aboutsummaryrefslogtreecommitdiff
path: root/id/server/idserverlib/src/main/java/at
diff options
context:
space:
mode:
Diffstat (limited to 'id/server/idserverlib/src/main/java/at')
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/e_government/reference/namespace/mandates/_20040701_/Issued.java134
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/e_government/reference/namespace/mandates/_20040701_/Mandate.java346
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/e_government/reference/namespace/mandates/_20040701_/Mandator.java101
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/e_government/reference/namespace/mandates/_20040701_/ObjectFactory.java286
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/e_government/reference/namespace/mandates/_20040701_/ParameterDefinition.java78
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/e_government/reference/namespace/mandates/_20040701_/ParameterisedDescriptionType.java99
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/e_government/reference/namespace/mandates/_20040701_/ParameterisedTextType.java81
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/e_government/reference/namespace/mandates/_20040701_/PasteParameter.java72
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/e_government/reference/namespace/mandates/_20040701_/PropertiesType.java109
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/e_government/reference/namespace/mandates/_20040701_/Representative.java101
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/e_government/reference/namespace/mandates/_20040701_/SetParameter.java103
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/e_government/reference/namespace/mandates/_20040701_/SimpleMandateContentType.java605
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/e_government/reference/namespace/mandates/_20040701_/package-info.java9
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/e_government/reference/namespace/persondata/_20020228_/AbstractAddressType.java144
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/e_government/reference/namespace/persondata/_20020228_/AbstractPersonType.java144
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/e_government/reference/namespace/persondata/_20020228_/CorporateBodyType.java245
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/e_government/reference/namespace/persondata/_20020228_/DefinedAlternativeNameTypeType.java67
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/e_government/reference/namespace/persondata/_20020228_/DefinedRelationType.java79
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/e_government/reference/namespace/persondata/_20020228_/IdentificationType.java318
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/e_government/reference/namespace/persondata/_20020228_/InternetAddressType.java143
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/e_government/reference/namespace/persondata/_20020228_/MaritalStatusType.java64
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/e_government/reference/namespace/persondata/_20020228_/MobileTelcomNumberType.java67
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/e_government/reference/namespace/persondata/_20020228_/ObjectFactory.java420
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/e_government/reference/namespace/persondata/_20020228_/PersonDataType.java247
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/e_government/reference/namespace/persondata/_20020228_/PersonNameType.java620
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/e_government/reference/namespace/persondata/_20020228_/PhysicalPersonType.java550
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/e_government/reference/namespace/persondata/_20020228_/PostalAddressType.java611
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/e_government/reference/namespace/persondata/_20020228_/SexType.java61
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/e_government/reference/namespace/persondata/_20020228_/TelcomNumberListType.java181
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/e_government/reference/namespace/persondata/_20020228_/TelcomNumberType.java209
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/e_government/reference/namespace/persondata/_20020228_/TelephoneAddressType.java147
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/e_government/reference/namespace/persondata/_20020228_/TypedPostalAddressType.java142
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/e_government/reference/namespace/persondata/_20020228_/package-info.java9
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/AuthenticationServer.java2087
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/MOAIDAuthConstants.java26
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/MOAIDAuthInitializer.java47
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/AuthenticationBlockAssertionBuilder.java163
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/AuthenticationDataAssertionBuilder.java9
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/BPKBuilder.java17
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/CreateXMLSignatureRequestBuilder.java32
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/CreateXMLSignatureRequestBuilderForeign.java14
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/DataURLBuilder.java38
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/GetIdentityLinkFormBuilder.java14
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/InfoboxValidatorParamsBuilder.java90
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/LoginConfirmationBuilder.java79
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/LoginFormBuilder.java107
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/RedirectFormBuilder.java43
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/SAMLArtifactBuilder.java2
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/SendAssertionFormBuilder.java98
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/StartAuthenticationBuilder.java56
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/VerifyXMLSignatureRequestBuilder.java30
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/data/AuthenticationSession.java1801
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/data/ExtendedSAMLAttributeImpl.java9
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/data/IdentityLink.java6
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/data/VerifyXMLSignatureResponse.java21
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/parser/IdentityLinkAssertionParser.java2
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/parser/StartAuthentificationParameterParser.java268
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/AuthServlet.java559
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/GenerateIFrameTemplateServlet.java147
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/GetForeignIDServlet.java44
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/GetMISSessionIDServlet.java330
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/LogOutServlet.java144
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/PEPSConnectorServlet.java36
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/ProcessValidatorInputServlet.java228
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/RedirectServlet.java54
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/SSOSendAssertionServlet.java149
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/SelectBKUServlet.java178
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/StartAuthenticationServlet.java224
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/VerifyAuthenticationBlockServlet.java63
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/VerifyCertificateServlet.java47
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/VerifyIdentityLinkServlet.java61
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/validator/CreateXMLSignatureResponseValidator.java247
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/validator/VerifyXMLSignatureResponseValidator.java5
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/validator/parep/ParepInputProcessorImpl.java486
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/validator/parep/ParepUtils.java2
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/validator/parep/ParepValidator.java1104
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/validator/parep/config/ParepConfiguration.java762
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/ConfigurationProvider.java23
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/ConfigurationUtils.java36
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/ConnectionParameter.java175
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/ConnectionParameterForeign.java41
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/ConnectionParameterMOASP.java42
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/ConnectionParameterMandate.java41
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/OAParameter.java133
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/TargetsAndSectorNames.java84
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/auth/AuthConfigurationProvider.java884
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/auth/OAAuthParameter.java632
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/legacy/BuildFromLegacyConfig.java591
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/legacy/CPEPS.java98
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/legacy/ConfigurationBuilder.java (renamed from id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/ConfigurationBuilder.java)85
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/legacy/ConnectionParameter.java130
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/legacy/OAAuthParameter.java501
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/legacy/OAParameter.java164
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/legacy/STORKConfig.java90
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/legacy/SignatureCreationParameter.java112
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/legacy/SignatureVerificationParameter.java35
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/legacy/VerifyInfoboxParameter.java411
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/legacy/VerifyInfoboxParameters.java159
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/proxy/OAProxyParameter.java4
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/proxy/ProxyConfigurationBuilder.java8
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/proxy/ProxyConfigurationProvider.java2
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/stork/STORKConfig.java128
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/stork/SignatureCreationParameter.java65
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/stork/SignatureVerificationParameter.java12
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/data/AuthenticationData.java78
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/entrypoints/DispatcherServlet.java495
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/iaik/config/CertStoreConfigurationImpl.java9
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/moduls/AuthenticationManager.java347
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/moduls/IAction.java16
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/moduls/IModulInfo.java28
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/moduls/IRequest.java17
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/moduls/ModulStorage.java52
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/moduls/ModulUtils.java24
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/moduls/NoPassivAuthenticationException.java16
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/moduls/RequestImpl.java83
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/moduls/RequestStorage.java68
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/moduls/SSOManager.java184
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/moduls/ServletInfo.java31
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/moduls/ServletType.java5
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/AuthenticationAction.java31
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/ExternalPVPSessionStore.java28
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/MetadataAction.java209
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/PVP2XProtocol.java302
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/PVPAssertionStorage.java60
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/PVPConstants.java236
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/PVPProcessor.java12
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/PVPTargetConfiguration.java36
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/binding/ArtifactBinding.java98
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/binding/IDecoder.java21
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/binding/IEncoder.java30
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/binding/MOARequest.java40
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/binding/MOAResponse.java38
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/binding/MOAURICompare.java12
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/binding/PostBinding.java139
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/binding/RedirectBinding.java148
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/binding/SoapBinding.java87
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/CitizenTokenBuilder.java158
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/PVPAttributeBuilder.java98
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/assertion/PVP2AssertionBuilder.java325
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/attributes/BPKAttributeBuilder.java37
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/attributes/BaseAttributeBuilder.java62
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/attributes/BirthdateAttributeBuilder.java45
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/attributes/EIDCitizenQAALevelAttributeBuilder.java27
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/attributes/EIDIssuingNationAttributeBuilder.java60
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/attributes/EIDSectorForIDAttributeBuilder.java27
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/attributes/GivenNameAttributeBuilder.java24
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/attributes/IAttributeBuilder.java15
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/attributes/MandateFullMandateAttributeBuilder.java49
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/attributes/MandateLegalPersonFullNameAttributeBuilder.java51
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/attributes/MandateLegalPersonSourcePinAttributeBuilder.java64
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/attributes/MandateLegalPersonSourcePinTypeAttributeBuilder.java67
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/attributes/MandateNaturalPersonBPKAttributeBuilder.java90
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/attributes/MandateNaturalPersonBirthDateAttributeBuilder.java74
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/attributes/MandateNaturalPersonFamilyNameAttributeBuilder.java61
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/attributes/MandateNaturalPersonGivenNameAttributeBuilder.java60
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/attributes/MandateNaturalPersonSourcePinAttributeBuilder.java65
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/attributes/MandateNaturalPersonSourcePinTypeAttributeBuilder.java65
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/attributes/MandateProfRepDescAttributeBuilder.java48
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/attributes/MandateProfRepOIDAttributeBuilder.java49
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/attributes/MandateReferenceValueAttributeBuilder.java43
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/attributes/MandateTypeAttributeBuilder.java41
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/attributes/PVPVersionAttributeBuilder.java24
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/attributes/PrincipalNameAttributeBuilder.java24
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/config/PVPConfiguration.java339
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/exceptions/BindingNotSupportedException.java19
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/exceptions/InvalidAssertionConsumerServiceException.java17
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/exceptions/InvalidDateFormatException.java17
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/exceptions/MandateAttributesNotHandleAbleException.java17
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/exceptions/NameIDFormatNotSupportedException.java14
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/exceptions/NoAuthContextException.java17
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/exceptions/NoCredentialsException.java21
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/exceptions/NoMandateDataAvailableException.java14
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/exceptions/NoMetadataInformationException.java17
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/exceptions/PVP2EncodingException.java18
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/exceptions/PVP2Exception.java39
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/exceptions/QAANotSupportedException.java18
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/exceptions/RequestDeniedException.java17
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/exceptions/ResponderErrorException.java22
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/exceptions/SAMLRequestNotSignedException.java22
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/exceptions/SAMLRequestNotSupported.java18
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/exceptions/UnprovideableAttributeException.java15
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/metadata/MOAMetadataProvider.java144
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/requestHandler/ArtifactResolution.java56
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/requestHandler/AuthnRequestHandler.java120
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/requestHandler/IRequestHandler.java15
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/requestHandler/RequestManager.java48
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/signer/CredentialProvider.java96
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/signer/CredentialsNotAvailableException.java17
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/signer/SAMLSigner.java5
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/utils/AttributeExtractor.java66
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/utils/CheckMandateAttributes.java47
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/utils/Digester.java26
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/utils/PrettyPrinter.java301
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/utils/SAML2Utils.java82
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/utils/StoredAssertion.java48
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/validation/ChainSAMLValidator.java28
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/validation/ISAMLValidator.java9
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/validation/SAMLSignatureValidator.java42
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/verification/ChainSAMLVerifier.java28
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/verification/EntityVerifier.java160
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/verification/ISAMLVerifier.java9
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/verification/MetadataSignatureFilter.java78
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/verification/SAMLVerificationEngine.java67
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/verification/SAMLVerifierMOASP.java108
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/verification/TrustEngineFactory.java71
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/saml1/GetArtifactAction.java186
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/saml1/GetArtifactServlet.java135
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/saml1/GetAuthenticationDataService.java (renamed from id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/GetAuthenticationDataService.java)67
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/saml1/SAML1AuthenticationServer.java522
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/saml1/SAML1Protocol.java175
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/proxy/DefaultConnectionBuilder.java12
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/proxy/DefaultLoginParameterResolver.java6
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/proxy/ElakConnectionBuilder.java13
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/proxy/EnhancedConnectionBuilder.java13
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/proxy/MOAIDProxyInitializer.java14
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/proxy/XMLLoginParameterResolverEncryptedData.java4
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/proxy/XMLLoginParameterResolverPlainData.java4
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/proxy/invoke/GetAuthenticationDataInvoker.java2
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/proxy/parser/AuthenticationDataAssertionParser.java13
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/proxy/servlet/ProxyServlet.java10
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/storage/AssertionStorage.java156
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/storage/AuthenticationSessionStoreage.java496
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/storage/ExceptionStoreImpl.java36
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/storage/IExceptionStore.java7
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/util/HTTPSessionUtils.java70
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/util/MandateBuilder.java59
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/util/ParamValidatorUtils.java82
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/util/Random.java38
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/util/SSLUtils.java6
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/util/ServletUtils.java15
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/util/SessionEncrytionUtil.java83
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/util/VelocityLogAdapter.java77
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/util/client/mis/simple/MISMandate.java18
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/util/client/mis/simple/MISSimpleClient.java25
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/util/legacy/LegacyHelper.java33
235 files changed, 25381 insertions, 5268 deletions
diff --git a/id/server/idserverlib/src/main/java/at/gv/e_government/reference/namespace/mandates/_20040701_/Issued.java b/id/server/idserverlib/src/main/java/at/gv/e_government/reference/namespace/mandates/_20040701_/Issued.java
new file mode 100644
index 000000000..7219ada8f
--- /dev/null
+++ b/id/server/idserverlib/src/main/java/at/gv/e_government/reference/namespace/mandates/_20040701_/Issued.java
@@ -0,0 +1,134 @@
+//
+// This file was generated by the JavaTM Architecture for XML Binding(JAXB) Reference Implementation, vJAXB 2.1.10 in JDK 6
+// See <a href="http://java.sun.com/xml/jaxb">http://java.sun.com/xml/jaxb</a>
+// Any modifications to this file will be lost upon recompilation of the source schema.
+// Generated on: 2013.06.19 at 11:53:10 AM CEST
+//
+
+
+package at.gv.e_government.reference.namespace.mandates._20040701_;
+
+import javax.xml.bind.annotation.XmlAccessType;
+import javax.xml.bind.annotation.XmlAccessorType;
+import javax.xml.bind.annotation.XmlElement;
+import javax.xml.bind.annotation.XmlRootElement;
+import javax.xml.bind.annotation.XmlSchemaType;
+import javax.xml.bind.annotation.XmlType;
+import javax.xml.bind.annotation.adapters.CollapsedStringAdapter;
+import javax.xml.bind.annotation.adapters.XmlJavaTypeAdapter;
+import javax.xml.datatype.XMLGregorianCalendar;
+
+
+/**
+ * <p>Java class for anonymous complex type.
+ *
+ * <p>The following schema fragment specifies the expected content contained within this class.
+ *
+ * <pre>
+ * &lt;complexType>
+ * &lt;complexContent>
+ * &lt;restriction base="{http://www.w3.org/2001/XMLSchema}anyType">
+ * &lt;sequence>
+ * &lt;element name="Place" type="{http://www.w3.org/2001/XMLSchema}token"/>
+ * &lt;element name="Date" type="{http://reference.e-government.gv.at/namespace/mandates/20040701#}DateType"/>
+ * &lt;element name="Time" type="{http://www.w3.org/2001/XMLSchema}time" minOccurs="0"/>
+ * &lt;/sequence>
+ * &lt;/restriction>
+ * &lt;/complexContent>
+ * &lt;/complexType>
+ * </pre>
+ *
+ *
+ */
+@XmlAccessorType(XmlAccessType.FIELD)
+@XmlType(name = "", propOrder = {
+ "place",
+ "date",
+ "time"
+})
+@XmlRootElement(name = "Issued")
+public class Issued {
+
+ @XmlElement(name = "Place", required = true)
+ @XmlJavaTypeAdapter(CollapsedStringAdapter.class)
+ @XmlSchemaType(name = "token")
+ protected String place;
+ @XmlElement(name = "Date", required = true)
+ protected String date;
+ @XmlElement(name = "Time")
+ @XmlSchemaType(name = "time")
+ protected XMLGregorianCalendar time;
+
+ /**
+ * Gets the value of the place property.
+ *
+ * @return
+ * possible object is
+ * {@link String }
+ *
+ */
+ public String getPlace() {
+ return place;
+ }
+
+ /**
+ * Sets the value of the place property.
+ *
+ * @param value
+ * allowed object is
+ * {@link String }
+ *
+ */
+ public void setPlace(String value) {
+ this.place = value;
+ }
+
+ /**
+ * Gets the value of the date property.
+ *
+ * @return
+ * possible object is
+ * {@link String }
+ *
+ */
+ public String getDate() {
+ return date;
+ }
+
+ /**
+ * Sets the value of the date property.
+ *
+ * @param value
+ * allowed object is
+ * {@link String }
+ *
+ */
+ public void setDate(String value) {
+ this.date = value;
+ }
+
+ /**
+ * Gets the value of the time property.
+ *
+ * @return
+ * possible object is
+ * {@link XMLGregorianCalendar }
+ *
+ */
+ public XMLGregorianCalendar getTime() {
+ return time;
+ }
+
+ /**
+ * Sets the value of the time property.
+ *
+ * @param value
+ * allowed object is
+ * {@link XMLGregorianCalendar }
+ *
+ */
+ public void setTime(XMLGregorianCalendar value) {
+ this.time = value;
+ }
+
+}
diff --git a/id/server/idserverlib/src/main/java/at/gv/e_government/reference/namespace/mandates/_20040701_/Mandate.java b/id/server/idserverlib/src/main/java/at/gv/e_government/reference/namespace/mandates/_20040701_/Mandate.java
new file mode 100644
index 000000000..11e0b274e
--- /dev/null
+++ b/id/server/idserverlib/src/main/java/at/gv/e_government/reference/namespace/mandates/_20040701_/Mandate.java
@@ -0,0 +1,346 @@
+//
+// This file was generated by the JavaTM Architecture for XML Binding(JAXB) Reference Implementation, vJAXB 2.1.10 in JDK 6
+// See <a href="http://java.sun.com/xml/jaxb">http://java.sun.com/xml/jaxb</a>
+// Any modifications to this file will be lost upon recompilation of the source schema.
+// Generated on: 2013.06.19 at 11:53:10 AM CEST
+//
+
+
+package at.gv.e_government.reference.namespace.mandates._20040701_;
+
+import java.util.ArrayList;
+import java.util.List;
+import javax.xml.bind.annotation.XmlAccessType;
+import javax.xml.bind.annotation.XmlAccessorType;
+import javax.xml.bind.annotation.XmlAttribute;
+import javax.xml.bind.annotation.XmlElement;
+import javax.xml.bind.annotation.XmlRootElement;
+import javax.xml.bind.annotation.XmlSchemaType;
+import javax.xml.bind.annotation.XmlType;
+import javax.xml.bind.annotation.adapters.CollapsedStringAdapter;
+import javax.xml.bind.annotation.adapters.XmlJavaTypeAdapter;
+import at.gv.e_government.reference.namespace.persondata._20020228_.PhysicalPersonType;
+import org.w3._2000._09.xmldsig_.SignatureType;
+
+
+/**
+ * <p>Java class for anonymous complex type.
+ *
+ * <p>The following schema fragment specifies the expected content contained within this class.
+ *
+ * <pre>
+ * &lt;complexType>
+ * &lt;complexContent>
+ * &lt;restriction base="{http://www.w3.org/2001/XMLSchema}anyType">
+ * &lt;sequence>
+ * &lt;element ref="{http://reference.e-government.gv.at/namespace/mandates/20040701#}Annotation" minOccurs="0"/>
+ * &lt;element ref="{http://reference.e-government.gv.at/namespace/mandates/20040701#}StatusInformationService" minOccurs="0"/>
+ * &lt;element ref="{http://reference.e-government.gv.at/namespace/mandates/20040701#}Representative"/>
+ * &lt;element ref="{http://reference.e-government.gv.at/namespace/mandates/20040701#}Mandator"/>
+ * &lt;element ref="{http://reference.e-government.gv.at/namespace/mandates/20040701#}Intermediary" maxOccurs="unbounded" minOccurs="0"/>
+ * &lt;element ref="{http://reference.e-government.gv.at/namespace/mandates/20040701#}Issued"/>
+ * &lt;element ref="{http://reference.e-government.gv.at/namespace/mandates/20040701#}Properties" minOccurs="0"/>
+ * &lt;choice maxOccurs="unbounded">
+ * &lt;element ref="{http://reference.e-government.gv.at/namespace/mandates/20040701#}SimpleMandateContent"/>
+ * &lt;/choice>
+ * &lt;element ref="{http://www.w3.org/2000/09/xmldsig#}Signature"/>
+ * &lt;/sequence>
+ * &lt;attribute name="MandateID" use="required" type="{http://www.w3.org/2001/XMLSchema}token" />
+ * &lt;/restriction>
+ * &lt;/complexContent>
+ * &lt;/complexType>
+ * </pre>
+ *
+ *
+ */
+@XmlAccessorType(XmlAccessType.FIELD)
+@XmlType(name = "", propOrder = {
+ "annotation",
+ "statusInformationService",
+ "representative",
+ "mandator",
+ "intermediary",
+ "issued",
+ "properties",
+ "simpleMandateContent",
+ "signature"
+})
+@XmlRootElement(name = "Mandate")
+public class Mandate {
+
+ @XmlElement(name = "Annotation")
+ @XmlJavaTypeAdapter(CollapsedStringAdapter.class)
+ protected String annotation;
+ @XmlElement(name = "StatusInformationService")
+ @XmlSchemaType(name = "anyURI")
+ protected String statusInformationService;
+ @XmlElement(name = "Representative", required = true)
+ protected Representative representative;
+ @XmlElement(name = "Mandator", required = true)
+ protected Mandator mandator;
+ @XmlElement(name = "Intermediary")
+ protected List<PhysicalPersonType> intermediary;
+ @XmlElement(name = "Issued", required = true)
+ protected Issued issued;
+ @XmlElement(name = "Properties")
+ protected PropertiesType properties;
+ @XmlElement(name = "SimpleMandateContent")
+ protected List<SimpleMandateContentType> simpleMandateContent;
+ @XmlElement(name = "Signature", namespace = "http://www.w3.org/2000/09/xmldsig#", required = true)
+ protected SignatureType signature;
+ @XmlAttribute(name = "MandateID", required = true)
+ @XmlJavaTypeAdapter(CollapsedStringAdapter.class)
+ @XmlSchemaType(name = "token")
+ protected String mandateID;
+
+ /**
+ * Gets the value of the annotation property.
+ *
+ * @return
+ * possible object is
+ * {@link String }
+ *
+ */
+ public String getAnnotation() {
+ return annotation;
+ }
+
+ /**
+ * Sets the value of the annotation property.
+ *
+ * @param value
+ * allowed object is
+ * {@link String }
+ *
+ */
+ public void setAnnotation(String value) {
+ this.annotation = value;
+ }
+
+ /**
+ * Gets the value of the statusInformationService property.
+ *
+ * @return
+ * possible object is
+ * {@link String }
+ *
+ */
+ public String getStatusInformationService() {
+ return statusInformationService;
+ }
+
+ /**
+ * Sets the value of the statusInformationService property.
+ *
+ * @param value
+ * allowed object is
+ * {@link String }
+ *
+ */
+ public void setStatusInformationService(String value) {
+ this.statusInformationService = value;
+ }
+
+ /**
+ * Gets the value of the representative property.
+ *
+ * @return
+ * possible object is
+ * {@link Representative }
+ *
+ */
+ public Representative getRepresentative() {
+ return representative;
+ }
+
+ /**
+ * Sets the value of the representative property.
+ *
+ * @param value
+ * allowed object is
+ * {@link Representative }
+ *
+ */
+ public void setRepresentative(Representative value) {
+ this.representative = value;
+ }
+
+ /**
+ * Gets the value of the mandator property.
+ *
+ * @return
+ * possible object is
+ * {@link Mandator }
+ *
+ */
+ public Mandator getMandator() {
+ return mandator;
+ }
+
+ /**
+ * Sets the value of the mandator property.
+ *
+ * @param value
+ * allowed object is
+ * {@link Mandator }
+ *
+ */
+ public void setMandator(Mandator value) {
+ this.mandator = value;
+ }
+
+ /**
+ * Gets the value of the intermediary property.
+ *
+ * <p>
+ * This accessor method returns a reference to the live list,
+ * not a snapshot. Therefore any modification you make to the
+ * returned list will be present inside the JAXB object.
+ * This is why there is not a <CODE>set</CODE> method for the intermediary property.
+ *
+ * <p>
+ * For example, to add a new item, do as follows:
+ * <pre>
+ * getIntermediary().add(newItem);
+ * </pre>
+ *
+ *
+ * <p>
+ * Objects of the following type(s) are allowed in the list
+ * {@link PhysicalPersonType }
+ *
+ *
+ */
+ public List<PhysicalPersonType> getIntermediary() {
+ if (intermediary == null) {
+ intermediary = new ArrayList<PhysicalPersonType>();
+ }
+ return this.intermediary;
+ }
+
+ /**
+ * Gets the value of the issued property.
+ *
+ * @return
+ * possible object is
+ * {@link Issued }
+ *
+ */
+ public Issued getIssued() {
+ return issued;
+ }
+
+ /**
+ * Sets the value of the issued property.
+ *
+ * @param value
+ * allowed object is
+ * {@link Issued }
+ *
+ */
+ public void setIssued(Issued value) {
+ this.issued = value;
+ }
+
+ /**
+ * Gets the value of the properties property.
+ *
+ * @return
+ * possible object is
+ * {@link PropertiesType }
+ *
+ */
+ public PropertiesType getProperties() {
+ return properties;
+ }
+
+ /**
+ * Sets the value of the properties property.
+ *
+ * @param value
+ * allowed object is
+ * {@link PropertiesType }
+ *
+ */
+ public void setProperties(PropertiesType value) {
+ this.properties = value;
+ }
+
+ /**
+ * Gets the value of the simpleMandateContent property.
+ *
+ * <p>
+ * This accessor method returns a reference to the live list,
+ * not a snapshot. Therefore any modification you make to the
+ * returned list will be present inside the JAXB object.
+ * This is why there is not a <CODE>set</CODE> method for the simpleMandateContent property.
+ *
+ * <p>
+ * For example, to add a new item, do as follows:
+ * <pre>
+ * getSimpleMandateContent().add(newItem);
+ * </pre>
+ *
+ *
+ * <p>
+ * Objects of the following type(s) are allowed in the list
+ * {@link SimpleMandateContentType }
+ *
+ *
+ */
+ public List<SimpleMandateContentType> getSimpleMandateContent() {
+ if (simpleMandateContent == null) {
+ simpleMandateContent = new ArrayList<SimpleMandateContentType>();
+ }
+ return this.simpleMandateContent;
+ }
+
+ /**
+ * Gets the value of the signature property.
+ *
+ * @return
+ * possible object is
+ * {@link SignatureType }
+ *
+ */
+ public SignatureType getSignature() {
+ return signature;
+ }
+
+ /**
+ * Sets the value of the signature property.
+ *
+ * @param value
+ * allowed object is
+ * {@link SignatureType }
+ *
+ */
+ public void setSignature(SignatureType value) {
+ this.signature = value;
+ }
+
+ /**
+ * Gets the value of the mandateID property.
+ *
+ * @return
+ * possible object is
+ * {@link String }
+ *
+ */
+ public String getMandateID() {
+ return mandateID;
+ }
+
+ /**
+ * Sets the value of the mandateID property.
+ *
+ * @param value
+ * allowed object is
+ * {@link String }
+ *
+ */
+ public void setMandateID(String value) {
+ this.mandateID = value;
+ }
+
+}
diff --git a/id/server/idserverlib/src/main/java/at/gv/e_government/reference/namespace/mandates/_20040701_/Mandator.java b/id/server/idserverlib/src/main/java/at/gv/e_government/reference/namespace/mandates/_20040701_/Mandator.java
new file mode 100644
index 000000000..0fb50c06a
--- /dev/null
+++ b/id/server/idserverlib/src/main/java/at/gv/e_government/reference/namespace/mandates/_20040701_/Mandator.java
@@ -0,0 +1,101 @@
+//
+// This file was generated by the JavaTM Architecture for XML Binding(JAXB) Reference Implementation, vJAXB 2.1.10 in JDK 6
+// See <a href="http://java.sun.com/xml/jaxb">http://java.sun.com/xml/jaxb</a>
+// Any modifications to this file will be lost upon recompilation of the source schema.
+// Generated on: 2013.06.19 at 11:53:10 AM CEST
+//
+
+
+package at.gv.e_government.reference.namespace.mandates._20040701_;
+
+import javax.xml.bind.annotation.XmlAccessType;
+import javax.xml.bind.annotation.XmlAccessorType;
+import javax.xml.bind.annotation.XmlElement;
+import javax.xml.bind.annotation.XmlRootElement;
+import javax.xml.bind.annotation.XmlType;
+import at.gv.e_government.reference.namespace.persondata._20020228_.CorporateBodyType;
+import at.gv.e_government.reference.namespace.persondata._20020228_.PhysicalPersonType;
+
+
+/**
+ * <p>Java class for anonymous complex type.
+ *
+ * <p>The following schema fragment specifies the expected content contained within this class.
+ *
+ * <pre>
+ * &lt;complexType>
+ * &lt;complexContent>
+ * &lt;restriction base="{http://www.w3.org/2001/XMLSchema}anyType">
+ * &lt;choice>
+ * &lt;element ref="{http://reference.e-government.gv.at/namespace/persondata/20020228#}PhysicalPerson"/>
+ * &lt;element ref="{http://reference.e-government.gv.at/namespace/persondata/20020228#}CorporateBody"/>
+ * &lt;/choice>
+ * &lt;/restriction>
+ * &lt;/complexContent>
+ * &lt;/complexType>
+ * </pre>
+ *
+ *
+ */
+@XmlAccessorType(XmlAccessType.FIELD)
+@XmlType(name = "", propOrder = {
+ "physicalPerson",
+ "corporateBody"
+})
+@XmlRootElement(name = "Mandator")
+public class Mandator {
+
+ @XmlElement(name = "PhysicalPerson", namespace = "http://reference.e-government.gv.at/namespace/persondata/20020228#")
+ protected PhysicalPersonType physicalPerson;
+ @XmlElement(name = "CorporateBody", namespace = "http://reference.e-government.gv.at/namespace/persondata/20020228#")
+ protected CorporateBodyType corporateBody;
+
+ /**
+ * Gets the value of the physicalPerson property.
+ *
+ * @return
+ * possible object is
+ * {@link PhysicalPersonType }
+ *
+ */
+ public PhysicalPersonType getPhysicalPerson() {
+ return physicalPerson;
+ }
+
+ /**
+ * Sets the value of the physicalPerson property.
+ *
+ * @param value
+ * allowed object is
+ * {@link PhysicalPersonType }
+ *
+ */
+ public void setPhysicalPerson(PhysicalPersonType value) {
+ this.physicalPerson = value;
+ }
+
+ /**
+ * Gets the value of the corporateBody property.
+ *
+ * @return
+ * possible object is
+ * {@link CorporateBodyType }
+ *
+ */
+ public CorporateBodyType getCorporateBody() {
+ return corporateBody;
+ }
+
+ /**
+ * Sets the value of the corporateBody property.
+ *
+ * @param value
+ * allowed object is
+ * {@link CorporateBodyType }
+ *
+ */
+ public void setCorporateBody(CorporateBodyType value) {
+ this.corporateBody = value;
+ }
+
+}
diff --git a/id/server/idserverlib/src/main/java/at/gv/e_government/reference/namespace/mandates/_20040701_/ObjectFactory.java b/id/server/idserverlib/src/main/java/at/gv/e_government/reference/namespace/mandates/_20040701_/ObjectFactory.java
new file mode 100644
index 000000000..19e9eba0b
--- /dev/null
+++ b/id/server/idserverlib/src/main/java/at/gv/e_government/reference/namespace/mandates/_20040701_/ObjectFactory.java
@@ -0,0 +1,286 @@
+//
+// This file was generated by the JavaTM Architecture for XML Binding(JAXB) Reference Implementation, vJAXB 2.1.10 in JDK 6
+// See <a href="http://java.sun.com/xml/jaxb">http://java.sun.com/xml/jaxb</a>
+// Any modifications to this file will be lost upon recompilation of the source schema.
+// Generated on: 2013.06.19 at 11:53:10 AM CEST
+//
+
+
+package at.gv.e_government.reference.namespace.mandates._20040701_;
+
+import javax.xml.bind.JAXBElement;
+import javax.xml.bind.annotation.XmlElementDecl;
+import javax.xml.bind.annotation.XmlRegistry;
+import javax.xml.bind.annotation.adapters.CollapsedStringAdapter;
+import javax.xml.bind.annotation.adapters.XmlJavaTypeAdapter;
+import javax.xml.namespace.QName;
+import at.gv.e_government.reference.namespace.persondata._20020228_.PhysicalPersonType;
+
+
+/**
+ * This object contains factory methods for each
+ * Java content interface and Java element interface
+ * generated in the at.gv.e_government.reference.namespace.mandates._20040701_ package.
+ * <p>An ObjectFactory allows you to programatically
+ * construct new instances of the Java representation
+ * for XML content. The Java representation of XML
+ * content can consist of schema derived interfaces
+ * and classes representing the binding of schema
+ * type definitions, element declarations and model
+ * groups. Factory methods for each of these are
+ * provided in this class.
+ *
+ */
+@XmlRegistry
+public class ObjectFactory {
+
+ private final static QName _Intermediary_QNAME = new QName("http://reference.e-government.gv.at/namespace/mandates/20040701#", "Intermediary");
+ private final static QName _ParameterisedDescription_QNAME = new QName("http://reference.e-government.gv.at/namespace/mandates/20040701#", "ParameterisedDescription");
+ private final static QName _ParameterisedText_QNAME = new QName("http://reference.e-government.gv.at/namespace/mandates/20040701#", "ParameterisedText");
+ private final static QName _TextualDescription_QNAME = new QName("http://reference.e-government.gv.at/namespace/mandates/20040701#", "TextualDescription");
+ private final static QName _Annotation_QNAME = new QName("http://reference.e-government.gv.at/namespace/mandates/20040701#", "Annotation");
+ private final static QName _AnyConstraints_QNAME = new QName("http://reference.e-government.gv.at/namespace/mandates/20040701#", "AnyConstraints");
+ private final static QName _ValidFrom_QNAME = new QName("http://reference.e-government.gv.at/namespace/mandates/20040701#", "ValidFrom");
+ private final static QName _SimpleMandateContent_QNAME = new QName("http://reference.e-government.gv.at/namespace/mandates/20040701#", "SimpleMandateContent");
+ private final static QName _StatusInformationService_QNAME = new QName("http://reference.e-government.gv.at/namespace/mandates/20040701#", "StatusInformationService");
+ private final static QName _Properties_QNAME = new QName("http://reference.e-government.gv.at/namespace/mandates/20040701#", "Properties");
+ private final static QName _ValidTo_QNAME = new QName("http://reference.e-government.gv.at/namespace/mandates/20040701#", "ValidTo");
+
+ /**
+ * Create a new ObjectFactory that can be used to create new instances of schema derived classes for package: at.gv.e_government.reference.namespace.mandates._20040701_
+ *
+ */
+ public ObjectFactory() {
+ }
+
+ /**
+ * Create an instance of {@link SimpleMandateContentType }
+ *
+ */
+ public SimpleMandateContentType createSimpleMandateContentType() {
+ return new SimpleMandateContentType();
+ }
+
+ /**
+ * Create an instance of {@link Issued }
+ *
+ */
+ public Issued createIssued() {
+ return new Issued();
+ }
+
+ /**
+ * Create an instance of {@link ParameterisedTextType }
+ *
+ */
+ public ParameterisedTextType createParameterisedTextType() {
+ return new ParameterisedTextType();
+ }
+
+ /**
+ * Create an instance of {@link SimpleMandateContentType.CollectiveConstraint }
+ *
+ */
+ public SimpleMandateContentType.CollectiveConstraint createSimpleMandateContentTypeCollectiveConstraint() {
+ return new SimpleMandateContentType.CollectiveConstraint();
+ }
+
+ /**
+ * Create an instance of {@link SetParameter }
+ *
+ */
+ public SetParameter createSetParameter() {
+ return new SetParameter();
+ }
+
+ /**
+ * Create an instance of {@link PasteParameter }
+ *
+ */
+ public PasteParameter createPasteParameter() {
+ return new PasteParameter();
+ }
+
+ /**
+ * Create an instance of {@link SimpleMandateContentType.TimeConstraint }
+ *
+ */
+ public SimpleMandateContentType.TimeConstraint createSimpleMandateContentTypeTimeConstraint() {
+ return new SimpleMandateContentType.TimeConstraint();
+ }
+
+ /**
+ * Create an instance of {@link Representative }
+ *
+ */
+ public Representative createRepresentative() {
+ return new Representative();
+ }
+
+ /**
+ * Create an instance of {@link ParameterDefinition }
+ *
+ */
+ public ParameterDefinition createParameterDefinition() {
+ return new ParameterDefinition();
+ }
+
+ /**
+ * Create an instance of {@link SimpleMandateContentType.References.MandateID }
+ *
+ */
+ public SimpleMandateContentType.References.MandateID createSimpleMandateContentTypeReferencesMandateID() {
+ return new SimpleMandateContentType.References.MandateID();
+ }
+
+ /**
+ * Create an instance of {@link Mandate }
+ *
+ */
+ public Mandate createMandate() {
+ return new Mandate();
+ }
+
+ /**
+ * Create an instance of {@link PropertiesType }
+ *
+ */
+ public PropertiesType createPropertiesType() {
+ return new PropertiesType();
+ }
+
+ /**
+ * Create an instance of {@link SimpleMandateContentType.TransactionLimit }
+ *
+ */
+ public SimpleMandateContentType.TransactionLimit createSimpleMandateContentTypeTransactionLimit() {
+ return new SimpleMandateContentType.TransactionLimit();
+ }
+
+ /**
+ * Create an instance of {@link ParameterisedDescriptionType }
+ *
+ */
+ public ParameterisedDescriptionType createParameterisedDescriptionType() {
+ return new ParameterisedDescriptionType();
+ }
+
+ /**
+ * Create an instance of {@link Mandator }
+ *
+ */
+ public Mandator createMandator() {
+ return new Mandator();
+ }
+
+ /**
+ * Create an instance of {@link SimpleMandateContentType.References }
+ *
+ */
+ public SimpleMandateContentType.References createSimpleMandateContentTypeReferences() {
+ return new SimpleMandateContentType.References();
+ }
+
+ /**
+ * Create an instance of {@link JAXBElement }{@code <}{@link PhysicalPersonType }{@code >}}
+ *
+ */
+ @XmlElementDecl(namespace = "http://reference.e-government.gv.at/namespace/mandates/20040701#", name = "Intermediary")
+ public JAXBElement<PhysicalPersonType> createIntermediary(PhysicalPersonType value) {
+ return new JAXBElement<PhysicalPersonType>(_Intermediary_QNAME, PhysicalPersonType.class, null, value);
+ }
+
+ /**
+ * Create an instance of {@link JAXBElement }{@code <}{@link ParameterisedDescriptionType }{@code >}}
+ *
+ */
+ @XmlElementDecl(namespace = "http://reference.e-government.gv.at/namespace/mandates/20040701#", name = "ParameterisedDescription")
+ public JAXBElement<ParameterisedDescriptionType> createParameterisedDescription(ParameterisedDescriptionType value) {
+ return new JAXBElement<ParameterisedDescriptionType>(_ParameterisedDescription_QNAME, ParameterisedDescriptionType.class, null, value);
+ }
+
+ /**
+ * Create an instance of {@link JAXBElement }{@code <}{@link ParameterisedTextType }{@code >}}
+ *
+ */
+ @XmlElementDecl(namespace = "http://reference.e-government.gv.at/namespace/mandates/20040701#", name = "ParameterisedText")
+ public JAXBElement<ParameterisedTextType> createParameterisedText(ParameterisedTextType value) {
+ return new JAXBElement<ParameterisedTextType>(_ParameterisedText_QNAME, ParameterisedTextType.class, null, value);
+ }
+
+ /**
+ * Create an instance of {@link JAXBElement }{@code <}{@link String }{@code >}}
+ *
+ */
+ @XmlElementDecl(namespace = "http://reference.e-government.gv.at/namespace/mandates/20040701#", name = "TextualDescription")
+ @XmlJavaTypeAdapter(CollapsedStringAdapter.class)
+ public JAXBElement<String> createTextualDescription(String value) {
+ return new JAXBElement<String>(_TextualDescription_QNAME, String.class, null, value);
+ }
+
+ /**
+ * Create an instance of {@link JAXBElement }{@code <}{@link String }{@code >}}
+ *
+ */
+ @XmlElementDecl(namespace = "http://reference.e-government.gv.at/namespace/mandates/20040701#", name = "Annotation")
+ @XmlJavaTypeAdapter(CollapsedStringAdapter.class)
+ public JAXBElement<String> createAnnotation(String value) {
+ return new JAXBElement<String>(_Annotation_QNAME, String.class, null, value);
+ }
+
+ /**
+ * Create an instance of {@link JAXBElement }{@code <}{@link String }{@code >}}
+ *
+ */
+ @XmlElementDecl(namespace = "http://reference.e-government.gv.at/namespace/mandates/20040701#", name = "AnyConstraints")
+ @XmlJavaTypeAdapter(CollapsedStringAdapter.class)
+ public JAXBElement<String> createAnyConstraints(String value) {
+ return new JAXBElement<String>(_AnyConstraints_QNAME, String.class, null, value);
+ }
+
+ /**
+ * Create an instance of {@link JAXBElement }{@code <}{@link String }{@code >}}
+ *
+ */
+ @XmlElementDecl(namespace = "http://reference.e-government.gv.at/namespace/mandates/20040701#", name = "ValidFrom")
+ public JAXBElement<String> createValidFrom(String value) {
+ return new JAXBElement<String>(_ValidFrom_QNAME, String.class, null, value);
+ }
+
+ /**
+ * Create an instance of {@link JAXBElement }{@code <}{@link SimpleMandateContentType }{@code >}}
+ *
+ */
+ @XmlElementDecl(namespace = "http://reference.e-government.gv.at/namespace/mandates/20040701#", name = "SimpleMandateContent")
+ public JAXBElement<SimpleMandateContentType> createSimpleMandateContent(SimpleMandateContentType value) {
+ return new JAXBElement<SimpleMandateContentType>(_SimpleMandateContent_QNAME, SimpleMandateContentType.class, null, value);
+ }
+
+ /**
+ * Create an instance of {@link JAXBElement }{@code <}{@link String }{@code >}}
+ *
+ */
+ @XmlElementDecl(namespace = "http://reference.e-government.gv.at/namespace/mandates/20040701#", name = "StatusInformationService")
+ public JAXBElement<String> createStatusInformationService(String value) {
+ return new JAXBElement<String>(_StatusInformationService_QNAME, String.class, null, value);
+ }
+
+ /**
+ * Create an instance of {@link JAXBElement }{@code <}{@link PropertiesType }{@code >}}
+ *
+ */
+ @XmlElementDecl(namespace = "http://reference.e-government.gv.at/namespace/mandates/20040701#", name = "Properties")
+ public JAXBElement<PropertiesType> createProperties(PropertiesType value) {
+ return new JAXBElement<PropertiesType>(_Properties_QNAME, PropertiesType.class, null, value);
+ }
+
+ /**
+ * Create an instance of {@link JAXBElement }{@code <}{@link String }{@code >}}
+ *
+ */
+ @XmlElementDecl(namespace = "http://reference.e-government.gv.at/namespace/mandates/20040701#", name = "ValidTo")
+ public JAXBElement<String> createValidTo(String value) {
+ return new JAXBElement<String>(_ValidTo_QNAME, String.class, null, value);
+ }
+
+}
diff --git a/id/server/idserverlib/src/main/java/at/gv/e_government/reference/namespace/mandates/_20040701_/ParameterDefinition.java b/id/server/idserverlib/src/main/java/at/gv/e_government/reference/namespace/mandates/_20040701_/ParameterDefinition.java
new file mode 100644
index 000000000..703d48005
--- /dev/null
+++ b/id/server/idserverlib/src/main/java/at/gv/e_government/reference/namespace/mandates/_20040701_/ParameterDefinition.java
@@ -0,0 +1,78 @@
+//
+// This file was generated by the JavaTM Architecture for XML Binding(JAXB) Reference Implementation, vJAXB 2.1.10 in JDK 6
+// See <a href="http://java.sun.com/xml/jaxb">http://java.sun.com/xml/jaxb</a>
+// Any modifications to this file will be lost upon recompilation of the source schema.
+// Generated on: 2013.06.19 at 11:53:10 AM CEST
+//
+
+
+package at.gv.e_government.reference.namespace.mandates._20040701_;
+
+import java.util.ArrayList;
+import java.util.List;
+import javax.xml.bind.annotation.XmlAccessType;
+import javax.xml.bind.annotation.XmlAccessorType;
+import javax.xml.bind.annotation.XmlElement;
+import javax.xml.bind.annotation.XmlRootElement;
+import javax.xml.bind.annotation.XmlType;
+
+
+/**
+ * <p>Java class for anonymous complex type.
+ *
+ * <p>The following schema fragment specifies the expected content contained within this class.
+ *
+ * <pre>
+ * &lt;complexType>
+ * &lt;complexContent>
+ * &lt;restriction base="{http://www.w3.org/2001/XMLSchema}anyType">
+ * &lt;sequence maxOccurs="unbounded" minOccurs="0">
+ * &lt;element ref="{http://reference.e-government.gv.at/namespace/mandates/20040701#}SetParameter"/>
+ * &lt;/sequence>
+ * &lt;/restriction>
+ * &lt;/complexContent>
+ * &lt;/complexType>
+ * </pre>
+ *
+ *
+ */
+@XmlAccessorType(XmlAccessType.FIELD)
+@XmlType(name = "", propOrder = {
+ "setParameter"
+})
+@XmlRootElement(name = "ParameterDefinition")
+public class ParameterDefinition {
+
+ @XmlElement(name = "SetParameter")
+ protected List<SetParameter> setParameter;
+
+ /**
+ * Gets the value of the setParameter property.
+ *
+ * <p>
+ * This accessor method returns a reference to the live list,
+ * not a snapshot. Therefore any modification you make to the
+ * returned list will be present inside the JAXB object.
+ * This is why there is not a <CODE>set</CODE> method for the setParameter property.
+ *
+ * <p>
+ * For example, to add a new item, do as follows:
+ * <pre>
+ * getSetParameter().add(newItem);
+ * </pre>
+ *
+ *
+ * <p>
+ * Objects of the following type(s) are allowed in the list
+ * {@link SetParameter }
+ *
+ *
+ */
+ public List<SetParameter> getSetParameter() {
+ if (setParameter == null) {
+ setParameter = new ArrayList<SetParameter>();
+ }
+ return this.setParameter;
+ }
+
+}
diff --git a/id/server/idserverlib/src/main/java/at/gv/e_government/reference/namespace/mandates/_20040701_/ParameterisedDescriptionType.java b/id/server/idserverlib/src/main/java/at/gv/e_government/reference/namespace/mandates/_20040701_/ParameterisedDescriptionType.java
new file mode 100644
index 000000000..e064e5379
--- /dev/null
+++ b/id/server/idserverlib/src/main/java/at/gv/e_government/reference/namespace/mandates/_20040701_/ParameterisedDescriptionType.java
@@ -0,0 +1,99 @@
+//
+// This file was generated by the JavaTM Architecture for XML Binding(JAXB) Reference Implementation, vJAXB 2.1.10 in JDK 6
+// See <a href="http://java.sun.com/xml/jaxb">http://java.sun.com/xml/jaxb</a>
+// Any modifications to this file will be lost upon recompilation of the source schema.
+// Generated on: 2013.06.19 at 11:53:10 AM CEST
+//
+
+
+package at.gv.e_government.reference.namespace.mandates._20040701_;
+
+import javax.xml.bind.annotation.XmlAccessType;
+import javax.xml.bind.annotation.XmlAccessorType;
+import javax.xml.bind.annotation.XmlElement;
+import javax.xml.bind.annotation.XmlType;
+
+
+/**
+ * complex type for a parameterised description
+ *
+ * <p>Java class for ParameterisedDescriptionType complex type.
+ *
+ * <p>The following schema fragment specifies the expected content contained within this class.
+ *
+ * <pre>
+ * &lt;complexType name="ParameterisedDescriptionType">
+ * &lt;complexContent>
+ * &lt;restriction base="{http://www.w3.org/2001/XMLSchema}anyType">
+ * &lt;sequence>
+ * &lt;element ref="{http://reference.e-government.gv.at/namespace/mandates/20040701#}ParameterisedText"/>
+ * &lt;element ref="{http://reference.e-government.gv.at/namespace/mandates/20040701#}ParameterDefinition"/>
+ * &lt;/sequence>
+ * &lt;/restriction>
+ * &lt;/complexContent>
+ * &lt;/complexType>
+ * </pre>
+ *
+ *
+ */
+@XmlAccessorType(XmlAccessType.FIELD)
+@XmlType(name = "ParameterisedDescriptionType", propOrder = {
+ "parameterisedText",
+ "parameterDefinition"
+})
+public class ParameterisedDescriptionType {
+
+ @XmlElement(name = "ParameterisedText", required = true)
+ protected ParameterisedTextType parameterisedText;
+ @XmlElement(name = "ParameterDefinition", required = true)
+ protected ParameterDefinition parameterDefinition;
+
+ /**
+ * Gets the value of the parameterisedText property.
+ *
+ * @return
+ * possible object is
+ * {@link ParameterisedTextType }
+ *
+ */
+ public ParameterisedTextType getParameterisedText() {
+ return parameterisedText;
+ }
+
+ /**
+ * Sets the value of the parameterisedText property.
+ *
+ * @param value
+ * allowed object is
+ * {@link ParameterisedTextType }
+ *
+ */
+ public void setParameterisedText(ParameterisedTextType value) {
+ this.parameterisedText = value;
+ }
+
+ /**
+ * Gets the value of the parameterDefinition property.
+ *
+ * @return
+ * possible object is
+ * {@link ParameterDefinition }
+ *
+ */
+ public ParameterDefinition getParameterDefinition() {
+ return parameterDefinition;
+ }
+
+ /**
+ * Sets the value of the parameterDefinition property.
+ *
+ * @param value
+ * allowed object is
+ * {@link ParameterDefinition }
+ *
+ */
+ public void setParameterDefinition(ParameterDefinition value) {
+ this.parameterDefinition = value;
+ }
+
+}
diff --git a/id/server/idserverlib/src/main/java/at/gv/e_government/reference/namespace/mandates/_20040701_/ParameterisedTextType.java b/id/server/idserverlib/src/main/java/at/gv/e_government/reference/namespace/mandates/_20040701_/ParameterisedTextType.java
new file mode 100644
index 000000000..7d086cf67
--- /dev/null
+++ b/id/server/idserverlib/src/main/java/at/gv/e_government/reference/namespace/mandates/_20040701_/ParameterisedTextType.java
@@ -0,0 +1,81 @@
+//
+// This file was generated by the JavaTM Architecture for XML Binding(JAXB) Reference Implementation, vJAXB 2.1.10 in JDK 6
+// See <a href="http://java.sun.com/xml/jaxb">http://java.sun.com/xml/jaxb</a>
+// Any modifications to this file will be lost upon recompilation of the source schema.
+// Generated on: 2013.06.19 at 11:53:10 AM CEST
+//
+
+
+package at.gv.e_government.reference.namespace.mandates._20040701_;
+
+import java.util.ArrayList;
+import java.util.List;
+import javax.xml.bind.annotation.XmlAccessType;
+import javax.xml.bind.annotation.XmlAccessorType;
+import javax.xml.bind.annotation.XmlElementRef;
+import javax.xml.bind.annotation.XmlMixed;
+import javax.xml.bind.annotation.XmlType;
+
+
+/**
+ * complex type for describing a parameterised text
+ *
+ * <p>Java class for ParameterisedTextType complex type.
+ *
+ * <p>The following schema fragment specifies the expected content contained within this class.
+ *
+ * <pre>
+ * &lt;complexType name="ParameterisedTextType">
+ * &lt;complexContent>
+ * &lt;restriction base="{http://www.w3.org/2001/XMLSchema}anyType">
+ * &lt;sequence maxOccurs="unbounded" minOccurs="0">
+ * &lt;element ref="{http://reference.e-government.gv.at/namespace/mandates/20040701#}PasteParameter"/>
+ * &lt;/sequence>
+ * &lt;/restriction>
+ * &lt;/complexContent>
+ * &lt;/complexType>
+ * </pre>
+ *
+ *
+ */
+@XmlAccessorType(XmlAccessType.FIELD)
+@XmlType(name = "ParameterisedTextType", propOrder = {
+ "content"
+})
+public class ParameterisedTextType {
+
+ @XmlElementRef(name = "PasteParameter", namespace = "http://reference.e-government.gv.at/namespace/mandates/20040701#", type = PasteParameter.class)
+ @XmlMixed
+ protected List<Object> content;
+
+ /**
+ * complex type for describing a parameterised text Gets the value of the content property.
+ *
+ * <p>
+ * This accessor method returns a reference to the live list,
+ * not a snapshot. Therefore any modification you make to the
+ * returned list will be present inside the JAXB object.
+ * This is why there is not a <CODE>set</CODE> method for the content property.
+ *
+ * <p>
+ * For example, to add a new item, do as follows:
+ * <pre>
+ * getContent().add(newItem);
+ * </pre>
+ *
+ *
+ * <p>
+ * Objects of the following type(s) are allowed in the list
+ * {@link String }
+ * {@link PasteParameter }
+ *
+ *
+ */
+ public List<Object> getContent() {
+ if (content == null) {
+ content = new ArrayList<Object>();
+ }
+ return this.content;
+ }
+
+}
diff --git a/id/server/idserverlib/src/main/java/at/gv/e_government/reference/namespace/mandates/_20040701_/PasteParameter.java b/id/server/idserverlib/src/main/java/at/gv/e_government/reference/namespace/mandates/_20040701_/PasteParameter.java
new file mode 100644
index 000000000..d8a64b374
--- /dev/null
+++ b/id/server/idserverlib/src/main/java/at/gv/e_government/reference/namespace/mandates/_20040701_/PasteParameter.java
@@ -0,0 +1,72 @@
+//
+// This file was generated by the JavaTM Architecture for XML Binding(JAXB) Reference Implementation, vJAXB 2.1.10 in JDK 6
+// See <a href="http://java.sun.com/xml/jaxb">http://java.sun.com/xml/jaxb</a>
+// Any modifications to this file will be lost upon recompilation of the source schema.
+// Generated on: 2013.06.19 at 11:53:10 AM CEST
+//
+
+
+package at.gv.e_government.reference.namespace.mandates._20040701_;
+
+import javax.xml.bind.annotation.XmlAccessType;
+import javax.xml.bind.annotation.XmlAccessorType;
+import javax.xml.bind.annotation.XmlAttribute;
+import javax.xml.bind.annotation.XmlRootElement;
+import javax.xml.bind.annotation.XmlSchemaType;
+import javax.xml.bind.annotation.XmlType;
+import javax.xml.bind.annotation.adapters.CollapsedStringAdapter;
+import javax.xml.bind.annotation.adapters.XmlJavaTypeAdapter;
+
+
+/**
+ * <p>Java class for anonymous complex type.
+ *
+ * <p>The following schema fragment specifies the expected content contained within this class.
+ *
+ * <pre>
+ * &lt;complexType>
+ * &lt;complexContent>
+ * &lt;restriction base="{http://www.w3.org/2001/XMLSchema}anyType">
+ * &lt;attribute name="Name" type="{http://www.w3.org/2001/XMLSchema}token" />
+ * &lt;/restriction>
+ * &lt;/complexContent>
+ * &lt;/complexType>
+ * </pre>
+ *
+ *
+ */
+@XmlAccessorType(XmlAccessType.FIELD)
+@XmlType(name = "")
+@XmlRootElement(name = "PasteParameter")
+public class PasteParameter {
+
+ @XmlAttribute(name = "Name")
+ @XmlJavaTypeAdapter(CollapsedStringAdapter.class)
+ @XmlSchemaType(name = "token")
+ protected String name;
+
+ /**
+ * Gets the value of the name property.
+ *
+ * @return
+ * possible object is
+ * {@link String }
+ *
+ */
+ public String getName() {
+ return name;
+ }
+
+ /**
+ * Sets the value of the name property.
+ *
+ * @param value
+ * allowed object is
+ * {@link String }
+ *
+ */
+ public void setName(String value) {
+ this.name = value;
+ }
+
+}
diff --git a/id/server/idserverlib/src/main/java/at/gv/e_government/reference/namespace/mandates/_20040701_/PropertiesType.java b/id/server/idserverlib/src/main/java/at/gv/e_government/reference/namespace/mandates/_20040701_/PropertiesType.java
new file mode 100644
index 000000000..f3ffa5100
--- /dev/null
+++ b/id/server/idserverlib/src/main/java/at/gv/e_government/reference/namespace/mandates/_20040701_/PropertiesType.java
@@ -0,0 +1,109 @@
+//
+// This file was generated by the JavaTM Architecture for XML Binding(JAXB) Reference Implementation, vJAXB 2.1.10 in JDK 6
+// See <a href="http://java.sun.com/xml/jaxb">http://java.sun.com/xml/jaxb</a>
+// Any modifications to this file will be lost upon recompilation of the source schema.
+// Generated on: 2013.06.19 at 11:53:10 AM CEST
+//
+
+
+package at.gv.e_government.reference.namespace.mandates._20040701_;
+
+import java.util.ArrayList;
+import java.util.List;
+import javax.xml.bind.annotation.XmlAccessType;
+import javax.xml.bind.annotation.XmlAccessorType;
+import javax.xml.bind.annotation.XmlAnyElement;
+import javax.xml.bind.annotation.XmlElement;
+import javax.xml.bind.annotation.XmlType;
+import org.w3c.dom.Element;
+
+
+/**
+ * complex type for describing arbitrary properties of mandates
+ *
+ * <p>Java class for PropertiesType complex type.
+ *
+ * <p>The following schema fragment specifies the expected content contained within this class.
+ *
+ * <pre>
+ * &lt;complexType name="PropertiesType">
+ * &lt;complexContent>
+ * &lt;restriction base="{http://www.w3.org/2001/XMLSchema}anyType">
+ * &lt;sequence>
+ * &lt;element name="SubstitutionAllowed" type="{http://www.w3.org/2001/XMLSchema}boolean" minOccurs="0"/>
+ * &lt;any processContents='lax' namespace='##other' maxOccurs="unbounded" minOccurs="0"/>
+ * &lt;/sequence>
+ * &lt;/restriction>
+ * &lt;/complexContent>
+ * &lt;/complexType>
+ * </pre>
+ *
+ *
+ */
+@XmlAccessorType(XmlAccessType.FIELD)
+@XmlType(name = "PropertiesType", propOrder = {
+ "substitutionAllowed",
+ "any"
+})
+public class PropertiesType {
+
+ @XmlElement(name = "SubstitutionAllowed", defaultValue = "false")
+ protected Boolean substitutionAllowed;
+ @XmlAnyElement(lax = true)
+ protected List<Object> any;
+
+ /**
+ * Gets the value of the substitutionAllowed property.
+ *
+ * @return
+ * possible object is
+ * {@link Boolean }
+ *
+ */
+ public Boolean isSubstitutionAllowed() {
+ return substitutionAllowed;
+ }
+
+ /**
+ * Sets the value of the substitutionAllowed property.
+ *
+ * @param value
+ * allowed object is
+ * {@link Boolean }
+ *
+ */
+ public void setSubstitutionAllowed(Boolean value) {
+ this.substitutionAllowed = value;
+ }
+
+ /**
+ * Gets the value of the any property.
+ *
+ * <p>
+ * This accessor method returns a reference to the live list,
+ * not a snapshot. Therefore any modification you make to the
+ * returned list will be present inside the JAXB object.
+ * This is why there is not a <CODE>set</CODE> method for the any property.
+ *
+ * <p>
+ * For example, to add a new item, do as follows:
+ * <pre>
+ * getAny().add(newItem);
+ * </pre>
+ *
+ *
+ * <p>
+ * Objects of the following type(s) are allowed in the list
+ * {@link Element }
+ * {@link Object }
+ *
+ *
+ */
+ public List<Object> getAny() {
+ if (any == null) {
+ any = new ArrayList<Object>();
+ }
+ return this.any;
+ }
+
+}
diff --git a/id/server/idserverlib/src/main/java/at/gv/e_government/reference/namespace/mandates/_20040701_/Representative.java b/id/server/idserverlib/src/main/java/at/gv/e_government/reference/namespace/mandates/_20040701_/Representative.java
new file mode 100644
index 000000000..ba18566a0
--- /dev/null
+++ b/id/server/idserverlib/src/main/java/at/gv/e_government/reference/namespace/mandates/_20040701_/Representative.java
@@ -0,0 +1,101 @@
+//
+// This file was generated by the JavaTM Architecture for XML Binding(JAXB) Reference Implementation, vJAXB 2.1.10 in JDK 6
+// See <a href="http://java.sun.com/xml/jaxb">http://java.sun.com/xml/jaxb</a>
+// Any modifications to this file will be lost upon recompilation of the source schema.
+// Generated on: 2013.06.19 at 11:53:10 AM CEST
+//
+
+
+package at.gv.e_government.reference.namespace.mandates._20040701_;
+
+import javax.xml.bind.annotation.XmlAccessType;
+import javax.xml.bind.annotation.XmlAccessorType;
+import javax.xml.bind.annotation.XmlElement;
+import javax.xml.bind.annotation.XmlRootElement;
+import javax.xml.bind.annotation.XmlType;
+import at.gv.e_government.reference.namespace.persondata._20020228_.CorporateBodyType;
+import at.gv.e_government.reference.namespace.persondata._20020228_.PhysicalPersonType;
+
+
+/**
+ * <p>Java class for anonymous complex type.
+ *
+ * <p>The following schema fragment specifies the expected content contained within this class.
+ *
+ * <pre>
+ * &lt;complexType>
+ * &lt;complexContent>
+ * &lt;restriction base="{http://www.w3.org/2001/XMLSchema}anyType">
+ * &lt;choice>
+ * &lt;element ref="{http://reference.e-government.gv.at/namespace/persondata/20020228#}PhysicalPerson"/>
+ * &lt;element ref="{http://reference.e-government.gv.at/namespace/persondata/20020228#}CorporateBody"/>
+ * &lt;/choice>
+ * &lt;/restriction>
+ * &lt;/complexContent>
+ * &lt;/complexType>
+ * </pre>
+ *
+ *
+ */
+@XmlAccessorType(XmlAccessType.FIELD)
+@XmlType(name = "", propOrder = {
+ "physicalPerson",
+ "corporateBody"
+})
+@XmlRootElement(name = "Representative")
+public class Representative {
+
+ @XmlElement(name = "PhysicalPerson", namespace = "http://reference.e-government.gv.at/namespace/persondata/20020228#")
+ protected PhysicalPersonType physicalPerson;
+ @XmlElement(name = "CorporateBody", namespace = "http://reference.e-government.gv.at/namespace/persondata/20020228#")
+ protected CorporateBodyType corporateBody;
+
+ /**
+ * Gets the value of the physicalPerson property.
+ *
+ * @return
+ * possible object is
+ * {@link PhysicalPersonType }
+ *
+ */
+ public PhysicalPersonType getPhysicalPerson() {
+ return physicalPerson;
+ }
+
+ /**
+ * Sets the value of the physicalPerson property.
+ *
+ * @param value
+ * allowed object is
+ * {@link PhysicalPersonType }
+ *
+ */
+ public void setPhysicalPerson(PhysicalPersonType value) {
+ this.physicalPerson = value;
+ }
+
+ /**
+ * Gets the value of the corporateBody property.
+ *
+ * @return
+ * possible object is
+ * {@link CorporateBodyType }
+ *
+ */
+ public CorporateBodyType getCorporateBody() {
+ return corporateBody;
+ }
+
+ /**
+ * Sets the value of the corporateBody property.
+ *
+ * @param value
+ * allowed object is
+ * {@link CorporateBodyType }
+ *
+ */
+ public void setCorporateBody(CorporateBodyType value) {
+ this.corporateBody = value;
+ }
+
+}
diff --git a/id/server/idserverlib/src/main/java/at/gv/e_government/reference/namespace/mandates/_20040701_/SetParameter.java b/id/server/idserverlib/src/main/java/at/gv/e_government/reference/namespace/mandates/_20040701_/SetParameter.java
new file mode 100644
index 000000000..5c85ebe25
--- /dev/null
+++ b/id/server/idserverlib/src/main/java/at/gv/e_government/reference/namespace/mandates/_20040701_/SetParameter.java
@@ -0,0 +1,103 @@
+//
+// This file was generated by the JavaTM Architecture for XML Binding(JAXB) Reference Implementation, vJAXB 2.1.10 in JDK 6
+// See <a href="http://java.sun.com/xml/jaxb">http://java.sun.com/xml/jaxb</a>
+// Any modifications to this file will be lost upon recompilation of the source schema.
+// Generated on: 2013.06.19 at 11:53:10 AM CEST
+//
+
+
+package at.gv.e_government.reference.namespace.mandates._20040701_;
+
+import javax.xml.bind.annotation.XmlAccessType;
+import javax.xml.bind.annotation.XmlAccessorType;
+import javax.xml.bind.annotation.XmlAttribute;
+import javax.xml.bind.annotation.XmlRootElement;
+import javax.xml.bind.annotation.XmlSchemaType;
+import javax.xml.bind.annotation.XmlType;
+import javax.xml.bind.annotation.XmlValue;
+import javax.xml.bind.annotation.adapters.CollapsedStringAdapter;
+import javax.xml.bind.annotation.adapters.XmlJavaTypeAdapter;
+
+
+/**
+ * <p>Java class for anonymous complex type.
+ *
+ * <p>The following schema fragment specifies the expected content contained within this class.
+ *
+ * <pre>
+ * &lt;complexType>
+ * &lt;simpleContent>
+ * &lt;extension base="&lt;http://www.w3.org/2001/XMLSchema>token">
+ * &lt;attribute name="Name" type="{http://www.w3.org/2001/XMLSchema}token" />
+ * &lt;/extension>
+ * &lt;/simpleContent>
+ * &lt;/complexType>
+ * </pre>
+ *
+ *
+ */
+@XmlAccessorType(XmlAccessType.FIELD)
+@XmlType(name = "", propOrder = {
+ "value"
+})
+@XmlRootElement(name = "SetParameter")
+public class SetParameter {
+
+ @XmlValue
+ @XmlJavaTypeAdapter(CollapsedStringAdapter.class)
+ @XmlSchemaType(name = "token")
+ protected String value;
+ @XmlAttribute(name = "Name")
+ @XmlJavaTypeAdapter(CollapsedStringAdapter.class)
+ @XmlSchemaType(name = "token")
+ protected String name;
+
+ /**
+ * Gets the value of the value property.
+ *
+ * @return
+ * possible object is
+ * {@link String }
+ *
+ */
+ public String getValue() {
+ return value;
+ }
+
+ /**
+ * Sets the value of the value property.
+ *
+ * @param value
+ * allowed object is
+ * {@link String }
+ *
+ */
+ public void setValue(String value) {
+ this.value = value;
+ }
+
+ /**
+ * Gets the value of the name property.
+ *
+ * @return
+ * possible object is
+ * {@link String }
+ *
+ */
+ public String getName() {
+ return name;
+ }
+
+ /**
+ * Sets the value of the name property.
+ *
+ * @param value
+ * allowed object is
+ * {@link String }
+ *
+ */
+ public void setName(String value) {
+ this.name = value;
+ }
+
+}
diff --git a/id/server/idserverlib/src/main/java/at/gv/e_government/reference/namespace/mandates/_20040701_/SimpleMandateContentType.java b/id/server/idserverlib/src/main/java/at/gv/e_government/reference/namespace/mandates/_20040701_/SimpleMandateContentType.java
new file mode 100644
index 000000000..30fdcbab1
--- /dev/null
+++ b/id/server/idserverlib/src/main/java/at/gv/e_government/reference/namespace/mandates/_20040701_/SimpleMandateContentType.java
@@ -0,0 +1,605 @@
+//
+// This file was generated by the JavaTM Architecture for XML Binding(JAXB) Reference Implementation, vJAXB 2.1.10 in JDK 6
+// See <a href="http://java.sun.com/xml/jaxb">http://java.sun.com/xml/jaxb</a>
+// Any modifications to this file will be lost upon recompilation of the source schema.
+// Generated on: 2013.06.19 at 11:53:10 AM CEST
+//
+
+
+package at.gv.e_government.reference.namespace.mandates._20040701_;
+
+import java.util.ArrayList;
+import java.util.List;
+import javax.xml.bind.JAXBElement;
+import javax.xml.bind.annotation.XmlAccessType;
+import javax.xml.bind.annotation.XmlAccessorType;
+import javax.xml.bind.annotation.XmlElement;
+import javax.xml.bind.annotation.XmlElementRef;
+import javax.xml.bind.annotation.XmlElementRefs;
+import javax.xml.bind.annotation.XmlSchemaType;
+import javax.xml.bind.annotation.XmlType;
+import javax.xml.bind.annotation.XmlValue;
+import javax.xml.bind.annotation.adapters.CollapsedStringAdapter;
+import javax.xml.bind.annotation.adapters.XmlJavaTypeAdapter;
+import at.gv.e_government.reference.namespace.persondata._20020228_.CorporateBodyType;
+import at.gv.e_government.reference.namespace.persondata._20020228_.PhysicalPersonType;
+
+
+/**
+ * complex type for describing the mandate using some textual descriptions
+ *
+ * <p>Java class for SimpleMandateContentType complex type.
+ *
+ * <p>The following schema fragment specifies the expected content contained within this class.
+ *
+ * <pre>
+ * &lt;complexType name="SimpleMandateContentType">
+ * &lt;complexContent>
+ * &lt;restriction base="{http://www.w3.org/2001/XMLSchema}anyType">
+ * &lt;sequence>
+ * &lt;choice maxOccurs="unbounded">
+ * &lt;element ref="{http://reference.e-government.gv.at/namespace/mandates/20040701#}TextualDescription"/>
+ * &lt;element ref="{http://reference.e-government.gv.at/namespace/mandates/20040701#}ParameterisedDescription"/>
+ * &lt;/choice>
+ * &lt;element name="References" minOccurs="0">
+ * &lt;complexType>
+ * &lt;complexContent>
+ * &lt;restriction base="{http://www.w3.org/2001/XMLSchema}anyType">
+ * &lt;sequence maxOccurs="unbounded">
+ * &lt;element name="MandateID">
+ * &lt;complexType>
+ * &lt;simpleContent>
+ * &lt;extension base="&lt;http://www.w3.org/2001/XMLSchema>token">
+ * &lt;/extension>
+ * &lt;/simpleContent>
+ * &lt;/complexType>
+ * &lt;/element>
+ * &lt;/sequence>
+ * &lt;/restriction>
+ * &lt;/complexContent>
+ * &lt;/complexType>
+ * &lt;/element>
+ * &lt;group ref="{http://reference.e-government.gv.at/namespace/mandates/20040701#}ConstraintsGroup"/>
+ * &lt;/sequence>
+ * &lt;/restriction>
+ * &lt;/complexContent>
+ * &lt;/complexType>
+ * </pre>
+ *
+ *
+ */
+@XmlAccessorType(XmlAccessType.FIELD)
+@XmlType(name = "SimpleMandateContentType", propOrder = {
+ "textualDescriptionOrParameterisedDescription",
+ "references",
+ "timeConstraint",
+ "collectiveConstraint",
+ "transactionLimit",
+ "anyConstraints"
+})
+public class SimpleMandateContentType {
+
+ @XmlElementRefs({
+ @XmlElementRef(name = "ParameterisedDescription", namespace = "http://reference.e-government.gv.at/namespace/mandates/20040701#", type = JAXBElement.class),
+ @XmlElementRef(name = "TextualDescription", namespace = "http://reference.e-government.gv.at/namespace/mandates/20040701#", type = JAXBElement.class)
+ })
+ protected List<JAXBElement<?>> textualDescriptionOrParameterisedDescription;
+ @XmlElement(name = "References")
+ protected SimpleMandateContentType.References references;
+ @XmlElement(name = "TimeConstraint")
+ protected SimpleMandateContentType.TimeConstraint timeConstraint;
+ @XmlElement(name = "CollectiveConstraint")
+ protected SimpleMandateContentType.CollectiveConstraint collectiveConstraint;
+ @XmlElement(name = "TransactionLimit")
+ protected SimpleMandateContentType.TransactionLimit transactionLimit;
+ @XmlElement(name = "AnyConstraints")
+ @XmlJavaTypeAdapter(CollapsedStringAdapter.class)
+ protected List<String> anyConstraints;
+
+ /**
+ * Gets the value of the textualDescriptionOrParameterisedDescription property.
+ *
+ * <p>
+ * This accessor method returns a reference to the live list,
+ * not a snapshot. Therefore any modification you make to the
+ * returned list will be present inside the JAXB object.
+ * This is why there is not a <CODE>set</CODE> method for the textualDescriptionOrParameterisedDescription property.
+ *
+ * <p>
+ * For example, to add a new item, do as follows:
+ * <pre>
+ * getTextualDescriptionOrParameterisedDescription().add(newItem);
+ * </pre>
+ *
+ *
+ * <p>
+ * Objects of the following type(s) are allowed in the list
+ * {@link JAXBElement }{@code <}{@link ParameterisedDescriptionType }{@code >}
+ * {@link JAXBElement }{@code <}{@link String }{@code >}
+ *
+ *
+ */
+ public List<JAXBElement<?>> getTextualDescriptionOrParameterisedDescription() {
+ if (textualDescriptionOrParameterisedDescription == null) {
+ textualDescriptionOrParameterisedDescription = new ArrayList<JAXBElement<?>>();
+ }
+ return this.textualDescriptionOrParameterisedDescription;
+ }
+
+ /**
+ * Gets the value of the references property.
+ *
+ * @return
+ * possible object is
+ * {@link SimpleMandateContentType.References }
+ *
+ */
+ public SimpleMandateContentType.References getReferences() {
+ return references;
+ }
+
+ /**
+ * Sets the value of the references property.
+ *
+ * @param value
+ * allowed object is
+ * {@link SimpleMandateContentType.References }
+ *
+ */
+ public void setReferences(SimpleMandateContentType.References value) {
+ this.references = value;
+ }
+
+ /**
+ * Gets the value of the timeConstraint property.
+ *
+ * @return
+ * possible object is
+ * {@link SimpleMandateContentType.TimeConstraint }
+ *
+ */
+ public SimpleMandateContentType.TimeConstraint getTimeConstraint() {
+ return timeConstraint;
+ }
+
+ /**
+ * Sets the value of the timeConstraint property.
+ *
+ * @param value
+ * allowed object is
+ * {@link SimpleMandateContentType.TimeConstraint }
+ *
+ */
+ public void setTimeConstraint(SimpleMandateContentType.TimeConstraint value) {
+ this.timeConstraint = value;
+ }
+
+ /**
+ * Gets the value of the collectiveConstraint property.
+ *
+ * @return
+ * possible object is
+ * {@link SimpleMandateContentType.CollectiveConstraint }
+ *
+ */
+ public SimpleMandateContentType.CollectiveConstraint getCollectiveConstraint() {
+ return collectiveConstraint;
+ }
+
+ /**
+ * Sets the value of the collectiveConstraint property.
+ *
+ * @param value
+ * allowed object is
+ * {@link SimpleMandateContentType.CollectiveConstraint }
+ *
+ */
+ public void setCollectiveConstraint(SimpleMandateContentType.CollectiveConstraint value) {
+ this.collectiveConstraint = value;
+ }
+
+ /**
+ * Gets the value of the transactionLimit property.
+ *
+ * @return
+ * possible object is
+ * {@link SimpleMandateContentType.TransactionLimit }
+ *
+ */
+ public SimpleMandateContentType.TransactionLimit getTransactionLimit() {
+ return transactionLimit;
+ }
+
+ /**
+ * Sets the value of the transactionLimit property.
+ *
+ * @param value
+ * allowed object is
+ * {@link SimpleMandateContentType.TransactionLimit }
+ *
+ */
+ public void setTransactionLimit(SimpleMandateContentType.TransactionLimit value) {
+ this.transactionLimit = value;
+ }
+
+ /**
+ * Gets the value of the anyConstraints property.
+ *
+ * <p>
+ * This accessor method returns a reference to the live list,
+ * not a snapshot. Therefore any modification you make to the
+ * returned list will be present inside the JAXB object.
+ * This is why there is not a <CODE>set</CODE> method for the anyConstraints property.
+ *
+ * <p>
+ * For example, to add a new item, do as follows:
+ * <pre>
+ * getAnyConstraints().add(newItem);
+ * </pre>
+ *
+ *
+ * <p>
+ * Objects of the following type(s) are allowed in the list
+ * {@link String }
+ *
+ *
+ */
+ public List<String> getAnyConstraints() {
+ if (anyConstraints == null) {
+ anyConstraints = new ArrayList<String>();
+ }
+ return this.anyConstraints;
+ }
+
+
+ /**
+ * <p>Java class for anonymous complex type.
+ *
+ * <p>The following schema fragment specifies the expected content contained within this class.
+ *
+ * <pre>
+ * &lt;complexType>
+ * &lt;complexContent>
+ * &lt;restriction base="{http://www.w3.org/2001/XMLSchema}anyType">
+ * &lt;choice maxOccurs="unbounded">
+ * &lt;element ref="{http://reference.e-government.gv.at/namespace/persondata/20020228#}PhysicalPerson"/>
+ * &lt;element ref="{http://reference.e-government.gv.at/namespace/persondata/20020228#}CorporateBody"/>
+ * &lt;element ref="{http://reference.e-government.gv.at/namespace/mandates/20040701#}AnyConstraints"/>
+ * &lt;/choice>
+ * &lt;/restriction>
+ * &lt;/complexContent>
+ * &lt;/complexType>
+ * </pre>
+ *
+ *
+ */
+ @XmlAccessorType(XmlAccessType.FIELD)
+ @XmlType(name = "", propOrder = {
+ "physicalPersonOrCorporateBodyOrAnyConstraints"
+ })
+ public static class CollectiveConstraint {
+
+ @XmlElementRefs({
+ @XmlElementRef(name = "PhysicalPerson", namespace = "http://reference.e-government.gv.at/namespace/persondata/20020228#", type = JAXBElement.class),
+ @XmlElementRef(name = "AnyConstraints", namespace = "http://reference.e-government.gv.at/namespace/mandates/20040701#", type = JAXBElement.class),
+ @XmlElementRef(name = "CorporateBody", namespace = "http://reference.e-government.gv.at/namespace/persondata/20020228#", type = JAXBElement.class)
+ })
+ protected List<JAXBElement<?>> physicalPersonOrCorporateBodyOrAnyConstraints;
+
+ /**
+ * Gets the value of the physicalPersonOrCorporateBodyOrAnyConstraints property.
+ *
+ * <p>
+ * This accessor method returns a reference to the live list,
+ * not a snapshot. Therefore any modification you make to the
+ * returned list will be present inside the JAXB object.
+ * This is why there is not a <CODE>set</CODE> method for the physicalPersonOrCorporateBodyOrAnyConstraints property.
+ *
+ * <p>
+ * For example, to add a new item, do as follows:
+ * <pre>
+ * getPhysicalPersonOrCorporateBodyOrAnyConstraints().add(newItem);
+ * </pre>
+ *
+ *
+ * <p>
+ * Objects of the following type(s) are allowed in the list
+ * {@link JAXBElement }{@code <}{@link CorporateBodyType }{@code >}
+ * {@link JAXBElement }{@code <}{@link PhysicalPersonType }{@code >}
+ * {@link JAXBElement }{@code <}{@link String }{@code >}
+ *
+ *
+ */
+ public List<JAXBElement<?>> getPhysicalPersonOrCorporateBodyOrAnyConstraints() {
+ if (physicalPersonOrCorporateBodyOrAnyConstraints == null) {
+ physicalPersonOrCorporateBodyOrAnyConstraints = new ArrayList<JAXBElement<?>>();
+ }
+ return this.physicalPersonOrCorporateBodyOrAnyConstraints;
+ }
+
+ }
+
+
+ /**
+ * <p>Java class for anonymous complex type.
+ *
+ * <p>The following schema fragment specifies the expected content contained within this class.
+ *
+ * <pre>
+ * &lt;complexType>
+ * &lt;complexContent>
+ * &lt;restriction base="{http://www.w3.org/2001/XMLSchema}anyType">
+ * &lt;sequence maxOccurs="unbounded">
+ * &lt;element name="MandateID">
+ * &lt;complexType>
+ * &lt;simpleContent>
+ * &lt;extension base="&lt;http://www.w3.org/2001/XMLSchema>token">
+ * &lt;/extension>
+ * &lt;/simpleContent>
+ * &lt;/complexType>
+ * &lt;/element>
+ * &lt;/sequence>
+ * &lt;/restriction>
+ * &lt;/complexContent>
+ * &lt;/complexType>
+ * </pre>
+ *
+ *
+ */
+ @XmlAccessorType(XmlAccessType.FIELD)
+ @XmlType(name = "", propOrder = {
+ "mandateID"
+ })
+ public static class References {
+
+ @XmlElement(name = "MandateID", required = true)
+ protected List<SimpleMandateContentType.References.MandateID> mandateID;
+
+ /**
+ * Gets the value of the mandateID property.
+ *
+ * <p>
+ * This accessor method returns a reference to the live list,
+ * not a snapshot. Therefore any modification you make to the
+ * returned list will be present inside the JAXB object.
+ * This is why there is not a <CODE>set</CODE> method for the mandateID property.
+ *
+ * <p>
+ * For example, to add a new item, do as follows:
+ * <pre>
+ * getMandateID().add(newItem);
+ * </pre>
+ *
+ *
+ * <p>
+ * Objects of the following type(s) are allowed in the list
+ * {@link SimpleMandateContentType.References.MandateID }
+ *
+ *
+ */
+ public List<SimpleMandateContentType.References.MandateID> getMandateID() {
+ if (mandateID == null) {
+ mandateID = new ArrayList<SimpleMandateContentType.References.MandateID>();
+ }
+ return this.mandateID;
+ }
+
+
+ /**
+ * <p>Java class for anonymous complex type.
+ *
+ * <p>The following schema fragment specifies the expected content contained within this class.
+ *
+ * <pre>
+ * &lt;complexType>
+ * &lt;simpleContent>
+ * &lt;extension base="&lt;http://www.w3.org/2001/XMLSchema>token">
+ * &lt;/extension>
+ * &lt;/simpleContent>
+ * &lt;/complexType>
+ * </pre>
+ *
+ *
+ */
+ @XmlAccessorType(XmlAccessType.FIELD)
+ @XmlType(name = "", propOrder = {
+ "value"
+ })
+ public static class MandateID {
+
+ @XmlValue
+ @XmlJavaTypeAdapter(CollapsedStringAdapter.class)
+ @XmlSchemaType(name = "token")
+ protected String value;
+
+ /**
+ * Gets the value of the value property.
+ *
+ * @return
+ * possible object is
+ * {@link String }
+ *
+ */
+ public String getValue() {
+ return value;
+ }
+
+ /**
+ * Sets the value of the value property.
+ *
+ * @param value
+ * allowed object is
+ * {@link String }
+ *
+ */
+ public void setValue(String value) {
+ this.value = value;
+ }
+
+ }
+
+ }
+
+
+ /**
+ * <p>Java class for anonymous complex type.
+ *
+ * <p>The following schema fragment specifies the expected content contained within this class.
+ *
+ * <pre>
+ * &lt;complexType>
+ * &lt;complexContent>
+ * &lt;restriction base="{http://www.w3.org/2001/XMLSchema}anyType">
+ * &lt;choice>
+ * &lt;sequence>
+ * &lt;element ref="{http://reference.e-government.gv.at/namespace/mandates/20040701#}ValidFrom" minOccurs="0"/>
+ * &lt;element ref="{http://reference.e-government.gv.at/namespace/mandates/20040701#}ValidTo" minOccurs="0"/>
+ * &lt;/sequence>
+ * &lt;/choice>
+ * &lt;/restriction>
+ * &lt;/complexContent>
+ * &lt;/complexType>
+ * </pre>
+ *
+ *
+ */
+ @XmlAccessorType(XmlAccessType.FIELD)
+ @XmlType(name = "", propOrder = {
+ "validFrom",
+ "validTo"
+ })
+ public static class TimeConstraint {
+
+ @XmlElement(name = "ValidFrom")
+ protected String validFrom;
+ @XmlElement(name = "ValidTo")
+ protected String validTo;
+
+ /**
+ * Gets the value of the validFrom property.
+ *
+ * @return
+ * possible object is
+ * {@link String }
+ *
+ */
+ public String getValidFrom() {
+ return validFrom;
+ }
+
+ /**
+ * Sets the value of the validFrom property.
+ *
+ * @param value
+ * allowed object is
+ * {@link String }
+ *
+ */
+ public void setValidFrom(String value) {
+ this.validFrom = value;
+ }
+
+ /**
+ * Gets the value of the validTo property.
+ *
+ * @return
+ * possible object is
+ * {@link String }
+ *
+ */
+ public String getValidTo() {
+ return validTo;
+ }
+
+ /**
+ * Sets the value of the validTo property.
+ *
+ * @param value
+ * allowed object is
+ * {@link String }
+ *
+ */
+ public void setValidTo(String value) {
+ this.validTo = value;
+ }
+
+ }
+
+
+ /**
+ * <p>Java class for anonymous complex type.
+ *
+ * <p>The following schema fragment specifies the expected content contained within this class.
+ *
+ * <pre>
+ * &lt;complexType>
+ * &lt;complexContent>
+ * &lt;restriction base="{http://www.w3.org/2001/XMLSchema}anyType">
+ * &lt;sequence>
+ * &lt;element name="Amount" type="{http://www.w3.org/2001/XMLSchema}float"/>
+ * &lt;element name="Currency" type="{http://www.w3.org/2001/XMLSchema}token"/>
+ * &lt;/sequence>
+ * &lt;/restriction>
+ * &lt;/complexContent>
+ * &lt;/complexType>
+ * </pre>
+ *
+ *
+ */
+ @XmlAccessorType(XmlAccessType.FIELD)
+ @XmlType(name = "", propOrder = {
+ "amount",
+ "currency"
+ })
+ public static class TransactionLimit {
+
+ @XmlElement(name = "Amount")
+ protected float amount;
+ @XmlElement(name = "Currency", required = true, defaultValue = "EUR")
+ @XmlJavaTypeAdapter(CollapsedStringAdapter.class)
+ @XmlSchemaType(name = "token")
+ protected String currency;
+
+ /**
+ * Gets the value of the amount property.
+ *
+ */
+ public float getAmount() {
+ return amount;
+ }
+
+ /**
+ * Sets the value of the amount property.
+ *
+ */
+ public void setAmount(float value) {
+ this.amount = value;
+ }
+
+ /**
+ * Gets the value of the currency property.
+ *
+ * @return
+ * possible object is
+ * {@link String }
+ *
+ */
+ public String getCurrency() {
+ return currency;
+ }
+
+ /**
+ * Sets the value of the currency property.
+ *
+ * @param value
+ * allowed object is
+ * {@link String }
+ *
+ */
+ public void setCurrency(String value) {
+ this.currency = value;
+ }
+
+ }
+
+}
diff --git a/id/server/idserverlib/src/main/java/at/gv/e_government/reference/namespace/mandates/_20040701_/package-info.java b/id/server/idserverlib/src/main/java/at/gv/e_government/reference/namespace/mandates/_20040701_/package-info.java
new file mode 100644
index 000000000..79c3dae88
--- /dev/null
+++ b/id/server/idserverlib/src/main/java/at/gv/e_government/reference/namespace/mandates/_20040701_/package-info.java
@@ -0,0 +1,9 @@
+//
+// This file was generated by the JavaTM Architecture for XML Binding(JAXB) Reference Implementation, vJAXB 2.1.10 in JDK 6
+// See <a href="http://java.sun.com/xml/jaxb">http://java.sun.com/xml/jaxb</a>
+// Any modifications to this file will be lost upon recompilation of the source schema.
+// Generated on: 2013.06.19 at 11:53:10 AM CEST
+//
+
+@javax.xml.bind.annotation.XmlSchema(namespace = "http://reference.e-government.gv.at/namespace/mandates/20040701#", elementFormDefault = javax.xml.bind.annotation.XmlNsForm.QUALIFIED)
+package at.gv.e_government.reference.namespace.mandates._20040701_;
diff --git a/id/server/idserverlib/src/main/java/at/gv/e_government/reference/namespace/persondata/_20020228_/AbstractAddressType.java b/id/server/idserverlib/src/main/java/at/gv/e_government/reference/namespace/persondata/_20020228_/AbstractAddressType.java
new file mode 100644
index 000000000..406073972
--- /dev/null
+++ b/id/server/idserverlib/src/main/java/at/gv/e_government/reference/namespace/persondata/_20020228_/AbstractAddressType.java
@@ -0,0 +1,144 @@
+//
+// This file was generated by the JavaTM Architecture for XML Binding(JAXB) Reference Implementation, vJAXB 2.1.10 in JDK 6
+// See <a href="http://java.sun.com/xml/jaxb">http://java.sun.com/xml/jaxb</a>
+// Any modifications to this file will be lost upon recompilation of the source schema.
+// Generated on: 2013.06.19 at 11:53:10 AM CEST
+//
+
+
+package at.gv.e_government.reference.namespace.persondata._20020228_;
+
+import java.util.ArrayList;
+import java.util.HashMap;
+import java.util.List;
+import java.util.Map;
+import javax.xml.bind.annotation.XmlAccessType;
+import javax.xml.bind.annotation.XmlAccessorType;
+import javax.xml.bind.annotation.XmlAnyAttribute;
+import javax.xml.bind.annotation.XmlAttribute;
+import javax.xml.bind.annotation.XmlElement;
+import javax.xml.bind.annotation.XmlID;
+import javax.xml.bind.annotation.XmlSchemaType;
+import javax.xml.bind.annotation.XmlSeeAlso;
+import javax.xml.bind.annotation.XmlType;
+import javax.xml.bind.annotation.adapters.CollapsedStringAdapter;
+import javax.xml.bind.annotation.adapters.XmlJavaTypeAdapter;
+import javax.xml.namespace.QName;
+
+
+/**
+ * main structure of address data
+ *
+ * <p>Java class for AbstractAddressType complex type.
+ *
+ * <p>The following schema fragment specifies the expected content contained within this class.
+ *
+ * <pre>
+ * &lt;complexType name="AbstractAddressType">
+ * &lt;complexContent>
+ * &lt;restriction base="{http://www.w3.org/2001/XMLSchema}anyType">
+ * &lt;sequence minOccurs="0">
+ * &lt;element name="Identification" type="{http://reference.e-government.gv.at/namespace/persondata/20020228#}IdentificationType" maxOccurs="unbounded"/>
+ * &lt;/sequence>
+ * &lt;attribute name="Id" type="{http://www.w3.org/2001/XMLSchema}ID" />
+ * &lt;anyAttribute namespace='##other'/>
+ * &lt;/restriction>
+ * &lt;/complexContent>
+ * &lt;/complexType>
+ * </pre>
+ *
+ *
+ */
+@XmlAccessorType(XmlAccessType.FIELD)
+@XmlType(name = "AbstractAddressType", propOrder = {
+ "identification"
+})
+@XmlSeeAlso({
+ TelephoneAddressType.class,
+ InternetAddressType.class,
+ TypedPostalAddressType.class
+})
+public abstract class AbstractAddressType {
+
+ @XmlElement(name = "Identification")
+ protected List<IdentificationType> identification;
+ @XmlAttribute(name = "Id")
+ @XmlJavaTypeAdapter(CollapsedStringAdapter.class)
+ @XmlID
+ @XmlSchemaType(name = "ID")
+ protected String id;
+ @XmlAnyAttribute
+ private Map<QName, String> otherAttributes = new HashMap<QName, String>();
+
+ /**
+ * Gets the value of the identification property.
+ *
+ * <p>
+ * This accessor method returns a reference to the live list,
+ * not a snapshot. Therefore any modification you make to the
+ * returned list will be present inside the JAXB object.
+ * This is why there is not a <CODE>set</CODE> method for the identification property.
+ *
+ * <p>
+ * For example, to add a new item, do as follows:
+ * <pre>
+ * getIdentification().add(newItem);
+ * </pre>
+ *
+ *
+ * <p>
+ * Objects of the following type(s) are allowed in the list
+ * {@link IdentificationType }
+ *
+ *
+ */
+ public List<IdentificationType> getIdentification() {
+ if (identification == null) {
+ identification = new ArrayList<IdentificationType>();
+ }
+ return this.identification;
+ }
+
+ /**
+ * Gets the value of the id property.
+ *
+ * @return
+ * possible object is
+ * {@link String }
+ *
+ */
+ public String getId() {
+ return id;
+ }
+
+ /**
+ * Sets the value of the id property.
+ *
+ * @param value
+ * allowed object is
+ * {@link String }
+ *
+ */
+ public void setId(String value) {
+ this.id = value;
+ }
+
+ /**
+ * Gets a map that contains attributes that aren't bound to any typed property on this class.
+ *
+ * <p>
+ * the map is keyed by the name of the attribute and
+ * the value is the string value of the attribute.
+ *
+ * the map returned by this method is live, and you can add new attribute
+ * by updating the map directly. Because of this design, there's no setter.
+ *
+ *
+ * @return
+ * always non-null
+ */
+ public Map<QName, String> getOtherAttributes() {
+ return otherAttributes;
+ }
+
+}
diff --git a/id/server/idserverlib/src/main/java/at/gv/e_government/reference/namespace/persondata/_20020228_/AbstractPersonType.java b/id/server/idserverlib/src/main/java/at/gv/e_government/reference/namespace/persondata/_20020228_/AbstractPersonType.java
new file mode 100644
index 000000000..201b285dd
--- /dev/null
+++ b/id/server/idserverlib/src/main/java/at/gv/e_government/reference/namespace/persondata/_20020228_/AbstractPersonType.java
@@ -0,0 +1,144 @@
+//
+// This file was generated by the JavaTM Architecture for XML Binding(JAXB) Reference Implementation, vJAXB 2.1.10 in JDK 6
+// See <a href="http://java.sun.com/xml/jaxb">http://java.sun.com/xml/jaxb</a>
+// Any modifications to this file will be lost upon recompilation of the source schema.
+// Generated on: 2013.06.19 at 11:53:10 AM CEST
+//
+
+
+package at.gv.e_government.reference.namespace.persondata._20020228_;
+
+import java.util.ArrayList;
+import java.util.HashMap;
+import java.util.List;
+import java.util.Map;
+import javax.xml.bind.annotation.XmlAccessType;
+import javax.xml.bind.annotation.XmlAccessorType;
+import javax.xml.bind.annotation.XmlAnyAttribute;
+import javax.xml.bind.annotation.XmlAttribute;
+import javax.xml.bind.annotation.XmlElement;
+import javax.xml.bind.annotation.XmlID;
+import javax.xml.bind.annotation.XmlSchemaType;
+import javax.xml.bind.annotation.XmlSeeAlso;
+import javax.xml.bind.annotation.XmlType;
+import javax.xml.bind.annotation.adapters.CollapsedStringAdapter;
+import javax.xml.bind.annotation.adapters.XmlJavaTypeAdapter;
+import javax.xml.namespace.QName;
+
+
+/**
+ * main structure of person data
+ *
+ * <p>Java class for AbstractPersonType complex type.
+ *
+ * <p>The following schema fragment specifies the expected content contained within this class.
+ *
+ * <pre>
+ * &lt;complexType name="AbstractPersonType">
+ * &lt;complexContent>
+ * &lt;restriction base="{http://www.w3.org/2001/XMLSchema}anyType">
+ * &lt;sequence minOccurs="0">
+ * &lt;element name="Identification" type="{http://reference.e-government.gv.at/namespace/persondata/20020228#}IdentificationType" maxOccurs="unbounded"/>
+ * &lt;/sequence>
+ * &lt;attribute name="Id" type="{http://www.w3.org/2001/XMLSchema}ID" />
+ * &lt;anyAttribute namespace='##other'/>
+ * &lt;/restriction>
+ * &lt;/complexContent>
+ * &lt;/complexType>
+ * </pre>
+ *
+ *
+ */
+@XmlAccessorType(XmlAccessType.FIELD)
+@XmlType(name = "AbstractPersonType", propOrder = {
+ "identification"
+})
+@XmlSeeAlso({
+ PhysicalPersonType.class,
+ CorporateBodyType.class,
+ PersonDataType.class
+})
+public abstract class AbstractPersonType {
+
+ @XmlElement(name = "Identification")
+ protected List<IdentificationType> identification;
+ @XmlAttribute(name = "Id")
+ @XmlJavaTypeAdapter(CollapsedStringAdapter.class)
+ @XmlID
+ @XmlSchemaType(name = "ID")
+ protected String id;
+ @XmlAnyAttribute
+ private Map<QName, String> otherAttributes = new HashMap<QName, String>();
+
+ /**
+ * Gets the value of the identification property.
+ *
+ * <p>
+ * This accessor method returns a reference to the live list,
+ * not a snapshot. Therefore any modification you make to the
+ * returned list will be present inside the JAXB object.
+ * This is why there is not a <CODE>set</CODE> method for the identification property.
+ *
+ * <p>
+ * For example, to add a new item, do as follows:
+ * <pre>
+ * getIdentification().add(newItem);
+ * </pre>
+ *
+ *
+ * <p>
+ * Objects of the following type(s) are allowed in the list
+ * {@link IdentificationType }
+ *
+ *
+ */
+ public List<IdentificationType> getIdentification() {
+ if (identification == null) {
+ identification = new ArrayList<IdentificationType>();
+ }
+ return this.identification;
+ }
+
+ /**
+ * Gets the value of the id property.
+ *
+ * @return
+ * possible object is
+ * {@link String }
+ *
+ */
+ public String getId() {
+ return id;
+ }
+
+ /**
+ * Sets the value of the id property.
+ *
+ * @param value
+ * allowed object is
+ * {@link String }
+ *
+ */
+ public void setId(String value) {
+ this.id = value;
+ }
+
+ /**
+ * Gets a map that contains attributes that aren't bound to any typed property on this class.
+ *
+ * <p>
+ * the map is keyed by the name of the attribute and
+ * the value is the string value of the attribute.
+ *
+ * the map returned by this method is live, and you can add new attribute
+ * by updating the map directly. Because of this design, there's no setter.
+ *
+ *
+ * @return
+ * always non-null
+ */
+ public Map<QName, String> getOtherAttributes() {
+ return otherAttributes;
+ }
+
+}
diff --git a/id/server/idserverlib/src/main/java/at/gv/e_government/reference/namespace/persondata/_20020228_/CorporateBodyType.java b/id/server/idserverlib/src/main/java/at/gv/e_government/reference/namespace/persondata/_20020228_/CorporateBodyType.java
new file mode 100644
index 000000000..382307a46
--- /dev/null
+++ b/id/server/idserverlib/src/main/java/at/gv/e_government/reference/namespace/persondata/_20020228_/CorporateBodyType.java
@@ -0,0 +1,245 @@
+//
+// This file was generated by the JavaTM Architecture for XML Binding(JAXB) Reference Implementation, vJAXB 2.1.10 in JDK 6
+// See <a href="http://java.sun.com/xml/jaxb">http://java.sun.com/xml/jaxb</a>
+// Any modifications to this file will be lost upon recompilation of the source schema.
+// Generated on: 2013.06.19 at 11:53:10 AM CEST
+//
+
+
+package at.gv.e_government.reference.namespace.persondata._20020228_;
+
+import java.util.ArrayList;
+import java.util.List;
+import javax.xml.bind.annotation.XmlAccessType;
+import javax.xml.bind.annotation.XmlAccessorType;
+import javax.xml.bind.annotation.XmlAnyElement;
+import javax.xml.bind.annotation.XmlElement;
+import javax.xml.bind.annotation.XmlSchemaType;
+import javax.xml.bind.annotation.XmlType;
+import javax.xml.bind.annotation.adapters.CollapsedStringAdapter;
+import javax.xml.bind.annotation.adapters.XmlJavaTypeAdapter;
+import org.w3c.dom.Element;
+
+
+/**
+ * juridical person, organisation
+ *
+ * <p>Java class for CorporateBodyType complex type.
+ *
+ * <p>The following schema fragment specifies the expected content contained within this class.
+ *
+ * <pre>
+ * &lt;complexType name="CorporateBodyType">
+ * &lt;complexContent>
+ * &lt;extension base="{http://reference.e-government.gv.at/namespace/persondata/20020228#}AbstractPersonType">
+ * &lt;sequence minOccurs="0">
+ * &lt;element name="Type" type="{http://www.w3.org/2001/XMLSchema}anyURI" maxOccurs="unbounded" minOccurs="0"/>
+ * &lt;element name="FullName" type="{http://www.w3.org/2001/XMLSchema}token" minOccurs="0"/>
+ * &lt;element name="AlternativeName" type="{http://www.w3.org/2001/XMLSchema}token" maxOccurs="unbounded" minOccurs="0"/>
+ * &lt;element name="LegalForm" type="{http://www.w3.org/2001/XMLSchema}anyURI" minOccurs="0"/>
+ * &lt;element name="Organisation" type="{http://www.w3.org/2001/XMLSchema}token" minOccurs="0"/>
+ * &lt;any processContents='lax' namespace='##other' maxOccurs="unbounded" minOccurs="0"/>
+ * &lt;/sequence>
+ * &lt;anyAttribute namespace='##other'/>
+ * &lt;/extension>
+ * &lt;/complexContent>
+ * &lt;/complexType>
+ * </pre>
+ *
+ *
+ */
+@XmlAccessorType(XmlAccessType.FIELD)
+@XmlType(name = "CorporateBodyType", propOrder = {
+ "type",
+ "fullName",
+ "alternativeName",
+ "legalForm",
+ "organisation",
+ "any"
+})
+public class CorporateBodyType
+ extends AbstractPersonType
+{
+
+ @XmlElement(name = "Type")
+ @XmlSchemaType(name = "anyURI")
+ protected List<String> type;
+ @XmlElement(name = "FullName")
+ @XmlJavaTypeAdapter(CollapsedStringAdapter.class)
+ @XmlSchemaType(name = "token")
+ protected String fullName;
+ @XmlElement(name = "AlternativeName")
+ @XmlJavaTypeAdapter(CollapsedStringAdapter.class)
+ @XmlSchemaType(name = "token")
+ protected List<String> alternativeName;
+ @XmlElement(name = "LegalForm")
+ @XmlSchemaType(name = "anyURI")
+ protected String legalForm;
+ @XmlElement(name = "Organisation")
+ @XmlJavaTypeAdapter(CollapsedStringAdapter.class)
+ @XmlSchemaType(name = "token")
+ protected String organisation;
+ @XmlAnyElement(lax = true)
+ protected List<Object> any;
+
+ /**
+ * Gets the value of the type property.
+ *
+ * <p>
+ * This accessor method returns a reference to the live list,
+ * not a snapshot. Therefore any modification you make to the
+ * returned list will be present inside the JAXB object.
+ * This is why there is not a <CODE>set</CODE> method for the type property.
+ *
+ * <p>
+ * For example, to add a new item, do as follows:
+ * <pre>
+ * getType().add(newItem);
+ * </pre>
+ *
+ *
+ * <p>
+ * Objects of the following type(s) are allowed in the list
+ * {@link String }
+ *
+ *
+ */
+ public List<String> getType() {
+ if (type == null) {
+ type = new ArrayList<String>();
+ }
+ return this.type;
+ }
+
+ /**
+ * Gets the value of the fullName property.
+ *
+ * @return
+ * possible object is
+ * {@link String }
+ *
+ */
+ public String getFullName() {
+ return fullName;
+ }
+
+ /**
+ * Sets the value of the fullName property.
+ *
+ * @param value
+ * allowed object is
+ * {@link String }
+ *
+ */
+ public void setFullName(String value) {
+ this.fullName = value;
+ }
+
+ /**
+ * Gets the value of the alternativeName property.
+ *
+ * <p>
+ * This accessor method returns a reference to the live list,
+ * not a snapshot. Therefore any modification you make to the
+ * returned list will be present inside the JAXB object.
+ * This is why there is not a <CODE>set</CODE> method for the alternativeName property.
+ *
+ * <p>
+ * For example, to add a new item, do as follows:
+ * <pre>
+ * getAlternativeName().add(newItem);
+ * </pre>
+ *
+ *
+ * <p>
+ * Objects of the following type(s) are allowed in the list
+ * {@link String }
+ *
+ *
+ */
+ public List<String> getAlternativeName() {
+ if (alternativeName == null) {
+ alternativeName = new ArrayList<String>();
+ }
+ return this.alternativeName;
+ }
+
+ /**
+ * Gets the value of the legalForm property.
+ *
+ * @return
+ * possible object is
+ * {@link String }
+ *
+ */
+ public String getLegalForm() {
+ return legalForm;
+ }
+
+ /**
+ * Sets the value of the legalForm property.
+ *
+ * @param value
+ * allowed object is
+ * {@link String }
+ *
+ */
+ public void setLegalForm(String value) {
+ this.legalForm = value;
+ }
+
+ /**
+ * Gets the value of the organisation property.
+ *
+ * @return
+ * possible object is
+ * {@link String }
+ *
+ */
+ public String getOrganisation() {
+ return organisation;
+ }
+
+ /**
+ * Sets the value of the organisation property.
+ *
+ * @param value
+ * allowed object is
+ * {@link String }
+ *
+ */
+ public void setOrganisation(String value) {
+ this.organisation = value;
+ }
+
+ /**
+ * Gets the value of the any property.
+ *
+ * <p>
+ * This accessor method returns a reference to the live list,
+ * not a snapshot. Therefore any modification you make to the
+ * returned list will be present inside the JAXB object.
+ * This is why there is not a <CODE>set</CODE> method for the any property.
+ *
+ * <p>
+ * For example, to add a new item, do as follows:
+ * <pre>
+ * getAny().add(newItem);
+ * </pre>
+ *
+ *
+ * <p>
+ * Objects of the following type(s) are allowed in the list
+ * {@link Element }
+ * {@link Object }
+ *
+ *
+ */
+ public List<Object> getAny() {
+ if (any == null) {
+ any = new ArrayList<Object>();
+ }
+ return this.any;
+ }
+
+}
diff --git a/id/server/idserverlib/src/main/java/at/gv/e_government/reference/namespace/persondata/_20020228_/DefinedAlternativeNameTypeType.java b/id/server/idserverlib/src/main/java/at/gv/e_government/reference/namespace/persondata/_20020228_/DefinedAlternativeNameTypeType.java
new file mode 100644
index 000000000..26d021556
--- /dev/null
+++ b/id/server/idserverlib/src/main/java/at/gv/e_government/reference/namespace/persondata/_20020228_/DefinedAlternativeNameTypeType.java
@@ -0,0 +1,67 @@
+//
+// This file was generated by the JavaTM Architecture for XML Binding(JAXB) Reference Implementation, vJAXB 2.1.10 in JDK 6
+// See <a href="http://java.sun.com/xml/jaxb">http://java.sun.com/xml/jaxb</a>
+// Any modifications to this file will be lost upon recompilation of the source schema.
+// Generated on: 2013.06.19 at 11:53:10 AM CEST
+//
+
+
+package at.gv.e_government.reference.namespace.persondata._20020228_;
+
+import javax.xml.bind.annotation.XmlEnum;
+import javax.xml.bind.annotation.XmlEnumValue;
+import javax.xml.bind.annotation.XmlType;
+
+
+/**
+ * <p>Java class for DefinedAlternativeNameTypeType.
+ *
+ * <p>The following schema fragment specifies the expected content contained within this class.
+ * <p>
+ * <pre>
+ * &lt;simpleType name="DefinedAlternativeNameTypeType">
+ * &lt;restriction base="{http://www.w3.org/2001/XMLSchema}string">
+ * &lt;enumeration value="ArtistName"/>
+ * &lt;enumeration value="NickName"/>
+ * &lt;enumeration value="FormerName"/>
+ * &lt;enumeration value="Alias"/>
+ * &lt;enumeration value="MaidenName"/>
+ * &lt;/restriction>
+ * &lt;/simpleType>
+ * </pre>
+ *
+ */
+@XmlType(name = "DefinedAlternativeNameTypeType")
+@XmlEnum
+public enum DefinedAlternativeNameTypeType {
+
+ @XmlEnumValue("ArtistName")
+ ARTIST_NAME("ArtistName"),
+ @XmlEnumValue("NickName")
+ NICK_NAME("NickName"),
+ @XmlEnumValue("FormerName")
+ FORMER_NAME("FormerName"),
+ @XmlEnumValue("Alias")
+ ALIAS("Alias"),
+ @XmlEnumValue("MaidenName")
+ MAIDEN_NAME("MaidenName");
+ private final String value;
+
+ DefinedAlternativeNameTypeType(String v) {
+ value = v;
+ }
+
+ public String value() {
+ return value;
+ }
+
+ public static DefinedAlternativeNameTypeType fromValue(String v) {
+ for (DefinedAlternativeNameTypeType c: DefinedAlternativeNameTypeType.values()) {
+ if (c.value.equals(v)) {
+ return c;
+ }
+ }
+ throw new IllegalArgumentException(v);
+ }
+
+}
diff --git a/id/server/idserverlib/src/main/java/at/gv/e_government/reference/namespace/persondata/_20020228_/DefinedRelationType.java b/id/server/idserverlib/src/main/java/at/gv/e_government/reference/namespace/persondata/_20020228_/DefinedRelationType.java
new file mode 100644
index 000000000..703db6a6f
--- /dev/null
+++ b/id/server/idserverlib/src/main/java/at/gv/e_government/reference/namespace/persondata/_20020228_/DefinedRelationType.java
@@ -0,0 +1,79 @@
+//
+// This file was generated by the JavaTM Architecture for XML Binding(JAXB) Reference Implementation, vJAXB 2.1.10 in JDK 6
+// See <a href="http://java.sun.com/xml/jaxb">http://java.sun.com/xml/jaxb</a>
+// Any modifications to this file will be lost upon recompilation of the source schema.
+// Generated on: 2013.06.19 at 11:53:10 AM CEST
+//
+
+
+package at.gv.e_government.reference.namespace.persondata._20020228_;
+
+import javax.xml.bind.annotation.XmlEnum;
+import javax.xml.bind.annotation.XmlEnumValue;
+import javax.xml.bind.annotation.XmlType;
+
+
+/**
+ * <p>Java class for DefinedRelationType.
+ *
+ * <p>The following schema fragment specifies the expected content contained within this class.
+ * <p>
+ * <pre>
+ * &lt;simpleType name="DefinedRelationType">
+ * &lt;restriction base="{http://www.w3.org/2001/XMLSchema}string">
+ * &lt;enumeration value="family:Parent"/>
+ * &lt;enumeration value="family:Child"/>
+ * &lt;enumeration value="family:Sibling"/>
+ * &lt;enumeration value="family:Grandparent"/>
+ * &lt;enumeration value="family:Grandchild"/>
+ * &lt;enumeration value="family:Spouse"/>
+ * &lt;enumeration value="function:LegalGuardian"/>
+ * &lt;enumeration value="function:IsGuardedBy"/>
+ * &lt;enumeration value="function:Cohabitant"/>
+ * &lt;/restriction>
+ * &lt;/simpleType>
+ * </pre>
+ *
+ */
+@XmlType(name = "DefinedRelationType")
+@XmlEnum
+public enum DefinedRelationType {
+
+ @XmlEnumValue("family:Parent")
+ FAMILY_PARENT("family:Parent"),
+ @XmlEnumValue("family:Child")
+ FAMILY_CHILD("family:Child"),
+ @XmlEnumValue("family:Sibling")
+ FAMILY_SIBLING("family:Sibling"),
+ @XmlEnumValue("family:Grandparent")
+ FAMILY_GRANDPARENT("family:Grandparent"),
+ @XmlEnumValue("family:Grandchild")
+ FAMILY_GRANDCHILD("family:Grandchild"),
+ @XmlEnumValue("family:Spouse")
+ FAMILY_SPOUSE("family:Spouse"),
+ @XmlEnumValue("function:LegalGuardian")
+ FUNCTION_LEGAL_GUARDIAN("function:LegalGuardian"),
+ @XmlEnumValue("function:IsGuardedBy")
+ FUNCTION_IS_GUARDED_BY("function:IsGuardedBy"),
+ @XmlEnumValue("function:Cohabitant")
+ FUNCTION_COHABITANT("function:Cohabitant");
+ private final String value;
+
+ DefinedRelationType(String v) {
+ value = v;
+ }
+
+ public String value() {
+ return value;
+ }
+
+ public static DefinedRelationType fromValue(String v) {
+ for (DefinedRelationType c: DefinedRelationType.values()) {
+ if (c.value.equals(v)) {
+ return c;
+ }
+ }
+ throw new IllegalArgumentException(v);
+ }
+
+}
diff --git a/id/server/idserverlib/src/main/java/at/gv/e_government/reference/namespace/persondata/_20020228_/IdentificationType.java b/id/server/idserverlib/src/main/java/at/gv/e_government/reference/namespace/persondata/_20020228_/IdentificationType.java
new file mode 100644
index 000000000..d9f6541b3
--- /dev/null
+++ b/id/server/idserverlib/src/main/java/at/gv/e_government/reference/namespace/persondata/_20020228_/IdentificationType.java
@@ -0,0 +1,318 @@
+//
+// This file was generated by the JavaTM Architecture for XML Binding(JAXB) Reference Implementation, vJAXB 2.1.10 in JDK 6
+// See <a href="http://java.sun.com/xml/jaxb">http://java.sun.com/xml/jaxb</a>
+// Any modifications to this file will be lost upon recompilation of the source schema.
+// Generated on: 2013.06.19 at 11:53:10 AM CEST
+//
+
+
+package at.gv.e_government.reference.namespace.persondata._20020228_;
+
+import java.util.ArrayList;
+import java.util.HashMap;
+import java.util.List;
+import java.util.Map;
+import javax.xml.bind.annotation.XmlAccessType;
+import javax.xml.bind.annotation.XmlAccessorType;
+import javax.xml.bind.annotation.XmlAnyAttribute;
+import javax.xml.bind.annotation.XmlAnyElement;
+import javax.xml.bind.annotation.XmlAttribute;
+import javax.xml.bind.annotation.XmlElement;
+import javax.xml.bind.annotation.XmlID;
+import javax.xml.bind.annotation.XmlSchemaType;
+import javax.xml.bind.annotation.XmlType;
+import javax.xml.bind.annotation.XmlValue;
+import javax.xml.bind.annotation.adapters.CollapsedStringAdapter;
+import javax.xml.bind.annotation.adapters.XmlJavaTypeAdapter;
+import javax.xml.namespace.QName;
+import org.w3c.dom.Element;
+
+
+/**
+ * unique identifier
+ *
+ * <p>Java class for IdentificationType complex type.
+ *
+ * <p>The following schema fragment specifies the expected content contained within this class.
+ *
+ * <pre>
+ * &lt;complexType name="IdentificationType">
+ * &lt;complexContent>
+ * &lt;restriction base="{http://www.w3.org/2001/XMLSchema}anyType">
+ * &lt;sequence>
+ * &lt;element name="Value">
+ * &lt;complexType>
+ * &lt;simpleContent>
+ * &lt;extension base="&lt;http://www.w3.org/2001/XMLSchema>string">
+ * &lt;attribute name="Id" type="{http://www.w3.org/2001/XMLSchema}ID" />
+ * &lt;/extension>
+ * &lt;/simpleContent>
+ * &lt;/complexType>
+ * &lt;/element>
+ * &lt;element name="Type" type="{http://www.w3.org/2001/XMLSchema}anyURI"/>
+ * &lt;element name="Authority" type="{http://www.w3.org/2001/XMLSchema}anyURI" minOccurs="0"/>
+ * &lt;any processContents='lax' namespace='##other' maxOccurs="unbounded" minOccurs="0"/>
+ * &lt;/sequence>
+ * &lt;attribute name="Id" type="{http://www.w3.org/2001/XMLSchema}ID" />
+ * &lt;anyAttribute namespace='##other'/>
+ * &lt;/restriction>
+ * &lt;/complexContent>
+ * &lt;/complexType>
+ * </pre>
+ *
+ *
+ */
+@XmlAccessorType(XmlAccessType.FIELD)
+@XmlType(name = "IdentificationType", propOrder = {
+ "value",
+ "type",
+ "authority",
+ "any"
+})
+public class IdentificationType {
+
+ @XmlElement(name = "Value", required = true)
+ protected IdentificationType.Value value;
+ @XmlElement(name = "Type", required = true)
+ @XmlSchemaType(name = "anyURI")
+ protected String type;
+ @XmlElement(name = "Authority")
+ @XmlSchemaType(name = "anyURI")
+ protected String authority;
+ @XmlAnyElement(lax = true)
+ protected List<Object> any;
+ @XmlAttribute(name = "Id")
+ @XmlJavaTypeAdapter(CollapsedStringAdapter.class)
+ @XmlID
+ @XmlSchemaType(name = "ID")
+ protected String id;
+ @XmlAnyAttribute
+ private Map<QName, String> otherAttributes = new HashMap<QName, String>();
+
+ /**
+ * Gets the value of the value property.
+ *
+ * @return
+ * possible object is
+ * {@link IdentificationType.Value }
+ *
+ */
+ public IdentificationType.Value getValue() {
+ return value;
+ }
+
+ /**
+ * Sets the value of the value property.
+ *
+ * @param value
+ * allowed object is
+ * {@link IdentificationType.Value }
+ *
+ */
+ public void setValue(IdentificationType.Value value) {
+ this.value = value;
+ }
+
+ /**
+ * Gets the value of the type property.
+ *
+ * @return
+ * possible object is
+ * {@link String }
+ *
+ */
+ public String getType() {
+ return type;
+ }
+
+ /**
+ * Sets the value of the type property.
+ *
+ * @param value
+ * allowed object is
+ * {@link String }
+ *
+ */
+ public void setType(String value) {
+ this.type = value;
+ }
+
+ /**
+ * Gets the value of the authority property.
+ *
+ * @return
+ * possible object is
+ * {@link String }
+ *
+ */
+ public String getAuthority() {
+ return authority;
+ }
+
+ /**
+ * Sets the value of the authority property.
+ *
+ * @param value
+ * allowed object is
+ * {@link String }
+ *
+ */
+ public void setAuthority(String value) {
+ this.authority = value;
+ }
+
+ /**
+ * Gets the value of the any property.
+ *
+ * <p>
+ * This accessor method returns a reference to the live list,
+ * not a snapshot. Therefore any modification you make to the
+ * returned list will be present inside the JAXB object.
+ * This is why there is not a <CODE>set</CODE> method for the any property.
+ *
+ * <p>
+ * For example, to add a new item, do as follows:
+ * <pre>
+ * getAny().add(newItem);
+ * </pre>
+ *
+ *
+ * <p>
+ * Objects of the following type(s) are allowed in the list
+ * {@link Element }
+ * {@link Object }
+ *
+ *
+ */
+ public List<Object> getAny() {
+ if (any == null) {
+ any = new ArrayList<Object>();
+ }
+ return this.any;
+ }
+
+ /**
+ * Gets the value of the id property.
+ *
+ * @return
+ * possible object is
+ * {@link String }
+ *
+ */
+ public String getId() {
+ return id;
+ }
+
+ /**
+ * Sets the value of the id property.
+ *
+ * @param value
+ * allowed object is
+ * {@link String }
+ *
+ */
+ public void setId(String value) {
+ this.id = value;
+ }
+
+ /**
+ * Gets a map that contains attributes that aren't bound to any typed property on this class.
+ *
+ * <p>
+ * the map is keyed by the name of the attribute and
+ * the value is the string value of the attribute.
+ *
+ * the map returned by this method is live, and you can add new attribute
+ * by updating the map directly. Because of this design, there's no setter.
+ *
+ *
+ * @return
+ * always non-null
+ */
+ public Map<QName, String> getOtherAttributes() {
+ return otherAttributes;
+ }
+
+
+ /**
+ * <p>Java class for anonymous complex type.
+ *
+ * <p>The following schema fragment specifies the expected content contained within this class.
+ *
+ * <pre>
+ * &lt;complexType>
+ * &lt;simpleContent>
+ * &lt;extension base="&lt;http://www.w3.org/2001/XMLSchema>string">
+ * &lt;attribute name="Id" type="{http://www.w3.org/2001/XMLSchema}ID" />
+ * &lt;/extension>
+ * &lt;/simpleContent>
+ * &lt;/complexType>
+ * </pre>
+ *
+ *
+ */
+ @XmlAccessorType(XmlAccessType.FIELD)
+ @XmlType(name = "", propOrder = {
+ "value"
+ })
+ public static class Value {
+
+ @XmlValue
+ protected String value;
+ @XmlAttribute(name = "Id")
+ @XmlJavaTypeAdapter(CollapsedStringAdapter.class)
+ @XmlID
+ @XmlSchemaType(name = "ID")
+ protected String id;
+
+ /**
+ * Gets the value of the value property.
+ *
+ * @return
+ * possible object is
+ * {@link String }
+ *
+ */
+ public String getValue() {
+ return value;
+ }
+
+ /**
+ * Sets the value of the value property.
+ *
+ * @param value
+ * allowed object is
+ * {@link String }
+ *
+ */
+ public void setValue(String value) {
+ this.value = value;
+ }
+
+ /**
+ * Gets the value of the id property.
+ *
+ * @return
+ * possible object is
+ * {@link String }
+ *
+ */
+ public String getId() {
+ return id;
+ }
+
+ /**
+ * Sets the value of the id property.
+ *
+ * @param value
+ * allowed object is
+ * {@link String }
+ *
+ */
+ public void setId(String value) {
+ this.id = value;
+ }
+
+ }
+
+}
diff --git a/id/server/idserverlib/src/main/java/at/gv/e_government/reference/namespace/persondata/_20020228_/InternetAddressType.java b/id/server/idserverlib/src/main/java/at/gv/e_government/reference/namespace/persondata/_20020228_/InternetAddressType.java
new file mode 100644
index 000000000..be59e85a8
--- /dev/null
+++ b/id/server/idserverlib/src/main/java/at/gv/e_government/reference/namespace/persondata/_20020228_/InternetAddressType.java
@@ -0,0 +1,143 @@
+//
+// This file was generated by the JavaTM Architecture for XML Binding(JAXB) Reference Implementation, vJAXB 2.1.10 in JDK 6
+// See <a href="http://java.sun.com/xml/jaxb">http://java.sun.com/xml/jaxb</a>
+// Any modifications to this file will be lost upon recompilation of the source schema.
+// Generated on: 2013.06.19 at 11:53:10 AM CEST
+//
+
+
+package at.gv.e_government.reference.namespace.persondata._20020228_;
+
+import java.util.ArrayList;
+import java.util.List;
+import javax.xml.bind.annotation.XmlAccessType;
+import javax.xml.bind.annotation.XmlAccessorType;
+import javax.xml.bind.annotation.XmlAnyElement;
+import javax.xml.bind.annotation.XmlElement;
+import javax.xml.bind.annotation.XmlSchemaType;
+import javax.xml.bind.annotation.XmlType;
+import org.w3._2000._09.xmldsig_.KeyInfoType;
+import org.w3c.dom.Element;
+
+
+/**
+ * internet based communication
+ *
+ * <p>Java class for InternetAddressType complex type.
+ *
+ * <p>The following schema fragment specifies the expected content contained within this class.
+ *
+ * <pre>
+ * &lt;complexType name="InternetAddressType">
+ * &lt;complexContent>
+ * &lt;extension base="{http://reference.e-government.gv.at/namespace/persondata/20020228#}AbstractAddressType">
+ * &lt;sequence minOccurs="0">
+ * &lt;element ref="{http://www.w3.org/2000/09/xmldsig#}KeyInfo" minOccurs="0"/>
+ * &lt;element name="Address" type="{http://www.w3.org/2001/XMLSchema}anyURI"/>
+ * &lt;any processContents='lax' namespace='##other' maxOccurs="unbounded" minOccurs="0"/>
+ * &lt;/sequence>
+ * &lt;anyAttribute namespace='##other'/>
+ * &lt;/extension>
+ * &lt;/complexContent>
+ * &lt;/complexType>
+ * </pre>
+ *
+ *
+ */
+@XmlAccessorType(XmlAccessType.FIELD)
+@XmlType(name = "InternetAddressType", propOrder = {
+ "keyInfo",
+ "address",
+ "any"
+})
+public class InternetAddressType
+ extends AbstractAddressType
+{
+
+ @XmlElement(name = "KeyInfo", namespace = "http://www.w3.org/2000/09/xmldsig#")
+ protected KeyInfoType keyInfo;
+ @XmlElement(name = "Address")
+ @XmlSchemaType(name = "anyURI")
+ protected String address;
+ @XmlAnyElement(lax = true)
+ protected List<Object> any;
+
+ /**
+ * certificate for secure communication
+ *
+ * @return
+ * possible object is
+ * {@link KeyInfoType }
+ *
+ */
+ public KeyInfoType getKeyInfo() {
+ return keyInfo;
+ }
+
+ /**
+ * Sets the value of the keyInfo property.
+ *
+ * @param value
+ * allowed object is
+ * {@link KeyInfoType }
+ *
+ */
+ public void setKeyInfo(KeyInfoType value) {
+ this.keyInfo = value;
+ }
+
+ /**
+ * Gets the value of the address property.
+ *
+ * @return
+ * possible object is
+ * {@link String }
+ *
+ */
+ public String getAddress() {
+ return address;
+ }
+
+ /**
+ * Sets the value of the address property.
+ *
+ * @param value
+ * allowed object is
+ * {@link String }
+ *
+ */
+ public void setAddress(String value) {
+ this.address = value;
+ }
+
+ /**
+ * Gets the value of the any property.
+ *
+ * <p>
+ * This accessor method returns a reference to the live list,
+ * not a snapshot. Therefore any modification you make to the
+ * returned list will be present inside the JAXB object.
+ * This is why there is not a <CODE>set</CODE> method for the any property.
+ *
+ * <p>
+ * For example, to add a new item, do as follows:
+ * <pre>
+ * getAny().add(newItem);
+ * </pre>
+ *
+ *
+ * <p>
+ * Objects of the following type(s) are allowed in the list
+ * {@link Element }
+ * {@link Object }
+ *
+ *
+ */
+ public List<Object> getAny() {
+ if (any == null) {
+ any = new ArrayList<Object>();
+ }
+ return this.any;
+ }
+
+}
diff --git a/id/server/idserverlib/src/main/java/at/gv/e_government/reference/namespace/persondata/_20020228_/MaritalStatusType.java b/id/server/idserverlib/src/main/java/at/gv/e_government/reference/namespace/persondata/_20020228_/MaritalStatusType.java
new file mode 100644
index 000000000..fa2130290
--- /dev/null
+++ b/id/server/idserverlib/src/main/java/at/gv/e_government/reference/namespace/persondata/_20020228_/MaritalStatusType.java
@@ -0,0 +1,64 @@
+//
+// This file was generated by the JavaTM Architecture for XML Binding(JAXB) Reference Implementation, vJAXB 2.1.10 in JDK 6
+// See <a href="http://java.sun.com/xml/jaxb">http://java.sun.com/xml/jaxb</a>
+// Any modifications to this file will be lost upon recompilation of the source schema.
+// Generated on: 2013.06.19 at 11:53:10 AM CEST
+//
+
+
+package at.gv.e_government.reference.namespace.persondata._20020228_;
+
+import javax.xml.bind.annotation.XmlEnum;
+import javax.xml.bind.annotation.XmlEnumValue;
+import javax.xml.bind.annotation.XmlType;
+
+
+/**
+ * <p>Java class for MaritalStatusType.
+ *
+ * <p>The following schema fragment specifies the expected content contained within this class.
+ * <p>
+ * <pre>
+ * &lt;simpleType name="MaritalStatusType">
+ * &lt;restriction base="{http://www.w3.org/2001/XMLSchema}token">
+ * &lt;enumeration value="single"/>
+ * &lt;enumeration value="married"/>
+ * &lt;enumeration value="divorced"/>
+ * &lt;enumeration value="widowed"/>
+ * &lt;/restriction>
+ * &lt;/simpleType>
+ * </pre>
+ *
+ */
+@XmlType(name = "MaritalStatusType")
+@XmlEnum
+public enum MaritalStatusType {
+
+ @XmlEnumValue("single")
+ SINGLE("single"),
+ @XmlEnumValue("married")
+ MARRIED("married"),
+ @XmlEnumValue("divorced")
+ DIVORCED("divorced"),
+ @XmlEnumValue("widowed")
+ WIDOWED("widowed");
+ private final String value;
+
+ MaritalStatusType(String v) {
+ value = v;
+ }
+
+ public String value() {
+ return value;
+ }
+
+ public static MaritalStatusType fromValue(String v) {
+ for (MaritalStatusType c: MaritalStatusType.values()) {
+ if (c.value.equals(v)) {
+ return c;
+ }
+ }
+ throw new IllegalArgumentException(v);
+ }
+
+}
diff --git a/id/server/idserverlib/src/main/java/at/gv/e_government/reference/namespace/persondata/_20020228_/MobileTelcomNumberType.java b/id/server/idserverlib/src/main/java/at/gv/e_government/reference/namespace/persondata/_20020228_/MobileTelcomNumberType.java
new file mode 100644
index 000000000..7a361f12d
--- /dev/null
+++ b/id/server/idserverlib/src/main/java/at/gv/e_government/reference/namespace/persondata/_20020228_/MobileTelcomNumberType.java
@@ -0,0 +1,67 @@
+//
+// This file was generated by the JavaTM Architecture for XML Binding(JAXB) Reference Implementation, vJAXB 2.1.10 in JDK 6
+// See <a href="http://java.sun.com/xml/jaxb">http://java.sun.com/xml/jaxb</a>
+// Any modifications to this file will be lost upon recompilation of the source schema.
+// Generated on: 2013.06.19 at 11:53:10 AM CEST
+//
+
+
+package at.gv.e_government.reference.namespace.persondata._20020228_;
+
+import javax.xml.bind.annotation.XmlAccessType;
+import javax.xml.bind.annotation.XmlAccessorType;
+import javax.xml.bind.annotation.XmlAttribute;
+import javax.xml.bind.annotation.XmlType;
+
+
+/**
+ * <p>Java class for MobileTelcomNumberType complex type.
+ *
+ * <p>The following schema fragment specifies the expected content contained within this class.
+ *
+ * <pre>
+ * &lt;complexType name="MobileTelcomNumberType">
+ * &lt;complexContent>
+ * &lt;extension base="{http://reference.e-government.gv.at/namespace/persondata/20020228#}TelcomNumberType">
+ * &lt;attribute name="smsEnabled" type="{http://www.w3.org/2001/XMLSchema}boolean" />
+ * &lt;/extension>
+ * &lt;/complexContent>
+ * &lt;/complexType>
+ * </pre>
+ *
+ *
+ */
+@XmlAccessorType(XmlAccessType.FIELD)
+@XmlType(name = "MobileTelcomNumberType")
+public class MobileTelcomNumberType
+ extends TelcomNumberType
+{
+
+ @XmlAttribute
+ protected Boolean smsEnabled;
+
+ /**
+ * Gets the value of the smsEnabled property.
+ *
+ * @return
+ * possible object is
+ * {@link Boolean }
+ *
+ */
+ public Boolean isSmsEnabled() {
+ return smsEnabled;
+ }
+
+ /**
+ * Sets the value of the smsEnabled property.
+ *
+ * @param value
+ * allowed object is
+ * {@link Boolean }
+ *
+ */
+ public void setSmsEnabled(Boolean value) {
+ this.smsEnabled = value;
+ }
+
+}
diff --git a/id/server/idserverlib/src/main/java/at/gv/e_government/reference/namespace/persondata/_20020228_/ObjectFactory.java b/id/server/idserverlib/src/main/java/at/gv/e_government/reference/namespace/persondata/_20020228_/ObjectFactory.java
new file mode 100644
index 000000000..07cb0c099
--- /dev/null
+++ b/id/server/idserverlib/src/main/java/at/gv/e_government/reference/namespace/persondata/_20020228_/ObjectFactory.java
@@ -0,0 +1,420 @@
+//
+// This file was generated by the JavaTM Architecture for XML Binding(JAXB) Reference Implementation, vJAXB 2.1.10 in JDK 6
+// See <a href="http://java.sun.com/xml/jaxb">http://java.sun.com/xml/jaxb</a>
+// Any modifications to this file will be lost upon recompilation of the source schema.
+// Generated on: 2013.06.19 at 11:53:10 AM CEST
+//
+
+
+package at.gv.e_government.reference.namespace.persondata._20020228_;
+
+import javax.xml.bind.JAXBElement;
+import javax.xml.bind.annotation.XmlElementDecl;
+import javax.xml.bind.annotation.XmlRegistry;
+import javax.xml.namespace.QName;
+
+
+/**
+ * This object contains factory methods for each
+ * Java content interface and Java element interface
+ * generated in the at.gv.e_government.reference.namespace.persondata._20020228_ package.
+ * <p>An ObjectFactory allows you to programatically
+ * construct new instances of the Java representation
+ * for XML content. The Java representation of XML
+ * content can consist of schema derived interfaces
+ * and classes representing the binding of schema
+ * type definitions, element declarations and model
+ * groups. Factory methods for each of these are
+ * provided in this class.
+ *
+ */
+@XmlRegistry
+public class ObjectFactory {
+
+ private final static QName _TypedPostalAddress_QNAME = new QName("http://reference.e-government.gv.at/namespace/persondata/20020228#", "TypedPostalAddress");
+ private final static QName _Extension_QNAME = new QName("http://reference.e-government.gv.at/namespace/persondata/20020228#", "Extension");
+ private final static QName _Mobile_QNAME = new QName("http://reference.e-government.gv.at/namespace/persondata/20020228#", "Mobile");
+ private final static QName _AreaCityCode_QNAME = new QName("http://reference.e-government.gv.at/namespace/persondata/20020228#", "AreaCityCode");
+ private final static QName _TTYTDD_QNAME = new QName("http://reference.e-government.gv.at/namespace/persondata/20020228#", "TTYTDD");
+ private final static QName _PersonName_QNAME = new QName("http://reference.e-government.gv.at/namespace/persondata/20020228#", "PersonName");
+ private final static QName _InternetAddress_QNAME = new QName("http://reference.e-government.gv.at/namespace/persondata/20020228#", "InternetAddress");
+ private final static QName _InternationalCountryCode_QNAME = new QName("http://reference.e-government.gv.at/namespace/persondata/20020228#", "InternationalCountryCode");
+ private final static QName _Pager_QNAME = new QName("http://reference.e-government.gv.at/namespace/persondata/20020228#", "Pager");
+ private final static QName _PersonData_QNAME = new QName("http://reference.e-government.gv.at/namespace/persondata/20020228#", "PersonData");
+ private final static QName _SubscriberNumber_QNAME = new QName("http://reference.e-government.gv.at/namespace/persondata/20020228#", "SubscriberNumber");
+ private final static QName _NationalNumber_QNAME = new QName("http://reference.e-government.gv.at/namespace/persondata/20020228#", "NationalNumber");
+ private final static QName _PhysicalPerson_QNAME = new QName("http://reference.e-government.gv.at/namespace/persondata/20020228#", "PhysicalPerson");
+ private final static QName _CorporateBody_QNAME = new QName("http://reference.e-government.gv.at/namespace/persondata/20020228#", "CorporateBody");
+ private final static QName _Telephone_QNAME = new QName("http://reference.e-government.gv.at/namespace/persondata/20020228#", "Telephone");
+ private final static QName _Address_QNAME = new QName("http://reference.e-government.gv.at/namespace/persondata/20020228#", "Address");
+ private final static QName _Person_QNAME = new QName("http://reference.e-government.gv.at/namespace/persondata/20020228#", "Person");
+ private final static QName _Fax_QNAME = new QName("http://reference.e-government.gv.at/namespace/persondata/20020228#", "Fax");
+ private final static QName _PostalAddress_QNAME = new QName("http://reference.e-government.gv.at/namespace/persondata/20020228#", "PostalAddress");
+ private final static QName _TelephoneAddress_QNAME = new QName("http://reference.e-government.gv.at/namespace/persondata/20020228#", "TelephoneAddress");
+ private final static QName _FormattedNumber_QNAME = new QName("http://reference.e-government.gv.at/namespace/persondata/20020228#", "FormattedNumber");
+
+ /**
+ * Create a new ObjectFactory that can be used to create new instances of schema derived classes for package: at.gv.e_government.reference.namespace.persondata._20020228_
+ *
+ */
+ public ObjectFactory() {
+ }
+
+ /**
+ * Create an instance of {@link TelephoneAddressType }
+ *
+ */
+ public TelephoneAddressType createTelephoneAddressType() {
+ return new TelephoneAddressType();
+ }
+
+ /**
+ * Create an instance of {@link PersonNameType.FamilyName }
+ *
+ */
+ public PersonNameType.FamilyName createPersonNameTypeFamilyName() {
+ return new PersonNameType.FamilyName();
+ }
+
+ /**
+ * Create an instance of {@link PersonNameType.FormattedName }
+ *
+ */
+ public PersonNameType.FormattedName createPersonNameTypeFormattedName() {
+ return new PersonNameType.FormattedName();
+ }
+
+ /**
+ * Create an instance of {@link PostalAddressType.DeliveryAddress }
+ *
+ */
+ public PostalAddressType.DeliveryAddress createPostalAddressTypeDeliveryAddress() {
+ return new PostalAddressType.DeliveryAddress();
+ }
+
+ /**
+ * Create an instance of {@link TypedPostalAddressType }
+ *
+ */
+ public TypedPostalAddressType createTypedPostalAddressType() {
+ return new TypedPostalAddressType();
+ }
+
+ /**
+ * Create an instance of {@link MobileTelcomNumberType }
+ *
+ */
+ public MobileTelcomNumberType createMobileTelcomNumberType() {
+ return new MobileTelcomNumberType();
+ }
+
+ /**
+ * Create an instance of {@link PersonDataType.AdditionalData }
+ *
+ */
+ public PersonDataType.AdditionalData createPersonDataTypeAdditionalData() {
+ return new PersonDataType.AdditionalData();
+ }
+
+ /**
+ * Create an instance of {@link PostalAddressType.Recipient }
+ *
+ */
+ public PostalAddressType.Recipient createPostalAddressTypeRecipient() {
+ return new PostalAddressType.Recipient();
+ }
+
+ /**
+ * Create an instance of {@link PersonDataType }
+ *
+ */
+ public PersonDataType createPersonDataType() {
+ return new PersonDataType();
+ }
+
+ /**
+ * Create an instance of {@link PhysicalPersonType }
+ *
+ */
+ public PhysicalPersonType createPhysicalPersonType() {
+ return new PhysicalPersonType();
+ }
+
+ /**
+ * Create an instance of {@link TelcomNumberType }
+ *
+ */
+ public TelcomNumberType createTelcomNumberType() {
+ return new TelcomNumberType();
+ }
+
+ /**
+ * Create an instance of {@link PhysicalPersonType.RelatedPerson }
+ *
+ */
+ public PhysicalPersonType.RelatedPerson createPhysicalPersonTypeRelatedPerson() {
+ return new PhysicalPersonType.RelatedPerson();
+ }
+
+ /**
+ * Create an instance of {@link PostalAddressType }
+ *
+ */
+ public PostalAddressType createPostalAddressType() {
+ return new PostalAddressType();
+ }
+
+ /**
+ * Create an instance of {@link TelcomNumberListType }
+ *
+ */
+ public TelcomNumberListType createTelcomNumberListType() {
+ return new TelcomNumberListType();
+ }
+
+ /**
+ * Create an instance of {@link PersonNameType }
+ *
+ */
+ public PersonNameType createPersonNameType() {
+ return new PersonNameType();
+ }
+
+ /**
+ * Create an instance of {@link PhysicalPersonType.AlternativeName }
+ *
+ */
+ public PhysicalPersonType.AlternativeName createPhysicalPersonTypeAlternativeName() {
+ return new PhysicalPersonType.AlternativeName();
+ }
+
+ /**
+ * Create an instance of {@link PersonNameType.Affix }
+ *
+ */
+ public PersonNameType.Affix createPersonNameTypeAffix() {
+ return new PersonNameType.Affix();
+ }
+
+ /**
+ * Create an instance of {@link IdentificationType.Value }
+ *
+ */
+ public IdentificationType.Value createIdentificationTypeValue() {
+ return new IdentificationType.Value();
+ }
+
+ /**
+ * Create an instance of {@link IdentificationType }
+ *
+ */
+ public IdentificationType createIdentificationType() {
+ return new IdentificationType();
+ }
+
+ /**
+ * Create an instance of {@link InternetAddressType }
+ *
+ */
+ public InternetAddressType createInternetAddressType() {
+ return new InternetAddressType();
+ }
+
+ /**
+ * Create an instance of {@link CorporateBodyType }
+ *
+ */
+ public CorporateBodyType createCorporateBodyType() {
+ return new CorporateBodyType();
+ }
+
+ /**
+ * Create an instance of {@link JAXBElement }{@code <}{@link TypedPostalAddressType }{@code >}}
+ *
+ */
+ @XmlElementDecl(namespace = "http://reference.e-government.gv.at/namespace/persondata/20020228#", name = "TypedPostalAddress")
+ public JAXBElement<TypedPostalAddressType> createTypedPostalAddress(TypedPostalAddressType value) {
+ return new JAXBElement<TypedPostalAddressType>(_TypedPostalAddress_QNAME, TypedPostalAddressType.class, null, value);
+ }
+
+ /**
+ * Create an instance of {@link JAXBElement }{@code <}{@link String }{@code >}}
+ *
+ */
+ @XmlElementDecl(namespace = "http://reference.e-government.gv.at/namespace/persondata/20020228#", name = "Extension")
+ public JAXBElement<String> createExtension(String value) {
+ return new JAXBElement<String>(_Extension_QNAME, String.class, null, value);
+ }
+
+ /**
+ * Create an instance of {@link JAXBElement }{@code <}{@link MobileTelcomNumberType }{@code >}}
+ *
+ */
+ @XmlElementDecl(namespace = "http://reference.e-government.gv.at/namespace/persondata/20020228#", name = "Mobile")
+ public JAXBElement<MobileTelcomNumberType> createMobile(MobileTelcomNumberType value) {
+ return new JAXBElement<MobileTelcomNumberType>(_Mobile_QNAME, MobileTelcomNumberType.class, null, value);
+ }
+
+ /**
+ * Create an instance of {@link JAXBElement }{@code <}{@link String }{@code >}}
+ *
+ */
+ @XmlElementDecl(namespace = "http://reference.e-government.gv.at/namespace/persondata/20020228#", name = "AreaCityCode")
+ public JAXBElement<String> createAreaCityCode(String value) {
+ return new JAXBElement<String>(_AreaCityCode_QNAME, String.class, null, value);
+ }
+
+ /**
+ * Create an instance of {@link JAXBElement }{@code <}{@link TelcomNumberType }{@code >}}
+ *
+ */
+ @XmlElementDecl(namespace = "http://reference.e-government.gv.at/namespace/persondata/20020228#", name = "TTYTDD")
+ public JAXBElement<TelcomNumberType> createTTYTDD(TelcomNumberType value) {
+ return new JAXBElement<TelcomNumberType>(_TTYTDD_QNAME, TelcomNumberType.class, null, value);
+ }
+
+ /**
+ * Create an instance of {@link JAXBElement }{@code <}{@link PersonNameType }{@code >}}
+ *
+ */
+ @XmlElementDecl(namespace = "http://reference.e-government.gv.at/namespace/persondata/20020228#", name = "PersonName")
+ public JAXBElement<PersonNameType> createPersonName(PersonNameType value) {
+ return new JAXBElement<PersonNameType>(_PersonName_QNAME, PersonNameType.class, null, value);
+ }
+
+ /**
+ * Create an instance of {@link JAXBElement }{@code <}{@link InternetAddressType }{@code >}}
+ *
+ */
+ @XmlElementDecl(namespace = "http://reference.e-government.gv.at/namespace/persondata/20020228#", name = "InternetAddress")
+ public JAXBElement<InternetAddressType> createInternetAddress(InternetAddressType value) {
+ return new JAXBElement<InternetAddressType>(_InternetAddress_QNAME, InternetAddressType.class, null, value);
+ }
+
+ /**
+ * Create an instance of {@link JAXBElement }{@code <}{@link String }{@code >}}
+ *
+ */
+ @XmlElementDecl(namespace = "http://reference.e-government.gv.at/namespace/persondata/20020228#", name = "InternationalCountryCode")
+ public JAXBElement<String> createInternationalCountryCode(String value) {
+ return new JAXBElement<String>(_InternationalCountryCode_QNAME, String.class, null, value);
+ }
+
+ /**
+ * Create an instance of {@link JAXBElement }{@code <}{@link TelcomNumberType }{@code >}}
+ *
+ */
+ @XmlElementDecl(namespace = "http://reference.e-government.gv.at/namespace/persondata/20020228#", name = "Pager")
+ public JAXBElement<TelcomNumberType> createPager(TelcomNumberType value) {
+ return new JAXBElement<TelcomNumberType>(_Pager_QNAME, TelcomNumberType.class, null, value);
+ }
+
+ /**
+ * Create an instance of {@link JAXBElement }{@code <}{@link PersonDataType }{@code >}}
+ *
+ */
+ @XmlElementDecl(namespace = "http://reference.e-government.gv.at/namespace/persondata/20020228#", name = "PersonData")
+ public JAXBElement<PersonDataType> createPersonData(PersonDataType value) {
+ return new JAXBElement<PersonDataType>(_PersonData_QNAME, PersonDataType.class, null, value);
+ }
+
+ /**
+ * Create an instance of {@link JAXBElement }{@code <}{@link String }{@code >}}
+ *
+ */
+ @XmlElementDecl(namespace = "http://reference.e-government.gv.at/namespace/persondata/20020228#", name = "SubscriberNumber")
+ public JAXBElement<String> createSubscriberNumber(String value) {
+ return new JAXBElement<String>(_SubscriberNumber_QNAME, String.class, null, value);
+ }
+
+ /**
+ * Create an instance of {@link JAXBElement }{@code <}{@link String }{@code >}}
+ *
+ */
+ @XmlElementDecl(namespace = "http://reference.e-government.gv.at/namespace/persondata/20020228#", name = "NationalNumber")
+ public JAXBElement<String> createNationalNumber(String value) {
+ return new JAXBElement<String>(_NationalNumber_QNAME, String.class, null, value);
+ }
+
+ /**
+ * Create an instance of {@link JAXBElement }{@code <}{@link PhysicalPersonType }{@code >}}
+ *
+ */
+ @XmlElementDecl(namespace = "http://reference.e-government.gv.at/namespace/persondata/20020228#", name = "PhysicalPerson")
+ public JAXBElement<PhysicalPersonType> createPhysicalPerson(PhysicalPersonType value) {
+ return new JAXBElement<PhysicalPersonType>(_PhysicalPerson_QNAME, PhysicalPersonType.class, null, value);
+ }
+
+ /**
+ * Create an instance of {@link JAXBElement }{@code <}{@link CorporateBodyType }{@code >}}
+ *
+ */
+ @XmlElementDecl(namespace = "http://reference.e-government.gv.at/namespace/persondata/20020228#", name = "CorporateBody")
+ public JAXBElement<CorporateBodyType> createCorporateBody(CorporateBodyType value) {
+ return new JAXBElement<CorporateBodyType>(_CorporateBody_QNAME, CorporateBodyType.class, null, value);
+ }
+
+ /**
+ * Create an instance of {@link JAXBElement }{@code <}{@link TelcomNumberType }{@code >}}
+ *
+ */
+ @XmlElementDecl(namespace = "http://reference.e-government.gv.at/namespace/persondata/20020228#", name = "Telephone")
+ public JAXBElement<TelcomNumberType> createTelephone(TelcomNumberType value) {
+ return new JAXBElement<TelcomNumberType>(_Telephone_QNAME, TelcomNumberType.class, null, value);
+ }
+
+ /**
+ * Create an instance of {@link JAXBElement }{@code <}{@link AbstractAddressType }{@code >}}
+ *
+ */
+ @XmlElementDecl(namespace = "http://reference.e-government.gv.at/namespace/persondata/20020228#", name = "Address")
+ public JAXBElement<AbstractAddressType> createAddress(AbstractAddressType value) {
+ return new JAXBElement<AbstractAddressType>(_Address_QNAME, AbstractAddressType.class, null, value);
+ }
+
+ /**
+ * Create an instance of {@link JAXBElement }{@code <}{@link AbstractPersonType }{@code >}}
+ *
+ */
+ @XmlElementDecl(namespace = "http://reference.e-government.gv.at/namespace/persondata/20020228#", name = "Person")
+ public JAXBElement<AbstractPersonType> createPerson(AbstractPersonType value) {
+ return new JAXBElement<AbstractPersonType>(_Person_QNAME, AbstractPersonType.class, null, value);
+ }
+
+ /**
+ * Create an instance of {@link JAXBElement }{@code <}{@link TelcomNumberType }{@code >}}
+ *
+ */
+ @XmlElementDecl(namespace = "http://reference.e-government.gv.at/namespace/persondata/20020228#", name = "Fax")
+ public JAXBElement<TelcomNumberType> createFax(TelcomNumberType value) {
+ return new JAXBElement<TelcomNumberType>(_Fax_QNAME, TelcomNumberType.class, null, value);
+ }
+
+ /**
+ * Create an instance of {@link JAXBElement }{@code <}{@link PostalAddressType }{@code >}}
+ *
+ */
+ @XmlElementDecl(namespace = "http://reference.e-government.gv.at/namespace/persondata/20020228#", name = "PostalAddress")
+ public JAXBElement<PostalAddressType> createPostalAddress(PostalAddressType value) {
+ return new JAXBElement<PostalAddressType>(_PostalAddress_QNAME, PostalAddressType.class, null, value);
+ }
+
+ /**
+ * Create an instance of {@link JAXBElement }{@code <}{@link TelephoneAddressType }{@code >}}
+ *
+ */
+ @XmlElementDecl(namespace = "http://reference.e-government.gv.at/namespace/persondata/20020228#", name = "TelephoneAddress")
+ public JAXBElement<TelephoneAddressType> createTelephoneAddress(TelephoneAddressType value) {
+ return new JAXBElement<TelephoneAddressType>(_TelephoneAddress_QNAME, TelephoneAddressType.class, null, value);
+ }
+
+ /**
+ * Create an instance of {@link JAXBElement }{@code <}{@link String }{@code >}}
+ *
+ */
+ @XmlElementDecl(namespace = "http://reference.e-government.gv.at/namespace/persondata/20020228#", name = "FormattedNumber")
+ public JAXBElement<String> createFormattedNumber(String value) {
+ return new JAXBElement<String>(_FormattedNumber_QNAME, String.class, null, value);
+ }
+
+}
diff --git a/id/server/idserverlib/src/main/java/at/gv/e_government/reference/namespace/persondata/_20020228_/PersonDataType.java b/id/server/idserverlib/src/main/java/at/gv/e_government/reference/namespace/persondata/_20020228_/PersonDataType.java
new file mode 100644
index 000000000..2d3cd9315
--- /dev/null
+++ b/id/server/idserverlib/src/main/java/at/gv/e_government/reference/namespace/persondata/_20020228_/PersonDataType.java
@@ -0,0 +1,247 @@
+//
+// This file was generated by the JavaTM Architecture for XML Binding(JAXB) Reference Implementation, vJAXB 2.1.10 in JDK 6
+// See <a href="http://java.sun.com/xml/jaxb">http://java.sun.com/xml/jaxb</a>
+// Any modifications to this file will be lost upon recompilation of the source schema.
+// Generated on: 2013.06.19 at 11:53:10 AM CEST
+//
+
+
+package at.gv.e_government.reference.namespace.persondata._20020228_;
+
+import java.util.ArrayList;
+import java.util.List;
+import javax.xml.bind.annotation.XmlAccessType;
+import javax.xml.bind.annotation.XmlAccessorType;
+import javax.xml.bind.annotation.XmlAnyElement;
+import javax.xml.bind.annotation.XmlElement;
+import javax.xml.bind.annotation.XmlMixed;
+import javax.xml.bind.annotation.XmlType;
+import org.w3._2000._09.xmldsig_.SignatureType;
+import org.w3c.dom.Element;
+
+
+/**
+ * signed person datastructure. The first Identification elements (from the base type) denote the record as such (e.g. database key for this record) - not to be mistaken for identifiers of the person or of an address (they have their own Identification elements).
+ *
+ * <p>Java class for PersonDataType complex type.
+ *
+ * <p>The following schema fragment specifies the expected content contained within this class.
+ *
+ * <pre>
+ * &lt;complexType name="PersonDataType">
+ * &lt;complexContent>
+ * &lt;extension base="{http://reference.e-government.gv.at/namespace/persondata/20020228#}AbstractPersonType">
+ * &lt;sequence>
+ * &lt;element ref="{http://reference.e-government.gv.at/namespace/persondata/20020228#}Person"/>
+ * &lt;element ref="{http://reference.e-government.gv.at/namespace/persondata/20020228#}Address" maxOccurs="unbounded" minOccurs="0"/>
+ * &lt;element ref="{http://www.w3.org/2000/09/xmldsig#}Signature" maxOccurs="unbounded" minOccurs="0"/>
+ * &lt;element name="AdditionalData" minOccurs="0">
+ * &lt;complexType>
+ * &lt;complexContent>
+ * &lt;restriction base="{http://www.w3.org/2001/XMLSchema}anyType">
+ * &lt;sequence maxOccurs="unbounded" minOccurs="0">
+ * &lt;any processContents='lax'/>
+ * &lt;/sequence>
+ * &lt;/restriction>
+ * &lt;/complexContent>
+ * &lt;/complexType>
+ * &lt;/element>
+ * &lt;/sequence>
+ * &lt;anyAttribute namespace='##other'/>
+ * &lt;/extension>
+ * &lt;/complexContent>
+ * &lt;/complexType>
+ * </pre>
+ *
+ *
+ */
+@XmlAccessorType(XmlAccessType.FIELD)
+@XmlType(name = "PersonDataType", propOrder = {
+ "person",
+ "address",
+ "signature",
+ "additionalData"
+})
+public class PersonDataType
+ extends AbstractPersonType
+{
+
+ @XmlElement(name = "Person", required = true)
+ protected AbstractPersonType person;
+ @XmlElement(name = "Address")
+ protected List<AbstractAddressType> address;
+ @XmlElement(name = "Signature", namespace = "http://www.w3.org/2000/09/xmldsig#")
+ protected List<SignatureType> signature;
+ @XmlElement(name = "AdditionalData")
+ protected PersonDataType.AdditionalData additionalData;
+
+ /**
+ * Gets the value of the person property.
+ *
+ * @return
+ * possible object is
+ * {@link AbstractPersonType }
+ *
+ */
+ public AbstractPersonType getPerson() {
+ return person;
+ }
+
+ /**
+ * Sets the value of the person property.
+ *
+ * @param value
+ * allowed object is
+ * {@link AbstractPersonType }
+ *
+ */
+ public void setPerson(AbstractPersonType value) {
+ this.person = value;
+ }
+
+ /**
+ * Gets the value of the address property.
+ *
+ * <p>
+ * This accessor method returns a reference to the live list,
+ * not a snapshot. Therefore any modification you make to the
+ * returned list will be present inside the JAXB object.
+ * This is why there is not a <CODE>set</CODE> method for the address property.
+ *
+ * <p>
+ * For example, to add a new item, do as follows:
+ * <pre>
+ * getAddress().add(newItem);
+ * </pre>
+ *
+ *
+ * <p>
+ * Objects of the following type(s) are allowed in the list
+ * {@link AbstractAddressType }
+ *
+ *
+ */
+ public List<AbstractAddressType> getAddress() {
+ if (address == null) {
+ address = new ArrayList<AbstractAddressType>();
+ }
+ return this.address;
+ }
+
+ /**
+ * one or more electronic signatures applied on fields above Gets the value of the signature property.
+ *
+ * <p>
+ * This accessor method returns a reference to the live list,
+ * not a snapshot. Therefore any modification you make to the
+ * returned list will be present inside the JAXB object.
+ * This is why there is not a <CODE>set</CODE> method for the signature property.
+ *
+ * <p>
+ * For example, to add a new item, do as follows:
+ * <pre>
+ * getSignature().add(newItem);
+ * </pre>
+ *
+ *
+ * <p>
+ * Objects of the following type(s) are allowed in the list
+ * {@link SignatureType }
+ *
+ *
+ */
+ public List<SignatureType> getSignature() {
+ if (signature == null) {
+ signature = new ArrayList<SignatureType>();
+ }
+ return this.signature;
+ }
+
+ /**
+ * Gets the value of the additionalData property.
+ *
+ * @return
+ * possible object is
+ * {@link PersonDataType.AdditionalData }
+ *
+ */
+ public PersonDataType.AdditionalData getAdditionalData() {
+ return additionalData;
+ }
+
+ /**
+ * Sets the value of the additionalData property.
+ *
+ * @param value
+ * allowed object is
+ * {@link PersonDataType.AdditionalData }
+ *
+ */
+ public void setAdditionalData(PersonDataType.AdditionalData value) {
+ this.additionalData = value;
+ }
+
+
+ /**
+ * <p>Java class for anonymous complex type.
+ *
+ * <p>The following schema fragment specifies the expected content contained within this class.
+ *
+ * <pre>
+ * &lt;complexType>
+ * &lt;complexContent>
+ * &lt;restriction base="{http://www.w3.org/2001/XMLSchema}anyType">
+ * &lt;sequence maxOccurs="unbounded" minOccurs="0">
+ * &lt;any processContents='lax'/>
+ * &lt;/sequence>
+ * &lt;/restriction>
+ * &lt;/complexContent>
+ * &lt;/complexType>
+ * </pre>
+ *
+ *
+ */
+ @XmlAccessorType(XmlAccessType.FIELD)
+ @XmlType(name = "", propOrder = {
+ "content"
+ })
+ public static class AdditionalData {
+
+ @XmlMixed
+ @XmlAnyElement(lax = true)
+ protected List<Object> content;
+
+ /**
+ * Gets the value of the content property.
+ *
+ * <p>
+ * This accessor method returns a reference to the live list,
+ * not a snapshot. Therefore any modification you make to the
+ * returned list will be present inside the JAXB object.
+ * This is why there is not a <CODE>set</CODE> method for the content property.
+ *
+ * <p>
+ * For example, to add a new item, do as follows:
+ * <pre>
+ * getContent().add(newItem);
+ * </pre>
+ *
+ *
+ * <p>
+ * Objects of the following type(s) are allowed in the list
+ * {@link String }
+ * {@link Element }
+ * {@link Object }
+ *
+ *
+ */
+ public List<Object> getContent() {
+ if (content == null) {
+ content = new ArrayList<Object>();
+ }
+ return this.content;
+ }
+
+ }
+
+}
diff --git a/id/server/idserverlib/src/main/java/at/gv/e_government/reference/namespace/persondata/_20020228_/PersonNameType.java b/id/server/idserverlib/src/main/java/at/gv/e_government/reference/namespace/persondata/_20020228_/PersonNameType.java
new file mode 100644
index 000000000..9e68a544c
--- /dev/null
+++ b/id/server/idserverlib/src/main/java/at/gv/e_government/reference/namespace/persondata/_20020228_/PersonNameType.java
@@ -0,0 +1,620 @@
+//
+// This file was generated by the JavaTM Architecture for XML Binding(JAXB) Reference Implementation, vJAXB 2.1.10 in JDK 6
+// See <a href="http://java.sun.com/xml/jaxb">http://java.sun.com/xml/jaxb</a>
+// Any modifications to this file will be lost upon recompilation of the source schema.
+// Generated on: 2013.06.19 at 11:53:10 AM CEST
+//
+
+
+package at.gv.e_government.reference.namespace.persondata._20020228_;
+
+import java.util.ArrayList;
+import java.util.List;
+import javax.xml.bind.annotation.XmlAccessType;
+import javax.xml.bind.annotation.XmlAccessorType;
+import javax.xml.bind.annotation.XmlAttribute;
+import javax.xml.bind.annotation.XmlElement;
+import javax.xml.bind.annotation.XmlSeeAlso;
+import javax.xml.bind.annotation.XmlType;
+import javax.xml.bind.annotation.XmlValue;
+
+
+/**
+ * <p>Java class for PersonNameType complex type.
+ *
+ * <p>The following schema fragment specifies the expected content contained within this class.
+ *
+ * <pre>
+ * &lt;complexType name="PersonNameType">
+ * &lt;complexContent>
+ * &lt;restriction base="{http://www.w3.org/2001/XMLSchema}anyType">
+ * &lt;sequence>
+ * &lt;element name="FormattedName" maxOccurs="unbounded" minOccurs="0">
+ * &lt;complexType>
+ * &lt;simpleContent>
+ * &lt;extension base="&lt;http://www.w3.org/2001/XMLSchema>string">
+ * &lt;attribute name="type" default="presentation">
+ * &lt;simpleType>
+ * &lt;restriction base="{http://www.w3.org/2001/XMLSchema}string">
+ * &lt;enumeration value="presentation"/>
+ * &lt;enumeration value="legal"/>
+ * &lt;enumeration value="sortOrder"/>
+ * &lt;/restriction>
+ * &lt;/simpleType>
+ * &lt;/attribute>
+ * &lt;/extension>
+ * &lt;/simpleContent>
+ * &lt;/complexType>
+ * &lt;/element>
+ * &lt;element name="LegalName" type="{http://www.w3.org/2001/XMLSchema}string" minOccurs="0"/>
+ * &lt;element name="GivenName" type="{http://www.w3.org/2001/XMLSchema}string" maxOccurs="unbounded" minOccurs="0"/>
+ * &lt;element name="PreferredGivenName" type="{http://www.w3.org/2001/XMLSchema}string" minOccurs="0"/>
+ * &lt;element name="MiddleName" type="{http://www.w3.org/2001/XMLSchema}string" minOccurs="0"/>
+ * &lt;element name="FamilyName" maxOccurs="unbounded" minOccurs="0">
+ * &lt;complexType>
+ * &lt;simpleContent>
+ * &lt;extension base="&lt;http://www.w3.org/2001/XMLSchema>string">
+ * &lt;attribute name="primary" default="undefined">
+ * &lt;simpleType>
+ * &lt;restriction base="{http://www.w3.org/2001/XMLSchema}string">
+ * &lt;enumeration value="true"/>
+ * &lt;enumeration value="false"/>
+ * &lt;enumeration value="undefined"/>
+ * &lt;/restriction>
+ * &lt;/simpleType>
+ * &lt;/attribute>
+ * &lt;attribute name="prefix" type="{http://www.w3.org/2001/XMLSchema}string" />
+ * &lt;/extension>
+ * &lt;/simpleContent>
+ * &lt;/complexType>
+ * &lt;/element>
+ * &lt;element name="Affix" maxOccurs="unbounded" minOccurs="0">
+ * &lt;complexType>
+ * &lt;simpleContent>
+ * &lt;extension base="&lt;http://www.w3.org/2001/XMLSchema>string">
+ * &lt;attribute name="type" use="required">
+ * &lt;simpleType>
+ * &lt;restriction base="{http://www.w3.org/2001/XMLSchema}string">
+ * &lt;enumeration value="academicGrade"/>
+ * &lt;enumeration value="aristocraticPrefix"/>
+ * &lt;enumeration value="aristocraticTitle"/>
+ * &lt;enumeration value="familyNamePrefix"/>
+ * &lt;enumeration value="familyNameSuffix"/>
+ * &lt;enumeration value="formOfAddress"/>
+ * &lt;enumeration value="generation"/>
+ * &lt;enumeration value="qualification"/>
+ * &lt;/restriction>
+ * &lt;/simpleType>
+ * &lt;/attribute>
+ * &lt;/extension>
+ * &lt;/simpleContent>
+ * &lt;/complexType>
+ * &lt;/element>
+ * &lt;/sequence>
+ * &lt;/restriction>
+ * &lt;/complexContent>
+ * &lt;/complexType>
+ * </pre>
+ *
+ *
+ */
+@XmlAccessorType(XmlAccessType.FIELD)
+@XmlType(name = "PersonNameType", propOrder = {
+ "formattedName",
+ "legalName",
+ "givenName",
+ "preferredGivenName",
+ "middleName",
+ "familyName",
+ "affix"
+})
+@XmlSeeAlso({
+ at.gv.e_government.reference.namespace.persondata._20020228_.PhysicalPersonType.AlternativeName.class
+})
+public class PersonNameType {
+
+ @XmlElement(name = "FormattedName")
+ protected List<PersonNameType.FormattedName> formattedName;
+ @XmlElement(name = "LegalName")
+ protected String legalName;
+ @XmlElement(name = "GivenName")
+ protected List<String> givenName;
+ @XmlElement(name = "PreferredGivenName")
+ protected String preferredGivenName;
+ @XmlElement(name = "MiddleName")
+ protected String middleName;
+ @XmlElement(name = "FamilyName")
+ protected List<PersonNameType.FamilyName> familyName;
+ @XmlElement(name = "Affix")
+ protected List<PersonNameType.Affix> affix;
+
+ /**
+ * Gets the value of the formattedName property.
