aboutsummaryrefslogtreecommitdiff
path: root/id/server/idserverlib/src/main
diff options
context:
space:
mode:
Diffstat (limited to 'id/server/idserverlib/src/main')
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/e_government/reference/namespace/mandates/_20040701_/Issued.java134
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/e_government/reference/namespace/mandates/_20040701_/Mandate.java346
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/e_government/reference/namespace/mandates/_20040701_/Mandator.java101
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/e_government/reference/namespace/mandates/_20040701_/ObjectFactory.java286
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/e_government/reference/namespace/mandates/_20040701_/ParameterDefinition.java78
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/e_government/reference/namespace/mandates/_20040701_/ParameterisedDescriptionType.java99
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/e_government/reference/namespace/mandates/_20040701_/ParameterisedTextType.java81
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/e_government/reference/namespace/mandates/_20040701_/PasteParameter.java72
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/e_government/reference/namespace/mandates/_20040701_/PropertiesType.java109
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/e_government/reference/namespace/mandates/_20040701_/Representative.java101
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/e_government/reference/namespace/mandates/_20040701_/SetParameter.java103
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/e_government/reference/namespace/mandates/_20040701_/SimpleMandateContentType.java605
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/e_government/reference/namespace/mandates/_20040701_/package-info.java9
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/e_government/reference/namespace/persondata/_20020228_/AbstractAddressType.java144
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/e_government/reference/namespace/persondata/_20020228_/AbstractPersonType.java144
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/e_government/reference/namespace/persondata/_20020228_/CorporateBodyType.java245
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/e_government/reference/namespace/persondata/_20020228_/DefinedAlternativeNameTypeType.java67
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/e_government/reference/namespace/persondata/_20020228_/DefinedRelationType.java79
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/e_government/reference/namespace/persondata/_20020228_/IdentificationType.java318
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/e_government/reference/namespace/persondata/_20020228_/InternetAddressType.java143
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/e_government/reference/namespace/persondata/_20020228_/MaritalStatusType.java64
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/e_government/reference/namespace/persondata/_20020228_/MobileTelcomNumberType.java67
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/e_government/reference/namespace/persondata/_20020228_/ObjectFactory.java420
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/e_government/reference/namespace/persondata/_20020228_/PersonDataType.java247
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/e_government/reference/namespace/persondata/_20020228_/PersonNameType.java620
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/e_government/reference/namespace/persondata/_20020228_/PhysicalPersonType.java550
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/e_government/reference/namespace/persondata/_20020228_/PostalAddressType.java611
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/e_government/reference/namespace/persondata/_20020228_/SexType.java61
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/e_government/reference/namespace/persondata/_20020228_/TelcomNumberListType.java181
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/e_government/reference/namespace/persondata/_20020228_/TelcomNumberType.java209
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/e_government/reference/namespace/persondata/_20020228_/TelephoneAddressType.java147
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/e_government/reference/namespace/persondata/_20020228_/TypedPostalAddressType.java142
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/e_government/reference/namespace/persondata/_20020228_/package-info.java9
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/AuthenticationServer.java2087
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/MOAIDAuthConstants.java26
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/MOAIDAuthInitializer.java47
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/AuthenticationBlockAssertionBuilder.java163
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/AuthenticationDataAssertionBuilder.java9
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/BPKBuilder.java17
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/CreateXMLSignatureRequestBuilder.java32
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/CreateXMLSignatureRequestBuilderForeign.java14
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/DataURLBuilder.java38
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/GetIdentityLinkFormBuilder.java14
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/InfoboxValidatorParamsBuilder.java90
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/LoginConfirmationBuilder.java79
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/LoginFormBuilder.java107
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/RedirectFormBuilder.java43
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/SAMLArtifactBuilder.java2
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/SendAssertionFormBuilder.java98
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/StartAuthenticationBuilder.java56
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/VerifyXMLSignatureRequestBuilder.java30
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/data/AuthenticationSession.java1801
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/data/ExtendedSAMLAttributeImpl.java9
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/data/IdentityLink.java6
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/data/VerifyXMLSignatureResponse.java21
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/parser/IdentityLinkAssertionParser.java2
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/parser/StartAuthentificationParameterParser.java268
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/AuthServlet.java559
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/GenerateIFrameTemplateServlet.java147
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/GetForeignIDServlet.java44
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/GetMISSessionIDServlet.java330
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/LogOutServlet.java144
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/PEPSConnectorServlet.java36
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/ProcessValidatorInputServlet.java228
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/RedirectServlet.java54
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/SSOSendAssertionServlet.java149
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/SelectBKUServlet.java178
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/StartAuthenticationServlet.java224
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/VerifyAuthenticationBlockServlet.java63
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/VerifyCertificateServlet.java47
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/VerifyIdentityLinkServlet.java61
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/validator/CreateXMLSignatureResponseValidator.java247
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/validator/VerifyXMLSignatureResponseValidator.java5
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/validator/parep/ParepInputProcessorImpl.java486
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/validator/parep/ParepUtils.java2
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/validator/parep/ParepValidator.java1104
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/validator/parep/config/ParepConfiguration.java762
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/ConfigurationProvider.java23
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/ConfigurationUtils.java36
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/ConnectionParameter.java175
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/ConnectionParameterForeign.java41
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/ConnectionParameterMOASP.java42
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/ConnectionParameterMandate.java41
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/OAParameter.java133
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/TargetsAndSectorNames.java84
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/auth/AuthConfigurationProvider.java884
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/auth/OAAuthParameter.java632
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/legacy/BuildFromLegacyConfig.java591
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/legacy/CPEPS.java98
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/legacy/ConfigurationBuilder.java (renamed from id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/ConfigurationBuilder.java)85
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/legacy/ConnectionParameter.java130
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/legacy/OAAuthParameter.java501
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/legacy/OAParameter.java164
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/legacy/STORKConfig.java90
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/legacy/SignatureCreationParameter.java112
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/legacy/SignatureVerificationParameter.java35
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/legacy/VerifyInfoboxParameter.java411
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/legacy/VerifyInfoboxParameters.java159
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/proxy/OAProxyParameter.java4
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/proxy/ProxyConfigurationBuilder.java8
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/proxy/ProxyConfigurationProvider.java2
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/stork/STORKConfig.java128
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/stork/SignatureCreationParameter.java65
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/stork/SignatureVerificationParameter.java12
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/data/AuthenticationData.java78
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/entrypoints/DispatcherServlet.java495
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/iaik/config/CertStoreConfigurationImpl.java9
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/moduls/AuthenticationManager.java347
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/moduls/IAction.java16
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/moduls/IModulInfo.java28
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/moduls/IRequest.java17
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/moduls/ModulStorage.java52
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/moduls/ModulUtils.java24
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/moduls/NoPassivAuthenticationException.java16
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/moduls/RequestImpl.java83
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/moduls/RequestStorage.java68
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/moduls/SSOManager.java184
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/moduls/ServletInfo.java31
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/moduls/ServletType.java5
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/AuthenticationAction.java31
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/ExternalPVPSessionStore.java28
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/MetadataAction.java209
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/PVP2XProtocol.java302
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/PVPAssertionStorage.java60
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/PVPConstants.java236
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/PVPProcessor.java12
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/PVPTargetConfiguration.java36
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/binding/ArtifactBinding.java98
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/binding/IDecoder.java21
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/binding/IEncoder.java30
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/binding/MOARequest.java40
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/binding/MOAResponse.java38
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/binding/MOAURICompare.java12
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/binding/PostBinding.java139
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/binding/RedirectBinding.java148
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/binding/SoapBinding.java87
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/CitizenTokenBuilder.java158
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/PVPAttributeBuilder.java98
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/assertion/PVP2AssertionBuilder.java325
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/attributes/BPKAttributeBuilder.java37
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/attributes/BaseAttributeBuilder.java62
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/attributes/BirthdateAttributeBuilder.java45
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/attributes/EIDCitizenQAALevelAttributeBuilder.java27
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/attributes/EIDIssuingNationAttributeBuilder.java60
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/attributes/EIDSectorForIDAttributeBuilder.java27
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/attributes/GivenNameAttributeBuilder.java24
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/attributes/IAttributeBuilder.java15
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/attributes/MandateFullMandateAttributeBuilder.java49
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/attributes/MandateLegalPersonFullNameAttributeBuilder.java51
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/attributes/MandateLegalPersonSourcePinAttributeBuilder.java64
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/attributes/MandateLegalPersonSourcePinTypeAttributeBuilder.java67
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/attributes/MandateNaturalPersonBPKAttributeBuilder.java90
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/attributes/MandateNaturalPersonBirthDateAttributeBuilder.java74
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/attributes/MandateNaturalPersonFamilyNameAttributeBuilder.java61
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/attributes/MandateNaturalPersonGivenNameAttributeBuilder.java60
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/attributes/MandateNaturalPersonSourcePinAttributeBuilder.java65
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/attributes/MandateNaturalPersonSourcePinTypeAttributeBuilder.java65
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/attributes/MandateProfRepDescAttributeBuilder.java48
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/attributes/MandateProfRepOIDAttributeBuilder.java49
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/attributes/MandateReferenceValueAttributeBuilder.java43
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/attributes/MandateTypeAttributeBuilder.java41
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/attributes/PVPVersionAttributeBuilder.java24
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/attributes/PrincipalNameAttributeBuilder.java24
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/config/PVPConfiguration.java339
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/exceptions/BindingNotSupportedException.java19
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/exceptions/InvalidAssertionConsumerServiceException.java17
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/exceptions/InvalidDateFormatException.java17
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/exceptions/MandateAttributesNotHandleAbleException.java17
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/exceptions/NameIDFormatNotSupportedException.java14
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/exceptions/NoAuthContextException.java17
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/exceptions/NoCredentialsException.java21
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/exceptions/NoMandateDataAvailableException.java14
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/exceptions/NoMetadataInformationException.java17
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/exceptions/PVP2EncodingException.java18
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/exceptions/PVP2Exception.java39
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/exceptions/QAANotSupportedException.java18
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/exceptions/RequestDeniedException.java17
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/exceptions/ResponderErrorException.java22
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/exceptions/SAMLRequestNotSignedException.java22
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/exceptions/SAMLRequestNotSupported.java18
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/exceptions/UnprovideableAttributeException.java15
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/metadata/MOAMetadataProvider.java144
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/requestHandler/ArtifactResolution.java56
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/requestHandler/AuthnRequestHandler.java120
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/requestHandler/IRequestHandler.java15
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/requestHandler/RequestManager.java48
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/signer/CredentialProvider.java96
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/signer/CredentialsNotAvailableException.java17
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/signer/SAMLSigner.java5
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/utils/AttributeExtractor.java66
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/utils/CheckMandateAttributes.java47
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/utils/Digester.java26
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/utils/PrettyPrinter.java301
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/utils/SAML2Utils.java82
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/utils/StoredAssertion.java48
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/validation/ChainSAMLValidator.java28
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/validation/ISAMLValidator.java9
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/validation/SAMLSignatureValidator.java42
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/verification/ChainSAMLVerifier.java28
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/verification/EntityVerifier.java160
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/verification/ISAMLVerifier.java9
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/verification/MetadataSignatureFilter.java78
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/verification/SAMLVerificationEngine.java67
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/verification/SAMLVerifierMOASP.java108
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/verification/TrustEngineFactory.java71
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/saml1/GetArtifactAction.java186
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/saml1/GetArtifactServlet.java135
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/saml1/GetAuthenticationDataService.java (renamed from id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/GetAuthenticationDataService.java)67
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/saml1/SAML1AuthenticationServer.java522
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/saml1/SAML1Protocol.java175
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/proxy/DefaultConnectionBuilder.java12
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/proxy/DefaultLoginParameterResolver.java6
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/proxy/ElakConnectionBuilder.java13
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/proxy/EnhancedConnectionBuilder.java13
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/proxy/MOAIDProxyInitializer.java14
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/proxy/XMLLoginParameterResolverEncryptedData.java4
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/proxy/XMLLoginParameterResolverPlainData.java4
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/proxy/invoke/GetAuthenticationDataInvoker.java2
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/proxy/parser/AuthenticationDataAssertionParser.java13
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/proxy/servlet/ProxyServlet.java10
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/storage/AssertionStorage.java156
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/storage/AuthenticationSessionStoreage.java496
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/storage/ExceptionStoreImpl.java36
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/storage/IExceptionStore.java7
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/util/HTTPSessionUtils.java70
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/util/MandateBuilder.java59
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/util/ParamValidatorUtils.java82
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/util/Random.java38
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/util/SSLUtils.java6
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/util/ServletUtils.java15
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/util/SessionEncrytionUtil.java83
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/util/VelocityLogAdapter.java77
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/util/client/mis/simple/MISMandate.java18
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/util/client/mis/simple/MISSimpleClient.java25
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/util/legacy/LegacyHelper.java33
-rw-r--r--id/server/idserverlib/src/main/java/org/w3/_2000/_09/xmldsig_/CanonicalizationMethodType.java109
-rw-r--r--id/server/idserverlib/src/main/java/org/w3/_2000/_09/xmldsig_/DSAKeyValueType.java241
-rw-r--r--id/server/idserverlib/src/main/java/org/w3/_2000/_09/xmldsig_/DigestMethodType.java111
-rw-r--r--id/server/idserverlib/src/main/java/org/w3/_2000/_09/xmldsig_/KeyInfoType.java142
-rw-r--r--id/server/idserverlib/src/main/java/org/w3/_2000/_09/xmldsig_/KeyValueType.java92
-rw-r--r--id/server/idserverlib/src/main/java/org/w3/_2000/_09/xmldsig_/ManifestType.java111
-rw-r--r--id/server/idserverlib/src/main/java/org/w3/_2000/_09/xmldsig_/ObjectFactory.java559
-rw-r--r--id/server/idserverlib/src/main/java/org/w3/_2000/_09/xmldsig_/ObjectType.java171
-rw-r--r--id/server/idserverlib/src/main/java/org/w3/_2000/_09/xmldsig_/PGPDataType.java105
-rw-r--r--id/server/idserverlib/src/main/java/org/w3/_2000/_09/xmldsig_/RSAKeyValueType.java97
-rw-r--r--id/server/idserverlib/src/main/java/org/w3/_2000/_09/xmldsig_/ReferenceType.java216
-rw-r--r--id/server/idserverlib/src/main/java/org/w3/_2000/_09/xmldsig_/RetrievalMethodType.java127
-rw-r--r--id/server/idserverlib/src/main/java/org/w3/_2000/_09/xmldsig_/SPKIDataType.java83
-rw-r--r--id/server/idserverlib/src/main/java/org/w3/_2000/_09/xmldsig_/SignatureMethodType.java115
-rw-r--r--id/server/idserverlib/src/main/java/org/w3/_2000/_09/xmldsig_/SignaturePropertiesType.java111
-rw-r--r--id/server/idserverlib/src/main/java/org/w3/_2000/_09/xmldsig_/SignaturePropertyType.java144
-rw-r--r--id/server/idserverlib/src/main/java/org/w3/_2000/_09/xmldsig_/SignatureType.java195
-rw-r--r--id/server/idserverlib/src/main/java/org/w3/_2000/_09/xmldsig_/SignatureValueType.java101
-rw-r--r--id/server/idserverlib/src/main/java/org/w3/_2000/_09/xmldsig_/SignedInfoType.java167
-rw-r--r--id/server/idserverlib/src/main/java/org/w3/_2000/_09/xmldsig_/TransformType.java116
-rw-r--r--id/server/idserverlib/src/main/java/org/w3/_2000/_09/xmldsig_/TransformsType.java76
-rw-r--r--id/server/idserverlib/src/main/java/org/w3/_2000/_09/xmldsig_/X509DataType.java100
-rw-r--r--id/server/idserverlib/src/main/java/org/w3/_2000/_09/xmldsig_/X509IssuerSerialType.java98
-rw-r--r--id/server/idserverlib/src/main/java/org/w3/_2000/_09/xmldsig_/package-info.java9
-rw-r--r--id/server/idserverlib/src/main/resources/resources/properties/id_messages_de.properties193
-rw-r--r--id/server/idserverlib/src/main/resources/resources/templates/pvp_postbinding_template.html51
-rw-r--r--id/server/idserverlib/src/main/resources/resources/templates/redirectForm.html12
-rw-r--r--id/server/idserverlib/src/main/resources/resources/templates/sendAssertionFormFull.html106
-rw-r--r--id/server/idserverlib/src/main/resources/resources/templates/sendAssertionFormIFrame.html44
264 files changed, 29100 insertions, 5351 deletions
diff --git a/id/server/idserverlib/src/main/java/at/gv/e_government/reference/namespace/mandates/_20040701_/Issued.java b/id/server/idserverlib/src/main/java/at/gv/e_government/reference/namespace/mandates/_20040701_/Issued.java
new file mode 100644
index 000000000..7219ada8f
--- /dev/null
+++ b/id/server/idserverlib/src/main/java/at/gv/e_government/reference/namespace/mandates/_20040701_/Issued.java
@@ -0,0 +1,134 @@
+//
+// This file was generated by the JavaTM Architecture for XML Binding(JAXB) Reference Implementation, vJAXB 2.1.10 in JDK 6
+// See <a href="http://java.sun.com/xml/jaxb">http://java.sun.com/xml/jaxb</a>
+// Any modifications to this file will be lost upon recompilation of the source schema.
+// Generated on: 2013.06.19 at 11:53:10 AM CEST
+//
+
+
+package at.gv.e_government.reference.namespace.mandates._20040701_;
+
+import javax.xml.bind.annotation.XmlAccessType;
+import javax.xml.bind.annotation.XmlAccessorType;
+import javax.xml.bind.annotation.XmlElement;
+import javax.xml.bind.annotation.XmlRootElement;
+import javax.xml.bind.annotation.XmlSchemaType;
+import javax.xml.bind.annotation.XmlType;
+import javax.xml.bind.annotation.adapters.CollapsedStringAdapter;
+import javax.xml.bind.annotation.adapters.XmlJavaTypeAdapter;
+import javax.xml.datatype.XMLGregorianCalendar;
+
+
+/**
+ * <p>Java class for anonymous complex type.
+ *
+ * <p>The following schema fragment specifies the expected content contained within this class.
+ *
+ * <pre>
+ * &lt;complexType>
+ * &lt;complexContent>
+ * &lt;restriction base="{http://www.w3.org/2001/XMLSchema}anyType">
+ * &lt;sequence>
+ * &lt;element name="Place" type="{http://www.w3.org/2001/XMLSchema}token"/>
+ * &lt;element name="Date" type="{http://reference.e-government.gv.at/namespace/mandates/20040701#}DateType"/>
+ * &lt;element name="Time" type="{http://www.w3.org/2001/XMLSchema}time" minOccurs="0"/>
+ * &lt;/sequence>
+ * &lt;/restriction>
+ * &lt;/complexContent>
+ * &lt;/complexType>
+ * </pre>
+ *
+ *
+ */
+@XmlAccessorType(XmlAccessType.FIELD)
+@XmlType(name = "", propOrder = {
+ "place",
+ "date",
+ "time"
+})
+@XmlRootElement(name = "Issued")
+public class Issued {
+
+ @XmlElement(name = "Place", required = true)
+ @XmlJavaTypeAdapter(CollapsedStringAdapter.class)
+ @XmlSchemaType(name = "token")
+ protected String place;
+ @XmlElement(name = "Date", required = true)
+ protected String date;
+ @XmlElement(name = "Time")
+ @XmlSchemaType(name = "time")
+ protected XMLGregorianCalendar time;
+
+ /**
+ * Gets the value of the place property.
+ *
+ * @return
+ * possible object is
+ * {@link String }
+ *
+ */
+ public String getPlace() {
+ return place;
+ }
+
+ /**
+ * Sets the value of the place property.
+ *
+ * @param value
+ * allowed object is
+ * {@link String }
+ *
+ */
+ public void setPlace(String value) {
+ this.place = value;
+ }
+
+ /**
+ * Gets the value of the date property.
+ *
+ * @return
+ * possible object is
+ * {@link String }
+ *
+ */
+ public String getDate() {
+ return date;
+ }
+
+ /**
+ * Sets the value of the date property.
+ *
+ * @param value
+ * allowed object is
+ * {@link String }
+ *
+ */
+ public void setDate(String value) {
+ this.date = value;
+ }
+
+ /**
+ * Gets the value of the time property.
+ *
+ * @return
+ * possible object is
+ * {@link XMLGregorianCalendar }
+ *
+ */
+ public XMLGregorianCalendar getTime() {
+ return time;
+ }
+
+ /**
+ * Sets the value of the time property.
+ *
+ * @param value
+ * allowed object is
+ * {@link XMLGregorianCalendar }
+ *
+ */
+ public void setTime(XMLGregorianCalendar value) {
+ this.time = value;
+ }
+
+}
diff --git a/id/server/idserverlib/src/main/java/at/gv/e_government/reference/namespace/mandates/_20040701_/Mandate.java b/id/server/idserverlib/src/main/java/at/gv/e_government/reference/namespace/mandates/_20040701_/Mandate.java
new file mode 100644
index 000000000..11e0b274e
--- /dev/null
+++ b/id/server/idserverlib/src/main/java/at/gv/e_government/reference/namespace/mandates/_20040701_/Mandate.java
@@ -0,0 +1,346 @@
+//
+// This file was generated by the JavaTM Architecture for XML Binding(JAXB) Reference Implementation, vJAXB 2.1.10 in JDK 6
+// See <a href="http://java.sun.com/xml/jaxb">http://java.sun.com/xml/jaxb</a>
+// Any modifications to this file will be lost upon recompilation of the source schema.
+// Generated on: 2013.06.19 at 11:53:10 AM CEST
+//
+
+
+package at.gv.e_government.reference.namespace.mandates._20040701_;
+
+import java.util.ArrayList;
+import java.util.List;
+import javax.xml.bind.annotation.XmlAccessType;
+import javax.xml.bind.annotation.XmlAccessorType;
+import javax.xml.bind.annotation.XmlAttribute;
+import javax.xml.bind.annotation.XmlElement;
+import javax.xml.bind.annotation.XmlRootElement;
+import javax.xml.bind.annotation.XmlSchemaType;
+import javax.xml.bind.annotation.XmlType;
+import javax.xml.bind.annotation.adapters.CollapsedStringAdapter;
+import javax.xml.bind.annotation.adapters.XmlJavaTypeAdapter;
+import at.gv.e_government.reference.namespace.persondata._20020228_.PhysicalPersonType;
+import org.w3._2000._09.xmldsig_.SignatureType;
+
+
+/**
+ * <p>Java class for anonymous complex type.
+ *
+ * <p>The following schema fragment specifies the expected content contained within this class.
+ *
+ * <pre>
+ * &lt;complexType>
+ * &lt;complexContent>
+ * &lt;restriction base="{http://www.w3.org/2001/XMLSchema}anyType">
+ * &lt;sequence>
+ * &lt;element ref="{http://reference.e-government.gv.at/namespace/mandates/20040701#}Annotation" minOccurs="0"/>
+ * &lt;element ref="{http://reference.e-government.gv.at/namespace/mandates/20040701#}StatusInformationService" minOccurs="0"/>
+ * &lt;element ref="{http://reference.e-government.gv.at/namespace/mandates/20040701#}Representative"/>
+ * &lt;element ref="{http://reference.e-government.gv.at/namespace/mandates/20040701#}Mandator"/>
+ * &lt;element ref="{http://reference.e-government.gv.at/namespace/mandates/20040701#}Intermediary" maxOccurs="unbounded" minOccurs="0"/>
+ * &lt;element ref="{http://reference.e-government.gv.at/namespace/mandates/20040701#}Issued"/>
+ * &lt;element ref="{http://reference.e-government.gv.at/namespace/mandates/20040701#}Properties" minOccurs="0"/>
+ * &lt;choice maxOccurs="unbounded">
+ * &lt;element ref="{http://reference.e-government.gv.at/namespace/mandates/20040701#}SimpleMandateContent"/>
+ * &lt;/choice>
+ * &lt;element ref="{http://www.w3.org/2000/09/xmldsig#}Signature"/>
+ * &lt;/sequence>
+ * &lt;attribute name="MandateID" use="required" type="{http://www.w3.org/2001/XMLSchema}token" />
+ * &lt;/restriction>
+ * &lt;/complexContent>
+ * &lt;/complexType>
+ * </pre>
+ *
+ *
+ */
+@XmlAccessorType(XmlAccessType.FIELD)
+@XmlType(name = "", propOrder = {
+ "annotation",
+ "statusInformationService",
+ "representative",
+ "mandator",
+ "intermediary",
+ "issued",
+ "properties",
+ "simpleMandateContent",
+ "signature"
+})
+@XmlRootElement(name = "Mandate")
+public class Mandate {
+
+ @XmlElement(name = "Annotation")
+ @XmlJavaTypeAdapter(CollapsedStringAdapter.class)
+ protected String annotation;
+ @XmlElement(name = "StatusInformationService")
+ @XmlSchemaType(name = "anyURI")
+ protected String statusInformationService;
+ @XmlElement(name = "Representative", required = true)
+ protected Representative representative;
+ @XmlElement(name = "Mandator", required = true)
+ protected Mandator mandator;
+ @XmlElement(name = "Intermediary")
+ protected List<PhysicalPersonType> intermediary;
+ @XmlElement(name = "Issued", required = true)
+ protected Issued issued;
+ @XmlElement(name = "Properties")
+ protected PropertiesType properties;
+ @XmlElement(name = "SimpleMandateContent")
+ protected List<SimpleMandateContentType> simpleMandateContent;
+ @XmlElement(name = "Signature", namespace = "http://www.w3.org/2000/09/xmldsig#", required = true)
+ protected SignatureType signature;
+ @XmlAttribute(name = "MandateID", required = true)
+ @XmlJavaTypeAdapter(CollapsedStringAdapter.class)
+ @XmlSchemaType(name = "token")
+ protected String mandateID;
+
+ /**
+ * Gets the value of the annotation property.
+ *
+ * @return
+ * possible object is
+ * {@link String }
+ *
+ */
+ public String getAnnotation() {
+ return annotation;
+ }
+
+ /**
+ * Sets the value of the annotation property.
+ *
+ * @param value
+ * allowed object is
+ * {@link String }
+ *
+ */
+ public void setAnnotation(String value) {
+ this.annotation = value;
+ }
+
+ /**
+ * Gets the value of the statusInformationService property.
+ *
+ * @return
+ * possible object is
+ * {@link String }
+ *
+ */
+ public String getStatusInformationService() {
+ return statusInformationService;
+ }
+
+ /**
+ * Sets the value of the statusInformationService property.
+ *
+ * @param value
+ * allowed object is
+ * {@link String }
+ *
+ */
+ public void setStatusInformationService(String value) {
+ this.statusInformationService = value;
+ }
+
+ /**
+ * Gets the value of the representative property.
+ *
+ * @return
+ * possible object is
+ * {@link Representative }
+ *
+ */
+ public Representative getRepresentative() {
+ return representative;
+ }
+
+ /**
+ * Sets the value of the representative property.
+ *
+ * @param value
+ * allowed object is
+ * {@link Representative }
+ *
+ */
+ public void setRepresentative(Representative value) {
+ this.representative = value;
+ }
+
+ /**
+ * Gets the value of the mandator property.
+ *
+ * @return
+ * possible object is
+ * {@link Mandator }
+ *
+ */
+ public Mandator getMandator() {
+ return mandator;
+ }
+
+ /**
+ * Sets the value of the mandator property.
+ *
+ * @param value
+ * allowed object is
+ * {@link Mandator }
+ *
+ */
+ public void setMandator(Mandator value) {
+ this.mandator = value;
+ }
+
+ /**
+ * Gets the value of the intermediary property.
+ *
+ * <p>
+ * This accessor method returns a reference to the live list,
+ * not a snapshot. Therefore any modification you make to the
+ * returned list will be present inside the JAXB object.
+ * This is why there is not a <CODE>set</CODE> method for the intermediary property.
+ *
+ * <p>
+ * For example, to add a new item, do as follows:
+ * <pre>
+ * getIntermediary().add(newItem);
+ * </pre>
+ *
+ *
+ * <p>
+ * Objects of the following type(s) are allowed in the list
+ * {@link PhysicalPersonType }
+ *
+ *
+ */
+ public List<PhysicalPersonType> getIntermediary() {
+ if (intermediary == null) {
+ intermediary = new ArrayList<PhysicalPersonType>();
+ }
+ return this.intermediary;
+ }
+
+ /**
+ * Gets the value of the issued property.
+ *
+ * @return
+ * possible object is
+ * {@link Issued }
+ *
+ */
+ public Issued getIssued() {
+ return issued;
+ }
+
+ /**
+ * Sets the value of the issued property.
+ *
+ * @param value
+ * allowed object is
+ * {@link Issued }
+ *
+ */
+ public void setIssued(Issued value) {
+ this.issued = value;
+ }
+
+ /**
+ * Gets the value of the properties property.
+ *
+ * @return
+ * possible object is
+ * {@link PropertiesType }
+ *
+ */
+ public PropertiesType getProperties() {
+ return properties;
+ }
+
+ /**
+ * Sets the value of the properties property.
+ *
+ * @param value
+ * allowed object is
+ * {@link PropertiesType }
+ *
+ */
+ public void setProperties(PropertiesType value) {
+ this.properties = value;
+ }
+
+ /**
+ * Gets the value of the simpleMandateContent property.
+ *
+ * <p>
+ * This accessor method returns a reference to the live list,
+ * not a snapshot. Therefore any modification you make to the
+ * returned list will be present inside the JAXB object.
+ * This is why there is not a <CODE>set</CODE> method for the simpleMandateContent property.
+ *
+ * <p>
+ * For example, to add a new item, do as follows:
+ * <pre>
+ * getSimpleMandateContent().add(newItem);
+ * </pre>
+ *
+ *
+ * <p>
+ * Objects of the following type(s) are allowed in the list
+ * {@link SimpleMandateContentType }
+ *
+ *
+ */
+ public List<SimpleMandateContentType> getSimpleMandateContent() {
+ if (simpleMandateContent == null) {
+ simpleMandateContent = new ArrayList<SimpleMandateContentType>();
+ }
+ return this.simpleMandateContent;
+ }
+
+ /**
+ * Gets the value of the signature property.
+ *
+ * @return
+ * possible object is
+ * {@link SignatureType }
+ *
+ */
+ public SignatureType getSignature() {
+ return signature;
+ }
+
+ /**
+ * Sets the value of the signature property.
+ *
+ * @param value
+ * allowed object is
+ * {@link SignatureType }
+ *
+ */
+ public void setSignature(SignatureType value) {
+ this.signature = value;
+ }
+
+ /**
+ * Gets the value of the mandateID property.
+ *
+ * @return
+ * possible object is
+ * {@link String }
+ *
+ */
+ public String getMandateID() {
+ return mandateID;
+ }
+
+ /**
+ * Sets the value of the mandateID property.
+ *
+ * @param value
+ * allowed object is
+ * {@link String }
+ *
+ */
+ public void setMandateID(String value) {
+ this.mandateID = value;
+ }
+
+}
diff --git a/id/server/idserverlib/src/main/java/at/gv/e_government/reference/namespace/mandates/_20040701_/Mandator.java b/id/server/idserverlib/src/main/java/at/gv/e_government/reference/namespace/mandates/_20040701_/Mandator.java
new file mode 100644
index 000000000..0fb50c06a
--- /dev/null
+++ b/id/server/idserverlib/src/main/java/at/gv/e_government/reference/namespace/mandates/_20040701_/Mandator.java
@@ -0,0 +1,101 @@
+//
+// This file was generated by the JavaTM Architecture for XML Binding(JAXB) Reference Implementation, vJAXB 2.1.10 in JDK 6
+// See <a href="http://java.sun.com/xml/jaxb">http://java.sun.com/xml/jaxb</a>
+// Any modifications to this file will be lost upon recompilation of the source schema.
+// Generated on: 2013.06.19 at 11:53:10 AM CEST
+//
+
+
+package at.gv.e_government.reference.namespace.mandates._20040701_;
+
+import javax.xml.bind.annotation.XmlAccessType;
+import javax.xml.bind.annotation.XmlAccessorType;
+import javax.xml.bind.annotation.XmlElement;
+import javax.xml.bind.annotation.XmlRootElement;
+import javax.xml.bind.annotation.XmlType;
+import at.gv.e_government.reference.namespace.persondata._20020228_.CorporateBodyType;
+import at.gv.e_government.reference.namespace.persondata._20020228_.PhysicalPersonType;
+
+
+/**
+ * <p>Java class for anonymous complex type.
+ *
+ * <p>The following schema fragment specifies the expected content contained within this class.
+ *
+ * <pre>
+ * &lt;complexType>
+ * &lt;complexContent>
+ * &lt;restriction base="{http://www.w3.org/2001/XMLSchema}anyType">
+ * &lt;choice>
+ * &lt;element ref="{http://reference.e-government.gv.at/namespace/persondata/20020228#}PhysicalPerson"/>
+ * &lt;element ref="{http://reference.e-government.gv.at/namespace/persondata/20020228#}CorporateBody"/>
+ * &lt;/choice>
+ * &lt;/restriction>
+ * &lt;/complexContent>
+ * &lt;/complexType>
+ * </pre>
+ *
+ *
+ */
+@XmlAccessorType(XmlAccessType.FIELD)
+@XmlType(name = "", propOrder = {
+ "physicalPerson",
+ "corporateBody"
+})
+@XmlRootElement(name = "Mandator")
+public class Mandator {
+
+ @XmlElement(name = "PhysicalPerson", namespace = "http://reference.e-government.gv.at/namespace/persondata/20020228#")
+ protected PhysicalPersonType physicalPerson;
+ @XmlElement(name = "CorporateBody", namespace = "http://reference.e-government.gv.at/namespace/persondata/20020228#")
+ protected CorporateBodyType corporateBody;
+
+ /**
+ * Gets the value of the physicalPerson property.
+ *
+ * @return
+ * possible object is
+ * {@link PhysicalPersonType }
+ *
+ */
+ public PhysicalPersonType getPhysicalPerson() {
+ return physicalPerson;
+ }
+
+ /**
+ * Sets the value of the physicalPerson property.
+ *
+ * @param value
+ * allowed object is
+ * {@link PhysicalPersonType }
+ *
+ */
+ public void setPhysicalPerson(PhysicalPersonType value) {
+ this.physicalPerson = value;
+ }
+
+ /**
+ * Gets the value of the corporateBody property.
+ *
+ * @return
+ * possible object is
+ * {@link CorporateBodyType }
+ *
+ */
+ public CorporateBodyType getCorporateBody() {
+ return corporateBody;
+ }
+
+ /**
+ * Sets the value of the corporateBody property.
+ *
+ * @param value
+ * allowed object is
+ * {@link CorporateBodyType }
+ *
+ */
+ public void setCorporateBody(CorporateBodyType value) {
+ this.corporateBody = value;
+ }
+
+}
diff --git a/id/server/idserverlib/src/main/java/at/gv/e_government/reference/namespace/mandates/_20040701_/ObjectFactory.java b/id/server/idserverlib/src/main/java/at/gv/e_government/reference/namespace/mandates/_20040701_/ObjectFactory.java
new file mode 100644
index 000000000..19e9eba0b
--- /dev/null
+++ b/id/server/idserverlib/src/main/java/at/gv/e_government/reference/namespace/mandates/_20040701_/ObjectFactory.java
@@ -0,0 +1,286 @@
+//
+// This file was generated by the JavaTM Architecture for XML Binding(JAXB) Reference Implementation, vJAXB 2.1.10 in JDK 6
+// See <a href="http://java.sun.com/xml/jaxb">http://java.sun.com/xml/jaxb</a>
+// Any modifications to this file will be lost upon recompilation of the source schema.
+// Generated on: 2013.06.19 at 11:53:10 AM CEST
+//
+
+
+package at.gv.e_government.reference.namespace.mandates._20040701_;
+
+import javax.xml.bind.JAXBElement;
+import javax.xml.bind.annotation.XmlElementDecl;
+import javax.xml.bind.annotation.XmlRegistry;
+import javax.xml.bind.annotation.adapters.CollapsedStringAdapter;
+import javax.xml.bind.annotation.adapters.XmlJavaTypeAdapter;
+import javax.xml.namespace.QName;
+import at.gv.e_government.reference.namespace.persondata._20020228_.PhysicalPersonType;
+
+
+/**
+ * This object contains factory methods for each
+ * Java content interface and Java element interface
+ * generated in the at.gv.e_government.reference.namespace.mandates._20040701_ package.
+ * <p>An ObjectFactory allows you to programatically
+ * construct new instances of the Java representation
+ * for XML content. The Java representation of XML
+ * content can consist of schema derived interfaces
+ * and classes representing the binding of schema
+ * type definitions, element declarations and model
+ * groups. Factory methods for each of these are
+ * provided in this class.
+ *
+ */
+@XmlRegistry
+public class ObjectFactory {
+
+ private final static QName _Intermediary_QNAME = new QName("http://reference.e-government.gv.at/namespace/mandates/20040701#", "Intermediary");
+ private final static QName _ParameterisedDescription_QNAME = new QName("http://reference.e-government.gv.at/namespace/mandates/20040701#", "ParameterisedDescription");
+ private final static QName _ParameterisedText_QNAME = new QName("http://reference.e-government.gv.at/namespace/mandates/20040701#", "ParameterisedText");
+ private final static QName _TextualDescription_QNAME = new QName("http://reference.e-government.gv.at/namespace/mandates/20040701#", "TextualDescription");
+ private final static QName _Annotation_QNAME = new QName("http://reference.e-government.gv.at/namespace/mandates/20040701#", "Annotation");
+ private final static QName _AnyConstraints_QNAME = new QName("http://reference.e-government.gv.at/namespace/mandates/20040701#", "AnyConstraints");
+ private final static QName _ValidFrom_QNAME = new QName("http://reference.e-government.gv.at/namespace/mandates/20040701#", "ValidFrom");
+ private final static QName _SimpleMandateContent_QNAME = new QName("http://reference.e-government.gv.at/namespace/mandates/20040701#", "SimpleMandateContent");
+ private final static QName _StatusInformationService_QNAME = new QName("http://reference.e-government.gv.at/namespace/mandates/20040701#", "StatusInformationService");
+ private final static QName _Properties_QNAME = new QName("http://reference.e-government.gv.at/namespace/mandates/20040701#", "Properties");
+ private final static QName _ValidTo_QNAME = new QName("http://reference.e-government.gv.at/namespace/mandates/20040701#", "ValidTo");
+
+ /**
+ * Create a new ObjectFactory that can be used to create new instances of schema derived classes for package: at.gv.e_government.reference.namespace.mandates._20040701_
+ *
+ */
+ public ObjectFactory() {
+ }
+
+ /**
+ * Create an instance of {@link SimpleMandateContentType }
+ *
+ */
+ public SimpleMandateContentType createSimpleMandateContentType() {
+ return new SimpleMandateContentType();
+ }
+
+ /**
+ * Create an instance of {@link Issued }
+ *
+ */
+ public Issued createIssued() {
+ return new Issued();
+ }
+
+ /**
+ * Create an instance of {@link ParameterisedTextType }
+ *
+ */
+ public ParameterisedTextType createParameterisedTextType() {
+ return new ParameterisedTextType();
+ }
+
+ /**
+ * Create an instance of {@link SimpleMandateContentType.CollectiveConstraint }
+ *
+ */
+ public SimpleMandateContentType.CollectiveConstraint createSimpleMandateContentTypeCollectiveConstraint() {
+ return new SimpleMandateContentType.CollectiveConstraint();
+ }
+
+ /**
+ * Create an instance of {@link SetParameter }
+ *
+ */
+ public SetParameter createSetParameter() {
+ return new SetParameter();
+ }
+
+ /**
+ * Create an instance of {@link PasteParameter }
+ *
+ */
+ public PasteParameter createPasteParameter() {
+ return new PasteParameter();
+ }
+
+ /**
+ * Create an instance of {@link SimpleMandateContentType.TimeConstraint }
+ *
+ */
+ public SimpleMandateContentType.TimeConstraint createSimpleMandateContentTypeTimeConstraint() {
+ return new SimpleMandateContentType.TimeConstraint();
+ }
+
+ /**
+ * Create an instance of {@link Representative }
+ *
+ */
+ public Representative createRepresentative() {
+ return new Representative();
+ }
+
+ /**
+ * Create an instance of {@link ParameterDefinition }
+ *
+ */
+ public ParameterDefinition createParameterDefinition() {
+ return new ParameterDefinition();
+ }
+
+ /**
+ * Create an instance of {@link SimpleMandateContentType.References.MandateID }
+ *
+ */
+ public SimpleMandateContentType.References.MandateID createSimpleMandateContentTypeReferencesMandateID() {
+ return new SimpleMandateContentType.References.MandateID();
+ }
+
+ /**
+ * Create an instance of {@link Mandate }
+ *
+ */
+ public Mandate createMandate() {
+ return new Mandate();
+ }
+
+ /**
+ * Create an instance of {@link PropertiesType }
+ *
+ */
+ public PropertiesType createPropertiesType() {
+ return new PropertiesType();
+ }
+
+ /**
+ * Create an instance of {@link SimpleMandateContentType.TransactionLimit }
+ *
+ */
+ public SimpleMandateContentType.TransactionLimit createSimpleMandateContentTypeTransactionLimit() {
+ return new SimpleMandateContentType.TransactionLimit();
+ }
+
+ /**
+ * Create an instance of {@link ParameterisedDescriptionType }
+ *
+ */
+ public ParameterisedDescriptionType createParameterisedDescriptionType() {
+ return new ParameterisedDescriptionType();
+ }
+
+ /**
+ * Create an instance of {@link Mandator }
+ *
+ */
+ public Mandator createMandator() {
+ return new Mandator();
+ }
+
+ /**
+ * Create an instance of {@link SimpleMandateContentType.References }
+ *
+ */
+ public SimpleMandateContentType.References createSimpleMandateContentTypeReferences() {
+ return new SimpleMandateContentType.References();
+ }
+
+ /**
+ * Create an instance of {@link JAXBElement }{@code <}{@link PhysicalPersonType }{@code >}}
+ *
+ */
+ @XmlElementDecl(namespace = "http://reference.e-government.gv.at/namespace/mandates/20040701#", name = "Intermediary")
+ public JAXBElement<PhysicalPersonType> createIntermediary(PhysicalPersonType value) {
+ return new JAXBElement<PhysicalPersonType>(_Intermediary_QNAME, PhysicalPersonType.class, null, value);
+ }
+
+ /**
+ * Create an instance of {@link JAXBElement }{@code <}{@link ParameterisedDescriptionType }{@code >}}
+ *
+ */
+ @XmlElementDecl(namespace = "http://reference.e-government.gv.at/namespace/mandates/20040701#", name = "ParameterisedDescription")
+ public JAXBElement<ParameterisedDescriptionType> createParameterisedDescription(ParameterisedDescriptionType value) {
+ return new JAXBElement<ParameterisedDescriptionType>(_ParameterisedDescription_QNAME, ParameterisedDescriptionType.class, null, value);
+ }
+
+ /**
+ * Create an instance of {@link JAXBElement }{@code <}{@link ParameterisedTextType }{@code >}}
+ *
+ */
+ @XmlElementDecl(namespace = "http://reference.e-government.gv.at/namespace/mandates/20040701#", name = "ParameterisedText")
+ public JAXBElement<ParameterisedTextType> createParameterisedText(ParameterisedTextType value) {
+ return new JAXBElement<ParameterisedTextType>(_ParameterisedText_QNAME, ParameterisedTextType.class, null, value);
+ }
+
+ /**
+ * Create an instance of {@link JAXBElement }{@code <}{@link String }{@code >}}
+ *
+ */
+ @XmlElementDecl(namespace = "http://reference.e-government.gv.at/namespace/mandates/20040701#", name = "TextualDescription")
+ @XmlJavaTypeAdapter(CollapsedStringAdapter.class)
+ public JAXBElement<String> createTextualDescription(String value) {
+ return new JAXBElement<String>(_TextualDescription_QNAME, String.class, null, value);
+ }
+
+ /**
+ * Create an instance of {@link JAXBElement }{@code <}{@link String }{@code >}}
+ *
+ */
+ @XmlElementDecl(namespace = "http://reference.e-government.gv.at/namespace/mandates/20040701#", name = "Annotation")
+ @XmlJavaTypeAdapter(CollapsedStringAdapter.class)
+ public JAXBElement<String> createAnnotation(String value) {
+ return new JAXBElement<String>(_Annotation_QNAME, String.class, null, value);
+ }
+
+ /**
+ * Create an instance of {@link JAXBElement }{@code <}{@link String }{@code >}}
+ *
+ */
+ @XmlElementDecl(namespace = "http://reference.e-government.gv.at/namespace/mandates/20040701#", name = "AnyConstraints")
+ @XmlJavaTypeAdapter(CollapsedStringAdapter.class)
+ public JAXBElement<String> createAnyConstraints(String value) {
+ return new JAXBElement<String>(_AnyConstraints_QNAME, String.class, null, value);
+ }
+
+ /**
+ * Create an instance of {@link JAXBElement }{@code <}{@link String }{@code >}}
+ *
+ */
+ @XmlElementDecl(namespace = "http://reference.e-government.gv.at/namespace/mandates/20040701#", name = "ValidFrom")
+ public JAXBElement<String> createValidFrom(String value) {
+ return new JAXBElement<String>(_ValidFrom_QNAME, String.class, null, value);
+ }
+
+ /**
+ * Create an instance of {@link JAXBElement }{@code <}{@link SimpleMandateContentType }{@code >}}
+ *
+ */
+ @XmlElementDecl(namespace = "http://reference.e-government.gv.at/namespace/mandates/20040701#", name = "SimpleMandateContent")
+ public JAXBElement<SimpleMandateContentType> createSimpleMandateContent(SimpleMandateContentType value) {
+ return new JAXBElement<SimpleMandateContentType>(_SimpleMandateContent_QNAME, SimpleMandateContentType.class, null, value);
+ }
+
+ /**
+ * Create an instance of {@link JAXBElement }{@code <}{@link String }{@code >}}
+ *
+ */
+ @XmlElementDecl(namespace = "http://reference.e-government.gv.at/namespace/mandates/20040701#", name = "StatusInformationService")
+ public JAXBElement<String> createStatusInformationService(String value) {
+ return new JAXBElement<String>(_StatusInformationService_QNAME, String.class, null, value);
+ }
+
+ /**
+ * Create an instance of {@link JAXBElement }{@code <}{@link PropertiesType }{@code >}}
+ *
+ */
+ @XmlElementDecl(namespace = "http://reference.e-government.gv.at/namespace/mandates/20040701#", name = "Properties")
+ public JAXBElement<PropertiesType> createProperties(PropertiesType value) {
+ return new JAXBElement<PropertiesType>(_Properties_QNAME, PropertiesType.class, null, value);
+ }
+
+ /**
+ * Create an instance of {@link JAXBElement }{@code <}{@link String }{@code >}}
+ *
+ */
+ @XmlElementDecl(namespace = "http://reference.e-government.gv.at/namespace/mandates/20040701#", name = "ValidTo")
+ public JAXBElement<String> createValidTo(String value) {
+ return new JAXBElement<String>(_ValidTo_QNAME, String.class, null, value);
+ }
+
+}
diff --git a/id/server/idserverlib/src/main/java/at/gv/e_government/reference/namespace/mandates/_20040701_/ParameterDefinition.java b/id/server/idserverlib/src/main/java/at/gv/e_government/reference/namespace/mandates/_20040701_/ParameterDefinition.java
new file mode 100644
index 000000000..703d48005
--- /dev/null
+++ b/id/server/idserverlib/src/main/java/at/gv/e_government/reference/namespace/mandates/_20040701_/ParameterDefinition.java
@@ -0,0 +1,78 @@
+//
+// This file was generated by the JavaTM Architecture for XML Binding(JAXB) Reference Implementation, vJAXB 2.1.10 in JDK 6
+// See <a href="http://java.sun.com/xml/jaxb">http://java.sun.com/xml/jaxb</a>
+// Any modifications to this file will be lost upon recompilation of the source schema.
+// Generated on: 2013.06.19 at 11:53:10 AM CEST
+//
+
+
+package at.gv.e_government.reference.namespace.mandates._20040701_;
+
+import java.util.ArrayList;
+import java.util.List;
+import javax.xml.bind.annotation.XmlAccessType;
+import javax.xml.bind.annotation.XmlAccessorType;
+import javax.xml.bind.annotation.XmlElement;
+import javax.xml.bind.annotation.XmlRootElement;
+import javax.xml.bind.annotation.XmlType;
+
+
+/**
+ * <p>Java class for anonymous complex type.
+ *
+ * <p>The following schema fragment specifies the expected content contained within this class.
+ *
+ * <pre>
+ * &lt;complexType>
+ * &lt;complexContent>
+ * &lt;restriction base="{http://www.w3.org/2001/XMLSchema}anyType">
+ * &lt;sequence maxOccurs="unbounded" minOccurs="0">
+ * &lt;element ref="{http://reference.e-government.gv.at/namespace/mandates/20040701#}SetParameter"/>
+ * &lt;/sequence>
+ * &lt;/restriction>
+ * &lt;/complexContent>
+ * &lt;/complexType>
+ * </pre>
+ *
+ *
+ */
+@XmlAccessorType(XmlAccessType.FIELD)
+@XmlType(name = "", propOrder = {
+ "setParameter"
+})
+@XmlRootElement(name = "ParameterDefinition")
+public class ParameterDefinition {
+
+ @XmlElement(name = "SetParameter")
+ protected List<SetParameter> setParameter;
+
+ /**
+ * Gets the value of the setParameter property.
+ *
+ * <p>
+ * This accessor method returns a reference to the live list,
+ * not a snapshot. Therefore any modification you make to the
+ * returned list will be present inside the JAXB object.
+ * This is why there is not a <CODE>set</CODE> method for the setParameter property.
+ *
+ * <p>
+ * For example, to add a new item, do as follows:
+ * <pre>
+ * getSetParameter().add(newItem);
+ * </pre>
+ *
+ *
+ * <p>
+ * Objects of the following type(s) are allowed in the list
+ * {@link SetParameter }
+ *
+ *
+ */
+ public List<SetParameter> getSetParameter() {
+ if (setParameter == null) {
+ setParameter = new ArrayList<SetParameter>();
+ }
+ return this.setParameter;
+ }
+
+}
diff --git a/id/server/idserverlib/src/main/java/at/gv/e_government/reference/namespace/mandates/_20040701_/ParameterisedDescriptionType.java b/id/server/idserverlib/src/main/java/at/gv/e_government/reference/namespace/mandates/_20040701_/ParameterisedDescriptionType.java
new file mode 100644
index 000000000..e064e5379
--- /dev/null
+++ b/id/server/idserverlib/src/main/java/at/gv/e_government/reference/namespace/mandates/_20040701_/ParameterisedDescriptionType.java
@@ -0,0 +1,99 @@
+//
+// This file was generated by the JavaTM Architecture for XML Binding(JAXB) Reference Implementation, vJAXB 2.1.10 in JDK 6
+// See <a href="http://java.sun.com/xml/jaxb">http://java.sun.com/xml/jaxb</a>
+// Any modifications to this file will be lost upon recompilation of the source schema.
+// Generated on: 2013.06.19 at 11:53:10 AM CEST
+//
+
+
+package at.gv.e_government.reference.namespace.mandates._20040701_;
+
+import javax.xml.bind.annotation.XmlAccessType;
+import javax.xml.bind.annotation.XmlAccessorType;
+import javax.xml.bind.annotation.XmlElement;
+import javax.xml.bind.annotation.XmlType;
+
+
+/**
+ * complex type for a parameterised description
+ *
+ * <p>Java class for ParameterisedDescriptionType complex type.
+ *
+ * <p>The following schema fragment specifies the expected content contained within this class.
+ *
+ * <pre>
+ * &lt;complexType name="ParameterisedDescriptionType">
+ * &lt;complexContent>
+ * &lt;restriction base="{http://www.w3.org/2001/XMLSchema}anyType">
+ * &lt;sequence>
+ * &lt;element ref="{http://reference.e-government.gv.at/namespace/mandates/20040701#}ParameterisedText"/>
+ * &lt;element ref="{http://reference.e-government.gv.at/namespace/mandates/20040701#}ParameterDefinition"/>
+ * &lt;/sequence>
+ * &lt;/restriction>
+ * &lt;/complexContent>
+ * &lt;/complexType>
+ * </pre>
+ *
+ *
+ */
+@XmlAccessorType(XmlAccessType.FIELD)
+@XmlType(name = "ParameterisedDescriptionType", propOrder = {
+ "parameterisedText",
+ "parameterDefinition"
+})
+public class ParameterisedDescriptionType {
+
+ @XmlElement(name = "ParameterisedText", required = true)
+ protected ParameterisedTextType parameterisedText;
+ @XmlElement(name = "ParameterDefinition", required = true)
+ protected ParameterDefinition parameterDefinition;
+
+ /**
+ * Gets the value of the parameterisedText property.
+ *
+ * @return
+ * possible object is
+ * {@link ParameterisedTextType }
+ *
+ */
+ public ParameterisedTextType getParameterisedText() {
+ return parameterisedText;
+ }
+
+ /**
+ * Sets the value of the parameterisedText property.
+ *
+ * @param value
+ * allowed object is
+ * {@link ParameterisedTextType }
+ *
+ */
+ public void setParameterisedText(ParameterisedTextType value) {
+ this.parameterisedText = value;
+ }
+
+ /**
+ * Gets the value of the parameterDefinition property.
+ *
+ * @return
+ * possible object is
+ * {@link ParameterDefinition }
+ *
+ */
+ public ParameterDefinition getParameterDefinition() {
+ return parameterDefinition;
+ }
+
+ /**
+ * Sets the value of the parameterDefinition property.
+ *
+ * @param value
+ * allowed object is
+ * {@link ParameterDefinition }
+ *
+ */
+ public void setParameterDefinition(ParameterDefinition value) {
+ this.parameterDefinition = value;
+ }
+
+}
diff --git a/id/server/idserverlib/src/main/java/at/gv/e_government/reference/namespace/mandates/_20040701_/ParameterisedTextType.java b/id/server/idserverlib/src/main/java/at/gv/e_government/reference/namespace/mandates/_20040701_/ParameterisedTextType.java
new file mode 100644
index 000000000..7d086cf67
--- /dev/null
+++ b/id/server/idserverlib/src/main/java/at/gv/e_government/reference/namespace/mandates/_20040701_/ParameterisedTextType.java
@@ -0,0 +1,81 @@
+//
+// This file was generated by the JavaTM Architecture for XML Binding(JAXB) Reference Implementation, vJAXB 2.1.10 in JDK 6
+// See <a href="http://java.sun.com/xml/jaxb">http://java.sun.com/xml/jaxb</a>
+// Any modifications to this file will be lost upon recompilation of the source schema.
+// Generated on: 2013.06.19 at 11:53:10 AM CEST
+//
+
+
+package at.gv.e_government.reference.namespace.mandates._20040701_;
+
+import java.util.ArrayList;
+import java.util.List;
+import javax.xml.bind.annotation.XmlAccessType;
+import javax.xml.bind.annotation.XmlAccessorType;
+import javax.xml.bind.annotation.XmlElementRef;
+import javax.xml.bind.annotation.XmlMixed;
+import javax.xml.bind.annotation.XmlType;
+
+
+/**
+ * complex type for describing a parameterised text
+ *
+ * <p>Java class for ParameterisedTextType complex type.
+ *
+ * <p>The following schema fragment specifies the expected content contained within this class.
+ *
+ * <pre>
+ * &lt;complexType name="ParameterisedTextType">
+ * &lt;complexContent>
+ * &lt;restriction base="{http://www.w3.org/2001/XMLSchema}anyType">
+ * &lt;sequence maxOccurs="unbounded" minOccurs="0">
+ * &lt;element ref="{http://reference.e-government.gv.at/namespace/mandates/20040701#}PasteParameter"/>
+ * &lt;/sequence>
+ * &lt;/restriction>
+ * &lt;/complexContent>
+ * &lt;/complexType>
+ * </pre>
+ *
+ *
+ */
+@XmlAccessorType(XmlAccessType.FIELD)
+@XmlType(name = "ParameterisedTextType", propOrder = {
+ "content"
+})
+public class ParameterisedTextType {
+
+ @XmlElementRef(name = "PasteParameter", namespace = "http://reference.e-government.gv.at/namespace/mandates/20040701#", type = PasteParameter.class)
+ @XmlMixed
+ protected List<Object> content;
+
+ /**
+ * complex type for describing a parameterised text Gets the value of the content property.
+ *
+ * <p>
+ * This accessor method returns a reference to the live list,
+ * not a snapshot. Therefore any modification you make to the
+ * returned list will be present inside the JAXB object.
+ * This is why there is not a <CODE>set</CODE> method for the content property.
+ *
+ * <p>
+ * For example, to add a new item, do as follows:
+ * <pre>
+ * getContent().add(newItem);
+ * </pre>
+ *
+ *
+ * <p>
+ * Objects of the following type(s) are allowed in the list
+ * {@link String }
+ * {@link PasteParameter }
+ *
+ *
+ */
+ public List<Object> getContent() {
+ if (content == null) {
+ content = new ArrayList<Object>();
+ }
+ return this.content;
+ }
+
+}
diff --git a/id/server/idserverlib/src/main/java/at/gv/e_government/reference/namespace/mandates/_20040701_/PasteParameter.java b/id/server/idserverlib/src/main/java/at/gv/e_government/reference/namespace/mandates/_20040701_/PasteParameter.java
new file mode 100644
index 000000000..d8a64b374
--- /dev/null
+++ b/id/server/idserverlib/src/main/java/at/gv/e_government/reference/namespace/mandates/_20040701_/PasteParameter.java
@@ -0,0 +1,72 @@
+//
+// This file was generated by the JavaTM Architecture for XML Binding(JAXB) Reference Implementation, vJAXB 2.1.10 in JDK 6
+// See <a href="http://java.sun.com/xml/jaxb">http://java.sun.com/xml/jaxb</a>
+// Any modifications to this file will be lost upon recompilation of the source schema.
+// Generated on: 2013.06.19 at 11:53:10 AM CEST
+//
+
+
+package at.gv.e_government.reference.namespace.mandates._20040701_;
+
+import javax.xml.bind.annotation.XmlAccessType;
+import javax.xml.bind.annotation.XmlAccessorType;
+import javax.xml.bind.annotation.XmlAttribute;
+import javax.xml.bind.annotation.XmlRootElement;
+import javax.xml.bind.annotation.XmlSchemaType;
+import javax.xml.bind.annotation.XmlType;
+import javax.xml.bind.annotation.adapters.CollapsedStringAdapter;
+import javax.xml.bind.annotation.adapters.XmlJavaTypeAdapter;
+
+
+/**
+ * <p>Java class for anonymous complex type.
+ *
+ * <p>The following schema fragment specifies the expected content contained within this class.
+ *
+ * <pre>
+ * &lt;complexType>
+ * &lt;complexContent>
+ * &lt;restriction base="{http://www.w3.org/2001/XMLSchema}anyType">
+ * &lt;attribute name="Name" type="{http://www.w3.org/2001/XMLSchema}token" />
+ * &lt;/restriction>
+ * &lt;/complexContent>
+ * &lt;/complexType>
+ * </pre>
+ *
+ *
+ */
+@XmlAccessorType(XmlAccessType.FIELD)
+@XmlType(name = "")
+@XmlRootElement(name = "PasteParameter")
+public class PasteParameter {
+
+ @XmlAttribute(name = "Name")
+ @XmlJavaTypeAdapter(CollapsedStringAdapter.class)
+ @XmlSchemaType(name = "token")
+ protected String name;
+
+ /**
+ * Gets the value of the name property.
+ *
+ * @return
+ * possible object is
+ * {@link String }
+ *
+ */
+ public String getName() {
+ return name;
+ }
+
+ /**
+ * Sets the value of the name property.
+ *
+ * @param value
+ * allowed object is
+ * {@link String }
+ *
+ */
+ public void setName(String value) {
+ this.name = value;
+ }
+
+}
diff --git a/id/server/idserverlib/src/main/java/at/gv/e_government/reference/namespace/mandates/_20040701_/PropertiesType.java b/id/server/idserverlib/src/main/java/at/gv/e_government/reference/namespace/mandates/_20040701_/PropertiesType.java
new file mode 100644
index 000000000..f3ffa5100
--- /dev/null
+++ b/id/server/idserverlib/src/main/java/at/gv/e_government/reference/namespace/mandates/_20040701_/PropertiesType.java
@@ -0,0 +1,109 @@
+//
+// This file was generated by the JavaTM Architecture for XML Binding(JAXB) Reference Implementation, vJAXB 2.1.10 in JDK 6
+// See <a href="http://java.sun.com/xml/jaxb">http://java.sun.com/xml/jaxb</a>
+// Any modifications to this file will be lost upon recompilation of the source schema.
+// Generated on: 2013.06.19 at 11:53:10 AM CEST
+//
+
+
+package at.gv.e_government.reference.namespace.mandates._20040701_;
+
+import java.util.ArrayList;
+import java.util.List;
+import javax.xml.bind.annotation.XmlAccessType;
+import javax.xml.bind.annotation.XmlAccessorType;
+import javax.xml.bind.annotation.XmlAnyElement;
+import javax.xml.bind.annotation.XmlElement;
+import javax.xml.bind.annotation.XmlType;
+import org.w3c.dom.Element;
+
+
+/**
+ * complex type for describing arbitrary properties of mandates
+ *
+ * <p>Java class for PropertiesType complex type.
+ *
+ * <p>The following schema fragment specifies the expected content contained within this class.
+ *
+ * <pre>
+ * &lt;complexType name="PropertiesType">
+ * &lt;complexContent>
+ * &lt;restriction base="{http://www.w3.org/2001/XMLSchema}anyType">
+ * &lt;sequence>
+ * &lt;element name="SubstitutionAllowed" type="{http://www.w3.org/2001/XMLSchema}boolean" minOccurs="0"/>
+ * &lt;any processContents='lax' namespace='##other' maxOccurs="unbounded" minOccurs="0"/>
+ * &lt;/sequence>
+ * &lt;/restriction>
+ * &lt;/complexContent>
+ * &lt;/complexType>
+ * </pre>
+ *
+ *
+ */
+@XmlAccessorType(XmlAccessType.FIELD)
+@XmlType(name = "PropertiesType", propOrder = {
+ "substitutionAllowed",
+ "any"
+})
+public class PropertiesType {
+
+ @XmlElement(name = "SubstitutionAllowed", defaultValue = "false")
+ protected Boolean substitutionAllowed;
+ @XmlAnyElement(lax = true)
+ protected List<Object> any;
+
+ /**
+ * Gets the value of the substitutionAllowed property.
+ *
+ * @return
+ * possible object is
+ * {@link Boolean }
+ *
+ */
+ public Boolean isSubstitutionAllowed() {
+ return substitutionAllowed;
+ }
+
+ /**
+ * Sets the value of the substitutionAllowed property.
+ *
+ * @param value
+ * allowed object is
+ * {@link Boolean }
+ *
+ */
+ public void setSubstitutionAllowed(Boolean value) {
+ this.substitutionAllowed = value;
+ }
+
+ /**
+ * Gets the value of the any property.
+ *
+ * <p>
+ * This accessor method returns a reference to the live list,
+ * not a snapshot. Therefore any modification you make to the
+ * returned list will be present inside the JAXB object.
+ * This is why there is not a <CODE>set</CODE> method for the any property.
+ *
+ * <p>
+ * For example, to add a new item, do as follows:
+ * <pre>
+ * getAny().add(newItem);
+ * </pre>
+ *
+ *
+ * <p>
+ * Objects of the following type(s) are allowed in the list
+ * {@link Element }
+ * {@link Object }
+ *
+ *
+ */
+ public List<Object> getAny() {
+ if (any == null) {
+ any = new ArrayList<Object>();
+ }
+ return this.any;
+ }
+
+}
diff --git a/id/server/idserverlib/src/main/java/at/gv/e_government/reference/namespace/mandates/_20040701_/Representative.java b/id/server/idserverlib/src/main/java/at/gv/e_government/reference/namespace/mandates/_20040701_/Representative.java
new file mode 100644
index 000000000..ba18566a0
--- /dev/null
+++ b/id/server/idserverlib/src/main/java/at/gv/e_government/reference/namespace/mandates/_20040701_/Representative.java
@@ -0,0 +1,101 @@
+//
+// This file was generated by the JavaTM Architecture for XML Binding(JAXB) Reference Implementation, vJAXB 2.1.10 in JDK 6
+// See <a href="http://java.sun.com/xml/jaxb">http://java.sun.com/xml/jaxb</a>
+// Any modifications to this file will be lost upon recompilation of the source schema.
+// Generated on: 2013.06.19 at 11:53:10 AM CEST
+//
+
+
+package at.gv.e_government.reference.namespace.mandates._20040701_;
+
+import javax.xml.bind.annotation.XmlAccessType;
+import javax.xml.bind.annotation.XmlAccessorType;
+import javax.xml.bind.annotation.XmlElement;
+import javax.xml.bind.annotation.XmlRootElement;
+import javax.xml.bind.annotation.XmlType;
+import at.gv.e_government.reference.namespace.persondata._20020228_.CorporateBodyType;
+import at.gv.e_government.reference.namespace.persondata._20020228_.PhysicalPersonType;
+
+
+/**
+ * <p>Java class for anonymous complex type.
+ *
+ * <p>The following schema fragment specifies the expected content contained within this class.
+ *
+ * <pre>
+ * &lt;complexType>
+ * &lt;complexContent>
+ * &lt;restriction base="{http://www.w3.org/2001/XMLSchema}anyType">
+ * &lt;choice>
+ * &lt;element ref="{http://reference.e-government.gv.at/namespace/persondata/20020228#}PhysicalPerson"/>
+ * &lt;element ref="{http://reference.e-government.gv.at/namespace/persondata/20020228#}CorporateBody"/>
+ * &lt;/choice>
+ * &lt;/restriction>
+ * &lt;/complexContent>
+ * &lt;/complexType>
+ * </pre>
+ *
+ *
+ */
+@XmlAccessorType(XmlAccessType.FIELD)
+@XmlType(name = "", propOrder = {
+ "physicalPerson",
+ "corporateBody"
+})
+@XmlRootElement(name = "Representative")
+public class Representative {
+
+ @XmlElement(name = "PhysicalPerson", namespace = "http://reference.e-government.gv.at/namespace/persondata/20020228#")
+ protected PhysicalPersonType physicalPerson;
+ @XmlElement(name = "CorporateBody", namespace = "http://reference.e-government.gv.at/namespace/persondata/20020228#")
+ protected CorporateBodyType corporateBody;
+
+ /**
+ * Gets the value of the physicalPerson property.
+ *
+ * @return
+ * possible object is
+ * {@link PhysicalPersonType }
+ *
+ */
+ public PhysicalPersonType getPhysicalPerson() {
+ return physicalPerson;
+ }
+
+ /**
+ * Sets the value of the physicalPerson property.
+ *
+ * @param value
+ * allowed object is
+ * {@link PhysicalPersonType }
+ *
+ */
+ public void setPhysicalPerson(PhysicalPersonType value) {
+ this.physicalPerson = value;
+ }
+
+ /**
+ * Gets the value of the corporateBody property.
+ *
+ * @return
+ * possible object is
+ * {@link CorporateBodyType }
+ *
+ */
+ public CorporateBodyType getCorporateBody() {
+ return corporateBody;
+ }
+
+ /**
+ * Sets the value of the corporateBody property.
+ *
+ * @param value
+ * allowed object is
+ * {@link CorporateBodyType }
+ *
+ */
+ public void setCorporateBody(CorporateBodyType value) {
+ this.corporateBody = value;
+ }
+
+}
diff --git a/id/server/idserverlib/src/main/java/at/gv/e_government/reference/namespace/mandates/_20040701_/SetParameter.java b/id/server/idserverlib/src/main/java/at/gv/e_government/reference/namespace/mandates/_20040701_/SetParameter.java
new file mode 100644
index 000000000..5c85ebe25
--- /dev/null
+++ b/id/server/idserverlib/src/main/java/at/gv/e_government/reference/namespace/mandates/_20040701_/SetParameter.java
@@ -0,0 +1,103 @@
+//
+// This file was generated by the JavaTM Architecture for XML Binding(JAXB) Reference Implementation, vJAXB 2.1.10 in JDK 6
+// See <a href="http://java.sun.com/xml/jaxb">http://java.sun.com/xml/jaxb</a>
+// Any modifications to this file will be lost upon recompilation of the source schema.
+// Generated on: 2013.06.19 at 11:53:10 AM CEST
+//
+
+
+package at.gv.e_government.reference.namespace.mandates._20040701_;
+
+import javax.xml.bind.annotation.XmlAccessType;
+import javax.xml.bind.annotation.XmlAccessorType;
+import javax.xml.bind.annotation.XmlAttribute;
+import javax.xml.bind.annotation.XmlRootElement;
+import javax.xml.bind.annotation.XmlSchemaType;
+import javax.xml.bind.annotation.XmlType;
+import javax.xml.bind.annotation.XmlValue;
+import javax.xml.bind.annotation.adapters.CollapsedStringAdapter;
+import javax.xml.bind.annotation.adapters.XmlJavaTypeAdapter;
+
+
+/**
+ * <p>Java class for anonymous complex type.
+ *
+ * <p>The following schema fragment specifies the expected content contained within this class.
+ *
+ * <pre>
+ * &lt;complexType>
+ * &lt;simpleContent>
+ * &lt;extension base="&lt;http://www.w3.org/2001/XMLSchema>token">
+ * &lt;attribute name="Name" type="{http://www.w3.org/2001/XMLSchema}token" />
+ * &lt;/extension>
+ * &lt;/simpleContent>
+ * &lt;/complexType>
+ * </pre>
+ *
+ *
+ */
+@XmlAccessorType(XmlAccessType.FIELD)
+@XmlType(name = "", propOrder = {
+ "value"
+})
+@XmlRootElement(name = "SetParameter")
+public class SetParameter {
+
+ @XmlValue
+ @XmlJavaTypeAdapter(CollapsedStringAdapter.class)
+ @XmlSchemaType(name = "token")
+ protected String value;
+ @XmlAttribute(name = "Name")
+ @XmlJavaTypeAdapter(CollapsedStringAdapter.class)
+ @XmlSchemaType(name = "token")
+ protected String name;
+
+ /**
+ * Gets the value of the value property.
+ *
+ * @return
+ * possible object is
+ * {@link String }
+ *
+ */
+ public String getValue() {
+ return value;
+ }
+
+ /**
+ * Sets the value of the value property.
+ *
+ * @param value
+ * allowed object is
+ * {@link String }
+ *
+ */
+ public void setValue(String value) {
+ this.value = value;
+ }
+
+ /**
+ * Gets the value of the name property.
+ *
+ * @return
+ * possible object is
+ * {@link String }
+ *
+ */
+ public String getName() {
+ return name;
+ }
+
+ /**
+ * Sets the value of the name property.
+ *
+ * @param value
+ * allowed object is
+ * {@link String }
+ *
+ */
+ public void setName(String value) {
+ this.name = value;
+ }
+
+}
diff --git a/id/server/idserverlib/src/main/java/at/gv/e_government/reference/namespace/mandates/_20040701_/SimpleMandateContentType.java b/id/server/idserverlib/src/main/java/at/gv/e_government/reference/namespace/mandates/_20040701_/SimpleMandateContentType.java
new file mode 100644
index 000000000..30fdcbab1
--- /dev/null
+++ b/id/server/idserverlib/src/main/java/at/gv/e_government/reference/namespace/mandates/_20040701_/SimpleMandateContentType.java
@@ -0,0 +1,605 @@
+//
+// This file was generated by the JavaTM Architecture for XML Binding(JAXB) Reference Implementation, vJAXB 2.1.10 in JDK 6
+// See <a href="http://java.sun.com/xml/jaxb">http://java.sun.com/xml/jaxb</a>
+// Any modifications to this file will be lost upon recompilation of the source schema.
+// Generated on: 2013.06.19 at 11:53:10 AM CEST
+//
+
+
+package at.gv.e_government.reference.namespace.mandates._20040701_;
+
+import java.util.ArrayList;
+import java.util.List;
+import javax.xml.bind.JAXBElement;
+import javax.xml.bind.annotation.XmlAccessType;
+import javax.xml.bind.annotation.XmlAccessorType;
+import javax.xml.bind.annotation.XmlElement;
+import javax.xml.bind.annotation.XmlElementRef;
+import javax.xml.bind.annotation.XmlElementRefs;
+import javax.xml.bind.annotation.XmlSchemaType;
+import javax.xml.bind.annotation.XmlType;
+import javax.xml.bind.annotation.XmlValue;
+import javax.xml.bind.annotation.adapters.CollapsedStringAdapter;
+import javax.xml.bind.annotation.adapters.XmlJavaTypeAdapter;
+import at.gv.e_government.reference.namespace.persondata._20020228_.CorporateBodyType;
+import at.gv.e_government.reference.namespace.persondata._20020228_.PhysicalPersonType;
+
+
+/**
+ * complex type for describing the mandate using some textual descriptions
+ *
+ * <p>Java class for SimpleMandateContentType complex type.
+ *
+ * <p>The following schema fragment specifies the expected content contained within this class.
+ *
+ * <pre>
+ * &lt;complexType name="SimpleMandateContentType">
+ * &lt;complexContent>
+ * &lt;restriction base="{http://www.w3.org/2001/XMLSchema}anyType">
+ * &lt;sequence>
+ * &lt;choice maxOccurs="unbounded">
+ * &lt;element ref="{http://reference.e-government.gv.at/namespace/mandates/20040701#}TextualDescription"/>
+ * &lt;element ref="{http://reference.e-government.gv.at/namespace/mandates/20040701#}ParameterisedDescription"/>
+ * &lt;/choice>
+ * &lt;element name="References" minOccurs="0">
+ * &lt;complexType>
+ * &lt;complexContent>
+ * &lt;restriction base="{http://www.w3.org/2001/XMLSchema}anyType">
+ * &lt;sequence maxOccurs="unbounded">
+ * &lt;element name="MandateID">
+ * &lt;complexType>
+ * &lt;simpleContent>
+ * &lt;extension base="&lt;http://www.w3.org/2001/XMLSchema>token">
+ * &lt;/extension>
+ * &lt;/simpleContent>
+ * &lt;/complexType>
+ * &lt;/element>
+ * &lt;/sequence>
+ * &lt;/restriction>
+ * &lt;/complexContent>
+ * &lt;/complexType>
+ * &lt;/element>
+ * &lt;group ref="{http://reference.e-government.gv.at/namespace/mandates/20040701#}ConstraintsGroup"/>
+ * &lt;/sequence>
+ * &lt;/restriction>
+ * &lt;/complexContent>
+ * &lt;/complexType>
+ * </pre>
+ *
+ *
+ */
+@XmlAccessorType(XmlAccessType.FIELD)
+@XmlType(name = "SimpleMandateContentType", propOrder = {
+ "textualDescriptionOrParameterisedDescription",
+ "references",
+ "timeConstraint",
+ "collectiveConstraint",
+ "transactionLimit",
+ "anyConstraints"
+})
+public class SimpleMandateContentType {
+
+ @XmlElementRefs({
+ @XmlElementRef(name = "ParameterisedDescription", namespace = "http://reference.e-government.gv.at/namespace/mandates/20040701#", type = JAXBElement.class),
+ @XmlElementRef(name = "TextualDescription", namespace = "http://reference.e-government.gv.at/namespace/mandates/20040701#", type = JAXBElement.class)
+ })
+ protected List<JAXBElement<?>> textualDescriptionOrParameterisedDescription;
+ @XmlElement(name = "References")
+ protected SimpleMandateContentType.References references;
+ @XmlElement(name = "TimeConstraint")
+ protected SimpleMandateContentType.TimeConstraint timeConstraint;
+ @XmlElement(name = "CollectiveConstraint")
+ protected SimpleMandateContentType.CollectiveConstraint collectiveConstraint;
+ @XmlElement(name = "TransactionLimit")
+ protected SimpleMandateContentType.TransactionLimit transactionLimit;
+ @XmlElement(name = "AnyConstraints")
+ @XmlJavaTypeAdapter(CollapsedStringAdapter.class)
+ protected List<String> anyConstraints;
+
+ /**
+ * Gets the value of the textualDescriptionOrParameterisedDescription property.
+ *
+ * <p>
+ * This accessor method returns a reference to the live list,
+ * not a snapshot. Therefore any modification you make to the
+ * returned list will be present inside the JAXB object.
+ * This is why there is not a <CODE>set</CODE> method for the textualDescriptionOrParameterisedDescription property.
+ *
+ * <p>
+ * For example, to add a new item, do as follows:
+ * <pre>
+ * getTextualDescriptionOrParameterisedDescription().add(newItem);
+ * </pre>
+ *
+ *
+ * <p>
+ * Objects of the following type(s) are allowed in the list
+ * {@link JAXBElement }{@code <}{@link ParameterisedDescriptionType }{@code >}
+ * {@link JAXBElement }{@code <}{@link String }{@code >}
+ *
+ *
+ */
+ public List<JAXBElement<?>> getTextualDescriptionOrParameterisedDescription() {
+ if (textualDescriptionOrParameterisedDescription == null) {
+ textualDescriptionOrParameterisedDescription = new ArrayList<JAXBElement<?>>();
+ }
+ return this.textualDescriptionOrParameterisedDescription;
+ }
+
+ /**
+ * Gets the value of the references property.
+ *
+ * @return
+ * possible object is
+ * {@link SimpleMandateContentType.References }
+ *
+ */
+ public SimpleMandateContentType.References getReferences() {
+ return references;
+ }
+
+ /**
+ * Sets the value of the references property.
+ *
+ * @param value
+ * allowed object is
+ * {@link SimpleMandateContentType.References }
+ *
+ */
+ public void setReferences(SimpleMandateContentType.References value) {
+ this.references = value;
+ }
+
+ /**
+ * Gets the value of the timeConstraint property.
+ *
+ * @return
+ * possible object is
+ * {@link SimpleMandateContentType.TimeConstraint }
+ *
+ */
+ public SimpleMandateContentType.TimeConstraint getTimeConstraint() {
+ return timeConstraint;
+ }
+
+ /**
+ * Sets the value of the timeConstraint property.
+ *
+ * @param value
+ * allowed object is
+ * {@link SimpleMandateContentType.TimeConstraint }
+ *
+ */
+ public void setTimeConstraint(SimpleMandateContentType.TimeConstraint value) {
+ this.timeConstraint = value;
+ }
+
+ /**
+ * Gets the value of the collectiveConstraint property.
+ *
+ * @return
+ * possible object is
+ * {@link SimpleMandateContentType.CollectiveConstraint }
+ *
+ */
+ public SimpleMandateContentType.CollectiveConstraint getCollectiveConstraint() {
+ return collectiveConstraint;
+ }
+
+ /**
+ * Sets the value of the collectiveConstraint property.
+ *
+ * @param value
+ * allowed object is
+ * {@link SimpleMandateContentType.CollectiveConstraint }
+ *
+ */
+ public void setCollectiveConstraint(SimpleMandateContentType.CollectiveConstraint value) {
+ this.collectiveConstraint = value;
+ }
+
+ /**
+ * Gets the value of the transactionLimit property.
+ *
+ * @return
+ * possible object is
+ * {@link SimpleMandateContentType.TransactionLimit }
+ *
+ */
+ public SimpleMandateContentType.TransactionLimit getTransactionLimit() {
+ return transactionLimit;
+ }
+
+ /**
+ * Sets the value of the transactionLimit property.
+ *
+ * @param value
+ * allowed object is
+ * {@link SimpleMandateContentType.TransactionLimit }
+ *
+ */
+ public void setTransactionLimit(SimpleMandateContentType.TransactionLimit value) {
+ this.transactionLimit = value;
+ }
+
+ /**
+ * Gets the value of the anyConstraints property.
+ *
+ * <p>
+ * This accessor method returns a reference to the live list,
+ * not a snapshot. Therefore any modification you make to the
+ * returned list will be present inside the JAXB object.
+ * This is why there is not a <CODE>set</CODE> method for the anyConstraints property.
+ *
+ * <p>
+ * For example, to add a new item, do as follows:
+ * <pre>
+ * getAnyConstraints().add(newItem);
+ * </pre>
+ *
+ *
+ * <p>
+ * Objects of the following type(s) are allowed in the list
+ * {@link String }
+ *
+ *
+ */
+ public List<String> getAnyConstraints() {
+ if (anyConstraints == null) {
+ anyConstraints = new ArrayList<String>();
+ }
+ return this.anyConstraints;
+ }
+
+
+ /**
+ * <p>Java class for anonymous complex type.
+ *
+ * <p>The following schema fragment specifies the expected content contained within this class.
+ *
+ * <pre>
+ * &lt;complexType>
+ * &lt;complexContent>
+ * &lt;restriction base="{http://www.w3.org/2001/XMLSchema}anyType">
+ * &lt;choice maxOccurs="unbounded">
+ * &lt;element ref="{http://reference.e-government.gv.at/namespace/persondata/20020228#}PhysicalPerson"/>
+ * &lt;element ref="{http://reference.e-government.gv.at/namespace/persondata/20020228#}CorporateBody"/>
+ * &lt;element ref="{http://reference.e-government.gv.at/namespace/mandates/20040701#}AnyConstraints"/>
+ * &lt;/choice>
+ * &lt;/restriction>
+ * &lt;/complexContent>
+ * &lt;/complexType>
+ * </pre>
+ *
+ *
+ */
+ @XmlAccessorType(XmlAccessType.FIELD)
+ @XmlType(name = "", propOrder = {
+ "physicalPersonOrCorporateBodyOrAnyConstraints"
+ })
+ public static class CollectiveConstraint {
+
+ @XmlElementRefs({
+ @XmlElementRef(name = "PhysicalPerson", namespace = "http://reference.e-government.gv.at/namespace/persondata/20020228#", type = JAXBElement.class),
+ @XmlElementRef(name = "AnyConstraints", namespace = "http://reference.e-government.gv.at/namespace/mandates/20040701#", type = JAXBElement.class),
+ @XmlElementRef(name = "CorporateBody", namespace = "http://reference.e-government.gv.at/namespace/persondata/20020228#", type = JAXBElement.class)
+ })
+ protected List<JAXBElement<?>> physicalPersonOrCorporateBodyOrAnyConstraints;
+
+ /**
+ * Gets the value of the physicalPersonOrCorporateBodyOrAnyConstraints property.
+ *
+ * <p>
+ * This accessor method returns a reference to the live list,
+ * not a snapshot. Therefore any modification you make to the
+ * returned list will be present inside the JAXB object.
+ * This is why there is not a <CODE>set</CODE> method for the physicalPersonOrCorporateBodyOrAnyConstraints property.
+ *
+ * <p>
+ * For example, to add a new item, do as follows:
+ * <pre>
+ * getPhysicalPersonOrCorporateBodyOrAnyConstraints().add(newItem);
+ * </pre>
+ *
+ *
+ * <p>
+ * Objects of the following type(s) are allowed in the list
+ * {@link JAXBElement }{@code <}{@link CorporateBodyType }{@code >}
+ * {@link JAXBElement }{@code <}{@link PhysicalPersonType }{@code >}
+ * {@link JAXBElement }{@code <}{@link String }{@code >}
+ *
+ *
+ */
+ public List<JAXBElement<?>> getPhysicalPersonOrCorporateBodyOrAnyConstraints() {
+ if (physicalPersonOrCorporateBodyOrAnyConstraints == null) {
+ physicalPersonOrCorporateBodyOrAnyConstraints = new ArrayList<JAXBElement<?>>();
+ }
+ return this.physicalPersonOrCorporateBodyOrAnyConstraints;
+ }
+
+ }
+
+
+ /**
+ * <p>Java class for anonymous complex type.
+ *
+ * <p>The following schema fragment specifies the expected content contained within this class.
+ *
+ * <pre>
+ * &lt;complexType>
+ * &lt;complexContent>
+ * &lt;restriction base="{http://www.w3.org/2001/XMLSchema}anyType">
+ * &lt;sequence maxOccurs="unbounded">
+ * &lt;element name="MandateID">
+ * &lt;complexType>
+ * &lt;simpleContent>
+ * &lt;extension base="&lt;http://www.w3.org/2001/XMLSchema>token">
+ * &lt;/extension>
+ * &lt;/simpleContent>
+ * &lt;/complexType>
+ * &lt;/element>
+ * &lt;/sequence>
+ * &lt;/restriction>
+ * &lt;/complexContent>
+ * &lt;/complexType>
+ * </pre>
+ *
+ *
+ */
+ @XmlAccessorType(XmlAccessType.FIELD)
+ @XmlType(name = "", propOrder = {
+ "mandateID"
+ })
+ public static class References {
+
+ @XmlElement(name = "MandateID", required = true)
+ protected List<SimpleMandateContentType.References.MandateID> mandateID;
+
+ /**
+ * Gets the value of the mandateID property.
+ *
+ * <p>
+ * This accessor method returns a reference to the live list,
+ * not a snapshot. Therefore any modification you make to the
+ * returned list will be present inside the JAXB object.
+ * This is why there is not a <CODE>set</CODE> method for the mandateID property.
+ *
+ * <p>
+ * For example, to add a new item, do as follows:
+ * <pre>
+ * getMandateID().add(newItem);
+ * </pre>
+ *
+ *
+ * <p>
+ * Objects of the following type(s) are allowed in the list
+ * {@link SimpleMandateContentType.References.MandateID }
+ *
+ *
+ */
+ public List<SimpleMandateContentType.References.MandateID> getMandateID() {
+ if (mandateID == null) {
+ mandateID = new ArrayList<SimpleMandateContentType.References.MandateID>();
+ }
+ return this.mandateID;
+ }
+
+
+ /**
+ * <p>Java class for anonymous complex type.
+ *
+ * <p>The following schema fragment specifies the expected content contained within this class.
+ *
+ * <pre>
+ * &lt;complexType>
+ * &lt;simpleContent>
+ * &lt;extension base="&lt;http://www.w3.org/2001/XMLSchema>token">
+ * &lt;/extension>
+ * &lt;/simpleContent>
+ * &lt;/complexType>
+ * </pre>
+ *
+ *
+ */
+ @XmlAccessorType(XmlAccessType.FIELD)
+ @XmlType(name = "", propOrder = {
+ "value"
+ })
+ public static class MandateID {
+
+ @XmlValue
+ @XmlJavaTypeAdapter(CollapsedStringAdapter.class)
+ @XmlSchemaType(name = "token")
+ protected String value;
+
+ /**
+ * Gets the value of the value property.
+ *
+ * @return
+ * possible object is
+ * {@link String }
+ *
+ */
+ public String getValue() {
+ return value;
+ }
+
+ /**
+ * Sets the value of the value property.
+ *
+ * @param value
+ * allowed object is
+ * {@link String }
+ *
+ */
+ public void setValue(String value) {
+ this.value = value;
+ }
+
+ }
+
+ }
+
+
+ /**
+ * <p>Java class for anonymous complex type.
+ *
+ * <p>The following schema fragment specifies the expected content contained within this class.
+ *
+ * <pre>
+ * &lt;complexType>
+ * &lt;complexContent>
+ * &lt;restriction base="{http://www.w3.org/2001/XMLSchema}anyType">
+ * &lt;choice>
+ * &lt;sequence>
+ * &lt;element ref="{http://reference.e-government.gv.at/namespace/mandates/20040701#}ValidFrom" minOccurs="0"/>
+ * &lt;element ref="{http://reference.e-government.gv.at/namespace/mandates/20040701#}ValidTo" minOccurs="0"/>
+ * &lt;/sequence>
+ * &lt;/choice>
+ * &lt;/restriction>
+ * &lt;/complexContent>
+ * &lt;/complexType>
+ * </pre>
+ *
+ *
+ */
+ @XmlAccessorType(XmlAccessType.FIELD)
+ @XmlType(name = "", propOrder = {
+ "validFrom",
+ "validTo"
+ })
+ public static class TimeConstraint {
+
+ @XmlElement(name = "ValidFrom")
+ protected String validFrom;
+ @XmlElement(name = "ValidTo")
+ protected String validTo;
+
+ /**
+ * Gets the value of the validFrom property.
+ *
+ * @return
+ * possible object is
+ * {@link String }
+ *
+ */
+ public String getValidFrom() {
+ return validFrom;
+ }
+
+ /**
+ * Sets the value of the validFrom property.
+ *
+ * @param value
+ * allowed object is
+ * {@link String }
+ *
+ */
+ public void setValidFrom(String value) {
+ this.validFrom = value;
+ }
+
+ /**
+ * Gets the value of the validTo property.
+ *
+ * @return
+ * possible object is
+ * {@link String }
+ *
+ */
+ public String getValidTo() {
+ return validTo;
+ }
+
+ /**
+ * Sets the value of the validTo property.
+ *
+ * @param value
+ * allowed object is
+ * {@link String }
+ *
+ */
+ public void setValidTo(String value) {
+ this.validTo = value;
+ }
+
+ }
+
+
+ /**
+ * <p>Java class for anonymous complex type.
+ *
+ * <p>The following schema fragment specifies the expected content contained within this class.
+ *
+ * <pre>
+ * &lt;complexType>
+ * &lt;complexContent>
+ * &lt;restriction base="{http://www.w3.org/2001/XMLSchema}anyType">
+ * &lt;sequence>
+ * &lt;element name="Amount" type="{http://www.w3.org/2001/XMLSchema}float"/>
+ * &lt;element name="Currency" type="{http://www.w3.org/2001/XMLSchema}token"/>
+ * &lt;/sequence>
+ * &lt;/restriction>
+ * &lt;/complexContent>
+ * &lt;/complexType>
+ * </pre>
+ *
+ *
+ */
+ @XmlAccessorType(XmlAccessType.FIELD)
+ @XmlType(name = "", propOrder = {
+ "amount",
+ "currency"
+ })
+ public static class TransactionLimit {
+
+ @XmlElement(name = "Amount")
+ protected float amount;
+ @XmlElement(name = "Currency", required = true, defaultValue = "EUR")
+ @XmlJavaTypeAdapter(CollapsedStringAdapter.class)
+ @XmlSchemaType(name = "token")
+ protected String currency;
+
+ /**
+ * Gets the value of the amount property.
+ *
+ */
+ public float getAmount() {
+ return amount;
+ }
+
+ /**
+ * Sets the value of the amount property.
+ *
+ */
+ public void setAmount(float value) {
+ this.amount = value;
+ }
+
+ /**
+ * Gets the value of the currency property.
+ *
+ * @return
+ * possible object is
+ * {@link String }
+ *
+ */
+ public String getCurrency() {
+ return currency;
+ }
+
+ /**
+ * Sets the value of the currency property.
+ *
+ * @param value
+ * allowed object is
+ * {@link String }
+ *
+ */
+ public void setCurrency(String value) {
+ this.currency = value;
+ }
+
+ }
+
+}
diff --git a/id/server/idserverlib/src/main/java/at/gv/e_government/reference/namespace/mandates/_20040701_/package-info.java b/id/server/idserverlib/src/main/java/at/gv/e_government/reference/namespace/mandates/_20040701_/package-info.java
new file mode 100644
index 000000000..79c3dae88
--- /dev/null
+++ b/id/server/idserverlib/src/main/java/at/gv/e_government/reference/namespace/mandates/_20040701_/package-info.java
@@ -0,0 +1,9 @@
+//
+// This file was generated by the JavaTM Architecture for XML Binding(JAXB) Reference Implementation, vJAXB 2.1.10 in JDK 6
+// See <a href="http://java.sun.com/xml/jaxb">http://java.sun.com/xml/jaxb</a>
+// Any modifications to this file will be lost upon recompilation of the source schema.
+// Generated on: 2013.06.19 at 11:53:10 AM CEST
+//
+
+@javax.xml.bind.annotation.XmlSchema(namespace = "http://reference.e-government.gv.at/namespace/mandates/20040701#", elementFormDefault = javax.xml.bind.annotation.XmlNsForm.QUALIFIED)
+package at.gv.e_government.reference.namespace.mandates._20040701_;
diff --git a/id/server/idserverlib/src/main/java/at/gv/e_government/reference/namespace/persondata/_20020228_/AbstractAddressType.java b/id/server/idserverlib/src/main/java/at/gv/e_government/reference/namespace/persondata/_20020228_/AbstractAddressType.java
new file mode 100644
index 000000000..406073972
--- /dev/null
+++ b/id/server/idserverlib/src/main/java/at/gv/e_government/reference/namespace/persondata/_20020228_/AbstractAddressType.java
@@ -0,0 +1,144 @@
+//
+// This file was generated by the JavaTM Architecture for XML Binding(JAXB) Reference Implementation, vJAXB 2.1.10 in JDK 6
+// See <a href="http://java.sun.com/xml/jaxb">http://java.sun.com/xml/jaxb</a>
+// Any modifications to this file will be lost upon recompilation of the source schema.
+// Generated on: 2013.06.19 at 11:53:10 AM CEST
+//
+
+
+package at.gv.e_government.reference.namespace.persondata._20020228_;
+
+import java.util.ArrayList;
+import java.util.HashMap;
+import java.util.List;
+import java.util.Map;
+import javax.xml.bind.annotation.XmlAccessType;
+import javax.xml.bind.annotation.XmlAccessorType;
+import javax.xml.bind.annotation.XmlAnyAttribute;
+import javax.xml.bind.annotation.XmlAttribute;
+import javax.xml.bind.annotation.XmlElement;
+import javax.xml.bind.annotation.XmlID;
+import javax.xml.bind.annotation.XmlSchemaType;
+import javax.xml.bind.annotation.XmlSeeAlso;
+import javax.xml.bind.annotation.XmlType;
+import javax.xml.bind.annotation.adapters.CollapsedStringAdapter;
+import javax.xml.bind.annotation.adapters.XmlJavaTypeAdapter;
+import javax.xml.namespace.QName;
+
+
+/**
+ * main structure of address data
+ *
+ * <p>Java class for AbstractAddressType complex type.
+ *
+ * <p>The following schema fragment specifies the expected content contained within this class.
+ *
+ * <pre>
+ * &lt;complexType name="AbstractAddressType">
+ * &lt;complexContent>
+ * &lt;restriction base="{http://www.w3.org/2001/XMLSchema}anyType">
+ * &lt;sequence minOccurs="0">
+ * &lt;element name="Identification" type="{http://reference.e-government.gv.at/namespace/persondata/20020228#}IdentificationType" maxOccurs="unbounded"/>
+ * &lt;/sequence>
+ * &lt;attribute name="Id" type="{http://www.w3.org/2001/XMLSchema}ID" />
+ * &lt;anyAttribute namespace='##other'/>
+ * &lt;/restriction>
+ * &lt;/complexContent>
+ * &lt;/complexType>
+ * </pre>
+ *
+ *
+ */
+@XmlAccessorType(XmlAccessType.FIELD)
+@XmlType(name = "AbstractAddressType", propOrder = {
+ "identification"
+})
+@XmlSeeAlso({
+ TelephoneAddressType.class,
+ InternetAddressType.class,
+ TypedPostalAddressType.class
+})
+public abstract class AbstractAddressType {
+
+ @XmlElement(name = "Identification")
+ protected List<IdentificationType> identification;
+ @XmlAttribute(name = "Id")
+ @XmlJavaTypeAdapter(CollapsedStringAdapter.class)
+ @XmlID
+ @XmlSchemaType(name = "ID")
+ protected String id;
+ @XmlAnyAttribute
+ private Map<QName, String> otherAttributes = new HashMap<QName, String>();
+
+ /**
+ * Gets the value of the identification property.
+ *
+ * <p>
+ * This accessor method returns a reference to the live list,
+ * not a snapshot. Therefore any modification you make to the
+ * returned list will be present inside the JAXB object.
+ * This is why there is not a <CODE>set</CODE> method for the identification property.
+ *
+ * <p>
+ * For example, to add a new item, do as follows:
+ * <pre>
+ * getIdentification().add(newItem);
+ * </pre>
+ *
+ *
+ * <p>
+ * Objects of the following type(s) are allowed in the list
+ * {@link IdentificationType }
+ *
+ *
+ */
+ public List<IdentificationType> getIdentification() {
+ if (identification == null) {
+ identification = new ArrayList<IdentificationType>();
+ }
+ return this.identification;
+ }
+
+ /**
+ * Gets the value of the id property.
+ *
+ * @return
+ * possible object is
+ * {@link String }
+ *
+ */
+ public String getId() {
+ return id;
+ }
+
+ /**
+ * Sets the value of the id property.
+ *
+ * @param value
+ * allowed object is
+ * {@link String }
+ *
+ */
+ public void setId(String value) {
+ this.id = value;
+ }
+
+ /**
+ * Gets a map that contains attributes that aren't bound to any typed property on this class.
+ *
+ * <p>
+ * the map is keyed by the name of the attribute and
+ * the value is the string value of the attribute.
+ *
+ * the map returned by this method is live, and you can add new attribute
+ * by updating the map directly. Because of this design, there's no setter.
+ *
+ *
+ * @return
+ * always non-null
+ */
+ public Map<QName, String> getOtherAttributes() {
+ return otherAttributes;
+ }
+
+}
diff --git a/id/server/idserverlib/src/main/java/at/gv/e_government/reference/namespace/persondata/_20020228_/AbstractPersonType.java b/id/server/idserverlib/src/main/java/at/gv/e_government/reference/namespace/persondata/_20020228_/AbstractPersonType.java
new file mode 100644
index 000000000..201b285dd
--- /dev/null
+++ b/id/server/idserverlib/src/main/java/at/gv/e_government/reference/namespace/persondata/_20020228_/AbstractPersonType.java
@@ -0,0 +1,144 @@
+//
+// This file was generated by the JavaTM Architecture for XML Binding(JAXB) Reference Implementation, vJAXB 2.1.10 in JDK 6
+// See <a href="http://java.sun.com/xml/jaxb">http://java.sun.com/xml/jaxb</a>
+// Any modifications to this file will be lost upon recompilation of the source schema.
+// Generated on: 2013.06.19 at 11:53:10 AM CEST
+//
+
+
+package at.gv.e_government.reference.namespace.persondata._20020228_;
+
+import java.util.ArrayList;
+import java.util.HashMap;
+import java.util.List;
+import java.util.Map;
+import javax.xml.bind.annotation.XmlAccessType;
+import javax.xml.bind.annotation.XmlAccessorType;
+import javax.xml.bind.annotation.XmlAnyAttribute;
+import javax.xml.bind.annotation.XmlAttribute;
+import javax.xml.bind.annotation.XmlElement;
+import javax.xml.bind.annotation.XmlID;
+import javax.xml.bind.annotation.XmlSchemaType;
+import javax.xml.bind.annotation.XmlSeeAlso;
+import javax.xml.bind.annotation.XmlType;
+import javax.xml.bind.annotation.adapters.CollapsedStringAdapter;
+import javax.xml.bind.annotation.adapters.XmlJavaTypeAdapter;
+import javax.xml.namespace.QName;
+
+
+/**
+ * main structure of person data
+ *
+ * <p>Java class for AbstractPersonType complex type.
+ *
+ * <p>The following schema fragment specifies the expected content contained within this class.
+ *
+ * <pre>
+ * &lt;complexType name="AbstractPersonType">
+ * &lt;complexContent>
+ * &lt;restriction base="{http://www.w3.org/2001/XMLSchema}anyType">
+ * &lt;sequence minOccurs="0">
+ * &lt;element name="Identification" type="{http://reference.e-government.gv.at/namespace/persondata/20020228#}IdentificationType" maxOccurs="unbounded"/>
+ * &lt;/sequence>
+ * &lt;attribute name="Id" type="{http://www.w3.org/2001/XMLSchema}ID" />
+ * &lt;anyAttribute namespace='##other'/>
+ * &lt;/restriction>
+ * &lt;/complexContent>
+ * &lt;/complexType>
+ * </pre>
+ *
+ *
+ */
+@XmlAccessorType(XmlAccessType.FIELD)
+@XmlType(name = "AbstractPersonType", propOrder = {
+ "identification"
+})
+@XmlSeeAlso({
+ PhysicalPersonType.class,
+ CorporateBodyType.class,
+ PersonDataType.class
+})
+public abstract class AbstractPersonType {
+
+ @XmlElement(name = "Identification")
+ protected List<IdentificationType> identification;
+ @XmlAttribute(name = "Id")
+ @XmlJavaTypeAdapter(CollapsedStringAdapter.class)
+ @XmlID
+ @XmlSchemaType(name = "ID")
+ protected String id;
+ @XmlAnyAttribute
+ private Map<QName, String> otherAttributes = new HashMap<QName, String>();
+
+ /**
+ * Gets the value of the identification property.
+ *
+ * <p>
+ * This accessor method returns a reference to the live list,
+ * not a snapshot. Therefore any modification you make to the
+ * returned list will be present inside the JAXB object.
+ * This is why there is not a <CODE>set</CODE> method for the identification property.
+ *
+ * <p>
+ * For example, to add a new item, do as follows:
+ * <pre>
+ * getIdentification().add(newItem);
+ * </pre>
+ *
+ *
+ * <p>
+ * Objects of the following type(s) are allowed in the list
+ * {@link IdentificationType }
+ *
+ *
+ */
+ public List<IdentificationType> getIdentification() {
+ if (identification == null) {
+ identification = new ArrayList<IdentificationType>();
+ }
+ return this.identification;
+ }
+
+ /**
+ * Gets the value of the id property.
+ *
+ * @return
+ * possible object is
+ * {@link String }
+ *
+ */
+ public String getId() {
+ return id;
+ }
+
+ /**
+ * Sets the value of the id property.
+ *
+ * @param value
+ * allowed object is
+ * {@link String }
+ *
+ */
+ public void setId(String value) {
+ this.id = value;
+ }
+
+ /**
+ * Gets a map that contains attributes that aren't bound to any typed property on this class.
+ *
+ * <p>
+ * the map is keyed by the name of the attribute and
+ * the value is the string value of the attribute.
+ *
+ * the map returned by this method is live, and you can add new attribute
+ * by updating the map directly. Because of this design, there's no setter.
+ *
+ *
+ * @return
+ * always non-null
+ */
+ public Map<QName, String> getOtherAttributes() {
+ return otherAttributes;
+ }
+
+}
diff --git a/id/server/idserverlib/src/main/java/at/gv/e_government/reference/namespace/persondata/_20020228_/CorporateBodyType.java b/id/server/idserverlib/src/main/java/at/gv/e_government/reference/namespace/persondata/_20020228_/CorporateBodyType.java
new file mode 100644
index 000000000..382307a46
--- /dev/null
+++ b/id/server/idserverlib/src/main/java/at/gv/e_government/reference/namespace/persondata/_20020228_/CorporateBodyType.java
@@ -0,0 +1,245 @@
+//
+// This file was generated by the JavaTM Architecture for XML Binding(JAXB) Reference Implementation, vJAXB 2.1.10 in JDK 6
+// See <a href="http://java.sun.com/xml/jaxb">http://java.sun.com/xml/jaxb</a>
+// Any modifications to this file will be lost upon recompilation of the source schema.
+// Generated on: 2013.06.19 at 11:53:10 AM CEST
+//
+
+
+package at.gv.e_government.reference.namespace.persondata._20020228_;
+
+import java.util.ArrayList;
+import java.util.List;
+import javax.xml.bind.annotation.XmlAccessType;
+import javax.xml.bind.annotation.XmlAccessorType;
+import javax.xml.bind.annotation.XmlAnyElement;
+import javax.xml.bind.annotation.XmlElement;
+import javax.xml.bind.annotation.XmlSchemaType;
+import javax.xml.bind.annotation.XmlType;
+import javax.xml.bind.annotation.adapters.CollapsedStringAdapter;
+import javax.xml.bind.annotation.adapters.XmlJavaTypeAdapter;
+import org.w3c.dom.Element;
+
+
+/**
+ * juridical person, organisation
+ *
+ * <p>Java class for CorporateBodyType complex type.
+ *
+ * <p>The following schema fragment specifies the expected content contained within this class.
+ *
+ * <pre>
+ * &lt;complexType name="CorporateBodyType">
+ * &lt;complexContent>
+ * &lt;extension base="{http://reference.e-government.gv.at/namespace/persondata/20020228#}AbstractPersonType">
+ * &lt;sequence minOccurs="0">
+ * &lt;element name="Type" type="{http://www.w3.org/2001/XMLSchema}anyURI" maxOccurs="unbounded" minOccurs="0"/>
+ * &lt;element name="FullName" type="{http://www.w3.org/2001/XMLSchema}token" minOccurs="0"/>
+ * &lt;element name="AlternativeName" type="{http://www.w3.org/2001/XMLSchema}token" maxOccurs="unbounded" minOccurs="0"/>
+ * &lt;element name="LegalForm" type="{http://www.w3.org/2001/XMLSchema}anyURI" minOccurs="0"/>
+ * &lt;element name="Organisation" type="{http://www.w3.org/2001/XMLSchema}token" minOccurs="0"/>
+ * &lt;any processContents='lax' namespace='##other' maxOccurs="unbounded" minOccurs="0"/>
+ * &lt;/sequence>
+ * &lt;anyAttribute namespace='##other'/>
+ * &lt;/extension>
+ * &lt;/complexContent>
+ * &lt;/complexType>
+ * </pre>
+ *
+ *
+ */
+@XmlAccessorType(XmlAccessType.FIELD)
+@XmlType(name = "CorporateBodyType", propOrder = {
+ "type",
+ "fullName",
+ "alternativeName",
+ "legalForm",
+ "organisation",
+ "any"
+})
+public class CorporateBodyType
+ extends AbstractPersonType
+{
+
+ @XmlElement(name = "Type")
+ @XmlSchemaType(name = "anyURI")
+ protected List<String> type;
+ @XmlElement(name = "FullName")
+ @XmlJavaTypeAdapter(CollapsedStringAdapter.class)
+ @XmlSchemaType(name = "token")
+ protected String fullName;
+ @XmlElement(name = "AlternativeName")
+ @XmlJavaTypeAdapter(CollapsedStringAdapter.class)
+ @XmlSchemaType(name = "token")
+ protected List<String> alternativeName;
+ @XmlElement(name = "LegalForm")
+ @XmlSchemaType(name = "anyURI")
+ protected String legalForm;
+ @XmlElement(name = "Organisation")
+ @XmlJavaTypeAdapter(CollapsedStringAdapter.class)
+ @XmlSchemaType(name = "token")
+ protected String organisation;
+ @XmlAnyElement(lax = true)
+ protected List<Object> any;
+
+ /**
+ * Gets the value of the type property.
+ *
+ * <p>
+ * This accessor method returns a reference to the live list,
+ * not a snapshot. Therefore any modification you make to the
+ * returned list will be present inside the JAXB object.
+ * This is why there is not a <CODE>set</CODE> method for the type property.
+ *
+ * <p>
+ * For example, to add a new item, do as follows:
+ * <pre>
+ * getType().add(newItem);
+ * </pre>
+ *
+ *
+ * <p>
+ * Objects of the following type(s) are allowed in the list
+ * {@link String }
+ *
+ *
+ */
+ public List<String> getType() {
+ if (type == null) {
+ type = new ArrayList<String>();
+ }
+ return this.type;
+ }
+
+ /**
+ * Gets the value of the fullName property.
+ *
+ * @return
+ * possible object is
+ * {@link String }
+ *
+ */
+ public String getFullName() {
+ return fullName;
+ }
+
+ /**
+ * Sets the value of the fullName property.
+ *
+ * @param value
+ * allowed object is
+ * {@link String }
+ *
+ */
+ public void setFullName(String value) {
+ this.fullName = value;
+ }
+
+ /**
+ * Gets the value of the alternativeName property.
+ *
+ * <p>
+ * This accessor method returns a reference to the live list,
+ * not a snapshot. Therefore any modification you make to the
+ * returned list will be present inside the JAXB object.
+ * This is why there is not a <CODE>set</CODE> method for the alternativeName property.
+ *
+ * <p>
+ * For example, to add a new item, do as follows:
+ * <pre>
+ * getAlternativeName().add(newItem);
+ * </pre>
+ *
+ *
+ * <p>
+ * Objects of the following type(s) are allowed in the list
+ * {@link String }
+ *
+ *
+ */
+ public List<String> getAlternativeName() {
+ if (alternativeName == null) {
+ alternativeName = new ArrayList<String>();
+ }
+ return this.alternativeName;
+ }
+
+ /**
+ * Gets the value of the legalForm property.
+ *
+ * @return
+ * possible object is
+ * {@link String }
+ *
+ */
+ public String getLegalForm() {
+ return legalForm;
+ }
+
+ /**
+ * Sets the value of the legalForm property.
+ *
+ * @param value
+ * allowed object is
+ * {@link String }
+ *
+ */
+ public void setLegalForm(String value) {
+ this.legalForm = value;
+ }
+
+ /**
+ * Gets the value of the organisation property.
+ *
+ * @return
+ * possible object is
+ * {@link String }
+ *
+ */
+ public String getOrganisation() {
+ return organisation;
+ }
+
+ /**
+ * Sets the value of the organisation property.
+ *
+ * @param value
+ * allowed object is
+ * {@link String }
+ *
+ */
+ public void setOrganisation(String value) {
+ this.organisation = value;
+ }
+
+ /**
+ * Gets the value of the any property.
+ *
+ * <p>
+ * This accessor method returns a reference to the live list,
+ * not a snapshot. Therefore any modification you make to the
+ * returned list will be present inside the JAXB object.
+ * This is why there is not a <CODE>set</CODE> method for the any property.
+ *
+ * <p>
+ * For example, to add a new item, do as follows:
+ * <pre>
+ * getAny().add(newItem);
+ * </pre>
+ *
+ *
+ * <p>
+ * Objects of the following type(s) are allowed in the list
+ * {@link Element }
+ * {@link Object }
+ *
+ *
+ */
+ public List<Object> getAny() {
+ if (any == null) {
+ any = new ArrayList<Object>();
+ }
+ return this.any;
+ }
+
+}
diff --git a/id/server/idserverlib/src/main/java/at/gv/e_government/reference/namespace/persondata/_20020228_/DefinedAlternativeNameTypeType.java b/id/server/idserverlib/src/main/java/at/gv/e_government/reference/namespace/persondata/_20020228_/DefinedAlternativeNameTypeType.java
new file mode 100644
index 000000000..26d021556
--- /dev/null
+++ b/id/server/idserverlib/src/main/java/at/gv/e_government/reference/namespace/persondata/_20020228_/DefinedAlternativeNameTypeType.java
@@ -0,0 +1,67 @@
+//
+// This file was generated by the JavaTM Architecture for XML Binding(JAXB) Reference Implementation, vJAXB 2.1.10 in JDK 6
+// See <a href="http://java.sun.com/xml/jaxb">http://java.sun.com/xml/jaxb</a>
+// Any modifications to this file will be lost upon recompilation of the source schema.
+// Generated on: 2013.06.19 at 11:53:10 AM CEST
+//
+
+
+package at.gv.e_government.reference.namespace.persondata._20020228_;
+
+import javax.xml.bind.annotation.XmlEnum;
+import javax.xml.bind.annotation.XmlEnumValue;
+import javax.xml.bind.annotation.XmlType;
+
+
+/**
+ * <p>Java class for DefinedAlternativeNameTypeType.
+ *
+ * <p>The following schema fragment specifies the expected content contained within this class.
+ * <p>
+ * <pre>
+ * &lt;simpleType name="DefinedAlternativeNameTypeType">
+ * &lt;restriction base="{http://www.w3.org/2001/XMLSchema}string">
+ * &lt;enumeration value="ArtistName"/>
+ * &lt;enumeration value="NickName"/>
+ * &lt;enumeration value="FormerName"/>
+ * &lt;enumeration value="Alias"/>
+ * &lt;enumeration value="MaidenName"/>
+ * &lt;/restriction>
+ * &lt;/simpleType>
+ * </pre>
+ *
+ */
+@XmlType(name = "DefinedAlternativeNameTypeType")
+@XmlEnum
+public enum DefinedAlternativeNameTypeType {
+
+ @XmlEnumValue("ArtistName")
+ ARTIST_NAME("ArtistName"),
+ @XmlEnumValue("NickName")
+ NICK_NAME("NickName"),
+ @XmlEnumValue("FormerName")
+ FORMER_NAME("FormerName"),
+ @XmlEnumValue("Alias")
+ ALIAS("Alias"),
+ @XmlEnumValue("MaidenName")
+ MAIDEN_NAME("MaidenName");
+ private final String value;
+
+ DefinedAlternativeNameTypeType(String v) {
+ value = v;
+ }
+
+ public String value() {
+ return value;
+ }
+
+ public static DefinedAlternativeNameTypeType fromValue(String v) {
+ for (DefinedAlternativeNameTypeType c: DefinedAlternativeNameTypeType.values()) {
+ if (c.value.equals(v)) {
+ return c;
+ }
+ }
+ throw new IllegalArgumentException(v);
+ }
+
+}
diff --git a/id/server/idserverlib/src/main/java/at/gv/e_government/reference/namespace/persondata/_20020228_/DefinedRelationType.java b/id/server/idserverlib/src/main/java/at/gv/e_government/reference/namespace/persondata/_20020228_/DefinedRelationType.java
new file mode 100644
index 000000000..703db6a6f
--- /dev/null
+++ b/id/server/idserverlib/src/main/java/at/gv/e_government/reference/namespace/persondata/_20020228_/DefinedRelationType.java
@@ -0,0 +1,79 @@
+//
+// This file was generated by the JavaTM Architecture for XML Binding(JAXB) Reference Implementation, vJAXB 2.1.10 in JDK 6
+// See <a href="http://java.sun.com/xml/jaxb">http://java.sun.com/xml/jaxb</a>
+// Any modifications to this file will be lost upon recompilation of the source schema.
+// Generated on: 2013.06.19 at 11:53:10 AM CEST
+//
+
+
+package at.gv.e_government.reference.namespace.persondata._20020228_;
+
+import javax.xml.bind.annotation.XmlEnum;
+import javax.xml.bind.annotation.XmlEnumValue;
+import javax.xml.bind.annotation.XmlType;
+
+
+/**
+ * <p>Java class for DefinedRelationType.
+ *
+ * <p>The following schema fragment specifies the expected content contained within this class.
+ * <p>
+ * <pre>
+ * &lt;simpleType name="DefinedRelationType">
+ * &lt;restriction base="{http://www.w3.org/2001/XMLSchema}string">
+ * &lt;enumeration value="family:Parent"/>
+ * &lt;enumeration value="family:Child"/>
+ * &lt;enumeration value="family:Sibling"/>
+ * &lt;enumeration value="family:Grandparent"/>
+ * &lt;enumeration value="family:Grandchild"/>
+ * &lt;enumeration value="family:Spouse"/>
+ * &lt;enumeration value="function:LegalGuardian"/>
+ * &lt;enumeration value="function:IsGuardedBy"/>
+ * &lt;enumeration value="function:Cohabitant"/>
+ * &lt;/restriction>
+ * &lt;/simpleType>
+ * </pre>
+ *
+ */
+@XmlType(name = "DefinedRelationType")
+@XmlEnum
+public enum DefinedRelationType {
+
+ @XmlEnumValue("family:Parent")
+ FAMILY_PARENT("family:Parent"),
+ @XmlEnumValue("family:Child")
+ FAMILY_CHILD("family:Child"),
+ @XmlEnumValue("family:Sibling")
+ FAMILY_SIBLING("family:Sibling"),
+ @XmlEnumValue("family:Grandparent")
+ FAMILY_GRANDPARENT("family:Grandparent"),
+ @XmlEnumValue("family:Grandchild")
+ FAMILY_GRANDCHILD("family:Grandchild"),
+ @XmlEnumValue("family:Spouse")
+ FAMILY_SPOUSE("family:Spouse"),
+ @XmlEnumValue("function:LegalGuardian")
+ FUNCTION_LEGAL_GUARDIAN("function:LegalGuardian"),
+ @XmlEnumValue("function:IsGuardedBy")
+ FUNCTION_IS_GUARDED_BY("function:IsGuardedBy"),
+ @XmlEnumValue("function:Cohabitant")
+ FUNCTION_COHABITANT("function:Cohabitant");
+ private final String value;
+
+ DefinedRelationType(String v) {
+ value = v;
+ }
+
+ public String value() {
+ return value;
+ }
+
+ public static DefinedRelationType fromValue(String v) {
+ for (DefinedRelationType c: DefinedRelationType.values()) {
+ if (c.value.equals(v)) {
+ return c;
+ }
+ }
+ throw new IllegalArgumentException(v);
+ }
+
+}
diff --git a/id/server/idserverlib/src/main/java/at/gv/e_government/reference/namespace/persondata/_20020228_/IdentificationType.java b/id/server/idserverlib/src/main/java/at/gv/e_government/reference/namespace/persondata/_20020228_/IdentificationType.java
new file mode 100644
index 000000000..d9f6541b3
--- /dev/null
+++ b/id/server/idserverlib/src/main/java/at/gv/e_government/reference/namespace/persondata/_20020228_/IdentificationType.java
@@ -0,0 +1,318 @@
+//
+// This file was generated by the JavaTM Architecture for XML Binding(JAXB) Reference Implementation, vJAXB 2.1.10 in JDK 6
+// See <a href="http://java.sun.com/xml/jaxb">http://java.sun.com/xml/jaxb</a>
+// Any modifications to this file will be lost upon recompilation of the source schema.
+// Generated on: 2013.06.19 at 11:53:10 AM CEST
+//
+
+
+package at.gv.e_government.reference.namespace.persondata._20020228_;
+
+import java.util.ArrayList;
+import java.util.HashMap;
+import java.util.List;
+import java.util.Map;
+import javax.xml.bind.annotation.XmlAccessType;
+import javax.xml.bind.annotation.XmlAccessorType;
+import javax.xml.bind.annotation.XmlAnyAttribute;
+import javax.xml.bind.annotation.XmlAnyElement;
+import javax.xml.bind.annotation.XmlAttribute;
+import javax.xml.bind.annotation.XmlElement;
+import javax.xml.bind.annotation.XmlID;
+import javax.xml.bind.annotation.XmlSchemaType;
+import javax.xml.bind.annotation.XmlType;
+import javax.xml.bind.annotation.XmlValue;
+import javax.xml.bind.annotation.adapters.CollapsedStringAdapter;
+import javax.xml.bind.annotation.adapters.XmlJavaTypeAdapter;
+import javax.xml.namespace.QName;
+import org.w3c.dom.Element;
+
+
+/**
+ * unique identifier
+ *
+ * <p>Java class for IdentificationType complex type.
+ *
+ * <p>The following schema fragment specifies the expected content contained within this class.
+ *
+ * <pre>
+ * &lt;complexType name="IdentificationType">
+ * &lt;complexContent>
+ * &lt;restriction base="{http://www.w3.org/2001/XMLSchema}anyType">
+ * &lt;sequence>
+ * &lt;element name="Value">
+ * &lt;complexType>
+ * &lt;simpleContent>
+ * &lt;extension base="&lt;http://www.w3.org/2001/XMLSchema>string">
+ * &lt;attribute name="Id" type="{http://www.w3.org/2001/XMLSchema}ID" />
+ * &lt;/extension>
+ * &lt;/simpleContent>
+ * &lt;/complexType>
+ * &lt;/element>
+ * &lt;element name="Type" type="{http://www.w3.org/2001/XMLSchema}anyURI"/>
+ * &lt;element name="Authority" type="{http://www.w3.org/2001/XMLSchema}anyURI" minOccurs="0"/>
+ * &lt;any processContents='lax' namespace='##other' maxOccurs="unbounded" minOccurs="0"/>
+ * &lt;/sequence>
+ * &lt;attribute name="Id" type="{http://www.w3.org/2001/XMLSchema}ID" />
+ * &lt;anyAttribute namespace='##other'/>
+ * &lt;/restriction>
+ * &lt;/complexContent>
+ * &lt;/complexType>
+ * </pre>
+ *
+ *
+ */
+@XmlAccessorType(XmlAccessType.FIELD)
+@XmlType(name = "IdentificationType", propOrder = {
+ "value",
+ "type",
+ "authority",
+ "any"
+})
+public class IdentificationType {
+
+ @XmlElement(name = "Value", required = true)
+ protected IdentificationType.Value value;
+ @XmlElement(name = "Type", required = true)
+ @XmlSchemaType(name = "anyURI")
+ protected String type;
+ @XmlElement(name = "Authority")
+ @XmlSchemaType(name = "anyURI")
+ protected String authority;
+ @XmlAnyElement(lax = true)
+ protected List<Object> any;
+ @XmlAttribute(name = "Id")
+ @XmlJavaTypeAdapter(CollapsedStringAdapter.class)
+ @XmlID
+ @XmlSchemaType(name = "ID")
+ protected String id;
+ @XmlAnyAttribute
+ private Map<QName, String> otherAttributes = new HashMap<QName, String>();
+
+ /**
+ * Gets the value of the value property.
+ *
+ * @return
+ * possible object is
+ * {@link IdentificationType.Value }
+ *
+ */
+ public IdentificationType.Value getValue() {
+ return value;
+ }
+
+ /**
+ * Sets the value of the value property.
+ *
+ * @param value
+ * allowed object is
+ * {@link IdentificationType.Value }
+ *
+ */
+ public void setValue(IdentificationType.Value value) {
+ this.value = value;
+ }
+
+ /**
+ * Gets the value of the type property.
+ *
+ * @return
+ * possible object is
+ * {@link String }
+ *
+ */
+ public String getType() {
+ return type;
+ }
+
+ /**
+ * Sets the value of the type property.
+ *
+ * @param value
+ * allowed object is
+ * {@link String }
+ *
+ */
+ public void setType(String value) {
+ this.type = value;
+ }
+
+ /**
+ * Gets the value of the authority property.
+ *
+ * @return
+ * possible object is
+ * {@link String }
+ *
+ */
+ public String getAuthority() {
+ return authority;
+ }
+
+ /**
+ * Sets the value of the authority property.
+ *
+ * @param value
+ * allowed object is
+ * {@link String }
+ *
+ */
+ public void setAuthority(String value) {
+ this.authority = value;
+ }
+
+ /**
+ * Gets the value of the any property.
+ *
+ * <p>
+ * This accessor method returns a reference to the live list,
+ * not a snapshot. Therefore any modification you make to the
+ * returned list will be present inside the JAXB object.
+ * This is why there is not a <CODE>set</CODE> method for the any property.
+ *
+ * <p>
+ * For example, to add a new item, do as follows:
+ * <pre>
+ * getAny().add(newItem);
+ * </pre>
+ *
+ *
+ * <p>
+ * Objects of the following type(s) are allowed in the list
+ * {@link Element }
+ * {@link Object }
+ *
+ *
+ */
+ public List<Object> getAny() {
+ if (any == null) {
+ any = new ArrayList<Object>();
+ }
+ return this.any;
+ }
+
+ /**
+ * Gets the value of the id property.
+ *
+ * @return
+ * possible object is
+ * {@link String }
+ *
+ */
+ public String getId() {
+ return id;
+ }
+
+ /**
+ * Sets the value of the id property.
+ *
+ * @param value
+ * allowed object is
+ * {@link String }
+ *
+ */
+ public void setId(String value) {
+ this.id = value;
+ }
+
+ /**
+ * Gets a map that contains attributes that aren't bound to any typed property on this class.
+ *
+ * <p>
+ * the map is keyed by the name of the attribute and
+ * the value is the string value of the attribute.
+ *
+ * the map returned by this method is live, and you can add new attribute
+ * by updating the map directly. Because of this design, there's no setter.
+ *
+ *
+ * @return
+ * always non-null
+ */
+ public Map<QName, String> getOtherAttributes() {
+ return otherAttributes;
+ }
+
+
+ /**
+ * <p>Java class for anonymous complex type.
+ *
+ * <p>The following schema fragment specifies the expected content contained within this class.
