL = req.getParameter(PARAM_OA); - String bkuURL = req.getParameter(PARAM_BKU); - String templateURL = req.getParameter(PARAM_TEMPLATE); - String sessionID = req.getParameter(PARAM_SESSIONID); - String useMandate = req.getParameter(PARAM_USEMANDATE); - String ccc = req.getParameter(PARAM_CCC); - - // escape parameter strings - target = StringEscapeUtils.escapeHtml(target); - sourceID = StringEscapeUtils.escapeHtml(sourceID); - oaURL = StringEscapeUtils.escapeHtml(oaURL); - bkuURL = StringEscapeUtils.escapeHtml(bkuURL); - templateURL = StringEscapeUtils.escapeHtml(templateURL); - sessionID = StringEscapeUtils.escapeHtml(sessionID); - useMandate = StringEscapeUtils.escapeHtml(useMandate); - ccc = StringEscapeUtils.escapeHtml(ccc); - - setNoCachingHeadersInHttpRespone(req, resp); - - - try { - // check parameter - if (!ParamValidatorUtils.isValidOA(oaURL)) - throw new WrongParametersException("StartAuthentication", PARAM_OA, "auth.12"); - if (!ParamValidatorUtils.isValidBKUURI(bkuURL)) - throw new WrongParametersException("StartAuthentication", PARAM_BKU, "auth.12"); - if (!ParamValidatorUtils.isValidTemplate(req, templateURL)) - throw new WrongParametersException("StartAuthentication", PARAM_TEMPLATE, "auth.12"); - if (!ParamValidatorUtils.isValidSessionID(sessionID)) - throw new WrongParametersException("StartAuthentication", PARAM_SESSIONID, "auth.12"); - if (!ParamValidatorUtils.isValidUseMandate(useMandate)) - throw new WrongParametersException("StartAuthentication", PARAM_USEMANDATE, "auth.12"); - if (!ParamValidatorUtils.isValidSourceID(sourceID)) - throw new WrongParametersException("StartAuthentication", PARAM_SOURCEID, "auth.12"); - if (!ParamValidatorUtils.isValidCCC(ccc)) - throw new WrongParametersException("StartAuthentication", PARAM_CCC, "auth.12"); - - - - OAAuthParameter oaParam = - AuthConfigurationProvider.getInstance().getOnlineApplicationParameter(oaURL); - if (oaParam == null) - throw new AuthenticationException("auth.00", new Object[] { oaURL }); - - // get target and target friendly name from config - String targetConfig = oaParam.getTarget(); - String targetFriendlyNameConfig = oaParam.getTargetFriendlyName(); - - String targetFriendlyName = null; - - if (StringUtils.isEmpty(targetConfig)) { - // no target attribut is given in OA config - // target is used from request - // check parameter - if (!ParamValidatorUtils.isValidTarget(target)) - throw new WrongParametersException("StartAuthentication", PARAM_TARGET, "auth.12"); - } else { - // use target from config - target = targetConfig; - targetFriendlyName = targetFriendlyNameConfig; - } - - STORKConfig storkConfig = AuthConfigurationProvider.getInstance().getStorkConfig(); - - Logger.info("Starting authentication for a citizen of country: " + (StringUtils.isEmpty(ccc) ? "AT" : ccc)); - // STORK or normal authentication - if (storkConfig.isSTORKAuthentication(ccc)) { - //STORK authentication - Logger.trace("Found C-PEPS configuration for citizen of country: " + ccc); - Logger.debug("Starting STORK authentication"); - - AuthenticationServer.startSTORKAuthentication(req, resp, ccc, oaURL, target, targetFriendlyName, authURL, sourceID); - - } else { - //normal MOA-ID authentication - Logger.debug("Starting normal MOA-ID authentication"); - - String getIdentityLinkForm = AuthenticationServer.getInstance().startAuthentication(authURL, target, targetFriendlyName, oaURL, templateURL, bkuURL, useMandate, sessionID, req.getScheme(), sourceID); - - resp.setContentType("text/html;charset=UTF-8"); - PrintWriter out = new PrintWriter(resp.getOutputStream()); - out.print(getIdentityLinkForm); - out.flush(); - } - Logger.debug("Finished GET StartAuthentication"); - - } - catch (WrongParametersException ex) { - handleWrongParameters(ex, req, resp); - } - catch (MOAIDException ex) { - handleError(null, ex, req, resp); - } - } - - - /** - * @see javax.servlet.http.HttpServlet#doPost(javax.servlet.http.HttpServletRequest, javax.servlet.http.HttpServletResponse) - */ - protected void doPost(HttpServletRequest req, HttpServletResponse resp) - throws ServletException, IOException { - - doGet(req, resp); - } - - - /** - * Calls the web application initializer. - * - * @see javax.servlet.Servlet#init(ServletConfig) - */ - public void init(ServletConfig servletConfig) throws ServletException { - try { - super.init(servletConfig); - MOAIDAuthInitializer.initialize(); - Logger.info(MOAIDMessageProvider.getInstance().getMessage("init.00", null)); - } - catch (Exception ex) { - Logger.fatal(MOAIDMessageProvider.getInstance().getMessage("init.02", null), ex); - throw new ServletException(ex); - } - } - -} diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/VerifyAuthenticationBlockServlet.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/VerifyAuthenticationBlockServlet.java index fbf700365..09e4e957d 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/VerifyAuthenticationBlockServlet.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/VerifyAuthenticationBlockServlet.java @@ -48,9 +48,13 @@ import at.gv.egovernment.moa.id.auth.MOAIDAuthConstants; import at.gv.egovernment.moa.id.auth.WrongParametersException; import at.gv.egovernment.moa.id.auth.builder.DataURLBuilder; import at.gv.egovernment.moa.id.auth.data.AuthenticationSession; +import at.gv.egovernment.moa.id.commons.db.ConfigurationDBUtils; +import at.gv.egovernment.moa.id.commons.db.ex.MOADatabaseException; import at.gv.egovernment.moa.id.config.ConnectionParameter; import at.gv.egovernment.moa.id.config.auth.AuthConfigurationProvider; import at.gv.egovernment.moa.id.config.auth.OAAuthParameter; +import at.gv.egovernment.moa.id.moduls.ModulUtils; +import at.gv.egovernment.moa.id.storage.AuthenticationSessionStoreage; import at.gv.egovernment.moa.id.util.ParamValidatorUtils; import at.gv.egovernment.moa.id.util.SSLUtils; import at.gv.egovernment.moa.id.util.client.mis.simple.MISSessionId; @@ -133,6 +137,7 @@ public class VerifyAuthenticationBlockServlet extends AuthServlet { resp.setHeader(MOAIDAuthConstants.HEADER_CACHE_CONTROL,MOAIDAuthConstants.HEADER_VALUE_CACHE_CONTROL); resp.addHeader(MOAIDAuthConstants.HEADER_CACHE_CONTROL,MOAIDAuthConstants.HEADER_VALUE_CACHE_CONTROL_IE); + String pendingRequestID = null; Map parameters; try @@ -149,6 +154,8 @@ public class VerifyAuthenticationBlockServlet extends AuthServlet { // escape parameter strings sessionID = StringEscapeUtils.escapeHtml(sessionID); + pendingRequestID = AuthenticationSessionStoreage.getPendingRequestID(sessionID); + String redirectURL = null; try { // check parameter @@ -157,11 +164,11 @@ public class VerifyAuthenticationBlockServlet extends AuthServlet { if (!ParamValidatorUtils.isValidXMLDocument(createXMLSignatureResponse)) throw new WrongParametersException("VerifyAuthenticationBlock", PARAM_XMLRESPONSE, "auth.12"); - AuthenticationSession session = AuthenticationServer.getSession(sessionID); - String samlArtifactBase64 = - AuthenticationServer.getInstance().verifyAuthenticationBlock(sessionID, createXMLSignatureResponse); + + String samlArtifactBase64 = AuthenticationServer.getInstance().verifyAuthenticationBlock(session, createXMLSignatureResponse); + if (samlArtifactBase64 == null) { //mandate Mode @@ -202,8 +209,23 @@ public class VerifyAuthenticationBlockServlet extends AuthServlet { String oaFriendlyName = oaParam.getFriendlyName(); String mandateReferenceValue = session.getMandateReferenceValue(); - X509Certificate cert = session.getSignerCertificate(); - MISSessionId misSessionID = MISSimpleClient.sendSessionIdRequest(connectionParameters.getUrl(), idl, cert.getEncoded(), oaFriendlyName, redirectURL, mandateReferenceValue, profilesArray, sslFactory); + byte[] cert = session.getEncodedSignerCertificate(); + + //TODO: check in case of SSO!!! + String targetType = null; + if(oaParam.getBusinessService()) { + String id = oaParam.getIdentityLinkDomainIdentifier(); + if (id.startsWith(AuthenticationSession.REGISTERANDORDNR_PREFIX_)) + targetType = id; + else + targetType = AuthenticationSession.REGISTERANDORDNR_PREFIX_+session.getDomainIdentifier(); + + } else { + targetType = AuthenticationSession.TARGET_PREFIX_ + oaParam.getTarget(); + } + + + MISSessionId misSessionID = MISSimpleClient.sendSessionIdRequest(connectionParameters.getUrl(), idl, cert, oaFriendlyName, redirectURL, mandateReferenceValue, profilesArray, targetType, sslFactory); String redirectMISGUI = misSessionID.getRedirectURL(); if (misSessionID == null) { @@ -213,6 +235,12 @@ public class VerifyAuthenticationBlockServlet extends AuthServlet { session.setMISSessionID(misSessionID.getSessiondId()); + try { + AuthenticationSessionStoreage.storeSession(session); + } catch (MOADatabaseException e) { + throw new MOAIDException("Session store error", null); + } + resp.setStatus(302); resp.addHeader("Location", redirectMISGUI); Logger.debug("REDIRECT TO: " + redirectURL); @@ -220,17 +248,22 @@ public class VerifyAuthenticationBlockServlet extends AuthServlet { else { if (!samlArtifactBase64.equals("Redirect to Input Processor")) { - redirectURL = session.getOAURLRequested(); + /*redirectURL = session.getOAURLRequested(); if (!session.getBusinessService()) { redirectURL = addURLParameter(redirectURL, PARAM_TARGET, URLEncoder.encode(session.getTarget(), "UTF-8")); } redirectURL = addURLParameter(redirectURL, PARAM_SAMLARTIFACT, URLEncoder.encode(samlArtifactBase64, "UTF-8")); - redirectURL = resp.encodeRedirectURL(redirectURL); + redirectURL = resp.encodeRedirectURL(redirectURL);*/ + + + redirectURL = new DataURLBuilder().buildDataURL(session.getAuthURL(), + ModulUtils.buildAuthURL(session.getModul(), session.getAction(), pendingRequestID), samlArtifactBase64); + } else { redirectURL = new DataURLBuilder().buildDataURL(session.getAuthURL(), AuthenticationServer.REQ_PROCESS_VALIDATOR_INPUT, session.getSessionID()); } - + resp.setContentType("text/html"); resp.setStatus(302); @@ -242,16 +275,20 @@ public class VerifyAuthenticationBlockServlet extends AuthServlet { } catch (MOAIDException ex) { - handleError(null, ex, req, resp); + handleError(null, ex, req, resp, pendingRequestID); } catch (GeneralSecurityException e) { - handleError(null, e, req, resp); + handleError(null, e, req, resp, pendingRequestID); } catch (PKIException e) { - handleError(null, e, req, resp); + handleError(null, e, req, resp, pendingRequestID); } catch (MISSimpleClientException e) { - handleError(null, e, req, resp); + handleError(null, e, req, resp, pendingRequestID); } catch (TransformerException e) { - handleError(null, e, req, resp); + handleError(null, e, req, resp, pendingRequestID); } + + finally { + ConfigurationDBUtils.closeSession(); + } } diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/VerifyCertificateServlet.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/VerifyCertificateServlet.java index 689510a9d..477d99220 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/VerifyCertificateServlet.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/VerifyCertificateServlet.java @@ -43,6 +43,9 @@ import at.gv.egovernment.moa.id.auth.MOAIDAuthConstants; import at.gv.egovernment.moa.id.auth.WrongParametersException; import at.gv.egovernment.moa.id.auth.builder.DataURLBuilder; import at.gv.egovernment.moa.id.auth.data.AuthenticationSession; +import at.gv.egovernment.moa.id.commons.db.ConfigurationDBUtils; +import at.gv.egovernment.moa.id.commons.db.ex.MOADatabaseException; +import at.gv.egovernment.moa.id.storage.AuthenticationSessionStoreage; import at.gv.egovernment.moa.id.util.ParamValidatorUtils; import at.gv.egovernment.moa.id.util.ServletUtils; import at.gv.egovernment.moa.logging.Logger; @@ -104,6 +107,8 @@ public class VerifyCertificateServlet extends AuthServlet { resp.setHeader(MOAIDAuthConstants.HEADER_PRAGMA,MOAIDAuthConstants.HEADER_VALUE_PRAGMA);
resp.setHeader(MOAIDAuthConstants.HEADER_CACHE_CONTROL,MOAIDAuthConstants.HEADER_VALUE_CACHE_CONTROL);
resp.addHeader(MOAIDAuthConstants.HEADER_CACHE_CONTROL,MOAIDAuthConstants.HEADER_VALUE_CACHE_CONTROL_IE);
+ + String pendingRequestID = null; Map parameters;
try
@@ -118,7 +123,9 @@ public class VerifyCertificateServlet extends AuthServlet { // escape parameter strings
sessionID = StringEscapeUtils.escapeHtml(sessionID);
-
+ + pendingRequestID = AuthenticationSessionStoreage.getPendingRequestID(sessionID); +
AuthenticationSession session = null;
try {
// check parameter
@@ -138,31 +145,49 @@ public class VerifyCertificateServlet extends AuthServlet { if (useMandate) {
- Logger.error("Online-Mandate Mode for foreign citizencs not supported.");
- throw new AuthenticationException("auth.13", null);
+ + // verify certificate for OrganWalter + String createXMLSignatureRequestOrRedirect = AuthenticationServer.getInstance().verifyCertificate(session, cert); + + try { + AuthenticationSessionStoreage.storeSession(session); + } catch (MOADatabaseException e) { + throw new MOAIDException("session store error", null); + } + + ServletUtils.writeCreateXMLSignatureRequestOrRedirect(resp, session, createXMLSignatureRequestOrRedirect, AuthenticationServer.REQ_PROCESS_VALIDATOR_INPUT, "VerifyCertificate");
}
else {
// Foreign Identities Modus
- String createXMLSignatureRequest = AuthenticationServer.getInstance().createXMLSignatureRequestForeignID(sessionID, cert);
+ String createXMLSignatureRequest = AuthenticationServer.getInstance().createXMLSignatureRequestForeignID(session, cert);
// build dataurl (to the GetForeignIDSerlvet)
String dataurl =
new DataURLBuilder().buildDataURL(
session.getAuthURL(),
REQ_GET_FOREIGN_ID,
session.getSessionID());
-
+ + try { + AuthenticationSessionStoreage.storeSession(session); + } catch (MOADatabaseException e) { + throw new MOAIDException("session store error", null); + } +
ServletUtils.writeCreateXMLSignatureRequest(resp, session, createXMLSignatureRequest, AuthenticationServer.REQ_PROCESS_VALIDATOR_INPUT, "GetForeignID", dataurl);
Logger.debug("Send CreateXMLSignatureRequest to BKU");
- }
-
-
+ }
+ }
+ catch (MOAIDException ex) { +
+ handleError(null, ex, req, resp, pendingRequestID);
+ } + + finally { + ConfigurationDBUtils.closeSession(); }
- catch (MOAIDException ex) {
- handleError(null, ex, req, resp);
- }
}
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/VerifyIdentityLinkServlet.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/VerifyIdentityLinkServlet.java index 5178e27d3..38f650a65 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/VerifyIdentityLinkServlet.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/VerifyIdentityLinkServlet.java @@ -43,6 +43,11 @@ import at.gv.egovernment.moa.id.auth.WrongParametersException; import at.gv.egovernment.moa.id.auth.builder.DataURLBuilder; import at.gv.egovernment.moa.id.auth.builder.InfoboxReadRequestBuilderCertificate; import at.gv.egovernment.moa.id.auth.data.AuthenticationSession; +import at.gv.egovernment.moa.id.commons.db.ConfigurationDBUtils; +import at.gv.egovernment.moa.id.commons.db.ex.MOADatabaseException; +import at.gv.egovernment.moa.id.config.auth.AuthConfigurationProvider; +import at.gv.egovernment.moa.id.config.auth.OAAuthParameter; +import at.gv.egovernment.moa.id.storage.AuthenticationSessionStoreage; import at.gv.egovernment.moa.id.util.ParamValidatorUtils; import at.gv.egovernment.moa.id.util.ServletUtils; import at.gv.egovernment.moa.logging.Logger; @@ -109,6 +114,8 @@ public class VerifyIdentityLinkServlet extends AuthServlet { Logger.debug("POST VerifyIdentityLink"); Map parameters; + String pendingRequestID = null; + try { parameters = getParameters(req); @@ -123,6 +130,8 @@ public class VerifyIdentityLinkServlet extends AuthServlet { // escape parameter strings sessionID = StringEscapeUtils.escapeHtml(sessionID); + pendingRequestID = AuthenticationSessionStoreage.getPendingRequestID(sessionID); + resp.setHeader(MOAIDAuthConstants.HEADER_EXPIRES,MOAIDAuthConstants.HEADER_VALUE_EXPIRES); resp.setHeader(MOAIDAuthConstants.HEADER_PRAGMA,MOAIDAuthConstants.HEADER_VALUE_PRAGMA); resp.setHeader(MOAIDAuthConstants.HEADER_CACHE_CONTROL,MOAIDAuthConstants.HEADER_VALUE_CACHE_CONTROL); @@ -134,14 +143,17 @@ public class VerifyIdentityLinkServlet extends AuthServlet { if (!ParamValidatorUtils.isValidSessionID(sessionID)) throw new WrongParametersException("VerifyIdentityLink", PARAM_SESSIONID, "auth.12"); - AuthenticationSession session = AuthenticationServer.getSession(sessionID); - String createXMLSignatureRequestOrRedirect = AuthenticationServer.getInstance().verifyIdentityLink(sessionID, parameters); + + AuthenticationSession session = AuthenticationServer.getSession(sessionID); + + String createXMLSignatureRequestOrRedirect = AuthenticationServer.getInstance().verifyIdentityLink(session, parameters); Logger.debug(createXMLSignatureRequestOrRedirect); + if (createXMLSignatureRequestOrRedirect == null) { // no identity link found - + boolean useMandate = session.getUseMandate(); if (useMandate) { Logger.error("Online-Mandate Mode for foreign citizencs not supported."); @@ -150,7 +162,7 @@ public class VerifyIdentityLinkServlet extends AuthServlet { try { - Logger.debug("Send InfoboxReadRequest to BKU to get signer certificate."); + Logger.info("Send InfoboxReadRequest to BKU to get signer certificate."); // create the InfoboxReadRequest to get the certificate String infoboxReadRequest = new InfoboxReadRequestBuilderCertificate().build(true); @@ -168,15 +180,18 @@ public class VerifyIdentityLinkServlet extends AuthServlet { } catch(Exception e) { - handleError(null, e, req, resp); + handleError(null, e, req, resp, pendingRequestID); } } else { // @TODO: unteren InfoboxReadRequest zu, Signer-Cert auslesen (wegen Cert Abfrage auf Organwalter OID), - // nach oben verschoben vor verifyIdentityLink (da hier schon bPK berechnet, die aber für OW nicht in + // nach oben verschoben vor verifyIdentityLink (da hier schon bPK berechnet, die aber f�r OW nicht in // AUTH Block aufscheinen darf. --> D.h. verifyIdentityLink umbauen - verify und AUTH Block bauen trennen) + + //TODO: Klaus fragen ob der Teil wirklich noch benötigt wird!!!!! boolean useMandate = session.getUseMandate(); + if (useMandate) { // Mandate modus // read certificate and set dataurl to Logger.debug("Send InfoboxReadRequest to BKU to get signer certificate."); @@ -191,27 +206,47 @@ public class VerifyIdentityLinkServlet extends AuthServlet { REQ_VERIFY_CERTIFICATE, session.getSessionID()); - //Logger.debug("ContentType set to: application/x-www-form-urlencoded (ServletUtils)"); //ServletUtils.writeCreateXMLSignatureRequestURLEncoded(resp, session, infoboxReadRequest, AuthenticationServer.REQ_PROCESS_VALIDATOR_INPUT, "VerifyIdentityLink", dataurl); + Logger.debug("ContentType set to: text/xml;charset=UTF-8 (ServletUtils)"); ServletUtils.writeCreateXMLSignatureRequest(resp, session, infoboxReadRequest, AuthenticationServer.REQ_PROCESS_VALIDATOR_INPUT, "VerifyIdentityLink", dataurl); - } + } else { + Logger.info("Normal"); + + OAAuthParameter oaParam = AuthConfigurationProvider.getInstance() + .getOnlineApplicationParameter(session.getPublicOAURLPrefix()); + AuthConfigurationProvider authConf = AuthConfigurationProvider + .getInstance(); + + createXMLSignatureRequestOrRedirect = AuthenticationServer.getInstance() + .getCreateXMLSignatureRequestAuthBlockOrRedirect(session, + authConf, oaParam); + ServletUtils.writeCreateXMLSignatureRequestOrRedirect(resp, session, createXMLSignatureRequestOrRedirect, AuthenticationServer.REQ_PROCESS_VALIDATOR_INPUT, "VerifyIdentityLink"); } - - } - + + try { + AuthenticationSessionStoreage.storeSession(session); + + } catch (MOADatabaseException e) { + Logger.info("No valid MOA session found. Authentification process is abourted."); + throw new AuthenticationException("auth.20", null); + } } catch (ParseException ex) { - handleError(null, ex, req, resp); + handleError(null, ex, req, resp, pendingRequestID); } catch (MOAIDException ex) { - handleError(null, ex, req, resp); + handleError(null, ex, req, resp, pendingRequestID); + } + + finally { + ConfigurationDBUtils.closeSession(); } } diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/validator/CreateXMLSignatureResponseValidator.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/validator/CreateXMLSignatureResponseValidator.java index dfad29e50..d0fb1f87f 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/validator/CreateXMLSignatureResponseValidator.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/validator/CreateXMLSignatureResponseValidator.java @@ -35,9 +35,13 @@ import at.gv.egovernment.moa.id.auth.data.CreateXMLSignatureResponse; import at.gv.egovernment.moa.id.auth.data.ExtendedSAMLAttribute; import at.gv.egovernment.moa.id.auth.data.IdentityLink; import at.gv.egovernment.moa.id.auth.data.SAMLAttribute; +import at.gv.egovernment.moa.id.config.ConfigurationException; import at.gv.egovernment.moa.id.config.TargetToSectorNameMapper; +import at.gv.egovernment.moa.id.config.auth.AuthConfigurationProvider; +import at.gv.egovernment.moa.id.config.auth.OAAuthParameter; import at.gv.egovernment.moa.logging.Logger; import at.gv.egovernment.moa.util.Constants; +import at.gv.egovernment.moa.util.MiscUtil; import at.gv.egovernment.moa.util.StringUtils; import at.gv.egovernment.moa.util.XPathUtils; @@ -55,6 +59,7 @@ public class CreateXMLSignatureResponseValidator { /** Xpath expression to the dsig:Signature element */ private static final String SIGNATURE_XPATH = Constants.DSIG_PREFIX + ":Signature"; + //private static final String XADES_SIGNINGTIME_PATH = Constants.XADES_1_1_1_NS_PREFIX + ":SigningTime"; /** Singleton instance. <code>null</code>, if none has been created. */ private static CreateXMLSignatureResponseValidator instance; @@ -208,7 +213,7 @@ public class CreateXMLSignatureResponseValidator { } if (samlAttribute.getNamespace().equals("http://reference.e-government.gv.at/namespace/moa/20020822#")) { foundOA = true; - if (!oaURL.equals((String)samlAttribute.getValue())) { // CHECKS für die AttributeVALUES fehlen noch + if (!oaURL.equals((String)samlAttribute.getValue())) { // CHECKS für die AttributeVALUES fehlen noch throw new ValidateException("validator.16", new Object[] {":gefunden wurde '" + oaURL + "', erwartet wurde '" + samlAttribute.getValue()}); } } else { @@ -231,7 +236,35 @@ public class CreateXMLSignatureResponseValidator { } else { throw new ValidateException("validator.35", null); } + + // check four attribute could be a special text + samlAttribute = samlAttributes[3 + offset]; + if (!samlAttribute.getName().equals("SpecialText")) { + throw new ValidateException( + "validator.37", + new Object[] {samlAttribute.getName(), "SpecialText", String.valueOf(3)}); + } + if (samlAttribute.getNamespace().equals("http://reference.e-government.gv.at/namespace/moa/20020822#")) { + String samlSpecialText = (String)samlAttribute.getValue(); + + String text = ""; + try { + OAAuthParameter oaparam = AuthConfigurationProvider.getInstance().getOnlineApplicationParameter(session.getPublicOAURLPrefix()); + if (MiscUtil.isNotEmpty(text = oaparam.getAditionalAuthBlockText())) + Logger.info("Use addional AuthBlock Text from OA=" + oaparam.getPublicURLPrefix()); + } catch (ConfigurationException e) { + Logger.warn("Addional AuthBlock Text can not loaded from OA!", e); + } + + String specialText = AuthenticationBlockAssertionBuilder.generateSpecialText(text, issuer, issueInstant); + if (!samlSpecialText.equals(specialText)) { + throw new ValidateException("validator.67", new Object[] {samlSpecialText, specialText}); + } + } else { + throw new ValidateException("validator.35", null); + } + // now check the extended SAML attributes int i = AuthenticationBlockAssertionBuilder.NUM_OF_SAML_ATTRIBUTES + offset; if (extendedSAMLAttributes != null) { @@ -309,4 +342,216 @@ public class CreateXMLSignatureResponseValidator { throw new ValidateException("validator.05", new Object[] {"im AUTHBlock"}) ; } } + + /** + * The Method validate is used for validating an explicit {@link CreateXMLSignatureResponse} + * @param createXMLSignatureResponse + * @param session + * @throws ValidateException + */ + public void validateSSO(CreateXMLSignatureResponse createXMLSignatureResponse, AuthenticationSession session) + throws ValidateException { + + // A3.056: more then one /saml:Assertion/saml:AttributeStatement/saml:Subject/saml:NameIdentifier + + String oaURL; + try { + oaURL = AuthConfigurationProvider.getInstance().getSSOPublicUrl(); + } catch (ConfigurationException e1) { + oaURL = new String(); + } + + IdentityLink identityLink = session.getIdentityLink(); + + Element samlAssertion = createXMLSignatureResponse.getSamlAssertion(); + String issuer = samlAssertion.getAttribute("Issuer"); + if (issuer == null) { + // should not happen, because parser would dedect this + throw new ValidateException("validator.32", null); + } + // replace ' in name with ' + issuer = issuer.replaceAll("'", "'"); + + String issueInstant = samlAssertion.getAttribute("IssueInstant"); + if (!issueInstant.equals(session.getIssueInstant())) { + throw new ValidateException("validator.39", new Object[] {issueInstant, session.getIssueInstant()}); + } + + String name = identityLink.getName(); + + if (!issuer.equals(name)) { + throw new ValidateException("validator.33", new Object[] {issuer, name}); + } + + SAMLAttribute[] samlAttributes = createXMLSignatureResponse.getSamlAttributes(); + + boolean foundOA = false; + boolean foundGB = false; + boolean foundWBPK = false; + int offset = 0; + + // check number of SAML aatributes + List extendedSAMLAttributes = session.getExtendedSAMLAttributesAUTH(); + int extendedSAMLAttributesNum = 0; + if (extendedSAMLAttributes != null) { + extendedSAMLAttributesNum = extendedSAMLAttributes.size(); + } + int expectedSAMLAttributeNumber = + AuthenticationBlockAssertionBuilder.NUM_OF_SAML_ATTRIBUTES_SSO + extendedSAMLAttributesNum; + if (!session.getSAMLAttributeGebeORwbpk()) expectedSAMLAttributeNumber--; + int actualSAMLAttributeNumber = samlAttributes.length; + if (actualSAMLAttributeNumber != expectedSAMLAttributeNumber) { + Logger.error("Wrong number of SAML attributes in CreateXMLSignatureResponse: expected " + + expectedSAMLAttributeNumber + ", but was " + actualSAMLAttributeNumber); + throw new ValidateException( + "validator.36", + new Object[] {String.valueOf(actualSAMLAttributeNumber), String.valueOf(expectedSAMLAttributeNumber)}); + } + + SAMLAttribute samlAttribute; + if (!session.getSAMLAttributeGebeORwbpk()) { + offset--; + } + + // check the first attribute (must be "OA") + samlAttribute = samlAttributes[0 + offset]; + if (!samlAttribute.getName().equals("OA")) { + throw new ValidateException( + "validator.37", + new Object[] {samlAttribute.getName(), "OA", String.valueOf(2)}); + } + if (samlAttribute.getNamespace().equals("http://reference.e-government.gv.at/namespace/moa/20020822#")) { + foundOA = true; + if (!oaURL.equals((String)samlAttribute.getValue())) { // CHECKS für die AttributeVALUES fehlen noch + throw new ValidateException("validator.16", new Object[] {":gefunden wurde '" + oaURL + "', erwartet wurde '" + samlAttribute.getValue()}); + } + } else { + throw new ValidateException("validator.15", null); + } + + // check the third attribute (must be "Geburtsdatum") + samlAttribute = samlAttributes[1 + offset]; + if (!samlAttribute.getName().equals("Geburtsdatum")) { + throw new ValidateException( + "validator.37", + new Object[] {samlAttribute.getName(), "Geburtsdatum", String.valueOf(3)}); + } + if (samlAttribute.getNamespace().equals("http://reference.e-government.gv.at/namespace/moa/20020822#")) { + String samlDateOfBirth = (String)samlAttribute.getValue(); + String dateOfBirth = identityLink.getDateOfBirth(); + if (!samlDateOfBirth.equals(dateOfBirth)) { + throw new ValidateException("validator.34", new Object[] {samlDateOfBirth, dateOfBirth}); + } + } else { + throw new ValidateException("validator.35", null); + } + + // check four attribute could be a special text + samlAttribute = samlAttributes[2 + offset]; + if (!samlAttribute.getName().equals("SpecialText")) { + throw new ValidateException( + "validator.37", + new Object[] {samlAttribute.getName(), "SpecialText", String.valueOf(3)}); + } + if (samlAttribute.getNamespace().equals("http://reference.e-government.gv.at/namespace/moa/20020822#")) { + String samlSpecialText = (String)samlAttribute.getValue(); + + String text = ""; + try { + if (MiscUtil.isNotEmpty(text = AuthConfigurationProvider.getInstance().getSSOSpecialText())) + Logger.info("Use addional AuthBlock Text from SSO=" +text); + else + text = new String(); + } catch (ConfigurationException e) { + Logger.warn("Addional AuthBlock Text can not loaded from SSO!", e); + } + + + String specialText = AuthenticationBlockAssertionBuilder.generateSpecialText(text, issuer, issueInstant); + if (!samlSpecialText.equals(specialText)) { + throw new ValidateException("validator.67", new Object[] {samlSpecialText, specialText}); + } + } else { + throw new ValidateException("validator.35", null); + } + + // now check the extended SAML attributes + int i = AuthenticationBlockAssertionBuilder.NUM_OF_SAML_ATTRIBUTES_SSO + offset; + if (extendedSAMLAttributes != null) { + Iterator it = extendedSAMLAttributes.iterator(); + while (it.hasNext()) { + ExtendedSAMLAttribute extendedSAMLAttribute = (ExtendedSAMLAttribute)it.next(); + samlAttribute = samlAttributes[i]; + String actualName = samlAttribute.getName(); + String expectedName = extendedSAMLAttribute.getName(); + if (!actualName.equals(expectedName)) { + throw new ValidateException( + "validator.38", + new Object[] {"Name", String.valueOf((i+1)), actualName, actualName, expectedName }); + } + String actualNamespace = samlAttribute.getNamespace(); + String expectedNamespace = extendedSAMLAttribute.getNameSpace(); + if (!actualNamespace.equals(expectedNamespace)) { + throw new ValidateException( + "validator.38", + new Object[] {"Namespace", String.valueOf((i+1)), actualName, actualNamespace, expectedNamespace, }); + } + Object expectedValue = extendedSAMLAttribute.getValue(); + Object actualValue = samlAttribute.getValue(); + try { + if (expectedValue instanceof String) { + // replace \r\n because text might be base64-encoded + String expValue = StringUtils.replaceAll((String)expectedValue,"\r",""); + expValue = StringUtils.replaceAll(expValue,"\n",""); + String actValue = StringUtils.replaceAll((String)actualValue,"\r",""); + actValue = StringUtils.replaceAll(actValue,"\n",""); + if (!expValue.equals(actValue)) { + throw new ValidateException( + "validator.38", + new Object[] {"Wert", String.valueOf((i+1)), actualName, actualValue, expectedValue }); + } + } else if (expectedValue instanceof Element) { + // only check the name of the element + String actualElementName = ((Element)actualValue).getNodeName(); + String expectedElementName = ((Element)expectedValue).getNodeName(); + if (!(expectedElementName.equals(actualElementName))){ + throw new ValidateException( + "validator.38", + new Object[] {"Wert", String.valueOf((i+1)), actualName, actualElementName, expectedElementName}); + } + } else { + // should not happen + throw new ValidateException( + "validator.38", + new Object[] {"Typ", String.valueOf((i+1)), expectedName, "java.lang.String oder org.wrc.dom.Element", expectedValue.getClass().getName()}); + } + } catch (ClassCastException e) { + throw new ValidateException( + "validator.38", + new Object[] {"Typ", String.valueOf((i+1)), expectedName, expectedValue.getClass().getName(), actualValue.getClass().getName()}); + } + i++; + } + } + + + if (!foundOA) throw new ValidateException("validator.14", null); + + //Check if dsig:Signature exists +// NodeList nl = createXMLSignatureResponse.getSamlAssertion().getElementsByTagNameNS(Constants.DSIG_NS_URI, "Signature"); +// if (nl.getLength() != 1) { +// throw new ValidateException("validator.05", null); +// } + Element dsigSignature = (Element) XPathUtils.selectSingleNode(samlAssertion, SIGNATURE_XPATH); + if (dsigSignature == null) { + throw new ValidateException("validator.05", new Object[] {"im AUTHBlock"}) ; + } + } + + public void validateSigningDateTime( CreateXMLSignatureResponse csresp) throws ValidateException { + + //TODO: insert Time validation!!!! + + } + } diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/validator/VerifyXMLSignatureResponseValidator.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/validator/VerifyXMLSignatureResponseValidator.java index 90282a28c..ed826c615 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/validator/VerifyXMLSignatureResponseValidator.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/validator/VerifyXMLSignatureResponseValidator.java @@ -35,6 +35,7 @@ import java.security.interfaces.RSAPublicKey; import java.util.List; import at.gv.egovernment.moa.id.auth.MOAIDAuthConstants; +import at.gv.egovernment.moa.id.auth.data.CreateXMLSignatureResponse; import at.gv.egovernment.moa.id.auth.data.IdentityLink; import at.gv.egovernment.moa.id.auth.data.VerifyXMLSignatureResponse; import at.gv.egovernment.moa.id.util.MOAIDMessageProvider; @@ -80,7 +81,7 @@ public class VerifyXMLSignatureResponseValidator { * @throws ValidateException on any validation error */ public void validate(VerifyXMLSignatureResponse verifyXMLSignatureResponse, - List identityLinkSignersSubjectDNNames, + List<String> identityLinkSignersSubjectDNNames, String whatToCheck, boolean ignoreManifestValidationResult) throws ValidateException { @@ -154,7 +155,7 @@ public class VerifyXMLSignatureResponseValidator { } } - + /** * Method validateCertificate. * @param verifyXMLSignatureResponse The VerifyXMLSignatureResponse diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/validator/parep/ParepInputProcessorImpl.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/validator/parep/ParepInputProcessorImpl.java index 576d9c358..a154c9ece 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/validator/parep/ParepInputProcessorImpl.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/validator/parep/ParepInputProcessorImpl.java @@ -83,241 +83,255 @@ public class ParepInputProcessorImpl implements ParepInputProcessor{ this.rpGivenName = rpGivenName;
this.rpDateOfBirth = rpDateOfBirth;
this.request = request;
- }
-
- /*
- * (non-Javadoc)
- *
- * @see at.gv.egovernment.moa.id.auth.validator.parep.ParepInputProcessor#start(boolean, String, String, String, String, String, String, String, String, String, String, String)
- */
- public String start(
- boolean physical, String familyName, String givenName, String dateOfBirth,
- String streetName, String buildingNumber, String unit, String postalCode, String municipality,
- String cbFullName, String cbIdentificationType, String cbIdentificationValue)
- {
- // Load the form
- String form = loadForm(
- physical, familyName, givenName, dateOfBirth,
- streetName, buildingNumber, unit, postalCode, municipality,
- cbFullName, cbIdentificationType, cbIdentificationValue, "");
- try {
- request.setMandator(familyName, givenName, dateOfBirth, postalCode, municipality, streetName, buildingNumber, unit, physical, cbFullName,
- cbIdentificationType, cbIdentificationValue);
- } catch (SZRGWClientException e) {
- //e.printStackTrace();
- Logger.info(e);
- return null;
- }
- return form;
- }
-
- /*
- * (non-Javadoc)
- *
- * @see at.gv.egovernment.moa.id.auth.validator.parep.ParepInputProcessor#validate(Map, String)
- */
- public String validate(Map parameters, String extErrortext)
- {
-
- // Process the gotten parameters
- String form = null;
- boolean formNecessary = false;
- if (!ParepUtils.isEmpty(extErrortext)) formNecessary = true;
- String locErrortext = "Folgende Parameter fehlen: ";
-
- String familyName = (String) parameters.get("familyname_");
- if (null == familyName) familyName ="";
- String givenName = (String) parameters.get("givenname_");
- if (null == givenName) givenName ="";
- boolean physical = "true".equals(parameters.get("physical_"));
- String dobday = (String) parameters.get("dobday_");
- if (null!=dobday && dobday.equalsIgnoreCase("TT")) dobday="";
- String dobmonth = (String) parameters.get("dobmonth_");
- if (null!=dobmonth && dobmonth.equalsIgnoreCase("MM")) dobmonth="";
- String dobyear = (String) parameters.get("dobyear_");
- if (null!=dobyear && dobyear.equalsIgnoreCase("JJJJ")) dobyear="";
- String dateOfBirth = "";
- dobyear = (" ".substring(0, 4-dobyear.length()) + dobyear);
- dobmonth = (" ".substring(0, 2-dobmonth.length()) + dobmonth);
- dobday = (" ".substring(0, 2-dobday.length()) + dobday);
- dateOfBirth = dobyear + "-" + dobmonth + "-" + dobday;
- String cbFullName = (String) parameters.get("fullname_");
- if (null == cbFullName) cbFullName ="";
- String cbIdentificationType = (String) parameters.get("cbidentificationtype_");
- if (null == cbIdentificationType) cbIdentificationType ="";
- String cbIdentificationValue = (String) parameters.get("cbidentificationvalue_");
- if (null == cbIdentificationValue) cbIdentificationValue ="";
- String postalCode = (String) parameters.get("postalcode_");
- if (null == postalCode) postalCode ="";
- String municipality = (String) parameters.get("municipality_");
- if (null == municipality) municipality ="";
- String streetName = (String) parameters.get("streetname_");
- if (null == streetName) streetName ="";
- String buildingNumber = (String) parameters.get("buildingnumber_");
- if (null == buildingNumber) buildingNumber ="";
- String unit = (String) parameters.get("unit_");
- if (null == unit) unit ="";
-
- if (physical) {
- if (ParepUtils.isEmpty(familyName)) {
- formNecessary = true;
- locErrortext = locErrortext + "Familienname";
- }
- if (ParepUtils.isEmpty(givenName)) {
- formNecessary = true;
- if (!locErrortext.endsWith(": ")) locErrortext = locErrortext + ", ";
- locErrortext = locErrortext + "Vorname";
- }
- // Auf existierendes Datum prüfen
- SimpleDateFormat format = new SimpleDateFormat("yyyy-MM-dd");
- format.setLenient(false); // Wir wollen keine künstliche Pareserintelligenz, nur Datum prüfen
- try {
- format.parse(dateOfBirth);
- }
- catch(ParseException pe)
- {
- formNecessary = true;
- if (!locErrortext.endsWith("fehlen: ")) locErrortext = locErrortext + ", ";
- locErrortext = locErrortext + "korrektes Geburtsdatum";
- }
- } else {
- if (ParepUtils.isEmpty(cbFullName) || ParepUtils.isEmpty(cbIdentificationType) || ParepUtils.isEmpty(cbIdentificationValue)) {
- formNecessary = true;
- if (ParepUtils.isEmpty(cbFullName)) {
- locErrortext = locErrortext + "Name der Organisation";
- }
- if (ParepUtils.isEmpty(cbIdentificationType)) {
- if (!locErrortext.endsWith("fehlen: ")) locErrortext = locErrortext + ", ";
- locErrortext = locErrortext + "Auswahl des Registers";
- }
- if (ParepUtils.isEmpty(cbIdentificationValue)) {
- if (!locErrortext.endsWith("fehlen: ")) locErrortext = locErrortext + ", ";
- locErrortext = locErrortext + "Ordnungsnummer im ausgewählten Register";
- }
- }
- }
- try {
- request.setMandator(familyName, givenName, dateOfBirth, postalCode, municipality, streetName, buildingNumber, unit, physical, cbFullName,
- cbIdentificationType, cbIdentificationValue);
- if (formNecessary) {
- // Daten noch nicht vollständig oder anderer Fehler
- if (locErrortext.endsWith("fehlen: ")) locErrortext ="";
- String error = "";
- if (!ParepUtils.isEmpty(extErrortext)) {
- error = extErrortext;
- if (!ParepUtils.isEmpty(locErrortext)) error = error + "; ";
- }
- if (!ParepUtils.isEmpty(locErrortext)) error = error + locErrortext;
- if (!ParepUtils.isEmpty(error)) {
- error = "<div class=\"errortext\"> <img alt=\"Rufezeichen\" src=\"img/rufezeichen.gif\" width=\"10\" height=\"16\" /> " + error + "</div>";
- }
- form = loadForm(physical, familyName, givenName, dateOfBirth, streetName, buildingNumber, unit, postalCode, municipality, cbFullName, cbIdentificationType, cbIdentificationValue, error);
- if (form == null) {
- return null;
- }
- } else {
- return ""; // everything is ok
- }
- } catch (Exception e) {
- //e.printStackTrace();
- Logger.info(e);
- return null;
- }
- return form;
- }
-
- /**
- * Loads the empty user input form and replaces tag occurences with given variables
- *
- * @param physical
- * @param familyName
- * @param givenName
- * @param dateOfBirth
- * @param streetName
- * @param buildingNumber
- * @param unit
- * @param postalCode
- * @param municipality
- * @param cbFullName
- * @param cbIdentificationType
- * @param cbIdentificationValue
- * @param errorText
- * @return
- */
- private String loadForm(
- boolean physical, String familyName, String givenName, String dateOfBirth,
- String streetName, String buildingNumber, String unit, String postalCode, String municipality,
- String cbFullName, String cbIdentificationType, String cbIdentificationValue, String errorText)
- {
- String form = "";
- try {
- String fileName = parepConfiguration.getInputProcessorTemplate(representationID);
- InputStream instream = null;
- File file = new File(fileName);
- if (file.exists()) {
- //if this resolves to a file, load it
- instream = new FileInputStream(fileName);
- } else {
- fileName = parepConfiguration.getFullDirectoryName(fileName);
- if (fileName.startsWith("file:\\")) fileName = fileName.substring(6);
- file = new File(fileName);
- if (file.exists()) {
- //if this resolves to a file, load it
- instream = new FileInputStream(fileName);
- } else {
- //else load a named resource in our classloader.
- instream = this.getClass().getResourceAsStream(parepConfiguration.getInputProcessorTemplate(representationID));
- if (instream == null) {
- Logger.error("Form Prozessor Input Template \"" + fileName + "\" fehlt");
- return null;
- }
- }
- }
- ByteArrayOutputStream bos = new ByteArrayOutputStream();
- ParepUtils.dumpInputOutputStream(instream, bos);
- form = bos.toString("UTF-8");
- } catch(Exception e) {
- Logger.error("Fehler beim Einlesen des Input-Templates.", e);
- }
-
- if (!ParepUtils.isEmpty(form)) {
- boolean cbEnabled = parepConfiguration.isRepresentingCorporateParty(representationID);
- boolean physEnabled = parepConfiguration.isRepresentingPhysicalParty(representationID);
- boolean reducedSelection = (!physEnabled || !cbEnabled);
- if (reducedSelection) {
- physical = !cbEnabled;//wird somit umgesetzt falls jur. Person nicht vetretbar
- }
- if (ParepUtils.isEmpty(dateOfBirth)) dateOfBirth = "JJJJ-MM-TT";
- form = ParepUtils.replaceAll(form, "<rpgivenname>", rpGivenName);
- form = ParepUtils.replaceAll(form, "<rpfamilyname>", rpFamilyName);
- form = ParepUtils.replaceAll(form, "<rpdobyear>", rpDateOfBirth.substring(0,4));
- form = ParepUtils.replaceAll(form, "<rpdobmonth>", rpDateOfBirth.substring(5,7));
- form = ParepUtils.replaceAll(form, "<rpdobday>", rpDateOfBirth.substring(8,10));
- //darf zw. phys. und jur. Person gewählt werden:
- //form = replaceAll(form, "seldisabled=\"\"", reducedSelection ? "disabled=\"true\"" : "");
- form = ParepUtils.replaceAll(form, "physdisabled=\"\"", physEnabled ? "" : "disabled=\"true\"");
- form = ParepUtils.replaceAll(form, "physselected=\"\"", physical ? "checked=\"checked\"" : "");
- form = ParepUtils.replaceAll(form, "<givenname>", givenName);
- form = ParepUtils.replaceAll(form, "<familyname>", familyName);
- form = ParepUtils.replaceAll(form, "<dobyear>", dateOfBirth.substring(0,4).trim());
- form = ParepUtils.replaceAll(form, "<dobmonth>", dateOfBirth.substring(5,7).trim());
- form = ParepUtils.replaceAll(form, "<dobday>", dateOfBirth.substring(8,10).trim());
- form = ParepUtils.replaceAll(form, "<streetname>", streetName);
- form = ParepUtils.replaceAll(form, "<buildingnumber>", buildingNumber);
- form = ParepUtils.replaceAll(form, "<unit>", unit);
- form = ParepUtils.replaceAll(form, "<postalcode>", postalCode);
- form = ParepUtils.replaceAll(form, "<municipality>", municipality);
- form = ParepUtils.replaceAll(form, "cbdisabled=\"\"", cbEnabled ? "" : "disabled=\"true\"");
- form = ParepUtils.replaceAll(form, "<fullname>", cbFullName);
- form = ParepUtils.replaceAll(form, "cbseldisabled=\"\"", cbEnabled ? "" : "disabled=\"disabled\"");
- form = ParepUtils.replaceAll(form, "cbselected=\"\"", physical ? "" : "checked=\"checked\"");
- form = ParepUtils.replaceAll(form, "fnselected=\"\"", cbIdentificationType.equals("urn:publicid:gv.at:baseid+XFN") ? "selected=\"selected\"" : "");
- form = ParepUtils.replaceAll(form, "vrselected=\"\"", cbIdentificationType.equals("urn:publicid:gv.at:baseid+XVR") ? "selected=\"selected\"" : "");
- form = ParepUtils.replaceAll(form, "ersbselected=\"\"", cbIdentificationType.equals("urn:publicid:gv.at:baseid+XERSB") ? "selected=\"selected\"" : "");
- form = ParepUtils.replaceAll(form, "<cbidentificationvalue>", cbIdentificationValue);
- form = ParepUtils.replaceAll(form, "<errortext>", errorText);
- }
- return form;
- }
+ } + +public String start(boolean physical, String familyName, String givenName, + String dateOfBirth, String streetName, String buildingNumber, + String unit, String postalCode, String municipality, String cbFullName, + String cbIdentificationType, String cbIdentificationValue) { + // TODO Auto-generated method stub + return null; +} + +public String validate(Map parameters, String extErrortext) { + // TODO Auto-generated method stub + return null; +}
+ + //TODO: check correctness
+// /*
+// * (non-Javadoc)
+// *
+// * @see at.gv.egovernment.moa.id.auth.validator.parep.ParepInputProcessor#start(boolean, String, String, String, String, String, String, String, String, String, String, String)
+// */
+// public String start(
+// boolean physical, String familyName, String givenName, String dateOfBirth,
+// String streetName, String buildingNumber, String unit, String postalCode, String municipality,
+// String cbFullName, String cbIdentificationType, String cbIdentificationValue)
+// {
+// // Load the form
+// String form = loadForm(
+// physical, familyName, givenName, dateOfBirth,
+// streetName, buildingNumber, unit, postalCode, municipality,
+// cbFullName, cbIdentificationType, cbIdentificationValue, "");
+// try {
+// request.setMandator(familyName, givenName, dateOfBirth, postalCode, municipality, streetName, buildingNumber, unit, physical, cbFullName,
+// cbIdentificationType, cbIdentificationValue);
+// } catch (SZRGWClientException e) {
+// //e.printStackTrace();
+// Logger.info(e);
+// return null;
+// }
+// return form;
+// }
+//
+// /*
+// * (non-Javadoc)
+// *
+// * @see at.gv.egovernment.moa.id.auth.validator.parep.ParepInputProcessor#validate(Map, String)
+// */
+// public String validate(Map parameters, String extErrortext)
+// {
+//
+// // Process the gotten parameters
+// String form = null;
+// boolean formNecessary = false;
+// if (!ParepUtils.isEmpty(extErrortext)) formNecessary = true;
+// String locErrortext = "Folgende Parameter fehlen: ";
+//
+// String familyName = (String) parameters.get("familyname_");
+// if (null == familyName) familyName ="";
+// String givenName = (String) parameters.get("givenname_");
+// if (null == givenName) givenName ="";
+// boolean physical = "true".equals(parameters.get("physical_"));
+// String dobday = (String) parameters.get("dobday_");
+// if (null!=dobday && dobday.equalsIgnoreCase("TT")) dobday="";
+// String dobmonth = (String) parameters.get("dobmonth_");
+// if (null!=dobmonth && dobmonth.equalsIgnoreCase("MM")) dobmonth="";
+// String dobyear = (String) parameters.get("dobyear_");
+// if (null!=dobyear && dobyear.equalsIgnoreCase("JJJJ")) dobyear="";
+// String dateOfBirth = "";
+// dobyear = (" ".substring(0, 4-dobyear.length()) + dobyear);
+// dobmonth = (" ".substring(0, 2-dobmonth.length()) + dobmonth);
+// dobday = (" ".substring(0, 2-dobday.length()) + dobday);
+// dateOfBirth = dobyear + "-" + dobmonth + "-" + dobday;
+// String cbFullName = (String) parameters.get("fullname_");
+// if (null == cbFullName) cbFullName ="";
+// String cbIdentificationType = (String) parameters.get("cbidentificationtype_");
+// if (null == cbIdentificationType) cbIdentificationType ="";
+// String cbIdentificationValue = (String) parameters.get("cbidentificationvalue_");
+// if (null == cbIdentificationValue) cbIdentificationValue ="";
+// String postalCode = (String) parameters.get("postalcode_");
+// if (null == postalCode) postalCode ="";
+// String municipality = (String) parameters.get("municipality_");
+// if (null == municipality) municipality ="";
+// String streetName = (String) parameters.get("streetname_");
+// if (null == streetName) streetName ="";
+// String buildingNumber = (String) parameters.get("buildingnumber_");
+// if (null == buildingNumber) buildingNumber ="";
+// String unit = (String) parameters.get("unit_");
+// if (null == unit) unit ="";
+//
+// if (physical) {
+// if (ParepUtils.isEmpty(familyName)) {
+// formNecessary = true;
+// locErrortext = locErrortext + "Familienname";
+// }
+// if (ParepUtils.isEmpty(givenName)) {
+// formNecessary = true;
+// if (!locErrortext.endsWith(": ")) locErrortext = locErrortext + ", ";
+// locErrortext = locErrortext + "Vorname";
+// }
+// // Auf existierendes Datum prüfen
+// SimpleDateFormat format = new SimpleDateFormat("yyyy-MM-dd");
+// format.setLenient(false); // Wir wollen keine künstliche Pareserintelligenz, nur Datum prüfen
+// try {
+// format.parse(dateOfBirth);
+// }
+// catch(ParseException pe)
+// {
+// formNecessary = true;
+// if (!locErrortext.endsWith("fehlen: ")) locErrortext = locErrortext + ", ";
+// locErrortext = locErrortext + "korrektes Geburtsdatum";
+// }
+// } else {
+// if (ParepUtils.isEmpty(cbFullName) || ParepUtils.isEmpty(cbIdentificationType) || ParepUtils.isEmpty(cbIdentificationValue)) {
+// formNecessary = true;
+// if (ParepUtils.isEmpty(cbFullName)) {
+// locErrortext = locErrortext + "Name der Organisation";
+// }
+// if (ParepUtils.isEmpty(cbIdentificationType)) {
+// if (!locErrortext.endsWith("fehlen: ")) locErrortext = locErrortext + ", ";
+// locErrortext = locErrortext + "Auswahl des Registers";
+// }
+// if (ParepUtils.isEmpty(cbIdentificationValue)) {
+// if (!locErrortext.endsWith("fehlen: ")) locErrortext = locErrortext + ", ";
+// locErrortext = locErrortext + "Ordnungsnummer im ausgewählten Register";
+// }
+// }
+// }
+// try {
+// request.setMandator(familyName, givenName, dateOfBirth, postalCode, municipality, streetName, buildingNumber, unit, physical, cbFullName,
+// cbIdentificationType, cbIdentificationValue);
+// if (formNecessary) {
+// // Daten noch nicht vollständig oder anderer Fehler
+// if (locErrortext.endsWith("fehlen: ")) locErrortext ="";
+// String error = "";
+// if (!ParepUtils.isEmpty(extErrortext)) {
+// error = extErrortext;
+// if (!ParepUtils.isEmpty(locErrortext)) error = error + "; ";
+// }
+// if (!ParepUtils.isEmpty(locErrortext)) error = error + locErrortext;
+// if (!ParepUtils.isEmpty(error)) {
+// error = "<div class=\"errortext\"> <img alt=\"Rufezeichen\" src=\"img/rufezeichen.gif\" width=\"10\" height=\"16\" /> " + error + "</div>";
+// }
+// form = loadForm(physical, familyName, givenName, dateOfBirth, streetName, buildingNumber, unit, postalCode, municipality, cbFullName, cbIdentificationType, cbIdentificationValue, error);
+// if (form == null) {
+// return null;
+// }
+// } else {
+// return ""; // everything is ok
+// }
+// } catch (Exception e) {
+// //e.printStackTrace();
+// Logger.info(e);
+// return null;
+// }
+// return form;
+// }
+//
+// /**
+// * Loads the empty user input form and replaces tag occurences with given variables
+// *
+// * @param physical
+// * @param familyName
+// * @param givenName
+// * @param dateOfBirth
+// * @param streetName
+// * @param buildingNumber
+// * @param unit
+// * @param postalCode
+// * @param municipality
+// * @param cbFullName
+// * @param cbIdentificationType
+// * @param cbIdentificationValue
+// * @param errorText
+// * @return
+// */
+// private String loadForm(
+// boolean physical, String familyName, String givenName, String dateOfBirth,
+// String streetName, String buildingNumber, String unit, String postalCode, String municipality,
+// String cbFullName, String cbIdentificationType, String cbIdentificationValue, String errorText)
+// {
+// String form = "";
+// try {
+// String fileName = parepConfiguration.getInputProcessorTemplate(representationID);
+// InputStream instream = null;
+// File file = new File(fileName);
+// if (file.exists()) {
+// //if this resolves to a file, load it
+// instream = new FileInputStream(fileName);
+// } else {
+// fileName = parepConfiguration.getFullDirectoryName(fileName);
+// if (fileName.startsWith("file:\\")) fileName = fileName.substring(6);
+// file = new File(fileName);
+// if (file.exists()) {
+// //if this resolves to a file, load it
+// instream = new FileInputStream(fileName);
+// } else {
+// //else load a named resource in our classloader.
+// instream = this.getClass().getResourceAsStream(parepConfiguration.getInputProcessorTemplate(representationID));
+// if (instream == null) {
+// Logger.error("Form Prozessor Input Template \"" + fileName + "\" fehlt");
+// return null;
+// }
+// }
+// }
+// ByteArrayOutputStream bos = new ByteArrayOutputStream();
+// ParepUtils.dumpInputOutputStream(instream, bos);
+// form = bos.toString("UTF-8");
+// } catch(Exception e) {
+// Logger.error("Fehler beim Einlesen des Input-Templates.", e);
+// }
+//
+// if (!ParepUtils.isEmpty(form)) {
+// boolean cbEnabled = parepConfiguration.isRepresentingCorporateParty(representationID);
+// boolean physEnabled = parepConfiguration.isRepresentingPhysicalParty(representationID);
+// boolean reducedSelection = (!physEnabled || !cbEnabled);
+// if (reducedSelection) {
+// physical = !cbEnabled;//wird somit umgesetzt falls jur. Person nicht vetretbar
+// }
+// if (ParepUtils.isEmpty(dateOfBirth)) dateOfBirth = "JJJJ-MM-TT";
+// form = ParepUtils.replaceAll(form, "<rpgivenname>", rpGivenName);
+// form = ParepUtils.replaceAll(form, "<rpfamilyname>", rpFamilyName);
+// form = ParepUtils.replaceAll(form, "<rpdobyear>", rpDateOfBirth.substring(0,4));
+// form = ParepUtils.replaceAll(form, "<rpdobmonth>", rpDateOfBirth.substring(5,7));
+// form = ParepUtils.replaceAll(form, "<rpdobday>", rpDateOfBirth.substring(8,10));
+// //darf zw. phys. und jur. Person gewählt werden:
+// //form = replaceAll(form, "seldisabled=\"\"", reducedSelection ? "disabled=\"true\"" : "");
+// form = ParepUtils.replaceAll(form, "physdisabled=\"\"", physEnabled ? "" : "disabled=\"true\"");
+// form = ParepUtils.replaceAll(form, "physselected=\"\"", physical ? "checked=\"checked\"" : "");
+// form = ParepUtils.replaceAll(form, "<givenname>", givenName);
+// form = ParepUtils.replaceAll(form, "<familyname>", familyName);
+// form = ParepUtils.replaceAll(form, "<dobyear>", dateOfBirth.substring(0,4).trim());
+// form = ParepUtils.replaceAll(form, "<dobmonth>", dateOfBirth.substring(5,7).trim());
+// form = ParepUtils.replaceAll(form, "<dobday>", dateOfBirth.substring(8,10).trim());
+// form = ParepUtils.replaceAll(form, "<streetname>", streetName);
+// form = ParepUtils.replaceAll(form, "<buildingnumber>", buildingNumber);
+// form = ParepUtils.replaceAll(form, "<unit>", unit);
+// form = ParepUtils.replaceAll(form, "<postalcode>", postalCode);
+// form = ParepUtils.replaceAll(form, "<municipality>", municipality);
+// form = ParepUtils.replaceAll(form, "cbdisabled=\"\"", cbEnabled ? "" : "disabled=\"true\"");
+// form = ParepUtils.replaceAll(form, "<fullname>", cbFullName);
+// form = ParepUtils.replaceAll(form, "cbseldisabled=\"\"", cbEnabled ? "" : "disabled=\"disabled\"");
+// form = ParepUtils.replaceAll(form, "cbselected=\"\"", physical ? "" : "checked=\"checked\"");
+// form = ParepUtils.replaceAll(form, "fnselected=\"\"", cbIdentificationType.equals("urn:publicid:gv.at:baseid+XFN") ? "selected=\"selected\"" : "");
+// form = ParepUtils.replaceAll(form, "vrselected=\"\"", cbIdentificationType.equals("urn:publicid:gv.at:baseid+XVR") ? "selected=\"selected\"" : "");
+// form = ParepUtils.replaceAll(form, "ersbselected=\"\"", cbIdentificationType.equals("urn:publicid:gv.at:baseid+XERSB") ? "selected=\"selected\"" : "");
+// form = ParepUtils.replaceAll(form, "<cbidentificationvalue>", cbIdentificationValue);
+// form = ParepUtils.replaceAll(form, "<errortext>", errorText);
+// }
+// return form;
+// }
}
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/validator/parep/ParepUtils.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/validator/parep/ParepUtils.java index 5eeaa5d3d..ab7a134c8 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/validator/parep/ParepUtils.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/validator/parep/ParepUtils.java @@ -650,7 +650,7 @@ public class ParepUtils { if (ParepUtils.isEmpty(register)) return null;
if (register.equals("FN") || register.equals("XFN")) return "Firmenbuchnummer";
if (register.equals("VR") || register.equals("XZVR") || register.equals("XVR") || register.equals("ZVR")) return "Nummer im Vereinsregister";
- if (register.equals("ERSB") || register.equals("XERSB")) return "Nummer im Ergänzungsregister für sonstige Betroffene";
+ if (register.equals("ERSB") || register.equals("XERSB")) return "Nummer im Ergänzungsregister für sonstige Betroffene";
return null;
}
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/validator/parep/ParepValidator.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/validator/parep/ParepValidator.java index 7bd6f5e28..f2f897432 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/validator/parep/ParepValidator.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/validator/parep/ParepValidator.java @@ -61,547 +61,583 @@ import at.gv.egovernment.moa.util.Constants; *
* @author <a href="mailto:peter.danner@egiz.gv.at">Peter Danner
*/
-public class ParepValidator implements InfoboxValidator {
-
- /** activates debug settings */
- private boolean PAREP_DEBUG = false;
-
- /** contains the parameters the validator initially was called with */
- private InfoboxValidatorParams params = null;
-
- /** contains the configuration of the validator */
- private ParepConfiguration parepConfiguration = null;
-
- /** the requested representation ID (currently * or OID) */
- private String representationID = null;
-
- /** holds the information of the SZR-request */
- private CreateMandateRequest request = null;
-
- /** List of extended SAML attributes. */
- private Vector extendedSamlAttributes = new Vector();
-
- /** the class which processes the user input */
- private ParepInputProcessor inputProcessor = null;
-
- /** The form if user input is necessary */
- private String form = null;
-
- /** unspecified error of parep-validator (must not know more about)*/
- private final static String COMMON_ERROR = "Es ist ein Fehler bei der Überprüfung für berufsmäßige Parteienvetretung aufgetreten";
-
- /** Default class to gather remaining mandator data. */
- public final static String PAREP_INPUT_PROCESSOR = "at.gv.egovernment.moa.id.auth.validator.parep.ParepInputProcessorImpl";
-
- /** Default template to gather remaining mandator data. */
- public final static String PAREP_INPUT_TEMPLATE = "/resources/templates/ParepMinTemplate.html";
-
- /** kind of representation text in AUTH block*/
- public final static String STANDARD_REPRESENTATION_TEXT = "berufsmäßige(r) Parteienvertreter(in)";
-
- /** Names of the produced SAML-attributes. */
- public final static String EXT_SAML_MANDATE_RAW = "Mandate";
- public final static String EXT_SAML_MANDATE_NAME = "MandatorName";
- public final static String EXT_SAML_MANDATE_DOB = "MandatorDateOfBirth";
- public final static String EXT_SAML_MANDATE_WBPK = "MandatorWbpk";
- public final static String EXT_SAML_MANDATE_REPRESENTATIONTYPE = "RepresentationType"; +public class ParepValidator implements InfoboxValidator { + public final static String EXT_SAML_MANDATE_OIDTEXTUALDESCRIPTION = "OIDTextualDescription"; public final static String EXT_SAML_MANDATE_OID = "OID"; + public final static String EXT_SAML_MANDATE_RAW = "Mandate"; + public final static String EXT_SAML_MANDATE_NAME = "MandatorName"; + public final static String EXT_SAML_MANDATE_DOB = "MandatorDateOfBirth"; + public final static String EXT_SAML_MANDATE_WBPK = "MandatorWbpk"; + public final static String EXT_SAML_MANDATE_REPRESENTATIONTYPE = "RepresentationType"; + public final static String EXT_SAML_MANDATE_REPRESENTATIONTEXT = "Vollmachtsvertreter"; + public final static String EXT_SAML_MANDATE_CB_BASE_ID = "MandatorDomainIdentifier"; - /** */ - public final static String EXT_SAML_MANDATE_REPRESENTATIONTEXT = "Vollmachtsvertreter";
-
- /** register and register number for non physical persons - the domain identifier for business applications*/
- public final static String EXT_SAML_MANDATE_CB_BASE_ID = "MandatorDomainIdentifier";
-
- /**
- * Parses the XML configuration element and creates the validators configuration
- * Use this function if you want to preconfigure the validator.
- *
- * @param configElem
- * the XML configuration element to parse.
- * @throws ConfigurationException
- * if an error occurs during the configuration process
- */
- public void Configure(Element configElem) throws ConfigurationException {
- if (this.parepConfiguration == null) {
- Logger.debug("Lade Konfiguration.");
- parepConfiguration = new ParepConfiguration(configElem);
- Logger.debug("Konfiguration erfolgreich geladen.");
- }
- }
-
- /*
- * (non-Javadoc)
- *
- * @see at.gv.egovernment.moa.id.auth.validator.InfoboxValidator#validate(at.gv.egovernment.moa.id.auth.data.InfoboxValidatorParams)
- */
- public InfoboxValidationResult validate(InfoboxValidatorParams params) throws ValidateException {
-
- InfoboxValidationResultImpl validationResult = new InfoboxValidationResultImpl(false, null, null);
-
- try {
- Logger.debug("Starte Organwalter-/berufsmäßige Parteienvertreterprüfung.");
- this.params = params;
-
- Element mandate = extractPrimaryToken(this.params.getInfoboxTokenList());
- // ParepUtils.serializeElement(mandate, System.out);
- this.representationID = ParepUtils.extractRepresentativeID(mandate);
- if (ParepUtils.isEmpty(representationID)) {
- validationResult.setErrorMessage("Fehlende oder falsche MandateID in standardisierter Vollmacht");
- return validationResult;
- }
-
- // Überprüfen der Identifikation (Type/Value).
- String identificationType = this.params.getIdentificationType();
- String identificationValue = this.params.getIdentificationValue();
- if (this.params.getBusinessApplication()) {
- if (representationID.startsWith(MOAIDAuthConstants.PARTY_ORGAN_REPRESENTATION_OID_NUMBER)) {
- validationResult.setErrorMessage("Eine Vertretung durch Organwalter im privatwirtschaftlichen Bereich ist nicht vorgesehen.");
- return validationResult;
-
- } else {
- Logger.debug("Parteienvertreter wird mit wbPK identifiziert");
- }
- } else {
- if (representationID.startsWith(MOAIDAuthConstants.PARTY_ORGAN_REPRESENTATION_OID_NUMBER)) {
- //Für Organwalter wird die Stammzahl zur Berechnung der Organwalter-bPK benötigt
- if (!Constants.URN_PREFIX_BASEID.equals(this.params.getIdentificationType())) {
- Logger.error("Für eine Vertretung durch Organwalter ist es notwendig dessen Stammzahl an das Stammzahlenregister-Gateway zu übermitteln. In der MOA-ID Konfiguration muss die Übermittlung Stammzahl aktiviert sein.");
- validationResult.setErrorMessage("Die standardisierte Vollmacht wird von diesem Server nicht akzeptiert.");
- return validationResult;
- } else {
- Logger.debug("Organwalter wird mit Stammzahl identifiziert");
- }
- } else {
- if (Constants.URN_PREFIX_BASEID.equals(this.params.getIdentificationType())) {
- // bPK berechnen, da dem SZR-Gateway das Target nicht bekannt ist
- identificationType = Constants.URN_PREFIX_CDID;
- String bpkBase64 = new BPKBuilder().buildBPK(this.params.getIdentificationValue(), this.params.getTarget());
- identificationValue = bpkBase64;
- Logger.debug("bPK für Parteienvertreter wurde berechnet. Parteienvertreter wird mit bPK identifiziert");
- } else {
- Logger.debug("Parteienvertreter wird mit bPK identifiziert");
- }
- }
- }
-
- Configure(this.params.getApplicationSpecificParams());
- // check if we have a configured party representative for that
- if (!parepConfiguration.isPartyRepresentative(representationID)) {
- Logger.info("Kein berufsmäßiger Parteienvertreter für MandateID \"" + representationID + "\" konfiguriert.");
- validationResult.setErrorMessage("Die standardisierte Vollmacht wird von diesem Server nicht akzeptiert.");
- return validationResult;
- }
-
- // Vertreter
- this.request = new CreateMandateRequest();
- request.setRepresentative(this.params, identificationType, identificationValue);
- // ParepUtils.serializeElement(request.getRepresentative(), System.out);
- //ParepUtils.saveElementToFile(request.getRepresentative(), new File("c:/representative.xml"));
-
- Logger.debug("Prüfe vorausgefüllte Daten...");
- boolean physical = true;
- String familyName = "";
- String givenName = "";
- String dateOfBirth = "";
- String cbFullName = "";
- String cbIdentificationType = "";
- String cbIdentificationValue = "";
- String postalCode = "";
- String municipality = "";
- String streetName = "";
- String buildingNumber = "";
- String unit = "";
-
- boolean formNecessary = false;
- // Vertretener (erstes Vorkommen)
- Element mandator = ParepUtils.extractMandator(mandate);
- if (mandator != null) {
- // ParepUtils.serializeElement(mandator, System.out);
- // ParepUtils.saveElementToFile(mandator, new File("c:/mandator.xml"));
- if (ParepUtils.isPhysicalPerson(mandator)) {
- familyName = ParepUtils.extractText(mandator, "descendant-or-self::pr:Name/pr:FamilyName/text()");
- givenName = ParepUtils.extractText(mandator, "descendant-or-self::pr:Name/pr:GivenName/text()");
- dateOfBirth = ParepUtils.extractMandatorDateOfBirth(mandator);
- } else {
- physical = false;
- cbFullName = ParepUtils.extractMandatorFullName(mandator);
- cbIdentificationType = ParepUtils.getIdentification(mandator, "Type");
- cbIdentificationValue = ParepUtils.extractMandatorWbpk(mandator);
- }
- postalCode = ParepUtils.extractText(mandator, "descendant-or-self::pr:PostalAddress/pr:PostalCode/text()");
- municipality = ParepUtils.extractText(mandator, "descendant-or-self::pr:PostalAddress/pr:Municipality/text()");
- streetName = ParepUtils.extractText(mandator, "descendant-or-self::pr:PostalAddress/pr:DeliveryAddress/pr:StreetName/text()");
- buildingNumber = ParepUtils.extractText(mandator, "descendant-or-self::pr:PostalAddress/pr:DeliveryAddress/pr:BuildingNumber/text()");
- unit = ParepUtils.extractText(mandator, "descendant-or-self::pr:PostalAddress/pr:DeliveryAddress/pr:Unit/text()");
-
- }
- if (physical) {
- if (!parepConfiguration.isRepresentingPhysicalParty(representationID)) {
- validationResult.setErrorMessage("Vertretung von natürlichen Personen für diese standardisierte Vollmacht nicht erlaubt.");
- return validationResult;
- }
- if (ParepUtils.isEmpty(familyName) || ParepUtils.isEmpty(givenName) || ParepUtils.isEmpty(dateOfBirth)) {
- formNecessary = true;
- }
- } else {
- if (!parepConfiguration.isRepresentingCorporateParty(representationID)) {
- validationResult.setErrorMessage("Vertretung von juristischen Personen für diese standardisierte Vollmacht nicht erlaubt.");
- return validationResult;
- }
- if (ParepUtils.isEmpty(cbFullName) || ParepUtils.isEmpty(cbIdentificationType) || ParepUtils.isEmpty(cbIdentificationValue)) {
- formNecessary = true;
- }
- }
-
- //Zeigen wir, dass die Daten übernommen wurden:
- if (parepConfiguration.isAlwaysShowForm()) formNecessary=true;
-
- // Input processor
- this.form = "";
- if (formNecessary) {
- ParepInputProcessor inputProcessor= getInputProcessor();
- this.form = inputProcessor.start(
- physical, familyName, givenName, dateOfBirth, streetName, buildingNumber, unit, postalCode, municipality,
- cbFullName, cbIdentificationType, cbIdentificationValue);
- if (this.form == null) {
- validationResult.setErrorMessage(ParepValidator.COMMON_ERROR);
- return validationResult;
- }
- } else {
- // Request vorbereiten mit vorgegebenen Daten
- request.setMandator(familyName, givenName, dateOfBirth, postalCode, municipality, streetName, buildingNumber, unit, physical, cbFullName,
- cbIdentificationType, cbIdentificationValue);
- }
-
-
- // ParepUtils.serializeElement(request.getMandator(), System.out);
- // ParepUtils.saveElementToFile(request.getMandator(), new File("c:/mandator.xml"));
-
- addAuthBlockExtendedSamlAttributes();
- validationResult.setExtendedSamlAttributes(getExtendedSamlAttributes());
- Logger.debug("Überprüfung der vertretenen Partei erfolgreich beendet");
- validationResult.setValid(true);
- return validationResult;
- } catch (Exception e) {
- e.printStackTrace();
- Logger.info(e);
- validationResult.setErrorMessage(ParepValidator.COMMON_ERROR);
- return validationResult;
- }
- }
-
- /*
- * (non-Javadoc)
- *
- * @see at.gv.egovernment.moa.id.auth.validator.InfoboxValidator#validate(java.util.Map)
- */
- public InfoboxValidationResult validate(Map parameters) throws ValidateException {
-
- InfoboxValidationResultImpl validationResult = new InfoboxValidationResultImpl(false, null, null);
- Logger.debug("Intermediate processing von Organwalter-/berufsmäßige Parteienvertreterprüfung");
- Logger.debug("Prüfe im Formular ausgefüllte Daten...");
- if (PAREP_DEBUG) Logger.debug("Got parameters from user input form: " + parameters.toString());
-
- // Input processor
- ParepInputProcessor inputProcessor= getInputProcessor();
- this.form = inputProcessor.validate(parameters, null);
- if (this.form == null) {
- validationResult.setErrorMessage(ParepValidator.COMMON_ERROR);
- return validationResult;
- }
-
- addAuthBlockExtendedSamlAttributes();
- validationResult.setExtendedSamlAttributes(getExtendedSamlAttributes());
- validationResult.setValid(true);
- Logger.debug("Intermediate processing von Organwalter-/berufsmäßige Parteienvertreterprüfung erfolgreich beendet");
- return validationResult;
- }
-
- /*
- * (non-Javadoc)
- *
- * @see at.gv.egovernment.moa.id.auth.validator.InfoboxValidator#validate(org.w3c.dom.Element)
- */
- public InfoboxValidationResult validate(Element samlAssertion) throws ValidateException {
-
- InfoboxValidationResultImpl validationResult = new InfoboxValidationResultImpl(false, null, null);
- Logger.debug("Post processing von Organwalter-/berufsmäßige Parteienvertreterprüfung");
- this.form = "";
- try {
-
-
- request.setSignature(samlAssertion);
-
-//DPO debug
-// Element mandate = (ParepUtils.readDocFromIs(new FileInputStream("c:/vertetervollmacht_1.2.40.0.10.3.1_origin-fixed.xml"))).getDocumentElement();
-// String id = representationID;
+ + public InfoboxValidationResult validate(InfoboxValidatorParams params) + throws ValidateException { + // TODO Auto-generated method stub + return null; + } + + public InfoboxValidationResult validate(Map parameters) + throws ValidateException { + // TODO Auto-generated method stub + return null; + } + + public InfoboxValidationResult validate(Element samlAssertion) + throws ValidateException { + // TODO Auto-generated method stub + return null; + } + + public String getForm() { + // TODO Auto-generated method stub + return null; + }
+ + + //TODO: check correctness!!!!
+// /** activates debug settings */
+// private boolean PAREP_DEBUG = false;
+//
+// /** contains the parameters the validator initially was called with */
+// private InfoboxValidatorParams params = null;
+//
+// /** contains the configuration of the validator */
+// private ParepConfiguration parepConfiguration = null;
+//
+// /** the requested representation ID (currently * or OID) */
+// private String representationID = null;
+//
+// /** holds the information of the SZR-request */
+// private CreateMandateRequest request = null;
+//
+// /** List of extended SAML attributes. */
+// private Vector extendedSamlAttributes = new Vector();
+//
+// /** the class which processes the user input */
+// private ParepInputProcessor inputProcessor = null;
+//
+// /** The form if user input is necessary */
+// private String form = null;
+//
+// /** unspecified error of parep-validator (must not know more about)*/
+// private final static String COMMON_ERROR = "Es ist ein Fehler bei der �berpr�fung f�r berufsm��ige Parteienvetretung aufgetreten";
+//
+// /** Default class to gather remaining mandator data. */
+// public final static String PAREP_INPUT_PROCESSOR = "at.gv.egovernment.moa.id.auth.validator.parep.ParepInputProcessorImpl";
+//
+// /** Default template to gather remaining mandator data. */
+// public final static String PAREP_INPUT_TEMPLATE = "/resources/templates/ParepMinTemplate.html";
+//
+// /** kind of representation text in AUTH block*/
+// public final static String STANDARD_REPRESENTATION_TEXT = "berufsm��ige(r) Parteienvertreter(in)";
+//
+// /** Names of the produced SAML-attributes. */
+// public final static String EXT_SAML_MANDATE_RAW = "Mandate";
+// public final static String EXT_SAML_MANDATE_NAME = "MandatorName";
+// public final static String EXT_SAML_MANDATE_DOB = "MandatorDateOfBirth";
+// public final static String EXT_SAML_MANDATE_WBPK = "MandatorWbpk";
+// public final static String EXT_SAML_MANDATE_REPRESENTATIONTYPE = "RepresentationType"; +// public final static String EXT_SAML_MANDATE_OIDTEXTUALDESCRIPTION = "OIDTextualDescription"; +// public final static String EXT_SAML_MANDATE_OID = "OID"; +// +// /** */ +// public final static String EXT_SAML_MANDATE_REPRESENTATIONTEXT = "Vollmachtsvertreter";
+//
+// /** register and register number for non physical persons - the domain identifier for business applications*/
+// public final static String EXT_SAML_MANDATE_CB_BASE_ID = "MandatorDomainIdentifier";
+//
+// /**
+// * Parses the XML configuration element and creates the validators configuration
+// * Use this function if you want to preconfigure the validator.
+// *
+// * @param configElem
+// * the XML configuration element to parse.
+// * @throws ConfigurationException
+// * if an error occurs during the configuration process
+// */
+// public void Configure(Element configElem) throws ConfigurationException {
+// if (this.parepConfiguration == null) {
+// Logger.debug("Lade Konfiguration.");
+// parepConfiguration = new ParepConfiguration(configElem);
+// Logger.debug("Konfiguration erfolgreich geladen.");
+// }
+// }
+//
+// /*
+// * (non-Javadoc)
+// *
+// * @see at.gv.egovernment.moa.id.auth.validator.InfoboxValidator#validate(at.gv.egovernment.moa.id.auth.data.InfoboxValidatorParams)
+// */
+// public InfoboxValidationResult validate(InfoboxValidatorParams params) throws ValidateException {
+//
+// InfoboxValidationResultImpl validationResult = new InfoboxValidationResultImpl(false, null, null);
+//
+// try {
+// Logger.debug("Starte Organwalter-/berufsmäßige Parteienvertreterprüfung.");
+// this.params = params;
+//
+// Element mandate = extractPrimaryToken(this.params.getInfoboxTokenList());
+// // ParepUtils.serializeElement(mandate, System.out);
+// this.representationID = ParepUtils.extractRepresentativeID(mandate);
+// if (ParepUtils.isEmpty(representationID)) {
+// validationResult.setErrorMessage("Fehlende oder falsche MandateID in standardisierter Vollmacht");
+// return validationResult;
+// }
+//
+// // überprüfen der Identifikation (Type/Value).
+// String identificationType = this.params.getIdentificationType();
+// String identificationValue = this.params.getIdentificationValue();
+// if (this.params.getBusinessApplication()) {
+// if (representationID.startsWith(MOAIDAuthConstants.PARTY_ORGAN_REPRESENTATION_OID_NUMBER)) {
+// validationResult.setErrorMessage("Eine Vertretung durch Organwalter im privatwirtschaftlichen Bereich ist nicht vorgesehen.");
+// return validationResult;
+//
+// } else {
+// Logger.debug("Parteienvertreter wird mit wbPK identifiziert");
+// }
+// } else {
+// if (representationID.startsWith(MOAIDAuthConstants.PARTY_ORGAN_REPRESENTATION_OID_NUMBER)) {
+// //Für Organwalter wird die Stammzahl zur Berechnung der Organwalter-bPK benötigt
+// if (!Constants.URN_PREFIX_BASEID.equals(this.params.getIdentificationType())) {
+// Logger.error("Für eine Vertretung durch Organwalter ist es notwendig dessen Stammzahl an das Stammzahlenregister-Gateway zu �bermitteln. In der MOA-ID Konfiguration muss die �bermittlung Stammzahl aktiviert sein.");
+// validationResult.setErrorMessage("Die standardisierte Vollmacht wird von diesem Server nicht akzeptiert.");
+// return validationResult;
+// } else {
+// Logger.debug("Organwalter wird mit Stammzahl identifiziert");
+// }
+// } else {
+// if (Constants.URN_PREFIX_BASEID.equals(this.params.getIdentificationType())) {
+// // bPK berechnen, da dem SZR-Gateway das Target nicht bekannt ist
+// identificationType = Constants.URN_PREFIX_CDID;
+// String bpkBase64 = new BPKBuilder().buildBPK(this.params.getIdentificationValue(), this.params.getTarget());
+// identificationValue = bpkBase64;
+// Logger.debug("bPK für Parteienvertreter wurde berechnet. Parteienvertreter wird mit bPK identifiziert");
+// } else {
+// Logger.debug("Parteienvertreter wird mit bPK identifiziert");
+// }
+// }
+// }
+//
+// Configure(this.params.getApplicationSpecificParams());
+// // check if we have a configured party representative for that
+// if (!parepConfiguration.isPartyRepresentative(representationID)) {
+// Logger.info("Kein berufsmäßiger Parteienvertreter für MandateID \"" + representationID + "\" konfiguriert.");
+// validationResult.setErrorMessage("Die standardisierte Vollmacht wird von diesem Server nicht akzeptiert.");
+// return validationResult;
+// }
+//
+// // Vertreter
+// this.request = new CreateMandateRequest();
+// request.setRepresentative(this.params, identificationType, identificationValue);
+// // ParepUtils.serializeElement(request.getRepresentative(), System.out);
+// //ParepUtils.saveElementToFile(request.getRepresentative(), new File("c:/representative.xml"));
+//
+// Logger.debug("Prüfe vorausgefüllte Daten...");
+// boolean physical = true;
+// String familyName = "";
+// String givenName = "";
+// String dateOfBirth = "";
+// String cbFullName = "";
+// String cbIdentificationType = "";
+// String cbIdentificationValue = "";
+// String postalCode = "";
+// String municipality = "";
+// String streetName = "";
+// String buildingNumber = "";
+// String unit = "";
+//
+// boolean formNecessary = false;
+// // Vertretener (erstes Vorkommen)
+// Element mandator = ParepUtils.extractMandator(mandate);
+// if (mandator != null) {
+// // ParepUtils.serializeElement(mandator, System.out);
+// // ParepUtils.saveElementToFile(mandator, new File("c:/mandator.xml"));
+// if (ParepUtils.isPhysicalPerson(mandator)) {
+// familyName = ParepUtils.extractText(mandator, "descendant-or-self::pr:Name/pr:FamilyName/text()");
+// givenName = ParepUtils.extractText(mandator, "descendant-or-self::pr:Name/pr:GivenName/text()");
+// dateOfBirth = ParepUtils.extractMandatorDateOfBirth(mandator);
+// } else {
+// physical = false;
+// cbFullName = ParepUtils.extractMandatorFullName(mandator);
+// cbIdentificationType = ParepUtils.getIdentification(mandator, "Type");
+// cbIdentificationValue = ParepUtils.extractMandatorWbpk(mandator);
+// }
+// postalCode = ParepUtils.extractText(mandator, "descendant-or-self::pr:PostalAddress/pr:PostalCode/text()");
+// municipality = ParepUtils.extractText(mandator, "descendant-or-self::pr:PostalAddress/pr:Municipality/text()");
+// streetName = ParepUtils.extractText(mandator, "descendant-or-self::pr:PostalAddress/pr:DeliveryAddress/pr:StreetName/text()");
+// buildingNumber = ParepUtils.extractText(mandator, "descendant-or-self::pr:PostalAddress/pr:DeliveryAddress/pr:BuildingNumber/text()");
+// unit = ParepUtils.extractText(mandator, "descendant-or-self::pr:PostalAddress/pr:DeliveryAddress/pr:Unit/text()");
+//
+// }
+// if (physical) {
+// if (!parepConfiguration.isRepresentingPhysicalParty(representationID)) {
+// validationResult.setErrorMessage("Vertretung von natürlichen Personen für diese standardisierte Vollmacht nicht erlaubt.");
+// return validationResult;
+// }
+// if (ParepUtils.isEmpty(familyName) || ParepUtils.isEmpty(givenName) || ParepUtils.isEmpty(dateOfBirth)) {
+// formNecessary = true;
+// }
+// } else {
+// if (!parepConfiguration.isRepresentingCorporateParty(representationID)) {
+// validationResult.setErrorMessage("Vertretung von juristischen Personen für diese standardisierte Vollmacht nicht erlaubt.");
+// return validationResult;
+// }
+// if (ParepUtils.isEmpty(cbFullName) || ParepUtils.isEmpty(cbIdentificationType) || ParepUtils.isEmpty(cbIdentificationValue)) {
+// formNecessary = true;
+// }
+// }
+//
+// //Zeigen wir, dass die Daten �bernommen wurden:
+// if (parepConfiguration.isAlwaysShowForm()) formNecessary=true;
+//
+// // Input processor
+// this.form = "";
+// if (formNecessary) {
+// ParepInputProcessor inputProcessor= getInputProcessor();
+// this.form = inputProcessor.start(
+// physical, familyName, givenName, dateOfBirth, streetName, buildingNumber, unit, postalCode, municipality,
+// cbFullName, cbIdentificationType, cbIdentificationValue);
+// if (this.form == null) {
+// validationResult.setErrorMessage(ParepValidator.COMMON_ERROR);
+// return validationResult;
+// }
+// } else {
+// // Request vorbereiten mit vorgegebenen Daten
+// request.setMandator(familyName, givenName, dateOfBirth, postalCode, municipality, streetName, buildingNumber, unit, physical, cbFullName,
+// cbIdentificationType, cbIdentificationValue);
+// }
+//
+//
+// // ParepUtils.serializeElement(request.getMandator(), System.out);
+// // ParepUtils.saveElementToFile(request.getMandator(), new File("c:/mandator.xml"));
+//
+// addAuthBlockExtendedSamlAttributes();
+// validationResult.setExtendedSamlAttributes(getExtendedSamlAttributes());
+// Logger.debug("�berpr�fung der vertretenen Partei erfolgreich beendet");
+// validationResult.setValid(true);
+// return validationResult;
+// } catch (Exception e) {
+// e.printStackTrace();
+// Logger.info(e);
+// validationResult.setErrorMessage(ParepValidator.COMMON_ERROR);
+// return validationResult;
+// }
+// }
+//
+// /*
+// * (non-Javadoc)
+// *
+// * @see at.gv.egovernment.moa.id.auth.validator.InfoboxValidator#validate(java.util.Map)
+// */
+// public InfoboxValidationResult validate(Map parameters) throws ValidateException {
+//
+// InfoboxValidationResultImpl validationResult = new InfoboxValidationResultImpl(false, null, null);
+// Logger.debug("Intermediate processing von Organwalter-/berufsmäßige Parteienvertreterprüfung");
+// Logger.debug("Prüfe im Formular ausgefüllte Daten...");
+// if (PAREP_DEBUG) Logger.debug("Got parameters from user input form: " + parameters.toString());
+//
+// // Input processor
+// ParepInputProcessor inputProcessor= getInputProcessor();
+// this.form = inputProcessor.validate(parameters, null);
+// if (this.form == null) {
+// validationResult.setErrorMessage(ParepValidator.COMMON_ERROR);
+// return validationResult;
+// }
+//
+// addAuthBlockExtendedSamlAttributes();
+// validationResult.setExtendedSamlAttributes(getExtendedSamlAttributes());
+// validationResult.setValid(true);
+// Logger.debug("Intermediate processing von Organwalter-/berufsmäßige Parteienvertreterprüfung erfolgreich beendet");
+// return validationResult;
+// }
+//
+// /*
+// * (non-Javadoc)
+// *
+// * @see at.gv.egovernment.moa.id.auth.validator.InfoboxValidator#validate(org.w3c.dom.Element)
+// */
+// public InfoboxValidationResult validate(Element samlAssertion) throws ValidateException {
+//
+// InfoboxValidationResultImpl validationResult = new InfoboxValidationResultImpl(false, null, null);
+// Logger.debug("Post processing von Organwalter-/berufsm��ige Parteienvertreterpr�fung");
+// this.form = "";
+// try {
+//
+//
+// request.setSignature(samlAssertion);
+//
+////DPO debug
+//// Element mandate = (ParepUtils.readDocFromIs(new FileInputStream("c:/vertetervollmacht_1.2.40.0.10.3.1_origin-fixed.xml"))).getDocumentElement();
+//// String id = representationID;
+//// CreateMandateResponse response;
+//// if (true) {
+//// if (this.params.getHideStammzahl()) {
+//// if (PAREP_DEBUG) ParepUtils.saveElementToFile(mandate, new File("c:/vertetervollmacht_"+ id +"_origin.xml"));
+//// // Achtung: Es wird hier nicht spezifikationskonform vorgegangen, damit im Kompatibilit�tsmodus Personendaten ersetzt werden k�nnen.