+ *
+ * <p>
+ * This accessor method returns a reference to the live list,
+ * not a snapshot. Therefore any modification you make to the
+ * returned list will be present inside the JAXB object.
+ * This is why there is not a <CODE>set</CODE> method for the formattedName property.
+ *
+ * <p>
+ * For example, to add a new item, do as follows:
+ * <pre>
+ * getFormattedName().add(newItem);
+ * </pre>
+ *
+ *
+ * <p>
+ * Objects of the following type(s) are allowed in the list
+ * {@link PersonNameType.FormattedName }
+ *
+ *
+ */
+ public List<PersonNameType.FormattedName> getFormattedName() {
+ if (formattedName == null) {
+ formattedName = new ArrayList<PersonNameType.FormattedName>();
+ }
+ return this.formattedName;
+ }
+
+ /**
+ * Gets the value of the legalName property.
+ *
+ * @return
+ * possible object is
+ * {@link String }
+ *
+ */
+ public String getLegalName() {
+ return legalName;
+ }
+
+ /**
+ * Sets the value of the legalName property.
+ *
+ * @param value
+ * allowed object is
+ * {@link String }
+ *
+ */
+ public void setLegalName(String value) {
+ this.legalName = value;
+ }
+
+ /**
+ * Gets the value of the givenName property.
+ *
+ * <p>
+ * This accessor method returns a reference to the live list,
+ * not a snapshot. Therefore any modification you make to the
+ * returned list will be present inside the JAXB object.
+ * This is why there is not a <CODE>set</CODE> method for the givenName property.
+ *
+ * <p>
+ * For example, to add a new item, do as follows:
+ * <pre>
+ * getGivenName().add(newItem);
+ * </pre>
+ *
+ *
+ * <p>
+ * Objects of the following type(s) are allowed in the list
+ * {@link String }
+ *
+ *
+ */
+ public List<String> getGivenName() {
+ if (givenName == null) {
+ givenName = new ArrayList<String>();
+ }
+ return this.givenName;
+ }
+
+ /**
+ * Gets the value of the preferredGivenName property.
+ *
+ * @return
+ * possible object is
+ * {@link String }
+ *
+ */
+ public String getPreferredGivenName() {
+ return preferredGivenName;
+ }
+
+ /**
+ * Sets the value of the preferredGivenName property.
+ *
+ * @param value
+ * allowed object is
+ * {@link String }
+ *
+ */
+ public void setPreferredGivenName(String value) {
+ this.preferredGivenName = value;
+ }
+
+ /**
+ * Gets the value of the middleName property.
+ *
+ * @return
+ * possible object is
+ * {@link String }
+ *
+ */
+ public String getMiddleName() {
+ return middleName;
+ }
+
+ /**
+ * Sets the value of the middleName property.
+ *
+ * @param value
+ * allowed object is
+ * {@link String }
+ *
+ */
+ public void setMiddleName(String value) {
+ this.middleName = value;
+ }
+
+ /**
+ * Gets the value of the familyName property.
+ *
+ * <p>
+ * This accessor method returns a reference to the live list,
+ * not a snapshot. Therefore any modification you make to the
+ * returned list will be present inside the JAXB object.
+ * This is why there is not a <CODE>set</CODE> method for the familyName property.
+ *
+ * <p>
+ * For example, to add a new item, do as follows:
+ * <pre>
+ * getFamilyName().add(newItem);
+ * </pre>
+ *
+ *
+ * <p>
+ * Objects of the following type(s) are allowed in the list
+ * {@link PersonNameType.FamilyName }
+ *
+ *
+ */
+ public List<PersonNameType.FamilyName> getFamilyName() {
+ if (familyName == null) {
+ familyName = new ArrayList<PersonNameType.FamilyName>();
+ }
+ return this.familyName;
+ }
+
+ /**
+ * Gets the value of the affix property.
+ *
+ * <p>
+ * This accessor method returns a reference to the live list,
+ * not a snapshot. Therefore any modification you make to the
+ * returned list will be present inside the JAXB object.
+ * This is why there is not a <CODE>set</CODE> method for the affix property.
+ *
+ * <p>
+ * For example, to add a new item, do as follows:
+ * <pre>
+ * getAffix().add(newItem);
+ * </pre>
+ *
+ *
+ * <p>
+ * Objects of the following type(s) are allowed in the list
+ * {@link PersonNameType.Affix }
+ *
+ *
+ */
+ public List<PersonNameType.Affix> getAffix() {
+ if (affix == null) {
+ affix = new ArrayList<PersonNameType.Affix>();
+ }
+ return this.affix;
+ }
+
+
+ /**
+ * <p>Java class for anonymous complex type.
+ *
+ * <p>The following schema fragment specifies the expected content contained within this class.
+ *
+ * <pre>
+ * &lt;complexType>
+ * &lt;simpleContent>
+ * &lt;extension base="&lt;http://www.w3.org/2001/XMLSchema>string">
+ * &lt;attribute name="type" use="required">
+ * &lt;simpleType>
+ * &lt;restriction base="{http://www.w3.org/2001/XMLSchema}string">
+ * &lt;enumeration value="academicGrade"/>
+ * &lt;enumeration value="aristocraticPrefix"/>
+ * &lt;enumeration value="aristocraticTitle"/>
+ * &lt;enumeration value="familyNamePrefix"/>
+ * &lt;enumeration value="familyNameSuffix"/>
+ * &lt;enumeration value="formOfAddress"/>
+ * &lt;enumeration value="generation"/>
+ * &lt;enumeration value="qualification"/>
+ * &lt;/restriction>
+ * &lt;/simpleType>
+ * &lt;/attribute>
+ * &lt;/extension>
+ * &lt;/simpleContent>
+ * &lt;/complexType>
+ * </pre>
+ *
+ *
+ */
+ @XmlAccessorType(XmlAccessType.FIELD)
+ @XmlType(name = "", propOrder = {
+ "value"
+ })
+ public static class Affix {
+
+ @XmlValue
+ protected String value;
+ @XmlAttribute(required = true)
+ protected String type;
+
+ /**
+ * Gets the value of the value property.
+ *
+ * @return
+ * possible object is
+ * {@link String }
+ *
+ */
+ public String getValue() {
+ return value;
+ }
+
+ /**
+ * Sets the value of the value property.
+ *
+ * @param value
+ * allowed object is
+ * {@link String }
+ *
+ */
+ public void setValue(String value) {
+ this.value = value;
+ }
+
+ /**
+ * Gets the value of the type property.
+ *
+ * @return
+ * possible object is
+ * {@link String }
+ *
+ */
+ public String getType() {
+ return type;
+ }
+
+ /**
+ * Sets the value of the type property.
+ *
+ * @param value
+ * allowed object is
+ * {@link String }
+ *
+ */
+ public void setType(String value) {
+ this.type = value;
+ }
+
+ }
+
+
+ /**
+ * <p>Java class for anonymous complex type.
+ *
+ * <p>The following schema fragment specifies the expected content contained within this class.
+ *
+ * <pre>
+ * &lt;complexType>
+ * &lt;simpleContent>
+ * &lt;extension base="&lt;http://www.w3.org/2001/XMLSchema>string">
+ * &lt;attribute name="primary" default="undefined">
+ * &lt;simpleType>
+ * &lt;restriction base="{http://www.w3.org/2001/XMLSchema}string">
+ * &lt;enumeration value="true"/>
+ * &lt;enumeration value="false"/>
+ * &lt;enumeration value="undefined"/>
+ * &lt;/restriction>
+ * &lt;/simpleType>
+ * &lt;/attribute>
+ * &lt;attribute name="prefix" type="{http://www.w3.org/2001/XMLSchema}string" />
+ * &lt;/extension>
+ * &lt;/simpleContent>
+ * &lt;/complexType>
+ * </pre>
+ *
+ *
+ */
+ @XmlAccessorType(XmlAccessType.FIELD)
+ @XmlType(name = "", propOrder = {
+ "value"
+ })
+ public static class FamilyName {
+
+ @XmlValue
+ protected String value;
+ @XmlAttribute
+ protected String primary;
+ @XmlAttribute
+ protected String prefix;
+
+ /**
+ * Gets the value of the value property.
+ *
+ * @return
+ * possible object is
+ * {@link String }
+ *
+ */
+ public String getValue() {
+ return value;
+ }
+
+ /**
+ * Sets the value of the value property.
+ *
+ * @param value
+ * allowed object is
+ * {@link String }
+ *
+ */
+ public void setValue(String value) {
+ this.value = value;
+ }
+
+ /**
+ * Gets the value of the primary property.
+ *
+ * @return
+ * possible object is
+ * {@link String }
+ *
+ */
+ public String getPrimary() {
+ if (primary == null) {
+ return "undefined";
+ } else {
+ return primary;
+ }
+ }
+
+ /**
+ * Sets the value of the primary property.
+ *
+ * @param value
+ * allowed object is
+ * {@link String }
+ *
+ */
+ public void setPrimary(String value) {
+ this.primary = value;
+ }
+
+ /**
+ * Gets the value of the prefix property.
+ *
+ * @return
+ * possible object is
+ * {@link String }
+ *
+ */
+ public String getPrefix() {
+ return prefix;
+ }
+
+ /**
+ * Sets the value of the prefix property.
+ *
+ * @param value
+ * allowed object is
+ * {@link String }
+ *
+ */
+ public void setPrefix(String value) {
+ this.prefix = value;
+ }
+
+ }
+
+
+ /**
+ * <p>Java class for anonymous complex type.
+ *
+ * <p>The following schema fragment specifies the expected content contained within this class.
+ *
+ * <pre>
+ * &lt;complexType>
+ * &lt;simpleContent>
+ * &lt;extension base="&lt;http://www.w3.org/2001/XMLSchema>string">
+ * &lt;attribute name="type" default="presentation">
+ * &lt;simpleType>
+ * &lt;restriction base="{http://www.w3.org/2001/XMLSchema}string">
+ * &lt;enumeration value="presentation"/>
+ * &lt;enumeration value="legal"/>
+ * &lt;enumeration value="sortOrder"/>
+ * &lt;/restriction>
+ * &lt;/simpleType>
+ * &lt;/attribute>
+ * &lt;/extension>
+ * &lt;/simpleContent>
+ * &lt;/complexType>
+ * </pre>
+ *
+ *
+ */
+ @XmlAccessorType(XmlAccessType.FIELD)
+ @XmlType(name = "", propOrder = {
+ "value"
+ })
+ public static class FormattedName {
+
+ @XmlValue
+ protected String value;
+ @XmlAttribute
+ protected String type;
+
+ /**
+ * Gets the value of the value property.
+ *
+ * @return
+ * possible object is
+ * {@link String }
+ *
+ */
+ public String getValue() {
+ return value;
+ }
+
+ /**
+ * Sets the value of the value property.
+ *
+ * @param value
+ * allowed object is
+ * {@link String }
+ *
+ */
+ public void setValue(String value) {
+ this.value = value;
+ }
+
+ /**
+ * Gets the value of the type property.
+ *
+ * @return
+ * possible object is
+ * {@link String }
+ *
+ */
+ public String getType() {
+ if (type == null) {
+ return "presentation";
+ } else {
+ return type;
+ }
+ }
+
+ /**
+ * Sets the value of the type property.
+ *
+ * @param value
+ * allowed object is
+ * {@link String }
+ *
+ */
+ public void setType(String value) {
+ this.type = value;
+ }
+
+ }
+
+}
diff --git a/id/server/idserverlib/src/main/java/at/gv/e_government/reference/namespace/persondata/_20020228_/PhysicalPersonType.java b/id/server/idserverlib/src/main/java/at/gv/e_government/reference/namespace/persondata/_20020228_/PhysicalPersonType.java
new file mode 100644
index 000000000..c858f9e8f
--- /dev/null
+++ b/id/server/idserverlib/src/main/java/at/gv/e_government/reference/namespace/persondata/_20020228_/PhysicalPersonType.java
@@ -0,0 +1,550 @@
+//
+// This file was generated by the JavaTM Architecture for XML Binding(JAXB) Reference Implementation, vJAXB 2.1.10 in JDK 6
+// See <a href="http://java.sun.com/xml/jaxb">http://java.sun.com/xml/jaxb</a>
+// Any modifications to this file will be lost upon recompilation of the source schema.
+// Generated on: 2013.06.19 at 11:53:10 AM CEST
+//
+
+
+package at.gv.e_government.reference.namespace.persondata._20020228_;
+
+import java.util.ArrayList;
+import java.util.List;
+import javax.xml.bind.annotation.XmlAccessType;
+import javax.xml.bind.annotation.XmlAccessorType;
+import javax.xml.bind.annotation.XmlAnyElement;
+import javax.xml.bind.annotation.XmlAttribute;
+import javax.xml.bind.annotation.XmlElement;
+import javax.xml.bind.annotation.XmlSchemaType;
+import javax.xml.bind.annotation.XmlType;
+import javax.xml.bind.annotation.adapters.CollapsedStringAdapter;
+import javax.xml.bind.annotation.adapters.XmlJavaTypeAdapter;
+import org.w3c.dom.Element;
+
+
+/**
+ * physical person
+ *
+ * <p>Java class for PhysicalPersonType complex type.
+ *
+ * <p>The following schema fragment specifies the expected content contained within this class.
+ *
+ * <pre>
+ * &lt;complexType name="PhysicalPersonType">
+ * &lt;complexContent>
+ * &lt;extension base="{http://reference.e-government.gv.at/namespace/persondata/20020228#}AbstractPersonType">
+ * &lt;sequence minOccurs="0">
+ * &lt;element name="Name" type="{http://reference.e-government.gv.at/namespace/persondata/20020228#}PersonNameType" minOccurs="0"/>
+ * &lt;element name="AlternativeName" maxOccurs="unbounded" minOccurs="0">
+ * &lt;complexType>
+ * &lt;complexContent>
+ * &lt;extension base="{http://reference.e-government.gv.at/namespace/persondata/20020228#}PersonNameType">
+ * &lt;attribute name="Type" type="{http://reference.e-government.gv.at/namespace/persondata/20020228#}AlternativeNameTypeType" />
+ * &lt;/extension>
+ * &lt;/complexContent>
+ * &lt;/complexType>
+ * &lt;/element>
+ * &lt;element name="MaritalStatus" type="{http://reference.e-government.gv.at/namespace/persondata/20020228#}MaritalStatusType" minOccurs="0"/>
+ * &lt;element name="Sex" type="{http://reference.e-government.gv.at/namespace/persondata/20020228#}SexType" minOccurs="0"/>
+ * &lt;element name="DateOfBirth" type="{http://reference.e-government.gv.at/namespace/persondata/20020228#}DateOfBirthType" minOccurs="0"/>
+ * &lt;element name="PlaceOfBirth" type="{http://www.w3.org/2001/XMLSchema}token" minOccurs="0"/>
+ * &lt;element name="CountryOfBirth" type="{http://www.w3.org/2001/XMLSchema}token" minOccurs="0"/>
+ * &lt;element name="Nationality" type="{http://www.w3.org/2001/XMLSchema}token" maxOccurs="unbounded" minOccurs="0"/>
+ * &lt;element name="Confession" type="{http://www.w3.org/2001/XMLSchema}token" minOccurs="0"/>
+ * &lt;element name="relatedPerson" maxOccurs="unbounded" minOccurs="0">
+ * &lt;complexType>
+ * &lt;complexContent>
+ * &lt;restriction base="{http://www.w3.org/2001/XMLSchema}anyType">
+ * &lt;sequence>
+ * &lt;element name="TypeOfRelation" type="{http://reference.e-government.gv.at/namespace/persondata/20020228#}RelationType" maxOccurs="unbounded"/>
+ * &lt;element ref="{http://reference.e-government.gv.at/namespace/persondata/20020228#}Person"/>
+ * &lt;/sequence>
+ * &lt;/restriction>
+ * &lt;/complexContent>
+ * &lt;/complexType>
+ * &lt;/element>
+ * &lt;any processContents='lax' namespace='##other' maxOccurs="unbounded" minOccurs="0"/>
+ * &lt;/sequence>
+ * &lt;anyAttribute namespace='##other'/>
+ * &lt;/extension>
+ * &lt;/complexContent>
+ * &lt;/complexType>
+ * </pre>
+ *
+ *
+ */
+@XmlAccessorType(XmlAccessType.FIELD)
+@XmlType(name = "PhysicalPersonType", propOrder = {
+ "name",
+ "alternativeName",
+ "maritalStatus",
+ "sex",
+ "dateOfBirth",
+ "placeOfBirth",
+ "countryOfBirth",
+ "nationality",
+ "confession",
+ "relatedPerson",
+ "any"
+})
+public class PhysicalPersonType
+ extends AbstractPersonType
+{
+
+ @XmlElement(name = "Name")
+ protected PersonNameType name;
+ @XmlElement(name = "AlternativeName")
+ protected List<PhysicalPersonType.AlternativeName> alternativeName;
+ @XmlElement(name = "MaritalStatus")
+ protected MaritalStatusType maritalStatus;
+ @XmlElement(name = "Sex")
+ protected SexType sex;
+ @XmlElement(name = "DateOfBirth")
+ protected String dateOfBirth;
+ @XmlElement(name = "PlaceOfBirth")
+ @XmlJavaTypeAdapter(CollapsedStringAdapter.class)
+ @XmlSchemaType(name = "token")
+ protected String placeOfBirth;
+ @XmlElement(name = "CountryOfBirth")
+ @XmlJavaTypeAdapter(CollapsedStringAdapter.class)
+ @XmlSchemaType(name = "token")
+ protected String countryOfBirth;
+ @XmlElement(name = "Nationality")
+ @XmlJavaTypeAdapter(CollapsedStringAdapter.class)
+ @XmlSchemaType(name = "token")
+ protected List<String> nationality;
+ @XmlElement(name = "Confession")
+ @XmlJavaTypeAdapter(CollapsedStringAdapter.class)
+ @XmlSchemaType(name = "token")
+ protected String confession;
+ protected List<PhysicalPersonType.RelatedPerson> relatedPerson;
+ @XmlAnyElement(lax = true)
+ protected List<Object> any;
+
+ /**
+ * Gets the value of the name property.
+ *
+ * @return
+ * possible object is
+ * {@link PersonNameType }
+ *
+ */
+ public PersonNameType getName() {
+ return name;
+ }
+
+ /**
+ * Sets the value of the name property.
+ *
+ * @param value
+ * allowed object is
+ * {@link PersonNameType }
+ *
+ */
+ public void setName(PersonNameType value) {
+ this.name = value;
+ }
+
+ /**
+ * Gets the value of the alternativeName property.
+ *
+ * <p>
+ * This accessor method returns a reference to the live list,
+ * not a snapshot. Therefore any modification you make to the
+ * returned list will be present inside the JAXB object.
+ * This is why there is not a <CODE>set</CODE> method for the alternativeName property.
+ *
+ * <p>
+ * For example, to add a new item, do as follows:
+ * <pre>
+ * getAlternativeName().add(newItem);
+ * </pre>
+ *
+ *
+ * <p>
+ * Objects of the following type(s) are allowed in the list
+ * {@link PhysicalPersonType.AlternativeName }
+ *
+ *
+ */
+ public List<PhysicalPersonType.AlternativeName> getAlternativeName() {
+ if (alternativeName == null) {
+ alternativeName = new ArrayList<PhysicalPersonType.AlternativeName>();
+ }
+ return this.alternativeName;
+ }
+
+ /**
+ * Gets the value of the maritalStatus property.
+ *
+ * @return
+ * possible object is
+ * {@link MaritalStatusType }
+ *
+ */
+ public MaritalStatusType getMaritalStatus() {
+ return maritalStatus;
+ }
+
+ /**
+ * Sets the value of the maritalStatus property.
+ *
+ * @param value
+ * allowed object is
+ * {@link MaritalStatusType }
+ *
+ */
+ public void setMaritalStatus(MaritalStatusType value) {
+ this.maritalStatus = value;
+ }
+
+ /**
+ * Gets the value of the sex property.
+ *
+ * @return
+ * possible object is
+ * {@link SexType }
+ *
+ */
+ public SexType getSex() {
+ return sex;
+ }
+
+ /**
+ * Sets the value of the sex property.
+ *
+ * @param value
+ * allowed object is
+ * {@link SexType }
+ *
+ */
+ public void setSex(SexType value) {
+ this.sex = value;
+ }
+
+ /**
+ * Gets the value of the dateOfBirth property.
+ *
+ * @return
+ * possible object is
+ * {@link String }
+ *
+ */
+ public String getDateOfBirth() {
+ return dateOfBirth;
+ }
+
+ /**
+ * Sets the value of the dateOfBirth property.
+ *
+ * @param value
+ * allowed object is
+ * {@link String }
+ *
+ */
+ public void setDateOfBirth(String value) {
+ this.dateOfBirth = value;
+ }
+
+ /**
+ * Gets the value of the placeOfBirth property.
+ *
+ * @return
+ * possible object is
+ * {@link String }
+ *
+ */
+ public String getPlaceOfBirth() {
+ return placeOfBirth;
+ }
+
+ /**
+ * Sets the value of the placeOfBirth property.
+ *
+ * @param value
+ * allowed object is
+ * {@link String }
+ *
+ */
+ public void setPlaceOfBirth(String value) {
+ this.placeOfBirth = value;
+ }
+
+ /**
+ * Gets the value of the countryOfBirth property.
+ *
+ * @return
+ * possible object is
+ * {@link String }
+ *
+ */
+ public String getCountryOfBirth() {
+ return countryOfBirth;
+ }
+
+ /**
+ * Sets the value of the countryOfBirth property.
+ *
+ * @param value
+ * allowed object is
+ * {@link String }
+ *
+ */
+ public void setCountryOfBirth(String value) {
+ this.countryOfBirth = value;
+ }
+
+ /**
+ * Gets the value of the nationality property.
+ *
+ * <p>
+ * This accessor method returns a reference to the live list,
+ * not a snapshot. Therefore any modification you make to the
+ * returned list will be present inside the JAXB object.
+ * This is why there is not a <CODE>set</CODE> method for the nationality property.
+ *
+ * <p>
+ * For example, to add a new item, do as follows:
+ * <pre>
+ * getNationality().add(newItem);
+ * </pre>
+ *
+ *
+ * <p>
+ * Objects of the following type(s) are allowed in the list
+ * {@link String }
+ *
+ *
+ */
+ public List<String> getNationality() {
+ if (nationality == null) {
+ nationality = new ArrayList<String>();
+ }
+ return this.nationality;
+ }
+
+ /**
+ * Gets the value of the confession property.
+ *
+ * @return
+ * possible object is
+ * {@link String }
+ *
+ */
+ public String getConfession() {
+ return confession;
+ }
+
+ /**
+ * Sets the value of the confession property.
+ *
+ * @param value
+ * allowed object is
+ * {@link String }
+ *
+ */
+ public void setConfession(String value) {
+ this.confession = value;
+ }
+
+ /**
+ * Gets the value of the relatedPerson property.
+ *
+ * <p>
+ * This accessor method returns a reference to the live list,
+ * not a snapshot. Therefore any modification you make to the
+ * returned list will be present inside the JAXB object.
+ * This is why there is not a <CODE>set</CODE> method for the relatedPerson property.
+ *
+ * <p>
+ * For example, to add a new item, do as follows:
+ * <pre>
+ * getRelatedPerson().add(newItem);
+ * </pre>
+ *
+ *
+ * <p>
+ * Objects of the following type(s) are allowed in the list
+ * {@link PhysicalPersonType.RelatedPerson }
+ *
+ *
+ */
+ public List<PhysicalPersonType.RelatedPerson> getRelatedPerson() {
+ if (relatedPerson == null) {
+ relatedPerson = new ArrayList<PhysicalPersonType.RelatedPerson>();
+ }
+ return this.relatedPerson;
+ }
+
+ /**
+ * Gets the value of the any property.
+ *
+ * <p>
+ * This accessor method returns a reference to the live list,
+ * not a snapshot. Therefore any modification you make to the
+ * returned list will be present inside the JAXB object.
+ * This is why there is not a <CODE>set</CODE> method for the any property.
+ *
+ * <p>
+ * For example, to add a new item, do as follows:
+ * <pre>
+ * getAny().add(newItem);
+ * </pre>
+ *
+ *
+ * <p>
+ * Objects of the following type(s) are allowed in the list
+ * {@link Element }
+ * {@link Object }
+ *
+ *
+ */
+ public List<Object> getAny() {
+ if (any == null) {
+ any = new ArrayList<Object>();
+ }
+ return this.any;
+ }
+
+
+ /**
+ * <p>Java class for anonymous complex type.
+ *
+ * <p>The following schema fragment specifies the expected content contained within this class.
+ *
+ * <pre>
+ * &lt;complexType>
+ * &lt;complexContent>
+ * &lt;extension base="{http://reference.e-government.gv.at/namespace/persondata/20020228#}PersonNameType">
+ * &lt;attribute name="Type" type="{http://reference.e-government.gv.at/namespace/persondata/20020228#}AlternativeNameTypeType" />
+ * &lt;/extension>
+ * &lt;/complexContent>
+ * &lt;/complexType>
+ * </pre>
+ *
+ *
+ */
+ @XmlAccessorType(XmlAccessType.FIELD)
+ @XmlType(name = "")
+ public static class AlternativeName
+ extends PersonNameType
+ {
+
+ @XmlAttribute(name = "Type")
+ protected String type;
+
+ /**
+ * Gets the value of the type property.
+ *
+ * @return
+ * possible object is
+ * {@link String }
+ *
+ */
+ public String getType() {
+ return type;
+ }
+
+ /**
+ * Sets the value of the type property.
+ *
+ * @param value
+ * allowed object is
+ * {@link String }
+ *
+ */
+ public void setType(String value) {
+ this.type = value;
+ }
+
+ }
+
+
+ /**
+ * <p>Java class for anonymous complex type.
+ *
+ * <p>The following schema fragment specifies the expected content contained within this class.
+ *
+ * <pre>
+ * &lt;complexType>
+ * &lt;complexContent>
+ * &lt;restriction base="{http://www.w3.org/2001/XMLSchema}anyType">
+ * &lt;sequence>
+ * &lt;element name="TypeOfRelation" type="{http://reference.e-government.gv.at/namespace/persondata/20020228#}RelationType" maxOccurs="unbounded"/>
+ * &lt;element ref="{http://reference.e-government.gv.at/namespace/persondata/20020228#}Person"/>
+ * &lt;/sequence>
+ * &lt;/restriction>
+ * &lt;/complexContent>
+ * &lt;/complexType>
+ * </pre>
+ *
+ *
+ */
+ @XmlAccessorType(XmlAccessType.FIELD)
+ @XmlType(name = "", propOrder = {
+ "typeOfRelation",
+ "person"
+ })
+ public static class RelatedPerson {
+
+ @XmlElement(name = "TypeOfRelation", required = true)
+ protected List<String> typeOfRelation;
+ @XmlElement(name = "Person", required = true)
+ protected AbstractPersonType person;
+
+ /**
+ * Gets the value of the typeOfRelation property.
+ *
+ * <p>
+ * This accessor method returns a reference to the live list,
+ * not a snapshot. Therefore any modification you make to the
+ * returned list will be present inside the JAXB object.
+ * This is why there is not a <CODE>set</CODE> method for the typeOfRelation property.
+ *
+ * <p>
+ * For example, to add a new item, do as follows:
+ * <pre>
+ * getTypeOfRelation().add(newItem);
+ * </pre>
+ *
+ *
+ * <p>
+ * Objects of the following type(s) are allowed in the list
+ * {@link String }
+ *
+ *
+ */
+ public List<String> getTypeOfRelation() {
+ if (typeOfRelation == null) {
+ typeOfRelation = new ArrayList<String>();
+ }
+ return this.typeOfRelation;
+ }
+
+ /**
+ * Gets the value of the person property.
+ *
+ * @return
+ * possible object is
+ * {@link AbstractPersonType }
+ *
+ */
+ public AbstractPersonType getPerson() {
+ return person;
+ }
+
+ /**
+ * Sets the value of the person property.
+ *
+ * @param value
+ * allowed object is
+ * {@link AbstractPersonType }
+ *
+ */
+ public void setPerson(AbstractPersonType value) {
+ this.person = value;
+ }
+
+ }
+
+}
diff --git a/id/server/idserverlib/src/main/java/at/gv/e_government/reference/namespace/persondata/_20020228_/PostalAddressType.java b/id/server/idserverlib/src/main/java/at/gv/e_government/reference/namespace/persondata/_20020228_/PostalAddressType.java
new file mode 100644
index 000000000..4f6c80200
--- /dev/null
+++ b/id/server/idserverlib/src/main/java/at/gv/e_government/reference/namespace/persondata/_20020228_/PostalAddressType.java
@@ -0,0 +1,611 @@
+//
+// This file was generated by the JavaTM Architecture for XML Binding(JAXB) Reference Implementation, vJAXB 2.1.10 in JDK 6
+// See <a href="http://java.sun.com/xml/jaxb">http://java.sun.com/xml/jaxb</a>
+// Any modifications to this file will be lost upon recompilation of the source schema.
+// Generated on: 2013.06.19 at 11:53:10 AM CEST
+//
+
+
+package at.gv.e_government.reference.namespace.persondata._20020228_;
+
+import java.util.ArrayList;
+import java.util.List;
+import javax.xml.bind.annotation.XmlAccessType;
+import javax.xml.bind.annotation.XmlAccessorType;
+import javax.xml.bind.annotation.XmlAttribute;
+import javax.xml.bind.annotation.XmlElement;
+import javax.xml.bind.annotation.XmlType;
+
+
+/**
+ * <p>Java class for PostalAddressType complex type.
+ *
+ * <p>The following schema fragment specifies the expected content contained within this class.
+ *
+ * <pre>
+ * &lt;complexType name="PostalAddressType">
+ * &lt;complexContent>
+ * &lt;restriction base="{http://www.w3.org/2001/XMLSchema}anyType">
+ * &lt;sequence>
+ * &lt;element name="CountryCode" minOccurs="0">
+ * &lt;simpleType>
+ * &lt;restriction base="{http://www.w3.org/2001/XMLSchema}string">
+ * &lt;pattern value="[A-Z]{2}"/>
+ * &lt;/restriction>
+ * &lt;/simpleType>
+ * &lt;/element>
+ * &lt;element name="PostalCode" type="{http://www.w3.org/2001/XMLSchema}string" minOccurs="0"/>
+ * &lt;element name="Region" type="{http://www.w3.org/2001/XMLSchema}string" maxOccurs="unbounded" minOccurs="0"/>
+ * &lt;element name="Municipality" type="{http://www.w3.org/2001/XMLSchema}string" minOccurs="0"/>
+ * &lt;element name="DeliveryAddress" minOccurs="0">
+ * &lt;complexType>
+ * &lt;complexContent>
+ * &lt;restriction base="{http://www.w3.org/2001/XMLSchema}anyType">
+ * &lt;sequence>
+ * &lt;element name="AddressLine" type="{http://www.w3.org/2001/XMLSchema}string" maxOccurs="unbounded" minOccurs="0"/>
+ * &lt;element name="StreetName" type="{http://www.w3.org/2001/XMLSchema}string" minOccurs="0"/>
+ * &lt;element name="BuildingNumber" type="{http://www.w3.org/2001/XMLSchema}string" minOccurs="0"/>
+ * &lt;element name="Unit" type="{http://www.w3.org/2001/XMLSchema}string" minOccurs="0"/>
+ * &lt;element name="PostOfficeBox" type="{http://www.w3.org/2001/XMLSchema}string" minOccurs="0"/>
+ * &lt;/sequence>
+ * &lt;/restriction>
+ * &lt;/complexContent>
+ * &lt;/complexType>
+ * &lt;/element>
+ * &lt;element name="Recipient" maxOccurs="unbounded" minOccurs="0">
+ * &lt;complexType>
+ * &lt;complexContent>
+ * &lt;restriction base="{http://www.w3.org/2001/XMLSchema}anyType">
+ * &lt;sequence>
+ * &lt;element name="PersonName" type="{http://reference.e-government.gv.at/namespace/persondata/20020228#}PersonNameType" minOccurs="0"/>
+ * &lt;element name="AdditionalText" type="{http://www.w3.org/2001/XMLSchema}string" maxOccurs="unbounded" minOccurs="0"/>
+ * &lt;element name="Organization" type="{http://www.w3.org/2001/XMLSchema}string" minOccurs="0"/>
+ * &lt;element name="OrganizationName" type="{http://www.w3.org/2001/XMLSchema}string" minOccurs="0"/>
+ * &lt;/sequence>
+ * &lt;/restriction>
+ * &lt;/complexContent>
+ * &lt;/complexType>
+ * &lt;/element>
+ * &lt;/sequence>
+ * &lt;attribute name="type" default="undefined">
+ * &lt;simpleType>
+ * &lt;restriction base="{http://www.w3.org/2001/XMLSchema}string">
+ * &lt;enumeration value="postOfficeBoxAddress"/>
+ * &lt;enumeration value="streetAddress"/>
+ * &lt;enumeration value="militaryAddress"/>
+ * &lt;enumeration value="undefined"/>
+ * &lt;/restriction>
+ * &lt;/simpleType>
+ * &lt;/attribute>
+ * &lt;/restriction>
+ * &lt;/complexContent>
+ * &lt;/complexType>
+ * </pre>
+ *
+ *
+ */
+@XmlAccessorType(XmlAccessType.FIELD)
+@XmlType(name = "PostalAddressType", propOrder = {
+ "countryCode",
+ "postalCode",
+ "region",
+ "municipality",
+ "deliveryAddress",
+ "recipient"
+})
+public class PostalAddressType {
+
+ @XmlElement(name = "CountryCode")
+ protected String countryCode;
+ @XmlElement(name = "PostalCode")
+ protected String postalCode;
+ @XmlElement(name = "Region")
+ protected List<String> region;
+ @XmlElement(name = "Municipality")
+ protected String municipality;
+ @XmlElement(name = "DeliveryAddress")
+ protected PostalAddressType.DeliveryAddress deliveryAddress;
+ @XmlElement(name = "Recipient")
+ protected List<PostalAddressType.Recipient> recipient;
+ @XmlAttribute
+ protected String type;
+
+ /**
+ * Gets the value of the countryCode property.
+ *
+ * @return
+ * possible object is
+ * {@link String }
+ *
+ */
+ public String getCountryCode() {
+ return countryCode;
+ }
+
+ /**
+ * Sets the value of the countryCode property.
+ *
+ * @param value
+ * allowed object is
+ * {@link String }
+ *
+ */
+ public void setCountryCode(String value) {
+ this.countryCode = value;
+ }
+
+ /**
+ * Gets the value of the postalCode property.
+ *
+ * @return
+ * possible object is
+ * {@link String }
+ *
+ */
+ public String getPostalCode() {
+ return postalCode;
+ }
+
+ /**
+ * Sets the value of the postalCode property.
+ *
+ * @param value
+ * allowed object is
+ * {@link String }
+ *
+ */
+ public void setPostalCode(String value) {
+ this.postalCode = value;
+ }
+
+ /**
+ * Gets the value of the region property.
+ *
+ * <p>
+ * This accessor method returns a reference to the live list,
+ * not a snapshot. Therefore any modification you make to the
+ * returned list will be present inside the JAXB object.
+ * This is why there is not a <CODE>set</CODE> method for the region property.
+ *
+ * <p>
+ * For example, to add a new item, do as follows:
+ * <pre>
+ * getRegion().add(newItem);
+ * </pre>
+ *
+ *
+ * <p>
+ * Objects of the following type(s) are allowed in the list
+ * {@link String }
+ *
+ *
+ */
+ public List<String> getRegion() {
+ if (region == null) {
+ region = new ArrayList<String>();
+ }
+ return this.region;
+ }
+
+ /**
+ * Gets the value of the municipality property.
+ *
+ * @return
+ * possible object is
+ * {@link String }
+ *
+ */
+ public String getMunicipality() {
+ return municipality;
+ }
+
+ /**
+ * Sets the value of the municipality property.
+ *
+ * @param value
+ * allowed object is
+ * {@link String }
+ *
+ */
+ public void setMunicipality(String value) {
+ this.municipality = value;
+ }
+
+ /**
+ * Gets the value of the deliveryAddress property.
+ *
+ * @return
+ * possible object is
+ * {@link PostalAddressType.DeliveryAddress }
+ *
+ */
+ public PostalAddressType.DeliveryAddress getDeliveryAddress() {
+ return deliveryAddress;
+ }
+
+ /**
+ * Sets the value of the deliveryAddress property.
+ *
+ * @param value
+ * allowed object is
+ * {@link PostalAddressType.DeliveryAddress }
+ *
+ */
+ public void setDeliveryAddress(PostalAddressType.DeliveryAddress value) {
+ this.deliveryAddress = value;
+ }
+
+ /**
+ * Gets the value of the recipient property.
+ *
+ * <p>
+ * This accessor method returns a reference to the live list,
+ * not a snapshot. Therefore any modification you make to the
+ * returned list will be present inside the JAXB object.
+ * This is why there is not a <CODE>set</CODE> method for the recipient property.
+ *
+ * <p>
+ * For example, to add a new item, do as follows:
+ * <pre>
+ * getRecipient().add(newItem);
+ * </pre>
+ *
+ *
+ * <p>
+ * Objects of the following type(s) are allowed in the list
+ * {@link PostalAddressType.Recipient }
+ *
+ *
+ */
+ public List<PostalAddressType.Recipient> getRecipient() {
+ if (recipient == null) {
+ recipient = new ArrayList<PostalAddressType.Recipient>();
+ }
+ return this.recipient;
+ }
+
+ /**
+ * Gets the value of the type property.
+ *
+ * @return
+ * possible object is
+ * {@link String }
+ *
+ */
+ public String getType() {
+ if (type == null) {
+ return "undefined";
+ } else {
+ return type;
+ }
+ }
+
+ /**
+ * Sets the value of the type property.
+ *
+ * @param value
+ * allowed object is
+ * {@link String }
+ *
+ */
+ public void setType(String value) {
+ this.type = value;
+ }
+
+
+ /**
+ * <p>Java class for anonymous complex type.
+ *
+ * <p>The following schema fragment specifies the expected content contained within this class.
+ *
+ * <pre>
+ * &lt;complexType>
+ * &lt;complexContent>
+ * &lt;restriction base="{http://www.w3.org/2001/XMLSchema}anyType">
+ * &lt;sequence>
+ * &lt;element name="AddressLine" type="{http://www.w3.org/2001/XMLSchema}string" maxOccurs="unbounded" minOccurs="0"/>
+ * &lt;element name="StreetName" type="{http://www.w3.org/2001/XMLSchema}string" minOccurs="0"/>
+ * &lt;element name="BuildingNumber" type="{http://www.w3.org/2001/XMLSchema}string" minOccurs="0"/>
+ * &lt;element name="Unit" type="{http://www.w3.org/2001/XMLSchema}string" minOccurs="0"/>
+ * &lt;element name="PostOfficeBox" type="{http://www.w3.org/2001/XMLSchema}string" minOccurs="0"/>
+ * &lt;/sequence>
+ * &lt;/restriction>
+ * &lt;/complexContent>
+ * &lt;/complexType>
+ * </pre>
+ *
+ *
+ */
+ @XmlAccessorType(XmlAccessType.FIELD)
+ @XmlType(name = "", propOrder = {
+ "addressLine",
+ "streetName",
+ "buildingNumber",
+ "unit",
+ "postOfficeBox"
+ })
+ public static class DeliveryAddress {
+
+ @XmlElement(name = "AddressLine")
+ protected List<String> addressLine;
+ @XmlElement(name = "StreetName")
+ protected String streetName;
+ @XmlElement(name = "BuildingNumber")
+ protected String buildingNumber;
+ @XmlElement(name = "Unit")
+ protected String unit;
+ @XmlElement(name = "PostOfficeBox")
+ protected String postOfficeBox;
+
+ /**
+ * Gets the value of the addressLine property.
+ *
+ * <p>
+ * This accessor method returns a reference to the live list,
+ * not a snapshot. Therefore any modification you make to the
+ * returned list will be present inside the JAXB object.
+ * This is why there is not a <CODE>set</CODE> method for the addressLine property.
+ *
+ * <p>
+ * For example, to add a new item, do as follows:
+ * <pre>
+ * getAddressLine().add(newItem);
+ * </pre>
+ *
+ *
+ * <p>
+ * Objects of the following type(s) are allowed in the list
+ * {@link String }
+ *
+ *
+ */
+ public List<String> getAddressLine() {
+ if (addressLine == null) {
+ addressLine = new ArrayList<String>();
+ }
+ return this.addressLine;
+ }
+
+ /**
+ * Gets the value of the streetName property.
+ *
+ * @return
+ * possible object is
+ * {@link String }
+ *
+ */
+ public String getStreetName() {
+ return streetName;
+ }
+
+ /**
+ * Sets the value of the streetName property.
+ *
+ * @param value
+ * allowed object is
+ * {@link String }
+ *
+ */
+ public void setStreetName(String value) {
+ this.streetName = value;
+ }
+
+ /**
+ * Gets the value of the buildingNumber property.
+ *
+ * @return
+ * possible object is
+ * {@link String }
+ *
+ */
+ public String getBuildingNumber() {
+ return buildingNumber;
+ }
+
+ /**
+ * Sets the value of the buildingNumber property.
+ *
+ * @param value
+ * allowed object is
+ * {@link String }
+ *
+ */
+ public void setBuildingNumber(String value) {
+ this.buildingNumber = value;
+ }
+
+ /**
+ * Gets the value of the unit property.
+ *
+ * @return
+ * possible object is
+ * {@link String }
+ *
+ */
+ public String getUnit() {
+ return unit;
+ }
+
+ /**
+ * Sets the value of the unit property.
+ *
+ * @param value
+ * allowed object is
+ * {@link String }
+ *
+ */
+ public void setUnit(String value) {
+ this.unit = value;
+ }
+
+ /**
+ * Gets the value of the postOfficeBox property.
+ *
+ * @return
+ * possible object is
+ * {@link String }
+ *
+ */
+ public String getPostOfficeBox() {
+ return postOfficeBox;
+ }
+
+ /**
+ * Sets the value of the postOfficeBox property.
+ *
+ * @param value
+ * allowed object is
+ * {@link String }
+ *
+ */
+ public void setPostOfficeBox(String value) {
+ this.postOfficeBox = value;
+ }
+
+ }
+
+
+ /**
+ * <p>Java class for anonymous complex type.
+ *
+ * <p>The following schema fragment specifies the expected content contained within this class.
+ *
+ * <pre>
+ * &lt;complexType>
+ * &lt;complexContent>
+ * &lt;restriction base="{http://www.w3.org/2001/XMLSchema}anyType">
+ * &lt;sequence>
+ * &lt;element name="PersonName" type="{http://reference.e-government.gv.at/namespace/persondata/20020228#}PersonNameType" minOccurs="0"/>
+ * &lt;element name="AdditionalText" type="{http://www.w3.org/2001/XMLSchema}string" maxOccurs="unbounded" minOccurs="0"/>
+ * &lt;element name="Organization" type="{http://www.w3.org/2001/XMLSchema}string" minOccurs="0"/>
+ * &lt;element name="OrganizationName" type="{http://www.w3.org/2001/XMLSchema}string" minOccurs="0"/>
+ * &lt;/sequence>
+ * &lt;/restriction>
+ * &lt;/complexContent>
+ * &lt;/complexType>
+ * </pre>
+ *
+ *
+ */
+ @XmlAccessorType(XmlAccessType.FIELD)
+ @XmlType(name = "", propOrder = {
+ "personName",
+ "additionalText",
+ "organization",
+ "organizationName"
+ })
+ public static class Recipient {
+
+ @XmlElement(name = "PersonName")
+ protected PersonNameType personName;
+ @XmlElement(name = "AdditionalText")
+ protected List<String> additionalText;
+ @XmlElement(name = "Organization")
+ protected String organization;
+ @XmlElement(name = "OrganizationName")
+ protected String organizationName;
+
+ /**
+ * Gets the value of the personName property.
+ *
+ * @return
+ * possible object is
+ * {@link PersonNameType }
+ *
+ */
+ public PersonNameType getPersonName() {
+ return personName;
+ }
+
+ /**
+ * Sets the value of the personName property.
+ *
+ * @param value
+ * allowed object is
+ * {@link PersonNameType }
+ *
+ */
+ public void setPersonName(PersonNameType value) {
+ this.personName = value;
+ }
+
+ /**
+ * Gets the value of the additionalText property.
+ *
+ * <p>
+ * This accessor method returns a reference to the live list,
+ * not a snapshot. Therefore any modification you make to the
+ * returned list will be present inside the JAXB object.
+ * This is why there is not a <CODE>set</CODE> method for the additionalText property.
+ *
+ * <p>
+ * For example, to add a new item, do as follows:
+ * <pre>
+ * getAdditionalText().add(newItem);
+ * </pre>
+ *
+ *
+ * <p>
+ * Objects of the following type(s) are allowed in the list
+ * {@link String }
+ *
+ *
+ */
+ public List<String> getAdditionalText() {
+ if (additionalText == null) {
+ additionalText = new ArrayList<String>();
+ }
+ return this.additionalText;
+ }
+
+ /**
+ * Gets the value of the organization property.
+ *
+ * @return
+ * possible object is
+ * {@link String }
+ *
+ */
+ public String getOrganization() {
+ return organization;
+ }
+
+ /**
+ * Sets the value of the organization property.
+ *
+ * @param value
+ * allowed object is
+ * {@link String }
+ *
+ */
+ public void setOrganization(String value) {
+ this.organization = value;
+ }
+
+ /**
+ * Gets the value of the organizationName property.
+ *
+ * @return
+ * possible object is
+ * {@link String }
+ *
+ */
+ public String getOrganizationName() {
+ return organizationName;
+ }
+
+ /**
+ * Sets the value of the organizationName property.
+ *
+ * @param value
+ * allowed object is
+ * {@link String }
+ *
+ */
+ public void setOrganizationName(String value) {
+ this.organizationName = value;
+ }
+
+ }
+
+}
diff --git a/id/server/idserverlib/src/main/java/at/gv/e_government/reference/namespace/persondata/_20020228_/SexType.java b/id/server/idserverlib/src/main/java/at/gv/e_government/reference/namespace/persondata/_20020228_/SexType.java
new file mode 100644
index 000000000..7533e2fd4
--- /dev/null
+++ b/id/server/idserverlib/src/main/java/at/gv/e_government/reference/namespace/persondata/_20020228_/SexType.java
@@ -0,0 +1,61 @@
+//
+// This file was generated by the JavaTM Architecture for XML Binding(JAXB) Reference Implementation, vJAXB 2.1.10 in JDK 6
+// See <a href="http://java.sun.com/xml/jaxb">http://java.sun.com/xml/jaxb</a>
+// Any modifications to this file will be lost upon recompilation of the source schema.
+// Generated on: 2013.06.19 at 11:53:10 AM CEST
+//
+
+
+package at.gv.e_government.reference.namespace.persondata._20020228_;
+
+import javax.xml.bind.annotation.XmlEnum;
+import javax.xml.bind.annotation.XmlEnumValue;
+import javax.xml.bind.annotation.XmlType;
+
+
+/**
+ * <p>Java class for SexType.
+ *
+ * <p>The following schema fragment specifies the expected content contained within this class.
+ * <p>
+ * <pre>
+ * &lt;simpleType name="SexType">
+ * &lt;restriction base="{http://www.w3.org/2001/XMLSchema}token">
+ * &lt;enumeration value="male"/>
+ * &lt;enumeration value="female"/>
+ * &lt;enumeration value="unknown"/>
+ * &lt;/restriction>
+ * &lt;/simpleType>
+ * </pre>
+ *
+ */
+@XmlType(name = "SexType")
+@XmlEnum
+public enum SexType {
+
+ @XmlEnumValue("male")
+ MALE("male"),
+ @XmlEnumValue("female")
+ FEMALE("female"),
+ @XmlEnumValue("unknown")
+ UNKNOWN("unknown");
+ private final String value;
+
+ SexType(String v) {
+ value = v;
+ }
+
+ public String value() {
+ return value;
+ }
+
+ public static SexType fromValue(String v) {
+ for (SexType c: SexType.values()) {
+ if (c.value.equals(v)) {
+ return c;
+ }
+ }
+ throw new IllegalArgumentException(v);
+ }
+
+}
diff --git a/id/server/idserverlib/src/main/java/at/gv/e_government/reference/namespace/persondata/_20020228_/TelcomNumberListType.java b/id/server/idserverlib/src/main/java/at/gv/e_government/reference/namespace/persondata/_20020228_/TelcomNumberListType.java
new file mode 100644
index 000000000..55db75831
--- /dev/null
+++ b/id/server/idserverlib/src/main/java/at/gv/e_government/reference/namespace/persondata/_20020228_/TelcomNumberListType.java
@@ -0,0 +1,181 @@
+//
+// This file was generated by the JavaTM Architecture for XML Binding(JAXB) Reference Implementation, vJAXB 2.1.10 in JDK 6
+// See <a href="http://java.sun.com/xml/jaxb">http://java.sun.com/xml/jaxb</a>
+// Any modifications to this file will be lost upon recompilation of the source schema.
+// Generated on: 2013.06.19 at 11:53:10 AM CEST
+//
+
+
+package at.gv.e_government.reference.namespace.persondata._20020228_;
+
+import javax.xml.bind.annotation.XmlAccessType;
+import javax.xml.bind.annotation.XmlAccessorType;
+import javax.xml.bind.annotation.XmlElement;
+import javax.xml.bind.annotation.XmlType;
+
+
+/**
+ * <p>Java class for TelcomNumberListType complex type.
+ *
+ * <p>The following schema fragment specifies the expected content contained within this class.
+ *
+ * <pre>
+ * &lt;complexType name="TelcomNumberListType">
+ * &lt;complexContent>
+ * &lt;restriction base="{http://www.w3.org/2001/XMLSchema}anyType">
+ * &lt;sequence>
+ * &lt;element ref="{http://reference.e-government.gv.at/namespace/persondata/20020228#}Telephone" minOccurs="0"/>
+ * &lt;element ref="{http://reference.e-government.gv.at/namespace/persondata/20020228#}Mobile" minOccurs="0"/>
+ * &lt;element ref="{http://reference.e-government.gv.at/namespace/persondata/20020228#}Fax" minOccurs="0"/>
+ * &lt;element ref="{http://reference.e-government.gv.at/namespace/persondata/20020228#}Pager" minOccurs="0"/>
+ * &lt;element ref="{http://reference.e-government.gv.at/namespace/persondata/20020228#}TTYTDD" minOccurs="0"/>
+ * &lt;/sequence>
+ * &lt;/restriction>
+ * &lt;/complexContent>
+ * &lt;/complexType>
+ * </pre>
+ *
+ *
+ */
+@XmlAccessorType(XmlAccessType.FIELD)
+@XmlType(name = "TelcomNumberListType", propOrder = {
+ "telephone",
+ "mobile",
+ "fax",
+ "pager",
+ "ttytdd"
+})
+public class TelcomNumberListType {
+
+ @XmlElement(name = "Telephone")
+ protected TelcomNumberType telephone;
+ @XmlElement(name = "Mobile")
+ protected MobileTelcomNumberType mobile;
+ @XmlElement(name = "Fax")
+ protected TelcomNumberType fax;
+ @XmlElement(name = "Pager")
+ protected TelcomNumberType pager;
+ @XmlElement(name = "TTYTDD")
+ protected TelcomNumberType ttytdd;
+
+ /**
+ * Gets the value of the telephone property.
+ *
+ * @return
+ * possible object is
+ * {@link TelcomNumberType }
+ *
+ */
+ public TelcomNumberType getTelephone() {
+ return telephone;
+ }
+
+ /**
+ * Sets the value of the telephone property.
+ *
+ * @param value
+ * allowed object is
+ * {@link TelcomNumberType }
+ *
+ */
+ public void setTelephone(TelcomNumberType value) {
+ this.telephone = value;
+ }
+
+ /**
+ * Gets the value of the mobile property.
+ *
+ * @return
+ * possible object is
+ * {@link MobileTelcomNumberType }
+ *
+ */
+ public MobileTelcomNumberType getMobile() {
+ return mobile;
+ }
+
+ /**
+ * Sets the value of the mobile property.
+ *
+ * @param value
+ * allowed object is
+ * {@link MobileTelcomNumberType }
+ *
+ */
+ public void setMobile(MobileTelcomNumberType value) {
+ this.mobile = value;
+ }
+
+ /**
+ * Gets the value of the fax property.
+ *
+ * @return
+ * possible object is
+ * {@link TelcomNumberType }
+ *
+ */
+ public TelcomNumberType getFax() {
+ return fax;
+ }
+
+ /**
+ * Sets the value of the fax property.
+ *
+ * @param value
+ * allowed object is
+ * {@link TelcomNumberType }
+ *
+ */
+ public void setFax(TelcomNumberType value) {
+ this.fax = value;
+ }
+
+ /**
+ * Gets the value of the pager property.
+ *
+ * @return
+ * possible object is
+ * {@link TelcomNumberType }
+ *
+ */
+ public TelcomNumberType getPager() {
+ return pager;
+ }
+
+ /**
+ * Sets the value of the pager property.
+ *
+ * @param value
+ * allowed object is
+ * {@link TelcomNumberType }
+ *
+ */
+ public void setPager(TelcomNumberType value) {
+ this.pager = value;
+ }
+
+ /**
+ * Gets the value of the ttytdd property.
+ *
+ * @return
+ * possible object is
+ * {@link TelcomNumberType }
+ *
+ */
+ public TelcomNumberType getTTYTDD() {
+ return ttytdd;
+ }
+
+ /**
+ * Sets the value of the ttytdd property.
+ *
+ * @param value
+ * allowed object is
+ * {@link TelcomNumberType }
+ *
+ */
+ public void setTTYTDD(TelcomNumberType value) {
+ this.ttytdd = value;
+ }
+
+}
diff --git a/id/server/idserverlib/src/main/java/at/gv/e_government/reference/namespace/persondata/_20020228_/TelcomNumberType.java b/id/server/idserverlib/src/main/java/at/gv/e_government/reference/namespace/persondata/_20020228_/TelcomNumberType.java
new file mode 100644
index 000000000..dfff3a208
--- /dev/null
+++ b/id/server/idserverlib/src/main/java/at/gv/e_government/reference/namespace/persondata/_20020228_/TelcomNumberType.java
@@ -0,0 +1,209 @@
+//
+// This file was generated by the JavaTM Architecture for XML Binding(JAXB) Reference Implementation, vJAXB 2.1.10 in JDK 6
+// See <a href="http://java.sun.com/xml/jaxb">http://java.sun.com/xml/jaxb</a>
+// Any modifications to this file will be lost upon recompilation of the source schema.
+// Generated on: 2013.06.19 at 11:53:10 AM CEST
+//
+
+
+package at.gv.e_government.reference.namespace.persondata._20020228_;
+
+import javax.xml.bind.annotation.XmlAccessType;
+import javax.xml.bind.annotation.XmlAccessorType;
+import javax.xml.bind.annotation.XmlElement;
+import javax.xml.bind.annotation.XmlSeeAlso;
+import javax.xml.bind.annotation.XmlType;
+
+
+/**
+ * <p>Java class for TelcomNumberType complex type.
+ *
+ * <p>The following schema fragment specifies the expected content contained within this class.
+ *
+ * <pre>
+ * &lt;complexType name="TelcomNumberType">
+ * &lt;complexContent>
+ * &lt;restriction base="{http://www.w3.org/2001/XMLSchema}anyType">
+ * &lt;choice>
+ * &lt;element ref="{http://reference.e-government.gv.at/namespace/persondata/20020228#}FormattedNumber"/>
+ * &lt;group ref="{http://reference.e-government.gv.at/namespace/persondata/20020228#}TelcomNumberGroup"/>
+ * &lt;/choice>
+ * &lt;/restriction>
+ * &lt;/complexContent>
+ * &lt;/complexType>
+ * </pre>
+ *
+ *
+ */
+@XmlAccessorType(XmlAccessType.FIELD)
+@XmlType(name = "TelcomNumberType", propOrder = {
+ "formattedNumber",
+ "internationalCountryCode",
+ "nationalNumber",
+ "areaCityCode",
+ "subscriberNumber",
+ "extension"
+})
+@XmlSeeAlso({
+ MobileTelcomNumberType.class
+})
+public class TelcomNumberType {
+
+ @XmlElement(name = "FormattedNumber")
+ protected String formattedNumber;
+ @XmlElement(name = "InternationalCountryCode")
+ protected String internationalCountryCode;
+ @XmlElement(name = "NationalNumber")
+ protected String nationalNumber;
+ @XmlElement(name = "AreaCityCode")
+ protected String areaCityCode;
+ @XmlElement(name = "SubscriberNumber")
+ protected String subscriberNumber;
+ @XmlElement(name = "Extension")
+ protected String extension;
+
+ /**
+ * Gets the value of the formattedNumber property.
+ *
+ * @return
+ * possible object is
+ * {@link String }
+ *
+ */
+ public String getFormattedNumber() {
+ return formattedNumber;
+ }
+
+ /**
+ * Sets the value of the formattedNumber property.
+ *
+ * @param value
+ * allowed object is
+ * {@link String }
+ *
+ */
+ public void setFormattedNumber(String value) {
+ this.formattedNumber = value;
+ }
+
+ /**
+ * Gets the value of the internationalCountryCode property.
+ *
+ * @return
+ * possible object is
+ * {@link String }
+ *
+ */
+ public String getInternationalCountryCode() {
+ return internationalCountryCode;
+ }
+
+ /**
+ * Sets the value of the internationalCountryCode property.
+ *
+ * @param value
+ * allowed object is
+ * {@link String }
+ *
+ */
+ public void setInternationalCountryCode(String value) {
+ this.internationalCountryCode = value;
+ }
+
+ /**
+ * Gets the value of the nationalNumber property.
+ *
+ * @return
+ * possible object is
+ * {@link String }
+ *
+ */
+ public String getNationalNumber() {
+ return nationalNumber;
+ }
+
+ /**
+ * Sets the value of the nationalNumber property.
+ *
+ * @param value
+ * allowed object is
+ * {@link String }
+ *
+ */
+ public void setNationalNumber(String value) {
+ this.nationalNumber = value;
+ }
+
+ /**
+ * Gets the value of the areaCityCode property.
+ *
+ * @return
+ * possible object is
+ * {@link String }
+ *
+ */
+ public String getAreaCityCode() {
+ return areaCityCode;
+ }
+
+ /**
+ * Sets the value of the areaCityCode property.
+ *
+ * @param value
+ * allowed object is
+ * {@link String }
+ *
+ */
+ public void setAreaCityCode(String value) {
+ this.areaCityCode = value;
+ }
+
+ /**
+ * Gets the value of the subscriberNumber property.
+ *
+ * @return
+ * possible object is
+ * {@link String }
+ *
+ */
+ public String getSubscriberNumber() {
+ return subscriberNumber;
+ }
+
+ /**
+ * Sets the value of the subscriberNumber property.
+ *
+ * @param value
+ * allowed object is
+ * {@link String }
+ *
+ */
+ public void setSubscriberNumber(String value) {
+ this.subscriberNumber = value;
+ }
+
+ /**
+ * Gets the value of the extension property.
+ *
+ * @return
+ * possible object is
+ * {@link String }
+ *
+ */
+ public String getExtension() {
+ return extension;
+ }
+
+ /**
+ * Sets the value of the extension property.
+ *
+ * @param value
+ * allowed object is
+ * {@link String }
+ *
+ */
+ public void setExtension(String value) {
+ this.extension = value;
+ }
+
+}
diff --git a/id/server/idserverlib/src/main/java/at/gv/e_government/reference/namespace/persondata/_20020228_/TelephoneAddressType.java b/id/server/idserverlib/src/main/java/at/gv/e_government/reference/namespace/persondata/_20020228_/TelephoneAddressType.java
new file mode 100644
index 000000000..ae87ba6ce
--- /dev/null
+++ b/id/server/idserverlib/src/main/java/at/gv/e_government/reference/namespace/persondata/_20020228_/TelephoneAddressType.java
@@ -0,0 +1,147 @@
+//
+// This file was generated by the JavaTM Architecture for XML Binding(JAXB) Reference Implementation, vJAXB 2.1.10 in JDK 6
+// See <a href="http://java.sun.com/xml/jaxb">http://java.sun.com/xml/jaxb</a>
+// Any modifications to this file will be lost upon recompilation of the source schema.
+// Generated on: 2013.06.19 at 11:53:10 AM CEST
+//
+
+
+package at.gv.e_government.reference.namespace.persondata._20020228_;
+
+import java.util.ArrayList;
+import java.util.List;
+import javax.xml.bind.annotation.XmlAccessType;
+import javax.xml.bind.annotation.XmlAccessorType;
+import javax.xml.bind.annotation.XmlAnyElement;
+import javax.xml.bind.annotation.XmlElement;
+import javax.xml.bind.annotation.XmlSchemaType;
+import javax.xml.bind.annotation.XmlType;
+import org.w3c.dom.Element;
+
+
+/**
+ * phone numbers
+ *
+ * <p>Java class for TelephoneAddressType complex type.
+ *
+ * <p>The following schema fragment specifies the expected content contained within this class.
+ *
+ * <pre>
+ * &lt;complexType name="TelephoneAddressType">
+ * &lt;complexContent>
+ * &lt;extension base="{http://reference.e-government.gv.at/namespace/persondata/20020228#}AbstractAddressType">
+ * &lt;sequence minOccurs="0">
+ * &lt;element name="Type" type="{http://www.w3.org/2001/XMLSchema}anyURI" maxOccurs="unbounded" minOccurs="0"/>
+ * &lt;element name="Number" type="{http://reference.e-government.gv.at/namespace/persondata/20020228#}TelcomNumberType"/>
+ * &lt;any processContents='lax' namespace='##other' maxOccurs="unbounded" minOccurs="0"/>
+ * &lt;/sequence>
+ * &lt;anyAttribute namespace='##other'/>
+ * &lt;/extension>
+ * &lt;/complexContent>
+ * &lt;/complexType>
+ * </pre>
+ *
+ *
+ */
+@XmlAccessorType(XmlAccessType.FIELD)
+@XmlType(name = "TelephoneAddressType", propOrder = {
+ "type",
+ "number",
+ "any"
+})
+public class TelephoneAddressType
+ extends AbstractAddressType
+{
+
+ @XmlElement(name = "Type")
+ @XmlSchemaType(name = "anyURI")
+ protected List<String> type;
+ @XmlElement(name = "Number")
+ protected TelcomNumberType number;
+ @XmlAnyElement(lax = true)
+ protected List<Object> any;
+
+ /**
+ * Gets the value of the type property.
+ *
+ * <p>
+ * This accessor method returns a reference to the live list,
+ * not a snapshot. Therefore any modification you make to the
+ * returned list will be present inside the JAXB object.
+ * This is why there is not a <CODE>set</CODE> method for the type property.
+ *
+ * <p>
+ * For example, to add a new item, do as follows:
+ * <pre>
+ * getType().add(newItem);
+ * </pre>
+ *
+ *
+ * <p>
+ * Objects of the following type(s) are allowed in the list
+ * {@link String }
+ *
+ *
+ */
+ public List<String> getType() {
+ if (type == null) {
+ type = new ArrayList<String>();
+ }
+ return this.type;
+ }
+
+ /**
+ * Gets the value of the number property.
+ *
+ * @return
+ * possible object is
+ * {@link TelcomNumberType }
+ *
+ */
+ public TelcomNumberType getNumber() {
+ return number;
+ }
+
+ /**
+ * Sets the value of the number property.
+ *
+ * @param value
+ * allowed object is
+ * {@link TelcomNumberType }
+ *
+ */
+ public void setNumber(TelcomNumberType value) {
+ this.number = value;
+ }
+
+ /**
+ * Gets the value of the any property.
+ *
+ * <p>
+ * This accessor method returns a reference to the live list,
+ * not a snapshot. Therefore any modification you make to the
+ * returned list will be present inside the JAXB object.
+ * This is why there is not a <CODE>set</CODE> method for the any property.
+ *
+ * <p>
+ * For example, to add a new item, do as follows:
+ * <pre>
+ * getAny().add(newItem);
+ * </pre>
+ *
+ *
+ * <p>
+ * Objects of the following type(s) are allowed in the list
+ * {@link Element }
+ * {@link Object }
+ *
+ *
+ */
+ public List<Object> getAny() {
+ if (any == null) {
+ any = new ArrayList<Object>();
+ }
+ return this.any;
+ }
+
+}
diff --git a/id/server/idserverlib/src/main/java/at/gv/e_government/reference/namespace/persondata/_20020228_/TypedPostalAddressType.java b/id/server/idserverlib/src/main/java/at/gv/e_government/reference/namespace/persondata/_20020228_/TypedPostalAddressType.java
new file mode 100644
index 000000000..4838c4cc7
--- /dev/null
+++ b/id/server/idserverlib/src/main/java/at/gv/e_government/reference/namespace/persondata/_20020228_/TypedPostalAddressType.java
@@ -0,0 +1,142 @@
+//
+// This file was generated by the JavaTM Architecture for XML Binding(JAXB) Reference Implementation, vJAXB 2.1.10 in JDK 6
+// See <a href="http://java.sun.com/xml/jaxb">http://java.sun.com/xml/jaxb</a>
+// Any modifications to this file will be lost upon recompilation of the source schema.
+// Generated on: 2013.06.19 at 11:53:10 AM CEST
+//
+
+
+package at.gv.e_government.reference.namespace.persondata._20020228_;
+
+import java.util.ArrayList;
+import java.util.List;
+import javax.xml.bind.annotation.XmlAccessType;
+import javax.xml.bind.annotation.XmlAccessorType;
+import javax.xml.bind.annotation.XmlAnyElement;
+import javax.xml.bind.annotation.XmlElement;
+import javax.xml.bind.annotation.XmlSchemaType;
+import javax.xml.bind.annotation.XmlType;
+import org.w3c.dom.Element;
+
+
+/**
+ * postal address
+ *
+ * <p>Java class for TypedPostalAddressType complex type.
+ *
+ * <p>The following schema fragment specifies the expected content contained within this class.
+ *
+ * <pre>
+ * &lt;complexType name="TypedPostalAddressType">
+ * &lt;complexContent>
+ * &lt;extension base="{http://reference.e-government.gv.at/namespace/persondata/20020228#}AbstractAddressType">
+ * &lt;sequence minOccurs="0">
+ * &lt;element name="Type" type="{http://www.w3.org/2001/XMLSchema}anyURI" minOccurs="0"/>
+ * &lt;element ref="{http://reference.e-government.gv.at/namespace/persondata/20020228#}PostalAddress"/>
+ * &lt;any processContents='lax' namespace='##other' maxOccurs="unbounded" minOccurs="0"/>
+ * &lt;/sequence>
+ * &lt;anyAttribute namespace='##other'/>
+ * &lt;/extension>
+ * &lt;/complexContent>
+ * &lt;/complexType>
+ * </pre>
+ *
+ *
+ */
+@XmlAccessorType(XmlAccessType.FIELD)
+@XmlType(name = "TypedPostalAddressType", propOrder = {
+ "type",
+ "postalAddress",
+ "any"
+})
+public class TypedPostalAddressType
+ extends AbstractAddressType
+{
+
+ @XmlElement(name = "Type")
+ @XmlSchemaType(name = "anyURI")
+ protected String type;
+ @XmlElement(name = "PostalAddress")
+ protected PostalAddressType postalAddress;
+ @XmlAnyElement(lax = true)
+ protected List<Object> any;
+
+ /**
+ * Gets the value of the type property.
+ *
+ * @return
+ * possible object is
+ * {@link String }
+ *
+ */
+ public String getType() {
+ return type;
+ }
+
+ /**
+ * Sets the value of the type property.
+ *
+ * @param value
+ * allowed object is
+ * {@link String }
+ *
+ */
+ public void setType(String value) {
+ this.type = value;
+ }
+
+ /**
+ * Gets the value of the postalAddress property.
+ *
+ * @return
+ * possible object is
+ * {@link PostalAddressType }
+ *
+ */
+ public PostalAddressType getPostalAddress() {
+ return postalAddress;
+ }
+
+ /**
+ * Sets the value of the postalAddress property.
+ *
+ * @param value
+ * allowed object is
+ * {@link PostalAddressType }
+ *
+ */
+ public void setPostalAddress(PostalAddressType value) {
+ this.postalAddress = value;
+ }
+
+ /**
+ * Gets the value of the any property.
+ *
+ * <p>
+ * This accessor method returns a reference to the live list,
+ * not a snapshot. Therefore any modification you make to the
+ * returned list will be present inside the JAXB object.
+ * This is why there is not a <CODE>set</CODE> method for the any property.
+ *
+ * <p>
+ * For example, to add a new item, do as follows:
+ * <pre>
+ * getAny().add(newItem);
+ * </pre>
+ *
+ *
+ * <p>
+ * Objects of the following type(s) are allowed in the list
+ * {@link Element }
+ * {@link Object }
+ *
+ *
+ */
+ public List<Object> getAny() {
+ if (any == null) {
+ any = new ArrayList<Object>();
+ }
+ return this.any;
+ }
+
+}
diff --git a/id/server/idserverlib/src/main/java/at/gv/e_government/reference/namespace/persondata/_20020228_/package-info.java b/id/server/idserverlib/src/main/java/at/gv/e_government/reference/namespace/persondata/_20020228_/package-info.java
new file mode 100644
index 000000000..c866662d1
--- /dev/null
+++ b/id/server/idserverlib/src/main/java/at/gv/e_government/reference/namespace/persondata/_20020228_/package-info.java
@@ -0,0 +1,9 @@
+//
+// This file was generated by the JavaTM Architecture for XML Binding(JAXB) Reference Implementation, vJAXB 2.1.10 in JDK 6
+// See <a href="http://java.sun.com/xml/jaxb">http://java.sun.com/xml/jaxb</a>
+// Any modifications to this file will be lost upon recompilation of the source schema.
+// Generated on: 2013.06.19 at 11:53:10 AM CEST
+//
+
+@javax.xml.bind.annotation.XmlSchema(namespace = "http://reference.e-government.gv.at/namespace/persondata/20020228#", elementFormDefault = javax.xml.bind.annotation.XmlNsForm.QUALIFIED)
+package at.gv.e_government.reference.namespace.persondata._20020228_;
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/AuthenticationServer.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/AuthenticationServer.java
index d783c74d9..89adbce3f 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/AuthenticationServer.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/AuthenticationServer.java
@@ -23,17 +23,19 @@
package at.gv.egovernment.moa.id.auth;
+import iaik.asn1.ObjectID;
import iaik.pki.PKIException;
+import iaik.x509.CertificateFactory;
import iaik.x509.X509Certificate;
+import iaik.x509.X509ExtensionInitException;
import java.io.ByteArrayInputStream;
-import java.io.File;
import java.io.IOException;
import java.io.InputStream;
import java.security.GeneralSecurityException;
import java.security.Principal;
import java.security.cert.CertificateException;
-import java.security.cert.CertificateFactory;
+//import java.security.cert.CertificateFactory;
import java.util.ArrayList;
import java.util.Calendar;
import java.util.Date;
@@ -57,6 +59,7 @@ import org.opensaml.xml.util.Base64;
import org.opensaml.xml.util.XMLHelper;
import org.w3c.dom.Document;
import org.w3c.dom.Element;
+import org.w3c.dom.Node;
import org.w3c.dom.NodeList;
import org.xml.sax.SAXException;
@@ -66,7 +69,6 @@ import at.gv.egovernment.moa.id.MOAIDException;
import at.gv.egovernment.moa.id.ParseException;
import at.gv.egovernment.moa.id.ServiceException;
import at.gv.egovernment.moa.id.auth.builder.AuthenticationBlockAssertionBuilder;
-import at.gv.egovernment.moa.id.auth.builder.AuthenticationDataAssertionBuilder;
import at.gv.egovernment.moa.id.auth.builder.BPKBuilder;
import at.gv.egovernment.moa.id.auth.builder.CertInfoVerifyXMLSignatureRequestBuilder;
import at.gv.egovernment.moa.id.auth.builder.CreateXMLSignatureRequestBuilder;
@@ -75,7 +77,6 @@ import at.gv.egovernment.moa.id.auth.builder.GetIdentityLinkFormBuilder;
import at.gv.egovernment.moa.id.auth.builder.InfoboxReadRequestBuilder;
import at.gv.egovernment.moa.id.auth.builder.InfoboxValidatorParamsBuilder;
import at.gv.egovernment.moa.id.auth.builder.PersonDataBuilder;
-import at.gv.egovernment.moa.id.auth.builder.SAMLArtifactBuilder;
import at.gv.egovernment.moa.id.auth.builder.SelectBKUFormBuilder;
import at.gv.egovernment.moa.id.auth.builder.VerifyXMLSignatureRequestBuilder;
import at.gv.egovernment.moa.id.auth.data.AuthenticationSession;
@@ -89,13 +90,13 @@ import at.gv.egovernment.moa.id.auth.data.VerifyXMLSignatureResponse;
import at.gv.egovernment.moa.id.auth.invoke.SignatureVerificationInvoker;
import at.gv.egovernment.moa.id.auth.parser.CreateXMLSignatureResponseParser;
import at.gv.egovernment.moa.id.auth.parser.ExtendedInfoboxReadResponseParser;
+import at.gv.egovernment.moa.id.auth.parser.IdentityLinkAssertionParser;
import at.gv.egovernment.moa.id.auth.parser.InfoboxReadResponseParser;
import at.gv.egovernment.moa.id.auth.parser.SAMLArtifactParser;
import at.gv.egovernment.moa.id.auth.parser.VerifyXMLSignatureResponseParser;
import at.gv.egovernment.moa.id.auth.servlet.AuthServlet;
import at.gv.egovernment.moa.id.auth.servlet.PEPSConnectorServlet;
import at.gv.egovernment.moa.id.auth.stork.STORKAuthnRequestProcessor;
-import at.gv.egovernment.moa.id.auth.stork.STORKException;
import at.gv.egovernment.moa.id.auth.validator.CreateXMLSignatureResponseValidator;
import at.gv.egovernment.moa.id.auth.validator.IdentityLinkValidator;
import at.gv.egovernment.moa.id.auth.validator.InfoboxValidator;
@@ -107,6 +108,8 @@ import at.gv.egovernment.moa.id.auth.validator.parep.client.szrgw.CreateIdentity
import at.gv.egovernment.moa.id.auth.validator.parep.client.szrgw.SZRGWClient;
import at.gv.egovernment.moa.id.auth.validator.parep.client.szrgw.SZRGWClientException;
import at.gv.egovernment.moa.id.auth.validator.parep.client.szrgw.SZRGWConstants;
+import at.gv.egovernment.moa.id.commons.db.dao.config.IdentificationNumber;
+import at.gv.egovernment.moa.id.commons.db.ex.MOADatabaseException;
import at.gv.egovernment.moa.id.config.ConfigurationException;
import at.gv.egovernment.moa.id.config.ConfigurationProvider;
import at.gv.egovernment.moa.id.config.ConnectionParameter;
@@ -117,6 +120,9 @@ import at.gv.egovernment.moa.id.config.auth.VerifyInfoboxParameters;
import at.gv.egovernment.moa.id.config.stork.CPEPS;
import at.gv.egovernment.moa.id.config.stork.STORKConfig;
import at.gv.egovernment.moa.id.data.AuthenticationData;
+import at.gv.egovernment.moa.id.moduls.IRequest;
+import at.gv.egovernment.moa.id.storage.AssertionStorage;
+import at.gv.egovernment.moa.id.storage.AuthenticationSessionStoreage;
import at.gv.egovernment.moa.id.util.HTTPUtils;
import at.gv.egovernment.moa.id.util.MOAIDMessageProvider;
import at.gv.egovernment.moa.id.util.Random;
@@ -130,7 +136,9 @@ import at.gv.egovernment.moa.util.Constants;
import at.gv.egovernment.moa.util.DOMUtils;
import at.gv.egovernment.moa.util.DateTimeUtils;
import at.gv.egovernment.moa.util.FileUtils;
+import at.gv.egovernment.moa.util.MiscUtil;
import at.gv.egovernment.moa.util.StringUtils;
+import at.gv.egovernment.moa.util.XPathUtils;
import eu.stork.mw.messages.saml.STORKAuthnRequest;
import eu.stork.vidp.messages.builder.STORKMessagesBuilder;
import eu.stork.vidp.messages.common.STORKConstants;
@@ -154,18 +162,18 @@ public class AuthenticationServer implements MOAIDAuthConstants {
/** single instance */
private static AuthenticationServer instance;
/** session data store (session ID -> AuthenticationSession) */
- private static Map sessionStore = new HashMap();
- /** authentication data store (assertion handle -> AuthenticationData) */
- private static Map authenticationDataStore = new HashMap();
+ //private static Map sessionStore = new HashMap();
+
/**
* time out in milliseconds used by {@link cleanup} for session store
*/
- private long sessionTimeOut = 10 * 60 * 1000; // default 10 minutes
+ private long sessionTimeOutCreated = 15 * 60 * 1000; // default 10 minutes
+ private long sessionTimeOutUpdated = 10 * 60 * 1000; // default 10 minutes
/**
* time out in milliseconds used by {@link cleanup} for authentication data
* store
*/
- private long authDataTimeOut = 2 * 60 * 1000; // default 2 minutes
+ private long authDataTimeOut = 2 * 60 * 1000; // default 2 minutes
/**
* Returns the single instance of <code>AuthenticationServer</code>.
@@ -185,132 +193,144 @@ public class AuthenticationServer implements MOAIDAuthConstants {
super();
}
- /**
- * Processes request to select a BKU. <br/>
- * Processing depends on value of
- * {@link AuthConfigurationProvider#getBKUSelectionType}. <br/>
- * For <code>bkuSelectionType==HTMLComplete</code>, a <code>returnURI</code>
- * for the "BKU Auswahl" service is returned. <br/>
- * For <code>bkuSelectionType==HTMLSelect</code>, an HTML form for BKU
- * selection is returned.
- *
- * @param authURL
- * base URL of MOA-ID Auth component
- * @param target
- * "Gesch&auml;ftsbereich"
- * @param oaURL
- * online application URL requested
- * @param bkuSelectionTemplateURL
- * template for BKU selection form to be used in case of
- * <code>HTMLSelect</code>; may be null
- * @param templateURL
- * URL providing an HTML template for the HTML form to be used
- * for call <code>startAuthentication</code>
- * @return for <code>bkuSelectionType==HTMLComplete</code>, the
- * <code>returnURI</code> for the "BKU Auswahl" service; for
- * <code>bkuSelectionType==HTMLSelect</code>, an HTML form for BKU
- * selection
- * @throws WrongParametersException
- * upon missing parameters
- * @throws AuthenticationException
- * when the configured BKU selection service cannot be reached,
- * and when the given bkuSelectionTemplateURL cannot be reached
- * @throws ConfigurationException
- * on missing configuration data
- * @throws BuildException
- * while building the HTML form
- */
- public String selectBKU(String authURL, String target, String oaURL,
- String bkuSelectionTemplateURL, String templateURL)
- throws WrongParametersException, AuthenticationException,
- ConfigurationException, BuildException {
-
- // check if HTTP Connection may be allowed (through
- // FRONTEND_SERVLETS_ENABLE_HTTP_CONNECTION_PROPERTY)
- String boolStr = AuthConfigurationProvider
- .getInstance()
- .getGenericConfigurationParameter(
- AuthConfigurationProvider.FRONTEND_SERVLETS_ENABLE_HTTP_CONNECTION_PROPERTY);
- if ((!authURL.startsWith("https:"))
- && (false == BoolUtils.valueOf(boolStr)))
- throw new AuthenticationException("auth.07", new Object[] { authURL
- + "*" });
- if (isEmpty(authURL))
- throw new WrongParametersException("StartAuthentication",
- "AuthURL", "auth.05");
- if (isEmpty(oaURL))
- throw new WrongParametersException("StartAuthentication", PARAM_OA,
- "auth.05");
-
- ConnectionParameter bkuConnParam = AuthConfigurationProvider
- .getInstance().getBKUConnectionParameter();
- if (bkuConnParam == null)
- throw new ConfigurationException("config.08",
- new Object[] { "BKUSelection/ConnectionParameter" });
- OAAuthParameter oaParam = AuthConfigurationProvider.getInstance()
- .getOnlineApplicationParameter(oaURL);
- if (oaParam == null)
- throw new AuthenticationException("auth.00", new Object[] { oaURL });
-
- if (!oaParam.getBusinessService()) {
- if (isEmpty(target))
- throw new WrongParametersException("StartAuthentication",
- PARAM_TARGET, "auth.05");
- } else {
- if (!isEmpty(target)) {
- Logger
- .info("Ignoring target parameter thus application type is \"businessService\"");
- }
- target = null;
- }
-
- AuthenticationSession session = newSession();
- Logger.info("MOASession " + session.getSessionID() + " angelegt");
- session.setTarget(target);
- session.setOAURLRequested(oaURL);
- session.setPublicOAURLPrefix(oaParam.getPublicURLPrefix());
- session.setAuthURL(authURL);
- session.setTemplateURL(templateURL);
- session.setBusinessService(oaParam.getBusinessService());
- String returnURL = new DataURLBuilder().buildDataURL(authURL,
- REQ_START_AUTHENTICATION, session.getSessionID());
- String bkuSelectionType = AuthConfigurationProvider.getInstance()
- .getBKUSelectionType();
- if (bkuSelectionType
- .equals(AuthConfigurationProvider.BKU_SELECTION_TYPE_HTMLCOMPLETE)) {
- // bkuSelectionType==HTMLComplete
- String redirectURL = bkuConnParam.getUrl() + "?"
- + AuthServlet.PARAM_RETURN + "=" + returnURL;
- return redirectURL;
- } else {
- // bkuSelectionType==HTMLSelect
- String bkuSelectTag;
- try {
- bkuSelectTag = readBKUSelectTag(AuthConfigurationProvider
- .getInstance(), bkuConnParam);
- } catch (Throwable ex) {
- throw new AuthenticationException("auth.11", new Object[] {
- bkuConnParam.getUrl(), ex.toString() }, ex);
- }
- String bkuSelectionTemplate = null;
- // override template url by url from configuration file
- if (oaParam.getBkuSelectionTemplateURL() != null) {
- bkuSelectionTemplateURL = oaParam.getBkuSelectionTemplateURL();
- }
- if (bkuSelectionTemplateURL != null) {
- try {
- bkuSelectionTemplate = new String(FileUtils
- .readURL(bkuSelectionTemplateURL));
- } catch (IOException ex) {
- throw new AuthenticationException("auth.03", new Object[] {
- bkuSelectionTemplateURL, ex.toString() }, ex);
- }
- }
- String htmlForm = new SelectBKUFormBuilder().build(
- bkuSelectionTemplate, returnURL, bkuSelectTag);
- return htmlForm;
- }
- }
+// /**
+// * Processes request to select a BKU. <br/>
+// * Processing depends on value of
+// * {@link AuthConfigurationProvider#getBKUSelectionType}. <br/>
+// * For <code>bkuSelectionType==HTMLComplete</code>, a <code>returnURI</code>
+// * for the "BKU Auswahl" service is returned. <br/>
+// * For <code>bkuSelectionType==HTMLSelect</code>, an HTML form for BKU
+// * selection is returned.
+// *
+// * @param authURL
+// * base URL of MOA-ID Auth component
+// * @param target
+// * "Gesch&auml;ftsbereich"
+// * @param oaURL
+// * online application URL requested
+// * @param bkuSelectionTemplateURL
+// * template for BKU selection form to be used in case of
+// * <code>HTMLSelect</code>; may be null
+// * @param templateURL
+// * URL providing an HTML template for the HTML form to be used
+// * for call <code>startAuthentication</code>
+// * @return for <code>bkuSelectionType==HTMLComplete</code>, the
+// * <code>returnURI</code> for the "BKU Auswahl" service; for
+// * <code>bkuSelectionType==HTMLSelect</code>, an HTML form for BKU
+// * selection
+// * @throws WrongParametersException
+// * upon missing parameters
+// * @throws AuthenticationException
+// * when the configured BKU selection service cannot be reached,
+// * and when the given bkuSelectionTemplateURL cannot be reached
+// * @throws ConfigurationException
+// * on missing configuration data
+// * @throws BuildException
+// * while building the HTML form
+// */
+// public String selectBKU(String authURL, String target, String oaURL,
+// String bkuSelectionTemplateURL, String templateURL)
+// throws WrongParametersException, AuthenticationException,
+// ConfigurationException, BuildException {
+//
+// // check if HTTP Connection may be allowed (through
+// // FRONTEND_SERVLETS_ENABLE_HTTP_CONNECTION_PROPERTY)
+// String boolStr = AuthConfigurationProvider
+// .getInstance()
+// .getGenericConfigurationParameter(
+// AuthConfigurationProvider.FRONTEND_SERVLETS_ENABLE_HTTP_CONNECTION_PROPERTY);
+// if ((!authURL.startsWith("https:"))
+// && (false == BoolUtils.valueOf(boolStr)))
+// throw new AuthenticationException("auth.07", new Object[] { authURL
+// + "*" });
+// if (isEmpty(authURL))
+// throw new WrongParametersException("StartAuthentication",
+// "AuthURL", "auth.05");
+// if (isEmpty(oaURL))
+// throw new WrongParametersException("StartAuthentication", PARAM_OA,
+// "auth.05");
+//
+// ConnectionParameter bkuConnParam = AuthConfigurationProvider
+// .getInstance().getBKUConnectionParameter();
+// if (bkuConnParam == null)
+// throw new ConfigurationException("config.08",
+// new Object[] { "BKUSelection/ConnectionParameter" });
+// OAAuthParameter oaParam = AuthConfigurationProvider.getInstance()
+// .getOnlineApplicationParameter(oaURL);
+// if (oaParam == null)
+// throw new AuthenticationException("auth.00", new Object[] { oaURL });
+//
+// if (!oaParam.getBusinessService()) {
+// if (isEmpty(target))
+// throw new WrongParametersException("StartAuthentication",
+// PARAM_TARGET, "auth.05");
+// } else {
+// if (!isEmpty(target)) {
+// Logger
+// .info("Ignoring target parameter thus application type is \"businessService\"");
+// }
+// target = null;
+// }
+//
+// AuthenticationSession session = newSession();
+// Logger.info("MOASession " + session.getSessionID() + " angelegt");
+// session.setTarget(target);
+// session.setOAURLRequested(oaURL);
+// session.setPublicOAURLPrefix(oaParam.getPublicURLPrefix());
+// session.setAuthURL(authURL);
+// session.setTemplateURL(templateURL);
+// session.setBusinessService(oaParam.getBusinessService());
+//
+// try {
+// AuthenticationSessionStoreage.storeSession(session);
+//
+// } catch (MOADatabaseException e) {
+// throw new AuthenticationException("", null);
+// }
+//
+// String returnURL = new DataURLBuilder().buildDataURL(authURL,
+// REQ_START_AUTHENTICATION, session.getSessionID());
+// String bkuSelectionType = AuthConfigurationProvider.getInstance()
+// .getBKUSelectionType();
+// if (bkuSelectionType
+// .equals(AuthConfigurationProvider.BKU_SELECTION_TYPE_HTMLCOMPLETE)) {
+// // bkuSelectionType==HTMLComplete
+// String redirectURL = bkuConnParam.getUrl() + "?"
+// + AuthServlet.PARAM_RETURN + "=" + returnURL;
+// return redirectURL;
+// } else {
+// // bkuSelectionType==HTMLSelect
+// String bkuSelectTag;
+// try {
+// bkuSelectTag = readBKUSelectTag(AuthConfigurationProvider
+// .getInstance(), bkuConnParam);
+// } catch (Throwable ex) {
+// throw new AuthenticationException("auth.11", new Object[] {
+// bkuConnParam.getUrl(), ex.toString() }, ex);
+// }
+// String bkuSelectionTemplate = null;
+//
+// //removed in MOAID 2.0
+// // override template url by url from configuration file
+//// if (oaParam.getBkuSelectionTemplateURL() != null) {
+//// bkuSelectionTemplateURL = oaParam.getBkuSelectionTemplateURL();
+//// }
+//
+//// if (bkuSelectionTemplateURL != null) {
+//// try {
+//// bkuSelectionTemplate = new String(FileUtils
+//// .readURL(bkuSelectionTemplateURL));
+//// } catch (IOException ex) {
+//// throw new AuthenticationException("auth.03", new Object[] {
+//// bkuSelectionTemplateURL, ex.toString() }, ex);
+//// }
+//// }
+//
+// String htmlForm = new SelectBKUFormBuilder().build(
+// bkuSelectionTemplate, returnURL, bkuSelectTag);
+// return htmlForm;
+// }
+// }
/**
* Method readBKUSelectTag.
@@ -382,131 +402,78 @@ public class AuthenticationServer implements MOAIDAuthConstants {
* @see GetIdentityLinkFormBuilder
* @see InfoboxReadRequestBuilder
*/
- public String startAuthentication(String authURL, String target,
- String targetFriendlyName, String oaURL, String templateURL,
- String bkuURL, String useMandate, String sessionID, String scheme,
- String sourceID) throws WrongParametersException,
+ public String startAuthentication(AuthenticationSession session, String scheme) throws WrongParametersException,
AuthenticationException, ConfigurationException, BuildException {
- String useMandateString = null;
- boolean useMandateBoolean = false;
- if ((useMandate != null) && (useMandate.compareTo("") != 0)) {
- useMandateString = useMandate;
- } else {
- useMandateString = "false";
+ if (session == null) {
+ throw new AuthenticationException("auth.18", new Object[] { });
}
-
- if (useMandateString.compareToIgnoreCase("true") == 0)
- useMandateBoolean = true;
- else
- useMandateBoolean = false;
-
- if (isEmpty(sessionID)) {
- if (isEmpty(authURL))
- throw new WrongParametersException("StartAuthentication",
- "AuthURL", "auth.05");
-
- // check if HTTP Connection may be allowed (through
- // FRONTEND_SERVLETS_ENABLE_HTTP_CONNECTION_PROPERTY)
- String boolStr = AuthConfigurationProvider
- .getInstance()
- .getGenericConfigurationParameter(
- AuthConfigurationProvider.FRONTEND_SERVLETS_ENABLE_HTTP_CONNECTION_PROPERTY);
- if ((!authURL.startsWith("https:"))
- && (false == BoolUtils.valueOf(boolStr)))
- throw new AuthenticationException("auth.07",
- new Object[] { authURL + "*" });
- if (isEmpty(oaURL))
- throw new WrongParametersException("StartAuthentication",
- PARAM_OA, "auth.05");
- }
- AuthenticationSession session;
- OAAuthParameter oaParam;
- if (sessionID != null) {
- session = getSession(sessionID);
- oaParam = AuthConfigurationProvider.getInstance()
- .getOnlineApplicationParameter(
- session.getPublicOAURLPrefix());
- } else {
- oaParam = AuthConfigurationProvider.getInstance()
- .getOnlineApplicationParameter(oaURL);
- if (oaParam == null)
- throw new AuthenticationException("auth.00",
- new Object[] { oaURL });
- if (!oaParam.getBusinessService()) {
- if (isEmpty(target))
- throw new WrongParametersException("StartAuthentication",
- PARAM_TARGET, "auth.05");
- } else {
- if (useMandateBoolean) {
- Logger
- .error("Online-Mandate Mode for bussines application not supported.");
- throw new AuthenticationException("auth.17", null);
- }
- target = null;
- targetFriendlyName = null;
+
+ //load OnlineApplication configuration
+ OAAuthParameter oaParam =
+ AuthConfigurationProvider.getInstance().getOnlineApplicationParameter(session.getPublicOAURLPrefix());
+ if (oaParam == null)
+ throw new AuthenticationException("auth.00", new Object[] { session.getPublicOAURLPrefix() });
+
+ //load Template
+ String template = null;
+ if (session.getTemplateURL() != null) {
+ try {
+ template = new String(FileUtils.readURL(session.getTemplateURL()));
+ } catch (IOException ex) {
+ throw new AuthenticationException("auth.03", new Object[] {
+ session.getTemplateURL(), ex.toString() }, ex);
}
- session = newSession();
- Logger.info("MOASession " + session.getSessionID() + " angelegt");
- session.setTarget(target);
- session.setTargetFriendlyName(targetFriendlyName);
- session.setOAURLRequested(oaURL);
- session.setPublicOAURLPrefix(oaParam.getPublicURLPrefix());
- session.setAuthURL(authURL);
- session.setTemplateURL(templateURL);
- session.setBusinessService(oaParam.getBusinessService());
- if (sourceID != null)
- session.setSourceID(sourceID);
}
- // BKU URL has not been set yet, even if session already exists
- if (bkuURL == null) {
- if (scheme != null && scheme.equalsIgnoreCase("https")) {
- bkuURL = DEFAULT_BKU_HTTPS;
- } else {
- bkuURL = DEFAULT_BKU;
+
+ String infoboxReadRequest = "";
+
+ if (session.isSsoRequested()) {
+ //load identityLink with SSO Target
+ boolean isbuisness = false;
+ String domainIdentifier = "";
+ IdentificationNumber ssobusiness = AuthConfigurationProvider.getInstance().getSSOBusinessService();
+ if (ssobusiness != null) {
+ isbuisness = true;
+ domainIdentifier = ssobusiness.getValue();
}
- }
- session.setBkuURL(bkuURL);
- session.setDomainIdentifier(oaParam.getIdentityLinkDomainIdentifier());
- session.setUseMandate(useMandateString);
- String infoboxReadRequest = new InfoboxReadRequestBuilder().build(
- oaParam.getSlVersion12(), oaParam.getBusinessService(), oaParam
+
+ //build ReadInfobox request
+ infoboxReadRequest = new InfoboxReadRequestBuilder().build(
+ oaParam.isSlVersion12(), isbuisness, domainIdentifier);
+
+ } else {
+ //build ReadInfobox request
+ infoboxReadRequest = new InfoboxReadRequestBuilder().build(
+ oaParam.isSlVersion12(), oaParam.getBusinessService(), oaParam
.getIdentityLinkDomainIdentifier());
+ }
+
String dataURL = new DataURLBuilder().buildDataURL(
session.getAuthURL(), REQ_VERIFY_IDENTITY_LINK, session
.getSessionID());
- String template = null;
- // override template url by url from configuration file
- if (oaParam.getTemplateURL() != null) {
- templateURL = oaParam.getTemplateURL();
- } else {
- templateURL = session.getTemplateURL();
- }
- if (templateURL != null) {
- try {
- template = new String(FileUtils.readURL(templateURL));
- } catch (IOException ex) {
- throw new AuthenticationException("auth.03", new Object[] {
- templateURL, ex.toString() }, ex);
- }
- }
-
+
+ //removed in MOAID 2.0
String pushInfobox = "";
- VerifyInfoboxParameters verifyInfoboxParameters = oaParam
- .getVerifyInfoboxParameters();
- if (verifyInfoboxParameters != null) {
- pushInfobox = verifyInfoboxParameters.getPushInfobox();
- session.setPushInfobox(pushInfobox);
- }
+// VerifyInfoboxParameters verifyInfoboxParameters = oaParam
+// .getVerifyInfoboxParameters();
+// if (verifyInfoboxParameters != null) {
+// pushInfobox = verifyInfoboxParameters.getPushInfobox();
+// session.setPushInfobox(pushInfobox);
+// }
+
+ //build CertInfo request
String certInfoRequest = new CertInfoVerifyXMLSignatureRequestBuilder()
- .build(oaParam.getSlVersion12());
+ .build(oaParam.isSlVersion12());
String certInfoDataURL = new DataURLBuilder()
.buildDataURL(session.getAuthURL(), REQ_START_AUTHENTICATION,
session.getSessionID());
+
String htmlForm = new GetIdentityLinkFormBuilder().build(template,
- bkuURL, infoboxReadRequest, dataURL, certInfoRequest,
+ session.getBkuURL(), infoboxReadRequest, dataURL, certInfoRequest,
certInfoDataURL, pushInfobox);
+
return htmlForm;
}
@@ -535,12 +502,12 @@ public class AuthenticationServer implements MOAIDAuthConstants {
* @return String representation of the
* <code>&lt;CreateXMLSignatureRequest&gt;</code>
*/
- public String verifyIdentityLink(String sessionID,
+ public String verifyIdentityLink(AuthenticationSession session,
Map infoboxReadResponseParameters) throws AuthenticationException,
BuildException, ParseException, ConfigurationException,
ValidateException, ServiceException {
- if (isEmpty(sessionID))
+ if (session == null)
throw new AuthenticationException("auth.10", new Object[] {
REQ_VERIFY_IDENTITY_LINK, PARAM_SESSIONID });
@@ -553,10 +520,11 @@ public class AuthenticationServer implements MOAIDAuthConstants {
throw new AuthenticationException("auth.10", new Object[] {
REQ_VERIFY_IDENTITY_LINK, PARAM_XMLRESPONSE });
- AuthenticationSession session = getSession(sessionID);
- if (session.getTimestampIdentityLink() != null)
- throw new AuthenticationException("auth.01",
- new Object[] { sessionID });
+// AuthenticationSession session = getSession(sessionID);
+// if (session.getTimestampIdentityLink() != null)
+// throw new AuthenticationException("auth.01",
+// new Object[] { sessionID });
+
session.setTimestampIdentityLink();
AuthConfigurationProvider authConf = AuthConfigurationProvider
.getInstance();
@@ -639,11 +607,15 @@ public class AuthenticationServer implements MOAIDAuthConstants {
session.setIdentityLink(identityLink);
// now validate the extended infoboxes
- verifyInfoboxes(session, infoboxReadResponseParameters, !oaParam
- .getProvideStammzahl());
+
+ //TODO: check correctness
+// verifyInfoboxes(session, infoboxReadResponseParameters, !oaParam
+// .getProvideStammzahl());
+ verifyInfoboxes(session, infoboxReadResponseParameters, false);
- return getCreateXMLSignatureRequestAuthBlockOrRedirect(session,
- authConf, oaParam);
+
+ //TODO: make it better!!
+ return "found!";
}
/**
@@ -671,31 +643,40 @@ public class AuthenticationServer implements MOAIDAuthConstants {
* @return String representation of the
* <code>&lt;CreateXMLSignatureRequest&gt;</code>
*/
- public String verifyCertificate(String sessionID,
+ public String verifyCertificate(AuthenticationSession session,
X509Certificate certificate) throws AuthenticationException,
BuildException, ParseException, ConfigurationException,
- ValidateException, ServiceException {
+ ValidateException, ServiceException, MOAIDException{
- if (isEmpty(sessionID))
+ if (session == null)
throw new AuthenticationException("auth.10", new Object[] {
REQ_VERIFY_CERTIFICATE, PARAM_SESSIONID });
// check if person is a Organwalter
// if true - don't show bPK in AUTH Block
- boolean isOW = false;
-// String oid = null;
-// if (oid.equalsIgnoreCase(MISMandate.OID_ORGANWALTER))
-// isOW = true;
-//
- AuthenticationSession session = getSession(sessionID);
+ try {
+ for (ObjectID OWid : MOAIDAuthConstants.OW_LIST) {
+ if (certificate.getExtension(OWid) != null) {
+ session.setOW(true);
+ }
+
+ }
+
+ } catch (X509ExtensionInitException e) {
+ Logger.warn("Certificate extension is not readable.");
+ session.setOW(false);
+ }
+
AuthConfigurationProvider authConf = AuthConfigurationProvider
.getInstance();
OAAuthParameter oaParam = AuthConfigurationProvider.getInstance()
.getOnlineApplicationParameter(session.getPublicOAURLPrefix());
- return getCreateXMLSignatureRequestAuthBlockOrRedirectForOW(session,
- authConf, oaParam, isOW);
+ String returnvalue = getCreateXMLSignatureRequestAuthBlockOrRedirect(session,
+ authConf, oaParam);
+
+ return returnvalue;
}
/**
@@ -717,22 +698,15 @@ public class AuthenticationServer implements MOAIDAuthConstants {
* @return String representation of the
* <code>&lt;CreateXMLSignatureRequest&gt;</code>
*/
- public void verifyMandate(String sessionID, MISMandate mandate)
+ public void verifyMandate(AuthenticationSession session, MISMandate mandate)
throws AuthenticationException, BuildException, ParseException,
ConfigurationException, ValidateException, ServiceException {
- if (isEmpty(sessionID))
+ if (session == null)
throw new AuthenticationException("auth.10", new Object[] {
GET_MIS_SESSIONID, PARAM_SESSIONID });
- String sMandate = new String(mandate.getMandate());
- if (sMandate == null | sMandate.compareToIgnoreCase("") == 0) {
- Logger.error("Mandate is empty.");
- throw new AuthenticationException("auth.16",
- new Object[] { GET_MIS_SESSIONID });
- }
-
- AuthenticationSession session = getSession(sessionID);
+ //AuthenticationSession session = getSession(sessionID);
OAAuthParameter oaParam = AuthConfigurationProvider.getInstance()
.getOnlineApplicationParameter(session.getPublicOAURLPrefix());
@@ -740,6 +714,10 @@ public class AuthenticationServer implements MOAIDAuthConstants {
// sets the extended SAML attributes for OID (Organwalter)
setExtendedSAMLAttributeForMandatesOID(session, mandate, oaParam
.getBusinessService());
+
+ validateExtendedSAMLAttributeForMandates(session, mandate, oaParam.getBusinessService());
+
+
} catch (SAXException e) {
throw new AuthenticationException("auth.16",
new Object[] { GET_MIS_SESSIONID }, e);
@@ -753,27 +731,7 @@ public class AuthenticationServer implements MOAIDAuthConstants {
throw new AuthenticationException("auth.16",
new Object[] { GET_MIS_SESSIONID }, e);
}
-
- if (oaParam.getProvideFullMandatorData()) {
- try {
- // set extended SAML attributes if provideMandatorData is true
- setExtendedSAMLAttributeForMandates(session, mandate, oaParam
- .getBusinessService(), oaParam.getProvideStammzahl());
- } catch (SAXException e) {
- throw new AuthenticationException("auth.16",
- new Object[] { GET_MIS_SESSIONID }, e);
- } catch (IOException e) {
- throw new AuthenticationException("auth.16",
- new Object[] { GET_MIS_SESSIONID }, e);
- } catch (ParserConfigurationException e) {
- throw new AuthenticationException("auth.16",
- new Object[] { GET_MIS_SESSIONID }, e);
- } catch (TransformerException e) {
- throw new AuthenticationException("auth.16",
- new Object[] { GET_MIS_SESSIONID }, e);
- }
- }
-
+
}
/**
@@ -802,17 +760,19 @@ public class AuthenticationServer implements MOAIDAuthConstants {
.getOnlineApplicationParameter(
session.getPublicOAURLPrefix());
+ //TODO: CHECK!! is moved to buildAuthenticationBlock to hold the baseID in identitylink
// if (!fromMandate) {
// BZ.., calculate bPK for signing to be already present in AuthBlock
- IdentityLink identityLink = session.getIdentityLink();
- if (identityLink.getIdentificationType().equals(
- Constants.URN_PREFIX_BASEID)) {
- // only compute bPK if online application is a public service and we
- // have the Stammzahl
- String bpkBase64 = new BPKBuilder().buildBPK(identityLink
- .getIdentificationValue(), session.getTarget());
- identityLink.setIdentificationValue(bpkBase64);
- }
+// IdentityLink identityLink = session.getIdentityLink();
+// if (identityLink.getIdentificationType().equals(
+// Constants.URN_PREFIX_BASEID)) {
+// // only compute bPK if online application is a public service and we
+// // have the Stammzahl
+// String bpkBase64 = new BPKBuilder().buildBPK(identityLink
+// .getIdentificationValue(), session.getTarget());
+// identityLink.setIdentificationValue(bpkBase64);
+// identityLink.setIdentificationType(Constants.URN_PREFIX_CDID + "+" + session.getTarget());
+// }
// ..BZ
// }
@@ -821,81 +781,88 @@ public class AuthenticationServer implements MOAIDAuthConstants {
// session.setAuthBlock(authBlock);
// builds the <CreateXMLSignatureRequest>
- String[] transformsInfos = oaParam.getTransformsInfos();
- if ((transformsInfos == null) || (transformsInfos.length == 0)) {
+ List<String> transformsInfos = oaParam.getTransformsInfos();
+ if ((transformsInfos == null) || (transformsInfos.size() == 0)) {
// no OA specific transforms specified, use default ones
transformsInfos = authConf.getTransformsInfos();
}
String createXMLSignatureRequest = new CreateXMLSignatureRequestBuilder()
.build(authBlock, oaParam.getKeyBoxIdentifier(),
- transformsInfos, oaParam.getSlVersion12());
+ transformsInfos, oaParam.isSlVersion12());
return createXMLSignatureRequest;
}
- /**
- *
- * @param session
- * @param authConf
- * @param oaParam
- * @return
- * @throws ConfigurationException
- * @throws BuildException
- * @throws ValidateException
- */
- public String getCreateXMLSignatureRequestAuthBlockOrRedirectForOW(
- AuthenticationSession session, AuthConfigurationProvider authConf,
- OAAuthParameter oaParam, boolean isOW) throws ConfigurationException,
- BuildException, ValidateException {
-
- // check for intermediate processing of the infoboxes
- if (session.isValidatorInputPending())
- return "Redirect to Input Processor";
-
- if (authConf == null)
- authConf = AuthConfigurationProvider.getInstance();
- if (oaParam == null)
- oaParam = AuthConfigurationProvider.getInstance()
- .getOnlineApplicationParameter(
- session.getPublicOAURLPrefix());
-
- // BZ.., calculate bPK for signing to be already present in AuthBlock
- IdentityLink identityLink = session.getIdentityLink();
- if (identityLink.getIdentificationType().equals(
- Constants.URN_PREFIX_BASEID)) {
- // only compute bPK if online application is a public service and we
- // have the Stammzahl
- if (isOW) {
- // if person is OW, delete identification value (bPK is calculated via MIS)
- identityLink.setIdentificationValue(null);
- identityLink.setIdentificationType(null);
- }
- else {
- String bpkBase64 = new BPKBuilder().buildBPK(identityLink
- .getIdentificationValue(), session.getTarget());
- identityLink.setIdentificationValue(bpkBase64);
- }
- }
- // ..BZ
- // }
-
- // builds the AUTH-block
- String authBlock = buildAuthenticationBlockForOW(session, oaParam, isOW);
-
- // session.setAuthBlock(authBlock);
- // builds the <CreateXMLSignatureRequest>
- String[] transformsInfos = oaParam.getTransformsInfos();
- if ((transformsInfos == null) || (transformsInfos.length == 0)) {
- // no OA specific transforms specified, use default ones
- transformsInfos = authConf.getTransformsInfos();
- }
- String createXMLSignatureRequest = new CreateXMLSignatureRequestBuilder()
- .build(authBlock, oaParam.getKeyBoxIdentifier(),
- transformsInfos, oaParam.getSlVersion12());
-
- System.out.println("XML: " + createXMLSignatureRequest);
-
- return createXMLSignatureRequest;
- }
+// /**
+// *
+// * @param session
+// * @param authConf
+// * @param oaParam
+// * @return
+// * @throws ConfigurationException
+// * @throws BuildException
+// * @throws ValidateException
+// */
+// public String getCreateXMLSignatureRequestAuthBlockOrRedirectForOW(
+// AuthenticationSession session, AuthConfigurationProvider authConf,
+// OAAuthParameter oaParam, boolean isOW) throws ConfigurationException,
+// BuildException, ValidateException {
+//
+// // check for intermediate processing of the infoboxes
+// if (session.isValidatorInputPending())
+// return "Redirect to Input Processor";
+//
+// if (authConf == null)
+// authConf = AuthConfigurationProvider.getInstance();
+// if (oaParam == null)
+// oaParam = AuthConfigurationProvider.getInstance()
+// .getOnlineApplicationParameter(
+// session.getPublicOAURLPrefix());
+//
+// // BZ.., calculate bPK for signing to be already present in AuthBlock
+// IdentityLink identityLink = session.getIdentityLink();
+// if (identityLink.getIdentificationType().equals(
+// Constants.URN_PREFIX_BASEID)) {
+//
+// // only compute bPK if online application is a public service and we
+// // have the Stammzahl
+//// if (isOW) {
+//// // if person is OW, delete identification value (bPK is calculated via MIS)
+//// identityLink.setIdentificationValue(null);
+//// identityLink.setIdentificationType(null);
+//// }
+//// else {
+//
+// //TODO: check correctness!!! bpk calcultion is done during Assertion generation
+//// String bpkBase64 = new BPKBuilder().buildBPK(identityLink
+//// .getIdentificationValue(), session.getTarget());
+//// identityLink.setIdentificationValue(bpkBase64);
+////
+//// //TODO: insert correct Type!!!!
+//// identityLink.setIdentificationType(Constants.URN_PREFIX_CDID + "+" + session.getTarget());
+//// }
+//
+// }
+// // ..BZ
+// // }
+//
+// // builds the AUTH-block
+// String authBlock = buildAuthenticationBlockForOW(session, oaParam, isOW);
+//
+// // session.setAuthBlock(authBlock);
+// // builds the <CreateXMLSignatureRequest>
+// List<String> transformsInfos = oaParam.getTransformsInfos();
+// if ((transformsInfos == null) || (transformsInfos.size() == 0)) {
+// // no OA specific transforms specified, use default ones
+// transformsInfos = authConf.getTransformsInfos();
+// }
+// String createXMLSignatureRequest = new CreateXMLSignatureRequestBuilder()
+// .build(authBlock, oaParam.getKeyBoxIdentifier(),
+// transformsInfos, oaParam.isSlVersion12());
+//
+// System.out.println("XML: " + createXMLSignatureRequest);
+//
+// return createXMLSignatureRequest;
+// }
/**
* Returns an CreateXMLSignatureRequest for signing the ERnP statement.<br>
* <ul>
@@ -909,16 +876,16 @@ public class AuthenticationServer implements MOAIDAuthConstants {
* @return String representation of the
* <code>&lt;CreateXMLSignatureRequest&gt;</code>
*/
- public String createXMLSignatureRequestForeignID(String sessionID,
+ public String createXMLSignatureRequestForeignID(AuthenticationSession session,
X509Certificate cert) throws AuthenticationException,
BuildException, ParseException, ConfigurationException,
ValidateException, ServiceException {
- if (isEmpty(sessionID))
+ if (session == null)
throw new AuthenticationException("auth.10", new Object[] {
REQ_VERIFY_CERTIFICATE, PARAM_SESSIONID });
- AuthenticationSession session = getSession(sessionID);
+// AuthenticationSession session = getSession(sessionID);
AuthConfigurationProvider authConf = AuthConfigurationProvider
.getInstance();
@@ -926,6 +893,8 @@ public class AuthenticationServer implements MOAIDAuthConstants {
OAAuthParameter oaParam = AuthConfigurationProvider.getInstance()
.getOnlineApplicationParameter(session.getPublicOAURLPrefix());
+ //session.setSignerCertificate(cert);
+
return getCreateXMLSignatureRequestForeigID(session, authConf, oaParam,
cert);
}
@@ -986,7 +955,7 @@ public class AuthenticationServer implements MOAIDAuthConstants {
throw new AuthenticationException("auth.10", new Object[] {
REQ_GET_FOREIGN_ID, PARAM_XMLRESPONSE });
- AuthenticationSession session = getSession(sessionID);
+ //AuthenticationSession session = getSession(sessionID);
/*
* if (session.getTimestampIdentityLink() != null) throw new
* AuthenticationException("auth.01", new Object[] { sessionID });
@@ -1077,85 +1046,148 @@ public class AuthenticationServer implements MOAIDAuthConstants {
*/
private String buildAuthenticationBlock(AuthenticationSession session,
OAAuthParameter oaParam) throws BuildException {
+
IdentityLink identityLink = session.getIdentityLink();
String issuer = identityLink.getName();
String gebDat = identityLink.getDateOfBirth();
- String identificationValue = identityLink.getIdentificationValue();
- String identificationType = identityLink.getIdentificationType();
-
- String issueInstant = DateTimeUtils.buildDateTime(Calendar
- .getInstance(), oaParam.getUseUTC());
- session.setIssueInstant(issueInstant);
- String authURL = session.getAuthURL();
- String target = session.getTarget();
- String targetFriendlyName = session.getTargetFriendlyName();
- // Bug #485
- // (https://egovlabs.gv.at/tracker/index.php?func=detail&aid=485&group_id=6&atid=105)
- // String oaURL = session.getPublicOAURLPrefix();
- String oaURL = session.getPublicOAURLPrefix().replaceAll("&", "&amp;");
- List extendedSAMLAttributes = session.getExtendedSAMLAttributesAUTH();
- String authBlock = new AuthenticationBlockAssertionBuilder()
- .buildAuthBlock(issuer, issueInstant, authURL, target,
- targetFriendlyName, identificationValue,
- identificationType, oaURL, gebDat,
- extendedSAMLAttributes, session);
- return authBlock;
- }
-
- /**
- * Builds an authentication block <code>&lt;saml:Assertion&gt;</code> from
- * given session data.
- *
- * @param session
- * authentication session
- *
- * @return <code>&lt;saml:Assertion&gt;</code> as a String
- *
- * @throws BuildException
- * If an error occurs on serializing an extended SAML attribute
- * to be appended to the AUTH-Block.
- */
- private String buildAuthenticationBlockForOW(AuthenticationSession session,
- OAAuthParameter oaParam, boolean isOW) throws BuildException {
- IdentityLink identityLink = session.getIdentityLink();
- String issuer = identityLink.getName();
- String gebDat = identityLink.getDateOfBirth();
- String identificationValue = identityLink.getIdentificationValue();
- String identificationType = identityLink.getIdentificationType();
+ String identificationValue = null;
+ String identificationType = null;
+
+ if (identityLink.getIdentificationType().equals(
+ Constants.URN_PREFIX_BASEID)) {
+ // only compute bPK if online application is a public service and we
+ // have the Stammzahl
+
+
+ if (session.isSsoRequested()) {
+ identificationType = "";
+ identificationValue = "";
+
+ } else {
+ String bpkBase64 = new BPKBuilder().buildBPK(identityLink
+ .getIdentificationValue(), session.getTarget());
+ identificationValue = bpkBase64;
+ identificationType = Constants.URN_PREFIX_CDID + "+" + session.getTarget();
+ }
+
+// identityLink.setIdentificationValue(bpkBase64);
+// identityLink.setIdentificationType(Constants.URN_PREFIX_CDID + "+" + session.getTarget());
+
+ } else {
+ identificationValue = identityLink.getIdentificationValue();
+ identificationType = identityLink.getIdentificationType();
+
+ }
+ //set empty AuthBlock BPK in case of OW
+ if (session.isOW()) {
+ identificationType = "";
+ identificationValue = "";
+ }
+
String issueInstant = DateTimeUtils.buildDateTime(Calendar
.getInstance(), oaParam.getUseUTC());
session.setIssueInstant(issueInstant);
String authURL = session.getAuthURL();
String target = session.getTarget();
String targetFriendlyName = session.getTargetFriendlyName();
+
// Bug #485
// (https://egovlabs.gv.at/tracker/index.php?func=detail&aid=485&group_id=6&atid=105)
// String oaURL = session.getPublicOAURLPrefix();
- String oaURL = session.getPublicOAURLPrefix().replaceAll("&", "&amp;");
+
List extendedSAMLAttributes = session.getExtendedSAMLAttributesAUTH();
- Iterator it = extendedSAMLAttributes.iterator();
- // delete bPK attribute from extended SAML attributes
- if (isOW) {
- ExtendedSAMLAttribute toDelete = null;
- while (it.hasNext()) {
- ExtendedSAMLAttribute attr = (ExtendedSAMLAttribute)it.next();
- if (attr.getName().equalsIgnoreCase("bPK"))
- toDelete = attr;
- }
- if (toDelete != null)
- extendedSAMLAttributes.remove(toDelete);
- }
- String authBlock = new AuthenticationBlockAssertionBuilder()
+
+ if (session.isSsoRequested()) {
+ String oaURL =new String();
+ try {
+ oaURL = AuthConfigurationProvider.getInstance().getSSOPublicUrl();
+
+ if (MiscUtil.isNotEmpty(oaURL))
+ oaURL = oaURL.replaceAll("&", "&amp;");
+
+ } catch (ConfigurationException e) {
+ }
+ String authBlock = new AuthenticationBlockAssertionBuilder()
+ .buildAuthBlockSSO(issuer, issueInstant, authURL, target,
+ targetFriendlyName, identificationValue,
+ identificationType, oaURL, gebDat,
+ extendedSAMLAttributes, session, oaParam);
+ return authBlock;
+
+ } else {
+ String oaURL = session.getPublicOAURLPrefix().replaceAll("&", "&amp;");
+ String authBlock = new AuthenticationBlockAssertionBuilder()
.buildAuthBlock(issuer, issueInstant, authURL, target,
targetFriendlyName, identificationValue,
identificationType, oaURL, gebDat,
- extendedSAMLAttributes, session);
+ extendedSAMLAttributes, session, oaParam);
+ return authBlock;
+ }
+
- return authBlock;
+
+
+
}
+
+// /**
+// * Builds an authentication block <code>&lt;saml:Assertion&gt;</code> from
+// * given session data.
+// *
+// * @param session
+// * authentication session
+// *
+// * @return <code>&lt;saml:Assertion&gt;</code> as a String
+// *
+// * @throws BuildException
+// * If an error occurs on serializing an extended SAML attribute
+// * to be appended to the AUTH-Block.
+// */
+// private String buildAuthenticationBlockForOW(AuthenticationSession session,
+// OAAuthParameter oaParam, boolean isOW) throws BuildException {
+// IdentityLink identityLink = session.getIdentityLink();
+// String issuer = identityLink.getName();
+// String gebDat = identityLink.getDateOfBirth();
+// String identificationValue = identityLink.getIdentificationValue();
+// String identificationType = identityLink.getIdentificationType();
+//
+// String issueInstant = DateTimeUtils.buildDateTime(Calendar
+// .getInstance(), oaParam.getUseUTC());
+// session.setIssueInstant(issueInstant);
+// String authURL = session.getAuthURL();
+// String target = session.getTarget();
+// String targetFriendlyName = session.getTargetFriendlyName();
+// // Bug #485
+// // (https://egovlabs.gv.at/tracker/index.php?func=detail&aid=485&group_id=6&atid=105)
+// // String oaURL = session.getPublicOAURLPrefix();
+// String oaURL = session.getPublicOAURLPrefix().replaceAll("&", "&amp;");
+//
+//
+// List extendedSAMLAttributes = session.getExtendedSAMLAttributesAUTH();
+// Iterator it = extendedSAMLAttributes.iterator();
+// // delete bPK attribute from extended SAML attributes
+// if (session.isOW()) {
+// ExtendedSAMLAttribute toDelete = null;
+// while (it.hasNext()) {
+// ExtendedSAMLAttribute attr = (ExtendedSAMLAttribute)it.next();
+// if (attr.getName().equalsIgnoreCase("bPK"))
+// toDelete = attr;
+// }
+// if (toDelete != null)
+// extendedSAMLAttributes.remove(toDelete);
+// }
+//
+// String authBlock = new AuthenticationBlockAssertionBuilder()
+// .buildAuthBlock(issuer, issueInstant, authURL, target,
+// targetFriendlyName, identificationValue,
+// identificationType, oaURL, gebDat,
+// extendedSAMLAttributes, session, oaParam);
+//
+// return authBlock;
+// }
/**
* Verifies the infoboxes (except of the identity link infobox) returned by
@@ -1184,18 +1216,26 @@ public class AuthenticationServer implements MOAIDAuthConstants {
.getInstance();
// get the default VerifyInfobox parameters
Map defaultInfoboxParameters = null;
- VerifyInfoboxParameters defaultVerifyInfoboxParameters = authConfigurationProvider
- .getDefaultVerifyInfoboxParameters();
- if (defaultVerifyInfoboxParameters != null) {
- defaultInfoboxParameters = defaultVerifyInfoboxParameters
- .getInfoboxParameters();
- }
+
+ //removed in MOA-ID 2.0
+// VerifyInfoboxParameters defaultVerifyInfoboxParameters = authConfigurationProvider
+// .getDefaultVerifyInfoboxParameters();
+// if (defaultVerifyInfoboxParameters != null) {
+// defaultInfoboxParameters = defaultVerifyInfoboxParameters
+// .getInfoboxParameters();
+// }
+
// get the OA specific VerifyInfobox parameters
Map infoboxParameters = null;
OAAuthParameter oaParam = authConfigurationProvider
.getOnlineApplicationParameter(session.getPublicOAURLPrefix());
- VerifyInfoboxParameters verifyInfoboxParameters = oaParam
- .getVerifyInfoboxParameters();
+
+ //TODO: check correctness!!!!
+ //removed in MOAID 2.0
+// VerifyInfoboxParameters verifyInfoboxParameters = oaParam
+// .getVerifyInfoboxParameters();
+// VerifyInfoboxParameters verifyInfoboxParameters = null;
+
session.setExtendedSAMLAttributesAUTH(new Vector()); // Initialize SAML
// Attributes
session.setExtendedSAMLAttributesOA(new Vector());
@@ -1203,191 +1243,191 @@ public class AuthenticationServer implements MOAIDAuthConstants {
// System.out.println("SAML set: " +
// session.getExtendedSAMLAttributesAUTH().size());
- if (verifyInfoboxParameters != null) {
-
- infoboxParameters = verifyInfoboxParameters.getInfoboxParameters();
- // get the list of infobox identifiers
- List identifiers = verifyInfoboxParameters.getIdentifiers();
- if (identifiers != null) {
- // step through the identifiers and verify the infoboxes
- Iterator it = identifiers.iterator();
- while (it.hasNext()) {
- String identifier = (String) it.next();
- // get the infobox read response from the map of parameters
- String infoboxReadResponse = (String) infoboxReadResponseParams
- .get(identifier);
- // get the configuration parameters
- VerifyInfoboxParameter verifyInfoboxParameter = null;
- Object object = infoboxParameters.get(identifier);
- // if not present, use default
- if ((object == null) && (defaultInfoboxParameters != null)) {
- object = defaultInfoboxParameters.get(identifier);
- }
- if (object != null) {
- verifyInfoboxParameter = (VerifyInfoboxParameter) object;
- }
- if (infoboxReadResponse != null) {
- if (verifyInfoboxParameter == null) {
- // should not happen because of the pushinfobox
- // mechanism; check it anyway
- Logger.error("No validator for verifying \""
- + identifier + "\"-infobox configured.");
- throw new ValidateException("validator.41",
- new Object[] { identifier });
- } else {
- String friendlyName = verifyInfoboxParameter
- .getFriendlyName();
- boolean isParepRequest = false;
-
- // parse the infobox read reponse
- List infoboxTokenList = null;
- try {
- infoboxTokenList = ExtendedInfoboxReadResponseParser
- .parseInfoboxReadResponse(
- infoboxReadResponse,
- friendlyName);
- } catch (ParseException e) {
- Logger
- .error("InfoboxReadResponse for \""
- + identifier
- + "\"-infobox could not be parsed successfully: "
- + e.getMessage());
- throw new ValidateException("validator.43",
- new Object[] { friendlyName });
- }
- // set compatibility mode for mandates infobox and
- // all infoboxes (it is possible to be a parep
- // infobox)
- // session.setMandateCompatibilityMode(ParepConfiguration.isMandateCompatibilityMode(verifyInfoboxParameter.getApplicationSpecificParams()));
- // check for party representation in mandates
- // infobox
- if (Constants.INFOBOXIDENTIFIER_MANDATES
- .equalsIgnoreCase(identifier)
- && !((infoboxTokenList == null || infoboxTokenList
- .size() == 0))) {
- // We need app specific parameters
- if (null == verifyInfoboxParameter
- .getApplicationSpecificParams()) {
- throw new ValidateException("validator.66",
- new Object[] { friendlyName });
- }
- Element mandate = ParepValidator
- .extractPrimaryToken(infoboxTokenList);
- // ParepUtils.serializeElement(mandate,
- // System.out);
- String mandateID = ParepUtils
- .extractRepresentativeID(mandate);
- if (!isEmpty(mandateID)
- && ("*".equals(mandateID) || mandateID
- .startsWith(MOAIDAuthConstants.PARTY_REPRESENTATION_OID_NUMBER))) {
- isParepRequest = true;
- }
- if (!isParepRequest) {
- // if mandates validator is disabled we must
- // throw an error in this case
- if (!ParepUtils
- .isValidatorEnabled(verifyInfoboxParameter
- .getApplicationSpecificParams())) {
- throw new ValidateException(
- "validator.60",
- new Object[] { friendlyName });
- }
- }
- }
-
- // get the class for validating the infobox
- InfoboxValidator infoboxValidator = null;
- try {
- Class validatorClass = null;
- if (isParepRequest) {
- // Mandates infobox in party representation
- // mode
- validatorClass = Class
- .forName("at.gv.egovernment.moa.id.auth.validator.parep.ParepValidator");
- } else {
- validatorClass = Class
- .forName(verifyInfoboxParameter
- .getValidatorClassName());
- }
- infoboxValidator = (InfoboxValidator) validatorClass
- .newInstance();
- } catch (Exception e) {
- Logger
- .error("Could not load validator class \""
- + verifyInfoboxParameter
- .getValidatorClassName()
- + "\" for \""
- + identifier
- + "\"-infobox: "
- + e.getMessage());
- throw new ValidateException("validator.42",
- new Object[] { friendlyName });
- }
- Logger
- .debug("Successfully loaded validator class \""
- + verifyInfoboxParameter
- .getValidatorClassName()
- + "\" for \""
- + identifier
- + "\"-infobox.");
- // build the parameters for validating the infobox
- InfoboxValidatorParams infoboxValidatorParams = InfoboxValidatorParamsBuilder
- .buildInfoboxValidatorParams(session,
- verifyInfoboxParameter,
- infoboxTokenList, oaParam);
-
- // now validate the infobox
- InfoboxValidationResult infoboxValidationResult = null;
- try {
- infoboxValidationResult = infoboxValidator
- .validate(infoboxValidatorParams);
- } catch (ValidateException e) {
- Logger.error("Error validating " + identifier
- + " infobox:" + e.getMessage());
- throw new ValidateException("validator.44",
- new Object[] { friendlyName });
- }
- if (!infoboxValidationResult.isValid()) {
- Logger.info("Validation of " + identifier
- + " infobox failed.");
- throw new ValidateException("validator.40",
- new Object[] {
- friendlyName,
- infoboxValidationResult
- .getErrorMessage() });
- }
-
- Logger.info(identifier
- + " infobox successfully validated.");
- // store the validator for post processing
- session.addInfoboxValidator(identifier,
- friendlyName, infoboxValidator);
-
- // get the SAML attributes to be appended to the
- // AUTHBlock or to the final
- // SAML Assertion
- AddAdditionalSAMLAttributes(session,
- infoboxValidationResult
- .getExtendedSamlAttributes(),
- identifier, friendlyName);
- }
- } else {
- if ((verifyInfoboxParameter != null)
- && (verifyInfoboxParameter.isRequired())) {
- Logger
- .info("Infobox \""
- + identifier
- + "\" is required, but not returned from the BKU");
- throw new ValidateException("validator.48",
- new Object[] { verifyInfoboxParameter
- .getFriendlyName() });
- }
- Logger.debug("Infobox \"" + identifier
- + "\" not returned from BKU.");
- }
- }
- }
- }
+// if (verifyInfoboxParameters != null) {
+//
+// infoboxParameters = verifyInfoboxParameters.getInfoboxParameters();
+// // get the list of infobox identifiers
+// List identifiers = verifyInfoboxParameters.getIdentifiers();
+// if (identifiers != null) {
+// // step through the identifiers and verify the infoboxes
+// Iterator it = identifiers.iterator();
+// while (it.hasNext()) {
+// String identifier = (String) it.next();
+// // get the infobox read response from the map of parameters
+// String infoboxReadResponse = (String) infoboxReadResponseParams
+// .get(identifier);
+// // get the configuration parameters
+// VerifyInfoboxParameter verifyInfoboxParameter = null;
+// Object object = infoboxParameters.get(identifier);
+// // if not present, use default
+// if ((object == null) && (defaultInfoboxParameters != null)) {
+// object = defaultInfoboxParameters.get(identifier);
+// }
+// if (object != null) {
+// verifyInfoboxParameter = (VerifyInfoboxParameter) object;
+// }
+// if (infoboxReadResponse != null) {
+// if (verifyInfoboxParameter == null) {
+// // should not happen because of the pushinfobox
+// // mechanism; check it anyway
+// Logger.error("No validator for verifying \""
+// + identifier + "\"-infobox configured.");
+// throw new ValidateException("validator.41",
+// new Object[] { identifier });
+// } else {
+// String friendlyName = verifyInfoboxParameter
+// .getFriendlyName();
+// boolean isParepRequest = false;
+//
+// // parse the infobox read reponse
+// List infoboxTokenList = null;
+// try {
+// infoboxTokenList = ExtendedInfoboxReadResponseParser
+// .parseInfoboxReadResponse(
+// infoboxReadResponse,
+// friendlyName);
+// } catch (ParseException e) {
+// Logger
+// .error("InfoboxReadResponse for \""
+// + identifier
+// + "\"-infobox could not be parsed successfully: "
+// + e.getMessage());
+// throw new ValidateException("validator.43",
+// new Object[] { friendlyName });
+// }
+// // set compatibility mode for mandates infobox and
+// // all infoboxes (it is possible to be a parep
+// // infobox)
+// // session.setMandateCompatibilityMode(ParepConfiguration.isMandateCompatibilityMode(verifyInfoboxParameter.getApplicationSpecificParams()));
+// // check for party representation in mandates
+// // infobox
+// if (Constants.INFOBOXIDENTIFIER_MANDATES
+// .equalsIgnoreCase(identifier)
+// && !((infoboxTokenList == null || infoboxTokenList
+// .size() == 0))) {
+// // We need app specific parameters
+// if (null == verifyInfoboxParameter
+// .getApplicationSpecificParams()) {
+// throw new ValidateException("validator.66",
+// new Object[] { friendlyName });
+// }
+// Element mandate = ParepValidator
+// .extractPrimaryToken(infoboxTokenList);
+// // ParepUtils.serializeElement(mandate,
+// // System.out);
+// String mandateID = ParepUtils
+// .extractRepresentativeID(mandate);
+// if (!isEmpty(mandateID)
+// && ("*".equals(mandateID) || mandateID
+// .startsWith(MOAIDAuthConstants.PARTY_REPRESENTATION_OID_NUMBER))) {
+// isParepRequest = true;
+// }
+// if (!isParepRequest) {
+// // if mandates validator is disabled we must
+// // throw an error in this case
+// if (!ParepUtils
+// .isValidatorEnabled(verifyInfoboxParameter
+// .getApplicationSpecificParams())) {
+// throw new ValidateException(
+// "validator.60",
+// new Object[] { friendlyName });
+// }
+// }
+// }
+//
+// // get the class for validating the infobox
+// InfoboxValidator infoboxValidator = null;
+// try {
+// Class validatorClass = null;
+// if (isParepRequest) {
+// // Mandates infobox in party representation
+// // mode
+// validatorClass = Class
+// .forName("at.gv.egovernment.moa.id.auth.validator.parep.ParepValidator");
+// } else {
+// validatorClass = Class
+// .forName(verifyInfoboxParameter
+// .getValidatorClassName());
+// }
+// infoboxValidator = (InfoboxValidator) validatorClass
+// .newInstance();
+// } catch (Exception e) {
+// Logger
+// .error("Could not load validator class \""
+// + verifyInfoboxParameter
+// .getValidatorClassName()
+// + "\" for \""
+// + identifier
+// + "\"-infobox: "
+// + e.getMessage());
+// throw new ValidateException("validator.42",
+// new Object[] { friendlyName });
+// }
+// Logger
+// .debug("Successfully loaded validator class \""
+// + verifyInfoboxParameter
+// .getValidatorClassName()
+// + "\" for \""
+// + identifier
+// + "\"-infobox.");
+// // build the parameters for validating the infobox
+// InfoboxValidatorParams infoboxValidatorParams = InfoboxValidatorParamsBuilder
+// .buildInfoboxValidatorParams(session,
+// verifyInfoboxParameter,
+// infoboxTokenList, oaParam);
+//
+// // now validate the infobox
+// InfoboxValidationResult infoboxValidationResult = null;
+// try {
+// infoboxValidationResult = infoboxValidator
+// .validate(infoboxValidatorParams);
+// } catch (ValidateException e) {
+// Logger.error("Error validating " + identifier
+// + " infobox:" + e.getMessage());
+// throw new ValidateException("validator.44",
+// new Object[] { friendlyName });
+// }
+// if (!infoboxValidationResult.isValid()) {
+// Logger.info("Validation of " + identifier
+// + " infobox failed.");
+// throw new ValidateException("validator.40",
+// new Object[] {
+// friendlyName,
+// infoboxValidationResult
+// .getErrorMessage() });
+// }
+//
+// Logger.info(identifier
+// + " infobox successfully validated.");
+// // store the validator for post processing
+// session.addInfoboxValidator(identifier,
+// friendlyName, infoboxValidator);
+//
+// // get the SAML attributes to be appended to the
+// // AUTHBlock or to the final
+// // SAML Assertion
+// AddAdditionalSAMLAttributes(session,
+// infoboxValidationResult
+// .getExtendedSamlAttributes(),
+// identifier, friendlyName);
+// }
+// } else {
+// if ((verifyInfoboxParameter != null)
+// && (verifyInfoboxParameter.isRequired())) {
+// Logger
+// .info("Infobox \""
+// + identifier
+// + "\" is required, but not returned from the BKU");
+// throw new ValidateException("validator.48",
+// new Object[] { verifyInfoboxParameter
+// .getFriendlyName() });
+// }
+// Logger.debug("Infobox \"" + identifier
+// + "\" not returned from BKU.");
+// }
+// }
+// }
+// }
}
/**
@@ -1406,18 +1446,23 @@ public class AuthenticationServer implements MOAIDAuthConstants {
* @throws IOException
* @throws SAXException
*/
- private void setExtendedSAMLAttributeForMandates(
+ private void validateExtendedSAMLAttributeForMandates(
AuthenticationSession session, MISMandate mandate,
- boolean business, boolean provideStammzahl)
+ boolean business)
throws ValidateException, ConfigurationException, SAXException,
IOException, ParserConfigurationException, TransformerException {
- ExtendedSAMLAttribute[] extendedSamlAttributes = addExtendedSamlAttributes(
- mandate, business, provideStammzahl);
+ ExtendedSAMLAttribute[] extendedSAMLAttributes = addExtendedSamlAttributes(
+ mandate, business, false);
- AddAdditionalSAMLAttributes(session, extendedSamlAttributes,
- "MISService", "MISService");
+ int length = extendedSAMLAttributes.length;
+ for (int i = 0; i < length; i++) {
+ ExtendedSAMLAttribute samlAttribute = extendedSAMLAttributes[i];
+ Object value = verifySAMLAttribute(samlAttribute, i, "MISService",
+ "MISService");
+
+ }
}
/**
@@ -1449,56 +1494,56 @@ public class AuthenticationServer implements MOAIDAuthConstants {
}
- /**
- * Intermediate processing of the infoboxes. The first pending infobox
- * validator may validate the provided input
- *
- * @param session
- * The current authentication session
- * @param parameters
- * The parameters got returned by the user input fields
- */
- public static void processInput(AuthenticationSession session,
- Map parameters) throws ValidateException {
-
- // post processing of the infoboxes
- Iterator iter = session.getInfoboxValidatorIterator();
- if (iter != null) {
- while (iter.hasNext()) {
- Vector infoboxValidatorVector = (Vector) iter.next();
- InfoboxValidator infoboxvalidator = (InfoboxValidator) infoboxValidatorVector
- .get(2);
- if (!ParepUtils.isEmpty(infoboxvalidator.getForm())) {
- String identifier = (String) infoboxValidatorVector.get(0);
- String friendlyName = (String) infoboxValidatorVector
- .get(1);
- InfoboxValidationResult infoboxValidationResult = null;
- try {
- infoboxValidationResult = infoboxvalidator
- .validate(parameters);
- } catch (ValidateException e) {
- Logger.error("Error validating " + identifier
- + " infobox:" + e.getMessage());
- throw new ValidateException("validator.44",
- new Object[] { friendlyName });
- }
- if (!infoboxValidationResult.isValid()) {
- Logger.info("Validation of " + identifier
- + " infobox failed.");
- throw new ValidateException("validator.40",
- new Object[] {
- friendlyName,
- infoboxValidationResult
- .getErrorMessage() });
- }
- AddAdditionalSAMLAttributes(
- session,
- infoboxValidationResult.getExtendedSamlAttributes(),
- identifier, friendlyName);
- }
- }
- }
- }
+// /**
+// * Intermediate processing of the infoboxes. The first pending infobox
+// * validator may validate the provided input
+// *
+// * @param session
+// * The current authentication session
+// * @param parameters
+// * The parameters got returned by the user input fields
+// */
+// public static void processInput(AuthenticationSession session,
+// Map parameters) throws ValidateException {
+//
+// // post processing of the infoboxes
+// Iterator iter = session.getInfoboxValidatorIterator();
+// if (iter != null) {
+// while (iter.hasNext()) {
+// Vector infoboxValidatorVector = (Vector) iter.next();
+// InfoboxValidator infoboxvalidator = (InfoboxValidator) infoboxValidatorVector
+// .get(2);
+// if (!ParepUtils.isEmpty(infoboxvalidator.getForm())) {
+// String identifier = (String) infoboxValidatorVector.get(0);
+// String friendlyName = (String) infoboxValidatorVector
+// .get(1);
+// InfoboxValidationResult infoboxValidationResult = null;
+// try {
+// infoboxValidationResult = infoboxvalidator
+// .validate(parameters);
+// } catch (ValidateException e) {
+// Logger.error("Error validating " + identifier
+// + " infobox:" + e.getMessage());
+// throw new ValidateException("validator.44",
+// new Object[] { friendlyName });
+// }
+// if (!infoboxValidationResult.isValid()) {
+// Logger.info("Validation of " + identifier
+// + " infobox failed.");
+// throw new ValidateException("validator.40",
+// new Object[] {
+// friendlyName,
+// infoboxValidationResult
+// .getErrorMessage() });
+// }
+// AddAdditionalSAMLAttributes(
+// session,
+// infoboxValidationResult.getExtendedSamlAttributes(),
+// identifier, friendlyName);
+// }
+// }
+// }
+// }
/**
* Adds given SAML Attributes to the current session. They will be appended
@@ -1609,7 +1654,7 @@ public class AuthenticationServer implements MOAIDAuthConstants {
* @throws TransformerException
*/
- private static ExtendedSAMLAttribute[] addExtendedSamlAttributes(
+ protected static ExtendedSAMLAttribute[] addExtendedSamlAttributes(
MISMandate mandate, boolean business, boolean provideStammzahl)
throws SAXException, IOException, ParserConfigurationException,
TransformerException {
@@ -1761,7 +1806,7 @@ public class AuthenticationServer implements MOAIDAuthConstants {
return doc.getDocumentElement();
}
- private static void replaceExtendedSAMLAttribute(List attributes,
+ protected static void replaceExtendedSAMLAttribute(List attributes,
ExtendedSAMLAttribute samlAttribute) {
if (null == attributes) {
attributes = new Vector();
@@ -1807,18 +1852,20 @@ public class AuthenticationServer implements MOAIDAuthConstants {
* @return SAML artifact needed for retrieving authentication data, encoded
* BASE64
*/
- public String verifyAuthenticationBlock(String sessionID,
+ public String verifyAuthenticationBlock(AuthenticationSession session,
String xmlCreateXMLSignatureReadResponse)
throws AuthenticationException, BuildException, ParseException,
ConfigurationException, ServiceException, ValidateException {
- if (isEmpty(sessionID))
+ if (session == null)
throw new AuthenticationException("auth.10", new Object[] {
REQ_VERIFY_AUTH_BLOCK, PARAM_SESSIONID });
if (isEmpty(xmlCreateXMLSignatureReadResponse))
throw new AuthenticationException("auth.10", new Object[] {
REQ_VERIFY_AUTH_BLOCK, PARAM_XMLRESPONSE });
- AuthenticationSession session = getSession(sessionID);
+
+ //AuthenticationSession session = getSession(sessionID);
+
AuthConfigurationProvider authConf = AuthConfigurationProvider
.getInstance();
// parses <CreateXMLSignatureResponse>
@@ -1837,9 +1884,13 @@ public class AuthenticationServer implements MOAIDAuthConstants {
REQ_VERIFY_AUTH_BLOCK, PARAM_XMLRESPONSE });
}
// validates <CreateXMLSignatureResponse>
- new CreateXMLSignatureResponseValidator().validate(csresp, session);
+ if (session.isSsoRequested())
+ new CreateXMLSignatureResponseValidator().validateSSO(csresp, session);
+ else
+ new CreateXMLSignatureResponseValidator().validate(csresp, session);
+
// builds a <VerifyXMLSignatureRequest> for a MOA-SPSS call
- String[] vtids = authConf.getMoaSpAuthBlockVerifyTransformsInfoIDs();
+ List<String> vtids = authConf.getMoaSpAuthBlockVerifyTransformsInfoIDs();
String tpid = authConf.getMoaSpAuthBlockTrustProfileID();
Element domVsreq = new VerifyXMLSignatureRequestBuilder().build(csresp,
vtids, tpid);
@@ -1876,7 +1927,8 @@ public class AuthenticationServer implements MOAIDAuthConstants {
// TODO See Bug #144
// Compare AuthBlock Data with information stored in session, especially
// date and time
-
+ CreateXMLSignatureResponseValidator.getInstance().validateSigningDateTime(csresp);
+
// compares the public keys from the identityLink with the AuthBlock
VerifyXMLSignatureResponseValidator.getInstance().validateCertificate(
vsresp, session.getIdentityLink());
@@ -1920,27 +1972,45 @@ public class AuthenticationServer implements MOAIDAuthConstants {
}
}
- OAAuthParameter oaParam = AuthConfigurationProvider.getInstance()
- .getOnlineApplicationParameter(session.getPublicOAURLPrefix());
- boolean useUTC = oaParam.getUseUTC();
- boolean useCondition = oaParam.getUseCondition();
- int conditionLength = oaParam.getConditionLength();
+// OAAuthParameter oaParam = AuthConfigurationProvider.getInstance()
+// .getOnlineApplicationParameter(session.getPublicOAURLPrefix());
+// boolean useUTC = oaParam.getUseUTC();
+// boolean useCondition = oaParam.getUseCondition();
+// int conditionLength = oaParam.getConditionLength();
- // builds authentication data and stores it together with a SAML
- // artifact
- AuthenticationData authData = buildAuthenticationData(session, vsresp,
- useUTC, false);
+
+ //TL: moved to Authentification Data generation
+// AuthenticationData authData = buildAuthenticationData(session, vsresp,
+// useUTC, false);
+//
+// //set Authblock
+// session.setAuthData(authData);
+
+ session.setXMLVerifySignatureResponse(vsresp);
+ session.setSignerCertificate(vsresp.getX509certificate());
+ vsresp.setX509certificate(null);
+ session.setForeigner(false);
+
if (session.getUseMandate()) {
// mandate mode
- // session.setAssertionAuthBlock(assertionAuthBlock)
-
- // set signer certificate
- session.setSignerCertificate(vsresp.getX509certificate());
-
return null;
+
} else {
-
+
+ session.setAuthenticatedUsed(false);
+ session.setAuthenticated(true);
+
+ String oldsessionID = session.getSessionID();
+
+ //Session is implicte stored in changeSessionID!!!
+ String newMOASessionID = AuthenticationSessionStoreage.changeSessionID(session);
+
+ Logger.info("Changed MOASession " + oldsessionID + " to Session " + newMOASessionID);
+ Logger.info("Daten angelegt zu MOASession " + newMOASessionID);
+
+ return newMOASessionID;
+ /*
String samlAssertion = new AuthenticationDataAssertionBuilder()
.build(authData, session.getAssertionPrPerson(), session
.getAssertionAuthBlock(), session
@@ -1973,7 +2043,7 @@ public class AuthenticationServer implements MOAIDAuthConstants {
Logger.info("Anmeldedaten zu MOASession " + sessionID
+ " angelegt, SAML Artifakt " + samlArtifact);
return samlArtifact;
-
+ */
}
}
@@ -2004,171 +2074,8 @@ public class AuthenticationServer implements MOAIDAuthConstants {
* @return SAML artifact needed for retrieving authentication data, encoded
* BASE64
*/
- public String verifyAuthenticationBlockMandate(String sessionID,
- Element mandate) throws AuthenticationException, BuildException,
- ParseException, ConfigurationException, ServiceException,
- ValidateException {
-
- if (isEmpty(sessionID))
- throw new AuthenticationException("auth.10", new Object[] {
- REQ_VERIFY_AUTH_BLOCK, PARAM_SESSIONID });
- AuthenticationSession session = getSession(sessionID);
- // AuthConfigurationProvider authConf =
- // AuthConfigurationProvider.getInstance();
-
- IdentityLink tempIdentityLink = null;
-
- if (session.getUseMandate()) {
- tempIdentityLink = new IdentityLink();
- Element mandator = ParepUtils.extractMandator(mandate);
- String dateOfBirth = "";
- Element prPerson = null;
- String familyName = "";
- String givenName = "";
- String identificationType = "";
- String identificationValue = "";
- if (mandator != null) {
- boolean physical = ParepUtils.isPhysicalPerson(mandator);
- if (physical) {
- familyName = ParepUtils.extractText(mandator,
- "descendant-or-self::pr:Name/pr:FamilyName/text()");
- givenName = ParepUtils.extractText(mandator,
- "descendant-or-self::pr:Name/pr:GivenName/text()");
- dateOfBirth = ParepUtils
- .extractMandatorDateOfBirth(mandator);
- } else {
- familyName = ParepUtils.extractMandatorFullName(mandator);
- }
- identificationType = ParepUtils.getIdentification(mandator,
- "Type");
- identificationValue = ParepUtils.extractMandatorWbpk(mandator);
-
- prPerson = ParepUtils.extractPrPersonOfMandate(mandate);
- if (physical
- && session.getBusinessService()
- && identificationType != null
- && Constants.URN_PREFIX_BASEID
- .equals(identificationType)) {
- // now we calculate the wbPK and do so if we got it from the
- // BKU
- identificationType = Constants.URN_PREFIX_WBPK + "+"
- + session.getDomainIdentifier();
- identificationValue = new BPKBuilder().buildWBPK(
- identificationValue, session.getDomainIdentifier());
- ParepUtils
- .HideStammZahlen(prPerson, true, null, null, true);
- }
-
- tempIdentityLink.setDateOfBirth(dateOfBirth);
- tempIdentityLink.setFamilyName(familyName);
- tempIdentityLink.setGivenName(givenName);
- tempIdentityLink.setIdentificationType(identificationType);
- tempIdentityLink.setIdentificationValue(identificationValue);
- tempIdentityLink.setPrPerson(prPerson);
- try {
- tempIdentityLink.setSamlAssertion(session.getIdentityLink()
- .getSamlAssertion());
- } catch (Exception e) {
- throw new ValidateException("validator.64", null);
- }
-
- }
-
- }
-
- // builds authentication data and stores it together with a SAML
- // artifact
- AuthenticationData authData = session.getAssertionAuthData(); // buildAuthenticationData(session,
- // vsresp,
- // replacementIdentityLink);
-
-
- Element mandatePerson = tempIdentityLink.getPrPerson();
-// try {
-// System.out.println("MANDATE: " +
-// DOMUtils.serializeNode(mandatePerson));
-// }
-// catch(Exception e) {
-// e.printStackTrace();
-// }
- String mandateData = null;
- boolean useCondition = false;
- int conditionLength = -1;
- try {
- OAAuthParameter oaParam = AuthConfigurationProvider.getInstance()
- .getOnlineApplicationParameter(
- session.getPublicOAURLPrefix());
- boolean provideStammzahl = oaParam.getProvideStammzahl();
- useCondition = oaParam.getUseCondition();
- conditionLength = oaParam.getConditionLength();
-
- String isPrPerson = mandatePerson.getAttribute("xsi:type");
-
- if (!StringUtils.isEmpty(isPrPerson)) {
- if (isPrPerson.equalsIgnoreCase("pr:PhysicalPerson")) {
- Element prIdentification = (Element) mandatePerson
- .getElementsByTagNameNS(Constants.PD_NS_URI,
- "Identification").item(0);
- String baseid = getBaseId(mandatePerson);
- Element identificationBpK = createIdentificationBPK(mandatePerson,
- baseid, session.getTarget());
-
- if (!provideStammzahl) {
- prIdentification.getFirstChild().setTextContent("");
- }
-
- mandatePerson.insertBefore(identificationBpK,
- prIdentification);
- }
- }
-
- mandateData = DOMUtils.serializeNode(mandatePerson);
-
- } catch (TransformerException e1) {
- throw new AuthenticationException("auth.16",
- new Object[] { GET_MIS_SESSIONID });
- } catch (IOException e1) {
- throw new AuthenticationException("auth.16",
- new Object[] { GET_MIS_SESSIONID });
- }
-
- String samlAssertion = new AuthenticationDataAssertionBuilder()
- .buildMandate(authData, session.getAssertionPrPerson(),
- mandateData, session.getAssertionAuthBlock(), session
- .getAssertionIlAssertion(),
- session.getBkuURL(), session
- .getAssertionSignerCertificateBase64(), session
- .getAssertionBusinessService(), session
- .getSourceID(), session
- .getExtendedSAMLAttributesOA(), useCondition,
- conditionLength);
- authData.setSamlAssertion(samlAssertion);
- String assertionFile = AuthConfigurationProvider.getInstance()
- .getGenericConfigurationParameter(
- "AuthenticationServer.WriteAssertionToFile");
- if (!ParepUtils.isEmpty(assertionFile))
- try {
- ParepUtils.saveStringToFile(samlAssertion, new File(
- assertionFile));
- } catch (IOException e) {
- throw new BuildException("builder.00", new Object[] {
- "AuthenticationData", e.toString() }, e);
- }
-
- String samlArtifact = new SAMLArtifactBuilder().build(session
- .getAuthURL(), session.getSessionID(), session.getSourceID());
- storeAuthenticationData(samlArtifact, authData);
-
- // invalidates the authentication session
- sessionStore.remove(sessionID);
- Logger.info("Anmeldedaten zu MOASession " + sessionID
- + " angelegt, SAML Artifakt " + samlArtifact);
- return samlArtifact;
-
- }
-
- private Element createIdentificationBPK(Element mandatePerson,
+ protected Element createIdentificationBPK(Element mandatePerson,
String baseid, String target) throws BuildException {
Element identificationBpK = mandatePerson.getOwnerDocument()
.createElementNS(Constants.PD_NS_URI, "Identification");
@@ -2189,7 +2096,7 @@ public class AuthenticationServer implements MOAIDAuthConstants {
}
- private String getBaseId(Element mandatePerson)
+ protected String getBaseId(Element mandatePerson)
throws TransformerException, IOException {
NodeList list = mandatePerson.getElementsByTagNameNS(
Constants.PD_NS_URI, "Identification");
@@ -2225,15 +2132,17 @@ public class AuthenticationServer implements MOAIDAuthConstants {
* @return SAML artifact needed for retrieving authentication data, encoded
* BASE64
*/
- public String getForeignAuthenticationData(String sessionID)
+ public String getForeignAuthenticationData(AuthenticationSession session)
throws AuthenticationException, BuildException, ParseException,
ConfigurationException, ServiceException, ValidateException {
- if (isEmpty(sessionID))
+ //TODO: CHECK if STORK parts works correct!!!!
+
+ if (session == null)
throw new AuthenticationException("auth.10", new Object[] {
REQ_VERIFY_AUTH_BLOCK, PARAM_SESSIONID });
- AuthenticationSession session = getSession(sessionID);
+ //AuthenticationSession session = getSession(sessionID);
// AuthConfigurationProvider authConf =
// AuthConfigurationProvider.getInstance();
@@ -2280,14 +2189,32 @@ public class AuthenticationServer implements MOAIDAuthConstants {
X509Certificate cert = session.getSignerCertificate();
vsresp.setX509certificate(cert);
- OAAuthParameter oaParam = AuthConfigurationProvider.getInstance()
- .getOnlineApplicationParameter(session.getPublicOAURLPrefix());
- boolean useUTC = oaParam.getUseUTC();
- boolean useCondition = oaParam.getUseCondition();
- int conditionLength = oaParam.getConditionLength();
- AuthenticationData authData = buildAuthenticationData(session, vsresp,
- useUTC, true);
+// OAAuthParameter oaParam = AuthConfigurationProvider.getInstance()
+// .getOnlineApplicationParameter(session.getPublicOAURLPrefix());
+// boolean useUTC = oaParam.getUseUTC();
+
+// boolean useCondition = oaParam.getUseCondition();
+// int conditionLength = oaParam.getConditionLength();
+
+ //TL: moved to Assertion generation.
+// AuthenticationData authData = buildAuthenticationData(session, vsresp,
+// useUTC, true);
+//
+// session.setAuthData(authData);
+
+ session.setAuthenticatedUsed(false);
+ session.setAuthenticated(true);
+
+ session.setXMLVerifySignatureResponse(vsresp);
+ session.setSignerCertificate(vsresp.getX509certificate());
+ vsresp.setX509certificate(null);
+ session.setForeigner(true);
+
+ return "new Session";
+
+ //TODO: regenerate MOASession ID!
+ /*
String samlAssertion = new AuthenticationDataAssertionBuilder().build(
authData, session.getAssertionPrPerson(), session
.getAssertionAuthBlock(), session
@@ -2319,7 +2246,7 @@ public class AuthenticationServer implements MOAIDAuthConstants {
Logger.info("Anmeldedaten zu MOASession " + sessionID
+ " angelegt, SAML Artifakt " + samlArtifact);
- return samlArtifact;
+ return samlArtifact;*/
}
/**
@@ -2339,23 +2266,28 @@ public class AuthenticationServer implements MOAIDAuthConstants {
* @throws BuildException
* while building the <code>&lt;saml:Assertion&gt;</code>
*/
- private AuthenticationData buildAuthenticationData(
- AuthenticationSession session,
- VerifyXMLSignatureResponse verifyXMLSigResp, boolean useUTC, boolean isForeigner)
+ public static AuthenticationData buildAuthenticationData(
+ AuthenticationSession session, OAAuthParameter oaParam, String target)
throws ConfigurationException, BuildException {
IdentityLink identityLink = session.getIdentityLink();
AuthenticationData authData = new AuthenticationData();
- OAAuthParameter oaParam = AuthConfigurationProvider.getInstance()
- .getOnlineApplicationParameter(session.getPublicOAURLPrefix());
+
+ VerifyXMLSignatureResponse verifyXMLSigResp = session.getXMLVerifySignatureResponse();
+ boolean useUTC = oaParam.getUseUTC();
boolean businessService = oaParam.getBusinessService();
+
authData.setMajorVersion(1);
authData.setMinorVersion(0);
authData.setAssertionID(Random.nextRandom());
authData.setIssuer(session.getAuthURL());
authData.setIssueInstant(DateTimeUtils.buildDateTime(Calendar
.getInstance(), useUTC));
+
+ //baseID or wbpk in case of BusinessService without SSO or BusinessService SSO
+ authData.setIdentificationValue(identityLink.getIdentificationValue());
authData.setIdentificationType(identityLink.getIdentificationType());
+
authData.setGivenName(identityLink.getGivenName());
authData.setFamilyName(identityLink.getFamilyName());
authData.setDateOfBirth(identityLink.getDateOfBirth());
@@ -2366,84 +2298,68 @@ public class AuthenticationServer implements MOAIDAuthConstants {
.getPublicAuthorityCode());
authData.setBkuURL(session.getBkuURL());
authData.setUseUTC(oaParam.getUseUTC());
- boolean provideStammzahl = oaParam.getProvideStammzahl();
- if (provideStammzahl) {
- authData.setIdentificationValue(identityLink
- .getIdentificationValue());
- }
- String prPerson = new PersonDataBuilder().build(identityLink,
- provideStammzahl);
-
+
try {
- String signerCertificateBase64 = "";
- if (oaParam.getProvideCertifcate()) {
- X509Certificate signerCertificate = verifyXMLSigResp
- .getX509certificate();
- if (signerCertificate != null) {
- signerCertificateBase64 = Base64Utils
- .encode(signerCertificate.getEncoded());
- } else {
- Logger
- .info("\"provideCertificate\" is \"true\", but no signer certificate available");
- }
- }
- authData.setSignerCertificate(signerCertificateBase64);
- if(!isForeigner) {
- //we have Austrian citizen
- if (businessService) {
- authData.setWBPK(identityLink.getIdentificationValue());
- } else {
- authData.setBPK(identityLink.getIdentificationValue());
-
- // BZ.., calculation of bPK already before sending AUTHBlock
- /*
- * if(identityLink.getIdentificationType().equals(Constants.
- * URN_PREFIX_BASEID)) { // only compute bPK if online
- * application is a public service and we have the Stammzahl
- * String bpkBase64 = new BPKBuilder().buildBPK(
- * identityLink.getIdentificationValue(), session.getTarget());
- * authData.setBPK(bpkBase64); }
- */
-
- }
+
+ //TODO: resign the IdentityLink!!!
+
+
+ if (session.getUseMandate() && session.isOW()) {
+ MISMandate mandate = session.getMISMandate();
+ authData.setBPK(mandate.getOWbPK());
+ authData.setBPKType(Constants.URN_PREFIX_CDID + "+" + "OW");
+
} else {
- //we have foreigner, thus we have to calculate bPK and wbPK now (after receiving identity link from SZR-GW
+
if (businessService) {
//since we have foreigner, wbPK is not calculated in BKU
- if(identityLink.getIdentificationType().equals(Constants.URN_PREFIX_BASEID)) {
- String wbpkBase64 = new BPKBuilder().buildWBPK(identityLink.getIdentificationValue(), session.getDomainIdentifier());
- authData.setWBPK(wbpkBase64);
- }
+ if(identityLink.getIdentificationType().equals(Constants.URN_PREFIX_BASEID)) {
+
+ String registerAndOrdNr = oaParam.getIdentityLinkDomainIdentifier();
+
+ if (registerAndOrdNr.startsWith(AuthenticationSession.REGISTERANDORDNR_PREFIX_)) {
+ // If domainIdentifier starts with prefix
+ // "urn:publicid:gv.at:wbpk+"; remove this prefix
+ registerAndOrdNr = registerAndOrdNr
+ .substring(AuthenticationSession.REGISTERANDORDNR_PREFIX_.length());
+ Logger.debug("Register and ordernumber prefix stripped off; resulting register string: "
+ + registerAndOrdNr);
+ }
+
+ String wbpkBase64 = new BPKBuilder().buildWBPK(identityLink.getIdentificationValue(), registerAndOrdNr);
+ authData.setBPK(wbpkBase64);
+ authData.setBPKType( Constants.URN_PREFIX_WBPK + "+" + registerAndOrdNr);
+
+ } else {
+ authData.setBPK(identityLink.getIdentificationValue());
+ authData.setBPKType(identityLink.getIdentificationType());
+ }
+
+ Element idlassertion = session.getIdentityLink().getSamlAssertion();
+ //set bpk/wpbk;
+ Node prIdentification = XPathUtils.selectSingleNode(idlassertion, IdentityLinkAssertionParser.PERSON_IDENT_VALUE_XPATH);
+ prIdentification.getFirstChild().setNodeValue(authData.getBPK());
+ //set bkp/wpbk type
+ Node prIdentificationType = XPathUtils.selectSingleNode(idlassertion, IdentityLinkAssertionParser.PERSON_IDENT_TYPE_XPATH);
+ prIdentificationType.getFirstChild().setNodeValue(authData.getBPKType());
- } else {
+ IdentityLinkAssertionParser idlparser = new IdentityLinkAssertionParser(idlassertion);
+ IdentityLink idl = idlparser.parseIdentityLink();
+ authData.setIdentityLink(idl);
- if(identityLink.getIdentificationType().equals(Constants.URN_PREFIX_BASEID)) {
- // only compute bPK if online application is a public service and we have the Stammzahl
- String bpkBase64 = new BPKBuilder().buildBPK(identityLink.getIdentificationValue(), session.getTarget());
- authData.setBPK(bpkBase64);
- }
+ } else {
+
+ if(identityLink.getIdentificationType().equals(Constants.URN_PREFIX_BASEID)) {
+ // only compute bPK if online application is a public service and we have the Stammzahl
+ String bpkBase64 = new BPKBuilder().buildBPK(identityLink.getIdentificationValue(), target);
+ authData.setBPK(bpkBase64);
+ authData.setBPKType(Constants.URN_PREFIX_CDID + "+" + oaParam.getTarget());
+ }
-
+ authData.setIdentityLink(identityLink);
}
-
- }
- String ilAssertion = oaParam.getProvideIdentityLink() ? identityLink
- .getSerializedSamlAssertion()
- : "";
- if (!oaParam.getProvideStammzahl()) {
- ilAssertion = StringUtils.replaceAll(ilAssertion, identityLink
- .getIdentificationValue(), "");
}
- String authBlock = oaParam.getProvideAuthBlock() ? session
- .getAuthBlock() : "";
-
- session.setAssertionAuthBlock(authBlock);
- session.setAssertionAuthData(authData);
- session.setAssertionBusinessService(businessService);
- session.setAssertionIlAssertion(ilAssertion);
- session.setAssertionPrPerson(prPerson);
- session.setAssertionSignerCertificateBase64(signerCertificateBase64);
-
+
return authData;
} catch (Throwable ex) {
@@ -2453,117 +2369,6 @@ public class AuthenticationServer implements MOAIDAuthConstants {
}
/**
- * Retrieves <code>AuthenticationData</code> indexed by the SAML artifact.
- * The <code>AuthenticationData</code> is deleted from the store upon end of
- * this call.
- *
- * @return <code>AuthenticationData</code>
- */
- public AuthenticationData getAuthenticationData(String samlArtifact)
- throws AuthenticationException {
- String assertionHandle;
- try {
- assertionHandle = new SAMLArtifactParser(samlArtifact)
- .parseAssertionHandle();
- } catch (ParseException ex) {
- throw new AuthenticationException("1205", new Object[] {
- samlArtifact, ex.toString() });
- }
- AuthenticationData authData = null;
- synchronized (authenticationDataStore) {
- // System.out.println("assertionHandle: " + assertionHandle);
- authData = (AuthenticationData) authenticationDataStore
- .get(assertionHandle);
- if (authData == null) {
- Logger.error("Assertion not found for SAML Artifact: "
- + samlArtifact);
- throw new AuthenticationException("1206",
- new Object[] { samlArtifact });
- }
- boolean keepAssertion = false;
- try {
- String boolStr = AuthConfigurationProvider.getInstance()
- .getGenericConfigurationParameter(
- "AuthenticationServer.KeepAssertion");
- if (null != boolStr && boolStr.equalsIgnoreCase("true"))
- keepAssertion = true;// Only allowed for debug purposes!!!
- } catch (ConfigurationException ex) {
- throw new AuthenticationException("1205", new Object[] {
- samlArtifact, ex.toString() });
- }
- if (!keepAssertion) {
- authenticationDataStore.remove(assertionHandle);
- }
- }
- long now = new Date().getTime();
- if (now - authData.getTimestamp().getTime() > authDataTimeOut)
- throw new AuthenticationException("1207",
- new Object[] { samlArtifact });
- Logger.debug("Assertion delivered for SAML Artifact: " + samlArtifact);
- return authData;
- }
-
- /**
- * Stores authentication data indexed by the assertion handle contained in
- * the given saml artifact.
- *
- * @param samlArtifact
- * SAML artifact
- * @param authData
- * authentication data
- * @throws AuthenticationException
- * when SAML artifact is invalid
- */
- private void storeAuthenticationData(String samlArtifact,
- AuthenticationData authData) throws AuthenticationException {
-
- try {
- SAMLArtifactParser parser = new SAMLArtifactParser(samlArtifact);
- // check type code 0x0001
- byte[] typeCode = parser.parseTypeCode();
- if (typeCode[0] != 0 || typeCode[1] != 1)
- throw new AuthenticationException("auth.06",
- new Object[] { samlArtifact });
- String assertionHandle = parser.parseAssertionHandle();
- synchronized (authenticationDataStore) {
- Logger.debug("Assertion stored for SAML Artifact: "
- + samlArtifact);
- authenticationDataStore.put(assertionHandle, authData);
- }
- } catch (AuthenticationException ex) {
- throw ex;
- } catch (Throwable ex) {
- throw new AuthenticationException("auth.06",
- new Object[] { samlArtifact });
- }
- }
-
- /**
- * Creates a new session and puts it into the session store.