+ *
+ * <pre>
+ * &lt;complexType>
+ * &lt;simpleContent>
+ * &lt;extension base="&lt;http://www.w3.org/2001/XMLSchema>string">
+ * &lt;attribute name="Id" type="{http://www.w3.org/2001/XMLSchema}ID" />
+ * &lt;/extension>
+ * &lt;/simpleContent>
+ * &lt;/complexType>
+ * </pre>
+ *
+ *
+ */
+ @XmlAccessorType(XmlAccessType.FIELD)
+ @XmlType(name = "", propOrder = {
+ "value"
+ })
+ public static class Value {
+
+ @XmlValue
+ protected String value;
+ @XmlAttribute(name = "Id")
+ @XmlJavaTypeAdapter(CollapsedStringAdapter.class)
+ @XmlID
+ @XmlSchemaType(name = "ID")
+ protected String id;
+
+ /**
+ * Gets the value of the value property.
+ *
+ * @return
+ * possible object is
+ * {@link String }
+ *
+ */
+ public String getValue() {
+ return value;
+ }
+
+ /**
+ * Sets the value of the value property.
+ *
+ * @param value
+ * allowed object is
+ * {@link String }
+ *
+ */
+ public void setValue(String value) {
+ this.value = value;
+ }
+
+ /**
+ * Gets the value of the id property.
+ *
+ * @return
+ * possible object is
+ * {@link String }
+ *
+ */
+ public String getId() {
+ return id;
+ }
+
+ /**
+ * Sets the value of the id property.
+ *
+ * @param value
+ * allowed object is
+ * {@link String }
+ *
+ */
+ public void setId(String value) {
+ this.id = value;
+ }
+
+ }
+
+}
diff --git a/id/server/idserverlib/src/main/java/at/gv/e_government/reference/namespace/persondata/_20020228_/InternetAddressType.java b/id/server/idserverlib/src/main/java/at/gv/e_government/reference/namespace/persondata/_20020228_/InternetAddressType.java
new file mode 100644
index 000000000..be59e85a8
--- /dev/null
+++ b/id/server/idserverlib/src/main/java/at/gv/e_government/reference/namespace/persondata/_20020228_/InternetAddressType.java
@@ -0,0 +1,143 @@
+//
+// This file was generated by the JavaTM Architecture for XML Binding(JAXB) Reference Implementation, vJAXB 2.1.10 in JDK 6
+// See <a href="http://java.sun.com/xml/jaxb">http://java.sun.com/xml/jaxb</a>
+// Any modifications to this file will be lost upon recompilation of the source schema.
+// Generated on: 2013.06.19 at 11:53:10 AM CEST
+//
+
+
+package at.gv.e_government.reference.namespace.persondata._20020228_;
+
+import java.util.ArrayList;
+import java.util.List;
+import javax.xml.bind.annotation.XmlAccessType;
+import javax.xml.bind.annotation.XmlAccessorType;
+import javax.xml.bind.annotation.XmlAnyElement;
+import javax.xml.bind.annotation.XmlElement;
+import javax.xml.bind.annotation.XmlSchemaType;
+import javax.xml.bind.annotation.XmlType;
+import org.w3._2000._09.xmldsig_.KeyInfoType;
+import org.w3c.dom.Element;
+
+
+/**
+ * internet based communication
+ *
+ * <p>Java class for InternetAddressType complex type.
+ *
+ * <p>The following schema fragment specifies the expected content contained within this class.
+ *
+ * <pre>
+ * &lt;complexType name="InternetAddressType">
+ * &lt;complexContent>
+ * &lt;extension base="{http://reference.e-government.gv.at/namespace/persondata/20020228#}AbstractAddressType">
+ * &lt;sequence minOccurs="0">
+ * &lt;element ref="{http://www.w3.org/2000/09/xmldsig#}KeyInfo" minOccurs="0"/>
+ * &lt;element name="Address" type="{http://www.w3.org/2001/XMLSchema}anyURI"/>
+ * &lt;any processContents='lax' namespace='##other' maxOccurs="unbounded" minOccurs="0"/>
+ * &lt;/sequence>
+ * &lt;anyAttribute namespace='##other'/>
+ * &lt;/extension>
+ * &lt;/complexContent>
+ * &lt;/complexType>
+ * </pre>
+ *
+ *
+ */
+@XmlAccessorType(XmlAccessType.FIELD)
+@XmlType(name = "InternetAddressType", propOrder = {
+ "keyInfo",
+ "address",
+ "any"
+})
+public class InternetAddressType
+ extends AbstractAddressType
+{
+
+ @XmlElement(name = "KeyInfo", namespace = "http://www.w3.org/2000/09/xmldsig#")
+ protected KeyInfoType keyInfo;
+ @XmlElement(name = "Address")
+ @XmlSchemaType(name = "anyURI")
+ protected String address;
+ @XmlAnyElement(lax = true)
+ protected List<Object> any;
+
+ /**
+ * certificate for secure communication
+ *
+ * @return
+ * possible object is
+ * {@link KeyInfoType }
+ *
+ */
+ public KeyInfoType getKeyInfo() {
+ return keyInfo;
+ }
+
+ /**
+ * Sets the value of the keyInfo property.
+ *
+ * @param value
+ * allowed object is
+ * {@link KeyInfoType }
+ *
+ */
+ public void setKeyInfo(KeyInfoType value) {
+ this.keyInfo = value;
+ }
+
+ /**
+ * Gets the value of the address property.
+ *
+ * @return
+ * possible object is
+ * {@link String }
+ *
+ */
+ public String getAddress() {
+ return address;
+ }
+
+ /**
+ * Sets the value of the address property.
+ *
+ * @param value
+ * allowed object is
+ * {@link String }
+ *
+ */
+ public void setAddress(String value) {
+ this.address = value;
+ }
+
+ /**
+ * Gets the value of the any property.
+ *
+ * <p>
+ * This accessor method returns a reference to the live list,
+ * not a snapshot. Therefore any modification you make to the
+ * returned list will be present inside the JAXB object.
+ * This is why there is not a <CODE>set</CODE> method for the any property.
+ *
+ * <p>
+ * For example, to add a new item, do as follows:
+ * <pre>
+ * getAny().add(newItem);
+ * </pre>
+ *
+ *
+ * <p>
+ * Objects of the following type(s) are allowed in the list
+ * {@link Element }
+ * {@link Object }
+ *
+ *
+ */
+ public List<Object> getAny() {
+ if (any == null) {
+ any = new ArrayList<Object>();
+ }
+ return this.any;
+ }
+
+}
diff --git a/id/server/idserverlib/src/main/java/at/gv/e_government/reference/namespace/persondata/_20020228_/MaritalStatusType.java b/id/server/idserverlib/src/main/java/at/gv/e_government/reference/namespace/persondata/_20020228_/MaritalStatusType.java
new file mode 100644
index 000000000..fa2130290
--- /dev/null
+++ b/id/server/idserverlib/src/main/java/at/gv/e_government/reference/namespace/persondata/_20020228_/MaritalStatusType.java
@@ -0,0 +1,64 @@
+//
+// This file was generated by the JavaTM Architecture for XML Binding(JAXB) Reference Implementation, vJAXB 2.1.10 in JDK 6
+// See <a href="http://java.sun.com/xml/jaxb">http://java.sun.com/xml/jaxb</a>
+// Any modifications to this file will be lost upon recompilation of the source schema.
+// Generated on: 2013.06.19 at 11:53:10 AM CEST
+//
+
+
+package at.gv.e_government.reference.namespace.persondata._20020228_;
+
+import javax.xml.bind.annotation.XmlEnum;
+import javax.xml.bind.annotation.XmlEnumValue;
+import javax.xml.bind.annotation.XmlType;
+
+
+/**
+ * <p>Java class for MaritalStatusType.
+ *
+ * <p>The following schema fragment specifies the expected content contained within this class.
+ * <p>
+ * <pre>
+ * &lt;simpleType name="MaritalStatusType">
+ * &lt;restriction base="{http://www.w3.org/2001/XMLSchema}token">
+ * &lt;enumeration value="single"/>
+ * &lt;enumeration value="married"/>
+ * &lt;enumeration value="divorced"/>
+ * &lt;enumeration value="widowed"/>
+ * &lt;/restriction>
+ * &lt;/simpleType>
+ * </pre>
+ *
+ */
+@XmlType(name = "MaritalStatusType")
+@XmlEnum
+public enum MaritalStatusType {
+
+ @XmlEnumValue("single")
+ SINGLE("single"),
+ @XmlEnumValue("married")
+ MARRIED("married"),
+ @XmlEnumValue("divorced")
+ DIVORCED("divorced"),
+ @XmlEnumValue("widowed")
+ WIDOWED("widowed");
+ private final String value;
+
+ MaritalStatusType(String v) {
+ value = v;
+ }
+
+ public String value() {
+ return value;
+ }
+
+ public static MaritalStatusType fromValue(String v) {
+ for (MaritalStatusType c: MaritalStatusType.values()) {
+ if (c.value.equals(v)) {
+ return c;
+ }
+ }
+ throw new IllegalArgumentException(v);
+ }
+
+}
diff --git a/id/server/idserverlib/src/main/java/at/gv/e_government/reference/namespace/persondata/_20020228_/MobileTelcomNumberType.java b/id/server/idserverlib/src/main/java/at/gv/e_government/reference/namespace/persondata/_20020228_/MobileTelcomNumberType.java
new file mode 100644
index 000000000..7a361f12d
--- /dev/null
+++ b/id/server/idserverlib/src/main/java/at/gv/e_government/reference/namespace/persondata/_20020228_/MobileTelcomNumberType.java
@@ -0,0 +1,67 @@
+//
+// This file was generated by the JavaTM Architecture for XML Binding(JAXB) Reference Implementation, vJAXB 2.1.10 in JDK 6
+// See <a href="http://java.sun.com/xml/jaxb">http://java.sun.com/xml/jaxb</a>
+// Any modifications to this file will be lost upon recompilation of the source schema.
+// Generated on: 2013.06.19 at 11:53:10 AM CEST
+//
+
+
+package at.gv.e_government.reference.namespace.persondata._20020228_;
+
+import javax.xml.bind.annotation.XmlAccessType;
+import javax.xml.bind.annotation.XmlAccessorType;
+import javax.xml.bind.annotation.XmlAttribute;
+import javax.xml.bind.annotation.XmlType;
+
+
+/**
+ * <p>Java class for MobileTelcomNumberType complex type.
+ *
+ * <p>The following schema fragment specifies the expected content contained within this class.
+ *
+ * <pre>
+ * &lt;complexType name="MobileTelcomNumberType">
+ * &lt;complexContent>
+ * &lt;extension base="{http://reference.e-government.gv.at/namespace/persondata/20020228#}TelcomNumberType">
+ * &lt;attribute name="smsEnabled" type="{http://www.w3.org/2001/XMLSchema}boolean" />
+ * &lt;/extension>
+ * &lt;/complexContent>
+ * &lt;/complexType>
+ * </pre>
+ *
+ *
+ */
+@XmlAccessorType(XmlAccessType.FIELD)
+@XmlType(name = "MobileTelcomNumberType")
+public class MobileTelcomNumberType
+ extends TelcomNumberType
+{
+
+ @XmlAttribute
+ protected Boolean smsEnabled;
+
+ /**
+ * Gets the value of the smsEnabled property.
+ *
+ * @return
+ * possible object is
+ * {@link Boolean }
+ *
+ */
+ public Boolean isSmsEnabled() {
+ return smsEnabled;
+ }
+
+ /**
+ * Sets the value of the smsEnabled property.
+ *
+ * @param value
+ * allowed object is
+ * {@link Boolean }
+ *
+ */
+ public void setSmsEnabled(Boolean value) {
+ this.smsEnabled = value;
+ }
+
+}
diff --git a/id/server/idserverlib/src/main/java/at/gv/e_government/reference/namespace/persondata/_20020228_/ObjectFactory.java b/id/server/idserverlib/src/main/java/at/gv/e_government/reference/namespace/persondata/_20020228_/ObjectFactory.java
new file mode 100644
index 000000000..07cb0c099
--- /dev/null
+++ b/id/server/idserverlib/src/main/java/at/gv/e_government/reference/namespace/persondata/_20020228_/ObjectFactory.java
@@ -0,0 +1,420 @@
+//
+// This file was generated by the JavaTM Architecture for XML Binding(JAXB) Reference Implementation, vJAXB 2.1.10 in JDK 6
+// See <a href="http://java.sun.com/xml/jaxb">http://java.sun.com/xml/jaxb</a>
+// Any modifications to this file will be lost upon recompilation of the source schema.
+// Generated on: 2013.06.19 at 11:53:10 AM CEST
+//
+
+
+package at.gv.e_government.reference.namespace.persondata._20020228_;
+
+import javax.xml.bind.JAXBElement;
+import javax.xml.bind.annotation.XmlElementDecl;
+import javax.xml.bind.annotation.XmlRegistry;
+import javax.xml.namespace.QName;
+
+
+/**
+ * This object contains factory methods for each
+ * Java content interface and Java element interface
+ * generated in the at.gv.e_government.reference.namespace.persondata._20020228_ package.
+ * <p>An ObjectFactory allows you to programatically
+ * construct new instances of the Java representation
+ * for XML content. The Java representation of XML
+ * content can consist of schema derived interfaces
+ * and classes representing the binding of schema
+ * type definitions, element declarations and model
+ * groups. Factory methods for each of these are
+ * provided in this class.
+ *
+ */
+@XmlRegistry
+public class ObjectFactory {
+
+ private final static QName _TypedPostalAddress_QNAME = new QName("http://reference.e-government.gv.at/namespace/persondata/20020228#", "TypedPostalAddress");
+ private final static QName _Extension_QNAME = new QName("http://reference.e-government.gv.at/namespace/persondata/20020228#", "Extension");
+ private final static QName _Mobile_QNAME = new QName("http://reference.e-government.gv.at/namespace/persondata/20020228#", "Mobile");
+ private final static QName _AreaCityCode_QNAME = new QName("http://reference.e-government.gv.at/namespace/persondata/20020228#", "AreaCityCode");
+ private final static QName _TTYTDD_QNAME = new QName("http://reference.e-government.gv.at/namespace/persondata/20020228#", "TTYTDD");
+ private final static QName _PersonName_QNAME = new QName("http://reference.e-government.gv.at/namespace/persondata/20020228#", "PersonName");
+ private final static QName _InternetAddress_QNAME = new QName("http://reference.e-government.gv.at/namespace/persondata/20020228#", "InternetAddress");
+ private final static QName _InternationalCountryCode_QNAME = new QName("http://reference.e-government.gv.at/namespace/persondata/20020228#", "InternationalCountryCode");
+ private final static QName _Pager_QNAME = new QName("http://reference.e-government.gv.at/namespace/persondata/20020228#", "Pager");
+ private final static QName _PersonData_QNAME = new QName("http://reference.e-government.gv.at/namespace/persondata/20020228#", "PersonData");
+ private final static QName _SubscriberNumber_QNAME = new QName("http://reference.e-government.gv.at/namespace/persondata/20020228#", "SubscriberNumber");
+ private final static QName _NationalNumber_QNAME = new QName("http://reference.e-government.gv.at/namespace/persondata/20020228#", "NationalNumber");
+ private final static QName _PhysicalPerson_QNAME = new QName("http://reference.e-government.gv.at/namespace/persondata/20020228#", "PhysicalPerson");
+ private final static QName _CorporateBody_QNAME = new QName("http://reference.e-government.gv.at/namespace/persondata/20020228#", "CorporateBody");
+ private final static QName _Telephone_QNAME = new QName("http://reference.e-government.gv.at/namespace/persondata/20020228#", "Telephone");
+ private final static QName _Address_QNAME = new QName("http://reference.e-government.gv.at/namespace/persondata/20020228#", "Address");
+ private final static QName _Person_QNAME = new QName("http://reference.e-government.gv.at/namespace/persondata/20020228#", "Person");
+ private final static QName _Fax_QNAME = new QName("http://reference.e-government.gv.at/namespace/persondata/20020228#", "Fax");
+ private final static QName _PostalAddress_QNAME = new QName("http://reference.e-government.gv.at/namespace/persondata/20020228#", "PostalAddress");
+ private final static QName _TelephoneAddress_QNAME = new QName("http://reference.e-government.gv.at/namespace/persondata/20020228#", "TelephoneAddress");
+ private final static QName _FormattedNumber_QNAME = new QName("http://reference.e-government.gv.at/namespace/persondata/20020228#", "FormattedNumber");
+
+ /**
+ * Create a new ObjectFactory that can be used to create new instances of schema derived classes for package: at.gv.e_government.reference.namespace.persondata._20020228_
+ *
+ */
+ public ObjectFactory() {
+ }
+
+ /**
+ * Create an instance of {@link TelephoneAddressType }
+ *
+ */
+ public TelephoneAddressType createTelephoneAddressType() {
+ return new TelephoneAddressType();
+ }
+
+ /**
+ * Create an instance of {@link PersonNameType.FamilyName }
+ *
+ */
+ public PersonNameType.FamilyName createPersonNameTypeFamilyName() {
+ return new PersonNameType.FamilyName();
+ }
+
+ /**
+ * Create an instance of {@link PersonNameType.FormattedName }
+ *
+ */
+ public PersonNameType.FormattedName createPersonNameTypeFormattedName() {
+ return new PersonNameType.FormattedName();
+ }
+
+ /**
+ * Create an instance of {@link PostalAddressType.DeliveryAddress }
+ *
+ */
+ public PostalAddressType.DeliveryAddress createPostalAddressTypeDeliveryAddress() {
+ return new PostalAddressType.DeliveryAddress();
+ }
+
+ /**
+ * Create an instance of {@link TypedPostalAddressType }
+ *
+ */
+ public TypedPostalAddressType createTypedPostalAddressType() {
+ return new TypedPostalAddressType();
+ }
+
+ /**
+ * Create an instance of {@link MobileTelcomNumberType }
+ *
+ */
+ public MobileTelcomNumberType createMobileTelcomNumberType() {
+ return new MobileTelcomNumberType();
+ }
+
+ /**
+ * Create an instance of {@link PersonDataType.AdditionalData }
+ *
+ */
+ public PersonDataType.AdditionalData createPersonDataTypeAdditionalData() {
+ return new PersonDataType.AdditionalData();
+ }
+
+ /**
+ * Create an instance of {@link PostalAddressType.Recipient }
+ *
+ */
+ public PostalAddressType.Recipient createPostalAddressTypeRecipient() {
+ return new PostalAddressType.Recipient();
+ }
+
+ /**
+ * Create an instance of {@link PersonDataType }
+ *
+ */
+ public PersonDataType createPersonDataType() {
+ return new PersonDataType();
+ }
+
+ /**
+ * Create an instance of {@link PhysicalPersonType }
+ *
+ */
+ public PhysicalPersonType createPhysicalPersonType() {
+ return new PhysicalPersonType();
+ }
+
+ /**
+ * Create an instance of {@link TelcomNumberType }
+ *
+ */
+ public TelcomNumberType createTelcomNumberType() {
+ return new TelcomNumberType();
+ }
+
+ /**
+ * Create an instance of {@link PhysicalPersonType.RelatedPerson }
+ *
+ */
+ public PhysicalPersonType.RelatedPerson createPhysicalPersonTypeRelatedPerson() {
+ return new PhysicalPersonType.RelatedPerson();
+ }
+
+ /**
+ * Create an instance of {@link PostalAddressType }
+ *
+ */
+ public PostalAddressType createPostalAddressType() {
+ return new PostalAddressType();
+ }
+
+ /**
+ * Create an instance of {@link TelcomNumberListType }
+ *
+ */
+ public TelcomNumberListType createTelcomNumberListType() {
+ return new TelcomNumberListType();
+ }
+
+ /**
+ * Create an instance of {@link PersonNameType }
+ *
+ */
+ public PersonNameType createPersonNameType() {
+ return new PersonNameType();
+ }
+
+ /**
+ * Create an instance of {@link PhysicalPersonType.AlternativeName }
+ *
+ */
+ public PhysicalPersonType.AlternativeName createPhysicalPersonTypeAlternativeName() {
+ return new PhysicalPersonType.AlternativeName();
+ }
+
+ /**
+ * Create an instance of {@link PersonNameType.Affix }
+ *
+ */
+ public PersonNameType.Affix createPersonNameTypeAffix() {
+ return new PersonNameType.Affix();
+ }
+
+ /**
+ * Create an instance of {@link IdentificationType.Value }
+ *
+ */
+ public IdentificationType.Value createIdentificationTypeValue() {
+ return new IdentificationType.Value();
+ }
+
+ /**
+ * Create an instance of {@link IdentificationType }
+ *
+ */
+ public IdentificationType createIdentificationType() {
+ return new IdentificationType();
+ }
+
+ /**
+ * Create an instance of {@link InternetAddressType }
+ *
+ */
+ public InternetAddressType createInternetAddressType() {
+ return new InternetAddressType();
+ }
+
+ /**
+ * Create an instance of {@link CorporateBodyType }
+ *
+ */
+ public CorporateBodyType createCorporateBodyType() {
+ return new CorporateBodyType();
+ }
+
+ /**
+ * Create an instance of {@link JAXBElement }{@code <}{@link TypedPostalAddressType }{@code >}}
+ *
+ */
+ @XmlElementDecl(namespace = "http://reference.e-government.gv.at/namespace/persondata/20020228#", name = "TypedPostalAddress")
+ public JAXBElement<TypedPostalAddressType> createTypedPostalAddress(TypedPostalAddressType value) {
+ return new JAXBElement<TypedPostalAddressType>(_TypedPostalAddress_QNAME, TypedPostalAddressType.class, null, value);
+ }
+
+ /**
+ * Create an instance of {@link JAXBElement }{@code <}{@link String }{@code >}}
+ *
+ */
+ @XmlElementDecl(namespace = "http://reference.e-government.gv.at/namespace/persondata/20020228#", name = "Extension")
+ public JAXBElement<String> createExtension(String value) {
+ return new JAXBElement<String>(_Extension_QNAME, String.class, null, value);
+ }
+
+ /**
+ * Create an instance of {@link JAXBElement }{@code <}{@link MobileTelcomNumberType }{@code >}}
+ *
+ */
+ @XmlElementDecl(namespace = "http://reference.e-government.gv.at/namespace/persondata/20020228#", name = "Mobile")
+ public JAXBElement<MobileTelcomNumberType> createMobile(MobileTelcomNumberType value) {
+ return new JAXBElement<MobileTelcomNumberType>(_Mobile_QNAME, MobileTelcomNumberType.class, null, value);
+ }
+
+ /**
+ * Create an instance of {@link JAXBElement }{@code <}{@link String }{@code >}}
+ *
+ */
+ @XmlElementDecl(namespace = "http://reference.e-government.gv.at/namespace/persondata/20020228#", name = "AreaCityCode")
+ public JAXBElement<String> createAreaCityCode(String value) {
+ return new JAXBElement<String>(_AreaCityCode_QNAME, String.class, null, value);
+ }
+
+ /**
+ * Create an instance of {@link JAXBElement }{@code <}{@link TelcomNumberType }{@code >}}
+ *
+ */
+ @XmlElementDecl(namespace = "http://reference.e-government.gv.at/namespace/persondata/20020228#", name = "TTYTDD")
+ public JAXBElement<TelcomNumberType> createTTYTDD(TelcomNumberType value) {
+ return new JAXBElement<TelcomNumberType>(_TTYTDD_QNAME, TelcomNumberType.class, null, value);
+ }
+
+ /**
+ * Create an instance of {@link JAXBElement }{@code <}{@link PersonNameType }{@code >}}
+ *
+ */
+ @XmlElementDecl(namespace = "http://reference.e-government.gv.at/namespace/persondata/20020228#", name = "PersonName")
+ public JAXBElement<PersonNameType> createPersonName(PersonNameType value) {
+ return new JAXBElement<PersonNameType>(_PersonName_QNAME, PersonNameType.class, null, value);
+ }
+
+ /**
+ * Create an instance of {@link JAXBElement }{@code <}{@link InternetAddressType }{@code >}}
+ *
+ */
+ @XmlElementDecl(namespace = "http://reference.e-government.gv.at/namespace/persondata/20020228#", name = "InternetAddress")
+ public JAXBElement<InternetAddressType> createInternetAddress(InternetAddressType value) {
+ return new JAXBElement<InternetAddressType>(_InternetAddress_QNAME, InternetAddressType.class, null, value);
+ }
+
+ /**
+ * Create an instance of {@link JAXBElement }{@code <}{@link String }{@code >}}
+ *
+ */
+ @XmlElementDecl(namespace = "http://reference.e-government.gv.at/namespace/persondata/20020228#", name = "InternationalCountryCode")
+ public JAXBElement<String> createInternationalCountryCode(String value) {
+ return new JAXBElement<String>(_InternationalCountryCode_QNAME, String.class, null, value);
+ }
+
+ /**
+ * Create an instance of {@link JAXBElement }{@code <}{@link TelcomNumberType }{@code >}}
+ *
+ */
+ @XmlElementDecl(namespace = "http://reference.e-government.gv.at/namespace/persondata/20020228#", name = "Pager")
+ public JAXBElement<TelcomNumberType> createPager(TelcomNumberType value) {
+ return new JAXBElement<TelcomNumberType>(_Pager_QNAME, TelcomNumberType.class, null, value);
+ }
+
+ /**
+ * Create an instance of {@link JAXBElement }{@code <}{@link PersonDataType }{@code >}}
+ *
+ */
+ @XmlElementDecl(namespace = "http://reference.e-government.gv.at/namespace/persondata/20020228#", name = "PersonData")
+ public JAXBElement<PersonDataType> createPersonData(PersonDataType value) {
+ return new JAXBElement<PersonDataType>(_PersonData_QNAME, PersonDataType.class, null, value);
+ }
+
+ /**
+ * Create an instance of {@link JAXBElement }{@code <}{@link String }{@code >}}
+ *
+ */
+ @XmlElementDecl(namespace = "http://reference.e-government.gv.at/namespace/persondata/20020228#", name = "SubscriberNumber")
+ public JAXBElement<String> createSubscriberNumber(String value) {
+ return new JAXBElement<String>(_SubscriberNumber_QNAME, String.class, null, value);
+ }
+
+ /**
+ * Create an instance of {@link JAXBElement }{@code <}{@link String }{@code >}}
+ *
+ */
+ @XmlElementDecl(namespace = "http://reference.e-government.gv.at/namespace/persondata/20020228#", name = "NationalNumber")
+ public JAXBElement<String> createNationalNumber(String value) {
+ return new JAXBElement<String>(_NationalNumber_QNAME, String.class, null, value);
+ }
+
+ /**
+ * Create an instance of {@link JAXBElement }{@code <}{@link PhysicalPersonType }{@code >}}
+ *
+ */
+ @XmlElementDecl(namespace = "http://reference.e-government.gv.at/namespace/persondata/20020228#", name = "PhysicalPerson")
+ public JAXBElement<PhysicalPersonType> createPhysicalPerson(PhysicalPersonType value) {
+ return new JAXBElement<PhysicalPersonType>(_PhysicalPerson_QNAME, PhysicalPersonType.class, null, value);
+ }
+
+ /**
+ * Create an instance of {@link JAXBElement }{@code <}{@link CorporateBodyType }{@code >}}
+ *
+ */
+ @XmlElementDecl(namespace = "http://reference.e-government.gv.at/namespace/persondata/20020228#", name = "CorporateBody")
+ public JAXBElement<CorporateBodyType> createCorporateBody(CorporateBodyType value) {
+ return new JAXBElement<CorporateBodyType>(_CorporateBody_QNAME, CorporateBodyType.class, null, value);
+ }
+
+ /**
+ * Create an instance of {@link JAXBElement }{@code <}{@link TelcomNumberType }{@code >}}
+ *
+ */
+ @XmlElementDecl(namespace = "http://reference.e-government.gv.at/namespace/persondata/20020228#", name = "Telephone")
+ public JAXBElement<TelcomNumberType> createTelephone(TelcomNumberType value) {
+ return new JAXBElement<TelcomNumberType>(_Telephone_QNAME, TelcomNumberType.class, null, value);
+ }
+
+ /**
+ * Create an instance of {@link JAXBElement }{@code <}{@link AbstractAddressType }{@code >}}
+ *
+ */
+ @XmlElementDecl(namespace = "http://reference.e-government.gv.at/namespace/persondata/20020228#", name = "Address")
+ public JAXBElement<AbstractAddressType> createAddress(AbstractAddressType value) {
+ return new JAXBElement<AbstractAddressType>(_Address_QNAME, AbstractAddressType.class, null, value);
+ }
+
+ /**
+ * Create an instance of {@link JAXBElement }{@code <}{@link AbstractPersonType }{@code >}}
+ *
+ */
+ @XmlElementDecl(namespace = "http://reference.e-government.gv.at/namespace/persondata/20020228#", name = "Person")
+ public JAXBElement<AbstractPersonType> createPerson(AbstractPersonType value) {
+ return new JAXBElement<AbstractPersonType>(_Person_QNAME, AbstractPersonType.class, null, value);
+ }
+
+ /**
+ * Create an instance of {@link JAXBElement }{@code <}{@link TelcomNumberType }{@code >}}
+ *
+ */
+ @XmlElementDecl(namespace = "http://reference.e-government.gv.at/namespace/persondata/20020228#", name = "Fax")
+ public JAXBElement<TelcomNumberType> createFax(TelcomNumberType value) {
+ return new JAXBElement<TelcomNumberType>(_Fax_QNAME, TelcomNumberType.class, null, value);
+ }
+
+ /**
+ * Create an instance of {@link JAXBElement }{@code <}{@link PostalAddressType }{@code >}}
+ *
+ */
+ @XmlElementDecl(namespace = "http://reference.e-government.gv.at/namespace/persondata/20020228#", name = "PostalAddress")
+ public JAXBElement<PostalAddressType> createPostalAddress(PostalAddressType value) {
+ return new JAXBElement<PostalAddressType>(_PostalAddress_QNAME, PostalAddressType.class, null, value);
+ }
+
+ /**
+ * Create an instance of {@link JAXBElement }{@code <}{@link TelephoneAddressType }{@code >}}
+ *
+ */
+ @XmlElementDecl(namespace = "http://reference.e-government.gv.at/namespace/persondata/20020228#", name = "TelephoneAddress")
+ public JAXBElement<TelephoneAddressType> createTelephoneAddress(TelephoneAddressType value) {
+ return new JAXBElement<TelephoneAddressType>(_TelephoneAddress_QNAME, TelephoneAddressType.class, null, value);
+ }
+
+ /**
+ * Create an instance of {@link JAXBElement }{@code <}{@link String }{@code >}}
+ *
+ */
+ @XmlElementDecl(namespace = "http://reference.e-government.gv.at/namespace/persondata/20020228#", name = "FormattedNumber")
+ public JAXBElement<String> createFormattedNumber(String value) {
+ return new JAXBElement<String>(_FormattedNumber_QNAME, String.class, null, value);
+ }
+
+}
diff --git a/id/server/idserverlib/src/main/java/at/gv/e_government/reference/namespace/persondata/_20020228_/PersonDataType.java b/id/server/idserverlib/src/main/java/at/gv/e_government/reference/namespace/persondata/_20020228_/PersonDataType.java
new file mode 100644
index 000000000..2d3cd9315
--- /dev/null
+++ b/id/server/idserverlib/src/main/java/at/gv/e_government/reference/namespace/persondata/_20020228_/PersonDataType.java
@@ -0,0 +1,247 @@
+//
+// This file was generated by the JavaTM Architecture for XML Binding(JAXB) Reference Implementation, vJAXB 2.1.10 in JDK 6
+// See <a href="http://java.sun.com/xml/jaxb">http://java.sun.com/xml/jaxb</a>
+// Any modifications to this file will be lost upon recompilation of the source schema.
+// Generated on: 2013.06.19 at 11:53:10 AM CEST
+//
+
+
+package at.gv.e_government.reference.namespace.persondata._20020228_;
+
+import java.util.ArrayList;
+import java.util.List;
+import javax.xml.bind.annotation.XmlAccessType;
+import javax.xml.bind.annotation.XmlAccessorType;
+import javax.xml.bind.annotation.XmlAnyElement;
+import javax.xml.bind.annotation.XmlElement;
+import javax.xml.bind.annotation.XmlMixed;
+import javax.xml.bind.annotation.XmlType;
+import org.w3._2000._09.xmldsig_.SignatureType;
+import org.w3c.dom.Element;
+
+
+/**
+ * signed person datastructure. The first Identification elements (from the base type) denote the record as such (e.g. database key for this record) - not to be mistaken for identifiers of the person or of an address (they have their own Identification elements).
+ *
+ * <p>Java class for PersonDataType complex type.
+ *
+ * <p>The following schema fragment specifies the expected content contained within this class.
+ *
+ * <pre>
+ * &lt;complexType name="PersonDataType">
+ * &lt;complexContent>
+ * &lt;extension base="{http://reference.e-government.gv.at/namespace/persondata/20020228#}AbstractPersonType">
+ * &lt;sequence>
+ * &lt;element ref="{http://reference.e-government.gv.at/namespace/persondata/20020228#}Person"/>
+ * &lt;element ref="{http://reference.e-government.gv.at/namespace/persondata/20020228#}Address" maxOccurs="unbounded" minOccurs="0"/>
+ * &lt;element ref="{http://www.w3.org/2000/09/xmldsig#}Signature" maxOccurs="unbounded" minOccurs="0"/>
+ * &lt;element name="AdditionalData" minOccurs="0">
+ * &lt;complexType>
+ * &lt;complexContent>
+ * &lt;restriction base="{http://www.w3.org/2001/XMLSchema}anyType">
+ * &lt;sequence maxOccurs="unbounded" minOccurs="0">
+ * &lt;any processContents='lax'/>
+ * &lt;/sequence>
+ * &lt;/restriction>
+ * &lt;/complexContent>
+ * &lt;/complexType>
+ * &lt;/element>
+ * &lt;/sequence>
+ * &lt;anyAttribute namespace='##other'/>
+ * &lt;/extension>
+ * &lt;/complexContent>
+ * &lt;/complexType>
+ * </pre>
+ *
+ *
+ */
+@XmlAccessorType(XmlAccessType.FIELD)
+@XmlType(name = "PersonDataType", propOrder = {
+ "person",
+ "address",
+ "signature",
+ "additionalData"
+})
+public class PersonDataType
+ extends AbstractPersonType
+{
+
+ @XmlElement(name = "Person", required = true)
+ protected AbstractPersonType person;
+ @XmlElement(name = "Address")
+ protected List<AbstractAddressType> address;
+ @XmlElement(name = "Signature", namespace = "http://www.w3.org/2000/09/xmldsig#")
+ protected List<SignatureType> signature;
+ @XmlElement(name = "AdditionalData")
+ protected PersonDataType.AdditionalData additionalData;
+
+ /**
+ * Gets the value of the person property.
+ *
+ * @return
+ * possible object is
+ * {@link AbstractPersonType }
+ *
+ */
+ public AbstractPersonType getPerson() {
+ return person;
+ }
+
+ /**
+ * Sets the value of the person property.
+ *
+ * @param value
+ * allowed object is
+ * {@link AbstractPersonType }
+ *
+ */
+ public void setPerson(AbstractPersonType value) {
+ this.person = value;
+ }
+
+ /**
+ * Gets the value of the address property.
+ *
+ * <p>
+ * This accessor method returns a reference to the live list,
+ * not a snapshot. Therefore any modification you make to the
+ * returned list will be present inside the JAXB object.
+ * This is why there is not a <CODE>set</CODE> method for the address property.
+ *
+ * <p>
+ * For example, to add a new item, do as follows:
+ * <pre>
+ * getAddress().add(newItem);
+ * </pre>
+ *
+ *
+ * <p>
+ * Objects of the following type(s) are allowed in the list
+ * {@link AbstractAddressType }
+ *
+ *
+ */
+ public List<AbstractAddressType> getAddress() {
+ if (address == null) {
+ address = new ArrayList<AbstractAddressType>();
+ }
+ return this.address;
+ }
+
+ /**
+ * one or more electronic signatures applied on fields above Gets the value of the signature property.
+ *
+ * <p>
+ * This accessor method returns a reference to the live list,
+ * not a snapshot. Therefore any modification you make to the
+ * returned list will be present inside the JAXB object.
+ * This is why there is not a <CODE>set</CODE> method for the signature property.
+ *
+ * <p>
+ * For example, to add a new item, do as follows:
+ * <pre>
+ * getSignature().add(newItem);
+ * </pre>
+ *
+ *
+ * <p>
+ * Objects of the following type(s) are allowed in the list
+ * {@link SignatureType }
+ *
+ *
+ */
+ public List<SignatureType> getSignature() {
+ if (signature == null) {
+ signature = new ArrayList<SignatureType>();
+ }
+ return this.signature;
+ }
+
+ /**
+ * Gets the value of the additionalData property.
+ *
+ * @return
+ * possible object is
+ * {@link PersonDataType.AdditionalData }
+ *
+ */
+ public PersonDataType.AdditionalData getAdditionalData() {
+ return additionalData;
+ }
+
+ /**
+ * Sets the value of the additionalData property.
+ *
+ * @param value
+ * allowed object is
+ * {@link PersonDataType.AdditionalData }
+ *
+ */
+ public void setAdditionalData(PersonDataType.AdditionalData value) {
+ this.additionalData = value;
+ }
+
+
+ /**
+ * <p>Java class for anonymous complex type.
+ *
+ * <p>The following schema fragment specifies the expected content contained within this class.
+ *
+ * <pre>
+ * &lt;complexType>
+ * &lt;complexContent>
+ * &lt;restriction base="{http://www.w3.org/2001/XMLSchema}anyType">
+ * &lt;sequence maxOccurs="unbounded" minOccurs="0">
+ * &lt;any processContents='lax'/>
+ * &lt;/sequence>
+ * &lt;/restriction>
+ * &lt;/complexContent>
+ * &lt;/complexType>
+ * </pre>
+ *
+ *
+ */
+ @XmlAccessorType(XmlAccessType.FIELD)
+ @XmlType(name = "", propOrder = {
+ "content"
+ })
+ public static class AdditionalData {
+
+ @XmlMixed
+ @XmlAnyElement(lax = true)
+ protected List<Object> content;
+
+ /**
+ * Gets the value of the content property.
+ *
+ * <p>
+ * This accessor method returns a reference to the live list,
+ * not a snapshot. Therefore any modification you make to the
+ * returned list will be present inside the JAXB object.
+ * This is why there is not a <CODE>set</CODE> method for the content property.
+ *
+ * <p>
+ * For example, to add a new item, do as follows:
+ * <pre>
+ * getContent().add(newItem);
+ * </pre>
+ *
+ *
+ * <p>
+ * Objects of the following type(s) are allowed in the list
+ * {@link String }
+ * {@link Element }
+ * {@link Object }
+ *
+ *
+ */
+ public List<Object> getContent() {
+ if (content == null) {
+ content = new ArrayList<Object>();
+ }
+ return this.content;
+ }
+
+ }
+
+}
diff --git a/id/server/idserverlib/src/main/java/at/gv/e_government/reference/namespace/persondata/_20020228_/PersonNameType.java b/id/server/idserverlib/src/main/java/at/gv/e_government/reference/namespace/persondata/_20020228_/PersonNameType.java
new file mode 100644
index 000000000..9e68a544c
--- /dev/null
+++ b/id/server/idserverlib/src/main/java/at/gv/e_government/reference/namespace/persondata/_20020228_/PersonNameType.java
@@ -0,0 +1,620 @@
+//
+// This file was generated by the JavaTM Architecture for XML Binding(JAXB) Reference Implementation, vJAXB 2.1.10 in JDK 6
+// See <a href="http://java.sun.com/xml/jaxb">http://java.sun.com/xml/jaxb</a>
+// Any modifications to this file will be lost upon recompilation of the source schema.
+// Generated on: 2013.06.19 at 11:53:10 AM CEST
+//
+
+
+package at.gv.e_government.reference.namespace.persondata._20020228_;
+
+import java.util.ArrayList;
+import java.util.List;
+import javax.xml.bind.annotation.XmlAccessType;
+import javax.xml.bind.annotation.XmlAccessorType;
+import javax.xml.bind.annotation.XmlAttribute;
+import javax.xml.bind.annotation.XmlElement;
+import javax.xml.bind.annotation.XmlSeeAlso;
+import javax.xml.bind.annotation.XmlType;
+import javax.xml.bind.annotation.XmlValue;
+
+
+/**
+ * <p>Java class for PersonNameType complex type.
+ *
+ * <p>The following schema fragment specifies the expected content contained within this class.
+ *
+ * <pre>
+ * &lt;complexType name="PersonNameType">
+ * &lt;complexContent>
+ * &lt;restriction base="{http://www.w3.org/2001/XMLSchema}anyType">
+ * &lt;sequence>
+ * &lt;element name="FormattedName" maxOccurs="unbounded" minOccurs="0">
+ * &lt;complexType>
+ * &lt;simpleContent>
+ * &lt;extension base="&lt;http://www.w3.org/2001/XMLSchema>string">
+ * &lt;attribute name="type" default="presentation">
+ * &lt;simpleType>
+ * &lt;restriction base="{http://www.w3.org/2001/XMLSchema}string">
+ * &lt;enumeration value="presentation"/>
+ * &lt;enumeration value="legal"/>
+ * &lt;enumeration value="sortOrder"/>
+ * &lt;/restriction>
+ * &lt;/simpleType>
+ * &lt;/attribute>
+ * &lt;/extension>
+ * &lt;/simpleContent>
+ * &lt;/complexType>
+ * &lt;/element>
+ * &lt;element name="LegalName" type="{http://www.w3.org/2001/XMLSchema}string" minOccurs="0"/>
+ * &lt;element name="GivenName" type="{http://www.w3.org/2001/XMLSchema}string" maxOccurs="unbounded" minOccurs="0"/>
+ * &lt;element name="PreferredGivenName" type="{http://www.w3.org/2001/XMLSchema}string" minOccurs="0"/>
+ * &lt;element name="MiddleName" type="{http://www.w3.org/2001/XMLSchema}string" minOccurs="0"/>
+ * &lt;element name="FamilyName" maxOccurs="unbounded" minOccurs="0">
+ * &lt;complexType>
+ * &lt;simpleContent>
+ * &lt;extension base="&lt;http://www.w3.org/2001/XMLSchema>string">
+ * &lt;attribute name="primary" default="undefined">
+ * &lt;simpleType>
+ * &lt;restriction base="{http://www.w3.org/2001/XMLSchema}string">
+ * &lt;enumeration value="true"/>
+ * &lt;enumeration value="false"/>
+ * &lt;enumeration value="undefined"/>
+ * &lt;/restriction>
+ * &lt;/simpleType>
+ * &lt;/attribute>
+ * &lt;attribute name="prefix" type="{http://www.w3.org/2001/XMLSchema}string" />
+ * &lt;/extension>
+ * &lt;/simpleContent>
+ * &lt;/complexType>
+ * &lt;/element>
+ * &lt;element name="Affix" maxOccurs="unbounded" minOccurs="0">
+ * &lt;complexType>
+ * &lt;simpleContent>
+ * &lt;extension base="&lt;http://www.w3.org/2001/XMLSchema>string">
+ * &lt;attribute name="type" use="required">
+ * &lt;simpleType>
+ * &lt;restriction base="{http://www.w3.org/2001/XMLSchema}string">
+ * &lt;enumeration value="academicGrade"/>
+ * &lt;enumeration value="aristocraticPrefix"/>
+ * &lt;enumeration value="aristocraticTitle"/>
+ * &lt;enumeration value="familyNamePrefix"/>
+ * &lt;enumeration value="familyNameSuffix"/>
+ * &lt;enumeration value="formOfAddress"/>
+ * &lt;enumeration value="generation"/>
+ * &lt;enumeration value="qualification"/>
+ * &lt;/restriction>
+ * &lt;/simpleType>
+ * &lt;/attribute>
+ * &lt;/extension>
+ * &lt;/simpleContent>
+ * &lt;/complexType>
+ * &lt;/element>
+ * &lt;/sequence>
+ * &lt;/restriction>
+ * &lt;/complexContent>
+ * &lt;/complexType>
+ * </pre>
+ *
+ *
+ */
+@XmlAccessorType(XmlAccessType.FIELD)
+@XmlType(name = "PersonNameType", propOrder = {
+ "formattedName",
+ "legalName",
+ "givenName",
+ "preferredGivenName",
+ "middleName",
+ "familyName",
+ "affix"
+})
+@XmlSeeAlso({
+ at.gv.e_government.reference.namespace.persondata._20020228_.PhysicalPersonType.AlternativeName.class
+})
+public class PersonNameType {
+
+ @XmlElement(name = "FormattedName")
+ protected List<PersonNameType.FormattedName> formattedName;
+ @XmlElement(name = "LegalName")
+ protected String legalName;
+ @XmlElement(name = "GivenName")
+ protected List<String> givenName;
+ @XmlElement(name = "PreferredGivenName")
+ protected String preferredGivenName;
+ @XmlElement(name = "MiddleName")
+ protected String middleName;
+ @XmlElement(name = "FamilyName")
+ protected List<PersonNameType.FamilyName> familyName;
+ @XmlElement(name = "Affix")
+ protected List<PersonNameType.Affix> affix;
+
+ /**
+ * Gets the value of the formattedName property.
+ *
+ * <p>
+ * This accessor method returns a reference to the live list,
+ * not a snapshot. Therefore any modification you make to the
+ * returned list will be present inside the JAXB object.
+ * This is why there is not a <CODE>set</CODE> method for the formattedName property.
+ *
+ * <p>
+ * For example, to add a new item, do as follows:
+ * <pre>
+ * getFormattedName().add(newItem);
+ * </pre>
+ *
+ *
+ * <p>
+ * Objects of the following type(s) are allowed in the list
+ * {@link PersonNameType.FormattedName }
+ *
+ *
+ */
+ public List<PersonNameType.FormattedName> getFormattedName() {
+ if (formattedName == null) {
+ formattedName = new ArrayList<PersonNameType.FormattedName>();
+ }
+ return this.formattedName;
+ }
+
+ /**
+ * Gets the value of the legalName property.
+ *
+ * @return
+ * possible object is
+ * {@link String }
+ *
+ */
+ public String getLegalName() {
+ return legalName;
+ }
+
+ /**
+ * Sets the value of the legalName property.
+ *
+ * @param value
+ * allowed object is
+ * {@link String }
+ *
+ */
+ public void setLegalName(String value) {
+ this.legalName = value;
+ }
+
+ /**
+ * Gets the value of the givenName property.
+ *
+ * <p>
+ * This accessor method returns a reference to the live list,
+ * not a snapshot. Therefore any modification you make to the
+ * returned list will be present inside the JAXB object.
+ * This is why there is not a <CODE>set</CODE> method for the givenName property.
+ *
+ * <p>
+ * For example, to add a new item, do as follows:
+ * <pre>
+ * getGivenName().add(newItem);
+ * </pre>
+ *
+ *
+ * <p>
+ * Objects of the following type(s) are allowed in the list
+ * {@link String }
+ *
+ *
+ */
+ public List<String> getGivenName() {
+ if (givenName == null) {
+ givenName = new ArrayList<String>();
+ }
+ return this.givenName;
+ }
+
+ /**
+ * Gets the value of the preferredGivenName property.
+ *
+ * @return
+ * possible object is
+ * {@link String }
+ *
+ */
+ public String getPreferredGivenName() {
+ return preferredGivenName;
+ }
+
+ /**
+ * Sets the value of the preferredGivenName property.
+ *
+ * @param value
+ * allowed object is
+ * {@link String }
+ *
+ */
+ public void setPreferredGivenName(String value) {
+ this.preferredGivenName = value;
+ }
+
+ /**
+ * Gets the value of the middleName property.
+ *
+ * @return
+ * possible object is
+ * {@link String }
+ *
+ */
+ public String getMiddleName() {
+ return middleName;
+ }
+
+ /**
+ * Sets the value of the middleName property.
+ *
+ * @param value
+ * allowed object is
+ * {@link String }
+ *
+ */
+ public void setMiddleName(String value) {
+ this.middleName = value;
+ }
+
+ /**
+ * Gets the value of the familyName property.
+ *
+ * <p>
+ * This accessor method returns a reference to the live list,
+ * not a snapshot. Therefore any modification you make to the
+ * returned list will be present inside the JAXB object.
+ * This is why there is not a <CODE>set</CODE> method for the familyName property.
+ *
+ * <p>
+ * For example, to add a new item, do as follows:
+ * <pre>
+ * getFamilyName().add(newItem);
+ * </pre>
+ *
+ *
+ * <p>
+ * Objects of the following type(s) are allowed in the list
+ * {@link PersonNameType.FamilyName }
+ *
+ *
+ */
+ public List<PersonNameType.FamilyName> getFamilyName() {
+ if (familyName == null) {
+ familyName = new ArrayList<PersonNameType.FamilyName>();
+ }
+ return this.familyName;
+ }
+
+ /**
+ * Gets the value of the affix property.
+ *
+ * <p>
+ * This accessor method returns a reference to the live list,
+ * not a snapshot. Therefore any modification you make to the
+ * returned list will be present inside the JAXB object.
+ * This is why there is not a <CODE>set</CODE> method for the affix property.
+ *
+ * <p>
+ * For example, to add a new item, do as follows:
+ * <pre>
+ * getAffix().add(newItem);
+ * </pre>
+ *
+ *
+ * <p>
+ * Objects of the following type(s) are allowed in the list
+ * {@link PersonNameType.Affix }
+ *
+ *
+ */
+ public List<PersonNameType.Affix> getAffix() {
+ if (affix == null) {
+ affix = new ArrayList<PersonNameType.Affix>();
+ }
+ return this.affix;
+ }
+
+
+ /**
+ * <p>Java class for anonymous complex type.
+ *
+ * <p>The following schema fragment specifies the expected content contained within this class.
+ *
+ * <pre>
+ * &lt;complexType>
+ * &lt;simpleContent>
+ * &lt;extension base="&lt;http://www.w3.org/2001/XMLSchema>string">
+ * &lt;attribute name="type" use="required">
+ * &lt;simpleType>
+ * &lt;restriction base="{http://www.w3.org/2001/XMLSchema}string">
+ * &lt;enumeration value="academicGrade"/>
+ * &lt;enumeration value="aristocraticPrefix"/>
+ * &lt;enumeration value="aristocraticTitle"/>
+ * &lt;enumeration value="familyNamePrefix"/>
+ * &lt;enumeration value="familyNameSuffix"/>
+ * &lt;enumeration value="formOfAddress"/>
+ * &lt;enumeration value="generation"/>
+ * &lt;enumeration value="qualification"/>
+ * &lt;/restriction>
+ * &lt;/simpleType>
+ * &lt;/attribute>
+ * &lt;/extension>
+ * &lt;/simpleContent>
+ * &lt;/complexType>
+ * </pre>
+ *
+ *
+ */
+ @XmlAccessorType(XmlAccessType.FIELD)
+ @XmlType(name = "", propOrder = {
+ "value"
+ })
+ public static class Affix {
+
+ @XmlValue
+ protected String value;
+ @XmlAttribute(required = true)
+ protected String type;
+
+ /**
+ * Gets the value of the value property.
+ *
+ * @return
+ * possible object is
+ * {@link String }
+ *
+ */
+ public String getValue() {
+ return value;
+ }
+
+ /**
+ * Sets the value of the value property.
+ *
+ * @param value
+ * allowed object is
+ * {@link String }
+ *
+ */
+ public void setValue(String value) {
+ this.value = value;
+ }
+
+ /**
+ * Gets the value of the type property.
+ *
+ * @return
+ * possible object is
+ * {@link String }
+ *
+ */
+ public String getType() {
+ return type;
+ }
+
+ /**
+ * Sets the value of the type property.
+ *
+ * @param value
+ * allowed object is
+ * {@link String }
+ *
+ */
+ public void setType(String value) {
+ this.type = value;
+ }
+
+ }
+
+
+ /**
+ * <p>Java class for anonymous complex type.
+ *
+ * <p>The following schema fragment specifies the expected content contained within this class.
+ *
+ * <pre>
+ * &lt;complexType>
+ * &lt;simpleContent>
+ * &lt;extension base="&lt;http://www.w3.org/2001/XMLSchema>string">
+ * &lt;attribute name="primary" default="undefined">
+ * &lt;simpleType>
+ * &lt;restriction base="{http://www.w3.org/2001/XMLSchema}string">
+ * &lt;enumeration value="true"/>
+ * &lt;enumeration value="false"/>
+ * &lt;enumeration value="undefined"/>
+ * &lt;/restriction>
+ * &lt;/simpleType>
+ * &lt;/attribute>
+ * &lt;attribute name="prefix" type="{http://www.w3.org/2001/XMLSchema}string" />
+ * &lt;/extension>
+ * &lt;/simpleContent>
+ * &lt;/complexType>
+ * </pre>
+ *
+ *
+ */
+ @XmlAccessorType(XmlAccessType.FIELD)
+ @XmlType(name = "", propOrder = {
+ "value"
+ })
+ public static class FamilyName {
+
+ @XmlValue
+ protected String value;
+ @XmlAttribute
+ protected String primary;
+ @XmlAttribute
+ protected String prefix;
+
+ /**
+ * Gets the value of the value property.
+ *
+ * @return
+ * possible object is
+ * {@link String }
+ *
+ */
+ public String getValue() {
+ return value;
+ }
+
+ /**
+ * Sets the value of the value property.
+ *
+ * @param value
+ * allowed object is
+ * {@link String }
+ *
+ */
+ public void setValue(String value) {
+ this.value = value;
+ }
+
+ /**
+ * Gets the value of the primary property.
+ *
+ * @return
+ * possible object is
+ * {@link String }
+ *
+ */
+ public String getPrimary() {
+ if (primary == null) {
+ return "undefined";
+ } else {
+ return primary;
+ }
+ }
+
+ /**
+ * Sets the value of the primary property.
+ *
+ * @param value
+ * allowed object is
+ * {@link String }
+ *
+ */
+ public void setPrimary(String value) {
+ this.primary = value;
+ }
+
+ /**
+ * Gets the value of the prefix property.
+ *
+ * @return
+ * possible object is
+ * {@link String }
+ *
+ */
+ public String getPrefix() {
+ return prefix;
+ }
+
+ /**
+ * Sets the value of the prefix property.
+ *
+ * @param value
+ * allowed object is
+ * {@link String }
+ *
+ */
+ public void setPrefix(String value) {
+ this.prefix = value;
+ }
+
+ }
+
+
+ /**
+ * <p>Java class for anonymous complex type.
+ *
+ * <p>The following schema fragment specifies the expected content contained within this class.
+ *
+ * <pre>
+ * &lt;complexType>
+ * &lt;simpleContent>
+ * &lt;extension base="&lt;http://www.w3.org/2001/XMLSchema>string">
+ * &lt;attribute name="type" default="presentation">
+ * &lt;simpleType>
+ * &lt;restriction base="{http://www.w3.org/2001/XMLSchema}string">
+ * &lt;enumeration value="presentation"/>
+ * &lt;enumeration value="legal"/>
+ * &lt;enumeration value="sortOrder"/>
+ * &lt;/restriction>
+ * &lt;/simpleType>
+ * &lt;/attribute>
+ * &lt;/extension>
+ * &lt;/simpleContent>
+ * &lt;/complexType>
+ * </pre>
+ *
+ *
+ */
+ @XmlAccessorType(XmlAccessType.FIELD)
+ @XmlType(name = "", propOrder = {
+ "value"
+ })
+ public static class FormattedName {
+
+ @XmlValue
+ protected String value;
+ @XmlAttribute
+ protected String type;
+
+ /**
+ * Gets the value of the value property.
+ *
+ * @return
+ * possible object is
+ * {@link String }
+ *
+ */
+ public String getValue() {
+ return value;
+ }
+
+ /**
+ * Sets the value of the value property.
+ *
+ * @param value
+ * allowed object is
+ * {@link String }
+ *
+ */
+ public void setValue(String value) {
+ this.value = value;
+ }
+
+ /**
+ * Gets the value of the type property.
+ *
+ * @return
+ * possible object is
+ * {@link String }
+ *
+ */
+ public String getType() {
+ if (type == null) {
+ return "presentation";
+ } else {
+ return type;
+ }
+ }
+
+ /**
+ * Sets the value of the type property.
+ *
+ * @param value
+ * allowed object is
+ * {@link String }
+ *
+ */
+ public void setType(String value) {
+ this.type = value;
+ }
+
+ }
+
+}
diff --git a/id/server/idserverlib/src/main/java/at/gv/e_government/reference/namespace/persondata/_20020228_/PhysicalPersonType.java b/id/server/idserverlib/src/main/java/at/gv/e_government/reference/namespace/persondata/_20020228_/PhysicalPersonType.java
new file mode 100644
index 000000000..c858f9e8f
--- /dev/null
+++ b/id/server/idserverlib/src/main/java/at/gv/e_government/reference/namespace/persondata/_20020228_/PhysicalPersonType.java
@@ -0,0 +1,550 @@
+//
+// This file was generated by the JavaTM Architecture for XML Binding(JAXB) Reference Implementation, vJAXB 2.1.10 in JDK 6
+// See <a href="http://java.sun.com/xml/jaxb">http://java.sun.com/xml/jaxb</a>
+// Any modifications to this file will be lost upon recompilation of the source schema.
+// Generated on: 2013.06.19 at 11:53:10 AM CEST
+//
+
+
+package at.gv.e_government.reference.namespace.persondata._20020228_;
+
+import java.util.ArrayList;
+import java.util.List;
+import javax.xml.bind.annotation.XmlAccessType;
+import javax.xml.bind.annotation.XmlAccessorType;
+import javax.xml.bind.annotation.XmlAnyElement;
+import javax.xml.bind.annotation.XmlAttribute;
+import javax.xml.bind.annotation.XmlElement;
+import javax.xml.bind.annotation.XmlSchemaType;
+import javax.xml.bind.annotation.XmlType;
+import javax.xml.bind.annotation.adapters.CollapsedStringAdapter;
+import javax.xml.bind.annotation.adapters.XmlJavaTypeAdapter;
+import org.w3c.dom.Element;
+
+
+/**
+ * physical person
+ *
+ * <p>Java class for PhysicalPersonType complex type.
+ *
+ * <p>The following schema fragment specifies the expected content contained within this class.
+ *
+ * <pre>
+ * &lt;complexType name="PhysicalPersonType">
+ * &lt;complexContent>
+ * &lt;extension base="{http://reference.e-government.gv.at/namespace/persondata/20020228#}AbstractPersonType">
+ * &lt;sequence minOccurs="0">
+ * &lt;element name="Name" type="{http://reference.e-government.gv.at/namespace/persondata/20020228#}PersonNameType" minOccurs="0"/>
+ * &lt;element name="AlternativeName" maxOccurs="unbounded" minOccurs="0">
+ * &lt;complexType>
+ * &lt;complexContent>
+ * &lt;extension base="{http://reference.e-government.gv.at/namespace/persondata/20020228#}PersonNameType">
+ * &lt;attribute name="Type" type="{http://reference.e-government.gv.at/namespace/persondata/20020228#}AlternativeNameTypeType" />
+ * &lt;/extension>
+ * &lt;/complexContent>
+ * &lt;/complexType>
+ * &lt;/element>
+ * &lt;element name="MaritalStatus" type="{http://reference.e-government.gv.at/namespace/persondata/20020228#}MaritalStatusType" minOccurs="0"/>
+ * &lt;element name="Sex" type="{http://reference.e-government.gv.at/namespace/persondata/20020228#}SexType" minOccurs="0"/>
+ * &lt;element name="DateOfBirth" type="{http://reference.e-government.gv.at/namespace/persondata/20020228#}DateOfBirthType" minOccurs="0"/>
+ * &lt;element name="PlaceOfBirth" type="{http://www.w3.org/2001/XMLSchema}token" minOccurs="0"/>
+ * &lt;element name="CountryOfBirth" type="{http://www.w3.org/2001/XMLSchema}token" minOccurs="0"/>
+ * &lt;element name="Nationality" type="{http://www.w3.org/2001/XMLSchema}token" maxOccurs="unbounded" minOccurs="0"/>
+ * &lt;element name="Confession" type="{http://www.w3.org/2001/XMLSchema}token" minOccurs="0"/>
+ * &lt;element name="relatedPerson" maxOccurs="unbounded" minOccurs="0">
+ * &lt;complexType>
+ * &lt;complexContent>
+ * &lt;restriction base="{http://www.w3.org/2001/XMLSchema}anyType">
+ * &lt;sequence>
+ * &lt;element name="TypeOfRelation" type="{http://reference.e-government.gv.at/namespace/persondata/20020228#}RelationType" maxOccurs="unbounded"/>
+ * &lt;element ref="{http://reference.e-government.gv.at/namespace/persondata/20020228#}Person"/>
+ * &lt;/sequence>
+ * &lt;/restriction>
+ * &lt;/complexContent>
+ * &lt;/complexType>
+ * &lt;/element>
+ * &lt;any processContents='lax' namespace='##other' maxOccurs="unbounded" minOccurs="0"/>
+ * &lt;/sequence>
+ * &lt;anyAttribute namespace='##other'/>
+ * &lt;/extension>
+ * &lt;/complexContent>
+ * &lt;/complexType>
+ * </pre>
+ *
+ *
+ */
+@XmlAccessorType(XmlAccessType.FIELD)
+@XmlType(name = "PhysicalPersonType", propOrder = {
+ "name",
+ "alternativeName",
+ "maritalStatus",
+ "sex",
+ "dateOfBirth",
+ "placeOfBirth",
+ "countryOfBirth",
+ "nationality",
+ "confession",
+ "relatedPerson",
+ "any"
+})
+public class PhysicalPersonType
+ extends AbstractPersonType
+{
+
+ @XmlElement(name = "Name")
+ protected PersonNameType name;
+ @XmlElement(name = "AlternativeName")
+ protected List<PhysicalPersonType.AlternativeName> alternativeName;
+ @XmlElement(name = "MaritalStatus")
+ protected MaritalStatusType maritalStatus;
+ @XmlElement(name = "Sex")
+ protected SexType sex;
+ @XmlElement(name = "DateOfBirth")
+ protected String dateOfBirth;
+ @XmlElement(name = "PlaceOfBirth")
+ @XmlJavaTypeAdapter(CollapsedStringAdapter.class)
+ @XmlSchemaType(name = "token")
+ protected String placeOfBirth;
+ @XmlElement(name = "CountryOfBirth")
+ @XmlJavaTypeAdapter(CollapsedStringAdapter.class)
+ @XmlSchemaType(name = "token")
+ protected String countryOfBirth;
+ @XmlElement(name = "Nationality")
+ @XmlJavaTypeAdapter(CollapsedStringAdapter.class)
+ @XmlSchemaType(name = "token")
+ protected List<String> nationality;
+ @XmlElement(name = "Confession")
+ @XmlJavaTypeAdapter(CollapsedStringAdapter.class)
+ @XmlSchemaType(name = "token")
+ protected String confession;
+ protected List<PhysicalPersonType.RelatedPerson> relatedPerson;
+ @XmlAnyElement(lax = true)
+ protected List<Object> any;
+
+ /**
+ * Gets the value of the name property.
+ *
+ * @return
+ * possible object is
+ * {@link PersonNameType }
+ *
+ */
+ public PersonNameType getName() {
+ return name;
+ }
+
+ /**
+ * Sets the value of the name property.
+ *
+ * @param value
+ * allowed object is
+ * {@link PersonNameType }
+ *
+ */
+ public void setName(PersonNameType value) {
+ this.name = value;
+ }
+
+ /**
+ * Gets the value of the alternativeName property.
+ *
+ * <p>
+ * This accessor method returns a reference to the live list,
+ * not a snapshot. Therefore any modification you make to the
+ * returned list will be present inside the JAXB object.
+ * This is why there is not a <CODE>set</CODE> method for the alternativeName property.
+ *
+ * <p>
+ * For example, to add a new item, do as follows:
+ * <pre>
+ * getAlternativeName().add(newItem);
+ * </pre>
+ *
+ *
+ * <p>
+ * Objects of the following type(s) are allowed in the list
+ * {@link PhysicalPersonType.AlternativeName }
+ *
+ *
+ */
+ public List<PhysicalPersonType.AlternativeName> getAlternativeName() {
+ if (alternativeName == null) {
+ alternativeName = new ArrayList<PhysicalPersonType.AlternativeName>();
+ }
+ return this.alternativeName;
+ }
+
+ /**
+ * Gets the value of the maritalStatus property.
+ *
+ * @return
+ * possible object is
+ * {@link MaritalStatusType }
+ *
+ */
+ public MaritalStatusType getMaritalStatus() {
+ return maritalStatus;
+ }
+
+ /**
+ * Sets the value of the maritalStatus property.
+ *
+ * @param value
+ * allowed object is
+ * {@link MaritalStatusType }
+ *
+ */
+ public void setMaritalStatus(MaritalStatusType value) {
+ this.maritalStatus = value;
+ }
+
+ /**
+ * Gets the value of the sex property.
+ *
+ * @return
+ * possible object is
+ * {@link SexType }
+ *
+ */
+ public SexType getSex() {
+ return sex;
+ }
+
+ /**
+ * Sets the value of the sex property.
+ *
+ * @param value
+ * allowed object is
+ * {@link SexType }
+ *
+ */
+ public void setSex(SexType value) {
+ this.sex = value;
+ }
+
+ /**
+ * Gets the value of the dateOfBirth property.
+ *
+ * @return
+ * possible object is
+ * {@link String }
+ *
+ */
+ public String getDateOfBirth() {
+ return dateOfBirth;
+ }
+
+ /**
+ * Sets the value of the dateOfBirth property.
+ *
+ * @param value
+ * allowed object is
+ * {@link String }
+ *
+ */
+ public void setDateOfBirth(String value) {
+ this.dateOfBirth = value;
+ }
+
+ /**
+ * Gets the value of the placeOfBirth property.
+ *
+ * @return
+ * possible object is
+ * {@link String }
+ *
+ */
+ public String getPlaceOfBirth() {
+ return placeOfBirth;
+ }
+
+ /**
+ * Sets the value of the placeOfBirth property.
+ *
+ * @param value
+ * allowed object is
+ * {@link String }
+ *
+ */
+ public void setPlaceOfBirth(String value) {
+ this.placeOfBirth = value;
+ }
+
+ /**
+ * Gets the value of the countryOfBirth property.
+ *
+ * @return
+ * possible object is
+ * {@link String }
+ *
+ */
+ public String getCountryOfBirth() {
+ return countryOfBirth;
+ }
+
+ /**
+ * Sets the value of the countryOfBirth property.
+ *
+ * @param value
+ * allowed object is
+ * {@link String }
+ *
+ */
+ public void setCountryOfBirth(String value) {
+ this.countryOfBirth = value;
+ }
+
+ /**
+ * Gets the value of the nationality property.
+ *
+ * <p>
+ * This accessor method returns a reference to the live list,
+ * not a snapshot. Therefore any modification you make to the
+ * returned list will be present inside the JAXB object.
+ * This is why there is not a <CODE>set</CODE> method for the nationality property.
+ *
+ * <p>
+ * For example, to add a new item, do as follows:
+ * <pre>
+ * getNationality().add(newItem);
+ * </pre>
+ *
+ *
+ * <p>
+ * Objects of the following type(s) are allowed in the list
+ * {@link String }
+ *
+ *
+ */
+ public List<String> getNationality() {
+ if (nationality == null) {
+ nationality = new ArrayList<String>();
+ }
+ return this.nationality;
+ }
+
+ /**
+ * Gets the value of the confession property.
+ *
+ * @return
+ * possible object is
+ * {@link String }
+ *
+ */
+ public String getConfession() {
+ return confession;
+ }
+
+ /**
+ * Sets the value of the confession property.
+ *
+ * @param value
+ * allowed object is
+ * {@link String }
+ *
+ */
+ public void setConfession(String value) {
+ this.confession = value;
+ }
+
+ /**
+ * Gets the value of the relatedPerson property.
+ *
+ * <p>
+ * This accessor method returns a reference to the live list,
+ * not a snapshot. Therefore any modification you make to the
+ * returned list will be present inside the JAXB object.
+ * This is why there is not a <CODE>set</CODE> method for the relatedPerson property.
+ *
+ * <p>
+ * For example, to add a new item, do as follows:
+ * <pre>
+ * getRelatedPerson().add(newItem);
+ * </pre>
+ *
+ *
+ * <p>
+ * Objects of the following type(s) are allowed in the list
+ * {@link PhysicalPersonType.RelatedPerson }
+ *
+ *
+ */
+ public List<PhysicalPersonType.RelatedPerson> getRelatedPerson() {
+ if (relatedPerson == null) {
+ relatedPerson = new ArrayList<PhysicalPersonType.RelatedPerson>();
+ }
+ return this.relatedPerson;
+ }
+
+ /**
+ * Gets the value of the any property.
+ *
+ * <p>
+ * This accessor method returns a reference to the live list,
+ * not a snapshot. Therefore any modification you make to the
+ * returned list will be present inside the JAXB object.
+ * This is why there is not a <CODE>set</CODE> method for the any property.
+ *
+ * <p>
+ * For example, to add a new item, do as follows:
+ * <pre>
+ * getAny().add(newItem);
+ * </pre>
+ *
+ *
+ * <p>
+ * Objects of the following type(s) are allowed in the list
+ * {@link Element }
+ * {@link Object }
+ *
+ *
+ */
+ public List<Object> getAny() {
+ if (any == null) {
+ any = new ArrayList<Object>();
+ }
+ return this.any;
+ }
+
+
+ /**
+ * <p>Java class for anonymous complex type.
+ *
+ * <p>The following schema fragment specifies the expected content contained within this class.
+ *
+ * <pre>
+ * &lt;complexType>
+ * &lt;complexContent>
+ * &lt;extension base="{http://reference.e-government.gv.at/namespace/persondata/20020228#}PersonNameType">
+ * &lt;attribute name="Type" type="{http://reference.e-government.gv.at/namespace/persondata/20020228#}AlternativeNameTypeType" />
+ * &lt;/extension>
+ * &lt;/complexContent>
+ * &lt;/complexType>
+ * </pre>
+ *
+ *
+ */
+ @XmlAccessorType(XmlAccessType.FIELD)
+ @XmlType(name = "")
+ public static class AlternativeName
+ extends PersonNameType
+ {
+
+ @XmlAttribute(name = "Type")
+ protected String type;
+
+ /**
+ * Gets the value of the type property.
+ *
+ * @return
+ * possible object is
+ * {@link String }
+ *
+ */
+ public String getType() {
+ return type;
+ }
+
+ /**
+ * Sets the value of the type property.
+ *
+ * @param value
+ * allowed object is
+ * {@link String }
+ *
+ */
+ public void setType(String value) {
+ this.type = value;
+ }
+
+ }
+
+
+ /**
+ * <p>Java class for anonymous complex type.
+ *
+ * <p>The following schema fragment specifies the expected content contained within this class.
+ *
+ * <pre>
+ * &lt;complexType>
+ * &lt;complexContent>
+ * &lt;restriction base="{http://www.w3.org/2001/XMLSchema}anyType">
+ * &lt;sequence>
+ * &lt;element name="TypeOfRelation" type="{http://reference.e-government.gv.at/namespace/persondata/20020228#}RelationType" maxOccurs="unbounded"/>
+ * &lt;element ref="{http://reference.e-government.gv.at/namespace/persondata/20020228#}Person"/>
+ * &lt;/sequence>
+ * &lt;/restriction>
+ * &lt;/complexContent>
+ * &lt;/complexType>
+ * </pre>
+ *
+ *
+ */
+ @XmlAccessorType(XmlAccessType.FIELD)
+ @XmlType(name = "", propOrder = {
+ "typeOfRelation",
+ "person"
+ })
+ public static class RelatedPerson {
+
+ @XmlElement(name = "TypeOfRelation", required = true)
+ protected List<String> typeOfRelation;
+ @XmlElement(name = "Person", required = true)
+ protected AbstractPersonType person;
+
+ /**
+ * Gets the value of the typeOfRelation property.
+ *
+ * <p>
+ * This accessor method returns a reference to the live list,
+ * not a snapshot. Therefore any modification you make to the
+ * returned list will be present inside the JAXB object.
+ * This is why there is not a <CODE>set</CODE> method for the typeOfRelation property.
+ *
+ * <p>
+ * For example, to add a new item, do as follows:
+ * <pre>
+ * getTypeOfRelation().add(newItem);
+ * </pre>
+ *
+ *
+ * <p>
+ * Objects of the following type(s) are allowed in the list
+ * {@link String }
+ *
+ *
+ */
+ public List<String> getTypeOfRelation() {
+ if (typeOfRelation == null) {
+ typeOfRelation = new ArrayList<String>();
+ }
+ return this.typeOfRelation;
+ }
+
+ /**
+ * Gets the value of the person property.
+ *
+ * @return
+ * possible object is
+ * {@link AbstractPersonType }
+ *
+ */
+ public AbstractPersonType getPerson() {
+ return person;
+ }
+
+ /**
+ * Sets the value of the person property.
+ *
+ * @param value
+ * allowed object is
+ * {@link AbstractPersonType }
+ *
+ */
+ public void setPerson(AbstractPersonType value) {
+ this.person = value;
+ }
+
+ }
+
+}
diff --git a/id/server/idserverlib/src/main/java/at/gv/e_government/reference/namespace/persondata/_20020228_/PostalAddressType.java b/id/server/idserverlib/src/main/java/at/gv/e_government/reference/namespace/persondata/_20020228_/PostalAddressType.java
new file mode 100644
index 000000000..4f6c80200
--- /dev/null
+++ b/id/server/idserverlib/src/main/java/at/gv/e_government/reference/namespace/persondata/_20020228_/PostalAddressType.java
@@ -0,0 +1,611 @@
+//
+// This file was generated by the JavaTM Architecture for XML Binding(JAXB) Reference Implementation, vJAXB 2.1.10 in JDK 6
+// See <a href="http://java.sun.com/xml/jaxb">http://java.sun.com/xml/jaxb</a>
+// Any modifications to this file will be lost upon recompilation of the source schema.
+// Generated on: 2013.06.19 at 11:53:10 AM CEST
+//
+
+
+package at.gv.e_government.reference.namespace.persondata._20020228_;
+
+import java.util.ArrayList;
+import java.util.List;
+import javax.xml.bind.annotation.XmlAccessType;
+import javax.xml.bind.annotation.XmlAccessorType;
+import javax.xml.bind.annotation.XmlAttribute;
+import javax.xml.bind.annotation.XmlElement;
+import javax.xml.bind.annotation.XmlType;
+
+
+/**
+ * <p>Java class for PostalAddressType complex type.
+ *
+ * <p>The following schema fragment specifies the expected content contained within this class.
+ *
+ * <pre>
+ * &lt;complexType name="PostalAddressType">
+ * &lt;complexContent>
+ * &lt;restriction base="{http://www.w3.org/2001/XMLSchema}anyType">
+ * &lt;sequence>
+ * &lt;element name="CountryCode" minOccurs="0">
+ * &lt;simpleType>
+ * &lt;restriction base="{http://www.w3.org/2001/XMLSchema}string">
+ * &lt;pattern value="[A-Z]{2}"/>
+ * &lt;/restriction>
+ * &lt;/simpleType>
+ * &lt;/element>
+ * &lt;element name="PostalCode" type="{http://www.w3.org/2001/XMLSchema}string" minOccurs="0"/>
+ * &lt;element name="Region" type="{http://www.w3.org/2001/XMLSchema}string" maxOccurs="unbounded" minOccurs="0"/>
+ * &lt;element name="Municipality" type="{http://www.w3.org/2001/XMLSchema}string" minOccurs="0"/>
+ * &lt;element name="DeliveryAddress" minOccurs="0">
+ * &lt;complexType>
+ * &lt;complexContent>
+ * &lt;restriction base="{http://www.w3.org/2001/XMLSchema}anyType">
+ * &lt;sequence>
+ * &lt;element name="AddressLine" type="{http://www.w3.org/2001/XMLSchema}string" maxOccurs="unbounded" minOccurs="0"/>
+ * &lt;element name="StreetName" type="{http://www.w3.org/2001/XMLSchema}string" minOccurs="0"/>
+ * &lt;element name="BuildingNumber" type="{http://www.w3.org/2001/XMLSchema}string" minOccurs="0"/>
+ * &lt;element name="Unit" type="{http://www.w3.org/2001/XMLSchema}string" minOccurs="0"/>
+ * &lt;element name="PostOfficeBox" type="{http://www.w3.org/2001/XMLSchema}string" minOccurs="0"/>
+ * &lt;/sequence>
+ * &lt;/restriction>
+ * &lt;/complexContent>
+ * &lt;/complexType>
+ * &lt;/element>
+ * &lt;element name="Recipient" maxOccurs="unbounded" minOccurs="0">
+ * &lt;complexType>
+ * &lt;complexContent>
+ * &lt;restriction base="{http://www.w3.org/2001/XMLSchema}anyType">
+ * &lt;sequence>
+ * &lt;element name="PersonName" type="{http://reference.e-government.gv.at/namespace/persondata/20020228#}PersonNameType" minOccurs="0"/>
+ * &lt;element name="AdditionalText" type="{http://www.w3.org/2001/XMLSchema}string" maxOccurs="unbounded" minOccurs="0"/>
+ * &lt;element name="Organization" type="{http://www.w3.org/2001/XMLSchema}string" minOccurs="0"/>
+ * &lt;element name="OrganizationName" type="{http://www.w3.org/2001/XMLSchema}string" minOccurs="0"/>
+ * &lt;/sequence>
+ * &lt;/restriction>
+ * &lt;/complexContent>
+ * &lt;/complexType>
+ * &lt;/element>
+ * &lt;/sequence>
+ * &lt;attribute name="type" default="undefined">
+ * &lt;simpleType>
+ * &lt;restriction base="{http://www.w3.org/2001/XMLSchema}string">
+ * &lt;enumeration value="postOfficeBoxAddress"/>
+ * &lt;enumeration value="streetAddress"/>
+ * &lt;enumeration value="militaryAddress"/>
+ * &lt;enumeration value="undefined"/>
+ * &lt;/restriction>
+ * &lt;/simpleType>
+ * &lt;/attribute>
+ * &lt;/restriction>
+ * &lt;/complexContent>
+ * &lt;/complexType>
+ * </pre>
+ *
+ *
+ */
+@XmlAccessorType(XmlAccessType.FIELD)
+@XmlType(name = "PostalAddressType", propOrder = {
+ "countryCode",
+ "postalCode",
+ "region",
+ "municipality",
+ "deliveryAddress",
+ "recipient"
+})
+public class PostalAddressType {
+
+ @XmlElement(name = "CountryCode")
+ protected String countryCode;
+ @XmlElement(name = "PostalCode")
+ protected String postalCode;
+ @XmlElement(name = "Region")
+ protected List<String> region;
+ @XmlElement(name = "Municipality")
+ protected String municipality;
+ @XmlElement(name = "DeliveryAddress")
+ protected PostalAddressType.DeliveryAddress deliveryAddress;
+ @XmlElement(name = "Recipient")
+ protected List<PostalAddressType.Recipient> recipient;
+ @XmlAttribute
+ protected String type;
+
+ /**
+ * Gets the value of the countryCode property.
+ *
+ * @return
+ * possible object is
+ * {@link String }
+ *
+ */
+ public String getCountryCode() {
+ return countryCode;
+ }
+
+ /**
+ * Sets the value of the countryCode property.
+ *
+ * @param value
+ * allowed object is
+ * {@link String }
+ *
+ */
+ public void setCountryCode(String value) {
+ this.countryCode = value;
+ }
+
+ /**
+ * Gets the value of the postalCode property.
+ *
+ * @return
+ * possible object is
+ * {@link String }
+ *
+ */
+ public String getPostalCode() {
+ return postalCode;
+ }
+
+ /**
+ * Sets the value of the postalCode property.
+ *
+ * @param value
+ * allowed object is
+ * {@link String }
+ *
+ */
+ public void setPostalCode(String value) {
+ this.postalCode = value;
+ }
+
+ /**
+ * Gets the value of the region property.
+ *
+ * <p>
+ * This accessor method returns a reference to the live list,
+ * not a snapshot. Therefore any modification you make to the
+ * returned list will be present inside the JAXB object.
+ * This is why there is not a <CODE>set</CODE> method for the region property.
+ *
+ * <p>
+ * For example, to add a new item, do as follows:
+ * <pre>
+ * getRegion().add(newItem);
+ * </pre>
+ *
+ *
+ * <p>
+ * Objects of the following type(s) are allowed in the list
+ * {@link String }
+ *
+ *
+ */
+ public List<String> getRegion() {
+ if (region == null) {
+ region = new ArrayList<String>();
+ }
+ return this.region;
+ }
+
+ /**
+ * Gets the value of the municipality property.
+ *
+ * @return
+ * possible object is
+ * {@link String }
+ *
+ */
+ public String getMunicipality() {
+ return municipality;
+ }
+
+ /**
+ * Sets the value of the municipality property.
+ *
+ * @param value
+ * allowed object is
+ * {@link String }
+ *
+ */
+ public void setMunicipality(String value) {
+ this.municipality = value;
+ }
+
+ /**
+ * Gets the value of the deliveryAddress property.
+ *
+ * @return
+ * possible object is
+ * {@link PostalAddressType.DeliveryAddress }
+ *
+ */
+ public PostalAddressType.DeliveryAddress getDeliveryAddress() {
+ return deliveryAddress;
+ }
+
+ /**
+ * Sets the value of the deliveryAddress property.
+ *
+ * @param value
+ * allowed object is
+ * {@link PostalAddressType.DeliveryAddress }
+ *
+ */
+ public void setDeliveryAddress(PostalAddressType.DeliveryAddress value) {
+ this.deliveryAddress = value;
+ }
+
+ /**
+ * Gets the value of the recipient property.
+ *
+ * <p>
+ * This accessor method returns a reference to the live list,
+ * not a snapshot. Therefore any modification you make to the
+ * returned list will be present inside the JAXB object.
+ * This is why there is not a <CODE>set</CODE> method for the recipient property.
+ *
+ * <p>
+ * For example, to add a new item, do as follows:
+ * <pre>
+ * getRecipient().add(newItem);
+ * </pre>
+ *
+ *
+ * <p>
+ * Objects of the following type(s) are allowed in the list
+ * {@link PostalAddressType.Recipient }
+ *
+ *
+ */
+ public List<PostalAddressType.Recipient> getRecipient() {
+ if (recipient == null) {
+ recipient = new ArrayList<PostalAddressType.Recipient>();
+ }
+ return this.recipient;
+ }
+
+ /**
+ * Gets the value of the type property.
+ *
+ * @return
+ * possible object is
+ * {@link String }
+ *
+ */
+ public String getType() {
+ if (type == null) {
+ return "undefined";
+ } else {
+ return type;
+ }
+ }
+
+ /**
+ * Sets the value of the type property.
+ *
+ * @param value
+ * allowed object is
+ * {@link String }
+ *
+ */
+ public void setType(String value) {
+ this.type = value;
+ }
+
+
+ /**
+ * <p>Java class for anonymous complex type.
+ *
+ * <p>The following schema fragment specifies the expected content contained within this class.
+ *
+ * <pre>
+ * &lt;complexType>
+ * &lt;complexContent>
+ * &lt;restriction base="{http://www.w3.org/2001/XMLSchema}anyType">
+ * &lt;sequence>
+ * &lt;element name="AddressLine" type="{http://www.w3.org/2001/XMLSchema}string" maxOccurs="unbounded" minOccurs="0"/>
+ * &lt;element name="StreetName" type="{http://www.w3.org/2001/XMLSchema}string" minOccurs="0"/>
+ * &lt;element name="BuildingNumber" type="{http://www.w3.org/2001/XMLSchema}string" minOccurs="0"/>
+ * &lt;element name="Unit" type="{http://www.w3.org/2001/XMLSchema}string" minOccurs="0"/>
+ * &lt;element name="PostOfficeBox" type="{http://www.w3.org/2001/XMLSchema}string" minOccurs="0"/>
+ * &lt;/sequence>
+ * &lt;/restriction>
+ * &lt;/complexContent>
+ * &lt;/complexType>
+ * </pre>
+ *
+ *
+ */
+ @XmlAccessorType(XmlAccessType.FIELD)
+ @XmlType(name = "", propOrder = {
+ "addressLine",
+ "streetName",
+ "buildingNumber",
+ "unit",
+ "postOfficeBox"
+ })
+ public static class DeliveryAddress {
+
+ @XmlElement(name = "AddressLine")
+ protected List<String> addressLine;
+ @XmlElement(name = "StreetName")
+ protected String streetName;
+ @XmlElement(name = "BuildingNumber")
+ protected String buildingNumber;
+ @XmlElement(name = "Unit")
+ protected String unit;
+ @XmlElement(name = "PostOfficeBox")
+ protected String postOfficeBox;
+
+ /**
+ * Gets the value of the addressLine property.
+ *
+ * <p>
+ * This accessor method returns a reference to the live list,
+ * not a snapshot. Therefore any modification you make to the
+ * returned list will be present inside the JAXB object.
+ * This is why there is not a <CODE>set</CODE> method for the addressLine property.
+ *
+ * <p>
+ * For example, to add a new item, do as follows:
+ * <pre>
+ * getAddressLine().add(newItem);
+ * </pre>
+ *
+ *
+ * <p>
+ * Objects of the following type(s) are allowed in the list
+ * {@link String }
+ *
+ *
+ */
+ public List<String> getAddressLine() {
+ if (addressLine == null) {
+ addressLine = new ArrayList<String>();
+ }
+ return this.addressLine;
+ }
+
+ /**
+ * Gets the value of the streetName property.
+ *
+ * @return
+ * possible object is
+ * {@link String }
+ *
+ */
+ public String getStreetName() {
+ return streetName;
+ }
+
+ /**
+ * Sets the value of the streetName property.
+ *
+ * @param value
+ * allowed object is
+ * {@link String }
+ *
+ */
+ public void setStreetName(String value) {
+ this.streetName = value;
+ }
+
+ /**
+ * Gets the value of the buildingNumber property.
+ *
+ * @return
+ * possible object is
+ * {@link String }
+ *
+ */
+ public String getBuildingNumber() {
+ return buildingNumber;
+ }
+
+ /**
+ * Sets the value of the buildingNumber property.
+ *
+ * @param value
+ * allowed object is
+ * {@link String }
+ *
+ */
+ public void setBuildingNumber(String value) {
+ this.buildingNumber = value;
+ }
+
+ /**
+ * Gets the value of the unit property.
+ *
+ * @return
+ * possible object is
+ * {@link String }
+ *
+ */
+ public String getUnit() {
+ return unit;
+ }
+
+ /**
+ * Sets the value of the unit property.
+ *
+ * @param value
+ * allowed object is
+ * {@link String }
+ *
+ */
+ public void setUnit(String value) {
+ this.unit = value;
+ }
+
+ /**
+ * Gets the value of the postOfficeBox property.
+ *
+ * @return
+ * possible object is
+ * {@link String }
+ *
+ */
+ public String getPostOfficeBox() {
+ return postOfficeBox;
+ }
+
+ /**
+ * Sets the value of the postOfficeBox property.
+ *
+ * @param value
+ * allowed object is
+ * {@link String }
+ *
+ */
+ public void setPostOfficeBox(String value) {
+ this.postOfficeBox = value;
+ }
+
+ }
+
+
+ /**
+ * <p>Java class for anonymous complex type.
+ *
+ * <p>The following schema fragment specifies the expected content contained within this class.
+ *
+ * <pre>
+ * &lt;complexType>
+ * &lt;complexContent>
+ * &lt;restriction base="{http://www.w3.org/2001/XMLSchema}anyType">
+ * &lt;sequence>
+ * &lt;element name="PersonName" type="{http://reference.e-government.gv.at/namespace/persondata/20020228#}PersonNameType" minOccurs="0"/>
+ * &lt;element name="AdditionalText" type="{http://www.w3.org/2001/XMLSchema}string" maxOccurs="unbounded" minOccurs="0"/>
+ * &lt;element name="Organization" type="{http://www.w3.org/2001/XMLSchema}string" minOccurs="0"/>
+ * &lt;element name="OrganizationName" type="{http://www.w3.org/2001/XMLSchema}string" minOccurs="0"/>
+ * &lt;/sequence>
+ * &lt;/restriction>
+ * &lt;/complexContent>
+ * &lt;/complexType>
+ * </pre>
+ *
+ *
+ */
+ @XmlAccessorType(XmlAccessType.FIELD)
+ @XmlType(name = "", propOrder = {
+ "personName",
+ "additionalText",
+ "organization",
+ "organizationName"
+ })
+ public static class Recipient {
+
+ @XmlElement(name = "PersonName")
+ protected PersonNameType personName;
+ @XmlElement(name = "AdditionalText")
+ protected List<String> additionalText;
+ @XmlElement(name = "Organization")
+ protected String organization;
+ @XmlElement(name = "OrganizationName")
+ protected String organizationName;
+
+ /**
+ * Gets the value of the personName property.
+ *
+ * @return
+ * possible object is
+ * {@link PersonNameType }
+ *
+ */
+ public PersonNameType getPersonName() {
+ return personName;
+ }
+
+ /**
+ * Sets the value of the personName property.
+ *
+ * @param value
+ * allowed object is
+ * {@link PersonNameType }
+ *
+ */
+ public void setPersonName(PersonNameType value) {
+ this.personName = value;
+ }
+
+ /**
+ * Gets the value of the additionalText property.
+ *
+ * <p>
+ * This accessor method returns a reference to the live list,
+ * not a snapshot. Therefore any modification you make to the
+ * returned list will be present inside the JAXB object.
+ * This is why there is not a <CODE>set</CODE> method for the additionalText property.
+ *
+ * <p>
+ * For example, to add a new item, do as follows:
+ * <pre>
+ * getAdditionalText().add(newItem);
+ * </pre>
+ *
+ *
+ * <p>
+ * Objects of the following type(s) are allowed in the list
+ * {@link String }
+ *
+ *
+ */
+ public List<String> getAdditionalText() {
+ if (additionalText == null) {
+ additionalText = new ArrayList<String>();
+ }
+ return this.additionalText;
+ }
+
+ /**
+ * Gets the value of the organization property.
+ *
+ * @return
+ * possible object is
+ * {@link String }
+ *
+ */
+ public String getOrganization() {
+ return organization;
+ }
+
+ /**
+ * Sets the value of the organization property.
+ *
+ * @param value
+ * allowed object is
+ * {@link String }
+ *
+ */
+ public void setOrganization(String value) {
+ this.organization = value;
+ }
+
+ /**
+ * Gets the value of the organizationName property.
+ *
+ * @return
+ * possible object is
+ * {@link String }
+ *
+ */
+ public String getOrganizationName() {
+ return organizationName;
+ }
+
+ /**
+ * Sets the value of the organizationName property.
+ *
+ * @param value
+ * allowed object is
+ * {@link String }
+ *
+ */
+ public void setOrganizationName(String value) {
+ this.organizationName = value;
+ }
+
+ }
+
+}
diff --git a/id/server/idserverlib/src/main/java/at/gv/e_government/reference/namespace/persondata/_20020228_/SexType.java b/id/server/idserverlib/src/main/java/at/gv/e_government/reference/namespace/persondata/_20020228_/SexType.java
new file mode 100644
index 000000000..7533e2fd4
--- /dev/null
+++ b/id/server/idserverlib/src/main/java/at/gv/e_government/reference/namespace/persondata/_20020228_/SexType.java
@@ -0,0 +1,61 @@
+//
+// This file was generated by the JavaTM Architecture for XML Binding(JAXB) Reference Implementation, vJAXB 2.1.10 in JDK 6
+// See <a href="http://java.sun.com/xml/jaxb">http://java.sun.com/xml/jaxb</a>
+// Any modifications to this file will be lost upon recompilation of the source schema.
+// Generated on: 2013.06.19 at 11:53:10 AM CEST
+//
+
+
+package at.gv.e_government.reference.namespace.persondata._20020228_;
+
+import javax.xml.bind.annotation.XmlEnum;
+import javax.xml.bind.annotation.XmlEnumValue;
+import javax.xml.bind.annotation.XmlType;
+
+
+/**
+ * <p>Java class for SexType.
+ *
+ * <p>The following schema fragment specifies the expected content contained within this class.
+ * <p>
+ * <pre>
+ * &lt;simpleType name="SexType">
+ * &lt;restriction base="{http://www.w3.org/2001/XMLSchema}token">
+ * &lt;enumeration value="male"/>
+ * &lt;enumeration value="female"/>
+ * &lt;enumeration value="unknown"/>
+ * &lt;/restriction>
+ * &lt;/simpleType>
+ * </pre>
+ *
+ */
+@XmlType(name = "SexType")
+@XmlEnum
+public enum SexType {
+
+ @XmlEnumValue("male")
+ MALE("male"),
+ @XmlEnumValue("female")
+ FEMALE("female"),
+ @XmlEnumValue("unknown")
+ UNKNOWN("unknown");
+ private final String value;
+
+ SexType(String v) {
+ value = v;
+ }
+
+ public String value() {
+ return value;
+ }
+
+ public static SexType fromValue(String v) {
+ for (SexType c: SexType.values()) {
+ if (c.value.equals(v)) {
+ return c;
+ }
+ }
+ throw new IllegalArgumentException(v);
+ }
+
+}
diff --git a/id/server/idserverlib/src/main/java/at/gv/e_government/reference/namespace/persondata/_20020228_/TelcomNumberListType.java b/id/server/idserverlib/src/main/java/at/gv/e_government/reference/namespace/persondata/_20020228_/TelcomNumberListType.java
new file mode 100644
index 000000000..55db75831
--- /dev/null
+++ b/id/server/idserverlib/src/main/java/at/gv/e_government/reference/namespace/persondata/_20020228_/TelcomNumberListType.java
@@ -0,0 +1,181 @@
+//
+// This file was generated by the JavaTM Architecture for XML Binding(JAXB) Reference Implementation, vJAXB 2.1.10 in JDK 6
+// See <a href="http://java.sun.com/xml/jaxb">http://java.sun.com/xml/jaxb</a>
+// Any modifications to this file will be lost upon recompilation of the source schema.
+// Generated on: 2013.06.19 at 11:53:10 AM CEST
+//
+
+
+package at.gv.e_government.reference.namespace.persondata._20020228_;
+
+import javax.xml.bind.annotation.XmlAccessType;
+import javax.xml.bind.annotation.XmlAccessorType;
+import javax.xml.bind.annotation.XmlElement;
+import javax.xml.bind.annotation.XmlType;
+
+
+/**
+ * <p>Java class for TelcomNumberListType complex type.
+ *
+ * <p>The following schema fragment specifies the expected content contained within this class.
+ *
+ * <pre>
+ * &lt;complexType name="TelcomNumberListType">
+ * &lt;complexContent>
+ * &lt;restriction base="{http://www.w3.org/2001/XMLSchema}anyType">
+ * &lt;sequence>
+ * &lt;element ref="{http://reference.e-government.gv.at/namespace/persondata/20020228#}Telephone" minOccurs="0"/>
+ * &lt;element ref="{http://reference.e-government.gv.at/namespace/persondata/20020228#}Mobile" minOccurs="0"/>
+ * &lt;element ref="{http://reference.e-government.gv.at/namespace/persondata/20020228#}Fax" minOccurs="0"/>
+ * &lt;element ref="{http://reference.e-government.gv.at/namespace/persondata/20020228#}Pager" minOccurs="0"/>
+ * &lt;element ref="{http://reference.e-government.gv.at/namespace/persondata/20020228#}TTYTDD" minOccurs="0"/>
+ * &lt;/sequence>
+ * &lt;/restriction>
+ * &lt;/complexContent>
+ * &lt;/complexType>
+ * </pre>
+ *
+ *
+ */
+@XmlAccessorType(XmlAccessType.FIELD)
+@XmlType(name = "TelcomNumberListType", propOrder = {
+ "telephone",
+ "mobile",
+ "fax",
+ "pager",
+ "ttytdd"
+})
+public class TelcomNumberListType {
+
+ @XmlElement(name = "Telephone")
+ protected TelcomNumberType telephone;
+ @XmlElement(name = "Mobile")
+ protected MobileTelcomNumberType mobile;
+ @XmlElement(name = "Fax")
+ protected TelcomNumberType fax;
+ @XmlElement(name = "Pager")
+ protected TelcomNumberType pager;
+ @XmlElement(name = "TTYTDD")
+ protected TelcomNumberType ttytdd;
+
+ /**
+ * Gets the value of the telephone property.
+ *
+ * @return
+ * possible object is
+ * {@link TelcomNumberType }
+ *
+ */
+ public TelcomNumberType getTelephone() {
+ return telephone;
+ }
+
+ /**
+ * Sets the value of the telephone property.
+ *
+ * @param value
+ * allowed object is
+ * {@link TelcomNumberType }
+ *
+ */
+ public void setTelephone(TelcomNumberType value) {
+ this.telephone = value;
+ }
+
+ /**
+ * Gets the value of the mobile property.
+ *
+ * @return
+ * possible object is
+ * {@link MobileTelcomNumberType }
+ *
+ */
+ public MobileTelcomNumberType getMobile() {
+ return mobile;
+ }
+
+ /**
+ * Sets the value of the mobile property.
+ *
+ * @param value
+ * allowed object is
+ * {@link MobileTelcomNumberType }
+ *
+ */
+ public void setMobile(MobileTelcomNumberType value) {
+ this.mobile = value;
+ }
+
+ /**
+ * Gets the value of the fax property.
+ *
+ * @return
+ * possible object is
+ * {@link TelcomNumberType }
+ *
+ */
+ public TelcomNumberType getFax() {
+ return fax;
+ }
+
+ /**
+ * Sets the value of the fax property.
+ *
+ * @param value
+ * allowed object is
+ * {@link TelcomNumberType }
+ *
+ */
+ public void setFax(TelcomNumberType value) {
+ this.fax = value;
+ }
+
+ /**
+ * Gets the value of the pager property.
+ *
+ * @return
+ * possible object is
+ * {@link TelcomNumberType }
+ *
+ */
+ public TelcomNumberType getPager() {
+ return pager;
+ }
+
+ /**
+ * Sets the value of the pager property.
+ *
+ * @param value
+ * allowed object is
+ * {@link TelcomNumberType }
+ *
+ */
+ public void setPager(TelcomNumberType value) {
+ this.pager = value;
+ }
+
+ /**
+ * Gets the value of the ttytdd property.
+ *
+ * @return
+ * possible object is
+ * {@link TelcomNumberType }
+ *
+ */
+ public TelcomNumberType getTTYTDD() {
+ return ttytdd;
+ }
+
+ /**
+ * Sets the value of the ttytdd property.
+ *
+ * @param value
+ * allowed object is
+ * {@link TelcomNumberType }
+ *
+ */
+ public void setTTYTDD(TelcomNumberType value) {
+ this.ttytdd = value;
+ }
+
+}
diff --git a/id/server/idserverlib/src/main/java/at/gv/e_government/reference/namespace/persondata/_20020228_/TelcomNumberType.java b/id/server/idserverlib/src/main/java/at/gv/e_government/reference/namespace/persondata/_20020228_/TelcomNumberType.java
new file mode 100644
index 000000000..dfff3a208
--- /dev/null
+++ b/id/server/idserverlib/src/main/java/at/gv/e_government/reference/namespace/persondata/_20020228_/TelcomNumberType.java
@@ -0,0 +1,209 @@
+//
+// This file was generated by the JavaTM Architecture for XML Binding(JAXB) Reference Implementation, vJAXB 2.1.10 in JDK 6
+// See <a href="http://java.sun.com/xml/jaxb">http://java.sun.com/xml/jaxb</a>
+// Any modifications to this file will be lost upon recompilation of the source schema.
+// Generated on: 2013.06.19 at 11:53:10 AM CEST
+//
+
+
+package at.gv.e_government.reference.namespace.persondata._20020228_;
+
+import javax.xml.bind.annotation.XmlAccessType;
+import javax.xml.bind.annotation.XmlAccessorType;
+import javax.xml.bind.annotation.XmlElement;
+import javax.xml.bind.annotation.XmlSeeAlso;
+import javax.xml.bind.annotation.XmlType;
+
+
+/**
+ * <p>Java class for TelcomNumberType complex type.
+ *
+ * <p>The following schema fragment specifies the expected content contained within this class.
+ *
+ * <pre>
+ * &lt;complexType name="TelcomNumberType">
+ * &lt;complexContent>
+ * &lt;restriction base="{http://www.w3.org/2001/XMLSchema}anyType">
+ * &lt;choice>
+ * &lt;element ref="{http://reference.e-government.gv.at/namespace/persondata/20020228#}FormattedNumber"/>
+ * &lt;group ref="{http://reference.e-government.gv.at/namespace/persondata/20020228#}TelcomNumberGroup"/>
+ * &lt;/choice>
+ * &lt;/restriction>
+ * &lt;/complexContent>
+ * &lt;/complexType>
+ * </pre>
+ *
+ *
+ */
+@XmlAccessorType(XmlAccessType.FIELD)
+@XmlType(name = "TelcomNumberType", propOrder = {
+ "formattedNumber",
+ "internationalCountryCode",
+ "nationalNumber",
+ "areaCityCode",
+ "subscriberNumber",
+ "extension"
+})
+@XmlSeeAlso({
+ MobileTelcomNumberType.class
+})
+public class TelcomNumberType {
+
+ @XmlElement(name = "FormattedNumber")
+ protected String formattedNumber;
+ @XmlElement(name = "InternationalCountryCode")
+ protected String internationalCountryCode;
+ @XmlElement(name = "NationalNumber")
+ protected String nationalNumber;
+ @XmlElement(name = "AreaCityCode")
+ protected String areaCityCode;
+ @XmlElement(name = "SubscriberNumber")
+ protected String subscriberNumber;
+ @XmlElement(name = "Extension")
+ protected String extension;
+
+ /**
+ * Gets the value of the formattedNumber property.
+ *
+ * @return
+ * possible object is
+ * {@link String }
+ *
+ */
+ public String getFormattedNumber() {
+ return formattedNumber;
+ }
+
+ /**
+ * Sets the value of the formattedNumber property.
+ *
+ * @param value
+ * allowed object is
+ * {@link String }
+ *
+ */
+ public void setFormattedNumber(String value) {
+ this.formattedNumber = value;
+ }
+
+ /**
+ * Gets the value of the internationalCountryCode property.
+ *
+ * @return
+ * possible object is
+ * {@link String }
+ *
+ */
+ public String getInternationalCountryCode() {
+ return internationalCountryCode;
+ }
+
+ /**
+ * Sets the value of the internationalCountryCode property.
+ *
+ * @param value
+ * allowed object is
+ * {@link String }
+ *
+ */
+ public void setInternationalCountryCode(String value) {
+ this.internationalCountryCode = value;
+ }
+
+ /**
+ * Gets the value of the nationalNumber property.
+ *
+ * @return
+ * possible object is
+ * {@link String }
+ *
+ */
+ public String getNationalNumber() {
+ return nationalNumber;
+ }
+
+ /**
+ * Sets the value of the nationalNumber property.
+ *
+ * @param value
+ * allowed object is
+ * {@link String }
+ *
+ */
+ public void setNationalNumber(String value) {
+ this.nationalNumber = value;
+ }
+
+ /**
+ * Gets the value of the areaCityCode property.
+ *
+ * @return
+ * possible object is
+ * {@link String }
+ *
+ */
+ public String getAreaCityCode() {
+ return areaCityCode;
+ }
+
+ /**
+ * Sets the value of the areaCityCode property.
+ *
+ * @param value
+ * allowed object is
+ * {@link String }
+ *
+ */
+ public void setAreaCityCode(String value) {
+ this.areaCityCode = value;
+ }
+
+ /**
+ * Gets the value of the subscriberNumber property.
+ *
+ * @return
+ * possible object is
+ * {@link String }
+ *
+ */
+ public String getSubscriberNumber() {
+ return subscriberNumber;
+ }
+
+ /**
+ * Sets the value of the subscriberNumber property.
+ *
+ * @param value
+ * allowed object is
+ * {@link String }
+ *
+ */
+ public void setSubscriberNumber(String value) {
+ this.subscriberNumber = value;
+ }
+
+ /**
+ * Gets the value of the extension property.
+ *
+ * @return
+ * possible object is
+ * {@link String }
+ *
+ */
+ public String getExtension() {
+ return extension;
+ }
+
+ /**
+ * Sets the value of the extension property.
+ *
+ * @param value
+ * allowed object is
+ * {@link String }
+ *
+ */
+ public void setExtension(String value) {
+ this.extension = value;
+ }
+
+}
diff --git a/id/server/idserverlib/src/main/java/at/gv/e_government/reference/namespace/persondata/_20020228_/TelephoneAddressType.java b/id/server/idserverlib/src/main/java/at/gv/e_government/reference/namespace/persondata/_20020228_/TelephoneAddressType.java
new file mode 100644
index 000000000..ae87ba6ce
--- /dev/null
+++ b/id/server/idserverlib/src/main/java/at/gv/e_government/reference/namespace/persondata/_20020228_/TelephoneAddressType.java
@@ -0,0 +1,147 @@
+//
+// This file was generated by the JavaTM Architecture for XML Binding(JAXB) Reference Implementation, vJAXB 2.1.10 in JDK 6
+// See <a href="http://java.sun.com/xml/jaxb">http://java.sun.com/xml/jaxb</a>
+// Any modifications to this file will be lost upon recompilation of the source schema.
+// Generated on: 2013.06.19 at 11:53:10 AM CEST
+//
+
+
+package at.gv.e_government.reference.namespace.persondata._20020228_;
+
+import java.util.ArrayList;
+import java.util.List;
+import javax.xml.bind.annotation.XmlAccessType;
+import javax.xml.bind.annotation.XmlAccessorType;
+import javax.xml.bind.annotation.XmlAnyElement;
+import javax.xml.bind.annotation.XmlElement;
+import javax.xml.bind.annotation.XmlSchemaType;
+import javax.xml.bind.annotation.XmlType;
+import org.w3c.dom.Element;
+
+
+/**
+ * phone numbers
+ *
+ * <p>Java class for TelephoneAddressType complex type.
+ *
+ * <p>The following schema fragment specifies the expected content contained within this class.
+ *
+ * <pre>
+ * &lt;complexType name="TelephoneAddressType">
+ * &lt;complexContent>
+ * &lt;extension base="{http://reference.e-government.gv.at/namespace/persondata/20020228#}AbstractAddressType">
+ * &lt;sequence minOccurs="0">
+ * &lt;element name="Type" type="{http://www.w3.org/2001/XMLSchema}anyURI" maxOccurs="unbounded" minOccurs="0"/>
+ * &lt;element name="Number" type="{http://reference.e-government.gv.at/namespace/persondata/20020228#}TelcomNumberType"/>
+ * &lt;any processContents='lax' namespace='##other' maxOccurs="unbounded" minOccurs="0"/>
+ * &lt;/sequence>
+ * &lt;anyAttribute namespace='##other'/>
+ * &lt;/extension>
+ * &lt;/complexContent>
+ * &lt;/complexType>
+ * </pre>
+ *
+ *
+ */
+@XmlAccessorType(XmlAccessType.FIELD)
+@XmlType(name = "TelephoneAddressType", propOrder = {
+ "type",
+ "number",
+ "any"
+})
+public class TelephoneAddressType
+ extends AbstractAddressType
+{
+
+ @XmlElement(name = "Type")
+ @XmlSchemaType(name = "anyURI")
+ protected List<String> type;
+ @XmlElement(name = "Number")
+ protected TelcomNumberType number;
+ @XmlAnyElement(lax = true)
+ protected List<Object> any;
+
+ /**
+ * Gets the value of the type property.
+ *
+ * <p>
+ * This accessor method returns a reference to the live list,
+ * not a snapshot. Therefore any modification you make to the
+ * returned list will be present inside the JAXB object.
+ * This is why there is not a <CODE>set</CODE> method for the type property.
+ *
+ * <p>
+ * For example, to add a new item, do as follows:
+ * <pre>
+ * getType().add(newItem);
+ * </pre>
+ *
+ *
+ * <p>
+ * Objects of the following type(s) are allowed in the list
+ * {@link String }
+ *
+ *
+ */
+ public List<String> getType() {
+ if (type == null) {
+ type = new ArrayList<String>();
+ }
+ return this.type;
+ }
+
+ /**
+ * Gets the value of the number property.
+ *
+ * @return
+ * possible object is
+ * {@link TelcomNumberType }
+ *
+ */
+ public TelcomNumberType getNumber() {
+ return number;
+ }
+
+ /**
+ * Sets the value of the number property.
+ *
+ * @param value
+ * allowed object is
+ * {@link TelcomNumberType }
+ *
+ */
+ public void setNumber(TelcomNumberType value) {
+ this.number = value;
+ }
+
+ /**
+ * Gets the value of the any property.
+ *
+ * <p>
+ * This accessor method returns a reference to the live list,
+ * not a snapshot. Therefore any modification you make to the
+ * returned list will be present inside the JAXB object.
+ * This is why there is not a <CODE>set</CODE> method for the any property.
+ *
+ * <p>
+ * For example, to add a new item, do as follows:
+ * <pre>
+ * getAny().add(newItem);
+ * </pre>
+ *
+ *
+ * <p>
+ * Objects of the following type(s) are allowed in the list
+ * {@link Element }
+ * {@link Object }
+ *
+ *
+ */
+ public List<Object> getAny() {
+ if (any == null) {
+ any = new ArrayList<Object>();
+ }
+ return this.any;
+ }
+
+}
diff --git a/id/server/idserverlib/src/main/java/at/gv/e_government/reference/namespace/persondata/_20020228_/TypedPostalAddressType.java b/id/server/idserverlib/src/main/java/at/gv/e_government/reference/namespace/persondata/_20020228_/TypedPostalAddressType.java
new file mode 100644
index 000000000..4838c4cc7
--- /dev/null
+++ b/id/server/idserverlib/src/main/java/at/gv/e_government/reference/namespace/persondata/_20020228_/TypedPostalAddressType.java
@@ -0,0 +1,142 @@
+//
+// This file was generated by the JavaTM Architecture for XML Binding(JAXB) Reference Implementation, vJAXB 2.1.10 in JDK 6
+// See <a href="http://java.sun.com/xml/jaxb">http://java.sun.com/xml/jaxb</a>
+// Any modifications to this file will be lost upon recompilation of the source schema.
+// Generated on: 2013.06.19 at 11:53:10 AM CEST
+//
+
+
+package at.gv.e_government.reference.namespace.persondata._20020228_;
+
+import java.util.ArrayList;
+import java.util.List;
+import javax.xml.bind.annotation.XmlAccessType;
+import javax.xml.bind.annotation.XmlAccessorType;
+import javax.xml.bind.annotation.XmlAnyElement;
+import javax.xml.bind.annotation.XmlElement;
+import javax.xml.bind.annotation.XmlSchemaType;
+import javax.xml.bind.annotation.XmlType;
+import org.w3c.dom.Element;
+
+
+/**
+ * postal address
+ *
+ * <p>Java class for TypedPostalAddressType complex type.
+ *
+ * <p>The following schema fragment specifies the expected content contained within this class.
+ *
+ * <pre>
+ * &lt;complexType name="TypedPostalAddressType">
+ * &lt;complexContent>
+ * &lt;extension base="{http://reference.e-government.gv.at/namespace/persondata/20020228#}AbstractAddressType">
+ * &lt;sequence minOccurs="0">
+ * &lt;element name="Type" type="{http://www.w3.org/2001/XMLSchema}anyURI" minOccurs="0"/>
+ * &lt;element ref="{http://reference.e-government.gv.at/namespace/persondata/20020228#}PostalAddress"/>
+ * &lt;any processContents='lax' namespace='##other' maxOccurs="unbounded" minOccurs="0"/>
+ * &lt;/sequence>
+ * &lt;anyAttribute namespace='##other'/>
+ * &lt;/extension>
+ * &lt;/complexContent>
+ * &lt;/complexType>
+ * </pre>
+ *
+ *
+ */
+@XmlAccessorType(XmlAccessType.FIELD)
+@XmlType(name = "TypedPostalAddressType", propOrder = {
+ "type",
+ "postalAddress",
+ "any"
+})
+public class TypedPostalAddressType
+ extends AbstractAddressType
+{
+
+ @XmlElement(name = "Type")
+ @XmlSchemaType(name = "anyURI")
+ protected String type;
+ @XmlElement(name = "PostalAddress")
+ protected PostalAddressType postalAddress;
+ @XmlAnyElement(lax = true)
+ protected List<Object> any;
+
+ /**
+ * Gets the value of the type property.
+ *
+ * @return
+ * possible object is
+ * {@link String }
+ *
+ */
+ public String getType() {
+ return type;
+ }
+
+ /**
+ * Sets the value of the type property.
+ *
+ * @param value
+ * allowed object is
+ * {@link String }
+ *
+ */
+ public void setType(String value) {
+ this.type = value;
+ }
+
+ /**
+ * Gets the value of the postalAddress property.
+ *
+ * @return
+ * possible object is
+ * {@link PostalAddressType }
+ *
+ */
+ public PostalAddressType getPostalAddress() {
+ return postalAddress;
+ }
+
+ /**
+ * Sets the value of the postalAddress property.
+ *
+ * @param value
+ * allowed object is
+ * {@link PostalAddressType }
+ *
+ */
+ public void setPostalAddress(PostalAddressType value) {
+ this.postalAddress = value;
+ }
+
+ /**
+ * Gets the value of the any property.
+ *
+ * <p>
+ * This accessor method returns a reference to the live list,
+ * not a snapshot. Therefore any modification you make to the
+ * returned list will be present inside the JAXB object.
+ * This is why there is not a <CODE>set</CODE> method for the any property.
+ *
+ * <p>
+ * For example, to add a new item, do as follows:
+ * <pre>
+ * getAny().add(newItem);
+ * </pre>
+ *
+ *
+ * <p>
+ * Objects of the following type(s) are allowed in the list
+ * {@link Element }
+ * {@link Object }
+ *
+ *
+ */
+ public List<Object> getAny() {
+ if (any == null) {
+ any = new ArrayList<Object>();
+ }
+ return this.any;
+ }
+
+}
diff --git a/id/server/idserverlib/src/main/java/at/gv/e_government/reference/namespace/persondata/_20020228_/package-info.java b/id/server/idserverlib/src/main/java/at/gv/e_government/reference/namespace/persondata/_20020228_/package-info.java
new file mode 100644
index 000000000..c866662d1
--- /dev/null
+++ b/id/server/idserverlib/src/main/java/at/gv/e_government/reference/namespace/persondata/_20020228_/package-info.java
@@ -0,0 +1,9 @@
+//
+// This file was generated by the JavaTM Architecture for XML Binding(JAXB) Reference Implementation, vJAXB 2.1.10 in JDK 6
+// See <a href="http://java.sun.com/xml/jaxb">http://java.sun.com/xml/jaxb</a>
+// Any modifications to this file will be lost upon recompilation of the source schema.
+// Generated on: 2013.06.19 at 11:53:10 AM CEST
+//
+
+@javax.xml.bind.annotation.XmlSchema(namespace = "http://reference.e-government.gv.at/namespace/persondata/20020228#", elementFormDefault = javax.xml.bind.annotation.XmlNsForm.QUALIFIED)
+package at.gv.e_government.reference.namespace.persondata._20020228_;
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/AuthenticationServer.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/AuthenticationServer.java
index d783c74d9..89adbce3f 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/AuthenticationServer.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/AuthenticationServer.java
@@ -23,17 +23,19 @@
package at.gv.egovernment.moa.id.auth;
+import iaik.asn1.ObjectID;
import iaik.pki.PKIException;
+import iaik.x509.CertificateFactory;
import iaik.x509.X509Certificate;
+import iaik.x509.X509ExtensionInitException;
import java.io.ByteArrayInputStream;
-import java.io.File;
import java.io.IOException;
import java.io.InputStream;
import java.security.GeneralSecurityException;
import java.security.Principal;
import java.security.cert.CertificateException;
-import java.security.cert.CertificateFactory;
+//import java.security.cert.CertificateFactory;
import java.util.ArrayList;
import java.util.Calendar;
import java.util.Date;
@@ -57,6 +59,7 @@ import org.opensaml.xml.util.Base64;
import org.opensaml.xml.util.XMLHelper;
import org.w3c.dom.Document;
import org.w3c.dom.Element;
+import org.w3c.dom.Node;
import org.w3c.dom.NodeList;
import org.xml.sax.SAXException;
@@ -66,7 +69,6 @@ import at.gv.egovernment.moa.id.MOAIDException;
import at.gv.egovernment.moa.id.ParseException;
import at.gv.egovernment.moa.id.ServiceException;
import at.gv.egovernment.moa.id.auth.builder.AuthenticationBlockAssertionBuilder;
-import at.gv.egovernment.moa.id.auth.builder.AuthenticationDataAssertionBuilder;
import at.gv.egovernment.moa.id.auth.builder.BPKBuilder;
import at.gv.egovernment.moa.id.auth.builder.CertInfoVerifyXMLSignatureRequestBuilder;
import at.gv.egovernment.moa.id.auth.builder.CreateXMLSignatureRequestBuilder;
@@ -75,7 +77,6 @@ import at.gv.egovernment.moa.id.auth.builder.GetIdentityLinkFormBuilder;
import at.gv.egovernment.moa.id.auth.builder.InfoboxReadRequestBuilder;
import at.gv.egovernment.moa.id.auth.builder.InfoboxValidatorParamsBuilder;
import at.gv.egovernment.moa.id.auth.builder.PersonDataBuilder;
-import at.gv.egovernment.moa.id.auth.builder.SAMLArtifactBuilder;
import at.gv.egovernment.moa.id.auth.builder.SelectBKUFormBuilder;
import at.gv.egovernment.moa.id.auth.builder.VerifyXMLSignatureRequestBuilder;
import at.gv.egovernment.moa.id.auth.data.AuthenticationSession;
@@ -89,13 +90,13 @@ import at.gv.egovernment.moa.id.auth.data.VerifyXMLSignatureResponse;
import at.gv.egovernment.moa.id.auth.invoke.SignatureVerificationInvoker;
import at.gv.egovernment.moa.id.auth.parser.CreateXMLSignatureResponseParser;
import at.gv.egovernment.moa.id.auth.parser.ExtendedInfoboxReadResponseParser;
+import at.gv.egovernment.moa.id.auth.parser.IdentityLinkAssertionParser;
import at.gv.egovernment.moa.id.auth.parser.InfoboxReadResponseParser;
import at.gv.egovernment.moa.id.auth.parser.SAMLArtifactParser;
import at.gv.egovernment.moa.id.auth.parser.VerifyXMLSignatureResponseParser;
import at.gv.egovernment.moa.id.auth.servlet.AuthServlet;
import at.gv.egovernment.moa.id.auth.servlet.PEPSConnectorServlet;
import at.gv.egovernment.moa.id.auth.stork.STORKAuthnRequestProcessor;
-import at.gv.egovernment.moa.id.auth.stork.STORKException;
import at.gv.egovernment.moa.id.auth.validator.CreateXMLSignatureResponseValidator;
import at.gv.egovernment.moa.id.auth.validator.IdentityLinkValidator;
import at.gv.egovernment.moa.id.auth.validator.InfoboxValidator;
@@ -107,6 +108,8 @@ import at.gv.egovernment.moa.id.auth.validator.parep.client.szrgw.CreateIdentity
import at.gv.egovernment.moa.id.auth.validator.parep.client.szrgw.SZRGWClient;
import at.gv.egovernment.moa.id.auth.validator.parep.client.szrgw.SZRGWClientException;
import at.gv.egovernment.moa.id.auth.validator.parep.client.szrgw.SZRGWConstants;
+import at.gv.egovernment.moa.id.commons.db.dao.config.IdentificationNumber;
+import at.gv.egovernment.moa.id.commons.db.ex.MOADatabaseException;
import at.gv.egovernment.moa.id.config.ConfigurationException;
import at.gv.egovernment.moa.id.config.ConfigurationProvider;
import at.gv.egovernment.moa.id.config.ConnectionParameter;
@@ -117,6 +120,9 @@ import at.gv.egovernment.moa.id.config.auth.VerifyInfoboxParameters;
import at.gv.egovernment.moa.id.config.stork.CPEPS;
import at.gv.egovernment.moa.id.config.stork.STORKConfig;
import at.gv.egovernment.moa.id.data.AuthenticationData;
+import at.gv.egovernment.moa.id.moduls.IRequest;
+import at.gv.egovernment.moa.id.storage.AssertionStorage;
+import at.gv.egovernment.moa.id.storage.AuthenticationSessionStoreage;
import at.gv.egovernment.moa.id.util.HTTPUtils;
import at.gv.egovernment.moa.id.util.MOAIDMessageProvider;
import at.gv.egovernment.moa.id.util.Random;
@@ -130,7 +136,9 @@ import at.gv.egovernment.moa.util.Constants;
import at.gv.egovernment.moa.util.DOMUtils;
import at.gv.egovernment.moa.util.DateTimeUtils;
import at.gv.egovernment.moa.util.FileUtils;
+import at.gv.egovernment.moa.util.MiscUtil;
import at.gv.egovernment.moa.util.StringUtils;
+import at.gv.egovernment.moa.util.XPathUtils;
import eu.stork.mw.messages.saml.STORKAuthnRequest;
import eu.stork.vidp.messages.builder.STORKMessagesBuilder;
import eu.stork.vidp.messages.common.STORKConstants;
@@ -154,18 +162,18 @@ public class AuthenticationServer implements MOAIDAuthConstants {
/** single instance */
private static AuthenticationServer instance;
/** session data store (session ID -> AuthenticationSession) */
- private static Map sessionStore = new HashMap();
- /** authentication data store (assertion handle -> AuthenticationData) */
- private static Map authenticationDataStore = new HashMap();
+ //private static Map sessionStore = new HashMap();
+
/**
* time out in milliseconds used by {@link cleanup} for session store
*/
- private long sessionTimeOut = 10 * 60 * 1000; // default 10 minutes
+ private long sessionTimeOutCreated = 15 * 60 * 1000; // default 10 minutes
+ private long sessionTimeOutUpdated = 10 * 60 * 1000; // default 10 minutes
/**
* time out in milliseconds used by {@link cleanup} for authentication data
* store
*/
- private long authDataTimeOut = 2 * 60 * 1000; // default 2 minutes
+ private long authDataTimeOut = 2 * 60 * 1000; // default 2 minutes
/**
* Returns the single instance of <code>AuthenticationServer</code>.
@@ -185,132 +193,144 @@ public class AuthenticationServer implements MOAIDAuthConstants {
super();
}
- /**
- * Processes request to select a BKU. <br/>
- * Processing depends on value of
- * {@link AuthConfigurationProvider#getBKUSelectionType}. <br/>
- * For <code>bkuSelectionType==HTMLComplete</code>, a <code>returnURI</code>
- * for the "BKU Auswahl" service is returned. <br/>
- * For <code>bkuSelectionType==HTMLSelect</code>, an HTML form for BKU
- * selection is returned.