+//// // W�rden die Stammzahlen gel�scht (geblindet) werden, w�rde der Identifikationswert des Vertretenen g�nzlich fehlen.
+//// // Im Falle einen business Anwendung berechnet MOA-ID nach R�ckkehr das wbPK
+//// ParepUtils.HideStammZahlen(mandate, this.params.getBusinessApplication(), this.params.getTarget(), this.params.getDomainIdentifier(), false);
+//// }
+//// if (PAREP_DEBUG) ParepUtils.saveElementToFile(mandate, new File("c:/vertetervollmacht_"+ id +".xml"));
+//
+// //ParepUtils.serializeElement(request.toElement(), System.out);
+// if (PAREP_DEBUG) ParepUtils.saveElementToFile(request.toElement(), new File("c:/gwrequest.xml"));
+//
+// // configure szrgw client
+// Logger.debug("Lade SZR-GW Client.");
+// SZRGWClient client = new SZRGWClient();
+// // System.out.println("Parameters: " + cfg.getConnectionParameters());
+// Logger.debug("Initialisiere Verbindung...");
+// ConnectionParameter connectionParameters = parepConfiguration.getConnectionParameters(representationID);
+// // Logger.debug("Connection Parameters: " + connectionParameters);
+// Logger.debug("SZR-GW URL: " + connectionParameters.getUrl());
+// client.setAddress(connectionParameters.getUrl());
+// if (connectionParameters.getUrl().toLowerCase().startsWith("https:")) {
+// Logger.debug("Initialisiere SSL Verbindung");
+// client.setSSLSocketFactory(SSLUtils.getSSLSocketFactory(AuthConfigurationProvider.getInstance(), connectionParameters));
+// }
+//
+// Logger.debug("Starte Kommunikation mit dem Stammzahlenregister Gateway...");
// CreateMandateResponse response;
-// if (true) {
+// Element requ = request.toElement();
+// try {
+// response = client.createMandateResponse(requ);
+// } catch (SZRGWClientException e) {
+// // give him a second try - Nach dem Starten des Tomcat wird beim ersten Mal das Client-Zertifikat offenbar vom HTTPClient nicht mitgeschickt.
+// client = new SZRGWClient(connectionParameters.getUrl());
+// if (connectionParameters.getUrl().toLowerCase().startsWith("https:")) client.setSSLSocketFactory(SSLUtils.getSSLSocketFactory(AuthConfigurationProvider.getInstance(), connectionParameters));
+// response = client.createMandateResponse(requ);
+// }
+// Logger.debug("SZR-Gateway Response Code: " + response.getResultCode()+ " " + response.getInfo()!=null ? response.getInfo():"");
+// if (response.getResultCode()==2000) {
+// if(response.getMandate()==null) {
+// Logger.error("Keine Vollmacht vom SZR-Gateway erhalten");
+// validationResult.setErrorMessage(ParepValidator.COMMON_ERROR);
+// return validationResult;
+// }
+//
+//
+// //DPO debug output (2lines)
+// String id = representationID;
+// if (id.equals("*")) id="standardisiert";
+//
+// Element mandate = response.getMandate();
+// // Replace Stammzahlen
+// if (PAREP_DEBUG) ParepUtils.saveElementToFile(response.getMandate(), new File("c:/vertetervollmacht_"+ id +"_origin.xml"));
// if (this.params.getHideStammzahl()) {
-// if (PAREP_DEBUG) ParepUtils.saveElementToFile(mandate, new File("c:/vertetervollmacht_"+ id +"_origin.xml"));
-// // Achtung: Es wird hier nicht spezifikationskonform vorgegangen, damit im Kompatibilitätsmodus Personendaten ersetzt werden können.
-// // Würden die Stammzahlen gelöscht (geblindet) werden, würde der Identifikationswert des Vertretenen gänzlich fehlen.
-// // Im Falle einen business Anwendung berechnet MOA-ID nach Rückkehr das wbPK
// ParepUtils.HideStammZahlen(mandate, this.params.getBusinessApplication(), this.params.getTarget(), this.params.getDomainIdentifier(), false);
+// if (PAREP_DEBUG) ParepUtils.saveElementToFile(mandate, new File("c:/vertetervollmacht_"+ id +"_hideStammzahl.xml"));
// }
-// if (PAREP_DEBUG) ParepUtils.saveElementToFile(mandate, new File("c:/vertetervollmacht_"+ id +".xml"));
-
- //ParepUtils.serializeElement(request.toElement(), System.out);
- if (PAREP_DEBUG) ParepUtils.saveElementToFile(request.toElement(), new File("c:/gwrequest.xml"));
-
- // configure szrgw client
- Logger.debug("Lade SZR-GW Client.");
- SZRGWClient client = new SZRGWClient();
- // System.out.println("Parameters: " + cfg.getConnectionParameters());
- Logger.debug("Initialisiere Verbindung...");
- ConnectionParameter connectionParameters = parepConfiguration.getConnectionParameters(representationID);
- // Logger.debug("Connection Parameters: " + connectionParameters);
- Logger.debug("SZR-GW URL: " + connectionParameters.getUrl());
- client.setAddress(connectionParameters.getUrl());
- if (connectionParameters.getUrl().toLowerCase().startsWith("https:")) {
- Logger.debug("Initialisiere SSL Verbindung");
- client.setSSLSocketFactory(SSLUtils.getSSLSocketFactory(AuthConfigurationProvider.getInstance(), connectionParameters));
- }
-
- Logger.debug("Starte Kommunikation mit dem Stammzahlenregister Gateway...");
- CreateMandateResponse response;
- Element requ = request.toElement();
- try {
- response = client.createMandateResponse(requ);
- } catch (SZRGWClientException e) {
- // give him a second try - Nach dem Starten des Tomcat wird beim ersten Mal das Client-Zertifikat offenbar vom HTTPClient nicht mitgeschickt.
- client = new SZRGWClient(connectionParameters.getUrl());
- if (connectionParameters.getUrl().toLowerCase().startsWith("https:")) client.setSSLSocketFactory(SSLUtils.getSSLSocketFactory(AuthConfigurationProvider.getInstance(), connectionParameters));
- response = client.createMandateResponse(requ);
- }
- Logger.debug("SZR-Gateway Response Code: " + response.getResultCode()+ " " + response.getInfo()!=null ? response.getInfo():"");
- if (response.getResultCode()==2000) {
- if(response.getMandate()==null) {
- Logger.error("Keine Vollmacht vom SZR-Gateway erhalten");
- validationResult.setErrorMessage(ParepValidator.COMMON_ERROR);
- return validationResult;
- }
-
-
- //DPO debug output (2lines)
- String id = representationID;
- if (id.equals("*")) id="standardisiert";
-
- Element mandate = response.getMandate();
- // Replace Stammzahlen
- if (PAREP_DEBUG) ParepUtils.saveElementToFile(response.getMandate(), new File("c:/vertetervollmacht_"+ id +"_origin.xml"));
- if (this.params.getHideStammzahl()) {
- ParepUtils.HideStammZahlen(mandate, this.params.getBusinessApplication(), this.params.getTarget(), this.params.getDomainIdentifier(), false);
- if (PAREP_DEBUG) ParepUtils.saveElementToFile(mandate, new File("c:/vertetervollmacht_"+ id +"_hideStammzahl.xml"));
- }
-
- extendedSamlAttributes.clear();
- // Vollmacht
- extendedSamlAttributes.add(new ExtendedSAMLAttributeImpl(ParepValidator.EXT_SAML_MANDATE_RAW, mandate, SZRGWConstants.MANDATE_NS, ExtendedSAMLAttribute.NOT_ADD_TO_AUTHBLOCK));
-
- validationResult.setExtendedSamlAttributes(getExtendedSamlAttributes());
- validationResult.setValid(true);
- Logger.debug("Post processing von Organwalter-/berufsmäßige Parteienvertreterprüfung erfolgreich beendet");
- } else {
- String errorMsg = "Fehler " + response.getResultCode() + " bei Stammzahlenregister-Gateway Anfrage";
- String responseInfo = response.getInfo();
- if (response.getResultCode()>=4000 && response.getResultCode()<4999) {
- if (!ParepUtils.isEmpty(responseInfo)) errorMsg = errorMsg + ": " + responseInfo;
- validationResult.setErrorMessage(errorMsg);
- } else if (response.getResultCode()>=5000 && response.getResultCode()<=5999) {
- // Person not found
- ParepInputProcessor inputProcessor= getInputProcessor();
- switch (response.getResultCode()) {
- case 5230:
- errorMsg = "Keine mit den Eingaben übereinstimmende Person vorhanden. Bitte ergänzen/ändern Sie ihre Angaben.";
- break;
- case 5231:
- errorMsg = "Die Person konnte nicht eindeutig identifiziert werden. Es existieren mehrere Personen zu Ihrer Suchanfrage. Bitte ergänzen/ändern Sie ihre Angaben.";
- break;
- default:
- if (!ParepUtils.isEmpty(responseInfo)) errorMsg = errorMsg + ": " + responseInfo;
- }
- this.form = inputProcessor.validate(generateParameters(), errorMsg);
- if (this.form == null) {
- validationResult.setErrorMessage(ParepValidator.COMMON_ERROR);
- return validationResult;
- }
- validationResult.setValid(true);
- } else {
- // Do not inform the user too much
- Logger.error(errorMsg);
- validationResult.setErrorMessage(ParepValidator.COMMON_ERROR);
- }
-
- }
- return validationResult;
- } catch (Exception e) {
- e.printStackTrace();
- Logger.info(e);
- validationResult.setErrorMessage(ParepValidator.COMMON_ERROR);
- return validationResult;
- }
- }
-
- /**
- * provides the primary infobox token of the given list.
- *
- * @param infoBoxTokens
- * the list of infobox tokens.
- * @return
- * the XML element of the primary token.
- * @throws ValidateException
- * if an error occurs or list is not suitable.
- */
- public static Element extractPrimaryToken(List infoBoxTokens) throws ValidateException {
- if (infoBoxTokens == null || infoBoxTokens.size() == 0) {
- throw new ValidateException("validator.62", null);
- }
- for (int i = 0; i < infoBoxTokens.size(); i++) {
- InfoboxToken token = (InfoboxToken) infoBoxTokens.get(i);
- if (token.isPrimary()) {
- return token.getXMLToken();
- }
- }
- throw new ValidateException("validator.62", null);
- }
-
- /*
- * @see at.gv.egovernment.moa.id.auth.validator.InfoboxValidator#getExtendedSamlAttributes()
- */
- public ExtendedSAMLAttribute[] getExtendedSamlAttributes() {
- ExtendedSAMLAttribute[] ret = new ExtendedSAMLAttribute[extendedSamlAttributes.size()];
- extendedSamlAttributes.copyInto(ret);
- Logger.debug("ParepValidator ExtendedSAML Attributes: " + ret.length);
- return ret;
- }
-
-
- /**
- * @return The next pending user input form, which is "" if no form is to be shown, and null on errors.
- */
- public String getForm() {
- return this.form;
- }
-
- /**
- * Gets the user form input processor (class) assigned to the current party representative
- * If the method is called for the first time it initializes the input processor.
- *
- * @return The user form input processor
- */
- private ParepInputProcessor getInputProcessor() {
-
- if (this.inputProcessor!=null) return inputProcessor;
- String inputProcessorName = parepConfiguration.getInputProcessorClass(representationID);
- ParepInputProcessor inputProcessor = null;
- try {
- Class inputProcessorClass = Class.forName(inputProcessorName);
- inputProcessor= (ParepInputProcessor) inputProcessorClass.newInstance();
- inputProcessor.initialize(representationID, parepConfiguration, this.params.getFamilyName(), this.params.getGivenName(), this.params.getDateOfBirth(), request);
- } catch (Exception e) {
- Logger.error("Could not load input processor class \"" + inputProcessorName + "\": " + e.getMessage());
- }
- this.inputProcessor = inputProcessor;
- return inputProcessor;
- }
-
- /**
- * Generates the parameter list, which is needed to simulate a return from
- * an user form.
- *
- * @return the form parameters
- */
- private Map generateParameters() {
- Map parameters = new HashMap();
- boolean physical = true;
- String familyName = "";
- String givenName = "";
- String dateOfBirth = "";
- String cbFullName = "";
- String cbIdentificationType = "";
- String cbIdentificationValue = "";
- String postalCode = "";
- String municipality = "";
- String streetName = "";
- String buildingNumber = "";
- String unit = "";
-
- try {
- // Vertretener (erstes Vorkommen)
- Element mandator = request.getMandator();
- if (mandator != null) {
- if (ParepUtils.isPhysicalPerson(mandator)) {
- familyName = ParepUtils.extractText(mandator, "descendant-or-self::pr:Name/pr:FamilyName/text()");
- givenName = ParepUtils.extractText(mandator, "descendant-or-self::pr:Name/pr:GivenName/text()");
- dateOfBirth = ParepUtils.extractMandatorDateOfBirth(mandator);
- } else {
- physical = false;
- cbFullName = ParepUtils.extractMandatorFullName(mandator);
- cbIdentificationType = ParepUtils.getIdentification(mandator, "Type");
- cbIdentificationValue = ParepUtils.extractMandatorWbpk(mandator);
- }
- postalCode = ParepUtils.extractText(mandator, "descendant-or-self::pr:PostalAddress/pr:PostalCode/text()");
- municipality = ParepUtils.extractText(mandator, "descendant-or-self::pr:PostalAddress/pr:Municipality/text()");
- streetName = ParepUtils.extractText(mandator, "descendant-or-self::pr:PostalAddress/pr:DeliveryAddress/pr:StreetName/text()");
- buildingNumber = ParepUtils.extractText(mandator, "descendant-or-self::pr:PostalAddress/pr:DeliveryAddress/pr:BuildingNumber/text()");
- unit = ParepUtils.extractText(mandator, "descendant-or-self::pr:PostalAddress/pr:DeliveryAddress/pr:Unit/text()");
- }
- } catch (Exception e) {
- Logger.error("Could not extract Mandator form SZR-gateway request");
- }
- parameters.put("familyname_", familyName);
- parameters.put("givenname_", givenName);
- parameters.put("dateofbirth_", dateOfBirth);
- parameters.put("dobyear_", dateOfBirth.substring(0,4));
- parameters.put("dobmonth_", dateOfBirth.substring(5,7));
- parameters.put("dobday_", dateOfBirth.substring(8,10));
- parameters.put("physical_", physical ? "true" : "false");
- parameters.put("fullname_", cbFullName);
- parameters.put("cbidentificationtype_", cbIdentificationType);
- parameters.put("cbidentificationvalue_", cbIdentificationValue);
- parameters.put("postalcode_", postalCode);
- parameters.put("municipality_", municipality);
- parameters.put("streetname_", streetName);
- parameters.put("buildingnumber_", buildingNumber);
- parameters.put("unit_", unit);
- return parameters;
- }
-
- /**
- * Adds the AUTH block related SAML attributes to the validation result.
- * This is needed always before the AUTH block is to be signed, because the
- * name of the mandator has to be set
- */
- private void addAuthBlockExtendedSamlAttributes() {
- extendedSamlAttributes.clear();
- extendedSamlAttributes.add(new ExtendedSAMLAttributeImpl(ParepValidator.EXT_SAML_MANDATE_REPRESENTATIONTYPE, parepConfiguration.getRepresentationText(representationID), SZRGWConstants.MANDATE_NS, ExtendedSAMLAttribute.ADD_TO_AUTHBLOCK_ONLY));
- Element mandator = request.getMandator();
- // Name
- String name = ParepUtils.extractMandatorName(mandator);
- extendedSamlAttributes.add(new ExtendedSAMLAttributeImpl(ParepValidator.EXT_SAML_MANDATE_NAME, name, SZRGWConstants.MANDATE_NS, ExtendedSAMLAttribute.ADD_TO_AUTHBLOCK_ONLY));
- // Geburtsdatum
- String dob = ParepUtils.extractMandatorDateOfBirth(mandator);
- if (dob != null && !"".equals(dob)) {
- extendedSamlAttributes.add(new ExtendedSAMLAttributeImpl(ParepValidator.EXT_SAML_MANDATE_DOB, dob, SZRGWConstants.MANDATE_NS, ExtendedSAMLAttribute.ADD_TO_AUTHBLOCK_ONLY));
- }
- // (w)bpk
- String wbpk = ParepUtils.extractMandatorWbpk(mandator);
- if (!ParepUtils.isEmpty(wbpk)) {
- if (!ParepUtils.isPhysicalPerson(mandator)){
- String idType = ParepUtils.extractMandatorIdentificationType(mandator);
- if (!ParepUtils.isEmpty(idType) && idType.startsWith(Constants.URN_PREFIX_BASEID + "+X")) {
- extendedSamlAttributes.add(new ExtendedSAMLAttributeImpl(ParepValidator.EXT_SAML_MANDATE_CB_BASE_ID, ParepUtils.getRegisterString(idType) + ": " + wbpk, SZRGWConstants.MANDATE_NS, ExtendedSAMLAttribute.ADD_TO_AUTHBLOCK_ONLY));
- }
- } else if (this.params.getBusinessApplication()) {
- extendedSamlAttributes.add(new ExtendedSAMLAttributeImpl(ParepValidator.EXT_SAML_MANDATE_WBPK, wbpk, SZRGWConstants.MANDATE_NS, ExtendedSAMLAttribute.ADD_TO_AUTHBLOCK_ONLY));
- }
- }
- }
-
-// public static void main(String[] args) throws Exception {
+//
+// extendedSamlAttributes.clear();
+// // Vollmacht
+// extendedSamlAttributes.add(new ExtendedSAMLAttributeImpl(ParepValidator.EXT_SAML_MANDATE_RAW, mandate, SZRGWConstants.MANDATE_NS, ExtendedSAMLAttribute.NOT_ADD_TO_AUTHBLOCK));
+//
+// validationResult.setExtendedSamlAttributes(getExtendedSamlAttributes());
+// validationResult.setValid(true);
+// Logger.debug("Post processing von Organwalter-/berufsm��ige Parteienvertreterpr�fung erfolgreich beendet");
+// } else {
+// String errorMsg = "Fehler " + response.getResultCode() + " bei Stammzahlenregister-Gateway Anfrage";
+// String responseInfo = response.getInfo();
+// if (response.getResultCode()>=4000 && response.getResultCode()<4999) {
+// if (!ParepUtils.isEmpty(responseInfo)) errorMsg = errorMsg + ": " + responseInfo;
+// validationResult.setErrorMessage(errorMsg);
+// } else if (response.getResultCode()>=5000 && response.getResultCode()<=5999) {
+// // Person not found
+// ParepInputProcessor inputProcessor= getInputProcessor();
+// switch (response.getResultCode()) {
+// case 5230:
+// errorMsg = "Keine mit den Eingaben übereinstimmende Person vorhanden. Bitte ergänzen/ändern Sie ihre Angaben.";
+// break;
+// case 5231:
+// errorMsg = "Die Person konnte nicht eindeutig identifiziert werden. Es existieren mehrere Personen zu Ihrer Suchanfrage. Bitte ergänzen/ändern Sie ihre Angaben.";
+// break;
+// default:
+// if (!ParepUtils.isEmpty(responseInfo)) errorMsg = errorMsg + ": " + responseInfo;
+// }
+// this.form = inputProcessor.validate(generateParameters(), errorMsg);
+// if (this.form == null) {
+// validationResult.setErrorMessage(ParepValidator.COMMON_ERROR);
+// return validationResult;
+// }
+// validationResult.setValid(true);
+// } else {
+// // Do not inform the user too much
+// Logger.error(errorMsg);
+// validationResult.setErrorMessage(ParepValidator.COMMON_ERROR);
+// }
+//
+// }
+// return validationResult;
+// } catch (Exception e) {
+// e.printStackTrace();
+// Logger.info(e);
+// validationResult.setErrorMessage(ParepValidator.COMMON_ERROR);
+// return validationResult;
+// }
+// }
+//
+// /**
+// * provides the primary infobox token of the given list.
+// *
+// * @param infoBoxTokens
+// * the list of infobox tokens.
+// * @return
+// * the XML element of the primary token.
+// * @throws ValidateException
+// * if an error occurs or list is not suitable.
+// */
+// public static Element extractPrimaryToken(List infoBoxTokens) throws ValidateException {
+// if (infoBoxTokens == null || infoBoxTokens.size() == 0) {
+// throw new ValidateException("validator.62", null);
+// }
+// for (int i = 0; i < infoBoxTokens.size(); i++) {
+// InfoboxToken token = (InfoboxToken) infoBoxTokens.get(i);
+// if (token.isPrimary()) {
+// return token.getXMLToken();
+// }
+// }
+// throw new ValidateException("validator.62", null);
+// }
+//
+// /*
+// * @see at.gv.egovernment.moa.id.auth.validator.InfoboxValidator#getExtendedSamlAttributes()
+// */
+// public ExtendedSAMLAttribute[] getExtendedSamlAttributes() {
+// ExtendedSAMLAttribute[] ret = new ExtendedSAMLAttribute[extendedSamlAttributes.size()];
+// extendedSamlAttributes.copyInto(ret);
+// Logger.debug("ParepValidator ExtendedSAML Attributes: " + ret.length);
+// return ret;
+// }
+//
+//
+// /**
+// * @return The next pending user input form, which is "" if no form is to be shown, and null on errors.
+// */
+// public String getForm() {
+// return this.form;
+// }
+//
+// /**
+// * Gets the user form input processor (class) assigned to the current party representative
+// * If the method is called for the first time it initializes the input processor.
+// *
+// * @return The user form input processor
+// */
+// private ParepInputProcessor getInputProcessor() {
+//
+// if (this.inputProcessor!=null) return inputProcessor;
+// String inputProcessorName = parepConfiguration.getInputProcessorClass(representationID);
+// ParepInputProcessor inputProcessor = null;
+// try {
+// Class inputProcessorClass = Class.forName(inputProcessorName);
+// inputProcessor= (ParepInputProcessor) inputProcessorClass.newInstance();
+// inputProcessor.initialize(representationID, parepConfiguration, this.params.getFamilyName(), this.params.getGivenName(), this.params.getDateOfBirth(), request);
+// } catch (Exception e) {
+// Logger.error("Could not load input processor class \"" + inputProcessorName + "\": " + e.getMessage());
+// }
+// this.inputProcessor = inputProcessor;
+// return inputProcessor;
+// }
+//
+// /**
+// * Generates the parameter list, which is needed to simulate a return from
+// * an user form.
+// *
+// * @return the form parameters
+// */
+// private Map generateParameters() {
+// Map parameters = new HashMap();
+// boolean physical = true;
+// String familyName = "";
+// String givenName = "";
+// String dateOfBirth = "";
+// String cbFullName = "";
+// String cbIdentificationType = "";
+// String cbIdentificationValue = "";
+// String postalCode = "";
+// String municipality = "";
+// String streetName = "";
+// String buildingNumber = "";
+// String unit = "";
+//
+// try {
+// // Vertretener (erstes Vorkommen)
+// Element mandator = request.getMandator();
+// if (mandator != null) {
+// if (ParepUtils.isPhysicalPerson(mandator)) {
+// familyName = ParepUtils.extractText(mandator, "descendant-or-self::pr:Name/pr:FamilyName/text()");
+// givenName = ParepUtils.extractText(mandator, "descendant-or-self::pr:Name/pr:GivenName/text()");
+// dateOfBirth = ParepUtils.extractMandatorDateOfBirth(mandator);
+// } else {
+// physical = false;
+// cbFullName = ParepUtils.extractMandatorFullName(mandator);
+// cbIdentificationType = ParepUtils.getIdentification(mandator, "Type");
+// cbIdentificationValue = ParepUtils.extractMandatorWbpk(mandator);
+// }
+// postalCode = ParepUtils.extractText(mandator, "descendant-or-self::pr:PostalAddress/pr:PostalCode/text()");
+// municipality = ParepUtils.extractText(mandator, "descendant-or-self::pr:PostalAddress/pr:Municipality/text()");
+// streetName = ParepUtils.extractText(mandator, "descendant-or-self::pr:PostalAddress/pr:DeliveryAddress/pr:StreetName/text()");
+// buildingNumber = ParepUtils.extractText(mandator, "descendant-or-self::pr:PostalAddress/pr:DeliveryAddress/pr:BuildingNumber/text()");
+// unit = ParepUtils.extractText(mandator, "descendant-or-self::pr:PostalAddress/pr:DeliveryAddress/pr:Unit/text()");
+// }
+// } catch (Exception e) {
+// Logger.error("Could not extract Mandator form SZR-gateway request");
+// }
+// parameters.put("familyname_", familyName);
+// parameters.put("givenname_", givenName);
+// parameters.put("dateofbirth_", dateOfBirth);
+// parameters.put("dobyear_", dateOfBirth.substring(0,4));
+// parameters.put("dobmonth_", dateOfBirth.substring(5,7));
+// parameters.put("dobday_", dateOfBirth.substring(8,10));
+// parameters.put("physical_", physical ? "true" : "false");
+// parameters.put("fullname_", cbFullName);
+// parameters.put("cbidentificationtype_", cbIdentificationType);
+// parameters.put("cbidentificationvalue_", cbIdentificationValue);
+// parameters.put("postalcode_", postalCode);
+// parameters.put("municipality_", municipality);
+// parameters.put("streetname_", streetName);
+// parameters.put("buildingnumber_", buildingNumber);
+// parameters.put("unit_", unit);
+// return parameters;
+// }
+//
+// /**
+// * Adds the AUTH block related SAML attributes to the validation result.
+// * This is needed always before the AUTH block is to be signed, because the
+// * name of the mandator has to be set
+// */
+// private void addAuthBlockExtendedSamlAttributes() {
+// extendedSamlAttributes.clear();
+// extendedSamlAttributes.add(new ExtendedSAMLAttributeImpl(ParepValidator.EXT_SAML_MANDATE_REPRESENTATIONTYPE, parepConfiguration.getRepresentationText(representationID), SZRGWConstants.MANDATE_NS, ExtendedSAMLAttribute.ADD_TO_AUTHBLOCK_ONLY));
+// Element mandator = request.getMandator();
+// // Name
+// String name = ParepUtils.extractMandatorName(mandator);
+// extendedSamlAttributes.add(new ExtendedSAMLAttributeImpl(ParepValidator.EXT_SAML_MANDATE_NAME, name, SZRGWConstants.MANDATE_NS, ExtendedSAMLAttribute.ADD_TO_AUTHBLOCK_ONLY));
+// // Geburtsdatum
+// String dob = ParepUtils.extractMandatorDateOfBirth(mandator);
+// if (dob != null && !"".equals(dob)) {
+// extendedSamlAttributes.add(new ExtendedSAMLAttributeImpl(ParepValidator.EXT_SAML_MANDATE_DOB, dob, SZRGWConstants.MANDATE_NS, ExtendedSAMLAttribute.ADD_TO_AUTHBLOCK_ONLY));
+// }
+// // (w)bpk
+// String wbpk = ParepUtils.extractMandatorWbpk(mandator);
+// if (!ParepUtils.isEmpty(wbpk)) {
+// if (!ParepUtils.isPhysicalPerson(mandator)){
+// String idType = ParepUtils.extractMandatorIdentificationType(mandator);
+// if (!ParepUtils.isEmpty(idType) && idType.startsWith(Constants.URN_PREFIX_BASEID + "+X")) {
+// extendedSamlAttributes.add(new ExtendedSAMLAttributeImpl(ParepValidator.EXT_SAML_MANDATE_CB_BASE_ID, ParepUtils.getRegisterString(idType) + ": " + wbpk, SZRGWConstants.MANDATE_NS, ExtendedSAMLAttribute.ADD_TO_AUTHBLOCK_ONLY));
+// }
+// } else if (this.params.getBusinessApplication()) {
+// extendedSamlAttributes.add(new ExtendedSAMLAttributeImpl(ParepValidator.EXT_SAML_MANDATE_WBPK, wbpk, SZRGWConstants.MANDATE_NS, ExtendedSAMLAttribute.ADD_TO_AUTHBLOCK_ONLY));
+// }
+// }
// }
+//
+//// public static void main(String[] args) throws Exception {
+//// }
}
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/validator/parep/config/ParepConfiguration.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/validator/parep/config/ParepConfiguration.java index bc5a0e061..ee5a57914 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/validator/parep/config/ParepConfiguration.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/validator/parep/config/ParepConfiguration.java @@ -49,386 +49,388 @@ import at.gv.egovernment.moa.util.Constants; * @author <a href="mailto:peter.danner@egiz.gv.at">Peter Danner</a>
*/
public class ParepConfiguration {
-
- /**
- * System property for config file.
- */
- public final static String PAREP_VALIDATOR_CONFIG = "parep.validator.config";
-
- /**
- * SZR-GW connection parameters.
- */
- private ConnectionParameter standardConnectionParameters;
-
- /**
- * Input field processor.
- */
- private String standardInputProcessorClass;
-
- /**
- * Input field processor template.
- */
- private String standardInputProcessorTemplate;
-
- /**
- * Configured party representatives.
- */
- private HashMap partyRepresentatives;
-
- /**
- * The configuration element.
- */
- private Element configElement = null;
-
- /**
- * Defines whether the user input form must be shown on each
- * request or not (also predefined mandates)
- */
- private boolean alwaysShowForm = false;
-
- /**
- * The configuration base directory.
- */
- private String baseDir_;
-
- /**
- * Gets the SZR-GW connection parameters.
- *
- * @return the connection parameters.
- */
- public ConnectionParameter getConnectionParameters(String representationID) {
- if (partyRepresentatives == null || "*".equals(representationID))
- return standardConnectionParameters;
- PartyRepresentative pr = (PartyRepresentative) partyRepresentatives.get(representationID);
- ConnectionParameter connectionParameters = pr.getConnectionParameters();
- if (connectionParameters==null) connectionParameters = standardConnectionParameters;
- return connectionParameters;
- }
-
- /**
- * Sets the SZR-GW connection parameters for standard connection.
- *
- * @param connectionParameters
- * the connection parameters.
- */
- public void setStandardConnectionParameters(ConnectionParameter connectionParameters) {
- this.standardConnectionParameters = connectionParameters;
- }
-
- /*
- *
- */
- public String getFullDirectoryName(String fileString) {
- return makeAbsoluteURL(fileString, baseDir_);
- }
-
- /*
- *
- */
- private static String makeAbsoluteURL(String url, String root) {
- // if url is relative to rootConfigFileDirName make it absolute
-
- File keyFile;
- String newURL = url;
-
- if (null == url)
- return null;
-
- if (url.startsWith("http:/") || url.startsWith("https:/") || url.startsWith("ftp:/") || url.startsWith("file:/") || url.startsWith("file:\\")) {
- return url;
- } else {
- // check if absolute - if not make it absolute
- keyFile = new File(url);
- if (!keyFile.isAbsolute()) {
- keyFile = new File(root, url);
- newURL = keyFile.getPath();
- }
- return newURL;
- }
- }
-
- /**
- * Initializes the configuration with a given XML configuration element found
- * in the MOA-ID configuration.
- *
- * @param configElem
- * the configuration element.
- * @throws ConfigurationException
- * if an error occurs initializing the configuration.
- */
- public ParepConfiguration(Element configElem) throws ConfigurationException {
-
- partyRepresentatives = new HashMap();
- partyRepresentatives.put("*", new PartyRepresentative(true, true));
-
- String fileName = System.getProperty(ConfigurationProvider.CONFIG_PROPERTY_NAME);
-
- try {
-
- baseDir_ = (new File(fileName)).getParentFile().toURL().toString();
- Logger.trace("Config base directory: " + baseDir_);
- // check for configuration in system properties
- if (System.getProperty(PAREP_VALIDATOR_CONFIG) != null) {
- Document doc = ParepUtils.readDocFromIs(new FileInputStream(System.getProperty(PAREP_VALIDATOR_CONFIG)));
- this.configElement = doc.getDocumentElement();
- } else {
- this.configElement = configElem;
- }
- } catch (Exception e) {
- throw new ConfigurationException("Allgemeiner Fehler beim Einlesen der ParepValidatorConfiguration", null, e);
- }
- load();
- }
-
- /*
- *
- */
- private void load() throws ConfigurationException {
- Logger.debug("Parse ParepValidator Konfiguration");
- try {
- Element nameSpaceNode = configElement.getOwnerDocument().createElement("NameSpaceNode");
- nameSpaceNode.setAttribute("xmlns:" + Constants.MOA_ID_CONFIG_PREFIX, Constants.MOA_ID_CONFIG_NS_URI);
- // nameSpaceNode.setAttribute("xmlns:sgw",
- // SZRGWConstants.SZRGW_PROFILE_NS);
-
- Node inputProcessorNode = XPathAPI.selectSingleNode(configElement, Constants.MOA_ID_CONFIG_PREFIX + ":PartyRepresentation/"
- + Constants.MOA_ID_CONFIG_PREFIX + ":InputProcessor", nameSpaceNode);
- if (inputProcessorNode != null) {
- this.standardInputProcessorTemplate = ((Element) inputProcessorNode).getAttribute("template");
- Node inputProcessorClassNode = XPathAPI.selectSingleNode(configElement, Constants.MOA_ID_CONFIG_PREFIX + ":PartyRepresentation/"
- + Constants.MOA_ID_CONFIG_PREFIX + ":InputProcessor/text()", nameSpaceNode);
- if (inputProcessorClassNode != null) {
- this.standardInputProcessorClass = inputProcessorClassNode.getNodeValue();
- }
- }
- Node alwaysShowFormNode = XPathAPI.selectSingleNode(configElement, Constants.MOA_ID_CONFIG_PREFIX + ":PartyRepresentation/"
- + Constants.MOA_ID_CONFIG_PREFIX + ":AlwaysShowForm/text()", nameSpaceNode);
- if (alwaysShowFormNode != null) {
- this.setAlwaysShowForm(alwaysShowFormNode.getNodeValue());
- }
-
- // load connection parameters
- Logger.debug("Lade SZR-Gateway Standard Verbindungsparameter");
- Element connectionParamElement = (Element) XPathAPI.selectSingleNode(configElement, Constants.MOA_ID_CONFIG_PREFIX + ":PartyRepresentation/"
- + Constants.MOA_ID_CONFIG_PREFIX + ":ConnectionParameter", nameSpaceNode);
- if (connectionParamElement != null) {
- // parse connection parameters
- // ParepUtils.serializeElement(connectionParamElement, System.out);
- this.standardConnectionParameters = buildConnectionParameter(connectionParamElement, nameSpaceNode);
- }
-
- Logger.trace("Lade Konfiguration der Parteienvertreter");
- NodeList partyRepresentativeNodeList = XPathAPI.selectNodeList(configElement, Constants.MOA_ID_CONFIG_PREFIX + ":PartyRepresentation/"
- + Constants.MOA_ID_CONFIG_PREFIX + ":PartyRepresentative", nameSpaceNode);
- for (int i = 0; i < partyRepresentativeNodeList.getLength(); i++) {
-
- PartyRepresentative partyRepresentative = new PartyRepresentative();
-
- Element partyRepresentativeElement = (Element) partyRepresentativeNodeList.item(i);
- boolean representPhysicalParty = partyRepresentativeElement.getAttribute("representPhysicalParty").equalsIgnoreCase("true") ? true : false;
- boolean representCorporateParty = partyRepresentativeElement.getAttribute("representCorporateParty").equalsIgnoreCase("true") ? true : false;
- partyRepresentative.setOid(partyRepresentativeElement.getAttribute("oid"));
- partyRepresentative.setRepresentingPhysicalParty(representPhysicalParty);
- partyRepresentative.setRepresentingCorporateParty(representCorporateParty);
- partyRepresentative.setRepresentationText(partyRepresentativeElement.getAttribute("representationText"));
-
- Node inputProcessorSubNode = XPathAPI.selectSingleNode(partyRepresentativeElement, Constants.MOA_ID_CONFIG_PREFIX + ":InputProcessor", nameSpaceNode);
- if (inputProcessorSubNode != null) {
- partyRepresentative.setInputProcessorTemplate(((Element) inputProcessorSubNode).getAttribute("template"));
- Node inputProcessorClassSubNode = XPathAPI.selectSingleNode(partyRepresentativeElement, Constants.MOA_ID_CONFIG_PREFIX
- + ":InputProcessor/text()", nameSpaceNode);
- if (inputProcessorClassSubNode != null) {
- partyRepresentative.setInputProcessorClass(inputProcessorClassSubNode.getNodeValue());
- }
- }
-
- Element connectionParamSubElement = (Element) XPathAPI.selectSingleNode(partyRepresentativeElement, Constants.MOA_ID_CONFIG_PREFIX
- + ":ConnectionParameter", nameSpaceNode);
- if (connectionParamSubElement == null) {
- if (this.standardConnectionParameters == null) {
- throw new ConfigurationException("Fehler beim Parsen der ParepValidatorConfiguration: SZR-GW Verbindungsparameter zu Parteienvetreter "
- + partyRepresentative.getOid() + " fehlen.", null, null);
- }
- } else {
- // parse connection parameters
- // ParepUtils.serializeElement(connectionParamSubElement, System.out);
- partyRepresentative.setConnectionParameters(buildConnectionParameter(connectionParamSubElement, nameSpaceNode));
- }
- partyRepresentatives.put(partyRepresentative.getOid(), partyRepresentative);
- Logger.debug("Parteienvertreter: " + partyRepresentative.getOid() + " erfolgreich konfiguriert (representPhysicalParty="
- + partyRepresentative.isRepresentingPhysicalParty() + ", representCorporateParty=" + partyRepresentative.isRepresentingCorporateParty()
- + ", representationText=" + partyRepresentative.getRepresentationText()
- + ")");
- }
-
- Logger.debug("ParepValidator Konfiguration erfolgreich geparst.");
- } catch (Exception e) {
- throw new ConfigurationException("Allgemeiner Fehler beim Parsen der MandateValidatorConfiguration", null, e);
- }
- }
-
- /*
- *
- */
- private ConnectionParameter buildConnectionParameter(Element connParamElement, Element nameSpaceNode) throws ConfigurationException {
- try {
- ConnectionParameter connectionParameter = new ConnectionParameter();
-
- // parse connection url
- String URL = connParamElement.getAttribute("URL");
- connectionParameter.setUrl(URL);
-
- // accepted server certificates
- Node accServerCertsNode = XPathAPI.selectSingleNode(connParamElement, Constants.MOA_ID_CONFIG_PREFIX + ":AcceptedServerCertificates/text()",
- nameSpaceNode);
- if (accServerCertsNode != null) {
-
- String serverCertsDir = getFullDirectoryName(accServerCertsNode.getNodeValue());
- Logger.debug("Full directory name of accepted server certificates: " + serverCertsDir);
- connectionParameter.setAcceptedServerCertificates(serverCertsDir);
- }
-
- // client key store
- Node clientKeyStoreNode = XPathAPI.selectSingleNode(connParamElement, Constants.MOA_ID_CONFIG_PREFIX + ":ClientKeyStore/text()", nameSpaceNode);
- if (clientKeyStoreNode != null) {
- String clientKeystore = getFullDirectoryName(clientKeyStoreNode.getNodeValue());
- connectionParameter.setClientKeyStore(clientKeystore);
- }
-
- // client key store password
- Node clientKeyStorePasswordNode = XPathAPI.selectSingleNode(connParamElement, Constants.MOA_ID_CONFIG_PREFIX + ":ClientKeyStore/@password",
- nameSpaceNode);
- if (clientKeyStorePasswordNode != null) {
- connectionParameter.setClientKeyStorePassword(clientKeyStorePasswordNode.getNodeValue());
- }
-
- return connectionParameter;
- } catch (Exception e) {
- throw new ConfigurationException("Allgemeiner Fehler beim Parsen der ParepValidator ConnectionParameter.", null, e);
- }
- }
-
- public boolean isPartyRepresentative(String representationID) {
- if (partyRepresentatives == null)
- return false;
- PartyRepresentative pr = (PartyRepresentative) partyRepresentatives.get(representationID);
- return pr != null;
- }
-
- public boolean isRepresentingCorporateParty(String representationID) {
- if (partyRepresentatives == null) return false;
- PartyRepresentative pr = (PartyRepresentative) partyRepresentatives.get(representationID);
- if (pr == null) return false;
- return pr.isRepresentingCorporateParty();
- }
-
- public boolean isRepresentingPhysicalParty(String representationID) {
- if (partyRepresentatives == null) return false;
- PartyRepresentative pr = (PartyRepresentative) partyRepresentatives.get(representationID);
- if (pr == null) return false;
- return pr.isRepresentingPhysicalParty();
- }
-
- public String getRepresentationText(String representationID) {
- String result = ParepValidator.STANDARD_REPRESENTATION_TEXT;
- if (partyRepresentatives != null) {
- PartyRepresentative pr = (PartyRepresentative) partyRepresentatives.get(representationID);
- if (pr != null) {
- if (!ParepUtils.isEmpty(pr.getRepresentationText())) result = pr.getRepresentationText();
- }
- }
- return result;
- }
-
- /**
- * @return the input processor classname corresponding to <code>representationID</code>
- * @param representationID
- * the representation ID.
- */
- public String getInputProcessorClass(String representationID) {
- String inputProcessorClass = standardInputProcessorClass;
- if (ParepUtils.isEmpty(inputProcessorClass)) inputProcessorClass = ParepValidator.PAREP_INPUT_PROCESSOR;
- if (!(partyRepresentatives == null || "*".equals(representationID))) {
- PartyRepresentative pr = (PartyRepresentative) partyRepresentatives.get(representationID);
- if (pr!=null) {
- String prInputProcessorClass = pr.getInputProcessorClass();
- if (!ParepUtils.isEmpty(prInputProcessorClass)) inputProcessorClass = prInputProcessorClass;
- }
- }
- return inputProcessorClass;
- }
-
- /**
- * @param standardInputProcessorClass the standardInputProcessorClass to set
- */
- public void setStandardInputProcessorClass(String standardInputProcessorClass) {
- this.standardInputProcessorClass = standardInputProcessorClass;
- }
-
- /**
- * @return the InputProcessorTemplate
- */
- public String getInputProcessorTemplate(String representationID) {
- String inputProcessorTemplate = standardInputProcessorTemplate;
- if (ParepUtils.isEmpty(inputProcessorTemplate)) inputProcessorTemplate = ParepValidator.PAREP_INPUT_TEMPLATE;
- if (!(partyRepresentatives == null || "*".equals(representationID))) {
- PartyRepresentative pr = (PartyRepresentative) partyRepresentatives.get(representationID);
- if (pr!=null) {
- String prInputProcessorTemplate = pr.getInputProcessorTemplate();
- if (!ParepUtils.isEmpty(prInputProcessorTemplate)) inputProcessorTemplate = prInputProcessorTemplate;
- }
- }
- return inputProcessorTemplate;
- }
-
- /**
- * @param standardInputProcessorTemplate the standardInputProcessorTemplate to set
- */
- public void setStandardInputProcessorTemplate(String standardInputProcessorTemplate) {
- this.standardInputProcessorTemplate = standardInputProcessorTemplate;
- }
-
- /**
- * @return the alwaysShowForm
- */
- public boolean isAlwaysShowForm() {
- return alwaysShowForm;
- }
-
+ + + //TODO: check correctness!!!!
/**
- * @param alwaysShowForm the alwaysShowForm to set
- */
- public void setAlwaysShowForm(String alwaysShowForm) {
- if (ParepUtils.isEmpty(alwaysShowForm)) {
- this.alwaysShowForm = false;
- } else {
- this.alwaysShowForm = alwaysShowForm.equalsIgnoreCase("true");
- }
- }
-
- public static boolean isMandateCompatibilityMode(Element configElement) throws ConfigurationException {
- try {
- if (configElement==null) return false;
- Element nameSpaceNode = configElement.getOwnerDocument().createElement("NameSpaceNode");
- nameSpaceNode.setAttribute("xmlns:" + Constants.MOA_ID_CONFIG_PREFIX, Constants.MOA_ID_CONFIG_NS_URI);
- Node mandateCompatibilityNode = XPathAPI.selectSingleNode(configElement, Constants.MOA_ID_CONFIG_PREFIX + ":CompatibilityMode/text()", nameSpaceNode);
- if (mandateCompatibilityNode != null && !ParepUtils.isEmpty(mandateCompatibilityNode.getNodeValue())) {
- return mandateCompatibilityNode.getNodeValue().equalsIgnoreCase("true");
- }
- return false;
- } catch (Exception e) {
- throw new ConfigurationException("Allgemeiner Fehler beim Parsen des CompatibilityMode Parameters.", null, e);
- }
-
- }
-
-
-// public static void main(String[] args) throws Exception {
-// System.setProperty(PAREP_VALIDATOR_CONFIG, "c:/Doku/work/Organwalter/ConfigurationSnippetAppSpecific.xml");
-// System.setProperty("moa.id.configuration", "c:/workspace33moa/.metadata/.plugins/org.eclipse.wst.server.core/tmp0/conf/moa-id/SampleMOAWIDConfiguration_withTestBKsProxy.xml");
-// System.setProperty("log4j.configuration", "file:c:/workspace33moa/.metadata/.plugins/org.eclipse.wst.server.core/tmp0/conf/moa-id/log4j.properties");
-// Configuration cfg = new Configuration(null);
-// System.out.println(cfg.getInputProcessorClass("1.2.40.0.10.3.110"));
-//}
+// * System property for config file.
+// */
+// public final static String PAREP_VALIDATOR_CONFIG = "parep.validator.config";
+//
+// /**
+// * SZR-GW connection parameters.
+// */
+// private ConnectionParameter standardConnectionParameters;
+//
+// /**
+// * Input field processor.
+// */
+// private String standardInputProcessorClass;
+//
+// /**
+// * Input field processor template.
+// */
+// private String standardInputProcessorTemplate;
+//
+// /**
+// * Configured party representatives.
+// */
+// private HashMap partyRepresentatives;
+//
+// /**
+// * The configuration element.
+// */
+// private Element configElement = null;
+//
+// /**
+// * Defines whether the user input form must be shown on each
+// * request or not (also predefined mandates)
+// */
+// private boolean alwaysShowForm = false;
+//
+// /**
+// * The configuration base directory.
+// */
+// private String baseDir_;
+//
+// /**
+// * Gets the SZR-GW connection parameters.
+// *
+// * @return the connection parameters.
+// */
+// public ConnectionParameter getConnectionParameters(String representationID) {
+// if (partyRepresentatives == null || "*".equals(representationID))
+// return standardConnectionParameters;
+// PartyRepresentative pr = (PartyRepresentative) partyRepresentatives.get(representationID);
+// ConnectionParameter connectionParameters = pr.getConnectionParameters();
+// if (connectionParameters==null) connectionParameters = standardConnectionParameters;
+// return connectionParameters;
+// }
+//
+// /**
+// * Sets the SZR-GW connection parameters for standard connection.
+// *
+// * @param connectionParameters
+// * the connection parameters.
+// */
+// public void setStandardConnectionParameters(ConnectionParameter connectionParameters) {
+// this.standardConnectionParameters = connectionParameters;
+// }
+//
+// /*
+// *
+// */
+// public String getFullDirectoryName(String fileString) {
+// return makeAbsoluteURL(fileString, baseDir_);
+// }
+//
+// /*
+// *
+// */
+// private static String makeAbsoluteURL(String url, String root) {
+// // if url is relative to rootConfigFileDirName make it absolute
+//
+// File keyFile;
+// String newURL = url;
+//
+// if (null == url)
+// return null;
+//
+// if (url.startsWith("http:/") || url.startsWith("https:/") || url.startsWith("ftp:/") || url.startsWith("file:/") || url.startsWith("file:\\")) {
+// return url;
+// } else {
+// // check if absolute - if not make it absolute
+// keyFile = new File(url);
+// if (!keyFile.isAbsolute()) {
+// keyFile = new File(root, url);
+// newURL = keyFile.getPath();
+// }
+// return newURL;
+// }
+// }
+//
+// /**
+// * Initializes the configuration with a given XML configuration element found
+// * in the MOA-ID configuration.
+// *
+// * @param configElem
+// * the configuration element.
+// * @throws ConfigurationException
+// * if an error occurs initializing the configuration.
+// */
+// public ParepConfiguration(Element configElem) throws ConfigurationException {
+//
+// partyRepresentatives = new HashMap();
+// partyRepresentatives.put("*", new PartyRepresentative(true, true));
+//
+// String fileName = System.getProperty(ConfigurationProvider.CONFIG_PROPERTY_NAME);
+//
+// try {
+//
+// baseDir_ = (new File(fileName)).getParentFile().toURL().toString();
+// Logger.trace("Config base directory: " + baseDir_);
+// // check for configuration in system properties
+// if (System.getProperty(PAREP_VALIDATOR_CONFIG) != null) {
+// Document doc = ParepUtils.readDocFromIs(new FileInputStream(System.getProperty(PAREP_VALIDATOR_CONFIG)));
+// this.configElement = doc.getDocumentElement();
+// } else {
+// this.configElement = configElem;
+// }
+// } catch (Exception e) {
+// throw new ConfigurationException("Allgemeiner Fehler beim Einlesen der ParepValidatorConfiguration", null, e);
+// }
+// load();
+// }
+//
+// /*
+// *
+// */
+// private void load() throws ConfigurationException {
+// Logger.debug("Parse ParepValidator Konfiguration");
+// try {
+// Element nameSpaceNode = configElement.getOwnerDocument().createElement("NameSpaceNode");
+// nameSpaceNode.setAttribute("xmlns:" + Constants.MOA_ID_CONFIG_PREFIX, Constants.MOA_ID_CONFIG_NS_URI);
+// // nameSpaceNode.setAttribute("xmlns:sgw",
+// // SZRGWConstants.SZRGW_PROFILE_NS);
+//
+// Node inputProcessorNode = XPathAPI.selectSingleNode(configElement, Constants.MOA_ID_CONFIG_PREFIX + ":PartyRepresentation/"
+// + Constants.MOA_ID_CONFIG_PREFIX + ":InputProcessor", nameSpaceNode);
+// if (inputProcessorNode != null) {
+// this.standardInputProcessorTemplate = ((Element) inputProcessorNode).getAttribute("template");
+// Node inputProcessorClassNode = XPathAPI.selectSingleNode(configElement, Constants.MOA_ID_CONFIG_PREFIX + ":PartyRepresentation/"
+// + Constants.MOA_ID_CONFIG_PREFIX + ":InputProcessor/text()", nameSpaceNode);
+// if (inputProcessorClassNode != null) {
+// this.standardInputProcessorClass = inputProcessorClassNode.getNodeValue();
+// }
+// }
+// Node alwaysShowFormNode = XPathAPI.selectSingleNode(configElement, Constants.MOA_ID_CONFIG_PREFIX + ":PartyRepresentation/"
+// + Constants.MOA_ID_CONFIG_PREFIX + ":AlwaysShowForm/text()", nameSpaceNode);
+// if (alwaysShowFormNode != null) {
+// this.setAlwaysShowForm(alwaysShowFormNode.getNodeValue());
+// }
+//
+// // load connection parameters
+// Logger.debug("Lade SZR-Gateway Standard Verbindungsparameter");
+// Element connectionParamElement = (Element) XPathAPI.selectSingleNode(configElement, Constants.MOA_ID_CONFIG_PREFIX + ":PartyRepresentation/"
+// + Constants.MOA_ID_CONFIG_PREFIX + ":ConnectionParameter", nameSpaceNode);
+// if (connectionParamElement != null) {
+// // parse connection parameters
+// // ParepUtils.serializeElement(connectionParamElement, System.out);
+// this.standardConnectionParameters = buildConnectionParameter(connectionParamElement, nameSpaceNode);
+// }
+//
+// Logger.trace("Lade Konfiguration der Parteienvertreter");
+// NodeList partyRepresentativeNodeList = XPathAPI.selectNodeList(configElement, Constants.MOA_ID_CONFIG_PREFIX + ":PartyRepresentation/"
+// + Constants.MOA_ID_CONFIG_PREFIX + ":PartyRepresentative", nameSpaceNode);
+// for (int i = 0; i < partyRepresentativeNodeList.getLength(); i++) {
+//
+// PartyRepresentative partyRepresentative = new PartyRepresentative();
+//
+// Element partyRepresentativeElement = (Element) partyRepresentativeNodeList.item(i);
+// boolean representPhysicalParty = partyRepresentativeElement.getAttribute("representPhysicalParty").equalsIgnoreCase("true") ? true : false;
+// boolean representCorporateParty = partyRepresentativeElement.getAttribute("representCorporateParty").equalsIgnoreCase("true") ? true : false;
+// partyRepresentative.setOid(partyRepresentativeElement.getAttribute("oid"));
+// partyRepresentative.setRepresentingPhysicalParty(representPhysicalParty);
+// partyRepresentative.setRepresentingCorporateParty(representCorporateParty);
+// partyRepresentative.setRepresentationText(partyRepresentativeElement.getAttribute("representationText"));
+//
+// Node inputProcessorSubNode = XPathAPI.selectSingleNode(partyRepresentativeElement, Constants.MOA_ID_CONFIG_PREFIX + ":InputProcessor", nameSpaceNode);
+// if (inputProcessorSubNode != null) {
+// partyRepresentative.setInputProcessorTemplate(((Element) inputProcessorSubNode).getAttribute("template"));
+// Node inputProcessorClassSubNode = XPathAPI.selectSingleNode(partyRepresentativeElement, Constants.MOA_ID_CONFIG_PREFIX
+// + ":InputProcessor/text()", nameSpaceNode);
+// if (inputProcessorClassSubNode != null) {
+// partyRepresentative.setInputProcessorClass(inputProcessorClassSubNode.getNodeValue());
+// }
+// }
+//
+// Element connectionParamSubElement = (Element) XPathAPI.selectSingleNode(partyRepresentativeElement, Constants.MOA_ID_CONFIG_PREFIX
+// + ":ConnectionParameter", nameSpaceNode);
+// if (connectionParamSubElement == null) {
+// if (this.standardConnectionParameters == null) {
+// throw new ConfigurationException("Fehler beim Parsen der ParepValidatorConfiguration: SZR-GW Verbindungsparameter zu Parteienvetreter "
+// + partyRepresentative.getOid() + " fehlen.", null, null);
+// }
+// } else {
+// // parse connection parameters
+// // ParepUtils.serializeElement(connectionParamSubElement, System.out);
+// partyRepresentative.setConnectionParameters(buildConnectionParameter(connectionParamSubElement, nameSpaceNode));
+// }
+// partyRepresentatives.put(partyRepresentative.getOid(), partyRepresentative);
+// Logger.debug("Parteienvertreter: " + partyRepresentative.getOid() + " erfolgreich konfiguriert (representPhysicalParty="
+// + partyRepresentative.isRepresentingPhysicalParty() + ", representCorporateParty=" + partyRepresentative.isRepresentingCorporateParty()
+// + ", representationText=" + partyRepresentative.getRepresentationText()
+// + ")");
+// }
+//
+// Logger.debug("ParepValidator Konfiguration erfolgreich geparst.");
+// } catch (Exception e) {
+// throw new ConfigurationException("Allgemeiner Fehler beim Parsen der MandateValidatorConfiguration", null, e);
+// }
+// }
+//
+// /*
+// *
+// */
+// private ConnectionParameter buildConnectionParameter(Element connParamElement, Element nameSpaceNode) throws ConfigurationException {
+// try {
+// ConnectionParameter connectionParameter = new ConnectionParameter();
+//
+// // parse connection url
+// String URL = connParamElement.getAttribute("URL");
+// connectionParameter.setUrl(URL);
+//
+// // accepted server certificates
+// Node accServerCertsNode = XPathAPI.selectSingleNode(connParamElement, Constants.MOA_ID_CONFIG_PREFIX + ":AcceptedServerCertificates/text()",
+// nameSpaceNode);
+// if (accServerCertsNode != null) {
+//
+// String serverCertsDir = getFullDirectoryName(accServerCertsNode.getNodeValue());
+// Logger.debug("Full directory name of accepted server certificates: " + serverCertsDir);
+// connectionParameter.setAcceptedServerCertificates(serverCertsDir);
+// }
+//
+// // client key store
+// Node clientKeyStoreNode = XPathAPI.selectSingleNode(connParamElement, Constants.MOA_ID_CONFIG_PREFIX + ":ClientKeyStore/text()", nameSpaceNode);
+// if (clientKeyStoreNode != null) {
+// String clientKeystore = getFullDirectoryName(clientKeyStoreNode.getNodeValue());
+// connectionParameter.setClientKeyStore(clientKeystore);
+// }
+//
+// // client key store password
+// Node clientKeyStorePasswordNode = XPathAPI.selectSingleNode(connParamElement, Constants.MOA_ID_CONFIG_PREFIX + ":ClientKeyStore/@password",
+// nameSpaceNode);
+// if (clientKeyStorePasswordNode != null) {
+// connectionParameter.setClientKeyStorePassword(clientKeyStorePasswordNode.getNodeValue());
+// }
+//
+// return connectionParameter;
+// } catch (Exception e) {
+// throw new ConfigurationException("Allgemeiner Fehler beim Parsen der ParepValidator ConnectionParameter.", null, e);
+// }
+// }
+//
+// public boolean isPartyRepresentative(String representationID) {
+// if (partyRepresentatives == null)
+// return false;
+// PartyRepresentative pr = (PartyRepresentative) partyRepresentatives.get(representationID);
+// return pr != null;
+// }
+//
+// public boolean isRepresentingCorporateParty(String representationID) {
+// if (partyRepresentatives == null) return false;
+// PartyRepresentative pr = (PartyRepresentative) partyRepresentatives.get(representationID);
+// if (pr == null) return false;
+// return pr.isRepresentingCorporateParty();
+// }
+//
+// public boolean isRepresentingPhysicalParty(String representationID) {
+// if (partyRepresentatives == null) return false;
+// PartyRepresentative pr = (PartyRepresentative) partyRepresentatives.get(representationID);
+// if (pr == null) return false;
+// return pr.isRepresentingPhysicalParty();
+// }
+//
+// public String getRepresentationText(String representationID) {
+// String result = ParepValidator.STANDARD_REPRESENTATION_TEXT;
+// if (partyRepresentatives != null) {
+// PartyRepresentative pr = (PartyRepresentative) partyRepresentatives.get(representationID);
+// if (pr != null) {
+// if (!ParepUtils.isEmpty(pr.getRepresentationText())) result = pr.getRepresentationText();
+// }
+// }
+// return result;
+// }
+//
+// /**
+// * @return the input processor classname corresponding to <code>representationID</code>
+// * @param representationID
+// * the representation ID.
+// */
+// public String getInputProcessorClass(String representationID) {
+// String inputProcessorClass = standardInputProcessorClass;
+// if (ParepUtils.isEmpty(inputProcessorClass)) inputProcessorClass = ParepValidator.PAREP_INPUT_PROCESSOR;
+// if (!(partyRepresentatives == null || "*".equals(representationID))) {
+// PartyRepresentative pr = (PartyRepresentative) partyRepresentatives.get(representationID);
+// if (pr!=null) {
+// String prInputProcessorClass = pr.getInputProcessorClass();
+// if (!ParepUtils.isEmpty(prInputProcessorClass)) inputProcessorClass = prInputProcessorClass;
+// }
+// }
+// return inputProcessorClass;
+// }
+//
+// /**
+// * @param standardInputProcessorClass the standardInputProcessorClass to set
+// */
+// public void setStandardInputProcessorClass(String standardInputProcessorClass) {
+// this.standardInputProcessorClass = standardInputProcessorClass;
+// }
+//
+// /**
+// * @return the InputProcessorTemplate
+// */
+// public String getInputProcessorTemplate(String representationID) {
+// String inputProcessorTemplate = standardInputProcessorTemplate;
+// if (ParepUtils.isEmpty(inputProcessorTemplate)) inputProcessorTemplate = ParepValidator.PAREP_INPUT_TEMPLATE;
+// if (!(partyRepresentatives == null || "*".equals(representationID))) {
+// PartyRepresentative pr = (PartyRepresentative) partyRepresentatives.get(representationID);
+// if (pr!=null) {
+// String prInputProcessorTemplate = pr.getInputProcessorTemplate();
+// if (!ParepUtils.isEmpty(prInputProcessorTemplate)) inputProcessorTemplate = prInputProcessorTemplate;
+// }
+// }
+// return inputProcessorTemplate;
+// }
+//
+// /**
+// * @param standardInputProcessorTemplate the standardInputProcessorTemplate to set
+// */
+// public void setStandardInputProcessorTemplate(String standardInputProcessorTemplate) {
+// this.standardInputProcessorTemplate = standardInputProcessorTemplate;
+// }
+//
+// /**
+// * @return the alwaysShowForm
+// */
+// public boolean isAlwaysShowForm() {
+// return alwaysShowForm;
+// }
+//
+// /**
+// * @param alwaysShowForm the alwaysShowForm to set
+// */
+// public void setAlwaysShowForm(String alwaysShowForm) {
+// if (ParepUtils.isEmpty(alwaysShowForm)) {
+// this.alwaysShowForm = false;
+// } else {
+// this.alwaysShowForm = alwaysShowForm.equalsIgnoreCase("true");
+// }
+// }
+//
+// public static boolean isMandateCompatibilityMode(Element configElement) throws ConfigurationException {
+// try {
+// if (configElement==null) return false;
+// Element nameSpaceNode = configElement.getOwnerDocument().createElement("NameSpaceNode");
+// nameSpaceNode.setAttribute("xmlns:" + Constants.MOA_ID_CONFIG_PREFIX, Constants.MOA_ID_CONFIG_NS_URI);
+// Node mandateCompatibilityNode = XPathAPI.selectSingleNode(configElement, Constants.MOA_ID_CONFIG_PREFIX + ":CompatibilityMode/text()", nameSpaceNode);
+// if (mandateCompatibilityNode != null && !ParepUtils.isEmpty(mandateCompatibilityNode.getNodeValue())) {
+// return mandateCompatibilityNode.getNodeValue().equalsIgnoreCase("true");
+// }
+// return false;
+// } catch (Exception e) {
+// throw new ConfigurationException("Allgemeiner Fehler beim Parsen des CompatibilityMode Parameters.", null, e);
+// }
+//
+// }
+//
+//
+//// public static void main(String[] args) throws Exception {
+//// System.setProperty(PAREP_VALIDATOR_CONFIG, "c:/Doku/work/Organwalter/ConfigurationSnippetAppSpecific.xml");
+//// System.setProperty("moa.id.configuration", "c:/workspace33moa/.metadata/.plugins/org.eclipse.wst.server.core/tmp0/conf/moa-id/SampleMOAWIDConfiguration_withTestBKsProxy.xml");
+//// System.setProperty("log4j.configuration", "file:c:/workspace33moa/.metadata/.plugins/org.eclipse.wst.server.core/tmp0/conf/moa-id/log4j.properties");
+//// Configuration cfg = new Configuration(null);
+//// System.out.println(cfg.getInputProcessorClass("1.2.40.0.10.3.110"));
+////}
}
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/ConfigurationProvider.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/ConfigurationProvider.java index fb1dc0293..bf4952113 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/ConfigurationProvider.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/ConfigurationProvider.java @@ -81,7 +81,7 @@ public class ConfigurationProvider { * A <code>Map</code> which contains the <code>IssuerAndSerial</code> to * chaining mode (a <code>String</code>) mapping. */ - protected Map chainingModes; + protected Map<IssuerAndSerial, String> chainingModes; /** * the URL for the trusted CA Certificates @@ -93,6 +93,10 @@ public class ConfigurationProvider { */ protected String rootConfigFileDir; + protected String certstoreDirectory; + + protected boolean trustmanagerrevoationchecking; + /** * Returns the main configuration file directory used to configure MOA-ID * @@ -148,5 +152,22 @@ public class ConfigurationProvider { return trustedCACertificates; } + +/** + * @return the certstoreDirectory + */ +public String getCertstoreDirectory() { + return certstoreDirectory; +} + +/** + * @return the trustmanagerrevoationchecking + */ +public boolean isTrustmanagerrevoationchecking() { + return trustmanagerrevoationchecking; +} + + + } diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/ConfigurationUtils.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/ConfigurationUtils.java new file mode 100644 index 000000000..65fda8396 --- /dev/null +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/ConfigurationUtils.java @@ -0,0 +1,36 @@ +package at.gv.egovernment.moa.id.config; + +import java.io.IOException; +import java.io.UnsupportedEncodingException; +import java.util.ArrayList; +import java.util.List; + +import at.gv.egovernment.moa.id.commons.db.dao.config.TransformsInfoType; +import at.gv.egovernment.moa.logging.Logger; +import at.gv.egovernment.moa.util.Base64Utils; + +public class ConfigurationUtils { + + public static List<String> getTransformInfos(List<TransformsInfoType> transformations) { + List<String> list = new ArrayList<String>(); + + for (TransformsInfoType e1 : transformations) { + + try { + String transform = new String(e1.getTransformation(), "UTF-8"); + String encoded = new String(Base64Utils.decode(transform, false), "UTF-8"); + list.add(encoded); + + } catch (UnsupportedEncodingException e) { + Logger.warn("Transformation can not be loaded. An encoding error ocurs"); + return null; + + } catch (IOException e) { + Logger.warn("Transformation can not be loaded from database."); + return null; + } + } + return list; + } + +} diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/ConnectionParameter.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/ConnectionParameter.java index b1b90f40b..b358a31c9 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/ConnectionParameter.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/ConnectionParameter.java @@ -1,130 +1,55 @@ -/* - * Copyright 2003 Federal Chancellery Austria - * MOA-ID has been developed in a cooperation between BRZ, the Federal - * Chancellery Austria - ICT staff unit, and Graz University of Technology. - * - * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by - * the European Commission - subsequent versions of the EUPL (the "Licence"); - * You may not use this work except in compliance with the Licence. - * You may obtain a copy of the Licence at: - * http://www.osor.eu/eupl/ - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the Licence is distributed on an "AS IS" basis, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the Licence for the specific language governing permissions and - * limitations under the Licence. - * - * This product combines work with different licenses. See the "NOTICE" text - * file for details on the various modules and licenses. - * The "NOTICE" text file is part of the distribution. Any derivative works - * that you distribute must include a readable copy of the "NOTICE" text file. - */ - - package at.gv.egovernment.moa.id.config; -/** - * This bean class is used to store data for various connectionParameter - * within the MOA-ID configuration - * - * @author Stefan Knirsch - * @version $Id$ - */ -public class ConnectionParameter { - - /** - * Server URL - */ - private String url; - /** - * File URL for a directory containing PKCS#12 server SSL certificates. - * From these certificates, a X509 trust store will be assembled for use - * by a JSSE <code>TrustManager</code>. - * This field will only be used in case of an HTTPS URL. - */ - private String acceptedServerCertificates; - /** - * File URL of a X509 key store containing the private key to be used - * for an HTTPS connection when the server requires client authentication. - * This field will only be used in case of an HTTPS URL. - */ - private String clientKeyStore; - /** - * Password protecting the client key store. - */ - private String clientKeyStorePassword; - - /** - * Checks whether the URL scheme is <code>"https"</code>. - * @return true in case of an URL starting with <code>"https"</code> - */ +import java.util.Properties; + +import at.gv.egovernment.moa.id.commons.db.dao.config.ConnectionParameterClientAuthType; + +public abstract class ConnectionParameter { + + protected static final String PROP_IDENTIFIER_KEYSTORE = "clientKeyStore"; + protected static final String PROP_IDENTIFIER_KEYSTOREPASSWORD = "clientKeyStorePassword"; + protected static final String PROP_IDENTIFIER_ACCEPEDSERVERCERTS = "acceptedServerCertificates"; + + protected ConnectionParameterClientAuthType database; + protected Properties prop; + protected String basedirectory; + + public ConnectionParameter(ConnectionParameterClientAuthType database, Properties prop, String basedirectory) { + this.database = database; + this.prop = prop; + this.basedirectory = basedirectory; + } + + /** + * Returns the acceptedServerCertificates. + * @return String + */ + public abstract String getAcceptedServerCertificates(); + + /** + * Returns the clientKeyStore. + * @return String + */ + public abstract String getClientKeyStore(); + + /** + * Returns the clientKeyStorePassword. + * @return String + */ + public abstract String getClientKeyStorePassword(); + + public boolean isHTTPSURL() { - return getUrl().indexOf("https") == 0; + if (database==null) + return false; + else + return database.getURL().indexOf("https") == 0; + } + + public String getUrl() { + if (database == null) + return null; + else + return database.getURL(); } - - /** - * Returns the url. - * @return String - */ - public String getUrl() { - return url; - } - - /** - * Returns the acceptedServerCertificates. - * @return String - */ - public String getAcceptedServerCertificates() { - return acceptedServerCertificates; - } - - /** - * Sets the acceptedServerCertificates. - * @param acceptedServerCertificates The acceptedServerCertificates to set - */ - public void setAcceptedServerCertificates(String acceptedServerCertificates) { - this.acceptedServerCertificates = acceptedServerCertificates; - } - - /** - * Sets the url. - * @param url The url to set - */ - public void setUrl(String url) { - this.url = url; - } - - /** - * Returns the clientKeyStore. - * @return String - */ - public String getClientKeyStore() { - return clientKeyStore; - } - - /** - * Returns the clientKeyStorePassword. - * @return String - */ - public String getClientKeyStorePassword() { - return clientKeyStorePassword; - } - - /** - * Sets the clientKeyStore. - * @param clientKeyStore The clientKeyStore to set - */ - public void setClientKeyStore(String clientKeyStore) { - this.clientKeyStore = clientKeyStore; - } - - /** - * Sets the clientKeyStorePassword. - * @param clientKeyStorePassword The clientKeyStorePassword to set - */ - public void setClientKeyStorePassword(String clientKeyStorePassword) { - this.clientKeyStorePassword = clientKeyStorePassword; - } - } diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/ConnectionParameterForeign.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/ConnectionParameterForeign.java new file mode 100644 index 000000000..41d6959b1 --- /dev/null +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/ConnectionParameterForeign.java @@ -0,0 +1,41 @@ +package at.gv.egovernment.moa.id.config; + +import java.util.Properties; + +import at.gv.egovernment.moa.id.commons.db.dao.config.ConnectionParameterClientAuthType; +import at.gv.egovernment.moa.util.MiscUtil; + +public class ConnectionParameterForeign extends ConnectionParameter{ + + private static final String MOASP_PROP_IDENTIFIER_PREFIX = "service.foreignidentities."; + + public ConnectionParameterForeign(ConnectionParameterClientAuthType database, + Properties prop, String basedirectory) { + super(database, prop, basedirectory); + } + + public String getAcceptedServerCertificates() { + String e1 = prop.getProperty(MOASP_PROP_IDENTIFIER_PREFIX+PROP_IDENTIFIER_ACCEPEDSERVERCERTS); + if (MiscUtil.isEmpty(e1)) + return null; + else + return basedirectory + e1; + } + + public String getClientKeyStore() { + String e1 = prop.getProperty(MOASP_PROP_IDENTIFIER_PREFIX+PROP_IDENTIFIER_KEYSTORE); + if (MiscUtil.isEmpty(e1)) + return null; + else + return basedirectory + e1; + } + + public String getClientKeyStorePassword() { + String e1 = prop.getProperty(MOASP_PROP_IDENTIFIER_PREFIX+PROP_IDENTIFIER_KEYSTOREPASSWORD); + if (MiscUtil.isEmpty(e1)) + return null; + else + return e1; + } + +} diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/ConnectionParameterMOASP.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/ConnectionParameterMOASP.java new file mode 100644 index 000000000..0e05633c8 --- /dev/null +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/ConnectionParameterMOASP.java @@ -0,0 +1,42 @@ +package at.gv.egovernment.moa.id.config; + +import java.util.Properties; + +import at.gv.egovernment.moa.id.commons.db.dao.config.ConnectionParameterClientAuthType; +import at.gv.egovernment.moa.util.MiscUtil; + +public class ConnectionParameterMOASP extends ConnectionParameter{ + + private static final String MOASP_PROP_IDENTIFIER_PREFIX = "service.moasp."; + + public ConnectionParameterMOASP(ConnectionParameterClientAuthType database, + Properties prop, String basedirectory) { + super(database, prop, basedirectory); + } + + public String getAcceptedServerCertificates() { + String e1 = prop.getProperty(MOASP_PROP_IDENTIFIER_PREFIX+PROP_IDENTIFIER_ACCEPEDSERVERCERTS); + if (MiscUtil.isEmpty(e1)) + return null; + else + return basedirectory + e1; + + } + + public String getClientKeyStore() { + String e1 = prop.getProperty(MOASP_PROP_IDENTIFIER_PREFIX+PROP_IDENTIFIER_KEYSTORE); + if (MiscUtil.isEmpty(e1)) + return null; + else + return basedirectory + e1; + } + + public String getClientKeyStorePassword() { + String e1 = prop.getProperty(MOASP_PROP_IDENTIFIER_PREFIX+PROP_IDENTIFIER_KEYSTOREPASSWORD); + if (MiscUtil.isEmpty(e1)) + return null; + else + return e1; + } + +} diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/ConnectionParameterMandate.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/ConnectionParameterMandate.java new file mode 100644 index 000000000..00b393b92 --- /dev/null +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/ConnectionParameterMandate.java @@ -0,0 +1,41 @@ +package at.gv.egovernment.moa.id.config; + +import java.util.Properties; + +import at.gv.egovernment.moa.id.commons.db.dao.config.ConnectionParameterClientAuthType; +import at.gv.egovernment.moa.util.MiscUtil; + +public class ConnectionParameterMandate extends ConnectionParameter{ + + private static final String MOASP_PROP_IDENTIFIER_PREFIX = "service.onlinemandates."; + + public ConnectionParameterMandate(ConnectionParameterClientAuthType database, + Properties prop, String basedirectory) { + super(database, prop, basedirectory); + } + + public String getAcceptedServerCertificates() { + String e1 = prop.getProperty(MOASP_PROP_IDENTIFIER_PREFIX+PROP_IDENTIFIER_ACCEPEDSERVERCERTS); + if (MiscUtil.isEmpty(e1)) + return null; + else + return basedirectory + e1; + } + + public String getClientKeyStore() { + String e1 = prop.getProperty(MOASP_PROP_IDENTIFIER_PREFIX+PROP_IDENTIFIER_KEYSTORE); + if (MiscUtil.isEmpty(e1)) + return null; + else + return basedirectory + e1; + } + + public String getClientKeyStorePassword() { + String e1 = prop.getProperty(MOASP_PROP_IDENTIFIER_PREFIX+PROP_IDENTIFIER_KEYSTOREPASSWORD); + if (MiscUtil.isEmpty(e1)) + return null; + else + return e1; + } + +} diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/OAParameter.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/OAParameter.java index 56c97a802..c1715d6fc 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/OAParameter.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/OAParameter.java @@ -24,6 +24,8 @@ package at.gv.egovernment.moa.id.config; +import at.gv.egovernment.moa.id.commons.db.dao.config.OnlineApplication; + /** * Configuration parameters belonging to an online application, * to be used within both, the MOA ID Auth and the @@ -33,6 +35,25 @@ package at.gv.egovernment.moa.id.config; */ public class OAParameter { + public OAParameter(OnlineApplication oa) { + + this.oaType = oa.getType(); + + if (this.oaType.equals("businessService")) + this.businessService = true; + else + this.businessService = false; + + this.publicURLPrefix = oa.getPublicURLPrefix(); + + this.friendlyName = oa.getFriendlyName(); + + this.target = oa.getTarget(); + + this.targetFriendlyName = oa.getTargetFriendlyName(); + + } + /** * type of the online application (maybe "PublicService" or "BusinessService") */ @@ -63,102 +84,26 @@ public class OAParameter { */ private String targetFriendlyName; - /** - * Returns the type of the online application. - * @return the type of the online application. - */ - public String getOaType() { - return oaType; - } - - /** - * Returns <code>true</code> is the OA is a businss application, otherwise - * <code>false</code>. - * @return <code>true</code> is the OA is a businss application, otherwise - * <code>false</code> - */ - public boolean getBusinessService() { - return this.businessService; - } - /** - * Returns the publicURLPrefix. - * @return String - */ - public String getPublicURLPrefix() { - return publicURLPrefix; - } - /** - * - * Sets the type of the online application. - * If the type is "businessService" the value of <code>businessService</code> - * ({@link #getBusinessService()}) is also set to <code>true</code> - * @param oaType The type of the online application. - */ - public void setOaType(String oaType) { - this.oaType = oaType; - if ("businessService".equalsIgnoreCase(oaType)) { - this.businessService = true; - } - } + public String getOaType() { + return oaType; + } + public boolean getBusinessService() { + return businessService; + } + public String getPublicURLPrefix() { + return publicURLPrefix; + } + public String getFriendlyName() { + return friendlyName; + } + public String getTarget() { + return target; + } + public String getTargetFriendlyName() { + return targetFriendlyName; + } - /** - * Sets the publicURLPrefix. - * @param publicURLPrefix The publicURLPrefix to set - */ - public void setPublicURLPrefix(String publicURLPrefix) { - this.publicURLPrefix = publicURLPrefix; - } - - - /** - * Gets the friendly name of the OA - * @return Friendly Name of the OA - */ - public String getFriendlyName() { - return friendlyName; - } - - /** - * Sets the friendly name of the OA - * @param friendlyName - */ - public void setFriendlyName(String friendlyName) { - this.friendlyName = friendlyName; - } - - /** - * Gets the target of the OA - * @return target of the OA - */ - public String getTarget() { - return target; - } - - /** - * Sets the target of the OA - * @param target - */ - public void setTarget(String target) { - this.target = target; - } - - /** - * Gets the target friendly name of the OA - * @return target Friendly Name of the OA - */ - public String getTargetFriendlyName() { - return targetFriendlyName; - } - - /** - * Sets the target friendly name of the OA - * @param targetFriendlyName - */ - public void setTargetFriendlyName(String targetFriendlyName) { - this.targetFriendlyName = targetFriendlyName; - } - } diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/TargetsAndSectorNames.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/TargetsAndSectorNames.java index 1fe8f13b6..a2962e4b2 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/TargetsAndSectorNames.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/TargetsAndSectorNames.java @@ -30,7 +30,7 @@ package at.gv.egovernment.moa.id.config; /**
* This interface contains all actual possible targets in Austria (shortcuts and friendly names)
- * Bereichskennung and Tätigkeitsbereich
+ * Bereichskennung and T�tigkeitsbereich
* @author bzwattendorfer
*
*/
@@ -38,178 +38,178 @@ public interface TargetsAndSectorNames { /** Bereichskennung AR */
public static String TARGET_AR = "AR";
- /** Tätigkeitsbereich AR */
+ /** Tätigkeitsbereich AR */
public static String TARGET_AR_SECTOR = "Arbeit";
/** Bereichskennung AS */
public static String TARGET_AS = "AS";
- /** Tätigkeitsbereich AS */
+ /** Tätigkeitsbereich AS */
public static String TARGET_AS_SECTOR = "Amtliche Statistik";
/** Bereichskennung BF */
public static String TARGET_BF = "BF";
- /** Tätigkeitsbereich BF */
+ /** Tätigkeitsbereich BF */
public static String TARGET_BF_SECTOR = "Bildung und Forschung";
/** Bereichskennung BW */
public static String TARGET_BW = "BW";
- /** Tätigkeitsbereich BW */
+ /** Tätigkeitsbereich BW */
public static String TARGET_BW_SECTOR = "Bauen und Wohnen";
/** Bereichskennung EA */
public static String TARGET_EA = "EA";
- /** Tätigkeitsbereich EA */
- public static String TARGET_EA_SECTOR = "EU und Auswärtige Angelegenheiten";
+ /** Tätigkeitsbereich EA */
+ public static String TARGET_EA_SECTOR = "EU und Auswärtige Angelegenheiten";
/** Bereichskennung EF */
public static String TARGET_EF = "EF";
- /** Tätigkeitsbereich EF */
+ /** Tätigkeitsbereich EF */
public static String TARGET_EF_SECTOR = "Ein- und Ausfuhr";
/** Bereichskennung GH */
public static String TARGET_GH = "GH";
- /** Tätigkeitsbereich GH */
+ /** Tätigkeitsbereich GH */
public static String TARGET_GH_SECTOR = "Gesundheit";
/** Bereichskennung GS */
public static String TARGET_GS = "GS";
- /** Tätigkeitsbereich GS */
+ /** Tätigkeitsbereich GS */
public static String TARGET_GS_SECTOR = "Gesellschaft und Soziales";
/** Bereichskennung GS-RE */
public static String TARGET_GS_RE = "GS-RE";
- /** Tätigkeitsbereich GS-RE */
+ /** Tätigkeitsbereich GS-RE */
public static String TARGET_GS_RE_SECTOR = "Restitution";
/** Bereichskennung JR */
public static String TARGET_JR = "JR";
- /** Tätigkeitsbereich JR */
+ /** Tätigkeitsbereich JR */
public static String TARGET_JR_SECTOR = "Justiz/Zivilrechtswesen";
/** Bereichskennung KL */
public static String TARGET_KL = "KL";
- /** Tätigkeitsbereich KL */
+ /** Tätigkeitsbereich KL */
public static String TARGET_KL_SECTOR = "Kultus";
/** Bereichskennung KU */
public static String TARGET_KU = "KU";
- /** Tätigkeitsbereich KU */
+ /** Tätigkeitsbereich KU */
public static String TARGET_KU_SECTOR = "Kunst und Kultur";
/** Bereichskennung LF */
public static String TARGET_LF = "LF";
- /** Tätigkeitsbereich LF */
+ /** Tätigkeitsbereich LF */
public static String TARGET_LF_SECTOR = "Land- und Forstwirtschaft";
/** Bereichskennung LV */
public static String TARGET_LV = "LV";
- /** Tätigkeitsbereich LV */
+ /** Tätigkeitsbereich LV */
public static String TARGET_LV_SECTOR = "Landesverteidigung";
/** Bereichskennung RT */
public static String TARGET_RT = "RT";
- /** Tätigkeitsbereich RT */
+ /** Tätigkeitsbereich RT */
public static String TARGET_RT_SECTOR = "Rundfunk und sonstige " +
"Medien sowie Telekommunikation";
/** Bereichskennung SA */
public static String TARGET_SA = "SA";
- /** Tätigkeitsbereich SA */
+ /** Tätigkeitsbereich SA */
public static String TARGET_SA_SECTOR = "Steuern und Abgaben";
/** Bereichskennung SF */
public static String TARGET_SF = "SF";
- /** Tätigkeitsbereich SF */
+ /** Tätigkeitsbereich SF */
public static String TARGET_SF_SECTOR = "Sport und Freizeit";
/** Bereichskennung SO */
public static String TARGET_SO = "SO";
- /** Tätigkeitsbereich SO */
+ /** Tätigkeitsbereich SO */
public static String TARGET_SO_SECTOR = "Sicherheit und Ordnung";
/** Bereichskennung SO-VR */
public static String TARGET_SO_VR = "SO-VR";
- /** Tätigkeitsbereich SO-VR */
+ /** Tätigkeitsbereich SO-VR */
public static String TARGET_SO_VR_SECTOR = "Vereinsregister";
/** Bereichskennung SR-RG */
public static String TARGET_SR_RG = "SR-RG";
- /** Tätigkeitsbereich SR-RG */
+ /** Tätigkeitsbereich SR-RG */
public static String TARGET_SR_RG_SECTOR = "Strafregister";
/** Bereichskennung SV */
public static String TARGET_SV = "SV";
- /** Tätigkeitsbereich SV */
+ /** Tätigkeitsbereich SV */
public static String TARGET_SV_SECTOR = "Sozialversicherung";
/** Bereichskennung UW */
public static String TARGET_UW = "UW";
- /** Tätigkeitsbereich UW */
+ /** Tätigkeitsbereich UW */
public static String TARGET_UW_SECTOR = "Umwelt";
/** Bereichskennung VT */
public static String TARGET_VT = "VT";
- /** Tätigkeitsbereich VT */
+ /** Tätigkeitsbereich VT */
public static String TARGET_VT_SECTOR = "Verkehr und Technik";
/** Bereichskennung VV */
public static String TARGET_VV = "VV";
- /** Tätigkeitsbereich VV */
- public static String TARGET_VV_SECTOR = "Vermögensverwaltung";
+ /** Tätigkeitsbereich VV */
+ public static String TARGET_VV_SECTOR = "Vermögensverwaltung";
/** Bereichskennung WT */
public static String TARGET_WT = "WT";
- /** Tätigkeitsbereich WT */
+ /** Tätigkeitsbereich WT */
public static String TARGET_WT_SECTOR = "Wirtschaft";
/** Bereichskennung ZP */
public static String TARGET_ZP = "ZP";
- /** Tätigkeitsbereich ZP */
- public static String TARGET_ZP_SECTOR = "Personenidentität und Bürgerrechte (zur Person)";
+ /** Tätigkeitsbereich ZP */
+ public static String TARGET_ZP_SECTOR = "Personenidentität und Bürgerrechte (zur Person)";
/** Bereichskennung BR */
public static String TARGET_BR = "BR";
- /** Tätigkeitsbereich BR */
- public static String TARGET_BR_SECTOR = "Bereichsübergreifender Rechtsschutz";
+ /** Tätigkeitsbereich BR */
+ public static String TARGET_BR_SECTOR = "Bereichsübergreifender Rechtsschutz";
/** Bereichskennung HR */
public static String TARGET_HR = "HR";
- /** Tätigkeitsbereich HR */
+ /** Tätigkeitsbereich HR */
public static String TARGET_HR_SECTOR = "Zentrales Rechnungswesen";
/** Bereichskennung KI */
public static String TARGET_KI = "KI";
- /** Tätigkeitsbereich KI */
+ /** Tätigkeitsbereich KI */
public static String TARGET_KI_SECTOR = "Auftraggeberinterne allgemeine Kanzleiindizes";
/** Bereichskennung OI */
public static String TARGET_OI = "OI";
- /** Tätigkeitsbereich OI */
- public static String TARGET_OI_SECTOR = "Öffentlichkeitsarbeit";
+ /** Tätigkeitsbereich OI */
+ public static String TARGET_OI_SECTOR = "öffentlichkeitsarbeit";
/** Bereichskennung PV */
public static String TARGET_PV = "PV";
- /** Tätigkeitsbereich PV */
+ /** Tätigkeitsbereich PV */
public static String TARGET_PV_SECTOR = "Personalverwaltung";
/** Bereichskennung RD */
public static String TARGET_RD = "RD";
- /** Tätigkeitsbereich RD */
+ /** Tätigkeitsbereich RD */
public static String TARGET_RD_SECTOR = "Zentraler Rechtsdienst";
/** Bereichskennung VS */
public static String TARGET_VS = "VS";
- /** Tätigkeitsbereich VS */
- public static String TARGET_VS_SECTOR = "Zentrale Durchführung von Verwaltungsstrafverfahren";
+ /** Tätigkeitsbereich VS */
+ public static String TARGET_VS_SECTOR = "Zentrale Durchführung von Verwaltungsstrafverfahren";
/** Bereichskennung VS-RG */
public static String TARGET_VS_RG = "VS-RG";
- /** Tätigkeitsbereich VS-RG */
+ /** Tätigkeitsbereich VS-RG */
public static String TARGET_VS_RG_SECTOR = "Zentrales Verwaltungsstrafregister";
/** Bereichskennung ZU */
public static String TARGET_ZU = "ZU";
- /** Tätigkeitsbereich ZU */
+ /** Tätigkeitsbereich ZU */
public static String TARGET_ZU_SECTOR = "Zustellungen";