- *
- * @param id
- * Session ID
- * @return AuthenticationSession created
- * @exception AuthenticationException
- * thrown when an <code>AuthenticationSession</code> is
- * running already for the given session ID
- */
- private static AuthenticationSession newSession()
- throws AuthenticationException {
- String sessionID = Random.nextRandom();
- AuthenticationSession newSession = new AuthenticationSession(sessionID);
- synchronized (sessionStore) {
- AuthenticationSession session = (AuthenticationSession) sessionStore
- .get(sessionID);
- if (session != null)
- throw new AuthenticationException("auth.01",
- new Object[] { sessionID });
- sessionStore.put(sessionID, newSession);
- }
- return newSession;
- }
-
- /**
* Retrieves a session from the session store.
*
* @param id
@@ -2573,11 +2378,20 @@ public class AuthenticationServer implements MOAIDAuthConstants {
*/
public static AuthenticationSession getSession(String id)
throws AuthenticationException {
- AuthenticationSession session = (AuthenticationSession) sessionStore
- .get(id);
- if (session == null)
- throw new AuthenticationException("auth.02", new Object[] { id });
- return session;
+
+ AuthenticationSession session;
+ try {
+ session = AuthenticationSessionStoreage.getSession(id);
+
+ /*(AuthenticationSession) sessionStore
+ .get(id);*/
+ if (session == null)
+ throw new AuthenticationException("auth.02", new Object[] { id });
+ return session;
+
+ } catch (MOADatabaseException e) {
+ throw new AuthenticationException("parser.04", new Object[] { id });
+ }
}
/**
@@ -2585,33 +2399,15 @@ public class AuthenticationServer implements MOAIDAuthConstants {
*/
public void cleanup() {
long now = new Date().getTime();
- synchronized (sessionStore) {
- Set keys = new HashSet(sessionStore.keySet());
- for (Iterator iter = keys.iterator(); iter.hasNext();) {
- String sessionID = (String) iter.next();
- AuthenticationSession session = (AuthenticationSession) sessionStore
- .get(sessionID);
- if (now - session.getTimestampStart().getTime() > sessionTimeOut) {
- Logger.info(MOAIDMessageProvider.getInstance().getMessage(
- "cleaner.02", new Object[] { sessionID }));
- sessionStore.remove(sessionID);
- }
- }
- }
- synchronized (authenticationDataStore) {
- Set keys = new HashSet(authenticationDataStore.keySet());
- for (Iterator iter = keys.iterator(); iter.hasNext();) {
- String samlAssertionHandle = (String) iter.next();
- AuthenticationData authData = (AuthenticationData) authenticationDataStore
- .get(samlAssertionHandle);
- if (now - authData.getTimestamp().getTime() > authDataTimeOut) {
- Logger.info(MOAIDMessageProvider.getInstance().getMessage(
- "cleaner.03",
- new Object[] { authData.getAssertionID() }));
- authenticationDataStore.remove(samlAssertionHandle);
- }
- }
- }
+
+ //clean AuthenticationSessionStore
+ //TODO: acutally the StartAuthentificaten timestamp is used!!!!!
+ //TODO: maybe change this to lastupdate timestamp.
+ AuthenticationSessionStoreage.clean(now, sessionTimeOutCreated, sessionTimeOutUpdated);
+
+ //clean AssertionStore
+ AssertionStorage assertionstore = AssertionStorage.getInstance();
+ assertionstore.clean(now, authDataTimeOut);
}
/**
@@ -2620,8 +2416,12 @@ public class AuthenticationServer implements MOAIDAuthConstants {
* @param seconds
* Time out of the session in seconds
*/
- public void setSecondsSessionTimeOut(long seconds) {
- sessionTimeOut = 1000 * seconds;
+ public void setSecondsSessionTimeOutCreated(long seconds) {
+ sessionTimeOutCreated = seconds * 1000;
+ }
+
+ public void setSecondsSessionTimeOutUpdated(long seconds) {
+ sessionTimeOutUpdated = seconds * 1000;
}
/**
@@ -2631,7 +2431,7 @@ public class AuthenticationServer implements MOAIDAuthConstants {
* Time out for signing AuthData in seconds
*/
public void setSecondsAuthDataTimeOut(long seconds) {
- authDataTimeOut = 1000 * seconds;
+ authDataTimeOut = seconds * 1000;
}
/**
@@ -2658,7 +2458,7 @@ public class AuthenticationServer implements MOAIDAuthConstants {
* the friendly name of the infobox for messages
* @return the SAML attribute value (Element or String)
*/
- private static Object verifySAMLAttribute(
+ protected static Object verifySAMLAttribute(
ExtendedSAMLAttribute samlAttribute, int i, String identifier,
String friendlyName) throws ValidateException {
String name = samlAttribute.getName();
@@ -2776,42 +2576,21 @@ public class AuthenticationServer implements MOAIDAuthConstants {
public static void startSTORKAuthentication(
HttpServletRequest req,
HttpServletResponse resp,
- String ccc,
- String oaURL,
- String target,
- String targetFriendlyName,
- String authURL,
- String sourceID) throws MOAIDException, AuthenticationException, WrongParametersException, ConfigurationException {
+ AuthenticationSession moasession) throws MOAIDException, AuthenticationException, WrongParametersException, ConfigurationException {
- //read configuration paramters of OA
- OAAuthParameter oaParam = AuthConfigurationProvider.getInstance().getOnlineApplicationParameter(oaURL);
- if (oaParam == null)
- throw new AuthenticationException("auth.00", new Object[] { oaURL });
-
- if (!oaParam.getBusinessService()) {
- if (StringUtils.isEmpty(target))
- throw new WrongParametersException("StartAuthentication", PARAM_TARGET, "auth.05");
- } else {
- target = null;
+ if (moasession == null) {
+ throw new AuthenticationException("auth.18", new Object[] { });
}
- //create MOA session
- AuthenticationSession moaSession = newSession();
- Logger.info("MOASession " + moaSession.getSessionID() + " angelegt");
- moaSession.setTarget(target);
- moaSession.setTargetFriendlyName(targetFriendlyName);
- moaSession.setOAURLRequested(oaURL);
- moaSession.setPublicOAURLPrefix(oaParam.getPublicURLPrefix());
- moaSession.setAuthURL(authURL);
- moaSession.setBusinessService(oaParam.getBusinessService());
- moaSession.setDomainIdentifier(oaParam.getIdentityLinkDomainIdentifier());
- if (sourceID != null)
- moaSession.setSourceID(sourceID);
+ //read configuration paramters of OA
+ OAAuthParameter oaParam = AuthConfigurationProvider.getInstance().getOnlineApplicationParameter(moasession.getPublicOAURLPrefix());
+ if (oaParam == null)
+ throw new AuthenticationException("auth.00", new Object[] { moasession.getPublicOAURLPrefix() });
//Start of STORK Processing
STORKConfig storkConfig = AuthConfigurationProvider.getInstance().getStorkConfig();
- CPEPS cpeps = storkConfig.getCPEPS(ccc);
+ CPEPS cpeps = storkConfig.getCPEPS(moasession.getCcc());
Logger.debug("Preparing to assemble STORK AuthnRequest witht the following values:");
String destination = cpeps.getPepsURL().toExternalForm();
@@ -2824,19 +2603,22 @@ public class AuthenticationServer implements MOAIDAuthConstants {
String issuerValue = HTTPUtils.getBaseURL(req);
Logger.debug("Issuer value: " + issuerValue);
- QualityAuthenticationAssuranceLevel qaaLevel = STORKMessagesBuilder.buildQualityAuthenticationAssuranceLevel(oaParam.getQaaLevel().getValue());
- Logger.debug("QAALevel: " + qaaLevel.getValue());
- RequestedAttributes requestedAttributes;
+ QualityAuthenticationAssuranceLevel qaaLevel = STORKMessagesBuilder.buildQualityAuthenticationAssuranceLevel(oaParam.getQaaLevel().getValue());
+ //Logger.debug("QAALevel: " + qaaLevel.getValue());
+
+ RequestedAttributes requestedAttributes = null;
requestedAttributes = oaParam.getRequestedAttributes();
requestedAttributes.detach();
List<RequestedAttribute> reqAttributeList = new ArrayList<RequestedAttribute>();
- List<RequestedAttribute> oaReqAttributeList = new ArrayList<RequestedAttribute>(oaParam.getRequestedAttributes().getRequestedAttributes());
+ List<RequestedAttribute> oaReqAttributeList = null;
+ oaReqAttributeList = new ArrayList<RequestedAttribute>(oaParam.getRequestedAttributes().getRequestedAttributes());
+
//check if country specific attributes must be additionally requested
if (!cpeps.getCountrySpecificRequestedAttributes().isEmpty()) {
//add country specific attributes to be requested (Hierarchy: default oa attributes > country specific attributes > oa specific attributes
- Logger.debug("We have addtional country specific attributes to be requested from the C-PEPS of country: " + ccc);
+ Logger.debug("We have addtional country specific attributes to be requested from the C-PEPS of country: " + moasession.getCcc());
Logger.debug("The following attributes are requested for this specific country:");
List<RequestedAttribute> countrySpecificReqAttributeList = new ArrayList<RequestedAttribute>(cpeps.getCountrySpecificRequestedAttributes());
for (RequestedAttribute csReqAttr : countrySpecificReqAttributeList) {
@@ -2874,13 +2656,15 @@ public class AuthenticationServer implements MOAIDAuthConstants {
}
}
- String spSector = StringUtils.isEmpty(target) ? "Business" : target;
+
+ //TODO: check Target in case of SSO!!
+ String spSector = StringUtils.isEmpty(moasession.getTarget()) ? "Business" : moasession.getTarget();
String spInstitution = StringUtils.isEmpty(oaParam.getFriendlyName()) ? "UNKNOWN" : oaParam.getFriendlyName();
String spApplication = spInstitution;
String spCountry = "AT";
String textToBeSigned =
- CreateXMLSignatureRequestBuilder.buildForeignIDTextToBeSigned("wie im Signaturzertifikat (as in my signature certificate)", oaParam, moaSession);
+ CreateXMLSignatureRequestBuilder.buildForeignIDTextToBeSigned("wie im Signaturzertifikat (as in my signature certificate)", oaParam, moasession);
//generate AuthnRquest
STORKAuthnRequest storkAuthnRequest = STORKAuthnRequestProcessor.generateSTORKAuthnRequest(
@@ -2930,9 +2714,9 @@ public class AuthenticationServer implements MOAIDAuthConstants {
Logger.debug("STORK AuthnRequest successfully internally validated.");
//send
- moaSession.setStorkAuthnRequest(storkAuthnRequest);
+ moasession.setStorkAuthnRequest(storkAuthnRequest);
HttpSession httpSession = req.getSession();
- httpSession.setAttribute("MOA-Session-ID", moaSession.getSessionID());
+ httpSession.setAttribute("MOA-Session-ID", moasession.getSessionID());
Logger.debug("Preparing to send STORK AuthnRequest.");
@@ -2972,12 +2756,21 @@ public class AuthenticationServer implements MOAIDAuthConstants {
InputStream is = new ByteArrayInputStream(Base64.decode(base64CertString));
- CertificateFactory cf;
- X509Certificate cert = null;
- cf = CertificateFactory.getInstance("X.509");
- cert = (X509Certificate)cf.generateCertificate(is);
-
- return cert;
+ X509Certificate cert;
+ try {
+ cert = new X509Certificate(is);
+ return cert;
+
+ } catch (Throwable e) {
+ throw new CertificateException(e);
+ }
+
+// CertificateFactory cf;
+// X509Certificate cert = null;
+// cf = CertificateFactory.getInstance("X.509");
+// CertificateFactory
+// cert = (X509Certificate)cf.generateCertificate(is);
+// return cert;
}
}
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/MOAIDAuthConstants.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/MOAIDAuthConstants.java
index 7d5835f20..edc43da0c 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/MOAIDAuthConstants.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/MOAIDAuthConstants.java
@@ -24,6 +24,9 @@
package at.gv.egovernment.moa.id.auth;
+import java.util.Arrays;
+import java.util.List;
+
import iaik.asn1.ObjectID;
@@ -43,6 +46,9 @@ public interface MOAIDAuthConstants {
public static final String PARAM_OA = "OA";
/** servlet parameter &quot;bkuURI&quot; */
public static final String PARAM_BKU = "bkuURI";
+ public static final String PARAM_MODUL = "MODUL";
+ public static final String PARAM_ACTION = "ACTION";
+ public static final String PARAM_SSO = "SSO";
/** servlet parameter &quot;sourceID&quot; */
public static final String PARAM_SOURCEID = "sourceID";
/** servlet parameter &quot;BKUSelectionTemplate&quot; */
@@ -112,9 +118,25 @@ public interface MOAIDAuthConstants {
* used for checking the authorisation for signing the identity link for identity links signed after february 19th 2007
*/
public static final ObjectID IDENTITY_LINK_SIGNER_OID = new ObjectID(IDENTITY_LINK_SIGNER_OID_NUMBER);
+
/** the number of the certifcate extension for party representatives */
public static final String PARTY_REPRESENTATION_OID_NUMBER = "1.2.40.0.10.3";
- /** the number of the certifcate extension for party organ representatives */
- public static final String PARTY_ORGAN_REPRESENTATION_OID_NUMBER = PARTY_REPRESENTATION_OID_NUMBER + ".10";
+
+// /** the number of the certifcate extension for party organ representatives */
+// public static final String PARTY_ORGAN_REPRESENTATION_OID_NUMBER = PARTY_REPRESENTATION_OID_NUMBER + ".10";
+
+ /** OW */
+ public static final String OW_ORGANWALTER = PARTY_REPRESENTATION_OID_NUMBER + ".4";
+
+ /** List of OWs */
+ public static final List<ObjectID> OW_LIST = Arrays.asList(
+ new ObjectID(OW_ORGANWALTER));
+
+ /**BKU type identifiers to use bkuURI from configuration*/
+ public static final String REQ_BKU_TYPE_LOCAL = "local";
+ public static final String REQ_BKU_TYPE_ONLINE = "online";
+ public static final String REQ_BKU_TYPE_HANDY = "handy";
+ public static final List<String> REQ_BKU_TYPES = Arrays.asList(REQ_BKU_TYPE_LOCAL, REQ_BKU_TYPE_ONLINE, REQ_BKU_TYPE_HANDY);
+
}
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/MOAIDAuthInitializer.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/MOAIDAuthInitializer.java
index cf5615a13..725773b75 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/MOAIDAuthInitializer.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/MOAIDAuthInitializer.java
@@ -28,6 +28,7 @@ import iaik.pki.PKIException;
import iaik.pki.jsse.IAIKX509TrustManager;
import java.io.IOException;
+import java.math.BigInteger;
import java.security.GeneralSecurityException;
import java.util.Properties;
@@ -93,7 +94,7 @@ public class MOAIDAuthInitializer {
// Mapping OpenSSL - Java
// OpenSSL Java
// http://www.openssl.org/docs/apps/ciphers.html http://docs.oracle.com/javase/6/docs/technotes/guides/security/SunProviders.html
-// via “openssl ciphers -tls1 HIGH –v”
+// via !openssl ciphers -tls1 HIGH !v!
//
// ADH-AES256-SHA TLS_DH_anon_WITH_AES_256_CBC_SHA
// DHE-RSA-AES256-SHA TLS_DHE_RSA_WITH_AES_256_CBC_SHA
@@ -139,6 +140,7 @@ public class MOAIDAuthInitializer {
// Loads the configuration
AuthConfigurationProvider authConf = AuthConfigurationProvider.reload();
+
ConnectionParameter moaSPConnParam = authConf
.getMoaSpConnectionParameter();
@@ -158,6 +160,7 @@ public class MOAIDAuthInitializer {
// Initializes IAIKX509TrustManager logging
String log4jConfigURL = System.getProperty("log4j.configuration");
+ Logger.info("Log4J Configuration: " + log4jConfigURL);
if (log4jConfigURL != null) {
IAIKX509TrustManager.initLog(new LoggerConfigImpl(log4jConfigURL));
}
@@ -170,39 +173,27 @@ public class MOAIDAuthInitializer {
AxisSecureSocketFactory.initialize(ssf);
}
+
// sets the authentication session and authentication data time outs
- String param = authConf
- .getGenericConfigurationParameter(AuthConfigurationProvider.AUTH_SESSION_TIMEOUT_PROPERTY);
+ BigInteger param = authConf.getTimeOuts().getMOASessionCreated();
if (param != null) {
- long sessionTimeOut = 0;
- try {
- sessionTimeOut = new Long(param).longValue();
- } catch (NumberFormatException ex) {
- Logger
- .error(MOAIDMessageProvider
- .getInstance()
- .getMessage(
- "config.05",
- new Object[] { AuthConfigurationProvider.AUTH_SESSION_TIMEOUT_PROPERTY }));
- }
+ long sessionTimeOut = param.longValue();
if (sessionTimeOut > 0)
AuthenticationServer.getInstance()
- .setSecondsSessionTimeOut(sessionTimeOut);
+ .setSecondsSessionTimeOutCreated(sessionTimeOut);
}
- param = authConf
- .getGenericConfigurationParameter(AuthConfigurationProvider.AUTH_DATA_TIMEOUT_PROPERTY);
+
+ param = authConf.getTimeOuts().getMOASessionUpdated();
if (param != null) {
- long authDataTimeOut = 0;
- try {
- authDataTimeOut = new Long(param).longValue();
- } catch (NumberFormatException ex) {
- Logger
- .error(MOAIDMessageProvider
- .getInstance()
- .getMessage(
- "config.05",
- new Object[] { AuthConfigurationProvider.AUTH_DATA_TIMEOUT_PROPERTY }));
- }
+ long sessionTimeOut = param.longValue();
+ if (sessionTimeOut > 0)
+ AuthenticationServer.getInstance()
+ .setSecondsSessionTimeOutUpdated(sessionTimeOut);
+ }
+
+ param = authConf.getTimeOuts().getAssertion();
+ if (param != null) {
+ long authDataTimeOut = param.longValue();
if (authDataTimeOut > 0)
AuthenticationServer.getInstance()
.setSecondsAuthDataTimeOut(authDataTimeOut);
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/AuthenticationBlockAssertionBuilder.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/AuthenticationBlockAssertionBuilder.java
index 412f1db81..ee2313070 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/AuthenticationBlockAssertionBuilder.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/AuthenticationBlockAssertionBuilder.java
@@ -26,8 +26,13 @@ package at.gv.egovernment.moa.id.auth.builder;
import java.io.StringWriter;
import java.text.MessageFormat;
+import java.text.SimpleDateFormat;
+import java.util.Calendar;
+import java.util.Date;
import java.util.List;
+import java.util.Locale;
+import javax.xml.bind.DatatypeConverter;
import javax.xml.transform.Result;
import javax.xml.transform.Source;
import javax.xml.transform.Transformer;
@@ -49,10 +54,12 @@ import at.gv.egovernment.moa.id.config.ConfigurationException;
import at.gv.egovernment.moa.id.config.TargetToSectorNameMapper;
import at.gv.egovernment.moa.id.config.auth.AuthConfigurationProvider;
import at.gv.egovernment.moa.id.config.auth.OAAuthParameter;
+import at.gv.egovernment.moa.id.config.proxy.OAConfiguration;
import at.gv.egovernment.moa.id.util.Random;
import at.gv.egovernment.moa.logging.Logger;
import at.gv.egovernment.moa.util.Constants;
import at.gv.egovernment.moa.util.DOMUtils;
+import at.gv.egovernment.moa.util.MiscUtil;
import at.gv.egovernment.moa.util.StringUtils;
/**
@@ -79,6 +86,7 @@ public class AuthenticationBlockAssertionBuilder extends AuthenticationAssertion
" <saml:AttributeValue>{6}</saml:AttributeValue>" + NL +
" </saml:Attribute>" + NL +
"{7}" +
+ "{8}" +
" </saml:AttributeStatement>" + NL +
"</saml:Assertion>";
@@ -97,6 +105,11 @@ public class AuthenticationBlockAssertionBuilder extends AuthenticationAssertion
" </saml:AttributeValue>" + NL +
" </saml:Attribute>" + NL;
+ private static String SPECIAL_TEXT_ATTRIBUTE =
+ " <saml:Attribute AttributeName=''SpecialText'' AttributeNamespace=''" + MOA_NS_URI + "''>" + NL +
+ " <saml:AttributeValue>{0}</saml:AttributeValue>" + NL +
+ " </saml:Attribute>" + NL;
+
private static String PR_IDENTIFICATION_ATTRIBUTE =
" <pr:Identification xmlns:pr=\"" + PD_NS_URI + "\">" + NL +
@@ -107,7 +120,8 @@ public class AuthenticationBlockAssertionBuilder extends AuthenticationAssertion
/**
* The number of SAML attributes included in this AUTH-Block (without the extended SAML attributes).
*/
- public static final int NUM_OF_SAML_ATTRIBUTES = 3;
+ public static final int NUM_OF_SAML_ATTRIBUTES = 4;
+ public static final int NUM_OF_SAML_ATTRIBUTES_SSO = 3;
/**
* Constructor for AuthenticationBlockAssertionBuilder.
@@ -156,25 +170,16 @@ public class AuthenticationBlockAssertionBuilder extends AuthenticationAssertion
String oaURL,
String gebDat,
List extendedSAMLAttributes,
- AuthenticationSession session)
+ AuthenticationSession session,
+ OAAuthParameter oaParam)
throws BuildException
{
session.setSAMLAttributeGebeORwbpk(true);
String gebeORwbpk = "";
String wbpkNSDeclaration = "";
-
- //reading OA parameters
- OAAuthParameter oaParam;
- try {
- oaParam = AuthConfigurationProvider.getInstance().getOnlineApplicationParameter(
- session.getPublicOAURLPrefix());
- } catch (ConfigurationException e) {
- Logger.error("Error on building AUTH-Block: " + e.getMessage());
- throw new BuildException("builder.00", new Object[] { "AUTH-Block", e.toString()});
- }
-
-
+
if (target == null) {
+
// OA is a business application
if (!Constants.URN_PREFIX_HPI.equals(identityLinkType)) {
// Only add wbPKs to AUTH-Block. HPIs can be added to the AUTH-Block by the corresponding Validator
@@ -191,6 +196,7 @@ public class AuthenticationBlockAssertionBuilder extends AuthenticationAssertion
// We do not have a wbPK, therefore no SAML-Attribute is provided
session.setSAMLAttributeGebeORwbpk(false);
}
+
} else {
// OA is a govermental application
String sectorName = TargetToSectorNameMapper.getSectorNameViaTarget(target);
@@ -205,7 +211,6 @@ public class AuthenticationBlockAssertionBuilder extends AuthenticationAssertion
//no business service, adding bPK
- System.out.println("identityLinkValue: " + identityLinkValue);
if (identityLinkValue != null) {
Element bpkSamlValueElement;
try {
@@ -252,6 +257,21 @@ public class AuthenticationBlockAssertionBuilder extends AuthenticationAssertion
extendedSAMLAttributes.add(oaFriendlyNameAttribute);
+
+ String text = "";
+ try {
+ OAAuthParameter oaparam = AuthConfigurationProvider.getInstance().getOnlineApplicationParameter(session.getPublicOAURLPrefix());
+ if (MiscUtil.isNotEmpty(text = oaparam.getAditionalAuthBlockText()))
+ Logger.info("Use addional AuthBlock Text from OA=" + oaparam.getPublicURLPrefix());
+ } catch (ConfigurationException e) {
+ Logger.warn("Addional AuthBlock Text can not loaded from OA!", e);
+ }
+
+
+
+ String specialText = MessageFormat.format(SPECIAL_TEXT_ATTRIBUTE,
+ new Object[] { generateSpecialText(text, issuer, issueInstant) });
+
String assertion;
try {
assertion = MessageFormat.format(
@@ -263,6 +283,7 @@ public class AuthenticationBlockAssertionBuilder extends AuthenticationAssertion
gebeORwbpk,
oaURL,
gebDat,
+ specialText,
buildExtendedSAMLAttributes(extendedSAMLAttributes)});
} catch (ParseException e) {
Logger.error("Error on building AUTH-Block: " + e.getMessage());
@@ -385,6 +406,18 @@ public class AuthenticationBlockAssertionBuilder extends AuthenticationAssertion
extendedSAMLAttributes.add(oaFriendlyNameAttribute);
//..BZ
+ String text = "";
+ try {
+ OAAuthParameter oaparam = AuthConfigurationProvider.getInstance().getOnlineApplicationParameter(session.getPublicOAURLPrefix());
+ if (MiscUtil.isNotEmpty(text = oaparam.getAditionalAuthBlockText()))
+ Logger.info("Use addional AuthBlock Text from OA=" + oaparam.getPublicURLPrefix());
+ } catch (ConfigurationException e) {
+ Logger.warn("Addional AuthBlock Text can not loaded from OA!", e);
+ }
+
+ String specialText = MessageFormat.format(SPECIAL_TEXT_ATTRIBUTE,
+ new Object[] { generateSpecialText(text, issuer, issueInstant) });
+
String assertion;
try {
assertion = MessageFormat.format(
@@ -396,6 +429,7 @@ public class AuthenticationBlockAssertionBuilder extends AuthenticationAssertion
gebeORwbpk,
oaURL,
gebDat,
+ specialText,
buildExtendedSAMLAttributes(extendedSAMLAttributes)});
} catch (ParseException e) {
Logger.error("Error on building AUTH-Block: " + e.getMessage());
@@ -406,6 +440,17 @@ public class AuthenticationBlockAssertionBuilder extends AuthenticationAssertion
}
+ public static String generateSpecialText(String inputtext, String issuer, String issueInstant) {
+ Calendar datetime = DatatypeConverter.parseDateTime(issueInstant);
+ SimpleDateFormat dateformat = new SimpleDateFormat("dd.MM.yyyy");
+ SimpleDateFormat timeformat = new SimpleDateFormat("HH:mm:ss");
+
+ String text = inputtext.replaceAll("#NAME#", issuer);
+ text = text.replaceAll("#DATE#", dateformat.format(datetime.getTime()));
+ text = text.replaceAll("#TIME#", timeformat.format(datetime.getTime()));
+
+ return text;
+ }
public static String xmlToString(Node node) {
try {
@@ -424,4 +469,92 @@ public class AuthenticationBlockAssertionBuilder extends AuthenticationAssertion
return null;
}
+ public String buildAuthBlockSSO(
+ String issuer,
+ String issueInstant,
+ String authURL,
+ String target,
+ String targetFriendlyName,
+ String identityLinkValue,
+ String identityLinkType,
+ String oaURL,
+ String gebDat,
+ List extendedSAMLAttributes,
+ AuthenticationSession session,
+ OAAuthParameter oaParam)
+ throws BuildException
+ {
+ session.setSAMLAttributeGebeORwbpk(true);
+ String gebeORwbpk = "";
+ String wbpkNSDeclaration = "";
+
+ if (target != null) {
+
+ boolean useMandate = session.getUseMandate();
+ if (useMandate) {
+ String mandateReferenceValue = Random.nextRandom();
+ // remove leading "-"
+ if (mandateReferenceValue.startsWith("-"))
+ mandateReferenceValue = mandateReferenceValue.substring(1);
+
+ session.setMandateReferenceValue(mandateReferenceValue);
+
+ ExtendedSAMLAttribute mandateReferenceValueAttribute =
+ new ExtendedSAMLAttributeImpl("mandateReferenceValue", mandateReferenceValue, Constants.MOA_NS_URI, ExtendedSAMLAttribute.ADD_TO_AUTHBLOCK);
+
+ extendedSAMLAttributes.add(mandateReferenceValueAttribute);
+ }
+ }
+
+ //adding friendly name of OA
+ String friendlyname;
+ try {
+ friendlyname = AuthConfigurationProvider.getInstance().getSSOFriendlyName();
+
+ ExtendedSAMLAttribute oaFriendlyNameAttribute =
+ new ExtendedSAMLAttributeImpl("oaFriendlyName", friendlyname, Constants.MOA_NS_URI, ExtendedSAMLAttribute.ADD_TO_AUTHBLOCK_ONLY);
+
+ extendedSAMLAttributes.add(oaFriendlyNameAttribute);
+
+
+ String text = AuthConfigurationProvider.getInstance().getSSOSpecialText();
+
+ if (MiscUtil.isEmpty(text))
+ text="";
+ String specialText = MessageFormat.format(SPECIAL_TEXT_ATTRIBUTE,
+ new Object[] { generateSpecialText(text, issuer, issueInstant) });
+
+
+
+
+ String assertion;
+
+ assertion = MessageFormat.format(
+ AUTH_BLOCK, new Object[] {
+ wbpkNSDeclaration,
+ issuer,
+ issueInstant,
+ authURL,
+ gebeORwbpk,
+ oaURL,
+ gebDat,
+ specialText,
+ buildExtendedSAMLAttributes(extendedSAMLAttributes)});
+
+ return assertion;
+
+ } catch (ParseException e) {
+ Logger.error("Error on building AUTH-Block: " + e.getMessage());
+ throw new BuildException("builder.00", new Object[] { "AUTH-Block", e.toString()});
+
+ } catch (ConfigurationException e) {
+ Logger.error("Error on building AUTH-Block: " + e.getMessage());
+ throw new BuildException("builder.00", new Object[] { "AUTH-Block", e.toString()});
+ }
+
+
+
+ }
+
+
}
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/AuthenticationDataAssertionBuilder.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/AuthenticationDataAssertionBuilder.java
index 0742261a7..839ebe7a4 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/AuthenticationDataAssertionBuilder.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/AuthenticationDataAssertionBuilder.java
@@ -255,8 +255,8 @@ public class AuthenticationDataAssertionBuilder extends AuthenticationAssertionB
String pkType;
String pkValue;
if (businessService) {
- pkType = authData.getIdentificationType();
- pkValue = authData.getWBPK();
+ pkType = authData.getBPKType();
+ pkValue = authData.getBPK();
} else {
// <saml:NameIdentifier NameQualifier> always has the bPK as type/value
@@ -350,7 +350,6 @@ public class AuthenticationDataAssertionBuilder extends AuthenticationAssertionB
String bkuURL,
String signerCertificateBase64,
boolean businessService,
- String sourceID,
List extendedSAMLAttributes,
boolean useCondition,
int conditionLength)
@@ -377,8 +376,8 @@ public class AuthenticationDataAssertionBuilder extends AuthenticationAssertionB
String pkType;
String pkValue;
if (businessService) {
- pkType = authData.getIdentificationType();
- pkValue = authData.getWBPK();
+ pkType = authData.getBPKType();
+ pkValue = authData.getBPK();
} else {
// <saml:NameIdentifier NameQualifier> always has the bPK as type/value
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/BPKBuilder.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/BPKBuilder.java
index fa9789530..9bec06135 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/BPKBuilder.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/BPKBuilder.java
@@ -27,6 +27,8 @@ package at.gv.egovernment.moa.id.auth.builder;
import java.security.MessageDigest;
import at.gv.egovernment.moa.id.BuildException;
+import at.gv.egovernment.moa.id.auth.data.AuthenticationSession;
+import at.gv.egovernment.moa.logging.Logger;
import at.gv.egovernment.moa.util.Base64Utils;
import at.gv.egovernment.moa.util.Constants;
@@ -59,7 +61,12 @@ public class BPKBuilder {
new Object[] {"BPK", "Unvollständige Parameterangaben: identificationValue=" +
identificationValue + ",target=" + target});
}
- String basisbegriff = identificationValue + "+" + Constants.URN_PREFIX_CDID + "+" + target;
+ String basisbegriff;
+ if (target.startsWith(Constants.URN_PREFIX_CDID + "+"))
+ basisbegriff = identificationValue + "+" + target;
+ else
+ basisbegriff = identificationValue + "+" + Constants.URN_PREFIX_CDID + "+" + target;
+
try {
MessageDigest md = MessageDigest.getInstance("SHA-1");
byte[] hash = md.digest(basisbegriff.getBytes("ISO-8859-1"));
@@ -89,7 +96,13 @@ public class BPKBuilder {
new Object[] {"wbPK", "Unvollständige Parameterangaben: identificationValue=" +
identificationValue + ",Register+Registernummer=" + registerAndOrdNr});
}
- String basisbegriff = identificationValue + "+" + Constants.URN_PREFIX_WBPK + "+" + registerAndOrdNr;
+
+ String basisbegriff;
+ if (registerAndOrdNr.startsWith(Constants.URN_PREFIX_WBPK + "+" ))
+ basisbegriff = identificationValue + "+" + registerAndOrdNr;
+ else
+ basisbegriff = identificationValue + "+" + Constants.URN_PREFIX_WBPK + "+" + registerAndOrdNr;
+
try {
MessageDigest md = MessageDigest.getInstance("SHA-1");
byte[] hash = md.digest(basisbegriff.getBytes("ISO-8859-1"));
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/CreateXMLSignatureRequestBuilder.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/CreateXMLSignatureRequestBuilder.java
index 2da7db2b2..23596abda 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/CreateXMLSignatureRequestBuilder.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/CreateXMLSignatureRequestBuilder.java
@@ -26,6 +26,7 @@ package at.gv.egovernment.moa.id.auth.builder;
import java.text.MessageFormat;
import java.util.Calendar;
+import java.util.List;
import at.gv.egovernment.moa.id.auth.data.AuthenticationSession;
import at.gv.egovernment.moa.id.config.TargetToSectorNameMapper;
@@ -80,17 +81,22 @@ public class CreateXMLSignatureRequestBuilder implements Constants {
* @param slVersion12 specifies whether the Security Layer version number is 1.2 or not
* @return String representation of <code>&lt;CreateXMLSignatureRequest&gt;</code>
*/
- public String build(String authBlock, String keyBoxIdentifier, String[] dsigTransformInfos, boolean slVersion12) {
+ public String build(String authBlock, String keyBoxIdentifier, List<String> dsigTransformInfos, boolean slVersion12) {
String sl10Prefix;
String sl11Prefix;
String slNsDeclaration;
String dsigTransformInfosString = "";
- for (int i = 0; i < dsigTransformInfos.length; i++) {
- dsigTransformInfosString += dsigTransformInfos[i];
+
+ for (String element : dsigTransformInfos) {
+ dsigTransformInfosString += element;
}
+// for (int i = 0; i < dsigTransformInfos.length; i++) {
+// dsigTransformInfosString += dsigTransformInfos[i];
+// }
+
if (slVersion12) {
// replace the SecurityLayer namespace prefixes and URIs within the transforms
@@ -180,8 +186,8 @@ public class CreateXMLSignatureRequestBuilder implements Constants {
// request += "</style>";
request += "</head>";
request += "<body>";
- request += "<h4 class=\"h4style\">Anmeldedaten für (Requesting Application Access for):</h4>";
- request += "<p class=\"titlestyle\">Persönliche Daten (Personal Data)</p>";
+ request += "<h4 class=\"h4style\">Anmeldedaten für (Requesting Application Access for):</h4>";
+ request += "<p class=\"titlestyle\">Persönliche Daten (Personal Data)</p>";
request += "<table class=\"parameters\">";
request += "<tr>";
request += "<td class=\"italicstyle\">Name:</td>";
@@ -201,7 +207,7 @@ public class CreateXMLSignatureRequestBuilder implements Constants {
request += "</tr>";
request += "<tr>";
request += "<td class=\"italicstyle\">Land (Country):</td>";
- request += "<td class=\"normalstyle\">Österreich (Austria)</td>";
+ request += "<td class=\"normalstyle\">Österreich (Austria)</td>";
request += "</tr>";
request += "</table>";
request += "<p class=\"titlestyle\">Technische Parameter (Technical Parameters)</p>";
@@ -253,14 +259,14 @@ public class CreateXMLSignatureRequestBuilder implements Constants {
request += "</tr>";
request += "</table>";
- request += "<p class=\"normalstyle\">Mit der Anmeldung erfolgt eine Abfrage des Ergänzungsregister für " +
- "natürliche Personen (ERnP), damit ich meinen elektronischen " +
- "Identitätsnachweis (meine elektronische Identitätskarte) unmittelbar " +
- "als Österreichische Bürgerkarte verwenden kann. Ich bin nicht im " +
+ request += "<p class=\"normalstyle\">Mit der Anmeldung erfolgt eine Abfrage des Ergänzungsregister für " +
+ "natürliche Personen (ERnP), damit ich meinen elektronischen " +
+ "Identitätsnachweis (meine elektronische Identitätskarte) unmittelbar " +
+ "als Österreichische Bürgerkarte verwenden kann. Ich bin nicht im " +
"Zentralen Melderegister eingetragen und stimme, sofern ich nicht im " +
"ERnP eingetragen bin, einer Eintragung ins ERnP zu. Ich nehme zur " +
- "Kenntnis, dass die Eintragung ins ERnP ausschließlich der Aufzeichnung " +
- "jener Daten, die für die eindeutige Identität notwendig sind, dient.</p>";
+ "Kenntnis, dass die Eintragung ins ERnP ausschließlich der Aufzeichnung " +
+ "jener Daten, die für die eindeutige Identität notwendig sind, dient.</p>";
request += "<p class=\"normalstyle\">I affirm that I am not registered with the Austrian Central " +
"Register of Residents or the Supplementary Register for Natural Persons. I therefore " +
@@ -277,7 +283,7 @@ public class CreateXMLSignatureRequestBuilder implements Constants {
// "Residents Registry and that I am not obliged to register with the Austrian " +
// "Central Residents Registry according to Austrian law.<br/>" +
// "In the event I am not yet registered with the Supplementary Register, I " +
-// "explicitly grant to do so according to §6 (5) E-Government Act (EGovG, idF: " +
+// "explicitly grant to do so according to §6 (5) E-Government Act (EGovG, idF: " +
// "BGBl. I Nr. 7/2008 und BGBl. I Nr. 59/2008).</p>";
request += "</body>";
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/CreateXMLSignatureRequestBuilderForeign.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/CreateXMLSignatureRequestBuilderForeign.java
index 6368713db..650f1578d 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/CreateXMLSignatureRequestBuilderForeign.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/CreateXMLSignatureRequestBuilderForeign.java
@@ -123,19 +123,19 @@ public class CreateXMLSignatureRequestBuilderForeign extends Builder {
out.write("&lt;");
else if (ch == '>')
out.write("&gt;");
- else if (ch == 'ä')
+ else if (ch == 'ä')
out.write("&auml;");
- else if (ch == 'ö')
+ else if (ch == 'ö')
out.write("&ouml;");
- else if (ch == 'ü')
+ else if (ch == 'ü')
out.write("&uuml;");
- else if (ch == 'Ä')
+ else if (ch == 'Ä')
out.write("&Auml;");
- else if (ch == 'Ö')
+ else if (ch == 'Ö')
out.write("&Ouml;");
- else if (ch == 'Ü')
+ else if (ch == 'Ü')
out.write("&Uuml;");
- else if (ch == 'ß')
+ else if (ch == 'ß')
out.write("&szlig;");
else
out.write(ch);
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/DataURLBuilder.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/DataURLBuilder.java
index 4dd6ac78b..9b7cc41ba 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/DataURLBuilder.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/DataURLBuilder.java
@@ -60,27 +60,23 @@ public class DataURLBuilder {
String individualDataURLPrefix = null;
String dataURL;
- try {
- //check if an individual prefix is configured
- individualDataURLPrefix = AuthConfigurationProvider.getInstance().
- getGenericConfigurationParameter(AuthConfigurationProvider.INDIVIDUAL_DATA_URL_PREFIX);
-
- if (null != individualDataURLPrefix) {
-
- //check individualDataURLPrefix
- if(!individualDataURLPrefix.startsWith("http"))
- throw(new ConfigurationException("config.13", new Object[] { individualDataURLPrefix}));
-
- //when ok then use it
- dataURL = individualDataURLPrefix + authServletName;
- } else
- dataURL = authBaseURL + authServletName;
-
- } catch (ConfigurationException e) {
- Logger.warn(e);
- Logger.warn(MOAIDMessageProvider.getInstance().getMessage("config.12", new Object[] { authBaseURL } ));
- dataURL = authBaseURL + authServletName;
- }
+
+ //is removed from config in MOA-ID 2.0
+ //check if an individual prefix is configured
+// individualDataURLPrefix = AuthConfigurationProvider.getInstance().
+// getGenericConfigurationParameter(AuthConfigurationProvider.INDIVIDUAL_DATA_URL_PREFIX);
+//
+// if (null != individualDataURLPrefix) {
+//
+// //check individualDataURLPrefix
+// if(!individualDataURLPrefix.startsWith("http"))
+// throw(new ConfigurationException("config.13", new Object[] { individualDataURLPrefix}));
+//
+// //when ok then use it
+// dataURL = individualDataURLPrefix + authServletName;
+// } else
+
+ dataURL = authBaseURL + authServletName;
dataURL = addParameter(dataURL, AuthServlet.PARAM_SESSIONID, sessionID);
return dataURL;
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/GetIdentityLinkFormBuilder.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/GetIdentityLinkFormBuilder.java
index d40cd1909..bd8d52031 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/GetIdentityLinkFormBuilder.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/GetIdentityLinkFormBuilder.java
@@ -154,19 +154,19 @@ public class GetIdentityLinkFormBuilder extends Builder {
out.write("&lt;");
else if (ch == '>')
out.write("&gt;");
- else if (ch == 'ä')
+ else if (ch == 'ä')
out.write("&auml;");
- else if (ch == 'ö')
+ else if (ch == 'ö')
out.write("&ouml;");
- else if (ch == 'ü')
+ else if (ch == 'ü')
out.write("&uuml;");
- else if (ch == 'Ä')
+ else if (ch == 'Ä')
out.write("&Auml;");
- else if (ch == 'Ö')
+ else if (ch == 'Ö')
out.write("&Ouml;");
- else if (ch == 'Ü')
+ else if (ch == 'Ü')
out.write("&Uuml;");
- else if (ch == 'ß')
+ else if (ch == 'ß')
out.write("&szlig;");
else
out.write(ch);
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/InfoboxValidatorParamsBuilder.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/InfoboxValidatorParamsBuilder.java
index fa1de87de..0a526ebbe 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/InfoboxValidatorParamsBuilder.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/InfoboxValidatorParamsBuilder.java
@@ -59,48 +59,52 @@ public class InfoboxValidatorParamsBuilder {
*
* @return Parameters for validating an infobox token.
*/
- public static InfoboxValidatorParams buildInfoboxValidatorParams(
- AuthenticationSession session,
- VerifyInfoboxParameter verifyInfoboxParameter,
- List infoboxTokenList,
- OAAuthParameter oaParam)
- {
- InfoboxValidatorParamsImpl infoboxValidatorParams = new InfoboxValidatorParamsImpl();
- IdentityLink identityLink = session.getIdentityLink();
-
- // the infobox token to validate
- infoboxValidatorParams.setInfoboxTokenList(infoboxTokenList);
- // configuration parameters
- infoboxValidatorParams.setTrustProfileID(verifyInfoboxParameter.getTrustProfileID());
- infoboxValidatorParams.setSchemaLocations(verifyInfoboxParameter.getSchemaLocations());
- infoboxValidatorParams.setApplicationSpecificParams(verifyInfoboxParameter.getApplicationSpecificParams());
- // authentication session parameters
- infoboxValidatorParams.setBkuURL(session.getBkuURL());
- infoboxValidatorParams.setTarget(session.getTarget());
- infoboxValidatorParams.setDomainIdentifier(oaParam.getIdentityLinkDomainIdentifier());
- infoboxValidatorParams.setBusinessApplication(session.getBusinessService());
- // parameters from the identity link
- infoboxValidatorParams.setFamilyName(identityLink.getFamilyName());
- infoboxValidatorParams.setGivenName(identityLink.getGivenName());
- infoboxValidatorParams.setDateOfBirth(identityLink.getDateOfBirth());
- if (verifyInfoboxParameter.getProvideStammzahl()) {
- infoboxValidatorParams.setIdentificationValue(identityLink.getIdentificationValue());
- }
- infoboxValidatorParams.setIdentificationType(identityLink.getIdentificationType());
- infoboxValidatorParams.setPublicKeys(identityLink.getPublicKey());
- if (verifyInfoboxParameter.getProvideIdentityLink()) {
- Element identityLinkElem = (Element)identityLink.getSamlAssertion().cloneNode(true);
- if (!verifyInfoboxParameter.getProvideStammzahl()) {
- Element identificationValueElem =
- (Element)XPathUtils.selectSingleNode(identityLinkElem, IdentityLinkAssertionParser.PERSON_IDENT_VALUE_XPATH);
- if (identificationValueElem != null) {
- identificationValueElem.getFirstChild().setNodeValue("");
- }
- }
- infoboxValidatorParams.setIdentityLink(identityLinkElem);
- }
- infoboxValidatorParams.setHideStammzahl(!oaParam.getProvideStammzahl());
- return infoboxValidatorParams;
- }
+// public static InfoboxValidatorParams buildInfoboxValidatorParams(
+// AuthenticationSession session,
+// VerifyInfoboxParameter verifyInfoboxParameter,
+// List infoboxTokenList,
+// OAAuthParameter oaParam)
+// {
+// InfoboxValidatorParamsImpl infoboxValidatorParams = new InfoboxValidatorParamsImpl();
+// IdentityLink identityLink = session.getIdentityLink();
+//
+// // the infobox token to validate
+// infoboxValidatorParams.setInfoboxTokenList(infoboxTokenList);
+// // configuration parameters
+// infoboxValidatorParams.setTrustProfileID(verifyInfoboxParameter.getTrustProfileID());
+// infoboxValidatorParams.setSchemaLocations(verifyInfoboxParameter.getSchemaLocations());
+// infoboxValidatorParams.setApplicationSpecificParams(verifyInfoboxParameter.getApplicationSpecificParams());
+// // authentication session parameters
+// infoboxValidatorParams.setBkuURL(session.getBkuURL());
+// infoboxValidatorParams.setTarget(session.getTarget());
+// infoboxValidatorParams.setDomainIdentifier(oaParam.getIdentityLinkDomainIdentifier());
+// infoboxValidatorParams.setBusinessApplication(session.getBusinessService());
+// // parameters from the identity link
+// infoboxValidatorParams.setFamilyName(identityLink.getFamilyName());
+// infoboxValidatorParams.setGivenName(identityLink.getGivenName());
+// infoboxValidatorParams.setDateOfBirth(identityLink.getDateOfBirth());
+// if (verifyInfoboxParameter.getProvideStammzahl()) {
+// infoboxValidatorParams.setIdentificationValue(identityLink.getIdentificationValue());
+// }
+// infoboxValidatorParams.setIdentificationType(identityLink.getIdentificationType());
+// infoboxValidatorParams.setPublicKeys(identityLink.getPublicKey());
+// if (verifyInfoboxParameter.getProvideIdentityLink()) {
+// Element identityLinkElem = (Element)identityLink.getSamlAssertion().cloneNode(true);
+// if (!verifyInfoboxParameter.getProvideStammzahl()) {
+// Element identificationValueElem =
+// (Element)XPathUtils.selectSingleNode(identityLinkElem, IdentityLinkAssertionParser.PERSON_IDENT_VALUE_XPATH);
+// if (identificationValueElem != null) {
+// identificationValueElem.getFirstChild().setNodeValue("");
+// }
+// }
+// infoboxValidatorParams.setIdentityLink(identityLinkElem);
+// }
+//
+// //TODO: check if this is Protocol specific
+// //infoboxValidatorParams.setHideStammzahl(!oaParam.getProvideStammzahl());
+// infoboxValidatorParams.setHideStammzahl(true);
+//
+// return infoboxValidatorParams;
+// }
}
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/LoginConfirmationBuilder.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/LoginConfirmationBuilder.java
new file mode 100644
index 000000000..69e654f56
--- /dev/null
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/LoginConfirmationBuilder.java
@@ -0,0 +1,79 @@
+package at.gv.egovernment.moa.id.auth.builder;
+
+
+public class LoginConfirmationBuilder {
+ /** private static String NL contains the NewLine representation in Java*/
+ private static final String nl = "\n";
+
+ private static final String OA_URL_TAG = "<OA_URL>";
+ private static final String FORM_METHOD_TAG = "<FORM_METHOD_URL>";
+ private static final String ATTR_NAME_TAG = "<ATTR_NAME_URL>";
+ private static final String ATTR_VALUE_TAG = "<ATTR_VALUE_URL>";
+ private static final String ATTR_TEMP_TAG = "<ATTR_TEMP_URL>";
+ private static final String OA_TAG = "<OA_TAG>";
+ private static final String NAME_TAG = "<NAME_URL>";
+
+ private static final String METHOD_GET = "GET";
+ private static final String METHOD_POST = "POST";
+
+
+ private static final String ATTR_TEMPLATE =
+ " <input type=\"hidden\" " + nl +
+ " name=\"" + ATTR_NAME_TAG + "\"" + nl +
+ " value=\"" + ATTR_VALUE_TAG + "\"/>" + nl;
+
+ /** default HTML template */
+ private static final String DEFAULT_HTML_TEMPLATE =
+ "<html>" + nl +
+ "<head>" + nl +
+ "<meta http-equiv=\"content-type\" content=\"text/html; charset=UTF-8\">" + nl +
+ "<title>Anmeldung mit B&uuml;rgerkarte</title>" + nl +
+ "</head>" + nl +
+ "<body>" + nl +
+ "<p>Wollen Sie sich als <b>"+NAME_TAG+"</b> bei <b>"+OA_TAG+
+ "</b> anmelden?</p>" + nl +
+ "<form name=\"GetIdentityLinkForm\"" + nl +
+ " action=\"" + OA_URL_TAG + "\"" + nl +
+ " method=\"" + FORM_METHOD_TAG + "\">" + nl +
+ ATTR_TEMP_TAG +
+ " <input type=\"submit\" value=\"Anmeldung durchf&uuml;hren\"/>" + nl +
+ "</form>" + nl +
+ "</body>" + nl +
+ "</html>";
+
+ private String template;
+
+ public LoginConfirmationBuilder(){
+ init(METHOD_GET);
+ }
+
+ public LoginConfirmationBuilder(String method) {
+ init(method);
+ }
+
+ public void init(String method) {
+ if(method.equals(METHOD_POST)) {
+ template = DEFAULT_HTML_TEMPLATE.replace(FORM_METHOD_TAG, METHOD_POST);
+ } else {
+ template = DEFAULT_HTML_TEMPLATE.replace(FORM_METHOD_TAG, METHOD_GET);
+ }
+ }
+
+ public void addParameter(String name, String value) {
+ String attr_template = ATTR_TEMPLATE + ATTR_TEMP_TAG;
+ //Logger.info("Attr Template: " + attr_template);
+ attr_template = attr_template.replace(ATTR_NAME_TAG, name);
+ //Logger.info("Attr Template: " + attr_template);
+ attr_template = attr_template.replace(ATTR_VALUE_TAG, value);
+ //Logger.info("Attr Template: " + attr_template);
+ template = template.replace(ATTR_TEMP_TAG, attr_template);
+ //Logger.info("Template: " + template);
+ }
+
+ public String finish(String oaURL, String userName, String oa) {
+ template = template.replace(NAME_TAG, userName);
+ template = template.replace(OA_TAG, oa);
+ template = template.replace(OA_URL_TAG, oaURL);
+ return template.replace(ATTR_TEMP_TAG, "");
+ }
+}
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/LoginFormBuilder.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/LoginFormBuilder.java
new file mode 100644
index 000000000..a80fcfa25
--- /dev/null
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/LoginFormBuilder.java
@@ -0,0 +1,107 @@
+package at.gv.egovernment.moa.id.auth.builder;
+
+import java.io.File;
+import java.io.FileInputStream;
+import java.io.FileNotFoundException;
+import java.io.InputStream;
+import java.io.StringWriter;
+import java.net.URI;
+
+import org.apache.commons.io.IOUtils;
+
+import at.gv.egovernment.moa.id.auth.servlet.GenerateIFrameTemplateServlet;
+import at.gv.egovernment.moa.id.config.OAParameter;
+import at.gv.egovernment.moa.id.config.auth.AuthConfigurationProvider;
+import at.gv.egovernment.moa.id.config.auth.OAAuthParameter;
+import at.gv.egovernment.moa.id.protocols.saml1.SAML1Protocol;
+import at.gv.egovernment.moa.logging.Logger;
+
+public class LoginFormBuilder {
+
+ private static final String HTMLTEMPLATESDIR = "htmlTemplates/";
+ private static final String HTMLTEMPLATEFULL = "loginFormFull.html";
+ private static final String HTMLTEMPLATEIFRAME = "loginFormIFrame.html";
+
+ private static String AUTH_URL = "#AUTH_URL#";
+ private static String MODUL = "#MODUL#";
+ private static String ACTION = "#ACTION#";
+ private static String OANAME = "#OAName#";
+ private static String BKU_ONLINE = "#ONLINE#";
+ private static String BKU_HANDY = "#HANDY#";
+ private static String BKU_LOCAL = "#LOCAL#";
+ private static String CONTEXTPATH = "#CONTEXTPATH#";
+ private static String MOASESSIONID = "#SESSIONID#";
+
+ private static String SERVLET = CONTEXTPATH+"/GenerateIframeTemplate";
+
+ private static String getTemplate(boolean isIFrame) {
+
+ String template = null;
+
+ try {
+ String pathLocation;
+
+ InputStream input;
+
+ String rootconfigdir = AuthConfigurationProvider.getInstance().getRootConfigFileDir();
+
+ if (isIFrame)
+ pathLocation = rootconfigdir + HTMLTEMPLATESDIR + HTMLTEMPLATEIFRAME;
+ else
+ pathLocation = rootconfigdir + HTMLTEMPLATESDIR + HTMLTEMPLATEFULL;
+
+ try {
+ File file = new File(new URI(pathLocation));
+ input = new FileInputStream(file);
+
+ } catch (FileNotFoundException e) {
+
+ Logger.warn("No LoginFormTempaltes found. Use Generic Templates from package.");
+
+ if (isIFrame)
+ pathLocation = "resources/templates/" + HTMLTEMPLATEIFRAME;
+ else
+ pathLocation = "resources/templates/" + HTMLTEMPLATEFULL;
+
+ input = Thread.currentThread()
+ .getContextClassLoader()
+ .getResourceAsStream(pathLocation);
+
+ }
+
+ StringWriter writer = new StringWriter();
+ IOUtils.copy(input, writer);
+ template = writer.toString();
+ template = template.replace(AUTH_URL, SERVLET);
+ template = template.replace(BKU_ONLINE, OAAuthParameter.ONLINEBKU);
+ template = template.replace(BKU_HANDY, OAAuthParameter.HANDYBKU);
+ template = template.replace(BKU_LOCAL, OAAuthParameter.LOCALBKU);
+
+ input.close();
+
+ } catch (Exception e) {
+ Logger.error("Failed to read template", e);
+ }
+ return template;
+ }
+
+ public static String buildLoginForm(String modul, String action, String oaname, String contextpath, boolean isIFrame, String moaSessionID) {
+ String value = getTemplate(isIFrame);
+
+ if(value != null) {
+ if(modul == null) {
+ modul = SAML1Protocol.PATH;
+ }
+ if(action == null) {
+ action = SAML1Protocol.GETARTIFACT;
+ }
+ value = value.replace(MODUL, modul);
+ value = value.replace(ACTION, action);
+ value = value.replace(OANAME, oaname);
+ value = value.replace(CONTEXTPATH, contextpath);
+ value = value.replace(MOASESSIONID, moaSessionID);
+ }
+ return value;
+ }
+
+}
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/RedirectFormBuilder.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/RedirectFormBuilder.java
new file mode 100644
index 000000000..6d10f5519
--- /dev/null
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/RedirectFormBuilder.java
@@ -0,0 +1,43 @@
+package at.gv.egovernment.moa.id.auth.builder;
+
+import java.io.InputStream;
+import java.io.StringWriter;
+
+import org.apache.commons.io.IOUtils;
+
+import at.gv.egovernment.moa.id.auth.servlet.GenerateIFrameTemplateServlet;
+import at.gv.egovernment.moa.id.protocols.saml1.SAML1Protocol;
+import at.gv.egovernment.moa.logging.Logger;
+
+public class RedirectFormBuilder {
+
+ private static String URL = "#URL#";
+ private static String template;
+
+ private static String getTemplate() {
+
+ if (template == null) {
+ try {
+ String classpathLocation = "resources/templates/redirectForm.html";
+ InputStream input = Thread.currentThread()
+ .getContextClassLoader()
+ .getResourceAsStream(classpathLocation);
+ StringWriter writer = new StringWriter();
+ IOUtils.copy(input, writer);
+ template = writer.toString();
+ } catch (Exception e) {
+ Logger.error("Failed to read template", e);
+ }
+ }
+
+ return template;
+ }
+
+ public static String buildLoginForm(String url) {
+ String value = getTemplate();
+ value = value.replace(URL, url);
+
+ return value;
+ }
+
+}
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/SAMLArtifactBuilder.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/SAMLArtifactBuilder.java
index a0fe0de1b..304a5b70c 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/SAMLArtifactBuilder.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/SAMLArtifactBuilder.java
@@ -72,7 +72,7 @@ public class SAMLArtifactBuilder {
MessageDigest md = MessageDigest.getInstance("SHA-1");
byte[] sourceID;
// alternative sourceId
- String alternativeSourceID = AuthConfigurationProvider.getInstance().getGenericConfigurationParameter(GENERIC_CONFIG_PARAM_SOURCEID);
+ String alternativeSourceID = AuthConfigurationProvider.getInstance().getAlternativeSourceID();
// if sourceID is given in GET/POST param - use this as source id
if (!ParepUtils.isEmpty(sourceIdParam)) {
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/SendAssertionFormBuilder.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/SendAssertionFormBuilder.java
new file mode 100644
index 000000000..956593237
--- /dev/null
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/SendAssertionFormBuilder.java
@@ -0,0 +1,98 @@
+package at.gv.egovernment.moa.id.auth.builder;
+
+import java.io.File;
+import java.io.FileInputStream;
+import java.io.FileNotFoundException;
+import java.io.InputStream;
+import java.io.StringWriter;
+import java.net.URI;
+
+import org.apache.commons.io.IOUtils;
+
+import at.gv.egovernment.moa.id.auth.servlet.GenerateIFrameTemplateServlet;
+import at.gv.egovernment.moa.id.config.OAParameter;
+import at.gv.egovernment.moa.id.config.auth.AuthConfigurationProvider;
+import at.gv.egovernment.moa.id.config.auth.OAAuthParameter;
+import at.gv.egovernment.moa.id.protocols.saml1.SAML1Protocol;
+import at.gv.egovernment.moa.logging.Logger;
+
+public class SendAssertionFormBuilder {
+
+ private static final String HTMLTEMPLATESDIR = "htmlTemplates/";
+ private static final String HTMLTEMPLATEFULL = "sendAssertionFormFull.html";
+ private static final String HTMLTEMPLATEIFRAME = "sendAssertionFormIFrame.html";
+
+ private static String URL = "#URL#";
+ private static String MODUL = "#MODUL#";
+ private static String ACTION = "#ACTION#";
+ private static String ID = "#ID#";
+ private static String OANAME = "#OAName#";
+ private static String CONTEXTPATH = "#CONTEXTPATH#";
+
+ private static String SERVLET = CONTEXTPATH+"/SSOSendAssertionServlet";
+
+ private static String getTemplate(boolean isIFrame) {
+
+ String template = null;
+
+ try {
+ String pathLocation;
+ InputStream input;
+
+ String rootconfigdir = AuthConfigurationProvider.getInstance().getRootConfigFileDir();
+
+ if (isIFrame)
+ pathLocation = rootconfigdir + HTMLTEMPLATESDIR + HTMLTEMPLATEIFRAME;
+ else
+ pathLocation = rootconfigdir + HTMLTEMPLATESDIR + HTMLTEMPLATEFULL;
+
+ try {
+ File file = new File(new URI(pathLocation));
+ input = new FileInputStream(file);
+
+ } catch (FileNotFoundException e) {
+
+ Logger.warn("No LoginFormTempaltes found. Use Generic Templates from package.");
+
+ if (isIFrame)
+ pathLocation = "resources/templates/" + HTMLTEMPLATEIFRAME;
+ else
+ pathLocation = "resources/templates/" + HTMLTEMPLATEFULL;
+
+ input = Thread.currentThread()
+ .getContextClassLoader()
+ .getResourceAsStream(pathLocation);
+
+ }
+
+ StringWriter writer = new StringWriter();
+ IOUtils.copy(input, writer);
+ template = writer.toString();
+ template = template.replace(URL, SERVLET);
+ } catch (Exception e) {
+ Logger.error("Failed to read template", e);
+ }
+
+ return template;
+ }
+
+ public static String buildForm(String modul, String action, String id, String oaname, String contextpath, boolean isIFrame) {
+ String value = getTemplate(isIFrame);
+
+ if(value != null) {
+ if(modul == null) {
+ modul = SAML1Protocol.PATH;
+ }
+ if(action == null) {
+ action = SAML1Protocol.GETARTIFACT;
+ }
+ value = value.replace(MODUL, modul);
+ value = value.replace(ACTION, action);
+ value = value.replace(ID, id);
+ value = value.replace(OANAME, oaname);
+ value = value.replace(CONTEXTPATH, contextpath);
+ }
+ return value;
+ }
+
+}
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/StartAuthenticationBuilder.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/StartAuthenticationBuilder.java
new file mode 100644
index 000000000..8a9c2b4fd
--- /dev/null
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/StartAuthenticationBuilder.java
@@ -0,0 +1,56 @@
+package at.gv.egovernment.moa.id.auth.builder;
+
+import javax.servlet.http.HttpServletRequest;
+import javax.servlet.http.HttpServletResponse;
+
+import at.gv.egovernment.moa.id.AuthenticationException;
+import at.gv.egovernment.moa.id.MOAIDException;
+import at.gv.egovernment.moa.id.auth.AuthenticationServer;
+import at.gv.egovernment.moa.id.auth.WrongParametersException;
+import at.gv.egovernment.moa.id.auth.data.AuthenticationSession;
+import at.gv.egovernment.moa.id.config.auth.AuthConfigurationProvider;
+import at.gv.egovernment.moa.id.config.stork.STORKConfig;
+import at.gv.egovernment.moa.logging.Logger;
+import at.gv.egovernment.moa.util.StringUtils;
+
+public class StartAuthenticationBuilder {
+
+ private static StartAuthenticationBuilder instance = null;
+
+ public static StartAuthenticationBuilder getInstance() {
+ if (instance == null) {
+ instance = new StartAuthenticationBuilder();
+ }
+ return instance;
+ }
+
+
+ public String build(AuthenticationSession moasession, HttpServletRequest req,
+ HttpServletResponse resp) throws WrongParametersException, MOAIDException {
+
+ if (moasession == null) {
+ throw new AuthenticationException("auth.18", new Object[] { });
+ }
+
+ STORKConfig storkConfig = AuthConfigurationProvider.getInstance().getStorkConfig();
+
+ Logger.info("Starting authentication for a citizen of country: " + (StringUtils.isEmpty(moasession.getCcc()) ? "AT" : moasession.getCcc()));
+ // STORK or normal authentication
+ if (storkConfig.isSTORKAuthentication(moasession.getCcc())) {
+ //STORK authentication
+ Logger.trace("Found C-PEPS configuration for citizen of country: " + moasession.getCcc());
+ Logger.debug("Starting STORK authentication");
+
+ AuthenticationServer.startSTORKAuthentication(req, resp, moasession);
+ return "";
+
+ } else {
+ //normal MOA-ID authentication
+ Logger.debug("Starting normal MOA-ID authentication");
+
+ String getIdentityLinkForm = AuthenticationServer.getInstance().startAuthentication(moasession, req.getScheme());
+
+ return getIdentityLinkForm;
+ }
+ }
+}
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/VerifyXMLSignatureRequestBuilder.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/VerifyXMLSignatureRequestBuilder.java
index 5e6d47bdf..b65b3db0d 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/VerifyXMLSignatureRequestBuilder.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/VerifyXMLSignatureRequestBuilder.java
@@ -24,6 +24,8 @@
package at.gv.egovernment.moa.id.auth.builder;
+import java.util.List;
+
import javax.xml.parsers.DocumentBuilder;
import javax.xml.parsers.DocumentBuilderFactory;
@@ -253,7 +255,7 @@ public class VerifyXMLSignatureRequestBuilder {
*/
public Element build(
CreateXMLSignatureResponse csr,
- String[] verifyTransformsInfoProfileID,
+ List<String> verifyTransformsInfoProfileID,
String trustProfileID)
throws BuildException { //samlAssertionObject
@@ -286,13 +288,25 @@ public class VerifyXMLSignatureRequestBuilder {
// add the transform profile IDs
Element referenceInfoElem = requestDoc_.createElementNS(MOA_NS_URI, "ReferenceInfo");
signatureManifestCheckParamsElem.appendChild(referenceInfoElem);
- for (int i = 0; i < verifyTransformsInfoProfileID.length; i++) {
- Element verifyTransformsInfoProfileIDElem =
- requestDoc_.createElementNS(MOA_NS_URI, "VerifyTransformsInfoProfileID");
- referenceInfoElem.appendChild(verifyTransformsInfoProfileIDElem);
- verifyTransformsInfoProfileIDElem.appendChild(
- requestDoc_.createTextNode(verifyTransformsInfoProfileID[i]));
- }
+
+// for (int i = 0; i < verifyTransformsInfoProfileID.length; i++) {
+//
+// Element verifyTransformsInfoProfileIDElem =
+// requestDoc_.createElementNS(MOA_NS_URI, "VerifyTransformsInfoProfileID");
+// referenceInfoElem.appendChild(verifyTransformsInfoProfileIDElem);
+// verifyTransformsInfoProfileIDElem.appendChild(
+// requestDoc_.createTextNode(verifyTransformsInfoProfileID[i]));
+// }
+
+ for (String element : verifyTransformsInfoProfileID) {
+
+ Element verifyTransformsInfoProfileIDElem =
+ requestDoc_.createElementNS(MOA_NS_URI, "VerifyTransformsInfoProfileID");
+ referenceInfoElem.appendChild(verifyTransformsInfoProfileIDElem);
+ verifyTransformsInfoProfileIDElem.appendChild(
+ requestDoc_.createTextNode(element));
+ }
+
Element returnHashInputDataElem =
requestDoc_.createElementNS(MOA_NS_URI, "ReturnHashInputData");
requestElem_.appendChild(returnHashInputDataElem);
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/data/AuthenticationSession.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/data/AuthenticationSession.java
index e861c62fa..4560e69cf 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/data/AuthenticationSession.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/data/AuthenticationSession.java
@@ -21,59 +21,73 @@
* that you distribute must include a readable copy of the "NOTICE" text file.
*/
-
package at.gv.egovernment.moa.id.auth.data;
-
-
import iaik.x509.X509Certificate;
+import java.io.IOException;
+import java.io.Serializable;
+import java.security.cert.CertificateEncodingException;
+import java.security.cert.CertificateException;
import java.util.ArrayList;
import java.util.Date;
import java.util.Iterator;
import java.util.List;
import java.util.Vector;
+import javax.xml.parsers.ParserConfigurationException;
+
+import org.w3c.dom.Element;
+import org.xml.sax.SAXException;
+
import at.gv.egovernment.moa.id.auth.validator.InfoboxValidator;
import at.gv.egovernment.moa.id.auth.validator.parep.ParepUtils;
import at.gv.egovernment.moa.id.data.AuthenticationData;
+import at.gv.egovernment.moa.id.protocols.pvp2x.exceptions.PVP2Exception;
+import at.gv.egovernment.moa.id.util.client.mis.simple.MISMandate;
import at.gv.egovernment.moa.logging.Logger;
import at.gv.egovernment.moa.util.Constants;
+import at.gv.egovernment.moa.util.DOMUtils;
import eu.stork.mw.messages.saml.STORKAuthnRequest;
/**
- * Session data to be stored between <code>AuthenticationServer</code> API calls.
+ * Session data to be stored between <code>AuthenticationServer</code> API
+ * calls.
*
* @author Paul Ivancsics
* @version $Id$
*/
-public class AuthenticationSession {
-
- private static String TARGET_PREFIX_ = Constants.URN_PREFIX_CDID + "+";
- private static String REGISTERANDORDNR_PREFIX_ = Constants.URN_PREFIX_WBPK + "+";
-
+public class AuthenticationSession implements Serializable {
+
+ /**
+ *
+ */
+ private static final long serialVersionUID = 1L;
+
+ public static final String TARGET_PREFIX_ = Constants.URN_PREFIX_CDID + "+";
+ public static final String REGISTERANDORDNR_PREFIX_ = Constants.URN_PREFIX_WBPK
+ + "+";
+
/**
* session ID
*/
private String sessionID;
/**
- * "Gesch&auml;ftsbereich" the online application belongs to; maybe <code>null</code>
- * if the online application is a business application
+ * "Gesch&auml;ftsbereich" the online application belongs to; maybe
+ * <code>null</code> if the online application is a business application
*/
private String target;
/**
- * Friendly name for the target, if target is configured via MOA-ID configuration
+ * Friendly name for the target, if target is configured via MOA-ID
+ * configuration
*/
private String targetFriendlyName;
-
+
/**
* SourceID
*/
private String sourceID;
- /**
- * Indicates if target from configuration is used or not
- */
- private boolean useTargetFromConfig;
+
/**
* public online application URL requested
*/
@@ -86,758 +100,1037 @@ public class AuthenticationSession {
* URL of MOA ID authentication component
*/
private String authURL;
- /**
- * HTML template URL
- */
- private String templateURL;
-
- /**
- * URL of the BKU
- */
- private String bkuURL;
-
- /**
- * Use mandate
- */
- private boolean useMandate;
-
- /**
- * Reference value for mandate
- */
- private String mandateReferenceValue;
-
- /**
- * Authentication data for the assertion
- */
- private AuthenticationData assertionAuthData;
-
- /**
- * Persondata for the assertion
- */
- private String assertionPrPerson;
-
- /**
- * Authblock for the assertion
- */
- private String assertionAuthBlock;
-
- /**
- * Identitylink assertion for the (MOA) assertion
- */
- private String assertionIlAssertion;
-
- /**
- * Signer certificate (base64 encoded) for the assertion
- */
- private String assertionSignerCertificateBase64;
-
- /**
- * bussiness service for the assertion
- */
- boolean assertionBusinessService;
-
- /**
- * SessionID for MIS
- */
- private String misSessionID;
+ /**
+ * HTML template URL
+ */
+ private String templateURL;
+
+ /**
+ * URL of the BKU
+ */
+ private String bkuURL;
+
+ /**
+ * Indicates whether the corresponding online application is a business
+ * service or not
+ */
+ private boolean businessService;
+
+ //Store Mandate
+ /**
+ * Use mandate
+ */
+ private boolean useMandate;
+
+
+ private boolean isOW = false;
+
+
+ /**
+ * STORK
+ */
+ private String ccc;
+
+ /**
+ *
+ * Mandate element
+ */
+ private MISMandate mandate;
+
+ /**
+ * Reference value for mandate
+ * bussiness service for the assertion
+ */
+ private String mandateReferenceValue;
+
+ /**
+ * SessionID for MIS
+ */
+ private String misSessionID;
+
+ //store Identitylink
/**
* identity link read from smartcard
*/
private IdentityLink identityLink;
+
+ /**
+ * timestamp logging when identity link has been received
+ */
+ private Date timestampIdentityLink;
+
+ //store Authblock
/**
* authentication block to be signed by the user
*/
private String authBlock;
+
/**
- * timestamp logging when authentication session has been created
+ * The issuing time of the AUTH-Block SAML assertion.
*/
- private Date timestampStart;
+ private String issueInstant;
+
+ //Signer certificate
/**
- * timestamp logging when identity link has been received
+ * Signer certificate of the foreign citizen or for mandate mode
*/
- private Date timestampIdentityLink;
- /**
- * Indicates whether the corresponding online application is a business
- * service or not
- */
- private boolean businessService;
-
- /**
- * Signer certificate of the foreign citizen or for mandate mode
- */
- private X509Certificate signerCertificate;
- /**
- * SAML attributes from an extended infobox validation to be appended
- * to the SAML assertion delivered to the final online application.
- */
- private List extendedSAMLAttributesOA;
-
- /**
- * The boolean value for either a target or a wbPK is provided as
- * SAML Attribute in the SAML Assertion or not.
- */
- private boolean samlAttributeGebeORwbpk;
-
- /**
- * SAML attributes from an extended infobox validation to be appended
- * to the SAML assertion of the AUTHBlock.
- */
- private List extendedSAMLAttributesAUTH;
-
- /**
- * The issuing time of the AUTH-Block SAML assertion.
- */
- private String issueInstant;
-
- /**
- * If infobox validators are needed after signing, they can be stored in
- * this list.
- */
- private List infoboxValidators;
-
- /**
- * The register and number in the register parameter in case of a business
- * service application.
- */
- private String domainIdentifier;
-
- /**
- * This string contains all identifiers of infoboxes, the online application
- * is configured to accept. The infobox identifiers are comma separated.
- */
- private String pushInfobox;
-
- /**
- * The STORK AuthRequest to be sent to the C-PEPS
- */
- private STORKAuthnRequest storkAuthnRequest;
-
- /**
- * Constructor for AuthenticationSession.
- *
- * @param id Session ID
- */
- public AuthenticationSession(String id) {
- sessionID = id;
- setTimestampStart();
- infoboxValidators = new ArrayList();
- }
-
- public X509Certificate getSignerCertificate() {
- return signerCertificate;
- }
-
- public void setSignerCertificate(X509Certificate signerCertificate) {
- this.signerCertificate = signerCertificate;
- }
-
- /**
- * Returns the identityLink.
- * @return IdentityLink
- */
- public IdentityLink getIdentityLink() {
- return identityLink;
- }
-
- /**
- * Returns the sessionID.
- * @return String
- */
- public String getSessionID() {
- return sessionID;
- }
-
- /**
- * Sets the identityLink.
- * @param identityLink The identityLink to set
- */
- public void setIdentityLink(IdentityLink identityLink) {
- this.identityLink = identityLink;
- }
-
- /**
- * Sets the sessionID.
- * @param sessionId The sessionID to set
- */
- public void setSessionID(String sessionId) {
- this.sessionID = sessionId;
- }
-
- /**
- * Returns the oaURLRequested.
- * @return String
- */
- public String getOAURLRequested() {
- return oaURLRequested;
- }
-
- /**
- * Returns the oaURLRequested.
- * @return String
- */
- public String getPublicOAURLPrefix() {
- return oaPublicURLPrefix;
- }
-
- /**
- * Returns the BKU URL.
- * @return String
- */
- public String getBkuURL() {
- return bkuURL;
- }
-
- /**
- * Returns the target.
- * @return String
- */
- public String getTarget() {
- return target;
- }
-
- /**
- * Returns the sourceID.
- * @return String
- */
- public String getSourceID() {
- return sourceID;
- }
-
- /**
- * Returns the target friendly name.
- * @return String
- */
- public String getTargetFriendlyName() {
- return targetFriendlyName;
- }
-
- /**
- * Sets the oaURLRequested.
- * @param oaURLRequested The oaURLRequested to set
- */
- public void setOAURLRequested(String oaURLRequested) {
- this.oaURLRequested = oaURLRequested;
- }
-
- /**
- * Sets the oaPublicURLPrefix
- * @param oaPublicURLPrefix The oaPublicURLPrefix to set
- */
- public void setPublicOAURLPrefix(String oaPublicURLPrefix) {
- this.oaPublicURLPrefix = oaPublicURLPrefix;
- }
-
- /**
- * Sets the bkuURL
- * @param bkuURL The BKU URL to set
- */
- public void setBkuURL(String bkuURL) {
- this.bkuURL = bkuURL;
- }
-
- /**
- * Sets the target. If the target includes the target prefix, the prefix will be stripped off.
- * @param target The target to set
- */
- public void setTarget(String target) {
- if (target != null && target.startsWith(TARGET_PREFIX_))
- {
- // If target starts with prefix "urn:publicid:gv.at:cdid+"; remove prefix
- this.target = target.substring(TARGET_PREFIX_.length());
- Logger.debug("Target prefix stripped off; resulting target: " + this.target);
- }
- else
- {
- this.target = target;
- }
- }
-
- /**
- * Sets the sourceID
- * @param sourceID The sourceID to set
- */
- public void setSourceID(String sourceID) {
- this.sourceID = sourceID;
- }
-
- /**
- * Sets the target. If the target includes the target prefix, the prefix will be stripped off.
- * @param target The target to set
- */
- public void setTargetFriendlyName(String targetFriendlyName) {
- this.targetFriendlyName = targetFriendlyName;
- }
-
- /**
- * Returns the authURL.
- * @return String
- */
- public String getAuthURL() {
- return authURL;
- }
-
- /**
- * Sets the authURL.
- * @param authURL The authURL to set
- */
- public void setAuthURL(String authURL) {
- this.authURL = authURL;
- }
-
- /**
- * Returns the authBlock.
- * @return String
- */
- public String getAuthBlock() {
- return authBlock;
- }
-
- /**
- * Sets the authBlock.
- * @param authBlock The authBlock to set
- */
- public void setAuthBlock(String authBlock) {
- this.authBlock = authBlock;
- }
-
- /**
- * Returns the timestampIdentityLink.
- * @return Date
- */
- public Date getTimestampIdentityLink() {
- return timestampIdentityLink;
- }
-
- /**
- * Returns the businessService.
- * @return <code>true</code> if the corresponding online application is
- * a business application, otherwise <code>false</code>
- */
- public boolean getBusinessService() {
- return businessService;
- }
-
- /**
- * Sets the businessService variable.
- * @param businessService the value for setting the businessService variable.
- */
- public void setBusinessService(boolean businessService) {
- this.businessService = businessService;
- }
-
- /**
- * Returns the timestampStart.
- * @return Date
- */
- public Date getTimestampStart() {
- return timestampStart;
- }
-
- /**
- * Sets the current date as timestampIdentityLink.
- */
- public void setTimestampIdentityLink() {
- timestampIdentityLink = new Date();
- }
-
- /**
- * Sets the current date as timestampStart.
- */
- public void setTimestampStart() {
- timestampStart = new Date();
- }
-
- /**
- * @return template URL
- */
- public String getTemplateURL() {
- return templateURL;
- }
-
-
- /**
- * @param string the template URL
- */
- public void setTemplateURL(String string) {
- templateURL = string;
- }
-
-
- /**
- * Returns the SAML Attributes to be appended to the AUTHBlock. Maybe <code>null</code>.
- *
- * @return The SAML Attributes to be appended to the AUTHBlock. Maybe <code>null</code>.
- */
- public List getExtendedSAMLAttributesAUTH() {
- return extendedSAMLAttributesAUTH;
- }
-
- /**
- * Sets the SAML Attributes to be appended to the AUTHBlock.
- *
- * @param extendedSAMLAttributesAUTH The SAML Attributes to be appended to the AUTHBlock.
- */
- public void setExtendedSAMLAttributesAUTH(
- List extendedSAMLAttributesAUTH) {
- this.extendedSAMLAttributesAUTH = extendedSAMLAttributesAUTH;
- }
-
- /**
- * Returns the SAML Attributes to be appended to the SAML assertion
- * delivered to the online application. Maybe <code>null</code>.
- *
- * @return The SAML Attributes to be appended to the SAML assertion
- * delivered to the online application
- */
- public List getExtendedSAMLAttributesOA() {
- return extendedSAMLAttributesOA;
- }
-
- /**
- * Sets the SAML Attributes to be appended to the SAML assertion
- * delivered to the online application.
- *
- * @param extendedSAMLAttributesOA The SAML Attributes to be appended to the SAML
- * assertion delivered to the online application.
- */
- public void setExtendedSAMLAttributesOA(
- List extendedSAMLAttributesOA) {
- this.extendedSAMLAttributesOA = extendedSAMLAttributesOA;
- }
-
- /**
- * Returns the boolean value for either a target or a wbPK is
- * provided as SAML Attribute in the SAML Assertion or not.
- *
- * @return true either a target or a wbPK is provided as SAML Attribute
- * in the SAML Assertion or false if not.
- */
- public boolean getSAMLAttributeGebeORwbpk() {
- return this.samlAttributeGebeORwbpk;
- }
-
- /**
- * Sets the boolean value for either a target or a wbPK is
- * provided as SAML Attribute in the SAML Assertion or not.
- *
- * @param samlAttributeGebeORwbpk The boolean for value either a target or
- * wbPK is provided as SAML Attribute in the SAML Assertion or not.
- */
- public void setSAMLAttributeGebeORwbpk(boolean samlAttributeGebeORwbpk) {
- this.samlAttributeGebeORwbpk = samlAttributeGebeORwbpk;
- }
-
- /**
- * Returns the issuing time of the AUTH-Block SAML assertion.
- *
- * @return The issuing time of the AUTH-Block SAML assertion.
- */
- public String getIssueInstant() {
- return issueInstant;
- }
-
- /**
- * Sets the issuing time of the AUTH-Block SAML assertion.
- *
- * @param issueInstant The issueInstant to set.
- */
- public void setIssueInstant(String issueInstant) {
- this.issueInstant = issueInstant;
- }
-
- /**
- * Returns the iterator to the stored infobox validators.
- * @return Iterator
- */
- public Iterator getInfoboxValidatorIterator() {
- if (infoboxValidators==null) return null;
- return infoboxValidators.iterator();
- }
-
- /**
- * Adds an infobox validator class to the stored infobox validators.
- * @param infoboxIdentifier the identifier of the infobox the validator belongs to
- * @param infoboxFriendlyName the friendly name of the infobox
- * @param infoboxValidator the infobox validator to add
- */
- public Iterator addInfoboxValidator(String infoboxIdentifier, String infoboxFriendlyName, InfoboxValidator infoboxValidator) {
- if (infoboxValidators==null) infoboxValidators = new ArrayList();
- Vector v = new Vector(3);
- v.add(infoboxIdentifier);
- v.add(infoboxFriendlyName);
- v.add(infoboxValidator);
- infoboxValidators.add(v);
- return infoboxValidators.iterator();
- }
-
- /**
- * Tests for pending input events of the infobox validators.
- * @return true if a validator has a form to show
- */
- public boolean isValidatorInputPending() {
- boolean result = false;
- Iterator iter = getInfoboxValidatorIterator();
- if (iter != null) {
- while (!result && iter.hasNext()) {
- Vector infoboxValidatorVector = (Vector) iter.next();
- InfoboxValidator infoboxvalidator = (InfoboxValidator) infoboxValidatorVector.get(2);
- if (!ParepUtils.isEmpty(infoboxvalidator.getForm())) result=true;
- }
- }
- return result;
- }
-
- /**
- * Returns the first pending infobox validator.
- * @return the infobox validator class
- */
- public InfoboxValidator getFirstPendingValidator() {
- Iterator iter = getInfoboxValidatorIterator();
- if (iter != null) {
- while (iter.hasNext()) {
- Vector infoboxValidatorVector = (Vector) iter.next();
- InfoboxValidator infoboxvalidator = (InfoboxValidator) infoboxValidatorVector.get(2);
- String form = infoboxvalidator.getForm();
- if (!ParepUtils.isEmpty(form)) return infoboxvalidator;
- }
- }
- return null;
- }
-
- /**
- * Returns the input form of the first pending infobox validator input processor.
- * @return the form to show
- */
- public String getFirstValidatorInputForm() {
- Iterator iter = getInfoboxValidatorIterator();
- if (iter != null) {
- while (iter.hasNext()) {
- Vector infoboxValidatorVector = (Vector) iter.next();
- InfoboxValidator infoboxvalidator = (InfoboxValidator) infoboxValidatorVector.get(2);
- String form = infoboxvalidator.getForm();
- if (!ParepUtils.isEmpty(form)) return form;
- }
- }
- return null;
- }
-
- /**
- * Returns domain identifier (the register and number in the register parameter).
- * <code>null</code> in the case of not a business service.
- *
- * @return the domainIdentifier
- */
- public String getDomainIdentifier() {
- return domainIdentifier;
- }
-
- /**
- * Sets the register and number in the register parameter if the application
- * is a business service.
- * If the domain identifier includes the registerAndOrdNr prefix, the prefix
- * will be stripped off.
- *
- * @param domainIdentifier the domain identifier to set
- */
- public void setDomainIdentifier(String domainIdentifier) {
- if (domainIdentifier != null && domainIdentifier.startsWith(REGISTERANDORDNR_PREFIX_))
- {
- // If domainIdentifier starts with prefix "urn:publicid:gv.at:wbpk+"; remove this prefix
- this.domainIdentifier = domainIdentifier.substring(REGISTERANDORDNR_PREFIX_.length());
- Logger.debug("Register and ordernumber prefix stripped off; resulting register string: " + this.domainIdentifier);
- }
- else
- {
- this.domainIdentifier = domainIdentifier;
- }
- }
-
- /**
- * Gets all identifiers of infoboxes, the online application
- * is configured to accept. The infobox identifiers are comma separated.
- *
- * @return the string containing infobox identifiers
- */
- public String getPushInfobox() {
- if (pushInfobox==null) return "";
- return pushInfobox;
- }
-
- /**
- * @param pushInfobox the infobox identifiers to set (comma separated)
- */
- public void setPushInfobox(String pushInfobox) {
- this.pushInfobox = pushInfobox;
- }
-
- /**
- *
- * @param useMandate indicates if mandate is used or not
- */
- public void setUseMandate(String useMandate) {
- if (useMandate.compareToIgnoreCase("true") == 0)
- this.useMandate = true;
- else
- this.useMandate = false;
-
- }
-
- /**
- * Returns if mandate is used or not
- * @return
- */
- public boolean getUseMandate() {
- return this.useMandate;
- }
-
- /**
- *
- * @param useTargetFromConfig indicates if target from config is used or not
- */
- public void setUseTargetFromConfig(boolean useTargetFromConfig) {
- this.useTargetFromConfig = useTargetFromConfig;
-
- }
-
- /**
- * Returns if target is used from mandate or not
- * @return
- */
- public boolean getUseTargetFromConfig() {
- return this.useTargetFromConfig;
- }
-
- /**
- *
- * @param misSessionID indicates the MIS session ID
- */
- public void setMISSessionID(String misSessionID) {
- this.misSessionID = misSessionID;
- }
-
- /**
- * Returns the MIS session ID
- * @return
- */
- public String getMISSessionID() {
- return this.misSessionID;
- }
-
- /**
- * @return the assertionAuthData
- */
- public AuthenticationData getAssertionAuthData() {
- return assertionAuthData;
- }
-
- /**
- * @param assertionAuthData the assertionAuthData to set
- */
- public void setAssertionAuthData(AuthenticationData assertionAuthData) {
- this.assertionAuthData = assertionAuthData;
- }
-
- /**
- * @return the assertionPrPerson
- */
- public String getAssertionPrPerson() {
- return assertionPrPerson;
- }
-
- /**
- * @param assertionPrPerson the assertionPrPerson to set
- */
- public void setAssertionPrPerson(String assertionPrPerson) {
- this.assertionPrPerson = assertionPrPerson;
- }
-
- /**
- * @return the assertionAuthBlock
- */
- public String getAssertionAuthBlock() {
- return assertionAuthBlock;
- }
-
- /**
- * @param assertionAuthBlock the assertionAuthBlock to set
- */
- public void setAssertionAuthBlock(String assertionAuthBlock) {
- this.assertionAuthBlock = assertionAuthBlock;
- }
-
- /**
- * @return the assertionIlAssertion
- */
- public String getAssertionIlAssertion() {
- return assertionIlAssertion;
- }
-
- /**
- * @param assertionIlAssertion the assertionIlAssertion to set
- */
- public void setAssertionIlAssertion(String assertionIlAssertion) {
- this.assertionIlAssertion = assertionIlAssertion;
- }
-
- /**
- * @return the assertionSignerCertificateBase64
- */
- public String getAssertionSignerCertificateBase64() {
- return assertionSignerCertificateBase64;
- }
-
- /**
- * @param assertionSignerCertificateBase64 the assertionSignerCertificateBase64 to set
- */
- public void setAssertionSignerCertificateBase64(String assertionSignerCertificateBase64) {
- this.assertionSignerCertificateBase64 = assertionSignerCertificateBase64;
- }
-
- /**
- * @return the assertionBusinessService
- */
- public boolean getAssertionBusinessService() {
- return assertionBusinessService;
- }
-
- /**
- * @param assertionBusinessService the assertionBusinessService to set
- */
- public void setAssertionBusinessService(boolean assertionBusinessService) {
- this.assertionBusinessService = assertionBusinessService;
- }
-
- /**
- * @return the mandateReferenceValue
- */
- public String getMandateReferenceValue() {
- return mandateReferenceValue;
- }
-
- /**
- * @param mandateReferenceValue the mandateReferenceValue to set
- */
- public void setMandateReferenceValue(String mandateReferenceValue) {
- this.mandateReferenceValue = mandateReferenceValue;
- }
-
- /**
- * Gets the STORK SAML AuthnRequest
- * @return STORK SAML AuthnRequest
- */
- public STORKAuthnRequest getStorkAuthnRequest() {
- return storkAuthnRequest;
+ //private X509Certificate signerCertificate;
+ private byte[] signerCertificate;
+
+
+ /**
+ * SAML attributes from an extended infobox validation to be appended to the
+ * SAML assertion delivered to the final online application.
+ */
+ private List extendedSAMLAttributesOA;
+
+ /**
+ * The boolean value for either a target or a wbPK is provided as SAML
+ * Attribute in the SAML Assertion or not.
+ */
+ private boolean samlAttributeGebeORwbpk;
+
+ /**
+ * SAML attributes from an extended infobox validation to be appended to the
+ * SAML assertion of the AUTHBlock.
+ */
+ private List extendedSAMLAttributesAUTH;
+
+
+ //TODO: check if it is in use!
+ /**
+ * If infobox validators are needed after signing, they can be stored in
+ * this list.
+ */
+ private List infoboxValidators;
+
+ /**
+ * The register and number in the register parameter in case of a business
+ * service application.
+ */
+ private String domainIdentifier;
+
+ /**
+ * This string contains all identifiers of infoboxes, the online application
+ * is configured to accept. The infobox identifiers are comma separated.
+ */
+ private String pushInfobox;
+
+ /**
+ * The STORK AuthRequest to be sent to the C-PEPS
+ */
+ private STORKAuthnRequest storkAuthnRequest;
+
+
+
+ //private AuthenticationData authData;
+
+ //protocol selection
+ private String action;
+ private String modul;
+
+ private boolean authenticated;
+ private boolean authenticatedUsed = false;
+
+ private boolean ssoRequested = false;
+
+// /**
+// * Indicates if target from configuration is used or not
+// */
+// private boolean useTargetFromConfig;
+
+// /**
+// * Authentication data for the assertion
+// */
+// private AuthenticationData assertionAuthData;
+//
+// /**
+// * Persondata for the assertion
+// */
+// private String assertionPrPerson;
+//
+// /**
+// * Authblock for the assertion
+// */
+// private String assertionAuthBlock;
+//
+// /**
+// * Identitylink assertion for the (MOA) assertion
+// */
+// private String assertionIlAssertion;
+//
+// /**
+// * Signer certificate (base64 encoded) for the assertion
+// */
+// private String assertionSignerCertificateBase64;
+//
+// /**
+// * bussiness service for the assertion
+// */
+// boolean assertionBusinessService;
+//
+// /**
+// * timestamp logging when authentication session has been created
+// */
+// private Date timestampStart;
+// private CreateXMLSignatureResponse XMLCreateSignatureResponse;
+
+ private VerifyXMLSignatureResponse XMLVerifySignatureResponse;
+
+ private boolean isForeigner;
+
+// private String requestedProtocolURL = null;
+
+ public String getModul() {
+ return modul;
+ }
+
+ public void setModul(String modul) {
+ this.modul = modul;
+ }
+
+ public String getAction() {
+ return action;
+ }
+
+ public void setAction(String action) {
+ this.action = action;
+ }
+
+// public AuthenticationData getAuthData() {
+// return authData;
+// }
+//
+// public void setAuthData(AuthenticationData authData) {
+// this.authData = authData;
+// }
+
+
+ public boolean isAuthenticatedUsed() {
+ return authenticatedUsed;
+ }
+
+ public void setAuthenticatedUsed(boolean authenticatedUsed) {
+ this.authenticatedUsed = authenticatedUsed;
}
- /**
- * Sets the STORK SAML AuthnRequest
- * @param storkAuthnRequest STORK SAML AuthnRequest
- */
+ public boolean isAuthenticated() {
+ return authenticated;
+ }
+
+ public void setAuthenticated(boolean authenticated) {
+ this.authenticated = authenticated;
+ }
+
+
+// public String getRequestedProtocolURL() {
+// return requestedProtocolURL;
+// }
+//
+// public void setRequestedProtocolURL(String requestedProtocolURL) {
+// this.requestedProtocolURL = requestedProtocolURL;
+// }
+
+ /**
+ * Constructor for AuthenticationSession.
+ *
+ * @param id
+ * Session ID
+ */
+ public AuthenticationSession(String id) {
+ sessionID = id;
+// setTimestampStart();
+ infoboxValidators = new ArrayList();
+ }
+
+ public X509Certificate getSignerCertificate(){
+ try {
+ return new X509Certificate(signerCertificate);
+ } catch (CertificateException e) {
+ Logger.warn("Signer certificate can not be loaded from session database!", e);
+ return null;
+ }
+ }
+
+ public byte[] getEncodedSignerCertificate() {
+ return this.signerCertificate;
+ }
+
+ public void setSignerCertificate(X509Certificate signerCertificate) {
+ try {
+ this.signerCertificate = signerCertificate.getEncoded();
+ } catch (CertificateEncodingException e) {
+ Logger.warn("Signer certificate can not be stored to session database!", e);
+ }
+ }
+
+ /**
+ * Returns the identityLink.
+ *
+ * @return IdentityLink
+ */
+ public IdentityLink getIdentityLink() {
+ return identityLink;
+ }
+
+ /**
+ * Returns the sessionID.
+ *
+ * @return String
+ */
+ public String getSessionID() {
+ return sessionID;
+ }
+
+ /**
+ * Sets the identityLink.
+ *
+ * @param identityLink
+ * The identityLink to set
+ */
+ public void setIdentityLink(IdentityLink identityLink) {
+ this.identityLink = identityLink;
+ }
+
+ /**
+ * Sets the sessionID.
+ *
+ * @param sessionId
+ * The sessionID to set
+ */
+ public void setSessionID(String sessionId) {
+ this.sessionID = sessionId;
+ }
+
+ /**
+ * Returns the oaURLRequested.
+ *
+ * @return String
+ */
+ public String getOAURLRequested() {
+ return oaURLRequested;
+ }
+
+ /**
+ * Returns the oaURLRequested.
+ *
+ * @return String
+ */
+ public String getPublicOAURLPrefix() {
+ return oaPublicURLPrefix;
+ }
+
+ /**
+ * Returns the BKU URL.
+ *
+ * @return String
+ */
+ public String getBkuURL() {
+ return bkuURL;
+ }
+
+ /**
+ * Returns the target.
+ *
+ * @return String
+ */
+ public String getTarget() {
+ return target;
+ }
+
+ /**
+ * Returns the sourceID.
+ *
+ * @return String
+ */
+ public String getSourceID() {
+ return sourceID;
+ }
+
+ /**
+ * Returns the target friendly name.
+ *
+ * @return String
+ */
+ public String getTargetFriendlyName() {
+ return targetFriendlyName;
+ }
+
+ /**
+ * Sets the oaURLRequested.
+ *
+ * @param oaURLRequested
+ * The oaURLRequested to set
+ */
+ public void setOAURLRequested(String oaURLRequested) {
+ this.oaURLRequested = oaURLRequested;
+ }
+
+ /**
+ * Sets the oaPublicURLPrefix
+ *
+ * @param oaPublicURLPrefix
+ * The oaPublicURLPrefix to set
+ */
+ public void setPublicOAURLPrefix(String oaPublicURLPrefix) {
+ this.oaPublicURLPrefix = oaPublicURLPrefix;
+ }
+
+ /**
+ * Sets the bkuURL
+ *
+ * @param bkuURL
+ * The BKU URL to set
+ */
+ public void setBkuURL(String bkuURL) {
+ this.bkuURL = bkuURL;
+ }
+
+ /**
+ * Sets the target. If the target includes the target prefix, the prefix
+ * will be stripped off.
+ *
+ * @param target
+ * The target to set
+ */
+ public void setTarget(String target) {
+ if (target != null && target.startsWith(TARGET_PREFIX_)) {
+ // If target starts with prefix "urn:publicid:gv.at:cdid+"; remove
+ // prefix
+ this.target = target.substring(TARGET_PREFIX_.length());
+ Logger.debug("Target prefix stripped off; resulting target: "
+ + this.target);
+ } else {
+ this.target = target;
+ }
+ }
+
+ /**
+ * Sets the sourceID
+ *
+ * @param sourceID
+ * The sourceID to set
+ */
+ public void setSourceID(String sourceID) {
+ this.sourceID = sourceID;
+ }
+
+ /**
+ * Sets the target. If the target includes the target prefix, the prefix
+ * will be stripped off.
+ *
+ * @param target
+ * The target to set
+ */
+ public void setTargetFriendlyName(String targetFriendlyName) {
+ this.targetFriendlyName = targetFriendlyName;
+ }
+
+ /**
+ * Returns the authURL.
+ *
+ * @return String
+ */
+ public String getAuthURL() {
+ return authURL;
+ }
+
+ /**
+ * Sets the authURL.
+ *
+ * @param authURL
+ * The authURL to set
+ */
+ public void setAuthURL(String authURL) {
+ this.authURL = authURL;
+ }
+
+ /**
+ * Returns the authBlock.
+ *
+ * @return String
+ */
+ public String getAuthBlock() {
+ return authBlock;
+ }
+
+ /**
+ * Sets the authBlock.
+ *
+ * @param authBlock
+ * The authBlock to set
+ */
+ public void setAuthBlock(String authBlock) {
+ this.authBlock = authBlock;
+ }
+
+ /**
+ * Returns the timestampIdentityLink.
+ *
+ * @return Date
+ */
+ public Date getTimestampIdentityLink() {
+ return timestampIdentityLink;
+ }
+
+ /**
+ * Returns the businessService.
+ *
+ * @return <code>true</code> if the corresponding online application is a
+ * business application, otherwise <code>false</code>
+ */
+ public boolean getBusinessService() {
+ return businessService;
+ }
+
+ /**
+ * Sets the businessService variable.
+ *
+ * @param businessService
+ * the value for setting the businessService variable.
+ */
+ public void setBusinessService(boolean businessService) {
+ this.businessService = businessService;
+ }
+
+// /**
+// * Returns the timestampStart.
+// *
+// * @return Date
+// */
+// public Date getTimestampStart() {
+// return timestampStart;
+// }
+
+ /**
+ * Sets the current date as timestampIdentityLink.
+ */
+ public void setTimestampIdentityLink() {
+ timestampIdentityLink = new Date();
+ }
+
+// /**
+// * Sets the current date as timestampStart.
+// */
+// public void setTimestampStart() {
+// timestampStart = new Date();
+// }
+
+ /**
+ * @return template URL
+ */
+ public String getTemplateURL() {
+ return templateURL;
+ }
+
+ /**
+ * @param string
+ * the template URL
+ */
+ public void setTemplateURL(String string) {
+ templateURL = string;
+ }
+
+ /**
+ * Returns the SAML Attributes to be appended to the AUTHBlock. Maybe
+ * <code>null</code>.
+ *
+ * @return The SAML Attributes to be appended to the AUTHBlock. Maybe
+ * <code>null</code>.
+ */
+ public List getExtendedSAMLAttributesAUTH() {
+ return extendedSAMLAttributesAUTH;
+ }
+
+ /**
+ * Sets the SAML Attributes to be appended to the AUTHBlock.
+ *
+ * @param extendedSAMLAttributesAUTH
+ * The SAML Attributes to be appended to the AUTHBlock.
+ */
+ public void setExtendedSAMLAttributesAUTH(List extendedSAMLAttributesAUTH) {
+ this.extendedSAMLAttributesAUTH = extendedSAMLAttributesAUTH;
+ }
+
+ /**
+ * Returns the SAML Attributes to be appended to the SAML assertion
+ * delivered to the online application. Maybe <code>null</code>.
+ *
+ * @return The SAML Attributes to be appended to the SAML assertion
+ * delivered to the online application
+ */
+ public List getExtendedSAMLAttributesOA() {
+ return extendedSAMLAttributesOA;
+ }
+
+ /**
+ * Sets the SAML Attributes to be appended to the SAML assertion delivered
+ * to the online application.
+ *
+ * @param extendedSAMLAttributesOA
+ * The SAML Attributes to be appended to the SAML assertion
+ * delivered to the online application.
+ */
+ public void setExtendedSAMLAttributesOA(List extendedSAMLAttributesOA) {
+ this.extendedSAMLAttributesOA = extendedSAMLAttributesOA;
+ }
+
+ /**
+ * Returns the boolean value for either a target or a wbPK is provided as
+ * SAML Attribute in the SAML Assertion or not.
+ *
+ * @return true either a target or a wbPK is provided as SAML Attribute in
+ * the SAML Assertion or false if not.
+ */
+ public boolean getSAMLAttributeGebeORwbpk() {
+ return this.samlAttributeGebeORwbpk;
+ }
+
+ /**
+ * Sets the boolean value for either a target or a wbPK is provided as SAML
+ * Attribute in the SAML Assertion or not.
+ *
+ * @param samlAttributeGebeORwbpk
+ * The boolean for value either a target or wbPK is provided as
+ * SAML Attribute in the SAML Assertion or not.
+ */
+ public void setSAMLAttributeGebeORwbpk(boolean samlAttributeGebeORwbpk) {
+ this.samlAttributeGebeORwbpk = samlAttributeGebeORwbpk;
+ }
+
+ /**
+ * Returns the issuing time of the AUTH-Block SAML assertion.
+ *
+ * @return The issuing time of the AUTH-Block SAML assertion.
+ */
+ public String getIssueInstant() {
+ return issueInstant;
+ }
+
+ /**
+ * Sets the issuing time of the AUTH-Block SAML assertion.
+ *
+ * @param issueInstant
+ * The issueInstant to set.
+ */
+ public void setIssueInstant(String issueInstant) {
+ this.issueInstant = issueInstant;
+ }
+
+ /**
+ * Returns the iterator to the stored infobox validators.
+ *
+ * @return Iterator
+ */
+ public Iterator getInfoboxValidatorIterator() {
+ if (infoboxValidators == null)
+ return null;
+ return infoboxValidators.iterator();
+ }
+
+ /**
+ * Adds an infobox validator class to the stored infobox validators.
+ *
+ * @param infoboxIdentifier
+ * the identifier of the infobox the validator belongs to
+ * @param infoboxFriendlyName
+ * the friendly name of the infobox
+ * @param infoboxValidator
+ * the infobox validator to add
+ */
+ public Iterator addInfoboxValidator(String infoboxIdentifier,
+ String infoboxFriendlyName, InfoboxValidator infoboxValidator) {
+ if (infoboxValidators == null)
+ infoboxValidators = new ArrayList();
+ Vector v = new Vector(3);
+ v.add(infoboxIdentifier);
+ v.add(infoboxFriendlyName);
+ v.add(infoboxValidator);
+ infoboxValidators.add(v);
+ return infoboxValidators.iterator();
+ }
+
+ /**
+ * Tests for pending input events of the infobox validators.
+ *
+ * @return true if a validator has a form to show
+ */
+ public boolean isValidatorInputPending() {
+ boolean result = false;
+ Iterator iter = getInfoboxValidatorIterator();
+ if (iter != null) {
+ while (!result && iter.hasNext()) {
+ Vector infoboxValidatorVector = (Vector) iter.next();
+ InfoboxValidator infoboxvalidator = (InfoboxValidator) infoboxValidatorVector
+ .get(2);
+ if (!ParepUtils.isEmpty(infoboxvalidator.getForm()))
+ result = true;
+ }
+ }
+ return result;
+ }
+
+ /**
+ * Returns the first pending infobox validator.
+ *
+ * @return the infobox validator class
+ */
+ public InfoboxValidator getFirstPendingValidator() {
+ Iterator iter = getInfoboxValidatorIterator();
+ if (iter != null) {
+ while (iter.hasNext()) {
+ Vector infoboxValidatorVector = (Vector) iter.next();
+ InfoboxValidator infoboxvalidator = (InfoboxValidator) infoboxValidatorVector
+ .get(2);
+ String form = infoboxvalidator.getForm();
+ if (!ParepUtils.isEmpty(form))
+ return infoboxvalidator;
+ }
+ }
+ return null;
+ }
+
+ /**
+ * Returns the input form of the first pending infobox validator input
+ * processor.
+ *
+ * @return the form to show
+ */
+ public String getFirstValidatorInputForm() {
+ Iterator iter = getInfoboxValidatorIterator();
+ if (iter != null) {
+ while (iter.hasNext()) {
+ Vector infoboxValidatorVector = (Vector) iter.next();
+ InfoboxValidator infoboxvalidator = (InfoboxValidator) infoboxValidatorVector
+ .get(2);
+ String form = infoboxvalidator.getForm();
+ if (!ParepUtils.isEmpty(form))
+ return form;
+ }
+ }
+ return null;
+ }
+
+ /**
+ * Returns domain identifier (the register and number in the register
+ * parameter). <code>null</code> in the case of not a business service.
+ *
+ * @return the domainIdentifier
+ */
+ public String getDomainIdentifier() {
+ return domainIdentifier;
+ }
+
+ /**
+ * Sets the register and number in the register parameter if the application
+ * is a business service. If the domain identifier includes the
+ * registerAndOrdNr prefix, the prefix will be stripped off.
+ *
+ * @param domainIdentifier
+ * the domain identifier to set
+ */
+ public void setDomainIdentifier(String domainIdentifier) {
+ if (domainIdentifier != null
+ && domainIdentifier.startsWith(REGISTERANDORDNR_PREFIX_)) {
+ // If domainIdentifier starts with prefix
+ // "urn:publicid:gv.at:wbpk+"; remove this prefix
+ this.domainIdentifier = domainIdentifier
+ .substring(REGISTERANDORDNR_PREFIX_.length());
+ Logger.debug("Register and ordernumber prefix stripped off; resulting register string: "
+ + this.domainIdentifier);
+ } else {
+ this.domainIdentifier = domainIdentifier;
+ }
+ }
+
+ /**
+ * Gets all identifiers of infoboxes, the online application is configured
+ * to accept. The infobox identifiers are comma separated.
+ *
+ * @return the string containing infobox identifiers
+ */
+ public String getPushInfobox() {
+ if (pushInfobox == null)
+ return "";
+ return pushInfobox;
+ }
+
+ /**
+ * @param pushInfobox
+ * the infobox identifiers to set (comma separated)
+ */
+ public void setPushInfobox(String pushInfobox) {
+ this.pushInfobox = pushInfobox;
+ }
+
+ /**
+ *
+ * @param useMandate
+ * indicates if mandate is used or not
+ */
+ public void setUseMandate(String useMandate) {
+ if (useMandate.compareToIgnoreCase("true") == 0)
+ this.useMandate = true;
+ else
+ this.useMandate = false;
+
+ }
+
+ /**
+ * Returns if mandate is used or not
+ *
+ * @return
+ */
+ public boolean getUseMandate() {
+ return this.useMandate;
+ }
+
+// /**
+// *
+// * @param useTargetFromConfig
+// * indicates if target from config is used or not
+// */
+// public void setUseTargetFromConfig(boolean useTargetFromConfig) {
+// this.useTargetFromConfig = useTargetFromConfig;
+//
+// }
+//
+// /**
+// * Returns if target is used from mandate or not
+// *
+// * @return
+// */
+// public boolean getUseTargetFromConfig() {
+// return this.useTargetFromConfig;
+// }
+
+ /**
+ *
+ * @param misSessionID
+ * indicates the MIS session ID
+ */
+ public void setMISSessionID(String misSessionID) {
+ this.misSessionID = misSessionID;
+ }
+
+ /**
+ * Returns the MIS session ID
+ *
+ * @return
+ */
+ public String getMISSessionID() {
+ return this.misSessionID;
+ }
+
+// /**
+// * @return the assertionAuthData
+// */
+// public AuthenticationData getAssertionAuthData() {
+// return assertionAuthData;
+// }
+//
+// /**
+// * @param assertionAuthData
+// * the assertionAuthData to set
+// */
+// public void setAssertionAuthData(AuthenticationData assertionAuthData) {
+// this.assertionAuthData = assertionAuthData;
+// }
+//
+// /**
+// * @return the assertionPrPerson
+// */
+// public String getAssertionPrPerson() {
+// return assertionPrPerson;
+// }
+//
+// /**
+// * @param assertionPrPerson
+// * the assertionPrPerson to set
+// */
+// public void setAssertionPrPerson(String assertionPrPerson) {
+// this.assertionPrPerson = assertionPrPerson;
+// }
+//
+// /**
+// * @return the assertionAuthBlock
+// */
+// public String getAssertionAuthBlock() {
+// return assertionAuthBlock;
+// }
+//
+// /**
+// * @param assertionAuthBlock
+// * the assertionAuthBlock to set
+// */
+// public void setAssertionAuthBlock(String assertionAuthBlock) {
+// this.assertionAuthBlock = assertionAuthBlock;
+// }
+//
+// /**
+// * @return the assertionIlAssertion
+// */
+// public String getAssertionIlAssertion() {
+// return assertionIlAssertion;
+// }
+//
+// /**
+// * @param assertionIlAssertion
+// * the assertionIlAssertion to set
+// */
+// public void setAssertionIlAssertion(String assertionIlAssertion) {
+// this.assertionIlAssertion = assertionIlAssertion;
+// }
+//
+// /**
+// * @return the assertionSignerCertificateBase64
+// */
+// public String getAssertionSignerCertificateBase64() {
+// return assertionSignerCertificateBase64;
+// }
+//
+// /**
+// * @param assertionSignerCertificateBase64
+// * the assertionSignerCertificateBase64 to set
+// */
+// public void setAssertionSignerCertificateBase64(
+// String assertionSignerCertificateBase64) {
+// this.assertionSignerCertificateBase64 = assertionSignerCertificateBase64;
+// }
+//
+// /**
+// * @return the assertionBusinessService
+// */
+// public boolean getAssertionBusinessService() {
+// return assertionBusinessService;
+// }
+//
+// /**
+// * @param assertionBusinessService
+// * the assertionBusinessService to set
+// */
+// public void setAssertionBusinessService(boolean assertionBusinessService) {
+// this.assertionBusinessService = assertionBusinessService;
+// }
+
+ /**
+ * @return the mandateReferenceValue
+ */
+ public String getMandateReferenceValue() {
+ return mandateReferenceValue;
+ }
+
+ /**
+ * @param mandateReferenceValue
+ * the mandateReferenceValue to set
+ */
+ public void setMandateReferenceValue(String mandateReferenceValue) {
+ this.mandateReferenceValue = mandateReferenceValue;
+ }
+
+ /**
+ * Gets the STORK SAML AuthnRequest
+ *
+ * @return STORK SAML AuthnRequest
+ */
+ public STORKAuthnRequest getStorkAuthnRequest() {
+ return storkAuthnRequest;
+ }
+
+ /**
+ * Sets the STORK SAML AuthnRequest
+ *
+ * @param storkAuthnRequest
+ * STORK SAML AuthnRequest
+ */
public void setStorkAuthnRequest(STORKAuthnRequest storkAuthnRequest) {
this.storkAuthnRequest = storkAuthnRequest;
}
-
-
-
-}
+ public String getCcc() {
+ return ccc;
+ }
+
+ public void setCcc(String ccc) {
+ this.ccc = ccc;
+ }
+
+
+
+// public CreateXMLSignatureResponse getXMLCreateSignatureResponse() {
+// return XMLCreateSignatureResponse;
+// }
+//
+// public void setXMLCreateSignatureResponse(CreateXMLSignatureResponse xMLCreateSignatureResponse) {
+// XMLCreateSignatureResponse = xMLCreateSignatureResponse;
+// }
+
+ public boolean isForeigner() {
+ return isForeigner;
+ }
+
+ public void setForeigner(boolean isForeigner) {
+ this.isForeigner = isForeigner;
+ }
+
+ public VerifyXMLSignatureResponse getXMLVerifySignatureResponse() {
+ return XMLVerifySignatureResponse;
+ }
+
+ public void setXMLVerifySignatureResponse(VerifyXMLSignatureResponse xMLVerifySignatureResponse) {
+ XMLVerifySignatureResponse = xMLVerifySignatureResponse;
+ }
+
+ public MISMandate getMISMandate() {
+ return mandate;
+ }
+
+ public void setMISMandate(MISMandate mandate) {
+ this.mandate = mandate;
+ }
+
+ public Element getMandate() {
+ try {
+ byte[] byteMandate = mandate.getMandate();
+ String stringMandate = new String(byteMandate);
+ return DOMUtils.parseDocument(stringMandate, false,
+ null, null).getDocumentElement();
+
+ }catch (Throwable e) {
+ Logger.warn("Mandate content could not be generated from MISMandate.");
+ return null;
+ }
+ }
+
+ /**
+ * @return the ssoRequested
+ */
+
+ //TODO: SSO only allowed without mandates, actually!!!!!!
+ public boolean isSsoRequested() {
+ return ssoRequested && !useMandate;
+ }
+
+ /**
+ * @param ssoRequested the ssoRequested to set
+ */
+ public void setSsoRequested(boolean ssoRequested) {
+ this.ssoRequested = ssoRequested;
+ }
+
+ /**
+ * @return the isOW
+ */
+ public boolean isOW() {
+ return isOW;
+ }
+
+ /**
+ * @param isOW the isOW to set
+ */
+ public void setOW(boolean isOW) {
+ this.isOW = isOW;
+ }
+
+
+}
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/data/ExtendedSAMLAttributeImpl.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/data/ExtendedSAMLAttributeImpl.java
index 276e6414c..7523d7eaf 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/data/ExtendedSAMLAttributeImpl.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/data/ExtendedSAMLAttributeImpl.java
@@ -24,15 +24,22 @@
package at.gv.egovernment.moa.id.auth.data;
+import java.io.Serializable;
+
/**
* This class contains SAML attributes to be appended to the SAML assertion delivered to
* the Online application.
*
* @author Harald Bratko
*/
-public class ExtendedSAMLAttributeImpl implements ExtendedSAMLAttribute {
+public class ExtendedSAMLAttributeImpl implements ExtendedSAMLAttribute, Serializable{
/**
+ *
+ */
+ private static final long serialVersionUID = 1L;
+
+/**
* The value of this SAML attribute. Must be either of type <code>java.lang.String</code>
* or <code>org.w3c.Element</code>.
*/
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/data/IdentityLink.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/data/IdentityLink.java
index 0d11dc4f0..b03f23ce4 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/data/IdentityLink.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/data/IdentityLink.java
@@ -25,6 +25,7 @@
package at.gv.egovernment.moa.id.auth.data;
import java.io.IOException;
+import java.io.Serializable;
import java.security.PublicKey;
import javax.xml.transform.TransformerException;
@@ -41,7 +42,10 @@ import at.gv.egovernment.moa.util.DOMUtils;
* @author Paul Ivancsics
* @version $Id$
*/
-public class IdentityLink {
+public class IdentityLink implements Serializable{
+
+ private static final long serialVersionUID = 1L;
+
/**
* <code>"identificationValue"</code> is the translation of <code>"Stammzahl"</code>.
*/
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/data/VerifyXMLSignatureResponse.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/data/VerifyXMLSignatureResponse.java
index ce418de01..ed54683ca 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/data/VerifyXMLSignatureResponse.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/data/VerifyXMLSignatureResponse.java
@@ -24,6 +24,9 @@
package at.gv.egovernment.moa.id.auth.data;
+import java.io.Serializable;
+import java.util.Date;
+
import iaik.x509.X509Certificate;
/**
@@ -34,8 +37,11 @@ import iaik.x509.X509Certificate;
* @version $Id$
*
*/
-public class VerifyXMLSignatureResponse {
- /** The xmlDsigSubjectName to be stored */
+public class VerifyXMLSignatureResponse implements Serializable{
+
+ private static final long serialVersionUID = 1L;
+
+/** The xmlDsigSubjectName to be stored */
private String xmlDsigSubjectName;
/** The signatureCheckCode to be stored */
private int signatureCheckCode;
@@ -59,6 +65,8 @@ public class VerifyXMLSignatureResponse {
*/
private int signatureManifestCheckCode = -1;
+ private Date signingDateTime;
+
/**
* Returns the certificateCheckCode.
* @return int
@@ -221,4 +229,13 @@ public class VerifyXMLSignatureResponse {
this.signatureManifestCheckCode = signatureManifestCheckCode;
}
+ public Date getSigningDateTime() {
+ return signingDateTime;
+ }
+
+ public void setSigningDateTime(Date signingDateTime) {
+ this.signingDateTime = signingDateTime;
+ }
+
+
}
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/parser/IdentityLinkAssertionParser.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/parser/IdentityLinkAssertionParser.java
index cb3ed5ad9..a468caf73 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/parser/IdentityLinkAssertionParser.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/parser/IdentityLinkAssertionParser.java
@@ -122,7 +122,7 @@ public class IdentityLinkAssertionParser {
+ "Value";
/** Xpath expression to the Identification Value element */
- private static final String PERSON_IDENT_TYPE_XPATH =
+ public static final String PERSON_IDENT_TYPE_XPATH =
PERSON_XPATH
+ "/"
+ PDATA
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/parser/StartAuthentificationParameterParser.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/parser/StartAuthentificationParameterParser.java
new file mode 100644
index 000000000..58194361c
--- /dev/null
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/parser/StartAuthentificationParameterParser.java
@@ -0,0 +1,268 @@
+package at.gv.egovernment.moa.id.auth.parser;
+
+import java.io.UnsupportedEncodingException;
+
+import javax.servlet.http.HttpServletRequest;
+import javax.servlet.http.HttpServletResponse;
+import javax.servlet.http.HttpSession;
+
+import org.apache.commons.lang.StringEscapeUtils;
+
+import at.gv.egovernment.moa.id.AuthenticationException;
+import at.gv.egovernment.moa.id.MOAIDException;
+import at.gv.egovernment.moa.id.auth.MOAIDAuthConstants;
+import at.gv.egovernment.moa.id.auth.WrongParametersException;
+import at.gv.egovernment.moa.id.auth.data.AuthenticationSession;
+import at.gv.egovernment.moa.id.config.auth.AuthConfigurationProvider;
+import at.gv.egovernment.moa.id.config.auth.OAAuthParameter;
+import at.gv.egovernment.moa.id.moduls.IRequest;
+import at.gv.egovernment.moa.id.moduls.RequestStorage;
+import at.gv.egovernment.moa.id.protocols.saml1.SAML1Protocol;
+import at.gv.egovernment.moa.id.util.ParamValidatorUtils;
+import at.gv.egovernment.moa.logging.Logger;
+import at.gv.egovernment.moa.util.BoolUtils;
+import at.gv.egovernment.moa.util.MiscUtil;
+import at.gv.egovernment.moa.util.StringUtils;
+import at.gv.egovernment.moa.util.URLEncoder;
+
+public class StartAuthentificationParameterParser implements MOAIDAuthConstants{
+
+ public static void parse(AuthenticationSession moasession,
+ String target,
+ String oaURL,
+ String bkuURL,
+ String templateURL,
+ String useMandate,
+ String ccc,
+ String module,
+ String action,
+ HttpServletRequest req) throws WrongParametersException, MOAIDException {
+
+ String targetFriendlyName = null;
+
+// String sso = req.getParameter(PARAM_SSO);
+
+ // escape parameter strings
+ target = StringEscapeUtils.escapeHtml(target);
+ oaURL = StringEscapeUtils.escapeHtml(oaURL);
+ bkuURL = StringEscapeUtils.escapeHtml(bkuURL);
+ templateURL = StringEscapeUtils.escapeHtml(templateURL);
+ useMandate = StringEscapeUtils.escapeHtml(useMandate);
+ ccc = StringEscapeUtils.escapeHtml(ccc);
+ // sso = StringEscapeUtils.escapeHtml(sso);
+
+ // check parameter
+
+ //pvp2.x can use general identifier (equals oaURL in SAML1)
+// if (!ParamValidatorUtils.isValidOA(oaURL))
+// throw new WrongParametersException("StartAuthentication", PARAM_OA, "auth.12");
+
+ if (!ParamValidatorUtils.isValidUseMandate(useMandate))
+ throw new WrongParametersException("StartAuthentication", PARAM_USEMANDATE, "auth.12");
+ if (!ParamValidatorUtils.isValidCCC(ccc))
+ throw new WrongParametersException("StartAuthentication", PARAM_CCC, "auth.12");
+// if (!ParamValidatorUtils.isValidUseMandate(sso))
+// throw new WrongParametersException("StartAuthentication", PARAM_SSO, "auth.12");
+
+ //check UseMandate flag
+ String useMandateString = null;
+ boolean useMandateBoolean = false;
+ if ((useMandate != null) && (useMandate.compareTo("") != 0)) {
+ useMandateString = useMandate;
+ } else {
+ useMandateString = "false";
+ }
+
+ if (useMandateString.compareToIgnoreCase("true") == 0)
+ useMandateBoolean = true;
+ else
+ useMandateBoolean = false;
+
+ moasession.setUseMandate(useMandateString);
+
+
+ //load OnlineApplication configuration
+ OAAuthParameter oaParam;
+ if (moasession.getPublicOAURLPrefix() != null) {
+ oaParam = AuthConfigurationProvider.getInstance()
+ .getOnlineApplicationParameter(
+ moasession.getPublicOAURLPrefix());
+
+ if (oaParam == null)
+ throw new AuthenticationException("auth.00",
+ new Object[] { moasession.getPublicOAURLPrefix() });
+
+ } else {
+ oaParam = AuthConfigurationProvider.getInstance()
+ .getOnlineApplicationParameter(oaURL);
+
+ if (oaParam == null)
+ throw new AuthenticationException("auth.00",
+ new Object[] { oaURL });
+
+
+ // get target and target friendly name from config
+ String targetConfig = oaParam.getTarget();
+ String targetFriendlyNameConfig = oaParam.getTargetFriendlyName();
+
+ if (StringUtils.isEmpty(targetConfig)) {
+ // no target attribut is given in OA config
+ // target is used from request
+ // check parameter
+ if (!ParamValidatorUtils.isValidTarget(target))
+ throw new WrongParametersException("StartAuthentication", PARAM_TARGET, "auth.12");
+
+ } else {
+ // use target from config
+ target = targetConfig;
+ targetFriendlyName = targetFriendlyNameConfig;
+ }
+
+
+// //check useSSO flag
+// String useSSOString = null;
+// boolean useSSOBoolean = false;
+// if ((sso != null) && (sso.compareTo("") != 0)) {
+// useSSOString = sso;
+// } else {
+// useSSOString = "false";
+// }
+ //
+// if (useSSOString.compareToIgnoreCase("true") == 0)
+// useSSOBoolean = true;
+// else
+// useSSOBoolean = false;
+
+ //moasession.setSsoRequested(useSSOBoolean);
+ moasession.setSsoRequested(true && oaParam.useSSO()); //make always SSO if OA requested it!!!!
+
+ //Validate BKU URI
+ if (!ParamValidatorUtils.isValidBKUURI(bkuURL, oaParam.getBKUURL()))
+ throw new WrongParametersException("StartAuthentication", PARAM_BKU, "auth.12");
+
+ if (!oaParam.getBusinessService()) {
+ if (isEmpty(target))
+ throw new WrongParametersException("StartAuthentication",
+ PARAM_TARGET, "auth.05");
+
+ } else {
+ if (useMandateBoolean) {
+ Logger.error("Online-Mandate Mode for bussines application not supported.");
+ throw new AuthenticationException("auth.17", null);
+ }
+ target = null;
+ targetFriendlyName = null;
+ }
+
+ moasession.setPublicOAURLPrefix(oaParam.getPublicURLPrefix());
+
+ moasession.setTarget(target);
+ moasession.setBusinessService(oaParam.getBusinessService());
+ moasession.setTargetFriendlyName(targetFriendlyName);
+ moasession.setDomainIdentifier(oaParam.getIdentityLinkDomainIdentifier());
+ }
+
+ //check OnlineApplicationURL
+ if (isEmpty(oaURL))
+ throw new WrongParametersException("StartAuthentication",
+ PARAM_OA, "auth.05");
+ moasession.setOAURLRequested(oaURL);
+
+ //check AuthURL
+ String authURL = req.getScheme() + "://" + req.getServerName();
+ if ((req.getScheme().equalsIgnoreCase("https") && req.getServerPort()!=443) || (req.getScheme().equalsIgnoreCase("http") && req.getServerPort()!=80)) {
+ authURL = authURL.concat(":" + req.getServerPort());
+ }
+ authURL = authURL.concat(req.getContextPath() + "/");
+
+ if (isEmpty(authURL))
+ throw new WrongParametersException("StartAuthentication",
+ "AuthURL", "auth.05");
+
+ // check if HTTP Connection may be allowed (through
+ // FRONTEND_SERVLETS_ENABLE_HTTP_CONNECTION_PROPERTY)
+ //INFO: removed from MOA-ID 2.0 Config
+// String boolStr = AuthConfigurationProvider
+// .getInstance()
+// .getGenericConfigurationParameter(
+// AuthConfigurationProvider.FRONTEND_SERVLETS_ENABLE_HTTP_CONNECTION_PROPERTY);
+
+ if ((!authURL.startsWith("https:"))
+// && (false == BoolUtils.valueOf(boolStr))
+ )
+ throw new AuthenticationException("auth.07",
+ new Object[] { authURL + "*" });
+
+ moasession.setAuthURL(authURL);
+
+ //check and set SourceID
+ if (oaParam.getSAML1Parameter() != null) {
+ String sourceID = oaParam.getSAML1Parameter().getSourceID();
+ if (MiscUtil.isNotEmpty(sourceID))
+ moasession.setSourceID(sourceID);
+ }
+
+ // BKU URL has not been set yet, even if session already exists
+ if (bkuURL == null) {
+ if (req.getScheme() != null && req.getScheme().equalsIgnoreCase("https")) {
+ bkuURL = DEFAULT_BKU_HTTPS;
+ } else {
+ bkuURL = DEFAULT_BKU;
+ }
+ }
+ moasession.setBkuURL(bkuURL);
+
+
+ if (!ParamValidatorUtils.isValidTemplate(req, templateURL, oaParam.getTemplateURL()))
+ throw new WrongParametersException("StartAuthentication", PARAM_TEMPLATE, "auth.12");
+ moasession.setTemplateURL(templateURL);
+
+ moasession.setCcc(ccc);
+
+ }
+
+ public static void parse(HttpServletRequest req, HttpServletResponse resp,
+ AuthenticationSession moasession, IRequest request) throws WrongParametersException, MOAIDException {
+
+
+ String modul = request.requestedModule();//req.getParameter(PARAM_MODUL);
+ String action = request.requestedAction();//req.getParameter(PARAM_ACTION);
+
+ modul = StringEscapeUtils.escapeHtml(modul);
+ action = StringEscapeUtils.escapeHtml(action);
+ if(modul == null) {
+ modul = SAML1Protocol.PATH;
+ }
+
+ if(action == null) {
+ action = SAML1Protocol.GETARTIFACT;
+ }
+ moasession.setModul(modul);
+ moasession.setAction(action);
+
+ //get Parameters from request
+ String target = req.getParameter(PARAM_TARGET);
+ String oaURL = req.getParameter(PARAM_OA);
+ String bkuURL = req.getParameter(PARAM_BKU);
+ String templateURL = req.getParameter(PARAM_TEMPLATE);
+ String useMandate = req.getParameter(PARAM_USEMANDATE);
+ String ccc = req.getParameter(PARAM_CCC);
+
+ oaURL = request.getOAURL();
+ target = request.getTarget();
+
+ parse(moasession, target, oaURL, bkuURL, templateURL, useMandate, ccc, modul, action, req);
+
+ }
+
+ /**
+ * Checks a parameter.
+ *
+ * @param param
+ * parameter
+ * @return true if the parameter is null or empty
+ */
+ private static boolean isEmpty(String param) {
+ return param == null || param.length() == 0;
+ }
+}
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/AuthServlet.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/AuthServlet.java
index 16041f8cb..022f21491 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/AuthServlet.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/AuthServlet.java
@@ -21,7 +21,6 @@
* that you distribute must include a readable copy of the "NOTICE" text file.
*/
-
package at.gv.egovernment.moa.id.auth.servlet;
import java.io.ByteArrayOutputStream;
@@ -47,228 +46,314 @@ import org.apache.commons.fileupload.disk.DiskFileItemFactory;
import org.apache.commons.fileupload.servlet.ServletFileUpload;
import at.gv.egovernment.moa.id.AuthenticationException;
-import at.gv.egovernment.moa.id.auth.AuthenticationServer;
import at.gv.egovernment.moa.id.auth.MOAIDAuthConstants;
import at.gv.egovernment.moa.id.auth.WrongParametersException;
-import at.gv.egovernment.moa.id.auth.builder.DataURLBuilder;
-import at.gv.egovernment.moa.id.auth.data.AuthenticationSession;
import at.gv.egovernment.moa.id.config.ConfigurationException;
import at.gv.egovernment.moa.id.config.auth.AuthConfigurationProvider;
+import at.gv.egovernment.moa.id.entrypoints.DispatcherServlet;
+import at.gv.egovernment.moa.id.storage.ExceptionStoreImpl;
+import at.gv.egovernment.moa.id.storage.IExceptionStore;
+import at.gv.egovernment.moa.id.util.ServletUtils;
import at.gv.egovernment.moa.logging.Logger;
import at.gv.egovernment.moa.util.BoolUtils;
import at.gv.egovernment.moa.util.URLDecoder;
-import at.gv.egovernment.moa.util.URLEncoder;
/**
- * Base class for MOA-ID Auth Servlets, providing standard error handling
- * and constant names.
+ * Base class for MOA-ID Auth Servlets, providing standard error handling and
+ * constant names.
*
* @author Paul Ivancsics
* @version $Id$
*/
public class AuthServlet extends HttpServlet implements MOAIDAuthConstants {
-
- /**
+ /**
*
*/
private static final long serialVersionUID = -6929905344382283738L;
-
-
+ protected static final String ERROR_CODE_PARAM = "errorid";
+
@Override
protected void doGet(HttpServletRequest req, HttpServletResponse resp)
- throws ServletException, IOException {
- Logger.debug("GET " + this.getServletName());
+ throws ServletException, IOException {
+ Logger.debug("GET " + this.getServletName());
this.setNoCachingHeadersInHttpRespone(req, resp);
-}
-/**
- * Handles an error. <br>>
- * <ul>
- * <li>Logs the error</li>
- * <li>Places error message and exception thrown into the request
- * as request attributes (to be used by <code>"/errorpage-auth.jsp"</code>)</li>
- * <li>Sets HTTP status 500 (internal server error)</li>
- * </ul>
- *
- * @param errorMessage error message
- * @param exceptionThrown exception thrown
- * @param req servlet request
- * @param resp servlet response
- */
- protected void handleError(
- String errorMessage, Throwable exceptionThrown, HttpServletRequest req, HttpServletResponse resp) {
+ }
-
- if(null != errorMessage) {
+ protected void handleErrorNoRedirect(String errorMessage, Throwable exceptionThrown,
+ HttpServletRequest req, HttpServletResponse resp) {
+
+ if (null != errorMessage) {
Logger.error(errorMessage);
- req.setAttribute("ErrorMessage", errorMessage );
+ req.setAttribute("ErrorMessage", errorMessage);
}
-
-
+
if (null != exceptionThrown) {
- if(null == errorMessage) errorMessage = exceptionThrown.getMessage();
+ if (null == errorMessage)
+ errorMessage = exceptionThrown.getMessage();
Logger.error(errorMessage, exceptionThrown);
req.setAttribute("ExceptionThrown", exceptionThrown);
}
-
+
if (Logger.isDebugEnabled()) {
- req.setAttribute("LogLevel", "debug");
+ req.setAttribute("LogLevel", "debug");
}
-
- //forward this to errorpage-auth.jsp where the HTML error page is generated
+
+ // forward this to errorpage-auth.jsp where the HTML error page is
+ // generated
ServletContext context = getServletContext();
- RequestDispatcher dispatcher = context.getRequestDispatcher("/errorpage-auth.jsp");
- try {
-
- resp.setHeader(MOAIDAuthConstants.HEADER_EXPIRES,MOAIDAuthConstants.HEADER_VALUE_EXPIRES);
- resp.setHeader(MOAIDAuthConstants.HEADER_PRAGMA,MOAIDAuthConstants.HEADER_VALUE_PRAGMA);
- resp.setHeader(MOAIDAuthConstants.HEADER_CACHE_CONTROL,MOAIDAuthConstants.HEADER_VALUE_CACHE_CONTROL);
- resp.addHeader(MOAIDAuthConstants.HEADER_CACHE_CONTROL,MOAIDAuthConstants.HEADER_VALUE_CACHE_CONTROL_IE);
-
- dispatcher.forward(req, resp);
- } catch (ServletException e) {
- Logger.error(e);
- } catch (IOException e) {
+ RequestDispatcher dispatcher = context
+ .getRequestDispatcher("/errorpage-auth.jsp");
+ try {
+
+ resp.setHeader(MOAIDAuthConstants.HEADER_EXPIRES,
+ MOAIDAuthConstants.HEADER_VALUE_EXPIRES);
+ resp.setHeader(MOAIDAuthConstants.HEADER_PRAGMA,
+ MOAIDAuthConstants.HEADER_VALUE_PRAGMA);
+ resp.setHeader(MOAIDAuthConstants.HEADER_CACHE_CONTROL,
+ MOAIDAuthConstants.HEADER_VALUE_CACHE_CONTROL);
+ resp.addHeader(MOAIDAuthConstants.HEADER_CACHE_CONTROL,
+ MOAIDAuthConstants.HEADER_VALUE_CACHE_CONTROL_IE);
+
+ dispatcher.forward(req, resp);
+ } catch (ServletException e) {
Logger.error(e);
- }
-
+ } catch (IOException e) {
+ Logger.error(e);
+ }
}
- /**
- * Handles a <code>WrongParametersException</code>.
- * @param req servlet request
- * @param resp servlet response
- */
- protected void handleWrongParameters(WrongParametersException ex, HttpServletRequest req, HttpServletResponse resp) {
- Logger.error(ex.toString());
- req.setAttribute("WrongParameters", ex.getMessage());
-
- // forward this to errorpage-auth.jsp where the HTML error page is generated
- ServletContext context = getServletContext();
- RequestDispatcher dispatcher = context.getRequestDispatcher("/errorpage-auth.jsp");
- try {
- resp.setHeader(MOAIDAuthConstants.HEADER_EXPIRES,MOAIDAuthConstants.HEADER_VALUE_EXPIRES);
- resp.setHeader(MOAIDAuthConstants.HEADER_PRAGMA,MOAIDAuthConstants.HEADER_VALUE_PRAGMA);
- resp.setHeader(MOAIDAuthConstants.HEADER_CACHE_CONTROL,MOAIDAuthConstants.HEADER_VALUE_CACHE_CONTROL);
- resp.addHeader(MOAIDAuthConstants.HEADER_CACHE_CONTROL,MOAIDAuthConstants.HEADER_VALUE_CACHE_CONTROL_IE);
+
+ /**
+ * Handles an error. <br>>
+ * <ul>
+ * <li>Logs the error</li>
+ * <li>Places error message and exception thrown into the request as request
+ * attributes (to be used by <code>"/errorpage-auth.jsp"</code>)</li>
+ * <li>Sets HTTP status 500 (internal server error)</li>
+ * </ul>
+ *
+ * @param errorMessage
+ * error message
+ * @param exceptionThrown
+ * exception thrown
+ * @param req
+ * servlet request
+ * @param resp
+ * servlet response
+ */
+ protected void handleError(String errorMessage, Throwable exceptionThrown,
+ HttpServletRequest req, HttpServletResponse resp, String pendingRequestID) {
+
+ if (null != errorMessage) {
+ Logger.error(errorMessage);
+ req.setAttribute("ErrorMessage", errorMessage);
+ }
+
+ if (null != exceptionThrown) {
+ if (null == errorMessage)
+ errorMessage = exceptionThrown.getMessage();
+ Logger.error(errorMessage, exceptionThrown);
+ req.setAttribute("ExceptionThrown", exceptionThrown);
+ }
+
+ if (Logger.isDebugEnabled()) {
+ req.setAttribute("LogLevel", "debug");
+ }
+
+ IExceptionStore store = ExceptionStoreImpl.getStore();
+ String id = store.storeException(exceptionThrown);
+
+ String redirectURL = null;
+
+ redirectURL = ServletUtils.getBaseUrl(req);
+ redirectURL += "/dispatcher?" + ERROR_CODE_PARAM + "=" + id
+ + "&" + DispatcherServlet.PARAM_TARGET_PENDINGREQUESTID + "=" + pendingRequestID;
- dispatcher.forward(req, resp);
- } catch (ServletException e) {
- Logger.error(e);
- } catch (IOException e) {
- Logger.error(e);
- }
- }
-
- /**
- * Logs all servlet parameters for debugging purposes.
- */
- protected void logParameters(HttpServletRequest req) {
- for (Enumeration params = req.getParameterNames(); params.hasMoreElements(); ) {
- String parname = (String)params.nextElement();
- Logger.debug("Parameter " + parname + req.getParameter(parname));
- }
- }
-
- /**
- * Parses the request input stream for parameters, assuming parameters are encoded UTF-8
- * (no standard exists how browsers should encode them).
- *
- * @param req servlet request
- *
- * @return mapping parameter name -> value
- *
- * @throws IOException if parsing request parameters fails.
- *
- * @throws FileUploadException if parsing request parameters fails.
- */
- protected Map getParameters(HttpServletRequest req)
- throws IOException, FileUploadException {
-
- Map parameters = new HashMap();
-
-
- if (ServletFileUpload.isMultipartContent(req))
- {
- // request is encoded as mulitpart/form-data
- FileItemFactory factory = new DiskFileItemFactory();
- ServletFileUpload upload = null;
- upload = new ServletFileUpload(factory);
- List items = null;
- items = upload.parseRequest(req);
- for (int i = 0; i < items.size(); i++)
- {
- FileItem item = (FileItem) items.get(i);
- if (item.isFormField())
- {
- // Process only form fields - no file upload items
- String logString = item.getString("UTF-8");
-
- // TODO use RegExp
- String startS = "<pr:Identification><pr:Value>";
- String endS = "</pr:Value><pr:Type>urn:publicid:gv.at:baseid</pr:Type>";
- String logWithMaskedBaseid = logString;
- int start = logString.indexOf(startS);
- if (start > -1) {
- int end = logString.indexOf(endS);
- if (end > -1) {
- logWithMaskedBaseid = logString.substring(0, start);
- logWithMaskedBaseid += startS;
- logWithMaskedBaseid += "xxxxxxxxxxxxxxxxxxxxxxxx";
- logWithMaskedBaseid += logString.substring(end, logString.length());
- }
- }
- parameters.put(item.getFieldName(), item.getString("UTF-8"));
- Logger.debug("Processed multipart/form-data request parameter: \nName: " +
- item.getFieldName() + "\nValue: " +
- logWithMaskedBaseid);
- }
- }
- }
-
- else
- {
- // request is encoded as application/x-www-urlencoded
- InputStream in = req.getInputStream();
-
- String paramName;
- String paramValueURLEncoded;
- do {
- paramName = new String(readBytesUpTo(in, '='));
- if (paramName.length() > 0) {
- paramValueURLEncoded = readBytesUpTo(in, '&');
- String paramValue = URLDecoder.decode(paramValueURLEncoded, "UTF-8");
- parameters.put(paramName, paramValue);
- }
- }
- while (paramName.length() > 0);
- in.close();
- }
-
- return parameters;
- }
-
- /**
- * Reads bytes up to a delimiter, consuming the delimiter.
- * @param in input stream
- * @param delimiter delimiter character
- * @return String constructed from the read bytes
- * @throws IOException
- */
- protected String readBytesUpTo(InputStream in, char delimiter) throws IOException {
- ByteArrayOutputStream bout = new ByteArrayOutputStream();
- boolean done = false;
- int b;
- while (! done && (b = in.read()) >= 0) {
- if (b == delimiter)
- done = true;
- else
- bout.write(b);
- }
- return bout.toString();
- }
+ resp.setContentType("text/html");
+ resp.setStatus(302);
+ resp.addHeader("Location", redirectURL);
+ Logger.debug("REDIRECT TO: " + redirectURL);
+
+ return;
+ /*
+ // forward this to errorpage-auth.jsp where the HTML error page is
+ // generated
+ ServletContext context = getServletContext();
+ RequestDispatcher dispatcher = context
+ .getRequestDispatcher("/errorpage-auth.jsp");
+ try {
+
+ resp.setHeader(MOAIDAuthConstants.HEADER_EXPIRES,
+ MOAIDAuthConstants.HEADER_VALUE_EXPIRES);
+ resp.setHeader(MOAIDAuthConstants.HEADER_PRAGMA,
+ MOAIDAuthConstants.HEADER_VALUE_PRAGMA);
+ resp.setHeader(MOAIDAuthConstants.HEADER_CACHE_CONTROL,
+ MOAIDAuthConstants.HEADER_VALUE_CACHE_CONTROL);
+ resp.addHeader(MOAIDAuthConstants.HEADER_CACHE_CONTROL,
+ MOAIDAuthConstants.HEADER_VALUE_CACHE_CONTROL_IE);
+
+ dispatcher.forward(req, resp);
+ } catch (ServletException e) {
+ Logger.error(e);
+ } catch (IOException e) {
+ Logger.error(e);
+ }
+ */
+ }
+
+ /**
+ * Handles a <code>WrongParametersException</code>.
+ *
+ * @param req
+ * servlet request
+ * @param resp
+ * servlet response
+ */
+ protected void handleWrongParameters(WrongParametersException ex,
+ HttpServletRequest req, HttpServletResponse resp) {
+ Logger.error(ex.toString());
+ req.setAttribute("WrongParameters", ex.getMessage());
+
+ // forward this to errorpage-auth.jsp where the HTML error page is
+ // generated
+ ServletContext context = getServletContext();
+ RequestDispatcher dispatcher = context
+ .getRequestDispatcher("/errorpage-auth.jsp");
+ try {
+ resp.setHeader(MOAIDAuthConstants.HEADER_EXPIRES,
+ MOAIDAuthConstants.HEADER_VALUE_EXPIRES);
+ resp.setHeader(MOAIDAuthConstants.HEADER_PRAGMA,
+ MOAIDAuthConstants.HEADER_VALUE_PRAGMA);
+ resp.setHeader(MOAIDAuthConstants.HEADER_CACHE_CONTROL,
+ MOAIDAuthConstants.HEADER_VALUE_CACHE_CONTROL);
+ resp.addHeader(MOAIDAuthConstants.HEADER_CACHE_CONTROL,
+ MOAIDAuthConstants.HEADER_VALUE_CACHE_CONTROL_IE);
+
+ dispatcher.forward(req, resp);
+ } catch (ServletException e) {
+ Logger.error(e);
+ } catch (IOException e) {
+ Logger.error(e);
+ }
+ }
+
+ /**
+ * Logs all servlet parameters for debugging purposes.
+ */
+ protected void logParameters(HttpServletRequest req) {
+ for (Enumeration params = req.getParameterNames(); params
+ .hasMoreElements();) {
+ String parname = (String) params.nextElement();
+ Logger.debug("Parameter " + parname + req.getParameter(parname));
+ }
+ }
+
+ /**
+ * Parses the request input stream for parameters, assuming parameters are
+ * encoded UTF-8 (no standard exists how browsers should encode them).
+ *
+ * @param req
+ * servlet request
+ *
+ * @return mapping parameter name -> value
+ *
+ * @throws IOException
+ * if parsing request parameters fails.
+ *
+ * @throws FileUploadException
+ * if parsing request parameters fails.
+ */
+ protected Map getParameters(HttpServletRequest req) throws IOException,
+ FileUploadException {
+
+ Map parameters = new HashMap();
+
+ if (ServletFileUpload.isMultipartContent(req)) {
+ // request is encoded as mulitpart/form-data
+ FileItemFactory factory = new DiskFileItemFactory();
+ ServletFileUpload upload = null;
+ upload = new ServletFileUpload(factory);
+ List items = null;
+ items = upload.parseRequest(req);
+ for (int i = 0; i < items.size(); i++) {
+ FileItem item = (FileItem) items.get(i);
+ if (item.isFormField()) {
+ // Process only form fields - no file upload items
+ String logString = item.getString("UTF-8");
+
+ // TODO use RegExp
+ String startS = "<pr:Identification><pr:Value>";
+ String endS = "</pr:Value><pr:Type>urn:publicid:gv.at:baseid</pr:Type>";
+ String logWithMaskedBaseid = logString;
+ int start = logString.indexOf(startS);
+ if (start > -1) {
+ int end = logString.indexOf(endS);
+ if (end > -1) {
+ logWithMaskedBaseid = logString.substring(0, start);
+ logWithMaskedBaseid += startS;
+ logWithMaskedBaseid += "xxxxxxxxxxxxxxxxxxxxxxxx";
+ logWithMaskedBaseid += logString.substring(end,
+ logString.length());
+ }
+ }
+ parameters
+ .put(item.getFieldName(), item.getString("UTF-8"));
+ Logger.debug("Processed multipart/form-data request parameter: \nName: "
+ + item.getFieldName()
+ + "\nValue: "
+ + logWithMaskedBaseid);
+ }
+ }
+ }
+
+ else {
+ // request is encoded as application/x-www-urlencoded
+ InputStream in = req.getInputStream();
+
+ String paramName;
+ String paramValueURLEncoded;
+ do {
+ paramName = new String(readBytesUpTo(in, '='));
+ if (paramName.length() > 0) {
+ paramValueURLEncoded = readBytesUpTo(in, '&');
+ String paramValue = URLDecoder.decode(paramValueURLEncoded,
+ "UTF-8");
+ parameters.put(paramName, paramValue);
+ }
+ } while (paramName.length() > 0);
+ in.close();
+ }
+
+ return parameters;
+ }
+
+ /**
+ * Reads bytes up to a delimiter, consuming the delimiter.
+ *
+ * @param in
+ * input stream
+ * @param delimiter
+ * delimiter character
+ * @return String constructed from the read bytes
+ * @throws IOException
+ */
+ protected String readBytesUpTo(InputStream in, char delimiter)
+ throws IOException {
+ ByteArrayOutputStream bout = new ByteArrayOutputStream();
+ boolean done = false;
+ int b;
+ while (!done && (b = in.read()) >= 0) {
+ if (b == delimiter)
+ done = true;
+ else
+ bout.write(b);
+ }
+ return bout.toString();
+ }
+
/**
* Calls the web application initializer.
*
@@ -277,51 +362,73 @@ public class AuthServlet extends HttpServlet implements MOAIDAuthConstants {
public void init(ServletConfig servletConfig) throws ServletException {
super.init(servletConfig);
}
-
+
/**
* Set response headers to avoid caching
- * @param request HttpServletRequest
- * @param response HttpServletResponse
+ *
+ * @param request
+ * HttpServletRequest
+ * @param response
+ * HttpServletResponse
*/
- protected void setNoCachingHeadersInHttpRespone(HttpServletRequest request, HttpServletResponse response) {
- response.setHeader(MOAIDAuthConstants.HEADER_EXPIRES,MOAIDAuthConstants.HEADER_VALUE_EXPIRES);
- response.setHeader(MOAIDAuthConstants.HEADER_PRAGMA,MOAIDAuthConstants.HEADER_VALUE_PRAGMA);
- response.setHeader(MOAIDAuthConstants.HEADER_CACHE_CONTROL,MOAIDAuthConstants.HEADER_VALUE_CACHE_CONTROL);
- response.addHeader(MOAIDAuthConstants.HEADER_CACHE_CONTROL,MOAIDAuthConstants.HEADER_VALUE_CACHE_CONTROL_IE);
-
+ protected void setNoCachingHeadersInHttpRespone(HttpServletRequest request,
+ HttpServletResponse response) {
+ response.setHeader(MOAIDAuthConstants.HEADER_EXPIRES,
+ MOAIDAuthConstants.HEADER_VALUE_EXPIRES);
+ response.setHeader(MOAIDAuthConstants.HEADER_PRAGMA,
+ MOAIDAuthConstants.HEADER_VALUE_PRAGMA);
+ response.setHeader(MOAIDAuthConstants.HEADER_CACHE_CONTROL,
+ MOAIDAuthConstants.HEADER_VALUE_CACHE_CONTROL);
+ response.addHeader(MOAIDAuthConstants.HEADER_CACHE_CONTROL,
+ MOAIDAuthConstants.HEADER_VALUE_CACHE_CONTROL_IE);
+
}
-
+
/**
- * Adds a parameter to a URL.
- * @param url the URL
- * @param paramname parameter name
- * @param paramvalue parameter value
- * @return the URL with parameter added
- */
- protected static String addURLParameter(String url, String paramname, String paramvalue) {
- String param = paramname + "=" + paramvalue;
- if (url.indexOf("?") < 0)
- return url + "?" + param;
- else
- return url + "&" + param;
- }
-
- /**
- * Checks if HTTP requests are allowed
- * @param authURL requestURL
- * @throws AuthenticationException if HTTP requests are not allowed
- * @throws ConfigurationException
- */
- protected void checkIfHTTPisAllowed(String authURL) throws AuthenticationException, ConfigurationException {
+ * Adds a parameter to a URL.
+ *
+ * @param url
+ * the URL
+ * @param paramname
+ * parameter name
+ * @param paramvalue
+ * parameter value
+ * @return the URL with parameter added
+ */
+ protected static String addURLParameter(String url, String paramname,
+ String paramvalue) {
+ String param = paramname + "=" + paramvalue;
+ if (url.indexOf("?") < 0)
+ return url + "?" + param;
+ else
+ return url + "&" + param;
+ }
+
+ /**
+ * Checks if HTTP requests are allowed
+ *
+ * @param authURL
+ * requestURL
+ * @throws AuthenticationException
+ * if HTTP requests are not allowed
+ * @throws ConfigurationException
+ */
+ protected void checkIfHTTPisAllowed(String authURL)
+ throws AuthenticationException, ConfigurationException {
// check if HTTP Connection may be allowed (through
- // FRONTEND_SERVLETS_ENABLE_HTTP_CONNECTION_PROPERTY)
- String boolStr = AuthConfigurationProvider.getInstance().getGenericConfigurationParameter(
- AuthConfigurationProvider.FRONTEND_SERVLETS_ENABLE_HTTP_CONNECTION_PROPERTY);
- if ((!authURL.startsWith("https:"))
- && (false == BoolUtils.valueOf(boolStr)))
- throw new AuthenticationException("auth.07",
- new Object[] { authURL + "*" });
-
- }
+ // FRONTEND_SERVLETS_ENABLE_HTTP_CONNECTION_PROPERTY)
+
+ //Removed from MOA-ID 2.0 config
+// String boolStr = AuthConfigurationProvider
+// .getInstance()
+// .getGenericConfigurationParameter(
+// AuthConfigurationProvider.FRONTEND_SERVLETS_ENABLE_HTTP_CONNECTION_PROPERTY);
+ if ((!authURL.startsWith("https:"))
+ //&& (false == BoolUtils.valueOf(boolStr))
+ )
+ throw new AuthenticationException("auth.07", new Object[] { authURL
+ + "*" });
+
+ }
}
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/GenerateIFrameTemplateServlet.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/GenerateIFrameTemplateServlet.java
new file mode 100644
index 000000000..d4484a97c
--- /dev/null
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/GenerateIFrameTemplateServlet.java
@@ -0,0 +1,147 @@
+package at.gv.egovernment.moa.id.auth.servlet;
+
+import java.io.IOException;
+import java.io.PrintWriter;
+import java.util.Arrays;
+import java.util.List;
+
+import javax.servlet.ServletConfig;
+import javax.servlet.ServletException;
+import javax.servlet.http.HttpServletRequest;
+import javax.servlet.http.HttpServletResponse;
+import javax.servlet.http.HttpSession;
+
+import org.apache.commons.lang.StringEscapeUtils;
+import org.bouncycastle.asn1.x509.Target;
+
+import com.trilead.ssh2.Session;
+
+import at.gv.egovernment.moa.id.AuthenticationException;
+import at.gv.egovernment.moa.id.MOAIDException;
+import at.gv.egovernment.moa.id.auth.MOAIDAuthInitializer;
+import at.gv.egovernment.moa.id.auth.WrongParametersException;
+import at.gv.egovernment.moa.id.auth.builder.StartAuthenticationBuilder;
+import at.gv.egovernment.moa.id.auth.data.AuthenticationSession;
+import at.gv.egovernment.moa.id.auth.parser.StartAuthentificationParameterParser;
+import at.gv.egovernment.moa.id.commons.db.ConfigurationDBUtils;
+import at.gv.egovernment.moa.id.commons.db.ex.MOADatabaseException;
+import at.gv.egovernment.moa.id.config.auth.AuthConfigurationProvider;
+import at.gv.egovernment.moa.id.config.auth.OAAuthParameter;
+import at.gv.egovernment.moa.id.moduls.AuthenticationManager;
+import at.gv.egovernment.moa.id.storage.AuthenticationSessionStoreage;
+import at.gv.egovernment.moa.id.util.MOAIDMessageProvider;
+import at.gv.egovernment.moa.logging.Logger;
+import at.gv.egovernment.moa.util.StringUtils;
+
+public class GenerateIFrameTemplateServlet extends AuthServlet {
+
+ private static final long serialVersionUID = 1L;
+
+ public void init(ServletConfig servletConfig) throws ServletException {
+ try {
+ super.init(servletConfig);
+ MOAIDAuthInitializer.initialize();
+ Logger.debug("default platform file.encoding: " + System.getProperty("file.encoding"));
+ Logger.info(MOAIDMessageProvider.getInstance().getMessage("init.00", null));
+ }
+ catch (Exception ex) {
+ Logger.fatal(MOAIDMessageProvider.getInstance().getMessage("init.02", null), ex);
+ throw new ServletException(ex);
+ }
+ }
+
+ protected void doGet(HttpServletRequest req, HttpServletResponse resp)
+ throws ServletException, IOException {
+ Logger.info("Receive " + GenerateIFrameTemplateServlet.class + " Request");
+
+ String pendingRequestID = null;
+
+ try {
+ String bkuid = req.getParameter(PARAM_BKU);
+ String useMandate = req.getParameter(PARAM_USEMANDATE);
+ String ccc = req.getParameter(PARAM_CCC);
+ String moasessionid = req.getParameter(PARAM_SESSIONID);
+
+ AuthenticationSession moasession = null;
+
+ try {
+ //moasessionid = (String) req.getSession().getAttribute(AuthenticationManager.MOA_SESSION);
+
+ pendingRequestID = AuthenticationSessionStoreage.getPendingRequestID(moasessionid);
+
+ moasession = AuthenticationSessionStoreage.getSession(moasessionid);
+
+ String newmoasessionid = AuthenticationSessionStoreage.changeSessionID(moasession);
+
+ } catch (MOADatabaseException e) {
+ Logger.info("MOASession with SessionID="+ moasessionid + " is not found in Database");
+ throw new MOAIDException("init.04", new Object[] {
+ moasessionid});
+
+ } catch (Throwable e) {
+ Logger.info("No HTTP Session found!");
+ throw new MOAIDException("auth.18", new Object[] {});
+ }
+
+ //load OA Config
+ OAAuthParameter oaParam = AuthConfigurationProvider.getInstance()
+ .getOnlineApplicationParameter(moasession.getOAURLRequested());
+
+ if (oaParam == null)
+ throw new AuthenticationException("auth.00", new Object[] { moasession.getOAURLRequested() });
+
+ else {
+
+ //load Parameters from config
+ String target = oaParam.getTarget();
+
+ String bkuURL = oaParam.getBKUURL(bkuid);
+ String templateURL = AuthConfigurationProvider.getInstance().getSLRequestTemplates(bkuid);
+
+ //parse all OA parameters i
+ StartAuthentificationParameterParser.parse(moasession,
+ target,
+ moasession.getOAURLRequested(),
+ bkuURL,
+ templateURL,
+ useMandate,
+ ccc,
+ moasession.getModul(),
+ moasession.getAction(),
+ req);
+ }
+
+ StartAuthenticationBuilder startauth = StartAuthenticationBuilder.getInstance();
+ String getIdentityLinkForm = startauth.build(moasession, req, resp);
+
+ //store MOASession
+ try {
+ AuthenticationSessionStoreage.storeSession(moasession);
+
+ } catch (MOADatabaseException e) {
+ Logger.error("Database Error! MOASession is not stored!");
+ throw new MOAIDException("init.04", new Object[] {
+ moasession.getSessionID()});
+ }
+
+ if (!StringUtils.isEmpty(getIdentityLinkForm)) {
+ resp.setContentType("text/html;charset=UTF-8");
+ PrintWriter out = new PrintWriter(resp.getOutputStream());
+ out.print(getIdentityLinkForm);
+ out.flush();
+ Logger.debug("Finished GET "+GenerateIFrameTemplateServlet.class);
+ }
+ }
+ catch (WrongParametersException ex) {
+ handleWrongParameters(ex, req, resp);
+ }
+
+ catch (MOAIDException ex) {
+ handleError(null, ex, req, resp, pendingRequestID);
+ }
+
+ finally {
+ ConfigurationDBUtils.closeSession();
+ }
+ }
+}
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/GetForeignIDServlet.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/GetForeignIDServlet.java
index 6516e64b7..02c751a0a 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/GetForeignIDServlet.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/GetForeignIDServlet.java
@@ -49,10 +49,12 @@ import at.gv.egovernment.moa.id.auth.parser.CreateXMLSignatureResponseParser;
import at.gv.egovernment.moa.id.auth.parser.IdentityLinkAssertionParser;
import at.gv.egovernment.moa.id.auth.validator.parep.client.szrgw.CreateIdentityLinkResponse;
import at.gv.egovernment.moa.id.auth.validator.parep.client.szrgw.SZRGWClientException;
+import at.gv.egovernment.moa.id.commons.db.ex.MOADatabaseException;
+import at.gv.egovernment.moa.id.moduls.ModulUtils;
+import at.gv.egovernment.moa.id.storage.AuthenticationSessionStoreage;
import at.gv.egovernment.moa.id.util.ParamValidatorUtils;
import at.gv.egovernment.moa.logging.Logger;
import at.gv.egovernment.moa.util.DOMUtils;
-import at.gv.egovernment.moa.util.URLEncoder;
/**
* Servlet requested for getting the foreign eID
@@ -112,7 +114,10 @@ public class GetForeignIDServlet extends AuthServlet {
resp.setHeader(MOAIDAuthConstants.HEADER_CACHE_CONTROL,MOAIDAuthConstants.HEADER_VALUE_CACHE_CONTROL);
resp.addHeader(MOAIDAuthConstants.HEADER_CACHE_CONTROL,MOAIDAuthConstants.HEADER_VALUE_CACHE_CONTROL_IE);
- Map parameters;
+ Map parameters;
+
+ String pendingRequestID = null;
+
try
{
parameters = getParameters(req);
@@ -121,7 +126,8 @@ public class GetForeignIDServlet extends AuthServlet {
Logger.error("Parsing mulitpart/form-data request parameters failed: " + e.getMessage());
throw new IOException(e.getMessage());
}
- String sessionID = req.getParameter(PARAM_SESSIONID);
+ String sessionID = req.getParameter(PARAM_SESSIONID);
+ pendingRequestID = AuthenticationSessionStoreage.getPendingRequestID(sessionID);
// escape parameter strings
sessionID = StringEscapeUtils.escapeHtml(sessionID);
@@ -177,18 +183,38 @@ public class GetForeignIDServlet extends AuthServlet {
session.setIdentityLink(identitylink);
String samlArtifactBase64 =
- AuthenticationServer.getInstance().getForeignAuthenticationData(sessionID);
+ AuthenticationServer.getInstance().getForeignAuthenticationData(session);
+
+
+ //session is implicit stored in changeSessionID!!!!
+ String newMOASessionID = AuthenticationSessionStoreage.changeSessionID(session);
+
+ Logger.info("Changed MOASession " + sessionID + " to Session " + newMOASessionID);
+ Logger.info("Daten angelegt zu MOASession " + newMOASessionID);
+
if (!samlArtifactBase64.equals("Redirect to Input Processor")) {
- redirectURL = session.getOAURLRequested();
+ /*redirectURL = session.getOAURLRequested();
if (!session.getBusinessService()) {
redirectURL = addURLParameter(redirectURL, PARAM_TARGET, URLEncoder.encode(session.getTarget(), "UTF-8"));
}
redirectURL = addURLParameter(redirectURL, PARAM_SAMLARTIFACT, URLEncoder.encode(samlArtifactBase64, "UTF-8"));
+ redirectURL = resp.encodeRedirectURL(redirectURL);*/
+
+ redirectURL = new DataURLBuilder().buildDataURL(session.getAuthURL(),
+ ModulUtils.buildAuthURL(session.getModul(), session.getAction(), pendingRequestID), newMOASessionID);
redirectURL = resp.encodeRedirectURL(redirectURL);
- } else {
- redirectURL = new DataURLBuilder().buildDataURL(session.getAuthURL(), AuthenticationServer.REQ_PROCESS_VALIDATOR_INPUT, session.getSessionID());
+ } else {
+ redirectURL = new DataURLBuilder().buildDataURL(session.getAuthURL(), AuthenticationServer.REQ_PROCESS_VALIDATOR_INPUT, newMOASessionID);
+
}
+
+ try {
+ AuthenticationSessionStoreage.storeSession(session);
+ } catch (MOADatabaseException e) {
+ throw new MOAIDException("Session store error", null);
+ }
+
resp.setContentType("text/html");
resp.setStatus(302);
@@ -198,10 +224,10 @@ public class GetForeignIDServlet extends AuthServlet {
}
catch (MOAIDException ex) {
- handleError(null, ex, req, resp);
+ handleError(null, ex, req, resp, pendingRequestID);
}
catch (SZRGWClientException ex) {
- handleError(null, ex, req, resp);
+ handleError(null, ex, req, resp, pendingRequestID);
}
}
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/GetMISSessionIDServlet.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/GetMISSessionIDServlet.java
index 04fbc0588..e461197e2 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/GetMISSessionIDServlet.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/GetMISSessionIDServlet.java
@@ -21,9 +21,8 @@
* that you distribute must include a readable copy of the "NOTICE" text file.
*/
+package at.gv.egovernment.moa.id.auth.servlet;
-package at.gv.egovernment.moa.id.auth.servlet;
-
import iaik.pki.PKIException;
import java.io.IOException;
@@ -41,6 +40,7 @@ import org.apache.commons.lang.StringEscapeUtils;
import org.w3c.dom.Element;
import org.xml.sax.SAXException;
+import at.gv.egovernment.moa.id.AuthenticationException;
import at.gv.egovernment.moa.id.MOAIDException;
import at.gv.egovernment.moa.id.auth.AuthenticationServer;
import at.gv.egovernment.moa.id.auth.MOAIDAuthConstants;
@@ -48,8 +48,11 @@ import at.gv.egovernment.moa.id.auth.WrongParametersException;
import at.gv.egovernment.moa.id.auth.builder.BPKBuilder;
import at.gv.egovernment.moa.id.auth.builder.DataURLBuilder;
import at.gv.egovernment.moa.id.auth.data.AuthenticationSession;
+import at.gv.egovernment.moa.id.commons.db.ConfigurationDBUtils;
import at.gv.egovernment.moa.id.config.ConnectionParameter;
import at.gv.egovernment.moa.id.config.auth.AuthConfigurationProvider;
+import at.gv.egovernment.moa.id.moduls.ModulUtils;
+import at.gv.egovernment.moa.id.storage.AuthenticationSessionStoreage;
import at.gv.egovernment.moa.id.util.ParamValidatorUtils;
import at.gv.egovernment.moa.id.util.SSLUtils;
import at.gv.egovernment.moa.id.util.client.mis.simple.MISMandate;
@@ -58,160 +61,181 @@ import at.gv.egovernment.moa.id.util.client.mis.simple.MISSimpleClientException;
import at.gv.egovernment.moa.logging.Logger;
import at.gv.egovernment.moa.util.DOMUtils;
import at.gv.egovernment.moa.util.URLEncoder;
-
-/**
- * Servlet requested for getting the foreign eID
- * provided by the security layer implementation.
- * Utilizes the {@link AuthenticationServer}.