- *
- * @param authURL
- * base URL of MOA-ID Auth component
- * @param target
- * "Gesch&auml;ftsbereich"
- * @param oaURL
- * online application URL requested
- * @param bkuSelectionTemplateURL
- * template for BKU selection form to be used in case of
- * <code>HTMLSelect</code>; may be null
- * @param templateURL
- * URL providing an HTML template for the HTML form to be used
- * for call <code>startAuthentication</code>
- * @return for <code>bkuSelectionType==HTMLComplete</code>, the
- * <code>returnURI</code> for the "BKU Auswahl" service; for
- * <code>bkuSelectionType==HTMLSelect</code>, an HTML form for BKU
- * selection
- * @throws WrongParametersException
- * upon missing parameters
- * @throws AuthenticationException
- * when the configured BKU selection service cannot be reached,
- * and when the given bkuSelectionTemplateURL cannot be reached
- * @throws ConfigurationException
- * on missing configuration data
- * @throws BuildException
- * while building the HTML form
- */
- public String selectBKU(String authURL, String target, String oaURL,
- String bkuSelectionTemplateURL, String templateURL)
- throws WrongParametersException, AuthenticationException,
- ConfigurationException, BuildException {
-
- // check if HTTP Connection may be allowed (through
- // FRONTEND_SERVLETS_ENABLE_HTTP_CONNECTION_PROPERTY)
- String boolStr = AuthConfigurationProvider
- .getInstance()
- .getGenericConfigurationParameter(
- AuthConfigurationProvider.FRONTEND_SERVLETS_ENABLE_HTTP_CONNECTION_PROPERTY);
- if ((!authURL.startsWith("https:"))
- && (false == BoolUtils.valueOf(boolStr)))
- throw new AuthenticationException("auth.07", new Object[] { authURL
- + "*" });
- if (isEmpty(authURL))
- throw new WrongParametersException("StartAuthentication",
- "AuthURL", "auth.05");
- if (isEmpty(oaURL))
- throw new WrongParametersException("StartAuthentication", PARAM_OA,
- "auth.05");
-
- ConnectionParameter bkuConnParam = AuthConfigurationProvider
- .getInstance().getBKUConnectionParameter();
- if (bkuConnParam == null)
- throw new ConfigurationException("config.08",
- new Object[] { "BKUSelection/ConnectionParameter" });
- OAAuthParameter oaParam = AuthConfigurationProvider.getInstance()
- .getOnlineApplicationParameter(oaURL);
- if (oaParam == null)
- throw new AuthenticationException("auth.00", new Object[] { oaURL });
-
- if (!oaParam.getBusinessService()) {
- if (isEmpty(target))
- throw new WrongParametersException("StartAuthentication",
- PARAM_TARGET, "auth.05");
- } else {
- if (!isEmpty(target)) {
- Logger
- .info("Ignoring target parameter thus application type is \"businessService\"");
- }
- target = null;
- }
-
- AuthenticationSession session = newSession();
- Logger.info("MOASession " + session.getSessionID() + " angelegt");
- session.setTarget(target);
- session.setOAURLRequested(oaURL);
- session.setPublicOAURLPrefix(oaParam.getPublicURLPrefix());
- session.setAuthURL(authURL);
- session.setTemplateURL(templateURL);
- session.setBusinessService(oaParam.getBusinessService());
- String returnURL = new DataURLBuilder().buildDataURL(authURL,
- REQ_START_AUTHENTICATION, session.getSessionID());
- String bkuSelectionType = AuthConfigurationProvider.getInstance()
- .getBKUSelectionType();
- if (bkuSelectionType
- .equals(AuthConfigurationProvider.BKU_SELECTION_TYPE_HTMLCOMPLETE)) {
- // bkuSelectionType==HTMLComplete
- String redirectURL = bkuConnParam.getUrl() + "?"
- + AuthServlet.PARAM_RETURN + "=" + returnURL;
- return redirectURL;
- } else {
- // bkuSelectionType==HTMLSelect
- String bkuSelectTag;
- try {
- bkuSelectTag = readBKUSelectTag(AuthConfigurationProvider
- .getInstance(), bkuConnParam);
- } catch (Throwable ex) {
- throw new AuthenticationException("auth.11", new Object[] {
- bkuConnParam.getUrl(), ex.toString() }, ex);
- }
- String bkuSelectionTemplate = null;
- // override template url by url from configuration file
- if (oaParam.getBkuSelectionTemplateURL() != null) {
- bkuSelectionTemplateURL = oaParam.getBkuSelectionTemplateURL();
- }
- if (bkuSelectionTemplateURL != null) {
- try {
- bkuSelectionTemplate = new String(FileUtils
- .readURL(bkuSelectionTemplateURL));
- } catch (IOException ex) {
- throw new AuthenticationException("auth.03", new Object[] {
- bkuSelectionTemplateURL, ex.toString() }, ex);
- }
- }
- String htmlForm = new SelectBKUFormBuilder().build(
- bkuSelectionTemplate, returnURL, bkuSelectTag);
- return htmlForm;
- }
- }
+// /**
+// * Processes request to select a BKU. <br/>
+// * Processing depends on value of
+// * {@link AuthConfigurationProvider#getBKUSelectionType}. <br/>
+// * For <code>bkuSelectionType==HTMLComplete</code>, a <code>returnURI</code>
+// * for the "BKU Auswahl" service is returned. <br/>
+// * For <code>bkuSelectionType==HTMLSelect</code>, an HTML form for BKU
+// * selection is returned.
+// *
+// * @param authURL
+// * base URL of MOA-ID Auth component
+// * @param target
+// * "Gesch&auml;ftsbereich"
+// * @param oaURL
+// * online application URL requested
+// * @param bkuSelectionTemplateURL
+// * template for BKU selection form to be used in case of
+// * <code>HTMLSelect</code>; may be null
+// * @param templateURL
+// * URL providing an HTML template for the HTML form to be used
+// * for call <code>startAuthentication</code>
+// * @return for <code>bkuSelectionType==HTMLComplete</code>, the
+// * <code>returnURI</code> for the "BKU Auswahl" service; for
+// * <code>bkuSelectionType==HTMLSelect</code>, an HTML form for BKU
+// * selection
+// * @throws WrongParametersException
+// * upon missing parameters
+// * @throws AuthenticationException
+// * when the configured BKU selection service cannot be reached,
+// * and when the given bkuSelectionTemplateURL cannot be reached
+// * @throws ConfigurationException
+// * on missing configuration data
+// * @throws BuildException
+// * while building the HTML form
+// */
+// public String selectBKU(String authURL, String target, String oaURL,
+// String bkuSelectionTemplateURL, String templateURL)
+// throws WrongParametersException, AuthenticationException,
+// ConfigurationException, BuildException {
+//
+// // check if HTTP Connection may be allowed (through
+// // FRONTEND_SERVLETS_ENABLE_HTTP_CONNECTION_PROPERTY)
+// String boolStr = AuthConfigurationProvider
+// .getInstance()
+// .getGenericConfigurationParameter(
+// AuthConfigurationProvider.FRONTEND_SERVLETS_ENABLE_HTTP_CONNECTION_PROPERTY);
+// if ((!authURL.startsWith("https:"))
+// && (false == BoolUtils.valueOf(boolStr)))
+// throw new AuthenticationException("auth.07", new Object[] { authURL
+// + "*" });
+// if (isEmpty(authURL))
+// throw new WrongParametersException("StartAuthentication",
+// "AuthURL", "auth.05");
+// if (isEmpty(oaURL))
+// throw new WrongParametersException("StartAuthentication", PARAM_OA,
+// "auth.05");
+//
+// ConnectionParameter bkuConnParam = AuthConfigurationProvider
+// .getInstance().getBKUConnectionParameter();
+// if (bkuConnParam == null)
+// throw new ConfigurationException("config.08",
+// new Object[] { "BKUSelection/ConnectionParameter" });
+// OAAuthParameter oaParam = AuthConfigurationProvider.getInstance()
+// .getOnlineApplicationParameter(oaURL);
+// if (oaParam == null)
+// throw new AuthenticationException("auth.00", new Object[] { oaURL });
+//
+// if (!oaParam.getBusinessService()) {
+// if (isEmpty(target))
+// throw new WrongParametersException("StartAuthentication",
+// PARAM_TARGET, "auth.05");
+// } else {
+// if (!isEmpty(target)) {
+// Logger
+// .info("Ignoring target parameter thus application type is \"businessService\"");
+// }
+// target = null;
+// }
+//
+// AuthenticationSession session = newSession();
+// Logger.info("MOASession " + session.getSessionID() + " angelegt");
+// session.setTarget(target);
+// session.setOAURLRequested(oaURL);
+// session.setPublicOAURLPrefix(oaParam.getPublicURLPrefix());
+// session.setAuthURL(authURL);
+// session.setTemplateURL(templateURL);
+// session.setBusinessService(oaParam.getBusinessService());
+//
+// try {
+// AuthenticationSessionStoreage.storeSession(session);
+//
+// } catch (MOADatabaseException e) {
+// throw new AuthenticationException("", null);
+// }
+//
+// String returnURL = new DataURLBuilder().buildDataURL(authURL,
+// REQ_START_AUTHENTICATION, session.getSessionID());
+// String bkuSelectionType = AuthConfigurationProvider.getInstance()
+// .getBKUSelectionType();
+// if (bkuSelectionType
+// .equals(AuthConfigurationProvider.BKU_SELECTION_TYPE_HTMLCOMPLETE)) {
+// // bkuSelectionType==HTMLComplete
+// String redirectURL = bkuConnParam.getUrl() + "?"
+// + AuthServlet.PARAM_RETURN + "=" + returnURL;
+// return redirectURL;
+// } else {
+// // bkuSelectionType==HTMLSelect
+// String bkuSelectTag;
+// try {
+// bkuSelectTag = readBKUSelectTag(AuthConfigurationProvider
+// .getInstance(), bkuConnParam);
+// } catch (Throwable ex) {
+// throw new AuthenticationException("auth.11", new Object[] {
+// bkuConnParam.getUrl(), ex.toString() }, ex);
+// }
+// String bkuSelectionTemplate = null;
+//
+// //removed in MOAID 2.0
+// // override template url by url from configuration file
+//// if (oaParam.getBkuSelectionTemplateURL() != null) {
+//// bkuSelectionTemplateURL = oaParam.getBkuSelectionTemplateURL();
+//// }
+//
+//// if (bkuSelectionTemplateURL != null) {
+//// try {
+//// bkuSelectionTemplate = new String(FileUtils
+//// .readURL(bkuSelectionTemplateURL));
+//// } catch (IOException ex) {
+//// throw new AuthenticationException("auth.03", new Object[] {
+//// bkuSelectionTemplateURL, ex.toString() }, ex);
+//// }
+//// }
+//
+// String htmlForm = new SelectBKUFormBuilder().build(
+// bkuSelectionTemplate, returnURL, bkuSelectTag);
+// return htmlForm;
+// }
+// }
/**
* Method readBKUSelectTag.
@@ -382,131 +402,78 @@ public class AuthenticationServer implements MOAIDAuthConstants {
* @see GetIdentityLinkFormBuilder
* @see InfoboxReadRequestBuilder
*/
- public String startAuthentication(String authURL, String target,
- String targetFriendlyName, String oaURL, String templateURL,
- String bkuURL, String useMandate, String sessionID, String scheme,
- String sourceID) throws WrongParametersException,
+ public String startAuthentication(AuthenticationSession session, String scheme) throws WrongParametersException,
AuthenticationException, ConfigurationException, BuildException {
- String useMandateString = null;
- boolean useMandateBoolean = false;
- if ((useMandate != null) && (useMandate.compareTo("") != 0)) {
- useMandateString = useMandate;
- } else {
- useMandateString = "false";
+ if (session == null) {
+ throw new AuthenticationException("auth.18", new Object[] { });
}
-
- if (useMandateString.compareToIgnoreCase("true") == 0)
- useMandateBoolean = true;
- else
- useMandateBoolean = false;
-
- if (isEmpty(sessionID)) {
- if (isEmpty(authURL))
- throw new WrongParametersException("StartAuthentication",
- "AuthURL", "auth.05");
-
- // check if HTTP Connection may be allowed (through
- // FRONTEND_SERVLETS_ENABLE_HTTP_CONNECTION_PROPERTY)
- String boolStr = AuthConfigurationProvider
- .getInstance()
- .getGenericConfigurationParameter(
- AuthConfigurationProvider.FRONTEND_SERVLETS_ENABLE_HTTP_CONNECTION_PROPERTY);
- if ((!authURL.startsWith("https:"))
- && (false == BoolUtils.valueOf(boolStr)))
- throw new AuthenticationException("auth.07",
- new Object[] { authURL + "*" });
- if (isEmpty(oaURL))
- throw new WrongParametersException("StartAuthentication",
- PARAM_OA, "auth.05");
- }
- AuthenticationSession session;
- OAAuthParameter oaParam;
- if (sessionID != null) {
- session = getSession(sessionID);
- oaParam = AuthConfigurationProvider.getInstance()
- .getOnlineApplicationParameter(
- session.getPublicOAURLPrefix());
- } else {
- oaParam = AuthConfigurationProvider.getInstance()
- .getOnlineApplicationParameter(oaURL);
- if (oaParam == null)
- throw new AuthenticationException("auth.00",
- new Object[] { oaURL });
- if (!oaParam.getBusinessService()) {
- if (isEmpty(target))
- throw new WrongParametersException("StartAuthentication",
- PARAM_TARGET, "auth.05");
- } else {
- if (useMandateBoolean) {
- Logger
- .error("Online-Mandate Mode for bussines application not supported.");
- throw new AuthenticationException("auth.17", null);
- }
- target = null;
- targetFriendlyName = null;
+
+ //load OnlineApplication configuration
+ OAAuthParameter oaParam =
+ AuthConfigurationProvider.getInstance().getOnlineApplicationParameter(session.getPublicOAURLPrefix());
+ if (oaParam == null)
+ throw new AuthenticationException("auth.00", new Object[] { session.getPublicOAURLPrefix() });
+
+ //load Template
+ String template = null;
+ if (session.getTemplateURL() != null) {
+ try {
+ template = new String(FileUtils.readURL(session.getTemplateURL()));
+ } catch (IOException ex) {
+ throw new AuthenticationException("auth.03", new Object[] {
+ session.getTemplateURL(), ex.toString() }, ex);
}
- session = newSession();
- Logger.info("MOASession " + session.getSessionID() + " angelegt");
- session.setTarget(target);
- session.setTargetFriendlyName(targetFriendlyName);
- session.setOAURLRequested(oaURL);
- session.setPublicOAURLPrefix(oaParam.getPublicURLPrefix());
- session.setAuthURL(authURL);
- session.setTemplateURL(templateURL);
- session.setBusinessService(oaParam.getBusinessService());
- if (sourceID != null)
- session.setSourceID(sourceID);
}
- // BKU URL has not been set yet, even if session already exists
- if (bkuURL == null) {
- if (scheme != null && scheme.equalsIgnoreCase("https")) {
- bkuURL = DEFAULT_BKU_HTTPS;
- } else {
- bkuURL = DEFAULT_BKU;
+
+ String infoboxReadRequest = "";
+
+ if (session.isSsoRequested()) {
+ //load identityLink with SSO Target
+ boolean isbuisness = false;
+ String domainIdentifier = "";
+ IdentificationNumber ssobusiness = AuthConfigurationProvider.getInstance().getSSOBusinessService();
+ if (ssobusiness != null) {
+ isbuisness = true;
+ domainIdentifier = ssobusiness.getValue();
}
- }
- session.setBkuURL(bkuURL);
- session.setDomainIdentifier(oaParam.getIdentityLinkDomainIdentifier());
- session.setUseMandate(useMandateString);
- String infoboxReadRequest = new InfoboxReadRequestBuilder().build(
- oaParam.getSlVersion12(), oaParam.getBusinessService(), oaParam
+
+ //build ReadInfobox request
+ infoboxReadRequest = new InfoboxReadRequestBuilder().build(
+ oaParam.isSlVersion12(), isbuisness, domainIdentifier);
+
+ } else {
+ //build ReadInfobox request
+ infoboxReadRequest = new InfoboxReadRequestBuilder().build(
+ oaParam.isSlVersion12(), oaParam.getBusinessService(), oaParam
.getIdentityLinkDomainIdentifier());
+ }
+
String dataURL = new DataURLBuilder().buildDataURL(
session.getAuthURL(), REQ_VERIFY_IDENTITY_LINK, session
.getSessionID());
- String template = null;
- // override template url by url from configuration file
- if (oaParam.getTemplateURL() != null) {
- templateURL = oaParam.getTemplateURL();
- } else {
- templateURL = session.getTemplateURL();
- }
- if (templateURL != null) {
- try {
- template = new String(FileUtils.readURL(templateURL));
- } catch (IOException ex) {
- throw new AuthenticationException("auth.03", new Object[] {
- templateURL, ex.toString() }, ex);
- }
- }
-
+
+ //removed in MOAID 2.0
String pushInfobox = "";
- VerifyInfoboxParameters verifyInfoboxParameters = oaParam
- .getVerifyInfoboxParameters();
- if (verifyInfoboxParameters != null) {
- pushInfobox = verifyInfoboxParameters.getPushInfobox();
- session.setPushInfobox(pushInfobox);
- }
+// VerifyInfoboxParameters verifyInfoboxParameters = oaParam
+// .getVerifyInfoboxParameters();
+// if (verifyInfoboxParameters != null) {
+// pushInfobox = verifyInfoboxParameters.getPushInfobox();
+// session.setPushInfobox(pushInfobox);
+// }
+
+ //build CertInfo request
String certInfoRequest = new CertInfoVerifyXMLSignatureRequestBuilder()
- .build(oaParam.getSlVersion12());
+ .build(oaParam.isSlVersion12());
String certInfoDataURL = new DataURLBuilder()
.buildDataURL(session.getAuthURL(), REQ_START_AUTHENTICATION,
session.getSessionID());
+
String htmlForm = new GetIdentityLinkFormBuilder().build(template,
- bkuURL, infoboxReadRequest, dataURL, certInfoRequest,
+ session.getBkuURL(), infoboxReadRequest, dataURL, certInfoRequest,
certInfoDataURL, pushInfobox);
+
return htmlForm;
}
@@ -535,12 +502,12 @@ public class AuthenticationServer implements MOAIDAuthConstants {
* @return String representation of the
* <code>&lt;CreateXMLSignatureRequest&gt;</code>
*/
- public String verifyIdentityLink(String sessionID,
+ public String verifyIdentityLink(AuthenticationSession session,
Map infoboxReadResponseParameters) throws AuthenticationException,
BuildException, ParseException, ConfigurationException,
ValidateException, ServiceException {
- if (isEmpty(sessionID))
+ if (session == null)
throw new AuthenticationException("auth.10", new Object[] {
REQ_VERIFY_IDENTITY_LINK, PARAM_SESSIONID });
@@ -553,10 +520,11 @@ public class AuthenticationServer implements MOAIDAuthConstants {
throw new AuthenticationException("auth.10", new Object[] {
REQ_VERIFY_IDENTITY_LINK, PARAM_XMLRESPONSE });
- AuthenticationSession session = getSession(sessionID);
- if (session.getTimestampIdentityLink() != null)
- throw new AuthenticationException("auth.01",
- new Object[] { sessionID });
+// AuthenticationSession session = getSession(sessionID);
+// if (session.getTimestampIdentityLink() != null)
+// throw new AuthenticationException("auth.01",
+// new Object[] { sessionID });
+
session.setTimestampIdentityLink();
AuthConfigurationProvider authConf = AuthConfigurationProvider
.getInstance();
@@ -639,11 +607,15 @@ public class AuthenticationServer implements MOAIDAuthConstants {
session.setIdentityLink(identityLink);
// now validate the extended infoboxes
- verifyInfoboxes(session, infoboxReadResponseParameters, !oaParam
- .getProvideStammzahl());
+
+ //TODO: check correctness
+// verifyInfoboxes(session, infoboxReadResponseParameters, !oaParam
+// .getProvideStammzahl());
+ verifyInfoboxes(session, infoboxReadResponseParameters, false);
- return getCreateXMLSignatureRequestAuthBlockOrRedirect(session,
- authConf, oaParam);
+
+ //TODO: make it better!!
+ return "found!";
}
/**
@@ -671,31 +643,40 @@ public class AuthenticationServer implements MOAIDAuthConstants {
* @return String representation of the
* <code>&lt;CreateXMLSignatureRequest&gt;</code>
*/
- public String verifyCertificate(String sessionID,
+ public String verifyCertificate(AuthenticationSession session,
X509Certificate certificate) throws AuthenticationException,
BuildException, ParseException, ConfigurationException,
- ValidateException, ServiceException {
+ ValidateException, ServiceException, MOAIDException{
- if (isEmpty(sessionID))
+ if (session == null)
throw new AuthenticationException("auth.10", new Object[] {
REQ_VERIFY_CERTIFICATE, PARAM_SESSIONID });
// check if person is a Organwalter
// if true - don't show bPK in AUTH Block
- boolean isOW = false;
-// String oid = null;
-// if (oid.equalsIgnoreCase(MISMandate.OID_ORGANWALTER))
-// isOW = true;
-//
- AuthenticationSession session = getSession(sessionID);
+ try {
+ for (ObjectID OWid : MOAIDAuthConstants.OW_LIST) {
+ if (certificate.getExtension(OWid) != null) {
+ session.setOW(true);
+ }
+
+ }
+
+ } catch (X509ExtensionInitException e) {
+ Logger.warn("Certificate extension is not readable.");
+ session.setOW(false);
+ }
+
AuthConfigurationProvider authConf = AuthConfigurationProvider
.getInstance();
OAAuthParameter oaParam = AuthConfigurationProvider.getInstance()
.getOnlineApplicationParameter(session.getPublicOAURLPrefix());
- return getCreateXMLSignatureRequestAuthBlockOrRedirectForOW(session,
- authConf, oaParam, isOW);
+ String returnvalue = getCreateXMLSignatureRequestAuthBlockOrRedirect(session,
+ authConf, oaParam);
+
+ return returnvalue;
}
/**
@@ -717,22 +698,15 @@ public class AuthenticationServer implements MOAIDAuthConstants {
* @return String representation of the
* <code>&lt;CreateXMLSignatureRequest&gt;</code>
*/
- public void verifyMandate(String sessionID, MISMandate mandate)
+ public void verifyMandate(AuthenticationSession session, MISMandate mandate)
throws AuthenticationException, BuildException, ParseException,
ConfigurationException, ValidateException, ServiceException {
- if (isEmpty(sessionID))
+ if (session == null)
throw new AuthenticationException("auth.10", new Object[] {
GET_MIS_SESSIONID, PARAM_SESSIONID });
- String sMandate = new String(mandate.getMandate());
- if (sMandate == null | sMandate.compareToIgnoreCase("") == 0) {
- Logger.error("Mandate is empty.");
- throw new AuthenticationException("auth.16",
- new Object[] { GET_MIS_SESSIONID });
- }
-
- AuthenticationSession session = getSession(sessionID);
+ //AuthenticationSession session = getSession(sessionID);
OAAuthParameter oaParam = AuthConfigurationProvider.getInstance()
.getOnlineApplicationParameter(session.getPublicOAURLPrefix());
@@ -740,6 +714,10 @@ public class AuthenticationServer implements MOAIDAuthConstants {
// sets the extended SAML attributes for OID (Organwalter)
setExtendedSAMLAttributeForMandatesOID(session, mandate, oaParam
.getBusinessService());
+
+ validateExtendedSAMLAttributeForMandates(session, mandate, oaParam.getBusinessService());
+
+
} catch (SAXException e) {
throw new AuthenticationException("auth.16",
new Object[] { GET_MIS_SESSIONID }, e);
@@ -753,27 +731,7 @@ public class AuthenticationServer implements MOAIDAuthConstants {
throw new AuthenticationException("auth.16",
new Object[] { GET_MIS_SESSIONID }, e);
}
-
- if (oaParam.getProvideFullMandatorData()) {
- try {
- // set extended SAML attributes if provideMandatorData is true
- setExtendedSAMLAttributeForMandates(session, mandate, oaParam
- .getBusinessService(), oaParam.getProvideStammzahl());
- } catch (SAXException e) {
- throw new AuthenticationException("auth.16",
- new Object[] { GET_MIS_SESSIONID }, e);
- } catch (IOException e) {
- throw new AuthenticationException("auth.16",
- new Object[] { GET_MIS_SESSIONID }, e);
- } catch (ParserConfigurationException e) {
- throw new AuthenticationException("auth.16",
- new Object[] { GET_MIS_SESSIONID }, e);
- } catch (TransformerException e) {
- throw new AuthenticationException("auth.16",
- new Object[] { GET_MIS_SESSIONID }, e);
- }
- }
-
+
}
/**
@@ -802,17 +760,19 @@ public class AuthenticationServer implements MOAIDAuthConstants {
.getOnlineApplicationParameter(
session.getPublicOAURLPrefix());
+ //TODO: CHECK!! is moved to buildAuthenticationBlock to hold the baseID in identitylink
// if (!fromMandate) {
// BZ.., calculate bPK for signing to be already present in AuthBlock
- IdentityLink identityLink = session.getIdentityLink();
- if (identityLink.getIdentificationType().equals(
- Constants.URN_PREFIX_BASEID)) {
- // only compute bPK if online application is a public service and we
- // have the Stammzahl
- String bpkBase64 = new BPKBuilder().buildBPK(identityLink
- .getIdentificationValue(), session.getTarget());
- identityLink.setIdentificationValue(bpkBase64);
- }
+// IdentityLink identityLink = session.getIdentityLink();
+// if (identityLink.getIdentificationType().equals(
+// Constants.URN_PREFIX_BASEID)) {
+// // only compute bPK if online application is a public service and we
+// // have the Stammzahl
+// String bpkBase64 = new BPKBuilder().buildBPK(identityLink
+// .getIdentificationValue(), session.getTarget());
+// identityLink.setIdentificationValue(bpkBase64);
+// identityLink.setIdentificationType(Constants.URN_PREFIX_CDID + "+" + session.getTarget());
+// }
// ..BZ
// }
@@ -821,81 +781,88 @@ public class AuthenticationServer implements MOAIDAuthConstants {
// session.setAuthBlock(authBlock);
// builds the <CreateXMLSignatureRequest>
- String[] transformsInfos = oaParam.getTransformsInfos();
- if ((transformsInfos == null) || (transformsInfos.length == 0)) {
+ List<String> transformsInfos = oaParam.getTransformsInfos();
+ if ((transformsInfos == null) || (transformsInfos.size() == 0)) {
// no OA specific transforms specified, use default ones
transformsInfos = authConf.getTransformsInfos();
}
String createXMLSignatureRequest = new CreateXMLSignatureRequestBuilder()
.build(authBlock, oaParam.getKeyBoxIdentifier(),
- transformsInfos, oaParam.getSlVersion12());
+ transformsInfos, oaParam.isSlVersion12());
return createXMLSignatureRequest;
}
- /**
- *
- * @param session
- * @param authConf
- * @param oaParam
- * @return
- * @throws ConfigurationException
- * @throws BuildException
- * @throws ValidateException
- */
- public String getCreateXMLSignatureRequestAuthBlockOrRedirectForOW(
- AuthenticationSession session, AuthConfigurationProvider authConf,
- OAAuthParameter oaParam, boolean isOW) throws ConfigurationException,
- BuildException, ValidateException {
-
- // check for intermediate processing of the infoboxes
- if (session.isValidatorInputPending())
- return "Redirect to Input Processor";
-
- if (authConf == null)
- authConf = AuthConfigurationProvider.getInstance();
- if (oaParam == null)
- oaParam = AuthConfigurationProvider.getInstance()
- .getOnlineApplicationParameter(
- session.getPublicOAURLPrefix());
-
- // BZ.., calculate bPK for signing to be already present in AuthBlock
- IdentityLink identityLink = session.getIdentityLink();
- if (identityLink.getIdentificationType().equals(
- Constants.URN_PREFIX_BASEID)) {
- // only compute bPK if online application is a public service and we
- // have the Stammzahl
- if (isOW) {
- // if person is OW, delete identification value (bPK is calculated via MIS)
- identityLink.setIdentificationValue(null);
- identityLink.setIdentificationType(null);
- }
- else {
- String bpkBase64 = new BPKBuilder().buildBPK(identityLink
- .getIdentificationValue(), session.getTarget());
- identityLink.setIdentificationValue(bpkBase64);
- }
- }
- // ..BZ
- // }
-
- // builds the AUTH-block
- String authBlock = buildAuthenticationBlockForOW(session, oaParam, isOW);
-
- // session.setAuthBlock(authBlock);
- // builds the <CreateXMLSignatureRequest>
- String[] transformsInfos = oaParam.getTransformsInfos();
- if ((transformsInfos == null) || (transformsInfos.length == 0)) {
- // no OA specific transforms specified, use default ones
- transformsInfos = authConf.getTransformsInfos();
- }
- String createXMLSignatureRequest = new CreateXMLSignatureRequestBuilder()
- .build(authBlock, oaParam.getKeyBoxIdentifier(),
- transformsInfos, oaParam.getSlVersion12());
-
- System.out.println("XML: " + createXMLSignatureRequest);
-
- return createXMLSignatureRequest;
- }
+// /**
+// *
+// * @param session
+// * @param authConf
+// * @param oaParam
+// * @return
+// * @throws ConfigurationException
+// * @throws BuildException
+// * @throws ValidateException
+// */
+// public String getCreateXMLSignatureRequestAuthBlockOrRedirectForOW(
+// AuthenticationSession session, AuthConfigurationProvider authConf,
+// OAAuthParameter oaParam, boolean isOW) throws ConfigurationException,
+// BuildException, ValidateException {
+//
+// // check for intermediate processing of the infoboxes
+// if (session.isValidatorInputPending())
+// return "Redirect to Input Processor";
+//
+// if (authConf == null)
+// authConf = AuthConfigurationProvider.getInstance();
+// if (oaParam == null)
+// oaParam = AuthConfigurationProvider.getInstance()
+// .getOnlineApplicationParameter(
+// session.getPublicOAURLPrefix());
+//
+// // BZ.., calculate bPK for signing to be already present in AuthBlock
+// IdentityLink identityLink = session.getIdentityLink();
+// if (identityLink.getIdentificationType().equals(
+// Constants.URN_PREFIX_BASEID)) {
+//
+// // only compute bPK if online application is a public service and we
+// // have the Stammzahl
+//// if (isOW) {
+//// // if person is OW, delete identification value (bPK is calculated via MIS)
+//// identityLink.setIdentificationValue(null);
+//// identityLink.setIdentificationType(null);
+//// }
+//// else {
+//
+// //TODO: check correctness!!! bpk calcultion is done during Assertion generation
+//// String bpkBase64 = new BPKBuilder().buildBPK(identityLink
+//// .getIdentificationValue(), session.getTarget());
+//// identityLink.setIdentificationValue(bpkBase64);
+////
+//// //TODO: insert correct Type!!!!
+//// identityLink.setIdentificationType(Constants.URN_PREFIX_CDID + "+" + session.getTarget());
+//// }
+//
+// }
+// // ..BZ
+// // }
+//
+// // builds the AUTH-block
+// String authBlock = buildAuthenticationBlockForOW(session, oaParam, isOW);
+//
+// // session.setAuthBlock(authBlock);
+// // builds the <CreateXMLSignatureRequest>
+// List<String> transformsInfos = oaParam.getTransformsInfos();
+// if ((transformsInfos == null) || (transformsInfos.size() == 0)) {
+// // no OA specific transforms specified, use default ones
+// transformsInfos = authConf.getTransformsInfos();
+// }
+// String createXMLSignatureRequest = new CreateXMLSignatureRequestBuilder()
+// .build(authBlock, oaParam.getKeyBoxIdentifier(),
+// transformsInfos, oaParam.isSlVersion12());
+//
+// System.out.println("XML: " + createXMLSignatureRequest);
+//
+// return createXMLSignatureRequest;
+// }
/**
* Returns an CreateXMLSignatureRequest for signing the ERnP statement.<br>
* <ul>
@@ -909,16 +876,16 @@ public class AuthenticationServer implements MOAIDAuthConstants {
* @return String representation of the
* <code>&lt;CreateXMLSignatureRequest&gt;</code>
*/
- public String createXMLSignatureRequestForeignID(String sessionID,
+ public String createXMLSignatureRequestForeignID(AuthenticationSession session,
X509Certificate cert) throws AuthenticationException,
BuildException, ParseException, ConfigurationException,
ValidateException, ServiceException {
- if (isEmpty(sessionID))
+ if (session == null)
throw new AuthenticationException("auth.10", new Object[] {
REQ_VERIFY_CERTIFICATE, PARAM_SESSIONID });
- AuthenticationSession session = getSession(sessionID);
+// AuthenticationSession session = getSession(sessionID);
AuthConfigurationProvider authConf = AuthConfigurationProvider
.getInstance();
@@ -926,6 +893,8 @@ public class AuthenticationServer implements MOAIDAuthConstants {
OAAuthParameter oaParam = AuthConfigurationProvider.getInstance()
.getOnlineApplicationParameter(session.getPublicOAURLPrefix());
+ //session.setSignerCertificate(cert);
+
return getCreateXMLSignatureRequestForeigID(session, authConf, oaParam,
cert);
}
@@ -986,7 +955,7 @@ public class AuthenticationServer implements MOAIDAuthConstants {
throw new AuthenticationException("auth.10", new Object[] {
REQ_GET_FOREIGN_ID, PARAM_XMLRESPONSE });
- AuthenticationSession session = getSession(sessionID);
+ //AuthenticationSession session = getSession(sessionID);
/*
* if (session.getTimestampIdentityLink() != null) throw new
* AuthenticationException("auth.01", new Object[] { sessionID });
@@ -1077,85 +1046,148 @@ public class AuthenticationServer implements MOAIDAuthConstants {
*/
private String buildAuthenticationBlock(AuthenticationSession session,
OAAuthParameter oaParam) throws BuildException {
+
IdentityLink identityLink = session.getIdentityLink();
String issuer = identityLink.getName();
String gebDat = identityLink.getDateOfBirth();
- String identificationValue = identityLink.getIdentificationValue();
- String identificationType = identityLink.getIdentificationType();
-
- String issueInstant = DateTimeUtils.buildDateTime(Calendar
- .getInstance(), oaParam.getUseUTC());
- session.setIssueInstant(issueInstant);
- String authURL = session.getAuthURL();
- String target = session.getTarget();
- String targetFriendlyName = session.getTargetFriendlyName();
- // Bug #485
- // (https://egovlabs.gv.at/tracker/index.php?func=detail&aid=485&group_id=6&atid=105)
- // String oaURL = session.getPublicOAURLPrefix();
- String oaURL = session.getPublicOAURLPrefix().replaceAll("&", "&amp;");
- List extendedSAMLAttributes = session.getExtendedSAMLAttributesAUTH();
- String authBlock = new AuthenticationBlockAssertionBuilder()
- .buildAuthBlock(issuer, issueInstant, authURL, target,
- targetFriendlyName, identificationValue,
- identificationType, oaURL, gebDat,
- extendedSAMLAttributes, session);
- return authBlock;
- }
-
- /**
- * Builds an authentication block <code>&lt;saml:Assertion&gt;</code> from
- * given session data.
- *
- * @param session
- * authentication session
- *
- * @return <code>&lt;saml:Assertion&gt;</code> as a String
- *
- * @throws BuildException
- * If an error occurs on serializing an extended SAML attribute
- * to be appended to the AUTH-Block.
- */
- private String buildAuthenticationBlockForOW(AuthenticationSession session,
- OAAuthParameter oaParam, boolean isOW) throws BuildException {
- IdentityLink identityLink = session.getIdentityLink();
- String issuer = identityLink.getName();
- String gebDat = identityLink.getDateOfBirth();
- String identificationValue = identityLink.getIdentificationValue();
- String identificationType = identityLink.getIdentificationType();
+ String identificationValue = null;
+ String identificationType = null;
+
+ if (identityLink.getIdentificationType().equals(
+ Constants.URN_PREFIX_BASEID)) {
+ // only compute bPK if online application is a public service and we
+ // have the Stammzahl
+
+
+ if (session.isSsoRequested()) {
+ identificationType = "";
+ identificationValue = "";
+
+ } else {
+ String bpkBase64 = new BPKBuilder().buildBPK(identityLink
+ .getIdentificationValue(), session.getTarget());
+ identificationValue = bpkBase64;
+ identificationType = Constants.URN_PREFIX_CDID + "+" + session.getTarget();
+ }
+
+// identityLink.setIdentificationValue(bpkBase64);
+// identityLink.setIdentificationType(Constants.URN_PREFIX_CDID + "+" + session.getTarget());
+
+ } else {
+ identificationValue = identityLink.getIdentificationValue();
+ identificationType = identityLink.getIdentificationType();
+
+ }
+ //set empty AuthBlock BPK in case of OW
+ if (session.isOW()) {
+ identificationType = "";
+ identificationValue = "";
+ }
+
String issueInstant = DateTimeUtils.buildDateTime(Calendar
.getInstance(), oaParam.getUseUTC());
session.setIssueInstant(issueInstant);
String authURL = session.getAuthURL();
String target = session.getTarget();
String targetFriendlyName = session.getTargetFriendlyName();
+
// Bug #485
// (https://egovlabs.gv.at/tracker/index.php?func=detail&aid=485&group_id=6&atid=105)
// String oaURL = session.getPublicOAURLPrefix();
- String oaURL = session.getPublicOAURLPrefix().replaceAll("&", "&amp;");
+
List extendedSAMLAttributes = session.getExtendedSAMLAttributesAUTH();
- Iterator it = extendedSAMLAttributes.iterator();
- // delete bPK attribute from extended SAML attributes
- if (isOW) {
- ExtendedSAMLAttribute toDelete = null;
- while (it.hasNext()) {
- ExtendedSAMLAttribute attr = (ExtendedSAMLAttribute)it.next();
- if (attr.getName().equalsIgnoreCase("bPK"))
- toDelete = attr;
- }
- if (toDelete != null)
- extendedSAMLAttributes.remove(toDelete);
- }
- String authBlock = new AuthenticationBlockAssertionBuilder()
+
+ if (session.isSsoRequested()) {
+ String oaURL =new String();
+ try {
+ oaURL = AuthConfigurationProvider.getInstance().getSSOPublicUrl();
+
+ if (MiscUtil.isNotEmpty(oaURL))
+ oaURL = oaURL.replaceAll("&", "&amp;");
+
+ } catch (ConfigurationException e) {
+ }
+ String authBlock = new AuthenticationBlockAssertionBuilder()
+ .buildAuthBlockSSO(issuer, issueInstant, authURL, target,
+ targetFriendlyName, identificationValue,
+ identificationType, oaURL, gebDat,
+ extendedSAMLAttributes, session, oaParam);
+ return authBlock;
+
+ } else {
+ String oaURL = session.getPublicOAURLPrefix().replaceAll("&", "&amp;");
+ String authBlock = new AuthenticationBlockAssertionBuilder()
.buildAuthBlock(issuer, issueInstant, authURL, target,
targetFriendlyName, identificationValue,
identificationType, oaURL, gebDat,
- extendedSAMLAttributes, session);
+ extendedSAMLAttributes, session, oaParam);
+ return authBlock;
+ }
+
- return authBlock;
+
+
+
}
+
+// /**
+// * Builds an authentication block <code>&lt;saml:Assertion&gt;</code> from
+// * given session data.
+// *
+// * @param session
+// * authentication session
+// *
+// * @return <code>&lt;saml:Assertion&gt;</code> as a String
+// *
+// * @throws BuildException
+// * If an error occurs on serializing an extended SAML attribute
+// * to be appended to the AUTH-Block.
+// */
+// private String buildAuthenticationBlockForOW(AuthenticationSession session,
+// OAAuthParameter oaParam, boolean isOW) throws BuildException {
+// IdentityLink identityLink = session.getIdentityLink();
+// String issuer = identityLink.getName();
+// String gebDat = identityLink.getDateOfBirth();
+// String identificationValue = identityLink.getIdentificationValue();
+// String identificationType = identityLink.getIdentificationType();
+//
+// String issueInstant = DateTimeUtils.buildDateTime(Calendar
+// .getInstance(), oaParam.getUseUTC());
+// session.setIssueInstant(issueInstant);
+// String authURL = session.getAuthURL();
+// String target = session.getTarget();
+// String targetFriendlyName = session.getTargetFriendlyName();
+// // Bug #485
+// // (https://egovlabs.gv.at/tracker/index.php?func=detail&aid=485&group_id=6&atid=105)
+// // String oaURL = session.getPublicOAURLPrefix();
+// String oaURL = session.getPublicOAURLPrefix().replaceAll("&", "&amp;");
+//
+//
+// List extendedSAMLAttributes = session.getExtendedSAMLAttributesAUTH();
+// Iterator it = extendedSAMLAttributes.iterator();
+// // delete bPK attribute from extended SAML attributes
+// if (session.isOW()) {
+// ExtendedSAMLAttribute toDelete = null;
+// while (it.hasNext()) {
+// ExtendedSAMLAttribute attr = (ExtendedSAMLAttribute)it.next();
+// if (attr.getName().equalsIgnoreCase("bPK"))
+// toDelete = attr;
+// }
+// if (toDelete != null)
+// extendedSAMLAttributes.remove(toDelete);
+// }
+//
+// String authBlock = new AuthenticationBlockAssertionBuilder()
+// .buildAuthBlock(issuer, issueInstant, authURL, target,
+// targetFriendlyName, identificationValue,
+// identificationType, oaURL, gebDat,
+// extendedSAMLAttributes, session, oaParam);
+//
+// return authBlock;
+// }
/**
* Verifies the infoboxes (except of the identity link infobox) returned by
@@ -1184,18 +1216,26 @@ public class AuthenticationServer implements MOAIDAuthConstants {
.getInstance();
// get the default VerifyInfobox parameters
Map defaultInfoboxParameters = null;
- VerifyInfoboxParameters defaultVerifyInfoboxParameters = authConfigurationProvider
- .getDefaultVerifyInfoboxParameters();
- if (defaultVerifyInfoboxParameters != null) {
- defaultInfoboxParameters = defaultVerifyInfoboxParameters
- .getInfoboxParameters();
- }
+
+ //removed in MOA-ID 2.0
+// VerifyInfoboxParameters defaultVerifyInfoboxParameters = authConfigurationProvider
+// .getDefaultVerifyInfoboxParameters();
+// if (defaultVerifyInfoboxParameters != null) {
+// defaultInfoboxParameters = defaultVerifyInfoboxParameters
+// .getInfoboxParameters();
+// }
+
// get the OA specific VerifyInfobox parameters
Map infoboxParameters = null;
OAAuthParameter oaParam = authConfigurationProvider
.getOnlineApplicationParameter(session.getPublicOAURLPrefix());
- VerifyInfoboxParameters verifyInfoboxParameters = oaParam
- .getVerifyInfoboxParameters();
+
+ //TODO: check correctness!!!!
+ //removed in MOAID 2.0
+// VerifyInfoboxParameters verifyInfoboxParameters = oaParam
+// .getVerifyInfoboxParameters();
+// VerifyInfoboxParameters verifyInfoboxParameters = null;
+
session.setExtendedSAMLAttributesAUTH(new Vector()); // Initialize SAML
// Attributes
session.setExtendedSAMLAttributesOA(new Vector());
@@ -1203,191 +1243,191 @@ public class AuthenticationServer implements MOAIDAuthConstants {
// System.out.println("SAML set: " +
// session.getExtendedSAMLAttributesAUTH().size());
- if (verifyInfoboxParameters != null) {
-
- infoboxParameters = verifyInfoboxParameters.getInfoboxParameters();
- // get the list of infobox identifiers
- List identifiers = verifyInfoboxParameters.getIdentifiers();
- if (identifiers != null) {
- // step through the identifiers and verify the infoboxes
- Iterator it = identifiers.iterator();
- while (it.hasNext()) {
- String identifier = (String) it.next();
- // get the infobox read response from the map of parameters
- String infoboxReadResponse = (String) infoboxReadResponseParams
- .get(identifier);
- // get the configuration parameters
- VerifyInfoboxParameter verifyInfoboxParameter = null;
- Object object = infoboxParameters.get(identifier);
- // if not present, use default
- if ((object == null) && (defaultInfoboxParameters != null)) {
- object = defaultInfoboxParameters.get(identifier);
- }
- if (object != null) {
- verifyInfoboxParameter = (VerifyInfoboxParameter) object;
- }
- if (infoboxReadResponse != null) {
- if (verifyInfoboxParameter == null) {
- // should not happen because of the pushinfobox
- // mechanism; check it anyway
- Logger.error("No validator for verifying \""
- + identifier + "\"-infobox configured.");
- throw new ValidateException("validator.41",
- new Object[] { identifier });
- } else {
- String friendlyName = verifyInfoboxParameter
- .getFriendlyName();
- boolean isParepRequest = false;
-
- // parse the infobox read reponse
- List infoboxTokenList = null;
- try {
- infoboxTokenList = ExtendedInfoboxReadResponseParser
- .parseInfoboxReadResponse(
- infoboxReadResponse,
- friendlyName);
- } catch (ParseException e) {
- Logger
- .error("InfoboxReadResponse for \""
- + identifier
- + "\"-infobox could not be parsed successfully: "
- + e.getMessage());
- throw new ValidateException("validator.43",
- new Object[] { friendlyName });
- }
- // set compatibility mode for mandates infobox and
- // all infoboxes (it is possible to be a parep
- // infobox)
- // session.setMandateCompatibilityMode(ParepConfiguration.isMandateCompatibilityMode(verifyInfoboxParameter.getApplicationSpecificParams()));
- // check for party representation in mandates
- // infobox
- if (Constants.INFOBOXIDENTIFIER_MANDATES
- .equalsIgnoreCase(identifier)
- && !((infoboxTokenList == null || infoboxTokenList
- .size() == 0))) {
- // We need app specific parameters
- if (null == verifyInfoboxParameter
- .getApplicationSpecificParams()) {
- throw new ValidateException("validator.66",
- new Object[] { friendlyName });
- }
- Element mandate = ParepValidator
- .extractPrimaryToken(infoboxTokenList);
- // ParepUtils.serializeElement(mandate,
- // System.out);
- String mandateID = ParepUtils
- .extractRepresentativeID(mandate);
- if (!isEmpty(mandateID)
- && ("*".equals(mandateID) || mandateID
- .startsWith(MOAIDAuthConstants.PARTY_REPRESENTATION_OID_NUMBER))) {
- isParepRequest = true;
- }
- if (!isParepRequest) {
- // if mandates validator is disabled we must
- // throw an error in this case
- if (!ParepUtils
- .isValidatorEnabled(verifyInfoboxParameter
- .getApplicationSpecificParams())) {
- throw new ValidateException(
- "validator.60",
- new Object[] { friendlyName });
- }
- }
- }
-
- // get the class for validating the infobox
- InfoboxValidator infoboxValidator = null;
- try {
- Class validatorClass = null;
- if (isParepRequest) {
- // Mandates infobox in party representation
- // mode
- validatorClass = Class
- .forName("at.gv.egovernment.moa.id.auth.validator.parep.ParepValidator");
- } else {
- validatorClass = Class
- .forName(verifyInfoboxParameter
- .getValidatorClassName());
- }
- infoboxValidator = (InfoboxValidator) validatorClass
- .newInstance();
- } catch (Exception e) {
- Logger
- .error("Could not load validator class \""
- + verifyInfoboxParameter
- .getValidatorClassName()
- + "\" for \""
- + identifier
- + "\"-infobox: "
- + e.getMessage());
- throw new ValidateException("validator.42",
- new Object[] { friendlyName });
- }
- Logger
- .debug("Successfully loaded validator class \""
- + verifyInfoboxParameter
- .getValidatorClassName()
- + "\" for \""
- + identifier
- + "\"-infobox.");
- // build the parameters for validating the infobox
- InfoboxValidatorParams infoboxValidatorParams = InfoboxValidatorParamsBuilder
- .buildInfoboxValidatorParams(session,
- verifyInfoboxParameter,
- infoboxTokenList, oaParam);
-
- // now validate the infobox
- InfoboxValidationResult infoboxValidationResult = null;
- try {
- infoboxValidationResult = infoboxValidator
- .validate(infoboxValidatorParams);
- } catch (ValidateException e) {
- Logger.error("Error validating " + identifier
- + " infobox:" + e.getMessage());
- throw new ValidateException("validator.44",
- new Object[] { friendlyName });
- }
- if (!infoboxValidationResult.isValid()) {
- Logger.info("Validation of " + identifier
- + " infobox failed.");
- throw new ValidateException("validator.40",
- new Object[] {
- friendlyName,
- infoboxValidationResult
- .getErrorMessage() });
- }
-
- Logger.info(identifier
- + " infobox successfully validated.");
- // store the validator for post processing
- session.addInfoboxValidator(identifier,
- friendlyName, infoboxValidator);
-
- // get the SAML attributes to be appended to the
- // AUTHBlock or to the final
- // SAML Assertion
- AddAdditionalSAMLAttributes(session,
- infoboxValidationResult
- .getExtendedSamlAttributes(),
- identifier, friendlyName);
- }
- } else {
- if ((verifyInfoboxParameter != null)
- && (verifyInfoboxParameter.isRequired())) {
- Logger
- .info("Infobox \""
- + identifier
- + "\" is required, but not returned from the BKU");
- throw new ValidateException("validator.48",
- new Object[] { verifyInfoboxParameter
- .getFriendlyName() });
- }
- Logger.debug("Infobox \"" + identifier
- + "\" not returned from BKU.");
- }
- }
- }
- }
+// if (verifyInfoboxParameters != null) {
+//
+// infoboxParameters = verifyInfoboxParameters.getInfoboxParameters();
+// // get the list of infobox identifiers
+// List identifiers = verifyInfoboxParameters.getIdentifiers();
+// if (identifiers != null) {
+// // step through the identifiers and verify the infoboxes
+// Iterator it = identifiers.iterator();
+// while (it.hasNext()) {
+// String identifier = (String) it.next();
+// // get the infobox read response from the map of parameters
+// String infoboxReadResponse = (String) infoboxReadResponseParams
+// .get(identifier);
+// // get the configuration parameters
+// VerifyInfoboxParameter verifyInfoboxParameter = null;
+// Object object = infoboxParameters.get(identifier);
+// // if not present, use default
+// if ((object == null) && (defaultInfoboxParameters != null)) {
+// object = defaultInfoboxParameters.get(identifier);
+// }
+// if (object != null) {
+// verifyInfoboxParameter = (VerifyInfoboxParameter) object;
+// }
+// if (infoboxReadResponse != null) {
+// if (verifyInfoboxParameter == null) {
+// // should not happen because of the pushinfobox
+// // mechanism; check it anyway
+// Logger.error("No validator for verifying \""
+// + identifier + "\"-infobox configured.");
+// throw new ValidateException("validator.41",
+// new Object[] { identifier });
+// } else {
+// String friendlyName = verifyInfoboxParameter
+// .getFriendlyName();
+// boolean isParepRequest = false;
+//
+// // parse the infobox read reponse
+// List infoboxTokenList = null;
+// try {
+// infoboxTokenList = ExtendedInfoboxReadResponseParser
+// .parseInfoboxReadResponse(
+// infoboxReadResponse,
+// friendlyName);
+// } catch (ParseException e) {
+// Logger
+// .error("InfoboxReadResponse for \""
+// + identifier
+// + "\"-infobox could not be parsed successfully: "
+// + e.getMessage());
+// throw new ValidateException("validator.43",
+// new Object[] { friendlyName });
+// }
+// // set compatibility mode for mandates infobox and
+// // all infoboxes (it is possible to be a parep
+// // infobox)
+// // session.setMandateCompatibilityMode(ParepConfiguration.isMandateCompatibilityMode(verifyInfoboxParameter.getApplicationSpecificParams()));
+// // check for party representation in mandates
+// // infobox
+// if (Constants.INFOBOXIDENTIFIER_MANDATES
+// .equalsIgnoreCase(identifier)
+// && !((infoboxTokenList == null || infoboxTokenList
+// .size() == 0))) {
+// // We need app specific parameters
+// if (null == verifyInfoboxParameter
+// .getApplicationSpecificParams()) {
+// throw new ValidateException("validator.66",
+// new Object[] { friendlyName });
+// }
+// Element mandate = ParepValidator
+// .extractPrimaryToken(infoboxTokenList);
+// // ParepUtils.serializeElement(mandate,
+// // System.out);
+// String mandateID = ParepUtils
+// .extractRepresentativeID(mandate);
+// if (!isEmpty(mandateID)
+// && ("*".equals(mandateID) || mandateID
+// .startsWith(MOAIDAuthConstants.PARTY_REPRESENTATION_OID_NUMBER))) {
+// isParepRequest = true;
+// }
+// if (!isParepRequest) {
+// // if mandates validator is disabled we must
+// // throw an error in this case
+// if (!ParepUtils
+// .isValidatorEnabled(verifyInfoboxParameter
+// .getApplicationSpecificParams())) {
+// throw new ValidateException(
+// "validator.60",
+// new Object[] { friendlyName });
+// }
+// }
+// }
+//
+// // get the class for validating the infobox
+// InfoboxValidator infoboxValidator = null;
+// try {
+// Class validatorClass = null;
+// if (isParepRequest) {
+// // Mandates infobox in party representation
+// // mode
+// validatorClass = Class
+// .forName("at.gv.egovernment.moa.id.auth.validator.parep.ParepValidator");
+// } else {
+// validatorClass = Class
+// .forName(verifyInfoboxParameter
+// .getValidatorClassName());
+// }
+// infoboxValidator = (InfoboxValidator) validatorClass
+// .newInstance();
+// } catch (Exception e) {
+// Logger
+// .error("Could not load validator class \""
+// + verifyInfoboxParameter
+// .getValidatorClassName()
+// + "\" for \""
+// + identifier
+// + "\"-infobox: "
+// + e.getMessage());
+// throw new ValidateException("validator.42",
+// new Object[] { friendlyName });
+// }
+// Logger
+// .debug("Successfully loaded validator class \""
+// + verifyInfoboxParameter
+// .getValidatorClassName()
+// + "\" for \""
+// + identifier
+// + "\"-infobox.");
+// // build the parameters for validating the infobox
+// InfoboxValidatorParams infoboxValidatorParams = InfoboxValidatorParamsBuilder
+// .buildInfoboxValidatorParams(session,
+// verifyInfoboxParameter,
+// infoboxTokenList, oaParam);
+//
+// // now validate the infobox
+// InfoboxValidationResult infoboxValidationResult = null;
+// try {
+// infoboxValidationResult = infoboxValidator
+// .validate(infoboxValidatorParams);
+// } catch (ValidateException e) {
+// Logger.error("Error validating " + identifier
+// + " infobox:" + e.getMessage());
+// throw new ValidateException("validator.44",
+// new Object[] { friendlyName });
+// }
+// if (!infoboxValidationResult.isValid()) {
+// Logger.info("Validation of " + identifier
+// + " infobox failed.");
+// throw new ValidateException("validator.40",
+// new Object[] {
+// friendlyName,
+// infoboxValidationResult
+// .getErrorMessage() });
+// }
+//
+// Logger.info(identifier
+// + " infobox successfully validated.");
+// // store the validator for post processing
+// session.addInfoboxValidator(identifier,
+// friendlyName, infoboxValidator);
+//
+// // get the SAML attributes to be appended to the
+// // AUTHBlock or to the final
+// // SAML Assertion
+// AddAdditionalSAMLAttributes(session,
+// infoboxValidationResult
+// .getExtendedSamlAttributes(),
+// identifier, friendlyName);
+// }
+// } else {
+// if ((verifyInfoboxParameter != null)
+// && (verifyInfoboxParameter.isRequired())) {
+// Logger
+// .info("Infobox \""
+// + identifier
+// + "\" is required, but not returned from the BKU");
+// throw new ValidateException("validator.48",
+// new Object[] { verifyInfoboxParameter
+// .getFriendlyName() });
+// }
+// Logger.debug("Infobox \"" + identifier
+// + "\" not returned from BKU.");
+// }
+// }
+// }
+// }
}
/**
@@ -1406,18 +1446,23 @@ public class AuthenticationServer implements MOAIDAuthConstants {
* @throws IOException
* @throws SAXException
*/
- private void setExtendedSAMLAttributeForMandates(
+ private void validateExtendedSAMLAttributeForMandates(
AuthenticationSession session, MISMandate mandate,
- boolean business, boolean provideStammzahl)
+ boolean business)
throws ValidateException, ConfigurationException, SAXException,
IOException, ParserConfigurationException, TransformerException {
- ExtendedSAMLAttribute[] extendedSamlAttributes = addExtendedSamlAttributes(
- mandate, business, provideStammzahl);
+ ExtendedSAMLAttribute[] extendedSAMLAttributes = addExtendedSamlAttributes(
+ mandate, business, false);
- AddAdditionalSAMLAttributes(session, extendedSamlAttributes,
- "MISService", "MISService");
+ int length = extendedSAMLAttributes.length;
+ for (int i = 0; i < length; i++) {
+ ExtendedSAMLAttribute samlAttribute = extendedSAMLAttributes[i];
+ Object value = verifySAMLAttribute(samlAttribute, i, "MISService",
+ "MISService");
+
+ }
}
/**
@@ -1449,56 +1494,56 @@ public class AuthenticationServer implements MOAIDAuthConstants {
}
- /**
- * Intermediate processing of the infoboxes. The first pending infobox
- * validator may validate the provided input
- *
- * @param session
- * The current authentication session
- * @param parameters
- * The parameters got returned by the user input fields
- */
- public static void processInput(AuthenticationSession session,
- Map parameters) throws ValidateException {
-
- // post processing of the infoboxes
- Iterator iter = session.getInfoboxValidatorIterator();
- if (iter != null) {
- while (iter.hasNext()) {
- Vector infoboxValidatorVector = (Vector) iter.next();
- InfoboxValidator infoboxvalidator = (InfoboxValidator) infoboxValidatorVector
- .get(2);
- if (!ParepUtils.isEmpty(infoboxvalidator.getForm())) {
- String identifier = (String) infoboxValidatorVector.get(0);
- String friendlyName = (String) infoboxValidatorVector
- .get(1);
- InfoboxValidationResult infoboxValidationResult = null;
- try {
- infoboxValidationResult = infoboxvalidator
- .validate(parameters);
- } catch (ValidateException e) {
- Logger.error("Error validating " + identifier
- + " infobox:" + e.getMessage());
- throw new ValidateException("validator.44",
- new Object[] { friendlyName });
- }
- if (!infoboxValidationResult.isValid()) {
- Logger.info("Validation of " + identifier
- + " infobox failed.");
- throw new ValidateException("validator.40",
- new Object[] {
- friendlyName,
- infoboxValidationResult
- .getErrorMessage() });
- }
- AddAdditionalSAMLAttributes(
- session,
- infoboxValidationResult.getExtendedSamlAttributes(),
- identifier, friendlyName);
- }
- }
- }
- }
+// /**
+// * Intermediate processing of the infoboxes. The first pending infobox
+// * validator may validate the provided input
+// *
+// * @param session
+// * The current authentication session
+// * @param parameters
+// * The parameters got returned by the user input fields
+// */
+// public static void processInput(AuthenticationSession session,
+// Map parameters) throws ValidateException {
+//
+// // post processing of the infoboxes
+// Iterator iter = session.getInfoboxValidatorIterator();
+// if (iter != null) {
+// while (iter.hasNext()) {
+// Vector infoboxValidatorVector = (Vector) iter.next();
+// InfoboxValidator infoboxvalidator = (InfoboxValidator) infoboxValidatorVector
+// .get(2);
+// if (!ParepUtils.isEmpty(infoboxvalidator.getForm())) {
+// String identifier = (String) infoboxValidatorVector.get(0);
+// String friendlyName = (String) infoboxValidatorVector
+// .get(1);
+// InfoboxValidationResult infoboxValidationResult = null;
+// try {
+// infoboxValidationResult = infoboxvalidator
+// .validate(parameters);
+// } catch (ValidateException e) {
+// Logger.error("Error validating " + identifier
+// + " infobox:" + e.getMessage());
+// throw new ValidateException("validator.44",
+// new Object[] { friendlyName });
+// }
+// if (!infoboxValidationResult.isValid()) {
+// Logger.info("Validation of " + identifier
+// + " infobox failed.");
+// throw new ValidateException("validator.40",
+// new Object[] {
+// friendlyName,
+// infoboxValidationResult
+// .getErrorMessage() });
+// }
+// AddAdditionalSAMLAttributes(
+// session,
+// infoboxValidationResult.getExtendedSamlAttributes(),
+// identifier, friendlyName);
+// }
+// }
+// }
+// }
/**
* Adds given SAML Attributes to the current session. They will be appended
@@ -1609,7 +1654,7 @@ public class AuthenticationServer implements MOAIDAuthConstants {
* @throws TransformerException
*/
- private static ExtendedSAMLAttribute[] addExtendedSamlAttributes(
+ protected static ExtendedSAMLAttribute[] addExtendedSamlAttributes(
MISMandate mandate, boolean business, boolean provideStammzahl)
throws SAXException, IOException, ParserConfigurationException,
TransformerException {
@@ -1761,7 +1806,7 @@ public class AuthenticationServer implements MOAIDAuthConstants {
return doc.getDocumentElement();
}
- private static void replaceExtendedSAMLAttribute(List attributes,
+ protected static void replaceExtendedSAMLAttribute(List attributes,
ExtendedSAMLAttribute samlAttribute) {
if (null == attributes) {
attributes = new Vector();
@@ -1807,18 +1852,20 @@ public class AuthenticationServer implements MOAIDAuthConstants {
* @return SAML artifact needed for retrieving authentication data, encoded
* BASE64
*/
- public String verifyAuthenticationBlock(String sessionID,
+ public String verifyAuthenticationBlock(AuthenticationSession session,
String xmlCreateXMLSignatureReadResponse)
throws AuthenticationException, BuildException, ParseException,
ConfigurationException, ServiceException, ValidateException {
- if (isEmpty(sessionID))
+ if (session == null)
throw new AuthenticationException("auth.10", new Object[] {
REQ_VERIFY_AUTH_BLOCK, PARAM_SESSIONID });
if (isEmpty(xmlCreateXMLSignatureReadResponse))
throw new AuthenticationException("auth.10", new Object[] {
REQ_VERIFY_AUTH_BLOCK, PARAM_XMLRESPONSE });
- AuthenticationSession session = getSession(sessionID);
+
+ //AuthenticationSession session = getSession(sessionID);
+
AuthConfigurationProvider authConf = AuthConfigurationProvider
.getInstance();
// parses <CreateXMLSignatureResponse>
@@ -1837,9 +1884,13 @@ public class AuthenticationServer implements MOAIDAuthConstants {
REQ_VERIFY_AUTH_BLOCK, PARAM_XMLRESPONSE });
}
// validates <CreateXMLSignatureResponse>
- new CreateXMLSignatureResponseValidator().validate(csresp, session);
+ if (session.isSsoRequested())
+ new CreateXMLSignatureResponseValidator().validateSSO(csresp, session);
+ else
+ new CreateXMLSignatureResponseValidator().validate(csresp, session);
+
// builds a <VerifyXMLSignatureRequest> for a MOA-SPSS call
- String[] vtids = authConf.getMoaSpAuthBlockVerifyTransformsInfoIDs();
+ List<String> vtids = authConf.getMoaSpAuthBlockVerifyTransformsInfoIDs();
String tpid = authConf.getMoaSpAuthBlockTrustProfileID();
Element domVsreq = new VerifyXMLSignatureRequestBuilder().build(csresp,
vtids, tpid);
@@ -1876,7 +1927,8 @@ public class AuthenticationServer implements MOAIDAuthConstants {
// TODO See Bug #144
// Compare AuthBlock Data with information stored in session, especially
// date and time
-
+ CreateXMLSignatureResponseValidator.getInstance().validateSigningDateTime(csresp);
+
// compares the public keys from the identityLink with the AuthBlock
VerifyXMLSignatureResponseValidator.getInstance().validateCertificate(
vsresp, session.getIdentityLink());
@@ -1920,27 +1972,45 @@ public class AuthenticationServer implements MOAIDAuthConstants {
}
}
- OAAuthParameter oaParam = AuthConfigurationProvider.getInstance()
- .getOnlineApplicationParameter(session.getPublicOAURLPrefix());
- boolean useUTC = oaParam.getUseUTC();
- boolean useCondition = oaParam.getUseCondition();
- int conditionLength = oaParam.getConditionLength();
+// OAAuthParameter oaParam = AuthConfigurationProvider.getInstance()
+// .getOnlineApplicationParameter(session.getPublicOAURLPrefix());
+// boolean useUTC = oaParam.getUseUTC();
+// boolean useCondition = oaParam.getUseCondition();
+// int conditionLength = oaParam.getConditionLength();
- // builds authentication data and stores it together with a SAML
- // artifact
- AuthenticationData authData = buildAuthenticationData(session, vsresp,
- useUTC, false);
+
+ //TL: moved to Authentification Data generation
+// AuthenticationData authData = buildAuthenticationData(session, vsresp,
+// useUTC, false);
+//
+// //set Authblock
+// session.setAuthData(authData);
+
+ session.setXMLVerifySignatureResponse(vsresp);
+ session.setSignerCertificate(vsresp.getX509certificate());
+ vsresp.setX509certificate(null);
+ session.setForeigner(false);
+
if (session.getUseMandate()) {
// mandate mode
- // session.setAssertionAuthBlock(assertionAuthBlock)
-
- // set signer certificate
- session.setSignerCertificate(vsresp.getX509certificate());
-
return null;
+
} else {
-
+
+ session.setAuthenticatedUsed(false);
+ session.setAuthenticated(true);
+
+ String oldsessionID = session.getSessionID();
+
+ //Session is implicte stored in changeSessionID!!!
+ String newMOASessionID = AuthenticationSessionStoreage.changeSessionID(session);
+
+ Logger.info("Changed MOASession " + oldsessionID + " to Session " + newMOASessionID);
+ Logger.info("Daten angelegt zu MOASession " + newMOASessionID);
+
+ return newMOASessionID;
+ /*
String samlAssertion = new AuthenticationDataAssertionBuilder()
.build(authData, session.getAssertionPrPerson(), session
.getAssertionAuthBlock(), session
@@ -1973,7 +2043,7 @@ public class AuthenticationServer implements MOAIDAuthConstants {
Logger.info("Anmeldedaten zu MOASession " + sessionID
+ " angelegt, SAML Artifakt " + samlArtifact);
return samlArtifact;
-
+ */
}
}
@@ -2004,171 +2074,8 @@ public class AuthenticationServer implements MOAIDAuthConstants {
* @return SAML artifact needed for retrieving authentication data, encoded
* BASE64
*/
- public String verifyAuthenticationBlockMandate(String sessionID,
- Element mandate) throws AuthenticationException, BuildException,
- ParseException, ConfigurationException, ServiceException,
- ValidateException {
-
- if (isEmpty(sessionID))
- throw new AuthenticationException("auth.10", new Object[] {
- REQ_VERIFY_AUTH_BLOCK, PARAM_SESSIONID });
- AuthenticationSession session = getSession(sessionID);
- // AuthConfigurationProvider authConf =
- // AuthConfigurationProvider.getInstance();
-
- IdentityLink tempIdentityLink = null;
-
- if (session.getUseMandate()) {
- tempIdentityLink = new IdentityLink();
- Element mandator = ParepUtils.extractMandator(mandate);
- String dateOfBirth = "";
- Element prPerson = null;
- String familyName = "";
- String givenName = "";
- String identificationType = "";
- String identificationValue = "";
- if (mandator != null) {
- boolean physical = ParepUtils.isPhysicalPerson(mandator);
- if (physical) {
- familyName = ParepUtils.extractText(mandator,
- "descendant-or-self::pr:Name/pr:FamilyName/text()");
- givenName = ParepUtils.extractText(mandator,
- "descendant-or-self::pr:Name/pr:GivenName/text()");
- dateOfBirth = ParepUtils
- .extractMandatorDateOfBirth(mandator);
- } else {
- familyName = ParepUtils.extractMandatorFullName(mandator);
- }
- identificationType = ParepUtils.getIdentification(mandator,
- "Type");
- identificationValue = ParepUtils.extractMandatorWbpk(mandator);
-
- prPerson = ParepUtils.extractPrPersonOfMandate(mandate);
- if (physical
- && session.getBusinessService()
- && identificationType != null
- && Constants.URN_PREFIX_BASEID
- .equals(identificationType)) {
- // now we calculate the wbPK and do so if we got it from the
- // BKU
- identificationType = Constants.URN_PREFIX_WBPK + "+"
- + session.getDomainIdentifier();
- identificationValue = new BPKBuilder().buildWBPK(
- identificationValue, session.getDomainIdentifier());
- ParepUtils
- .HideStammZahlen(prPerson, true, null, null, true);
- }
-
- tempIdentityLink.setDateOfBirth(dateOfBirth);
- tempIdentityLink.setFamilyName(familyName);
- tempIdentityLink.setGivenName(givenName);
- tempIdentityLink.setIdentificationType(identificationType);
- tempIdentityLink.setIdentificationValue(identificationValue);
- tempIdentityLink.setPrPerson(prPerson);
- try {
- tempIdentityLink.setSamlAssertion(session.getIdentityLink()
- .getSamlAssertion());
- } catch (Exception e) {
- throw new ValidateException("validator.64", null);
- }
-
- }
-
- }
-
- // builds authentication data and stores it together with a SAML
- // artifact
- AuthenticationData authData = session.getAssertionAuthData(); // buildAuthenticationData(session,
- // vsresp,
- // replacementIdentityLink);
-
-
- Element mandatePerson = tempIdentityLink.getPrPerson();
-// try {
-// System.out.println("MANDATE: " +
-// DOMUtils.serializeNode(mandatePerson));
-// }
-// catch(Exception e) {
-// e.printStackTrace();
-// }
- String mandateData = null;
- boolean useCondition = false;
- int conditionLength = -1;
- try {
- OAAuthParameter oaParam = AuthConfigurationProvider.getInstance()
- .getOnlineApplicationParameter(
- session.getPublicOAURLPrefix());
- boolean provideStammzahl = oaParam.getProvideStammzahl();
- useCondition = oaParam.getUseCondition();
- conditionLength = oaParam.getConditionLength();
-
- String isPrPerson = mandatePerson.getAttribute("xsi:type");
-
- if (!StringUtils.isEmpty(isPrPerson)) {
- if (isPrPerson.equalsIgnoreCase("pr:PhysicalPerson")) {
- Element prIdentification = (Element) mandatePerson
- .getElementsByTagNameNS(Constants.PD_NS_URI,
- "Identification").item(0);
- String baseid = getBaseId(mandatePerson);
- Element identificationBpK = createIdentificationBPK(mandatePerson,
- baseid, session.getTarget());
-
- if (!provideStammzahl) {
- prIdentification.getFirstChild().setTextContent("");
- }
-
- mandatePerson.insertBefore(identificationBpK,
- prIdentification);
- }
- }
-
- mandateData = DOMUtils.serializeNode(mandatePerson);
-
- } catch (TransformerException e1) {
- throw new AuthenticationException("auth.16",
- new Object[] { GET_MIS_SESSIONID });
- } catch (IOException e1) {
- throw new AuthenticationException("auth.16",
- new Object[] { GET_MIS_SESSIONID });
- }
-
- String samlAssertion = new AuthenticationDataAssertionBuilder()
- .buildMandate(authData, session.getAssertionPrPerson(),
- mandateData, session.getAssertionAuthBlock(), session
- .getAssertionIlAssertion(),
- session.getBkuURL(), session
- .getAssertionSignerCertificateBase64(), session
- .getAssertionBusinessService(), session
- .getSourceID(), session
- .getExtendedSAMLAttributesOA(), useCondition,
- conditionLength);
- authData.setSamlAssertion(samlAssertion);
- String assertionFile = AuthConfigurationProvider.getInstance()
- .getGenericConfigurationParameter(
- "AuthenticationServer.WriteAssertionToFile");
- if (!ParepUtils.isEmpty(assertionFile))
- try {
- ParepUtils.saveStringToFile(samlAssertion, new File(
- assertionFile));
- } catch (IOException e) {
- throw new BuildException("builder.00", new Object[] {
- "AuthenticationData", e.toString() }, e);
- }
-
- String samlArtifact = new SAMLArtifactBuilder().build(session
- .getAuthURL(), session.getSessionID(), session.getSourceID());
- storeAuthenticationData(samlArtifact, authData);
-
- // invalidates the authentication session
- sessionStore.remove(sessionID);
- Logger.info("Anmeldedaten zu MOASession " + sessionID
- + " angelegt, SAML Artifakt " + samlArtifact);
- return samlArtifact;
-
- }
-
- private Element createIdentificationBPK(Element mandatePerson,
+ protected Element createIdentificationBPK(Element mandatePerson,
String baseid, String target) throws BuildException {
Element identificationBpK = mandatePerson.getOwnerDocument()
.createElementNS(Constants.PD_NS_URI, "Identification");
@@ -2189,7 +2096,7 @@ public class AuthenticationServer implements MOAIDAuthConstants {
}
- private String getBaseId(Element mandatePerson)
+ protected String getBaseId(Element mandatePerson)
throws TransformerException, IOException {
NodeList list = mandatePerson.getElementsByTagNameNS(
Constants.PD_NS_URI, "Identification");
@@ -2225,15 +2132,17 @@ public class AuthenticationServer implements MOAIDAuthConstants {
* @return SAML artifact needed for retrieving authentication data, encoded
* BASE64
*/
- public String getForeignAuthenticationData(String sessionID)
+ public String getForeignAuthenticationData(AuthenticationSession session)
throws AuthenticationException, BuildException, ParseException,
ConfigurationException, ServiceException, ValidateException {
- if (isEmpty(sessionID))
+ //TODO: CHECK if STORK parts works correct!!!!
+
+ if (session == null)
throw new AuthenticationException("auth.10", new Object[] {
REQ_VERIFY_AUTH_BLOCK, PARAM_SESSIONID });
- AuthenticationSession session = getSession(sessionID);
+ //AuthenticationSession session = getSession(sessionID);
// AuthConfigurationProvider authConf =
// AuthConfigurationProvider.getInstance();
@@ -2280,14 +2189,32 @@ public class AuthenticationServer implements MOAIDAuthConstants {
X509Certificate cert = session.getSignerCertificate();
vsresp.setX509certificate(cert);
- OAAuthParameter oaParam = AuthConfigurationProvider.getInstance()
- .getOnlineApplicationParameter(session.getPublicOAURLPrefix());
- boolean useUTC = oaParam.getUseUTC();
- boolean useCondition = oaParam.getUseCondition();
- int conditionLength = oaParam.getConditionLength();
- AuthenticationData authData = buildAuthenticationData(session, vsresp,
- useUTC, true);
+// OAAuthParameter oaParam = AuthConfigurationProvider.getInstance()
+// .getOnlineApplicationParameter(session.getPublicOAURLPrefix());
+// boolean useUTC = oaParam.getUseUTC();
+
+// boolean useCondition = oaParam.getUseCondition();
+// int conditionLength = oaParam.getConditionLength();
+
+ //TL: moved to Assertion generation.
+// AuthenticationData authData = buildAuthenticationData(session, vsresp,
+// useUTC, true);
+//
+// session.setAuthData(authData);
+
+ session.setAuthenticatedUsed(false);
+ session.setAuthenticated(true);
+
+ session.setXMLVerifySignatureResponse(vsresp);
+ session.setSignerCertificate(vsresp.getX509certificate());
+ vsresp.setX509certificate(null);
+ session.setForeigner(true);
+
+ return "new Session";
+
+ //TODO: regenerate MOASession ID!
+ /*
String samlAssertion = new AuthenticationDataAssertionBuilder().build(
authData, session.getAssertionPrPerson(), session
.getAssertionAuthBlock(), session
@@ -2319,7 +2246,7 @@ public class AuthenticationServer implements MOAIDAuthConstants {
Logger.info("Anmeldedaten zu MOASession " + sessionID
+ " angelegt, SAML Artifakt " + samlArtifact);
- return samlArtifact;
+ return samlArtifact;*/
}
/**
@@ -2339,23 +2266,28 @@ public class AuthenticationServer implements MOAIDAuthConstants {
* @throws BuildException
* while building the <code>&lt;saml:Assertion&gt;</code>
*/
- private AuthenticationData buildAuthenticationData(
- AuthenticationSession session,
- VerifyXMLSignatureResponse verifyXMLSigResp, boolean useUTC, boolean isForeigner)
+ public static AuthenticationData buildAuthenticationData(
+ AuthenticationSession session, OAAuthParameter oaParam, String target)
throws ConfigurationException, BuildException {
IdentityLink identityLink = session.getIdentityLink();
AuthenticationData authData = new AuthenticationData();
- OAAuthParameter oaParam = AuthConfigurationProvider.getInstance()
- .getOnlineApplicationParameter(session.getPublicOAURLPrefix());
+
+ VerifyXMLSignatureResponse verifyXMLSigResp = session.getXMLVerifySignatureResponse();
+ boolean useUTC = oaParam.getUseUTC();
boolean businessService = oaParam.getBusinessService();
+
authData.setMajorVersion(1);
authData.setMinorVersion(0);
authData.setAssertionID(Random.nextRandom());
authData.setIssuer(session.getAuthURL());
authData.setIssueInstant(DateTimeUtils.buildDateTime(Calendar
.getInstance(), useUTC));
+
+ //baseID or wbpk in case of BusinessService without SSO or BusinessService SSO
+ authData.setIdentificationValue(identityLink.getIdentificationValue());
authData.setIdentificationType(identityLink.getIdentificationType());
+
authData.setGivenName(identityLink.getGivenName());
authData.setFamilyName(identityLink.getFamilyName());
authData.setDateOfBirth(identityLink.getDateOfBirth());
@@ -2366,84 +2298,68 @@ public class AuthenticationServer implements MOAIDAuthConstants {
.getPublicAuthorityCode());
authData.setBkuURL(session.getBkuURL());
authData.setUseUTC(oaParam.getUseUTC());
- boolean provideStammzahl = oaParam.getProvideStammzahl();
- if (provideStammzahl) {
- authData.setIdentificationValue(identityLink
- .getIdentificationValue());
- }
- String prPerson = new PersonDataBuilder().build(identityLink,
- provideStammzahl);
-
+
try {
- String signerCertificateBase64 = "";
- if (oaParam.getProvideCertifcate()) {
- X509Certificate signerCertificate = verifyXMLSigResp
- .getX509certificate();
- if (signerCertificate != null) {
- signerCertificateBase64 = Base64Utils
- .encode(signerCertificate.getEncoded());
- } else {
- Logger
- .info("\"provideCertificate\" is \"true\", but no signer certificate available");
- }
- }
- authData.setSignerCertificate(signerCertificateBase64);
- if(!isForeigner) {
- //we have Austrian citizen
- if (businessService) {
- authData.setWBPK(identityLink.getIdentificationValue());
- } else {
- authData.setBPK(identityLink.getIdentificationValue());
-
- // BZ.., calculation of bPK already before sending AUTHBlock
- /*
- * if(identityLink.getIdentificationType().equals(Constants.
- * URN_PREFIX_BASEID)) { // only compute bPK if online
- * application is a public service and we have the Stammzahl
- * String bpkBase64 = new BPKBuilder().buildBPK(
- * identityLink.getIdentificationValue(), session.getTarget());
- * authData.setBPK(bpkBase64); }
- */
-
- }
+
+ //TODO: resign the IdentityLink!!!
+
+
+ if (session.getUseMandate() && session.isOW()) {
+ MISMandate mandate = session.getMISMandate();
+ authData.setBPK(mandate.getOWbPK());
+ authData.setBPKType(Constants.URN_PREFIX_CDID + "+" + "OW");
+
} else {
- //we have foreigner, thus we have to calculate bPK and wbPK now (after receiving identity link from SZR-GW
+
if (businessService) {
//since we have foreigner, wbPK is not calculated in BKU
- if(identityLink.getIdentificationType().equals(Constants.URN_PREFIX_BASEID)) {
- String wbpkBase64 = new BPKBuilder().buildWBPK(identityLink.getIdentificationValue(), session.getDomainIdentifier());
- authData.setWBPK(wbpkBase64);
- }
+ if(identityLink.getIdentificationType().equals(Constants.URN_PREFIX_BASEID)) {
+
+ String registerAndOrdNr = oaParam.getIdentityLinkDomainIdentifier();
+
+ if (registerAndOrdNr.startsWith(AuthenticationSession.REGISTERANDORDNR_PREFIX_)) {
+ // If domainIdentifier starts with prefix
+ // "urn:publicid:gv.at:wbpk+"; remove this prefix
+ registerAndOrdNr = registerAndOrdNr
+ .substring(AuthenticationSession.REGISTERANDORDNR_PREFIX_.length());
+ Logger.debug("Register and ordernumber prefix stripped off; resulting register string: "
+ + registerAndOrdNr);
+ }
+
+ String wbpkBase64 = new BPKBuilder().buildWBPK(identityLink.getIdentificationValue(), registerAndOrdNr);
+ authData.setBPK(wbpkBase64);
+ authData.setBPKType( Constants.URN_PREFIX_WBPK + "+" + registerAndOrdNr);
+
+ } else {
+ authData.setBPK(identityLink.getIdentificationValue());
+ authData.setBPKType(identityLink.getIdentificationType());
+ }
+
+ Element idlassertion = session.getIdentityLink().getSamlAssertion();
+ //set bpk/wpbk;
+ Node prIdentification = XPathUtils.selectSingleNode(idlassertion, IdentityLinkAssertionParser.PERSON_IDENT_VALUE_XPATH);
+ prIdentification.getFirstChild().setNodeValue(authData.getBPK());
+ //set bkp/wpbk type
+ Node prIdentificationType = XPathUtils.selectSingleNode(idlassertion, IdentityLinkAssertionParser.PERSON_IDENT_TYPE_XPATH);
+ prIdentificationType.getFirstChild().setNodeValue(authData.getBPKType());
- } else {
+ IdentityLinkAssertionParser idlparser = new IdentityLinkAssertionParser(idlassertion);
+ IdentityLink idl = idlparser.parseIdentityLink();
+ authData.setIdentityLink(idl);
- if(identityLink.getIdentificationType().equals(Constants.URN_PREFIX_BASEID)) {
- // only compute bPK if online application is a public service and we have the Stammzahl
- String bpkBase64 = new BPKBuilder().buildBPK(identityLink.getIdentificationValue(), session.getTarget());
- authData.setBPK(bpkBase64);
- }
+ } else {
+
+ if(identityLink.getIdentificationType().equals(Constants.URN_PREFIX_BASEID)) {
+ // only compute bPK if online application is a public service and we have the Stammzahl
+ String bpkBase64 = new BPKBuilder().buildBPK(identityLink.getIdentificationValue(), target);
+ authData.setBPK(bpkBase64);
+ authData.setBPKType(Constants.URN_PREFIX_CDID + "+" + oaParam.getTarget());
+ }
-
+ authData.setIdentityLink(identityLink);
}
-
- }
- String ilAssertion = oaParam.getProvideIdentityLink() ? identityLink
- .getSerializedSamlAssertion()
- : "";
- if (!oaParam.getProvideStammzahl()) {
- ilAssertion = StringUtils.replaceAll(ilAssertion, identityLink
- .getIdentificationValue(), "");
}
- String authBlock = oaParam.getProvideAuthBlock() ? session
- .getAuthBlock() : "";
-
- session.setAssertionAuthBlock(authBlock);
- session.setAssertionAuthData(authData);
- session.setAssertionBusinessService(businessService);
- session.setAssertionIlAssertion(ilAssertion);
- session.setAssertionPrPerson(prPerson);
- session.setAssertionSignerCertificateBase64(signerCertificateBase64);
-
+
return authData;
} catch (Throwable ex) {
@@ -2453,117 +2369,6 @@ public class AuthenticationServer implements MOAIDAuthConstants {
}
/**
- * Retrieves <code>AuthenticationData</code> indexed by the SAML artifact.
- * The <code>AuthenticationData</code> is deleted from the store upon end of
- * this call.
- *
- * @return <code>AuthenticationData</code>
- */
- public AuthenticationData getAuthenticationData(String samlArtifact)
- throws AuthenticationException {
- String assertionHandle;
- try {
- assertionHandle = new SAMLArtifactParser(samlArtifact)
- .parseAssertionHandle();
- } catch (ParseException ex) {
- throw new AuthenticationException("1205", new Object[] {
- samlArtifact, ex.toString() });
- }
- AuthenticationData authData = null;
- synchronized (authenticationDataStore) {
- // System.out.println("assertionHandle: " + assertionHandle);
- authData = (AuthenticationData) authenticationDataStore
- .get(assertionHandle);
- if (authData == null) {
- Logger.error("Assertion not found for SAML Artifact: "
- + samlArtifact);
- throw new AuthenticationException("1206",
- new Object[] { samlArtifact });
- }
- boolean keepAssertion = false;
- try {
- String boolStr = AuthConfigurationProvider.getInstance()
- .getGenericConfigurationParameter(
- "AuthenticationServer.KeepAssertion");
- if (null != boolStr && boolStr.equalsIgnoreCase("true"))
- keepAssertion = true;// Only allowed for debug purposes!!!
- } catch (ConfigurationException ex) {
- throw new AuthenticationException("1205", new Object[] {
- samlArtifact, ex.toString() });
- }
- if (!keepAssertion) {
- authenticationDataStore.remove(assertionHandle);
- }
- }
- long now = new Date().getTime();
- if (now - authData.getTimestamp().getTime() > authDataTimeOut)
- throw new AuthenticationException("1207",
- new Object[] { samlArtifact });
- Logger.debug("Assertion delivered for SAML Artifact: " + samlArtifact);
- return authData;
- }
-
- /**
- * Stores authentication data indexed by the assertion handle contained in
- * the given saml artifact.
- *
- * @param samlArtifact
- * SAML artifact
- * @param authData
- * authentication data
- * @throws AuthenticationException
- * when SAML artifact is invalid
- */
- private void storeAuthenticationData(String samlArtifact,
- AuthenticationData authData) throws AuthenticationException {
-
- try {
- SAMLArtifactParser parser = new SAMLArtifactParser(samlArtifact);
- // check type code 0x0001
- byte[] typeCode = parser.parseTypeCode();
- if (typeCode[0] != 0 || typeCode[1] != 1)
- throw new AuthenticationException("auth.06",
- new Object[] { samlArtifact });
- String assertionHandle = parser.parseAssertionHandle();
- synchronized (authenticationDataStore) {
- Logger.debug("Assertion stored for SAML Artifact: "
- + samlArtifact);
- authenticationDataStore.put(assertionHandle, authData);
- }
- } catch (AuthenticationException ex) {
- throw ex;
- } catch (Throwable ex) {
- throw new AuthenticationException("auth.06",
- new Object[] { samlArtifact });
- }
- }
-
- /**
- * Creates a new session and puts it into the session store.
- *
- * @param id
- * Session ID
- * @return AuthenticationSession created
- * @exception AuthenticationException
- * thrown when an <code>AuthenticationSession</code> is
- * running already for the given session ID
- */
- private static AuthenticationSession newSession()
- throws AuthenticationException {
- String sessionID = Random.nextRandom();
- AuthenticationSession newSession = new AuthenticationSession(sessionID);
- synchronized (sessionStore) {
- AuthenticationSession session = (AuthenticationSession) sessionStore
- .get(sessionID);
- if (session != null)
- throw new AuthenticationException("auth.01",
- new Object[] { sessionID });
- sessionStore.put(sessionID, newSession);
- }
- return newSession;
- }
-
- /**
* Retrieves a session from the session store.
*
* @param id
@@ -2573,11 +2378,20 @@ public class AuthenticationServer implements MOAIDAuthConstants {
*/
public static AuthenticationSession getSession(String id)
throws AuthenticationException {
- AuthenticationSession session = (AuthenticationSession) sessionStore
- .get(id);
- if (session == null)
- throw new AuthenticationException("auth.02", new Object[] { id });
- return session;
+
+ AuthenticationSession session;
+ try {
+ session = AuthenticationSessionStoreage.getSession(id);
+
+ /*(AuthenticationSession) sessionStore
+ .get(id);*/
+ if (session == null)
+ throw new AuthenticationException("auth.02", new Object[] { id });
+ return session;
+
+ } catch (MOADatabaseException e) {
+ throw new AuthenticationException("parser.04", new Object[] { id });
+ }
}
/**
@@ -2585,33 +2399,15 @@ public class AuthenticationServer implements MOAIDAuthConstants {
*/
public void cleanup() {
long now = new Date().getTime();
- synchronized (sessionStore) {
- Set keys = new HashSet(sessionStore.keySet());
- for (Iterator iter = keys.iterator(); iter.hasNext();) {
- String sessionID = (String) iter.next();
- AuthenticationSession session = (AuthenticationSession) sessionStore
- .get(sessionID);
- if (now - session.getTimestampStart().getTime() > sessionTimeOut) {
- Logger.info(MOAIDMessageProvider.getInstance().getMessage(
- "cleaner.02", new Object[] { sessionID }));
- sessionStore.remove(sessionID);
- }
- }
- }
- synchronized (authenticationDataStore) {
- Set keys = new HashSet(authenticationDataStore.keySet());
- for (Iterator iter = keys.iterator(); iter.hasNext();) {
- String samlAssertionHandle = (String) iter.next();
- AuthenticationData authData = (AuthenticationData) authenticationDataStore
- .get(samlAssertionHandle);
- if (now - authData.getTimestamp().getTime() > authDataTimeOut) {
- Logger.info(MOAIDMessageProvider.getInstance().getMessage(
- "cleaner.03",
- new Object[] { authData.getAssertionID() }));
- authenticationDataStore.remove(samlAssertionHandle);
- }
- }
- }
+
+ //clean AuthenticationSessionStore
+ //TODO: acutally the StartAuthentificaten timestamp is used!!!!!
+ //TODO: maybe change this to lastupdate timestamp.
+ AuthenticationSessionStoreage.clean(now, sessionTimeOutCreated, sessionTimeOutUpdated);
+
+ //clean AssertionStore
+ AssertionStorage assertionstore = AssertionStorage.getInstance();
+ assertionstore.clean(now, authDataTimeOut);
}
/**
@@ -2620,8 +2416,12 @@ public class AuthenticationServer implements MOAIDAuthConstants {
* @param seconds
* Time out of the session in seconds
*/
- public void setSecondsSessionTimeOut(long seconds) {
- sessionTimeOut = 1000 * seconds;
+ public void setSecondsSessionTimeOutCreated(long seconds) {
+ sessionTimeOutCreated = seconds * 1000;
+ }
+
+ public void setSecondsSessionTimeOutUpdated(long seconds) {
+ sessionTimeOutUpdated = seconds * 1000;
}
/**
@@ -2631,7 +2431,7 @@ public class AuthenticationServer implements MOAIDAuthConstants {
* Time out for signing AuthData in seconds
*/
public void setSecondsAuthDataTimeOut(long seconds) {
- authDataTimeOut = 1000 * seconds;
+ authDataTimeOut = seconds * 1000;
}
/**
@@ -2658,7 +2458,7 @@ public class AuthenticationServer implements MOAIDAuthConstants {
* the friendly name of the infobox for messages
* @return the SAML attribute value (Element or String)
*/
- private static Object verifySAMLAttribute(
+ protected static Object verifySAMLAttribute(
ExtendedSAMLAttribute samlAttribute, int i, String identifier,
String friendlyName) throws ValidateException {
String name = samlAttribute.getName();
@@ -2776,42 +2576,21 @@ public class AuthenticationServer implements MOAIDAuthConstants {
public static void startSTORKAuthentication(
HttpServletRequest req,
HttpServletResponse resp,
- String ccc,
- String oaURL,
- String target,
- String targetFriendlyName,
- String authURL,
- String sourceID) throws MOAIDException, AuthenticationException, WrongParametersException, ConfigurationException {
+ AuthenticationSession moasession) throws MOAIDException, AuthenticationException, WrongParametersException, ConfigurationException {
- //read configuration paramters of OA
- OAAuthParameter oaParam = AuthConfigurationProvider.getInstance().getOnlineApplicationParameter(oaURL);
- if (oaParam == null)
- throw new AuthenticationException("auth.00", new Object[] { oaURL });
-
- if (!oaParam.getBusinessService()) {
- if (StringUtils.isEmpty(target))
- throw new WrongParametersException("StartAuthentication", PARAM_TARGET, "auth.05");
- } else {
- target = null;
+ if (moasession == null) {
+ throw new AuthenticationException("auth.18", new Object[] { });
}
- //create MOA session
- AuthenticationSession moaSession = newSession();
- Logger.info("MOASession " + moaSession.getSessionID() + " angelegt");
- moaSession.setTarget(target);
- moaSession.setTargetFriendlyName(targetFriendlyName);
- moaSession.setOAURLRequested(oaURL);
- moaSession.setPublicOAURLPrefix(oaParam.getPublicURLPrefix());
- moaSession.setAuthURL(authURL);
- moaSession.setBusinessService(oaParam.getBusinessService());
- moaSession.setDomainIdentifier(oaParam.getIdentityLinkDomainIdentifier());
- if (sourceID != null)
- moaSession.setSourceID(sourceID);
+ //read configuration paramters of OA
+ OAAuthParameter oaParam = AuthConfigurationProvider.getInstance().getOnlineApplicationParameter(moasession.getPublicOAURLPrefix());
+ if (oaParam == null)
+ throw new AuthenticationException("auth.00", new Object[] { moasession.getPublicOAURLPrefix() });
//Start of STORK Processing
STORKConfig storkConfig = AuthConfigurationProvider.getInstance().getStorkConfig();
- CPEPS cpeps = storkConfig.getCPEPS(ccc);
+ CPEPS cpeps = storkConfig.getCPEPS(moasession.getCcc());
Logger.debug("Preparing to assemble STORK AuthnRequest witht the following values:");
String destination = cpeps.getPepsURL().toExternalForm();
@@ -2824,19 +2603,22 @@ public class AuthenticationServer implements MOAIDAuthConstants {
String issuerValue = HTTPUtils.getBaseURL(req);
Logger.debug("Issuer value: " + issuerValue);
- QualityAuthenticationAssuranceLevel qaaLevel = STORKMessagesBuilder.buildQualityAuthenticationAssuranceLevel(oaParam.getQaaLevel().getValue());
- Logger.debug("QAALevel: " + qaaLevel.getValue());
- RequestedAttributes requestedAttributes;
+ QualityAuthenticationAssuranceLevel qaaLevel = STORKMessagesBuilder.buildQualityAuthenticationAssuranceLevel(oaParam.getQaaLevel().getValue());
+ //Logger.debug("QAALevel: " + qaaLevel.getValue());
+
+ RequestedAttributes requestedAttributes = null;
requestedAttributes = oaParam.getRequestedAttributes();
requestedAttributes.detach();
List<RequestedAttribute> reqAttributeList = new ArrayList<RequestedAttribute>();
- List<RequestedAttribute> oaReqAttributeList = new ArrayList<RequestedAttribute>(oaParam.getRequestedAttributes().getRequestedAttributes());
+ List<RequestedAttribute> oaReqAttributeList = null;
+ oaReqAttributeList = new ArrayList<RequestedAttribute>(oaParam.getRequestedAttributes().getRequestedAttributes());
+
//check if country specific attributes must be additionally requested
if (!cpeps.getCountrySpecificRequestedAttributes().isEmpty()) {
//add country specific attributes to be requested (Hierarchy: default oa attributes > country specific attributes > oa specific attributes
- Logger.debug("We have addtional country specific attributes to be requested from the C-PEPS of country: " + ccc);
+ Logger.debug("We have addtional country specific attributes to be requested from the C-PEPS of country: " + moasession.getCcc());
Logger.debug("The following attributes are requested for this specific country:");
List<RequestedAttribute> countrySpecificReqAttributeList = new ArrayList<RequestedAttribute>(cpeps.getCountrySpecificRequestedAttributes());
for (RequestedAttribute csReqAttr : countrySpecificReqAttributeList) {
@@ -2874,13 +2656,15 @@ public class AuthenticationServer implements MOAIDAuthConstants {
}
}
- String spSector = StringUtils.isEmpty(target) ? "Business" : target;
+
+ //TODO: check Target in case of SSO!!
+ String spSector = StringUtils.isEmpty(moasession.getTarget()) ? "Business" : moasession.getTarget();
String spInstitution = StringUtils.isEmpty(oaParam.getFriendlyName()) ? "UNKNOWN" : oaParam.getFriendlyName();
String spApplication = spInstitution;
String spCountry = "AT";
String textToBeSigned =
- CreateXMLSignatureRequestBuilder.buildForeignIDTextToBeSigned("wie im Signaturzertifikat (as in my signature certificate)", oaParam, moaSession);
+ CreateXMLSignatureRequestBuilder.buildForeignIDTextToBeSigned("wie im Signaturzertifikat (as in my signature certificate)", oaParam, moasession);
//generate AuthnRquest
STORKAuthnRequest storkAuthnRequest = STORKAuthnRequestProcessor.generateSTORKAuthnRequest(
@@ -2930,9 +2714,9 @@ public class AuthenticationServer implements MOAIDAuthConstants {
Logger.debug("STORK AuthnRequest successfully internally validated.");
//send
- moaSession.setStorkAuthnRequest(storkAuthnRequest);
+ moasession.setStorkAuthnRequest(storkAuthnRequest);
HttpSession httpSession = req.getSession();
- httpSession.setAttribute("MOA-Session-ID", moaSession.getSessionID());
+ httpSession.setAttribute("MOA-Session-ID", moasession.getSessionID());
Logger.debug("Preparing to send STORK AuthnRequest.");
@@ -2972,12 +2756,21 @@ public class AuthenticationServer implements MOAIDAuthConstants {
InputStream is = new ByteArrayInputStream(Base64.decode(base64CertString));
- CertificateFactory cf;
- X509Certificate cert = null;
- cf = CertificateFactory.getInstance("X.509");
- cert = (X509Certificate)cf.generateCertificate(is);
-
- return cert;
+ X509Certificate cert;
+ try {
+ cert = new X509Certificate(is);
+ return cert;
+
+ } catch (Throwable e) {
+ throw new CertificateException(e);
+ }
+
+// CertificateFactory cf;
+// X509Certificate cert = null;
+// cf = CertificateFactory.getInstance("X.509");
+// CertificateFactory
+// cert = (X509Certificate)cf.generateCertificate(is);
+// return cert;
}
}
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/MOAIDAuthConstants.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/MOAIDAuthConstants.java
index 7d5835f20..edc43da0c 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/MOAIDAuthConstants.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/MOAIDAuthConstants.java
@@ -24,6 +24,9 @@
package at.gv.egovernment.moa.id.auth;
+import java.util.Arrays;
+import java.util.List;
+
import iaik.asn1.ObjectID;
@@ -43,6 +46,9 @@ public interface MOAIDAuthConstants {
public static final String PARAM_OA = "OA";
/** servlet parameter &quot;bkuURI&quot; */
public static final String PARAM_BKU = "bkuURI";
+ public static final String PARAM_MODUL = "MODUL";
+ public static final String PARAM_ACTION = "ACTION";
+ public static final String PARAM_SSO = "SSO";
/** servlet parameter &quot;sourceID&quot; */
public static final String PARAM_SOURCEID = "sourceID";
/** servlet parameter &quot;BKUSelectionTemplate&quot; */
@@ -112,9 +118,25 @@ public interface MOAIDAuthConstants {
* used for checking the authorisation for signing the identity link for identity links signed after february 19th 2007
*/
public static final ObjectID IDENTITY_LINK_SIGNER_OID = new ObjectID(IDENTITY_LINK_SIGNER_OID_NUMBER);
+
/** the number of the certifcate extension for party representatives */
public static final String PARTY_REPRESENTATION_OID_NUMBER = "1.2.40.0.10.3";
- /** the number of the certifcate extension for party organ representatives */
- public static final String PARTY_ORGAN_REPRESENTATION_OID_NUMBER = PARTY_REPRESENTATION_OID_NUMBER + ".10";
+
+// /** the number of the certifcate extension for party organ representatives */
+// public static final String PARTY_ORGAN_REPRESENTATION_OID_NUMBER = PARTY_REPRESENTATION_OID_NUMBER + ".10";
+
+ /** OW */
+ public static final String OW_ORGANWALTER = PARTY_REPRESENTATION_OID_NUMBER + ".4";
+
+ /** List of OWs */
+ public static final List<ObjectID> OW_LIST = Arrays.asList(
+ new ObjectID(OW_ORGANWALTER));
+
+ /**BKU type identifiers to use bkuURI from configuration*/
+ public static final String REQ_BKU_TYPE_LOCAL = "local";
+ public static final String REQ_BKU_TYPE_ONLINE = "online";
+ public static final String REQ_BKU_TYPE_HANDY = "handy";
+ public static final List<String> REQ_BKU_TYPES = Arrays.asList(REQ_BKU_TYPE_LOCAL, REQ_BKU_TYPE_ONLINE, REQ_BKU_TYPE_HANDY);
+
}
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/MOAIDAuthInitializer.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/MOAIDAuthInitializer.java
index cf5615a13..725773b75 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/MOAIDAuthInitializer.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/MOAIDAuthInitializer.java
@@ -28,6 +28,7 @@ import iaik.pki.PKIException;
import iaik.pki.jsse.IAIKX509TrustManager;
import java.io.IOException;
+import java.math.BigInteger;
import java.security.GeneralSecurityException;
import java.util.Properties;
@@ -93,7 +94,7 @@ public class MOAIDAuthInitializer {
// Mapping OpenSSL - Java
// OpenSSL Java
// http://www.openssl.org/docs/apps/ciphers.html http://docs.oracle.com/javase/6/docs/technotes/guides/security/SunProviders.html
-// via “openssl ciphers -tls1 HIGH –v”
+// via !openssl ciphers -tls1 HIGH !v!
//
// ADH-AES256-SHA TLS_DH_anon_WITH_AES_256_CBC_SHA
// DHE-RSA-AES256-SHA TLS_DHE_RSA_WITH_AES_256_CBC_SHA
@@ -139,6 +140,7 @@ public class MOAIDAuthInitializer {
// Loads the configuration
AuthConfigurationProvider authConf = AuthConfigurationProvider.reload();
+
ConnectionParameter moaSPConnParam = authConf
.getMoaSpConnectionParameter();
@@ -158,6 +160,7 @@ public class MOAIDAuthInitializer {
// Initializes IAIKX509TrustManager logging
String log4jConfigURL = System.getProperty("log4j.configuration");
+ Logger.info("Log4J Configuration: " + log4jConfigURL);
if (log4jConfigURL != null) {
IAIKX509TrustManager.initLog(new LoggerConfigImpl(log4jConfigURL));
}
@@ -170,39 +173,27 @@ public class MOAIDAuthInitializer {
AxisSecureSocketFactory.initialize(ssf);
}
+
// sets the authentication session and authentication data time outs
- String param = authConf
- .getGenericConfigurationParameter(AuthConfigurationProvider.AUTH_SESSION_TIMEOUT_PROPERTY);
+ BigInteger param = authConf.getTimeOuts().getMOASessionCreated();
if (param != null) {
- long sessionTimeOut = 0;
- try {
- sessionTimeOut = new Long(param).longValue();
- } catch (NumberFormatException ex) {
- Logger
- .error(MOAIDMessageProvider
- .getInstance()
- .getMessage(
- "config.05",
- new Object[] { AuthConfigurationProvider.AUTH_SESSION_TIMEOUT_PROPERTY }));
- }
+ long sessionTimeOut = param.longValue();
if (sessionTimeOut > 0)
AuthenticationServer.getInstance()
- .setSecondsSessionTimeOut(sessionTimeOut);
+ .setSecondsSessionTimeOutCreated(sessionTimeOut);
}
- param = authConf
- .getGenericConfigurationParameter(AuthConfigurationProvider.AUTH_DATA_TIMEOUT_PROPERTY);
+
+ param = authConf.getTimeOuts().getMOASessionUpdated();
if (param != null) {
- long authDataTimeOut = 0;
- try {
- authDataTimeOut = new Long(param).longValue();
- } catch (NumberFormatException ex) {
- Logger
- .error(MOAIDMessageProvider
- .getInstance()
- .getMessage(
- "config.05",
- new Object[] { AuthConfigurationProvider.AUTH_DATA_TIMEOUT_PROPERTY }));
- }
+ long sessionTimeOut = param.longValue();
+ if (sessionTimeOut > 0)
+ AuthenticationServer.getInstance()
+ .setSecondsSessionTimeOutUpdated(sessionTimeOut);
+ }
+
+ param = authConf.getTimeOuts().getAssertion();
+ if (param != null) {
+ long authDataTimeOut = param.longValue();
if (authDataTimeOut > 0)
AuthenticationServer.getInstance()
.setSecondsAuthDataTimeOut(authDataTimeOut);
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/AuthenticationBlockAssertionBuilder.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/AuthenticationBlockAssertionBuilder.java
index 412f1db81..ee2313070 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/AuthenticationBlockAssertionBuilder.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/AuthenticationBlockAssertionBuilder.java
@@ -26,8 +26,13 @@ package at.gv.egovernment.moa.id.auth.builder;
import java.io.StringWriter;
import java.text.MessageFormat;
+import java.text.SimpleDateFormat;
+import java.util.Calendar;
+import java.util.Date;
import java.util.List;
+import java.util.Locale;
+import javax.xml.bind.DatatypeConverter;
import javax.xml.transform.Result;
import javax.xml.transform.Source;
import javax.xml.transform.Transformer;
@@ -49,10 +54,12 @@ import at.gv.egovernment.moa.id.config.ConfigurationException;
import at.gv.egovernment.moa.id.config.TargetToSectorNameMapper;
import at.gv.egovernment.moa.id.config.auth.AuthConfigurationProvider;
import at.gv.egovernment.moa.id.config.auth.OAAuthParameter;
+import at.gv.egovernment.moa.id.config.proxy.OAConfiguration;
import at.gv.egovernment.moa.id.util.Random;
import at.gv.egovernment.moa.logging.Logger;
import at.gv.egovernment.moa.util.Constants;
import at.gv.egovernment.moa.util.DOMUtils;
+import at.gv.egovernment.moa.util.MiscUtil;
import at.gv.egovernment.moa.util.StringUtils;
/**
@@ -79,6 +86,7 @@ public class AuthenticationBlockAssertionBuilder extends AuthenticationAssertion
" <saml:AttributeValue>{6}</saml:AttributeValue>" + NL +
" </saml:Attribute>" + NL +
"{7}" +
+ "{8}" +
" </saml:AttributeStatement>" + NL +
"</saml:Assertion>";
@@ -97,6 +105,11 @@ public class AuthenticationBlockAssertionBuilder extends AuthenticationAssertion
" </saml:AttributeValue>" + NL +
" </saml:Attribute>" + NL;
+ private static String SPECIAL_TEXT_ATTRIBUTE =
+ " <saml:Attribute AttributeName=''SpecialText'' AttributeNamespace=''" + MOA_NS_URI + "''>" + NL +
+ " <saml:AttributeValue>{0}</saml:AttributeValue>" + NL +
+ " </saml:Attribute>" + NL;
+
private static String PR_IDENTIFICATION_ATTRIBUTE =
" <pr:Identification xmlns:pr=\"" + PD_NS_URI + "\">" + NL +
@@ -107,7 +120,8 @@ public class AuthenticationBlockAssertionBuilder extends AuthenticationAssertion
/**
* The number of SAML attributes included in this AUTH-Block (without the extended SAML attributes).
*/
- public static final int NUM_OF_SAML_ATTRIBUTES = 3;
+ public static final int NUM_OF_SAML_ATTRIBUTES = 4;
+ public static final int NUM_OF_SAML_ATTRIBUTES_SSO = 3;
/**
* Constructor for AuthenticationBlockAssertionBuilder.
@@ -156,25 +170,16 @@ public class AuthenticationBlockAssertionBuilder extends AuthenticationAssertion
String oaURL,
String gebDat,
List extendedSAMLAttributes,
- AuthenticationSession session)
+ AuthenticationSession session,
+ OAAuthParameter oaParam)
throws BuildException
{
session.setSAMLAttributeGebeORwbpk(true);
String gebeORwbpk = "";
String wbpkNSDeclaration = "";
-
- //reading OA parameters
- OAAuthParameter oaParam;
- try {
- oaParam = AuthConfigurationProvider.getInstance().getOnlineApplicationParameter(
- session.getPublicOAURLPrefix());
- } catch (ConfigurationException e) {
- Logger.error("Error on building AUTH-Block: " + e.getMessage());
- throw new BuildException("builder.00", new Object[] { "AUTH-Block", e.toString()});
- }
-
-
+
if (target == null) {
+
// OA is a business application
if (!Constants.URN_PREFIX_HPI.equals(identityLinkType)) {
// Only add wbPKs to AUTH-Block. HPIs can be added to the AUTH-Block by the corresponding Validator
@@ -191,6 +196,7 @@ public class AuthenticationBlockAssertionBuilder extends AuthenticationAssertion
// We do not have a wbPK, therefore no SAML-Attribute is provided
session.setSAMLAttributeGebeORwbpk(false);
}
+
} else {
// OA is a govermental application
String sectorName = TargetToSectorNameMapper.getSectorNameViaTarget(target);
@@ -205,7 +211,6 @@ public class AuthenticationBlockAssertionBuilder extends AuthenticationAssertion
//no business service, adding bPK
- System.out.println("identityLinkValue: " + identityLinkValue);
if (identityLinkValue != null) {
Element bpkSamlValueElement;
try {
@@ -252,6 +257,21 @@ public class AuthenticationBlockAssertionBuilder extends AuthenticationAssertion
extendedSAMLAttributes.add(oaFriendlyNameAttribute);
+
+ String text = "";
+ try {
+ OAAuthParameter oaparam = AuthConfigurationProvider.getInstance().getOnlineApplicationParameter(session.getPublicOAURLPrefix());
+ if (MiscUtil.isNotEmpty(text = oaparam.getAditionalAuthBlockText()))
+ Logger.info("Use addional AuthBlock Text from OA=" + oaparam.getPublicURLPrefix());
+ } catch (ConfigurationException e) {
+ Logger.warn("Addional AuthBlock Text can not loaded from OA!", e);
+ }
+
+
+
+ String specialText = MessageFormat.format(SPECIAL_TEXT_ATTRIBUTE,
+ new Object[] { generateSpecialText(text, issuer, issueInstant) });
+
String assertion;
try {
assertion = MessageFormat.format(
@@ -263,6 +283,7 @@ public class AuthenticationBlockAssertionBuilder extends AuthenticationAssertion
gebeORwbpk,
oaURL,
gebDat,
+ specialText,
buildExtendedSAMLAttributes(extendedSAMLAttributes)});
} catch (ParseException e) {
Logger.error("Error on building AUTH-Block: " + e.getMessage());
@@ -385,6 +406,18 @@ public class AuthenticationBlockAssertionBuilder extends AuthenticationAssertion
extendedSAMLAttributes.add(oaFriendlyNameAttribute);
//..BZ
+ String text = "";
+ try {
+ OAAuthParameter oaparam = AuthConfigurationProvider.getInstance().getOnlineApplicationParameter(session.getPublicOAURLPrefix());
+ if (MiscUtil.isNotEmpty(text = oaparam.getAditionalAuthBlockText()))
+ Logger.info("Use addional AuthBlock Text from OA=" + oaparam.getPublicURLPrefix());
+ } catch (ConfigurationException e) {
+ Logger.warn("Addional AuthBlock Text can not loaded from OA!", e);
+ }
+
+ String specialText = MessageFormat.format(SPECIAL_TEXT_ATTRIBUTE,
+ new Object[] { generateSpecialText(text, issuer, issueInstant) });
+
String assertion;
try {
assertion = MessageFormat.format(
@@ -396,6 +429,7 @@ public class AuthenticationBlockAssertionBuilder extends AuthenticationAssertion
gebeORwbpk,
oaURL,
gebDat,
+ specialText,
buildExtendedSAMLAttributes(extendedSAMLAttributes)});
} catch (ParseException e) {
Logger.error("Error on building AUTH-Block: " + e.getMessage());
@@ -406,6 +440,17 @@ public class AuthenticationBlockAssertionBuilder extends AuthenticationAssertion
}
+ public static String generateSpecialText(String inputtext, String issuer, String issueInstant) {
+ Calendar datetime = DatatypeConverter.parseDateTime(issueInstant);
+ SimpleDateFormat dateformat = new SimpleDateFormat("dd.MM.yyyy");
+ SimpleDateFormat timeformat = new SimpleDateFormat("HH:mm:ss");
+
+ String text = inputtext.replaceAll("#NAME#", issuer);
+ text = text.replaceAll("#DATE#", dateformat.format(datetime.getTime()));
+ text = text.replaceAll("#TIME#", timeformat.format(datetime.getTime()));
+
+ return text;
+ }
public static String xmlToString(Node node) {
try {
@@ -424,4 +469,92 @@ public class AuthenticationBlockAssertionBuilder extends AuthenticationAssertion
return null;
}
+ public String buildAuthBlockSSO(
+ String issuer,
+ String issueInstant,
+ String authURL,
+ String target,
+ String targetFriendlyName,
+ String identityLinkValue,
+ String identityLinkType,
+ String oaURL,
+ String gebDat,
+ List extendedSAMLAttributes,
+ AuthenticationSession session,
+ OAAuthParameter oaParam)
+ throws BuildException
+ {
+ session.setSAMLAttributeGebeORwbpk(true);
+ String gebeORwbpk = "";
+ String wbpkNSDeclaration = "";
+
+ if (target != null) {
+
+ boolean useMandate = session.getUseMandate();
+ if (useMandate) {
+ String mandateReferenceValue = Random.nextRandom();
+ // remove leading "-"
+ if (mandateReferenceValue.startsWith("-"))
+ mandateReferenceValue = mandateReferenceValue.substring(1);
+
+ session.setMandateReferenceValue(mandateReferenceValue);
+
+ ExtendedSAMLAttribute mandateReferenceValueAttribute =
+ new ExtendedSAMLAttributeImpl("mandateReferenceValue", mandateReferenceValue, Constants.MOA_NS_URI, ExtendedSAMLAttribute.ADD_TO_AUTHBLOCK);
+
+ extendedSAMLAttributes.add(mandateReferenceValueAttribute);
+ }
+ }
+
+ //adding friendly name of OA
+ String friendlyname;
+ try {
+ friendlyname = AuthConfigurationProvider.getInstance().getSSOFriendlyName();
+
+ ExtendedSAMLAttribute oaFriendlyNameAttribute =
+ new ExtendedSAMLAttributeImpl("oaFriendlyName", friendlyname, Constants.MOA_NS_URI, ExtendedSAMLAttribute.ADD_TO_AUTHBLOCK_ONLY);
+
+ extendedSAMLAttributes.add(oaFriendlyNameAttribute);
+
+
+ String text = AuthConfigurationProvider.getInstance().getSSOSpecialText();
+
+ if (MiscUtil.isEmpty(text))
+ text="";
+ String specialText = MessageFormat.format(SPECIAL_TEXT_ATTRIBUTE,
+ new Object[] { generateSpecialText(text, issuer, issueInstant) });
+
+
+
+
+ String assertion;
+
+ assertion = MessageFormat.format(
+ AUTH_BLOCK, new Object[] {
+ wbpkNSDeclaration,
+ issuer,
+ issueInstant,
+ authURL,
+ gebeORwbpk,
+ oaURL,
+ gebDat,
+ specialText,
+ buildExtendedSAMLAttributes(extendedSAMLAttributes)});
+
+ return assertion;
+
+ } catch (ParseException e) {
+ Logger.error("Error on building AUTH-Block: " + e.getMessage());
+ throw new BuildException("builder.00", new Object[] { "AUTH-Block", e.toString()});
+
+ } catch (ConfigurationException e) {
+ Logger.error("Error on building AUTH-Block: " + e.getMessage());
+ throw new BuildException("builder.00", new Object[] { "AUTH-Block", e.toString()});
+ }
+
+
+
+ }
+
+
}
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/AuthenticationDataAssertionBuilder.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/AuthenticationDataAssertionBuilder.java
index 0742261a7..839ebe7a4 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/AuthenticationDataAssertionBuilder.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/AuthenticationDataAssertionBuilder.java
@@ -255,8 +255,8 @@ public class AuthenticationDataAssertionBuilder extends AuthenticationAssertionB
String pkType;
String pkValue;
if (businessService) {
- pkType = authData.getIdentificationType();
- pkValue = authData.getWBPK();
+ pkType = authData.getBPKType();
+ pkValue = authData.getBPK();
} else {
// <saml:NameIdentifier NameQualifier> always has the bPK as type/value
@@ -350,7 +350,6 @@ public class AuthenticationDataAssertionBuilder extends AuthenticationAssertionB
String bkuURL,
String signerCertificateBase64,
boolean businessService,
- String sourceID,
List extendedSAMLAttributes,
boolean useCondition,
int conditionLength)
@@ -377,8 +376,8 @@ public class AuthenticationDataAssertionBuilder extends AuthenticationAssertionB
String pkType;
String pkValue;
if (businessService) {
- pkType = authData.getIdentificationType();
- pkValue = authData.getWBPK();
+ pkType = authData.getBPKType();
+ pkValue = authData.getBPK();
} else {
// <saml:NameIdentifier NameQualifier> always has the bPK as type/value
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/BPKBuilder.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/BPKBuilder.java
index fa9789530..9bec06135 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/BPKBuilder.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/BPKBuilder.java
@@ -27,6 +27,8 @@ package at.gv.egovernment.moa.id.auth.builder;
import java.security.MessageDigest;
import at.gv.egovernment.moa.id.BuildException;
+import at.gv.egovernment.moa.id.auth.data.AuthenticationSession;
+import at.gv.egovernment.moa.logging.Logger;
import at.gv.egovernment.moa.util.Base64Utils;
import at.gv.egovernment.moa.util.Constants;
@@ -59,7 +61,12 @@ public class BPKBuilder {
new Object[] {"BPK", "Unvollständige Parameterangaben: identificationValue=" +
identificationValue + ",target=" + target});
}
- String basisbegriff = identificationValue + "+" + Constants.URN_PREFIX_CDID + "+" + target;
+ String basisbegriff;
+ if (target.startsWith(Constants.URN_PREFIX_CDID + "+"))
+ basisbegriff = identificationValue + "+" + target;
+ else
+ basisbegriff = identificationValue + "+" + Constants.URN_PREFIX_CDID + "+" + target;
+
try {
MessageDigest md = MessageDigest.getInstance("SHA-1");
byte[] hash = md.digest(basisbegriff.getBytes("ISO-8859-1"));
@@ -89,7 +96,13 @@ public class BPKBuilder {
new Object[] {"wbPK", "Unvollständige Parameterangaben: identificationValue=" +
identificationValue + ",Register+Registernummer=" + registerAndOrdNr});
}
- String basisbegriff = identificationValue + "+" + Constants.URN_PREFIX_WBPK + "+" + registerAndOrdNr;
+
+ String basisbegriff;
+ if (registerAndOrdNr.startsWith(Constants.URN_PREFIX_WBPK + "+" ))
+ basisbegriff = identificationValue + "+" + registerAndOrdNr;
+ else
+ basisbegriff = identificationValue + "+" + Constants.URN_PREFIX_WBPK + "+" + registerAndOrdNr;
+
try {
MessageDigest md = MessageDigest.getInstance("SHA-1");
byte[] hash = md.digest(basisbegriff.getBytes("ISO-8859-1"));
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/CreateXMLSignatureRequestBuilder.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/CreateXMLSignatureRequestBuilder.java
index 2da7db2b2..23596abda 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/CreateXMLSignatureRequestBuilder.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/CreateXMLSignatureRequestBuilder.java
@@ -26,6 +26,7 @@ package at.gv.egovernment.moa.id.auth.builder;
import java.text.MessageFormat;
import java.util.Calendar;
+import java.util.List;
import at.gv.egovernment.moa.id.auth.data.AuthenticationSession;
import at.gv.egovernment.moa.id.config.TargetToSectorNameMapper;
@@ -80,17 +81,22 @@ public class CreateXMLSignatureRequestBuilder implements Constants {
* @param slVersion12 specifies whether the Security Layer version number is 1.2 or not
* @return String representation of <code>&lt;CreateXMLSignatureRequest&gt;</code>
*/
- public String build(String authBlock, String keyBoxIdentifier, String[] dsigTransformInfos, boolean slVersion12) {
+ public String build(String authBlock, String keyBoxIdentifier, List<String> dsigTransformInfos, boolean slVersion12) {
String sl10Prefix;
String sl11Prefix;
String slNsDeclaration;
String dsigTransformInfosString = "";
- for (int i = 0; i < dsigTransformInfos.length; i++) {
- dsigTransformInfosString += dsigTransformInfos[i];
+
+ for (String element : dsigTransformInfos) {
+ dsigTransformInfosString += element;
}
+// for (int i = 0; i < dsigTransformInfos.length; i++) {
+// dsigTransformInfosString += dsigTransformInfos[i];
+// }
+
if (slVersion12) {
// replace the SecurityLayer namespace prefixes and URIs within the transforms
@@ -180,8 +186,8 @@ public class CreateXMLSignatureRequestBuilder implements Constants {
// request += "</style>";
request += "</head>";
request += "<body>";
- request += "<h4 class=\"h4style\">Anmeldedaten für (Requesting Application Access for):</h4>";
- request += "<p class=\"titlestyle\">Persönliche Daten (Personal Data)</p>";
+ request += "<h4 class=\"h4style\">Anmeldedaten für (Requesting Application Access for):</h4>";
+ request += "<p class=\"titlestyle\">Persönliche Daten (Personal Data)</p>";
request += "<table class=\"parameters\">";
request += "<tr>";
request += "<td class=\"italicstyle\">Name:</td>";
@@ -201,7 +207,7 @@ public class CreateXMLSignatureRequestBuilder implements Constants {
request += "</tr>";
request += "<tr>";
request += "<td class=\"italicstyle\">Land (Country):</td>";
- request += "<td class=\"normalstyle\">Österreich (Austria)</td>";
+ request += "<td class=\"normalstyle\">Österreich (Austria)</td>";
request += "</tr>";
request += "</table>";
request += "<p class=\"titlestyle\">Technische Parameter (Technical Parameters)</p>";
@@ -253,14 +259,14 @@ public class CreateXMLSignatureRequestBuilder implements Constants {
request += "</tr>";
request += "</table>";
- request += "<p class=\"normalstyle\">Mit der Anmeldung erfolgt eine Abfrage des Ergänzungsregister für " +
- "natürliche Personen (ERnP), damit ich meinen elektronischen " +
- "Identitätsnachweis (meine elektronische Identitätskarte) unmittelbar " +
- "als Österreichische Bürgerkarte verwenden kann. Ich bin nicht im " +
+ request += "<p class=\"normalstyle\">Mit der Anmeldung erfolgt eine Abfrage des Ergänzungsregister für " +
+ "natürliche Personen (ERnP), damit ich meinen elektronischen " +
+ "Identitätsnachweis (meine elektronische Identitätskarte) unmittelbar " +
+ "als Österreichische Bürgerkarte verwenden kann. Ich bin nicht im " +
"Zentralen Melderegister eingetragen und stimme, sofern ich nicht im " +
"ERnP eingetragen bin, einer Eintragung ins ERnP zu. Ich nehme zur " +
- "Kenntnis, dass die Eintragung ins ERnP ausschließlich der Aufzeichnung " +
- "jener Daten, die für die eindeutige Identität notwendig sind, dient.</p>";
+ "Kenntnis, dass die Eintragung ins ERnP ausschließlich der Aufzeichnung " +
+ "jener Daten, die für die eindeutige Identität notwendig sind, dient.</p>";
request += "<p class=\"normalstyle\">I affirm that I am not registered with the Austrian Central " +
"Register of Residents or the Supplementary Register for Natural Persons. I therefore " +
@@ -277,7 +283,7 @@ public class CreateXMLSignatureRequestBuilder implements Constants {
// "Residents Registry and that I am not obliged to register with the Austrian " +
// "Central Residents Registry according to Austrian law.<br/>" +
// "In the event I am not yet registered with the Supplementary Register, I " +
-// "explicitly grant to do so according to §6 (5) E-Government Act (EGovG, idF: " +
+// "explicitly grant to do so according to §6 (5) E-Government Act (EGovG, idF: " +
// "BGBl. I Nr. 7/2008 und BGBl. I Nr. 59/2008).</p>";
request += "</body>";
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/CreateXMLSignatureRequestBuilderForeign.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/CreateXMLSignatureRequestBuilderForeign.java
index 6368713db..650f1578d 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/CreateXMLSignatureRequestBuilderForeign.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/CreateXMLSignatureRequestBuilderForeign.java
@@ -123,19 +123,19 @@ public class CreateXMLSignatureRequestBuilderForeign extends Builder {
out.write("&lt;");
else if (ch == '>')
out.write("&gt;");
- else if (ch == 'ä')
+ else if (ch == 'ä')
out.write("&auml;");
- else if (ch == 'ö')
+ else if (ch == 'ö')
out.write("&ouml;");
- else if (ch == 'ü')
+ else if (ch == 'ü')
out.write("&uuml;");
- else if (ch == 'Ä')
+ else if (ch == 'Ä')
out.write("&Auml;");
- else if (ch == 'Ö')
+ else if (ch == 'Ö')
out.write("&Ouml;");
- else if (ch == 'Ü')
+ else if (ch == 'Ü')
out.write("&Uuml;");
- else if (ch == 'ß')
+ else if (ch == 'ß')
out.write("&szlig;");
else
out.write(ch);
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/DataURLBuilder.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/DataURLBuilder.java
index 4dd6ac78b..9b7cc41ba 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/DataURLBuilder.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/DataURLBuilder.java
@@ -60,27 +60,23 @@ public class DataURLBuilder {
String individualDataURLPrefix = null;
String dataURL;
- try {
- //check if an individual prefix is configured
- individualDataURLPrefix = AuthConfigurationProvider.getInstance().