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/auth/AuthConfigurationProvider.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/auth/AuthConfigurationProvider.java index b86b2ec68..55a20d558 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/auth/AuthConfigurationProvider.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/auth/AuthConfigurationProvider.java @@ -24,29 +24,75 @@ package at.gv.egovernment.moa.id.config.auth; -import java.io.BufferedInputStream; +import iaik.security.cipher.AESKeyGenerator; +import iaik.util.logging.Log; + import java.io.File; import java.io.FileInputStream; +import java.io.FileNotFoundException; import java.io.IOException; -import java.io.InputStream; +import java.math.BigInteger; import java.net.MalformedURLException; +import java.security.NoSuchAlgorithmException; +import java.security.NoSuchProviderException; +import java.util.ArrayList; +import java.util.HashMap; import java.util.List; - -import org.w3c.dom.Element; -import org.w3c.dom.Node; - -import eu.stork.vidp.messages.common.STORKBootstrap; - -import at.gv.egovernment.moa.id.config.ConfigurationBuilder; +import java.util.Map; +import java.util.Properties; + +import javax.crypto.Cipher; +import javax.crypto.KeyGenerator; +import javax.crypto.NoSuchPaddingException; +import javax.xml.bind.JAXBContext; +import javax.xml.bind.Marshaller; +import javax.xml.bind.Unmarshaller; + +import org.hibernate.cfg.Configuration; + + +import at.gv.egovernment.moa.id.auth.AuthenticationServer; +import at.gv.egovernment.moa.id.commons.db.ConfigurationDBRead; +import at.gv.egovernment.moa.id.commons.db.ConfigurationDBUtils; +import at.gv.egovernment.moa.id.commons.db.MOASessionDBUtils; +import at.gv.egovernment.moa.id.commons.db.dao.config.AuthComponentGeneral; +import at.gv.egovernment.moa.id.commons.db.dao.config.ChainingModes; +import at.gv.egovernment.moa.id.commons.db.dao.config.Contact; +import at.gv.egovernment.moa.id.commons.db.dao.config.ForeignIdentities; +import at.gv.egovernment.moa.id.commons.db.dao.config.IdentificationNumber; +import at.gv.egovernment.moa.id.commons.db.dao.config.IdentityLinkSigners; +import at.gv.egovernment.moa.id.commons.db.dao.config.LegacyAllowed; +import at.gv.egovernment.moa.id.commons.db.dao.config.MOAIDConfiguration; +import at.gv.egovernment.moa.id.commons.db.dao.config.MOASP; +import at.gv.egovernment.moa.id.commons.db.dao.config.OnlineApplication; +import at.gv.egovernment.moa.id.commons.db.dao.config.OnlineMandates; +import at.gv.egovernment.moa.id.commons.db.dao.config.Organization; +import at.gv.egovernment.moa.id.commons.db.dao.config.PVP2; +import at.gv.egovernment.moa.id.commons.db.dao.config.Protocols; +import at.gv.egovernment.moa.id.commons.db.dao.config.SLRequestTemplates; +import at.gv.egovernment.moa.id.commons.db.dao.config.SSO; +import at.gv.egovernment.moa.id.commons.db.dao.config.SecurityLayer; +import at.gv.egovernment.moa.id.commons.db.dao.config.TimeOuts; +import at.gv.egovernment.moa.id.commons.db.dao.config.TrustAnchor; +import at.gv.egovernment.moa.id.commons.db.dao.config.VerifyAuthBlock; +import at.gv.egovernment.moa.id.commons.db.dao.config.VerifyIdentityLink; +import at.gv.egovernment.moa.id.commons.db.dao.session.AssertionStore; +import at.gv.egovernment.moa.id.commons.db.dao.session.AuthenticatedSessionStore; +import at.gv.egovernment.moa.id.commons.db.dao.session.OASessionStore; +import at.gv.egovernment.moa.id.commons.db.dao.session.OldSSOSessionIDStore; +import at.gv.egovernment.moa.id.config.legacy.BuildFromLegacyConfig; import at.gv.egovernment.moa.id.config.ConfigurationException; import at.gv.egovernment.moa.id.config.ConfigurationProvider; +import at.gv.egovernment.moa.id.config.ConfigurationUtils; import at.gv.egovernment.moa.id.config.ConnectionParameter; +import at.gv.egovernment.moa.id.config.ConnectionParameterForeign; +import at.gv.egovernment.moa.id.config.ConnectionParameterMOASP; +import at.gv.egovernment.moa.id.config.ConnectionParameterMandate; import at.gv.egovernment.moa.id.config.stork.STORKConfig; +import at.gv.egovernment.moa.id.data.IssuerAndSerial; import at.gv.egovernment.moa.logging.Logger; -import at.gv.egovernment.moa.util.DOMUtils; -import at.gv.egovernment.moa.util.FileUtils; -import at.gv.egovernment.moa.util.StringUtils; -import at.gv.egovernment.moa.util.XPathUtils; +import at.gv.egovernment.moa.util.MiscUtil; +import eu.stork.vidp.messages.common.STORKBootstrap; /** * A class providing access to the Auth Part of the MOA-ID configuration data. @@ -113,89 +159,34 @@ public class AuthConfigurationProvider extends ConfigurationProvider { // // configuration data // + private static MOAIDConfiguration moaidconfig = null; - /** - * configuration files containing transformations for rendering in the - * secure viewer of the security layer implementation; - * multiple files can be given for different mime types - */ - private String[] transformsInfoFileNames; + private static Properties props = null; - /** - * transformations for rendering in the secure viewer of the security layer implementation, - * read from {@link transformsInfoFileNames}; - * multiple transformation can be given for different mime types - */ - private String[] transformsInfos; + private static STORKConfig storkconfig = null; - /** - * parameters for connection to MOA SP component - */ - private ConnectionParameter moaSpConnectionParameter; + private static TimeOuts timeouts = null; - - /** - * trust profile ID to be used for verifying the identity link signature via MOA ID SP - */ - private String moaSpIdentityLinkTrustProfileID; - /** - * trust profile ID to be used for verifying the AUTH block signature via MOA ID SP - */ - private String moaSpAuthBlockTrustProfileID; - /** - * transformations to be used for verifying the AUTH block signature via MOA ID SP - */ - private String[] moaSpAuthBlockVerifyTransformsInfoIDs; - /** - * X509 SubjectNames which will be trusted - */ - private List identityLinkX509SubjectNames; - /** - * default parameters for verifying additional infoboxes. - */ - private VerifyInfoboxParameters defaultVerifyInfoboxParameters; - - /** - * configuration parameters for online applications - */ - private OAAuthParameter[] onlineApplicationAuthParameters; - /** - * the Selection Type of the bku Selection Element - */ - private String bKUSelectionType; - /** - * is the bku Selection Element present? - */ - private boolean bKUSelectable; - /** - * the bku Selection Connection Parameters - */ - private ConnectionParameter bKUConnectionParameter; + private static PVP2 pvp2general = null; - /** - * parameter for connection to SZR-GW GetIdentityLink - */ - private ConnectionParameter foreignIDConnectionParameter; + private static String alternativesourceid = null; - /** - * parameter for connection to OnlineMandates Service - */ - private ConnectionParameter onlineMandatesConnectionParameter; + private static List<String> legacyallowedprotocols = new ArrayList<String>(); - /** - * Parameter for trusted BKUs - */ - private List trustedBKUs; + private static VerifyAuthBlock verifyidl = null; - /** - * Parameter for trusted Template URLs - */ - private List trustedTemplateURLs; + private static ConnectionParameter MoaSpConnectionParameter = null; + private static ConnectionParameter ForeignIDConnectionParameter = null; + private static ConnectionParameter OnlineMandatesConnectionParameter = null; - /** - * Holds general information for STORK (e.g. C-PEPS connection parameter, SAML signing parameters, etc.) - */ - private STORKConfig storkConfig; + private static String MoaSpIdentityLinkTrustProfileID = null; + + private static List<String> TransformsInfos = null; + private static List<String> IdentityLinkX509SubjectNames = new ArrayList<String>(); + + private static Map<String, String> SLRequestTemplates = new HashMap<String, String>(); + + private static SSO ssoconfig = null; /** * Return the single instance of configuration data. @@ -250,129 +241,418 @@ public class AuthConfigurationProvider extends ConfigurationProvider { * read/built. */ private void load(String fileName) throws ConfigurationException { - InputStream stream = null; - Element configElem; - ConfigurationBuilder builder; + + try { + //Initial Hibernate Framework + Logger.trace("Initializing Hibernate framework."); + + //Load MOAID-2.0 properties file + File propertiesFile = new File(fileName); + FileInputStream fis; + props = new Properties(); + + // determine the directory of the root config file + rootConfigFileDir = new File(fileName).getParent(); - try { - // load the main config file - stream = new BufferedInputStream(new FileInputStream(fileName)); - configElem = DOMUtils.parseXmlValidating(stream); - } catch (Throwable t) { - throw new ConfigurationException("config.03", null, t); - } - finally { - try { - if (stream != null) { - stream.close(); - } - } catch (IOException e) { - } - } try { - // determine the directory of the root config file - rootConfigFileDir = new File(fileName).getParent(); - try { - rootConfigFileDir = new File(rootConfigFileDir).toURL().toString(); - } catch (MalformedURLException t) { - throw new ConfigurationException("config.03", null, t); - } - + rootConfigFileDir = new File(rootConfigFileDir).toURL().toString(); + + } catch (MalformedURLException t) { + throw new ConfigurationException("config.03", null, t); + } + + try { + fis = new FileInputStream(propertiesFile); + props.load(fis); + + //TODO: maybe some general hibnerate config!!! + // read MOAID Session Hibernate properties + Properties moaSessionProp = new Properties(); + for (Object key : props.keySet()) { + String propPrefix = "moasession."; + if (key.toString().startsWith(propPrefix)) { + String propertyName = key.toString().substring(propPrefix.length()); + moaSessionProp.put(propertyName, props.get(key.toString())); + } + } + + // read Config Hibernate properties + Properties configProp = new Properties(); + for (Object key : props.keySet()) { + String propPrefix = "configuration."; + if (key.toString().startsWith(propPrefix)) { + String propertyName = key.toString().substring(propPrefix.length()); + configProp.put(propertyName, props.get(key.toString())); + } + } + + // initialize hibernate + synchronized (AuthConfigurationProvider.class) { + + //Initial config Database + ConfigurationDBUtils.initHibernate(configProp); + + //initial MOAID Session Database + Configuration config = new Configuration(); + config.addAnnotatedClass(AssertionStore.class); + config.addAnnotatedClass(AuthenticatedSessionStore.class); + config.addAnnotatedClass(OASessionStore.class); + config.addAnnotatedClass(OldSSOSessionIDStore.class); + config.addProperties(moaSessionProp); + MOASessionDBUtils.initHibernate(config, moaSessionProp); + + } + Logger.trace("Hibernate initialization finished."); + + } catch (FileNotFoundException e) { + throw new ConfigurationException("config.03", null, e); + + } catch (IOException e) { + throw new ConfigurationException("config.03", null, e); + + } catch (ExceptionInInitializerError e) { + throw new ConfigurationException("config.17", null, e); + } + + //Initialize OpenSAML for STORK - Logger.trace("Starting initialization of OpenSAML..."); + Logger.info("Starting initialization of OpenSAML..."); STORKBootstrap.bootstrap(); Logger.debug("OpenSAML successfully initialized"); + + + String legacyconfig = props.getProperty("configuration.xml.legacy"); + String xmlconfig = props.getProperty("configuration.xml"); +// String xmlconfigout = props.getProperty("configuration.xml.out"); + + + //check if XML config should be used + if (MiscUtil.isNotEmpty(legacyconfig) || MiscUtil.isNotEmpty(xmlconfig)) { + Logger.warn("WARNING! MOA-ID 2.0 is started with XML configuration. This setup overstrike the actual configuration in the Database!"); + moaidconfig = ConfigurationDBRead.getMOAIDConfiguration(); + if (moaidconfig != null) + ConfigurationDBUtils.delete(moaidconfig); + + List<OnlineApplication> oas = ConfigurationDBRead.getAllOnlineApplications(); + if (oas != null && oas.size() > 0) { + for (OnlineApplication oa : oas) + ConfigurationDBUtils.delete(oa); + } + } + + //load legacy config if it is configured + if (MiscUtil.isNotEmpty(legacyconfig)) { + Logger.warn("WARNING! MOA-ID 2.0 is started with legacy configuration. This setup is not recommended!"); - // build the internal datastructures - builder = new ConfigurationBuilder(configElem, rootConfigFileDir); - bKUConnectionParameter = builder.buildAuthBKUConnectionParameter(); - bKUSelectable = (bKUConnectionParameter!=null); - bKUSelectionType = builder.buildAuthBKUSelectionType(); - genericConfiguration = builder.buildGenericConfiguration(); - transformsInfoFileNames = builder.buildTransformsInfoFileNames(builder.getConfigElem(), ConfigurationBuilder.AUTH_SECLAYER_TRANSFORMS_INFO_FILENAME_XPATH); - transformsInfos = builder.loadTransformsInfos(transformsInfoFileNames); - moaSpConnectionParameter = builder.buildMoaSpConnectionParameter(); - moaSpIdentityLinkTrustProfileID = builder.getMoaSpIdentityLinkTrustProfileID(); - moaSpAuthBlockTrustProfileID = builder.getMoaSpAuthBlockTrustProfileID(); - moaSpAuthBlockVerifyTransformsInfoIDs = builder.buildMoaSpAuthBlockVerifyTransformsInfoIDs(); - defaultVerifyInfoboxParameters = null; - Node defaultVerifyInfoboxParamtersElem = XPathUtils.selectSingleNode(configElem, ConfigurationBuilder.AUTH_VERIFY_INFOBOXES_XPATH); - if (defaultVerifyInfoboxParamtersElem != null) { - defaultVerifyInfoboxParameters = - builder.buildVerifyInfoboxParameters((Element)defaultVerifyInfoboxParamtersElem, null, moaSpIdentityLinkTrustProfileID); - } - - - foreignIDConnectionParameter = builder.buildForeignIDConnectionParameter(); - onlineMandatesConnectionParameter = builder.buildOnlineMandatesConnectionParameter(); - onlineApplicationAuthParameters = builder.buildOnlineApplicationAuthParameters(defaultVerifyInfoboxParameters, moaSpIdentityLinkTrustProfileID); - identityLinkX509SubjectNames = builder.getIdentityLink_X509SubjectNames(); - defaultChainingMode = builder.getDefaultChainingMode(); - chainingModes = builder.buildChainingModes(); - trustedCACertificates = builder.getTrustedCACertificates(); - trustedCACertificates = FileUtils.makeAbsoluteURL(trustedCACertificates, rootConfigFileDir); - trustedBKUs = builder.getTrustedBKUs(); - trustedTemplateURLs = builder.getTrustedTemplateURLs(); - storkConfig = new STORKConfig(builder.buildSTORKSignatureCreationParameter(),builder.buildSTORKSignatureVerificationParameter(), builder.buildSTORKcPEPSMap()); + MOAIDConfiguration moaconfig = BuildFromLegacyConfig.build(new File(legacyconfig), rootConfigFileDir, null); + + List<OnlineApplication> oas = moaconfig.getOnlineApplication(); + for (OnlineApplication oa : oas) + ConfigurationDBUtils.save(oa); + moaconfig.setOnlineApplication(null); + ConfigurationDBUtils.save(moaconfig); + + Logger.info("Legacy Configuration load is completed."); + + + } + + //load MOA-ID 2.x config from XML + if (MiscUtil.isNotEmpty(xmlconfig)) { + Logger.warn("Load configuration from MOA-ID 2.x XML configuration"); + + try { + JAXBContext jc = JAXBContext.newInstance("at.gv.egovernment.moa.id.commons.db.dao.config"); + Unmarshaller m = jc.createUnmarshaller(); + File file = new File(xmlconfig); + MOAIDConfiguration moaconfig = (MOAIDConfiguration) m.unmarshal(file); + //ConfigurationDBUtils.save(moaconfig); + + List<OnlineApplication> importoas = moaconfig.getOnlineApplication(); + for (OnlineApplication importoa : importoas) { + ConfigurationDBUtils.saveOrUpdate(importoa); + } + + moaconfig.setOnlineApplication(null); + ConfigurationDBUtils.saveOrUpdate(moaconfig); + + } catch (Exception e) { + Logger.warn("MOA-ID XML configuration can not be loaded from File.", e); + throw new ConfigurationException("config.02", null); + } + Logger.info("XML Configuration load is completed."); + } + + Logger.info("Read MOA-ID 2.0 configuration from database."); + moaidconfig = ConfigurationDBRead.getMOAIDConfiguration(); + Logger.info("MOA-ID 2.0 is loaded."); + + if (moaidconfig == null) { + Logger.warn("NO MOA-ID configuration found."); + throw new ConfigurationException("config.18", null); + } + + +// //TODO: only for Testing!!! +// if (MiscUtil.isNotEmpty(xmlconfigout)) { +// Logger.info("Write MOA-ID 2.x xml config into " + xmlconfig); +// JAXBContext jc = JAXBContext.newInstance("at.gv.egovernment.moa.id.commons.db.dao.config"); +// Marshaller m = jc.createMarshaller(); +// m.setProperty(Marshaller.JAXB_FORMATTED_OUTPUT, true); +// File test = new File(xmlconfigout); +// m.marshal(moaidconfig, test); +// +// } + + //build STORK Config + AuthComponentGeneral auth = getAuthComponentGeneral(); + ForeignIdentities foreign = auth.getForeignIdentities(); + if (foreign == null ) { + Logger.warn("Error in MOA-ID Configuration. No STORK configuration found."); + + } else + storkconfig = new STORKConfig(foreign.getSTORK(), props, rootConfigFileDir); + + + //load Chaining modes + ChainingModes cm = moaidconfig.getChainingModes(); + if (cm != null) { + defaultChainingMode = cm.getSystemDefaultMode().value(); + + List<TrustAnchor> tas = cm.getTrustAnchor(); + + chainingModes = new HashMap<IssuerAndSerial, String>(); + for (TrustAnchor ta : tas) { + IssuerAndSerial is = new IssuerAndSerial(ta.getX509IssuerName(), ta.getX509SerialNumber()); + chainingModes.put(is, ta.getMode().value()); + } + } else { + Logger.warn("Error in MOA-ID Configuration. No ChainingMode configuration found."); + throw new ConfigurationException("config.02", null); + } + + //set Trusted CA certs directory + trustedCACertificates = rootConfigFileDir + moaidconfig.getTrustedCACertificates(); + + //set CertStoreDirectory + setCertStoreDirectory(); + + //set TrustManagerRevocationChecking + setTrustManagerRevocationChecking(); + + //set TimeOuts + if (auth.getGeneralConfiguration() != null) { + if (auth.getGeneralConfiguration().getTimeOuts() != null) { + + timeouts = new TimeOuts(); + if (auth.getGeneralConfiguration().getTimeOuts().getAssertion() == null) + timeouts.setAssertion(new BigInteger("120")); + else + timeouts.setAssertion(auth.getGeneralConfiguration().getTimeOuts().getAssertion()); + + if (auth.getGeneralConfiguration().getTimeOuts().getMOASessionCreated() == null) + timeouts.setMOASessionCreated(new BigInteger("2700")); + else + timeouts.setMOASessionCreated(auth.getGeneralConfiguration().getTimeOuts().getMOASessionCreated()); + + if (auth.getGeneralConfiguration().getTimeOuts().getMOASessionUpdated() == null) + timeouts.setMOASessionUpdated(new BigInteger("1200")); + else + timeouts.setMOASessionUpdated(auth.getGeneralConfiguration().getTimeOuts().getMOASessionUpdated()); + } + } + else { + Logger.warn("Error in MOA-ID Configuration. No TimeOuts defined."); + throw new ConfigurationException("config.02", null); + } + + //set PVP2 general config + Protocols protocols = auth.getProtocols(); + if (protocols != null) { + if (protocols.getPVP2() != null) { + PVP2 el = protocols.getPVP2();; + pvp2general = new PVP2(); + pvp2general.setIssuerName(el.getIssuerName()); + pvp2general.setPublicURLPrefix(el.getPublicURLPrefix()); + + if (el.getOrganization() != null) { + Organization org = new Organization(); + pvp2general.setOrganization(org); + org.setDisplayName(el.getOrganization().getDisplayName()); + org.setName(el.getOrganization().getName()); + org.setURL(el.getOrganization().getURL()); + } + + if (el.getContact() != null) { + List<Contact> cont = new ArrayList<Contact>(); + pvp2general.setContact(cont); + for (Contact e : el.getContact()) { + Contact c = new Contact(); + c.setCompany(e.getCompany()); + c.setGivenName(e.getGivenName()); + c.setMail(e.getMail()); + c.setPhone(e.getPhone()); + c.setSurName(e.getSurName()); + c.setType(e.getType()); + } + } + } + } else { + Logger.warn("Error in MOA-ID Configuration. No general Protcol configuration found."); + } + + //set alternativeSourceID + if (auth.getGeneralConfiguration() != null) + alternativesourceid = auth.getGeneralConfiguration().getAlternativeSourceID(); + else { + Logger.warn("Error in MOA-ID Configuration. No GeneralConfig defined."); + throw new ConfigurationException("config.02", null); + } + + //set LegacyAllowedProtocols + try { + if (auth.getProtocols() != null) { + Protocols procols = auth.getProtocols(); + if (procols.getLegacyAllowed() != null) { + LegacyAllowed legacy = procols.getLegacyAllowed(); + legacyallowedprotocols = new ArrayList<String>(legacy.getProtocolName()); + } + } + } catch (Exception e) { + Logger.info("No protocols found with legacy allowed flag!"); + } + + //set VerifyAuthBlockConfig + MOASP moasp = getMOASPConfig(auth); + + VerifyAuthBlock el = moasp.getVerifyAuthBlock(); + if (el != null) { + verifyidl = new VerifyAuthBlock(); + verifyidl.setTrustProfileID(el.getTrustProfileID()); + verifyidl.setVerifyTransformsInfoProfileID(new ArrayList<String>(el.getVerifyTransformsInfoProfileID())); + } + else { + Logger.warn("Error in MOA-ID Configuration. No Trustprofile for AuthBlock validation."); + throw new ConfigurationException("config.02", null); + } + + //set MOASP connection parameters + if (moasp.getConnectionParameter() != null) + MoaSpConnectionParameter = new ConnectionParameterMOASP(moasp.getConnectionParameter(), props, this.rootConfigFileDir); + else + MoaSpConnectionParameter = null; + + //set ForeignIDConnectionParameters + if (foreign != null) { + ForeignIDConnectionParameter = new ConnectionParameterForeign(foreign.getConnectionParameter(), props, this.rootConfigFileDir); + } else { + Logger.warn("Error in MOA-ID Configuration. No Connectionconfiguration to SZRGW Service found"); + } + + //set OnlineMandateConnectionParameters + OnlineMandates ovs = auth.getOnlineMandates(); + if (ovs != null) { + OnlineMandatesConnectionParameter = new ConnectionParameterMandate(ovs.getConnectionParameter(), props, this.rootConfigFileDir); + + } else { + Logger.warn("Error in MOA-ID Configuration. No Connectionconfiguration to OVS Service found"); + } + + //set MOASP IdentityLink Trust-ProfileID + VerifyIdentityLink verifyidl = moasp.getVerifyIdentityLink(); + if (verifyidl != null) + MoaSpIdentityLinkTrustProfileID = verifyidl.getTrustProfileID(); + else { + Logger.warn("Error in MOA-ID Configuration. No Trustprofile for IdentityLink validation."); + throw new ConfigurationException("config.02", null); + } + + //set SL transformation infos + SecurityLayer seclayer = auth.getSecurityLayer(); + if (seclayer == null) { + Logger.warn("Error in MOA-ID Configuration. No generalAuthConfiguration->SecurityLayer found"); + throw new ConfigurationException("config.02", null); + } else { + TransformsInfos = ConfigurationUtils.getTransformInfos(seclayer.getTransformsInfo()); + } + + //set IdentityLinkSignerSubjectNames + IdentityLinkSigners idlsigners = auth.getIdentityLinkSigners(); + if (idlsigners != null) { + IdentityLinkX509SubjectNames = new ArrayList<String>(idlsigners.getX509SubjectName()); + + } else { + Logger.warn("Warning in MOA-ID Configuration. No IdenitiyLink signer found."); + } + + //set SLRequestTemplates + SLRequestTemplates templ = moaidconfig.getSLRequestTemplates(); + if (templ == null) { + Logger.warn("Error in MOA-ID Configuration. No SLRequestTemplates found"); + throw new ConfigurationException("config.02", null); + } else { + SLRequestTemplates.put(OAAuthParameter.ONLINEBKU, templ.getOnlineBKU()); + SLRequestTemplates.put(OAAuthParameter.LOCALBKU, templ.getLocalBKU()); + SLRequestTemplates.put(OAAuthParameter.HANDYBKU, templ.getHandyBKU()); + } + + //set SSO Config + if (auth.getSSO()!= null) { + ssoconfig = new SSO(); + ssoconfig.setFriendlyName(auth.getSSO().getFriendlyName()); + ssoconfig.setPublicURL(auth.getSSO().getPublicURL()); + ssoconfig.setSpecialText(auth.getSSO().getSpecialText()); + ssoconfig.setTarget(auth.getSSO().getTarget()); + + if (auth.getSSO().getIdentificationNumber() != null) { + IdentificationNumber value = new IdentificationNumber(); + value.setType(auth.getSSO().getIdentificationNumber().getType()); + value.setValue(auth.getSSO().getIdentificationNumber().getValue()); + ssoconfig.setIdentificationNumber(value); + } + } else { + Logger.warn("Error in MOA-ID Configuration. No Single Sign-On Config found"); + } + + //close Database + ConfigurationDBUtils.closeSession(); + } catch (Throwable t) { throw new ConfigurationException("config.02", null, t); } } - /** - * Loads the <code>transformsInfos</code> from files. - * @throws Exception on any exception thrown - */ -// private void loadTransformsInfos() throws Exception { -// -// transformsInfos = new String[transformsInfoFileNames.length]; -// for (int i = 0; i < transformsInfoFileNames.length; i++) { -// String fileURL = transformsInfoFileNames[i]; -// -// //if fileURL is relative to rootConfigFileDir make it absolute -// fileURL = FileUtils.makeAbsoluteURL(fileURL, rootConfigFileDir); -// String transformsInfo = FileUtils.readURL(fileURL, DEFAULT_ENCODING); -// transformsInfos[i] = transformsInfo; -// } -// } - -// /** -// * Loads the <code>transformsInfos</code> from files. -// * @throws Exception on any exception thrown -// */ -// private String[] loadTransformsInfos(String[] transformsInfoFileNames) throws Exception { -// -// String[] transformsInfos = new String[transformsInfoFileNames.length]; -// for (int i = 0; i < transformsInfoFileNames.length; i++) { -// String fileURL = transformsInfoFileNames[i]; -// -// //if fileURL is relative to rootConfigFileDir make it absolute -// fileURL = FileUtils.makeAbsoluteURL(fileURL, rootConfigFileDir); -// String transformsInfo = FileUtils.readURL(fileURL, DEFAULT_ENCODING); -// transformsInfos[i] = transformsInfo; -// } -// return transformsInfos; -// } - /** - * Return a string array with all filenames leading - * to the Transforms Information for the Security Layer - * @return String[] of filenames to the Security Layer Transforms Information - */ - public String[] getTransformsInfoFileNames() { - return transformsInfoFileNames; + + public Properties getGeneralPVP2ProperiesConfig() { + Properties configProp = new Properties(); + for (Object key : props.keySet()) { + String propPrefix = "protocols.pvp2."; + if (key.toString().startsWith(propPrefix)) { + String propertyName = key.toString().substring(propPrefix.length()); + configProp.put(propertyName, props.get(key.toString())); + } + } + return configProp; } - /** - * Build an array of the OnlineApplication Parameters containing information - * about the authentication component - * @return An OAProxyParameter array containing beans - * with all relevant information for theauthentication component of the online - * application - */ - public OAAuthParameter[] getOnlineApplicationParameters() { - return onlineApplicationAuthParameters; + + public PVP2 getGeneralPVP2DBConfig() { + return pvp2general; } + + public TimeOuts getTimeOuts() throws ConfigurationException { + return timeouts; + } + + public String getAlternativeSourceID() throws ConfigurationException { + return alternativesourceid; + } + + public List<String> getLegacyAllowedProtocols() { + return legacyallowedprotocols; + } + /** * Provides configuration information regarding the online application behind @@ -383,13 +663,15 @@ public class AuthConfigurationProvider extends ConfigurationProvider { * if none is applicable */ public OAAuthParameter getOnlineApplicationParameter(String oaURL) { - OAAuthParameter[] oaParams = getOnlineApplicationParameters(); - for (int i = 0; i < oaParams.length; i++) { - OAAuthParameter oaParam = oaParams[i]; - if (oaURL.indexOf(oaParam.getPublicURLPrefix()) == 0) - return oaParam; - } - return null; + + OnlineApplication oa = ConfigurationDBRead.getActiveOnlineApplication(oaURL); + + if (oa == null) { + Logger.warn("Online application with identifier " + oaURL + " is not found."); + return null; + } + + return new OAAuthParameter(oa); } @@ -398,9 +680,10 @@ public class AuthConfigurationProvider extends ConfigurationProvider { * profile id within the moa-sp part of the authentication component * * @return String with a url-reference to the VerifyAuthBlock trust profile ID + * @throws ConfigurationException */ - public String getMoaSpAuthBlockTrustProfileID() { - return moaSpAuthBlockTrustProfileID; + public String getMoaSpAuthBlockTrustProfileID() throws ConfigurationException { + return verifyidl.getTrustProfileID(); } /** @@ -408,119 +691,194 @@ public class AuthConfigurationProvider extends ConfigurationProvider { * IDs within the moa-sp part of the authentication component * @return A string array containing all urls to the * verify transform info IDs + * @throws ConfigurationException */ - public String[] getMoaSpAuthBlockVerifyTransformsInfoIDs() { - return moaSpAuthBlockVerifyTransformsInfoIDs; + public List<String> getMoaSpAuthBlockVerifyTransformsInfoIDs() throws ConfigurationException { + return verifyidl.getVerifyTransformsInfoProfileID(); } /** * Return a ConnectionParameter bean containing all information * of the authentication component moa-sp element * @return ConnectionParameter of the authentication component moa-sp element + * @throws ConfigurationException */ - public ConnectionParameter getMoaSpConnectionParameter() { - return moaSpConnectionParameter; + public ConnectionParameter getMoaSpConnectionParameter() throws ConfigurationException { + return MoaSpConnectionParameter; } /** * Return a ConnectionParameter bean containing all information * of the authentication component foreigid element * @return ConnectionParameter of the authentication component foreignid element + * @throws ConfigurationException */ - public ConnectionParameter getForeignIDConnectionParameter() { - return foreignIDConnectionParameter; + public ConnectionParameter getForeignIDConnectionParameter() throws ConfigurationException { + return ForeignIDConnectionParameter; } /** * Return a ConnectionParameter bean containing all information * of the authentication component OnlineMandates element * @return ConnectionParameter of the authentication component OnlineMandates element + * @throws ConfigurationException */ - public ConnectionParameter getOnlineMandatesConnectionParameter() { - return onlineMandatesConnectionParameter; + public ConnectionParameter getOnlineMandatesConnectionParameter() throws ConfigurationException { + return OnlineMandatesConnectionParameter; } /** * Return a string with a url-reference to the VerifyIdentityLink trust * profile id within the moa-sp part of the authentication component * @return String with a url-reference to the VerifyIdentityLink trust profile ID + * @throws ConfigurationException */ - public String getMoaSpIdentityLinkTrustProfileID() { - return moaSpIdentityLinkTrustProfileID; + public String getMoaSpIdentityLinkTrustProfileID() throws ConfigurationException { + return MoaSpIdentityLinkTrustProfileID; } + /** * Returns the transformsInfos. * @return String[] + * @throws ConfigurationException */ - public String[] getTransformsInfos() { - return transformsInfos; + public List<String> getTransformsInfos() throws ConfigurationException { + return TransformsInfos; } /** * Returns the identityLinkX509SubjectNames. * @return List + * @throws ConfigurationException */ - public List getIdentityLinkX509SubjectNames() { - return identityLinkX509SubjectNames; + public List<String> getIdentityLinkX509SubjectNames() throws ConfigurationException { + return IdentityLinkX509SubjectNames; } - /** - * Returns the trustBKUs. - * @return List - */ - public List getTrustedBKUs() { - return this.trustedBKUs; + public List<String> getSLRequestTemplates() throws ConfigurationException { + return new ArrayList<String>(SLRequestTemplates.values()); } - - /** - * Returns the trustedTemplateURLs. - * @return List - */ - public List getTrustedTemplateURLs() { - return this.trustedTemplateURLs; + + public String getSLRequestTemplates(String type) throws ConfigurationException { + String el = SLRequestTemplates.get(type); + if (MiscUtil.isNotEmpty(el)) + return el; + else { + Logger.warn("getSLRequestTemplates: BKU Type does not match: " + + OAAuthParameter.ONLINEBKU + " or " + OAAuthParameter.HANDYBKU + " or " + OAAuthParameter.LOCALBKU); + return null; + } } - - /** - * Returns the bKUConnectionParameter. - * @return ConnectionParameter - */ - public ConnectionParameter getBKUConnectionParameter() { - return bKUConnectionParameter; + + public boolean isSSOBusinessService() throws ConfigurationException { + + if (ssoconfig != null && ssoconfig.getIdentificationNumber() != null) + return true; + else + return false; } - - /** - * Returns the bKUSelectable. - * @return boolean - */ - public boolean isBKUSelectable() { - return bKUSelectable; + + public IdentificationNumber getSSOBusinessService() throws ConfigurationException { + if (ssoconfig != null) + return ssoconfig.getIdentificationNumber(); + else + return null; } - - /** - * Returns the bKUSelectionType. - * @return String - */ - public String getBKUSelectionType() { - return bKUSelectionType; + + public String getSSOTarget() throws ConfigurationException { + if (ssoconfig!= null) + return ssoconfig.getTarget(); + + return null; } - - /** - * Returns the defaultVerifyInfoboxParameters. - * - * @return The defaultVerifyInfoboxParameters. - */ - public VerifyInfoboxParameters getDefaultVerifyInfoboxParameters() { - return defaultVerifyInfoboxParameters; + + public String getSSOFriendlyName() { + if (ssoconfig!= null) { + if (MiscUtil.isNotEmpty(ssoconfig.getFriendlyName())) + return ssoconfig.getFriendlyName(); + } + + return "Default MOA-ID friendly name for SSO"; } - + + public String getSSOSpecialText() { + if (ssoconfig!= null) { + String text = ssoconfig.getSpecialText(); + if (MiscUtil.isEmpty(text)) + text = new String(); + + return text; + } + return new String(); + } + + public String getSSOPublicUrl() { + if (ssoconfig!= null) { + String url = ssoconfig.getPublicURL(); + if (MiscUtil.isEmpty(url)) + url = new String(); + return url; + } + return new String(); + } + + public String getMOASessionEncryptionKey() { + + String prop = props.getProperty("configuration.moasession.key"); + if (MiscUtil.isEmpty(prop)) + return null; + else + return prop; + } + /** * Retruns the STORK Configuration * @return STORK Configuration + * @throws ConfigurationException */ - public STORKConfig getStorkConfig() { - return storkConfig; + public STORKConfig getStorkConfig() throws ConfigurationException { + + return storkconfig; } + + private void setCertStoreDirectory() throws ConfigurationException { + AuthComponentGeneral auth = getAuthComponentGeneral(); + if (auth.getGeneralConfiguration() != null) + certstoreDirectory = rootConfigFileDir + auth.getGeneralConfiguration().getCertStoreDirectory(); + else { + Logger.warn("Error in MOA-ID Configuration. No CertStoreDirectory defined."); + throw new ConfigurationException("config.02", null); + } + } + private void setTrustManagerRevocationChecking() throws ConfigurationException { + AuthComponentGeneral auth = getAuthComponentGeneral(); + + if (auth.getGeneralConfiguration() != null) + trustmanagerrevoationchecking = auth.getGeneralConfiguration().isTrustManagerRevocationChecking(); + else { + Logger.warn("Error in MOA-ID Configuration. No CertStoreDirectory defined."); + throw new ConfigurationException("config.02", null); + } + } + + private AuthComponentGeneral getAuthComponentGeneral() throws ConfigurationException { + AuthComponentGeneral authgeneral = moaidconfig.getAuthComponentGeneral(); + if (authgeneral == null) { + Logger.warn("Error in MOA-ID Configuration. No generalAuthConfiguration found"); + throw new ConfigurationException("config.02", null); + } + return authgeneral; + } + private MOASP getMOASPConfig(AuthComponentGeneral authgeneral) throws ConfigurationException { + MOASP moasp = authgeneral.getMOASP(); + + if (moasp == null) { + Logger.warn("Error in MOA-ID Configuration. No MOASP configuration found"); + throw new ConfigurationException("config.02", null); + } + return moasp; + } }
\ No newline at end of file diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/auth/OAAuthParameter.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/auth/OAAuthParameter.java index 091a01bf7..c62594d6f 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/auth/OAAuthParameter.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/auth/OAAuthParameter.java @@ -25,10 +25,22 @@ package at.gv.egovernment.moa.id.config.auth; import java.util.ArrayList; +import java.util.List; -import org.opensaml.saml2.metadata.RequestedAttribute; - +import at.gv.egovernment.moa.id.commons.db.dao.config.AuthComponentOA; +import at.gv.egovernment.moa.id.commons.db.dao.config.BKUURLS; +import at.gv.egovernment.moa.id.commons.db.dao.config.IdentificationNumber; +import at.gv.egovernment.moa.id.commons.db.dao.config.Mandates; +import at.gv.egovernment.moa.id.commons.db.dao.config.OAPVP2; +import at.gv.egovernment.moa.id.commons.db.dao.config.OASAML1; +import at.gv.egovernment.moa.id.commons.db.dao.config.OASSO; +import at.gv.egovernment.moa.id.commons.db.dao.config.OnlineApplication; +import at.gv.egovernment.moa.id.commons.db.dao.config.TemplateType; +import at.gv.egovernment.moa.id.commons.db.dao.config.TemplatesType; +import at.gv.egovernment.moa.id.commons.db.dao.config.TransformsInfoType; +import at.gv.egovernment.moa.id.config.ConfigurationUtils; import at.gv.egovernment.moa.id.config.OAParameter; +import at.gv.egovernment.moa.logging.Logger; import eu.stork.vidp.messages.builder.STORKMessagesBuilder; import eu.stork.vidp.messages.common.STORKConstants; import eu.stork.vidp.messages.stork.QualityAuthenticationAssuranceLevel; @@ -47,93 +59,25 @@ import eu.stork.vidp.messages.stork.RequestedAttributes; * @author Harald Bratko */ public class OAAuthParameter extends OAParameter { - /** - * Sercurity Layer version - */ - private String slVersion; - /** - * true, if the Security Layer version is version 1.2, otherwise false - */ - private boolean slVersion12; - /** - * identityLinkDomainIdentifier - * (e.g <code>urn:publicid:gv.at+wbpk+FN468i</code> for a "Firmenbuchnummer") - * <br> - * only used within a business application context for providing it to the - * security layer as input for wbPK computation - */ - private String identityLinkDomainIdentifier; - /** - * key box Identifier (e.g. CertifiedKeypair, SecureSignatureKeypair) - */ - private String keyBoxIdentifier; - /** - * transformations for rendering in the secure viewer of the security layer - * implementation; multiple transformation can be given for different mime types - */ - private String[] transformsInfos; - /** - * determines whether "Stammzahl" is to be included in the authentication data - */ - private boolean provideStammzahl; - /** - * determines whether AUTH block is to be included in the authentication data - */ - private boolean provideAuthBlock; - /** - * determines whether identity link is to be included in the authentication data - */ - private boolean provideIdentityLink; - /** - * determines whether the certificate is to be included in the authentication data - */ - private boolean provideCertificate; - /** - * determines whether the full mandator data (i.e. the mandate) is to be included in the authentication data - */ - private boolean provideFullMandatorData; - - /** determines wheter the IssueInstant of the SAML assertion is in UTC or not*/ - private boolean useUTC; - - /** determines wheter a saml:Condition is added to the SAML assertion or not */ - private boolean useCondition; - - /** determines the validity time of the SAML assertion (if useCondition is true) in seconds */ - private int conditionLength; - /** - * url to a template for web page "Auswahl der Bürgerkartenumgebung" - */ - private String bkuSelectionTemplateURL; - /** - * template for web page "Anmeldung mit Bürgerkarte" - */ - private String templateURL; - /** - * template for web page "Signatur der Anmeldedaten" - */ - private String inputProcessorSignTemplateURL; - /** - * Parameters for verifying infoboxes. - */ - private VerifyInfoboxParameters verifyInfoboxParameters; - - /** - * Parameter for Mandate profiles - */ - private String mandateProfiles; - - /** - * - * Type for authentication number (e.g. Firmenbuchnummer) - */ - private String identityLinkDomainIdentifierType; + public static final String ONLINEBKU = "online"; + public static final String HANDYBKU = "handy"; + public static final String LOCALBKU = "local"; + + private AuthComponentOA oa_auth; + + public OAAuthParameter(OnlineApplication oa) { + super(oa); + + this.oa_auth = oa.getAuthComponentOA(); + + this.keyBoxIdentifier = oa.getKeyBoxIdentifier().value(); +} /** * STORK QAA Level, Default = 4 */ - private QualityAuthenticationAssuranceLevel qaaLevel = STORKMessagesBuilder.buildQualityAuthenticationAssuranceLevel(4); + private QualityAuthenticationAssuranceLevel qaaLevel = STORKMessagesBuilder.buildQualityAuthenticationAssuranceLevel(4); /** * STORK RequestedAttributes for Online Application @@ -144,359 +88,215 @@ public class OAAuthParameter extends OAParameter { STORKMessagesBuilder.buildRequestedAttribute(STORKConstants.STORK_ATTRIBUTE_GIVENNAME, true, null), STORKMessagesBuilder.buildRequestedAttribute(STORKConstants.STORK_ATTRIBUTE_SURNAME, true, null), STORKMessagesBuilder.buildRequestedAttribute(STORKConstants.STORK_ATTRIBUTE_DATEOFBIRTH, false, null)); - - -/** - * Returns <code>true</code> if the Security Layer version is version 1.2, - * otherwise <code>false</code>. - * @return <code>true</code> if the Security Layer version is version 1.2, - * otherwise <code>false</code> - */ - public boolean getSlVersion12() { - return slVersion12; - } - - /** - * Returns the security layer version. - * @return the security layer version. - */ - public String getSlVersion() { - return slVersion; - } - - /** - * Returns the identityLinkDomainIdentifier. - * @return the identityLinkDomainIdentifier. - */ - public String getIdentityLinkDomainIdentifier() { - return identityLinkDomainIdentifier; - } - - /** - * Returns the transformsInfos. - * @return the transformsInfos. - */ - public String[] getTransformsInfos() { - return transformsInfos; - } - - /** - * Returns the provideAuthBlock. - * @return String - */ - public boolean getProvideAuthBlock() { - return provideAuthBlock; - } - - /** - * Returns the provideIdentityLink. - * @return String - */ - public boolean getProvideIdentityLink() { - return provideIdentityLink; - } - /** - * Returns the provideStammzahl. - * @return String - */ - public boolean getProvideStammzahl() { - return provideStammzahl; - } - - /** - * Returns <code>true</code> if the certificate should be provided within the - * authentication data, otherwise <code>false</code>. - * @return <code>true</code> if the certificate should be provided, - * otherwise <code>false</code> - */ - public boolean getProvideCertifcate() { - return provideCertificate; - } - - /** - * Returns <code>true</code> if the full mandator data should be provided within the - * authentication data, otherwise <code>false</code>. - * @return <code>true</code> if the full mandator data should be provided, - * otherwise <code>false</code> - */ - public boolean getProvideFullMandatorData() { - return provideFullMandatorData; - } - - /** - * Returns <code>true</code> if the IssueInstant should be given in UTC, otherwise <code>false</code>. - * @return <code>true</code> if the IssueInstant should be given in UTC, otherwise <code>false</code>. - */ - public boolean getUseUTC() { - return useUTC; - } - - /** - * Returns <code>true</code> if the SAML assertion should contain a saml:Condition, otherwise <code>false</code>. - * @return <code>true</code> if the SAML assertion should contain a saml:Condition, otherwise <code>false</code>. - */ - public boolean getUseCondition() { - return useCondition; - } - - /** - * Returns the validity time of the SAML assertion (if useCondition is true) in seconds - * @return the validity time of the SAML assertion (if useCondition is true) in seconds - */ - public int getConditionLength() { - return conditionLength; - } + private String keyBoxIdentifier; - /** - * Returns the key box identifier. - * @return String - */ - public String getKeyBoxIdentifier() { - return keyBoxIdentifier; - } - - /** - * Returns the BkuSelectionTemplate url. - * @return The BkuSelectionTemplate url or <code>null</code> if no url for - * a BkuSelectionTemplate is set. - */ - public String getBkuSelectionTemplateURL() { - return bkuSelectionTemplateURL; - } - - /** - * Returns the TemplateURL url. - * @return The TemplateURL url or <code>null</code> if no url for - * a Template is set. - */ - public String getTemplateURL() { - return templateURL; - } - - - /** - * Returns the inputProcessorSignTemplateURL url. - * @return The inputProcessorSignTemplateURL url or <code>null</code> if no url for - * a input processor sign template is set. - */ - public String getInputProcessorSignTemplateURL() { - return inputProcessorSignTemplateURL; - } - - /** - * Returns the parameters for verifying additional infoboxes. - * - * @return The parameters for verifying additional infoboxes. - * Maybe <code>null</code>. - */ - public VerifyInfoboxParameters getVerifyInfoboxParameters() { - return verifyInfoboxParameters; - } - - /** - * Sets the security layer version. - * Also sets <code>slVersion12</code> ({@link #getSlVersion12()}) - * to <code>true</code> if the Security Layer version is 1.2. - * @param slVersion The security layer version to be used. - */ - public void setSlVersion(String slVersion) { - this.slVersion = slVersion; - if ("1.2".equals(slVersion)) { - this.slVersion12 = true; - } - } - /** - * Sets the IdentityLinkDomainIdentifier. - * @param identityLinkDomainIdentifier The IdentityLinkDomainIdentifiern number of the online application. - */ - public void setIdentityLinkDomainIdentifier(String identityLinkDomainIdentifier) { - this.identityLinkDomainIdentifier = identityLinkDomainIdentifier; - } - /** - * Sets the transformsInfos. - * @param transformsInfos The transformsInfos to be used. - */ - public void setTransformsInfos(String[] transformsInfos) { - this.transformsInfos = transformsInfos; - } - + * @return the slVersion + */ +public String getSlVersion() { + return oa_auth.getSlVersion(); +} /** - * Sets the provideAuthBlock. - * @param provideAuthBlock The provideAuthBlock to set - */ - public void setProvideAuthBlock(boolean provideAuthBlock) { - this.provideAuthBlock = provideAuthBlock; - } + * @return the slVersion12 + */ +public boolean isSlVersion12() { + if ("1.2".equals(oa_auth.getSlVersion())) + return true; + else + return false; + } - /** - * Sets the provideIdentityLink. - * @param provideIdentityLink The provideIdentityLink to set - */ - public void setProvideIdentityLink(boolean provideIdentityLink) { - this.provideIdentityLink = provideIdentityLink; - } +public boolean getUseUTC() { + return oa_auth.isUseUTC(); +} - /** - * Sets the provideStammzahl. - * @param provideStammzahl The provideStammzahl to set - */ - public void setProvideStammzahl(boolean provideStammzahl) { - this.provideStammzahl = provideStammzahl; - } - - /** - * Sets the provideCertificate variable. - * @param provideCertificate The provideCertificate value to set - */ - public void setProvideCertificate(boolean provideCertificate) { - this.provideCertificate = provideCertificate; - } - - /** - * Sets the provideFullMandatorData variable. - * @param provideFullMandatorData The provideFullMandatorData value to set - */ - public void setProvideFullMandatorData(boolean provideFullMandatorData) { - this.provideFullMandatorData = provideFullMandatorData; - } - - /** - * Sets the useUTC variable. - * @param useUTC The useUTC value to set - */ - public void setUseUTC(boolean useUTC) { - this.useUTC = useUTC; - } - - /** - * Sets the useCondition variable - * @param useCondition The useCondition value to set - */ - public void setUseCondition(boolean useCondition) { - this.useCondition = useCondition; - } - - /** - * Sets the conditionLength variable - * @param conditionLength the conditionLength value to set - */ - public void setConditionLength(int conditionLength) { - this.conditionLength = conditionLength; - } - +public boolean useIFrame() { + return oa_auth.isUseIFrame(); +} - /** - * Sets the key box identifier. - * @param keyBoxIdentifier to set - */ - public void setKeyBoxIdentier(String keyBoxIdentifier) { - this.keyBoxIdentifier = keyBoxIdentifier; - } - - /** - * Sets the BkuSelectionTemplate url. - * @param bkuSelectionTemplateURL The url string specifying the location - * of a BkuSelectionTemplate. - */ - public void setBkuSelectionTemplateURL(String bkuSelectionTemplateURL) { - this.bkuSelectionTemplateURL = bkuSelectionTemplateURL; - } - - /** - * Sets the Template url. - * @param templateURL The url string specifying the location - * of a Template. - */ - public void setTemplateURL(String templateURL) { - this.templateURL = templateURL; - } - - /** - * Sets the input processor sign form template url. - * - * @param inputProcessorSignTemplateURL The url string specifying the - * location of the input processor sign form - */ - public void setInputProcessorSignTemplateURL(String inputProcessorSignTemplateURL) { - this.inputProcessorSignTemplateURL = inputProcessorSignTemplateURL; - } +/** + * @return the identityLinkDomainIdentifier + */ +public String getIdentityLinkDomainIdentifier() { + + IdentificationNumber idnumber = oa_auth.getIdentificationNumber(); + if (idnumber != null) + return idnumber.getValue(); + + return null; +} - /** - * Sets the parameters for verifying additonal (to the identitylink infobox) infoboxes. - * - * @param verifyInfoboxParameters The verifyInfoboxParameters to set. - */ - public void setVerifyInfoboxParameters(VerifyInfoboxParameters verifyInfoboxParameters) { - this.verifyInfoboxParameters = verifyInfoboxParameters; - } - - /** - * Gets the IdentityLinkDomainIdentifier (e.g. Firmenbuchnummer) - * @return IdentityLinkDomainIdentifier (e.g. Firmenbuchnummer) - */ - public String getIdentityLinkDomainIdentifierType() { - return identityLinkDomainIdentifierType; - } +/** + * @return the keyBoxIdentifier + */ +public String getKeyBoxIdentifier() { + + return keyBoxIdentifier; +} - /** - * Sets the IdentityLinkDomainIdentifier (e.g. Firmenbuchnummer) - * @param identityLinkDomainIdentifierType The IdentityLinkDomainIdentifier to set (e.g. Firmenbuchnummer) - */ - public void setIdentityLinkDomainIdentifierType(String identityLinkDomainIdentifierType) { - this.identityLinkDomainIdentifierType = identityLinkDomainIdentifierType; - } - - /** - * Sets the Mandate/Profiles - * @param profiles - */ - public void setMandateProfiles(String profiles) { - this.mandateProfiles = profiles; - } - - /** - * Returns the Mandates/Profiles - * @return - */ - public String getMandateProfiles() { - return this.mandateProfiles; - } +/** + * @return the transformsInfos + */ +public List<String> getTransformsInfos() { + + List<TransformsInfoType> transformations = oa_auth.getTransformsInfo(); + return ConfigurationUtils.getTransformInfos(transformations); +} - /** - * Returns the defined STORK QAALevel - * @return STORK QAALevel - */ - public QualityAuthenticationAssuranceLevel getQaaLevel() { - return qaaLevel; + public OASAML1 getSAML1Parameter() { + return oa_auth.getOASAML1(); } + public OAPVP2 getPVP2Parameter() { + return oa_auth.getOAPVP2(); + } + +///** +// * @return the bkuSelectionTemplateURL +// */ +//public String getBkuSelectionTemplateURL() { +// return bkuSelectionTemplateURL; +//} + /** - * Sets the STORK QAALevel - * @param qaaLevel + * @return the templateURL */ - public void setQaaLevel(QualityAuthenticationAssuranceLevel qaaLevel) { - this.qaaLevel = qaaLevel; + public List<TemplateType> getTemplateURL() { + TemplatesType templates = oa_auth.getTemplates(); + + if (templates != null) { + if (templates.getTemplate() != null) { + return templates.getTemplate(); + } + } + return null; } - /** - * Returns the desired STORK Requested Attributes - * @return STORK Requested Attributes - */ - public RequestedAttributes getRequestedAttributes() { - return requestedAttributes; + public String getAditionalAuthBlockText() { + TemplatesType templates = oa_auth.getTemplates(); + + if (templates != null) { + return templates.getAditionalAuthBlockText(); + } + return null; } - /** - * Sets the desired STORK Requested Attributes - * @param requestedAttributes - */ - public void setRequestedAttributes(RequestedAttributes requestedAttributes) { - this.requestedAttributes = requestedAttributes; + public String getBKUURL(String bkutype) { + BKUURLS bkuurls = oa_auth.getBKUURLS(); + if (bkuurls != null) { + if (bkutype.equals(ONLINEBKU)) + return bkuurls.getOnlineBKU(); + else if (bkutype.equals(HANDYBKU)) + return bkuurls.getHandyBKU(); + else if (bkutype.equals(LOCALBKU)) + return bkuurls.getLocalBKU(); + + } + Logger.warn("BKU Type does not match: " + + ONLINEBKU + " or " + HANDYBKU + " or " + LOCALBKU); + return null; + } + + public List<String> getBKUURL() { + BKUURLS bkuurls = oa_auth.getBKUURLS(); + + List<String> list = new ArrayList<String>(); + + if (bkuurls == null) { + Logger.warn("BKU Type does not match: " + + ONLINEBKU + " or " + HANDYBKU + " or " + LOCALBKU); + } else { + list.add(bkuurls.getOnlineBKU()); + list.add(bkuurls.getHandyBKU()); + list.add(bkuurls.getLocalBKU()); + } + return list; + } + + + public boolean useSSO() { + OASSO sso = oa_auth.getOASSO(); + if (sso != null) + return sso.isUseSSO(); + else + return false; + } + + public boolean useSSOQuestion() { + OASSO sso = oa_auth.getOASSO(); + if (sso != null) + return sso.isAuthDataFrame(); + else + return true; + + } + + public String getSingleLogOutURL() { + OASSO sso = oa_auth.getOASSO(); + if (sso != null) + return sso.getSingleLogOutURL(); + else + return null; } + +///** +// * @return the inputProcessorSignTemplateURL +// */ +//public String getInputProcessorSignTemplateURL() { +// return inputProcessorSignTemplateURL; +//} + +///** +// * @return the verifyInfoboxParameters +// */ +//public VerifyInfoboxParameters getVerifyInfoboxParameters() { +// return verifyInfoboxParameters; +//} + +/** + * @return the mandateProfiles + */ +public String getMandateProfiles() { + + Mandates mandates = oa_auth.getMandates(); + + if (mandates != null) + return mandates.getProfiles(); + else + return null; +} + +/** + * @return the identityLinkDomainIdentifierType + */ +public String getIdentityLinkDomainIdentifierType() { + IdentificationNumber idnumber = oa_auth.getIdentificationNumber(); + if (idnumber != null) + return idnumber.getType(); + + return null; +} + +/** + * @return the qaaLevel + */ +public QualityAuthenticationAssuranceLevel getQaaLevel() { + return qaaLevel; +} + +/** + * @return the requestedAttributes + */ +public RequestedAttributes getRequestedAttributes() { + return requestedAttributes; +} + + + + } diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/legacy/BuildFromLegacyConfig.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/legacy/BuildFromLegacyConfig.java new file mode 100644 index 000000000..1460668e2 --- /dev/null +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/legacy/BuildFromLegacyConfig.java @@ -0,0 +1,591 @@ +package at.gv.egovernment.moa.id.config.legacy; + +import iaik.util.logging.Log; +import iaik.x509.X509Certificate; + +import java.io.BufferedInputStream; +import java.io.File; +import java.io.FileInputStream; +import java.io.IOException; +import java.io.InputStream; +import java.math.BigInteger; +import java.util.ArrayList; +import java.util.Arrays; +import java.util.Collections; +import java.util.List; +import java.util.Map; +import java.util.Properties; +import java.util.Set; + +import org.bouncycastle.crypto.macs.OldHMac; +import org.opensaml.saml2.metadata.RequestedAttribute; +import org.opensaml.xml.XMLObject; +import org.w3c.dom.Element; + +import eu.stork.vidp.messages.util.SAMLUtil; +import eu.stork.vidp.messages.util.XMLUtil; + +import at.gv.egovernment.moa.id.commons.db.ConfigurationDBUtils; +import at.gv.egovernment.moa.id.commons.db.dao.config.AuthComponentGeneral; +import at.gv.egovernment.moa.id.commons.db.dao.config.AuthComponentOA; +import at.gv.egovernment.moa.id.commons.db.dao.config.BKUURLS; +import at.gv.egovernment.moa.id.commons.db.dao.config.CPEPS; +import at.gv.egovernment.moa.id.commons.db.dao.config.ChainingModeType; +import at.gv.egovernment.moa.id.commons.db.dao.config.ChainingModes; +import at.gv.egovernment.moa.id.commons.db.dao.config.ClientKeyStore; +import at.gv.egovernment.moa.id.commons.db.dao.config.ConnectionParameterClientAuthType; +import at.gv.egovernment.moa.id.commons.db.dao.config.Contact; +import at.gv.egovernment.moa.id.commons.db.dao.config.DefaultBKUs; +import at.gv.egovernment.moa.id.commons.db.dao.config.ForeignIdentities; +import at.gv.egovernment.moa.id.commons.db.dao.config.GeneralConfiguration; +import at.gv.egovernment.moa.id.commons.db.dao.config.IdentificationNumber; +import at.gv.egovernment.moa.id.commons.db.dao.config.IdentityLinkSigners; +import at.gv.egovernment.moa.id.commons.db.dao.config.KeyName; +import at.gv.egovernment.moa.id.commons.db.dao.config.KeyStore; +import at.gv.egovernment.moa.id.commons.db.dao.config.LegacyAllowed; +import at.gv.egovernment.moa.id.commons.db.dao.config.MOAIDConfiguration; +import at.gv.egovernment.moa.id.commons.db.dao.config.MOAKeyBoxSelector; +import at.gv.egovernment.moa.id.commons.db.dao.config.MOASP; +import at.gv.egovernment.moa.id.commons.db.dao.config.Mandates; +import at.gv.egovernment.moa.id.commons.db.dao.config.OAPVP2; +import at.gv.egovernment.moa.id.commons.db.dao.config.OASAML1; +import at.gv.egovernment.moa.id.commons.db.dao.config.OASSO; +import at.gv.egovernment.moa.id.commons.db.dao.config.OnlineApplication; +import at.gv.egovernment.moa.id.commons.db.dao.config.OnlineMandates; +import at.gv.egovernment.moa.id.commons.db.dao.config.Organization; +import at.gv.egovernment.moa.id.commons.db.dao.config.PVP2; +import at.gv.egovernment.moa.id.commons.db.dao.config.Protocols; +import at.gv.egovernment.moa.id.commons.db.dao.config.RequestedAttributeType; +import at.gv.egovernment.moa.id.commons.db.dao.config.SAMLSigningParameter; +import at.gv.egovernment.moa.id.commons.db.dao.config.SLRequestTemplates; +import at.gv.egovernment.moa.id.commons.db.dao.config.SSO; +import at.gv.egovernment.moa.id.commons.db.dao.config.STORK; +import at.gv.egovernment.moa.id.commons.db.dao.config.SecurityLayer; +import at.gv.egovernment.moa.id.commons.db.dao.config.SignatureCreationParameterType; +import at.gv.egovernment.moa.id.commons.db.dao.config.SignatureVerificationParameterType; +import at.gv.egovernment.moa.id.commons.db.dao.config.TemplateType; +import at.gv.egovernment.moa.id.commons.db.dao.config.TemplatesType; +import at.gv.egovernment.moa.id.commons.db.dao.config.TimeOuts; +import at.gv.egovernment.moa.id.commons.db.dao.config.TransformsInfoType; +import at.gv.egovernment.moa.id.commons.db.dao.config.TrustAnchor; +import at.gv.egovernment.moa.id.commons.db.dao.config.VerifyAuthBlock; +import at.gv.egovernment.moa.id.commons.db.dao.config.VerifyIdentityLink; +import at.gv.egovernment.moa.id.config.ConfigurationException; +import at.gv.egovernment.moa.id.config.ConfigurationProvider; +import at.gv.egovernment.moa.id.config.auth.AuthConfigurationProvider; + +import at.gv.egovernment.moa.id.data.IssuerAndSerial; +import at.gv.egovernment.moa.id.protocols.pvp2x.utils.SAML2Utils; +import at.gv.egovernment.moa.util.Base64Utils; +import at.gv.egovernment.moa.util.DOMUtils; +import at.gv.egovernment.moa.util.MiscUtil; + +public class BuildFromLegacyConfig { + + private static final String GENERIC_CONFIG_PARAM_SOURCEID = "AuthenticationServer.SourceID"; + + private static final String SEARCHBKUTEMPLATE_LOCAL = "https://127.0.0.1:3496/"; + private static final String SEARCHBKUTEMPLATE_HANDY = "https://www.handy-signatur.at"; + private static final String SEARCHBKUTEMPLATE_ONLINE = "bkuonline/http-security-layer-request"; + + public static MOAIDConfiguration build(File fileName, String rootConfigFileDir, MOAIDConfiguration oldconfig) throws ConfigurationException { + InputStream stream = null; + Element configElem; + ConfigurationBuilder builder; + + Log.info("Load Legacy-Configuration from file=" + fileName); + + try { + // load the main config file + stream = new BufferedInputStream(new FileInputStream(fileName)); + configElem = DOMUtils.parseXmlValidating(stream); + + } catch (Throwable t) { + throw new ConfigurationException("config.03", null, t); + } + + finally { + try { + if (stream != null) { + stream.close(); + } + } catch (IOException e) { + + } + } + + try { + String oldbkuonline = ""; + String oldbkulocal = ""; + String oldbkuhandy = ""; + + // build the internal datastructures + builder = new ConfigurationBuilder(configElem, rootConfigFileDir); + + + MOAIDConfiguration moaIDConfig = new MOAIDConfiguration(); + + AuthComponentGeneral generalAuth = new AuthComponentGeneral(); + moaIDConfig.setAuthComponentGeneral(generalAuth); + + + //not supported by MOA-ID 2.0 + //ConnectionParameter bKUConnectionParameter = builder.buildAuthBKUConnectionParameter(); + //bKUSelectable = (bKUConnectionParameter!=null); + //bKUSelectionType = builder.buildAuthBKUSelectionType(); + + + //Load generic Config + Map genericConfiguration = builder.buildGenericConfiguration(); + GeneralConfiguration authGeneral = new GeneralConfiguration(); + + if (genericConfiguration.containsKey(GENERIC_CONFIG_PARAM_SOURCEID)) + authGeneral.setAlternativeSourceID( + (String)genericConfiguration.get(GENERIC_CONFIG_PARAM_SOURCEID)); + + if (genericConfiguration.containsKey(ConfigurationProvider.TRUST_MANAGER_REVOCATION_CHECKING)) + authGeneral.setTrustManagerRevocationChecking( + Boolean.valueOf((String)genericConfiguration.get(ConfigurationProvider.TRUST_MANAGER_REVOCATION_CHECKING))); + + if (genericConfiguration.containsKey(ConfigurationProvider.DIRECTORY_CERTSTORE_PARAMETER_PROPERTY)) + authGeneral.setCertStoreDirectory( + (String)genericConfiguration.get(ConfigurationProvider.DIRECTORY_CERTSTORE_PARAMETER_PROPERTY)); + + + //Load Assertion and Session timeouts + TimeOuts timeOuts = new TimeOuts(); + if (genericConfiguration.containsKey(AuthConfigurationProvider.AUTH_DATA_TIMEOUT_PROPERTY)) + timeOuts.setAssertion(BigInteger.valueOf(Long.valueOf((String)genericConfiguration.get(AuthConfigurationProvider.AUTH_DATA_TIMEOUT_PROPERTY)))); + else + timeOuts.setAssertion(BigInteger.valueOf(2*60)); //default 2min + + if (genericConfiguration.containsKey(AuthConfigurationProvider.AUTH_SESSION_TIMEOUT_PROPERTY)) + timeOuts.setAssertion(BigInteger.valueOf(Long.valueOf((String)genericConfiguration.get(AuthConfigurationProvider.AUTH_SESSION_TIMEOUT_PROPERTY)))); + else + timeOuts.setAssertion(BigInteger.valueOf(30*60)); //default 30min + + timeOuts.setMOASessionUpdated(BigInteger.valueOf(15*60)); //default 15min + authGeneral.setTimeOuts(timeOuts); + generalAuth.setGeneralConfiguration(authGeneral); + + + //TODO: set Protocols!!!! + Protocols auth_protocols = new Protocols(); + generalAuth.setProtocols(auth_protocols); + + LegacyAllowed prot_legacy = new LegacyAllowed(); + auth_protocols.setLegacyAllowed(prot_legacy); + final List<String> PROTOCOLS_LEGACY_ALLOWED = Arrays.asList("id_saml1","id_pvp2x"); //TODO: set default values + prot_legacy.setProtocolName(PROTOCOLS_LEGACY_ALLOWED); + + //TODO: remove beta test values + PVP2 prot_pvp2 = new PVP2(); + auth_protocols.setPVP2(prot_pvp2); + prot_pvp2.setPublicURLPrefix("https://labda.iaik.tugraz.at:8443/moa-id-auth/"); + prot_pvp2.setIssuerName("MOA-ID 2.0 Demo IDP"); + + Organization pvp2_org = new Organization(); + prot_pvp2.setOrganization(pvp2_org); + pvp2_org.setDisplayName("OrganisationDisplayName"); + pvp2_org.setName("OrganisatioName"); + pvp2_org.setURL("http://www.egiz.gv.at"); + + List<Contact> pvp2_contacts = new ArrayList<Contact>(); + prot_pvp2.setContact(pvp2_contacts); + + Contact pvp2_contact = new Contact(); + pvp2_contact.setCompany("OrganisationDisplayName"); + pvp2_contact.setGivenName("Max"); + + + List<String> mails = new ArrayList<String>(); + pvp2_contact.setMail(mails); + mails.add("max@muster.mann"); + + List<String> phones = new ArrayList<String>(); + pvp2_contact.setPhone(phones); + phones.add("01 5555 5555"); + + pvp2_contact.setSurName("Mustermann"); + pvp2_contact.setType("technical"); + pvp2_contacts.add(pvp2_contact); + + //SSO + SSO auth_sso = new SSO(); + generalAuth.setSSO(auth_sso); + auth_sso.setTarget("BF"); + auth_sso.setFriendlyName("EGIZ MOAID 2.0 Beta"); + + + //set SecurityLayer Transformations + String[] transformsInfoFileNames = builder.buildTransformsInfoFileNames(builder.getConfigElem(), ConfigurationBuilder.AUTH_SECLAYER_TRANSFORMS_INFO_FILENAME_XPATH); + String[] transformsInfos = builder.loadTransformsInfos(transformsInfoFileNames); + + List<TransformsInfoType> auth_transformInfos = new ArrayList<TransformsInfoType>(); + if (transformsInfos != null && transformsInfos.length > 0) { + for (int i=0; i<transformsInfos.length; i++) { + + TransformsInfoType transforminfotype = new TransformsInfoType(); + transforminfotype.setFilename(transformsInfoFileNames[i]); + + transforminfotype.setTransformation(Base64Utils.encode(transformsInfos[i].getBytes("UTF-8")).getBytes("UTF-8")); + auth_transformInfos.add(transforminfotype); + } + + } + + SecurityLayer auth_securityLayer = new SecurityLayer(); + auth_securityLayer.setTransformsInfo(auth_transformInfos); + generalAuth.setSecurityLayer(auth_securityLayer); + + + //set MOASP configuration + MOASP auth_moaSP = new MOASP(); + generalAuth.setMOASP(auth_moaSP); + + //set MOASP connection + ConnectionParameter moaSpConnectionParameter = builder.buildMoaSpConnectionParameter(); + if (moaSpConnectionParameter != null) { + ConnectionParameterClientAuthType auth_moaSP_connection = + parseConnectionParameterClientAuth(moaSpConnectionParameter); + auth_moaSP.setConnectionParameter(auth_moaSP_connection); + } + + //set VerifyIdentityLink + String moaSpIdentityLinkTrustProfileID = builder.getMoaSpIdentityLinkTrustProfileID(); + VerifyIdentityLink auth_moaSP_verifyIdentityLink = new VerifyIdentityLink(); + auth_moaSP_verifyIdentityLink.setTrustProfileID(moaSpIdentityLinkTrustProfileID); + auth_moaSP.setVerifyIdentityLink(auth_moaSP_verifyIdentityLink); + + //set VerifyAuthBlock + String moaSpAuthBlockTrustProfileID = builder.getMoaSpAuthBlockTrustProfileID(); + VerifyAuthBlock auth_moaSP_verifyAuthBlock = new VerifyAuthBlock(); + auth_moaSP_verifyAuthBlock.setTrustProfileID(moaSpAuthBlockTrustProfileID); + String[] moaSpAuthBlockVerifyTransformsInfoIDs = builder.buildMoaSpAuthBlockVerifyTransformsInfoIDs(); + List<String> transformlist = new ArrayList<String>(); + Collections.addAll(transformlist, moaSpAuthBlockVerifyTransformsInfoIDs); + auth_moaSP_verifyAuthBlock.setVerifyTransformsInfoProfileID(transformlist); + auth_moaSP.setVerifyAuthBlock(auth_moaSP_verifyAuthBlock); + + + //TODO: check correctness!!! + //set IdentityLinkSigners + IdentityLinkSigners auth_idsigners = new IdentityLinkSigners(); + generalAuth.setIdentityLinkSigners(auth_idsigners); + List<String> identityLinkX509SubjectNames = builder.getIdentityLink_X509SubjectNames(); + auth_idsigners.setX509SubjectName(identityLinkX509SubjectNames); + + + //not supported by MOA-ID 2.0 + VerifyInfoboxParameters defaultVerifyInfoboxParameters = null; +// Node defaultVerifyInfoboxParamtersElem = XPathUtils.selectSingleNode(configElem, ConfigurationBuilder.AUTH_VERIFY_INFOBOXES_XPATH); +// if (defaultVerifyInfoboxParamtersElem != null) { +// defaultVerifyInfoboxParameters = +// builder.buildVerifyInfoboxParameters((Element)defaultVerifyInfoboxParamtersElem, null, moaSpIdentityLinkTrustProfileID); +// } + + + //Set ForeignIdentities + ForeignIdentities auth_foreign = new ForeignIdentities(); + generalAuth.setForeignIdentities(auth_foreign); + + //set Connection parameters + ConnectionParameter foreignIDConnectionParameter = builder.buildForeignIDConnectionParameter(); + ConnectionParameterClientAuthType auth_foreign_connection = + parseConnectionParameterClientAuth(foreignIDConnectionParameter); + auth_foreign.setConnectionParameter(auth_foreign_connection); + + //set STORK configuration + STORKConfig storkConfig = new STORKConfig(builder.buildSTORKSignatureCreationParameter(),builder.buildSTORKSignatureVerificationParameter(), builder.buildSTORKcPEPSMap()); + STORK auth_foreign_stork = new STORK(); + auth_foreign.setSTORK(auth_foreign_stork); + + //set CPEPS + Map<String, at.gv.egovernment.moa.id.config.legacy.CPEPS> map = storkConfig.getCpepsMap(); + Set<String> map_keys = map.keySet(); + List<CPEPS> auth_foreign_stork_cpeps = new ArrayList<CPEPS>(); + for (String key : map_keys) { + CPEPS cpep = new CPEPS(); + cpep.setCountryCode(map.get(key).getCountryCode()); + cpep.setURL(map.get(key).getPepsURL().toExternalForm()); //check correctness!!!! + + List<String> cpep_reqs = new ArrayList<String>(); + + List<RequestedAttribute> map1 = map.get(key).getCountrySpecificRequestedAttributes(); + for (RequestedAttribute e1 : map1) { + Element element = SAMLUtil.marshallMessage(e1); + cpep_reqs.add(XMLUtil.printXML(element)); + } + cpep.setAttributeValue(cpep_reqs); + auth_foreign_stork_cpeps.add(cpep); + } + auth_foreign_stork.setCPEPS(auth_foreign_stork_cpeps); + + + //set SAMLSigningParameter + if (storkConfig.getSignatureCreationParameter() != null && + storkConfig.getSignatureVerificationParameter() != null) { + SAMLSigningParameter auth_foreign_stork_samlSign = new SAMLSigningParameter(); + auth_foreign_stork.setSAMLSigningParameter(auth_foreign_stork_samlSign); + + SignatureCreationParameterType stork_saml_creat = new SignatureCreationParameterType(); + auth_foreign_stork_samlSign.setSignatureCreationParameter(stork_saml_creat); + KeyStore stork_saml_creat_keystore = new KeyStore(); + stork_saml_creat.setKeyStore(stork_saml_creat_keystore); + stork_saml_creat_keystore.setPassword(storkConfig.getSignatureCreationParameter().getKeyStorePassword()); + stork_saml_creat_keystore.setValue(storkConfig.getSignatureCreationParameter().getKeyStorePath()); + KeyName stork_saml_creat_keyname = new KeyName(); + stork_saml_creat.setKeyName(stork_saml_creat_keyname); + stork_saml_creat_keyname.setValue(storkConfig.getSignatureCreationParameter().getKeyName()); + stork_saml_creat_keyname.setPassword(storkConfig.getSignatureCreationParameter().getKeyPassword()); + + + + SignatureVerificationParameterType stork_saml_verify = new SignatureVerificationParameterType(); + auth_foreign_stork_samlSign.setSignatureVerificationParameter(stork_saml_verify); + stork_saml_verify.setTrustProfileID(storkConfig.getSignatureVerificationParameter().getTrustProfileID()); + + } + + //TODO: check correctness + //set QualityAuthenticationAssurance + //set RequestedAttbutes + + + //set OnlineMandates config + ConnectionParameter onlineMandatesConnectionParameter = builder.buildOnlineMandatesConnectionParameter(); + if (onlineMandatesConnectionParameter != null) { + OnlineMandates auth_mandates = new OnlineMandates(); + generalAuth.setOnlineMandates(auth_mandates); + auth_mandates.setConnectionParameter( + parseConnectionParameterClientAuth(onlineMandatesConnectionParameter)); + } + + + //TODO: add auth template configuration!!! + + + if (oldconfig != null) { + if (oldconfig.getDefaultBKUs() != null) { + oldbkuhandy = oldconfig.getDefaultBKUs().getHandyBKU(); + oldbkulocal = oldconfig.getDefaultBKUs().getLocalBKU(); + oldbkuonline = oldconfig.getDefaultBKUs().getOnlineBKU(); + } + } else { + List<String> trustbkus = builder.getTrustedBKUs(); + for (String trustbku : trustbkus) { + if (MiscUtil.isEmpty(oldbkuonline) && trustbku.endsWith(SEARCHBKUTEMPLATE_ONLINE)) + oldbkuonline = trustbku; + + if (MiscUtil.isEmpty(oldbkuhandy) && trustbku.startsWith(SEARCHBKUTEMPLATE_HANDY)) + oldbkuhandy = trustbku; + + if (MiscUtil.isEmpty(oldbkulocal) && trustbku.startsWith(SEARCHBKUTEMPLATE_LOCAL)) + oldbkulocal = trustbku; + } + + } + + + //set OnlineApplications + OAAuthParameter[] onlineApplicationAuthParameters = builder.buildOnlineApplicationAuthParameters(defaultVerifyInfoboxParameters, moaSpIdentityLinkTrustProfileID); + + ArrayList<OnlineApplication> moa_oas = new ArrayList<OnlineApplication>(); + moaIDConfig.setOnlineApplication(moa_oas); + + for (OAAuthParameter oa : onlineApplicationAuthParameters) { + OnlineApplication moa_oa = new OnlineApplication(); + + //set general OA configuration + moa_oa.setCalculateHPI(false); //TODO: Bernd fragen warum das nicht direkt über den Bereichsidentifyer definert wird + moa_oa.setFriendlyName(oa.getFriendlyName()); + moa_oa.setKeyBoxIdentifier(MOAKeyBoxSelector.fromValue(oa.getKeyBoxIdentifier())); //TODO: check correctness + moa_oa.setPublicURLPrefix(oa.getPublicURLPrefix()); + moa_oa.setTarget(oa.getTarget()); + moa_oa.setTargetFriendlyName(oa.getTargetFriendlyName()); + moa_oa.setType(oa.getOaType()); + moa_oa.setIsActive(true); + + + AuthComponentOA oa_auth = new AuthComponentOA(); + moa_oa.setAuthComponentOA(oa_auth); + + //SLLayer Version / useIframe + oa_auth.setSlVersion(oa.getSlVersion()); + oa_auth.setUseIFrame(false); + oa_auth.setUseUTC(oa.getUseUTC()); + + + //BKUURLs + BKUURLS bkuurls = new BKUURLS(); + bkuurls.setOnlineBKU(oldbkuonline); + bkuurls.setHandyBKU(oldbkuhandy); + bkuurls.setLocalBKU(oldbkulocal); + oa_auth.setBKUURLS(bkuurls); + + //IdentificationNumber + IdentificationNumber idnumber = new IdentificationNumber(); + idnumber.setValue(oa.getIdentityLinkDomainIdentifier()); + idnumber.setType(oa.getIdentityLinkDomainIdentifierType()); + oa_auth.setIdentificationNumber(idnumber); + + //set Templates + TemplatesType templates = new TemplatesType(); + oa_auth.setTemplates(templates); + templates.setAditionalAuthBlockText(""); + TemplateType template = new TemplateType(); + template.setURL(oa.getTemplateURL()); + ArrayList<TemplateType> template_list = new ArrayList<TemplateType>(); + template_list.add(template); + templates.setTemplate(template_list); + + + //set TransformsInfo + String[] transforminfos = oa.getTransformsInfos(); + ArrayList<TransformsInfoType> oa_transforminfos = new ArrayList<TransformsInfoType>(); + for (String e1 : transforminfos) { + TransformsInfoType transforminfo = new TransformsInfoType(); + transforminfo.setFilename(e1); + oa_transforminfos.add(transforminfo); + } + oa_auth.setTransformsInfo(oa_transforminfos); + + //VerifyInfoBoxes not supported by MOAID 2.0 + + //set Mandates + Mandates oa_mandates = new Mandates(); + oa_auth.setMandates(oa_mandates); + oa_mandates.setProfiles(oa.getMandateProfiles()); + + //STORK + //TODO: OA specific STORK config is deactivated in MOA 1.5.2 + + //SSO + OASSO oa_sso = new OASSO(); + oa_auth.setOASSO(oa_sso); + oa_sso.setUseSSO(true); + oa_sso.setSingleLogOutURL(""); + oa_sso.setAuthDataFrame(true); + + //OA_SAML1 + OASAML1 oa_saml1 = new OASAML1(); + oa_auth.setOASAML1(oa_saml1); + oa_saml1.setConditionLength(BigInteger.valueOf(oa.getConditionLength())); + oa_saml1.setProvideAUTHBlock(oa.getProvideAuthBlock()); + oa_saml1.setProvideCertificate(oa.getProvideCertifcate()); + oa_saml1.setProvideFullMandatorData(oa.getProvideFullMandatorData()); + oa_saml1.setProvideIdentityLink(oa.getProvideIdentityLink()); + oa_saml1.setProvideStammzahl(oa.getProvideStammzahl()); + oa_saml1.setUseCondition(oa.getUseCondition()); + + //OA_PVP2 + OAPVP2 oa_pvp2 = new OAPVP2(); + oa_auth.setOAPVP2(oa_pvp2); + +// oa_pvp2.setMetadataURL("empty"); +// +// //TODO: is only a workaround!!!! +// Properties props = getGeneralPVP2ProperiesConfig(properies); +// File dir = new File(props.getProperty("idp.truststore")); +// File[] files = dir.listFiles(); +// if (files.length > 0) { +// FileInputStream filestream = new FileInputStream(files[0]); +// X509Certificate signerCertificate = new X509Certificate(filestream); +// oa_pvp2.setCertificate(signerCertificate.getEncoded()); +// +// } else { +// oa_pvp2.setCertificate(null); +// } + + moa_oas.add(moa_oa); + //ConfigurationDBUtils.save(moa_oa); + } + + //removed from MOAID 2.0 config + //identityLinkX509SubjectNames = builder.getIdentityLink_X509SubjectNames(); + + + //set chaining modes + ChainingModes moa_chainingModes = new ChainingModes(); + moaIDConfig.setChainingModes(moa_chainingModes); + + ChainingModeType type = ChainingModeType.fromValue(builder.getDefaultChainingMode()); + moa_chainingModes.setSystemDefaultMode(type); + + Map<IssuerAndSerial, String> chainingModes = builder.buildChainingModes(); + List<TrustAnchor> chaining_anchor = new ArrayList<TrustAnchor>(); + Set<IssuerAndSerial> chaining_anchor_map = chainingModes.keySet(); + for (IssuerAndSerial e1 : chaining_anchor_map) { + TrustAnchor trustanchor = new TrustAnchor(); + + ChainingModeType type1 = ChainingModeType.fromValue(chainingModes.get(e1)); + trustanchor.setMode(type1); + + trustanchor.setX509IssuerName(e1.getIssuerDN()); + trustanchor.setX509SerialNumber(e1.getSerial()); + chaining_anchor.add(trustanchor); + } + moa_chainingModes.setTrustAnchor(chaining_anchor); + + + //set trustedCACertificate path + moaIDConfig.setTrustedCACertificates(builder.getTrustedCACertificates()); + + + //TODO: move to read config functionality + //trustedCACertificates = FileUtils.makeAbsoluteURL(trustedCACertificates, rootConfigFileDir); + + + //Not required in MOAID 2.0 config (DefaultBKUs & SLRequestTemplates) + //trustedBKUs = builder.getTrustedBKUs(); + //trustedTemplateURLs = builder.getTrustedTemplateURLs(); + + + //set DefaultBKUs + DefaultBKUs moa_defaultbkus = new DefaultBKUs(); + moaIDConfig.setDefaultBKUs(moa_defaultbkus); + moa_defaultbkus.setOnlineBKU(oldbkuonline); + moa_defaultbkus.setHandyBKU(oldbkuhandy); + moa_defaultbkus.setLocalBKU(oldbkulocal); + + + //set SLRequest Templates + SLRequestTemplates moa_slrequesttemp = new SLRequestTemplates(); + moaIDConfig.setSLRequestTemplates(moa_slrequesttemp); + moa_slrequesttemp.setOnlineBKU("http://localhost:8080/moa-id-auth/template_onlineBKU.html"); + moa_slrequesttemp.setHandyBKU("http://localhost:8080/moa-id-auth/template_handyBKU.html"); + moa_slrequesttemp.setLocalBKU("http://127.0.0.1:8080/moa-id-auth/template_localBKU.html"); + + return moaIDConfig; + + } catch (Throwable t) { + throw new ConfigurationException("config.02", null, t); + } + } + + private static ConnectionParameterClientAuthType parseConnectionParameterClientAuth( + ConnectionParameter old) { + ConnectionParameterClientAuthType auth_moaSP_connection = new ConnectionParameterClientAuthType(); + auth_moaSP_connection.setURL(old.getUrl()); + + //TODO: remove from Database config!!!!! +// auth_moaSP_connection.setAcceptedServerCertificates(old.getAcceptedServerCertificates()); +// ClientKeyStore auth_moaSP_connection_keyStore = new ClientKeyStore(); +// auth_moaSP_connection_keyStore.setValue(old.getClientKeyStore()); +// auth_moaSP_connection_keyStore.setPassword(old.getClientKeyStorePassword()); +// auth_moaSP_connection.setClientKeyStore(auth_moaSP_connection_keyStore); + return auth_moaSP_connection; + } + + private static Properties getGeneralPVP2ProperiesConfig(Properties props) { + Properties configProp = new Properties(); + for (Object key : props.keySet()) { + String propPrefix = "protocols.pvp2."; + if (key.toString().startsWith(propPrefix)) { + String propertyName = key.toString().substring(propPrefix.length()); + configProp.put(propertyName, props.get(key.toString())); + } + } + return configProp; + } +} diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/legacy/CPEPS.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/legacy/CPEPS.java new file mode 100644 index 000000000..c191d7b2b --- /dev/null +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/legacy/CPEPS.java @@ -0,0 +1,98 @@ +/** + * + */ +package at.gv.egovernment.moa.id.config.legacy; + +import java.net.URL; +import java.util.ArrayList; +import java.util.List; + +import org.opensaml.saml2.metadata.RequestedAttribute; + +/** + * Encpasulates C-PEPS information according MOA configuration + * + * @author bzwattendorfer + * + */ +public class CPEPS { + + /** Country Code of C-PEPS */ + private String countryCode; + + /** URL of C-PEPS */ + private URL pepsURL; + + /** Specific attributes to be requested for this C-PEPS */ + private List<RequestedAttribute> countrySpecificRequestedAttributes = new ArrayList<RequestedAttribute>(); + + /** + * Constructs a C-PEPS + * @param countryCode ISO Country Code of C-PEPS + * @param pepsURL URL of C-PEPS + */ + public CPEPS(String countryCode, URL pepsURL) { + super(); + this.countryCode = countryCode; + this.pepsURL = pepsURL; + } + + /** + * Gets the country code of this C-PEPS + * @return ISO country code + */ + public String getCountryCode() { + return countryCode; + } + + /** + * Sets the country code of this C-PEPS + * @param countryCode ISO country code + */ + public void setCountryCode(String countryCode) { + this.countryCode = countryCode; + } + + /** + * Gets the URL of this C-PEPS + * @return C-PEPS URL + */ + public URL getPepsURL() { + return pepsURL; + } + + /** + * Sets the C-PEPS URL + * @param pepsURL C-PEPS URL + */ + public void setPepsURL(URL pepsURL) { + this.pepsURL = pepsURL; + } + + /** + * Gets the country specific attributes of this C-PEPS + * @return List of country specific attributes + */ + public List<RequestedAttribute> getCountrySpecificRequestedAttributes() { + return countrySpecificRequestedAttributes; + } + + /** + * Sets the country specific attributes + * @param countrySpecificRequestedAttributes List of country specific requested attributes + */ + public void setCountrySpecificRequestedAttributes( + List<RequestedAttribute> countrySpecificRequestedAttributes) { + this.countrySpecificRequestedAttributes = countrySpecificRequestedAttributes; + } + + /** + * Adds a Requested attribute to the country specific attribute List + * @param countrySpecificRequestedAttribute Additional country specific requested attribute to add + */ + public void addCountrySpecificRequestedAttribute(RequestedAttribute countrySpecificRequestedAttribute) { + this.countrySpecificRequestedAttributes.add(countrySpecificRequestedAttribute); + } + + +} diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/ConfigurationBuilder.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/legacy/ConfigurationBuilder.java index 839de48bf..3abc94b02 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/ConfigurationBuilder.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/legacy/ConfigurationBuilder.java @@ -22,12 +22,13 @@ */ -package at.gv.egovernment.moa.id.config; +package at.gv.egovernment.moa.id.config.legacy; import iaik.pki.pathvalidation.ChainingModes; import iaik.utils.RFC2253NameParser; import iaik.utils.RFC2253NameParserException; +import java.io.IOException; import java.math.BigInteger; import java.net.MalformedURLException; import java.net.URL; @@ -51,12 +52,13 @@ import org.w3c.dom.traversal.NodeIterator; import at.gv.egovernment.moa.id.auth.MOAIDAuthConstants; import at.gv.egovernment.moa.id.auth.data.Schema; import at.gv.egovernment.moa.id.auth.data.SchemaImpl; -import at.gv.egovernment.moa.id.config.auth.OAAuthParameter; -import at.gv.egovernment.moa.id.config.auth.VerifyInfoboxParameter; -import at.gv.egovernment.moa.id.config.auth.VerifyInfoboxParameters; -import at.gv.egovernment.moa.id.config.stork.CPEPS; -import at.gv.egovernment.moa.id.config.stork.SignatureCreationParameter; -import at.gv.egovernment.moa.id.config.stork.SignatureVerificationParameter; +import at.gv.egovernment.moa.id.config.ConfigurationException; +import at.gv.egovernment.moa.id.config.legacy.OAAuthParameter; +import at.gv.egovernment.moa.id.config.legacy.VerifyInfoboxParameter; +import at.gv.egovernment.moa.id.config.legacy.VerifyInfoboxParameters; +import at.gv.egovernment.moa.id.config.legacy.CPEPS; +import at.gv.egovernment.moa.id.config.legacy.SignatureCreationParameter; +import at.gv.egovernment.moa.id.config.legacy.SignatureVerificationParameter; import at.gv.egovernment.moa.id.data.IssuerAndSerial; import at.gv.egovernment.moa.id.util.MOAIDMessageProvider; import at.gv.egovernment.moa.logging.Logger; @@ -64,6 +66,7 @@ import at.gv.egovernment.moa.util.BoolUtils; import at.gv.egovernment.moa.util.Constants; import at.gv.egovernment.moa.util.DOMUtils; import at.gv.egovernment.moa.util.FileUtils; +import at.gv.egovernment.moa.util.MiscUtil; import at.gv.egovernment.moa.util.StringUtils; import at.gv.egovernment.moa.util.XPathException; import at.gv.egovernment.moa.util.XPathUtils; @@ -72,7 +75,6 @@ import eu.stork.vidp.messages.common.STORKConstants; import eu.stork.vidp.messages.stork.QualityAuthenticationAssuranceLevel; import eu.stork.vidp.messages.stork.RequestedAttributes; import eu.stork.vidp.messages.util.SAMLUtil; -import eu.stork.vidp.messages.util.XMLUtil; /** * A class that builds configuration data from a DOM based representation. @@ -406,15 +408,24 @@ public class ConfigurationBuilder { */ public String[] loadTransformsInfos(String[] transformsInfoFileNames) throws Exception { - String[] transformsInfos = new String[transformsInfoFileNames.length]; - for (int i = 0; i < transformsInfoFileNames.length; i++) { - String fileURL = transformsInfoFileNames[i]; - - //if fileURL is relative to rootConfigFileDir make it absolute - fileURL = FileUtils.makeAbsoluteURL(fileURL, rootConfigFileDir_); - String transformsInfo = FileUtils.readURL(fileURL, DEFAULT_ENCODING); - transformsInfos[i] = transformsInfo; - } + String[] transformsInfos; + + transformsInfos = new String[transformsInfoFileNames.length]; + for (int i = 0; i < transformsInfoFileNames.length; i++) { + + String fileURL = transformsInfoFileNames[i]; + try { + // if fileURL is relative to rootConfigFileDir make it absolute + fileURL = FileUtils.makeAbsoluteURL(fileURL, rootConfigFileDir_); + + String transformsInfo = FileUtils.readURL(fileURL, DEFAULT_ENCODING); + transformsInfos[i] = transformsInfo; + + } catch (IOException e) { + Logger.info("Transformation with URL " + fileURL + " can not be loaded"); + } + } + return transformsInfos; } @@ -704,28 +715,28 @@ public List getTrustedTemplateURLs() { } //add STORK Configuration specific to OA (RequestedAttributes, QAALevel) - QualityAuthenticationAssuranceLevel qaaLevel = buildOaSTORKQAALevel(authComponent); - if (qaaLevel != null) { - oap.setQaaLevel(qaaLevel); - Logger.debug("Using non-MOA-default STORK QAALevel for this OA " + "(" + oap.getPublicURLPrefix() + "): " + qaaLevel.getValue()); - } + //QualityAuthenticationAssuranceLevel qaaLevel = buildOaSTORKQAALevel(authComponent); + //if (qaaLevel != null) { + // oap.setQaaLevel(qaaLevel); + // Logger.debug("Using non-MOA-default STORK QAALevel for this OA " + "(" + oap.getPublicURLPrefix() + "): " + qaaLevel.getValue()); + //} - RequestedAttributes additionalRequestedAttributes = buildOaSTORKRequestedAttributes(authComponent); - - if(!additionalRequestedAttributes.getRequestedAttributes().isEmpty()) { - //we have additional STORK attributes to request for this OA - Logger.debug("Using non-MOA-default STORK RequestedAttributes for this OA " + "(" + oap.getPublicURLPrefix() + "): "); - for (RequestedAttribute addReqAttr : additionalRequestedAttributes.getRequestedAttributes()) { - if (!SAMLUtil.containsAttribute(oap.getRequestedAttributes().getRequestedAttributes(),addReqAttr.getName())) { - addReqAttr.detach(); - oap.getRequestedAttributes().getRequestedAttributes().add(addReqAttr); - Logger.debug("Requesting additional attribute: " + addReqAttr.getName() + ", isRequired: " + addReqAttr.isRequired()); - } - } + //RequestedAttributes additionalRequestedAttributes = buildOaSTORKRequestedAttributes(authComponent); + // + //if(!additionalRequestedAttributes.getRequestedAttributes().isEmpty()) { + // //we have additional STORK attributes to request for this OA + // Logger.debug("Using non-MOA-default STORK RequestedAttributes for this OA " + "(" + oap.getPublicURLPrefix() + "): "); + // for (RequestedAttribute addReqAttr : additionalRequestedAttributes.getRequestedAttributes()) { + // if (!SAMLUtil.containsAttribute(oap.getRequestedAttributes().getRequestedAttributes(),addReqAttr.getName())) { + /// addReqAttr.detach(); + // oap.getRequestedAttributes().getRequestedAttributes().add(addReqAttr); + // Logger.debug("Requesting additional attribute: " + addReqAttr.getName() + ", isRequired: " + addReqAttr.isRequired()); + // } + // } - } else { - //do nothing, only request default attributes - } + //} else { + // //do nothing, only request default attributes + //} } diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/legacy/ConnectionParameter.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/legacy/ConnectionParameter.java new file mode 100644 index 000000000..455fde9bf --- /dev/null +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/legacy/ConnectionParameter.java @@ -0,0 +1,130 @@ +/* + * Copyright 2003 Federal Chancellery Austria + * MOA-ID has been developed in a cooperation between BRZ, the Federal + * Chancellery Austria - ICT staff unit, and Graz University of Technology. + * + * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by + * the European Commission - subsequent versions of the EUPL (the "Licence"); + * You may not use this work except in compliance with the Licence. + * You may obtain a copy of the Licence at: + * http://www.osor.eu/eupl/ + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the Licence is distributed on an "AS IS" basis, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the Licence for the specific language governing permissions and + * limitations under the Licence. + * + * This product combines work with different licenses. See the "NOTICE" text + * file for details on the various modules and licenses. + * The "NOTICE" text file is part of the distribution. Any derivative works + * that you distribute must include a readable copy of the "NOTICE" text file. + */ + + +package at.gv.egovernment.moa.id.config.legacy; + +/** + * This bean class is used to store data for various connectionParameter + * within the MOA-ID configuration + * + * @author Stefan Knirsch + * @version $Id$ + */ +public class ConnectionParameter { + + /** + * Server URL + */ + private String url; + /** + * File URL for a directory containing PKCS#12 server SSL certificates. + * From these certificates, a X509 trust store will be assembled for use + * by a JSSE <code>TrustManager</code>. + * This field will only be used in case of an HTTPS URL. + */ + private String acceptedServerCertificates; + /** + * File URL of a X509 key store containing the private key to be used + * for an HTTPS connection when the server requires client authentication. + * This field will only be used in case of an HTTPS URL. + */ + private String clientKeyStore; + /** + * Password protecting the client key store. + */ + private String clientKeyStorePassword; + + /** + * Checks whether the URL scheme is <code>"https"</code>. + * @return true in case of an URL starting with <code>"https"</code> + */ + public boolean isHTTPSURL() { + return getUrl().indexOf("https") == 0; + } + + /** + * Returns the url. + * @return String + */ + public String getUrl() { + return url; + } + + /** + * Returns the acceptedServerCertificates. + * @return String + */ + public String getAcceptedServerCertificates() { + return acceptedServerCertificates; + } + + /** + * Sets the acceptedServerCertificates. + * @param acceptedServerCertificates The acceptedServerCertificates to set + */ + public void setAcceptedServerCertificates(String acceptedServerCertificates) { + this.acceptedServerCertificates = acceptedServerCertificates; + } + + /** + * Sets the url. + * @param url The url to set + */ + public void setUrl(String url) { + this.url = url; + } + + /** + * Returns the clientKeyStore. + * @return String + */ + public String getClientKeyStore() { + return clientKeyStore; + } + + /** + * Returns the clientKeyStorePassword. + * @return String + */ + public String getClientKeyStorePassword() { + return clientKeyStorePassword; + } + + /** + * Sets the clientKeyStore. + * @param clientKeyStore The clientKeyStore to set + */ + public void setClientKeyStore(String clientKeyStore) { + this.clientKeyStore = clientKeyStore; + } + + /** + * Sets the clientKeyStorePassword. + * @param clientKeyStorePassword The clientKeyStorePassword to set + */ + public void setClientKeyStorePassword(String clientKeyStorePassword) { + this.clientKeyStorePassword = clientKeyStorePassword; + } + +} diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/legacy/OAAuthParameter.