- *
- */
-public class GetMISSessionIDServlet extends AuthServlet {
-
- /**
+
+/**
+ * Servlet requested for getting the foreign eID provided by the security layer
+ * implementation. Utilizes the {@link AuthenticationServer}.
+ *
+ */
+public class GetMISSessionIDServlet extends AuthServlet {
+
+ /**
*
*/
private static final long serialVersionUID = 4666952867085392597L;
-/**
- * Constructor for GetMISSessionIDServlet.
- */
- public GetMISSessionIDServlet() {
- super();
- }
-
- /**
- * GET requested by security layer implementation to verify
- * that data URL resource is available.
- * @see javax.servlet.http.HttpServlet#doGet(HttpServletRequest, HttpServletResponse)
- */
- protected void doGet(HttpServletRequest req, HttpServletResponse resp)
- throws ServletException, IOException {
-
- doPost(req, resp);
-
-// Logger.debug("GET GetMISSessionIDServlet");
-//
-// resp.setHeader(MOAIDAuthConstants.HEADER_EXPIRES,MOAIDAuthConstants.HEADER_VALUE_EXPIRES);
-// resp.setHeader(MOAIDAuthConstants.HEADER_PRAGMA,MOAIDAuthConstants.HEADER_VALUE_PRAGMA);
-// resp.setHeader(MOAIDAuthConstants.HEADER_CACHE_CONTROL,MOAIDAuthConstants.HEADER_VALUE_CACHE_CONTROL);
-// resp.addHeader(MOAIDAuthConstants.HEADER_CACHE_CONTROL,MOAIDAuthConstants.HEADER_VALUE_CACHE_CONTROL_IE);
- }
-
- /**
- * Gets the signer certificate from the InfoboxReadRequest and
- * responds with a new
- * <code>CreateXMLSignatureRequest</code>.
- * <br>
- * Request parameters:
- * <ul>
- * <li>MOASessionID: ID of associated authentication session</li>
- * <li>XMLResponse: <code>&lt;InfoboxReadResponse&gt;</code></li>
- * </ul>
- * @see javax.servlet.http.HttpServlet#doPost(HttpServletRequest, HttpServletResponse)
- */
- protected void doPost(HttpServletRequest req, HttpServletResponse resp)
- throws ServletException, IOException {
-
- Logger.debug("POST GetMISSessionIDServlet");
-
- resp.setHeader(MOAIDAuthConstants.HEADER_EXPIRES,MOAIDAuthConstants.HEADER_VALUE_EXPIRES);
- resp.setHeader(MOAIDAuthConstants.HEADER_PRAGMA,MOAIDAuthConstants.HEADER_VALUE_PRAGMA);
- resp.setHeader(MOAIDAuthConstants.HEADER_CACHE_CONTROL,MOAIDAuthConstants.HEADER_VALUE_CACHE_CONTROL);
- resp.addHeader(MOAIDAuthConstants.HEADER_CACHE_CONTROL,MOAIDAuthConstants.HEADER_VALUE_CACHE_CONTROL_IE);
-
-// Map parameters;
-// try
-// {
-// parameters = getParameters(req);
-// } catch (FileUploadException e)
-// {
-// Logger.error("Parsing mulitpart/form-data request parameters failed: " + e.getMessage());
-// throw new IOException(e.getMessage());
-// }
-
- String sessionID = req.getParameter(PARAM_SESSIONID);
-
- // escape parameter strings
- sessionID = StringEscapeUtils.escapeHtml(sessionID);
-
- AuthenticationSession session = null;
- try {
- // check parameter
- if (!ParamValidatorUtils.isValidSessionID(sessionID))
- throw new WrongParametersException("VerifyCertificate", PARAM_SESSIONID, "auth.12");
-
- session = AuthenticationServer.getSession(sessionID);
-
- String misSessionID = session.getMISSessionID();
-
- AuthConfigurationProvider authConf= AuthConfigurationProvider.getInstance();
- ConnectionParameter connectionParameters = authConf.getOnlineMandatesConnectionParameter();
- SSLSocketFactory sslFactory = SSLUtils.getSSLSocketFactory(AuthConfigurationProvider.getInstance(), connectionParameters);
-
- List list = MISSimpleClient.sendGetMandatesRequest(connectionParameters.getUrl(), misSessionID, sslFactory);
-
- if (list == null) {
- Logger.error("Keine Vollmacht gefunden.");
- throw new MISSimpleClientException("Keine Vollmacht gefunden");
- }
- if (list.size() == 0) {
- Logger.error("Keine Vollmacht gefunden.");
- throw new MISSimpleClientException("Keine Vollmacht gefunden");
- }
-
- // for now: list contains only one element
- MISMandate mandate = (MISMandate)list.get(0);
-
-
- // verify mandate signature
- AuthenticationServer.getInstance().verifyMandate(sessionID, mandate);
-
- byte[] byteMandate = mandate.getMandate();
- String stringMandate = new String(byteMandate);
- Element mandateDoc = DOMUtils.parseDocument(stringMandate, false, null, null).getDocumentElement();
-
- //TODO OW bPK (Offen: was bei saml:NameIdentifier NameQualifier="urn:publicid:gv.at:cdid+bpk"> und <saml:Attribute AttributeName="bPK" )
- System.out.println("\n\n\n OW BPK: " + mandate.getOWbPK());
- // TODO wenn OW bPK vorhanden - in SAML Assertion setzen!
-
- String redirectURL = null;
- String samlArtifactBase64 =
- AuthenticationServer.getInstance().verifyAuthenticationBlockMandate(sessionID, mandateDoc);
-
-
- if (!samlArtifactBase64.equals("Redirect to Input Processor")) {
- redirectURL = session.getOAURLRequested();
- if (!session.getBusinessService()) {
- redirectURL = addURLParameter(redirectURL, PARAM_TARGET, URLEncoder.encode(session.getTarget(), "UTF-8"));
- }
- redirectURL = addURLParameter(redirectURL, PARAM_SAMLARTIFACT, URLEncoder.encode(samlArtifactBase64, "UTF-8"));
- redirectURL = resp.encodeRedirectURL(redirectURL);
- } else {
- redirectURL = new DataURLBuilder().buildDataURL(session.getAuthURL(), AuthenticationServer.REQ_PROCESS_VALIDATOR_INPUT, session.getSessionID());
- }
- resp.setContentType("text/html");
- resp.setStatus(302);
-
- resp.addHeader("Location", redirectURL);
- Logger.debug("REDIRECT TO: " + redirectURL);
-
-
- }
- catch (MOAIDException ex) {
- handleError(null, ex, req, resp);
- } catch (GeneralSecurityException ex) {
- handleError(null, ex, req, resp);
- } catch (PKIException e) {
- handleError(null, e, req, resp);
- } catch (MISSimpleClientException e) {
- handleError(null, e, req, resp);
+ /**
+ * Constructor for GetMISSessionIDServlet.
+ */
+ public GetMISSessionIDServlet() {
+ super();
+ }
+
+ /**
+ * GET requested by security layer implementation to verify that data URL
+ * resource is available.
+ *
+ * @see javax.servlet.http.HttpServlet#doGet(HttpServletRequest,
+ * HttpServletResponse)
+ */
+ protected void doGet(HttpServletRequest req, HttpServletResponse resp)
+ throws ServletException, IOException {
+
+ doPost(req, resp);
+
+ // Logger.debug("GET GetMISSessionIDServlet");
+ //
+ // resp.setHeader(MOAIDAuthConstants.HEADER_EXPIRES,MOAIDAuthConstants.HEADER_VALUE_EXPIRES);
+ // resp.setHeader(MOAIDAuthConstants.HEADER_PRAGMA,MOAIDAuthConstants.HEADER_VALUE_PRAGMA);
+ // resp.setHeader(MOAIDAuthConstants.HEADER_CACHE_CONTROL,MOAIDAuthConstants.HEADER_VALUE_CACHE_CONTROL);
+ // resp.addHeader(MOAIDAuthConstants.HEADER_CACHE_CONTROL,MOAIDAuthConstants.HEADER_VALUE_CACHE_CONTROL_IE);
+ }
+
+ /**
+ * Gets the signer certificate from the InfoboxReadRequest and responds with
+ * a new <code>CreateXMLSignatureRequest</code>. <br>
+ * Request parameters:
+ * <ul>
+ * <li>MOASessionID: ID of associated authentication session</li>
+ * <li>XMLResponse: <code>&lt;InfoboxReadResponse&gt;</code></li>
+ * </ul>
+ *
+ * @see javax.servlet.http.HttpServlet#doPost(HttpServletRequest,
+ * HttpServletResponse)
+ */
+ protected void doPost(HttpServletRequest req, HttpServletResponse resp)
+ throws ServletException, IOException {
+
+ Logger.debug("POST GetMISSessionIDServlet");
+
+ resp.setHeader(MOAIDAuthConstants.HEADER_EXPIRES,
+ MOAIDAuthConstants.HEADER_VALUE_EXPIRES);
+ resp.setHeader(MOAIDAuthConstants.HEADER_PRAGMA,
+ MOAIDAuthConstants.HEADER_VALUE_PRAGMA);
+ resp.setHeader(MOAIDAuthConstants.HEADER_CACHE_CONTROL,
+ MOAIDAuthConstants.HEADER_VALUE_CACHE_CONTROL);
+ resp.addHeader(MOAIDAuthConstants.HEADER_CACHE_CONTROL,
+ MOAIDAuthConstants.HEADER_VALUE_CACHE_CONTROL_IE);
+
+ // Map parameters;
+ // try
+ // {
+ // parameters = getParameters(req);
+ // } catch (FileUploadException e)
+ // {
+ // Logger.error("Parsing mulitpart/form-data request parameters failed: "
+ // + e.getMessage());
+ // throw new IOException(e.getMessage());
+ // }
+
+ String sessionID = req.getParameter(PARAM_SESSIONID);
+
+ // escape parameter strings
+ sessionID = StringEscapeUtils.escapeHtml(sessionID);
+
+ AuthenticationSession session = null;
+ String pendingRequestID = null;
+ try {
+ // check parameter
+ if (!ParamValidatorUtils.isValidSessionID(sessionID))
+ throw new WrongParametersException("VerifyCertificate",
+ PARAM_SESSIONID, "auth.12");
+
+ pendingRequestID = AuthenticationSessionStoreage.getPendingRequestID(sessionID);
+
+ session = AuthenticationServer.getSession(sessionID);
+
+ String misSessionID = session.getMISSessionID();
+
+ AuthConfigurationProvider authConf = AuthConfigurationProvider
+ .getInstance();
+ ConnectionParameter connectionParameters = authConf
+ .getOnlineMandatesConnectionParameter();
+ SSLSocketFactory sslFactory = SSLUtils.getSSLSocketFactory(
+ AuthConfigurationProvider.getInstance(),
+ connectionParameters);
+
+ List list = MISSimpleClient.sendGetMandatesRequest(
+ connectionParameters.getUrl(), misSessionID, sslFactory);
+
+ if (list == null) {
+ Logger.error("Keine Vollmacht gefunden.");
+ throw new MISSimpleClientException("Keine Vollmacht gefunden");
+ }
+ if (list.size() == 0) {
+ Logger.error("Keine Vollmacht gefunden.");
+ throw new MISSimpleClientException("Keine Vollmacht gefunden");
+ }
+
+ // for now: list contains only one element
+ MISMandate mandate = (MISMandate) list.get(0);
+
+ String sMandate = new String(mandate.getMandate());
+ if (sMandate == null | sMandate.compareToIgnoreCase("") == 0) {
+ Logger.error("Mandate is empty.");
+ throw new AuthenticationException("auth.16",
+ new Object[] { GET_MIS_SESSIONID });
+ }
+
+ //check if it is a parsable XML
+ byte[] byteMandate = mandate.getMandate();
+ String stringMandate = new String(byteMandate);
+ Element mandateDoc = DOMUtils.parseDocument(stringMandate, false,
+ null, null).getDocumentElement();
+
+ // extract RepresentationType
+ AuthenticationServer.getInstance().verifyMandate(session, mandate);
+
+ session.setMISMandate(mandate);
+ session.setAuthenticatedUsed(false);
+ session.setAuthenticated(true);
+
+ String oldsessionID = session.getSessionID();
+
+ //Session is implicite stored in changeSessionID!!!
+ String newMOASessionID = AuthenticationSessionStoreage.changeSessionID(session);
+
+ Logger.info("Changed MOASession " + oldsessionID + " to Session " + newMOASessionID);
+ Logger.info("Daten angelegt zu MOASession " + newMOASessionID);
+
+ String redirectURL = new DataURLBuilder().buildDataURL(
+ session.getAuthURL(),
+ ModulUtils.buildAuthURL(session.getModul(),
+ session.getAction(), pendingRequestID), newMOASessionID);
+ redirectURL = resp.encodeRedirectURL(redirectURL);
+
+ resp.setContentType("text/html");
+ resp.setStatus(302);
+ resp.addHeader("Location", redirectURL);
+ Logger.debug("REDIRECT TO: " + redirectURL);
+
+ } catch (MOAIDException ex) {
+ handleError(null, ex, req, resp, pendingRequestID);
+ } catch (GeneralSecurityException ex) {
+ handleError(null, ex, req, resp, pendingRequestID);
+ } catch (PKIException e) {
+ handleError(null, e, req, resp, pendingRequestID);
+ } catch (MISSimpleClientException e) {
+ handleError(null, e, req, resp, pendingRequestID);
} catch (SAXException e) {
- handleError(null, e, req, resp);
+ handleError(null, e, req, resp, pendingRequestID);
} catch (ParserConfigurationException e) {
- handleError(null, e, req, resp);
- }
- }
-
-
-
- }
+ handleError(null, e, req, resp, pendingRequestID);
+ }
+
+ finally {
+ ConfigurationDBUtils.closeSession();
+ }
+ }
+
+}
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/LogOutServlet.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/LogOutServlet.java
new file mode 100644
index 000000000..8dc5d7469
--- /dev/null
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/LogOutServlet.java
@@ -0,0 +1,144 @@
+/*
+ * Copyright 2003 Federal Chancellery Austria
+ * MOA-ID has been developed in a cooperation between BRZ, the Federal
+ * Chancellery Austria - ICT staff unit, and Graz University of Technology.
+ *
+ * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by
+ * the European Commission - subsequent versions of the EUPL (the "Licence");
+ * You may not use this work except in compliance with the Licence.
+ * You may obtain a copy of the Licence at:
+ * http://www.osor.eu/eupl/
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the Licence is distributed on an "AS IS" basis,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the Licence for the specific language governing permissions and
+ * limitations under the Licence.
+ *
+ * This product combines work with different licenses. See the "NOTICE" text
+ * file for details on the various modules and licenses.
+ * The "NOTICE" text file is part of the distribution. Any derivative works
+ * that you distribute must include a readable copy of the "NOTICE" text file.
+ */
+
+
+package at.gv.egovernment.moa.id.auth.servlet;
+
+import java.io.IOException;
+import java.io.PrintWriter;
+import java.util.List;
+
+import javax.servlet.ServletConfig;
+import javax.servlet.ServletException;
+import javax.servlet.http.HttpServletRequest;
+import javax.servlet.http.HttpServletResponse;
+import javax.servlet.http.HttpSession;
+import javax.swing.text.StyleContext.SmallAttributeSet;
+
+import org.apache.commons.lang.StringEscapeUtils;
+import org.opensaml.saml2.metadata.RequestedAttribute;
+
+import at.gv.egovernment.moa.id.AuthenticationException;
+import at.gv.egovernment.moa.id.MOAIDException;
+import at.gv.egovernment.moa.id.auth.AuthenticationServer;
+import at.gv.egovernment.moa.id.auth.MOAIDAuthInitializer;
+import at.gv.egovernment.moa.id.auth.WrongParametersException;
+import at.gv.egovernment.moa.id.auth.data.AuthenticationSession;
+import at.gv.egovernment.moa.id.auth.stork.STORKAuthnRequestProcessor;
+import at.gv.egovernment.moa.id.commons.db.ex.MOADatabaseException;
+import at.gv.egovernment.moa.id.config.auth.AuthConfigurationProvider;
+import at.gv.egovernment.moa.id.config.auth.OAAuthParameter;
+import at.gv.egovernment.moa.id.config.stork.CPEPS;
+import at.gv.egovernment.moa.id.config.stork.STORKConfig;
+import at.gv.egovernment.moa.id.moduls.AuthenticationManager;
+import at.gv.egovernment.moa.id.moduls.IRequest;
+import at.gv.egovernment.moa.id.moduls.RequestStorage;
+import at.gv.egovernment.moa.id.moduls.SSOManager;
+import at.gv.egovernment.moa.id.protocols.saml1.SAML1Protocol;
+import at.gv.egovernment.moa.id.storage.AuthenticationSessionStoreage;
+import at.gv.egovernment.moa.id.util.HTTPUtils;
+import at.gv.egovernment.moa.id.util.MOAIDMessageProvider;
+import at.gv.egovernment.moa.id.util.ParamValidatorUtils;
+import at.gv.egovernment.moa.logging.Logger;
+import at.gv.egovernment.moa.util.StringUtils;
+import eu.stork.mw.messages.saml.STORKAuthnRequest;
+import eu.stork.vidp.messages.builder.STORKMessagesBuilder;
+import eu.stork.vidp.messages.exception.SAMLException;
+import eu.stork.vidp.messages.exception.SAMLValidationException;
+import eu.stork.vidp.messages.stork.QualityAuthenticationAssuranceLevel;
+import eu.stork.vidp.messages.stork.RequestedAttributes;
+
+public class LogOutServlet extends AuthServlet {
+
+ private static final long serialVersionUID = 3908001651893673395L;
+
+ private static final String REDIRECT_URL = "redirect";
+
+ protected void doGet(HttpServletRequest req, HttpServletResponse resp)
+ throws ServletException, IOException {
+
+ Logger.debug("receive LogOut Request");
+
+ String redirectUrl = (String) req.getParameter(REDIRECT_URL);
+
+ SSOManager ssomanager = SSOManager.getInstance();
+
+ try {
+ //get SSO token from request
+ String ssoid = ssomanager.getSSOSessionID(req);
+
+ if (ssomanager.isValidSSOSession(ssoid, req)) {
+
+ //TODO: Single LogOut Implementation
+
+ //delete SSO session and MOA session
+ AuthenticationManager authmanager = AuthenticationManager.getInstance();
+ String moasessionid = AuthenticationSessionStoreage.getMOASessionID(ssoid);
+
+ RequestStorage.removePendingRequest(RequestStorage.getPendingRequest(req.getSession()),
+ AuthenticationSessionStoreage.getPendingRequestID(moasessionid));
+
+ authmanager.logout(req, resp, moasessionid);
+ Logger.info("User with SSO Id " + ssoid + " is logged out and get redirect to "+ redirectUrl);
+ } else {
+ Logger.info("No active SSO session found. User is maybe logout already and get redirect to "+ redirectUrl);
+ }
+
+ //Remove SSO token
+ ssomanager.deleteSSOSessionID(req, resp);
+
+ } catch (Exception e) {
+ Logger.warn(LogOutServlet.class.getName() + " has an LogOut Error. Redirect to Applikation " + redirectUrl, e);
+ }
+
+ //Redirect to Application
+ resp.setStatus(301);
+ resp.addHeader("Location", redirectUrl);
+ }
+
+
+ protected void doPost(HttpServletRequest req, HttpServletResponse resp)
+ throws ServletException, IOException {
+
+ doGet(req, resp);
+ }
+
+
+ /**
+ * Calls the web application initializer.
+ *
+ * @see javax.servlet.Servlet#init(ServletConfig)
+ */
+ public void init(ServletConfig servletConfig) throws ServletException {
+ try {
+ super.init(servletConfig);
+ MOAIDAuthInitializer.initialize();
+ Logger.info(MOAIDMessageProvider.getInstance().getMessage("init.00", null));
+ }
+ catch (Exception ex) {
+ Logger.fatal(MOAIDMessageProvider.getInstance().getMessage("init.02", null), ex);
+ throw new ServletException(ex);
+ }
+ }
+
+}
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/PEPSConnectorServlet.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/PEPSConnectorServlet.java
index 4ec894d47..f6412f897 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/PEPSConnectorServlet.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/PEPSConnectorServlet.java
@@ -23,11 +23,13 @@ import at.gv.egovernment.moa.id.auth.data.ExtendedSAMLAttribute;
import at.gv.egovernment.moa.id.auth.data.IdentityLink;
import at.gv.egovernment.moa.id.auth.stork.STORKException;
import at.gv.egovernment.moa.id.auth.stork.STORKResponseProcessor;
+import at.gv.egovernment.moa.id.commons.db.ex.MOADatabaseException;
+import at.gv.egovernment.moa.id.moduls.ModulUtils;
+import at.gv.egovernment.moa.id.storage.AuthenticationSessionStoreage;
import at.gv.egovernment.moa.id.util.HTTPUtils;
import at.gv.egovernment.moa.logging.Logger;
import at.gv.egovernment.moa.util.DOMUtils;
import at.gv.egovernment.moa.util.StringUtils;
-import at.gv.egovernment.moa.util.URLEncoder;
import eu.stork.mw.messages.saml.STORKAuthnRequest;
import eu.stork.mw.messages.saml.STORKResponse;
import eu.stork.vidp.messages.util.XMLUtil;
@@ -54,6 +56,8 @@ public class PEPSConnectorServlet extends AuthServlet {
*/
protected void doPost(HttpServletRequest request, HttpServletResponse response) throws ServletException, IOException {
+ String pendingRequestID = null;
+
try {
Logger.info("PEPSConnector Servlet invoked, expecting C-PEPS message.");
@@ -78,6 +82,8 @@ public class PEPSConnectorServlet extends AuthServlet {
httpSession.invalidate();
}
+ pendingRequestID = AuthenticationSessionStoreage.getPendingRequestID(moaSessionID);
+
Logger.info("Found MOA sessionID: " + moaSessionID);
Logger.debug("Beginning to extract SAMLResponse out of HTTP Request");
@@ -194,21 +200,39 @@ public class PEPSConnectorServlet extends AuthServlet {
Logger.debug("Starting to assemble MOA assertion");
//produce MOA-Assertion and artifact
String samlArtifactBase64 =
- AuthenticationServer.getInstance().getForeignAuthenticationData(moaSessionID);
+ AuthenticationServer.getInstance().getForeignAuthenticationData(moaSession);
Logger.info("MOA assertion assembled and SAML Artifact generated.");
+ //session is implicit stored in changeSessionID!!!!
+ String newMOASessionID = AuthenticationSessionStoreage.changeSessionID(moaSession);
+
+ Logger.info("Changed MOASession " + moaSessionID + " to Session " + newMOASessionID);
+ Logger.info("Daten angelegt zu MOASession " + newMOASessionID);
+
//redirect
String redirectURL = null;
if (!samlArtifactBase64.equals("Redirect to Input Processor")) {
- redirectURL = moaSession.getOAURLRequested();
+ /*redirectURL = moaSession.getOAURLRequested();
if (!moaSession.getBusinessService()) {
redirectURL = addURLParameter(redirectURL, PARAM_TARGET, URLEncoder.encode(moaSession.getTarget(), "UTF-8"));
}
redirectURL = addURLParameter(redirectURL, PARAM_SAMLARTIFACT, URLEncoder.encode(samlArtifactBase64, "UTF-8"));
+ redirectURL = response.encodeRedirectURL(redirectURL);*/
+
+ redirectURL = new DataURLBuilder().buildDataURL(moaSession.getAuthURL(),
+ ModulUtils.buildAuthURL(moaSession.getModul(), moaSession.getAction(), pendingRequestID), newMOASessionID);
redirectURL = response.encodeRedirectURL(redirectURL);
} else {
- redirectURL = new DataURLBuilder().buildDataURL(moaSession.getAuthURL(), AuthenticationServer.REQ_PROCESS_VALIDATOR_INPUT, moaSession.getSessionID());
+
+ redirectURL = new DataURLBuilder().buildDataURL(moaSession.getAuthURL(), AuthenticationServer.REQ_PROCESS_VALIDATOR_INPUT, newMOASessionID);
}
+
+ try {
+ AuthenticationSessionStoreage.storeSession(moaSession);
+ } catch (MOADatabaseException e) {
+ throw new MOAIDException("Session store error", null);
+ }
+
response.setContentType("text/html");
response.setStatus(302);
response.addHeader("Location", redirectURL);
@@ -217,9 +241,9 @@ public class PEPSConnectorServlet extends AuthServlet {
} catch (AuthenticationException e) {
- handleError(null, e, request, response);
+ handleError(null, e, request, response, pendingRequestID);
} catch (MOAIDException e) {
- handleError(null, e, request, response);
+ handleError(null, e, request, response, pendingRequestID);
}
}
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/ProcessValidatorInputServlet.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/ProcessValidatorInputServlet.java
index b5c57d5cf..ba8698934 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/ProcessValidatorInputServlet.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/ProcessValidatorInputServlet.java
@@ -46,8 +46,10 @@ import at.gv.egovernment.moa.id.auth.data.AuthenticationSession;
import at.gv.egovernment.moa.id.auth.validator.InfoboxValidator;
import at.gv.egovernment.moa.id.auth.validator.ValidateException;
import at.gv.egovernment.moa.id.auth.validator.parep.ParepUtils;
+import at.gv.egovernment.moa.id.commons.db.ex.MOADatabaseException;
import at.gv.egovernment.moa.id.config.auth.AuthConfigurationProvider;
import at.gv.egovernment.moa.id.config.auth.OAAuthParameter;
+import at.gv.egovernment.moa.id.storage.AuthenticationSessionStoreage;
import at.gv.egovernment.moa.id.util.ParamValidatorUtils;
import at.gv.egovernment.moa.logging.Logger;
import at.gv.egovernment.moa.util.FileUtils;
@@ -133,7 +135,7 @@ public class ProcessValidatorInputServlet extends AuthServlet {
handleWrongParameters(ex, req, resp);
}
catch (MOAIDException ex) {
- handleError(null, ex, req, resp);
+ handleError(null, ex, req, resp, null); //TODO: is this Class required?
}
}
@@ -145,114 +147,122 @@ public class ProcessValidatorInputServlet extends AuthServlet {
protected void doPost(HttpServletRequest req, HttpServletResponse resp)
throws ServletException, IOException {
- Logger.debug("POST ProcessInput");
-
- resp.setHeader(MOAIDAuthConstants.HEADER_EXPIRES,MOAIDAuthConstants.HEADER_VALUE_EXPIRES);
- resp.setHeader(MOAIDAuthConstants.HEADER_PRAGMA,MOAIDAuthConstants.HEADER_VALUE_PRAGMA);
- resp.setHeader(MOAIDAuthConstants.HEADER_CACHE_CONTROL,MOAIDAuthConstants.HEADER_VALUE_CACHE_CONTROL);
- resp.addHeader(MOAIDAuthConstants.HEADER_CACHE_CONTROL,MOAIDAuthConstants.HEADER_VALUE_CACHE_CONTROL_IE);
-
- Map parameters;
- try {
- parameters = getParameters(req);
- } catch (FileUploadException e) {
- Logger.error("Parsing mulitpart/form-data request parameters failed: " + e.getMessage());
- throw new IOException(e.getMessage());
- }
-
- String sessionID = req.getParameter(PARAM_SESSIONID);
- if (sessionID==null) sessionID = (String) req.getAttribute(PARAM_SESSIONID);
- if (sessionID==null) sessionID = (String) parameters.get(PARAM_SESSIONID);
- if (sessionID==null) sessionID = (String) parameters.get(PARAM_SESSIONID+"_");
-
- // escape parameter strings
- sessionID = StringEscapeUtils.escapeHtml(sessionID);
-
- try {
-
- if (!ParamValidatorUtils.isValidSessionID(sessionID))
- throw new WrongParametersException("ProcessInput", PARAM_SESSIONID, "auth.12");
-
- AuthenticationSession session = AuthenticationServer.getSession(sessionID);
- AuthenticationServer.processInput(session, parameters);
- String createXMLSignatureRequestOrRedirect = AuthenticationServer.getInstance().getCreateXMLSignatureRequestAuthBlockOrRedirect(session, null, null);
- if (!createXMLSignatureRequestOrRedirect.startsWith("Redirect")) {
- // Now sign the AUTH Block
- String dataURL = new DataURLBuilder().buildDataURL(
- session.getAuthURL(), AuthenticationServer.REQ_VERIFY_AUTH_BLOCK, sessionID);
-
- String htmlForm = null;
-
- boolean doInputProcessorSign = false; // If sign process should be within an extra form, provide a parameter. Otherwise transport through security layer is assumed
-
- String inputProcessorSignForm = req.getParameter("Sign_Form");
- if (inputProcessorSignForm==null) inputProcessorSignForm = (String) req.getAttribute("Sign_Form");
- if (inputProcessorSignForm==null) inputProcessorSignForm = (String) parameters.get("Sign_Form");
- if (inputProcessorSignForm==null) inputProcessorSignForm = (String) parameters.get("Sign_Form_");
- // escape parameter strings
- inputProcessorSignForm = StringEscapeUtils.escapeHtml(inputProcessorSignForm);
- if (!ParepUtils.isEmpty(inputProcessorSignForm)) doInputProcessorSign = inputProcessorSignForm.equalsIgnoreCase("true");
- if (doInputProcessorSign) {
- // Test if we have a user input form sign template
-
- String inputProcessorSignTemplateURL = req.getParameter(PARAM_INPUT_PROCESSOR_SIGN_TEMPLATE);
-
- if (!ParamValidatorUtils.isValidSignUrl(inputProcessorSignTemplateURL))
- throw new WrongParametersException("ProcessInput", PARAM_INPUT_PROCESSOR_SIGN_TEMPLATE, "auth.12");
-
- String inputProcessorSignTemplate = null;
- OAAuthParameter oaParam =
- AuthConfigurationProvider.getInstance().getOnlineApplicationParameter(session.getOAURLRequested());
- // override template url by url from configuration file
- if (oaParam.getInputProcessorSignTemplateURL() != null) {
- inputProcessorSignTemplateURL = oaParam.getInputProcessorSignTemplateURL();
- }
- if (inputProcessorSignTemplateURL != null) {
- try {
- inputProcessorSignTemplate = new String(FileUtils.readURL(inputProcessorSignTemplateURL));
- } catch (IOException ex) {
- throw new AuthenticationException(
- "auth.03",
- new Object[] { inputProcessorSignTemplateURL, ex.toString()},
- ex);
- }
- }
-
- htmlForm = new GetVerifyAuthBlockFormBuilder().build(
- inputProcessorSignTemplate, session.getBkuURL(), createXMLSignatureRequestOrRedirect, dataURL, session.getPushInfobox());
- htmlForm = ParepUtils.replaceAll(htmlForm, "<BASE_href>", session.getAuthURL());
- htmlForm = ParepUtils.replaceAll(htmlForm, "<MOASessionID>", sessionID);
- htmlForm = ParepUtils.replaceAll(htmlForm, "<BKU>", session.getBkuURL());
- htmlForm = ParepUtils.replaceAll(htmlForm, "<DataURL>", dataURL);
- htmlForm = ParepUtils.replaceAll(htmlForm, "<PushInfobox>", session.getPushInfobox());
- resp.setContentType("text/html;charset=UTF-8");
- } else {
- htmlForm = createXMLSignatureRequestOrRedirect;
- resp.setStatus(307);
- resp.addHeader("Location", dataURL);
- //TODO test impact of explicit setting charset with older versions of BKUs (HotSign)
- resp.setContentType("text/xml;charset=UTF-8");
- }
-
- OutputStream out = resp.getOutputStream();
- out.write(htmlForm.getBytes("UTF-8"));
- out.flush();
- out.close();
- Logger.debug("Finished POST ProcessInput");
- } else {
- String redirectURL = new DataURLBuilder().buildDataURL(session.getAuthURL(), AuthenticationServer.REQ_PROCESS_VALIDATOR_INPUT, session.getSessionID());
- resp.setContentType("text/html");
- resp.setStatus(302);
- resp.addHeader("Location", redirectURL);
- Logger.debug("REDIRECT TO: " + redirectURL);
- }
- }
- catch (WrongParametersException ex) {
- handleWrongParameters(ex, req, resp);
- }
- catch (MOAIDException ex) {
- handleError(null, ex, req, resp);
- }
+// Logger.debug("POST ProcessInput");
+//
+// resp.setHeader(MOAIDAuthConstants.HEADER_EXPIRES,MOAIDAuthConstants.HEADER_VALUE_EXPIRES);
+// resp.setHeader(MOAIDAuthConstants.HEADER_PRAGMA,MOAIDAuthConstants.HEADER_VALUE_PRAGMA);
+// resp.setHeader(MOAIDAuthConstants.HEADER_CACHE_CONTROL,MOAIDAuthConstants.HEADER_VALUE_CACHE_CONTROL);
+// resp.addHeader(MOAIDAuthConstants.HEADER_CACHE_CONTROL,MOAIDAuthConstants.HEADER_VALUE_CACHE_CONTROL_IE);
+//
+// Map parameters;
+// try {
+// parameters = getParameters(req);
+// } catch (FileUploadException e) {
+// Logger.error("Parsing mulitpart/form-data request parameters failed: " + e.getMessage());
+// throw new IOException(e.getMessage());
+// }
+//
+// String sessionID = req.getParameter(PARAM_SESSIONID);
+// if (sessionID==null) sessionID = (String) req.getAttribute(PARAM_SESSIONID);
+// if (sessionID==null) sessionID = (String) parameters.get(PARAM_SESSIONID);
+// if (sessionID==null) sessionID = (String) parameters.get(PARAM_SESSIONID+"_");
+//
+// // escape parameter strings
+// sessionID = StringEscapeUtils.escapeHtml(sessionID);
+//
+// try {
+//
+// if (!ParamValidatorUtils.isValidSessionID(sessionID))
+// throw new WrongParametersException("ProcessInput", PARAM_SESSIONID, "auth.12");
+//
+// AuthenticationSession session = AuthenticationServer.getSession(sessionID);
+// AuthenticationServer.processInput(session, parameters);
+// String createXMLSignatureRequestOrRedirect = AuthenticationServer.getInstance().getCreateXMLSignatureRequestAuthBlockOrRedirect(session, null, null);
+// if (!createXMLSignatureRequestOrRedirect.startsWith("Redirect")) {
+// // Now sign the AUTH Block
+// String dataURL = new DataURLBuilder().buildDataURL(
+// session.getAuthURL(), AuthenticationServer.REQ_VERIFY_AUTH_BLOCK, sessionID);
+//
+// String htmlForm = null;
+//
+// boolean doInputProcessorSign = false; // If sign process should be within an extra form, provide a parameter. Otherwise transport through security layer is assumed
+//
+// String inputProcessorSignForm = req.getParameter("Sign_Form");
+// if (inputProcessorSignForm==null) inputProcessorSignForm = (String) req.getAttribute("Sign_Form");
+// if (inputProcessorSignForm==null) inputProcessorSignForm = (String) parameters.get("Sign_Form");
+// if (inputProcessorSignForm==null) inputProcessorSignForm = (String) parameters.get("Sign_Form_");
+// // escape parameter strings
+// inputProcessorSignForm = StringEscapeUtils.escapeHtml(inputProcessorSignForm);
+// if (!ParepUtils.isEmpty(inputProcessorSignForm)) doInputProcessorSign = inputProcessorSignForm.equalsIgnoreCase("true");
+// if (doInputProcessorSign) {
+// // Test if we have a user input form sign template
+//
+// String inputProcessorSignTemplateURL = req.getParameter(PARAM_INPUT_PROCESSOR_SIGN_TEMPLATE);
+//
+// if (!ParamValidatorUtils.isValidSignUrl(inputProcessorSignTemplateURL))
+// throw new WrongParametersException("ProcessInput", PARAM_INPUT_PROCESSOR_SIGN_TEMPLATE, "auth.12");
+//
+// String inputProcessorSignTemplate = null;
+// OAAuthParameter oaParam =
+// AuthConfigurationProvider.getInstance().getOnlineApplicationParameter(session.getOAURLRequested());
+// // override template url by url from configuration file
+// if (oaParam.getInputProcessorSignTemplateURL() != null) {
+// inputProcessorSignTemplateURL = oaParam.getInputProcessorSignTemplateURL();
+// }
+// if (inputProcessorSignTemplateURL != null) {
+// try {
+// inputProcessorSignTemplate = new String(FileUtils.readURL(inputProcessorSignTemplateURL));
+// } catch (IOException ex) {
+// throw new AuthenticationException(
+// "auth.03",
+// new Object[] { inputProcessorSignTemplateURL, ex.toString()},
+// ex);
+// }
+// }
+//
+// htmlForm = new GetVerifyAuthBlockFormBuilder().build(
+// inputProcessorSignTemplate, session.getBkuURL(), createXMLSignatureRequestOrRedirect, dataURL, session.getPushInfobox());
+// htmlForm = ParepUtils.replaceAll(htmlForm, "<BASE_href>", session.getAuthURL());
+// htmlForm = ParepUtils.replaceAll(htmlForm, "<MOASessionID>", sessionID);
+// htmlForm = ParepUtils.replaceAll(htmlForm, "<BKU>", session.getBkuURL());
+// htmlForm = ParepUtils.replaceAll(htmlForm, "<DataURL>", dataURL);
+// htmlForm = ParepUtils.replaceAll(htmlForm, "<PushInfobox>", session.getPushInfobox());
+// resp.setContentType("text/html;charset=UTF-8");
+// } else {
+// htmlForm = createXMLSignatureRequestOrRedirect;
+// resp.setStatus(307);
+// resp.addHeader("Location", dataURL);
+// //TODO test impact of explicit setting charset with older versions of BKUs (HotSign)
+// resp.setContentType("text/xml;charset=UTF-8");
+// }
+//
+// OutputStream out = resp.getOutputStream();
+// out.write(htmlForm.getBytes("UTF-8"));
+// out.flush();
+// out.close();
+// Logger.debug("Finished POST ProcessInput");
+// } else {
+// String redirectURL = new DataURLBuilder().buildDataURL(session.getAuthURL(), AuthenticationServer.REQ_PROCESS_VALIDATOR_INPUT, session.getSessionID());
+// resp.setContentType("text/html");
+// resp.setStatus(302);
+// resp.addHeader("Location", redirectURL);
+// Logger.debug("REDIRECT TO: " + redirectURL);
+// }
+//
+// try {
+// AuthenticationSessionStoreage.storeSession(session);
+//
+// } catch (MOADatabaseException e) {
+// throw new AuthenticationException("", null);
+// }
+//
+// }
+// catch (WrongParametersException ex) {
+// handleWrongParameters(ex, req, resp);
+// }
+// catch (MOAIDException ex) {
+// handleError(null, ex, req, resp);
+// }
}
}
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/RedirectServlet.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/RedirectServlet.java
new file mode 100644
index 000000000..5a0bd33bf
--- /dev/null
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/RedirectServlet.java
@@ -0,0 +1,54 @@
+package at.gv.egovernment.moa.id.auth.servlet;
+
+import java.io.IOException;
+import java.io.PrintWriter;
+
+import javax.servlet.ServletException;
+import javax.servlet.http.HttpServletRequest;
+import javax.servlet.http.HttpServletResponse;
+
+import at.gv.egovernment.moa.id.auth.builder.RedirectFormBuilder;
+import at.gv.egovernment.moa.logging.Logger;
+import at.gv.egovernment.moa.util.MiscUtil;
+import at.gv.egovernment.moa.util.URLEncoder;
+
+
+
+public class RedirectServlet extends AuthServlet{
+
+ private static final long serialVersionUID = 1L;
+
+ public static final String REDIRCT_PARAM_URL = "redirecturl";
+
+
+ protected void doGet(HttpServletRequest req, HttpServletResponse resp)
+ throws ServletException, IOException {
+ Logger.info("Receive " + RedirectServlet.class + " Request");
+
+ String url = req.getParameter(REDIRCT_PARAM_URL);
+ String target = req.getParameter(PARAM_TARGET);
+ String artifact = req.getParameter(PARAM_SAMLARTIFACT);
+
+ Logger.info("Redirect to " + url);
+
+ if (MiscUtil.isNotEmpty(target)) {
+// redirectURL = addURLParameter(redirectURL, PARAM_TARGET,
+// URLEncoder.encode(session.getTarget(), "UTF-8"));
+ url = addURLParameter(url, PARAM_TARGET,
+ URLEncoder.encode(target, "UTF-8"));
+
+
+ }
+ url = addURLParameter(url, PARAM_SAMLARTIFACT,
+ URLEncoder.encode(artifact, "UTF-8"));
+ url = resp.encodeRedirectURL(url);
+
+ String redirect_form = RedirectFormBuilder.buildLoginForm(url);
+
+ resp.setContentType("text/html;charset=UTF-8");
+ PrintWriter out = new PrintWriter(resp.getOutputStream());
+ out.write(redirect_form);
+ out.flush();
+ }
+
+}
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/SSOSendAssertionServlet.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/SSOSendAssertionServlet.java
new file mode 100644
index 000000000..9b559770f
--- /dev/null
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/SSOSendAssertionServlet.java
@@ -0,0 +1,149 @@
+package at.gv.egovernment.moa.id.auth.servlet;
+
+import iaik.util.logging.Log;
+
+import java.io.IOException;
+import java.io.PrintWriter;
+
+import javax.servlet.ServletException;
+import javax.servlet.http.HttpServletRequest;
+import javax.servlet.http.HttpServletResponse;
+import javax.servlet.http.HttpSession;
+
+import org.apache.commons.lang.StringEscapeUtils;
+
+import at.gv.egovernment.moa.id.AuthenticationException;
+import at.gv.egovernment.moa.id.auth.AuthenticationServer;
+import at.gv.egovernment.moa.id.auth.WrongParametersException;
+import at.gv.egovernment.moa.id.auth.builder.DataURLBuilder;
+import at.gv.egovernment.moa.id.auth.builder.RedirectFormBuilder;
+import at.gv.egovernment.moa.id.auth.data.AuthenticationSession;
+import at.gv.egovernment.moa.id.commons.db.ex.MOADatabaseException;
+import at.gv.egovernment.moa.id.moduls.IRequest;
+import at.gv.egovernment.moa.id.moduls.ModulUtils;
+import at.gv.egovernment.moa.id.moduls.RequestStorage;
+import at.gv.egovernment.moa.id.moduls.SSOManager;
+import at.gv.egovernment.moa.id.storage.AuthenticationSessionStoreage;
+import at.gv.egovernment.moa.id.util.ParamValidatorUtils;
+import at.gv.egovernment.moa.logging.Logger;
+import at.gv.egovernment.moa.util.MiscUtil;
+import at.gv.egovernment.moa.util.URLEncoder;
+
+
+
+public class SSOSendAssertionServlet extends AuthServlet{
+
+ private static final long serialVersionUID = 1L;
+
+ private static final String PARAM = "value";
+ private static final String MODULE = "mod";
+ private static final String ACTION = "action";
+ private static final String ID = "identifier";
+
+ protected void doPost(HttpServletRequest req, HttpServletResponse resp)
+ throws ServletException, IOException {
+
+ String id = null;
+ Logger.info("Receive " + SSOSendAssertionServlet.class + " Request");
+ try {
+
+ Object idObject = req.getParameter(ID);
+
+ if (idObject != null && (idObject instanceof String)) {
+ id = (String) idObject;
+ }
+
+ String value = req.getParameter(PARAM);
+ value = StringEscapeUtils.escapeHtml(value);
+ if (!ParamValidatorUtils.isValidUseMandate(value))
+ throw new WrongParametersException("SSOSendAssertionServlet", PARAM, null);
+
+ //get module and action
+ Object moduleObject = req.getParameter(MODULE);
+ String module = null;
+ if (moduleObject != null && (moduleObject instanceof String)) {
+ module = (String) moduleObject;
+ }
+
+
+ Object actionObject = req.getParameter(ACTION);
+ String action = null;
+ if (actionObject != null && (actionObject instanceof String)) {
+ action = (String) actionObject;
+ }
+
+ if (MiscUtil.isEmpty(module) || MiscUtil.isEmpty(action) || MiscUtil.isEmpty(id)) {
+ Logger.warn("No Moduel or Action parameter received!");
+ throw new WrongParametersException("Module or Action is empty", "", "auth.10");
+ }
+
+
+ SSOManager ssomanager = SSOManager.getInstance();
+ //get SSO Cookie for Request
+ String ssoId = ssomanager.getSSOSessionID(req);
+
+ //check SSO session
+ if (ssoId != null) {
+ String correspondingMOASession = ssomanager.existsOldSSOSession(ssoId);
+
+ if (correspondingMOASession != null) {
+ Log.warn("Request sends an old SSO Session ID("+ssoId+")! " +
+ "Invalidate the corresponding MOASession with ID="+ correspondingMOASession);
+
+
+ AuthenticationSessionStoreage.destroySession(correspondingMOASession);
+
+ ssomanager.deleteSSOSessionID(req, resp);
+ }
+ }
+
+ boolean isValidSSOSession = ssomanager.isValidSSOSession(ssoId, req);
+
+ String moaSessionID = null;
+
+ if (isValidSSOSession) {
+
+
+ //check UseMandate flag
+ String valueString = null;;
+ if ((value != null) && (value.compareTo("") != 0)) {
+ valueString = value;
+ } else {
+ valueString = "false";
+ }
+
+ if (valueString.compareToIgnoreCase("true") == 0) {
+ moaSessionID = AuthenticationSessionStoreage.getMOASessionID(ssoId);
+ AuthenticationSession moasession = AuthenticationSessionStoreage.getSession(moaSessionID);
+ AuthenticationSessionStoreage.setAuthenticated(moaSessionID, true);
+
+ String redirectURL = new DataURLBuilder().buildDataURL(moasession.getAuthURL(),
+ ModulUtils.buildAuthURL(module, action, id), "");
+
+ resp.setContentType("text/html");
+ resp.setStatus(302);
+
+ resp.addHeader("Location", redirectURL);
+ Logger.debug("REDIRECT TO: " + redirectURL);
+
+ }
+
+ else {
+ throw new AuthenticationException("auth.21", new Object[] {});
+ }
+
+ } else {
+ handleError("SSO Session is not valid", null, req, resp, id);
+ }
+
+
+ } catch (MOADatabaseException e) {
+ handleError("SSO Session is not found", e, req, resp, id);
+ } catch (WrongParametersException e) {
+ handleError("Parameter is not valid", e, req, resp, id);
+ } catch (AuthenticationException e) {
+ handleError(e.getMessage(), e, req, resp, id);
+ }
+ }
+
+}
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/SelectBKUServlet.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/SelectBKUServlet.java
index d544e2f85..2deece26f 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/SelectBKUServlet.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/SelectBKUServlet.java
@@ -91,94 +91,94 @@ public class SelectBKUServlet extends AuthServlet {
Logger.debug("GET SelectBKU");
- resp.setHeader(MOAIDAuthConstants.HEADER_EXPIRES,MOAIDAuthConstants.HEADER_VALUE_EXPIRES);
- resp.setHeader(MOAIDAuthConstants.HEADER_PRAGMA,MOAIDAuthConstants.HEADER_VALUE_PRAGMA);
- resp.setHeader(MOAIDAuthConstants.HEADER_CACHE_CONTROL,MOAIDAuthConstants.HEADER_VALUE_CACHE_CONTROL);
- resp.addHeader(MOAIDAuthConstants.HEADER_CACHE_CONTROL,MOAIDAuthConstants.HEADER_VALUE_CACHE_CONTROL_IE);
-
- String authURL = req.getScheme() + "://" + req.getServerName();
- if ((req.getScheme().equalsIgnoreCase("https") && req.getServerPort()!=443) || (req.getScheme().equalsIgnoreCase("http") && req.getServerPort()!=80)) {
- authURL = authURL.concat(":" + req.getServerPort());
- }
- authURL = authURL.concat(req.getContextPath() + "/");
-
- String target = req.getParameter(PARAM_TARGET);
- String oaURL = req.getParameter(PARAM_OA);
- String bkuSelectionTemplateURL = req.getParameter(PARAM_BKUTEMPLATE);
- String templateURL = req.getParameter(PARAM_TEMPLATE);
-
- // escape parameter strings
- target = StringEscapeUtils.escapeHtml(target);
- oaURL = StringEscapeUtils.escapeHtml(oaURL);
- templateURL = StringEscapeUtils.escapeHtml(templateURL);
- bkuSelectionTemplateURL = StringEscapeUtils.escapeHtml(bkuSelectionTemplateURL);
-
-
- resp.setHeader(HEADER_EXPIRES,HEADER_VALUE_EXPIRES);
- resp.setHeader(HEADER_PRAGMA,HEADER_VALUE_PRAGMA);
- resp.setHeader(HEADER_CACHE_CONTROL,HEADER_VALUE_CACHE_CONTROL);
- resp.addHeader(HEADER_CACHE_CONTROL,HEADER_VALUE_CACHE_CONTROL_IE);
-
- try {
-
- // check parameter
- if (!ParamValidatorUtils.isValidOA(oaURL))
- throw new WrongParametersException("SelectBKU", PARAM_OA, "auth.12");
- if (!ParamValidatorUtils.isValidTemplate(req, templateURL))
- throw new WrongParametersException("SelectBKU", PARAM_TEMPLATE, "auth.12");
- if (!ParamValidatorUtils.isValidTemplate(req, bkuSelectionTemplateURL))
- throw new WrongParametersException("SelectBKU", PARAM_TEMPLATE, "auth.12");
-
- if (!ParamValidatorUtils.isValidTarget(target))
- throw new WrongParametersException("SelectBKU", PARAM_TARGET, "auth.12");
-
- OAAuthParameter oaParam =
- AuthConfigurationProvider.getInstance().getOnlineApplicationParameter(oaURL);
- if (oaParam == null)
- throw new AuthenticationException("auth.00", new Object[] { oaURL });
-
- // get target and target friendly name from config
- String targetConfig = oaParam.getTarget();
-
- String returnValue = null;
- if (StringUtils.isEmpty(targetConfig)) {
- // no target attribut is given in OA config
- // target is used from request
- // check parameter
- if (!ParamValidatorUtils.isValidTarget(target))
- throw new WrongParametersException("StartAuthentication", PARAM_TARGET, "auth.12");
-
- returnValue = AuthenticationServer.getInstance().selectBKU(authURL, target, oaURL, bkuSelectionTemplateURL, templateURL);
- }
- else {
- // use target from config
- returnValue = AuthenticationServer.getInstance().selectBKU(authURL, targetConfig, oaURL, bkuSelectionTemplateURL, templateURL);
- }
-
-
- String bkuSelectionType = AuthConfigurationProvider.getInstance().getBKUSelectionType();
- if (bkuSelectionType.equals(AuthConfigurationProvider.BKU_SELECTION_TYPE_HTMLCOMPLETE)) {
- // bkuSelectionType==HTMLComplete
- String redirectURL = returnValue;
- resp.setContentType("text/html");
- resp.sendRedirect(redirectURL);
- Logger.info("REDIRECT TO: " + redirectURL);
- } else {
- // bkuSelectionType==HTMLSelect
- String htmlForm = returnValue;
- resp.setContentType("text/html;charset=UTF-8");
- Logger.debug("HTML-Form: " + htmlForm);
- Writer out = new OutputStreamWriter(resp.getOutputStream(), "UTF8");
- out.write(htmlForm);
- out.flush();
- Logger.debug("Finished GET SelectBKU");
- }
- }
- catch (WrongParametersException ex) {
- handleWrongParameters(ex, req, resp);
- }
- catch (Throwable ex) {
- handleError(null, ex, req, resp);
- }
+// resp.setHeader(MOAIDAuthConstants.HEADER_EXPIRES,MOAIDAuthConstants.HEADER_VALUE_EXPIRES);
+// resp.setHeader(MOAIDAuthConstants.HEADER_PRAGMA,MOAIDAuthConstants.HEADER_VALUE_PRAGMA);
+// resp.setHeader(MOAIDAuthConstants.HEADER_CACHE_CONTROL,MOAIDAuthConstants.HEADER_VALUE_CACHE_CONTROL);
+// resp.addHeader(MOAIDAuthConstants.HEADER_CACHE_CONTROL,MOAIDAuthConstants.HEADER_VALUE_CACHE_CONTROL_IE);
+//
+// String authURL = req.getScheme() + "://" + req.getServerName();
+// if ((req.getScheme().equalsIgnoreCase("https") && req.getServerPort()!=443) || (req.getScheme().equalsIgnoreCase("http") && req.getServerPort()!=80)) {
+// authURL = authURL.concat(":" + req.getServerPort());
+// }
+// authURL = authURL.concat(req.getContextPath() + "/");
+//
+// String target = req.getParameter(PARAM_TARGET);
+// String oaURL = req.getParameter(PARAM_OA);
+// String bkuSelectionTemplateURL = req.getParameter(PARAM_BKUTEMPLATE);
+// String templateURL = req.getParameter(PARAM_TEMPLATE);
+//
+// // escape parameter strings
+// target = StringEscapeUtils.escapeHtml(target);
+// oaURL = StringEscapeUtils.escapeHtml(oaURL);
+// templateURL = StringEscapeUtils.escapeHtml(templateURL);
+// bkuSelectionTemplateURL = StringEscapeUtils.escapeHtml(bkuSelectionTemplateURL);
+//
+//
+// resp.setHeader(HEADER_EXPIRES,HEADER_VALUE_EXPIRES);
+// resp.setHeader(HEADER_PRAGMA,HEADER_VALUE_PRAGMA);
+// resp.setHeader(HEADER_CACHE_CONTROL,HEADER_VALUE_CACHE_CONTROL);
+// resp.addHeader(HEADER_CACHE_CONTROL,HEADER_VALUE_CACHE_CONTROL_IE);
+//
+// try {
+//
+// // check parameter
+// if (!ParamValidatorUtils.isValidOA(oaURL))
+// throw new WrongParametersException("SelectBKU", PARAM_OA, "auth.12");
+// if (!ParamValidatorUtils.isValidTemplate(req, templateURL))
+// throw new WrongParametersException("SelectBKU", PARAM_TEMPLATE, "auth.12");
+// if (!ParamValidatorUtils.isValidTemplate(req, bkuSelectionTemplateURL))
+// throw new WrongParametersException("SelectBKU", PARAM_TEMPLATE, "auth.12");
+//
+// if (!ParamValidatorUtils.isValidTarget(target))
+// throw new WrongParametersException("SelectBKU", PARAM_TARGET, "auth.12");
+//
+// OAAuthParameter oaParam =
+// AuthConfigurationProvider.getInstance().getOnlineApplicationParameter(oaURL);
+// if (oaParam == null)
+// throw new AuthenticationException("auth.00", new Object[] { oaURL });
+//
+// // get target and target friendly name from config
+// String targetConfig = oaParam.getTarget();
+//
+// String returnValue = null;
+// if (StringUtils.isEmpty(targetConfig)) {
+// // no target attribut is given in OA config
+// // target is used from request
+// // check parameter
+// if (!ParamValidatorUtils.isValidTarget(target))
+// throw new WrongParametersException("StartAuthentication", PARAM_TARGET, "auth.12");
+//
+// returnValue = AuthenticationServer.getInstance().selectBKU(authURL, target, oaURL, bkuSelectionTemplateURL, templateURL);
+// }
+// else {
+// // use target from config
+// returnValue = AuthenticationServer.getInstance().selectBKU(authURL, targetConfig, oaURL, bkuSelectionTemplateURL, templateURL);
+// }
+//
+//
+// String bkuSelectionType = AuthConfigurationProvider.getInstance().getBKUSelectionType();
+// if (bkuSelectionType.equals(AuthConfigurationProvider.BKU_SELECTION_TYPE_HTMLCOMPLETE)) {
+// // bkuSelectionType==HTMLComplete
+// String redirectURL = returnValue;
+// resp.setContentType("text/html");
+// resp.sendRedirect(redirectURL);
+// Logger.info("REDIRECT TO: " + redirectURL);
+// } else {
+// // bkuSelectionType==HTMLSelect
+// String htmlForm = returnValue;
+// resp.setContentType("text/html;charset=UTF-8");
+// Logger.debug("HTML-Form: " + htmlForm);
+// Writer out = new OutputStreamWriter(resp.getOutputStream(), "UTF8");
+// out.write(htmlForm);
+// out.flush();
+// Logger.debug("Finished GET SelectBKU");
+// }
+// }
+// catch (WrongParametersException ex) {
+// handleWrongParameters(ex, req, resp);
+// }
+// catch (Throwable ex) {
+// handleError(null, ex, req, resp);
+// }
}
}
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/StartAuthenticationServlet.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/StartAuthenticationServlet.java
deleted file mode 100644
index 012ed4c14..000000000
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/StartAuthenticationServlet.java
+++ /dev/null
@@ -1,224 +0,0 @@
-/*
- * Copyright 2003 Federal Chancellery Austria
- * MOA-ID has been developed in a cooperation between BRZ, the Federal
- * Chancellery Austria - ICT staff unit, and Graz University of Technology.
- *
- * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by
- * the European Commission - subsequent versions of the EUPL (the "Licence");
- * You may not use this work except in compliance with the Licence.
- * You may obtain a copy of the Licence at:
- * http://www.osor.eu/eupl/
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the Licence is distributed on an "AS IS" basis,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the Licence for the specific language governing permissions and
- * limitations under the Licence.
- *
- * This product combines work with different licenses. See the "NOTICE" text
- * file for details on the various modules and licenses.
- * The "NOTICE" text file is part of the distribution. Any derivative works
- * that you distribute must include a readable copy of the "NOTICE" text file.
- */
-
-
-package at.gv.egovernment.moa.id.auth.servlet;
-
-import java.io.IOException;
-import java.io.PrintWriter;
-import java.util.List;
-
-import javax.servlet.ServletConfig;
-import javax.servlet.ServletException;
-import javax.servlet.http.HttpServletRequest;
-import javax.servlet.http.HttpServletResponse;
-
-import org.apache.commons.lang.StringEscapeUtils;
-import org.opensaml.saml2.metadata.RequestedAttribute;
-
-import at.gv.egovernment.moa.id.AuthenticationException;
-import at.gv.egovernment.moa.id.MOAIDException;
-import at.gv.egovernment.moa.id.auth.AuthenticationServer;
-import at.gv.egovernment.moa.id.auth.MOAIDAuthInitializer;
-import at.gv.egovernment.moa.id.auth.WrongParametersException;
-import at.gv.egovernment.moa.id.auth.stork.STORKAuthnRequestProcessor;
-import at.gv.egovernment.moa.id.config.auth.AuthConfigurationProvider;
-import at.gv.egovernment.moa.id.config.auth.OAAuthParameter;
-import at.gv.egovernment.moa.id.config.stork.CPEPS;
-import at.gv.egovernment.moa.id.config.stork.STORKConfig;
-import at.gv.egovernment.moa.id.util.HTTPUtils;
-import at.gv.egovernment.moa.id.util.MOAIDMessageProvider;
-import at.gv.egovernment.moa.id.util.ParamValidatorUtils;
-import at.gv.egovernment.moa.logging.Logger;
-import at.gv.egovernment.moa.util.StringUtils;
-import eu.stork.mw.messages.saml.STORKAuthnRequest;
-import eu.stork.vidp.messages.builder.STORKMessagesBuilder;
-import eu.stork.vidp.messages.exception.SAMLException;
-import eu.stork.vidp.messages.exception.SAMLValidationException;
-import eu.stork.vidp.messages.stork.QualityAuthenticationAssuranceLevel;
-import eu.stork.vidp.messages.stork.RequestedAttributes;
-
-/**
- * Servlet requested for starting a MOA ID authentication session.
- * Utilizes the {@link AuthenticationServer}.
- *
- * @author Paul Ivancsics
- * @version $Id$
- * @see AuthenticationServer#startAuthentication
- */
-public class StartAuthenticationServlet extends AuthServlet {
-
- /**
- *
- */
- private static final long serialVersionUID = 3908001651893673395L;
-
-
-/**
- * Responds with an HTML form which upon submit requests the identity link
- * from the security layer implementation.
- * <br>
- * Response:
- * <ul>
- * <li>Content type: <code>"text/html"</code></li>
- * <li>Content: see return value of {@link AuthenticationServer#startAuthentication}</li>
- * <li>Error status: <code>500</code>
- * </ul>
- * @see javax.servlet.http.HttpServlet#doGet(HttpServletRequest, HttpServletResponse)
- */
- protected void doGet(HttpServletRequest req, HttpServletResponse resp)
- throws ServletException, IOException {
-
- Logger.debug("GET StartAuthentication");
- String authURL = req.getScheme() + "://" + req.getServerName();
- if ((req.getScheme().equalsIgnoreCase("https") && req.getServerPort()!=443) || (req.getScheme().equalsIgnoreCase("http") && req.getServerPort()!=80)) {
- authURL = authURL.concat(":" + req.getServerPort());
- }
- authURL = authURL.concat(req.getContextPath() + "/");
-
- String target = req.getParameter(PARAM_TARGET);
- String sourceID = req.getParameter(PARAM_SOURCEID);
- String oaURL = req.getParameter(PARAM_OA);
- String bkuURL = req.getParameter(PARAM_BKU);
- String templateURL = req.getParameter(PARAM_TEMPLATE);
- String sessionID = req.getParameter(PARAM_SESSIONID);
- String useMandate = req.getParameter(PARAM_USEMANDATE);
- String ccc = req.getParameter(PARAM_CCC);
-
- // escape parameter strings
- target = StringEscapeUtils.escapeHtml(target);
- sourceID = StringEscapeUtils.escapeHtml(sourceID);
- oaURL = StringEscapeUtils.escapeHtml(oaURL);
- bkuURL = StringEscapeUtils.escapeHtml(bkuURL);
- templateURL = StringEscapeUtils.escapeHtml(templateURL);
- sessionID = StringEscapeUtils.escapeHtml(sessionID);
- useMandate = StringEscapeUtils.escapeHtml(useMandate);
- ccc = StringEscapeUtils.escapeHtml(ccc);
-
- setNoCachingHeadersInHttpRespone(req, resp);
-
-
- try {
- // check parameter
- if (!ParamValidatorUtils.isValidOA(oaURL))
- throw new WrongParametersException("StartAuthentication", PARAM_OA, "auth.12");
- if (!ParamValidatorUtils.isValidBKUURI(bkuURL))
- throw new WrongParametersException("StartAuthentication", PARAM_BKU, "auth.12");
- if (!ParamValidatorUtils.isValidTemplate(req, templateURL))
- throw new WrongParametersException("StartAuthentication", PARAM_TEMPLATE, "auth.12");
- if (!ParamValidatorUtils.isValidSessionID(sessionID))
- throw new WrongParametersException("StartAuthentication", PARAM_SESSIONID, "auth.12");
- if (!ParamValidatorUtils.isValidUseMandate(useMandate))
- throw new WrongParametersException("StartAuthentication", PARAM_USEMANDATE, "auth.12");
- if (!ParamValidatorUtils.isValidSourceID(sourceID))
- throw new WrongParametersException("StartAuthentication", PARAM_SOURCEID, "auth.12");
- if (!ParamValidatorUtils.isValidCCC(ccc))
- throw new WrongParametersException("StartAuthentication", PARAM_CCC, "auth.12");
-
-
-
- OAAuthParameter oaParam =
- AuthConfigurationProvider.getInstance().getOnlineApplicationParameter(oaURL);
- if (oaParam == null)
- throw new AuthenticationException("auth.00", new Object[] { oaURL });
-
- // get target and target friendly name from config
- String targetConfig = oaParam.getTarget();
- String targetFriendlyNameConfig = oaParam.getTargetFriendlyName();
-
- String targetFriendlyName = null;
-
- if (StringUtils.isEmpty(targetConfig)) {
- // no target attribut is given in OA config
- // target is used from request
- // check parameter
- if (!ParamValidatorUtils.isValidTarget(target))
- throw new WrongParametersException("StartAuthentication", PARAM_TARGET, "auth.12");
- } else {
- // use target from config
- target = targetConfig;
- targetFriendlyName = targetFriendlyNameConfig;
- }
-
- STORKConfig storkConfig = AuthConfigurationProvider.getInstance().getStorkConfig();
-
- Logger.info("Starting authentication for a citizen of country: " + (StringUtils.isEmpty(ccc) ? "AT" : ccc));
- // STORK or normal authentication
- if (storkConfig.isSTORKAuthentication(ccc)) {
- //STORK authentication
- Logger.trace("Found C-PEPS configuration for citizen of country: " + ccc);
- Logger.debug("Starting STORK authentication");
-
- AuthenticationServer.startSTORKAuthentication(req, resp, ccc, oaURL, target, targetFriendlyName, authURL, sourceID);
-
- } else {
- //normal MOA-ID authentication
- Logger.debug("Starting normal MOA-ID authentication");
-
- String getIdentityLinkForm = AuthenticationServer.getInstance().startAuthentication(authURL, target, targetFriendlyName, oaURL, templateURL, bkuURL, useMandate, sessionID, req.getScheme(), sourceID);
-
- resp.setContentType("text/html;charset=UTF-8");
- PrintWriter out = new PrintWriter(resp.getOutputStream());
- out.print(getIdentityLinkForm);
- out.flush();
- }
- Logger.debug("Finished GET StartAuthentication");
-
- }
- catch (WrongParametersException ex) {
- handleWrongParameters(ex, req, resp);
- }
- catch (MOAIDException ex) {
- handleError(null, ex, req, resp);
- }
- }
-
-
- /**
- * @see javax.servlet.http.HttpServlet#doPost(javax.servlet.http.HttpServletRequest, javax.servlet.http.HttpServletResponse)
- */
- protected void doPost(HttpServletRequest req, HttpServletResponse resp)
- throws ServletException, IOException {
-
- doGet(req, resp);
- }
-
-
- /**
- * Calls the web application initializer.
- *
- * @see javax.servlet.Servlet#init(ServletConfig)
- */
- public void init(ServletConfig servletConfig) throws ServletException {
- try {
- super.init(servletConfig);
- MOAIDAuthInitializer.initialize();
- Logger.info(MOAIDMessageProvider.getInstance().getMessage("init.00", null));
- }
- catch (Exception ex) {
- Logger.fatal(MOAIDMessageProvider.getInstance().getMessage("init.02", null), ex);
- throw new ServletException(ex);
- }
- }
-
-}
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/VerifyAuthenticationBlockServlet.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/VerifyAuthenticationBlockServlet.java
index fbf700365..09e4e957d 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/VerifyAuthenticationBlockServlet.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/VerifyAuthenticationBlockServlet.java
@@ -48,9 +48,13 @@ import at.gv.egovernment.moa.id.auth.MOAIDAuthConstants;
import at.gv.egovernment.moa.id.auth.WrongParametersException;
import at.gv.egovernment.moa.id.auth.builder.DataURLBuilder;
import at.gv.egovernment.moa.id.auth.data.AuthenticationSession;
+import at.gv.egovernment.moa.id.commons.db.ConfigurationDBUtils;
+import at.gv.egovernment.moa.id.commons.db.ex.MOADatabaseException;
import at.gv.egovernment.moa.id.config.ConnectionParameter;
import at.gv.egovernment.moa.id.config.auth.AuthConfigurationProvider;
import at.gv.egovernment.moa.id.config.auth.OAAuthParameter;
+import at.gv.egovernment.moa.id.moduls.ModulUtils;
+import at.gv.egovernment.moa.id.storage.AuthenticationSessionStoreage;
import at.gv.egovernment.moa.id.util.ParamValidatorUtils;
import at.gv.egovernment.moa.id.util.SSLUtils;
import at.gv.egovernment.moa.id.util.client.mis.simple.MISSessionId;
@@ -133,6 +137,7 @@ public class VerifyAuthenticationBlockServlet extends AuthServlet {
resp.setHeader(MOAIDAuthConstants.HEADER_CACHE_CONTROL,MOAIDAuthConstants.HEADER_VALUE_CACHE_CONTROL);
resp.addHeader(MOAIDAuthConstants.HEADER_CACHE_CONTROL,MOAIDAuthConstants.HEADER_VALUE_CACHE_CONTROL_IE);
+ String pendingRequestID = null;
Map parameters;
try
@@ -149,6 +154,8 @@ public class VerifyAuthenticationBlockServlet extends AuthServlet {
// escape parameter strings
sessionID = StringEscapeUtils.escapeHtml(sessionID);
+ pendingRequestID = AuthenticationSessionStoreage.getPendingRequestID(sessionID);
+
String redirectURL = null;
try {
// check parameter
@@ -157,11 +164,11 @@ public class VerifyAuthenticationBlockServlet extends AuthServlet {
if (!ParamValidatorUtils.isValidXMLDocument(createXMLSignatureResponse))
throw new WrongParametersException("VerifyAuthenticationBlock", PARAM_XMLRESPONSE, "auth.12");
-
AuthenticationSession session = AuthenticationServer.getSession(sessionID);
- String samlArtifactBase64 =
- AuthenticationServer.getInstance().verifyAuthenticationBlock(sessionID, createXMLSignatureResponse);
+
+ String samlArtifactBase64 = AuthenticationServer.getInstance().verifyAuthenticationBlock(session, createXMLSignatureResponse);
+
if (samlArtifactBase64 == null) {
//mandate Mode
@@ -202,8 +209,23 @@ public class VerifyAuthenticationBlockServlet extends AuthServlet {
String oaFriendlyName = oaParam.getFriendlyName();
String mandateReferenceValue = session.getMandateReferenceValue();
- X509Certificate cert = session.getSignerCertificate();
- MISSessionId misSessionID = MISSimpleClient.sendSessionIdRequest(connectionParameters.getUrl(), idl, cert.getEncoded(), oaFriendlyName, redirectURL, mandateReferenceValue, profilesArray, sslFactory);
+ byte[] cert = session.getEncodedSignerCertificate();
+
+ //TODO: check in case of SSO!!!
+ String targetType = null;
+ if(oaParam.getBusinessService()) {
+ String id = oaParam.getIdentityLinkDomainIdentifier();
+ if (id.startsWith(AuthenticationSession.REGISTERANDORDNR_PREFIX_))
+ targetType = id;
+ else
+ targetType = AuthenticationSession.REGISTERANDORDNR_PREFIX_+session.getDomainIdentifier();
+
+ } else {
+ targetType = AuthenticationSession.TARGET_PREFIX_ + oaParam.getTarget();
+ }
+
+
+ MISSessionId misSessionID = MISSimpleClient.sendSessionIdRequest(connectionParameters.getUrl(), idl, cert, oaFriendlyName, redirectURL, mandateReferenceValue, profilesArray, targetType, sslFactory);
String redirectMISGUI = misSessionID.getRedirectURL();
if (misSessionID == null) {
@@ -213,6 +235,12 @@ public class VerifyAuthenticationBlockServlet extends AuthServlet {
session.setMISSessionID(misSessionID.getSessiondId());
+ try {
+ AuthenticationSessionStoreage.storeSession(session);
+ } catch (MOADatabaseException e) {
+ throw new MOAIDException("Session store error", null);
+ }
+
resp.setStatus(302);
resp.addHeader("Location", redirectMISGUI);
Logger.debug("REDIRECT TO: " + redirectURL);
@@ -220,17 +248,22 @@ public class VerifyAuthenticationBlockServlet extends AuthServlet {
else {
if (!samlArtifactBase64.equals("Redirect to Input Processor")) {
- redirectURL = session.getOAURLRequested();
+ /*redirectURL = session.getOAURLRequested();
if (!session.getBusinessService()) {
redirectURL = addURLParameter(redirectURL, PARAM_TARGET, URLEncoder.encode(session.getTarget(), "UTF-8"));
}
redirectURL = addURLParameter(redirectURL, PARAM_SAMLARTIFACT, URLEncoder.encode(samlArtifactBase64, "UTF-8"));
- redirectURL = resp.encodeRedirectURL(redirectURL);
+ redirectURL = resp.encodeRedirectURL(redirectURL);*/
+
+
+ redirectURL = new DataURLBuilder().buildDataURL(session.getAuthURL(),
+ ModulUtils.buildAuthURL(session.getModul(), session.getAction(), pendingRequestID), samlArtifactBase64);
+
} else {
redirectURL = new DataURLBuilder().buildDataURL(session.getAuthURL(), AuthenticationServer.REQ_PROCESS_VALIDATOR_INPUT, session.getSessionID());
}
-
+
resp.setContentType("text/html");
resp.setStatus(302);
@@ -242,16 +275,20 @@ public class VerifyAuthenticationBlockServlet extends AuthServlet {
}
catch (MOAIDException ex) {
- handleError(null, ex, req, resp);
+ handleError(null, ex, req, resp, pendingRequestID);
} catch (GeneralSecurityException e) {
- handleError(null, e, req, resp);
+ handleError(null, e, req, resp, pendingRequestID);
} catch (PKIException e) {
- handleError(null, e, req, resp);
+ handleError(null, e, req, resp, pendingRequestID);
} catch (MISSimpleClientException e) {
- handleError(null, e, req, resp);
+ handleError(null, e, req, resp, pendingRequestID);
} catch (TransformerException e) {
- handleError(null, e, req, resp);
+ handleError(null, e, req, resp, pendingRequestID);
}
+
+ finally {
+ ConfigurationDBUtils.closeSession();
+ }
}
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/VerifyCertificateServlet.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/VerifyCertificateServlet.java
index 689510a9d..477d99220 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/VerifyCertificateServlet.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/VerifyCertificateServlet.java
@@ -43,6 +43,9 @@ import at.gv.egovernment.moa.id.auth.MOAIDAuthConstants;
import at.gv.egovernment.moa.id.auth.WrongParametersException;
import at.gv.egovernment.moa.id.auth.builder.DataURLBuilder;
import at.gv.egovernment.moa.id.auth.data.AuthenticationSession;
+import at.gv.egovernment.moa.id.commons.db.ConfigurationDBUtils;
+import at.gv.egovernment.moa.id.commons.db.ex.MOADatabaseException;
+import at.gv.egovernment.moa.id.storage.AuthenticationSessionStoreage;
import at.gv.egovernment.moa.id.util.ParamValidatorUtils;
import at.gv.egovernment.moa.id.util.ServletUtils;
import at.gv.egovernment.moa.logging.Logger;
@@ -104,6 +107,8 @@ public class VerifyCertificateServlet extends AuthServlet {
resp.setHeader(MOAIDAuthConstants.HEADER_PRAGMA,MOAIDAuthConstants.HEADER_VALUE_PRAGMA);
resp.setHeader(MOAIDAuthConstants.HEADER_CACHE_CONTROL,MOAIDAuthConstants.HEADER_VALUE_CACHE_CONTROL);
resp.addHeader(MOAIDAuthConstants.HEADER_CACHE_CONTROL,MOAIDAuthConstants.HEADER_VALUE_CACHE_CONTROL_IE);
+
+ String pendingRequestID = null;
Map parameters;
try
@@ -118,7 +123,9 @@ public class VerifyCertificateServlet extends AuthServlet {
// escape parameter strings
sessionID = StringEscapeUtils.escapeHtml(sessionID);
-
+
+ pendingRequestID = AuthenticationSessionStoreage.getPendingRequestID(sessionID);
+
AuthenticationSession session = null;
try {
// check parameter
@@ -138,31 +145,49 @@ public class VerifyCertificateServlet extends AuthServlet {
if (useMandate) {
- Logger.error("Online-Mandate Mode for foreign citizencs not supported.");
- throw new AuthenticationException("auth.13", null);
+
+ // verify certificate for OrganWalter
+ String createXMLSignatureRequestOrRedirect = AuthenticationServer.getInstance().verifyCertificate(session, cert);
+
+ try {
+ AuthenticationSessionStoreage.storeSession(session);
+ } catch (MOADatabaseException e) {
+ throw new MOAIDException("session store error", null);
+ }
+
+ ServletUtils.writeCreateXMLSignatureRequestOrRedirect(resp, session, createXMLSignatureRequestOrRedirect, AuthenticationServer.REQ_PROCESS_VALIDATOR_INPUT, "VerifyCertificate");
}
else {
// Foreign Identities Modus
- String createXMLSignatureRequest = AuthenticationServer.getInstance().createXMLSignatureRequestForeignID(sessionID, cert);
+ String createXMLSignatureRequest = AuthenticationServer.getInstance().createXMLSignatureRequestForeignID(session, cert);
// build dataurl (to the GetForeignIDSerlvet)
String dataurl =
new DataURLBuilder().buildDataURL(
session.getAuthURL(),
REQ_GET_FOREIGN_ID,
session.getSessionID());
-
+
+ try {
+ AuthenticationSessionStoreage.storeSession(session);
+ } catch (MOADatabaseException e) {
+ throw new MOAIDException("session store error", null);
+ }
+
ServletUtils.writeCreateXMLSignatureRequest(resp, session, createXMLSignatureRequest, AuthenticationServer.REQ_PROCESS_VALIDATOR_INPUT, "GetForeignID", dataurl);
Logger.debug("Send CreateXMLSignatureRequest to BKU");
- }
-
-
+ }
+ }
+ catch (MOAIDException ex) {
+
+ handleError(null, ex, req, resp, pendingRequestID);
+ }
+
+ finally {
+ ConfigurationDBUtils.closeSession();
}
- catch (MOAIDException ex) {
- handleError(null, ex, req, resp);
- }
}
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/VerifyIdentityLinkServlet.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/VerifyIdentityLinkServlet.java
index 5178e27d3..38f650a65 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/VerifyIdentityLinkServlet.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/VerifyIdentityLinkServlet.java
@@ -43,6 +43,11 @@ import at.gv.egovernment.moa.id.auth.WrongParametersException;
import at.gv.egovernment.moa.id.auth.builder.DataURLBuilder;
import at.gv.egovernment.moa.id.auth.builder.InfoboxReadRequestBuilderCertificate;
import at.gv.egovernment.moa.id.auth.data.AuthenticationSession;
+import at.gv.egovernment.moa.id.commons.db.ConfigurationDBUtils;
+import at.gv.egovernment.moa.id.commons.db.ex.MOADatabaseException;
+import at.gv.egovernment.moa.id.config.auth.AuthConfigurationProvider;
+import at.gv.egovernment.moa.id.config.auth.OAAuthParameter;
+import at.gv.egovernment.moa.id.storage.AuthenticationSessionStoreage;
import at.gv.egovernment.moa.id.util.ParamValidatorUtils;
import at.gv.egovernment.moa.id.util.ServletUtils;
import at.gv.egovernment.moa.logging.Logger;
@@ -109,6 +114,8 @@ public class VerifyIdentityLinkServlet extends AuthServlet {
Logger.debug("POST VerifyIdentityLink");
Map parameters;
+ String pendingRequestID = null;
+
try
{
parameters = getParameters(req);
@@ -123,6 +130,8 @@ public class VerifyIdentityLinkServlet extends AuthServlet {
// escape parameter strings
sessionID = StringEscapeUtils.escapeHtml(sessionID);
+ pendingRequestID = AuthenticationSessionStoreage.getPendingRequestID(sessionID);
+
resp.setHeader(MOAIDAuthConstants.HEADER_EXPIRES,MOAIDAuthConstants.HEADER_VALUE_EXPIRES);
resp.setHeader(MOAIDAuthConstants.HEADER_PRAGMA,MOAIDAuthConstants.HEADER_VALUE_PRAGMA);
resp.setHeader(MOAIDAuthConstants.HEADER_CACHE_CONTROL,MOAIDAuthConstants.HEADER_VALUE_CACHE_CONTROL);
@@ -134,14 +143,17 @@ public class VerifyIdentityLinkServlet extends AuthServlet {
if (!ParamValidatorUtils.isValidSessionID(sessionID))
throw new WrongParametersException("VerifyIdentityLink", PARAM_SESSIONID, "auth.12");
- AuthenticationSession session = AuthenticationServer.getSession(sessionID);
- String createXMLSignatureRequestOrRedirect = AuthenticationServer.getInstance().verifyIdentityLink(sessionID, parameters);
+
+ AuthenticationSession session = AuthenticationServer.getSession(sessionID);
+
+ String createXMLSignatureRequestOrRedirect = AuthenticationServer.getInstance().verifyIdentityLink(session, parameters);
Logger.debug(createXMLSignatureRequestOrRedirect);
+
if (createXMLSignatureRequestOrRedirect == null) {
// no identity link found
-
+
boolean useMandate = session.getUseMandate();
if (useMandate) {
Logger.error("Online-Mandate Mode for foreign citizencs not supported.");
@@ -150,7 +162,7 @@ public class VerifyIdentityLinkServlet extends AuthServlet {
try {
- Logger.debug("Send InfoboxReadRequest to BKU to get signer certificate.");
+ Logger.info("Send InfoboxReadRequest to BKU to get signer certificate.");
// create the InfoboxReadRequest to get the certificate
String infoboxReadRequest = new InfoboxReadRequestBuilderCertificate().build(true);
@@ -168,15 +180,18 @@ public class VerifyIdentityLinkServlet extends AuthServlet {
}
catch(Exception e) {
- handleError(null, e, req, resp);
+ handleError(null, e, req, resp, pendingRequestID);
}
}
else {
// @TODO: unteren InfoboxReadRequest zu, Signer-Cert auslesen (wegen Cert Abfrage auf Organwalter OID),
- // nach oben verschoben vor verifyIdentityLink (da hier schon bPK berechnet, die aber für OW nicht in
+ // nach oben verschoben vor verifyIdentityLink (da hier schon bPK berechnet, die aber f�r OW nicht in
// AUTH Block aufscheinen darf. --> D.h. verifyIdentityLink umbauen - verify und AUTH Block bauen trennen)
+
+ //TODO: Klaus fragen ob der Teil wirklich noch benötigt wird!!!!!
boolean useMandate = session.getUseMandate();
+
if (useMandate) { // Mandate modus
// read certificate and set dataurl to
Logger.debug("Send InfoboxReadRequest to BKU to get signer certificate.");
@@ -191,27 +206,47 @@ public class VerifyIdentityLinkServlet extends AuthServlet {
REQ_VERIFY_CERTIFICATE,
session.getSessionID());
-
//Logger.debug("ContentType set to: application/x-www-form-urlencoded (ServletUtils)");
//ServletUtils.writeCreateXMLSignatureRequestURLEncoded(resp, session, infoboxReadRequest, AuthenticationServer.REQ_PROCESS_VALIDATOR_INPUT, "VerifyIdentityLink", dataurl);
+
Logger.debug("ContentType set to: text/xml;charset=UTF-8 (ServletUtils)");
ServletUtils.writeCreateXMLSignatureRequest(resp, session, infoboxReadRequest, AuthenticationServer.REQ_PROCESS_VALIDATOR_INPUT, "VerifyIdentityLink", dataurl);
- }
+ }
else {
+ Logger.info("Normal");
+
+ OAAuthParameter oaParam = AuthConfigurationProvider.getInstance()
+ .getOnlineApplicationParameter(session.getPublicOAURLPrefix());
+ AuthConfigurationProvider authConf = AuthConfigurationProvider
+ .getInstance();
+
+ createXMLSignatureRequestOrRedirect = AuthenticationServer.getInstance()
+ .getCreateXMLSignatureRequestAuthBlockOrRedirect(session,
+ authConf, oaParam);
+
ServletUtils.writeCreateXMLSignatureRequestOrRedirect(resp, session, createXMLSignatureRequestOrRedirect, AuthenticationServer.REQ_PROCESS_VALIDATOR_INPUT, "VerifyIdentityLink");
}
-
-
}
-
+
+ try {
+ AuthenticationSessionStoreage.storeSession(session);
+
+ } catch (MOADatabaseException e) {
+ Logger.info("No valid MOA session found. Authentification process is abourted.");
+ throw new AuthenticationException("auth.20", null);
+ }
}
catch (ParseException ex) {
- handleError(null, ex, req, resp);
+ handleError(null, ex, req, resp, pendingRequestID);
}
catch (MOAIDException ex) {
- handleError(null, ex, req, resp);
+ handleError(null, ex, req, resp, pendingRequestID);
+ }
+
+ finally {
+ ConfigurationDBUtils.closeSession();
}
}
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/validator/CreateXMLSignatureResponseValidator.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/validator/CreateXMLSignatureResponseValidator.java
index dfad29e50..d0fb1f87f 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/validator/CreateXMLSignatureResponseValidator.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/validator/CreateXMLSignatureResponseValidator.java
@@ -35,9 +35,13 @@ import at.gv.egovernment.moa.id.auth.data.CreateXMLSignatureResponse;
import at.gv.egovernment.moa.id.auth.data.ExtendedSAMLAttribute;
import at.gv.egovernment.moa.id.auth.data.IdentityLink;
import at.gv.egovernment.moa.id.auth.data.SAMLAttribute;
+import at.gv.egovernment.moa.id.config.ConfigurationException;
import at.gv.egovernment.moa.id.config.TargetToSectorNameMapper;
+import at.gv.egovernment.moa.id.config.auth.AuthConfigurationProvider;
+import at.gv.egovernment.moa.id.config.auth.OAAuthParameter;
import at.gv.egovernment.moa.logging.Logger;
import at.gv.egovernment.moa.util.Constants;
+import at.gv.egovernment.moa.util.MiscUtil;
import at.gv.egovernment.moa.util.StringUtils;
import at.gv.egovernment.moa.util.XPathUtils;
@@ -55,6 +59,7 @@ public class CreateXMLSignatureResponseValidator {
/** Xpath expression to the dsig:Signature element */
private static final String SIGNATURE_XPATH = Constants.DSIG_PREFIX + ":Signature";
+ //private static final String XADES_SIGNINGTIME_PATH = Constants.XADES_1_1_1_NS_PREFIX + ":SigningTime";
/** Singleton instance. <code>null</code>, if none has been created. */
private static CreateXMLSignatureResponseValidator instance;
@@ -208,7 +213,7 @@ public class CreateXMLSignatureResponseValidator {
}
if (samlAttribute.getNamespace().equals("http://reference.e-government.gv.at/namespace/moa/20020822#")) {
foundOA = true;
- if (!oaURL.equals((String)samlAttribute.getValue())) { // CHECKS für die AttributeVALUES fehlen noch
+ if (!oaURL.equals((String)samlAttribute.getValue())) { // CHECKS für die AttributeVALUES fehlen noch
throw new ValidateException("validator.16", new Object[] {":gefunden wurde '" + oaURL + "', erwartet wurde '" + samlAttribute.getValue()});
}
} else {
@@ -231,7 +236,35 @@ public class CreateXMLSignatureResponseValidator {
} else {
throw new ValidateException("validator.35", null);
}
+
+ // check four attribute could be a special text
+ samlAttribute = samlAttributes[3 + offset];
+ if (!samlAttribute.getName().equals("SpecialText")) {
+ throw new ValidateException(
+ "validator.37",
+ new Object[] {samlAttribute.getName(), "SpecialText", String.valueOf(3)});
+ }
+ if (samlAttribute.getNamespace().equals("http://reference.e-government.gv.at/namespace/moa/20020822#")) {
+ String samlSpecialText = (String)samlAttribute.getValue();
+
+ String text = "";
+ try {
+ OAAuthParameter oaparam = AuthConfigurationProvider.getInstance().getOnlineApplicationParameter(session.getPublicOAURLPrefix());
+ if (MiscUtil.isNotEmpty(text = oaparam.getAditionalAuthBlockText()))
+ Logger.info("Use addional AuthBlock Text from OA=" + oaparam.getPublicURLPrefix());
+ } catch (ConfigurationException e) {
+ Logger.warn("Addional AuthBlock Text can not loaded from OA!", e);
+ }
+
+ String specialText = AuthenticationBlockAssertionBuilder.generateSpecialText(text, issuer, issueInstant);
+ if (!samlSpecialText.equals(specialText)) {
+ throw new ValidateException("validator.67", new Object[] {samlSpecialText, specialText});
+ }
+ } else {
+ throw new ValidateException("validator.35", null);
+ }
+
// now check the extended SAML attributes
int i = AuthenticationBlockAssertionBuilder.NUM_OF_SAML_ATTRIBUTES + offset;
if (extendedSAMLAttributes != null) {
@@ -309,4 +342,216 @@ public class CreateXMLSignatureResponseValidator {
throw new ValidateException("validator.05", new Object[] {"im AUTHBlock"}) ;
}
}
+
+ /**
+ * The Method validate is used for validating an explicit {@link CreateXMLSignatureResponse}
+ * @param createXMLSignatureResponse
+ * @param session
+ * @throws ValidateException
+ */
+ public void validateSSO(CreateXMLSignatureResponse createXMLSignatureResponse, AuthenticationSession session)
+ throws ValidateException {
+
+ // A3.056: more then one /saml:Assertion/saml:AttributeStatement/saml:Subject/saml:NameIdentifier
+
+ String oaURL;
+ try {
+ oaURL = AuthConfigurationProvider.getInstance().getSSOPublicUrl();
+ } catch (ConfigurationException e1) {
+ oaURL = new String();
+ }
+
+ IdentityLink identityLink = session.getIdentityLink();
+
+ Element samlAssertion = createXMLSignatureResponse.getSamlAssertion();
+ String issuer = samlAssertion.getAttribute("Issuer");
+ if (issuer == null) {
+ // should not happen, because parser would dedect this
+ throw new ValidateException("validator.32", null);
+ }
+ // replace ' in name with &#39;
+ issuer = issuer.replaceAll("'", "&#39;");
+
+ String issueInstant = samlAssertion.getAttribute("IssueInstant");
+ if (!issueInstant.equals(session.getIssueInstant())) {
+ throw new ValidateException("validator.39", new Object[] {issueInstant, session.getIssueInstant()});
+ }
+
+ String name = identityLink.getName();
+
+ if (!issuer.equals(name)) {
+ throw new ValidateException("validator.33", new Object[] {issuer, name});
+ }
+
+ SAMLAttribute[] samlAttributes = createXMLSignatureResponse.getSamlAttributes();
+
+ boolean foundOA = false;
+ boolean foundGB = false;
+ boolean foundWBPK = false;
+ int offset = 0;
+
+ // check number of SAML aatributes
+ List extendedSAMLAttributes = session.getExtendedSAMLAttributesAUTH();
+ int extendedSAMLAttributesNum = 0;
+ if (extendedSAMLAttributes != null) {
+ extendedSAMLAttributesNum = extendedSAMLAttributes.size();
+ }
+ int expectedSAMLAttributeNumber =
+ AuthenticationBlockAssertionBuilder.NUM_OF_SAML_ATTRIBUTES_SSO + extendedSAMLAttributesNum;
+ if (!session.getSAMLAttributeGebeORwbpk()) expectedSAMLAttributeNumber--;
+ int actualSAMLAttributeNumber = samlAttributes.length;
+ if (actualSAMLAttributeNumber != expectedSAMLAttributeNumber) {
+ Logger.error("Wrong number of SAML attributes in CreateXMLSignatureResponse: expected " +
+ expectedSAMLAttributeNumber + ", but was " + actualSAMLAttributeNumber);
+ throw new ValidateException(
+ "validator.36",
+ new Object[] {String.valueOf(actualSAMLAttributeNumber), String.valueOf(expectedSAMLAttributeNumber)});
+ }
+
+ SAMLAttribute samlAttribute;
+ if (!session.getSAMLAttributeGebeORwbpk()) {
+ offset--;
+ }
+
+ // check the first attribute (must be "OA")
+ samlAttribute = samlAttributes[0 + offset];
+ if (!samlAttribute.getName().equals("OA")) {
+ throw new ValidateException(
+ "validator.37",
+ new Object[] {samlAttribute.getName(), "OA", String.valueOf(2)});
+ }
+ if (samlAttribute.getNamespace().equals("http://reference.e-government.gv.at/namespace/moa/20020822#")) {
+ foundOA = true;
+ if (!oaURL.equals((String)samlAttribute.getValue())) { // CHECKS für die AttributeVALUES fehlen noch
+ throw new ValidateException("validator.16", new Object[] {":gefunden wurde '" + oaURL + "', erwartet wurde '" + samlAttribute.getValue()});
+ }
+ } else {
+ throw new ValidateException("validator.15", null);
+ }
+
+ // check the third attribute (must be "Geburtsdatum")
+ samlAttribute = samlAttributes[1 + offset];
+ if (!samlAttribute.getName().equals("Geburtsdatum")) {
+ throw new ValidateException(
+ "validator.37",
+ new Object[] {samlAttribute.getName(), "Geburtsdatum", String.valueOf(3)});
+ }
+ if (samlAttribute.getNamespace().equals("http://reference.e-government.gv.at/namespace/moa/20020822#")) {
+ String samlDateOfBirth = (String)samlAttribute.getValue();
+ String dateOfBirth = identityLink.getDateOfBirth();
+ if (!samlDateOfBirth.equals(dateOfBirth)) {
+ throw new ValidateException("validator.34", new Object[] {samlDateOfBirth, dateOfBirth});
+ }
+ } else {
+ throw new ValidateException("validator.35", null);
+ }
+
+ // check four attribute could be a special text
+ samlAttribute = samlAttributes[2 + offset];
+ if (!samlAttribute.getName().equals("SpecialText")) {
+ throw new ValidateException(
+ "validator.37",
+ new Object[] {samlAttribute.getName(), "SpecialText", String.valueOf(3)});
+ }
+ if (samlAttribute.getNamespace().equals("http://reference.e-government.gv.at/namespace/moa/20020822#")) {
+ String samlSpecialText = (String)samlAttribute.getValue();
+
+ String text = "";
+ try {
+ if (MiscUtil.isNotEmpty(text = AuthConfigurationProvider.getInstance().getSSOSpecialText()))
+ Logger.info("Use addional AuthBlock Text from SSO=" +text);
+ else
+ text = new String();
+ } catch (ConfigurationException e) {
+ Logger.warn("Addional AuthBlock Text can not loaded from SSO!", e);
+ }
+
+
+ String specialText = AuthenticationBlockAssertionBuilder.generateSpecialText(text, issuer, issueInstant);
+ if (!samlSpecialText.equals(specialText)) {
+ throw new ValidateException("validator.67", new Object[] {samlSpecialText, specialText});
+ }
+ } else {
+ throw new ValidateException("validator.35", null);
+ }
+
+ // now check the extended SAML attributes
+ int i = AuthenticationBlockAssertionBuilder.NUM_OF_SAML_ATTRIBUTES_SSO + offset;
+ if (extendedSAMLAttributes != null) {
+ Iterator it = extendedSAMLAttributes.iterator();
+ while (it.hasNext()) {
+ ExtendedSAMLAttribute extendedSAMLAttribute = (ExtendedSAMLAttribute)it.next();
+ samlAttribute = samlAttributes[i];
+ String actualName = samlAttribute.getName();
+ String expectedName = extendedSAMLAttribute.getName();
+ if (!actualName.equals(expectedName)) {
+ throw new ValidateException(
+ "validator.38",
+ new Object[] {"Name", String.valueOf((i+1)), actualName, actualName, expectedName });
+ }
+ String actualNamespace = samlAttribute.getNamespace();
+ String expectedNamespace = extendedSAMLAttribute.getNameSpace();
+ if (!actualNamespace.equals(expectedNamespace)) {
+ throw new ValidateException(
+ "validator.38",
+ new Object[] {"Namespace", String.valueOf((i+1)), actualName, actualNamespace, expectedNamespace, });
+ }
+ Object expectedValue = extendedSAMLAttribute.getValue();
+ Object actualValue = samlAttribute.getValue();
+ try {
+ if (expectedValue instanceof String) {
+ // replace \r\n because text might be base64-encoded
+ String expValue = StringUtils.replaceAll((String)expectedValue,"\r","");
+ expValue = StringUtils.replaceAll(expValue,"\n","");
+ String actValue = StringUtils.replaceAll((String)actualValue,"\r","");
+ actValue = StringUtils.replaceAll(actValue,"\n","");
+ if (!expValue.equals(actValue)) {
+ throw new ValidateException(
+ "validator.38",
+ new Object[] {"Wert", String.valueOf((i+1)), actualName, actualValue, expectedValue });
+ }
+ } else if (expectedValue instanceof Element) {
+ // only check the name of the element
+ String actualElementName = ((Element)actualValue).getNodeName();
+ String expectedElementName = ((Element)expectedValue).getNodeName();
+ if (!(expectedElementName.equals(actualElementName))){
+ throw new ValidateException(
+ "validator.38",
+ new Object[] {"Wert", String.valueOf((i+1)), actualName, actualElementName, expectedElementName});
+ }
+ } else {
+ // should not happen
+ throw new ValidateException(
+ "validator.38",
+ new Object[] {"Typ", String.valueOf((i+1)), expectedName, "java.lang.String oder org.wrc.dom.Element", expectedValue.getClass().getName()});
+ }
+ } catch (ClassCastException e) {
+ throw new ValidateException(
+ "validator.38",
+ new Object[] {"Typ", String.valueOf((i+1)), expectedName, expectedValue.getClass().getName(), actualValue.getClass().getName()});
+ }
+ i++;
+ }
+ }
+
+
+ if (!foundOA) throw new ValidateException("validator.14", null);
+
+ //Check if dsig:Signature exists
+// NodeList nl = createXMLSignatureResponse.getSamlAssertion().getElementsByTagNameNS(Constants.DSIG_NS_URI, "Signature");
+// if (nl.getLength() != 1) {
+// throw new ValidateException("validator.05", null);
+// }
+ Element dsigSignature = (Element) XPathUtils.selectSingleNode(samlAssertion, SIGNATURE_XPATH);
+ if (dsigSignature == null) {
+ throw new ValidateException("validator.05", new Object[] {"im AUTHBlock"}) ;
+ }
+ }
+
+ public void validateSigningDateTime( CreateXMLSignatureResponse csresp) throws ValidateException {
+
+ //TODO: insert Time validation!!!!
+
+ }
+
}
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/validator/VerifyXMLSignatureResponseValidator.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/validator/VerifyXMLSignatureResponseValidator.java
index 90282a28c..ed826c615 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/validator/VerifyXMLSignatureResponseValidator.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/validator/VerifyXMLSignatureResponseValidator.java
@@ -35,6 +35,7 @@ import java.security.interfaces.RSAPublicKey;
import java.util.List;
import at.gv.egovernment.moa.id.auth.MOAIDAuthConstants;
+import at.gv.egovernment.moa.id.auth.data.CreateXMLSignatureResponse;
import at.gv.egovernment.moa.id.auth.data.IdentityLink;
import at.gv.egovernment.moa.id.auth.data.VerifyXMLSignatureResponse;
import at.gv.egovernment.moa.id.util.MOAIDMessageProvider;
@@ -80,7 +81,7 @@ public class VerifyXMLSignatureResponseValidator {
* @throws ValidateException on any validation error
*/
public void validate(VerifyXMLSignatureResponse verifyXMLSignatureResponse,
- List identityLinkSignersSubjectDNNames,
+ List<String> identityLinkSignersSubjectDNNames,
String whatToCheck,
boolean ignoreManifestValidationResult)
throws ValidateException {
@@ -154,7 +155,7 @@ public class VerifyXMLSignatureResponseValidator {
}
}
-
+
/**
* Method validateCertificate.
* @param verifyXMLSignatureResponse The VerifyXMLSignatureResponse
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/validator/parep/ParepInputProcessorImpl.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/validator/parep/ParepInputProcessorImpl.java
index 576d9c358..a154c9ece 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/validator/parep/ParepInputProcessorImpl.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/validator/parep/ParepInputProcessorImpl.java
@@ -83,241 +83,255 @@ public class ParepInputProcessorImpl implements ParepInputProcessor{
this.rpGivenName = rpGivenName;
this.rpDateOfBirth = rpDateOfBirth;
this.request = request;
- }
-
- /*
- * (non-Javadoc)
- *
- * @see at.gv.egovernment.moa.id.auth.validator.parep.ParepInputProcessor#start(boolean, String, String, String, String, String, String, String, String, String, String, String)
- */
- public String start(
- boolean physical, String familyName, String givenName, String dateOfBirth,
- String streetName, String buildingNumber, String unit, String postalCode, String municipality,
- String cbFullName, String cbIdentificationType, String cbIdentificationValue)
- {
- // Load the form
- String form = loadForm(
- physical, familyName, givenName, dateOfBirth,
- streetName, buildingNumber, unit, postalCode, municipality,
- cbFullName, cbIdentificationType, cbIdentificationValue, "");
- try {
- request.setMandator(familyName, givenName, dateOfBirth, postalCode, municipality, streetName, buildingNumber, unit, physical, cbFullName,
- cbIdentificationType, cbIdentificationValue);
- } catch (SZRGWClientException e) {
- //e.printStackTrace();
- Logger.info(e);
- return null;
- }
- return form;
- }
-
- /*
- * (non-Javadoc)
- *
- * @see at.gv.egovernment.moa.id.auth.validator.parep.ParepInputProcessor#validate(Map, String)
- */
- public String validate(Map parameters, String extErrortext)
- {
-
- // Process the gotten parameters
- String form = null;
- boolean formNecessary = false;
- if (!ParepUtils.isEmpty(extErrortext)) formNecessary = true;
- String locErrortext = "Folgende Parameter fehlen: ";
-
- String familyName = (String) parameters.get("familyname_");
- if (null == familyName) familyName ="";
- String givenName = (String) parameters.get("givenname_");
- if (null == givenName) givenName ="";
- boolean physical = "true".equals(parameters.get("physical_"));
- String dobday = (String) parameters.get("dobday_");
- if (null!=dobday && dobday.equalsIgnoreCase("TT")) dobday="";
- String dobmonth = (String) parameters.get("dobmonth_");
- if (null!=dobmonth && dobmonth.equalsIgnoreCase("MM")) dobmonth="";
- String dobyear = (String) parameters.get("dobyear_");
- if (null!=dobyear && dobyear.equalsIgnoreCase("JJJJ")) dobyear="";
- String dateOfBirth = "";
- dobyear = (" ".substring(0, 4-dobyear.length()) + dobyear);
- dobmonth = (" ".substring(0, 2-dobmonth.length()) + dobmonth);
- dobday = (" ".substring(0, 2-dobday.length()) + dobday);
- dateOfBirth = dobyear + "-" + dobmonth + "-" + dobday;
- String cbFullName = (String) parameters.get("fullname_");
- if (null == cbFullName) cbFullName ="";
- String cbIdentificationType = (String) parameters.get("cbidentificationtype_");
- if (null == cbIdentificationType) cbIdentificationType ="";
- String cbIdentificationValue = (String) parameters.get("cbidentificationvalue_");
- if (null == cbIdentificationValue) cbIdentificationValue ="";
- String postalCode = (String) parameters.get("postalcode_");
- if (null == postalCode) postalCode ="";
- String municipality = (String) parameters.get("municipality_");
- if (null == municipality) municipality ="";
- String streetName = (String) parameters.get("streetname_");
- if (null == streetName) streetName ="";
- String buildingNumber = (String) parameters.get("buildingnumber_");
- if (null == buildingNumber) buildingNumber ="";
- String unit = (String) parameters.get("unit_");
- if (null == unit) unit ="";
-
- if (physical) {
- if (ParepUtils.isEmpty(familyName)) {
- formNecessary = true;
- locErrortext = locErrortext + "Familienname";
- }
- if (ParepUtils.isEmpty(givenName)) {
- formNecessary = true;
- if (!locErrortext.endsWith(": ")) locErrortext = locErrortext + ", ";
- locErrortext = locErrortext + "Vorname";
- }
- // Auf existierendes Datum prüfen
- SimpleDateFormat format = new SimpleDateFormat("yyyy-MM-dd");
- format.setLenient(false); // Wir wollen keine künstliche Pareserintelligenz, nur Datum prüfen
- try {
- format.parse(dateOfBirth);
- }
- catch(ParseException pe)
- {
- formNecessary = true;
- if (!locErrortext.endsWith("fehlen: ")) locErrortext = locErrortext + ", ";
- locErrortext = locErrortext + "korrektes Geburtsdatum";
- }
- } else {
- if (ParepUtils.isEmpty(cbFullName) || ParepUtils.isEmpty(cbIdentificationType) || ParepUtils.isEmpty(cbIdentificationValue)) {
- formNecessary = true;
- if (ParepUtils.isEmpty(cbFullName)) {
- locErrortext = locErrortext + "Name der Organisation";
- }
- if (ParepUtils.isEmpty(cbIdentificationType)) {
- if (!locErrortext.endsWith("fehlen: ")) locErrortext = locErrortext + ", ";
- locErrortext = locErrortext + "Auswahl des Registers";
- }
- if (ParepUtils.isEmpty(cbIdentificationValue)) {
- if (!locErrortext.endsWith("fehlen: ")) locErrortext = locErrortext + ", ";
- locErrortext = locErrortext + "Ordnungsnummer im ausgewählten Register";
- }
- }
- }
- try {
- request.setMandator(familyName, givenName, dateOfBirth, postalCode, municipality, streetName, buildingNumber, unit, physical, cbFullName,
- cbIdentificationType, cbIdentificationValue);
- if (formNecessary) {
- // Daten noch nicht vollständig oder anderer Fehler
- if (locErrortext.endsWith("fehlen: ")) locErrortext ="";
- String error = "";
- if (!ParepUtils.isEmpty(extErrortext)) {
- error = extErrortext;
- if (!ParepUtils.isEmpty(locErrortext)) error = error + "; ";
- }
- if (!ParepUtils.isEmpty(locErrortext)) error = error + locErrortext;
- if (!ParepUtils.isEmpty(error)) {
- error = "<div class=\"errortext\"> <img alt=\"Rufezeichen\" src=\"img/rufezeichen.gif\" width=\"10\" height=\"16\" />&nbsp; " + error + "</div>";
- }
- form = loadForm(physical, familyName, givenName, dateOfBirth, streetName, buildingNumber, unit, postalCode, municipality, cbFullName, cbIdentificationType, cbIdentificationValue, error);
- if (form == null) {
- return null;
- }
- } else {
- return ""; // everything is ok
- }
- } catch (Exception e) {
- //e.printStackTrace();
- Logger.info(e);
- return null;
- }
- return form;
- }
-
- /**
- * Loads the empty user input form and replaces tag occurences with given variables
- *
- * @param physical
- * @param familyName
- * @param givenName
- * @param dateOfBirth
- * @param streetName
- * @param buildingNumber
- * @param unit
- * @param postalCode
- * @param municipality
- * @param cbFullName
- * @param cbIdentificationType
- * @param cbIdentificationValue
- * @param errorText
- * @return
- */
- private String loadForm(
- boolean physical, String familyName, String givenName, String dateOfBirth,
- String streetName, String buildingNumber, String unit, String postalCode, String municipality,
- String cbFullName, String cbIdentificationType, String cbIdentificationValue, String errorText)
- {
- String form = "";
- try {
- String fileName = parepConfiguration.getInputProcessorTemplate(representationID);
- InputStream instream = null;
- File file = new File(fileName);
- if (file.exists()) {
- //if this resolves to a file, load it
- instream = new FileInputStream(fileName);
- } else {
- fileName = parepConfiguration.getFullDirectoryName(fileName);
- if (fileName.startsWith("file:\\")) fileName = fileName.substring(6);
- file = new File(fileName);
- if (file.exists()) {
- //if this resolves to a file, load it
- instream = new FileInputStream(fileName);
- } else {
- //else load a named resource in our classloader.
- instream = this.getClass().getResourceAsStream(parepConfiguration.getInputProcessorTemplate(representationID));
- if (instream == null) {
- Logger.error("Form Prozessor Input Template \"" + fileName + "\" fehlt");
- return null;
- }
- }
- }
- ByteArrayOutputStream bos = new ByteArrayOutputStream();
- ParepUtils.dumpInputOutputStream(instream, bos);
- form = bos.toString("UTF-8");
- } catch(Exception e) {
- Logger.error("Fehler beim Einlesen des Input-Templates.", e);
- }
-
- if (!ParepUtils.isEmpty(form)) {
- boolean cbEnabled = parepConfiguration.isRepresentingCorporateParty(representationID);
- boolean physEnabled = parepConfiguration.isRepresentingPhysicalParty(representationID);
- boolean reducedSelection = (!physEnabled || !cbEnabled);
- if (reducedSelection) {
- physical = !cbEnabled;//wird somit umgesetzt falls jur. Person nicht vetretbar
- }
- if (ParepUtils.isEmpty(dateOfBirth)) dateOfBirth = "JJJJ-MM-TT";
- form = ParepUtils.replaceAll(form, "<rpgivenname>", rpGivenName);
- form = ParepUtils.replaceAll(form, "<rpfamilyname>", rpFamilyName);
- form = ParepUtils.replaceAll(form, "<rpdobyear>", rpDateOfBirth.substring(0,4));
- form = ParepUtils.replaceAll(form, "<rpdobmonth>", rpDateOfBirth.substring(5,7));
- form = ParepUtils.replaceAll(form, "<rpdobday>", rpDateOfBirth.substring(8,10));
- //darf zw. phys. und jur. Person gewählt werden:
- //form = replaceAll(form, "seldisabled=\"\"", reducedSelection ? "disabled=\"true\"" : "");
- form = ParepUtils.replaceAll(form, "physdisabled=\"\"", physEnabled ? "" : "disabled=\"true\"");
- form = ParepUtils.replaceAll(form, "physselected=\"\"", physical ? "checked=\"checked\"" : "");
- form = ParepUtils.replaceAll(form, "<givenname>", givenName);
- form = ParepUtils.replaceAll(form, "<familyname>", familyName);
- form = ParepUtils.replaceAll(form, "<dobyear>", dateOfBirth.substring(0,4).trim());
- form = ParepUtils.replaceAll(form, "<dobmonth>", dateOfBirth.substring(5,7).trim());
- form = ParepUtils.replaceAll(form, "<dobday>", dateOfBirth.substring(8,10).trim());
- form = ParepUtils.replaceAll(form, "<streetname>", streetName);
- form = ParepUtils.replaceAll(form, "<buildingnumber>", buildingNumber);
- form = ParepUtils.replaceAll(form, "<unit>", unit);
- form = ParepUtils.replaceAll(form, "<postalcode>", postalCode);
- form = ParepUtils.replaceAll(form, "<municipality>", municipality);
- form = ParepUtils.replaceAll(form, "cbdisabled=\"\"", cbEnabled ? "" : "disabled=\"true\"");
- form = ParepUtils.replaceAll(form, "<fullname>", cbFullName);
- form = ParepUtils.replaceAll(form, "cbseldisabled=\"\"", cbEnabled ? "" : "disabled=\"disabled\"");
- form = ParepUtils.replaceAll(form, "cbselected=\"\"", physical ? "" : "checked=\"checked\"");
- form = ParepUtils.replaceAll(form, "fnselected=\"\"", cbIdentificationType.equals("urn:publicid:gv.at:baseid+XFN") ? "selected=\"selected\"" : "");
- form = ParepUtils.replaceAll(form, "vrselected=\"\"", cbIdentificationType.equals("urn:publicid:gv.at:baseid+XVR") ? "selected=\"selected\"" : "");
- form = ParepUtils.replaceAll(form, "ersbselected=\"\"", cbIdentificationType.equals("urn:publicid:gv.at:baseid+XERSB") ? "selected=\"selected\"" : "");
- form = ParepUtils.replaceAll(form, "<cbidentificationvalue>", cbIdentificationValue);
- form = ParepUtils.replaceAll(form, "<errortext>", errorText);
- }
- return form;
- }
+ }
+
+public String start(boolean physical, String familyName, String givenName,
+ String dateOfBirth, String streetName, String buildingNumber,
+ String unit, String postalCode, String municipality, String cbFullName,
+ String cbIdentificationType, String cbIdentificationValue) {
+ // TODO Auto-generated method stub
+ return null;
+}
+
+public String validate(Map parameters, String extErrortext) {
+ // TODO Auto-generated method stub
+ return null;
+}
+
+ //TODO: check correctness
+// /*
+// * (non-Javadoc)
+// *
+// * @see at.gv.egovernment.moa.id.auth.validator.parep.ParepInputProcessor#start(boolean, String, String, String, String, String, String, String, String, String, String, String)
+// */
+// public String start(
+// boolean physical, String familyName, String givenName, String dateOfBirth,
+// String streetName, String buildingNumber, String unit, String postalCode, String municipality,
+// String cbFullName, String cbIdentificationType, String cbIdentificationValue)
+// {
+// // Load the form
+// String form = loadForm(
+// physical, familyName, givenName, dateOfBirth,
+// streetName, buildingNumber, unit, postalCode, municipality,
+// cbFullName, cbIdentificationType, cbIdentificationValue, "");
+// try {
+// request.setMandator(familyName, givenName, dateOfBirth, postalCode, municipality, streetName, buildingNumber, unit, physical, cbFullName,
+// cbIdentificationType, cbIdentificationValue);
+// } catch (SZRGWClientException e) {
+// //e.printStackTrace();
+// Logger.info(e);
+// return null;
+// }
+// return form;
+// }
+//
+// /*
+// * (non-Javadoc)
+// *
+// * @see at.gv.egovernment.moa.id.auth.validator.parep.ParepInputProcessor#validate(Map, String)
+// */
+// public String validate(Map parameters, String extErrortext)
+// {
+//
+// // Process the gotten parameters
+// String form = null;
+// boolean formNecessary = false;
+// if (!ParepUtils.isEmpty(extErrortext)) formNecessary = true;
+// String locErrortext = "Folgende Parameter fehlen: ";
+//
+// String familyName = (String) parameters.get("familyname_");
+// if (null == familyName) familyName ="";
+// String givenName = (String) parameters.get("givenname_");
+// if (null == givenName) givenName ="";
+// boolean physical = "true".equals(parameters.get("physical_"));
+// String dobday = (String) parameters.get("dobday_");
+// if (null!=dobday && dobday.equalsIgnoreCase("TT")) dobday="";
+// String dobmonth = (String) parameters.get("dobmonth_");
+// if (null!=dobmonth && dobmonth.equalsIgnoreCase("MM")) dobmonth="";
+// String dobyear = (String) parameters.get("dobyear_");
+// if (null!=dobyear && dobyear.equalsIgnoreCase("JJJJ")) dobyear="";
+// String dateOfBirth = "";
+// dobyear = (" ".substring(0, 4-dobyear.length()) + dobyear);
+// dobmonth = (" ".substring(0, 2-dobmonth.length()) + dobmonth);
+// dobday = (" ".substring(0, 2-dobday.length()) + dobday);
+// dateOfBirth = dobyear + "-" + dobmonth + "-" + dobday;
+// String cbFullName = (String) parameters.get("fullname_");
+// if (null == cbFullName) cbFullName ="";
+// String cbIdentificationType = (String) parameters.get("cbidentificationtype_");
+// if (null == cbIdentificationType) cbIdentificationType ="";
+// String cbIdentificationValue = (String) parameters.get("cbidentificationvalue_");
+// if (null == cbIdentificationValue) cbIdentificationValue ="";
+// String postalCode = (String) parameters.get("postalcode_");
+// if (null == postalCode) postalCode ="";
+// String municipality = (String) parameters.get("municipality_");
+// if (null == municipality) municipality ="";
+// String streetName = (String) parameters.get("streetname_");
+// if (null == streetName) streetName ="";
+// String buildingNumber = (String) parameters.get("buildingnumber_");
+// if (null == buildingNumber) buildingNumber ="";
+// String unit = (String) parameters.get("unit_");
+// if (null == unit) unit ="";
+//
+// if (physical) {
+// if (ParepUtils.isEmpty(familyName)) {
+// formNecessary = true;
+// locErrortext = locErrortext + "Familienname";
+// }
+// if (ParepUtils.isEmpty(givenName)) {
+// formNecessary = true;
+// if (!locErrortext.endsWith(": ")) locErrortext = locErrortext + ", ";
+// locErrortext = locErrortext + "Vorname";
+// }
+// // Auf existierendes Datum prüfen
+// SimpleDateFormat format = new SimpleDateFormat("yyyy-MM-dd");
+// format.setLenient(false); // Wir wollen keine künstliche Pareserintelligenz, nur Datum prüfen
+// try {
+// format.parse(dateOfBirth);
+// }
+// catch(ParseException pe)
+// {
+// formNecessary = true;
+// if (!locErrortext.endsWith("fehlen: ")) locErrortext = locErrortext + ", ";
+// locErrortext = locErrortext + "korrektes Geburtsdatum";
+// }
+// } else {
+// if (ParepUtils.isEmpty(cbFullName) || ParepUtils.isEmpty(cbIdentificationType) || ParepUtils.isEmpty(cbIdentificationValue)) {
+// formNecessary = true;
+// if (ParepUtils.isEmpty(cbFullName)) {
+// locErrortext = locErrortext + "Name der Organisation";
+// }
+// if (ParepUtils.isEmpty(cbIdentificationType)) {
+// if (!locErrortext.endsWith("fehlen: ")) locErrortext = locErrortext + ", ";
+// locErrortext = locErrortext + "Auswahl des Registers";
+// }
+// if (ParepUtils.isEmpty(cbIdentificationValue)) {
+// if (!locErrortext.endsWith("fehlen: ")) locErrortext = locErrortext + ", ";
+// locErrortext = locErrortext + "Ordnungsnummer im ausgewählten Register";
+// }
+// }
+// }
+// try {
+// request.setMandator(familyName, givenName, dateOfBirth, postalCode, municipality, streetName, buildingNumber, unit, physical, cbFullName,
+// cbIdentificationType, cbIdentificationValue);
+// if (formNecessary) {
+// // Daten noch nicht vollständig oder anderer Fehler
+// if (locErrortext.endsWith("fehlen: ")) locErrortext ="";
+// String error = "";
+// if (!ParepUtils.isEmpty(extErrortext)) {
+// error = extErrortext;
+// if (!ParepUtils.isEmpty(locErrortext)) error = error + "; ";
+// }
+// if (!ParepUtils.isEmpty(locErrortext)) error = error + locErrortext;
+// if (!ParepUtils.isEmpty(error)) {
+// error = "<div class=\"errortext\"> <img alt=\"Rufezeichen\" src=\"img/rufezeichen.gif\" width=\"10\" height=\"16\" />&nbsp; " + error + "</div>";
+// }
+// form = loadForm(physical, familyName, givenName, dateOfBirth, streetName, buildingNumber, unit, postalCode, municipality, cbFullName, cbIdentificationType, cbIdentificationValue, error);
+// if (form == null) {
+// return null;
+// }
+// } else {
+// return ""; // everything is ok
+// }
+// } catch (Exception e) {
+// //e.printStackTrace();
+// Logger.info(e);
+// return null;
+// }
+// return form;
+// }
+//
+// /**
+// * Loads the empty user input form and replaces tag occurences with given variables
+// *
+// * @param physical
+// * @param familyName
+// * @param givenName
+// * @param dateOfBirth
+// * @param streetName
+// * @param buildingNumber
+// * @param unit
+// * @param postalCode
+// * @param municipality
+// * @param cbFullName
+// * @param cbIdentificationType
+// * @param cbIdentificationValue
+// * @param errorText
+// * @return
+// */
+// private String loadForm(
+// boolean physical, String familyName, String givenName, String dateOfBirth,
+// String streetName, String buildingNumber, String unit, String postalCode, String municipality,
+// String cbFullName, String cbIdentificationType, String cbIdentificationValue, String errorText)
+// {
+// String form = "";
+// try {
+// String fileName = parepConfiguration.getInputProcessorTemplate(representationID);
+// InputStream instream = null;
+// File file = new File(fileName);
+// if (file.exists()) {
+// //if this resolves to a file, load it
+// instream = new FileInputStream(fileName);
+// } else {
+// fileName = parepConfiguration.getFullDirectoryName(fileName);
+// if (fileName.startsWith("file:\\")) fileName = fileName.substring(6);
+// file = new File(fileName);
+// if (file.exists()) {
+// //if this resolves to a file, load it
+// instream = new FileInputStream(fileName);
+// } else {
+// //else load a named resource in our classloader.
+// instream = this.getClass().getResourceAsStream(parepConfiguration.getInputProcessorTemplate(representationID));
+// if (instream == null) {
+// Logger.error("Form Prozessor Input Template \"" + fileName + "\" fehlt");
+// return null;
+// }
+// }
+// }
+// ByteArrayOutputStream bos = new ByteArrayOutputStream();
+// ParepUtils.dumpInputOutputStream(instream, bos);
+// form = bos.toString("UTF-8");
+// } catch(Exception e) {
+// Logger.error("Fehler beim Einlesen des Input-Templates.", e);
+// }
+//
+// if (!ParepUtils.isEmpty(form)) {
+// boolean cbEnabled = parepConfiguration.isRepresentingCorporateParty(representationID);
+// boolean physEnabled = parepConfiguration.isRepresentingPhysicalParty(representationID);
+// boolean reducedSelection = (!physEnabled || !cbEnabled);
+// if (reducedSelection) {
+// physical = !cbEnabled;//wird somit umgesetzt falls jur. Person nicht vetretbar
+// }
+// if (ParepUtils.isEmpty(dateOfBirth)) dateOfBirth = "JJJJ-MM-TT";
+// form = ParepUtils.replaceAll(form, "<rpgivenname>", rpGivenName);
+// form = ParepUtils.replaceAll(form, "<rpfamilyname>", rpFamilyName);
+// form = ParepUtils.replaceAll(form, "<rpdobyear>", rpDateOfBirth.substring(0,4));
+// form = ParepUtils.replaceAll(form, "<rpdobmonth>", rpDateOfBirth.substring(5,7));
+// form = ParepUtils.replaceAll(form, "<rpdobday>", rpDateOfBirth.substring(8,10));
+// //darf zw. phys. und jur. Person gewählt werden:
+// //form = replaceAll(form, "seldisabled=\"\"", reducedSelection ? "disabled=\"true\"" : "");
+// form = ParepUtils.replaceAll(form, "physdisabled=\"\"", physEnabled ? "" : "disabled=\"true\"");
+// form = ParepUtils.replaceAll(form, "physselected=\"\"", physical ? "checked=\"checked\"" : "");
+// form = ParepUtils.replaceAll(form, "<givenname>", givenName);
+// form = ParepUtils.replaceAll(form, "<familyname>", familyName);
+// form = ParepUtils.replaceAll(form, "<dobyear>", dateOfBirth.substring(0,4).trim());
+// form = ParepUtils.replaceAll(form, "<dobmonth>", dateOfBirth.substring(5,7).trim());
+// form = ParepUtils.replaceAll(form, "<dobday>", dateOfBirth.substring(8,10).trim());
+// form = ParepUtils.replaceAll(form, "<streetname>", streetName);
+// form = ParepUtils.replaceAll(form, "<buildingnumber>", buildingNumber);
+// form = ParepUtils.replaceAll(form, "<unit>", unit);
+// form = ParepUtils.replaceAll(form, "<postalcode>", postalCode);
+// form = ParepUtils.replaceAll(form, "<municipality>", municipality);
+// form = ParepUtils.replaceAll(form, "cbdisabled=\"\"", cbEnabled ? "" : "disabled=\"true\"");
+// form = ParepUtils.replaceAll(form, "<fullname>", cbFullName);
+// form = ParepUtils.replaceAll(form, "cbseldisabled=\"\"", cbEnabled ? "" : "disabled=\"disabled\"");
+// form = ParepUtils.replaceAll(form, "cbselected=\"\"", physical ? "" : "checked=\"checked\"");
+// form = ParepUtils.replaceAll(form, "fnselected=\"\"", cbIdentificationType.equals("urn:publicid:gv.at:baseid+XFN") ? "selected=\"selected\"" : "");
+// form = ParepUtils.replaceAll(form, "vrselected=\"\"", cbIdentificationType.equals("urn:publicid:gv.at:baseid+XVR") ? "selected=\"selected\"" : "");
+// form = ParepUtils.replaceAll(form, "ersbselected=\"\"", cbIdentificationType.equals("urn:publicid:gv.at:baseid+XERSB") ? "selected=\"selected\"" : "");
+// form = ParepUtils.replaceAll(form, "<cbidentificationvalue>", cbIdentificationValue);
+// form = ParepUtils.replaceAll(form, "<errortext>", errorText);
+// }
+// return form;
+// }
}
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/validator/parep/ParepUtils.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/validator/parep/ParepUtils.java
index 5eeaa5d3d..ab7a134c8 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/validator/parep/ParepUtils.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/validator/parep/ParepUtils.java
@@ -650,7 +650,7 @@ public class ParepUtils {
if (ParepUtils.isEmpty(register)) return null;
if (register.equals("FN") || register.equals("XFN")) return "Firmenbuchnummer";
if (register.equals("VR") || register.equals("XZVR") || register.equals("XVR") || register.equals("ZVR")) return "Nummer im Vereinsregister";
- if (register.equals("ERSB") || register.equals("XERSB")) return "Nummer im Ergänzungsregister für sonstige Betroffene";
+ if (register.equals("ERSB") || register.equals("XERSB")) return "Nummer im Ergänzungsregister für sonstige Betroffene";
return null;
}
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/validator/parep/ParepValidator.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/validator/parep/ParepValidator.java
index 7bd6f5e28..f2f897432 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/validator/parep/ParepValidator.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/validator/parep/ParepValidator.java
@@ -61,547 +61,583 @@ import at.gv.egovernment.moa.util.Constants;
*
* @author <a href="mailto:peter.danner@egiz.gv.at">Peter Danner
*/
-public class ParepValidator implements InfoboxValidator {
-
- /** activates debug settings */
- private boolean PAREP_DEBUG = false;
-
- /** contains the parameters the validator initially was called with */
- private InfoboxValidatorParams params = null;
-
- /** contains the configuration of the validator */
- private ParepConfiguration parepConfiguration = null;
-
- /** the requested representation ID (currently * or OID) */
- private String representationID = null;
-
- /** holds the information of the SZR-request */
- private CreateMandateRequest request = null;
-
- /** List of extended SAML attributes. */
- private Vector extendedSamlAttributes = new Vector();
-
- /** the class which processes the user input */
- private ParepInputProcessor inputProcessor = null;
-
- /** The form if user input is necessary */
- private String form = null;
-
- /** unspecified error of parep-validator (must not know more about)*/
- private final static String COMMON_ERROR = "Es ist ein Fehler bei der Überprüfung für berufsmäßige Parteienvetretung aufgetreten";
-
- /** Default class to gather remaining mandator data. */
- public final static String PAREP_INPUT_PROCESSOR = "at.gv.egovernment.moa.id.auth.validator.parep.ParepInputProcessorImpl";
-
- /** Default template to gather remaining mandator data. */
- public final static String PAREP_INPUT_TEMPLATE = "/resources/templates/ParepMinTemplate.html";
-
- /** kind of representation text in AUTH block*/
- public final static String STANDARD_REPRESENTATION_TEXT = "berufsmäßige(r) Parteienvertreter(in)";
-
- /** Names of the produced SAML-attributes. */
- public final static String EXT_SAML_MANDATE_RAW = "Mandate";
- public final static String EXT_SAML_MANDATE_NAME = "MandatorName";
- public final static String EXT_SAML_MANDATE_DOB = "MandatorDateOfBirth";
- public final static String EXT_SAML_MANDATE_WBPK = "MandatorWbpk";
- public final static String EXT_SAML_MANDATE_REPRESENTATIONTYPE = "RepresentationType";
+public class ParepValidator implements InfoboxValidator {
+
public final static String EXT_SAML_MANDATE_OIDTEXTUALDESCRIPTION = "OIDTextualDescription";
public final static String EXT_SAML_MANDATE_OID = "OID";
+ public final static String EXT_SAML_MANDATE_RAW = "Mandate";
+ public final static String EXT_SAML_MANDATE_NAME = "MandatorName";
+ public final static String EXT_SAML_MANDATE_DOB = "MandatorDateOfBirth";
+ public final static String EXT_SAML_MANDATE_WBPK = "MandatorWbpk";
+ public final static String EXT_SAML_MANDATE_REPRESENTATIONTYPE = "RepresentationType";
+ public final static String EXT_SAML_MANDATE_REPRESENTATIONTEXT = "Vollmachtsvertreter";
+ public final static String EXT_SAML_MANDATE_CB_BASE_ID = "MandatorDomainIdentifier";
- /** */
- public final static String EXT_SAML_MANDATE_REPRESENTATIONTEXT = "Vollmachtsvertreter";
-
- /** register and register number for non physical persons - the domain identifier for business applications*/
- public final static String EXT_SAML_MANDATE_CB_BASE_ID = "MandatorDomainIdentifier";
-
- /**
- * Parses the XML configuration element and creates the validators configuration
- * Use this function if you want to preconfigure the validator.
- *
- * @param configElem
- * the XML configuration element to parse.
- * @throws ConfigurationException
- * if an error occurs during the configuration process
- */
- public void Configure(Element configElem) throws ConfigurationException {
- if (this.parepConfiguration == null) {
- Logger.debug("Lade Konfiguration.");
- parepConfiguration = new ParepConfiguration(configElem);
- Logger.debug("Konfiguration erfolgreich geladen.");
- }
- }
-
- /*
- * (non-Javadoc)
- *
- * @see at.gv.egovernment.moa.id.auth.validator.InfoboxValidator#validate(at.gv.egovernment.moa.id.auth.data.InfoboxValidatorParams)
- */
- public InfoboxValidationResult validate(InfoboxValidatorParams params) throws ValidateException {
-
- InfoboxValidationResultImpl validationResult = new InfoboxValidationResultImpl(false, null, null);
-
- try {
- Logger.debug("Starte Organwalter-/berufsmäßige Parteienvertreterprüfung.");
- this.params = params;
-
- Element mandate = extractPrimaryToken(this.params.getInfoboxTokenList());
- // ParepUtils.serializeElement(mandate, System.out);
- this.representationID = ParepUtils.extractRepresentativeID(mandate);
- if (ParepUtils.isEmpty(representationID)) {
- validationResult.setErrorMessage("Fehlende oder falsche MandateID in standardisierter Vollmacht");
- return validationResult;
- }
-
- // Überprüfen der Identifikation (Type/Value).
- String identificationType = this.params.getIdentificationType();
- String identificationValue = this.params.getIdentificationValue();
- if (this.params.getBusinessApplication()) {
- if (representationID.startsWith(MOAIDAuthConstants.PARTY_ORGAN_REPRESENTATION_OID_NUMBER)) {
- validationResult.setErrorMessage("Eine Vertretung durch Organwalter im privatwirtschaftlichen Bereich ist nicht vorgesehen.");
- return validationResult;
-
- } else {
- Logger.debug("Parteienvertreter wird mit wbPK identifiziert");
- }
- } else {
- if (representationID.startsWith(MOAIDAuthConstants.PARTY_ORGAN_REPRESENTATION_OID_NUMBER)) {
- //Für Organwalter wird die Stammzahl zur Berechnung der Organwalter-bPK benötigt
- if (!Constants.URN_PREFIX_BASEID.equals(this.params.getIdentificationType())) {
- Logger.error("Für eine Vertretung durch Organwalter ist es notwendig dessen Stammzahl an das Stammzahlenregister-Gateway zu übermitteln. In der MOA-ID Konfiguration muss die Übermittlung Stammzahl aktiviert sein.");
- validationResult.setErrorMessage("Die standardisierte Vollmacht wird von diesem Server nicht akzeptiert.");
- return validationResult;
- } else {
- Logger.debug("Organwalter wird mit Stammzahl identifiziert");
- }
- } else {
- if (Constants.URN_PREFIX_BASEID.equals(this.params.getIdentificationType())) {
- // bPK berechnen, da dem SZR-Gateway das Target nicht bekannt ist
- identificationType = Constants.URN_PREFIX_CDID;
- String bpkBase64 = new BPKBuilder().buildBPK(this.params.getIdentificationValue(), this.params.getTarget());
- identificationValue = bpkBase64;
- Logger.debug("bPK für Parteienvertreter wurde berechnet. Parteienvertreter wird mit bPK identifiziert");
- } else {
- Logger.debug("Parteienvertreter wird mit bPK identifiziert");
- }
- }
- }
-
- Configure(this.params.getApplicationSpecificParams());
- // check if we have a configured party representative for that
- if (!parepConfiguration.isPartyRepresentative(representationID)) {
- Logger.info("Kein berufsmäßiger Parteienvertreter für MandateID \"" + representationID + "\" konfiguriert.");
- validationResult.setErrorMessage("Die standardisierte Vollmacht wird von diesem Server nicht akzeptiert.");
- return validationResult;
- }
-
- // Vertreter
- this.request = new CreateMandateRequest();
- request.setRepresentative(this.params, identificationType, identificationValue);
- // ParepUtils.serializeElement(request.getRepresentative(), System.out);
- //ParepUtils.saveElementToFile(request.getRepresentative(), new File("c:/representative.xml"));
-
- Logger.debug("Prüfe vorausgefüllte Daten...");
- boolean physical = true;
- String familyName = "";
- String givenName = "";
- String dateOfBirth = "";
- String cbFullName = "";
- String cbIdentificationType = "";
- String cbIdentificationValue = "";
- String postalCode = "";
- String municipality = "";
- String streetName = "";
- String buildingNumber = "";
- String unit = "";
-
- boolean formNecessary = false;
- // Vertretener (erstes Vorkommen)
- Element mandator = ParepUtils.extractMandator(mandate);
- if (mandator != null) {
- // ParepUtils.serializeElement(mandator, System.out);
- // ParepUtils.saveElementToFile(mandator, new File("c:/mandator.xml"));
- if (ParepUtils.isPhysicalPerson(mandator)) {
- familyName = ParepUtils.extractText(mandator, "descendant-or-self::pr:Name/pr:FamilyName/text()");
- givenName = ParepUtils.extractText(mandator, "descendant-or-self::pr:Name/pr:GivenName/text()");
- dateOfBirth = ParepUtils.extractMandatorDateOfBirth(mandator);
- } else {
- physical = false;
- cbFullName = ParepUtils.extractMandatorFullName(mandator);
- cbIdentificationType = ParepUtils.getIdentification(mandator, "Type");
- cbIdentificationValue = ParepUtils.extractMandatorWbpk(mandator);
- }
- postalCode = ParepUtils.extractText(mandator, "descendant-or-self::pr:PostalAddress/pr:PostalCode/text()");
- municipality = ParepUtils.extractText(mandator, "descendant-or-self::pr:PostalAddress/pr:Municipality/text()");
- streetName = ParepUtils.extractText(mandator, "descendant-or-self::pr:PostalAddress/pr:DeliveryAddress/pr:StreetName/text()");
- buildingNumber = ParepUtils.extractText(mandator, "descendant-or-self::pr:PostalAddress/pr:DeliveryAddress/pr:BuildingNumber/text()");
- unit = ParepUtils.extractText(mandator, "descendant-or-self::pr:PostalAddress/pr:DeliveryAddress/pr:Unit/text()");
-
- }
- if (physical) {
- if (!parepConfiguration.isRepresentingPhysicalParty(representationID)) {
- validationResult.setErrorMessage("Vertretung von natürlichen Personen für diese standardisierte Vollmacht nicht erlaubt.");
- return validationResult;
- }
- if (ParepUtils.isEmpty(familyName) || ParepUtils.isEmpty(givenName) || ParepUtils.isEmpty(dateOfBirth)) {
- formNecessary = true;
- }
- } else {
- if (!parepConfiguration.isRepresentingCorporateParty(representationID)) {
- validationResult.setErrorMessage("Vertretung von juristischen Personen für diese standardisierte Vollmacht nicht erlaubt.");
- return validationResult;
- }
- if (ParepUtils.isEmpty(cbFullName) || ParepUtils.isEmpty(cbIdentificationType) || ParepUtils.isEmpty(cbIdentificationValue)) {
- formNecessary = true;
- }
- }
-
- //Zeigen wir, dass die Daten übernommen wurden:
- if (parepConfiguration.isAlwaysShowForm()) formNecessary=true;
-
- // Input processor
- this.form = "";
- if (formNecessary) {
- ParepInputProcessor inputProcessor= getInputProcessor();
- this.form = inputProcessor.start(
- physical, familyName, givenName, dateOfBirth, streetName, buildingNumber, unit, postalCode, municipality,
- cbFullName, cbIdentificationType, cbIdentificationValue);
- if (this.form == null) {
- validationResult.setErrorMessage(ParepValidator.COMMON_ERROR);
- return validationResult;
- }
- } else {
- // Request vorbereiten mit vorgegebenen Daten
- request.setMandator(familyName, givenName, dateOfBirth, postalCode, municipality, streetName, buildingNumber, unit, physical, cbFullName,
- cbIdentificationType, cbIdentificationValue);
- }
-
-
- // ParepUtils.serializeElement(request.getMandator(), System.out);
- // ParepUtils.saveElementToFile(request.getMandator(), new File("c:/mandator.xml"));
-
- addAuthBlockExtendedSamlAttributes();
- validationResult.setExtendedSamlAttributes(getExtendedSamlAttributes());
- Logger.debug("Überprüfung der vertretenen Partei erfolgreich beendet");
- validationResult.setValid(true);
- return validationResult;
- } catch (Exception e) {
- e.printStackTrace();
- Logger.info(e);
- validationResult.setErrorMessage(ParepValidator.COMMON_ERROR);
- return validationResult;
- }
- }
-
- /*
- * (non-Javadoc)
- *
- * @see at.gv.egovernment.moa.id.auth.validator.InfoboxValidator#validate(java.util.Map)
- */
- public InfoboxValidationResult validate(Map parameters) throws ValidateException {
-
- InfoboxValidationResultImpl validationResult = new InfoboxValidationResultImpl(false, null, null);
- Logger.debug("Intermediate processing von Organwalter-/berufsmäßige Parteienvertreterprüfung");
- Logger.debug("Prüfe im Formular ausgefüllte Daten...");
- if (PAREP_DEBUG) Logger.debug("Got parameters from user input form: " + parameters.toString());
-
- // Input processor
- ParepInputProcessor inputProcessor= getInputProcessor();
- this.form = inputProcessor.validate(parameters, null);
- if (this.form == null) {
- validationResult.setErrorMessage(ParepValidator.COMMON_ERROR);
- return validationResult;
- }
-
- addAuthBlockExtendedSamlAttributes();
- validationResult.setExtendedSamlAttributes(getExtendedSamlAttributes());
- validationResult.setValid(true);
- Logger.debug("Intermediate processing von Organwalter-/berufsmäßige Parteienvertreterprüfung erfolgreich beendet");
- return validationResult;
- }
-
- /*
- * (non-Javadoc)
- *
- * @see at.gv.egovernment.moa.id.auth.validator.InfoboxValidator#validate(org.w3c.dom.Element)
- */
- public InfoboxValidationResult validate(Element samlAssertion) throws ValidateException {
-
- InfoboxValidationResultImpl validationResult = new InfoboxValidationResultImpl(false, null, null);
- Logger.debug("Post processing von Organwalter-/berufsmäßige Parteienvertreterprüfung");
- this.form = "";
- try {
-
-
- request.setSignature(samlAssertion);
-
-//DPO debug
-// Element mandate = (ParepUtils.readDocFromIs(new FileInputStream("c:/vertetervollmacht_1.2.40.0.10.3.1_origin-fixed.xml"))).getDocumentElement();
-// String id = representationID;
+
+ public InfoboxValidationResult validate(InfoboxValidatorParams params)
+ throws ValidateException {
+ // TODO Auto-generated method stub
+ return null;
+ }
+
+ public InfoboxValidationResult validate(Map parameters)
+ throws ValidateException {
+ // TODO Auto-generated method stub
+ return null;
+ }
+
+ public InfoboxValidationResult validate(Element samlAssertion)
+ throws ValidateException {
+ // TODO Auto-generated method stub
+ return null;
+ }
+
+ public String getForm() {
+ // TODO Auto-generated method stub
+ return null;
+ }
+
+
+ //TODO: check correctness!!!!
+// /** activates debug settings */
+// private boolean PAREP_DEBUG = false;
+//
+// /** contains the parameters the validator initially was called with */
+// private InfoboxValidatorParams params = null;
+//
+// /** contains the configuration of the validator */
+// private ParepConfiguration parepConfiguration = null;
+//
+// /** the requested representation ID (currently * or OID) */
+// private String representationID = null;
+//
+// /** holds the information of the SZR-request */
+// private CreateMandateRequest request = null;
+//
+// /** List of extended SAML attributes. */
+// private Vector extendedSamlAttributes = new Vector();
+//
+// /** the class which processes the user input */
+// private ParepInputProcessor inputProcessor = null;
+//
+// /** The form if user input is necessary */
+// private String form = null;
+//
+// /** unspecified error of parep-validator (must not know more about)*/
+// private final static String COMMON_ERROR = "Es ist ein Fehler bei der �berpr�fung f�r berufsm��ige Parteienvetretung aufgetreten";
+//
+// /** Default class to gather remaining mandator data. */
+// public final static String PAREP_INPUT_PROCESSOR = "at.gv.egovernment.moa.id.auth.validator.parep.ParepInputProcessorImpl";
+//
+// /** Default template to gather remaining mandator data. */
+// public final static String PAREP_INPUT_TEMPLATE = "/resources/templates/ParepMinTemplate.html";
+//
+// /** kind of representation text in AUTH block*/
+// public final static String STANDARD_REPRESENTATION_TEXT = "berufsm��ige(r) Parteienvertreter(in)";
+//
+// /** Names of the produced SAML-attributes. */
+// public final static String EXT_SAML_MANDATE_RAW = "Mandate";
+// public final static String EXT_SAML_MANDATE_NAME = "MandatorName";
+// public final static String EXT_SAML_MANDATE_DOB = "MandatorDateOfBirth";
+// public final static String EXT_SAML_MANDATE_WBPK = "MandatorWbpk";
+// public final static String EXT_SAML_MANDATE_REPRESENTATIONTYPE = "RepresentationType";
+// public final static String EXT_SAML_MANDATE_OIDTEXTUALDESCRIPTION = "OIDTextualDescription";
+// public final static String EXT_SAML_MANDATE_OID = "OID";
+//
+// /** */
+// public final static String EXT_SAML_MANDATE_REPRESENTATIONTEXT = "Vollmachtsvertreter";
+//
+// /** register and register number for non physical persons - the domain identifier for business applications*/
+// public final static String EXT_SAML_MANDATE_CB_BASE_ID = "MandatorDomainIdentifier";
+//
+// /**
+// * Parses the XML configuration element and creates the validators configuration
+// * Use this function if you want to preconfigure the validator.
+// *
+// * @param configElem
+// * the XML configuration element to parse.
+// * @throws ConfigurationException
+// * if an error occurs during the configuration process
+// */
+// public void Configure(Element configElem) throws ConfigurationException {
+// if (this.parepConfiguration == null) {
+// Logger.debug("Lade Konfiguration.");
+// parepConfiguration = new ParepConfiguration(configElem);
+// Logger.debug("Konfiguration erfolgreich geladen.");
+// }
+// }
+//
+// /*
+// * (non-Javadoc)
+// *
+// * @see at.gv.egovernment.moa.id.auth.validator.InfoboxValidator#validate(at.gv.egovernment.moa.id.auth.data.InfoboxValidatorParams)
+// */
+// public InfoboxValidationResult validate(InfoboxValidatorParams params) throws ValidateException {
+//
+// InfoboxValidationResultImpl validationResult = new InfoboxValidationResultImpl(false, null, null);
+//
+// try {
+// Logger.debug("Starte Organwalter-/berufsmäßige Parteienvertreterprüfung.");
+// this.params = params;
+//
+// Element mandate = extractPrimaryToken(this.params.getInfoboxTokenList());
+// // ParepUtils.serializeElement(mandate, System.out);
+// this.representationID = ParepUtils.extractRepresentativeID(mandate);
+// if (ParepUtils.isEmpty(representationID)) {
+// validationResult.setErrorMessage("Fehlende oder falsche MandateID in standardisierter Vollmacht");
+// return validationResult;
+// }
+//
+// // überprüfen der Identifikation (Type/Value).
+// String identificationType = this.params.getIdentificationType();
+// String identificationValue = this.params.getIdentificationValue();
+// if (this.params.getBusinessApplication()) {
+// if (representationID.startsWith(MOAIDAuthConstants.PARTY_ORGAN_REPRESENTATION_OID_NUMBER)) {
+// validationResult.setErrorMessage("Eine Vertretung durch Organwalter im privatwirtschaftlichen Bereich ist nicht vorgesehen.");
+// return validationResult;
+//
+// } else {
+// Logger.debug("Parteienvertreter wird mit wbPK identifiziert");
+// }
+// } else {
+// if (representationID.startsWith(MOAIDAuthConstants.PARTY_ORGAN_REPRESENTATION_OID_NUMBER)) {
+// //Für Organwalter wird die Stammzahl zur Berechnung der Organwalter-bPK benötigt
+// if (!Constants.URN_PREFIX_BASEID.equals(this.params.getIdentificationType())) {
+// Logger.error("Für eine Vertretung durch Organwalter ist es notwendig dessen Stammzahl an das Stammzahlenregister-Gateway zu �bermitteln. In der MOA-ID Konfiguration muss die �bermittlung Stammzahl aktiviert sein.");
+// validationResult.setErrorMessage("Die standardisierte Vollmacht wird von diesem Server nicht akzeptiert.");
+// return validationResult;
+// } else {
+// Logger.debug("Organwalter wird mit Stammzahl identifiziert");
+// }
+// } else {
+// if (Constants.URN_PREFIX_BASEID.equals(this.params.getIdentificationType())) {
+// // bPK berechnen, da dem SZR-Gateway das Target nicht bekannt ist
+// identificationType = Constants.URN_PREFIX_CDID;
+// String bpkBase64 = new BPKBuilder().buildBPK(this.params.getIdentificationValue(), this.params.getTarget());
+// identificationValue = bpkBase64;
+// Logger.debug("bPK für Parteienvertreter wurde berechnet. Parteienvertreter wird mit bPK identifiziert");
+// } else {
+// Logger.debug("Parteienvertreter wird mit bPK identifiziert");
+// }
+// }
+// }
+//
+// Configure(this.params.getApplicationSpecificParams());
+// // check if we have a configured party representative for that
+// if (!parepConfiguration.isPartyRepresentative(representationID)) {
+// Logger.info("Kein berufsmäßiger Parteienvertreter für MandateID \"" + representationID + "\" konfiguriert.");
+// validationResult.setErrorMessage("Die standardisierte Vollmacht wird von diesem Server nicht akzeptiert.");
+// return validationResult;
+// }
+//
+// // Vertreter
+// this.request = new CreateMandateRequest();
+// request.setRepresentative(this.params, identificationType, identificationValue);
+// // ParepUtils.serializeElement(request.getRepresentative(), System.out);
+// //ParepUtils.saveElementToFile(request.getRepresentative(), new File("c:/representative.xml"));
+//
+// Logger.debug("Prüfe vorausgefüllte Daten...");
+// boolean physical = true;
+// String familyName = "";
+// String givenName = "";
+// String dateOfBirth = "";
+// String cbFullName = "";
+// String cbIdentificationType = "";
+// String cbIdentificationValue = "";
+// String postalCode = "";
+// String municipality = "";
+// String streetName = "";
+// String buildingNumber = "";
+// String unit = "";
+//
+// boolean formNecessary = false;
+// // Vertretener (erstes Vorkommen)
+// Element mandator = ParepUtils.extractMandator(mandate);
+// if (mandator != null) {
+// // ParepUtils.serializeElement(mandator, System.out);
+// // ParepUtils.saveElementToFile(mandator, new File("c:/mandator.xml"));
+// if (ParepUtils.isPhysicalPerson(mandator)) {
+// familyName = ParepUtils.extractText(mandator, "descendant-or-self::pr:Name/pr:FamilyName/text()");
+// givenName = ParepUtils.extractText(mandator, "descendant-or-self::pr:Name/pr:GivenName/text()");
+// dateOfBirth = ParepUtils.extractMandatorDateOfBirth(mandator);
+// } else {
+// physical = false;
+// cbFullName = ParepUtils.extractMandatorFullName(mandator);
+// cbIdentificationType = ParepUtils.getIdentification(mandator, "Type");
+// cbIdentificationValue = ParepUtils.extractMandatorWbpk(mandator);
+// }
+// postalCode = ParepUtils.extractText(mandator, "descendant-or-self::pr:PostalAddress/pr:PostalCode/text()");
+// municipality = ParepUtils.extractText(mandator, "descendant-or-self::pr:PostalAddress/pr:Municipality/text()");
+// streetName = ParepUtils.extractText(mandator, "descendant-or-self::pr:PostalAddress/pr:DeliveryAddress/pr:StreetName/text()");
+// buildingNumber = ParepUtils.extractText(mandator, "descendant-or-self::pr:PostalAddress/pr:DeliveryAddress/pr:BuildingNumber/text()");
+// unit = ParepUtils.extractText(mandator, "descendant-or-self::pr:PostalAddress/pr:DeliveryAddress/pr:Unit/text()");
+//
+// }
+// if (physical) {
+// if (!parepConfiguration.isRepresentingPhysicalParty(representationID)) {
+// validationResult.setErrorMessage("Vertretung von natürlichen Personen für diese standardisierte Vollmacht nicht erlaubt.");
+// return validationResult;
+// }
+// if (ParepUtils.isEmpty(familyName) || ParepUtils.isEmpty(givenName) || ParepUtils.isEmpty(dateOfBirth)) {
+// formNecessary = true;
+// }
+// } else {
+// if (!parepConfiguration.isRepresentingCorporateParty(representationID)) {
+// validationResult.setErrorMessage("Vertretung von juristischen Personen für diese standardisierte Vollmacht nicht erlaubt.");
+// return validationResult;
+// }
+// if (ParepUtils.isEmpty(cbFullName) || ParepUtils.isEmpty(cbIdentificationType) || ParepUtils.isEmpty(cbIdentificationValue)) {
+// formNecessary = true;
+// }
+// }
+//
+// //Zeigen wir, dass die Daten �bernommen wurden:
+// if (parepConfiguration.isAlwaysShowForm()) formNecessary=true;
+//
+// // Input processor
+// this.form = "";
+// if (formNecessary) {
+// ParepInputProcessor inputProcessor= getInputProcessor();
+// this.form = inputProcessor.start(
+// physical, familyName, givenName, dateOfBirth, streetName, buildingNumber, unit, postalCode, municipality,
+// cbFullName, cbIdentificationType, cbIdentificationValue);
+// if (this.form == null) {
+// validationResult.setErrorMessage(ParepValidator.COMMON_ERROR);
+// return validationResult;
+// }
+// } else {
+// // Request vorbereiten mit vorgegebenen Daten
+// request.setMandator(familyName, givenName, dateOfBirth, postalCode, municipality, streetName, buildingNumber, unit, physical, cbFullName,
+// cbIdentificationType, cbIdentificationValue);
+// }
+//
+//
+// // ParepUtils.serializeElement(request.getMandator(), System.out);
+// // ParepUtils.saveElementToFile(request.getMandator(), new File("c:/mandator.xml"));
+//
+// addAuthBlockExtendedSamlAttributes();
+// validationResult.setExtendedSamlAttributes(getExtendedSamlAttributes());
+// Logger.debug("�berpr�fung der vertretenen Partei erfolgreich beendet");
+// validationResult.setValid(true);
+// return validationResult;
+// } catch (Exception e) {
+// e.printStackTrace();
+// Logger.info(e);
+// validationResult.setErrorMessage(ParepValidator.COMMON_ERROR);
+// return validationResult;
+// }
+// }
+//
+// /*
+// * (non-Javadoc)
+// *
+// * @see at.gv.egovernment.moa.id.auth.validator.InfoboxValidator#validate(java.util.Map)
+// */
+// public InfoboxValidationResult validate(Map parameters) throws ValidateException {
+//
+// InfoboxValidationResultImpl validationResult = new InfoboxValidationResultImpl(false, null, null);
+// Logger.debug("Intermediate processing von Organwalter-/berufsmäßige Parteienvertreterprüfung");
+// Logger.debug("Prüfe im Formular ausgefüllte Daten...");
+// if (PAREP_DEBUG) Logger.debug("Got parameters from user input form: " + parameters.toString());
+//
+// // Input processor
+// ParepInputProcessor inputProcessor= getInputProcessor();
+// this.form = inputProcessor.validate(parameters, null);
+// if (this.form == null) {
+// validationResult.setErrorMessage(ParepValidator.COMMON_ERROR);
+// return validationResult;
+// }
+//
+// addAuthBlockExtendedSamlAttributes();
+// validationResult.setExtendedSamlAttributes(getExtendedSamlAttributes());
+// validationResult.setValid(true);
+// Logger.debug("Intermediate processing von Organwalter-/berufsmäßige Parteienvertreterprüfung erfolgreich beendet");
+// return validationResult;
+// }
+//
+// /*
+// * (non-Javadoc)
+// *
+// * @see at.gv.egovernment.moa.id.auth.validator.InfoboxValidator#validate(org.w3c.dom.Element)
+// */
+// public InfoboxValidationResult validate(Element samlAssertion) throws ValidateException {
+//
+// InfoboxValidationResultImpl validationResult = new InfoboxValidationResultImpl(false, null, null);
+// Logger.debug("Post processing von Organwalter-/berufsm��ige Parteienvertreterpr�fung");
+// this.form = "";
+// try {
+//
+//
+// request.setSignature(samlAssertion);
+//
+////DPO debug
+//// Element mandate = (ParepUtils.readDocFromIs(new FileInputStream("c:/vertetervollmacht_1.2.40.0.10.3.1_origin-fixed.xml"))).getDocumentElement();
+//// String id = representationID;
+//// CreateMandateResponse response;
+//// if (true) {
+//// if (this.params.getHideStammzahl()) {
+//// if (PAREP_DEBUG) ParepUtils.saveElementToFile(mandate, new File("c:/vertetervollmacht_"+ id +"_origin.xml"));
+//// // Achtung: Es wird hier nicht spezifikationskonform vorgegangen, damit im Kompatibilit�tsmodus Personendaten ersetzt werden k�nnen.
+//// // W�rden die Stammzahlen gel�scht (geblindet) werden, w�rde der Identifikationswert des Vertretenen g�nzlich fehlen.
+//// // Im Falle einen business Anwendung berechnet MOA-ID nach R�ckkehr das wbPK
+//// ParepUtils.HideStammZahlen(mandate, this.params.getBusinessApplication(), this.params.getTarget(), this.params.getDomainIdentifier(), false);
+//// }
+//// if (PAREP_DEBUG) ParepUtils.saveElementToFile(mandate, new File("c:/vertetervollmacht_"+ id +".xml"));
+//
+// //ParepUtils.serializeElement(request.toElement(), System.out);
+// if (PAREP_DEBUG) ParepUtils.saveElementToFile(request.toElement(), new File("c:/gwrequest.xml"));
+//
+// // configure szrgw client
+// Logger.debug("Lade SZR-GW Client.");
+// SZRGWClient client = new SZRGWClient();
+// // System.out.println("Parameters: " + cfg.getConnectionParameters());
+// Logger.debug("Initialisiere Verbindung...");
+// ConnectionParameter connectionParameters = parepConfiguration.getConnectionParameters(representationID);
+// // Logger.debug("Connection Parameters: " + connectionParameters);
+// Logger.debug("SZR-GW URL: " + connectionParameters.getUrl());
+// client.setAddress(connectionParameters.getUrl());
+// if (connectionParameters.getUrl().toLowerCase().startsWith("https:")) {
+// Logger.debug("Initialisiere SSL Verbindung");
+// client.setSSLSocketFactory(SSLUtils.getSSLSocketFactory(AuthConfigurationProvider.getInstance(), connectionParameters));
+// }
+//
+// Logger.debug("Starte Kommunikation mit dem Stammzahlenregister Gateway...");
// CreateMandateResponse response;
-// if (true) {
+// Element requ = request.toElement();
+// try {
+// response = client.createMandateResponse(requ);
+// } catch (SZRGWClientException e) {
+// // give him a second try - Nach dem Starten des Tomcat wird beim ersten Mal das Client-Zertifikat offenbar vom HTTPClient nicht mitgeschickt.
+// client = new SZRGWClient(connectionParameters.getUrl());
+// if (connectionParameters.getUrl().toLowerCase().startsWith("https:")) client.setSSLSocketFactory(SSLUtils.getSSLSocketFactory(AuthConfigurationProvider.getInstance(), connectionParameters));
+// response = client.createMandateResponse(requ);
+// }
+// Logger.debug("SZR-Gateway Response Code: " + response.getResultCode()+ " " + response.getInfo()!=null ? response.getInfo():"");
+// if (response.getResultCode()==2000) {
+// if(response.getMandate()==null) {
+// Logger.error("Keine Vollmacht vom SZR-Gateway erhalten");
+// validationResult.setErrorMessage(ParepValidator.COMMON_ERROR);
+// return validationResult;
+// }
+//
+//
+// //DPO debug output (2lines)
+// String id = representationID;
+// if (id.equals("*")) id="standardisiert";
+//
+// Element mandate = response.getMandate();
+// // Replace Stammzahlen
+// if (PAREP_DEBUG) ParepUtils.saveElementToFile(response.getMandate(), new File("c:/vertetervollmacht_"+ id +"_origin.xml"));
// if (this.params.getHideStammzahl()) {
-// if (PAREP_DEBUG) ParepUtils.saveElementToFile(mandate, new File("c:/vertetervollmacht_"+ id +"_origin.xml"));
-// // Achtung: Es wird hier nicht spezifikationskonform vorgegangen, damit im Kompatibilitätsmodus Personendaten ersetzt werden können.
-// // Würden die Stammzahlen gelöscht (geblindet) werden, würde der Identifikationswert des Vertretenen gänzlich fehlen.
-// // Im Falle einen business Anwendung berechnet MOA-ID nach Rückkehr das wbPK
// ParepUtils.HideStammZahlen(mandate, this.params.getBusinessApplication(), this.params.getTarget(), this.params.getDomainIdentifier(), false);
+// if (PAREP_DEBUG) ParepUtils.saveElementToFile(mandate, new File("c:/vertetervollmacht_"+ id +"_hideStammzahl.xml"));
// }
-// if (PAREP_DEBUG) ParepUtils.saveElementToFile(mandate, new File("c:/vertetervollmacht_"+ id +".xml"));
-
- //ParepUtils.serializeElement(request.toElement(), System.out);
- if (PAREP_DEBUG) ParepUtils.saveElementToFile(request.toElement(), new File("c:/gwrequest.xml"));
-
- // configure szrgw client
- Logger.debug("Lade SZR-GW Client.");
- SZRGWClient client = new SZRGWClient();
- // System.out.println("Parameters: " + cfg.getConnectionParameters());
- Logger.debug("Initialisiere Verbindung...");
- ConnectionParameter connectionParameters = parepConfiguration.getConnectionParameters(representationID);
- // Logger.debug("Connection Parameters: " + connectionParameters);
- Logger.debug("SZR-GW URL: " + connectionParameters.getUrl());
- client.setAddress(connectionParameters.getUrl());
- if (connectionParameters.getUrl().toLowerCase().startsWith("https:")) {
- Logger.debug("Initialisiere SSL Verbindung");
- client.setSSLSocketFactory(SSLUtils.getSSLSocketFactory(AuthConfigurationProvider.getInstance(), connectionParameters));
- }
-
- Logger.debug("Starte Kommunikation mit dem Stammzahlenregister Gateway...");
- CreateMandateResponse response;
- Element requ = request.toElement();
- try {
- response = client.createMandateResponse(requ);
- } catch (SZRGWClientException e) {
- // give him a second try - Nach dem Starten des Tomcat wird beim ersten Mal das Client-Zertifikat offenbar vom HTTPClient nicht mitgeschickt.
- client = new SZRGWClient(connectionParameters.getUrl());
- if (connectionParameters.getUrl().toLowerCase().startsWith("https:")) client.setSSLSocketFactory(SSLUtils.getSSLSocketFactory(AuthConfigurationProvider.getInstance(), connectionParameters));
- response = client.createMandateResponse(requ);
- }
- Logger.debug("SZR-Gateway Response Code: " + response.getResultCode()+ " " + response.getInfo()!=null ? response.getInfo():"");
- if (response.getResultCode()==2000) {
- if(response.getMandate()==null) {
- Logger.error("Keine Vollmacht vom SZR-Gateway erhalten");
- validationResult.setErrorMessage(ParepValidator.COMMON_ERROR);
- return validationResult;
- }
-
-
- //DPO debug output (2lines)
- String id = representationID;
- if (id.equals("*")) id="standardisiert";
-
- Element mandate = response.getMandate();
- // Replace Stammzahlen
- if (PAREP_DEBUG) ParepUtils.saveElementToFile(response.getMandate(), new File("c:/vertetervollmacht_"+ id +"_origin.xml"));
- if (this.params.getHideStammzahl()) {
- ParepUtils.HideStammZahlen(mandate, this.params.getBusinessApplication(), this.params.getTarget(), this.params.getDomainIdentifier(), false);
- if (PAREP_DEBUG) ParepUtils.saveElementToFile(mandate, new File("c:/vertetervollmacht_"+ id +"_hideStammzahl.xml"));
- }
-
- extendedSamlAttributes.clear();
- // Vollmacht
- extendedSamlAttributes.add(new ExtendedSAMLAttributeImpl(ParepValidator.EXT_SAML_MANDATE_RAW, mandate, SZRGWConstants.MANDATE_NS, ExtendedSAMLAttribute.NOT_ADD_TO_AUTHBLOCK));
-
- validationResult.setExtendedSamlAttributes(getExtendedSamlAttributes());
- validationResult.setValid(true);
- Logger.debug("Post processing von Organwalter-/berufsmäßige Parteienvertreterprüfung erfolgreich beendet");
- } else {
- String errorMsg = "Fehler " + response.getResultCode() + " bei Stammzahlenregister-Gateway Anfrage";
- String responseInfo = response.getInfo();
- if (response.getResultCode()>=4000 && response.getResultCode()<4999) {
- if (!ParepUtils.isEmpty(responseInfo)) errorMsg = errorMsg + ": " + responseInfo;
- validationResult.setErrorMessage(errorMsg);
- } else if (response.getResultCode()>=5000 && response.getResultCode()<=5999) {
- // Person not found
- ParepInputProcessor inputProcessor= getInputProcessor();
- switch (response.getResultCode()) {
- case 5230:
- errorMsg = "Keine mit den Eingaben &uuml;bereinstimmende Person vorhanden. Bitte erg&auml;nzen/&auml;ndern Sie ihre Angaben.";
- break;
- case 5231:
- errorMsg = "Die Person konnte nicht eindeutig identifiziert werden. Es existieren mehrere Personen zu Ihrer Suchanfrage. Bitte erg&auml;nzen/&auml;ndern Sie ihre Angaben.";
- break;
- default:
- if (!ParepUtils.isEmpty(responseInfo)) errorMsg = errorMsg + ": " + responseInfo;
- }
- this.form = inputProcessor.validate(generateParameters(), errorMsg);
- if (this.form == null) {
- validationResult.setErrorMessage(ParepValidator.COMMON_ERROR);
- return validationResult;
- }
- validationResult.setValid(true);
- } else {
- // Do not inform the user too much
- Logger.error(errorMsg);
- validationResult.setErrorMessage(ParepValidator.COMMON_ERROR);
- }
-
- }
- return validationResult;
- } catch (Exception e) {
- e.printStackTrace();
- Logger.info(e);
- validationResult.setErrorMessage(ParepValidator.COMMON_ERROR);
- return validationResult;
- }
- }
-
- /**
- * provides the primary infobox token of the given list.
- *
- * @param infoBoxTokens
- * the list of infobox tokens.
- * @return
- * the XML element of the primary token.
- * @throws ValidateException
- * if an error occurs or list is not suitable.
- */
- public static Element extractPrimaryToken(List infoBoxTokens) throws ValidateException {
- if (infoBoxTokens == null || infoBoxTokens.size() == 0) {
- throw new ValidateException("validator.62", null);
- }
- for (int i = 0; i < infoBoxTokens.size(); i++) {
- InfoboxToken token = (InfoboxToken) infoBoxTokens.get(i);
- if (token.isPrimary()) {
- return token.getXMLToken();
- }
- }
- throw new ValidateException("validator.62", null);
- }
-
- /*
- * @see at.gv.egovernment.moa.id.auth.validator.InfoboxValidator#getExtendedSamlAttributes()
- */
- public ExtendedSAMLAttribute[] getExtendedSamlAttributes() {
- ExtendedSAMLAttribute[] ret = new ExtendedSAMLAttribute[extendedSamlAttributes.size()];
- extendedSamlAttributes.copyInto(ret);
- Logger.debug("ParepValidator ExtendedSAML Attributes: " + ret.length);
- return ret;
- }
-
-
- /**
- * @return The next pending user input form, which is "" if no form is to be shown, and null on errors.
- */
- public String getForm() {
- return this.form;
- }
-
- /**
- * Gets the user form input processor (class) assigned to the current party representative
- * If the method is called for the first time it initializes the input processor.
- *
- * @return The user form input processor
- */
- private ParepInputProcessor getInputProcessor() {
-
- if (this.inputProcessor!=null) return inputProcessor;
- String inputProcessorName = parepConfiguration.getInputProcessorClass(representationID);
- ParepInputProcessor inputProcessor = null;
- try {
- Class inputProcessorClass = Class.forName(inputProcessorName);
- inputProcessor= (ParepInputProcessor) inputProcessorClass.newInstance();
- inputProcessor.initialize(representationID, parepConfiguration, this.params.getFamilyName(), this.params.getGivenName(), this.params.getDateOfBirth(), request);
- } catch (Exception e) {
- Logger.error("Could not load input processor class \"" + inputProcessorName + "\": " + e.getMessage());
- }
- this.inputProcessor = inputProcessor;
- return inputProcessor;
- }
-
- /**
- * Generates the parameter list, which is needed to simulate a return from
- * an user form.