- getGenericConfigurationParameter(AuthConfigurationProvider.INDIVIDUAL_DATA_URL_PREFIX);
-
- if (null != individualDataURLPrefix) {
-
- //check individualDataURLPrefix
- if(!individualDataURLPrefix.startsWith("http"))
- throw(new ConfigurationException("config.13", new Object[] { individualDataURLPrefix}));
-
- //when ok then use it
- dataURL = individualDataURLPrefix + authServletName;
- } else
- dataURL = authBaseURL + authServletName;
-
- } catch (ConfigurationException e) {
- Logger.warn(e);
- Logger.warn(MOAIDMessageProvider.getInstance().getMessage("config.12", new Object[] { authBaseURL } ));
- dataURL = authBaseURL + authServletName;
- }
+
+ //is removed from config in MOA-ID 2.0
+ //check if an individual prefix is configured
+// individualDataURLPrefix = AuthConfigurationProvider.getInstance().
+// getGenericConfigurationParameter(AuthConfigurationProvider.INDIVIDUAL_DATA_URL_PREFIX);
+//
+// if (null != individualDataURLPrefix) {
+//
+// //check individualDataURLPrefix
+// if(!individualDataURLPrefix.startsWith("http"))
+// throw(new ConfigurationException("config.13", new Object[] { individualDataURLPrefix}));
+//
+// //when ok then use it
+// dataURL = individualDataURLPrefix + authServletName;
+// } else
+
+ dataURL = authBaseURL + authServletName;
dataURL = addParameter(dataURL, AuthServlet.PARAM_SESSIONID, sessionID);
return dataURL;
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/GetIdentityLinkFormBuilder.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/GetIdentityLinkFormBuilder.java
index d40cd1909..bd8d52031 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/GetIdentityLinkFormBuilder.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/GetIdentityLinkFormBuilder.java
@@ -154,19 +154,19 @@ public class GetIdentityLinkFormBuilder extends Builder {
out.write("&lt;");
else if (ch == '>')
out.write("&gt;");
- else if (ch == 'ä')
+ else if (ch == 'ä')
out.write("&auml;");
- else if (ch == 'ö')
+ else if (ch == 'ö')
out.write("&ouml;");
- else if (ch == 'ü')
+ else if (ch == 'ü')
out.write("&uuml;");
- else if (ch == 'Ä')
+ else if (ch == 'Ä')
out.write("&Auml;");
- else if (ch == 'Ö')
+ else if (ch == 'Ö')
out.write("&Ouml;");
- else if (ch == 'Ü')
+ else if (ch == 'Ü')
out.write("&Uuml;");
- else if (ch == 'ß')
+ else if (ch == 'ß')
out.write("&szlig;");
else
out.write(ch);
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/InfoboxValidatorParamsBuilder.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/InfoboxValidatorParamsBuilder.java
index fa1de87de..0a526ebbe 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/InfoboxValidatorParamsBuilder.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/InfoboxValidatorParamsBuilder.java
@@ -59,48 +59,52 @@ public class InfoboxValidatorParamsBuilder {
*
* @return Parameters for validating an infobox token.
*/
- public static InfoboxValidatorParams buildInfoboxValidatorParams(
- AuthenticationSession session,
- VerifyInfoboxParameter verifyInfoboxParameter,
- List infoboxTokenList,
- OAAuthParameter oaParam)
- {
- InfoboxValidatorParamsImpl infoboxValidatorParams = new InfoboxValidatorParamsImpl();
- IdentityLink identityLink = session.getIdentityLink();
-
- // the infobox token to validate
- infoboxValidatorParams.setInfoboxTokenList(infoboxTokenList);
- // configuration parameters
- infoboxValidatorParams.setTrustProfileID(verifyInfoboxParameter.getTrustProfileID());
- infoboxValidatorParams.setSchemaLocations(verifyInfoboxParameter.getSchemaLocations());
- infoboxValidatorParams.setApplicationSpecificParams(verifyInfoboxParameter.getApplicationSpecificParams());
- // authentication session parameters
- infoboxValidatorParams.setBkuURL(session.getBkuURL());
- infoboxValidatorParams.setTarget(session.getTarget());
- infoboxValidatorParams.setDomainIdentifier(oaParam.getIdentityLinkDomainIdentifier());
- infoboxValidatorParams.setBusinessApplication(session.getBusinessService());
- // parameters from the identity link
- infoboxValidatorParams.setFamilyName(identityLink.getFamilyName());
- infoboxValidatorParams.setGivenName(identityLink.getGivenName());
- infoboxValidatorParams.setDateOfBirth(identityLink.getDateOfBirth());
- if (verifyInfoboxParameter.getProvideStammzahl()) {
- infoboxValidatorParams.setIdentificationValue(identityLink.getIdentificationValue());
- }
- infoboxValidatorParams.setIdentificationType(identityLink.getIdentificationType());
- infoboxValidatorParams.setPublicKeys(identityLink.getPublicKey());
- if (verifyInfoboxParameter.getProvideIdentityLink()) {
- Element identityLinkElem = (Element)identityLink.getSamlAssertion().cloneNode(true);
- if (!verifyInfoboxParameter.getProvideStammzahl()) {
- Element identificationValueElem =
- (Element)XPathUtils.selectSingleNode(identityLinkElem, IdentityLinkAssertionParser.PERSON_IDENT_VALUE_XPATH);
- if (identificationValueElem != null) {
- identificationValueElem.getFirstChild().setNodeValue("");
- }
- }
- infoboxValidatorParams.setIdentityLink(identityLinkElem);
- }
- infoboxValidatorParams.setHideStammzahl(!oaParam.getProvideStammzahl());
- return infoboxValidatorParams;
- }
+// public static InfoboxValidatorParams buildInfoboxValidatorParams(
+// AuthenticationSession session,
+// VerifyInfoboxParameter verifyInfoboxParameter,
+// List infoboxTokenList,
+// OAAuthParameter oaParam)
+// {
+// InfoboxValidatorParamsImpl infoboxValidatorParams = new InfoboxValidatorParamsImpl();
+// IdentityLink identityLink = session.getIdentityLink();
+//
+// // the infobox token to validate
+// infoboxValidatorParams.setInfoboxTokenList(infoboxTokenList);
+// // configuration parameters
+// infoboxValidatorParams.setTrustProfileID(verifyInfoboxParameter.getTrustProfileID());
+// infoboxValidatorParams.setSchemaLocations(verifyInfoboxParameter.getSchemaLocations());
+// infoboxValidatorParams.setApplicationSpecificParams(verifyInfoboxParameter.getApplicationSpecificParams());
+// // authentication session parameters
+// infoboxValidatorParams.setBkuURL(session.getBkuURL());
+// infoboxValidatorParams.setTarget(session.getTarget());
+// infoboxValidatorParams.setDomainIdentifier(oaParam.getIdentityLinkDomainIdentifier());
+// infoboxValidatorParams.setBusinessApplication(session.getBusinessService());
+// // parameters from the identity link
+// infoboxValidatorParams.setFamilyName(identityLink.getFamilyName());
+// infoboxValidatorParams.setGivenName(identityLink.getGivenName());
+// infoboxValidatorParams.setDateOfBirth(identityLink.getDateOfBirth());
+// if (verifyInfoboxParameter.getProvideStammzahl()) {
+// infoboxValidatorParams.setIdentificationValue(identityLink.getIdentificationValue());
+// }
+// infoboxValidatorParams.setIdentificationType(identityLink.getIdentificationType());
+// infoboxValidatorParams.setPublicKeys(identityLink.getPublicKey());
+// if (verifyInfoboxParameter.getProvideIdentityLink()) {
+// Element identityLinkElem = (Element)identityLink.getSamlAssertion().cloneNode(true);
+// if (!verifyInfoboxParameter.getProvideStammzahl()) {
+// Element identificationValueElem =
+// (Element)XPathUtils.selectSingleNode(identityLinkElem, IdentityLinkAssertionParser.PERSON_IDENT_VALUE_XPATH);
+// if (identificationValueElem != null) {
+// identificationValueElem.getFirstChild().setNodeValue("");
+// }
+// }
+// infoboxValidatorParams.setIdentityLink(identityLinkElem);
+// }
+//
+// //TODO: check if this is Protocol specific
+// //infoboxValidatorParams.setHideStammzahl(!oaParam.getProvideStammzahl());
+// infoboxValidatorParams.setHideStammzahl(true);
+//
+// return infoboxValidatorParams;
+// }
}
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/LoginConfirmationBuilder.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/LoginConfirmationBuilder.java
new file mode 100644
index 000000000..69e654f56
--- /dev/null
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/LoginConfirmationBuilder.java
@@ -0,0 +1,79 @@
+package at.gv.egovernment.moa.id.auth.builder;
+
+
+public class LoginConfirmationBuilder {
+ /** private static String NL contains the NewLine representation in Java*/
+ private static final String nl = "\n";
+
+ private static final String OA_URL_TAG = "<OA_URL>";
+ private static final String FORM_METHOD_TAG = "<FORM_METHOD_URL>";
+ private static final String ATTR_NAME_TAG = "<ATTR_NAME_URL>";
+ private static final String ATTR_VALUE_TAG = "<ATTR_VALUE_URL>";
+ private static final String ATTR_TEMP_TAG = "<ATTR_TEMP_URL>";
+ private static final String OA_TAG = "<OA_TAG>";
+ private static final String NAME_TAG = "<NAME_URL>";
+
+ private static final String METHOD_GET = "GET";
+ private static final String METHOD_POST = "POST";
+
+
+ private static final String ATTR_TEMPLATE =
+ " <input type=\"hidden\" " + nl +
+ " name=\"" + ATTR_NAME_TAG + "\"" + nl +
+ " value=\"" + ATTR_VALUE_TAG + "\"/>" + nl;
+
+ /** default HTML template */
+ private static final String DEFAULT_HTML_TEMPLATE =
+ "<html>" + nl +
+ "<head>" + nl +
+ "<meta http-equiv=\"content-type\" content=\"text/html; charset=UTF-8\">" + nl +
+ "<title>Anmeldung mit B&uuml;rgerkarte</title>" + nl +
+ "</head>" + nl +
+ "<body>" + nl +
+ "<p>Wollen Sie sich als <b>"+NAME_TAG+"</b> bei <b>"+OA_TAG+
+ "</b> anmelden?</p>" + nl +
+ "<form name=\"GetIdentityLinkForm\"" + nl +
+ " action=\"" + OA_URL_TAG + "\"" + nl +
+ " method=\"" + FORM_METHOD_TAG + "\">" + nl +
+ ATTR_TEMP_TAG +
+ " <input type=\"submit\" value=\"Anmeldung durchf&uuml;hren\"/>" + nl +
+ "</form>" + nl +
+ "</body>" + nl +
+ "</html>";
+
+ private String template;
+
+ public LoginConfirmationBuilder(){
+ init(METHOD_GET);
+ }
+
+ public LoginConfirmationBuilder(String method) {
+ init(method);
+ }
+
+ public void init(String method) {
+ if(method.equals(METHOD_POST)) {
+ template = DEFAULT_HTML_TEMPLATE.replace(FORM_METHOD_TAG, METHOD_POST);
+ } else {
+ template = DEFAULT_HTML_TEMPLATE.replace(FORM_METHOD_TAG, METHOD_GET);
+ }
+ }
+
+ public void addParameter(String name, String value) {
+ String attr_template = ATTR_TEMPLATE + ATTR_TEMP_TAG;
+ //Logger.info("Attr Template: " + attr_template);
+ attr_template = attr_template.replace(ATTR_NAME_TAG, name);
+ //Logger.info("Attr Template: " + attr_template);
+ attr_template = attr_template.replace(ATTR_VALUE_TAG, value);
+ //Logger.info("Attr Template: " + attr_template);
+ template = template.replace(ATTR_TEMP_TAG, attr_template);
+ //Logger.info("Template: " + template);
+ }
+
+ public String finish(String oaURL, String userName, String oa) {
+ template = template.replace(NAME_TAG, userName);
+ template = template.replace(OA_TAG, oa);
+ template = template.replace(OA_URL_TAG, oaURL);
+ return template.replace(ATTR_TEMP_TAG, "");
+ }
+}
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/LoginFormBuilder.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/LoginFormBuilder.java
new file mode 100644
index 000000000..a80fcfa25
--- /dev/null
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/LoginFormBuilder.java
@@ -0,0 +1,107 @@
+package at.gv.egovernment.moa.id.auth.builder;
+
+import java.io.File;
+import java.io.FileInputStream;
+import java.io.FileNotFoundException;
+import java.io.InputStream;
+import java.io.StringWriter;
+import java.net.URI;
+
+import org.apache.commons.io.IOUtils;
+
+import at.gv.egovernment.moa.id.auth.servlet.GenerateIFrameTemplateServlet;
+import at.gv.egovernment.moa.id.config.OAParameter;
+import at.gv.egovernment.moa.id.config.auth.AuthConfigurationProvider;
+import at.gv.egovernment.moa.id.config.auth.OAAuthParameter;
+import at.gv.egovernment.moa.id.protocols.saml1.SAML1Protocol;
+import at.gv.egovernment.moa.logging.Logger;
+
+public class LoginFormBuilder {
+
+ private static final String HTMLTEMPLATESDIR = "htmlTemplates/";
+ private static final String HTMLTEMPLATEFULL = "loginFormFull.html";
+ private static final String HTMLTEMPLATEIFRAME = "loginFormIFrame.html";
+
+ private static String AUTH_URL = "#AUTH_URL#";
+ private static String MODUL = "#MODUL#";
+ private static String ACTION = "#ACTION#";
+ private static String OANAME = "#OAName#";
+ private static String BKU_ONLINE = "#ONLINE#";
+ private static String BKU_HANDY = "#HANDY#";
+ private static String BKU_LOCAL = "#LOCAL#";
+ private static String CONTEXTPATH = "#CONTEXTPATH#";
+ private static String MOASESSIONID = "#SESSIONID#";
+
+ private static String SERVLET = CONTEXTPATH+"/GenerateIframeTemplate";
+
+ private static String getTemplate(boolean isIFrame) {
+
+ String template = null;
+
+ try {
+ String pathLocation;
+
+ InputStream input;
+
+ String rootconfigdir = AuthConfigurationProvider.getInstance().getRootConfigFileDir();
+
+ if (isIFrame)
+ pathLocation = rootconfigdir + HTMLTEMPLATESDIR + HTMLTEMPLATEIFRAME;
+ else
+ pathLocation = rootconfigdir + HTMLTEMPLATESDIR + HTMLTEMPLATEFULL;
+
+ try {
+ File file = new File(new URI(pathLocation));
+ input = new FileInputStream(file);
+
+ } catch (FileNotFoundException e) {
+
+ Logger.warn("No LoginFormTempaltes found. Use Generic Templates from package.");
+
+ if (isIFrame)
+ pathLocation = "resources/templates/" + HTMLTEMPLATEIFRAME;
+ else
+ pathLocation = "resources/templates/" + HTMLTEMPLATEFULL;
+
+ input = Thread.currentThread()
+ .getContextClassLoader()
+ .getResourceAsStream(pathLocation);
+
+ }
+
+ StringWriter writer = new StringWriter();
+ IOUtils.copy(input, writer);
+ template = writer.toString();
+ template = template.replace(AUTH_URL, SERVLET);
+ template = template.replace(BKU_ONLINE, OAAuthParameter.ONLINEBKU);
+ template = template.replace(BKU_HANDY, OAAuthParameter.HANDYBKU);
+ template = template.replace(BKU_LOCAL, OAAuthParameter.LOCALBKU);
+
+ input.close();
+
+ } catch (Exception e) {
+ Logger.error("Failed to read template", e);
+ }
+ return template;
+ }
+
+ public static String buildLoginForm(String modul, String action, String oaname, String contextpath, boolean isIFrame, String moaSessionID) {
+ String value = getTemplate(isIFrame);
+
+ if(value != null) {
+ if(modul == null) {
+ modul = SAML1Protocol.PATH;
+ }
+ if(action == null) {
+ action = SAML1Protocol.GETARTIFACT;
+ }
+ value = value.replace(MODUL, modul);
+ value = value.replace(ACTION, action);
+ value = value.replace(OANAME, oaname);
+ value = value.replace(CONTEXTPATH, contextpath);
+ value = value.replace(MOASESSIONID, moaSessionID);
+ }
+ return value;
+ }
+
+}
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/RedirectFormBuilder.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/RedirectFormBuilder.java
new file mode 100644
index 000000000..6d10f5519
--- /dev/null
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/RedirectFormBuilder.java
@@ -0,0 +1,43 @@
+package at.gv.egovernment.moa.id.auth.builder;
+
+import java.io.InputStream;
+import java.io.StringWriter;
+
+import org.apache.commons.io.IOUtils;
+
+import at.gv.egovernment.moa.id.auth.servlet.GenerateIFrameTemplateServlet;
+import at.gv.egovernment.moa.id.protocols.saml1.SAML1Protocol;
+import at.gv.egovernment.moa.logging.Logger;
+
+public class RedirectFormBuilder {
+
+ private static String URL = "#URL#";
+ private static String template;
+
+ private static String getTemplate() {
+
+ if (template == null) {
+ try {
+ String classpathLocation = "resources/templates/redirectForm.html";
+ InputStream input = Thread.currentThread()
+ .getContextClassLoader()
+ .getResourceAsStream(classpathLocation);
+ StringWriter writer = new StringWriter();
+ IOUtils.copy(input, writer);
+ template = writer.toString();
+ } catch (Exception e) {
+ Logger.error("Failed to read template", e);
+ }
+ }
+
+ return template;
+ }
+
+ public static String buildLoginForm(String url) {
+ String value = getTemplate();
+ value = value.replace(URL, url);
+
+ return value;
+ }
+
+}
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/SAMLArtifactBuilder.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/SAMLArtifactBuilder.java
index a0fe0de1b..304a5b70c 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/SAMLArtifactBuilder.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/SAMLArtifactBuilder.java
@@ -72,7 +72,7 @@ public class SAMLArtifactBuilder {
MessageDigest md = MessageDigest.getInstance("SHA-1");
byte[] sourceID;
// alternative sourceId
- String alternativeSourceID = AuthConfigurationProvider.getInstance().getGenericConfigurationParameter(GENERIC_CONFIG_PARAM_SOURCEID);
+ String alternativeSourceID = AuthConfigurationProvider.getInstance().getAlternativeSourceID();
// if sourceID is given in GET/POST param - use this as source id
if (!ParepUtils.isEmpty(sourceIdParam)) {
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/SendAssertionFormBuilder.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/SendAssertionFormBuilder.java
new file mode 100644
index 000000000..956593237
--- /dev/null
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/SendAssertionFormBuilder.java
@@ -0,0 +1,98 @@
+package at.gv.egovernment.moa.id.auth.builder;
+
+import java.io.File;
+import java.io.FileInputStream;
+import java.io.FileNotFoundException;
+import java.io.InputStream;
+import java.io.StringWriter;
+import java.net.URI;
+
+import org.apache.commons.io.IOUtils;
+
+import at.gv.egovernment.moa.id.auth.servlet.GenerateIFrameTemplateServlet;
+import at.gv.egovernment.moa.id.config.OAParameter;
+import at.gv.egovernment.moa.id.config.auth.AuthConfigurationProvider;
+import at.gv.egovernment.moa.id.config.auth.OAAuthParameter;
+import at.gv.egovernment.moa.id.protocols.saml1.SAML1Protocol;
+import at.gv.egovernment.moa.logging.Logger;
+
+public class SendAssertionFormBuilder {
+
+ private static final String HTMLTEMPLATESDIR = "htmlTemplates/";
+ private static final String HTMLTEMPLATEFULL = "sendAssertionFormFull.html";
+ private static final String HTMLTEMPLATEIFRAME = "sendAssertionFormIFrame.html";
+
+ private static String URL = "#URL#";
+ private static String MODUL = "#MODUL#";
+ private static String ACTION = "#ACTION#";
+ private static String ID = "#ID#";
+ private static String OANAME = "#OAName#";
+ private static String CONTEXTPATH = "#CONTEXTPATH#";
+
+ private static String SERVLET = CONTEXTPATH+"/SSOSendAssertionServlet";
+
+ private static String getTemplate(boolean isIFrame) {
+
+ String template = null;
+
+ try {
+ String pathLocation;
+ InputStream input;
+
+ String rootconfigdir = AuthConfigurationProvider.getInstance().getRootConfigFileDir();
+
+ if (isIFrame)
+ pathLocation = rootconfigdir + HTMLTEMPLATESDIR + HTMLTEMPLATEIFRAME;
+ else
+ pathLocation = rootconfigdir + HTMLTEMPLATESDIR + HTMLTEMPLATEFULL;
+
+ try {
+ File file = new File(new URI(pathLocation));
+ input = new FileInputStream(file);
+
+ } catch (FileNotFoundException e) {
+
+ Logger.warn("No LoginFormTempaltes found. Use Generic Templates from package.");
+
+ if (isIFrame)
+ pathLocation = "resources/templates/" + HTMLTEMPLATEIFRAME;
+ else
+ pathLocation = "resources/templates/" + HTMLTEMPLATEFULL;
+
+ input = Thread.currentThread()
+ .getContextClassLoader()
+ .getResourceAsStream(pathLocation);
+
+ }
+
+ StringWriter writer = new StringWriter();
+ IOUtils.copy(input, writer);
+ template = writer.toString();
+ template = template.replace(URL, SERVLET);
+ } catch (Exception e) {
+ Logger.error("Failed to read template", e);
+ }
+
+ return template;
+ }
+
+ public static String buildForm(String modul, String action, String id, String oaname, String contextpath, boolean isIFrame) {
+ String value = getTemplate(isIFrame);
+
+ if(value != null) {
+ if(modul == null) {
+ modul = SAML1Protocol.PATH;
+ }
+ if(action == null) {
+ action = SAML1Protocol.GETARTIFACT;
+ }
+ value = value.replace(MODUL, modul);
+ value = value.replace(ACTION, action);
+ value = value.replace(ID, id);
+ value = value.replace(OANAME, oaname);
+ value = value.replace(CONTEXTPATH, contextpath);
+ }
+ return value;
+ }
+
+}
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/StartAuthenticationBuilder.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/StartAuthenticationBuilder.java
new file mode 100644
index 000000000..8a9c2b4fd
--- /dev/null
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/StartAuthenticationBuilder.java
@@ -0,0 +1,56 @@
+package at.gv.egovernment.moa.id.auth.builder;
+
+import javax.servlet.http.HttpServletRequest;
+import javax.servlet.http.HttpServletResponse;
+
+import at.gv.egovernment.moa.id.AuthenticationException;
+import at.gv.egovernment.moa.id.MOAIDException;
+import at.gv.egovernment.moa.id.auth.AuthenticationServer;
+import at.gv.egovernment.moa.id.auth.WrongParametersException;
+import at.gv.egovernment.moa.id.auth.data.AuthenticationSession;
+import at.gv.egovernment.moa.id.config.auth.AuthConfigurationProvider;
+import at.gv.egovernment.moa.id.config.stork.STORKConfig;
+import at.gv.egovernment.moa.logging.Logger;
+import at.gv.egovernment.moa.util.StringUtils;
+
+public class StartAuthenticationBuilder {
+
+ private static StartAuthenticationBuilder instance = null;
+
+ public static StartAuthenticationBuilder getInstance() {
+ if (instance == null) {
+ instance = new StartAuthenticationBuilder();
+ }
+ return instance;
+ }
+
+
+ public String build(AuthenticationSession moasession, HttpServletRequest req,
+ HttpServletResponse resp) throws WrongParametersException, MOAIDException {
+
+ if (moasession == null) {
+ throw new AuthenticationException("auth.18", new Object[] { });
+ }
+
+ STORKConfig storkConfig = AuthConfigurationProvider.getInstance().getStorkConfig();
+
+ Logger.info("Starting authentication for a citizen of country: " + (StringUtils.isEmpty(moasession.getCcc()) ? "AT" : moasession.getCcc()));
+ // STORK or normal authentication
+ if (storkConfig.isSTORKAuthentication(moasession.getCcc())) {
+ //STORK authentication
+ Logger.trace("Found C-PEPS configuration for citizen of country: " + moasession.getCcc());
+ Logger.debug("Starting STORK authentication");
+
+ AuthenticationServer.startSTORKAuthentication(req, resp, moasession);
+ return "";
+
+ } else {
+ //normal MOA-ID authentication
+ Logger.debug("Starting normal MOA-ID authentication");
+
+ String getIdentityLinkForm = AuthenticationServer.getInstance().startAuthentication(moasession, req.getScheme());
+
+ return getIdentityLinkForm;
+ }
+ }
+}
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/VerifyXMLSignatureRequestBuilder.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/VerifyXMLSignatureRequestBuilder.java
index 5e6d47bdf..b65b3db0d 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/VerifyXMLSignatureRequestBuilder.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/VerifyXMLSignatureRequestBuilder.java
@@ -24,6 +24,8 @@
package at.gv.egovernment.moa.id.auth.builder;
+import java.util.List;
+
import javax.xml.parsers.DocumentBuilder;
import javax.xml.parsers.DocumentBuilderFactory;
@@ -253,7 +255,7 @@ public class VerifyXMLSignatureRequestBuilder {
*/
public Element build(
CreateXMLSignatureResponse csr,
- String[] verifyTransformsInfoProfileID,
+ List<String> verifyTransformsInfoProfileID,
String trustProfileID)
throws BuildException { //samlAssertionObject
@@ -286,13 +288,25 @@ public class VerifyXMLSignatureRequestBuilder {
// add the transform profile IDs
Element referenceInfoElem = requestDoc_.createElementNS(MOA_NS_URI, "ReferenceInfo");
signatureManifestCheckParamsElem.appendChild(referenceInfoElem);
- for (int i = 0; i < verifyTransformsInfoProfileID.length; i++) {
- Element verifyTransformsInfoProfileIDElem =
- requestDoc_.createElementNS(MOA_NS_URI, "VerifyTransformsInfoProfileID");
- referenceInfoElem.appendChild(verifyTransformsInfoProfileIDElem);
- verifyTransformsInfoProfileIDElem.appendChild(
- requestDoc_.createTextNode(verifyTransformsInfoProfileID[i]));
- }
+
+// for (int i = 0; i < verifyTransformsInfoProfileID.length; i++) {
+//
+// Element verifyTransformsInfoProfileIDElem =
+// requestDoc_.createElementNS(MOA_NS_URI, "VerifyTransformsInfoProfileID");
+// referenceInfoElem.appendChild(verifyTransformsInfoProfileIDElem);
+// verifyTransformsInfoProfileIDElem.appendChild(
+// requestDoc_.createTextNode(verifyTransformsInfoProfileID[i]));
+// }
+
+ for (String element : verifyTransformsInfoProfileID) {
+
+ Element verifyTransformsInfoProfileIDElem =
+ requestDoc_.createElementNS(MOA_NS_URI, "VerifyTransformsInfoProfileID");
+ referenceInfoElem.appendChild(verifyTransformsInfoProfileIDElem);
+ verifyTransformsInfoProfileIDElem.appendChild(
+ requestDoc_.createTextNode(element));
+ }
+
Element returnHashInputDataElem =
requestDoc_.createElementNS(MOA_NS_URI, "ReturnHashInputData");
requestElem_.appendChild(returnHashInputDataElem);
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/data/AuthenticationSession.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/data/AuthenticationSession.java
index e861c62fa..4560e69cf 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/data/AuthenticationSession.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/data/AuthenticationSession.java
@@ -21,59 +21,73 @@
* that you distribute must include a readable copy of the "NOTICE" text file.
*/
-
package at.gv.egovernment.moa.id.auth.data;
-
-
import iaik.x509.X509Certificate;
+import java.io.IOException;
+import java.io.Serializable;
+import java.security.cert.CertificateEncodingException;
+import java.security.cert.CertificateException;
import java.util.ArrayList;
import java.util.Date;
import java.util.Iterator;
import java.util.List;
import java.util.Vector;
+import javax.xml.parsers.ParserConfigurationException;
+
+import org.w3c.dom.Element;
+import org.xml.sax.SAXException;
+
import at.gv.egovernment.moa.id.auth.validator.InfoboxValidator;
import at.gv.egovernment.moa.id.auth.validator.parep.ParepUtils;
import at.gv.egovernment.moa.id.data.AuthenticationData;
+import at.gv.egovernment.moa.id.protocols.pvp2x.exceptions.PVP2Exception;
+import at.gv.egovernment.moa.id.util.client.mis.simple.MISMandate;
import at.gv.egovernment.moa.logging.Logger;
import at.gv.egovernment.moa.util.Constants;
+import at.gv.egovernment.moa.util.DOMUtils;
import eu.stork.mw.messages.saml.STORKAuthnRequest;
/**
- * Session data to be stored between <code>AuthenticationServer</code> API calls.
+ * Session data to be stored between <code>AuthenticationServer</code> API
+ * calls.
*
* @author Paul Ivancsics
* @version $Id$
*/
-public class AuthenticationSession {
-
- private static String TARGET_PREFIX_ = Constants.URN_PREFIX_CDID + "+";
- private static String REGISTERANDORDNR_PREFIX_ = Constants.URN_PREFIX_WBPK + "+";
-
+public class AuthenticationSession implements Serializable {
+
+ /**
+ *
+ */
+ private static final long serialVersionUID = 1L;
+
+ public static final String TARGET_PREFIX_ = Constants.URN_PREFIX_CDID + "+";
+ public static final String REGISTERANDORDNR_PREFIX_ = Constants.URN_PREFIX_WBPK
+ + "+";
+
/**
* session ID
*/
private String sessionID;
/**
- * "Gesch&auml;ftsbereich" the online application belongs to; maybe <code>null</code>
- * if the online application is a business application
+ * "Gesch&auml;ftsbereich" the online application belongs to; maybe
+ * <code>null</code> if the online application is a business application
*/
private String target;
/**
- * Friendly name for the target, if target is configured via MOA-ID configuration
+ * Friendly name for the target, if target is configured via MOA-ID
+ * configuration
*/
private String targetFriendlyName;
-
+
/**
* SourceID
*/
private String sourceID;
- /**
- * Indicates if target from configuration is used or not
- */
- private boolean useTargetFromConfig;
+
/**
* public online application URL requested
*/
@@ -86,758 +100,1037 @@ public class AuthenticationSession {
* URL of MOA ID authentication component
*/
private String authURL;
- /**
- * HTML template URL
- */
- private String templateURL;
-
- /**
- * URL of the BKU
- */
- private String bkuURL;
-
- /**
- * Use mandate
- */
- private boolean useMandate;
-
- /**
- * Reference value for mandate
- */
- private String mandateReferenceValue;
-
- /**
- * Authentication data for the assertion
- */
- private AuthenticationData assertionAuthData;
-
- /**
- * Persondata for the assertion
- */
- private String assertionPrPerson;
-
- /**
- * Authblock for the assertion
- */
- private String assertionAuthBlock;
-
- /**
- * Identitylink assertion for the (MOA) assertion
- */
- private String assertionIlAssertion;
-
- /**
- * Signer certificate (base64 encoded) for the assertion
- */
- private String assertionSignerCertificateBase64;
-
- /**
- * bussiness service for the assertion
- */
- boolean assertionBusinessService;
-
- /**
- * SessionID for MIS
- */
- private String misSessionID;
+ /**
+ * HTML template URL
+ */
+ private String templateURL;
+
+ /**
+ * URL of the BKU
+ */
+ private String bkuURL;
+
+ /**
+ * Indicates whether the corresponding online application is a business
+ * service or not
+ */
+ private boolean businessService;
+
+ //Store Mandate
+ /**
+ * Use mandate
+ */
+ private boolean useMandate;
+
+
+ private boolean isOW = false;
+
+
+ /**
+ * STORK
+ */
+ private String ccc;
+
+ /**
+ *
+ * Mandate element
+ */
+ private MISMandate mandate;
+
+ /**
+ * Reference value for mandate
+ * bussiness service for the assertion
+ */
+ private String mandateReferenceValue;
+
+ /**
+ * SessionID for MIS
+ */
+ private String misSessionID;
+
+ //store Identitylink
/**
* identity link read from smartcard
*/
private IdentityLink identityLink;
+
+ /**
+ * timestamp logging when identity link has been received
+ */
+ private Date timestampIdentityLink;
+
+ //store Authblock
/**
* authentication block to be signed by the user
*/
private String authBlock;
+
/**
- * timestamp logging when authentication session has been created
+ * The issuing time of the AUTH-Block SAML assertion.
*/
- private Date timestampStart;
+ private String issueInstant;
+
+ //Signer certificate
/**
- * timestamp logging when identity link has been received
+ * Signer certificate of the foreign citizen or for mandate mode
*/
- private Date timestampIdentityLink;
- /**
- * Indicates whether the corresponding online application is a business
- * service or not
- */
- private boolean businessService;
-
- /**
- * Signer certificate of the foreign citizen or for mandate mode
- */
- private X509Certificate signerCertificate;
- /**
- * SAML attributes from an extended infobox validation to be appended
- * to the SAML assertion delivered to the final online application.
- */
- private List extendedSAMLAttributesOA;
-
- /**
- * The boolean value for either a target or a wbPK is provided as
- * SAML Attribute in the SAML Assertion or not.
- */
- private boolean samlAttributeGebeORwbpk;
-
- /**
- * SAML attributes from an extended infobox validation to be appended
- * to the SAML assertion of the AUTHBlock.
- */
- private List extendedSAMLAttributesAUTH;
-
- /**
- * The issuing time of the AUTH-Block SAML assertion.
- */
- private String issueInstant;
-
- /**
- * If infobox validators are needed after signing, they can be stored in
- * this list.
- */
- private List infoboxValidators;
-
- /**
- * The register and number in the register parameter in case of a business
- * service application.
- */
- private String domainIdentifier;
-
- /**
- * This string contains all identifiers of infoboxes, the online application
- * is configured to accept. The infobox identifiers are comma separated.
- */
- private String pushInfobox;
-
- /**
- * The STORK AuthRequest to be sent to the C-PEPS
- */
- private STORKAuthnRequest storkAuthnRequest;
-
- /**
- * Constructor for AuthenticationSession.
- *
- * @param id Session ID
- */
- public AuthenticationSession(String id) {
- sessionID = id;
- setTimestampStart();
- infoboxValidators = new ArrayList();
- }
-
- public X509Certificate getSignerCertificate() {
- return signerCertificate;
- }
-
- public void setSignerCertificate(X509Certificate signerCertificate) {
- this.signerCertificate = signerCertificate;
- }
-
- /**
- * Returns the identityLink.
- * @return IdentityLink
- */
- public IdentityLink getIdentityLink() {
- return identityLink;
- }
-
- /**
- * Returns the sessionID.
- * @return String
- */
- public String getSessionID() {
- return sessionID;
- }
-
- /**
- * Sets the identityLink.
- * @param identityLink The identityLink to set
- */
- public void setIdentityLink(IdentityLink identityLink) {
- this.identityLink = identityLink;
- }
-
- /**
- * Sets the sessionID.
- * @param sessionId The sessionID to set
- */
- public void setSessionID(String sessionId) {
- this.sessionID = sessionId;
- }
-
- /**
- * Returns the oaURLRequested.
- * @return String
- */
- public String getOAURLRequested() {
- return oaURLRequested;
- }
-
- /**
- * Returns the oaURLRequested.
- * @return String
- */
- public String getPublicOAURLPrefix() {
- return oaPublicURLPrefix;
- }
-
- /**
- * Returns the BKU URL.
- * @return String
- */
- public String getBkuURL() {
- return bkuURL;
- }
-
- /**
- * Returns the target.
- * @return String
- */
- public String getTarget() {
- return target;
- }
-
- /**
- * Returns the sourceID.
- * @return String
- */
- public String getSourceID() {
- return sourceID;
- }
-
- /**
- * Returns the target friendly name.
- * @return String
- */
- public String getTargetFriendlyName() {
- return targetFriendlyName;
- }
-
- /**
- * Sets the oaURLRequested.
- * @param oaURLRequested The oaURLRequested to set
- */
- public void setOAURLRequested(String oaURLRequested) {
- this.oaURLRequested = oaURLRequested;
- }
-
- /**
- * Sets the oaPublicURLPrefix
- * @param oaPublicURLPrefix The oaPublicURLPrefix to set
- */
- public void setPublicOAURLPrefix(String oaPublicURLPrefix) {
- this.oaPublicURLPrefix = oaPublicURLPrefix;
- }
-
- /**
- * Sets the bkuURL
- * @param bkuURL The BKU URL to set
- */
- public void setBkuURL(String bkuURL) {
- this.bkuURL = bkuURL;
- }
-
- /**
- * Sets the target. If the target includes the target prefix, the prefix will be stripped off.
- * @param target The target to set
- */
- public void setTarget(String target) {
- if (target != null && target.startsWith(TARGET_PREFIX_))
- {
- // If target starts with prefix "urn:publicid:gv.at:cdid+"; remove prefix
- this.target = target.substring(TARGET_PREFIX_.length());
- Logger.debug("Target prefix stripped off; resulting target: " + this.target);
- }
- else
- {
- this.target = target;
- }
- }
-
- /**
- * Sets the sourceID
- * @param sourceID The sourceID to set
- */
- public void setSourceID(String sourceID) {
- this.sourceID = sourceID;
- }
-
- /**
- * Sets the target. If the target includes the target prefix, the prefix will be stripped off.
- * @param target The target to set
- */
- public void setTargetFriendlyName(String targetFriendlyName) {
- this.targetFriendlyName = targetFriendlyName;
- }
-
- /**
- * Returns the authURL.
- * @return String
- */
- public String getAuthURL() {
- return authURL;
- }
-
- /**
- * Sets the authURL.
- * @param authURL The authURL to set
- */
- public void setAuthURL(String authURL) {
- this.authURL = authURL;
- }
-
- /**
- * Returns the authBlock.
- * @return String
- */
- public String getAuthBlock() {
- return authBlock;
- }
-
- /**
- * Sets the authBlock.
- * @param authBlock The authBlock to set
- */
- public void setAuthBlock(String authBlock) {
- this.authBlock = authBlock;
- }
-
- /**
- * Returns the timestampIdentityLink.
- * @return Date
- */
- public Date getTimestampIdentityLink() {
- return timestampIdentityLink;
- }
-
- /**
- * Returns the businessService.
- * @return <code>true</code> if the corresponding online application is
- * a business application, otherwise <code>false</code>
- */
- public boolean getBusinessService() {
- return businessService;
- }
-
- /**
- * Sets the businessService variable.
- * @param businessService the value for setting the businessService variable.
- */
- public void setBusinessService(boolean businessService) {
- this.businessService = businessService;
- }
-
- /**
- * Returns the timestampStart.
- * @return Date
- */
- public Date getTimestampStart() {
- return timestampStart;
- }
-
- /**
- * Sets the current date as timestampIdentityLink.
- */
- public void setTimestampIdentityLink() {
- timestampIdentityLink = new Date();
- }
-
- /**
- * Sets the current date as timestampStart.
- */
- public void setTimestampStart() {
- timestampStart = new Date();
- }
-
- /**
- * @return template URL
- */
- public String getTemplateURL() {
- return templateURL;
- }
-
-
- /**
- * @param string the template URL
- */
- public void setTemplateURL(String string) {
- templateURL = string;
- }
-
-
- /**
- * Returns the SAML Attributes to be appended to the AUTHBlock. Maybe <code>null</code>.
- *
- * @return The SAML Attributes to be appended to the AUTHBlock. Maybe <code>null</code>.
- */
- public List getExtendedSAMLAttributesAUTH() {
- return extendedSAMLAttributesAUTH;
- }
-
- /**
- * Sets the SAML Attributes to be appended to the AUTHBlock.
- *
- * @param extendedSAMLAttributesAUTH The SAML Attributes to be appended to the AUTHBlock.
- */
- public void setExtendedSAMLAttributesAUTH(
- List extendedSAMLAttributesAUTH) {
- this.extendedSAMLAttributesAUTH = extendedSAMLAttributesAUTH;
- }
-
- /**
- * Returns the SAML Attributes to be appended to the SAML assertion
- * delivered to the online application. Maybe <code>null</code>.
- *
- * @return The SAML Attributes to be appended to the SAML assertion
- * delivered to the online application
- */
- public List getExtendedSAMLAttributesOA() {
- return extendedSAMLAttributesOA;
- }
-
- /**
- * Sets the SAML Attributes to be appended to the SAML assertion
- * delivered to the online application.
- *
- * @param extendedSAMLAttributesOA The SAML Attributes to be appended to the SAML
- * assertion delivered to the online application.
- */
- public void setExtendedSAMLAttributesOA(
- List extendedSAMLAttributesOA) {
- this.extendedSAMLAttributesOA = extendedSAMLAttributesOA;
- }
-
- /**
- * Returns the boolean value for either a target or a wbPK is
- * provided as SAML Attribute in the SAML Assertion or not.
- *
- * @return true either a target or a wbPK is provided as SAML Attribute
- * in the SAML Assertion or false if not.
- */
- public boolean getSAMLAttributeGebeORwbpk() {
- return this.samlAttributeGebeORwbpk;
- }
-
- /**
- * Sets the boolean value for either a target or a wbPK is
- * provided as SAML Attribute in the SAML Assertion or not.
- *
- * @param samlAttributeGebeORwbpk The boolean for value either a target or
- * wbPK is provided as SAML Attribute in the SAML Assertion or not.
- */
- public void setSAMLAttributeGebeORwbpk(boolean samlAttributeGebeORwbpk) {
- this.samlAttributeGebeORwbpk = samlAttributeGebeORwbpk;
- }
-
- /**
- * Returns the issuing time of the AUTH-Block SAML assertion.
- *
- * @return The issuing time of the AUTH-Block SAML assertion.
- */
- public String getIssueInstant() {
- return issueInstant;
- }
-
- /**
- * Sets the issuing time of the AUTH-Block SAML assertion.
- *
- * @param issueInstant The issueInstant to set.
- */
- public void setIssueInstant(String issueInstant) {
- this.issueInstant = issueInstant;
- }
-
- /**
- * Returns the iterator to the stored infobox validators.
- * @return Iterator
- */
- public Iterator getInfoboxValidatorIterator() {
- if (infoboxValidators==null) return null;
- return infoboxValidators.iterator();
- }
-
- /**
- * Adds an infobox validator class to the stored infobox validators.
- * @param infoboxIdentifier the identifier of the infobox the validator belongs to
- * @param infoboxFriendlyName the friendly name of the infobox
- * @param infoboxValidator the infobox validator to add
- */
- public Iterator addInfoboxValidator(String infoboxIdentifier, String infoboxFriendlyName, InfoboxValidator infoboxValidator) {
- if (infoboxValidators==null) infoboxValidators = new ArrayList();
- Vector v = new Vector(3);
- v.add(infoboxIdentifier);
- v.add(infoboxFriendlyName);
- v.add(infoboxValidator);
- infoboxValidators.add(v);
- return infoboxValidators.iterator();
- }
-
- /**
- * Tests for pending input events of the infobox validators.
- * @return true if a validator has a form to show
- */
- public boolean isValidatorInputPending() {
- boolean result = false;
- Iterator iter = getInfoboxValidatorIterator();
- if (iter != null) {
- while (!result && iter.hasNext()) {
- Vector infoboxValidatorVector = (Vector) iter.next();
- InfoboxValidator infoboxvalidator = (InfoboxValidator) infoboxValidatorVector.get(2);
- if (!ParepUtils.isEmpty(infoboxvalidator.getForm())) result=true;
- }
- }
- return result;
- }
-
- /**
- * Returns the first pending infobox validator.
- * @return the infobox validator class
- */
- public InfoboxValidator getFirstPendingValidator() {
- Iterator iter = getInfoboxValidatorIterator();
- if (iter != null) {
- while (iter.hasNext()) {
- Vector infoboxValidatorVector = (Vector) iter.next();
- InfoboxValidator infoboxvalidator = (InfoboxValidator) infoboxValidatorVector.get(2);
- String form = infoboxvalidator.getForm();
- if (!ParepUtils.isEmpty(form)) return infoboxvalidator;
- }
- }
- return null;
- }
-
- /**
- * Returns the input form of the first pending infobox validator input processor.
- * @return the form to show
- */
- public String getFirstValidatorInputForm() {
- Iterator iter = getInfoboxValidatorIterator();
- if (iter != null) {
- while (iter.hasNext()) {
- Vector infoboxValidatorVector = (Vector) iter.next();
- InfoboxValidator infoboxvalidator = (InfoboxValidator) infoboxValidatorVector.get(2);
- String form = infoboxvalidator.getForm();
- if (!ParepUtils.isEmpty(form)) return form;
- }
- }
- return null;
- }
-
- /**
- * Returns domain identifier (the register and number in the register parameter).
- * <code>null</code> in the case of not a business service.
- *
- * @return the domainIdentifier
- */
- public String getDomainIdentifier() {
- return domainIdentifier;
- }
-
- /**
- * Sets the register and number in the register parameter if the application
- * is a business service.
- * If the domain identifier includes the registerAndOrdNr prefix, the prefix
- * will be stripped off.
- *
- * @param domainIdentifier the domain identifier to set
- */
- public void setDomainIdentifier(String domainIdentifier) {
- if (domainIdentifier != null && domainIdentifier.startsWith(REGISTERANDORDNR_PREFIX_))
- {
- // If domainIdentifier starts with prefix "urn:publicid:gv.at:wbpk+"; remove this prefix
- this.domainIdentifier = domainIdentifier.substring(REGISTERANDORDNR_PREFIX_.length());
- Logger.debug("Register and ordernumber prefix stripped off; resulting register string: " + this.domainIdentifier);
- }
- else
- {
- this.domainIdentifier = domainIdentifier;
- }
- }
-
- /**
- * Gets all identifiers of infoboxes, the online application
- * is configured to accept. The infobox identifiers are comma separated.
- *
- * @return the string containing infobox identifiers
- */
- public String getPushInfobox() {
- if (pushInfobox==null) return "";
- return pushInfobox;
- }
-
- /**
- * @param pushInfobox the infobox identifiers to set (comma separated)
- */
- public void setPushInfobox(String pushInfobox) {
- this.pushInfobox = pushInfobox;
- }
-
- /**
- *
- * @param useMandate indicates if mandate is used or not
- */
- public void setUseMandate(String useMandate) {
- if (useMandate.compareToIgnoreCase("true") == 0)
- this.useMandate = true;
- else
- this.useMandate = false;
-
- }
-
- /**
- * Returns if mandate is used or not
- * @return
- */
- public boolean getUseMandate() {
- return this.useMandate;
- }
-
- /**
- *
- * @param useTargetFromConfig indicates if target from config is used or not
- */
- public void setUseTargetFromConfig(boolean useTargetFromConfig) {
- this.useTargetFromConfig = useTargetFromConfig;
-
- }
-
- /**
- * Returns if target is used from mandate or not
- * @return
- */
- public boolean getUseTargetFromConfig() {
- return this.useTargetFromConfig;
- }
-
- /**
- *
- * @param misSessionID indicates the MIS session ID
- */
- public void setMISSessionID(String misSessionID) {
- this.misSessionID = misSessionID;
- }
-
- /**
- * Returns the MIS session ID
- * @return
- */
- public String getMISSessionID() {
- return this.misSessionID;
- }
-
- /**
- * @return the assertionAuthData
- */
- public AuthenticationData getAssertionAuthData() {
- return assertionAuthData;
- }
-
- /**
- * @param assertionAuthData the assertionAuthData to set
- */
- public void setAssertionAuthData(AuthenticationData assertionAuthData) {
- this.assertionAuthData = assertionAuthData;
- }
-
- /**
- * @return the assertionPrPerson
- */
- public String getAssertionPrPerson() {
- return assertionPrPerson;
- }
-
- /**
- * @param assertionPrPerson the assertionPrPerson to set
- */
- public void setAssertionPrPerson(String assertionPrPerson) {
- this.assertionPrPerson = assertionPrPerson;
- }
-
- /**
- * @return the assertionAuthBlock
- */
- public String getAssertionAuthBlock() {
- return assertionAuthBlock;
- }
-
- /**
- * @param assertionAuthBlock the assertionAuthBlock to set
- */
- public void setAssertionAuthBlock(String assertionAuthBlock) {
- this.assertionAuthBlock = assertionAuthBlock;
- }
-
- /**
- * @return the assertionIlAssertion
- */
- public String getAssertionIlAssertion() {
- return assertionIlAssertion;
- }
-
- /**
- * @param assertionIlAssertion the assertionIlAssertion to set
- */
- public void setAssertionIlAssertion(String assertionIlAssertion) {
- this.assertionIlAssertion = assertionIlAssertion;
- }
-
- /**
- * @return the assertionSignerCertificateBase64
- */
- public String getAssertionSignerCertificateBase64() {
- return assertionSignerCertificateBase64;
- }
-
- /**
- * @param assertionSignerCertificateBase64 the assertionSignerCertificateBase64 to set
- */
- public void setAssertionSignerCertificateBase64(String assertionSignerCertificateBase64) {
- this.assertionSignerCertificateBase64 = assertionSignerCertificateBase64;
- }
-
- /**
- * @return the assertionBusinessService
- */
- public boolean getAssertionBusinessService() {
- return assertionBusinessService;
- }
-
- /**
- * @param assertionBusinessService the assertionBusinessService to set
- */
- public void setAssertionBusinessService(boolean assertionBusinessService) {
- this.assertionBusinessService = assertionBusinessService;
- }
-
- /**
- * @return the mandateReferenceValue
- */
- public String getMandateReferenceValue() {
- return mandateReferenceValue;
- }
-
- /**
- * @param mandateReferenceValue the mandateReferenceValue to set
- */
- public void setMandateReferenceValue(String mandateReferenceValue) {
- this.mandateReferenceValue = mandateReferenceValue;
- }
-
- /**
- * Gets the STORK SAML AuthnRequest
- * @return STORK SAML AuthnRequest
- */
- public STORKAuthnRequest getStorkAuthnRequest() {
- return storkAuthnRequest;
+ //private X509Certificate signerCertificate;
+ private byte[] signerCertificate;
+
+
+ /**
+ * SAML attributes from an extended infobox validation to be appended to the
+ * SAML assertion delivered to the final online application.
+ */
+ private List extendedSAMLAttributesOA;
+
+ /**
+ * The boolean value for either a target or a wbPK is provided as SAML
+ * Attribute in the SAML Assertion or not.
+ */
+ private boolean samlAttributeGebeORwbpk;
+
+ /**
+ * SAML attributes from an extended infobox validation to be appended to the
+ * SAML assertion of the AUTHBlock.
+ */
+ private List extendedSAMLAttributesAUTH;
+
+
+ //TODO: check if it is in use!
+ /**
+ * If infobox validators are needed after signing, they can be stored in
+ * this list.
+ */
+ private List infoboxValidators;
+
+ /**
+ * The register and number in the register parameter in case of a business
+ * service application.
+ */
+ private String domainIdentifier;
+
+ /**
+ * This string contains all identifiers of infoboxes, the online application
+ * is configured to accept. The infobox identifiers are comma separated.
+ */
+ private String pushInfobox;
+
+ /**
+ * The STORK AuthRequest to be sent to the C-PEPS
+ */
+ private STORKAuthnRequest storkAuthnRequest;
+
+
+
+ //private AuthenticationData authData;
+
+ //protocol selection
+ private String action;
+ private String modul;
+
+ private boolean authenticated;
+ private boolean authenticatedUsed = false;
+
+ private boolean ssoRequested = false;
+
+// /**
+// * Indicates if target from configuration is used or not
+// */
+// private boolean useTargetFromConfig;
+
+// /**
+// * Authentication data for the assertion
+// */
+// private AuthenticationData assertionAuthData;
+//
+// /**
+// * Persondata for the assertion
+// */
+// private String assertionPrPerson;
+//
+// /**
+// * Authblock for the assertion
+// */
+// private String assertionAuthBlock;
+//
+// /**
+// * Identitylink assertion for the (MOA) assertion
+// */
+// private String assertionIlAssertion;
+//
+// /**
+// * Signer certificate (base64 encoded) for the assertion
+// */
+// private String assertionSignerCertificateBase64;
+//
+// /**
+// * bussiness service for the assertion
+// */
+// boolean assertionBusinessService;
+//
+// /**
+// * timestamp logging when authentication session has been created
+// */
+// private Date timestampStart;
+// private CreateXMLSignatureResponse XMLCreateSignatureResponse;
+
+ private VerifyXMLSignatureResponse XMLVerifySignatureResponse;
+
+ private boolean isForeigner;
+
+// private String requestedProtocolURL = null;
+
+ public String getModul() {
+ return modul;
+ }
+
+ public void setModul(String modul) {
+ this.modul = modul;
+ }
+
+ public String getAction() {
+ return action;
+ }
+
+ public void setAction(String action) {
+ this.action = action;
+ }
+
+// public AuthenticationData getAuthData() {
+// return authData;
+// }
+//
+// public void setAuthData(AuthenticationData authData) {
+// this.authData = authData;
+// }
+
+
+ public boolean isAuthenticatedUsed() {
+ return authenticatedUsed;
+ }
+
+ public void setAuthenticatedUsed(boolean authenticatedUsed) {
+ this.authenticatedUsed = authenticatedUsed;
}
- /**
- * Sets the STORK SAML AuthnRequest
- * @param storkAuthnRequest STORK SAML AuthnRequest
- */
+ public boolean isAuthenticated() {
+ return authenticated;
+ }
+
+ public void setAuthenticated(boolean authenticated) {
+ this.authenticated = authenticated;
+ }
+
+
+// public String getRequestedProtocolURL() {
+// return requestedProtocolURL;
+// }
+//
+// public void setRequestedProtocolURL(String requestedProtocolURL) {
+// this.requestedProtocolURL = requestedProtocolURL;
+// }
+
+ /**
+ * Constructor for AuthenticationSession.
+ *
+ * @param id
+ * Session ID
+ */
+ public AuthenticationSession(String id) {
+ sessionID = id;
+// setTimestampStart();
+ infoboxValidators = new ArrayList();
+ }
+
+ public X509Certificate getSignerCertificate(){
+ try {
+ return new X509Certificate(signerCertificate);
+ } catch (CertificateException e) {
+ Logger.warn("Signer certificate can not be loaded from session database!", e);
+ return null;
+ }
+ }
+
+ public byte[] getEncodedSignerCertificate() {
+ return this.signerCertificate;
+ }
+
+ public void setSignerCertificate(X509Certificate signerCertificate) {
+ try {
+ this.signerCertificate = signerCertificate.getEncoded();
+ } catch (CertificateEncodingException e) {
+ Logger.warn("Signer certificate can not be stored to session database!", e);
+ }
+ }
+
+ /**
+ * Returns the identityLink.
+ *
+ * @return IdentityLink
+ */
+ public IdentityLink getIdentityLink() {
+ return identityLink;
+ }
+
+ /**
+ * Returns the sessionID.
+ *
+ * @return String
+ */
+ public String getSessionID() {
+ return sessionID;
+ }
+
+ /**
+ * Sets the identityLink.
+ *
+ * @param identityLink
+ * The identityLink to set
+ */
+ public void setIdentityLink(IdentityLink identityLink) {
+ this.identityLink = identityLink;
+ }
+
+ /**
+ * Sets the sessionID.
+ *
+ * @param sessionId
+ * The sessionID to set
+ */
+ public void setSessionID(String sessionId) {
+ this.sessionID = sessionId;
+ }
+
+ /**
+ * Returns the oaURLRequested.
+ *
+ * @return String
+ */
+ public String getOAURLRequested() {
+ return oaURLRequested;
+ }
+
+ /**
+ * Returns the oaURLRequested.
+ *
+ * @return String
+ */
+ public String getPublicOAURLPrefix() {
+ return oaPublicURLPrefix;
+ }
+
+ /**
+ * Returns the BKU URL.
+ *
+ * @return String
+ */
+ public String getBkuURL() {
+ return bkuURL;
+ }
+
+ /**
+ * Returns the target.
+ *
+ * @return String
+ */
+ public String getTarget() {
+ return target;
+ }
+
+ /**
+ * Returns the sourceID.
+ *
+ * @return String
+ */
+ public String getSourceID() {
+ return sourceID;
+ }
+
+ /**
+ * Returns the target friendly name.
+ *
+ * @return String
+ */
+ public String getTargetFriendlyName() {
+ return targetFriendlyName;
+ }
+
+ /**
+ * Sets the oaURLRequested.
+ *
+ * @param oaURLRequested
+ * The oaURLRequested to set
+ */
+ public void setOAURLRequested(String oaURLRequested) {
+ this.oaURLRequested = oaURLRequested;
+ }
+
+ /**
+ * Sets the oaPublicURLPrefix
+ *
+ * @param oaPublicURLPrefix
+ * The oaPublicURLPrefix to set
+ */
+ public void setPublicOAURLPrefix(String oaPublicURLPrefix) {
+ this.oaPublicURLPrefix = oaPublicURLPrefix;
+ }
+
+ /**
+ * Sets the bkuURL
+ *
+ * @param bkuURL
+ * The BKU URL to set
+ */
+ public void setBkuURL(String bkuURL) {
+ this.bkuURL = bkuURL;
+ }
+
+ /**
+ * Sets the target. If the target includes the target prefix, the prefix
+ * will be stripped off.
+ *
+ * @param target
+ * The target to set
+ */
+ public void setTarget(String target) {
+ if (target != null && target.startsWith(TARGET_PREFIX_)) {
+ // If target starts with prefix "urn:publicid:gv.at:cdid+"; remove
+ // prefix
+ this.target = target.substring(TARGET_PREFIX_.length());
+ Logger.debug("Target prefix stripped off; resulting target: "
+ + this.target);
+ } else {
+ this.target = target;
+ }
+ }
+
+ /**
+ * Sets the sourceID
+ *
+ * @param sourceID
+ * The sourceID to set
+ */
+ public void setSourceID(String sourceID) {
+ this.sourceID = sourceID;
+ }
+
+ /**
+ * Sets the target. If the target includes the target prefix, the prefix
+ * will be stripped off.
+ *
+ * @param target
+ * The target to set
+ */
+ public void setTargetFriendlyName(String targetFriendlyName) {
+ this.targetFriendlyName = targetFriendlyName;
+ }
+
+ /**
+ * Returns the authURL.
+ *
+ * @return String
+ */
+ public String getAuthURL() {
+ return authURL;
+ }
+
+ /**
+ * Sets the authURL.
+ *
+ * @param authURL
+ * The authURL to set
+ */
+ public void setAuthURL(String authURL) {
+ this.authURL = authURL;
+ }
+
+ /**
+ * Returns the authBlock.
+ *
+ * @return String
+ */
+ public String getAuthBlock() {
+ return authBlock;
+ }
+
+ /**
+ * Sets the authBlock.
+ *
+ * @param authBlock
+ * The authBlock to set
+ */
+ public void setAuthBlock(String authBlock) {
+ this.authBlock = authBlock;
+ }
+
+ /**
+ * Returns the timestampIdentityLink.
+ *
+ * @return Date
+ */
+ public Date getTimestampIdentityLink() {
+ return timestampIdentityLink;
+ }
+
+ /**
+ * Returns the businessService.
+ *
+ * @return <code>true</code> if the corresponding online application is a
+ * business application, otherwise <code>false</code>
+ */
+ public boolean getBusinessService() {
+ return businessService;
+ }
+
+ /**
+ * Sets the businessService variable.
+ *
+ * @param businessService
+ * the value for setting the businessService variable.
+ */
+ public void setBusinessService(boolean businessService) {
+ this.businessService = businessService;
+ }
+
+// /**
+// * Returns the timestampStart.
+// *
+// * @return Date
+// */
+// public Date getTimestampStart() {
+// return timestampStart;
+// }
+
+ /**
+ * Sets the current date as timestampIdentityLink.
+ */
+ public void setTimestampIdentityLink() {
+ timestampIdentityLink = new Date();
+ }
+
+// /**
+// * Sets the current date as timestampStart.
+// */
+// public void setTimestampStart() {
+// timestampStart = new Date();
+// }
+
+ /**
+ * @return template URL
+ */
+ public String getTemplateURL() {
+ return templateURL;
+ }
+
+ /**
+ * @param string
+ * the template URL
+ */
+ public void setTemplateURL(String string) {
+ templateURL = string;
+ }
+
+ /**
+ * Returns the SAML Attributes to be appended to the AUTHBlock. Maybe
+ * <code>null</code>.
+ *
+ * @return The SAML Attributes to be appended to the AUTHBlock. Maybe
+ * <code>null</code>.
+ */
+ public List getExtendedSAMLAttributesAUTH() {
+ return extendedSAMLAttributesAUTH;
+ }
+
+ /**
+ * Sets the SAML Attributes to be appended to the AUTHBlock.
+ *
+ * @param extendedSAMLAttributesAUTH
+ * The SAML Attributes to be appended to the AUTHBlock.
+ */
+ public void setExtendedSAMLAttributesAUTH(List extendedSAMLAttributesAUTH) {
+ this.extendedSAMLAttributesAUTH = extendedSAMLAttributesAUTH;
+ }
+
+ /**
+ * Returns the SAML Attributes to be appended to the SAML assertion
+ * delivered to the online application. Maybe <code>null</code>.
+ *
+ * @return The SAML Attributes to be appended to the SAML assertion
+ * delivered to the online application
+ */
+ public List getExtendedSAMLAttributesOA() {
+ return extendedSAMLAttributesOA;
+ }
+
+ /**
+ * Sets the SAML Attributes to be appended to the SAML assertion delivered
+ * to the online application.
+ *
+ * @param extendedSAMLAttributesOA
+ * The SAML Attributes to be appended to the SAML assertion
+ * delivered to the online application.
+ */
+ public void setExtendedSAMLAttributesOA(List extendedSAMLAttributesOA) {
+ this.extendedSAMLAttributesOA = extendedSAMLAttributesOA;
+ }
+
+ /**
+ * Returns the boolean value for either a target or a wbPK is provided as
+ * SAML Attribute in the SAML Assertion or not.
+ *
+ * @return true either a target or a wbPK is provided as SAML Attribute in
+ * the SAML Assertion or false if not.
+ */
+ public boolean getSAMLAttributeGebeORwbpk() {
+ return this.samlAttributeGebeORwbpk;
+ }
+
+ /**
+ * Sets the boolean value for either a target or a wbPK is provided as SAML
+ * Attribute in the SAML Assertion or not.
+ *
+ * @param samlAttributeGebeORwbpk
+ * The boolean for value either a target or wbPK is provided as
+ * SAML Attribute in the SAML Assertion or not.
+ */
+ public void setSAMLAttributeGebeORwbpk(boolean samlAttributeGebeORwbpk) {
+ this.samlAttributeGebeORwbpk = samlAttributeGebeORwbpk;
+ }
+
+ /**
+ * Returns the issuing time of the AUTH-Block SAML assertion.
+ *
+ * @return The issuing time of the AUTH-Block SAML assertion.
+ */
+ public String getIssueInstant() {
+ return issueInstant;
+ }
+
+ /**
+ * Sets the issuing time of the AUTH-Block SAML assertion.
+ *
+ * @param issueInstant
+ * The issueInstant to set.
+ */
+ public void setIssueInstant(String issueInstant) {
+ this.issueInstant = issueInstant;
+ }
+
+ /**
+ * Returns the iterator to the stored infobox validators.
+ *
+ * @return Iterator
+ */
+ public Iterator getInfoboxValidatorIterator() {
+ if (infoboxValidators == null)
+ return null;
+ return infoboxValidators.iterator();
+ }
+
+ /**
+ * Adds an infobox validator class to the stored infobox validators.
+ *
+ * @param infoboxIdentifier
+ * the identifier of the infobox the validator belongs to
+ * @param infoboxFriendlyName
+ * the friendly name of the infobox
+ * @param infoboxValidator
+ * the infobox validator to add
+ */
+ public Iterator addInfoboxValidator(String infoboxIdentifier,
+ String infoboxFriendlyName, InfoboxValidator infoboxValidator) {
+ if (infoboxValidators == null)
+ infoboxValidators = new ArrayList();
+ Vector v = new Vector(3);
+ v.add(infoboxIdentifier);
+ v.add(infoboxFriendlyName);
+ v.add(infoboxValidator);
+ infoboxValidators.add(v);
+ return infoboxValidators.iterator();
+ }
+
+ /**
+ * Tests for pending input events of the infobox validators.
+ *
+ * @return true if a validator has a form to show
+ */
+ public boolean isValidatorInputPending() {
+ boolean result = false;
+ Iterator iter = getInfoboxValidatorIterator();
+ if (iter != null) {
+ while (!result && iter.hasNext()) {
+ Vector infoboxValidatorVector = (Vector) iter.next();
+ InfoboxValidator infoboxvalidator = (InfoboxValidator) infoboxValidatorVector
+ .get(2);
+ if (!ParepUtils.isEmpty(infoboxvalidator.getForm()))
+ result = true;
+ }
+ }
+ return result;
+ }
+
+ /**
+ * Returns the first pending infobox validator.
+ *
+ * @return the infobox validator class
+ */
+ public InfoboxValidator getFirstPendingValidator() {
+ Iterator iter = getInfoboxValidatorIterator();
+ if (iter != null) {
+ while (iter.hasNext()) {
+ Vector infoboxValidatorVector = (Vector) iter.next();
+ InfoboxValidator infoboxvalidator = (InfoboxValidator) infoboxValidatorVector
+ .get(2);
+ String form = infoboxvalidator.getForm();
+ if (!ParepUtils.isEmpty(form))
+ return infoboxvalidator;
+ }
+ }
+ return null;
+ }
+
+ /**
+ * Returns the input form of the first pending infobox validator input
+ * processor.
+ *
+ * @return the form to show
+ */
+ public String getFirstValidatorInputForm() {
+ Iterator iter = getInfoboxValidatorIterator();
+ if (iter != null) {
+ while (iter.hasNext()) {
+ Vector infoboxValidatorVector = (Vector) iter.next();
+ InfoboxValidator infoboxvalidator = (InfoboxValidator) infoboxValidatorVector
+ .get(2);
+ String form = infoboxvalidator.getForm();
+ if (!ParepUtils.isEmpty(form))
+ return form;
+ }
+ }
+ return null;
+ }
+
+ /**
+ * Returns domain identifier (the register and number in the register
+ * parameter). <code>null</code> in the case of not a business service.
+ *
+ * @return the domainIdentifier
+ */
+ public String getDomainIdentifier() {
+ return domainIdentifier;
+ }
+
+ /**
+ * Sets the register and number in the register parameter if the application
+ * is a business service. If the domain identifier includes the
+ * registerAndOrdNr prefix, the prefix will be stripped off.
+ *
+ * @param domainIdentifier
+ * the domain identifier to set
+ */
+ public void setDomainIdentifier(String domainIdentifier) {
+ if (domainIdentifier != null
+ && domainIdentifier.startsWith(REGISTERANDORDNR_PREFIX_)) {
+ // If domainIdentifier starts with prefix
+ // "urn:publicid:gv.at:wbpk+"; remove this prefix
+ this.domainIdentifier = domainIdentifier
+ .substring(REGISTERANDORDNR_PREFIX_.length());
+ Logger.debug("Register and ordernumber prefix stripped off; resulting register string: "
+ + this.domainIdentifier);
+ } else {
+ this.domainIdentifier = domainIdentifier;
+ }
+ }
+
+ /**
+ * Gets all identifiers of infoboxes, the online application is configured
+ * to accept. The infobox identifiers are comma separated.
+ *
+ * @return the string containing infobox identifiers
+ */
+ public String getPushInfobox() {
+ if (pushInfobox == null)
+ return "";
+ return pushInfobox;
+ }
+
+ /**
+ * @param pushInfobox
+ * the infobox identifiers to set (comma separated)
+ */
+ public void setPushInfobox(String pushInfobox) {
+ this.pushInfobox = pushInfobox;
+ }
+
+ /**
+ *
+ * @param useMandate
+ * indicates if mandate is used or not
+ */
+ public void setUseMandate(String useMandate) {
+ if (useMandate.compareToIgnoreCase("true") == 0)
+ this.useMandate = true;
+ else
+ this.useMandate = false;
+
+ }
+
+ /**
+ * Returns if mandate is used or not
+ *
+ * @return
+ */
+ public boolean getUseMandate() {
+ return this.useMandate;
+ }
+
+// /**
+// *
+// * @param useTargetFromConfig
+// * indicates if target from config is used or not
+// */
+// public void setUseTargetFromConfig(boolean useTargetFromConfig) {
+// this.useTargetFromConfig = useTargetFromConfig;
+//
+// }
+//
+// /**
+// * Returns if target is used from mandate or not
+// *
+// * @return
+// */
+// public boolean getUseTargetFromConfig() {
+// return this.useTargetFromConfig;
+// }
+
+ /**
+ *
+ * @param misSessionID
+ * indicates the MIS session ID
+ */
+ public void setMISSessionID(String misSessionID) {
+ this.misSessionID = misSessionID;
+ }
+
+ /**
+ * Returns the MIS session ID
+ *
+ * @return
+ */
+ public String getMISSessionID() {
+ return this.misSessionID;
+ }
+
+// /**
+// * @return the assertionAuthData
+// */
+// public AuthenticationData getAssertionAuthData() {
+// return assertionAuthData;
+// }
+//
+// /**
+// * @param assertionAuthData
+// * the assertionAuthData to set
+// */
+// public void setAssertionAuthData(AuthenticationData assertionAuthData) {
+// this.assertionAuthData = assertionAuthData;
+// }
+//
+// /**
+// * @return the assertionPrPerson
+// */
+// public String getAssertionPrPerson() {
+// return assertionPrPerson;
+// }
+//
+// /**
+// * @param assertionPrPerson
+// * the assertionPrPerson to set
+// */
+// public void setAssertionPrPerson(String assertionPrPerson) {
+// this.assertionPrPerson = assertionPrPerson;
+// }
+//
+// /**
+// * @return the assertionAuthBlock
+// */
+// public String getAssertionAuthBlock() {
+// return assertionAuthBlock;
+// }
+//
+// /**
+// * @param assertionAuthBlock
+// * the assertionAuthBlock to set
+// */
+// public void setAssertionAuthBlock(String assertionAuthBlock) {
+// this.assertionAuthBlock = assertionAuthBlock;
+// }
+//
+// /**
+// * @return the assertionIlAssertion
+// */
+// public String getAssertionIlAssertion() {
+// return assertionIlAssertion;
+// }
+//
+// /**
+// * @param assertionIlAssertion
+// * the assertionIlAssertion to set
+// */
+// public void setAssertionIlAssertion(String assertionIlAssertion) {
+// this.assertionIlAssertion = assertionIlAssertion;
+// }
+//
+// /**
+// * @return the assertionSignerCertificateBase64
+// */
+// public String getAssertionSignerCertificateBase64() {
+// return assertionSignerCertificateBase64;
+// }
+//
+// /**
+// * @param assertionSignerCertificateBase64
+// * the assertionSignerCertificateBase64 to set
+// */
+// public void setAssertionSignerCertificateBase64(
+// String assertionSignerCertificateBase64) {
+// this.assertionSignerCertificateBase64 = assertionSignerCertificateBase64;
+// }
+//
+// /**
+// * @return the assertionBusinessService
+// */
+// public boolean getAssertionBusinessService() {
+// return assertionBusinessService;
+// }
+//
+// /**
+// * @param assertionBusinessService
+// * the assertionBusinessService to set
+// */
+// public void setAssertionBusinessService(boolean assertionBusinessService) {
+// this.assertionBusinessService = assertionBusinessService;
+// }
+
+ /**
+ * @return the mandateReferenceValue
+ */
+ public String getMandateReferenceValue() {
+ return mandateReferenceValue;
+ }
+
+ /**
+ * @param mandateReferenceValue
+ * the mandateReferenceValue to set
+ */
+ public void setMandateReferenceValue(String mandateReferenceValue) {
+ this.mandateReferenceValue = mandateReferenceValue;
+ }
+
+ /**
+ * Gets the STORK SAML AuthnRequest
+ *
+ * @return STORK SAML AuthnRequest
+ */
+ public STORKAuthnRequest getStorkAuthnRequest() {
+ return storkAuthnRequest;
+ }
+
+ /**
+ * Sets the STORK SAML AuthnRequest
+ *
+ * @param storkAuthnRequest
+ * STORK SAML AuthnRequest
+ */
public void setStorkAuthnRequest(STORKAuthnRequest storkAuthnRequest) {
this.storkAuthnRequest = storkAuthnRequest;
}
-
-
-
-}
+ public String getCcc() {
+ return ccc;
+ }
+
+ public void setCcc(String ccc) {
+ this.ccc = ccc;
+ }
+
+
+
+// public CreateXMLSignatureResponse getXMLCreateSignatureResponse() {
+// return XMLCreateSignatureResponse;
+// }
+//
+// public void setXMLCreateSignatureResponse(CreateXMLSignatureResponse xMLCreateSignatureResponse) {
+// XMLCreateSignatureResponse = xMLCreateSignatureResponse;
+// }
+
+ public boolean isForeigner() {
+ return isForeigner;
+ }
+
+ public void setForeigner(boolean isForeigner) {
+ this.isForeigner = isForeigner;
+ }
+
+ public VerifyXMLSignatureResponse getXMLVerifySignatureResponse() {
+ return XMLVerifySignatureResponse;
+ }
+
+ public void setXMLVerifySignatureResponse(VerifyXMLSignatureResponse xMLVerifySignatureResponse) {
+ XMLVerifySignatureResponse = xMLVerifySignatureResponse;
+ }
+
+ public MISMandate getMISMandate() {
+ return mandate;
+ }
+
+ public void setMISMandate(MISMandate mandate) {
+ this.mandate = mandate;
+ }
+
+ public Element getMandate() {
+ try {
+ byte[] byteMandate = mandate.getMandate();
+ String stringMandate = new String(byteMandate);
+ return DOMUtils.parseDocument(stringMandate, false,
+ null, null).getDocumentElement();
+
+ }catch (Throwable e) {
+ Logger.warn("Mandate content could not be generated from MISMandate.");
+ return null;
+ }
+ }
+
+ /**
+ * @return the ssoRequested
+ */
+
+ //TODO: SSO only allowed without mandates, actually!!!!!!
+ public boolean isSsoRequested() {
+ return ssoRequested && !useMandate;
+ }
+
+ /**
+ * @param ssoRequested the ssoRequested to set
+ */
+ public void setSsoRequested(boolean ssoRequested) {
+ this.ssoRequested = ssoRequested;
+ }
+
+ /**
+ * @return the isOW
+ */
+ public boolean isOW() {
+ return isOW;
+ }
+
+ /**
+ * @param isOW the isOW to set
+ */
+ public void setOW(boolean isOW) {
+ this.isOW = isOW;
+ }
+
+
+}
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/data/ExtendedSAMLAttributeImpl.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/data/ExtendedSAMLAttributeImpl.java
index 276e6414c..7523d7eaf 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/data/ExtendedSAMLAttributeImpl.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/data/ExtendedSAMLAttributeImpl.java
@@ -24,15 +24,22 @@
package at.gv.egovernment.moa.id.auth.data;
+import java.io.Serializable;
+
/**
* This class contains SAML attributes to be appended to the SAML assertion delivered to
* the Online application.
*
* @author Harald Bratko
*/
-public class ExtendedSAMLAttributeImpl implements ExtendedSAMLAttribute {
+public class ExtendedSAMLAttributeImpl implements ExtendedSAMLAttribute, Serializable{
/**
+ *
+ */
+ private static final long serialVersionUID = 1L;
+
+/**
* The value of this SAML attribute. Must be either of type <code>java.lang.String</code>
* or <code>org.w3c.Element</code>.
*/
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/data/IdentityLink.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/data/IdentityLink.java
index 0d11dc4f0..b03f23ce4 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/data/IdentityLink.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/data/IdentityLink.java
@@ -25,6 +25,7 @@
package at.gv.egovernment.moa.id.auth.data;
import java.io.IOException;
+import java.io.Serializable;
import java.security.PublicKey;
import javax.xml.transform.TransformerException;
@@ -41,7 +42,10 @@ import at.gv.egovernment.moa.util.DOMUtils;
* @author Paul Ivancsics
* @version $Id$
*/
-public class IdentityLink {
+public class IdentityLink implements Serializable{
+
+ private static final long serialVersionUID = 1L;
+
/**
* <code>"identificationValue"</code> is the translation of <code>"Stammzahl"</code>.
*/
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/data/VerifyXMLSignatureResponse.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/data/VerifyXMLSignatureResponse.java
index ce418de01..ed54683ca 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/data/VerifyXMLSignatureResponse.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/data/VerifyXMLSignatureResponse.java
@@ -24,6 +24,9 @@
package at.gv.egovernment.moa.id.auth.data;
+import java.io.Serializable;
+import java.util.Date;
+
import iaik.x509.X509Certificate;
/**
@@ -34,8 +37,11 @@ import iaik.x509.X509Certificate;
* @version $Id$
*
*/
-public class VerifyXMLSignatureResponse {
- /** The xmlDsigSubjectName to be stored */
+public class VerifyXMLSignatureResponse implements Serializable{
+
+ private static final long serialVersionUID = 1L;
+
+/** The xmlDsigSubjectName to be stored */
private String xmlDsigSubjectName;
/** The signatureCheckCode to be stored */
private int signatureCheckCode;
@@ -59,6 +65,8 @@ public class VerifyXMLSignatureResponse {
*/
private int signatureManifestCheckCode = -1;
+ private Date signingDateTime;
+
/**
* Returns the certificateCheckCode.
* @return int
@@ -221,4 +229,13 @@ public class VerifyXMLSignatureResponse {
this.signatureManifestCheckCode = signatureManifestCheckCode;
}
+ public Date getSigningDateTime() {
+ return signingDateTime;
+ }
+
+ public void setSigningDateTime(Date signingDateTime) {
+ this.signingDateTime = signingDateTime;
+ }
+
+
}
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/parser/IdentityLinkAssertionParser.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/parser/IdentityLinkAssertionParser.java
index cb3ed5ad9..a468caf73 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/parser/IdentityLinkAssertionParser.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/parser/IdentityLinkAssertionParser.java
@@ -122,7 +122,7 @@ public class IdentityLinkAssertionParser {
+ "Value";
/** Xpath expression to the Identification Value element */
- private static final String PERSON_IDENT_TYPE_XPATH =
+ public static final String PERSON_IDENT_TYPE_XPATH =
PERSON_XPATH
+ "/"
+ PDATA
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/parser/StartAuthentificationParameterParser.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/parser/StartAuthentificationParameterParser.java
new file mode 100644
index 000000000..58194361c
--- /dev/null
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/parser/StartAuthentificationParameterParser.java
@@ -0,0 +1,268 @@
+package at.gv.egovernment.moa.id.auth.parser;
+
+import java.io.UnsupportedEncodingException;
+
+import javax.servlet.http.HttpServletRequest;
+import javax.servlet.http.HttpServletResponse;
+import javax.servlet.http.HttpSession;
+
+import org.apache.commons.lang.StringEscapeUtils;
+
+import at.gv.egovernment.moa.id.AuthenticationException;
+import at.gv.egovernment.moa.id.MOAIDException;
+import at.gv.egovernment.moa.id.auth.MOAIDAuthConstants;
+import at.gv.egovernment.moa.id.auth.WrongParametersException;
+import at.gv.egovernment.moa.id.auth.data.AuthenticationSession;
+import at.gv.egovernment.moa.id.config.auth.AuthConfigurationProvider;
+import at.gv.egovernment.moa.id.config.auth.OAAuthParameter;
+import at.gv.egovernment.moa.id.moduls.IRequest;
+import at.gv.egovernment.moa.id.moduls.RequestStorage;
+import at.gv.egovernment.moa.id.protocols.saml1.SAML1Protocol;
+import at.gv.egovernment.moa.id.util.ParamValidatorUtils;
+import at.gv.egovernment.moa.logging.Logger;
+import at.gv.egovernment.moa.util.BoolUtils;
+import at.gv.egovernment.moa.util.MiscUtil;
+import at.gv.egovernment.moa.util.StringUtils;
+import at.gv.egovernment.moa.util.URLEncoder;
+
+public class StartAuthentificationParameterParser implements MOAIDAuthConstants{
+
+ public static void parse(AuthenticationSession moasession,
+ String target,
+ String oaURL,
+ String bkuURL,
+ String templateURL,
+ String useMandate,
+ String ccc,
+ String module,
+ String action,
+ HttpServletRequest req) throws WrongParametersException, MOAIDException {
+
+ String targetFriendlyName = null;
+
+// String sso = req.getParameter(PARAM_SSO);
+
+ // escape parameter strings
+ target = StringEscapeUtils.escapeHtml(target);
+ oaURL = StringEscapeUtils.escapeHtml(oaURL);
+ bkuURL = StringEscapeUtils.escapeHtml(bkuURL);
+ templateURL = StringEscapeUtils.escapeHtml(templateURL);
+ useMandate = StringEscapeUtils.escapeHtml(useMandate);
+ ccc = StringEscapeUtils.escapeHtml(ccc);
+ // sso = StringEscapeUtils.escapeHtml(sso);
+
+ // check parameter
+
+ //pvp2.x can use general identifier (equals oaURL in SAML1)
+// if (!ParamValidatorUtils.isValidOA(oaURL))
+// throw new WrongParametersException("StartAuthentication", PARAM_OA, "auth.12");
+
+ if (!ParamValidatorUtils.isValidUseMandate(useMandate))
+ throw new WrongParametersException("StartAuthentication", PARAM_USEMANDATE, "auth.12");
+ if (!ParamValidatorUtils.isValidCCC(ccc))
+ throw new WrongParametersException("StartAuthentication", PARAM_CCC, "auth.12");
+// if (!ParamValidatorUtils.isValidUseMandate(sso))
+// throw new WrongParametersException("StartAuthentication", PARAM_SSO, "auth.12");
+
+ //check UseMandate flag
+ String useMandateString = null;
+ boolean useMandateBoolean = false;
+ if ((useMandate != null) && (useMandate.compareTo("") != 0)) {
+ useMandateString = useMandate;
+ } else {
+ useMandateString = "false";
+ }
+
+ if (useMandateString.compareToIgnoreCase("true") == 0)
+ useMandateBoolean = true;
+ else
+ useMandateBoolean = false;
+
+ moasession.setUseMandate(useMandateString);
+
+
+ //load OnlineApplication configuration
+ OAAuthParameter oaParam;
+ if (moasession.getPublicOAURLPrefix() != null) {
+ oaParam = AuthConfigurationProvider.getInstance()
+ .getOnlineApplicationParameter(
+ moasession.getPublicOAURLPrefix());
+
+ if (oaParam == null)
+ throw new AuthenticationException("auth.00",
+ new Object[] { moasession.getPublicOAURLPrefix() });
+
+ } else {
+ oaParam = AuthConfigurationProvider.getInstance()
+ .getOnlineApplicationParameter(oaURL);
+
+ if (oaParam == null)
+ throw new AuthenticationException("auth.00",
+ new Object[] { oaURL });
+
+
+ // get target and target friendly name from config
+ String targetConfig = oaParam.getTarget();
+ String targetFriendlyNameConfig = oaParam.getTargetFriendlyName();
+
+ if (StringUtils.isEmpty(targetConfig)) {
+ // no target attribut is given in OA config
+ // target is used from request
+ // check parameter
+ if (!ParamValidatorUtils.isValidTarget(target))
+ throw new WrongParametersException("StartAuthentication", PARAM_TARGET, "auth.12");
+
+ } else {
+ // use target from config
+ target = targetConfig;
+ targetFriendlyName = targetFriendlyNameConfig;
+ }
+
+
+// //check useSSO flag
+// String useSSOString = null;
+// boolean useSSOBoolean = false;
+// if ((sso != null) && (sso.compareTo("") != 0)) {
+// useSSOString = sso;
+// } else {
+// useSSOString = "false";
+// }
+ //
+// if (useSSOString.compareToIgnoreCase("true") == 0)
+// useSSOBoolean = true;
+// else
+// useSSOBoolean = false;
+
+ //moasession.setSsoRequested(useSSOBoolean);
+ moasession.setSsoRequested(true && oaParam.useSSO()); //make always SSO if OA requested it!!!!
+
+ //Validate BKU URI
+ if (!ParamValidatorUtils.isValidBKUURI(bkuURL, oaParam.getBKUURL()))
+ throw new WrongParametersException("StartAuthentication", PARAM_BKU, "auth.12");
+
+ if (!oaParam.getBusinessService()) {
+ if (isEmpty(target))
+ throw new WrongParametersException("StartAuthentication",
+ PARAM_TARGET, "auth.05");
+
+ } else {
+ if (useMandateBoolean) {
+ Logger.error("Online-Mandate Mode for bussines application not supported.");
+ throw new AuthenticationException("auth.17", null);
+ }
+ target = null;
+ targetFriendlyName = null;
+ }
+
+ moasession.setPublicOAURLPrefix(oaParam.getPublicURLPrefix());
+
+ moasession.setTarget(target);
+ moasession.setBusinessService(oaParam.getBusinessService());
+ moasession.setTargetFriendlyName(targetFriendlyName);
+ moasession.setDomainIdentifier(oaParam.getIdentityLinkDomainIdentifier());
+ }
+
+ //check OnlineApplicationURL
+ if (isEmpty(oaURL))
+ throw new WrongParametersException("StartAuthentication",
+ PARAM_OA, "auth.05");
+ moasession.setOAURLRequested(oaURL);
+
+ //check AuthURL
+ String authURL = req.getScheme() + "://" + req.getServerName();
+ if ((req.getScheme().equalsIgnoreCase("https") && req.getServerPort()!=443) || (req.getScheme().equalsIgnoreCase("http") && req.getServerPort()!=80)) {
+ authURL = authURL.concat(":" + req.getServerPort());
+ }
+ authURL = authURL.concat(req.getContextPath() + "/");
+
+ if (isEmpty(authURL))
+ throw new WrongParametersException("StartAuthentication",
+ "AuthURL", "auth.05");
+
+ // check if HTTP Connection may be allowed (through
+ // FRONTEND_SERVLETS_ENABLE_HTTP_CONNECTION_PROPERTY)
+ //INFO: removed from MOA-ID 2.0 Config
+// String boolStr = AuthConfigurationProvider
+// .getInstance()
+// .getGenericConfigurationParameter(
+// AuthConfigurationProvider.FRONTEND_SERVLETS_ENABLE_HTTP_CONNECTION_PROPERTY);
+
+ if ((!authURL.startsWith("https:"))
+// && (false == BoolUtils.valueOf(boolStr))
+ )
+ throw new AuthenticationException("auth.07",
+ new Object[] { authURL + "*" });
+
+ moasession.setAuthURL(authURL);
+
+ //check and set SourceID
+ if (oaParam.getSAML1Parameter() != null) {
+ String sourceID = oaParam.getSAML1Parameter().getSourceID();
+ if (MiscUtil.isNotEmpty(sourceID))
+ moasession.setSourceID(sourceID);
+ }
+
+ // BKU URL has not been set yet, even if session already exists
+ if (bkuURL == null) {
+ if (req.getScheme() != null && req.getScheme().equalsIgnoreCase("https")) {
+ bkuURL = DEFAULT_BKU_HTTPS;
+ } else {
+ bkuURL = DEFAULT_BKU;
+ }
+ }
+ moasession.setBkuURL(bkuURL);
+
+
+ if (!ParamValidatorUtils.isValidTemplate(req, templateURL, oaParam.getTemplateURL()))
+ throw new WrongParametersException("StartAuthentication", PARAM_TEMPLATE, "auth.12");
+ moasession.setTemplateURL(templateURL);
+
+ moasession.setCcc(ccc);
+
+ }
+
+ public static void parse(HttpServletRequest req, HttpServletResponse resp,
+ AuthenticationSession moasession, IRequest request) throws WrongParametersException, MOAIDException {
+
+
+ String modul = request.requestedModule();//req.getParameter(PARAM_MODUL);
+ String action = request.requestedAction();//req.getParameter(PARAM_ACTION);
+
+ modul = StringEscapeUtils.escapeHtml(modul);
+ action = StringEscapeUtils.escapeHtml(action);
+ if(modul == null) {
+ modul = SAML1Protocol.PATH;
+ }
+
+ if(action == null) {
+ action = SAML1Protocol.GETARTIFACT;
+ }
+ moasession.setModul(modul);
+ moasession.setAction(action);
+
+ //get Parameters from request
+ String target = req.getParameter(PARAM_TARGET);
+ String oaURL = req.getParameter(PARAM_OA);
+ String bkuURL = req.getParameter(PARAM_BKU);
+ String templateURL = req.getParameter(PARAM_TEMPLATE);
+ String useMandate = req.getParameter(PARAM_USEMANDATE);
+ String ccc = req.getParameter(PARAM_CCC);
+
+ oaURL = request.getOAURL();
+ target = request.getTarget();
+
+ parse(moasession, target, oaURL, bkuURL, templateURL, useMandate, ccc, modul, action, req);
+
+ }
+
+ /**
+ * Checks a parameter.
+ *
+ * @param param
+ * parameter
+ * @return true if the parameter is null or empty
+ */
+ private static boolean isEmpty(String param) {
+ return param == null || param.length() == 0;
+ }
+}
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/AuthServlet.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/AuthServlet.java
index 16041f8cb..022f21491 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/AuthServlet.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/AuthServlet.java
@@ -21,7 +21,6 @@
* that you distribute must include a readable copy of the "NOTICE" text file.
*/
-
package at.gv.egovernment.moa.id.auth.servlet;
import java.io.ByteArrayOutputStream;
@@ -47,228 +46,314 @@ import org.apache.commons.fileupload.disk.DiskFileItemFactory;
import org.apache.commons.fileupload.servlet.ServletFileUpload;
import at.gv.egovernment.moa.id.AuthenticationException;
-import at.gv.egovernment.moa.id.auth.AuthenticationServer;
import at.gv.egovernment.moa.id.auth.MOAIDAuthConstants;
import at.gv.egovernment.moa.id.auth.WrongParametersException;
-import at.gv.egovernment.moa.id.auth.builder.DataURLBuilder;
-import at.gv.egovernment.moa.id.auth.data.AuthenticationSession;
import at.gv.egovernment.moa.id.config.ConfigurationException;
import at.gv.egovernment.moa.id.config.auth.AuthConfigurationProvider;
+import at.gv.egovernment.moa.id.entrypoints.DispatcherServlet;
+import at.gv.egovernment.moa.id.storage.ExceptionStoreImpl;
+import at.gv.egovernment.moa.id.storage.IExceptionStore;
+import at.gv.egovernment.moa.id.util.ServletUtils;
import at.gv.egovernment.moa.logging.Logger;
import at.gv.egovernment.moa.util.BoolUtils;
import at.gv.egovernment.moa.util.URLDecoder;
-import at.gv.egovernment.moa.util.URLEncoder;
/**
- * Base class for MOA-ID Auth Servlets, providing standard error handling
- * and constant names.
+ * Base class for MOA-ID Auth Servlets, providing standard error handling and
+ * constant names.
*
* @author Paul Ivancsics
* @version $Id$
*/
public class AuthServlet extends HttpServlet implements MOAIDAuthConstants {
-
- /**
+ /**
*
*/
private static final long serialVersionUID = -6929905344382283738L;
-
-
+ protected static final String ERROR_CODE_PARAM = "errorid";
+
@Override
protected void doGet(HttpServletRequest req, HttpServletResponse resp)
- throws ServletException, IOException {
- Logger.debug("GET " + this.getServletName());
+ throws ServletException, IOException {
+ Logger.debug("GET " + this.getServletName());
this.setNoCachingHeadersInHttpRespone(req, resp);
-}
-/**
- * Handles an error. <br>>
- * <ul>
- * <li>Logs the error</li>
- * <li>Places error message and exception thrown into the request
- * as request attributes (to be used by <code>"/errorpage-auth.jsp"</code>)</li>
- * <li>Sets HTTP status 500 (internal server error)</li>
- * </ul>
- *
- * @param errorMessage error message
- * @param exceptionThrown exception thrown
- * @param req servlet request
- * @param resp servlet response
- */
- protected void handleError(
- String errorMessage, Throwable exceptionThrown, HttpServletRequest req, HttpServletResponse resp) {
+ }
-
- if(null != errorMessage) {
+ protected void handleErrorNoRedirect(String errorMessage, Throwable exceptionThrown,
+ HttpServletRequest req, HttpServletResponse resp) {
+
+ if (null != errorMessage) {
Logger.error(errorMessage);
- req.setAttribute("ErrorMessage", errorMessage );
+ req.setAttribute("ErrorMessage", errorMessage);
}
-
-
+
if (null != exceptionThrown) {
- if(null == errorMessage) errorMessage = exceptionThrown.getMessage();
+ if (null == errorMessage)
+ errorMessage = exceptionThrown.getMessage();
Logger.error(errorMessage, exceptionThrown);
req.setAttribute("ExceptionThrown", exceptionThrown);
}
-
+
if (Logger.isDebugEnabled()) {
- req.setAttribute("LogLevel", "debug");
+ req.setAttribute("LogLevel", "debug");
}
-
- //forward this to errorpage-auth.jsp where the HTML error page is generated
+
+ // forward this to errorpage-auth.jsp where the HTML error page is
+ // generated
ServletContext context = getServletContext();
- RequestDispatcher dispatcher = context.getRequestDispatcher("/errorpage-auth.jsp");
- try {
-
- resp.setHeader(MOAIDAuthConstants.HEADER_EXPIRES,MOAIDAuthConstants.HEADER_VALUE_EXPIRES);
- resp.setHeader(MOAIDAuthConstants.HEADER_PRAGMA,MOAIDAuthConstants.HEADER_VALUE_PRAGMA);
- resp.setHeader(MOAIDAuthConstants.HEADER_CACHE_CONTROL,MOAIDAuthConstants.HEADER_VALUE_CACHE_CONTROL);
- resp.addHeader(MOAIDAuthConstants.HEADER_CACHE_CONTROL,MOAIDAuthConstants.HEADER_VALUE_CACHE_CONTROL_IE);
-
- dispatcher.forward(req, resp);
- } catch (ServletException e) {
- Logger.error(e);
- } catch (IOException e) {
+ RequestDispatcher dispatcher = context
+ .getRequestDispatcher("/errorpage-auth.jsp");
+ try {
+
+ resp.setHeader(MOAIDAuthConstants.HEADER_EXPIRES,
+ MOAIDAuthConstants.HEADER_VALUE_EXPIRES);
+ resp.setHeader(MOAIDAuthConstants.HEADER_PRAGMA,
+ MOAIDAuthConstants.HEADER_VALUE_PRAGMA);
+ resp.setHeader(MOAIDAuthConstants.HEADER_CACHE_CONTROL,
+ MOAIDAuthConstants.HEADER_VALUE_CACHE_CONTROL);
+ resp.addHeader(MOAIDAuthConstants.HEADER_CACHE_CONTROL,
+ MOAIDAuthConstants.HEADER_VALUE_CACHE_CONTROL_IE);
+
+ dispatcher.forward(req, resp);
+ } catch (ServletException e) {
Logger.error(e);
- }
-
+ } catch (IOException e) {
+ Logger.error(e);
+ }
}
- /**
- * Handles a <code>WrongParametersException</code>.
- * @param req servlet request
- * @param resp servlet response
- */
- protected void handleWrongParameters(WrongParametersException ex, HttpServletRequest req, HttpServletResponse resp) {
- Logger.error(ex.toString());
- req.setAttribute("WrongParameters", ex.getMessage());
-
- // forward this to errorpage-auth.jsp where the HTML error page is generated
- ServletContext context = getServletContext();
- RequestDispatcher dispatcher = context.getRequestDispatcher("/errorpage-auth.jsp");
- try {
- resp.setHeader(MOAIDAuthConstants.HEADER_EXPIRES,MOAIDAuthConstants.HEADER_VALUE_EXPIRES);
- resp.setHeader(MOAIDAuthConstants.HEADER_PRAGMA,MOAIDAuthConstants.HEADER_VALUE_PRAGMA);
- resp.setHeader(MOAIDAuthConstants.HEADER_CACHE_CONTROL,MOAIDAuthConstants.HEADER_VALUE_CACHE_CONTROL);
- resp.addHeader(MOAIDAuthConstants.HEADER_CACHE_CONTROL,MOAIDAuthConstants.HEADER_VALUE_CACHE_CONTROL_IE);
+
+ /**
+ * Handles an error. <br>>
+ * <ul>
+ * <li>Logs the error</li>
+ * <li>Places error message and exception thrown into the request as request
+ * attributes (to be used by <code>"/errorpage-auth.jsp"</code>)</li>
+ * <li>Sets HTTP status 500 (internal server error)</li>
+ * </ul>
+ *
+ * @param errorMessage
+ * error message
+ * @param exceptionThrown
+ * exception thrown
+ * @param req
+ * servlet request
+ * @param resp
+ * servlet response
+ */
+ protected void handleError(String errorMessage, Throwable exceptionThrown,
+ HttpServletRequest req, HttpServletResponse resp, String pendingRequestID) {
+
+ if (null != errorMessage) {
+ Logger.error(errorMessage);
+ req.setAttribute("ErrorMessage", errorMessage);
+ }
+
+ if (null != exceptionThrown) {
+ if (null == errorMessage)
+ errorMessage = exceptionThrown.getMessage();
+ Logger.error(errorMessage, exceptionThrown);
+ req.setAttribute("ExceptionThrown", exceptionThrown);
+ }
+
+ if (Logger.isDebugEnabled()) {
+ req.setAttribute("LogLevel", "debug");
+ }
+
+ IExceptionStore store = ExceptionStoreImpl.getStore();
+ String id = store.storeException(exceptionThrown);
+
+ String redirectURL = null;
+
+ redirectURL = ServletUtils.getBaseUrl(req);
+ redirectURL += "/dispatcher?" + ERROR_CODE_PARAM + "=" + id
+ + "&" + DispatcherServlet.PARAM_TARGET_PENDINGREQUESTID + "=" + pendingRequestID;
- dispatcher.forward(req, resp);
- } catch (ServletException e) {
- Logger.error(e);
- } catch (IOException e) {
- Logger.error(e);
- }
- }
-
- /**
- * Logs all servlet parameters for debugging purposes.
- */
- protected void logParameters(HttpServletRequest req) {
- for (Enumeration params = req.getParameterNames(); params.hasMoreElements(); ) {
- String parname = (String)params.nextElement();
- Logger.debug("Parameter " + parname + req.getParameter(parname));
- }
- }
-
- /**
- * Parses the request input stream for parameters, assuming parameters are encoded UTF-8
- * (no standard exists how browsers should encode them).
- *
- * @param req servlet request
- *
- * @return mapping parameter name -> value
- *
- * @throws IOException if parsing request parameters fails.
- *
- * @throws FileUploadException if parsing request parameters fails.
- */
- protected Map getParameters(HttpServletRequest req)
- throws IOException, FileUploadException {
-
- Map parameters = new HashMap();
-
-
- if (ServletFileUpload.isMultipartContent(req))
- {
- // request is encoded as mulitpart/form-data
- FileItemFactory factory = new DiskFileItemFactory();
- ServletFileUpload upload = null;
- upload = new ServletFileUpload(factory);
- List items = null;
- items = upload.parseRequest(req);
- for (int i = 0; i < items.size(); i++)
- {
- FileItem item = (FileItem) items.get(i);
- if (item.isFormField())
- {
- // Process only form fields - no file upload items
- String logString = item.getString("UTF-8");
-
- // TODO use RegExp
- String startS = "<pr:Identification><pr:Value>";
- String endS = "</pr:Value><pr:Type>urn:publicid:gv.at:baseid</pr:Type>";
- String logWithMaskedBaseid = logString;
- int start = logString.indexOf(startS);
- if (start > -1) {
- int end = logString.indexOf(endS);
- if (end > -1) {
- logWithMaskedBaseid = logString.substring(0, start);
- logWithMaskedBaseid += startS;
- logWithMaskedBaseid += "xxxxxxxxxxxxxxxxxxxxxxxx";
- logWithMaskedBaseid += logString.substring(end, logString.length());
- }
- }
- parameters.put(item.getFieldName(), item.getString("UTF-8"));
- Logger.debug("Processed multipart/form-data request parameter: \nName: " +
- item.getFieldName() + "\nValue: " +
- logWithMaskedBaseid);
- }
- }
- }
-
- else
- {
- // request is encoded as application/x-www-urlencoded
- InputStream in = req.getInputStream();
-
- String paramName;
- String paramValueURLEncoded;
- do {
- paramName = new String(readBytesUpTo(in, '='));
- if (paramName.length() > 0) {
- paramValueURLEncoded = readBytesUpTo(in, '&');
- String paramValue = URLDecoder.decode(paramValueURLEncoded, "UTF-8");
- parameters.put(paramName, paramValue);
- }
- }
- while (paramName.length() > 0);
- in.close();
- }
-
- return parameters;
- }
-
- /**
- * Reads bytes up to a delimiter, consuming the delimiter.
- * @param in input stream
- * @param delimiter delimiter character
- * @return String constructed from the read bytes
- * @throws IOException
- */
- protected String readBytesUpTo(InputStream in, char delimiter) throws IOException {
- ByteArrayOutputStream bout = new ByteArrayOutputStream();
- boolean done = false;
- int b;
- while (! done && (b = in.read()) >= 0) {
- if (b == delimiter)
- done = true;
- else
- bout.write(b);
- }
- return bout.toString();
- }
+ resp.setContentType("text/html");
+ resp.setStatus(302);
+ resp.addHeader("Location", redirectURL);
+ Logger.debug("REDIRECT TO: " + redirectURL);
+
+ return;
+ /*
+ // forward this to errorpage-auth.jsp where the HTML error page is
+ // generated
+ ServletContext context = getServletContext();
+ RequestDispatcher dispatcher = context
+ .getRequestDispatcher("/errorpage-auth.jsp");
+ try {
+
+ resp.setHeader(MOAIDAuthConstants.HEADER_EXPIRES,
+ MOAIDAuthConstants.HEADER_VALUE_EXPIRES);
+ resp.setHeader(MOAIDAuthConstants.HEADER_PRAGMA,
+ MOAIDAuthConstants.HEADER_VALUE_PRAGMA);
+ resp.setHeader(MOAIDAuthConstants.HEADER_CACHE_CONTROL,
+ MOAIDAuthConstants.HEADER_VALUE_CACHE_CONTROL);
+ resp.addHeader(MOAIDAuthConstants.HEADER_CACHE_CONTROL,
+ MOAIDAuthConstants.HEADER_VALUE_CACHE_CONTROL_IE);
+
+ dispatcher.forward(req, resp);
+ } catch (ServletException e) {
+ Logger.error(e);
+ } catch (IOException e) {
+ Logger.error(e);
+ }
+ */
+ }
+
+ /**
+ * Handles a <code>WrongParametersException</code>.
+ *
+ * @param req
+ * servlet request
+ * @param resp
+ * servlet response
+ */
+ protected void handleWrongParameters(WrongParametersException ex,
+ HttpServletRequest req, HttpServletResponse resp) {
+ Logger.error(ex.toString());
+ req.setAttribute("WrongParameters", ex.getMessage());
+
+ // forward this to errorpage-auth.jsp where the HTML error page is
+ // generated
+ ServletContext context = getServletContext();
+ RequestDispatcher dispatcher = context
+ .getRequestDispatcher("/errorpage-auth.jsp");
+ try {
+ resp.setHeader(MOAIDAuthConstants.HEADER_EXPIRES,
+ MOAIDAuthConstants.HEADER_VALUE_EXPIRES);
+ resp.setHeader(MOAIDAuthConstants.HEADER_PRAGMA,
+ MOAIDAuthConstants.HEADER_VALUE_PRAGMA);
+ resp.setHeader(MOAIDAuthConstants.HEADER_CACHE_CONTROL,
+ MOAIDAuthConstants.HEADER_VALUE_CACHE_CONTROL);
+ resp.addHeader(MOAIDAuthConstants.HEADER_CACHE_CONTROL,
+ MOAIDAuthConstants.HEADER_VALUE_CACHE_CONTROL_IE);
+
+ dispatcher.forward(req, resp);
+ } catch (ServletException e) {
+ Logger.error(e);
+ } catch (IOException e) {
+ Logger.error(e);
+ }
+ }
+
+ /**
+ * Logs all servlet parameters for debugging purposes.
+ */
+ protected void logParameters(HttpServletRequest req) {
+ for (Enumeration params = req.getParameterNames(); params
+ .hasMoreElements();) {
+ String parname = (String) params.nextElement();
+ Logger.debug("Parameter " + parname + req.getParameter(parname));
+ }
+ }
+
+ /**
+ * Parses the request input stream for parameters, assuming parameters are
+ * encoded UTF-8 (no standard exists how browsers should encode them).
+ *
+ * @param req
+ * servlet request
+ *
+ * @return mapping parameter name -> value
+ *
+ * @throws IOException
+ * if parsing request parameters fails.
+ *
+ * @throws FileUploadException
+ * if parsing request parameters fails.
+ */
+ protected Map getParameters(HttpServletRequest req) throws IOException,
+ FileUploadException {
+
+ Map parameters = new HashMap();
+
+ if (ServletFileUpload.isMultipartContent(req)) {
+ // request is encoded as mulitpart/form-data
+ FileItemFactory factory = new DiskFileItemFactory();
+ ServletFileUpload upload = null;
+ upload = new ServletFileUpload(factory);
+ List items = null;
+ items = upload.parseRequest(req);
+ for (int i = 0; i < items.size(); i++) {
+ FileItem item = (FileItem) items.get(i);
+ if (item.isFormField()) {
+ // Process only form fields - no file upload items
+ String logString = item.getString("UTF-8");
+
+ // TODO use RegExp
+ String startS = "<pr:Identification><pr:Value>";
+ String endS = "</pr:Value><pr:Type>urn:publicid:gv.at:baseid</pr:Type>";
+ String logWithMaskedBaseid = logString;
+ int start = logString.indexOf(startS);
+ if (start > -1) {
+ int end = logString.indexOf(endS);
+ if (end > -1) {
+ logWithMaskedBaseid = logString.substring(0, start);
+ logWithMaskedBaseid += startS;
+ logWithMaskedBaseid += "xxxxxxxxxxxxxxxxxxxxxxxx";
+ logWithMaskedBaseid += logString.substring(end,
+ logString.length());
+ }
+ }
+ parameters
+ .put(item.getFieldName(), item.getString("UTF-8"));
+ Logger.debug("Processed multipart/form-data request parameter: \nName: "
+ + item.getFieldName()
+ + "\nValue: "
+ + logWithMaskedBaseid);
+ }
+ }
+ }
+
+ else {
+ // request is encoded as application/x-www-urlencoded
+ InputStream in = req.getInputStream();
+
+ String paramName;
+ String paramValueURLEncoded;
+ do {
+ paramName = new String(readBytesUpTo(in, '='));
+ if (paramName.length() > 0) {
+ paramValueURLEncoded = readBytesUpTo(in, '&');
+ String paramValue = URLDecoder.decode(paramValueURLEncoded,
+ "UTF-8");
+ parameters.put(paramName, paramValue);
+ }
+ } while (paramName.length() > 0);
+ in.close();
+ }
+
+ return parameters;
+ }
+
+ /**
+ * Reads bytes up to a delimiter, consuming the delimiter.
+ *
+ * @param in
+ * input stream
+ * @param delimiter
+ * delimiter character
+ * @return String constructed from the read bytes
+ * @throws IOException
+ */
+ protected String readBytesUpTo(InputStream in, char delimiter)
+ throws IOException {
+ ByteArrayOutputStream bout = new ByteArrayOutputStream();
+ boolean done = false;
+ int b;
+ while (!done && (b = in.read()) >= 0) {
+ if (b == delimiter)
+ done = true;
+ else
+ bout.write(b);
+ }
+ return bout.toString();
+ }
+
/**
* Calls the web application initializer.
*
@@ -277,51 +362,73 @@ public class AuthServlet extends HttpServlet implements MOAIDAuthConstants {
public void init(ServletConfig servletConfig) throws ServletException {
super.init(servletConfig);
}
-
+
/**
* Set response headers to avoid caching
- * @param request HttpServletRequest
- * @param response HttpServletResponse
+ *
+ * @param request
+ * HttpServletRequest
+ * @param response
+ * HttpServletResponse
*/
- protected void setNoCachingHeadersInHttpRespone(HttpServletRequest request, HttpServletResponse response) {
- response.setHeader(MOAIDAuthConstants.HEADER_EXPIRES,MOAIDAuthConstants.HEADER_VALUE_EXPIRES);
- response.setHeader(MOAIDAuthConstants.HEADER_PRAGMA,MOAIDAuthConstants.HEADER_VALUE_PRAGMA);
- response.setHeader(MOAIDAuthConstants.HEADER_CACHE_CONTROL,MOAIDAuthConstants.HEADER_VALUE_CACHE_CONTROL);
- response.addHeader(MOAIDAuthConstants.HEADER_CACHE_CONTROL,MOAIDAuthConstants.HEADER_VALUE_CACHE_CONTROL_IE);
-
+ protected void setNoCachingHeadersInHttpRespone(HttpServletRequest request,
+ HttpServletResponse response) {
+ response.setHeader(MOAIDAuthConstants.HEADER_EXPIRES,
+ MOAIDAuthConstants.HEADER_VALUE_EXPIRES);
+ response.setHeader(MOAIDAuthConstants.HEADER_PRAGMA,
+ MOAIDAuthConstants.HEADER_VALUE_PRAGMA);
+ response.setHeader(MOAIDAuthConstants.HEADER_CACHE_CONTROL,
+ MOAIDAuthConstants.HEADER_VALUE_CACHE_CONTROL);
+ response.addHeader(MOAIDAuthConstants.HEADER_CACHE_CONTROL,
+ MOAIDAuthConstants.HEADER_VALUE_CACHE_CONTROL_IE);
+
}
-
+
/**
- * Adds a parameter to a URL.
- * @param url the URL
- * @param paramname parameter name
- * @param paramvalue parameter value
- * @return the URL with parameter added
- */
- protected static String addURLParameter(String url, String paramname, String paramvalue) {
- String param = paramname + "=" + paramvalue;
- if (url.indexOf("?") < 0)
- return url + "?" + param;
- else
- return url + "&" + param;
- }
-
- /**
- * Checks if HTTP requests are allowed
- * @param authURL requestURL
- * @throws AuthenticationException if HTTP requests are not allowed
- * @throws ConfigurationException
- */
- protected void checkIfHTTPisAllowed(String authURL) throws AuthenticationException, ConfigurationException {
+ * Adds a parameter to a URL.
+ *
+ * @param url
+ * the URL
+ * @param paramname
+ * parameter name
+ * @param paramvalue
+ * parameter value
+ * @return the URL with parameter added
+ */
+ protected static String addURLParameter(String url, String paramname,
+ String paramvalue) {
+ String param = paramname + "=" + paramvalue;
+ if (url.indexOf("?") < 0)
+ return url + "?" + param;
+ else
+ return url + "&" + param;
+ }
+
+ /**
+ * Checks if HTTP requests are allowed
+ *
+ * @param authURL
+ * requestURL
+ * @throws AuthenticationException
+ * if HTTP requests are not allowed
+ * @throws ConfigurationException
+ */
+ protected void checkIfHTTPisAllowed(String authURL)
+ throws AuthenticationException, ConfigurationException {
// check if HTTP Connection may be allowed (through
- // FRONTEND_SERVLETS_ENABLE_HTTP_CONNECTION_PROPERTY)
- String boolStr = AuthConfigurationProvider.getInstance().getGenericConfigurationParameter(
- AuthConfigurationProvider.FRONTEND_SERVLETS_ENABLE_HTTP_CONNECTION_PROPERTY);
- if ((!authURL.startsWith("https:"))
- && (false == BoolUtils.valueOf(boolStr)))
- throw new AuthenticationException("auth.07",
- new Object[] { authURL + "*" });
-
- }
+ // FRONTEND_SERVLETS_ENABLE_HTTP_CONNECTION_PROPERTY)
+
+ //Removed from MOA-ID 2.0 config
+// String boolStr = AuthConfigurationProvider
+// .getInstance()
+// .getGenericConfigurationParameter(
+// AuthConfigurationProvider.FRONTEND_SERVLETS_ENABLE_HTTP_CONNECTION_PROPERTY);
+ if ((!authURL.startsWith("https:"))
+ //&& (false == BoolUtils.valueOf(boolStr))
+ )
+ throw new AuthenticationException("auth.07", new Object[] { authURL
+ + "*" });
+
+ }
}
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/GenerateIFrameTemplateServlet.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/GenerateIFrameTemplateServlet.java
new file mode 100644
index 000000000..d4484a97c
--- /dev/null
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/GenerateIFrameTemplateServlet.java
@@ -0,0 +1,147 @@
+package at.gv.egovernment.moa.id.auth.servlet;
+
+import java.io.IOException;
+import java.io.PrintWriter;
+import java.util.Arrays;
+import java.util.List;
+
+import javax.servlet.ServletConfig;
+import javax.servlet.ServletException;
+import javax.servlet.http.HttpServletRequest;
+import javax.servlet.http.HttpServletResponse;
+import javax.servlet.http.HttpSession;
+
+import org.apache.commons.lang.StringEscapeUtils;
+import org.bouncycastle.asn1.x509.Target;
+
+import com.trilead.ssh2.Session;
+
+import at.gv.egovernment.moa.id.AuthenticationException;
+import at.gv.egovernment.moa.id.MOAIDException;
+import at.gv.egovernment.moa.id.auth.MOAIDAuthInitializer;
+import at.gv.egovernment.moa.id.auth.WrongParametersException;
+import at.gv.egovernment.moa.id.auth.builder.StartAuthenticationBuilder;
+import at.gv.egovernment.moa.id.auth.data.AuthenticationSession;
+import at.gv.egovernment.moa.id.auth.parser.StartAuthentificationParameterParser;
+import at.gv.egovernment.moa.id.commons.db.ConfigurationDBUtils;
+import at.gv.egovernment.moa.id.commons.db.ex.MOADatabaseException;
+import at.gv.egovernment.moa.id.config.auth.AuthConfigurationProvider;
+import at.gv.egovernment.moa.id.config.auth.OAAuthParameter;
+import at.gv.egovernment.moa.id.moduls.AuthenticationManager;
+import at.gv.egovernment.moa.id.storage.AuthenticationSessionStoreage;
+import at.gv.egovernment.moa.id.util.MOAIDMessageProvider;
+import at.gv.egovernment.moa.logging.Logger;
+import at.gv.egovernment.moa.util.StringUtils;
+
+public class GenerateIFrameTemplateServlet extends AuthServlet {
+
+ private static final long serialVersionUID = 1L;
+
+ public void init(ServletConfig servletConfig) throws ServletException {
+ try {
+ super.init(servletConfig);
+ MOAIDAuthInitializer.initialize();
+ Logger.debug("default platform file.encoding: " + System.getProperty("file.encoding"));
+ Logger.info(MOAIDMessageProvider.getInstance().getMessage("init.00", null));
+ }
+ catch (Exception ex) {
+ Logger.fatal(MOAIDMessageProvider.getInstance().getMessage("init.02", null), ex);
+ throw new ServletException(ex);
+ }
+ }
+
+ protected void doGet(HttpServletRequest req, HttpServletResponse resp)
+ throws ServletException, IOException {
+ Logger.info("Receive " + GenerateIFrameTemplateServlet.class + " Request");
+
+ String pendingRequestID = null;
+
+ try {
+ String bkuid = req.getParameter(PARAM_BKU);
+ String useMandate = req.getParameter(PARAM_USEMANDATE);
+ String ccc = req.getParameter(PARAM_CCC);
+ String moasessionid = req.getParameter(PARAM_SESSIONID);
+
+ AuthenticationSession moasession = null;
+
+ try {
+ //moasessionid = (String) req.getSession().getAttribute(AuthenticationManager.MOA_SESSION);
+
+ pendingRequestID = AuthenticationSessionStoreage.getPendingRequestID(moasessionid);
+
+ moasession = AuthenticationSessionStoreage.getSession(moasessionid);
+
+ String newmoasessionid = AuthenticationSessionStoreage.changeSessionID(moasession);
+
+ } catch (MOADatabaseException e) {
+ Logger.info("MOASession with SessionID="+ moasessionid + " is not found in Database");
+ throw new MOAIDException("init.04", new Object[] {
+ moasessionid});
+
+ } catch (Throwable e) {
+ Logger.info("No HTTP Session found!");
+ throw new MOAIDException("auth.18", new Object[] {});
+ }
+
+ //load OA Config
+ OAAuthParameter oaParam = AuthConfigurationProvider.getInstance()
+ .getOnlineApplicationParameter(moasession.getOAURLRequested());
+
+ if (oaParam == null)
+ throw new AuthenticationException("auth.00", new Object[] { moasession.getOAURLRequested() });
+
+ else {
+
+ //load Parameters from config
+ String target = oaParam.getTarget();
+
+ String bkuURL = oaParam.getBKUURL(bkuid);
+ String templateURL = AuthConfigurationProvider.getInstance().getSLRequestTemplates(bkuid);
+
+ //parse all OA parameters i
+ StartAuthentificationParameterParser.parse(moasession,
+ target,
+ moasession.getOAURLRequested(),
+ bkuURL,
+ templateURL,
+ useMandate,
+ ccc,
+ moasession.getModul(),
+ moasession.getAction(),
+ req);
+ }
+
+ StartAuthenticationBuilder startauth = StartAuthenticationBuilder.getInstance();
+ String getIdentityLinkForm = startauth.build(moasession, req, resp);
+
+ //store MOASession
+ try {
+ AuthenticationSessionStoreage.storeSession(moasession);
+
+ } catch (MOADatabaseException e) {
+ Logger.error("Database Error! MOASession is not stored!");
+ throw new MOAIDException("init.04", new Object[] {
+ moasession.getSessionID()});
+ }
+
+ if (!StringUtils.isEmpty(getIdentityLinkForm)) {
+ resp.setContentType("text/html;charset=UTF-8");
+ PrintWriter out = new PrintWriter(resp.getOutputStream());
+ out.print(getIdentityLinkForm);
+ out.flush();
+ Logger.debug("Finished GET "+GenerateIFrameTemplateServlet.class);
+ }
+ }
+ catch (WrongParametersException ex) {
+ handleWrongParameters(ex, req, resp);
+ }
+
+ catch (MOAIDException ex) {
+ handleError(null, ex, req, resp, pendingRequestID);
+ }
+
+ finally {
+ ConfigurationDBUtils.closeSession();
+ }
+ }
+}
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/GetForeignIDServlet.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/GetForeignIDServlet.java
index 6516e64b7..02c751a0a 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/GetForeignIDServlet.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/GetForeignIDServlet.java
@@ -49,10 +49,12 @@ import at.gv.egovernment.moa.id.auth.parser.CreateXMLSignatureResponseParser;
import at.gv.egovernment.moa.id.auth.parser.IdentityLinkAssertionParser;
import at.gv.egovernment.moa.id.auth.validator.parep.client.szrgw.CreateIdentityLinkResponse;
import at.gv.egovernment.moa.id.auth.validator.parep.client.szrgw.SZRGWClientException;
+import at.gv.egovernment.moa.id.commons.db.ex.MOADatabaseException;
+import at.gv.egovernment.moa.id.moduls.ModulUtils;
+import at.gv.egovernment.moa.id.storage.AuthenticationSessionStoreage;
import at.gv.egovernment.moa.id.util.ParamValidatorUtils;
import at.gv.egovernment.moa.logging.Logger;
import at.gv.egovernment.moa.util.DOMUtils;
-import at.gv.egovernment.moa.util.URLEncoder;
/**
* Servlet requested for getting the foreign eID
@@ -112,7 +114,10 @@ public class GetForeignIDServlet extends AuthServlet {
resp.setHeader(MOAIDAuthConstants.HEADER_CACHE_CONTROL,MOAIDAuthConstants.HEADER_VALUE_CACHE_CONTROL);
resp.addHeader(MOAIDAuthConstants.HEADER_CACHE_CONTROL,MOAIDAuthConstants.HEADER_VALUE_CACHE_CONTROL_IE);
- Map parameters;
+ Map parameters;
+
+ String pendingRequestID = null;
+
try
{
parameters = getParameters(req);
@@ -121,7 +126,8 @@ public class GetForeignIDServlet extends AuthServlet {
Logger.error("Parsing mulitpart/form-data request parameters failed: " + e.getMessage());
throw new IOException(e.getMessage());
}
- String sessionID = req.getParameter(PARAM_SESSIONID);
+ String sessionID = req.getParameter(PARAM_SESSIONID);
+ pendingRequestID = AuthenticationSessionStoreage.getPendingRequestID(sessionID);
// escape parameter strings
sessionID = StringEscapeUtils.escapeHtml(sessionID);
@@ -177,18 +183,38 @@ public class GetForeignIDServlet extends AuthServlet {
session.setIdentityLink(identitylink);
String samlArtifactBase64 =
- AuthenticationServer.getInstance().getForeignAuthenticationData(sessionID);
+ AuthenticationServer.getInstance().getForeignAuthenticationData(session);
+
+
+ //session is implicit stored in changeSessionID!!!!
+ String newMOASessionID = AuthenticationSessionStoreage.changeSessionID(session);
+
+ Logger.info("Changed MOASession " + sessionID + " to Session " + newMOASessionID);
+ Logger.info("Daten angelegt zu MOASession " + newMOASessionID);
+
if (!samlArtifactBase64.equals("Redirect to Input Processor")) {
- redirectURL = session.getOAURLRequested();
+ /*redirectURL = session.getOAURLRequested();
if (!session.getBusinessService()) {
redirectURL = addURLParameter(redirectURL, PARAM_TARGET, URLEncoder.encode(session.getTarget(), "UTF-8"));
}
redirectURL = addURLParameter(redirectURL, PARAM_SAMLARTIFACT, URLEncoder.encode(samlArtifactBase64, "UTF-8"));
+ redirectURL = resp.encodeRedirectURL(redirectURL);*/
+
+ redirectURL = new DataURLBuilder().buildDataURL(session.getAuthURL(),
+ ModulUtils.buildAuthURL(session.getModul(), session.getAction(), pendingRequestID), newMOASessionID);
redirectURL = resp.encodeRedirectURL(redirectURL);
- } else {
- redirectURL = new DataURLBuilder().buildDataURL(session.getAuthURL(), AuthenticationServer.REQ_PROCESS_VALIDATOR_INPUT, session.getSessionID());
+ } else {
+ redirectURL = new DataURLBuilder().buildDataURL(session.getAuthURL(), AuthenticationServer.REQ_PROCESS_VALIDATOR_INPUT, newMOASessionID);
+
}
+
+ try {
+ AuthenticationSessionStoreage.storeSession(session);
+ } catch (MOADatabaseException e) {
+ throw new MOAIDException("Session store error", null);
+ }
+
resp.setContentType("text/html");
resp.setStatus(302);
@@ -198,10 +224,10 @@ public class GetForeignIDServlet extends AuthServlet {
}
catch (MOAIDException ex) {
- handleError(null, ex, req, resp);
+ handleError(null, ex, req, resp, pendingRequestID);
}
catch (SZRGWClientException ex) {
- handleError(null, ex, req, resp);
+ handleError(null, ex, req, resp, pendingRequestID);
}
}
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/GetMISSessionIDServlet.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/GetMISSessionIDServlet.java
index 04fbc0588..e461197e2 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/GetMISSessionIDServlet.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/GetMISSessionIDServlet.java
@@ -21,9 +21,8 @@
* that you distribute must include a readable copy of the "NOTICE" text file.