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/legacy/OAAuthParameter.java new file mode 100644 index 000000000..3948522c0 --- /dev/null +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/legacy/OAAuthParameter.java @@ -0,0 +1,501 @@ +/* + * Copyright 2003 Federal Chancellery Austria + * MOA-ID has been developed in a cooperation between BRZ, the Federal + * Chancellery Austria - ICT staff unit, and Graz University of Technology. + * + * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by + * the European Commission - subsequent versions of the EUPL (the "Licence"); + * You may not use this work except in compliance with the Licence. + * You may obtain a copy of the Licence at: + * http://www.osor.eu/eupl/ + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the Licence is distributed on an "AS IS" basis, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the Licence for the specific language governing permissions and + * limitations under the Licence. + * + * This product combines work with different licenses. See the "NOTICE" text + * file for details on the various modules and licenses. + * The "NOTICE" text file is part of the distribution. Any derivative works + * that you distribute must include a readable copy of the "NOTICE" text file. + */ + + +package at.gv.egovernment.moa.id.config.legacy; + +import java.util.ArrayList; + +import org.opensaml.saml2.metadata.RequestedAttribute; + +import eu.stork.vidp.messages.builder.STORKMessagesBuilder; +import eu.stork.vidp.messages.common.STORKConstants; +import eu.stork.vidp.messages.stork.QualityAuthenticationAssuranceLevel; +import eu.stork.vidp.messages.stork.RequestedAttributes; + +/** + * Configuration parameters belonging to an online application, + * to use with the MOA ID Auth component. + * + * @author Stefan Knirsch + * @version $Id$ + */ +/** + * + * + * @author Harald Bratko + */ +public class OAAuthParameter extends OAParameter { + /** + * Sercurity Layer version + */ + private String slVersion; + /** + * true, if the Security Layer version is version 1.2, otherwise false + */ + private boolean slVersion12; + /** + * identityLinkDomainIdentifier + * (e.g <code>urn:publicid:gv.at+wbpk+FN468i</code> for a "Firmenbuchnummer") + * <br> + * only used within a business application context for providing it to the + * security layer as input for wbPK computation + */ + private String identityLinkDomainIdentifier; + /** + * key box Identifier (e.g. CertifiedKeypair, SecureSignatureKeypair) + */ + private String keyBoxIdentifier; + /** + * transformations for rendering in the secure viewer of the security layer + * implementation; multiple transformation can be given for different mime types + */ + private String[] transformsInfos; + /** + * determines whether "Stammzahl" is to be included in the authentication data + */ + private boolean provideStammzahl; + /** + * determines whether AUTH block is to be included in the authentication data + */ + private boolean provideAuthBlock; + /** + * determines whether identity link is to be included in the authentication data + */ + private boolean provideIdentityLink; + /** + * determines whether the certificate is to be included in the authentication data + */ + private boolean provideCertificate; + /** + * determines whether the full mandator data (i.e. the mandate) is to be included in the authentication data + */ + private boolean provideFullMandatorData; + + /** determines wheter the IssueInstant of the SAML assertion is in UTC or not*/ + private boolean useUTC; + + /** determines wheter a saml:Condition is added to the SAML assertion or not */ + private boolean useCondition; + + /** determines the validity time of the SAML assertion (if useCondition is true) in seconds */ + private int conditionLength; + /** + * url to a template for web page "Auswahl der Bürgerkartenumgebung" + */ + private String bkuSelectionTemplateURL; + /** + * template for web page "Anmeldung mit Bürgerkarte" + */ + private String templateURL; + + /** + * template for web page "Signatur der Anmeldedaten" + */ + private String inputProcessorSignTemplateURL; + /** + * Parameters for verifying infoboxes. + */ + private VerifyInfoboxParameters verifyInfoboxParameters; + + /** + * Parameter for Mandate profiles + */ + private String mandateProfiles; + + /** + * + * Type for authentication number (e.g. Firmenbuchnummer) + */ + private String identityLinkDomainIdentifierType; + + /** + * STORK QAA Level, Default = 4 + */ + private QualityAuthenticationAssuranceLevel qaaLevel = STORKMessagesBuilder.buildQualityAuthenticationAssuranceLevel(4); + + /** + * STORK RequestedAttributes for Online Application + * Default RequestedAttributes are: eIdentifier, givenName, surname, dateOfBirth + */ + private RequestedAttributes requestedAttributes = STORKMessagesBuilder.buildRequestedAttributes( + STORKMessagesBuilder.buildRequestedAttribute(STORKConstants.STORK_ATTRIBUTE_EIDENTIFIER, true, null), + STORKMessagesBuilder.buildRequestedAttribute(STORKConstants.STORK_ATTRIBUTE_GIVENNAME, true, null), + STORKMessagesBuilder.buildRequestedAttribute(STORKConstants.STORK_ATTRIBUTE_SURNAME, true, null), + STORKMessagesBuilder.buildRequestedAttribute(STORKConstants.STORK_ATTRIBUTE_DATEOFBIRTH, false, null)); + + +/** + * Returns <code>true</code> if the Security Layer version is version 1.2, + * otherwise <code>false</code>. + * @return <code>true</code> if the Security Layer version is version 1.2, + * otherwise <code>false</code> + */ + public boolean getSlVersion12() { + return slVersion12; + } + + /** + * Returns the security layer version. + * @return the security layer version. + */ + public String getSlVersion() { + return slVersion; + } + + /** + * Returns the identityLinkDomainIdentifier. + * @return the identityLinkDomainIdentifier. + */ + public String getIdentityLinkDomainIdentifier() { + return identityLinkDomainIdentifier; + } + + /** + * Returns the transformsInfos. + * @return the transformsInfos. + */ + public String[] getTransformsInfos() { + return transformsInfos; + } + + /** + * Returns the provideAuthBlock. + * @return String + */ + public boolean getProvideAuthBlock() { + return provideAuthBlock; + } + + /** + * Returns the provideIdentityLink. + * @return String + */ + public boolean getProvideIdentityLink() { + return provideIdentityLink; + } + + /** + * Returns the provideStammzahl. + * @return String + */ + public boolean getProvideStammzahl() { + return provideStammzahl; + } + + /** + * Returns <code>true</code> if the certificate should be provided within the + * authentication data, otherwise <code>false</code>. + * @return <code>true</code> if the certificate should be provided, + * otherwise <code>false</code> + */ + public boolean getProvideCertifcate() { + return provideCertificate; + } + + /** + * Returns <code>true</code> if the full mandator data should be provided within the + * authentication data, otherwise <code>false</code>. + * @return <code>true</code> if the full mandator data should be provided, + * otherwise <code>false</code> + */ + public boolean getProvideFullMandatorData() { + return provideFullMandatorData; + } + + /** + * Returns <code>true</code> if the IssueInstant should be given in UTC, otherwise <code>false</code>. + * @return <code>true</code> if the IssueInstant should be given in UTC, otherwise <code>false</code>. + */ + public boolean getUseUTC() { + return useUTC; + } + + /** + * Returns <code>true</code> if the SAML assertion should contain a saml:Condition, otherwise <code>false</code>. + * @return <code>true</code> if the SAML assertion should contain a saml:Condition, otherwise <code>false</code>. + */ + public boolean getUseCondition() { + return useCondition; + } + + /** + * Returns the validity time of the SAML assertion (if useCondition is true) in seconds + * @return the validity time of the SAML assertion (if useCondition is true) in seconds + */ + public int getConditionLength() { + return conditionLength; + } + + +/** + * Returns the key box identifier. + * @return String + */ + public String getKeyBoxIdentifier() { + return keyBoxIdentifier; + } + + /** + * Returns the BkuSelectionTemplate url. + * @return The BkuSelectionTemplate url or <code>null</code> if no url for + * a BkuSelectionTemplate is set. + */ + public String getBkuSelectionTemplateURL() { + return bkuSelectionTemplateURL; + } + + /** + * Returns the TemplateURL url. + * @return The TemplateURL url or <code>null</code> if no url for + * a Template is set. + */ + public String getTemplateURL() { + return templateURL; + } + + + /** + * Returns the inputProcessorSignTemplateURL url. + * @return The inputProcessorSignTemplateURL url or <code>null</code> if no url for + * a input processor sign template is set. + */ + public String getInputProcessorSignTemplateURL() { + return inputProcessorSignTemplateURL; + } + + /** + * Returns the parameters for verifying additional infoboxes. + * + * @return The parameters for verifying additional infoboxes. + * Maybe <code>null</code>. + */ + public VerifyInfoboxParameters getVerifyInfoboxParameters() { + return verifyInfoboxParameters; + } + + /** + * Sets the security layer version. + * Also sets <code>slVersion12</code> ({@link #getSlVersion12()}) + * to <code>true</code> if the Security Layer version is 1.2. + * @param slVersion The security layer version to be used. + */ + public void setSlVersion(String slVersion) { + this.slVersion = slVersion; + if ("1.2".equals(slVersion)) { + this.slVersion12 = true; + } + } + /** + * Sets the IdentityLinkDomainIdentifier. + * @param identityLinkDomainIdentifier The IdentityLinkDomainIdentifiern number of the online application. + */ + public void setIdentityLinkDomainIdentifier(String identityLinkDomainIdentifier) { + this.identityLinkDomainIdentifier = identityLinkDomainIdentifier; + } + /** + * Sets the transformsInfos. + * @param transformsInfos The transformsInfos to be used. + */ + public void setTransformsInfos(String[] transformsInfos) { + this.transformsInfos = transformsInfos; + } + + +/** + * Sets the provideAuthBlock. + * @param provideAuthBlock The provideAuthBlock to set + */ + public void setProvideAuthBlock(boolean provideAuthBlock) { + this.provideAuthBlock = provideAuthBlock; + } + + /** + * Sets the provideIdentityLink. + * @param provideIdentityLink The provideIdentityLink to set + */ + public void setProvideIdentityLink(boolean provideIdentityLink) { + this.provideIdentityLink = provideIdentityLink; + } + + /** + * Sets the provideStammzahl. + * @param provideStammzahl The provideStammzahl to set + */ + public void setProvideStammzahl(boolean provideStammzahl) { + this.provideStammzahl = provideStammzahl; + } + + /** + * Sets the provideCertificate variable. + * @param provideCertificate The provideCertificate value to set + */ + public void setProvideCertificate(boolean provideCertificate) { + this.provideCertificate = provideCertificate; + } + + /** + * Sets the provideFullMandatorData variable. + * @param provideFullMandatorData The provideFullMandatorData value to set + */ + public void setProvideFullMandatorData(boolean provideFullMandatorData) { + this.provideFullMandatorData = provideFullMandatorData; + } + + /** + * Sets the useUTC variable. + * @param useUTC The useUTC value to set + */ + public void setUseUTC(boolean useUTC) { + this.useUTC = useUTC; + } + + /** + * Sets the useCondition variable + * @param useCondition The useCondition value to set + */ + public void setUseCondition(boolean useCondition) { + this.useCondition = useCondition; + } + + /** + * Sets the conditionLength variable + * @param conditionLength the conditionLength value to set + */ + public void setConditionLength(int conditionLength) { + this.conditionLength = conditionLength; + } + + + /** + * Sets the key box identifier. + * @param keyBoxIdentifier to set + */ + public void setKeyBoxIdentier(String keyBoxIdentifier) { + this.keyBoxIdentifier = keyBoxIdentifier; + } + + /** + * Sets the BkuSelectionTemplate url. + * @param bkuSelectionTemplateURL The url string specifying the location + * of a BkuSelectionTemplate. + */ + public void setBkuSelectionTemplateURL(String bkuSelectionTemplateURL) { + this.bkuSelectionTemplateURL = bkuSelectionTemplateURL; + } + + /** + * Sets the Template url. + * @param templateURL The url string specifying the location + * of a Template. + */ + public void setTemplateURL(String templateURL) { + this.templateURL = templateURL; + } + + /** + * Sets the input processor sign form template url. + * + * @param inputProcessorSignTemplateURL The url string specifying the + * location of the input processor sign form + */ + public void setInputProcessorSignTemplateURL(String inputProcessorSignTemplateURL) { + this.inputProcessorSignTemplateURL = inputProcessorSignTemplateURL; + } + + /** + * Sets the parameters for verifying additonal (to the identitylink infobox) infoboxes. + * + * @param verifyInfoboxParameters The verifyInfoboxParameters to set. + */ + public void setVerifyInfoboxParameters(VerifyInfoboxParameters verifyInfoboxParameters) { + this.verifyInfoboxParameters = verifyInfoboxParameters; + } + + /** + * Gets the IdentityLinkDomainIdentifier (e.g. Firmenbuchnummer) + * @return IdentityLinkDomainIdentifier (e.g. Firmenbuchnummer) + */ + public String getIdentityLinkDomainIdentifierType() { + return identityLinkDomainIdentifierType; + } + + /** + * Sets the IdentityLinkDomainIdentifier (e.g. Firmenbuchnummer) + * @param identityLinkDomainIdentifierType The IdentityLinkDomainIdentifier to set (e.g. Firmenbuchnummer) + */ + public void setIdentityLinkDomainIdentifierType(String identityLinkDomainIdentifierType) { + this.identityLinkDomainIdentifierType = identityLinkDomainIdentifierType; + } + + /** + * Sets the Mandate/Profiles + * @param profiles + */ + public void setMandateProfiles(String profiles) { + this.mandateProfiles = profiles; + } + + /** + * Returns the Mandates/Profiles + * @return + */ + public String getMandateProfiles() { + return this.mandateProfiles; + } + + /** + * Returns the defined STORK QAALevel + * @return STORK QAALevel + */ + public QualityAuthenticationAssuranceLevel getQaaLevel() { + return qaaLevel; + } + + /** + * Sets the STORK QAALevel + * @param qaaLevel + */ + public void setQaaLevel(QualityAuthenticationAssuranceLevel qaaLevel) { + this.qaaLevel = qaaLevel; + } + + /** + * Returns the desired STORK Requested Attributes + * @return STORK Requested Attributes + */ + public RequestedAttributes getRequestedAttributes() { + return requestedAttributes; + } + + /** + * Sets the desired STORK Requested Attributes + * @param requestedAttributes + */ + public void setRequestedAttributes(RequestedAttributes requestedAttributes) { + this.requestedAttributes = requestedAttributes; + } + + + +} diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/legacy/OAParameter.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/legacy/OAParameter.java new file mode 100644 index 000000000..de449cbcf --- /dev/null +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/legacy/OAParameter.java @@ -0,0 +1,164 @@ +/* + * Copyright 2003 Federal Chancellery Austria + * MOA-ID has been developed in a cooperation between BRZ, the Federal + * Chancellery Austria - ICT staff unit, and Graz University of Technology. + * + * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by + * the European Commission - subsequent versions of the EUPL (the "Licence"); + * You may not use this work except in compliance with the Licence. + * You may obtain a copy of the Licence at: + * http://www.osor.eu/eupl/ + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the Licence is distributed on an "AS IS" basis, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the Licence for the specific language governing permissions and + * limitations under the Licence. + * + * This product combines work with different licenses. See the "NOTICE" text + * file for details on the various modules and licenses. + * The "NOTICE" text file is part of the distribution. Any derivative works + * that you distribute must include a readable copy of the "NOTICE" text file. + */ + + +package at.gv.egovernment.moa.id.config.legacy; + +/** + * Configuration parameters belonging to an online application, + * to be used within both, the MOA ID Auth and the + * MOA ID PROXY component. + * + * @author Harald Bratko + */ +public class OAParameter { + + /** + * type of the online application (maybe "PublicService" or "BusinessService") + */ + private String oaType; + + /** + * specifies whether the online application is a business application or not + * (<code>true</code> if value of {@link #oaType} is "businessService" + */ + private boolean businessService; + + /** + * public URL prefix of the online application + */ + private String publicURLPrefix; + + /** + * specifies a human readable name of the Online Application + */ + private String friendlyName; + + /** + * specified a specific target for the Online Application (overwrites the target in der request) + */ + private String target; + /** + * specifies a friendly name for the target + */ + private String targetFriendlyName; + + /** + * Returns the type of the online application. + * @return the type of the online application. + */ + public String getOaType() { + return oaType; + } + + /** + * Returns <code>true</code> is the OA is a businss application, otherwise + * <code>false</code>. + * @return <code>true</code> is the OA is a businss application, otherwise + * <code>false</code> + */ + public boolean getBusinessService() { + return this.businessService; + } + + /** + * Returns the publicURLPrefix. + * @return String + */ + public String getPublicURLPrefix() { + return publicURLPrefix; + } + + /** + * + * Sets the type of the online application. + * If the type is "businessService" the value of <code>businessService</code> + * ({@link #getBusinessService()}) is also set to <code>true</code> + * @param oaType The type of the online application. + */ + public void setOaType(String oaType) { + this.oaType = oaType; + if ("businessService".equalsIgnoreCase(oaType)) { + this.businessService = true; + } + } + + /** + * Sets the publicURLPrefix. + * @param publicURLPrefix The publicURLPrefix to set + */ + public void setPublicURLPrefix(String publicURLPrefix) { + this.publicURLPrefix = publicURLPrefix; + } + + + /** + * Gets the friendly name of the OA + * @return Friendly Name of the OA + */ + public String getFriendlyName() { + return friendlyName; + } + + /** + * Sets the friendly name of the OA + * @param friendlyName + */ + public void setFriendlyName(String friendlyName) { + this.friendlyName = friendlyName; + } + + /** + * Gets the target of the OA + * @return target of the OA + */ + public String getTarget() { + return target; + } + + /** + * Sets the target of the OA + * @param target + */ + public void setTarget(String target) { + this.target = target; + } + + /** + * Gets the target friendly name of the OA + * @return target Friendly Name of the OA + */ + public String getTargetFriendlyName() { + return targetFriendlyName; + } + + /** + * Sets the target friendly name of the OA + * @param targetFriendlyName + */ + public void setTargetFriendlyName(String targetFriendlyName) { + this.targetFriendlyName = targetFriendlyName; + } + + +} diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/legacy/STORKConfig.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/legacy/STORKConfig.java new file mode 100644 index 000000000..2d0a91fb9 --- /dev/null +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/legacy/STORKConfig.java @@ -0,0 +1,90 @@ +/** + * + */ +package at.gv.egovernment.moa.id.config.legacy; + +import java.util.HashMap; +import java.util.Map; + +import at.gv.egovernment.moa.util.StringUtils; + +/** + * Encapsulates several STORK configuration parameters according MOA configuration + * + * @author bzwattendorfer + * + */ +public class STORKConfig { + + /** STORK SAML signature creation parameters */ + private SignatureCreationParameter signatureCreationParameter; + + /** STORK SAML signature verification parameters */ + private SignatureVerificationParameter signatureVerificationParameter; + + /** Map of supported C-PEPSs */ + private Map<String, CPEPS> cpepsMap = new HashMap<String, CPEPS>(); + + + /** + * Constructs a STORK Config object + * @param signatureCreationParameter STORK SAML Signature creation parameters + * @param signatureVerificationParameter STORK SAML Signature verification parameters + * @param cpepsMap Map of supported C-PEPS + */ + public STORKConfig(SignatureCreationParameter signatureCreationParameter, + SignatureVerificationParameter signatureVerificationParameter, + Map<String, CPEPS> cpepsMap) { + super(); + this.signatureCreationParameter = signatureCreationParameter; + this.signatureVerificationParameter = signatureVerificationParameter; + this.cpepsMap = cpepsMap; + } + + public SignatureCreationParameter getSignatureCreationParameter() { + return signatureCreationParameter; + } + + public void setSignatureCreationParameter( + SignatureCreationParameter signatureCreationParameter) { + this.signatureCreationParameter = signatureCreationParameter; + } + + public SignatureVerificationParameter getSignatureVerificationParameter() { + return signatureVerificationParameter; + } + + public void setSignatureVerificationParameter( + SignatureVerificationParameter signatureVerificationParameter) { + this.signatureVerificationParameter = signatureVerificationParameter; + } + + public Map<String, CPEPS> getCpepsMap() { + return cpepsMap; + } + + public void setCpepsMap(Map<String, CPEPS> cpepsMap) { + this.cpepsMap = cpepsMap; + } + + public boolean isSTORKAuthentication(String ccc) { + + if (StringUtils.isEmpty(ccc) || this.cpepsMap.isEmpty()) + return false; + + if (this.cpepsMap.containsKey(ccc.toUpperCase())) + return true; + else + return false; + + } + + public CPEPS getCPEPS(String ccc) { + if (isSTORKAuthentication(ccc)) + return this.cpepsMap.get(ccc); + else + return null; + } + + +} diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/legacy/SignatureCreationParameter.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/legacy/SignatureCreationParameter.java new file mode 100644 index 000000000..fcccf41f0 --- /dev/null +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/legacy/SignatureCreationParameter.java @@ -0,0 +1,112 @@ +/* + * Copyright 2003 Federal Chancellery Austria + * MOA-ID has been developed in a cooperation between BRZ, the Federal + * Chancellery Austria - ICT staff unit, and Graz University of Technology. + * + * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by + * the European Commission - subsequent versions of the EUPL (the "Licence"); + * You may not use this work except in compliance with the Licence. + * You may obtain a copy of the Licence at: + * http://www.osor.eu/eupl/ + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the Licence is distributed on an "AS IS" basis, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the Licence for the specific language governing permissions and + * limitations under the Licence. + * + * This product combines work with different licenses. See the "NOTICE" text + * file for details on the various modules and licenses. + * The "NOTICE" text file is part of the distribution. Any derivative works + * that you distribute must include a readable copy of the "NOTICE" text file. + */ + +package at.gv.egovernment.moa.id.config.legacy; + +/** + * Encapsulates signature creation parameters according MOA configuration + * + * @author bzwattendorfer + * + */ +public class SignatureCreationParameter { + + /** KeyStore Path */ + private String keyStorePath; + + /** KeyStore Password */ + private String keyStorePassword; + + /** Signing Key Name */ + private String keyName; + + /** Signing Key Password */ + private String keyPassword; + + /** + * Gets the KeyStore Path + * @return File Path to KeyStore + */ + public String getKeyStorePath() { + return keyStorePath; + } + + /** + * Sets the KeyStore Path + * @param keyStorePath Path to KeyStore + */ + public void setKeyStorePath(String keyStorePath) { + this.keyStorePath = keyStorePath; + } + + /** + * Gets the KeyStore Password + * @return Password to KeyStore + */ + public String getKeyStorePassword() { + return keyStorePassword; + } + + /** + * Sets the KeyStore Password + * @param keyStorePassword Password to KeyStore + */ + public void setKeyStorePassword(String keyStorePassword) { + this.keyStorePassword = keyStorePassword; + } + + /** + * Gets the Signing Key Name + * @return Siging Key Name + */ + public String getKeyName() { + return keyName; + } + + /** + * Sets the Signing Key Name + * @param keyName Signing Key Name + */ + public void setKeyName(String keyName) { + this.keyName = keyName; + } + + /** + * Gets the Signing Key Password + * @return Signing Key Password + */ + public String getKeyPassword() { + return keyPassword; + } + + /** + * Sets the Signing Key Password + * @param keyPassword Signing Key Password + */ + public void setKeyPassword(String keyPassword) { + this.keyPassword = keyPassword; + } + + + +} diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/legacy/SignatureVerificationParameter.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/legacy/SignatureVerificationParameter.java new file mode 100644 index 000000000..d01c8e541 --- /dev/null +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/legacy/SignatureVerificationParameter.java @@ -0,0 +1,35 @@ +/** + * + */ +package at.gv.egovernment.moa.id.config.legacy; + +/** + * Encapsulates Signature Verification data for STORK according MOA configuration + * + * @author bzwattendorfer + * + */ +public class SignatureVerificationParameter { + + /** ID of the MOA-SP TrustProfile to be used for STORK SAML signature verification */ + private String trustProfileID; + + /** + * Gets the MOA-SP TrustProfileID + * @return TrustProfileID of MOA-SP for STORK signature verification + */ + public String getTrustProfileID() { + return trustProfileID; + } + + /** + * Sets the MOA-SP TrustProfileID + * @param trustProfileID TrustProfileID of MOA-SP for STORK signature verification + */ + public void setTrustProfileID(String trustProfileID) { + this.trustProfileID = trustProfileID; + } + + + +} diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/legacy/VerifyInfoboxParameter.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/legacy/VerifyInfoboxParameter.java new file mode 100644 index 000000000..a482da430 --- /dev/null +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/legacy/VerifyInfoboxParameter.java @@ -0,0 +1,411 @@ +/* + * Copyright 2003 Federal Chancellery Austria + * MOA-ID has been developed in a cooperation between BRZ, the Federal + * Chancellery Austria - ICT staff unit, and Graz University of Technology. + * + * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by + * the European Commission - subsequent versions of the EUPL (the "Licence"); + * You may not use this work except in compliance with the Licence. + * You may obtain a copy of the Licence at: + * http://www.osor.eu/eupl/ + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the Licence is distributed on an "AS IS" basis, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the Licence for the specific language governing permissions and + * limitations under the Licence. + * + * This product combines work with different licenses. See the "NOTICE" text + * file for details on the various modules and licenses. + * The "NOTICE" text file is part of the distribution. Any derivative works + * that you distribute must include a readable copy of the "NOTICE" text file. + */ + + +package at.gv.egovernment.moa.id.config.legacy; + +import java.io.IOException; +import java.util.Iterator; +import java.util.List; + +import javax.xml.transform.TransformerException; + +import org.apache.xpath.XPathAPI; +import org.w3c.dom.Element; +import org.w3c.dom.Node; +import org.w3c.dom.NodeList; + +import at.gv.egovernment.moa.id.auth.data.Schema; +import at.gv.egovernment.moa.util.Constants; +import at.gv.egovernment.moa.util.DOMUtils; +import at.gv.egovernment.moa.util.StringUtils; + +/** + * This class is a container for parameters that maybe needed for verifying an infobox. + * + * @author Harald Bratko + */ +public class VerifyInfoboxParameter { + + /** + * The default package name (first part) of a infobox validator class. + */ + public static final String DEFAULT_PACKAGE_TRUNK = "at.gv.egovernment.moa.id.auth.validator."; + + /** + * The identifier of the infobox to be verified. This identifier must exactly the + * identifier of the infobox returned by BKU. + */ + protected String identifier_; + + /** + * The friendly name of the infobox. + * This name is used within browser messages, thus it should be the german equivalent of + * the {@link #identifier_ infobox identifier} (e.g. "<code>Stellvertretungen</code>" + * for "<code>Mandates</code>" or "<code>GDAToken</code>" for + * "<code>EHSPToken</code>". + * <br>If not specified within the config file the {@link #identifier_ infobox identifier} + * will be used. + */ + protected String friendlyName_; + + /** + * The Id of the TrustProfile to be used for validating certificates. + */ + protected String trustProfileID_; + + /** + * The full name of the class to be used for verifying the infobox. + */ + protected String validatorClassName_; + + /** + * Schema location URIs that may be needed by the + * validator to parse infobox tokens. + * Each entry in the list is a {@link at.gv.egovernment.moa.id.auth.data.Schema Schema} + * specifying the location of an XML schema. + */ + protected List schemaLocations_; + + /** + * Application specific parameters that may be needed for verifying an infobox. + */ + protected Element applicationSpecificParams_; + + /** + * Specifies if the infobox is be required to be returned by the BKU. + */ + protected boolean required_; + + /** + * Specifies whether the <code>Stammzahl</code> should be passed to the verifying + * application or not. + */ + protected boolean provideStammzahl_; + + /** + * Specifies whether the <code>identity link</code> should be passed to the verifying + * application or not. + */ + protected boolean provideIdentityLink_; + + /** + * Initializes this VerifiyInfoboxParamater with the given identifier and a default + * validator class name. + * + * @param identifier The identifier of the infobox to be verified. + */ + public VerifyInfoboxParameter(String identifier) { + identifier_ = identifier; + StringBuffer sb = new StringBuffer(DEFAULT_PACKAGE_TRUNK); + sb.append(identifier.toLowerCase()); + sb.append("."); + sb.append(identifier.substring(0, 1).toUpperCase()); + sb.append(identifier.substring(1)); + sb.append("Validator"); + validatorClassName_ = sb.toString(); + } + + /** + * Returns application specific parameters. + * Each child element of this element contains a verifying application specific parameter. {@link #applicationSpecificParams_} + * + * @see #applicationSpecificParams_ + * + * @return Application specific parameters. + */ + public Element getApplicationSpecificParams() { + return applicationSpecificParams_; + } + + /** + * Sets the application specific parameters. + * + * @see #applicationSpecificParams_ + * + * @param applicationSpecificParams The application specific parameters to set. + */ + public void setApplicationSpecificParams(Element applicationSpecificParams) { + applicationSpecificParams_ = applicationSpecificParams; + } + + /** + * Appends special application specific parameters for party representation. + * + * @param applicationSpecificParams The application specific parameters for party representation to set. + */ + public void appendParepSpecificParams(Element applicationSpecificParams) { + try { + if (applicationSpecificParams_==null) { + applicationSpecificParams_ = applicationSpecificParams.getOwnerDocument().createElement("ApplicationSpecificParameters"); + } + Element nameSpaceNode = applicationSpecificParams.getOwnerDocument().createElement("NameSpaceNode"); + nameSpaceNode.setAttribute("xmlns:" + Constants.MOA_ID_CONFIG_PREFIX, Constants.MOA_ID_CONFIG_NS_URI); + NodeList nodeList = XPathAPI.selectNodeList(applicationSpecificParams, "*", nameSpaceNode); + if (null!=nodeList) { + for (int i=0; i<nodeList.getLength(); i++) { + applicationSpecificParams_.appendChild((Node) nodeList.item(i)); + } + } + } catch (TransformerException e) { + //Do nothing + } + } + + /** + * Returns the friendly name. + * + * @see #friendlyName_ + * + * @return The friendly name. + */ + public String getFriendlyName() { + return friendlyName_; + } + + /** + * Sets the friendly name. + * + * @param friendlyName The friendly name to set. + */ + public void setFriendlyName(String friendlyName) { + friendlyName_ = friendlyName; + } + + /** + * Returns the infobox identifier. + * + * @see #identifier_ + * + * @return The infobox identifier. + */ + public String getIdentifier() { + return identifier_; + } + + /** + * Sets the the infobox identifier. + * + * @see #identifier_ + * + * @param identifier The infobox identifier to set. + */ + public void setIdentifier(String identifier) { + identifier_ = identifier; + } + + /** + * Specifies whether the identity link should be passed to the verifying application + * or not. + * + * @return <code>True</code> if the identity link should be passed to the verifying + * application, otherwise <code>false</code>. + */ + public boolean getProvideIdentityLink() { + return provideIdentityLink_; + } + + /** + * Sets the {@link #provideIdentityLink_} parameter. + * + * @param provideIdentityLink <code>True</code> if the identity link should be passed to + * the verifying application, otherwise <code>false</code>. + */ + public void setProvideIdentityLink(boolean provideIdentityLink) { + provideIdentityLink_ = provideIdentityLink; + } + + /** + * Specifies whether the <code>Stammzahl</code> should be passed to the verifying + * application or not. + * + * @return <code>True</code> if the <code>Stammzahl</code> should be passed to the + * verifying application, otherwise <code>false</code>. + */ + public boolean getProvideStammzahl() { + return provideStammzahl_; + } + + /** + * Sets the {@link #provideStammzahl_} parameter. + * + * @param provideStammzahl <code>True</code> if the <code>Stammzahl</code> should be + * passed to the verifying application, otherwise <code>false</code>. + */ + public void setProvideStammzahl(boolean provideStammzahl) { + provideStammzahl_ = provideStammzahl; + } + + /** + * Specifies whether the infobox is required or not. + * + * @return <code>True</code> if the infobox is required to be returned by the BKU, + * otherwise <code>false</code>. + */ + public boolean isRequired() { + return required_; + } + + /** + * Sets the {@link #required_} parameter. + * + * @param required <code>True</code> if the infobox is required to be returned by the + * BKU, otherwise <code>false</code>. + */ + public void setRequired(boolean required) { + required_ = required; + } + + /** + * Schema location URIs that may be needed by the + * validator to parse infobox tokens. + * Each entry in the list is a {@link at.gv.egovernment.moa.id.auth.data.Schema Schema} + * specifying the location of an XML schema. + * + * @return A list of {@link at.gv.egovernment.moa.id.auth.data.Schema Schema} objects + * each of them specifying the location of an XML schema. + */ + public List getSchemaLocations() { + return schemaLocations_; + } + + /** + * Sets the schema locations. + * + * @see #schemaLocations_ + * + * @param schemaLocations The schema location list to be set. + */ + public void setSchemaLocations(List schemaLocations) { + schemaLocations_ = schemaLocations; + } + + /** + * Returns the ID of the trust profile to be used for verifying certificates. + * + * @return The ID of the trust profile to be used for verifying certificates. + * Maybe <code>null</code>. + */ + public String getTrustProfileID() { + return trustProfileID_; + } + + /** + * Sets the ID of the trust profile to be used for verifying certificates. + * + * @param trustProfileID The ID of the trust profile to be used for verifying certificates. + */ + public void setTrustProfileID(String trustProfileID) { + trustProfileID_ = trustProfileID; + } + + /** + * Returns the name of the class to be used for verifying this infobox. + * + * @return The name of the class to be used for verifying this infobox. + */ + public String getValidatorClassName() { + return validatorClassName_; + } + + /** + * Sets the name of the class to be used for verifying this infobox. + * + * @param validatorClassName The name of the class to be used for verifying this infobox. + */ + public void setValidatorClassName(String validatorClassName) { + validatorClassName_ = validatorClassName; + } + + /** + * Get a string representation of this object. + * This method is for debugging purposes only. + * + * @return A string representation of this object. + */ + public String toString() { + + StringBuffer buffer = new StringBuffer(1024); + + buffer.append(" <Infobox Identifier=\""); + buffer.append(identifier_); + buffer.append("\" required=\""); + buffer.append(required_); + buffer.append("\" provideStammzahl=\""); + buffer.append(provideStammzahl_); + buffer.append("\" provideIdentityLink=\""); + buffer.append(provideIdentityLink_); + buffer.append("\">"); + buffer.append("\n"); + if (friendlyName_ != null) { + buffer.append(" <FriendlyName>"); + buffer.append(friendlyName_); + buffer.append("</FriendlyName>"); + buffer.append("\n"); + } + if (trustProfileID_ != null) { + buffer.append(" <TrustProfileID>"); + buffer.append(trustProfileID_); + buffer.append("</TrustProfileID>"); + buffer.append("\n"); + } + if (validatorClassName_ != null) { + buffer.append(" <ValidatorClass>"); + buffer.append(validatorClassName_); + buffer.append("</ValidatorClass>"); + buffer.append("\n"); + } + if (schemaLocations_ != null) { + buffer.append(" <SchemaLocations>"); + buffer.append("\n"); + Iterator it = schemaLocations_.iterator(); + while (it.hasNext()) { + buffer.append(" <Schema namespace=\""); + Schema schema = (Schema)it.next(); + buffer.append(schema.getNamespace()); + buffer.append("\" schemaLocation=\""); + buffer.append(schema.getSchemaLocation()); + buffer.append("\"/>\n"); + } + buffer.append(" </SchemaLocations>"); + buffer.append("\n"); + } + if (applicationSpecificParams_ != null) { + try { + String applicationSpecificParams = DOMUtils.serializeNode(applicationSpecificParams_); + buffer.append(" "); + buffer.append(StringUtils.removeXMLDeclaration(applicationSpecificParams)); + buffer.append("\n"); + } catch (TransformerException e) { + // do nothing + } catch (IOException e) { + // do nothing + } + } + buffer.append(" </Infobox>"); + + + return buffer.toString() ; + } + +} diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/legacy/VerifyInfoboxParameters.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/legacy/VerifyInfoboxParameters.java new file mode 100644 index 000000000..c7f5aa7ff --- /dev/null +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/legacy/VerifyInfoboxParameters.java @@ -0,0 +1,159 @@ +/* + * Copyright 2003 Federal Chancellery Austria + * MOA-ID has been developed in a cooperation between BRZ, the Federal + * Chancellery Austria - ICT staff unit, and Graz University of Technology. + * + * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by + * the European Commission - subsequent versions of the EUPL (the "Licence"); + * You may not use this work except in compliance with the Licence. + * You may obtain a copy of the Licence at: + * http://www.osor.eu/eupl/ + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the Licence is distributed on an "AS IS" basis, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the Licence for the specific language governing permissions and + * limitations under the Licence. + * + * This product combines work with different licenses. See the "NOTICE" text + * file for details on the various modules and licenses. + * The "NOTICE" text file is part of the distribution. Any derivative works + * that you distribute must include a readable copy of the "NOTICE" text file. + */ + + +package at.gv.egovernment.moa.id.config.legacy; + +import java.util.Hashtable; +import java.util.Iterator; +import java.util.List; +import java.util.Map; + +/** + * This class contains the parameters for verifying all the infoboxes configured for an + * online application. + * + * @author Harald Bratko + */ +public class VerifyInfoboxParameters { + + /** + * A map of {@link VerifyInfoboxParameter} objects. + * Each of these objects contains parameters that maybe needed for validating an + * infobox. + */ + protected Map infoboxParameters_; + + /** + * A list of the identifiers of the infoboxes supported by this + * VerifyInfoboxParameters; + */ + protected List identifiers_; + + /** + * Holds the (comma separated) identifiers of those infoboxes MOA-IF is able to validate + * in the context of the actual online application. + * The string will be added as value of the <code>PushInfobox</code> parameter in the + * HTML form used for reading the infoboxes from the BKU. + */ + protected String pushInfobox_; + + /** + * Initializes this VerifyInfoboxParameters with an empty {@link #infoboxParameters_} + * map. + */ + public VerifyInfoboxParameters() { + infoboxParameters_ = new Hashtable(); + pushInfobox_ = ""; + } + + /** + * Initializes this VerifyInfoboxParameters with the given + * <code>infoboxParameters</code> map and builds the {@link #pushInfobox_} string + * from the keys of the given map. + */ + public VerifyInfoboxParameters(List identifiers, Map infoboxParameters) { + identifiers_ = identifiers; + infoboxParameters_ = infoboxParameters; + // build the pushInfobox string + if ((identifiers != null) && (!identifiers.isEmpty())) { + StringBuffer identifiersSB = new StringBuffer(); + int identifiersNum = identifiers.size(); + int i = 1; + Iterator it = identifiers.iterator(); + while (it.hasNext()) { + identifiersSB.append((String)it.next()); + if (i != identifiersNum) { + identifiersSB.append(","); + } + i++; + } + pushInfobox_ = identifiersSB.toString(); + } else { + pushInfobox_ = ""; + } + } + + /** + * Returns the (comma separated) identifiers of the infoboxes configured for the actual + * online application. + * + * @see #pushInfobox_ + * + * @return The (comma separated) identifiers of the infoboxes configured for the actual + * online application. + */ + public String getPushInfobox() { + return pushInfobox_; + } + + /** + * Sets the {@link #pushInfobox_} string. + * + * @param pushInfobox The pushInfobox string to be set. + */ + public void setPushInfobox(String pushInfobox) { + pushInfobox_ = pushInfobox; + } + + /** + * Returns map of {@link VerifyInfoboxParameter} objects. + * Each of these objects contains parameters that maybe needed for validating an + * infobox. + * + * @return The map of {@link VerifyInfoboxParameter} objects. + */ + public Map getInfoboxParameters() { + return infoboxParameters_; + } + + /** + * Sets the map of {@link VerifyInfoboxParameter} objects. + * + * @see #infoboxParameters_ + * + * @param infoboxParameters The infoboxParameters to set. + */ + public void setInfoboxParameters(Map infoboxParameters) { + infoboxParameters_ = infoboxParameters; + } + + /** + * Returns the identifiers of the supported infoboxes. + * + * @return The identifiers. + */ + public List getIdentifiers() { + return identifiers_; + } + + /** + * Sets the identifiers. + * + * @param identifiers The identifiers to set. + */ + public void setIdentifiers(List identifiers) { + identifiers_ = identifiers; + } + +} diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/proxy/OAProxyParameter.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/proxy/OAProxyParameter.java index ed0de8ebe..d14d570ab 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/proxy/OAProxyParameter.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/proxy/OAProxyParameter.java @@ -24,8 +24,8 @@ package at.gv.egovernment.moa.id.config.proxy; -import at.gv.egovernment.moa.id.config.ConnectionParameter; -import at.gv.egovernment.moa.id.config.OAParameter; +import at.gv.egovernment.moa.id.config.legacy.ConnectionParameter; +import at.gv.egovernment.moa.id.config.legacy.OAParameter; /** * Configuration parameters belonging to an online application, diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/proxy/ProxyConfigurationBuilder.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/proxy/ProxyConfigurationBuilder.java index bf8cbcdce..094e7162e 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/proxy/ProxyConfigurationBuilder.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/proxy/ProxyConfigurationBuilder.java @@ -33,9 +33,9 @@ import org.w3c.dom.Element; import org.w3c.dom.NodeList; import org.w3c.dom.traversal.NodeIterator; -import at.gv.egovernment.moa.id.config.ConfigurationBuilder; +import at.gv.egovernment.moa.id.config.legacy.ConfigurationBuilder; import at.gv.egovernment.moa.id.config.ConfigurationException; -import at.gv.egovernment.moa.id.config.ConnectionParameter; +import at.gv.egovernment.moa.id.config.legacy.ConnectionParameter; import at.gv.egovernment.moa.logging.Logger; import at.gv.egovernment.moa.util.DOMUtils; import at.gv.egovernment.moa.util.FileUtils; @@ -131,7 +131,7 @@ public class ProxyConfigurationBuilder extends ConfigurationBuilder { String name = XPathUtils.getAttributeValue(paramAuthElem, "@Name", null); String value = XPathUtils.getAttributeValue(paramAuthElem, "@Value", null); if (paramAuthMap.containsKey(name)) - throw new ConfigurationException("config.06", new Object[]{"Doppelter Wert für Parameter per HeaderAuthentication"}); + throw new ConfigurationException("config.06", new Object[]{"Doppelter Wert für Parameter per HeaderAuthentication"}); paramAuthMap.put(name, value); } oaConfiguration.setParamAuthMapping(paramAuthMap); @@ -153,7 +153,7 @@ public class ProxyConfigurationBuilder extends ConfigurationBuilder { XPathUtils.getAttributeValue(headerAuthElem, "@Value", null); // Contains Key (Neue Config-Exception: doppelte werte) if (headerAuthMap.containsKey(name)) - throw new ConfigurationException("config.06", new Object[]{"Doppelter Wert für Parameter per HeaderAuthentication"}); + throw new ConfigurationException("config.06", new Object[]{"Doppelter Wert für Parameter per HeaderAuthentication"}); headerAuthMap.put(name, value); } oaConfiguration.setHeaderAuthMapping(headerAuthMap); diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/proxy/ProxyConfigurationProvider.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/proxy/ProxyConfigurationProvider.java index 86ae93a4b..1c9c1caa8 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/proxy/ProxyConfigurationProvider.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/proxy/ProxyConfigurationProvider.java @@ -33,7 +33,7 @@ import org.w3c.dom.Element; import at.gv.egovernment.moa.id.config.ConfigurationException; import at.gv.egovernment.moa.id.config.ConfigurationProvider; -import at.gv.egovernment.moa.id.config.ConnectionParameter; +import at.gv.egovernment.moa.id.config.legacy.ConnectionParameter; import at.gv.egovernment.moa.logging.Logger; import at.gv.egovernment.moa.util.DOMUtils; import at.gv.egovernment.moa.util.FileUtils; diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/stork/STORKConfig.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/stork/STORKConfig.java index 485a44421..39f5479ce 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/stork/STORKConfig.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/stork/STORKConfig.java @@ -3,9 +3,32 @@ */
package at.gv.egovernment.moa.id.config.stork;
+import iaik.util.logging.Log;
+
+import java.io.IOException;
+import java.net.MalformedURLException;
+import java.net.URL;
+import java.util.ArrayList;
import java.util.HashMap;
+import java.util.List;
import java.util.Map;
+import java.util.Properties;
+
+import javax.xml.parsers.ParserConfigurationException;
+
+import org.opensaml.saml2.metadata.RequestedAttribute;
+import org.opensaml.ws.message.encoder.MessageEncodingException;
+import org.w3c.dom.Element;
+import org.xml.sax.SAXException;
+
+import eu.stork.vidp.messages.util.SAMLUtil;
+import eu.stork.vidp.messages.util.XMLUtil;
+import at.gv.egovernment.moa.id.commons.db.dao.config.RequestedAttributeType;
+import at.gv.egovernment.moa.id.commons.db.dao.config.SAMLSigningParameter;
+import at.gv.egovernment.moa.id.commons.db.dao.config.STORK;
+import at.gv.egovernment.moa.id.commons.db.dao.config.SignatureVerificationParameterType;
+import at.gv.egovernment.moa.logging.Logger;
import at.gv.egovernment.moa.util.StringUtils;
/**
@@ -17,55 +40,88 @@ import at.gv.egovernment.moa.util.StringUtils; public class STORKConfig {
/** STORK SAML signature creation parameters */
- private SignatureCreationParameter signatureCreationParameter;
+ private Properties props = null;
+ private Map<String, CPEPS> cpepsMap = null;
+ private String basedirectory = null;
+ private SignatureVerificationParameter sigverifyparam = null;
- /** STORK SAML signature verification parameters */
- private SignatureVerificationParameter signatureVerificationParameter;
- /** Map of supported C-PEPSs */
- private Map<String, CPEPS> cpepsMap = new HashMap<String, CPEPS>();
-
-
- /**
- * Constructs a STORK Config object
- * @param signatureCreationParameter STORK SAML Signature creation parameters
- * @param signatureVerificationParameter STORK SAML Signature verification parameters
- * @param cpepsMap Map of supported C-PEPS
- */
- public STORKConfig(SignatureCreationParameter signatureCreationParameter,
- SignatureVerificationParameter signatureVerificationParameter,
- Map<String, CPEPS> cpepsMap) {
- super();
- this.signatureCreationParameter = signatureCreationParameter;
- this.signatureVerificationParameter = signatureVerificationParameter;
- this.cpepsMap = cpepsMap;
- }
+ public STORKConfig(STORK stork, Properties props, String basedirectory) {
+ this.basedirectory = basedirectory;
+ this.props = props;
+
+ //create CPEPS map
+ List<at.gv.egovernment.moa.id.commons.db.dao.config.CPEPS> cpeps = stork.getCPEPS();
+
+ cpepsMap = new HashMap<String, CPEPS>();
+
+ for(at.gv.egovernment.moa.id.commons.db.dao.config.CPEPS cpep : cpeps) {
+
+ try {
+ CPEPS moacpep = new CPEPS(cpep.getCountryCode(), new URL(cpep.getURL()));
+
+ List<String> attr = cpep.getAttributeValue();
+
+ ArrayList<RequestedAttribute> requestedAttributes = new ArrayList<RequestedAttribute>();
+
+ for (String e1 : attr) {
+ Element element = XMLUtil.stringToDOM(e1);
+ RequestedAttribute requestedAttribute = (RequestedAttribute) SAMLUtil.unmarshallMessage(element);
+ requestedAttributes.add(requestedAttribute);
+ }
+ moacpep.setCountrySpecificRequestedAttributes(requestedAttributes);
+
+ cpepsMap.put(cpep.getCountryCode(), moacpep);
+
+ } catch (MalformedURLException e) {
+ Logger.warn("Error in MOA-ID Configuration. CPEP entry for country "
+ + cpep.getCountryCode() + " has an invalid URL and is ignored.");
+ } catch (ParserConfigurationException e) {
+ Logger.warn("Error in MOA-ID Configuration. CPEP entry for country "
+ + cpep.getCountryCode() + " has an invalid Attribute and is ignored.");
+ } catch (SAXException e) {
+ Logger.warn("Error in MOA-ID Configuration. CPEP entry for country "
+ + cpep.getCountryCode() + " has an invalid Attribute and is ignored.");
+ } catch (IOException e) {
+ Logger.warn("Error in MOA-ID Configuration. CPEP entry for country "
+ + cpep.getCountryCode() + " has an invalid Attribute and is ignored.");
+ } catch (MessageEncodingException e) {
+ Logger.warn("Error in MOA-ID Configuration. CPEP entry for country "
+ + cpep.getCountryCode() + " has an invalid Attribute and is ignored.");
+ }
+ }
+
+ SAMLSigningParameter samlsign = stork.getSAMLSigningParameter();
+
+ if (samlsign == null) {
+ Log.warn("Error in MOA-ID Configuration. No STORK->SAMLSigningParameter configuration found.");
- public SignatureCreationParameter getSignatureCreationParameter() {
- return signatureCreationParameter;
+ } else {
+ SignatureVerificationParameterType sigverify = samlsign.getSignatureVerificationParameter();
+
+ if (sigverify == null) {
+ Log.warn("Error in MOA-ID Configuration. No STORK->SignatureVerificationParameter configuration found.");
+
+ } else {
+ sigverifyparam = new SignatureVerificationParameter(sigverify.getTrustProfileID());
+ }
+ }
+
}
- public void setSignatureCreationParameter(
- SignatureCreationParameter signatureCreationParameter) {
- this.signatureCreationParameter = signatureCreationParameter;
+ public SignatureCreationParameter getSignatureCreationParameter() {
+
+ return new SignatureCreationParameter(props, basedirectory);
}
public SignatureVerificationParameter getSignatureVerificationParameter() {
- return signatureVerificationParameter;
- }
-
- public void setSignatureVerificationParameter(
- SignatureVerificationParameter signatureVerificationParameter) {
- this.signatureVerificationParameter = signatureVerificationParameter;
+
+ return sigverifyparam;
}
public Map<String, CPEPS> getCpepsMap() {
return cpepsMap;
}
-
- public void setCpepsMap(Map<String, CPEPS> cpepsMap) {
- this.cpepsMap = cpepsMap;
- }
public boolean isSTORKAuthentication(String ccc) {
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/stork/SignatureCreationParameter.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/stork/SignatureCreationParameter.java index 1f66b7752..4010ab491 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/stork/SignatureCreationParameter.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/stork/SignatureCreationParameter.java @@ -23,6 +23,8 @@ package at.gv.egovernment.moa.id.config.stork;
+import java.util.Properties;
+
/**
* Encapsulates signature creation parameters according MOA configuration
*
@@ -31,32 +33,26 @@ package at.gv.egovernment.moa.id.config.stork; */
public class SignatureCreationParameter {
- /** KeyStore Path */
- private String keyStorePath;
+ private static final String PROPS_PREFIX = "stork.samlsigningparameter.signaturecreation.";
+ private static final String PROPS_KEYSTORE_FILE = "keystore.file";
+ private static final String PROPS_KEYSTORE_PASS = "keystore.password";
+ private static final String PROPS_KEYNAME_NAME = "keyname.name";
+ private static final String PROPS_KEYNAME_PASS = "keyname.password";
- /** KeyStore Password */
- private String keyStorePassword;
+ private Properties props;
+ private String basedirectory;
- /** Signing Key Name */
- private String keyName;
+ SignatureCreationParameter(Properties props, String basedirectory) {
+ this.props = props;
+ this.basedirectory = basedirectory;
+ }
- /** Signing Key Password */
- private String keyPassword;
-
/**
* Gets the KeyStore Path
* @return File Path to KeyStore
*/
public String getKeyStorePath() {
- return keyStorePath;
- }
-
- /**
- * Sets the KeyStore Path
- * @param keyStorePath Path to KeyStore
- */
- public void setKeyStorePath(String keyStorePath) {
- this.keyStorePath = keyStorePath;
+ return basedirectory + props.getProperty(PROPS_PREFIX+PROPS_KEYSTORE_FILE);
}
/**
@@ -64,15 +60,7 @@ public class SignatureCreationParameter { * @return Password to KeyStore
*/
public String getKeyStorePassword() {
- return keyStorePassword;
- }
-
- /**
- * Sets the KeyStore Password
- * @param keyStorePassword Password to KeyStore
- */
- public void setKeyStorePassword(String keyStorePassword) {
- this.keyStorePassword = keyStorePassword;
+ return props.getProperty(PROPS_PREFIX+PROPS_KEYSTORE_PASS);
}
/**
@@ -80,15 +68,7 @@ public class SignatureCreationParameter { * @return Siging Key Name
*/
public String getKeyName() {
- return keyName;
- }
-
- /**
- * Sets the Signing Key Name
- * @param keyName Signing Key Name
- */
- public void setKeyName(String keyName) {
- this.keyName = keyName;
+ return props.getProperty(PROPS_PREFIX+PROPS_KEYNAME_NAME);
}
/**
@@ -96,17 +76,6 @@ public class SignatureCreationParameter { * @return Signing Key Password
*/
public String getKeyPassword() {
- return keyPassword;
+ return props.getProperty(PROPS_PREFIX+PROPS_KEYNAME_PASS);
}
-
- /**
- * Sets the Signing Key Password
- * @param keyPassword Signing Key Password
- */
- public void setKeyPassword(String keyPassword) {
- this.keyPassword = keyPassword;
- }
-
-
-
}
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/stork/SignatureVerificationParameter.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/stork/SignatureVerificationParameter.java index 2d8402e4d..211c7dde4 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/stork/SignatureVerificationParameter.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/stork/SignatureVerificationParameter.java @@ -14,6 +14,10 @@ public class SignatureVerificationParameter { /** ID of the MOA-SP TrustProfile to be used for STORK SAML signature verification */
private String trustProfileID;
+ public SignatureVerificationParameter(String trustProfileID2) {
+ this.trustProfileID = trustProfileID2;
+ }
+
/**
* Gets the MOA-SP TrustProfileID
* @return TrustProfileID of MOA-SP for STORK signature verification
@@ -22,14 +26,6 @@ public class SignatureVerificationParameter { return trustProfileID;
}
- /**
- * Sets the MOA-SP TrustProfileID
- * @param trustProfileID TrustProfileID of MOA-SP for STORK signature verification
- */
- public void setTrustProfileID(String trustProfileID) {
- this.trustProfileID = trustProfileID;
- }
-
}
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/data/AuthenticationData.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/data/AuthenticationData.java index 79f3b4e30..4bbd221a5 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/data/AuthenticationData.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/data/AuthenticationData.java @@ -24,8 +24,11 @@ package at.gv.egovernment.moa.id.data; +import java.io.Serializable; import java.util.Date; +import at.gv.egovernment.moa.id.auth.data.IdentityLink; + /** * Encapsulates authentication data contained in a <code><saml:Assertion></code>. * @@ -33,8 +36,12 @@ import java.util.Date; * @version $Id$ */ -public class AuthenticationData { +public class AuthenticationData implements Serializable { /** + * + */ + private static final long serialVersionUID = -1042697056735596866L; +/** * major version number of the SAML assertion */ private int majorVersion; @@ -62,15 +69,23 @@ public class AuthenticationData { /** * user identification type */ - private String identificationType; + private String identificationType; + + /** + * user identityLink specialized to OAParamter + */ + private IdentityLink identityLink; + /** - * application specific user identifier (bPK) + * application specific user identifier (bPK/wbPK) */ private String bPK; + /** - * private sector-specific personal identifier (wbPK) + * application specific user identifier type */ - private String wbPK; + private String bPKType; + /** * given name of the user */ @@ -162,13 +177,13 @@ public class AuthenticationData { return bPK; } - /** - * Returns the wbPK. - * @return String the wbPK. - */ - public String getWBPK() { - return wbPK; - } +// /** +// * Returns the wbPK. +// * @return String the wbPK. +// */ +// public String getWBPK() { +// return wbPK; +// } /** * Returns useUTC @@ -218,13 +233,13 @@ public class AuthenticationData { this.bPK = bPK; } - /** - * Sets the wbPK. - * @param wbPK The wbPK to set - */ - public void setWBPK(String wbPK) { - this.wbPK = wbPK; - } +// /** +// * Sets the wbPK. +// * @param wbPK The wbPK to set +// */ +// public void setWBPK(String wbPK) { +// this.wbPK = wbPK; +// } public void setUseUTC(boolean useUTC) { this.useUTC = useUTC; @@ -430,4 +445,29 @@ public class AuthenticationData { return timestamp; } +public String getBPKType() { + return bPKType; +} + +public void setBPKType(String bPKType) { + this.bPKType = bPKType; +} + +/** + * @return the identityLink + */ +public IdentityLink getIdentityLink() { + return identityLink; +} + +/** + * @param identityLink the identityLink to set + */ +public void setIdentityLink(IdentityLink identityLink) { + this.identityLink = identityLink; +} + + + + } diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/entrypoints/DispatcherServlet.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/entrypoints/DispatcherServlet.java new file mode 100644 index 000000000..604077844 --- /dev/null +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/entrypoints/DispatcherServlet.java @@ -0,0 +1,495 @@ +package at.gv.egovernment.moa.id.entrypoints; + +import iaik.util.logging.Log; + +import java.io.IOException; +import java.util.ConcurrentModificationException; +import java.util.HashMap; +import java.util.Iterator; +import java.util.List; +import java.util.Map; +import java.util.Set; +import java.util.concurrent.ConcurrentHashMap; + +import javax.servlet.ServletConfig; +import javax.servlet.ServletException; +import javax.servlet.http.HttpServletRequest; +import javax.servlet.http.HttpServletResponse; +import javax.servlet.http.HttpSession; +import javax.swing.ListModel; + +import at.gv.egovernment.moa.id.AuthenticationException; +import at.gv.egovernment.moa.id.MOAIDException; +import at.gv.egovernment.moa.id.auth.MOAIDAuthInitializer; +import at.gv.egovernment.moa.id.auth.WrongParametersException; +import at.gv.egovernment.moa.id.auth.data.AuthenticationSession; +import at.gv.egovernment.moa.id.auth.servlet.AuthServlet; +import at.gv.egovernment.moa.id.commons.db.ConfigurationDBUtils; +import at.gv.egovernment.moa.id.config.auth.AuthConfigurationProvider; +import at.gv.egovernment.moa.id.config.auth.OAAuthParameter; +import at.gv.egovernment.moa.id.moduls.AuthenticationManager; +import at.gv.egovernment.moa.id.moduls.IAction; +import at.gv.egovernment.moa.id.moduls.IModulInfo; +import at.gv.egovernment.moa.id.moduls.IRequest; +import at.gv.egovernment.moa.id.moduls.ModulStorage; +import at.gv.egovernment.moa.id.moduls.NoPassivAuthenticationException; +import at.gv.egovernment.moa.id.moduls.RequestStorage; +import at.gv.egovernment.moa.id.moduls.SSOManager; +import at.gv.egovernment.moa.id.storage.AuthenticationSessionStoreage; +import at.gv.egovernment.moa.id.storage.ExceptionStoreImpl; +import at.gv.egovernment.moa.id.util.HTTPSessionUtils; +import at.gv.egovernment.moa.id.util.MOAIDMessageProvider; +import at.gv.egovernment.moa.id.util.Random; +import at.gv.egovernment.moa.id.util.legacy.LegacyHelper; +import at.gv.egovernment.moa.logging.Logger; + +public class DispatcherServlet extends AuthServlet{ + + /** + * + */ + private static final long serialVersionUID = 1L; + + public static final String PARAM_TARGET_MODULE = "mod"; + public static final String PARAM_TARGET_ACTION = "action"; + public static final String PARAM_TARGET_PENDINGREQUESTID = "pendingid"; + + @Override + public void init(ServletConfig config) throws ServletException { + try { + super.init(config); + MOAIDAuthInitializer.initialize(); + Logger.info(MOAIDMessageProvider.getInstance().getMessage( + "init.00", null)); + } catch (Exception ex) { + Logger.fatal( + MOAIDMessageProvider.getInstance().getMessage("init.02", + null), ex); + throw new ServletException(ex); + } + Logger.info("Dispatcher Servlet initialization"); + } + + protected void processRequest(HttpServletRequest req, + HttpServletResponse resp) throws ServletException, IOException { + + boolean isValidSSOSession = false; + boolean useSSOOA = false; + String protocolRequestID = null; + + + try { + Logger.info("REQUEST: " + req.getRequestURI()); + Logger.info("QUERY : " + req.getQueryString()); + String errorid = req.getParameter(ERROR_CODE_PARAM); + if (errorid != null) { + + Throwable throwable = ExceptionStoreImpl.getStore() + .fetchException(errorid); + ExceptionStoreImpl.getStore().removeException(errorid); + + Object idObject = req.getParameter(PARAM_TARGET_PENDINGREQUESTID); + + Map<String, IRequest> errorRequests = RequestStorage.getPendingRequest(req.getSession()); + + String pendingRequestID = null; + if (idObject != null && (idObject instanceof String)) { + if (errorRequests.containsKey((String)idObject)) + pendingRequestID = (String) idObject; + } + + if (throwable != null) { + if (errorRequests != null) { + + synchronized (errorRequests) { + + IRequest errorRequest = null; + if (pendingRequestID != null) { + errorRequest = errorRequests.get(pendingRequestID); + + //remove the + RequestStorage.removePendingRequest(errorRequests, pendingRequestID); + } + else { + if (errorRequests.size() > 1) { + handleErrorNoRedirect(throwable.getMessage(), throwable, + req, resp); + + } else { + Set<String> keys = errorRequests.keySet(); + errorRequest = errorRequests.get(keys.toArray()[0]); + RequestStorage.removeAllPendingRequests(req.getSession()); + } + + } + + if (errorRequest != null) { + + try { + IModulInfo handlingModule = ModulStorage + .getModuleByPath(errorRequest + .requestedModule()); + if (handlingModule != null) { + if (handlingModule.generateErrorMessage( + throwable, req, resp, errorRequest)) { + return; + } + } + } catch (Throwable e) { + Logger.error(e); + handleErrorNoRedirect(throwable.getMessage(), + throwable, req, resp); + } + } + else { + handleErrorNoRedirect(throwable.getMessage(), throwable, + req, resp); + } + } + handleErrorNoRedirect(throwable.getMessage(), throwable, + req, resp); + + } else { + // TODO: use better string + handleErrorNoRedirect("UNKOWN ERROR DETECTED!", null, req, + resp); + } + + return; + } + } + + Object moduleObject = req.getParameter(PARAM_TARGET_MODULE); + String module = null; + if (moduleObject != null && (moduleObject instanceof String)) { + module = (String) moduleObject; + } + + if (module == null) { + module = (String) req.getAttribute(PARAM_TARGET_MODULE); + } + + Object actionObject = req.getParameter(PARAM_TARGET_ACTION); + String action = null; + if (actionObject != null && (actionObject instanceof String)) { + action = (String) actionObject; + } + + if (action == null) { + action = req.getParameter(PARAM_TARGET_ACTION); + } + + Logger.debug("dispatching to " + module + " protocol " + action); + + IModulInfo info = ModulStorage.getModuleByPath(module); + + IAction moduleAction = null; + + if (info == null) { + + Iterator<IModulInfo> modules = ModulStorage.getAllModules() + .iterator(); + while (modules.hasNext()) { + info = modules.next(); + moduleAction = info.canHandleRequest(req, resp); + if (moduleAction != null) { + action = moduleAction.getDefaultActionName(); + module = info.getPath(); + break; + } + info = null; + } + + if (moduleAction == null) { + resp.sendError(HttpServletResponse.SC_NOT_FOUND); + Logger.error("Protocol " + module + + " has no module registered"); + return; + } + } + + if (moduleAction == null) { + moduleAction = info.getAction(action); + + if (moduleAction == null) { + resp.sendError(HttpServletResponse.SC_NOT_FOUND); + Logger.error("Action " + action + " is not available!"); + return; + } + } + + HttpSession httpSession = req.getSession(); + Map<String, IRequest> protocolRequests = null; + IRequest protocolRequest = null; + + try { + protocolRequests = RequestStorage.getPendingRequest(httpSession); + + Object idObject = req.getParameter(PARAM_TARGET_PENDINGREQUESTID); + + if (protocolRequests != null && + idObject != null && (idObject instanceof String)) { + +// synchronized (protocolRequests) { + + protocolRequestID = (String) idObject; + + //get IRequest if it exits + if (protocolRequests.containsKey(protocolRequestID)) { + protocolRequest = protocolRequests.get(protocolRequestID); + + + + Logger.debug(DispatcherServlet.class.getName()+": Found PendingRequest with ID " + protocolRequestID); + + //RequestStorage.setPendingRequest(httpSession, protocolRequests); + + } else { + Logger.error("No PendingRequest with ID " + protocolRequestID + " found.!"); + + Set<String> mapkeys = protocolRequests.keySet(); + for (String el : mapkeys) + Logger.debug("PendingRequest| ID=" + el + " OAIdentifier=" + protocolRequests.get(el)); + + handleErrorNoRedirect("Während des Anmeldevorgangs ist ein Fehler aufgetreten. Bitte versuchen Sie es noch einmal.", + null, req, resp); + //resp.sendError(HttpServletResponse.SC_CONFLICT); + return; + } +// } + } else { + try { + protocolRequest = info.preProcess(req, resp, action); + + if (protocolRequest != null) { + + if(protocolRequests != null) { + +// synchronized (protocolRequests) { +// synchronized (protocolRequest) { + Set<String> mapkeys = protocolRequests.keySet(); + for (String el : mapkeys) { + IRequest value = protocolRequests.get(el); + + if (value.getOAURL().equals(protocolRequest.getOAURL())) { + + if(!AuthenticationSessionStoreage.deleteSessionWithPendingRequestID(el)) { + Logger.warn(DispatcherServlet.class.getName()+": NO MOASession with PendingRequestID " + el + " found. Delete all user sessions!"); + RequestStorage.removeAllPendingRequests(req.getSession()); + + } else { + RequestStorage.removePendingRequest(protocolRequests, el); + } + } + } +// } +// } + + } else { + protocolRequests = new ConcurrentHashMap<String, IRequest>(); + } + + synchronized (protocolRequest) { + synchronized (protocolRequests) { + + //Start new Authentication + protocolRequest.setAction(action); + protocolRequest.setModule(module); + protocolRequestID = Random.nextRandom(); + protocolRequest.setRequestID(protocolRequestID); + protocolRequests.put(protocolRequestID, protocolRequest); + Logger.debug(DispatcherServlet.class.getName()+": Create PendingRequest with ID " + protocolRequestID + "."); + } + } + } + } catch (MOAIDException e) { + resp.sendError(HttpServletResponse.SC_BAD_REQUEST); + Logger.error("Failed to generate a valid protocol request!"); + return; + } + + if (protocolRequest == null) { + resp.sendError(HttpServletResponse.SC_BAD_REQUEST); + Logger.error("Failed to generate a valid protocol request!"); + return; + } + } + + + RequestStorage.setPendingRequest(httpSession, protocolRequests); + + AuthenticationManager authmanager = AuthenticationManager.getInstance(); + SSOManager ssomanager = SSOManager.getInstance(); + + String moasessionID = null; + AuthenticationSession moasession = null; + + //get SSO Cookie for Request + String ssoId = ssomanager.getSSOSessionID(req); + + boolean needAuthentication = moduleAction.needAuthentication(protocolRequest, req, resp); + + if (needAuthentication) { + + //check SSO session + if (ssoId != null) { + String correspondingMOASession = ssomanager.existsOldSSOSession(ssoId); + + if (correspondingMOASession != null) { + Log.warn("Request sends an old SSO Session ID("+ssoId+")! " + + "Invalidate the corresponding MOASession with ID="+ correspondingMOASession); + + AuthenticationSessionStoreage.destroySession(correspondingMOASession); + ssomanager.deleteSSOSessionID(req, resp); + } + } + + //load Parameters from OnlineApplicationConfiguration + OAAuthParameter oaParam = AuthConfigurationProvider.getInstance() + .getOnlineApplicationParameter(protocolRequest.getOAURL()); + + if (oaParam == null) { + throw new AuthenticationException("auth.00", new Object[] { protocolRequest.getOAURL() }); + } + + + isValidSSOSession = ssomanager.isValidSSOSession(ssoId, req); + useSSOOA = oaParam.useSSO(); + + //if a legacy request is used SSO should not be allowed, actually + boolean isUseMandateRequested = LegacyHelper.isUseMandateRequested(req); + + if (protocolRequest.isPassiv() + && protocolRequest.forceAuth()) { + // conflict! + throw new NoPassivAuthenticationException(); + } + + boolean tryperform = authmanager.tryPerformAuthentication( + req, resp); + + if (protocolRequest.forceAuth()) { + if (!tryperform) { + authmanager.doAuthentication(req, resp, + protocolRequest); + return; + } + } else if (protocolRequest.isPassiv()) { + if (tryperform || (isValidSSOSession && useSSOOA && !isUseMandateRequested) ) { + // Passive authentication ok! + } else { + throw new NoPassivAuthenticationException(); + } + } else { + if (tryperform || (isValidSSOSession && useSSOOA && !isUseMandateRequested) ) { + // Is authenticated .. proceed + } else { + // Start authentication! + authmanager.doAuthentication(req, resp, + protocolRequest); + return; + } + } + + + if ((useSSOOA || isValidSSOSession)) //TODO: SSO with mandates requires an OVS extension + { + + //TODO SSO Question!!!! + if (useSSOOA && isValidSSOSession) { + + moasessionID = ssomanager.getMOASession(ssoId); + moasession = AuthenticationSessionStoreage.getSession(moasessionID); + + //use new OAParameter + if (oaParam.useSSOQuestion() && !AuthenticationSessionStoreage.isAuthenticated(moasessionID)) { + authmanager.sendTransmitAssertionQuestion(req, resp, protocolRequest, oaParam); + return; + } + } + else { + + //TODO: maybe transmit moasessionID with http GET to handle more then one PendingRequest! + moasessionID = (String) req.getParameter(PARAM_SESSIONID); + +// moasessionID = HTTPSessionUtils.getHTTPSessionString(req.getSession(), +// AuthenticationManager.MOA_SESSION, null); + + moasession = AuthenticationSessionStoreage.getSession(moasessionID); + } + + //save SSO session usage in Database + String newSSOSessionId = ssomanager.storeSSOSessionInformations(moasessionID, protocolRequest.getOAURL()); + + if (newSSOSessionId != null) { + ssomanager.setSSOSessionID(req, resp, newSSOSessionId); + + } else { + ssomanager.deleteSSOSessionID(req, resp); + } + + } else { +// moasessionID = HTTPSessionUtils.getHTTPSessionString(req.getSession(), +// AuthenticationManager.MOA_SESSION, null); + + moasessionID = (String) req.getParameter(PARAM_SESSIONID); + + moasession = AuthenticationSessionStoreage.getSession(moasessionID); + } + + + + } + + moduleAction.processRequest(protocolRequest, req, resp, moasession); + + RequestStorage.removePendingRequest(protocolRequests, protocolRequestID); + + if (needAuthentication) { + boolean isSSOSession = AuthenticationSessionStoreage.isSSOSession(moasessionID); + + if ((useSSOOA || isSSOSession) //TODO: SSO with mandates requires an OVS extension + && !moasession.getUseMandate()) + { + + } else { + authmanager.logout(req, resp, moasessionID); + } + + //authmanager.logout(req, resp); + } + + } catch (Throwable e) { + e.printStackTrace(); + // Try handle module specific, if not possible rethrow + if (!info.generateErrorMessage(e, req, resp, protocolRequest)) { + throw e; + } + } + } catch (WrongParametersException ex) { + handleWrongParameters(ex, req, resp); + } catch (MOAIDException ex) { + handleError(null, ex, req, resp, protocolRequestID); + } catch (Throwable e) { + handleErrorNoRedirect(e.getMessage(), null, req, + resp); + } + + finally { + ConfigurationDBUtils.closeSession(); + } + + } + + @Override + protected void doGet(HttpServletRequest req, HttpServletResponse resp) + throws ServletException, IOException { + processRequest(req, resp); + } + + @Override + protected void doPost(HttpServletRequest req, HttpServletResponse resp) + throws ServletException, IOException { + processRequest(req, resp); + } +} diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/iaik/config/CertStoreConfigurationImpl.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/iaik/config/CertStoreConfigurationImpl.java index e1a8673b7..10ff4bfc8 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/iaik/config/CertStoreConfigurationImpl.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/iaik/config/CertStoreConfigurationImpl.java @@ -58,18 +58,19 @@ public class CertStoreConfigurationImpl extends ObservableImpl */ public CertStoreConfigurationImpl(ConfigurationProvider conf) throws ConfigurationException { this.conf=conf; - String paramName = ConfigurationProvider.DIRECTORY_CERTSTORE_PARAMETER_PROPERTY; - String certStoreRootDirParam = conf.getGenericConfigurationParameter(paramName); + + String certStoreRootDirParam = conf.getCertstoreDirectory(); + if (certStoreRootDirParam == null) throw new ConfigurationException( - "config.08", new Object[] {paramName}); + "config.08", new Object[] {"CertStoreDirectory"}); rootDirectory = FileUtils.makeAbsoluteURL(certStoreRootDirParam, conf.getRootConfigFileDir()); if(rootDirectory.startsWith("file:")) rootDirectory = rootDirectory.substring(6); File f = new File(rootDirectory); if (!f.isDirectory()) throw new ConfigurationException( - "config.05", new Object[] {paramName}); + "config.05", new Object[] {"CertStoreDirectory"}); parameters = new CertStoreParameters[] { this }; } diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/moduls/AuthenticationManager.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/moduls/AuthenticationManager.java new file mode 100644 index 000000000..be0132c14 --- /dev/null +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/moduls/AuthenticationManager.java @@ -0,0 +1,347 @@ +package at.gv.egovernment.moa.id.moduls; + +import java.io.IOException; +import java.io.PrintWriter; +import java.util.List; + +import javax.servlet.ServletException; +import javax.servlet.http.HttpServletRequest; +import javax.servlet.http.HttpServletResponse; +import javax.servlet.http.HttpSession; + +import at.gv.egovernment.moa.id.AuthenticationException; +import at.gv.egovernment.moa.id.BuildException; +import at.gv.egovernment.moa.id.MOAIDException; +import at.gv.egovernment.moa.id.auth.WrongParametersException; +import at.gv.egovernment.moa.id.auth.builder.LoginFormBuilder; +import at.gv.egovernment.moa.id.auth.builder.SendAssertionFormBuilder; +import at.gv.egovernment.moa.id.auth.builder.StartAuthenticationBuilder; +import at.gv.egovernment.moa.id.auth.data.AuthenticationSession; +import at.gv.egovernment.moa.id.auth.parser.StartAuthentificationParameterParser; +import at.gv.egovernment.moa.id.auth.servlet.AuthServlet; +import at.gv.egovernment.moa.id.commons.db.ex.MOADatabaseException; +import at.gv.egovernment.moa.id.config.OAParameter; +import at.gv.egovernment.moa.id.config.auth.AuthConfigurationProvider; +import at.gv.egovernment.moa.id.config.auth.OAAuthParameter; +import at.gv.egovernment.moa.id.storage.AuthenticationSessionStoreage; +import at.gv.egovernment.moa.id.util.HTTPSessionUtils; +import at.gv.egovernment.moa.id.util.ParamValidatorUtils; +import at.gv.egovernment.moa.logging.Logger; +import at.gv.egovernment.moa.util.StringUtils; + +public class AuthenticationManager extends AuthServlet { + + private static AuthenticationManager instance = null; + + private static final long serialVersionUID = 1L; + + public static final String MOA_SESSION = "MoaAuthenticationSession"; + public static final String MOA_AUTHENTICATED = "MoaAuthenticated"; + + + public static AuthenticationManager getInstance() { + if (instance == null) { + instance = new AuthenticationManager(); + } + + return instance; + } + + +// public AuthenticationSession getAuthenticationSession( +// HttpSession session) { +// String sessionID = HTTPSessionUtils.getHTTPSessionString(session, +// MOA_SESSION, null); +// if (sessionID != null) { +// try { +// return AuthenticationSessionStoreage.getSession(sessionID); +// +// } catch (MOADatabaseException e) { +// return null; +// } +// } +// return null; +// } + +// /** +// * Checks if the session is authenticated +// * +// * @param request +// * @param response +// * @return +// */ +// public boolean isAuthenticated(HttpServletRequest request, +// HttpServletResponse response) { +// Logger.info("Checking authentication"); +// +// HttpSession session = request.getSession(); +// +// String moaSessionID = HTTPSessionUtils.getHTTPSessionString(session, MOA_SESSION, null); +// +// if(moaSessionID == null) { +// Logger.info("NO MOA Session to logout"); +// return false; +// } +// +//// AuthenticationSession authSession; +//// try { +//// authSession = AuthenticationSessionStoreage +//// .getSession(moaSessionID); +//// +//// } catch (MOADatabaseException e) { +//// Logger.info("NO MOA Authentication data for ID " + moaSessionID); +//// return false; +//// } +//// +//// if(authSession == null) { +//// Logger.info("NO MOA Authentication data for ID " + moaSessionID); +//// return false; +//// } +//// +//// return authSession.isAuthenticated(); +// +// return AuthenticationSessionStoreage.isAuthenticated(moaSessionID); +// } + + /** + * Checks if this request can authenticate a MOA Session + * + * @param request + * @param response + * @return + */ + public boolean tryPerformAuthentication(HttpServletRequest request, + HttpServletResponse response) { + + HttpSession session = request.getSession(); + + String sessionID = (String) request.getParameter(PARAM_SESSIONID); + if (sessionID != null) { + Logger.info("got MOASession: " + sessionID); + AuthenticationSession authSession; + try { + authSession = AuthenticationSessionStoreage.getSession(sessionID); + + + + if (authSession != null) { + Logger.info("MOASession found! A: " + + authSession.isAuthenticated() + ", AU " + + authSession.isAuthenticatedUsed()); + if (authSession.isAuthenticated() + && !authSession.isAuthenticatedUsed()) { + authSession.setAuthenticatedUsed(true); + + AuthenticationSessionStoreage.storeSession(authSession); + +// HTTPSessionUtils.setHTTPSessionString(session, MOA_SESSION, +// sessionID); + return true; // got authenticated + } + } + + } catch (MOADatabaseException e) { + return false; + } catch (BuildException e) { + return false; + } + } + return false; + } + + public void logout(HttpServletRequest request, + HttpServletResponse response, String moaSessionID) { + Logger.info("Logout"); + + HttpSession session = request.getSession(); + + //String moaSessionID = HTTPSessionUtils.getHTTPSessionString(session, MOA_SESSION, null); + + if(moaSessionID == null) { + moaSessionID = (String) request.getParameter(PARAM_SESSIONID); + } + + if(moaSessionID == null) { + Logger.info("NO MOA Session to logout"); + return; + } + + AuthenticationSession authSession; + try { + authSession = AuthenticationSessionStoreage + .getSession(moaSessionID); + + if(authSession == null) { + Logger.info("NO MOA Authentication data for ID " + moaSessionID); + return; + } + + authSession.setAuthenticated(false); + //HTTPSessionUtils.setHTTPSessionString(session, MOA_SESSION, null); // remove moa session from HTTP Session + + AuthenticationSessionStoreage.destroySession(moaSessionID); + + //session.invalidate(); + + } catch (MOADatabaseException e) { + Logger.info("NO MOA Authentication data for ID " + moaSessionID); + return; + } + + } + + public void doAuthentication(HttpServletRequest request, + HttpServletResponse response, IRequest target) + throws ServletException, IOException, MOAIDException { + Logger.info("Starting authentication ..."); + +// if (!ParamValidatorUtils.isValidOA(target.getOAURL())) +// throw new WrongParametersException("StartAuthentication", PARAM_OA, +// "auth.12"); +// +// if (target.getOAURL() == null) { +// throw new WrongParametersException("StartAuthentication", PARAM_OA, +// "auth.12"); +// } + + setNoCachingHeadersInHttpRespone(request, response); + + List<String> legacyallowed_prot = AuthConfigurationProvider.getInstance().getLegacyAllowedProtocols(); + + //is legacy allowed + boolean legacyallowed = legacyallowed_prot.contains(target.requestedModule()); + + //check legacy request parameter + boolean legacyparamavail = ParamValidatorUtils.areAllLegacyParametersAvailable(request); + + AuthenticationSession moasession; + try { + //check if an MOASession exists and if not create an new MOASession + //moasession = getORCreateMOASession(request); + moasession = AuthenticationSessionStoreage.createSession(); + + } catch (MOADatabaseException e1) { + Logger.error("Database Error! MOASession can not be created!"); + throw new MOAIDException("init.04", new Object[] {}); + } + + + if (legacyallowed && legacyparamavail) { + + //parse request parameter into MOASession + + StartAuthentificationParameterParser.parse(request, response, moasession, target); + + Logger.info("Start Authentication Module: " + moasession.getModul() + + " Action: " + moasession.getAction()); + + //start authentication process +// session.getServletContext().getNamedDispatcher("StartAuthentication") +// .forward(request, response); + + StartAuthenticationBuilder startauth = StartAuthenticationBuilder.getInstance(); + + String getIdentityLinkForm = startauth.build(moasession, request, response); + + //store MOASession + try { + AuthenticationSessionStoreage.storeSession(moasession, target.getRequestID()); + } catch (MOADatabaseException e) { + Logger.error("Database Error! MOASession is not stored!"); + throw new MOAIDException("init.04", new Object[] { + moasession.getSessionID()}); + } + + if (!StringUtils.isEmpty(getIdentityLinkForm)) { + response.setContentType("text/html;charset=UTF-8"); + PrintWriter out = new PrintWriter(response.getOutputStream()); + out.print(getIdentityLinkForm); + out.flush(); + Logger.debug("Finished GET StartAuthentication"); + } + + } else { + //load Parameters from OnlineApplicationConfiguration + OAAuthParameter oaParam = AuthConfigurationProvider.getInstance() + .getOnlineApplicationParameter(target.getOAURL()); + + if (oaParam == null) { + throw new AuthenticationException("auth.00", new Object[] { target.getOAURL() }); + } + + else { + + //check if an MOASession exists and if not create an new MOASession + //moasession = getORCreateMOASession(request); + + //set OnlineApplication configuration in Session + moasession.setOAURLRequested(target.getOAURL()); + moasession.setAction(target.requestedAction()); + moasession.setModul(target.requestedModule()); + } + + //Build authentication form + + + String loginForm = LoginFormBuilder.buildLoginForm(target.requestedModule(), + target.requestedAction(), oaParam.getFriendlyName(), request.getContextPath(), oaParam.useIFrame(), moasession.getSessionID()); + + //store MOASession + try { + AuthenticationSessionStoreage.storeSession(moasession, target.getRequestID()); + } catch (MOADatabaseException e) { + Logger.error("Database Error! MOASession is not stored!"); + throw new MOAIDException("init.04", new Object[] { + moasession.getSessionID()}); + } + + //set MOAIDSession + request.getSession().setAttribute(MOA_SESSION, moasession.getSessionID()); + + response.setContentType("text/html;charset=UTF-8"); + PrintWriter out = new PrintWriter(response.getOutputStream()); + out.print(loginForm); + out.flush(); + } + } + + public void sendTransmitAssertionQuestion(HttpServletRequest request, + HttpServletResponse response, IRequest target, OAAuthParameter oaParam) + throws ServletException, IOException, MOAIDException { + + String form = SendAssertionFormBuilder.buildForm(target.requestedModule(), + target.requestedAction(), target.getRequestID(), oaParam.getFriendlyName(), request.getContextPath(), oaParam.useIFrame()); + + response.setContentType("text/html;charset=UTF-8"); + PrintWriter out = new PrintWriter(response.getOutputStream()); + out.print(form); + out.flush(); + } + + +// private AuthenticationSession getORCreateMOASession(HttpServletRequest request) throws MOAIDException { +// +// //String sessionID = request.getParameter(PARAM_SESSIONID); +// String sessionID = (String) request.getSession().getAttribute(MOA_SESSION); +// AuthenticationSession moasession; +// +// try { +// moasession = AuthenticationSessionStoreage.getSession(sessionID); +// Logger.info("Found existing MOASession with sessionID=" + sessionID +// + ". This session is used for reauthentification."); +// +// } catch (MOADatabaseException e) { +// try { +// moasession = AuthenticationSessionStoreage.createSession(); +// Logger.info("Create a new MOASession with sessionID=" + moasession.getSessionID() + "."); +// +// } catch (MOADatabaseException e1) { +// Logger.error("Database Error! MOASession are not created."); +// throw new MOAIDException("init.04", new Object[] { +// "0"}); +// } +// } +// +// return moasession; +// } +} diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/moduls/IAction.