- *
- * @return the form parameters
- */
- private Map generateParameters() {
- Map parameters = new HashMap();
- boolean physical = true;
- String familyName = "";
- String givenName = "";
- String dateOfBirth = "";
- String cbFullName = "";
- String cbIdentificationType = "";
- String cbIdentificationValue = "";
- String postalCode = "";
- String municipality = "";
- String streetName = "";
- String buildingNumber = "";
- String unit = "";
-
- try {
- // Vertretener (erstes Vorkommen)
- Element mandator = request.getMandator();
- if (mandator != null) {
- if (ParepUtils.isPhysicalPerson(mandator)) {
- familyName = ParepUtils.extractText(mandator, "descendant-or-self::pr:Name/pr:FamilyName/text()");
- givenName = ParepUtils.extractText(mandator, "descendant-or-self::pr:Name/pr:GivenName/text()");
- dateOfBirth = ParepUtils.extractMandatorDateOfBirth(mandator);
- } else {
- physical = false;
- cbFullName = ParepUtils.extractMandatorFullName(mandator);
- cbIdentificationType = ParepUtils.getIdentification(mandator, "Type");
- cbIdentificationValue = ParepUtils.extractMandatorWbpk(mandator);
- }
- postalCode = ParepUtils.extractText(mandator, "descendant-or-self::pr:PostalAddress/pr:PostalCode/text()");
- municipality = ParepUtils.extractText(mandator, "descendant-or-self::pr:PostalAddress/pr:Municipality/text()");
- streetName = ParepUtils.extractText(mandator, "descendant-or-self::pr:PostalAddress/pr:DeliveryAddress/pr:StreetName/text()");
- buildingNumber = ParepUtils.extractText(mandator, "descendant-or-self::pr:PostalAddress/pr:DeliveryAddress/pr:BuildingNumber/text()");
- unit = ParepUtils.extractText(mandator, "descendant-or-self::pr:PostalAddress/pr:DeliveryAddress/pr:Unit/text()");
- }
- } catch (Exception e) {
- Logger.error("Could not extract Mandator form SZR-gateway request");
- }
- parameters.put("familyname_", familyName);
- parameters.put("givenname_", givenName);
- parameters.put("dateofbirth_", dateOfBirth);
- parameters.put("dobyear_", dateOfBirth.substring(0,4));
- parameters.put("dobmonth_", dateOfBirth.substring(5,7));
- parameters.put("dobday_", dateOfBirth.substring(8,10));
- parameters.put("physical_", physical ? "true" : "false");
- parameters.put("fullname_", cbFullName);
- parameters.put("cbidentificationtype_", cbIdentificationType);
- parameters.put("cbidentificationvalue_", cbIdentificationValue);
- parameters.put("postalcode_", postalCode);
- parameters.put("municipality_", municipality);
- parameters.put("streetname_", streetName);
- parameters.put("buildingnumber_", buildingNumber);
- parameters.put("unit_", unit);
- return parameters;
- }
-
- /**
- * Adds the AUTH block related SAML attributes to the validation result.
- * This is needed always before the AUTH block is to be signed, because the
- * name of the mandator has to be set
- */
- private void addAuthBlockExtendedSamlAttributes() {
- extendedSamlAttributes.clear();
- extendedSamlAttributes.add(new ExtendedSAMLAttributeImpl(ParepValidator.EXT_SAML_MANDATE_REPRESENTATIONTYPE, parepConfiguration.getRepresentationText(representationID), SZRGWConstants.MANDATE_NS, ExtendedSAMLAttribute.ADD_TO_AUTHBLOCK_ONLY));
- Element mandator = request.getMandator();
- // Name
- String name = ParepUtils.extractMandatorName(mandator);
- extendedSamlAttributes.add(new ExtendedSAMLAttributeImpl(ParepValidator.EXT_SAML_MANDATE_NAME, name, SZRGWConstants.MANDATE_NS, ExtendedSAMLAttribute.ADD_TO_AUTHBLOCK_ONLY));
- // Geburtsdatum
- String dob = ParepUtils.extractMandatorDateOfBirth(mandator);
- if (dob != null && !"".equals(dob)) {
- extendedSamlAttributes.add(new ExtendedSAMLAttributeImpl(ParepValidator.EXT_SAML_MANDATE_DOB, dob, SZRGWConstants.MANDATE_NS, ExtendedSAMLAttribute.ADD_TO_AUTHBLOCK_ONLY));
- }
- // (w)bpk
- String wbpk = ParepUtils.extractMandatorWbpk(mandator);
- if (!ParepUtils.isEmpty(wbpk)) {
- if (!ParepUtils.isPhysicalPerson(mandator)){
- String idType = ParepUtils.extractMandatorIdentificationType(mandator);
- if (!ParepUtils.isEmpty(idType) && idType.startsWith(Constants.URN_PREFIX_BASEID + "+X")) {
- extendedSamlAttributes.add(new ExtendedSAMLAttributeImpl(ParepValidator.EXT_SAML_MANDATE_CB_BASE_ID, ParepUtils.getRegisterString(idType) + ": " + wbpk, SZRGWConstants.MANDATE_NS, ExtendedSAMLAttribute.ADD_TO_AUTHBLOCK_ONLY));
- }
- } else if (this.params.getBusinessApplication()) {
- extendedSamlAttributes.add(new ExtendedSAMLAttributeImpl(ParepValidator.EXT_SAML_MANDATE_WBPK, wbpk, SZRGWConstants.MANDATE_NS, ExtendedSAMLAttribute.ADD_TO_AUTHBLOCK_ONLY));
- }
- }
- }
-
-// public static void main(String[] args) throws Exception {
+//
+// extendedSamlAttributes.clear();
+// // Vollmacht
+// extendedSamlAttributes.add(new ExtendedSAMLAttributeImpl(ParepValidator.EXT_SAML_MANDATE_RAW, mandate, SZRGWConstants.MANDATE_NS, ExtendedSAMLAttribute.NOT_ADD_TO_AUTHBLOCK));
+//
+// validationResult.setExtendedSamlAttributes(getExtendedSamlAttributes());
+// validationResult.setValid(true);
+// Logger.debug("Post processing von Organwalter-/berufsm��ige Parteienvertreterpr�fung erfolgreich beendet");
+// } else {
+// String errorMsg = "Fehler " + response.getResultCode() + " bei Stammzahlenregister-Gateway Anfrage";
+// String responseInfo = response.getInfo();
+// if (response.getResultCode()>=4000 && response.getResultCode()<4999) {
+// if (!ParepUtils.isEmpty(responseInfo)) errorMsg = errorMsg + ": " + responseInfo;
+// validationResult.setErrorMessage(errorMsg);
+// } else if (response.getResultCode()>=5000 && response.getResultCode()<=5999) {
+// // Person not found
+// ParepInputProcessor inputProcessor= getInputProcessor();
+// switch (response.getResultCode()) {
+// case 5230:
+// errorMsg = "Keine mit den Eingaben &uuml;bereinstimmende Person vorhanden. Bitte erg&auml;nzen/&auml;ndern Sie ihre Angaben.";
+// break;
+// case 5231:
+// errorMsg = "Die Person konnte nicht eindeutig identifiziert werden. Es existieren mehrere Personen zu Ihrer Suchanfrage. Bitte erg&auml;nzen/&auml;ndern Sie ihre Angaben.";
+// break;
+// default:
+// if (!ParepUtils.isEmpty(responseInfo)) errorMsg = errorMsg + ": " + responseInfo;
+// }
+// this.form = inputProcessor.validate(generateParameters(), errorMsg);
+// if (this.form == null) {
+// validationResult.setErrorMessage(ParepValidator.COMMON_ERROR);
+// return validationResult;
+// }
+// validationResult.setValid(true);
+// } else {
+// // Do not inform the user too much
+// Logger.error(errorMsg);
+// validationResult.setErrorMessage(ParepValidator.COMMON_ERROR);
+// }
+//
+// }
+// return validationResult;
+// } catch (Exception e) {
+// e.printStackTrace();
+// Logger.info(e);
+// validationResult.setErrorMessage(ParepValidator.COMMON_ERROR);
+// return validationResult;
+// }
+// }
+//
+// /**
+// * provides the primary infobox token of the given list.
+// *
+// * @param infoBoxTokens
+// * the list of infobox tokens.
+// * @return
+// * the XML element of the primary token.
+// * @throws ValidateException
+// * if an error occurs or list is not suitable.
+// */
+// public static Element extractPrimaryToken(List infoBoxTokens) throws ValidateException {
+// if (infoBoxTokens == null || infoBoxTokens.size() == 0) {
+// throw new ValidateException("validator.62", null);
+// }
+// for (int i = 0; i < infoBoxTokens.size(); i++) {
+// InfoboxToken token = (InfoboxToken) infoBoxTokens.get(i);
+// if (token.isPrimary()) {
+// return token.getXMLToken();
+// }
+// }
+// throw new ValidateException("validator.62", null);
+// }
+//
+// /*
+// * @see at.gv.egovernment.moa.id.auth.validator.InfoboxValidator#getExtendedSamlAttributes()
+// */
+// public ExtendedSAMLAttribute[] getExtendedSamlAttributes() {
+// ExtendedSAMLAttribute[] ret = new ExtendedSAMLAttribute[extendedSamlAttributes.size()];
+// extendedSamlAttributes.copyInto(ret);
+// Logger.debug("ParepValidator ExtendedSAML Attributes: " + ret.length);
+// return ret;
+// }
+//
+//
+// /**
+// * @return The next pending user input form, which is "" if no form is to be shown, and null on errors.
+// */
+// public String getForm() {
+// return this.form;
+// }
+//
+// /**
+// * Gets the user form input processor (class) assigned to the current party representative
+// * If the method is called for the first time it initializes the input processor.
+// *
+// * @return The user form input processor
+// */
+// private ParepInputProcessor getInputProcessor() {
+//
+// if (this.inputProcessor!=null) return inputProcessor;
+// String inputProcessorName = parepConfiguration.getInputProcessorClass(representationID);
+// ParepInputProcessor inputProcessor = null;
+// try {
+// Class inputProcessorClass = Class.forName(inputProcessorName);
+// inputProcessor= (ParepInputProcessor) inputProcessorClass.newInstance();
+// inputProcessor.initialize(representationID, parepConfiguration, this.params.getFamilyName(), this.params.getGivenName(), this.params.getDateOfBirth(), request);
+// } catch (Exception e) {
+// Logger.error("Could not load input processor class \"" + inputProcessorName + "\": " + e.getMessage());
+// }
+// this.inputProcessor = inputProcessor;
+// return inputProcessor;
+// }
+//
+// /**
+// * Generates the parameter list, which is needed to simulate a return from
+// * an user form.
+// *
+// * @return the form parameters
+// */
+// private Map generateParameters() {
+// Map parameters = new HashMap();
+// boolean physical = true;
+// String familyName = "";
+// String givenName = "";
+// String dateOfBirth = "";
+// String cbFullName = "";
+// String cbIdentificationType = "";
+// String cbIdentificationValue = "";
+// String postalCode = "";
+// String municipality = "";
+// String streetName = "";
+// String buildingNumber = "";
+// String unit = "";
+//
+// try {
+// // Vertretener (erstes Vorkommen)
+// Element mandator = request.getMandator();
+// if (mandator != null) {
+// if (ParepUtils.isPhysicalPerson(mandator)) {
+// familyName = ParepUtils.extractText(mandator, "descendant-or-self::pr:Name/pr:FamilyName/text()");
+// givenName = ParepUtils.extractText(mandator, "descendant-or-self::pr:Name/pr:GivenName/text()");
+// dateOfBirth = ParepUtils.extractMandatorDateOfBirth(mandator);
+// } else {
+// physical = false;
+// cbFullName = ParepUtils.extractMandatorFullName(mandator);
+// cbIdentificationType = ParepUtils.getIdentification(mandator, "Type");
+// cbIdentificationValue = ParepUtils.extractMandatorWbpk(mandator);
+// }
+// postalCode = ParepUtils.extractText(mandator, "descendant-or-self::pr:PostalAddress/pr:PostalCode/text()");
+// municipality = ParepUtils.extractText(mandator, "descendant-or-self::pr:PostalAddress/pr:Municipality/text()");
+// streetName = ParepUtils.extractText(mandator, "descendant-or-self::pr:PostalAddress/pr:DeliveryAddress/pr:StreetName/text()");
+// buildingNumber = ParepUtils.extractText(mandator, "descendant-or-self::pr:PostalAddress/pr:DeliveryAddress/pr:BuildingNumber/text()");
+// unit = ParepUtils.extractText(mandator, "descendant-or-self::pr:PostalAddress/pr:DeliveryAddress/pr:Unit/text()");
+// }
+// } catch (Exception e) {
+// Logger.error("Could not extract Mandator form SZR-gateway request");
+// }
+// parameters.put("familyname_", familyName);
+// parameters.put("givenname_", givenName);
+// parameters.put("dateofbirth_", dateOfBirth);
+// parameters.put("dobyear_", dateOfBirth.substring(0,4));
+// parameters.put("dobmonth_", dateOfBirth.substring(5,7));
+// parameters.put("dobday_", dateOfBirth.substring(8,10));
+// parameters.put("physical_", physical ? "true" : "false");
+// parameters.put("fullname_", cbFullName);
+// parameters.put("cbidentificationtype_", cbIdentificationType);
+// parameters.put("cbidentificationvalue_", cbIdentificationValue);
+// parameters.put("postalcode_", postalCode);
+// parameters.put("municipality_", municipality);
+// parameters.put("streetname_", streetName);
+// parameters.put("buildingnumber_", buildingNumber);
+// parameters.put("unit_", unit);
+// return parameters;
+// }
+//
+// /**
+// * Adds the AUTH block related SAML attributes to the validation result.
+// * This is needed always before the AUTH block is to be signed, because the
+// * name of the mandator has to be set
+// */
+// private void addAuthBlockExtendedSamlAttributes() {
+// extendedSamlAttributes.clear();
+// extendedSamlAttributes.add(new ExtendedSAMLAttributeImpl(ParepValidator.EXT_SAML_MANDATE_REPRESENTATIONTYPE, parepConfiguration.getRepresentationText(representationID), SZRGWConstants.MANDATE_NS, ExtendedSAMLAttribute.ADD_TO_AUTHBLOCK_ONLY));
+// Element mandator = request.getMandator();
+// // Name
+// String name = ParepUtils.extractMandatorName(mandator);
+// extendedSamlAttributes.add(new ExtendedSAMLAttributeImpl(ParepValidator.EXT_SAML_MANDATE_NAME, name, SZRGWConstants.MANDATE_NS, ExtendedSAMLAttribute.ADD_TO_AUTHBLOCK_ONLY));
+// // Geburtsdatum
+// String dob = ParepUtils.extractMandatorDateOfBirth(mandator);
+// if (dob != null && !"".equals(dob)) {
+// extendedSamlAttributes.add(new ExtendedSAMLAttributeImpl(ParepValidator.EXT_SAML_MANDATE_DOB, dob, SZRGWConstants.MANDATE_NS, ExtendedSAMLAttribute.ADD_TO_AUTHBLOCK_ONLY));
+// }
+// // (w)bpk
+// String wbpk = ParepUtils.extractMandatorWbpk(mandator);
+// if (!ParepUtils.isEmpty(wbpk)) {
+// if (!ParepUtils.isPhysicalPerson(mandator)){
+// String idType = ParepUtils.extractMandatorIdentificationType(mandator);
+// if (!ParepUtils.isEmpty(idType) && idType.startsWith(Constants.URN_PREFIX_BASEID + "+X")) {
+// extendedSamlAttributes.add(new ExtendedSAMLAttributeImpl(ParepValidator.EXT_SAML_MANDATE_CB_BASE_ID, ParepUtils.getRegisterString(idType) + ": " + wbpk, SZRGWConstants.MANDATE_NS, ExtendedSAMLAttribute.ADD_TO_AUTHBLOCK_ONLY));
+// }
+// } else if (this.params.getBusinessApplication()) {
+// extendedSamlAttributes.add(new ExtendedSAMLAttributeImpl(ParepValidator.EXT_SAML_MANDATE_WBPK, wbpk, SZRGWConstants.MANDATE_NS, ExtendedSAMLAttribute.ADD_TO_AUTHBLOCK_ONLY));
+// }
+// }
// }
+//
+//// public static void main(String[] args) throws Exception {
+//// }
}
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/validator/parep/config/ParepConfiguration.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/validator/parep/config/ParepConfiguration.java
index bc5a0e061..ee5a57914 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/validator/parep/config/ParepConfiguration.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/validator/parep/config/ParepConfiguration.java
@@ -49,386 +49,388 @@ import at.gv.egovernment.moa.util.Constants;
* @author <a href="mailto:peter.danner@egiz.gv.at">Peter Danner</a>
*/
public class ParepConfiguration {
-
- /**
- * System property for config file.
- */
- public final static String PAREP_VALIDATOR_CONFIG = "parep.validator.config";
-
- /**
- * SZR-GW connection parameters.
- */
- private ConnectionParameter standardConnectionParameters;
-
- /**
- * Input field processor.
- */
- private String standardInputProcessorClass;
-
- /**
- * Input field processor template.
- */
- private String standardInputProcessorTemplate;
-
- /**
- * Configured party representatives.
- */
- private HashMap partyRepresentatives;
-
- /**
- * The configuration element.
- */
- private Element configElement = null;
-
- /**
- * Defines whether the user input form must be shown on each
- * request or not (also predefined mandates)
- */
- private boolean alwaysShowForm = false;
-
- /**
- * The configuration base directory.
- */
- private String baseDir_;
-
- /**
- * Gets the SZR-GW connection parameters.
- *
- * @return the connection parameters.
- */
- public ConnectionParameter getConnectionParameters(String representationID) {
- if (partyRepresentatives == null || "*".equals(representationID))
- return standardConnectionParameters;
- PartyRepresentative pr = (PartyRepresentative) partyRepresentatives.get(representationID);
- ConnectionParameter connectionParameters = pr.getConnectionParameters();
- if (connectionParameters==null) connectionParameters = standardConnectionParameters;
- return connectionParameters;
- }
-
- /**
- * Sets the SZR-GW connection parameters for standard connection.
- *
- * @param connectionParameters
- * the connection parameters.
- */
- public void setStandardConnectionParameters(ConnectionParameter connectionParameters) {
- this.standardConnectionParameters = connectionParameters;
- }
-
- /*
- *
- */
- public String getFullDirectoryName(String fileString) {
- return makeAbsoluteURL(fileString, baseDir_);
- }
-
- /*
- *
- */
- private static String makeAbsoluteURL(String url, String root) {
- // if url is relative to rootConfigFileDirName make it absolute
-
- File keyFile;
- String newURL = url;
-
- if (null == url)
- return null;
-
- if (url.startsWith("http:/") || url.startsWith("https:/") || url.startsWith("ftp:/") || url.startsWith("file:/") || url.startsWith("file:\\")) {
- return url;
- } else {
- // check if absolute - if not make it absolute
- keyFile = new File(url);
- if (!keyFile.isAbsolute()) {
- keyFile = new File(root, url);
- newURL = keyFile.getPath();
- }
- return newURL;
- }
- }
-
- /**
- * Initializes the configuration with a given XML configuration element found
- * in the MOA-ID configuration.
- *
- * @param configElem
- * the configuration element.
- * @throws ConfigurationException
- * if an error occurs initializing the configuration.
- */
- public ParepConfiguration(Element configElem) throws ConfigurationException {
-
- partyRepresentatives = new HashMap();
- partyRepresentatives.put("*", new PartyRepresentative(true, true));
-
- String fileName = System.getProperty(ConfigurationProvider.CONFIG_PROPERTY_NAME);
-
- try {
-
- baseDir_ = (new File(fileName)).getParentFile().toURL().toString();
- Logger.trace("Config base directory: " + baseDir_);
- // check for configuration in system properties
- if (System.getProperty(PAREP_VALIDATOR_CONFIG) != null) {
- Document doc = ParepUtils.readDocFromIs(new FileInputStream(System.getProperty(PAREP_VALIDATOR_CONFIG)));
- this.configElement = doc.getDocumentElement();
- } else {
- this.configElement = configElem;
- }
- } catch (Exception e) {
- throw new ConfigurationException("Allgemeiner Fehler beim Einlesen der ParepValidatorConfiguration", null, e);
- }
- load();
- }
-
- /*
- *
- */
- private void load() throws ConfigurationException {
- Logger.debug("Parse ParepValidator Konfiguration");
- try {
- Element nameSpaceNode = configElement.getOwnerDocument().createElement("NameSpaceNode");
- nameSpaceNode.setAttribute("xmlns:" + Constants.MOA_ID_CONFIG_PREFIX, Constants.MOA_ID_CONFIG_NS_URI);
- // nameSpaceNode.setAttribute("xmlns:sgw",
- // SZRGWConstants.SZRGW_PROFILE_NS);
-
- Node inputProcessorNode = XPathAPI.selectSingleNode(configElement, Constants.MOA_ID_CONFIG_PREFIX + ":PartyRepresentation/"
- + Constants.MOA_ID_CONFIG_PREFIX + ":InputProcessor", nameSpaceNode);
- if (inputProcessorNode != null) {
- this.standardInputProcessorTemplate = ((Element) inputProcessorNode).getAttribute("template");
- Node inputProcessorClassNode = XPathAPI.selectSingleNode(configElement, Constants.MOA_ID_CONFIG_PREFIX + ":PartyRepresentation/"
- + Constants.MOA_ID_CONFIG_PREFIX + ":InputProcessor/text()", nameSpaceNode);
- if (inputProcessorClassNode != null) {
- this.standardInputProcessorClass = inputProcessorClassNode.getNodeValue();
- }
- }
- Node alwaysShowFormNode = XPathAPI.selectSingleNode(configElement, Constants.MOA_ID_CONFIG_PREFIX + ":PartyRepresentation/"
- + Constants.MOA_ID_CONFIG_PREFIX + ":AlwaysShowForm/text()", nameSpaceNode);
- if (alwaysShowFormNode != null) {
- this.setAlwaysShowForm(alwaysShowFormNode.getNodeValue());
- }
-
- // load connection parameters
- Logger.debug("Lade SZR-Gateway Standard Verbindungsparameter");
- Element connectionParamElement = (Element) XPathAPI.selectSingleNode(configElement, Constants.MOA_ID_CONFIG_PREFIX + ":PartyRepresentation/"
- + Constants.MOA_ID_CONFIG_PREFIX + ":ConnectionParameter", nameSpaceNode);
- if (connectionParamElement != null) {
- // parse connection parameters
- // ParepUtils.serializeElement(connectionParamElement, System.out);
- this.standardConnectionParameters = buildConnectionParameter(connectionParamElement, nameSpaceNode);
- }
-
- Logger.trace("Lade Konfiguration der Parteienvertreter");
- NodeList partyRepresentativeNodeList = XPathAPI.selectNodeList(configElement, Constants.MOA_ID_CONFIG_PREFIX + ":PartyRepresentation/"
- + Constants.MOA_ID_CONFIG_PREFIX + ":PartyRepresentative", nameSpaceNode);
- for (int i = 0; i < partyRepresentativeNodeList.getLength(); i++) {
-
- PartyRepresentative partyRepresentative = new PartyRepresentative();
-
- Element partyRepresentativeElement = (Element) partyRepresentativeNodeList.item(i);
- boolean representPhysicalParty = partyRepresentativeElement.getAttribute("representPhysicalParty").equalsIgnoreCase("true") ? true : false;
- boolean representCorporateParty = partyRepresentativeElement.getAttribute("representCorporateParty").equalsIgnoreCase("true") ? true : false;
- partyRepresentative.setOid(partyRepresentativeElement.getAttribute("oid"));
- partyRepresentative.setRepresentingPhysicalParty(representPhysicalParty);
- partyRepresentative.setRepresentingCorporateParty(representCorporateParty);
- partyRepresentative.setRepresentationText(partyRepresentativeElement.getAttribute("representationText"));
-
- Node inputProcessorSubNode = XPathAPI.selectSingleNode(partyRepresentativeElement, Constants.MOA_ID_CONFIG_PREFIX + ":InputProcessor", nameSpaceNode);
- if (inputProcessorSubNode != null) {
- partyRepresentative.setInputProcessorTemplate(((Element) inputProcessorSubNode).getAttribute("template"));
- Node inputProcessorClassSubNode = XPathAPI.selectSingleNode(partyRepresentativeElement, Constants.MOA_ID_CONFIG_PREFIX
- + ":InputProcessor/text()", nameSpaceNode);
- if (inputProcessorClassSubNode != null) {
- partyRepresentative.setInputProcessorClass(inputProcessorClassSubNode.getNodeValue());
- }
- }
-
- Element connectionParamSubElement = (Element) XPathAPI.selectSingleNode(partyRepresentativeElement, Constants.MOA_ID_CONFIG_PREFIX
- + ":ConnectionParameter", nameSpaceNode);
- if (connectionParamSubElement == null) {
- if (this.standardConnectionParameters == null) {
- throw new ConfigurationException("Fehler beim Parsen der ParepValidatorConfiguration: SZR-GW Verbindungsparameter zu Parteienvetreter "
- + partyRepresentative.getOid() + " fehlen.", null, null);
- }
- } else {
- // parse connection parameters
- // ParepUtils.serializeElement(connectionParamSubElement, System.out);
- partyRepresentative.setConnectionParameters(buildConnectionParameter(connectionParamSubElement, nameSpaceNode));
- }
- partyRepresentatives.put(partyRepresentative.getOid(), partyRepresentative);
- Logger.debug("Parteienvertreter: " + partyRepresentative.getOid() + " erfolgreich konfiguriert (representPhysicalParty="
- + partyRepresentative.isRepresentingPhysicalParty() + ", representCorporateParty=" + partyRepresentative.isRepresentingCorporateParty()
- + ", representationText=" + partyRepresentative.getRepresentationText()
- + ")");
- }
-
- Logger.debug("ParepValidator Konfiguration erfolgreich geparst.");
- } catch (Exception e) {
- throw new ConfigurationException("Allgemeiner Fehler beim Parsen der MandateValidatorConfiguration", null, e);
- }
- }
-
- /*
- *
- */
- private ConnectionParameter buildConnectionParameter(Element connParamElement, Element nameSpaceNode) throws ConfigurationException {
- try {
- ConnectionParameter connectionParameter = new ConnectionParameter();
-
- // parse connection url
- String URL = connParamElement.getAttribute("URL");
- connectionParameter.setUrl(URL);
-
- // accepted server certificates
- Node accServerCertsNode = XPathAPI.selectSingleNode(connParamElement, Constants.MOA_ID_CONFIG_PREFIX + ":AcceptedServerCertificates/text()",
- nameSpaceNode);
- if (accServerCertsNode != null) {
-
- String serverCertsDir = getFullDirectoryName(accServerCertsNode.getNodeValue());
- Logger.debug("Full directory name of accepted server certificates: " + serverCertsDir);
- connectionParameter.setAcceptedServerCertificates(serverCertsDir);
- }
-
- // client key store
- Node clientKeyStoreNode = XPathAPI.selectSingleNode(connParamElement, Constants.MOA_ID_CONFIG_PREFIX + ":ClientKeyStore/text()", nameSpaceNode);
- if (clientKeyStoreNode != null) {
- String clientKeystore = getFullDirectoryName(clientKeyStoreNode.getNodeValue());
- connectionParameter.setClientKeyStore(clientKeystore);
- }
-
- // client key store password
- Node clientKeyStorePasswordNode = XPathAPI.selectSingleNode(connParamElement, Constants.MOA_ID_CONFIG_PREFIX + ":ClientKeyStore/@password",
- nameSpaceNode);
- if (clientKeyStorePasswordNode != null) {
- connectionParameter.setClientKeyStorePassword(clientKeyStorePasswordNode.getNodeValue());
- }
-
- return connectionParameter;
- } catch (Exception e) {
- throw new ConfigurationException("Allgemeiner Fehler beim Parsen der ParepValidator ConnectionParameter.", null, e);
- }
- }
-
- public boolean isPartyRepresentative(String representationID) {
- if (partyRepresentatives == null)
- return false;
- PartyRepresentative pr = (PartyRepresentative) partyRepresentatives.get(representationID);
- return pr != null;
- }
-
- public boolean isRepresentingCorporateParty(String representationID) {
- if (partyRepresentatives == null) return false;
- PartyRepresentative pr = (PartyRepresentative) partyRepresentatives.get(representationID);
- if (pr == null) return false;
- return pr.isRepresentingCorporateParty();
- }
-
- public boolean isRepresentingPhysicalParty(String representationID) {
- if (partyRepresentatives == null) return false;
- PartyRepresentative pr = (PartyRepresentative) partyRepresentatives.get(representationID);
- if (pr == null) return false;
- return pr.isRepresentingPhysicalParty();
- }
-
- public String getRepresentationText(String representationID) {
- String result = ParepValidator.STANDARD_REPRESENTATION_TEXT;
- if (partyRepresentatives != null) {
- PartyRepresentative pr = (PartyRepresentative) partyRepresentatives.get(representationID);
- if (pr != null) {
- if (!ParepUtils.isEmpty(pr.getRepresentationText())) result = pr.getRepresentationText();
- }
- }
- return result;
- }
-
- /**
- * @return the input processor classname corresponding to <code>representationID</code>
- * @param representationID
- * the representation ID.
- */
- public String getInputProcessorClass(String representationID) {
- String inputProcessorClass = standardInputProcessorClass;
- if (ParepUtils.isEmpty(inputProcessorClass)) inputProcessorClass = ParepValidator.PAREP_INPUT_PROCESSOR;
- if (!(partyRepresentatives == null || "*".equals(representationID))) {
- PartyRepresentative pr = (PartyRepresentative) partyRepresentatives.get(representationID);
- if (pr!=null) {
- String prInputProcessorClass = pr.getInputProcessorClass();
- if (!ParepUtils.isEmpty(prInputProcessorClass)) inputProcessorClass = prInputProcessorClass;
- }
- }
- return inputProcessorClass;
- }
-
- /**
- * @param standardInputProcessorClass the standardInputProcessorClass to set
- */
- public void setStandardInputProcessorClass(String standardInputProcessorClass) {
- this.standardInputProcessorClass = standardInputProcessorClass;
- }
-
- /**
- * @return the InputProcessorTemplate
- */
- public String getInputProcessorTemplate(String representationID) {
- String inputProcessorTemplate = standardInputProcessorTemplate;
- if (ParepUtils.isEmpty(inputProcessorTemplate)) inputProcessorTemplate = ParepValidator.PAREP_INPUT_TEMPLATE;
- if (!(partyRepresentatives == null || "*".equals(representationID))) {
- PartyRepresentative pr = (PartyRepresentative) partyRepresentatives.get(representationID);
- if (pr!=null) {
- String prInputProcessorTemplate = pr.getInputProcessorTemplate();
- if (!ParepUtils.isEmpty(prInputProcessorTemplate)) inputProcessorTemplate = prInputProcessorTemplate;
- }
- }
- return inputProcessorTemplate;
- }
-
- /**
- * @param standardInputProcessorTemplate the standardInputProcessorTemplate to set
- */
- public void setStandardInputProcessorTemplate(String standardInputProcessorTemplate) {
- this.standardInputProcessorTemplate = standardInputProcessorTemplate;
- }
-
- /**
- * @return the alwaysShowForm
- */
- public boolean isAlwaysShowForm() {
- return alwaysShowForm;
- }
-
+
+
+ //TODO: check correctness!!!!
/**
- * @param alwaysShowForm the alwaysShowForm to set
- */
- public void setAlwaysShowForm(String alwaysShowForm) {
- if (ParepUtils.isEmpty(alwaysShowForm)) {
- this.alwaysShowForm = false;
- } else {
- this.alwaysShowForm = alwaysShowForm.equalsIgnoreCase("true");
- }
- }
-
- public static boolean isMandateCompatibilityMode(Element configElement) throws ConfigurationException {
- try {
- if (configElement==null) return false;
- Element nameSpaceNode = configElement.getOwnerDocument().createElement("NameSpaceNode");
- nameSpaceNode.setAttribute("xmlns:" + Constants.MOA_ID_CONFIG_PREFIX, Constants.MOA_ID_CONFIG_NS_URI);
- Node mandateCompatibilityNode = XPathAPI.selectSingleNode(configElement, Constants.MOA_ID_CONFIG_PREFIX + ":CompatibilityMode/text()", nameSpaceNode);
- if (mandateCompatibilityNode != null && !ParepUtils.isEmpty(mandateCompatibilityNode.getNodeValue())) {
- return mandateCompatibilityNode.getNodeValue().equalsIgnoreCase("true");
- }
- return false;
- } catch (Exception e) {
- throw new ConfigurationException("Allgemeiner Fehler beim Parsen des CompatibilityMode Parameters.", null, e);
- }
-
- }
-
-
-// public static void main(String[] args) throws Exception {
-// System.setProperty(PAREP_VALIDATOR_CONFIG, "c:/Doku/work/Organwalter/ConfigurationSnippetAppSpecific.xml");
-// System.setProperty("moa.id.configuration", "c:/workspace33moa/.metadata/.plugins/org.eclipse.wst.server.core/tmp0/conf/moa-id/SampleMOAWIDConfiguration_withTestBKsProxy.xml");
-// System.setProperty("log4j.configuration", "file:c:/workspace33moa/.metadata/.plugins/org.eclipse.wst.server.core/tmp0/conf/moa-id/log4j.properties");
-// Configuration cfg = new Configuration(null);
-// System.out.println(cfg.getInputProcessorClass("1.2.40.0.10.3.110"));
-//}
+// * System property for config file.
+// */
+// public final static String PAREP_VALIDATOR_CONFIG = "parep.validator.config";
+//
+// /**
+// * SZR-GW connection parameters.
+// */
+// private ConnectionParameter standardConnectionParameters;
+//
+// /**
+// * Input field processor.
+// */
+// private String standardInputProcessorClass;
+//
+// /**
+// * Input field processor template.
+// */
+// private String standardInputProcessorTemplate;
+//
+// /**
+// * Configured party representatives.
+// */
+// private HashMap partyRepresentatives;
+//
+// /**
+// * The configuration element.
+// */
+// private Element configElement = null;
+//
+// /**
+// * Defines whether the user input form must be shown on each
+// * request or not (also predefined mandates)
+// */
+// private boolean alwaysShowForm = false;
+//
+// /**
+// * The configuration base directory.
+// */
+// private String baseDir_;
+//
+// /**
+// * Gets the SZR-GW connection parameters.
+// *
+// * @return the connection parameters.
+// */
+// public ConnectionParameter getConnectionParameters(String representationID) {
+// if (partyRepresentatives == null || "*".equals(representationID))
+// return standardConnectionParameters;
+// PartyRepresentative pr = (PartyRepresentative) partyRepresentatives.get(representationID);
+// ConnectionParameter connectionParameters = pr.getConnectionParameters();
+// if (connectionParameters==null) connectionParameters = standardConnectionParameters;
+// return connectionParameters;
+// }
+//
+// /**
+// * Sets the SZR-GW connection parameters for standard connection.
+// *
+// * @param connectionParameters
+// * the connection parameters.
+// */
+// public void setStandardConnectionParameters(ConnectionParameter connectionParameters) {
+// this.standardConnectionParameters = connectionParameters;
+// }
+//
+// /*
+// *
+// */
+// public String getFullDirectoryName(String fileString) {
+// return makeAbsoluteURL(fileString, baseDir_);
+// }
+//
+// /*
+// *
+// */
+// private static String makeAbsoluteURL(String url, String root) {
+// // if url is relative to rootConfigFileDirName make it absolute
+//
+// File keyFile;
+// String newURL = url;
+//
+// if (null == url)
+// return null;
+//
+// if (url.startsWith("http:/") || url.startsWith("https:/") || url.startsWith("ftp:/") || url.startsWith("file:/") || url.startsWith("file:\\")) {
+// return url;
+// } else {
+// // check if absolute - if not make it absolute
+// keyFile = new File(url);
+// if (!keyFile.isAbsolute()) {
+// keyFile = new File(root, url);
+// newURL = keyFile.getPath();
+// }
+// return newURL;
+// }
+// }
+//
+// /**
+// * Initializes the configuration with a given XML configuration element found
+// * in the MOA-ID configuration.
+// *
+// * @param configElem
+// * the configuration element.
+// * @throws ConfigurationException
+// * if an error occurs initializing the configuration.
+// */
+// public ParepConfiguration(Element configElem) throws ConfigurationException {
+//
+// partyRepresentatives = new HashMap();
+// partyRepresentatives.put("*", new PartyRepresentative(true, true));
+//
+// String fileName = System.getProperty(ConfigurationProvider.CONFIG_PROPERTY_NAME);
+//
+// try {
+//
+// baseDir_ = (new File(fileName)).getParentFile().toURL().toString();
+// Logger.trace("Config base directory: " + baseDir_);
+// // check for configuration in system properties
+// if (System.getProperty(PAREP_VALIDATOR_CONFIG) != null) {
+// Document doc = ParepUtils.readDocFromIs(new FileInputStream(System.getProperty(PAREP_VALIDATOR_CONFIG)));
+// this.configElement = doc.getDocumentElement();
+// } else {
+// this.configElement = configElem;
+// }
+// } catch (Exception e) {
+// throw new ConfigurationException("Allgemeiner Fehler beim Einlesen der ParepValidatorConfiguration", null, e);
+// }
+// load();
+// }
+//
+// /*
+// *
+// */
+// private void load() throws ConfigurationException {
+// Logger.debug("Parse ParepValidator Konfiguration");
+// try {
+// Element nameSpaceNode = configElement.getOwnerDocument().createElement("NameSpaceNode");
+// nameSpaceNode.setAttribute("xmlns:" + Constants.MOA_ID_CONFIG_PREFIX, Constants.MOA_ID_CONFIG_NS_URI);
+// // nameSpaceNode.setAttribute("xmlns:sgw",
+// // SZRGWConstants.SZRGW_PROFILE_NS);
+//
+// Node inputProcessorNode = XPathAPI.selectSingleNode(configElement, Constants.MOA_ID_CONFIG_PREFIX + ":PartyRepresentation/"
+// + Constants.MOA_ID_CONFIG_PREFIX + ":InputProcessor", nameSpaceNode);
+// if (inputProcessorNode != null) {
+// this.standardInputProcessorTemplate = ((Element) inputProcessorNode).getAttribute("template");
+// Node inputProcessorClassNode = XPathAPI.selectSingleNode(configElement, Constants.MOA_ID_CONFIG_PREFIX + ":PartyRepresentation/"
+// + Constants.MOA_ID_CONFIG_PREFIX + ":InputProcessor/text()", nameSpaceNode);
+// if (inputProcessorClassNode != null) {
+// this.standardInputProcessorClass = inputProcessorClassNode.getNodeValue();
+// }
+// }
+// Node alwaysShowFormNode = XPathAPI.selectSingleNode(configElement, Constants.MOA_ID_CONFIG_PREFIX + ":PartyRepresentation/"
+// + Constants.MOA_ID_CONFIG_PREFIX + ":AlwaysShowForm/text()", nameSpaceNode);
+// if (alwaysShowFormNode != null) {
+// this.setAlwaysShowForm(alwaysShowFormNode.getNodeValue());
+// }
+//
+// // load connection parameters
+// Logger.debug("Lade SZR-Gateway Standard Verbindungsparameter");
+// Element connectionParamElement = (Element) XPathAPI.selectSingleNode(configElement, Constants.MOA_ID_CONFIG_PREFIX + ":PartyRepresentation/"
+// + Constants.MOA_ID_CONFIG_PREFIX + ":ConnectionParameter", nameSpaceNode);
+// if (connectionParamElement != null) {
+// // parse connection parameters
+// // ParepUtils.serializeElement(connectionParamElement, System.out);
+// this.standardConnectionParameters = buildConnectionParameter(connectionParamElement, nameSpaceNode);
+// }
+//
+// Logger.trace("Lade Konfiguration der Parteienvertreter");
+// NodeList partyRepresentativeNodeList = XPathAPI.selectNodeList(configElement, Constants.MOA_ID_CONFIG_PREFIX + ":PartyRepresentation/"
+// + Constants.MOA_ID_CONFIG_PREFIX + ":PartyRepresentative", nameSpaceNode);
+// for (int i = 0; i < partyRepresentativeNodeList.getLength(); i++) {
+//
+// PartyRepresentative partyRepresentative = new PartyRepresentative();
+//
+// Element partyRepresentativeElement = (Element) partyRepresentativeNodeList.item(i);
+// boolean representPhysicalParty = partyRepresentativeElement.getAttribute("representPhysicalParty").equalsIgnoreCase("true") ? true : false;
+// boolean representCorporateParty = partyRepresentativeElement.getAttribute("representCorporateParty").equalsIgnoreCase("true") ? true : false;
+// partyRepresentative.setOid(partyRepresentativeElement.getAttribute("oid"));
+// partyRepresentative.setRepresentingPhysicalParty(representPhysicalParty);
+// partyRepresentative.setRepresentingCorporateParty(representCorporateParty);
+// partyRepresentative.setRepresentationText(partyRepresentativeElement.getAttribute("representationText"));
+//
+// Node inputProcessorSubNode = XPathAPI.selectSingleNode(partyRepresentativeElement, Constants.MOA_ID_CONFIG_PREFIX + ":InputProcessor", nameSpaceNode);
+// if (inputProcessorSubNode != null) {
+// partyRepresentative.setInputProcessorTemplate(((Element) inputProcessorSubNode).getAttribute("template"));
+// Node inputProcessorClassSubNode = XPathAPI.selectSingleNode(partyRepresentativeElement, Constants.MOA_ID_CONFIG_PREFIX
+// + ":InputProcessor/text()", nameSpaceNode);
+// if (inputProcessorClassSubNode != null) {
+// partyRepresentative.setInputProcessorClass(inputProcessorClassSubNode.getNodeValue());
+// }
+// }
+//
+// Element connectionParamSubElement = (Element) XPathAPI.selectSingleNode(partyRepresentativeElement, Constants.MOA_ID_CONFIG_PREFIX
+// + ":ConnectionParameter", nameSpaceNode);
+// if (connectionParamSubElement == null) {
+// if (this.standardConnectionParameters == null) {
+// throw new ConfigurationException("Fehler beim Parsen der ParepValidatorConfiguration: SZR-GW Verbindungsparameter zu Parteienvetreter "
+// + partyRepresentative.getOid() + " fehlen.", null, null);
+// }
+// } else {
+// // parse connection parameters
+// // ParepUtils.serializeElement(connectionParamSubElement, System.out);
+// partyRepresentative.setConnectionParameters(buildConnectionParameter(connectionParamSubElement, nameSpaceNode));
+// }
+// partyRepresentatives.put(partyRepresentative.getOid(), partyRepresentative);
+// Logger.debug("Parteienvertreter: " + partyRepresentative.getOid() + " erfolgreich konfiguriert (representPhysicalParty="
+// + partyRepresentative.isRepresentingPhysicalParty() + ", representCorporateParty=" + partyRepresentative.isRepresentingCorporateParty()
+// + ", representationText=" + partyRepresentative.getRepresentationText()
+// + ")");
+// }
+//
+// Logger.debug("ParepValidator Konfiguration erfolgreich geparst.");
+// } catch (Exception e) {
+// throw new ConfigurationException("Allgemeiner Fehler beim Parsen der MandateValidatorConfiguration", null, e);
+// }
+// }
+//
+// /*
+// *
+// */
+// private ConnectionParameter buildConnectionParameter(Element connParamElement, Element nameSpaceNode) throws ConfigurationException {
+// try {
+// ConnectionParameter connectionParameter = new ConnectionParameter();
+//
+// // parse connection url
+// String URL = connParamElement.getAttribute("URL");
+// connectionParameter.setUrl(URL);
+//
+// // accepted server certificates
+// Node accServerCertsNode = XPathAPI.selectSingleNode(connParamElement, Constants.MOA_ID_CONFIG_PREFIX + ":AcceptedServerCertificates/text()",
+// nameSpaceNode);
+// if (accServerCertsNode != null) {
+//
+// String serverCertsDir = getFullDirectoryName(accServerCertsNode.getNodeValue());
+// Logger.debug("Full directory name of accepted server certificates: " + serverCertsDir);
+// connectionParameter.setAcceptedServerCertificates(serverCertsDir);
+// }
+//
+// // client key store
+// Node clientKeyStoreNode = XPathAPI.selectSingleNode(connParamElement, Constants.MOA_ID_CONFIG_PREFIX + ":ClientKeyStore/text()", nameSpaceNode);
+// if (clientKeyStoreNode != null) {
+// String clientKeystore = getFullDirectoryName(clientKeyStoreNode.getNodeValue());
+// connectionParameter.setClientKeyStore(clientKeystore);
+// }
+//
+// // client key store password
+// Node clientKeyStorePasswordNode = XPathAPI.selectSingleNode(connParamElement, Constants.MOA_ID_CONFIG_PREFIX + ":ClientKeyStore/@password",
+// nameSpaceNode);
+// if (clientKeyStorePasswordNode != null) {
+// connectionParameter.setClientKeyStorePassword(clientKeyStorePasswordNode.getNodeValue());
+// }
+//
+// return connectionParameter;
+// } catch (Exception e) {
+// throw new ConfigurationException("Allgemeiner Fehler beim Parsen der ParepValidator ConnectionParameter.", null, e);
+// }
+// }
+//
+// public boolean isPartyRepresentative(String representationID) {
+// if (partyRepresentatives == null)
+// return false;
+// PartyRepresentative pr = (PartyRepresentative) partyRepresentatives.get(representationID);
+// return pr != null;
+// }
+//
+// public boolean isRepresentingCorporateParty(String representationID) {
+// if (partyRepresentatives == null) return false;
+// PartyRepresentative pr = (PartyRepresentative) partyRepresentatives.get(representationID);
+// if (pr == null) return false;
+// return pr.isRepresentingCorporateParty();
+// }
+//
+// public boolean isRepresentingPhysicalParty(String representationID) {
+// if (partyRepresentatives == null) return false;
+// PartyRepresentative pr = (PartyRepresentative) partyRepresentatives.get(representationID);
+// if (pr == null) return false;
+// return pr.isRepresentingPhysicalParty();
+// }
+//
+// public String getRepresentationText(String representationID) {
+// String result = ParepValidator.STANDARD_REPRESENTATION_TEXT;
+// if (partyRepresentatives != null) {
+// PartyRepresentative pr = (PartyRepresentative) partyRepresentatives.get(representationID);
+// if (pr != null) {
+// if (!ParepUtils.isEmpty(pr.getRepresentationText())) result = pr.getRepresentationText();
+// }
+// }
+// return result;
+// }
+//
+// /**
+// * @return the input processor classname corresponding to <code>representationID</code>
+// * @param representationID
+// * the representation ID.
+// */
+// public String getInputProcessorClass(String representationID) {
+// String inputProcessorClass = standardInputProcessorClass;
+// if (ParepUtils.isEmpty(inputProcessorClass)) inputProcessorClass = ParepValidator.PAREP_INPUT_PROCESSOR;
+// if (!(partyRepresentatives == null || "*".equals(representationID))) {
+// PartyRepresentative pr = (PartyRepresentative) partyRepresentatives.get(representationID);
+// if (pr!=null) {
+// String prInputProcessorClass = pr.getInputProcessorClass();
+// if (!ParepUtils.isEmpty(prInputProcessorClass)) inputProcessorClass = prInputProcessorClass;
+// }
+// }
+// return inputProcessorClass;
+// }
+//
+// /**
+// * @param standardInputProcessorClass the standardInputProcessorClass to set
+// */
+// public void setStandardInputProcessorClass(String standardInputProcessorClass) {
+// this.standardInputProcessorClass = standardInputProcessorClass;
+// }
+//
+// /**
+// * @return the InputProcessorTemplate
+// */
+// public String getInputProcessorTemplate(String representationID) {
+// String inputProcessorTemplate = standardInputProcessorTemplate;
+// if (ParepUtils.isEmpty(inputProcessorTemplate)) inputProcessorTemplate = ParepValidator.PAREP_INPUT_TEMPLATE;
+// if (!(partyRepresentatives == null || "*".equals(representationID))) {
+// PartyRepresentative pr = (PartyRepresentative) partyRepresentatives.get(representationID);
+// if (pr!=null) {
+// String prInputProcessorTemplate = pr.getInputProcessorTemplate();
+// if (!ParepUtils.isEmpty(prInputProcessorTemplate)) inputProcessorTemplate = prInputProcessorTemplate;
+// }
+// }
+// return inputProcessorTemplate;
+// }
+//
+// /**
+// * @param standardInputProcessorTemplate the standardInputProcessorTemplate to set
+// */
+// public void setStandardInputProcessorTemplate(String standardInputProcessorTemplate) {
+// this.standardInputProcessorTemplate = standardInputProcessorTemplate;
+// }
+//
+// /**
+// * @return the alwaysShowForm
+// */
+// public boolean isAlwaysShowForm() {
+// return alwaysShowForm;
+// }
+//
+// /**
+// * @param alwaysShowForm the alwaysShowForm to set
+// */
+// public void setAlwaysShowForm(String alwaysShowForm) {
+// if (ParepUtils.isEmpty(alwaysShowForm)) {
+// this.alwaysShowForm = false;
+// } else {
+// this.alwaysShowForm = alwaysShowForm.equalsIgnoreCase("true");
+// }
+// }
+//
+// public static boolean isMandateCompatibilityMode(Element configElement) throws ConfigurationException {
+// try {
+// if (configElement==null) return false;
+// Element nameSpaceNode = configElement.getOwnerDocument().createElement("NameSpaceNode");
+// nameSpaceNode.setAttribute("xmlns:" + Constants.MOA_ID_CONFIG_PREFIX, Constants.MOA_ID_CONFIG_NS_URI);
+// Node mandateCompatibilityNode = XPathAPI.selectSingleNode(configElement, Constants.MOA_ID_CONFIG_PREFIX + ":CompatibilityMode/text()", nameSpaceNode);
+// if (mandateCompatibilityNode != null && !ParepUtils.isEmpty(mandateCompatibilityNode.getNodeValue())) {
+// return mandateCompatibilityNode.getNodeValue().equalsIgnoreCase("true");
+// }
+// return false;
+// } catch (Exception e) {
+// throw new ConfigurationException("Allgemeiner Fehler beim Parsen des CompatibilityMode Parameters.", null, e);
+// }
+//
+// }
+//
+//
+//// public static void main(String[] args) throws Exception {
+//// System.setProperty(PAREP_VALIDATOR_CONFIG, "c:/Doku/work/Organwalter/ConfigurationSnippetAppSpecific.xml");
+//// System.setProperty("moa.id.configuration", "c:/workspace33moa/.metadata/.plugins/org.eclipse.wst.server.core/tmp0/conf/moa-id/SampleMOAWIDConfiguration_withTestBKsProxy.xml");
+//// System.setProperty("log4j.configuration", "file:c:/workspace33moa/.metadata/.plugins/org.eclipse.wst.server.core/tmp0/conf/moa-id/log4j.properties");
+//// Configuration cfg = new Configuration(null);
+//// System.out.println(cfg.getInputProcessorClass("1.2.40.0.10.3.110"));
+////}
}
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/ConfigurationProvider.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/ConfigurationProvider.java
index fb1dc0293..bf4952113 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/ConfigurationProvider.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/ConfigurationProvider.java
@@ -81,7 +81,7 @@ public class ConfigurationProvider {
* A <code>Map</code> which contains the <code>IssuerAndSerial</code> to
* chaining mode (a <code>String</code>) mapping.
*/
- protected Map chainingModes;
+ protected Map<IssuerAndSerial, String> chainingModes;
/**
* the URL for the trusted CA Certificates
@@ -93,6 +93,10 @@ public class ConfigurationProvider {
*/
protected String rootConfigFileDir;
+ protected String certstoreDirectory;
+
+ protected boolean trustmanagerrevoationchecking;
+
/**
* Returns the main configuration file directory used to configure MOA-ID
*
@@ -148,5 +152,22 @@ public class ConfigurationProvider {
return trustedCACertificates;
}
+
+/**
+ * @return the certstoreDirectory
+ */
+public String getCertstoreDirectory() {
+ return certstoreDirectory;
+}
+
+/**
+ * @return the trustmanagerrevoationchecking
+ */
+public boolean isTrustmanagerrevoationchecking() {
+ return trustmanagerrevoationchecking;
+}
+
+
+
}
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/ConfigurationUtils.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/ConfigurationUtils.java
new file mode 100644
index 000000000..65fda8396
--- /dev/null
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/ConfigurationUtils.java
@@ -0,0 +1,36 @@
+package at.gv.egovernment.moa.id.config;
+
+import java.io.IOException;
+import java.io.UnsupportedEncodingException;
+import java.util.ArrayList;
+import java.util.List;
+
+import at.gv.egovernment.moa.id.commons.db.dao.config.TransformsInfoType;
+import at.gv.egovernment.moa.logging.Logger;
+import at.gv.egovernment.moa.util.Base64Utils;
+
+public class ConfigurationUtils {
+
+ public static List<String> getTransformInfos(List<TransformsInfoType> transformations) {
+ List<String> list = new ArrayList<String>();
+
+ for (TransformsInfoType e1 : transformations) {
+
+ try {
+ String transform = new String(e1.getTransformation(), "UTF-8");
+ String encoded = new String(Base64Utils.decode(transform, false), "UTF-8");
+ list.add(encoded);
+
+ } catch (UnsupportedEncodingException e) {
+ Logger.warn("Transformation can not be loaded. An encoding error ocurs");
+ return null;
+
+ } catch (IOException e) {
+ Logger.warn("Transformation can not be loaded from database.");
+ return null;
+ }
+ }
+ return list;
+ }
+
+}
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/ConnectionParameter.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/ConnectionParameter.java
index b1b90f40b..b358a31c9 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/ConnectionParameter.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/ConnectionParameter.java
@@ -1,130 +1,55 @@
-/*
- * Copyright 2003 Federal Chancellery Austria
- * MOA-ID has been developed in a cooperation between BRZ, the Federal
- * Chancellery Austria - ICT staff unit, and Graz University of Technology.
- *
- * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by
- * the European Commission - subsequent versions of the EUPL (the "Licence");
- * You may not use this work except in compliance with the Licence.
- * You may obtain a copy of the Licence at:
- * http://www.osor.eu/eupl/
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the Licence is distributed on an "AS IS" basis,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the Licence for the specific language governing permissions and
- * limitations under the Licence.
- *
- * This product combines work with different licenses. See the "NOTICE" text
- * file for details on the various modules and licenses.
- * The "NOTICE" text file is part of the distribution. Any derivative works
- * that you distribute must include a readable copy of the "NOTICE" text file.
- */
-
-
package at.gv.egovernment.moa.id.config;
-/**
- * This bean class is used to store data for various connectionParameter
- * within the MOA-ID configuration
- *
- * @author Stefan Knirsch
- * @version $Id$
- */
-public class ConnectionParameter {
-
- /**
- * Server URL
- */
- private String url;
- /**
- * File URL for a directory containing PKCS#12 server SSL certificates.
- * From these certificates, a X509 trust store will be assembled for use
- * by a JSSE <code>TrustManager</code>.
- * This field will only be used in case of an HTTPS URL.
- */
- private String acceptedServerCertificates;
- /**
- * File URL of a X509 key store containing the private key to be used
- * for an HTTPS connection when the server requires client authentication.
- * This field will only be used in case of an HTTPS URL.
- */
- private String clientKeyStore;
- /**
- * Password protecting the client key store.
- */
- private String clientKeyStorePassword;
-
- /**
- * Checks whether the URL scheme is <code>"https"</code>.
- * @return true in case of an URL starting with <code>"https"</code>
- */
+import java.util.Properties;
+
+import at.gv.egovernment.moa.id.commons.db.dao.config.ConnectionParameterClientAuthType;
+
+public abstract class ConnectionParameter {
+
+ protected static final String PROP_IDENTIFIER_KEYSTORE = "clientKeyStore";
+ protected static final String PROP_IDENTIFIER_KEYSTOREPASSWORD = "clientKeyStorePassword";
+ protected static final String PROP_IDENTIFIER_ACCEPEDSERVERCERTS = "acceptedServerCertificates";
+
+ protected ConnectionParameterClientAuthType database;
+ protected Properties prop;
+ protected String basedirectory;
+
+ public ConnectionParameter(ConnectionParameterClientAuthType database, Properties prop, String basedirectory) {
+ this.database = database;
+ this.prop = prop;
+ this.basedirectory = basedirectory;
+ }
+
+ /**
+ * Returns the acceptedServerCertificates.
+ * @return String
+ */
+ public abstract String getAcceptedServerCertificates();
+
+ /**
+ * Returns the clientKeyStore.
+ * @return String
+ */
+ public abstract String getClientKeyStore();
+
+ /**
+ * Returns the clientKeyStorePassword.
+ * @return String
+ */
+ public abstract String getClientKeyStorePassword();
+
+
public boolean isHTTPSURL() {
- return getUrl().indexOf("https") == 0;
+ if (database==null)
+ return false;
+ else
+ return database.getURL().indexOf("https") == 0;
+ }
+
+ public String getUrl() {
+ if (database == null)
+ return null;
+ else
+ return database.getURL();
}
-
- /**
- * Returns the url.
- * @return String
- */
- public String getUrl() {
- return url;
- }
-
- /**
- * Returns the acceptedServerCertificates.
- * @return String
- */
- public String getAcceptedServerCertificates() {
- return acceptedServerCertificates;
- }
-
- /**
- * Sets the acceptedServerCertificates.
- * @param acceptedServerCertificates The acceptedServerCertificates to set
- */
- public void setAcceptedServerCertificates(String acceptedServerCertificates) {
- this.acceptedServerCertificates = acceptedServerCertificates;
- }
-
- /**
- * Sets the url.
- * @param url The url to set
- */
- public void setUrl(String url) {
- this.url = url;
- }
-
- /**
- * Returns the clientKeyStore.
- * @return String
- */
- public String getClientKeyStore() {
- return clientKeyStore;
- }
-
- /**
- * Returns the clientKeyStorePassword.
- * @return String
- */
- public String getClientKeyStorePassword() {
- return clientKeyStorePassword;
- }
-
- /**
- * Sets the clientKeyStore.
- * @param clientKeyStore The clientKeyStore to set
- */
- public void setClientKeyStore(String clientKeyStore) {
- this.clientKeyStore = clientKeyStore;
- }
-
- /**
- * Sets the clientKeyStorePassword.
- * @param clientKeyStorePassword The clientKeyStorePassword to set
- */
- public void setClientKeyStorePassword(String clientKeyStorePassword) {
- this.clientKeyStorePassword = clientKeyStorePassword;
- }
-
}
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/ConnectionParameterForeign.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/ConnectionParameterForeign.java
new file mode 100644
index 000000000..41d6959b1
--- /dev/null
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/ConnectionParameterForeign.java
@@ -0,0 +1,41 @@
+package at.gv.egovernment.moa.id.config;
+
+import java.util.Properties;
+
+import at.gv.egovernment.moa.id.commons.db.dao.config.ConnectionParameterClientAuthType;
+import at.gv.egovernment.moa.util.MiscUtil;
+
+public class ConnectionParameterForeign extends ConnectionParameter{
+
+ private static final String MOASP_PROP_IDENTIFIER_PREFIX = "service.foreignidentities.";
+
+ public ConnectionParameterForeign(ConnectionParameterClientAuthType database,
+ Properties prop, String basedirectory) {
+ super(database, prop, basedirectory);
+ }
+
+ public String getAcceptedServerCertificates() {
+ String e1 = prop.getProperty(MOASP_PROP_IDENTIFIER_PREFIX+PROP_IDENTIFIER_ACCEPEDSERVERCERTS);
+ if (MiscUtil.isEmpty(e1))
+ return null;
+ else
+ return basedirectory + e1;
+ }
+
+ public String getClientKeyStore() {
+ String e1 = prop.getProperty(MOASP_PROP_IDENTIFIER_PREFIX+PROP_IDENTIFIER_KEYSTORE);
+ if (MiscUtil.isEmpty(e1))
+ return null;
+ else
+ return basedirectory + e1;
+ }
+
+ public String getClientKeyStorePassword() {
+ String e1 = prop.getProperty(MOASP_PROP_IDENTIFIER_PREFIX+PROP_IDENTIFIER_KEYSTOREPASSWORD);
+ if (MiscUtil.isEmpty(e1))
+ return null;
+ else
+ return e1;
+ }
+
+}
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/ConnectionParameterMOASP.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/ConnectionParameterMOASP.java
new file mode 100644
index 000000000..0e05633c8
--- /dev/null
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/ConnectionParameterMOASP.java
@@ -0,0 +1,42 @@
+package at.gv.egovernment.moa.id.config;
+
+import java.util.Properties;
+
+import at.gv.egovernment.moa.id.commons.db.dao.config.ConnectionParameterClientAuthType;
+import at.gv.egovernment.moa.util.MiscUtil;
+
+public class ConnectionParameterMOASP extends ConnectionParameter{
+
+ private static final String MOASP_PROP_IDENTIFIER_PREFIX = "service.moasp.";
+
+ public ConnectionParameterMOASP(ConnectionParameterClientAuthType database,
+ Properties prop, String basedirectory) {
+ super(database, prop, basedirectory);
+ }
+
+ public String getAcceptedServerCertificates() {
+ String e1 = prop.getProperty(MOASP_PROP_IDENTIFIER_PREFIX+PROP_IDENTIFIER_ACCEPEDSERVERCERTS);
+ if (MiscUtil.isEmpty(e1))
+ return null;
+ else
+ return basedirectory + e1;
+
+ }
+
+ public String getClientKeyStore() {
+ String e1 = prop.getProperty(MOASP_PROP_IDENTIFIER_PREFIX+PROP_IDENTIFIER_KEYSTORE);
+ if (MiscUtil.isEmpty(e1))
+ return null;
+ else
+ return basedirectory + e1;
+ }
+
+ public String getClientKeyStorePassword() {
+ String e1 = prop.getProperty(MOASP_PROP_IDENTIFIER_PREFIX+PROP_IDENTIFIER_KEYSTOREPASSWORD);
+ if (MiscUtil.isEmpty(e1))
+ return null;
+ else
+ return e1;
+ }
+
+}
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/ConnectionParameterMandate.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/ConnectionParameterMandate.java
new file mode 100644
index 000000000..00b393b92
--- /dev/null
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/ConnectionParameterMandate.java
@@ -0,0 +1,41 @@
+package at.gv.egovernment.moa.id.config;
+
+import java.util.Properties;
+
+import at.gv.egovernment.moa.id.commons.db.dao.config.ConnectionParameterClientAuthType;
+import at.gv.egovernment.moa.util.MiscUtil;
+
+public class ConnectionParameterMandate extends ConnectionParameter{
+
+ private static final String MOASP_PROP_IDENTIFIER_PREFIX = "service.onlinemandates.";
+
+ public ConnectionParameterMandate(ConnectionParameterClientAuthType database,
+ Properties prop, String basedirectory) {
+ super(database, prop, basedirectory);
+ }
+
+ public String getAcceptedServerCertificates() {
+ String e1 = prop.getProperty(MOASP_PROP_IDENTIFIER_PREFIX+PROP_IDENTIFIER_ACCEPEDSERVERCERTS);
+ if (MiscUtil.isEmpty(e1))
+ return null;
+ else
+ return basedirectory + e1;
+ }
+
+ public String getClientKeyStore() {
+ String e1 = prop.getProperty(MOASP_PROP_IDENTIFIER_PREFIX+PROP_IDENTIFIER_KEYSTORE);
+ if (MiscUtil.isEmpty(e1))
+ return null;
+ else
+ return basedirectory + e1;
+ }
+
+ public String getClientKeyStorePassword() {
+ String e1 = prop.getProperty(MOASP_PROP_IDENTIFIER_PREFIX+PROP_IDENTIFIER_KEYSTOREPASSWORD);
+ if (MiscUtil.isEmpty(e1))
+ return null;
+ else
+ return e1;
+ }
+
+}
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/OAParameter.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/OAParameter.java
index 56c97a802..c1715d6fc 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/OAParameter.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/OAParameter.java
@@ -24,6 +24,8 @@
package at.gv.egovernment.moa.id.config;
+import at.gv.egovernment.moa.id.commons.db.dao.config.OnlineApplication;
+
/**
* Configuration parameters belonging to an online application,
* to be used within both, the MOA ID Auth and the
@@ -33,6 +35,25 @@ package at.gv.egovernment.moa.id.config;
*/
public class OAParameter {
+ public OAParameter(OnlineApplication oa) {
+
+ this.oaType = oa.getType();
+
+ if (this.oaType.equals("businessService"))
+ this.businessService = true;
+ else
+ this.businessService = false;
+
+ this.publicURLPrefix = oa.getPublicURLPrefix();
+
+ this.friendlyName = oa.getFriendlyName();
+
+ this.target = oa.getTarget();
+
+ this.targetFriendlyName = oa.getTargetFriendlyName();
+
+ }
+
/**
* type of the online application (maybe "PublicService" or "BusinessService")
*/
@@ -63,102 +84,26 @@ public class OAParameter {
*/
private String targetFriendlyName;
- /**
- * Returns the type of the online application.
- * @return the type of the online application.
- */
- public String getOaType() {
- return oaType;
- }
-
- /**
- * Returns <code>true</code> is the OA is a businss application, otherwise
- * <code>false</code>.
- * @return <code>true</code> is the OA is a businss application, otherwise
- * <code>false</code>
- */
- public boolean getBusinessService() {
- return this.businessService;
- }
- /**
- * Returns the publicURLPrefix.
- * @return String
- */
- public String getPublicURLPrefix() {
- return publicURLPrefix;
- }
- /**
- *
- * Sets the type of the online application.
- * If the type is "businessService" the value of <code>businessService</code>
- * ({@link #getBusinessService()}) is also set to <code>true</code>
- * @param oaType The type of the online application.
- */
- public void setOaType(String oaType) {
- this.oaType = oaType;
- if ("businessService".equalsIgnoreCase(oaType)) {
- this.businessService = true;
- }
- }
+ public String getOaType() {
+ return oaType;
+ }
+ public boolean getBusinessService() {
+ return businessService;
+ }
+ public String getPublicURLPrefix() {
+ return publicURLPrefix;
+ }
+ public String getFriendlyName() {
+ return friendlyName;
+ }
+ public String getTarget() {
+ return target;
+ }
+ public String getTargetFriendlyName() {
+ return targetFriendlyName;
+ }
- /**
- * Sets the publicURLPrefix.
- * @param publicURLPrefix The publicURLPrefix to set
- */
- public void setPublicURLPrefix(String publicURLPrefix) {
- this.publicURLPrefix = publicURLPrefix;
- }
-
-
- /**
- * Gets the friendly name of the OA
- * @return Friendly Name of the OA
- */
- public String getFriendlyName() {
- return friendlyName;
- }
-
- /**
- * Sets the friendly name of the OA
- * @param friendlyName
- */
- public void setFriendlyName(String friendlyName) {
- this.friendlyName = friendlyName;
- }
-
- /**
- * Gets the target of the OA
- * @return target of the OA
- */
- public String getTarget() {
- return target;
- }
-
- /**
- * Sets the target of the OA
- * @param target
- */
- public void setTarget(String target) {
- this.target = target;
- }
-
- /**
- * Gets the target friendly name of the OA
- * @return target Friendly Name of the OA
- */
- public String getTargetFriendlyName() {
- return targetFriendlyName;
- }
-
- /**
- * Sets the target friendly name of the OA
- * @param targetFriendlyName
- */
- public void setTargetFriendlyName(String targetFriendlyName) {
- this.targetFriendlyName = targetFriendlyName;
- }
-
}
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/TargetsAndSectorNames.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/TargetsAndSectorNames.java
index 1fe8f13b6..a2962e4b2 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/TargetsAndSectorNames.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/TargetsAndSectorNames.java
@@ -30,7 +30,7 @@ package at.gv.egovernment.moa.id.config;
/**
* This interface contains all actual possible targets in Austria (shortcuts and friendly names)
- * Bereichskennung and Tätigkeitsbereich
+ * Bereichskennung and T�tigkeitsbereich
* @author bzwattendorfer
*
*/
@@ -38,178 +38,178 @@ public interface TargetsAndSectorNames {
/** Bereichskennung AR */
public static String TARGET_AR = "AR";
- /** Tätigkeitsbereich AR */
+ /** Tätigkeitsbereich AR */
public static String TARGET_AR_SECTOR = "Arbeit";
/** Bereichskennung AS */
public static String TARGET_AS = "AS";
- /** Tätigkeitsbereich AS */
+ /** Tätigkeitsbereich AS */
public static String TARGET_AS_SECTOR = "Amtliche Statistik";
/** Bereichskennung BF */
public static String TARGET_BF = "BF";
- /** Tätigkeitsbereich BF */
+ /** Tätigkeitsbereich BF */
public static String TARGET_BF_SECTOR = "Bildung und Forschung";
/** Bereichskennung BW */
public static String TARGET_BW = "BW";
- /** Tätigkeitsbereich BW */
+ /** Tätigkeitsbereich BW */
public static String TARGET_BW_SECTOR = "Bauen und Wohnen";
/** Bereichskennung EA */
public static String TARGET_EA = "EA";
- /** Tätigkeitsbereich EA */
- public static String TARGET_EA_SECTOR = "EU und Auswärtige Angelegenheiten";
+ /** Tätigkeitsbereich EA */
+ public static String TARGET_EA_SECTOR = "EU und Auswärtige Angelegenheiten";
/** Bereichskennung EF */
public static String TARGET_EF = "EF";
- /** Tätigkeitsbereich EF */
+ /** Tätigkeitsbereich EF */
public static String TARGET_EF_SECTOR = "Ein- und Ausfuhr";
/** Bereichskennung GH */
public static String TARGET_GH = "GH";
- /** Tätigkeitsbereich GH */
+ /** Tätigkeitsbereich GH */
public static String TARGET_GH_SECTOR = "Gesundheit";
/** Bereichskennung GS */
public static String TARGET_GS = "GS";
- /** Tätigkeitsbereich GS */
+ /** Tätigkeitsbereich GS */
public static String TARGET_GS_SECTOR = "Gesellschaft und Soziales";
/** Bereichskennung GS-RE */
public static String TARGET_GS_RE = "GS-RE";
- /** Tätigkeitsbereich GS-RE */
+ /** Tätigkeitsbereich GS-RE */
public static String TARGET_GS_RE_SECTOR = "Restitution";
/** Bereichskennung JR */
public static String TARGET_JR = "JR";
- /** Tätigkeitsbereich JR */
+ /** Tätigkeitsbereich JR */
public static String TARGET_JR_SECTOR = "Justiz/Zivilrechtswesen";
/** Bereichskennung KL */
public static String TARGET_KL = "KL";
- /** Tätigkeitsbereich KL */
+ /** Tätigkeitsbereich KL */
public static String TARGET_KL_SECTOR = "Kultus";
/** Bereichskennung KU */
public static String TARGET_KU = "KU";
- /** Tätigkeitsbereich KU */
+ /** Tätigkeitsbereich KU */
public static String TARGET_KU_SECTOR = "Kunst und Kultur";
/** Bereichskennung LF */
public static String TARGET_LF = "LF";
- /** Tätigkeitsbereich LF */
+ /** Tätigkeitsbereich LF */
public static String TARGET_LF_SECTOR = "Land- und Forstwirtschaft";
/** Bereichskennung LV */
public static String TARGET_LV = "LV";
- /** Tätigkeitsbereich LV */
+ /** Tätigkeitsbereich LV */
public static String TARGET_LV_SECTOR = "Landesverteidigung";
/** Bereichskennung RT */
public static String TARGET_RT = "RT";
- /** Tätigkeitsbereich RT */
+ /** Tätigkeitsbereich RT */
public static String TARGET_RT_SECTOR = "Rundfunk und sonstige " +
"Medien sowie Telekommunikation";
/** Bereichskennung SA */
public static String TARGET_SA = "SA";
- /** Tätigkeitsbereich SA */
+ /** Tätigkeitsbereich SA */
public static String TARGET_SA_SECTOR = "Steuern und Abgaben";
/** Bereichskennung SF */
public static String TARGET_SF = "SF";
- /** Tätigkeitsbereich SF */
+ /** Tätigkeitsbereich SF */
public static String TARGET_SF_SECTOR = "Sport und Freizeit";
/** Bereichskennung SO */
public static String TARGET_SO = "SO";
- /** Tätigkeitsbereich SO */
+ /** Tätigkeitsbereich SO */
public static String TARGET_SO_SECTOR = "Sicherheit und Ordnung";
/** Bereichskennung SO-VR */
public static String TARGET_SO_VR = "SO-VR";
- /** Tätigkeitsbereich SO-VR */
+ /** Tätigkeitsbereich SO-VR */
public static String TARGET_SO_VR_SECTOR = "Vereinsregister";
/** Bereichskennung SR-RG */
public static String TARGET_SR_RG = "SR-RG";
- /** Tätigkeitsbereich SR-RG */
+ /** Tätigkeitsbereich SR-RG */
public static String TARGET_SR_RG_SECTOR = "Strafregister";
/** Bereichskennung SV */
public static String TARGET_SV = "SV";
- /** Tätigkeitsbereich SV */
+ /** Tätigkeitsbereich SV */
public static String TARGET_SV_SECTOR = "Sozialversicherung";
/** Bereichskennung UW */
public static String TARGET_UW = "UW";
- /** Tätigkeitsbereich UW */
+ /** Tätigkeitsbereich UW */
public static String TARGET_UW_SECTOR = "Umwelt";
/** Bereichskennung VT */
public static String TARGET_VT = "VT";
- /** Tätigkeitsbereich VT */
+ /** Tätigkeitsbereich VT */
public static String TARGET_VT_SECTOR = "Verkehr und Technik";
/** Bereichskennung VV */
public static String TARGET_VV = "VV";
- /** Tätigkeitsbereich VV */
- public static String TARGET_VV_SECTOR = "Vermögensverwaltung";
+ /** Tätigkeitsbereich VV */
+ public static String TARGET_VV_SECTOR = "Vermögensverwaltung";
/** Bereichskennung WT */
public static String TARGET_WT = "WT";
- /** Tätigkeitsbereich WT */
+ /** Tätigkeitsbereich WT */
public static String TARGET_WT_SECTOR = "Wirtschaft";
/** Bereichskennung ZP */
public static String TARGET_ZP = "ZP";
- /** Tätigkeitsbereich ZP */
- public static String TARGET_ZP_SECTOR = "Personenidentität und Bürgerrechte (zur Person)";
+ /** Tätigkeitsbereich ZP */
+ public static String TARGET_ZP_SECTOR = "Personenidentität und Bürgerrechte (zur Person)";
/** Bereichskennung BR */
public static String TARGET_BR = "BR";
- /** Tätigkeitsbereich BR */
- public static String TARGET_BR_SECTOR = "Bereichsübergreifender Rechtsschutz";
+ /** Tätigkeitsbereich BR */
+ public static String TARGET_BR_SECTOR = "Bereichsübergreifender Rechtsschutz";
/** Bereichskennung HR */
public static String TARGET_HR = "HR";
- /** Tätigkeitsbereich HR */
+ /** Tätigkeitsbereich HR */
public static String TARGET_HR_SECTOR = "Zentrales Rechnungswesen";
/** Bereichskennung KI */
public static String TARGET_KI = "KI";
- /** Tätigkeitsbereich KI */
+ /** Tätigkeitsbereich KI */
public static String TARGET_KI_SECTOR = "Auftraggeberinterne allgemeine Kanzleiindizes";
/** Bereichskennung OI */
public static String TARGET_OI = "OI";
- /** Tätigkeitsbereich OI */
- public static String TARGET_OI_SECTOR = "Öffentlichkeitsarbeit";
+ /** Tätigkeitsbereich OI */
+ public static String TARGET_OI_SECTOR = "öffentlichkeitsarbeit";
/** Bereichskennung PV */
public static String TARGET_PV = "PV";
- /** Tätigkeitsbereich PV */
+ /** Tätigkeitsbereich PV */
public static String TARGET_PV_SECTOR = "Personalverwaltung";
/** Bereichskennung RD */
public static String TARGET_RD = "RD";
- /** Tätigkeitsbereich RD */
+ /** Tätigkeitsbereich RD */
public static String TARGET_RD_SECTOR = "Zentraler Rechtsdienst";
/** Bereichskennung VS */
public static String TARGET_VS = "VS";
- /** Tätigkeitsbereich VS */
- public static String TARGET_VS_SECTOR = "Zentrale Durchführung von Verwaltungsstrafverfahren";
+ /** Tätigkeitsbereich VS */
+ public static String TARGET_VS_SECTOR = "Zentrale Durchführung von Verwaltungsstrafverfahren";
/** Bereichskennung VS-RG */
public static String TARGET_VS_RG = "VS-RG";
- /** Tätigkeitsbereich VS-RG */
+ /** Tätigkeitsbereich VS-RG */
public static String TARGET_VS_RG_SECTOR = "Zentrales Verwaltungsstrafregister";
/** Bereichskennung ZU */
public static String TARGET_ZU = "ZU";
- /** Tätigkeitsbereich ZU */
+ /** Tätigkeitsbereich ZU */
public static String TARGET_ZU_SECTOR = "Zustellungen";
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/auth/AuthConfigurationProvider.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/auth/AuthConfigurationProvider.java
index b86b2ec68..55a20d558 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/auth/AuthConfigurationProvider.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/auth/AuthConfigurationProvider.java
@@ -24,29 +24,75 @@
package at.gv.egovernment.moa.id.config.auth;
-import java.io.BufferedInputStream;
+import iaik.security.cipher.AESKeyGenerator;
+import iaik.util.logging.Log;
+
import java.io.File;
import java.io.FileInputStream;
+import java.io.FileNotFoundException;
import java.io.IOException;
-import java.io.InputStream;
+import java.math.BigInteger;
import java.net.MalformedURLException;
+import java.security.NoSuchAlgorithmException;
+import java.security.NoSuchProviderException;
+import java.util.ArrayList;
+import java.util.HashMap;
import java.util.List;
-
-import org.w3c.dom.Element;
-import org.w3c.dom.Node;
-
-import eu.stork.vidp.messages.common.STORKBootstrap;
-
-import at.gv.egovernment.moa.id.config.ConfigurationBuilder;
+import java.util.Map;
+import java.util.Properties;
+
+import javax.crypto.Cipher;
+import javax.crypto.KeyGenerator;
+import javax.crypto.NoSuchPaddingException;
+import javax.xml.bind.JAXBContext;
+import javax.xml.bind.Marshaller;
+import javax.xml.bind.Unmarshaller;
+
+import org.hibernate.cfg.Configuration;
+
+
+import at.gv.egovernment.moa.id.auth.AuthenticationServer;
+import at.gv.egovernment.moa.id.commons.db.ConfigurationDBRead;
+import at.gv.egovernment.moa.id.commons.db.ConfigurationDBUtils;
+import at.gv.egovernment.moa.id.commons.db.MOASessionDBUtils;
+import at.gv.egovernment.moa.id.commons.db.dao.config.AuthComponentGeneral;
+import at.gv.egovernment.moa.id.commons.db.dao.config.ChainingModes;
+import at.gv.egovernment.moa.id.commons.db.dao.config.Contact;
+import at.gv.egovernment.moa.id.commons.db.dao.config.ForeignIdentities;
+import at.gv.egovernment.moa.id.commons.db.dao.config.IdentificationNumber;
+import at.gv.egovernment.moa.id.commons.db.dao.config.IdentityLinkSigners;
+import at.gv.egovernment.moa.id.commons.db.dao.config.LegacyAllowed;
+import at.gv.egovernment.moa.id.commons.db.dao.config.MOAIDConfiguration;
+import at.gv.egovernment.moa.id.commons.db.dao.config.MOASP;
+import at.gv.egovernment.moa.id.commons.db.dao.config.OnlineApplication;
+import at.gv.egovernment.moa.id.commons.db.dao.config.OnlineMandates;
+import at.gv.egovernment.moa.id.commons.db.dao.config.Organization;
+import at.gv.egovernment.moa.id.commons.db.dao.config.PVP2;
+import at.gv.egovernment.moa.id.commons.db.dao.config.Protocols;
+import at.gv.egovernment.moa.id.commons.db.dao.config.SLRequestTemplates;
+import at.gv.egovernment.moa.id.commons.db.dao.config.SSO;
+import at.gv.egovernment.moa.id.commons.db.dao.config.SecurityLayer;
+import at.gv.egovernment.moa.id.commons.db.dao.config.TimeOuts;
+import at.gv.egovernment.moa.id.commons.db.dao.config.TrustAnchor;
+import at.gv.egovernment.moa.id.commons.db.dao.config.VerifyAuthBlock;
+import at.gv.egovernment.moa.id.commons.db.dao.config.VerifyIdentityLink;
+import at.gv.egovernment.moa.id.commons.db.dao.session.AssertionStore;
+import at.gv.egovernment.moa.id.commons.db.dao.session.AuthenticatedSessionStore;
+import at.gv.egovernment.moa.id.commons.db.dao.session.OASessionStore;
+import at.gv.egovernment.moa.id.commons.db.dao.session.OldSSOSessionIDStore;
+import at.gv.egovernment.moa.id.config.legacy.BuildFromLegacyConfig;
import at.gv.egovernment.moa.id.config.ConfigurationException;
import at.gv.egovernment.moa.id.config.ConfigurationProvider;
+import at.gv.egovernment.moa.id.config.ConfigurationUtils;
import at.gv.egovernment.moa.id.config.ConnectionParameter;
+import at.gv.egovernment.moa.id.config.ConnectionParameterForeign;
+import at.gv.egovernment.moa.id.config.ConnectionParameterMOASP;
+import at.gv.egovernment.moa.id.config.ConnectionParameterMandate;
import at.gv.egovernment.moa.id.config.stork.STORKConfig;
+import at.gv.egovernment.moa.id.data.IssuerAndSerial;
import at.gv.egovernment.moa.logging.Logger;
-import at.gv.egovernment.moa.util.DOMUtils;
-import at.gv.egovernment.moa.util.FileUtils;
-import at.gv.egovernment.moa.util.StringUtils;
-import at.gv.egovernment.moa.util.XPathUtils;
+import at.gv.egovernment.moa.util.MiscUtil;
+import eu.stork.vidp.messages.common.STORKBootstrap;
/**
* A class providing access to the Auth Part of the MOA-ID configuration data.
@@ -113,89 +159,34 @@ public class AuthConfigurationProvider extends ConfigurationProvider {
//
// configuration data
//
+ private static MOAIDConfiguration moaidconfig = null;
- /**
- * configuration files containing transformations for rendering in the
- * secure viewer of the security layer implementation;
- * multiple files can be given for different mime types
- */
- private String[] transformsInfoFileNames;
+ private static Properties props = null;
- /**
- * transformations for rendering in the secure viewer of the security layer implementation,
- * read from {@link transformsInfoFileNames};
- * multiple transformation can be given for different mime types
- */
- private String[] transformsInfos;
+ private static STORKConfig storkconfig = null;
- /**
- * parameters for connection to MOA SP component
- */
- private ConnectionParameter moaSpConnectionParameter;
+ private static TimeOuts timeouts = null;
-
- /**
- * trust profile ID to be used for verifying the identity link signature via MOA ID SP
- */
- private String moaSpIdentityLinkTrustProfileID;
- /**
- * trust profile ID to be used for verifying the AUTH block signature via MOA ID SP
- */
- private String moaSpAuthBlockTrustProfileID;
- /**
- * transformations to be used for verifying the AUTH block signature via MOA ID SP
- */
- private String[] moaSpAuthBlockVerifyTransformsInfoIDs;
- /**
- * X509 SubjectNames which will be trusted
- */
- private List identityLinkX509SubjectNames;
- /**
- * default parameters for verifying additional infoboxes.
- */
- private VerifyInfoboxParameters defaultVerifyInfoboxParameters;
-
- /**
- * configuration parameters for online applications
- */
- private OAAuthParameter[] onlineApplicationAuthParameters;
- /**
- * the Selection Type of the bku Selection Element
- */
- private String bKUSelectionType;
- /**
- * is the bku Selection Element present?
- */
- private boolean bKUSelectable;
- /**
- * the bku Selection Connection Parameters
- */
- private ConnectionParameter bKUConnectionParameter;
+ private static PVP2 pvp2general = null;
- /**
- * parameter for connection to SZR-GW GetIdentityLink
- */
- private ConnectionParameter foreignIDConnectionParameter;
+ private static String alternativesourceid = null;
- /**
- * parameter for connection to OnlineMandates Service
- */
- private ConnectionParameter onlineMandatesConnectionParameter;
+ private static List<String> legacyallowedprotocols = new ArrayList<String>();
- /**
- * Parameter for trusted BKUs
- */
- private List trustedBKUs;
+ private static VerifyAuthBlock verifyidl = null;
- /**
- * Parameter for trusted Template URLs
- */
- private List trustedTemplateURLs;
+ private static ConnectionParameter MoaSpConnectionParameter = null;
+ private static ConnectionParameter ForeignIDConnectionParameter = null;
+ private static ConnectionParameter OnlineMandatesConnectionParameter = null;
- /**
- * Holds general information for STORK (e.g. C-PEPS connection parameter, SAML signing parameters, etc.)
- */
- private STORKConfig storkConfig;
+ private static String MoaSpIdentityLinkTrustProfileID = null;
+
+ private static List<String> TransformsInfos = null;
+ private static List<String> IdentityLinkX509SubjectNames = new ArrayList<String>();
+
+ private static Map<String, String> SLRequestTemplates = new HashMap<String, String>();
+
+ private static SSO ssoconfig = null;
/**
* Return the single instance of configuration data.
@@ -250,129 +241,418 @@ public class AuthConfigurationProvider extends ConfigurationProvider {
* read/built.
*/
private void load(String fileName) throws ConfigurationException {
- InputStream stream = null;
- Element configElem;
- ConfigurationBuilder builder;
+
+ try {
+ //Initial Hibernate Framework
+ Logger.trace("Initializing Hibernate framework.");
+
+ //Load MOAID-2.0 properties file
+ File propertiesFile = new File(fileName);
+ FileInputStream fis;
+ props = new Properties();
+
+ // determine the directory of the root config file
+ rootConfigFileDir = new File(fileName).getParent();
- try {
- // load the main config file
- stream = new BufferedInputStream(new FileInputStream(fileName));
- configElem = DOMUtils.parseXmlValidating(stream);
- } catch (Throwable t) {
- throw new ConfigurationException("config.03", null, t);
- }
- finally {
- try {
- if (stream != null) {
- stream.close();
- }
- } catch (IOException e) {
- }
- }
try {
- // determine the directory of the root config file
- rootConfigFileDir = new File(fileName).getParent();
- try {
- rootConfigFileDir = new File(rootConfigFileDir).toURL().toString();
- } catch (MalformedURLException t) {
- throw new ConfigurationException("config.03", null, t);
- }
-
+ rootConfigFileDir = new File(rootConfigFileDir).toURL().toString();
+
+ } catch (MalformedURLException t) {
+ throw new ConfigurationException("config.03", null, t);
+ }
+
+ try {
+ fis = new FileInputStream(propertiesFile);
+ props.load(fis);
+
+ //TODO: maybe some general hibnerate config!!!
+ // read MOAID Session Hibernate properties
+ Properties moaSessionProp = new Properties();
+ for (Object key : props.keySet()) {
+ String propPrefix = "moasession.";
+ if (key.toString().startsWith(propPrefix)) {
+ String propertyName = key.toString().substring(propPrefix.length());
+ moaSessionProp.put(propertyName, props.get(key.toString()));
+ }
+ }
+
+ // read Config Hibernate properties
+ Properties configProp = new Properties();
+ for (Object key : props.keySet()) {
+ String propPrefix = "configuration.";
+ if (key.toString().startsWith(propPrefix)) {
+ String propertyName = key.toString().substring(propPrefix.length());
+ configProp.put(propertyName, props.get(key.toString()));
+ }
+ }
+
+ // initialize hibernate
+ synchronized (AuthConfigurationProvider.class) {
+
+ //Initial config Database
+ ConfigurationDBUtils.initHibernate(configProp);
+
+ //initial MOAID Session Database
+ Configuration config = new Configuration();
+ config.addAnnotatedClass(AssertionStore.class);
+ config.addAnnotatedClass(AuthenticatedSessionStore.class);
+ config.addAnnotatedClass(OASessionStore.class);
+ config.addAnnotatedClass(OldSSOSessionIDStore.class);
+ config.addProperties(moaSessionProp);
+ MOASessionDBUtils.initHibernate(config, moaSessionProp);
+
+ }
+ Logger.trace("Hibernate initialization finished.");
+
+ } catch (FileNotFoundException e) {
+ throw new ConfigurationException("config.03", null, e);
+
+ } catch (IOException e) {
+ throw new ConfigurationException("config.03", null, e);
+
+ } catch (ExceptionInInitializerError e) {
+ throw new ConfigurationException("config.17", null, e);
+ }
+
+
//Initialize OpenSAML for STORK
- Logger.trace("Starting initialization of OpenSAML...");
+ Logger.info("Starting initialization of OpenSAML...");
STORKBootstrap.bootstrap();
Logger.debug("OpenSAML successfully initialized");
+
+
+ String legacyconfig = props.getProperty("configuration.xml.legacy");
+ String xmlconfig = props.getProperty("configuration.xml");
+// String xmlconfigout = props.getProperty("configuration.xml.out");
+
+
+ //check if XML config should be used
+ if (MiscUtil.isNotEmpty(legacyconfig) || MiscUtil.isNotEmpty(xmlconfig)) {
+ Logger.warn("WARNING! MOA-ID 2.0 is started with XML configuration. This setup overstrike the actual configuration in the Database!");
+ moaidconfig = ConfigurationDBRead.getMOAIDConfiguration();
+ if (moaidconfig != null)
+ ConfigurationDBUtils.delete(moaidconfig);
+
+ List<OnlineApplication> oas = ConfigurationDBRead.getAllOnlineApplications();
+ if (oas != null && oas.size() > 0) {
+ for (OnlineApplication oa : oas)
+ ConfigurationDBUtils.delete(oa);
+ }
+ }
+
+ //load legacy config if it is configured
+ if (MiscUtil.isNotEmpty(legacyconfig)) {
+ Logger.warn("WARNING! MOA-ID 2.0 is started with legacy configuration. This setup is not recommended!");
- // build the internal datastructures
- builder = new ConfigurationBuilder(configElem, rootConfigFileDir);
- bKUConnectionParameter = builder.buildAuthBKUConnectionParameter();
- bKUSelectable = (bKUConnectionParameter!=null);
- bKUSelectionType = builder.buildAuthBKUSelectionType();
- genericConfiguration = builder.buildGenericConfiguration();
- transformsInfoFileNames = builder.buildTransformsInfoFileNames(builder.getConfigElem(), ConfigurationBuilder.AUTH_SECLAYER_TRANSFORMS_INFO_FILENAME_XPATH);
- transformsInfos = builder.loadTransformsInfos(transformsInfoFileNames);
- moaSpConnectionParameter = builder.buildMoaSpConnectionParameter();
- moaSpIdentityLinkTrustProfileID = builder.getMoaSpIdentityLinkTrustProfileID();
- moaSpAuthBlockTrustProfileID = builder.getMoaSpAuthBlockTrustProfileID();
- moaSpAuthBlockVerifyTransformsInfoIDs = builder.buildMoaSpAuthBlockVerifyTransformsInfoIDs();
- defaultVerifyInfoboxParameters = null;
- Node defaultVerifyInfoboxParamtersElem = XPathUtils.selectSingleNode(configElem, ConfigurationBuilder.AUTH_VERIFY_INFOBOXES_XPATH);
- if (defaultVerifyInfoboxParamtersElem != null) {
- defaultVerifyInfoboxParameters =
- builder.buildVerifyInfoboxParameters((Element)defaultVerifyInfoboxParamtersElem, null, moaSpIdentityLinkTrustProfileID);
- }
-
-
- foreignIDConnectionParameter = builder.buildForeignIDConnectionParameter();
- onlineMandatesConnectionParameter = builder.buildOnlineMandatesConnectionParameter();
- onlineApplicationAuthParameters = builder.buildOnlineApplicationAuthParameters(defaultVerifyInfoboxParameters, moaSpIdentityLinkTrustProfileID);
- identityLinkX509SubjectNames = builder.getIdentityLink_X509SubjectNames();
- defaultChainingMode = builder.getDefaultChainingMode();
- chainingModes = builder.buildChainingModes();
- trustedCACertificates = builder.getTrustedCACertificates();
- trustedCACertificates = FileUtils.makeAbsoluteURL(trustedCACertificates, rootConfigFileDir);
- trustedBKUs = builder.getTrustedBKUs();
- trustedTemplateURLs = builder.getTrustedTemplateURLs();
- storkConfig = new STORKConfig(builder.buildSTORKSignatureCreationParameter(),builder.buildSTORKSignatureVerificationParameter(), builder.buildSTORKcPEPSMap());
+ MOAIDConfiguration moaconfig = BuildFromLegacyConfig.build(new File(legacyconfig), rootConfigFileDir, null);
+
+ List<OnlineApplication> oas = moaconfig.getOnlineApplication();
+ for (OnlineApplication oa : oas)
+ ConfigurationDBUtils.save(oa);
+ moaconfig.setOnlineApplication(null);
+ ConfigurationDBUtils.save(moaconfig);
+
+ Logger.info("Legacy Configuration load is completed.");
+
+
+ }
+
+ //load MOA-ID 2.x config from XML
+ if (MiscUtil.isNotEmpty(xmlconfig)) {
+ Logger.warn("Load configuration from MOA-ID 2.x XML configuration");
+
+ try {
+ JAXBContext jc = JAXBContext.newInstance("at.gv.egovernment.moa.id.commons.db.dao.config");
+ Unmarshaller m = jc.createUnmarshaller();
+ File file = new File(xmlconfig);
+ MOAIDConfiguration moaconfig = (MOAIDConfiguration) m.unmarshal(file);
+ //ConfigurationDBUtils.save(moaconfig);
+
+ List<OnlineApplication> importoas = moaconfig.getOnlineApplication();
+ for (OnlineApplication importoa : importoas) {
+ ConfigurationDBUtils.saveOrUpdate(importoa);
+ }
+
+ moaconfig.setOnlineApplication(null);
+ ConfigurationDBUtils.saveOrUpdate(moaconfig);
+
+ } catch (Exception e) {
+ Logger.warn("MOA-ID XML configuration can not be loaded from File.", e);
+ throw new ConfigurationException("config.02", null);
+ }
+ Logger.info("XML Configuration load is completed.");
+ }
+
+ Logger.info("Read MOA-ID 2.0 configuration from database.");
+ moaidconfig = ConfigurationDBRead.getMOAIDConfiguration();
+ Logger.info("MOA-ID 2.0 is loaded.");
+
+ if (moaidconfig == null) {
+ Logger.warn("NO MOA-ID configuration found.");
+ throw new ConfigurationException("config.18", null);
+ }
+
+
+// //TODO: only for Testing!!!
+// if (MiscUtil.isNotEmpty(xmlconfigout)) {
+// Logger.info("Write MOA-ID 2.x xml config into " + xmlconfig);
+// JAXBContext jc = JAXBContext.newInstance("at.gv.egovernment.moa.id.commons.db.dao.config");
+// Marshaller m = jc.createMarshaller();
+// m.setProperty(Marshaller.JAXB_FORMATTED_OUTPUT, true);
+// File test = new File(xmlconfigout);
+// m.marshal(moaidconfig, test);
+//
+// }
+
+ //build STORK Config
+ AuthComponentGeneral auth = getAuthComponentGeneral();
+ ForeignIdentities foreign = auth.getForeignIdentities();
+ if (foreign == null ) {
+ Logger.warn("Error in MOA-ID Configuration. No STORK configuration found.");
+
+ } else
+ storkconfig = new STORKConfig(foreign.getSTORK(), props, rootConfigFileDir);
+
+
+ //load Chaining modes
+ ChainingModes cm = moaidconfig.getChainingModes();
+ if (cm != null) {
+ defaultChainingMode = cm.getSystemDefaultMode().value();
+
+ List<TrustAnchor> tas = cm.getTrustAnchor();
+
+ chainingModes = new HashMap<IssuerAndSerial, String>();
+ for (TrustAnchor ta : tas) {
+ IssuerAndSerial is = new IssuerAndSerial(ta.getX509IssuerName(), ta.getX509SerialNumber());
+ chainingModes.put(is, ta.getMode().value());
+ }
+ } else {
+ Logger.warn("Error in MOA-ID Configuration. No ChainingMode configuration found.");
+ throw new ConfigurationException("config.02", null);
+ }
+
+ //set Trusted CA certs directory
+ trustedCACertificates = rootConfigFileDir + moaidconfig.getTrustedCACertificates();
+
+ //set CertStoreDirectory
+ setCertStoreDirectory();
+
+ //set TrustManagerRevocationChecking
+ setTrustManagerRevocationChecking();
+
+ //set TimeOuts
+ if (auth.getGeneralConfiguration() != null) {
+ if (auth.getGeneralConfiguration().getTimeOuts() != null) {
+
+ timeouts = new TimeOuts();
+ if (auth.getGeneralConfiguration().getTimeOuts().getAssertion() == null)
+ timeouts.setAssertion(new BigInteger("120"));
+ else
+ timeouts.setAssertion(auth.getGeneralConfiguration().getTimeOuts().getAssertion());
+
+ if (auth.getGeneralConfiguration().getTimeOuts().getMOASessionCreated() == null)
+ timeouts.setMOASessionCreated(new BigInteger("2700"));
+ else
+ timeouts.setMOASessionCreated(auth.getGeneralConfiguration().getTimeOuts().getMOASessionCreated());
+
+ if (auth.getGeneralConfiguration().getTimeOuts().getMOASessionUpdated() == null)
+ timeouts.setMOASessionUpdated(new BigInteger("1200"));
+ else
+ timeouts.setMOASessionUpdated(auth.getGeneralConfiguration().getTimeOuts().getMOASessionUpdated());
+ }
+ }
+ else {
+ Logger.warn("Error in MOA-ID Configuration. No TimeOuts defined.");
+ throw new ConfigurationException("config.02", null);
+ }
+
+ //set PVP2 general config
+ Protocols protocols = auth.getProtocols();
+ if (protocols != null) {
+ if (protocols.getPVP2() != null) {
+ PVP2 el = protocols.getPVP2();;
+ pvp2general = new PVP2();
+ pvp2general.setIssuerName(el.getIssuerName());
+ pvp2general.setPublicURLPrefix(el.getPublicURLPrefix());
+
+ if (el.getOrganization() != null) {
+ Organization org = new Organization();
+ pvp2general.setOrganization(org);
+ org.setDisplayName(el.getOrganization().getDisplayName());
+ org.setName(el.getOrganization().getName());
+ org.setURL(el.getOrganization().getURL());
+ }
+
+ if (el.getContact() != null) {
+ List<Contact> cont = new ArrayList<Contact>();
+ pvp2general.setContact(cont);
+ for (Contact e : el.getContact()) {
+ Contact c = new Contact();
+ c.setCompany(e.getCompany());
+ c.setGivenName(e.getGivenName());
+ c.setMail(e.getMail());
+ c.setPhone(e.getPhone());
+ c.setSurName(e.getSurName());
+ c.setType(e.getType());
+ }
+ }
+ }
+ } else {
+ Logger.warn("Error in MOA-ID Configuration. No general Protcol configuration found.");
+ }
+
+ //set alternativeSourceID
+ if (auth.getGeneralConfiguration() != null)
+ alternativesourceid = auth.getGeneralConfiguration().getAlternativeSourceID();
+ else {
+ Logger.warn("Error in MOA-ID Configuration. No GeneralConfig defined.");
+ throw new ConfigurationException("config.02", null);
+ }
+
+ //set LegacyAllowedProtocols
+ try {
+ if (auth.getProtocols() != null) {
+ Protocols procols = auth.getProtocols();
+ if (procols.getLegacyAllowed() != null) {
+ LegacyAllowed legacy = procols.getLegacyAllowed();
+ legacyallowedprotocols = new ArrayList<String>(legacy.getProtocolName());
+ }
+ }
+ } catch (Exception e) {
+ Logger.info("No protocols found with legacy allowed flag!");
+ }
+
+ //set VerifyAuthBlockConfig
+ MOASP moasp = getMOASPConfig(auth);
+
+ VerifyAuthBlock el = moasp.getVerifyAuthBlock();
+ if (el != null) {
+ verifyidl = new VerifyAuthBlock();
+ verifyidl.setTrustProfileID(el.getTrustProfileID());
+ verifyidl.setVerifyTransformsInfoProfileID(new ArrayList<String>(el.getVerifyTransformsInfoProfileID()));
+ }
+ else {
+ Logger.warn("Error in MOA-ID Configuration. No Trustprofile for AuthBlock validation.");
+ throw new ConfigurationException("config.02", null);
+ }
+
+ //set MOASP connection parameters
+ if (moasp.getConnectionParameter() != null)
+ MoaSpConnectionParameter = new ConnectionParameterMOASP(moasp.getConnectionParameter(), props, this.rootConfigFileDir);
+ else
+ MoaSpConnectionParameter = null;
+
+ //set ForeignIDConnectionParameters
+ if (foreign != null) {
+ ForeignIDConnectionParameter = new ConnectionParameterForeign(foreign.getConnectionParameter(), props, this.rootConfigFileDir);
+ } else {
+ Logger.warn("Error in MOA-ID Configuration. No Connectionconfiguration to SZRGW Service found");
+ }
+
+ //set OnlineMandateConnectionParameters
+ OnlineMandates ovs = auth.getOnlineMandates();
+ if (ovs != null) {
+ OnlineMandatesConnectionParameter = new ConnectionParameterMandate(ovs.getConnectionParameter(), props, this.rootConfigFileDir);
+
+ } else {
+ Logger.warn("Error in MOA-ID Configuration. No Connectionconfiguration to OVS Service found");
+ }
+
+ //set MOASP IdentityLink Trust-ProfileID
+ VerifyIdentityLink verifyidl = moasp.getVerifyIdentityLink();
+ if (verifyidl != null)
+ MoaSpIdentityLinkTrustProfileID = verifyidl.getTrustProfileID();
+ else {
+ Logger.warn("Error in MOA-ID Configuration. No Trustprofile for IdentityLink validation.");
+ throw new ConfigurationException("config.02", null);
+ }
+
+ //set SL transformation infos
+ SecurityLayer seclayer = auth.getSecurityLayer();
+ if (seclayer == null) {
+ Logger.warn("Error in MOA-ID Configuration. No generalAuthConfiguration->SecurityLayer found");
+ throw new ConfigurationException("config.02", null);
+ } else {
+ TransformsInfos = ConfigurationUtils.getTransformInfos(seclayer.getTransformsInfo());
+ }
+
+ //set IdentityLinkSignerSubjectNames
+ IdentityLinkSigners idlsigners = auth.getIdentityLinkSigners();
+ if (idlsigners != null) {
+ IdentityLinkX509SubjectNames = new ArrayList<String>(idlsigners.getX509SubjectName());
+
+ } else {
+ Logger.warn("Warning in MOA-ID Configuration. No IdenitiyLink signer found.");
+ }
+
+ //set SLRequestTemplates
+ SLRequestTemplates templ = moaidconfig.getSLRequestTemplates();
+ if (templ == null) {
+ Logger.warn("Error in MOA-ID Configuration. No SLRequestTemplates found");
+ throw new ConfigurationException("config.02", null);
+ } else {
+ SLRequestTemplates.put(OAAuthParameter.ONLINEBKU, templ.getOnlineBKU());
+ SLRequestTemplates.put(OAAuthParameter.LOCALBKU, templ.getLocalBKU());
+ SLRequestTemplates.put(OAAuthParameter.HANDYBKU, templ.getHandyBKU());
+ }
+
+ //set SSO Config
+ if (auth.getSSO()!= null) {
+ ssoconfig = new SSO();
+ ssoconfig.setFriendlyName(auth.getSSO().getFriendlyName());
+ ssoconfig.setPublicURL(auth.getSSO().getPublicURL());
+ ssoconfig.setSpecialText(auth.getSSO().getSpecialText());
+ ssoconfig.setTarget(auth.getSSO().getTarget());
+
+ if (auth.getSSO().getIdentificationNumber() != null) {
+ IdentificationNumber value = new IdentificationNumber();
+ value.setType(auth.getSSO().getIdentificationNumber().getType());
+ value.setValue(auth.getSSO().getIdentificationNumber().getValue());
+ ssoconfig.setIdentificationNumber(value);
+ }
+ } else {
+ Logger.warn("Error in MOA-ID Configuration. No Single Sign-On Config found");
+ }
+
+ //close Database
+ ConfigurationDBUtils.closeSession();
+
} catch (Throwable t) {
throw new ConfigurationException("config.02", null, t);
}
}
- /**
- * Loads the <code>transformsInfos</code> from files.
- * @throws Exception on any exception thrown
- */
-// private void loadTransformsInfos() throws Exception {
-//
-// transformsInfos = new String[transformsInfoFileNames.length];
-// for (int i = 0; i < transformsInfoFileNames.length; i++) {
-// String fileURL = transformsInfoFileNames[i];
-//
-// //if fileURL is relative to rootConfigFileDir make it absolute
-// fileURL = FileUtils.makeAbsoluteURL(fileURL, rootConfigFileDir);
-// String transformsInfo = FileUtils.readURL(fileURL, DEFAULT_ENCODING);
-// transformsInfos[i] = transformsInfo;
-// }
-// }
-
-// /**
-// * Loads the <code>transformsInfos</code> from files.
-// * @throws Exception on any exception thrown
-// */
-// private String[] loadTransformsInfos(String[] transformsInfoFileNames) throws Exception {
-//
-// String[] transformsInfos = new String[transformsInfoFileNames.length];
-// for (int i = 0; i < transformsInfoFileNames.length; i++) {
-// String fileURL = transformsInfoFileNames[i];
-//
-// //if fileURL is relative to rootConfigFileDir make it absolute
-// fileURL = FileUtils.makeAbsoluteURL(fileURL, rootConfigFileDir);
-// String transformsInfo = FileUtils.readURL(fileURL, DEFAULT_ENCODING);
-// transformsInfos[i] = transformsInfo;
-// }
-// return transformsInfos;
-// }
- /**
- * Return a string array with all filenames leading
- * to the Transforms Information for the Security Layer
- * @return String[] of filenames to the Security Layer Transforms Information
- */
- public String[] getTransformsInfoFileNames() {
- return transformsInfoFileNames;
+
+ public Properties getGeneralPVP2ProperiesConfig() {
+ Properties configProp = new Properties();
+ for (Object key : props.keySet()) {
+ String propPrefix = "protocols.pvp2.";
+ if (key.toString().startsWith(propPrefix)) {
+ String propertyName = key.toString().substring(propPrefix.length());
+ configProp.put(propertyName, props.get(key.toString()));
+ }
+ }
+ return configProp;
}
- /**
- * Build an array of the OnlineApplication Parameters containing information
- * about the authentication component
- * @return An OAProxyParameter array containing beans
- * with all relevant information for theauthentication component of the online
- * application
- */
- public OAAuthParameter[] getOnlineApplicationParameters() {
- return onlineApplicationAuthParameters;
+
+ public PVP2 getGeneralPVP2DBConfig() {
+ return pvp2general;
}
+
+ public TimeOuts getTimeOuts() throws ConfigurationException {
+ return timeouts;
+ }
+
+ public String getAlternativeSourceID() throws ConfigurationException {
+ return alternativesourceid;
+ }
+
+ public List<String> getLegacyAllowedProtocols() {
+ return legacyallowedprotocols;
+ }
+
/**
* Provides configuration information regarding the online application behind
@@ -383,13 +663,15 @@ public class AuthConfigurationProvider extends ConfigurationProvider {
* if none is applicable
*/
public OAAuthParameter getOnlineApplicationParameter(String oaURL) {
- OAAuthParameter[] oaParams = getOnlineApplicationParameters();
- for (int i = 0; i < oaParams.length; i++) {
- OAAuthParameter oaParam = oaParams[i];
- if (oaURL.indexOf(oaParam.getPublicURLPrefix()) == 0)
- return oaParam;
- }
- return null;
+
+ OnlineApplication oa = ConfigurationDBRead.getActiveOnlineApplication(oaURL);
+
+ if (oa == null) {
+ Logger.warn("Online application with identifier " + oaURL + " is not found.");
+ return null;
+ }
+
+ return new OAAuthParameter(oa);
}
@@ -398,9 +680,10 @@ public class AuthConfigurationProvider extends ConfigurationProvider {
* profile id within the moa-sp part of the authentication component
*
* @return String with a url-reference to the VerifyAuthBlock trust profile ID
+ * @throws ConfigurationException
*/
- public String getMoaSpAuthBlockTrustProfileID() {
- return moaSpAuthBlockTrustProfileID;
+ public String getMoaSpAuthBlockTrustProfileID() throws ConfigurationException {
+ return verifyidl.getTrustProfileID();
}
/**
@@ -408,119 +691,194 @@ public class AuthConfigurationProvider extends ConfigurationProvider {
* IDs within the moa-sp part of the authentication component
* @return A string array containing all urls to the
* verify transform info IDs
+ * @throws ConfigurationException
*/
- public String[] getMoaSpAuthBlockVerifyTransformsInfoIDs() {
- return moaSpAuthBlockVerifyTransformsInfoIDs;
+ public List<String> getMoaSpAuthBlockVerifyTransformsInfoIDs() throws ConfigurationException {
+ return verifyidl.getVerifyTransformsInfoProfileID();
}
/**
* Return a ConnectionParameter bean containing all information
* of the authentication component moa-sp element
* @return ConnectionParameter of the authentication component moa-sp element
+ * @throws ConfigurationException
*/
- public ConnectionParameter getMoaSpConnectionParameter() {
- return moaSpConnectionParameter;
+ public ConnectionParameter getMoaSpConnectionParameter() throws ConfigurationException {
+ return MoaSpConnectionParameter;
}
/**
* Return a ConnectionParameter bean containing all information
* of the authentication component foreigid element
* @return ConnectionParameter of the authentication component foreignid element
+ * @throws ConfigurationException
*/
- public ConnectionParameter getForeignIDConnectionParameter() {
- return foreignIDConnectionParameter;
+ public ConnectionParameter getForeignIDConnectionParameter() throws ConfigurationException {
+ return ForeignIDConnectionParameter;
}
/**
* Return a ConnectionParameter bean containing all information
* of the authentication component OnlineMandates element
* @return ConnectionParameter of the authentication component OnlineMandates element
+ * @throws ConfigurationException
*/
- public ConnectionParameter getOnlineMandatesConnectionParameter() {
- return onlineMandatesConnectionParameter;
+ public ConnectionParameter getOnlineMandatesConnectionParameter() throws ConfigurationException {
+ return OnlineMandatesConnectionParameter;
}
/**
* Return a string with a url-reference to the VerifyIdentityLink trust
* profile id within the moa-sp part of the authentication component
* @return String with a url-reference to the VerifyIdentityLink trust profile ID
+ * @throws ConfigurationException
*/
- public String getMoaSpIdentityLinkTrustProfileID() {
- return moaSpIdentityLinkTrustProfileID;
+ public String getMoaSpIdentityLinkTrustProfileID() throws ConfigurationException {
+ return MoaSpIdentityLinkTrustProfileID;
}
+
/**
* Returns the transformsInfos.
* @return String[]
+ * @throws ConfigurationException
*/
- public String[] getTransformsInfos() {
- return transformsInfos;
+ public List<String> getTransformsInfos() throws ConfigurationException {
+ return TransformsInfos;
}
/**
* Returns the identityLinkX509SubjectNames.
* @return List
+ * @throws ConfigurationException
*/
- public List getIdentityLinkX509SubjectNames() {
- return identityLinkX509SubjectNames;
+ public List<String> getIdentityLinkX509SubjectNames() throws ConfigurationException {
+ return IdentityLinkX509SubjectNames;
}
- /**
- * Returns the trustBKUs.
- * @return List
- */
- public List getTrustedBKUs() {
- return this.trustedBKUs;
+ public List<String> getSLRequestTemplates() throws ConfigurationException {
+ return new ArrayList<String>(SLRequestTemplates.values());
}
-
- /**
- * Returns the trustedTemplateURLs.
- * @return List
- */
- public List getTrustedTemplateURLs() {
- return this.trustedTemplateURLs;
+
+ public String getSLRequestTemplates(String type) throws ConfigurationException {
+ String el = SLRequestTemplates.get(type);
+ if (MiscUtil.isNotEmpty(el))
+ return el;
+ else {
+ Logger.warn("getSLRequestTemplates: BKU Type does not match: "
+ + OAAuthParameter.ONLINEBKU + " or " + OAAuthParameter.HANDYBKU + " or " + OAAuthParameter.LOCALBKU);
+ return null;
+ }
}
-
- /**
- * Returns the bKUConnectionParameter.
- * @return ConnectionParameter
- */
- public ConnectionParameter getBKUConnectionParameter() {
- return bKUConnectionParameter;
+
+ public boolean isSSOBusinessService() throws ConfigurationException {
+
+ if (ssoconfig != null && ssoconfig.getIdentificationNumber() != null)
+ return true;
+ else
+ return false;
}
-
- /**
- * Returns the bKUSelectable.
- * @return boolean
- */
- public boolean isBKUSelectable() {
- return bKUSelectable;
+
+ public IdentificationNumber getSSOBusinessService() throws ConfigurationException {
+ if (ssoconfig != null)
+ return ssoconfig.getIdentificationNumber();
+ else
+ return null;
}
-
- /**
- * Returns the bKUSelectionType.
- * @return String
- */
- public String getBKUSelectionType() {
- return bKUSelectionType;
+
+ public String getSSOTarget() throws ConfigurationException {
+ if (ssoconfig!= null)
+ return ssoconfig.getTarget();
+
+ return null;
}
-
- /**
- * Returns the defaultVerifyInfoboxParameters.
- *
- * @return The defaultVerifyInfoboxParameters.
- */
- public VerifyInfoboxParameters getDefaultVerifyInfoboxParameters() {
- return defaultVerifyInfoboxParameters;
+
+ public String getSSOFriendlyName() {
+ if (ssoconfig!= null) {
+ if (MiscUtil.isNotEmpty(ssoconfig.getFriendlyName()))
+ return ssoconfig.getFriendlyName();
+ }
+
+ return "Default MOA-ID friendly name for SSO";
}
-
+
+ public String getSSOSpecialText() {
+ if (ssoconfig!= null) {
+ String text = ssoconfig.getSpecialText();
+ if (MiscUtil.isEmpty(text))
+ text = new String();
+
+ return text;
+ }
+ return new String();
+ }
+
+ public String getSSOPublicUrl() {
+ if (ssoconfig!= null) {
+ String url = ssoconfig.getPublicURL();
+ if (MiscUtil.isEmpty(url))
+ url = new String();
+ return url;
+ }
+ return new String();
+ }
+
+ public String getMOASessionEncryptionKey() {
+
+ String prop = props.getProperty("configuration.moasession.key");
+ if (MiscUtil.isEmpty(prop))
+ return null;
+ else
+ return prop;
+ }
+
/**
* Retruns the STORK Configuration
* @return STORK Configuration
+ * @throws ConfigurationException
*/
- public STORKConfig getStorkConfig() {
- return storkConfig;
+ public STORKConfig getStorkConfig() throws ConfigurationException {
+
+ return storkconfig;
}
+
+ private void setCertStoreDirectory() throws ConfigurationException {
+ AuthComponentGeneral auth = getAuthComponentGeneral();
+ if (auth.getGeneralConfiguration() != null)
+ certstoreDirectory = rootConfigFileDir + auth.getGeneralConfiguration().getCertStoreDirectory();
+ else {
+ Logger.warn("Error in MOA-ID Configuration. No CertStoreDirectory defined.");
+ throw new ConfigurationException("config.02", null);
+ }
+ }
+ private void setTrustManagerRevocationChecking() throws ConfigurationException {
+ AuthComponentGeneral auth = getAuthComponentGeneral();
+
+ if (auth.getGeneralConfiguration() != null)
+ trustmanagerrevoationchecking = auth.getGeneralConfiguration().isTrustManagerRevocationChecking();
+ else {
+ Logger.warn("Error in MOA-ID Configuration. No CertStoreDirectory defined.");
+ throw new ConfigurationException("config.02", null);
+ }
+ }
+
+ private AuthComponentGeneral getAuthComponentGeneral() throws ConfigurationException {
+ AuthComponentGeneral authgeneral = moaidconfig.getAuthComponentGeneral();
+ if (authgeneral == null) {
+ Logger.warn("Error in MOA-ID Configuration. No generalAuthConfiguration found");
+ throw new ConfigurationException("config.02", null);
+ }
+ return authgeneral;
+ }
+ private MOASP getMOASPConfig(AuthComponentGeneral authgeneral) throws ConfigurationException {
+ MOASP moasp = authgeneral.getMOASP();
+
+ if (moasp == null) {
+ Logger.warn("Error in MOA-ID Configuration. No MOASP configuration found");
+ throw new ConfigurationException("config.02", null);
+ }
+ return moasp;
+ }
} \ No newline at end of file
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/auth/OAAuthParameter.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/auth/OAAuthParameter.java
index 091a01bf7..c62594d6f 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/auth/OAAuthParameter.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/auth/OAAuthParameter.java
@@ -25,10 +25,22 @@
package at.gv.egovernment.moa.id.config.auth;
import java.util.ArrayList;
+import java.util.List;
-import org.opensaml.saml2.metadata.RequestedAttribute;
-
+import at.gv.egovernment.moa.id.commons.db.dao.config.AuthComponentOA;
+import at.gv.egovernment.moa.id.commons.db.dao.config.BKUURLS;
+import at.gv.egovernment.moa.id.commons.db.dao.config.IdentificationNumber;
+import at.gv.egovernment.moa.id.commons.db.dao.config.Mandates;
+import at.gv.egovernment.moa.id.commons.db.dao.config.OAPVP2;
+import at.gv.egovernment.moa.id.commons.db.dao.config.OASAML1;
+import at.gv.egovernment.moa.id.commons.db.dao.config.OASSO;
+import at.gv.egovernment.moa.id.commons.db.dao.config.OnlineApplication;
+import at.gv.egovernment.moa.id.commons.db.dao.config.TemplateType;
+import at.gv.egovernment.moa.id.commons.db.dao.config.TemplatesType;
+import at.gv.egovernment.moa.id.commons.db.dao.config.TransformsInfoType;
+import at.gv.egovernment.moa.id.config.ConfigurationUtils;
import at.gv.egovernment.moa.id.config.OAParameter;
+import at.gv.egovernment.moa.logging.Logger;
import eu.stork.vidp.messages.builder.STORKMessagesBuilder;
import eu.stork.vidp.messages.common.STORKConstants;
import eu.stork.vidp.messages.stork.QualityAuthenticationAssuranceLevel;
@@ -47,93 +59,25 @@ import eu.stork.vidp.messages.stork.RequestedAttributes;
* @author Harald Bratko
*/
public class OAAuthParameter extends OAParameter {
- /**
- * Sercurity Layer version
- */
- private String slVersion;
- /**
- * true, if the Security Layer version is version 1.2, otherwise false
- */
- private boolean slVersion12;
- /**
- * identityLinkDomainIdentifier
- * (e.g <code>urn:publicid:gv.at+wbpk+FN468i</code> for a "Firmenbuchnummer")
- * <br>
- * only used within a business application context for providing it to the
- * security layer as input for wbPK computation
- */
- private String identityLinkDomainIdentifier;
- /**
- * key box Identifier (e.g. CertifiedKeypair, SecureSignatureKeypair)
- */
- private String keyBoxIdentifier;
- /**
- * transformations for rendering in the secure viewer of the security layer
- * implementation; multiple transformation can be given for different mime types
- */
- private String[] transformsInfos;
- /**
- * determines whether "Stammzahl" is to be included in the authentication data
- */
- private boolean provideStammzahl;
- /**
- * determines whether AUTH block is to be included in the authentication data
- */
- private boolean provideAuthBlock;
- /**
- * determines whether identity link is to be included in the authentication data
- */
- private boolean provideIdentityLink;
- /**
- * determines whether the certificate is to be included in the authentication data
- */
- private boolean provideCertificate;
- /**
- * determines whether the full mandator data (i.e. the mandate) is to be included in the authentication data
- */
- private boolean provideFullMandatorData;
-
- /** determines wheter the IssueInstant of the SAML assertion is in UTC or not*/
- private boolean useUTC;
-
- /** determines wheter a saml:Condition is added to the SAML assertion or not */
- private boolean useCondition;
-
- /** determines the validity time of the SAML assertion (if useCondition is true) in seconds */
- private int conditionLength;
- /**
- * url to a template for web page "Auswahl der B&uuml;rgerkartenumgebung"
- */
- private String bkuSelectionTemplateURL;
- /**
- * template for web page "Anmeldung mit B&uuml;rgerkarte"
- */
- private String templateURL;
- /**
- * template for web page "Signatur der Anmeldedaten"
- */
- private String inputProcessorSignTemplateURL;
- /**
- * Parameters for verifying infoboxes.
- */
- private VerifyInfoboxParameters verifyInfoboxParameters;
-
- /**
- * Parameter for Mandate profiles
- */
- private String mandateProfiles;
-
- /**
- *
- * Type for authentication number (e.g. Firmenbuchnummer)
- */
- private String identityLinkDomainIdentifierType;
+ public static final String ONLINEBKU = "online";
+ public static final String HANDYBKU = "handy";
+ public static final String LOCALBKU = "local";
+
+ private AuthComponentOA oa_auth;
+
+ public OAAuthParameter(OnlineApplication oa) {
+ super(oa);
+
+ this.oa_auth = oa.getAuthComponentOA();
+
+ this.keyBoxIdentifier = oa.getKeyBoxIdentifier().value();
+}
/**
* STORK QAA Level, Default = 4
*/
- private QualityAuthenticationAssuranceLevel qaaLevel = STORKMessagesBuilder.buildQualityAuthenticationAssuranceLevel(4);
+ private QualityAuthenticationAssuranceLevel qaaLevel = STORKMessagesBuilder.buildQualityAuthenticationAssuranceLevel(4);
/**
* STORK RequestedAttributes for Online Application
@@ -144,359 +88,215 @@ public class OAAuthParameter extends OAParameter {
STORKMessagesBuilder.buildRequestedAttribute(STORKConstants.STORK_ATTRIBUTE_GIVENNAME, true, null),
STORKMessagesBuilder.buildRequestedAttribute(STORKConstants.STORK_ATTRIBUTE_SURNAME, true, null),
STORKMessagesBuilder.buildRequestedAttribute(STORKConstants.STORK_ATTRIBUTE_DATEOFBIRTH, false, null));
-
-
-/**
- * Returns <code>true</code> if the Security Layer version is version 1.2,
- * otherwise <code>false</code>.
- * @return <code>true</code> if the Security Layer version is version 1.2,
- * otherwise <code>false</code>
- */
- public boolean getSlVersion12() {
- return slVersion12;
- }
-
- /**
- * Returns the security layer version.
- * @return the security layer version.
- */
- public String getSlVersion() {
- return slVersion;
- }
-
- /**
- * Returns the identityLinkDomainIdentifier.
- * @return the identityLinkDomainIdentifier.
- */
- public String getIdentityLinkDomainIdentifier() {
- return identityLinkDomainIdentifier;
- }
-
- /**
- * Returns the transformsInfos.
- * @return the transformsInfos.
- */
- public String[] getTransformsInfos() {
- return transformsInfos;
- }
-
- /**
- * Returns the provideAuthBlock.
- * @return String
- */
- public boolean getProvideAuthBlock() {
- return provideAuthBlock;
- }
-
- /**
- * Returns the provideIdentityLink.
- * @return String
- */
- public boolean getProvideIdentityLink() {
- return provideIdentityLink;
- }
- /**
- * Returns the provideStammzahl.
- * @return String
- */
- public boolean getProvideStammzahl() {
- return provideStammzahl;
- }
-
- /**
- * Returns <code>true</code> if the certificate should be provided within the
- * authentication data, otherwise <code>false</code>.
- * @return <code>true</code> if the certificate should be provided,
- * otherwise <code>false</code>
- */
- public boolean getProvideCertifcate() {
- return provideCertificate;
- }
-
- /**
- * Returns <code>true</code> if the full mandator data should be provided within the
- * authentication data, otherwise <code>false</code>.
- * @return <code>true</code> if the full mandator data should be provided,
- * otherwise <code>false</code>
- */
- public boolean getProvideFullMandatorData() {
- return provideFullMandatorData;
- }
-
- /**
- * Returns <code>true</code> if the IssueInstant should be given in UTC, otherwise <code>false</code>.
- * @return <code>true</code> if the IssueInstant should be given in UTC, otherwise <code>false</code>.
- */
- public boolean getUseUTC() {
- return useUTC;
- }
-
- /**
- * Returns <code>true</code> if the SAML assertion should contain a saml:Condition, otherwise <code>false</code>.
- * @return <code>true</code> if the SAML assertion should contain a saml:Condition, otherwise <code>false</code>.
- */
- public boolean getUseCondition() {
- return useCondition;
- }
-
- /**
- * Returns the validity time of the SAML assertion (if useCondition is true) in seconds
- * @return the validity time of the SAML assertion (if useCondition is true) in seconds
- */
- public int getConditionLength() {
- return conditionLength;
- }
+ private String keyBoxIdentifier;
-
/**
- * Returns the key box identifier.
- * @return String
- */
- public String getKeyBoxIdentifier() {
- return keyBoxIdentifier;
- }
-
- /**
- * Returns the BkuSelectionTemplate url.
- * @return The BkuSelectionTemplate url or <code>null</code> if no url for
- * a BkuSelectionTemplate is set.
- */
- public String getBkuSelectionTemplateURL() {
- return bkuSelectionTemplateURL;
- }
-
- /**
- * Returns the TemplateURL url.
- * @return The TemplateURL url or <code>null</code> if no url for
- * a Template is set.
- */
- public String getTemplateURL() {
- return templateURL;
- }
-
-
- /**
- * Returns the inputProcessorSignTemplateURL url.
- * @return The inputProcessorSignTemplateURL url or <code>null</code> if no url for
- * a input processor sign template is set.
- */
- public String getInputProcessorSignTemplateURL() {
- return inputProcessorSignTemplateURL;
- }
-
- /**
- * Returns the parameters for verifying additional infoboxes.
- *
- * @return The parameters for verifying additional infoboxes.
- * Maybe <code>null</code>.
- */
- public VerifyInfoboxParameters getVerifyInfoboxParameters() {
- return verifyInfoboxParameters;
- }
-
- /**
- * Sets the security layer version.
- * Also sets <code>slVersion12</code> ({@link #getSlVersion12()})
- * to <code>true</code> if the Security Layer version is 1.2.
- * @param slVersion The security layer version to be used.
- */
- public void setSlVersion(String slVersion) {
- this.slVersion = slVersion;
- if ("1.2".equals(slVersion)) {
- this.slVersion12 = true;
- }
- }
- /**
- * Sets the IdentityLinkDomainIdentifier.
- * @param identityLinkDomainIdentifier The IdentityLinkDomainIdentifiern number of the online application.
- */
- public void setIdentityLinkDomainIdentifier(String identityLinkDomainIdentifier) {
- this.identityLinkDomainIdentifier = identityLinkDomainIdentifier;
- }
- /**
- * Sets the transformsInfos.
- * @param transformsInfos The transformsInfos to be used.
- */
- public void setTransformsInfos(String[] transformsInfos) {
- this.transformsInfos = transformsInfos;
- }
-
+ * @return the slVersion
+ */
+public String getSlVersion() {
+ return oa_auth.getSlVersion();
+}
/**
- * Sets the provideAuthBlock.
- * @param provideAuthBlock The provideAuthBlock to set
- */
- public void setProvideAuthBlock(boolean provideAuthBlock) {
- this.provideAuthBlock = provideAuthBlock;
- }
+ * @return the slVersion12
+ */
+public boolean isSlVersion12() {
+ if ("1.2".equals(oa_auth.getSlVersion()))
+ return true;
+ else
+ return false;
+ }
- /**
- * Sets the provideIdentityLink.
- * @param provideIdentityLink The provideIdentityLink to set
- */
- public void setProvideIdentityLink(boolean provideIdentityLink) {
- this.provideIdentityLink = provideIdentityLink;
- }
+public boolean getUseUTC() {
+ return oa_auth.isUseUTC();
+}
- /**
- * Sets the provideStammzahl.
- * @param provideStammzahl The provideStammzahl to set
- */
- public void setProvideStammzahl(boolean provideStammzahl) {
- this.provideStammzahl = provideStammzahl;
- }
-
- /**
- * Sets the provideCertificate variable.
- * @param provideCertificate The provideCertificate value to set
- */
- public void setProvideCertificate(boolean provideCertificate) {
- this.provideCertificate = provideCertificate;
- }
-
- /**
- * Sets the provideFullMandatorData variable.
- * @param provideFullMandatorData The provideFullMandatorData value to set
- */
- public void setProvideFullMandatorData(boolean provideFullMandatorData) {
- this.provideFullMandatorData = provideFullMandatorData;
- }
-
- /**
- * Sets the useUTC variable.
- * @param useUTC The useUTC value to set
- */
- public void setUseUTC(boolean useUTC) {
- this.useUTC = useUTC;
- }
-
- /**
- * Sets the useCondition variable
- * @param useCondition The useCondition value to set
- */
- public void setUseCondition(boolean useCondition) {
- this.useCondition = useCondition;
- }
-
- /**
- * Sets the conditionLength variable
- * @param conditionLength the conditionLength value to set
- */
- public void setConditionLength(int conditionLength) {
- this.conditionLength = conditionLength;
- }
-
+public boolean useIFrame() {
+ return oa_auth.isUseIFrame();
+}
- /**
- * Sets the key box identifier.
- * @param keyBoxIdentifier to set
- */
- public void setKeyBoxIdentier(String keyBoxIdentifier) {
- this.keyBoxIdentifier = keyBoxIdentifier;
- }
-
- /**
- * Sets the BkuSelectionTemplate url.
- * @param bkuSelectionTemplateURL The url string specifying the location
- * of a BkuSelectionTemplate.
- */
- public void setBkuSelectionTemplateURL(String bkuSelectionTemplateURL) {
- this.bkuSelectionTemplateURL = bkuSelectionTemplateURL;
- }
-
- /**
- * Sets the Template url.
- * @param templateURL The url string specifying the location
- * of a Template.
- */
- public void setTemplateURL(String templateURL) {
- this.templateURL = templateURL;
- }
-
- /**
- * Sets the input processor sign form template url.
- *
- * @param inputProcessorSignTemplateURL The url string specifying the
- * location of the input processor sign form
- */
- public void setInputProcessorSignTemplateURL(String inputProcessorSignTemplateURL) {
- this.inputProcessorSignTemplateURL = inputProcessorSignTemplateURL;
- }
+/**
+ * @return the identityLinkDomainIdentifier
+ */
+public String getIdentityLinkDomainIdentifier() {
+
+ IdentificationNumber idnumber = oa_auth.getIdentificationNumber();
+ if (idnumber != null)
+ return idnumber.getValue();
+
+ return null;
+}
- /**
- * Sets the parameters for verifying additonal (to the identitylink infobox) infoboxes.
- *
- * @param verifyInfoboxParameters The verifyInfoboxParameters to set.
- */
- public void setVerifyInfoboxParameters(VerifyInfoboxParameters verifyInfoboxParameters) {
- this.verifyInfoboxParameters = verifyInfoboxParameters;
- }
-
- /**
- * Gets the IdentityLinkDomainIdentifier (e.g. Firmenbuchnummer)
- * @return IdentityLinkDomainIdentifier (e.g. Firmenbuchnummer)
- */
- public String getIdentityLinkDomainIdentifierType() {
- return identityLinkDomainIdentifierType;
- }
+/**
+ * @return the keyBoxIdentifier
+ */
+public String getKeyBoxIdentifier() {
+
+ return keyBoxIdentifier;
+}
- /**
- * Sets the IdentityLinkDomainIdentifier (e.g. Firmenbuchnummer)
- * @param identityLinkDomainIdentifierType The IdentityLinkDomainIdentifier to set (e.g. Firmenbuchnummer)
- */
- public void setIdentityLinkDomainIdentifierType(String identityLinkDomainIdentifierType) {
- this.identityLinkDomainIdentifierType = identityLinkDomainIdentifierType;
- }
-
- /**
- * Sets the Mandate/Profiles
- * @param profiles
- */
- public void setMandateProfiles(String profiles) {
- this.mandateProfiles = profiles;
- }
-
- /**
- * Returns the Mandates/Profiles
- * @return
- */
- public String getMandateProfiles() {
- return this.mandateProfiles;
- }
+/**
+ * @return the transformsInfos
+ */
+public List<String> getTransformsInfos() {
+
+ List<TransformsInfoType> transformations = oa_auth.getTransformsInfo();
+ return ConfigurationUtils.getTransformInfos(transformations);
+}
- /**
- * Returns the defined STORK QAALevel
- * @return STORK QAALevel
- */
- public QualityAuthenticationAssuranceLevel getQaaLevel() {
- return qaaLevel;
+ public OASAML1 getSAML1Parameter() {
+ return oa_auth.getOASAML1();
}
+ public OAPVP2 getPVP2Parameter() {
+ return oa_auth.getOAPVP2();
+ }
+
+///**
+// * @return the bkuSelectionTemplateURL
+// */
+//public String getBkuSelectionTemplateURL() {
+// return bkuSelectionTemplateURL;
+//}
+
/**
- * Sets the STORK QAALevel
- * @param qaaLevel
+ * @return the templateURL
*/
- public void setQaaLevel(QualityAuthenticationAssuranceLevel qaaLevel) {
- this.qaaLevel = qaaLevel;
+ public List<TemplateType> getTemplateURL() {
+ TemplatesType templates = oa_auth.getTemplates();
+
+ if (templates != null) {
+ if (templates.getTemplate() != null) {
+ return templates.getTemplate();
+ }
+ }
+ return null;
}
- /**
- * Returns the desired STORK Requested Attributes
- * @return STORK Requested Attributes
- */
- public RequestedAttributes getRequestedAttributes() {
- return requestedAttributes;
+ public String getAditionalAuthBlockText() {
+ TemplatesType templates = oa_auth.getTemplates();
+
+ if (templates != null) {
+ return templates.getAditionalAuthBlockText();
+ }
+ return null;
}
- /**
- * Sets the desired STORK Requested Attributes
- * @param requestedAttributes
- */
- public void setRequestedAttributes(RequestedAttributes requestedAttributes) {
- this.requestedAttributes = requestedAttributes;
+ public String getBKUURL(String bkutype) {
+ BKUURLS bkuurls = oa_auth.getBKUURLS();
+ if (bkuurls != null) {
+ if (bkutype.equals(ONLINEBKU))
+ return bkuurls.getOnlineBKU();
+ else if (bkutype.equals(HANDYBKU))
+ return bkuurls.getHandyBKU();
+ else if (bkutype.equals(LOCALBKU))
+ return bkuurls.getLocalBKU();
+
+ }
+ Logger.warn("BKU Type does not match: "
+ + ONLINEBKU + " or " + HANDYBKU + " or " + LOCALBKU);
+ return null;
+ }
+
+ public List<String> getBKUURL() {
+ BKUURLS bkuurls = oa_auth.getBKUURLS();
+
+ List<String> list = new ArrayList<String>();
+
+ if (bkuurls == null) {
+ Logger.warn("BKU Type does not match: "
+ + ONLINEBKU + " or " + HANDYBKU + " or " + LOCALBKU);
+ } else {
+ list.add(bkuurls.getOnlineBKU());
+ list.add(bkuurls.getHandyBKU());
+ list.add(bkuurls.getLocalBKU());
+ }
+ return list;
+ }
+
+
+ public boolean useSSO() {
+ OASSO sso = oa_auth.getOASSO();
+ if (sso != null)
+ return sso.isUseSSO();
+ else
+ return false;
+ }
+
+ public boolean useSSOQuestion() {
+ OASSO sso = oa_auth.getOASSO();
+ if (sso != null)
+ return sso.isAuthDataFrame();
+ else
+ return true;
+
+ }
+
+ public String getSingleLogOutURL() {
+ OASSO sso = oa_auth.getOASSO();
+ if (sso != null)
+ return sso.getSingleLogOutURL();
+ else
+ return null;
}
+
+///**
+// * @return the inputProcessorSignTemplateURL
+// */
+//public String getInputProcessorSignTemplateURL() {
+// return inputProcessorSignTemplateURL;
+//}
+
+///**
+// * @return the verifyInfoboxParameters
+// */
+//public VerifyInfoboxParameters getVerifyInfoboxParameters() {
+// return verifyInfoboxParameters;
+//}
+
+/**
+ * @return the mandateProfiles
+ */
+public String getMandateProfiles() {
+
+ Mandates mandates = oa_auth.getMandates();
+
+ if (mandates != null)
+ return mandates.getProfiles();
+ else
+ return null;
+}
+
+/**
+ * @return the identityLinkDomainIdentifierType
+ */
+public String getIdentityLinkDomainIdentifierType() {
+ IdentificationNumber idnumber = oa_auth.getIdentificationNumber();
+ if (idnumber != null)
+ return idnumber.getType();
+
+ return null;
+}
+
+/**
+ * @return the qaaLevel
+ */
+public QualityAuthenticationAssuranceLevel getQaaLevel() {
+ return qaaLevel;
+}
+
+/**
+ * @return the requestedAttributes
+ */
+public RequestedAttributes getRequestedAttributes() {
+ return requestedAttributes;
+}
+
+
+
+
}
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/legacy/BuildFromLegacyConfig.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/legacy/BuildFromLegacyConfig.java
new file mode 100644
index 000000000..1460668e2
--- /dev/null
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/legacy/BuildFromLegacyConfig.java
@@ -0,0 +1,591 @@
+package at.gv.egovernment.moa.id.config.legacy;
+
+import iaik.util.logging.Log;
+import iaik.x509.X509Certificate;
+
+import java.io.BufferedInputStream;
+import java.io.File;
+import java.io.FileInputStream;
+import java.io.IOException;
+import java.io.InputStream;
+import java.math.BigInteger;
+import java.util.ArrayList;
+import java.util.Arrays;
+import java.util.Collections;
+import java.util.List;
+import java.util.Map;
+import java.util.Properties;
+import java.util.Set;
+
+import org.bouncycastle.crypto.macs.OldHMac;
+import org.opensaml.saml2.metadata.RequestedAttribute;
+import org.opensaml.xml.XMLObject;
+import org.w3c.dom.Element;
+
+import eu.stork.vidp.messages.util.SAMLUtil;
+import eu.stork.vidp.messages.util.XMLUtil;
+
+import at.gv.egovernment.moa.id.commons.db.ConfigurationDBUtils;
+import at.gv.egovernment.moa.id.commons.db.dao.config.AuthComponentGeneral;
+import at.gv.egovernment.moa.id.commons.db.dao.config.AuthComponentOA;
+import at.gv.egovernment.moa.id.commons.db.dao.config.BKUURLS;
+import at.gv.egovernment.moa.id.commons.db.dao.config.CPEPS;
+import at.gv.egovernment.moa.id.commons.db.dao.config.ChainingModeType;
+import at.gv.egovernment.moa.id.commons.db.dao.config.ChainingModes;
+import at.gv.egovernment.moa.id.commons.db.dao.config.ClientKeyStore;
+import at.gv.egovernment.moa.id.commons.db.dao.config.ConnectionParameterClientAuthType;
+import at.gv.egovernment.moa.id.commons.db.dao.config.Contact;
+import at.gv.egovernment.moa.id.commons.db.dao.config.DefaultBKUs;
+import at.gv.egovernment.moa.id.commons.db.dao.config.ForeignIdentities;
+import at.gv.egovernment.moa.id.commons.db.dao.config.GeneralConfiguration;
+import at.gv.egovernment.moa.id.commons.db.dao.config.IdentificationNumber;
+import at.gv.egovernment.moa.id.commons.db.dao.config.IdentityLinkSigners;
+import at.gv.egovernment.moa.id.commons.db.dao.config.KeyName;
+import at.gv.egovernment.moa.id.commons.db.dao.config.KeyStore;
+import at.gv.egovernment.moa.id.commons.db.dao.config.LegacyAllowed;
+import at.gv.egovernment.moa.id.commons.db.dao.config.MOAIDConfiguration;
+import at.gv.egovernment.moa.id.commons.db.dao.config.MOAKeyBoxSelector;
+import at.gv.egovernment.moa.id.commons.db.dao.config.MOASP;
+import at.gv.egovernment.moa.id.commons.db.dao.config.Mandates;
+import at.gv.egovernment.moa.id.commons.db.dao.config.OAPVP2;
+import at.gv.egovernment.moa.id.commons.db.dao.config.OASAML1;
+import at.gv.egovernment.moa.id.commons.db.dao.config.OASSO;
+import at.gv.egovernment.moa.id.commons.db.dao.config.OnlineApplication;
+import at.gv.egovernment.moa.id.commons.db.dao.config.OnlineMandates;
+import at.gv.egovernment.moa.id.commons.db.dao.config.Organization;
+import at.gv.egovernment.moa.id.commons.db.dao.config.PVP2;
+import at.gv.egovernment.moa.id.commons.db.dao.config.Protocols;
+import at.gv.egovernment.moa.id.commons.db.dao.config.RequestedAttributeType;
+import at.gv.egovernment.moa.id.commons.db.dao.config.SAMLSigningParameter;
+import at.gv.egovernment.moa.id.commons.db.dao.config.SLRequestTemplates;
+import at.gv.egovernment.moa.id.commons.db.dao.config.SSO;
+import at.gv.egovernment.moa.id.commons.db.dao.config.STORK;
+import at.gv.egovernment.moa.id.commons.db.dao.config.SecurityLayer;
+import at.gv.egovernment.moa.id.commons.db.dao.config.SignatureCreationParameterType;
+import at.gv.egovernment.moa.id.commons.db.dao.config.SignatureVerificationParameterType;
+import at.gv.egovernment.moa.id.commons.db.dao.config.TemplateType;
+import at.gv.egovernment.moa.id.commons.db.dao.config.TemplatesType;
+import at.gv.egovernment.moa.id.commons.db.dao.config.TimeOuts;
+import at.gv.egovernment.moa.id.commons.db.dao.config.TransformsInfoType;
+import at.gv.egovernment.moa.id.commons.db.dao.config.TrustAnchor;
+import at.gv.egovernment.moa.id.commons.db.dao.config.VerifyAuthBlock;
+import at.gv.egovernment.moa.id.commons.db.dao.config.VerifyIdentityLink;
+import at.gv.egovernment.moa.id.config.ConfigurationException;
+import at.gv.egovernment.moa.id.config.ConfigurationProvider;
+import at.gv.egovernment.moa.id.config.auth.AuthConfigurationProvider;
+
+import at.gv.egovernment.moa.id.data.IssuerAndSerial;
+import at.gv.egovernment.moa.id.protocols.pvp2x.utils.SAML2Utils;
+import at.gv.egovernment.moa.util.Base64Utils;
+import at.gv.egovernment.moa.util.DOMUtils;
+import at.gv.egovernment.moa.util.MiscUtil;
+
+public class BuildFromLegacyConfig {
+
+ private static final String GENERIC_CONFIG_PARAM_SOURCEID = "AuthenticationServer.SourceID";
+
+ private static final String SEARCHBKUTEMPLATE_LOCAL = "https://127.0.0.1:3496/";
+ private static final String SEARCHBKUTEMPLATE_HANDY = "https://www.handy-signatur.at";
+ private static final String SEARCHBKUTEMPLATE_ONLINE = "bkuonline/http-security-layer-request";
+
+ public static MOAIDConfiguration build(File fileName, String rootConfigFileDir, MOAIDConfiguration oldconfig) throws ConfigurationException {
+ InputStream stream = null;
+ Element configElem;
+ ConfigurationBuilder builder;
+
+ Log.info("Load Legacy-Configuration from file=" + fileName);
+
+ try {
+ // load the main config file
+ stream = new BufferedInputStream(new FileInputStream(fileName));
+ configElem = DOMUtils.parseXmlValidating(stream);
+
+ } catch (Throwable t) {
+ throw new ConfigurationException("config.03", null, t);
+ }
+
+ finally {
+ try {
+ if (stream != null) {
+ stream.close();
+ }
+ } catch (IOException e) {
+
+ }
+ }
+
+ try {
+ String oldbkuonline = "";
+ String oldbkulocal = "";
+ String oldbkuhandy = "";
+
+ // build the internal datastructures
+ builder = new ConfigurationBuilder(configElem, rootConfigFileDir);
+
+
+ MOAIDConfiguration moaIDConfig = new MOAIDConfiguration();
+
+ AuthComponentGeneral generalAuth = new AuthComponentGeneral();
+ moaIDConfig.setAuthComponentGeneral(generalAuth);
+
+
+ //not supported by MOA-ID 2.0
+ //ConnectionParameter bKUConnectionParameter = builder.buildAuthBKUConnectionParameter();
+ //bKUSelectable = (bKUConnectionParameter!=null);
+ //bKUSelectionType = builder.buildAuthBKUSelectionType();
+
+
+ //Load generic Config
+ Map genericConfiguration = builder.buildGenericConfiguration();
+ GeneralConfiguration authGeneral = new GeneralConfiguration();
+
+ if (genericConfiguration.containsKey(GENERIC_CONFIG_PARAM_SOURCEID))
+ authGeneral.setAlternativeSourceID(
+ (String)genericConfiguration.get(GENERIC_CONFIG_PARAM_SOURCEID));
+
+ if (genericConfiguration.containsKey(ConfigurationProvider.TRUST_MANAGER_REVOCATION_CHECKING))
+ authGeneral.setTrustManagerRevocationChecking(
+ Boolean.valueOf((String)genericConfiguration.get(ConfigurationProvider.TRUST_MANAGER_REVOCATION_CHECKING)));
+
+ if (genericConfiguration.containsKey(ConfigurationProvider.DIRECTORY_CERTSTORE_PARAMETER_PROPERTY))
+ authGeneral.setCertStoreDirectory(
+ (String)genericConfiguration.get(ConfigurationProvider.DIRECTORY_CERTSTORE_PARAMETER_PROPERTY));
+
+
+ //Load Assertion and Session timeouts
+ TimeOuts timeOuts = new TimeOuts();
+ if (genericConfiguration.containsKey(AuthConfigurationProvider.AUTH_DATA_TIMEOUT_PROPERTY))
+ timeOuts.setAssertion(BigInteger.valueOf(Long.valueOf((String)genericConfiguration.get(AuthConfigurationProvider.AUTH_DATA_TIMEOUT_PROPERTY))));
+ else
+ timeOuts.setAssertion(BigInteger.valueOf(2*60)); //default 2min
+
+ if (genericConfiguration.containsKey(AuthConfigurationProvider.AUTH_SESSION_TIMEOUT_PROPERTY))
+ timeOuts.setAssertion(BigInteger.valueOf(Long.valueOf((String)genericConfiguration.get(AuthConfigurationProvider.AUTH_SESSION_TIMEOUT_PROPERTY))));
+ else
+ timeOuts.setAssertion(BigInteger.valueOf(30*60)); //default 30min
+
+ timeOuts.setMOASessionUpdated(BigInteger.valueOf(15*60)); //default 15min
+ authGeneral.setTimeOuts(timeOuts);
+ generalAuth.setGeneralConfiguration(authGeneral);
+
+
+ //TODO: set Protocols!!!!
+ Protocols auth_protocols = new Protocols();
+ generalAuth.setProtocols(auth_protocols);
+
+ LegacyAllowed prot_legacy = new LegacyAllowed();
+ auth_protocols.setLegacyAllowed(prot_legacy);
+ final List<String> PROTOCOLS_LEGACY_ALLOWED = Arrays.asList("id_saml1","id_pvp2x"); //TODO: set default values
+ prot_legacy.setProtocolName(PROTOCOLS_LEGACY_ALLOWED);
+
+ //TODO: remove beta test values
+ PVP2 prot_pvp2 = new PVP2();
+ auth_protocols.setPVP2(prot_pvp2);
+ prot_pvp2.setPublicURLPrefix("https://labda.iaik.tugraz.at:8443/moa-id-auth/");
+ prot_pvp2.setIssuerName("MOA-ID 2.0 Demo IDP");
+
+ Organization pvp2_org = new Organization();
+ prot_pvp2.setOrganization(pvp2_org);
+ pvp2_org.setDisplayName("OrganisationDisplayName");
+ pvp2_org.setName("OrganisatioName");
+ pvp2_org.setURL("http://www.egiz.gv.at");
+
+ List<Contact> pvp2_contacts = new ArrayList<Contact>();
+ prot_pvp2.setContact(pvp2_contacts);
+
+ Contact pvp2_contact = new Contact();
+ pvp2_contact.setCompany("OrganisationDisplayName");
+ pvp2_contact.setGivenName("Max");
+
+
+ List<String> mails = new ArrayList<String>();
+ pvp2_contact.setMail(mails);
+ mails.add("max@muster.mann");
+
+ List<String> phones = new ArrayList<String>();
+ pvp2_contact.setPhone(phones);
+ phones.add("01 5555 5555");
+
+ pvp2_contact.setSurName("Mustermann");
+ pvp2_contact.setType("technical");
+ pvp2_contacts.add(pvp2_contact);
+
+ //SSO
+ SSO auth_sso = new SSO();
+ generalAuth.setSSO(auth_sso);
+ auth_sso.setTarget("BF");
+ auth_sso.setFriendlyName("EGIZ MOAID 2.0 Beta");
+
+
+ //set SecurityLayer Transformations
+ String[] transformsInfoFileNames = builder.buildTransformsInfoFileNames(builder.getConfigElem(), ConfigurationBuilder.AUTH_SECLAYER_TRANSFORMS_INFO_FILENAME_XPATH);
+ String[] transformsInfos = builder.loadTransformsInfos(transformsInfoFileNames);
+
+ List<TransformsInfoType> auth_transformInfos = new ArrayList<TransformsInfoType>();
+ if (transformsInfos != null && transformsInfos.length > 0) {
+ for (int i=0; i<transformsInfos.length; i++) {
+
+ TransformsInfoType transforminfotype = new TransformsInfoType();
+ transforminfotype.setFilename(transformsInfoFileNames[i]);
+
+ transforminfotype.setTransformation(Base64Utils.encode(transformsInfos[i].getBytes("UTF-8")).getBytes("UTF-8"));
+ auth_transformInfos.add(transforminfotype);
+ }
+
+ }
+
+ SecurityLayer auth_securityLayer = new SecurityLayer();
+ auth_securityLayer.setTransformsInfo(auth_transformInfos);
+ generalAuth.setSecurityLayer(auth_securityLayer);
+
+
+ //set MOASP configuration
+ MOASP auth_moaSP = new MOASP();
+ generalAuth.setMOASP(auth_moaSP);
+
+ //set MOASP connection
+ ConnectionParameter moaSpConnectionParameter = builder.buildMoaSpConnectionParameter();
+ if (moaSpConnectionParameter != null) {
+ ConnectionParameterClientAuthType auth_moaSP_connection =
+ parseConnectionParameterClientAuth(moaSpConnectionParameter);
+ auth_moaSP.setConnectionParameter(auth_moaSP_connection);
+ }
+
+ //set VerifyIdentityLink
+ String moaSpIdentityLinkTrustProfileID = builder.getMoaSpIdentityLinkTrustProfileID();
+ VerifyIdentityLink auth_moaSP_verifyIdentityLink = new VerifyIdentityLink();
+ auth_moaSP_verifyIdentityLink.setTrustProfileID(moaSpIdentityLinkTrustProfileID);
+ auth_moaSP.setVerifyIdentityLink(auth_moaSP_verifyIdentityLink);
+
+ //set VerifyAuthBlock
+ String moaSpAuthBlockTrustProfileID = builder.getMoaSpAuthBlockTrustProfileID();
+ VerifyAuthBlock auth_moaSP_verifyAuthBlock = new VerifyAuthBlock();
+ auth_moaSP_verifyAuthBlock.setTrustProfileID(moaSpAuthBlockTrustProfileID);
+ String[] moaSpAuthBlockVerifyTransformsInfoIDs = builder.buildMoaSpAuthBlockVerifyTransformsInfoIDs();
+ List<String> transformlist = new ArrayList<String>();
+ Collections.addAll(transformlist, moaSpAuthBlockVerifyTransformsInfoIDs);
+ auth_moaSP_verifyAuthBlock.setVerifyTransformsInfoProfileID(transformlist);
+ auth_moaSP.setVerifyAuthBlock(auth_moaSP_verifyAuthBlock);
+
+
+ //TODO: check correctness!!!
+ //set IdentityLinkSigners
+ IdentityLinkSigners auth_idsigners = new IdentityLinkSigners();
+ generalAuth.setIdentityLinkSigners(auth_idsigners);
+ List<String> identityLinkX509SubjectNames = builder.getIdentityLink_X509SubjectNames();
+ auth_idsigners.setX509SubjectName(identityLinkX509SubjectNames);
+
+
+ //not supported by MOA-ID 2.0
+ VerifyInfoboxParameters defaultVerifyInfoboxParameters = null;
+// Node defaultVerifyInfoboxParamtersElem = XPathUtils.selectSingleNode(configElem, ConfigurationBuilder.AUTH_VERIFY_INFOBOXES_XPATH);
+// if (defaultVerifyInfoboxParamtersElem != null) {
+// defaultVerifyInfoboxParameters =
+// builder.buildVerifyInfoboxParameters((Element)defaultVerifyInfoboxParamtersElem, null, moaSpIdentityLinkTrustProfileID);
+// }
+
+
+ //Set ForeignIdentities
+ ForeignIdentities auth_foreign = new ForeignIdentities();
+ generalAuth.setForeignIdentities(auth_foreign);
+
+ //set Connection parameters
+ ConnectionParameter foreignIDConnectionParameter = builder.buildForeignIDConnectionParameter();
+ ConnectionParameterClientAuthType auth_foreign_connection =
+ parseConnectionParameterClientAuth(foreignIDConnectionParameter);
+ auth_foreign.setConnectionParameter(auth_foreign_connection);
+
+ //set STORK configuration
+ STORKConfig storkConfig = new STORKConfig(builder.buildSTORKSignatureCreationParameter(),builder.buildSTORKSignatureVerificationParameter(), builder.buildSTORKcPEPSMap());
+ STORK auth_foreign_stork = new STORK();
+ auth_foreign.setSTORK(auth_foreign_stork);
+
+ //set CPEPS
+ Map<String, at.gv.egovernment.moa.id.config.legacy.CPEPS> map = storkConfig.getCpepsMap();
+ Set<String> map_keys = map.keySet();
+ List<CPEPS> auth_foreign_stork_cpeps = new ArrayList<CPEPS>();
+ for (String key : map_keys) {
+ CPEPS cpep = new CPEPS();
+ cpep.setCountryCode(map.get(key).getCountryCode());
+ cpep.setURL(map.get(key).getPepsURL().toExternalForm()); //check correctness!!!!
+
+ List<String> cpep_reqs = new ArrayList<String>();
+
+ List<RequestedAttribute> map1 = map.get(key).getCountrySpecificRequestedAttributes();
+ for (RequestedAttribute e1 : map1) {
+ Element element = SAMLUtil.marshallMessage(e1);
+ cpep_reqs.add(XMLUtil.printXML(element));
+ }
+ cpep.setAttributeValue(cpep_reqs);
+ auth_foreign_stork_cpeps.add(cpep);
+ }
+ auth_foreign_stork.setCPEPS(auth_foreign_stork_cpeps);
+
+
+ //set SAMLSigningParameter
+ if (storkConfig.getSignatureCreationParameter() != null &&
+ storkConfig.getSignatureVerificationParameter() != null) {
+ SAMLSigningParameter auth_foreign_stork_samlSign = new SAMLSigningParameter();
+ auth_foreign_stork.setSAMLSigningParameter(auth_foreign_stork_samlSign);
+
+ SignatureCreationParameterType stork_saml_creat = new SignatureCreationParameterType();
+ auth_foreign_stork_samlSign.setSignatureCreationParameter(stork_saml_creat);
+ KeyStore stork_saml_creat_keystore = new KeyStore();
+ stork_saml_creat.setKeyStore(stork_saml_creat_keystore);
+ stork_saml_creat_keystore.setPassword(storkConfig.getSignatureCreationParameter().getKeyStorePassword());
+ stork_saml_creat_keystore.setValue(storkConfig.getSignatureCreationParameter().getKeyStorePath());
+ KeyName stork_saml_creat_keyname = new KeyName();
+ stork_saml_creat.setKeyName(stork_saml_creat_keyname);
+ stork_saml_creat_keyname.setValue(storkConfig.getSignatureCreationParameter().getKeyName());
+ stork_saml_creat_keyname.setPassword(storkConfig.getSignatureCreationParameter().getKeyPassword());
+
+
+
+ SignatureVerificationParameterType stork_saml_verify = new SignatureVerificationParameterType();
+ auth_foreign_stork_samlSign.setSignatureVerificationParameter(stork_saml_verify);
+ stork_saml_verify.setTrustProfileID(storkConfig.getSignatureVerificationParameter().getTrustProfileID());
+
+ }
+
+ //TODO: check correctness
+ //set QualityAuthenticationAssurance
+ //set RequestedAttbutes
+
+
+ //set OnlineMandates config
+ ConnectionParameter onlineMandatesConnectionParameter = builder.buildOnlineMandatesConnectionParameter();
+ if (onlineMandatesConnectionParameter != null) {
+ OnlineMandates auth_mandates = new OnlineMandates();
+ generalAuth.setOnlineMandates(auth_mandates);
+ auth_mandates.setConnectionParameter(
+ parseConnectionParameterClientAuth(onlineMandatesConnectionParameter));
+ }
+
+
+ //TODO: add auth template configuration!!!
+
+
+ if (oldconfig != null) {
+ if (oldconfig.getDefaultBKUs() != null) {
+ oldbkuhandy = oldconfig.getDefaultBKUs().getHandyBKU();
+ oldbkulocal = oldconfig.getDefaultBKUs().getLocalBKU();
+ oldbkuonline = oldconfig.getDefaultBKUs().getOnlineBKU();
+ }
+ } else {
+ List<String> trustbkus = builder.getTrustedBKUs();
+ for (String trustbku : trustbkus) {
+ if (MiscUtil.isEmpty(oldbkuonline) && trustbku.endsWith(SEARCHBKUTEMPLATE_ONLINE))
+ oldbkuonline = trustbku;
+
+ if (MiscUtil.isEmpty(oldbkuhandy) && trustbku.startsWith(SEARCHBKUTEMPLATE_HANDY))
+ oldbkuhandy = trustbku;
+
+ if (MiscUtil.isEmpty(oldbkulocal) && trustbku.startsWith(SEARCHBKUTEMPLATE_LOCAL))
+ oldbkulocal = trustbku;
+ }
+
+ }
+
+
+ //set OnlineApplications
+ OAAuthParameter[] onlineApplicationAuthParameters = builder.buildOnlineApplicationAuthParameters(defaultVerifyInfoboxParameters, moaSpIdentityLinkTrustProfileID);
+
+ ArrayList<OnlineApplication> moa_oas = new ArrayList<OnlineApplication>();
+ moaIDConfig.setOnlineApplication(moa_oas);
+
+ for (OAAuthParameter oa : onlineApplicationAuthParameters) {
+ OnlineApplication moa_oa = new OnlineApplication();
+
+ //set general OA configuration
+ moa_oa.setCalculateHPI(false); //TODO: Bernd fragen warum das nicht direkt über den Bereichsidentifyer definert wird
+ moa_oa.setFriendlyName(oa.getFriendlyName());
+ moa_oa.setKeyBoxIdentifier(MOAKeyBoxSelector.fromValue(oa.getKeyBoxIdentifier())); //TODO: check correctness
+ moa_oa.setPublicURLPrefix(oa.getPublicURLPrefix());
+ moa_oa.setTarget(oa.getTarget());
+ moa_oa.setTargetFriendlyName(oa.getTargetFriendlyName());
+ moa_oa.setType(oa.getOaType());
+ moa_oa.setIsActive(true);
+
+
+ AuthComponentOA oa_auth = new AuthComponentOA();
+ moa_oa.setAuthComponentOA(oa_auth);
+
+ //SLLayer Version / useIframe
+ oa_auth.setSlVersion(oa.getSlVersion());
+ oa_auth.setUseIFrame(false);
+ oa_auth.setUseUTC(oa.getUseUTC());
+
+
+ //BKUURLs
+ BKUURLS bkuurls = new BKUURLS();
+ bkuurls.setOnlineBKU(oldbkuonline);
+ bkuurls.setHandyBKU(oldbkuhandy);
+ bkuurls.setLocalBKU(oldbkulocal);
+ oa_auth.setBKUURLS(bkuurls);
+
+ //IdentificationNumber
+ IdentificationNumber idnumber = new IdentificationNumber();
+ idnumber.setValue(oa.getIdentityLinkDomainIdentifier());
+ idnumber.setType(oa.getIdentityLinkDomainIdentifierType());
+ oa_auth.setIdentificationNumber(idnumber);
+
+ //set Templates
+ TemplatesType templates = new TemplatesType();
+ oa_auth.setTemplates(templates);
+ templates.setAditionalAuthBlockText("");
+ TemplateType template = new TemplateType();
+ template.setURL(oa.getTemplateURL());
+ ArrayList<TemplateType> template_list = new ArrayList<TemplateType>();
+ template_list.add(template);
+ templates.setTemplate(template_list);
+
+
+ //set TransformsInfo
+ String[] transforminfos = oa.getTransformsInfos();
+ ArrayList<TransformsInfoType> oa_transforminfos = new ArrayList<TransformsInfoType>();
+ for (String e1 : transforminfos) {
+ TransformsInfoType transforminfo = new TransformsInfoType();
+ transforminfo.setFilename(e1);
+ oa_transforminfos.add(transforminfo);
+ }
+ oa_auth.setTransformsInfo(oa_transforminfos);
+
+ //VerifyInfoBoxes not supported by MOAID 2.0
+
+ //set Mandates
+ Mandates oa_mandates = new Mandates();
+ oa_auth.setMandates(oa_mandates);
+ oa_mandates.setProfiles(oa.getMandateProfiles());
+
+ //STORK
+ //TODO: OA specific STORK config is deactivated in MOA 1.5.2
+
+ //SSO
+ OASSO oa_sso = new OASSO();
+ oa_auth.setOASSO(oa_sso);
+ oa_sso.setUseSSO(true);
+ oa_sso.setSingleLogOutURL("");
+ oa_sso.setAuthDataFrame(true);
+
+ //OA_SAML1
+ OASAML1 oa_saml1 = new OASAML1();
+ oa_auth.setOASAML1(oa_saml1);
+ oa_saml1.setConditionLength(BigInteger.valueOf(oa.getConditionLength()));
+ oa_saml1.setProvideAUTHBlock(oa.getProvideAuthBlock());
+ oa_saml1.setProvideCertificate(oa.getProvideCertifcate());
+ oa_saml1.setProvideFullMandatorData(oa.getProvideFullMandatorData());
+ oa_saml1.setProvideIdentityLink(oa.getProvideIdentityLink());
+ oa_saml1.setProvideStammzahl(oa.getProvideStammzahl());
+ oa_saml1.setUseCondition(oa.getUseCondition());
+
+ //OA_PVP2
+ OAPVP2 oa_pvp2 = new OAPVP2();
+ oa_auth.setOAPVP2(oa_pvp2);
+
+// oa_pvp2.setMetadataURL("empty");
+//
+// //TODO: is only a workaround!!!!