*/
+package at.gv.egovernment.moa.id.auth.servlet;
-package at.gv.egovernment.moa.id.auth.servlet;
-
import iaik.pki.PKIException;
import java.io.IOException;
@@ -41,6 +40,7 @@ import org.apache.commons.lang.StringEscapeUtils;
import org.w3c.dom.Element;
import org.xml.sax.SAXException;
+import at.gv.egovernment.moa.id.AuthenticationException;
import at.gv.egovernment.moa.id.MOAIDException;
import at.gv.egovernment.moa.id.auth.AuthenticationServer;
import at.gv.egovernment.moa.id.auth.MOAIDAuthConstants;
@@ -48,8 +48,11 @@ import at.gv.egovernment.moa.id.auth.WrongParametersException;
import at.gv.egovernment.moa.id.auth.builder.BPKBuilder;
import at.gv.egovernment.moa.id.auth.builder.DataURLBuilder;
import at.gv.egovernment.moa.id.auth.data.AuthenticationSession;
+import at.gv.egovernment.moa.id.commons.db.ConfigurationDBUtils;
import at.gv.egovernment.moa.id.config.ConnectionParameter;
import at.gv.egovernment.moa.id.config.auth.AuthConfigurationProvider;
+import at.gv.egovernment.moa.id.moduls.ModulUtils;
+import at.gv.egovernment.moa.id.storage.AuthenticationSessionStoreage;
import at.gv.egovernment.moa.id.util.ParamValidatorUtils;
import at.gv.egovernment.moa.id.util.SSLUtils;
import at.gv.egovernment.moa.id.util.client.mis.simple.MISMandate;
@@ -58,160 +61,181 @@ import at.gv.egovernment.moa.id.util.client.mis.simple.MISSimpleClientException;
import at.gv.egovernment.moa.logging.Logger;
import at.gv.egovernment.moa.util.DOMUtils;
import at.gv.egovernment.moa.util.URLEncoder;
-
-/**
- * Servlet requested for getting the foreign eID
- * provided by the security layer implementation.
- * Utilizes the {@link AuthenticationServer}.
- *
- */
-public class GetMISSessionIDServlet extends AuthServlet {
-
- /**
+
+/**
+ * Servlet requested for getting the foreign eID provided by the security layer
+ * implementation. Utilizes the {@link AuthenticationServer}.
+ *
+ */
+public class GetMISSessionIDServlet extends AuthServlet {
+
+ /**
*
*/
private static final long serialVersionUID = 4666952867085392597L;
-/**
- * Constructor for GetMISSessionIDServlet.
- */
- public GetMISSessionIDServlet() {
- super();
- }
-
- /**
- * GET requested by security layer implementation to verify
- * that data URL resource is available.
- * @see javax.servlet.http.HttpServlet#doGet(HttpServletRequest, HttpServletResponse)
- */
- protected void doGet(HttpServletRequest req, HttpServletResponse resp)
- throws ServletException, IOException {
-
- doPost(req, resp);
-
-// Logger.debug("GET GetMISSessionIDServlet");
-//
-// resp.setHeader(MOAIDAuthConstants.HEADER_EXPIRES,MOAIDAuthConstants.HEADER_VALUE_EXPIRES);
-// resp.setHeader(MOAIDAuthConstants.HEADER_PRAGMA,MOAIDAuthConstants.HEADER_VALUE_PRAGMA);
-// resp.setHeader(MOAIDAuthConstants.HEADER_CACHE_CONTROL,MOAIDAuthConstants.HEADER_VALUE_CACHE_CONTROL);
-// resp.addHeader(MOAIDAuthConstants.HEADER_CACHE_CONTROL,MOAIDAuthConstants.HEADER_VALUE_CACHE_CONTROL_IE);
- }
-
- /**
- * Gets the signer certificate from the InfoboxReadRequest and
- * responds with a new
- * <code>CreateXMLSignatureRequest</code>.
- * <br>
- * Request parameters:
- * <ul>
- * <li>MOASessionID: ID of associated authentication session</li>
- * <li>XMLResponse: <code>&lt;InfoboxReadResponse&gt;</code></li>
- * </ul>
- * @see javax.servlet.http.HttpServlet#doPost(HttpServletRequest, HttpServletResponse)
- */
- protected void doPost(HttpServletRequest req, HttpServletResponse resp)
- throws ServletException, IOException {
-
- Logger.debug("POST GetMISSessionIDServlet");
-
- resp.setHeader(MOAIDAuthConstants.HEADER_EXPIRES,MOAIDAuthConstants.HEADER_VALUE_EXPIRES);
- resp.setHeader(MOAIDAuthConstants.HEADER_PRAGMA,MOAIDAuthConstants.HEADER_VALUE_PRAGMA);
- resp.setHeader(MOAIDAuthConstants.HEADER_CACHE_CONTROL,MOAIDAuthConstants.HEADER_VALUE_CACHE_CONTROL);
- resp.addHeader(MOAIDAuthConstants.HEADER_CACHE_CONTROL,MOAIDAuthConstants.HEADER_VALUE_CACHE_CONTROL_IE);
-
-// Map parameters;
-// try
-// {
-// parameters = getParameters(req);
-// } catch (FileUploadException e)
-// {
-// Logger.error("Parsing mulitpart/form-data request parameters failed: " + e.getMessage());
-// throw new IOException(e.getMessage());
-// }
-
- String sessionID = req.getParameter(PARAM_SESSIONID);
-
- // escape parameter strings
- sessionID = StringEscapeUtils.escapeHtml(sessionID);
-
- AuthenticationSession session = null;
- try {
- // check parameter
- if (!ParamValidatorUtils.isValidSessionID(sessionID))
- throw new WrongParametersException("VerifyCertificate", PARAM_SESSIONID, "auth.12");
-
- session = AuthenticationServer.getSession(sessionID);
-
- String misSessionID = session.getMISSessionID();
-
- AuthConfigurationProvider authConf= AuthConfigurationProvider.getInstance();
- ConnectionParameter connectionParameters = authConf.getOnlineMandatesConnectionParameter();
- SSLSocketFactory sslFactory = SSLUtils.getSSLSocketFactory(AuthConfigurationProvider.getInstance(), connectionParameters);
-
- List list = MISSimpleClient.sendGetMandatesRequest(connectionParameters.getUrl(), misSessionID, sslFactory);
-
- if (list == null) {
- Logger.error("Keine Vollmacht gefunden.");
- throw new MISSimpleClientException("Keine Vollmacht gefunden");
- }
- if (list.size() == 0) {
- Logger.error("Keine Vollmacht gefunden.");
- throw new MISSimpleClientException("Keine Vollmacht gefunden");
- }
-
- // for now: list contains only one element
- MISMandate mandate = (MISMandate)list.get(0);
-
-
- // verify mandate signature
- AuthenticationServer.getInstance().verifyMandate(sessionID, mandate);
-
- byte[] byteMandate = mandate.getMandate();
- String stringMandate = new String(byteMandate);
- Element mandateDoc = DOMUtils.parseDocument(stringMandate, false, null, null).getDocumentElement();
-
- //TODO OW bPK (Offen: was bei saml:NameIdentifier NameQualifier="urn:publicid:gv.at:cdid+bpk"> und <saml:Attribute AttributeName="bPK" )
- System.out.println("\n\n\n OW BPK: " + mandate.getOWbPK());
- // TODO wenn OW bPK vorhanden - in SAML Assertion setzen!
-
- String redirectURL = null;
- String samlArtifactBase64 =
- AuthenticationServer.getInstance().verifyAuthenticationBlockMandate(sessionID, mandateDoc);
-
-
- if (!samlArtifactBase64.equals("Redirect to Input Processor")) {
- redirectURL = session.getOAURLRequested();
- if (!session.getBusinessService()) {
- redirectURL = addURLParameter(redirectURL, PARAM_TARGET, URLEncoder.encode(session.getTarget(), "UTF-8"));
- }
- redirectURL = addURLParameter(redirectURL, PARAM_SAMLARTIFACT, URLEncoder.encode(samlArtifactBase64, "UTF-8"));
- redirectURL = resp.encodeRedirectURL(redirectURL);
- } else {
- redirectURL = new DataURLBuilder().buildDataURL(session.getAuthURL(), AuthenticationServer.REQ_PROCESS_VALIDATOR_INPUT, session.getSessionID());
- }
- resp.setContentType("text/html");
- resp.setStatus(302);
-
- resp.addHeader("Location", redirectURL);
- Logger.debug("REDIRECT TO: " + redirectURL);
-
-
- }
- catch (MOAIDException ex) {
- handleError(null, ex, req, resp);
- } catch (GeneralSecurityException ex) {
- handleError(null, ex, req, resp);
- } catch (PKIException e) {
- handleError(null, e, req, resp);
- } catch (MISSimpleClientException e) {
- handleError(null, e, req, resp);
+ /**
+ * Constructor for GetMISSessionIDServlet.
+ */
+ public GetMISSessionIDServlet() {
+ super();
+ }
+
+ /**
+ * GET requested by security layer implementation to verify that data URL
+ * resource is available.
+ *
+ * @see javax.servlet.http.HttpServlet#doGet(HttpServletRequest,
+ * HttpServletResponse)
+ */
+ protected void doGet(HttpServletRequest req, HttpServletResponse resp)
+ throws ServletException, IOException {
+
+ doPost(req, resp);
+
+ // Logger.debug("GET GetMISSessionIDServlet");
+ //
+ // resp.setHeader(MOAIDAuthConstants.HEADER_EXPIRES,MOAIDAuthConstants.HEADER_VALUE_EXPIRES);
+ // resp.setHeader(MOAIDAuthConstants.HEADER_PRAGMA,MOAIDAuthConstants.HEADER_VALUE_PRAGMA);
+ // resp.setHeader(MOAIDAuthConstants.HEADER_CACHE_CONTROL,MOAIDAuthConstants.HEADER_VALUE_CACHE_CONTROL);
+ // resp.addHeader(MOAIDAuthConstants.HEADER_CACHE_CONTROL,MOAIDAuthConstants.HEADER_VALUE_CACHE_CONTROL_IE);
+ }
+
+ /**
+ * Gets the signer certificate from the InfoboxReadRequest and responds with
+ * a new <code>CreateXMLSignatureRequest</code>. <br>
+ * Request parameters:
+ * <ul>
+ * <li>MOASessionID: ID of associated authentication session</li>
+ * <li>XMLResponse: <code>&lt;InfoboxReadResponse&gt;</code></li>
+ * </ul>
+ *
+ * @see javax.servlet.http.HttpServlet#doPost(HttpServletRequest,
+ * HttpServletResponse)
+ */
+ protected void doPost(HttpServletRequest req, HttpServletResponse resp)
+ throws ServletException, IOException {
+
+ Logger.debug("POST GetMISSessionIDServlet");
+
+ resp.setHeader(MOAIDAuthConstants.HEADER_EXPIRES,
+ MOAIDAuthConstants.HEADER_VALUE_EXPIRES);
+ resp.setHeader(MOAIDAuthConstants.HEADER_PRAGMA,
+ MOAIDAuthConstants.HEADER_VALUE_PRAGMA);
+ resp.setHeader(MOAIDAuthConstants.HEADER_CACHE_CONTROL,
+ MOAIDAuthConstants.HEADER_VALUE_CACHE_CONTROL);
+ resp.addHeader(MOAIDAuthConstants.HEADER_CACHE_CONTROL,
+ MOAIDAuthConstants.HEADER_VALUE_CACHE_CONTROL_IE);
+
+ // Map parameters;
+ // try
+ // {
+ // parameters = getParameters(req);
+ // } catch (FileUploadException e)
+ // {
+ // Logger.error("Parsing mulitpart/form-data request parameters failed: "
+ // + e.getMessage());
+ // throw new IOException(e.getMessage());
+ // }
+
+ String sessionID = req.getParameter(PARAM_SESSIONID);
+
+ // escape parameter strings
+ sessionID = StringEscapeUtils.escapeHtml(sessionID);
+
+ AuthenticationSession session = null;
+ String pendingRequestID = null;
+ try {
+ // check parameter
+ if (!ParamValidatorUtils.isValidSessionID(sessionID))
+ throw new WrongParametersException("VerifyCertificate",
+ PARAM_SESSIONID, "auth.12");
+
+ pendingRequestID = AuthenticationSessionStoreage.getPendingRequestID(sessionID);
+
+ session = AuthenticationServer.getSession(sessionID);
+
+ String misSessionID = session.getMISSessionID();
+
+ AuthConfigurationProvider authConf = AuthConfigurationProvider
+ .getInstance();
+ ConnectionParameter connectionParameters = authConf
+ .getOnlineMandatesConnectionParameter();
+ SSLSocketFactory sslFactory = SSLUtils.getSSLSocketFactory(
+ AuthConfigurationProvider.getInstance(),
+ connectionParameters);
+
+ List list = MISSimpleClient.sendGetMandatesRequest(
+ connectionParameters.getUrl(), misSessionID, sslFactory);
+
+ if (list == null) {
+ Logger.error("Keine Vollmacht gefunden.");
+ throw new MISSimpleClientException("Keine Vollmacht gefunden");
+ }
+ if (list.size() == 0) {
+ Logger.error("Keine Vollmacht gefunden.");
+ throw new MISSimpleClientException("Keine Vollmacht gefunden");
+ }
+
+ // for now: list contains only one element
+ MISMandate mandate = (MISMandate) list.get(0);
+
+ String sMandate = new String(mandate.getMandate());
+ if (sMandate == null | sMandate.compareToIgnoreCase("") == 0) {
+ Logger.error("Mandate is empty.");
+ throw new AuthenticationException("auth.16",
+ new Object[] { GET_MIS_SESSIONID });
+ }
+
+ //check if it is a parsable XML
+ byte[] byteMandate = mandate.getMandate();
+ String stringMandate = new String(byteMandate);
+ Element mandateDoc = DOMUtils.parseDocument(stringMandate, false,
+ null, null).getDocumentElement();
+
+ // extract RepresentationType
+ AuthenticationServer.getInstance().verifyMandate(session, mandate);
+
+ session.setMISMandate(mandate);
+ session.setAuthenticatedUsed(false);
+ session.setAuthenticated(true);
+
+ String oldsessionID = session.getSessionID();
+
+ //Session is implicite stored in changeSessionID!!!
+ String newMOASessionID = AuthenticationSessionStoreage.changeSessionID(session);
+
+ Logger.info("Changed MOASession " + oldsessionID + " to Session " + newMOASessionID);
+ Logger.info("Daten angelegt zu MOASession " + newMOASessionID);
+
+ String redirectURL = new DataURLBuilder().buildDataURL(
+ session.getAuthURL(),
+ ModulUtils.buildAuthURL(session.getModul(),
+ session.getAction(), pendingRequestID), newMOASessionID);
+ redirectURL = resp.encodeRedirectURL(redirectURL);
+
+ resp.setContentType("text/html");
+ resp.setStatus(302);
+ resp.addHeader("Location", redirectURL);
+ Logger.debug("REDIRECT TO: " + redirectURL);
+
+ } catch (MOAIDException ex) {
+ handleError(null, ex, req, resp, pendingRequestID);
+ } catch (GeneralSecurityException ex) {
+ handleError(null, ex, req, resp, pendingRequestID);
+ } catch (PKIException e) {
+ handleError(null, e, req, resp, pendingRequestID);
+ } catch (MISSimpleClientException e) {
+ handleError(null, e, req, resp, pendingRequestID);
} catch (SAXException e) {
- handleError(null, e, req, resp);
+ handleError(null, e, req, resp, pendingRequestID);
} catch (ParserConfigurationException e) {
- handleError(null, e, req, resp);
- }
- }
-
-
-
- }
+ handleError(null, e, req, resp, pendingRequestID);
+ }
+
+ finally {
+ ConfigurationDBUtils.closeSession();
+ }
+ }
+
+}
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/LogOutServlet.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/LogOutServlet.java
new file mode 100644
index 000000000..8dc5d7469
--- /dev/null
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/LogOutServlet.java
@@ -0,0 +1,144 @@
+/*
+ * Copyright 2003 Federal Chancellery Austria
+ * MOA-ID has been developed in a cooperation between BRZ, the Federal
+ * Chancellery Austria - ICT staff unit, and Graz University of Technology.
+ *
+ * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by
+ * the European Commission - subsequent versions of the EUPL (the "Licence");
+ * You may not use this work except in compliance with the Licence.
+ * You may obtain a copy of the Licence at:
+ * http://www.osor.eu/eupl/
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the Licence is distributed on an "AS IS" basis,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the Licence for the specific language governing permissions and
+ * limitations under the Licence.
+ *
+ * This product combines work with different licenses. See the "NOTICE" text
+ * file for details on the various modules and licenses.
+ * The "NOTICE" text file is part of the distribution. Any derivative works
+ * that you distribute must include a readable copy of the "NOTICE" text file.
+ */
+
+
+package at.gv.egovernment.moa.id.auth.servlet;
+
+import java.io.IOException;
+import java.io.PrintWriter;
+import java.util.List;
+
+import javax.servlet.ServletConfig;
+import javax.servlet.ServletException;
+import javax.servlet.http.HttpServletRequest;
+import javax.servlet.http.HttpServletResponse;
+import javax.servlet.http.HttpSession;
+import javax.swing.text.StyleContext.SmallAttributeSet;
+
+import org.apache.commons.lang.StringEscapeUtils;
+import org.opensaml.saml2.metadata.RequestedAttribute;
+
+import at.gv.egovernment.moa.id.AuthenticationException;
+import at.gv.egovernment.moa.id.MOAIDException;
+import at.gv.egovernment.moa.id.auth.AuthenticationServer;
+import at.gv.egovernment.moa.id.auth.MOAIDAuthInitializer;
+import at.gv.egovernment.moa.id.auth.WrongParametersException;
+import at.gv.egovernment.moa.id.auth.data.AuthenticationSession;
+import at.gv.egovernment.moa.id.auth.stork.STORKAuthnRequestProcessor;
+import at.gv.egovernment.moa.id.commons.db.ex.MOADatabaseException;
+import at.gv.egovernment.moa.id.config.auth.AuthConfigurationProvider;
+import at.gv.egovernment.moa.id.config.auth.OAAuthParameter;
+import at.gv.egovernment.moa.id.config.stork.CPEPS;
+import at.gv.egovernment.moa.id.config.stork.STORKConfig;
+import at.gv.egovernment.moa.id.moduls.AuthenticationManager;
+import at.gv.egovernment.moa.id.moduls.IRequest;
+import at.gv.egovernment.moa.id.moduls.RequestStorage;
+import at.gv.egovernment.moa.id.moduls.SSOManager;
+import at.gv.egovernment.moa.id.protocols.saml1.SAML1Protocol;
+import at.gv.egovernment.moa.id.storage.AuthenticationSessionStoreage;
+import at.gv.egovernment.moa.id.util.HTTPUtils;
+import at.gv.egovernment.moa.id.util.MOAIDMessageProvider;
+import at.gv.egovernment.moa.id.util.ParamValidatorUtils;
+import at.gv.egovernment.moa.logging.Logger;
+import at.gv.egovernment.moa.util.StringUtils;
+import eu.stork.mw.messages.saml.STORKAuthnRequest;
+import eu.stork.vidp.messages.builder.STORKMessagesBuilder;
+import eu.stork.vidp.messages.exception.SAMLException;
+import eu.stork.vidp.messages.exception.SAMLValidationException;
+import eu.stork.vidp.messages.stork.QualityAuthenticationAssuranceLevel;
+import eu.stork.vidp.messages.stork.RequestedAttributes;
+
+public class LogOutServlet extends AuthServlet {
+
+ private static final long serialVersionUID = 3908001651893673395L;
+
+ private static final String REDIRECT_URL = "redirect";
+
+ protected void doGet(HttpServletRequest req, HttpServletResponse resp)
+ throws ServletException, IOException {
+
+ Logger.debug("receive LogOut Request");
+
+ String redirectUrl = (String) req.getParameter(REDIRECT_URL);
+
+ SSOManager ssomanager = SSOManager.getInstance();
+
+ try {
+ //get SSO token from request
+ String ssoid = ssomanager.getSSOSessionID(req);
+
+ if (ssomanager.isValidSSOSession(ssoid, req)) {
+
+ //TODO: Single LogOut Implementation
+
+ //delete SSO session and MOA session
+ AuthenticationManager authmanager = AuthenticationManager.getInstance();
+ String moasessionid = AuthenticationSessionStoreage.getMOASessionID(ssoid);
+
+ RequestStorage.removePendingRequest(RequestStorage.getPendingRequest(req.getSession()),
+ AuthenticationSessionStoreage.getPendingRequestID(moasessionid));
+
+ authmanager.logout(req, resp, moasessionid);
+ Logger.info("User with SSO Id " + ssoid + " is logged out and get redirect to "+ redirectUrl);
+ } else {
+ Logger.info("No active SSO session found. User is maybe logout already and get redirect to "+ redirectUrl);
+ }
+
+ //Remove SSO token
+ ssomanager.deleteSSOSessionID(req, resp);
+
+ } catch (Exception e) {
+ Logger.warn(LogOutServlet.class.getName() + " has an LogOut Error. Redirect to Applikation " + redirectUrl, e);
+ }
+
+ //Redirect to Application
+ resp.setStatus(301);
+ resp.addHeader("Location", redirectUrl);
+ }
+
+
+ protected void doPost(HttpServletRequest req, HttpServletResponse resp)
+ throws ServletException, IOException {
+
+ doGet(req, resp);
+ }
+
+
+ /**
+ * Calls the web application initializer.
+ *
+ * @see javax.servlet.Servlet#init(ServletConfig)
+ */
+ public void init(ServletConfig servletConfig) throws ServletException {
+ try {
+ super.init(servletConfig);
+ MOAIDAuthInitializer.initialize();
+ Logger.info(MOAIDMessageProvider.getInstance().getMessage("init.00", null));
+ }
+ catch (Exception ex) {
+ Logger.fatal(MOAIDMessageProvider.getInstance().getMessage("init.02", null), ex);
+ throw new ServletException(ex);
+ }
+ }
+
+}
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/PEPSConnectorServlet.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/PEPSConnectorServlet.java
index 4ec894d47..f6412f897 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/PEPSConnectorServlet.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/PEPSConnectorServlet.java
@@ -23,11 +23,13 @@ import at.gv.egovernment.moa.id.auth.data.ExtendedSAMLAttribute;
import at.gv.egovernment.moa.id.auth.data.IdentityLink;
import at.gv.egovernment.moa.id.auth.stork.STORKException;
import at.gv.egovernment.moa.id.auth.stork.STORKResponseProcessor;
+import at.gv.egovernment.moa.id.commons.db.ex.MOADatabaseException;
+import at.gv.egovernment.moa.id.moduls.ModulUtils;
+import at.gv.egovernment.moa.id.storage.AuthenticationSessionStoreage;
import at.gv.egovernment.moa.id.util.HTTPUtils;
import at.gv.egovernment.moa.logging.Logger;
import at.gv.egovernment.moa.util.DOMUtils;
import at.gv.egovernment.moa.util.StringUtils;
-import at.gv.egovernment.moa.util.URLEncoder;
import eu.stork.mw.messages.saml.STORKAuthnRequest;
import eu.stork.mw.messages.saml.STORKResponse;
import eu.stork.vidp.messages.util.XMLUtil;
@@ -54,6 +56,8 @@ public class PEPSConnectorServlet extends AuthServlet {
*/
protected void doPost(HttpServletRequest request, HttpServletResponse response) throws ServletException, IOException {
+ String pendingRequestID = null;
+
try {
Logger.info("PEPSConnector Servlet invoked, expecting C-PEPS message.");
@@ -78,6 +82,8 @@ public class PEPSConnectorServlet extends AuthServlet {
httpSession.invalidate();
}
+ pendingRequestID = AuthenticationSessionStoreage.getPendingRequestID(moaSessionID);
+
Logger.info("Found MOA sessionID: " + moaSessionID);
Logger.debug("Beginning to extract SAMLResponse out of HTTP Request");
@@ -194,21 +200,39 @@ public class PEPSConnectorServlet extends AuthServlet {
Logger.debug("Starting to assemble MOA assertion");
//produce MOA-Assertion and artifact
String samlArtifactBase64 =
- AuthenticationServer.getInstance().getForeignAuthenticationData(moaSessionID);
+ AuthenticationServer.getInstance().getForeignAuthenticationData(moaSession);
Logger.info("MOA assertion assembled and SAML Artifact generated.");
+ //session is implicit stored in changeSessionID!!!!
+ String newMOASessionID = AuthenticationSessionStoreage.changeSessionID(moaSession);
+
+ Logger.info("Changed MOASession " + moaSessionID + " to Session " + newMOASessionID);
+ Logger.info("Daten angelegt zu MOASession " + newMOASessionID);
+
//redirect
String redirectURL = null;
if (!samlArtifactBase64.equals("Redirect to Input Processor")) {
- redirectURL = moaSession.getOAURLRequested();
+ /*redirectURL = moaSession.getOAURLRequested();
if (!moaSession.getBusinessService()) {
redirectURL = addURLParameter(redirectURL, PARAM_TARGET, URLEncoder.encode(moaSession.getTarget(), "UTF-8"));
}
redirectURL = addURLParameter(redirectURL, PARAM_SAMLARTIFACT, URLEncoder.encode(samlArtifactBase64, "UTF-8"));
+ redirectURL = response.encodeRedirectURL(redirectURL);*/
+
+ redirectURL = new DataURLBuilder().buildDataURL(moaSession.getAuthURL(),
+ ModulUtils.buildAuthURL(moaSession.getModul(), moaSession.getAction(), pendingRequestID), newMOASessionID);
redirectURL = response.encodeRedirectURL(redirectURL);
} else {
- redirectURL = new DataURLBuilder().buildDataURL(moaSession.getAuthURL(), AuthenticationServer.REQ_PROCESS_VALIDATOR_INPUT, moaSession.getSessionID());
+
+ redirectURL = new DataURLBuilder().buildDataURL(moaSession.getAuthURL(), AuthenticationServer.REQ_PROCESS_VALIDATOR_INPUT, newMOASessionID);
}
+
+ try {
+ AuthenticationSessionStoreage.storeSession(moaSession);
+ } catch (MOADatabaseException e) {
+ throw new MOAIDException("Session store error", null);
+ }
+
response.setContentType("text/html");
response.setStatus(302);
response.addHeader("Location", redirectURL);
@@ -217,9 +241,9 @@ public class PEPSConnectorServlet extends AuthServlet {
} catch (AuthenticationException e) {
- handleError(null, e, request, response);
+ handleError(null, e, request, response, pendingRequestID);
} catch (MOAIDException e) {
- handleError(null, e, request, response);
+ handleError(null, e, request, response, pendingRequestID);
}
}
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/ProcessValidatorInputServlet.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/ProcessValidatorInputServlet.java
index b5c57d5cf..ba8698934 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/ProcessValidatorInputServlet.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/ProcessValidatorInputServlet.java
@@ -46,8 +46,10 @@ import at.gv.egovernment.moa.id.auth.data.AuthenticationSession;
import at.gv.egovernment.moa.id.auth.validator.InfoboxValidator;
import at.gv.egovernment.moa.id.auth.validator.ValidateException;
import at.gv.egovernment.moa.id.auth.validator.parep.ParepUtils;
+import at.gv.egovernment.moa.id.commons.db.ex.MOADatabaseException;
import at.gv.egovernment.moa.id.config.auth.AuthConfigurationProvider;
import at.gv.egovernment.moa.id.config.auth.OAAuthParameter;
+import at.gv.egovernment.moa.id.storage.AuthenticationSessionStoreage;
import at.gv.egovernment.moa.id.util.ParamValidatorUtils;
import at.gv.egovernment.moa.logging.Logger;
import at.gv.egovernment.moa.util.FileUtils;
@@ -133,7 +135,7 @@ public class ProcessValidatorInputServlet extends AuthServlet {
handleWrongParameters(ex, req, resp);
}
catch (MOAIDException ex) {
- handleError(null, ex, req, resp);
+ handleError(null, ex, req, resp, null); //TODO: is this Class required?
}
}
@@ -145,114 +147,122 @@ public class ProcessValidatorInputServlet extends AuthServlet {
protected void doPost(HttpServletRequest req, HttpServletResponse resp)
throws ServletException, IOException {
- Logger.debug("POST ProcessInput");
-
- resp.setHeader(MOAIDAuthConstants.HEADER_EXPIRES,MOAIDAuthConstants.HEADER_VALUE_EXPIRES);
- resp.setHeader(MOAIDAuthConstants.HEADER_PRAGMA,MOAIDAuthConstants.HEADER_VALUE_PRAGMA);
- resp.setHeader(MOAIDAuthConstants.HEADER_CACHE_CONTROL,MOAIDAuthConstants.HEADER_VALUE_CACHE_CONTROL);
- resp.addHeader(MOAIDAuthConstants.HEADER_CACHE_CONTROL,MOAIDAuthConstants.HEADER_VALUE_CACHE_CONTROL_IE);
-
- Map parameters;
- try {
- parameters = getParameters(req);
- } catch (FileUploadException e) {
- Logger.error("Parsing mulitpart/form-data request parameters failed: " + e.getMessage());
- throw new IOException(e.getMessage());
- }
-
- String sessionID = req.getParameter(PARAM_SESSIONID);
- if (sessionID==null) sessionID = (String) req.getAttribute(PARAM_SESSIONID);
- if (sessionID==null) sessionID = (String) parameters.get(PARAM_SESSIONID);
- if (sessionID==null) sessionID = (String) parameters.get(PARAM_SESSIONID+"_");
-
- // escape parameter strings
- sessionID = StringEscapeUtils.escapeHtml(sessionID);
-
- try {
-
- if (!ParamValidatorUtils.isValidSessionID(sessionID))
- throw new WrongParametersException("ProcessInput", PARAM_SESSIONID, "auth.12");
-
- AuthenticationSession session = AuthenticationServer.getSession(sessionID);
- AuthenticationServer.processInput(session, parameters);
- String createXMLSignatureRequestOrRedirect = AuthenticationServer.getInstance().getCreateXMLSignatureRequestAuthBlockOrRedirect(session, null, null);
- if (!createXMLSignatureRequestOrRedirect.startsWith("Redirect")) {
- // Now sign the AUTH Block
- String dataURL = new DataURLBuilder().buildDataURL(
- session.getAuthURL(), AuthenticationServer.REQ_VERIFY_AUTH_BLOCK, sessionID);
-
- String htmlForm = null;
-
- boolean doInputProcessorSign = false; // If sign process should be within an extra form, provide a parameter. Otherwise transport through security layer is assumed
-
- String inputProcessorSignForm = req.getParameter("Sign_Form");
- if (inputProcessorSignForm==null) inputProcessorSignForm = (String) req.getAttribute("Sign_Form");
- if (inputProcessorSignForm==null) inputProcessorSignForm = (String) parameters.get("Sign_Form");
- if (inputProcessorSignForm==null) inputProcessorSignForm = (String) parameters.get("Sign_Form_");
- // escape parameter strings
- inputProcessorSignForm = StringEscapeUtils.escapeHtml(inputProcessorSignForm);
- if (!ParepUtils.isEmpty(inputProcessorSignForm)) doInputProcessorSign = inputProcessorSignForm.equalsIgnoreCase("true");
- if (doInputProcessorSign) {
- // Test if we have a user input form sign template
-
- String inputProcessorSignTemplateURL = req.getParameter(PARAM_INPUT_PROCESSOR_SIGN_TEMPLATE);
-
- if (!ParamValidatorUtils.isValidSignUrl(inputProcessorSignTemplateURL))
- throw new WrongParametersException("ProcessInput", PARAM_INPUT_PROCESSOR_SIGN_TEMPLATE, "auth.12");
-
- String inputProcessorSignTemplate = null;
- OAAuthParameter oaParam =
- AuthConfigurationProvider.getInstance().getOnlineApplicationParameter(session.getOAURLRequested());
- // override template url by url from configuration file
- if (oaParam.getInputProcessorSignTemplateURL() != null) {
- inputProcessorSignTemplateURL = oaParam.getInputProcessorSignTemplateURL();
- }
- if (inputProcessorSignTemplateURL != null) {
- try {
- inputProcessorSignTemplate = new String(FileUtils.readURL(inputProcessorSignTemplateURL));
- } catch (IOException ex) {
- throw new AuthenticationException(
- "auth.03",
- new Object[] { inputProcessorSignTemplateURL, ex.toString()},
- ex);
- }
- }
-
- htmlForm = new GetVerifyAuthBlockFormBuilder().build(
- inputProcessorSignTemplate, session.getBkuURL(), createXMLSignatureRequestOrRedirect, dataURL, session.getPushInfobox());
- htmlForm = ParepUtils.replaceAll(htmlForm, "<BASE_href>", session.getAuthURL());
- htmlForm = ParepUtils.replaceAll(htmlForm, "<MOASessionID>", sessionID);
- htmlForm = ParepUtils.replaceAll(htmlForm, "<BKU>", session.getBkuURL());
- htmlForm = ParepUtils.replaceAll(htmlForm, "<DataURL>", dataURL);
- htmlForm = ParepUtils.replaceAll(htmlForm, "<PushInfobox>", session.getPushInfobox());
- resp.setContentType("text/html;charset=UTF-8");
- } else {
- htmlForm = createXMLSignatureRequestOrRedirect;
- resp.setStatus(307);
- resp.addHeader("Location", dataURL);
- //TODO test impact of explicit setting charset with older versions of BKUs (HotSign)
- resp.setContentType("text/xml;charset=UTF-8");
- }
-
- OutputStream out = resp.getOutputStream();
- out.write(htmlForm.getBytes("UTF-8"));
- out.flush();
- out.close();
- Logger.debug("Finished POST ProcessInput");
- } else {
- String redirectURL = new DataURLBuilder().buildDataURL(session.getAuthURL(), AuthenticationServer.REQ_PROCESS_VALIDATOR_INPUT, session.getSessionID());
- resp.setContentType("text/html");
- resp.setStatus(302);
- resp.addHeader("Location", redirectURL);
- Logger.debug("REDIRECT TO: " + redirectURL);
- }
- }
- catch (WrongParametersException ex) {
- handleWrongParameters(ex, req, resp);
- }
- catch (MOAIDException ex) {
- handleError(null, ex, req, resp);
- }
+// Logger.debug("POST ProcessInput");
+//
+// resp.setHeader(MOAIDAuthConstants.HEADER_EXPIRES,MOAIDAuthConstants.HEADER_VALUE_EXPIRES);
+// resp.setHeader(MOAIDAuthConstants.HEADER_PRAGMA,MOAIDAuthConstants.HEADER_VALUE_PRAGMA);
+// resp.setHeader(MOAIDAuthConstants.HEADER_CACHE_CONTROL,MOAIDAuthConstants.HEADER_VALUE_CACHE_CONTROL);
+// resp.addHeader(MOAIDAuthConstants.HEADER_CACHE_CONTROL,MOAIDAuthConstants.HEADER_VALUE_CACHE_CONTROL_IE);
+//
+// Map parameters;
+// try {
+// parameters = getParameters(req);
+// } catch (FileUploadException e) {
+// Logger.error("Parsing mulitpart/form-data request parameters failed: " + e.getMessage());
+// throw new IOException(e.getMessage());
+// }
+//
+// String sessionID = req.getParameter(PARAM_SESSIONID);
+// if (sessionID==null) sessionID = (String) req.getAttribute(PARAM_SESSIONID);
+// if (sessionID==null) sessionID = (String) parameters.get(PARAM_SESSIONID);
+// if (sessionID==null) sessionID = (String) parameters.get(PARAM_SESSIONID+"_");
+//
+// // escape parameter strings
+// sessionID = StringEscapeUtils.escapeHtml(sessionID);
+//
+// try {
+//
+// if (!ParamValidatorUtils.isValidSessionID(sessionID))
+// throw new WrongParametersException("ProcessInput", PARAM_SESSIONID, "auth.12");
+//
+// AuthenticationSession session = AuthenticationServer.getSession(sessionID);
+// AuthenticationServer.processInput(session, parameters);
+// String createXMLSignatureRequestOrRedirect = AuthenticationServer.getInstance().getCreateXMLSignatureRequestAuthBlockOrRedirect(session, null, null);
+// if (!createXMLSignatureRequestOrRedirect.startsWith("Redirect")) {
+// // Now sign the AUTH Block
+// String dataURL = new DataURLBuilder().buildDataURL(
+// session.getAuthURL(), AuthenticationServer.REQ_VERIFY_AUTH_BLOCK, sessionID);
+//
+// String htmlForm = null;
+//
+// boolean doInputProcessorSign = false; // If sign process should be within an extra form, provide a parameter. Otherwise transport through security layer is assumed
+//
+// String inputProcessorSignForm = req.getParameter("Sign_Form");
+// if (inputProcessorSignForm==null) inputProcessorSignForm = (String) req.getAttribute("Sign_Form");
+// if (inputProcessorSignForm==null) inputProcessorSignForm = (String) parameters.get("Sign_Form");
+// if (inputProcessorSignForm==null) inputProcessorSignForm = (String) parameters.get("Sign_Form_");
+// // escape parameter strings
+// inputProcessorSignForm = StringEscapeUtils.escapeHtml(inputProcessorSignForm);
+// if (!ParepUtils.isEmpty(inputProcessorSignForm)) doInputProcessorSign = inputProcessorSignForm.equalsIgnoreCase("true");
+// if (doInputProcessorSign) {
+// // Test if we have a user input form sign template
+//
+// String inputProcessorSignTemplateURL = req.getParameter(PARAM_INPUT_PROCESSOR_SIGN_TEMPLATE);
+//
+// if (!ParamValidatorUtils.isValidSignUrl(inputProcessorSignTemplateURL))
+// throw new WrongParametersException("ProcessInput", PARAM_INPUT_PROCESSOR_SIGN_TEMPLATE, "auth.12");
+//
+// String inputProcessorSignTemplate = null;
+// OAAuthParameter oaParam =
+// AuthConfigurationProvider.getInstance().getOnlineApplicationParameter(session.getOAURLRequested());
+// // override template url by url from configuration file
+// if (oaParam.getInputProcessorSignTemplateURL() != null) {
+// inputProcessorSignTemplateURL = oaParam.getInputProcessorSignTemplateURL();
+// }
+// if (inputProcessorSignTemplateURL != null) {
+// try {
+// inputProcessorSignTemplate = new String(FileUtils.readURL(inputProcessorSignTemplateURL));
+// } catch (IOException ex) {
+// throw new AuthenticationException(
+// "auth.03",
+// new Object[] { inputProcessorSignTemplateURL, ex.toString()},
+// ex);
+// }
+// }
+//
+// htmlForm = new GetVerifyAuthBlockFormBuilder().build(
+// inputProcessorSignTemplate, session.getBkuURL(), createXMLSignatureRequestOrRedirect, dataURL, session.getPushInfobox());
+// htmlForm = ParepUtils.replaceAll(htmlForm, "<BASE_href>", session.getAuthURL());
+// htmlForm = ParepUtils.replaceAll(htmlForm, "<MOASessionID>", sessionID);
+// htmlForm = ParepUtils.replaceAll(htmlForm, "<BKU>", session.getBkuURL());
+// htmlForm = ParepUtils.replaceAll(htmlForm, "<DataURL>", dataURL);
+// htmlForm = ParepUtils.replaceAll(htmlForm, "<PushInfobox>", session.getPushInfobox());
+// resp.setContentType("text/html;charset=UTF-8");
+// } else {
+// htmlForm = createXMLSignatureRequestOrRedirect;
+// resp.setStatus(307);
+// resp.addHeader("Location", dataURL);
+// //TODO test impact of explicit setting charset with older versions of BKUs (HotSign)
+// resp.setContentType("text/xml;charset=UTF-8");
+// }
+//
+// OutputStream out = resp.getOutputStream();
+// out.write(htmlForm.getBytes("UTF-8"));
+// out.flush();
+// out.close();
+// Logger.debug("Finished POST ProcessInput");
+// } else {
+// String redirectURL = new DataURLBuilder().buildDataURL(session.getAuthURL(), AuthenticationServer.REQ_PROCESS_VALIDATOR_INPUT, session.getSessionID());
+// resp.setContentType("text/html");
+// resp.setStatus(302);
+// resp.addHeader("Location", redirectURL);
+// Logger.debug("REDIRECT TO: " + redirectURL);
+// }
+//
+// try {
+// AuthenticationSessionStoreage.storeSession(session);
+//
+// } catch (MOADatabaseException e) {
+// throw new AuthenticationException("", null);
+// }
+//
+// }
+// catch (WrongParametersException ex) {
+// handleWrongParameters(ex, req, resp);
+// }
+// catch (MOAIDException ex) {
+// handleError(null, ex, req, resp);
+// }
}
}
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/RedirectServlet.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/RedirectServlet.java
new file mode 100644
index 000000000..5a0bd33bf
--- /dev/null
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/RedirectServlet.java
@@ -0,0 +1,54 @@
+package at.gv.egovernment.moa.id.auth.servlet;
+
+import java.io.IOException;
+import java.io.PrintWriter;
+
+import javax.servlet.ServletException;
+import javax.servlet.http.HttpServletRequest;
+import javax.servlet.http.HttpServletResponse;
+
+import at.gv.egovernment.moa.id.auth.builder.RedirectFormBuilder;
+import at.gv.egovernment.moa.logging.Logger;
+import at.gv.egovernment.moa.util.MiscUtil;
+import at.gv.egovernment.moa.util.URLEncoder;
+
+
+
+public class RedirectServlet extends AuthServlet{
+
+ private static final long serialVersionUID = 1L;
+
+ public static final String REDIRCT_PARAM_URL = "redirecturl";
+
+
+ protected void doGet(HttpServletRequest req, HttpServletResponse resp)
+ throws ServletException, IOException {
+ Logger.info("Receive " + RedirectServlet.class + " Request");
+
+ String url = req.getParameter(REDIRCT_PARAM_URL);
+ String target = req.getParameter(PARAM_TARGET);
+ String artifact = req.getParameter(PARAM_SAMLARTIFACT);
+
+ Logger.info("Redirect to " + url);
+
+ if (MiscUtil.isNotEmpty(target)) {
+// redirectURL = addURLParameter(redirectURL, PARAM_TARGET,
+// URLEncoder.encode(session.getTarget(), "UTF-8"));
+ url = addURLParameter(url, PARAM_TARGET,
+ URLEncoder.encode(target, "UTF-8"));
+
+
+ }
+ url = addURLParameter(url, PARAM_SAMLARTIFACT,
+ URLEncoder.encode(artifact, "UTF-8"));
+ url = resp.encodeRedirectURL(url);
+
+ String redirect_form = RedirectFormBuilder.buildLoginForm(url);
+
+ resp.setContentType("text/html;charset=UTF-8");
+ PrintWriter out = new PrintWriter(resp.getOutputStream());
+ out.write(redirect_form);
+ out.flush();
+ }
+
+}
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/SSOSendAssertionServlet.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/SSOSendAssertionServlet.java
new file mode 100644
index 000000000..9b559770f
--- /dev/null
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/SSOSendAssertionServlet.java
@@ -0,0 +1,149 @@
+package at.gv.egovernment.moa.id.auth.servlet;
+
+import iaik.util.logging.Log;
+
+import java.io.IOException;
+import java.io.PrintWriter;
+
+import javax.servlet.ServletException;
+import javax.servlet.http.HttpServletRequest;
+import javax.servlet.http.HttpServletResponse;
+import javax.servlet.http.HttpSession;
+
+import org.apache.commons.lang.StringEscapeUtils;
+
+import at.gv.egovernment.moa.id.AuthenticationException;
+import at.gv.egovernment.moa.id.auth.AuthenticationServer;
+import at.gv.egovernment.moa.id.auth.WrongParametersException;
+import at.gv.egovernment.moa.id.auth.builder.DataURLBuilder;
+import at.gv.egovernment.moa.id.auth.builder.RedirectFormBuilder;
+import at.gv.egovernment.moa.id.auth.data.AuthenticationSession;
+import at.gv.egovernment.moa.id.commons.db.ex.MOADatabaseException;
+import at.gv.egovernment.moa.id.moduls.IRequest;
+import at.gv.egovernment.moa.id.moduls.ModulUtils;
+import at.gv.egovernment.moa.id.moduls.RequestStorage;
+import at.gv.egovernment.moa.id.moduls.SSOManager;
+import at.gv.egovernment.moa.id.storage.AuthenticationSessionStoreage;
+import at.gv.egovernment.moa.id.util.ParamValidatorUtils;
+import at.gv.egovernment.moa.logging.Logger;
+import at.gv.egovernment.moa.util.MiscUtil;
+import at.gv.egovernment.moa.util.URLEncoder;
+
+
+
+public class SSOSendAssertionServlet extends AuthServlet{
+
+ private static final long serialVersionUID = 1L;
+
+ private static final String PARAM = "value";
+ private static final String MODULE = "mod";
+ private static final String ACTION = "action";
+ private static final String ID = "identifier";
+
+ protected void doPost(HttpServletRequest req, HttpServletResponse resp)
+ throws ServletException, IOException {
+
+ String id = null;
+ Logger.info("Receive " + SSOSendAssertionServlet.class + " Request");
+ try {
+
+ Object idObject = req.getParameter(ID);
+
+ if (idObject != null && (idObject instanceof String)) {
+ id = (String) idObject;
+ }
+
+ String value = req.getParameter(PARAM);
+ value = StringEscapeUtils.escapeHtml(value);
+ if (!ParamValidatorUtils.isValidUseMandate(value))
+ throw new WrongParametersException("SSOSendAssertionServlet", PARAM, null);
+
+ //get module and action
+ Object moduleObject = req.getParameter(MODULE);
+ String module = null;
+ if (moduleObject != null && (moduleObject instanceof String)) {
+ module = (String) moduleObject;
+ }
+
+
+ Object actionObject = req.getParameter(ACTION);
+ String action = null;
+ if (actionObject != null && (actionObject instanceof String)) {
+ action = (String) actionObject;
+ }
+
+ if (MiscUtil.isEmpty(module) || MiscUtil.isEmpty(action) || MiscUtil.isEmpty(id)) {
+ Logger.warn("No Moduel or Action parameter received!");
+ throw new WrongParametersException("Module or Action is empty", "", "auth.10");
+ }
+
+
+ SSOManager ssomanager = SSOManager.getInstance();
+ //get SSO Cookie for Request
+ String ssoId = ssomanager.getSSOSessionID(req);
+
+ //check SSO session
+ if (ssoId != null) {
+ String correspondingMOASession = ssomanager.existsOldSSOSession(ssoId);
+
+ if (correspondingMOASession != null) {
+ Log.warn("Request sends an old SSO Session ID("+ssoId+")! " +
+ "Invalidate the corresponding MOASession with ID="+ correspondingMOASession);
+
+
+ AuthenticationSessionStoreage.destroySession(correspondingMOASession);
+
+ ssomanager.deleteSSOSessionID(req, resp);
+ }
+ }
+
+ boolean isValidSSOSession = ssomanager.isValidSSOSession(ssoId, req);
+
+ String moaSessionID = null;
+
+ if (isValidSSOSession) {
+
+
+ //check UseMandate flag
+ String valueString = null;;
+ if ((value != null) && (value.compareTo("") != 0)) {
+ valueString = value;
+ } else {
+ valueString = "false";
+ }
+
+ if (valueString.compareToIgnoreCase("true") == 0) {
+ moaSessionID = AuthenticationSessionStoreage.getMOASessionID(ssoId);
+ AuthenticationSession moasession = AuthenticationSessionStoreage.getSession(moaSessionID);
+ AuthenticationSessionStoreage.setAuthenticated(moaSessionID, true);
+
+ String redirectURL = new DataURLBuilder().buildDataURL(moasession.getAuthURL(),
+ ModulUtils.buildAuthURL(module, action, id), "");
+
+ resp.setContentType("text/html");
+ resp.setStatus(302);
+
+ resp.addHeader("Location", redirectURL);
+ Logger.debug("REDIRECT TO: " + redirectURL);
+
+ }
+
+ else {
+ throw new AuthenticationException("auth.21", new Object[] {});
+ }
+
+ } else {
+ handleError("SSO Session is not valid", null, req, resp, id);
+ }
+
+
+ } catch (MOADatabaseException e) {
+ handleError("SSO Session is not found", e, req, resp, id);
+ } catch (WrongParametersException e) {
+ handleError("Parameter is not valid", e, req, resp, id);
+ } catch (AuthenticationException e) {
+ handleError(e.getMessage(), e, req, resp, id);
+ }
+ }
+
+}
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/SelectBKUServlet.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/SelectBKUServlet.java
index d544e2f85..2deece26f 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/SelectBKUServlet.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/SelectBKUServlet.java
@@ -91,94 +91,94 @@ public class SelectBKUServlet extends AuthServlet {
Logger.debug("GET SelectBKU");
- resp.setHeader(MOAIDAuthConstants.HEADER_EXPIRES,MOAIDAuthConstants.HEADER_VALUE_EXPIRES);
- resp.setHeader(MOAIDAuthConstants.HEADER_PRAGMA,MOAIDAuthConstants.HEADER_VALUE_PRAGMA);
- resp.setHeader(MOAIDAuthConstants.HEADER_CACHE_CONTROL,MOAIDAuthConstants.HEADER_VALUE_CACHE_CONTROL);
- resp.addHeader(MOAIDAuthConstants.HEADER_CACHE_CONTROL,MOAIDAuthConstants.HEADER_VALUE_CACHE_CONTROL_IE);
-
- String authURL = req.getScheme() + "://" + req.getServerName();
- if ((req.getScheme().equalsIgnoreCase("https") && req.getServerPort()!=443) || (req.getScheme().equalsIgnoreCase("http") && req.getServerPort()!=80)) {
- authURL = authURL.concat(":" + req.getServerPort());
- }
- authURL = authURL.concat(req.getContextPath() + "/");
-
- String target = req.getParameter(PARAM_TARGET);
- String oaURL = req.getParameter(PARAM_OA);
- String bkuSelectionTemplateURL = req.getParameter(PARAM_BKUTEMPLATE);
- String templateURL = req.getParameter(PARAM_TEMPLATE);
-
- // escape parameter strings
- target = StringEscapeUtils.escapeHtml(target);
- oaURL = StringEscapeUtils.escapeHtml(oaURL);
- templateURL = StringEscapeUtils.escapeHtml(templateURL);
- bkuSelectionTemplateURL = StringEscapeUtils.escapeHtml(bkuSelectionTemplateURL);
-
-
- resp.setHeader(HEADER_EXPIRES,HEADER_VALUE_EXPIRES);
- resp.setHeader(HEADER_PRAGMA,HEADER_VALUE_PRAGMA);
- resp.setHeader(HEADER_CACHE_CONTROL,HEADER_VALUE_CACHE_CONTROL);
- resp.addHeader(HEADER_CACHE_CONTROL,HEADER_VALUE_CACHE_CONTROL_IE);
-
- try {
-
- // check parameter
- if (!ParamValidatorUtils.isValidOA(oaURL))
- throw new WrongParametersException("SelectBKU", PARAM_OA, "auth.12");
- if (!ParamValidatorUtils.isValidTemplate(req, templateURL))
- throw new WrongParametersException("SelectBKU", PARAM_TEMPLATE, "auth.12");
- if (!ParamValidatorUtils.isValidTemplate(req, bkuSelectionTemplateURL))
- throw new WrongParametersException("SelectBKU", PARAM_TEMPLATE, "auth.12");
-
- if (!ParamValidatorUtils.isValidTarget(target))
- throw new WrongParametersException("SelectBKU", PARAM_TARGET, "auth.12");
-
- OAAuthParameter oaParam =
- AuthConfigurationProvider.getInstance().getOnlineApplicationParameter(oaURL);
- if (oaParam == null)
- throw new AuthenticationException("auth.00", new Object[] { oaURL });
-
- // get target and target friendly name from config
- String targetConfig = oaParam.getTarget();
-
- String returnValue = null;
- if (StringUtils.isEmpty(targetConfig)) {
- // no target attribut is given in OA config
- // target is used from request
- // check parameter
- if (!ParamValidatorUtils.isValidTarget(target))
- throw new WrongParametersException("StartAuthentication", PARAM_TARGET, "auth.12");
-
- returnValue = AuthenticationServer.getInstance().selectBKU(authURL, target, oaURL, bkuSelectionTemplateURL, templateURL);
- }
- else {
- // use target from config
- returnValue = AuthenticationServer.getInstance().selectBKU(authURL, targetConfig, oaURL, bkuSelectionTemplateURL, templateURL);
- }
-
-
- String bkuSelectionType = AuthConfigurationProvider.getInstance().getBKUSelectionType();
- if (bkuSelectionType.equals(AuthConfigurationProvider.BKU_SELECTION_TYPE_HTMLCOMPLETE)) {
- // bkuSelectionType==HTMLComplete
- String redirectURL = returnValue;
- resp.setContentType("text/html");
- resp.sendRedirect(redirectURL);
- Logger.info("REDIRECT TO: " + redirectURL);
- } else {
- // bkuSelectionType==HTMLSelect
- String htmlForm = returnValue;
- resp.setContentType("text/html;charset=UTF-8");
- Logger.debug("HTML-Form: " + htmlForm);
- Writer out = new OutputStreamWriter(resp.getOutputStream(), "UTF8");
- out.write(htmlForm);
- out.flush();
- Logger.debug("Finished GET SelectBKU");
- }
- }
- catch (WrongParametersException ex) {
- handleWrongParameters(ex, req, resp);
- }
- catch (Throwable ex) {
- handleError(null, ex, req, resp);
- }
+// resp.setHeader(MOAIDAuthConstants.HEADER_EXPIRES,MOAIDAuthConstants.HEADER_VALUE_EXPIRES);
+// resp.setHeader(MOAIDAuthConstants.HEADER_PRAGMA,MOAIDAuthConstants.HEADER_VALUE_PRAGMA);
+// resp.setHeader(MOAIDAuthConstants.HEADER_CACHE_CONTROL,MOAIDAuthConstants.HEADER_VALUE_CACHE_CONTROL);
+// resp.addHeader(MOAIDAuthConstants.HEADER_CACHE_CONTROL,MOAIDAuthConstants.HEADER_VALUE_CACHE_CONTROL_IE);
+//
+// String authURL = req.getScheme() + "://" + req.getServerName();
+// if ((req.getScheme().equalsIgnoreCase("https") && req.getServerPort()!=443) || (req.getScheme().equalsIgnoreCase("http") && req.getServerPort()!=80)) {
+// authURL = authURL.concat(":" + req.getServerPort());
+// }
+// authURL = authURL.concat(req.getContextPath() + "/");
+//
+// String target = req.getParameter(PARAM_TARGET);
+// String oaURL = req.getParameter(PARAM_OA);
+// String bkuSelectionTemplateURL = req.getParameter(PARAM_BKUTEMPLATE);
+// String templateURL = req.getParameter(PARAM_TEMPLATE);
+//
+// // escape parameter strings
+// target = StringEscapeUtils.escapeHtml(target);
+// oaURL = StringEscapeUtils.escapeHtml(oaURL);
+// templateURL = StringEscapeUtils.escapeHtml(templateURL);
+// bkuSelectionTemplateURL = StringEscapeUtils.escapeHtml(bkuSelectionTemplateURL);
+//
+//
+// resp.setHeader(HEADER_EXPIRES,HEADER_VALUE_EXPIRES);
+// resp.setHeader(HEADER_PRAGMA,HEADER_VALUE_PRAGMA);
+// resp.setHeader(HEADER_CACHE_CONTROL,HEADER_VALUE_CACHE_CONTROL);
+// resp.addHeader(HEADER_CACHE_CONTROL,HEADER_VALUE_CACHE_CONTROL_IE);
+//
+// try {
+//
+// // check parameter
+// if (!ParamValidatorUtils.isValidOA(oaURL))
+// throw new WrongParametersException("SelectBKU", PARAM_OA, "auth.12");
+// if (!ParamValidatorUtils.isValidTemplate(req, templateURL))
+// throw new WrongParametersException("SelectBKU", PARAM_TEMPLATE, "auth.12");
+// if (!ParamValidatorUtils.isValidTemplate(req, bkuSelectionTemplateURL))
+// throw new WrongParametersException("SelectBKU", PARAM_TEMPLATE, "auth.12");
+//
+// if (!ParamValidatorUtils.isValidTarget(target))
+// throw new WrongParametersException("SelectBKU", PARAM_TARGET, "auth.12");
+//
+// OAAuthParameter oaParam =
+// AuthConfigurationProvider.getInstance().getOnlineApplicationParameter(oaURL);
+// if (oaParam == null)
+// throw new AuthenticationException("auth.00", new Object[] { oaURL });
+//
+// // get target and target friendly name from config
+// String targetConfig = oaParam.getTarget();
+//
+// String returnValue = null;
+// if (StringUtils.isEmpty(targetConfig)) {
+// // no target attribut is given in OA config
+// // target is used from request
+// // check parameter
+// if (!ParamValidatorUtils.isValidTarget(target))
+// throw new WrongParametersException("StartAuthentication", PARAM_TARGET, "auth.12");
+//
+// returnValue = AuthenticationServer.getInstance().selectBKU(authURL, target, oaURL, bkuSelectionTemplateURL, templateURL);
+// }
+// else {
+// // use target from config
+// returnValue = AuthenticationServer.getInstance().selectBKU(authURL, targetConfig, oaURL, bkuSelectionTemplateURL, templateURL);
+// }
+//
+//
+// String bkuSelectionType = AuthConfigurationProvider.getInstance().getBKUSelectionType();
+// if (bkuSelectionType.equals(AuthConfigurationProvider.BKU_SELECTION_TYPE_HTMLCOMPLETE)) {
+// // bkuSelectionType==HTMLComplete
+// String redirectURL = returnValue;
+// resp.setContentType("text/html");
+// resp.sendRedirect(redirectURL);
+// Logger.info("REDIRECT TO: " + redirectURL);
+// } else {
+// // bkuSelectionType==HTMLSelect
+// String htmlForm = returnValue;
+// resp.setContentType("text/html;charset=UTF-8");
+// Logger.debug("HTML-Form: " + htmlForm);
+// Writer out = new OutputStreamWriter(resp.getOutputStream(), "UTF8");
+// out.write(htmlForm);
+// out.flush();
+// Logger.debug("Finished GET SelectBKU");
+// }
+// }
+// catch (WrongParametersException ex) {
+// handleWrongParameters(ex, req, resp);
+// }
+// catch (Throwable ex) {
+// handleError(null, ex, req, resp);
+// }
}
}
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/StartAuthenticationServlet.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/StartAuthenticationServlet.java
deleted file mode 100644
index 012ed4c14..000000000
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/StartAuthenticationServlet.java
+++ /dev/null
@@ -1,224 +0,0 @@
-/*
- * Copyright 2003 Federal Chancellery Austria
- * MOA-ID has been developed in a cooperation between BRZ, the Federal
- * Chancellery Austria - ICT staff unit, and Graz University of Technology.
- *
- * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by
- * the European Commission - subsequent versions of the EUPL (the "Licence");
- * You may not use this work except in compliance with the Licence.
- * You may obtain a copy of the Licence at:
- * http://www.osor.eu/eupl/
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the Licence is distributed on an "AS IS" basis,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the Licence for the specific language governing permissions and
- * limitations under the Licence.
- *
- * This product combines work with different licenses. See the "NOTICE" text
- * file for details on the various modules and licenses.
- * The "NOTICE" text file is part of the distribution. Any derivative works
- * that you distribute must include a readable copy of the "NOTICE" text file.
- */
-
-
-package at.gv.egovernment.moa.id.auth.servlet;
-
-import java.io.IOException;
-import java.io.PrintWriter;
-import java.util.List;
-
-import javax.servlet.ServletConfig;
-import javax.servlet.ServletException;
-import javax.servlet.http.HttpServletRequest;
-import javax.servlet.http.HttpServletResponse;
-
-import org.apache.commons.lang.StringEscapeUtils;
-import org.opensaml.saml2.metadata.RequestedAttribute;
-
-import at.gv.egovernment.moa.id.AuthenticationException;
-import at.gv.egovernment.moa.id.MOAIDException;
-import at.gv.egovernment.moa.id.auth.AuthenticationServer;
-import at.gv.egovernment.moa.id.auth.MOAIDAuthInitializer;
-import at.gv.egovernment.moa.id.auth.WrongParametersException;
-import at.gv.egovernment.moa.id.auth.stork.STORKAuthnRequestProcessor;
-import at.gv.egovernment.moa.id.config.auth.AuthConfigurationProvider;
-import at.gv.egovernment.moa.id.config.auth.OAAuthParameter;
-import at.gv.egovernment.moa.id.config.stork.CPEPS;
-import at.gv.egovernment.moa.id.config.stork.STORKConfig;
-import at.gv.egovernment.moa.id.util.HTTPUtils;
-import at.gv.egovernment.moa.id.util.MOAIDMessageProvider;
-import at.gv.egovernment.moa.id.util.ParamValidatorUtils;
-import at.gv.egovernment.moa.logging.Logger;
-import at.gv.egovernment.moa.util.StringUtils;
-import eu.stork.mw.messages.saml.STORKAuthnRequest;
-import eu.stork.vidp.messages.builder.STORKMessagesBuilder;
-import eu.stork.vidp.messages.exception.SAMLException;
-import eu.stork.vidp.messages.exception.SAMLValidationException;
-import eu.stork.vidp.messages.stork.QualityAuthenticationAssuranceLevel;
-import eu.stork.vidp.messages.stork.RequestedAttributes;
-
-/**
- * Servlet requested for starting a MOA ID authentication session.
- * Utilizes the {@link AuthenticationServer}.
- *
- * @author Paul Ivancsics
- * @version $Id$
- * @see AuthenticationServer#startAuthentication
- */
-public class StartAuthenticationServlet extends AuthServlet {
-
- /**
- *
- */
- private static final long serialVersionUID = 3908001651893673395L;
-
-
-/**
- * Responds with an HTML form which upon submit requests the identity link
- * from the security layer implementation.
- * <br>
- * Response:
- * <ul>
- * <li>Content type: <code>"text/html"</code></li>
- * <li>Content: see return value of {@link AuthenticationServer#startAuthentication}</li>
- * <li>Error status: <code>500</code>
- * </ul>
- * @see javax.servlet.http.HttpServlet#doGet(HttpServletRequest, HttpServletResponse)
- */
- protected void doGet(HttpServletRequest req, HttpServletResponse resp)
- throws ServletException, IOException {
-
- Logger.debug("GET StartAuthentication");
- String authURL = req.getScheme() + "://" + req.getServerName();
- if ((req.getScheme().equalsIgnoreCase("https") && req.getServerPort()!=443) || (req.getScheme().equalsIgnoreCase("http") && req.getServerPort()!=80)) {
- authURL = authURL.concat(":" + req.getServerPort());
- }
- authURL = authURL.concat(req.getContextPath() + "/");
-
- String target = req.getParameter(PARAM_TARGET);
- String sourceID = req.getParameter(PARAM_SOURCEID);
- String oaURL = req.getParameter(PARAM_OA);
- String bkuURL = req.getParameter(PARAM_BKU);
- String templateURL = req.getParameter(PARAM_TEMPLATE);
- String sessionID = req.getParameter(PARAM_SESSIONID);
- String useMandate = req.getParameter(PARAM_USEMANDATE);
- String ccc = req.getParameter(PARAM_CCC);
-
- // escape parameter strings
- target = StringEscapeUtils.escapeHtml(target);
- sourceID = StringEscapeUtils.escapeHtml(sourceID);
- oaURL = StringEscapeUtils.escapeHtml(oaURL);
- bkuURL = StringEscapeUtils.escapeHtml(bkuURL);
- templateURL = StringEscapeUtils.escapeHtml(templateURL);
- sessionID = StringEscapeUtils.escapeHtml(sessionID);
- useMandate = StringEscapeUtils.escapeHtml(useMandate);
- ccc = StringEscapeUtils.escapeHtml(ccc);
-
- setNoCachingHeadersInHttpRespone(req, resp);
-
-
- try {
- // check parameter
- if (!ParamValidatorUtils.isValidOA(oaURL))
- throw new WrongParametersException("StartAuthentication", PARAM_OA, "auth.12");
- if (!ParamValidatorUtils.isValidBKUURI(bkuURL))
- throw new WrongParametersException("StartAuthentication", PARAM_BKU, "auth.12");
- if (!ParamValidatorUtils.isValidTemplate(req, templateURL))
- throw new WrongParametersException("StartAuthentication", PARAM_TEMPLATE, "auth.12");
- if (!ParamValidatorUtils.isValidSessionID(sessionID))
- throw new WrongParametersException("StartAuthentication", PARAM_SESSIONID, "auth.12");
- if (!ParamValidatorUtils.isValidUseMandate(useMandate))
- throw new WrongParametersException("StartAuthentication", PARAM_USEMANDATE, "auth.12");
- if (!ParamValidatorUtils.isValidSourceID(sourceID))
- throw new WrongParametersException("StartAuthentication", PARAM_SOURCEID, "auth.12");
- if (!ParamValidatorUtils.isValidCCC(ccc))
- throw new WrongParametersException("StartAuthentication", PARAM_CCC, "auth.12");
-
-
-
- OAAuthParameter oaParam =
- AuthConfigurationProvider.getInstance().getOnlineApplicationParameter(oaURL);
- if (oaParam == null)
- throw new AuthenticationException("auth.00", new Object[] { oaURL });
-
- // get target and target friendly name from config
- String targetConfig = oaParam.getTarget();
- String targetFriendlyNameConfig = oaParam.getTargetFriendlyName();
-
- String targetFriendlyName = null;
-
- if (StringUtils.isEmpty(targetConfig)) {
- // no target attribut is given in OA config
- // target is used from request
- // check parameter
- if (!ParamValidatorUtils.isValidTarget(target))
- throw new WrongParametersException("StartAuthentication", PARAM_TARGET, "auth.12");
- } else {
- // use target from config
- target = targetConfig;
- targetFriendlyName = targetFriendlyNameConfig;
- }
-
- STORKConfig storkConfig = AuthConfigurationProvider.getInstance().getStorkConfig();
-
- Logger.info("Starting authentication for a citizen of country: " + (StringUtils.isEmpty(ccc) ? "AT" : ccc));
- // STORK or normal authentication
- if (storkConfig.isSTORKAuthentication(ccc)) {
- //STORK authentication
- Logger.trace("Found C-PEPS configuration for citizen of country: " + ccc);
- Logger.debug("Starting STORK authentication");
-
- AuthenticationServer.startSTORKAuthentication(req, resp, ccc, oaURL, target, targetFriendlyName, authURL, sourceID);
-
- } else {
- //normal MOA-ID authentication
- Logger.debug("Starting normal MOA-ID authentication");
-
- String getIdentityLinkForm = AuthenticationServer.getInstance().startAuthentication(authURL, target, targetFriendlyName, oaURL, templateURL, bkuURL, useMandate, sessionID, req.getScheme(), sourceID);
-
- resp.setContentType("text/html;charset=UTF-8");
- PrintWriter out = new PrintWriter(resp.getOutputStream());
- out.print(getIdentityLinkForm);
- out.flush();
- }
- Logger.debug("Finished GET StartAuthentication");
-
- }
- catch (WrongParametersException ex) {
- handleWrongParameters(ex, req, resp);
- }
- catch (MOAIDException ex) {
- handleError(null, ex, req, resp);
- }
- }
-
-
- /**
- * @see javax.servlet.http.HttpServlet#doPost(javax.servlet.http.HttpServletRequest, javax.servlet.http.HttpServletResponse)
- */
- protected void doPost(HttpServletRequest req, HttpServletResponse resp)
- throws ServletException, IOException {
-
- doGet(req, resp);
- }
-
-
- /**
- * Calls the web application initializer.
- *
- * @see javax.servlet.Servlet#init(ServletConfig)
- */
- public void init(ServletConfig servletConfig) throws ServletException {
- try {
- super.init(servletConfig);
- MOAIDAuthInitializer.initialize();
- Logger.info(MOAIDMessageProvider.getInstance().getMessage("init.00", null));
- }
- catch (Exception ex) {
- Logger.fatal(MOAIDMessageProvider.getInstance().getMessage("init.02", null), ex);
- throw new ServletException(ex);
- }
- }
-
-}
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/VerifyAuthenticationBlockServlet.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/VerifyAuthenticationBlockServlet.java
index fbf700365..09e4e957d 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/VerifyAuthenticationBlockServlet.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/VerifyAuthenticationBlockServlet.java
@@ -48,9 +48,13 @@ import at.gv.egovernment.moa.id.auth.MOAIDAuthConstants;
import at.gv.egovernment.moa.id.auth.WrongParametersException;
import at.gv.egovernment.moa.id.auth.builder.DataURLBuilder;
import at.gv.egovernment.moa.id.auth.data.AuthenticationSession;
+import at.gv.egovernment.moa.id.commons.db.ConfigurationDBUtils;
+import at.gv.egovernment.moa.id.commons.db.ex.MOADatabaseException;
import at.gv.egovernment.moa.id.config.ConnectionParameter;
import at.gv.egovernment.moa.id.config.auth.AuthConfigurationProvider;
import at.gv.egovernment.moa.id.config.auth.OAAuthParameter;
+import at.gv.egovernment.moa.id.moduls.ModulUtils;
+import at.gv.egovernment.moa.id.storage.AuthenticationSessionStoreage;
import at.gv.egovernment.moa.id.util.ParamValidatorUtils;
import at.gv.egovernment.moa.id.util.SSLUtils;
import at.gv.egovernment.moa.id.util.client.mis.simple.MISSessionId;
@@ -133,6 +137,7 @@ public class VerifyAuthenticationBlockServlet extends AuthServlet {
resp.setHeader(MOAIDAuthConstants.HEADER_CACHE_CONTROL,MOAIDAuthConstants.HEADER_VALUE_CACHE_CONTROL);
resp.addHeader(MOAIDAuthConstants.HEADER_CACHE_CONTROL,MOAIDAuthConstants.HEADER_VALUE_CACHE_CONTROL_IE);
+ String pendingRequestID = null;
Map parameters;
try
@@ -149,6 +154,8 @@ public class VerifyAuthenticationBlockServlet extends AuthServlet {
// escape parameter strings
sessionID = StringEscapeUtils.escapeHtml(sessionID);
+ pendingRequestID = AuthenticationSessionStoreage.getPendingRequestID(sessionID);
+
String redirectURL = null;
try {
// check parameter
@@ -157,11 +164,11 @@ public class VerifyAuthenticationBlockServlet extends AuthServlet {
if (!ParamValidatorUtils.isValidXMLDocument(createXMLSignatureResponse))
throw new WrongParametersException("VerifyAuthenticationBlock", PARAM_XMLRESPONSE, "auth.12");
-
AuthenticationSession session = AuthenticationServer.getSession(sessionID);
- String samlArtifactBase64 =
- AuthenticationServer.getInstance().verifyAuthenticationBlock(sessionID, createXMLSignatureResponse);
+
+ String samlArtifactBase64 = AuthenticationServer.getInstance().verifyAuthenticationBlock(session, createXMLSignatureResponse);
+
if (samlArtifactBase64 == null) {
//mandate Mode
@@ -202,8 +209,23 @@ public class VerifyAuthenticationBlockServlet extends AuthServlet {
String oaFriendlyName = oaParam.getFriendlyName();
String mandateReferenceValue = session.getMandateReferenceValue();
- X509Certificate cert = session.getSignerCertificate();
- MISSessionId misSessionID = MISSimpleClient.sendSessionIdRequest(connectionParameters.getUrl(), idl, cert.getEncoded(), oaFriendlyName, redirectURL, mandateReferenceValue, profilesArray, sslFactory);
+ byte[] cert = session.getEncodedSignerCertificate();
+
+ //TODO: check in case of SSO!!!
+ String targetType = null;
+ if(oaParam.getBusinessService()) {
+ String id = oaParam.getIdentityLinkDomainIdentifier();
+ if (id.startsWith(AuthenticationSession.REGISTERANDORDNR_PREFIX_))
+ targetType = id;
+ else
+ targetType = AuthenticationSession.REGISTERANDORDNR_PREFIX_+session.getDomainIdentifier();
+
+ } else {
+ targetType = AuthenticationSession.TARGET_PREFIX_ + oaParam.getTarget();
+ }
+
+
+ MISSessionId misSessionID = MISSimpleClient.sendSessionIdRequest(connectionParameters.getUrl(), idl, cert, oaFriendlyName, redirectURL, mandateReferenceValue, profilesArray, targetType, sslFactory);
String redirectMISGUI = misSessionID.getRedirectURL();
if (misSessionID == null) {
@@ -213,6 +235,12 @@ public class VerifyAuthenticationBlockServlet extends AuthServlet {
session.setMISSessionID(misSessionID.getSessiondId());
+ try {
+ AuthenticationSessionStoreage.storeSession(session);
+ } catch (MOADatabaseException e) {
+ throw new MOAIDException("Session store error", null);
+ }
+
resp.setStatus(302);
resp.addHeader("Location", redirectMISGUI);
Logger.debug("REDIRECT TO: " + redirectURL);
@@ -220,17 +248,22 @@ public class VerifyAuthenticationBlockServlet extends AuthServlet {
else {
if (!samlArtifactBase64.equals("Redirect to Input Processor")) {
- redirectURL = session.getOAURLRequested();
+ /*redirectURL = session.getOAURLRequested();
if (!session.getBusinessService()) {
redirectURL = addURLParameter(redirectURL, PARAM_TARGET, URLEncoder.encode(session.getTarget(), "UTF-8"));
}
redirectURL = addURLParameter(redirectURL, PARAM_SAMLARTIFACT, URLEncoder.encode(samlArtifactBase64, "UTF-8"));
- redirectURL = resp.encodeRedirectURL(redirectURL);
+ redirectURL = resp.encodeRedirectURL(redirectURL);*/
+
+
+ redirectURL = new DataURLBuilder().buildDataURL(session.getAuthURL(),
+ ModulUtils.buildAuthURL(session.getModul(), session.getAction(), pendingRequestID), samlArtifactBase64);
+
} else {
redirectURL = new DataURLBuilder().buildDataURL(session.getAuthURL(), AuthenticationServer.REQ_PROCESS_VALIDATOR_INPUT, session.getSessionID());
}
-
+
resp.setContentType("text/html");
resp.setStatus(302);
@@ -242,16 +275,20 @@ public class VerifyAuthenticationBlockServlet extends AuthServlet {
}
catch (MOAIDException ex) {
- handleError(null, ex, req, resp);
+ handleError(null, ex, req, resp, pendingRequestID);
} catch (GeneralSecurityException e) {
- handleError(null, e, req, resp);
+ handleError(null, e, req, resp, pendingRequestID);
} catch (PKIException e) {
- handleError(null, e, req, resp);
+ handleError(null, e, req, resp, pendingRequestID);
} catch (MISSimpleClientException e) {
- handleError(null, e, req, resp);
+ handleError(null, e, req, resp, pendingRequestID);
} catch (TransformerException e) {
- handleError(null, e, req, resp);
+ handleError(null, e, req, resp, pendingRequestID);
}
+
+ finally {
+ ConfigurationDBUtils.closeSession();
+ }
}
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/VerifyCertificateServlet.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/VerifyCertificateServlet.java
index 689510a9d..477d99220 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/VerifyCertificateServlet.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/VerifyCertificateServlet.java
@@ -43,6 +43,9 @@ import at.gv.egovernment.moa.id.auth.MOAIDAuthConstants;
import at.gv.egovernment.moa.id.auth.WrongParametersException;
import at.gv.egovernment.moa.id.auth.builder.DataURLBuilder;
import at.gv.egovernment.moa.id.auth.data.AuthenticationSession;
+import at.gv.egovernment.moa.id.commons.db.ConfigurationDBUtils;
+import at.gv.egovernment.moa.id.commons.db.ex.MOADatabaseException;
+import at.gv.egovernment.moa.id.storage.AuthenticationSessionStoreage;
import at.gv.egovernment.moa.id.util.ParamValidatorUtils;
import at.gv.egovernment.moa.id.util.ServletUtils;
import at.gv.egovernment.moa.logging.Logger;
@@ -104,6 +107,8 @@ public class VerifyCertificateServlet extends AuthServlet {
resp.setHeader(MOAIDAuthConstants.HEADER_PRAGMA,MOAIDAuthConstants.HEADER_VALUE_PRAGMA);
resp.setHeader(MOAIDAuthConstants.HEADER_CACHE_CONTROL,MOAIDAuthConstants.HEADER_VALUE_CACHE_CONTROL);
resp.addHeader(MOAIDAuthConstants.HEADER_CACHE_CONTROL,MOAIDAuthConstants.HEADER_VALUE_CACHE_CONTROL_IE);
+
+ String pendingRequestID = null;
Map parameters;
try
@@ -118,7 +123,9 @@ public class VerifyCertificateServlet extends AuthServlet {
// escape parameter strings
sessionID = StringEscapeUtils.escapeHtml(sessionID);
-
+
+ pendingRequestID = AuthenticationSessionStoreage.getPendingRequestID(sessionID);
+
AuthenticationSession session = null;
try {
// check parameter
@@ -138,31 +145,49 @@ public class VerifyCertificateServlet extends AuthServlet {
if (useMandate) {
- Logger.error("Online-Mandate Mode for foreign citizencs not supported.");
- throw new AuthenticationException("auth.13", null);
+
+ // verify certificate for OrganWalter
+ String createXMLSignatureRequestOrRedirect = AuthenticationServer.getInstance().verifyCertificate(session, cert);
+
+ try {
+ AuthenticationSessionStoreage.storeSession(session);
+ } catch (MOADatabaseException e) {
+ throw new MOAIDException("session store error", null);
+ }
+
+ ServletUtils.writeCreateXMLSignatureRequestOrRedirect(resp, session, createXMLSignatureRequestOrRedirect, AuthenticationServer.REQ_PROCESS_VALIDATOR_INPUT, "VerifyCertificate");
}
else {
// Foreign Identities Modus
- String createXMLSignatureRequest = AuthenticationServer.getInstance().createXMLSignatureRequestForeignID(sessionID, cert);
+ String createXMLSignatureRequest = AuthenticationServer.getInstance().createXMLSignatureRequestForeignID(session, cert);
// build dataurl (to the GetForeignIDSerlvet)
String dataurl =
new DataURLBuilder().buildDataURL(
session.getAuthURL(),
REQ_GET_FOREIGN_ID,
session.getSessionID());
-
+
+ try {
+ AuthenticationSessionStoreage.storeSession(session);
+ } catch (MOADatabaseException e) {
+ throw new MOAIDException("session store error", null);
+ }
+
ServletUtils.writeCreateXMLSignatureRequest(resp, session, createXMLSignatureRequest, AuthenticationServer.REQ_PROCESS_VALIDATOR_INPUT, "GetForeignID", dataurl);
Logger.debug("Send CreateXMLSignatureRequest to BKU");
- }
-
-
+ }
+ }
+ catch (MOAIDException ex) {
+
+ handleError(null, ex, req, resp, pendingRequestID);
+ }
+
+ finally {
+ ConfigurationDBUtils.closeSession();
}
- catch (MOAIDException ex) {
- handleError(null, ex, req, resp);
- }
}
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/VerifyIdentityLinkServlet.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/VerifyIdentityLinkServlet.java
index 5178e27d3..38f650a65 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/VerifyIdentityLinkServlet.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/VerifyIdentityLinkServlet.java
@@ -43,6 +43,11 @@ import at.gv.egovernment.moa.id.auth.WrongParametersException;
import at.gv.egovernment.moa.id.auth.builder.DataURLBuilder;
import at.gv.egovernment.moa.id.auth.builder.InfoboxReadRequestBuilderCertificate;
import at.gv.egovernment.moa.id.auth.data.AuthenticationSession;
+import at.gv.egovernment.moa.id.commons.db.ConfigurationDBUtils;
+import at.gv.egovernment.moa.id.commons.db.ex.MOADatabaseException;
+import at.gv.egovernment.moa.id.config.auth.AuthConfigurationProvider;
+import at.gv.egovernment.moa.id.config.auth.OAAuthParameter;
+import at.gv.egovernment.moa.id.storage.AuthenticationSessionStoreage;
import at.gv.egovernment.moa.id.util.ParamValidatorUtils;
import at.gv.egovernment.moa.id.util.ServletUtils;
import at.gv.egovernment.moa.logging.Logger;
@@ -109,6 +114,8 @@ public class VerifyIdentityLinkServlet extends AuthServlet {
Logger.debug("POST VerifyIdentityLink");
Map parameters;
+ String pendingRequestID = null;
+
try
{
parameters = getParameters(req);
@@ -123,6 +130,8 @@ public class VerifyIdentityLinkServlet extends AuthServlet {
// escape parameter strings
sessionID = StringEscapeUtils.escapeHtml(sessionID);
+ pendingRequestID = AuthenticationSessionStoreage.getPendingRequestID(sessionID);
+
resp.setHeader(MOAIDAuthConstants.HEADER_EXPIRES,MOAIDAuthConstants.HEADER_VALUE_EXPIRES);
resp.setHeader(MOAIDAuthConstants.HEADER_PRAGMA,MOAIDAuthConstants.HEADER_VALUE_PRAGMA);
resp.setHeader(MOAIDAuthConstants.HEADER_CACHE_CONTROL,MOAIDAuthConstants.HEADER_VALUE_CACHE_CONTROL);
@@ -134,14 +143,17 @@ public class VerifyIdentityLinkServlet extends AuthServlet {
if (!ParamValidatorUtils.isValidSessionID(sessionID))
throw new WrongParametersException("VerifyIdentityLink", PARAM_SESSIONID, "auth.12");
- AuthenticationSession session = AuthenticationServer.getSession(sessionID);
- String createXMLSignatureRequestOrRedirect = AuthenticationServer.getInstance().verifyIdentityLink(sessionID, parameters);
+
+ AuthenticationSession session = AuthenticationServer.getSession(sessionID);
+
+ String createXMLSignatureRequestOrRedirect = AuthenticationServer.getInstance().verifyIdentityLink(session, parameters);
Logger.debug(createXMLSignatureRequestOrRedirect);
+
if (createXMLSignatureRequestOrRedirect == null) {
// no identity link found
-
+
boolean useMandate = session.getUseMandate();
if (useMandate) {
Logger.error("Online-Mandate Mode for foreign citizencs not supported.");
@@ -150,7 +162,7 @@ public class VerifyIdentityLinkServlet extends AuthServlet {
try {
- Logger.debug("Send InfoboxReadRequest to BKU to get signer certificate.");
+ Logger.info("Send InfoboxReadRequest to BKU to get signer certificate.");
// create the InfoboxReadRequest to get the certificate
String infoboxReadRequest = new InfoboxReadRequestBuilderCertificate().build(true);
@@ -168,15 +180,18 @@ public class VerifyIdentityLinkServlet extends AuthServlet {
}
catch(Exception e) {
- handleError(null, e, req, resp);
+ handleError(null, e, req, resp, pendingRequestID);
}
}
else {
// @TODO: unteren InfoboxReadRequest zu, Signer-Cert auslesen (wegen Cert Abfrage auf Organwalter OID),
- // nach oben verschoben vor verifyIdentityLink (da hier schon bPK berechnet, die aber für OW nicht in
+ // nach oben verschoben vor verifyIdentityLink (da hier schon bPK berechnet, die aber f�r OW nicht in
// AUTH Block aufscheinen darf. --> D.h. verifyIdentityLink umbauen - verify und AUTH Block bauen trennen)
+
+ //TODO: Klaus fragen ob der Teil wirklich noch benötigt wird!!!!!
boolean useMandate = session.getUseMandate();
+
if (useMandate) { // Mandate modus
// read certificate and set dataurl to
Logger.debug("Send InfoboxReadRequest to BKU to get signer certificate.");
@@ -191,27 +206,47 @@ public class VerifyIdentityLinkServlet extends AuthServlet {
REQ_VERIFY_CERTIFICATE,
session.getSessionID());
-
//Logger.debug("ContentType set to: application/x-www-form-urlencoded (ServletUtils)");
//ServletUtils.writeCreateXMLSignatureRequestURLEncoded(resp, session, infoboxReadRequest, AuthenticationServer.REQ_PROCESS_VALIDATOR_INPUT, "VerifyIdentityLink", dataurl);
+
Logger.debug("ContentType set to: text/xml;charset=UTF-8 (ServletUtils)");
ServletUtils.writeCreateXMLSignatureRequest(resp, session, infoboxReadRequest, AuthenticationServer.REQ_PROCESS_VALIDATOR_INPUT, "VerifyIdentityLink", dataurl);
- }
+ }
else {
+ Logger.info("Normal");
+
+ OAAuthParameter oaParam = AuthConfigurationProvider.getInstance()
+ .getOnlineApplicationParameter(session.getPublicOAURLPrefix());
+ AuthConfigurationProvider authConf = AuthConfigurationProvider
+ .getInstance();
+
+ createXMLSignatureRequestOrRedirect = AuthenticationServer.getInstance()
+ .getCreateXMLSignatureRequestAuthBlockOrRedirect(session,
+ authConf, oaParam);
+
ServletUtils.writeCreateXMLSignatureRequestOrRedirect(resp, session, createXMLSignatureRequestOrRedirect, AuthenticationServer.REQ_PROCESS_VALIDATOR_INPUT, "VerifyIdentityLink");
}
-
-
}
-
+
+ try {
+ AuthenticationSessionStoreage.storeSession(session);
+
+ } catch (MOADatabaseException e) {
+ Logger.info("No valid MOA session found. Authentification process is abourted.");
+ throw new AuthenticationException("auth.20", null);
+ }
}
catch (ParseException ex) {
- handleError(null, ex, req, resp);
+ handleError(null, ex, req, resp, pendingRequestID);
}
catch (MOAIDException ex) {
- handleError(null, ex, req, resp);
+ handleError(null, ex, req, resp, pendingRequestID);
+ }
+
+ finally {
+ ConfigurationDBUtils.closeSession();
}
}
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/validator/CreateXMLSignatureResponseValidator.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/validator/CreateXMLSignatureResponseValidator.java
index dfad29e50..d0fb1f87f 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/validator/CreateXMLSignatureResponseValidator.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/validator/CreateXMLSignatureResponseValidator.java
@@ -35,9 +35,13 @@ import at.gv.egovernment.moa.id.auth.data.CreateXMLSignatureResponse;
import at.gv.egovernment.moa.id.auth.data.ExtendedSAMLAttribute;
import at.gv.egovernment.moa.id.auth.data.IdentityLink;
import at.gv.egovernment.moa.id.auth.data.SAMLAttribute;
+import at.gv.egovernment.moa.id.config.ConfigurationException;
import at.gv.egovernment.moa.id.config.TargetToSectorNameMapper;
+import at.gv.egovernment.moa.id.config.auth.AuthConfigurationProvider;
+import at.gv.egovernment.moa.id.config.auth.OAAuthParameter;
import at.gv.egovernment.moa.logging.Logger;
import at.gv.egovernment.moa.util.Constants;
+import at.gv.egovernment.moa.util.MiscUtil;
import at.gv.egovernment.moa.util.StringUtils;
import at.gv.egovernment.moa.util.XPathUtils;
@@ -55,6 +59,7 @@ public class CreateXMLSignatureResponseValidator {
/** Xpath expression to the dsig:Signature element */
private static final String SIGNATURE_XPATH = Constants.DSIG_PREFIX + ":Signature";
+ //private static final String XADES_SIGNINGTIME_PATH = Constants.XADES_1_1_1_NS_PREFIX + ":SigningTime";
/** Singleton instance. <code>null</code>, if none has been created. */
private static CreateXMLSignatureResponseValidator instance;
@@ -208,7 +213,7 @@ public class CreateXMLSignatureResponseValidator {
}
if (samlAttribute.getNamespace().equals("http://reference.e-government.gv.at/namespace/moa/20020822#")) {
foundOA = true;
- if (!oaURL.equals((String)samlAttribute.getValue())) { // CHECKS für die AttributeVALUES fehlen noch
+ if (!oaURL.equals((String)samlAttribute.getValue())) { // CHECKS für die AttributeVALUES fehlen noch
throw new ValidateException("validator.16", new Object[] {":gefunden wurde '" + oaURL + "', erwartet wurde '" + samlAttribute.getValue()});
}
} else {
@@ -231,7 +236,35 @@ public class CreateXMLSignatureResponseValidator {
} else {
throw new ValidateException("validator.35", null);
}
+
+ // check four attribute could be a special text
+ samlAttribute = samlAttributes[3 + offset];
+ if (!samlAttribute.getName().equals("SpecialText")) {
+ throw new ValidateException(
+ "validator.37",
+ new Object[] {samlAttribute.getName(), "SpecialText", String.valueOf(3)});
+ }
+ if (samlAttribute.getNamespace().equals("http://reference.e-government.gv.at/namespace/moa/20020822#")) {
+ String samlSpecialText = (String)samlAttribute.getValue();
+
+ String text = "";
+ try {
+ OAAuthParameter oaparam = AuthConfigurationProvider.getInstance().getOnlineApplicationParameter(session.getPublicOAURLPrefix());
+ if (MiscUtil.isNotEmpty(text = oaparam.getAditionalAuthBlockText()))
+ Logger.info("Use addional AuthBlock Text from OA=" + oaparam.getPublicURLPrefix());
+ } catch (ConfigurationException e) {
+ Logger.warn("Addional AuthBlock Text can not loaded from OA!", e);
+ }
+
+ String specialText = AuthenticationBlockAssertionBuilder.generateSpecialText(text, issuer, issueInstant);
+ if (!samlSpecialText.equals(specialText)) {
+ throw new ValidateException("validator.67", new Object[] {samlSpecialText, specialText});
+ }
+ } else {
+ throw new ValidateException("validator.35", null);
+ }
+
// now check the extended SAML attributes
int i = AuthenticationBlockAssertionBuilder.NUM_OF_SAML_ATTRIBUTES + offset;
if (extendedSAMLAttributes != null) {
@@ -309,4 +342,216 @@ public class CreateXMLSignatureResponseValidator {
throw new ValidateException("validator.05", new Object[] {"im AUTHBlock"}) ;
}
}
+
+ /**
+ * The Method validate is used for validating an explicit {@link CreateXMLSignatureResponse}
+ * @param createXMLSignatureResponse
+ * @param session
+ * @throws ValidateException
+ */
+ public void validateSSO(CreateXMLSignatureResponse createXMLSignatureResponse, AuthenticationSession session)
+ throws ValidateException {
+
+ // A3.056: more then one /saml:Assertion/saml:AttributeStatement/saml:Subject/saml:NameIdentifier
+
+ String oaURL;
+ try {
+ oaURL = AuthConfigurationProvider.getInstance().getSSOPublicUrl();
+ } catch (ConfigurationException e1) {
+ oaURL = new String();
+ }
+
+ IdentityLink identityLink = session.getIdentityLink();
+
+ Element samlAssertion = createXMLSignatureResponse.getSamlAssertion();
+ String issuer = samlAssertion.getAttribute("Issuer");
+ if (issuer == null) {
+ // should not happen, because parser would dedect this
+ throw new ValidateException("validator.32", null);
+ }
+ // replace ' in name with &#39;
+ issuer = issuer.replaceAll("'", "&#39;");
+
+ String issueInstant = samlAssertion.getAttribute("IssueInstant");
+ if (!issueInstant.equals(session.getIssueInstant())) {
+ throw new ValidateException("validator.39", new Object[] {issueInstant, session.getIssueInstant()});
+ }
+
+ String name = identityLink.getName();
+
+ if (!issuer.equals(name)) {
+ throw new ValidateException("validator.33", new Object[] {issuer, name});
+ }
+
+ SAMLAttribute[] samlAttributes = createXMLSignatureResponse.getSamlAttributes();
+
+ boolean foundOA = false;
+ boolean foundGB = false;
+ boolean foundWBPK = false;
+ int offset = 0;
+
+ // check number of SAML aatributes
+ List extendedSAMLAttributes = session.getExtendedSAMLAttributesAUTH();
+ int extendedSAMLAttributesNum = 0;
+ if (extendedSAMLAttributes != null) {
+ extendedSAMLAttributesNum = extendedSAMLAttributes.size();
+ }
+ int expectedSAMLAttributeNumber =
+ AuthenticationBlockAssertionBuilder.NUM_OF_SAML_ATTRIBUTES_SSO + extendedSAMLAttributesNum;
+ if (!session.getSAMLAttributeGebeORwbpk()) expectedSAMLAttributeNumber--;
+ int actualSAMLAttributeNumber = samlAttributes.length;
+ if (actualSAMLAttributeNumber != expectedSAMLAttributeNumber) {
+ Logger.error("Wrong number of SAML attributes in CreateXMLSignatureResponse: expected " +
+ expectedSAMLAttributeNumber + ", but was " + actualSAMLAttributeNumber);
+ throw new ValidateException(
+ "validator.36",
+ new Object[] {String.valueOf(actualSAMLAttributeNumber), String.valueOf(expectedSAMLAttributeNumber)});
+ }
+
+ SAMLAttribute samlAttribute;
+ if (!session.getSAMLAttributeGebeORwbpk()) {
+ offset--;
+ }
+
+ // check the first attribute (must be "OA")
+ samlAttribute = samlAttributes[0 + offset];
+ if (!samlAttribute.getName().equals("OA")) {
+ throw new ValidateException(
+ "validator.37",
+ new Object[] {samlAttribute.getName(), "OA", String.valueOf(2)});
+ }
+ if (samlAttribute.getNamespace().equals("http://reference.e-government.gv.at/namespace/moa/20020822#")) {
+ foundOA = true;
+ if (!oaURL.equals((String)samlAttribute.getValue())) { // CHECKS für die AttributeVALUES fehlen noch
+ throw new ValidateException("validator.16", new Object[] {":gefunden wurde '" + oaURL + "', erwartet wurde '" + samlAttribute.getValue()});
+ }
+ } else {
+ throw new ValidateException("validator.15", null);
+ }
+
+ // check the third attribute (must be "Geburtsdatum")
+ samlAttribute = samlAttributes[1 + offset];
+ if (!samlAttribute.getName().equals("Geburtsdatum")) {
+ throw new ValidateException(
+ "validator.37",
+ new Object[] {samlAttribute.getName(), "Geburtsdatum", String.valueOf(3)});
+ }
+ if (samlAttribute.getNamespace().equals("http://reference.e-government.gv.at/namespace/moa/20020822#")) {
+ String samlDateOfBirth = (String)samlAttribute.getValue();
+ String dateOfBirth = identityLink.getDateOfBirth();
+ if (!samlDateOfBirth.equals(dateOfBirth)) {
+ throw new ValidateException("validator.34", new Object[] {samlDateOfBirth, dateOfBirth});
+ }
+ } else {
+ throw new ValidateException("validator.35", null);
+ }
+
+ // check four attribute could be a special text
+ samlAttribute = samlAttributes[2 + offset];
+ if (!samlAttribute.getName().equals("SpecialText")) {
+ throw new ValidateException(
+ "validator.37",
+ new Object[] {samlAttribute.getName(), "SpecialText", String.valueOf(3)});
+ }
+ if (samlAttribute.getNamespace().equals("http://reference.e-government.gv.at/namespace/moa/20020822#")) {
+ String samlSpecialText = (String)samlAttribute.getValue();
+
+ String text = "";
+ try {
+ if (MiscUtil.isNotEmpty(text = AuthConfigurationProvider.getInstance().getSSOSpecialText()))
+ Logger.info("Use addional AuthBlock Text from SSO=" +text);
+ else
+ text = new String();
+ } catch (ConfigurationException e) {
+ Logger.warn("Addional AuthBlock Text can not loaded from SSO!", e);
+ }
+
+
+ String specialText = AuthenticationBlockAssertionBuilder.generateSpecialText(text, issuer, issueInstant);
+ if (!samlSpecialText.equals(specialText)) {
+ throw new ValidateException("validator.67", new Object[] {samlSpecialText, specialText});
+ }
+ } else {
+ throw new ValidateException("validator.35", null);
+ }
+
+ // now check the extended SAML attributes
+ int i = AuthenticationBlockAssertionBuilder.NUM_OF_SAML_ATTRIBUTES_SSO + offset;
+ if (extendedSAMLAttributes != null) {
+ Iterator it = extendedSAMLAttributes.iterator();
+ while (it.hasNext()) {
+ ExtendedSAMLAttribute extendedSAMLAttribute = (ExtendedSAMLAttribute)it.next();
+ samlAttribute = samlAttributes[i];
+ String actualName = samlAttribute.getName();
+ String expectedName = extendedSAMLAttribute.getName();
+ if (!actualName.equals(expectedName)) {
+ throw new ValidateException(
+ "validator.38",
+ new Object[] {"Name", String.valueOf((i+1)), actualName, actualName, expectedName });
+ }
+ String actualNamespace = samlAttribute.getNamespace();
+ String expectedNamespace = extendedSAMLAttribute.getNameSpace();
+ if (!actualNamespace.equals(expectedNamespace)) {
+ throw new ValidateException(
+ "validator.38",
+ new Object[] {"Namespace", String.valueOf((i+1)), actualName, actualNamespace, expectedNamespace, });
+ }
+ Object expectedValue = extendedSAMLAttribute.getValue();
+ Object actualValue = samlAttribute.getValue();
+ try {
+ if (expectedValue instanceof String) {
+ // replace \r\n because text might be base64-encoded
+ String expValue = StringUtils.replaceAll((String)expectedValue,"\r","");
+ expValue = StringUtils.replaceAll(expValue,"\n","");
+ String actValue = StringUtils.replaceAll((String)actualValue,"\r","");
+ actValue = StringUtils.replaceAll(actValue,"\n","");
+ if (!expValue.equals(actValue)) {
+ throw new ValidateException(
+ "validator.38",
+ new Object[] {"Wert", String.valueOf((i+1)), actualName, actualValue, expectedValue });
+ }
+ } else if (expectedValue instanceof Element) {
+ // only check the name of the element
+ String actualElementName = ((Element)actualValue).getNodeName();
+ String expectedElementName = ((Element)expectedValue).getNodeName();
+ if (!(expectedElementName.equals(actualElementName))){
+ throw new ValidateException(
+ "validator.38",
+ new Object[] {"Wert", String.valueOf((i+1)), actualName, actualElementName, expectedElementName});
+ }
+ } else {
+ // should not happen
+ throw new ValidateException(
+ "validator.38",
+ new Object[] {"Typ", String.valueOf((i+1)), expectedName, "java.lang.String oder org.wrc.dom.Element", expectedValue.getClass().getName()});
+ }
+ } catch (ClassCastException e) {
+ throw new ValidateException(
+ "validator.38",
+ new Object[] {"Typ", String.valueOf((i+1)), expectedName, expectedValue.getClass().getName(), actualValue.getClass().getName()});
+ }
+ i++;
+ }
+ }
+
+
+ if (!foundOA) throw new ValidateException("validator.14", null);
+
+ //Check if dsig:Signature exists
+// NodeList nl = createXMLSignatureResponse.getSamlAssertion().getElementsByTagNameNS(Constants.DSIG_NS_URI, "Signature");
+// if (nl.getLength() != 1) {
+// throw new ValidateException("validator.05", null);
+// }
+ Element dsigSignature = (Element) XPathUtils.selectSingleNode(samlAssertion, SIGNATURE_XPATH);
+ if (dsigSignature == null) {
+ throw new ValidateException("validator.05", new Object[] {"im AUTHBlock"}) ;
+ }
+ }
+
+ public void validateSigningDateTime( CreateXMLSignatureResponse csresp) throws ValidateException {
+
+ //TODO: insert Time validation!!!!
+
+ }
+
}
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/validator/VerifyXMLSignatureResponseValidator.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/validator/VerifyXMLSignatureResponseValidator.java
index 90282a28c..ed826c615 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/validator/VerifyXMLSignatureResponseValidator.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/validator/VerifyXMLSignatureResponseValidator.java
@@ -35,6 +35,7 @@ import java.security.interfaces.RSAPublicKey;
import java.util.List;
import at.gv.egovernment.moa.id.auth.MOAIDAuthConstants;
+import at.gv.egovernment.moa.id.auth.data.CreateXMLSignatureResponse;
import at.gv.egovernment.moa.id.auth.data.IdentityLink;
import at.gv.egovernment.moa.id.auth.data.VerifyXMLSignatureResponse;
import at.gv.egovernment.moa.id.util.MOAIDMessageProvider;
@@ -80,7 +81,7 @@ public class VerifyXMLSignatureResponseValidator {
* @throws ValidateException on any validation error
*/
public void validate(VerifyXMLSignatureResponse verifyXMLSignatureResponse,
- List identityLinkSignersSubjectDNNames,
+ List<String> identityLinkSignersSubjectDNNames,
String whatToCheck,
boolean ignoreManifestValidationResult)
throws ValidateException {
@@ -154,7 +155,7 @@ public class VerifyXMLSignatureResponseValidator {
}
}
-
+
/**
* Method validateCertificate.
* @param verifyXMLSignatureResponse The VerifyXMLSignatureResponse
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/validator/parep/ParepInputProcessorImpl.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/validator/parep/ParepInputProcessorImpl.java
index 576d9c358..a154c9ece 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/validator/parep/ParepInputProcessorImpl.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/validator/parep/ParepInputProcessorImpl.java
@@ -83,241 +83,255 @@ public class ParepInputProcessorImpl implements ParepInputProcessor{
this.rpGivenName = rpGivenName;
this.rpDateOfBirth = rpDateOfBirth;
this.request = request;
- }
-
- /*
- * (non-Javadoc)
- *
- * @see at.gv.egovernment.moa.id.auth.validator.parep.ParepInputProcessor#start(boolean, String, String, String, String, String, String, String, String, String, String, String)
- */
- public String start(
- boolean physical, String familyName, String givenName, String dateOfBirth,
- String streetName, String buildingNumber, String unit, String postalCode, String municipality,
- String cbFullName, String cbIdentificationType, String cbIdentificationValue)
- {
- // Load the form
- String form = loadForm(
- physical, familyName, givenName, dateOfBirth,
- streetName, buildingNumber, unit, postalCode, municipality,
- cbFullName, cbIdentificationType, cbIdentificationValue, "");
- try {
- request.setMandator(familyName, givenName, dateOfBirth, postalCode, municipality, streetName, buildingNumber, unit, physical, cbFullName,
- cbIdentificationType, cbIdentificationValue);
- } catch (SZRGWClientException e) {
- //e.printStackTrace();
- Logger.info(e);
- return null;
- }
- return form;
- }
-
- /*
- * (non-Javadoc)
- *
- * @see at.gv.egovernment.moa.id.auth.validator.parep.ParepInputProcessor#validate(Map, String)
- */
- public String validate(Map parameters, String extErrortext)
- {
-
- // Process the gotten parameters
- String form = null;
- boolean formNecessary = false;
- if (!ParepUtils.isEmpty(extErrortext)) formNecessary = true;
- String locErrortext = "Folgende Parameter fehlen: ";
-
- String familyName = (String) parameters.get("familyname_");
- if (null == familyName) familyName ="";
- String givenName = (String) parameters.get("givenname_");
- if (null == givenName) givenName ="";
- boolean physical = "true".equals(parameters.get("physical_"));
- String dobday = (String) parameters.get("dobday_");
- if (null!=dobday && dobday.equalsIgnoreCase("TT")) dobday="";
- String dobmonth = (String) parameters.get("dobmonth_");
- if (null!=dobmonth && dobmonth.equalsIgnoreCase("MM")) dobmonth="";
- String dobyear = (String) parameters.get("dobyear_");
- if (null!=dobyear && dobyear.equalsIgnoreCase("JJJJ")) dobyear="";
- String dateOfBirth = "";
- dobyear = (" ".substring(0, 4-dobyear.length()) + dobyear);
- dobmonth = (" ".substring(0, 2-dobmonth.length()) + dobmonth);
- dobday = (" ".substring(0, 2-dobday.length()) + dobday);
- dateOfBirth = dobyear + "-" + dobmonth + "-" + dobday;
- String cbFullName = (String) parameters.get("fullname_");
- if (null == cbFullName) cbFullName ="";
- String cbIdentificationType = (String) parameters.get("cbidentificationtype_");
- if (null == cbIdentificationType) cbIdentificationType ="";
- String cbIdentificationValue = (String) parameters.get("cbidentificationvalue_");
- if (null == cbIdentificationValue) cbIdentificationValue ="";
- String postalCode = (String) parameters.get("postalcode_");
- if (null == postalCode) postalCode ="";
- String municipality = (String) parameters.get("municipality_");
- if (null == municipality) municipality ="";
- String streetName = (String) parameters.get("streetname_");
- if (null == streetName) streetName ="";
- String buildingNumber = (String) parameters.get("buildingnumber_");
- if (null == buildingNumber) buildingNumber ="";
- String unit = (String) parameters.get("unit_");
- if (null == unit) unit ="";
-
- if (physical) {
- if (ParepUtils.isEmpty(familyName)) {
- formNecessary = true;
- locErrortext = locErrortext + "Familienname";
- }
- if (ParepUtils.isEmpty(givenName)) {
- formNecessary = true;
- if (!locErrortext.endsWith(": ")) locErrortext = locErrortext + ", ";
- locErrortext = locErrortext + "Vorname";
- }
- // Auf existierendes Datum prüfen
- SimpleDateFormat format = new SimpleDateFormat("yyyy-MM-dd");
- format.setLenient(false); // Wir wollen keine künstliche Pareserintelligenz, nur Datum prüfen
- try {
- format.parse(dateOfBirth);
- }
- catch(ParseException pe)
- {
- formNecessary = true;
- if (!locErrortext.endsWith("fehlen: ")) locErrortext = locErrortext + ", ";
- locErrortext = locErrortext + "korrektes Geburtsdatum";
- }
- } else {
- if (ParepUtils.isEmpty(cbFullName) || ParepUtils.isEmpty(cbIdentificationType) || ParepUtils.isEmpty(cbIdentificationValue)) {
- formNecessary = true;
- if (ParepUtils.isEmpty(cbFullName)) {
- locErrortext = locErrortext + "Name der Organisation";
- }
- if (ParepUtils.isEmpty(cbIdentificationType)) {
- if (!locErrortext.endsWith("fehlen: ")) locErrortext = locErrortext + ", ";
- locErrortext = locErrortext + "Auswahl des Registers";
- }
- if (ParepUtils.isEmpty(cbIdentificationValue)) {
- if (!locErrortext.endsWith("fehlen: ")) locErrortext = locErrortext + ", ";
- locErrortext = locErrortext + "Ordnungsnummer im ausgewählten Register";
- }
- }
- }
- try {
- request.setMandator(familyName, givenName, dateOfBirth, postalCode, municipality, streetName, buildingNumber, unit, physical, cbFullName,
- cbIdentificationType, cbIdentificationValue);
- if (formNecessary) {
- // Daten noch nicht vollständig oder anderer Fehler
- if (locErrortext.endsWith("fehlen: ")) locErrortext ="";
- String error = "";
- if (!ParepUtils.isEmpty(extErrortext)) {
- error = extErrortext;
- if (!ParepUtils.isEmpty(locErrortext)) error = error + "; ";
- }
- if (!ParepUtils.isEmpty(locErrortext)) error = error + locErrortext;
- if (!ParepUtils.isEmpty(error)) {
- error = "<div class=\"errortext\"> <img alt=\"Rufezeichen\" src=\"img/rufezeichen.gif\" width=\"10\" height=\"16\" />&nbsp; " + error + "</div>";
- }
- form = loadForm(physical, familyName, givenName, dateOfBirth, streetName, buildingNumber, unit, postalCode, municipality, cbFullName, cbIdentificationType, cbIdentificationValue, error);
- if (form == null) {
- return null;
- }
- } else {
- return ""; // everything is ok
- }
- } catch (Exception e) {
- //e.printStackTrace();
- Logger.info(e);
- return null;
- }
- return form;
- }
-
- /**
- * Loads the empty user input form and replaces tag occurences with given variables
- *
- * @param physical
- * @param familyName
- * @param givenName
- * @param dateOfBirth
- * @param streetName
- * @param buildingNumber
- * @param unit
- * @param postalCode
- * @param municipality
- * @param cbFullName
- * @param cbIdentificationType
- * @param cbIdentificationValue
- * @param errorText
- * @return
- */
- private String loadForm(
- boolean physical, String familyName, String givenName, String dateOfBirth,
- String streetName, String buildingNumber, String unit, String postalCode, String municipality,
- String cbFullName, String cbIdentificationType, String cbIdentificationValue, String errorText)
- {
- String form = "";
- try {
- String fileName = parepConfiguration.getInputProcessorTemplate(representationID);
- InputStream instream = null;
- File file = new File(fileName);
- if (file.exists()) {
- //if this resolves to a file, load it
- instream = new FileInputStream(fileName);
- } else {
- fileName = parepConfiguration.getFullDirectoryName(fileName);
- if (fileName.startsWith("file:\\")) fileName = fileName.substring(6);
- file = new File(fileName);
- if (file.exists()) {
- //if this resolves to a file, load it
- instream = new FileInputStream(fileName);
- } else {
- //else load a named resource in our classloader.
- instream = this.getClass().getResourceAsStream(parepConfiguration.getInputProcessorTemplate(representationID));
- if (instream == null) {
- Logger.error("Form Prozessor Input Template \"" + fileName + "\" fehlt");
- return null;
- }
- }
- }
- ByteArrayOutputStream bos = new ByteArrayOutputStream();
- ParepUtils.dumpInputOutputStream(instream, bos);
- form = bos.toString("UTF-8");
- } catch(Exception e) {
- Logger.error("Fehler beim Einlesen des Input-Templates.", e);
- }
-
- if (!ParepUtils.isEmpty(form)) {
- boolean cbEnabled = parepConfiguration.isRepresentingCorporateParty(representationID);
- boolean physEnabled = parepConfiguration.isRepresentingPhysicalParty(representationID);
- boolean reducedSelection = (!physEnabled || !cbEnabled);
- if (reducedSelection) {
- physical = !cbEnabled;//wird somit umgesetzt falls jur. Person nicht vetretbar
- }
- if (ParepUtils.isEmpty(dateOfBirth)) dateOfBirth = "JJJJ-MM-TT";
- form = ParepUtils.replaceAll(form, "<rpgivenname>", rpGivenName);
- form = ParepUtils.replaceAll(form, "<rpfamilyname>", rpFamilyName);
- form = ParepUtils.replaceAll(form, "<rpdobyear>", rpDateOfBirth.substring(0,4));
- form = ParepUtils.replaceAll(form, "<rpdobmonth>", rpDateOfBirth.substring(5,7));
- form = ParepUtils.replaceAll(form, "<rpdobday>", rpDateOfBirth.substring(8,10));
- //darf zw. phys. und jur. Person gewählt werden:
- //form = replaceAll(form, "seldisabled=\"\"", reducedSelection ? "disabled=\"true\"" : "");
- form = ParepUtils.replaceAll(form, "physdisabled=\"\"", physEnabled ? "" : "disabled=\"true\"");
- form = ParepUtils.replaceAll(form, "physselected=\"\"", physical ? "checked=\"checked\"" : "");
- form = ParepUtils.replaceAll(form, "<givenname>", givenName);
- form = ParepUtils.replaceAll(form, "<familyname>", familyName);
- form = ParepUtils.replaceAll(form, "<dobyear>", dateOfBirth.substring(0,4).trim());
- form = ParepUtils.replaceAll(form, "<dobmonth>", dateOfBirth.substring(5,7).trim());
- form = ParepUtils.replaceAll(form, "<dobday>", dateOfBirth.substring(8,10).trim());
- form = ParepUtils.replaceAll(form, "<streetname>", streetName);
- form = ParepUtils.replaceAll(form, "<buildingnumber>", buildingNumber);
- form = ParepUtils.replaceAll(form, "<unit>", unit);
- form = ParepUtils.replaceAll(form, "<postalcode>", postalCode);
- form = ParepUtils.replaceAll(form, "<municipality>", municipality);
- form = ParepUtils.replaceAll(form, "cbdisabled=\"\"", cbEnabled ? "" : "disabled=\"true\"");
- form = ParepUtils.replaceAll(form, "<fullname>", cbFullName);
- form = ParepUtils.replaceAll(form, "cbseldisabled=\"\"", cbEnabled ? "" : "disabled=\"disabled\"");
- form = ParepUtils.replaceAll(form, "cbselected=\"\"", physical ? "" : "checked=\"checked\"");
- form = ParepUtils.replaceAll(form, "fnselected=\"\"", cbIdentificationType.equals("urn:publicid:gv.at:baseid+XFN") ? "selected=\"selected\"" : "");
- form = ParepUtils.replaceAll(form, "vrselected=\"\"", cbIdentificationType.equals("urn:publicid:gv.at:baseid+XVR") ? "selected=\"selected\"" : "");
- form = ParepUtils.replaceAll(form, "ersbselected=\"\"", cbIdentificationType.equals("urn:publicid:gv.at:baseid+XERSB") ? "selected=\"selected\"" : "");
- form = ParepUtils.replaceAll(form, "<cbidentificationvalue>", cbIdentificationValue);
- form = ParepUtils.replaceAll(form, "<errortext>", errorText);
- }
- return form;
- }
+ }
+
+public String start(boolean physical, String familyName, String givenName,
+ String dateOfBirth, String streetName, String buildingNumber,
+ String unit, String postalCode, String municipality, String cbFullName,
+ String cbIdentificationType, String cbIdentificationValue) {
+ // TODO Auto-generated method stub
+ return null;
+}
+
+public String validate(Map parameters, String extErrortext) {
+ // TODO Auto-generated method stub
+ return null;
+}
+
+ //TODO: check correctness
+// /*
+// * (non-Javadoc)
+// *
+// * @see at.gv.egovernment.moa.id.auth.validator.parep.ParepInputProcessor#start(boolean, String, String, String, String, String, String, String, String, String, String, String)
+// */
+// public String start(
+// boolean physical, String familyName, String givenName, String dateOfBirth,
+// String streetName, String buildingNumber, String unit, String postalCode, String municipality,
+// String cbFullName, String cbIdentificationType, String cbIdentificationValue)
+// {
+// // Load the form
+// String form = loadForm(
+// physical, familyName, givenName, dateOfBirth,
+// streetName, buildingNumber, unit, postalCode, municipality,
+// cbFullName, cbIdentificationType, cbIdentificationValue, "");
+// try {
+// request.setMandator(familyName, givenName, dateOfBirth, postalCode, municipality, streetName, buildingNumber, unit, physical, cbFullName,
+// cbIdentificationType, cbIdentificationValue);
+// } catch (SZRGWClientException e) {
+// //e.printStackTrace();
+// Logger.info(e);
+// return null;
+// }
+// return form;
+// }
+//
+// /*
+// * (non-Javadoc)
+// *
+// * @see at.gv.egovernment.moa.id.auth.validator.parep.ParepInputProcessor#validate(Map, String)
+// */
+// public String validate(Map parameters, String extErrortext)
+// {
+//
+// // Process the gotten parameters
+// String form = null;
+// boolean formNecessary = false;
+// if (!ParepUtils.isEmpty(extErrortext)) formNecessary = true;
+// String locErrortext = "Folgende Parameter fehlen: ";
+//
+// String familyName = (String) parameters.get("familyname_");
+// if (null == familyName) familyName ="";
+// String givenName = (String) parameters.get("givenname_");
+// if (null == givenName) givenName ="";
+// boolean physical = "true".equals(parameters.get("physical_"));
+// String dobday = (String) parameters.get("dobday_");
+// if (null!=dobday && dobday.equalsIgnoreCase("TT")) dobday="";
+// String dobmonth = (String) parameters.get("dobmonth_");
+// if (null!=dobmonth && dobmonth.equalsIgnoreCase("MM")) dobmonth="";
+// String dobyear = (String) parameters.get("dobyear_");
+// if (null!=dobyear && dobyear.equalsIgnoreCase("JJJJ")) dobyear="";
+// String dateOfBirth = "";
+// dobyear = (" ".substring(0, 4-dobyear.length()) + dobyear);
+// dobmonth = (" ".substring(0, 2-dobmonth.length()) + dobmonth);
+// dobday = (" ".substring(0, 2-dobday.length()) + dobday);
+// dateOfBirth = dobyear + "-" + dobmonth + "-" + dobday;
+// String cbFullName = (String) parameters.get("fullname_");
+// if (null == cbFullName) cbFullName ="";
+// String cbIdentificationType = (String) parameters.get("cbidentificationtype_");
+// if (null == cbIdentificationType) cbIdentificationType ="";
+// String cbIdentificationValue = (String) parameters.get("cbidentificationvalue_");
+// if (null == cbIdentificationValue) cbIdentificationValue ="";
+// String postalCode = (String) parameters.get("postalcode_");
+// if (null == postalCode) postalCode ="";
+// String municipality = (String) parameters.get("municipality_");
+// if (null == municipality) municipality ="";
+// String streetName = (String) parameters.get("streetname_");
+// if (null == streetName) streetName ="";
+// String buildingNumber = (String) parameters.get("buildingnumber_");
+// if (null == buildingNumber) buildingNumber ="";
+// String unit = (String) parameters.get("unit_");
+// if (null == unit) unit ="";
+//
+// if (physical) {
+// if (ParepUtils.isEmpty(familyName)) {
+// formNecessary = true;
+// locErrortext = locErrortext + "Familienname";
+// }
+// if (ParepUtils.isEmpty(givenName)) {
+// formNecessary = true;
+// if (!locErrortext.endsWith(": ")) locErrortext = locErrortext + ", ";
+// locErrortext = locErrortext + "Vorname";
+// }
+// // Auf existierendes Datum prüfen
+// SimpleDateFormat format = new SimpleDateFormat("yyyy-MM-dd");
+// format.setLenient(false); // Wir wollen keine künstliche Pareserintelligenz, nur Datum prüfen
+// try {
+// format.parse(dateOfBirth);
+// }
+// catch(ParseException pe)
+// {
+// formNecessary = true;
+// if (!locErrortext.endsWith("fehlen: ")) locErrortext = locErrortext + ", ";
+// locErrortext = locErrortext + "korrektes Geburtsdatum";
+// }
+// } else {
+// if (ParepUtils.isEmpty(cbFullName) || ParepUtils.isEmpty(cbIdentificationType) || ParepUtils.isEmpty(cbIdentificationValue)) {
+// formNecessary = true;
+// if (ParepUtils.isEmpty(cbFullName)) {
+// locErrortext = locErrortext + "Name der Organisation";
+// }
+// if (ParepUtils.isEmpty(cbIdentificationType)) {
+// if (!locErrortext.endsWith("fehlen: ")) locErrortext = locErrortext + ", ";
+// locErrortext = locErrortext + "Auswahl des Registers";
+// }
+// if (ParepUtils.isEmpty(cbIdentificationValue)) {
+// if (!locErrortext.endsWith("fehlen: ")) locErrortext = locErrortext + ", ";
+// locErrortext = locErrortext + "Ordnungsnummer im ausgewählten Register";
+// }
+// }
+// }
+// try {
+// request.setMandator(familyName, givenName, dateOfBirth, postalCode, municipality, streetName, buildingNumber, unit, physical, cbFullName,
+// cbIdentificationType, cbIdentificationValue);
+// if (formNecessary) {
+// // Daten noch nicht vollständig oder anderer Fehler
+// if (locErrortext.endsWith("fehlen: ")) locErrortext ="";
+// String error = "";
+// if (!ParepUtils.isEmpty(extErrortext)) {
+// error = extErrortext;
+// if (!ParepUtils.isEmpty(locErrortext)) error = error + "; ";
+// }
+// if (!ParepUtils.isEmpty(locErrortext)) error = error + locErrortext;
+// if (!ParepUtils.isEmpty(error)) {
+// error = "<div class=\"errortext\"> <img alt=\"Rufezeichen\" src=\"img/rufezeichen.gif\" width=\"10\" height=\"16\" />&nbsp; " + error + "</div>";
+// }
+// form = loadForm(physical, familyName, givenName, dateOfBirth, streetName, buildingNumber, unit, postalCode, municipality, cbFullName, cbIdentificationType, cbIdentificationValue, error);
+// if (form == null) {
+// return null;
+// }
+// } else {
+// return ""; // everything is ok
+// }
+// } catch (Exception e) {
+// //e.printStackTrace();
+// Logger.info(e);
+// return null;
+// }
+// return form;
+// }
+//
+// /**
+// * Loads the empty user input form and replaces tag occurences with given variables
+// *
+// * @param physical
+// * @param familyName
+// * @param givenName
+// * @param dateOfBirth
+// * @param streetName
+// * @param buildingNumber
+// * @param unit
+// * @param postalCode
+// * @param municipality
+// * @param cbFullName
+// * @param cbIdentificationType
+// * @param cbIdentificationValue
+// * @param errorText
+// * @return
+// */
+// private String loadForm(
+// boolean physical, String familyName, String givenName, String dateOfBirth,
+// String streetName, String buildingNumber, String unit, String postalCode, String municipality,
+// String cbFullName, String cbIdentificationType, String cbIdentificationValue, String errorText)
+// {
+// String form = "";
+// try {
+// String fileName = parepConfiguration.getInputProcessorTemplate(representationID);
+// InputStream instream = null;
+// File file = new File(fileName);
+// if (file.exists()) {
+// //if this resolves to a file, load it
+// instream = new FileInputStream(fileName);
+// } else {
+// fileName = parepConfiguration.getFullDirectoryName(fileName);
+// if (fileName.startsWith("file:\\")) fileName = fileName.substring(6);
+// file = new File(fileName);
+// if (file.exists()) {
+// //if this resolves to a file, load it
+// instream = new FileInputStream(fileName);
+// } else {
+// //else load a named resource in our classloader.