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/moduls/IAction.java new file mode 100644 index 000000000..aa8a8d9a9 --- /dev/null +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/moduls/IAction.java @@ -0,0 +1,16 @@ +package at.gv.egovernment.moa.id.moduls; + +import javax.servlet.http.HttpServletRequest; +import javax.servlet.http.HttpServletResponse; + +import at.gv.egovernment.moa.id.MOAIDException; +import at.gv.egovernment.moa.id.auth.MOAIDAuthConstants; +import at.gv.egovernment.moa.id.auth.data.AuthenticationSession; + +public interface IAction extends MOAIDAuthConstants { + public void processRequest(IRequest req, HttpServletRequest httpReq, HttpServletResponse httpResp, AuthenticationSession moasession) + throws MOAIDException; + public boolean needAuthentication(IRequest req, HttpServletRequest httpReq, HttpServletResponse httpResp); + + public String getDefaultActionName(); +} diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/moduls/IModulInfo.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/moduls/IModulInfo.java new file mode 100644 index 000000000..679ccb000 --- /dev/null +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/moduls/IModulInfo.java @@ -0,0 +1,28 @@ +package at.gv.egovernment.moa.id.moduls; + +import javax.servlet.http.HttpServletRequest; +import javax.servlet.http.HttpServletResponse; + +import at.gv.egovernment.moa.id.MOAIDException; + +public interface IModulInfo { + //public List<ServletInfo> getServlets(); + public String getName(); + public String getPath(); + + public IAction getAction(String action); + + public IRequest preProcess(HttpServletRequest request, + HttpServletResponse response, String action) + throws MOAIDException; + + public IAction canHandleRequest(HttpServletRequest request, + HttpServletResponse response); + + public boolean generateErrorMessage(Throwable e, + HttpServletRequest request, HttpServletResponse response, + IRequest protocolRequest) throws Throwable; + + public boolean validate(HttpServletRequest request, + HttpServletResponse response, IRequest pending); +} diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/moduls/IRequest.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/moduls/IRequest.java new file mode 100644 index 000000000..824b210cf --- /dev/null +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/moduls/IRequest.java @@ -0,0 +1,17 @@ +package at.gv.egovernment.moa.id.moduls; + +public interface IRequest { + public String getOAURL(); + public boolean isPassiv(); + public boolean forceAuth(); + public boolean isSSOSupported(); + public String requestedModule(); + public String requestedAction(); + public void setModule(String module); + public void setAction(String action); + public String getTarget(); + public void setRequestID(String id); + public String getRequestID(); + + //public void setTarget(); +} diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/moduls/ModulStorage.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/moduls/ModulStorage.java new file mode 100644 index 000000000..2a92f3ce5 --- /dev/null +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/moduls/ModulStorage.java @@ -0,0 +1,52 @@ +package at.gv.egovernment.moa.id.moduls; + +import java.util.ArrayList; +import java.util.Iterator; +import java.util.List; + +import at.gv.egovernment.moa.logging.Logger; + +public class ModulStorage { + + private static final String[] modulClasses = new String[]{ + "at.gv.egovernment.moa.id.protocols.saml1.SAML1Protocol", + "at.gv.egovernment.moa.id.protocols.pvp2x.PVP2XProtocol" + }; + + + private static List<IModulInfo> registeredModules = new ArrayList<IModulInfo>(); + + public static List<IModulInfo> getAllModules() { + return registeredModules; + } + + public static IModulInfo getModuleByPath(String modname) { + Iterator<IModulInfo> it = registeredModules.iterator(); + while (it.hasNext()) { + IModulInfo info = it.next(); + if (info.getPath().equals(modname)) { + return info; + } + } + return null; + } + + static { + Logger.info("Loading modules:"); + for(int i = 0; i < modulClasses.length; i++) { + String modulClassName = modulClasses[i]; + try { + @SuppressWarnings("unchecked") + Class<IModulInfo> moduleClass = (Class<IModulInfo>)Class.forName(modulClassName); + IModulInfo module = moduleClass.newInstance(); + Logger.info("Loading Modul Information: " + module.getName()); + registeredModules.add(module); + } catch(Throwable e) { + Logger.error("Check configuration! " + modulClassName + + " is not a valid IModulInfo", e); + } + } + Logger.info("Loading modules done"); + } + +} diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/moduls/ModulUtils.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/moduls/ModulUtils.java new file mode 100644 index 000000000..b07695938 --- /dev/null +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/moduls/ModulUtils.java @@ -0,0 +1,24 @@ +package at.gv.egovernment.moa.id.moduls; + +import at.gv.egovernment.moa.id.entrypoints.DispatcherServlet; + + +public class ModulUtils { + + public static final String UNAUTHDISPATCHER = "dispatcher"; + public static final String AUTHDISPATCHER = "dispatcher"; + + public static String buildUnauthURL(String modul, String action, String pendingRequestID) { + return UNAUTHDISPATCHER + "?" + + DispatcherServlet.PARAM_TARGET_MODULE + "=" + modul + "&" + + DispatcherServlet.PARAM_TARGET_ACTION + "=" + action + "&" + + DispatcherServlet.PARAM_TARGET_PENDINGREQUESTID + "=" + pendingRequestID; + } + + public static String buildAuthURL(String modul, String action, String pendingRequestID) { + return AUTHDISPATCHER + + "?" + DispatcherServlet.PARAM_TARGET_MODULE + "=" + modul + "&" + + DispatcherServlet.PARAM_TARGET_ACTION + "=" + action + "&" + + DispatcherServlet.PARAM_TARGET_PENDINGREQUESTID + "=" + pendingRequestID; + } +} diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/moduls/NoPassivAuthenticationException.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/moduls/NoPassivAuthenticationException.java new file mode 100644 index 000000000..286da5a91 --- /dev/null +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/moduls/NoPassivAuthenticationException.java @@ -0,0 +1,16 @@ +package at.gv.egovernment.moa.id.moduls; + +import at.gv.egovernment.moa.id.MOAIDException; + +public class NoPassivAuthenticationException extends MOAIDException { + + public NoPassivAuthenticationException() { + super("auth.18", null); + } + + /** + * + */ + private static final long serialVersionUID = 596920452166197688L; + +} diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/moduls/RequestImpl.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/moduls/RequestImpl.java new file mode 100644 index 000000000..d47e8df05 --- /dev/null +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/moduls/RequestImpl.java @@ -0,0 +1,83 @@ +package at.gv.egovernment.moa.id.moduls; + +import java.io.Serializable; + +public class RequestImpl implements IRequest, Serializable{ + + private static final long serialVersionUID = 1L; + + private String oaURL; + private boolean passiv = false; + private boolean force = false; + private boolean ssosupport = false; + private String module = null; + private String action = null; + private String target = null; + private String requestID; + + + public void setOAURL(String value) { + oaURL = value; + } + + public String getOAURL() { + return oaURL; + } + + public boolean isPassiv() { + return passiv; + } + + public boolean forceAuth() { + return force; + } + + public void setPassiv(boolean passiv) { + this.passiv = passiv; + } + + public void setForce(boolean force) { + this.force = force; + } + + public boolean isSSOSupported() { + return ssosupport; + } + + public String requestedModule() { + return module; + } + + public String requestedAction() { + return action; + } + + public void setSsosupport(boolean ssosupport) { + this.ssosupport = ssosupport; + } + + public void setModule(String module) { + this.module = module; + } + + public void setAction(String action) { + this.action = action; + } + + public String getTarget() { + return target; + } + + public void setTarget(String target) { + this.target = target; + } + + public void setRequestID(String id) { + this.requestID = id; + + } + + public String getRequestID() { + return requestID; + } +} diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/moduls/RequestStorage.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/moduls/RequestStorage.java new file mode 100644 index 000000000..d33d4693d --- /dev/null +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/moduls/RequestStorage.java @@ -0,0 +1,68 @@ +package at.gv.egovernment.moa.id.moduls; + +import java.util.List; +import java.util.Map; + +import javax.servlet.http.HttpSession; + +import at.gv.egovernment.moa.logging.Logger; + +public class RequestStorage { + + private static final String PENDING_REQUEST = "PENDING_REQUEST"; + + public static Map<String,IRequest> getPendingRequest(HttpSession session) { + + + Object obj = session.getAttribute(PENDING_REQUEST); + if (obj != null) { + synchronized (obj) { + if (obj instanceof Map<?,?>) { + if (((Map<?,?>) obj).size() > 0) { + if ( ((Map<?,?>) obj).keySet().toArray()[0] instanceof String) { + if (((Map<?,?>) obj).get(((Map<?,?>) obj).keySet().toArray()[0]) + instanceof IRequest) { + return (Map<String, IRequest>) obj; + + + + } + } + } + } + } + session.setAttribute(PENDING_REQUEST, null); + } + return null; + } + + public static void setPendingRequest(HttpSession session, Map<String, IRequest> request) { + session.setAttribute(PENDING_REQUEST, request); + } + + public static void removeAllPendingRequests(HttpSession session) { + + Logger.debug(RequestStorage.class.getName()+": Remove all PendingRequests"); + + session.setAttribute(PENDING_REQUEST, null); + } + + public static void removePendingRequest(Map<String, IRequest> requestmap, String requestID) { + + if (requestmap != null && requestID != null) { + + synchronized (requestmap) { + + //Map<String, IRequest> requestmap = getPendingRequest(session); + + if (requestmap.containsKey(requestID)) { + requestmap.remove(requestID); + Logger.debug(RequestStorage.class.getName()+": Remove PendingRequest with ID " + requestID); + + } + + //setPendingRequest(session, requestmap); + } + } + } +} diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/moduls/SSOManager.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/moduls/SSOManager.java new file mode 100644 index 000000000..18eeae58e --- /dev/null +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/moduls/SSOManager.java @@ -0,0 +1,184 @@ +package at.gv.egovernment.moa.id.moduls; + +import java.security.NoSuchAlgorithmException; +import java.security.SecureRandom; +import java.util.List; + +import javax.servlet.http.Cookie; +import javax.servlet.http.HttpServletRequest; +import javax.servlet.http.HttpServletResponse; + +import org.hibernate.Query; +import org.hibernate.Session; + +import at.gv.egovernment.moa.id.AuthenticationException; +import at.gv.egovernment.moa.id.commons.db.MOASessionDBUtils; +import at.gv.egovernment.moa.id.commons.db.dao.session.AuthenticatedSessionStore; +import at.gv.egovernment.moa.id.commons.db.dao.session.OldSSOSessionIDStore; +import at.gv.egovernment.moa.id.config.ConfigurationException; +import at.gv.egovernment.moa.id.config.auth.AuthConfigurationProvider; +import at.gv.egovernment.moa.id.storage.AuthenticationSessionStoreage; +import at.gv.egovernment.moa.id.util.HTTPSessionUtils; +import at.gv.egovernment.moa.id.util.Random; +import at.gv.egovernment.moa.logging.Logger; +import at.gv.egovernment.moa.util.MiscUtil; + +public class SSOManager { + + private static final String SSOCOOKIE = "MOA_ID_SSO"; + + private static final int DEFAULTSSOTIMEOUT = 15*60; //sec + + private static SSOManager instance = null; + private static int sso_timeout; + + + public static SSOManager getInstance() { + if (instance == null) { + instance = new SSOManager(); + + //TODO: move to config based timeout! + try { + sso_timeout = (int) AuthConfigurationProvider.getInstance().getTimeOuts().getMOASessionUpdated().longValue(); + + } catch (ConfigurationException e) { + Logger.info("SSO Timeout can not be loaded from MOA-ID configuration. Use default Timeout with " + DEFAULTSSOTIMEOUT); + sso_timeout = DEFAULTSSOTIMEOUT; + } + + } + + return instance; + } + + public boolean isValidSSOSession(String ssoSessionID, HttpServletRequest httpReq) { + + //search SSO Session + if (ssoSessionID == null) { + Logger.info("No SSO Session cookie found."); + return false; + } + +// String moaSessionId =HTTPSessionUtils.getHTTPSessionString(httpReq.getSession(), +// AuthenticationManager.MOA_SESSION, null); + + return AuthenticationSessionStoreage.isValidSessionWithSSOID(ssoSessionID, null); + + } + + public String getMOASession(String ssoSessionID) { + return AuthenticationSessionStoreage.getMOASessionID(ssoSessionID); + } + + public String existsOldSSOSession(String ssoId) { + + Logger.trace("Check that the SSOID has already been used"); + Session session = MOASessionDBUtils.getCurrentSession(); + + List<OldSSOSessionIDStore> result; + + synchronized (session) { + session.beginTransaction(); + Query query = session.getNamedQuery("getSSOSessionWithOldSessionID"); + query.setString("sessionid", ssoId); + result = query.list(); + + //send transaction + + } + + Logger.trace("Found entries: " + result.size()); + + //Assertion requires an unique artifact + if (result.size() == 0) { + session.getTransaction().commit(); + return null; + } + + OldSSOSessionIDStore oldSSOSession = result.get(0); + + AuthenticatedSessionStore correspondingMoaSession = oldSSOSession.getMoasession(); + + if (correspondingMoaSession == null) { + Logger.info("Get request with old SSO SessionID but no corresponding SSO Session is found."); + //TODO: ist der OldSSOSessionStore zum Aufräumen? + return null; + } + + + String moasessionid = correspondingMoaSession.getSessionid(); + + session.getTransaction().commit(); + + return moasessionid; + + } + + public String storeSSOSessionInformations(String moaSessionID, String OAUrl) { + + String newSSOId = Random.nextRandom(); + + System.out.println("generate new SSO Tokken (" + newSSOId + ")"); + + if (MiscUtil.isEmpty(moaSessionID) || MiscUtil.isEmpty(OAUrl)) { + Logger.warn("MoaSessionID or OAUrl are empty -> SSO is not enabled!"); + return null; + } + + try { + AuthenticationSessionStoreage.addSSOInformation(moaSessionID, newSSOId, OAUrl); + + return newSSOId; + + } catch (AuthenticationException e) { + Logger.warn("SSO Session information can not be stored -> SSO is not enabled!"); + return null; + } + } + + + public void setSSOSessionID(HttpServletRequest httpReq, HttpServletResponse httpResp, String ssoId) { + Cookie[] cookies = httpReq.getCookies(); + + if (cookies != null) { + deleteSSOSessionID(httpReq, httpResp); + } + + Cookie cookie = new Cookie(SSOCOOKIE, ssoId); + cookie.setMaxAge(sso_timeout); + cookie.setSecure(true); + cookie.setPath(httpReq.getContextPath()); + httpResp.addCookie(cookie); + } + + + + public String getSSOSessionID(HttpServletRequest httpReq) { + Cookie[] cookies = httpReq.getCookies(); + + if (cookies != null) { + for (Cookie cookie : cookies) { + + //TODO: funktioniert nicht, da Cookie seltsamerweise immer unsecure übertragen wird (firefox) + //if (cookie.getName().equals(SSOCOOKIE) && cookie.getSecure()) { + + if (cookie.getName().equals(SSOCOOKIE)) { + return cookie.getValue(); + } + } + } + return null; + } + + public void deleteSSOSessionID(HttpServletRequest httpReq, HttpServletResponse httpResp) { + Cookie[] cookies = httpReq.getCookies(); + + if (cookies != null) { + for (Cookie cookie : cookies) { + if (!cookie.getName().equals(SSOCOOKIE)) + httpResp.addCookie(cookie); + } + } + } +} + diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/moduls/ServletInfo.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/moduls/ServletInfo.java new file mode 100644 index 000000000..0181233d5 --- /dev/null +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/moduls/ServletInfo.java @@ -0,0 +1,31 @@ +package at.gv.egovernment.moa.id.moduls; + +import javax.servlet.http.HttpServlet; + + +public class ServletInfo { + Class<? extends HttpServlet> servletClass; + String servletTarget; + ServletType type; + + public ServletInfo(Class<? extends HttpServlet> servletClass, + String servletTarget, ServletType type) { + super(); + this.servletClass = servletClass; + this.servletTarget = servletTarget; + this.type = type; + } + + public HttpServlet getServletInstance() + throws InstantiationException, IllegalAccessException { + return servletClass.newInstance(); + } + + public String getTarget() { + return servletTarget; + } + + public ServletType getType() { + return type; + } +} diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/moduls/ServletType.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/moduls/ServletType.java new file mode 100644 index 000000000..50b1702f8 --- /dev/null +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/moduls/ServletType.java @@ -0,0 +1,5 @@ +package at.gv.egovernment.moa.id.moduls; + +public enum ServletType { + UNAUTH, AUTH, NONE +} diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/AuthenticationAction.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/AuthenticationAction.java new file mode 100644 index 000000000..59a5158bd --- /dev/null +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/AuthenticationAction.java @@ -0,0 +1,31 @@ +package at.gv.egovernment.moa.id.protocols.pvp2x; + +import javax.servlet.http.HttpServletRequest; +import javax.servlet.http.HttpServletResponse; + +import at.gv.egovernment.moa.id.MOAIDException; +import at.gv.egovernment.moa.id.auth.data.AuthenticationSession; +import at.gv.egovernment.moa.id.moduls.IAction; +import at.gv.egovernment.moa.id.moduls.IRequest; +import at.gv.egovernment.moa.id.protocols.pvp2x.requestHandler.RequestManager; + +public class AuthenticationAction implements IAction { + + public void processRequest(IRequest req, HttpServletRequest httpReq, + HttpServletResponse httpResp, AuthenticationSession moasession) throws MOAIDException { + + System.out.println("Process PVP2 auth request!"); + PVPTargetConfiguration pvpRequest = (PVPTargetConfiguration) req; + RequestManager.getInstance().handle(pvpRequest.request, httpReq, httpResp, moasession); + } + + public boolean needAuthentication(IRequest req, HttpServletRequest httpReq, + HttpServletResponse httpResp) { + return true; + } + + public String getDefaultActionName() { + return (PVP2XProtocol.REDIRECT); + } + +} diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/ExternalPVPSessionStore.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/ExternalPVPSessionStore.java new file mode 100644 index 000000000..1e3c6145f --- /dev/null +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/ExternalPVPSessionStore.java @@ -0,0 +1,28 @@ +package at.gv.egovernment.moa.id.protocols.pvp2x; + +import java.util.HashMap; +import java.util.Map; + +import org.opensaml.saml2.metadata.SPSSODescriptor; +import org.opensaml.xml.io.MarshallingException; + +public class ExternalPVPSessionStore { + + private Map<String, SPSSODescriptor> externalSessions = new HashMap<String, SPSSODescriptor>(); + + public boolean contains(String sessionID) { + return externalSessions.containsKey(sessionID); + } + + public void put(String sessionID, SPSSODescriptor sso) throws MarshallingException { + externalSessions.put(sessionID, sso); + } + + public SPSSODescriptor get(String sessionID) { + return externalSessions.get(sessionID); + } + + public void remove(String sessionID) { + externalSessions.remove(sessionID); + } +} diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/MetadataAction.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/MetadataAction.java new file mode 100644 index 000000000..3d0fd80bd --- /dev/null +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/MetadataAction.java @@ -0,0 +1,209 @@ +package at.gv.egovernment.moa.id.protocols.pvp2x; + +import java.io.StringWriter; +import java.util.List; + +import javax.servlet.http.HttpServletRequest; +import javax.servlet.http.HttpServletResponse; +import javax.xml.parsers.DocumentBuilder; +import javax.xml.parsers.DocumentBuilderFactory; +import javax.xml.transform.Transformer; +import javax.xml.transform.TransformerFactory; +import javax.xml.transform.dom.DOMSource; +import javax.xml.transform.stream.StreamResult; + +import org.joda.time.DateTime; +import org.opensaml.Configuration; +import org.opensaml.common.xml.SAMLConstants; +import org.opensaml.saml2.core.NameIDType; +import org.opensaml.saml2.metadata.ContactPerson; +import org.opensaml.saml2.metadata.EntitiesDescriptor; +import org.opensaml.saml2.metadata.EntityDescriptor; +import org.opensaml.saml2.metadata.IDPSSODescriptor; +import org.opensaml.saml2.metadata.KeyDescriptor; +import org.opensaml.saml2.metadata.NameIDFormat; +import org.opensaml.saml2.metadata.SingleSignOnService; +import org.opensaml.xml.io.Marshaller; +import org.opensaml.xml.security.credential.Credential; +import org.opensaml.xml.security.credential.UsageType; +import org.opensaml.xml.security.keyinfo.KeyInfoGenerator; +import org.opensaml.xml.security.x509.X509KeyInfoGeneratorFactory; +import org.opensaml.xml.signature.Signature; +import org.opensaml.xml.signature.Signer; +import org.w3c.dom.Document; + +import at.gv.egovernment.moa.id.MOAIDException; +import at.gv.egovernment.moa.id.auth.data.AuthenticationSession; +import at.gv.egovernment.moa.id.moduls.IAction; +import at.gv.egovernment.moa.id.moduls.IRequest; +import at.gv.egovernment.moa.id.protocols.pvp2x.builder.PVPAttributeBuilder; +import at.gv.egovernment.moa.id.protocols.pvp2x.config.PVPConfiguration; +import at.gv.egovernment.moa.id.protocols.pvp2x.signer.CredentialProvider; +import at.gv.egovernment.moa.id.protocols.pvp2x.utils.SAML2Utils; +import at.gv.egovernment.moa.logging.Logger; + +public class MetadataAction implements IAction { + + public void processRequest(IRequest req, HttpServletRequest httpReq, + HttpServletResponse httpResp, AuthenticationSession moasession) throws MOAIDException { + try { + + EntitiesDescriptor idpEntitiesDescriptor = + SAML2Utils.createSAMLObject(EntitiesDescriptor.class); + + idpEntitiesDescriptor.setName(PVPConfiguration.getInstance().getIDPIssuerName()); + + idpEntitiesDescriptor.setID(SAML2Utils.getSecureIdentifier()); + + idpEntitiesDescriptor.setValidUntil(new DateTime().plusWeeks(4)); + + EntityDescriptor idpEntityDescriptor = SAML2Utils + .createSAMLObject(EntityDescriptor.class); + + idpEntitiesDescriptor.getEntityDescriptors().add(idpEntityDescriptor); + + idpEntityDescriptor + .setEntityID(PVPConfiguration.getInstance().getIDPPublicPath()); + + List<ContactPerson> persons = PVPConfiguration.getInstance() + .getIDPContacts(); + + idpEntityDescriptor.getContactPersons().addAll(persons); + + idpEntityDescriptor.setOrganization(PVPConfiguration.getInstance() + .getIDPOrganisation()); + + X509KeyInfoGeneratorFactory keyInfoFactory = new X509KeyInfoGeneratorFactory(); + keyInfoFactory.setEmitPublicKeyValue(true); + keyInfoFactory.setEmitEntityIDAsKeyName(true); + keyInfoFactory.setEmitEntityCertificate(true); + KeyInfoGenerator keyInfoGenerator = keyInfoFactory.newInstance(); + + Credential credential = CredentialProvider + .getIDPSigningCredential(); + + KeyDescriptor signKeyDescriptor = SAML2Utils + .createSAMLObject(KeyDescriptor.class); + signKeyDescriptor.setUse(UsageType.SIGNING); + signKeyDescriptor.setKeyInfo(keyInfoGenerator.generate(credential)); + + Signature signature = CredentialProvider + .getIDPSignature(credential); + + idpEntitiesDescriptor.setSignature(signature); + + IDPSSODescriptor idpSSODescriptor = SAML2Utils + .createSAMLObject(IDPSSODescriptor.class); + + idpSSODescriptor.addSupportedProtocol(SAMLConstants.SAML20P_NS); + + idpSSODescriptor.setWantAuthnRequestsSigned(true); + + if (PVPConfiguration.getInstance().getIDPSSOPostService() != null) { + SingleSignOnService postSingleSignOnService = SAML2Utils + .createSAMLObject(SingleSignOnService.class); + + postSingleSignOnService.setLocation(PVPConfiguration + .getInstance().getIDPSSOPostService()); + postSingleSignOnService + .setBinding(SAMLConstants.SAML2_POST_BINDING_URI); + + idpSSODescriptor.getSingleSignOnServices().add( + postSingleSignOnService); + } + + if (PVPConfiguration.getInstance().getIDPSSORedirectService() != null) { + SingleSignOnService redirectSingleSignOnService = SAML2Utils + .createSAMLObject(SingleSignOnService.class); + + redirectSingleSignOnService.setLocation(PVPConfiguration + .getInstance().getIDPSSORedirectService()); + redirectSingleSignOnService + .setBinding(SAMLConstants.SAML2_REDIRECT_BINDING_URI); + + idpSSODescriptor.getSingleSignOnServices().add( + redirectSingleSignOnService); + } + + /*if (PVPConfiguration.getInstance().getIDPResolveSOAPService() != null) { + ArtifactResolutionService artifactResolutionService = SAML2Utils + .createSAMLObject(ArtifactResolutionService.class); + + artifactResolutionService + .setBinding(SAMLConstants.SAML2_SOAP11_BINDING_URI); + artifactResolutionService.setLocation(PVPConfiguration + .getInstance().getIDPResolveSOAPService()); + + artifactResolutionService.setIndex(0); + + idpSSODescriptor.getArtifactResolutionServices().add( + artifactResolutionService); + }*/ + + idpSSODescriptor.getKeyDescriptors().add(signKeyDescriptor); + + idpSSODescriptor.getAttributes().addAll(PVPAttributeBuilder.buildSupportedEmptyAttributes()); + + NameIDFormat persistenNameIDFormat = SAML2Utils.createSAMLObject(NameIDFormat.class); + persistenNameIDFormat.setFormat(NameIDType.PERSISTENT); + + idpSSODescriptor.getNameIDFormats().add(persistenNameIDFormat); + + NameIDFormat transientNameIDFormat = SAML2Utils.createSAMLObject(NameIDFormat.class); + transientNameIDFormat.setFormat(NameIDType.TRANSIENT); + + idpSSODescriptor.getNameIDFormats().add(transientNameIDFormat); + + NameIDFormat unspecifiedNameIDFormat = SAML2Utils.createSAMLObject(NameIDFormat.class); + unspecifiedNameIDFormat.setFormat(NameIDType.UNSPECIFIED); + + idpSSODescriptor.getNameIDFormats().add(unspecifiedNameIDFormat); + + idpEntityDescriptor.getRoleDescriptors().add(idpSSODescriptor); + + DocumentBuilder builder; + DocumentBuilderFactory factory = DocumentBuilderFactory + .newInstance(); + + builder = factory.newDocumentBuilder(); + Document document = builder.newDocument(); + Marshaller out = Configuration.getMarshallerFactory() + .getMarshaller(idpEntitiesDescriptor); + out.marshall(idpEntitiesDescriptor, document); + + Signer.signObject(signature); + + Transformer transformer = TransformerFactory.newInstance() + .newTransformer(); + + StringWriter sw = new StringWriter(); + StreamResult sr = new StreamResult(sw); + DOMSource source = new DOMSource(document); + transformer.transform(source, sr); + sw.close(); + + String metadataXML = sw.toString(); + + System.out.println("METADATA: " + metadataXML); + + httpResp.setContentType("text/xml"); + httpResp.getOutputStream().write(metadataXML.getBytes()); + + httpResp.getOutputStream().close(); + + } catch (Exception e) { + Logger.error("Failed to generate metadata", e); + throw new MOAIDException("pvp2.13", null); + } + } + + public boolean needAuthentication(IRequest req, HttpServletRequest httpReq, + HttpServletResponse httpResp) { + return false; + } + + public String getDefaultActionName() { + return (PVP2XProtocol.METADATA); + } + +} diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/PVP2XProtocol.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/PVP2XProtocol.java new file mode 100644 index 000000000..6055484f7 --- /dev/null +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/PVP2XProtocol.java @@ -0,0 +1,302 @@ +package at.gv.egovernment.moa.id.protocols.pvp2x; + +import iaik.pkcs.pkcs11.objects.Object; + +import java.util.ArrayList; +import java.util.HashMap; +import java.util.Iterator; +import java.util.List; + +import javax.servlet.http.HttpServletRequest; +import javax.servlet.http.HttpServletResponse; + +import org.apache.commons.lang.StringEscapeUtils; +import org.opensaml.DefaultBootstrap; +import org.opensaml.common.xml.SAMLConstants; +import org.opensaml.saml2.core.AuthnRequest; +import org.opensaml.saml2.core.RequestAbstractType; +import org.opensaml.saml2.core.Response; +import org.opensaml.saml2.core.Status; +import org.opensaml.saml2.core.StatusCode; +import org.opensaml.saml2.core.StatusMessage; +import org.opensaml.saml2.metadata.AssertionConsumerService; +import org.opensaml.saml2.metadata.AttributeConsumingService; +import org.opensaml.saml2.metadata.EntityDescriptor; +import org.opensaml.saml2.metadata.SPSSODescriptor; +import org.opensaml.xml.ConfigurationException; + +import at.gv.egovernment.moa.id.MOAIDException; +import at.gv.egovernment.moa.id.auth.MOAIDAuthConstants; +import at.gv.egovernment.moa.id.auth.WrongParametersException; +import at.gv.egovernment.moa.id.moduls.IAction; +import at.gv.egovernment.moa.id.moduls.IModulInfo; +import at.gv.egovernment.moa.id.moduls.IRequest; +import at.gv.egovernment.moa.id.moduls.NoPassivAuthenticationException; +import at.gv.egovernment.moa.id.moduls.ServletInfo; +import at.gv.egovernment.moa.id.moduls.ServletType; +import at.gv.egovernment.moa.id.protocols.pvp2x.binding.IDecoder; +import at.gv.egovernment.moa.id.protocols.pvp2x.binding.IEncoder; +import at.gv.egovernment.moa.id.protocols.pvp2x.binding.MOARequest; +import at.gv.egovernment.moa.id.protocols.pvp2x.binding.PostBinding; +import at.gv.egovernment.moa.id.protocols.pvp2x.binding.RedirectBinding; +import at.gv.egovernment.moa.id.protocols.pvp2x.config.PVPConfiguration; +import at.gv.egovernment.moa.id.protocols.pvp2x.exceptions.MandateAttributesNotHandleAbleException; +import at.gv.egovernment.moa.id.protocols.pvp2x.exceptions.NoMetadataInformationException; +import at.gv.egovernment.moa.id.protocols.pvp2x.exceptions.PVP2Exception; +import at.gv.egovernment.moa.id.protocols.pvp2x.utils.CheckMandateAttributes; +import at.gv.egovernment.moa.id.protocols.pvp2x.utils.SAML2Utils; +import at.gv.egovernment.moa.id.protocols.pvp2x.verification.SAMLVerificationEngine; +import at.gv.egovernment.moa.id.protocols.pvp2x.verification.TrustEngineFactory; +import at.gv.egovernment.moa.id.util.ParamValidatorUtils; +import at.gv.egovernment.moa.id.util.VelocityLogAdapter; + +public class PVP2XProtocol implements IModulInfo, MOAIDAuthConstants { + + public static final String NAME = PVP2XProtocol.class.getName(); + public static final String PATH = "id_pvp2x"; + + public static final String REDIRECT = "Redirect"; + public static final String POST = "Post"; + public static final String SOAP = "Soap"; + public static final String METADATA = "Metadata"; + + private static List<ServletInfo> servletList = new ArrayList<ServletInfo>(); + + private static List<IDecoder> decoder = new ArrayList<IDecoder>(); + + private static HashMap<String, IAction> actions = new HashMap<String, IAction>(); + + static { + servletList.add(new ServletInfo(PVPProcessor.class, REDIRECT, + ServletType.AUTH)); + servletList.add(new ServletInfo(PVPProcessor.class, POST, + ServletType.AUTH)); + + decoder.add(new PostBinding()); + decoder.add(new RedirectBinding()); + + actions.put(REDIRECT, new AuthenticationAction()); + actions.put(POST, new AuthenticationAction()); + actions.put(METADATA, new MetadataAction()); + + instance = new PVP2XProtocol(); + + new VelocityLogAdapter(); + } + + private static PVP2XProtocol instance = null; + + public static PVP2XProtocol getInstance() { + if (instance == null) { + instance = new PVP2XProtocol(); + } + return instance; + } + + public List<ServletInfo> getServlets() { + return servletList; + } + + public String getName() { + return NAME; + } + + public String getPath() { + return PATH; + } + + private IDecoder findDecoder(String action, HttpServletRequest req) { + Iterator<IDecoder> decoderIT = decoder.iterator(); + while (decoderIT.hasNext()) { + IDecoder decoder = decoderIT.next(); + if (decoder.handleDecode(action, req)) { + return decoder; + } + } + + return null; + } + + public PVP2XProtocol() { + super(); + } + + public IRequest preProcess(HttpServletRequest request, + HttpServletResponse response, String action) throws MOAIDException { + + if(METADATA.equals(action)) { + return new PVPTargetConfiguration(); + } + + IDecoder decoder = findDecoder(action, request); + if (decoder == null) { + return null; + } + try { + PVPTargetConfiguration config = new PVPTargetConfiguration(); + + + MOARequest moaRequest = decoder.decodeRequest(request, response); + + RequestAbstractType samlReq = moaRequest.getSamlRequest(); + + //String xml = PrettyPrinter.prettyPrint(SAML2Utils.asDOMDocument(samlReq)); + + //Logger.info("SAML : " + xml); + + if(!moaRequest.isVerified()) { + SAMLVerificationEngine engine = new SAMLVerificationEngine(); + engine.verifyRequest(samlReq, TrustEngineFactory.getSignatureKnownKeysTrustEngine()); + moaRequest.setVerified(true); + } + + if(!(samlReq instanceof AuthnRequest)) { + throw new MOAIDException("Unsupported request", new Object[] {}); + } + + AuthnRequest authnRequest = (AuthnRequest)samlReq; + + Integer aIdx = authnRequest.getAssertionConsumerServiceIndex(); + int assertionidx = 0; + + if(aIdx != null) { + assertionidx = aIdx.intValue(); + } + + aIdx = authnRequest.getAttributeConsumingServiceIndex(); + int attributeIdx = 0; + + if(aIdx != null) { + attributeIdx = aIdx.intValue(); + } + + EntityDescriptor metadata = moaRequest.getEntityMetadata(); + if(metadata == null) { + throw new NoMetadataInformationException(); + } + SPSSODescriptor spSSODescriptor = metadata.getSPSSODescriptor(SAMLConstants.SAML20P_NS); + AssertionConsumerService consumerService = spSSODescriptor.getAssertionConsumerServices().get(assertionidx); + AttributeConsumingService attributeConsumer = spSSODescriptor.getAttributeConsumingServices().get(attributeIdx); + + //TODO: maybe change to getEntityID() + //String oaURL = consumerService.getLocation(); + String oaURL = moaRequest.getEntityMetadata().getEntityID(); + String binding = consumerService.getBinding(); + String entityID = moaRequest.getEntityMetadata().getEntityID(); + + //String oaURL = (String) request.getParameter(PARAM_OA); + oaURL = StringEscapeUtils.escapeHtml(oaURL); +// if (!ParamValidatorUtils.isValidOA(oaURL)) +// throw new WrongParametersException("StartAuthentication", +// PARAM_OA, "auth.12"); + + config.setOAURL(oaURL); + config.setBinding(binding); + config.setRequest(moaRequest); + config.setConsumerURL(consumerService.getLocation()); + + //TODO: set correct target; + config.setTarget(PVPConfiguration.getInstance().getTargetForSP(entityID)); + + String useMandate = request.getParameter(PARAM_USEMANDATE); + if(useMandate != null) { + if(useMandate.equals("true")) { + if(!CheckMandateAttributes.canHandleMandate(attributeConsumer)) { + throw new MandateAttributesNotHandleAbleException(); + } + } + } + + request.getSession().setAttribute(PARAM_OA, oaURL); + + return config; + } catch (Exception e) { + e.printStackTrace(); + throw new MOAIDException(e.getMessage(), new Object[] {}); + } + } + + public boolean generateErrorMessage(Throwable e, + HttpServletRequest request, HttpServletResponse response, + IRequest protocolRequest) throws Throwable { + + if(protocolRequest == null) { + throw e; + } + + if(!(protocolRequest instanceof PVPTargetConfiguration) ) { + throw e; + } + PVPTargetConfiguration pvpRequest = (PVPTargetConfiguration)protocolRequest; + + Response samlResponse = + SAML2Utils.createSAMLObject(Response.class); + Status status = SAML2Utils.createSAMLObject(Status.class); + StatusCode statusCode = SAML2Utils.createSAMLObject(StatusCode.class); + StatusMessage statusMessage = SAML2Utils.createSAMLObject(StatusMessage.class); + if(e instanceof NoPassivAuthenticationException) { + statusCode.setValue(StatusCode.NO_PASSIVE_URI); + statusMessage.setMessage(e.getLocalizedMessage()); + } else if(e instanceof PVP2Exception) { + PVP2Exception ex = (PVP2Exception) e; + statusCode.setValue(ex.getStatusCodeValue()); + String statusMessageValue = ex.getStatusMessageValue(); + if(statusMessageValue != null) { + statusMessage.setMessage(statusMessageValue); + } + } else { + statusCode.setValue(StatusCode.RESPONDER_URI); + statusMessage.setMessage(e.getLocalizedMessage()); + } + + status.setStatusCode(statusCode); + if(statusMessage.getMessage() != null) { + status.setStatusMessage(statusMessage); + } + samlResponse.setStatus(status); + + IEncoder encoder = null; + + if(pvpRequest.getBinding().equals(SAMLConstants.SAML2_REDIRECT_BINDING_URI)) { + encoder = new RedirectBinding(); + } else if(pvpRequest.getBinding().equals(SAMLConstants.SAML2_ARTIFACT_BINDING_URI)) { + // TODO: not supported YET!! + //binding = new ArtifactBinding(); + } else if(pvpRequest.getBinding().equals(SAMLConstants.SAML2_POST_BINDING_URI)) { + encoder = new PostBinding(); + } + + if(encoder == null) { + // default to redirect binding + encoder = new RedirectBinding(); + } + + encoder.encodeRespone(request, response, samlResponse, pvpRequest.getConsumerURL()); + return true; + } + + public IAction getAction(String action) { + return actions.get(action); + } + + public IAction canHandleRequest(HttpServletRequest request, + HttpServletResponse response) { + if(request.getParameter("SAMLRequest") != null && request.getMethod().equals("GET")) { + return getAction(REDIRECT); + } else if(request.getParameter("SAMLRequest") != null && request.getMethod().equals("POST")) { + return getAction(POST); + } + + if(METADATA.equals(request.getParameter("action"))) { + return getAction(METADATA); + } + return null; + } + + public boolean validate(HttpServletRequest request, + HttpServletResponse response, IRequest pending) { + // TODO implement validation! + return true; + } + +} diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/PVPAssertionStorage.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/PVPAssertionStorage.java new file mode 100644 index 000000000..2e2f75b94 --- /dev/null +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/PVPAssertionStorage.java @@ -0,0 +1,60 @@ +package at.gv.egovernment.moa.id.protocols.pvp2x; + +import org.opensaml.common.SAMLObject; +import org.opensaml.common.binding.artifact.SAMLArtifactMap; +import org.opensaml.xml.io.MarshallingException; + +import at.gv.egovernment.moa.id.commons.db.ex.MOADatabaseException; +import at.gv.egovernment.moa.id.protocols.pvp2x.utils.StoredAssertion; +import at.gv.egovernment.moa.id.storage.AssertionStorage; + +public class PVPAssertionStorage implements SAMLArtifactMap { + + private static PVPAssertionStorage instance = null; + + public static PVPAssertionStorage getInstance() { + if(instance == null) { + instance = new PVPAssertionStorage(); + } + return instance; + } + + //private Map<String, SAMLArtifactMapEntry> assertions = new HashMap<String, SAMLArtifactMapEntry>(); + private AssertionStorage assertions = AssertionStorage.getInstance(); + + public boolean contains(String artifact) { + return assertions.containsKey(artifact); + } + + public void put(String artifact, String relyingPartyId, String issuerId, + SAMLObject samlMessage) throws MarshallingException { + SAMLArtifactMapEntry assertion = new StoredAssertion(artifact, + relyingPartyId, + issuerId, + samlMessage); + + try { + assertions.put(artifact, assertion); + + } catch (MOADatabaseException e) { + // TODO Insert Error Handling, if Assertion could not be stored + throw new MarshallingException("Assertion are not stored in Database.",e); + } + } + + public SAMLArtifactMapEntry get(String artifact) { + try { + return assertions.get(artifact, SAMLArtifactMapEntry.class); + + } catch (MOADatabaseException e) { + // TODO Insert Error Handling, if Assertion could not be read + e.printStackTrace(); + return null; + } + } + + public void remove(String artifact) { + assertions.remove(artifact); + } + +} diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/PVPConstants.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/PVPConstants.java new file mode 100644 index 000000000..e8b661362 --- /dev/null +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/PVPConstants.java @@ -0,0 +1,236 @@ +package at.gv.egovernment.moa.id.protocols.pvp2x; + +public interface PVPConstants { + + public static final String STORK_QAA_1_1 = "http://www.stork.gov.eu/1.0/citizenQAALevel/1"; + public static final String STORK_QAA_1_2 = "http://www.stork.gov.eu/1.0/citizenQAALevel/2"; + public static final String STORK_QAA_1_3 = "http://www.stork.gov.eu/1.0/citizenQAALevel/3"; + public static final String STORK_QAA_1_4 = "http://www.stork.gov.eu/1.0/citizenQAALevel/4"; + + public static final String URN_OID_PREFIX = "urn:oid:"; + + public static final String PVP_VERSION_OID = "1.2.40.0.10.2.1.1.261.10"; + public static final String PVP_VERSION_NAME = URN_OID_PREFIX + PVP_VERSION_OID; + public static final String PVP_VERSION_FRIENDLY_NAME = "PVP-VERSION"; + public static final String PVP_VERSION_2_1 = "2.1"; + + public static final String SECCLASS_FRIENDLY_NAME = "SECCLASS"; + + public static final String PRINCIPAL_NAME_OID = "1.2.40.0.10.2.1.1.261.20"; + public static final String PRINCIPAL_NAME_NAME = URN_OID_PREFIX + PRINCIPAL_NAME_OID; + public static final String PRINCIPAL_NAME_FRIENDLY_NAME = "PRINCIPAL-NAME"; + public static final int PRINCIPAL_NAME_MAX_LENGTH = 128; + + public static final String GIVEN_NAME_OID = "2.5.4.42"; + public static final String GIVEN_NAME_NAME = URN_OID_PREFIX + GIVEN_NAME_OID; + public static final String GIVEN_NAME_FRIENDLY_NAME = "GIVEN-NAME"; + public static final int GIVEN_NAME_MAX_LENGTH = 128; + + public static final String BIRTHDATE_OID = "1.2.40.0.10.2.1.1.55"; + public static final String BIRTHDATE_NAME = URN_OID_PREFIX + BIRTHDATE_OID; + public static final String BIRTHDATE_FRIENDLY_NAME = "BIRTHDATE"; + public static final String BIRTHDATE_FORMAT_PATTERN = "yyyy-MM-dd"; + + public static final String USERID_OID = "0.9.2342.19200300.100.1.1"; + public static final String USERID_NAME = URN_OID_PREFIX + USERID_OID; + public static final String USERID_FRIENDLY_NAME = "USERID"; + public static final int USERID_MAX_LENGTH = 128; + + public static final String GID_OID = "1.2.40.0.10.2.1.1.1"; + public static final String GID_NAME = URN_OID_PREFIX + GID_OID; + public static final String GID_FRIENDLY_NAME = "GID"; + public static final int GID_MAX_LENGTH = 128; + + public static final String BPK_OID = "1.2.40.0.10.2.1.1.149"; + public static final String BPK_NAME = URN_OID_PREFIX + BPK_OID; + public static final String BPK_FRIENDLY_NAME = "BPK"; + public static final int BPK_MAX_LENGTH = 1024; + + public static final String ENC_BPK_LIST_OID = "1.2.40.0.10.2.1.1.261.22"; + public static final String ENC_BPK_LIST_NAME = URN_OID_PREFIX+ENC_BPK_LIST_OID; + public static final String ENC_BPK_LIST_FRIENDLY_NAME = "ENC-BPK-LIST"; + public static final int ENC_BPK_LIST_MAX_LENGTH = 32767; + + public static final String MAIL_OID = "0.9.2342.19200300.100.1.3"; + public static final String MAIL_NAME = URN_OID_PREFIX + MAIL_OID; + public static final String MAIL_FRIENDLY_NAME = "MAIL"; + public static final int MAIL_MAX_LENGTH = 128; + + public static final String TEL_OID = "2.5.4.20"; + public static final String TEL_NAME = URN_OID_PREFIX + TEL_OID; + public static final String TEL_FRIENDLY_NAME = "TEL"; + public static final int TEL_MAX_LENGTH = 32; + + public static final String PARTICIPANT_ID_OID = "1.2.40.0.10.2.1.1.71"; + public static final String PARTICIPANT_ID_NAME = URN_OID_PREFIX + PARTICIPANT_ID_OID; + public static final String PARTICIPANT_ID_FRIENDLY_NAME = "PARTICIPANT-ID"; + public static final int PARTICIPANT_MAX_LENGTH = 39; + + public static final String PARTICIPANT_OKZ_OID = "1.2.40.0.10.2.1.1.261.24"; + public static final String PARTICIPANT_OKZ_NAME = URN_OID_PREFIX + PARTICIPANT_OKZ_OID; + public static final String PARTICIPANT_OKZ_FRIENDLY_NAME = "PARTICIPANT-OKZ"; + public static final int PARTICIPANT_OKZ_MAX_LENGTH = 32; + + public static final String OU_OKZ_OID = "1.2.40.0.10.2.1.1.153"; + public static final String OU_OKZ_NAME = URN_OID_PREFIX + OU_OKZ_OID; + public static final int OU_OKZ_MAX_LENGTH = 32; + + public static final String OU_GV_OU_ID_OID = "1.2.40.0.10.2.1.1.3"; + public static final String OU_GV_OU_ID_NAME = URN_OID_PREFIX + OU_GV_OU_ID_OID; + public static final String OU_GV_OU_ID_FRIENDLY_NAME = "OU-GV-OU-ID"; + public static final int OU_GV_OU_ID_MAX_LENGTH = 39; + + public static final String OU_OID = "2.5.4.11"; + public static final String OU_NAME = URN_OID_PREFIX + OU_OID; + public static final String OU_FRIENDLY_NAME = "OU"; + public static final int OU_MAX_LENGTH = 64; + + public static final String FUNCTION_OID = "1.2.40.0.10.2.1.1.33"; + public static final String FUNCTION_NAME = URN_OID_PREFIX + FUNCTION_OID; + public static final String FUNCTION_FRIENDLY_NAME = "FUNCTION"; + public static final int FUNCTION_MAX_LENGTH = 32; + + public static final String ROLES_OID = "1.2.40.0.10.2.1.1.261.30"; + public static final String ROLES_NAME = URN_OID_PREFIX + ROLES_OID; + public static final String ROLES_FRIENDLY_NAME = "ROLES"; + public static final int ROLES_MAX_LENGTH = 32767; + + public static final String EID_CITIZEN_QAA_LEVEL_OID = "1.2.40.0.10.2.1.1.261.94"; + public static final String EID_CITIZEN_QAA_LEVEL_NAME = URN_OID_PREFIX + EID_CITIZEN_QAA_LEVEL_OID; + public static final String EID_CITIZEN_QAA_LEVEL_FRIENDLY_NAME = "EID-CITIZEN-QAA-LEVEL"; + + public static final String EID_ISSUING_NATION_OID = "1.2.40.0.10.2.1.1.261.32"; + public static final String EID_ISSUING_NATION_NAME = URN_OID_PREFIX + EID_ISSUING_NATION_OID; + public static final String EID_ISSUING_NATION_FRIENDLY_NAME = "EID-ISSUING-NATION"; + public static final int EID_ISSUING_NATION_MAX_LENGTH = 2; + + public static final String EID_SECTOR_FOR_IDENTIFIER_OID = "1.2.40.0.10.2.1.1.261.34"; + public static final String EID_SECTOR_FOR_IDENTIFIER_NAME = URN_OID_PREFIX + EID_SECTOR_FOR_IDENTIFIER_OID; + public static final String EID_SECTOR_FOR_IDENTIFIER_FRIENDLY_NAME = "EID-SECTOR-FOR-IDENTIFIER"; + public static final int EID_SECTOR_FOR_IDENTIFIER_MAX_LENGTH = 255; + + public static final String EID_SOURCE_PIN_OID = "1.2.40.0.10.2.1.1.261.36"; + public static final String EID_SOURCE_PIN_NAME = URN_OID_PREFIX + EID_SOURCE_PIN_OID; + public static final String EID_SOURCE_PIN_FRIENDLY_NAME = "EID-SOURCE-PIN"; + public static final int EID_SOURCE_PIN_MAX_LENGTH = 128; + + public static final String EID_SOURCE_PIN_TYPE_OID = "1.2.40.0.10.2.1.1.261.104"; + public static final String EID_SOURCE_PIN_TYPE_NAME = URN_OID_PREFIX + EID_SOURCE_PIN_TYPE_OID; + public static final String EID_SOURCE_PIN_TYPE_FRIENDLY_NAME = "EID-SOURCE-PIN-TYPE"; + public static final int EID_SOURCE_PIN_TYPE_MAX_LENGTH = 128; + + public static final String EID_IDENTITY_LINK_OID = "1.2.40.0.10.2.1.1.261.38"; + public static final String EID_IDENTITY_LINK_NAME = URN_OID_PREFIX + EID_IDENTITY_LINK_OID; + public static final String EID_IDENTITY_LINK_FRIENDLY_NAME = "EID-IDENTITY-LINK"; + public static final int EID_IDENTITY_LINK_MAX_LENGTH = 32767; + + public static final String EID_AUTH_BLOCK_OID = "1.2.40.0.10.2.1.1.261.62"; + public static final String EID_AUTH_BLOCK_NAME = URN_OID_PREFIX + EID_AUTH_BLOCK_OID; + public static final String EID_AUTH_BLOCK_FRIENDLY_NAME = "EID-AUTH-BLOCK"; + public static final int EID_AUTH_BLOCK_MAX_LENGTH = 32767; + + public static final String EID_CCS_URL_OID = "1.2.40.0.10.2.1.1.261.64"; + public static final String EID_CCS_URL_NAME = URN_OID_PREFIX + EID_CCS_URL_OID; + public static final String EID_CCS_URL_FRIENDLY_NAME = "EID-CCS-URL"; + public static final int EID_CCS_URL_MAX_LENGTH = 1024; + + public static final String EID_SIGNER_CERTIFICATE_OID = "1.2.40.0.10.2.1.1.261.66"; + public static final String EID_SIGNER_CERTIFICATE_NAME = URN_OID_PREFIX + EID_SIGNER_CERTIFICATE_OID; + public static final String EID_SIGNER_CERTIFICATE_FRIENDLY_NAME = "EID-SIGNER-CERTIFICATE"; + public static final int EID_SIGNER_CERTIFICATE_MAX_LENGTH = 32767; + + public static final String EID_STORK_TOKEN_OID = "1.2.40.0.10.2.1.1.261.96"; + public static final String EID_STORK_TOKEN_NAME = URN_OID_PREFIX + EID_STORK_TOKEN_OID; + public static final String EID_STORK_TOKEN_FRIENDLY_NAME = "EID-STORK-TOKEN"; + public static final int EID_STORK_TOKEN_MAX_LENGTH = 32767; + + public static final String MANDATE_TYPE_OID = "1.2.40.0.10.2.1.1.261.68"; + public static final String MANDATE_TYPE_NAME = URN_OID_PREFIX + MANDATE_TYPE_OID; + public static final String MANDATE_TYPE_FRIENDLY_NAME = "MANDATE-TYPE"; + public static final int MANDATE_TYPE_MAX_LENGTH = 256; + + public static final String MANDATE_NAT_PER_SOURCE_PIN_OID = "1.2.40.0.10.2.1.1.261.70"; + public static final String MANDATE_NAT_PER_SOURCE_PIN_NAME = URN_OID_PREFIX + MANDATE_NAT_PER_SOURCE_PIN_OID; + public static final String MANDATE_NAT_PER_SOURCE_PIN_FRIENDLY_NAME = "MANDATOR-NATURAL-PERSON-SOURCE-PIN"; + public static final int MANDATE_NAT_PER_SOURCE_PIN_MAX_LENGTH = 128; + + public static final String MANDATE_LEG_PER_SOURCE_PIN_OID = "1.2.40.0.10.2.1.1.261.100"; + public static final String MANDATE_LEG_PER_SOURCE_PIN_NAME = URN_OID_PREFIX + MANDATE_LEG_PER_SOURCE_PIN_OID; + public static final String MANDATE_LEG_PER_SOURCE_PIN_FRIENDLY_NAME = "MANDATOR-LEGAL-PERSON-SOURCE-PIN"; + public static final int MANDATE_LEG_PER_SOURCE_PIN_MAX_LENGTH = 128; + + public static final String MANDATE_NAT_PER_SOURCE_PIN_TYPE_OID = "1.2.40.0.10.2.1.1.261.102"; + public static final String MANDATE_NAT_PER_SOURCE_PIN_TYPE_NAME = URN_OID_PREFIX + MANDATE_NAT_PER_SOURCE_PIN_TYPE_OID; + public static final String MANDATE_NAT_PER_SOURCE_PIN_TYPE_FRIENDLY_NAME = "MANDATOR-NATURAL-PERSON-SOURCE-PIN-TYPE"; + public static final int MANDATE_NAT_PER_SOURCE_PIN_TYPE_MAX_LENGTH = 128; + + public static final String MANDATE_LEG_PER_SOURCE_PIN_TYPE_OID = "1.2.40.0.10.2.1.1.261.76"; + public static final String MANDATE_LEG_PER_SOURCE_PIN_TYPE_NAME = URN_OID_PREFIX + MANDATE_LEG_PER_SOURCE_PIN_TYPE_OID; + public static final String MANDATE_LEG_PER_SOURCE_PIN_TYPE_FRIENDLY_NAME = "MANDATOR-LEGAL-PERSON-SOURCE-PIN-TYPE"; + public static final int MANDATE_LEG_PER_SOURCE_PIN_TYPE_MAX_LENGTH = 128; + + public static final String MANDATE_NAT_PER_BPK_OID = "1.2.40.0.10.2.1.1.261.98"; + public static final String MANDATE_NAT_PER_BPK_NAME = URN_OID_PREFIX + MANDATE_NAT_PER_BPK_OID; + public static final String MANDATE_NAT_PER_BPK_FRIENDLY_NAME = "MANDATOR-NATURAL-PERSON-BPK"; + public static final int MANDATE_NAT_PER_BPK_MAX_LENGTH = 1024; + + public static final String MANDATE_NAT_PER_ENC_BPK_LIST_OID = "1.2.40.0.10.2.1.1.261.72"; + public static final String MANDATE_NAT_PER_ENC_BPK_LIST_NAME = URN_OID_PREFIX + MANDATE_NAT_PER_ENC_BPK_LIST_OID; + public static final String MANDATE_NAT_PER_ENC_BPK_LIST_FRIENDLY_NAME = "MANDATOR-NATURAL-PERSON-ENC-BPK-LIST"; + public static final int MANDATE_NAT_PER_ENC_BPK_LIST_MAX_LENGTH = 32767; + + public static final String MANDATE_NAT_PER_GIVEN_NAME_OID = "1.2.40.0.10.2.1.1.261.78"; + public static final String MANDATE_NAT_PER_GIVEN_NAME_NAME = URN_OID_PREFIX + MANDATE_NAT_PER_GIVEN_NAME_OID; + public static final String MANDATE_NAT_PER_GIVEN_NAME_FRIENDLY_NAME = "MANDATOR-NATURAL-PERSON-GIVEN-NAME"; + public static final int MANDATE_NAT_PER_GIVEN_NAME_MAX_LENGTH = 128; + + public static final String MANDATE_NAT_PER_FAMILY_NAME_OID = "1.2.40.0.10.2.1.1.261.80"; + public static final String MANDATE_NAT_PER_FAMILY_NAME_NAME = URN_OID_PREFIX + MANDATE_NAT_PER_FAMILY_NAME_OID; + public static final String MANDATE_NAT_PER_FAMILY_NAME_FRIENDLY_NAME = "MANDATOR-NATURAL-PERSON-FAMILY-NAME"; + public static final int MANDATE_NAT_PER_FAMILY_NAME_MAX_LENGTH = 128; + + public static final String MANDATE_NAT_PER_BIRTHDATE_OID = "1.2.40.0.10.2.1.1.261.82"; + public static final String MANDATE_NAT_PER_BIRTHDATE_NAME = URN_OID_PREFIX + MANDATE_NAT_PER_BIRTHDATE_OID; + public static final String MANDATE_NAT_PER_BIRTHDATE_FRIENDLY_NAME = "MANDATOR-NATURAL-PERSON-BIRTHDATE"; + public static final String MANDATE_NAT_PER_BIRTHDATE_FORMAT_PATTERN = BIRTHDATE_FORMAT_PATTERN; + + public static final String MANDATE_LEG_PER_FULL_NAME_OID = "1.2.40.0.10.2.1.1.261.84"; + public static final String MANDATE_LEG_PER_FULL_NAME_NAME = URN_OID_PREFIX + MANDATE_LEG_PER_FULL_NAME_OID; + public static final String MANDATE_LEG_PER_FULL_NAME_FRIENDLY_NAME = "MANDATOR-LEGAL-PERSON-FULL-NAME"; + public static final int MANDATE_LEG_PER_FULL_NAME_MAX_LENGTH = 256; + + public static final String MANDATE_PROF_REP_OID_OID = "1.2.40.0.10.2.1.1.261.86"; + public static final String MANDATE_PROF_REP_OID_NAME = URN_OID_PREFIX + MANDATE_PROF_REP_OID_OID; + public static final String MANDATE_PROF_REP_OID_FRIENDLY_NAME = "MANDATOR-PROF-REP-OID"; + public static final int MANDATE_PROF_REP_OID_MAX_LENGTH = 256; + + public static final String MANDATE_PROF_REP_DESC_OID = "1.2.40.0.10.2.1.1.261.88"; + public static final String MANDATE_PROF_REP_DESC_NAME = URN_OID_PREFIX + MANDATE_PROF_REP_DESC_OID; + public static final String MANDATE_PROF_REP_DESC_FRIENDLY_NAME = "MANDATOR-PROF-REP-DESCRIPTION"; + public static final int MANDATE_PROF_REP_DESC_MAX_LENGTH = 1024; + + public static final String MANDATE_REFERENCE_VALUE_OID = "1.2.40.0.10.2.1.1.261.90"; + public static final String MANDATE_REFERENCE_VALUE_NAME = URN_OID_PREFIX + MANDATE_REFERENCE_VALUE_OID; + public static final String MANDATE_REFERENCE_VALUE_FRIENDLY_NAME = "MANDATE-REFERENCE-VALUE"; + public static final int MANDATE_REFERENCE_VALUE_MAX_LENGTH = 100; + + public static final String MANDATE_FULL_MANDATE_OID = "1.2.40.0.10.2.1.1.261.92"; + public static final String MANDATE_FULL_MANDATE_NAME = URN_OID_PREFIX + MANDATE_FULL_MANDATE_OID; + public static final String MANDATE_FULL_MANDATE_FRIENDLY_NAME = "MANDATE-FULL-MANDATE"; + public static final int MANDATE_FULL_MANDATE_MAX_LENGTH = 32767; + + public static final String INVOICE_RECPT_ID_OID = "1.2.40.0.10.2.1.1.261.40"; + public static final String INVOICE_RECPT_ID_NAME = URN_OID_PREFIX + INVOICE_RECPT_ID_OID; + public static final String INVOICE_RECPT_ID_FRIENDLY_NAME = "INVOICE-RECPT-ID"; + public static final int INVOICE_RECPT_ID_MAX_LENGTH = 64; + + public static final String COST_CENTER_ID_OID = "1.2.40.0.10.2.1.1.261.50"; + public static final String COST_CENTER_ID_NAME = URN_OID_PREFIX + COST_CENTER_ID_OID; + public static final String COST_CENTER_ID_FRIENDLY_NAME = "COST-CENTER-ID"; + public static final int COST_CENTER_ID_MAX_LENGTH = 32767; + + public static final String CHARGE_CODE_OID = "1.2.40.0.10.2.1.1.261.60"; + public static final String CHARGE_CODE_NAME = URN_OID_PREFIX + CHARGE_CODE_OID; + public static final String CHARGE_CODE_FRIENDLY_NAME = "CHARGE-CODE"; + public static final int CHARGE_CODE_MAX_LENGTH = 32767; +} diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/PVPProcessor.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/PVPProcessor.java new file mode 100644 index 000000000..d7079ba5c --- /dev/null +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/PVPProcessor.java @@ -0,0 +1,12 @@ +package at.gv.egovernment.moa.id.protocols.pvp2x; + +import at.gv.egovernment.moa.id.auth.servlet.AuthServlet; + +public class PVPProcessor extends AuthServlet { + + /** + * + */ + private static final long serialVersionUID = 4102075202310068260L; + +} diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/PVPTargetConfiguration.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/PVPTargetConfiguration.java new file mode 100644 index 000000000..d842d5fe0 --- /dev/null +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/PVPTargetConfiguration.java @@ -0,0 +1,36 @@ +package at.gv.egovernment.moa.id.protocols.pvp2x; + +import at.gv.egovernment.moa.id.moduls.RequestImpl; +import at.gv.egovernment.moa.id.protocols.pvp2x.binding.MOARequest; + +public class PVPTargetConfiguration extends RequestImpl { + MOARequest request; + String binding; + String consumerURL; + + public MOARequest getRequest() { + return request; + } + + public void setRequest(MOARequest request) { + this.request = request; + } + + public String getBinding() { + return binding; + } + + public void setBinding(String binding) { + this.binding = binding; + } + + public String getConsumerURL() { + return consumerURL; + } + + public void setConsumerURL(String consumerURL) { + this.consumerURL = consumerURL; + } + + +} diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/binding/ArtifactBinding.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/binding/ArtifactBinding.java new file mode 100644 index 000000000..1d51d91f1 --- /dev/null +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/binding/ArtifactBinding.java @@ -0,0 +1,98 @@ +package at.gv.egovernment.moa.id.protocols.pvp2x.binding; + +import javax.servlet.http.HttpServletRequest; +import javax.servlet.http.HttpServletResponse; + +import org.apache.velocity.app.VelocityEngine; +import org.apache.velocity.runtime.RuntimeConstants; +import org.opensaml.common.SAMLObject; +import org.opensaml.common.binding.BasicSAMLMessageContext; +import org.opensaml.common.xml.SAMLConstants; +import org.opensaml.saml2.binding.encoding.HTTPArtifactEncoder; +import org.opensaml.saml2.core.RequestAbstractType; +import org.opensaml.saml2.core.StatusResponseType; +import org.opensaml.saml2.metadata.SingleSignOnService; +import org.opensaml.saml2.metadata.impl.SingleSignOnServiceBuilder; +import org.opensaml.ws.message.decoder.MessageDecodingException; +import org.opensaml.ws.message.encoder.MessageEncodingException; +import org.opensaml.ws.transport.http.HttpServletResponseAdapter; +import org.opensaml.xml.security.SecurityException; +import org.opensaml.xml.security.credential.Credential; +import org.opensaml.xml.signature.Signature; + +import at.gv.egovernment.moa.id.protocols.pvp2x.PVPAssertionStorage; +import at.gv.egovernment.moa.id.protocols.pvp2x.signer.CredentialProvider; +import at.gv.egovernment.moa.id.protocols.pvp2x.signer.CredentialsNotAvailableException; + +public class ArtifactBinding implements IDecoder, IEncoder { + + public void encodeRequest(HttpServletRequest req, HttpServletResponse resp, + RequestAbstractType request, String targetLocation) + throws MessageEncodingException, SecurityException { + // TODO Auto-generated method stub + + } + + public void encodeRespone(HttpServletRequest req, HttpServletResponse resp, + StatusResponseType response, String targetLocation) + throws MessageEncodingException, SecurityException { + try { + Credential credentials = CredentialProvider + .getIDPSigningCredential(); + + Signature signer = CredentialProvider.getIDPSignature(credentials); + response.setSignature(signer); + + VelocityEngine engine = new VelocityEngine(); + engine.setProperty(RuntimeConstants.ENCODING_DEFAULT, "UTF-8"); + engine.setProperty(RuntimeConstants.OUTPUT_ENCODING, "UTF-8"); + engine.setProperty(RuntimeConstants.ENCODING_DEFAULT, "UTF-8"); + engine.setProperty(RuntimeConstants.RESOURCE_LOADER, "classpath"); + engine.setProperty("classpath.resource.loader.class", + "org.apache.velocity.runtime.resource.loader.ClasspathResourceLoader"); + engine.init(); + + HTTPArtifactEncoder encoder = new HTTPArtifactEncoder(engine, + "resources/templates/pvp_postbinding_template.html", + PVPAssertionStorage.getInstance()); + + encoder.setPostEncoding(false); + HttpServletResponseAdapter responseAdapter = new HttpServletResponseAdapter( + resp, true); + BasicSAMLMessageContext<SAMLObject, SAMLObject, SAMLObject> context = new BasicSAMLMessageContext<SAMLObject, SAMLObject, SAMLObject>(); + SingleSignOnService service = new SingleSignOnServiceBuilder() + .buildObject(); + service.setBinding(SAMLConstants.SAML2_ARTIFACT_BINDING_URI); + service.setLocation(targetLocation); + context.setOutboundSAMLMessageSigningCredential(credentials); + context.setPeerEntityEndpoint(service); + context.setOutboundSAMLMessage(response); + context.setOutboundMessageTransport(responseAdapter); + + encoder.encode(context); + } catch (CredentialsNotAvailableException e) { + e.printStackTrace(); + throw new SecurityException(e); + } + } + + public MOARequest decodeRequest(HttpServletRequest req, + HttpServletResponse resp) throws MessageDecodingException, + SecurityException { + // TODO Auto-generated method stub + return null; + } + + public MOAResponse decodeRespone(HttpServletRequest req, + HttpServletResponse resp) throws MessageDecodingException, + SecurityException { + // TODO Auto-generated method stub + return null; + } + + public boolean handleDecode(String action, HttpServletRequest req) { + // TODO Auto-generated method stub + return false; + } + +} diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/binding/IDecoder.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/binding/IDecoder.java new file mode 100644 index 000000000..0f82d9a3f --- /dev/null +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/binding/IDecoder.java @@ -0,0 +1,21 @@ +package at.gv.egovernment.moa.id.protocols.pvp2x.binding; + +import javax.servlet.http.HttpServletRequest; +import javax.servlet.http.HttpServletResponse; + +import org.opensaml.ws.message.decoder.MessageDecodingException; +import org.opensaml.xml.security.SecurityException; + +import at.gv.egovernment.moa.id.protocols.pvp2x.exceptions.PVP2Exception; + +public interface IDecoder { + public MOARequest decodeRequest(HttpServletRequest req, + HttpServletResponse resp) + throws MessageDecodingException, SecurityException, PVP2Exception; + + public MOAResponse decodeRespone(HttpServletRequest req, + HttpServletResponse resp) + throws MessageDecodingException, SecurityException, PVP2Exception; + + public boolean handleDecode(String action, HttpServletRequest req); +} diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/binding/IEncoder.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/binding/IEncoder.java new file mode 100644 index 000000000..66526534d --- /dev/null +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/binding/IEncoder.java @@ -0,0 +1,30 @@ +package at.gv.egovernment.moa.id.protocols.pvp2x.binding; + +import javax.servlet.http.HttpServletRequest; +import javax.servlet.http.HttpServletResponse; + +import org.opensaml.saml2.core.RequestAbstractType; +import org.opensaml.saml2.core.StatusResponseType; +import org.opensaml.ws.message.encoder.MessageEncodingException; +import org.opensaml.xml.security.SecurityException; + +import at.gv.egovernment.moa.id.protocols.pvp2x.exceptions.PVP2Exception; + +public interface IEncoder { + public void encodeRequest(HttpServletRequest req, + HttpServletResponse resp, RequestAbstractType request, String targetLocation) + throws MessageEncodingException, SecurityException, PVP2Exception; + + /** + * Encoder SAML Response + * @param req The http request + * @param resp The http response + * @param response The repsonse object + * @param targetLocation + * @throws MessageEncodingException + * @throws SecurityException + */ + public void encodeRespone(HttpServletRequest req, + HttpServletResponse resp, StatusResponseType response, String targetLocation) + throws MessageEncodingException, SecurityException, PVP2Exception; +} diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/binding/MOARequest.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/binding/MOARequest.java new file mode 100644 index 000000000..946f62066 --- /dev/null +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/binding/MOARequest.java @@ -0,0 +1,40 @@ +package at.gv.egovernment.moa.id.protocols.pvp2x.binding; + +import org.opensaml.saml2.core.RequestAbstractType; +import org.opensaml.saml2.metadata.EntityDescriptor; + +public class MOARequest { + private RequestAbstractType samlRequest; + private EntityDescriptor entityMetadata; + private boolean verified = false; + + public MOARequest(RequestAbstractType request) { + samlRequest = request; + } + + public RequestAbstractType getSamlRequest() { + return samlRequest; + } + + public void setSamlRequest(RequestAbstractType request) { + this.samlRequest = request; + } + + public boolean isVerified() { + return verified; + } + + public void setVerified(boolean verified) { + this.verified = verified; + } + + public EntityDescriptor getEntityMetadata() { + return entityMetadata; + } + + public void setEntityMetadata(EntityDescriptor entityMetadata) { + this.entityMetadata = entityMetadata; + } + + +} diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/binding/MOAResponse.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/binding/MOAResponse.java new file mode 100644 index 000000000..47f935b0c --- /dev/null +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/binding/MOAResponse.java @@ -0,0 +1,38 @@ +package at.gv.egovernment.moa.id.protocols.pvp2x.binding; + +import org.opensaml.saml2.core.Response; +import org.opensaml.saml2.metadata.EntityDescriptor; + +public class MOAResponse { + private Response samlResponse; + private EntityDescriptor entityMetadata; + private boolean verified = false; + + public MOAResponse(Response response) { + samlResponse = response; + } + + public Response getSamlResponse() { + return samlResponse; + } + + public void setSamlResponse(Response samlResponse) { + this.samlResponse = samlResponse; + } + + public boolean isVerified() { + return verified; + } + + public void setVerified(boolean verified) { + this.verified = verified; + } + + public EntityDescriptor getEntityMetadata() { + return entityMetadata; + } + + public void setEntityMetadata(EntityDescriptor entityMetadata) { + this.entityMetadata = entityMetadata; + } +} diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/binding/MOAURICompare.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/binding/MOAURICompare.java new file mode 100644 index 000000000..513939e5d --- /dev/null +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/binding/MOAURICompare.java @@ -0,0 +1,12 @@ +package at.gv.egovernment.moa.id.protocols.pvp2x.binding; + +import org.opensaml.common.binding.decoding.URIComparator; + +public class MOAURICompare implements URIComparator { + + public boolean compare(String uri1, String uri2) { + // TODO: implement proper equalizer for rewritten URLS + return true; + } + +} diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/binding/PostBinding.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/binding/PostBinding.java new file mode 100644 index 000000000..85861297c --- /dev/null +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/binding/PostBinding.java @@ -0,0 +1,139 @@ +package at.gv.egovernment.moa.id.protocols.pvp2x.binding; + +import javax.servlet.http.HttpServletRequest; +import javax.servlet.http.HttpServletResponse; + +import org.apache.velocity.app.VelocityEngine; +import org.apache.velocity.runtime.RuntimeConstants; +import org.opensaml.common.SAMLObject; +import org.opensaml.common.binding.BasicSAMLMessageContext; +import org.opensaml.common.xml.SAMLConstants; +import org.opensaml.saml2.binding.decoding.HTTPPostDecoder; +import org.opensaml.saml2.binding.encoding.HTTPPostEncoder; +import org.opensaml.saml2.core.RequestAbstractType; +import org.opensaml.saml2.core.Response; +import org.opensaml.saml2.core.StatusResponseType; +import org.opensaml.saml2.metadata.SPSSODescriptor; +import org.opensaml.saml2.metadata.SingleSignOnService; +import org.opensaml.saml2.metadata.impl.SingleSignOnServiceBuilder; +import org.opensaml.saml2.metadata.provider.MetadataProviderException; +import org.opensaml.ws.message.decoder.MessageDecodingException; +import org.opensaml.ws.message.encoder.MessageEncodingException; +import org.opensaml.ws.transport.http.HttpServletRequestAdapter; +import org.opensaml.ws.transport.http.HttpServletResponseAdapter; +import org.opensaml.xml.parse.BasicParserPool; +import org.opensaml.xml.security.SecurityException; +import org.opensaml.xml.security.credential.Credential; + +import at.gv.egovernment.moa.id.auth.stork.VelocityProvider; +import at.gv.egovernment.moa.id.protocols.pvp2x.metadata.MOAMetadataProvider; +import at.gv.egovernment.moa.id.protocols.pvp2x.signer.CredentialProvider; +import at.gv.egovernment.moa.id.protocols.pvp2x.signer.CredentialsNotAvailableException; +import at.gv.egovernment.moa.logging.Logger; + +public class PostBinding implements IDecoder, IEncoder { + + public void encodeRequest(HttpServletRequest req, HttpServletResponse resp, + RequestAbstractType request, String targetLocation) + throws MessageEncodingException, SecurityException { + // TODO Auto-generated method stub + + } + + public void encodeRespone(HttpServletRequest req, HttpServletResponse resp, + StatusResponseType response, String targetLocation) + throws MessageEncodingException, SecurityException { + + try { + Credential credentials = CredentialProvider + .getIDPSigningCredential(); + + // VelocityEngine engine = + // VelocityProvider.getClassPathVelocityEngine(); + VelocityEngine engine = new VelocityEngine(); + engine.setProperty(RuntimeConstants.ENCODING_DEFAULT, "UTF-8"); + engine.setProperty(RuntimeConstants.OUTPUT_ENCODING, "UTF-8"); + engine.setProperty(RuntimeConstants.ENCODING_DEFAULT, "UTF-8"); + engine.setProperty(RuntimeConstants.RESOURCE_LOADER, "classpath"); + engine.setProperty("classpath.resource.loader.class", + "org.apache.velocity.runtime.resource.loader.ClasspathResourceLoader"); + engine.setProperty(RuntimeConstants.RUNTIME_LOG_LOGSYSTEM_CLASS, + "org.apache.velocity.runtime.log.SimpleLog4JLogSystem"); + engine.init(); + + HTTPPostEncoder encoder = new HTTPPostEncoder(engine, + "resources/templates/pvp_postbinding_template.html"); + HttpServletResponseAdapter responseAdapter = new HttpServletResponseAdapter( + resp, true); + BasicSAMLMessageContext<SAMLObject, SAMLObject, SAMLObject> context = new BasicSAMLMessageContext<SAMLObject, SAMLObject, SAMLObject>(); + SingleSignOnService service = new SingleSignOnServiceBuilder() + .buildObject(); + service.setBinding(SAMLConstants.SAML2_POST_BINDING_URI); + service.setLocation(targetLocation); + context.setOutboundSAMLMessageSigningCredential(credentials); + context.setPeerEntityEndpoint(service); + // context.setOutboundMessage(authReq); + context.setOutboundSAMLMessage(response); + context.setOutboundMessageTransport(responseAdapter); + + encoder.encode(context); + } catch (CredentialsNotAvailableException e) { + e.printStackTrace(); + throw new SecurityException(e); + } catch (Exception e) { + e.printStackTrace(); + throw new SecurityException(e); + } + } + + public MOARequest decodeRequest(HttpServletRequest req, + HttpServletResponse resp) throws MessageDecodingException, + SecurityException { + + HTTPPostDecoder decode = new HTTPPostDecoder(new BasicParserPool()); + BasicSAMLMessageContext<RequestAbstractType, ?, ?> messageContext = new BasicSAMLMessageContext<RequestAbstractType, SAMLObject, SAMLObject>(); + messageContext + .setInboundMessageTransport(new HttpServletRequestAdapter(req)); + decode.setURIComparator(new MOAURICompare()); + messageContext.setPeerEntityRole(SPSSODescriptor.DEFAULT_ELEMENT_NAME); + + messageContext.setMetadataProvider(MOAMetadataProvider.getInstance()); + + decode.decode(messageContext); + + RequestAbstractType inboundMessage = (RequestAbstractType) messageContext + .getInboundMessage(); + + MOARequest request = new MOARequest(inboundMessage); + request.setVerified(false); + request.setEntityMetadata(messageContext.getPeerEntityMetadata()); + return request; + + } + + public MOAResponse decodeRespone(HttpServletRequest req, + HttpServletResponse resp) throws MessageDecodingException, + SecurityException { + + HTTPPostDecoder decode = new HTTPPostDecoder(new BasicParserPool()); + BasicSAMLMessageContext<Response, ?, ?> messageContext = new BasicSAMLMessageContext<Response, SAMLObject, SAMLObject>(); + messageContext + .setInboundMessageTransport(new HttpServletRequestAdapter(req)); + + messageContext.setPeerEntityRole(SPSSODescriptor.DEFAULT_ELEMENT_NAME); + + decode.decode(messageContext); + + Response inboundMessage = (Response) messageContext.getInboundMessage(); + + MOAResponse moaResponse = new MOAResponse(inboundMessage); + moaResponse.setVerified(false); + moaResponse.setEntityMetadata(messageContext.getPeerEntityMetadata()); + return moaResponse; + + } + + public boolean handleDecode(String action, HttpServletRequest req) { + return (req.getMethod().equals("POST")); + } +} diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/binding/RedirectBinding.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/binding/RedirectBinding.java new file mode 100644 index 000000000..86801dde5 --- /dev/null +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/binding/RedirectBinding.java @@ -0,0 +1,148 @@ +package at.gv.egovernment.moa.id.protocols.pvp2x.binding; + +import javax.servlet.http.HttpServletRequest; +import javax.servlet.http.HttpServletResponse; + +import org.opensaml.common.SAMLObject; +import org.opensaml.common.binding.BasicSAMLMessageContext; +import org.opensaml.common.xml.SAMLConstants; +import org.opensaml.saml2.binding.decoding.HTTPRedirectDeflateDecoder; +import org.opensaml.saml2.binding.encoding.HTTPRedirectDeflateEncoder; +import org.opensaml.saml2.binding.security.SAML2HTTPRedirectDeflateSignatureRule; +import org.opensaml.saml2.core.RequestAbstractType; +import org.opensaml.saml2.core.Response; +import org.opensaml.saml2.core.StatusResponseType; +import org.opensaml.saml2.metadata.SPSSODescriptor; +import org.opensaml.saml2.metadata.SingleSignOnService; +import org.opensaml.saml2.metadata.impl.SingleSignOnServiceBuilder; +import org.opensaml.saml2.metadata.provider.MetadataProviderException; +import org.opensaml.ws.message.decoder.MessageDecodingException; +import org.opensaml.ws.message.encoder.MessageEncodingException; +import org.opensaml.ws.security.SecurityPolicyResolver; +import org.opensaml.ws.security.provider.BasicSecurityPolicy; +import org.opensaml.ws.security.provider.StaticSecurityPolicyResolver; +import org.opensaml.ws.transport.http.HttpServletRequestAdapter; +import org.opensaml.ws.transport.http.HttpServletResponseAdapter; +import org.opensaml.xml.parse.BasicParserPool; +import org.opensaml.xml.security.SecurityException; +import org.opensaml.xml.security.credential.Credential; + +import at.gv.egovernment.moa.id.protocols.pvp2x.PVP2XProtocol; +import at.gv.egovernment.moa.id.protocols.pvp2x.metadata.MOAMetadataProvider; +import at.gv.egovernment.moa.id.protocols.pvp2x.signer.CredentialProvider; +import at.gv.egovernment.moa.id.protocols.pvp2x.signer.CredentialsNotAvailableException; +import at.gv.egovernment.moa.id.protocols.pvp2x.verification.TrustEngineFactory; +import at.gv.egovernment.moa.logging.Logger; + +public class RedirectBinding implements IDecoder, IEncoder { + + public void encodeRequest(HttpServletRequest req, HttpServletResponse resp, + RequestAbstractType request, String targetLocation) + throws MessageEncodingException, SecurityException { + // TODO: implement + } + + public void encodeRespone(HttpServletRequest req, HttpServletResponse resp, + StatusResponseType response, String targetLocation) + throws MessageEncodingException, SecurityException { + try { + Credential credentials = CredentialProvider + .getIDPSigningCredential(); + + HTTPRedirectDeflateEncoder encoder = new HTTPRedirectDeflateEncoder(); + HttpServletResponseAdapter responseAdapter = new HttpServletResponseAdapter( + resp, true); + BasicSAMLMessageContext<SAMLObject, SAMLObject, SAMLObject> context = new BasicSAMLMessageContext<SAMLObject, SAMLObject, SAMLObject>(); + SingleSignOnService service = new SingleSignOnServiceBuilder() + .buildObject(); + service.setBinding(SAMLConstants.SAML2_REDIRECT_BINDING_URI); + service.setLocation(targetLocation); + context.setOutboundSAMLMessageSigningCredential(credentials); + context.setPeerEntityEndpoint(service); + // context.setOutboundMessage(authReq); + context.setOutboundSAMLMessage(response); + context.setOutboundMessageTransport(responseAdapter); + + encoder.encode(context); + } catch (CredentialsNotAvailableException e) { + e.printStackTrace(); + throw new SecurityException(e); + } + } + + public MOARequest decodeRequest(HttpServletRequest req, + HttpServletResponse resp) throws MessageDecodingException, + SecurityException { + + HTTPRedirectDeflateDecoder decode = new HTTPRedirectDeflateDecoder( + new BasicParserPool()); + decode.setURIComparator(new MOAURICompare()); + BasicSAMLMessageContext<RequestAbstractType, ?, ?> messageContext = new BasicSAMLMessageContext<RequestAbstractType, SAMLObject, SAMLObject>(); + messageContext + .setInboundMessageTransport(new HttpServletRequestAdapter(req)); + + messageContext.setMetadataProvider(MOAMetadataProvider.getInstance()); + + SAML2HTTPRedirectDeflateSignatureRule signatureRule = new SAML2HTTPRedirectDeflateSignatureRule( + TrustEngineFactory.getSignatureKnownKeysTrustEngine()); + + BasicSecurityPolicy policy = new BasicSecurityPolicy(); + policy.getPolicyRules().add(signatureRule); + SecurityPolicyResolver resolver = new StaticSecurityPolicyResolver( + policy); + messageContext.setPeerEntityRole(SPSSODescriptor.DEFAULT_ELEMENT_NAME); + messageContext.setSecurityPolicyResolver(resolver); + + decode.decode(messageContext); + + signatureRule.evaluate(messageContext); + + RequestAbstractType inboundMessage = (RequestAbstractType) messageContext + .getInboundMessage(); + MOARequest request = new MOARequest(inboundMessage); + request.setVerified(true); + request.setEntityMetadata(messageContext.getPeerEntityMetadata()); + return request; + } + + public MOAResponse decodeRespone(HttpServletRequest req, + HttpServletResponse resp) throws MessageDecodingException, + SecurityException { + + HTTPRedirectDeflateDecoder decode = new HTTPRedirectDeflateDecoder( + new BasicParserPool()); + BasicSAMLMessageContext<Response, ?, ?> messageContext = new BasicSAMLMessageContext<Response, SAMLObject, SAMLObject>(); + messageContext + .setInboundMessageTransport(new HttpServletRequestAdapter(req)); + + SAML2HTTPRedirectDeflateSignatureRule signatureRule = new SAML2HTTPRedirectDeflateSignatureRule( + TrustEngineFactory.getSignatureKnownKeysTrustEngine()); + + // signatureRule.evaluate(messageContext); + BasicSecurityPolicy policy = new BasicSecurityPolicy(); + policy.getPolicyRules().add(signatureRule); + SecurityPolicyResolver resolver = new StaticSecurityPolicyResolver( + policy); + messageContext.setPeerEntityRole(SPSSODescriptor.DEFAULT_ELEMENT_NAME); + messageContext.setSecurityPolicyResolver(resolver); + MOAMetadataProvider provider = null; + + provider = MOAMetadataProvider.getInstance(); + + messageContext.setMetadataProvider(provider); + + decode.decode(messageContext); + + Response inboundMessage = (Response) messageContext.getInboundMessage(); + + MOAResponse moaResponse = new MOAResponse(inboundMessage); + moaResponse.setVerified(true); + moaResponse.setEntityMetadata(messageContext.getPeerEntityMetadata()); + return moaResponse; + } + + public boolean handleDecode(String action, HttpServletRequest req) { + return (action.equals(PVP2XProtocol.REDIRECT) && req.getMethod() + .equals("GET")); + } +} diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/binding/SoapBinding.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/binding/SoapBinding.java new file mode 100644 index 000000000..04ec3eaee --- /dev/null +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/binding/SoapBinding.java @@ -0,0 +1,87 @@ +package at.gv.egovernment.moa.id.protocols.pvp2x.binding; + +import javax.servlet.http.HttpServletRequest; +import javax.servlet.http.HttpServletResponse; + +import org.opensaml.common.SAMLObject; +import org.opensaml.common.binding.BasicSAMLMessageContext; +import org.opensaml.common.xml.SAMLConstants; +import org.opensaml.saml2.binding.encoding.HTTPSOAP11Encoder; +import org.opensaml.saml2.core.RequestAbstractType; +import org.opensaml.saml2.core.StatusResponseType; +import org.opensaml.saml2.metadata.SingleSignOnService; +import org.opensaml.saml2.metadata.impl.SingleSignOnServiceBuilder; +import org.opensaml.ws.message.decoder.MessageDecodingException; +import org.opensaml.ws.message.encoder.MessageEncodingException; +import org.opensaml.ws.soap.soap11.decoder.http.HTTPSOAP11Decoder; +import org.opensaml.ws.transport.http.HttpServletRequestAdapter; +import org.opensaml.ws.transport.http.HttpServletResponseAdapter; +import org.opensaml.xml.security.SecurityException; +import org.opensaml.xml.security.credential.Credential; + +import at.gv.egovernment.moa.id.protocols.pvp2x.PVP2XProtocol; +import at.gv.egovernment.moa.id.protocols.pvp2x.exceptions.BindingNotSupportedException; +import at.gv.egovernment.moa.id.protocols.pvp2x.exceptions.PVP2Exception; +import at.gv.egovernment.moa.id.protocols.pvp2x.signer.CredentialProvider; +import at.gv.egovernment.moa.id.protocols.pvp2x.signer.CredentialsNotAvailableException; + +public class SoapBinding implements IDecoder, IEncoder { + + public MOARequest decodeRequest(HttpServletRequest req, + HttpServletResponse resp) throws MessageDecodingException, + SecurityException, PVP2Exception { + HTTPSOAP11Decoder soapDecoder = new HTTPSOAP11Decoder(); + BasicSAMLMessageContext<RequestAbstractType, ?, ?> messageContext = + new BasicSAMLMessageContext<RequestAbstractType, SAMLObject, SAMLObject>(); + messageContext + .setInboundMessageTransport(new HttpServletRequestAdapter( + req)); + soapDecoder.decode(messageContext); + + RequestAbstractType inboundMessage = (RequestAbstractType) messageContext + .getInboundMessage(); + + MOARequest request = new MOARequest(inboundMessage); + + return request; + } + + public MOAResponse decodeRespone(HttpServletRequest req, + HttpServletResponse resp) throws MessageDecodingException, + SecurityException, PVP2Exception { + throw new BindingNotSupportedException(SAMLConstants.SAML2_SOAP11_BINDING_URI + " response"); + } + + public boolean handleDecode(String action, HttpServletRequest req) { + return (action.equals(PVP2XProtocol.SOAP)); + } + + public void encodeRequest(HttpServletRequest req, HttpServletResponse resp, + RequestAbstractType request, String targetLocation) + throws MessageEncodingException, SecurityException, PVP2Exception { + + } + + public void encodeRespone(HttpServletRequest req, HttpServletResponse resp, + StatusResponseType response, String targetLocation) + throws MessageEncodingException, SecurityException, PVP2Exception { + try { + Credential credentials = CredentialProvider + .getIDPSigningCredential(); + + HTTPSOAP11Encoder encoder = new HTTPSOAP11Encoder(); + HttpServletResponseAdapter responseAdapter = new HttpServletResponseAdapter( + resp, true); + BasicSAMLMessageContext<SAMLObject, SAMLObject, SAMLObject> context = new BasicSAMLMessageContext<SAMLObject, SAMLObject, SAMLObject>(); + context.setOutboundSAMLMessageSigningCredential(credentials); + context.setOutboundSAMLMessage(response); + context.setOutboundMessageTransport(responseAdapter); + + encoder.encode(context); + } catch (CredentialsNotAvailableException e) { + e.printStackTrace(); + throw new SecurityException(e); + } + } + +} diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/CitizenTokenBuilder.