+// Properties props = getGeneralPVP2ProperiesConfig(properies);
+// File dir = new File(props.getProperty("idp.truststore"));
+// File[] files = dir.listFiles();
+// if (files.length > 0) {
+// FileInputStream filestream = new FileInputStream(files[0]);
+// X509Certificate signerCertificate = new X509Certificate(filestream);
+// oa_pvp2.setCertificate(signerCertificate.getEncoded());
+//
+// } else {
+// oa_pvp2.setCertificate(null);
+// }
+
+ moa_oas.add(moa_oa);
+ //ConfigurationDBUtils.save(moa_oa);
+ }
+
+ //removed from MOAID 2.0 config
+ //identityLinkX509SubjectNames = builder.getIdentityLink_X509SubjectNames();
+
+
+ //set chaining modes
+ ChainingModes moa_chainingModes = new ChainingModes();
+ moaIDConfig.setChainingModes(moa_chainingModes);
+
+ ChainingModeType type = ChainingModeType.fromValue(builder.getDefaultChainingMode());
+ moa_chainingModes.setSystemDefaultMode(type);
+
+ Map<IssuerAndSerial, String> chainingModes = builder.buildChainingModes();
+ List<TrustAnchor> chaining_anchor = new ArrayList<TrustAnchor>();
+ Set<IssuerAndSerial> chaining_anchor_map = chainingModes.keySet();
+ for (IssuerAndSerial e1 : chaining_anchor_map) {
+ TrustAnchor trustanchor = new TrustAnchor();
+
+ ChainingModeType type1 = ChainingModeType.fromValue(chainingModes.get(e1));
+ trustanchor.setMode(type1);
+
+ trustanchor.setX509IssuerName(e1.getIssuerDN());
+ trustanchor.setX509SerialNumber(e1.getSerial());
+ chaining_anchor.add(trustanchor);
+ }
+ moa_chainingModes.setTrustAnchor(chaining_anchor);
+
+
+ //set trustedCACertificate path
+ moaIDConfig.setTrustedCACertificates(builder.getTrustedCACertificates());
+
+
+ //TODO: move to read config functionality
+ //trustedCACertificates = FileUtils.makeAbsoluteURL(trustedCACertificates, rootConfigFileDir);
+
+
+ //Not required in MOAID 2.0 config (DefaultBKUs & SLRequestTemplates)
+ //trustedBKUs = builder.getTrustedBKUs();
+ //trustedTemplateURLs = builder.getTrustedTemplateURLs();
+
+
+ //set DefaultBKUs
+ DefaultBKUs moa_defaultbkus = new DefaultBKUs();
+ moaIDConfig.setDefaultBKUs(moa_defaultbkus);
+ moa_defaultbkus.setOnlineBKU(oldbkuonline);
+ moa_defaultbkus.setHandyBKU(oldbkuhandy);
+ moa_defaultbkus.setLocalBKU(oldbkulocal);
+
+
+ //set SLRequest Templates
+ SLRequestTemplates moa_slrequesttemp = new SLRequestTemplates();
+ moaIDConfig.setSLRequestTemplates(moa_slrequesttemp);
+ moa_slrequesttemp.setOnlineBKU("http://localhost:8080/moa-id-auth/template_onlineBKU.html");
+ moa_slrequesttemp.setHandyBKU("http://localhost:8080/moa-id-auth/template_handyBKU.html");
+ moa_slrequesttemp.setLocalBKU("http://127.0.0.1:8080/moa-id-auth/template_localBKU.html");
+
+ return moaIDConfig;
+
+ } catch (Throwable t) {
+ throw new ConfigurationException("config.02", null, t);
+ }
+ }
+
+ private static ConnectionParameterClientAuthType parseConnectionParameterClientAuth(
+ ConnectionParameter old) {
+ ConnectionParameterClientAuthType auth_moaSP_connection = new ConnectionParameterClientAuthType();
+ auth_moaSP_connection.setURL(old.getUrl());
+
+ //TODO: remove from Database config!!!!!
+// auth_moaSP_connection.setAcceptedServerCertificates(old.getAcceptedServerCertificates());
+// ClientKeyStore auth_moaSP_connection_keyStore = new ClientKeyStore();
+// auth_moaSP_connection_keyStore.setValue(old.getClientKeyStore());
+// auth_moaSP_connection_keyStore.setPassword(old.getClientKeyStorePassword());
+// auth_moaSP_connection.setClientKeyStore(auth_moaSP_connection_keyStore);
+ return auth_moaSP_connection;
+ }
+
+ private static Properties getGeneralPVP2ProperiesConfig(Properties props) {
+ Properties configProp = new Properties();
+ for (Object key : props.keySet()) {
+ String propPrefix = "protocols.pvp2.";
+ if (key.toString().startsWith(propPrefix)) {
+ String propertyName = key.toString().substring(propPrefix.length());
+ configProp.put(propertyName, props.get(key.toString()));
+ }
+ }
+ return configProp;
+ }
+}
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/legacy/CPEPS.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/legacy/CPEPS.java
new file mode 100644
index 000000000..c191d7b2b
--- /dev/null
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/legacy/CPEPS.java
@@ -0,0 +1,98 @@
+/**
+ *
+ */
+package at.gv.egovernment.moa.id.config.legacy;
+
+import java.net.URL;
+import java.util.ArrayList;
+import java.util.List;
+
+import org.opensaml.saml2.metadata.RequestedAttribute;
+
+/**
+ * Encpasulates C-PEPS information according MOA configuration
+ *
+ * @author bzwattendorfer
+ *
+ */
+public class CPEPS {
+
+ /** Country Code of C-PEPS */
+ private String countryCode;
+
+ /** URL of C-PEPS */
+ private URL pepsURL;
+
+ /** Specific attributes to be requested for this C-PEPS */
+ private List<RequestedAttribute> countrySpecificRequestedAttributes = new ArrayList<RequestedAttribute>();
+
+ /**
+ * Constructs a C-PEPS
+ * @param countryCode ISO Country Code of C-PEPS
+ * @param pepsURL URL of C-PEPS
+ */
+ public CPEPS(String countryCode, URL pepsURL) {
+ super();
+ this.countryCode = countryCode;
+ this.pepsURL = pepsURL;
+ }
+
+ /**
+ * Gets the country code of this C-PEPS
+ * @return ISO country code
+ */
+ public String getCountryCode() {
+ return countryCode;
+ }
+
+ /**
+ * Sets the country code of this C-PEPS
+ * @param countryCode ISO country code
+ */
+ public void setCountryCode(String countryCode) {
+ this.countryCode = countryCode;
+ }
+
+ /**
+ * Gets the URL of this C-PEPS
+ * @return C-PEPS URL
+ */
+ public URL getPepsURL() {
+ return pepsURL;
+ }
+
+ /**
+ * Sets the C-PEPS URL
+ * @param pepsURL C-PEPS URL
+ */
+ public void setPepsURL(URL pepsURL) {
+ this.pepsURL = pepsURL;
+ }
+
+ /**
+ * Gets the country specific attributes of this C-PEPS
+ * @return List of country specific attributes
+ */
+ public List<RequestedAttribute> getCountrySpecificRequestedAttributes() {
+ return countrySpecificRequestedAttributes;
+ }
+
+ /**
+ * Sets the country specific attributes
+ * @param countrySpecificRequestedAttributes List of country specific requested attributes
+ */
+ public void setCountrySpecificRequestedAttributes(
+ List<RequestedAttribute> countrySpecificRequestedAttributes) {
+ this.countrySpecificRequestedAttributes = countrySpecificRequestedAttributes;
+ }
+
+ /**
+ * Adds a Requested attribute to the country specific attribute List
+ * @param countrySpecificRequestedAttribute Additional country specific requested attribute to add
+ */
+ public void addCountrySpecificRequestedAttribute(RequestedAttribute countrySpecificRequestedAttribute) {
+ this.countrySpecificRequestedAttributes.add(countrySpecificRequestedAttribute);
+ }
+
+
+}
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/ConfigurationBuilder.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/legacy/ConfigurationBuilder.java
index 839de48bf..3abc94b02 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/ConfigurationBuilder.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/legacy/ConfigurationBuilder.java
@@ -22,12 +22,13 @@
*/
-package at.gv.egovernment.moa.id.config;
+package at.gv.egovernment.moa.id.config.legacy;
import iaik.pki.pathvalidation.ChainingModes;
import iaik.utils.RFC2253NameParser;
import iaik.utils.RFC2253NameParserException;
+import java.io.IOException;
import java.math.BigInteger;
import java.net.MalformedURLException;
import java.net.URL;
@@ -51,12 +52,13 @@ import org.w3c.dom.traversal.NodeIterator;
import at.gv.egovernment.moa.id.auth.MOAIDAuthConstants;
import at.gv.egovernment.moa.id.auth.data.Schema;
import at.gv.egovernment.moa.id.auth.data.SchemaImpl;
-import at.gv.egovernment.moa.id.config.auth.OAAuthParameter;
-import at.gv.egovernment.moa.id.config.auth.VerifyInfoboxParameter;
-import at.gv.egovernment.moa.id.config.auth.VerifyInfoboxParameters;
-import at.gv.egovernment.moa.id.config.stork.CPEPS;
-import at.gv.egovernment.moa.id.config.stork.SignatureCreationParameter;
-import at.gv.egovernment.moa.id.config.stork.SignatureVerificationParameter;
+import at.gv.egovernment.moa.id.config.ConfigurationException;
+import at.gv.egovernment.moa.id.config.legacy.OAAuthParameter;
+import at.gv.egovernment.moa.id.config.legacy.VerifyInfoboxParameter;
+import at.gv.egovernment.moa.id.config.legacy.VerifyInfoboxParameters;
+import at.gv.egovernment.moa.id.config.legacy.CPEPS;
+import at.gv.egovernment.moa.id.config.legacy.SignatureCreationParameter;
+import at.gv.egovernment.moa.id.config.legacy.SignatureVerificationParameter;
import at.gv.egovernment.moa.id.data.IssuerAndSerial;
import at.gv.egovernment.moa.id.util.MOAIDMessageProvider;
import at.gv.egovernment.moa.logging.Logger;
@@ -64,6 +66,7 @@ import at.gv.egovernment.moa.util.BoolUtils;
import at.gv.egovernment.moa.util.Constants;
import at.gv.egovernment.moa.util.DOMUtils;
import at.gv.egovernment.moa.util.FileUtils;
+import at.gv.egovernment.moa.util.MiscUtil;
import at.gv.egovernment.moa.util.StringUtils;
import at.gv.egovernment.moa.util.XPathException;
import at.gv.egovernment.moa.util.XPathUtils;
@@ -72,7 +75,6 @@ import eu.stork.vidp.messages.common.STORKConstants;
import eu.stork.vidp.messages.stork.QualityAuthenticationAssuranceLevel;
import eu.stork.vidp.messages.stork.RequestedAttributes;
import eu.stork.vidp.messages.util.SAMLUtil;
-import eu.stork.vidp.messages.util.XMLUtil;
/**
* A class that builds configuration data from a DOM based representation.
@@ -406,15 +408,24 @@ public class ConfigurationBuilder {
*/
public String[] loadTransformsInfos(String[] transformsInfoFileNames) throws Exception {
- String[] transformsInfos = new String[transformsInfoFileNames.length];
- for (int i = 0; i < transformsInfoFileNames.length; i++) {
- String fileURL = transformsInfoFileNames[i];
-
- //if fileURL is relative to rootConfigFileDir make it absolute
- fileURL = FileUtils.makeAbsoluteURL(fileURL, rootConfigFileDir_);
- String transformsInfo = FileUtils.readURL(fileURL, DEFAULT_ENCODING);
- transformsInfos[i] = transformsInfo;
- }
+ String[] transformsInfos;
+
+ transformsInfos = new String[transformsInfoFileNames.length];
+ for (int i = 0; i < transformsInfoFileNames.length; i++) {
+
+ String fileURL = transformsInfoFileNames[i];
+ try {
+ // if fileURL is relative to rootConfigFileDir make it absolute
+ fileURL = FileUtils.makeAbsoluteURL(fileURL, rootConfigFileDir_);
+
+ String transformsInfo = FileUtils.readURL(fileURL, DEFAULT_ENCODING);
+ transformsInfos[i] = transformsInfo;
+
+ } catch (IOException e) {
+ Logger.info("Transformation with URL " + fileURL + " can not be loaded");
+ }
+ }
+
return transformsInfos;
}
@@ -704,28 +715,28 @@ public List getTrustedTemplateURLs() {
}
//add STORK Configuration specific to OA (RequestedAttributes, QAALevel)
- QualityAuthenticationAssuranceLevel qaaLevel = buildOaSTORKQAALevel(authComponent);
- if (qaaLevel != null) {
- oap.setQaaLevel(qaaLevel);
- Logger.debug("Using non-MOA-default STORK QAALevel for this OA " + "(" + oap.getPublicURLPrefix() + "): " + qaaLevel.getValue());
- }
+ //QualityAuthenticationAssuranceLevel qaaLevel = buildOaSTORKQAALevel(authComponent);
+ //if (qaaLevel != null) {
+ // oap.setQaaLevel(qaaLevel);
+ // Logger.debug("Using non-MOA-default STORK QAALevel for this OA " + "(" + oap.getPublicURLPrefix() + "): " + qaaLevel.getValue());
+ //}
- RequestedAttributes additionalRequestedAttributes = buildOaSTORKRequestedAttributes(authComponent);
-
- if(!additionalRequestedAttributes.getRequestedAttributes().isEmpty()) {
- //we have additional STORK attributes to request for this OA
- Logger.debug("Using non-MOA-default STORK RequestedAttributes for this OA " + "(" + oap.getPublicURLPrefix() + "): ");
- for (RequestedAttribute addReqAttr : additionalRequestedAttributes.getRequestedAttributes()) {
- if (!SAMLUtil.containsAttribute(oap.getRequestedAttributes().getRequestedAttributes(),addReqAttr.getName())) {
- addReqAttr.detach();
- oap.getRequestedAttributes().getRequestedAttributes().add(addReqAttr);
- Logger.debug("Requesting additional attribute: " + addReqAttr.getName() + ", isRequired: " + addReqAttr.isRequired());
- }
- }
+ //RequestedAttributes additionalRequestedAttributes = buildOaSTORKRequestedAttributes(authComponent);
+ //
+ //if(!additionalRequestedAttributes.getRequestedAttributes().isEmpty()) {
+ // //we have additional STORK attributes to request for this OA
+ // Logger.debug("Using non-MOA-default STORK RequestedAttributes for this OA " + "(" + oap.getPublicURLPrefix() + "): ");
+ // for (RequestedAttribute addReqAttr : additionalRequestedAttributes.getRequestedAttributes()) {
+ // if (!SAMLUtil.containsAttribute(oap.getRequestedAttributes().getRequestedAttributes(),addReqAttr.getName())) {
+ /// addReqAttr.detach();
+ // oap.getRequestedAttributes().getRequestedAttributes().add(addReqAttr);
+ // Logger.debug("Requesting additional attribute: " + addReqAttr.getName() + ", isRequired: " + addReqAttr.isRequired());
+ // }
+ // }
- } else {
- //do nothing, only request default attributes
- }
+ //} else {
+ // //do nothing, only request default attributes
+ //}
}
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/legacy/ConnectionParameter.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/legacy/ConnectionParameter.java
new file mode 100644
index 000000000..455fde9bf
--- /dev/null
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/legacy/ConnectionParameter.java
@@ -0,0 +1,130 @@
+/*
+ * Copyright 2003 Federal Chancellery Austria
+ * MOA-ID has been developed in a cooperation between BRZ, the Federal
+ * Chancellery Austria - ICT staff unit, and Graz University of Technology.
+ *
+ * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by
+ * the European Commission - subsequent versions of the EUPL (the "Licence");
+ * You may not use this work except in compliance with the Licence.
+ * You may obtain a copy of the Licence at:
+ * http://www.osor.eu/eupl/
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the Licence is distributed on an "AS IS" basis,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the Licence for the specific language governing permissions and
+ * limitations under the Licence.
+ *
+ * This product combines work with different licenses. See the "NOTICE" text
+ * file for details on the various modules and licenses.
+ * The "NOTICE" text file is part of the distribution. Any derivative works
+ * that you distribute must include a readable copy of the "NOTICE" text file.
+ */
+
+
+package at.gv.egovernment.moa.id.config.legacy;
+
+/**
+ * This bean class is used to store data for various connectionParameter
+ * within the MOA-ID configuration
+ *
+ * @author Stefan Knirsch
+ * @version $Id$
+ */
+public class ConnectionParameter {
+
+ /**
+ * Server URL
+ */
+ private String url;
+ /**
+ * File URL for a directory containing PKCS#12 server SSL certificates.
+ * From these certificates, a X509 trust store will be assembled for use
+ * by a JSSE <code>TrustManager</code>.
+ * This field will only be used in case of an HTTPS URL.
+ */
+ private String acceptedServerCertificates;
+ /**
+ * File URL of a X509 key store containing the private key to be used
+ * for an HTTPS connection when the server requires client authentication.
+ * This field will only be used in case of an HTTPS URL.
+ */
+ private String clientKeyStore;
+ /**
+ * Password protecting the client key store.
+ */
+ private String clientKeyStorePassword;
+
+ /**
+ * Checks whether the URL scheme is <code>"https"</code>.
+ * @return true in case of an URL starting with <code>"https"</code>
+ */
+ public boolean isHTTPSURL() {
+ return getUrl().indexOf("https") == 0;
+ }
+
+ /**
+ * Returns the url.
+ * @return String
+ */
+ public String getUrl() {
+ return url;
+ }
+
+ /**
+ * Returns the acceptedServerCertificates.
+ * @return String
+ */
+ public String getAcceptedServerCertificates() {
+ return acceptedServerCertificates;
+ }
+
+ /**
+ * Sets the acceptedServerCertificates.
+ * @param acceptedServerCertificates The acceptedServerCertificates to set
+ */
+ public void setAcceptedServerCertificates(String acceptedServerCertificates) {
+ this.acceptedServerCertificates = acceptedServerCertificates;
+ }
+
+ /**
+ * Sets the url.
+ * @param url The url to set
+ */
+ public void setUrl(String url) {
+ this.url = url;
+ }
+
+ /**
+ * Returns the clientKeyStore.
+ * @return String
+ */
+ public String getClientKeyStore() {
+ return clientKeyStore;
+ }
+
+ /**
+ * Returns the clientKeyStorePassword.
+ * @return String
+ */
+ public String getClientKeyStorePassword() {
+ return clientKeyStorePassword;
+ }
+
+ /**
+ * Sets the clientKeyStore.
+ * @param clientKeyStore The clientKeyStore to set
+ */
+ public void setClientKeyStore(String clientKeyStore) {
+ this.clientKeyStore = clientKeyStore;
+ }
+
+ /**
+ * Sets the clientKeyStorePassword.
+ * @param clientKeyStorePassword The clientKeyStorePassword to set
+ */
+ public void setClientKeyStorePassword(String clientKeyStorePassword) {
+ this.clientKeyStorePassword = clientKeyStorePassword;
+ }
+
+}
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/legacy/OAAuthParameter.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/legacy/OAAuthParameter.java
new file mode 100644
index 000000000..3948522c0
--- /dev/null
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/legacy/OAAuthParameter.java
@@ -0,0 +1,501 @@
+/*
+ * Copyright 2003 Federal Chancellery Austria
+ * MOA-ID has been developed in a cooperation between BRZ, the Federal
+ * Chancellery Austria - ICT staff unit, and Graz University of Technology.
+ *
+ * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by
+ * the European Commission - subsequent versions of the EUPL (the "Licence");
+ * You may not use this work except in compliance with the Licence.
+ * You may obtain a copy of the Licence at:
+ * http://www.osor.eu/eupl/
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the Licence is distributed on an "AS IS" basis,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the Licence for the specific language governing permissions and
+ * limitations under the Licence.
+ *
+ * This product combines work with different licenses. See the "NOTICE" text
+ * file for details on the various modules and licenses.
+ * The "NOTICE" text file is part of the distribution. Any derivative works
+ * that you distribute must include a readable copy of the "NOTICE" text file.
+ */
+
+
+package at.gv.egovernment.moa.id.config.legacy;
+
+import java.util.ArrayList;
+
+import org.opensaml.saml2.metadata.RequestedAttribute;
+
+import eu.stork.vidp.messages.builder.STORKMessagesBuilder;
+import eu.stork.vidp.messages.common.STORKConstants;
+import eu.stork.vidp.messages.stork.QualityAuthenticationAssuranceLevel;
+import eu.stork.vidp.messages.stork.RequestedAttributes;
+
+/**
+ * Configuration parameters belonging to an online application,
+ * to use with the MOA ID Auth component.
+ *
+ * @author Stefan Knirsch
+ * @version $Id$
+ */
+/**
+ *
+ *
+ * @author Harald Bratko
+ */
+public class OAAuthParameter extends OAParameter {
+ /**
+ * Sercurity Layer version
+ */
+ private String slVersion;
+ /**
+ * true, if the Security Layer version is version 1.2, otherwise false
+ */
+ private boolean slVersion12;
+ /**
+ * identityLinkDomainIdentifier
+ * (e.g <code>urn:publicid:gv.at+wbpk+FN468i</code> for a "Firmenbuchnummer")
+ * <br>
+ * only used within a business application context for providing it to the
+ * security layer as input for wbPK computation
+ */
+ private String identityLinkDomainIdentifier;
+ /**
+ * key box Identifier (e.g. CertifiedKeypair, SecureSignatureKeypair)
+ */
+ private String keyBoxIdentifier;
+ /**
+ * transformations for rendering in the secure viewer of the security layer
+ * implementation; multiple transformation can be given for different mime types
+ */
+ private String[] transformsInfos;
+ /**
+ * determines whether "Stammzahl" is to be included in the authentication data
+ */
+ private boolean provideStammzahl;
+ /**
+ * determines whether AUTH block is to be included in the authentication data
+ */
+ private boolean provideAuthBlock;
+ /**
+ * determines whether identity link is to be included in the authentication data
+ */
+ private boolean provideIdentityLink;
+ /**
+ * determines whether the certificate is to be included in the authentication data
+ */
+ private boolean provideCertificate;
+ /**
+ * determines whether the full mandator data (i.e. the mandate) is to be included in the authentication data
+ */
+ private boolean provideFullMandatorData;
+
+ /** determines wheter the IssueInstant of the SAML assertion is in UTC or not*/
+ private boolean useUTC;
+
+ /** determines wheter a saml:Condition is added to the SAML assertion or not */
+ private boolean useCondition;
+
+ /** determines the validity time of the SAML assertion (if useCondition is true) in seconds */
+ private int conditionLength;
+ /**
+ * url to a template for web page "Auswahl der B&uuml;rgerkartenumgebung"
+ */
+ private String bkuSelectionTemplateURL;
+ /**
+ * template for web page "Anmeldung mit B&uuml;rgerkarte"
+ */
+ private String templateURL;
+
+ /**
+ * template for web page "Signatur der Anmeldedaten"
+ */
+ private String inputProcessorSignTemplateURL;
+ /**
+ * Parameters for verifying infoboxes.
+ */
+ private VerifyInfoboxParameters verifyInfoboxParameters;
+
+ /**
+ * Parameter for Mandate profiles
+ */
+ private String mandateProfiles;
+
+ /**
+ *
+ * Type for authentication number (e.g. Firmenbuchnummer)
+ */
+ private String identityLinkDomainIdentifierType;
+
+ /**
+ * STORK QAA Level, Default = 4
+ */
+ private QualityAuthenticationAssuranceLevel qaaLevel = STORKMessagesBuilder.buildQualityAuthenticationAssuranceLevel(4);
+
+ /**
+ * STORK RequestedAttributes for Online Application
+ * Default RequestedAttributes are: eIdentifier, givenName, surname, dateOfBirth
+ */
+ private RequestedAttributes requestedAttributes = STORKMessagesBuilder.buildRequestedAttributes(
+ STORKMessagesBuilder.buildRequestedAttribute(STORKConstants.STORK_ATTRIBUTE_EIDENTIFIER, true, null),
+ STORKMessagesBuilder.buildRequestedAttribute(STORKConstants.STORK_ATTRIBUTE_GIVENNAME, true, null),
+ STORKMessagesBuilder.buildRequestedAttribute(STORKConstants.STORK_ATTRIBUTE_SURNAME, true, null),
+ STORKMessagesBuilder.buildRequestedAttribute(STORKConstants.STORK_ATTRIBUTE_DATEOFBIRTH, false, null));
+
+
+/**
+ * Returns <code>true</code> if the Security Layer version is version 1.2,
+ * otherwise <code>false</code>.
+ * @return <code>true</code> if the Security Layer version is version 1.2,
+ * otherwise <code>false</code>
+ */
+ public boolean getSlVersion12() {
+ return slVersion12;
+ }
+
+ /**
+ * Returns the security layer version.
+ * @return the security layer version.
+ */
+ public String getSlVersion() {
+ return slVersion;
+ }
+
+ /**
+ * Returns the identityLinkDomainIdentifier.
+ * @return the identityLinkDomainIdentifier.
+ */
+ public String getIdentityLinkDomainIdentifier() {
+ return identityLinkDomainIdentifier;
+ }
+
+ /**
+ * Returns the transformsInfos.
+ * @return the transformsInfos.
+ */
+ public String[] getTransformsInfos() {
+ return transformsInfos;
+ }
+
+ /**
+ * Returns the provideAuthBlock.
+ * @return String
+ */
+ public boolean getProvideAuthBlock() {
+ return provideAuthBlock;
+ }
+
+ /**
+ * Returns the provideIdentityLink.
+ * @return String
+ */
+ public boolean getProvideIdentityLink() {
+ return provideIdentityLink;
+ }
+
+ /**
+ * Returns the provideStammzahl.
+ * @return String
+ */
+ public boolean getProvideStammzahl() {
+ return provideStammzahl;
+ }
+
+ /**
+ * Returns <code>true</code> if the certificate should be provided within the
+ * authentication data, otherwise <code>false</code>.
+ * @return <code>true</code> if the certificate should be provided,
+ * otherwise <code>false</code>
+ */
+ public boolean getProvideCertifcate() {
+ return provideCertificate;
+ }
+
+ /**
+ * Returns <code>true</code> if the full mandator data should be provided within the
+ * authentication data, otherwise <code>false</code>.
+ * @return <code>true</code> if the full mandator data should be provided,
+ * otherwise <code>false</code>
+ */
+ public boolean getProvideFullMandatorData() {
+ return provideFullMandatorData;
+ }
+
+ /**
+ * Returns <code>true</code> if the IssueInstant should be given in UTC, otherwise <code>false</code>.
+ * @return <code>true</code> if the IssueInstant should be given in UTC, otherwise <code>false</code>.
+ */
+ public boolean getUseUTC() {
+ return useUTC;
+ }
+
+ /**
+ * Returns <code>true</code> if the SAML assertion should contain a saml:Condition, otherwise <code>false</code>.
+ * @return <code>true</code> if the SAML assertion should contain a saml:Condition, otherwise <code>false</code>.
+ */
+ public boolean getUseCondition() {
+ return useCondition;
+ }
+
+ /**
+ * Returns the validity time of the SAML assertion (if useCondition is true) in seconds
+ * @return the validity time of the SAML assertion (if useCondition is true) in seconds
+ */
+ public int getConditionLength() {
+ return conditionLength;
+ }
+
+
+/**
+ * Returns the key box identifier.
+ * @return String
+ */
+ public String getKeyBoxIdentifier() {
+ return keyBoxIdentifier;
+ }
+
+ /**
+ * Returns the BkuSelectionTemplate url.
+ * @return The BkuSelectionTemplate url or <code>null</code> if no url for
+ * a BkuSelectionTemplate is set.
+ */
+ public String getBkuSelectionTemplateURL() {
+ return bkuSelectionTemplateURL;
+ }
+
+ /**
+ * Returns the TemplateURL url.
+ * @return The TemplateURL url or <code>null</code> if no url for
+ * a Template is set.
+ */
+ public String getTemplateURL() {
+ return templateURL;
+ }
+
+
+ /**
+ * Returns the inputProcessorSignTemplateURL url.
+ * @return The inputProcessorSignTemplateURL url or <code>null</code> if no url for
+ * a input processor sign template is set.
+ */
+ public String getInputProcessorSignTemplateURL() {
+ return inputProcessorSignTemplateURL;
+ }
+
+ /**
+ * Returns the parameters for verifying additional infoboxes.
+ *
+ * @return The parameters for verifying additional infoboxes.
+ * Maybe <code>null</code>.
+ */
+ public VerifyInfoboxParameters getVerifyInfoboxParameters() {
+ return verifyInfoboxParameters;
+ }
+
+ /**
+ * Sets the security layer version.
+ * Also sets <code>slVersion12</code> ({@link #getSlVersion12()})
+ * to <code>true</code> if the Security Layer version is 1.2.
+ * @param slVersion The security layer version to be used.
+ */
+ public void setSlVersion(String slVersion) {
+ this.slVersion = slVersion;
+ if ("1.2".equals(slVersion)) {
+ this.slVersion12 = true;
+ }
+ }
+ /**
+ * Sets the IdentityLinkDomainIdentifier.
+ * @param identityLinkDomainIdentifier The IdentityLinkDomainIdentifiern number of the online application.
+ */
+ public void setIdentityLinkDomainIdentifier(String identityLinkDomainIdentifier) {
+ this.identityLinkDomainIdentifier = identityLinkDomainIdentifier;
+ }
+ /**
+ * Sets the transformsInfos.
+ * @param transformsInfos The transformsInfos to be used.
+ */
+ public void setTransformsInfos(String[] transformsInfos) {
+ this.transformsInfos = transformsInfos;
+ }
+
+
+/**
+ * Sets the provideAuthBlock.
+ * @param provideAuthBlock The provideAuthBlock to set
+ */
+ public void setProvideAuthBlock(boolean provideAuthBlock) {
+ this.provideAuthBlock = provideAuthBlock;
+ }
+
+ /**
+ * Sets the provideIdentityLink.
+ * @param provideIdentityLink The provideIdentityLink to set
+ */
+ public void setProvideIdentityLink(boolean provideIdentityLink) {
+ this.provideIdentityLink = provideIdentityLink;
+ }
+
+ /**
+ * Sets the provideStammzahl.
+ * @param provideStammzahl The provideStammzahl to set
+ */
+ public void setProvideStammzahl(boolean provideStammzahl) {
+ this.provideStammzahl = provideStammzahl;
+ }
+
+ /**
+ * Sets the provideCertificate variable.
+ * @param provideCertificate The provideCertificate value to set
+ */
+ public void setProvideCertificate(boolean provideCertificate) {
+ this.provideCertificate = provideCertificate;
+ }
+
+ /**
+ * Sets the provideFullMandatorData variable.
+ * @param provideFullMandatorData The provideFullMandatorData value to set
+ */
+ public void setProvideFullMandatorData(boolean provideFullMandatorData) {
+ this.provideFullMandatorData = provideFullMandatorData;
+ }
+
+ /**
+ * Sets the useUTC variable.
+ * @param useUTC The useUTC value to set
+ */
+ public void setUseUTC(boolean useUTC) {
+ this.useUTC = useUTC;
+ }
+
+ /**
+ * Sets the useCondition variable
+ * @param useCondition The useCondition value to set
+ */
+ public void setUseCondition(boolean useCondition) {
+ this.useCondition = useCondition;
+ }
+
+ /**
+ * Sets the conditionLength variable
+ * @param conditionLength the conditionLength value to set
+ */
+ public void setConditionLength(int conditionLength) {
+ this.conditionLength = conditionLength;
+ }
+
+
+ /**
+ * Sets the key box identifier.
+ * @param keyBoxIdentifier to set
+ */
+ public void setKeyBoxIdentier(String keyBoxIdentifier) {
+ this.keyBoxIdentifier = keyBoxIdentifier;
+ }
+
+ /**
+ * Sets the BkuSelectionTemplate url.
+ * @param bkuSelectionTemplateURL The url string specifying the location
+ * of a BkuSelectionTemplate.
+ */
+ public void setBkuSelectionTemplateURL(String bkuSelectionTemplateURL) {
+ this.bkuSelectionTemplateURL = bkuSelectionTemplateURL;
+ }
+
+ /**
+ * Sets the Template url.
+ * @param templateURL The url string specifying the location
+ * of a Template.
+ */
+ public void setTemplateURL(String templateURL) {
+ this.templateURL = templateURL;
+ }
+
+ /**
+ * Sets the input processor sign form template url.
+ *
+ * @param inputProcessorSignTemplateURL The url string specifying the
+ * location of the input processor sign form
+ */
+ public void setInputProcessorSignTemplateURL(String inputProcessorSignTemplateURL) {
+ this.inputProcessorSignTemplateURL = inputProcessorSignTemplateURL;
+ }
+
+ /**
+ * Sets the parameters for verifying additonal (to the identitylink infobox) infoboxes.
+ *
+ * @param verifyInfoboxParameters The verifyInfoboxParameters to set.
+ */
+ public void setVerifyInfoboxParameters(VerifyInfoboxParameters verifyInfoboxParameters) {
+ this.verifyInfoboxParameters = verifyInfoboxParameters;
+ }
+
+ /**
+ * Gets the IdentityLinkDomainIdentifier (e.g. Firmenbuchnummer)
+ * @return IdentityLinkDomainIdentifier (e.g. Firmenbuchnummer)
+ */
+ public String getIdentityLinkDomainIdentifierType() {
+ return identityLinkDomainIdentifierType;
+ }
+
+ /**
+ * Sets the IdentityLinkDomainIdentifier (e.g. Firmenbuchnummer)
+ * @param identityLinkDomainIdentifierType The IdentityLinkDomainIdentifier to set (e.g. Firmenbuchnummer)
+ */
+ public void setIdentityLinkDomainIdentifierType(String identityLinkDomainIdentifierType) {
+ this.identityLinkDomainIdentifierType = identityLinkDomainIdentifierType;
+ }
+
+ /**
+ * Sets the Mandate/Profiles
+ * @param profiles
+ */
+ public void setMandateProfiles(String profiles) {
+ this.mandateProfiles = profiles;
+ }
+
+ /**
+ * Returns the Mandates/Profiles
+ * @return
+ */
+ public String getMandateProfiles() {
+ return this.mandateProfiles;
+ }
+
+ /**
+ * Returns the defined STORK QAALevel
+ * @return STORK QAALevel
+ */
+ public QualityAuthenticationAssuranceLevel getQaaLevel() {
+ return qaaLevel;
+ }
+
+ /**
+ * Sets the STORK QAALevel
+ * @param qaaLevel
+ */
+ public void setQaaLevel(QualityAuthenticationAssuranceLevel qaaLevel) {
+ this.qaaLevel = qaaLevel;
+ }
+
+ /**
+ * Returns the desired STORK Requested Attributes
+ * @return STORK Requested Attributes
+ */
+ public RequestedAttributes getRequestedAttributes() {
+ return requestedAttributes;
+ }
+
+ /**
+ * Sets the desired STORK Requested Attributes
+ * @param requestedAttributes
+ */
+ public void setRequestedAttributes(RequestedAttributes requestedAttributes) {
+ this.requestedAttributes = requestedAttributes;
+ }
+
+
+
+}
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/legacy/OAParameter.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/legacy/OAParameter.java
new file mode 100644
index 000000000..de449cbcf
--- /dev/null
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/legacy/OAParameter.java
@@ -0,0 +1,164 @@
+/*
+ * Copyright 2003 Federal Chancellery Austria
+ * MOA-ID has been developed in a cooperation between BRZ, the Federal
+ * Chancellery Austria - ICT staff unit, and Graz University of Technology.
+ *
+ * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by
+ * the European Commission - subsequent versions of the EUPL (the "Licence");
+ * You may not use this work except in compliance with the Licence.
+ * You may obtain a copy of the Licence at:
+ * http://www.osor.eu/eupl/
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the Licence is distributed on an "AS IS" basis,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the Licence for the specific language governing permissions and
+ * limitations under the Licence.
+ *
+ * This product combines work with different licenses. See the "NOTICE" text
+ * file for details on the various modules and licenses.
+ * The "NOTICE" text file is part of the distribution. Any derivative works
+ * that you distribute must include a readable copy of the "NOTICE" text file.
+ */
+
+
+package at.gv.egovernment.moa.id.config.legacy;
+
+/**
+ * Configuration parameters belonging to an online application,
+ * to be used within both, the MOA ID Auth and the
+ * MOA ID PROXY component.
+ *
+ * @author Harald Bratko
+ */
+public class OAParameter {
+
+ /**
+ * type of the online application (maybe "PublicService" or "BusinessService")
+ */
+ private String oaType;
+
+ /**
+ * specifies whether the online application is a business application or not
+ * (<code>true</code> if value of {@link #oaType} is "businessService"
+ */
+ private boolean businessService;
+
+ /**
+ * public URL prefix of the online application
+ */
+ private String publicURLPrefix;
+
+ /**
+ * specifies a human readable name of the Online Application
+ */
+ private String friendlyName;
+
+ /**
+ * specified a specific target for the Online Application (overwrites the target in der request)
+ */
+ private String target;
+ /**
+ * specifies a friendly name for the target
+ */
+ private String targetFriendlyName;
+
+ /**
+ * Returns the type of the online application.
+ * @return the type of the online application.
+ */
+ public String getOaType() {
+ return oaType;
+ }
+
+ /**
+ * Returns <code>true</code> is the OA is a businss application, otherwise
+ * <code>false</code>.
+ * @return <code>true</code> is the OA is a businss application, otherwise
+ * <code>false</code>
+ */
+ public boolean getBusinessService() {
+ return this.businessService;
+ }
+
+ /**
+ * Returns the publicURLPrefix.
+ * @return String
+ */
+ public String getPublicURLPrefix() {
+ return publicURLPrefix;
+ }
+
+ /**
+ *
+ * Sets the type of the online application.
+ * If the type is "businessService" the value of <code>businessService</code>
+ * ({@link #getBusinessService()}) is also set to <code>true</code>
+ * @param oaType The type of the online application.
+ */
+ public void setOaType(String oaType) {
+ this.oaType = oaType;
+ if ("businessService".equalsIgnoreCase(oaType)) {
+ this.businessService = true;
+ }
+ }
+
+ /**
+ * Sets the publicURLPrefix.
+ * @param publicURLPrefix The publicURLPrefix to set
+ */
+ public void setPublicURLPrefix(String publicURLPrefix) {
+ this.publicURLPrefix = publicURLPrefix;
+ }
+
+
+ /**
+ * Gets the friendly name of the OA
+ * @return Friendly Name of the OA
+ */
+ public String getFriendlyName() {
+ return friendlyName;
+ }
+
+ /**
+ * Sets the friendly name of the OA
+ * @param friendlyName
+ */
+ public void setFriendlyName(String friendlyName) {
+ this.friendlyName = friendlyName;
+ }
+
+ /**
+ * Gets the target of the OA
+ * @return target of the OA
+ */
+ public String getTarget() {
+ return target;
+ }
+
+ /**
+ * Sets the target of the OA
+ * @param target
+ */
+ public void setTarget(String target) {
+ this.target = target;
+ }
+
+ /**
+ * Gets the target friendly name of the OA
+ * @return target Friendly Name of the OA
+ */
+ public String getTargetFriendlyName() {
+ return targetFriendlyName;
+ }
+
+ /**
+ * Sets the target friendly name of the OA
+ * @param targetFriendlyName
+ */
+ public void setTargetFriendlyName(String targetFriendlyName) {
+ this.targetFriendlyName = targetFriendlyName;
+ }
+
+
+}
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/legacy/STORKConfig.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/legacy/STORKConfig.java
new file mode 100644
index 000000000..2d0a91fb9
--- /dev/null
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/legacy/STORKConfig.java
@@ -0,0 +1,90 @@
+/**
+ *
+ */
+package at.gv.egovernment.moa.id.config.legacy;
+
+import java.util.HashMap;
+import java.util.Map;
+
+import at.gv.egovernment.moa.util.StringUtils;
+
+/**
+ * Encapsulates several STORK configuration parameters according MOA configuration
+ *
+ * @author bzwattendorfer
+ *
+ */
+public class STORKConfig {
+
+ /** STORK SAML signature creation parameters */
+ private SignatureCreationParameter signatureCreationParameter;
+
+ /** STORK SAML signature verification parameters */
+ private SignatureVerificationParameter signatureVerificationParameter;
+
+ /** Map of supported C-PEPSs */
+ private Map<String, CPEPS> cpepsMap = new HashMap<String, CPEPS>();
+
+
+ /**
+ * Constructs a STORK Config object
+ * @param signatureCreationParameter STORK SAML Signature creation parameters
+ * @param signatureVerificationParameter STORK SAML Signature verification parameters
+ * @param cpepsMap Map of supported C-PEPS
+ */
+ public STORKConfig(SignatureCreationParameter signatureCreationParameter,
+ SignatureVerificationParameter signatureVerificationParameter,
+ Map<String, CPEPS> cpepsMap) {
+ super();
+ this.signatureCreationParameter = signatureCreationParameter;
+ this.signatureVerificationParameter = signatureVerificationParameter;
+ this.cpepsMap = cpepsMap;
+ }
+
+ public SignatureCreationParameter getSignatureCreationParameter() {
+ return signatureCreationParameter;
+ }
+
+ public void setSignatureCreationParameter(
+ SignatureCreationParameter signatureCreationParameter) {
+ this.signatureCreationParameter = signatureCreationParameter;
+ }
+
+ public SignatureVerificationParameter getSignatureVerificationParameter() {
+ return signatureVerificationParameter;
+ }
+
+ public void setSignatureVerificationParameter(
+ SignatureVerificationParameter signatureVerificationParameter) {
+ this.signatureVerificationParameter = signatureVerificationParameter;
+ }
+
+ public Map<String, CPEPS> getCpepsMap() {
+ return cpepsMap;
+ }
+
+ public void setCpepsMap(Map<String, CPEPS> cpepsMap) {
+ this.cpepsMap = cpepsMap;
+ }
+
+ public boolean isSTORKAuthentication(String ccc) {
+
+ if (StringUtils.isEmpty(ccc) || this.cpepsMap.isEmpty())
+ return false;
+
+ if (this.cpepsMap.containsKey(ccc.toUpperCase()))
+ return true;
+ else
+ return false;
+
+ }
+
+ public CPEPS getCPEPS(String ccc) {
+ if (isSTORKAuthentication(ccc))
+ return this.cpepsMap.get(ccc);
+ else
+ return null;
+ }
+
+
+}
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/legacy/SignatureCreationParameter.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/legacy/SignatureCreationParameter.java
new file mode 100644
index 000000000..fcccf41f0
--- /dev/null
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/legacy/SignatureCreationParameter.java
@@ -0,0 +1,112 @@
+/*
+ * Copyright 2003 Federal Chancellery Austria
+ * MOA-ID has been developed in a cooperation between BRZ, the Federal
+ * Chancellery Austria - ICT staff unit, and Graz University of Technology.
+ *
+ * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by
+ * the European Commission - subsequent versions of the EUPL (the "Licence");
+ * You may not use this work except in compliance with the Licence.
+ * You may obtain a copy of the Licence at:
+ * http://www.osor.eu/eupl/
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the Licence is distributed on an "AS IS" basis,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the Licence for the specific language governing permissions and
+ * limitations under the Licence.
+ *
+ * This product combines work with different licenses. See the "NOTICE" text
+ * file for details on the various modules and licenses.
+ * The "NOTICE" text file is part of the distribution. Any derivative works
+ * that you distribute must include a readable copy of the "NOTICE" text file.
+ */
+
+package at.gv.egovernment.moa.id.config.legacy;
+
+/**
+ * Encapsulates signature creation parameters according MOA configuration
+ *
+ * @author bzwattendorfer
+ *
+ */
+public class SignatureCreationParameter {
+
+ /** KeyStore Path */
+ private String keyStorePath;
+
+ /** KeyStore Password */
+ private String keyStorePassword;
+
+ /** Signing Key Name */
+ private String keyName;
+
+ /** Signing Key Password */
+ private String keyPassword;
+
+ /**
+ * Gets the KeyStore Path
+ * @return File Path to KeyStore
+ */
+ public String getKeyStorePath() {
+ return keyStorePath;
+ }
+
+ /**
+ * Sets the KeyStore Path
+ * @param keyStorePath Path to KeyStore
+ */
+ public void setKeyStorePath(String keyStorePath) {
+ this.keyStorePath = keyStorePath;
+ }
+
+ /**
+ * Gets the KeyStore Password
+ * @return Password to KeyStore
+ */
+ public String getKeyStorePassword() {
+ return keyStorePassword;
+ }
+
+ /**
+ * Sets the KeyStore Password
+ * @param keyStorePassword Password to KeyStore
+ */
+ public void setKeyStorePassword(String keyStorePassword) {
+ this.keyStorePassword = keyStorePassword;
+ }
+
+ /**
+ * Gets the Signing Key Name
+ * @return Siging Key Name
+ */
+ public String getKeyName() {
+ return keyName;
+ }
+
+ /**
+ * Sets the Signing Key Name
+ * @param keyName Signing Key Name
+ */
+ public void setKeyName(String keyName) {
+ this.keyName = keyName;
+ }
+
+ /**
+ * Gets the Signing Key Password
+ * @return Signing Key Password
+ */
+ public String getKeyPassword() {
+ return keyPassword;
+ }
+
+ /**
+ * Sets the Signing Key Password
+ * @param keyPassword Signing Key Password
+ */
+ public void setKeyPassword(String keyPassword) {
+ this.keyPassword = keyPassword;
+ }
+
+
+
+}
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/legacy/SignatureVerificationParameter.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/legacy/SignatureVerificationParameter.java
new file mode 100644
index 000000000..d01c8e541
--- /dev/null
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/legacy/SignatureVerificationParameter.java
@@ -0,0 +1,35 @@
+/**
+ *
+ */
+package at.gv.egovernment.moa.id.config.legacy;
+
+/**
+ * Encapsulates Signature Verification data for STORK according MOA configuration
+ *
+ * @author bzwattendorfer
+ *
+ */
+public class SignatureVerificationParameter {
+
+ /** ID of the MOA-SP TrustProfile to be used for STORK SAML signature verification */
+ private String trustProfileID;
+
+ /**
+ * Gets the MOA-SP TrustProfileID
+ * @return TrustProfileID of MOA-SP for STORK signature verification
+ */
+ public String getTrustProfileID() {
+ return trustProfileID;
+ }
+
+ /**
+ * Sets the MOA-SP TrustProfileID
+ * @param trustProfileID TrustProfileID of MOA-SP for STORK signature verification
+ */
+ public void setTrustProfileID(String trustProfileID) {
+ this.trustProfileID = trustProfileID;
+ }
+
+
+
+}
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/legacy/VerifyInfoboxParameter.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/legacy/VerifyInfoboxParameter.java
new file mode 100644
index 000000000..a482da430
--- /dev/null
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/legacy/VerifyInfoboxParameter.java
@@ -0,0 +1,411 @@
+/*
+ * Copyright 2003 Federal Chancellery Austria
+ * MOA-ID has been developed in a cooperation between BRZ, the Federal
+ * Chancellery Austria - ICT staff unit, and Graz University of Technology.
+ *
+ * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by
+ * the European Commission - subsequent versions of the EUPL (the "Licence");
+ * You may not use this work except in compliance with the Licence.
+ * You may obtain a copy of the Licence at:
+ * http://www.osor.eu/eupl/
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the Licence is distributed on an "AS IS" basis,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the Licence for the specific language governing permissions and
+ * limitations under the Licence.
+ *
+ * This product combines work with different licenses. See the "NOTICE" text
+ * file for details on the various modules and licenses.
+ * The "NOTICE" text file is part of the distribution. Any derivative works
+ * that you distribute must include a readable copy of the "NOTICE" text file.
+ */
+
+
+package at.gv.egovernment.moa.id.config.legacy;
+
+import java.io.IOException;
+import java.util.Iterator;
+import java.util.List;
+
+import javax.xml.transform.TransformerException;
+
+import org.apache.xpath.XPathAPI;
+import org.w3c.dom.Element;
+import org.w3c.dom.Node;
+import org.w3c.dom.NodeList;
+
+import at.gv.egovernment.moa.id.auth.data.Schema;
+import at.gv.egovernment.moa.util.Constants;
+import at.gv.egovernment.moa.util.DOMUtils;
+import at.gv.egovernment.moa.util.StringUtils;
+
+/**
+ * This class is a container for parameters that maybe needed for verifying an infobox.
+ *
+ * @author Harald Bratko
+ */
+public class VerifyInfoboxParameter {
+
+ /**
+ * The default package name (first part) of a infobox validator class.
+ */
+ public static final String DEFAULT_PACKAGE_TRUNK = "at.gv.egovernment.moa.id.auth.validator.";
+
+ /**
+ * The identifier of the infobox to be verified. This identifier must exactly the
+ * identifier of the infobox returned by BKU.
+ */
+ protected String identifier_;
+
+ /**
+ * The friendly name of the infobox.
+ * This name is used within browser messages, thus it should be the german equivalent of
+ * the {@link #identifier_ infobox identifier} (e.g. &quot;<code>Stellvertretungen</code>&quot;
+ * for &quot;<code>Mandates</code>&quot; or &quot;<code>GDAToken</code>&quot; for
+ * &quot;<code>EHSPToken</code>&quot;.
+ * <br>If not specified within the config file the {@link #identifier_ infobox identifier}
+ * will be used.
+ */
+ protected String friendlyName_;
+
+ /**
+ * The Id of the TrustProfile to be used for validating certificates.
+ */
+ protected String trustProfileID_;
+
+ /**
+ * The full name of the class to be used for verifying the infobox.
+ */
+ protected String validatorClassName_;
+
+ /**
+ * Schema location URIs that may be needed by the
+ * validator to parse infobox tokens.
+ * Each entry in the list is a {@link at.gv.egovernment.moa.id.auth.data.Schema Schema}
+ * specifying the location of an XML schema.
+ */
+ protected List schemaLocations_;
+
+ /**
+ * Application specific parameters that may be needed for verifying an infobox.
+ */
+ protected Element applicationSpecificParams_;
+
+ /**
+ * Specifies if the infobox is be required to be returned by the BKU.
+ */
+ protected boolean required_;
+
+ /**
+ * Specifies whether the <code>Stammzahl</code> should be passed to the verifying
+ * application or not.
+ */
+ protected boolean provideStammzahl_;
+
+ /**
+ * Specifies whether the <code>identity link</code> should be passed to the verifying
+ * application or not.
+ */
+ protected boolean provideIdentityLink_;
+
+ /**
+ * Initializes this VerifiyInfoboxParamater with the given identifier and a default
+ * validator class name.
+ *
+ * @param identifier The identifier of the infobox to be verified.
+ */
+ public VerifyInfoboxParameter(String identifier) {
+ identifier_ = identifier;
+ StringBuffer sb = new StringBuffer(DEFAULT_PACKAGE_TRUNK);
+ sb.append(identifier.toLowerCase());
+ sb.append(".");
+ sb.append(identifier.substring(0, 1).toUpperCase());
+ sb.append(identifier.substring(1));
+ sb.append("Validator");
+ validatorClassName_ = sb.toString();
+ }
+
+ /**
+ * Returns application specific parameters.
+ * Each child element of this element contains a verifying application specific parameter. {@link #applicationSpecificParams_}
+ *
+ * @see #applicationSpecificParams_
+ *
+ * @return Application specific parameters.
+ */
+ public Element getApplicationSpecificParams() {
+ return applicationSpecificParams_;
+ }
+
+ /**
+ * Sets the application specific parameters.
+ *
+ * @see #applicationSpecificParams_
+ *
+ * @param applicationSpecificParams The application specific parameters to set.
+ */
+ public void setApplicationSpecificParams(Element applicationSpecificParams) {
+ applicationSpecificParams_ = applicationSpecificParams;
+ }
+
+ /**
+ * Appends special application specific parameters for party representation.
+ *
+ * @param applicationSpecificParams The application specific parameters for party representation to set.
+ */
+ public void appendParepSpecificParams(Element applicationSpecificParams) {
+ try {
+ if (applicationSpecificParams_==null) {
+ applicationSpecificParams_ = applicationSpecificParams.getOwnerDocument().createElement("ApplicationSpecificParameters");
+ }
+ Element nameSpaceNode = applicationSpecificParams.getOwnerDocument().createElement("NameSpaceNode");
+ nameSpaceNode.setAttribute("xmlns:" + Constants.MOA_ID_CONFIG_PREFIX, Constants.MOA_ID_CONFIG_NS_URI);
+ NodeList nodeList = XPathAPI.selectNodeList(applicationSpecificParams, "*", nameSpaceNode);
+ if (null!=nodeList) {
+ for (int i=0; i<nodeList.getLength(); i++) {
+ applicationSpecificParams_.appendChild((Node) nodeList.item(i));
+ }
+ }
+ } catch (TransformerException e) {
+ //Do nothing
+ }
+ }
+
+ /**
+ * Returns the friendly name.
+ *
+ * @see #friendlyName_
+ *
+ * @return The friendly name.
+ */
+ public String getFriendlyName() {
+ return friendlyName_;
+ }
+
+ /**
+ * Sets the friendly name.
+ *
+ * @param friendlyName The friendly name to set.
+ */
+ public void setFriendlyName(String friendlyName) {
+ friendlyName_ = friendlyName;
+ }
+
+ /**
+ * Returns the infobox identifier.
+ *
+ * @see #identifier_
+ *
+ * @return The infobox identifier.
+ */
+ public String getIdentifier() {
+ return identifier_;
+ }
+
+ /**
+ * Sets the the infobox identifier.
+ *
+ * @see #identifier_
+ *
+ * @param identifier The infobox identifier to set.
+ */
+ public void setIdentifier(String identifier) {
+ identifier_ = identifier;
+ }
+
+ /**
+ * Specifies whether the identity link should be passed to the verifying application
+ * or not.
+ *
+ * @return <code>True</code> if the identity link should be passed to the verifying
+ * application, otherwise <code>false</code>.
+ */
+ public boolean getProvideIdentityLink() {
+ return provideIdentityLink_;
+ }
+
+ /**
+ * Sets the {@link #provideIdentityLink_} parameter.
+ *
+ * @param provideIdentityLink <code>True</code> if the identity link should be passed to
+ * the verifying application, otherwise <code>false</code>.
+ */
+ public void setProvideIdentityLink(boolean provideIdentityLink) {
+ provideIdentityLink_ = provideIdentityLink;
+ }
+
+ /**
+ * Specifies whether the <code>Stammzahl</code> should be passed to the verifying
+ * application or not.
+ *
+ * @return <code>True</code> if the <code>Stammzahl</code> should be passed to the
+ * verifying application, otherwise <code>false</code>.
+ */
+ public boolean getProvideStammzahl() {
+ return provideStammzahl_;
+ }
+
+ /**
+ * Sets the {@link #provideStammzahl_} parameter.
+ *
+ * @param provideStammzahl <code>True</code> if the <code>Stammzahl</code> should be
+ * passed to the verifying application, otherwise <code>false</code>.
+ */
+ public void setProvideStammzahl(boolean provideStammzahl) {
+ provideStammzahl_ = provideStammzahl;
+ }
+
+ /**
+ * Specifies whether the infobox is required or not.
+ *
+ * @return <code>True</code> if the infobox is required to be returned by the BKU,
+ * otherwise <code>false</code>.
+ */
+ public boolean isRequired() {
+ return required_;
+ }
+
+ /**
+ * Sets the {@link #required_} parameter.
+ *
+ * @param required <code>True</code> if the infobox is required to be returned by the
+ * BKU, otherwise <code>false</code>.
+ */
+ public void setRequired(boolean required) {
+ required_ = required;
+ }
+
+ /**
+ * Schema location URIs that may be needed by the
+ * validator to parse infobox tokens.
+ * Each entry in the list is a {@link at.gv.egovernment.moa.id.auth.data.Schema Schema}
+ * specifying the location of an XML schema.
+ *
+ * @return A list of {@link at.gv.egovernment.moa.id.auth.data.Schema Schema} objects
+ * each of them specifying the location of an XML schema.
+ */
+ public List getSchemaLocations() {
+ return schemaLocations_;
+ }
+
+ /**
+ * Sets the schema locations.
+ *
+ * @see #schemaLocations_
+ *
+ * @param schemaLocations The schema location list to be set.
+ */
+ public void setSchemaLocations(List schemaLocations) {
+ schemaLocations_ = schemaLocations;
+ }
+
+ /**
+ * Returns the ID of the trust profile to be used for verifying certificates.
+ *
+ * @return The ID of the trust profile to be used for verifying certificates.
+ * Maybe <code>null</code>.
+ */
+ public String getTrustProfileID() {
+ return trustProfileID_;
+ }
+
+ /**
+ * Sets the ID of the trust profile to be used for verifying certificates.
+ *
+ * @param trustProfileID The ID of the trust profile to be used for verifying certificates.
+ */
+ public void setTrustProfileID(String trustProfileID) {
+ trustProfileID_ = trustProfileID;
+ }
+
+ /**
+ * Returns the name of the class to be used for verifying this infobox.
+ *
+ * @return The name of the class to be used for verifying this infobox.
+ */
+ public String getValidatorClassName() {
+ return validatorClassName_;
+ }
+
+ /**
+ * Sets the name of the class to be used for verifying this infobox.
+ *
+ * @param validatorClassName The name of the class to be used for verifying this infobox.
+ */
+ public void setValidatorClassName(String validatorClassName) {
+ validatorClassName_ = validatorClassName;
+ }
+
+ /**
+ * Get a string representation of this object.
+ * This method is for debugging purposes only.
+ *
+ * @return A string representation of this object.
+ */
+ public String toString() {
+
+ StringBuffer buffer = new StringBuffer(1024);
+
+ buffer.append(" <Infobox Identifier=\"");
+ buffer.append(identifier_);
+ buffer.append("\" required=\"");
+ buffer.append(required_);
+ buffer.append("\" provideStammzahl=\"");
+ buffer.append(provideStammzahl_);
+ buffer.append("\" provideIdentityLink=\"");
+ buffer.append(provideIdentityLink_);
+ buffer.append("\">");
+ buffer.append("\n");
+ if (friendlyName_ != null) {
+ buffer.append(" <FriendlyName>");
+ buffer.append(friendlyName_);
+ buffer.append("</FriendlyName>");
+ buffer.append("\n");
+ }
+ if (trustProfileID_ != null) {
+ buffer.append(" <TrustProfileID>");
+ buffer.append(trustProfileID_);
+ buffer.append("</TrustProfileID>");
+ buffer.append("\n");
+ }
+ if (validatorClassName_ != null) {
+ buffer.append(" <ValidatorClass>");
+ buffer.append(validatorClassName_);
+ buffer.append("</ValidatorClass>");
+ buffer.append("\n");
+ }
+ if (schemaLocations_ != null) {
+ buffer.append(" <SchemaLocations>");
+ buffer.append("\n");
+ Iterator it = schemaLocations_.iterator();
+ while (it.hasNext()) {
+ buffer.append(" <Schema namespace=\"");
+ Schema schema = (Schema)it.next();
+ buffer.append(schema.getNamespace());
+ buffer.append("\" schemaLocation=\"");
+ buffer.append(schema.getSchemaLocation());
+ buffer.append("\"/>\n");
+ }
+ buffer.append(" </SchemaLocations>");
+ buffer.append("\n");
+ }
+ if (applicationSpecificParams_ != null) {
+ try {
+ String applicationSpecificParams = DOMUtils.serializeNode(applicationSpecificParams_);
+ buffer.append(" ");
+ buffer.append(StringUtils.removeXMLDeclaration(applicationSpecificParams));
+ buffer.append("\n");
+ } catch (TransformerException e) {
+ // do nothing
+ } catch (IOException e) {
+ // do nothing
+ }
+ }
+ buffer.append(" </Infobox>");
+
+
+ return buffer.toString() ;
+ }
+
+}
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/legacy/VerifyInfoboxParameters.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/legacy/VerifyInfoboxParameters.java
new file mode 100644
index 000000000..c7f5aa7ff
--- /dev/null
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/legacy/VerifyInfoboxParameters.java
@@ -0,0 +1,159 @@
+/*
+ * Copyright 2003 Federal Chancellery Austria
+ * MOA-ID has been developed in a cooperation between BRZ, the Federal
+ * Chancellery Austria - ICT staff unit, and Graz University of Technology.
+ *
+ * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by
+ * the European Commission - subsequent versions of the EUPL (the "Licence");
+ * You may not use this work except in compliance with the Licence.
+ * You may obtain a copy of the Licence at:
+ * http://www.osor.eu/eupl/
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the Licence is distributed on an "AS IS" basis,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the Licence for the specific language governing permissions and
+ * limitations under the Licence.
+ *
+ * This product combines work with different licenses. See the "NOTICE" text
+ * file for details on the various modules and licenses.
+ * The "NOTICE" text file is part of the distribution. Any derivative works
+ * that you distribute must include a readable copy of the "NOTICE" text file.
+ */
+
+
+package at.gv.egovernment.moa.id.config.legacy;
+
+import java.util.Hashtable;
+import java.util.Iterator;
+import java.util.List;
+import java.util.Map;
+
+/**
+ * This class contains the parameters for verifying all the infoboxes configured for an
+ * online application.
+ *
+ * @author Harald Bratko
+ */
+public class VerifyInfoboxParameters {
+
+ /**
+ * A map of {@link VerifyInfoboxParameter} objects.
+ * Each of these objects contains parameters that maybe needed for validating an
+ * infobox.
+ */
+ protected Map infoboxParameters_;
+
+ /**
+ * A list of the identifiers of the infoboxes supported by this
+ * VerifyInfoboxParameters;
+ */
+ protected List identifiers_;
+
+ /**
+ * Holds the (comma separated) identifiers of those infoboxes MOA-IF is able to validate
+ * in the context of the actual online application.
+ * The string will be added as value of the <code>PushInfobox</code> parameter in the
+ * HTML form used for reading the infoboxes from the BKU.
+ */
+ protected String pushInfobox_;
+
+ /**
+ * Initializes this VerifyInfoboxParameters with an empty {@link #infoboxParameters_}
+ * map.
+ */
+ public VerifyInfoboxParameters() {
+ infoboxParameters_ = new Hashtable();
+ pushInfobox_ = "";
+ }
+
+ /**
+ * Initializes this VerifyInfoboxParameters with the given
+ * <code>infoboxParameters</code> map and builds the {@link #pushInfobox_} string
+ * from the keys of the given map.
+ */
+ public VerifyInfoboxParameters(List identifiers, Map infoboxParameters) {
+ identifiers_ = identifiers;
+ infoboxParameters_ = infoboxParameters;
+ // build the pushInfobox string
+ if ((identifiers != null) && (!identifiers.isEmpty())) {
+ StringBuffer identifiersSB = new StringBuffer();
+ int identifiersNum = identifiers.size();
+ int i = 1;
+ Iterator it = identifiers.iterator();
+ while (it.hasNext()) {
+ identifiersSB.append((String)it.next());
+ if (i != identifiersNum) {
+ identifiersSB.append(",");
+ }
+ i++;
+ }
+ pushInfobox_ = identifiersSB.toString();
+ } else {
+ pushInfobox_ = "";
+ }
+ }
+
+ /**
+ * Returns the (comma separated) identifiers of the infoboxes configured for the actual
+ * online application.
+ *
+ * @see #pushInfobox_
+ *
+ * @return The (comma separated) identifiers of the infoboxes configured for the actual
+ * online application.
+ */
+ public String getPushInfobox() {
+ return pushInfobox_;
+ }
+
+ /**
+ * Sets the {@link #pushInfobox_} string.
+ *
+ * @param pushInfobox The pushInfobox string to be set.
+ */
+ public void setPushInfobox(String pushInfobox) {
+ pushInfobox_ = pushInfobox;
+ }
+
+ /**
+ * Returns map of {@link VerifyInfoboxParameter} objects.
+ * Each of these objects contains parameters that maybe needed for validating an
+ * infobox.
+ *
+ * @return The map of {@link VerifyInfoboxParameter} objects.
+ */
+ public Map getInfoboxParameters() {
+ return infoboxParameters_;
+ }
+
+ /**
+ * Sets the map of {@link VerifyInfoboxParameter} objects.
+ *
+ * @see #infoboxParameters_
+ *
+ * @param infoboxParameters The infoboxParameters to set.
+ */
+ public void setInfoboxParameters(Map infoboxParameters) {
+ infoboxParameters_ = infoboxParameters;
+ }
+
+ /**
+ * Returns the identifiers of the supported infoboxes.
+ *
+ * @return The identifiers.
+ */
+ public List getIdentifiers() {
+ return identifiers_;
+ }
+
+ /**
+ * Sets the identifiers.
+ *
+ * @param identifiers The identifiers to set.
+ */
+ public void setIdentifiers(List identifiers) {
+ identifiers_ = identifiers;
+ }
+
+}
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/proxy/OAProxyParameter.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/proxy/OAProxyParameter.java
index ed0de8ebe..d14d570ab 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/proxy/OAProxyParameter.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/proxy/OAProxyParameter.java
@@ -24,8 +24,8 @@
package at.gv.egovernment.moa.id.config.proxy;
-import at.gv.egovernment.moa.id.config.ConnectionParameter;
-import at.gv.egovernment.moa.id.config.OAParameter;
+import at.gv.egovernment.moa.id.config.legacy.ConnectionParameter;
+import at.gv.egovernment.moa.id.config.legacy.OAParameter;
/**
* Configuration parameters belonging to an online application,
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/proxy/ProxyConfigurationBuilder.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/proxy/ProxyConfigurationBuilder.java
index bf8cbcdce..094e7162e 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/proxy/ProxyConfigurationBuilder.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/proxy/ProxyConfigurationBuilder.java
@@ -33,9 +33,9 @@ import org.w3c.dom.Element;
import org.w3c.dom.NodeList;
import org.w3c.dom.traversal.NodeIterator;
-import at.gv.egovernment.moa.id.config.ConfigurationBuilder;
+import at.gv.egovernment.moa.id.config.legacy.ConfigurationBuilder;
import at.gv.egovernment.moa.id.config.ConfigurationException;
-import at.gv.egovernment.moa.id.config.ConnectionParameter;
+import at.gv.egovernment.moa.id.config.legacy.ConnectionParameter;
import at.gv.egovernment.moa.logging.Logger;
import at.gv.egovernment.moa.util.DOMUtils;
import at.gv.egovernment.moa.util.FileUtils;
@@ -131,7 +131,7 @@ public class ProxyConfigurationBuilder extends ConfigurationBuilder {
String name = XPathUtils.getAttributeValue(paramAuthElem, "@Name", null);
String value = XPathUtils.getAttributeValue(paramAuthElem, "@Value", null);
if (paramAuthMap.containsKey(name))
- throw new ConfigurationException("config.06", new Object[]{"Doppelter Wert für Parameter per HeaderAuthentication"});
+ throw new ConfigurationException("config.06", new Object[]{"Doppelter Wert für Parameter per HeaderAuthentication"});
paramAuthMap.put(name, value);
}
oaConfiguration.setParamAuthMapping(paramAuthMap);
@@ -153,7 +153,7 @@ public class ProxyConfigurationBuilder extends ConfigurationBuilder {
XPathUtils.getAttributeValue(headerAuthElem, "@Value", null);
// Contains Key (Neue Config-Exception: doppelte werte)
if (headerAuthMap.containsKey(name))
- throw new ConfigurationException("config.06", new Object[]{"Doppelter Wert für Parameter per HeaderAuthentication"});
+ throw new ConfigurationException("config.06", new Object[]{"Doppelter Wert für Parameter per HeaderAuthentication"});
headerAuthMap.put(name, value);
}
oaConfiguration.setHeaderAuthMapping(headerAuthMap);
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/proxy/ProxyConfigurationProvider.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/proxy/ProxyConfigurationProvider.java
index 86ae93a4b..1c9c1caa8 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/proxy/ProxyConfigurationProvider.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/proxy/ProxyConfigurationProvider.java
@@ -33,7 +33,7 @@ import org.w3c.dom.Element;
import at.gv.egovernment.moa.id.config.ConfigurationException;
import at.gv.egovernment.moa.id.config.ConfigurationProvider;
-import at.gv.egovernment.moa.id.config.ConnectionParameter;
+import at.gv.egovernment.moa.id.config.legacy.ConnectionParameter;
import at.gv.egovernment.moa.logging.Logger;
import at.gv.egovernment.moa.util.DOMUtils;
import at.gv.egovernment.moa.util.FileUtils;
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/stork/STORKConfig.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/stork/STORKConfig.java
index 485a44421..39f5479ce 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/stork/STORKConfig.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/stork/STORKConfig.java
@@ -3,9 +3,32 @@
*/
package at.gv.egovernment.moa.id.config.stork;
+import iaik.util.logging.Log;
+
+import java.io.IOException;
+import java.net.MalformedURLException;
+import java.net.URL;
+import java.util.ArrayList;
import java.util.HashMap;
+import java.util.List;
import java.util.Map;
+import java.util.Properties;
+
+import javax.xml.parsers.ParserConfigurationException;
+
+import org.opensaml.saml2.metadata.RequestedAttribute;
+import org.opensaml.ws.message.encoder.MessageEncodingException;
+import org.w3c.dom.Element;
+import org.xml.sax.SAXException;
+
+import eu.stork.vidp.messages.util.SAMLUtil;
+import eu.stork.vidp.messages.util.XMLUtil;
+import at.gv.egovernment.moa.id.commons.db.dao.config.RequestedAttributeType;
+import at.gv.egovernment.moa.id.commons.db.dao.config.SAMLSigningParameter;
+import at.gv.egovernment.moa.id.commons.db.dao.config.STORK;
+import at.gv.egovernment.moa.id.commons.db.dao.config.SignatureVerificationParameterType;
+import at.gv.egovernment.moa.logging.Logger;
import at.gv.egovernment.moa.util.StringUtils;
/**
@@ -17,55 +40,88 @@ import at.gv.egovernment.moa.util.StringUtils;
public class STORKConfig {
/** STORK SAML signature creation parameters */
- private SignatureCreationParameter signatureCreationParameter;
+ private Properties props = null;
+ private Map<String, CPEPS> cpepsMap = null;
+ private String basedirectory = null;
+ private SignatureVerificationParameter sigverifyparam = null;
- /** STORK SAML signature verification parameters */
- private SignatureVerificationParameter signatureVerificationParameter;
- /** Map of supported C-PEPSs */
- private Map<String, CPEPS> cpepsMap = new HashMap<String, CPEPS>();
-
-
- /**
- * Constructs a STORK Config object
- * @param signatureCreationParameter STORK SAML Signature creation parameters
- * @param signatureVerificationParameter STORK SAML Signature verification parameters
- * @param cpepsMap Map of supported C-PEPS
- */
- public STORKConfig(SignatureCreationParameter signatureCreationParameter,
- SignatureVerificationParameter signatureVerificationParameter,
- Map<String, CPEPS> cpepsMap) {
- super();
- this.signatureCreationParameter = signatureCreationParameter;
- this.signatureVerificationParameter = signatureVerificationParameter;
- this.cpepsMap = cpepsMap;
- }
+ public STORKConfig(STORK stork, Properties props, String basedirectory) {
+ this.basedirectory = basedirectory;
+ this.props = props;
+
+ //create CPEPS map
+ List<at.gv.egovernment.moa.id.commons.db.dao.config.CPEPS> cpeps = stork.getCPEPS();
+
+ cpepsMap = new HashMap<String, CPEPS>();
+
+ for(at.gv.egovernment.moa.id.commons.db.dao.config.CPEPS cpep : cpeps) {
+
+ try {
+ CPEPS moacpep = new CPEPS(cpep.getCountryCode(), new URL(cpep.getURL()));
+
+ List<String> attr = cpep.getAttributeValue();
+
+ ArrayList<RequestedAttribute> requestedAttributes = new ArrayList<RequestedAttribute>();
+
+ for (String e1 : attr) {
+ Element element = XMLUtil.stringToDOM(e1);
+ RequestedAttribute requestedAttribute = (RequestedAttribute) SAMLUtil.unmarshallMessage(element);
+ requestedAttributes.add(requestedAttribute);
+ }
+ moacpep.setCountrySpecificRequestedAttributes(requestedAttributes);
+
+ cpepsMap.put(cpep.getCountryCode(), moacpep);
+
+ } catch (MalformedURLException e) {
+ Logger.warn("Error in MOA-ID Configuration. CPEP entry for country "
+ + cpep.getCountryCode() + " has an invalid URL and is ignored.");
+ } catch (ParserConfigurationException e) {
+ Logger.warn("Error in MOA-ID Configuration. CPEP entry for country "
+ + cpep.getCountryCode() + " has an invalid Attribute and is ignored.");
+ } catch (SAXException e) {
+ Logger.warn("Error in MOA-ID Configuration. CPEP entry for country "
+ + cpep.getCountryCode() + " has an invalid Attribute and is ignored.");
+ } catch (IOException e) {
+ Logger.warn("Error in MOA-ID Configuration. CPEP entry for country "
+ + cpep.getCountryCode() + " has an invalid Attribute and is ignored.");
+ } catch (MessageEncodingException e) {
+ Logger.warn("Error in MOA-ID Configuration. CPEP entry for country "
+ + cpep.getCountryCode() + " has an invalid Attribute and is ignored.");
+ }
+ }
+
+ SAMLSigningParameter samlsign = stork.getSAMLSigningParameter();
+
+ if (samlsign == null) {
+ Log.warn("Error in MOA-ID Configuration. No STORK->SAMLSigningParameter configuration found.");
- public SignatureCreationParameter getSignatureCreationParameter() {
- return signatureCreationParameter;
+ } else {
+ SignatureVerificationParameterType sigverify = samlsign.getSignatureVerificationParameter();
+
+ if (sigverify == null) {
+ Log.warn("Error in MOA-ID Configuration. No STORK->SignatureVerificationParameter configuration found.");
+
+ } else {
+ sigverifyparam = new SignatureVerificationParameter(sigverify.getTrustProfileID());
+ }
+ }
+
}
- public void setSignatureCreationParameter(
- SignatureCreationParameter signatureCreationParameter) {
- this.signatureCreationParameter = signatureCreationParameter;
+ public SignatureCreationParameter getSignatureCreationParameter() {
+
+ return new SignatureCreationParameter(props, basedirectory);
}
public SignatureVerificationParameter getSignatureVerificationParameter() {
- return signatureVerificationParameter;
- }
-
- public void setSignatureVerificationParameter(
- SignatureVerificationParameter signatureVerificationParameter) {
- this.signatureVerificationParameter = signatureVerificationParameter;
+
+ return sigverifyparam;
}
public Map<String, CPEPS> getCpepsMap() {
return cpepsMap;
}
-
- public void setCpepsMap(Map<String, CPEPS> cpepsMap) {
- this.cpepsMap = cpepsMap;
- }
public boolean isSTORKAuthentication(String ccc) {
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/stork/SignatureCreationParameter.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/stork/SignatureCreationParameter.java
index 1f66b7752..4010ab491 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/stork/SignatureCreationParameter.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/stork/SignatureCreationParameter.java
@@ -23,6 +23,8 @@
package at.gv.egovernment.moa.id.config.stork;
+import java.util.Properties;
+
/**
* Encapsulates signature creation parameters according MOA configuration
*
@@ -31,32 +33,26 @@ package at.gv.egovernment.moa.id.config.stork;
*/
public class SignatureCreationParameter {
- /** KeyStore Path */
- private String keyStorePath;
+ private static final String PROPS_PREFIX = "stork.samlsigningparameter.signaturecreation.";
+ private static final String PROPS_KEYSTORE_FILE = "keystore.file";
+ private static final String PROPS_KEYSTORE_PASS = "keystore.password";
+ private static final String PROPS_KEYNAME_NAME = "keyname.name";
+ private static final String PROPS_KEYNAME_PASS = "keyname.password";
- /** KeyStore Password */
- private String keyStorePassword;
+ private Properties props;
+ private String basedirectory;
- /** Signing Key Name */
- private String keyName;
+ SignatureCreationParameter(Properties props, String basedirectory) {
+ this.props = props;
+ this.basedirectory = basedirectory;
+ }
- /** Signing Key Password */
- private String keyPassword;
-
/**
* Gets the KeyStore Path
* @return File Path to KeyStore
*/
public String getKeyStorePath() {
- return keyStorePath;
- }
-
- /**
- * Sets the KeyStore Path
- * @param keyStorePath Path to KeyStore
- */
- public void setKeyStorePath(String keyStorePath) {
- this.keyStorePath = keyStorePath;
+ return basedirectory + props.getProperty(PROPS_PREFIX+PROPS_KEYSTORE_FILE);
}
/**
@@ -64,15 +60,7 @@ public class SignatureCreationParameter {
* @return Password to KeyStore
*/
public String getKeyStorePassword() {
- return keyStorePassword;
- }
-
- /**
- * Sets the KeyStore Password
- * @param keyStorePassword Password to KeyStore
- */
- public void setKeyStorePassword(String keyStorePassword) {
- this.keyStorePassword = keyStorePassword;
+ return props.getProperty(PROPS_PREFIX+PROPS_KEYSTORE_PASS);
}
/**
@@ -80,15 +68,7 @@ public class SignatureCreationParameter {
* @return Siging Key Name
*/
public String getKeyName() {
- return keyName;
- }
-
- /**
- * Sets the Signing Key Name
- * @param keyName Signing Key Name
- */
- public void setKeyName(String keyName) {
- this.keyName = keyName;
+ return props.getProperty(PROPS_PREFIX+PROPS_KEYNAME_NAME);
}
/**
@@ -96,17 +76,6 @@ public class SignatureCreationParameter {
* @return Signing Key Password
*/
public String getKeyPassword() {
- return keyPassword;
+ return props.getProperty(PROPS_PREFIX+PROPS_KEYNAME_PASS);
}
-
- /**
- * Sets the Signing Key Password
- * @param keyPassword Signing Key Password
- */
- public void setKeyPassword(String keyPassword) {
- this.keyPassword = keyPassword;
- }
-
-
-
}
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/stork/SignatureVerificationParameter.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/stork/SignatureVerificationParameter.java
index 2d8402e4d..211c7dde4 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/stork/SignatureVerificationParameter.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/stork/SignatureVerificationParameter.java
@@ -14,6 +14,10 @@ public class SignatureVerificationParameter {
/** ID of the MOA-SP TrustProfile to be used for STORK SAML signature verification */
private String trustProfileID;
+ public SignatureVerificationParameter(String trustProfileID2) {
+ this.trustProfileID = trustProfileID2;
+ }
+
/**
* Gets the MOA-SP TrustProfileID
* @return TrustProfileID of MOA-SP for STORK signature verification
@@ -22,14 +26,6 @@ public class SignatureVerificationParameter {
return trustProfileID;
}
- /**
- * Sets the MOA-SP TrustProfileID
- * @param trustProfileID TrustProfileID of MOA-SP for STORK signature verification
- */
- public void setTrustProfileID(String trustProfileID) {
- this.trustProfileID = trustProfileID;
- }
-
}
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/data/AuthenticationData.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/data/AuthenticationData.java
index 79f3b4e30..4bbd221a5 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/data/AuthenticationData.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/data/AuthenticationData.java
@@ -24,8 +24,11 @@
package at.gv.egovernment.moa.id.data;
+import java.io.Serializable;
import java.util.Date;
+import at.gv.egovernment.moa.id.auth.data.IdentityLink;
+
/**
* Encapsulates authentication data contained in a <code>&lt;saml:Assertion&gt;</code>.
*
@@ -33,8 +36,12 @@ import java.util.Date;
* @version $Id$
*/
-public class AuthenticationData {
+public class AuthenticationData implements Serializable {
/**
+ *
+ */
+ private static final long serialVersionUID = -1042697056735596866L;
+/**
* major version number of the SAML assertion
*/
private int majorVersion;
@@ -62,15 +69,23 @@ public class AuthenticationData {
/**
* user identification type
*/
- private String identificationType;
+ private String identificationType;
+
+ /**
+ * user identityLink specialized to OAParamter
+ */
+ private IdentityLink identityLink;
+
/**
- * application specific user identifier (bPK)
+ * application specific user identifier (bPK/wbPK)
*/
private String bPK;
+
/**
- * private sector-specific personal identifier (wbPK)
+ * application specific user identifier type
*/
- private String wbPK;
+ private String bPKType;
+
/**
* given name of the user
*/
@@ -162,13 +177,13 @@ public class AuthenticationData {
return bPK;
}
- /**
- * Returns the wbPK.
- * @return String the wbPK.
- */
- public String getWBPK() {
- return wbPK;
- }
+// /**
+// * Returns the wbPK.
+// * @return String the wbPK.
+// */
+// public String getWBPK() {
+// return wbPK;
+// }
/**
* Returns useUTC
@@ -218,13 +233,13 @@ public class AuthenticationData {
this.bPK = bPK;
}
- /**
- * Sets the wbPK.
- * @param wbPK The wbPK to set
- */
- public void setWBPK(String wbPK) {
- this.wbPK = wbPK;
- }
+// /**
+// * Sets the wbPK.
+// * @param wbPK The wbPK to set
+// */
+// public void setWBPK(String wbPK) {
+// this.wbPK = wbPK;
+// }
public void setUseUTC(boolean useUTC) {
this.useUTC = useUTC;
@@ -430,4 +445,29 @@ public class AuthenticationData {
return timestamp;
}
+public String getBPKType() {
+ return bPKType;
+}
+
+public void setBPKType(String bPKType) {
+ this.bPKType = bPKType;
+}
+
+/**
+ * @return the identityLink
+ */
+public IdentityLink getIdentityLink() {
+ return identityLink;
+}
+
+/**
+ * @param identityLink the identityLink to set
+ */
+public void setIdentityLink(IdentityLink identityLink) {
+ this.identityLink = identityLink;
+}
+
+
+
+
}
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/entrypoints/DispatcherServlet.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/entrypoints/DispatcherServlet.java
new file mode 100644
index 000000000..604077844
--- /dev/null
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/entrypoints/DispatcherServlet.java
@@ -0,0 +1,495 @@
+package at.gv.egovernment.moa.id.entrypoints;
+
+import iaik.util.logging.Log;
+
+import java.io.IOException;
+import java.util.ConcurrentModificationException;
+import java.util.HashMap;
+import java.util.Iterator;
+import java.util.List;
+import java.util.Map;
+import java.util.Set;
+import java.util.concurrent.ConcurrentHashMap;
+
+import javax.servlet.ServletConfig;
+import javax.servlet.ServletException;
+import javax.servlet.http.HttpServletRequest;
+import javax.servlet.http.HttpServletResponse;
+import javax.servlet.http.HttpSession;
+import javax.swing.ListModel;
+
+import at.gv.egovernment.moa.id.AuthenticationException;
+import at.gv.egovernment.moa.id.MOAIDException;
+import at.gv.egovernment.moa.id.auth.MOAIDAuthInitializer;
+import at.gv.egovernment.moa.id.auth.WrongParametersException;
+import at.gv.egovernment.moa.id.auth.data.AuthenticationSession;
+import at.gv.egovernment.moa.id.auth.servlet.AuthServlet;
+import at.gv.egovernment.moa.id.commons.db.ConfigurationDBUtils;
+import at.gv.egovernment.moa.id.config.auth.AuthConfigurationProvider;
+import at.gv.egovernment.moa.id.config.auth.OAAuthParameter;
+import at.gv.egovernment.moa.id.moduls.AuthenticationManager;
+import at.gv.egovernment.moa.id.moduls.IAction;
+import at.gv.egovernment.moa.id.moduls.IModulInfo;
+import at.gv.egovernment.moa.id.moduls.IRequest;
+import at.gv.egovernment.moa.id.moduls.ModulStorage;
+import at.gv.egovernment.moa.id.moduls.NoPassivAuthenticationException;
+import at.gv.egovernment.moa.id.moduls.RequestStorage;
+import at.gv.egovernment.moa.id.moduls.SSOManager;
+import at.gv.egovernment.moa.id.storage.AuthenticationSessionStoreage;
+import at.gv.egovernment.moa.id.storage.ExceptionStoreImpl;
+import at.gv.egovernment.moa.id.util.HTTPSessionUtils;
+import at.gv.egovernment.moa.id.util.MOAIDMessageProvider;
+import at.gv.egovernment.moa.id.util.Random;
+import at.gv.egovernment.moa.id.util.legacy.LegacyHelper;
+import at.gv.egovernment.moa.logging.Logger;
+
+public class DispatcherServlet extends AuthServlet{
+
+ /**
+ *
+ */
+ private static final long serialVersionUID = 1L;
+
+ public static final String PARAM_TARGET_MODULE = "mod";
+ public static final String PARAM_TARGET_ACTION = "action";
+ public static final String PARAM_TARGET_PENDINGREQUESTID = "pendingid";
+
+ @Override
+ public void init(ServletConfig config) throws ServletException {
+ try {
+ super.init(config);
+ MOAIDAuthInitializer.initialize();
+ Logger.info(MOAIDMessageProvider.getInstance().getMessage(
+ "init.00", null));
+ } catch (Exception ex) {
+ Logger.fatal(
+ MOAIDMessageProvider.getInstance().getMessage("init.02",
+ null), ex);
+ throw new ServletException(ex);
+ }
+ Logger.info("Dispatcher Servlet initialization");
+ }
+
+ protected void processRequest(HttpServletRequest req,
+ HttpServletResponse resp) throws ServletException, IOException {
+
+ boolean isValidSSOSession = false;
+ boolean useSSOOA = false;
+ String protocolRequestID = null;
+
+
+ try {
+ Logger.info("REQUEST: " + req.getRequestURI());
+ Logger.info("QUERY : " + req.getQueryString());
+ String errorid = req.getParameter(ERROR_CODE_PARAM);
+ if (errorid != null) {
+
+ Throwable throwable = ExceptionStoreImpl.getStore()
+ .fetchException(errorid);
+ ExceptionStoreImpl.getStore().removeException(errorid);
+
+ Object idObject = req.getParameter(PARAM_TARGET_PENDINGREQUESTID);
+
+ Map<String, IRequest> errorRequests = RequestStorage.getPendingRequest(req.getSession());
+
+ String pendingRequestID = null;
+ if (idObject != null && (idObject instanceof String)) {
+ if (errorRequests.containsKey((String)idObject))
+ pendingRequestID = (String) idObject;
+ }
+
+ if (throwable != null) {
+ if (errorRequests != null) {
+
+ synchronized (errorRequests) {
+
+ IRequest errorRequest = null;
+ if (pendingRequestID != null) {
+ errorRequest = errorRequests.get(pendingRequestID);
+
+ //remove the
+ RequestStorage.removePendingRequest(errorRequests, pendingRequestID);
+ }
+ else {
+ if (errorRequests.size() > 1) {
+ handleErrorNoRedirect(throwable.getMessage(), throwable,
+ req, resp);
+
+ } else {
+ Set<String> keys = errorRequests.keySet();
+ errorRequest = errorRequests.get(keys.toArray()[0]);
+ RequestStorage.removeAllPendingRequests(req.getSession());
+ }
+
+ }
+
+ if (errorRequest != null) {
+
+ try {
+ IModulInfo handlingModule = ModulStorage
+ .getModuleByPath(errorRequest
+ .requestedModule());
+ if (handlingModule != null) {
+ if (handlingModule.generateErrorMessage(
+ throwable, req, resp, errorRequest)) {
+ return;
+ }
+ }
+ } catch (Throwable e) {
+ Logger.error(e);
+ handleErrorNoRedirect(throwable.getMessage(),
+ throwable, req, resp);
+ }
+ }
+ else {
+ handleErrorNoRedirect(throwable.getMessage(), throwable,
+ req, resp);
+ }
+ }
+ handleErrorNoRedirect(throwable.getMessage(), throwable,
+ req, resp);
+
+ } else {
+ // TODO: use better string
+ handleErrorNoRedirect("UNKOWN ERROR DETECTED!", null, req,
+ resp);
+ }
+
+ return;
+ }
+ }
+
+ Object moduleObject = req.getParameter(PARAM_TARGET_MODULE);
+ String module = null;
+ if (moduleObject != null && (moduleObject instanceof String)) {
+ module = (String) moduleObject;
+ }
+
+ if (module == null) {
+ module = (String) req.getAttribute(PARAM_TARGET_MODULE);
+ }
+
+ Object actionObject = req.getParameter(PARAM_TARGET_ACTION);
+ String action = null;
+ if (actionObject != null && (actionObject instanceof String)) {
+ action = (String) actionObject;
+ }
+
+ if (action == null) {
+ action = req.getParameter(PARAM_TARGET_ACTION);
+ }
+
+ Logger.debug("dispatching to " + module + " protocol " + action);
+
+ IModulInfo info = ModulStorage.getModuleByPath(module);
+
+ IAction moduleAction = null;
+
+ if (info == null) {
+
+ Iterator<IModulInfo> modules = ModulStorage.getAllModules()
+ .iterator();
+ while (modules.hasNext()) {
+ info = modules.next();
+ moduleAction = info.canHandleRequest(req, resp);
+ if (moduleAction != null) {
+ action = moduleAction.getDefaultActionName();
+ module = info.getPath();
+ break;
+ }
+ info = null;
+ }
+
+ if (moduleAction == null) {
+ resp.sendError(HttpServletResponse.SC_NOT_FOUND);
+ Logger.error("Protocol " + module
+ + " has no module registered");
+ return;
+ }
+ }
+
+ if (moduleAction == null) {
+ moduleAction = info.getAction(action);
+
+ if (moduleAction == null) {
+ resp.sendError(HttpServletResponse.SC_NOT_FOUND);
+ Logger.error("Action " + action + " is not available!");
+ return;
+ }
+ }
+
+ HttpSession httpSession = req.getSession();
+ Map<String, IRequest> protocolRequests = null;
+ IRequest protocolRequest = null;
+
+ try {
+ protocolRequests = RequestStorage.getPendingRequest(httpSession);
+
+ Object idObject = req.getParameter(PARAM_TARGET_PENDINGREQUESTID);
+
+ if (protocolRequests != null &&
+ idObject != null && (idObject instanceof String)) {
+
+// synchronized (protocolRequests) {
+
+ protocolRequestID = (String) idObject;
+
+ //get IRequest if it exits
+ if (protocolRequests.containsKey(protocolRequestID)) {
+ protocolRequest = protocolRequests.get(protocolRequestID);
+
+
+
+ Logger.debug(DispatcherServlet.class.getName()+": Found PendingRequest with ID " + protocolRequestID);
+
+ //RequestStorage.setPendingRequest(httpSession, protocolRequests);
+
+ } else {
+ Logger.error("No PendingRequest with ID " + protocolRequestID + " found.!");
+
+ Set<String> mapkeys = protocolRequests.keySet();
+ for (String el : mapkeys)
+ Logger.debug("PendingRequest| ID=" + el + " OAIdentifier=" + protocolRequests.get(el));
+
+ handleErrorNoRedirect("Während des Anmeldevorgangs ist ein Fehler aufgetreten. Bitte versuchen Sie es noch einmal.",
+ null, req, resp);
+ //resp.sendError(HttpServletResponse.SC_CONFLICT);
+ return;
+ }
+// }
+ } else {
+ try {
+ protocolRequest = info.preProcess(req, resp, action);
+
+ if (protocolRequest != null) {
+
+ if(protocolRequests != null) {
+
+// synchronized (protocolRequests) {
+// synchronized (protocolRequest) {
+ Set<String> mapkeys = protocolRequests.keySet();
+ for (String el : mapkeys) {
+ IRequest value = protocolRequests.get(el);
+
+ if (value.getOAURL().equals(protocolRequest.getOAURL())) {
+
+ if(!AuthenticationSessionStoreage.deleteSessionWithPendingRequestID(el)) {
+ Logger.warn(DispatcherServlet.class.getName()+": NO MOASession with PendingRequestID " + el + " found. Delete all user sessions!");
+ RequestStorage.removeAllPendingRequests(req.getSession());
+
+ } else {
+ RequestStorage.removePendingRequest(protocolRequests, el);
+ }
+ }
+ }
+// }
+// }
+
+ } else {
+ protocolRequests = new ConcurrentHashMap<String, IRequest>();
+ }
+
+ synchronized (protocolRequest) {
+ synchronized (protocolRequests) {
+
+ //Start new Authentication
+ protocolRequest.setAction(action);
+ protocolRequest.setModule(module);
+ protocolRequestID = Random.nextRandom();
+ protocolRequest.setRequestID(protocolRequestID);
+ protocolRequests.put(protocolRequestID, protocolRequest);
+ Logger.debug(DispatcherServlet.class.getName()+": Create PendingRequest with ID " + protocolRequestID + ".");
+ }
+ }
+ }
+ } catch (MOAIDException e) {
+ resp.sendError(HttpServletResponse.SC_BAD_REQUEST);
+ Logger.error("Failed to generate a valid protocol request!");
+ return;
+ }
+
+ if (protocolRequest == null) {
+ resp.sendError(HttpServletResponse.SC_BAD_REQUEST);
+ Logger.error("Failed to generate a valid protocol request!");
+ return;
+ }
+ }
+
+
+ RequestStorage.setPendingRequest(httpSession, protocolRequests);
+
+ AuthenticationManager authmanager = AuthenticationManager.getInstance();
+ SSOManager ssomanager = SSOManager.getInstance();
+
+ String moasessionID = null;
+ AuthenticationSession moasession = null;
+
+ //get SSO Cookie for Request
+ String ssoId = ssomanager.getSSOSessionID(req);
+
+ boolean needAuthentication = moduleAction.needAuthentication(protocolRequest, req, resp);
+
+ if (needAuthentication) {
+
+ //check SSO session
+ if (ssoId != null) {
+ String correspondingMOASession = ssomanager.existsOldSSOSession(ssoId);
+
+ if (correspondingMOASession != null) {
+ Log.warn("Request sends an old SSO Session ID("+ssoId+")! " +
+ "Invalidate the corresponding MOASession with ID="+ correspondingMOASession);
+
+ AuthenticationSessionStoreage.destroySession(correspondingMOASession);
+ ssomanager.deleteSSOSessionID(req, resp);
+ }
+ }
+
+ //load Parameters from OnlineApplicationConfiguration
+ OAAuthParameter oaParam = AuthConfigurationProvider.getInstance()
+ .getOnlineApplicationParameter(protocolRequest.getOAURL());
+
+ if (oaParam == null) {
+ throw new AuthenticationException("auth.00", new Object[] { protocolRequest.getOAURL() });
+ }
+
+
+ isValidSSOSession = ssomanager.isValidSSOSession(ssoId, req);
+ useSSOOA = oaParam.useSSO();
+
+ //if a legacy request is used SSO should not be allowed, actually
+ boolean isUseMandateRequested = LegacyHelper.isUseMandateRequested(req);
+
+ if (protocolRequest.isPassiv()
+ && protocolRequest.forceAuth()) {
+ // conflict!
+ throw new NoPassivAuthenticationException();
+ }
+
+ boolean tryperform = authmanager.tryPerformAuthentication(
+ req, resp);
+
+ if (protocolRequest.forceAuth()) {
+ if (!tryperform) {
+ authmanager.doAuthentication(req, resp,
+ protocolRequest);
+ return;
+ }
+ } else if (protocolRequest.isPassiv()) {
+ if (tryperform || (isValidSSOSession && useSSOOA && !isUseMandateRequested) ) {
+ // Passive authentication ok!
+ } else {
+ throw new NoPassivAuthenticationException();
+ }
+ } else {
+ if (tryperform || (isValidSSOSession && useSSOOA && !isUseMandateRequested) ) {
+ // Is authenticated .. proceed
+ } else {
+ // Start authentication!
+ authmanager.doAuthentication(req, resp,
+ protocolRequest);
+ return;
+ }
+ }
+
+
+ if ((useSSOOA || isValidSSOSession)) //TODO: SSO with mandates requires an OVS extension
+ {
+
+ //TODO SSO Question!!!!
+ if (useSSOOA && isValidSSOSession) {
+
+ moasessionID = ssomanager.getMOASession(ssoId);
+ moasession = AuthenticationSessionStoreage.getSession(moasessionID);
+
+ //use new OAParameter
+ if (oaParam.useSSOQuestion() && !AuthenticationSessionStoreage.isAuthenticated(moasessionID)) {
+ authmanager.sendTransmitAssertionQuestion(req, resp, protocolRequest, oaParam);
+ return;
+ }
+ }
+ else {
+
+ //TODO: maybe transmit moasessionID with http GET to handle more then one PendingRequest!
+ moasessionID = (String) req.getParameter(PARAM_SESSIONID);
+
+// moasessionID = HTTPSessionUtils.getHTTPSessionString(req.getSession(),
+// AuthenticationManager.MOA_SESSION, null);
+
+ moasession = AuthenticationSessionStoreage.getSession(moasessionID);
+ }
+
+ //save SSO session usage in Database
+ String newSSOSessionId = ssomanager.storeSSOSessionInformations(moasessionID, protocolRequest.getOAURL());
+
+ if (newSSOSessionId != null) {
+ ssomanager.setSSOSessionID(req, resp, newSSOSessionId);
+
+ } else {
+ ssomanager.deleteSSOSessionID(req, resp);
+ }
+
+ } else {
+// moasessionID = HTTPSessionUtils.getHTTPSessionString(req.getSession(),
+// AuthenticationManager.MOA_SESSION, null);
+
+ moasessionID = (String) req.getParameter(PARAM_SESSIONID);
+
+ moasession = AuthenticationSessionStoreage.getSession(moasessionID);
+ }
+
+
+
+ }
+
+ moduleAction.processRequest(protocolRequest, req, resp, moasession);
+
+ RequestStorage.removePendingRequest(protocolRequests, protocolRequestID);
+
+ if (needAuthentication) {
+ boolean isSSOSession = AuthenticationSessionStoreage.isSSOSession(moasessionID);
+
+ if ((useSSOOA || isSSOSession) //TODO: SSO with mandates requires an OVS extension
+ && !moasession.getUseMandate())
+ {
+
+ } else {
+ authmanager.logout(req, resp, moasessionID);
+ }
+
+ //authmanager.logout(req, resp);
+ }
+
+ } catch (Throwable e) {
+ e.printStackTrace();
+ // Try handle module specific, if not possible rethrow
+ if (!info.generateErrorMessage(e, req, resp, protocolRequest)) {
+ throw e;
+ }
+ }
+ } catch (WrongParametersException ex) {
+ handleWrongParameters(ex, req, resp);
+ } catch (MOAIDException ex) {
+ handleError(null, ex, req, resp, protocolRequestID);
+ } catch (Throwable e) {
+ handleErrorNoRedirect(e.getMessage(), null, req,
+ resp);
+ }
+
+ finally {
+ ConfigurationDBUtils.closeSession();
+ }
+
+ }
+
+ @Override
+ protected void doGet(HttpServletRequest req, HttpServletResponse resp)
+ throws ServletException, IOException {
+ processRequest(req, resp);
+ }
+
+ @Override
+ protected void doPost(HttpServletRequest req, HttpServletResponse resp)
+ throws ServletException, IOException {
+ processRequest(req, resp);
+ }
+}
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/iaik/config/CertStoreConfigurationImpl.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/iaik/config/CertStoreConfigurationImpl.java
index e1a8673b7..10ff4bfc8 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/iaik/config/CertStoreConfigurationImpl.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/iaik/config/CertStoreConfigurationImpl.java
@@ -58,18 +58,19 @@ public class CertStoreConfigurationImpl extends ObservableImpl
*/
public CertStoreConfigurationImpl(ConfigurationProvider conf) throws ConfigurationException {
this.conf=conf;
- String paramName = ConfigurationProvider.DIRECTORY_CERTSTORE_PARAMETER_PROPERTY;
- String certStoreRootDirParam = conf.getGenericConfigurationParameter(paramName);
+
+ String certStoreRootDirParam = conf.getCertstoreDirectory();
+
if (certStoreRootDirParam == null)
throw new ConfigurationException(
- "config.08", new Object[] {paramName});
+ "config.08", new Object[] {"CertStoreDirectory"});
rootDirectory = FileUtils.makeAbsoluteURL(certStoreRootDirParam, conf.getRootConfigFileDir());
if(rootDirectory.startsWith("file:")) rootDirectory = rootDirectory.substring(6);
File f = new File(rootDirectory);
if (!f.isDirectory())
throw new ConfigurationException(
- "config.05", new Object[] {paramName});
+ "config.05", new Object[] {"CertStoreDirectory"});
parameters = new CertStoreParameters[] { this };
}
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/moduls/AuthenticationManager.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/moduls/AuthenticationManager.java
new file mode 100644
index 000000000..be0132c14
--- /dev/null
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/moduls/AuthenticationManager.java
@@ -0,0 +1,347 @@
+package at.gv.egovernment.moa.id.moduls;
+
+import java.io.IOException;
+import java.io.PrintWriter;
+import java.util.List;
+
+import javax.servlet.ServletException;
+import javax.servlet.http.HttpServletRequest;
+import javax.servlet.http.HttpServletResponse;
+import javax.servlet.http.HttpSession;
+
+import at.gv.egovernment.moa.id.AuthenticationException;
+import at.gv.egovernment.moa.id.BuildException;
+import at.gv.egovernment.moa.id.MOAIDException;
+import at.gv.egovernment.moa.id.auth.WrongParametersException;
+import at.gv.egovernment.moa.id.auth.builder.LoginFormBuilder;
+import at.gv.egovernment.moa.id.auth.builder.SendAssertionFormBuilder;
+import at.gv.egovernment.moa.id.auth.builder.StartAuthenticationBuilder;
+import at.gv.egovernment.moa.id.auth.data.AuthenticationSession;
+import at.gv.egovernment.moa.id.auth.parser.StartAuthentificationParameterParser;
+import at.gv.egovernment.moa.id.auth.servlet.AuthServlet;
+import at.gv.egovernment.moa.id.commons.db.ex.MOADatabaseException;
+import at.gv.egovernment.moa.id.config.OAParameter;
+import at.gv.egovernment.moa.id.config.auth.AuthConfigurationProvider;
+import at.gv.egovernment.moa.id.config.auth.OAAuthParameter;
+import at.gv.egovernment.moa.id.storage.AuthenticationSessionStoreage;
+import at.gv.egovernment.moa.id.util.HTTPSessionUtils;
+import at.gv.egovernment.moa.id.util.ParamValidatorUtils;
+import at.gv.egovernment.moa.logging.Logger;
+import at.gv.egovernment.moa.util.StringUtils;
+
+public class AuthenticationManager extends AuthServlet {
+
+ private static AuthenticationManager instance = null;
+
+ private static final long serialVersionUID = 1L;
+
+ public static final String MOA_SESSION = "MoaAuthenticationSession";
+ public static final String MOA_AUTHENTICATED = "MoaAuthenticated";
+
+
+ public static AuthenticationManager getInstance() {
+ if (instance == null) {
+ instance = new AuthenticationManager();
+ }
+
+ return instance;
+ }
+
+
+// public AuthenticationSession getAuthenticationSession(
+// HttpSession session) {
+// String sessionID = HTTPSessionUtils.getHTTPSessionString(session,
+// MOA_SESSION, null);
+// if (sessionID != null) {
+// try {
+// return AuthenticationSessionStoreage.getSession(sessionID);
+//
+// } catch (MOADatabaseException e) {
+// return null;
+// }
+// }
+// return null;
+// }
+
+// /**
+// * Checks if the session is authenticated
+// *
+// * @param request
+// * @param response
+// * @return
+// */
+// public boolean isAuthenticated(HttpServletRequest request,
+// HttpServletResponse response) {
+// Logger.info("Checking authentication");
+//
+// HttpSession session = request.getSession();
+//
+// String moaSessionID = HTTPSessionUtils.getHTTPSessionString(session, MOA_SESSION, null);
+//
+// if(moaSessionID == null) {
+// Logger.info("NO MOA Session to logout");
+// return false;
+// }
+//
+//// AuthenticationSession authSession;
+//// try {
+//// authSession = AuthenticationSessionStoreage
+//// .getSession(moaSessionID);
+////
+//// } catch (MOADatabaseException e) {
+//// Logger.info("NO MOA Authentication data for ID " + moaSessionID);
+//// return false;
+//// }
+////
+//// if(authSession == null) {
+//// Logger.info("NO MOA Authentication data for ID " + moaSessionID);
+//// return false;
+//// }
+////
+//// return authSession.isAuthenticated();
+//
+// return AuthenticationSessionStoreage.isAuthenticated(moaSessionID);
+// }
+
+ /**
+ * Checks if this request can authenticate a MOA Session
+ *
+ * @param request
+ * @param response
+ * @return
+ */
+ public boolean tryPerformAuthentication(HttpServletRequest request,
+ HttpServletResponse response) {
+
+ HttpSession session = request.getSession();
+
+ String sessionID = (String) request.getParameter(PARAM_SESSIONID);
+ if (sessionID != null) {
+ Logger.info("got MOASession: " + sessionID);
+ AuthenticationSession authSession;
+ try {
+ authSession = AuthenticationSessionStoreage.getSession(sessionID);
+
+
+
+ if (authSession != null) {
+ Logger.info("MOASession found! A: "
+ + authSession.isAuthenticated() + ", AU "
+ + authSession.isAuthenticatedUsed());
+ if (authSession.isAuthenticated()
+ && !authSession.isAuthenticatedUsed()) {
+ authSession.setAuthenticatedUsed(true);
+
+ AuthenticationSessionStoreage.storeSession(authSession);
+
+// HTTPSessionUtils.setHTTPSessionString(session, MOA_SESSION,
+// sessionID);
+ return true; // got authenticated
+ }
+ }
+
+ } catch (MOADatabaseException e) {
+ return false;
+ } catch (BuildException e) {
+ return false;
+ }
+ }
+ return false;
+ }
+
+ public void logout(HttpServletRequest request,
+ HttpServletResponse response, String moaSessionID) {
+ Logger.info("Logout");
+
+ HttpSession session = request.getSession();
+
+ //String moaSessionID = HTTPSessionUtils.getHTTPSessionString(session, MOA_SESSION, null);
+
+ if(moaSessionID == null) {
+ moaSessionID = (String) request.getParameter(PARAM_SESSIONID);
+ }
+
+ if(moaSessionID == null) {
+ Logger.info("NO MOA Session to logout");
+ return;
+ }
+
+ AuthenticationSession authSession;
+ try {
+ authSession = AuthenticationSessionStoreage
+ .getSession(moaSessionID);
+
+ if(authSession == null) {
+ Logger.info("NO MOA Authentication data for ID " + moaSessionID);
+ return;
+ }
+
+ authSession.setAuthenticated(false);
+ //HTTPSessionUtils.setHTTPSessionString(session, MOA_SESSION, null); // remove moa session from HTTP Session
+
+ AuthenticationSessionStoreage.destroySession(moaSessionID);
+
+ //session.invalidate();
+
+ } catch (MOADatabaseException e) {
+ Logger.info("NO MOA Authentication data for ID " + moaSessionID);
+ return;
+ }
+
+ }
+
+ public void doAuthentication(HttpServletRequest request,
+ HttpServletResponse response, IRequest target)
+ throws ServletException, IOException, MOAIDException {
+ Logger.info("Starting authentication ...");
+
+// if (!ParamValidatorUtils.isValidOA(target.getOAURL()))
+// throw new WrongParametersException("StartAuthentication", PARAM_OA,
+// "auth.12");
+//
+// if (target.getOAURL() == null) {
+// throw new WrongParametersException("StartAuthentication", PARAM_OA,
+// "auth.12");
+// }
+
+ setNoCachingHeadersInHttpRespone(request, response);
+
+ List<String> legacyallowed_prot = AuthConfigurationProvider.getInstance().getLegacyAllowedProtocols();
+
+ //is legacy allowed
+ boolean legacyallowed = legacyallowed_prot.contains(target.requestedModule());
+
+ //check legacy request parameter
+ boolean legacyparamavail = ParamValidatorUtils.areAllLegacyParametersAvailable(request);
+
+ AuthenticationSession moasession;
+ try {
+ //check if an MOASession exists and if not create an new MOASession
+ //moasession = getORCreateMOASession(request);
+ moasession = AuthenticationSessionStoreage.createSession();
+
+ } catch (MOADatabaseException e1) {
+ Logger.error("Database Error! MOASession can not be created!");
+ throw new MOAIDException("init.04", new Object[] {});
+ }
+
+
+ if (legacyallowed && legacyparamavail) {
+
+ //parse request parameter into MOASession
+
+ StartAuthentificationParameterParser.parse(request, response, moasession, target);
+
+ Logger.info("Start Authentication Module: " + moasession.getModul()
+ + " Action: " + moasession.getAction());
+
+ //start authentication process
+// session.getServletContext().getNamedDispatcher("StartAuthentication")
+// .forward(request, response);
+
+ StartAuthenticationBuilder startauth = StartAuthenticationBuilder.getInstance();
+
+ String getIdentityLinkForm = startauth.build(moasession, request, response);
+
+ //store MOASession
+ try {
+ AuthenticationSessionStoreage.storeSession(moasession, target.getRequestID());
+ } catch (MOADatabaseException e) {
+ Logger.error("Database Error! MOASession is not stored!");
+ throw new MOAIDException("init.04", new Object[] {
+ moasession.getSessionID()});
+ }
+
+ if (!StringUtils.isEmpty(getIdentityLinkForm)) {
+ response.setContentType("text/html;charset=UTF-8");
+ PrintWriter out = new PrintWriter(response.getOutputStream());
+ out.print(getIdentityLinkForm);
+ out.flush();
+ Logger.debug("Finished GET StartAuthentication");
+ }
+
+ } else {
+ //load Parameters from OnlineApplicationConfiguration
+ OAAuthParameter oaParam = AuthConfigurationProvider.getInstance()
+ .getOnlineApplicationParameter(target.getOAURL());
+
+ if (oaParam == null) {
+ throw new AuthenticationException("auth.00", new Object[] { target.getOAURL() });
+ }
+
+ else {
+
+ //check if an MOASession exists and if not create an new MOASession
+ //moasession = getORCreateMOASession(request);
+
+ //set OnlineApplication configuration in Session
+ moasession.setOAURLRequested(target.getOAURL());
+ moasession.setAction(target.requestedAction());
+ moasession.setModul(target.requestedModule());
+ }
+
+ //Build authentication form
+
+
+ String loginForm = LoginFormBuilder.buildLoginForm(target.requestedModule(),
+ target.requestedAction(), oaParam.getFriendlyName(), request.getContextPath(), oaParam.useIFrame(), moasession.getSessionID());
+
+ //store MOASession
+ try {
+ AuthenticationSessionStoreage.storeSession(moasession, target.getRequestID());
+ } catch (MOADatabaseException e) {
+ Logger.error("Database Error! MOASession is not stored!");
+ throw new MOAIDException("init.04", new Object[] {
+ moasession.getSessionID()});
+ }
+
+ //set MOAIDSession
+ request.getSession().setAttribute(MOA_SESSION, moasession.getSessionID());
+
+ response.setContentType("text/html;charset=UTF-8");
+ PrintWriter out = new PrintWriter(response.getOutputStream());
+ out.print(loginForm);
+ out.flush();
+ }
+ }
+
+ public void sendTransmitAssertionQuestion(HttpServletRequest request,
+ HttpServletResponse response, IRequest target, OAAuthParameter oaParam)
+ throws ServletException, IOException, MOAIDException {
+
+ String form = SendAssertionFormBuilder.buildForm(target.requestedModule(),
+ target.requestedAction(), target.getRequestID(), oaParam.getFriendlyName(), request.getContextPath(), oaParam.useIFrame());
+
+ response.setContentType("text/html;charset=UTF-8");
+ PrintWriter out = new PrintWriter(response.getOutputStream());
+ out.print(form);
+ out.flush();
+ }
+
+
+// private AuthenticationSession getORCreateMOASession(HttpServletRequest request) throws MOAIDException {
+//
+// //String sessionID = request.getParameter(PARAM_SESSIONID);
+// String sessionID = (String) request.getSession().getAttribute(MOA_SESSION);
+// AuthenticationSession moasession;
+//
+// try {
+// moasession = AuthenticationSessionStoreage.getSession(sessionID);
+// Logger.info("Found existing MOASession with sessionID=" + sessionID
+// + ". This session is used for reauthentification.");
+//
+// } catch (MOADatabaseException e) {
+// try {
+// moasession = AuthenticationSessionStoreage.createSession();
+// Logger.info("Create a new MOASession with sessionID=" + moasession.getSessionID() + ".");
+//
+// } catch (MOADatabaseException e1) {
+// Logger.error("Database Error! MOASession are not created.");
+// throw new MOAIDException("init.04", new Object[] {
+// "0"});
+// }
+// }
+//
+// return moasession;
+// }
+}
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/moduls/IAction.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/moduls/IAction.java
new file mode 100644
index 000000000..aa8a8d9a9
--- /dev/null
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/moduls/IAction.java
@@ -0,0 +1,16 @@
+package at.gv.egovernment.moa.id.moduls;
+
+import javax.servlet.http.HttpServletRequest;
+import javax.servlet.http.HttpServletResponse;
+
+import at.gv.egovernment.moa.id.MOAIDException;
+import at.gv.egovernment.moa.id.auth.MOAIDAuthConstants;
+import at.gv.egovernment.moa.id.auth.data.AuthenticationSession;
+
+public interface IAction extends MOAIDAuthConstants {
+ public void processRequest(IRequest req, HttpServletRequest httpReq, HttpServletResponse httpResp, AuthenticationSession moasession)
+ throws MOAIDException;
+ public boolean needAuthentication(IRequest req, HttpServletRequest httpReq, HttpServletResponse httpResp);
+
+ public String getDefaultActionName();
+}
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/moduls/IModulInfo.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/moduls/IModulInfo.java
new file mode 100644
index 000000000..679ccb000
--- /dev/null
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/moduls/IModulInfo.java
@@ -0,0 +1,28 @@
+package at.gv.egovernment.moa.id.moduls;
+
+import javax.servlet.http.HttpServletRequest;
+import javax.servlet.http.HttpServletResponse;
+
+import at.gv.egovernment.moa.id.MOAIDException;
+
+public interface IModulInfo {
+ //public List<ServletInfo> getServlets();
+ public String getName();
+ public String getPath();
+
+ public IAction getAction(String action);
+
+ public IRequest preProcess(HttpServletRequest request,
+ HttpServletResponse response, String action)
+ throws MOAIDException;
+
+ public IAction canHandleRequest(HttpServletRequest request,
+ HttpServletResponse response);
+
+ public boolean generateErrorMessage(Throwable e,
+ HttpServletRequest request, HttpServletResponse response,
+ IRequest protocolRequest) throws Throwable;
+
+ public boolean validate(HttpServletRequest request,
+ HttpServletResponse response, IRequest pending);
+}
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/moduls/IRequest.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/moduls/IRequest.java
new file mode 100644
index 000000000..824b210cf
--- /dev/null
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/moduls/IRequest.java
@@ -0,0 +1,17 @@
+package at.gv.egovernment.moa.id.moduls;
+
+public interface IRequest {
+ public String getOAURL();
+ public boolean isPassiv();
+ public boolean forceAuth();
+ public boolean isSSOSupported();
+ public String requestedModule();
+ public String requestedAction();
+ public void setModule(String module);
+ public void setAction(String action);
+ public String getTarget();
+ public void setRequestID(String id);
+ public String getRequestID();
+
+ //public void setTarget();
+}
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/moduls/ModulStorage.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/moduls/ModulStorage.java
new file mode 100644
index 000000000..2a92f3ce5
--- /dev/null
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/moduls/ModulStorage.java
@@ -0,0 +1,52 @@
+package at.gv.egovernment.moa.id.moduls;
+
+import java.util.ArrayList;
+import java.util.Iterator;
+import java.util.List;
+
+import at.gv.egovernment.moa.logging.Logger;
+
+public class ModulStorage {
+
+ private static final String[] modulClasses = new String[]{
+ "at.gv.egovernment.moa.id.protocols.saml1.SAML1Protocol",
+ "at.gv.egovernment.moa.id.protocols.pvp2x.PVP2XProtocol"
+ };
+
+
+ private static List<IModulInfo> registeredModules = new ArrayList<IModulInfo>();
+
+ public static List<IModulInfo> getAllModules() {
+ return registeredModules;
+ }
+
+ public static IModulInfo getModuleByPath(String modname) {
+ Iterator<IModulInfo> it = registeredModules.iterator();
+ while (it.hasNext()) {
+ IModulInfo info = it.next();
+ if (info.getPath().equals(modname)) {
+ return info;
+ }
+ }
+ return null;
+ }
+
+ static {
+ Logger.info("Loading modules:");
+ for(int i = 0; i < modulClasses.length; i++) {
+ String modulClassName = modulClasses[i];
+ try {
+ @SuppressWarnings("unchecked")
+ Class<IModulInfo> moduleClass = (Class<IModulInfo>)Class.forName(modulClassName);
+ IModulInfo module = moduleClass.newInstance();
+ Logger.info("Loading Modul Information: " + module.getName());
+ registeredModules.add(module);
+ } catch(Throwable e) {
+ Logger.error("Check configuration! " + modulClassName +
+ " is not a valid IModulInfo", e);
+ }
+ }
+ Logger.info("Loading modules done");
+ }
+
+}
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/moduls/ModulUtils.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/moduls/ModulUtils.java
new file mode 100644
index 000000000..b07695938
--- /dev/null
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/moduls/ModulUtils.java
@@ -0,0 +1,24 @@
+package at.gv.egovernment.moa.id.moduls;
+
+import at.gv.egovernment.moa.id.entrypoints.DispatcherServlet;
+
+
+public class ModulUtils {
+
+ public static final String UNAUTHDISPATCHER = "dispatcher";
+ public static final String AUTHDISPATCHER = "dispatcher";
+
+ public static String buildUnauthURL(String modul, String action, String pendingRequestID) {
+ return UNAUTHDISPATCHER + "?" +
+ DispatcherServlet.PARAM_TARGET_MODULE + "=" + modul + "&" +
+ DispatcherServlet.PARAM_TARGET_ACTION + "=" + action + "&" +
+ DispatcherServlet.PARAM_TARGET_PENDINGREQUESTID + "=" + pendingRequestID;
+ }
+
+ public static String buildAuthURL(String modul, String action, String pendingRequestID) {
+ return AUTHDISPATCHER +
+ "?" + DispatcherServlet.PARAM_TARGET_MODULE + "=" + modul + "&" +
+ DispatcherServlet.PARAM_TARGET_ACTION + "=" + action + "&" +
+ DispatcherServlet.PARAM_TARGET_PENDINGREQUESTID + "=" + pendingRequestID;
+ }
+}
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/moduls/NoPassivAuthenticationException.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/moduls/NoPassivAuthenticationException.java
new file mode 100644
index 000000000..286da5a91
--- /dev/null
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/moduls/NoPassivAuthenticationException.java
@@ -0,0 +1,16 @@
+package at.gv.egovernment.moa.id.moduls;
+
+import at.gv.egovernment.moa.id.MOAIDException;
+
+public class NoPassivAuthenticationException extends MOAIDException {
+
+ public NoPassivAuthenticationException() {
+ super("auth.18", null);
+ }
+
+ /**
+ *
+ */
+ private static final long serialVersionUID = 596920452166197688L;
+
+}
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/moduls/RequestImpl.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/moduls/RequestImpl.java
new file mode 100644
index 000000000..d47e8df05
--- /dev/null
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/moduls/RequestImpl.java
@@ -0,0 +1,83 @@
+package at.gv.egovernment.moa.id.moduls;
+
+import java.io.Serializable;
+
+public class RequestImpl implements IRequest, Serializable{
+
+ private static final long serialVersionUID = 1L;
+
+ private String oaURL;
+ private boolean passiv = false;
+ private boolean force = false;
+ private boolean ssosupport = false;
+ private String module = null;
+ private String action = null;
+ private String target = null;
+ private String requestID;
+
+
+ public void setOAURL(String value) {
+ oaURL = value;
+ }
+
+ public String getOAURL() {
+ return oaURL;
+ }
+
+ public boolean isPassiv() {
+ return passiv;
+ }
+
+ public boolean forceAuth() {
+ return force;
+ }
+
+ public void setPassiv(boolean passiv) {
+ this.passiv = passiv;
+ }
+
+ public void setForce(boolean force) {
+ this.force = force;
+ }
+
+ public boolean isSSOSupported() {
+ return ssosupport;
+ }
+
+ public String requestedModule() {
+ return module;
+ }
+
+ public String requestedAction() {
+ return action;
+ }
+
+ public void setSsosupport(boolean ssosupport) {
+ this.ssosupport = ssosupport;
+ }
+
+ public void setModule(String module) {
+ this.module = module;
+ }
+
+ public void setAction(String action) {
+ this.action = action;
+ }
+
+ public String getTarget() {
+ return target;
+ }
+
+ public void setTarget(String target) {
+ this.target = target;
+ }
+
+ public void setRequestID(String id) {
+ this.requestID = id;
+
+ }
+
+ public String getRequestID() {
+ return requestID;
+ }
+}
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/moduls/RequestStorage.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/moduls/RequestStorage.java
new file mode 100644
index 000000000..d33d4693d
--- /dev/null
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/moduls/RequestStorage.java
@@ -0,0 +1,68 @@
+package at.gv.egovernment.moa.id.moduls;
+
+import java.util.List;
+import java.util.Map;
+
+import javax.servlet.http.HttpSession;
+
+import at.gv.egovernment.moa.logging.Logger;
+
+public class RequestStorage {
+
+ private static final String PENDING_REQUEST = "PENDING_REQUEST";
+
+ public static Map<String,IRequest> getPendingRequest(HttpSession session) {
+
+
+ Object obj = session.getAttribute(PENDING_REQUEST);
+ if (obj != null) {
+ synchronized (obj) {
+ if (obj instanceof Map<?,?>) {
+ if (((Map<?,?>) obj).size() > 0) {
+ if ( ((Map<?,?>) obj).keySet().toArray()[0] instanceof String) {
+ if (((Map<?,?>) obj).get(((Map<?,?>) obj).keySet().toArray()[0])
+ instanceof IRequest) {
+ return (Map<String, IRequest>) obj;
+
+
+
+ }
+ }
+ }
+ }
+ }
+ session.setAttribute(PENDING_REQUEST, null);
+ }
+ return null;
+ }
+
+ public static void setPendingRequest(HttpSession session, Map<String, IRequest> request) {
+ session.setAttribute(PENDING_REQUEST, request);
+ }
+
+ public static void removeAllPendingRequests(HttpSession session) {
+
+ Logger.debug(RequestStorage.class.getName()+": Remove all PendingRequests");
+
+ session.setAttribute(PENDING_REQUEST, null);
+ }
+
+ public static void removePendingRequest(Map<String, IRequest> requestmap, String requestID) {
+
+ if (requestmap != null && requestID != null) {
+
+ synchronized (requestmap) {
+
+ //Map<String, IRequest> requestmap = getPendingRequest(session);
+
+ if (requestmap.containsKey(requestID)) {
+ requestmap.remove(requestID);
+ Logger.debug(RequestStorage.class.getName()+": Remove PendingRequest with ID " + requestID);
+
+ }
+
+ //setPendingRequest(session, requestmap);
+ }
+ }
+ }
+}
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/moduls/SSOManager.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/moduls/SSOManager.java
new file mode 100644
index 000000000..18eeae58e
--- /dev/null
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/moduls/SSOManager.java
@@ -0,0 +1,184 @@
+package at.gv.egovernment.moa.id.moduls;
+
+import java.security.NoSuchAlgorithmException;
+import java.security.SecureRandom;
+import java.util.List;
+
+import javax.servlet.http.Cookie;
+import javax.servlet.http.HttpServletRequest;
+import javax.servlet.http.HttpServletResponse;
+
+import org.hibernate.Query;
+import org.hibernate.Session;
+
+import at.gv.egovernment.moa.id.AuthenticationException;
+import at.gv.egovernment.moa.id.commons.db.MOASessionDBUtils;
+import at.gv.egovernment.moa.id.commons.db.dao.session.AuthenticatedSessionStore;
+import at.gv.egovernment.moa.id.commons.db.dao.session.OldSSOSessionIDStore;
+import at.gv.egovernment.moa.id.config.ConfigurationException;
+import at.gv.egovernment.moa.id.config.auth.AuthConfigurationProvider;
+import at.gv.egovernment.moa.id.storage.AuthenticationSessionStoreage;
+import at.gv.egovernment.moa.id.util.HTTPSessionUtils;
+import at.gv.egovernment.moa.id.util.Random;
+import at.gv.egovernment.moa.logging.Logger;
+import at.gv.egovernment.moa.util.MiscUtil;
+
+public class SSOManager {
+
+ private static final String SSOCOOKIE = "MOA_ID_SSO";
+
+ private static final int DEFAULTSSOTIMEOUT = 15*60; //sec
+
+ private static SSOManager instance = null;
+ private static int sso_timeout;
+
+
+ public static SSOManager getInstance() {
+ if (instance == null) {
+ instance = new SSOManager();
+
+ //TODO: move to config based timeout!
+ try {
+ sso_timeout = (int) AuthConfigurationProvider.getInstance().getTimeOuts().getMOASessionUpdated().longValue();
+
+ } catch (ConfigurationException e) {
+ Logger.info("SSO Timeout can not be loaded from MOA-ID configuration. Use default Timeout with " + DEFAULTSSOTIMEOUT);
+ sso_timeout = DEFAULTSSOTIMEOUT;
+ }
+
+ }
+
+ return instance;
+ }
+
+ public boolean isValidSSOSession(String ssoSessionID, HttpServletRequest httpReq) {
+
+ //search SSO Session
+ if (ssoSessionID == null) {
+ Logger.info("No SSO Session cookie found.");
+ return false;
+ }
+
+// String moaSessionId =HTTPSessionUtils.getHTTPSessionString(httpReq.getSession(),
+// AuthenticationManager.MOA_SESSION, null);
+
+ return AuthenticationSessionStoreage.isValidSessionWithSSOID(ssoSessionID, null);
+
+ }
+
+ public String getMOASession(String ssoSessionID) {
+ return AuthenticationSessionStoreage.getMOASessionID(ssoSessionID);
+ }
+
+ public String existsOldSSOSession(String ssoId) {
+
+ Logger.trace("Check that the SSOID has already been used");
+ Session session = MOASessionDBUtils.getCurrentSession();
+
+ List<OldSSOSessionIDStore> result;
+
+ synchronized (session) {
+ session.beginTransaction();
+ Query query = session.getNamedQuery("getSSOSessionWithOldSessionID");
+ query.setString("sessionid", ssoId);
+ result = query.list();
+
+ //send transaction
+
+ }
+
+ Logger.trace("Found entries: " + result.size());
+
+ //Assertion requires an unique artifact
+ if (result.size() == 0) {
+ session.getTransaction().commit();
+ return null;
+ }
+
+ OldSSOSessionIDStore oldSSOSession = result.get(0);
+
+ AuthenticatedSessionStore correspondingMoaSession = oldSSOSession.getMoasession();
+
+ if (correspondingMoaSession == null) {
+ Logger.info("Get request with old SSO SessionID but no corresponding SSO Session is found.");
+ //TODO: ist der OldSSOSessionStore zum Aufräumen?
+ return null;
+ }
+
+
+ String moasessionid = correspondingMoaSession.getSessionid();
+
+ session.getTransaction().commit();
+
+ return moasessionid;
+
+ }
+
+ public String storeSSOSessionInformations(String moaSessionID, String OAUrl) {
+
+ String newSSOId = Random.nextRandom();
+
+ System.out.println("generate new SSO Tokken (" + newSSOId + ")");
+
+ if (MiscUtil.isEmpty(moaSessionID) || MiscUtil.isEmpty(OAUrl)) {
+ Logger.warn("MoaSessionID or OAUrl are empty -> SSO is not enabled!");
+ return null;
+ }
+
+ try {
+ AuthenticationSessionStoreage.addSSOInformation(moaSessionID, newSSOId, OAUrl);
+
+ return newSSOId;
+
+ } catch (AuthenticationException e) {
+ Logger.warn("SSO Session information can not be stored -> SSO is not enabled!");
+ return null;
+ }
+ }
+
+
+ public void setSSOSessionID(HttpServletRequest httpReq, HttpServletResponse httpResp, String ssoId) {
+ Cookie[] cookies = httpReq.getCookies();
+
+ if (cookies != null) {
+ deleteSSOSessionID(httpReq, httpResp);
+ }
+
+ Cookie cookie = new Cookie(SSOCOOKIE, ssoId);
+ cookie.setMaxAge(sso_timeout);
+ cookie.setSecure(true);
+ cookie.setPath(httpReq.getContextPath());
+ httpResp.addCookie(cookie);
+ }
+
+
+
+ public String getSSOSessionID(HttpServletRequest httpReq) {
+ Cookie[] cookies = httpReq.getCookies();
+
+ if (cookies != null) {
+ for (Cookie cookie : cookies) {
+
+ //TODO: funktioniert nicht, da Cookie seltsamerweise immer unsecure übertragen wird (firefox)
+ //if (cookie.getName().equals(SSOCOOKIE) && cookie.getSecure()) {
+
+ if (cookie.getName().equals(SSOCOOKIE)) {
+ return cookie.getValue();
+ }
+ }
+ }
+ return null;
+ }
+
+ public void deleteSSOSessionID(HttpServletRequest httpReq, HttpServletResponse httpResp) {
+ Cookie[] cookies = httpReq.getCookies();
+
+ if (cookies != null) {
+ for (Cookie cookie : cookies) {
+ if (!cookie.getName().equals(SSOCOOKIE))
+ httpResp.addCookie(cookie);
+ }
+ }
+ }
+}
+
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/moduls/ServletInfo.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/moduls/ServletInfo.java
new file mode 100644
index 000000000..0181233d5
--- /dev/null
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/moduls/ServletInfo.java
@@ -0,0 +1,31 @@
+package at.gv.egovernment.moa.id.moduls;
+
+import javax.servlet.http.HttpServlet;
+
+
+public class ServletInfo {
+ Class<? extends HttpServlet> servletClass;
+ String servletTarget;
+ ServletType type;
+
+ public ServletInfo(Class<? extends HttpServlet> servletClass,
+ String servletTarget, ServletType type) {
+ super();
+ this.servletClass = servletClass;
+ this.servletTarget = servletTarget;
+ this.type = type;
+ }
+
+ public HttpServlet getServletInstance()
+ throws InstantiationException, IllegalAccessException {
+ return servletClass.newInstance();
+ }
+
+ public String getTarget() {
+ return servletTarget;
+ }
+
+ public ServletType getType() {
+ return type;
+ }
+}
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/moduls/ServletType.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/moduls/ServletType.java
new file mode 100644
index 000000000..50b1702f8
--- /dev/null
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/moduls/ServletType.java
@@ -0,0 +1,5 @@
+package at.gv.egovernment.moa.id.moduls;
+
+public enum ServletType {
+ UNAUTH, AUTH, NONE
+}
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/AuthenticationAction.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/AuthenticationAction.java
new file mode 100644
index 000000000..59a5158bd
--- /dev/null
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/AuthenticationAction.java
@@ -0,0 +1,31 @@
+package at.gv.egovernment.moa.id.protocols.pvp2x;
+
+import javax.servlet.http.HttpServletRequest;
+import javax.servlet.http.HttpServletResponse;
+
+import at.gv.egovernment.moa.id.MOAIDException;
+import at.gv.egovernment.moa.id.auth.data.AuthenticationSession;
+import at.gv.egovernment.moa.id.moduls.IAction;
+import at.gv.egovernment.moa.id.moduls.IRequest;
+import at.gv.egovernment.moa.id.protocols.pvp2x.requestHandler.RequestManager;
+
+public class AuthenticationAction implements IAction {
+
+ public void processRequest(IRequest req, HttpServletRequest httpReq,
+ HttpServletResponse httpResp, AuthenticationSession moasession) throws MOAIDException {
+
+ System.out.println("Process PVP2 auth request!");
+ PVPTargetConfiguration pvpRequest = (PVPTargetConfiguration) req;
+ RequestManager.getInstance().handle(pvpRequest.request, httpReq, httpResp, moasession);
+ }
+
+ public boolean needAuthentication(IRequest req, HttpServletRequest httpReq,
+ HttpServletResponse httpResp) {
+ return true;
+ }
+
+ public String getDefaultActionName() {
+ return (PVP2XProtocol.REDIRECT);
+ }
+
+}
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/ExternalPVPSessionStore.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/ExternalPVPSessionStore.java
new file mode 100644
index 000000000..1e3c6145f
--- /dev/null
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/ExternalPVPSessionStore.java
@@ -0,0 +1,28 @@
+package at.gv.egovernment.moa.id.protocols.pvp2x;
+
+import java.util.HashMap;
+import java.util.Map;
+
+import org.opensaml.saml2.metadata.SPSSODescriptor;
+import org.opensaml.xml.io.MarshallingException;
+
+public class ExternalPVPSessionStore {
+
+ private Map<String, SPSSODescriptor> externalSessions = new HashMap<String, SPSSODescriptor>();
+
+ public boolean contains(String sessionID) {
+ return externalSessions.containsKey(sessionID);
+ }
+
+ public void put(String sessionID, SPSSODescriptor sso) throws MarshallingException {
+ externalSessions.put(sessionID, sso);
+ }
+
+ public SPSSODescriptor get(String sessionID) {
+ return externalSessions.get(sessionID);
+ }
+
+ public void remove(String sessionID) {
+ externalSessions.remove(sessionID);
+ }
+}
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/MetadataAction.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/MetadataAction.java
new file mode 100644
index 000000000..3d0fd80bd
--- /dev/null
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/MetadataAction.java
@@ -0,0 +1,209 @@
+package at.gv.egovernment.moa.id.protocols.pvp2x;
+
+import java.io.StringWriter;
+import java.util.List;
+
+import javax.servlet.http.HttpServletRequest;
+import javax.servlet.http.HttpServletResponse;
+import javax.xml.parsers.DocumentBuilder;
+import javax.xml.parsers.DocumentBuilderFactory;
+import javax.xml.transform.Transformer;
+import javax.xml.transform.TransformerFactory;
+import javax.xml.transform.dom.DOMSource;
+import javax.xml.transform.stream.StreamResult;
+
+import org.joda.time.DateTime;
+import org.opensaml.Configuration;
+import org.opensaml.common.xml.SAMLConstants;
+import org.opensaml.saml2.core.NameIDType;
+import org.opensaml.saml2.metadata.ContactPerson;
+import org.opensaml.saml2.metadata.EntitiesDescriptor;
+import org.opensaml.saml2.metadata.EntityDescriptor;
+import org.opensaml.saml2.metadata.IDPSSODescriptor;
+import org.opensaml.saml2.metadata.KeyDescriptor;
+import org.opensaml.saml2.metadata.NameIDFormat;
+import org.opensaml.saml2.metadata.SingleSignOnService;
+import org.opensaml.xml.io.Marshaller;
+import org.opensaml.xml.security.credential.Credential;
+import org.opensaml.xml.security.credential.UsageType;
+import org.opensaml.xml.security.keyinfo.KeyInfoGenerator;
+import org.opensaml.xml.security.x509.X509KeyInfoGeneratorFactory;
+import org.opensaml.xml.signature.Signature;
+import org.opensaml.xml.signature.Signer;
+import org.w3c.dom.Document;
+
+import at.gv.egovernment.moa.id.MOAIDException;
+import at.gv.egovernment.moa.id.auth.data.AuthenticationSession;
+import at.gv.egovernment.moa.id.moduls.IAction;
+import at.gv.egovernment.moa.id.moduls.IRequest;
+import at.gv.egovernment.moa.id.protocols.pvp2x.builder.PVPAttributeBuilder;
+import at.gv.egovernment.moa.id.protocols.pvp2x.config.PVPConfiguration;
+import at.gv.egovernment.moa.id.protocols.pvp2x.signer.CredentialProvider;
+import at.gv.egovernment.moa.id.protocols.pvp2x.utils.SAML2Utils;
+import at.gv.egovernment.moa.logging.Logger;
+
+public class MetadataAction implements IAction {
+
+ public void processRequest(IRequest req, HttpServletRequest httpReq,
+ HttpServletResponse httpResp, AuthenticationSession moasession) throws MOAIDException {
+ try {
+
+ EntitiesDescriptor idpEntitiesDescriptor =
+ SAML2Utils.createSAMLObject(EntitiesDescriptor.class);
+
+ idpEntitiesDescriptor.setName(PVPConfiguration.getInstance().getIDPIssuerName());
+
+ idpEntitiesDescriptor.setID(SAML2Utils.getSecureIdentifier());
+
+ idpEntitiesDescriptor.setValidUntil(new DateTime().plusWeeks(4));
+
+ EntityDescriptor idpEntityDescriptor = SAML2Utils
+ .createSAMLObject(EntityDescriptor.class);
+
+ idpEntitiesDescriptor.getEntityDescriptors().add(idpEntityDescriptor);
+
+ idpEntityDescriptor
+ .setEntityID(PVPConfiguration.getInstance().getIDPPublicPath());
+
+ List<ContactPerson> persons = PVPConfiguration.getInstance()
+ .getIDPContacts();
+
+ idpEntityDescriptor.getContactPersons().addAll(persons);
+
+ idpEntityDescriptor.setOrganization(PVPConfiguration.getInstance()
+ .getIDPOrganisation());
+
+ X509KeyInfoGeneratorFactory keyInfoFactory = new X509KeyInfoGeneratorFactory();
+ keyInfoFactory.setEmitPublicKeyValue(true);
+ keyInfoFactory.setEmitEntityIDAsKeyName(true);
+ keyInfoFactory.setEmitEntityCertificate(true);
+ KeyInfoGenerator keyInfoGenerator = keyInfoFactory.newInstance();
+
+ Credential credential = CredentialProvider
+ .getIDPSigningCredential();
+
+ KeyDescriptor signKeyDescriptor = SAML2Utils
+ .createSAMLObject(KeyDescriptor.class);
+ signKeyDescriptor.setUse(UsageType.SIGNING);
+ signKeyDescriptor.setKeyInfo(keyInfoGenerator.generate(credential));
+
+ Signature signature = CredentialProvider
+ .getIDPSignature(credential);
+
+ idpEntitiesDescriptor.setSignature(signature);
+
+ IDPSSODescriptor idpSSODescriptor = SAML2Utils
+ .createSAMLObject(IDPSSODescriptor.class);
+
+ idpSSODescriptor.addSupportedProtocol(SAMLConstants.SAML20P_NS);
+
+ idpSSODescriptor.setWantAuthnRequestsSigned(true);
+
+ if (PVPConfiguration.getInstance().getIDPSSOPostService() != null) {
+ SingleSignOnService postSingleSignOnService = SAML2Utils
+ .createSAMLObject(SingleSignOnService.class);
+
+ postSingleSignOnService.setLocation(PVPConfiguration
+ .getInstance().getIDPSSOPostService());
+ postSingleSignOnService
+ .setBinding(SAMLConstants.SAML2_POST_BINDING_URI);
+
+ idpSSODescriptor.getSingleSignOnServices().add(
+ postSingleSignOnService);
+ }
+
+ if (PVPConfiguration.getInstance().getIDPSSORedirectService() != null) {
+ SingleSignOnService redirectSingleSignOnService = SAML2Utils
+ .createSAMLObject(SingleSignOnService.class);
+
+ redirectSingleSignOnService.setLocation(PVPConfiguration
+ .getInstance().getIDPSSORedirectService());
+ redirectSingleSignOnService
+ .setBinding(SAMLConstants.SAML2_REDIRECT_BINDING_URI);
+
+ idpSSODescriptor.getSingleSignOnServices().add(
+ redirectSingleSignOnService);
+ }
+
+ /*if (PVPConfiguration.getInstance().getIDPResolveSOAPService() != null) {
+ ArtifactResolutionService artifactResolutionService = SAML2Utils
+ .createSAMLObject(ArtifactResolutionService.class);
+
+ artifactResolutionService
+ .setBinding(SAMLConstants.SAML2_SOAP11_BINDING_URI);
+ artifactResolutionService.setLocation(PVPConfiguration
+ .getInstance().getIDPResolveSOAPService());
+
+ artifactResolutionService.setIndex(0);
+
+ idpSSODescriptor.getArtifactResolutionServices().add(
+ artifactResolutionService);
+ }*/
+
+ idpSSODescriptor.getKeyDescriptors().add(signKeyDescriptor);
+
+ idpSSODescriptor.getAttributes().addAll(PVPAttributeBuilder.buildSupportedEmptyAttributes());
+
+ NameIDFormat persistenNameIDFormat = SAML2Utils.createSAMLObject(NameIDFormat.class);
+ persistenNameIDFormat.setFormat(NameIDType.PERSISTENT);
+
+ idpSSODescriptor.getNameIDFormats().add(persistenNameIDFormat);
+
+ NameIDFormat transientNameIDFormat = SAML2Utils.createSAMLObject(NameIDFormat.class);
+ transientNameIDFormat.setFormat(NameIDType.TRANSIENT);
+
+ idpSSODescriptor.getNameIDFormats().add(transientNameIDFormat);
+
+ NameIDFormat unspecifiedNameIDFormat = SAML2Utils.createSAMLObject(NameIDFormat.class);
+ unspecifiedNameIDFormat.setFormat(NameIDType.UNSPECIFIED);
+
+ idpSSODescriptor.getNameIDFormats().add(unspecifiedNameIDFormat);
+
+ idpEntityDescriptor.getRoleDescriptors().add(idpSSODescriptor);
+
+ DocumentBuilder builder;
+ DocumentBuilderFactory factory = DocumentBuilderFactory
+ .newInstance();
+
+ builder = factory.newDocumentBuilder();
+ Document document = builder.newDocument();
+ Marshaller out = Configuration.getMarshallerFactory()
+ .getMarshaller(idpEntitiesDescriptor);
+ out.marshall(idpEntitiesDescriptor, document);
+
+ Signer.signObject(signature);
+
+ Transformer transformer = TransformerFactory.newInstance()
+ .newTransformer();
+
+ StringWriter sw = new StringWriter();
+ StreamResult sr = new StreamResult(sw);
+ DOMSource source = new DOMSource(document);
+ transformer.transform(source, sr);
+ sw.close();
+
+ String metadataXML = sw.toString();
+
+ System.out.println("METADATA: " + metadataXML);
+
+ httpResp.setContentType("text/xml");
+ httpResp.getOutputStream().write(metadataXML.getBytes());
+
+ httpResp.getOutputStream().close();
+
+ } catch (Exception e) {
+ Logger.error("Failed to generate metadata", e);
+ throw new MOAIDException("pvp2.13", null);
+ }
+ }
+
+ public boolean needAuthentication(IRequest req, HttpServletRequest httpReq,
+ HttpServletResponse httpResp) {
+ return false;
+ }
+
+ public String getDefaultActionName() {
+ return (PVP2XProtocol.METADATA);
+ }
+
+}
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/PVP2XProtocol.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/PVP2XProtocol.java
new file mode 100644
index 000000000..6055484f7
--- /dev/null
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/PVP2XProtocol.java
@@ -0,0 +1,302 @@
+package at.gv.egovernment.moa.id.protocols.pvp2x;
+
+import iaik.pkcs.pkcs11.objects.Object;
+
+import java.util.ArrayList;
+import java.util.HashMap;
+import java.util.Iterator;
+import java.util.List;
+
+import javax.servlet.http.HttpServletRequest;
+import javax.servlet.http.HttpServletResponse;
+
+import org.apache.commons.lang.StringEscapeUtils;
+import org.opensaml.DefaultBootstrap;
+import org.opensaml.common.xml.SAMLConstants;
+import org.opensaml.saml2.core.AuthnRequest;
+import org.opensaml.saml2.core.RequestAbstractType;
+import org.opensaml.saml2.core.Response;
+import org.opensaml.saml2.core.Status;
+import org.opensaml.saml2.core.StatusCode;
+import org.opensaml.saml2.core.StatusMessage;
+import org.opensaml.saml2.metadata.AssertionConsumerService;
+import org.opensaml.saml2.metadata.AttributeConsumingService;
+import org.opensaml.saml2.metadata.EntityDescriptor;
+import org.opensaml.saml2.metadata.SPSSODescriptor;
+import org.opensaml.xml.ConfigurationException;
+
+import at.gv.egovernment.moa.id.MOAIDException;
+import at.gv.egovernment.moa.id.auth.MOAIDAuthConstants;
+import at.gv.egovernment.moa.id.auth.WrongParametersException;
+import at.gv.egovernment.moa.id.moduls.IAction;
+import at.gv.egovernment.moa.id.moduls.IModulInfo;
+import at.gv.egovernment.moa.id.moduls.IRequest;
+import at.gv.egovernment.moa.id.moduls.NoPassivAuthenticationException;
+import at.gv.egovernment.moa.id.moduls.ServletInfo;
+import at.gv.egovernment.moa.id.moduls.ServletType;
+import at.gv.egovernment.moa.id.protocols.pvp2x.binding.IDecoder;
+import at.gv.egovernment.moa.id.protocols.pvp2x.binding.IEncoder;
+import at.gv.egovernment.moa.id.protocols.pvp2x.binding.MOARequest;
+import at.gv.egovernment.moa.id.protocols.pvp2x.binding.PostBinding;
+import at.gv.egovernment.moa.id.protocols.pvp2x.binding.RedirectBinding;
+import at.gv.egovernment.moa.id.protocols.pvp2x.config.PVPConfiguration;
+import at.gv.egovernment.moa.id.protocols.pvp2x.exceptions.MandateAttributesNotHandleAbleException;
+import at.gv.egovernment.moa.id.protocols.pvp2x.exceptions.NoMetadataInformationException;
+import at.gv.egovernment.moa.id.protocols.pvp2x.exceptions.PVP2Exception;
+import at.gv.egovernment.moa.id.protocols.pvp2x.utils.CheckMandateAttributes;
+import at.gv.egovernment.moa.id.protocols.pvp2x.utils.SAML2Utils;
+import at.gv.egovernment.moa.id.protocols.pvp2x.verification.SAMLVerificationEngine;
+import at.gv.egovernment.moa.id.protocols.pvp2x.verification.TrustEngineFactory;
+import at.gv.egovernment.moa.id.util.ParamValidatorUtils;
+import at.gv.egovernment.moa.id.util.VelocityLogAdapter;
+
+public class PVP2XProtocol implements IModulInfo, MOAIDAuthConstants {
+
+ public static final String NAME = PVP2XProtocol.class.getName();
+ public static final String PATH = "id_pvp2x";
+
+ public static final String REDIRECT = "Redirect";
+ public static final String POST = "Post";
+ public static final String SOAP = "Soap";
+ public static final String METADATA = "Metadata";
+
+ private static List<ServletInfo> servletList = new ArrayList<ServletInfo>();
+
+ private static List<IDecoder> decoder = new ArrayList<IDecoder>();
+
+ private static HashMap<String, IAction> actions = new HashMap<String, IAction>();
+
+ static {
+ servletList.add(new ServletInfo(PVPProcessor.class, REDIRECT,
+ ServletType.AUTH));
+ servletList.add(new ServletInfo(PVPProcessor.class, POST,
+ ServletType.AUTH));
+
+ decoder.add(new PostBinding());
+ decoder.add(new RedirectBinding());
+
+ actions.put(REDIRECT, new AuthenticationAction());
+ actions.put(POST, new AuthenticationAction());
+ actions.put(METADATA, new MetadataAction());
+
+ instance = new PVP2XProtocol();
+
+ new VelocityLogAdapter();
+ }
+
+ private static PVP2XProtocol instance = null;
+
+ public static PVP2XProtocol getInstance() {
+ if (instance == null) {
+ instance = new PVP2XProtocol();
+ }
+ return instance;
+ }
+
+ public List<ServletInfo> getServlets() {
+ return servletList;
+ }
+
+ public String getName() {
+ return NAME;
+ }
+
+ public String getPath() {
+ return PATH;
+ }
+
+ private IDecoder findDecoder(String action, HttpServletRequest req) {
+ Iterator<IDecoder> decoderIT = decoder.iterator();
+ while (decoderIT.hasNext()) {
+ IDecoder decoder = decoderIT.next();
+ if (decoder.handleDecode(action, req)) {
+ return decoder;
+ }
+ }
+
+ return null;
+ }
+
+ public PVP2XProtocol() {
+ super();
+ }
+
+ public IRequest preProcess(HttpServletRequest request,
+ HttpServletResponse response, String action) throws MOAIDException {
+
+ if(METADATA.equals(action)) {
+ return new PVPTargetConfiguration();
+ }
+
+ IDecoder decoder = findDecoder(action, request);
+ if (decoder == null) {
+ return null;
+ }
+ try {
+ PVPTargetConfiguration config = new PVPTargetConfiguration();
+
+
+ MOARequest moaRequest = decoder.decodeRequest(request, response);
+
+ RequestAbstractType samlReq = moaRequest.getSamlRequest();
+
+ //String xml = PrettyPrinter.prettyPrint(SAML2Utils.asDOMDocument(samlReq));
+
+ //Logger.info("SAML : " + xml);
+
+ if(!moaRequest.isVerified()) {
+ SAMLVerificationEngine engine = new SAMLVerificationEngine();
+ engine.verifyRequest(samlReq, TrustEngineFactory.getSignatureKnownKeysTrustEngine());
+ moaRequest.setVerified(true);
+ }
+
+ if(!(samlReq instanceof AuthnRequest)) {
+ throw new MOAIDException("Unsupported request", new Object[] {});
+ }
+
+ AuthnRequest authnRequest = (AuthnRequest)samlReq;
+
+ Integer aIdx = authnRequest.getAssertionConsumerServiceIndex();
+ int assertionidx = 0;
+
+ if(aIdx != null) {
+ assertionidx = aIdx.intValue();
+ }
+
+ aIdx = authnRequest.getAttributeConsumingServiceIndex();
+ int attributeIdx = 0;
+
+ if(aIdx != null) {
+ attributeIdx = aIdx.intValue();
+ }
+
+ EntityDescriptor metadata = moaRequest.getEntityMetadata();
+ if(metadata == null) {
+ throw new NoMetadataInformationException();
+ }
+ SPSSODescriptor spSSODescriptor = metadata.getSPSSODescriptor(SAMLConstants.SAML20P_NS);
+ AssertionConsumerService consumerService = spSSODescriptor.getAssertionConsumerServices().get(assertionidx);
+ AttributeConsumingService attributeConsumer = spSSODescriptor.getAttributeConsumingServices().get(attributeIdx);
+
+ //TODO: maybe change to getEntityID()
+ //String oaURL = consumerService.getLocation();
+ String oaURL = moaRequest.getEntityMetadata().getEntityID();
+ String binding = consumerService.getBinding();
+ String entityID = moaRequest.getEntityMetadata().getEntityID();
+
+ //String oaURL = (String) request.getParameter(PARAM_OA);
+ oaURL = StringEscapeUtils.escapeHtml(oaURL);
+// if (!ParamValidatorUtils.isValidOA(oaURL))
+// throw new WrongParametersException("StartAuthentication",
+// PARAM_OA, "auth.12");
+
+ config.setOAURL(oaURL);
+ config.setBinding(binding);
+ config.setRequest(moaRequest);
+ config.setConsumerURL(consumerService.getLocation());
+
+ //TODO: set correct target;
+ config.setTarget(PVPConfiguration.getInstance().getTargetForSP(entityID));
+
+ String useMandate = request.getParameter(PARAM_USEMANDATE);
+ if(useMandate != null) {
+ if(useMandate.equals("true")) {
+ if(!CheckMandateAttributes.canHandleMandate(attributeConsumer)) {
+ throw new MandateAttributesNotHandleAbleException();
+ }
+ }
+ }
+
+ request.getSession().setAttribute(PARAM_OA, oaURL);
+
+ return config;
+ } catch (Exception e) {
+ e.printStackTrace();
+ throw new MOAIDException(e.getMessage(), new Object[] {});
+ }
+ }
+
+ public boolean generateErrorMessage(Throwable e,
+ HttpServletRequest request, HttpServletResponse response,
+ IRequest protocolRequest) throws Throwable {
+
+ if(protocolRequest == null) {
+ throw e;
+ }
+
+ if(!(protocolRequest instanceof PVPTargetConfiguration) ) {
+ throw e;
+ }
+ PVPTargetConfiguration pvpRequest = (PVPTargetConfiguration)protocolRequest;
+
+ Response samlResponse =
+ SAML2Utils.createSAMLObject(Response.class);
+ Status status = SAML2Utils.createSAMLObject(Status.class);
+ StatusCode statusCode = SAML2Utils.createSAMLObject(StatusCode.class);
+ StatusMessage statusMessage = SAML2Utils.createSAMLObject(StatusMessage.class);
+ if(e instanceof NoPassivAuthenticationException) {
+ statusCode.setValue(StatusCode.NO_PASSIVE_URI);
+ statusMessage.setMessage(e.getLocalizedMessage());
+ } else if(e instanceof PVP2Exception) {
+ PVP2Exception ex = (PVP2Exception) e;
+ statusCode.setValue(ex.getStatusCodeValue());
+ String statusMessageValue = ex.getStatusMessageValue();
+ if(statusMessageValue != null) {
+ statusMessage.setMessage(statusMessageValue);
+ }
+ } else {
+ statusCode.setValue(StatusCode.RESPONDER_URI);
+ statusMessage.setMessage(e.getLocalizedMessage());
+ }
+
+ status.setStatusCode(statusCode);
+ if(statusMessage.getMessage() != null) {
+ status.setStatusMessage(statusMessage);
+ }
+ samlResponse.setStatus(status);
+
+ IEncoder encoder = null;
+
+ if(pvpRequest.getBinding().equals(SAMLConstants.SAML2_REDIRECT_BINDING_URI)) {
+ encoder = new RedirectBinding();
+ } else if(pvpRequest.getBinding().equals(SAMLConstants.SAML2_ARTIFACT_BINDING_URI)) {
+ // TODO: not supported YET!!
+ //binding = new ArtifactBinding();
+ } else if(pvpRequest.getBinding().equals(SAMLConstants.SAML2_POST_BINDING_URI)) {
+ encoder = new PostBinding();
+ }
+
+ if(encoder == null) {
+ // default to redirect binding
+ encoder = new RedirectBinding();
+ }
+
+ encoder.encodeRespone(request, response, samlResponse, pvpRequest.getConsumerURL());
+ return true;
+ }
+
+ public IAction getAction(String action) {
+ return actions.get(action);
+ }
+
+ public IAction canHandleRequest(HttpServletRequest request,
+ HttpServletResponse response) {
+ if(request.getParameter("SAMLRequest") != null && request.getMethod().equals("GET")) {
+ return getAction(REDIRECT);
+ } else if(request.getParameter("SAMLRequest") != null && request.getMethod().equals("POST")) {
+ return getAction(POST);
+ }
+
+ if(METADATA.equals(request.getParameter("action"))) {
+ return getAction(METADATA);
+ }
+ return null;
+ }
+
+ public boolean validate(HttpServletRequest request,
+ HttpServletResponse response, IRequest pending) {
+ // TODO implement validation!