+// instream = this.getClass().getResourceAsStream(parepConfiguration.getInputProcessorTemplate(representationID));
+// if (instream == null) {
+// Logger.error("Form Prozessor Input Template \"" + fileName + "\" fehlt");
+// return null;
+// }
+// }
+// }
+// ByteArrayOutputStream bos = new ByteArrayOutputStream();
+// ParepUtils.dumpInputOutputStream(instream, bos);
+// form = bos.toString("UTF-8");
+// } catch(Exception e) {
+// Logger.error("Fehler beim Einlesen des Input-Templates.", e);
+// }
+//
+// if (!ParepUtils.isEmpty(form)) {
+// boolean cbEnabled = parepConfiguration.isRepresentingCorporateParty(representationID);
+// boolean physEnabled = parepConfiguration.isRepresentingPhysicalParty(representationID);
+// boolean reducedSelection = (!physEnabled || !cbEnabled);
+// if (reducedSelection) {
+// physical = !cbEnabled;//wird somit umgesetzt falls jur. Person nicht vetretbar
+// }
+// if (ParepUtils.isEmpty(dateOfBirth)) dateOfBirth = "JJJJ-MM-TT";
+// form = ParepUtils.replaceAll(form, "<rpgivenname>", rpGivenName);
+// form = ParepUtils.replaceAll(form, "<rpfamilyname>", rpFamilyName);
+// form = ParepUtils.replaceAll(form, "<rpdobyear>", rpDateOfBirth.substring(0,4));
+// form = ParepUtils.replaceAll(form, "<rpdobmonth>", rpDateOfBirth.substring(5,7));
+// form = ParepUtils.replaceAll(form, "<rpdobday>", rpDateOfBirth.substring(8,10));
+// //darf zw. phys. und jur. Person gewählt werden:
+// //form = replaceAll(form, "seldisabled=\"\"", reducedSelection ? "disabled=\"true\"" : "");
+// form = ParepUtils.replaceAll(form, "physdisabled=\"\"", physEnabled ? "" : "disabled=\"true\"");
+// form = ParepUtils.replaceAll(form, "physselected=\"\"", physical ? "checked=\"checked\"" : "");
+// form = ParepUtils.replaceAll(form, "<givenname>", givenName);
+// form = ParepUtils.replaceAll(form, "<familyname>", familyName);
+// form = ParepUtils.replaceAll(form, "<dobyear>", dateOfBirth.substring(0,4).trim());
+// form = ParepUtils.replaceAll(form, "<dobmonth>", dateOfBirth.substring(5,7).trim());
+// form = ParepUtils.replaceAll(form, "<dobday>", dateOfBirth.substring(8,10).trim());
+// form = ParepUtils.replaceAll(form, "<streetname>", streetName);
+// form = ParepUtils.replaceAll(form, "<buildingnumber>", buildingNumber);
+// form = ParepUtils.replaceAll(form, "<unit>", unit);
+// form = ParepUtils.replaceAll(form, "<postalcode>", postalCode);
+// form = ParepUtils.replaceAll(form, "<municipality>", municipality);
+// form = ParepUtils.replaceAll(form, "cbdisabled=\"\"", cbEnabled ? "" : "disabled=\"true\"");
+// form = ParepUtils.replaceAll(form, "<fullname>", cbFullName);
+// form = ParepUtils.replaceAll(form, "cbseldisabled=\"\"", cbEnabled ? "" : "disabled=\"disabled\"");
+// form = ParepUtils.replaceAll(form, "cbselected=\"\"", physical ? "" : "checked=\"checked\"");
+// form = ParepUtils.replaceAll(form, "fnselected=\"\"", cbIdentificationType.equals("urn:publicid:gv.at:baseid+XFN") ? "selected=\"selected\"" : "");
+// form = ParepUtils.replaceAll(form, "vrselected=\"\"", cbIdentificationType.equals("urn:publicid:gv.at:baseid+XVR") ? "selected=\"selected\"" : "");
+// form = ParepUtils.replaceAll(form, "ersbselected=\"\"", cbIdentificationType.equals("urn:publicid:gv.at:baseid+XERSB") ? "selected=\"selected\"" : "");
+// form = ParepUtils.replaceAll(form, "<cbidentificationvalue>", cbIdentificationValue);
+// form = ParepUtils.replaceAll(form, "<errortext>", errorText);
+// }
+// return form;
+// }
}
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/validator/parep/ParepUtils.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/validator/parep/ParepUtils.java
index 5eeaa5d3d..ab7a134c8 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/validator/parep/ParepUtils.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/validator/parep/ParepUtils.java
@@ -650,7 +650,7 @@ public class ParepUtils {
if (ParepUtils.isEmpty(register)) return null;
if (register.equals("FN") || register.equals("XFN")) return "Firmenbuchnummer";
if (register.equals("VR") || register.equals("XZVR") || register.equals("XVR") || register.equals("ZVR")) return "Nummer im Vereinsregister";
- if (register.equals("ERSB") || register.equals("XERSB")) return "Nummer im Ergänzungsregister für sonstige Betroffene";
+ if (register.equals("ERSB") || register.equals("XERSB")) return "Nummer im Ergänzungsregister für sonstige Betroffene";
return null;
}
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/validator/parep/ParepValidator.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/validator/parep/ParepValidator.java
index 7bd6f5e28..f2f897432 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/validator/parep/ParepValidator.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/validator/parep/ParepValidator.java
@@ -61,547 +61,583 @@ import at.gv.egovernment.moa.util.Constants;
*
* @author <a href="mailto:peter.danner@egiz.gv.at">Peter Danner
*/
-public class ParepValidator implements InfoboxValidator {
-
- /** activates debug settings */
- private boolean PAREP_DEBUG = false;
-
- /** contains the parameters the validator initially was called with */
- private InfoboxValidatorParams params = null;
-
- /** contains the configuration of the validator */
- private ParepConfiguration parepConfiguration = null;
-
- /** the requested representation ID (currently * or OID) */
- private String representationID = null;
-
- /** holds the information of the SZR-request */
- private CreateMandateRequest request = null;
-
- /** List of extended SAML attributes. */
- private Vector extendedSamlAttributes = new Vector();
-
- /** the class which processes the user input */
- private ParepInputProcessor inputProcessor = null;
-
- /** The form if user input is necessary */
- private String form = null;
-
- /** unspecified error of parep-validator (must not know more about)*/
- private final static String COMMON_ERROR = "Es ist ein Fehler bei der Überprüfung für berufsmäßige Parteienvetretung aufgetreten";
-
- /** Default class to gather remaining mandator data. */
- public final static String PAREP_INPUT_PROCESSOR = "at.gv.egovernment.moa.id.auth.validator.parep.ParepInputProcessorImpl";
-
- /** Default template to gather remaining mandator data. */
- public final static String PAREP_INPUT_TEMPLATE = "/resources/templates/ParepMinTemplate.html";
-
- /** kind of representation text in AUTH block*/
- public final static String STANDARD_REPRESENTATION_TEXT = "berufsmäßige(r) Parteienvertreter(in)";
-
- /** Names of the produced SAML-attributes. */
- public final static String EXT_SAML_MANDATE_RAW = "Mandate";
- public final static String EXT_SAML_MANDATE_NAME = "MandatorName";
- public final static String EXT_SAML_MANDATE_DOB = "MandatorDateOfBirth";
- public final static String EXT_SAML_MANDATE_WBPK = "MandatorWbpk";
- public final static String EXT_SAML_MANDATE_REPRESENTATIONTYPE = "RepresentationType";
+public class ParepValidator implements InfoboxValidator {
+
public final static String EXT_SAML_MANDATE_OIDTEXTUALDESCRIPTION = "OIDTextualDescription";
public final static String EXT_SAML_MANDATE_OID = "OID";
+ public final static String EXT_SAML_MANDATE_RAW = "Mandate";
+ public final static String EXT_SAML_MANDATE_NAME = "MandatorName";
+ public final static String EXT_SAML_MANDATE_DOB = "MandatorDateOfBirth";
+ public final static String EXT_SAML_MANDATE_WBPK = "MandatorWbpk";
+ public final static String EXT_SAML_MANDATE_REPRESENTATIONTYPE = "RepresentationType";
+ public final static String EXT_SAML_MANDATE_REPRESENTATIONTEXT = "Vollmachtsvertreter";
+ public final static String EXT_SAML_MANDATE_CB_BASE_ID = "MandatorDomainIdentifier";
- /** */
- public final static String EXT_SAML_MANDATE_REPRESENTATIONTEXT = "Vollmachtsvertreter";
-
- /** register and register number for non physical persons - the domain identifier for business applications*/
- public final static String EXT_SAML_MANDATE_CB_BASE_ID = "MandatorDomainIdentifier";
-
- /**
- * Parses the XML configuration element and creates the validators configuration
- * Use this function if you want to preconfigure the validator.
- *
- * @param configElem
- * the XML configuration element to parse.
- * @throws ConfigurationException
- * if an error occurs during the configuration process
- */
- public void Configure(Element configElem) throws ConfigurationException {
- if (this.parepConfiguration == null) {
- Logger.debug("Lade Konfiguration.");
- parepConfiguration = new ParepConfiguration(configElem);
- Logger.debug("Konfiguration erfolgreich geladen.");
- }
- }
-
- /*
- * (non-Javadoc)
- *
- * @see at.gv.egovernment.moa.id.auth.validator.InfoboxValidator#validate(at.gv.egovernment.moa.id.auth.data.InfoboxValidatorParams)
- */
- public InfoboxValidationResult validate(InfoboxValidatorParams params) throws ValidateException {
-
- InfoboxValidationResultImpl validationResult = new InfoboxValidationResultImpl(false, null, null);
-
- try {
- Logger.debug("Starte Organwalter-/berufsmäßige Parteienvertreterprüfung.");
- this.params = params;
-
- Element mandate = extractPrimaryToken(this.params.getInfoboxTokenList());
- // ParepUtils.serializeElement(mandate, System.out);
- this.representationID = ParepUtils.extractRepresentativeID(mandate);
- if (ParepUtils.isEmpty(representationID)) {
- validationResult.setErrorMessage("Fehlende oder falsche MandateID in standardisierter Vollmacht");
- return validationResult;
- }
-
- // Überprüfen der Identifikation (Type/Value).
- String identificationType = this.params.getIdentificationType();
- String identificationValue = this.params.getIdentificationValue();
- if (this.params.getBusinessApplication()) {
- if (representationID.startsWith(MOAIDAuthConstants.PARTY_ORGAN_REPRESENTATION_OID_NUMBER)) {
- validationResult.setErrorMessage("Eine Vertretung durch Organwalter im privatwirtschaftlichen Bereich ist nicht vorgesehen.");
- return validationResult;
-
- } else {
- Logger.debug("Parteienvertreter wird mit wbPK identifiziert");
- }
- } else {
- if (representationID.startsWith(MOAIDAuthConstants.PARTY_ORGAN_REPRESENTATION_OID_NUMBER)) {
- //Für Organwalter wird die Stammzahl zur Berechnung der Organwalter-bPK benötigt
- if (!Constants.URN_PREFIX_BASEID.equals(this.params.getIdentificationType())) {
- Logger.error("Für eine Vertretung durch Organwalter ist es notwendig dessen Stammzahl an das Stammzahlenregister-Gateway zu übermitteln. In der MOA-ID Konfiguration muss die Übermittlung Stammzahl aktiviert sein.");
- validationResult.setErrorMessage("Die standardisierte Vollmacht wird von diesem Server nicht akzeptiert.");
- return validationResult;
- } else {
- Logger.debug("Organwalter wird mit Stammzahl identifiziert");
- }
- } else {
- if (Constants.URN_PREFIX_BASEID.equals(this.params.getIdentificationType())) {
- // bPK berechnen, da dem SZR-Gateway das Target nicht bekannt ist
- identificationType = Constants.URN_PREFIX_CDID;
- String bpkBase64 = new BPKBuilder().buildBPK(this.params.getIdentificationValue(), this.params.getTarget());
- identificationValue = bpkBase64;
- Logger.debug("bPK für Parteienvertreter wurde berechnet. Parteienvertreter wird mit bPK identifiziert");
- } else {
- Logger.debug("Parteienvertreter wird mit bPK identifiziert");
- }
- }
- }
-
- Configure(this.params.getApplicationSpecificParams());
- // check if we have a configured party representative for that
- if (!parepConfiguration.isPartyRepresentative(representationID)) {
- Logger.info("Kein berufsmäßiger Parteienvertreter für MandateID \"" + representationID + "\" konfiguriert.");
- validationResult.setErrorMessage("Die standardisierte Vollmacht wird von diesem Server nicht akzeptiert.");
- return validationResult;
- }
-
- // Vertreter
- this.request = new CreateMandateRequest();
- request.setRepresentative(this.params, identificationType, identificationValue);
- // ParepUtils.serializeElement(request.getRepresentative(), System.out);
- //ParepUtils.saveElementToFile(request.getRepresentative(), new File("c:/representative.xml"));
-
- Logger.debug("Prüfe vorausgefüllte Daten...");
- boolean physical = true;
- String familyName = "";
- String givenName = "";
- String dateOfBirth = "";
- String cbFullName = "";
- String cbIdentificationType = "";
- String cbIdentificationValue = "";
- String postalCode = "";
- String municipality = "";
- String streetName = "";
- String buildingNumber = "";
- String unit = "";
-
- boolean formNecessary = false;
- // Vertretener (erstes Vorkommen)
- Element mandator = ParepUtils.extractMandator(mandate);
- if (mandator != null) {
- // ParepUtils.serializeElement(mandator, System.out);
- // ParepUtils.saveElementToFile(mandator, new File("c:/mandator.xml"));
- if (ParepUtils.isPhysicalPerson(mandator)) {
- familyName = ParepUtils.extractText(mandator, "descendant-or-self::pr:Name/pr:FamilyName/text()");
- givenName = ParepUtils.extractText(mandator, "descendant-or-self::pr:Name/pr:GivenName/text()");
- dateOfBirth = ParepUtils.extractMandatorDateOfBirth(mandator);
- } else {
- physical = false;
- cbFullName = ParepUtils.extractMandatorFullName(mandator);
- cbIdentificationType = ParepUtils.getIdentification(mandator, "Type");
- cbIdentificationValue = ParepUtils.extractMandatorWbpk(mandator);
- }
- postalCode = ParepUtils.extractText(mandator, "descendant-or-self::pr:PostalAddress/pr:PostalCode/text()");
- municipality = ParepUtils.extractText(mandator, "descendant-or-self::pr:PostalAddress/pr:Municipality/text()");
- streetName = ParepUtils.extractText(mandator, "descendant-or-self::pr:PostalAddress/pr:DeliveryAddress/pr:StreetName/text()");
- buildingNumber = ParepUtils.extractText(mandator, "descendant-or-self::pr:PostalAddress/pr:DeliveryAddress/pr:BuildingNumber/text()");
- unit = ParepUtils.extractText(mandator, "descendant-or-self::pr:PostalAddress/pr:DeliveryAddress/pr:Unit/text()");
-
- }
- if (physical) {
- if (!parepConfiguration.isRepresentingPhysicalParty(representationID)) {
- validationResult.setErrorMessage("Vertretung von natürlichen Personen für diese standardisierte Vollmacht nicht erlaubt.");
- return validationResult;
- }
- if (ParepUtils.isEmpty(familyName) || ParepUtils.isEmpty(givenName) || ParepUtils.isEmpty(dateOfBirth)) {
- formNecessary = true;
- }
- } else {
- if (!parepConfiguration.isRepresentingCorporateParty(representationID)) {
- validationResult.setErrorMessage("Vertretung von juristischen Personen für diese standardisierte Vollmacht nicht erlaubt.");
- return validationResult;
- }
- if (ParepUtils.isEmpty(cbFullName) || ParepUtils.isEmpty(cbIdentificationType) || ParepUtils.isEmpty(cbIdentificationValue)) {
- formNecessary = true;
- }
- }
-
- //Zeigen wir, dass die Daten übernommen wurden:
- if (parepConfiguration.isAlwaysShowForm()) formNecessary=true;
-
- // Input processor
- this.form = "";
- if (formNecessary) {
- ParepInputProcessor inputProcessor= getInputProcessor();
- this.form = inputProcessor.start(
- physical, familyName, givenName, dateOfBirth, streetName, buildingNumber, unit, postalCode, municipality,
- cbFullName, cbIdentificationType, cbIdentificationValue);
- if (this.form == null) {
- validationResult.setErrorMessage(ParepValidator.COMMON_ERROR);
- return validationResult;
- }
- } else {
- // Request vorbereiten mit vorgegebenen Daten
- request.setMandator(familyName, givenName, dateOfBirth, postalCode, municipality, streetName, buildingNumber, unit, physical, cbFullName,
- cbIdentificationType, cbIdentificationValue);
- }
-
-
- // ParepUtils.serializeElement(request.getMandator(), System.out);
- // ParepUtils.saveElementToFile(request.getMandator(), new File("c:/mandator.xml"));
-
- addAuthBlockExtendedSamlAttributes();
- validationResult.setExtendedSamlAttributes(getExtendedSamlAttributes());
- Logger.debug("Überprüfung der vertretenen Partei erfolgreich beendet");
- validationResult.setValid(true);
- return validationResult;
- } catch (Exception e) {
- e.printStackTrace();
- Logger.info(e);
- validationResult.setErrorMessage(ParepValidator.COMMON_ERROR);
- return validationResult;
- }
- }
-
- /*
- * (non-Javadoc)
- *
- * @see at.gv.egovernment.moa.id.auth.validator.InfoboxValidator#validate(java.util.Map)
- */
- public InfoboxValidationResult validate(Map parameters) throws ValidateException {
-
- InfoboxValidationResultImpl validationResult = new InfoboxValidationResultImpl(false, null, null);
- Logger.debug("Intermediate processing von Organwalter-/berufsmäßige Parteienvertreterprüfung");
- Logger.debug("Prüfe im Formular ausgefüllte Daten...");
- if (PAREP_DEBUG) Logger.debug("Got parameters from user input form: " + parameters.toString());
-
- // Input processor
- ParepInputProcessor inputProcessor= getInputProcessor();
- this.form = inputProcessor.validate(parameters, null);
- if (this.form == null) {
- validationResult.setErrorMessage(ParepValidator.COMMON_ERROR);
- return validationResult;
- }
-
- addAuthBlockExtendedSamlAttributes();
- validationResult.setExtendedSamlAttributes(getExtendedSamlAttributes());
- validationResult.setValid(true);
- Logger.debug("Intermediate processing von Organwalter-/berufsmäßige Parteienvertreterprüfung erfolgreich beendet");
- return validationResult;
- }
-
- /*
- * (non-Javadoc)
- *
- * @see at.gv.egovernment.moa.id.auth.validator.InfoboxValidator#validate(org.w3c.dom.Element)
- */
- public InfoboxValidationResult validate(Element samlAssertion) throws ValidateException {
-
- InfoboxValidationResultImpl validationResult = new InfoboxValidationResultImpl(false, null, null);
- Logger.debug("Post processing von Organwalter-/berufsmäßige Parteienvertreterprüfung");
- this.form = "";
- try {
-
-
- request.setSignature(samlAssertion);
-
-//DPO debug
-// Element mandate = (ParepUtils.readDocFromIs(new FileInputStream("c:/vertetervollmacht_1.2.40.0.10.3.1_origin-fixed.xml"))).getDocumentElement();
-// String id = representationID;
+
+ public InfoboxValidationResult validate(InfoboxValidatorParams params)
+ throws ValidateException {
+ // TODO Auto-generated method stub
+ return null;
+ }
+
+ public InfoboxValidationResult validate(Map parameters)
+ throws ValidateException {
+ // TODO Auto-generated method stub
+ return null;
+ }
+
+ public InfoboxValidationResult validate(Element samlAssertion)
+ throws ValidateException {
+ // TODO Auto-generated method stub
+ return null;
+ }
+
+ public String getForm() {
+ // TODO Auto-generated method stub
+ return null;
+ }
+
+
+ //TODO: check correctness!!!!
+// /** activates debug settings */
+// private boolean PAREP_DEBUG = false;
+//
+// /** contains the parameters the validator initially was called with */
+// private InfoboxValidatorParams params = null;
+//
+// /** contains the configuration of the validator */
+// private ParepConfiguration parepConfiguration = null;
+//
+// /** the requested representation ID (currently * or OID) */
+// private String representationID = null;
+//
+// /** holds the information of the SZR-request */
+// private CreateMandateRequest request = null;
+//
+// /** List of extended SAML attributes. */
+// private Vector extendedSamlAttributes = new Vector();
+//
+// /** the class which processes the user input */
+// private ParepInputProcessor inputProcessor = null;
+//
+// /** The form if user input is necessary */
+// private String form = null;
+//
+// /** unspecified error of parep-validator (must not know more about)*/
+// private final static String COMMON_ERROR = "Es ist ein Fehler bei der �berpr�fung f�r berufsm��ige Parteienvetretung aufgetreten";
+//
+// /** Default class to gather remaining mandator data. */
+// public final static String PAREP_INPUT_PROCESSOR = "at.gv.egovernment.moa.id.auth.validator.parep.ParepInputProcessorImpl";
+//
+// /** Default template to gather remaining mandator data. */
+// public final static String PAREP_INPUT_TEMPLATE = "/resources/templates/ParepMinTemplate.html";
+//
+// /** kind of representation text in AUTH block*/
+// public final static String STANDARD_REPRESENTATION_TEXT = "berufsm��ige(r) Parteienvertreter(in)";
+//
+// /** Names of the produced SAML-attributes. */
+// public final static String EXT_SAML_MANDATE_RAW = "Mandate";
+// public final static String EXT_SAML_MANDATE_NAME = "MandatorName";
+// public final static String EXT_SAML_MANDATE_DOB = "MandatorDateOfBirth";
+// public final static String EXT_SAML_MANDATE_WBPK = "MandatorWbpk";
+// public final static String EXT_SAML_MANDATE_REPRESENTATIONTYPE = "RepresentationType";
+// public final static String EXT_SAML_MANDATE_OIDTEXTUALDESCRIPTION = "OIDTextualDescription";
+// public final static String EXT_SAML_MANDATE_OID = "OID";
+//
+// /** */
+// public final static String EXT_SAML_MANDATE_REPRESENTATIONTEXT = "Vollmachtsvertreter";
+//
+// /** register and register number for non physical persons - the domain identifier for business applications*/
+// public final static String EXT_SAML_MANDATE_CB_BASE_ID = "MandatorDomainIdentifier";
+//
+// /**
+// * Parses the XML configuration element and creates the validators configuration
+// * Use this function if you want to preconfigure the validator.
+// *
+// * @param configElem
+// * the XML configuration element to parse.
+// * @throws ConfigurationException
+// * if an error occurs during the configuration process
+// */
+// public void Configure(Element configElem) throws ConfigurationException {
+// if (this.parepConfiguration == null) {
+// Logger.debug("Lade Konfiguration.");
+// parepConfiguration = new ParepConfiguration(configElem);
+// Logger.debug("Konfiguration erfolgreich geladen.");
+// }
+// }
+//
+// /*
+// * (non-Javadoc)
+// *
+// * @see at.gv.egovernment.moa.id.auth.validator.InfoboxValidator#validate(at.gv.egovernment.moa.id.auth.data.InfoboxValidatorParams)
+// */
+// public InfoboxValidationResult validate(InfoboxValidatorParams params) throws ValidateException {
+//
+// InfoboxValidationResultImpl validationResult = new InfoboxValidationResultImpl(false, null, null);
+//
+// try {
+// Logger.debug("Starte Organwalter-/berufsmäßige Parteienvertreterprüfung.");
+// this.params = params;
+//
+// Element mandate = extractPrimaryToken(this.params.getInfoboxTokenList());
+// // ParepUtils.serializeElement(mandate, System.out);
+// this.representationID = ParepUtils.extractRepresentativeID(mandate);
+// if (ParepUtils.isEmpty(representationID)) {
+// validationResult.setErrorMessage("Fehlende oder falsche MandateID in standardisierter Vollmacht");
+// return validationResult;
+// }
+//
+// // überprüfen der Identifikation (Type/Value).
+// String identificationType = this.params.getIdentificationType();
+// String identificationValue = this.params.getIdentificationValue();
+// if (this.params.getBusinessApplication()) {
+// if (representationID.startsWith(MOAIDAuthConstants.PARTY_ORGAN_REPRESENTATION_OID_NUMBER)) {
+// validationResult.setErrorMessage("Eine Vertretung durch Organwalter im privatwirtschaftlichen Bereich ist nicht vorgesehen.");
+// return validationResult;
+//
+// } else {
+// Logger.debug("Parteienvertreter wird mit wbPK identifiziert");
+// }
+// } else {
+// if (representationID.startsWith(MOAIDAuthConstants.PARTY_ORGAN_REPRESENTATION_OID_NUMBER)) {
+// //Für Organwalter wird die Stammzahl zur Berechnung der Organwalter-bPK benötigt
+// if (!Constants.URN_PREFIX_BASEID.equals(this.params.getIdentificationType())) {
+// Logger.error("Für eine Vertretung durch Organwalter ist es notwendig dessen Stammzahl an das Stammzahlenregister-Gateway zu �bermitteln. In der MOA-ID Konfiguration muss die �bermittlung Stammzahl aktiviert sein.");
+// validationResult.setErrorMessage("Die standardisierte Vollmacht wird von diesem Server nicht akzeptiert.");
+// return validationResult;
+// } else {
+// Logger.debug("Organwalter wird mit Stammzahl identifiziert");
+// }
+// } else {
+// if (Constants.URN_PREFIX_BASEID.equals(this.params.getIdentificationType())) {
+// // bPK berechnen, da dem SZR-Gateway das Target nicht bekannt ist
+// identificationType = Constants.URN_PREFIX_CDID;
+// String bpkBase64 = new BPKBuilder().buildBPK(this.params.getIdentificationValue(), this.params.getTarget());
+// identificationValue = bpkBase64;
+// Logger.debug("bPK für Parteienvertreter wurde berechnet. Parteienvertreter wird mit bPK identifiziert");
+// } else {
+// Logger.debug("Parteienvertreter wird mit bPK identifiziert");
+// }
+// }
+// }
+//
+// Configure(this.params.getApplicationSpecificParams());
+// // check if we have a configured party representative for that
+// if (!parepConfiguration.isPartyRepresentative(representationID)) {
+// Logger.info("Kein berufsmäßiger Parteienvertreter für MandateID \"" + representationID + "\" konfiguriert.");
+// validationResult.setErrorMessage("Die standardisierte Vollmacht wird von diesem Server nicht akzeptiert.");
+// return validationResult;
+// }
+//
+// // Vertreter
+// this.request = new CreateMandateRequest();
+// request.setRepresentative(this.params, identificationType, identificationValue);
+// // ParepUtils.serializeElement(request.getRepresentative(), System.out);
+// //ParepUtils.saveElementToFile(request.getRepresentative(), new File("c:/representative.xml"));
+//
+// Logger.debug("Prüfe vorausgefüllte Daten...");
+// boolean physical = true;
+// String familyName = "";
+// String givenName = "";
+// String dateOfBirth = "";
+// String cbFullName = "";
+// String cbIdentificationType = "";
+// String cbIdentificationValue = "";
+// String postalCode = "";
+// String municipality = "";
+// String streetName = "";
+// String buildingNumber = "";
+// String unit = "";
+//
+// boolean formNecessary = false;
+// // Vertretener (erstes Vorkommen)
+// Element mandator = ParepUtils.extractMandator(mandate);
+// if (mandator != null) {
+// // ParepUtils.serializeElement(mandator, System.out);
+// // ParepUtils.saveElementToFile(mandator, new File("c:/mandator.xml"));
+// if (ParepUtils.isPhysicalPerson(mandator)) {
+// familyName = ParepUtils.extractText(mandator, "descendant-or-self::pr:Name/pr:FamilyName/text()");
+// givenName = ParepUtils.extractText(mandator, "descendant-or-self::pr:Name/pr:GivenName/text()");
+// dateOfBirth = ParepUtils.extractMandatorDateOfBirth(mandator);
+// } else {
+// physical = false;
+// cbFullName = ParepUtils.extractMandatorFullName(mandator);
+// cbIdentificationType = ParepUtils.getIdentification(mandator, "Type");
+// cbIdentificationValue = ParepUtils.extractMandatorWbpk(mandator);
+// }
+// postalCode = ParepUtils.extractText(mandator, "descendant-or-self::pr:PostalAddress/pr:PostalCode/text()");
+// municipality = ParepUtils.extractText(mandator, "descendant-or-self::pr:PostalAddress/pr:Municipality/text()");
+// streetName = ParepUtils.extractText(mandator, "descendant-or-self::pr:PostalAddress/pr:DeliveryAddress/pr:StreetName/text()");
+// buildingNumber = ParepUtils.extractText(mandator, "descendant-or-self::pr:PostalAddress/pr:DeliveryAddress/pr:BuildingNumber/text()");
+// unit = ParepUtils.extractText(mandator, "descendant-or-self::pr:PostalAddress/pr:DeliveryAddress/pr:Unit/text()");
+//
+// }
+// if (physical) {
+// if (!parepConfiguration.isRepresentingPhysicalParty(representationID)) {
+// validationResult.setErrorMessage("Vertretung von natürlichen Personen für diese standardisierte Vollmacht nicht erlaubt.");
+// return validationResult;
+// }
+// if (ParepUtils.isEmpty(familyName) || ParepUtils.isEmpty(givenName) || ParepUtils.isEmpty(dateOfBirth)) {
+// formNecessary = true;
+// }
+// } else {
+// if (!parepConfiguration.isRepresentingCorporateParty(representationID)) {
+// validationResult.setErrorMessage("Vertretung von juristischen Personen für diese standardisierte Vollmacht nicht erlaubt.");
+// return validationResult;
+// }
+// if (ParepUtils.isEmpty(cbFullName) || ParepUtils.isEmpty(cbIdentificationType) || ParepUtils.isEmpty(cbIdentificationValue)) {
+// formNecessary = true;
+// }
+// }
+//
+// //Zeigen wir, dass die Daten �bernommen wurden:
+// if (parepConfiguration.isAlwaysShowForm()) formNecessary=true;
+//
+// // Input processor
+// this.form = "";
+// if (formNecessary) {
+// ParepInputProcessor inputProcessor= getInputProcessor();
+// this.form = inputProcessor.start(
+// physical, familyName, givenName, dateOfBirth, streetName, buildingNumber, unit, postalCode, municipality,
+// cbFullName, cbIdentificationType, cbIdentificationValue);
+// if (this.form == null) {
+// validationResult.setErrorMessage(ParepValidator.COMMON_ERROR);
+// return validationResult;
+// }
+// } else {
+// // Request vorbereiten mit vorgegebenen Daten
+// request.setMandator(familyName, givenName, dateOfBirth, postalCode, municipality, streetName, buildingNumber, unit, physical, cbFullName,
+// cbIdentificationType, cbIdentificationValue);
+// }
+//
+//
+// // ParepUtils.serializeElement(request.getMandator(), System.out);
+// // ParepUtils.saveElementToFile(request.getMandator(), new File("c:/mandator.xml"));
+//
+// addAuthBlockExtendedSamlAttributes();
+// validationResult.setExtendedSamlAttributes(getExtendedSamlAttributes());
+// Logger.debug("�berpr�fung der vertretenen Partei erfolgreich beendet");
+// validationResult.setValid(true);
+// return validationResult;
+// } catch (Exception e) {
+// e.printStackTrace();
+// Logger.info(e);
+// validationResult.setErrorMessage(ParepValidator.COMMON_ERROR);
+// return validationResult;
+// }
+// }
+//
+// /*
+// * (non-Javadoc)
+// *
+// * @see at.gv.egovernment.moa.id.auth.validator.InfoboxValidator#validate(java.util.Map)
+// */
+// public InfoboxValidationResult validate(Map parameters) throws ValidateException {
+//
+// InfoboxValidationResultImpl validationResult = new InfoboxValidationResultImpl(false, null, null);
+// Logger.debug("Intermediate processing von Organwalter-/berufsmäßige Parteienvertreterprüfung");
+// Logger.debug("Prüfe im Formular ausgefüllte Daten...");
+// if (PAREP_DEBUG) Logger.debug("Got parameters from user input form: " + parameters.toString());
+//
+// // Input processor
+// ParepInputProcessor inputProcessor= getInputProcessor();
+// this.form = inputProcessor.validate(parameters, null);
+// if (this.form == null) {
+// validationResult.setErrorMessage(ParepValidator.COMMON_ERROR);
+// return validationResult;
+// }
+//
+// addAuthBlockExtendedSamlAttributes();
+// validationResult.setExtendedSamlAttributes(getExtendedSamlAttributes());
+// validationResult.setValid(true);
+// Logger.debug("Intermediate processing von Organwalter-/berufsmäßige Parteienvertreterprüfung erfolgreich beendet");
+// return validationResult;
+// }
+//
+// /*
+// * (non-Javadoc)
+// *
+// * @see at.gv.egovernment.moa.id.auth.validator.InfoboxValidator#validate(org.w3c.dom.Element)
+// */
+// public InfoboxValidationResult validate(Element samlAssertion) throws ValidateException {
+//
+// InfoboxValidationResultImpl validationResult = new InfoboxValidationResultImpl(false, null, null);
+// Logger.debug("Post processing von Organwalter-/berufsm��ige Parteienvertreterpr�fung");
+// this.form = "";
+// try {
+//
+//
+// request.setSignature(samlAssertion);
+//
+////DPO debug
+//// Element mandate = (ParepUtils.readDocFromIs(new FileInputStream("c:/vertetervollmacht_1.2.40.0.10.3.1_origin-fixed.xml"))).getDocumentElement();
+//// String id = representationID;
+//// CreateMandateResponse response;
+//// if (true) {
+//// if (this.params.getHideStammzahl()) {
+//// if (PAREP_DEBUG) ParepUtils.saveElementToFile(mandate, new File("c:/vertetervollmacht_"+ id +"_origin.xml"));
+//// // Achtung: Es wird hier nicht spezifikationskonform vorgegangen, damit im Kompatibilit�tsmodus Personendaten ersetzt werden k�nnen.
+//// // W�rden die Stammzahlen gel�scht (geblindet) werden, w�rde der Identifikationswert des Vertretenen g�nzlich fehlen.
+//// // Im Falle einen business Anwendung berechnet MOA-ID nach R�ckkehr das wbPK
+//// ParepUtils.HideStammZahlen(mandate, this.params.getBusinessApplication(), this.params.getTarget(), this.params.getDomainIdentifier(), false);
+//// }
+//// if (PAREP_DEBUG) ParepUtils.saveElementToFile(mandate, new File("c:/vertetervollmacht_"+ id +".xml"));
+//
+// //ParepUtils.serializeElement(request.toElement(), System.out);
+// if (PAREP_DEBUG) ParepUtils.saveElementToFile(request.toElement(), new File("c:/gwrequest.xml"));
+//
+// // configure szrgw client
+// Logger.debug("Lade SZR-GW Client.");
+// SZRGWClient client = new SZRGWClient();
+// // System.out.println("Parameters: " + cfg.getConnectionParameters());
+// Logger.debug("Initialisiere Verbindung...");
+// ConnectionParameter connectionParameters = parepConfiguration.getConnectionParameters(representationID);
+// // Logger.debug("Connection Parameters: " + connectionParameters);
+// Logger.debug("SZR-GW URL: " + connectionParameters.getUrl());
+// client.setAddress(connectionParameters.getUrl());
+// if (connectionParameters.getUrl().toLowerCase().startsWith("https:")) {
+// Logger.debug("Initialisiere SSL Verbindung");
+// client.setSSLSocketFactory(SSLUtils.getSSLSocketFactory(AuthConfigurationProvider.getInstance(), connectionParameters));
+// }
+//
+// Logger.debug("Starte Kommunikation mit dem Stammzahlenregister Gateway...");
// CreateMandateResponse response;
-// if (true) {
+// Element requ = request.toElement();
+// try {
+// response = client.createMandateResponse(requ);
+// } catch (SZRGWClientException e) {
+// // give him a second try - Nach dem Starten des Tomcat wird beim ersten Mal das Client-Zertifikat offenbar vom HTTPClient nicht mitgeschickt.
+// client = new SZRGWClient(connectionParameters.getUrl());
+// if (connectionParameters.getUrl().toLowerCase().startsWith("https:")) client.setSSLSocketFactory(SSLUtils.getSSLSocketFactory(AuthConfigurationProvider.getInstance(), connectionParameters));
+// response = client.createMandateResponse(requ);
+// }
+// Logger.debug("SZR-Gateway Response Code: " + response.getResultCode()+ " " + response.getInfo()!=null ? response.getInfo():"");
+// if (response.getResultCode()==2000) {
+// if(response.getMandate()==null) {
+// Logger.error("Keine Vollmacht vom SZR-Gateway erhalten");
+// validationResult.setErrorMessage(ParepValidator.COMMON_ERROR);
+// return validationResult;
+// }
+//
+//
+// //DPO debug output (2lines)
+// String id = representationID;
+// if (id.equals("*")) id="standardisiert";
+//
+// Element mandate = response.getMandate();
+// // Replace Stammzahlen
+// if (PAREP_DEBUG) ParepUtils.saveElementToFile(response.getMandate(), new File("c:/vertetervollmacht_"+ id +"_origin.xml"));
// if (this.params.getHideStammzahl()) {
-// if (PAREP_DEBUG) ParepUtils.saveElementToFile(mandate, new File("c:/vertetervollmacht_"+ id +"_origin.xml"));
-// // Achtung: Es wird hier nicht spezifikationskonform vorgegangen, damit im Kompatibilitätsmodus Personendaten ersetzt werden können.
-// // Würden die Stammzahlen gelöscht (geblindet) werden, würde der Identifikationswert des Vertretenen gänzlich fehlen.
-// // Im Falle einen business Anwendung berechnet MOA-ID nach Rückkehr das wbPK
// ParepUtils.HideStammZahlen(mandate, this.params.getBusinessApplication(), this.params.getTarget(), this.params.getDomainIdentifier(), false);
+// if (PAREP_DEBUG) ParepUtils.saveElementToFile(mandate, new File("c:/vertetervollmacht_"+ id +"_hideStammzahl.xml"));
// }
-// if (PAREP_DEBUG) ParepUtils.saveElementToFile(mandate, new File("c:/vertetervollmacht_"+ id +".xml"));
-
- //ParepUtils.serializeElement(request.toElement(), System.out);
- if (PAREP_DEBUG) ParepUtils.saveElementToFile(request.toElement(), new File("c:/gwrequest.xml"));
-
- // configure szrgw client
- Logger.debug("Lade SZR-GW Client.");
- SZRGWClient client = new SZRGWClient();
- // System.out.println("Parameters: " + cfg.getConnectionParameters());
- Logger.debug("Initialisiere Verbindung...");
- ConnectionParameter connectionParameters = parepConfiguration.getConnectionParameters(representationID);
- // Logger.debug("Connection Parameters: " + connectionParameters);
- Logger.debug("SZR-GW URL: " + connectionParameters.getUrl());
- client.setAddress(connectionParameters.getUrl());
- if (connectionParameters.getUrl().toLowerCase().startsWith("https:")) {
- Logger.debug("Initialisiere SSL Verbindung");
- client.setSSLSocketFactory(SSLUtils.getSSLSocketFactory(AuthConfigurationProvider.getInstance(), connectionParameters));
- }
-
- Logger.debug("Starte Kommunikation mit dem Stammzahlenregister Gateway...");
- CreateMandateResponse response;
- Element requ = request.toElement();
- try {
- response = client.createMandateResponse(requ);
- } catch (SZRGWClientException e) {
- // give him a second try - Nach dem Starten des Tomcat wird beim ersten Mal das Client-Zertifikat offenbar vom HTTPClient nicht mitgeschickt.
- client = new SZRGWClient(connectionParameters.getUrl());
- if (connectionParameters.getUrl().toLowerCase().startsWith("https:")) client.setSSLSocketFactory(SSLUtils.getSSLSocketFactory(AuthConfigurationProvider.getInstance(), connectionParameters));
- response = client.createMandateResponse(requ);
- }
- Logger.debug("SZR-Gateway Response Code: " + response.getResultCode()+ " " + response.getInfo()!=null ? response.getInfo():"");
- if (response.getResultCode()==2000) {
- if(response.getMandate()==null) {
- Logger.error("Keine Vollmacht vom SZR-Gateway erhalten");
- validationResult.setErrorMessage(ParepValidator.COMMON_ERROR);
- return validationResult;
- }
-
-
- //DPO debug output (2lines)
- String id = representationID;
- if (id.equals("*")) id="standardisiert";
-
- Element mandate = response.getMandate();
- // Replace Stammzahlen
- if (PAREP_DEBUG) ParepUtils.saveElementToFile(response.getMandate(), new File("c:/vertetervollmacht_"+ id +"_origin.xml"));
- if (this.params.getHideStammzahl()) {
- ParepUtils.HideStammZahlen(mandate, this.params.getBusinessApplication(), this.params.getTarget(), this.params.getDomainIdentifier(), false);
- if (PAREP_DEBUG) ParepUtils.saveElementToFile(mandate, new File("c:/vertetervollmacht_"+ id +"_hideStammzahl.xml"));
- }
-
- extendedSamlAttributes.clear();
- // Vollmacht
- extendedSamlAttributes.add(new ExtendedSAMLAttributeImpl(ParepValidator.EXT_SAML_MANDATE_RAW, mandate, SZRGWConstants.MANDATE_NS, ExtendedSAMLAttribute.NOT_ADD_TO_AUTHBLOCK));
-
- validationResult.setExtendedSamlAttributes(getExtendedSamlAttributes());
- validationResult.setValid(true);
- Logger.debug("Post processing von Organwalter-/berufsmäßige Parteienvertreterprüfung erfolgreich beendet");
- } else {
- String errorMsg = "Fehler " + response.getResultCode() + " bei Stammzahlenregister-Gateway Anfrage";
- String responseInfo = response.getInfo();
- if (response.getResultCode()>=4000 && response.getResultCode()<4999) {
- if (!ParepUtils.isEmpty(responseInfo)) errorMsg = errorMsg + ": " + responseInfo;
- validationResult.setErrorMessage(errorMsg);
- } else if (response.getResultCode()>=5000 && response.getResultCode()<=5999) {
- // Person not found
- ParepInputProcessor inputProcessor= getInputProcessor();
- switch (response.getResultCode()) {
- case 5230:
- errorMsg = "Keine mit den Eingaben &uuml;bereinstimmende Person vorhanden. Bitte erg&auml;nzen/&auml;ndern Sie ihre Angaben.";
- break;
- case 5231:
- errorMsg = "Die Person konnte nicht eindeutig identifiziert werden. Es existieren mehrere Personen zu Ihrer Suchanfrage. Bitte erg&auml;nzen/&auml;ndern Sie ihre Angaben.";
- break;
- default:
- if (!ParepUtils.isEmpty(responseInfo)) errorMsg = errorMsg + ": " + responseInfo;
- }
- this.form = inputProcessor.validate(generateParameters(), errorMsg);
- if (this.form == null) {
- validationResult.setErrorMessage(ParepValidator.COMMON_ERROR);
- return validationResult;
- }
- validationResult.setValid(true);
- } else {
- // Do not inform the user too much
- Logger.error(errorMsg);
- validationResult.setErrorMessage(ParepValidator.COMMON_ERROR);
- }
-
- }
- return validationResult;
- } catch (Exception e) {
- e.printStackTrace();
- Logger.info(e);
- validationResult.setErrorMessage(ParepValidator.COMMON_ERROR);
- return validationResult;
- }
- }
-
- /**
- * provides the primary infobox token of the given list.
- *
- * @param infoBoxTokens
- * the list of infobox tokens.
- * @return
- * the XML element of the primary token.
- * @throws ValidateException
- * if an error occurs or list is not suitable.
- */
- public static Element extractPrimaryToken(List infoBoxTokens) throws ValidateException {
- if (infoBoxTokens == null || infoBoxTokens.size() == 0) {
- throw new ValidateException("validator.62", null);
- }
- for (int i = 0; i < infoBoxTokens.size(); i++) {
- InfoboxToken token = (InfoboxToken) infoBoxTokens.get(i);
- if (token.isPrimary()) {
- return token.getXMLToken();
- }
- }
- throw new ValidateException("validator.62", null);
- }
-
- /*
- * @see at.gv.egovernment.moa.id.auth.validator.InfoboxValidator#getExtendedSamlAttributes()
- */
- public ExtendedSAMLAttribute[] getExtendedSamlAttributes() {
- ExtendedSAMLAttribute[] ret = new ExtendedSAMLAttribute[extendedSamlAttributes.size()];
- extendedSamlAttributes.copyInto(ret);
- Logger.debug("ParepValidator ExtendedSAML Attributes: " + ret.length);
- return ret;
- }
-
-
- /**
- * @return The next pending user input form, which is "" if no form is to be shown, and null on errors.
- */
- public String getForm() {
- return this.form;
- }
-
- /**
- * Gets the user form input processor (class) assigned to the current party representative
- * If the method is called for the first time it initializes the input processor.
- *
- * @return The user form input processor
- */
- private ParepInputProcessor getInputProcessor() {
-
- if (this.inputProcessor!=null) return inputProcessor;
- String inputProcessorName = parepConfiguration.getInputProcessorClass(representationID);
- ParepInputProcessor inputProcessor = null;
- try {
- Class inputProcessorClass = Class.forName(inputProcessorName);
- inputProcessor= (ParepInputProcessor) inputProcessorClass.newInstance();
- inputProcessor.initialize(representationID, parepConfiguration, this.params.getFamilyName(), this.params.getGivenName(), this.params.getDateOfBirth(), request);
- } catch (Exception e) {
- Logger.error("Could not load input processor class \"" + inputProcessorName + "\": " + e.getMessage());
- }
- this.inputProcessor = inputProcessor;
- return inputProcessor;
- }
-
- /**
- * Generates the parameter list, which is needed to simulate a return from
- * an user form.
- *
- * @return the form parameters
- */
- private Map generateParameters() {
- Map parameters = new HashMap();
- boolean physical = true;
- String familyName = "";
- String givenName = "";
- String dateOfBirth = "";
- String cbFullName = "";
- String cbIdentificationType = "";
- String cbIdentificationValue = "";
- String postalCode = "";
- String municipality = "";
- String streetName = "";
- String buildingNumber = "";
- String unit = "";
-
- try {
- // Vertretener (erstes Vorkommen)
- Element mandator = request.getMandator();
- if (mandator != null) {
- if (ParepUtils.isPhysicalPerson(mandator)) {
- familyName = ParepUtils.extractText(mandator, "descendant-or-self::pr:Name/pr:FamilyName/text()");
- givenName = ParepUtils.extractText(mandator, "descendant-or-self::pr:Name/pr:GivenName/text()");
- dateOfBirth = ParepUtils.extractMandatorDateOfBirth(mandator);
- } else {
- physical = false;
- cbFullName = ParepUtils.extractMandatorFullName(mandator);
- cbIdentificationType = ParepUtils.getIdentification(mandator, "Type");
- cbIdentificationValue = ParepUtils.extractMandatorWbpk(mandator);
- }
- postalCode = ParepUtils.extractText(mandator, "descendant-or-self::pr:PostalAddress/pr:PostalCode/text()");
- municipality = ParepUtils.extractText(mandator, "descendant-or-self::pr:PostalAddress/pr:Municipality/text()");
- streetName = ParepUtils.extractText(mandator, "descendant-or-self::pr:PostalAddress/pr:DeliveryAddress/pr:StreetName/text()");
- buildingNumber = ParepUtils.extractText(mandator, "descendant-or-self::pr:PostalAddress/pr:DeliveryAddress/pr:BuildingNumber/text()");
- unit = ParepUtils.extractText(mandator, "descendant-or-self::pr:PostalAddress/pr:DeliveryAddress/pr:Unit/text()");
- }
- } catch (Exception e) {
- Logger.error("Could not extract Mandator form SZR-gateway request");
- }
- parameters.put("familyname_", familyName);
- parameters.put("givenname_", givenName);
- parameters.put("dateofbirth_", dateOfBirth);
- parameters.put("dobyear_", dateOfBirth.substring(0,4));
- parameters.put("dobmonth_", dateOfBirth.substring(5,7));
- parameters.put("dobday_", dateOfBirth.substring(8,10));
- parameters.put("physical_", physical ? "true" : "false");
- parameters.put("fullname_", cbFullName);
- parameters.put("cbidentificationtype_", cbIdentificationType);
- parameters.put("cbidentificationvalue_", cbIdentificationValue);
- parameters.put("postalcode_", postalCode);
- parameters.put("municipality_", municipality);
- parameters.put("streetname_", streetName);
- parameters.put("buildingnumber_", buildingNumber);
- parameters.put("unit_", unit);
- return parameters;
- }
-
- /**
- * Adds the AUTH block related SAML attributes to the validation result.
- * This is needed always before the AUTH block is to be signed, because the
- * name of the mandator has to be set
- */
- private void addAuthBlockExtendedSamlAttributes() {
- extendedSamlAttributes.clear();
- extendedSamlAttributes.add(new ExtendedSAMLAttributeImpl(ParepValidator.EXT_SAML_MANDATE_REPRESENTATIONTYPE, parepConfiguration.getRepresentationText(representationID), SZRGWConstants.MANDATE_NS, ExtendedSAMLAttribute.ADD_TO_AUTHBLOCK_ONLY));
- Element mandator = request.getMandator();
- // Name
- String name = ParepUtils.extractMandatorName(mandator);
- extendedSamlAttributes.add(new ExtendedSAMLAttributeImpl(ParepValidator.EXT_SAML_MANDATE_NAME, name, SZRGWConstants.MANDATE_NS, ExtendedSAMLAttribute.ADD_TO_AUTHBLOCK_ONLY));
- // Geburtsdatum
- String dob = ParepUtils.extractMandatorDateOfBirth(mandator);
- if (dob != null && !"".equals(dob)) {
- extendedSamlAttributes.add(new ExtendedSAMLAttributeImpl(ParepValidator.EXT_SAML_MANDATE_DOB, dob, SZRGWConstants.MANDATE_NS, ExtendedSAMLAttribute.ADD_TO_AUTHBLOCK_ONLY));
- }
- // (w)bpk
- String wbpk = ParepUtils.extractMandatorWbpk(mandator);
- if (!ParepUtils.isEmpty(wbpk)) {
- if (!ParepUtils.isPhysicalPerson(mandator)){
- String idType = ParepUtils.extractMandatorIdentificationType(mandator);
- if (!ParepUtils.isEmpty(idType) && idType.startsWith(Constants.URN_PREFIX_BASEID + "+X")) {
- extendedSamlAttributes.add(new ExtendedSAMLAttributeImpl(ParepValidator.EXT_SAML_MANDATE_CB_BASE_ID, ParepUtils.getRegisterString(idType) + ": " + wbpk, SZRGWConstants.MANDATE_NS, ExtendedSAMLAttribute.ADD_TO_AUTHBLOCK_ONLY));
- }
- } else if (this.params.getBusinessApplication()) {
- extendedSamlAttributes.add(new ExtendedSAMLAttributeImpl(ParepValidator.EXT_SAML_MANDATE_WBPK, wbpk, SZRGWConstants.MANDATE_NS, ExtendedSAMLAttribute.ADD_TO_AUTHBLOCK_ONLY));
- }
- }
- }
-
-// public static void main(String[] args) throws Exception {
+//
+// extendedSamlAttributes.clear();
+// // Vollmacht
+// extendedSamlAttributes.add(new ExtendedSAMLAttributeImpl(ParepValidator.EXT_SAML_MANDATE_RAW, mandate, SZRGWConstants.MANDATE_NS, ExtendedSAMLAttribute.NOT_ADD_TO_AUTHBLOCK));
+//
+// validationResult.setExtendedSamlAttributes(getExtendedSamlAttributes());
+// validationResult.setValid(true);
+// Logger.debug("Post processing von Organwalter-/berufsm��ige Parteienvertreterpr�fung erfolgreich beendet");
+// } else {
+// String errorMsg = "Fehler " + response.getResultCode() + " bei Stammzahlenregister-Gateway Anfrage";
+// String responseInfo = response.getInfo();
+// if (response.getResultCode()>=4000 && response.getResultCode()<4999) {
+// if (!ParepUtils.isEmpty(responseInfo)) errorMsg = errorMsg + ": " + responseInfo;
+// validationResult.setErrorMessage(errorMsg);
+// } else if (response.getResultCode()>=5000 && response.getResultCode()<=5999) {
+// // Person not found
+// ParepInputProcessor inputProcessor= getInputProcessor();
+// switch (response.getResultCode()) {
+// case 5230:
+// errorMsg = "Keine mit den Eingaben &uuml;bereinstimmende Person vorhanden. Bitte erg&auml;nzen/&auml;ndern Sie ihre Angaben.";
+// break;
+// case 5231:
+// errorMsg = "Die Person konnte nicht eindeutig identifiziert werden. Es existieren mehrere Personen zu Ihrer Suchanfrage. Bitte erg&auml;nzen/&auml;ndern Sie ihre Angaben.";
+// break;
+// default:
+// if (!ParepUtils.isEmpty(responseInfo)) errorMsg = errorMsg + ": " + responseInfo;
+// }
+// this.form = inputProcessor.validate(generateParameters(), errorMsg);
+// if (this.form == null) {
+// validationResult.setErrorMessage(ParepValidator.COMMON_ERROR);
+// return validationResult;
+// }
+// validationResult.setValid(true);
+// } else {
+// // Do not inform the user too much
+// Logger.error(errorMsg);
+// validationResult.setErrorMessage(ParepValidator.COMMON_ERROR);
+// }
+//
+// }
+// return validationResult;
+// } catch (Exception e) {
+// e.printStackTrace();
+// Logger.info(e);
+// validationResult.setErrorMessage(ParepValidator.COMMON_ERROR);
+// return validationResult;
+// }
+// }
+//
+// /**
+// * provides the primary infobox token of the given list.
+// *
+// * @param infoBoxTokens
+// * the list of infobox tokens.
+// * @return
+// * the XML element of the primary token.
+// * @throws ValidateException
+// * if an error occurs or list is not suitable.
+// */
+// public static Element extractPrimaryToken(List infoBoxTokens) throws ValidateException {
+// if (infoBoxTokens == null || infoBoxTokens.size() == 0) {
+// throw new ValidateException("validator.62", null);
+// }
+// for (int i = 0; i < infoBoxTokens.size(); i++) {
+// InfoboxToken token = (InfoboxToken) infoBoxTokens.get(i);
+// if (token.isPrimary()) {
+// return token.getXMLToken();
+// }
+// }
+// throw new ValidateException("validator.62", null);
+// }
+//
+// /*
+// * @see at.gv.egovernment.moa.id.auth.validator.InfoboxValidator#getExtendedSamlAttributes()
+// */
+// public ExtendedSAMLAttribute[] getExtendedSamlAttributes() {
+// ExtendedSAMLAttribute[] ret = new ExtendedSAMLAttribute[extendedSamlAttributes.size()];
+// extendedSamlAttributes.copyInto(ret);
+// Logger.debug("ParepValidator ExtendedSAML Attributes: " + ret.length);
+// return ret;
+// }
+//
+//
+// /**
+// * @return The next pending user input form, which is "" if no form is to be shown, and null on errors.
+// */
+// public String getForm() {
+// return this.form;
+// }
+//
+// /**
+// * Gets the user form input processor (class) assigned to the current party representative
+// * If the method is called for the first time it initializes the input processor.
+// *
+// * @return The user form input processor
+// */
+// private ParepInputProcessor getInputProcessor() {
+//
+// if (this.inputProcessor!=null) return inputProcessor;
+// String inputProcessorName = parepConfiguration.getInputProcessorClass(representationID);
+// ParepInputProcessor inputProcessor = null;
+// try {
+// Class inputProcessorClass = Class.forName(inputProcessorName);
+// inputProcessor= (ParepInputProcessor) inputProcessorClass.newInstance();
+// inputProcessor.initialize(representationID, parepConfiguration, this.params.getFamilyName(), this.params.getGivenName(), this.params.getDateOfBirth(), request);
+// } catch (Exception e) {
+// Logger.error("Could not load input processor class \"" + inputProcessorName + "\": " + e.getMessage());
+// }
+// this.inputProcessor = inputProcessor;
+// return inputProcessor;
+// }
+//
+// /**
+// * Generates the parameter list, which is needed to simulate a return from
+// * an user form.
+// *
+// * @return the form parameters
+// */
+// private Map generateParameters() {
+// Map parameters = new HashMap();
+// boolean physical = true;
+// String familyName = "";
+// String givenName = "";
+// String dateOfBirth = "";
+// String cbFullName = "";
+// String cbIdentificationType = "";
+// String cbIdentificationValue = "";
+// String postalCode = "";
+// String municipality = "";
+// String streetName = "";
+// String buildingNumber = "";
+// String unit = "";
+//
+// try {
+// // Vertretener (erstes Vorkommen)
+// Element mandator = request.getMandator();
+// if (mandator != null) {
+// if (ParepUtils.isPhysicalPerson(mandator)) {
+// familyName = ParepUtils.extractText(mandator, "descendant-or-self::pr:Name/pr:FamilyName/text()");
+// givenName = ParepUtils.extractText(mandator, "descendant-or-self::pr:Name/pr:GivenName/text()");
+// dateOfBirth = ParepUtils.extractMandatorDateOfBirth(mandator);
+// } else {
+// physical = false;
+// cbFullName = ParepUtils.extractMandatorFullName(mandator);
+// cbIdentificationType = ParepUtils.getIdentification(mandator, "Type");
+// cbIdentificationValue = ParepUtils.extractMandatorWbpk(mandator);
+// }
+// postalCode = ParepUtils.extractText(mandator, "descendant-or-self::pr:PostalAddress/pr:PostalCode/text()");
+// municipality = ParepUtils.extractText(mandator, "descendant-or-self::pr:PostalAddress/pr:Municipality/text()");
+// streetName = ParepUtils.extractText(mandator, "descendant-or-self::pr:PostalAddress/pr:DeliveryAddress/pr:StreetName/text()");
+// buildingNumber = ParepUtils.extractText(mandator, "descendant-or-self::pr:PostalAddress/pr:DeliveryAddress/pr:BuildingNumber/text()");
+// unit = ParepUtils.extractText(mandator, "descendant-or-self::pr:PostalAddress/pr:DeliveryAddress/pr:Unit/text()");
+// }
+// } catch (Exception e) {
+// Logger.error("Could not extract Mandator form SZR-gateway request");
+// }
+// parameters.put("familyname_", familyName);
+// parameters.put("givenname_", givenName);
+// parameters.put("dateofbirth_", dateOfBirth);
+// parameters.put("dobyear_", dateOfBirth.substring(0,4));
+// parameters.put("dobmonth_", dateOfBirth.substring(5,7));
+// parameters.put("dobday_", dateOfBirth.substring(8,10));
+// parameters.put("physical_", physical ? "true" : "false");
+// parameters.put("fullname_", cbFullName);
+// parameters.put("cbidentificationtype_", cbIdentificationType);
+// parameters.put("cbidentificationvalue_", cbIdentificationValue);
+// parameters.put("postalcode_", postalCode);
+// parameters.put("municipality_", municipality);
+// parameters.put("streetname_", streetName);
+// parameters.put("buildingnumber_", buildingNumber);
+// parameters.put("unit_", unit);
+// return parameters;
+// }
+//
+// /**
+// * Adds the AUTH block related SAML attributes to the validation result.
+// * This is needed always before the AUTH block is to be signed, because the
+// * name of the mandator has to be set
+// */
+// private void addAuthBlockExtendedSamlAttributes() {
+// extendedSamlAttributes.clear();
+// extendedSamlAttributes.add(new ExtendedSAMLAttributeImpl(ParepValidator.EXT_SAML_MANDATE_REPRESENTATIONTYPE, parepConfiguration.getRepresentationText(representationID), SZRGWConstants.MANDATE_NS, ExtendedSAMLAttribute.ADD_TO_AUTHBLOCK_ONLY));
+// Element mandator = request.getMandator();
+// // Name
+// String name = ParepUtils.extractMandatorName(mandator);
+// extendedSamlAttributes.add(new ExtendedSAMLAttributeImpl(ParepValidator.EXT_SAML_MANDATE_NAME, name, SZRGWConstants.MANDATE_NS, ExtendedSAMLAttribute.ADD_TO_AUTHBLOCK_ONLY));
+// // Geburtsdatum
+// String dob = ParepUtils.extractMandatorDateOfBirth(mandator);
+// if (dob != null && !"".equals(dob)) {
+// extendedSamlAttributes.add(new ExtendedSAMLAttributeImpl(ParepValidator.EXT_SAML_MANDATE_DOB, dob, SZRGWConstants.MANDATE_NS, ExtendedSAMLAttribute.ADD_TO_AUTHBLOCK_ONLY));
+// }
+// // (w)bpk
+// String wbpk = ParepUtils.extractMandatorWbpk(mandator);
+// if (!ParepUtils.isEmpty(wbpk)) {
+// if (!ParepUtils.isPhysicalPerson(mandator)){
+// String idType = ParepUtils.extractMandatorIdentificationType(mandator);
+// if (!ParepUtils.isEmpty(idType) && idType.startsWith(Constants.URN_PREFIX_BASEID + "+X")) {
+// extendedSamlAttributes.add(new ExtendedSAMLAttributeImpl(ParepValidator.EXT_SAML_MANDATE_CB_BASE_ID, ParepUtils.getRegisterString(idType) + ": " + wbpk, SZRGWConstants.MANDATE_NS, ExtendedSAMLAttribute.ADD_TO_AUTHBLOCK_ONLY));
+// }
+// } else if (this.params.getBusinessApplication()) {
+// extendedSamlAttributes.add(new ExtendedSAMLAttributeImpl(ParepValidator.EXT_SAML_MANDATE_WBPK, wbpk, SZRGWConstants.MANDATE_NS, ExtendedSAMLAttribute.ADD_TO_AUTHBLOCK_ONLY));
+// }
+// }
// }
+//
+//// public static void main(String[] args) throws Exception {
+//// }
}
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/validator/parep/config/ParepConfiguration.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/validator/parep/config/ParepConfiguration.java
index bc5a0e061..ee5a57914 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/validator/parep/config/ParepConfiguration.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/validator/parep/config/ParepConfiguration.java
@@ -49,386 +49,388 @@ import at.gv.egovernment.moa.util.Constants;
* @author <a href="mailto:peter.danner@egiz.gv.at">Peter Danner</a>
*/
public class ParepConfiguration {
-
- /**
- * System property for config file.
- */
- public final static String PAREP_VALIDATOR_CONFIG = "parep.validator.config";
-
- /**
- * SZR-GW connection parameters.
- */
- private ConnectionParameter standardConnectionParameters;
-
- /**
- * Input field processor.
- */
- private String standardInputProcessorClass;
-
- /**
- * Input field processor template.
- */
- private String standardInputProcessorTemplate;
-
- /**
- * Configured party representatives.
- */
- private HashMap partyRepresentatives;
-
- /**
- * The configuration element.
- */
- private Element configElement = null;
-
- /**
- * Defines whether the user input form must be shown on each
- * request or not (also predefined mandates)
- */
- private boolean alwaysShowForm = false;
-
- /**
- * The configuration base directory.
- */
- private String baseDir_;
-
- /**
- * Gets the SZR-GW connection parameters.
- *
- * @return the connection parameters.
- */
- public ConnectionParameter getConnectionParameters(String representationID) {
- if (partyRepresentatives == null || "*".equals(representationID))
- return standardConnectionParameters;
- PartyRepresentative pr = (PartyRepresentative) partyRepresentatives.get(representationID);
- ConnectionParameter connectionParameters = pr.getConnectionParameters();
- if (connectionParameters==null) connectionParameters = standardConnectionParameters;
- return connectionParameters;
- }
-
- /**
- * Sets the SZR-GW connection parameters for standard connection.
- *
- * @param connectionParameters
- * the connection parameters.
- */
- public void setStandardConnectionParameters(ConnectionParameter connectionParameters) {
- this.standardConnectionParameters = connectionParameters;
- }
-
- /*
- *
- */
- public String getFullDirectoryName(String fileString) {
- return makeAbsoluteURL(fileString, baseDir_);
- }
-
- /*
- *
- */
- private static String makeAbsoluteURL(String url, String root) {
- // if url is relative to rootConfigFileDirName make it absolute
-
- File keyFile;
- String newURL = url;
-
- if (null == url)
- return null;
-
- if (url.startsWith("http:/") || url.startsWith("https:/") || url.startsWith("ftp:/") || url.startsWith("file:/") || url.startsWith("file:\\")) {
- return url;
- } else {
- // check if absolute - if not make it absolute
- keyFile = new File(url);
- if (!keyFile.isAbsolute()) {
- keyFile = new File(root, url);
- newURL = keyFile.getPath();
- }
- return newURL;
- }
- }
-
- /**
- * Initializes the configuration with a given XML configuration element found
- * in the MOA-ID configuration.
- *
- * @param configElem
- * the configuration element.
- * @throws ConfigurationException
- * if an error occurs initializing the configuration.
- */
- public ParepConfiguration(Element configElem) throws ConfigurationException {
-
- partyRepresentatives = new HashMap();
- partyRepresentatives.put("*", new PartyRepresentative(true, true));
-
- String fileName = System.getProperty(ConfigurationProvider.CONFIG_PROPERTY_NAME);
-
- try {
-
- baseDir_ = (new File(fileName)).getParentFile().toURL().toString();
- Logger.trace("Config base directory: " + baseDir_);
- // check for configuration in system properties
- if (System.getProperty(PAREP_VALIDATOR_CONFIG) != null) {
- Document doc = ParepUtils.readDocFromIs(new FileInputStream(System.getProperty(PAREP_VALIDATOR_CONFIG)));
- this.configElement = doc.getDocumentElement();
- } else {
- this.configElement = configElem;
- }
- } catch (Exception e) {
- throw new ConfigurationException("Allgemeiner Fehler beim Einlesen der ParepValidatorConfiguration", null, e);
- }
- load();
- }
-
- /*
- *
- */
- private void load() throws ConfigurationException {
- Logger.debug("Parse ParepValidator Konfiguration");
- try {
- Element nameSpaceNode = configElement.getOwnerDocument().createElement("NameSpaceNode");
- nameSpaceNode.setAttribute("xmlns:" + Constants.MOA_ID_CONFIG_PREFIX, Constants.MOA_ID_CONFIG_NS_URI);
- // nameSpaceNode.setAttribute("xmlns:sgw",
- // SZRGWConstants.SZRGW_PROFILE_NS);
-
- Node inputProcessorNode = XPathAPI.selectSingleNode(configElement, Constants.MOA_ID_CONFIG_PREFIX + ":PartyRepresentation/"
- + Constants.MOA_ID_CONFIG_PREFIX + ":InputProcessor", nameSpaceNode);
- if (inputProcessorNode != null) {
- this.standardInputProcessorTemplate = ((Element) inputProcessorNode).getAttribute("template");
- Node inputProcessorClassNode = XPathAPI.selectSingleNode(configElement, Constants.MOA_ID_CONFIG_PREFIX + ":PartyRepresentation/"
- + Constants.MOA_ID_CONFIG_PREFIX + ":InputProcessor/text()", nameSpaceNode);
- if (inputProcessorClassNode != null) {
- this.standardInputProcessorClass = inputProcessorClassNode.getNodeValue();
- }
- }
- Node alwaysShowFormNode = XPathAPI.selectSingleNode(configElement, Constants.MOA_ID_CONFIG_PREFIX + ":PartyRepresentation/"
- + Constants.MOA_ID_CONFIG_PREFIX + ":AlwaysShowForm/text()", nameSpaceNode);
- if (alwaysShowFormNode != null) {
- this.setAlwaysShowForm(alwaysShowFormNode.getNodeValue());
- }
-
- // load connection parameters
- Logger.debug("Lade SZR-Gateway Standard Verbindungsparameter");
- Element connectionParamElement = (Element) XPathAPI.selectSingleNode(configElement, Constants.MOA_ID_CONFIG_PREFIX + ":PartyRepresentation/"
- + Constants.MOA_ID_CONFIG_PREFIX + ":ConnectionParameter", nameSpaceNode);
- if (connectionParamElement != null) {
- // parse connection parameters
- // ParepUtils.serializeElement(connectionParamElement, System.out);
- this.standardConnectionParameters = buildConnectionParameter(connectionParamElement, nameSpaceNode);
- }
-
- Logger.trace("Lade Konfiguration der Parteienvertreter");
- NodeList partyRepresentativeNodeList = XPathAPI.selectNodeList(configElement, Constants.MOA_ID_CONFIG_PREFIX + ":PartyRepresentation/"
- + Constants.MOA_ID_CONFIG_PREFIX + ":PartyRepresentative", nameSpaceNode);
- for (int i = 0; i < partyRepresentativeNodeList.getLength(); i++) {
-
- PartyRepresentative partyRepresentative = new PartyRepresentative();
-
- Element partyRepresentativeElement = (Element) partyRepresentativeNodeList.item(i);
- boolean representPhysicalParty = partyRepresentativeElement.getAttribute("representPhysicalParty").equalsIgnoreCase("true") ? true : false;
- boolean representCorporateParty = partyRepresentativeElement.getAttribute("representCorporateParty").equalsIgnoreCase("true") ? true : false;
- partyRepresentative.setOid(partyRepresentativeElement.getAttribute("oid"));
- partyRepresentative.setRepresentingPhysicalParty(representPhysicalParty);
- partyRepresentative.setRepresentingCorporateParty(representCorporateParty);
- partyRepresentative.setRepresentationText(partyRepresentativeElement.getAttribute("representationText"));
-
- Node inputProcessorSubNode = XPathAPI.selectSingleNode(partyRepresentativeElement, Constants.MOA_ID_CONFIG_PREFIX + ":InputProcessor", nameSpaceNode);
- if (inputProcessorSubNode != null) {
- partyRepresentative.setInputProcessorTemplate(((Element) inputProcessorSubNode).getAttribute("template"));
- Node inputProcessorClassSubNode = XPathAPI.selectSingleNode(partyRepresentativeElement, Constants.MOA_ID_CONFIG_PREFIX
- + ":InputProcessor/text()", nameSpaceNode);
- if (inputProcessorClassSubNode != null) {
- partyRepresentative.setInputProcessorClass(inputProcessorClassSubNode.getNodeValue());
- }
- }
-
- Element connectionParamSubElement = (Element) XPathAPI.selectSingleNode(partyRepresentativeElement, Constants.MOA_ID_CONFIG_PREFIX
- + ":ConnectionParameter", nameSpaceNode);
- if (connectionParamSubElement == null) {
- if (this.standardConnectionParameters == null) {
- throw new ConfigurationException("Fehler beim Parsen der ParepValidatorConfiguration: SZR-GW Verbindungsparameter zu Parteienvetreter "
- + partyRepresentative.getOid() + " fehlen.", null, null);
- }
- } else {
- // parse connection parameters
- // ParepUtils.serializeElement(connectionParamSubElement, System.out);
- partyRepresentative.setConnectionParameters(buildConnectionParameter(connectionParamSubElement, nameSpaceNode));
- }
- partyRepresentatives.put(partyRepresentative.getOid(), partyRepresentative);
- Logger.debug("Parteienvertreter: " + partyRepresentative.getOid() + " erfolgreich konfiguriert (representPhysicalParty="
- + partyRepresentative.isRepresentingPhysicalParty() + ", representCorporateParty=" + partyRepresentative.isRepresentingCorporateParty()
- + ", representationText=" + partyRepresentative.getRepresentationText()
- + ")");
- }
-
- Logger.debug("ParepValidator Konfiguration erfolgreich geparst.");
- } catch (Exception e) {
- throw new ConfigurationException("Allgemeiner Fehler beim Parsen der MandateValidatorConfiguration", null, e);
- }
- }
-
- /*
- *
- */
- private ConnectionParameter buildConnectionParameter(Element connParamElement, Element nameSpaceNode) throws ConfigurationException {
- try {
- ConnectionParameter connectionParameter = new ConnectionParameter();
-
- // parse connection url
- String URL = connParamElement.getAttribute("URL");
- connectionParameter.setUrl(URL);
-
- // accepted server certificates
- Node accServerCertsNode = XPathAPI.selectSingleNode(connParamElement, Constants.MOA_ID_CONFIG_PREFIX + ":AcceptedServerCertificates/text()",
- nameSpaceNode);
- if (accServerCertsNode != null) {
-
- String serverCertsDir = getFullDirectoryName(accServerCertsNode.getNodeValue());
- Logger.debug("Full directory name of accepted server certificates: " + serverCertsDir);
- connectionParameter.setAcceptedServerCertificates(serverCertsDir);
- }
-
- // client key store
- Node clientKeyStoreNode = XPathAPI.selectSingleNode(connParamElement, Constants.MOA_ID_CONFIG_PREFIX + ":ClientKeyStore/text()", nameSpaceNode);
- if (clientKeyStoreNode != null) {
- String clientKeystore = getFullDirectoryName(clientKeyStoreNode.getNodeValue());
- connectionParameter.setClientKeyStore(clientKeystore);
- }
-
- // client key store password
- Node clientKeyStorePasswordNode = XPathAPI.selectSingleNode(connParamElement, Constants.MOA_ID_CONFIG_PREFIX + ":ClientKeyStore/@password",
- nameSpaceNode);
- if (clientKeyStorePasswordNode != null) {
- connectionParameter.setClientKeyStorePassword(clientKeyStorePasswordNode.getNodeValue());
- }
-
- return connectionParameter;
- } catch (Exception e) {
- throw new ConfigurationException("Allgemeiner Fehler beim Parsen der ParepValidator ConnectionParameter.", null, e);
- }
- }
-
- public boolean isPartyRepresentative(String representationID) {
- if (partyRepresentatives == null)
- return false;
- PartyRepresentative pr = (PartyRepresentative) partyRepresentatives.get(representationID);
- return pr != null;
- }
-
- public boolean isRepresentingCorporateParty(String representationID) {
- if (partyRepresentatives == null) return false;
- PartyRepresentative pr = (PartyRepresentative) partyRepresentatives.get(representationID);
- if (pr == null) return false;
- return pr.isRepresentingCorporateParty();
- }
-
- public boolean isRepresentingPhysicalParty(String representationID) {
- if (partyRepresentatives == null) return false;
- PartyRepresentative pr = (PartyRepresentative) partyRepresentatives.get(representationID);
- if (pr == null) return false;
- return pr.isRepresentingPhysicalParty();
- }
-
- public String getRepresentationText(String representationID) {
- String result = ParepValidator.STANDARD_REPRESENTATION_TEXT;
- if (partyRepresentatives != null) {
- PartyRepresentative pr = (PartyRepresentative) partyRepresentatives.get(representationID);
- if (pr != null) {
- if (!ParepUtils.isEmpty(pr.getRepresentationText())) result = pr.getRepresentationText();
- }
- }
- return result;
- }
-
- /**
- * @return the input processor classname corresponding to <code>representationID</code>
- * @param representationID
- * the representation ID.
- */
- public String getInputProcessorClass(String representationID) {
- String inputProcessorClass = standardInputProcessorClass;
- if (ParepUtils.isEmpty(inputProcessorClass)) inputProcessorClass = ParepValidator.PAREP_INPUT_PROCESSOR;
- if (!(partyRepresentatives == null || "*".equals(representationID))) {
- PartyRepresentative pr = (PartyRepresentative) partyRepresentatives.get(representationID);
- if (pr!=null) {
- String prInputProcessorClass = pr.getInputProcessorClass();
- if (!ParepUtils.isEmpty(prInputProcessorClass)) inputProcessorClass = prInputProcessorClass;
- }
- }
- return inputProcessorClass;
- }
-
- /**
- * @param standardInputProcessorClass the standardInputProcessorClass to set
- */
- public void setStandardInputProcessorClass(String standardInputProcessorClass) {
- this.standardInputProcessorClass = standardInputProcessorClass;
- }
-
- /**
- * @return the InputProcessorTemplate
- */
- public String getInputProcessorTemplate(String representationID) {
- String inputProcessorTemplate = standardInputProcessorTemplate;
- if (ParepUtils.isEmpty(inputProcessorTemplate)) inputProcessorTemplate = ParepValidator.PAREP_INPUT_TEMPLATE;
- if (!(partyRepresentatives == null || "*".equals(representationID))) {
- PartyRepresentative pr = (PartyRepresentative) partyRepresentatives.get(representationID);
- if (pr!=null) {
- String prInputProcessorTemplate = pr.getInputProcessorTemplate();
- if (!ParepUtils.isEmpty(prInputProcessorTemplate)) inputProcessorTemplate = prInputProcessorTemplate;
- }
- }
- return inputProcessorTemplate;
- }
-
- /**
- * @param standardInputProcessorTemplate the standardInputProcessorTemplate to set
- */
- public void setStandardInputProcessorTemplate(String standardInputProcessorTemplate) {
- this.standardInputProcessorTemplate = standardInputProcessorTemplate;
- }
-
- /**
- * @return the alwaysShowForm
- */
- public boolean isAlwaysShowForm() {
- return alwaysShowForm;
- }
-
+
+
+ //TODO: check correctness!!!!
/**
- * @param alwaysShowForm the alwaysShowForm to set
- */
- public void setAlwaysShowForm(String alwaysShowForm) {
- if (ParepUtils.isEmpty(alwaysShowForm)) {
- this.alwaysShowForm = false;
- } else {
- this.alwaysShowForm = alwaysShowForm.equalsIgnoreCase("true");
- }
- }
-
- public static boolean isMandateCompatibilityMode(Element configElement) throws ConfigurationException {
- try {
- if (configElement==null) return false;
- Element nameSpaceNode = configElement.getOwnerDocument().createElement("NameSpaceNode");
- nameSpaceNode.setAttribute("xmlns:" + Constants.MOA_ID_CONFIG_PREFIX, Constants.MOA_ID_CONFIG_NS_URI);
- Node mandateCompatibilityNode = XPathAPI.selectSingleNode(configElement, Constants.MOA_ID_CONFIG_PREFIX + ":CompatibilityMode/text()", nameSpaceNode);
- if (mandateCompatibilityNode != null && !ParepUtils.isEmpty(mandateCompatibilityNode.getNodeValue())) {
- return mandateCompatibilityNode.getNodeValue().equalsIgnoreCase("true");
- }
- return false;
- } catch (Exception e) {
- throw new ConfigurationException("Allgemeiner Fehler beim Parsen des CompatibilityMode Parameters.", null, e);
- }
-
- }
-
-
-// public static void main(String[] args) throws Exception {
-// System.setProperty(PAREP_VALIDATOR_CONFIG, "c:/Doku/work/Organwalter/ConfigurationSnippetAppSpecific.xml");
-// System.setProperty("moa.id.configuration", "c:/workspace33moa/.metadata/.plugins/org.eclipse.wst.server.core/tmp0/conf/moa-id/SampleMOAWIDConfiguration_withTestBKsProxy.xml");
-// System.setProperty("log4j.configuration", "file:c:/workspace33moa/.metadata/.plugins/org.eclipse.wst.server.core/tmp0/conf/moa-id/log4j.properties");
-// Configuration cfg = new Configuration(null);
-// System.out.println(cfg.getInputProcessorClass("1.2.40.0.10.3.110"));
-//}
+// * System property for config file.
+// */
+// public final static String PAREP_VALIDATOR_CONFIG = "parep.validator.config";
+//
+// /**
+// * SZR-GW connection parameters.
+// */
+// private ConnectionParameter standardConnectionParameters;
+//
+// /**
+// * Input field processor.
+// */
+// private String standardInputProcessorClass;
+//
+// /**
+// * Input field processor template.
+// */
+// private String standardInputProcessorTemplate;
+//
+// /**
+// * Configured party representatives.
+// */
+// private HashMap partyRepresentatives;
+//
+// /**
+// * The configuration element.
+// */
+// private Element configElement = null;
+//
+// /**
+// * Defines whether the user input form must be shown on each
+// * request or not (also predefined mandates)
+// */
+// private boolean alwaysShowForm = false;
+//
+// /**
+// * The configuration base directory.
+// */
+// private String baseDir_;
+//
+// /**
+// * Gets the SZR-GW connection parameters.
+// *
+// * @return the connection parameters.
+// */
+// public ConnectionParameter getConnectionParameters(String representationID) {
+// if (partyRepresentatives == null || "*".equals(representationID))
+// return standardConnectionParameters;
+// PartyRepresentative pr = (PartyRepresentative) partyRepresentatives.get(representationID);
+// ConnectionParameter connectionParameters = pr.getConnectionParameters();
+// if (connectionParameters==null) connectionParameters = standardConnectionParameters;
+// return connectionParameters;
+// }
+//
+// /**
+// * Sets the SZR-GW connection parameters for standard connection.
+// *
+// * @param connectionParameters
+// * the connection parameters.
+// */
+// public void setStandardConnectionParameters(ConnectionParameter connectionParameters) {
+// this.standardConnectionParameters = connectionParameters;
+// }
+//
+// /*
+// *
+// */
+// public String getFullDirectoryName(String fileString) {
+// return makeAbsoluteURL(fileString, baseDir_);
+// }
+//
+// /*
+// *
+// */
+// private static String makeAbsoluteURL(String url, String root) {
+// // if url is relative to rootConfigFileDirName make it absolute
+//
+// File keyFile;
+// String newURL = url;
+//
+// if (null == url)
+// return null;
+//
+// if (url.startsWith("http:/") || url.startsWith("https:/") || url.startsWith("ftp:/") || url.startsWith("file:/") || url.startsWith("file:\\")) {
+// return url;
+// } else {
+// // check if absolute - if not make it absolute
+// keyFile = new File(url);
+// if (!keyFile.isAbsolute()) {
+// keyFile = new File(root, url);
+// newURL = keyFile.getPath();
+// }
+// return newURL;
+// }
+// }
+//
+// /**
+// * Initializes the configuration with a given XML configuration element found
+// * in the MOA-ID configuration.
+// *
+// * @param configElem
+// * the configuration element.
+// * @throws ConfigurationException
+// * if an error occurs initializing the configuration.
+// */
+// public ParepConfiguration(Element configElem) throws ConfigurationException {
+//
+// partyRepresentatives = new HashMap();
+// partyRepresentatives.put("*", new PartyRepresentative(true, true));
+//
+// String fileName = System.getProperty(ConfigurationProvider.CONFIG_PROPERTY_NAME);
+//
+// try {
+//
+// baseDir_ = (new File(fileName)).getParentFile().toURL().toString();
+// Logger.trace("Config base directory: " + baseDir_);
+// // check for configuration in system properties
+// if (System.getProperty(PAREP_VALIDATOR_CONFIG) != null) {
+// Document doc = ParepUtils.readDocFromIs(new FileInputStream(System.getProperty(PAREP_VALIDATOR_CONFIG)));
+// this.configElement = doc.getDocumentElement();
+// } else {
+// this.configElement = configElem;
+// }
+// } catch (Exception e) {
+// throw new ConfigurationException("Allgemeiner Fehler beim Einlesen der ParepValidatorConfiguration", null, e);
+// }
+// load();
+// }
+//
+// /*
+// *
+// */
+// private void load() throws ConfigurationException {
+// Logger.debug("Parse ParepValidator Konfiguration");
+// try {
+// Element nameSpaceNode = configElement.getOwnerDocument().createElement("NameSpaceNode");
+// nameSpaceNode.setAttribute("xmlns:" + Constants.MOA_ID_CONFIG_PREFIX, Constants.MOA_ID_CONFIG_NS_URI);
+// // nameSpaceNode.setAttribute("xmlns:sgw",
+// // SZRGWConstants.SZRGW_PROFILE_NS);
+//
+// Node inputProcessorNode = XPathAPI.selectSingleNode(configElement, Constants.MOA_ID_CONFIG_PREFIX + ":PartyRepresentation/"
+// + Constants.MOA_ID_CONFIG_PREFIX + ":InputProcessor", nameSpaceNode);
+// if (inputProcessorNode != null) {
+// this.standardInputProcessorTemplate = ((Element) inputProcessorNode).getAttribute("template");
+// Node inputProcessorClassNode = XPathAPI.selectSingleNode(configElement, Constants.MOA_ID_CONFIG_PREFIX + ":PartyRepresentation/"
+// + Constants.MOA_ID_CONFIG_PREFIX + ":InputProcessor/text()", nameSpaceNode);
+// if (inputProcessorClassNode != null) {
+// this.standardInputProcessorClass = inputProcessorClassNode.getNodeValue();
+// }
+// }
+// Node alwaysShowFormNode = XPathAPI.selectSingleNode(configElement, Constants.MOA_ID_CONFIG_PREFIX + ":PartyRepresentation/"
+// + Constants.MOA_ID_CONFIG_PREFIX + ":AlwaysShowForm/text()", nameSpaceNode);
+// if (alwaysShowFormNode != null) {
+// this.setAlwaysShowForm(alwaysShowFormNode.getNodeValue());
+// }
+//
+// // load connection parameters
+// Logger.debug("Lade SZR-Gateway Standard Verbindungsparameter");
+// Element connectionParamElement = (Element) XPathAPI.selectSingleNode(configElement, Constants.MOA_ID_CONFIG_PREFIX + ":PartyRepresentation/"
+// + Constants.MOA_ID_CONFIG_PREFIX + ":ConnectionParameter", nameSpaceNode);
+// if (connectionParamElement != null) {
+// // parse connection parameters
+// // ParepUtils.serializeElement(connectionParamElement, System.out);
+// this.standardConnectionParameters = buildConnectionParameter(connectionParamElement, nameSpaceNode);
+// }
+//
+// Logger.trace("Lade Konfiguration der Parteienvertreter");
+// NodeList partyRepresentativeNodeList = XPathAPI.selectNodeList(configElement, Constants.MOA_ID_CONFIG_PREFIX + ":PartyRepresentation/"
+// + Constants.MOA_ID_CONFIG_PREFIX + ":PartyRepresentative", nameSpaceNode);
+// for (int i = 0; i < partyRepresentativeNodeList.getLength(); i++) {
+//
+// PartyRepresentative partyRepresentative = new PartyRepresentative();
+//
+// Element partyRepresentativeElement = (Element) partyRepresentativeNodeList.item(i);
+// boolean representPhysicalParty = partyRepresentativeElement.getAttribute("representPhysicalParty").equalsIgnoreCase("true") ? true : false;
+// boolean representCorporateParty = partyRepresentativeElement.getAttribute("representCorporateParty").equalsIgnoreCase("true") ? true : false;
+// partyRepresentative.setOid(partyRepresentativeElement.getAttribute("oid"));
+// partyRepresentative.setRepresentingPhysicalParty(representPhysicalParty);
+// partyRepresentative.setRepresentingCorporateParty(representCorporateParty);
+// partyRepresentative.setRepresentationText(partyRepresentativeElement.getAttribute("representationText"));
+//
+// Node inputProcessorSubNode = XPathAPI.selectSingleNode(partyRepresentativeElement, Constants.MOA_ID_CONFIG_PREFIX + ":InputProcessor", nameSpaceNode);
+// if (inputProcessorSubNode != null) {
+// partyRepresentative.setInputProcessorTemplate(((Element) inputProcessorSubNode).getAttribute("template"));
+// Node inputProcessorClassSubNode = XPathAPI.selectSingleNode(partyRepresentativeElement, Constants.MOA_ID_CONFIG_PREFIX
+// + ":InputProcessor/text()", nameSpaceNode);
+// if (inputProcessorClassSubNode != null) {
+// partyRepresentative.setInputProcessorClass(inputProcessorClassSubNode.getNodeValue());
+// }
+// }
+//
+// Element connectionParamSubElement = (Element) XPathAPI.selectSingleNode(partyRepresentativeElement, Constants.MOA_ID_CONFIG_PREFIX
+// + ":ConnectionParameter", nameSpaceNode);
+// if (connectionParamSubElement == null) {
+// if (this.standardConnectionParameters == null) {
+// throw new ConfigurationException("Fehler beim Parsen der ParepValidatorConfiguration: SZR-GW Verbindungsparameter zu Parteienvetreter "
+// + partyRepresentative.getOid() + " fehlen.", null, null);
+// }
+// } else {
+// // parse connection parameters
+// // ParepUtils.serializeElement(connectionParamSubElement, System.out);
+// partyRepresentative.setConnectionParameters(buildConnectionParameter(connectionParamSubElement, nameSpaceNode));
+// }
+// partyRepresentatives.put(partyRepresentative.getOid(), partyRepresentative);
+// Logger.debug("Parteienvertreter: " + partyRepresentative.getOid() + " erfolgreich konfiguriert (representPhysicalParty="
+// + partyRepresentative.isRepresentingPhysicalParty() + ", representCorporateParty=" + partyRepresentative.isRepresentingCorporateParty()
+// + ", representationText=" + partyRepresentative.getRepresentationText()
+// + ")");
+// }
+//
+// Logger.debug("ParepValidator Konfiguration erfolgreich geparst.");
+// } catch (Exception e) {
+// throw new ConfigurationException("Allgemeiner Fehler beim Parsen der MandateValidatorConfiguration", null, e);
+// }
+// }
+//
+// /*
+// *
+// */
+// private ConnectionParameter buildConnectionParameter(Element connParamElement, Element nameSpaceNode) throws ConfigurationException {
+// try {
+// ConnectionParameter connectionParameter = new ConnectionParameter();
+//
+// // parse connection url
+// String URL = connParamElement.getAttribute("URL");
+// connectionParameter.setUrl(URL);
+//
+// // accepted server certificates
+// Node accServerCertsNode = XPathAPI.selectSingleNode(connParamElement, Constants.MOA_ID_CONFIG_PREFIX + ":AcceptedServerCertificates/text()",
+// nameSpaceNode);
+// if (accServerCertsNode != null) {
+//
+// String serverCertsDir = getFullDirectoryName(accServerCertsNode.getNodeValue());
+// Logger.debug("Full directory name of accepted server certificates: " + serverCertsDir);
+// connectionParameter.setAcceptedServerCertificates(serverCertsDir);
+// }
+//
+// // client key store
+// Node clientKeyStoreNode = XPathAPI.selectSingleNode(connParamElement, Constants.MOA_ID_CONFIG_PREFIX + ":ClientKeyStore/text()", nameSpaceNode);
+// if (clientKeyStoreNode != null) {
+// String clientKeystore = getFullDirectoryName(clientKeyStoreNode.getNodeValue());
+// connectionParameter.setClientKeyStore(clientKeystore);
+// }
+//
+// // client key store password
+// Node clientKeyStorePasswordNode = XPathAPI.selectSingleNode(connParamElement, Constants.MOA_ID_CONFIG_PREFIX + ":ClientKeyStore/@password",
+// nameSpaceNode);
+// if (clientKeyStorePasswordNode != null) {
+// connectionParameter.setClientKeyStorePassword(clientKeyStorePasswordNode.getNodeValue());
+// }
+//
+// return connectionParameter;
+// } catch (Exception e) {
+// throw new ConfigurationException("Allgemeiner Fehler beim Parsen der ParepValidator ConnectionParameter.", null, e);
+// }
+// }
+//
+// public boolean isPartyRepresentative(String representationID) {
+// if (partyRepresentatives == null)
+// return false;
+// PartyRepresentative pr = (PartyRepresentative) partyRepresentatives.get(representationID);
+// return pr != null;
+// }
+//
+// public boolean isRepresentingCorporateParty(String representationID) {
+// if (partyRepresentatives == null) return false;
+// PartyRepresentative pr = (PartyRepresentative) partyRepresentatives.get(representationID);
+// if (pr == null) return false;
+// return pr.isRepresentingCorporateParty();
+// }
+//
+// public boolean isRepresentingPhysicalParty(String representationID) {
+// if (partyRepresentatives == null) return false;
+// PartyRepresentative pr = (PartyRepresentative) partyRepresentatives.get(representationID);
+// if (pr == null) return false;
+// return pr.isRepresentingPhysicalParty();
+// }
+//
+// public String getRepresentationText(String representationID) {
+// String result = ParepValidator.STANDARD_REPRESENTATION_TEXT;
+// if (partyRepresentatives != null) {
+// PartyRepresentative pr = (PartyRepresentative) partyRepresentatives.get(representationID);
+// if (pr != null) {
+// if (!ParepUtils.isEmpty(pr.getRepresentationText())) result = pr.getRepresentationText();
+// }
+// }
+// return result;
+// }
+//
+// /**
+// * @return the input processor classname corresponding to <code>representationID</code>
+// * @param representationID
+// * the representation ID.
+// */
+// public String getInputProcessorClass(String representationID) {
+// String inputProcessorClass = standardInputProcessorClass;
+// if (ParepUtils.isEmpty(inputProcessorClass)) inputProcessorClass = ParepValidator.PAREP_INPUT_PROCESSOR;
+// if (!(partyRepresentatives == null || "*".equals(representationID))) {
+// PartyRepresentative pr = (PartyRepresentative) partyRepresentatives.get(representationID);
+// if (pr!=null) {
+// String prInputProcessorClass = pr.getInputProcessorClass();
+// if (!ParepUtils.isEmpty(prInputProcessorClass)) inputProcessorClass = prInputProcessorClass;
+// }
+// }
+// return inputProcessorClass;
+// }
+//
+// /**
+// * @param standardInputProcessorClass the standardInputProcessorClass to set
+// */
+// public void setStandardInputProcessorClass(String standardInputProcessorClass) {
+// this.standardInputProcessorClass = standardInputProcessorClass;
+// }
+//
+// /**
+// * @return the InputProcessorTemplate
+// */
+// public String getInputProcessorTemplate(String representationID) {
+// String inputProcessorTemplate = standardInputProcessorTemplate;
+// if (ParepUtils.isEmpty(inputProcessorTemplate)) inputProcessorTemplate = ParepValidator.PAREP_INPUT_TEMPLATE;
+// if (!(partyRepresentatives == null || "*".equals(representationID))) {
+// PartyRepresentative pr = (PartyRepresentative) partyRepresentatives.get(representationID);
+// if (pr!=null) {
+// String prInputProcessorTemplate = pr.getInputProcessorTemplate();
+// if (!ParepUtils.isEmpty(prInputProcessorTemplate)) inputProcessorTemplate = prInputProcessorTemplate;
+// }
+// }
+// return inputProcessorTemplate;
+// }
+//
+// /**
+// * @param standardInputProcessorTemplate the standardInputProcessorTemplate to set
+// */
+// public void setStandardInputProcessorTemplate(String standardInputProcessorTemplate) {
+// this.standardInputProcessorTemplate = standardInputProcessorTemplate;
+// }
+//
+// /**
+// * @return the alwaysShowForm
+// */
+// public boolean isAlwaysShowForm() {
+// return alwaysShowForm;
+// }
+//
+// /**
+// * @param alwaysShowForm the alwaysShowForm to set
+// */
+// public void setAlwaysShowForm(String alwaysShowForm) {
+// if (ParepUtils.isEmpty(alwaysShowForm)) {
+// this.alwaysShowForm = false;
+// } else {
+// this.alwaysShowForm = alwaysShowForm.equalsIgnoreCase("true");
+// }
+// }
+//
+// public static boolean isMandateCompatibilityMode(Element configElement) throws ConfigurationException {
+// try {
+// if (configElement==null) return false;
+// Element nameSpaceNode = configElement.getOwnerDocument().createElement("NameSpaceNode");
+// nameSpaceNode.setAttribute("xmlns:" + Constants.MOA_ID_CONFIG_PREFIX, Constants.MOA_ID_CONFIG_NS_URI);
+// Node mandateCompatibilityNode = XPathAPI.selectSingleNode(configElement, Constants.MOA_ID_CONFIG_PREFIX + ":CompatibilityMode/text()", nameSpaceNode);
+// if (mandateCompatibilityNode != null && !ParepUtils.isEmpty(mandateCompatibilityNode.getNodeValue())) {
+// return mandateCompatibilityNode.getNodeValue().equalsIgnoreCase("true");
+// }
+// return false;
+// } catch (Exception e) {
+// throw new ConfigurationException("Allgemeiner Fehler beim Parsen des CompatibilityMode Parameters.", null, e);
+// }
+//
+// }
+//
+//
+//// public static void main(String[] args) throws Exception {
+//// System.setProperty(PAREP_VALIDATOR_CONFIG, "c:/Doku/work/Organwalter/ConfigurationSnippetAppSpecific.xml");
+//// System.setProperty("moa.id.configuration", "c:/workspace33moa/.metadata/.plugins/org.eclipse.wst.server.core/tmp0/conf/moa-id/SampleMOAWIDConfiguration_withTestBKsProxy.xml");
+//// System.setProperty("log4j.configuration", "file:c:/workspace33moa/.metadata/.plugins/org.eclipse.wst.server.core/tmp0/conf/moa-id/log4j.properties");
+//// Configuration cfg = new Configuration(null);
+//// System.out.println(cfg.getInputProcessorClass("1.2.40.0.10.3.110"));
+////}
}
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/ConfigurationProvider.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/ConfigurationProvider.java
index fb1dc0293..bf4952113 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/ConfigurationProvider.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/ConfigurationProvider.java
@@ -81,7 +81,7 @@ public class ConfigurationProvider {
* A <code>Map</code> which contains the <code>IssuerAndSerial</code> to
* chaining mode (a <code>String</code>) mapping.
*/
- protected Map chainingModes;
+ protected Map<IssuerAndSerial, String> chainingModes;
/**
* the URL for the trusted CA Certificates
@@ -93,6 +93,10 @@ public class ConfigurationProvider {
*/
protected String rootConfigFileDir;
+ protected String certstoreDirectory;
+
+ protected boolean trustmanagerrevoationchecking;
+
/**
* Returns the main configuration file directory used to configure MOA-ID
*
@@ -148,5 +152,22 @@ public class ConfigurationProvider {
return trustedCACertificates;
}
+
+/**
+ * @return the certstoreDirectory
+ */
+public String getCertstoreDirectory() {
+ return certstoreDirectory;
+}
+
+/**
+ * @return the trustmanagerrevoationchecking
+ */
+public boolean isTrustmanagerrevoationchecking() {
+ return trustmanagerrevoationchecking;
+}
+
+
+
}
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/ConfigurationUtils.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/ConfigurationUtils.java
new file mode 100644
index 000000000..65fda8396
--- /dev/null
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/ConfigurationUtils.java
@@ -0,0 +1,36 @@
+package at.gv.egovernment.moa.id.config;
+
+import java.io.IOException;
+import java.io.UnsupportedEncodingException;
+import java.util.ArrayList;
+import java.util.List;
+
+import at.gv.egovernment.moa.id.commons.db.dao.config.TransformsInfoType;
+import at.gv.egovernment.moa.logging.Logger;
+import at.gv.egovernment.moa.util.Base64Utils;
+
+public class ConfigurationUtils {
+
+ public static List<String> getTransformInfos(List<TransformsInfoType> transformations) {
+ List<String> list = new ArrayList<String>();
+
+ for (TransformsInfoType e1 : transformations) {
+
+ try {
+ String transform = new String(e1.getTransformation(), "UTF-8");
+ String encoded = new String(Base64Utils.decode(transform, false), "UTF-8");
+ list.add(encoded);
+
+ } catch (UnsupportedEncodingException e) {
+ Logger.warn("Transformation can not be loaded. An encoding error ocurs");
+ return null;
+
+ } catch (IOException e) {
+ Logger.warn("Transformation can not be loaded from database.");
+ return null;
+ }
+ }
+ return list;
+ }
+
+}
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/ConnectionParameter.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/ConnectionParameter.java
index b1b90f40b..b358a31c9 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/ConnectionParameter.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/ConnectionParameter.java
@@ -1,130 +1,55 @@
-/*
- * Copyright 2003 Federal Chancellery Austria
- * MOA-ID has been developed in a cooperation between BRZ, the Federal
- * Chancellery Austria - ICT staff unit, and Graz University of Technology.
- *
- * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by
- * the European Commission - subsequent versions of the EUPL (the "Licence");
- * You may not use this work except in compliance with the Licence.
- * You may obtain a copy of the Licence at:
- * http://www.osor.eu/eupl/
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the Licence is distributed on an "AS IS" basis,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the Licence for the specific language governing permissions and
- * limitations under the Licence.
- *
- * This product combines work with different licenses. See the "NOTICE" text
- * file for details on the various modules and licenses.
- * The "NOTICE" text file is part of the distribution. Any derivative works
- * that you distribute must include a readable copy of the "NOTICE" text file.
- */
-
-
package at.gv.egovernment.moa.id.config;
-/**
- * This bean class is used to store data for various connectionParameter
- * within the MOA-ID configuration
- *
- * @author Stefan Knirsch
- * @version $Id$
- */
-public class ConnectionParameter {
-
- /**
- * Server URL
- */
- private String url;
- /**
- * File URL for a directory containing PKCS#12 server SSL certificates.
- * From these certificates, a X509 trust store will be assembled for use
- * by a JSSE <code>TrustManager</code>.
- * This field will only be used in case of an HTTPS URL.
- */
- private String acceptedServerCertificates;
- /**
- * File URL of a X509 key store containing the private key to be used
- * for an HTTPS connection when the server requires client authentication.
- * This field will only be used in case of an HTTPS URL.
- */
- private String clientKeyStore;
- /**
- * Password protecting the client key store.
- */
- private String clientKeyStorePassword;
-
- /**
- * Checks whether the URL scheme is <code>"https"</code>.
- * @return true in case of an URL starting with <code>"https"</code>
- */
+import java.util.Properties;
+
+import at.gv.egovernment.moa.id.commons.db.dao.config.ConnectionParameterClientAuthType;
+
+public abstract class ConnectionParameter {
+
+ protected static final String PROP_IDENTIFIER_KEYSTORE = "clientKeyStore";
+ protected static final String PROP_IDENTIFIER_KEYSTOREPASSWORD = "clientKeyStorePassword";
+ protected static final String PROP_IDENTIFIER_ACCEPEDSERVERCERTS = "acceptedServerCertificates";
+
+ protected ConnectionParameterClientAuthType database;
+ protected Properties prop;
+ protected String basedirectory;
+
+ public ConnectionParameter(ConnectionParameterClientAuthType database, Properties prop, String basedirectory) {
+ this.database = database;
+ this.prop = prop;
+ this.basedirectory = basedirectory;
+ }
+
+ /**
+ * Returns the acceptedServerCertificates.
+ * @return String
+ */
+ public abstract String getAcceptedServerCertificates();
+
+ /**
+ * Returns the clientKeyStore.
+ * @return String
+ */
+ public abstract String getClientKeyStore();
+
+ /**
+ * Returns the clientKeyStorePassword.
+ * @return String
+ */
+ public abstract String getClientKeyStorePassword();
+
+
public boolean isHTTPSURL() {
- return getUrl().indexOf("https") == 0;
+ if (database==null)
+ return false;
+ else
+ return database.getURL().indexOf("https") == 0;
+ }
+
+ public String getUrl() {
+ if (database == null)
+ return null;
+ else
+ return database.getURL();
}
-
- /**
- * Returns the url.
- * @return String
- */
- public String getUrl() {
- return url;
- }
-
- /**
- * Returns the acceptedServerCertificates.
- * @return String
- */
- public String getAcceptedServerCertificates() {
- return acceptedServerCertificates;
- }
-
- /**
- * Sets the acceptedServerCertificates.
- * @param acceptedServerCertificates The acceptedServerCertificates to set
- */
- public void setAcceptedServerCertificates(String acceptedServerCertificates) {
- this.acceptedServerCertificates = acceptedServerCertificates;
- }
-
- /**
- * Sets the url.
- * @param url The url to set
- */
- public void setUrl(String url) {
- this.url = url;
- }
-
- /**
- * Returns the clientKeyStore.
- * @return String
- */
- public String getClientKeyStore() {
- return clientKeyStore;
- }
-
- /**
- * Returns the clientKeyStorePassword.
- * @return String
- */
- public String getClientKeyStorePassword() {
- return clientKeyStorePassword;
- }
-
- /**
- * Sets the clientKeyStore.
- * @param clientKeyStore The clientKeyStore to set
- */
- public void setClientKeyStore(String clientKeyStore) {
- this.clientKeyStore = clientKeyStore;
- }
-
- /**
- * Sets the clientKeyStorePassword.
- * @param clientKeyStorePassword The clientKeyStorePassword to set
- */
- public void setClientKeyStorePassword(String clientKeyStorePassword) {
- this.clientKeyStorePassword = clientKeyStorePassword;
- }
-
}
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/ConnectionParameterForeign.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/ConnectionParameterForeign.java
new file mode 100644
index 000000000..41d6959b1
--- /dev/null
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/ConnectionParameterForeign.java
@@ -0,0 +1,41 @@
+package at.gv.egovernment.moa.id.config;
+
+import java.util.Properties;
+
+import at.gv.egovernment.moa.id.commons.db.dao.config.ConnectionParameterClientAuthType;
+import at.gv.egovernment.moa.util.MiscUtil;
+
+public class ConnectionParameterForeign extends ConnectionParameter{
+
+ private static final String MOASP_PROP_IDENTIFIER_PREFIX = "service.foreignidentities.";
+
+ public ConnectionParameterForeign(ConnectionParameterClientAuthType database,
+ Properties prop, String basedirectory) {
+ super(database, prop, basedirectory);
+ }
+
+ public String getAcceptedServerCertificates() {
+ String e1 = prop.getProperty(MOASP_PROP_IDENTIFIER_PREFIX+PROP_IDENTIFIER_ACCEPEDSERVERCERTS);
+ if (MiscUtil.isEmpty(e1))
+ return null;
+ else
+ return basedirectory + e1;
+ }
+
+ public String getClientKeyStore() {
+ String e1 = prop.getProperty(MOASP_PROP_IDENTIFIER_PREFIX+PROP_IDENTIFIER_KEYSTORE);
+ if (MiscUtil.isEmpty(e1))
+ return null;
+ else
+ return basedirectory + e1;
+ }
+
+ public String getClientKeyStorePassword() {
+ String e1 = prop.getProperty(MOASP_PROP_IDENTIFIER_PREFIX+PROP_IDENTIFIER_KEYSTOREPASSWORD);
+ if (MiscUtil.isEmpty(e1))
+ return null;
+ else
+ return e1;
+ }
+
+}
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/ConnectionParameterMOASP.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/ConnectionParameterMOASP.java
new file mode 100644
index 000000000..0e05633c8
--- /dev/null
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/ConnectionParameterMOASP.java
@@ -0,0 +1,42 @@
+package at.gv.egovernment.moa.id.config;
+
+import java.util.Properties;
+
+import at.gv.egovernment.moa.id.commons.db.dao.config.ConnectionParameterClientAuthType;
+import at.gv.egovernment.moa.util.MiscUtil;
+
+public class ConnectionParameterMOASP extends ConnectionParameter{
+
+ private static final String MOASP_PROP_IDENTIFIER_PREFIX = "service.moasp.";
+
+ public ConnectionParameterMOASP(ConnectionParameterClientAuthType database,
+ Properties prop, String basedirectory) {
+ super(database, prop, basedirectory);
+ }
+
+ public String getAcceptedServerCertificates() {
+ String e1 = prop.getProperty(MOASP_PROP_IDENTIFIER_PREFIX+PROP_IDENTIFIER_ACCEPEDSERVERCERTS);
+ if (MiscUtil.isEmpty(e1))
+ return null;
+ else
+ return basedirectory + e1;
+
+ }
+
+ public String getClientKeyStore() {
+ String e1 = prop.getProperty(MOASP_PROP_IDENTIFIER_PREFIX+PROP_IDENTIFIER_KEYSTORE);
+ if (MiscUtil.isEmpty(e1))
+ return null;
+ else
+ return basedirectory + e1;
+ }
+
+ public String getClientKeyStorePassword() {
+ String e1 = prop.getProperty(MOASP_PROP_IDENTIFIER_PREFIX+PROP_IDENTIFIER_KEYSTOREPASSWORD);
+ if (MiscUtil.isEmpty(e1))
+ return null;
+ else
+ return e1;
+ }
+
+}
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/ConnectionParameterMandate.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/ConnectionParameterMandate.java
new file mode 100644
index 000000000..00b393b92
--- /dev/null
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/ConnectionParameterMandate.java
@@ -0,0 +1,41 @@
+package at.gv.egovernment.moa.id.config;
+
+import java.util.Properties;
+
+import at.gv.egovernment.moa.id.commons.db.dao.config.ConnectionParameterClientAuthType;
+import at.gv.egovernment.moa.util.MiscUtil;
+
+public class ConnectionParameterMandate extends ConnectionParameter{
+
+ private static final String MOASP_PROP_IDENTIFIER_PREFIX = "service.onlinemandates.";
+
+ public ConnectionParameterMandate(ConnectionParameterClientAuthType database,
+ Properties prop, String basedirectory) {
+ super(database, prop, basedirectory);
+ }
+
+ public String getAcceptedServerCertificates() {
+ String e1 = prop.getProperty(MOASP_PROP_IDENTIFIER_PREFIX+PROP_IDENTIFIER_ACCEPEDSERVERCERTS);
+ if (MiscUtil.isEmpty(e1))
+ return null;
+ else
+ return basedirectory + e1;
+ }
+
+ public String getClientKeyStore() {
+ String e1 = prop.getProperty(MOASP_PROP_IDENTIFIER_PREFIX+PROP_IDENTIFIER_KEYSTORE);
+ if (MiscUtil.isEmpty(e1))
+ return null;
+ else
+ return basedirectory + e1;
+ }
+
+ public String getClientKeyStorePassword() {
+ String e1 = prop.getProperty(MOASP_PROP_IDENTIFIER_PREFIX+PROP_IDENTIFIER_KEYSTOREPASSWORD);
+ if (MiscUtil.isEmpty(e1))
+ return null;
+ else
+ return e1;
+ }
+
+}
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/OAParameter.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/OAParameter.java
index 56c97a802..c1715d6fc 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/OAParameter.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/OAParameter.java
@@ -24,6 +24,8 @@
package at.gv.egovernment.moa.id.config;
+import at.gv.egovernment.moa.id.commons.db.dao.config.OnlineApplication;
+
/**
* Configuration parameters belonging to an online application,
* to be used within both, the MOA ID Auth and the
@@ -33,6 +35,25 @@ package at.gv.egovernment.moa.id.config;
*/
public class OAParameter {
+ public OAParameter(OnlineApplication oa) {
+
+ this.oaType = oa.getType();
+
+ if (this.oaType.equals("businessService"))
+ this.businessService = true;
+ else
+ this.businessService = false;
+
+ this.publicURLPrefix = oa.getPublicURLPrefix();
+
+ this.friendlyName = oa.getFriendlyName();
+
+ this.target = oa.getTarget();
+
+ this.targetFriendlyName = oa.getTargetFriendlyName();
+
+ }
+
/**
* type of the online application (maybe "PublicService" or "BusinessService")
*/
@@ -63,102 +84,26 @@ public class OAParameter {
*/
private String targetFriendlyName;
- /**
- * Returns the type of the online application.
- * @return the type of the online application.
- */
- public String getOaType() {
- return oaType;
- }
-
- /**
- * Returns <code>true</code> is the OA is a businss application, otherwise
- * <code>false</code>.
- * @return <code>true</code> is the OA is a businss application, otherwise
- * <code>false</code>
- */
- public boolean getBusinessService() {
- return this.businessService;
- }
- /**
- * Returns the publicURLPrefix.
- * @return String
- */
- public String getPublicURLPrefix() {
- return publicURLPrefix;
- }
- /**
- *
- * Sets the type of the online application.
- * If the type is "businessService" the value of <code>businessService</code>
- * ({@link #getBusinessService()}) is also set to <code>true</code>
- * @param oaType The type of the online application.
- */
- public void setOaType(String oaType) {
- this.oaType = oaType;
- if ("businessService".equalsIgnoreCase(oaType)) {
- this.businessService = true;
- }
- }
+ public String getOaType() {
+ return oaType;
+ }
+ public boolean getBusinessService() {
+ return businessService;
+ }
+ public String getPublicURLPrefix() {
+ return publicURLPrefix;
+ }
+ public String getFriendlyName() {
+ return friendlyName;
+ }
+ public String getTarget() {
+ return target;
+ }
+ public String getTargetFriendlyName() {
+ return targetFriendlyName;
+ }
- /**
- * Sets the publicURLPrefix.
- * @param publicURLPrefix The publicURLPrefix to set
- */
- public void setPublicURLPrefix(String publicURLPrefix) {
- this.publicURLPrefix = publicURLPrefix;
- }
-
-
- /**
- * Gets the friendly name of the OA
- * @return Friendly Name of the OA
- */
- public String getFriendlyName() {
- return friendlyName;
- }
-
- /**
- * Sets the friendly name of the OA
- * @param friendlyName
- */
- public void setFriendlyName(String friendlyName) {
- this.friendlyName = friendlyName;
- }
-
- /**
- * Gets the target of the OA
- * @return target of the OA
- */
- public String getTarget() {
- return target;
- }
-
- /**
- * Sets the target of the OA
- * @param target
- */
- public void setTarget(String target) {
- this.target = target;
- }
-
- /**
- * Gets the target friendly name of the OA
- * @return target Friendly Name of the OA
- */
- public String getTargetFriendlyName() {
- return targetFriendlyName;
- }
-
- /**
- * Sets the target friendly name of the OA
- * @param targetFriendlyName
- */
- public void setTargetFriendlyName(String targetFriendlyName) {
- this.targetFriendlyName = targetFriendlyName;
- }
-
}
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/TargetsAndSectorNames.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/TargetsAndSectorNames.java
index 1fe8f13b6..a2962e4b2 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/TargetsAndSectorNames.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/TargetsAndSectorNames.java
@@ -30,7 +30,7 @@ package at.gv.egovernment.moa.id.config;
/**
* This interface contains all actual possible targets in Austria (shortcuts and friendly names)
- * Bereichskennung and Tätigkeitsbereich
+ * Bereichskennung and T�tigkeitsbereich
* @author bzwattendorfer
*
*/
@@ -38,178 +38,178 @@ public interface TargetsAndSectorNames {
/** Bereichskennung AR */
public static String TARGET_AR = "AR";
- /** Tätigkeitsbereich AR */
+ /** Tätigkeitsbereich AR */
public static String TARGET_AR_SECTOR = "Arbeit";
/** Bereichskennung AS */
public static String TARGET_AS = "AS";
- /** Tätigkeitsbereich AS */
+ /** Tätigkeitsbereich AS */
public static String TARGET_AS_SECTOR = "Amtliche Statistik";
/** Bereichskennung BF */
public static String TARGET_BF = "BF";
- /** Tätigkeitsbereich BF */
+ /** Tätigkeitsbereich BF */
public static String TARGET_BF_SECTOR = "Bildung und Forschung";
/** Bereichskennung BW */
public static String TARGET_BW = "BW";
- /** Tätigkeitsbereich BW */
+ /** Tätigkeitsbereich BW */
public static String TARGET_BW_SECTOR = "Bauen und Wohnen";
/** Bereichskennung EA */
public static String TARGET_EA = "EA";
- /** Tätigkeitsbereich EA */
- public static String TARGET_EA_SECTOR = "EU und Auswärtige Angelegenheiten";
+ /** Tätigkeitsbereich EA */
+ public static String TARGET_EA_SECTOR = "EU und Auswärtige Angelegenheiten";
/** Bereichskennung EF */
public static String TARGET_EF = "EF";
- /** Tätigkeitsbereich EF */
+ /** Tätigkeitsbereich EF */
public static String TARGET_EF_SECTOR = "Ein- und Ausfuhr";
/** Bereichskennung GH */
public static String TARGET_GH = "GH";
- /** Tätigkeitsbereich GH */
+ /** Tätigkeitsbereich GH */
public static String TARGET_GH_SECTOR = "Gesundheit";
/** Bereichskennung GS */
public static String TARGET_GS = "GS";
- /** Tätigkeitsbereich GS */
+ /** Tätigkeitsbereich GS */
public static String TARGET_GS_SECTOR = "Gesellschaft und Soziales";
/** Bereichskennung GS-RE */
public static String TARGET_GS_RE = "GS-RE";
- /** Tätigkeitsbereich GS-RE */
+ /** Tätigkeitsbereich GS-RE */
public static String TARGET_GS_RE_SECTOR = "Restitution";
/** Bereichskennung JR */
public static String TARGET_JR = "JR";
- /** Tätigkeitsbereich JR */
+ /** Tätigkeitsbereich JR */
public static String TARGET_JR_SECTOR = "Justiz/Zivilrechtswesen";
/** Bereichskennung KL */
public static String TARGET_KL = "KL";
- /** Tätigkeitsbereich KL */
+ /** Tätigkeitsbereich KL */
public static String TARGET_KL_SECTOR = "Kultus";
/** Bereichskennung KU */
public static String TARGET_KU = "KU";
- /** Tätigkeitsbereich KU */
+ /** Tätigkeitsbereich KU */
public static String TARGET_KU_SECTOR = "Kunst und Kultur";
/** Bereichskennung LF */
public static String TARGET_LF = "LF";
- /** Tätigkeitsbereich LF */
+ /** Tätigkeitsbereich LF */
public static String TARGET_LF_SECTOR = "Land- und Forstwirtschaft";
/** Bereichskennung LV */
public static String TARGET_LV = "LV";
- /** Tätigkeitsbereich LV */
+ /** Tätigkeitsbereich LV */
public static String TARGET_LV_SECTOR = "Landesverteidigung";
/** Bereichskennung RT */
public static String TARGET_RT = "RT";
- /** Tätigkeitsbereich RT */
+ /** Tätigkeitsbereich RT */
public static String TARGET_RT_SECTOR = "Rundfunk und sonstige " +
"Medien sowie Telekommunikation";
/** Bereichskennung SA */
public static String TARGET_SA = "SA";
- /** Tätigkeitsbereich SA */
+ /** Tätigkeitsbereich SA */
public static String TARGET_SA_SECTOR = "Steuern und Abgaben";
/** Bereichskennung SF */
public static String TARGET_SF = "SF";
- /** Tätigkeitsbereich SF */
+ /** Tätigkeitsbereich SF */
public static String TARGET_SF_SECTOR = "Sport und Freizeit";
/** Bereichskennung SO */
public static String TARGET_SO = "SO";
- /** Tätigkeitsbereich SO */
+ /** Tätigkeitsbereich SO */
public static String TARGET_SO_SECTOR = "Sicherheit und Ordnung";
/** Bereichskennung SO-VR */
public static String TARGET_SO_VR = "SO-VR";
- /** Tätigkeitsbereich SO-VR */
+ /** Tätigkeitsbereich SO-VR */
public static String TARGET_SO_VR_SECTOR = "Vereinsregister";
/** Bereichskennung SR-RG */
public static String TARGET_SR_RG = "SR-RG";
- /** Tätigkeitsbereich SR-RG */
+ /** Tätigkeitsbereich SR-RG */
public static String TARGET_SR_RG_SECTOR = "Strafregister";
/** Bereichskennung SV */
public static String TARGET_SV = "SV";
- /** Tätigkeitsbereich SV */
+ /** Tätigkeitsbereich SV */
public static String TARGET_SV_SECTOR = "Sozialversicherung";
/** Bereichskennung UW */
public static String TARGET_UW = "UW";
- /** Tätigkeitsbereich UW */
+ /** Tätigkeitsbereich UW */
public static String TARGET_UW_SECTOR = "Umwelt";
/** Bereichskennung VT */
public static String TARGET_VT = "VT";
- /** Tätigkeitsbereich VT */
+ /** Tätigkeitsbereich VT */
public static String TARGET_VT_SECTOR = "Verkehr und Technik";
/** Bereichskennung VV */
public static String TARGET_VV = "VV";
- /** Tätigkeitsbereich VV */
- public static String TARGET_VV_SECTOR = "Vermögensverwaltung";
+ /** Tätigkeitsbereich VV */
+ public static String TARGET_VV_SECTOR = "Vermögensverwaltung";
/** Bereichskennung WT */
public static String TARGET_WT = "WT";
- /** Tätigkeitsbereich WT */
+ /** Tätigkeitsbereich WT */
public static String TARGET_WT_SECTOR = "Wirtschaft";
/** Bereichskennung ZP */
public static String TARGET_ZP = "ZP";
- /** Tätigkeitsbereich ZP */
- public static String TARGET_ZP_SECTOR = "Personenidentität und Bürgerrechte (zur Person)";
+ /** Tätigkeitsbereich ZP */
+ public static String TARGET_ZP_SECTOR = "Personenidentität und Bürgerrechte (zur Person)";
/** Bereichskennung BR */
public static String TARGET_BR = "BR";
- /** Tätigkeitsbereich BR */
- public static String TARGET_BR_SECTOR = "Bereichsübergreifender Rechtsschutz";
+ /** Tätigkeitsbereich BR */
+ public static String TARGET_BR_SECTOR = "Bereichsübergreifender Rechtsschutz";
/** Bereichskennung HR */
public static String TARGET_HR = "HR";
- /** Tätigkeitsbereich HR */
+ /** Tätigkeitsbereich HR */
public static String TARGET_HR_SECTOR = "Zentrales Rechnungswesen";
/** Bereichskennung KI */
public static String TARGET_KI = "KI";
- /** Tätigkeitsbereich KI */
+ /** Tätigkeitsbereich KI */
public static String TARGET_KI_SECTOR = "Auftraggeberinterne allgemeine Kanzleiindizes";
/** Bereichskennung OI */
public static String TARGET_OI = "OI";
- /** Tätigkeitsbereich OI */
- public static String TARGET_OI_SECTOR = "Öffentlichkeitsarbeit";
+ /** Tätigkeitsbereich OI */
+ public static String TARGET_OI_SECTOR = "öffentlichkeitsarbeit";
/** Bereichskennung PV */
public static String TARGET_PV = "PV";
- /** Tätigkeitsbereich PV */
+ /** Tätigkeitsbereich PV */
public static String TARGET_PV_SECTOR = "Personalverwaltung";
/** Bereichskennung RD */
public static String TARGET_RD = "RD";
- /** Tätigkeitsbereich RD */
+ /** Tätigkeitsbereich RD */
public static String TARGET_RD_SECTOR = "Zentraler Rechtsdienst";
/** Bereichskennung VS */
public static String TARGET_VS = "VS";
- /** Tätigkeitsbereich VS */
- public static String TARGET_VS_SECTOR = "Zentrale Durchführung von Verwaltungsstrafverfahren";
+ /** Tätigkeitsbereich VS */
+ public static String TARGET_VS_SECTOR = "Zentrale Durchführung von Verwaltungsstrafverfahren";
/** Bereichskennung VS-RG */
public static String TARGET_VS_RG = "VS-RG";
- /** Tätigkeitsbereich VS-RG */
+ /** Tätigkeitsbereich VS-RG */
public static String TARGET_VS_RG_SECTOR = "Zentrales Verwaltungsstrafregister";
/** Bereichskennung ZU */
public static String TARGET_ZU = "ZU";
- /** Tätigkeitsbereich ZU */
+ /** Tätigkeitsbereich ZU */
public static String TARGET_ZU_SECTOR = "Zustellungen";
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/auth/AuthConfigurationProvider.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/auth/AuthConfigurationProvider.java
index b86b2ec68..55a20d558 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/auth/AuthConfigurationProvider.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/auth/AuthConfigurationProvider.java
@@ -24,29 +24,75 @@
package at.gv.egovernment.moa.id.config.auth;
-import java.io.BufferedInputStream;
+import iaik.security.cipher.AESKeyGenerator;
+import iaik.util.logging.Log;
+
import java.io.File;
import java.io.FileInputStream;
+import java.io.FileNotFoundException;
import java.io.IOException;
-import java.io.InputStream;
+import java.math.BigInteger;
import java.net.MalformedURLException;
+import java.security.NoSuchAlgorithmException;
+import java.security.NoSuchProviderException;
+import java.util.ArrayList;
+import java.util.HashMap;
import java.util.List;
-
-import org.w3c.dom.Element;
-import org.w3c.dom.Node;
-
-import eu.stork.vidp.messages.common.STORKBootstrap;
-
-import at.gv.egovernment.moa.id.config.ConfigurationBuilder;
+import java.util.Map;
+import java.util.Properties;
+
+import javax.crypto.Cipher;
+import javax.crypto.KeyGenerator;
+import javax.crypto.NoSuchPaddingException;
+import javax.xml.bind.JAXBContext;
+import javax.xml.bind.Marshaller;
+import javax.xml.bind.Unmarshaller;
+
+import org.hibernate.cfg.Configuration;
+
+
+import at.gv.egovernment.moa.id.auth.AuthenticationServer;
+import at.gv.egovernment.moa.id.commons.db.ConfigurationDBRead;
+import at.gv.egovernment.moa.id.commons.db.ConfigurationDBUtils;
+import at.gv.egovernment.moa.id.commons.db.MOASessionDBUtils;
+import at.gv.egovernment.moa.id.commons.db.dao.config.AuthComponentGeneral;
+import at.gv.egovernment.moa.id.commons.db.dao.config.ChainingModes;
+import at.gv.egovernment.moa.id.commons.db.dao.config.Contact;
+import at.gv.egovernment.moa.id.commons.db.dao.config.ForeignIdentities;
+import at.gv.egovernment.moa.id.commons.db.dao.config.IdentificationNumber;
+import at.gv.egovernment.moa.id.commons.db.dao.config.IdentityLinkSigners;
+import at.gv.egovernment.moa.id.commons.db.dao.config.LegacyAllowed;
+import at.gv.egovernment.moa.id.commons.db.dao.config.MOAIDConfiguration;
+import at.gv.egovernment.moa.id.commons.db.dao.config.MOASP;
+import at.gv.egovernment.moa.id.commons.db.dao.config.OnlineApplication;
+import at.gv.egovernment.moa.id.commons.db.dao.config.OnlineMandates;
+import at.gv.egovernment.moa.id.commons.db.dao.config.Organization;
+import at.gv.egovernment.moa.id.commons.db.dao.config.PVP2;
+import at.gv.egovernment.moa.id.commons.db.dao.config.Protocols;
+import at.gv.egovernment.moa.id.commons.db.dao.config.SLRequestTemplates;
+import at.gv.egovernment.moa.id.commons.db.dao.config.SSO;
+import at.gv.egovernment.moa.id.commons.db.dao.config.SecurityLayer;
+import at.gv.egovernment.moa.id.commons.db.dao.config.TimeOuts;
+import at.gv.egovernment.moa.id.commons.db.dao.config.TrustAnchor;
+import at.gv.egovernment.moa.id.commons.db.dao.config.VerifyAuthBlock;
+import at.gv.egovernment.moa.id.commons.db.dao.config.VerifyIdentityLink;
+import at.gv.egovernment.moa.id.commons.db.dao.session.AssertionStore;
+import at.gv.egovernment.moa.id.commons.db.dao.session.AuthenticatedSessionStore;
+import at.gv.egovernment.moa.id.commons.db.dao.session.OASessionStore;
+import at.gv.egovernment.moa.id.commons.db.dao.session.OldSSOSessionIDStore;
+import at.gv.egovernment.moa.id.config.legacy.BuildFromLegacyConfig;
import at.gv.egovernment.moa.id.config.ConfigurationException;
import at.gv.egovernment.moa.id.config.ConfigurationProvider;
+import at.gv.egovernment.moa.id.config.ConfigurationUtils;
import at.gv.egovernment.moa.id.config.ConnectionParameter;
+import at.gv.egovernment.moa.id.config.ConnectionParameterForeign;
+import at.gv.egovernment.moa.id.config.ConnectionParameterMOASP;
+import at.gv.egovernment.moa.id.config.ConnectionParameterMandate;
import at.gv.egovernment.moa.id.config.stork.STORKConfig;
+import at.gv.egovernment.moa.id.data.IssuerAndSerial;
import at.gv.egovernment.moa.logging.Logger;
-import at.gv.egovernment.moa.util.DOMUtils;
-import at.gv.egovernment.moa.util.FileUtils;
-import at.gv.egovernment.moa.util.StringUtils;
-import at.gv.egovernment.moa.util.XPathUtils;
+import at.gv.egovernment.moa.util.MiscUtil;
+import eu.stork.vidp.messages.common.STORKBootstrap;
/**
* A class providing access to the Auth Part of the MOA-ID configuration data.