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/CitizenTokenBuilder.java new file mode 100644 index 000000000..ab880bb9e --- /dev/null +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/CitizenTokenBuilder.java @@ -0,0 +1,158 @@ +package at.gv.egovernment.moa.id.protocols.pvp2x.builder; + +import org.opensaml.saml2.core.Attribute; +import org.opensaml.saml2.core.AttributeStatement; +import org.opensaml.saml2.core.AttributeValue; +import org.opensaml.xml.Configuration; +import org.opensaml.xml.XMLObject; +import org.opensaml.xml.schema.XSInteger; +import org.opensaml.xml.schema.XSString; +import org.opensaml.xml.schema.impl.XSIntegerBuilder; +import org.opensaml.xml.schema.impl.XSStringBuilder; + +import at.gv.egovernment.moa.id.BuildException; +import at.gv.egovernment.moa.id.auth.AuthenticationServer; +import at.gv.egovernment.moa.id.auth.data.AuthenticationSession; +import at.gv.egovernment.moa.id.config.ConfigurationException; +import at.gv.egovernment.moa.id.config.auth.AuthConfigurationProvider; +import at.gv.egovernment.moa.id.config.auth.OAAuthParameter; +import at.gv.egovernment.moa.id.data.AuthenticationData; +import at.gv.egovernment.moa.id.protocols.pvp2x.binding.MOARequest; +import at.gv.egovernment.moa.id.protocols.pvp2x.utils.SAML2Utils; + +public class CitizenTokenBuilder { + + public static XMLObject buildAttributeStringValue(String value) { + XSStringBuilder stringBuilder = (XSStringBuilder) Configuration.getBuilderFactory().getBuilder(XSString.TYPE_NAME); + XSString stringValue = stringBuilder.buildObject(AttributeValue.DEFAULT_ELEMENT_NAME, XSString.TYPE_NAME); + stringValue.setValue(value); + return stringValue; + } + + public static XMLObject buildAttributeIntegerValue(int value) { + XSIntegerBuilder integerBuilder = (XSIntegerBuilder) Configuration.getBuilderFactory().getBuilder(XSInteger.TYPE_NAME); + XSInteger integerValue = integerBuilder.buildObject(AttributeValue.DEFAULT_ELEMENT_NAME, XSInteger.TYPE_NAME); + integerValue.setValue(value); + return integerValue; + } + + public static Attribute buildStringAttribute(String friendlyName, + String name, String value) { + Attribute attribute = + SAML2Utils.createSAMLObject(Attribute.class); + attribute.setFriendlyName(friendlyName); + attribute.setName(name); + attribute.getAttributeValues().add(buildAttributeStringValue(value)); + return attribute; + } + + public static Attribute buildIntegerAttribute(String friendlyName, + String name, int value) { + Attribute attribute = + SAML2Utils.createSAMLObject(Attribute.class); + attribute.setFriendlyName(friendlyName); + attribute.setName(name); + attribute.getAttributeValues().add(buildAttributeIntegerValue(value)); + return attribute; + } + + public static Attribute buildPVPVersion(String value) { + return buildStringAttribute("PVP-VERSION", + "urn:oid:1.2.40.0.10.2.1.1.261.10", value); + } + + public static Attribute buildSecClass(int value) { + return buildIntegerAttribute("SECCLASS", + "", value); + } + + public static Attribute buildPrincipalName(String value) { + return buildStringAttribute("PRINCIPAL-NAME", + "urn:oid:1.2.40.0.10.2.1.1.261.20", value); + } + + public static Attribute buildGivenName(String value) { + return buildStringAttribute("GIVEN-NAME", + "urn:oid:2.5.4.42", value); + } + + public static Attribute buildBirthday(String value) { + return buildStringAttribute("BIRTHDATE", + "urn:oid:1.2.40.0.10.2.1.1.55", value); + } + + public static Attribute buildBPK(String value) { + return buildStringAttribute("BPK", + "urn:oid:1.2.40.0.10.2.1.1.149", value); + } + + public static Attribute buildEID_CITIZEN_QAALEVEL(int value) { + return buildIntegerAttribute("EID-CITIZEN-QAA-LEVEL", + "urn:oid:1.2.40.0.10.2.1.1.261.94", value); + } + + public static Attribute buildEID_ISSUING_NATION(String value) { + return buildStringAttribute("EID-ISSUING-NATION", + "urn:oid:1.2.40.0.10.2.1.1.261.32", value); + } + + public static Attribute buildEID_SECTOR_FOR_IDENTIFIER(String value) { + return buildStringAttribute("EID-SECTOR-FOR-IDENTIFIER", + "urn:oid:1.2.40.0.10.2.1.1.261.34", value); + } + + +// public static AttributeStatement buildCitizenToken(MOARequest obj, +// AuthenticationSession authSession) { +// AttributeStatement statement = +// SAML2Utils.createSAMLObject(AttributeStatement.class); +// +// //TL: AuthData generation is moved out from VerifyAuthBlockServlet +// try { +// +// //TODO: LOAD oaParam from request and not from MOASession in case of SSO +// OAAuthParameter oaParam = AuthConfigurationProvider.getInstance() +// .getOnlineApplicationParameter(authSession.getPublicOAURLPrefix()); +// +// AuthenticationData authData = AuthenticationServer.buildAuthenticationData(authSession, +// oaParam, +// authSession.getTarget()); +// +// Attribute pvpVersion = buildPVPVersion("2.1"); +// Attribute secClass = buildSecClass(3); +// Attribute principalName = buildPrincipalName(authData.getFamilyName()); +// Attribute givenName = buildGivenName(authData.getGivenName()); +// Attribute birthdate = buildBirthday(authData.getDateOfBirth()); +// +// //TL: getIdentificationValue holds the baseID --> change to pBK +// Attribute bpk = buildBPK(authData.getBPK()); +// +// Attribute eid_citizen_qaa = buildEID_CITIZEN_QAALEVEL(3); +// Attribute eid_issuing_nation = buildEID_ISSUING_NATION("AT"); +// Attribute eid_sector_for_id = buildEID_SECTOR_FOR_IDENTIFIER(authData.getIdentificationType()); +// +// statement.getAttributes().add(pvpVersion); +// statement.getAttributes().add(secClass); +// statement.getAttributes().add(principalName); +// statement.getAttributes().add(givenName); +// statement.getAttributes().add(birthdate); +// statement.getAttributes().add(bpk); +// statement.getAttributes().add(eid_citizen_qaa); +// statement.getAttributes().add(eid_issuing_nation); +// statement.getAttributes().add(eid_sector_for_id); +// +// return statement; +// +// } catch (ConfigurationException e) { +// +// // TODO: check Exception Handling +// return null; +// } catch (BuildException e) { +// +// // TODO: check Exception Handling +// return null; +// } +// +// +// } +} diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/PVPAttributeBuilder.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/PVPAttributeBuilder.java new file mode 100644 index 000000000..60e510de2 --- /dev/null +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/PVPAttributeBuilder.java @@ -0,0 +1,98 @@ +package at.gv.egovernment.moa.id.protocols.pvp2x.builder; + +import java.util.ArrayList; +import java.util.HashMap; +import java.util.Iterator; +import java.util.List; + +import org.opensaml.saml2.core.Attribute; + +import at.gv.egovernment.moa.id.auth.data.AuthenticationSession; +import at.gv.egovernment.moa.id.config.auth.OAAuthParameter; +import at.gv.egovernment.moa.id.data.AuthenticationData; +import at.gv.egovernment.moa.id.protocols.pvp2x.builder.attributes.BPKAttributeBuilder; +import at.gv.egovernment.moa.id.protocols.pvp2x.builder.attributes.BirthdateAttributeBuilder; +import at.gv.egovernment.moa.id.protocols.pvp2x.builder.attributes.EIDCitizenQAALevelAttributeBuilder; +import at.gv.egovernment.moa.id.protocols.pvp2x.builder.attributes.EIDIssuingNationAttributeBuilder; +import at.gv.egovernment.moa.id.protocols.pvp2x.builder.attributes.EIDSectorForIDAttributeBuilder; +import at.gv.egovernment.moa.id.protocols.pvp2x.builder.attributes.GivenNameAttributeBuilder; +import at.gv.egovernment.moa.id.protocols.pvp2x.builder.attributes.IAttributeBuilder; +import at.gv.egovernment.moa.id.protocols.pvp2x.builder.attributes.MandateFullMandateAttributeBuilder; +import at.gv.egovernment.moa.id.protocols.pvp2x.builder.attributes.MandateLegalPersonFullNameAttributeBuilder; +import at.gv.egovernment.moa.id.protocols.pvp2x.builder.attributes.MandateLegalPersonSourcePinAttributeBuilder; +import at.gv.egovernment.moa.id.protocols.pvp2x.builder.attributes.MandateLegalPersonSourcePinTypeAttributeBuilder; +import at.gv.egovernment.moa.id.protocols.pvp2x.builder.attributes.MandateNaturalPersonBPKAttributeBuilder; +import at.gv.egovernment.moa.id.protocols.pvp2x.builder.attributes.MandateNaturalPersonBirthDateAttributeBuilder; +import at.gv.egovernment.moa.id.protocols.pvp2x.builder.attributes.MandateNaturalPersonFamilyNameAttributeBuilder; +import at.gv.egovernment.moa.id.protocols.pvp2x.builder.attributes.MandateNaturalPersonGivenNameAttributeBuilder; +import at.gv.egovernment.moa.id.protocols.pvp2x.builder.attributes.MandateNaturalPersonSourcePinAttributeBuilder; +import at.gv.egovernment.moa.id.protocols.pvp2x.builder.attributes.MandateNaturalPersonSourcePinTypeAttributeBuilder; +import at.gv.egovernment.moa.id.protocols.pvp2x.builder.attributes.MandateProfRepDescAttributeBuilder; +import at.gv.egovernment.moa.id.protocols.pvp2x.builder.attributes.MandateProfRepOIDAttributeBuilder; +import at.gv.egovernment.moa.id.protocols.pvp2x.builder.attributes.MandateReferenceValueAttributeBuilder; +import at.gv.egovernment.moa.id.protocols.pvp2x.builder.attributes.MandateTypeAttributeBuilder; +import at.gv.egovernment.moa.id.protocols.pvp2x.builder.attributes.PVPVersionAttributeBuilder; +import at.gv.egovernment.moa.id.protocols.pvp2x.builder.attributes.PrincipalNameAttributeBuilder; +import at.gv.egovernment.moa.id.protocols.pvp2x.exceptions.PVP2Exception; + +public class PVPAttributeBuilder { + + private static HashMap<String, IAttributeBuilder> builders; + + private static void addBuilder(IAttributeBuilder builder) { + builders.put(builder.getName(), builder); + } + + static { + builders = new HashMap<String, IAttributeBuilder>(); + // Citizen Token normal + addBuilder(new PVPVersionAttributeBuilder()); + addBuilder(new PrincipalNameAttributeBuilder()); + addBuilder(new GivenNameAttributeBuilder()); + addBuilder(new BirthdateAttributeBuilder()); + addBuilder(new BPKAttributeBuilder()); + addBuilder(new EIDCitizenQAALevelAttributeBuilder()); + addBuilder(new EIDIssuingNationAttributeBuilder()); + addBuilder(new EIDSectorForIDAttributeBuilder()); + + // Mandate Attributes + addBuilder(new MandateTypeAttributeBuilder()); + addBuilder(new MandateLegalPersonFullNameAttributeBuilder()); + addBuilder(new MandateLegalPersonSourcePinAttributeBuilder()); + addBuilder(new MandateLegalPersonSourcePinTypeAttributeBuilder()); + addBuilder(new MandateNaturalPersonBirthDateAttributeBuilder()); + addBuilder(new MandateNaturalPersonBPKAttributeBuilder()); + addBuilder(new MandateNaturalPersonFamilyNameAttributeBuilder()); + addBuilder(new MandateNaturalPersonGivenNameAttributeBuilder()); + addBuilder(new MandateNaturalPersonSourcePinAttributeBuilder()); + addBuilder(new MandateNaturalPersonSourcePinTypeAttributeBuilder()); + addBuilder(new MandateTypeAttributeBuilder()); + addBuilder(new MandateProfRepOIDAttributeBuilder()); + addBuilder(new MandateProfRepDescAttributeBuilder()); + addBuilder(new MandateReferenceValueAttributeBuilder()); + addBuilder(new MandateFullMandateAttributeBuilder()); + } + + public static Attribute buildAttribute(String name, + AuthenticationSession authSession, + OAAuthParameter oaParam, AuthenticationData authData) throws PVP2Exception { + if (builders.containsKey(name)) { + return builders.get(name).build(authSession, oaParam, authData); + } + return null; + } + + public static List<Attribute> buildSupportedEmptyAttributes() { + List<Attribute> attributes = new ArrayList<Attribute>(); + Iterator<IAttributeBuilder> builderIt = builders.values().iterator(); + while (builderIt.hasNext()) { + IAttributeBuilder builder = builderIt.next(); + Attribute emptyAttribute = builder.buildEmpty(); + if (emptyAttribute != null) { + attributes.add(emptyAttribute); + } + } + return attributes; + } + +} diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/assertion/PVP2AssertionBuilder.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/assertion/PVP2AssertionBuilder.java new file mode 100644 index 000000000..17fc52a8c --- /dev/null +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/assertion/PVP2AssertionBuilder.java @@ -0,0 +1,325 @@ +package at.gv.egovernment.moa.id.protocols.pvp2x.builder.assertion; + +import java.util.Iterator; +import java.util.List; + +import org.joda.time.DateTime; +import org.opensaml.common.xml.SAMLConstants; +import org.opensaml.saml2.core.Assertion; +import org.opensaml.saml2.core.Attribute; +import org.opensaml.saml2.core.AttributeStatement; +import org.opensaml.saml2.core.Audience; +import org.opensaml.saml2.core.AudienceRestriction; +import org.opensaml.saml2.core.AuthnContext; +import org.opensaml.saml2.core.AuthnContextClassRef; +import org.opensaml.saml2.core.AuthnRequest; +import org.opensaml.saml2.core.AuthnStatement; +import org.opensaml.saml2.core.Conditions; +import org.opensaml.saml2.core.Issuer; +import org.opensaml.saml2.core.NameID; +import org.opensaml.saml2.core.RequestedAuthnContext; +import org.opensaml.saml2.core.Subject; +import org.opensaml.saml2.core.SubjectConfirmation; +import org.opensaml.saml2.core.SubjectConfirmationData; +import org.opensaml.saml2.metadata.AttributeConsumingService; +import org.opensaml.saml2.metadata.EntityDescriptor; +import org.opensaml.saml2.metadata.NameIDFormat; +import org.opensaml.saml2.metadata.RequestedAttribute; +import org.opensaml.saml2.metadata.SPSSODescriptor; +import org.w3c.dom.Element; + +import at.gv.e_government.reference.namespace.mandates._20040701_.Mandate; +import at.gv.e_government.reference.namespace.persondata._20020228_.CorporateBodyType; +import at.gv.e_government.reference.namespace.persondata._20020228_.IdentificationType; +import at.gv.e_government.reference.namespace.persondata._20020228_.PhysicalPersonType; +import at.gv.egovernment.moa.id.MOAIDException; +import at.gv.egovernment.moa.id.auth.AuthenticationServer; +import at.gv.egovernment.moa.id.auth.builder.BPKBuilder; +import at.gv.egovernment.moa.id.auth.data.AuthenticationSession; +import at.gv.egovernment.moa.id.config.auth.AuthConfigurationProvider; +import at.gv.egovernment.moa.id.config.auth.OAAuthParameter; +import at.gv.egovernment.moa.id.data.AuthenticationData; +import at.gv.egovernment.moa.id.protocols.pvp2x.PVPConstants; +import at.gv.egovernment.moa.id.protocols.pvp2x.builder.PVPAttributeBuilder; +import at.gv.egovernment.moa.id.protocols.pvp2x.config.PVPConfiguration; +import at.gv.egovernment.moa.id.protocols.pvp2x.exceptions.NameIDFormatNotSupportedException; +import at.gv.egovernment.moa.id.protocols.pvp2x.exceptions.NoAuthContextException; +import at.gv.egovernment.moa.id.protocols.pvp2x.exceptions.NoMandateDataAvailableException; +import at.gv.egovernment.moa.id.protocols.pvp2x.exceptions.PVP2Exception; +import at.gv.egovernment.moa.id.protocols.pvp2x.exceptions.QAANotSupportedException; +import at.gv.egovernment.moa.id.protocols.pvp2x.exceptions.UnprovideableAttributeException; +import at.gv.egovernment.moa.id.protocols.pvp2x.utils.SAML2Utils; +import at.gv.egovernment.moa.id.util.MandateBuilder; +import at.gv.egovernment.moa.logging.Logger; +import at.gv.egovernment.moa.util.Constants; + +public class PVP2AssertionBuilder implements PVPConstants { + public static Assertion buildAssertion(AuthnRequest authnRequest, + AuthenticationSession authSession, EntityDescriptor peerEntity) + throws MOAIDException { + Assertion assertion = SAML2Utils.createSAMLObject(Assertion.class); + + RequestedAuthnContext reqAuthnContext = authnRequest + .getRequestedAuthnContext(); + + if (reqAuthnContext == null) { + throw new NoAuthContextException(); + } + + boolean stork_qaa_1_4_found = false; + + AuthnContextClassRef authnContextClassRef = SAML2Utils + .createSAMLObject(AuthnContextClassRef.class); + + List<AuthnContextClassRef> reqAuthnContextClassRefIt = reqAuthnContext + .getAuthnContextClassRefs(); + + if (reqAuthnContextClassRefIt.size() == 0) { + stork_qaa_1_4_found = true; + authnContextClassRef.setAuthnContextClassRef(STORK_QAA_1_4); + + } else { + for (AuthnContextClassRef authnClassRef : reqAuthnContextClassRefIt) { + String qaa_uri = authnClassRef.getAuthnContextClassRef(); + if (qaa_uri.trim().equals(STORK_QAA_1_4) + || qaa_uri.trim().equals(STORK_QAA_1_3) + || qaa_uri.trim().equals(STORK_QAA_1_2) + || qaa_uri.trim().equals(STORK_QAA_1_1)) { + + if (authSession.isForeigner()) { + //TODO: insert QAA check + + stork_qaa_1_4_found = false; + + } else { + stork_qaa_1_4_found = true; + authnContextClassRef.setAuthnContextClassRef(STORK_QAA_1_4); + } + break; + } + } + } + + if (!stork_qaa_1_4_found) { + throw new QAANotSupportedException(STORK_QAA_1_4); + } + +// reqAuthnContextClassRefIt = reqAuthnContext.getAuthnContextClassRefs() +// .iterator(); +// +// StringBuilder authContextsb = new StringBuilder(); +// +// while (reqAuthnContextClassRefIt.hasNext()) { +// AuthnContextClassRef authnClassRef = reqAuthnContextClassRefIt +// .next(); +// String[] qaa_uris = authnClassRef.getAuthnContextClassRef().split( +// "\\s+"); +// for (int i = 0; i < qaa_uris.length; i++) { +// if (qaa_uris[i].trim().equals(STORK_QAA_1_4) +// || qaa_uris[i].trim().equals(STORK_QAA_1_3) +// || qaa_uris[i].trim().equals(STORK_QAA_1_2) +// || qaa_uris[i].trim().equals(STORK_QAA_1_1)) { +// authContextsb.append(qaa_uris[i].trim()); +// authContextsb.append(" "); +// } +// } +// +// } + + AuthnContext authnContext = SAML2Utils + .createSAMLObject(AuthnContext.class); + authnContext.setAuthnContextClassRef(authnContextClassRef); + + AuthnStatement authnStatement = SAML2Utils + .createSAMLObject(AuthnStatement.class); + String remoteSessionID = SAML2Utils.getSecureIdentifier(); + authnStatement.setAuthnInstant(new DateTime()); + // currently dummy id ... + authnStatement.setSessionIndex(remoteSessionID); + authnStatement.setAuthnContext(authnContext); + + assertion.getAuthnStatements().add(authnStatement); + + SPSSODescriptor spSSODescriptor = peerEntity + .getSPSSODescriptor(SAMLConstants.SAML20P_NS); + + Integer aIdx = authnRequest.getAttributeConsumingServiceIndex(); + int idx = 0; + + if (aIdx != null) { + idx = aIdx.intValue(); + } + + AttributeConsumingService attributeConsumingService = spSSODescriptor + .getAttributeConsumingServices().get(idx); + + AttributeStatement attributeStatement = SAML2Utils + .createSAMLObject(AttributeStatement.class); + + Subject subject = SAML2Utils.createSAMLObject(Subject.class); + NameID subjectNameID = SAML2Utils.createSAMLObject(NameID.class); + boolean foundFormat = false; + + // TL: AuthData generation is moved to Assertion generation. + + Iterator<NameIDFormat> formatIt = spSSODescriptor.getNameIDFormats() + .iterator(); + while (formatIt.hasNext()) { + if (formatIt.next().getFormat().equals(NameID.PERSISTENT)) { + foundFormat = true; + break; + } + } + if (!foundFormat) { + // TODO use correct exception + throw new NameIDFormatNotSupportedException(""); + } + + // TODO: Check if we need to hide source pin + /* + * if(authSession.getUseMandate()) { Element mandate = + * authSession.getMandate(); if(authSession.getBusinessService()) { // + * Hide Source PIN! ParepUtils.HideStammZahlen(mandate, true, null, + * authSession.getDomainIdentifier(), true); } else { + * ParepUtils.HideStammZahlen(mandate, false, authSession.getTarget(), + * null, true); } } + */ + + // TODO: LOAD oaParam from request and not from MOASession in case of + // SSO + OAAuthParameter oaParam = AuthConfigurationProvider.getInstance() + .getOnlineApplicationParameter( + peerEntity.getEntityID()); + + AuthenticationData authData = AuthenticationServer + .buildAuthenticationData(authSession, oaParam, + oaParam.getTarget()); + + Iterator<RequestedAttribute> it = attributeConsumingService + .getRequestAttributes().iterator(); + while (it.hasNext()) { + RequestedAttribute reqAttribut = it.next(); + try { + Attribute attr = PVPAttributeBuilder.buildAttribute( + reqAttribut.getName(), authSession, oaParam, authData); + if (attr == null) { + if (reqAttribut.isRequired()) { + throw new UnprovideableAttributeException( + reqAttribut.getName()); + } + } else { + attributeStatement.getAttributes().add(attr); + } + } catch (PVP2Exception e) { + Logger.error( + "Attribute generation failed! for " + + reqAttribut.getFriendlyName(), e); + if (reqAttribut.isRequired()) { + throw new UnprovideableAttributeException( + reqAttribut.getName()); + } + } + } + + if (attributeStatement.getAttributes().size() > 0) { + assertion.getAttributeStatements().add(attributeStatement); + } + + subjectNameID.setFormat(NameID.PERSISTENT); + + //TLenz: set correct bPK Type and Value from AuthData + if (authSession.getUseMandate()) { + Element mandate = authSession.getMandate(); + if(mandate == null) { + throw new NoMandateDataAvailableException(); + } + Mandate mandateObject = MandateBuilder.buildMandate(mandate); + if(mandateObject == null) { + throw new NoMandateDataAvailableException(); + } + CorporateBodyType corporation = mandateObject.getMandator().getCorporateBody(); + PhysicalPersonType pysicalperson = mandateObject.getMandator().getPhysicalPerson(); + + IdentificationType id; + if(corporation != null && corporation.getIdentification().size() > 0) + id = corporation.getIdentification().get(0); + + + else if (pysicalperson != null && pysicalperson.getIdentification().size() > 0) + id = pysicalperson.getIdentification().get(0); + + else { + Logger.error("Failed to generate IdentificationType"); + throw new NoMandateDataAvailableException(); + } + + String bpktype = id.getType(); + String bpk = id.getValue().getValue(); + + if (bpktype.equals(Constants.URN_PREFIX_BASEID)) { + if (authSession.getBusinessService()) { + subjectNameID.setValue(new BPKBuilder().buildWBPK(bpk, oaParam.getIdentityLinkDomainIdentifier())); + if (oaParam.getIdentityLinkDomainIdentifier().startsWith(AuthenticationSession.REGISTERANDORDNR_PREFIX_)) + subjectNameID.setNameQualifier(oaParam.getIdentityLinkDomainIdentifier()); + else + subjectNameID.setNameQualifier(Constants.URN_PREFIX_WBPK + "+" + oaParam.getIdentityLinkDomainIdentifier()); + + } else { + subjectNameID.setValue(new BPKBuilder().buildBPK(bpk, oaParam.getTarget())); + if (oaParam.getTarget().startsWith(Constants.URN_PREFIX_CDID + "+")) + subjectNameID.setNameQualifier(oaParam.getTarget()); + else + subjectNameID.setNameQualifier(Constants.URN_PREFIX_CDID + "+" + oaParam.getTarget()); + } + + + } else { + subjectNameID.setNameQualifier(bpktype); + subjectNameID.setValue(bpk); + } + + } else { + subjectNameID.setNameQualifier(authData.getBPKType()); + subjectNameID.setValue(authData.getBPK()); + } + + + subject.setNameID(subjectNameID); + + SubjectConfirmation subjectConfirmation = SAML2Utils + .createSAMLObject(SubjectConfirmation.class); + subjectConfirmation.setMethod(SubjectConfirmation.METHOD_BEARER); + SubjectConfirmationData subjectConfirmationData = SAML2Utils + .createSAMLObject(SubjectConfirmationData.class); + subjectConfirmationData.setInResponseTo(authnRequest.getID()); + subjectConfirmationData.setNotOnOrAfter(new DateTime().plusMinutes(20)); + subjectConfirmationData.setRecipient(peerEntity.getEntityID()); + + subjectConfirmation.setSubjectConfirmationData(subjectConfirmationData); + + subject.getSubjectConfirmations().add(subjectConfirmation); + + Conditions conditions = SAML2Utils.createSAMLObject(Conditions.class); + AudienceRestriction audienceRestriction = SAML2Utils + .createSAMLObject(AudienceRestriction.class); + Audience audience = SAML2Utils.createSAMLObject(Audience.class); + + audience.setAudienceURI(peerEntity.getEntityID()); + audienceRestriction.getAudiences().add(audience); + conditions.setNotBefore(new DateTime()); + conditions.setNotOnOrAfter(new DateTime().plusMinutes(20)); + conditions.getAudienceRestrictions().add(audienceRestriction); + + assertion.setConditions(conditions); + + Issuer issuer = SAML2Utils.createSAMLObject(Issuer.class); + issuer.setValue(PVPConfiguration.getInstance().getIDPIssuerName()); + issuer.setFormat(NameID.ENTITY); + assertion.setIssuer(issuer); + assertion.setSubject(subject); + assertion.setID(SAML2Utils.getSecureIdentifier()); + assertion.setIssueInstant(new DateTime()); + + return assertion; + } +} diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/attributes/BPKAttributeBuilder.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/attributes/BPKAttributeBuilder.java new file mode 100644 index 000000000..4fb76c377 --- /dev/null +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/attributes/BPKAttributeBuilder.java @@ -0,0 +1,37 @@ +package at.gv.egovernment.moa.id.protocols.pvp2x.builder.attributes; + +import org.opensaml.saml2.core.Attribute; + +import at.gv.egovernment.moa.id.auth.data.AuthenticationSession; +import at.gv.egovernment.moa.id.config.auth.OAAuthParameter; +import at.gv.egovernment.moa.id.data.AuthenticationData; +import at.gv.egovernment.moa.util.Constants; + +public class BPKAttributeBuilder extends BaseAttributeBuilder { + + public String getName() { + return BPK_NAME; + } + + public Attribute build(AuthenticationSession authSession, + OAAuthParameter oaParam, AuthenticationData authData) { + String bpk = authData.getBPK(); + String type = authData.getBPKType(); + + if (type.startsWith(Constants.URN_PREFIX_WBPK)) + type = type.substring((Constants.URN_PREFIX_WBPK+"+").length()); + else if (type.startsWith(Constants.URN_PREFIX_CDID)) + type = type.substring((Constants.URN_PREFIX_CDID+"+").length()); + + if(bpk.length() > BPK_MAX_LENGTH) { + bpk = bpk.substring(0, BPK_MAX_LENGTH); + } + return buildStringAttribute(BPK_FRIENDLY_NAME, BPK_NAME, type + ":" + bpk); + } + + + public Attribute buildEmpty() { + return buildemptyAttribute(BPK_FRIENDLY_NAME, BPK_NAME); + } + +} diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/attributes/BaseAttributeBuilder.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/attributes/BaseAttributeBuilder.java new file mode 100644 index 000000000..d3c79c939 --- /dev/null +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/attributes/BaseAttributeBuilder.java @@ -0,0 +1,62 @@ +package at.gv.egovernment.moa.id.protocols.pvp2x.builder.attributes; + +import org.opensaml.saml2.core.Attribute; +import org.opensaml.saml2.core.AttributeValue; +import org.opensaml.xml.Configuration; +import org.opensaml.xml.XMLObject; +import org.opensaml.xml.schema.XSInteger; +import org.opensaml.xml.schema.XSString; +import org.opensaml.xml.schema.impl.XSIntegerBuilder; +import org.opensaml.xml.schema.impl.XSStringBuilder; + +import at.gv.egovernment.moa.id.protocols.pvp2x.PVPConstants; +import at.gv.egovernment.moa.id.protocols.pvp2x.utils.SAML2Utils; + +public abstract class BaseAttributeBuilder implements PVPConstants, IAttributeBuilder { + + + protected static XMLObject buildAttributeStringValue(String value) { + XSStringBuilder stringBuilder = (XSStringBuilder) Configuration.getBuilderFactory().getBuilder(XSString.TYPE_NAME); + XSString stringValue = stringBuilder.buildObject(AttributeValue.DEFAULT_ELEMENT_NAME, XSString.TYPE_NAME); + stringValue.setValue(value); + return stringValue; + } + + protected static XMLObject buildAttributeIntegerValue(int value) { + XSIntegerBuilder integerBuilder = (XSIntegerBuilder) Configuration.getBuilderFactory().getBuilder(XSInteger.TYPE_NAME); + XSInteger integerValue = integerBuilder.buildObject(AttributeValue.DEFAULT_ELEMENT_NAME, XSInteger.TYPE_NAME); + integerValue.setValue(value); + return integerValue; + } + + protected static Attribute buildStringAttribute(String friendlyName, + String name, String value) { + Attribute attribute = + SAML2Utils.createSAMLObject(Attribute.class); + attribute.setFriendlyName(friendlyName); + attribute.setName(name); + attribute.setNameFormat(Attribute.URI_REFERENCE); + attribute.getAttributeValues().add(buildAttributeStringValue(value)); + return attribute; + } + + protected static Attribute buildIntegerAttribute(String friendlyName, + String name, int value) { + Attribute attribute = + SAML2Utils.createSAMLObject(Attribute.class); + attribute.setFriendlyName(friendlyName); + attribute.setName(name); + attribute.setNameFormat(Attribute.URI_REFERENCE); + attribute.getAttributeValues().add(buildAttributeIntegerValue(value)); + return attribute; + } + + protected static Attribute buildemptyAttribute(String friendlyName, String name) { + Attribute attribute = + SAML2Utils.createSAMLObject(Attribute.class); + attribute.setFriendlyName(friendlyName); + attribute.setName(name); + attribute.setNameFormat(Attribute.URI_REFERENCE); + return attribute; + } +} diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/attributes/BirthdateAttributeBuilder.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/attributes/BirthdateAttributeBuilder.java new file mode 100644 index 000000000..fa42fc54f --- /dev/null +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/attributes/BirthdateAttributeBuilder.java @@ -0,0 +1,45 @@ +package at.gv.egovernment.moa.id.protocols.pvp2x.builder.attributes; + +import java.text.DateFormat; +import java.text.ParseException; +import java.text.SimpleDateFormat; +import java.util.Date; + +import org.opensaml.saml2.core.Attribute; + +import at.gv.egovernment.moa.id.auth.data.AuthenticationSession; +import at.gv.egovernment.moa.id.config.auth.OAAuthParameter; +import at.gv.egovernment.moa.id.data.AuthenticationData; + +public class BirthdateAttributeBuilder extends BaseAttributeBuilder { + + public static final String IDENTITY_LINK_DATE_FORMAT = "yyyy-MM-dd"; + + public String getName() { + return BIRTHDATE_NAME; + } + + public Attribute build(AuthenticationSession authSession, + OAAuthParameter oaParam, AuthenticationData authData) { + try { + DateFormat identityLinkFormat = new SimpleDateFormat( + IDENTITY_LINK_DATE_FORMAT); + Date date = identityLinkFormat.parse(authSession.getIdentityLink() + .getDateOfBirth()); + DateFormat pvpDateFormat = new SimpleDateFormat( + BIRTHDATE_FORMAT_PATTERN); + String dateString = pvpDateFormat.format(date); + return buildStringAttribute(BIRTHDATE_FRIENDLY_NAME, + BIRTHDATE_NAME, dateString); + } catch (ParseException e) { + e.printStackTrace(); + return null; + } + } + + public Attribute buildEmpty() { + return buildemptyAttribute(BIRTHDATE_FRIENDLY_NAME, + BIRTHDATE_NAME); + } + +} diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/attributes/EIDCitizenQAALevelAttributeBuilder.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/attributes/EIDCitizenQAALevelAttributeBuilder.java new file mode 100644 index 000000000..5ddd87c7b --- /dev/null +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/attributes/EIDCitizenQAALevelAttributeBuilder.java @@ -0,0 +1,27 @@ +package at.gv.egovernment.moa.id.protocols.pvp2x.builder.attributes; + +import org.opensaml.saml2.core.Attribute; + +import at.gv.egovernment.moa.id.auth.data.AuthenticationSession; +import at.gv.egovernment.moa.id.config.auth.OAAuthParameter; +import at.gv.egovernment.moa.id.data.AuthenticationData; + +public class EIDCitizenQAALevelAttributeBuilder extends BaseAttributeBuilder { + + public String getName() { + return EID_CITIZEN_QAA_LEVEL_NAME; + } + + public Attribute build(AuthenticationSession authSession, + OAAuthParameter oaParam, AuthenticationData authData) { + return buildIntegerAttribute(EID_CITIZEN_QAA_LEVEL_FRIENDLY_NAME, + EID_CITIZEN_QAA_LEVEL_NAME, 4); + } + + + public Attribute buildEmpty() { + return buildemptyAttribute(EID_CITIZEN_QAA_LEVEL_FRIENDLY_NAME, + EID_CITIZEN_QAA_LEVEL_NAME); + } + +} diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/attributes/EIDIssuingNationAttributeBuilder.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/attributes/EIDIssuingNationAttributeBuilder.java new file mode 100644 index 000000000..08e4e67b3 --- /dev/null +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/attributes/EIDIssuingNationAttributeBuilder.java @@ -0,0 +1,60 @@ +package at.gv.egovernment.moa.id.protocols.pvp2x.builder.attributes; + +import iaik.x509.X509Certificate; + +import javax.naming.ldap.LdapName; +import javax.naming.ldap.Rdn; + +import org.opensaml.saml2.core.Attribute; + +import at.gv.egovernment.moa.id.auth.data.AuthenticationSession; +import at.gv.egovernment.moa.id.config.auth.OAAuthParameter; +import at.gv.egovernment.moa.id.data.AuthenticationData; +import at.gv.egovernment.moa.logging.Logger; + +public class EIDIssuingNationAttributeBuilder extends BaseAttributeBuilder { + + public String getName() { + return EID_ISSUING_NATION_NAME; + } + + public Attribute build(AuthenticationSession authSession, + OAAuthParameter oaParam, AuthenticationData authData) { + String countryCode = "AT"; + + + if (authSession.getStorkAuthnRequest() != null) { + countryCode = authSession.getStorkAuthnRequest() + .getCitizenCountryCode(); + } else { + + //TODO: replace with TSL lookup when TSL is ready! + X509Certificate certificate = authSession.getSignerCertificate(); + + if (certificate != null) { + try { + LdapName ln = new LdapName(certificate.getIssuerDN() + .getName()); + for (Rdn rdn : ln.getRdns()) { + if (rdn.getType().equalsIgnoreCase("C")) { + Logger.info("C is: " + rdn.getValue()); + countryCode = rdn.getValue().toString(); + break; + } + } + } catch (Exception e) { + Logger.error("Failed to extract country code from certificate", e); + } + } + } + + return buildStringAttribute(EID_ISSUING_NATION_FRIENDLY_NAME, + EID_ISSUING_NATION_NAME, countryCode); + } + + public Attribute buildEmpty() { + return buildemptyAttribute(EID_ISSUING_NATION_FRIENDLY_NAME, + EID_ISSUING_NATION_NAME); + } + +} diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/attributes/EIDSectorForIDAttributeBuilder.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/attributes/EIDSectorForIDAttributeBuilder.java new file mode 100644 index 000000000..8cb2b5be6 --- /dev/null +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/attributes/EIDSectorForIDAttributeBuilder.java @@ -0,0 +1,27 @@ +package at.gv.egovernment.moa.id.protocols.pvp2x.builder.attributes; + +import org.opensaml.saml2.core.Attribute; + +import at.gv.egovernment.moa.id.auth.data.AuthenticationSession; +import at.gv.egovernment.moa.id.config.auth.OAAuthParameter; +import at.gv.egovernment.moa.id.data.AuthenticationData; + +public class EIDSectorForIDAttributeBuilder extends BaseAttributeBuilder { + + public String getName() { + return EID_SECTOR_FOR_IDENTIFIER_NAME; + } + + public Attribute build(AuthenticationSession authSession, + OAAuthParameter oaParam, AuthenticationData authData) { + String bpktype = authData.getBPKType(); + return buildStringAttribute(EID_SECTOR_FOR_IDENTIFIER_FRIENDLY_NAME, + EID_SECTOR_FOR_IDENTIFIER_NAME, bpktype); + } + + public Attribute buildEmpty() { + return buildemptyAttribute(EID_SECTOR_FOR_IDENTIFIER_FRIENDLY_NAME, + EID_SECTOR_FOR_IDENTIFIER_NAME); + } + +} diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/attributes/GivenNameAttributeBuilder.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/attributes/GivenNameAttributeBuilder.java new file mode 100644 index 000000000..5c8151c01 --- /dev/null +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/attributes/GivenNameAttributeBuilder.java @@ -0,0 +1,24 @@ +package at.gv.egovernment.moa.id.protocols.pvp2x.builder.attributes; + +import org.opensaml.saml2.core.Attribute; + +import at.gv.egovernment.moa.id.auth.data.AuthenticationSession; +import at.gv.egovernment.moa.id.config.auth.OAAuthParameter; +import at.gv.egovernment.moa.id.data.AuthenticationData; + +public class GivenNameAttributeBuilder extends BaseAttributeBuilder { + + public String getName() { + return GIVEN_NAME_NAME; + } + + public Attribute build(AuthenticationSession authSession, + OAAuthParameter oaParam, AuthenticationData authData) { + return buildStringAttribute(GIVEN_NAME_FRIENDLY_NAME, GIVEN_NAME_NAME, authSession.getIdentityLink().getGivenName()); + } + + public Attribute buildEmpty() { + return buildemptyAttribute(GIVEN_NAME_FRIENDLY_NAME, GIVEN_NAME_NAME); + } + +} diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/attributes/IAttributeBuilder.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/attributes/IAttributeBuilder.java new file mode 100644 index 000000000..173fbd52f --- /dev/null +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/attributes/IAttributeBuilder.java @@ -0,0 +1,15 @@ +package at.gv.egovernment.moa.id.protocols.pvp2x.builder.attributes; + +import org.opensaml.saml2.core.Attribute; + +import at.gv.egovernment.moa.id.auth.data.AuthenticationSession; +import at.gv.egovernment.moa.id.config.auth.OAAuthParameter; +import at.gv.egovernment.moa.id.data.AuthenticationData; +import at.gv.egovernment.moa.id.protocols.pvp2x.exceptions.PVP2Exception; + +public interface IAttributeBuilder { + public String getName(); + public Attribute build(AuthenticationSession authSession, + OAAuthParameter oaParam, AuthenticationData authData) throws PVP2Exception; + public Attribute buildEmpty(); +} diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/attributes/MandateFullMandateAttributeBuilder.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/attributes/MandateFullMandateAttributeBuilder.java new file mode 100644 index 000000000..cecd90448 --- /dev/null +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/attributes/MandateFullMandateAttributeBuilder.java @@ -0,0 +1,49 @@ +package at.gv.egovernment.moa.id.protocols.pvp2x.builder.attributes; + +import java.io.IOException; + +import javax.xml.transform.TransformerException; + +import org.opensaml.saml2.core.Attribute; + +import at.gv.egovernment.moa.id.auth.data.AuthenticationSession; +import at.gv.egovernment.moa.id.config.auth.OAAuthParameter; +import at.gv.egovernment.moa.id.data.AuthenticationData; +import at.gv.egovernment.moa.id.protocols.pvp2x.exceptions.PVP2Exception; +import at.gv.egovernment.moa.logging.Logger; +import at.gv.egovernment.moa.util.DOMUtils; + +public class MandateFullMandateAttributeBuilder extends BaseAttributeBuilder { + + public String getName() { + return MANDATE_FULL_MANDATE_NAME; + } + + public Attribute build(AuthenticationSession authSession, + OAAuthParameter oaParam, AuthenticationData authData) + throws PVP2Exception { + if (authSession.getUseMandate()) { + if (authSession.getMandate() != null) { + String fullMandate; + try { + fullMandate = DOMUtils.serializeNode(authSession + .getMandate()); + return buildStringAttribute(MANDATE_FULL_MANDATE_FRIENDLY_NAME, + MANDATE_FULL_MANDATE_NAME, fullMandate); + } catch (TransformerException e) { + Logger.error("Failed to generate Full Mandate", e); + } catch (IOException e) { + Logger.error("Failed to generate Full Mandate", e); + } + } + } + return null; + + } + + public Attribute buildEmpty() { + return buildemptyAttribute(MANDATE_FULL_MANDATE_FRIENDLY_NAME, + MANDATE_FULL_MANDATE_NAME); + } + +} diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/attributes/MandateLegalPersonFullNameAttributeBuilder.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/attributes/MandateLegalPersonFullNameAttributeBuilder.java new file mode 100644 index 000000000..15059c036 --- /dev/null +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/attributes/MandateLegalPersonFullNameAttributeBuilder.java @@ -0,0 +1,51 @@ +package at.gv.egovernment.moa.id.protocols.pvp2x.builder.attributes; + +import org.opensaml.saml2.core.Attribute; +import org.w3c.dom.Element; + +import at.gv.e_government.reference.namespace.mandates._20040701_.Mandate; +import at.gv.e_government.reference.namespace.persondata._20020228_.CorporateBodyType; +import at.gv.egovernment.moa.id.auth.data.AuthenticationSession; +import at.gv.egovernment.moa.id.config.auth.OAAuthParameter; +import at.gv.egovernment.moa.id.data.AuthenticationData; +import at.gv.egovernment.moa.id.protocols.pvp2x.exceptions.NoMandateDataAvailableException; +import at.gv.egovernment.moa.id.protocols.pvp2x.exceptions.PVP2Exception; +import at.gv.egovernment.moa.id.util.MandateBuilder; +import at.gv.egovernment.moa.logging.Logger; + +public class MandateLegalPersonFullNameAttributeBuilder extends BaseAttributeBuilder { + + public String getName() { + return MANDATE_LEG_PER_FULL_NAME_NAME; + } + + public Attribute build(AuthenticationSession authSession, + OAAuthParameter oaParam, AuthenticationData authData) throws PVP2Exception { + if(authSession.getUseMandate()) { + Element mandate = authSession.getMandate(); + if(mandate == null) { + throw new NoMandateDataAvailableException(); + } + Mandate mandateObject = MandateBuilder.buildMandate(mandate); + if(mandateObject == null) { + throw new NoMandateDataAvailableException(); + } + CorporateBodyType corporation = mandateObject.getMandator().getCorporateBody(); + if(corporation == null) { + Logger.error("No corporation mandate"); + throw new NoMandateDataAvailableException(); + } + + return buildStringAttribute(MANDATE_LEG_PER_FULL_NAME_FRIENDLY_NAME, + MANDATE_LEG_PER_FULL_NAME_NAME, corporation.getFullName()); + } + return null; + + } + + public Attribute buildEmpty() { + return buildemptyAttribute(MANDATE_LEG_PER_FULL_NAME_FRIENDLY_NAME, + MANDATE_LEG_PER_FULL_NAME_NAME); + } + +} diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/attributes/MandateLegalPersonSourcePinAttributeBuilder.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/attributes/MandateLegalPersonSourcePinAttributeBuilder.java new file mode 100644 index 000000000..820efb209 --- /dev/null +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/attributes/MandateLegalPersonSourcePinAttributeBuilder.java @@ -0,0 +1,64 @@ +package at.gv.egovernment.moa.id.protocols.pvp2x.builder.attributes; + +import org.opensaml.saml2.core.Attribute; +import org.w3c.dom.Element; + +import at.gv.e_government.reference.namespace.mandates._20040701_.Mandate; +import at.gv.e_government.reference.namespace.persondata._20020228_.CorporateBodyType; +import at.gv.e_government.reference.namespace.persondata._20020228_.IdentificationType; +import at.gv.egovernment.moa.id.auth.data.AuthenticationSession; +import at.gv.egovernment.moa.id.config.auth.OAAuthParameter; +import at.gv.egovernment.moa.id.data.AuthenticationData; +import at.gv.egovernment.moa.id.protocols.pvp2x.exceptions.NoMandateDataAvailableException; +import at.gv.egovernment.moa.id.protocols.pvp2x.exceptions.PVP2Exception; +import at.gv.egovernment.moa.id.util.MandateBuilder; +import at.gv.egovernment.moa.logging.Logger; + +public class MandateLegalPersonSourcePinAttributeBuilder extends BaseAttributeBuilder { + + public String getName() { + return MANDATE_LEG_PER_SOURCE_PIN_NAME; + } + + public Attribute build(AuthenticationSession authSession, + OAAuthParameter oaParam, AuthenticationData authData) throws PVP2Exception { + if(authSession.getUseMandate()) { + Element mandate = authSession.getMandate(); + if(mandate == null) { + throw new NoMandateDataAvailableException(); + } + Mandate mandateObject = MandateBuilder.buildMandate(mandate); + if(mandateObject == null) { + throw new NoMandateDataAvailableException(); + } + CorporateBodyType corporation = mandateObject.getMandator().getCorporateBody(); + if(corporation == null) { + Logger.error("No corporation mandate"); + throw new NoMandateDataAvailableException(); + } + IdentificationType id = null; + if(corporation.getIdentification().size() == 0) { + Logger.error("Failed to generate IdentificationType"); + throw new NoMandateDataAvailableException(); + } + id = corporation.getIdentification().get(0); + /*if(authSession.getBusinessService()) { + id = MandateBuilder.getWBPKIdentification(corporation); + } else { + id = MandateBuilder.getBPKIdentification(corporation); + }*/ + /*if(id == null) { + Logger.error("Failed to generate IdentificationType"); + throw new NoMandateDataAvailableException(); + }*/ + return buildStringAttribute(MANDATE_LEG_PER_SOURCE_PIN_FRIENDLY_NAME, + MANDATE_LEG_PER_SOURCE_PIN_NAME, id.getValue().getValue()); + } + return null; + + } + + public Attribute buildEmpty() { + return buildemptyAttribute(MANDATE_LEG_PER_SOURCE_PIN_FRIENDLY_NAME, MANDATE_LEG_PER_SOURCE_PIN_NAME); + } +} diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/attributes/MandateLegalPersonSourcePinTypeAttributeBuilder.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/attributes/MandateLegalPersonSourcePinTypeAttributeBuilder.java new file mode 100644 index 000000000..44b58d04f --- /dev/null +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/attributes/MandateLegalPersonSourcePinTypeAttributeBuilder.java @@ -0,0 +1,67 @@ +package at.gv.egovernment.moa.id.protocols.pvp2x.builder.attributes; + +import org.opensaml.saml2.core.Attribute; +import org.w3c.dom.Element; + +import at.gv.e_government.reference.namespace.mandates._20040701_.Mandate; +import at.gv.e_government.reference.namespace.persondata._20020228_.CorporateBodyType; +import at.gv.e_government.reference.namespace.persondata._20020228_.IdentificationType; +import at.gv.egovernment.moa.id.auth.data.AuthenticationSession; +import at.gv.egovernment.moa.id.config.auth.OAAuthParameter; +import at.gv.egovernment.moa.id.data.AuthenticationData; +import at.gv.egovernment.moa.id.protocols.pvp2x.exceptions.NoMandateDataAvailableException; +import at.gv.egovernment.moa.id.protocols.pvp2x.exceptions.PVP2Exception; +import at.gv.egovernment.moa.id.util.MandateBuilder; +import at.gv.egovernment.moa.logging.Logger; + +public class MandateLegalPersonSourcePinTypeAttributeBuilder extends + BaseAttributeBuilder { + + public String getName() { + return MANDATE_LEG_PER_SOURCE_PIN_TYPE_NAME; + } + + public Attribute build(AuthenticationSession authSession, + OAAuthParameter oaParam, AuthenticationData authData) + throws PVP2Exception { + if (authSession.getUseMandate()) { + Element mandate = authSession.getMandate(); + if (mandate == null) { + throw new NoMandateDataAvailableException(); + } + Mandate mandateObject = MandateBuilder.buildMandate(mandate); + if (mandateObject == null) { + throw new NoMandateDataAvailableException(); + } + CorporateBodyType corporation = mandateObject.getMandator() + .getCorporateBody(); + if (corporation == null) { + Logger.error("No corporate mandate"); + throw new NoMandateDataAvailableException(); + } + IdentificationType id = null; + if(corporation.getIdentification().size() == 0) { + Logger.error("Failed to generate IdentificationType"); + throw new NoMandateDataAvailableException(); + } + id = corporation.getIdentification().get(0); + /*id = MandateBuilder.getBPKIdentification(corporate); + if (id == null) { + Logger.error("Failed to generate IdentificationType"); + throw new NoMandateDataAvailableException(); + }*/ + return buildStringAttribute( + MANDATE_LEG_PER_SOURCE_PIN_TYPE_FRIENDLY_NAME, + MANDATE_LEG_PER_SOURCE_PIN_TYPE_NAME, id.getType()); + } + return null; + + } + + public Attribute buildEmpty() { + return buildemptyAttribute( + MANDATE_LEG_PER_SOURCE_PIN_TYPE_FRIENDLY_NAME, + MANDATE_LEG_PER_SOURCE_PIN_TYPE_NAME); + } + +} diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/attributes/MandateNaturalPersonBPKAttributeBuilder.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/attributes/MandateNaturalPersonBPKAttributeBuilder.java new file mode 100644 index 000000000..49e013fe0 --- /dev/null +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/attributes/MandateNaturalPersonBPKAttributeBuilder.java @@ -0,0 +1,90 @@ +package at.gv.egovernment.moa.id.protocols.pvp2x.builder.attributes; + +import org.opensaml.saml2.core.Attribute; +import org.w3c.dom.Element; + +import at.gv.e_government.reference.namespace.mandates._20040701_.Mandate; +import at.gv.e_government.reference.namespace.persondata._20020228_.IdentificationType; +import at.gv.e_government.reference.namespace.persondata._20020228_.PhysicalPersonType; +import at.gv.egovernment.moa.id.BuildException; +import at.gv.egovernment.moa.id.auth.builder.BPKBuilder; +import at.gv.egovernment.moa.id.auth.data.AuthenticationSession; +import at.gv.egovernment.moa.id.config.auth.OAAuthParameter; +import at.gv.egovernment.moa.id.data.AuthenticationData; +import at.gv.egovernment.moa.id.protocols.pvp2x.exceptions.NoMandateDataAvailableException; +import at.gv.egovernment.moa.id.protocols.pvp2x.exceptions.PVP2Exception; +import at.gv.egovernment.moa.id.util.MandateBuilder; +import at.gv.egovernment.moa.logging.Logger; +import at.gv.egovernment.moa.util.Constants; + +public class MandateNaturalPersonBPKAttributeBuilder extends BaseAttributeBuilder { + + public String getName() { + return MANDATE_NAT_PER_BPK_NAME; + } + + public Attribute build(AuthenticationSession authSession, + OAAuthParameter oaParam, AuthenticationData authData) throws PVP2Exception { + if(authSession.getUseMandate()) { + Element mandate = authSession.getMandate(); + if(mandate == null) { + throw new NoMandateDataAvailableException(); + } + Mandate mandateObject = MandateBuilder.buildMandate(mandate); + if(mandateObject == null) { + throw new NoMandateDataAvailableException(); + } + PhysicalPersonType physicalPerson = mandateObject.getMandator() + .getPhysicalPerson(); + if (physicalPerson == null) { + Logger.error("No physicalPerson mandate"); + throw new NoMandateDataAvailableException(); + } + IdentificationType id = null; + id = physicalPerson.getIdentification().get(0); +// if(authSession.getBusinessService()) { +// id = MandateBuilder.getWBPKIdentification(physicalPerson); +// } else { +// id = MandateBuilder.getBPKIdentification(physicalPerson); +// } + if(id == null) { + Logger.error("Failed to generate IdentificationType"); + throw new NoMandateDataAvailableException(); + } + + String bpk; + try { + + if (id.getType().equals(Constants.URN_PREFIX_BASEID)) { + if (authSession.getBusinessService()) { + bpk = new BPKBuilder().buildWBPK(id.getValue().getValue(), oaParam.getIdentityLinkDomainIdentifier()); + + } + + else { + bpk = new BPKBuilder().buildBPK(id.getValue().getValue(), oaParam.getTarget()); + + } + + } else + bpk = id.getValue().getValue(); + + } catch (BuildException e ){ + Logger.error("Failed to generate IdentificationType"); + throw new NoMandateDataAvailableException(); + } + + return buildStringAttribute(MANDATE_NAT_PER_BPK_FRIENDLY_NAME, + MANDATE_NAT_PER_BPK_NAME, bpk); + } + return null; + + } + + public Attribute buildEmpty() { + return buildemptyAttribute(MANDATE_NAT_PER_BPK_FRIENDLY_NAME, + MANDATE_NAT_PER_BPK_NAME); + } + + +} diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/attributes/MandateNaturalPersonBirthDateAttributeBuilder.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/attributes/MandateNaturalPersonBirthDateAttributeBuilder.java new file mode 100644 index 000000000..a87d4d25c --- /dev/null +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/attributes/MandateNaturalPersonBirthDateAttributeBuilder.java @@ -0,0 +1,74 @@ +package at.gv.egovernment.moa.id.protocols.pvp2x.builder.attributes; + +import java.text.DateFormat; +import java.text.ParseException; +import java.text.SimpleDateFormat; +import java.util.Date; + +import org.opensaml.saml2.core.Attribute; +import org.w3c.dom.Element; + +import at.gv.e_government.reference.namespace.mandates._20040701_.Mandate; +import at.gv.e_government.reference.namespace.persondata._20020228_.PhysicalPersonType; +import at.gv.egovernment.moa.id.auth.data.AuthenticationSession; +import at.gv.egovernment.moa.id.config.auth.OAAuthParameter; +import at.gv.egovernment.moa.id.data.AuthenticationData; +import at.gv.egovernment.moa.id.protocols.pvp2x.exceptions.InvalidDateFormatException; +import at.gv.egovernment.moa.id.protocols.pvp2x.exceptions.NoMandateDataAvailableException; +import at.gv.egovernment.moa.id.protocols.pvp2x.exceptions.PVP2Exception; +import at.gv.egovernment.moa.id.util.MandateBuilder; +import at.gv.egovernment.moa.logging.Logger; + +public class MandateNaturalPersonBirthDateAttributeBuilder extends + BaseAttributeBuilder { + + public String getName() { + return MANDATE_NAT_PER_BIRTHDATE_NAME; + } + + public Attribute build(AuthenticationSession authSession, + OAAuthParameter oaParam, AuthenticationData authData) + throws PVP2Exception { + if (authSession.getUseMandate()) { + Element mandate = authSession.getMandate(); + if (mandate == null) { + throw new NoMandateDataAvailableException(); + } + Mandate mandateObject = MandateBuilder.buildMandate(mandate); + if (mandateObject == null) { + throw new NoMandateDataAvailableException(); + } + PhysicalPersonType physicalPerson = mandateObject.getMandator() + .getPhysicalPerson(); + if (physicalPerson == null) { + Logger.error("No physicalPerson mandate"); + throw new NoMandateDataAvailableException(); + } + + String dateOfBirth = physicalPerson.getDateOfBirth(); + try { + DateFormat mandateFormat = new SimpleDateFormat( + MandateBuilder.MANDATE_DATE_OF_BIRTH_FORMAT); + Date date = mandateFormat.parse(dateOfBirth); + DateFormat pvpDateFormat = new SimpleDateFormat( + MANDATE_NAT_PER_BIRTHDATE_FORMAT_PATTERN); + String dateString = pvpDateFormat.format(date); + + return buildStringAttribute( + MANDATE_NAT_PER_BIRTHDATE_FRIENDLY_NAME, + MANDATE_NAT_PER_BIRTHDATE_NAME, dateString); + } catch (ParseException e) { + e.printStackTrace(); + throw new InvalidDateFormatException(); + } + } + return null; + + } + + public Attribute buildEmpty() { + return buildemptyAttribute(MANDATE_NAT_PER_BIRTHDATE_FRIENDLY_NAME, + MANDATE_NAT_PER_BIRTHDATE_NAME); + } + +} diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/attributes/MandateNaturalPersonFamilyNameAttributeBuilder.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/attributes/MandateNaturalPersonFamilyNameAttributeBuilder.java new file mode 100644 index 000000000..6744e5d20 --- /dev/null +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/attributes/MandateNaturalPersonFamilyNameAttributeBuilder.java @@ -0,0 +1,61 @@ +package at.gv.egovernment.moa.id.protocols.pvp2x.builder.attributes; + +import java.util.Iterator; + +import org.opensaml.saml2.core.Attribute; +import org.w3c.dom.Element; + +import at.gv.e_government.reference.namespace.mandates._20040701_.Mandate; +import at.gv.e_government.reference.namespace.persondata._20020228_.PersonNameType.FamilyName; +import at.gv.e_government.reference.namespace.persondata._20020228_.PhysicalPersonType; +import at.gv.egovernment.moa.id.auth.data.AuthenticationSession; +import at.gv.egovernment.moa.id.config.auth.OAAuthParameter; +import at.gv.egovernment.moa.id.data.AuthenticationData; +import at.gv.egovernment.moa.id.protocols.pvp2x.exceptions.NoMandateDataAvailableException; +import at.gv.egovernment.moa.id.protocols.pvp2x.exceptions.PVP2Exception; +import at.gv.egovernment.moa.id.util.MandateBuilder; +import at.gv.egovernment.moa.logging.Logger; + +public class MandateNaturalPersonFamilyNameAttributeBuilder extends BaseAttributeBuilder { + + public String getName() { + return MANDATE_NAT_PER_FAMILY_NAME_NAME; + } + + public Attribute build(AuthenticationSession authSession, + OAAuthParameter oaParam, AuthenticationData authData) throws PVP2Exception { + if(authSession.getUseMandate()) { + Element mandate = authSession.getMandate(); + if(mandate == null) { + throw new NoMandateDataAvailableException(); + } + Mandate mandateObject = MandateBuilder.buildMandate(mandate); + if(mandateObject == null) { + throw new NoMandateDataAvailableException(); + } + PhysicalPersonType physicalPerson = mandateObject.getMandator().getPhysicalPerson(); + if(physicalPerson == null) { + Logger.error("No physicalPerson mandate"); + throw new NoMandateDataAvailableException(); + } + + StringBuilder sb = new StringBuilder(); + Iterator<FamilyName> fNamesit = physicalPerson.getName().getFamilyName().iterator(); + + while(fNamesit.hasNext()) { + sb.append(" " + fNamesit.next().getValue()); + } + + return buildStringAttribute(MANDATE_NAT_PER_FAMILY_NAME_FRIENDLY_NAME, + MANDATE_NAT_PER_FAMILY_NAME_NAME, sb.toString()); + } + return null; + + } + + public Attribute buildEmpty() { + return buildemptyAttribute(MANDATE_NAT_PER_FAMILY_NAME_FRIENDLY_NAME, + MANDATE_NAT_PER_FAMILY_NAME_NAME); + } + +} diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/attributes/MandateNaturalPersonGivenNameAttributeBuilder.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/attributes/MandateNaturalPersonGivenNameAttributeBuilder.java new file mode 100644 index 000000000..67aa8df0e --- /dev/null +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/attributes/MandateNaturalPersonGivenNameAttributeBuilder.java @@ -0,0 +1,60 @@ +package at.gv.egovernment.moa.id.protocols.pvp2x.builder.attributes; + +import java.util.Iterator; + +import org.opensaml.saml2.core.Attribute; +import org.w3c.dom.Element; + +import at.gv.e_government.reference.namespace.mandates._20040701_.Mandate; +import at.gv.e_government.reference.namespace.persondata._20020228_.PhysicalPersonType; +import at.gv.egovernment.moa.id.auth.data.AuthenticationSession; +import at.gv.egovernment.moa.id.config.auth.OAAuthParameter; +import at.gv.egovernment.moa.id.data.AuthenticationData; +import at.gv.egovernment.moa.id.protocols.pvp2x.exceptions.NoMandateDataAvailableException; +import at.gv.egovernment.moa.id.protocols.pvp2x.exceptions.PVP2Exception; +import at.gv.egovernment.moa.id.util.MandateBuilder; +import at.gv.egovernment.moa.logging.Logger; + +public class MandateNaturalPersonGivenNameAttributeBuilder extends BaseAttributeBuilder { + + public String getName() { + return MANDATE_NAT_PER_GIVEN_NAME_NAME; + } + + public Attribute build(AuthenticationSession authSession, + OAAuthParameter oaParam, AuthenticationData authData) throws PVP2Exception { + if(authSession.getUseMandate()) { + Element mandate = authSession.getMandate(); + if(mandate == null) { + throw new NoMandateDataAvailableException(); + } + Mandate mandateObject = MandateBuilder.buildMandate(mandate); + if(mandateObject == null) { + throw new NoMandateDataAvailableException(); + } + PhysicalPersonType physicalPerson = mandateObject.getMandator().getPhysicalPerson(); + if(physicalPerson == null) { + Logger.error("No physicalPerson mandate"); + throw new NoMandateDataAvailableException(); + } + + StringBuilder sb = new StringBuilder(); + Iterator<String> gNamesit = physicalPerson.getName().getGivenName().iterator(); + + while(gNamesit.hasNext()) { + sb.append(" " + gNamesit.next()); + } + + return buildStringAttribute(MANDATE_NAT_PER_GIVEN_NAME_FRIENDLY_NAME, + MANDATE_NAT_PER_GIVEN_NAME_NAME, sb.toString()); + } + return null; + + } + + public Attribute buildEmpty() { + return buildemptyAttribute(MANDATE_NAT_PER_GIVEN_NAME_FRIENDLY_NAME, + MANDATE_NAT_PER_GIVEN_NAME_NAME); + } + +} diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/attributes/MandateNaturalPersonSourcePinAttributeBuilder.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/attributes/MandateNaturalPersonSourcePinAttributeBuilder.java new file mode 100644 index 000000000..eaa7e88af --- /dev/null +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/attributes/MandateNaturalPersonSourcePinAttributeBuilder.java @@ -0,0 +1,65 @@ +package at.gv.egovernment.moa.id.protocols.pvp2x.builder.attributes; + +import org.opensaml.saml2.core.Attribute; +import org.w3c.dom.Element; + +import at.gv.e_government.reference.namespace.mandates._20040701_.Mandate; +import at.gv.e_government.reference.namespace.persondata._20020228_.IdentificationType; +import at.gv.e_government.reference.namespace.persondata._20020228_.PhysicalPersonType; +import at.gv.egovernment.moa.id.auth.data.AuthenticationSession; +import at.gv.egovernment.moa.id.config.auth.OAAuthParameter; +import at.gv.egovernment.moa.id.data.AuthenticationData; +import at.gv.egovernment.moa.id.protocols.pvp2x.exceptions.NoMandateDataAvailableException; +import at.gv.egovernment.moa.id.protocols.pvp2x.exceptions.PVP2Exception; +import at.gv.egovernment.moa.id.util.MandateBuilder; +import at.gv.egovernment.moa.logging.Logger; + +public class MandateNaturalPersonSourcePinAttributeBuilder extends + BaseAttributeBuilder { + + public String getName() { + return MANDATE_NAT_PER_SOURCE_PIN_OID; + } + + public Attribute build(AuthenticationSession authSession, + OAAuthParameter oaParam, AuthenticationData authData) + throws PVP2Exception { + if(authSession.getUseMandate()) { + Element mandate = authSession.getMandate(); + if(mandate == null) { + throw new NoMandateDataAvailableException(); + } + Mandate mandateObject = MandateBuilder.buildMandate(mandate); + if(mandateObject == null) { + throw new NoMandateDataAvailableException(); + } + PhysicalPersonType physicalPerson = mandateObject.getMandator() + .getPhysicalPerson(); + if (physicalPerson == null) { + Logger.error("No physicalPerson mandate"); + throw new NoMandateDataAvailableException(); + } + IdentificationType id = null; + id = physicalPerson.getIdentification().get(0); + /*if(authSession.getBusinessService()) { + id = MandateBuilder.getWBPKIdentification(physicalPerson); + } else { + id = MandateBuilder.getBPKIdentification(physicalPerson); + }*/ + if(id == null) { + Logger.error("Failed to generate IdentificationType"); + throw new NoMandateDataAvailableException(); + } + + return buildStringAttribute(MANDATE_NAT_PER_SOURCE_PIN_FRIENDLY_NAME, + MANDATE_NAT_PER_SOURCE_PIN_NAME, id.getValue().getValue()); + } + return null; + } + + public Attribute buildEmpty() { + return buildemptyAttribute(MANDATE_NAT_PER_SOURCE_PIN_FRIENDLY_NAME, + MANDATE_NAT_PER_SOURCE_PIN_NAME); + } + +} diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/attributes/MandateNaturalPersonSourcePinTypeAttributeBuilder.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/attributes/MandateNaturalPersonSourcePinTypeAttributeBuilder.java new file mode 100644 index 000000000..7b8f59dd2 --- /dev/null +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/attributes/MandateNaturalPersonSourcePinTypeAttributeBuilder.java @@ -0,0 +1,65 @@ +package at.gv.egovernment.moa.id.protocols.pvp2x.builder.attributes; + +import org.opensaml.saml2.core.Attribute; +import org.w3c.dom.Element; + +import at.gv.e_government.reference.namespace.mandates._20040701_.Mandate; +import at.gv.e_government.reference.namespace.persondata._20020228_.IdentificationType; +import at.gv.e_government.reference.namespace.persondata._20020228_.PhysicalPersonType; +import at.gv.egovernment.moa.id.auth.data.AuthenticationSession; +import at.gv.egovernment.moa.id.config.auth.OAAuthParameter; +import at.gv.egovernment.moa.id.data.AuthenticationData; +import at.gv.egovernment.moa.id.protocols.pvp2x.exceptions.NoMandateDataAvailableException; +import at.gv.egovernment.moa.id.protocols.pvp2x.exceptions.PVP2Exception; +import at.gv.egovernment.moa.id.util.MandateBuilder; +import at.gv.egovernment.moa.logging.Logger; + +public class MandateNaturalPersonSourcePinTypeAttributeBuilder extends + BaseAttributeBuilder { + + public String getName() { + return MANDATE_NAT_PER_SOURCE_PIN_TYPE_OID; + } + + public Attribute build(AuthenticationSession authSession, + OAAuthParameter oaParam, AuthenticationData authData) + throws PVP2Exception { + if(authSession.getUseMandate()) { + Element mandate = authSession.getMandate(); + if(mandate == null) { + throw new NoMandateDataAvailableException(); + } + Mandate mandateObject = MandateBuilder.buildMandate(mandate); + if(mandateObject == null) { + throw new NoMandateDataAvailableException(); + } + PhysicalPersonType physicalPerson = mandateObject.getMandator() + .getPhysicalPerson(); + if (physicalPerson == null) { + Logger.error("No physicalPerson mandate"); + throw new NoMandateDataAvailableException(); + } + IdentificationType id = null; + id = physicalPerson.getIdentification().get(0); + /*if(authSession.getBusinessService()) { + id = MandateBuilder.getWBPKIdentification(physicalPerson); + } else { + id = MandateBuilder.getBPKIdentification(physicalPerson); + }*/ + if(id == null) { + Logger.error("Failed to generate IdentificationType"); + throw new NoMandateDataAvailableException(); + } + + return buildStringAttribute(MANDATE_NAT_PER_SOURCE_PIN_TYPE_FRIENDLY_NAME, + MANDATE_NAT_PER_SOURCE_PIN_TYPE_NAME, id.getType()); + } + return null; + } + + public Attribute buildEmpty() { + return buildemptyAttribute(MANDATE_NAT_PER_SOURCE_PIN_TYPE_FRIENDLY_NAME, + MANDATE_NAT_PER_SOURCE_PIN_TYPE_NAME); + } + +} diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/attributes/MandateProfRepDescAttributeBuilder.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/attributes/MandateProfRepDescAttributeBuilder.java new file mode 100644 index 000000000..b7c356112 --- /dev/null +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/attributes/MandateProfRepDescAttributeBuilder.java @@ -0,0 +1,48 @@ +package at.gv.egovernment.moa.id.protocols.pvp2x.builder.attributes; + +import org.opensaml.saml2.core.Attribute; +import org.w3c.dom.Element; + +import at.gv.egovernment.moa.id.auth.data.AuthenticationSession; +import at.gv.egovernment.moa.id.auth.validator.parep.ParepValidator; +import at.gv.egovernment.moa.id.config.auth.OAAuthParameter; +import at.gv.egovernment.moa.id.data.AuthenticationData; +import at.gv.egovernment.moa.id.protocols.pvp2x.exceptions.NoMandateDataAvailableException; +import at.gv.egovernment.moa.id.protocols.pvp2x.exceptions.PVP2Exception; +import at.gv.egovernment.moa.id.protocols.pvp2x.utils.AttributeExtractor; + +public class MandateProfRepDescAttributeBuilder extends BaseAttributeBuilder { + + public String getName() { + return MANDATE_PROF_REP_DESC_NAME; + } + + public Attribute build(AuthenticationSession authSession, + OAAuthParameter oaParam, AuthenticationData authData) throws PVP2Exception { + if(authSession.getUseMandate()) { + Element mandate = authSession.getMandate(); + if(mandate == null) { + throw new NoMandateDataAvailableException(); + } + + String text = AttributeExtractor.extractSAMLAttributeOA( + ParepValidator.EXT_SAML_MANDATE_OIDTEXTUALDESCRIPTION, + authSession); + + if(text == null) { + return null; + } + + return buildStringAttribute(MANDATE_PROF_REP_DESC_FRIENDLY_NAME, + MANDATE_PROF_REP_DESC_NAME, text); + + } + return null; + + } + + public Attribute buildEmpty() { + return buildemptyAttribute(MANDATE_PROF_REP_DESC_FRIENDLY_NAME, + MANDATE_PROF_REP_DESC_NAME); + } +} diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/attributes/MandateProfRepOIDAttributeBuilder.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/attributes/MandateProfRepOIDAttributeBuilder.java new file mode 100644 index 000000000..740a99649 --- /dev/null +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/attributes/MandateProfRepOIDAttributeBuilder.java @@ -0,0 +1,49 @@ +package at.gv.egovernment.moa.id.protocols.pvp2x.builder.attributes; + +import org.opensaml.saml2.core.Attribute; +import org.w3c.dom.Element; + +import at.gv.egovernment.moa.id.auth.data.AuthenticationSession; +import at.gv.egovernment.moa.id.auth.validator.parep.ParepValidator; +import at.gv.egovernment.moa.id.config.auth.OAAuthParameter; +import at.gv.egovernment.moa.id.data.AuthenticationData; +import at.gv.egovernment.moa.id.protocols.pvp2x.exceptions.NoMandateDataAvailableException; +import at.gv.egovernment.moa.id.protocols.pvp2x.exceptions.PVP2Exception; +import at.gv.egovernment.moa.id.protocols.pvp2x.utils.AttributeExtractor; + +public class MandateProfRepOIDAttributeBuilder extends BaseAttributeBuilder { + + public String getName() { + return MANDATE_PROF_REP_OID_NAME; + } + + public Attribute build(AuthenticationSession authSession, + OAAuthParameter oaParam, AuthenticationData authData) throws PVP2Exception { + if(authSession.getUseMandate()) { + Element mandate = authSession.getMandate(); + if(mandate == null) { + throw new NoMandateDataAvailableException(); + } + + String oid = AttributeExtractor.extractSAMLAttributeOA( + ParepValidator.EXT_SAML_MANDATE_OID, + authSession); + + if(oid == null) { + return null; + } + + return buildStringAttribute(MANDATE_PROF_REP_OID_FRIENDLY_NAME, + MANDATE_PROF_REP_OID_NAME, oid); + + } + return null; + + } + + public Attribute buildEmpty() { + return buildemptyAttribute(MANDATE_PROF_REP_OID_FRIENDLY_NAME, + MANDATE_PROF_REP_OID_NAME); + } +} +
\ No newline at end of file diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/attributes/MandateReferenceValueAttributeBuilder.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/attributes/MandateReferenceValueAttributeBuilder.java new file mode 100644 index 000000000..5a50473d3 --- /dev/null +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/attributes/MandateReferenceValueAttributeBuilder.java @@ -0,0 +1,43 @@ +package at.gv.egovernment.moa.id.protocols.pvp2x.builder.attributes; + +import org.opensaml.saml2.core.Attribute; +import org.w3c.dom.Element; + +import at.gv.e_government.reference.namespace.mandates._20040701_.Mandate; +import at.gv.egovernment.moa.id.auth.data.AuthenticationSession; +import at.gv.egovernment.moa.id.config.auth.OAAuthParameter; +import at.gv.egovernment.moa.id.data.AuthenticationData; +import at.gv.egovernment.moa.id.protocols.pvp2x.exceptions.NoMandateDataAvailableException; +import at.gv.egovernment.moa.id.protocols.pvp2x.exceptions.PVP2Exception; +import at.gv.egovernment.moa.id.util.MandateBuilder; + +public class MandateReferenceValueAttributeBuilder extends BaseAttributeBuilder { + + public String getName() { + return MANDATE_REFERENCE_VALUE_NAME; + } + + public Attribute build(AuthenticationSession authSession, + OAAuthParameter oaParam, AuthenticationData authData) throws PVP2Exception { + if(authSession.getUseMandate()) { + Element mandate = authSession.getMandate(); + if(mandate == null) { + throw new NoMandateDataAvailableException(); + } + Mandate mandateObject = MandateBuilder.buildMandate(mandate); + if(mandateObject == null) { + throw new NoMandateDataAvailableException(); + } + + return buildStringAttribute(MANDATE_REFERENCE_VALUE_FRIENDLY_NAME, + MANDATE_REFERENCE_VALUE_NAME, mandateObject.getMandateID()); + } + return null; + + } + + public Attribute buildEmpty() { + return buildemptyAttribute(MANDATE_REFERENCE_VALUE_FRIENDLY_NAME, + MANDATE_REFERENCE_VALUE_NAME); + } +} diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/attributes/MandateTypeAttributeBuilder.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/attributes/MandateTypeAttributeBuilder.java new file mode 100644 index 000000000..bc7fdaf73 --- /dev/null +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/attributes/MandateTypeAttributeBuilder.java @@ -0,0 +1,41 @@ +package at.gv.egovernment.moa.id.protocols.pvp2x.builder.attributes; + +import org.opensaml.saml2.core.Attribute; +import org.w3c.dom.Element; + +import at.gv.e_government.reference.namespace.mandates._20040701_.Mandate; +import at.gv.egovernment.moa.id.auth.data.AuthenticationSession; +import at.gv.egovernment.moa.id.config.auth.OAAuthParameter; +import at.gv.egovernment.moa.id.data.AuthenticationData; +import at.gv.egovernment.moa.id.protocols.pvp2x.exceptions.ResponderErrorException; +import at.gv.egovernment.moa.id.util.MandateBuilder; + +public class MandateTypeAttributeBuilder extends BaseAttributeBuilder { + + public String getName() { + return MANDATE_TYPE_NAME; + } + + public Attribute build(AuthenticationSession authSession, + OAAuthParameter oaParam, AuthenticationData authData) throws ResponderErrorException { + if(authSession.getUseMandate()) { + Element mandate = authSession.getMandate(); + if(mandate == null) { + throw new ResponderErrorException("No mandate data available", null); + } + Mandate mandateObject = MandateBuilder.buildMandate(mandate); + if(mandateObject == null) { + throw new ResponderErrorException("No mandate data available", null); + } + + return buildStringAttribute(MANDATE_TYPE_FRIENDLY_NAME, MANDATE_TYPE_NAME, mandateObject.getAnnotation()); + } + return null; + + } + + public Attribute buildEmpty() { + return buildemptyAttribute(MANDATE_TYPE_FRIENDLY_NAME, MANDATE_TYPE_NAME); + } + +} diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/attributes/PVPVersionAttributeBuilder.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/attributes/PVPVersionAttributeBuilder.java new file mode 100644 index 000000000..545d70d76 --- /dev/null +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/attributes/PVPVersionAttributeBuilder.java @@ -0,0 +1,24 @@ +package at.gv.egovernment.moa.id.protocols.pvp2x.builder.attributes; + +import org.opensaml.saml2.core.Attribute; + +import at.gv.egovernment.moa.id.auth.data.AuthenticationSession; +import at.gv.egovernment.moa.id.config.auth.OAAuthParameter; +import at.gv.egovernment.moa.id.data.AuthenticationData; + +public class PVPVersionAttributeBuilder extends BaseAttributeBuilder { + + public String getName() { + return PVP_VERSION_NAME; + } + + public Attribute build(AuthenticationSession authSession, + OAAuthParameter oaParam, AuthenticationData authData) { + return buildStringAttribute(PVP_VERSION_FRIENDLY_NAME, PVP_VERSION_NAME, PVP_VERSION_2_1); + } + + public Attribute buildEmpty() { + return buildemptyAttribute(PVP_VERSION_FRIENDLY_NAME, PVP_VERSION_NAME); + } + +} diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/attributes/PrincipalNameAttributeBuilder.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/attributes/PrincipalNameAttributeBuilder.java new file mode 100644 index 000000000..7ca7eb829 --- /dev/null +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/attributes/PrincipalNameAttributeBuilder.java @@ -0,0 +1,24 @@ +package at.gv.egovernment.moa.id.protocols.pvp2x.builder.attributes; + +import org.opensaml.saml2.core.Attribute; + +import at.gv.egovernment.moa.id.auth.data.AuthenticationSession; +import at.gv.egovernment.moa.id.config.auth.OAAuthParameter; +import at.gv.egovernment.moa.id.data.AuthenticationData; + +public class PrincipalNameAttributeBuilder extends BaseAttributeBuilder { + + public String getName() { + return PRINCIPAL_NAME_NAME; + } + + public Attribute build(AuthenticationSession authSession, + OAAuthParameter oaParam, AuthenticationData authData) { + return buildStringAttribute(PRINCIPAL_NAME_FRIENDLY_NAME, PRINCIPAL_NAME_NAME, authSession.getIdentityLink().getFamilyName()); + } + + public Attribute buildEmpty() { + return buildemptyAttribute(PRINCIPAL_NAME_FRIENDLY_NAME, PRINCIPAL_NAME_NAME); + } + +} diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/config/PVPConfiguration.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/config/PVPConfiguration.java new file mode 100644 index 000000000..0786f896a --- /dev/null +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/config/PVPConfiguration.java @@ -0,0 +1,339 @@ +package at.gv.egovernment.moa.id.protocols.pvp2x.config; + +import iaik.x509.X509Certificate; + +import java.io.File; +import java.io.FileInputStream; +import java.security.cert.CertificateException; +import java.util.ArrayList; +import java.util.Iterator; +import java.util.List; +import java.util.Properties; +import java.util.Set; + +import org.opensaml.saml2.metadata.Company; +import org.opensaml.saml2.metadata.ContactPerson; +import org.opensaml.saml2.metadata.ContactPersonTypeEnumeration; +import org.opensaml.saml2.metadata.EmailAddress; +import org.opensaml.saml2.metadata.GivenName; +import org.opensaml.saml2.metadata.LocalizedString; +import org.opensaml.saml2.metadata.Organization; +import org.opensaml.saml2.metadata.OrganizationDisplayName; +import org.opensaml.saml2.metadata.OrganizationName; +import org.opensaml.saml2.metadata.OrganizationURL; +import org.opensaml.saml2.metadata.SurName; +import org.opensaml.saml2.metadata.TelephoneNumber; + +import at.gv.egovernment.moa.id.commons.db.dao.config.Contact; +import at.gv.egovernment.moa.id.commons.db.dao.config.OAPVP2; +import at.gv.egovernment.moa.id.commons.db.dao.config.PVP2; +import at.gv.egovernment.moa.id.config.ConfigurationException; +import at.gv.egovernment.moa.id.config.ConfigurationProvider; +import at.gv.egovernment.moa.id.config.auth.AuthConfigurationProvider; +import at.gv.egovernment.moa.id.config.auth.OAAuthParameter; +import at.gv.egovernment.moa.id.protocols.pvp2x.utils.Digester; +import at.gv.egovernment.moa.id.protocols.pvp2x.utils.SAML2Utils; +import at.gv.egovernment.moa.logging.Logger; + +public class PVPConfiguration { + + private static PVPConfiguration instance; + + public static PVPConfiguration getInstance() { + if (instance == null) { + instance = new PVPConfiguration(); + } + return instance; + } + + public static final String PVP2_METADATA = "/pvp2/metadata"; + public static final String PVP2_REDIRECT = "/pvp2/redirect"; + public static final String PVP2_POST = "/pvp2/post"; + + public static final String PVP_CONFIG_FILE = "pvp2config.properties"; + public static final String IDP_JAVAKEYSTORE = "idp.ks.file"; + public static final String IDP_KEYALIAS = "idp.ks.alias"; + public static final String IDP_KS_PASS = "idp.ks.kspassword"; + public static final String IDP_KEY_PASS = "idp.ks.keypassword"; + + public static final String IDP_ISSUER_NAME = "idp.issuer.name"; + + public static final String METADATA_FILE = "md.dir"; + public static final String METADATA_EXTENSION = "md.ext"; + + public static final String IDP_ENTITY = "idp.entityid"; + public static final String IDP_ORG_NAME = "idp.org.name"; + public static final String IDP_ORG_DISPNAME = "idp.org.dispname"; + public static final String IDP_ORG_URL = "idp.org.url"; + + public static final String IDP_PUBLIC_URL = "idp.public.url"; + + public static final String IDP_TRUST_STORE = "idp.truststore"; + public static final String SP_TARGET_PREFIX = "sp.target."; + + public static final String IDP_CONTACT_PREFIX = "idp.contact"; + public static final String IDP_CONTACT_LIST = "idp.contact_list"; + + public static final String IDP_CONTACT_SURNAME = "surname"; + public static final String IDP_CONTACT_GIVENNAME = "givenname"; + public static final String IDP_CONTACT_MAIL = "mail"; + public static final String IDP_CONTACT_TYPE = "type"; + public static final String IDP_CONTACT_COMPANY = "company"; + public static final String IDP_CONTACT_PHONE = "phone"; + + PVP2 generalpvpconfigdb; + Properties props; + + private PVPConfiguration() { + try { + generalpvpconfigdb = AuthConfigurationProvider.getInstance().getGeneralPVP2DBConfig(); + props = AuthConfigurationProvider.getInstance().getGeneralPVP2ProperiesConfig(); + + } catch (ConfigurationException e) { + e.printStackTrace(); + } + } + + public String getIDPPublicPath() { + String publicPath = generalpvpconfigdb.getPublicURLPrefix(); + if(publicPath != null) { + if(publicPath.endsWith("/")) { + publicPath = publicPath.substring(0, publicPath.length()-2); + } + } + return publicPath; + } + + public String getIDPSSOPostService() { + return getIDPPublicPath() + PVP2_POST; + } + + public String getIDPSSORedirectService() { + return getIDPPublicPath() + PVP2_REDIRECT; + } + + public String getIDPSSOMetadataService() { + return getIDPPublicPath() + PVP2_METADATA; + } + + public String getIDPKeyStoreFilename() { + return props.getProperty(IDP_JAVAKEYSTORE); + } + + public String getIDPKeyStorePassword() { + return props.getProperty(IDP_KS_PASS); + } + + public String getIDPKeyAlias() { + return props.getProperty(IDP_KEYALIAS); + } + + public String getIDPKeyPassword() { + return props.getProperty(IDP_KEY_PASS); + } + + public String getIDPIssuerName() { + return generalpvpconfigdb.getIssuerName(); + } + + public List<String> getMetadataFiles() { + String filter = props.getProperty(METADATA_EXTENSION); + + if (filter == null) { + filter = ".mdxml"; + } + + List<String> files = new ArrayList<String>(); + + File[] faFiles = new File(props.getProperty(METADATA_FILE)).listFiles(); + for (File file : faFiles) { + if (!file.isDirectory()) { + if (file.getName().endsWith(filter)) { + files.add(file.getAbsolutePath()); + } + } + } + + return files; + } + + //TODO: + public String getTargetForSP(String sp) { + + try { + OAAuthParameter oaParam = AuthConfigurationProvider.getInstance().getOnlineApplicationParameter(sp); + + if (oaParam != null) + return oaParam.getTarget(); + + Logger.warn("OnlineApplication with ID "+ sp + " is not found."); + return null; + + } catch (ConfigurationException e) { + Logger.warn("OnlineApplication with ID "+ sp + " is not found."); + return null; + } + + } + + + public iaik.x509.X509Certificate getTrustEntityCertificate(String entityID) { + + try { + OAAuthParameter oaParam = AuthConfigurationProvider.getInstance().getOnlineApplicationParameter(entityID); + + if (oaParam == null) { + Logger.warn("Online Application with ID " + entityID + " not found!"); + return null; + } + + OAPVP2 pvp2param = oaParam.getPVP2Parameter(); + + if (pvp2param == null) { + return null; + } + + Logger.info("Load TrustEntityCertificate ("+entityID+") from Database."); + return new X509Certificate(pvp2param.getCertificate()); + + } catch (CertificateException e) { + Logger.warn("Signer certificate can not be loaded from session database!", e); + return null; + + } catch (ConfigurationException e) { + e.printStackTrace(); + return null; + } + } + + public List<ContactPerson> getIDPContacts() { + List<ContactPerson> list = new ArrayList<ContactPerson>(); + + List<Contact> contacts = generalpvpconfigdb.getContact(); + + if (contacts != null) { + + for (Contact contact : contacts) { + + ContactPerson person = SAML2Utils + .createSAMLObject(ContactPerson.class); + + String type = contact.getType(); + + if (type == null) { + Logger.error("IDP Contact with SurName " + contact.getSurName() + + " has no type defined!"); + break; + } + + ContactPersonTypeEnumeration enumType = null; + + if (type.equals(ContactPersonTypeEnumeration.ADMINISTRATIVE + .toString())) { + enumType = ContactPersonTypeEnumeration.ADMINISTRATIVE; + } else if (type.equals(ContactPersonTypeEnumeration.BILLING + .toString())) { + enumType = ContactPersonTypeEnumeration.BILLING; + } else if (type.equals(ContactPersonTypeEnumeration.OTHER + .toString())) { + enumType = ContactPersonTypeEnumeration.OTHER; + } else if (type.equals(ContactPersonTypeEnumeration.SUPPORT + .toString())) { + enumType = ContactPersonTypeEnumeration.SUPPORT; + } else if (type.equals(ContactPersonTypeEnumeration.TECHNICAL + .toString())) { + enumType = ContactPersonTypeEnumeration.TECHNICAL; + } + + if (enumType == null) { + Logger.error("IDP Contact with SurName " + contact.getSurName() + + " has invalid type defined: " + type); + break; + } + + person.setType(enumType); + + String givenName = contact.getGivenName(); + + if (givenName != null) { + GivenName name = SAML2Utils + .createSAMLObject(GivenName.class); + name.setName(givenName); + person.setGivenName(name); + } + + String company = contact.getCompany(); + + if (company != null) { + Company comp = SAML2Utils.createSAMLObject(Company.class); + comp.setName(company); + person.setCompany(comp); + } + + String surname = contact.getSurName(); + + if (surname != null) { + SurName name = SAML2Utils.createSAMLObject(SurName.class); + name.setName(surname); + person.setSurName(name); + } + + List<String> phones = contact.getPhone(); + for (String phone : phones) { + TelephoneNumber telePhone = SAML2Utils + .createSAMLObject(TelephoneNumber.class); + telePhone.setNumber(phone); + person.getTelephoneNumbers().add(telePhone); + } + + List<String> mails = contact.getMail(); + for (String mail : mails) { + EmailAddress mailAddress = SAML2Utils + .createSAMLObject(EmailAddress.class); + mailAddress.setAddress(mail); + person.getEmailAddresses().add(mailAddress); + } + + list.add(person); + } + } + return list; + } + + public Organization getIDPOrganisation() { + Organization org = SAML2Utils.createSAMLObject(Organization.class); + + at.gv.egovernment.moa.id.commons.db.dao.config.Organization organisation = generalpvpconfigdb.getOrganization(); + + String org_name = null; + String org_dispname = null; + String org_url = null; + + if (organisation != null) { + org_name = organisation.getName(); + org_dispname = organisation.getDisplayName(); + org_url = organisation.getURL(); + } + + if (org_name == null || org_dispname == null || org_url == null) { + return null; + } + + OrganizationDisplayName dispName = SAML2Utils + .createSAMLObject(OrganizationDisplayName.class); + dispName.setName(new LocalizedString(org_dispname, "de")); + org.getDisplayNames().add(dispName); + + OrganizationName name = SAML2Utils + .createSAMLObject(OrganizationName.class); + name.setName(new LocalizedString(org_name, "de")); + org.getOrganizationNames().add(name); + + OrganizationURL url = SAML2Utils + .createSAMLObject(OrganizationURL.class); + url.setURL(new LocalizedString(org_url, "de")); + org.getURLs().add(url); + + return org; + } +} diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/exceptions/BindingNotSupportedException.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/exceptions/BindingNotSupportedException.java new file mode 100644 index 000000000..51c4b7e72 --- /dev/null +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/exceptions/BindingNotSupportedException.java @@ -0,0 +1,19 @@ +package at.gv.egovernment.moa.id.protocols.pvp2x.exceptions; + +import org.opensaml.saml2.core.StatusCode; + +public class BindingNotSupportedException extends PVP2Exception { + + public BindingNotSupportedException(String binding) { + super("pvp2.11", new Object[] {binding}); + this.statusCodeValue = StatusCode.UNSUPPORTED_BINDING_URI; + } + + /** + * + */ + private static final long serialVersionUID = -7227603941387879360L; + + + +} diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/exceptions/InvalidAssertionConsumerServiceException.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/exceptions/InvalidAssertionConsumerServiceException.java new file mode 100644 index 000000000..521b55580 --- /dev/null +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/exceptions/InvalidAssertionConsumerServiceException.java @@ -0,0 +1,17 @@ +package at.gv.egovernment.moa.id.protocols.pvp2x.exceptions; + +import org.opensaml.saml2.core.StatusCode; + +public class InvalidAssertionConsumerServiceException extends PVP2Exception { + + public InvalidAssertionConsumerServiceException(int idx) { + super("pvp2.00", new Object[]{idx}); + this.statusCodeValue = StatusCode.REQUESTER_URI; + } + + /** + * + */ + private static final long serialVersionUID = 7861790149343943091L; + +} diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/exceptions/InvalidDateFormatException.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/exceptions/InvalidDateFormatException.java new file mode 100644 index 000000000..799d26ccb --- /dev/null +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/exceptions/InvalidDateFormatException.java @@ -0,0 +1,17 @@ +package at.gv.egovernment.moa.id.protocols.pvp2x.exceptions; + +import org.opensaml.saml2.core.StatusCode; + +public class InvalidDateFormatException extends PVP2Exception { + + public InvalidDateFormatException() { + super("pvp2.02", null); + this.statusCodeValue = StatusCode.REQUESTER_URI; + } + + /** + * + */ + private static final long serialVersionUID = -6867976890237846085L; + +} diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/exceptions/MandateAttributesNotHandleAbleException.