+ return true;
+ }
+
+}
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/PVPAssertionStorage.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/PVPAssertionStorage.java
new file mode 100644
index 000000000..2e2f75b94
--- /dev/null
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/PVPAssertionStorage.java
@@ -0,0 +1,60 @@
+package at.gv.egovernment.moa.id.protocols.pvp2x;
+
+import org.opensaml.common.SAMLObject;
+import org.opensaml.common.binding.artifact.SAMLArtifactMap;
+import org.opensaml.xml.io.MarshallingException;
+
+import at.gv.egovernment.moa.id.commons.db.ex.MOADatabaseException;
+import at.gv.egovernment.moa.id.protocols.pvp2x.utils.StoredAssertion;
+import at.gv.egovernment.moa.id.storage.AssertionStorage;
+
+public class PVPAssertionStorage implements SAMLArtifactMap {
+
+ private static PVPAssertionStorage instance = null;
+
+ public static PVPAssertionStorage getInstance() {
+ if(instance == null) {
+ instance = new PVPAssertionStorage();
+ }
+ return instance;
+ }
+
+ //private Map<String, SAMLArtifactMapEntry> assertions = new HashMap<String, SAMLArtifactMapEntry>();
+ private AssertionStorage assertions = AssertionStorage.getInstance();
+
+ public boolean contains(String artifact) {
+ return assertions.containsKey(artifact);
+ }
+
+ public void put(String artifact, String relyingPartyId, String issuerId,
+ SAMLObject samlMessage) throws MarshallingException {
+ SAMLArtifactMapEntry assertion = new StoredAssertion(artifact,
+ relyingPartyId,
+ issuerId,
+ samlMessage);
+
+ try {
+ assertions.put(artifact, assertion);
+
+ } catch (MOADatabaseException e) {
+ // TODO Insert Error Handling, if Assertion could not be stored
+ throw new MarshallingException("Assertion are not stored in Database.",e);
+ }
+ }
+
+ public SAMLArtifactMapEntry get(String artifact) {
+ try {
+ return assertions.get(artifact, SAMLArtifactMapEntry.class);
+
+ } catch (MOADatabaseException e) {
+ // TODO Insert Error Handling, if Assertion could not be read
+ e.printStackTrace();
+ return null;
+ }
+ }
+
+ public void remove(String artifact) {
+ assertions.remove(artifact);
+ }
+
+}
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/PVPConstants.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/PVPConstants.java
new file mode 100644
index 000000000..e8b661362
--- /dev/null
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/PVPConstants.java
@@ -0,0 +1,236 @@
+package at.gv.egovernment.moa.id.protocols.pvp2x;
+
+public interface PVPConstants {
+
+ public static final String STORK_QAA_1_1 = "http://www.stork.gov.eu/1.0/citizenQAALevel/1";
+ public static final String STORK_QAA_1_2 = "http://www.stork.gov.eu/1.0/citizenQAALevel/2";
+ public static final String STORK_QAA_1_3 = "http://www.stork.gov.eu/1.0/citizenQAALevel/3";
+ public static final String STORK_QAA_1_4 = "http://www.stork.gov.eu/1.0/citizenQAALevel/4";
+
+ public static final String URN_OID_PREFIX = "urn:oid:";
+
+ public static final String PVP_VERSION_OID = "1.2.40.0.10.2.1.1.261.10";
+ public static final String PVP_VERSION_NAME = URN_OID_PREFIX + PVP_VERSION_OID;
+ public static final String PVP_VERSION_FRIENDLY_NAME = "PVP-VERSION";
+ public static final String PVP_VERSION_2_1 = "2.1";
+
+ public static final String SECCLASS_FRIENDLY_NAME = "SECCLASS";
+
+ public static final String PRINCIPAL_NAME_OID = "1.2.40.0.10.2.1.1.261.20";
+ public static final String PRINCIPAL_NAME_NAME = URN_OID_PREFIX + PRINCIPAL_NAME_OID;
+ public static final String PRINCIPAL_NAME_FRIENDLY_NAME = "PRINCIPAL-NAME";
+ public static final int PRINCIPAL_NAME_MAX_LENGTH = 128;
+
+ public static final String GIVEN_NAME_OID = "2.5.4.42";
+ public static final String GIVEN_NAME_NAME = URN_OID_PREFIX + GIVEN_NAME_OID;
+ public static final String GIVEN_NAME_FRIENDLY_NAME = "GIVEN-NAME";
+ public static final int GIVEN_NAME_MAX_LENGTH = 128;
+
+ public static final String BIRTHDATE_OID = "1.2.40.0.10.2.1.1.55";
+ public static final String BIRTHDATE_NAME = URN_OID_PREFIX + BIRTHDATE_OID;
+ public static final String BIRTHDATE_FRIENDLY_NAME = "BIRTHDATE";
+ public static final String BIRTHDATE_FORMAT_PATTERN = "yyyy-MM-dd";
+
+ public static final String USERID_OID = "0.9.2342.19200300.100.1.1";
+ public static final String USERID_NAME = URN_OID_PREFIX + USERID_OID;
+ public static final String USERID_FRIENDLY_NAME = "USERID";
+ public static final int USERID_MAX_LENGTH = 128;
+
+ public static final String GID_OID = "1.2.40.0.10.2.1.1.1";
+ public static final String GID_NAME = URN_OID_PREFIX + GID_OID;
+ public static final String GID_FRIENDLY_NAME = "GID";
+ public static final int GID_MAX_LENGTH = 128;
+
+ public static final String BPK_OID = "1.2.40.0.10.2.1.1.149";
+ public static final String BPK_NAME = URN_OID_PREFIX + BPK_OID;
+ public static final String BPK_FRIENDLY_NAME = "BPK";
+ public static final int BPK_MAX_LENGTH = 1024;
+
+ public static final String ENC_BPK_LIST_OID = "1.2.40.0.10.2.1.1.261.22";
+ public static final String ENC_BPK_LIST_NAME = URN_OID_PREFIX+ENC_BPK_LIST_OID;
+ public static final String ENC_BPK_LIST_FRIENDLY_NAME = "ENC-BPK-LIST";
+ public static final int ENC_BPK_LIST_MAX_LENGTH = 32767;
+
+ public static final String MAIL_OID = "0.9.2342.19200300.100.1.3";
+ public static final String MAIL_NAME = URN_OID_PREFIX + MAIL_OID;
+ public static final String MAIL_FRIENDLY_NAME = "MAIL";
+ public static final int MAIL_MAX_LENGTH = 128;
+
+ public static final String TEL_OID = "2.5.4.20";
+ public static final String TEL_NAME = URN_OID_PREFIX + TEL_OID;
+ public static final String TEL_FRIENDLY_NAME = "TEL";
+ public static final int TEL_MAX_LENGTH = 32;
+
+ public static final String PARTICIPANT_ID_OID = "1.2.40.0.10.2.1.1.71";
+ public static final String PARTICIPANT_ID_NAME = URN_OID_PREFIX + PARTICIPANT_ID_OID;
+ public static final String PARTICIPANT_ID_FRIENDLY_NAME = "PARTICIPANT-ID";
+ public static final int PARTICIPANT_MAX_LENGTH = 39;
+
+ public static final String PARTICIPANT_OKZ_OID = "1.2.40.0.10.2.1.1.261.24";
+ public static final String PARTICIPANT_OKZ_NAME = URN_OID_PREFIX + PARTICIPANT_OKZ_OID;
+ public static final String PARTICIPANT_OKZ_FRIENDLY_NAME = "PARTICIPANT-OKZ";
+ public static final int PARTICIPANT_OKZ_MAX_LENGTH = 32;
+
+ public static final String OU_OKZ_OID = "1.2.40.0.10.2.1.1.153";
+ public static final String OU_OKZ_NAME = URN_OID_PREFIX + OU_OKZ_OID;
+ public static final int OU_OKZ_MAX_LENGTH = 32;
+
+ public static final String OU_GV_OU_ID_OID = "1.2.40.0.10.2.1.1.3";
+ public static final String OU_GV_OU_ID_NAME = URN_OID_PREFIX + OU_GV_OU_ID_OID;
+ public static final String OU_GV_OU_ID_FRIENDLY_NAME = "OU-GV-OU-ID";
+ public static final int OU_GV_OU_ID_MAX_LENGTH = 39;
+
+ public static final String OU_OID = "2.5.4.11";
+ public static final String OU_NAME = URN_OID_PREFIX + OU_OID;
+ public static final String OU_FRIENDLY_NAME = "OU";
+ public static final int OU_MAX_LENGTH = 64;
+
+ public static final String FUNCTION_OID = "1.2.40.0.10.2.1.1.33";
+ public static final String FUNCTION_NAME = URN_OID_PREFIX + FUNCTION_OID;
+ public static final String FUNCTION_FRIENDLY_NAME = "FUNCTION";
+ public static final int FUNCTION_MAX_LENGTH = 32;
+
+ public static final String ROLES_OID = "1.2.40.0.10.2.1.1.261.30";
+ public static final String ROLES_NAME = URN_OID_PREFIX + ROLES_OID;
+ public static final String ROLES_FRIENDLY_NAME = "ROLES";
+ public static final int ROLES_MAX_LENGTH = 32767;
+
+ public static final String EID_CITIZEN_QAA_LEVEL_OID = "1.2.40.0.10.2.1.1.261.94";
+ public static final String EID_CITIZEN_QAA_LEVEL_NAME = URN_OID_PREFIX + EID_CITIZEN_QAA_LEVEL_OID;
+ public static final String EID_CITIZEN_QAA_LEVEL_FRIENDLY_NAME = "EID-CITIZEN-QAA-LEVEL";
+
+ public static final String EID_ISSUING_NATION_OID = "1.2.40.0.10.2.1.1.261.32";
+ public static final String EID_ISSUING_NATION_NAME = URN_OID_PREFIX + EID_ISSUING_NATION_OID;
+ public static final String EID_ISSUING_NATION_FRIENDLY_NAME = "EID-ISSUING-NATION";
+ public static final int EID_ISSUING_NATION_MAX_LENGTH = 2;
+
+ public static final String EID_SECTOR_FOR_IDENTIFIER_OID = "1.2.40.0.10.2.1.1.261.34";
+ public static final String EID_SECTOR_FOR_IDENTIFIER_NAME = URN_OID_PREFIX + EID_SECTOR_FOR_IDENTIFIER_OID;
+ public static final String EID_SECTOR_FOR_IDENTIFIER_FRIENDLY_NAME = "EID-SECTOR-FOR-IDENTIFIER";
+ public static final int EID_SECTOR_FOR_IDENTIFIER_MAX_LENGTH = 255;
+
+ public static final String EID_SOURCE_PIN_OID = "1.2.40.0.10.2.1.1.261.36";
+ public static final String EID_SOURCE_PIN_NAME = URN_OID_PREFIX + EID_SOURCE_PIN_OID;
+ public static final String EID_SOURCE_PIN_FRIENDLY_NAME = "EID-SOURCE-PIN";
+ public static final int EID_SOURCE_PIN_MAX_LENGTH = 128;
+
+ public static final String EID_SOURCE_PIN_TYPE_OID = "1.2.40.0.10.2.1.1.261.104";
+ public static final String EID_SOURCE_PIN_TYPE_NAME = URN_OID_PREFIX + EID_SOURCE_PIN_TYPE_OID;
+ public static final String EID_SOURCE_PIN_TYPE_FRIENDLY_NAME = "EID-SOURCE-PIN-TYPE";
+ public static final int EID_SOURCE_PIN_TYPE_MAX_LENGTH = 128;
+
+ public static final String EID_IDENTITY_LINK_OID = "1.2.40.0.10.2.1.1.261.38";
+ public static final String EID_IDENTITY_LINK_NAME = URN_OID_PREFIX + EID_IDENTITY_LINK_OID;
+ public static final String EID_IDENTITY_LINK_FRIENDLY_NAME = "EID-IDENTITY-LINK";
+ public static final int EID_IDENTITY_LINK_MAX_LENGTH = 32767;
+
+ public static final String EID_AUTH_BLOCK_OID = "1.2.40.0.10.2.1.1.261.62";
+ public static final String EID_AUTH_BLOCK_NAME = URN_OID_PREFIX + EID_AUTH_BLOCK_OID;
+ public static final String EID_AUTH_BLOCK_FRIENDLY_NAME = "EID-AUTH-BLOCK";
+ public static final int EID_AUTH_BLOCK_MAX_LENGTH = 32767;
+
+ public static final String EID_CCS_URL_OID = "1.2.40.0.10.2.1.1.261.64";
+ public static final String EID_CCS_URL_NAME = URN_OID_PREFIX + EID_CCS_URL_OID;
+ public static final String EID_CCS_URL_FRIENDLY_NAME = "EID-CCS-URL";
+ public static final int EID_CCS_URL_MAX_LENGTH = 1024;
+
+ public static final String EID_SIGNER_CERTIFICATE_OID = "1.2.40.0.10.2.1.1.261.66";
+ public static final String EID_SIGNER_CERTIFICATE_NAME = URN_OID_PREFIX + EID_SIGNER_CERTIFICATE_OID;
+ public static final String EID_SIGNER_CERTIFICATE_FRIENDLY_NAME = "EID-SIGNER-CERTIFICATE";
+ public static final int EID_SIGNER_CERTIFICATE_MAX_LENGTH = 32767;
+
+ public static final String EID_STORK_TOKEN_OID = "1.2.40.0.10.2.1.1.261.96";
+ public static final String EID_STORK_TOKEN_NAME = URN_OID_PREFIX + EID_STORK_TOKEN_OID;
+ public static final String EID_STORK_TOKEN_FRIENDLY_NAME = "EID-STORK-TOKEN";
+ public static final int EID_STORK_TOKEN_MAX_LENGTH = 32767;
+
+ public static final String MANDATE_TYPE_OID = "1.2.40.0.10.2.1.1.261.68";
+ public static final String MANDATE_TYPE_NAME = URN_OID_PREFIX + MANDATE_TYPE_OID;
+ public static final String MANDATE_TYPE_FRIENDLY_NAME = "MANDATE-TYPE";
+ public static final int MANDATE_TYPE_MAX_LENGTH = 256;
+
+ public static final String MANDATE_NAT_PER_SOURCE_PIN_OID = "1.2.40.0.10.2.1.1.261.70";
+ public static final String MANDATE_NAT_PER_SOURCE_PIN_NAME = URN_OID_PREFIX + MANDATE_NAT_PER_SOURCE_PIN_OID;
+ public static final String MANDATE_NAT_PER_SOURCE_PIN_FRIENDLY_NAME = "MANDATOR-NATURAL-PERSON-SOURCE-PIN";
+ public static final int MANDATE_NAT_PER_SOURCE_PIN_MAX_LENGTH = 128;
+
+ public static final String MANDATE_LEG_PER_SOURCE_PIN_OID = "1.2.40.0.10.2.1.1.261.100";
+ public static final String MANDATE_LEG_PER_SOURCE_PIN_NAME = URN_OID_PREFIX + MANDATE_LEG_PER_SOURCE_PIN_OID;
+ public static final String MANDATE_LEG_PER_SOURCE_PIN_FRIENDLY_NAME = "MANDATOR-LEGAL-PERSON-SOURCE-PIN";
+ public static final int MANDATE_LEG_PER_SOURCE_PIN_MAX_LENGTH = 128;
+
+ public static final String MANDATE_NAT_PER_SOURCE_PIN_TYPE_OID = "1.2.40.0.10.2.1.1.261.102";
+ public static final String MANDATE_NAT_PER_SOURCE_PIN_TYPE_NAME = URN_OID_PREFIX + MANDATE_NAT_PER_SOURCE_PIN_TYPE_OID;
+ public static final String MANDATE_NAT_PER_SOURCE_PIN_TYPE_FRIENDLY_NAME = "MANDATOR-NATURAL-PERSON-SOURCE-PIN-TYPE";
+ public static final int MANDATE_NAT_PER_SOURCE_PIN_TYPE_MAX_LENGTH = 128;
+
+ public static final String MANDATE_LEG_PER_SOURCE_PIN_TYPE_OID = "1.2.40.0.10.2.1.1.261.76";
+ public static final String MANDATE_LEG_PER_SOURCE_PIN_TYPE_NAME = URN_OID_PREFIX + MANDATE_LEG_PER_SOURCE_PIN_TYPE_OID;
+ public static final String MANDATE_LEG_PER_SOURCE_PIN_TYPE_FRIENDLY_NAME = "MANDATOR-LEGAL-PERSON-SOURCE-PIN-TYPE";
+ public static final int MANDATE_LEG_PER_SOURCE_PIN_TYPE_MAX_LENGTH = 128;
+
+ public static final String MANDATE_NAT_PER_BPK_OID = "1.2.40.0.10.2.1.1.261.98";
+ public static final String MANDATE_NAT_PER_BPK_NAME = URN_OID_PREFIX + MANDATE_NAT_PER_BPK_OID;
+ public static final String MANDATE_NAT_PER_BPK_FRIENDLY_NAME = "MANDATOR-NATURAL-PERSON-BPK";
+ public static final int MANDATE_NAT_PER_BPK_MAX_LENGTH = 1024;
+
+ public static final String MANDATE_NAT_PER_ENC_BPK_LIST_OID = "1.2.40.0.10.2.1.1.261.72";
+ public static final String MANDATE_NAT_PER_ENC_BPK_LIST_NAME = URN_OID_PREFIX + MANDATE_NAT_PER_ENC_BPK_LIST_OID;
+ public static final String MANDATE_NAT_PER_ENC_BPK_LIST_FRIENDLY_NAME = "MANDATOR-NATURAL-PERSON-ENC-BPK-LIST";
+ public static final int MANDATE_NAT_PER_ENC_BPK_LIST_MAX_LENGTH = 32767;
+
+ public static final String MANDATE_NAT_PER_GIVEN_NAME_OID = "1.2.40.0.10.2.1.1.261.78";
+ public static final String MANDATE_NAT_PER_GIVEN_NAME_NAME = URN_OID_PREFIX + MANDATE_NAT_PER_GIVEN_NAME_OID;
+ public static final String MANDATE_NAT_PER_GIVEN_NAME_FRIENDLY_NAME = "MANDATOR-NATURAL-PERSON-GIVEN-NAME";
+ public static final int MANDATE_NAT_PER_GIVEN_NAME_MAX_LENGTH = 128;
+
+ public static final String MANDATE_NAT_PER_FAMILY_NAME_OID = "1.2.40.0.10.2.1.1.261.80";
+ public static final String MANDATE_NAT_PER_FAMILY_NAME_NAME = URN_OID_PREFIX + MANDATE_NAT_PER_FAMILY_NAME_OID;
+ public static final String MANDATE_NAT_PER_FAMILY_NAME_FRIENDLY_NAME = "MANDATOR-NATURAL-PERSON-FAMILY-NAME";
+ public static final int MANDATE_NAT_PER_FAMILY_NAME_MAX_LENGTH = 128;
+
+ public static final String MANDATE_NAT_PER_BIRTHDATE_OID = "1.2.40.0.10.2.1.1.261.82";
+ public static final String MANDATE_NAT_PER_BIRTHDATE_NAME = URN_OID_PREFIX + MANDATE_NAT_PER_BIRTHDATE_OID;
+ public static final String MANDATE_NAT_PER_BIRTHDATE_FRIENDLY_NAME = "MANDATOR-NATURAL-PERSON-BIRTHDATE";
+ public static final String MANDATE_NAT_PER_BIRTHDATE_FORMAT_PATTERN = BIRTHDATE_FORMAT_PATTERN;
+
+ public static final String MANDATE_LEG_PER_FULL_NAME_OID = "1.2.40.0.10.2.1.1.261.84";
+ public static final String MANDATE_LEG_PER_FULL_NAME_NAME = URN_OID_PREFIX + MANDATE_LEG_PER_FULL_NAME_OID;
+ public static final String MANDATE_LEG_PER_FULL_NAME_FRIENDLY_NAME = "MANDATOR-LEGAL-PERSON-FULL-NAME";
+ public static final int MANDATE_LEG_PER_FULL_NAME_MAX_LENGTH = 256;
+
+ public static final String MANDATE_PROF_REP_OID_OID = "1.2.40.0.10.2.1.1.261.86";
+ public static final String MANDATE_PROF_REP_OID_NAME = URN_OID_PREFIX + MANDATE_PROF_REP_OID_OID;
+ public static final String MANDATE_PROF_REP_OID_FRIENDLY_NAME = "MANDATOR-PROF-REP-OID";
+ public static final int MANDATE_PROF_REP_OID_MAX_LENGTH = 256;
+
+ public static final String MANDATE_PROF_REP_DESC_OID = "1.2.40.0.10.2.1.1.261.88";
+ public static final String MANDATE_PROF_REP_DESC_NAME = URN_OID_PREFIX + MANDATE_PROF_REP_DESC_OID;
+ public static final String MANDATE_PROF_REP_DESC_FRIENDLY_NAME = "MANDATOR-PROF-REP-DESCRIPTION";
+ public static final int MANDATE_PROF_REP_DESC_MAX_LENGTH = 1024;
+
+ public static final String MANDATE_REFERENCE_VALUE_OID = "1.2.40.0.10.2.1.1.261.90";
+ public static final String MANDATE_REFERENCE_VALUE_NAME = URN_OID_PREFIX + MANDATE_REFERENCE_VALUE_OID;
+ public static final String MANDATE_REFERENCE_VALUE_FRIENDLY_NAME = "MANDATE-REFERENCE-VALUE";
+ public static final int MANDATE_REFERENCE_VALUE_MAX_LENGTH = 100;
+
+ public static final String MANDATE_FULL_MANDATE_OID = "1.2.40.0.10.2.1.1.261.92";
+ public static final String MANDATE_FULL_MANDATE_NAME = URN_OID_PREFIX + MANDATE_FULL_MANDATE_OID;
+ public static final String MANDATE_FULL_MANDATE_FRIENDLY_NAME = "MANDATE-FULL-MANDATE";
+ public static final int MANDATE_FULL_MANDATE_MAX_LENGTH = 32767;
+
+ public static final String INVOICE_RECPT_ID_OID = "1.2.40.0.10.2.1.1.261.40";
+ public static final String INVOICE_RECPT_ID_NAME = URN_OID_PREFIX + INVOICE_RECPT_ID_OID;
+ public static final String INVOICE_RECPT_ID_FRIENDLY_NAME = "INVOICE-RECPT-ID";
+ public static final int INVOICE_RECPT_ID_MAX_LENGTH = 64;
+
+ public static final String COST_CENTER_ID_OID = "1.2.40.0.10.2.1.1.261.50";
+ public static final String COST_CENTER_ID_NAME = URN_OID_PREFIX + COST_CENTER_ID_OID;
+ public static final String COST_CENTER_ID_FRIENDLY_NAME = "COST-CENTER-ID";
+ public static final int COST_CENTER_ID_MAX_LENGTH = 32767;
+
+ public static final String CHARGE_CODE_OID = "1.2.40.0.10.2.1.1.261.60";
+ public static final String CHARGE_CODE_NAME = URN_OID_PREFIX + CHARGE_CODE_OID;
+ public static final String CHARGE_CODE_FRIENDLY_NAME = "CHARGE-CODE";
+ public static final int CHARGE_CODE_MAX_LENGTH = 32767;
+}
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/PVPProcessor.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/PVPProcessor.java
new file mode 100644
index 000000000..d7079ba5c
--- /dev/null
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/PVPProcessor.java
@@ -0,0 +1,12 @@
+package at.gv.egovernment.moa.id.protocols.pvp2x;
+
+import at.gv.egovernment.moa.id.auth.servlet.AuthServlet;
+
+public class PVPProcessor extends AuthServlet {
+
+ /**
+ *
+ */
+ private static final long serialVersionUID = 4102075202310068260L;
+
+}
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/PVPTargetConfiguration.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/PVPTargetConfiguration.java
new file mode 100644
index 000000000..d842d5fe0
--- /dev/null
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/PVPTargetConfiguration.java
@@ -0,0 +1,36 @@
+package at.gv.egovernment.moa.id.protocols.pvp2x;
+
+import at.gv.egovernment.moa.id.moduls.RequestImpl;
+import at.gv.egovernment.moa.id.protocols.pvp2x.binding.MOARequest;
+
+public class PVPTargetConfiguration extends RequestImpl {
+ MOARequest request;
+ String binding;
+ String consumerURL;
+
+ public MOARequest getRequest() {
+ return request;
+ }
+
+ public void setRequest(MOARequest request) {
+ this.request = request;
+ }
+
+ public String getBinding() {
+ return binding;
+ }
+
+ public void setBinding(String binding) {
+ this.binding = binding;
+ }
+
+ public String getConsumerURL() {
+ return consumerURL;
+ }
+
+ public void setConsumerURL(String consumerURL) {
+ this.consumerURL = consumerURL;
+ }
+
+
+}
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/binding/ArtifactBinding.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/binding/ArtifactBinding.java
new file mode 100644
index 000000000..1d51d91f1
--- /dev/null
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/binding/ArtifactBinding.java
@@ -0,0 +1,98 @@
+package at.gv.egovernment.moa.id.protocols.pvp2x.binding;
+
+import javax.servlet.http.HttpServletRequest;
+import javax.servlet.http.HttpServletResponse;
+
+import org.apache.velocity.app.VelocityEngine;
+import org.apache.velocity.runtime.RuntimeConstants;
+import org.opensaml.common.SAMLObject;
+import org.opensaml.common.binding.BasicSAMLMessageContext;
+import org.opensaml.common.xml.SAMLConstants;
+import org.opensaml.saml2.binding.encoding.HTTPArtifactEncoder;
+import org.opensaml.saml2.core.RequestAbstractType;
+import org.opensaml.saml2.core.StatusResponseType;
+import org.opensaml.saml2.metadata.SingleSignOnService;
+import org.opensaml.saml2.metadata.impl.SingleSignOnServiceBuilder;
+import org.opensaml.ws.message.decoder.MessageDecodingException;
+import org.opensaml.ws.message.encoder.MessageEncodingException;
+import org.opensaml.ws.transport.http.HttpServletResponseAdapter;
+import org.opensaml.xml.security.SecurityException;
+import org.opensaml.xml.security.credential.Credential;
+import org.opensaml.xml.signature.Signature;
+
+import at.gv.egovernment.moa.id.protocols.pvp2x.PVPAssertionStorage;
+import at.gv.egovernment.moa.id.protocols.pvp2x.signer.CredentialProvider;
+import at.gv.egovernment.moa.id.protocols.pvp2x.signer.CredentialsNotAvailableException;
+
+public class ArtifactBinding implements IDecoder, IEncoder {
+
+ public void encodeRequest(HttpServletRequest req, HttpServletResponse resp,
+ RequestAbstractType request, String targetLocation)
+ throws MessageEncodingException, SecurityException {
+ // TODO Auto-generated method stub
+
+ }
+
+ public void encodeRespone(HttpServletRequest req, HttpServletResponse resp,
+ StatusResponseType response, String targetLocation)
+ throws MessageEncodingException, SecurityException {
+ try {
+ Credential credentials = CredentialProvider
+ .getIDPSigningCredential();
+
+ Signature signer = CredentialProvider.getIDPSignature(credentials);
+ response.setSignature(signer);
+
+ VelocityEngine engine = new VelocityEngine();
+ engine.setProperty(RuntimeConstants.ENCODING_DEFAULT, "UTF-8");
+ engine.setProperty(RuntimeConstants.OUTPUT_ENCODING, "UTF-8");
+ engine.setProperty(RuntimeConstants.ENCODING_DEFAULT, "UTF-8");
+ engine.setProperty(RuntimeConstants.RESOURCE_LOADER, "classpath");
+ engine.setProperty("classpath.resource.loader.class",
+ "org.apache.velocity.runtime.resource.loader.ClasspathResourceLoader");
+ engine.init();
+
+ HTTPArtifactEncoder encoder = new HTTPArtifactEncoder(engine,
+ "resources/templates/pvp_postbinding_template.html",
+ PVPAssertionStorage.getInstance());
+
+ encoder.setPostEncoding(false);
+ HttpServletResponseAdapter responseAdapter = new HttpServletResponseAdapter(
+ resp, true);
+ BasicSAMLMessageContext<SAMLObject, SAMLObject, SAMLObject> context = new BasicSAMLMessageContext<SAMLObject, SAMLObject, SAMLObject>();
+ SingleSignOnService service = new SingleSignOnServiceBuilder()
+ .buildObject();
+ service.setBinding(SAMLConstants.SAML2_ARTIFACT_BINDING_URI);
+ service.setLocation(targetLocation);
+ context.setOutboundSAMLMessageSigningCredential(credentials);
+ context.setPeerEntityEndpoint(service);
+ context.setOutboundSAMLMessage(response);
+ context.setOutboundMessageTransport(responseAdapter);
+
+ encoder.encode(context);
+ } catch (CredentialsNotAvailableException e) {
+ e.printStackTrace();
+ throw new SecurityException(e);
+ }
+ }
+
+ public MOARequest decodeRequest(HttpServletRequest req,
+ HttpServletResponse resp) throws MessageDecodingException,
+ SecurityException {
+ // TODO Auto-generated method stub
+ return null;
+ }
+
+ public MOAResponse decodeRespone(HttpServletRequest req,
+ HttpServletResponse resp) throws MessageDecodingException,
+ SecurityException {
+ // TODO Auto-generated method stub
+ return null;
+ }
+
+ public boolean handleDecode(String action, HttpServletRequest req) {
+ // TODO Auto-generated method stub
+ return false;
+ }
+
+}
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/binding/IDecoder.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/binding/IDecoder.java
new file mode 100644
index 000000000..0f82d9a3f
--- /dev/null
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/binding/IDecoder.java
@@ -0,0 +1,21 @@
+package at.gv.egovernment.moa.id.protocols.pvp2x.binding;
+
+import javax.servlet.http.HttpServletRequest;
+import javax.servlet.http.HttpServletResponse;
+
+import org.opensaml.ws.message.decoder.MessageDecodingException;
+import org.opensaml.xml.security.SecurityException;
+
+import at.gv.egovernment.moa.id.protocols.pvp2x.exceptions.PVP2Exception;
+
+public interface IDecoder {
+ public MOARequest decodeRequest(HttpServletRequest req,
+ HttpServletResponse resp)
+ throws MessageDecodingException, SecurityException, PVP2Exception;
+
+ public MOAResponse decodeRespone(HttpServletRequest req,
+ HttpServletResponse resp)
+ throws MessageDecodingException, SecurityException, PVP2Exception;
+
+ public boolean handleDecode(String action, HttpServletRequest req);
+}
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/binding/IEncoder.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/binding/IEncoder.java
new file mode 100644
index 000000000..66526534d
--- /dev/null
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/binding/IEncoder.java
@@ -0,0 +1,30 @@
+package at.gv.egovernment.moa.id.protocols.pvp2x.binding;
+
+import javax.servlet.http.HttpServletRequest;
+import javax.servlet.http.HttpServletResponse;
+
+import org.opensaml.saml2.core.RequestAbstractType;
+import org.opensaml.saml2.core.StatusResponseType;
+import org.opensaml.ws.message.encoder.MessageEncodingException;
+import org.opensaml.xml.security.SecurityException;
+
+import at.gv.egovernment.moa.id.protocols.pvp2x.exceptions.PVP2Exception;
+
+public interface IEncoder {
+ public void encodeRequest(HttpServletRequest req,
+ HttpServletResponse resp, RequestAbstractType request, String targetLocation)
+ throws MessageEncodingException, SecurityException, PVP2Exception;
+
+ /**
+ * Encoder SAML Response
+ * @param req The http request
+ * @param resp The http response
+ * @param response The repsonse object
+ * @param targetLocation
+ * @throws MessageEncodingException
+ * @throws SecurityException
+ */
+ public void encodeRespone(HttpServletRequest req,
+ HttpServletResponse resp, StatusResponseType response, String targetLocation)
+ throws MessageEncodingException, SecurityException, PVP2Exception;
+}
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/binding/MOARequest.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/binding/MOARequest.java
new file mode 100644
index 000000000..946f62066
--- /dev/null
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/binding/MOARequest.java
@@ -0,0 +1,40 @@
+package at.gv.egovernment.moa.id.protocols.pvp2x.binding;
+
+import org.opensaml.saml2.core.RequestAbstractType;
+import org.opensaml.saml2.metadata.EntityDescriptor;
+
+public class MOARequest {
+ private RequestAbstractType samlRequest;
+ private EntityDescriptor entityMetadata;
+ private boolean verified = false;
+
+ public MOARequest(RequestAbstractType request) {
+ samlRequest = request;
+ }
+
+ public RequestAbstractType getSamlRequest() {
+ return samlRequest;
+ }
+
+ public void setSamlRequest(RequestAbstractType request) {
+ this.samlRequest = request;
+ }
+
+ public boolean isVerified() {
+ return verified;
+ }
+
+ public void setVerified(boolean verified) {
+ this.verified = verified;
+ }
+
+ public EntityDescriptor getEntityMetadata() {
+ return entityMetadata;
+ }
+
+ public void setEntityMetadata(EntityDescriptor entityMetadata) {
+ this.entityMetadata = entityMetadata;
+ }
+
+
+}
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/binding/MOAResponse.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/binding/MOAResponse.java
new file mode 100644
index 000000000..47f935b0c
--- /dev/null
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/binding/MOAResponse.java
@@ -0,0 +1,38 @@
+package at.gv.egovernment.moa.id.protocols.pvp2x.binding;
+
+import org.opensaml.saml2.core.Response;
+import org.opensaml.saml2.metadata.EntityDescriptor;
+
+public class MOAResponse {
+ private Response samlResponse;
+ private EntityDescriptor entityMetadata;
+ private boolean verified = false;
+
+ public MOAResponse(Response response) {
+ samlResponse = response;
+ }
+
+ public Response getSamlResponse() {
+ return samlResponse;
+ }
+
+ public void setSamlResponse(Response samlResponse) {
+ this.samlResponse = samlResponse;
+ }
+
+ public boolean isVerified() {
+ return verified;
+ }
+
+ public void setVerified(boolean verified) {
+ this.verified = verified;
+ }
+
+ public EntityDescriptor getEntityMetadata() {
+ return entityMetadata;
+ }
+
+ public void setEntityMetadata(EntityDescriptor entityMetadata) {
+ this.entityMetadata = entityMetadata;
+ }
+}
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/binding/MOAURICompare.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/binding/MOAURICompare.java
new file mode 100644
index 000000000..513939e5d
--- /dev/null
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/binding/MOAURICompare.java
@@ -0,0 +1,12 @@
+package at.gv.egovernment.moa.id.protocols.pvp2x.binding;
+
+import org.opensaml.common.binding.decoding.URIComparator;
+
+public class MOAURICompare implements URIComparator {
+
+ public boolean compare(String uri1, String uri2) {
+ // TODO: implement proper equalizer for rewritten URLS
+ return true;
+ }
+
+}
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/binding/PostBinding.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/binding/PostBinding.java
new file mode 100644
index 000000000..85861297c
--- /dev/null
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/binding/PostBinding.java
@@ -0,0 +1,139 @@
+package at.gv.egovernment.moa.id.protocols.pvp2x.binding;
+
+import javax.servlet.http.HttpServletRequest;
+import javax.servlet.http.HttpServletResponse;
+
+import org.apache.velocity.app.VelocityEngine;
+import org.apache.velocity.runtime.RuntimeConstants;
+import org.opensaml.common.SAMLObject;
+import org.opensaml.common.binding.BasicSAMLMessageContext;
+import org.opensaml.common.xml.SAMLConstants;
+import org.opensaml.saml2.binding.decoding.HTTPPostDecoder;
+import org.opensaml.saml2.binding.encoding.HTTPPostEncoder;
+import org.opensaml.saml2.core.RequestAbstractType;
+import org.opensaml.saml2.core.Response;
+import org.opensaml.saml2.core.StatusResponseType;
+import org.opensaml.saml2.metadata.SPSSODescriptor;
+import org.opensaml.saml2.metadata.SingleSignOnService;
+import org.opensaml.saml2.metadata.impl.SingleSignOnServiceBuilder;
+import org.opensaml.saml2.metadata.provider.MetadataProviderException;
+import org.opensaml.ws.message.decoder.MessageDecodingException;
+import org.opensaml.ws.message.encoder.MessageEncodingException;
+import org.opensaml.ws.transport.http.HttpServletRequestAdapter;
+import org.opensaml.ws.transport.http.HttpServletResponseAdapter;
+import org.opensaml.xml.parse.BasicParserPool;
+import org.opensaml.xml.security.SecurityException;
+import org.opensaml.xml.security.credential.Credential;
+
+import at.gv.egovernment.moa.id.auth.stork.VelocityProvider;
+import at.gv.egovernment.moa.id.protocols.pvp2x.metadata.MOAMetadataProvider;
+import at.gv.egovernment.moa.id.protocols.pvp2x.signer.CredentialProvider;
+import at.gv.egovernment.moa.id.protocols.pvp2x.signer.CredentialsNotAvailableException;
+import at.gv.egovernment.moa.logging.Logger;
+
+public class PostBinding implements IDecoder, IEncoder {
+
+ public void encodeRequest(HttpServletRequest req, HttpServletResponse resp,
+ RequestAbstractType request, String targetLocation)
+ throws MessageEncodingException, SecurityException {
+ // TODO Auto-generated method stub
+
+ }
+
+ public void encodeRespone(HttpServletRequest req, HttpServletResponse resp,
+ StatusResponseType response, String targetLocation)
+ throws MessageEncodingException, SecurityException {
+
+ try {
+ Credential credentials = CredentialProvider
+ .getIDPSigningCredential();
+
+ // VelocityEngine engine =
+ // VelocityProvider.getClassPathVelocityEngine();
+ VelocityEngine engine = new VelocityEngine();
+ engine.setProperty(RuntimeConstants.ENCODING_DEFAULT, "UTF-8");
+ engine.setProperty(RuntimeConstants.OUTPUT_ENCODING, "UTF-8");
+ engine.setProperty(RuntimeConstants.ENCODING_DEFAULT, "UTF-8");
+ engine.setProperty(RuntimeConstants.RESOURCE_LOADER, "classpath");
+ engine.setProperty("classpath.resource.loader.class",
+ "org.apache.velocity.runtime.resource.loader.ClasspathResourceLoader");
+ engine.setProperty(RuntimeConstants.RUNTIME_LOG_LOGSYSTEM_CLASS,
+ "org.apache.velocity.runtime.log.SimpleLog4JLogSystem");
+ engine.init();
+
+ HTTPPostEncoder encoder = new HTTPPostEncoder(engine,
+ "resources/templates/pvp_postbinding_template.html");
+ HttpServletResponseAdapter responseAdapter = new HttpServletResponseAdapter(
+ resp, true);
+ BasicSAMLMessageContext<SAMLObject, SAMLObject, SAMLObject> context = new BasicSAMLMessageContext<SAMLObject, SAMLObject, SAMLObject>();
+ SingleSignOnService service = new SingleSignOnServiceBuilder()
+ .buildObject();
+ service.setBinding(SAMLConstants.SAML2_POST_BINDING_URI);
+ service.setLocation(targetLocation);
+ context.setOutboundSAMLMessageSigningCredential(credentials);
+ context.setPeerEntityEndpoint(service);
+ // context.setOutboundMessage(authReq);
+ context.setOutboundSAMLMessage(response);
+ context.setOutboundMessageTransport(responseAdapter);
+
+ encoder.encode(context);
+ } catch (CredentialsNotAvailableException e) {
+ e.printStackTrace();
+ throw new SecurityException(e);
+ } catch (Exception e) {
+ e.printStackTrace();
+ throw new SecurityException(e);
+ }
+ }
+
+ public MOARequest decodeRequest(HttpServletRequest req,
+ HttpServletResponse resp) throws MessageDecodingException,
+ SecurityException {
+
+ HTTPPostDecoder decode = new HTTPPostDecoder(new BasicParserPool());
+ BasicSAMLMessageContext<RequestAbstractType, ?, ?> messageContext = new BasicSAMLMessageContext<RequestAbstractType, SAMLObject, SAMLObject>();
+ messageContext
+ .setInboundMessageTransport(new HttpServletRequestAdapter(req));
+ decode.setURIComparator(new MOAURICompare());
+ messageContext.setPeerEntityRole(SPSSODescriptor.DEFAULT_ELEMENT_NAME);
+
+ messageContext.setMetadataProvider(MOAMetadataProvider.getInstance());
+
+ decode.decode(messageContext);
+
+ RequestAbstractType inboundMessage = (RequestAbstractType) messageContext
+ .getInboundMessage();
+
+ MOARequest request = new MOARequest(inboundMessage);
+ request.setVerified(false);
+ request.setEntityMetadata(messageContext.getPeerEntityMetadata());
+ return request;
+
+ }
+
+ public MOAResponse decodeRespone(HttpServletRequest req,
+ HttpServletResponse resp) throws MessageDecodingException,
+ SecurityException {
+
+ HTTPPostDecoder decode = new HTTPPostDecoder(new BasicParserPool());
+ BasicSAMLMessageContext<Response, ?, ?> messageContext = new BasicSAMLMessageContext<Response, SAMLObject, SAMLObject>();
+ messageContext
+ .setInboundMessageTransport(new HttpServletRequestAdapter(req));
+
+ messageContext.setPeerEntityRole(SPSSODescriptor.DEFAULT_ELEMENT_NAME);
+
+ decode.decode(messageContext);
+
+ Response inboundMessage = (Response) messageContext.getInboundMessage();
+
+ MOAResponse moaResponse = new MOAResponse(inboundMessage);
+ moaResponse.setVerified(false);
+ moaResponse.setEntityMetadata(messageContext.getPeerEntityMetadata());
+ return moaResponse;
+
+ }
+
+ public boolean handleDecode(String action, HttpServletRequest req) {
+ return (req.getMethod().equals("POST"));
+ }
+}
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/binding/RedirectBinding.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/binding/RedirectBinding.java
new file mode 100644
index 000000000..86801dde5
--- /dev/null
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/binding/RedirectBinding.java
@@ -0,0 +1,148 @@
+package at.gv.egovernment.moa.id.protocols.pvp2x.binding;
+
+import javax.servlet.http.HttpServletRequest;
+import javax.servlet.http.HttpServletResponse;
+
+import org.opensaml.common.SAMLObject;
+import org.opensaml.common.binding.BasicSAMLMessageContext;
+import org.opensaml.common.xml.SAMLConstants;
+import org.opensaml.saml2.binding.decoding.HTTPRedirectDeflateDecoder;
+import org.opensaml.saml2.binding.encoding.HTTPRedirectDeflateEncoder;
+import org.opensaml.saml2.binding.security.SAML2HTTPRedirectDeflateSignatureRule;
+import org.opensaml.saml2.core.RequestAbstractType;
+import org.opensaml.saml2.core.Response;
+import org.opensaml.saml2.core.StatusResponseType;
+import org.opensaml.saml2.metadata.SPSSODescriptor;
+import org.opensaml.saml2.metadata.SingleSignOnService;
+import org.opensaml.saml2.metadata.impl.SingleSignOnServiceBuilder;
+import org.opensaml.saml2.metadata.provider.MetadataProviderException;
+import org.opensaml.ws.message.decoder.MessageDecodingException;
+import org.opensaml.ws.message.encoder.MessageEncodingException;
+import org.opensaml.ws.security.SecurityPolicyResolver;
+import org.opensaml.ws.security.provider.BasicSecurityPolicy;
+import org.opensaml.ws.security.provider.StaticSecurityPolicyResolver;
+import org.opensaml.ws.transport.http.HttpServletRequestAdapter;
+import org.opensaml.ws.transport.http.HttpServletResponseAdapter;
+import org.opensaml.xml.parse.BasicParserPool;
+import org.opensaml.xml.security.SecurityException;
+import org.opensaml.xml.security.credential.Credential;
+
+import at.gv.egovernment.moa.id.protocols.pvp2x.PVP2XProtocol;
+import at.gv.egovernment.moa.id.protocols.pvp2x.metadata.MOAMetadataProvider;
+import at.gv.egovernment.moa.id.protocols.pvp2x.signer.CredentialProvider;
+import at.gv.egovernment.moa.id.protocols.pvp2x.signer.CredentialsNotAvailableException;
+import at.gv.egovernment.moa.id.protocols.pvp2x.verification.TrustEngineFactory;
+import at.gv.egovernment.moa.logging.Logger;
+
+public class RedirectBinding implements IDecoder, IEncoder {
+
+ public void encodeRequest(HttpServletRequest req, HttpServletResponse resp,
+ RequestAbstractType request, String targetLocation)
+ throws MessageEncodingException, SecurityException {
+ // TODO: implement
+ }
+
+ public void encodeRespone(HttpServletRequest req, HttpServletResponse resp,
+ StatusResponseType response, String targetLocation)
+ throws MessageEncodingException, SecurityException {
+ try {
+ Credential credentials = CredentialProvider
+ .getIDPSigningCredential();
+
+ HTTPRedirectDeflateEncoder encoder = new HTTPRedirectDeflateEncoder();
+ HttpServletResponseAdapter responseAdapter = new HttpServletResponseAdapter(
+ resp, true);
+ BasicSAMLMessageContext<SAMLObject, SAMLObject, SAMLObject> context = new BasicSAMLMessageContext<SAMLObject, SAMLObject, SAMLObject>();
+ SingleSignOnService service = new SingleSignOnServiceBuilder()
+ .buildObject();
+ service.setBinding(SAMLConstants.SAML2_REDIRECT_BINDING_URI);
+ service.setLocation(targetLocation);
+ context.setOutboundSAMLMessageSigningCredential(credentials);
+ context.setPeerEntityEndpoint(service);
+ // context.setOutboundMessage(authReq);
+ context.setOutboundSAMLMessage(response);
+ context.setOutboundMessageTransport(responseAdapter);
+
+ encoder.encode(context);
+ } catch (CredentialsNotAvailableException e) {
+ e.printStackTrace();
+ throw new SecurityException(e);
+ }
+ }
+
+ public MOARequest decodeRequest(HttpServletRequest req,
+ HttpServletResponse resp) throws MessageDecodingException,
+ SecurityException {
+
+ HTTPRedirectDeflateDecoder decode = new HTTPRedirectDeflateDecoder(
+ new BasicParserPool());
+ decode.setURIComparator(new MOAURICompare());
+ BasicSAMLMessageContext<RequestAbstractType, ?, ?> messageContext = new BasicSAMLMessageContext<RequestAbstractType, SAMLObject, SAMLObject>();
+ messageContext
+ .setInboundMessageTransport(new HttpServletRequestAdapter(req));
+
+ messageContext.setMetadataProvider(MOAMetadataProvider.getInstance());
+
+ SAML2HTTPRedirectDeflateSignatureRule signatureRule = new SAML2HTTPRedirectDeflateSignatureRule(
+ TrustEngineFactory.getSignatureKnownKeysTrustEngine());
+
+ BasicSecurityPolicy policy = new BasicSecurityPolicy();
+ policy.getPolicyRules().add(signatureRule);
+ SecurityPolicyResolver resolver = new StaticSecurityPolicyResolver(
+ policy);
+ messageContext.setPeerEntityRole(SPSSODescriptor.DEFAULT_ELEMENT_NAME);
+ messageContext.setSecurityPolicyResolver(resolver);
+
+ decode.decode(messageContext);
+
+ signatureRule.evaluate(messageContext);
+
+ RequestAbstractType inboundMessage = (RequestAbstractType) messageContext
+ .getInboundMessage();
+ MOARequest request = new MOARequest(inboundMessage);
+ request.setVerified(true);
+ request.setEntityMetadata(messageContext.getPeerEntityMetadata());
+ return request;
+ }
+
+ public MOAResponse decodeRespone(HttpServletRequest req,
+ HttpServletResponse resp) throws MessageDecodingException,
+ SecurityException {
+
+ HTTPRedirectDeflateDecoder decode = new HTTPRedirectDeflateDecoder(
+ new BasicParserPool());
+ BasicSAMLMessageContext<Response, ?, ?> messageContext = new BasicSAMLMessageContext<Response, SAMLObject, SAMLObject>();
+ messageContext
+ .setInboundMessageTransport(new HttpServletRequestAdapter(req));
+
+ SAML2HTTPRedirectDeflateSignatureRule signatureRule = new SAML2HTTPRedirectDeflateSignatureRule(
+ TrustEngineFactory.getSignatureKnownKeysTrustEngine());
+
+ // signatureRule.evaluate(messageContext);
+ BasicSecurityPolicy policy = new BasicSecurityPolicy();
+ policy.getPolicyRules().add(signatureRule);
+ SecurityPolicyResolver resolver = new StaticSecurityPolicyResolver(
+ policy);
+ messageContext.setPeerEntityRole(SPSSODescriptor.DEFAULT_ELEMENT_NAME);
+ messageContext.setSecurityPolicyResolver(resolver);
+ MOAMetadataProvider provider = null;
+
+ provider = MOAMetadataProvider.getInstance();
+
+ messageContext.setMetadataProvider(provider);
+
+ decode.decode(messageContext);
+
+ Response inboundMessage = (Response) messageContext.getInboundMessage();
+
+ MOAResponse moaResponse = new MOAResponse(inboundMessage);
+ moaResponse.setVerified(true);
+ moaResponse.setEntityMetadata(messageContext.getPeerEntityMetadata());
+ return moaResponse;
+ }
+
+ public boolean handleDecode(String action, HttpServletRequest req) {
+ return (action.equals(PVP2XProtocol.REDIRECT) && req.getMethod()
+ .equals("GET"));
+ }
+}
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/binding/SoapBinding.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/binding/SoapBinding.java
new file mode 100644
index 000000000..04ec3eaee
--- /dev/null
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/binding/SoapBinding.java
@@ -0,0 +1,87 @@
+package at.gv.egovernment.moa.id.protocols.pvp2x.binding;
+
+import javax.servlet.http.HttpServletRequest;
+import javax.servlet.http.HttpServletResponse;
+
+import org.opensaml.common.SAMLObject;
+import org.opensaml.common.binding.BasicSAMLMessageContext;
+import org.opensaml.common.xml.SAMLConstants;
+import org.opensaml.saml2.binding.encoding.HTTPSOAP11Encoder;
+import org.opensaml.saml2.core.RequestAbstractType;
+import org.opensaml.saml2.core.StatusResponseType;
+import org.opensaml.saml2.metadata.SingleSignOnService;
+import org.opensaml.saml2.metadata.impl.SingleSignOnServiceBuilder;
+import org.opensaml.ws.message.decoder.MessageDecodingException;
+import org.opensaml.ws.message.encoder.MessageEncodingException;
+import org.opensaml.ws.soap.soap11.decoder.http.HTTPSOAP11Decoder;
+import org.opensaml.ws.transport.http.HttpServletRequestAdapter;
+import org.opensaml.ws.transport.http.HttpServletResponseAdapter;
+import org.opensaml.xml.security.SecurityException;
+import org.opensaml.xml.security.credential.Credential;
+
+import at.gv.egovernment.moa.id.protocols.pvp2x.PVP2XProtocol;
+import at.gv.egovernment.moa.id.protocols.pvp2x.exceptions.BindingNotSupportedException;
+import at.gv.egovernment.moa.id.protocols.pvp2x.exceptions.PVP2Exception;
+import at.gv.egovernment.moa.id.protocols.pvp2x.signer.CredentialProvider;
+import at.gv.egovernment.moa.id.protocols.pvp2x.signer.CredentialsNotAvailableException;
+
+public class SoapBinding implements IDecoder, IEncoder {
+
+ public MOARequest decodeRequest(HttpServletRequest req,
+ HttpServletResponse resp) throws MessageDecodingException,
+ SecurityException, PVP2Exception {
+ HTTPSOAP11Decoder soapDecoder = new HTTPSOAP11Decoder();
+ BasicSAMLMessageContext<RequestAbstractType, ?, ?> messageContext =
+ new BasicSAMLMessageContext<RequestAbstractType, SAMLObject, SAMLObject>();
+ messageContext
+ .setInboundMessageTransport(new HttpServletRequestAdapter(
+ req));
+ soapDecoder.decode(messageContext);
+
+ RequestAbstractType inboundMessage = (RequestAbstractType) messageContext
+ .getInboundMessage();
+
+ MOARequest request = new MOARequest(inboundMessage);
+
+ return request;
+ }
+
+ public MOAResponse decodeRespone(HttpServletRequest req,
+ HttpServletResponse resp) throws MessageDecodingException,
+ SecurityException, PVP2Exception {
+ throw new BindingNotSupportedException(SAMLConstants.SAML2_SOAP11_BINDING_URI + " response");
+ }
+
+ public boolean handleDecode(String action, HttpServletRequest req) {
+ return (action.equals(PVP2XProtocol.SOAP));
+ }
+
+ public void encodeRequest(HttpServletRequest req, HttpServletResponse resp,
+ RequestAbstractType request, String targetLocation)
+ throws MessageEncodingException, SecurityException, PVP2Exception {
+
+ }
+
+ public void encodeRespone(HttpServletRequest req, HttpServletResponse resp,
+ StatusResponseType response, String targetLocation)
+ throws MessageEncodingException, SecurityException, PVP2Exception {
+ try {
+ Credential credentials = CredentialProvider
+ .getIDPSigningCredential();
+
+ HTTPSOAP11Encoder encoder = new HTTPSOAP11Encoder();
+ HttpServletResponseAdapter responseAdapter = new HttpServletResponseAdapter(
+ resp, true);
+ BasicSAMLMessageContext<SAMLObject, SAMLObject, SAMLObject> context = new BasicSAMLMessageContext<SAMLObject, SAMLObject, SAMLObject>();
+ context.setOutboundSAMLMessageSigningCredential(credentials);
+ context.setOutboundSAMLMessage(response);
+ context.setOutboundMessageTransport(responseAdapter);
+
+ encoder.encode(context);
+ } catch (CredentialsNotAvailableException e) {
+ e.printStackTrace();
+ throw new SecurityException(e);
+ }
+ }
+
+}
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/CitizenTokenBuilder.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/CitizenTokenBuilder.java
new file mode 100644
index 000000000..ab880bb9e
--- /dev/null
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/CitizenTokenBuilder.java
@@ -0,0 +1,158 @@
+package at.gv.egovernment.moa.id.protocols.pvp2x.builder;
+
+import org.opensaml.saml2.core.Attribute;
+import org.opensaml.saml2.core.AttributeStatement;
+import org.opensaml.saml2.core.AttributeValue;
+import org.opensaml.xml.Configuration;
+import org.opensaml.xml.XMLObject;
+import org.opensaml.xml.schema.XSInteger;
+import org.opensaml.xml.schema.XSString;
+import org.opensaml.xml.schema.impl.XSIntegerBuilder;
+import org.opensaml.xml.schema.impl.XSStringBuilder;
+
+import at.gv.egovernment.moa.id.BuildException;
+import at.gv.egovernment.moa.id.auth.AuthenticationServer;
+import at.gv.egovernment.moa.id.auth.data.AuthenticationSession;
+import at.gv.egovernment.moa.id.config.ConfigurationException;
+import at.gv.egovernment.moa.id.config.auth.AuthConfigurationProvider;
+import at.gv.egovernment.moa.id.config.auth.OAAuthParameter;
+import at.gv.egovernment.moa.id.data.AuthenticationData;
+import at.gv.egovernment.moa.id.protocols.pvp2x.binding.MOARequest;
+import at.gv.egovernment.moa.id.protocols.pvp2x.utils.SAML2Utils;
+
+public class CitizenTokenBuilder {
+
+ public static XMLObject buildAttributeStringValue(String value) {
+ XSStringBuilder stringBuilder = (XSStringBuilder) Configuration.getBuilderFactory().getBuilder(XSString.TYPE_NAME);
+ XSString stringValue = stringBuilder.buildObject(AttributeValue.DEFAULT_ELEMENT_NAME, XSString.TYPE_NAME);
+ stringValue.setValue(value);
+ return stringValue;
+ }
+
+ public static XMLObject buildAttributeIntegerValue(int value) {
+ XSIntegerBuilder integerBuilder = (XSIntegerBuilder) Configuration.getBuilderFactory().getBuilder(XSInteger.TYPE_NAME);
+ XSInteger integerValue = integerBuilder.buildObject(AttributeValue.DEFAULT_ELEMENT_NAME, XSInteger.TYPE_NAME);
+ integerValue.setValue(value);
+ return integerValue;
+ }
+
+ public static Attribute buildStringAttribute(String friendlyName,
+ String name, String value) {
+ Attribute attribute =
+ SAML2Utils.createSAMLObject(Attribute.class);
+ attribute.setFriendlyName(friendlyName);
+ attribute.setName(name);
+ attribute.getAttributeValues().add(buildAttributeStringValue(value));
+ return attribute;
+ }
+
+ public static Attribute buildIntegerAttribute(String friendlyName,
+ String name, int value) {
+ Attribute attribute =
+ SAML2Utils.createSAMLObject(Attribute.class);
+ attribute.setFriendlyName(friendlyName);
+ attribute.setName(name);
+ attribute.getAttributeValues().add(buildAttributeIntegerValue(value));
+ return attribute;
+ }
+
+ public static Attribute buildPVPVersion(String value) {
+ return buildStringAttribute("PVP-VERSION",
+ "urn:oid:1.2.40.0.10.2.1.1.261.10", value);
+ }
+
+ public static Attribute buildSecClass(int value) {
+ return buildIntegerAttribute("SECCLASS",
+ "", value);
+ }
+
+ public static Attribute buildPrincipalName(String value) {
+ return buildStringAttribute("PRINCIPAL-NAME",
+ "urn:oid:1.2.40.0.10.2.1.1.261.20", value);
+ }
+
+ public static Attribute buildGivenName(String value) {
+ return buildStringAttribute("GIVEN-NAME",
+ "urn:oid:2.5.4.42", value);
+ }
+
+ public static Attribute buildBirthday(String value) {
+ return buildStringAttribute("BIRTHDATE",
+ "urn:oid:1.2.40.0.10.2.1.1.55", value);
+ }
+
+ public static Attribute buildBPK(String value) {
+ return buildStringAttribute("BPK",
+ "urn:oid:1.2.40.0.10.2.1.1.149", value);
+ }
+
+ public static Attribute buildEID_CITIZEN_QAALEVEL(int value) {
+ return buildIntegerAttribute("EID-CITIZEN-QAA-LEVEL",
+ "urn:oid:1.2.40.0.10.2.1.1.261.94", value);
+ }
+
+ public static Attribute buildEID_ISSUING_NATION(String value) {
+ return buildStringAttribute("EID-ISSUING-NATION",
+ "urn:oid:1.2.40.0.10.2.1.1.261.32", value);
+ }
+
+ public static Attribute buildEID_SECTOR_FOR_IDENTIFIER(String value) {
+ return buildStringAttribute("EID-SECTOR-FOR-IDENTIFIER",
+ "urn:oid:1.2.40.0.10.2.1.1.261.34", value);
+ }
+
+
+// public static AttributeStatement buildCitizenToken(MOARequest obj,
+// AuthenticationSession authSession) {
+// AttributeStatement statement =
+// SAML2Utils.createSAMLObject(AttributeStatement.class);
+//
+// //TL: AuthData generation is moved out from VerifyAuthBlockServlet
+// try {
+//
+// //TODO: LOAD oaParam from request and not from MOASession in case of SSO
+// OAAuthParameter oaParam = AuthConfigurationProvider.getInstance()
+// .getOnlineApplicationParameter(authSession.getPublicOAURLPrefix());
+//
+// AuthenticationData authData = AuthenticationServer.buildAuthenticationData(authSession,
+// oaParam,
+// authSession.getTarget());
+//
+// Attribute pvpVersion = buildPVPVersion("2.1");
+// Attribute secClass = buildSecClass(3);
+// Attribute principalName = buildPrincipalName(authData.getFamilyName());
+// Attribute givenName = buildGivenName(authData.getGivenName());
+// Attribute birthdate = buildBirthday(authData.getDateOfBirth());
+//
+// //TL: getIdentificationValue holds the baseID --> change to pBK
+// Attribute bpk = buildBPK(authData.getBPK());
+//
+// Attribute eid_citizen_qaa = buildEID_CITIZEN_QAALEVEL(3);
+// Attribute eid_issuing_nation = buildEID_ISSUING_NATION("AT");
+// Attribute eid_sector_for_id = buildEID_SECTOR_FOR_IDENTIFIER(authData.getIdentificationType());
+//
+// statement.getAttributes().add(pvpVersion);
+// statement.getAttributes().add(secClass);
+// statement.getAttributes().add(principalName);
+// statement.getAttributes().add(givenName);
+// statement.getAttributes().add(birthdate);
+// statement.getAttributes().add(bpk);
+// statement.getAttributes().add(eid_citizen_qaa);
+// statement.getAttributes().add(eid_issuing_nation);
+// statement.getAttributes().add(eid_sector_for_id);
+//
+// return statement;
+//
+// } catch (ConfigurationException e) {
+//
+// // TODO: check Exception Handling
+// return null;
+// } catch (BuildException e) {
+//
+// // TODO: check Exception Handling
+// return null;
+// }
+//
+//
+// }
+}
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/PVPAttributeBuilder.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/PVPAttributeBuilder.java
new file mode 100644
index 000000000..60e510de2
--- /dev/null
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/PVPAttributeBuilder.java
@@ -0,0 +1,98 @@
+package at.gv.egovernment.moa.id.protocols.pvp2x.builder;
+
+import java.util.ArrayList;
+import java.util.HashMap;
+import java.util.Iterator;
+import java.util.List;
+
+import org.opensaml.saml2.core.Attribute;
+
+import at.gv.egovernment.moa.id.auth.data.AuthenticationSession;
+import at.gv.egovernment.moa.id.config.auth.OAAuthParameter;
+import at.gv.egovernment.moa.id.data.AuthenticationData;
+import at.gv.egovernment.moa.id.protocols.pvp2x.builder.attributes.BPKAttributeBuilder;
+import at.gv.egovernment.moa.id.protocols.pvp2x.builder.attributes.BirthdateAttributeBuilder;
+import at.gv.egovernment.moa.id.protocols.pvp2x.builder.attributes.EIDCitizenQAALevelAttributeBuilder;
+import at.gv.egovernment.moa.id.protocols.pvp2x.builder.attributes.EIDIssuingNationAttributeBuilder;
+import at.gv.egovernment.moa.id.protocols.pvp2x.builder.attributes.EIDSectorForIDAttributeBuilder;
+import at.gv.egovernment.moa.id.protocols.pvp2x.builder.attributes.GivenNameAttributeBuilder;
+import at.gv.egovernment.moa.id.protocols.pvp2x.builder.attributes.IAttributeBuilder;
+import at.gv.egovernment.moa.id.protocols.pvp2x.builder.attributes.MandateFullMandateAttributeBuilder;
+import at.gv.egovernment.moa.id.protocols.pvp2x.builder.attributes.MandateLegalPersonFullNameAttributeBuilder;
+import at.gv.egovernment.moa.id.protocols.pvp2x.builder.attributes.MandateLegalPersonSourcePinAttributeBuilder;
+import at.gv.egovernment.moa.id.protocols.pvp2x.builder.attributes.MandateLegalPersonSourcePinTypeAttributeBuilder;
+import at.gv.egovernment.moa.id.protocols.pvp2x.builder.attributes.MandateNaturalPersonBPKAttributeBuilder;
+import at.gv.egovernment.moa.id.protocols.pvp2x.builder.attributes.MandateNaturalPersonBirthDateAttributeBuilder;
+import at.gv.egovernment.moa.id.protocols.pvp2x.builder.attributes.MandateNaturalPersonFamilyNameAttributeBuilder;
+import at.gv.egovernment.moa.id.protocols.pvp2x.builder.attributes.MandateNaturalPersonGivenNameAttributeBuilder;
+import at.gv.egovernment.moa.id.protocols.pvp2x.builder.attributes.MandateNaturalPersonSourcePinAttributeBuilder;
+import at.gv.egovernment.moa.id.protocols.pvp2x.builder.attributes.MandateNaturalPersonSourcePinTypeAttributeBuilder;
+import at.gv.egovernment.moa.id.protocols.pvp2x.builder.attributes.MandateProfRepDescAttributeBuilder;
+import at.gv.egovernment.moa.id.protocols.pvp2x.builder.attributes.MandateProfRepOIDAttributeBuilder;
+import at.gv.egovernment.moa.id.protocols.pvp2x.builder.attributes.MandateReferenceValueAttributeBuilder;
+import at.gv.egovernment.moa.id.protocols.pvp2x.builder.attributes.MandateTypeAttributeBuilder;
+import at.gv.egovernment.moa.id.protocols.pvp2x.builder.attributes.PVPVersionAttributeBuilder;
+import at.gv.egovernment.moa.id.protocols.pvp2x.builder.attributes.PrincipalNameAttributeBuilder;
+import at.gv.egovernment.moa.id.protocols.pvp2x.exceptions.PVP2Exception;
+
+public class PVPAttributeBuilder {
+
+ private static HashMap<String, IAttributeBuilder> builders;
+
+ private static void addBuilder(IAttributeBuilder builder) {
+ builders.put(builder.getName(), builder);
+ }
+
+ static {
+ builders = new HashMap<String, IAttributeBuilder>();
+ // Citizen Token normal
+ addBuilder(new PVPVersionAttributeBuilder());
+ addBuilder(new PrincipalNameAttributeBuilder());
+ addBuilder(new GivenNameAttributeBuilder());
+ addBuilder(new BirthdateAttributeBuilder());
+ addBuilder(new BPKAttributeBuilder());
+ addBuilder(new EIDCitizenQAALevelAttributeBuilder());
+ addBuilder(new EIDIssuingNationAttributeBuilder());
+ addBuilder(new EIDSectorForIDAttributeBuilder());
+
+ // Mandate Attributes
+ addBuilder(new MandateTypeAttributeBuilder());
+ addBuilder(new MandateLegalPersonFullNameAttributeBuilder());
+ addBuilder(new MandateLegalPersonSourcePinAttributeBuilder());
+ addBuilder(new MandateLegalPersonSourcePinTypeAttributeBuilder());
+ addBuilder(new MandateNaturalPersonBirthDateAttributeBuilder());
+ addBuilder(new MandateNaturalPersonBPKAttributeBuilder());
+ addBuilder(new MandateNaturalPersonFamilyNameAttributeBuilder());
+ addBuilder(new MandateNaturalPersonGivenNameAttributeBuilder());
+ addBuilder(new MandateNaturalPersonSourcePinAttributeBuilder());
+ addBuilder(new MandateNaturalPersonSourcePinTypeAttributeBuilder());
+ addBuilder(new MandateTypeAttributeBuilder());
+ addBuilder(new MandateProfRepOIDAttributeBuilder());
+ addBuilder(new MandateProfRepDescAttributeBuilder());
+ addBuilder(new MandateReferenceValueAttributeBuilder());
+ addBuilder(new MandateFullMandateAttributeBuilder());
+ }
+
+ public static Attribute buildAttribute(String name,
+ AuthenticationSession authSession,
+ OAAuthParameter oaParam, AuthenticationData authData) throws PVP2Exception {
+ if (builders.containsKey(name)) {
+ return builders.get(name).build(authSession, oaParam, authData);
+ }
+ return null;
+ }
+
+ public static List<Attribute> buildSupportedEmptyAttributes() {
+ List<Attribute> attributes = new ArrayList<Attribute>();
+ Iterator<IAttributeBuilder> builderIt = builders.values().iterator();
+ while (builderIt.hasNext()) {
+ IAttributeBuilder builder = builderIt.next();
+ Attribute emptyAttribute = builder.buildEmpty();
+ if (emptyAttribute != null) {
+ attributes.add(emptyAttribute);
+ }
+ }
+ return attributes;
+ }
+
+}
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/assertion/PVP2AssertionBuilder.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/assertion/PVP2AssertionBuilder.java
new file mode 100644
index 000000000..17fc52a8c
--- /dev/null
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/assertion/PVP2AssertionBuilder.java
@@ -0,0 +1,325 @@
+package at.gv.egovernment.moa.id.protocols.pvp2x.builder.assertion;
+
+import java.util.Iterator;
+import java.util.List;
+
+import org.joda.time.DateTime;
+import org.opensaml.common.xml.SAMLConstants;
+import org.opensaml.saml2.core.Assertion;
+import org.opensaml.saml2.core.Attribute;
+import org.opensaml.saml2.core.AttributeStatement;
+import org.opensaml.saml2.core.Audience;
+import org.opensaml.saml2.core.AudienceRestriction;
+import org.opensaml.saml2.core.AuthnContext;
+import org.opensaml.saml2.core.AuthnContextClassRef;
+import org.opensaml.saml2.core.AuthnRequest;
+import org.opensaml.saml2.core.AuthnStatement;
+import org.opensaml.saml2.core.Conditions;
+import org.opensaml.saml2.core.Issuer;
+import org.opensaml.saml2.core.NameID;
+import org.opensaml.saml2.core.RequestedAuthnContext;
+import org.opensaml.saml2.core.Subject;
+import org.opensaml.saml2.core.SubjectConfirmation;
+import org.opensaml.saml2.core.SubjectConfirmationData;
+import org.opensaml.saml2.metadata.AttributeConsumingService;
+import org.opensaml.saml2.metadata.EntityDescriptor;
+import org.opensaml.saml2.metadata.NameIDFormat;
+import org.opensaml.saml2.metadata.RequestedAttribute;
+import org.opensaml.saml2.metadata.SPSSODescriptor;
+import org.w3c.dom.Element;
+
+import at.gv.e_government.reference.namespace.mandates._20040701_.Mandate;
+import at.gv.e_government.reference.namespace.persondata._20020228_.CorporateBodyType;
+import at.gv.e_government.reference.namespace.persondata._20020228_.IdentificationType;
+import at.gv.e_government.reference.namespace.persondata._20020228_.PhysicalPersonType;
+import at.gv.egovernment.moa.id.MOAIDException;
+import at.gv.egovernment.moa.id.auth.AuthenticationServer;
+import at.gv.egovernment.moa.id.auth.builder.BPKBuilder;
+import at.gv.egovernment.moa.id.auth.data.AuthenticationSession;
+import at.gv.egovernment.moa.id.config.auth.AuthConfigurationProvider;
+import at.gv.egovernment.moa.id.config.auth.OAAuthParameter;
+import at.gv.egovernment.moa.id.data.AuthenticationData;
+import at.gv.egovernment.moa.id.protocols.pvp2x.PVPConstants;
+import at.gv.egovernment.moa.id.protocols.pvp2x.builder.PVPAttributeBuilder;
+import at.gv.egovernment.moa.id.protocols.pvp2x.config.PVPConfiguration;
+import at.gv.egovernment.moa.id.protocols.pvp2x.exceptions.NameIDFormatNotSupportedException;
+import at.gv.egovernment.moa.id.protocols.pvp2x.exceptions.NoAuthContextException;
+import at.gv.egovernment.moa.id.protocols.pvp2x.exceptions.NoMandateDataAvailableException;
+import at.gv.egovernment.moa.id.protocols.pvp2x.exceptions.PVP2Exception;
+import at.gv.egovernment.moa.id.protocols.pvp2x.exceptions.QAANotSupportedException;
+import at.gv.egovernment.moa.id.protocols.pvp2x.exceptions.UnprovideableAttributeException;
+import at.gv.egovernment.moa.id.protocols.pvp2x.utils.SAML2Utils;
+import at.gv.egovernment.moa.id.util.MandateBuilder;
+import at.gv.egovernment.moa.logging.Logger;
+import at.gv.egovernment.moa.util.Constants;
+
+public class PVP2AssertionBuilder implements PVPConstants {
+ public static Assertion buildAssertion(AuthnRequest authnRequest,
+ AuthenticationSession authSession, EntityDescriptor peerEntity)
+ throws MOAIDException {
+ Assertion assertion = SAML2Utils.createSAMLObject(Assertion.class);
+
+ RequestedAuthnContext reqAuthnContext = authnRequest
+ .getRequestedAuthnContext();
+
+ if (reqAuthnContext == null) {
+ throw new NoAuthContextException();
+ }
+
+ boolean stork_qaa_1_4_found = false;
+
+ AuthnContextClassRef authnContextClassRef = SAML2Utils
+ .createSAMLObject(AuthnContextClassRef.class);
+
+ List<AuthnContextClassRef> reqAuthnContextClassRefIt = reqAuthnContext
+ .getAuthnContextClassRefs();
+
+ if (reqAuthnContextClassRefIt.size() == 0) {
+ stork_qaa_1_4_found = true;
+ authnContextClassRef.setAuthnContextClassRef(STORK_QAA_1_4);
+
+ } else {
+ for (AuthnContextClassRef authnClassRef : reqAuthnContextClassRefIt) {
+ String qaa_uri = authnClassRef.getAuthnContextClassRef();
+ if (qaa_uri.trim().equals(STORK_QAA_1_4)
+ || qaa_uri.trim().equals(STORK_QAA_1_3)
+ || qaa_uri.trim().equals(STORK_QAA_1_2)
+ || qaa_uri.trim().equals(STORK_QAA_1_1)) {
+
+ if (authSession.isForeigner()) {
+ //TODO: insert QAA check
+
+ stork_qaa_1_4_found = false;
+
+ } else {
+ stork_qaa_1_4_found = true;
+ authnContextClassRef.setAuthnContextClassRef(STORK_QAA_1_4);
+ }
+ break;
+ }
+ }
+ }
+
+ if (!stork_qaa_1_4_found) {
+ throw new QAANotSupportedException(STORK_QAA_1_4);
+ }
+
+// reqAuthnContextClassRefIt = reqAuthnContext.getAuthnContextClassRefs()
+// .iterator();
+//
+// StringBuilder authContextsb = new StringBuilder();
+//
+// while (reqAuthnContextClassRefIt.hasNext()) {
+// AuthnContextClassRef authnClassRef = reqAuthnContextClassRefIt
+// .next();
+// String[] qaa_uris = authnClassRef.getAuthnContextClassRef().split(
+// "\\s+");
+// for (int i = 0; i < qaa_uris.length; i++) {
+// if (qaa_uris[i].trim().equals(STORK_QAA_1_4)
+// || qaa_uris[i].trim().equals(STORK_QAA_1_3)
+// || qaa_uris[i].trim().equals(STORK_QAA_1_2)
+// || qaa_uris[i].trim().equals(STORK_QAA_1_1)) {
+// authContextsb.append(qaa_uris[i].trim());
+// authContextsb.append(" ");
+// }
+// }
+//
+// }
+
+ AuthnContext authnContext = SAML2Utils
+ .createSAMLObject(AuthnContext.class);
+ authnContext.setAuthnContextClassRef(authnContextClassRef);
+
+ AuthnStatement authnStatement = SAML2Utils
+ .createSAMLObject(AuthnStatement.class);
+ String remoteSessionID = SAML2Utils.getSecureIdentifier();
+ authnStatement.setAuthnInstant(new DateTime());
+ // currently dummy id ...
+ authnStatement.setSessionIndex(remoteSessionID);
+ authnStatement.setAuthnContext(authnContext);
+
+ assertion.getAuthnStatements().add(authnStatement);
+
+ SPSSODescriptor spSSODescriptor = peerEntity
+ .getSPSSODescriptor(SAMLConstants.SAML20P_NS);
+
+ Integer aIdx = authnRequest.getAttributeConsumingServiceIndex();
+ int idx = 0;
+
+ if (aIdx != null) {
+ idx = aIdx.intValue();
+ }
+
+ AttributeConsumingService attributeConsumingService = spSSODescriptor
+ .getAttributeConsumingServices().get(idx);
+
+ AttributeStatement attributeStatement = SAML2Utils
+ .createSAMLObject(AttributeStatement.class);
+
+ Subject subject = SAML2Utils.createSAMLObject(Subject.class);
+ NameID subjectNameID = SAML2Utils.createSAMLObject(NameID.class);
+ boolean foundFormat = false;
+
+ // TL: AuthData generation is moved to Assertion generation.
+
+ Iterator<NameIDFormat> formatIt = spSSODescriptor.getNameIDFormats()
+ .iterator();
+ while (formatIt.hasNext()) {
+ if (formatIt.next().getFormat().equals(NameID.PERSISTENT)) {
+ foundFormat = true;
+ break;
+ }
+ }
+ if (!foundFormat) {
+ // TODO use correct exception
+ throw new NameIDFormatNotSupportedException("");
+ }
+
+ // TODO: Check if we need to hide source pin
+ /*
+ * if(authSession.getUseMandate()) { Element mandate =
+ * authSession.getMandate(); if(authSession.getBusinessService()) { //
+ * Hide Source PIN! ParepUtils.HideStammZahlen(mandate, true, null,
+ * authSession.getDomainIdentifier(), true); } else {
+ * ParepUtils.HideStammZahlen(mandate, false, authSession.getTarget(),
+ * null, true); } }
+ */
+
+ // TODO: LOAD oaParam from request and not from MOASession in case of
+ // SSO
+ OAAuthParameter oaParam = AuthConfigurationProvider.getInstance()
+ .getOnlineApplicationParameter(
+ peerEntity.getEntityID());
+
+ AuthenticationData authData = AuthenticationServer
+ .buildAuthenticationData(authSession, oaParam,
+ oaParam.getTarget());
+
+ Iterator<RequestedAttribute> it = attributeConsumingService
+ .getRequestAttributes().iterator();
+ while (it.hasNext()) {
+ RequestedAttribute reqAttribut = it.next();
+ try {
+ Attribute attr = PVPAttributeBuilder.buildAttribute(
+ reqAttribut.getName(), authSession, oaParam, authData);
+ if (attr == null) {
+ if (reqAttribut.isRequired()) {
+ throw new UnprovideableAttributeException(
+ reqAttribut.getName());
+ }
+ } else {
+ attributeStatement.getAttributes().add(attr);
+ }
+ } catch (PVP2Exception e) {
+ Logger.error(
+ "Attribute generation failed! for "
+ + reqAttribut.getFriendlyName(), e);
+ if (reqAttribut.isRequired()) {
+ throw new UnprovideableAttributeException(
+ reqAttribut.getName());
+ }
+ }
+ }
+
+ if (attributeStatement.getAttributes().size() > 0) {
+ assertion.getAttributeStatements().add(attributeStatement);
+ }
+
+ subjectNameID.setFormat(NameID.PERSISTENT);
+
+ //TLenz: set correct bPK Type and Value from AuthData
+ if (authSession.getUseMandate()) {
+ Element mandate = authSession.getMandate();
+ if(mandate == null) {
+ throw new NoMandateDataAvailableException();
+ }
+ Mandate mandateObject = MandateBuilder.buildMandate(mandate);
+ if(mandateObject == null) {
+ throw new NoMandateDataAvailableException();
+ }
+ CorporateBodyType corporation = mandateObject.getMandator().getCorporateBody();
+ PhysicalPersonType pysicalperson = mandateObject.getMandator().getPhysicalPerson();
+
+ IdentificationType id;
+ if(corporation != null && corporation.getIdentification().size() > 0)
+ id = corporation.getIdentification().get(0);
+
+
+ else if (pysicalperson != null && pysicalperson.getIdentification().size() > 0)
+ id = pysicalperson.getIdentification().get(0);
+
+ else {
+ Logger.error("Failed to generate IdentificationType");
+ throw new NoMandateDataAvailableException();
+ }
+
+ String bpktype = id.getType();
+ String bpk = id.getValue().getValue();
+
+ if (bpktype.equals(Constants.URN_PREFIX_BASEID)) {
+ if (authSession.getBusinessService()) {
+ subjectNameID.setValue(new BPKBuilder().buildWBPK(bpk, oaParam.getIdentityLinkDomainIdentifier()));
+ if (oaParam.getIdentityLinkDomainIdentifier().startsWith(AuthenticationSession.REGISTERANDORDNR_PREFIX_))
+ subjectNameID.setNameQualifier(oaParam.getIdentityLinkDomainIdentifier());
+ else
+ subjectNameID.setNameQualifier(Constants.URN_PREFIX_WBPK + "+" + oaParam.getIdentityLinkDomainIdentifier());
+
+ } else {
+ subjectNameID.setValue(new BPKBuilder().buildBPK(bpk, oaParam.getTarget()));
+ if (oaParam.getTarget().startsWith(Constants.URN_PREFIX_CDID + "+"))
+ subjectNameID.setNameQualifier(oaParam.getTarget());
+ else
+ subjectNameID.setNameQualifier(Constants.URN_PREFIX_CDID + "+" + oaParam.getTarget());
+ }
+
+
+ } else {
+ subjectNameID.setNameQualifier(bpktype);
+ subjectNameID.setValue(bpk);
+ }
+
+ } else {
+ subjectNameID.setNameQualifier(authData.getBPKType());
+ subjectNameID.setValue(authData.getBPK());
+ }
+
+
+ subject.setNameID(subjectNameID);
+
+ SubjectConfirmation subjectConfirmation = SAML2Utils
+ .createSAMLObject(SubjectConfirmation.class);
+ subjectConfirmation.setMethod(SubjectConfirmation.METHOD_BEARER);
+ SubjectConfirmationData subjectConfirmationData = SAML2Utils
+ .createSAMLObject(SubjectConfirmationData.class);
+ subjectConfirmationData.setInResponseTo(authnRequest.getID());
+ subjectConfirmationData.setNotOnOrAfter(new DateTime().plusMinutes(20));
+ subjectConfirmationData.setRecipient(peerEntity.getEntityID());
+
+ subjectConfirmation.setSubjectConfirmationData(subjectConfirmationData);
+
+ subject.getSubjectConfirmations().add(subjectConfirmation);
+
+ Conditions conditions = SAML2Utils.createSAMLObject(Conditions.class);
+ AudienceRestriction audienceRestriction = SAML2Utils
+ .createSAMLObject(AudienceRestriction.class);
+ Audience audience = SAML2Utils.createSAMLObject(Audience.class);
+
+ audience.setAudienceURI(peerEntity.getEntityID());
+ audienceRestriction.getAudiences().add(audience);
+ conditions.setNotBefore(new DateTime());
+ conditions.setNotOnOrAfter(new DateTime().plusMinutes(20));
+ conditions.getAudienceRestrictions().add(audienceRestriction);
+
+ assertion.setConditions(conditions);
+
+ Issuer issuer = SAML2Utils.createSAMLObject(Issuer.class);
+ issuer.setValue(PVPConfiguration.getInstance().getIDPIssuerName());
+ issuer.setFormat(NameID.ENTITY);
+ assertion.setIssuer(issuer);
+ assertion.setSubject(subject);
+ assertion.setID(SAML2Utils.getSecureIdentifier());
+ assertion.setIssueInstant(new DateTime());
+
+ return assertion;
+ }
+}
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/attributes/BPKAttributeBuilder.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/attributes/BPKAttributeBuilder.java
new file mode 100644
index 000000000..4fb76c377
--- /dev/null
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/attributes/BPKAttributeBuilder.java
@@ -0,0 +1,37 @@
+package at.gv.egovernment.moa.id.protocols.pvp2x.builder.attributes;
+
+import org.opensaml.saml2.core.Attribute;
+
+import at.gv.egovernment.moa.id.auth.data.AuthenticationSession;
+import at.gv.egovernment.moa.id.config.auth.OAAuthParameter;
+import at.gv.egovernment.moa.id.data.AuthenticationData;
+import at.gv.egovernment.moa.util.Constants;
+
+public class BPKAttributeBuilder extends BaseAttributeBuilder {
+
+ public String getName() {
+ return BPK_NAME;
+ }
+
+ public Attribute build(AuthenticationSession authSession,
+ OAAuthParameter oaParam, AuthenticationData authData) {
+ String bpk = authData.getBPK();
+ String type = authData.getBPKType();
+
+ if (type.startsWith(Constants.URN_PREFIX_WBPK))
+ type = type.substring((Constants.URN_PREFIX_WBPK+"+").length());
+ else if (type.startsWith(Constants.URN_PREFIX_CDID))
+ type = type.substring((Constants.URN_PREFIX_CDID+"+").length());
+
+ if(bpk.length() > BPK_MAX_LENGTH) {
+ bpk = bpk.substring(0, BPK_MAX_LENGTH);
+ }
+ return buildStringAttribute(BPK_FRIENDLY_NAME, BPK_NAME, type + ":" + bpk);
+ }
+
+
+ public Attribute buildEmpty() {
+ return buildemptyAttribute(BPK_FRIENDLY_NAME, BPK_NAME);
+ }
+
+}
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/attributes/BaseAttributeBuilder.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/attributes/BaseAttributeBuilder.java
new file mode 100644
index 000000000..d3c79c939
--- /dev/null
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/attributes/BaseAttributeBuilder.java
@@ -0,0 +1,62 @@
+package at.gv.egovernment.moa.id.protocols.pvp2x.builder.attributes;
+
+import org.opensaml.saml2.core.Attribute;
+import org.opensaml.saml2.core.AttributeValue;
+import org.opensaml.xml.Configuration;
+import org.opensaml.xml.XMLObject;
+import org.opensaml.xml.schema.XSInteger;
+import org.opensaml.xml.schema.XSString;
+import org.opensaml.xml.schema.impl.XSIntegerBuilder;
+import org.opensaml.xml.schema.impl.XSStringBuilder;
+
+import at.gv.egovernment.moa.id.protocols.pvp2x.PVPConstants;
+import at.gv.egovernment.moa.id.protocols.pvp2x.utils.SAML2Utils;
+
+public abstract class BaseAttributeBuilder implements PVPConstants, IAttributeBuilder {
+
+
+ protected static XMLObject buildAttributeStringValue(String value) {
+ XSStringBuilder stringBuilder = (XSStringBuilder) Configuration.getBuilderFactory().getBuilder(XSString.TYPE_NAME);
+ XSString stringValue = stringBuilder.buildObject(AttributeValue.DEFAULT_ELEMENT_NAME, XSString.TYPE_NAME);
+ stringValue.setValue(value);
+ return stringValue;
+ }
+
+ protected static XMLObject buildAttributeIntegerValue(int value) {
+ XSIntegerBuilder integerBuilder = (XSIntegerBuilder) Configuration.getBuilderFactory().getBuilder(XSInteger.TYPE_NAME);
+ XSInteger integerValue = integerBuilder.buildObject(AttributeValue.DEFAULT_ELEMENT_NAME, XSInteger.TYPE_NAME);
+ integerValue.setValue(value);
+ return integerValue;
+ }
+
+ protected static Attribute buildStringAttribute(String friendlyName,
+ String name, String value) {
+ Attribute attribute =
+ SAML2Utils.createSAMLObject(Attribute.class);
+ attribute.setFriendlyName(friendlyName);
+ attribute.setName(name);
+ attribute.setNameFormat(Attribute.URI_REFERENCE);
+ attribute.getAttributeValues().add(buildAttributeStringValue(value));
+ return attribute;
+ }
+
+ protected static Attribute buildIntegerAttribute(String friendlyName,
+ String name, int value) {
+ Attribute attribute =
+ SAML2Utils.createSAMLObject(Attribute.class);
+ attribute.setFriendlyName(friendlyName);
+ attribute.setName(name);
+ attribute.setNameFormat(Attribute.URI_REFERENCE);
+ attribute.getAttributeValues().add(buildAttributeIntegerValue(value));
+ return attribute;
+ }
+
+ protected static Attribute buildemptyAttribute(String friendlyName, String name) {
+ Attribute attribute =
+ SAML2Utils.createSAMLObject(Attribute.class);
+ attribute.setFriendlyName(friendlyName);
+ attribute.setName(name);
+ attribute.setNameFormat(Attribute.URI_REFERENCE);
+ return attribute;
+ }
+}
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/attributes/BirthdateAttributeBuilder.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/attributes/BirthdateAttributeBuilder.java
new file mode 100644
index 000000000..fa42fc54f
--- /dev/null
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/attributes/BirthdateAttributeBuilder.java
@@ -0,0 +1,45 @@
+package at.gv.egovernment.moa.id.protocols.pvp2x.builder.attributes;
+
+import java.text.DateFormat;
+import java.text.ParseException;
+import java.text.SimpleDateFormat;
+import java.util.Date;
+
+import org.opensaml.saml2.core.Attribute;
+
+import at.gv.egovernment.moa.id.auth.data.AuthenticationSession;
+import at.gv.egovernment.moa.id.config.auth.OAAuthParameter;
+import at.gv.egovernment.moa.id.data.AuthenticationData;
+
+public class BirthdateAttributeBuilder extends BaseAttributeBuilder {
+
+ public static final String IDENTITY_LINK_DATE_FORMAT = "yyyy-MM-dd";
+
+ public String getName() {
+ return BIRTHDATE_NAME;
+ }
+
+ public Attribute build(AuthenticationSession authSession,
+ OAAuthParameter oaParam, AuthenticationData authData) {
+ try {
+ DateFormat identityLinkFormat = new SimpleDateFormat(
+ IDENTITY_LINK_DATE_FORMAT);
+ Date date = identityLinkFormat.parse(authSession.getIdentityLink()
+ .getDateOfBirth());
+ DateFormat pvpDateFormat = new SimpleDateFormat(
+ BIRTHDATE_FORMAT_PATTERN);
+ String dateString = pvpDateFormat.format(date);
+ return buildStringAttribute(BIRTHDATE_FRIENDLY_NAME,
+ BIRTHDATE_NAME, dateString);
+ } catch (ParseException e) {
+ e.printStackTrace();
+ return null;
+ }
+ }
+
+ public Attribute buildEmpty() {
+ return buildemptyAttribute(BIRTHDATE_FRIENDLY_NAME,
+ BIRTHDATE_NAME);
+ }
+
+}
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/attributes/EIDCitizenQAALevelAttributeBuilder.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/attributes/EIDCitizenQAALevelAttributeBuilder.java
new file mode 100644
index 000000000..5ddd87c7b
--- /dev/null
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/attributes/EIDCitizenQAALevelAttributeBuilder.java
@@ -0,0 +1,27 @@
+package at.gv.egovernment.moa.id.protocols.pvp2x.builder.attributes;
+
+import org.opensaml.saml2.core.Attribute;
+
+import at.gv.egovernment.moa.id.auth.data.AuthenticationSession;
+import at.gv.egovernment.moa.id.config.auth.OAAuthParameter;
+import at.gv.egovernment.moa.id.data.AuthenticationData;
+
+public class EIDCitizenQAALevelAttributeBuilder extends BaseAttributeBuilder {
+
+ public String getName() {
+ return EID_CITIZEN_QAA_LEVEL_NAME;
+ }
+
+ public Attribute build(AuthenticationSession authSession,
+ OAAuthParameter oaParam, AuthenticationData authData) {
+ return buildIntegerAttribute(EID_CITIZEN_QAA_LEVEL_FRIENDLY_NAME,
+ EID_CITIZEN_QAA_LEVEL_NAME, 4);
+ }
+
+
+ public Attribute buildEmpty() {
+ return buildemptyAttribute(EID_CITIZEN_QAA_LEVEL_FRIENDLY_NAME,
+ EID_CITIZEN_QAA_LEVEL_NAME);
+ }
+
+}
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/attributes/EIDIssuingNationAttributeBuilder.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/attributes/EIDIssuingNationAttributeBuilder.java
new file mode 100644
index 000000000..08e4e67b3
--- /dev/null
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/attributes/EIDIssuingNationAttributeBuilder.java
@@ -0,0 +1,60 @@
+package at.gv.egovernment.moa.id.protocols.pvp2x.builder.attributes;
+
+import iaik.x509.X509Certificate;
+
+import javax.naming.ldap.LdapName;
+import javax.naming.ldap.Rdn;
+
+import org.opensaml.saml2.core.Attribute;
+
+import at.gv.egovernment.moa.id.auth.data.AuthenticationSession;
+import at.gv.egovernment.moa.id.config.auth.OAAuthParameter;
+import at.gv.egovernment.moa.id.data.AuthenticationData;
+import at.gv.egovernment.moa.logging.Logger;
+
+public class EIDIssuingNationAttributeBuilder extends BaseAttributeBuilder {
+
+ public String getName() {
+ return EID_ISSUING_NATION_NAME;
+ }
+
+ public Attribute build(AuthenticationSession authSession,
+ OAAuthParameter oaParam, AuthenticationData authData) {
+ String countryCode = "AT";
+
+
+ if (authSession.getStorkAuthnRequest() != null) {
+ countryCode = authSession.getStorkAuthnRequest()
+ .getCitizenCountryCode();
+ } else {
+
+ //TODO: replace with TSL lookup when TSL is ready!
+ X509Certificate certificate = authSession.getSignerCertificate();
+
+ if (certificate != null) {
+ try {
+ LdapName ln = new LdapName(certificate.getIssuerDN()
+ .getName());
+ for (Rdn rdn : ln.getRdns()) {
+ if (rdn.getType().equalsIgnoreCase("C")) {
+ Logger.info("C is: " + rdn.getValue());
+ countryCode = rdn.getValue().toString();
+ break;
+ }
+ }
+ } catch (Exception e) {
+ Logger.error("Failed to extract country code from certificate", e);
+ }
+ }
+ }
+
+ return buildStringAttribute(EID_ISSUING_NATION_FRIENDLY_NAME,
+ EID_ISSUING_NATION_NAME, countryCode);
+ }
+
+ public Attribute buildEmpty() {
+ return buildemptyAttribute(EID_ISSUING_NATION_FRIENDLY_NAME,
+ EID_ISSUING_NATION_NAME);
+ }
+
+}
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/attributes/EIDSectorForIDAttributeBuilder.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/attributes/EIDSectorForIDAttributeBuilder.java
new file mode 100644
index 000000000..8cb2b5be6
--- /dev/null
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/attributes/EIDSectorForIDAttributeBuilder.java
@@ -0,0 +1,27 @@
+package at.gv.egovernment.moa.id.protocols.pvp2x.builder.attributes;
+
+import org.opensaml.saml2.core.Attribute;
+
+import at.gv.egovernment.moa.id.auth.data.AuthenticationSession;
+import at.gv.egovernment.moa.id.config.auth.OAAuthParameter;
+import at.gv.egovernment.moa.id.data.AuthenticationData;
+
+public class EIDSectorForIDAttributeBuilder extends BaseAttributeBuilder {
+
+ public String getName() {
+ return EID_SECTOR_FOR_IDENTIFIER_NAME;
+ }
+
+ public Attribute build(AuthenticationSession authSession,
+ OAAuthParameter oaParam, AuthenticationData authData) {
+ String bpktype = authData.getBPKType();
+ return buildStringAttribute(EID_SECTOR_FOR_IDENTIFIER_FRIENDLY_NAME,
+ EID_SECTOR_FOR_IDENTIFIER_NAME, bpktype);
+ }
+
+ public Attribute buildEmpty() {
+ return buildemptyAttribute(EID_SECTOR_FOR_IDENTIFIER_FRIENDLY_NAME,
+ EID_SECTOR_FOR_IDENTIFIER_NAME);
+ }
+
+}
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/attributes/GivenNameAttributeBuilder.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/attributes/GivenNameAttributeBuilder.java
new file mode 100644
index 000000000..5c8151c01
--- /dev/null
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/attributes/GivenNameAttributeBuilder.java
@@ -0,0 +1,24 @@
+package at.gv.egovernment.moa.id.protocols.pvp2x.builder.attributes;
+
+import org.opensaml.saml2.core.Attribute;
+
+import at.gv.egovernment.moa.id.auth.data.AuthenticationSession;
+import at.gv.egovernment.moa.id.config.auth.OAAuthParameter;
+import at.gv.egovernment.moa.id.data.AuthenticationData;
+
+public class GivenNameAttributeBuilder extends BaseAttributeBuilder {
+
+ public String getName() {
+ return GIVEN_NAME_NAME;
+ }
+
+ public Attribute build(AuthenticationSession authSession,
+ OAAuthParameter oaParam, AuthenticationData authData) {
+ return buildStringAttribute(GIVEN_NAME_FRIENDLY_NAME, GIVEN_NAME_NAME, authSession.getIdentityLink().getGivenName());
+ }
+
+ public Attribute buildEmpty() {
+ return buildemptyAttribute(GIVEN_NAME_FRIENDLY_NAME, GIVEN_NAME_NAME);
+ }
+
+}
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/attributes/IAttributeBuilder.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/attributes/IAttributeBuilder.java
new file mode 100644
index 000000000..173fbd52f
--- /dev/null
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/attributes/IAttributeBuilder.java
@@ -0,0 +1,15 @@
+package at.gv.egovernment.moa.id.protocols.pvp2x.builder.attributes;
+
+import org.opensaml.saml2.core.Attribute;
+
+import at.gv.egovernment.moa.id.auth.data.AuthenticationSession;
+import at.gv.egovernment.moa.id.config.auth.OAAuthParameter;
+import at.gv.egovernment.moa.id.data.AuthenticationData;
+import at.gv.egovernment.moa.id.protocols.pvp2x.exceptions.PVP2Exception;
+
+public interface IAttributeBuilder {
+ public String getName();
+ public Attribute build(AuthenticationSession authSession,
+ OAAuthParameter oaParam, AuthenticationData authData) throws PVP2Exception;
+ public Attribute buildEmpty();
+}
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/attributes/MandateFullMandateAttributeBuilder.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/attributes/MandateFullMandateAttributeBuilder.java
new file mode 100644
index 000000000..cecd90448
--- /dev/null
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/attributes/MandateFullMandateAttributeBuilder.java
@@ -0,0 +1,49 @@
+package at.gv.egovernment.moa.id.protocols.pvp2x.builder.attributes;
+
+import java.io.IOException;
+
+import javax.xml.transform.TransformerException;
+
+import org.opensaml.saml2.core.Attribute;
+
+import at.gv.egovernment.moa.id.auth.data.AuthenticationSession;
+import at.gv.egovernment.moa.id.config.auth.OAAuthParameter;
+import at.gv.egovernment.moa.id.data.AuthenticationData;
+import at.gv.egovernment.moa.id.protocols.pvp2x.exceptions.PVP2Exception;
+import at.gv.egovernment.moa.logging.Logger;
+import at.gv.egovernment.moa.util.DOMUtils;
+
+public class MandateFullMandateAttributeBuilder extends BaseAttributeBuilder {
+
+ public String getName() {
+ return MANDATE_FULL_MANDATE_NAME;
+ }
+
+ public Attribute build(AuthenticationSession authSession,
+ OAAuthParameter oaParam, AuthenticationData authData)
+ throws PVP2Exception {
+ if (authSession.getUseMandate()) {
+ if (authSession.getMandate() != null) {
+ String fullMandate;
+ try {
+ fullMandate = DOMUtils.serializeNode(authSession
+ .getMandate());
+ return buildStringAttribute(MANDATE_FULL_MANDATE_FRIENDLY_NAME,
+ MANDATE_FULL_MANDATE_NAME, fullMandate);
+ } catch (TransformerException e) {
+ Logger.error("Failed to generate Full Mandate", e);
+ } catch (IOException e) {
+ Logger.error("Failed to generate Full Mandate", e);
+ }
+ }
+ }
+ return null;
+
+ }
+
+ public Attribute buildEmpty() {
+ return buildemptyAttribute(MANDATE_FULL_MANDATE_FRIENDLY_NAME,
+ MANDATE_FULL_MANDATE_NAME);
+ }
+
+}
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/attributes/MandateLegalPersonFullNameAttributeBuilder.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/attributes/MandateLegalPersonFullNameAttributeBuilder.java
new file mode 100644
index 000000000..15059c036
--- /dev/null
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/attributes/MandateLegalPersonFullNameAttributeBuilder.java
@@ -0,0 +1,51 @@
+package at.gv.egovernment.moa.id.protocols.pvp2x.builder.attributes;
+
+import org.opensaml.saml2.core.Attribute;
+import org.w3c.dom.Element;
+
+import at.gv.e_government.reference.namespace.mandates._20040701_.Mandate;
+import at.gv.e_government.reference.namespace.persondata._20020228_.CorporateBodyType;
+import at.gv.egovernment.moa.id.auth.data.AuthenticationSession;
+import at.gv.egovernment.moa.id.config.auth.OAAuthParameter;
+import at.gv.egovernment.moa.id.data.AuthenticationData;
+import at.gv.egovernment.moa.id.protocols.pvp2x.exceptions.NoMandateDataAvailableException;
+import at.gv.egovernment.moa.id.protocols.pvp2x.exceptions.PVP2Exception;
+import at.gv.egovernment.moa.id.util.MandateBuilder;
+import at.gv.egovernment.moa.logging.Logger;
+
+public class MandateLegalPersonFullNameAttributeBuilder extends BaseAttributeBuilder {
+
+ public String getName() {
+ return MANDATE_LEG_PER_FULL_NAME_NAME;
+ }
+
+ public Attribute build(AuthenticationSession authSession,
+ OAAuthParameter oaParam, AuthenticationData authData) throws PVP2Exception {
+ if(authSession.getUseMandate()) {
+ Element mandate = authSession.getMandate();
+ if(mandate == null) {
+ throw new NoMandateDataAvailableException();
+ }
+ Mandate mandateObject = MandateBuilder.buildMandate(mandate);
+ if(mandateObject == null) {
+ throw new NoMandateDataAvailableException();
+ }
+ CorporateBodyType corporation = mandateObject.getMandator().getCorporateBody();
+ if(corporation == null) {
+ Logger.error("No corporation mandate");
+ throw new NoMandateDataAvailableException();
+ }
+
+ return buildStringAttribute(MANDATE_LEG_PER_FULL_NAME_FRIENDLY_NAME,
+ MANDATE_LEG_PER_FULL_NAME_NAME, corporation.getFullName());
+ }
+ return null;
+
+ }
+
+ public Attribute buildEmpty() {
+ return buildemptyAttribute(MANDATE_LEG_PER_FULL_NAME_FRIENDLY_NAME,
+ MANDATE_LEG_PER_FULL_NAME_NAME);
+ }
+
+}
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/attributes/MandateLegalPersonSourcePinAttributeBuilder.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/attributes/MandateLegalPersonSourcePinAttributeBuilder.java
new file mode 100644
index 000000000..820efb209
--- /dev/null
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/attributes/MandateLegalPersonSourcePinAttributeBuilder.java
@@ -0,0 +1,64 @@
+package at.gv.egovernment.moa.id.protocols.pvp2x.builder.attributes;
+
+import org.opensaml.saml2.core.Attribute;
+import org.w3c.dom.Element;
+
+import at.gv.e_government.reference.namespace.mandates._20040701_.Mandate;
+import at.gv.e_government.reference.namespace.persondata._20020228_.CorporateBodyType;
+import at.gv.e_government.reference.namespace.persondata._20020228_.IdentificationType;
+import at.gv.egovernment.moa.id.auth.data.AuthenticationSession;
+import at.gv.egovernment.moa.id.config.auth.OAAuthParameter;
+import at.gv.egovernment.moa.id.data.AuthenticationData;
+import at.gv.egovernment.moa.id.protocols.pvp2x.exceptions.NoMandateDataAvailableException;
+import at.gv.egovernment.moa.id.protocols.pvp2x.exceptions.PVP2Exception;
+import at.gv.egovernment.moa.id.util.MandateBuilder;
+import at.gv.egovernment.moa.logging.Logger;
+
+public class MandateLegalPersonSourcePinAttributeBuilder extends BaseAttributeBuilder {
+
+ public String getName() {
+ return MANDATE_LEG_PER_SOURCE_PIN_NAME;
+ }
+
+ public Attribute build(AuthenticationSession authSession,
+ OAAuthParameter oaParam, AuthenticationData authData) throws PVP2Exception {
+ if(authSession.getUseMandate()) {
+ Element mandate = authSession.getMandate();
+ if(mandate == null) {
+ throw new NoMandateDataAvailableException();
+ }
+ Mandate mandateObject = MandateBuilder.buildMandate(mandate);
+ if(mandateObject == null) {
+ throw new NoMandateDataAvailableException();
+ }
+ CorporateBodyType corporation = mandateObject.getMandator().getCorporateBody();
+ if(corporation == null) {
+ Logger.error("No corporation mandate");
+ throw new NoMandateDataAvailableException();
+ }
+ IdentificationType id = null;
+ if(corporation.getIdentification().size() == 0) {
+ Logger.error("Failed to generate IdentificationType");
+ throw new NoMandateDataAvailableException();
+ }
+ id = corporation.getIdentification().get(0);
+ /*if(authSession.getBusinessService()) {
+ id = MandateBuilder.getWBPKIdentification(corporation);
+ } else {
+ id = MandateBuilder.getBPKIdentification(corporation);
+ }*/
+ /*if(id == null) {
+ Logger.error("Failed to generate IdentificationType");
+ throw new NoMandateDataAvailableException();
+ }*/
+ return buildStringAttribute(MANDATE_LEG_PER_SOURCE_PIN_FRIENDLY_NAME,
+ MANDATE_LEG_PER_SOURCE_PIN_NAME, id.getValue().getValue());
+ }
+ return null;
+
+ }
+
+ public Attribute buildEmpty() {
+ return buildemptyAttribute(MANDATE_LEG_PER_SOURCE_PIN_FRIENDLY_NAME, MANDATE_LEG_PER_SOURCE_PIN_NAME);
+ }
+}
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/attributes/MandateLegalPersonSourcePinTypeAttributeBuilder.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/attributes/MandateLegalPersonSourcePinTypeAttributeBuilder.java
new file mode 100644
index 000000000..44b58d04f
--- /dev/null
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/attributes/MandateLegalPersonSourcePinTypeAttributeBuilder.java
@@ -0,0 +1,67 @@
+package at.gv.egovernment.moa.id.protocols.pvp2x.builder.attributes;
+
+import org.opensaml.saml2.core.Attribute;
+import org.w3c.dom.Element;
+
+import at.gv.e_government.reference.namespace.mandates._20040701_.Mandate;
+import at.gv.e_government.reference.namespace.persondata._20020228_.CorporateBodyType;
+import at.gv.e_government.reference.namespace.persondata._20020228_.IdentificationType;
+import at.gv.egovernment.moa.id.auth.data.AuthenticationSession;
+import at.gv.egovernment.moa.id.config.auth.OAAuthParameter;
+import at.gv.egovernment.moa.id.data.AuthenticationData;
+import at.gv.egovernment.moa.id.protocols.pvp2x.exceptions.NoMandateDataAvailableException;
+import at.gv.egovernment.moa.id.protocols.pvp2x.exceptions.PVP2Exception;
+import at.gv.egovernment.moa.id.util.MandateBuilder;
+import at.gv.egovernment.moa.logging.Logger;
+
+public class MandateLegalPersonSourcePinTypeAttributeBuilder extends
+ BaseAttributeBuilder {
+
+ public String getName() {
+ return MANDATE_LEG_PER_SOURCE_PIN_TYPE_NAME;
+ }
+
+ public Attribute build(AuthenticationSession authSession,
+ OAAuthParameter oaParam, AuthenticationData authData)
+ throws PVP2Exception {
+ if (authSession.getUseMandate()) {
+ Element mandate = authSession.getMandate();
+ if (mandate == null) {
+ throw new NoMandateDataAvailableException();
+ }
+ Mandate mandateObject = MandateBuilder.buildMandate(mandate);
+ if (mandateObject == null) {
+ throw new NoMandateDataAvailableException();
+ }
+ CorporateBodyType corporation = mandateObject.getMandator()
+ .getCorporateBody();
+ if (corporation == null) {
+ Logger.error("No corporate mandate");
+ throw new NoMandateDataAvailableException();
+ }
+ IdentificationType id = null;
+ if(corporation.getIdentification().size() == 0) {
+ Logger.error("Failed to generate IdentificationType");
+ throw new NoMandateDataAvailableException();
+ }
+ id = corporation.getIdentification().get(0);
+ /*id = MandateBuilder.getBPKIdentification(corporate);
+ if (id == null) {
+ Logger.error("Failed to generate IdentificationType");
+ throw new NoMandateDataAvailableException();
+ }*/
+ return buildStringAttribute(
+ MANDATE_LEG_PER_SOURCE_PIN_TYPE_FRIENDLY_NAME,
+ MANDATE_LEG_PER_SOURCE_PIN_TYPE_NAME, id.getType());
+ }
+ return null;
+
+ }
+
+ public Attribute buildEmpty() {
+ return buildemptyAttribute(
+ MANDATE_LEG_PER_SOURCE_PIN_TYPE_FRIENDLY_NAME,
+ MANDATE_LEG_PER_SOURCE_PIN_TYPE_NAME);
+ }
+
+}
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/attributes/MandateNaturalPersonBPKAttributeBuilder.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/attributes/MandateNaturalPersonBPKAttributeBuilder.java
new file mode 100644
index 000000000..49e013fe0
--- /dev/null
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/attributes/MandateNaturalPersonBPKAttributeBuilder.java
@@ -0,0 +1,90 @@
+package at.gv.egovernment.moa.id.protocols.pvp2x.builder.attributes;
+
+import org.opensaml.saml2.core.Attribute;
+import org.w3c.dom.Element;
+
+import at.gv.e_government.reference.namespace.mandates._20040701_.Mandate;
+import at.gv.e_government.reference.namespace.persondata._20020228_.IdentificationType;
+import at.gv.e_government.reference.namespace.persondata._20020228_.PhysicalPersonType;
+import at.gv.egovernment.moa.id.BuildException;
+import at.gv.egovernment.moa.id.auth.builder.BPKBuilder;
+import at.gv.egovernment.moa.id.auth.data.AuthenticationSession;
+import at.gv.egovernment.moa.id.config.auth.OAAuthParameter;
+import at.gv.egovernment.moa.id.data.AuthenticationData;
+import at.gv.egovernment.moa.id.protocols.pvp2x.exceptions.NoMandateDataAvailableException;
+import at.gv.egovernment.moa.id.protocols.pvp2x.exceptions.PVP2Exception;
+import at.gv.egovernment.moa.id.util.MandateBuilder;
+import at.gv.egovernment.moa.logging.Logger;
+import at.gv.egovernment.moa.util.Constants;
+
+public class MandateNaturalPersonBPKAttributeBuilder extends BaseAttributeBuilder {
+
+ public String getName() {
+ return MANDATE_NAT_PER_BPK_NAME;
+ }
+
+ public Attribute build(AuthenticationSession authSession,
+ OAAuthParameter oaParam, AuthenticationData authData) throws PVP2Exception {
+ if(authSession.getUseMandate()) {
+ Element mandate = authSession.getMandate();
+ if(mandate == null) {
+ throw new NoMandateDataAvailableException();
+ }
+ Mandate mandateObject = MandateBuilder.buildMandate(mandate);
+ if(mandateObject == null) {
+ throw new NoMandateDataAvailableException();
+ }
+ PhysicalPersonType physicalPerson = mandateObject.getMandator()
+ .getPhysicalPerson();
+ if (physicalPerson == null) {
+ Logger.error("No physicalPerson mandate");
+ throw new NoMandateDataAvailableException();
+ }
+ IdentificationType id = null;
+ id = physicalPerson.getIdentification().get(0);
+// if(authSession.getBusinessService()) {
+// id = MandateBuilder.getWBPKIdentification(physicalPerson);
+// } else {
+// id = MandateBuilder.getBPKIdentification(physicalPerson);
+// }
+ if(id == null) {
+ Logger.error("Failed to generate IdentificationType");
+ throw new NoMandateDataAvailableException();
+ }
+
+ String bpk;
+ try {
+
+ if (id.getType().equals(Constants.URN_PREFIX_BASEID)) {
+ if (authSession.getBusinessService()) {
+ bpk = new BPKBuilder().buildWBPK(id.getValue().getValue(), oaParam.getIdentityLinkDomainIdentifier());
+
+ }
+
+ else {
+ bpk = new BPKBuilder().buildBPK(id.getValue().getValue(), oaParam.getTarget());
+
+ }
+
+ } else
+ bpk = id.getValue().getValue();
+
+ } catch (BuildException e ){
+ Logger.error("Failed to generate IdentificationType");
+ throw new NoMandateDataAvailableException();
+ }
+
+ return buildStringAttribute(MANDATE_NAT_PER_BPK_FRIENDLY_NAME,
+ MANDATE_NAT_PER_BPK_NAME, bpk);
+ }
+ return null;
+
+ }
+
+ public Attribute buildEmpty() {
+ return buildemptyAttribute(MANDATE_NAT_PER_BPK_FRIENDLY_NAME,
+ MANDATE_NAT_PER_BPK_NAME);
+ }
+
+
+}
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/attributes/MandateNaturalPersonBirthDateAttributeBuilder.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/attributes/MandateNaturalPersonBirthDateAttributeBuilder.java
new file mode 100644
index 000000000..a87d4d25c
--- /dev/null
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/attributes/MandateNaturalPersonBirthDateAttributeBuilder.java
@@ -0,0 +1,74 @@
+package at.gv.egovernment.moa.id.protocols.pvp2x.builder.attributes;
+
+import java.text.DateFormat;
+import java.text.ParseException;
+import java.text.SimpleDateFormat;
+import java.util.Date;
+
+import org.opensaml.saml2.core.Attribute;
+import org.w3c.dom.Element;
+
+import at.gv.e_government.reference.namespace.mandates._20040701_.Mandate;
+import at.gv.e_government.reference.namespace.persondata._20020228_.PhysicalPersonType;
+import at.gv.egovernment.moa.id.auth.data.AuthenticationSession;
+import at.gv.egovernment.moa.id.config.auth.OAAuthParameter;
+import at.gv.egovernment.moa.id.data.AuthenticationData;
+import at.gv.egovernment.moa.id.protocols.pvp2x.exceptions.InvalidDateFormatException;
+import at.gv.egovernment.moa.id.protocols.pvp2x.exceptions.NoMandateDataAvailableException;
+import at.gv.egovernment.moa.id.protocols.pvp2x.exceptions.PVP2Exception;
+import at.gv.egovernment.moa.id.util.MandateBuilder;
+import at.gv.egovernment.moa.logging.Logger;
+
+public class MandateNaturalPersonBirthDateAttributeBuilder extends
+ BaseAttributeBuilder {
+
+ public String getName() {
+ return MANDATE_NAT_PER_BIRTHDATE_NAME;
+ }
+
+ public Attribute build(AuthenticationSession authSession,
+ OAAuthParameter oaParam, AuthenticationData authData)
+ throws PVP2Exception {
+ if (authSession.getUseMandate()) {
+ Element mandate = authSession.getMandate();
+ if (mandate == null) {
+ throw new NoMandateDataAvailableException();
+ }
+ Mandate mandateObject = MandateBuilder.buildMandate(mandate);
+ if (mandateObject == null) {
+ throw new NoMandateDataAvailableException();
+ }
+ PhysicalPersonType physicalPerson = mandateObject.getMandator()
+ .getPhysicalPerson();
+ if (physicalPerson == null) {
+ Logger.error("No physicalPerson mandate");
+ throw new NoMandateDataAvailableException();
+ }
+
+ String dateOfBirth = physicalPerson.getDateOfBirth();
+ try {
+ DateFormat mandateFormat = new SimpleDateFormat(
+ MandateBuilder.MANDATE_DATE_OF_BIRTH_FORMAT);
+ Date date = mandateFormat.parse(dateOfBirth);
+ DateFormat pvpDateFormat = new SimpleDateFormat(
+ MANDATE_NAT_PER_BIRTHDATE_FORMAT_PATTERN);
+ String dateString = pvpDateFormat.format(date);
+
+ return buildStringAttribute(
+ MANDATE_NAT_PER_BIRTHDATE_FRIENDLY_NAME,
+ MANDATE_NAT_PER_BIRTHDATE_NAME, dateString);
+ } catch (ParseException e) {
+ e.printStackTrace();
+ throw new InvalidDateFormatException();
+ }
+ }
+ return null;
+
+ }
+
+ public Attribute buildEmpty() {
+ return buildemptyAttribute(MANDATE_NAT_PER_BIRTHDATE_FRIENDLY_NAME,
+ MANDATE_NAT_PER_BIRTHDATE_NAME);
+ }
+
+}
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/attributes/MandateNaturalPersonFamilyNameAttributeBuilder.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/attributes/MandateNaturalPersonFamilyNameAttributeBuilder.java
new file mode 100644
index 000000000..6744e5d20
--- /dev/null
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/attributes/MandateNaturalPersonFamilyNameAttributeBuilder.java
@@ -0,0 +1,61 @@
+package at.gv.egovernment.moa.id.protocols.pvp2x.builder.attributes;
+
+import java.util.Iterator;
+
+import org.opensaml.saml2.core.Attribute;
+import org.w3c.dom.Element;
+
+import at.gv.e_government.reference.namespace.mandates._20040701_.Mandate;
+import at.gv.e_government.reference.namespace.persondata._20020228_.PersonNameType.FamilyName;
+import at.gv.e_government.reference.namespace.persondata._20020228_.PhysicalPersonType;
+import at.gv.egovernment.moa.id.auth.data.AuthenticationSession;
+import at.gv.egovernment.moa.id.config.auth.OAAuthParameter;
+import at.gv.egovernment.moa.id.data.AuthenticationData;
+import at.gv.egovernment.moa.id.protocols.pvp2x.exceptions.NoMandateDataAvailableException;
+import at.gv.egovernment.moa.id.protocols.pvp2x.exceptions.PVP2Exception;
+import at.gv.egovernment.moa.id.util.MandateBuilder;
+import at.gv.egovernment.moa.logging.Logger;
+
+public class MandateNaturalPersonFamilyNameAttributeBuilder extends BaseAttributeBuilder {
+
+ public String getName() {
+ return MANDATE_NAT_PER_FAMILY_NAME_NAME;
+ }
+
+ public Attribute build(AuthenticationSession authSession,
+ OAAuthParameter oaParam, AuthenticationData authData) throws PVP2Exception {
+ if(authSession.getUseMandate()) {
+ Element mandate = authSession.getMandate();
+ if(mandate == null) {
+ throw new NoMandateDataAvailableException();
+ }
+ Mandate mandateObject = MandateBuilder.buildMandate(mandate);
+ if(mandateObject == null) {
+ throw new NoMandateDataAvailableException();
+ }
+ PhysicalPersonType physicalPerson = mandateObject.getMandator().getPhysicalPerson();
+ if(physicalPerson == null) {
+ Logger.error("No physicalPerson mandate");
+ throw new NoMandateDataAvailableException();
+ }
+
+ StringBuilder sb = new StringBuilder();
+ Iterator<FamilyName> fNamesit = physicalPerson.getName().getFamilyName().iterator();
+
+ while(fNamesit.hasNext()) {
+ sb.append(" " + fNamesit.next().getValue());
+ }
+
+ return buildStringAttribute(MANDATE_NAT_PER_FAMILY_NAME_FRIENDLY_NAME,
+ MANDATE_NAT_PER_FAMILY_NAME_NAME, sb.toString());
+ }
+ return null;
+
+ }
+
+ public Attribute buildEmpty() {
+ return buildemptyAttribute(MANDATE_NAT_PER_FAMILY_NAME_FRIENDLY_NAME,
+ MANDATE_NAT_PER_FAMILY_NAME_NAME);
+ }
+
+}
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/attributes/MandateNaturalPersonGivenNameAttributeBuilder.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/attributes/MandateNaturalPersonGivenNameAttributeBuilder.java
new file mode 100644
index 000000000..67aa8df0e
--- /dev/null
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/attributes/MandateNaturalPersonGivenNameAttributeBuilder.java
@@ -0,0 +1,60 @@
+package at.gv.egovernment.moa.id.protocols.pvp2x.builder.attributes;
+
+import java.util.Iterator;
+
+import org.opensaml.saml2.core.Attribute;
+import org.w3c.dom.Element;
+
+import at.gv.e_government.reference.namespace.mandates._20040701_.Mandate;
+import at.gv.e_government.reference.namespace.persondata._20020228_.PhysicalPersonType;
+import at.gv.egovernment.moa.id.auth.data.AuthenticationSession;
+import at.gv.egovernment.moa.id.config.auth.OAAuthParameter;
+import at.gv.egovernment.moa.id.data.AuthenticationData;
+import at.gv.egovernment.moa.id.protocols.pvp2x.exceptions.NoMandateDataAvailableException;
+import at.gv.egovernment.moa.id.protocols.pvp2x.exceptions.PVP2Exception;
+import at.gv.egovernment.moa.id.util.MandateBuilder;
+import at.gv.egovernment.moa.logging.Logger;
+
+public class MandateNaturalPersonGivenNameAttributeBuilder extends BaseAttributeBuilder {
+
+ public String getName() {
+ return MANDATE_NAT_PER_GIVEN_NAME_NAME;
+ }
+
+ public Attribute build(AuthenticationSession authSession,
+ OAAuthParameter oaParam, AuthenticationData authData) throws PVP2Exception {
+ if(authSession.getUseMandate()) {
+ Element mandate = authSession.getMandate();
+ if(mandate == null) {
+ throw new NoMandateDataAvailableException();
+ }
+ Mandate mandateObject = MandateBuilder.buildMandate(mandate);
+ if(mandateObject == null) {
+ throw new NoMandateDataAvailableException();
+ }
+ PhysicalPersonType physicalPerson = mandateObject.getMandator().getPhysicalPerson();
+ if(physicalPerson == null) {
+ Logger.error("No physicalPerson mandate");
+ throw new NoMandateDataAvailableException();
+ }
+
+ StringBuilder sb = new StringBuilder();
+ Iterator<String> gNamesit = physicalPerson.getName().getGivenName().iterator();
+
+ while(gNamesit.hasNext()) {
+ sb.append(" " + gNamesit.next());
+ }
+
+ return buildStringAttribute(MANDATE_NAT_PER_GIVEN_NAME_FRIENDLY_NAME,
+ MANDATE_NAT_PER_GIVEN_NAME_NAME, sb.toString());
+ }
+ return null;
+
+ }
+
+ public Attribute buildEmpty() {
+ return buildemptyAttribute(MANDATE_NAT_PER_GIVEN_NAME_FRIENDLY_NAME,
+ MANDATE_NAT_PER_GIVEN_NAME_NAME);
+ }
+
+}
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/attributes/MandateNaturalPersonSourcePinAttributeBuilder.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/attributes/MandateNaturalPersonSourcePinAttributeBuilder.java
new file mode 100644
index 000000000..eaa7e88af
--- /dev/null
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/attributes/MandateNaturalPersonSourcePinAttributeBuilder.java
@@ -0,0 +1,65 @@
+package at.gv.egovernment.moa.id.protocols.pvp2x.builder.attributes;
+
+import org.opensaml.saml2.core.Attribute;
+import org.w3c.dom.Element;
+
+import at.gv.e_government.reference.namespace.mandates._20040701_.Mandate;
+import at.gv.e_government.reference.namespace.persondata._20020228_.IdentificationType;
+import at.gv.e_government.reference.namespace.persondata._20020228_.PhysicalPersonType;
+import at.gv.egovernment.moa.id.auth.data.AuthenticationSession;
+import at.gv.egovernment.moa.id.config.auth.OAAuthParameter;
+import at.gv.egovernment.moa.id.data.AuthenticationData;
+import at.gv.egovernment.moa.id.protocols.pvp2x.exceptions.NoMandateDataAvailableException;
+import at.gv.egovernment.moa.id.protocols.pvp2x.exceptions.PVP2Exception;
+import at.gv.egovernment.moa.id.util.MandateBuilder;
+import at.gv.egovernment.moa.logging.Logger;
+
+public class MandateNaturalPersonSourcePinAttributeBuilder extends
+ BaseAttributeBuilder {
+
+ public String getName() {
+ return MANDATE_NAT_PER_SOURCE_PIN_OID;
+ }
+
+ public Attribute build(AuthenticationSession authSession,
+ OAAuthParameter oaParam, AuthenticationData authData)
+ throws PVP2Exception {
+ if(authSession.getUseMandate()) {
+ Element mandate = authSession.getMandate();
+ if(mandate == null) {
+ throw new NoMandateDataAvailableException();
+ }
+ Mandate mandateObject = MandateBuilder.buildMandate(mandate);
+ if(mandateObject == null) {
+ throw new NoMandateDataAvailableException();
+ }
+ PhysicalPersonType physicalPerson = mandateObject.getMandator()
+ .getPhysicalPerson();
+ if (physicalPerson == null) {
+ Logger.error("No physicalPerson mandate");
+ throw new NoMandateDataAvailableException();
+ }
+ IdentificationType id = null;
+ id = physicalPerson.getIdentification().get(0);
+ /*if(authSession.getBusinessService()) {
+ id = MandateBuilder.getWBPKIdentification(physicalPerson);
+ } else {
+ id = MandateBuilder.getBPKIdentification(physicalPerson);
+ }*/
+ if(id == null) {
+ Logger.error("Failed to generate IdentificationType");
+ throw new NoMandateDataAvailableException();
+ }
+
+ return buildStringAttribute(MANDATE_NAT_PER_SOURCE_PIN_FRIENDLY_NAME,
+ MANDATE_NAT_PER_SOURCE_PIN_NAME, id.getValue().getValue());
+ }
+ return null;
+ }
+
+ public Attribute buildEmpty() {
+ return buildemptyAttribute(MANDATE_NAT_PER_SOURCE_PIN_FRIENDLY_NAME,
+ MANDATE_NAT_PER_SOURCE_PIN_NAME);
+ }
+
+}
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/attributes/MandateNaturalPersonSourcePinTypeAttributeBuilder.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/attributes/MandateNaturalPersonSourcePinTypeAttributeBuilder.java
new file mode 100644
index 000000000..7b8f59dd2
--- /dev/null
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/attributes/MandateNaturalPersonSourcePinTypeAttributeBuilder.java
@@ -0,0 +1,65 @@
+package at.gv.egovernment.moa.id.protocols.pvp2x.builder.attributes;
+
+import org.opensaml.saml2.core.Attribute;
+import org.w3c.dom.Element;
+
+import at.gv.e_government.reference.namespace.mandates._20040701_.Mandate;
+import at.gv.e_government.reference.namespace.persondata._20020228_.IdentificationType;
+import at.gv.e_government.reference.namespace.persondata._20020228_.PhysicalPersonType;
+import at.gv.egovernment.moa.id.auth.data.AuthenticationSession;
+import at.gv.egovernment.moa.id.config.auth.OAAuthParameter;
+import at.gv.egovernment.moa.id.data.AuthenticationData;
+import at.gv.egovernment.moa.id.protocols.pvp2x.exceptions.NoMandateDataAvailableException;
+import at.gv.egovernment.moa.id.protocols.pvp2x.exceptions.PVP2Exception;
+import at.gv.egovernment.moa.id.util.MandateBuilder;
+import at.gv.egovernment.moa.logging.Logger;
+
+public class MandateNaturalPersonSourcePinTypeAttributeBuilder extends
+ BaseAttributeBuilder {
+
+ public String getName() {
+ return MANDATE_NAT_PER_SOURCE_PIN_TYPE_OID;
+ }
+
+ public Attribute build(AuthenticationSession authSession,
+ OAAuthParameter oaParam, AuthenticationData authData)
+ throws PVP2Exception {
+ if(authSession.getUseMandate()) {
+ Element mandate = authSession.getMandate();
+ if(mandate == null) {
+ throw new NoMandateDataAvailableException();
+ }
+ Mandate mandateObject = MandateBuilder.buildMandate(mandate);
+ if(mandateObject == null) {
+ throw new NoMandateDataAvailableException();
+ }
+ PhysicalPersonType physicalPerson = mandateObject.getMandator()
+ .getPhysicalPerson();
+ if (physicalPerson == null) {
+ Logger.error("No physicalPerson mandate");
+ throw new NoMandateDataAvailableException();
+ }
+ IdentificationType id = null;
+ id = physicalPerson.getIdentification().get(0);
+ /*if(authSession.getBusinessService()) {
+ id = MandateBuilder.getWBPKIdentification(physicalPerson);
+ } else {
+ id = MandateBuilder.getBPKIdentification(physicalPerson);
+ }*/
+ if(id == null) {
+ Logger.error("Failed to generate IdentificationType");
+ throw new NoMandateDataAvailableException();
+ }
+
+ return buildStringAttribute(MANDATE_NAT_PER_SOURCE_PIN_TYPE_FRIENDLY_NAME,
+ MANDATE_NAT_PER_SOURCE_PIN_TYPE_NAME, id.getType());
+ }
+ return null;
+ }
+
+ public Attribute buildEmpty() {
+ return buildemptyAttribute(MANDATE_NAT_PER_SOURCE_PIN_TYPE_FRIENDLY_NAME,
+ MANDATE_NAT_PER_SOURCE_PIN_TYPE_NAME);
+ }
+
+}
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/attributes/MandateProfRepDescAttributeBuilder.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/attributes/MandateProfRepDescAttributeBuilder.java
new file mode 100644
index 000000000..b7c356112
--- /dev/null
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/attributes/MandateProfRepDescAttributeBuilder.java
@@ -0,0 +1,48 @@
+package at.gv.egovernment.moa.id.protocols.pvp2x.builder.attributes;
+
+import org.opensaml.saml2.core.Attribute;
+import org.w3c.dom.Element;
+
+import at.gv.egovernment.moa.id.auth.data.AuthenticationSession;
+import at.gv.egovernment.moa.id.auth.validator.parep.ParepValidator;
+import at.gv.egovernment.moa.id.config.auth.OAAuthParameter;
+import at.gv.egovernment.moa.id.data.AuthenticationData;
+import at.gv.egovernment.moa.id.protocols.pvp2x.exceptions.NoMandateDataAvailableException;
+import at.gv.egovernment.moa.id.protocols.pvp2x.exceptions.PVP2Exception;
+import at.gv.egovernment.moa.id.protocols.pvp2x.utils.AttributeExtractor;
+
+public class MandateProfRepDescAttributeBuilder extends BaseAttributeBuilder {
+
+ public String getName() {
+ return MANDATE_PROF_REP_DESC_NAME;
+ }
+
+ public Attribute build(AuthenticationSession authSession,
+ OAAuthParameter oaParam, AuthenticationData authData) throws PVP2Exception {
+ if(authSession.getUseMandate()) {
+ Element mandate = authSession.getMandate();
+ if(mandate == null) {
+ throw new NoMandateDataAvailableException();
+ }
+
+ String text = AttributeExtractor.extractSAMLAttributeOA(
+ ParepValidator.EXT_SAML_MANDATE_OIDTEXTUALDESCRIPTION,
+ authSession);
+
+ if(text == null) {
+ return null;
+ }
+
+ return buildStringAttribute(MANDATE_PROF_REP_DESC_FRIENDLY_NAME,
+ MANDATE_PROF_REP_DESC_NAME, text);
+
+ }
+ return null;
+
+ }
+
+ public Attribute buildEmpty() {
+ return buildemptyAttribute(MANDATE_PROF_REP_DESC_FRIENDLY_NAME,
+ MANDATE_PROF_REP_DESC_NAME);
+ }
+}
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/attributes/MandateProfRepOIDAttributeBuilder.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/attributes/MandateProfRepOIDAttributeBuilder.java
new file mode 100644
index 000000000..740a99649
--- /dev/null
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/attributes/MandateProfRepOIDAttributeBuilder.java
@@ -0,0 +1,49 @@
+package at.gv.egovernment.moa.id.protocols.pvp2x.builder.attributes;
+
+import org.opensaml.saml2.core.Attribute;
+import org.w3c.dom.Element;
+
+import at.gv.egovernment.moa.id.auth.data.AuthenticationSession;
+import at.gv.egovernment.moa.id.auth.validator.parep.ParepValidator;
+import at.gv.egovernment.moa.id.config.auth.OAAuthParameter;
+import at.gv.egovernment.moa.id.data.AuthenticationData;
+import at.gv.egovernment.moa.id.protocols.pvp2x.exceptions.NoMandateDataAvailableException;
+import at.gv.egovernment.moa.id.protocols.pvp2x.exceptions.PVP2Exception;
+import at.gv.egovernment.moa.id.protocols.pvp2x.utils.AttributeExtractor;
+
+public class MandateProfRepOIDAttributeBuilder extends BaseAttributeBuilder {
+
+ public String getName() {
+ return MANDATE_PROF_REP_OID_NAME;
+ }
+
+ public Attribute build(AuthenticationSession authSession,
+ OAAuthParameter oaParam, AuthenticationData authData) throws PVP2Exception {
+ if(authSession.getUseMandate()) {
+ Element mandate = authSession.getMandate();
+ if(mandate == null) {
+ throw new NoMandateDataAvailableException();
+ }
+
+ String oid = AttributeExtractor.extractSAMLAttributeOA(
+ ParepValidator.EXT_SAML_MANDATE_OID,
+ authSession);
+
+ if(oid == null) {
+ return null;
+ }
+
+ return buildStringAttribute(MANDATE_PROF_REP_OID_FRIENDLY_NAME,
+ MANDATE_PROF_REP_OID_NAME, oid);
+
+ }
+ return null;
+
+ }
+
+ public Attribute buildEmpty() {
+ return buildemptyAttribute(MANDATE_PROF_REP_OID_FRIENDLY_NAME,
+ MANDATE_PROF_REP_OID_NAME);
+ }
+}
+ \ No newline at end of file
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/attributes/MandateReferenceValueAttributeBuilder.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/attributes/MandateReferenceValueAttributeBuilder.java
new file mode 100644
index 000000000..5a50473d3
--- /dev/null
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/attributes/MandateReferenceValueAttributeBuilder.java
@@ -0,0 +1,43 @@
+package at.gv.egovernment.moa.id.protocols.pvp2x.builder.attributes;
+
+import org.opensaml.saml2.core.Attribute;
+import org.w3c.dom.Element;
+
+import at.gv.e_government.reference.namespace.mandates._20040701_.Mandate;
+import at.gv.egovernment.moa.id.auth.data.AuthenticationSession;
+import at.gv.egovernment.moa.id.config.auth.OAAuthParameter;
+import at.gv.egovernment.moa.id.data.AuthenticationData;
+import at.gv.egovernment.moa.id.protocols.pvp2x.exceptions.NoMandateDataAvailableException;
+import at.gv.egovernment.moa.id.protocols.pvp2x.exceptions.PVP2Exception;
+import at.gv.egovernment.moa.id.util.MandateBuilder;
+
+public class MandateReferenceValueAttributeBuilder extends BaseAttributeBuilder {
+
+ public String getName() {
+ return MANDATE_REFERENCE_VALUE_NAME;
+ }
+
+ public Attribute build(AuthenticationSession authSession,
+ OAAuthParameter oaParam, AuthenticationData authData) throws PVP2Exception {
+ if(authSession.getUseMandate()) {
+ Element mandate = authSession.getMandate();
+ if(mandate == null) {
+ throw new NoMandateDataAvailableException();
+ }
+ Mandate mandateObject = MandateBuilder.buildMandate(mandate);
+ if(mandateObject == null) {
+ throw new NoMandateDataAvailableException();
+ }
+
+ return buildStringAttribute(MANDATE_REFERENCE_VALUE_FRIENDLY_NAME,
+ MANDATE_REFERENCE_VALUE_NAME, mandateObject.getMandateID());
+ }
+ return null;
+
+ }
+
+ public Attribute buildEmpty() {
+ return buildemptyAttribute(MANDATE_REFERENCE_VALUE_FRIENDLY_NAME,
+ MANDATE_REFERENCE_VALUE_NAME);
+ }
+}
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/attributes/MandateTypeAttributeBuilder.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/attributes/MandateTypeAttributeBuilder.java
new file mode 100644
index 000000000..bc7fdaf73
--- /dev/null
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/attributes/MandateTypeAttributeBuilder.java
@@ -0,0 +1,41 @@
+package at.gv.egovernment.moa.id.protocols.pvp2x.builder.attributes;
+
+import org.opensaml.saml2.core.Attribute;
+import org.w3c.dom.Element;
+
+import at.gv.e_government.reference.namespace.mandates._20040701_.Mandate;
+import at.gv.egovernment.moa.id.auth.data.AuthenticationSession;
+import at.gv.egovernment.moa.id.config.auth.OAAuthParameter;
+import at.gv.egovernment.moa.id.data.AuthenticationData;
+import at.gv.egovernment.moa.id.protocols.pvp2x.exceptions.ResponderErrorException;
+import at.gv.egovernment.moa.id.util.MandateBuilder;
+
+public class MandateTypeAttributeBuilder extends BaseAttributeBuilder {
+
+ public String getName() {
+ return MANDATE_TYPE_NAME;
+ }
+
+ public Attribute build(AuthenticationSession authSession,
+ OAAuthParameter oaParam, AuthenticationData authData) throws ResponderErrorException {
+ if(authSession.getUseMandate()) {
+ Element mandate = authSession.getMandate();
+ if(mandate == null) {
+ throw new ResponderErrorException("No mandate data available", null);
+ }
+ Mandate mandateObject = MandateBuilder.buildMandate(mandate);
+ if(mandateObject == null) {
+ throw new ResponderErrorException("No mandate data available", null);
+ }
+
+ return buildStringAttribute(MANDATE_TYPE_FRIENDLY_NAME, MANDATE_TYPE_NAME, mandateObject.getAnnotation());
+ }
+ return null;
+
+ }
+
+ public Attribute buildEmpty() {
+ return buildemptyAttribute(MANDATE_TYPE_FRIENDLY_NAME, MANDATE_TYPE_NAME);
+ }
+
+}
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/attributes/PVPVersionAttributeBuilder.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/attributes/PVPVersionAttributeBuilder.java
new file mode 100644
index 000000000..545d70d76
--- /dev/null
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/attributes/PVPVersionAttributeBuilder.java
@@ -0,0 +1,24 @@
+package at.gv.egovernment.moa.id.protocols.pvp2x.builder.attributes;
+
+import org.opensaml.saml2.core.Attribute;
+
+import at.gv.egovernment.moa.id.auth.data.AuthenticationSession;
+import at.gv.egovernment.moa.id.config.auth.OAAuthParameter;
+import at.gv.egovernment.moa.id.data.AuthenticationData;
+
+public class PVPVersionAttributeBuilder extends BaseAttributeBuilder {
+
+ public String getName() {
+ return PVP_VERSION_NAME;
+ }
+
+ public Attribute build(AuthenticationSession authSession,
+ OAAuthParameter oaParam, AuthenticationData authData) {
+ return buildStringAttribute(PVP_VERSION_FRIENDLY_NAME, PVP_VERSION_NAME, PVP_VERSION_2_1);
+ }
+
+ public Attribute buildEmpty() {
+ return buildemptyAttribute(PVP_VERSION_FRIENDLY_NAME, PVP_VERSION_NAME);
+ }
+
+}
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/attributes/PrincipalNameAttributeBuilder.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/attributes/PrincipalNameAttributeBuilder.java
new file mode 100644
index 000000000..7ca7eb829
--- /dev/null
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/attributes/PrincipalNameAttributeBuilder.java
@@ -0,0 +1,24 @@
+package at.gv.egovernment.moa.id.protocols.pvp2x.builder.attributes;
+
+import org.opensaml.saml2.core.Attribute;
+
+import at.gv.egovernment.moa.id.auth.data.AuthenticationSession;
+import at.gv.egovernment.moa.id.config.auth.OAAuthParameter;
+import at.gv.egovernment.moa.id.data.AuthenticationData;
+
+public class PrincipalNameAttributeBuilder extends BaseAttributeBuilder {
+
+ public String getName() {
+ return PRINCIPAL_NAME_NAME;
+ }
+
+ public Attribute build(AuthenticationSession authSession,
+ OAAuthParameter oaParam, AuthenticationData authData) {
+ return buildStringAttribute(PRINCIPAL_NAME_FRIENDLY_NAME, PRINCIPAL_NAME_NAME, authSession.getIdentityLink().getFamilyName());
+ }
+
+ public Attribute buildEmpty() {
+ return buildemptyAttribute(PRINCIPAL_NAME_FRIENDLY_NAME, PRINCIPAL_NAME_NAME);
+ }
+
+}
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/config/PVPConfiguration.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/config/PVPConfiguration.java
new file mode 100644
index 000000000..0786f896a
--- /dev/null
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/config/PVPConfiguration.java
@@ -0,0 +1,339 @@
+package at.gv.egovernment.moa.id.protocols.pvp2x.config;
+
+import iaik.x509.X509Certificate;
+
+import java.io.File;
+import java.io.FileInputStream;
+import java.security.cert.CertificateException;
+import java.util.ArrayList;
+import java.util.Iterator;
+import java.util.List;
+import java.util.Properties;
+import java.util.Set;
+
+import org.opensaml.saml2.metadata.Company;
+import org.opensaml.saml2.metadata.ContactPerson;
+import org.opensaml.saml2.metadata.ContactPersonTypeEnumeration;
+import org.opensaml.saml2.metadata.EmailAddress;
+import org.opensaml.saml2.metadata.GivenName;
+import org.opensaml.saml2.metadata.LocalizedString;
+import org.opensaml.saml2.metadata.Organization;
+import org.opensaml.saml2.metadata.OrganizationDisplayName;
+import org.opensaml.saml2.metadata.OrganizationName;
+import org.opensaml.saml2.metadata.OrganizationURL;
+import org.opensaml.saml2.metadata.SurName;
+import org.opensaml.saml2.metadata.TelephoneNumber;
+
+import at.gv.egovernment.moa.id.commons.db.dao.config.Contact;
+import at.gv.egovernment.moa.id.commons.db.dao.config.OAPVP2;
+import at.gv.egovernment.moa.id.commons.db.dao.config.PVP2;
+import at.gv.egovernment.moa.id.config.ConfigurationException;
+import at.gv.egovernment.moa.id.config.ConfigurationProvider;
+import at.gv.egovernment.moa.id.config.auth.AuthConfigurationProvider;
+import at.gv.egovernment.moa.id.config.auth.OAAuthParameter;
+import at.gv.egovernment.moa.id.protocols.pvp2x.utils.Digester;
+import at.gv.egovernment.moa.id.protocols.pvp2x.utils.SAML2Utils;
+import at.gv.egovernment.moa.logging.Logger;
+
+public class PVPConfiguration {
+
+ private static PVPConfiguration instance;
+
+ public static PVPConfiguration getInstance() {
+ if (instance == null) {
+ instance = new PVPConfiguration();
+ }
+ return instance;
+ }
+
+ public static final String PVP2_METADATA = "/pvp2/metadata";
+ public static final String PVP2_REDIRECT = "/pvp2/redirect";
+ public static final String PVP2_POST = "/pvp2/post";
+
+ public static final String PVP_CONFIG_FILE = "pvp2config.properties";
+ public static final String IDP_JAVAKEYSTORE = "idp.ks.file";
+ public static final String IDP_KEYALIAS = "idp.ks.alias";
+ public static final String IDP_KS_PASS = "idp.ks.kspassword";
+ public static final String IDP_KEY_PASS = "idp.ks.keypassword";
+
+ public static final String IDP_ISSUER_NAME = "idp.issuer.name";
+
+ public static final String METADATA_FILE = "md.dir";
+ public static final String METADATA_EXTENSION = "md.ext";
+
+ public static final String IDP_ENTITY = "idp.entityid";
+ public static final String IDP_ORG_NAME = "idp.org.name";
+ public static final String IDP_ORG_DISPNAME = "idp.org.dispname";
+ public static final String IDP_ORG_URL = "idp.org.url";
+
+ public static final String IDP_PUBLIC_URL = "idp.public.url";
+
+ public static final String IDP_TRUST_STORE = "idp.truststore";
+ public static final String SP_TARGET_PREFIX = "sp.target.";
+
+ public static final String IDP_CONTACT_PREFIX = "idp.contact";
+ public static final String IDP_CONTACT_LIST = "idp.contact_list";
+
+ public static final String IDP_CONTACT_SURNAME = "surname";
+ public static final String IDP_CONTACT_GIVENNAME = "givenname";
+ public static final String IDP_CONTACT_MAIL = "mail";
+ public static final String IDP_CONTACT_TYPE = "type";
+ public static final String IDP_CONTACT_COMPANY = "company";
+ public static final String IDP_CONTACT_PHONE = "phone";
+
+ PVP2 generalpvpconfigdb;
+ Properties props;
+
+ private PVPConfiguration() {
+ try {
+ generalpvpconfigdb = AuthConfigurationProvider.getInstance().getGeneralPVP2DBConfig();
+ props = AuthConfigurationProvider.getInstance().getGeneralPVP2ProperiesConfig();
+
+ } catch (ConfigurationException e) {
+ e.printStackTrace();
+ }
+ }
+
+ public String getIDPPublicPath() {
+ String publicPath = generalpvpconfigdb.getPublicURLPrefix();
+ if(publicPath != null) {
+ if(publicPath.endsWith("/")) {
+ publicPath = publicPath.substring(0, publicPath.length()-2);
+ }
+ }
+ return publicPath;
+ }
+
+ public String getIDPSSOPostService() {
+ return getIDPPublicPath() + PVP2_POST;
+ }
+
+ public String getIDPSSORedirectService() {
+ return getIDPPublicPath() + PVP2_REDIRECT;
+ }
+
+ public String getIDPSSOMetadataService() {
+ return getIDPPublicPath() + PVP2_METADATA;
+ }
+
+ public String getIDPKeyStoreFilename() {
+ return props.getProperty(IDP_JAVAKEYSTORE);
+ }
+
+ public String getIDPKeyStorePassword() {
+ return props.getProperty(IDP_KS_PASS);
+ }
+
+ public String getIDPKeyAlias() {
+ return props.getProperty(IDP_KEYALIAS);
+ }
+
+ public String getIDPKeyPassword() {
+ return props.getProperty(IDP_KEY_PASS);
+ }
+
+ public String getIDPIssuerName() {
+ return generalpvpconfigdb.getIssuerName();
+ }
+
+ public List<String> getMetadataFiles() {
+ String filter = props.getProperty(METADATA_EXTENSION);
+
+ if (filter == null) {
+ filter = ".mdxml";
+ }
+
+ List<String> files = new ArrayList<String>();
+
+ File[] faFiles = new File(props.getProperty(METADATA_FILE)).listFiles();
+ for (File file : faFiles) {
+ if (!file.isDirectory()) {
+ if (file.getName().endsWith(filter)) {
+ files.add(file.getAbsolutePath());
+ }
+ }
+ }
+
+ return files;
+ }
+
+ //TODO:
+ public String getTargetForSP(String sp) {
+
+ try {
+ OAAuthParameter oaParam = AuthConfigurationProvider.getInstance().getOnlineApplicationParameter(sp);
+
+ if (oaParam != null)
+ return oaParam.getTarget();
+
+ Logger.warn("OnlineApplication with ID "+ sp + " is not found.");
+ return null;
+
+ } catch (ConfigurationException e) {
+ Logger.warn("OnlineApplication with ID "+ sp + " is not found.");
+ return null;
+ }
+
+ }
+
+
+ public iaik.x509.X509Certificate getTrustEntityCertificate(String entityID) {
+
+ try {
+ OAAuthParameter oaParam = AuthConfigurationProvider.getInstance().getOnlineApplicationParameter(entityID);
+
+ if (oaParam == null) {
+ Logger.warn("Online Application with ID " + entityID + " not found!");
+ return null;
+ }
+
+ OAPVP2 pvp2param = oaParam.getPVP2Parameter();
+
+ if (pvp2param == null) {
+ return null;
+ }
+
+ Logger.info("Load TrustEntityCertificate ("+entityID+") from Database.");
+ return new X509Certificate(pvp2param.getCertificate());
+
+ } catch (CertificateException e) {
+ Logger.warn("Signer certificate can not be loaded from session database!", e);
+ return null;
+
+ } catch (ConfigurationException e) {
+ e.printStackTrace();
+ return null;
+ }
+ }
+
+ public List<ContactPerson> getIDPContacts() {
+ List<ContactPerson> list = new ArrayList<ContactPerson>();
+
+ List<Contact> contacts = generalpvpconfigdb.getContact();
+
+ if (contacts != null) {
+
+ for (Contact contact : contacts) {
+
+ ContactPerson person = SAML2Utils
+ .createSAMLObject(ContactPerson.class);
+
+ String type = contact.getType();
+
+ if (type == null) {
+ Logger.error("IDP Contact with SurName " + contact.getSurName()
+ + " has no type defined!");
+ break;
+ }
+
+ ContactPersonTypeEnumeration enumType = null;
+
+ if (type.equals(ContactPersonTypeEnumeration.ADMINISTRATIVE
+ .toString())) {
+ enumType = ContactPersonTypeEnumeration.ADMINISTRATIVE;
+ } else if (type.equals(ContactPersonTypeEnumeration.BILLING
+ .toString())) {
+ enumType = ContactPersonTypeEnumeration.BILLING;
+ } else if (type.equals(ContactPersonTypeEnumeration.OTHER
+ .toString())) {
+ enumType = ContactPersonTypeEnumeration.OTHER;
+ } else if (type.equals(ContactPersonTypeEnumeration.SUPPORT
+ .toString())) {
+ enumType = ContactPersonTypeEnumeration.SUPPORT;
+ } else if (type.equals(ContactPersonTypeEnumeration.TECHNICAL
+ .toString())) {
+ enumType = ContactPersonTypeEnumeration.TECHNICAL;
+ }
+
+ if (enumType == null) {
+ Logger.error("IDP Contact with SurName " + contact.getSurName()
+ + " has invalid type defined: " + type);
+ break;
+ }
+
+ person.setType(enumType);
+
+ String givenName = contact.getGivenName();
+
+ if (givenName != null) {
+ GivenName name = SAML2Utils
+ .createSAMLObject(GivenName.class);
+ name.setName(givenName);
+ person.setGivenName(name);
+ }
+
+ String company = contact.getCompany();
+
+ if (company != null) {
+ Company comp = SAML2Utils.createSAMLObject(Company.class);
+ comp.setName(company);
+ person.setCompany(comp);
+ }
+
+ String surname = contact.getSurName();
+
+ if (surname != null) {
+ SurName name = SAML2Utils.createSAMLObject(SurName.class);
+ name.setName(surname);
+ person.setSurName(name);
+ }
+
+ List<String> phones = contact.getPhone();
+ for (String phone : phones) {
+ TelephoneNumber telePhone = SAML2Utils
+ .createSAMLObject(TelephoneNumber.class);
+ telePhone.setNumber(phone);
+ person.getTelephoneNumbers().add(telePhone);
+ }
+
+ List<String> mails = contact.getMail();
+ for (String mail : mails) {
+ EmailAddress mailAddress = SAML2Utils
+ .createSAMLObject(EmailAddress.class);
+ mailAddress.setAddress(mail);
+ person.getEmailAddresses().add(mailAddress);
+ }
+
+ list.add(person);
+ }
+ }
+ return list;
+ }
+
+ public Organization getIDPOrganisation() {
+ Organization org = SAML2Utils.createSAMLObject(Organization.class);
+
+ at.gv.egovernment.moa.id.commons.db.dao.config.Organization organisation = generalpvpconfigdb.getOrganization();
+
+ String org_name = null;
+ String org_dispname = null;
+ String org_url = null;
+
+ if (organisation != null) {
+ org_name = organisation.getName();
+ org_dispname = organisation.getDisplayName();
+ org_url = organisation.getURL();
+ }
+
+ if (org_name == null || org_dispname == null || org_url == null) {
+ return null;
+ }
+
+ OrganizationDisplayName dispName = SAML2Utils
+ .createSAMLObject(OrganizationDisplayName.class);
+ dispName.setName(new LocalizedString(org_dispname, "de"));
+ org.getDisplayNames().add(dispName);
+
+ OrganizationName name = SAML2Utils
+ .createSAMLObject(OrganizationName.class);
+ name.setName(new LocalizedString(org_name, "de"));
+ org.getOrganizationNames().add(name);
+
+ OrganizationURL url = SAML2Utils
+ .createSAMLObject(OrganizationURL.class);
+ url.setURL(new LocalizedString(org_url, "de"));
+ org.getURLs().add(url);
+
+ return org;
+ }
+}
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/exceptions/BindingNotSupportedException.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/exceptions/BindingNotSupportedException.java
new file mode 100644
index 000000000..51c4b7e72
--- /dev/null
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/exceptions/BindingNotSupportedException.java
@@ -0,0 +1,19 @@
+package at.gv.egovernment.moa.id.protocols.pvp2x.exceptions;
+
+import org.opensaml.saml2.core.StatusCode;
+
+public class BindingNotSupportedException extends PVP2Exception {
+
+ public BindingNotSupportedException(String binding) {
+ super("pvp2.11", new Object[] {binding});
+ this.statusCodeValue = StatusCode.UNSUPPORTED_BINDING_URI;
+ }
+
+ /**
+ *
+ */
+ private static final long serialVersionUID = -7227603941387879360L;
+
+
+
+}
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/exceptions/InvalidAssertionConsumerServiceException.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/exceptions/InvalidAssertionConsumerServiceException.java
new file mode 100644
index 000000000..521b55580
--- /dev/null
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/exceptions/InvalidAssertionConsumerServiceException.java
@@ -0,0 +1,17 @@
+package at.gv.egovernment.moa.id.protocols.pvp2x.exceptions;
+
+import org.opensaml.saml2.core.StatusCode;
+
+public class InvalidAssertionConsumerServiceException extends PVP2Exception {
+
+ public InvalidAssertionConsumerServiceException(int idx) {
+ super("pvp2.00", new Object[]{idx});
+ this.statusCodeValue = StatusCode.REQUESTER_URI;
+ }
+
+ /**
+ *
+ */
+ private static final long serialVersionUID = 7861790149343943091L;
+
+}
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/exceptions/InvalidDateFormatException.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/exceptions/InvalidDateFormatException.java
new file mode 100644
index 000000000..799d26ccb
--- /dev/null
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/exceptions/InvalidDateFormatException.java
@@ -0,0 +1,17 @@
+package at.gv.egovernment.moa.id.protocols.pvp2x.exceptions;
+
+import org.opensaml.saml2.core.StatusCode;
+
+public class InvalidDateFormatException extends PVP2Exception {
+
+ public InvalidDateFormatException() {
+ super("pvp2.02", null);
+ this.statusCodeValue = StatusCode.REQUESTER_URI;
+ }
+
+ /**
+ *
+ */
+ private static final long serialVersionUID = -6867976890237846085L;
+
+}
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/exceptions/MandateAttributesNotHandleAbleException.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/exceptions/MandateAttributesNotHandleAbleException.java
new file mode 100644
index 000000000..41a56639a
--- /dev/null
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/exceptions/MandateAttributesNotHandleAbleException.java
@@ -0,0 +1,17 @@
+package at.gv.egovernment.moa.id.protocols.pvp2x.exceptions;
+
+import org.opensaml.saml2.core.StatusCode;
+
+public class MandateAttributesNotHandleAbleException extends PVP2Exception {
+
+ public MandateAttributesNotHandleAbleException() {
+ super("pvp2.03", null);
+ this.statusCodeValue = StatusCode.REQUESTER_URI;
+ }
+
+ /**
+ *
+ */
+ private static final long serialVersionUID = -1466424425852327722L;
+
+}
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/exceptions/NameIDFormatNotSupportedException.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/exceptions/NameIDFormatNotSupportedException.java
new file mode 100644
index 000000000..7dc9d5645
--- /dev/null
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/exceptions/NameIDFormatNotSupportedException.java
@@ -0,0 +1,14 @@
+package at.gv.egovernment.moa.id.protocols.pvp2x.exceptions;
+
+public class NameIDFormatNotSupportedException extends PVP2Exception {
+
+ public NameIDFormatNotSupportedException(String nameIDFormat) {
+ super("pvp2.12", new Object[] {nameIDFormat});
+ }
+
+ /**
+ *
+ */
+ private static final long serialVersionUID = -2270762519437873336L;
+
+}
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/exceptions/NoAuthContextException.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/exceptions/NoAuthContextException.java
new file mode 100644
index 000000000..cd81de30f
--- /dev/null
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/exceptions/NoAuthContextException.java
@@ -0,0 +1,17 @@
+package at.gv.egovernment.moa.id.protocols.pvp2x.exceptions;
+
+import org.opensaml.saml2.core.StatusCode;
+
+public class NoAuthContextException extends PVP2Exception {
+
+ /**
+ *
+ */
+ private static final long serialVersionUID = 7040652043174500992L;
+
+ public NoAuthContextException() {
+ super("pvp2.04", null);
+ this.statusCodeValue = StatusCode.REQUESTER_URI;
+ }
+
+}
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/exceptions/NoCredentialsException.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/exceptions/NoCredentialsException.java
new file mode 100644
index 000000000..6af97301f
--- /dev/null
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/exceptions/NoCredentialsException.java
@@ -0,0 +1,21 @@
+package at.gv.egovernment.moa.id.protocols.pvp2x.exceptions;
+
+import org.opensaml.saml2.core.StatusCode;
+
+public class NoCredentialsException extends PVP2Exception {
+
+ public static final String MOA_IDP_TARGET = "MOA-ID";
+
+ public NoCredentialsException(String target) {
+ super("pvp2.08", new Object[] {target});
+ this.statusCodeValue = StatusCode.REQUEST_DENIED_URI;
+ }
+
+ /**
+ *
+ */
+ private static final long serialVersionUID = -9086515080686076313L;
+
+
+
+}
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/exceptions/NoMandateDataAvailableException.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/exceptions/NoMandateDataAvailableException.java
new file mode 100644
index 000000000..d24905f68
--- /dev/null
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/exceptions/NoMandateDataAvailableException.java
@@ -0,0 +1,14 @@
+package at.gv.egovernment.moa.id.protocols.pvp2x.exceptions;
+
+public class NoMandateDataAvailableException extends PVP2Exception {
+
+ public NoMandateDataAvailableException() {
+ super("pvp2.06", null);
+ }
+
+ /**
+ *
+ */
+ private static final long serialVersionUID = 4540420741715406351L;
+
+}
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/exceptions/NoMetadataInformationException.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/exceptions/NoMetadataInformationException.java
new file mode 100644
index 000000000..c45820cfb
--- /dev/null
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/exceptions/NoMetadataInformationException.java
@@ -0,0 +1,17 @@
+package at.gv.egovernment.moa.id.protocols.pvp2x.exceptions;
+
+import org.opensaml.saml2.core.StatusCode;
+
+public class NoMetadataInformationException extends PVP2Exception {
+
+ public NoMetadataInformationException() {
+ super("pvp2.15", null);
+ this.statusCodeValue = StatusCode.UNKNOWN_PRINCIPAL_URI;
+ }
+
+ /**
+ *
+ */
+ private static final long serialVersionUID = -4608068445208032193L;
+
+}
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/exceptions/PVP2EncodingException.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/exceptions/PVP2EncodingException.java
new file mode 100644
index 000000000..a9bd8104e
--- /dev/null
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/exceptions/PVP2EncodingException.java
@@ -0,0 +1,18 @@
+package at.gv.egovernment.moa.id.protocols.pvp2x.exceptions;
+
+public class PVP2EncodingException extends PVP2Exception {
+
+ public PVP2EncodingException() {
+ super("pvp2.01", null);
+ }
+
+ public PVP2EncodingException(Throwable wrapped) {
+ super("pvp2.01", null, wrapped);
+ }
+
+ /**
+ *
+ */
+ private static final long serialVersionUID = -1348774139990071020L;
+
+}
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/exceptions/PVP2Exception.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/exceptions/PVP2Exception.java
new file mode 100644
index 000000000..990a76562
--- /dev/null
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/exceptions/PVP2Exception.java
@@ -0,0 +1,39 @@
+package at.gv.egovernment.moa.id.protocols.pvp2x.exceptions;
+
+import org.opensaml.saml2.core.StatusCode;
+
+import at.gv.egovernment.moa.id.MOAIDException;
+
+public abstract class PVP2Exception extends MOAIDException {
+
+ protected String statusCodeValue = StatusCode.RESPONDER_URI;
+ protected String statusMessageValue = null;
+
+ public PVP2Exception(String messageId, Object[] parameters,
+ Throwable wrapped) {
+ super(messageId, parameters, wrapped);
+ this.statusMessageValue = this.getMessage();
+ }
+
+ public PVP2Exception(String messageId, Object[] parameters) {
+ super(messageId, parameters);
+ this.statusMessageValue = this.getMessage();
+ }
+
+
+ public String getStatusCodeValue() {
+ return (this.statusCodeValue);
+ }
+
+ public String getStatusMessageValue() {
+ return (this.statusMessageValue);
+ }
+
+ /**
+ *
+ */
+ private static final long serialVersionUID = 7669537952484421069L;
+
+
+
+}
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/exceptions/QAANotSupportedException.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/exceptions/QAANotSupportedException.java
new file mode 100644
index 000000000..be22be859
--- /dev/null
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/exceptions/QAANotSupportedException.java
@@ -0,0 +1,18 @@
+package at.gv.egovernment.moa.id.protocols.pvp2x.exceptions;
+
+import org.opensaml.saml2.core.StatusCode;
+
+
+public class QAANotSupportedException extends PVP2Exception {
+
+ public QAANotSupportedException(String qaa) {
+ super("pvp2.05", new Object[] {qaa});
+ this.statusCodeValue = StatusCode.REQUESTER_URI;
+ }
+
+ /**
+ *
+ */
+ private static final long serialVersionUID = -3964192953884089323L;
+
+}
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/exceptions/RequestDeniedException.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/exceptions/RequestDeniedException.java
new file mode 100644
index 000000000..61c41d82b
--- /dev/null
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/exceptions/RequestDeniedException.java
@@ -0,0 +1,17 @@
+package at.gv.egovernment.moa.id.protocols.pvp2x.exceptions;
+
+import org.opensaml.saml2.core.StatusCode;
+
+public class RequestDeniedException extends PVP2Exception {
+
+ public RequestDeniedException() {
+ super("pvp2.14", null);
+ this.statusCodeValue = StatusCode.REQUEST_DENIED_URI;
+ }
+
+ /**
+ *
+ */
+ private static final long serialVersionUID = 4415896615794730553L;
+
+}
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/exceptions/ResponderErrorException.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/exceptions/ResponderErrorException.java
new file mode 100644
index 000000000..a24320cbc
--- /dev/null
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/exceptions/ResponderErrorException.java
@@ -0,0 +1,22 @@
+package at.gv.egovernment.moa.id.protocols.pvp2x.exceptions;
+
+import org.opensaml.saml2.core.StatusCode;
+
+public class ResponderErrorException extends PVP2Exception {
+
+ /**
+ *
+ */
+ private static final long serialVersionUID = -425416760138285446L;
+
+ public ResponderErrorException(String messageId, Object[] parameters,
+ Throwable wrapped) {
+ super(messageId, parameters, wrapped);
+ this.statusCodeValue = StatusCode.RESPONDER_URI;
+ }
+
+ public ResponderErrorException(String messageId, Object[] parameters) {
+ super(messageId, parameters);
+ this.statusCodeValue = StatusCode.RESPONDER_URI;
+ }
+}
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/exceptions/SAMLRequestNotSignedException.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/exceptions/SAMLRequestNotSignedException.java
new file mode 100644
index 000000000..e0f576205
--- /dev/null
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/exceptions/SAMLRequestNotSignedException.java
@@ -0,0 +1,22 @@
+package at.gv.egovernment.moa.id.protocols.pvp2x.exceptions;
+
+import org.opensaml.saml2.core.StatusCode;
+
+public class SAMLRequestNotSignedException extends PVP2Exception {
+
+ public SAMLRequestNotSignedException() {
+ super("pvp2.07", null);
+ this.statusCodeValue = StatusCode.REQUESTER_URI;
+ }
+
+ public SAMLRequestNotSignedException(Throwable e) {
+ super("pvp2.07", null, e);
+ this.statusCodeValue = StatusCode.REQUESTER_URI;
+ }
+
+ /**
+ *
+ */
+ private static final long serialVersionUID = 1L;
+
+}
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/exceptions/SAMLRequestNotSupported.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/exceptions/SAMLRequestNotSupported.java
new file mode 100644
index 000000000..029470b94
--- /dev/null
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/exceptions/SAMLRequestNotSupported.java
@@ -0,0 +1,18 @@
+package at.gv.egovernment.moa.id.protocols.pvp2x.exceptions;
+
+import org.opensaml.saml2.core.StatusCode;
+
+
+public class SAMLRequestNotSupported extends PVP2Exception {
+
+ public SAMLRequestNotSupported() {
+ super("pvp2.09", null);
+ this.statusCodeValue = StatusCode.REQUEST_UNSUPPORTED_URI;
+ }
+
+ /**
+ *
+ */
+ private static final long serialVersionUID = 1244883178458802767L;
+
+}
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/exceptions/UnprovideableAttributeException.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/exceptions/UnprovideableAttributeException.java
new file mode 100644
index 000000000..0a91cc61a
--- /dev/null
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/exceptions/UnprovideableAttributeException.java
@@ -0,0 +1,15 @@
+package at.gv.egovernment.moa.id.protocols.pvp2x.exceptions;
+
+import org.opensaml.saml2.core.StatusCode;
+
+public class UnprovideableAttributeException extends PVP2Exception {
+ /**
+ *
+ */
+ private static final long serialVersionUID = 3972197758163647157L;
+
+ public UnprovideableAttributeException(String attributeName) {
+ super("pvp2.10", new Object[] {attributeName});
+ this.statusCodeValue = StatusCode.UNKNOWN_ATTR_PROFILE_URI;
+ }
+}
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/metadata/MOAMetadataProvider.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/metadata/MOAMetadataProvider.java
new file mode 100644
index 000000000..99567478d
--- /dev/null
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/metadata/MOAMetadataProvider.java
@@ -0,0 +1,144 @@
+package at.gv.egovernment.moa.id.protocols.pvp2x.metadata;
+
+import java.io.File;
+import java.security.cert.CertificateException;
+import java.util.Iterator;
+import java.util.List;
+import java.util.Timer;
+
+import javax.xml.namespace.QName;
+
+import org.apache.commons.httpclient.HttpClient;
+import org.apache.commons.httpclient.protocol.Protocol;
+import org.opensaml.saml2.metadata.EntitiesDescriptor;
+import org.opensaml.saml2.metadata.EntityDescriptor;
+import org.opensaml.saml2.metadata.RoleDescriptor;
+import org.opensaml.saml2.metadata.provider.ChainingMetadataProvider;
+import org.opensaml.saml2.metadata.provider.FilesystemMetadataProvider;
+import org.opensaml.saml2.metadata.provider.HTTPMetadataProvider;
+import org.opensaml.saml2.metadata.provider.MetadataFilter;
+import org.opensaml.saml2.metadata.provider.MetadataProvider;
+import org.opensaml.saml2.metadata.provider.MetadataProviderException;
+import org.opensaml.xml.XMLObject;
+import org.opensaml.xml.parse.BasicParserPool;
+
+import at.gv.egovernment.moa.id.auth.validator.parep.client.szrgw.SZRGWSecureSocketFactory;
+import at.gv.egovernment.moa.id.commons.db.ConfigurationDBRead;
+import at.gv.egovernment.moa.id.commons.db.ConfigurationDBUtils;
+import at.gv.egovernment.moa.id.commons.db.dao.config.OAPVP2;
+import at.gv.egovernment.moa.id.commons.db.dao.config.OnlineApplication;
+import at.gv.egovernment.moa.id.config.auth.AuthConfigurationProvider;
+import at.gv.egovernment.moa.id.protocols.pvp2x.verification.MetadataSignatureFilter;
+import at.gv.egovernment.moa.id.util.SSLUtils;
+import at.gv.egovernment.moa.logging.Logger;
+
+public class MOAMetadataProvider implements MetadataProvider {
+
+ private static MOAMetadataProvider instance = null;
+
+ private static Object mutex = new Object();
+
+ public static MOAMetadataProvider getInstance() {
+ if (instance == null) {
+ synchronized (mutex) {
+ if (instance == null) {
+ instance = new MOAMetadataProvider();
+ }
+ }
+ }
+ return instance;
+ }
+
+ MetadataProvider internalProvider;
+
+ private MOAMetadataProvider() {
+ ChainingMetadataProvider chainProvider = new ChainingMetadataProvider();
+ Logger.info("Loading metadata");
+ List<OnlineApplication> oaList = ConfigurationDBRead
+ .getAllActiveOnlineApplications();
+ Iterator<OnlineApplication> oaIt = oaList.iterator();
+ while (oaIt.hasNext()) {
+ try {
+ OnlineApplication oa = oaIt.next();
+ Logger.info("Loading metadata for: " + oa.getFriendlyName());
+ OAPVP2 pvp2Config = oa.getAuthComponentOA().getOAPVP2();
+ if (pvp2Config != null) {
+ String metadataURL = pvp2Config.getMetadataURL();
+ try {
+ // TODO: use proper SSL checking
+ HTTPMetadataProvider httpProvider = new HTTPMetadataProvider(
+ metadataURL, 20000);
+ httpProvider.setParserPool(new BasicParserPool());
+ httpProvider.setRequireValidMetadata(true);
+ MetadataFilter filter = new MetadataSignatureFilter(
+ metadataURL, pvp2Config.getCertificate());
+ httpProvider.setMetadataFilter(filter);
+ chainProvider.addMetadataProvider(httpProvider);
+ httpProvider.initialize();
+ } catch (MetadataProviderException e) {
+ Logger.error(
+ "Failed to add Metadata file for "
+ + oa.getFriendlyName() + "[ "
+ + e.getMessage() + " ]", e);
+ } catch (CertificateException e) {
+ Logger.error(
+ "Failed to add Metadata file for "
+ + oa.getFriendlyName() + "[ "
+ + e.getMessage() + " ]", e);
+ }
+ } else {
+ Logger.info(oa.getFriendlyName()
+ + " is not a PVP2 Application skipping");
+ }
+ } catch (Throwable e) {
+ Logger.error(
+ "Failed to add Metadata (unhandled reason: "
+ + e.getMessage(), e);
+ }
+ }
+
+ internalProvider = chainProvider;
+ }
+
+ public boolean requireValidMetadata() {
+ return internalProvider.requireValidMetadata();
+ }
+
+ public void setRequireValidMetadata(boolean requireValidMetadata) {
+ internalProvider.setRequireValidMetadata(requireValidMetadata);
+ }
+
+ public MetadataFilter getMetadataFilter() {
+ return internalProvider.getMetadataFilter();
+ }
+
+ public void setMetadataFilter(MetadataFilter newFilter)
+ throws MetadataProviderException {
+ internalProvider.setMetadataFilter(newFilter);
+ }
+
+ public XMLObject getMetadata() throws MetadataProviderException {
+ return internalProvider.getMetadata();
+ }
+
+ public EntitiesDescriptor getEntitiesDescriptor(String name)
+ throws MetadataProviderException {
+ return internalProvider.getEntitiesDescriptor(name);
+ }
+
+ public EntityDescriptor getEntityDescriptor(String entityID)
+ throws MetadataProviderException {
+ return internalProvider.getEntityDescriptor(entityID);
+ }
+
+ public List<RoleDescriptor> getRole(String entityID, QName roleName)
+ throws MetadataProviderException {
+ return internalProvider.getRole(entityID, roleName);
+ }
+
+ public RoleDescriptor getRole(String entityID, QName roleName,
+ String supportedProtocol) throws MetadataProviderException {
+ return internalProvider.getRole(entityID, roleName, supportedProtocol);
+ }
+
+}
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/requestHandler/ArtifactResolution.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/requestHandler/ArtifactResolution.java
new file mode 100644
index 000000000..d479de2d7
--- /dev/null
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/requestHandler/ArtifactResolution.java
@@ -0,0 +1,56 @@
+package at.gv.egovernment.moa.id.protocols.pvp2x.requestHandler;
+
+import javax.servlet.http.HttpServletRequest;
+import javax.servlet.http.HttpServletResponse;
+
+import org.joda.time.DateTime;
+import org.opensaml.common.binding.artifact.SAMLArtifactMap.SAMLArtifactMapEntry;
+import org.opensaml.saml2.core.ArtifactResolve;
+import org.opensaml.saml2.core.ArtifactResponse;
+
+import at.gv.egovernment.moa.id.MOAIDException;
+import at.gv.egovernment.moa.id.auth.data.AuthenticationSession;
+import at.gv.egovernment.moa.id.protocols.pvp2x.PVPAssertionStorage;
+import at.gv.egovernment.moa.id.protocols.pvp2x.binding.MOARequest;
+import at.gv.egovernment.moa.id.protocols.pvp2x.binding.SoapBinding;
+import at.gv.egovernment.moa.id.protocols.pvp2x.exceptions.RequestDeniedException;
+import at.gv.egovernment.moa.id.protocols.pvp2x.utils.SAML2Utils;
+import at.gv.egovernment.moa.logging.Logger;
+
+public class ArtifactResolution implements IRequestHandler {
+
+ public boolean handleObject(MOARequest obj) {
+ return (obj.getSamlRequest() instanceof ArtifactResolve);
+ }
+
+ public void process(MOARequest obj, HttpServletRequest req,
+ HttpServletResponse resp, AuthenticationSession moasession) throws MOAIDException {
+ if (!handleObject(obj)) {
+ throw new MOAIDException("pvp2.13", null);
+ }
+
+ ArtifactResolve artifactResolve = (ArtifactResolve) obj
+ .getSamlRequest();
+ String artifactID = artifactResolve.getArtifact().getArtifact();
+
+ PVPAssertionStorage pvpAssertion = PVPAssertionStorage.getInstance();
+
+ if (!pvpAssertion.contains(artifactID)) {
+ throw new RequestDeniedException();
+ } else {
+ try {
+ SAMLArtifactMapEntry assertion = pvpAssertion.get(artifactID);
+ ArtifactResponse response = SAML2Utils
+ .createSAMLObject(ArtifactResponse.class);
+ response.setMessage(assertion.getSamlMessage());
+ response.setIssueInstant(new DateTime());
+ SoapBinding encoder = new SoapBinding();
+ encoder.encodeRespone(req, resp, response, null);
+ } catch (Exception e) {
+ Logger.error("Failed to resolve artifact", e);
+ }
+ }
+
+ }
+
+}
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/requestHandler/AuthnRequestHandler.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/requestHandler/AuthnRequestHandler.java
new file mode 100644
index 000000000..f8270cf33
--- /dev/null
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/requestHandler/AuthnRequestHandler.java
@@ -0,0 +1,120 @@
+package at.gv.egovernment.moa.id.protocols.pvp2x.requestHandler;
+
+import javax.servlet.http.HttpServletRequest;
+import javax.servlet.http.HttpServletResponse;
+
+import org.opensaml.common.xml.SAMLConstants;
+import org.opensaml.saml2.core.Assertion;
+import org.opensaml.saml2.core.AuthnRequest;
+import org.opensaml.saml2.core.Issuer;
+import org.opensaml.saml2.core.NameID;
+import org.opensaml.saml2.core.Response;
+import org.opensaml.saml2.metadata.AssertionConsumerService;
+import org.opensaml.saml2.metadata.EntityDescriptor;
+import org.opensaml.saml2.metadata.SPSSODescriptor;
+import org.opensaml.ws.message.encoder.MessageEncodingException;
+import org.opensaml.xml.security.SecurityException;
+
+import at.gv.egovernment.moa.id.AuthenticationException;
+import at.gv.egovernment.moa.id.MOAIDException;
+import at.gv.egovernment.moa.id.auth.data.AuthenticationSession;
+import at.gv.egovernment.moa.id.moduls.AuthenticationManager;
+import at.gv.egovernment.moa.id.protocols.pvp2x.PVPConstants;
+import at.gv.egovernment.moa.id.protocols.pvp2x.binding.ArtifactBinding;
+import at.gv.egovernment.moa.id.protocols.pvp2x.binding.IEncoder;
+import at.gv.egovernment.moa.id.protocols.pvp2x.binding.MOARequest;
+import at.gv.egovernment.moa.id.protocols.pvp2x.binding.PostBinding;
+import at.gv.egovernment.moa.id.protocols.pvp2x.binding.RedirectBinding;
+import at.gv.egovernment.moa.id.protocols.pvp2x.builder.assertion.PVP2AssertionBuilder;
+import at.gv.egovernment.moa.id.protocols.pvp2x.config.PVPConfiguration;
+import at.gv.egovernment.moa.id.protocols.pvp2x.exceptions.BindingNotSupportedException;
+import at.gv.egovernment.moa.id.protocols.pvp2x.exceptions.InvalidAssertionConsumerServiceException;
+import at.gv.egovernment.moa.id.protocols.pvp2x.utils.SAML2Utils;
+import at.gv.egovernment.moa.id.storage.AuthenticationSessionStoreage;
+import at.gv.egovernment.moa.logging.Logger;
+
+public class AuthnRequestHandler implements IRequestHandler, PVPConstants {
+
+ public boolean handleObject(MOARequest obj) {
+ return (obj.getSamlRequest() instanceof AuthnRequest);
+ }
+
+ public void process(MOARequest obj, HttpServletRequest req,
+ HttpServletResponse resp, AuthenticationSession authSession) throws MOAIDException {
+ if (!handleObject(obj)) {
+ throw new MOAIDException("pvp2.13", null);
+ }
+
+ AuthnRequest authnRequest = (AuthnRequest) obj.getSamlRequest();
+ EntityDescriptor peerEntity = obj.getEntityMetadata();
+
+// if (!AuthenticationSessionStoreage.isAuthenticated(authSession.getSessionID())) {
+// throw new AuthenticationException("auth.21", new Object[] {});
+// }
+
+// AuthenticationManager authmanager = AuthenticationManager.getInstance();
+// AuthenticationSession authSession =authmanager.getAuthenticationSession(req.getSession());
+
+ // authSession.getM
+
+ Assertion assertion = PVP2AssertionBuilder.buildAssertion(authnRequest, authSession, peerEntity);
+
+ Response authResponse = SAML2Utils.createSAMLObject(Response.class);
+
+
+ Issuer nissuer = SAML2Utils.createSAMLObject(Issuer.class);
+ nissuer.setValue(PVPConfiguration.getInstance().getIDPIssuerName());
+ nissuer.setFormat(NameID.ENTITY);
+ authResponse.setIssuer(nissuer);
+ authResponse.setInResponseTo(authnRequest.getID());
+ authResponse.getAssertions().add(assertion);
+ authResponse.setStatus(SAML2Utils.getSuccessStatus());
+
+ Integer aIdx = authnRequest.getAssertionConsumerServiceIndex();
+ int idx = 0;
+
+ if (aIdx != null) {
+ idx = aIdx.intValue();
+ }
+
+ SPSSODescriptor spSSODescriptor = peerEntity
+ .getSPSSODescriptor(SAMLConstants.SAML20P_NS);
+
+ AssertionConsumerService consumerService = spSSODescriptor
+ .getAssertionConsumerServices().get(idx);
+
+ if (consumerService == null) {
+ throw new InvalidAssertionConsumerServiceException(idx);
+ }
+ String oaURL = consumerService.getLocation();
+
+ IEncoder binding = null;
+
+ if (consumerService.getBinding().equals(
+ SAMLConstants.SAML2_REDIRECT_BINDING_URI)) {
+ binding = new RedirectBinding();
+ } else if (consumerService.getBinding().equals(
+ SAMLConstants.SAML2_ARTIFACT_BINDING_URI)) {
+ // TODO: not supported YET!!