@@ -113,89 +159,34 @@ public class AuthConfigurationProvider extends ConfigurationProvider {
//
// configuration data
//
+ private static MOAIDConfiguration moaidconfig = null;
- /**
- * configuration files containing transformations for rendering in the
- * secure viewer of the security layer implementation;
- * multiple files can be given for different mime types
- */
- private String[] transformsInfoFileNames;
+ private static Properties props = null;
- /**
- * transformations for rendering in the secure viewer of the security layer implementation,
- * read from {@link transformsInfoFileNames};
- * multiple transformation can be given for different mime types
- */
- private String[] transformsInfos;
+ private static STORKConfig storkconfig = null;
- /**
- * parameters for connection to MOA SP component
- */
- private ConnectionParameter moaSpConnectionParameter;
+ private static TimeOuts timeouts = null;
-
- /**
- * trust profile ID to be used for verifying the identity link signature via MOA ID SP
- */
- private String moaSpIdentityLinkTrustProfileID;
- /**
- * trust profile ID to be used for verifying the AUTH block signature via MOA ID SP
- */
- private String moaSpAuthBlockTrustProfileID;
- /**
- * transformations to be used for verifying the AUTH block signature via MOA ID SP
- */
- private String[] moaSpAuthBlockVerifyTransformsInfoIDs;
- /**
- * X509 SubjectNames which will be trusted
- */
- private List identityLinkX509SubjectNames;
- /**
- * default parameters for verifying additional infoboxes.
- */
- private VerifyInfoboxParameters defaultVerifyInfoboxParameters;
-
- /**
- * configuration parameters for online applications
- */
- private OAAuthParameter[] onlineApplicationAuthParameters;
- /**
- * the Selection Type of the bku Selection Element
- */
- private String bKUSelectionType;
- /**
- * is the bku Selection Element present?
- */
- private boolean bKUSelectable;
- /**
- * the bku Selection Connection Parameters
- */
- private ConnectionParameter bKUConnectionParameter;
+ private static PVP2 pvp2general = null;
- /**
- * parameter for connection to SZR-GW GetIdentityLink
- */
- private ConnectionParameter foreignIDConnectionParameter;
+ private static String alternativesourceid = null;
- /**
- * parameter for connection to OnlineMandates Service
- */
- private ConnectionParameter onlineMandatesConnectionParameter;
+ private static List<String> legacyallowedprotocols = new ArrayList<String>();
- /**
- * Parameter for trusted BKUs
- */
- private List trustedBKUs;
+ private static VerifyAuthBlock verifyidl = null;
- /**
- * Parameter for trusted Template URLs
- */
- private List trustedTemplateURLs;
+ private static ConnectionParameter MoaSpConnectionParameter = null;
+ private static ConnectionParameter ForeignIDConnectionParameter = null;
+ private static ConnectionParameter OnlineMandatesConnectionParameter = null;
- /**
- * Holds general information for STORK (e.g. C-PEPS connection parameter, SAML signing parameters, etc.)
- */
- private STORKConfig storkConfig;
+ private static String MoaSpIdentityLinkTrustProfileID = null;
+
+ private static List<String> TransformsInfos = null;
+ private static List<String> IdentityLinkX509SubjectNames = new ArrayList<String>();
+
+ private static Map<String, String> SLRequestTemplates = new HashMap<String, String>();
+
+ private static SSO ssoconfig = null;
/**
* Return the single instance of configuration data.
@@ -250,129 +241,418 @@ public class AuthConfigurationProvider extends ConfigurationProvider {
* read/built.
*/
private void load(String fileName) throws ConfigurationException {
- InputStream stream = null;
- Element configElem;
- ConfigurationBuilder builder;
+
+ try {
+ //Initial Hibernate Framework
+ Logger.trace("Initializing Hibernate framework.");
+
+ //Load MOAID-2.0 properties file
+ File propertiesFile = new File(fileName);
+ FileInputStream fis;
+ props = new Properties();
+
+ // determine the directory of the root config file
+ rootConfigFileDir = new File(fileName).getParent();
- try {
- // load the main config file
- stream = new BufferedInputStream(new FileInputStream(fileName));
- configElem = DOMUtils.parseXmlValidating(stream);
- } catch (Throwable t) {
- throw new ConfigurationException("config.03", null, t);
- }
- finally {
- try {
- if (stream != null) {
- stream.close();
- }
- } catch (IOException e) {
- }
- }
try {
- // determine the directory of the root config file
- rootConfigFileDir = new File(fileName).getParent();
- try {
- rootConfigFileDir = new File(rootConfigFileDir).toURL().toString();
- } catch (MalformedURLException t) {
- throw new ConfigurationException("config.03", null, t);
- }
-
+ rootConfigFileDir = new File(rootConfigFileDir).toURL().toString();
+
+ } catch (MalformedURLException t) {
+ throw new ConfigurationException("config.03", null, t);
+ }
+
+ try {
+ fis = new FileInputStream(propertiesFile);
+ props.load(fis);
+
+ //TODO: maybe some general hibnerate config!!!
+ // read MOAID Session Hibernate properties
+ Properties moaSessionProp = new Properties();
+ for (Object key : props.keySet()) {
+ String propPrefix = "moasession.";
+ if (key.toString().startsWith(propPrefix)) {
+ String propertyName = key.toString().substring(propPrefix.length());
+ moaSessionProp.put(propertyName, props.get(key.toString()));
+ }
+ }
+
+ // read Config Hibernate properties
+ Properties configProp = new Properties();
+ for (Object key : props.keySet()) {
+ String propPrefix = "configuration.";
+ if (key.toString().startsWith(propPrefix)) {
+ String propertyName = key.toString().substring(propPrefix.length());
+ configProp.put(propertyName, props.get(key.toString()));
+ }
+ }
+
+ // initialize hibernate
+ synchronized (AuthConfigurationProvider.class) {
+
+ //Initial config Database
+ ConfigurationDBUtils.initHibernate(configProp);
+
+ //initial MOAID Session Database
+ Configuration config = new Configuration();
+ config.addAnnotatedClass(AssertionStore.class);
+ config.addAnnotatedClass(AuthenticatedSessionStore.class);
+ config.addAnnotatedClass(OASessionStore.class);
+ config.addAnnotatedClass(OldSSOSessionIDStore.class);
+ config.addProperties(moaSessionProp);
+ MOASessionDBUtils.initHibernate(config, moaSessionProp);
+
+ }
+ Logger.trace("Hibernate initialization finished.");
+
+ } catch (FileNotFoundException e) {
+ throw new ConfigurationException("config.03", null, e);
+
+ } catch (IOException e) {
+ throw new ConfigurationException("config.03", null, e);
+
+ } catch (ExceptionInInitializerError e) {
+ throw new ConfigurationException("config.17", null, e);
+ }
+
+
//Initialize OpenSAML for STORK
- Logger.trace("Starting initialization of OpenSAML...");
+ Logger.info("Starting initialization of OpenSAML...");
STORKBootstrap.bootstrap();
Logger.debug("OpenSAML successfully initialized");
+
+
+ String legacyconfig = props.getProperty("configuration.xml.legacy");
+ String xmlconfig = props.getProperty("configuration.xml");
+// String xmlconfigout = props.getProperty("configuration.xml.out");
+
+
+ //check if XML config should be used
+ if (MiscUtil.isNotEmpty(legacyconfig) || MiscUtil.isNotEmpty(xmlconfig)) {
+ Logger.warn("WARNING! MOA-ID 2.0 is started with XML configuration. This setup overstrike the actual configuration in the Database!");
+ moaidconfig = ConfigurationDBRead.getMOAIDConfiguration();
+ if (moaidconfig != null)
+ ConfigurationDBUtils.delete(moaidconfig);
+
+ List<OnlineApplication> oas = ConfigurationDBRead.getAllOnlineApplications();
+ if (oas != null && oas.size() > 0) {
+ for (OnlineApplication oa : oas)
+ ConfigurationDBUtils.delete(oa);
+ }
+ }
+
+ //load legacy config if it is configured
+ if (MiscUtil.isNotEmpty(legacyconfig)) {
+ Logger.warn("WARNING! MOA-ID 2.0 is started with legacy configuration. This setup is not recommended!");
- // build the internal datastructures
- builder = new ConfigurationBuilder(configElem, rootConfigFileDir);
- bKUConnectionParameter = builder.buildAuthBKUConnectionParameter();
- bKUSelectable = (bKUConnectionParameter!=null);
- bKUSelectionType = builder.buildAuthBKUSelectionType();
- genericConfiguration = builder.buildGenericConfiguration();
- transformsInfoFileNames = builder.buildTransformsInfoFileNames(builder.getConfigElem(), ConfigurationBuilder.AUTH_SECLAYER_TRANSFORMS_INFO_FILENAME_XPATH);
- transformsInfos = builder.loadTransformsInfos(transformsInfoFileNames);
- moaSpConnectionParameter = builder.buildMoaSpConnectionParameter();
- moaSpIdentityLinkTrustProfileID = builder.getMoaSpIdentityLinkTrustProfileID();
- moaSpAuthBlockTrustProfileID = builder.getMoaSpAuthBlockTrustProfileID();
- moaSpAuthBlockVerifyTransformsInfoIDs = builder.buildMoaSpAuthBlockVerifyTransformsInfoIDs();
- defaultVerifyInfoboxParameters = null;
- Node defaultVerifyInfoboxParamtersElem = XPathUtils.selectSingleNode(configElem, ConfigurationBuilder.AUTH_VERIFY_INFOBOXES_XPATH);
- if (defaultVerifyInfoboxParamtersElem != null) {
- defaultVerifyInfoboxParameters =
- builder.buildVerifyInfoboxParameters((Element)defaultVerifyInfoboxParamtersElem, null, moaSpIdentityLinkTrustProfileID);
- }
-
-
- foreignIDConnectionParameter = builder.buildForeignIDConnectionParameter();
- onlineMandatesConnectionParameter = builder.buildOnlineMandatesConnectionParameter();
- onlineApplicationAuthParameters = builder.buildOnlineApplicationAuthParameters(defaultVerifyInfoboxParameters, moaSpIdentityLinkTrustProfileID);
- identityLinkX509SubjectNames = builder.getIdentityLink_X509SubjectNames();
- defaultChainingMode = builder.getDefaultChainingMode();
- chainingModes = builder.buildChainingModes();
- trustedCACertificates = builder.getTrustedCACertificates();
- trustedCACertificates = FileUtils.makeAbsoluteURL(trustedCACertificates, rootConfigFileDir);
- trustedBKUs = builder.getTrustedBKUs();
- trustedTemplateURLs = builder.getTrustedTemplateURLs();
- storkConfig = new STORKConfig(builder.buildSTORKSignatureCreationParameter(),builder.buildSTORKSignatureVerificationParameter(), builder.buildSTORKcPEPSMap());
+ MOAIDConfiguration moaconfig = BuildFromLegacyConfig.build(new File(legacyconfig), rootConfigFileDir, null);
+
+ List<OnlineApplication> oas = moaconfig.getOnlineApplication();
+ for (OnlineApplication oa : oas)
+ ConfigurationDBUtils.save(oa);
+ moaconfig.setOnlineApplication(null);
+ ConfigurationDBUtils.save(moaconfig);
+
+ Logger.info("Legacy Configuration load is completed.");
+
+
+ }
+
+ //load MOA-ID 2.x config from XML
+ if (MiscUtil.isNotEmpty(xmlconfig)) {
+ Logger.warn("Load configuration from MOA-ID 2.x XML configuration");
+
+ try {
+ JAXBContext jc = JAXBContext.newInstance("at.gv.egovernment.moa.id.commons.db.dao.config");
+ Unmarshaller m = jc.createUnmarshaller();
+ File file = new File(xmlconfig);
+ MOAIDConfiguration moaconfig = (MOAIDConfiguration) m.unmarshal(file);
+ //ConfigurationDBUtils.save(moaconfig);
+
+ List<OnlineApplication> importoas = moaconfig.getOnlineApplication();
+ for (OnlineApplication importoa : importoas) {
+ ConfigurationDBUtils.saveOrUpdate(importoa);
+ }
+
+ moaconfig.setOnlineApplication(null);
+ ConfigurationDBUtils.saveOrUpdate(moaconfig);
+
+ } catch (Exception e) {
+ Logger.warn("MOA-ID XML configuration can not be loaded from File.", e);
+ throw new ConfigurationException("config.02", null);
+ }
+ Logger.info("XML Configuration load is completed.");
+ }
+
+ Logger.info("Read MOA-ID 2.0 configuration from database.");
+ moaidconfig = ConfigurationDBRead.getMOAIDConfiguration();
+ Logger.info("MOA-ID 2.0 is loaded.");
+
+ if (moaidconfig == null) {
+ Logger.warn("NO MOA-ID configuration found.");
+ throw new ConfigurationException("config.18", null);
+ }
+
+
+// //TODO: only for Testing!!!
+// if (MiscUtil.isNotEmpty(xmlconfigout)) {
+// Logger.info("Write MOA-ID 2.x xml config into " + xmlconfig);
+// JAXBContext jc = JAXBContext.newInstance("at.gv.egovernment.moa.id.commons.db.dao.config");
+// Marshaller m = jc.createMarshaller();
+// m.setProperty(Marshaller.JAXB_FORMATTED_OUTPUT, true);
+// File test = new File(xmlconfigout);
+// m.marshal(moaidconfig, test);
+//
+// }
+
+ //build STORK Config
+ AuthComponentGeneral auth = getAuthComponentGeneral();
+ ForeignIdentities foreign = auth.getForeignIdentities();
+ if (foreign == null ) {
+ Logger.warn("Error in MOA-ID Configuration. No STORK configuration found.");
+
+ } else
+ storkconfig = new STORKConfig(foreign.getSTORK(), props, rootConfigFileDir);
+
+
+ //load Chaining modes
+ ChainingModes cm = moaidconfig.getChainingModes();
+ if (cm != null) {
+ defaultChainingMode = cm.getSystemDefaultMode().value();
+
+ List<TrustAnchor> tas = cm.getTrustAnchor();
+
+ chainingModes = new HashMap<IssuerAndSerial, String>();
+ for (TrustAnchor ta : tas) {
+ IssuerAndSerial is = new IssuerAndSerial(ta.getX509IssuerName(), ta.getX509SerialNumber());
+ chainingModes.put(is, ta.getMode().value());
+ }
+ } else {
+ Logger.warn("Error in MOA-ID Configuration. No ChainingMode configuration found.");
+ throw new ConfigurationException("config.02", null);
+ }
+
+ //set Trusted CA certs directory
+ trustedCACertificates = rootConfigFileDir + moaidconfig.getTrustedCACertificates();
+
+ //set CertStoreDirectory
+ setCertStoreDirectory();
+
+ //set TrustManagerRevocationChecking
+ setTrustManagerRevocationChecking();
+
+ //set TimeOuts
+ if (auth.getGeneralConfiguration() != null) {
+ if (auth.getGeneralConfiguration().getTimeOuts() != null) {
+
+ timeouts = new TimeOuts();
+ if (auth.getGeneralConfiguration().getTimeOuts().getAssertion() == null)
+ timeouts.setAssertion(new BigInteger("120"));
+ else
+ timeouts.setAssertion(auth.getGeneralConfiguration().getTimeOuts().getAssertion());
+
+ if (auth.getGeneralConfiguration().getTimeOuts().getMOASessionCreated() == null)
+ timeouts.setMOASessionCreated(new BigInteger("2700"));
+ else
+ timeouts.setMOASessionCreated(auth.getGeneralConfiguration().getTimeOuts().getMOASessionCreated());
+
+ if (auth.getGeneralConfiguration().getTimeOuts().getMOASessionUpdated() == null)
+ timeouts.setMOASessionUpdated(new BigInteger("1200"));
+ else
+ timeouts.setMOASessionUpdated(auth.getGeneralConfiguration().getTimeOuts().getMOASessionUpdated());
+ }
+ }
+ else {
+ Logger.warn("Error in MOA-ID Configuration. No TimeOuts defined.");
+ throw new ConfigurationException("config.02", null);
+ }
+
+ //set PVP2 general config
+ Protocols protocols = auth.getProtocols();
+ if (protocols != null) {
+ if (protocols.getPVP2() != null) {
+ PVP2 el = protocols.getPVP2();;
+ pvp2general = new PVP2();
+ pvp2general.setIssuerName(el.getIssuerName());
+ pvp2general.setPublicURLPrefix(el.getPublicURLPrefix());
+
+ if (el.getOrganization() != null) {
+ Organization org = new Organization();
+ pvp2general.setOrganization(org);
+ org.setDisplayName(el.getOrganization().getDisplayName());
+ org.setName(el.getOrganization().getName());
+ org.setURL(el.getOrganization().getURL());
+ }
+
+ if (el.getContact() != null) {
+ List<Contact> cont = new ArrayList<Contact>();
+ pvp2general.setContact(cont);
+ for (Contact e : el.getContact()) {
+ Contact c = new Contact();
+ c.setCompany(e.getCompany());
+ c.setGivenName(e.getGivenName());
+ c.setMail(e.getMail());
+ c.setPhone(e.getPhone());
+ c.setSurName(e.getSurName());
+ c.setType(e.getType());
+ }
+ }
+ }
+ } else {
+ Logger.warn("Error in MOA-ID Configuration. No general Protcol configuration found.");
+ }
+
+ //set alternativeSourceID
+ if (auth.getGeneralConfiguration() != null)
+ alternativesourceid = auth.getGeneralConfiguration().getAlternativeSourceID();
+ else {
+ Logger.warn("Error in MOA-ID Configuration. No GeneralConfig defined.");
+ throw new ConfigurationException("config.02", null);
+ }
+
+ //set LegacyAllowedProtocols
+ try {
+ if (auth.getProtocols() != null) {
+ Protocols procols = auth.getProtocols();
+ if (procols.getLegacyAllowed() != null) {
+ LegacyAllowed legacy = procols.getLegacyAllowed();
+ legacyallowedprotocols = new ArrayList<String>(legacy.getProtocolName());
+ }
+ }
+ } catch (Exception e) {
+ Logger.info("No protocols found with legacy allowed flag!");
+ }
+
+ //set VerifyAuthBlockConfig
+ MOASP moasp = getMOASPConfig(auth);
+
+ VerifyAuthBlock el = moasp.getVerifyAuthBlock();
+ if (el != null) {
+ verifyidl = new VerifyAuthBlock();
+ verifyidl.setTrustProfileID(el.getTrustProfileID());
+ verifyidl.setVerifyTransformsInfoProfileID(new ArrayList<String>(el.getVerifyTransformsInfoProfileID()));
+ }
+ else {
+ Logger.warn("Error in MOA-ID Configuration. No Trustprofile for AuthBlock validation.");
+ throw new ConfigurationException("config.02", null);
+ }
+
+ //set MOASP connection parameters
+ if (moasp.getConnectionParameter() != null)
+ MoaSpConnectionParameter = new ConnectionParameterMOASP(moasp.getConnectionParameter(), props, this.rootConfigFileDir);
+ else
+ MoaSpConnectionParameter = null;
+
+ //set ForeignIDConnectionParameters
+ if (foreign != null) {
+ ForeignIDConnectionParameter = new ConnectionParameterForeign(foreign.getConnectionParameter(), props, this.rootConfigFileDir);
+ } else {
+ Logger.warn("Error in MOA-ID Configuration. No Connectionconfiguration to SZRGW Service found");
+ }
+
+ //set OnlineMandateConnectionParameters
+ OnlineMandates ovs = auth.getOnlineMandates();
+ if (ovs != null) {
+ OnlineMandatesConnectionParameter = new ConnectionParameterMandate(ovs.getConnectionParameter(), props, this.rootConfigFileDir);
+
+ } else {
+ Logger.warn("Error in MOA-ID Configuration. No Connectionconfiguration to OVS Service found");
+ }
+
+ //set MOASP IdentityLink Trust-ProfileID
+ VerifyIdentityLink verifyidl = moasp.getVerifyIdentityLink();
+ if (verifyidl != null)
+ MoaSpIdentityLinkTrustProfileID = verifyidl.getTrustProfileID();
+ else {
+ Logger.warn("Error in MOA-ID Configuration. No Trustprofile for IdentityLink validation.");
+ throw new ConfigurationException("config.02", null);
+ }
+
+ //set SL transformation infos
+ SecurityLayer seclayer = auth.getSecurityLayer();
+ if (seclayer == null) {
+ Logger.warn("Error in MOA-ID Configuration. No generalAuthConfiguration->SecurityLayer found");
+ throw new ConfigurationException("config.02", null);
+ } else {
+ TransformsInfos = ConfigurationUtils.getTransformInfos(seclayer.getTransformsInfo());
+ }
+
+ //set IdentityLinkSignerSubjectNames
+ IdentityLinkSigners idlsigners = auth.getIdentityLinkSigners();
+ if (idlsigners != null) {
+ IdentityLinkX509SubjectNames = new ArrayList<String>(idlsigners.getX509SubjectName());
+
+ } else {
+ Logger.warn("Warning in MOA-ID Configuration. No IdenitiyLink signer found.");
+ }
+
+ //set SLRequestTemplates
+ SLRequestTemplates templ = moaidconfig.getSLRequestTemplates();
+ if (templ == null) {
+ Logger.warn("Error in MOA-ID Configuration. No SLRequestTemplates found");
+ throw new ConfigurationException("config.02", null);
+ } else {
+ SLRequestTemplates.put(OAAuthParameter.ONLINEBKU, templ.getOnlineBKU());
+ SLRequestTemplates.put(OAAuthParameter.LOCALBKU, templ.getLocalBKU());
+ SLRequestTemplates.put(OAAuthParameter.HANDYBKU, templ.getHandyBKU());
+ }
+
+ //set SSO Config
+ if (auth.getSSO()!= null) {
+ ssoconfig = new SSO();
+ ssoconfig.setFriendlyName(auth.getSSO().getFriendlyName());
+ ssoconfig.setPublicURL(auth.getSSO().getPublicURL());
+ ssoconfig.setSpecialText(auth.getSSO().getSpecialText());
+ ssoconfig.setTarget(auth.getSSO().getTarget());
+
+ if (auth.getSSO().getIdentificationNumber() != null) {
+ IdentificationNumber value = new IdentificationNumber();
+ value.setType(auth.getSSO().getIdentificationNumber().getType());
+ value.setValue(auth.getSSO().getIdentificationNumber().getValue());
+ ssoconfig.setIdentificationNumber(value);
+ }
+ } else {
+ Logger.warn("Error in MOA-ID Configuration. No Single Sign-On Config found");
+ }
+
+ //close Database
+ ConfigurationDBUtils.closeSession();
+
} catch (Throwable t) {
throw new ConfigurationException("config.02", null, t);
}
}
- /**
- * Loads the <code>transformsInfos</code> from files.
- * @throws Exception on any exception thrown
- */
-// private void loadTransformsInfos() throws Exception {
-//
-// transformsInfos = new String[transformsInfoFileNames.length];
-// for (int i = 0; i < transformsInfoFileNames.length; i++) {
-// String fileURL = transformsInfoFileNames[i];
-//
-// //if fileURL is relative to rootConfigFileDir make it absolute
-// fileURL = FileUtils.makeAbsoluteURL(fileURL, rootConfigFileDir);
-// String transformsInfo = FileUtils.readURL(fileURL, DEFAULT_ENCODING);
-// transformsInfos[i] = transformsInfo;
-// }
-// }
-
-// /**
-// * Loads the <code>transformsInfos</code> from files.
-// * @throws Exception on any exception thrown
-// */
-// private String[] loadTransformsInfos(String[] transformsInfoFileNames) throws Exception {
-//
-// String[] transformsInfos = new String[transformsInfoFileNames.length];
-// for (int i = 0; i < transformsInfoFileNames.length; i++) {
-// String fileURL = transformsInfoFileNames[i];
-//
-// //if fileURL is relative to rootConfigFileDir make it absolute
-// fileURL = FileUtils.makeAbsoluteURL(fileURL, rootConfigFileDir);
-// String transformsInfo = FileUtils.readURL(fileURL, DEFAULT_ENCODING);
-// transformsInfos[i] = transformsInfo;
-// }
-// return transformsInfos;
-// }
- /**
- * Return a string array with all filenames leading
- * to the Transforms Information for the Security Layer
- * @return String[] of filenames to the Security Layer Transforms Information
- */
- public String[] getTransformsInfoFileNames() {
- return transformsInfoFileNames;
+
+ public Properties getGeneralPVP2ProperiesConfig() {
+ Properties configProp = new Properties();
+ for (Object key : props.keySet()) {
+ String propPrefix = "protocols.pvp2.";
+ if (key.toString().startsWith(propPrefix)) {
+ String propertyName = key.toString().substring(propPrefix.length());
+ configProp.put(propertyName, props.get(key.toString()));
+ }
+ }
+ return configProp;
}
- /**
- * Build an array of the OnlineApplication Parameters containing information
- * about the authentication component
- * @return An OAProxyParameter array containing beans
- * with all relevant information for theauthentication component of the online
- * application
- */
- public OAAuthParameter[] getOnlineApplicationParameters() {
- return onlineApplicationAuthParameters;
+
+ public PVP2 getGeneralPVP2DBConfig() {
+ return pvp2general;
}
+
+ public TimeOuts getTimeOuts() throws ConfigurationException {
+ return timeouts;
+ }
+
+ public String getAlternativeSourceID() throws ConfigurationException {
+ return alternativesourceid;
+ }
+
+ public List<String> getLegacyAllowedProtocols() {
+ return legacyallowedprotocols;
+ }
+
/**
* Provides configuration information regarding the online application behind
@@ -383,13 +663,15 @@ public class AuthConfigurationProvider extends ConfigurationProvider {
* if none is applicable
*/
public OAAuthParameter getOnlineApplicationParameter(String oaURL) {
- OAAuthParameter[] oaParams = getOnlineApplicationParameters();
- for (int i = 0; i < oaParams.length; i++) {
- OAAuthParameter oaParam = oaParams[i];
- if (oaURL.indexOf(oaParam.getPublicURLPrefix()) == 0)
- return oaParam;
- }
- return null;
+
+ OnlineApplication oa = ConfigurationDBRead.getActiveOnlineApplication(oaURL);
+
+ if (oa == null) {
+ Logger.warn("Online application with identifier " + oaURL + " is not found.");
+ return null;
+ }
+
+ return new OAAuthParameter(oa);
}
@@ -398,9 +680,10 @@ public class AuthConfigurationProvider extends ConfigurationProvider {
* profile id within the moa-sp part of the authentication component
*
* @return String with a url-reference to the VerifyAuthBlock trust profile ID
+ * @throws ConfigurationException
*/
- public String getMoaSpAuthBlockTrustProfileID() {
- return moaSpAuthBlockTrustProfileID;
+ public String getMoaSpAuthBlockTrustProfileID() throws ConfigurationException {
+ return verifyidl.getTrustProfileID();
}
/**
@@ -408,119 +691,194 @@ public class AuthConfigurationProvider extends ConfigurationProvider {
* IDs within the moa-sp part of the authentication component
* @return A string array containing all urls to the
* verify transform info IDs
+ * @throws ConfigurationException
*/
- public String[] getMoaSpAuthBlockVerifyTransformsInfoIDs() {
- return moaSpAuthBlockVerifyTransformsInfoIDs;
+ public List<String> getMoaSpAuthBlockVerifyTransformsInfoIDs() throws ConfigurationException {
+ return verifyidl.getVerifyTransformsInfoProfileID();
}
/**
* Return a ConnectionParameter bean containing all information
* of the authentication component moa-sp element
* @return ConnectionParameter of the authentication component moa-sp element
+ * @throws ConfigurationException
*/
- public ConnectionParameter getMoaSpConnectionParameter() {
- return moaSpConnectionParameter;
+ public ConnectionParameter getMoaSpConnectionParameter() throws ConfigurationException {
+ return MoaSpConnectionParameter;
}
/**
* Return a ConnectionParameter bean containing all information
* of the authentication component foreigid element
* @return ConnectionParameter of the authentication component foreignid element
+ * @throws ConfigurationException
*/
- public ConnectionParameter getForeignIDConnectionParameter() {
- return foreignIDConnectionParameter;
+ public ConnectionParameter getForeignIDConnectionParameter() throws ConfigurationException {
+ return ForeignIDConnectionParameter;
}
/**
* Return a ConnectionParameter bean containing all information
* of the authentication component OnlineMandates element
* @return ConnectionParameter of the authentication component OnlineMandates element
+ * @throws ConfigurationException
*/
- public ConnectionParameter getOnlineMandatesConnectionParameter() {
- return onlineMandatesConnectionParameter;
+ public ConnectionParameter getOnlineMandatesConnectionParameter() throws ConfigurationException {
+ return OnlineMandatesConnectionParameter;
}
/**
* Return a string with a url-reference to the VerifyIdentityLink trust
* profile id within the moa-sp part of the authentication component
* @return String with a url-reference to the VerifyIdentityLink trust profile ID
+ * @throws ConfigurationException
*/
- public String getMoaSpIdentityLinkTrustProfileID() {
- return moaSpIdentityLinkTrustProfileID;
+ public String getMoaSpIdentityLinkTrustProfileID() throws ConfigurationException {
+ return MoaSpIdentityLinkTrustProfileID;
}
+
/**
* Returns the transformsInfos.
* @return String[]
+ * @throws ConfigurationException
*/
- public String[] getTransformsInfos() {
- return transformsInfos;
+ public List<String> getTransformsInfos() throws ConfigurationException {
+ return TransformsInfos;
}
/**
* Returns the identityLinkX509SubjectNames.
* @return List
+ * @throws ConfigurationException
*/
- public List getIdentityLinkX509SubjectNames() {
- return identityLinkX509SubjectNames;
+ public List<String> getIdentityLinkX509SubjectNames() throws ConfigurationException {
+ return IdentityLinkX509SubjectNames;
}
- /**
- * Returns the trustBKUs.
- * @return List
- */
- public List getTrustedBKUs() {
- return this.trustedBKUs;
+ public List<String> getSLRequestTemplates() throws ConfigurationException {
+ return new ArrayList<String>(SLRequestTemplates.values());
}
-
- /**
- * Returns the trustedTemplateURLs.
- * @return List
- */
- public List getTrustedTemplateURLs() {
- return this.trustedTemplateURLs;
+
+ public String getSLRequestTemplates(String type) throws ConfigurationException {
+ String el = SLRequestTemplates.get(type);
+ if (MiscUtil.isNotEmpty(el))
+ return el;
+ else {
+ Logger.warn("getSLRequestTemplates: BKU Type does not match: "
+ + OAAuthParameter.ONLINEBKU + " or " + OAAuthParameter.HANDYBKU + " or " + OAAuthParameter.LOCALBKU);
+ return null;
+ }
}
-
- /**
- * Returns the bKUConnectionParameter.
- * @return ConnectionParameter
- */
- public ConnectionParameter getBKUConnectionParameter() {
- return bKUConnectionParameter;
+
+ public boolean isSSOBusinessService() throws ConfigurationException {
+
+ if (ssoconfig != null && ssoconfig.getIdentificationNumber() != null)
+ return true;
+ else
+ return false;
}
-
- /**
- * Returns the bKUSelectable.
- * @return boolean
- */
- public boolean isBKUSelectable() {
- return bKUSelectable;
+
+ public IdentificationNumber getSSOBusinessService() throws ConfigurationException {
+ if (ssoconfig != null)
+ return ssoconfig.getIdentificationNumber();
+ else
+ return null;
}
-
- /**
- * Returns the bKUSelectionType.
- * @return String
- */
- public String getBKUSelectionType() {
- return bKUSelectionType;
+
+ public String getSSOTarget() throws ConfigurationException {
+ if (ssoconfig!= null)
+ return ssoconfig.getTarget();
+
+ return null;
}
-
- /**
- * Returns the defaultVerifyInfoboxParameters.
- *
- * @return The defaultVerifyInfoboxParameters.
- */
- public VerifyInfoboxParameters getDefaultVerifyInfoboxParameters() {
- return defaultVerifyInfoboxParameters;
+
+ public String getSSOFriendlyName() {
+ if (ssoconfig!= null) {
+ if (MiscUtil.isNotEmpty(ssoconfig.getFriendlyName()))
+ return ssoconfig.getFriendlyName();
+ }
+
+ return "Default MOA-ID friendly name for SSO";
}
-
+
+ public String getSSOSpecialText() {
+ if (ssoconfig!= null) {
+ String text = ssoconfig.getSpecialText();
+ if (MiscUtil.isEmpty(text))
+ text = new String();
+
+ return text;
+ }
+ return new String();
+ }
+
+ public String getSSOPublicUrl() {
+ if (ssoconfig!= null) {
+ String url = ssoconfig.getPublicURL();
+ if (MiscUtil.isEmpty(url))
+ url = new String();
+ return url;
+ }
+ return new String();
+ }
+
+ public String getMOASessionEncryptionKey() {
+
+ String prop = props.getProperty("configuration.moasession.key");
+ if (MiscUtil.isEmpty(prop))
+ return null;
+ else
+ return prop;
+ }
+
/**
* Retruns the STORK Configuration
* @return STORK Configuration
+ * @throws ConfigurationException
*/
- public STORKConfig getStorkConfig() {
- return storkConfig;
+ public STORKConfig getStorkConfig() throws ConfigurationException {
+
+ return storkconfig;
}
+
+ private void setCertStoreDirectory() throws ConfigurationException {
+ AuthComponentGeneral auth = getAuthComponentGeneral();
+ if (auth.getGeneralConfiguration() != null)
+ certstoreDirectory = rootConfigFileDir + auth.getGeneralConfiguration().getCertStoreDirectory();
+ else {
+ Logger.warn("Error in MOA-ID Configuration. No CertStoreDirectory defined.");
+ throw new ConfigurationException("config.02", null);
+ }
+ }
+ private void setTrustManagerRevocationChecking() throws ConfigurationException {
+ AuthComponentGeneral auth = getAuthComponentGeneral();
+
+ if (auth.getGeneralConfiguration() != null)
+ trustmanagerrevoationchecking = auth.getGeneralConfiguration().isTrustManagerRevocationChecking();
+ else {
+ Logger.warn("Error in MOA-ID Configuration. No CertStoreDirectory defined.");
+ throw new ConfigurationException("config.02", null);
+ }
+ }
+
+ private AuthComponentGeneral getAuthComponentGeneral() throws ConfigurationException {
+ AuthComponentGeneral authgeneral = moaidconfig.getAuthComponentGeneral();
+ if (authgeneral == null) {
+ Logger.warn("Error in MOA-ID Configuration. No generalAuthConfiguration found");
+ throw new ConfigurationException("config.02", null);
+ }
+ return authgeneral;
+ }
+ private MOASP getMOASPConfig(AuthComponentGeneral authgeneral) throws ConfigurationException {
+ MOASP moasp = authgeneral.getMOASP();
+
+ if (moasp == null) {
+ Logger.warn("Error in MOA-ID Configuration. No MOASP configuration found");
+ throw new ConfigurationException("config.02", null);
+ }
+ return moasp;
+ }
} \ No newline at end of file
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/auth/OAAuthParameter.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/auth/OAAuthParameter.java
index 091a01bf7..c62594d6f 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/auth/OAAuthParameter.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/auth/OAAuthParameter.java
@@ -25,10 +25,22 @@
package at.gv.egovernment.moa.id.config.auth;
import java.util.ArrayList;
+import java.util.List;
-import org.opensaml.saml2.metadata.RequestedAttribute;
-
+import at.gv.egovernment.moa.id.commons.db.dao.config.AuthComponentOA;
+import at.gv.egovernment.moa.id.commons.db.dao.config.BKUURLS;
+import at.gv.egovernment.moa.id.commons.db.dao.config.IdentificationNumber;
+import at.gv.egovernment.moa.id.commons.db.dao.config.Mandates;
+import at.gv.egovernment.moa.id.commons.db.dao.config.OAPVP2;
+import at.gv.egovernment.moa.id.commons.db.dao.config.OASAML1;
+import at.gv.egovernment.moa.id.commons.db.dao.config.OASSO;
+import at.gv.egovernment.moa.id.commons.db.dao.config.OnlineApplication;
+import at.gv.egovernment.moa.id.commons.db.dao.config.TemplateType;
+import at.gv.egovernment.moa.id.commons.db.dao.config.TemplatesType;
+import at.gv.egovernment.moa.id.commons.db.dao.config.TransformsInfoType;
+import at.gv.egovernment.moa.id.config.ConfigurationUtils;
import at.gv.egovernment.moa.id.config.OAParameter;
+import at.gv.egovernment.moa.logging.Logger;
import eu.stork.vidp.messages.builder.STORKMessagesBuilder;
import eu.stork.vidp.messages.common.STORKConstants;
import eu.stork.vidp.messages.stork.QualityAuthenticationAssuranceLevel;
@@ -47,93 +59,25 @@ import eu.stork.vidp.messages.stork.RequestedAttributes;
* @author Harald Bratko
*/
public class OAAuthParameter extends OAParameter {
- /**
- * Sercurity Layer version
- */
- private String slVersion;
- /**
- * true, if the Security Layer version is version 1.2, otherwise false
- */
- private boolean slVersion12;
- /**
- * identityLinkDomainIdentifier
- * (e.g <code>urn:publicid:gv.at+wbpk+FN468i</code> for a "Firmenbuchnummer")
- * <br>
- * only used within a business application context for providing it to the
- * security layer as input for wbPK computation
- */
- private String identityLinkDomainIdentifier;
- /**
- * key box Identifier (e.g. CertifiedKeypair, SecureSignatureKeypair)
- */
- private String keyBoxIdentifier;
- /**
- * transformations for rendering in the secure viewer of the security layer
- * implementation; multiple transformation can be given for different mime types
- */
- private String[] transformsInfos;
- /**
- * determines whether "Stammzahl" is to be included in the authentication data
- */
- private boolean provideStammzahl;
- /**
- * determines whether AUTH block is to be included in the authentication data
- */
- private boolean provideAuthBlock;
- /**
- * determines whether identity link is to be included in the authentication data
- */
- private boolean provideIdentityLink;
- /**
- * determines whether the certificate is to be included in the authentication data
- */
- private boolean provideCertificate;
- /**
- * determines whether the full mandator data (i.e. the mandate) is to be included in the authentication data
- */
- private boolean provideFullMandatorData;
-
- /** determines wheter the IssueInstant of the SAML assertion is in UTC or not*/
- private boolean useUTC;
-
- /** determines wheter a saml:Condition is added to the SAML assertion or not */
- private boolean useCondition;
-
- /** determines the validity time of the SAML assertion (if useCondition is true) in seconds */
- private int conditionLength;
- /**
- * url to a template for web page "Auswahl der B&uuml;rgerkartenumgebung"
- */
- private String bkuSelectionTemplateURL;
- /**
- * template for web page "Anmeldung mit B&uuml;rgerkarte"
- */
- private String templateURL;
- /**
- * template for web page "Signatur der Anmeldedaten"
- */
- private String inputProcessorSignTemplateURL;
- /**
- * Parameters for verifying infoboxes.
- */
- private VerifyInfoboxParameters verifyInfoboxParameters;
-
- /**
- * Parameter for Mandate profiles
- */
- private String mandateProfiles;
-
- /**
- *
- * Type for authentication number (e.g. Firmenbuchnummer)
- */
- private String identityLinkDomainIdentifierType;
+ public static final String ONLINEBKU = "online";
+ public static final String HANDYBKU = "handy";
+ public static final String LOCALBKU = "local";
+
+ private AuthComponentOA oa_auth;
+
+ public OAAuthParameter(OnlineApplication oa) {
+ super(oa);
+
+ this.oa_auth = oa.getAuthComponentOA();
+
+ this.keyBoxIdentifier = oa.getKeyBoxIdentifier().value();
+}
/**
* STORK QAA Level, Default = 4
*/
- private QualityAuthenticationAssuranceLevel qaaLevel = STORKMessagesBuilder.buildQualityAuthenticationAssuranceLevel(4);
+ private QualityAuthenticationAssuranceLevel qaaLevel = STORKMessagesBuilder.buildQualityAuthenticationAssuranceLevel(4);
/**
* STORK RequestedAttributes for Online Application
@@ -144,359 +88,215 @@ public class OAAuthParameter extends OAParameter {
STORKMessagesBuilder.buildRequestedAttribute(STORKConstants.STORK_ATTRIBUTE_GIVENNAME, true, null),
STORKMessagesBuilder.buildRequestedAttribute(STORKConstants.STORK_ATTRIBUTE_SURNAME, true, null),
STORKMessagesBuilder.buildRequestedAttribute(STORKConstants.STORK_ATTRIBUTE_DATEOFBIRTH, false, null));
-
-
-/**
- * Returns <code>true</code> if the Security Layer version is version 1.2,
- * otherwise <code>false</code>.
- * @return <code>true</code> if the Security Layer version is version 1.2,
- * otherwise <code>false</code>
- */
- public boolean getSlVersion12() {
- return slVersion12;
- }
-
- /**
- * Returns the security layer version.
- * @return the security layer version.
- */
- public String getSlVersion() {
- return slVersion;
- }
-
- /**
- * Returns the identityLinkDomainIdentifier.
- * @return the identityLinkDomainIdentifier.
- */
- public String getIdentityLinkDomainIdentifier() {
- return identityLinkDomainIdentifier;
- }
-
- /**
- * Returns the transformsInfos.
- * @return the transformsInfos.
- */
- public String[] getTransformsInfos() {
- return transformsInfos;
- }
-
- /**
- * Returns the provideAuthBlock.
- * @return String
- */
- public boolean getProvideAuthBlock() {
- return provideAuthBlock;
- }
-
- /**
- * Returns the provideIdentityLink.
- * @return String
- */
- public boolean getProvideIdentityLink() {
- return provideIdentityLink;
- }
- /**
- * Returns the provideStammzahl.
- * @return String
- */
- public boolean getProvideStammzahl() {
- return provideStammzahl;
- }
-
- /**
- * Returns <code>true</code> if the certificate should be provided within the
- * authentication data, otherwise <code>false</code>.
- * @return <code>true</code> if the certificate should be provided,
- * otherwise <code>false</code>
- */
- public boolean getProvideCertifcate() {
- return provideCertificate;
- }
-
- /**
- * Returns <code>true</code> if the full mandator data should be provided within the
- * authentication data, otherwise <code>false</code>.
- * @return <code>true</code> if the full mandator data should be provided,
- * otherwise <code>false</code>
- */
- public boolean getProvideFullMandatorData() {
- return provideFullMandatorData;
- }
-
- /**
- * Returns <code>true</code> if the IssueInstant should be given in UTC, otherwise <code>false</code>.
- * @return <code>true</code> if the IssueInstant should be given in UTC, otherwise <code>false</code>.
- */
- public boolean getUseUTC() {
- return useUTC;
- }
-
- /**
- * Returns <code>true</code> if the SAML assertion should contain a saml:Condition, otherwise <code>false</code>.
- * @return <code>true</code> if the SAML assertion should contain a saml:Condition, otherwise <code>false</code>.
- */
- public boolean getUseCondition() {
- return useCondition;
- }
-
- /**
- * Returns the validity time of the SAML assertion (if useCondition is true) in seconds
- * @return the validity time of the SAML assertion (if useCondition is true) in seconds
- */
- public int getConditionLength() {
- return conditionLength;
- }
+ private String keyBoxIdentifier;
-
/**
- * Returns the key box identifier.
- * @return String
- */
- public String getKeyBoxIdentifier() {
- return keyBoxIdentifier;
- }
-
- /**
- * Returns the BkuSelectionTemplate url.
- * @return The BkuSelectionTemplate url or <code>null</code> if no url for
- * a BkuSelectionTemplate is set.
- */
- public String getBkuSelectionTemplateURL() {
- return bkuSelectionTemplateURL;
- }
-
- /**
- * Returns the TemplateURL url.
- * @return The TemplateURL url or <code>null</code> if no url for
- * a Template is set.
- */
- public String getTemplateURL() {
- return templateURL;
- }
-
-
- /**
- * Returns the inputProcessorSignTemplateURL url.
- * @return The inputProcessorSignTemplateURL url or <code>null</code> if no url for
- * a input processor sign template is set.
- */
- public String getInputProcessorSignTemplateURL() {
- return inputProcessorSignTemplateURL;
- }
-
- /**
- * Returns the parameters for verifying additional infoboxes.
- *
- * @return The parameters for verifying additional infoboxes.
- * Maybe <code>null</code>.
- */
- public VerifyInfoboxParameters getVerifyInfoboxParameters() {
- return verifyInfoboxParameters;
- }
-
- /**
- * Sets the security layer version.
- * Also sets <code>slVersion12</code> ({@link #getSlVersion12()})
- * to <code>true</code> if the Security Layer version is 1.2.
- * @param slVersion The security layer version to be used.
- */
- public void setSlVersion(String slVersion) {
- this.slVersion = slVersion;
- if ("1.2".equals(slVersion)) {
- this.slVersion12 = true;
- }
- }
- /**
- * Sets the IdentityLinkDomainIdentifier.
- * @param identityLinkDomainIdentifier The IdentityLinkDomainIdentifiern number of the online application.
- */
- public void setIdentityLinkDomainIdentifier(String identityLinkDomainIdentifier) {
- this.identityLinkDomainIdentifier = identityLinkDomainIdentifier;
- }
- /**
- * Sets the transformsInfos.
- * @param transformsInfos The transformsInfos to be used.
- */
- public void setTransformsInfos(String[] transformsInfos) {
- this.transformsInfos = transformsInfos;
- }
-
+ * @return the slVersion
+ */
+public String getSlVersion() {
+ return oa_auth.getSlVersion();
+}
/**
- * Sets the provideAuthBlock.
- * @param provideAuthBlock The provideAuthBlock to set
- */
- public void setProvideAuthBlock(boolean provideAuthBlock) {
- this.provideAuthBlock = provideAuthBlock;
- }
+ * @return the slVersion12
+ */
+public boolean isSlVersion12() {
+ if ("1.2".equals(oa_auth.getSlVersion()))
+ return true;
+ else
+ return false;
+ }
- /**
- * Sets the provideIdentityLink.
- * @param provideIdentityLink The provideIdentityLink to set
- */
- public void setProvideIdentityLink(boolean provideIdentityLink) {
- this.provideIdentityLink = provideIdentityLink;
- }
+public boolean getUseUTC() {
+ return oa_auth.isUseUTC();
+}
- /**
- * Sets the provideStammzahl.
- * @param provideStammzahl The provideStammzahl to set
- */
- public void setProvideStammzahl(boolean provideStammzahl) {
- this.provideStammzahl = provideStammzahl;
- }
-
- /**
- * Sets the provideCertificate variable.
- * @param provideCertificate The provideCertificate value to set
- */
- public void setProvideCertificate(boolean provideCertificate) {
- this.provideCertificate = provideCertificate;
- }
-
- /**
- * Sets the provideFullMandatorData variable.
- * @param provideFullMandatorData The provideFullMandatorData value to set
- */
- public void setProvideFullMandatorData(boolean provideFullMandatorData) {
- this.provideFullMandatorData = provideFullMandatorData;
- }
-
- /**
- * Sets the useUTC variable.
- * @param useUTC The useUTC value to set
- */
- public void setUseUTC(boolean useUTC) {
- this.useUTC = useUTC;
- }
-
- /**
- * Sets the useCondition variable
- * @param useCondition The useCondition value to set
- */
- public void setUseCondition(boolean useCondition) {
- this.useCondition = useCondition;
- }
-
- /**
- * Sets the conditionLength variable
- * @param conditionLength the conditionLength value to set
- */
- public void setConditionLength(int conditionLength) {
- this.conditionLength = conditionLength;
- }
-
+public boolean useIFrame() {
+ return oa_auth.isUseIFrame();
+}
- /**
- * Sets the key box identifier.
- * @param keyBoxIdentifier to set
- */
- public void setKeyBoxIdentier(String keyBoxIdentifier) {
- this.keyBoxIdentifier = keyBoxIdentifier;
- }
-
- /**
- * Sets the BkuSelectionTemplate url.
- * @param bkuSelectionTemplateURL The url string specifying the location
- * of a BkuSelectionTemplate.
- */
- public void setBkuSelectionTemplateURL(String bkuSelectionTemplateURL) {
- this.bkuSelectionTemplateURL = bkuSelectionTemplateURL;
- }
-
- /**
- * Sets the Template url.
- * @param templateURL The url string specifying the location
- * of a Template.
- */
- public void setTemplateURL(String templateURL) {
- this.templateURL = templateURL;
- }
-
- /**
- * Sets the input processor sign form template url.
- *
- * @param inputProcessorSignTemplateURL The url string specifying the
- * location of the input processor sign form
- */
- public void setInputProcessorSignTemplateURL(String inputProcessorSignTemplateURL) {
- this.inputProcessorSignTemplateURL = inputProcessorSignTemplateURL;
- }
+/**
+ * @return the identityLinkDomainIdentifier
+ */
+public String getIdentityLinkDomainIdentifier() {
+
+ IdentificationNumber idnumber = oa_auth.getIdentificationNumber();
+ if (idnumber != null)
+ return idnumber.getValue();
+
+ return null;
+}
- /**
- * Sets the parameters for verifying additonal (to the identitylink infobox) infoboxes.
- *
- * @param verifyInfoboxParameters The verifyInfoboxParameters to set.
- */
- public void setVerifyInfoboxParameters(VerifyInfoboxParameters verifyInfoboxParameters) {
- this.verifyInfoboxParameters = verifyInfoboxParameters;
- }
-
- /**
- * Gets the IdentityLinkDomainIdentifier (e.g. Firmenbuchnummer)
- * @return IdentityLinkDomainIdentifier (e.g. Firmenbuchnummer)
- */
- public String getIdentityLinkDomainIdentifierType() {
- return identityLinkDomainIdentifierType;
- }
+/**
+ * @return the keyBoxIdentifier
+ */
+public String getKeyBoxIdentifier() {
+
+ return keyBoxIdentifier;
+}
- /**
- * Sets the IdentityLinkDomainIdentifier (e.g. Firmenbuchnummer)
- * @param identityLinkDomainIdentifierType The IdentityLinkDomainIdentifier to set (e.g. Firmenbuchnummer)
- */
- public void setIdentityLinkDomainIdentifierType(String identityLinkDomainIdentifierType) {
- this.identityLinkDomainIdentifierType = identityLinkDomainIdentifierType;
- }
-
- /**
- * Sets the Mandate/Profiles
- * @param profiles
- */
- public void setMandateProfiles(String profiles) {
- this.mandateProfiles = profiles;
- }
-
- /**
- * Returns the Mandates/Profiles
- * @return
- */
- public String getMandateProfiles() {
- return this.mandateProfiles;
- }
+/**
+ * @return the transformsInfos
+ */
+public List<String> getTransformsInfos() {
+
+ List<TransformsInfoType> transformations = oa_auth.getTransformsInfo();
+ return ConfigurationUtils.getTransformInfos(transformations);
+}
- /**
- * Returns the defined STORK QAALevel
- * @return STORK QAALevel
- */
- public QualityAuthenticationAssuranceLevel getQaaLevel() {
- return qaaLevel;
+ public OASAML1 getSAML1Parameter() {
+ return oa_auth.getOASAML1();
}
+ public OAPVP2 getPVP2Parameter() {
+ return oa_auth.getOAPVP2();
+ }
+
+///**
+// * @return the bkuSelectionTemplateURL
+// */
+//public String getBkuSelectionTemplateURL() {
+// return bkuSelectionTemplateURL;
+//}
+
/**
- * Sets the STORK QAALevel
- * @param qaaLevel
+ * @return the templateURL
*/
- public void setQaaLevel(QualityAuthenticationAssuranceLevel qaaLevel) {
- this.qaaLevel = qaaLevel;
+ public List<TemplateType> getTemplateURL() {
+ TemplatesType templates = oa_auth.getTemplates();
+
+ if (templates != null) {
+ if (templates.getTemplate() != null) {
+ return templates.getTemplate();
+ }
+ }
+ return null;
}
- /**
- * Returns the desired STORK Requested Attributes
- * @return STORK Requested Attributes
- */
- public RequestedAttributes getRequestedAttributes() {
- return requestedAttributes;
+ public String getAditionalAuthBlockText() {
+ TemplatesType templates = oa_auth.getTemplates();
+
+ if (templates != null) {
+ return templates.getAditionalAuthBlockText();
+ }
+ return null;
}
- /**
- * Sets the desired STORK Requested Attributes
- * @param requestedAttributes
- */
- public void setRequestedAttributes(RequestedAttributes requestedAttributes) {
- this.requestedAttributes = requestedAttributes;
+ public String getBKUURL(String bkutype) {
+ BKUURLS bkuurls = oa_auth.getBKUURLS();
+ if (bkuurls != null) {
+ if (bkutype.equals(ONLINEBKU))
+ return bkuurls.getOnlineBKU();
+ else if (bkutype.equals(HANDYBKU))
+ return bkuurls.getHandyBKU();
+ else if (bkutype.equals(LOCALBKU))
+ return bkuurls.getLocalBKU();
+
+ }
+ Logger.warn("BKU Type does not match: "
+ + ONLINEBKU + " or " + HANDYBKU + " or " + LOCALBKU);
+ return null;
+ }
+
+ public List<String> getBKUURL() {
+ BKUURLS bkuurls = oa_auth.getBKUURLS();
+
+ List<String> list = new ArrayList<String>();
+
+ if (bkuurls == null) {
+ Logger.warn("BKU Type does not match: "
+ + ONLINEBKU + " or " + HANDYBKU + " or " + LOCALBKU);
+ } else {
+ list.add(bkuurls.getOnlineBKU());
+ list.add(bkuurls.getHandyBKU());
+ list.add(bkuurls.getLocalBKU());
+ }
+ return list;
+ }
+
+
+ public boolean useSSO() {
+ OASSO sso = oa_auth.getOASSO();
+ if (sso != null)
+ return sso.isUseSSO();
+ else
+ return false;
+ }
+
+ public boolean useSSOQuestion() {
+ OASSO sso = oa_auth.getOASSO();
+ if (sso != null)
+ return sso.isAuthDataFrame();
+ else
+ return true;
+
+ }
+
+ public String getSingleLogOutURL() {
+ OASSO sso = oa_auth.getOASSO();
+ if (sso != null)
+ return sso.getSingleLogOutURL();
+ else
+ return null;
}
+
+///**
+// * @return the inputProcessorSignTemplateURL
+// */
+//public String getInputProcessorSignTemplateURL() {
+// return inputProcessorSignTemplateURL;
+//}
+
+///**
+// * @return the verifyInfoboxParameters
+// */
+//public VerifyInfoboxParameters getVerifyInfoboxParameters() {
+// return verifyInfoboxParameters;
+//}
+
+/**
+ * @return the mandateProfiles
+ */
+public String getMandateProfiles() {
+
+ Mandates mandates = oa_auth.getMandates();
+
+ if (mandates != null)
+ return mandates.getProfiles();
+ else
+ return null;
+}
+
+/**
+ * @return the identityLinkDomainIdentifierType
+ */
+public String getIdentityLinkDomainIdentifierType() {
+ IdentificationNumber idnumber = oa_auth.getIdentificationNumber();
+ if (idnumber != null)
+ return idnumber.getType();
+
+ return null;
+}
+
+/**
+ * @return the qaaLevel
+ */
+public QualityAuthenticationAssuranceLevel getQaaLevel() {
+ return qaaLevel;
+}
+
+/**
+ * @return the requestedAttributes
+ */
+public RequestedAttributes getRequestedAttributes() {
+ return requestedAttributes;
+}
+
+
+
+
}
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/legacy/BuildFromLegacyConfig.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/legacy/BuildFromLegacyConfig.java
new file mode 100644
index 000000000..1460668e2
--- /dev/null
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/legacy/BuildFromLegacyConfig.java
@@ -0,0 +1,591 @@
+package at.gv.egovernment.moa.id.config.legacy;
+
+import iaik.util.logging.Log;
+import iaik.x509.X509Certificate;
+
+import java.io.BufferedInputStream;
+import java.io.File;
+import java.io.FileInputStream;
+import java.io.IOException;
+import java.io.InputStream;
+import java.math.BigInteger;
+import java.util.ArrayList;
+import java.util.Arrays;
+import java.util.Collections;
+import java.util.List;
+import java.util.Map;
+import java.util.Properties;
+import java.util.Set;
+
+import org.bouncycastle.crypto.macs.OldHMac;
+import org.opensaml.saml2.metadata.RequestedAttribute;
+import org.opensaml.xml.XMLObject;
+import org.w3c.dom.Element;
+
+import eu.stork.vidp.messages.util.SAMLUtil;
+import eu.stork.vidp.messages.util.XMLUtil;
+
+import at.gv.egovernment.moa.id.commons.db.ConfigurationDBUtils;
+import at.gv.egovernment.moa.id.commons.db.dao.config.AuthComponentGeneral;
+import at.gv.egovernment.moa.id.commons.db.dao.config.AuthComponentOA;
+import at.gv.egovernment.moa.id.commons.db.dao.config.BKUURLS;
+import at.gv.egovernment.moa.id.commons.db.dao.config.CPEPS;
+import at.gv.egovernment.moa.id.commons.db.dao.config.ChainingModeType;
+import at.gv.egovernment.moa.id.commons.db.dao.config.ChainingModes;
+import at.gv.egovernment.moa.id.commons.db.dao.config.ClientKeyStore;
+import at.gv.egovernment.moa.id.commons.db.dao.config.ConnectionParameterClientAuthType;
+import at.gv.egovernment.moa.id.commons.db.dao.config.Contact;
+import at.gv.egovernment.moa.id.commons.db.dao.config.DefaultBKUs;
+import at.gv.egovernment.moa.id.commons.db.dao.config.ForeignIdentities;
+import at.gv.egovernment.moa.id.commons.db.dao.config.GeneralConfiguration;
+import at.gv.egovernment.moa.id.commons.db.dao.config.IdentificationNumber;
+import at.gv.egovernment.moa.id.commons.db.dao.config.IdentityLinkSigners;
+import at.gv.egovernment.moa.id.commons.db.dao.config.KeyName;
+import at.gv.egovernment.moa.id.commons.db.dao.config.KeyStore;
+import at.gv.egovernment.moa.id.commons.db.dao.config.LegacyAllowed;
+import at.gv.egovernment.moa.id.commons.db.dao.config.MOAIDConfiguration;
+import at.gv.egovernment.moa.id.commons.db.dao.config.MOAKeyBoxSelector;
+import at.gv.egovernment.moa.id.commons.db.dao.config.MOASP;
+import at.gv.egovernment.moa.id.commons.db.dao.config.Mandates;
+import at.gv.egovernment.moa.id.commons.db.dao.config.OAPVP2;
+import at.gv.egovernment.moa.id.commons.db.dao.config.OASAML1;
+import at.gv.egovernment.moa.id.commons.db.dao.config.OASSO;
+import at.gv.egovernment.moa.id.commons.db.dao.config.OnlineApplication;
+import at.gv.egovernment.moa.id.commons.db.dao.config.OnlineMandates;
+import at.gv.egovernment.moa.id.commons.db.dao.config.Organization;
+import at.gv.egovernment.moa.id.commons.db.dao.config.PVP2;
+import at.gv.egovernment.moa.id.commons.db.dao.config.Protocols;
+import at.gv.egovernment.moa.id.commons.db.dao.config.RequestedAttributeType;
+import at.gv.egovernment.moa.id.commons.db.dao.config.SAMLSigningParameter;
+import at.gv.egovernment.moa.id.commons.db.dao.config.SLRequestTemplates;
+import at.gv.egovernment.moa.id.commons.db.dao.config.SSO;
+import at.gv.egovernment.moa.id.commons.db.dao.config.STORK;
+import at.gv.egovernment.moa.id.commons.db.dao.config.SecurityLayer;
+import at.gv.egovernment.moa.id.commons.db.dao.config.SignatureCreationParameterType;
+import at.gv.egovernment.moa.id.commons.db.dao.config.SignatureVerificationParameterType;
+import at.gv.egovernment.moa.id.commons.db.dao.config.TemplateType;
+import at.gv.egovernment.moa.id.commons.db.dao.config.TemplatesType;
+import at.gv.egovernment.moa.id.commons.db.dao.config.TimeOuts;
+import at.gv.egovernment.moa.id.commons.db.dao.config.TransformsInfoType;
+import at.gv.egovernment.moa.id.commons.db.dao.config.TrustAnchor;
+import at.gv.egovernment.moa.id.commons.db.dao.config.VerifyAuthBlock;
+import at.gv.egovernment.moa.id.commons.db.dao.config.VerifyIdentityLink;
+import at.gv.egovernment.moa.id.config.ConfigurationException;
+import at.gv.egovernment.moa.id.config.ConfigurationProvider;
+import at.gv.egovernment.moa.id.config.auth.AuthConfigurationProvider;
+
+import at.gv.egovernment.moa.id.data.IssuerAndSerial;
+import at.gv.egovernment.moa.id.protocols.pvp2x.utils.SAML2Utils;
+import at.gv.egovernment.moa.util.Base64Utils;
+import at.gv.egovernment.moa.util.DOMUtils;
+import at.gv.egovernment.moa.util.MiscUtil;
+
+public class BuildFromLegacyConfig {
+
+ private static final String GENERIC_CONFIG_PARAM_SOURCEID = "AuthenticationServer.SourceID";
+
+ private static final String SEARCHBKUTEMPLATE_LOCAL = "https://127.0.0.1:3496/";
+ private static final String SEARCHBKUTEMPLATE_HANDY = "https://www.handy-signatur.at";
+ private static final String SEARCHBKUTEMPLATE_ONLINE = "bkuonline/http-security-layer-request";
+
+ public static MOAIDConfiguration build(File fileName, String rootConfigFileDir, MOAIDConfiguration oldconfig) throws ConfigurationException {
+ InputStream stream = null;
+ Element configElem;
+ ConfigurationBuilder builder;
+
+ Log.info("Load Legacy-Configuration from file=" + fileName);
+
+ try {
+ // load the main config file
+ stream = new BufferedInputStream(new FileInputStream(fileName));
+ configElem = DOMUtils.parseXmlValidating(stream);
+
+ } catch (Throwable t) {
+ throw new ConfigurationException("config.03", null, t);
+ }
+
+ finally {
+ try {
+ if (stream != null) {
+ stream.close();
+ }
+ } catch (IOException e) {
+
+ }
+ }
+
+ try {
+ String oldbkuonline = "";
+ String oldbkulocal = "";
+ String oldbkuhandy = "";
+
+ // build the internal datastructures
+ builder = new ConfigurationBuilder(configElem, rootConfigFileDir);
+
+
+ MOAIDConfiguration moaIDConfig = new MOAIDConfiguration();
+
+ AuthComponentGeneral generalAuth = new AuthComponentGeneral();
+ moaIDConfig.setAuthComponentGeneral(generalAuth);
+
+
+ //not supported by MOA-ID 2.0
+ //ConnectionParameter bKUConnectionParameter = builder.buildAuthBKUConnectionParameter();
+ //bKUSelectable = (bKUConnectionParameter!=null);
+ //bKUSelectionType = builder.buildAuthBKUSelectionType();
+
+
+ //Load generic Config
+ Map genericConfiguration = builder.buildGenericConfiguration();
+ GeneralConfiguration authGeneral = new GeneralConfiguration();
+
+ if (genericConfiguration.containsKey(GENERIC_CONFIG_PARAM_SOURCEID))
+ authGeneral.setAlternativeSourceID(
+ (String)genericConfiguration.get(GENERIC_CONFIG_PARAM_SOURCEID));
+
+ if (genericConfiguration.containsKey(ConfigurationProvider.TRUST_MANAGER_REVOCATION_CHECKING))
+ authGeneral.setTrustManagerRevocationChecking(
+ Boolean.valueOf((String)genericConfiguration.get(ConfigurationProvider.TRUST_MANAGER_REVOCATION_CHECKING)));
+
+ if (genericConfiguration.containsKey(ConfigurationProvider.DIRECTORY_CERTSTORE_PARAMETER_PROPERTY))
+ authGeneral.setCertStoreDirectory(
+ (String)genericConfiguration.get(ConfigurationProvider.DIRECTORY_CERTSTORE_PARAMETER_PROPERTY));
+
+
+ //Load Assertion and Session timeouts
+ TimeOuts timeOuts = new TimeOuts();
+ if (genericConfiguration.containsKey(AuthConfigurationProvider.AUTH_DATA_TIMEOUT_PROPERTY))
+ timeOuts.setAssertion(BigInteger.valueOf(Long.valueOf((String)genericConfiguration.get(AuthConfigurationProvider.AUTH_DATA_TIMEOUT_PROPERTY))));
+ else
+ timeOuts.setAssertion(BigInteger.valueOf(2*60)); //default 2min
+
+ if (genericConfiguration.containsKey(AuthConfigurationProvider.AUTH_SESSION_TIMEOUT_PROPERTY))
+ timeOuts.setAssertion(BigInteger.valueOf(Long.valueOf((String)genericConfiguration.get(AuthConfigurationProvider.AUTH_SESSION_TIMEOUT_PROPERTY))));
+ else
+ timeOuts.setAssertion(BigInteger.valueOf(30*60)); //default 30min
+
+ timeOuts.setMOASessionUpdated(BigInteger.valueOf(15*60)); //default 15min
+ authGeneral.setTimeOuts(timeOuts);
+ generalAuth.setGeneralConfiguration(authGeneral);
+
+
+ //TODO: set Protocols!!!!
+ Protocols auth_protocols = new Protocols();
+ generalAuth.setProtocols(auth_protocols);
+
+ LegacyAllowed prot_legacy = new LegacyAllowed();
+ auth_protocols.setLegacyAllowed(prot_legacy);
+ final List<String> PROTOCOLS_LEGACY_ALLOWED = Arrays.asList("id_saml1","id_pvp2x"); //TODO: set default values
+ prot_legacy.setProtocolName(PROTOCOLS_LEGACY_ALLOWED);
+
+ //TODO: remove beta test values
+ PVP2 prot_pvp2 = new PVP2();
+ auth_protocols.setPVP2(prot_pvp2);
+ prot_pvp2.setPublicURLPrefix("https://labda.iaik.tugraz.at:8443/moa-id-auth/");
+ prot_pvp2.setIssuerName("MOA-ID 2.0 Demo IDP");
+
+ Organization pvp2_org = new Organization();
+ prot_pvp2.setOrganization(pvp2_org);
+ pvp2_org.setDisplayName("OrganisationDisplayName");
+ pvp2_org.setName("OrganisatioName");
+ pvp2_org.setURL("http://www.egiz.gv.at");
+
+ List<Contact> pvp2_contacts = new ArrayList<Contact>();
+ prot_pvp2.setContact(pvp2_contacts);
+
+ Contact pvp2_contact = new Contact();
+ pvp2_contact.setCompany("OrganisationDisplayName");
+ pvp2_contact.setGivenName("Max");
+
+
+ List<String> mails = new ArrayList<String>();
+ pvp2_contact.setMail(mails);
+ mails.add("max@muster.mann");
+
+ List<String> phones = new ArrayList<String>();
+ pvp2_contact.setPhone(phones);
+ phones.add("01 5555 5555");
+
+ pvp2_contact.setSurName("Mustermann");
+ pvp2_contact.setType("technical");
+ pvp2_contacts.add(pvp2_contact);
+
+ //SSO
+ SSO auth_sso = new SSO();
+ generalAuth.setSSO(auth_sso);
+ auth_sso.setTarget("BF");
+ auth_sso.setFriendlyName("EGIZ MOAID 2.0 Beta");
+
+
+ //set SecurityLayer Transformations
+ String[] transformsInfoFileNames = builder.buildTransformsInfoFileNames(builder.getConfigElem(), ConfigurationBuilder.AUTH_SECLAYER_TRANSFORMS_INFO_FILENAME_XPATH);
+ String[] transformsInfos = builder.loadTransformsInfos(transformsInfoFileNames);
+
+ List<TransformsInfoType> auth_transformInfos = new ArrayList<TransformsInfoType>();
+ if (transformsInfos != null && transformsInfos.length > 0) {
+ for (int i=0; i<transformsInfos.length; i++) {
+
+ TransformsInfoType transforminfotype = new TransformsInfoType();
+ transforminfotype.setFilename(transformsInfoFileNames[i]);
+
+ transforminfotype.setTransformation(Base64Utils.encode(transformsInfos[i].getBytes("UTF-8")).getBytes("UTF-8"));
+ auth_transformInfos.add(transforminfotype);
+ }
+
+ }
+
+ SecurityLayer auth_securityLayer = new SecurityLayer();
+ auth_securityLayer.setTransformsInfo(auth_transformInfos);
+ generalAuth.setSecurityLayer(auth_securityLayer);
+
+
+ //set MOASP configuration
+ MOASP auth_moaSP = new MOASP();
+ generalAuth.setMOASP(auth_moaSP);
+
+ //set MOASP connection
+ ConnectionParameter moaSpConnectionParameter = builder.buildMoaSpConnectionParameter();
+ if (moaSpConnectionParameter != null) {
+ ConnectionParameterClientAuthType auth_moaSP_connection =
+ parseConnectionParameterClientAuth(moaSpConnectionParameter);
+ auth_moaSP.setConnectionParameter(auth_moaSP_connection);
+ }
+
+ //set VerifyIdentityLink
+ String moaSpIdentityLinkTrustProfileID = builder.getMoaSpIdentityLinkTrustProfileID();
+ VerifyIdentityLink auth_moaSP_verifyIdentityLink = new VerifyIdentityLink();
+ auth_moaSP_verifyIdentityLink.setTrustProfileID(moaSpIdentityLinkTrustProfileID);
+ auth_moaSP.setVerifyIdentityLink(auth_moaSP_verifyIdentityLink);
+
+ //set VerifyAuthBlock
+ String moaSpAuthBlockTrustProfileID = builder.getMoaSpAuthBlockTrustProfileID();
+ VerifyAuthBlock auth_moaSP_verifyAuthBlock = new VerifyAuthBlock();
+ auth_moaSP_verifyAuthBlock.setTrustProfileID(moaSpAuthBlockTrustProfileID);
+ String[] moaSpAuthBlockVerifyTransformsInfoIDs = builder.buildMoaSpAuthBlockVerifyTransformsInfoIDs();
+ List<String> transformlist = new ArrayList<String>();
+ Collections.addAll(transformlist, moaSpAuthBlockVerifyTransformsInfoIDs);
+ auth_moaSP_verifyAuthBlock.setVerifyTransformsInfoProfileID(transformlist);
+ auth_moaSP.setVerifyAuthBlock(auth_moaSP_verifyAuthBlock);
+
+
+ //TODO: check correctness!!!
+ //set IdentityLinkSigners
+ IdentityLinkSigners auth_idsigners = new IdentityLinkSigners();
+ generalAuth.setIdentityLinkSigners(auth_idsigners);
+ List<String> identityLinkX509SubjectNames = builder.getIdentityLink_X509SubjectNames();
+ auth_idsigners.setX509SubjectName(identityLinkX509SubjectNames);
+
+
+ //not supported by MOA-ID 2.0
+ VerifyInfoboxParameters defaultVerifyInfoboxParameters = null;
+// Node defaultVerifyInfoboxParamtersElem = XPathUtils.selectSingleNode(configElem, ConfigurationBuilder.AUTH_VERIFY_INFOBOXES_XPATH);
+// if (defaultVerifyInfoboxParamtersElem != null) {
+// defaultVerifyInfoboxParameters =
+// builder.buildVerifyInfoboxParameters((Element)defaultVerifyInfoboxParamtersElem, null, moaSpIdentityLinkTrustProfileID);
+// }
+
+
+ //Set ForeignIdentities
+ ForeignIdentities auth_foreign = new ForeignIdentities();
+ generalAuth.setForeignIdentities(auth_foreign);
+
+ //set Connection parameters
+ ConnectionParameter foreignIDConnectionParameter = builder.buildForeignIDConnectionParameter();
+ ConnectionParameterClientAuthType auth_foreign_connection =
+ parseConnectionParameterClientAuth(foreignIDConnectionParameter);
+ auth_foreign.setConnectionParameter(auth_foreign_connection);
+
+ //set STORK configuration
+ STORKConfig storkConfig = new STORKConfig(builder.buildSTORKSignatureCreationParameter(),builder.buildSTORKSignatureVerificationParameter(), builder.buildSTORKcPEPSMap());
+ STORK auth_foreign_stork = new STORK();
+ auth_foreign.setSTORK(auth_foreign_stork);
+
+ //set CPEPS
+ Map<String, at.gv.egovernment.moa.id.config.legacy.CPEPS> map = storkConfig.getCpepsMap();
+ Set<String> map_keys = map.keySet();
+ List<CPEPS> auth_foreign_stork_cpeps = new ArrayList<CPEPS>();
+ for (String key : map_keys) {
+ CPEPS cpep = new CPEPS();
+ cpep.setCountryCode(map.get(key).getCountryCode());
+ cpep.setURL(map.get(key).getPepsURL().toExternalForm()); //check correctness!!!!
+
+ List<String> cpep_reqs = new ArrayList<String>();
+
+ List<RequestedAttribute> map1 = map.get(key).getCountrySpecificRequestedAttributes();
+ for (RequestedAttribute e1 : map1) {
+ Element element = SAMLUtil.marshallMessage(e1);
+ cpep_reqs.add(XMLUtil.printXML(element));
+ }
+ cpep.setAttributeValue(cpep_reqs);
+ auth_foreign_stork_cpeps.add(cpep);
+ }
+ auth_foreign_stork.setCPEPS(auth_foreign_stork_cpeps);
+
+
+ //set SAMLSigningParameter
+ if (storkConfig.getSignatureCreationParameter() != null &&
+ storkConfig.getSignatureVerificationParameter() != null) {
+ SAMLSigningParameter auth_foreign_stork_samlSign = new SAMLSigningParameter();
+ auth_foreign_stork.setSAMLSigningParameter(auth_foreign_stork_samlSign);
+
+ SignatureCreationParameterType stork_saml_creat = new SignatureCreationParameterType();
+ auth_foreign_stork_samlSign.setSignatureCreationParameter(stork_saml_creat);
+ KeyStore stork_saml_creat_keystore = new KeyStore();
+ stork_saml_creat.setKeyStore(stork_saml_creat_keystore);
+ stork_saml_creat_keystore.setPassword(storkConfig.getSignatureCreationParameter().getKeyStorePassword());
+ stork_saml_creat_keystore.setValue(storkConfig.getSignatureCreationParameter().getKeyStorePath());
+ KeyName stork_saml_creat_keyname = new KeyName();
+ stork_saml_creat.setKeyName(stork_saml_creat_keyname);
+ stork_saml_creat_keyname.setValue(storkConfig.getSignatureCreationParameter().getKeyName());
+ stork_saml_creat_keyname.setPassword(storkConfig.getSignatureCreationParameter().getKeyPassword());
+
+
+
+ SignatureVerificationParameterType stork_saml_verify = new SignatureVerificationParameterType();
+ auth_foreign_stork_samlSign.setSignatureVerificationParameter(stork_saml_verify);
+ stork_saml_verify.setTrustProfileID(storkConfig.getSignatureVerificationParameter().getTrustProfileID());
+
+ }
+
+ //TODO: check correctness
+ //set QualityAuthenticationAssurance
+ //set RequestedAttbutes
+
+
+ //set OnlineMandates config
+ ConnectionParameter onlineMandatesConnectionParameter = builder.buildOnlineMandatesConnectionParameter();
+ if (onlineMandatesConnectionParameter != null) {
+ OnlineMandates auth_mandates = new OnlineMandates();
+ generalAuth.setOnlineMandates(auth_mandates);
+ auth_mandates.setConnectionParameter(
+ parseConnectionParameterClientAuth(onlineMandatesConnectionParameter));
+ }
+
+
+ //TODO: add auth template configuration!!!
+
+
+ if (oldconfig != null) {
+ if (oldconfig.getDefaultBKUs() != null) {
+ oldbkuhandy = oldconfig.getDefaultBKUs().getHandyBKU();
+ oldbkulocal = oldconfig.getDefaultBKUs().getLocalBKU();
+ oldbkuonline = oldconfig.getDefaultBKUs().getOnlineBKU();
+ }
+ } else {
+ List<String> trustbkus = builder.getTrustedBKUs();
+ for (String trustbku : trustbkus) {
+ if (MiscUtil.isEmpty(oldbkuonline) && trustbku.endsWith(SEARCHBKUTEMPLATE_ONLINE))
+ oldbkuonline = trustbku;
+
+ if (MiscUtil.isEmpty(oldbkuhandy) && trustbku.startsWith(SEARCHBKUTEMPLATE_HANDY))
+ oldbkuhandy = trustbku;
+
+ if (MiscUtil.isEmpty(oldbkulocal) && trustbku.startsWith(SEARCHBKUTEMPLATE_LOCAL))
+ oldbkulocal = trustbku;
+ }
+
+ }
+
+
+ //set OnlineApplications
+ OAAuthParameter[] onlineApplicationAuthParameters = builder.buildOnlineApplicationAuthParameters(defaultVerifyInfoboxParameters, moaSpIdentityLinkTrustProfileID);
+
+ ArrayList<OnlineApplication> moa_oas = new ArrayList<OnlineApplication>();
+ moaIDConfig.setOnlineApplication(moa_oas);
+
+ for (OAAuthParameter oa : onlineApplicationAuthParameters) {
+ OnlineApplication moa_oa = new OnlineApplication();
+
+ //set general OA configuration
+ moa_oa.setCalculateHPI(false); //TODO: Bernd fragen warum das nicht direkt über den Bereichsidentifyer definert wird
+ moa_oa.setFriendlyName(oa.getFriendlyName());
+ moa_oa.setKeyBoxIdentifier(MOAKeyBoxSelector.fromValue(oa.getKeyBoxIdentifier())); //TODO: check correctness
+ moa_oa.setPublicURLPrefix(oa.getPublicURLPrefix());
+ moa_oa.setTarget(oa.getTarget());
+ moa_oa.setTargetFriendlyName(oa.getTargetFriendlyName());
+ moa_oa.setType(oa.getOaType());
+ moa_oa.setIsActive(true);
+
+
+ AuthComponentOA oa_auth = new AuthComponentOA();
+ moa_oa.setAuthComponentOA(oa_auth);
+
+ //SLLayer Version / useIframe
+ oa_auth.setSlVersion(oa.getSlVersion());
+ oa_auth.setUseIFrame(false);
+ oa_auth.setUseUTC(oa.getUseUTC());
+
+
+ //BKUURLs
+ BKUURLS bkuurls = new BKUURLS();
+ bkuurls.setOnlineBKU(oldbkuonline);
+ bkuurls.setHandyBKU(oldbkuhandy);
+ bkuurls.setLocalBKU(oldbkulocal);
+ oa_auth.setBKUURLS(bkuurls);
+
+ //IdentificationNumber
+ IdentificationNumber idnumber = new IdentificationNumber();
+ idnumber.setValue(oa.getIdentityLinkDomainIdentifier());
+ idnumber.setType(oa.getIdentityLinkDomainIdentifierType());
+ oa_auth.setIdentificationNumber(idnumber);
+
+ //set Templates
+ TemplatesType templates = new TemplatesType();
+ oa_auth.setTemplates(templates);
+ templates.setAditionalAuthBlockText("");
+ TemplateType template = new TemplateType();
+ template.setURL(oa.getTemplateURL());
+ ArrayList<TemplateType> template_list = new ArrayList<TemplateType>();
+ template_list.add(template);
+ templates.setTemplate(template_list);
+
+
+ //set TransformsInfo
+ String[] transforminfos = oa.getTransformsInfos();
+ ArrayList<TransformsInfoType> oa_transforminfos = new ArrayList<TransformsInfoType>();
+ for (String e1 : transforminfos) {
+ TransformsInfoType transforminfo = new TransformsInfoType();
+ transforminfo.setFilename(e1);
+ oa_transforminfos.add(transforminfo);
+ }
+ oa_auth.setTransformsInfo(oa_transforminfos);
+
+ //VerifyInfoBoxes not supported by MOAID 2.0
+
+ //set Mandates
+ Mandates oa_mandates = new Mandates();
+ oa_auth.setMandates(oa_mandates);
+ oa_mandates.setProfiles(oa.getMandateProfiles());
+
+ //STORK
+ //TODO: OA specific STORK config is deactivated in MOA 1.5.2
+
+ //SSO
+ OASSO oa_sso = new OASSO();
+ oa_auth.setOASSO(oa_sso);
+ oa_sso.setUseSSO(true);
+ oa_sso.setSingleLogOutURL("");
+ oa_sso.setAuthDataFrame(true);
+
+ //OA_SAML1
+ OASAML1 oa_saml1 = new OASAML1();
+ oa_auth.setOASAML1(oa_saml1);
+ oa_saml1.setConditionLength(BigInteger.valueOf(oa.getConditionLength()));
+ oa_saml1.setProvideAUTHBlock(oa.getProvideAuthBlock());
+ oa_saml1.setProvideCertificate(oa.getProvideCertifcate());
+ oa_saml1.setProvideFullMandatorData(oa.getProvideFullMandatorData());
+ oa_saml1.setProvideIdentityLink(oa.getProvideIdentityLink());
+ oa_saml1.setProvideStammzahl(oa.getProvideStammzahl());
+ oa_saml1.setUseCondition(oa.getUseCondition());
+
+ //OA_PVP2
+ OAPVP2 oa_pvp2 = new OAPVP2();
+ oa_auth.setOAPVP2(oa_pvp2);
+
+// oa_pvp2.setMetadataURL("empty");
+//
+// //TODO: is only a workaround!!!!
+// Properties props = getGeneralPVP2ProperiesConfig(properies);
+// File dir = new File(props.getProperty("idp.truststore"));
+// File[] files = dir.listFiles();
+// if (files.length > 0) {
+// FileInputStream filestream = new FileInputStream(files[0]);
+// X509Certificate signerCertificate = new X509Certificate(filestream);
+// oa_pvp2.setCertificate(signerCertificate.getEncoded());
+//
+// } else {
+// oa_pvp2.setCertificate(null);
+// }
+
+ moa_oas.add(moa_oa);
+ //ConfigurationDBUtils.save(moa_oa);
+ }
+
+ //removed from MOAID 2.0 config
+ //identityLinkX509SubjectNames = builder.getIdentityLink_X509SubjectNames();
+
+
+ //set chaining modes
+ ChainingModes moa_chainingModes = new ChainingModes();
+ moaIDConfig.setChainingModes(moa_chainingModes);
+
+ ChainingModeType type = ChainingModeType.fromValue(builder.getDefaultChainingMode());
+ moa_chainingModes.setSystemDefaultMode(type);
+
+ Map<IssuerAndSerial, String> chainingModes = builder.buildChainingModes();
+ List<TrustAnchor> chaining_anchor = new ArrayList<TrustAnchor>();
+ Set<IssuerAndSerial> chaining_anchor_map = chainingModes.keySet();
+ for (IssuerAndSerial e1 : chaining_anchor_map) {
+ TrustAnchor trustanchor = new TrustAnchor();
+
+ ChainingModeType type1 = ChainingModeType.fromValue(chainingModes.get(e1));
+ trustanchor.setMode(type1);
+
+ trustanchor.setX509IssuerName(e1.getIssuerDN());
+ trustanchor.setX509SerialNumber(e1.getSerial());
+ chaining_anchor.add(trustanchor);
+ }
+ moa_chainingModes.setTrustAnchor(chaining_anchor);
+
+
+ //set trustedCACertificate path
+ moaIDConfig.setTrustedCACertificates(builder.getTrustedCACertificates());
+
+
+ //TODO: move to read config functionality
+ //trustedCACertificates = FileUtils.makeAbsoluteURL(trustedCACertificates, rootConfigFileDir);
+
+
+ //Not required in MOAID 2.0 config (DefaultBKUs & SLRequestTemplates)
+ //trustedBKUs = builder.getTrustedBKUs();
+ //trustedTemplateURLs = builder.getTrustedTemplateURLs();
+
+
+ //set DefaultBKUs
+ DefaultBKUs moa_defaultbkus = new DefaultBKUs();
+ moaIDConfig.setDefaultBKUs(moa_defaultbkus);
+ moa_defaultbkus.setOnlineBKU(oldbkuonline);
+ moa_defaultbkus.setHandyBKU(oldbkuhandy);
+ moa_defaultbkus.setLocalBKU(oldbkulocal);
+
+
+ //set SLRequest Templates
+ SLRequestTemplates moa_slrequesttemp = new SLRequestTemplates();
+ moaIDConfig.setSLRequestTemplates(moa_slrequesttemp);
+ moa_slrequesttemp.setOnlineBKU("http://localhost:8080/moa-id-auth/template_onlineBKU.html");
+ moa_slrequesttemp.setHandyBKU("http://localhost:8080/moa-id-auth/template_handyBKU.html");
+ moa_slrequesttemp.setLocalBKU("http://127.0.0.1:8080/moa-id-auth/template_localBKU.html");
+
+ return moaIDConfig;
+
+ } catch (Throwable t) {
+ throw new ConfigurationException("config.02", null, t);
+ }
+ }
+
+ private static ConnectionParameterClientAuthType parseConnectionParameterClientAuth(
+ ConnectionParameter old) {
+ ConnectionParameterClientAuthType auth_moaSP_connection = new ConnectionParameterClientAuthType();
+ auth_moaSP_connection.setURL(old.getUrl());
+
+ //TODO: remove from Database config!!!!!
+// auth_moaSP_connection.setAcceptedServerCertificates(old.getAcceptedServerCertificates());
+// ClientKeyStore auth_moaSP_connection_keyStore = new ClientKeyStore();
+// auth_moaSP_connection_keyStore.setValue(old.getClientKeyStore());
+// auth_moaSP_connection_keyStore.setPassword(old.getClientKeyStorePassword());
+// auth_moaSP_connection.setClientKeyStore(auth_moaSP_connection_keyStore);
+ return auth_moaSP_connection;
+ }
+
+ private static Properties getGeneralPVP2ProperiesConfig(Properties props) {
+ Properties configProp = new Properties();
+ for (Object key : props.keySet()) {
+ String propPrefix = "protocols.pvp2.";
+ if (key.toString().startsWith(propPrefix)) {
+ String propertyName = key.toString().substring(propPrefix.length());
+ configProp.put(propertyName, props.get(key.toString()));
+ }
+ }
+ return configProp;
+ }
+}
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/legacy/CPEPS.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/legacy/CPEPS.java
new file mode 100644
index 000000000..c191d7b2b
--- /dev/null
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/legacy/CPEPS.java
@@ -0,0 +1,98 @@
+/**
+ *
+ */
+package at.gv.egovernment.moa.id.config.legacy;
+
+import java.net.URL;
+import java.util.ArrayList;
+import java.util.List;
+
+import org.opensaml.saml2.metadata.RequestedAttribute;
+
+/**
+ * Encpasulates C-PEPS information according MOA configuration
+ *
+ * @author bzwattendorfer
+ *
+ */
+public class CPEPS {
+
+ /** Country Code of C-PEPS */
+ private String countryCode;
+
+ /** URL of C-PEPS */
+ private URL pepsURL;
+
+ /** Specific attributes to be requested for this C-PEPS */
+ private List<RequestedAttribute> countrySpecificRequestedAttributes = new ArrayList<RequestedAttribute>();
+
+ /**
+ * Constructs a C-PEPS
+ * @param countryCode ISO Country Code of C-PEPS
+ * @param pepsURL URL of C-PEPS
+ */
+ public CPEPS(String countryCode, URL pepsURL) {
+ super();
+ this.countryCode = countryCode;
+ this.pepsURL = pepsURL;
+ }
+
+ /**
+ * Gets the country code of this C-PEPS
+ * @return ISO country code
+ */
+ public String getCountryCode() {
+ return countryCode;
+ }
+
+ /**
+ * Sets the country code of this C-PEPS
+ * @param countryCode ISO country code
+ */
+ public void setCountryCode(String countryCode) {
+ this.countryCode = countryCode;
+ }
+
+ /**
+ * Gets the URL of this C-PEPS
+ * @return C-PEPS URL
+ */
+ public URL getPepsURL() {
+ return pepsURL;
+ }
+
+ /**
+ * Sets the C-PEPS URL
+ * @param pepsURL C-PEPS URL
+ */
+ public void setPepsURL(URL pepsURL) {
+ this.pepsURL = pepsURL;
+ }
+
+ /**
+ * Gets the country specific attributes of this C-PEPS
+ * @return List of country specific attributes
+ */
+ public List<RequestedAttribute> getCountrySpecificRequestedAttributes() {
+ return countrySpecificRequestedAttributes;
+ }
+
+ /**
+ * Sets the country specific attributes
+ * @param countrySpecificRequestedAttributes List of country specific requested attributes
+ */
+ public void setCountrySpecificRequestedAttributes(
+ List<RequestedAttribute> countrySpecificRequestedAttributes) {
+ this.countrySpecificRequestedAttributes = countrySpecificRequestedAttributes;
+ }
+
+ /**
+ * Adds a Requested attribute to the country specific attribute List
+ * @param countrySpecificRequestedAttribute Additional country specific requested attribute to add
+ */
+ public void addCountrySpecificRequestedAttribute(RequestedAttribute countrySpecificRequestedAttribute) {
+ this.countrySpecificRequestedAttributes.add(countrySpecificRequestedAttribute);
+ }
+
+
+}
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/ConfigurationBuilder.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/legacy/ConfigurationBuilder.java
index 839de48bf..3abc94b02 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/ConfigurationBuilder.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/legacy/ConfigurationBuilder.java
@@ -22,12 +22,13 @@
*/
-package at.gv.egovernment.moa.id.config;
+package at.gv.egovernment.moa.id.config.legacy;
import iaik.pki.pathvalidation.ChainingModes;
import iaik.utils.RFC2253NameParser;
import iaik.utils.RFC2253NameParserException;
+import java.io.IOException;
import java.math.BigInteger;
import java.net.MalformedURLException;
import java.net.URL;
@@ -51,12 +52,13 @@ import org.w3c.dom.traversal.NodeIterator;
import at.gv.egovernment.moa.id.auth.MOAIDAuthConstants;
import at.gv.egovernment.moa.id.auth.data.Schema;
import at.gv.egovernment.moa.id.auth.data.SchemaImpl;
-import at.gv.egovernment.moa.id.config.auth.OAAuthParameter;
-import at.gv.egovernment.moa.id.config.auth.VerifyInfoboxParameter;
-import at.gv.egovernment.moa.id.config.auth.VerifyInfoboxParameters;
-import at.gv.egovernment.moa.id.config.stork.CPEPS;
-import at.gv.egovernment.moa.id.config.stork.SignatureCreationParameter;
-import at.gv.egovernment.moa.id.config.stork.SignatureVerificationParameter;
+import at.gv.egovernment.moa.id.config.ConfigurationException;
+import at.gv.egovernment.moa.id.config.legacy.OAAuthParameter;
+import at.gv.egovernment.moa.id.config.legacy.VerifyInfoboxParameter;
+import at.gv.egovernment.moa.id.config.legacy.VerifyInfoboxParameters;
+import at.gv.egovernment.moa.id.config.legacy.CPEPS;
+import at.gv.egovernment.moa.id.config.legacy.SignatureCreationParameter;
+import at.gv.egovernment.moa.id.config.legacy.SignatureVerificationParameter;
import at.gv.egovernment.moa.id.data.IssuerAndSerial;
import at.gv.egovernment.moa.id.util.MOAIDMessageProvider;
import at.gv.egovernment.moa.logging.Logger;
@@ -64,6 +66,7 @@ import at.gv.egovernment.moa.util.BoolUtils;
import at.gv.egovernment.moa.util.Constants;
import at.gv.egovernment.moa.util.DOMUtils;
import at.gv.egovernment.moa.util.FileUtils;
+import at.gv.egovernment.moa.util.MiscUtil;
import at.gv.egovernment.moa.util.StringUtils;
import at.gv.egovernment.moa.util.XPathException;
import at.gv.egovernment.moa.util.XPathUtils;
@@ -72,7 +75,6 @@ import eu.stork.vidp.messages.common.STORKConstants;
import eu.stork.vidp.messages.stork.QualityAuthenticationAssuranceLevel;
import eu.stork.vidp.messages.stork.RequestedAttributes;
import eu.stork.vidp.messages.util.SAMLUtil;
-import eu.stork.vidp.messages.util.XMLUtil;
/**
* A class that builds configuration data from a DOM based representation.
@@ -406,15 +408,24 @@ public class ConfigurationBuilder {
*/
public String[] loadTransformsInfos(String[] transformsInfoFileNames) throws Exception {
- String[] transformsInfos = new String[transformsInfoFileNames.length];
- for (int i = 0; i < transformsInfoFileNames.length; i++) {
- String fileURL = transformsInfoFileNames[i];
-
- //if fileURL is relative to rootConfigFileDir make it absolute
- fileURL = FileUtils.makeAbsoluteURL(fileURL, rootConfigFileDir_);
- String transformsInfo = FileUtils.readURL(fileURL, DEFAULT_ENCODING);
- transformsInfos[i] = transformsInfo;
- }
+ String[] transformsInfos;
+
+ transformsInfos = new String[transformsInfoFileNames.length];
+ for (int i = 0; i < transformsInfoFileNames.length; i++) {
+
+ String fileURL = transformsInfoFileNames[i];
+ try {
+ // if fileURL is relative to rootConfigFileDir make it absolute
+ fileURL = FileUtils.makeAbsoluteURL(fileURL, rootConfigFileDir_);
+
+ String transformsInfo = FileUtils.readURL(fileURL, DEFAULT_ENCODING);
+ transformsInfos[i] = transformsInfo;
+
+ } catch (IOException e) {
+ Logger.info("Transformation with URL " + fileURL + " can not be loaded");
+ }
+ }
+
return transformsInfos;
}
@@ -704,28 +715,28 @@ public List getTrustedTemplateURLs() {
}
//add STORK Configuration specific to OA (RequestedAttributes, QAALevel)
- QualityAuthenticationAssuranceLevel qaaLevel = buildOaSTORKQAALevel(authComponent);
- if (qaaLevel != null) {
- oap.setQaaLevel(qaaLevel);
- Logger.debug("Using non-MOA-default STORK QAALevel for this OA " + "(" + oap.getPublicURLPrefix() + "): " + qaaLevel.getValue());
- }
+ //QualityAuthenticationAssuranceLevel qaaLevel = buildOaSTORKQAALevel(authComponent);
+ //if (qaaLevel != null) {
+ // oap.setQaaLevel(qaaLevel);
+ // Logger.debug("Using non-MOA-default STORK QAALevel for this OA " + "(" + oap.getPublicURLPrefix() + "): " + qaaLevel.getValue());
+ //}
- RequestedAttributes additionalRequestedAttributes = buildOaSTORKRequestedAttributes(authComponent);
-
- if(!additionalRequestedAttributes.getRequestedAttributes().isEmpty()) {
- //we have additional STORK attributes to request for this OA
- Logger.debug("Using non-MOA-default STORK RequestedAttributes for this OA " + "(" + oap.getPublicURLPrefix() + "): ");
- for (RequestedAttribute addReqAttr : additionalRequestedAttributes.getRequestedAttributes()) {
- if (!SAMLUtil.containsAttribute(oap.getRequestedAttributes().getRequestedAttributes(),addReqAttr.getName())) {
- addReqAttr.detach();
- oap.getRequestedAttributes().getRequestedAttributes().add(addReqAttr);
- Logger.debug("Requesting additional attribute: " + addReqAttr.getName() + ", isRequired: " + addReqAttr.isRequired());
- }
- }
+ //RequestedAttributes additionalRequestedAttributes = buildOaSTORKRequestedAttributes(authComponent);
+ //
+ //if(!additionalRequestedAttributes.getRequestedAttributes().isEmpty()) {
+ // //we have additional STORK attributes to request for this OA
+ // Logger.debug("Using non-MOA-default STORK RequestedAttributes for this OA " + "(" + oap.getPublicURLPrefix() + "): ");
+ // for (RequestedAttribute addReqAttr : additionalRequestedAttributes.getRequestedAttributes()) {
+ // if (!SAMLUtil.containsAttribute(oap.getRequestedAttributes().getRequestedAttributes(),addReqAttr.getName())) {
+ /// addReqAttr.detach();
+ // oap.getRequestedAttributes().getRequestedAttributes().add(addReqAttr);
+ // Logger.debug("Requesting additional attribute: " + addReqAttr.getName() + ", isRequired: " + addReqAttr.isRequired());
+ // }
+ // }
- } else {
- //do nothing, only request default attributes
- }
+ //} else {
+ // //do nothing, only request default attributes
+ //}
}
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/legacy/ConnectionParameter.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/legacy/ConnectionParameter.java
new file mode 100644
index 000000000..455fde9bf
--- /dev/null
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/legacy/ConnectionParameter.java
@@ -0,0 +1,130 @@
+/*
+ * Copyright 2003 Federal Chancellery Austria
+ * MOA-ID has been developed in a cooperation between BRZ, the Federal
+ * Chancellery Austria - ICT staff unit, and Graz University of Technology.
+ *
+ * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by
+ * the European Commission - subsequent versions of the EUPL (the "Licence");
+ * You may not use this work except in compliance with the Licence.
+ * You may obtain a copy of the Licence at:
+ * http://www.osor.eu/eupl/
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the Licence is distributed on an "AS IS" basis,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the Licence for the specific language governing permissions and
+ * limitations under the Licence.
+ *
+ * This product combines work with different licenses. See the "NOTICE" text
+ * file for details on the various modules and licenses.
+ * The "NOTICE" text file is part of the distribution. Any derivative works
+ * that you distribute must include a readable copy of the "NOTICE" text file.
+ */
+
+
+package at.gv.egovernment.moa.id.config.legacy;
+
+/**
+ * This bean class is used to store data for various connectionParameter
+ * within the MOA-ID configuration
+ *
+ * @author Stefan Knirsch
+ * @version $Id$
+ */
+public class ConnectionParameter {
+
+ /**
+ * Server URL
+ */
+ private String url;
+ /**
+ * File URL for a directory containing PKCS#12 server SSL certificates.
+ * From these certificates, a X509 trust store will be assembled for use
+ * by a JSSE <code>TrustManager</code>.
+ * This field will only be used in case of an HTTPS URL.
+ */
+ private String acceptedServerCertificates;
+ /**
+ * File URL of a X509 key store containing the private key to be used
+ * for an HTTPS connection when the server requires client authentication.
+ * This field will only be used in case of an HTTPS URL.
+ */
+ private String clientKeyStore;
+ /**
+ * Password protecting the client key store.
+ */
+ private String clientKeyStorePassword;
+
+ /**
+ * Checks whether the URL scheme is <code>"https"</code>.
+ * @return true in case of an URL starting with <code>"https"</code>
+ */
+ public boolean isHTTPSURL() {
+ return getUrl().indexOf("https") == 0;
+ }
+
+ /**
+ * Returns the url.
+ * @return String
+ */
+ public String getUrl() {
+ return url;
+ }
+
+ /**
+ * Returns the acceptedServerCertificates.
+ * @return String
+ */
+ public String getAcceptedServerCertificates() {
+ return acceptedServerCertificates;
+ }
+
+ /**
+ * Sets the acceptedServerCertificates.
+ * @param acceptedServerCertificates The acceptedServerCertificates to set
+ */
+ public void setAcceptedServerCertificates(String acceptedServerCertificates) {
+ this.acceptedServerCertificates = acceptedServerCertificates;
+ }
+
+ /**
+ * Sets the url.
+ * @param url The url to set
+ */
+ public void setUrl(String url) {
+ this.url = url;
+ }
+
+ /**
+ * Returns the clientKeyStore.
+ * @return String
+ */
+ public String getClientKeyStore() {
+ return clientKeyStore;
+ }
+
+ /**
+ * Returns the clientKeyStorePassword.
+ * @return String
+ */
+ public String getClientKeyStorePassword() {
+ return clientKeyStorePassword;
+ }
+
+ /**
+ * Sets the clientKeyStore.
+ * @param clientKeyStore The clientKeyStore to set
+ */
+ public void setClientKeyStore(String clientKeyStore) {
+ this.clientKeyStore = clientKeyStore;
+ }
+
+ /**
+ * Sets the clientKeyStorePassword.
+ * @param clientKeyStorePassword The clientKeyStorePassword to set
+ */
+ public void setClientKeyStorePassword(String clientKeyStorePassword) {
+ this.clientKeyStorePassword = clientKeyStorePassword;
+ }
+
+}
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/legacy/OAAuthParameter.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/legacy/OAAuthParameter.java
new file mode 100644
index 000000000..3948522c0
--- /dev/null
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/legacy/OAAuthParameter.java
@@ -0,0 +1,501 @@
+/*
+ * Copyright 2003 Federal Chancellery Austria
+ * MOA-ID has been developed in a cooperation between BRZ, the Federal
+ * Chancellery Austria - ICT staff unit, and Graz University of Technology.
+ *
+ * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by
+ * the European Commission - subsequent versions of the EUPL (the "Licence");
+ * You may not use this work except in compliance with the Licence.
+ * You may obtain a copy of the Licence at:
+ * http://www.osor.eu/eupl/
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the Licence is distributed on an "AS IS" basis,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the Licence for the specific language governing permissions and
+ * limitations under the Licence.
+ *
+ * This product combines work with different licenses. See the "NOTICE" text
+ * file for details on the various modules and licenses.
+ * The "NOTICE" text file is part of the distribution. Any derivative works
+ * that you distribute must include a readable copy of the "NOTICE" text file.
+ */
+
+
+package at.gv.egovernment.moa.id.config.legacy;
+
+import java.util.ArrayList;
+
+import org.opensaml.saml2.metadata.RequestedAttribute;
+
+import eu.stork.vidp.messages.builder.STORKMessagesBuilder;
+import eu.stork.vidp.messages.common.STORKConstants;
+import eu.stork.vidp.messages.stork.QualityAuthenticationAssuranceLevel;
+import eu.stork.vidp.messages.stork.RequestedAttributes;
+
+/**
+ * Configuration parameters belonging to an online application,
+ * to use with the MOA ID Auth component.
+ *
+ * @author Stefan Knirsch
+ * @version $Id$
+ */
+/**
+ *
+ *
+ * @author Harald Bratko
+ */
+public class OAAuthParameter extends OAParameter {
+ /**
+ * Sercurity Layer version
+ */
+ private String slVersion;
+ /**
+ * true, if the Security Layer version is version 1.2, otherwise false
+ */
+ private boolean slVersion12;
+ /**
+ * identityLinkDomainIdentifier
+ * (e.g <code>urn:publicid:gv.at+wbpk+FN468i</code> for a "Firmenbuchnummer")
+ * <br>
+ * only used within a business application context for providing it to the
+ * security layer as input for wbPK computation
+ */
+ private String identityLinkDomainIdentifier;
+ /**
+ * key box Identifier (e.g. CertifiedKeypair, SecureSignatureKeypair)
+ */
+ private String keyBoxIdentifier;
+ /**
+ * transformations for rendering in the secure viewer of the security layer
+ * implementation; multiple transformation can be given for different mime types
+ */
+ private String[] transformsInfos;
+ /**
+ * determines whether "Stammzahl" is to be included in the authentication data
+ */
+ private boolean provideStammzahl;
+ /**
+ * determines whether AUTH block is to be included in the authentication data
+ */
+ private boolean provideAuthBlock;
+ /**
+ * determines whether identity link is to be included in the authentication data
+ */
+ private boolean provideIdentityLink;
+ /**
+ * determines whether the certificate is to be included in the authentication data
+ */
+ private boolean provideCertificate;
+ /**
+ * determines whether the full mandator data (i.e. the mandate) is to be included in the authentication data
+ */
+ private boolean provideFullMandatorData;
+
+ /** determines wheter the IssueInstant of the SAML assertion is in UTC or not*/
+ private boolean useUTC;
+
+ /** determines wheter a saml:Condition is added to the SAML assertion or not */
+ private boolean useCondition;
+
+ /** determines the validity time of the SAML assertion (if useCondition is true) in seconds */
+ private int conditionLength;
+ /**
+ * url to a template for web page "Auswahl der B&uuml;rgerkartenumgebung"
+ */
+ private String bkuSelectionTemplateURL;
+ /**
+ * template for web page "Anmeldung mit B&uuml;rgerkarte"
+ */
+ private String templateURL;
+
+ /**
+ * template for web page "Signatur der Anmeldedaten"
+ */
+ private String inputProcessorSignTemplateURL;
+ /**
+ * Parameters for verifying infoboxes.
+ */
+ private VerifyInfoboxParameters verifyInfoboxParameters;
+
+ /**
+ * Parameter for Mandate profiles
+ */
+ private String mandateProfiles;
+
+ /**
+ *
+ * Type for authentication number (e.g. Firmenbuchnummer)
+ */
+ private String identityLinkDomainIdentifierType;
+
+ /**
+ * STORK QAA Level, Default = 4
+ */
+ private QualityAuthenticationAssuranceLevel qaaLevel = STORKMessagesBuilder.buildQualityAuthenticationAssuranceLevel(4);
+
+ /**
+ * STORK RequestedAttributes for Online Application
+ * Default RequestedAttributes are: eIdentifier, givenName, surname, dateOfBirth
+ */
+ private RequestedAttributes requestedAttributes = STORKMessagesBuilder.buildRequestedAttributes(
+ STORKMessagesBuilder.buildRequestedAttribute(STORKConstants.STORK_ATTRIBUTE_EIDENTIFIER, true, null),
+ STORKMessagesBuilder.buildRequestedAttribute(STORKConstants.STORK_ATTRIBUTE_GIVENNAME, true, null),
+ STORKMessagesBuilder.buildRequestedAttribute(STORKConstants.STORK_ATTRIBUTE_SURNAME, true, null),
+ STORKMessagesBuilder.buildRequestedAttribute(STORKConstants.STORK_ATTRIBUTE_DATEOFBIRTH, false, null));
+
+
+/**
+ * Returns <code>true</code> if the Security Layer version is version 1.2,
+ * otherwise <code>false</code>.
+ * @return <code>true</code> if the Security Layer version is version 1.2,
+ * otherwise <code>false</code>
+ */
+ public boolean getSlVersion12() {
+ return slVersion12;
+ }
+
+ /**
+ * Returns the security layer version.
+ * @return the security layer version.
+ */
+ public String getSlVersion() {
+ return slVersion;
+ }
+
+ /**
+ * Returns the identityLinkDomainIdentifier.
+ * @return the identityLinkDomainIdentifier.
+ */
+ public String getIdentityLinkDomainIdentifier() {
+ return identityLinkDomainIdentifier;
+ }
+
+ /**
+ * Returns the transformsInfos.
+ * @return the transformsInfos.
+ */
+ public String[] getTransformsInfos() {
+ return transformsInfos;
+ }
+
+ /**
+ * Returns the provideAuthBlock.
+ * @return String
+ */
+ public boolean getProvideAuthBlock() {
+ return provideAuthBlock;
+ }
+
+ /**
+ * Returns the provideIdentityLink.
+ * @return String
+ */
+ public boolean getProvideIdentityLink() {
+ return provideIdentityLink;
+ }
+
+ /**
+ * Returns the provideStammzahl.
+ * @return String
+ */
+ public boolean getProvideStammzahl() {
+ return provideStammzahl;
+ }
+
+ /**
+ * Returns <code>true</code> if the certificate should be provided within the
+ * authentication data, otherwise <code>false</code>.
+ * @return <code>true</code> if the certificate should be provided,
+ * otherwise <code>false</code>
+ */
+ public boolean getProvideCertifcate() {
+ return provideCertificate;
+ }
+
+ /**
+ * Returns <code>true</code> if the full mandator data should be provided within the
+ * authentication data, otherwise <code>false</code>.
+ * @return <code>true</code> if the full mandator data should be provided,
+ * otherwise <code>false</code>
+ */
+ public boolean getProvideFullMandatorData() {
+ return provideFullMandatorData;
+ }
+
+ /**
+ * Returns <code>true</code> if the IssueInstant should be given in UTC, otherwise <code>false</code>.
+ * @return <code>true</code> if the IssueInstant should be given in UTC, otherwise <code>false</code>.
+ */
+ public boolean getUseUTC() {
+ return useUTC;
+ }
+
+ /**
+ * Returns <code>true</code> if the SAML assertion should contain a saml:Condition, otherwise <code>false</code>.
+ * @return <code>true</code> if the SAML assertion should contain a saml:Condition, otherwise <code>false</code>.
+ */
+ public boolean getUseCondition() {
+ return useCondition;
+ }
+
+ /**
+ * Returns the validity time of the SAML assertion (if useCondition is true) in seconds
+ * @return the validity time of the SAML assertion (if useCondition is true) in seconds
+ */
+ public int getConditionLength() {
+ return conditionLength;
+ }
+
+
+/**
+ * Returns the key box identifier.
+ * @return String
+ */
+ public String getKeyBoxIdentifier() {
+ return keyBoxIdentifier;
+ }
+
+ /**
+ * Returns the BkuSelectionTemplate url.
+ * @return The BkuSelectionTemplate url or <code>null</code> if no url for
+ * a BkuSelectionTemplate is set.
+ */
+ public String getBkuSelectionTemplateURL() {
+ return bkuSelectionTemplateURL;
+ }
+
+ /**
+ * Returns the TemplateURL url.
+ * @return The TemplateURL url or <code>null</code> if no url for
+ * a Template is set.
+ */
+ public String getTemplateURL() {
+ return templateURL;
+ }
+
+
+ /**
+ * Returns the inputProcessorSignTemplateURL url.
+ * @return The inputProcessorSignTemplateURL url or <code>null</code> if no url for
+ * a input processor sign template is set.
+ */
+ public String getInputProcessorSignTemplateURL() {
+ return inputProcessorSignTemplateURL;
+ }
+
+ /**
+ * Returns the parameters for verifying additional infoboxes.
+ *
+ * @return The parameters for verifying additional infoboxes.
+ * Maybe <code>null</code>.
+ */
+ public VerifyInfoboxParameters getVerifyInfoboxParameters() {
+ return verifyInfoboxParameters;
+ }
+
+ /**
+ * Sets the security layer version.
+ * Also sets <code>slVersion12</code> ({@link #getSlVersion12()})
+ * to <code>true</code> if the Security Layer version is 1.2.
+ * @param slVersion The security layer version to be used.
+ */
+ public void setSlVersion(String slVersion) {
+ this.slVersion = slVersion;
+ if ("1.2".equals(slVersion)) {
+ this.slVersion12 = true;
+ }
+ }
+ /**
+ * Sets the IdentityLinkDomainIdentifier.
+ * @param identityLinkDomainIdentifier The IdentityLinkDomainIdentifiern number of the online application.
+ */
+ public void setIdentityLinkDomainIdentifier(String identityLinkDomainIdentifier) {
+ this.identityLinkDomainIdentifier = identityLinkDomainIdentifier;
+ }
+ /**
+ * Sets the transformsInfos.
+ * @param transformsInfos The transformsInfos to be used.
+ */
+ public void setTransformsInfos(String[] transformsInfos) {
+ this.transformsInfos = transformsInfos;
+ }
+
+
+/**
+ * Sets the provideAuthBlock.
+ * @param provideAuthBlock The provideAuthBlock to set
+ */
+ public void setProvideAuthBlock(boolean provideAuthBlock) {
+ this.provideAuthBlock = provideAuthBlock;
+ }
+
+ /**
+ * Sets the provideIdentityLink.
+ * @param provideIdentityLink The provideIdentityLink to set
+ */
+ public void setProvideIdentityLink(boolean provideIdentityLink) {
+ this.provideIdentityLink = provideIdentityLink;
+ }
+
+ /**
+ * Sets the provideStammzahl.
+ * @param provideStammzahl The provideStammzahl to set
+ */
+ public void setProvideStammzahl(boolean provideStammzahl) {
+ this.provideStammzahl = provideStammzahl;
+ }
+
+ /**
+ * Sets the provideCertificate variable.
+ * @param provideCertificate The provideCertificate value to set
+ */
+ public void setProvideCertificate(boolean provideCertificate) {
+ this.provideCertificate = provideCertificate;
+ }
+
+ /**
+ * Sets the provideFullMandatorData variable.
+ * @param provideFullMandatorData The provideFullMandatorData value to set
+ */
+ public void setProvideFullMandatorData(boolean provideFullMandatorData) {
+ this.provideFullMandatorData = provideFullMandatorData;
+ }
+
+ /**
+ * Sets the useUTC variable.
+ * @param useUTC The useUTC value to set
+ */
+ public void setUseUTC(boolean useUTC) {
+ this.useUTC = useUTC;
+ }
+
+ /**
+ * Sets the useCondition variable
+ * @param useCondition The useCondition value to set
+ */
+ public void setUseCondition(boolean useCondition) {
+ this.useCondition = useCondition;
+ }
+
+ /**
+ * Sets the conditionLength variable
+ * @param conditionLength the conditionLength value to set
+ */
+ public void setConditionLength(int conditionLength) {
+ this.conditionLength = conditionLength;
+ }
+
+
+ /**
+ * Sets the key box identifier.
+ * @param keyBoxIdentifier to set
+ */
+ public void setKeyBoxIdentier(String keyBoxIdentifier) {
+ this.keyBoxIdentifier = keyBoxIdentifier;
+ }
+
+ /**
+ * Sets the BkuSelectionTemplate url.
+ * @param bkuSelectionTemplateURL The url string specifying the location
+ * of a BkuSelectionTemplate.
+ */
+ public void setBkuSelectionTemplateURL(String bkuSelectionTemplateURL) {
+ this.bkuSelectionTemplateURL = bkuSelectionTemplateURL;
+ }
+
+ /**
+ * Sets the Template url.
+ * @param templateURL The url string specifying the location
+ * of a Template.
+ */
+ public void setTemplateURL(String templateURL) {
+ this.templateURL = templateURL;
+ }
+
+ /**
+ * Sets the input processor sign form template url.
+ *
+ * @param inputProcessorSignTemplateURL The url string specifying the
+ * location of the input processor sign form
+ */
+ public void setInputProcessorSignTemplateURL(String inputProcessorSignTemplateURL) {
+ this.inputProcessorSignTemplateURL = inputProcessorSignTemplateURL;
+ }
+
+ /**
+ * Sets the parameters for verifying additonal (to the identitylink infobox) infoboxes.
+ *
+ * @param verifyInfoboxParameters The verifyInfoboxParameters to set.
+ */
+ public void setVerifyInfoboxParameters(VerifyInfoboxParameters verifyInfoboxParameters) {
+ this.verifyInfoboxParameters = verifyInfoboxParameters;
+ }
+
+ /**
+ * Gets the IdentityLinkDomainIdentifier (e.g. Firmenbuchnummer)
+ * @return IdentityLinkDomainIdentifier (e.g. Firmenbuchnummer)
+ */
+ public String getIdentityLinkDomainIdentifierType() {
+ return identityLinkDomainIdentifierType;
+ }
+
+ /**
+ * Sets the IdentityLinkDomainIdentifier (e.g. Firmenbuchnummer)
+ * @param identityLinkDomainIdentifierType The IdentityLinkDomainIdentifier to set (e.g. Firmenbuchnummer)
+ */
+ public void setIdentityLinkDomainIdentifierType(String identityLinkDomainIdentifierType) {
+ this.identityLinkDomainIdentifierType = identityLinkDomainIdentifierType;
+ }
+
+ /**
+ * Sets the Mandate/Profiles
+ * @param profiles
+ */
+ public void setMandateProfiles(String profiles) {
+ this.mandateProfiles = profiles;
+ }
+
+ /**
+ * Returns the Mandates/Profiles
+ * @return
+ */
+ public String getMandateProfiles() {
+ return this.mandateProfiles;
+ }
+
+ /**
+ * Returns the defined STORK QAALevel
+ * @return STORK QAALevel
+ */
+ public QualityAuthenticationAssuranceLevel getQaaLevel() {
+ return qaaLevel;
+ }
+
+ /**
+ * Sets the STORK QAALevel
+ * @param qaaLevel
+ */
+ public void setQaaLevel(QualityAuthenticationAssuranceLevel qaaLevel) {
+ this.qaaLevel = qaaLevel;
+ }
+
+ /**
+ * Returns the desired STORK Requested Attributes
+ * @return STORK Requested Attributes
+ */
+ public RequestedAttributes getRequestedAttributes() {
+ return requestedAttributes;
+ }
+
+ /**
+ * Sets the desired STORK Requested Attributes
+ * @param requestedAttributes
+ */
+ public void setRequestedAttributes(RequestedAttributes requestedAttributes) {
+ this.requestedAttributes = requestedAttributes;
+ }
+
+
+
+}
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/legacy/OAParameter.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/legacy/OAParameter.java
new file mode 100644
index 000000000..de449cbcf
--- /dev/null
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/legacy/OAParameter.java
@@ -0,0 +1,164 @@
+/*
+ * Copyright 2003 Federal Chancellery Austria
+ * MOA-ID has been developed in a cooperation between BRZ, the Federal
+ * Chancellery Austria - ICT staff unit, and Graz University of Technology.
+ *
+ * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by
+ * the European Commission - subsequent versions of the EUPL (the "Licence");
+ * You may not use this work except in compliance with the Licence.
+ * You may obtain a copy of the Licence at:
+ * http://www.osor.eu/eupl/
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the Licence is distributed on an "AS IS" basis,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the Licence for the specific language governing permissions and
+ * limitations under the Licence.
+ *
+ * This product combines work with different licenses. See the "NOTICE" text
+ * file for details on the various modules and licenses.
+ * The "NOTICE" text file is part of the distribution. Any derivative works
+ * that you distribute must include a readable copy of the "NOTICE" text file.
+ */
+
+
+package at.gv.egovernment.moa.id.config.legacy;
+
+/**
+ * Configuration parameters belonging to an online application,
+ * to be used within both, the MOA ID Auth and the
+ * MOA ID PROXY component.
+ *
+ * @author Harald Bratko
+ */
+public class OAParameter {
+
+ /**
+ * type of the online application (maybe "PublicService" or "BusinessService")
+ */
+ private String oaType;
+
+ /**
+ * specifies whether the online application is a business application or not
+ * (<code>true</code> if value of {@link #oaType} is "businessService"
+ */
+ private boolean businessService;
+
+ /**
+ * public URL prefix of the online application
+ */
+ private String publicURLPrefix;
+
+ /**
+ * specifies a human readable name of the Online Application
+ */
+ private String friendlyName;
+
+ /**
+ * specified a specific target for the Online Application (overwrites the target in der request)
+ */
+ private String target;
+ /**
+ * specifies a friendly name for the target
+ */
+ private String targetFriendlyName;
+
+ /**
+ * Returns the type of the online application.
+ * @return the type of the online application.
+ */
+ public String getOaType() {
+ return oaType;
+ }
+
+ /**
+ * Returns <code>true</code> is the OA is a businss application, otherwise
+ * <code>false</code>.
+ * @return <code>true</code> is the OA is a businss application, otherwise
+ * <code>false</code>
+ */
+ public boolean getBusinessService() {
+ return this.businessService;
+ }
+
+ /**
+ * Returns the publicURLPrefix.
+ * @return String
+ */
+ public String getPublicURLPrefix() {
+ return publicURLPrefix;
+ }
+
+ /**
+ *
+ * Sets the type of the online application.
+ * If the type is "businessService" the value of <code>businessService</code>
+ * ({@link #getBusinessService()}) is also set to <code>true</code>
+ * @param oaType The type of the online application.
+ */
+ public void setOaType(String oaType) {
+ this.oaType = oaType;
+ if ("businessService".equalsIgnoreCase(oaType)) {
+ this.businessService = true;
+ }
+ }
+
+ /**
+ * Sets the publicURLPrefix.
+ * @param publicURLPrefix The publicURLPrefix to set
+ */
+ public void setPublicURLPrefix(String publicURLPrefix) {
+ this.publicURLPrefix = publicURLPrefix;
+ }
+
+
+ /**
+ * Gets the friendly name of the OA
+ * @return Friendly Name of the OA
+ */
+ public String getFriendlyName() {
+ return friendlyName;
+ }
+
+ /**
+ * Sets the friendly name of the OA
+ * @param friendlyName
+ */
+ public void setFriendlyName(String friendlyName) {
+ this.friendlyName = friendlyName;
+ }
+
+ /**
+ * Gets the target of the OA
+ * @return target of the OA
+ */
+ public String getTarget() {
+ return target;
+ }
+
+ /**
+ * Sets the target of the OA
+ * @param target
+ */
+ public void setTarget(String target) {
+ this.target = target;
+ }
+
+ /**
+ * Gets the target friendly name of the OA
+ * @return target Friendly Name of the OA
+ */
+ public String getTargetFriendlyName() {
+ return targetFriendlyName;
+ }
+
+ /**
+ * Sets the target friendly name of the OA
+ * @param targetFriendlyName
+ */
+ public void setTargetFriendlyName(String targetFriendlyName) {
+ this.targetFriendlyName = targetFriendlyName;
+ }
+
+
+}
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/legacy/STORKConfig.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/legacy/STORKConfig.java
new file mode 100644
index 000000000..2d0a91fb9
--- /dev/null
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/legacy/STORKConfig.java
@@ -0,0 +1,90 @@
+/**
+ *
+ */
+package at.gv.egovernment.moa.id.config.legacy;
+
+import java.util.HashMap;
+import java.util.Map;
+
+import at.gv.egovernment.moa.util.StringUtils;
+
+/**
+ * Encapsulates several STORK configuration parameters according MOA configuration
+ *
+ * @author bzwattendorfer
+ *
+ */
+public class STORKConfig {
+
+ /** STORK SAML signature creation parameters */
+ private SignatureCreationParameter signatureCreationParameter;
+
+ /** STORK SAML signature verification parameters */
+ private SignatureVerificationParameter signatureVerificationParameter;
+
+ /** Map of supported C-PEPSs */
+ private Map<String, CPEPS> cpepsMap = new HashMap<String, CPEPS>();
+
+
+ /**
+ * Constructs a STORK Config object
+ * @param signatureCreationParameter STORK SAML Signature creation parameters
+ * @param signatureVerificationParameter STORK SAML Signature verification parameters
+ * @param cpepsMap Map of supported C-PEPS
+ */
+ public STORKConfig(SignatureCreationParameter signatureCreationParameter,
+ SignatureVerificationParameter signatureVerificationParameter,
+ Map<String, CPEPS> cpepsMap) {
+ super();
+ this.signatureCreationParameter = signatureCreationParameter;
+ this.signatureVerificationParameter = signatureVerificationParameter;
+ this.cpepsMap = cpepsMap;
+ }
+
+ public SignatureCreationParameter getSignatureCreationParameter() {
+ return signatureCreationParameter;
+ }
+
+ public void setSignatureCreationParameter(
+ SignatureCreationParameter signatureCreationParameter) {
+ this.signatureCreationParameter = signatureCreationParameter;
+ }
+
+ public SignatureVerificationParameter getSignatureVerificationParameter() {
+ return signatureVerificationParameter;
+ }
+
+ public void setSignatureVerificationParameter(
+ SignatureVerificationParameter signatureVerificationParameter) {
+ this.signatureVerificationParameter = signatureVerificationParameter;
+ }
+
+ public Map<String, CPEPS> getCpepsMap() {
+ return cpepsMap;
+ }
+
+ public void setCpepsMap(Map<String, CPEPS> cpepsMap) {
+ this.cpepsMap = cpepsMap;
+ }
+
+ public boolean isSTORKAuthentication(String ccc) {
+
+ if (StringUtils.isEmpty(ccc) || this.cpepsMap.isEmpty())
+ return false;
+
+ if (this.cpepsMap.containsKey(ccc.toUpperCase()))
+ return true;
+ else
+ return false;
+
+ }
+
+ public CPEPS getCPEPS(String ccc) {
+ if (isSTORKAuthentication(ccc))
+ return this.cpepsMap.get(ccc);
+ else
+ return null;
+ }
+
+
+}
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/legacy/SignatureCreationParameter.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/legacy/SignatureCreationParameter.java
new file mode 100644
index 000000000..fcccf41f0
--- /dev/null
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/legacy/SignatureCreationParameter.java
@@ -0,0 +1,112 @@
+/*
+ * Copyright 2003 Federal Chancellery Austria
+ * MOA-ID has been developed in a cooperation between BRZ, the Federal
+ * Chancellery Austria - ICT staff unit, and Graz University of Technology.