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/exceptions/MandateAttributesNotHandleAbleException.java new file mode 100644 index 000000000..41a56639a --- /dev/null +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/exceptions/MandateAttributesNotHandleAbleException.java @@ -0,0 +1,17 @@ +package at.gv.egovernment.moa.id.protocols.pvp2x.exceptions; + +import org.opensaml.saml2.core.StatusCode; + +public class MandateAttributesNotHandleAbleException extends PVP2Exception { + + public MandateAttributesNotHandleAbleException() { + super("pvp2.03", null); + this.statusCodeValue = StatusCode.REQUESTER_URI; + } + + /** + * + */ + private static final long serialVersionUID = -1466424425852327722L; + +} diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/exceptions/NameIDFormatNotSupportedException.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/exceptions/NameIDFormatNotSupportedException.java new file mode 100644 index 000000000..7dc9d5645 --- /dev/null +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/exceptions/NameIDFormatNotSupportedException.java @@ -0,0 +1,14 @@ +package at.gv.egovernment.moa.id.protocols.pvp2x.exceptions; + +public class NameIDFormatNotSupportedException extends PVP2Exception { + + public NameIDFormatNotSupportedException(String nameIDFormat) { + super("pvp2.12", new Object[] {nameIDFormat}); + } + + /** + * + */ + private static final long serialVersionUID = -2270762519437873336L; + +} diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/exceptions/NoAuthContextException.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/exceptions/NoAuthContextException.java new file mode 100644 index 000000000..cd81de30f --- /dev/null +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/exceptions/NoAuthContextException.java @@ -0,0 +1,17 @@ +package at.gv.egovernment.moa.id.protocols.pvp2x.exceptions; + +import org.opensaml.saml2.core.StatusCode; + +public class NoAuthContextException extends PVP2Exception { + + /** + * + */ + private static final long serialVersionUID = 7040652043174500992L; + + public NoAuthContextException() { + super("pvp2.04", null); + this.statusCodeValue = StatusCode.REQUESTER_URI; + } + +} diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/exceptions/NoCredentialsException.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/exceptions/NoCredentialsException.java new file mode 100644 index 000000000..6af97301f --- /dev/null +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/exceptions/NoCredentialsException.java @@ -0,0 +1,21 @@ +package at.gv.egovernment.moa.id.protocols.pvp2x.exceptions; + +import org.opensaml.saml2.core.StatusCode; + +public class NoCredentialsException extends PVP2Exception { + + public static final String MOA_IDP_TARGET = "MOA-ID"; + + public NoCredentialsException(String target) { + super("pvp2.08", new Object[] {target}); + this.statusCodeValue = StatusCode.REQUEST_DENIED_URI; + } + + /** + * + */ + private static final long serialVersionUID = -9086515080686076313L; + + + +} diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/exceptions/NoMandateDataAvailableException.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/exceptions/NoMandateDataAvailableException.java new file mode 100644 index 000000000..d24905f68 --- /dev/null +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/exceptions/NoMandateDataAvailableException.java @@ -0,0 +1,14 @@ +package at.gv.egovernment.moa.id.protocols.pvp2x.exceptions; + +public class NoMandateDataAvailableException extends PVP2Exception { + + public NoMandateDataAvailableException() { + super("pvp2.06", null); + } + + /** + * + */ + private static final long serialVersionUID = 4540420741715406351L; + +} diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/exceptions/NoMetadataInformationException.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/exceptions/NoMetadataInformationException.java new file mode 100644 index 000000000..c45820cfb --- /dev/null +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/exceptions/NoMetadataInformationException.java @@ -0,0 +1,17 @@ +package at.gv.egovernment.moa.id.protocols.pvp2x.exceptions; + +import org.opensaml.saml2.core.StatusCode; + +public class NoMetadataInformationException extends PVP2Exception { + + public NoMetadataInformationException() { + super("pvp2.15", null); + this.statusCodeValue = StatusCode.UNKNOWN_PRINCIPAL_URI; + } + + /** + * + */ + private static final long serialVersionUID = -4608068445208032193L; + +} diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/exceptions/PVP2EncodingException.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/exceptions/PVP2EncodingException.java new file mode 100644 index 000000000..a9bd8104e --- /dev/null +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/exceptions/PVP2EncodingException.java @@ -0,0 +1,18 @@ +package at.gv.egovernment.moa.id.protocols.pvp2x.exceptions; + +public class PVP2EncodingException extends PVP2Exception { + + public PVP2EncodingException() { + super("pvp2.01", null); + } + + public PVP2EncodingException(Throwable wrapped) { + super("pvp2.01", null, wrapped); + } + + /** + * + */ + private static final long serialVersionUID = -1348774139990071020L; + +} diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/exceptions/PVP2Exception.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/exceptions/PVP2Exception.java new file mode 100644 index 000000000..990a76562 --- /dev/null +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/exceptions/PVP2Exception.java @@ -0,0 +1,39 @@ +package at.gv.egovernment.moa.id.protocols.pvp2x.exceptions; + +import org.opensaml.saml2.core.StatusCode; + +import at.gv.egovernment.moa.id.MOAIDException; + +public abstract class PVP2Exception extends MOAIDException { + + protected String statusCodeValue = StatusCode.RESPONDER_URI; + protected String statusMessageValue = null; + + public PVP2Exception(String messageId, Object[] parameters, + Throwable wrapped) { + super(messageId, parameters, wrapped); + this.statusMessageValue = this.getMessage(); + } + + public PVP2Exception(String messageId, Object[] parameters) { + super(messageId, parameters); + this.statusMessageValue = this.getMessage(); + } + + + public String getStatusCodeValue() { + return (this.statusCodeValue); + } + + public String getStatusMessageValue() { + return (this.statusMessageValue); + } + + /** + * + */ + private static final long serialVersionUID = 7669537952484421069L; + + + +} diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/exceptions/QAANotSupportedException.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/exceptions/QAANotSupportedException.java new file mode 100644 index 000000000..be22be859 --- /dev/null +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/exceptions/QAANotSupportedException.java @@ -0,0 +1,18 @@ +package at.gv.egovernment.moa.id.protocols.pvp2x.exceptions; + +import org.opensaml.saml2.core.StatusCode; + + +public class QAANotSupportedException extends PVP2Exception { + + public QAANotSupportedException(String qaa) { + super("pvp2.05", new Object[] {qaa}); + this.statusCodeValue = StatusCode.REQUESTER_URI; + } + + /** + * + */ + private static final long serialVersionUID = -3964192953884089323L; + +} diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/exceptions/RequestDeniedException.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/exceptions/RequestDeniedException.java new file mode 100644 index 000000000..61c41d82b --- /dev/null +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/exceptions/RequestDeniedException.java @@ -0,0 +1,17 @@ +package at.gv.egovernment.moa.id.protocols.pvp2x.exceptions; + +import org.opensaml.saml2.core.StatusCode; + +public class RequestDeniedException extends PVP2Exception { + + public RequestDeniedException() { + super("pvp2.14", null); + this.statusCodeValue = StatusCode.REQUEST_DENIED_URI; + } + + /** + * + */ + private static final long serialVersionUID = 4415896615794730553L; + +} diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/exceptions/ResponderErrorException.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/exceptions/ResponderErrorException.java new file mode 100644 index 000000000..a24320cbc --- /dev/null +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/exceptions/ResponderErrorException.java @@ -0,0 +1,22 @@ +package at.gv.egovernment.moa.id.protocols.pvp2x.exceptions; + +import org.opensaml.saml2.core.StatusCode; + +public class ResponderErrorException extends PVP2Exception { + + /** + * + */ + private static final long serialVersionUID = -425416760138285446L; + + public ResponderErrorException(String messageId, Object[] parameters, + Throwable wrapped) { + super(messageId, parameters, wrapped); + this.statusCodeValue = StatusCode.RESPONDER_URI; + } + + public ResponderErrorException(String messageId, Object[] parameters) { + super(messageId, parameters); + this.statusCodeValue = StatusCode.RESPONDER_URI; + } +} diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/exceptions/SAMLRequestNotSignedException.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/exceptions/SAMLRequestNotSignedException.java new file mode 100644 index 000000000..e0f576205 --- /dev/null +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/exceptions/SAMLRequestNotSignedException.java @@ -0,0 +1,22 @@ +package at.gv.egovernment.moa.id.protocols.pvp2x.exceptions; + +import org.opensaml.saml2.core.StatusCode; + +public class SAMLRequestNotSignedException extends PVP2Exception { + + public SAMLRequestNotSignedException() { + super("pvp2.07", null); + this.statusCodeValue = StatusCode.REQUESTER_URI; + } + + public SAMLRequestNotSignedException(Throwable e) { + super("pvp2.07", null, e); + this.statusCodeValue = StatusCode.REQUESTER_URI; + } + + /** + * + */ + private static final long serialVersionUID = 1L; + +} diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/exceptions/SAMLRequestNotSupported.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/exceptions/SAMLRequestNotSupported.java new file mode 100644 index 000000000..029470b94 --- /dev/null +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/exceptions/SAMLRequestNotSupported.java @@ -0,0 +1,18 @@ +package at.gv.egovernment.moa.id.protocols.pvp2x.exceptions; + +import org.opensaml.saml2.core.StatusCode; + + +public class SAMLRequestNotSupported extends PVP2Exception { + + public SAMLRequestNotSupported() { + super("pvp2.09", null); + this.statusCodeValue = StatusCode.REQUEST_UNSUPPORTED_URI; + } + + /** + * + */ + private static final long serialVersionUID = 1244883178458802767L; + +} diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/exceptions/UnprovideableAttributeException.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/exceptions/UnprovideableAttributeException.java new file mode 100644 index 000000000..0a91cc61a --- /dev/null +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/exceptions/UnprovideableAttributeException.java @@ -0,0 +1,15 @@ +package at.gv.egovernment.moa.id.protocols.pvp2x.exceptions; + +import org.opensaml.saml2.core.StatusCode; + +public class UnprovideableAttributeException extends PVP2Exception { + /** + * + */ + private static final long serialVersionUID = 3972197758163647157L; + + public UnprovideableAttributeException(String attributeName) { + super("pvp2.10", new Object[] {attributeName}); + this.statusCodeValue = StatusCode.UNKNOWN_ATTR_PROFILE_URI; + } +} diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/metadata/MOAMetadataProvider.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/metadata/MOAMetadataProvider.java new file mode 100644 index 000000000..99567478d --- /dev/null +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/metadata/MOAMetadataProvider.java @@ -0,0 +1,144 @@ +package at.gv.egovernment.moa.id.protocols.pvp2x.metadata; + +import java.io.File; +import java.security.cert.CertificateException; +import java.util.Iterator; +import java.util.List; +import java.util.Timer; + +import javax.xml.namespace.QName; + +import org.apache.commons.httpclient.HttpClient; +import org.apache.commons.httpclient.protocol.Protocol; +import org.opensaml.saml2.metadata.EntitiesDescriptor; +import org.opensaml.saml2.metadata.EntityDescriptor; +import org.opensaml.saml2.metadata.RoleDescriptor; +import org.opensaml.saml2.metadata.provider.ChainingMetadataProvider; +import org.opensaml.saml2.metadata.provider.FilesystemMetadataProvider; +import org.opensaml.saml2.metadata.provider.HTTPMetadataProvider; +import org.opensaml.saml2.metadata.provider.MetadataFilter; +import org.opensaml.saml2.metadata.provider.MetadataProvider; +import org.opensaml.saml2.metadata.provider.MetadataProviderException; +import org.opensaml.xml.XMLObject; +import org.opensaml.xml.parse.BasicParserPool; + +import at.gv.egovernment.moa.id.auth.validator.parep.client.szrgw.SZRGWSecureSocketFactory; +import at.gv.egovernment.moa.id.commons.db.ConfigurationDBRead; +import at.gv.egovernment.moa.id.commons.db.ConfigurationDBUtils; +import at.gv.egovernment.moa.id.commons.db.dao.config.OAPVP2; +import at.gv.egovernment.moa.id.commons.db.dao.config.OnlineApplication; +import at.gv.egovernment.moa.id.config.auth.AuthConfigurationProvider; +import at.gv.egovernment.moa.id.protocols.pvp2x.verification.MetadataSignatureFilter; +import at.gv.egovernment.moa.id.util.SSLUtils; +import at.gv.egovernment.moa.logging.Logger; + +public class MOAMetadataProvider implements MetadataProvider { + + private static MOAMetadataProvider instance = null; + + private static Object mutex = new Object(); + + public static MOAMetadataProvider getInstance() { + if (instance == null) { + synchronized (mutex) { + if (instance == null) { + instance = new MOAMetadataProvider(); + } + } + } + return instance; + } + + MetadataProvider internalProvider; + + private MOAMetadataProvider() { + ChainingMetadataProvider chainProvider = new ChainingMetadataProvider(); + Logger.info("Loading metadata"); + List<OnlineApplication> oaList = ConfigurationDBRead + .getAllActiveOnlineApplications(); + Iterator<OnlineApplication> oaIt = oaList.iterator(); + while (oaIt.hasNext()) { + try { + OnlineApplication oa = oaIt.next(); + Logger.info("Loading metadata for: " + oa.getFriendlyName()); + OAPVP2 pvp2Config = oa.getAuthComponentOA().getOAPVP2(); + if (pvp2Config != null) { + String metadataURL = pvp2Config.getMetadataURL(); + try { + // TODO: use proper SSL checking + HTTPMetadataProvider httpProvider = new HTTPMetadataProvider( + metadataURL, 20000); + httpProvider.setParserPool(new BasicParserPool()); + httpProvider.setRequireValidMetadata(true); + MetadataFilter filter = new MetadataSignatureFilter( + metadataURL, pvp2Config.getCertificate()); + httpProvider.setMetadataFilter(filter); + chainProvider.addMetadataProvider(httpProvider); + httpProvider.initialize(); + } catch (MetadataProviderException e) { + Logger.error( + "Failed to add Metadata file for " + + oa.getFriendlyName() + "[ " + + e.getMessage() + " ]", e); + } catch (CertificateException e) { + Logger.error( + "Failed to add Metadata file for " + + oa.getFriendlyName() + "[ " + + e.getMessage() + " ]", e); + } + } else { + Logger.info(oa.getFriendlyName() + + " is not a PVP2 Application skipping"); + } + } catch (Throwable e) { + Logger.error( + "Failed to add Metadata (unhandled reason: " + + e.getMessage(), e); + } + } + + internalProvider = chainProvider; + } + + public boolean requireValidMetadata() { + return internalProvider.requireValidMetadata(); + } + + public void setRequireValidMetadata(boolean requireValidMetadata) { + internalProvider.setRequireValidMetadata(requireValidMetadata); + } + + public MetadataFilter getMetadataFilter() { + return internalProvider.getMetadataFilter(); + } + + public void setMetadataFilter(MetadataFilter newFilter) + throws MetadataProviderException { + internalProvider.setMetadataFilter(newFilter); + } + + public XMLObject getMetadata() throws MetadataProviderException { + return internalProvider.getMetadata(); + } + + public EntitiesDescriptor getEntitiesDescriptor(String name) + throws MetadataProviderException { + return internalProvider.getEntitiesDescriptor(name); + } + + public EntityDescriptor getEntityDescriptor(String entityID) + throws MetadataProviderException { + return internalProvider.getEntityDescriptor(entityID); + } + + public List<RoleDescriptor> getRole(String entityID, QName roleName) + throws MetadataProviderException { + return internalProvider.getRole(entityID, roleName); + } + + public RoleDescriptor getRole(String entityID, QName roleName, + String supportedProtocol) throws MetadataProviderException { + return internalProvider.getRole(entityID, roleName, supportedProtocol); + } + +} diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/requestHandler/ArtifactResolution.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/requestHandler/ArtifactResolution.java new file mode 100644 index 000000000..d479de2d7 --- /dev/null +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/requestHandler/ArtifactResolution.java @@ -0,0 +1,56 @@ +package at.gv.egovernment.moa.id.protocols.pvp2x.requestHandler; + +import javax.servlet.http.HttpServletRequest; +import javax.servlet.http.HttpServletResponse; + +import org.joda.time.DateTime; +import org.opensaml.common.binding.artifact.SAMLArtifactMap.SAMLArtifactMapEntry; +import org.opensaml.saml2.core.ArtifactResolve; +import org.opensaml.saml2.core.ArtifactResponse; + +import at.gv.egovernment.moa.id.MOAIDException; +import at.gv.egovernment.moa.id.auth.data.AuthenticationSession; +import at.gv.egovernment.moa.id.protocols.pvp2x.PVPAssertionStorage; +import at.gv.egovernment.moa.id.protocols.pvp2x.binding.MOARequest; +import at.gv.egovernment.moa.id.protocols.pvp2x.binding.SoapBinding; +import at.gv.egovernment.moa.id.protocols.pvp2x.exceptions.RequestDeniedException; +import at.gv.egovernment.moa.id.protocols.pvp2x.utils.SAML2Utils; +import at.gv.egovernment.moa.logging.Logger; + +public class ArtifactResolution implements IRequestHandler { + + public boolean handleObject(MOARequest obj) { + return (obj.getSamlRequest() instanceof ArtifactResolve); + } + + public void process(MOARequest obj, HttpServletRequest req, + HttpServletResponse resp, AuthenticationSession moasession) throws MOAIDException { + if (!handleObject(obj)) { + throw new MOAIDException("pvp2.13", null); + } + + ArtifactResolve artifactResolve = (ArtifactResolve) obj + .getSamlRequest(); + String artifactID = artifactResolve.getArtifact().getArtifact(); + + PVPAssertionStorage pvpAssertion = PVPAssertionStorage.getInstance(); + + if (!pvpAssertion.contains(artifactID)) { + throw new RequestDeniedException(); + } else { + try { + SAMLArtifactMapEntry assertion = pvpAssertion.get(artifactID); + ArtifactResponse response = SAML2Utils + .createSAMLObject(ArtifactResponse.class); + response.setMessage(assertion.getSamlMessage()); + response.setIssueInstant(new DateTime()); + SoapBinding encoder = new SoapBinding(); + encoder.encodeRespone(req, resp, response, null); + } catch (Exception e) { + Logger.error("Failed to resolve artifact", e); + } + } + + } + +} diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/requestHandler/AuthnRequestHandler.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/requestHandler/AuthnRequestHandler.java new file mode 100644 index 000000000..f8270cf33 --- /dev/null +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/requestHandler/AuthnRequestHandler.java @@ -0,0 +1,120 @@ +package at.gv.egovernment.moa.id.protocols.pvp2x.requestHandler; + +import javax.servlet.http.HttpServletRequest; +import javax.servlet.http.HttpServletResponse; + +import org.opensaml.common.xml.SAMLConstants; +import org.opensaml.saml2.core.Assertion; +import org.opensaml.saml2.core.AuthnRequest; +import org.opensaml.saml2.core.Issuer; +import org.opensaml.saml2.core.NameID; +import org.opensaml.saml2.core.Response; +import org.opensaml.saml2.metadata.AssertionConsumerService; +import org.opensaml.saml2.metadata.EntityDescriptor; +import org.opensaml.saml2.metadata.SPSSODescriptor; +import org.opensaml.ws.message.encoder.MessageEncodingException; +import org.opensaml.xml.security.SecurityException; + +import at.gv.egovernment.moa.id.AuthenticationException; +import at.gv.egovernment.moa.id.MOAIDException; +import at.gv.egovernment.moa.id.auth.data.AuthenticationSession; +import at.gv.egovernment.moa.id.moduls.AuthenticationManager; +import at.gv.egovernment.moa.id.protocols.pvp2x.PVPConstants; +import at.gv.egovernment.moa.id.protocols.pvp2x.binding.ArtifactBinding; +import at.gv.egovernment.moa.id.protocols.pvp2x.binding.IEncoder; +import at.gv.egovernment.moa.id.protocols.pvp2x.binding.MOARequest; +import at.gv.egovernment.moa.id.protocols.pvp2x.binding.PostBinding; +import at.gv.egovernment.moa.id.protocols.pvp2x.binding.RedirectBinding; +import at.gv.egovernment.moa.id.protocols.pvp2x.builder.assertion.PVP2AssertionBuilder; +import at.gv.egovernment.moa.id.protocols.pvp2x.config.PVPConfiguration; +import at.gv.egovernment.moa.id.protocols.pvp2x.exceptions.BindingNotSupportedException; +import at.gv.egovernment.moa.id.protocols.pvp2x.exceptions.InvalidAssertionConsumerServiceException; +import at.gv.egovernment.moa.id.protocols.pvp2x.utils.SAML2Utils; +import at.gv.egovernment.moa.id.storage.AuthenticationSessionStoreage; +import at.gv.egovernment.moa.logging.Logger; + +public class AuthnRequestHandler implements IRequestHandler, PVPConstants { + + public boolean handleObject(MOARequest obj) { + return (obj.getSamlRequest() instanceof AuthnRequest); + } + + public void process(MOARequest obj, HttpServletRequest req, + HttpServletResponse resp, AuthenticationSession authSession) throws MOAIDException { + if (!handleObject(obj)) { + throw new MOAIDException("pvp2.13", null); + } + + AuthnRequest authnRequest = (AuthnRequest) obj.getSamlRequest(); + EntityDescriptor peerEntity = obj.getEntityMetadata(); + +// if (!AuthenticationSessionStoreage.isAuthenticated(authSession.getSessionID())) { +// throw new AuthenticationException("auth.21", new Object[] {}); +// } + +// AuthenticationManager authmanager = AuthenticationManager.getInstance(); +// AuthenticationSession authSession =authmanager.getAuthenticationSession(req.getSession()); + + // authSession.getM + + Assertion assertion = PVP2AssertionBuilder.buildAssertion(authnRequest, authSession, peerEntity); + + Response authResponse = SAML2Utils.createSAMLObject(Response.class); + + + Issuer nissuer = SAML2Utils.createSAMLObject(Issuer.class); + nissuer.setValue(PVPConfiguration.getInstance().getIDPIssuerName()); + nissuer.setFormat(NameID.ENTITY); + authResponse.setIssuer(nissuer); + authResponse.setInResponseTo(authnRequest.getID()); + authResponse.getAssertions().add(assertion); + authResponse.setStatus(SAML2Utils.getSuccessStatus()); + + Integer aIdx = authnRequest.getAssertionConsumerServiceIndex(); + int idx = 0; + + if (aIdx != null) { + idx = aIdx.intValue(); + } + + SPSSODescriptor spSSODescriptor = peerEntity + .getSPSSODescriptor(SAMLConstants.SAML20P_NS); + + AssertionConsumerService consumerService = spSSODescriptor + .getAssertionConsumerServices().get(idx); + + if (consumerService == null) { + throw new InvalidAssertionConsumerServiceException(idx); + } + String oaURL = consumerService.getLocation(); + + IEncoder binding = null; + + if (consumerService.getBinding().equals( + SAMLConstants.SAML2_REDIRECT_BINDING_URI)) { + binding = new RedirectBinding(); + } else if (consumerService.getBinding().equals( + SAMLConstants.SAML2_ARTIFACT_BINDING_URI)) { + // TODO: not supported YET!! + binding = new ArtifactBinding(); + } else if (consumerService.getBinding().equals( + SAMLConstants.SAML2_POST_BINDING_URI)) { + binding = new PostBinding(); + } + + if (binding == null) { + throw new BindingNotSupportedException(consumerService.getBinding()); + } + + try { + binding.encodeRespone(req, resp, authResponse, oaURL); + // TODO add remoteSessionID to AuthSession ExternalPVPSessionStore + } catch (MessageEncodingException e) { + Logger.error("Message Encoding exception", e); + throw new MOAIDException("pvp2.01", null, e); + } catch (SecurityException e) { + Logger.error("Security exception", e); + throw new MOAIDException("pvp2.01", null, e); + } + } +} diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/requestHandler/IRequestHandler.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/requestHandler/IRequestHandler.java new file mode 100644 index 000000000..458316c6d --- /dev/null +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/requestHandler/IRequestHandler.java @@ -0,0 +1,15 @@ +package at.gv.egovernment.moa.id.protocols.pvp2x.requestHandler; + +import javax.servlet.http.HttpServletRequest; +import javax.servlet.http.HttpServletResponse; + +import at.gv.egovernment.moa.id.MOAIDException; +import at.gv.egovernment.moa.id.auth.data.AuthenticationSession; +import at.gv.egovernment.moa.id.protocols.pvp2x.binding.MOARequest; + +public interface IRequestHandler { + public boolean handleObject(MOARequest obj); + + public void process(MOARequest obj, HttpServletRequest req, + HttpServletResponse resp, AuthenticationSession moasession) throws MOAIDException; +} diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/requestHandler/RequestManager.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/requestHandler/RequestManager.java new file mode 100644 index 000000000..a043bfde5 --- /dev/null +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/requestHandler/RequestManager.java @@ -0,0 +1,48 @@ +package at.gv.egovernment.moa.id.protocols.pvp2x.requestHandler; + +import java.util.ArrayList; +import java.util.Iterator; +import java.util.List; + +import javax.servlet.http.HttpServletRequest; +import javax.servlet.http.HttpServletResponse; + +import at.gv.egovernment.moa.id.MOAIDException; +import at.gv.egovernment.moa.id.auth.data.AuthenticationSession; +import at.gv.egovernment.moa.id.protocols.pvp2x.binding.MOARequest; +import at.gv.egovernment.moa.id.protocols.pvp2x.exceptions.SAMLRequestNotSupported; + +public class RequestManager { + + private static RequestManager instance = null; + + private List<IRequestHandler> handler; + + public static synchronized RequestManager getInstance() { + if(instance == null) { + instance = new RequestManager(); + } + return instance; + } + + private RequestManager() { + handler = new ArrayList<IRequestHandler>(); + handler.add(new AuthnRequestHandler()); + handler.add(new ArtifactResolution()); + } + + public void handle(MOARequest obj, HttpServletRequest req, HttpServletResponse resp, AuthenticationSession moasession) + throws SAMLRequestNotSupported, MOAIDException { + Iterator<IRequestHandler> it = handler.iterator(); + while(it.hasNext()) { + IRequestHandler handler = it.next(); + if(handler.handleObject(obj)) { + handler.process(obj, req, resp, moasession); + return; + } + } + + // not handled + throw new SAMLRequestNotSupported(); + } +} diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/signer/CredentialProvider.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/signer/CredentialProvider.java new file mode 100644 index 000000000..38251ab56 --- /dev/null +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/signer/CredentialProvider.java @@ -0,0 +1,96 @@ +package at.gv.egovernment.moa.id.protocols.pvp2x.signer; + +import iaik.pkcs.pkcs12.PKCS12; +import iaik.x509.X509Certificate; + +import java.io.File; +import java.io.FileInputStream; +import java.io.FileNotFoundException; +import java.io.IOException; +import java.security.KeyStore; +import java.security.cert.CertificateException; + +import javax.jws.soap.SOAPBinding.Use; + +import org.opensaml.xml.security.credential.Credential; +import org.opensaml.xml.security.credential.UsageType; +import org.opensaml.xml.security.x509.BasicX509Credential; +import org.opensaml.xml.security.x509.KeyStoreX509CredentialAdapter; +import org.opensaml.xml.security.x509.X509Credential; +import org.opensaml.xml.signature.Signature; +import org.opensaml.xml.signature.SignatureConstants; + +import at.gv.egovernment.moa.id.protocols.pvp2x.config.PVPConfiguration; +import at.gv.egovernment.moa.id.protocols.pvp2x.utils.SAML2Utils; +import at.gv.egovernment.moa.logging.Logger; +import at.gv.egovernment.moa.util.KeyStoreUtils; + +public class CredentialProvider { + public static Credential getIDPSigningCredential() + throws CredentialsNotAvailableException { + KeyStore keyStore; + PVPConfiguration config = PVPConfiguration.getInstance(); + try { + keyStore = KeyStoreUtils.loadKeyStore(config.getIDPKeyStoreFilename(), + config.getIDPKeyStorePassword()); + + KeyStoreX509CredentialAdapter credentials = new KeyStoreX509CredentialAdapter( + keyStore, config.getIDPKeyAlias(), config + .getIDPKeyPassword().toCharArray()); + + credentials.setUsageType(UsageType.SIGNING); + return credentials; + } catch (Exception e) { + Logger.error("Failed to generate IDP Signing credentials"); + e.printStackTrace(); + throw new CredentialsNotAvailableException(e.getMessage(), null); + } + } + + public static Signature getIDPSignature(Credential credentials) { + Signature signer = SAML2Utils.createSAMLObject(Signature.class); + signer.setSignatureAlgorithm(SignatureConstants.ALGO_ID_SIGNATURE_RSA_SHA256); + signer.setCanonicalizationAlgorithm(SignatureConstants.ALGO_ID_C14N_EXCL_OMIT_COMMENTS); + signer.setSigningCredential(credentials); + return signer; + } + + public static Credential getSPTrustedCredential(String entityID) + throws CredentialsNotAvailableException { + + iaik.x509.X509Certificate cert = PVPConfiguration.getInstance() + .getTrustEntityCertificate(entityID); + + if (cert == null) { + throw new CredentialsNotAvailableException("ServiceProvider Certificate can not be loaded from Database", null); + } + + BasicX509Credential credential = new BasicX509Credential(); + credential.setEntityId(entityID); + credential.setUsageType(UsageType.SIGNING); + credential.setPublicKey(cert.getPublicKey()); + + return credential; + } + /* + * public static Credential getTrustedCredential() throws + * CredentialsNotAvailableException { String filename = + * PVPConfiguration.getInstance().getTrustEntityCertificate("sp.crt"); + * + * iaik.x509.X509Certificate cert; try { cert = new X509Certificate(new + * FileInputStream(new File(filename))); } catch (CertificateException e) { + * e.printStackTrace(); throw new + * CredentialsNotAvailableException(e.getMessage(), null); } catch + * (FileNotFoundException e) { e.printStackTrace(); throw new + * CredentialsNotAvailableException(e.getMessage(), null); } catch + * (IOException e) { e.printStackTrace(); throw new + * CredentialsNotAvailableException(e.getMessage(), null); } + * + * BasicX509Credential credential = new BasicX509Credential(); + * credential.setEntityId("sp.crt"); + * credential.setUsageType(UsageType.SIGNING); + * credential.setPublicKey(cert.getPublicKey()); + * + * return credential; } + */ +} diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/signer/CredentialsNotAvailableException.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/signer/CredentialsNotAvailableException.java new file mode 100644 index 000000000..56864bc1f --- /dev/null +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/signer/CredentialsNotAvailableException.java @@ -0,0 +1,17 @@ +package at.gv.egovernment.moa.id.protocols.pvp2x.signer; + +import at.gv.egovernment.moa.id.MOAIDException; + +public class CredentialsNotAvailableException extends MOAIDException { + + public CredentialsNotAvailableException(String messageId, + Object[] parameters) { + super(messageId, parameters); + } + + /** + * + */ + private static final long serialVersionUID = -2564476345552842599L; + +} diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/signer/SAMLSigner.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/signer/SAMLSigner.java new file mode 100644 index 000000000..b88998cd1 --- /dev/null +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/signer/SAMLSigner.java @@ -0,0 +1,5 @@ +package at.gv.egovernment.moa.id.protocols.pvp2x.signer; + +public class SAMLSigner { + +} diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/utils/AttributeExtractor.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/utils/AttributeExtractor.java new file mode 100644 index 000000000..a59fc17c5 --- /dev/null +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/utils/AttributeExtractor.java @@ -0,0 +1,66 @@ +package at.gv.egovernment.moa.id.protocols.pvp2x.utils; + +import java.util.Iterator; +import java.util.List; + +import at.gv.egovernment.moa.id.auth.data.AuthenticationSession; +import at.gv.egovernment.moa.id.auth.data.ExtendedSAMLAttribute; +import at.gv.egovernment.moa.id.auth.validator.parep.ParepValidator; + +public class AttributeExtractor { + + public static String extractSAMLAttributeOA(String name, + AuthenticationSession authSession) { + List extAttributes = authSession.getExtendedSAMLAttributesOA(); + if(extAttributes == null) { + return null; + } + Iterator extAttributesIt = extAttributes.iterator(); + String value = null; + while(extAttributesIt.hasNext()) { + Object attr = extAttributesIt.next(); + if(attr instanceof ExtendedSAMLAttribute) { + ExtendedSAMLAttribute extAttribute = (ExtendedSAMLAttribute) attr; + if(extAttribute.getName().equals(name)) { + if(extAttribute.getValue() instanceof String) { + return extAttribute.getValue().toString(); + } + break; + } + } + } + return null; + } + + public static String extractSAMLAttributeAUTH(String name, + AuthenticationSession authSession) { + List extAttributes = authSession.getExtendedSAMLAttributesAUTH(); + if(extAttributes == null) { + return null; + } + Iterator extAttributesIt = extAttributes.iterator(); + String value = null; + while(extAttributesIt.hasNext()) { + Object attr = extAttributesIt.next(); + if(attr instanceof ExtendedSAMLAttribute) { + ExtendedSAMLAttribute extAttribute = (ExtendedSAMLAttribute) attr; + if(extAttribute.getName().equals(name)) { + if(extAttribute.getValue() instanceof String) { + return extAttribute.getValue().toString(); + } + break; + } + } + } + return null; + } + + public static String extractSAMLAttributeBOTH(String name, + AuthenticationSession authSession) { + String value = extractSAMLAttributeOA(name, authSession); + if(value == null) { + value = extractSAMLAttributeAUTH(name, authSession); + } + return value; + } +} diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/utils/CheckMandateAttributes.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/utils/CheckMandateAttributes.java new file mode 100644 index 000000000..66d0b1d46 --- /dev/null +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/utils/CheckMandateAttributes.java @@ -0,0 +1,47 @@ +package at.gv.egovernment.moa.id.protocols.pvp2x.utils; + +import java.util.ArrayList; +import java.util.Iterator; +import java.util.List; + +import org.opensaml.saml2.metadata.AttributeConsumingService; +import org.opensaml.saml2.metadata.RequestedAttribute; + +import at.gv.egovernment.moa.id.protocols.pvp2x.PVPConstants; + +public class CheckMandateAttributes implements PVPConstants { + private static List<String> minMandateAttributes; + + static { + minMandateAttributes = new ArrayList<String>(); + minMandateAttributes.add(MANDATE_TYPE_NAME); + + minMandateAttributes.add(MANDATE_LEG_PER_FULL_NAME_NAME); + minMandateAttributes.add(MANDATE_LEG_PER_SOURCE_PIN_NAME); + minMandateAttributes.add(MANDATE_LEG_PER_SOURCE_PIN_TYPE_NAME); + + minMandateAttributes.add(MANDATE_NAT_PER_BIRTHDATE_NAME); + minMandateAttributes.add(MANDATE_NAT_PER_GIVEN_NAME_NAME); + minMandateAttributes.add(MANDATE_NAT_PER_BPK_NAME); + minMandateAttributes.add(MANDATE_NAT_PER_FAMILY_NAME_NAME); + + minMandateAttributes.add(MANDATE_PROF_REP_OID_NAME); + minMandateAttributes.add(MANDATE_PROF_REP_DESC_NAME); + minMandateAttributes.add(MANDATE_REFERENCE_VALUE_NAME); + } + + public static boolean canHandleMandate(AttributeConsumingService attributeConsumer) { + List<String> attrList = new ArrayList<String>(minMandateAttributes); + Iterator<RequestedAttribute> attrIt = attributeConsumer.getRequestAttributes().iterator(); + + while(attrIt.hasNext()) { + RequestedAttribute reqAttr = attrIt.next(); + + if(attrList.contains(reqAttr.getName())) { + attrList.remove(reqAttr.getName()); + } + } + + return attrList.isEmpty(); + } +} diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/utils/Digester.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/utils/Digester.java new file mode 100644 index 000000000..7d81825d9 --- /dev/null +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/utils/Digester.java @@ -0,0 +1,26 @@ +package at.gv.egovernment.moa.id.protocols.pvp2x.utils; + +import java.security.MessageDigest; +import java.security.NoSuchAlgorithmException; + +public class Digester { + public static String byteArrayToHexString(byte[] b) { + String result = ""; + for (int i=0; i < b.length; i++) { + result += + Integer.toString( ( b[i] & 0xff ) + 0x100, 16).substring( 1 ); + } + return result; + } + + public static String toSHA1(byte[] convertme) { + MessageDigest md = null; + try { + md = MessageDigest.getInstance("SHA-1"); + } + catch(NoSuchAlgorithmException e) { + e.printStackTrace(); + } + return byteArrayToHexString(md.digest(convertme)); + } +} diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/utils/PrettyPrinter.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/utils/PrettyPrinter.java new file mode 100644 index 000000000..807da0ebe --- /dev/null +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/utils/PrettyPrinter.java @@ -0,0 +1,301 @@ +package at.gv.egovernment.moa.id.protocols.pvp2x.utils; + +import java.io.*; +import javax.xml.parsers.*; +import javax.xml.transform.*; +import javax.xml.transform.dom.*; +import javax.xml.transform.stream.*; + +import org.w3c.dom.Document; + +import org.xml.sax.*; +import org.xml.sax.helpers.*; + + +/** +This class "pretty prints" an XML stream to something more human-readable. +It duplicates the character content with some modifications to whitespace, +restoring line breaks and a simple pattern of indenting child elements. + +This version of the class acts as a SAX 2.0 <code>DefaultHandler</code>, +so to provide the unformatted XML just pass a new instance to a SAX parser. +Its output is via the {@link #toString toString} method. + +One major limitation: we gather character data for elements in a single +buffer, so mixed-content documents will lose a lot of data! This works +best with data-centric documents where elements either have single values +or child elements, but not both. + +@author Will Provost +*/ +/* +Copyright 2002-2003 by Will Provost. +All rights reserved. +*/ +public class PrettyPrinter + extends DefaultHandler +{ + /** + Convenience method to wrap pretty-printing SAX pass over existing content. + */ + public static String prettyPrint (byte[] content) + { + try + { + PrettyPrinter pretty = new PrettyPrinter (); + SAXParserFactory factory = SAXParserFactory.newInstance (); + factory.setFeature + ("http://xml.org/sax/features/namespace-prefixes", true); + factory.newSAXParser ().parse + (new ByteArrayInputStream (content), pretty); + return pretty.toString (); + } + catch (Exception ex) + { + ex.printStackTrace (); + return "EXCEPTION: " + ex.getClass ().getName () + " saying \"" + + ex.getMessage () + "\""; + } + } + + /** + Convenience method to wrap pretty-printing SAX pass over existing content. + */ + public static String prettyPrint (String content) + { + try + { + PrettyPrinter pretty = new PrettyPrinter (); + SAXParserFactory factory = SAXParserFactory.newInstance (); + factory.setFeature + ("http://xml.org/sax/features/namespace-prefixes", true); + factory.newSAXParser ().parse (content, pretty); + return pretty.toString (); + } + catch (Exception ex) + { + ex.printStackTrace (); + return "EXCEPTION: " + ex.getClass ().getName () + " saying \"" + + ex.getMessage () + "\""; + } + } + + /** + Convenience method to wrap pretty-printing SAX pass over existing content. + */ + public static String prettyPrint (InputStream content) + { + try + { + PrettyPrinter pretty = new PrettyPrinter (); + SAXParserFactory factory = SAXParserFactory.newInstance (); + factory.setFeature + ("http://xml.org/sax/features/namespace-prefixes", true); + factory.newSAXParser ().parse (content, pretty); + return pretty.toString (); + } + catch (Exception ex) + { + ex.printStackTrace (); + return "EXCEPTION: " + ex.getClass ().getName () + " saying \"" + + ex.getMessage () + "\""; + } + } + + /** + Convenience method to wrap pretty-printing SAX pass over existing content. + */ + public static String prettyPrint (Document doc) + throws TransformerException + { + try + { + ByteArrayOutputStream buffer = new ByteArrayOutputStream (); + TransformerFactory.newInstance ().newTransformer() + .transform (new DOMSource (doc), new StreamResult (buffer)); + byte[] rawResult = buffer.toByteArray (); + buffer.close (); + + return prettyPrint (rawResult); + } + catch (Exception ex) + { + ex.printStackTrace (); + return "EXCEPTION: " + ex.getClass ().getName () + " saying \"" + + ex.getMessage () + "\""; + } + } + + public static class StreamAdapter + extends OutputStream + { + public StreamAdapter (Writer finalDestination) + { + this.finalDestination = finalDestination; + } + + public void write (int b) + { + out.write (b); + } + + public void flushPretty () + throws IOException + { + PrintWriter finalPrinter = new PrintWriter (finalDestination); + finalPrinter.println + (PrettyPrinter.prettyPrint (out.toByteArray ())); + finalPrinter.close (); + out.close (); + } + + private ByteArrayOutputStream out = new ByteArrayOutputStream (); + Writer finalDestination; + } + + /** + Call this to get the formatted XML post-parsing. + */ + public String toString () + { + return output.toString (); + } + + /** + Prints the XML declaration. + */ + public void startDocument () + throws SAXException + { + output.append ("<?xml version=\"1.0\" encoding=\"UTF-8\" ?>") + .append (endLine); + } + + /** + Prints a blank line at the end of the reformatted document. + */ + public void endDocument () throws SAXException + { + output.append (endLine); + } + + /** + Writes the start tag for the element. + Attributes are written out, one to a text line. Starts gathering + character data for the element. + */ + public void startElement + (String URI, String name, String qName, Attributes attributes) + throws SAXException + { + if (justHitStartTag) + output.append ('>'); + + output.append (endLine) + .append (indent) + .append ('<') + .append (qName); + + int length = attributes.getLength (); + for (int a = 0; a < length; ++a) + output.append (endLine) + .append (indent) + .append (standardIndent) + .append (attributes.getQName (a)) + .append ("=\"") + .append (attributes.getValue (a)) + .append ('\"'); + + if (length > 0) + output.append (endLine) + .append (indent); + + indent += standardIndent; + currentValue = new StringBuffer (); + justHitStartTag = true; + } + + /** + Checks the {@link #currentValue} buffer to gather element content. + Writes this out if it is available. Writes the element end tag. + */ + public void endElement (String URI, String name, String qName) + throws SAXException + { + indent = indent.substring + (0, indent.length () - standardIndent.length ()); + + if (currentValue == null) + output.append (endLine) + .append (indent) + .append ("</") + .append (qName) + .append ('>'); + else if (currentValue.length () != 0) + output.append ('>') + .append (currentValue.toString ()) + .append ("</") + .append (qName) + .append ('>'); + else + output.append ("/>"); + + currentValue = null; + justHitStartTag = false; + } + + /** + When the {@link #currentValue} buffer is enabled, appends character + data into it, to be gathered when the element end tag is encountered. + */ + public void characters (char[] chars, int start, int length) + throws SAXException + { + if (currentValue != null) + currentValue.append (escape (chars, start, length)); + } + + /** + Filter to pass strings to output, escaping <b><</b> and <b>&</b> + characters to &lt; and &amp; respectively. + */ + private static String escape (char[] chars, int start, int length) + { + StringBuffer result = new StringBuffer (); + for (int c = start; c < start + length; ++c) + if (chars[c] == '<') + result.append ("<"); + else if (chars[c] == '&') + result.append ("&"); + else + result.append (chars[c]); + + return result.toString (); + } + + /** + This whitespace string is expanded and collapsed to manage the output + indenting. + */ + private String indent = ""; + + /** + A buffer for character data. It is "enabled" in + {@link #startElement startElement} by being initialized to a + new <b>StringBuffer</b>, and then read and reset to + <code>null</code> in {@link #endElement endElement}. + */ + private StringBuffer currentValue = null; + + /** + The primary buffer for accumulating the formatted XML. + */ + private StringBuffer output = new StringBuffer (); + + private boolean justHitStartTag; + + private static final String standardIndent = " "; + private static final String endLine = + System.getProperty ("line.separator"); +} + diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/utils/SAML2Utils.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/utils/SAML2Utils.java new file mode 100644 index 000000000..d6ac121b1 --- /dev/null +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/utils/SAML2Utils.java @@ -0,0 +1,82 @@ +package at.gv.egovernment.moa.id.protocols.pvp2x.utils; + +import java.io.IOException; +import java.security.NoSuchAlgorithmException; + +import javax.xml.namespace.QName; +import javax.xml.parsers.DocumentBuilder; +import javax.xml.parsers.DocumentBuilderFactory; +import javax.xml.parsers.ParserConfigurationException; +import javax.xml.transform.TransformerException; + +import org.opensaml.Configuration; +import org.opensaml.common.impl.SecureRandomIdentifierGenerator; +import org.opensaml.saml2.core.Status; +import org.opensaml.saml2.core.StatusCode; +import org.opensaml.xml.XMLObject; +import org.opensaml.xml.XMLObjectBuilderFactory; +import org.opensaml.xml.io.Marshaller; +import org.opensaml.xml.io.MarshallingException; +import org.w3c.dom.Document; + +import eu.stork.vidp.messages.common.STORKBootstrap; + +public class SAML2Utils { + + public static <T> T createSAMLObject(final Class<T> clazz) { + try { + XMLObjectBuilderFactory builderFactory = Configuration + .getBuilderFactory(); + + QName defaultElementName = (QName) clazz.getDeclaredField( + "DEFAULT_ELEMENT_NAME").get(null); + @SuppressWarnings("unchecked") + T object = (T) builderFactory.getBuilder(defaultElementName) + .buildObject(defaultElementName); + return object; + } catch (Throwable e) { + e.printStackTrace(); + return null; + } + } + + public static String getSecureIdentifier() { + return idGenerator.generateIdentifier(); + } + + private static SecureRandomIdentifierGenerator idGenerator; + + private static DocumentBuilder builder; + static { + DocumentBuilderFactory factory = DocumentBuilderFactory.newInstance(); + factory.setNamespaceAware(true); + try { + builder = factory.newDocumentBuilder(); + } catch (ParserConfigurationException e) { + // TODO Auto-generated catch block + e.printStackTrace(); + } + try { + idGenerator = new SecureRandomIdentifierGenerator(); + } catch(NoSuchAlgorithmException e) { + e.printStackTrace(); + } + } + + public static Document asDOMDocument(XMLObject object) throws IOException, + MarshallingException, TransformerException { + Document document = builder.newDocument(); + Marshaller out = Configuration.getMarshallerFactory().getMarshaller( + object); + out.marshall(object, document); + return document; + } + + public static Status getSuccessStatus() { + Status status = SAML2Utils.createSAMLObject(Status.class); + StatusCode statusCode = SAML2Utils.createSAMLObject(StatusCode.class); + statusCode.setValue(StatusCode.SUCCESS_URI); + status.setStatusCode(statusCode); + return status; + } +} diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/utils/StoredAssertion.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/utils/StoredAssertion.java new file mode 100644 index 000000000..70793d073 --- /dev/null +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/utils/StoredAssertion.java @@ -0,0 +1,48 @@ +package at.gv.egovernment.moa.id.protocols.pvp2x.utils; + +import org.joda.time.DateTime; +import org.opensaml.common.SAMLObject; +import org.opensaml.common.binding.artifact.SAMLArtifactMap.SAMLArtifactMapEntry; + +public class StoredAssertion implements SAMLArtifactMapEntry { + private String artifact; + private String relyingPartyId; + private String issuerId; + private SAMLObject samlMessage; + private DateTime expirationTime; + + public StoredAssertion(String artifact, + String relyingPartyId, + String issuerId, + SAMLObject samlMessage) { + this.artifact = artifact; + this.relyingPartyId = relyingPartyId; + this.issuerId = issuerId; + this.samlMessage = samlMessage; + this.expirationTime = new DateTime(); + this.expirationTime.plusMinutes(5); + } + + public DateTime getExpirationTime() { + return expirationTime; + } + + public boolean isExpired() { + return this.expirationTime.isAfterNow(); + } + + public void onExpire() { + } + public String getArtifact() { + return artifact; + } + public String getIssuerId() { + return issuerId; + } + public String getRelyingPartyId() { + return relyingPartyId; + } + public SAMLObject getSamlMessage() { + return samlMessage; + } +} diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/validation/ChainSAMLValidator.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/validation/ChainSAMLValidator.java new file mode 100644 index 000000000..bf30c72cb --- /dev/null +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/validation/ChainSAMLValidator.java @@ -0,0 +1,28 @@ +package at.gv.egovernment.moa.id.protocols.pvp2x.validation; + +import java.util.ArrayList; +import java.util.Iterator; +import java.util.List; + +import org.opensaml.saml2.core.RequestAbstractType; + +import at.gv.egovernment.moa.id.MOAIDException; + +public class ChainSAMLValidator implements ISAMLValidator { + +private List<ISAMLValidator> validator = new ArrayList<ISAMLValidator>(); + + public void addValidator(ISAMLValidator validator) { + this.validator.add(validator); + } + + public void validateRequest(RequestAbstractType request) + throws MOAIDException { + Iterator<ISAMLValidator> validatorIterator = validator.iterator(); + while(validatorIterator.hasNext()) { + ISAMLValidator validator = validatorIterator.next(); + validator.validateRequest(request); + } + } + +} diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/validation/ISAMLValidator.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/validation/ISAMLValidator.java new file mode 100644 index 000000000..525a0870e --- /dev/null +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/validation/ISAMLValidator.java @@ -0,0 +1,9 @@ +package at.gv.egovernment.moa.id.protocols.pvp2x.validation; + +import org.opensaml.saml2.core.RequestAbstractType; + +import at.gv.egovernment.moa.id.MOAIDException; + +public interface ISAMLValidator { + public void validateRequest(RequestAbstractType request) throws MOAIDException; +} diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/validation/SAMLSignatureValidator.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/validation/SAMLSignatureValidator.java new file mode 100644 index 000000000..db1241e6f --- /dev/null +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/validation/SAMLSignatureValidator.java @@ -0,0 +1,42 @@ +package at.gv.egovernment.moa.id.protocols.pvp2x.validation; + +import org.opensaml.common.SignableSAMLObject; +import org.opensaml.saml2.core.RequestAbstractType; +import org.opensaml.security.SAMLSignatureProfileValidator; +import org.opensaml.xml.validation.ValidationException; + +import at.gv.egovernment.moa.id.MOAIDException; +import at.gv.egovernment.moa.id.protocols.pvp2x.exceptions.SAMLRequestNotSignedException; + +public class SAMLSignatureValidator implements ISAMLValidator { + + public void validateRequest(RequestAbstractType request) + throws MOAIDException { + if (request.getSignature() == null) { + throw new SAMLRequestNotSignedException(); + } + + try { + SAMLSignatureProfileValidator sigValidator = new SAMLSignatureProfileValidator(); + sigValidator.validate(request.getSignature()); + } catch (ValidationException e) { + e.printStackTrace(); + throw new SAMLRequestNotSignedException(e); + } + } + + public static void validateSignable(SignableSAMLObject signableObject) + throws MOAIDException { + if (signableObject.getSignature() == null) { + throw new SAMLRequestNotSignedException(); + } + + try { + SAMLSignatureProfileValidator sigValidator = new SAMLSignatureProfileValidator(); + sigValidator.validate(signableObject.getSignature()); + } catch (ValidationException e) { + e.printStackTrace(); + throw new SAMLRequestNotSignedException(e); + } + } +} diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/verification/ChainSAMLVerifier.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/verification/ChainSAMLVerifier.java new file mode 100644 index 000000000..5cea607bc --- /dev/null +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/verification/ChainSAMLVerifier.java @@ -0,0 +1,28 @@ +package at.gv.egovernment.moa.id.protocols.pvp2x.verification; + +import java.util.ArrayList; +import java.util.Iterator; +import java.util.List; + +import org.opensaml.saml2.core.RequestAbstractType; + +import at.gv.egovernment.moa.id.MOAIDException; + +public class ChainSAMLVerifier implements ISAMLVerifier { + + private List<ISAMLVerifier> verifier = new ArrayList<ISAMLVerifier>(); + + public void addVerifier(ISAMLVerifier verifier) { + this.verifier.add(verifier); + } + + public void verifyRequest(RequestAbstractType request) + throws MOAIDException { + Iterator<ISAMLVerifier> verifyIterator = verifier.iterator(); + while(verifyIterator.hasNext()) { + ISAMLVerifier verifier = verifyIterator.next(); + verifier.verifyRequest(request); + } + } + +} diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/verification/EntityVerifier.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/verification/EntityVerifier.java new file mode 100644 index 000000000..b78c2f264 --- /dev/null +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/verification/EntityVerifier.java @@ -0,0 +1,160 @@ +package at.gv.egovernment.moa.id.protocols.pvp2x.verification; + +import java.util.Iterator; +import java.util.List; + +import org.opensaml.saml2.metadata.EntitiesDescriptor; +import org.opensaml.saml2.metadata.EntityDescriptor; +import org.opensaml.security.SAMLSignatureProfileValidator; +import org.opensaml.xml.security.credential.Credential; +import org.opensaml.xml.signature.SignatureValidator; +import org.opensaml.xml.validation.ValidationException; + +import at.gv.egovernment.moa.id.MOAIDException; +import at.gv.egovernment.moa.id.commons.db.ConfigurationDBRead; +import at.gv.egovernment.moa.id.commons.db.dao.config.OAPVP2; +import at.gv.egovernment.moa.id.commons.db.dao.config.OnlineApplication; +import at.gv.egovernment.moa.id.protocols.pvp2x.exceptions.NoCredentialsException; +import at.gv.egovernment.moa.id.protocols.pvp2x.exceptions.SAMLRequestNotSignedException; +import at.gv.egovernment.moa.id.protocols.pvp2x.signer.CredentialProvider; +import at.gv.egovernment.moa.logging.Logger; + +public class EntityVerifier { + + public static byte[] fetchSavedCredential(String entityID) { + List<OnlineApplication> oaList = ConfigurationDBRead + .getAllActiveOnlineApplications(); + Iterator<OnlineApplication> oaIt = oaList.iterator(); + while (oaIt.hasNext()) { + OnlineApplication oa = oaIt.next(); + if (oa.getPublicURLPrefix().equals(entityID)) { + OAPVP2 pvp2Config = oa.getAuthComponentOA().getOAPVP2(); + if (pvp2Config != null) { + return pvp2Config.getCertificate(); + } + } + } + return null; + } + + public static void verify(EntityDescriptor entityDescriptor) + throws MOAIDException { + if (entityDescriptor.getSignature() == null) { + throw new SAMLRequestNotSignedException(); + } + + try { + SAMLSignatureProfileValidator sigValidator = new SAMLSignatureProfileValidator(); + sigValidator.validate(entityDescriptor.getSignature()); + } catch (ValidationException e) { + Logger.error("Failed to validate Signature", e); + throw new SAMLRequestNotSignedException(e); + } + + Credential credential = CredentialProvider + .getSPTrustedCredential(entityDescriptor.getEntityID()); + if (credential == null) { + throw new NoCredentialsException(entityDescriptor.getEntityID()); + } + + SignatureValidator sigValidator = new SignatureValidator(credential); + try { + sigValidator.validate(entityDescriptor.getSignature()); + } catch (ValidationException e) { + Logger.error("Failed to verfiy Signature", e); + throw new SAMLRequestNotSignedException(e); + } + } + + public static void verify(EntityDescriptor entityDescriptor, Credential cred) + throws MOAIDException { + if (entityDescriptor.getSignature() == null) { + throw new SAMLRequestNotSignedException(); + } + + try { + SAMLSignatureProfileValidator sigValidator = new SAMLSignatureProfileValidator(); + sigValidator.validate(entityDescriptor.getSignature()); + } catch (ValidationException e) { + Logger.error("Failed to validate Signature", e); + throw new SAMLRequestNotSignedException(e); + } + + SignatureValidator sigValidator = new SignatureValidator(cred); + try { + sigValidator.validate(entityDescriptor.getSignature()); + } catch (ValidationException e) { + Logger.error("Failed to verfiy Signature", e); + throw new SAMLRequestNotSignedException(e); + } + } + + public static void verify(EntitiesDescriptor entityDescriptor, + Credential cred) throws MOAIDException { + if (entityDescriptor.getSignature() == null) { + throw new SAMLRequestNotSignedException(); + } + + try { + SAMLSignatureProfileValidator sigValidator = new SAMLSignatureProfileValidator(); + sigValidator.validate(entityDescriptor.getSignature()); + } catch (ValidationException e) { + Logger.error("Failed to validate Signature", e); + throw new SAMLRequestNotSignedException(e); + } + + SignatureValidator sigValidator = new SignatureValidator(cred); + try { + sigValidator.validate(entityDescriptor.getSignature()); + + } catch (ValidationException e) { + Logger.error("Failed to verfiy Signature", e); + throw new SAMLRequestNotSignedException(e); + } + } + + public static void verify(EntitiesDescriptor entityDescriptor) + throws MOAIDException { + if (entityDescriptor.getSignature() == null) { + throw new SAMLRequestNotSignedException(); + } + + try { + SAMLSignatureProfileValidator sigValidator = new SAMLSignatureProfileValidator(); + sigValidator.validate(entityDescriptor.getSignature()); + } catch (ValidationException e) { + Logger.error("Failed to validate Signature", e); + throw new SAMLRequestNotSignedException(e); + } + + List<EntityDescriptor> entities = entityDescriptor + .getEntityDescriptors(); + + if (entities.size() > 0) { + + if (entities.size() > 1) { + Logger.warn("More then one EntityID in Metadatafile with Name " + + entityDescriptor.getName() + + " defined. Actually only the first" + + " entryID is used to select the certificate to perform Metadata verification."); + } + + Credential credential = CredentialProvider + .getSPTrustedCredential(entities.get(0).getEntityID()); + + if (credential == null) { + throw new NoCredentialsException("moaID IDP"); + } + + SignatureValidator sigValidator = new SignatureValidator(credential); + try { + sigValidator.validate(entityDescriptor.getSignature()); + + } catch (ValidationException e) { + Logger.error("Failed to verfiy Signature", e); + throw new SAMLRequestNotSignedException(e); + } + } + } + +} diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/verification/ISAMLVerifier.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/verification/ISAMLVerifier.java new file mode 100644 index 000000000..a577f3f46 --- /dev/null +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/verification/ISAMLVerifier.java @@ -0,0 +1,9 @@ +package at.gv.egovernment.moa.id.protocols.pvp2x.verification; + +import org.opensaml.saml2.core.RequestAbstractType; + +import at.gv.egovernment.moa.id.MOAIDException; + +public interface ISAMLVerifier { + public void verifyRequest(RequestAbstractType request) throws MOAIDException; +} diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/verification/MetadataSignatureFilter.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/verification/MetadataSignatureFilter.java new file mode 100644 index 000000000..36dc2442c --- /dev/null +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/verification/MetadataSignatureFilter.java @@ -0,0 +1,78 @@ +package at.gv.egovernment.moa.id.protocols.pvp2x.verification; + +import iaik.x509.X509Certificate; + +import java.security.cert.CertificateException; +import java.util.Iterator; + +import org.opensaml.saml2.metadata.EntitiesDescriptor; +import org.opensaml.saml2.metadata.EntityDescriptor; +import org.opensaml.saml2.metadata.provider.FilterException; +import org.opensaml.saml2.metadata.provider.MetadataFilter; +import org.opensaml.xml.XMLObject; +import org.opensaml.xml.security.credential.Credential; +import org.opensaml.xml.security.x509.BasicX509Credential; + +import at.gv.egovernment.moa.id.MOAIDException; +import at.gv.egovernment.moa.logging.Logger; + +public class MetadataSignatureFilter implements MetadataFilter { + + private String metadataURL; + private BasicX509Credential savedCredential; + + public MetadataSignatureFilter(String url, byte[] certificate) + throws CertificateException { + this.metadataURL = url; + X509Certificate cert = new X509Certificate(certificate); + savedCredential = new BasicX509Credential(); + savedCredential.setEntityCertificate(cert); + } + + public void processEntityDescriptorr(EntityDescriptor desc) throws MOAIDException { + + String entityID = desc.getEntityID(); + + EntityVerifier.verify(desc); + } + + public void processEntitiesDescriptor(EntitiesDescriptor desc) throws MOAIDException { + Iterator<EntitiesDescriptor> entID = desc.getEntitiesDescriptors().iterator(); + + if(desc.getSignature() != null) { + EntityVerifier.verify(desc, this.savedCredential); + } + + while(entID.hasNext()) { + processEntitiesDescriptor(entID.next()); + } + + Iterator<EntityDescriptor> entIT = desc.getEntityDescriptors().iterator(); + + while(entID.hasNext()) { + processEntityDescriptorr(entIT.next()); + } + } + + public void doFilter(XMLObject metadata) throws FilterException { + try { + if (metadata instanceof EntitiesDescriptor) { + EntitiesDescriptor entitiesDescriptor = (EntitiesDescriptor) metadata; + if(entitiesDescriptor.getSignature() == null) { + throw new MOAIDException("Root element of metadata file has to be signed", null); + } + processEntitiesDescriptor(entitiesDescriptor); + } /*else if (metadata instanceof EntityDescriptor) { + EntityDescriptor entityDescriptor = (EntityDescriptor) metadata; + processEntityDescriptorr(entityDescriptor); + } */else { + throw new MOAIDException("Invalid Metadata file Root element is no EntitiesDescriptor", null); + } + Logger.info("Metadata Filter done OK"); + } catch (MOAIDException e) { + e.printStackTrace(); + throw new FilterException(e); + } + } + +} diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/verification/SAMLVerificationEngine.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/verification/SAMLVerificationEngine.java new file mode 100644 index 000000000..8df418f9a --- /dev/null +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/verification/SAMLVerificationEngine.java @@ -0,0 +1,67 @@ +package at.gv.egovernment.moa.id.protocols.pvp2x.verification; + +import org.opensaml.common.xml.SAMLConstants; +import org.opensaml.saml2.core.RequestAbstractType; +import org.opensaml.saml2.core.Response; +import org.opensaml.saml2.metadata.IDPSSODescriptor; +import org.opensaml.saml2.metadata.SPSSODescriptor; +import org.opensaml.security.MetadataCriteria; +import org.opensaml.security.SAMLSignatureProfileValidator; +import org.opensaml.xml.security.CriteriaSet; +import org.opensaml.xml.security.credential.UsageType; +import org.opensaml.xml.security.criteria.EntityIDCriteria; +import org.opensaml.xml.security.criteria.UsageCriteria; +import org.opensaml.xml.signature.SignatureTrustEngine; +import org.opensaml.xml.validation.ValidationException; + +public class SAMLVerificationEngine { + + public void verifyResponse(Response samlObj, SignatureTrustEngine sigTrustEngine ) throws org.opensaml.xml.security.SecurityException, Exception { + SAMLSignatureProfileValidator profileValidator = new SAMLSignatureProfileValidator(); + try { + profileValidator.validate(samlObj.getSignature()); + } catch (ValidationException e) { + // Indicates signature did not conform to SAML Signature profile + e.printStackTrace(); + } + + CriteriaSet criteriaSet = new CriteriaSet(); + criteriaSet.add( new EntityIDCriteria(samlObj.getIssuer().getValue()) ); + criteriaSet.add( new MetadataCriteria(SPSSODescriptor.DEFAULT_ELEMENT_NAME, SAMLConstants.SAML20P_NS) ); + criteriaSet.add( new UsageCriteria(UsageType.SIGNING) ); + + try { + if (!sigTrustEngine.validate(samlObj.getSignature(), criteriaSet)) { + throw new Exception("Signature was either invalid or signing key could not be established as trusted"); + } + } catch (SecurityException e) { + // Indicates processing error evaluating the signature + e.printStackTrace(); + } + } + + public void verifyRequest(RequestAbstractType samlObj, SignatureTrustEngine sigTrustEngine ) throws org.opensaml.xml.security.SecurityException, Exception { + SAMLSignatureProfileValidator profileValidator = new SAMLSignatureProfileValidator(); + try { + profileValidator.validate(samlObj.getSignature()); + } catch (ValidationException e) { + // Indicates signature did not conform to SAML Signature profile + e.printStackTrace(); + } + + CriteriaSet criteriaSet = new CriteriaSet(); + criteriaSet.add( new EntityIDCriteria(samlObj.getIssuer().getValue()) ); + criteriaSet.add( new MetadataCriteria(SPSSODescriptor.DEFAULT_ELEMENT_NAME, SAMLConstants.SAML20P_NS) ); + criteriaSet.add( new UsageCriteria(UsageType.SIGNING) ); + + try { + if (!sigTrustEngine.validate(samlObj.getSignature(), criteriaSet)) { + throw new Exception("Signature was either invalid or signing key could not be established as trusted"); + } + } catch (SecurityException e) { + // Indicates processing error evaluating the signature + e.printStackTrace(); + } + } + +} diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/verification/SAMLVerifierMOASP.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/verification/SAMLVerifierMOASP.java new file mode 100644 index 000000000..6dbaae0a1 --- /dev/null +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/verification/SAMLVerifierMOASP.java @@ -0,0 +1,108 @@ +package at.gv.egovernment.moa.id.protocols.pvp2x.verification; + +import org.opensaml.saml2.core.RequestAbstractType; +import org.opensaml.security.SAMLSignatureProfileValidator; +import org.opensaml.xml.validation.ValidationException; +import org.w3c.dom.Element; + +import at.gv.egovernment.moa.id.BuildException; +import at.gv.egovernment.moa.id.MOAIDException; +import at.gv.egovernment.moa.id.ParseException; +import at.gv.egovernment.moa.id.ServiceException; +import at.gv.egovernment.moa.id.auth.builder.VerifyXMLSignatureRequestBuilder; +import at.gv.egovernment.moa.id.auth.data.VerifyXMLSignatureResponse; +import at.gv.egovernment.moa.id.auth.invoke.SignatureVerificationInvoker; +import at.gv.egovernment.moa.id.auth.parser.VerifyXMLSignatureResponseParser; +import at.gv.egovernment.moa.id.config.ConfigurationException; +import at.gv.egovernment.moa.id.config.auth.AuthConfigurationProvider; +import at.gv.egovernment.moa.logging.Logger; +import eu.stork.vidp.messages.util.XMLUtil; + +public class SAMLVerifierMOASP implements ISAMLVerifier { + + + //TODO: implement via metadata validator .... + public void verifyRequest(RequestAbstractType request) + throws MOAIDException { + // validate Signature + try { + if (request.isSigned()) { + + String trustProfileID = AuthConfigurationProvider.getInstance() + .getStorkConfig().getSignatureVerificationParameter() + .getTrustProfileID(); + + Logger.trace("Starting validation of Signature references"); + try { + SAMLSignatureProfileValidator sigValidator = new SAMLSignatureProfileValidator(); + sigValidator.validate(request.getSignature()); + } catch (ValidationException e) { + Logger.error("Validation of XML Signature refrences failed: " + + e.getMessage()); + throw new SecurityException(e); + } + Logger.debug("XML Signature references are OK."); + + Logger.debug("Invoking MOA-SP with TrustProfileID: " + + trustProfileID); + + // builds a <VerifyXMLSignatureRequest> for a call of MOA-SP + Element domVerifyXMLSignatureRequest = new VerifyXMLSignatureRequestBuilder() + .build(XMLUtil.printXML(request.getDOM()).getBytes(), + trustProfileID); + + Logger.trace("VerifyXMLSignatureRequest for MOA-SP succesfully built"); + + Logger.trace("Calling MOA-SP"); + // invokes the call + Element domVerifyXMLSignatureResponse = new SignatureVerificationInvoker() + .verifyXMLSignature(domVerifyXMLSignatureRequest); + + // parses the <VerifyXMLSignatureResponse> + VerifyXMLSignatureResponse verifyXMLSignatureResponse = new VerifyXMLSignatureResponseParser( + domVerifyXMLSignatureResponse).parseData(); + + Logger.trace("Received VerifyXMLSignatureResponse from MOA-SP"); + + if (verifyXMLSignatureResponse.getSignatureCheckCode() != 0) { + String msg = "Signature of SAMLResponse not valid"; + Logger.error(msg); + throw new SecurityException(msg); + } + + Logger.debug("Signature of SAML response successfully verified"); + + if (verifyXMLSignatureResponse.getCertificateCheckCode() != 0) { + String msg = "Certificate of SAMLResponse not valid"; + Logger.error(msg); + throw new SecurityException(msg); + } + + Logger.debug("Signing certificate of SAML response succesfully verified"); + + } else { + String msg = "SAML Object is not signed."; + throw new SecurityException(msg); + } + + } catch (ConfigurationException e) { + String msg = "Unable to load STORK configuration for STORK SAML Response signature verification."; + Logger.error(msg, e); + throw new SecurityException(msg, e); + } catch (ParseException e) { + String msg = "Unable to parse VerifyXMLSignature Request or Response."; + Logger.error(msg, e); + throw new SecurityException(msg, e); + } catch (BuildException e) { + String msg = "Unable to parse VerifyXMLSignature Request or Response."; + Logger.error(msg, e); + throw new SecurityException(msg, e); + } catch (ServiceException e) { + String msg = "Unable to invoke MOA-SP."; + Logger.error(msg, e); + throw new SecurityException(msg, e); + } + + } + +} diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/verification/TrustEngineFactory.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/verification/TrustEngineFactory.java new file mode 100644 index 000000000..f3c5ed86a --- /dev/null +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/verification/TrustEngineFactory.java @@ -0,0 +1,71 @@ +package at.gv.egovernment.moa.id.protocols.pvp2x.verification; + +import java.util.ArrayList; +import java.util.List; + +import org.opensaml.saml2.metadata.provider.MetadataProviderException; +import org.opensaml.security.MetadataCredentialResolver; +import org.opensaml.xml.security.credential.CredentialResolver; +import org.opensaml.xml.security.keyinfo.BasicProviderKeyInfoCredentialResolver; +import org.opensaml.xml.security.keyinfo.KeyInfoCredentialResolver; +import org.opensaml.xml.security.keyinfo.KeyInfoProvider; +import org.opensaml.xml.security.keyinfo.provider.DSAKeyValueProvider; +import org.opensaml.xml.security.keyinfo.provider.InlineX509DataProvider; +import org.opensaml.xml.security.keyinfo.provider.RSAKeyValueProvider; +import org.opensaml.xml.signature.SignatureTrustEngine; +import org.opensaml.xml.signature.impl.ExplicitKeySignatureTrustEngine; +import org.opensaml.xml.signature.impl.PKIXSignatureTrustEngine; + +import sun.security.krb5.Credentials; + +import at.gv.egovernment.moa.id.protocols.pvp2x.metadata.MOAMetadataProvider; +import edu.internet2.middleware.shibboleth.common.security.MetadataPKIXValidationInformationResolver; + +public class TrustEngineFactory { + + public static SignatureTrustEngine getSignatureTrustEngine() { + try { + MetadataPKIXValidationInformationResolver mdResolver = new MetadataPKIXValidationInformationResolver( + MOAMetadataProvider.getInstance()); + + List<KeyInfoProvider> keyInfoProvider = new ArrayList<KeyInfoProvider>(); + keyInfoProvider.add(new DSAKeyValueProvider()); + keyInfoProvider.add(new RSAKeyValueProvider()); + keyInfoProvider.add(new InlineX509DataProvider()); + + KeyInfoCredentialResolver keyInfoResolver = new BasicProviderKeyInfoCredentialResolver( + keyInfoProvider); + + PKIXSignatureTrustEngine engine = new PKIXSignatureTrustEngine( + mdResolver, keyInfoResolver); + + return engine; + + } catch (Exception e) { + e.printStackTrace(); + return null; + } + } + + public static SignatureTrustEngine getSignatureKnownKeysTrustEngine() { + MetadataCredentialResolver resolver; + + resolver = new MetadataCredentialResolver( + MOAMetadataProvider.getInstance()); + + List<KeyInfoProvider> keyInfoProvider = new ArrayList<KeyInfoProvider>(); + keyInfoProvider.add(new DSAKeyValueProvider()); + keyInfoProvider.add(new RSAKeyValueProvider()); + keyInfoProvider.add(new InlineX509DataProvider()); + + KeyInfoCredentialResolver keyInfoResolver = new BasicProviderKeyInfoCredentialResolver( + keyInfoProvider); + + ExplicitKeySignatureTrustEngine engine = new ExplicitKeySignatureTrustEngine( + resolver, keyInfoResolver); + + return engine; + + } + +} diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/saml1/GetArtifactAction.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/saml1/GetArtifactAction.java new file mode 100644 index 000000000..75825d92d --- /dev/null +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/saml1/GetArtifactAction.java @@ -0,0 +1,186 @@ +package at.gv.egovernment.moa.id.protocols.saml1; + +import java.io.IOException; +import java.io.PrintWriter; +import java.io.UnsupportedEncodingException; + +import javax.servlet.http.HttpServletRequest; +import javax.servlet.http.HttpServletResponse; +import javax.servlet.http.HttpSession; + +import org.apache.commons.lang.StringEscapeUtils; + +import at.gv.egovernment.moa.id.AuthenticationException; +import at.gv.egovernment.moa.id.BuildException; +import at.gv.egovernment.moa.id.auth.WrongParametersException; +import at.gv.egovernment.moa.id.auth.builder.RedirectFormBuilder; +import at.gv.egovernment.moa.id.auth.data.AuthenticationSession; +import at.gv.egovernment.moa.id.auth.servlet.RedirectServlet; +import at.gv.egovernment.moa.id.commons.db.dao.session.AuthenticatedSessionStore; +import at.gv.egovernment.moa.id.commons.db.ex.MOADatabaseException; +import at.gv.egovernment.moa.id.config.ConfigurationException; +import at.gv.egovernment.moa.id.config.auth.AuthConfigurationProvider; +import at.gv.egovernment.moa.id.config.auth.OAAuthParameter; +import at.gv.egovernment.moa.id.data.AuthenticationData; +import at.gv.egovernment.moa.id.moduls.AuthenticationManager; +import at.gv.egovernment.moa.id.moduls.IAction; +import at.gv.egovernment.moa.id.moduls.IRequest; +import at.gv.egovernment.moa.id.storage.AuthenticationSessionStoreage; +import at.gv.egovernment.moa.id.util.ParamValidatorUtils; +import at.gv.egovernment.moa.logging.Logger; +import at.gv.egovernment.moa.util.URLEncoder; + +public class GetArtifactAction implements IAction { + + public void processRequest(IRequest req, HttpServletRequest httpReq, + HttpServletResponse httpResp, AuthenticationSession session) throws AuthenticationException { + +// HttpSession httpSession = httpReq.getSession(); +// AuthenticationManager authmanager = AuthenticationManager.getInstance(); +// AuthenticationSession session = authmanager.getAuthenticationSession(httpSession); + +// if (!AuthenticationSessionStoreage.isAuthenticated(session.getSessionID())) { +// throw new AuthenticationException("auth.21", new Object[] {}); +// } + + String oaURL = (String) req.getOAURL(); + String target = (String) req.getTarget(); + + try { + + + if (oaURL == null) { + throw new WrongParametersException("StartAuthentication", + PARAM_OA, "auth.12"); + } + + // check parameter + if (!ParamValidatorUtils.isValidOA(oaURL)) + throw new WrongParametersException("StartAuthentication", + PARAM_OA, "auth.12"); + + + // if (oaURL == null) { +// oaURL = session.getOAURLRequested(); +// } + + + // TODO: Support Mandate MODE! + OAAuthParameter oaParam = AuthConfigurationProvider.getInstance() + .getOnlineApplicationParameter(oaURL); + + // builds authentication data and stores it together with a SAML + // artifact + + //TODO: check, if this is correct!!!! + //AuthenticationData authData = buildAuthenticationData(session, session.getXMLVerifySignatureResponse(), + // useUTC, false); + + SAML1AuthenticationServer saml1server = SAML1AuthenticationServer.getInstace(); + + AuthenticationData authData = SAML1AuthenticationServer.buildAuthenticationData(session, + oaParam, + target); + + String samlArtifactBase64 = saml1server.BuildSAMLArtifact(session, oaParam, authData); + + if (AuthenticationSessionStoreage.isSSOSession(session.getSessionID())) { + String url = "RedirectServlet"; + url = addURLParameter(url, RedirectServlet.REDIRCT_PARAM_URL, URLEncoder.encode(oaURL, "UTF-8")); + if (!oaParam.getBusinessService()) + url = addURLParameter(url, PARAM_TARGET, URLEncoder.encode(oaParam.getTarget(), "UTF-8")); + url = addURLParameter(url, PARAM_SAMLARTIFACT, URLEncoder.encode(samlArtifactBase64, "UTF-8")); + url = httpResp.encodeRedirectURL(url); + + httpResp.setContentType("text/html"); + httpResp.setStatus(302); + httpResp.addHeader("Location", url); + + } else { + String redirectURL = oaURL; + + //session.getOAURLRequested(); + + if (!oaParam.getBusinessService()) { +// redirectURL = addURLParameter(redirectURL, PARAM_TARGET, +// URLEncoder.encode(session.getTarget(), "UTF-8")); + redirectURL = addURLParameter(redirectURL, PARAM_TARGET, + URLEncoder.encode(oaParam.getTarget(), "UTF-8")); + + + } + redirectURL = addURLParameter(redirectURL, PARAM_SAMLARTIFACT, + URLEncoder.encode(samlArtifactBase64, "UTF-8")); + redirectURL = httpResp.encodeRedirectURL(redirectURL); + httpResp.setContentType("text/html"); + httpResp.setStatus(302); + httpResp.addHeader("Location", redirectURL); + Logger.debug("REDIRECT TO: " + redirectURL); + } + // CONFIRMATION FOR SSO! + /* + * OAAuthParameter oaParam = + * AuthConfigurationProvider.getInstance(). + * getOnlineApplicationParameter(oaURL); + * + * String friendlyName = oaParam.getFriendlyName(); if(friendlyName + * == null) { friendlyName = oaURL; } + * + * + * LoginConfirmationBuilder builder = new + * LoginConfirmationBuilder(); + * builder.addParameter(PARAM_SAMLARTIFACT, samlArtifactBase64); + * String form = builder.finish(oaURL, session.getIdentityLink() + * .getName(), friendlyName); + */ + + /* + * resp.setContentType("text/html"); + * + * OutputStream out = resp.getOutputStream(); + * out.write(form.getBytes("UTF-8")); out.flush(); out.close(); + */ + + } catch (WrongParametersException ex) { + // handleWrongParameters(ex, req, httpResp); + ex.printStackTrace(); + } catch (ConfigurationException e) { + // TODO Auto-generated catch block + e.printStackTrace(); + } catch (BuildException e) { + // TODO Auto-generated catch block + e.printStackTrace(); + } catch (AuthenticationException e) { + // TODO Auto-generated catch block + e.printStackTrace(); + } catch (UnsupportedEncodingException e) { + // TODO Auto-generated catch block + e.printStackTrace(); + } catch (IOException e) { + // TODO Auto-generated catch block + e.printStackTrace(); + } catch (MOADatabaseException e) { + // TODO Auto-generated catch block + e.printStackTrace(); + } + } + + protected static String addURLParameter(String url, String paramname, + String paramvalue) { + String param = paramname + "=" + paramvalue; + if (url.indexOf("?") < 0) + return url + "?" + param; + else + return url + "&" + param; + } + + public boolean needAuthentication(IRequest req, HttpServletRequest httpReq, + HttpServletResponse httpResp) { + return true; + } + + public String getDefaultActionName() { + return SAML1Protocol.GETARTIFACT; + } + +} diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/saml1/GetArtifactServlet.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/saml1/GetArtifactServlet.java new file mode 100644 index 000000000..433302b4f --- /dev/null +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/saml1/GetArtifactServlet.java @@ -0,0 +1,135 @@ +package at.gv.egovernment.moa.id.protocols.saml1; + +import java.io.IOException; + +import javax.servlet.ServletException; +import javax.servlet.http.HttpServletRequest; +import javax.servlet.http.HttpServletResponse; +import javax.servlet.http.HttpSession; + +import org.apache.commons.lang.StringEscapeUtils; + +import at.gv.egovernment.moa.id.AuthenticationException; +import at.gv.egovernment.moa.id.BuildException; +import at.gv.egovernment.moa.id.auth.WrongParametersException; +import at.gv.egovernment.moa.id.auth.data.AuthenticationSession; +import at.gv.egovernment.moa.id.auth.servlet.AuthServlet; +import at.gv.egovernment.moa.id.config.ConfigurationException; +import at.gv.egovernment.moa.id.moduls.AuthenticationManager; +import at.gv.egovernment.moa.id.util.ParamValidatorUtils; +import at.gv.egovernment.moa.logging.Logger; +import at.gv.egovernment.moa.util.URLEncoder; + +public class GetArtifactServlet extends AuthServlet { + + /** + * + */ + private static final long serialVersionUID = 3593264832041467899L; + + /** + * Constructor for GetArtifactServlet. + */ + public GetArtifactServlet() { + super(); + } + + @Override + protected void doGet(HttpServletRequest req, HttpServletResponse resp) + throws ServletException, IOException { + HttpSession httpSession = req.getSession(); + + + +// AuthenticationSession session = AuthenticationManager +// .getAuthenticationSession(httpSession); +// +// String oaURL = (String) req.getAttribute(PARAM_OA); +// oaURL = StringEscapeUtils.escapeHtml(oaURL); +// +// String target = (String) req.getAttribute(PARAM_TARGET); +// target = StringEscapeUtils.escapeHtml(target); +// +// try { +// +// // check parameter +// if (!ParamValidatorUtils.isValidOA(oaURL)) +// throw new WrongParametersException("StartAuthentication", +// PARAM_OA, "auth.12"); +// +// if (oaURL == null) { +// oaURL = session.getOAURLRequested(); +// } +// +// if (oaURL == null) { +// throw new WrongParametersException("StartAuthentication", +// PARAM_OA, "auth.12"); +// } +// +// String samlArtifactBase64 = SAML1AuthenticationServer +// .BuildSAMLArtifact(session); +// +// String redirectURL = oaURL; +// session.getOAURLRequested(); +// if (!session.getBusinessService()) { +// redirectURL = addURLParameter(redirectURL, PARAM_TARGET, +// URLEncoder.encode(session.getTarget(), "UTF-8")); +// +// } +// redirectURL = addURLParameter(redirectURL, PARAM_SAMLARTIFACT, +// URLEncoder.encode(samlArtifactBase64, "UTF-8")); +// redirectURL = resp.encodeRedirectURL(redirectURL); +// +// resp.setContentType("text/html"); +// resp.setStatus(302); +// +// resp.addHeader("Location", redirectURL); +// Logger.debug("REDIRECT TO: " + redirectURL); +// +// // CONFIRMATION FOR SSO! +// /* +// * OAAuthParameter oaParam = +// * AuthConfigurationProvider.getInstance(). +// * getOnlineApplicationParameter(oaURL); +// * +// * String friendlyName = oaParam.getFriendlyName(); if(friendlyName +// * == null) { friendlyName = oaURL; } +// * +// * +// * LoginConfirmationBuilder builder = new +// * LoginConfirmationBuilder(); +// * builder.addParameter(PARAM_SAMLARTIFACT, samlArtifactBase64); +// * String form = builder.finish(oaURL, session.getIdentityLink() +// * .getName(), friendlyName); +// */ +// +// /* +// resp.setContentType("text/html"); +// +// OutputStream out = resp.getOutputStream(); +// out.write(form.getBytes("UTF-8")); +// out.flush(); +// out.close();*/ +// +// } catch (WrongParametersException ex) { +// handleWrongParameters(ex, req, resp); +// } catch (ConfigurationException e) { +// // TODO Auto-generated catch block +// e.printStackTrace(); +// } catch (BuildException e) { +// // TODO Auto-generated catch block +// e.printStackTrace(); +// } catch (AuthenticationException e) { +// // TODO Auto-generated catch block +// e.printStackTrace(); +// } + + } + + @Override + protected void doPost(HttpServletRequest req, HttpServletResponse resp) + throws ServletException, IOException { + doGet(req, resp); + } + +} diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/GetAuthenticationDataService.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/saml1/GetAuthenticationDataService.java index b5c72ef9f..1fbcb9a46 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/GetAuthenticationDataService.