+ binding = new ArtifactBinding();
+ } else if (consumerService.getBinding().equals(
+ SAMLConstants.SAML2_POST_BINDING_URI)) {
+ binding = new PostBinding();
+ }
+
+ if (binding == null) {
+ throw new BindingNotSupportedException(consumerService.getBinding());
+ }
+
+ try {
+ binding.encodeRespone(req, resp, authResponse, oaURL);
+ // TODO add remoteSessionID to AuthSession ExternalPVPSessionStore
+ } catch (MessageEncodingException e) {
+ Logger.error("Message Encoding exception", e);
+ throw new MOAIDException("pvp2.01", null, e);
+ } catch (SecurityException e) {
+ Logger.error("Security exception", e);
+ throw new MOAIDException("pvp2.01", null, e);
+ }
+ }
+}
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/requestHandler/IRequestHandler.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/requestHandler/IRequestHandler.java
new file mode 100644
index 000000000..458316c6d
--- /dev/null
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/requestHandler/IRequestHandler.java
@@ -0,0 +1,15 @@
+package at.gv.egovernment.moa.id.protocols.pvp2x.requestHandler;
+
+import javax.servlet.http.HttpServletRequest;
+import javax.servlet.http.HttpServletResponse;
+
+import at.gv.egovernment.moa.id.MOAIDException;
+import at.gv.egovernment.moa.id.auth.data.AuthenticationSession;
+import at.gv.egovernment.moa.id.protocols.pvp2x.binding.MOARequest;
+
+public interface IRequestHandler {
+ public boolean handleObject(MOARequest obj);
+
+ public void process(MOARequest obj, HttpServletRequest req,
+ HttpServletResponse resp, AuthenticationSession moasession) throws MOAIDException;
+}
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/requestHandler/RequestManager.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/requestHandler/RequestManager.java
new file mode 100644
index 000000000..a043bfde5
--- /dev/null
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/requestHandler/RequestManager.java
@@ -0,0 +1,48 @@
+package at.gv.egovernment.moa.id.protocols.pvp2x.requestHandler;
+
+import java.util.ArrayList;
+import java.util.Iterator;
+import java.util.List;
+
+import javax.servlet.http.HttpServletRequest;
+import javax.servlet.http.HttpServletResponse;
+
+import at.gv.egovernment.moa.id.MOAIDException;
+import at.gv.egovernment.moa.id.auth.data.AuthenticationSession;
+import at.gv.egovernment.moa.id.protocols.pvp2x.binding.MOARequest;
+import at.gv.egovernment.moa.id.protocols.pvp2x.exceptions.SAMLRequestNotSupported;
+
+public class RequestManager {
+
+ private static RequestManager instance = null;
+
+ private List<IRequestHandler> handler;
+
+ public static synchronized RequestManager getInstance() {
+ if(instance == null) {
+ instance = new RequestManager();
+ }
+ return instance;
+ }
+
+ private RequestManager() {
+ handler = new ArrayList<IRequestHandler>();
+ handler.add(new AuthnRequestHandler());
+ handler.add(new ArtifactResolution());
+ }
+
+ public void handle(MOARequest obj, HttpServletRequest req, HttpServletResponse resp, AuthenticationSession moasession)
+ throws SAMLRequestNotSupported, MOAIDException {
+ Iterator<IRequestHandler> it = handler.iterator();
+ while(it.hasNext()) {
+ IRequestHandler handler = it.next();
+ if(handler.handleObject(obj)) {
+ handler.process(obj, req, resp, moasession);
+ return;
+ }
+ }
+
+ // not handled
+ throw new SAMLRequestNotSupported();
+ }
+}
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/signer/CredentialProvider.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/signer/CredentialProvider.java
new file mode 100644
index 000000000..38251ab56
--- /dev/null
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/signer/CredentialProvider.java
@@ -0,0 +1,96 @@
+package at.gv.egovernment.moa.id.protocols.pvp2x.signer;
+
+import iaik.pkcs.pkcs12.PKCS12;
+import iaik.x509.X509Certificate;
+
+import java.io.File;
+import java.io.FileInputStream;
+import java.io.FileNotFoundException;
+import java.io.IOException;
+import java.security.KeyStore;
+import java.security.cert.CertificateException;
+
+import javax.jws.soap.SOAPBinding.Use;
+
+import org.opensaml.xml.security.credential.Credential;
+import org.opensaml.xml.security.credential.UsageType;
+import org.opensaml.xml.security.x509.BasicX509Credential;
+import org.opensaml.xml.security.x509.KeyStoreX509CredentialAdapter;
+import org.opensaml.xml.security.x509.X509Credential;
+import org.opensaml.xml.signature.Signature;
+import org.opensaml.xml.signature.SignatureConstants;
+
+import at.gv.egovernment.moa.id.protocols.pvp2x.config.PVPConfiguration;
+import at.gv.egovernment.moa.id.protocols.pvp2x.utils.SAML2Utils;
+import at.gv.egovernment.moa.logging.Logger;
+import at.gv.egovernment.moa.util.KeyStoreUtils;
+
+public class CredentialProvider {
+ public static Credential getIDPSigningCredential()
+ throws CredentialsNotAvailableException {
+ KeyStore keyStore;
+ PVPConfiguration config = PVPConfiguration.getInstance();
+ try {
+ keyStore = KeyStoreUtils.loadKeyStore(config.getIDPKeyStoreFilename(),
+ config.getIDPKeyStorePassword());
+
+ KeyStoreX509CredentialAdapter credentials = new KeyStoreX509CredentialAdapter(
+ keyStore, config.getIDPKeyAlias(), config
+ .getIDPKeyPassword().toCharArray());
+
+ credentials.setUsageType(UsageType.SIGNING);
+ return credentials;
+ } catch (Exception e) {
+ Logger.error("Failed to generate IDP Signing credentials");
+ e.printStackTrace();
+ throw new CredentialsNotAvailableException(e.getMessage(), null);
+ }
+ }
+
+ public static Signature getIDPSignature(Credential credentials) {
+ Signature signer = SAML2Utils.createSAMLObject(Signature.class);
+ signer.setSignatureAlgorithm(SignatureConstants.ALGO_ID_SIGNATURE_RSA_SHA256);
+ signer.setCanonicalizationAlgorithm(SignatureConstants.ALGO_ID_C14N_EXCL_OMIT_COMMENTS);
+ signer.setSigningCredential(credentials);
+ return signer;
+ }
+
+ public static Credential getSPTrustedCredential(String entityID)
+ throws CredentialsNotAvailableException {
+
+ iaik.x509.X509Certificate cert = PVPConfiguration.getInstance()
+ .getTrustEntityCertificate(entityID);
+
+ if (cert == null) {
+ throw new CredentialsNotAvailableException("ServiceProvider Certificate can not be loaded from Database", null);
+ }
+
+ BasicX509Credential credential = new BasicX509Credential();
+ credential.setEntityId(entityID);
+ credential.setUsageType(UsageType.SIGNING);
+ credential.setPublicKey(cert.getPublicKey());
+
+ return credential;
+ }
+ /*
+ * public static Credential getTrustedCredential() throws
+ * CredentialsNotAvailableException { String filename =
+ * PVPConfiguration.getInstance().getTrustEntityCertificate("sp.crt");
+ *
+ * iaik.x509.X509Certificate cert; try { cert = new X509Certificate(new
+ * FileInputStream(new File(filename))); } catch (CertificateException e) {
+ * e.printStackTrace(); throw new
+ * CredentialsNotAvailableException(e.getMessage(), null); } catch
+ * (FileNotFoundException e) { e.printStackTrace(); throw new
+ * CredentialsNotAvailableException(e.getMessage(), null); } catch
+ * (IOException e) { e.printStackTrace(); throw new
+ * CredentialsNotAvailableException(e.getMessage(), null); }
+ *
+ * BasicX509Credential credential = new BasicX509Credential();
+ * credential.setEntityId("sp.crt");
+ * credential.setUsageType(UsageType.SIGNING);
+ * credential.setPublicKey(cert.getPublicKey());
+ *
+ * return credential; }
+ */
+}
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/signer/CredentialsNotAvailableException.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/signer/CredentialsNotAvailableException.java
new file mode 100644
index 000000000..56864bc1f
--- /dev/null
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/signer/CredentialsNotAvailableException.java
@@ -0,0 +1,17 @@
+package at.gv.egovernment.moa.id.protocols.pvp2x.signer;
+
+import at.gv.egovernment.moa.id.MOAIDException;
+
+public class CredentialsNotAvailableException extends MOAIDException {
+
+ public CredentialsNotAvailableException(String messageId,
+ Object[] parameters) {
+ super(messageId, parameters);
+ }
+
+ /**
+ *
+ */
+ private static final long serialVersionUID = -2564476345552842599L;
+
+}
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/signer/SAMLSigner.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/signer/SAMLSigner.java
new file mode 100644
index 000000000..b88998cd1
--- /dev/null
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/signer/SAMLSigner.java
@@ -0,0 +1,5 @@
+package at.gv.egovernment.moa.id.protocols.pvp2x.signer;
+
+public class SAMLSigner {
+
+}
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/utils/AttributeExtractor.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/utils/AttributeExtractor.java
new file mode 100644
index 000000000..a59fc17c5
--- /dev/null
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/utils/AttributeExtractor.java
@@ -0,0 +1,66 @@
+package at.gv.egovernment.moa.id.protocols.pvp2x.utils;
+
+import java.util.Iterator;
+import java.util.List;
+
+import at.gv.egovernment.moa.id.auth.data.AuthenticationSession;
+import at.gv.egovernment.moa.id.auth.data.ExtendedSAMLAttribute;
+import at.gv.egovernment.moa.id.auth.validator.parep.ParepValidator;
+
+public class AttributeExtractor {
+
+ public static String extractSAMLAttributeOA(String name,
+ AuthenticationSession authSession) {
+ List extAttributes = authSession.getExtendedSAMLAttributesOA();
+ if(extAttributes == null) {
+ return null;
+ }
+ Iterator extAttributesIt = extAttributes.iterator();
+ String value = null;
+ while(extAttributesIt.hasNext()) {
+ Object attr = extAttributesIt.next();
+ if(attr instanceof ExtendedSAMLAttribute) {
+ ExtendedSAMLAttribute extAttribute = (ExtendedSAMLAttribute) attr;
+ if(extAttribute.getName().equals(name)) {
+ if(extAttribute.getValue() instanceof String) {
+ return extAttribute.getValue().toString();
+ }
+ break;
+ }
+ }
+ }
+ return null;
+ }
+
+ public static String extractSAMLAttributeAUTH(String name,
+ AuthenticationSession authSession) {
+ List extAttributes = authSession.getExtendedSAMLAttributesAUTH();
+ if(extAttributes == null) {
+ return null;
+ }
+ Iterator extAttributesIt = extAttributes.iterator();
+ String value = null;
+ while(extAttributesIt.hasNext()) {
+ Object attr = extAttributesIt.next();
+ if(attr instanceof ExtendedSAMLAttribute) {
+ ExtendedSAMLAttribute extAttribute = (ExtendedSAMLAttribute) attr;
+ if(extAttribute.getName().equals(name)) {
+ if(extAttribute.getValue() instanceof String) {
+ return extAttribute.getValue().toString();
+ }
+ break;
+ }
+ }
+ }
+ return null;
+ }
+
+ public static String extractSAMLAttributeBOTH(String name,
+ AuthenticationSession authSession) {
+ String value = extractSAMLAttributeOA(name, authSession);
+ if(value == null) {
+ value = extractSAMLAttributeAUTH(name, authSession);
+ }
+ return value;
+ }
+}
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/utils/CheckMandateAttributes.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/utils/CheckMandateAttributes.java
new file mode 100644
index 000000000..66d0b1d46
--- /dev/null
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/utils/CheckMandateAttributes.java
@@ -0,0 +1,47 @@
+package at.gv.egovernment.moa.id.protocols.pvp2x.utils;
+
+import java.util.ArrayList;
+import java.util.Iterator;
+import java.util.List;
+
+import org.opensaml.saml2.metadata.AttributeConsumingService;
+import org.opensaml.saml2.metadata.RequestedAttribute;
+
+import at.gv.egovernment.moa.id.protocols.pvp2x.PVPConstants;
+
+public class CheckMandateAttributes implements PVPConstants {
+ private static List<String> minMandateAttributes;
+
+ static {
+ minMandateAttributes = new ArrayList<String>();
+ minMandateAttributes.add(MANDATE_TYPE_NAME);
+
+ minMandateAttributes.add(MANDATE_LEG_PER_FULL_NAME_NAME);
+ minMandateAttributes.add(MANDATE_LEG_PER_SOURCE_PIN_NAME);
+ minMandateAttributes.add(MANDATE_LEG_PER_SOURCE_PIN_TYPE_NAME);
+
+ minMandateAttributes.add(MANDATE_NAT_PER_BIRTHDATE_NAME);
+ minMandateAttributes.add(MANDATE_NAT_PER_GIVEN_NAME_NAME);
+ minMandateAttributes.add(MANDATE_NAT_PER_BPK_NAME);
+ minMandateAttributes.add(MANDATE_NAT_PER_FAMILY_NAME_NAME);
+
+ minMandateAttributes.add(MANDATE_PROF_REP_OID_NAME);
+ minMandateAttributes.add(MANDATE_PROF_REP_DESC_NAME);
+ minMandateAttributes.add(MANDATE_REFERENCE_VALUE_NAME);
+ }
+
+ public static boolean canHandleMandate(AttributeConsumingService attributeConsumer) {
+ List<String> attrList = new ArrayList<String>(minMandateAttributes);
+ Iterator<RequestedAttribute> attrIt = attributeConsumer.getRequestAttributes().iterator();
+
+ while(attrIt.hasNext()) {
+ RequestedAttribute reqAttr = attrIt.next();
+
+ if(attrList.contains(reqAttr.getName())) {
+ attrList.remove(reqAttr.getName());
+ }
+ }
+
+ return attrList.isEmpty();
+ }
+}
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/utils/Digester.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/utils/Digester.java
new file mode 100644
index 000000000..7d81825d9
--- /dev/null
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/utils/Digester.java
@@ -0,0 +1,26 @@
+package at.gv.egovernment.moa.id.protocols.pvp2x.utils;
+
+import java.security.MessageDigest;
+import java.security.NoSuchAlgorithmException;
+
+public class Digester {
+ public static String byteArrayToHexString(byte[] b) {
+ String result = "";
+ for (int i=0; i < b.length; i++) {
+ result +=
+ Integer.toString( ( b[i] & 0xff ) + 0x100, 16).substring( 1 );
+ }
+ return result;
+ }
+
+ public static String toSHA1(byte[] convertme) {
+ MessageDigest md = null;
+ try {
+ md = MessageDigest.getInstance("SHA-1");
+ }
+ catch(NoSuchAlgorithmException e) {
+ e.printStackTrace();
+ }
+ return byteArrayToHexString(md.digest(convertme));
+ }
+}
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/utils/PrettyPrinter.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/utils/PrettyPrinter.java
new file mode 100644
index 000000000..807da0ebe
--- /dev/null
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/utils/PrettyPrinter.java
@@ -0,0 +1,301 @@
+package at.gv.egovernment.moa.id.protocols.pvp2x.utils;
+
+import java.io.*;
+import javax.xml.parsers.*;
+import javax.xml.transform.*;
+import javax.xml.transform.dom.*;
+import javax.xml.transform.stream.*;
+
+import org.w3c.dom.Document;
+
+import org.xml.sax.*;
+import org.xml.sax.helpers.*;
+
+
+/**
+This class "pretty prints" an XML stream to something more human-readable.
+It duplicates the character content with some modifications to whitespace,
+restoring line breaks and a simple pattern of indenting child elements.
+
+This version of the class acts as a SAX 2.0 <code>DefaultHandler</code>,
+so to provide the unformatted XML just pass a new instance to a SAX parser.
+Its output is via the {@link #toString toString} method.
+
+One major limitation: we gather character data for elements in a single
+buffer, so mixed-content documents will lose a lot of data! This works
+best with data-centric documents where elements either have single values
+or child elements, but not both.
+
+@author Will Provost
+*/
+/*
+Copyright 2002-2003 by Will Provost.
+All rights reserved.
+*/
+public class PrettyPrinter
+ extends DefaultHandler
+{
+ /**
+ Convenience method to wrap pretty-printing SAX pass over existing content.
+ */
+ public static String prettyPrint (byte[] content)
+ {
+ try
+ {
+ PrettyPrinter pretty = new PrettyPrinter ();
+ SAXParserFactory factory = SAXParserFactory.newInstance ();
+ factory.setFeature
+ ("http://xml.org/sax/features/namespace-prefixes", true);
+ factory.newSAXParser ().parse
+ (new ByteArrayInputStream (content), pretty);
+ return pretty.toString ();
+ }
+ catch (Exception ex)
+ {
+ ex.printStackTrace ();
+ return "EXCEPTION: " + ex.getClass ().getName () + " saying \"" +
+ ex.getMessage () + "\"";
+ }
+ }
+
+ /**
+ Convenience method to wrap pretty-printing SAX pass over existing content.
+ */
+ public static String prettyPrint (String content)
+ {
+ try
+ {
+ PrettyPrinter pretty = new PrettyPrinter ();
+ SAXParserFactory factory = SAXParserFactory.newInstance ();
+ factory.setFeature
+ ("http://xml.org/sax/features/namespace-prefixes", true);
+ factory.newSAXParser ().parse (content, pretty);
+ return pretty.toString ();
+ }
+ catch (Exception ex)
+ {
+ ex.printStackTrace ();
+ return "EXCEPTION: " + ex.getClass ().getName () + " saying \"" +
+ ex.getMessage () + "\"";
+ }
+ }
+
+ /**
+ Convenience method to wrap pretty-printing SAX pass over existing content.
+ */
+ public static String prettyPrint (InputStream content)
+ {
+ try
+ {
+ PrettyPrinter pretty = new PrettyPrinter ();
+ SAXParserFactory factory = SAXParserFactory.newInstance ();
+ factory.setFeature
+ ("http://xml.org/sax/features/namespace-prefixes", true);
+ factory.newSAXParser ().parse (content, pretty);
+ return pretty.toString ();
+ }
+ catch (Exception ex)
+ {
+ ex.printStackTrace ();
+ return "EXCEPTION: " + ex.getClass ().getName () + " saying \"" +
+ ex.getMessage () + "\"";
+ }
+ }
+
+ /**
+ Convenience method to wrap pretty-printing SAX pass over existing content.
+ */
+ public static String prettyPrint (Document doc)
+ throws TransformerException
+ {
+ try
+ {
+ ByteArrayOutputStream buffer = new ByteArrayOutputStream ();
+ TransformerFactory.newInstance ().newTransformer()
+ .transform (new DOMSource (doc), new StreamResult (buffer));
+ byte[] rawResult = buffer.toByteArray ();
+ buffer.close ();
+
+ return prettyPrint (rawResult);
+ }
+ catch (Exception ex)
+ {
+ ex.printStackTrace ();
+ return "EXCEPTION: " + ex.getClass ().getName () + " saying \"" +
+ ex.getMessage () + "\"";
+ }
+ }
+
+ public static class StreamAdapter
+ extends OutputStream
+ {
+ public StreamAdapter (Writer finalDestination)
+ {
+ this.finalDestination = finalDestination;
+ }
+
+ public void write (int b)
+ {
+ out.write (b);
+ }
+
+ public void flushPretty ()
+ throws IOException
+ {
+ PrintWriter finalPrinter = new PrintWriter (finalDestination);
+ finalPrinter.println
+ (PrettyPrinter.prettyPrint (out.toByteArray ()));
+ finalPrinter.close ();
+ out.close ();
+ }
+
+ private ByteArrayOutputStream out = new ByteArrayOutputStream ();
+ Writer finalDestination;
+ }
+
+ /**
+ Call this to get the formatted XML post-parsing.
+ */
+ public String toString ()
+ {
+ return output.toString ();
+ }
+
+ /**
+ Prints the XML declaration.
+ */
+ public void startDocument ()
+ throws SAXException
+ {
+ output.append ("<?xml version=\"1.0\" encoding=\"UTF-8\" ?>")
+ .append (endLine);
+ }
+
+ /**
+ Prints a blank line at the end of the reformatted document.
+ */
+ public void endDocument () throws SAXException
+ {
+ output.append (endLine);
+ }
+
+ /**
+ Writes the start tag for the element.
+ Attributes are written out, one to a text line. Starts gathering
+ character data for the element.
+ */
+ public void startElement
+ (String URI, String name, String qName, Attributes attributes)
+ throws SAXException
+ {
+ if (justHitStartTag)
+ output.append ('>');
+
+ output.append (endLine)
+ .append (indent)
+ .append ('<')
+ .append (qName);
+
+ int length = attributes.getLength ();
+ for (int a = 0; a < length; ++a)
+ output.append (endLine)
+ .append (indent)
+ .append (standardIndent)
+ .append (attributes.getQName (a))
+ .append ("=\"")
+ .append (attributes.getValue (a))
+ .append ('\"');
+
+ if (length > 0)
+ output.append (endLine)
+ .append (indent);
+
+ indent += standardIndent;
+ currentValue = new StringBuffer ();
+ justHitStartTag = true;
+ }
+
+ /**
+ Checks the {@link #currentValue} buffer to gather element content.
+ Writes this out if it is available. Writes the element end tag.
+ */
+ public void endElement (String URI, String name, String qName)
+ throws SAXException
+ {
+ indent = indent.substring
+ (0, indent.length () - standardIndent.length ());
+
+ if (currentValue == null)
+ output.append (endLine)
+ .append (indent)
+ .append ("</")
+ .append (qName)
+ .append ('>');
+ else if (currentValue.length () != 0)
+ output.append ('>')
+ .append (currentValue.toString ())
+ .append ("</")
+ .append (qName)
+ .append ('>');
+ else
+ output.append ("/>");
+
+ currentValue = null;
+ justHitStartTag = false;
+ }
+
+ /**
+ When the {@link #currentValue} buffer is enabled, appends character
+ data into it, to be gathered when the element end tag is encountered.
+ */
+ public void characters (char[] chars, int start, int length)
+ throws SAXException
+ {
+ if (currentValue != null)
+ currentValue.append (escape (chars, start, length));
+ }
+
+ /**
+ Filter to pass strings to output, escaping <b>&lt;</b> and <b>&amp;</b>
+ characters to &amp;lt; and &amp;amp; respectively.
+ */
+ private static String escape (char[] chars, int start, int length)
+ {
+ StringBuffer result = new StringBuffer ();
+ for (int c = start; c < start + length; ++c)
+ if (chars[c] == '<')
+ result.append ("&lt;");
+ else if (chars[c] == '&')
+ result.append ("&amp;");
+ else
+ result.append (chars[c]);
+
+ return result.toString ();
+ }
+
+ /**
+ This whitespace string is expanded and collapsed to manage the output
+ indenting.
+ */
+ private String indent = "";
+
+ /**
+ A buffer for character data. It is &quot;enabled&quot; in
+ {@link #startElement startElement} by being initialized to a
+ new <b>StringBuffer</b>, and then read and reset to
+ <code>null</code> in {@link #endElement endElement}.
+ */
+ private StringBuffer currentValue = null;
+
+ /**
+ The primary buffer for accumulating the formatted XML.
+ */
+ private StringBuffer output = new StringBuffer ();
+
+ private boolean justHitStartTag;
+
+ private static final String standardIndent = " ";
+ private static final String endLine =
+ System.getProperty ("line.separator");
+}
+
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/utils/SAML2Utils.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/utils/SAML2Utils.java
new file mode 100644
index 000000000..d6ac121b1
--- /dev/null
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/utils/SAML2Utils.java
@@ -0,0 +1,82 @@
+package at.gv.egovernment.moa.id.protocols.pvp2x.utils;
+
+import java.io.IOException;
+import java.security.NoSuchAlgorithmException;
+
+import javax.xml.namespace.QName;
+import javax.xml.parsers.DocumentBuilder;
+import javax.xml.parsers.DocumentBuilderFactory;
+import javax.xml.parsers.ParserConfigurationException;
+import javax.xml.transform.TransformerException;
+
+import org.opensaml.Configuration;
+import org.opensaml.common.impl.SecureRandomIdentifierGenerator;
+import org.opensaml.saml2.core.Status;
+import org.opensaml.saml2.core.StatusCode;
+import org.opensaml.xml.XMLObject;
+import org.opensaml.xml.XMLObjectBuilderFactory;
+import org.opensaml.xml.io.Marshaller;
+import org.opensaml.xml.io.MarshallingException;
+import org.w3c.dom.Document;
+
+import eu.stork.vidp.messages.common.STORKBootstrap;
+
+public class SAML2Utils {
+
+ public static <T> T createSAMLObject(final Class<T> clazz) {
+ try {
+ XMLObjectBuilderFactory builderFactory = Configuration
+ .getBuilderFactory();
+
+ QName defaultElementName = (QName) clazz.getDeclaredField(
+ "DEFAULT_ELEMENT_NAME").get(null);
+ @SuppressWarnings("unchecked")
+ T object = (T) builderFactory.getBuilder(defaultElementName)
+ .buildObject(defaultElementName);
+ return object;
+ } catch (Throwable e) {
+ e.printStackTrace();
+ return null;
+ }
+ }
+
+ public static String getSecureIdentifier() {
+ return idGenerator.generateIdentifier();
+ }
+
+ private static SecureRandomIdentifierGenerator idGenerator;
+
+ private static DocumentBuilder builder;
+ static {
+ DocumentBuilderFactory factory = DocumentBuilderFactory.newInstance();
+ factory.setNamespaceAware(true);
+ try {
+ builder = factory.newDocumentBuilder();
+ } catch (ParserConfigurationException e) {
+ // TODO Auto-generated catch block
+ e.printStackTrace();
+ }
+ try {
+ idGenerator = new SecureRandomIdentifierGenerator();
+ } catch(NoSuchAlgorithmException e) {
+ e.printStackTrace();
+ }
+ }
+
+ public static Document asDOMDocument(XMLObject object) throws IOException,
+ MarshallingException, TransformerException {
+ Document document = builder.newDocument();
+ Marshaller out = Configuration.getMarshallerFactory().getMarshaller(
+ object);
+ out.marshall(object, document);
+ return document;
+ }
+
+ public static Status getSuccessStatus() {
+ Status status = SAML2Utils.createSAMLObject(Status.class);
+ StatusCode statusCode = SAML2Utils.createSAMLObject(StatusCode.class);
+ statusCode.setValue(StatusCode.SUCCESS_URI);
+ status.setStatusCode(statusCode);
+ return status;
+ }
+}
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/utils/StoredAssertion.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/utils/StoredAssertion.java
new file mode 100644
index 000000000..70793d073
--- /dev/null
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/utils/StoredAssertion.java
@@ -0,0 +1,48 @@
+package at.gv.egovernment.moa.id.protocols.pvp2x.utils;
+
+import org.joda.time.DateTime;
+import org.opensaml.common.SAMLObject;
+import org.opensaml.common.binding.artifact.SAMLArtifactMap.SAMLArtifactMapEntry;
+
+public class StoredAssertion implements SAMLArtifactMapEntry {
+ private String artifact;
+ private String relyingPartyId;
+ private String issuerId;
+ private SAMLObject samlMessage;
+ private DateTime expirationTime;
+
+ public StoredAssertion(String artifact,
+ String relyingPartyId,
+ String issuerId,
+ SAMLObject samlMessage) {
+ this.artifact = artifact;
+ this.relyingPartyId = relyingPartyId;
+ this.issuerId = issuerId;
+ this.samlMessage = samlMessage;
+ this.expirationTime = new DateTime();
+ this.expirationTime.plusMinutes(5);
+ }
+
+ public DateTime getExpirationTime() {
+ return expirationTime;
+ }
+
+ public boolean isExpired() {
+ return this.expirationTime.isAfterNow();
+ }
+
+ public void onExpire() {
+ }
+ public String getArtifact() {
+ return artifact;
+ }
+ public String getIssuerId() {
+ return issuerId;
+ }
+ public String getRelyingPartyId() {
+ return relyingPartyId;
+ }
+ public SAMLObject getSamlMessage() {
+ return samlMessage;
+ }
+}
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/validation/ChainSAMLValidator.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/validation/ChainSAMLValidator.java
new file mode 100644
index 000000000..bf30c72cb
--- /dev/null
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/validation/ChainSAMLValidator.java
@@ -0,0 +1,28 @@
+package at.gv.egovernment.moa.id.protocols.pvp2x.validation;
+
+import java.util.ArrayList;
+import java.util.Iterator;
+import java.util.List;
+
+import org.opensaml.saml2.core.RequestAbstractType;
+
+import at.gv.egovernment.moa.id.MOAIDException;
+
+public class ChainSAMLValidator implements ISAMLValidator {
+
+private List<ISAMLValidator> validator = new ArrayList<ISAMLValidator>();
+
+ public void addValidator(ISAMLValidator validator) {
+ this.validator.add(validator);
+ }
+
+ public void validateRequest(RequestAbstractType request)
+ throws MOAIDException {
+ Iterator<ISAMLValidator> validatorIterator = validator.iterator();
+ while(validatorIterator.hasNext()) {
+ ISAMLValidator validator = validatorIterator.next();
+ validator.validateRequest(request);
+ }
+ }
+
+}
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/validation/ISAMLValidator.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/validation/ISAMLValidator.java
new file mode 100644
index 000000000..525a0870e
--- /dev/null
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/validation/ISAMLValidator.java
@@ -0,0 +1,9 @@
+package at.gv.egovernment.moa.id.protocols.pvp2x.validation;
+
+import org.opensaml.saml2.core.RequestAbstractType;
+
+import at.gv.egovernment.moa.id.MOAIDException;
+
+public interface ISAMLValidator {
+ public void validateRequest(RequestAbstractType request) throws MOAIDException;
+}
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/validation/SAMLSignatureValidator.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/validation/SAMLSignatureValidator.java
new file mode 100644
index 000000000..db1241e6f
--- /dev/null
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/validation/SAMLSignatureValidator.java
@@ -0,0 +1,42 @@
+package at.gv.egovernment.moa.id.protocols.pvp2x.validation;
+
+import org.opensaml.common.SignableSAMLObject;
+import org.opensaml.saml2.core.RequestAbstractType;
+import org.opensaml.security.SAMLSignatureProfileValidator;
+import org.opensaml.xml.validation.ValidationException;
+
+import at.gv.egovernment.moa.id.MOAIDException;
+import at.gv.egovernment.moa.id.protocols.pvp2x.exceptions.SAMLRequestNotSignedException;
+
+public class SAMLSignatureValidator implements ISAMLValidator {
+
+ public void validateRequest(RequestAbstractType request)
+ throws MOAIDException {
+ if (request.getSignature() == null) {
+ throw new SAMLRequestNotSignedException();
+ }
+
+ try {
+ SAMLSignatureProfileValidator sigValidator = new SAMLSignatureProfileValidator();
+ sigValidator.validate(request.getSignature());
+ } catch (ValidationException e) {
+ e.printStackTrace();
+ throw new SAMLRequestNotSignedException(e);
+ }
+ }
+
+ public static void validateSignable(SignableSAMLObject signableObject)
+ throws MOAIDException {
+ if (signableObject.getSignature() == null) {
+ throw new SAMLRequestNotSignedException();
+ }
+
+ try {
+ SAMLSignatureProfileValidator sigValidator = new SAMLSignatureProfileValidator();
+ sigValidator.validate(signableObject.getSignature());
+ } catch (ValidationException e) {
+ e.printStackTrace();
+ throw new SAMLRequestNotSignedException(e);
+ }
+ }
+}
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/verification/ChainSAMLVerifier.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/verification/ChainSAMLVerifier.java
new file mode 100644
index 000000000..5cea607bc
--- /dev/null
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/verification/ChainSAMLVerifier.java
@@ -0,0 +1,28 @@
+package at.gv.egovernment.moa.id.protocols.pvp2x.verification;
+
+import java.util.ArrayList;
+import java.util.Iterator;
+import java.util.List;
+
+import org.opensaml.saml2.core.RequestAbstractType;
+
+import at.gv.egovernment.moa.id.MOAIDException;
+
+public class ChainSAMLVerifier implements ISAMLVerifier {
+
+ private List<ISAMLVerifier> verifier = new ArrayList<ISAMLVerifier>();
+
+ public void addVerifier(ISAMLVerifier verifier) {
+ this.verifier.add(verifier);
+ }
+
+ public void verifyRequest(RequestAbstractType request)
+ throws MOAIDException {
+ Iterator<ISAMLVerifier> verifyIterator = verifier.iterator();
+ while(verifyIterator.hasNext()) {
+ ISAMLVerifier verifier = verifyIterator.next();
+ verifier.verifyRequest(request);
+ }
+ }
+
+}
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/verification/EntityVerifier.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/verification/EntityVerifier.java
new file mode 100644
index 000000000..b78c2f264
--- /dev/null
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/verification/EntityVerifier.java
@@ -0,0 +1,160 @@
+package at.gv.egovernment.moa.id.protocols.pvp2x.verification;
+
+import java.util.Iterator;
+import java.util.List;
+
+import org.opensaml.saml2.metadata.EntitiesDescriptor;
+import org.opensaml.saml2.metadata.EntityDescriptor;
+import org.opensaml.security.SAMLSignatureProfileValidator;
+import org.opensaml.xml.security.credential.Credential;
+import org.opensaml.xml.signature.SignatureValidator;
+import org.opensaml.xml.validation.ValidationException;
+
+import at.gv.egovernment.moa.id.MOAIDException;
+import at.gv.egovernment.moa.id.commons.db.ConfigurationDBRead;
+import at.gv.egovernment.moa.id.commons.db.dao.config.OAPVP2;
+import at.gv.egovernment.moa.id.commons.db.dao.config.OnlineApplication;
+import at.gv.egovernment.moa.id.protocols.pvp2x.exceptions.NoCredentialsException;
+import at.gv.egovernment.moa.id.protocols.pvp2x.exceptions.SAMLRequestNotSignedException;
+import at.gv.egovernment.moa.id.protocols.pvp2x.signer.CredentialProvider;
+import at.gv.egovernment.moa.logging.Logger;
+
+public class EntityVerifier {
+
+ public static byte[] fetchSavedCredential(String entityID) {
+ List<OnlineApplication> oaList = ConfigurationDBRead
+ .getAllActiveOnlineApplications();
+ Iterator<OnlineApplication> oaIt = oaList.iterator();
+ while (oaIt.hasNext()) {
+ OnlineApplication oa = oaIt.next();
+ if (oa.getPublicURLPrefix().equals(entityID)) {
+ OAPVP2 pvp2Config = oa.getAuthComponentOA().getOAPVP2();
+ if (pvp2Config != null) {
+ return pvp2Config.getCertificate();
+ }
+ }
+ }
+ return null;
+ }
+
+ public static void verify(EntityDescriptor entityDescriptor)
+ throws MOAIDException {
+ if (entityDescriptor.getSignature() == null) {
+ throw new SAMLRequestNotSignedException();
+ }
+
+ try {
+ SAMLSignatureProfileValidator sigValidator = new SAMLSignatureProfileValidator();
+ sigValidator.validate(entityDescriptor.getSignature());
+ } catch (ValidationException e) {
+ Logger.error("Failed to validate Signature", e);
+ throw new SAMLRequestNotSignedException(e);
+ }
+
+ Credential credential = CredentialProvider
+ .getSPTrustedCredential(entityDescriptor.getEntityID());
+ if (credential == null) {
+ throw new NoCredentialsException(entityDescriptor.getEntityID());
+ }
+
+ SignatureValidator sigValidator = new SignatureValidator(credential);
+ try {
+ sigValidator.validate(entityDescriptor.getSignature());
+ } catch (ValidationException e) {
+ Logger.error("Failed to verfiy Signature", e);
+ throw new SAMLRequestNotSignedException(e);
+ }
+ }
+
+ public static void verify(EntityDescriptor entityDescriptor, Credential cred)
+ throws MOAIDException {
+ if (entityDescriptor.getSignature() == null) {
+ throw new SAMLRequestNotSignedException();
+ }
+
+ try {
+ SAMLSignatureProfileValidator sigValidator = new SAMLSignatureProfileValidator();
+ sigValidator.validate(entityDescriptor.getSignature());
+ } catch (ValidationException e) {
+ Logger.error("Failed to validate Signature", e);
+ throw new SAMLRequestNotSignedException(e);
+ }
+
+ SignatureValidator sigValidator = new SignatureValidator(cred);
+ try {
+ sigValidator.validate(entityDescriptor.getSignature());
+ } catch (ValidationException e) {
+ Logger.error("Failed to verfiy Signature", e);
+ throw new SAMLRequestNotSignedException(e);
+ }
+ }
+
+ public static void verify(EntitiesDescriptor entityDescriptor,
+ Credential cred) throws MOAIDException {
+ if (entityDescriptor.getSignature() == null) {
+ throw new SAMLRequestNotSignedException();
+ }
+
+ try {
+ SAMLSignatureProfileValidator sigValidator = new SAMLSignatureProfileValidator();
+ sigValidator.validate(entityDescriptor.getSignature());
+ } catch (ValidationException e) {
+ Logger.error("Failed to validate Signature", e);
+ throw new SAMLRequestNotSignedException(e);
+ }
+
+ SignatureValidator sigValidator = new SignatureValidator(cred);
+ try {
+ sigValidator.validate(entityDescriptor.getSignature());
+
+ } catch (ValidationException e) {
+ Logger.error("Failed to verfiy Signature", e);
+ throw new SAMLRequestNotSignedException(e);
+ }
+ }
+
+ public static void verify(EntitiesDescriptor entityDescriptor)
+ throws MOAIDException {
+ if (entityDescriptor.getSignature() == null) {
+ throw new SAMLRequestNotSignedException();
+ }
+
+ try {
+ SAMLSignatureProfileValidator sigValidator = new SAMLSignatureProfileValidator();
+ sigValidator.validate(entityDescriptor.getSignature());
+ } catch (ValidationException e) {
+ Logger.error("Failed to validate Signature", e);
+ throw new SAMLRequestNotSignedException(e);
+ }
+
+ List<EntityDescriptor> entities = entityDescriptor
+ .getEntityDescriptors();
+
+ if (entities.size() > 0) {
+
+ if (entities.size() > 1) {
+ Logger.warn("More then one EntityID in Metadatafile with Name "
+ + entityDescriptor.getName()
+ + " defined. Actually only the first"
+ + " entryID is used to select the certificate to perform Metadata verification.");
+ }
+
+ Credential credential = CredentialProvider
+ .getSPTrustedCredential(entities.get(0).getEntityID());
+
+ if (credential == null) {
+ throw new NoCredentialsException("moaID IDP");
+ }
+
+ SignatureValidator sigValidator = new SignatureValidator(credential);
+ try {
+ sigValidator.validate(entityDescriptor.getSignature());
+
+ } catch (ValidationException e) {
+ Logger.error("Failed to verfiy Signature", e);
+ throw new SAMLRequestNotSignedException(e);
+ }
+ }
+ }
+
+}
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/verification/ISAMLVerifier.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/verification/ISAMLVerifier.java
new file mode 100644
index 000000000..a577f3f46
--- /dev/null
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/verification/ISAMLVerifier.java
@@ -0,0 +1,9 @@
+package at.gv.egovernment.moa.id.protocols.pvp2x.verification;
+
+import org.opensaml.saml2.core.RequestAbstractType;
+
+import at.gv.egovernment.moa.id.MOAIDException;
+
+public interface ISAMLVerifier {
+ public void verifyRequest(RequestAbstractType request) throws MOAIDException;
+}
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/verification/MetadataSignatureFilter.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/verification/MetadataSignatureFilter.java
new file mode 100644
index 000000000..36dc2442c
--- /dev/null
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/verification/MetadataSignatureFilter.java
@@ -0,0 +1,78 @@
+package at.gv.egovernment.moa.id.protocols.pvp2x.verification;
+
+import iaik.x509.X509Certificate;
+
+import java.security.cert.CertificateException;
+import java.util.Iterator;
+
+import org.opensaml.saml2.metadata.EntitiesDescriptor;
+import org.opensaml.saml2.metadata.EntityDescriptor;
+import org.opensaml.saml2.metadata.provider.FilterException;
+import org.opensaml.saml2.metadata.provider.MetadataFilter;
+import org.opensaml.xml.XMLObject;
+import org.opensaml.xml.security.credential.Credential;
+import org.opensaml.xml.security.x509.BasicX509Credential;
+
+import at.gv.egovernment.moa.id.MOAIDException;
+import at.gv.egovernment.moa.logging.Logger;
+
+public class MetadataSignatureFilter implements MetadataFilter {
+
+ private String metadataURL;
+ private BasicX509Credential savedCredential;
+
+ public MetadataSignatureFilter(String url, byte[] certificate)
+ throws CertificateException {
+ this.metadataURL = url;
+ X509Certificate cert = new X509Certificate(certificate);
+ savedCredential = new BasicX509Credential();
+ savedCredential.setEntityCertificate(cert);
+ }
+
+ public void processEntityDescriptorr(EntityDescriptor desc) throws MOAIDException {
+
+ String entityID = desc.getEntityID();
+
+ EntityVerifier.verify(desc);
+ }
+
+ public void processEntitiesDescriptor(EntitiesDescriptor desc) throws MOAIDException {
+ Iterator<EntitiesDescriptor> entID = desc.getEntitiesDescriptors().iterator();
+
+ if(desc.getSignature() != null) {
+ EntityVerifier.verify(desc, this.savedCredential);
+ }
+
+ while(entID.hasNext()) {
+ processEntitiesDescriptor(entID.next());
+ }
+
+ Iterator<EntityDescriptor> entIT = desc.getEntityDescriptors().iterator();
+
+ while(entID.hasNext()) {
+ processEntityDescriptorr(entIT.next());
+ }
+ }
+
+ public void doFilter(XMLObject metadata) throws FilterException {
+ try {
+ if (metadata instanceof EntitiesDescriptor) {
+ EntitiesDescriptor entitiesDescriptor = (EntitiesDescriptor) metadata;
+ if(entitiesDescriptor.getSignature() == null) {
+ throw new MOAIDException("Root element of metadata file has to be signed", null);
+ }
+ processEntitiesDescriptor(entitiesDescriptor);
+ } /*else if (metadata instanceof EntityDescriptor) {
+ EntityDescriptor entityDescriptor = (EntityDescriptor) metadata;
+ processEntityDescriptorr(entityDescriptor);
+ } */else {
+ throw new MOAIDException("Invalid Metadata file Root element is no EntitiesDescriptor", null);
+ }
+ Logger.info("Metadata Filter done OK");
+ } catch (MOAIDException e) {
+ e.printStackTrace();
+ throw new FilterException(e);
+ }
+ }
+
+}
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/verification/SAMLVerificationEngine.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/verification/SAMLVerificationEngine.java
new file mode 100644
index 000000000..8df418f9a
--- /dev/null
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/verification/SAMLVerificationEngine.java
@@ -0,0 +1,67 @@
+package at.gv.egovernment.moa.id.protocols.pvp2x.verification;
+
+import org.opensaml.common.xml.SAMLConstants;
+import org.opensaml.saml2.core.RequestAbstractType;
+import org.opensaml.saml2.core.Response;
+import org.opensaml.saml2.metadata.IDPSSODescriptor;
+import org.opensaml.saml2.metadata.SPSSODescriptor;
+import org.opensaml.security.MetadataCriteria;
+import org.opensaml.security.SAMLSignatureProfileValidator;
+import org.opensaml.xml.security.CriteriaSet;
+import org.opensaml.xml.security.credential.UsageType;
+import org.opensaml.xml.security.criteria.EntityIDCriteria;
+import org.opensaml.xml.security.criteria.UsageCriteria;
+import org.opensaml.xml.signature.SignatureTrustEngine;
+import org.opensaml.xml.validation.ValidationException;
+
+public class SAMLVerificationEngine {
+
+ public void verifyResponse(Response samlObj, SignatureTrustEngine sigTrustEngine ) throws org.opensaml.xml.security.SecurityException, Exception {
+ SAMLSignatureProfileValidator profileValidator = new SAMLSignatureProfileValidator();
+ try {
+ profileValidator.validate(samlObj.getSignature());
+ } catch (ValidationException e) {
+ // Indicates signature did not conform to SAML Signature profile
+ e.printStackTrace();
+ }
+
+ CriteriaSet criteriaSet = new CriteriaSet();
+ criteriaSet.add( new EntityIDCriteria(samlObj.getIssuer().getValue()) );
+ criteriaSet.add( new MetadataCriteria(SPSSODescriptor.DEFAULT_ELEMENT_NAME, SAMLConstants.SAML20P_NS) );
+ criteriaSet.add( new UsageCriteria(UsageType.SIGNING) );
+
+ try {
+ if (!sigTrustEngine.validate(samlObj.getSignature(), criteriaSet)) {
+ throw new Exception("Signature was either invalid or signing key could not be established as trusted");
+ }
+ } catch (SecurityException e) {
+ // Indicates processing error evaluating the signature
+ e.printStackTrace();
+ }
+ }
+
+ public void verifyRequest(RequestAbstractType samlObj, SignatureTrustEngine sigTrustEngine ) throws org.opensaml.xml.security.SecurityException, Exception {
+ SAMLSignatureProfileValidator profileValidator = new SAMLSignatureProfileValidator();
+ try {
+ profileValidator.validate(samlObj.getSignature());
+ } catch (ValidationException e) {
+ // Indicates signature did not conform to SAML Signature profile
+ e.printStackTrace();
+ }
+
+ CriteriaSet criteriaSet = new CriteriaSet();
+ criteriaSet.add( new EntityIDCriteria(samlObj.getIssuer().getValue()) );
+ criteriaSet.add( new MetadataCriteria(SPSSODescriptor.DEFAULT_ELEMENT_NAME, SAMLConstants.SAML20P_NS) );
+ criteriaSet.add( new UsageCriteria(UsageType.SIGNING) );
+
+ try {
+ if (!sigTrustEngine.validate(samlObj.getSignature(), criteriaSet)) {
+ throw new Exception("Signature was either invalid or signing key could not be established as trusted");
+ }
+ } catch (SecurityException e) {
+ // Indicates processing error evaluating the signature
+ e.printStackTrace();
+ }
+ }
+
+}
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/verification/SAMLVerifierMOASP.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/verification/SAMLVerifierMOASP.java
new file mode 100644
index 000000000..6dbaae0a1
--- /dev/null
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/verification/SAMLVerifierMOASP.java
@@ -0,0 +1,108 @@
+package at.gv.egovernment.moa.id.protocols.pvp2x.verification;
+
+import org.opensaml.saml2.core.RequestAbstractType;
+import org.opensaml.security.SAMLSignatureProfileValidator;
+import org.opensaml.xml.validation.ValidationException;
+import org.w3c.dom.Element;
+
+import at.gv.egovernment.moa.id.BuildException;
+import at.gv.egovernment.moa.id.MOAIDException;
+import at.gv.egovernment.moa.id.ParseException;
+import at.gv.egovernment.moa.id.ServiceException;
+import at.gv.egovernment.moa.id.auth.builder.VerifyXMLSignatureRequestBuilder;
+import at.gv.egovernment.moa.id.auth.data.VerifyXMLSignatureResponse;
+import at.gv.egovernment.moa.id.auth.invoke.SignatureVerificationInvoker;
+import at.gv.egovernment.moa.id.auth.parser.VerifyXMLSignatureResponseParser;
+import at.gv.egovernment.moa.id.config.ConfigurationException;
+import at.gv.egovernment.moa.id.config.auth.AuthConfigurationProvider;
+import at.gv.egovernment.moa.logging.Logger;
+import eu.stork.vidp.messages.util.XMLUtil;
+
+public class SAMLVerifierMOASP implements ISAMLVerifier {
+
+
+ //TODO: implement via metadata validator ....
+ public void verifyRequest(RequestAbstractType request)
+ throws MOAIDException {
+ // validate Signature
+ try {
+ if (request.isSigned()) {
+
+ String trustProfileID = AuthConfigurationProvider.getInstance()
+ .getStorkConfig().getSignatureVerificationParameter()
+ .getTrustProfileID();
+
+ Logger.trace("Starting validation of Signature references");
+ try {
+ SAMLSignatureProfileValidator sigValidator = new SAMLSignatureProfileValidator();
+ sigValidator.validate(request.getSignature());
+ } catch (ValidationException e) {
+ Logger.error("Validation of XML Signature refrences failed: "
+ + e.getMessage());
+ throw new SecurityException(e);
+ }
+ Logger.debug("XML Signature references are OK.");
+
+ Logger.debug("Invoking MOA-SP with TrustProfileID: "
+ + trustProfileID);
+
+ // builds a <VerifyXMLSignatureRequest> for a call of MOA-SP
+ Element domVerifyXMLSignatureRequest = new VerifyXMLSignatureRequestBuilder()
+ .build(XMLUtil.printXML(request.getDOM()).getBytes(),
+ trustProfileID);
+
+ Logger.trace("VerifyXMLSignatureRequest for MOA-SP succesfully built");
+
+ Logger.trace("Calling MOA-SP");
+ // invokes the call
+ Element domVerifyXMLSignatureResponse = new SignatureVerificationInvoker()
+ .verifyXMLSignature(domVerifyXMLSignatureRequest);
+
+ // parses the <VerifyXMLSignatureResponse>
+ VerifyXMLSignatureResponse verifyXMLSignatureResponse = new VerifyXMLSignatureResponseParser(
+ domVerifyXMLSignatureResponse).parseData();
+
+ Logger.trace("Received VerifyXMLSignatureResponse from MOA-SP");
+
+ if (verifyXMLSignatureResponse.getSignatureCheckCode() != 0) {
+ String msg = "Signature of SAMLResponse not valid";
+ Logger.error(msg);
+ throw new SecurityException(msg);
+ }
+
+ Logger.debug("Signature of SAML response successfully verified");
+
+ if (verifyXMLSignatureResponse.getCertificateCheckCode() != 0) {
+ String msg = "Certificate of SAMLResponse not valid";
+ Logger.error(msg);
+ throw new SecurityException(msg);
+ }
+
+ Logger.debug("Signing certificate of SAML response succesfully verified");
+
+ } else {
+ String msg = "SAML Object is not signed.";
+ throw new SecurityException(msg);
+ }
+
+ } catch (ConfigurationException e) {
+ String msg = "Unable to load STORK configuration for STORK SAML Response signature verification.";
+ Logger.error(msg, e);
+ throw new SecurityException(msg, e);
+ } catch (ParseException e) {
+ String msg = "Unable to parse VerifyXMLSignature Request or Response.";
+ Logger.error(msg, e);
+ throw new SecurityException(msg, e);
+ } catch (BuildException e) {
+ String msg = "Unable to parse VerifyXMLSignature Request or Response.";
+ Logger.error(msg, e);
+ throw new SecurityException(msg, e);
+ } catch (ServiceException e) {
+ String msg = "Unable to invoke MOA-SP.";
+ Logger.error(msg, e);
+ throw new SecurityException(msg, e);
+ }
+
+ }
+
+}
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/verification/TrustEngineFactory.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/verification/TrustEngineFactory.java
new file mode 100644
index 000000000..f3c5ed86a
--- /dev/null
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/verification/TrustEngineFactory.java
@@ -0,0 +1,71 @@
+package at.gv.egovernment.moa.id.protocols.pvp2x.verification;
+
+import java.util.ArrayList;
+import java.util.List;
+
+import org.opensaml.saml2.metadata.provider.MetadataProviderException;
+import org.opensaml.security.MetadataCredentialResolver;
+import org.opensaml.xml.security.credential.CredentialResolver;
+import org.opensaml.xml.security.keyinfo.BasicProviderKeyInfoCredentialResolver;
+import org.opensaml.xml.security.keyinfo.KeyInfoCredentialResolver;
+import org.opensaml.xml.security.keyinfo.KeyInfoProvider;
+import org.opensaml.xml.security.keyinfo.provider.DSAKeyValueProvider;
+import org.opensaml.xml.security.keyinfo.provider.InlineX509DataProvider;
+import org.opensaml.xml.security.keyinfo.provider.RSAKeyValueProvider;
+import org.opensaml.xml.signature.SignatureTrustEngine;
+import org.opensaml.xml.signature.impl.ExplicitKeySignatureTrustEngine;
+import org.opensaml.xml.signature.impl.PKIXSignatureTrustEngine;
+
+import sun.security.krb5.Credentials;
+
+import at.gv.egovernment.moa.id.protocols.pvp2x.metadata.MOAMetadataProvider;
+import edu.internet2.middleware.shibboleth.common.security.MetadataPKIXValidationInformationResolver;
+
+public class TrustEngineFactory {
+
+ public static SignatureTrustEngine getSignatureTrustEngine() {
+ try {
+ MetadataPKIXValidationInformationResolver mdResolver = new MetadataPKIXValidationInformationResolver(
+ MOAMetadataProvider.getInstance());
+
+ List<KeyInfoProvider> keyInfoProvider = new ArrayList<KeyInfoProvider>();
+ keyInfoProvider.add(new DSAKeyValueProvider());
+ keyInfoProvider.add(new RSAKeyValueProvider());
+ keyInfoProvider.add(new InlineX509DataProvider());
+
+ KeyInfoCredentialResolver keyInfoResolver = new BasicProviderKeyInfoCredentialResolver(
+ keyInfoProvider);
+
+ PKIXSignatureTrustEngine engine = new PKIXSignatureTrustEngine(
+ mdResolver, keyInfoResolver);
+
+ return engine;
+
+ } catch (Exception e) {
+ e.printStackTrace();
+ return null;
+ }
+ }
+
+ public static SignatureTrustEngine getSignatureKnownKeysTrustEngine() {
+ MetadataCredentialResolver resolver;
+
+ resolver = new MetadataCredentialResolver(
+ MOAMetadataProvider.getInstance());
+
+ List<KeyInfoProvider> keyInfoProvider = new ArrayList<KeyInfoProvider>();
+ keyInfoProvider.add(new DSAKeyValueProvider());
+ keyInfoProvider.add(new RSAKeyValueProvider());
+ keyInfoProvider.add(new InlineX509DataProvider());
+
+ KeyInfoCredentialResolver keyInfoResolver = new BasicProviderKeyInfoCredentialResolver(
+ keyInfoProvider);
+
+ ExplicitKeySignatureTrustEngine engine = new ExplicitKeySignatureTrustEngine(
+ resolver, keyInfoResolver);
+
+ return engine;
+
+ }
+
+}
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/saml1/GetArtifactAction.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/saml1/GetArtifactAction.java
new file mode 100644
index 000000000..75825d92d
--- /dev/null
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/saml1/GetArtifactAction.java
@@ -0,0 +1,186 @@
+package at.gv.egovernment.moa.id.protocols.saml1;
+
+import java.io.IOException;
+import java.io.PrintWriter;
+import java.io.UnsupportedEncodingException;
+
+import javax.servlet.http.HttpServletRequest;
+import javax.servlet.http.HttpServletResponse;
+import javax.servlet.http.HttpSession;
+
+import org.apache.commons.lang.StringEscapeUtils;
+
+import at.gv.egovernment.moa.id.AuthenticationException;
+import at.gv.egovernment.moa.id.BuildException;
+import at.gv.egovernment.moa.id.auth.WrongParametersException;
+import at.gv.egovernment.moa.id.auth.builder.RedirectFormBuilder;
+import at.gv.egovernment.moa.id.auth.data.AuthenticationSession;
+import at.gv.egovernment.moa.id.auth.servlet.RedirectServlet;
+import at.gv.egovernment.moa.id.commons.db.dao.session.AuthenticatedSessionStore;
+import at.gv.egovernment.moa.id.commons.db.ex.MOADatabaseException;
+import at.gv.egovernment.moa.id.config.ConfigurationException;
+import at.gv.egovernment.moa.id.config.auth.AuthConfigurationProvider;
+import at.gv.egovernment.moa.id.config.auth.OAAuthParameter;
+import at.gv.egovernment.moa.id.data.AuthenticationData;
+import at.gv.egovernment.moa.id.moduls.AuthenticationManager;
+import at.gv.egovernment.moa.id.moduls.IAction;
+import at.gv.egovernment.moa.id.moduls.IRequest;
+import at.gv.egovernment.moa.id.storage.AuthenticationSessionStoreage;
+import at.gv.egovernment.moa.id.util.ParamValidatorUtils;
+import at.gv.egovernment.moa.logging.Logger;
+import at.gv.egovernment.moa.util.URLEncoder;
+
+public class GetArtifactAction implements IAction {
+
+ public void processRequest(IRequest req, HttpServletRequest httpReq,
+ HttpServletResponse httpResp, AuthenticationSession session) throws AuthenticationException {
+
+// HttpSession httpSession = httpReq.getSession();
+// AuthenticationManager authmanager = AuthenticationManager.getInstance();
+// AuthenticationSession session = authmanager.getAuthenticationSession(httpSession);
+
+// if (!AuthenticationSessionStoreage.isAuthenticated(session.getSessionID())) {
+// throw new AuthenticationException("auth.21", new Object[] {});
+// }
+
+ String oaURL = (String) req.getOAURL();
+ String target = (String) req.getTarget();
+
+ try {
+
+
+ if (oaURL == null) {
+ throw new WrongParametersException("StartAuthentication",
+ PARAM_OA, "auth.12");
+ }
+
+ // check parameter
+ if (!ParamValidatorUtils.isValidOA(oaURL))
+ throw new WrongParametersException("StartAuthentication",
+ PARAM_OA, "auth.12");
+
+
+ // if (oaURL == null) {
+// oaURL = session.getOAURLRequested();
+// }
+
+
+ // TODO: Support Mandate MODE!
+ OAAuthParameter oaParam = AuthConfigurationProvider.getInstance()
+ .getOnlineApplicationParameter(oaURL);
+
+ // builds authentication data and stores it together with a SAML
+ // artifact
+
+ //TODO: check, if this is correct!!!!
+ //AuthenticationData authData = buildAuthenticationData(session, session.getXMLVerifySignatureResponse(),
+ // useUTC, false);
+
+ SAML1AuthenticationServer saml1server = SAML1AuthenticationServer.getInstace();
+
+ AuthenticationData authData = SAML1AuthenticationServer.buildAuthenticationData(session,
+ oaParam,
+ target);
+
+ String samlArtifactBase64 = saml1server.BuildSAMLArtifact(session, oaParam, authData);
+
+ if (AuthenticationSessionStoreage.isSSOSession(session.getSessionID())) {
+ String url = "RedirectServlet";
+ url = addURLParameter(url, RedirectServlet.REDIRCT_PARAM_URL, URLEncoder.encode(oaURL, "UTF-8"));
+ if (!oaParam.getBusinessService())
+ url = addURLParameter(url, PARAM_TARGET, URLEncoder.encode(oaParam.getTarget(), "UTF-8"));
+ url = addURLParameter(url, PARAM_SAMLARTIFACT, URLEncoder.encode(samlArtifactBase64, "UTF-8"));
+ url = httpResp.encodeRedirectURL(url);
+
+ httpResp.setContentType("text/html");
+ httpResp.setStatus(302);
+ httpResp.addHeader("Location", url);
+
+ } else {
+ String redirectURL = oaURL;
+
+ //session.getOAURLRequested();
+
+ if (!oaParam.getBusinessService()) {
+// redirectURL = addURLParameter(redirectURL, PARAM_TARGET,
+// URLEncoder.encode(session.getTarget(), "UTF-8"));
+ redirectURL = addURLParameter(redirectURL, PARAM_TARGET,
+ URLEncoder.encode(oaParam.getTarget(), "UTF-8"));
+
+
+ }
+ redirectURL = addURLParameter(redirectURL, PARAM_SAMLARTIFACT,
+ URLEncoder.encode(samlArtifactBase64, "UTF-8"));
+ redirectURL = httpResp.encodeRedirectURL(redirectURL);
+ httpResp.setContentType("text/html");
+ httpResp.setStatus(302);
+ httpResp.addHeader("Location", redirectURL);
+ Logger.debug("REDIRECT TO: " + redirectURL);
+ }
+ // CONFIRMATION FOR SSO!
+ /*
+ * OAAuthParameter oaParam =
+ * AuthConfigurationProvider.getInstance().
+ * getOnlineApplicationParameter(oaURL);
+ *
+ * String friendlyName = oaParam.getFriendlyName(); if(friendlyName
+ * == null) { friendlyName = oaURL; }
+ *
+ *
+ * LoginConfirmationBuilder builder = new
+ * LoginConfirmationBuilder();
+ * builder.addParameter(PARAM_SAMLARTIFACT, samlArtifactBase64);
+ * String form = builder.finish(oaURL, session.getIdentityLink()
+ * .getName(), friendlyName);
+ */
+
+ /*
+ * resp.setContentType("text/html");
+ *
+ * OutputStream out = resp.getOutputStream();
+ * out.write(form.getBytes("UTF-8")); out.flush(); out.close();
+ */
+
+ } catch (WrongParametersException ex) {
+ // handleWrongParameters(ex, req, httpResp);
+ ex.printStackTrace();
+ } catch (ConfigurationException e) {
+ // TODO Auto-generated catch block
+ e.printStackTrace();
+ } catch (BuildException e) {
+ // TODO Auto-generated catch block
+ e.printStackTrace();
+ } catch (AuthenticationException e) {
+ // TODO Auto-generated catch block
+ e.printStackTrace();
+ } catch (UnsupportedEncodingException e) {
+ // TODO Auto-generated catch block
+ e.printStackTrace();
+ } catch (IOException e) {
+ // TODO Auto-generated catch block
+ e.printStackTrace();
+ } catch (MOADatabaseException e) {
+ // TODO Auto-generated catch block
+ e.printStackTrace();
+ }
+ }
+
+ protected static String addURLParameter(String url, String paramname,
+ String paramvalue) {
+ String param = paramname + "=" + paramvalue;
+ if (url.indexOf("?") < 0)
+ return url + "?" + param;
+ else
+ return url + "&" + param;
+ }
+
+ public boolean needAuthentication(IRequest req, HttpServletRequest httpReq,
+ HttpServletResponse httpResp) {
+ return true;
+ }
+
+ public String getDefaultActionName() {
+ return SAML1Protocol.GETARTIFACT;
+ }
+
+}
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/saml1/GetArtifactServlet.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/saml1/GetArtifactServlet.java
new file mode 100644
index 000000000..433302b4f
--- /dev/null
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/saml1/GetArtifactServlet.java
@@ -0,0 +1,135 @@
+package at.gv.egovernment.moa.id.protocols.saml1;
+
+import java.io.IOException;
+
+import javax.servlet.ServletException;
+import javax.servlet.http.HttpServletRequest;
+import javax.servlet.http.HttpServletResponse;
+import javax.servlet.http.HttpSession;
+
+import org.apache.commons.lang.StringEscapeUtils;
+
+import at.gv.egovernment.moa.id.AuthenticationException;
+import at.gv.egovernment.moa.id.BuildException;
+import at.gv.egovernment.moa.id.auth.WrongParametersException;
+import at.gv.egovernment.moa.id.auth.data.AuthenticationSession;
+import at.gv.egovernment.moa.id.auth.servlet.AuthServlet;
+import at.gv.egovernment.moa.id.config.ConfigurationException;
+import at.gv.egovernment.moa.id.moduls.AuthenticationManager;
+import at.gv.egovernment.moa.id.util.ParamValidatorUtils;
+import at.gv.egovernment.moa.logging.Logger;
+import at.gv.egovernment.moa.util.URLEncoder;
+
+public class GetArtifactServlet extends AuthServlet {
+
+ /**
+ *
+ */
+ private static final long serialVersionUID = 3593264832041467899L;
+
+ /**
+ * Constructor for GetArtifactServlet.
+ */
+ public GetArtifactServlet() {
+ super();
+ }
+
+ @Override
+ protected void doGet(HttpServletRequest req, HttpServletResponse resp)
+ throws ServletException, IOException {
+ HttpSession httpSession = req.getSession();
+
+
+
+// AuthenticationSession session = AuthenticationManager
+// .getAuthenticationSession(httpSession);
+//
+// String oaURL = (String) req.getAttribute(PARAM_OA);
+// oaURL = StringEscapeUtils.escapeHtml(oaURL);
+//
+// String target = (String) req.getAttribute(PARAM_TARGET);
+// target = StringEscapeUtils.escapeHtml(target);
+//
+// try {
+//
+// // check parameter
+// if (!ParamValidatorUtils.isValidOA(oaURL))
+// throw new WrongParametersException("StartAuthentication",
+// PARAM_OA, "auth.12");
+//
+// if (oaURL == null) {
+// oaURL = session.getOAURLRequested();
+// }
+//
+// if (oaURL == null) {
+// throw new WrongParametersException("StartAuthentication",
+// PARAM_OA, "auth.12");
+// }
+//
+// String samlArtifactBase64 = SAML1AuthenticationServer
+// .BuildSAMLArtifact(session);
+//
+// String redirectURL = oaURL;
+// session.getOAURLRequested();
+// if (!session.getBusinessService()) {
+// redirectURL = addURLParameter(redirectURL, PARAM_TARGET,
+// URLEncoder.encode(session.getTarget(), "UTF-8"));
+//
+// }
+// redirectURL = addURLParameter(redirectURL, PARAM_SAMLARTIFACT,
+// URLEncoder.encode(samlArtifactBase64, "UTF-8"));
+// redirectURL = resp.encodeRedirectURL(redirectURL);
+//
+// resp.setContentType("text/html");
+// resp.setStatus(302);
+//
+// resp.addHeader("Location", redirectURL);
+// Logger.debug("REDIRECT TO: " + redirectURL);
+//
+// // CONFIRMATION FOR SSO!
+// /*
+// * OAAuthParameter oaParam =
+// * AuthConfigurationProvider.getInstance().
+// * getOnlineApplicationParameter(oaURL);
+// *
+// * String friendlyName = oaParam.getFriendlyName(); if(friendlyName
+// * == null) { friendlyName = oaURL; }
+// *
+// *
+// * LoginConfirmationBuilder builder = new
+// * LoginConfirmationBuilder();
+// * builder.addParameter(PARAM_SAMLARTIFACT, samlArtifactBase64);
+// * String form = builder.finish(oaURL, session.getIdentityLink()
+// * .getName(), friendlyName);
+// */
+//
+// /*
+// resp.setContentType("text/html");
+//
+// OutputStream out = resp.getOutputStream();
+// out.write(form.getBytes("UTF-8"));
+// out.flush();
+// out.close();*/
+//
+// } catch (WrongParametersException ex) {
+// handleWrongParameters(ex, req, resp);
+// } catch (ConfigurationException e) {
+// // TODO Auto-generated catch block
+// e.printStackTrace();
+// } catch (BuildException e) {
+// // TODO Auto-generated catch block
+// e.printStackTrace();
+// } catch (AuthenticationException e) {
+// // TODO Auto-generated catch block
+// e.printStackTrace();
+// }
+
+ }
+
+ @Override
+ protected void doPost(HttpServletRequest req, HttpServletResponse resp)
+ throws ServletException, IOException {
+ doGet(req, resp);
+ }
+
+}
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/GetAuthenticationDataService.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/saml1/GetAuthenticationDataService.java
index b5c72ef9f..1fbcb9a46 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/GetAuthenticationDataService.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/saml1/GetAuthenticationDataService.java
@@ -22,18 +22,17 @@
*/
-package at.gv.egovernment.moa.id.auth.servlet;
+package at.gv.egovernment.moa.id.protocols.saml1;
import java.util.Calendar;
import org.apache.axis.AxisFault;
+import org.apache.commons.lang3.StringEscapeUtils;
import org.w3c.dom.Element;
-
import org.w3c.dom.NodeList;
import at.gv.egovernment.moa.id.AuthenticationException;
import at.gv.egovernment.moa.id.MOAIDException;
-import at.gv.egovernment.moa.id.auth.AuthenticationServer;
import at.gv.egovernment.moa.id.auth.builder.SAMLResponseBuilder;
import at.gv.egovernment.moa.id.data.AuthenticationData;
import at.gv.egovernment.moa.id.util.MOAIDMessageProvider;
@@ -47,7 +46,7 @@ import at.gv.egovernment.moa.util.XPathUtils;
* Web service for picking up authentication data created in the MOA-ID Auth component.
*
* @author Paul Ivancsics
- * @version $Id$
+ * @version $Id: GetAuthenticationDataService.java 1233 2012-01-26 21:59:33Z kstranacher $
* @see at.gv.egovernment.moa.id.auth.AuthenticationServer#getAuthenticationData
*/
public class GetAuthenticationDataService implements Constants {
@@ -80,12 +79,12 @@ public class GetAuthenticationDataService implements Constants {
throws AxisFault {
Element request = requests[0];
- Element[] responses = new Element[1];
+ Element[] responses = new Element[1];
String requestID = "";
String statusCode = "";
String subStatusCode = null;
String statusMessageCode = null;
- String statusMessage = null;
+ String statusMessage = null;
String samlAssertion = "";
boolean useUTC = false;
if (requests.length > 1) {
@@ -109,23 +108,53 @@ public class GetAuthenticationDataService implements Constants {
subStatusCode = "samlp:TooManyResponses";
statusMessageCode = "1203";
}
+
else {
Element samlArtifactElem = (Element)samlArtifactList.item(0);
requestID = request.getAttribute("RequestID");
String samlArtifact = DOMUtils.getText(samlArtifactElem);
+ SAML1AuthenticationServer saml1server = SAML1AuthenticationServer.getInstace();
+
try {
-
- AuthenticationData authData = AuthenticationServer.getInstance().
- getAuthenticationData(samlArtifact);
+
+ AuthenticationData authData = saml1server.getSaml1AuthenticationData(samlArtifact);
- useUTC = authData.getUseUTC();
- // success
- samlAssertion = authData.getSamlAssertion();
- statusCode = "samlp:Success";
- statusMessageCode = "1200";
- }
- catch (AuthenticationException ex) {
- // no authentication data for given SAML artifact
+ useUTC = authData.getUseUTC();
+
+ // success
+ samlAssertion = authData.getSamlAssertion();
+ statusCode = "samlp:Success";
+ statusMessageCode = "1200";
+ }
+
+ catch (ClassCastException ex) {
+
+ try {
+ Throwable error = saml1server.getErrorResponse(samlArtifact);
+ statusCode = "samlp:Responder";
+ subStatusCode = "samlp:RequestDenied";
+
+ if (error instanceof MOAIDException) {
+ statusMessageCode = ((MOAIDException)error).getMessageId();
+ statusMessage = StringEscapeUtils.escapeXml(((MOAIDException)error).getMessage());
+
+ } else {
+ statusMessage = StringEscapeUtils.escapeXml(error.getMessage());
+ }
+
+
+
+ } catch (Exception e) {
+ //no authentication data for given SAML artifact
+ statusCode = "samlp:Requester";
+ subStatusCode = "samlp:ResourceNotRecognized";
+ statusMessage = ex.toString();
+ }
+
+ }
+
+ catch (AuthenticationException ex) {
+ //no authentication data for given SAML artifact
statusCode = "samlp:Requester";
subStatusCode = "samlp:ResourceNotRecognized";
statusMessage = ex.toString();
@@ -137,10 +166,12 @@ public class GetAuthenticationDataService implements Constants {
statusCode = "samlp:Requester";
statusMessageCode = "1204";
}
- }
+ }
+
try {
String responseID = Random.nextRandom();
String issueInstant = DateTimeUtils.buildDateTime(Calendar.getInstance(), useUTC);
+
if (statusMessage == null)
statusMessage = MOAIDMessageProvider.getInstance().getMessage(statusMessageCode, null);
responses[0] = new SAMLResponseBuilder().build(
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/saml1/SAML1AuthenticationServer.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/saml1/SAML1AuthenticationServer.java
new file mode 100644
index 000000000..fec2d2b35
--- /dev/null
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/saml1/SAML1AuthenticationServer.java
@@ -0,0 +1,522 @@
+package at.gv.egovernment.moa.id.protocols.saml1;
+
+import java.io.IOException;
+import java.util.Date;
+import java.util.List;
+
+import javax.xml.parsers.ParserConfigurationException;
+import javax.xml.transform.TransformerException;
+
+import org.w3c.dom.Element;
+import org.xml.sax.SAXException;
+
+import at.gv.egovernment.moa.id.AuthenticationException;
+import at.gv.egovernment.moa.id.BuildException;
+import at.gv.egovernment.moa.id.ParseException;
+import at.gv.egovernment.moa.id.ServiceException;
+import at.gv.egovernment.moa.id.auth.AuthenticationServer;
+import at.gv.egovernment.moa.id.auth.builder.AuthenticationDataAssertionBuilder;
+import at.gv.egovernment.moa.id.auth.builder.BPKBuilder;
+import at.gv.egovernment.moa.id.auth.builder.PersonDataBuilder;
+import at.gv.egovernment.moa.id.auth.builder.SAMLArtifactBuilder;
+import at.gv.egovernment.moa.id.auth.data.AuthenticationSession;
+import at.gv.egovernment.moa.id.auth.data.ExtendedSAMLAttribute;
+import at.gv.egovernment.moa.id.auth.data.IdentityLink;
+import at.gv.egovernment.moa.id.auth.parser.SAMLArtifactParser;
+import at.gv.egovernment.moa.id.auth.validator.ValidateException;
+import at.gv.egovernment.moa.id.auth.validator.parep.ParepUtils;
+import at.gv.egovernment.moa.id.commons.db.dao.config.OASAML1;
+import at.gv.egovernment.moa.id.commons.db.ex.MOADatabaseException;
+import at.gv.egovernment.moa.id.config.ConfigurationException;
+import at.gv.egovernment.moa.id.config.auth.OAAuthParameter;
+import at.gv.egovernment.moa.id.data.AuthenticationData;
+import at.gv.egovernment.moa.id.moduls.IRequest;
+import at.gv.egovernment.moa.id.storage.AssertionStorage;
+import at.gv.egovernment.moa.logging.Logger;
+import at.gv.egovernment.moa.util.Base64Utils;
+import at.gv.egovernment.moa.util.Constants;
+import at.gv.egovernment.moa.util.DOMUtils;
+import at.gv.egovernment.moa.util.StringUtils;
+
+public class SAML1AuthenticationServer extends AuthenticationServer {
+
+ private static SAML1AuthenticationServer instance;
+
+ public static SAML1AuthenticationServer getInstace() {
+ if (instance == null)
+ instance = new SAML1AuthenticationServer();
+
+ return instance;
+ }
+
+ //private static Map authenticationDataStore = new HashMap();
+ private static AssertionStorage authenticationDataStore = AssertionStorage.getInstance();
+
+
+ //TODO: make this time configurable
+ /**
+ * time out in milliseconds used by {@link cleanup} for authentication data
+ * store
+ */
+ private static final long authDataTimeOut = 2 * 60 * 1000; // default 2 minutes
+
+
+ public Throwable getErrorResponse(String samlArtifact) throws AuthenticationException {
+ try {
+ new SAMLArtifactParser(samlArtifact).parseAssertionHandle();
+
+ } catch (ParseException ex) {
+ throw new AuthenticationException("1205", new Object[] {
+ samlArtifact, ex.toString() });
+ }
+ Throwable error = null;
+ synchronized (authenticationDataStore) {
+ try {
+ error = authenticationDataStore
+ .get(samlArtifact, Throwable.class);
+
+ authenticationDataStore.remove(samlArtifact);
+
+ } catch (MOADatabaseException e) {
+ Logger.error("Assertion not found for SAML Artifact: " + samlArtifact);
+ throw new AuthenticationException("1206", new Object[] { samlArtifact });
+ }
+
+ }
+
+ return error;
+ }
+
+ /**
+ * Retrieves <code>AuthenticationData</code> indexed by the SAML artifact.
+ * The <code>AuthenticationData</code> is deleted from the store upon end of
+ * this call.
+ *
+ * @return <code>AuthenticationData</code>
+ */
+ public AuthenticationData getSaml1AuthenticationData(String samlArtifact)
+ throws AuthenticationException {
+ try {
+ new SAMLArtifactParser(samlArtifact).parseAssertionHandle();
+
+ } catch (ParseException ex) {
+ throw new AuthenticationException("1205", new Object[] {
+ samlArtifact, ex.toString() });
+ }
+ AuthenticationData authData = null;
+ synchronized (authenticationDataStore) {
+ // System.out.println("assertionHandle: " + assertionHandle);
+
+ try {
+ authData = authenticationDataStore
+ .get(samlArtifact, AuthenticationData.class);
+
+ } catch (MOADatabaseException e) {
+ Logger.error("Assertion not found for SAML Artifact: " + samlArtifact);
+ throw new AuthenticationException("1206", new Object[] { samlArtifact });
+ }
+ }
+
+ boolean keepAssertion = false;
+
+ //removed from MOA-ID 2.0 config
+// try {
+// String boolStr = AuthConfigurationProvider.getInstance()
+// .getGenericConfigurationParameter(
+// "AuthenticationServer.KeepAssertion");
+// if (null != boolStr && boolStr.equalsIgnoreCase("true"))
+// keepAssertion = true;// Only allowed for debug purposes!!!
+//
+// } catch (ConfigurationException ex) {
+// throw new AuthenticationException("1205", new Object[] {
+// samlArtifact, ex.toString() });
+// }
+ if (!keepAssertion) {
+ authenticationDataStore.remove(samlArtifact);
+ }
+
+ long now = new Date().getTime();
+
+ if (now - authData.getTimestamp().getTime() > authDataTimeOut)
+ throw new AuthenticationException("1207", new Object[] { samlArtifact });
+
+ Logger.debug("Assertion delivered for SAML Artifact: " + samlArtifact);
+
+ return authData;
+ }
+
+ public String BuildErrorAssertion(Throwable error, IRequest protocolRequest)
+ throws BuildException, MOADatabaseException {
+
+ String samlArtifact = new SAMLArtifactBuilder().build(
+ protocolRequest.getOAURL(), protocolRequest.getRequestID(),
+ null);
+
+ authenticationDataStore.put(samlArtifact, error);
+
+ return samlArtifact;
+ }
+
+ public String BuildSAMLArtifact(AuthenticationSession session,
+ OAAuthParameter oaParam,
+ AuthenticationData authData)
+ throws ConfigurationException, BuildException, AuthenticationException {
+
+ //Load SAML1 Parameter from OA config
+ OASAML1 saml1parameter = oaParam.getSAML1Parameter();
+
+ boolean useCondition = saml1parameter.isUseCondition();
+ int conditionLength = saml1parameter.getConditionLength().intValue();
+
+ try {
+
+ //set BASE64 encoded signer certificate
+ String signerCertificateBase64 = "";
+ if (saml1parameter.isProvideCertificate()) {
+ byte[] signerCertificate = session.getEncodedSignerCertificate();
+ if (signerCertificate != null) {
+
+ signerCertificateBase64 = Base64Utils
+ .encode(signerCertificate);
+ } else {
+ Logger.info("\"provideCertificate\" is \"true\", but no signer certificate available");
+ }
+ }
+
+ //set prPersion
+ boolean provideStammzahl = saml1parameter.isProvideStammzahl();
+ String prPerson = new PersonDataBuilder().build(authData.getIdentityLink(),
+ provideStammzahl);
+
+ //set Authblock
+ String authBlock = saml1parameter.isProvideAUTHBlock() ? session
+ .getAuthBlock() : "";
+
+ //set IdentityLink for assortion
+ String ilAssertion = saml1parameter.isProvideIdentityLink() ? authData.getIdentityLink()
+ .getSerializedSamlAssertion()
+ : "";
+ if (!saml1parameter.isProvideStammzahl()) {
+ ilAssertion = StringUtils.replaceAll(ilAssertion, authData.getIdentityLink()
+ .getIdentificationValue(), "");
+ }
+
+ String samlAssertion;
+
+ if (session.getUseMandate()) {
+ List oaAttributes = session.getExtendedSAMLAttributesOA();
+
+ if (saml1parameter.isProvideFullMandatorData()) {
+
+ try {
+
+ ExtendedSAMLAttribute[] extendedSAMLAttributes = addExtendedSamlAttributes(
+ session.getMISMandate(), oaParam.getBusinessService(),
+ saml1parameter.isProvideStammzahl());
+
+ if (extendedSAMLAttributes != null) {
+
+ String identifier = "MISService";
+ String friendlyName ="MISService";
+
+ int length = extendedSAMLAttributes.length;
+ for (int i = 0; i < length; i++) {
+ ExtendedSAMLAttribute samlAttribute = extendedSAMLAttributes[i];
+
+ Object value = verifySAMLAttribute(samlAttribute, i, identifier,
+ friendlyName);
+
+ if ((value instanceof String) || (value instanceof Element)) {
+ switch (samlAttribute.getAddToAUTHBlock()) {
+ case ExtendedSAMLAttribute.ADD_TO_AUTHBLOCK:
+ replaceExtendedSAMLAttribute(oaAttributes, samlAttribute);
+ break;
+ case ExtendedSAMLAttribute.NOT_ADD_TO_AUTHBLOCK:
+ replaceExtendedSAMLAttribute(oaAttributes, samlAttribute);
+ break;
+ default:
+ Logger
+ .info("Invalid return value from method \"getAddToAUTHBlock()\" ("
+ + samlAttribute.getAddToAUTHBlock()
+ + ") in SAML attribute number "
+ + (i + 1)
+ + " for infobox " + identifier);
+ throw new ValidateException("validator.47", new Object[] {
+ friendlyName, String.valueOf((i + 1)) });
+ }
+ } else {
+ Logger
+ .info("The type of SAML-Attribute number "
+ + (i + 1)
+ + " returned from "
+ + identifier
+ + "-infobox validator is not valid. Must be either \"java.Lang.String\""
+ + " or \"org.w3c.dom.Element\"");
+ throw new ValidateException("validator.46", new Object[] {
+ identifier, String.valueOf((i + 1)) });
+ }
+ }
+ }
+
+ } catch (SAXException e) {
+ throw new AuthenticationException("auth.16",
+ new Object[] { GET_MIS_SESSIONID }, e);
+ } catch (IOException e) {
+ throw new AuthenticationException("auth.16",
+ new Object[] { GET_MIS_SESSIONID }, e);
+ } catch (ParserConfigurationException e) {
+ throw new AuthenticationException("auth.16",
+ new Object[] { GET_MIS_SESSIONID }, e);
+ } catch (TransformerException e) {
+ throw new AuthenticationException("auth.16",
+ new Object[] { GET_MIS_SESSIONID }, e);
+ }
+ }
+
+ String mandateDate = generateMandateDate(session, oaParam, authData);
+
+ samlAssertion = new AuthenticationDataAssertionBuilder().buildMandate(
+ authData,
+ prPerson,
+ mandateDate,
+ authBlock,
+ ilAssertion,
+ session.getBkuURL(),
+ signerCertificateBase64,
+ oaParam.getBusinessService(),
+ oaAttributes,
+ useCondition,
+ conditionLength);
+
+ } else {
+ samlAssertion = new AuthenticationDataAssertionBuilder().build(
+ authData,
+ prPerson,
+ authBlock,
+ ilAssertion,
+ session.getBkuURL(),
+ signerCertificateBase64,
+ oaParam.getBusinessService(),
+ session.getExtendedSAMLAttributesOA(),
+ useCondition,
+ conditionLength);
+ }
+
+ authData.setSamlAssertion(samlAssertion);
+
+ String samlArtifact = new SAMLArtifactBuilder().build(
+ session.getAuthURL(), session.getSessionID(),
+ saml1parameter.getSourceID());
+
+ storeAuthenticationData(samlArtifact, authData);
+
+ Logger.info("Anmeldedaten zu MOASession " + session.getSessionID()
+ + " angelegt, SAML Artifakt " + samlArtifact);
+ return samlArtifact;
+
+ } catch (Throwable ex) {
+ throw new BuildException("builder.00", new Object[] {
+ "AuthenticationData", ex.toString() }, ex);
+ }
+
+ }
+
+ private String generateMandateDate(AuthenticationSession session,
+ OAAuthParameter oaParam, AuthenticationData authData
+ ) throws AuthenticationException, BuildException,
+ ParseException, ConfigurationException, ServiceException,
+ ValidateException {
+
+ if (session == null)
+ throw new AuthenticationException("auth.10", new Object[] {
+ REQ_VERIFY_AUTH_BLOCK, PARAM_SESSIONID });
+
+ //AuthenticationSession session = getSession(sessionID);
+ // AuthConfigurationProvider authConf =
+ // AuthConfigurationProvider.getInstance();
+
+ IdentityLink tempIdentityLink = null;
+
+ Element mandate = session.getMandate();
+
+ if (session.getUseMandate()) {
+ tempIdentityLink = new IdentityLink();
+ Element mandator = ParepUtils.extractMandator(mandate);
+ String dateOfBirth = "";
+ Element prPerson = null;
+ String familyName = "";
+ String givenName = "";
+ String identificationType = "";
+ String identificationValue = "";
+ if (mandator != null) {
+ boolean physical = ParepUtils.isPhysicalPerson(mandator);
+ if (physical) {
+ familyName = ParepUtils.extractText(mandator,
+ "descendant-or-self::pr:Name/pr:FamilyName/text()");
+ givenName = ParepUtils.extractText(mandator,
+ "descendant-or-self::pr:Name/pr:GivenName/text()");
+ dateOfBirth = ParepUtils
+ .extractMandatorDateOfBirth(mandator);
+ } else {
+ familyName = ParepUtils.extractMandatorFullName(mandator);
+ }
+ identificationType = ParepUtils.getIdentification(mandator,
+ "Type");
+ identificationValue = ParepUtils.extractMandatorWbpk(mandator);
+
+ prPerson = ParepUtils.extractPrPersonOfMandate(mandate);
+ if (physical
+ && oaParam.getBusinessService()
+ && identificationType != null
+ && Constants.URN_PREFIX_BASEID
+ .equals(identificationType)) {
+ // now we calculate the wbPK and do so if we got it from the
+ // BKU
+
+
+ //load IdentityLinkDomainType from OAParam
+ String type = oaParam.getIdentityLinkDomainIdentifier();
+ if (type.startsWith(Constants.URN_PREFIX_WBPK + "+"))
+ identificationType = type;
+ else
+ identificationType = Constants.URN_PREFIX_WBPK + "+"
+ + type;
+
+
+ identificationValue = new BPKBuilder().buildWBPK(
+ identificationValue, identificationType);
+ ParepUtils
+ .HideStammZahlen(prPerson, true, null, null, true);
+ }
+
+ tempIdentityLink.setDateOfBirth(dateOfBirth);
+ tempIdentityLink.setFamilyName(familyName);
+ tempIdentityLink.setGivenName(givenName);
+ tempIdentityLink.setIdentificationType(identificationType);
+ tempIdentityLink.setIdentificationValue(identificationValue);
+ tempIdentityLink.setPrPerson(prPerson);
+ try {
+ tempIdentityLink.setSamlAssertion(authData.getIdentityLink()
+ .getSamlAssertion());
+ } catch (Exception e) {
+ throw new ValidateException("validator.64", null);
+ }
+
+ }
+
+ }
+
+ Element mandatePerson = tempIdentityLink.getPrPerson();
+
+ String mandateData = null;
+ try {
+
+ boolean provideStammzahl = oaParam.getSAML1Parameter().isProvideStammzahl();
+
+ String oatargetType;
+
+ if(oaParam.getBusinessService()) {
+ oatargetType = AuthenticationSession.REGISTERANDORDNR_PREFIX_+session.getDomainIdentifier();
+
+ } else {
+ oatargetType = AuthenticationSession.TARGET_PREFIX_ + oaParam.getTarget();
+ }
+
+ Element prIdentification = (Element) mandatePerson
+ .getElementsByTagNameNS(Constants.PD_NS_URI,
+ "Identification").item(0);
+
+ if (!oatargetType.equals(tempIdentityLink.getIdentificationType())) {
+
+ String isPrPerson = mandatePerson.getAttribute("xsi:type");
+
+ if (!StringUtils.isEmpty(isPrPerson)) {
+ if (isPrPerson.equalsIgnoreCase("pr:PhysicalPerson")) {
+ String baseid = getBaseId(mandatePerson);
+ Element identificationBpK = createIdentificationBPK(mandatePerson,
+ baseid, oaParam.getTarget());
+
+ if (!provideStammzahl) {
+ prIdentification.getFirstChild().setTextContent("");
+ }
+
+ mandatePerson.insertBefore(identificationBpK,
+ prIdentification);
+ }
+ }
+
+ } else {
+
+// Element identificationBpK = mandatePerson.getOwnerDocument()
+// .createElementNS(Constants.PD_NS_URI, "Identification");
+// Element valueBpK = mandatePerson.getOwnerDocument().createElementNS(
+// Constants.PD_NS_URI, "Value");
+//
+// valueBpK.appendChild(mandatePerson.getOwnerDocument().createTextNode(
+// tempIdentityLink.getIdentificationValue()));
+// Element typeBpK = mandatePerson.getOwnerDocument().createElementNS(
+// Constants.PD_NS_URI, "Type");
+// typeBpK.appendChild(mandatePerson.getOwnerDocument().createTextNode(
+// "urn:publicid:gv.at:cdid+bpk"));
+// identificationBpK.appendChild(valueBpK);
+// identificationBpK.appendChild(typeBpK);
+//
+// mandatePerson.insertBefore(identificationBpK, prIdentification);
+ }
+
+
+ mandateData = DOMUtils.serializeNode(mandatePerson);
+
+ } catch (TransformerException e1) {
+ throw new AuthenticationException("auth.16",
+ new Object[] { GET_MIS_SESSIONID });
+ } catch (IOException e1) {
+ throw new AuthenticationException("auth.16",
+ new Object[] { GET_MIS_SESSIONID });
+ }
+
+ return mandateData;
+ }
+
+
+
+
+ /**
+ * Stores authentication data indexed by the assertion handle contained in
+ * the given saml artifact.
+ *
+ * @param samlArtifact
+ * SAML artifact
+ * @param authData
+ * authentication data
+ * @throws AuthenticationException
+ * when SAML artifact is invalid
+ */
+ private void storeAuthenticationData(String samlArtifact,
+ AuthenticationData authData) throws AuthenticationException {
+
+ try {
+ SAMLArtifactParser parser = new SAMLArtifactParser(samlArtifact);
+ // check type code 0x0001
+ byte[] typeCode = parser.parseTypeCode();
+ if (typeCode[0] != 0 || typeCode[1] != 1)
+ throw new AuthenticationException("auth.06",
+ new Object[] { samlArtifact });
+ parser.parseAssertionHandle();
+
+ synchronized (authenticationDataStore) {
+ Logger.debug("Assertion stored for SAML Artifact: "
+ + samlArtifact);
+ authenticationDataStore.put(samlArtifact, authData);
+ }
+
+ } catch (AuthenticationException ex) {
+ throw ex;
+
+ } catch (Throwable ex) {
+ throw new AuthenticationException("auth.06",
+ new Object[] { samlArtifact });
+ }
+ }
+
+}
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/saml1/SAML1Protocol.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/saml1/SAML1Protocol.java
new file mode 100644
index 000000000..a310b16ff
--- /dev/null
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/saml1/SAML1Protocol.java
@@ -0,0 +1,175 @@
+package at.gv.egovernment.moa.id.protocols.saml1;
+
+import java.util.ArrayList;
+import java.util.HashMap;
+import java.util.List;
+
+import javax.servlet.http.HttpServletRequest;
+import javax.servlet.http.HttpServletResponse;
+
+import org.apache.commons.lang.StringEscapeUtils;
+
+import at.gv.egovernment.moa.id.AuthenticationException;
+import at.gv.egovernment.moa.id.MOAIDException;
+import at.gv.egovernment.moa.id.auth.MOAIDAuthConstants;
+import at.gv.egovernment.moa.id.auth.WrongParametersException;
+import at.gv.egovernment.moa.id.auth.servlet.RedirectServlet;
+import at.gv.egovernment.moa.id.config.auth.AuthConfigurationProvider;
+import at.gv.egovernment.moa.id.config.auth.OAAuthParameter;
+import at.gv.egovernment.moa.id.moduls.IAction;
+import at.gv.egovernment.moa.id.moduls.IModulInfo;
+import at.gv.egovernment.moa.id.moduls.IRequest;
+import at.gv.egovernment.moa.id.moduls.ServletInfo;
+import at.gv.egovernment.moa.id.moduls.ServletType;
+import at.gv.egovernment.moa.id.moduls.RequestImpl;
+import at.gv.egovernment.moa.id.util.ParamValidatorUtils;
+import at.gv.egovernment.moa.logging.Logger;
+import at.gv.egovernment.moa.util.URLEncoder;
+
+public class SAML1Protocol implements IModulInfo, MOAIDAuthConstants {
+
+ public static final String NAME = SAML1Protocol.class.getName();
+ public static final String PATH = "id_saml1";
+
+ public static final String GETARTIFACT = "GetArtifact";
+
+ private static List<ServletInfo> servletList = new ArrayList<ServletInfo>();
+
+ private static HashMap<String, IAction> actions = new HashMap<String, IAction>();
+
+ static {
+ servletList.add(new ServletInfo(GetArtifactServlet.class, GETARTIFACT,
+ ServletType.AUTH));
+
+ actions.put(GETARTIFACT, new GetArtifactAction());
+
+ instance = new SAML1Protocol();
+ }
+
+ private static SAML1Protocol instance = null;
+
+ public static SAML1Protocol getInstance() {
+ if (instance == null) {
+ instance = new SAML1Protocol();
+ }
+ return instance;
+ }
+
+ public List<ServletInfo> getServlets() {
+ return servletList;
+ }
+
+
+ public String getName() {
+ return NAME;
+ }
+
+ public String getPath() {
+ return PATH;
+ }
+
+ public IRequest preProcess(HttpServletRequest request,
+ HttpServletResponse response, String action) throws MOAIDException {
+ RequestImpl config = new RequestImpl();
+ String oaURL = (String) request.getParameter(PARAM_OA);
+ oaURL = StringEscapeUtils.escapeHtml(oaURL);
+
+ String target = (String) request.getParameter(PARAM_TARGET);
+ target = StringEscapeUtils.escapeHtml(target);
+
+ //the target parameter is used to define the OA in SAML1 standard
+ if (target != null && target.startsWith("http")) {
+ oaURL = target;
+ target = null;
+ }
+
+ if (!ParamValidatorUtils.isValidOA(oaURL))
+ throw new WrongParametersException("StartAuthentication", PARAM_OA,
+ "auth.12");
+ config.setOAURL(oaURL);
+
+ //load Target only from OA config
+ OAAuthParameter oaParam = AuthConfigurationProvider.getInstance()
+ .getOnlineApplicationParameter(oaURL);
+
+ if (oaParam == null)
+ throw new AuthenticationException("auth.00",
+ new Object[] { oaURL });
+
+ config.setTarget(oaParam.getTarget());
+
+
+ //TODO: set reauthenticate if OA.useSSO=false
+
+ request.getSession().setAttribute(PARAM_OA, oaURL);
+ request.getSession().setAttribute(PARAM_TARGET, oaParam.getTarget());
+ return config;
+ }
+
+ public boolean generateErrorMessage(Throwable e,
+ HttpServletRequest request, HttpServletResponse response,
+ IRequest protocolRequest)
+ throws Throwable{
+
+ SAML1AuthenticationServer saml1authentication = SAML1AuthenticationServer.getInstace();
+
+ String samlArtifactBase64 = saml1authentication.BuildErrorAssertion(e, protocolRequest);
+
+ String url = "RedirectServlet";
+ url = addURLParameter(url, RedirectServlet.REDIRCT_PARAM_URL, URLEncoder.encode(protocolRequest.getOAURL(), "UTF-8"));
+ url = addURLParameter(url, PARAM_SAMLARTIFACT, URLEncoder.encode(samlArtifactBase64, "UTF-8"));
+ url = response.encodeRedirectURL(url);
+
+ response.setContentType("text/html");
+ response.setStatus(302);
+ response.addHeader("Location", url);
+ Logger.debug("REDIRECT TO: " + url);
+
+ return true;
+ }
+
+ public IAction getAction(String action) {
+ return actions.get(action);
+ }
+
+ public IAction canHandleRequest(HttpServletRequest request,
+ HttpServletResponse response) {
+ return null;
+ }
+
+ public boolean validate(HttpServletRequest request,
+ HttpServletResponse response, IRequest pending) {
+
+ //TODO: funktioniert so nicht!!!
+
+// String oaURL = (String) request.getParameter(PARAM_OA);
+// oaURL = StringEscapeUtils.escapeHtml(oaURL);
+// String target = (String) request.getParameter(PARAM_TARGET);
+// target = StringEscapeUtils.escapeHtml(target);
+//
+// //the target parameter is used to define the OA in SAML1 standard
+// if (target.startsWith("http")) {
+// oaURL = target;
+// target = null;
+// }
+//
+// if (oaURL != null) {
+// if (oaURL.equals(pending.getOAURL()))
+// return true;
+// else
+// return false;
+// }
+
+ return true;
+ }
+
+ protected static String addURLParameter(String url, String paramname,
+ String paramvalue) {
+ String param = paramname + "=" + paramvalue;
+ if (url.indexOf("?") < 0)
+ return url + "?" + param;
+ else
+ return url + "&" + param;
+ }
+
+}
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/proxy/DefaultConnectionBuilder.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/proxy/DefaultConnectionBuilder.java
index c1e64dd53..e1bd38d68 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/proxy/DefaultConnectionBuilder.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/proxy/DefaultConnectionBuilder.java
@@ -63,9 +63,11 @@ public class DefaultConnectionBuilder implements ConnectionBuilder {
* @throws ConfigurationException on any config error
*/
public DefaultConnectionBuilder() throws ConfigurationException {
- cbDisableHostnameVerification = BoolUtils.valueOf(
- ProxyConfigurationProvider.getInstance().getGenericConfigurationParameter(
- "ProxyComponent.DisableHostnameVerification"));
+ //INFO: removed from MOA-ID 2.0 config
+ cbDisableHostnameVerification = false;
+// cbDisableHostnameVerification = BoolUtils.valueOf(
+// ProxyConfigurationProvider.getInstance().getGenericConfigurationParameter(
+// "ProxyComponent.DisableHostnameVerification"));
//TODO MOA-ID BRZ undocumented feature
if (cbDisableHostnameVerification)
Logger.warn("ProxyComponent.DisableHostnameVerification: " + cbDisableHostnameVerification);
@@ -113,7 +115,7 @@ public class DefaultConnectionBuilder implements ConnectionBuilder {
//conn.setAllowUserInteraction(true);
conn.setInstanceFollowRedirects(false);
- // JSSE Abhängigkeit
+ // JSSE Abhängigkeit
if (conn instanceof HttpsURLConnection && sslSocketFactory != null) {
HttpsURLConnection httpsConn = (HttpsURLConnection) conn;
httpsConn.setSSLSocketFactory(sslSocketFactory);
@@ -187,7 +189,7 @@ public class DefaultConnectionBuilder implements ConnectionBuilder {
* Hostname Verification Check
*/
- // JSSE Abhängigkeit
+ // JSSE Abhängigkeit
private class HostnameNonVerifier implements HostnameVerifier {
public boolean verify(String hostname, SSLSession session) {
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/proxy/DefaultLoginParameterResolver.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/proxy/DefaultLoginParameterResolver.java
index 7a356aaf0..03b012a27 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/proxy/DefaultLoginParameterResolver.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/proxy/DefaultLoginParameterResolver.java
@@ -136,8 +136,10 @@ public class DefaultLoginParameterResolver implements LoginParameterResolver {
return authData.getDateOfBirth();
if (predicate.equals(MOABPK))
return authData.getBPK();
- if (predicate.equals(MOAWBPK))
- return authData.getWBPK();
+
+ //AuthData holdes the correct BPK/WBPK
+ if (predicate.equals(MOAWBPK))
+ return authData.getBPK();
if (predicate.equals(MOAPublicAuthority))
if (authData.isPublicAuthority())
return "true";
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/proxy/ElakConnectionBuilder.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/proxy/ElakConnectionBuilder.java
index 29c8b3bca..1243960ac 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/proxy/ElakConnectionBuilder.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/proxy/ElakConnectionBuilder.java
@@ -86,9 +86,12 @@ public class ElakConnectionBuilder implements ConnectionBuilder {
* @throws ConfigurationException on any config error
*/
public ElakConnectionBuilder() throws ConfigurationException {
- cbDisableHostnameVerification = BoolUtils.valueOf(
- ProxyConfigurationProvider.getInstance().getGenericConfigurationParameter(
- "ProxyComponent.DisableHostnameVerification"));
+
+ //INFO: removed from MOA-ID 2.0 config
+ cbDisableHostnameVerification = false;
+// cbDisableHostnameVerification = BoolUtils.valueOf(
+// ProxyConfigurationProvider.getInstance().getGenericConfigurationParameter(
+// "ProxyComponent.DisableHostnameVerification"));
//TODO MOA-ID BRZ undocumented feature
if (cbDisableHostnameVerification)
Logger.warn("ProxyComponent.DisableHostnameVerification: " + cbDisableHostnameVerification);
@@ -204,7 +207,7 @@ public class ElakConnectionBuilder implements ConnectionBuilder {
//conn.setUseCaches(false);
webDavConn.setAllowUserInteraction(true);
webDavConn.setInstanceFollowRedirects(false);
- // JSSE Abhängigkeit
+ // JSSE Abhängigkeit
if (conn instanceof HttpsURLConnection && sslSocketFactory != null) {
HttpsURLConnection httpsConn = (HttpsURLConnection) conn;
httpsConn.setSSLSocketFactory(sslSocketFactory);
@@ -258,7 +261,7 @@ public class ElakConnectionBuilder implements ConnectionBuilder {
* A private class to change the standard HostName verifier to disable the
* Hostname Verification Check
*/
-//JSSE Abhängigkeit
+//JSSE Abhängigkeit
private class HostnameNonVerifier implements HostnameVerifier {
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/proxy/EnhancedConnectionBuilder.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/proxy/EnhancedConnectionBuilder.java
index 023b2c272..9bbef8aa9 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/proxy/EnhancedConnectionBuilder.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/proxy/EnhancedConnectionBuilder.java
@@ -46,7 +46,7 @@ import at.gv.egovernment.moa.util.BoolUtils;
/**
* Outlook Web Access (OWA) Implementierung von <code>ConnectionBuilder</code>.
- * uses the HTTP(s)Client from Ronald Tschalär.
+ * uses the HTTP(s)Client from Ronald Tschalär.
* origin version (without https support) is available at http://www.innovation.ch/java/HTTPClient/
*
* @author pdanner
@@ -79,9 +79,12 @@ public class EnhancedConnectionBuilder implements ConnectionBuilder {
* @throws ConfigurationException on any config error
*/
public EnhancedConnectionBuilder() throws ConfigurationException {
- cbDisableHostnameVerification = BoolUtils.valueOf(
- ProxyConfigurationProvider.getInstance().getGenericConfigurationParameter(
- "ProxyComponent.DisableHostnameVerification"));
+
+ //INFO: removed from MOA-ID 2.0 config
+ cbDisableHostnameVerification = false;
+// cbDisableHostnameVerification = BoolUtils.valueOf(
+// ProxyConfigurationProvider.getInstance().getGenericConfigurationParameter(
+// "ProxyComponent.DisableHostnameVerification"));
//TODO MOA-ID BRZ undocumented feature
if (cbDisableHostnameVerification)
Logger.warn("ProxyComponent.DisableHostnameVerification: " + cbDisableHostnameVerification);
@@ -168,7 +171,7 @@ public class EnhancedConnectionBuilder implements ConnectionBuilder {
* A private class to change the standard HostName verifier to disable the
* Hostname Verification Check
*/
- // JSSE Abhängigkeit
+ // JSSE Abhängigkeit
private class HostnameNonVerifier implements HostnameVerifier {
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/proxy/MOAIDProxyInitializer.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/proxy/MOAIDProxyInitializer.java
index 61f38412e..e075c99ef 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/proxy/MOAIDProxyInitializer.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/proxy/MOAIDProxyInitializer.java
@@ -33,7 +33,7 @@ import java.security.GeneralSecurityException;
import javax.net.ssl.SSLSocketFactory;
import at.gv.egovernment.moa.id.config.ConfigurationException;
-import at.gv.egovernment.moa.id.config.ConnectionParameter;
+import at.gv.egovernment.moa.id.config.legacy.ConnectionParameter;
import at.gv.egovernment.moa.id.config.proxy.OAProxyParameter;
import at.gv.egovernment.moa.id.config.proxy.ProxyConfigurationProvider;
import at.gv.egovernment.moa.id.iaik.config.LoggerConfigImpl;
@@ -91,8 +91,10 @@ public class MOAIDProxyInitializer {
ConnectionParameter connParamAuth = proxyConf.getAuthComponentConnectionParameter();
if (connParamAuth!=null) {
if (connParamAuth.isHTTPSURL()) {
- SSLSocketFactory ssf = SSLUtils.getSSLSocketFactory(proxyConf, connParamAuth);
- AxisSecureSocketFactory.initialize(ssf);
+
+ //TODO: einkommentieren!!!!
+ //SSLSocketFactory ssf = SSLUtils.getSSLSocketFactory(proxyConf, connParamAuth);
+ //AxisSecureSocketFactory.initialize(ssf);
}
} else {
throw new ConfigurationException("config.16", null);
@@ -104,8 +106,10 @@ public class MOAIDProxyInitializer {
for (int i = 0; i < oaParams.length; i++) {
OAProxyParameter oaParam = oaParams[i];
ConnectionParameter oaConnParam = oaParam.getConnectionParameter();
- if (oaConnParam.isHTTPSURL())
- SSLUtils.getSSLSocketFactory(proxyConf, oaConnParam);
+ if (oaConnParam.isHTTPSURL());
+
+ //TODO: einkommentieren!!!!
+ //SSLUtils.getSSLSocketFactory(proxyConf, oaConnParam);
}
// Initializes the ConnectionBuilderFactory from configuration data
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/proxy/XMLLoginParameterResolverEncryptedData.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/proxy/XMLLoginParameterResolverEncryptedData.java
index 1fc257ea8..1a466c520 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/proxy/XMLLoginParameterResolverEncryptedData.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/proxy/XMLLoginParameterResolverEncryptedData.java
@@ -499,8 +499,10 @@ public class XMLLoginParameterResolverEncryptedData implements LoginParameterRes
return authData.getDateOfBirth();
if (predicate.equals("MOABPK"))
return authData.getBPK();
+
+ //AuthData holdes the correct BPK/WBPK
if (predicate.equals("MOAWBPK"))
- return authData.getWBPK();
+ return authData.getBPK();
if (predicate.equals("MOAPublicAuthority"))
if (authData.isPublicAuthority())
return "true";
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/proxy/XMLLoginParameterResolverPlainData.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/proxy/XMLLoginParameterResolverPlainData.java
index 6f698770c..b904161a1 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/proxy/XMLLoginParameterResolverPlainData.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/proxy/XMLLoginParameterResolverPlainData.java
@@ -324,8 +324,10 @@ public class XMLLoginParameterResolverPlainData
return authData.getDateOfBirth();
if(predicate.equals(MOABPK))
return authData.getBPK();
+
+ //AuthData holds the correct BPK/WBPK
if(predicate.equals(MOAWBPK))
- return authData.getWBPK();
+ return authData.getBPK();
if(predicate.equals(MOAPublicAuthority))
if(authData.isPublicAuthority())
return "true";
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/proxy/invoke/GetAuthenticationDataInvoker.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/proxy/invoke/GetAuthenticationDataInvoker.java
index fa455b4ef..6cb7ffdfc 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/proxy/invoke/GetAuthenticationDataInvoker.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/proxy/invoke/GetAuthenticationDataInvoker.java
@@ -41,7 +41,7 @@ import at.gv.egovernment.moa.id.BuildException;
import at.gv.egovernment.moa.id.ParseException;
import at.gv.egovernment.moa.id.ServiceException;
import at.gv.egovernment.moa.id.config.ConfigurationException;
-import at.gv.egovernment.moa.id.config.ConnectionParameter;
+import at.gv.egovernment.moa.id.config.legacy.ConnectionParameter;
import at.gv.egovernment.moa.id.config.proxy.ProxyConfigurationProvider;
import at.gv.egovernment.moa.id.data.AuthenticationData;
import at.gv.egovernment.moa.id.data.SAMLStatus;
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/proxy/parser/AuthenticationDataAssertionParser.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/proxy/parser/AuthenticationDataAssertionParser.java
index f2aca057a..1589f1440 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/proxy/parser/AuthenticationDataAssertionParser.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/proxy/parser/AuthenticationDataAssertionParser.java
@@ -130,7 +130,7 @@ public class AuthenticationDataAssertionParser implements Constants {
try {
AuthenticationData authData = new AuthenticationData();
- //ÄNDERN: NUR der Identification-Teil
+ //ÄNDERN: NUR der Identification-Teil
authData.setSamlAssertion(DOMUtils.serializeNode(samlAssertion));
authData.setMajorVersion(new Integer(
XPathUtils.getAttributeValue(samlAssertion, MAJOR_VERSION_XPATH, "-1")).intValue());
@@ -143,10 +143,17 @@ public class AuthenticationDataAssertionParser implements Constants {
authData.setIssueInstant(
XPathUtils.getAttributeValue(samlAssertion, ISSUE_INSTANT_XPATH, ""));
String pkValue = XPathUtils.getElementValue(samlAssertion, PK_XPATH, "");
+
+
+ //TODO: set pBK and Type
if (XPathUtils.getAttributeValue(samlAssertion, NAME_QUALIFIER_XPATH, "").equalsIgnoreCase(URN_PREFIX_BPK)) {
- authData.setBPK(pkValue);
+ //bPK
+ authData.setBPK(Constants.URN_PREFIX_BPK);
+
} else {
- authData.setWBPK(pkValue);
+ //wbPK
+ authData.setBPK(pkValue);
+ authData.setBPKType(XPathUtils.getElementValue(samlAssertion, IDENTIFICATION_TYPE_XPATH, ""));
}
authData.setIdentificationValue(
XPathUtils.getElementValue(samlAssertion, IDENTIFICATION_VALUE_XPATH, ""));
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/proxy/servlet/ProxyServlet.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/proxy/servlet/ProxyServlet.java
index a55e02cdd..ddaab7a28 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/proxy/servlet/ProxyServlet.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/proxy/servlet/ProxyServlet.java
@@ -55,7 +55,7 @@ import at.gv.egovernment.moa.id.MOAIDException;
import at.gv.egovernment.moa.id.ParseException;
import at.gv.egovernment.moa.id.ServiceException;
import at.gv.egovernment.moa.id.config.ConfigurationException;
-import at.gv.egovernment.moa.id.config.ConnectionParameter;
+import at.gv.egovernment.moa.id.config.legacy.ConnectionParameter;
import at.gv.egovernment.moa.id.config.proxy.OAConfiguration;
import at.gv.egovernment.moa.id.config.proxy.OAProxyParameter;
import at.gv.egovernment.moa.id.config.proxy.ProxyConfigurationProvider;
@@ -265,7 +265,9 @@ public class ProxyServlet extends HttpServlet {
// setup SSLSocketFactory for communication with the online application
if (oaConnParam.isHTTPSURL()) {
try {
- ssf = SSLUtils.getSSLSocketFactory(proxyConf, oaConnParam);
+
+ //TODO: einkommentieren!!!!
+ //ssf = SSLUtils.getSSLSocketFactory(proxyConf, oaConnParam);
} catch (Throwable ex) {
throw new ProxyException(
"proxy.05",
@@ -440,7 +442,7 @@ private int tunnelRequest(HttpServletRequest req, HttpServletResponse resp, Map
}
}
- /* Soll auch bei anderen bindings zuerst ein passwort probiert werden können:
+ /* Soll auch bei anderen bindings zuerst ein passwort probiert werden k�nnen:
//if we have the first Login-Try and we have Binding to Username and a predefined Password we try this one first
// full binding will be covered by next block
if (loginTry==1 && !OAConfiguration.BINDUNG_FULL.equals(binding)) {
@@ -662,7 +664,7 @@ private int tunnelRequest(HttpServletRequest req, HttpServletResponse resp, Map
}
}
-// // Überschrift im Browser-Passworteingabedialog setzen (sonst ist der reale host eingetragen)
+// // Ãœberschrift im Browser-Passworteingabedialog setzen (sonst ist der reale host eingetragen)
// if (headerKey.equalsIgnoreCase("WWW-Authenticate") && headerValue.startsWith("Basic realm=\"")) {
// headerValue = "Basic realm=\"" + publicURLPrefix + "\"";
// if (OAConfiguration.BINDUNG_USERNAME.equals(originBinding) || OAConfiguration.BINDUNG_NOMATCH.equals(originBinding)) {
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/storage/AssertionStorage.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/storage/AssertionStorage.java
new file mode 100644
index 000000000..b01a6a36e
--- /dev/null
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/storage/AssertionStorage.java
@@ -0,0 +1,156 @@
+package at.gv.egovernment.moa.id.storage;
+
+import iaik.util.logging.Log;
+
+import java.io.Serializable;
+import java.util.Date;
+import java.util.List;
+
+import org.apache.commons.lang.SerializationUtils;
+import org.hibernate.HibernateException;
+import org.hibernate.Query;
+import org.hibernate.Session;
+
+import at.gv.egovernment.moa.id.commons.db.MOASessionDBUtils;
+import at.gv.egovernment.moa.id.commons.db.dao.session.AssertionStore;
+import at.gv.egovernment.moa.id.commons.db.ex.MOADatabaseException;
+import at.gv.egovernment.moa.logging.Logger;
+import at.gv.egovernment.moa.util.MiscUtil;
+
+public class AssertionStorage {
+
+ private static AssertionStorage instance = null;
+
+ public static AssertionStorage getInstance() {
+ if(instance == null) {
+ instance = new AssertionStorage();
+ }
+ return instance;
+ }
+
+ public boolean containsKey(String artifact) {
+ try {
+ searchInDatabase(artifact);
+ return true;
+
+ } catch (MOADatabaseException e) {
+ return false;
+ }
+
+ }
+
+ public void put(String artifact, Object assertion) throws MOADatabaseException {
+ //setup AssertionStore element
+ AssertionStore element = new AssertionStore();
+ element.setArtifact(artifact);
+ element.setType(assertion.getClass().getName());
+ element.setDatatime(new Date());
+
+ //serialize the Assertion for Database storage
+ byte[] data = SerializationUtils.serialize((Serializable) assertion);
+ element.setAssertion(data);
+
+ //store AssertionStore element to Database
+ try {
+ MOASessionDBUtils.saveOrUpdate(element);
+ Log.info("Assertion with Artifact=" + artifact + " is stored in Database");
+
+ } catch (MOADatabaseException e) {
+ Logger.warn("Assertion could not be stored.");
+ throw new MOADatabaseException(e);
+ }
+
+ }
+
+ public <T> T get(String artifact, final Class<T> clazz) throws MOADatabaseException {
+
+ AssertionStore element = searchInDatabase(artifact);
+
+ //Deserialize Assertion
+ Object data = SerializationUtils.deserialize(element.getAssertion());
+
+ //check if assertion has the correct class type
+ try {
+ @SuppressWarnings("unchecked")
+ T test = (T) Class.forName(element.getType()).cast(data);
+ return test;
+
+ } catch (Exception e) {
+ Log.warn("Assertion Cast-Exception by using Artifact=" + artifact);
+ throw new MOADatabaseException("Assertion Cast-Exception");
+ }
+ }
+
+ public void clean(long now, long authDataTimeOut) {
+ Date expioredate = new Date(now - authDataTimeOut);
+
+ List<AssertionStore> results;
+ Session session = MOASessionDBUtils.getCurrentSession();
+
+ synchronized (session) {
+ session.beginTransaction();
+ Query query = session.getNamedQuery("getAssertionWithTimeOut");
+ query.setTimestamp("timeout", expioredate);
+ results = query.list();
+ session.getTransaction().commit();
+ }
+
+ if (results.size() != 0) {
+ for(AssertionStore result : results) {
+ try {
+ MOASessionDBUtils.delete(result);
+ Logger.info("Remove Assertion with Artifact=" + result.getArtifact()
+ + " after assertion timeout.");
+
+ } catch (HibernateException e){
+ Logger.warn("Assertion with Artifact=" + result.getArtifact()
+ + " not removed after timeout! (Error during Database communication)", e);
+ }
+
+ }
+ }
+ }
+
+ public void remove(String artifact) {
+
+ try {
+ AssertionStore element = searchInDatabase(artifact);
+ MOASessionDBUtils.delete(element);
+
+ } catch (MOADatabaseException e) {
+ Logger.info("Assertion not removed! (Assertion with Artifact=" + artifact
+ + "not found)");
+
+ } catch (HibernateException e) {
+ Logger.warn("Assertion not removed! (Error during Database communication)", e);
+ }
+ }
+
+ @SuppressWarnings("rawtypes")
+ private AssertionStore searchInDatabase(String artifact) throws MOADatabaseException {
+ MiscUtil.assertNotNull(artifact, "artifact");
+ Logger.trace("Getting Assertion with Artifact " + artifact + " from database.");
+ Session session = MOASessionDBUtils.getCurrentSession();
+ List result;
+
+ synchronized (session) {
+ session.beginTransaction();
+ Query query = session.getNamedQuery("getAssertionWithArtifact");
+ query.setString("artifact", artifact);
+ result = query.list();
+
+ //send transaction
+ session.getTransaction().commit();
+ }
+
+ Logger.trace("Found entries: " + result.size());
+
+ //Assertion requires an unique artifact
+ if (result.size() != 1) {
+ Logger.trace("No entries found.");
+ throw new MOADatabaseException("No Assertion found with this Artifact");
+ }
+
+ return (AssertionStore) result.get(0);
+ }
+}
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/storage/AuthenticationSessionStoreage.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/storage/AuthenticationSessionStoreage.java
new file mode 100644
index 000000000..498188ffe
--- /dev/null
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/storage/AuthenticationSessionStoreage.java
@@ -0,0 +1,496 @@
+package at.gv.egovernment.moa.id.storage;
+
+import iaik.util.logging.Log;
+
+import java.io.Serializable;
+import java.util.Date;
+import java.util.HashMap;
+import java.util.Iterator;
+import java.util.List;
+import java.util.Set;
+
+import org.apache.commons.lang.SerializationUtils;
+import org.hibernate.HibernateException;
+import org.hibernate.Query;
+import org.hibernate.Session;
+import org.hibernate.Transaction;
+
+import at.gv.egovernment.moa.id.AuthenticationException;
+import at.gv.egovernment.moa.id.BuildException;
+import at.gv.egovernment.moa.id.MOAIDException;
+import at.gv.egovernment.moa.id.auth.data.AuthenticationSession;
+import at.gv.egovernment.moa.id.commons.db.MOASessionDBUtils;
+import at.gv.egovernment.moa.id.commons.db.dao.session.AssertionStore;
+import at.gv.egovernment.moa.id.commons.db.dao.session.AuthenticatedSessionStore;
+import at.gv.egovernment.moa.id.commons.db.dao.session.OASessionStore;
+import at.gv.egovernment.moa.id.commons.db.dao.session.OldSSOSessionIDStore;
+import at.gv.egovernment.moa.id.commons.db.ex.MOADatabaseException;
+import at.gv.egovernment.moa.id.util.Random;
+import at.gv.egovernment.moa.id.util.SessionEncrytionUtil;
+import at.gv.egovernment.moa.logging.Logger;
+import at.gv.egovernment.moa.util.MiscUtil;
+
+public class AuthenticationSessionStoreage {
+
+ //private static HashMap<String, AuthenticationSession> sessionStore = new HashMap<String, AuthenticationSession>();
+
+ public static boolean isAuthenticated(String moaSessionID) {
+
+ AuthenticatedSessionStore session;
+
+ try {
+ session = searchInDatabase(moaSessionID);
+ return session.isAuthenticated();
+
+ } catch (MOADatabaseException e) {
+ return false;
+ }
+ }
+
+ public static void setAuthenticated(String moaSessionID, boolean value) {
+
+ AuthenticatedSessionStore session;
+
+ try {
+ session = searchInDatabase(moaSessionID);
+ session.setAuthenticated(value);
+ MOASessionDBUtils.saveOrUpdate(session);
+
+
+ } catch (MOADatabaseException e) {
+ Logger.warn("isAuthenticated can not be stored in MOASession " + moaSessionID, e);
+ }
+ }
+
+ public static AuthenticationSession createSession() throws MOADatabaseException {
+ String id = Random.nextRandom();
+ AuthenticationSession session = new AuthenticationSession(id);
+
+ AuthenticatedSessionStore dbsession = new AuthenticatedSessionStore();
+ dbsession.setSessionid(id);
+ dbsession.setAuthenticated(false);
+
+ //set Timestamp in this state, because automated timestamp generation is buggy in Hibernate 4.2.1
+ dbsession.setCreated(new Date());
+ dbsession.setUpdated(new Date());
+
+ dbsession.setSession(SerializationUtils.serialize(session));
+
+ //store AssertionStore element to Database
+ try {
+ MOASessionDBUtils.saveOrUpdate(dbsession);
+ Log.info("MOASession with sessionID=" + id + " is stored in Database");
+
+ } catch (MOADatabaseException e) {
+ Logger.warn("MOASession could not be created.");
+ throw new MOADatabaseException(e);
+ }
+
+ return session;
+ }
+
+ public static void storeSession(AuthenticationSession session) throws MOADatabaseException, BuildException {
+
+ try {
+ AuthenticatedSessionStore dbsession = searchInDatabase(session.getSessionID());
+ dbsession.setAuthenticated(session.isAuthenticated());
+ byte[] serialized = SerializationUtils.serialize(session);
+
+ dbsession.setSession(SessionEncrytionUtil.encrypt(serialized));
+
+ //set Timestamp in this state, because automated timestamp generation is buggy in Hibernate 4.2.1
+ dbsession.setUpdated(new Date());
+
+ MOASessionDBUtils.saveOrUpdate(dbsession);
+ Log.info("MOASession with sessionID=" + session.getSessionID() + " is stored in Database");
+
+ } catch (MOADatabaseException e) {
+ Logger.warn("MOASession could not be stored.");
+ throw new MOADatabaseException(e);
+ }
+ }
+
+ public static void storeSession(AuthenticationSession session, String pendingRequestID) throws MOADatabaseException, BuildException {
+
+ try {
+ AuthenticatedSessionStore dbsession = searchInDatabase(session.getSessionID());
+ dbsession.setPendingRequestID(pendingRequestID);
+
+ dbsession.setAuthenticated(session.isAuthenticated());
+ byte[] serialized = SerializationUtils.serialize(session);
+
+ dbsession.setSession(SessionEncrytionUtil.encrypt(serialized));
+
+ //set Timestamp in this state, because automated timestamp generation is buggy in Hibernate 4.2.1
+ dbsession.setUpdated(new Date());
+
+ MOASessionDBUtils.saveOrUpdate(dbsession);
+ Log.info("MOASession with sessionID=" + session.getSessionID() + " is stored in Database");
+
+ } catch (MOADatabaseException e) {
+ Logger.warn("MOASession could not be stored.");
+ throw new MOADatabaseException(e);
+ }
+ }
+
+
+ public static void destroySession(String moaSessionID) throws MOADatabaseException {
+
+ Session session = MOASessionDBUtils.getCurrentSession();
+
+ List result;
+
+ synchronized (session) {
+
+ session.beginTransaction();
+ Query query = session.getNamedQuery("getSessionWithID");
+ query.setString("sessionid", moaSessionID);
+ result = query.list();
+
+
+ Logger.trace("Found entries: " + result.size());
+
+ //Assertion requires an unique artifact
+ if (result.size() != 1) {
+ Logger.trace("No entries found.");
+ throw new MOADatabaseException("No session found with this sessionID");
+ }
+
+ AuthenticatedSessionStore dbsession = (AuthenticatedSessionStore) result.get(0);
+
+ //delete MOA Session
+ session.delete(dbsession);
+ session.getTransaction().commit();
+ }
+
+ }
+
+// public static void dumpSessionStore() {
+// synchronized (sessionStore) {
+// Set<String> keys = sessionStore.keySet();
+// Iterator<String> keyIterator = keys.iterator();
+// while(keyIterator.hasNext()) {
+// String key = keyIterator.next();
+// AuthenticationSession session = sessionStore.get(key);
+// Logger.info("Key: " + key + " -> " + session.toString());
+// }
+// }
+// }
+
+ public static String changeSessionID(AuthenticationSession session)
+ throws AuthenticationException, BuildException {
+
+ try {
+ AuthenticatedSessionStore dbsession = searchInDatabase(session.getSessionID());
+
+ String id = Random.nextRandom();
+ session.setSessionID(id);
+
+ dbsession.setSessionid(id);
+ dbsession.setAuthenticated(session.isAuthenticated());
+
+ byte[] serialized = SerializationUtils.serialize(session);
+
+ dbsession.setSession(SessionEncrytionUtil.encrypt(serialized));
+
+ //set Timestamp in this state, because automated timestamp generation is buggy in Hibernate 4.2.1
+ dbsession.setUpdated(new Date());
+
+ MOASessionDBUtils.saveOrUpdate(dbsession);
+
+ return id;
+
+ } catch (MOADatabaseException e) {
+ throw new AuthenticationException("TODO!", null);
+ }
+ }
+
+ public static void addSSOInformation(String moaSessionID, String SSOSessionID,
+ String OAUrl) throws AuthenticationException {
+
+ AuthenticatedSessionStore dbsession;
+ Transaction tx = null;
+
+ try {
+
+ Session session = MOASessionDBUtils.getCurrentSession();
+ List result;
+
+ synchronized (session) {
+
+ tx = session.beginTransaction();
+ Query query = session.getNamedQuery("getSessionWithID");
+ query.setString("sessionid", moaSessionID);
+ result = query.list();
+
+
+ Logger.trace("Found entries: " + result.size());
+
+ //Assertion requires an unique artifact
+ if (result.size() != 1) {
+ Logger.trace("No entries found.");
+ throw new MOADatabaseException("No session found with this sessionID");
+ }
+
+ dbsession = (AuthenticatedSessionStore) result.get(0);
+
+ //set active OA applications
+ OASessionStore activeOA = new OASessionStore();
+ activeOA.setOaurlprefix(OAUrl);
+ activeOA.setMoasession(dbsession);
+ activeOA.setCreated(new Date());
+
+ List<OASessionStore> activeOAs = dbsession.getActiveOAsessions();
+ activeOAs.add(activeOA);
+ dbsession.setActiveOAsessions(activeOAs);
+
+
+ //Store used SSOId
+ if (dbsession.getSSOsessionid() != null) {
+ OldSSOSessionIDStore oldSSOId = new OldSSOSessionIDStore();
+ oldSSOId.setOldsessionid(dbsession.getSSOsessionid());
+ oldSSOId.setMoasession(dbsession);
+
+ List<OldSSOSessionIDStore> oldSSOIds = dbsession.getOldssosessionids();
+ oldSSOIds.add(oldSSOId);
+ }
+
+ dbsession.setSSOSession(true);
+ dbsession.setSSOsessionid(SSOSessionID);
+ dbsession.setAuthenticated(false);
+ dbsession.setPendingRequestID("");
+
+ //Store MOASession
+ session.saveOrUpdate(dbsession);
+
+ //send transaction
+ tx.commit();
+ }
+
+ } catch (MOADatabaseException e) {
+ throw new AuthenticationException("No MOASession found with Id="+moaSessionID, null);
+
+ } catch(HibernateException e) {
+ Logger.warn("Error during database saveOrUpdate. Rollback.", e);
+ tx.rollback();
+ throw new AuthenticationException("SSO Session information can not be stored! --> SSO is deactivated", null);
+ }
+ }
+
+
+ public static AuthenticationSession getSession(String sessionID) throws MOADatabaseException {
+
+ try {
+ AuthenticatedSessionStore dbsession = searchInDatabase(sessionID);
+
+ //decrypt Session
+ byte[] decrypted = SessionEncrytionUtil.decrypt(dbsession.getSession());
+
+ AuthenticationSession session = (AuthenticationSession) SerializationUtils.deserialize(decrypted);
+
+ return session;
+
+ } catch (MOADatabaseException e) {
+ Logger.info("No MOA Session with id: " + sessionID);
+ throw new MOADatabaseException("No MOA Session with id: " + sessionID);
+
+ } catch (Throwable e) {
+ Log.warn("MOASession deserialization-exception by using MOASessionID=" + sessionID);
+ throw new MOADatabaseException("MOASession deserialization-exception");
+ }
+ }
+
+ public static boolean isSSOSession(String sessionID) throws MOADatabaseException {
+ try {
+ AuthenticatedSessionStore dbsession = searchInDatabase(sessionID);
+ return dbsession.isSSOSession();
+
+ } catch (MOADatabaseException e) {
+ Logger.info("No MOA Session with id: " + sessionID);
+ throw new MOADatabaseException("No MOA Session with id: " + sessionID);
+ }
+
+
+ }
+
+ public static String getMOASessionID(String SSOSessionID) {
+ MiscUtil.assertNotNull(SSOSessionID, "moasessionID");
+ Logger.trace("Get authenticated session with SSOID " + SSOSessionID + " from database.");
+ Session session = MOASessionDBUtils.getCurrentSession();
+
+ List<AuthenticatedSessionStore> result;
+
+ synchronized (session) {
+ session.beginTransaction();
+ Query query = session.getNamedQuery("getSessionWithSSOID");
+ query.setString("sessionid", SSOSessionID);
+ result = query.list();
+
+ //send transaction
+ session.getTransaction().commit();
+ }
+
+ Logger.trace("Found entries: " + result.size());
+
+ //Assertion requires an unique artifact
+ if (result.size() != 1) {
+ Logger.trace("No entries found.");
+ return null;
+
+ } else {
+ return result.get(0).getSessionid();
+
+ }
+
+ }
+
+ public static boolean isValidSessionWithSSOID(String SSOId, String moaSessionId) {
+
+ MiscUtil.assertNotNull(SSOId, "SSOSessionID");
+ Logger.trace("Get authenticated session with SSOID " + SSOId + " from database.");
+ Session session = MOASessionDBUtils.getCurrentSession();
+
+ List<AuthenticatedSessionStore> result;
+
+ synchronized (session) {
+ session.beginTransaction();
+ Query query = session.getNamedQuery("getSessionWithSSOID");
+ query.setString("sessionid", SSOId);
+ result = query.list();
+
+ //send transaction
+ session.getTransaction().commit();
+ }
+
+ Logger.trace("Found entries: " + result.size());
+
+ //Assertion requires an unique artifact
+ if (result.size() != 1) {
+ Logger.trace("No entries found.");
+ return false;
+
+ } else {
+ return true;
+
+// AuthenticatedSessionStore dbsession = result.get(0);
+//
+//
+// if (dbsession.getSessionid().equals(moaSessionId) && dbsession.isAuthenticated()) {
+// Log.info("Found SSO Session Cookie for MOA Session =" + moaSessionId);
+// return true;
+//
+// } else {
+// Log.warn("Found SSO Session with ID="+ dbsession.getSessionid()
+// + " but this Session does not match to MOA Sesson ID=" + moaSessionId);
+// }
+//
+// return false;
+ }
+
+ }
+
+ public static boolean deleteSessionWithPendingRequestID(String id) {
+ MiscUtil.assertNotNull(id, "PendingRequestID");
+ Logger.trace("Delete MOAsession with PendingRequestID " + id + " from database.");
+ Session session = MOASessionDBUtils.getCurrentSession();
+
+ List<AuthenticatedSessionStore> result;
+
+ synchronized (session) {
+ session.beginTransaction();
+ Query query = session.getNamedQuery("getSessionWithPendingRequestID");
+ query.setString("sessionid", id);
+ result = query.list();
+
+ //send transaction
+ session.getTransaction().commit();
+ }
+
+ Logger.trace("Found entries: " + result.size());
+
+ //Assertion requires an unique artifact
+ if (result.size() != 1) {
+ Logger.trace("No entries found.");
+ return false;
+
+ } else {
+ MOASessionDBUtils.delete(result.get(0));
+ return true;
+ }
+
+
+ }
+
+ public static String getPendingRequestID(String sessionID) {
+ try {
+ AuthenticatedSessionStore dbsession = searchInDatabase(sessionID);
+ return dbsession.getPendingRequestID();
+
+ } catch (MOADatabaseException e) {
+ Logger.warn("MOASession with ID " + sessionID + " not found");
+ return "";
+ }
+
+ }
+
+ public static void clean(long now, long authDataTimeOutCreated, long authDataTimeOutUpdated) {
+ Date expioredatecreate = new Date(now - authDataTimeOutCreated);
+ Date expioredateupdate = new Date(now - authDataTimeOutUpdated);
+
+ List<AuthenticatedSessionStore> results;
+ Session session = MOASessionDBUtils.getCurrentSession();
+
+ synchronized (session) {
+ session.beginTransaction();
+ Query query = session.getNamedQuery("getMOAISessionsWithTimeOut");
+ query.setTimestamp("timeoutcreate", expioredatecreate);
+ query.setTimestamp("timeoutupdate", expioredateupdate);
+ results = query.list();
+ session.getTransaction().commit();
+ }
+
+ if (results.size() != 0) {
+ for(AuthenticatedSessionStore result : results) {
+ try {
+ MOASessionDBUtils.delete(result);
+ Logger.info("Authenticated session with sessionID=" + result.getSessionid()
+ + " after session timeout.");
+
+ } catch (HibernateException e){
+ Logger.warn("Authenticated session with sessionID=" + result.getSessionid()
+ + " not removed after timeout! (Error during Database communication)", e);
+ }
+
+ }
+ }
+ }
+
+ @SuppressWarnings("rawtypes")
+ private static AuthenticatedSessionStore searchInDatabase(String sessionID) throws MOADatabaseException {
+ MiscUtil.assertNotNull(sessionID, "moasessionID");
+ Logger.trace("Get authenticated session with sessionID " + sessionID + " from database.");
+ Session session = MOASessionDBUtils.getCurrentSession();
+
+ List result;
+
+ synchronized (session) {
+ session.beginTransaction();
+ Query query = session.getNamedQuery("getSessionWithID");
+ query.setString("sessionid", sessionID);
+ result = query.list();
+
+ //send transaction
+ session.getTransaction().commit();
+ }
+
+ Logger.trace("Found entries: " + result.size());
+
+ //Assertion requires an unique artifact
+ if (result.size() != 1) {
+ Logger.trace("No entries found.");
+ throw new MOADatabaseException("No session found with this sessionID");
+ }
+
+ return (AuthenticatedSessionStore) result.get(0);
+ }
+}
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/storage/ExceptionStoreImpl.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/storage/ExceptionStoreImpl.java
new file mode 100644
index 000000000..5ea3be837
--- /dev/null
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/storage/ExceptionStoreImpl.java
@@ -0,0 +1,36 @@
+package at.gv.egovernment.moa.id.storage;
+
+import java.util.HashMap;
+import java.util.Map;
+
+import at.gv.egovernment.moa.id.util.Random;
+
+public class ExceptionStoreImpl implements IExceptionStore {
+
+ // Just a quick implementation
+ private static IExceptionStore store;
+
+ public static IExceptionStore getStore() {
+ if(store == null) {
+ store = new ExceptionStoreImpl();
+ }
+ return store;
+ }
+
+ private Map<String, Throwable> exceptionStore = new HashMap<String, Throwable>();
+
+ public String storeException(Throwable e) {
+ String id = Random.nextRandom();
+ exceptionStore.put(id, e);
+ return id;
+ }
+
+ public Throwable fetchException(String id) {
+ return exceptionStore.get(id);
+ }
+
+ public void removeException(String id) {
+ exceptionStore.remove(id);
+ }
+
+}
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/storage/IExceptionStore.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/storage/IExceptionStore.java
new file mode 100644
index 000000000..5c51fff73
--- /dev/null
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/storage/IExceptionStore.java
@@ -0,0 +1,7 @@
+package at.gv.egovernment.moa.id.storage;
+
+public interface IExceptionStore {
+ public String storeException(Throwable e);
+ public Throwable fetchException(String id);
+ public void removeException(String id);
+}
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/util/HTTPSessionUtils.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/util/HTTPSessionUtils.java
new file mode 100644
index 000000000..1e9cb9024
--- /dev/null
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/util/HTTPSessionUtils.java
@@ -0,0 +1,70 @@
+package at.gv.egovernment.moa.id.util;
+
+import java.util.Enumeration;
+import java.util.HashMap;
+import java.util.Iterator;
+import java.util.Set;
+
+import javax.servlet.http.HttpSession;
+
+public class HTTPSessionUtils {
+
+// public static HashMap<String, Object> extractAllProperties(HttpSession session) {
+// @SuppressWarnings("unchecked")
+// Enumeration<String> keys = (Enumeration<String>)session.getAttributeNames();
+// HashMap<String, Object> properties = new HashMap<String, Object>();
+//
+// while(keys.hasMoreElements()) {
+// Object keyObject = keys.nextElement();
+// String key = keyObject.toString();
+// Object value = session.getAttribute(key);
+// properties.put(key, value);
+// }
+//
+// return properties;
+// }
+//
+// public static void pushAllProperties(HttpSession session, HashMap<String, Object> properties) {
+// Set<String> keys = properties.keySet();
+// Iterator<String> keysIterator = keys.iterator();
+// while(keysIterator.hasNext()) {
+// String key = keysIterator.next();
+// session.setAttribute(key, properties.get(key));
+// }
+// }
+//
+// public static boolean getHTTPSessionBoolean(HttpSession session, String name, boolean fallback) {
+// Object obj = session.getAttribute(name);
+// if(obj == null) {
+// return fallback;
+// }
+//
+// if(obj instanceof Boolean) {
+// Boolean b = (Boolean)obj;
+// if(b != null) {
+// return b.booleanValue();
+// }
+// }
+// return fallback;
+// }
+//
+// public static void setHTTPSessionBoolean(HttpSession session, String name, boolean value) {
+// session.setAttribute(name, new Boolean(value));
+// }
+//
+// public static String getHTTPSessionString(HttpSession session, String name, String fallback) {
+// Object obj = session.getAttribute(name);
+// if(obj == null) {
+// return fallback;
+// }
+//
+// if(obj instanceof String) {
+// return (String)obj;
+// }
+// return fallback;
+// }
+//
+// public static void setHTTPSessionString(HttpSession session, String name, String value) {
+// session.setAttribute(name, value);
+// }
+}
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/util/MandateBuilder.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/util/MandateBuilder.java
new file mode 100644
index 000000000..b56a54c90
--- /dev/null
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/util/MandateBuilder.java
@@ -0,0 +1,59 @@
+package at.gv.egovernment.moa.id.util;
+
+import java.util.Iterator;
+
+import javax.xml.bind.JAXBContext;
+import javax.xml.bind.JAXBException;
+import javax.xml.bind.Unmarshaller;
+
+import org.w3c.dom.Element;
+import org.w3._2000._09.xmldsig_.*;
+import at.gv.e_government.reference.namespace.*;
+import at.gv.e_government.reference.namespace.mandates._20040701_.Mandate;
+import at.gv.e_government.reference.namespace.persondata._20020228_.AbstractPersonType;
+import at.gv.e_government.reference.namespace.persondata._20020228_.IdentificationType;
+import at.gv.egovernment.moa.logging.Logger;
+import at.gv.egovernment.moa.spss.MOAException;
+import at.gv.egovernment.moa.util.Constants;
+
+@SuppressWarnings("unused")
+public class MandateBuilder {
+
+ public static final String MANDATE_DATE_OF_BIRTH_FORMAT = "yyyy-MM-dd";
+
+ public static Mandate buildMandate(Element mandate) {
+
+ try {
+ JAXBContext jc = JAXBContext.newInstance("at.gv.e_government.reference.namespace.mandates._20040701_");
+
+ Unmarshaller u = jc.createUnmarshaller();
+ Mandate mand = (Mandate) u.unmarshal(mandate);
+ return mand;
+ } catch (JAXBException e) {
+ Logger.error("Failed to parse Mandate", e);
+ }
+ return null;
+ }
+
+ public static IdentificationType getWBPKIdentification(AbstractPersonType person) {
+ Iterator<IdentificationType> typesIt = person.getIdentification().iterator();
+ while(typesIt.hasNext()) {
+ IdentificationType id = typesIt.next();
+ if(id.getType().startsWith(Constants.URN_PREFIX_WBPK)) {
+ return id;
+ }
+ }
+ return null;
+ }
+
+ public static IdentificationType getBPKIdentification(AbstractPersonType person) {
+ Iterator<IdentificationType> typesIt = person.getIdentification().iterator();
+ while(typesIt.hasNext()) {
+ IdentificationType id = typesIt.next();
+ if(id.getType().startsWith(Constants.URN_PREFIX_BPK)) {
+ return id;
+ }
+ }
+ return null;
+ }
+}
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/util/ParamValidatorUtils.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/util/ParamValidatorUtils.java
index bd79f88b7..ea823889f 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/util/ParamValidatorUtils.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/util/ParamValidatorUtils.java
@@ -41,13 +41,17 @@ import javax.xml.parsers.ParserConfigurationException;
import org.xml.sax.InputSource;
import org.xml.sax.SAXException;
+import at.gv.egovernment.moa.id.auth.MOAIDAuthConstants;
+import at.gv.egovernment.moa.id.auth.WrongParametersException;
+import at.gv.egovernment.moa.id.commons.db.dao.config.TemplateType;
import at.gv.egovernment.moa.id.config.ConfigurationException;
import at.gv.egovernment.moa.id.config.auth.AuthConfigurationProvider;
import at.gv.egovernment.moa.logging.Logger;
+import at.gv.egovernment.moa.util.MiscUtil;
import at.gv.egovernment.moa.util.StringUtils;
-public class ParamValidatorUtils {
+public class ParamValidatorUtils implements MOAIDAuthConstants{
/**
* Checks if the given target is valid
@@ -175,7 +179,7 @@ public class ParamValidatorUtils {
* @param target HTTP parameter from request
* @return
*/
- public static boolean isValidBKUURI(String bkuURI) {
+ public static boolean isValidBKUURI(String bkuURI, List<String> allowedBKUs) {
Logger.debug("Ueberpruefe Parameter bkuURI");
// if non parameter is given return true
@@ -200,9 +204,7 @@ public class ParamValidatorUtils {
}
else {
Logger.debug("Parameter bkuURI ist keine lokale BKU. Ueberpruefe Liste der vertrauenswuerdigen BKUs.");
- AuthConfigurationProvider authConf = AuthConfigurationProvider.getInstance();
- List trustedBKUs = authConf.getTrustedBKUs();
- boolean b = trustedBKUs.contains(bkuURI);
+ boolean b = allowedBKUs.contains(bkuURI);
if (b) {
Logger.debug("Parameter bkuURI erfolgreich ueberprueft");
return true;
@@ -212,10 +214,12 @@ public class ParamValidatorUtils {
return false;
}
}
-
-
}
- else {
+ else if (MOAIDAuthConstants.REQ_BKU_TYPES.contains(bkuURI)) {
+ Logger.debug("Parameter bkuURI from configuration is used.");
+ return true;
+
+ } else {
Logger.error("Fehler Ueberpruefung Parameter bkuURI. bkuURI beginnt nicht mit http or https");
return false;
}
@@ -224,10 +228,7 @@ public class ParamValidatorUtils {
} catch (MalformedURLException e) {
Logger.error("Fehler Ueberpruefung Parameter bkuURI", e);
return false;
- } catch (ConfigurationException e) {
- Logger.error("Fehler Ueberpruefung Parameter bkuURI", e);
- return false;
- }
+ }
}
@@ -237,7 +238,7 @@ public class ParamValidatorUtils {
* @param template
* @return
*/
- public static boolean isValidTemplate(HttpServletRequest req, String template) {
+ public static boolean isValidTemplate(HttpServletRequest req, String template, List<TemplateType> oaSlTemplates) {
Logger.debug("Ueberpruefe Parameter Template bzw. bkuSelectionTemplateURL");
@@ -266,7 +267,14 @@ public class ParamValidatorUtils {
else {
//check against configured trustet template urls
AuthConfigurationProvider authConf = AuthConfigurationProvider.getInstance();
- List trustedTemplateURLs = authConf.getTrustedTemplateURLs();
+ List<String> trustedTemplateURLs = authConf.getSLRequestTemplates();
+
+ //get OA specific template URLs
+ if (oaSlTemplates != null && oaSlTemplates.size() > 0) {
+ for (TemplateType el : oaSlTemplates)
+ trustedTemplateURLs.add(el.getURL());
+ }
+
boolean b = trustedTemplateURLs.contains(template);
if (b) {
Logger.debug("Parameter Template erfolgreich ueberprueft");
@@ -308,18 +316,18 @@ public class ParamValidatorUtils {
Logger.debug("Parameter MOASessionId ist null");
return true;
}
-
-
- Pattern pattern = Pattern.compile("[0-9-]*");
+
+ Pattern pattern = Pattern.compile("[0-9-]*");
Matcher matcher = pattern.matcher(sessionID);
boolean b = matcher.matches();
if (b) {
Logger.debug("Parameter MOASessionId erfolgreich ueberprueft");
return true;
}
- else {
- Logger.error("Fehler Ueberpruefung Parameter MOASessionId. MOASessionId entspricht nicht den Kriterien (nur Zeichen 0-9 und -)");
- return false;
+ else {
+ Logger.error("Fehler Ueberpruefung Parameter MOASessionId. MOASessionId entspricht nicht den Kriterien (nur Zeichen 0-9 und -)");
+ return false;
+
}
}
@@ -467,7 +475,39 @@ public class ParamValidatorUtils {
return false;
}
- }
+ }
+
+ public static boolean areAllLegacyParametersAvailable(HttpServletRequest req) {
+
+ String oaURL = req.getParameter(PARAM_OA);
+ String bkuURL = req.getParameter(PARAM_BKU);
+ String templateURL = req.getParameter(PARAM_TEMPLATE);
+ String useMandate = req.getParameter(PARAM_USEMANDATE);
+ String ccc = req.getParameter(PARAM_CCC);
+
+
+ // check parameter
+ try {
+ if (!ParamValidatorUtils.isValidOA(oaURL))
+ throw new WrongParametersException("StartAuthentication", PARAM_OA, "auth.12");
+ if (MiscUtil.isEmpty(bkuURL))
+ throw new WrongParametersException("StartAuthentication", PARAM_BKU, "auth.12");
+ if (MiscUtil.isEmpty(templateURL))
+ throw new WrongParametersException("StartAuthentication", PARAM_TEMPLATE, "auth.12");
+ if (!ParamValidatorUtils.isValidUseMandate(useMandate))
+ throw new WrongParametersException("StartAuthentication", PARAM_USEMANDATE, "auth.12");
+ if (!ParamValidatorUtils.isValidCCC(ccc))
+ throw new WrongParametersException("StartAuthentication", PARAM_CCC, "auth.12");
+
+ } catch (WrongParametersException e) {
+ return false;
+ }
+
+ if (StringUtils.isEmpty(oaURL) || StringUtils.isEmpty(templateURL) || StringUtils.isEmpty(bkuURL))
+ return false;
+ else
+ return true;
+ }
}
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/util/Random.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/util/Random.java
index d006dcdfc..f1d0ecd45 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/util/Random.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/util/Random.java
@@ -24,9 +24,16 @@
package at.gv.egovernment.moa.id.util;
+
+import iaik.security.random.SeedGenerator;
+
+import java.io.IOException;
import java.nio.ByteBuffer;
import java.security.SecureRandom;
+import at.gv.egovernment.moa.logging.Logger;
+import at.gv.egovernment.moa.util.Base64Utils;
+
/**
* Random number generator used to generate ID's
* @author Paul Ivancsics
@@ -35,21 +42,36 @@ import java.security.SecureRandom;
public class Random {
/** random number generator used */
- private static SecureRandom random = new SecureRandom();
+ //private static SecureRandom random = new SecureRandom();
+ private static SecureRandom random;
+ private static SeedGenerator seedgenerator;
+
+ static {
+ random = iaik.security.random.SHA256FIPS186Random.getDefault();
+ seedgenerator = iaik.security.random.AutoSeedGenerator.getDefault();
+
+
+ }
/**
* Creates a new random number, to be used as an ID.
*
* @return random long as a String
*/
public static String nextRandom() {
-
- byte[] b = new byte[16]; // 16 bytes = 128 bits
- random.nextBytes(b);
-
- ByteBuffer bb = ByteBuffer.wrap(b);
- long l = bb.getLong();
+ byte[] b = new byte[32]; // 32 bytes = 256 bits
+ random.nextBytes(b);
+
+ ByteBuffer bb = ByteBuffer.wrap(b);
+ long l = bb.getLong();
+ return "" + l;
+
+
+ }
+
+ public static void seedRandom() {
- return "" + l;
+ if (seedgenerator.seedAvailable())
+ random.setSeed(seedgenerator.getSeed());
}
}
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/util/SSLUtils.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/util/SSLUtils.java
index a0add1054..a6619fc11 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/util/SSLUtils.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/util/SSLUtils.java
@@ -79,7 +79,7 @@ public class SSLUtils {
*/
public static void initialize() {
sslSocketFactories = new HashMap();
- // JSSE Abhängigkeit
+ // JSSE Abhängigkeit
//Security.addProvider(new com.sun.net.ssl.internal.ssl.Provider());
Security.addProvider(new IAIK());
//System.setProperty("java.protocol.handler.pkgs", "com.sun.net.ssl.internal.www.protocol");
@@ -154,9 +154,7 @@ public class SSLUtils {
PKIConfiguration cfg = null;
if (! PKIFactory.getInstance().isAlreadyConfigured())
cfg = new PKIConfigurationImpl(conf);
- String boolString = conf.getGenericConfigurationParameter(ConfigurationProvider.TRUST_MANAGER_REVOCATION_CHECKING);
- //not using BoolUtils because default value hast to be true!
- boolean checkRevocation = !("false".equals(boolString) || "0".equals(boolString));
+ boolean checkRevocation = conf.isTrustmanagerrevoationchecking();
PKIProfile profile = new PKIProfileImpl(trustStoreURL, checkRevocation);
// This call fixes a bug occuring when PKIConfiguration is
// initialized by the MOA-SP initialization code, in case
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/util/ServletUtils.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/util/ServletUtils.java
index 2ff9e5210..db6d7aa53 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/util/ServletUtils.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/util/ServletUtils.java
@@ -31,6 +31,7 @@ import java.io.IOException;
import java.io.OutputStream;
import java.net.URLEncoder;
+import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import at.gv.egovernment.moa.id.MOAIDException;
@@ -145,5 +146,17 @@ public class ServletUtils {
Logger.debug("Finished POST " + servletName);
}
-
+
+ public static String getBaseUrl( HttpServletRequest request ) {
+ if ( ( request.getServerPort() == 80 ) ||
+ ( request.getServerPort() == 443 ) )
+ return request.getScheme() + "://" +
+ request.getServerName() +
+ request.getContextPath();
+ else
+ return request.getScheme() + "://" +
+ request.getServerName() + ":" + request.getServerPort() +
+ request.getContextPath();
+ }
+
}
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/util/SessionEncrytionUtil.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/util/SessionEncrytionUtil.java
new file mode 100644
index 000000000..1f8c31bb5
--- /dev/null
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/util/SessionEncrytionUtil.java
@@ -0,0 +1,83 @@
+package at.gv.egovernment.moa.id.util;
+
+import java.security.InvalidKeyException;
+import java.security.NoSuchAlgorithmException;
+import java.security.spec.InvalidKeySpecException;
+import java.security.spec.KeySpec;
+
+import javax.crypto.Cipher;
+import javax.crypto.NoSuchPaddingException;
+import javax.crypto.SecretKey;
+import javax.crypto.SecretKeyFactory;
+import javax.crypto.spec.PBEKeySpec;
+import javax.crypto.spec.SecretKeySpec;
+
+import at.gv.egovernment.moa.id.BuildException;
+import at.gv.egovernment.moa.id.config.auth.AuthConfigurationProvider;
+import at.gv.egovernment.moa.logging.Logger;
+
+public class SessionEncrytionUtil {
+
+ static SecretKey secret = null;
+
+ static {
+ try {
+ String key = AuthConfigurationProvider.getInstance().getMOASessionEncryptionKey();
+
+ if (key != null) {
+ SecretKeyFactory factory;
+
+ factory = SecretKeyFactory.getInstance("PBKDF2WithHmacSHA1");
+ KeySpec spec = new PBEKeySpec(key.toCharArray(), "TestSALT".getBytes(), 1024, 128);
+ SecretKey tmp = factory.generateSecret(spec);
+ secret = new SecretKeySpec(tmp.getEncoded(), "AES");
+
+
+ } else {
+ Logger.warn("MOASession encryption is deaktivated.");
+ }
+
+ } catch (Exception e) {
+ Logger.warn("MOASession encryption can not be inizialized.", e);
+ }
+
+ }
+
+ public static byte[] encrypt(byte[] data) throws BuildException {
+ Cipher cipher;
+
+ if (secret != null) {
+ try {
+ cipher = Cipher.getInstance("AES/ECB/"+"ISO10126Padding");
+ cipher.init(Cipher.ENCRYPT_MODE, secret);
+
+ Logger.debug("Encrypt MOASession");
+ return cipher.doFinal(data);
+
+ } catch (Exception e) {
+ Logger.warn("MOASession is not encrypted",e);
+ throw new BuildException("MOASession is not encrypted", new Object[]{}, e);
+ }
+ } else
+ return data;
+ }
+
+ public static byte[] decrypt(byte[] data) throws BuildException {
+ Cipher cipher;
+
+ if (secret != null) {
+ try {
+ cipher = Cipher.getInstance("AES/ECB/"+"ISO10126Padding");
+ cipher.init(Cipher.DECRYPT_MODE, secret);
+
+ Logger.debug("Decrypt MOASession");
+ return cipher.doFinal(data);
+
+ } catch (Exception e) {
+ Logger.warn("MOASession is not decrypted",e);
+ throw new BuildException("MOASession is not decrypted", new Object[]{}, e);
+ }
+ } else
+ return data;
+ }
+}
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/util/VelocityLogAdapter.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/util/VelocityLogAdapter.java
new file mode 100644
index 000000000..caa8f1769
--- /dev/null
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/util/VelocityLogAdapter.java
@@ -0,0 +1,77 @@
+package at.gv.egovernment.moa.id.util;
+
+import org.apache.velocity.app.Velocity;
+import org.apache.velocity.runtime.RuntimeServices;
+import org.apache.velocity.runtime.log.LogChute;
+
+import at.gv.egovernment.moa.logging.Logger;
+
+public class VelocityLogAdapter implements LogChute {
+
+ public VelocityLogAdapter() {
+ try
+ {
+ /*
+ * register this class as a logger with the Velocity singleton
+ * (NOTE: this would not work for the non-singleton method.)
+ */
+ Velocity.setProperty(Velocity.RUNTIME_LOG_LOGSYSTEM, this );
+ Velocity.init();
+ }
+ catch (Exception e)
+ {
+ Logger.error("Failed to register Velocity logger");
+ }
+ }
+
+ public void init(RuntimeServices arg0) throws Exception {
+ }
+
+ public boolean isLevelEnabled(int arg0) {
+ switch(arg0) {
+ case LogChute.DEBUG_ID:
+ return Logger.isDebugEnabled();
+ case LogChute.TRACE_ID:
+ return Logger.isTraceEnabled();
+ default:
+ return true;
+ }
+ }
+
+ public void log(int arg0, String arg1) {
+ switch(arg0) {
+ case LogChute.DEBUG_ID:
+ Logger.debug(arg1);
+ break;
+ case LogChute.TRACE_ID:
+ Logger.trace(arg1);
+ break;
+ case LogChute.INFO_ID:
+ Logger.info(arg1);
+ break;
+ case LogChute.WARN_ID:
+ Logger.warn(arg1);
+ break;
+ case LogChute.ERROR_ID:
+ default:
+ Logger.error(arg1);
+ break;
+ }
+ }
+
+ public void log(int arg0, String arg1, Throwable arg2) {
+ switch(arg0) {
+ case LogChute.DEBUG_ID:
+ case LogChute.TRACE_ID:
+ case LogChute.INFO_ID:
+ case LogChute.WARN_ID:
+ Logger.warn(arg1, arg2);
+ break;
+ case LogChute.ERROR_ID:
+ default:
+ Logger.error(arg1, arg2);
+ break;
+ }
+ }
+
+}
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/util/client/mis/simple/MISMandate.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/util/client/mis/simple/MISMandate.java
index 80f2d744c..979744edb 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/util/client/mis/simple/MISMandate.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/util/client/mis/simple/MISMandate.java
@@ -23,19 +23,23 @@
package at.gv.egovernment.moa.id.util.client.mis.simple;
+
+import java.io.Serializable;
-public class MISMandate {
-
+public class MISMandate implements Serializable{
+
+ private static final long serialVersionUID = 1L;
+
final static private String OID_NOTAR = "1.2.40.0.10.3.1";
- final static private String TEXT_NOTAR = "berufsmäßige(r) Parteienvertreter(in) mit Notariatseigenschaft";
+ final static private String TEXT_NOTAR = "berufsmäßige(r) Parteienvertreter(in) mit Notariatseigenschaft";
final static private String OID_RECHTSANWALT = "1.2.40.0.10.3.2";
- final static private String TEXT_RECHTSANWALT = "berufsmäßige(r) Parteienvertreter(in) mit Rechtsanwaltseigenschaft";
+ final static private String TEXT_RECHTSANWALT = "berufsmäßige(r) Parteienvertreter(in) mit Rechtsanwaltseigenschaft";
final static private String OID_ZIVILTECHNIKER = "1.2.40.0.10.3.3";
- final static private String TEXT_ZIVILTECHNIKER = "berufsmäßige(r) Parteienvertreter(in) mit Ziviltechnikerinneneigenschaft";
+ final static private String TEXT_ZIVILTECHNIKER = "berufsmäßige(r) Parteienvertreter(in) mit Ziviltechnikerinneneigenschaft";
- final static private String OID_ORGANWALTER = "1.2.40.0.10.3.4";
+ final static public String OID_ORGANWALTER = "1.2.40.0.10.3.4";
final static private String TEXT_ORGANWALTER = "Organwalter";
@@ -73,7 +77,7 @@ public class MISMandate {
if (this.oid.equalsIgnoreCase(OID_ORGANWALTER))
return TEXT_ORGANWALTER;
- return "Keine textuelle Beschreibung für OID " + oid;
+ return "Keine textuelle Beschreibung für OID " + oid;
}
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/util/client/mis/simple/MISSimpleClient.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/util/client/mis/simple/MISSimpleClient.java
index ad4e45a2b..8970abc10 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/util/client/mis/simple/MISSimpleClient.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/util/client/mis/simple/MISSimpleClient.java
@@ -109,16 +109,7 @@ public class MISSimpleClient {
ArrayList foundMandates = new ArrayList();
for (int i=0; i<mandateElements.getLength(); i++) {
Element mandate = (Element) mandateElements.item(i);
-
-// try {
-// String s = DOMUtils.serializeNode(mandate);
-// System.out.println("\n\n Mandate: \n" + s);
-// } catch (IOException e) {
-// // TODO Auto-generated catch block
-// e.printStackTrace();
-// }
-
-
+
MISMandate misMandate = new MISMandate();
if (mandate.hasAttribute("ProfessionalRepresentative")) {
// System.out.println("OID: " + mandate.getAttribute("ProfessionalRepresentative"));
@@ -143,7 +134,7 @@ public class MISSimpleClient {
}
}
- public static MISSessionId sendSessionIdRequest(String webServiceURL, byte[] idl, byte[] cert, String oaFriendlyName, String redirectURL, String referenceValue, String mandateIdentifier[], SSLSocketFactory sSLSocketFactory) throws MISSimpleClientException {
+ public static MISSessionId sendSessionIdRequest(String webServiceURL, byte[] idl, byte[] cert, String oaFriendlyName, String redirectURL, String referenceValue, String mandateIdentifier[], String targetType, SSLSocketFactory sSLSocketFactory) throws MISSimpleClientException {
if (webServiceURL == null) {
throw new NullPointerException("Argument webServiceURL must not be null.");
}
@@ -201,7 +192,17 @@ public class MISSimpleClient {
}
filtersElement.appendChild(mandateIdentifiersElement);
mirElement.appendChild(filtersElement);
- }
+ }
+
+ //add Target element
+ Element targetElement = doc.createElementNS(MIS_NS, "Target");
+ Element targetTypeElement = doc.createElementNS(MIS_NS, "Type");
+ targetTypeElement.appendChild(doc.createTextNode(targetType));
+ targetElement.appendChild(targetTypeElement);
+ mirElement.appendChild(targetElement);
+
+
+
// send soap request
Element mandateIssueResponseElement = sendSOAPRequest(webServiceURL, mirElement);
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/util/legacy/LegacyHelper.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/util/legacy/LegacyHelper.java
new file mode 100644
index 000000000..03521cf2f
--- /dev/null
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/util/legacy/LegacyHelper.java
@@ -0,0 +1,33 @@
+package at.gv.egovernment.moa.id.util.legacy;
+
+import javax.servlet.http.HttpServletRequest;
+
+import org.apache.commons.lang.StringEscapeUtils;
+
+import at.gv.egovernment.moa.id.auth.MOAIDAuthConstants;
+import at.gv.egovernment.moa.id.auth.WrongParametersException;
+import at.gv.egovernment.moa.id.util.ParamValidatorUtils;
+
+public class LegacyHelper implements MOAIDAuthConstants{
+
+ public static boolean isUseMandateRequested(HttpServletRequest req) throws WrongParametersException {
+
+ String useMandate = req.getParameter(PARAM_USEMANDATE);
+ useMandate = StringEscapeUtils.escapeHtml(useMandate);
+ if (!ParamValidatorUtils.isValidUseMandate(useMandate))
+ throw new WrongParametersException("StartAuthentication", PARAM_USEMANDATE, "auth.12");
+
+ //check UseMandate flag
+ String useMandateString = null;
+ if ((useMandate != null) && (useMandate.compareTo("") != 0)) {
+ useMandateString = useMandate;
+ } else {
+ useMandateString = "false";
+ }
+
+ if (useMandateString.compareToIgnoreCase("true") == 0)
+ return true;
+ else
+ return false;
+ }
+}