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/saml1/GetAuthenticationDataService.java @@ -22,18 +22,17 @@ */ -package at.gv.egovernment.moa.id.auth.servlet; +package at.gv.egovernment.moa.id.protocols.saml1; import java.util.Calendar; import org.apache.axis.AxisFault; +import org.apache.commons.lang3.StringEscapeUtils; import org.w3c.dom.Element; - import org.w3c.dom.NodeList; import at.gv.egovernment.moa.id.AuthenticationException; import at.gv.egovernment.moa.id.MOAIDException; -import at.gv.egovernment.moa.id.auth.AuthenticationServer; import at.gv.egovernment.moa.id.auth.builder.SAMLResponseBuilder; import at.gv.egovernment.moa.id.data.AuthenticationData; import at.gv.egovernment.moa.id.util.MOAIDMessageProvider; @@ -47,7 +46,7 @@ import at.gv.egovernment.moa.util.XPathUtils; * Web service for picking up authentication data created in the MOA-ID Auth component. * * @author Paul Ivancsics - * @version $Id$ + * @version $Id: GetAuthenticationDataService.java 1233 2012-01-26 21:59:33Z kstranacher $ * @see at.gv.egovernment.moa.id.auth.AuthenticationServer#getAuthenticationData */ public class GetAuthenticationDataService implements Constants { @@ -80,12 +79,12 @@ public class GetAuthenticationDataService implements Constants { throws AxisFault { Element request = requests[0]; - Element[] responses = new Element[1]; + Element[] responses = new Element[1]; String requestID = ""; String statusCode = ""; String subStatusCode = null; String statusMessageCode = null; - String statusMessage = null; + String statusMessage = null; String samlAssertion = ""; boolean useUTC = false; if (requests.length > 1) { @@ -109,23 +108,53 @@ public class GetAuthenticationDataService implements Constants { subStatusCode = "samlp:TooManyResponses"; statusMessageCode = "1203"; } + else { Element samlArtifactElem = (Element)samlArtifactList.item(0); requestID = request.getAttribute("RequestID"); String samlArtifact = DOMUtils.getText(samlArtifactElem); + SAML1AuthenticationServer saml1server = SAML1AuthenticationServer.getInstace(); + try { - - AuthenticationData authData = AuthenticationServer.getInstance(). - getAuthenticationData(samlArtifact); + + AuthenticationData authData = saml1server.getSaml1AuthenticationData(samlArtifact); - useUTC = authData.getUseUTC(); - // success - samlAssertion = authData.getSamlAssertion(); - statusCode = "samlp:Success"; - statusMessageCode = "1200"; - } - catch (AuthenticationException ex) { - // no authentication data for given SAML artifact + useUTC = authData.getUseUTC(); + + // success + samlAssertion = authData.getSamlAssertion(); + statusCode = "samlp:Success"; + statusMessageCode = "1200"; + } + + catch (ClassCastException ex) { + + try { + Throwable error = saml1server.getErrorResponse(samlArtifact); + statusCode = "samlp:Responder"; + subStatusCode = "samlp:RequestDenied"; + + if (error instanceof MOAIDException) { + statusMessageCode = ((MOAIDException)error).getMessageId(); + statusMessage = StringEscapeUtils.escapeXml(((MOAIDException)error).getMessage()); + + } else { + statusMessage = StringEscapeUtils.escapeXml(error.getMessage()); + } + + + + } catch (Exception e) { + //no authentication data for given SAML artifact + statusCode = "samlp:Requester"; + subStatusCode = "samlp:ResourceNotRecognized"; + statusMessage = ex.toString(); + } + + } + + catch (AuthenticationException ex) { + //no authentication data for given SAML artifact statusCode = "samlp:Requester"; subStatusCode = "samlp:ResourceNotRecognized"; statusMessage = ex.toString(); @@ -137,10 +166,12 @@ public class GetAuthenticationDataService implements Constants { statusCode = "samlp:Requester"; statusMessageCode = "1204"; } - } + } + try { String responseID = Random.nextRandom(); String issueInstant = DateTimeUtils.buildDateTime(Calendar.getInstance(), useUTC); + if (statusMessage == null) statusMessage = MOAIDMessageProvider.getInstance().getMessage(statusMessageCode, null); responses[0] = new SAMLResponseBuilder().build( diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/saml1/SAML1AuthenticationServer.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/saml1/SAML1AuthenticationServer.java new file mode 100644 index 000000000..fec2d2b35 --- /dev/null +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/saml1/SAML1AuthenticationServer.java @@ -0,0 +1,522 @@ +package at.gv.egovernment.moa.id.protocols.saml1; + +import java.io.IOException; +import java.util.Date; +import java.util.List; + +import javax.xml.parsers.ParserConfigurationException; +import javax.xml.transform.TransformerException; + +import org.w3c.dom.Element; +import org.xml.sax.SAXException; + +import at.gv.egovernment.moa.id.AuthenticationException; +import at.gv.egovernment.moa.id.BuildException; +import at.gv.egovernment.moa.id.ParseException; +import at.gv.egovernment.moa.id.ServiceException; +import at.gv.egovernment.moa.id.auth.AuthenticationServer; +import at.gv.egovernment.moa.id.auth.builder.AuthenticationDataAssertionBuilder; +import at.gv.egovernment.moa.id.auth.builder.BPKBuilder; +import at.gv.egovernment.moa.id.auth.builder.PersonDataBuilder; +import at.gv.egovernment.moa.id.auth.builder.SAMLArtifactBuilder; +import at.gv.egovernment.moa.id.auth.data.AuthenticationSession; +import at.gv.egovernment.moa.id.auth.data.ExtendedSAMLAttribute; +import at.gv.egovernment.moa.id.auth.data.IdentityLink; +import at.gv.egovernment.moa.id.auth.parser.SAMLArtifactParser; +import at.gv.egovernment.moa.id.auth.validator.ValidateException; +import at.gv.egovernment.moa.id.auth.validator.parep.ParepUtils; +import at.gv.egovernment.moa.id.commons.db.dao.config.OASAML1; +import at.gv.egovernment.moa.id.commons.db.ex.MOADatabaseException; +import at.gv.egovernment.moa.id.config.ConfigurationException; +import at.gv.egovernment.moa.id.config.auth.OAAuthParameter; +import at.gv.egovernment.moa.id.data.AuthenticationData; +import at.gv.egovernment.moa.id.moduls.IRequest; +import at.gv.egovernment.moa.id.storage.AssertionStorage; +import at.gv.egovernment.moa.logging.Logger; +import at.gv.egovernment.moa.util.Base64Utils; +import at.gv.egovernment.moa.util.Constants; +import at.gv.egovernment.moa.util.DOMUtils; +import at.gv.egovernment.moa.util.StringUtils; + +public class SAML1AuthenticationServer extends AuthenticationServer { + + private static SAML1AuthenticationServer instance; + + public static SAML1AuthenticationServer getInstace() { + if (instance == null) + instance = new SAML1AuthenticationServer(); + + return instance; + } + + //private static Map authenticationDataStore = new HashMap(); + private static AssertionStorage authenticationDataStore = AssertionStorage.getInstance(); + + + //TODO: make this time configurable + /** + * time out in milliseconds used by {@link cleanup} for authentication data + * store + */ + private static final long authDataTimeOut = 2 * 60 * 1000; // default 2 minutes + + + public Throwable getErrorResponse(String samlArtifact) throws AuthenticationException { + try { + new SAMLArtifactParser(samlArtifact).parseAssertionHandle(); + + } catch (ParseException ex) { + throw new AuthenticationException("1205", new Object[] { + samlArtifact, ex.toString() }); + } + Throwable error = null; + synchronized (authenticationDataStore) { + try { + error = authenticationDataStore + .get(samlArtifact, Throwable.class); + + authenticationDataStore.remove(samlArtifact); + + } catch (MOADatabaseException e) { + Logger.error("Assertion not found for SAML Artifact: " + samlArtifact); + throw new AuthenticationException("1206", new Object[] { samlArtifact }); + } + + } + + return error; + } + + /** + * Retrieves <code>AuthenticationData</code> indexed by the SAML artifact. + * The <code>AuthenticationData</code> is deleted from the store upon end of + * this call. + * + * @return <code>AuthenticationData</code> + */ + public AuthenticationData getSaml1AuthenticationData(String samlArtifact) + throws AuthenticationException { + try { + new SAMLArtifactParser(samlArtifact).parseAssertionHandle(); + + } catch (ParseException ex) { + throw new AuthenticationException("1205", new Object[] { + samlArtifact, ex.toString() }); + } + AuthenticationData authData = null; + synchronized (authenticationDataStore) { + // System.out.println("assertionHandle: " + assertionHandle); + + try { + authData = authenticationDataStore + .get(samlArtifact, AuthenticationData.class); + + } catch (MOADatabaseException e) { + Logger.error("Assertion not found for SAML Artifact: " + samlArtifact); + throw new AuthenticationException("1206", new Object[] { samlArtifact }); + } + } + + boolean keepAssertion = false; + + //removed from MOA-ID 2.0 config +// try { +// String boolStr = AuthConfigurationProvider.getInstance() +// .getGenericConfigurationParameter( +// "AuthenticationServer.KeepAssertion"); +// if (null != boolStr && boolStr.equalsIgnoreCase("true")) +// keepAssertion = true;// Only allowed for debug purposes!!! +// +// } catch (ConfigurationException ex) { +// throw new AuthenticationException("1205", new Object[] { +// samlArtifact, ex.toString() }); +// } + if (!keepAssertion) { + authenticationDataStore.remove(samlArtifact); + } + + long now = new Date().getTime(); + + if (now - authData.getTimestamp().getTime() > authDataTimeOut) + throw new AuthenticationException("1207", new Object[] { samlArtifact }); + + Logger.debug("Assertion delivered for SAML Artifact: " + samlArtifact); + + return authData; + } + + public String BuildErrorAssertion(Throwable error, IRequest protocolRequest) + throws BuildException, MOADatabaseException { + + String samlArtifact = new SAMLArtifactBuilder().build( + protocolRequest.getOAURL(), protocolRequest.getRequestID(), + null); + + authenticationDataStore.put(samlArtifact, error); + + return samlArtifact; + } + + public String BuildSAMLArtifact(AuthenticationSession session, + OAAuthParameter oaParam, + AuthenticationData authData) + throws ConfigurationException, BuildException, AuthenticationException { + + //Load SAML1 Parameter from OA config + OASAML1 saml1parameter = oaParam.getSAML1Parameter(); + + boolean useCondition = saml1parameter.isUseCondition(); + int conditionLength = saml1parameter.getConditionLength().intValue(); + + try { + + //set BASE64 encoded signer certificate + String signerCertificateBase64 = ""; + if (saml1parameter.isProvideCertificate()) { + byte[] signerCertificate = session.getEncodedSignerCertificate(); + if (signerCertificate != null) { + + signerCertificateBase64 = Base64Utils + .encode(signerCertificate); + } else { + Logger.info("\"provideCertificate\" is \"true\", but no signer certificate available"); + } + } + + //set prPersion + boolean provideStammzahl = saml1parameter.isProvideStammzahl(); + String prPerson = new PersonDataBuilder().build(authData.getIdentityLink(), + provideStammzahl); + + //set Authblock + String authBlock = saml1parameter.isProvideAUTHBlock() ? session + .getAuthBlock() : ""; + + //set IdentityLink for assortion + String ilAssertion = saml1parameter.isProvideIdentityLink() ? authData.getIdentityLink() + .getSerializedSamlAssertion() + : ""; + if (!saml1parameter.isProvideStammzahl()) { + ilAssertion = StringUtils.replaceAll(ilAssertion, authData.getIdentityLink() + .getIdentificationValue(), ""); + } + + String samlAssertion; + + if (session.getUseMandate()) { + List oaAttributes = session.getExtendedSAMLAttributesOA(); + + if (saml1parameter.isProvideFullMandatorData()) { + + try { + + ExtendedSAMLAttribute[] extendedSAMLAttributes = addExtendedSamlAttributes( + session.getMISMandate(), oaParam.getBusinessService(), + saml1parameter.isProvideStammzahl()); + + if (extendedSAMLAttributes != null) { + + String identifier = "MISService"; + String friendlyName ="MISService"; + + int length = extendedSAMLAttributes.length; + for (int i = 0; i < length; i++) { + ExtendedSAMLAttribute samlAttribute = extendedSAMLAttributes[i]; + + Object value = verifySAMLAttribute(samlAttribute, i, identifier, + friendlyName); + + if ((value instanceof String) || (value instanceof Element)) { + switch (samlAttribute.getAddToAUTHBlock()) { + case ExtendedSAMLAttribute.ADD_TO_AUTHBLOCK: + replaceExtendedSAMLAttribute(oaAttributes, samlAttribute); + break; + case ExtendedSAMLAttribute.NOT_ADD_TO_AUTHBLOCK: + replaceExtendedSAMLAttribute(oaAttributes, samlAttribute); + break; + default: + Logger + .info("Invalid return value from method \"getAddToAUTHBlock()\" (" + + samlAttribute.getAddToAUTHBlock() + + ") in SAML attribute number " + + (i + 1) + + " for infobox " + identifier); + throw new ValidateException("validator.47", new Object[] { + friendlyName, String.valueOf((i + 1)) }); + } + } else { + Logger + .info("The type of SAML-Attribute number " + + (i + 1) + + " returned from " + + identifier + + "-infobox validator is not valid. Must be either \"java.Lang.String\"" + + " or \"org.w3c.dom.Element\""); + throw new ValidateException("validator.46", new Object[] { + identifier, String.valueOf((i + 1)) }); + } + } + } + + } catch (SAXException e) { + throw new AuthenticationException("auth.16", + new Object[] { GET_MIS_SESSIONID }, e); + } catch (IOException e) { + throw new AuthenticationException("auth.16", + new Object[] { GET_MIS_SESSIONID }, e); + } catch (ParserConfigurationException e) { + throw new AuthenticationException("auth.16", + new Object[] { GET_MIS_SESSIONID }, e); + } catch (TransformerException e) { + throw new AuthenticationException("auth.16", + new Object[] { GET_MIS_SESSIONID }, e); + } + } + + String mandateDate = generateMandateDate(session, oaParam, authData); + + samlAssertion = new AuthenticationDataAssertionBuilder().buildMandate( + authData, + prPerson, + mandateDate, + authBlock, + ilAssertion, + session.getBkuURL(), + signerCertificateBase64, + oaParam.getBusinessService(), + oaAttributes, + useCondition, + conditionLength); + + } else { + samlAssertion = new AuthenticationDataAssertionBuilder().build( + authData, + prPerson, + authBlock, + ilAssertion, + session.getBkuURL(), + signerCertificateBase64, + oaParam.getBusinessService(), + session.getExtendedSAMLAttributesOA(), + useCondition, + conditionLength); + } + + authData.setSamlAssertion(samlAssertion); + + String samlArtifact = new SAMLArtifactBuilder().build( + session.getAuthURL(), session.getSessionID(), + saml1parameter.getSourceID()); + + storeAuthenticationData(samlArtifact, authData); + + Logger.info("Anmeldedaten zu MOASession " + session.getSessionID() + + " angelegt, SAML Artifakt " + samlArtifact); + return samlArtifact; + + } catch (Throwable ex) { + throw new BuildException("builder.00", new Object[] { + "AuthenticationData", ex.toString() }, ex); + } + + } + + private String generateMandateDate(AuthenticationSession session, + OAAuthParameter oaParam, AuthenticationData authData + ) throws AuthenticationException, BuildException, + ParseException, ConfigurationException, ServiceException, + ValidateException { + + if (session == null) + throw new AuthenticationException("auth.10", new Object[] { + REQ_VERIFY_AUTH_BLOCK, PARAM_SESSIONID }); + + //AuthenticationSession session = getSession(sessionID); + // AuthConfigurationProvider authConf = + // AuthConfigurationProvider.getInstance(); + + IdentityLink tempIdentityLink = null; + + Element mandate = session.getMandate(); + + if (session.getUseMandate()) { + tempIdentityLink = new IdentityLink(); + Element mandator = ParepUtils.extractMandator(mandate); + String dateOfBirth = ""; + Element prPerson = null; + String familyName = ""; + String givenName = ""; + String identificationType = ""; + String identificationValue = ""; + if (mandator != null) { + boolean physical = ParepUtils.isPhysicalPerson(mandator); + if (physical) { + familyName = ParepUtils.extractText(mandator, + "descendant-or-self::pr:Name/pr:FamilyName/text()"); + givenName = ParepUtils.extractText(mandator, + "descendant-or-self::pr:Name/pr:GivenName/text()"); + dateOfBirth = ParepUtils + .extractMandatorDateOfBirth(mandator); + } else { + familyName = ParepUtils.extractMandatorFullName(mandator); + } + identificationType = ParepUtils.getIdentification(mandator, + "Type"); + identificationValue = ParepUtils.extractMandatorWbpk(mandator); + + prPerson = ParepUtils.extractPrPersonOfMandate(mandate); + if (physical + && oaParam.getBusinessService() + && identificationType != null + && Constants.URN_PREFIX_BASEID + .equals(identificationType)) { + // now we calculate the wbPK and do so if we got it from the + // BKU + + + //load IdentityLinkDomainType from OAParam + String type = oaParam.getIdentityLinkDomainIdentifier(); + if (type.startsWith(Constants.URN_PREFIX_WBPK + "+")) + identificationType = type; + else + identificationType = Constants.URN_PREFIX_WBPK + "+" + + type; + + + identificationValue = new BPKBuilder().buildWBPK( + identificationValue, identificationType); + ParepUtils + .HideStammZahlen(prPerson, true, null, null, true); + } + + tempIdentityLink.setDateOfBirth(dateOfBirth); + tempIdentityLink.setFamilyName(familyName); + tempIdentityLink.setGivenName(givenName); + tempIdentityLink.setIdentificationType(identificationType); + tempIdentityLink.setIdentificationValue(identificationValue); + tempIdentityLink.setPrPerson(prPerson); + try { + tempIdentityLink.setSamlAssertion(authData.getIdentityLink() + .getSamlAssertion()); + } catch (Exception e) { + throw new ValidateException("validator.64", null); + } + + } + + } + + Element mandatePerson = tempIdentityLink.getPrPerson(); + + String mandateData = null; + try { + + boolean provideStammzahl = oaParam.getSAML1Parameter().isProvideStammzahl(); + + String oatargetType; + + if(oaParam.getBusinessService()) { + oatargetType = AuthenticationSession.REGISTERANDORDNR_PREFIX_+session.getDomainIdentifier(); + + } else { + oatargetType = AuthenticationSession.TARGET_PREFIX_ + oaParam.getTarget(); + } + + Element prIdentification = (Element) mandatePerson + .getElementsByTagNameNS(Constants.PD_NS_URI, + "Identification").item(0); + + if (!oatargetType.equals(tempIdentityLink.getIdentificationType())) { + + String isPrPerson = mandatePerson.getAttribute("xsi:type"); + + if (!StringUtils.isEmpty(isPrPerson)) { + if (isPrPerson.equalsIgnoreCase("pr:PhysicalPerson")) { + String baseid = getBaseId(mandatePerson); + Element identificationBpK = createIdentificationBPK(mandatePerson, + baseid, oaParam.getTarget()); + + if (!provideStammzahl) { + prIdentification.getFirstChild().setTextContent(""); + } + + mandatePerson.insertBefore(identificationBpK, + prIdentification); + } + } + + } else { + +// Element identificationBpK = mandatePerson.getOwnerDocument() +// .createElementNS(Constants.PD_NS_URI, "Identification"); +// Element valueBpK = mandatePerson.getOwnerDocument().createElementNS( +// Constants.PD_NS_URI, "Value"); +// +// valueBpK.appendChild(mandatePerson.getOwnerDocument().createTextNode( +// tempIdentityLink.getIdentificationValue())); +// Element typeBpK = mandatePerson.getOwnerDocument().createElementNS( +// Constants.PD_NS_URI, "Type"); +// typeBpK.appendChild(mandatePerson.getOwnerDocument().createTextNode( +// "urn:publicid:gv.at:cdid+bpk")); +// identificationBpK.appendChild(valueBpK); +// identificationBpK.appendChild(typeBpK); +// +// mandatePerson.insertBefore(identificationBpK, prIdentification); + } + + + mandateData = DOMUtils.serializeNode(mandatePerson); + + } catch (TransformerException e1) { + throw new AuthenticationException("auth.16", + new Object[] { GET_MIS_SESSIONID }); + } catch (IOException e1) { + throw new AuthenticationException("auth.16", + new Object[] { GET_MIS_SESSIONID }); + } + + return mandateData; + } + + + + + /** + * Stores authentication data indexed by the assertion handle contained in + * the given saml artifact. + * + * @param samlArtifact + * SAML artifact + * @param authData + * authentication data + * @throws AuthenticationException + * when SAML artifact is invalid + */ + private void storeAuthenticationData(String samlArtifact, + AuthenticationData authData) throws AuthenticationException { + + try { + SAMLArtifactParser parser = new SAMLArtifactParser(samlArtifact); + // check type code 0x0001 + byte[] typeCode = parser.parseTypeCode(); + if (typeCode[0] != 0 || typeCode[1] != 1) + throw new AuthenticationException("auth.06", + new Object[] { samlArtifact }); + parser.parseAssertionHandle(); + + synchronized (authenticationDataStore) { + Logger.debug("Assertion stored for SAML Artifact: " + + samlArtifact); + authenticationDataStore.put(samlArtifact, authData); + } + + } catch (AuthenticationException ex) { + throw ex; + + } catch (Throwable ex) { + throw new AuthenticationException("auth.06", + new Object[] { samlArtifact }); + } + } + +} diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/saml1/SAML1Protocol.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/saml1/SAML1Protocol.java new file mode 100644 index 000000000..a310b16ff --- /dev/null +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/saml1/SAML1Protocol.java @@ -0,0 +1,175 @@ +package at.gv.egovernment.moa.id.protocols.saml1; + +import java.util.ArrayList; +import java.util.HashMap; +import java.util.List; + +import javax.servlet.http.HttpServletRequest; +import javax.servlet.http.HttpServletResponse; + +import org.apache.commons.lang.StringEscapeUtils; + +import at.gv.egovernment.moa.id.AuthenticationException; +import at.gv.egovernment.moa.id.MOAIDException; +import at.gv.egovernment.moa.id.auth.MOAIDAuthConstants; +import at.gv.egovernment.moa.id.auth.WrongParametersException; +import at.gv.egovernment.moa.id.auth.servlet.RedirectServlet; +import at.gv.egovernment.moa.id.config.auth.AuthConfigurationProvider; +import at.gv.egovernment.moa.id.config.auth.OAAuthParameter; +import at.gv.egovernment.moa.id.moduls.IAction; +import at.gv.egovernment.moa.id.moduls.IModulInfo; +import at.gv.egovernment.moa.id.moduls.IRequest; +import at.gv.egovernment.moa.id.moduls.ServletInfo; +import at.gv.egovernment.moa.id.moduls.ServletType; +import at.gv.egovernment.moa.id.moduls.RequestImpl; +import at.gv.egovernment.moa.id.util.ParamValidatorUtils; +import at.gv.egovernment.moa.logging.Logger; +import at.gv.egovernment.moa.util.URLEncoder; + +public class SAML1Protocol implements IModulInfo, MOAIDAuthConstants { + + public static final String NAME = SAML1Protocol.class.getName(); + public static final String PATH = "id_saml1"; + + public static final String GETARTIFACT = "GetArtifact"; + + private static List<ServletInfo> servletList = new ArrayList<ServletInfo>(); + + private static HashMap<String, IAction> actions = new HashMap<String, IAction>(); + + static { + servletList.add(new ServletInfo(GetArtifactServlet.class, GETARTIFACT, + ServletType.AUTH)); + + actions.put(GETARTIFACT, new GetArtifactAction()); + + instance = new SAML1Protocol(); + } + + private static SAML1Protocol instance = null; + + public static SAML1Protocol getInstance() { + if (instance == null) { + instance = new SAML1Protocol(); + } + return instance; + } + + public List<ServletInfo> getServlets() { + return servletList; + } + + + public String getName() { + return NAME; + } + + public String getPath() { + return PATH; + } + + public IRequest preProcess(HttpServletRequest request, + HttpServletResponse response, String action) throws MOAIDException { + RequestImpl config = new RequestImpl(); + String oaURL = (String) request.getParameter(PARAM_OA); + oaURL = StringEscapeUtils.escapeHtml(oaURL); + + String target = (String) request.getParameter(PARAM_TARGET); + target = StringEscapeUtils.escapeHtml(target); + + //the target parameter is used to define the OA in SAML1 standard + if (target != null && target.startsWith("http")) { + oaURL = target; + target = null; + } + + if (!ParamValidatorUtils.isValidOA(oaURL)) + throw new WrongParametersException("StartAuthentication", PARAM_OA, + "auth.12"); + config.setOAURL(oaURL); + + //load Target only from OA config + OAAuthParameter oaParam = AuthConfigurationProvider.getInstance() + .getOnlineApplicationParameter(oaURL); + + if (oaParam == null) + throw new AuthenticationException("auth.00", + new Object[] { oaURL }); + + config.setTarget(oaParam.getTarget()); + + + //TODO: set reauthenticate if OA.useSSO=false + + request.getSession().setAttribute(PARAM_OA, oaURL); + request.getSession().setAttribute(PARAM_TARGET, oaParam.getTarget()); + return config; + } + + public boolean generateErrorMessage(Throwable e, + HttpServletRequest request, HttpServletResponse response, + IRequest protocolRequest) + throws Throwable{ + + SAML1AuthenticationServer saml1authentication = SAML1AuthenticationServer.getInstace(); + + String samlArtifactBase64 = saml1authentication.BuildErrorAssertion(e, protocolRequest); + + String url = "RedirectServlet"; + url = addURLParameter(url, RedirectServlet.REDIRCT_PARAM_URL, URLEncoder.encode(protocolRequest.getOAURL(), "UTF-8")); + url = addURLParameter(url, PARAM_SAMLARTIFACT, URLEncoder.encode(samlArtifactBase64, "UTF-8")); + url = response.encodeRedirectURL(url); + + response.setContentType("text/html"); + response.setStatus(302); + response.addHeader("Location", url); + Logger.debug("REDIRECT TO: " + url); + + return true; + } + + public IAction getAction(String action) { + return actions.get(action); + } + + public IAction canHandleRequest(HttpServletRequest request, + HttpServletResponse response) { + return null; + } + + public boolean validate(HttpServletRequest request, + HttpServletResponse response, IRequest pending) { + + //TODO: funktioniert so nicht!!! + +// String oaURL = (String) request.getParameter(PARAM_OA); +// oaURL = StringEscapeUtils.escapeHtml(oaURL); +// String target = (String) request.getParameter(PARAM_TARGET); +// target = StringEscapeUtils.escapeHtml(target); +// +// //the target parameter is used to define the OA in SAML1 standard +// if (target.startsWith("http")) { +// oaURL = target; +// target = null; +// } +// +// if (oaURL != null) { +// if (oaURL.equals(pending.getOAURL())) +// return true; +// else +// return false; +// } + + return true; + } + + protected static String addURLParameter(String url, String paramname, + String paramvalue) { + String param = paramname + "=" + paramvalue; + if (url.indexOf("?") < 0) + return url + "?" + param; + else + return url + "&" + param; + } + +} diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/proxy/DefaultConnectionBuilder.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/proxy/DefaultConnectionBuilder.java index c1e64dd53..e1bd38d68 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/proxy/DefaultConnectionBuilder.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/proxy/DefaultConnectionBuilder.java @@ -63,9 +63,11 @@ public class DefaultConnectionBuilder implements ConnectionBuilder { * @throws ConfigurationException on any config error */ public DefaultConnectionBuilder() throws ConfigurationException { - cbDisableHostnameVerification = BoolUtils.valueOf( - ProxyConfigurationProvider.getInstance().getGenericConfigurationParameter( - "ProxyComponent.DisableHostnameVerification")); + //INFO: removed from MOA-ID 2.0 config + cbDisableHostnameVerification = false; +// cbDisableHostnameVerification = BoolUtils.valueOf( +// ProxyConfigurationProvider.getInstance().getGenericConfigurationParameter( +// "ProxyComponent.DisableHostnameVerification")); //TODO MOA-ID BRZ undocumented feature if (cbDisableHostnameVerification) Logger.warn("ProxyComponent.DisableHostnameVerification: " + cbDisableHostnameVerification); @@ -113,7 +115,7 @@ public class DefaultConnectionBuilder implements ConnectionBuilder { //conn.setAllowUserInteraction(true); conn.setInstanceFollowRedirects(false); - // JSSE Abhängigkeit + // JSSE Abhängigkeit if (conn instanceof HttpsURLConnection && sslSocketFactory != null) { HttpsURLConnection httpsConn = (HttpsURLConnection) conn; httpsConn.setSSLSocketFactory(sslSocketFactory); @@ -187,7 +189,7 @@ public class DefaultConnectionBuilder implements ConnectionBuilder { * Hostname Verification Check */ - // JSSE Abhängigkeit + // JSSE Abhängigkeit private class HostnameNonVerifier implements HostnameVerifier { public boolean verify(String hostname, SSLSession session) { diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/proxy/DefaultLoginParameterResolver.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/proxy/DefaultLoginParameterResolver.java index 7a356aaf0..03b012a27 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/proxy/DefaultLoginParameterResolver.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/proxy/DefaultLoginParameterResolver.java @@ -136,8 +136,10 @@ public class DefaultLoginParameterResolver implements LoginParameterResolver { return authData.getDateOfBirth(); if (predicate.equals(MOABPK)) return authData.getBPK(); - if (predicate.equals(MOAWBPK)) - return authData.getWBPK(); + + //AuthData holdes the correct BPK/WBPK + if (predicate.equals(MOAWBPK)) + return authData.getBPK(); if (predicate.equals(MOAPublicAuthority)) if (authData.isPublicAuthority()) return "true"; diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/proxy/ElakConnectionBuilder.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/proxy/ElakConnectionBuilder.java index 29c8b3bca..1243960ac 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/proxy/ElakConnectionBuilder.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/proxy/ElakConnectionBuilder.java @@ -86,9 +86,12 @@ public class ElakConnectionBuilder implements ConnectionBuilder { * @throws ConfigurationException on any config error */ public ElakConnectionBuilder() throws ConfigurationException { - cbDisableHostnameVerification = BoolUtils.valueOf( - ProxyConfigurationProvider.getInstance().getGenericConfigurationParameter( - "ProxyComponent.DisableHostnameVerification")); + + //INFO: removed from MOA-ID 2.0 config + cbDisableHostnameVerification = false; +// cbDisableHostnameVerification = BoolUtils.valueOf( +// ProxyConfigurationProvider.getInstance().getGenericConfigurationParameter( +// "ProxyComponent.DisableHostnameVerification")); //TODO MOA-ID BRZ undocumented feature if (cbDisableHostnameVerification) Logger.warn("ProxyComponent.DisableHostnameVerification: " + cbDisableHostnameVerification); @@ -204,7 +207,7 @@ public class ElakConnectionBuilder implements ConnectionBuilder { //conn.setUseCaches(false); webDavConn.setAllowUserInteraction(true); webDavConn.setInstanceFollowRedirects(false); - // JSSE Abhängigkeit + // JSSE Abhängigkeit if (conn instanceof HttpsURLConnection && sslSocketFactory != null) { HttpsURLConnection httpsConn = (HttpsURLConnection) conn; httpsConn.setSSLSocketFactory(sslSocketFactory); @@ -258,7 +261,7 @@ public class ElakConnectionBuilder implements ConnectionBuilder { * A private class to change the standard HostName verifier to disable the * Hostname Verification Check */ -//JSSE Abhängigkeit +//JSSE Abhängigkeit private class HostnameNonVerifier implements HostnameVerifier { diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/proxy/EnhancedConnectionBuilder.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/proxy/EnhancedConnectionBuilder.java index 023b2c272..9bbef8aa9 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/proxy/EnhancedConnectionBuilder.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/proxy/EnhancedConnectionBuilder.java @@ -46,7 +46,7 @@ import at.gv.egovernment.moa.util.BoolUtils; /** * Outlook Web Access (OWA) Implementierung von <code>ConnectionBuilder</code>. - * uses the HTTP(s)Client from Ronald Tschalär. + * uses the HTTP(s)Client from Ronald Tschalär. * origin version (without https support) is available at http://www.innovation.ch/java/HTTPClient/ * * @author pdanner @@ -79,9 +79,12 @@ public class EnhancedConnectionBuilder implements ConnectionBuilder { * @throws ConfigurationException on any config error */ public EnhancedConnectionBuilder() throws ConfigurationException { - cbDisableHostnameVerification = BoolUtils.valueOf( - ProxyConfigurationProvider.getInstance().getGenericConfigurationParameter( - "ProxyComponent.DisableHostnameVerification")); + + //INFO: removed from MOA-ID 2.0 config + cbDisableHostnameVerification = false; +// cbDisableHostnameVerification = BoolUtils.valueOf( +// ProxyConfigurationProvider.getInstance().getGenericConfigurationParameter( +// "ProxyComponent.DisableHostnameVerification")); //TODO MOA-ID BRZ undocumented feature if (cbDisableHostnameVerification) Logger.warn("ProxyComponent.DisableHostnameVerification: " + cbDisableHostnameVerification); @@ -168,7 +171,7 @@ public class EnhancedConnectionBuilder implements ConnectionBuilder { * A private class to change the standard HostName verifier to disable the * Hostname Verification Check */ - // JSSE Abhängigkeit + // JSSE Abhängigkeit private class HostnameNonVerifier implements HostnameVerifier { diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/proxy/MOAIDProxyInitializer.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/proxy/MOAIDProxyInitializer.java index 61f38412e..e075c99ef 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/proxy/MOAIDProxyInitializer.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/proxy/MOAIDProxyInitializer.java @@ -33,7 +33,7 @@ import java.security.GeneralSecurityException; import javax.net.ssl.SSLSocketFactory; import at.gv.egovernment.moa.id.config.ConfigurationException; -import at.gv.egovernment.moa.id.config.ConnectionParameter; +import at.gv.egovernment.moa.id.config.legacy.ConnectionParameter; import at.gv.egovernment.moa.id.config.proxy.OAProxyParameter; import at.gv.egovernment.moa.id.config.proxy.ProxyConfigurationProvider; import at.gv.egovernment.moa.id.iaik.config.LoggerConfigImpl; @@ -91,8 +91,10 @@ public class MOAIDProxyInitializer { ConnectionParameter connParamAuth = proxyConf.getAuthComponentConnectionParameter(); if (connParamAuth!=null) { if (connParamAuth.isHTTPSURL()) { - SSLSocketFactory ssf = SSLUtils.getSSLSocketFactory(proxyConf, connParamAuth); - AxisSecureSocketFactory.initialize(ssf); + + //TODO: einkommentieren!!!! + //SSLSocketFactory ssf = SSLUtils.getSSLSocketFactory(proxyConf, connParamAuth); + //AxisSecureSocketFactory.initialize(ssf); } } else { throw new ConfigurationException("config.16", null); @@ -104,8 +106,10 @@ public class MOAIDProxyInitializer { for (int i = 0; i < oaParams.length; i++) { OAProxyParameter oaParam = oaParams[i]; ConnectionParameter oaConnParam = oaParam.getConnectionParameter(); - if (oaConnParam.isHTTPSURL()) - SSLUtils.getSSLSocketFactory(proxyConf, oaConnParam); + if (oaConnParam.isHTTPSURL()); + + //TODO: einkommentieren!!!! + //SSLUtils.getSSLSocketFactory(proxyConf, oaConnParam); } // Initializes the ConnectionBuilderFactory from configuration data diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/proxy/XMLLoginParameterResolverEncryptedData.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/proxy/XMLLoginParameterResolverEncryptedData.java index 1fc257ea8..1a466c520 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/proxy/XMLLoginParameterResolverEncryptedData.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/proxy/XMLLoginParameterResolverEncryptedData.java @@ -499,8 +499,10 @@ public class XMLLoginParameterResolverEncryptedData implements LoginParameterRes return authData.getDateOfBirth(); if (predicate.equals("MOABPK")) return authData.getBPK(); + + //AuthData holdes the correct BPK/WBPK if (predicate.equals("MOAWBPK")) - return authData.getWBPK(); + return authData.getBPK(); if (predicate.equals("MOAPublicAuthority")) if (authData.isPublicAuthority()) return "true"; diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/proxy/XMLLoginParameterResolverPlainData.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/proxy/XMLLoginParameterResolverPlainData.java index 6f698770c..b904161a1 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/proxy/XMLLoginParameterResolverPlainData.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/proxy/XMLLoginParameterResolverPlainData.java @@ -324,8 +324,10 @@ public class XMLLoginParameterResolverPlainData return authData.getDateOfBirth(); if(predicate.equals(MOABPK)) return authData.getBPK(); + + //AuthData holds the correct BPK/WBPK if(predicate.equals(MOAWBPK)) - return authData.getWBPK(); + return authData.getBPK(); if(predicate.equals(MOAPublicAuthority)) if(authData.isPublicAuthority()) return "true"; diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/proxy/invoke/GetAuthenticationDataInvoker.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/proxy/invoke/GetAuthenticationDataInvoker.java index fa455b4ef..6cb7ffdfc 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/proxy/invoke/GetAuthenticationDataInvoker.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/proxy/invoke/GetAuthenticationDataInvoker.java @@ -41,7 +41,7 @@ import at.gv.egovernment.moa.id.BuildException; import at.gv.egovernment.moa.id.ParseException; import at.gv.egovernment.moa.id.ServiceException; import at.gv.egovernment.moa.id.config.ConfigurationException; -import at.gv.egovernment.moa.id.config.ConnectionParameter; +import at.gv.egovernment.moa.id.config.legacy.ConnectionParameter; import at.gv.egovernment.moa.id.config.proxy.ProxyConfigurationProvider; import at.gv.egovernment.moa.id.data.AuthenticationData; import at.gv.egovernment.moa.id.data.SAMLStatus; diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/proxy/parser/AuthenticationDataAssertionParser.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/proxy/parser/AuthenticationDataAssertionParser.java index f2aca057a..1589f1440 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/proxy/parser/AuthenticationDataAssertionParser.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/proxy/parser/AuthenticationDataAssertionParser.java @@ -130,7 +130,7 @@ public class AuthenticationDataAssertionParser implements Constants { try { AuthenticationData authData = new AuthenticationData(); - //ÄNDERN: NUR der Identification-Teil + //ÄNDERN: NUR der Identification-Teil authData.setSamlAssertion(DOMUtils.serializeNode(samlAssertion)); authData.setMajorVersion(new Integer( XPathUtils.getAttributeValue(samlAssertion, MAJOR_VERSION_XPATH, "-1")).intValue()); @@ -143,10 +143,17 @@ public class AuthenticationDataAssertionParser implements Constants { authData.setIssueInstant( XPathUtils.getAttributeValue(samlAssertion, ISSUE_INSTANT_XPATH, "")); String pkValue = XPathUtils.getElementValue(samlAssertion, PK_XPATH, ""); + + + //TODO: set pBK and Type if (XPathUtils.getAttributeValue(samlAssertion, NAME_QUALIFIER_XPATH, "").equalsIgnoreCase(URN_PREFIX_BPK)) { - authData.setBPK(pkValue); + //bPK + authData.setBPK(Constants.URN_PREFIX_BPK); + } else { - authData.setWBPK(pkValue); + //wbPK + authData.setBPK(pkValue); + authData.setBPKType(XPathUtils.getElementValue(samlAssertion, IDENTIFICATION_TYPE_XPATH, "")); } authData.setIdentificationValue( XPathUtils.getElementValue(samlAssertion, IDENTIFICATION_VALUE_XPATH, "")); diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/proxy/servlet/ProxyServlet.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/proxy/servlet/ProxyServlet.java index a55e02cdd..ddaab7a28 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/proxy/servlet/ProxyServlet.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/proxy/servlet/ProxyServlet.java @@ -55,7 +55,7 @@ import at.gv.egovernment.moa.id.MOAIDException; import at.gv.egovernment.moa.id.ParseException; import at.gv.egovernment.moa.id.ServiceException; import at.gv.egovernment.moa.id.config.ConfigurationException; -import at.gv.egovernment.moa.id.config.ConnectionParameter; +import at.gv.egovernment.moa.id.config.legacy.ConnectionParameter; import at.gv.egovernment.moa.id.config.proxy.OAConfiguration; import at.gv.egovernment.moa.id.config.proxy.OAProxyParameter; import at.gv.egovernment.moa.id.config.proxy.ProxyConfigurationProvider; @@ -265,7 +265,9 @@ public class ProxyServlet extends HttpServlet { // setup SSLSocketFactory for communication with the online application if (oaConnParam.isHTTPSURL()) { try { - ssf = SSLUtils.getSSLSocketFactory(proxyConf, oaConnParam); + + //TODO: einkommentieren!!!! + //ssf = SSLUtils.getSSLSocketFactory(proxyConf, oaConnParam); } catch (Throwable ex) { throw new ProxyException( "proxy.05", @@ -440,7 +442,7 @@ private int tunnelRequest(HttpServletRequest req, HttpServletResponse resp, Map } } - /* Soll auch bei anderen bindings zuerst ein passwort probiert werden können: + /* Soll auch bei anderen bindings zuerst ein passwort probiert werden k�nnen: //if we have the first Login-Try and we have Binding to Username and a predefined Password we try this one first // full binding will be covered by next block if (loginTry==1 && !OAConfiguration.BINDUNG_FULL.equals(binding)) { @@ -662,7 +664,7 @@ private int tunnelRequest(HttpServletRequest req, HttpServletResponse resp, Map } } -// // Überschrift im Browser-Passworteingabedialog setzen (sonst ist der reale host eingetragen) +// // Ãœberschrift im Browser-Passworteingabedialog setzen (sonst ist der reale host eingetragen) // if (headerKey.equalsIgnoreCase("WWW-Authenticate") && headerValue.startsWith("Basic realm=\"")) { // headerValue = "Basic realm=\"" + publicURLPrefix + "\""; // if (OAConfiguration.BINDUNG_USERNAME.equals(originBinding) || OAConfiguration.BINDUNG_NOMATCH.equals(originBinding)) { diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/storage/AssertionStorage.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/storage/AssertionStorage.java new file mode 100644 index 000000000..b01a6a36e --- /dev/null +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/storage/AssertionStorage.java @@ -0,0 +1,156 @@ +package at.gv.egovernment.moa.id.storage; + +import iaik.util.logging.Log; + +import java.io.Serializable; +import java.util.Date; +import java.util.List; + +import org.apache.commons.lang.SerializationUtils; +import org.hibernate.HibernateException; +import org.hibernate.Query; +import org.hibernate.Session; + +import at.gv.egovernment.moa.id.commons.db.MOASessionDBUtils; +import at.gv.egovernment.moa.id.commons.db.dao.session.AssertionStore; +import at.gv.egovernment.moa.id.commons.db.ex.MOADatabaseException; +import at.gv.egovernment.moa.logging.Logger; +import at.gv.egovernment.moa.util.MiscUtil; + +public class AssertionStorage { + + private static AssertionStorage instance = null; + + public static AssertionStorage getInstance() { + if(instance == null) { + instance = new AssertionStorage(); + } + return instance; + } + + public boolean containsKey(String artifact) { + try { + searchInDatabase(artifact); + return true; + + } catch (MOADatabaseException e) { + return false; + } + + } + + public void put(String artifact, Object assertion) throws MOADatabaseException { + //setup AssertionStore element + AssertionStore element = new AssertionStore(); + element.setArtifact(artifact); + element.setType(assertion.getClass().getName()); + element.setDatatime(new Date()); + + //serialize the Assertion for Database storage + byte[] data = SerializationUtils.serialize((Serializable) assertion); + element.setAssertion(data); + + //store AssertionStore element to Database + try { + MOASessionDBUtils.saveOrUpdate(element); + Log.info("Assertion with Artifact=" + artifact + " is stored in Database"); + + } catch (MOADatabaseException e) { + Logger.warn("Assertion could not be stored."); + throw new MOADatabaseException(e); + } + + } + + public <T> T get(String artifact, final Class<T> clazz) throws MOADatabaseException { + + AssertionStore element = searchInDatabase(artifact); + + //Deserialize Assertion + Object data = SerializationUtils.deserialize(element.getAssertion()); + + //check if assertion has the correct class type + try { + @SuppressWarnings("unchecked") + T test = (T) Class.forName(element.getType()).cast(data); + return test; + + } catch (Exception e) { + Log.warn("Assertion Cast-Exception by using Artifact=" + artifact); + throw new MOADatabaseException("Assertion Cast-Exception"); + } + } + + public void clean(long now, long authDataTimeOut) { + Date expioredate = new Date(now - authDataTimeOut); + + List<AssertionStore> results; + Session session = MOASessionDBUtils.getCurrentSession(); + + synchronized (session) { + session.beginTransaction(); + Query query = session.getNamedQuery("getAssertionWithTimeOut"); + query.setTimestamp("timeout", expioredate); + results = query.list(); + session.getTransaction().commit(); + } + + if (results.size() != 0) { + for(AssertionStore result : results) { + try { + MOASessionDBUtils.delete(result); + Logger.info("Remove Assertion with Artifact=" + result.getArtifact() + + " after assertion timeout."); + + } catch (HibernateException e){ + Logger.warn("Assertion with Artifact=" + result.getArtifact() + + " not removed after timeout! (Error during Database communication)", e); + } + + } + } + } + + public void remove(String artifact) { + + try { + AssertionStore element = searchInDatabase(artifact); + MOASessionDBUtils.delete(element); + + } catch (MOADatabaseException e) { + Logger.info("Assertion not removed! (Assertion with Artifact=" + artifact + + "not found)"); + + } catch (HibernateException e) { + Logger.warn("Assertion not removed! (Error during Database communication)", e); + } + } + + @SuppressWarnings("rawtypes") + private AssertionStore searchInDatabase(String artifact) throws MOADatabaseException { + MiscUtil.assertNotNull(artifact, "artifact"); + Logger.trace("Getting Assertion with Artifact " + artifact + " from database."); + Session session = MOASessionDBUtils.getCurrentSession(); + List result; + + synchronized (session) { + session.beginTransaction(); + Query query = session.getNamedQuery("getAssertionWithArtifact"); + query.setString("artifact", artifact); + result = query.list(); + + //send transaction + session.getTransaction().commit(); + } + + Logger.trace("Found entries: " + result.size()); + + //Assertion requires an unique artifact + if (result.size() != 1) { + Logger.trace("No entries found."); + throw new MOADatabaseException("No Assertion found with this Artifact"); + } + + return (AssertionStore) result.get(0); + } +} diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/storage/AuthenticationSessionStoreage.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/storage/AuthenticationSessionStoreage.java new file mode 100644 index 000000000..498188ffe --- /dev/null +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/storage/AuthenticationSessionStoreage.java @@ -0,0 +1,496 @@ +package at.gv.egovernment.moa.id.storage; + +import iaik.util.logging.Log; + +import java.io.Serializable; +import java.util.Date; +import java.util.HashMap; +import java.util.Iterator; +import java.util.List; +import java.util.Set; + +import org.apache.commons.lang.SerializationUtils; +import org.hibernate.HibernateException; +import org.hibernate.Query; +import org.hibernate.Session; +import org.hibernate.Transaction; + +import at.gv.egovernment.moa.id.AuthenticationException; +import at.gv.egovernment.moa.id.BuildException; +import at.gv.egovernment.moa.id.MOAIDException; +import at.gv.egovernment.moa.id.auth.data.AuthenticationSession; +import at.gv.egovernment.moa.id.commons.db.MOASessionDBUtils; +import at.gv.egovernment.moa.id.commons.db.dao.session.AssertionStore; +import at.gv.egovernment.moa.id.commons.db.dao.session.AuthenticatedSessionStore; +import at.gv.egovernment.moa.id.commons.db.dao.session.OASessionStore; +import at.gv.egovernment.moa.id.commons.db.dao.session.OldSSOSessionIDStore; +import at.gv.egovernment.moa.id.commons.db.ex.MOADatabaseException; +import at.gv.egovernment.moa.id.util.Random; +import at.gv.egovernment.moa.id.util.SessionEncrytionUtil; +import at.gv.egovernment.moa.logging.Logger; +import at.gv.egovernment.moa.util.MiscUtil; + +public class AuthenticationSessionStoreage { + + //private static HashMap<String, AuthenticationSession> sessionStore = new HashMap<String, AuthenticationSession>(); + + public static boolean isAuthenticated(String moaSessionID) { + + AuthenticatedSessionStore session; + + try { + session = searchInDatabase(moaSessionID); + return session.isAuthenticated(); + + } catch (MOADatabaseException e) { + return false; + } + } + + public static void setAuthenticated(String moaSessionID, boolean value) { + + AuthenticatedSessionStore session; + + try { + session = searchInDatabase(moaSessionID); + session.setAuthenticated(value); + MOASessionDBUtils.saveOrUpdate(session); + + + } catch (MOADatabaseException e) { + Logger.warn("isAuthenticated can not be stored in MOASession " + moaSessionID, e); + } + } + + public static AuthenticationSession createSession() throws MOADatabaseException { + String id = Random.nextRandom(); + AuthenticationSession session = new AuthenticationSession(id); + + AuthenticatedSessionStore dbsession = new AuthenticatedSessionStore(); + dbsession.setSessionid(id); + dbsession.setAuthenticated(false); + + //set Timestamp in this state, because automated timestamp generation is buggy in Hibernate 4.2.1 + dbsession.setCreated(new Date()); + dbsession.setUpdated(new Date()); + + dbsession.setSession(SerializationUtils.serialize(session)); + + //store AssertionStore element to Database + try { + MOASessionDBUtils.saveOrUpdate(dbsession); + Log.info("MOASession with sessionID=" + id + " is stored in Database"); + + } catch (MOADatabaseException e) { + Logger.warn("MOASession could not be created."); + throw new MOADatabaseException(e); + } + + return session; + } + + public static void storeSession(AuthenticationSession session) throws MOADatabaseException, BuildException { + + try { + AuthenticatedSessionStore dbsession = searchInDatabase(session.getSessionID()); + dbsession.setAuthenticated(session.isAuthenticated()); + byte[] serialized = SerializationUtils.serialize(session); + + dbsession.setSession(SessionEncrytionUtil.encrypt(serialized)); + + //set Timestamp in this state, because automated timestamp generation is buggy in Hibernate 4.2.1 + dbsession.setUpdated(new Date()); + + MOASessionDBUtils.saveOrUpdate(dbsession); + Log.info("MOASession with sessionID=" + session.getSessionID() + " is stored in Database"); + + } catch (MOADatabaseException e) { + Logger.warn("MOASession could not be stored."); + throw new MOADatabaseException(e); + } + } + + public static void storeSession(AuthenticationSession session, String pendingRequestID) throws MOADatabaseException, BuildException { + + try { + AuthenticatedSessionStore dbsession = searchInDatabase(session.getSessionID()); + dbsession.setPendingRequestID(pendingRequestID); + + dbsession.setAuthenticated(session.isAuthenticated()); + byte[] serialized = SerializationUtils.serialize(session); + + dbsession.setSession(SessionEncrytionUtil.encrypt(serialized)); + + //set Timestamp in this state, because automated timestamp generation is buggy in Hibernate 4.2.1 + dbsession.setUpdated(new Date()); + + MOASessionDBUtils.saveOrUpdate(dbsession); + Log.info("MOASession with sessionID=" + session.getSessionID() + " is stored in Database"); + + } catch (MOADatabaseException e) { + Logger.warn("MOASession could not be stored."); + throw new MOADatabaseException(e); + } + } + + + public static void destroySession(String moaSessionID) throws MOADatabaseException { + + Session session = MOASessionDBUtils.getCurrentSession(); + + List result; + + synchronized (session) { + + session.beginTransaction(); + Query query = session.getNamedQuery("getSessionWithID"); + query.setString("sessionid", moaSessionID); + result = query.list(); + + + Logger.trace("Found entries: " + result.size()); + + //Assertion requires an unique artifact + if (result.size() != 1) { + Logger.trace("No entries found."); + throw new MOADatabaseException("No session found with this sessionID"); + } + + AuthenticatedSessionStore dbsession = (AuthenticatedSessionStore) result.get(0); + + //delete MOA Session + session.delete(dbsession); + session.getTransaction().commit(); + } + + } + +// public static void dumpSessionStore() { +// synchronized (sessionStore) { +// Set<String> keys = sessionStore.keySet(); +// Iterator<String> keyIterator = keys.iterator(); +// while(keyIterator.hasNext()) { +// String key = keyIterator.next(); +// AuthenticationSession session = sessionStore.get(key); +// Logger.info("Key: " + key + " -> " + session.toString()); +// } +// } +// } + + public static String changeSessionID(AuthenticationSession session) + throws AuthenticationException, BuildException { + + try { + AuthenticatedSessionStore dbsession = searchInDatabase(session.getSessionID()); + + String id = Random.nextRandom(); + session.setSessionID(id); + + dbsession.setSessionid(id); + dbsession.setAuthenticated(session.isAuthenticated()); + + byte[] serialized = SerializationUtils.serialize(session); + + dbsession.setSession(SessionEncrytionUtil.encrypt(serialized)); + + //set Timestamp in this state, because automated timestamp generation is buggy in Hibernate 4.2.1 + dbsession.setUpdated(new Date()); + + MOASessionDBUtils.saveOrUpdate(dbsession); + + return id; + + } catch (MOADatabaseException e) { + throw new AuthenticationException("TODO!", null); + } + } + + public static void addSSOInformation(String moaSessionID, String SSOSessionID, + String OAUrl) throws AuthenticationException { + + AuthenticatedSessionStore dbsession; + Transaction tx = null; + + try { + + Session session = MOASessionDBUtils.getCurrentSession(); + List result; + + synchronized (session) { + + tx = session.beginTransaction(); + Query query = session.getNamedQuery("getSessionWithID"); + query.setString("sessionid", moaSessionID); + result = query.list(); + + + Logger.trace("Found entries: " + result.size()); + + //Assertion requires an unique artifact + if (result.size() != 1) { + Logger.trace("No entries found."); + throw new MOADatabaseException("No session found with this sessionID"); + } + + dbsession = (AuthenticatedSessionStore) result.get(0); + + //set active OA applications + OASessionStore activeOA = new OASessionStore(); + activeOA.setOaurlprefix(OAUrl); + activeOA.setMoasession(dbsession); + activeOA.setCreated(new Date()); + + List<OASessionStore> activeOAs = dbsession.getActiveOAsessions(); + activeOAs.add(activeOA); + dbsession.setActiveOAsessions(activeOAs); + + + //Store used SSOId + if (dbsession.getSSOsessionid() != null) { + OldSSOSessionIDStore oldSSOId = new OldSSOSessionIDStore(); + oldSSOId.setOldsessionid(dbsession.getSSOsessionid()); + oldSSOId.setMoasession(dbsession); + + List<OldSSOSessionIDStore> oldSSOIds = dbsession.getOldssosessionids(); + oldSSOIds.add(oldSSOId); + } + + dbsession.setSSOSession(true); + dbsession.setSSOsessionid(SSOSessionID); + dbsession.setAuthenticated(false); + dbsession.setPendingRequestID(""); + + //Store MOASession + session.saveOrUpdate(dbsession); + + //send transaction + tx.commit(); + } + + } catch (MOADatabaseException e) { + throw new AuthenticationException("No MOASession found with Id="+moaSessionID, null); + + } catch(HibernateException e) { + Logger.warn("Error during database saveOrUpdate. Rollback.", e); + tx.rollback(); + throw new AuthenticationException("SSO Session information can not be stored! --> SSO is deactivated", null); + } + } + + + public static AuthenticationSession getSession(String sessionID) throws MOADatabaseException { + + try { + AuthenticatedSessionStore dbsession = searchInDatabase(sessionID); + + //decrypt Session + byte[] decrypted = SessionEncrytionUtil.decrypt(dbsession.getSession()); + + AuthenticationSession session = (AuthenticationSession) SerializationUtils.deserialize(decrypted); + + return session; + + } catch (MOADatabaseException e) { + Logger.info("No MOA Session with id: " + sessionID); + throw new MOADatabaseException("No MOA Session with id: " + sessionID); + + } catch (Throwable e) { + Log.warn("MOASession deserialization-exception by using MOASessionID=" + sessionID); + throw new MOADatabaseException("MOASession deserialization-exception"); + } + } + + public static boolean isSSOSession(String sessionID) throws MOADatabaseException { + try { + AuthenticatedSessionStore dbsession = searchInDatabase(sessionID); + return dbsession.isSSOSession(); + + } catch (MOADatabaseException e) { + Logger.info("No MOA Session with id: " + sessionID); + throw new MOADatabaseException("No MOA Session with id: " + sessionID); + } + + + } + + public static String getMOASessionID(String SSOSessionID) { + MiscUtil.assertNotNull(SSOSessionID, "moasessionID"); + Logger.trace("Get authenticated session with SSOID " + SSOSessionID + " from database."); + Session session = MOASessionDBUtils.getCurrentSession(); + + List<AuthenticatedSessionStore> result; + + synchronized (session) { + session.beginTransaction(); + Query query = session.getNamedQuery("getSessionWithSSOID"); + query.setString("sessionid", SSOSessionID); + result = query.list(); + + //send transaction + session.getTransaction().commit(); + } + + Logger.trace("Found entries: " + result.size()); + + //Assertion requires an unique artifact + if (result.size() != 1) { + Logger.trace("No entries found."); + return null; + + } else { + return result.get(0).getSessionid(); + + } + + } + + public static boolean isValidSessionWithSSOID(String SSOId, String moaSessionId) { + + MiscUtil.assertNotNull(SSOId, "SSOSessionID"); + Logger.trace("Get authenticated session with SSOID " + SSOId + " from database."); + Session session = MOASessionDBUtils.getCurrentSession(); + + List<AuthenticatedSessionStore> result; + + synchronized (session) { + session.beginTransaction(); + Query query = session.getNamedQuery("getSessionWithSSOID"); + query.setString("sessionid", SSOId); + result = query.list(); + + //send transaction + session.getTransaction().commit(); + } + + Logger.trace("Found entries: " + result.size()); + + //Assertion requires an unique artifact + if (result.size() != 1) { + Logger.trace("No entries found."); + return false; + + } else { + return true; + +// AuthenticatedSessionStore dbsession = result.get(0); +// +// +// if (dbsession.getSessionid().equals(moaSessionId) && dbsession.isAuthenticated()) { +// Log.info("Found SSO Session Cookie for MOA Session =" + moaSessionId); +// return true; +// +// } else { +// Log.warn("Found SSO Session with ID="+ dbsession.getSessionid() +// + " but this Session does not match to MOA Sesson ID=" + moaSessionId); +// } +// +// return false; + } + + } + + public static boolean deleteSessionWithPendingRequestID(String id) { + MiscUtil.assertNotNull(id, "PendingRequestID"); + Logger.trace("Delete MOAsession with PendingRequestID " + id + " from database."); + Session session = MOASessionDBUtils.getCurrentSession(); + + List<AuthenticatedSessionStore> result; + + synchronized (session) { + session.beginTransaction(); + Query query = session.getNamedQuery("getSessionWithPendingRequestID"); + query.setString("sessionid", id); + result = query.list(); + + //send transaction + session.getTransaction().commit(); + } + + Logger.trace("Found entries: " + result.size()); + + //Assertion requires an unique artifact + if (result.size() != 1) { + Logger.trace("No entries found."); + return false; + + } else { + MOASessionDBUtils.delete(result.get(0)); + return true; + } + + + } + + public static String getPendingRequestID(String sessionID) { + try { + AuthenticatedSessionStore dbsession = searchInDatabase(sessionID); + return dbsession.getPendingRequestID(); + + } catch (MOADatabaseException e) { + Logger.warn("MOASession with ID " + sessionID + " not found"); + return ""; + } + + } + + public static void clean(long now, long authDataTimeOutCreated, long authDataTimeOutUpdated) { + Date expioredatecreate = new Date(now - authDataTimeOutCreated); + Date expioredateupdate = new Date(now - authDataTimeOutUpdated); + + List<AuthenticatedSessionStore> results; + Session session = MOASessionDBUtils.getCurrentSession(); + + synchronized (session) { + session.beginTransaction(); + Query query = session.getNamedQuery("getMOAISessionsWithTimeOut"); + query.setTimestamp("timeoutcreate", expioredatecreate); + query.setTimestamp("timeoutupdate", expioredateupdate); + results = query.list(); + session.getTransaction().commit(); + } + + if (results.size() != 0) { + for(AuthenticatedSessionStore result : results) { + try { + MOASessionDBUtils.delete(result); + Logger.info("Authenticated session with sessionID=" + result.getSessionid() + + " after session timeout."); + + } catch (HibernateException e){ + Logger.warn("Authenticated session with sessionID=" + result.getSessionid() + + " not removed after timeout! (Error during Database communication)", e); + } + + } + } + } + + @SuppressWarnings("rawtypes") + private static AuthenticatedSessionStore searchInDatabase(String sessionID) throws MOADatabaseException { + MiscUtil.assertNotNull(sessionID, "moasessionID"); + Logger.trace("Get authenticated session with sessionID " + sessionID + " from database."); + Session session = MOASessionDBUtils.getCurrentSession(); + + List result; + + synchronized (session) { + session.beginTransaction(); + Query query = session.getNamedQuery("getSessionWithID"); + query.setString("sessionid", sessionID); + result = query.list(); + + //send transaction + session.getTransaction().commit(); + } + + Logger.trace("Found entries: " + result.size()); + + //Assertion requires an unique artifact + if (result.size() != 1) { + Logger.trace("No entries found."); + throw new MOADatabaseException("No session found with this sessionID"); + } + + return (AuthenticatedSessionStore) result.get(0); + } +} diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/storage/ExceptionStoreImpl.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/storage/ExceptionStoreImpl.java new file mode 100644 index 000000000..5ea3be837 --- /dev/null +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/storage/ExceptionStoreImpl.java @@ -0,0 +1,36 @@ +package at.gv.egovernment.moa.id.storage; + +import java.util.HashMap; +import java.util.Map; + +import at.gv.egovernment.moa.id.util.Random; + +public class ExceptionStoreImpl implements IExceptionStore { + + // Just a quick implementation + private static IExceptionStore store; + + public static IExceptionStore getStore() { + if(store == null) { + store = new ExceptionStoreImpl(); + } + return store; + } + + private Map<String, Throwable> exceptionStore = new HashMap<String, Throwable>(); + + public String storeException(Throwable e) { + String id = Random.nextRandom(); + exceptionStore.put(id, e); + return id; + } + + public Throwable fetchException(String id) { + return exceptionStore.get(id); + } + + public void removeException(String id) { + exceptionStore.remove(id); + } + +} diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/storage/IExceptionStore.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/storage/IExceptionStore.java new file mode 100644 index 000000000..5c51fff73 --- /dev/null +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/storage/IExceptionStore.java @@ -0,0 +1,7 @@ +package at.gv.egovernment.moa.id.storage; + +public interface IExceptionStore { + public String storeException(Throwable e); + public Throwable fetchException(String id); + public void removeException(String id); +} diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/util/HTTPSessionUtils.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/util/HTTPSessionUtils.java new file mode 100644 index 000000000..1e9cb9024 --- /dev/null +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/util/HTTPSessionUtils.java @@ -0,0 +1,70 @@ +package at.gv.egovernment.moa.id.util; + +import java.util.Enumeration; +import java.util.HashMap; +import java.util.Iterator; +import java.util.Set; + +import javax.servlet.http.HttpSession; + +public class HTTPSessionUtils { + +// public static HashMap<String, Object> extractAllProperties(HttpSession session) { +// @SuppressWarnings("unchecked") +// Enumeration<String> keys = (Enumeration<String>)session.getAttributeNames(); +// HashMap<String, Object> properties = new HashMap<String, Object>(); +// +// while(keys.hasMoreElements()) { +// Object keyObject = keys.nextElement(); +// String key = keyObject.toString(); +// Object value = session.getAttribute(key); +// properties.put(key, value); +// } +// +// return properties; +// } +// +// public static void pushAllProperties(HttpSession session, HashMap<String, Object> properties) { +// Set<String> keys = properties.keySet(); +// Iterator<String> keysIterator = keys.iterator(); +// while(keysIterator.hasNext()) { +// String key = keysIterator.next(); +// session.setAttribute(key, properties.get(key)); +// } +// } +// +// public static boolean getHTTPSessionBoolean(HttpSession session, String name, boolean fallback) { +// Object obj = session.getAttribute(name); +// if(obj == null) { +// return fallback; +// } +// +// if(obj instanceof Boolean) { +// Boolean b = (Boolean)obj; +// if(b != null) { +// return b.booleanValue(); +// } +// } +// return fallback; +// } +// +// public static void setHTTPSessionBoolean(HttpSession session, String name, boolean value) { +// session.setAttribute(name, new Boolean(value)); +// } +// +// public static String getHTTPSessionString(HttpSession session, String name, String fallback) { +// Object obj = session.getAttribute(name); +// if(obj == null) { +// return fallback; +// } +// +// if(obj instanceof String) { +// return (String)obj; +// } +// return fallback; +// } +// +// public static void setHTTPSessionString(HttpSession session, String name, String value) { +// session.setAttribute(name, value); +// } +} diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/util/MandateBuilder.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/util/MandateBuilder.java new file mode 100644 index 000000000..b56a54c90 --- /dev/null +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/util/MandateBuilder.java @@ -0,0 +1,59 @@ +package at.gv.egovernment.moa.id.util; + +import java.util.Iterator; + +import javax.xml.bind.JAXBContext; +import javax.xml.bind.JAXBException; +import javax.xml.bind.Unmarshaller; + +import org.w3c.dom.Element; +import org.w3._2000._09.xmldsig_.*; +import at.gv.e_government.reference.namespace.*; +import at.gv.e_government.reference.namespace.mandates._20040701_.Mandate; +import at.gv.e_government.reference.namespace.persondata._20020228_.AbstractPersonType; +import at.gv.e_government.reference.namespace.persondata._20020228_.IdentificationType; +import at.gv.egovernment.moa.logging.Logger; +import at.gv.egovernment.moa.spss.MOAException; +import at.gv.egovernment.moa.util.Constants; + +@SuppressWarnings("unused") +public class MandateBuilder { + + public static final String MANDATE_DATE_OF_BIRTH_FORMAT = "yyyy-MM-dd"; + + public static Mandate buildMandate(Element mandate) { + + try { + JAXBContext jc = JAXBContext.newInstance("at.gv.e_government.reference.namespace.mandates._20040701_"); + + Unmarshaller u = jc.createUnmarshaller(); + Mandate mand = (Mandate) u.unmarshal(mandate); + return mand; + } catch (JAXBException e) { + Logger.error("Failed to parse Mandate", e); + } + return null; + } + + public static IdentificationType getWBPKIdentification(AbstractPersonType person) { + Iterator<IdentificationType> typesIt = person.getIdentification().iterator(); + while(typesIt.hasNext()) { + IdentificationType id = typesIt.next(); + if(id.getType().startsWith(Constants.URN_PREFIX_WBPK)) { + return id; + } + } + return null; + } + + public static IdentificationType getBPKIdentification(AbstractPersonType person) { + Iterator<IdentificationType> typesIt = person.getIdentification().iterator(); + while(typesIt.hasNext()) { + IdentificationType id = typesIt.next(); + if(id.getType().startsWith(Constants.URN_PREFIX_BPK)) { + return id; + } + } + return null; + } +} diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/util/ParamValidatorUtils.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/util/ParamValidatorUtils.java index bd79f88b7..ea823889f 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/util/ParamValidatorUtils.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/util/ParamValidatorUtils.java @@ -41,13 +41,17 @@ import javax.xml.parsers.ParserConfigurationException; import org.xml.sax.InputSource; import org.xml.sax.SAXException; +import at.gv.egovernment.moa.id.auth.MOAIDAuthConstants; +import at.gv.egovernment.moa.id.auth.WrongParametersException; +import at.gv.egovernment.moa.id.commons.db.dao.config.TemplateType; import at.gv.egovernment.moa.id.config.ConfigurationException; import at.gv.egovernment.moa.id.config.auth.AuthConfigurationProvider; import at.gv.egovernment.moa.logging.Logger; +import at.gv.egovernment.moa.util.MiscUtil; import at.gv.egovernment.moa.util.StringUtils; -public class ParamValidatorUtils {
+public class ParamValidatorUtils implements MOAIDAuthConstants{
/**
* Checks if the given target is valid
@@ -175,7 +179,7 @@ public class ParamValidatorUtils { * @param target HTTP parameter from request
* @return
*/
- public static boolean isValidBKUURI(String bkuURI) {
+ public static boolean isValidBKUURI(String bkuURI, List<String> allowedBKUs) {
Logger.debug("Ueberpruefe Parameter bkuURI"); // if non parameter is given return true
@@ -200,9 +204,7 @@ public class ParamValidatorUtils { }
else {
Logger.debug("Parameter bkuURI ist keine lokale BKU. Ueberpruefe Liste der vertrauenswuerdigen BKUs.");
- AuthConfigurationProvider authConf = AuthConfigurationProvider.getInstance();
- List trustedBKUs = authConf.getTrustedBKUs();
- boolean b = trustedBKUs.contains(bkuURI);
+ boolean b = allowedBKUs.contains(bkuURI);
if (b) {
Logger.debug("Parameter bkuURI erfolgreich ueberprueft");
return true;
@@ -212,10 +214,12 @@ public class ParamValidatorUtils { return false;
}
}
-
-
}
- else {
+ else if (MOAIDAuthConstants.REQ_BKU_TYPES.contains(bkuURI)) { + Logger.debug("Parameter bkuURI from configuration is used."); + return true; + + } else {
Logger.error("Fehler Ueberpruefung Parameter bkuURI. bkuURI beginnt nicht mit http or https");
return false;
}
@@ -224,10 +228,7 @@ public class ParamValidatorUtils { } catch (MalformedURLException e) {
Logger.error("Fehler Ueberpruefung Parameter bkuURI", e);
return false;
- } catch (ConfigurationException e) {
- Logger.error("Fehler Ueberpruefung Parameter bkuURI", e);
- return false;
- }
+ }
}
@@ -237,7 +238,7 @@ public class ParamValidatorUtils { * @param template
* @return
*/
- public static boolean isValidTemplate(HttpServletRequest req, String template) {
+ public static boolean isValidTemplate(HttpServletRequest req, String template, List<TemplateType> oaSlTemplates) {
Logger.debug("Ueberpruefe Parameter Template bzw. bkuSelectionTemplateURL");
@@ -266,7 +267,14 @@ public class ParamValidatorUtils { else { //check against configured trustet template urls AuthConfigurationProvider authConf = AuthConfigurationProvider.getInstance(); - List trustedTemplateURLs = authConf.getTrustedTemplateURLs(); + List<String> trustedTemplateURLs = authConf.getSLRequestTemplates(); + + //get OA specific template URLs + if (oaSlTemplates != null && oaSlTemplates.size() > 0) { + for (TemplateType el : oaSlTemplates) + trustedTemplateURLs.add(el.getURL()); + } + boolean b = trustedTemplateURLs.contains(template); if (b) { Logger.debug("Parameter Template erfolgreich ueberprueft"); @@ -308,18 +316,18 @@ public class ParamValidatorUtils { Logger.debug("Parameter MOASessionId ist null");
return true;
}
-
-
- Pattern pattern = Pattern.compile("[0-9-]*");
+
+ Pattern pattern = Pattern.compile("[0-9-]*");
Matcher matcher = pattern.matcher(sessionID);
boolean b = matcher.matches();
if (b) {
Logger.debug("Parameter MOASessionId erfolgreich ueberprueft");
return true;
}
- else {
- Logger.error("Fehler Ueberpruefung Parameter MOASessionId. MOASessionId entspricht nicht den Kriterien (nur Zeichen 0-9 und -)");
- return false;
+ else { + Logger.error("Fehler Ueberpruefung Parameter MOASessionId. MOASessionId entspricht nicht den Kriterien (nur Zeichen 0-9 und -)");
+ return false; +
}
}
@@ -467,7 +475,39 @@ public class ParamValidatorUtils { return false;
}
- }
+ } + + public static boolean areAllLegacyParametersAvailable(HttpServletRequest req) { + + String oaURL = req.getParameter(PARAM_OA); + String bkuURL = req.getParameter(PARAM_BKU); + String templateURL = req.getParameter(PARAM_TEMPLATE); + String useMandate = req.getParameter(PARAM_USEMANDATE); + String ccc = req.getParameter(PARAM_CCC); + + + // check parameter + try { + if (!ParamValidatorUtils.isValidOA(oaURL)) + throw new WrongParametersException("StartAuthentication", PARAM_OA, "auth.12"); + if (MiscUtil.isEmpty(bkuURL)) + throw new WrongParametersException("StartAuthentication", PARAM_BKU, "auth.12"); + if (MiscUtil.isEmpty(templateURL)) + throw new WrongParametersException("StartAuthentication", PARAM_TEMPLATE, "auth.12"); + if (!ParamValidatorUtils.isValidUseMandate(useMandate)) + throw new WrongParametersException("StartAuthentication", PARAM_USEMANDATE, "auth.12"); + if (!ParamValidatorUtils.isValidCCC(ccc)) + throw new WrongParametersException("StartAuthentication", PARAM_CCC, "auth.12"); + + } catch (WrongParametersException e) { + return false; + } + + if (StringUtils.isEmpty(oaURL) || StringUtils.isEmpty(templateURL) || StringUtils.isEmpty(bkuURL)) + return false; + else + return true; + }
}
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/util/Random.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/util/Random.java index d006dcdfc..f1d0ecd45 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/util/Random.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/util/Random.java @@ -24,9 +24,16 @@ package at.gv.egovernment.moa.id.util; + +import iaik.security.random.SeedGenerator; + +import java.io.IOException; import java.nio.ByteBuffer; import java.security.SecureRandom; +import at.gv.egovernment.moa.logging.Logger; +import at.gv.egovernment.moa.util.Base64Utils; + /** * Random number generator used to generate ID's * @author Paul Ivancsics @@ -35,21 +42,36 @@ import java.security.SecureRandom; public class Random { /** random number generator used */ - private static SecureRandom random = new SecureRandom(); + //private static SecureRandom random = new SecureRandom(); + private static SecureRandom random; + private static SeedGenerator seedgenerator; + + static { + random = iaik.security.random.SHA256FIPS186Random.getDefault(); + seedgenerator = iaik.security.random.AutoSeedGenerator.getDefault(); + + + } /** * Creates a new random number, to be used as an ID. * * @return random long as a String */ public static String nextRandom() { - - byte[] b = new byte[16]; // 16 bytes = 128 bits - random.nextBytes(b); - - ByteBuffer bb = ByteBuffer.wrap(b); - long l = bb.getLong(); + byte[] b = new byte[32]; // 32 bytes = 256 bits + random.nextBytes(b); + + ByteBuffer bb = ByteBuffer.wrap(b); + long l = bb.getLong(); + return "" + l; + + + } + + public static void seedRandom() { - return "" + l; + if (seedgenerator.seedAvailable()) + random.setSeed(seedgenerator.getSeed()); } } diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/util/SSLUtils.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/util/SSLUtils.java index a0add1054..a6619fc11 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/util/SSLUtils.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/util/SSLUtils.java @@ -79,7 +79,7 @@ public class SSLUtils { */ public static void initialize() { sslSocketFactories = new HashMap(); - // JSSE Abhängigkeit + // JSSE Abhängigkeit //Security.addProvider(new com.sun.net.ssl.internal.ssl.Provider()); Security.addProvider(new IAIK()); //System.setProperty("java.protocol.handler.pkgs", "com.sun.net.ssl.internal.www.protocol"); @@ -154,9 +154,7 @@ public class SSLUtils { PKIConfiguration cfg = null; if (! PKIFactory.getInstance().isAlreadyConfigured()) cfg = new PKIConfigurationImpl(conf); - String boolString = conf.getGenericConfigurationParameter(ConfigurationProvider.TRUST_MANAGER_REVOCATION_CHECKING); - //not using BoolUtils because default value hast to be true! - boolean checkRevocation = !("false".equals(boolString) || "0".equals(boolString)); + boolean checkRevocation = conf.isTrustmanagerrevoationchecking(); PKIProfile profile = new PKIProfileImpl(trustStoreURL, checkRevocation); // This call fixes a bug occuring when PKIConfiguration is // initialized by the MOA-SP initialization code, in case diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/util/ServletUtils.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/util/ServletUtils.java index 2ff9e5210..db6d7aa53 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/util/ServletUtils.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/util/ServletUtils.java @@ -31,6 +31,7 @@ import java.io.IOException; import java.io.OutputStream; import java.net.URLEncoder; +import javax.servlet.http.HttpServletRequest; import javax.servlet.http.HttpServletResponse; import at.gv.egovernment.moa.id.MOAIDException; @@ -145,5 +146,17 @@ public class ServletUtils { Logger.debug("Finished POST " + servletName); } -
+ + public static String getBaseUrl( HttpServletRequest request ) { + if ( ( request.getServerPort() == 80 ) || + ( request.getServerPort() == 443 ) ) + return request.getScheme() + "://" + + request.getServerName() + + request.getContextPath(); + else + return request.getScheme() + "://" + + request.getServerName() + ":" + request.getServerPort() + + request.getContextPath(); + } +
}
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/util/SessionEncrytionUtil.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/util/SessionEncrytionUtil.java new file mode 100644 index 000000000..1f8c31bb5 --- /dev/null +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/util/SessionEncrytionUtil.java @@ -0,0 +1,83 @@ +package at.gv.egovernment.moa.id.util; + +import java.security.InvalidKeyException; +import java.security.NoSuchAlgorithmException; +import java.security.spec.InvalidKeySpecException; +import java.security.spec.KeySpec; + +import javax.crypto.Cipher; +import javax.crypto.NoSuchPaddingException; +import javax.crypto.SecretKey; +import javax.crypto.SecretKeyFactory; +import javax.crypto.spec.PBEKeySpec; +import javax.crypto.spec.SecretKeySpec; + +import at.gv.egovernment.moa.id.BuildException; +import at.gv.egovernment.moa.id.config.auth.AuthConfigurationProvider; +import at.gv.egovernment.moa.logging.Logger; + +public class SessionEncrytionUtil { + + static SecretKey secret = null; + + static { + try { + String key = AuthConfigurationProvider.getInstance().getMOASessionEncryptionKey(); + + if (key != null) { + SecretKeyFactory factory; + + factory = SecretKeyFactory.getInstance("PBKDF2WithHmacSHA1"); + KeySpec spec = new PBEKeySpec(key.toCharArray(), "TestSALT".getBytes(), 1024, 128); + SecretKey tmp = factory.generateSecret(spec); + secret = new SecretKeySpec(tmp.getEncoded(), "AES"); + + + } else { + Logger.warn("MOASession encryption is deaktivated."); + } + + } catch (Exception e) { + Logger.warn("MOASession encryption can not be inizialized.", e); + } + + } + + public static byte[] encrypt(byte[] data) throws BuildException { + Cipher cipher; + + if (secret != null) { + try { + cipher = Cipher.getInstance("AES/ECB/"+"ISO10126Padding"); + cipher.init(Cipher.ENCRYPT_MODE, secret); + + Logger.debug("Encrypt MOASession"); + return cipher.doFinal(data); + + } catch (Exception e) { + Logger.warn("MOASession is not encrypted",e); + throw new BuildException("MOASession is not encrypted", new Object[]{}, e); + } + } else + return data; + } + + public static byte[] decrypt(byte[] data) throws BuildException { + Cipher cipher; + + if (secret != null) { + try { + cipher = Cipher.getInstance("AES/ECB/"+"ISO10126Padding"); + cipher.init(Cipher.DECRYPT_MODE, secret); + + Logger.debug("Decrypt MOASession"); + return cipher.doFinal(data); + + } catch (Exception e) { + Logger.warn("MOASession is not decrypted",e); + throw new BuildException("MOASession is not decrypted", new Object[]{}, e); + } + } else + return data; + } +} diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/util/VelocityLogAdapter.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/util/VelocityLogAdapter.java new file mode 100644 index 000000000..caa8f1769 --- /dev/null +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/util/VelocityLogAdapter.java @@ -0,0 +1,77 @@ +package at.gv.egovernment.moa.id.util; + +import org.apache.velocity.app.Velocity; +import org.apache.velocity.runtime.RuntimeServices; +import org.apache.velocity.runtime.log.LogChute; + +import at.gv.egovernment.moa.logging.Logger; + +public class VelocityLogAdapter implements LogChute { + + public VelocityLogAdapter() { + try + { + /* + * register this class as a logger with the Velocity singleton + * (NOTE: this would not work for the non-singleton method.) + */ + Velocity.setProperty(Velocity.RUNTIME_LOG_LOGSYSTEM, this ); + Velocity.init(); + } + catch (Exception e) + { + Logger.error("Failed to register Velocity logger"); + } + } + + public void init(RuntimeServices arg0) throws Exception { + } + + public boolean isLevelEnabled(int arg0) { + switch(arg0) { + case LogChute.DEBUG_ID: + return Logger.isDebugEnabled(); + case LogChute.TRACE_ID: + return Logger.isTraceEnabled(); + default: + return true; + } + } + + public void log(int arg0, String arg1) { + switch(arg0) { + case LogChute.DEBUG_ID: + Logger.debug(arg1); + break; + case LogChute.TRACE_ID: + Logger.trace(arg1); + break; + case LogChute.INFO_ID: + Logger.info(arg1); + break; + case LogChute.WARN_ID: + Logger.warn(arg1); + break; + case LogChute.ERROR_ID: + default: + Logger.error(arg1); + break; + } + } + + public void log(int arg0, String arg1, Throwable arg2) { + switch(arg0) { + case LogChute.DEBUG_ID: + case LogChute.TRACE_ID: + case LogChute.INFO_ID: + case LogChute.WARN_ID: + Logger.warn(arg1, arg2); + break; + case LogChute.ERROR_ID: + default: + Logger.error(arg1, arg2); + break; + } + } + +} diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/util/client/mis/simple/MISMandate.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/util/client/mis/simple/MISMandate.java index 80f2d744c..979744edb 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/util/client/mis/simple/MISMandate.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/util/client/mis/simple/MISMandate.java @@ -23,19 +23,23 @@ package at.gv.egovernment.moa.id.util.client.mis.simple;
+ +import java.io.Serializable; -public class MISMandate {
-
+public class MISMandate implements Serializable{
+ + private static final long serialVersionUID = 1L; + final static private String OID_NOTAR = "1.2.40.0.10.3.1";
- final static private String TEXT_NOTAR = "berufsmäßige(r) Parteienvertreter(in) mit Notariatseigenschaft";
+ final static private String TEXT_NOTAR = "berufsmäßige(r) Parteienvertreter(in) mit Notariatseigenschaft";
final static private String OID_RECHTSANWALT = "1.2.40.0.10.3.2";
- final static private String TEXT_RECHTSANWALT = "berufsmäßige(r) Parteienvertreter(in) mit Rechtsanwaltseigenschaft";
+ final static private String TEXT_RECHTSANWALT = "berufsmäßige(r) Parteienvertreter(in) mit Rechtsanwaltseigenschaft";
final static private String OID_ZIVILTECHNIKER = "1.2.40.0.10.3.3";
- final static private String TEXT_ZIVILTECHNIKER = "berufsmäßige(r) Parteienvertreter(in) mit Ziviltechnikerinneneigenschaft";
+ final static private String TEXT_ZIVILTECHNIKER = "berufsmäßige(r) Parteienvertreter(in) mit Ziviltechnikerinneneigenschaft";
- final static private String OID_ORGANWALTER = "1.2.40.0.10.3.4";
+ final static public String OID_ORGANWALTER = "1.2.40.0.10.3.4";
final static private String TEXT_ORGANWALTER = "Organwalter";
@@ -73,7 +77,7 @@ public class MISMandate { if (this.oid.equalsIgnoreCase(OID_ORGANWALTER))
return TEXT_ORGANWALTER;
- return "Keine textuelle Beschreibung für OID " + oid;
+ return "Keine textuelle Beschreibung für OID " + oid;
}
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/util/client/mis/simple/MISSimpleClient.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/util/client/mis/simple/MISSimpleClient.java index ad4e45a2b..8970abc10 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/util/client/mis/simple/MISSimpleClient.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/util/client/mis/simple/MISSimpleClient.java @@ -109,16 +109,7 @@ public class MISSimpleClient { ArrayList foundMandates = new ArrayList();
for (int i=0; i<mandateElements.getLength(); i++) {
Element mandate = (Element) mandateElements.item(i); - -// try { -// String s = DOMUtils.serializeNode(mandate); -// System.out.println("\n\n Mandate: \n" + s); -// } catch (IOException e) { -// // TODO Auto-generated catch block -// e.printStackTrace(); -// } - -
+
MISMandate misMandate = new MISMandate();
if (mandate.hasAttribute("ProfessionalRepresentative")) { // System.out.println("OID: " + mandate.getAttribute("ProfessionalRepresentative"));
@@ -143,7 +134,7 @@ public class MISSimpleClient { }
}
- public static MISSessionId sendSessionIdRequest(String webServiceURL, byte[] idl, byte[] cert, String oaFriendlyName, String redirectURL, String referenceValue, String mandateIdentifier[], SSLSocketFactory sSLSocketFactory) throws MISSimpleClientException {
+ public static MISSessionId sendSessionIdRequest(String webServiceURL, byte[] idl, byte[] cert, String oaFriendlyName, String redirectURL, String referenceValue, String mandateIdentifier[], String targetType, SSLSocketFactory sSLSocketFactory) throws MISSimpleClientException {
if (webServiceURL == null) {
throw new NullPointerException("Argument webServiceURL must not be null.");
}
@@ -201,7 +192,17 @@ public class MISSimpleClient { }
filtersElement.appendChild(mandateIdentifiersElement);
mirElement.appendChild(filtersElement);
- }
+ } + + //add Target element + Element targetElement = doc.createElementNS(MIS_NS, "Target"); + Element targetTypeElement = doc.createElementNS(MIS_NS, "Type"); + targetTypeElement.appendChild(doc.createTextNode(targetType)); + targetElement.appendChild(targetTypeElement); + mirElement.appendChild(targetElement); + + +
// send soap request
Element mandateIssueResponseElement = sendSOAPRequest(webServiceURL, mirElement);
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/util/legacy/LegacyHelper.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/util/legacy/LegacyHelper.java new file mode 100644 index 000000000..03521cf2f --- /dev/null +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/util/legacy/LegacyHelper.java @@ -0,0 +1,33 @@ +package at.gv.egovernment.moa.id.util.legacy; + +import javax.servlet.http.HttpServletRequest; + +import org.apache.commons.lang.StringEscapeUtils; + +import at.gv.egovernment.moa.id.auth.MOAIDAuthConstants; +import at.gv.egovernment.moa.id.auth.WrongParametersException; +import at.gv.egovernment.moa.id.util.ParamValidatorUtils; + +public class LegacyHelper implements MOAIDAuthConstants{ + + public static boolean isUseMandateRequested(HttpServletRequest req) throws WrongParametersException { + + String useMandate = req.getParameter(PARAM_USEMANDATE); + useMandate = StringEscapeUtils.escapeHtml(useMandate); + if (!ParamValidatorUtils.isValidUseMandate(useMandate)) + throw new WrongParametersException("StartAuthentication", PARAM_USEMANDATE, "auth.12"); + + //check UseMandate flag + String useMandateString = null; + if ((useMandate != null) && (useMandate.compareTo("") != 0)) { + useMandateString = useMandate; + } else { + useMandateString = "false"; + } + + if (useMandateString.compareToIgnoreCase("true") == 0) + return true; + else + return false; + } +} |