+ *
+ * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by
+ * the European Commission - subsequent versions of the EUPL (the "Licence");
+ * You may not use this work except in compliance with the Licence.
+ * You may obtain a copy of the Licence at:
+ * http://www.osor.eu/eupl/
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the Licence is distributed on an "AS IS" basis,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the Licence for the specific language governing permissions and
+ * limitations under the Licence.
+ *
+ * This product combines work with different licenses. See the "NOTICE" text
+ * file for details on the various modules and licenses.
+ * The "NOTICE" text file is part of the distribution. Any derivative works
+ * that you distribute must include a readable copy of the "NOTICE" text file.
+ */
+
+package at.gv.egovernment.moa.id.config.legacy;
+
+/**
+ * Encapsulates signature creation parameters according MOA configuration
+ *
+ * @author bzwattendorfer
+ *
+ */
+public class SignatureCreationParameter {
+
+ /** KeyStore Path */
+ private String keyStorePath;
+
+ /** KeyStore Password */
+ private String keyStorePassword;
+
+ /** Signing Key Name */
+ private String keyName;
+
+ /** Signing Key Password */
+ private String keyPassword;
+
+ /**
+ * Gets the KeyStore Path
+ * @return File Path to KeyStore
+ */
+ public String getKeyStorePath() {
+ return keyStorePath;
+ }
+
+ /**
+ * Sets the KeyStore Path
+ * @param keyStorePath Path to KeyStore
+ */
+ public void setKeyStorePath(String keyStorePath) {
+ this.keyStorePath = keyStorePath;
+ }
+
+ /**
+ * Gets the KeyStore Password
+ * @return Password to KeyStore
+ */
+ public String getKeyStorePassword() {
+ return keyStorePassword;
+ }
+
+ /**
+ * Sets the KeyStore Password
+ * @param keyStorePassword Password to KeyStore
+ */
+ public void setKeyStorePassword(String keyStorePassword) {
+ this.keyStorePassword = keyStorePassword;
+ }
+
+ /**
+ * Gets the Signing Key Name
+ * @return Siging Key Name
+ */
+ public String getKeyName() {
+ return keyName;
+ }
+
+ /**
+ * Sets the Signing Key Name
+ * @param keyName Signing Key Name
+ */
+ public void setKeyName(String keyName) {
+ this.keyName = keyName;
+ }
+
+ /**
+ * Gets the Signing Key Password
+ * @return Signing Key Password
+ */
+ public String getKeyPassword() {
+ return keyPassword;
+ }
+
+ /**
+ * Sets the Signing Key Password
+ * @param keyPassword Signing Key Password
+ */
+ public void setKeyPassword(String keyPassword) {
+ this.keyPassword = keyPassword;
+ }
+
+
+
+}
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/legacy/SignatureVerificationParameter.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/legacy/SignatureVerificationParameter.java
new file mode 100644
index 000000000..d01c8e541
--- /dev/null
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/legacy/SignatureVerificationParameter.java
@@ -0,0 +1,35 @@
+/**
+ *
+ */
+package at.gv.egovernment.moa.id.config.legacy;
+
+/**
+ * Encapsulates Signature Verification data for STORK according MOA configuration
+ *
+ * @author bzwattendorfer
+ *
+ */
+public class SignatureVerificationParameter {
+
+ /** ID of the MOA-SP TrustProfile to be used for STORK SAML signature verification */
+ private String trustProfileID;
+
+ /**
+ * Gets the MOA-SP TrustProfileID
+ * @return TrustProfileID of MOA-SP for STORK signature verification
+ */
+ public String getTrustProfileID() {
+ return trustProfileID;
+ }
+
+ /**
+ * Sets the MOA-SP TrustProfileID
+ * @param trustProfileID TrustProfileID of MOA-SP for STORK signature verification
+ */
+ public void setTrustProfileID(String trustProfileID) {
+ this.trustProfileID = trustProfileID;
+ }
+
+
+
+}
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/legacy/VerifyInfoboxParameter.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/legacy/VerifyInfoboxParameter.java
new file mode 100644
index 000000000..a482da430
--- /dev/null
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/legacy/VerifyInfoboxParameter.java
@@ -0,0 +1,411 @@
+/*
+ * Copyright 2003 Federal Chancellery Austria
+ * MOA-ID has been developed in a cooperation between BRZ, the Federal
+ * Chancellery Austria - ICT staff unit, and Graz University of Technology.
+ *
+ * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by
+ * the European Commission - subsequent versions of the EUPL (the "Licence");
+ * You may not use this work except in compliance with the Licence.
+ * You may obtain a copy of the Licence at:
+ * http://www.osor.eu/eupl/
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the Licence is distributed on an "AS IS" basis,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the Licence for the specific language governing permissions and
+ * limitations under the Licence.
+ *
+ * This product combines work with different licenses. See the "NOTICE" text
+ * file for details on the various modules and licenses.
+ * The "NOTICE" text file is part of the distribution. Any derivative works
+ * that you distribute must include a readable copy of the "NOTICE" text file.
+ */
+
+
+package at.gv.egovernment.moa.id.config.legacy;
+
+import java.io.IOException;
+import java.util.Iterator;
+import java.util.List;
+
+import javax.xml.transform.TransformerException;
+
+import org.apache.xpath.XPathAPI;
+import org.w3c.dom.Element;
+import org.w3c.dom.Node;
+import org.w3c.dom.NodeList;
+
+import at.gv.egovernment.moa.id.auth.data.Schema;
+import at.gv.egovernment.moa.util.Constants;
+import at.gv.egovernment.moa.util.DOMUtils;
+import at.gv.egovernment.moa.util.StringUtils;
+
+/**
+ * This class is a container for parameters that maybe needed for verifying an infobox.
+ *
+ * @author Harald Bratko
+ */
+public class VerifyInfoboxParameter {
+
+ /**
+ * The default package name (first part) of a infobox validator class.
+ */
+ public static final String DEFAULT_PACKAGE_TRUNK = "at.gv.egovernment.moa.id.auth.validator.";
+
+ /**
+ * The identifier of the infobox to be verified. This identifier must exactly the
+ * identifier of the infobox returned by BKU.
+ */
+ protected String identifier_;
+
+ /**
+ * The friendly name of the infobox.
+ * This name is used within browser messages, thus it should be the german equivalent of
+ * the {@link #identifier_ infobox identifier} (e.g. &quot;<code>Stellvertretungen</code>&quot;
+ * for &quot;<code>Mandates</code>&quot; or &quot;<code>GDAToken</code>&quot; for
+ * &quot;<code>EHSPToken</code>&quot;.
+ * <br>If not specified within the config file the {@link #identifier_ infobox identifier}
+ * will be used.
+ */
+ protected String friendlyName_;
+
+ /**
+ * The Id of the TrustProfile to be used for validating certificates.
+ */
+ protected String trustProfileID_;
+
+ /**
+ * The full name of the class to be used for verifying the infobox.
+ */
+ protected String validatorClassName_;
+
+ /**
+ * Schema location URIs that may be needed by the
+ * validator to parse infobox tokens.
+ * Each entry in the list is a {@link at.gv.egovernment.moa.id.auth.data.Schema Schema}
+ * specifying the location of an XML schema.
+ */
+ protected List schemaLocations_;
+
+ /**
+ * Application specific parameters that may be needed for verifying an infobox.
+ */
+ protected Element applicationSpecificParams_;
+
+ /**
+ * Specifies if the infobox is be required to be returned by the BKU.
+ */
+ protected boolean required_;
+
+ /**
+ * Specifies whether the <code>Stammzahl</code> should be passed to the verifying
+ * application or not.
+ */
+ protected boolean provideStammzahl_;
+
+ /**
+ * Specifies whether the <code>identity link</code> should be passed to the verifying
+ * application or not.
+ */
+ protected boolean provideIdentityLink_;
+
+ /**
+ * Initializes this VerifiyInfoboxParamater with the given identifier and a default
+ * validator class name.
+ *
+ * @param identifier The identifier of the infobox to be verified.
+ */
+ public VerifyInfoboxParameter(String identifier) {
+ identifier_ = identifier;
+ StringBuffer sb = new StringBuffer(DEFAULT_PACKAGE_TRUNK);
+ sb.append(identifier.toLowerCase());
+ sb.append(".");
+ sb.append(identifier.substring(0, 1).toUpperCase());
+ sb.append(identifier.substring(1));
+ sb.append("Validator");
+ validatorClassName_ = sb.toString();
+ }
+
+ /**
+ * Returns application specific parameters.
+ * Each child element of this element contains a verifying application specific parameter. {@link #applicationSpecificParams_}
+ *
+ * @see #applicationSpecificParams_
+ *
+ * @return Application specific parameters.
+ */
+ public Element getApplicationSpecificParams() {
+ return applicationSpecificParams_;
+ }
+
+ /**
+ * Sets the application specific parameters.
+ *
+ * @see #applicationSpecificParams_
+ *
+ * @param applicationSpecificParams The application specific parameters to set.
+ */
+ public void setApplicationSpecificParams(Element applicationSpecificParams) {
+ applicationSpecificParams_ = applicationSpecificParams;
+ }
+
+ /**
+ * Appends special application specific parameters for party representation.
+ *
+ * @param applicationSpecificParams The application specific parameters for party representation to set.
+ */
+ public void appendParepSpecificParams(Element applicationSpecificParams) {
+ try {
+ if (applicationSpecificParams_==null) {
+ applicationSpecificParams_ = applicationSpecificParams.getOwnerDocument().createElement("ApplicationSpecificParameters");
+ }
+ Element nameSpaceNode = applicationSpecificParams.getOwnerDocument().createElement("NameSpaceNode");
+ nameSpaceNode.setAttribute("xmlns:" + Constants.MOA_ID_CONFIG_PREFIX, Constants.MOA_ID_CONFIG_NS_URI);
+ NodeList nodeList = XPathAPI.selectNodeList(applicationSpecificParams, "*", nameSpaceNode);
+ if (null!=nodeList) {
+ for (int i=0; i<nodeList.getLength(); i++) {
+ applicationSpecificParams_.appendChild((Node) nodeList.item(i));
+ }
+ }
+ } catch (TransformerException e) {
+ //Do nothing
+ }
+ }
+
+ /**
+ * Returns the friendly name.
+ *
+ * @see #friendlyName_
+ *
+ * @return The friendly name.
+ */
+ public String getFriendlyName() {
+ return friendlyName_;
+ }
+
+ /**
+ * Sets the friendly name.
+ *
+ * @param friendlyName The friendly name to set.
+ */
+ public void setFriendlyName(String friendlyName) {
+ friendlyName_ = friendlyName;
+ }
+
+ /**
+ * Returns the infobox identifier.
+ *
+ * @see #identifier_
+ *
+ * @return The infobox identifier.
+ */
+ public String getIdentifier() {
+ return identifier_;
+ }
+
+ /**
+ * Sets the the infobox identifier.
+ *
+ * @see #identifier_
+ *
+ * @param identifier The infobox identifier to set.
+ */
+ public void setIdentifier(String identifier) {
+ identifier_ = identifier;
+ }
+
+ /**
+ * Specifies whether the identity link should be passed to the verifying application
+ * or not.
+ *
+ * @return <code>True</code> if the identity link should be passed to the verifying
+ * application, otherwise <code>false</code>.
+ */
+ public boolean getProvideIdentityLink() {
+ return provideIdentityLink_;
+ }
+
+ /**
+ * Sets the {@link #provideIdentityLink_} parameter.
+ *
+ * @param provideIdentityLink <code>True</code> if the identity link should be passed to
+ * the verifying application, otherwise <code>false</code>.
+ */
+ public void setProvideIdentityLink(boolean provideIdentityLink) {
+ provideIdentityLink_ = provideIdentityLink;
+ }
+
+ /**
+ * Specifies whether the <code>Stammzahl</code> should be passed to the verifying
+ * application or not.
+ *
+ * @return <code>True</code> if the <code>Stammzahl</code> should be passed to the
+ * verifying application, otherwise <code>false</code>.
+ */
+ public boolean getProvideStammzahl() {
+ return provideStammzahl_;
+ }
+
+ /**
+ * Sets the {@link #provideStammzahl_} parameter.
+ *
+ * @param provideStammzahl <code>True</code> if the <code>Stammzahl</code> should be
+ * passed to the verifying application, otherwise <code>false</code>.
+ */
+ public void setProvideStammzahl(boolean provideStammzahl) {
+ provideStammzahl_ = provideStammzahl;
+ }
+
+ /**
+ * Specifies whether the infobox is required or not.
+ *
+ * @return <code>True</code> if the infobox is required to be returned by the BKU,
+ * otherwise <code>false</code>.
+ */
+ public boolean isRequired() {
+ return required_;
+ }
+
+ /**
+ * Sets the {@link #required_} parameter.
+ *
+ * @param required <code>True</code> if the infobox is required to be returned by the
+ * BKU, otherwise <code>false</code>.
+ */
+ public void setRequired(boolean required) {
+ required_ = required;
+ }
+
+ /**
+ * Schema location URIs that may be needed by the
+ * validator to parse infobox tokens.
+ * Each entry in the list is a {@link at.gv.egovernment.moa.id.auth.data.Schema Schema}
+ * specifying the location of an XML schema.
+ *
+ * @return A list of {@link at.gv.egovernment.moa.id.auth.data.Schema Schema} objects
+ * each of them specifying the location of an XML schema.
+ */
+ public List getSchemaLocations() {
+ return schemaLocations_;
+ }
+
+ /**
+ * Sets the schema locations.
+ *
+ * @see #schemaLocations_
+ *
+ * @param schemaLocations The schema location list to be set.
+ */
+ public void setSchemaLocations(List schemaLocations) {
+ schemaLocations_ = schemaLocations;
+ }
+
+ /**
+ * Returns the ID of the trust profile to be used for verifying certificates.
+ *
+ * @return The ID of the trust profile to be used for verifying certificates.
+ * Maybe <code>null</code>.
+ */
+ public String getTrustProfileID() {
+ return trustProfileID_;
+ }
+
+ /**
+ * Sets the ID of the trust profile to be used for verifying certificates.
+ *
+ * @param trustProfileID The ID of the trust profile to be used for verifying certificates.
+ */
+ public void setTrustProfileID(String trustProfileID) {
+ trustProfileID_ = trustProfileID;
+ }
+
+ /**
+ * Returns the name of the class to be used for verifying this infobox.
+ *
+ * @return The name of the class to be used for verifying this infobox.
+ */
+ public String getValidatorClassName() {
+ return validatorClassName_;
+ }
+
+ /**
+ * Sets the name of the class to be used for verifying this infobox.
+ *
+ * @param validatorClassName The name of the class to be used for verifying this infobox.
+ */
+ public void setValidatorClassName(String validatorClassName) {
+ validatorClassName_ = validatorClassName;
+ }
+
+ /**
+ * Get a string representation of this object.
+ * This method is for debugging purposes only.
+ *
+ * @return A string representation of this object.
+ */
+ public String toString() {
+
+ StringBuffer buffer = new StringBuffer(1024);
+
+ buffer.append(" <Infobox Identifier=\"");
+ buffer.append(identifier_);
+ buffer.append("\" required=\"");
+ buffer.append(required_);
+ buffer.append("\" provideStammzahl=\"");
+ buffer.append(provideStammzahl_);
+ buffer.append("\" provideIdentityLink=\"");
+ buffer.append(provideIdentityLink_);
+ buffer.append("\">");
+ buffer.append("\n");
+ if (friendlyName_ != null) {
+ buffer.append(" <FriendlyName>");
+ buffer.append(friendlyName_);
+ buffer.append("</FriendlyName>");
+ buffer.append("\n");
+ }
+ if (trustProfileID_ != null) {
+ buffer.append(" <TrustProfileID>");
+ buffer.append(trustProfileID_);
+ buffer.append("</TrustProfileID>");
+ buffer.append("\n");
+ }
+ if (validatorClassName_ != null) {
+ buffer.append(" <ValidatorClass>");
+ buffer.append(validatorClassName_);
+ buffer.append("</ValidatorClass>");
+ buffer.append("\n");
+ }
+ if (schemaLocations_ != null) {
+ buffer.append(" <SchemaLocations>");
+ buffer.append("\n");
+ Iterator it = schemaLocations_.iterator();
+ while (it.hasNext()) {
+ buffer.append(" <Schema namespace=\"");
+ Schema schema = (Schema)it.next();
+ buffer.append(schema.getNamespace());
+ buffer.append("\" schemaLocation=\"");
+ buffer.append(schema.getSchemaLocation());
+ buffer.append("\"/>\n");
+ }
+ buffer.append(" </SchemaLocations>");
+ buffer.append("\n");
+ }
+ if (applicationSpecificParams_ != null) {
+ try {
+ String applicationSpecificParams = DOMUtils.serializeNode(applicationSpecificParams_);
+ buffer.append(" ");
+ buffer.append(StringUtils.removeXMLDeclaration(applicationSpecificParams));
+ buffer.append("\n");
+ } catch (TransformerException e) {
+ // do nothing
+ } catch (IOException e) {
+ // do nothing
+ }
+ }
+ buffer.append(" </Infobox>");
+
+
+ return buffer.toString() ;
+ }
+
+}
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/legacy/VerifyInfoboxParameters.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/legacy/VerifyInfoboxParameters.java
new file mode 100644
index 000000000..c7f5aa7ff
--- /dev/null
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/legacy/VerifyInfoboxParameters.java
@@ -0,0 +1,159 @@
+/*
+ * Copyright 2003 Federal Chancellery Austria
+ * MOA-ID has been developed in a cooperation between BRZ, the Federal
+ * Chancellery Austria - ICT staff unit, and Graz University of Technology.
+ *
+ * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by
+ * the European Commission - subsequent versions of the EUPL (the "Licence");
+ * You may not use this work except in compliance with the Licence.
+ * You may obtain a copy of the Licence at:
+ * http://www.osor.eu/eupl/
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the Licence is distributed on an "AS IS" basis,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the Licence for the specific language governing permissions and
+ * limitations under the Licence.
+ *
+ * This product combines work with different licenses. See the "NOTICE" text
+ * file for details on the various modules and licenses.
+ * The "NOTICE" text file is part of the distribution. Any derivative works
+ * that you distribute must include a readable copy of the "NOTICE" text file.
+ */
+
+
+package at.gv.egovernment.moa.id.config.legacy;
+
+import java.util.Hashtable;
+import java.util.Iterator;
+import java.util.List;
+import java.util.Map;
+
+/**
+ * This class contains the parameters for verifying all the infoboxes configured for an
+ * online application.
+ *
+ * @author Harald Bratko
+ */
+public class VerifyInfoboxParameters {
+
+ /**
+ * A map of {@link VerifyInfoboxParameter} objects.
+ * Each of these objects contains parameters that maybe needed for validating an
+ * infobox.
+ */
+ protected Map infoboxParameters_;
+
+ /**
+ * A list of the identifiers of the infoboxes supported by this
+ * VerifyInfoboxParameters;
+ */
+ protected List identifiers_;
+
+ /**
+ * Holds the (comma separated) identifiers of those infoboxes MOA-IF is able to validate
+ * in the context of the actual online application.
+ * The string will be added as value of the <code>PushInfobox</code> parameter in the
+ * HTML form used for reading the infoboxes from the BKU.
+ */
+ protected String pushInfobox_;
+
+ /**
+ * Initializes this VerifyInfoboxParameters with an empty {@link #infoboxParameters_}
+ * map.
+ */
+ public VerifyInfoboxParameters() {
+ infoboxParameters_ = new Hashtable();
+ pushInfobox_ = "";
+ }
+
+ /**
+ * Initializes this VerifyInfoboxParameters with the given
+ * <code>infoboxParameters</code> map and builds the {@link #pushInfobox_} string
+ * from the keys of the given map.
+ */
+ public VerifyInfoboxParameters(List identifiers, Map infoboxParameters) {
+ identifiers_ = identifiers;
+ infoboxParameters_ = infoboxParameters;
+ // build the pushInfobox string
+ if ((identifiers != null) && (!identifiers.isEmpty())) {
+ StringBuffer identifiersSB = new StringBuffer();
+ int identifiersNum = identifiers.size();
+ int i = 1;
+ Iterator it = identifiers.iterator();
+ while (it.hasNext()) {
+ identifiersSB.append((String)it.next());
+ if (i != identifiersNum) {
+ identifiersSB.append(",");
+ }
+ i++;
+ }
+ pushInfobox_ = identifiersSB.toString();
+ } else {
+ pushInfobox_ = "";
+ }
+ }
+
+ /**
+ * Returns the (comma separated) identifiers of the infoboxes configured for the actual
+ * online application.
+ *
+ * @see #pushInfobox_
+ *
+ * @return The (comma separated) identifiers of the infoboxes configured for the actual
+ * online application.
+ */
+ public String getPushInfobox() {
+ return pushInfobox_;
+ }
+
+ /**
+ * Sets the {@link #pushInfobox_} string.
+ *
+ * @param pushInfobox The pushInfobox string to be set.
+ */
+ public void setPushInfobox(String pushInfobox) {
+ pushInfobox_ = pushInfobox;
+ }
+
+ /**
+ * Returns map of {@link VerifyInfoboxParameter} objects.
+ * Each of these objects contains parameters that maybe needed for validating an
+ * infobox.
+ *
+ * @return The map of {@link VerifyInfoboxParameter} objects.
+ */
+ public Map getInfoboxParameters() {
+ return infoboxParameters_;
+ }
+
+ /**
+ * Sets the map of {@link VerifyInfoboxParameter} objects.
+ *
+ * @see #infoboxParameters_
+ *
+ * @param infoboxParameters The infoboxParameters to set.
+ */
+ public void setInfoboxParameters(Map infoboxParameters) {
+ infoboxParameters_ = infoboxParameters;
+ }
+
+ /**
+ * Returns the identifiers of the supported infoboxes.
+ *
+ * @return The identifiers.
+ */
+ public List getIdentifiers() {
+ return identifiers_;
+ }
+
+ /**
+ * Sets the identifiers.
+ *
+ * @param identifiers The identifiers to set.
+ */
+ public void setIdentifiers(List identifiers) {
+ identifiers_ = identifiers;
+ }
+
+}
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/proxy/OAProxyParameter.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/proxy/OAProxyParameter.java
index ed0de8ebe..d14d570ab 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/proxy/OAProxyParameter.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/proxy/OAProxyParameter.java
@@ -24,8 +24,8 @@
package at.gv.egovernment.moa.id.config.proxy;
-import at.gv.egovernment.moa.id.config.ConnectionParameter;
-import at.gv.egovernment.moa.id.config.OAParameter;
+import at.gv.egovernment.moa.id.config.legacy.ConnectionParameter;
+import at.gv.egovernment.moa.id.config.legacy.OAParameter;
/**
* Configuration parameters belonging to an online application,
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/proxy/ProxyConfigurationBuilder.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/proxy/ProxyConfigurationBuilder.java
index bf8cbcdce..094e7162e 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/proxy/ProxyConfigurationBuilder.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/proxy/ProxyConfigurationBuilder.java
@@ -33,9 +33,9 @@ import org.w3c.dom.Element;
import org.w3c.dom.NodeList;
import org.w3c.dom.traversal.NodeIterator;
-import at.gv.egovernment.moa.id.config.ConfigurationBuilder;
+import at.gv.egovernment.moa.id.config.legacy.ConfigurationBuilder;
import at.gv.egovernment.moa.id.config.ConfigurationException;
-import at.gv.egovernment.moa.id.config.ConnectionParameter;
+import at.gv.egovernment.moa.id.config.legacy.ConnectionParameter;
import at.gv.egovernment.moa.logging.Logger;
import at.gv.egovernment.moa.util.DOMUtils;
import at.gv.egovernment.moa.util.FileUtils;
@@ -131,7 +131,7 @@ public class ProxyConfigurationBuilder extends ConfigurationBuilder {
String name = XPathUtils.getAttributeValue(paramAuthElem, "@Name", null);
String value = XPathUtils.getAttributeValue(paramAuthElem, "@Value", null);
if (paramAuthMap.containsKey(name))
- throw new ConfigurationException("config.06", new Object[]{"Doppelter Wert für Parameter per HeaderAuthentication"});
+ throw new ConfigurationException("config.06", new Object[]{"Doppelter Wert für Parameter per HeaderAuthentication"});
paramAuthMap.put(name, value);
}
oaConfiguration.setParamAuthMapping(paramAuthMap);
@@ -153,7 +153,7 @@ public class ProxyConfigurationBuilder extends ConfigurationBuilder {
XPathUtils.getAttributeValue(headerAuthElem, "@Value", null);
// Contains Key (Neue Config-Exception: doppelte werte)
if (headerAuthMap.containsKey(name))
- throw new ConfigurationException("config.06", new Object[]{"Doppelter Wert für Parameter per HeaderAuthentication"});
+ throw new ConfigurationException("config.06", new Object[]{"Doppelter Wert für Parameter per HeaderAuthentication"});
headerAuthMap.put(name, value);
}
oaConfiguration.setHeaderAuthMapping(headerAuthMap);
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/proxy/ProxyConfigurationProvider.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/proxy/ProxyConfigurationProvider.java
index 86ae93a4b..1c9c1caa8 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/proxy/ProxyConfigurationProvider.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/proxy/ProxyConfigurationProvider.java
@@ -33,7 +33,7 @@ import org.w3c.dom.Element;
import at.gv.egovernment.moa.id.config.ConfigurationException;
import at.gv.egovernment.moa.id.config.ConfigurationProvider;
-import at.gv.egovernment.moa.id.config.ConnectionParameter;
+import at.gv.egovernment.moa.id.config.legacy.ConnectionParameter;
import at.gv.egovernment.moa.logging.Logger;
import at.gv.egovernment.moa.util.DOMUtils;
import at.gv.egovernment.moa.util.FileUtils;
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/stork/STORKConfig.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/stork/STORKConfig.java
index 485a44421..39f5479ce 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/stork/STORKConfig.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/stork/STORKConfig.java
@@ -3,9 +3,32 @@
*/
package at.gv.egovernment.moa.id.config.stork;
+import iaik.util.logging.Log;
+
+import java.io.IOException;
+import java.net.MalformedURLException;
+import java.net.URL;
+import java.util.ArrayList;
import java.util.HashMap;
+import java.util.List;
import java.util.Map;
+import java.util.Properties;
+
+import javax.xml.parsers.ParserConfigurationException;
+
+import org.opensaml.saml2.metadata.RequestedAttribute;
+import org.opensaml.ws.message.encoder.MessageEncodingException;
+import org.w3c.dom.Element;
+import org.xml.sax.SAXException;
+
+import eu.stork.vidp.messages.util.SAMLUtil;
+import eu.stork.vidp.messages.util.XMLUtil;
+import at.gv.egovernment.moa.id.commons.db.dao.config.RequestedAttributeType;
+import at.gv.egovernment.moa.id.commons.db.dao.config.SAMLSigningParameter;
+import at.gv.egovernment.moa.id.commons.db.dao.config.STORK;
+import at.gv.egovernment.moa.id.commons.db.dao.config.SignatureVerificationParameterType;
+import at.gv.egovernment.moa.logging.Logger;
import at.gv.egovernment.moa.util.StringUtils;
/**
@@ -17,55 +40,88 @@ import at.gv.egovernment.moa.util.StringUtils;
public class STORKConfig {
/** STORK SAML signature creation parameters */
- private SignatureCreationParameter signatureCreationParameter;
+ private Properties props = null;
+ private Map<String, CPEPS> cpepsMap = null;
+ private String basedirectory = null;
+ private SignatureVerificationParameter sigverifyparam = null;
- /** STORK SAML signature verification parameters */
- private SignatureVerificationParameter signatureVerificationParameter;
- /** Map of supported C-PEPSs */
- private Map<String, CPEPS> cpepsMap = new HashMap<String, CPEPS>();
-
-
- /**
- * Constructs a STORK Config object
- * @param signatureCreationParameter STORK SAML Signature creation parameters
- * @param signatureVerificationParameter STORK SAML Signature verification parameters
- * @param cpepsMap Map of supported C-PEPS
- */
- public STORKConfig(SignatureCreationParameter signatureCreationParameter,
- SignatureVerificationParameter signatureVerificationParameter,
- Map<String, CPEPS> cpepsMap) {
- super();
- this.signatureCreationParameter = signatureCreationParameter;
- this.signatureVerificationParameter = signatureVerificationParameter;
- this.cpepsMap = cpepsMap;
- }
+ public STORKConfig(STORK stork, Properties props, String basedirectory) {
+ this.basedirectory = basedirectory;
+ this.props = props;
+
+ //create CPEPS map
+ List<at.gv.egovernment.moa.id.commons.db.dao.config.CPEPS> cpeps = stork.getCPEPS();
+
+ cpepsMap = new HashMap<String, CPEPS>();
+
+ for(at.gv.egovernment.moa.id.commons.db.dao.config.CPEPS cpep : cpeps) {
+
+ try {
+ CPEPS moacpep = new CPEPS(cpep.getCountryCode(), new URL(cpep.getURL()));
+
+ List<String> attr = cpep.getAttributeValue();
+
+ ArrayList<RequestedAttribute> requestedAttributes = new ArrayList<RequestedAttribute>();
+
+ for (String e1 : attr) {
+ Element element = XMLUtil.stringToDOM(e1);
+ RequestedAttribute requestedAttribute = (RequestedAttribute) SAMLUtil.unmarshallMessage(element);
+ requestedAttributes.add(requestedAttribute);
+ }
+ moacpep.setCountrySpecificRequestedAttributes(requestedAttributes);
+
+ cpepsMap.put(cpep.getCountryCode(), moacpep);
+
+ } catch (MalformedURLException e) {
+ Logger.warn("Error in MOA-ID Configuration. CPEP entry for country "
+ + cpep.getCountryCode() + " has an invalid URL and is ignored.");
+ } catch (ParserConfigurationException e) {
+ Logger.warn("Error in MOA-ID Configuration. CPEP entry for country "
+ + cpep.getCountryCode() + " has an invalid Attribute and is ignored.");
+ } catch (SAXException e) {
+ Logger.warn("Error in MOA-ID Configuration. CPEP entry for country "
+ + cpep.getCountryCode() + " has an invalid Attribute and is ignored.");
+ } catch (IOException e) {
+ Logger.warn("Error in MOA-ID Configuration. CPEP entry for country "
+ + cpep.getCountryCode() + " has an invalid Attribute and is ignored.");
+ } catch (MessageEncodingException e) {
+ Logger.warn("Error in MOA-ID Configuration. CPEP entry for country "
+ + cpep.getCountryCode() + " has an invalid Attribute and is ignored.");
+ }
+ }
+
+ SAMLSigningParameter samlsign = stork.getSAMLSigningParameter();
+
+ if (samlsign == null) {
+ Log.warn("Error in MOA-ID Configuration. No STORK->SAMLSigningParameter configuration found.");
- public SignatureCreationParameter getSignatureCreationParameter() {
- return signatureCreationParameter;
+ } else {
+ SignatureVerificationParameterType sigverify = samlsign.getSignatureVerificationParameter();
+
+ if (sigverify == null) {
+ Log.warn("Error in MOA-ID Configuration. No STORK->SignatureVerificationParameter configuration found.");
+
+ } else {
+ sigverifyparam = new SignatureVerificationParameter(sigverify.getTrustProfileID());
+ }
+ }
+
}
- public void setSignatureCreationParameter(
- SignatureCreationParameter signatureCreationParameter) {
- this.signatureCreationParameter = signatureCreationParameter;
+ public SignatureCreationParameter getSignatureCreationParameter() {
+
+ return new SignatureCreationParameter(props, basedirectory);
}
public SignatureVerificationParameter getSignatureVerificationParameter() {
- return signatureVerificationParameter;
- }
-
- public void setSignatureVerificationParameter(
- SignatureVerificationParameter signatureVerificationParameter) {
- this.signatureVerificationParameter = signatureVerificationParameter;
+
+ return sigverifyparam;
}
public Map<String, CPEPS> getCpepsMap() {
return cpepsMap;
}
-
- public void setCpepsMap(Map<String, CPEPS> cpepsMap) {
- this.cpepsMap = cpepsMap;
- }
public boolean isSTORKAuthentication(String ccc) {
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/stork/SignatureCreationParameter.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/stork/SignatureCreationParameter.java
index 1f66b7752..4010ab491 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/stork/SignatureCreationParameter.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/stork/SignatureCreationParameter.java
@@ -23,6 +23,8 @@
package at.gv.egovernment.moa.id.config.stork;
+import java.util.Properties;
+
/**
* Encapsulates signature creation parameters according MOA configuration
*
@@ -31,32 +33,26 @@ package at.gv.egovernment.moa.id.config.stork;
*/
public class SignatureCreationParameter {
- /** KeyStore Path */
- private String keyStorePath;
+ private static final String PROPS_PREFIX = "stork.samlsigningparameter.signaturecreation.";
+ private static final String PROPS_KEYSTORE_FILE = "keystore.file";
+ private static final String PROPS_KEYSTORE_PASS = "keystore.password";
+ private static final String PROPS_KEYNAME_NAME = "keyname.name";
+ private static final String PROPS_KEYNAME_PASS = "keyname.password";
- /** KeyStore Password */
- private String keyStorePassword;
+ private Properties props;
+ private String basedirectory;
- /** Signing Key Name */
- private String keyName;
+ SignatureCreationParameter(Properties props, String basedirectory) {
+ this.props = props;
+ this.basedirectory = basedirectory;
+ }
- /** Signing Key Password */
- private String keyPassword;
-
/**
* Gets the KeyStore Path
* @return File Path to KeyStore
*/
public String getKeyStorePath() {
- return keyStorePath;
- }
-
- /**
- * Sets the KeyStore Path
- * @param keyStorePath Path to KeyStore
- */
- public void setKeyStorePath(String keyStorePath) {
- this.keyStorePath = keyStorePath;
+ return basedirectory + props.getProperty(PROPS_PREFIX+PROPS_KEYSTORE_FILE);
}
/**
@@ -64,15 +60,7 @@ public class SignatureCreationParameter {
* @return Password to KeyStore
*/
public String getKeyStorePassword() {
- return keyStorePassword;
- }
-
- /**
- * Sets the KeyStore Password
- * @param keyStorePassword Password to KeyStore
- */
- public void setKeyStorePassword(String keyStorePassword) {
- this.keyStorePassword = keyStorePassword;
+ return props.getProperty(PROPS_PREFIX+PROPS_KEYSTORE_PASS);
}
/**
@@ -80,15 +68,7 @@ public class SignatureCreationParameter {
* @return Siging Key Name
*/
public String getKeyName() {
- return keyName;
- }
-
- /**
- * Sets the Signing Key Name
- * @param keyName Signing Key Name
- */
- public void setKeyName(String keyName) {
- this.keyName = keyName;
+ return props.getProperty(PROPS_PREFIX+PROPS_KEYNAME_NAME);
}
/**
@@ -96,17 +76,6 @@ public class SignatureCreationParameter {
* @return Signing Key Password
*/
public String getKeyPassword() {
- return keyPassword;
+ return props.getProperty(PROPS_PREFIX+PROPS_KEYNAME_PASS);
}
-
- /**
- * Sets the Signing Key Password
- * @param keyPassword Signing Key Password
- */
- public void setKeyPassword(String keyPassword) {
- this.keyPassword = keyPassword;
- }
-
-
-
}
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/stork/SignatureVerificationParameter.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/stork/SignatureVerificationParameter.java
index 2d8402e4d..211c7dde4 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/stork/SignatureVerificationParameter.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/stork/SignatureVerificationParameter.java
@@ -14,6 +14,10 @@ public class SignatureVerificationParameter {
/** ID of the MOA-SP TrustProfile to be used for STORK SAML signature verification */
private String trustProfileID;
+ public SignatureVerificationParameter(String trustProfileID2) {
+ this.trustProfileID = trustProfileID2;
+ }
+
/**
* Gets the MOA-SP TrustProfileID
* @return TrustProfileID of MOA-SP for STORK signature verification
@@ -22,14 +26,6 @@ public class SignatureVerificationParameter {
return trustProfileID;
}
- /**
- * Sets the MOA-SP TrustProfileID
- * @param trustProfileID TrustProfileID of MOA-SP for STORK signature verification
- */
- public void setTrustProfileID(String trustProfileID) {
- this.trustProfileID = trustProfileID;
- }
-
}
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/data/AuthenticationData.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/data/AuthenticationData.java
index 79f3b4e30..4bbd221a5 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/data/AuthenticationData.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/data/AuthenticationData.java
@@ -24,8 +24,11 @@
package at.gv.egovernment.moa.id.data;
+import java.io.Serializable;
import java.util.Date;
+import at.gv.egovernment.moa.id.auth.data.IdentityLink;
+
/**
* Encapsulates authentication data contained in a <code>&lt;saml:Assertion&gt;</code>.
*
@@ -33,8 +36,12 @@ import java.util.Date;
* @version $Id$
*/
-public class AuthenticationData {
+public class AuthenticationData implements Serializable {
/**
+ *
+ */
+ private static final long serialVersionUID = -1042697056735596866L;
+/**
* major version number of the SAML assertion
*/
private int majorVersion;
@@ -62,15 +69,23 @@ public class AuthenticationData {
/**
* user identification type
*/
- private String identificationType;
+ private String identificationType;
+
+ /**
+ * user identityLink specialized to OAParamter
+ */
+ private IdentityLink identityLink;
+
/**
- * application specific user identifier (bPK)
+ * application specific user identifier (bPK/wbPK)
*/
private String bPK;
+
/**
- * private sector-specific personal identifier (wbPK)
+ * application specific user identifier type
*/
- private String wbPK;
+ private String bPKType;
+
/**
* given name of the user
*/
@@ -162,13 +177,13 @@ public class AuthenticationData {
return bPK;
}
- /**
- * Returns the wbPK.
- * @return String the wbPK.
- */
- public String getWBPK() {
- return wbPK;
- }
+// /**
+// * Returns the wbPK.
+// * @return String the wbPK.
+// */
+// public String getWBPK() {
+// return wbPK;
+// }
/**
* Returns useUTC
@@ -218,13 +233,13 @@ public class AuthenticationData {
this.bPK = bPK;
}
- /**
- * Sets the wbPK.
- * @param wbPK The wbPK to set
- */
- public void setWBPK(String wbPK) {
- this.wbPK = wbPK;
- }
+// /**
+// * Sets the wbPK.
+// * @param wbPK The wbPK to set
+// */
+// public void setWBPK(String wbPK) {
+// this.wbPK = wbPK;
+// }
public void setUseUTC(boolean useUTC) {
this.useUTC = useUTC;
@@ -430,4 +445,29 @@ public class AuthenticationData {
return timestamp;
}
+public String getBPKType() {
+ return bPKType;
+}
+
+public void setBPKType(String bPKType) {
+ this.bPKType = bPKType;
+}
+
+/**
+ * @return the identityLink
+ */
+public IdentityLink getIdentityLink() {
+ return identityLink;
+}
+
+/**
+ * @param identityLink the identityLink to set
+ */
+public void setIdentityLink(IdentityLink identityLink) {
+ this.identityLink = identityLink;
+}
+
+
+
+
}
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/entrypoints/DispatcherServlet.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/entrypoints/DispatcherServlet.java
new file mode 100644
index 000000000..604077844
--- /dev/null
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/entrypoints/DispatcherServlet.java
@@ -0,0 +1,495 @@
+package at.gv.egovernment.moa.id.entrypoints;
+
+import iaik.util.logging.Log;
+
+import java.io.IOException;
+import java.util.ConcurrentModificationException;
+import java.util.HashMap;
+import java.util.Iterator;
+import java.util.List;
+import java.util.Map;
+import java.util.Set;
+import java.util.concurrent.ConcurrentHashMap;
+
+import javax.servlet.ServletConfig;
+import javax.servlet.ServletException;
+import javax.servlet.http.HttpServletRequest;
+import javax.servlet.http.HttpServletResponse;
+import javax.servlet.http.HttpSession;
+import javax.swing.ListModel;
+
+import at.gv.egovernment.moa.id.AuthenticationException;
+import at.gv.egovernment.moa.id.MOAIDException;
+import at.gv.egovernment.moa.id.auth.MOAIDAuthInitializer;
+import at.gv.egovernment.moa.id.auth.WrongParametersException;
+import at.gv.egovernment.moa.id.auth.data.AuthenticationSession;
+import at.gv.egovernment.moa.id.auth.servlet.AuthServlet;
+import at.gv.egovernment.moa.id.commons.db.ConfigurationDBUtils;
+import at.gv.egovernment.moa.id.config.auth.AuthConfigurationProvider;
+import at.gv.egovernment.moa.id.config.auth.OAAuthParameter;
+import at.gv.egovernment.moa.id.moduls.AuthenticationManager;
+import at.gv.egovernment.moa.id.moduls.IAction;
+import at.gv.egovernment.moa.id.moduls.IModulInfo;
+import at.gv.egovernment.moa.id.moduls.IRequest;
+import at.gv.egovernment.moa.id.moduls.ModulStorage;
+import at.gv.egovernment.moa.id.moduls.NoPassivAuthenticationException;
+import at.gv.egovernment.moa.id.moduls.RequestStorage;
+import at.gv.egovernment.moa.id.moduls.SSOManager;
+import at.gv.egovernment.moa.id.storage.AuthenticationSessionStoreage;
+import at.gv.egovernment.moa.id.storage.ExceptionStoreImpl;
+import at.gv.egovernment.moa.id.util.HTTPSessionUtils;
+import at.gv.egovernment.moa.id.util.MOAIDMessageProvider;
+import at.gv.egovernment.moa.id.util.Random;
+import at.gv.egovernment.moa.id.util.legacy.LegacyHelper;
+import at.gv.egovernment.moa.logging.Logger;
+
+public class DispatcherServlet extends AuthServlet{
+
+ /**
+ *
+ */
+ private static final long serialVersionUID = 1L;
+
+ public static final String PARAM_TARGET_MODULE = "mod";
+ public static final String PARAM_TARGET_ACTION = "action";
+ public static final String PARAM_TARGET_PENDINGREQUESTID = "pendingid";
+
+ @Override
+ public void init(ServletConfig config) throws ServletException {
+ try {
+ super.init(config);
+ MOAIDAuthInitializer.initialize();
+ Logger.info(MOAIDMessageProvider.getInstance().getMessage(
+ "init.00", null));
+ } catch (Exception ex) {
+ Logger.fatal(
+ MOAIDMessageProvider.getInstance().getMessage("init.02",
+ null), ex);
+ throw new ServletException(ex);
+ }
+ Logger.info("Dispatcher Servlet initialization");
+ }
+
+ protected void processRequest(HttpServletRequest req,
+ HttpServletResponse resp) throws ServletException, IOException {
+
+ boolean isValidSSOSession = false;
+ boolean useSSOOA = false;
+ String protocolRequestID = null;
+
+
+ try {
+ Logger.info("REQUEST: " + req.getRequestURI());
+ Logger.info("QUERY : " + req.getQueryString());
+ String errorid = req.getParameter(ERROR_CODE_PARAM);
+ if (errorid != null) {
+
+ Throwable throwable = ExceptionStoreImpl.getStore()
+ .fetchException(errorid);
+ ExceptionStoreImpl.getStore().removeException(errorid);
+
+ Object idObject = req.getParameter(PARAM_TARGET_PENDINGREQUESTID);
+
+ Map<String, IRequest> errorRequests = RequestStorage.getPendingRequest(req.getSession());
+
+ String pendingRequestID = null;
+ if (idObject != null && (idObject instanceof String)) {
+ if (errorRequests.containsKey((String)idObject))
+ pendingRequestID = (String) idObject;
+ }
+
+ if (throwable != null) {
+ if (errorRequests != null) {
+
+ synchronized (errorRequests) {
+
+ IRequest errorRequest = null;
+ if (pendingRequestID != null) {
+ errorRequest = errorRequests.get(pendingRequestID);
+
+ //remove the
+ RequestStorage.removePendingRequest(errorRequests, pendingRequestID);
+ }
+ else {
+ if (errorRequests.size() > 1) {
+ handleErrorNoRedirect(throwable.getMessage(), throwable,
+ req, resp);
+
+ } else {
+ Set<String> keys = errorRequests.keySet();
+ errorRequest = errorRequests.get(keys.toArray()[0]);
+ RequestStorage.removeAllPendingRequests(req.getSession());
+ }
+
+ }
+
+ if (errorRequest != null) {
+
+ try {
+ IModulInfo handlingModule = ModulStorage
+ .getModuleByPath(errorRequest
+ .requestedModule());
+ if (handlingModule != null) {
+ if (handlingModule.generateErrorMessage(
+ throwable, req, resp, errorRequest)) {
+ return;
+ }
+ }
+ } catch (Throwable e) {
+ Logger.error(e);
+ handleErrorNoRedirect(throwable.getMessage(),
+ throwable, req, resp);
+ }
+ }
+ else {
+ handleErrorNoRedirect(throwable.getMessage(), throwable,
+ req, resp);
+ }
+ }
+ handleErrorNoRedirect(throwable.getMessage(), throwable,
+ req, resp);
+
+ } else {
+ // TODO: use better string
+ handleErrorNoRedirect("UNKOWN ERROR DETECTED!", null, req,
+ resp);
+ }
+
+ return;
+ }
+ }
+
+ Object moduleObject = req.getParameter(PARAM_TARGET_MODULE);
+ String module = null;
+ if (moduleObject != null && (moduleObject instanceof String)) {
+ module = (String) moduleObject;
+ }
+
+ if (module == null) {
+ module = (String) req.getAttribute(PARAM_TARGET_MODULE);
+ }
+
+ Object actionObject = req.getParameter(PARAM_TARGET_ACTION);
+ String action = null;
+ if (actionObject != null && (actionObject instanceof String)) {
+ action = (String) actionObject;
+ }
+
+ if (action == null) {
+ action = req.getParameter(PARAM_TARGET_ACTION);
+ }
+
+ Logger.debug("dispatching to " + module + " protocol " + action);
+
+ IModulInfo info = ModulStorage.getModuleByPath(module);
+
+ IAction moduleAction = null;
+
+ if (info == null) {
+
+ Iterator<IModulInfo> modules = ModulStorage.getAllModules()
+ .iterator();
+ while (modules.hasNext()) {
+ info = modules.next();
+ moduleAction = info.canHandleRequest(req, resp);
+ if (moduleAction != null) {
+ action = moduleAction.getDefaultActionName();
+ module = info.getPath();
+ break;
+ }
+ info = null;
+ }
+
+ if (moduleAction == null) {
+ resp.sendError(HttpServletResponse.SC_NOT_FOUND);
+ Logger.error("Protocol " + module
+ + " has no module registered");
+ return;
+ }
+ }
+
+ if (moduleAction == null) {
+ moduleAction = info.getAction(action);
+
+ if (moduleAction == null) {
+ resp.sendError(HttpServletResponse.SC_NOT_FOUND);
+ Logger.error("Action " + action + " is not available!");
+ return;
+ }
+ }
+
+ HttpSession httpSession = req.getSession();
+ Map<String, IRequest> protocolRequests = null;
+ IRequest protocolRequest = null;
+
+ try {
+ protocolRequests = RequestStorage.getPendingRequest(httpSession);
+
+ Object idObject = req.getParameter(PARAM_TARGET_PENDINGREQUESTID);
+
+ if (protocolRequests != null &&
+ idObject != null && (idObject instanceof String)) {
+
+// synchronized (protocolRequests) {
+
+ protocolRequestID = (String) idObject;
+
+ //get IRequest if it exits
+ if (protocolRequests.containsKey(protocolRequestID)) {
+ protocolRequest = protocolRequests.get(protocolRequestID);
+
+
+
+ Logger.debug(DispatcherServlet.class.getName()+": Found PendingRequest with ID " + protocolRequestID);
+
+ //RequestStorage.setPendingRequest(httpSession, protocolRequests);
+
+ } else {
+ Logger.error("No PendingRequest with ID " + protocolRequestID + " found.!");
+
+ Set<String> mapkeys = protocolRequests.keySet();
+ for (String el : mapkeys)
+ Logger.debug("PendingRequest| ID=" + el + " OAIdentifier=" + protocolRequests.get(el));
+
+ handleErrorNoRedirect("Während des Anmeldevorgangs ist ein Fehler aufgetreten. Bitte versuchen Sie es noch einmal.",
+ null, req, resp);
+ //resp.sendError(HttpServletResponse.SC_CONFLICT);
+ return;
+ }
+// }
+ } else {
+ try {
+ protocolRequest = info.preProcess(req, resp, action);
+
+ if (protocolRequest != null) {
+
+ if(protocolRequests != null) {
+
+// synchronized (protocolRequests) {
+// synchronized (protocolRequest) {
+ Set<String> mapkeys = protocolRequests.keySet();
+ for (String el : mapkeys) {
+ IRequest value = protocolRequests.get(el);
+
+ if (value.getOAURL().equals(protocolRequest.getOAURL())) {
+
+ if(!AuthenticationSessionStoreage.deleteSessionWithPendingRequestID(el)) {
+ Logger.warn(DispatcherServlet.class.getName()+": NO MOASession with PendingRequestID " + el + " found. Delete all user sessions!");
+ RequestStorage.removeAllPendingRequests(req.getSession());
+
+ } else {
+ RequestStorage.removePendingRequest(protocolRequests, el);
+ }
+ }
+ }
+// }
+// }
+
+ } else {
+ protocolRequests = new ConcurrentHashMap<String, IRequest>();
+ }
+
+ synchronized (protocolRequest) {
+ synchronized (protocolRequests) {
+
+ //Start new Authentication
+ protocolRequest.setAction(action);
+ protocolRequest.setModule(module);
+ protocolRequestID = Random.nextRandom();
+ protocolRequest.setRequestID(protocolRequestID);
+ protocolRequests.put(protocolRequestID, protocolRequest);
+ Logger.debug(DispatcherServlet.class.getName()+": Create PendingRequest with ID " + protocolRequestID + ".");
+ }
+ }
+ }
+ } catch (MOAIDException e) {
+ resp.sendError(HttpServletResponse.SC_BAD_REQUEST);
+ Logger.error("Failed to generate a valid protocol request!");
+ return;
+ }
+
+ if (protocolRequest == null) {
+ resp.sendError(HttpServletResponse.SC_BAD_REQUEST);
+ Logger.error("Failed to generate a valid protocol request!");
+ return;
+ }
+ }
+
+
+ RequestStorage.setPendingRequest(httpSession, protocolRequests);
+
+ AuthenticationManager authmanager = AuthenticationManager.getInstance();
+ SSOManager ssomanager = SSOManager.getInstance();
+
+ String moasessionID = null;
+ AuthenticationSession moasession = null;
+
+ //get SSO Cookie for Request
+ String ssoId = ssomanager.getSSOSessionID(req);
+
+ boolean needAuthentication = moduleAction.needAuthentication(protocolRequest, req, resp);
+
+ if (needAuthentication) {
+
+ //check SSO session
+ if (ssoId != null) {
+ String correspondingMOASession = ssomanager.existsOldSSOSession(ssoId);
+
+ if (correspondingMOASession != null) {
+ Log.warn("Request sends an old SSO Session ID("+ssoId+")! " +
+ "Invalidate the corresponding MOASession with ID="+ correspondingMOASession);
+
+ AuthenticationSessionStoreage.destroySession(correspondingMOASession);
+ ssomanager.deleteSSOSessionID(req, resp);
+ }
+ }
+
+ //load Parameters from OnlineApplicationConfiguration
+ OAAuthParameter oaParam = AuthConfigurationProvider.getInstance()
+ .getOnlineApplicationParameter(protocolRequest.getOAURL());
+
+ if (oaParam == null) {
+ throw new AuthenticationException("auth.00", new Object[] { protocolRequest.getOAURL() });
+ }
+
+
+ isValidSSOSession = ssomanager.isValidSSOSession(ssoId, req);
+ useSSOOA = oaParam.useSSO();
+
+ //if a legacy request is used SSO should not be allowed, actually
+ boolean isUseMandateRequested = LegacyHelper.isUseMandateRequested(req);
+
+ if (protocolRequest.isPassiv()
+ && protocolRequest.forceAuth()) {
+ // conflict!
+ throw new NoPassivAuthenticationException();
+ }
+
+ boolean tryperform = authmanager.tryPerformAuthentication(
+ req, resp);
+
+ if (protocolRequest.forceAuth()) {
+ if (!tryperform) {
+ authmanager.doAuthentication(req, resp,
+ protocolRequest);
+ return;
+ }
+ } else if (protocolRequest.isPassiv()) {
+ if (tryperform || (isValidSSOSession && useSSOOA && !isUseMandateRequested) ) {
+ // Passive authentication ok!
+ } else {
+ throw new NoPassivAuthenticationException();
+ }
+ } else {
+ if (tryperform || (isValidSSOSession && useSSOOA && !isUseMandateRequested) ) {
+ // Is authenticated .. proceed
+ } else {
+ // Start authentication!
+ authmanager.doAuthentication(req, resp,
+ protocolRequest);
+ return;
+ }
+ }
+
+
+ if ((useSSOOA || isValidSSOSession)) //TODO: SSO with mandates requires an OVS extension
+ {
+
+ //TODO SSO Question!!!!
+ if (useSSOOA && isValidSSOSession) {
+
+ moasessionID = ssomanager.getMOASession(ssoId);
+ moasession = AuthenticationSessionStoreage.getSession(moasessionID);
+
+ //use new OAParameter
+ if (oaParam.useSSOQuestion() && !AuthenticationSessionStoreage.isAuthenticated(moasessionID)) {
+ authmanager.sendTransmitAssertionQuestion(req, resp, protocolRequest, oaParam);
+ return;
+ }
+ }
+ else {
+
+ //TODO: maybe transmit moasessionID with http GET to handle more then one PendingRequest!
+ moasessionID = (String) req.getParameter(PARAM_SESSIONID);
+
+// moasessionID = HTTPSessionUtils.getHTTPSessionString(req.getSession(),
+// AuthenticationManager.MOA_SESSION, null);
+
+ moasession = AuthenticationSessionStoreage.getSession(moasessionID);
+ }
+
+ //save SSO session usage in Database
+ String newSSOSessionId = ssomanager.storeSSOSessionInformations(moasessionID, protocolRequest.getOAURL());
+
+ if (newSSOSessionId != null) {
+ ssomanager.setSSOSessionID(req, resp, newSSOSessionId);
+
+ } else {
+ ssomanager.deleteSSOSessionID(req, resp);
+ }
+
+ } else {
+// moasessionID = HTTPSessionUtils.getHTTPSessionString(req.getSession(),
+// AuthenticationManager.MOA_SESSION, null);
+
+ moasessionID = (String) req.getParameter(PARAM_SESSIONID);
+
+ moasession = AuthenticationSessionStoreage.getSession(moasessionID);
+ }
+
+
+
+ }
+
+ moduleAction.processRequest(protocolRequest, req, resp, moasession);
+
+ RequestStorage.removePendingRequest(protocolRequests, protocolRequestID);
+
+ if (needAuthentication) {
+ boolean isSSOSession = AuthenticationSessionStoreage.isSSOSession(moasessionID);
+
+ if ((useSSOOA || isSSOSession) //TODO: SSO with mandates requires an OVS extension
+ && !moasession.getUseMandate())
+ {
+
+ } else {
+ authmanager.logout(req, resp, moasessionID);
+ }
+
+ //authmanager.logout(req, resp);
+ }
+
+ } catch (Throwable e) {
+ e.printStackTrace();
+ // Try handle module specific, if not possible rethrow
+ if (!info.generateErrorMessage(e, req, resp, protocolRequest)) {
+ throw e;
+ }
+ }
+ } catch (WrongParametersException ex) {
+ handleWrongParameters(ex, req, resp);
+ } catch (MOAIDException ex) {
+ handleError(null, ex, req, resp, protocolRequestID);
+ } catch (Throwable e) {
+ handleErrorNoRedirect(e.getMessage(), null, req,
+ resp);
+ }
+
+ finally {
+ ConfigurationDBUtils.closeSession();
+ }
+
+ }
+
+ @Override
+ protected void doGet(HttpServletRequest req, HttpServletResponse resp)
+ throws ServletException, IOException {
+ processRequest(req, resp);
+ }
+
+ @Override
+ protected void doPost(HttpServletRequest req, HttpServletResponse resp)
+ throws ServletException, IOException {
+ processRequest(req, resp);
+ }
+}
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/iaik/config/CertStoreConfigurationImpl.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/iaik/config/CertStoreConfigurationImpl.java
index e1a8673b7..10ff4bfc8 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/iaik/config/CertStoreConfigurationImpl.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/iaik/config/CertStoreConfigurationImpl.java
@@ -58,18 +58,19 @@ public class CertStoreConfigurationImpl extends ObservableImpl
*/
public CertStoreConfigurationImpl(ConfigurationProvider conf) throws ConfigurationException {
this.conf=conf;
- String paramName = ConfigurationProvider.DIRECTORY_CERTSTORE_PARAMETER_PROPERTY;
- String certStoreRootDirParam = conf.getGenericConfigurationParameter(paramName);
+
+ String certStoreRootDirParam = conf.getCertstoreDirectory();
+
if (certStoreRootDirParam == null)
throw new ConfigurationException(
- "config.08", new Object[] {paramName});
+ "config.08", new Object[] {"CertStoreDirectory"});
rootDirectory = FileUtils.makeAbsoluteURL(certStoreRootDirParam, conf.getRootConfigFileDir());
if(rootDirectory.startsWith("file:")) rootDirectory = rootDirectory.substring(6);
File f = new File(rootDirectory);
if (!f.isDirectory())
throw new ConfigurationException(
- "config.05", new Object[] {paramName});
+ "config.05", new Object[] {"CertStoreDirectory"});
parameters = new CertStoreParameters[] { this };
}
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/moduls/AuthenticationManager.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/moduls/AuthenticationManager.java
new file mode 100644
index 000000000..be0132c14
--- /dev/null
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/moduls/AuthenticationManager.java
@@ -0,0 +1,347 @@
+package at.gv.egovernment.moa.id.moduls;
+
+import java.io.IOException;
+import java.io.PrintWriter;
+import java.util.List;
+
+import javax.servlet.ServletException;
+import javax.servlet.http.HttpServletRequest;
+import javax.servlet.http.HttpServletResponse;
+import javax.servlet.http.HttpSession;
+
+import at.gv.egovernment.moa.id.AuthenticationException;
+import at.gv.egovernment.moa.id.BuildException;
+import at.gv.egovernment.moa.id.MOAIDException;
+import at.gv.egovernment.moa.id.auth.WrongParametersException;
+import at.gv.egovernment.moa.id.auth.builder.LoginFormBuilder;
+import at.gv.egovernment.moa.id.auth.builder.SendAssertionFormBuilder;
+import at.gv.egovernment.moa.id.auth.builder.StartAuthenticationBuilder;
+import at.gv.egovernment.moa.id.auth.data.AuthenticationSession;
+import at.gv.egovernment.moa.id.auth.parser.StartAuthentificationParameterParser;
+import at.gv.egovernment.moa.id.auth.servlet.AuthServlet;
+import at.gv.egovernment.moa.id.commons.db.ex.MOADatabaseException;
+import at.gv.egovernment.moa.id.config.OAParameter;
+import at.gv.egovernment.moa.id.config.auth.AuthConfigurationProvider;
+import at.gv.egovernment.moa.id.config.auth.OAAuthParameter;
+import at.gv.egovernment.moa.id.storage.AuthenticationSessionStoreage;
+import at.gv.egovernment.moa.id.util.HTTPSessionUtils;
+import at.gv.egovernment.moa.id.util.ParamValidatorUtils;
+import at.gv.egovernment.moa.logging.Logger;
+import at.gv.egovernment.moa.util.StringUtils;
+
+public class AuthenticationManager extends AuthServlet {
+
+ private static AuthenticationManager instance = null;
+
+ private static final long serialVersionUID = 1L;
+
+ public static final String MOA_SESSION = "MoaAuthenticationSession";
+ public static final String MOA_AUTHENTICATED = "MoaAuthenticated";
+
+
+ public static AuthenticationManager getInstance() {
+ if (instance == null) {
+ instance = new AuthenticationManager();
+ }
+
+ return instance;
+ }
+
+
+// public AuthenticationSession getAuthenticationSession(
+// HttpSession session) {
+// String sessionID = HTTPSessionUtils.getHTTPSessionString(session,
+// MOA_SESSION, null);
+// if (sessionID != null) {
+// try {
+// return AuthenticationSessionStoreage.getSession(sessionID);
+//
+// } catch (MOADatabaseException e) {
+// return null;
+// }
+// }
+// return null;
+// }
+
+// /**
+// * Checks if the session is authenticated
+// *
+// * @param request
+// * @param response
+// * @return
+// */
+// public boolean isAuthenticated(HttpServletRequest request,
+// HttpServletResponse response) {
+// Logger.info("Checking authentication");
+//
+// HttpSession session = request.getSession();
+//
+// String moaSessionID = HTTPSessionUtils.getHTTPSessionString(session, MOA_SESSION, null);
+//
+// if(moaSessionID == null) {
+// Logger.info("NO MOA Session to logout");
+// return false;
+// }
+//
+//// AuthenticationSession authSession;
+//// try {
+//// authSession = AuthenticationSessionStoreage
+//// .getSession(moaSessionID);
+////
+//// } catch (MOADatabaseException e) {
+//// Logger.info("NO MOA Authentication data for ID " + moaSessionID);
+//// return false;
+//// }
+////
+//// if(authSession == null) {
+//// Logger.info("NO MOA Authentication data for ID " + moaSessionID);
+//// return false;
+//// }
+////
+//// return authSession.isAuthenticated();
+//
+// return AuthenticationSessionStoreage.isAuthenticated(moaSessionID);
+// }
+
+ /**
+ * Checks if this request can authenticate a MOA Session
+ *
+ * @param request
+ * @param response
+ * @return
+ */
+ public boolean tryPerformAuthentication(HttpServletRequest request,
+ HttpServletResponse response) {
+
+ HttpSession session = request.getSession();
+
+ String sessionID = (String) request.getParameter(PARAM_SESSIONID);
+ if (sessionID != null) {
+ Logger.info("got MOASession: " + sessionID);
+ AuthenticationSession authSession;
+ try {
+ authSession = AuthenticationSessionStoreage.getSession(sessionID);
+
+
+
+ if (authSession != null) {
+ Logger.info("MOASession found! A: "
+ + authSession.isAuthenticated() + ", AU "
+ + authSession.isAuthenticatedUsed());
+ if (authSession.isAuthenticated()
+ && !authSession.isAuthenticatedUsed()) {
+ authSession.setAuthenticatedUsed(true);
+
+ AuthenticationSessionStoreage.storeSession(authSession);
+
+// HTTPSessionUtils.setHTTPSessionString(session, MOA_SESSION,
+// sessionID);
+ return true; // got authenticated
+ }
+ }
+
+ } catch (MOADatabaseException e) {
+ return false;
+ } catch (BuildException e) {
+ return false;
+ }
+ }
+ return false;
+ }
+
+ public void logout(HttpServletRequest request,
+ HttpServletResponse response, String moaSessionID) {
+ Logger.info("Logout");
+
+ HttpSession session = request.getSession();
+
+ //String moaSessionID = HTTPSessionUtils.getHTTPSessionString(session, MOA_SESSION, null);
+
+ if(moaSessionID == null) {
+ moaSessionID = (String) request.getParameter(PARAM_SESSIONID);
+ }
+
+ if(moaSessionID == null) {
+ Logger.info("NO MOA Session to logout");
+ return;
+ }
+
+ AuthenticationSession authSession;
+ try {
+ authSession = AuthenticationSessionStoreage
+ .getSession(moaSessionID);
+
+ if(authSession == null) {
+ Logger.info("NO MOA Authentication data for ID " + moaSessionID);
+ return;
+ }
+
+ authSession.setAuthenticated(false);
+ //HTTPSessionUtils.setHTTPSessionString(session, MOA_SESSION, null); // remove moa session from HTTP Session
+
+ AuthenticationSessionStoreage.destroySession(moaSessionID);
+
+ //session.invalidate();
+
+ } catch (MOADatabaseException e) {
+ Logger.info("NO MOA Authentication data for ID " + moaSessionID);
+ return;
+ }
+
+ }
+
+ public void doAuthentication(HttpServletRequest request,
+ HttpServletResponse response, IRequest target)
+ throws ServletException, IOException, MOAIDException {
+ Logger.info("Starting authentication ...");
+
+// if (!ParamValidatorUtils.isValidOA(target.getOAURL()))
+// throw new WrongParametersException("StartAuthentication", PARAM_OA,
+// "auth.12");
+//
+// if (target.getOAURL() == null) {
+// throw new WrongParametersException("StartAuthentication", PARAM_OA,
+// "auth.12");
+// }
+
+ setNoCachingHeadersInHttpRespone(request, response);
+
+ List<String> legacyallowed_prot = AuthConfigurationProvider.getInstance().getLegacyAllowedProtocols();
+
+ //is legacy allowed
+ boolean legacyallowed = legacyallowed_prot.contains(target.requestedModule());
+
+ //check legacy request parameter
+ boolean legacyparamavail = ParamValidatorUtils.areAllLegacyParametersAvailable(request);
+
+ AuthenticationSession moasession;
+ try {
+ //check if an MOASession exists and if not create an new MOASession
+ //moasession = getORCreateMOASession(request);
+ moasession = AuthenticationSessionStoreage.createSession();
+
+ } catch (MOADatabaseException e1) {
+ Logger.error("Database Error! MOASession can not be created!");
+ throw new MOAIDException("init.04", new Object[] {});
+ }
+
+
+ if (legacyallowed && legacyparamavail) {
+
+ //parse request parameter into MOASession
+
+ StartAuthentificationParameterParser.parse(request, response, moasession, target);
+
+ Logger.info("Start Authentication Module: " + moasession.getModul()
+ + " Action: " + moasession.getAction());
+
+ //start authentication process
+// session.getServletContext().getNamedDispatcher("StartAuthentication")
+// .forward(request, response);
+
+ StartAuthenticationBuilder startauth = StartAuthenticationBuilder.getInstance();
+
+ String getIdentityLinkForm = startauth.build(moasession, request, response);
+
+ //store MOASession
+ try {
+ AuthenticationSessionStoreage.storeSession(moasession, target.getRequestID());
+ } catch (MOADatabaseException e) {
+ Logger.error("Database Error! MOASession is not stored!");
+ throw new MOAIDException("init.04", new Object[] {
+ moasession.getSessionID()});
+ }
+
+ if (!StringUtils.isEmpty(getIdentityLinkForm)) {
+ response.setContentType("text/html;charset=UTF-8");
+ PrintWriter out = new PrintWriter(response.getOutputStream());
+ out.print(getIdentityLinkForm);
+ out.flush();
+ Logger.debug("Finished GET StartAuthentication");
+ }
+
+ } else {
+ //load Parameters from OnlineApplicationConfiguration
+ OAAuthParameter oaParam = AuthConfigurationProvider.getInstance()
+ .getOnlineApplicationParameter(target.getOAURL());
+
+ if (oaParam == null) {
+ throw new AuthenticationException("auth.00", new Object[] { target.getOAURL() });
+ }
+
+ else {
+
+ //check if an MOASession exists and if not create an new MOASession
+ //moasession = getORCreateMOASession(request);
+
+ //set OnlineApplication configuration in Session
+ moasession.setOAURLRequested(target.getOAURL());
+ moasession.setAction(target.requestedAction());
+ moasession.setModul(target.requestedModule());
+ }
+
+ //Build authentication form
+
+
+ String loginForm = LoginFormBuilder.buildLoginForm(target.requestedModule(),
+ target.requestedAction(), oaParam.getFriendlyName(), request.getContextPath(), oaParam.useIFrame(), moasession.getSessionID());
+
+ //store MOASession
+ try {
+ AuthenticationSessionStoreage.storeSession(moasession, target.getRequestID());
+ } catch (MOADatabaseException e) {
+ Logger.error("Database Error! MOASession is not stored!");
+ throw new MOAIDException("init.04", new Object[] {
+ moasession.getSessionID()});
+ }
+
+ //set MOAIDSession
+ request.getSession().setAttribute(MOA_SESSION, moasession.getSessionID());
+
+ response.setContentType("text/html;charset=UTF-8");
+ PrintWriter out = new PrintWriter(response.getOutputStream());
+ out.print(loginForm);
+ out.flush();
+ }
+ }
+
+ public void sendTransmitAssertionQuestion(HttpServletRequest request,
+ HttpServletResponse response, IRequest target, OAAuthParameter oaParam)
+ throws ServletException, IOException, MOAIDException {
+
+ String form = SendAssertionFormBuilder.buildForm(target.requestedModule(),
+ target.requestedAction(), target.getRequestID(), oaParam.getFriendlyName(), request.getContextPath(), oaParam.useIFrame());
+
+ response.setContentType("text/html;charset=UTF-8");
+ PrintWriter out = new PrintWriter(response.getOutputStream());
+ out.print(form);
+ out.flush();
+ }
+
+
+// private AuthenticationSession getORCreateMOASession(HttpServletRequest request) throws MOAIDException {
+//
+// //String sessionID = request.getParameter(PARAM_SESSIONID);
+// String sessionID = (String) request.getSession().getAttribute(MOA_SESSION);
+// AuthenticationSession moasession;
+//
+// try {
+// moasession = AuthenticationSessionStoreage.getSession(sessionID);
+// Logger.info("Found existing MOASession with sessionID=" + sessionID
+// + ". This session is used for reauthentification.");
+//
+// } catch (MOADatabaseException e) {
+// try {
+// moasession = AuthenticationSessionStoreage.createSession();
+// Logger.info("Create a new MOASession with sessionID=" + moasession.getSessionID() + ".");
+//
+// } catch (MOADatabaseException e1) {
+// Logger.error("Database Error! MOASession are not created.");
+// throw new MOAIDException("init.04", new Object[] {
+// "0"});
+// }
+// }
+//
+// return moasession;
+// }
+}
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/moduls/IAction.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/moduls/IAction.java
new file mode 100644
index 000000000..aa8a8d9a9
--- /dev/null
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/moduls/IAction.java
@@ -0,0 +1,16 @@
+package at.gv.egovernment.moa.id.moduls;
+
+import javax.servlet.http.HttpServletRequest;
+import javax.servlet.http.HttpServletResponse;
+
+import at.gv.egovernment.moa.id.MOAIDException;
+import at.gv.egovernment.moa.id.auth.MOAIDAuthConstants;
+import at.gv.egovernment.moa.id.auth.data.AuthenticationSession;
+
+public interface IAction extends MOAIDAuthConstants {
+ public void processRequest(IRequest req, HttpServletRequest httpReq, HttpServletResponse httpResp, AuthenticationSession moasession)
+ throws MOAIDException;
+ public boolean needAuthentication(IRequest req, HttpServletRequest httpReq, HttpServletResponse httpResp);
+
+ public String getDefaultActionName();
+}
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/moduls/IModulInfo.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/moduls/IModulInfo.java
new file mode 100644
index 000000000..679ccb000
--- /dev/null
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/moduls/IModulInfo.java
@@ -0,0 +1,28 @@
+package at.gv.egovernment.moa.id.moduls;
+
+import javax.servlet.http.HttpServletRequest;
+import javax.servlet.http.HttpServletResponse;
+
+import at.gv.egovernment.moa.id.MOAIDException;
+
+public interface IModulInfo {
+ //public List<ServletInfo> getServlets();
+ public String getName();
+ public String getPath();
+
+ public IAction getAction(String action);
+
+ public IRequest preProcess(HttpServletRequest request,
+ HttpServletResponse response, String action)
+ throws MOAIDException;
+
+ public IAction canHandleRequest(HttpServletRequest request,
+ HttpServletResponse response);
+
+ public boolean generateErrorMessage(Throwable e,
+ HttpServletRequest request, HttpServletResponse response,
+ IRequest protocolRequest) throws Throwable;
+
+ public boolean validate(HttpServletRequest request,
+ HttpServletResponse response, IRequest pending);
+}
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/moduls/IRequest.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/moduls/IRequest.java
new file mode 100644
index 000000000..824b210cf
--- /dev/null
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/moduls/IRequest.java
@@ -0,0 +1,17 @@
+package at.gv.egovernment.moa.id.moduls;
+
+public interface IRequest {
+ public String getOAURL();
+ public boolean isPassiv();
+ public boolean forceAuth();
+ public boolean isSSOSupported();
+ public String requestedModule();
+ public String requestedAction();
+ public void setModule(String module);
+ public void setAction(String action);
+ public String getTarget();
+ public void setRequestID(String id);
+ public String getRequestID();
+
+ //public void setTarget();
+}
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/moduls/ModulStorage.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/moduls/ModulStorage.java
new file mode 100644
index 000000000..2a92f3ce5
--- /dev/null
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/moduls/ModulStorage.java
@@ -0,0 +1,52 @@
+package at.gv.egovernment.moa.id.moduls;
+
+import java.util.ArrayList;
+import java.util.Iterator;
+import java.util.List;
+
+import at.gv.egovernment.moa.logging.Logger;
+
+public class ModulStorage {
+
+ private static final String[] modulClasses = new String[]{
+ "at.gv.egovernment.moa.id.protocols.saml1.SAML1Protocol",
+ "at.gv.egovernment.moa.id.protocols.pvp2x.PVP2XProtocol"
+ };
+
+
+ private static List<IModulInfo> registeredModules = new ArrayList<IModulInfo>();
+
+ public static List<IModulInfo> getAllModules() {
+ return registeredModules;
+ }
+
+ public static IModulInfo getModuleByPath(String modname) {
+ Iterator<IModulInfo> it = registeredModules.iterator();
+ while (it.hasNext()) {
+ IModulInfo info = it.next();
+ if (info.getPath().equals(modname)) {
+ return info;
+ }
+ }
+ return null;
+ }
+
+ static {
+ Logger.info("Loading modules:");
+ for(int i = 0; i < modulClasses.length; i++) {
+ String modulClassName = modulClasses[i];
+ try {
+ @SuppressWarnings("unchecked")
+ Class<IModulInfo> moduleClass = (Class<IModulInfo>)Class.forName(modulClassName);
+ IModulInfo module = moduleClass.newInstance();
+ Logger.info("Loading Modul Information: " + module.getName());
+ registeredModules.add(module);
+ } catch(Throwable e) {
+ Logger.error("Check configuration! " + modulClassName +
+ " is not a valid IModulInfo", e);
+ }
+ }
+ Logger.info("Loading modules done");
+ }
+
+}
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/moduls/ModulUtils.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/moduls/ModulUtils.java
new file mode 100644
index 000000000..b07695938
--- /dev/null
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/moduls/ModulUtils.java
@@ -0,0 +1,24 @@
+package at.gv.egovernment.moa.id.moduls;
+
+import at.gv.egovernment.moa.id.entrypoints.DispatcherServlet;
+
+
+public class ModulUtils {
+
+ public static final String UNAUTHDISPATCHER = "dispatcher";
+ public static final String AUTHDISPATCHER = "dispatcher";
+
+ public static String buildUnauthURL(String modul, String action, String pendingRequestID) {
+ return UNAUTHDISPATCHER + "?" +
+ DispatcherServlet.PARAM_TARGET_MODULE + "=" + modul + "&" +
+ DispatcherServlet.PARAM_TARGET_ACTION + "=" + action + "&" +
+ DispatcherServlet.PARAM_TARGET_PENDINGREQUESTID + "=" + pendingRequestID;
+ }
+
+ public static String buildAuthURL(String modul, String action, String pendingRequestID) {
+ return AUTHDISPATCHER +
+ "?" + DispatcherServlet.PARAM_TARGET_MODULE + "=" + modul + "&" +
+ DispatcherServlet.PARAM_TARGET_ACTION + "=" + action + "&" +
+ DispatcherServlet.PARAM_TARGET_PENDINGREQUESTID + "=" + pendingRequestID;
+ }
+}
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/moduls/NoPassivAuthenticationException.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/moduls/NoPassivAuthenticationException.java
new file mode 100644
index 000000000..286da5a91
--- /dev/null
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/moduls/NoPassivAuthenticationException.java
@@ -0,0 +1,16 @@
+package at.gv.egovernment.moa.id.moduls;
+
+import at.gv.egovernment.moa.id.MOAIDException;
+
+public class NoPassivAuthenticationException extends MOAIDException {
+
+ public NoPassivAuthenticationException() {
+ super("auth.18", null);
+ }
+
+ /**
+ *
+ */
+ private static final long serialVersionUID = 596920452166197688L;
+
+}
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/moduls/RequestImpl.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/moduls/RequestImpl.java
new file mode 100644
index 000000000..d47e8df05
--- /dev/null
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/moduls/RequestImpl.java
@@ -0,0 +1,83 @@
+package at.gv.egovernment.moa.id.moduls;
+
+import java.io.Serializable;
+
+public class RequestImpl implements IRequest, Serializable{
+
+ private static final long serialVersionUID = 1L;
+
+ private String oaURL;
+ private boolean passiv = false;
+ private boolean force = false;
+ private boolean ssosupport = false;
+ private String module = null;
+ private String action = null;
+ private String target = null;
+ private String requestID;
+
+
+ public void setOAURL(String value) {
+ oaURL = value;
+ }
+
+ public String getOAURL() {
+ return oaURL;
+ }
+
+ public boolean isPassiv() {
+ return passiv;
+ }
+
+ public boolean forceAuth() {
+ return force;
+ }
+
+ public void setPassiv(boolean passiv) {
+ this.passiv = passiv;
+ }
+
+ public void setForce(boolean force) {
+ this.force = force;
+ }
+
+ public boolean isSSOSupported() {
+ return ssosupport;
+ }
+
+ public String requestedModule() {
+ return module;
+ }
+
+ public String requestedAction() {
+ return action;
+ }
+
+ public void setSsosupport(boolean ssosupport) {
+ this.ssosupport = ssosupport;
+ }
+
+ public void setModule(String module) {
+ this.module = module;
+ }
+
+ public void setAction(String action) {
+ this.action = action;
+ }
+
+ public String getTarget() {
+ return target;
+ }
+
+ public void setTarget(String target) {
+ this.target = target;
+ }
+
+ public void setRequestID(String id) {
+ this.requestID = id;
+
+ }
+
+ public String getRequestID() {
+ return requestID;
+ }
+}
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/moduls/RequestStorage.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/moduls/RequestStorage.java
new file mode 100644
index 000000000..d33d4693d
--- /dev/null
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/moduls/RequestStorage.java
@@ -0,0 +1,68 @@
+package at.gv.egovernment.moa.id.moduls;
+
+import java.util.List;
+import java.util.Map;
+
+import javax.servlet.http.HttpSession;
+
+import at.gv.egovernment.moa.logging.Logger;
+
+public class RequestStorage {
+
+ private static final String PENDING_REQUEST = "PENDING_REQUEST";
+
+ public static Map<String,IRequest> getPendingRequest(HttpSession session) {
+
+
+ Object obj = session.getAttribute(PENDING_REQUEST);
+ if (obj != null) {
+ synchronized (obj) {
+ if (obj instanceof Map<?,?>) {
+ if (((Map<?,?>) obj).size() > 0) {
+ if ( ((Map<?,?>) obj).keySet().toArray()[0] instanceof String) {
+ if (((Map<?,?>) obj).get(((Map<?,?>) obj).keySet().toArray()[0])
+ instanceof IRequest) {
+ return (Map<String, IRequest>) obj;
+
+
+
+ }
+ }
+ }
+ }
+ }
+ session.setAttribute(PENDING_REQUEST, null);
+ }
+ return null;
+ }
+
+ public static void setPendingRequest(HttpSession session, Map<String, IRequest> request) {
+ session.setAttribute(PENDING_REQUEST, request);
+ }
+
+ public static void removeAllPendingRequests(HttpSession session) {
+
+ Logger.debug(RequestStorage.class.getName()+": Remove all PendingRequests");
+
+ session.setAttribute(PENDING_REQUEST, null);
+ }
+
+ public static void removePendingRequest(Map<String, IRequest> requestmap, String requestID) {
+
+ if (requestmap != null && requestID != null) {
+
+ synchronized (requestmap) {
+
+ //Map<String, IRequest> requestmap = getPendingRequest(session);
+
+ if (requestmap.containsKey(requestID)) {
+ requestmap.remove(requestID);
+ Logger.debug(RequestStorage.class.getName()+": Remove PendingRequest with ID " + requestID);
+
+ }
+
+ //setPendingRequest(session, requestmap);
+ }
+ }
+ }
+}
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/moduls/SSOManager.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/moduls/SSOManager.java
new file mode 100644
index 000000000..18eeae58e
--- /dev/null
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/moduls/SSOManager.java
@@ -0,0 +1,184 @@
+package at.gv.egovernment.moa.id.moduls;
+
+import java.security.NoSuchAlgorithmException;
+import java.security.SecureRandom;
+import java.util.List;
+
+import javax.servlet.http.Cookie;
+import javax.servlet.http.HttpServletRequest;
+import javax.servlet.http.HttpServletResponse;
+
+import org.hibernate.Query;
+import org.hibernate.Session;
+
+import at.gv.egovernment.moa.id.AuthenticationException;
+import at.gv.egovernment.moa.id.commons.db.MOASessionDBUtils;
+import at.gv.egovernment.moa.id.commons.db.dao.session.AuthenticatedSessionStore;
+import at.gv.egovernment.moa.id.commons.db.dao.session.OldSSOSessionIDStore;
+import at.gv.egovernment.moa.id.config.ConfigurationException;
+import at.gv.egovernment.moa.id.config.auth.AuthConfigurationProvider;
+import at.gv.egovernment.moa.id.storage.AuthenticationSessionStoreage;
+import at.gv.egovernment.moa.id.util.HTTPSessionUtils;
+import at.gv.egovernment.moa.id.util.Random;
+import at.gv.egovernment.moa.logging.Logger;
+import at.gv.egovernment.moa.util.MiscUtil;
+
+public class SSOManager {
+
+ private static final String SSOCOOKIE = "MOA_ID_SSO";
+
+ private static final int DEFAULTSSOTIMEOUT = 15*60; //sec
+
+ private static SSOManager instance = null;
+ private static int sso_timeout;
+
+
+ public static SSOManager getInstance() {
+ if (instance == null) {
+ instance = new SSOManager();
+
+ //TODO: move to config based timeout!
+ try {
+ sso_timeout = (int) AuthConfigurationProvider.getInstance().getTimeOuts().getMOASessionUpdated().longValue();
+
+ } catch (ConfigurationException e) {
+ Logger.info("SSO Timeout can not be loaded from MOA-ID configuration. Use default Timeout with " + DEFAULTSSOTIMEOUT);
+ sso_timeout = DEFAULTSSOTIMEOUT;
+ }
+
+ }
+
+ return instance;
+ }
+
+ public boolean isValidSSOSession(String ssoSessionID, HttpServletRequest httpReq) {
+
+ //search SSO Session
+ if (ssoSessionID == null) {
+ Logger.info("No SSO Session cookie found.");
+ return false;
+ }
+
+// String moaSessionId =HTTPSessionUtils.getHTTPSessionString(httpReq.getSession(),
+// AuthenticationManager.MOA_SESSION, null);
+
+ return AuthenticationSessionStoreage.isValidSessionWithSSOID(ssoSessionID, null);
+
+ }
+
+ public String getMOASession(String ssoSessionID) {
+ return AuthenticationSessionStoreage.getMOASessionID(ssoSessionID);
+ }
+
+ public String existsOldSSOSession(String ssoId) {
+
+ Logger.trace("Check that the SSOID has already been used");
+ Session session = MOASessionDBUtils.getCurrentSession();
+
+ List<OldSSOSessionIDStore> result;
+
+ synchronized (session) {
+ session.beginTransaction();
+ Query query = session.getNamedQuery("getSSOSessionWithOldSessionID");
+ query.setString("sessionid", ssoId);
+ result = query.list();
+
+ //send transaction
+
+ }
+
+ Logger.trace("Found entries: " + result.size());
+
+ //Assertion requires an unique artifact
+ if (result.size() == 0) {
+ session.getTransaction().commit();
+ return null;
+ }
+
+ OldSSOSessionIDStore oldSSOSession = result.get(0);
+
+ AuthenticatedSessionStore correspondingMoaSession = oldSSOSession.getMoasession();
+
+ if (correspondingMoaSession == null) {
+ Logger.info("Get request with old SSO SessionID but no corresponding SSO Session is found.");
+ //TODO: ist der OldSSOSessionStore zum Aufräumen?
+ return null;
+ }
+
+
+ String moasessionid = correspondingMoaSession.getSessionid();
+
+ session.getTransaction().commit();
+
+ return moasessionid;
+
+ }
+
+ public String storeSSOSessionInformations(String moaSessionID, String OAUrl) {
+
+ String newSSOId = Random.nextRandom();
+
+ System.out.println("generate new SSO Tokken (" + newSSOId + ")");
+
+ if (MiscUtil.isEmpty(moaSessionID) || MiscUtil.isEmpty(OAUrl)) {
+ Logger.warn("MoaSessionID or OAUrl are empty -> SSO is not enabled!");
+ return null;
+ }
+
+ try {
+ AuthenticationSessionStoreage.addSSOInformation(moaSessionID, newSSOId, OAUrl);
+
+ return newSSOId;
+
+ } catch (AuthenticationException e) {
+ Logger.warn("SSO Session information can not be stored -> SSO is not enabled!");
+ return null;
+ }
+ }
+
+
+ public void setSSOSessionID(HttpServletRequest httpReq, HttpServletResponse httpResp, String ssoId) {
+ Cookie[] cookies = httpReq.getCookies();
+
+ if (cookies != null) {
+ deleteSSOSessionID(httpReq, httpResp);
+ }
+
+ Cookie cookie = new Cookie(SSOCOOKIE, ssoId);
+ cookie.setMaxAge(sso_timeout);
+ cookie.setSecure(true);
+ cookie.setPath(httpReq.getContextPath());
+ httpResp.addCookie(cookie);
+ }
+
+
+
+ public String getSSOSessionID(HttpServletRequest httpReq) {
+ Cookie[] cookies = httpReq.getCookies();
+
+ if (cookies != null) {
+ for (Cookie cookie : cookies) {
+
+ //TODO: funktioniert nicht, da Cookie seltsamerweise immer unsecure übertragen wird (firefox)
+ //if (cookie.getName().equals(SSOCOOKIE) && cookie.getSecure()) {
+
+ if (cookie.getName().equals(SSOCOOKIE)) {
+ return cookie.getValue();
+ }
+ }
+ }
+ return null;
+ }
+
+ public void deleteSSOSessionID(HttpServletRequest httpReq, HttpServletResponse httpResp) {
+ Cookie[] cookies = httpReq.getCookies();
+
+ if (cookies != null) {
+ for (Cookie cookie : cookies) {
+ if (!cookie.getName().equals(SSOCOOKIE))
+ httpResp.addCookie(cookie);
+ }
+ }
+ }
+}
+
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/moduls/ServletInfo.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/moduls/ServletInfo.java
new file mode 100644
index 000000000..0181233d5
--- /dev/null
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/moduls/ServletInfo.java
@@ -0,0 +1,31 @@
+package at.gv.egovernment.moa.id.moduls;
+
+import javax.servlet.http.HttpServlet;
+
+
+public class ServletInfo {
+ Class<? extends HttpServlet> servletClass;
+ String servletTarget;
+ ServletType type;
+
+ public ServletInfo(Class<? extends HttpServlet> servletClass,
+ String servletTarget, ServletType type) {
+ super();
+ this.servletClass = servletClass;
+ this.servletTarget = servletTarget;
+ this.type = type;
+ }
+
+ public HttpServlet getServletInstance()
+ throws InstantiationException, IllegalAccessException {
+ return servletClass.newInstance();
+ }
+
+ public String getTarget() {
+ return servletTarget;
+ }
+
+ public ServletType getType() {
+ return type;
+ }
+}
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/moduls/ServletType.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/moduls/ServletType.java
new file mode 100644
index 000000000..50b1702f8
--- /dev/null
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/moduls/ServletType.java
@@ -0,0 +1,5 @@
+package at.gv.egovernment.moa.id.moduls;
+
+public enum ServletType {
+ UNAUTH, AUTH, NONE
+}
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/AuthenticationAction.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/AuthenticationAction.java
new file mode 100644
index 000000000..59a5158bd
--- /dev/null
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/AuthenticationAction.java
@@ -0,0 +1,31 @@
+package at.gv.egovernment.moa.id.protocols.pvp2x;
+
+import javax.servlet.http.HttpServletRequest;
+import javax.servlet.http.HttpServletResponse;
+
+import at.gv.egovernment.moa.id.MOAIDException;
+import at.gv.egovernment.moa.id.auth.data.AuthenticationSession;
+import at.gv.egovernment.moa.id.moduls.IAction;
+import at.gv.egovernment.moa.id.moduls.IRequest;
+import at.gv.egovernment.moa.id.protocols.pvp2x.requestHandler.RequestManager;
+
+public class AuthenticationAction implements IAction {
+
+ public void processRequest(IRequest req, HttpServletRequest httpReq,
+ HttpServletResponse httpResp, AuthenticationSession moasession) throws MOAIDException {
+
+ System.out.println("Process PVP2 auth request!");
+ PVPTargetConfiguration pvpRequest = (PVPTargetConfiguration) req;
+ RequestManager.getInstance().handle(pvpRequest.request, httpReq, httpResp, moasession);
+ }
+
+ public boolean needAuthentication(IRequest req, HttpServletRequest httpReq,
+ HttpServletResponse httpResp) {
+ return true;
+ }
+
+ public String getDefaultActionName() {
+ return (PVP2XProtocol.REDIRECT);
+ }
+
+}
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/ExternalPVPSessionStore.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/ExternalPVPSessionStore.java
new file mode 100644
index 000000000..1e3c6145f
--- /dev/null
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/ExternalPVPSessionStore.java
@@ -0,0 +1,28 @@
+package at.gv.egovernment.moa.id.protocols.pvp2x;
+
+import java.util.HashMap;
+import java.util.Map;
+
+import org.opensaml.saml2.metadata.SPSSODescriptor;
+import org.opensaml.xml.io.MarshallingException;
+
+public class ExternalPVPSessionStore {
+
+ private Map<String, SPSSODescriptor> externalSessions = new HashMap<String, SPSSODescriptor>();
+
+ public boolean contains(String sessionID) {
+ return externalSessions.containsKey(sessionID);
+ }
+
+ public void put(String sessionID, SPSSODescriptor sso) throws MarshallingException {
+ externalSessions.put(sessionID, sso);
+ }
+
+ public SPSSODescriptor get(String sessionID) {
+ return externalSessions.get(sessionID);
+ }
+
+ public void remove(String sessionID) {
+ externalSessions.remove(sessionID);
+ }
+}
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/MetadataAction.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/MetadataAction.java
new file mode 100644
index 000000000..3d0fd80bd
--- /dev/null
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/MetadataAction.java
@@ -0,0 +1,209 @@
+package at.gv.egovernment.moa.id.protocols.pvp2x;
+
+import java.io.StringWriter;
+import java.util.List;
+
+import javax.servlet.http.HttpServletRequest;
+import javax.servlet.http.HttpServletResponse;
+import javax.xml.parsers.DocumentBuilder;
+import javax.xml.parsers.DocumentBuilderFactory;
+import javax.xml.transform.Transformer;
+import javax.xml.transform.TransformerFactory;
+import javax.xml.transform.dom.DOMSource;
+import javax.xml.transform.stream.StreamResult;
+
+import org.joda.time.DateTime;
+import org.opensaml.Configuration;
+import org.opensaml.common.xml.SAMLConstants;
+import org.opensaml.saml2.core.NameIDType;
+import org.opensaml.saml2.metadata.ContactPerson;
+import org.opensaml.saml2.metadata.EntitiesDescriptor;
+import org.opensaml.saml2.metadata.EntityDescriptor;
+import org.opensaml.saml2.metadata.IDPSSODescriptor;
+import org.opensaml.saml2.metadata.KeyDescriptor;
+import org.opensaml.saml2.metadata.NameIDFormat;
+import org.opensaml.saml2.metadata.SingleSignOnService;
+import org.opensaml.xml.io.Marshaller;
+import org.opensaml.xml.security.credential.Credential;
+import org.opensaml.xml.security.credential.UsageType;
+import org.opensaml.xml.security.keyinfo.KeyInfoGenerator;
+import org.opensaml.xml.security.x509.X509KeyInfoGeneratorFactory;
+import org.opensaml.xml.signature.Signature;
+import org.opensaml.xml.signature.Signer;
+import org.w3c.dom.Document;
+
+import at.gv.egovernment.moa.id.MOAIDException;
+import at.gv.egovernment.moa.id.auth.data.AuthenticationSession;
+import at.gv.egovernment.moa.id.moduls.IAction;
+import at.gv.egovernment.moa.id.moduls.IRequest;
+import at.gv.egovernment.moa.id.protocols.pvp2x.builder.PVPAttributeBuilder;
+import at.gv.egovernment.moa.id.protocols.pvp2x.config.PVPConfiguration;
+import at.gv.egovernment.moa.id.protocols.pvp2x.signer.CredentialProvider;
+import at.gv.egovernment.moa.id.protocols.pvp2x.utils.SAML2Utils;
+import at.gv.egovernment.moa.logging.Logger;
+
+public class MetadataAction implements IAction {
+
+ public void processRequest(IRequest req, HttpServletRequest httpReq,
+ HttpServletResponse httpResp, AuthenticationSession moasession) throws MOAIDException {
+ try {
+
+ EntitiesDescriptor idpEntitiesDescriptor =
+ SAML2Utils.createSAMLObject(EntitiesDescriptor.class);
+
+ idpEntitiesDescriptor.setName(PVPConfiguration.getInstance().getIDPIssuerName());
+
+ idpEntitiesDescriptor.setID(SAML2Utils.getSecureIdentifier());
+
+ idpEntitiesDescriptor.setValidUntil(new DateTime().plusWeeks(4));
+
+ EntityDescriptor idpEntityDescriptor = SAML2Utils
+ .createSAMLObject(EntityDescriptor.class);
+
+ idpEntitiesDescriptor.getEntityDescriptors().add(idpEntityDescriptor);
+
+ idpEntityDescriptor
+ .setEntityID(PVPConfiguration.getInstance().getIDPPublicPath());
+
+ List<ContactPerson> persons = PVPConfiguration.getInstance()
+ .getIDPContacts();
+
+ idpEntityDescriptor.getContactPersons().addAll(persons);
+
+ idpEntityDescriptor.setOrganization(PVPConfiguration.getInstance()
+ .getIDPOrganisation());
+
+ X509KeyInfoGeneratorFactory keyInfoFactory = new X509KeyInfoGeneratorFactory();
+ keyInfoFactory.setEmitPublicKeyValue(true);
+ keyInfoFactory.setEmitEntityIDAsKeyName(true);
+ keyInfoFactory.setEmitEntityCertificate(true);
+ KeyInfoGenerator keyInfoGenerator = keyInfoFactory.newInstance();
+
+ Credential credential = CredentialProvider
+ .getIDPSigningCredential();
+
+ KeyDescriptor signKeyDescriptor = SAML2Utils
+ .createSAMLObject(KeyDescriptor.class);
+ signKeyDescriptor.setUse(UsageType.SIGNING);
+ signKeyDescriptor.setKeyInfo(keyInfoGenerator.generate(credential));
+
+ Signature signature = CredentialProvider
+ .getIDPSignature(credential);
+
+ idpEntitiesDescriptor.setSignature(signature);
+
+ IDPSSODescriptor idpSSODescriptor = SAML2Utils
+ .createSAMLObject(IDPSSODescriptor.class);
+
+ idpSSODescriptor.addSupportedProtocol(SAMLConstants.SAML20P_NS);
+
+ idpSSODescriptor.setWantAuthnRequestsSigned(true);
+
+ if (PVPConfiguration.getInstance().getIDPSSOPostService() != null) {
+ SingleSignOnService postSingleSignOnService = SAML2Utils
+ .createSAMLObject(SingleSignOnService.class);
+
+ postSingleSignOnService.setLocation(PVPConfiguration
+ .getInstance().getIDPSSOPostService());
+ postSingleSignOnService
+ .setBinding(SAMLConstants.SAML2_POST_BINDING_URI);
+
+ idpSSODescriptor.getSingleSignOnServices().add(
+ postSingleSignOnService);
+ }
+
+ if (PVPConfiguration.getInstance().getIDPSSORedirectService() != null) {
+ SingleSignOnService redirectSingleSignOnService = SAML2Utils
+ .createSAMLObject(SingleSignOnService.class);
+
+ redirectSingleSignOnService.setLocation(PVPConfiguration
+ .getInstance().getIDPSSORedirectService());
+ redirectSingleSignOnService
+ .setBinding(SAMLConstants.SAML2_REDIRECT_BINDING_URI);
+
+ idpSSODescriptor.getSingleSignOnServices().add(
+ redirectSingleSignOnService);
+ }
+
+ /*if (PVPConfiguration.getInstance().getIDPResolveSOAPService() != null) {
+ ArtifactResolutionService artifactResolutionService = SAML2Utils
+ .createSAMLObject(ArtifactResolutionService.class);
+
+ artifactResolutionService
+ .setBinding(SAMLConstants.SAML2_SOAP11_BINDING_URI);
+ artifactResolutionService.setLocation(PVPConfiguration
+ .getInstance().getIDPResolveSOAPService());
+
+ artifactResolutionService.setIndex(0);
+
+ idpSSODescriptor.getArtifactResolutionServices().add(
+ artifactResolutionService);
+ }*/
+
+ idpSSODescriptor.getKeyDescriptors().add(signKeyDescriptor);
+
+ idpSSODescriptor.getAttributes().addAll(PVPAttributeBuilder.buildSupportedEmptyAttributes());
+
+ NameIDFormat persistenNameIDFormat = SAML2Utils.createSAMLObject(NameIDFormat.class);
+ persistenNameIDFormat.setFormat(NameIDType.PERSISTENT);
+
+ idpSSODescriptor.getNameIDFormats().add(persistenNameIDFormat);
+
+ NameIDFormat transientNameIDFormat = SAML2Utils.createSAMLObject(NameIDFormat.class);
+ transientNameIDFormat.setFormat(NameIDType.TRANSIENT);
+
+ idpSSODescriptor.getNameIDFormats().add(transientNameIDFormat);
+
+ NameIDFormat unspecifiedNameIDFormat = SAML2Utils.createSAMLObject(NameIDFormat.class);
+ unspecifiedNameIDFormat.setFormat(NameIDType.UNSPECIFIED);
+
+ idpSSODescriptor.getNameIDFormats().add(unspecifiedNameIDFormat);
+
+ idpEntityDescriptor.getRoleDescriptors().add(idpSSODescriptor);
+
+ DocumentBuilder builder;
+ DocumentBuilderFactory factory = DocumentBuilderFactory
+ .newInstance();
+
+ builder = factory.newDocumentBuilder();
+ Document document = builder.newDocument();
+ Marshaller out = Configuration.getMarshallerFactory()
+ .getMarshaller(idpEntitiesDescriptor);
+ out.marshall(idpEntitiesDescriptor, document);
+
+ Signer.signObject(signature);
+
+ Transformer transformer = TransformerFactory.newInstance()
+ .newTransformer();
+
+ StringWriter sw = new StringWriter();
+ StreamResult sr = new StreamResult(sw);
+ DOMSource source = new DOMSource(document);
+ transformer.transform(source, sr);
+ sw.close();
+
+ String metadataXML = sw.toString();
+
+ System.out.println("METADATA: " + metadataXML);
+
+ httpResp.setContentType("text/xml");
+ httpResp.getOutputStream().write(metadataXML.getBytes());
+
+ httpResp.getOutputStream().close();
+
+ } catch (Exception e) {
+ Logger.error("Failed to generate metadata", e);
+ throw new MOAIDException("pvp2.13", null);
+ }
+ }
+
+ public boolean needAuthentication(IRequest req, HttpServletRequest httpReq,
+ HttpServletResponse httpResp) {
+ return false;
+ }
+
+ public String getDefaultActionName() {
+ return (PVP2XProtocol.METADATA);
+ }
+
+}
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/PVP2XProtocol.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/PVP2XProtocol.java
new file mode 100644
index 000000000..6055484f7
--- /dev/null
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/PVP2XProtocol.java
@@ -0,0 +1,302 @@
+package at.gv.egovernment.moa.id.protocols.pvp2x;
+
+import iaik.pkcs.pkcs11.objects.Object;
+
+import java.util.ArrayList;
+import java.util.HashMap;
+import java.util.Iterator;
+import java.util.List;
+
+import javax.servlet.http.HttpServletRequest;
+import javax.servlet.http.HttpServletResponse;
+
+import org.apache.commons.lang.StringEscapeUtils;
+import org.opensaml.DefaultBootstrap;
+import org.opensaml.common.xml.SAMLConstants;
+import org.opensaml.saml2.core.AuthnRequest;
+import org.opensaml.saml2.core.RequestAbstractType;
+import org.opensaml.saml2.core.Response;
+import org.opensaml.saml2.core.Status;
+import org.opensaml.saml2.core.StatusCode;
+import org.opensaml.saml2.core.StatusMessage;
+import org.opensaml.saml2.metadata.AssertionConsumerService;
+import org.opensaml.saml2.metadata.AttributeConsumingService;
+import org.opensaml.saml2.metadata.EntityDescriptor;
+import org.opensaml.saml2.metadata.SPSSODescriptor;
+import org.opensaml.xml.ConfigurationException;
+
+import at.gv.egovernment.moa.id.MOAIDException;
+import at.gv.egovernment.moa.id.auth.MOAIDAuthConstants;
+import at.gv.egovernment.moa.id.auth.WrongParametersException;
+import at.gv.egovernment.moa.id.moduls.IAction;
+import at.gv.egovernment.moa.id.moduls.IModulInfo;
+import at.gv.egovernment.moa.id.moduls.IRequest;
+import at.gv.egovernment.moa.id.moduls.NoPassivAuthenticationException;
+import at.gv.egovernment.moa.id.moduls.ServletInfo;
+import at.gv.egovernment.moa.id.moduls.ServletType;
+import at.gv.egovernment.moa.id.protocols.pvp2x.binding.IDecoder;
+import at.gv.egovernment.moa.id.protocols.pvp2x.binding.IEncoder;
+import at.gv.egovernment.moa.id.protocols.pvp2x.binding.MOARequest;
+import at.gv.egovernment.moa.id.protocols.pvp2x.binding.PostBinding;
+import at.gv.egovernment.moa.id.protocols.pvp2x.binding.RedirectBinding;
+import at.gv.egovernment.moa.id.protocols.pvp2x.config.PVPConfiguration;
+import at.gv.egovernment.moa.id.protocols.pvp2x.exceptions.MandateAttributesNotHandleAbleException;
+import at.gv.egovernment.moa.id.protocols.pvp2x.exceptions.NoMetadataInformationException;
+import at.gv.egovernment.moa.id.protocols.pvp2x.exceptions.PVP2Exception;
+import at.gv.egovernment.moa.id.protocols.pvp2x.utils.CheckMandateAttributes;
+import at.gv.egovernment.moa.id.protocols.pvp2x.utils.SAML2Utils;
+import at.gv.egovernment.moa.id.protocols.pvp2x.verification.SAMLVerificationEngine;
+import at.gv.egovernment.moa.id.protocols.pvp2x.verification.TrustEngineFactory;
+import at.gv.egovernment.moa.id.util.ParamValidatorUtils;
+import at.gv.egovernment.moa.id.util.VelocityLogAdapter;
+
+public class PVP2XProtocol implements IModulInfo, MOAIDAuthConstants {
+
+ public static final String NAME = PVP2XProtocol.class.getName();
+ public static final String PATH = "id_pvp2x";
+
+ public static final String REDIRECT = "Redirect";
+ public static final String POST = "Post";
+ public static final String SOAP = "Soap";
+ public static final String METADATA = "Metadata";
+
+ private static List<ServletInfo> servletList = new ArrayList<ServletInfo>();
+
+ private static List<IDecoder> decoder = new ArrayList<IDecoder>();
+
+ private static HashMap<String, IAction> actions = new HashMap<String, IAction>();
+
+ static {
+ servletList.add(new ServletInfo(PVPProcessor.class, REDIRECT,
+ ServletType.AUTH));
+ servletList.add(new ServletInfo(PVPProcessor.class, POST,
+ ServletType.AUTH));
+
+ decoder.add(new PostBinding());
+ decoder.add(new RedirectBinding());
+
+ actions.put(REDIRECT, new AuthenticationAction());
+ actions.put(POST, new AuthenticationAction());
+ actions.put(METADATA, new MetadataAction());
+
+ instance = new PVP2XProtocol();
+
+ new VelocityLogAdapter();
+ }
+
+ private static PVP2XProtocol instance = null;
+
+ public static PVP2XProtocol getInstance() {
+ if (instance == null) {
+ instance = new PVP2XProtocol();
+ }
+ return instance;
+ }
+
+ public List<ServletInfo> getServlets() {
+ return servletList;
+ }
+
+ public String getName() {
+ return NAME;
+ }
+
+ public String getPath() {
+ return PATH;
+ }
+
+ private IDecoder findDecoder(String action, HttpServletRequest req) {
+ Iterator<IDecoder> decoderIT = decoder.iterator();
+ while (decoderIT.hasNext()) {
+ IDecoder decoder = decoderIT.next();
+ if (decoder.handleDecode(action, req)) {
+ return decoder;
+ }
+ }
+
+ return null;
+ }
+
+ public PVP2XProtocol() {
+ super();
+ }
+
+ public IRequest preProcess(HttpServletRequest request,
+ HttpServletResponse response, String action) throws MOAIDException {
+
+ if(METADATA.equals(action)) {
+ return new PVPTargetConfiguration();
+ }
+
+ IDecoder decoder = findDecoder(action, request);
+ if (decoder == null) {
+ return null;
+ }
+ try {
+ PVPTargetConfiguration config = new PVPTargetConfiguration();
+
+
+ MOARequest moaRequest = decoder.decodeRequest(request, response);
+
+ RequestAbstractType samlReq = moaRequest.getSamlRequest();
+
+ //String xml = PrettyPrinter.prettyPrint(SAML2Utils.asDOMDocument(samlReq));
+
+ //Logger.info("SAML : " + xml);
+
+ if(!moaRequest.isVerified()) {
+ SAMLVerificationEngine engine = new SAMLVerificationEngine();
+ engine.verifyRequest(samlReq, TrustEngineFactory.getSignatureKnownKeysTrustEngine());
+ moaRequest.setVerified(true);
+ }
+
+ if(!(samlReq instanceof AuthnRequest)) {
+ throw new MOAIDException("Unsupported request", new Object[] {});
+ }
+
+ AuthnRequest authnRequest = (AuthnRequest)samlReq;
+
+ Integer aIdx = authnRequest.getAssertionConsumerServiceIndex();
+ int assertionidx = 0;
+
+ if(aIdx != null) {
+ assertionidx = aIdx.intValue();
+ }
+
+ aIdx = authnRequest.getAttributeConsumingServiceIndex();
+ int attributeIdx = 0;
+
+ if(aIdx != null) {
+ attributeIdx = aIdx.intValue();
+ }
+
+ EntityDescriptor metadata = moaRequest.getEntityMetadata();
+ if(metadata == null) {
+ throw new NoMetadataInformationException();
+ }
+ SPSSODescriptor spSSODescriptor = metadata.getSPSSODescriptor(SAMLConstants.SAML20P_NS);
+ AssertionConsumerService consumerService = spSSODescriptor.getAssertionConsumerServices().get(assertionidx);
+ AttributeConsumingService attributeConsumer = spSSODescriptor.getAttributeConsumingServices().get(attributeIdx);
+
+ //TODO: maybe change to getEntityID()
+ //String oaURL = consumerService.getLocation();
+ String oaURL = moaRequest.getEntityMetadata().getEntityID();
+ String binding = consumerService.getBinding();
+ String entityID = moaRequest.getEntityMetadata().getEntityID();
+
+ //String oaURL = (String) request.getParameter(PARAM_OA);
+ oaURL = StringEscapeUtils.escapeHtml(oaURL);
+// if (!ParamValidatorUtils.isValidOA(oaURL))
+// throw new WrongParametersException("StartAuthentication",
+// PARAM_OA, "auth.12");
+
+ config.setOAURL(oaURL);
+ config.setBinding(binding);
+ config.setRequest(moaRequest);
+ config.setConsumerURL(consumerService.getLocation());
+
+ //TODO: set correct target;
+ config.setTarget(PVPConfiguration.getInstance().getTargetForSP(entityID));
+
+ String useMandate = request.getParameter(PARAM_USEMANDATE);
+ if(useMandate != null) {
+ if(useMandate.equals("true")) {
+ if(!CheckMandateAttributes.canHandleMandate(attributeConsumer)) {
+ throw new MandateAttributesNotHandleAbleException();
+ }
+ }
+ }
+
+ request.getSession().setAttribute(PARAM_OA, oaURL);
+
+ return config;
+ } catch (Exception e) {
+ e.printStackTrace();
+ throw new MOAIDException(e.getMessage(), new Object[] {});
+ }
+ }
+
+ public boolean generateErrorMessage(Throwable e,
+ HttpServletRequest request, HttpServletResponse response,
+ IRequest protocolRequest) throws Throwable {
+
+ if(protocolRequest == null) {
+ throw e;
+ }
+
+ if(!(protocolRequest instanceof PVPTargetConfiguration) ) {
+ throw e;
+ }
+ PVPTargetConfiguration pvpRequest = (PVPTargetConfiguration)protocolRequest;
+
+ Response samlResponse =
+ SAML2Utils.createSAMLObject(Response.class);
+ Status status = SAML2Utils.createSAMLObject(Status.class);
+ StatusCode statusCode = SAML2Utils.createSAMLObject(StatusCode.class);
+ StatusMessage statusMessage = SAML2Utils.createSAMLObject(StatusMessage.class);
+ if(e instanceof NoPassivAuthenticationException) {
+ statusCode.setValue(StatusCode.NO_PASSIVE_URI);
+ statusMessage.setMessage(e.getLocalizedMessage());
+ } else if(e instanceof PVP2Exception) {
+ PVP2Exception ex = (PVP2Exception) e;
+ statusCode.setValue(ex.getStatusCodeValue());
+ String statusMessageValue = ex.getStatusMessageValue();
+ if(statusMessageValue != null) {
+ statusMessage.setMessage(statusMessageValue);
+ }
+ } else {
+ statusCode.setValue(StatusCode.RESPONDER_URI);
+ statusMessage.setMessage(e.getLocalizedMessage());
+ }
+
+ status.setStatusCode(statusCode);
+ if(statusMessage.getMessage() != null) {
+ status.setStatusMessage(statusMessage);
+ }
+ samlResponse.setStatus(status);
+
+ IEncoder encoder = null;
+
+ if(pvpRequest.getBinding().equals(SAMLConstants.SAML2_REDIRECT_BINDING_URI)) {
+ encoder = new RedirectBinding();
+ } else if(pvpRequest.getBinding().equals(SAMLConstants.SAML2_ARTIFACT_BINDING_URI)) {
+ // TODO: not supported YET!!
+ //binding = new ArtifactBinding();
+ } else if(pvpRequest.getBinding().equals(SAMLConstants.SAML2_POST_BINDING_URI)) {
+ encoder = new PostBinding();
+ }
+
+ if(encoder == null) {
+ // default to redirect binding
+ encoder = new RedirectBinding();
+ }
+
+ encoder.encodeRespone(request, response, samlResponse, pvpRequest.getConsumerURL());
+ return true;
+ }
+
+ public IAction getAction(String action) {
+ return actions.get(action);
+ }
+
+ public IAction canHandleRequest(HttpServletRequest request,
+ HttpServletResponse response) {
+ if(request.getParameter("SAMLRequest") != null && request.getMethod().equals("GET")) {
+ return getAction(REDIRECT);
+ } else if(request.getParameter("SAMLRequest") != null && request.getMethod().equals("POST")) {
+ return getAction(POST);
+ }
+
+ if(METADATA.equals(request.getParameter("action"))) {
+ return getAction(METADATA);
+ }
+ return null;
+ }
+
+ public boolean validate(HttpServletRequest request,
+ HttpServletResponse response, IRequest pending) {
+ // TODO implement validation!
+ return true;
+ }
+
+}
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/PVPAssertionStorage.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/PVPAssertionStorage.java
new file mode 100644
index 000000000..2e2f75b94
--- /dev/null
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/PVPAssertionStorage.java
@@ -0,0 +1,60 @@
+package at.gv.egovernment.moa.id.protocols.pvp2x;
+
+import org.opensaml.common.SAMLObject;
+import org.opensaml.common.binding.artifact.SAMLArtifactMap;
+import org.opensaml.xml.io.MarshallingException;
+
+import at.gv.egovernment.moa.id.commons.db.ex.MOADatabaseException;
+import at.gv.egovernment.moa.id.protocols.pvp2x.utils.StoredAssertion;
+import at.gv.egovernment.moa.id.storage.AssertionStorage;
+
+public class PVPAssertionStorage implements SAMLArtifactMap {
+
+ private static PVPAssertionStorage instance = null;
+
+ public static PVPAssertionStorage getInstance() {
+ if(instance == null) {
+ instance = new PVPAssertionStorage();
+ }
+ return instance;
+ }
+
+ //private Map<String, SAMLArtifactMapEntry> assertions = new HashMap<String, SAMLArtifactMapEntry>();
+ private AssertionStorage assertions = AssertionStorage.getInstance();
+
+ public boolean contains(String artifact) {
+ return assertions.containsKey(artifact);
+ }
+
+ public void put(String artifact, String relyingPartyId, String issuerId,
+ SAMLObject samlMessage) throws MarshallingException {
+ SAMLArtifactMapEntry assertion = new StoredAssertion(artifact,
+ relyingPartyId,
+ issuerId,
+ samlMessage);
+
+ try {
+ assertions.put(artifact, assertion);
+
+ } catch (MOADatabaseException e) {
+ // TODO Insert Error Handling, if Assertion could not be stored
+ throw new MarshallingException("Assertion are not stored in Database.",e);
+ }
+ }
+
+ public SAMLArtifactMapEntry get(String artifact) {
+ try {
+ return assertions.get(artifact, SAMLArtifactMapEntry.class);
+
+ } catch (MOADatabaseException e) {
+ // TODO Insert Error Handling, if Assertion could not be read
+ e.printStackTrace();
+ return null;
+ }
+ }
+
+ public void remove(String artifact) {
+ assertions.remove(artifact);
+ }
+
+}
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/PVPConstants.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/PVPConstants.java
new file mode 100644
index 000000000..e8b661362
--- /dev/null
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/PVPConstants.java
@@ -0,0 +1,236 @@
+package at.gv.egovernment.moa.id.protocols.pvp2x;
+
+public interface PVPConstants {
+
+ public static final String STORK_QAA_1_1 = "http://www.stork.gov.eu/1.0/citizenQAALevel/1";
+ public static final String STORK_QAA_1_2 = "http://www.stork.gov.eu/1.0/citizenQAALevel/2";
+ public static final String STORK_QAA_1_3 = "http://www.stork.gov.eu/1.0/citizenQAALevel/3";
+ public static final String STORK_QAA_1_4 = "http://www.stork.gov.eu/1.0/citizenQAALevel/4";
+
+ public static final String URN_OID_PREFIX = "urn:oid:";
+
+ public static final String PVP_VERSION_OID = "1.2.40.0.10.2.1.1.261.10";
+ public static final String PVP_VERSION_NAME = URN_OID_PREFIX + PVP_VERSION_OID;
+ public static final String PVP_VERSION_FRIENDLY_NAME = "PVP-VERSION";
+ public static final String PVP_VERSION_2_1 = "2.1";
+
+ public static final String SECCLASS_FRIENDLY_NAME = "SECCLASS";
+
+ public static final String PRINCIPAL_NAME_OID = "1.2.40.0.10.2.1.1.261.20";
+ public static final String PRINCIPAL_NAME_NAME = URN_OID_PREFIX + PRINCIPAL_NAME_OID;
+ public static final String PRINCIPAL_NAME_FRIENDLY_NAME = "PRINCIPAL-NAME";
+ public static final int PRINCIPAL_NAME_MAX_LENGTH = 128;
+
+ public static final String GIVEN_NAME_OID = "2.5.4.42";
+ public static final String GIVEN_NAME_NAME = URN_OID_PREFIX + GIVEN_NAME_OID;
+ public static final String GIVEN_NAME_FRIENDLY_NAME = "GIVEN-NAME";
+ public static final int GIVEN_NAME_MAX_LENGTH = 128;
+
+ public static final String BIRTHDATE_OID = "1.2.40.0.10.2.1.1.55";
+ public static final String BIRTHDATE_NAME = URN_OID_PREFIX + BIRTHDATE_OID;
+ public static final String BIRTHDATE_FRIENDLY_NAME = "BIRTHDATE";
+ public static final String BIRTHDATE_FORMAT_PATTERN = "yyyy-MM-dd";
+
+ public static final String USERID_OID = "0.9.2342.19200300.100.1.1";
+ public static final String USERID_NAME = URN_OID_PREFIX + USERID_OID;
+ public static final String USERID_FRIENDLY_NAME = "USERID";
+ public static final int USERID_MAX_LENGTH = 128;
+
+ public static final String GID_OID = "1.2.40.0.10.2.1.1.1";
+ public static final String GID_NAME = URN_OID_PREFIX + GID_OID;
+ public static final String GID_FRIENDLY_NAME = "GID";
+ public static final int GID_MAX_LENGTH = 128;
+
+ public static final String BPK_OID = "1.2.40.0.10.2.1.1.149";
+ public static final String BPK_NAME = URN_OID_PREFIX + BPK_OID;
+ public static final String BPK_FRIENDLY_NAME = "BPK";
+ public static final int BPK_MAX_LENGTH = 1024;
+
+ public static final String ENC_BPK_LIST_OID = "1.2.40.0.10.2.1.1.261.22";
+ public static final String ENC_BPK_LIST_NAME = URN_OID_PREFIX+ENC_BPK_LIST_OID;
+ public static final String ENC_BPK_LIST_FRIENDLY_NAME = "ENC-BPK-LIST";
+ public static final int ENC_BPK_LIST_MAX_LENGTH = 32767;
+
+ public static final String MAIL_OID = "0.9.2342.19200300.100.1.3";
+ public static final String MAIL_NAME = URN_OID_PREFIX + MAIL_OID;
+ public static final String MAIL_FRIENDLY_NAME = "MAIL";
+ public static final int MAIL_MAX_LENGTH = 128;
+
+ public static final String TEL_OID = "2.5.4.20";
+ public static final String TEL_NAME = URN_OID_PREFIX + TEL_OID;
+ public static final String TEL_FRIENDLY_NAME = "TEL";
+ public static final int TEL_MAX_LENGTH = 32;
+
+ public static final String PARTICIPANT_ID_OID = "1.2.40.0.10.2.1.1.71";
+ public static final String PARTICIPANT_ID_NAME = URN_OID_PREFIX + PARTICIPANT_ID_OID;
+ public static final String PARTICIPANT_ID_FRIENDLY_NAME = "PARTICIPANT-ID";
+ public static final int PARTICIPANT_MAX_LENGTH = 39;
+
+ public static final String PARTICIPANT_OKZ_OID = "1.2.40.0.10.2.1.1.261.24";
+ public static final String PARTICIPANT_OKZ_NAME = URN_OID_PREFIX + PARTICIPANT_OKZ_OID;
+ public static final String PARTICIPANT_OKZ_FRIENDLY_NAME = "PARTICIPANT-OKZ";
+ public static final int PARTICIPANT_OKZ_MAX_LENGTH = 32;
+
+ public static final String OU_OKZ_OID = "1.2.40.0.10.2.1.1.153";
+ public static final String OU_OKZ_NAME = URN_OID_PREFIX + OU_OKZ_OID;
+ public static final int OU_OKZ_MAX_LENGTH = 32;
+
+ public static final String OU_GV_OU_ID_OID = "1.2.40.0.10.2.1.1.3";
+ public static final String OU_GV_OU_ID_NAME = URN_OID_PREFIX + OU_GV_OU_ID_OID;
+ public static final String OU_GV_OU_ID_FRIENDLY_NAME = "OU-GV-OU-ID";
+ public static final int OU_GV_OU_ID_MAX_LENGTH = 39;
+
+ public static final String OU_OID = "2.5.4.11";
+ public static final String OU_NAME = URN_OID_PREFIX + OU_OID;
+ public static final String OU_FRIENDLY_NAME = "OU";
+ public static final int OU_MAX_LENGTH = 64;
+
+ public static final String FUNCTION_OID = "1.2.40.0.10.2.1.1.33";
+ public static final String FUNCTION_NAME = URN_OID_PREFIX + FUNCTION_OID;
+ public static final String FUNCTION_FRIENDLY_NAME = "FUNCTION";
+ public static final int FUNCTION_MAX_LENGTH = 32;
+
+ public static final String ROLES_OID = "1.2.40.0.10.2.1.1.261.30";
+ public static final String ROLES_NAME = URN_OID_PREFIX + ROLES_OID;
+ public static final String ROLES_FRIENDLY_NAME = "ROLES";
+ public static final int ROLES_MAX_LENGTH = 32767;
+
+ public static final String EID_CITIZEN_QAA_LEVEL_OID = "1.2.40.0.10.2.1.1.261.94";
+ public static final String EID_CITIZEN_QAA_LEVEL_NAME = URN_OID_PREFIX + EID_CITIZEN_QAA_LEVEL_OID;
+ public static final String EID_CITIZEN_QAA_LEVEL_FRIENDLY_NAME = "EID-CITIZEN-QAA-LEVEL";
+
+ public static final String EID_ISSUING_NATION_OID = "1.2.40.0.10.2.1.1.261.32";
+ public static final String EID_ISSUING_NATION_NAME = URN_OID_PREFIX + EID_ISSUING_NATION_OID;
+ public static final String EID_ISSUING_NATION_FRIENDLY_NAME = "EID-ISSUING-NATION";
+ public static final int EID_ISSUING_NATION_MAX_LENGTH = 2;
+
+ public static final String EID_SECTOR_FOR_IDENTIFIER_OID = "1.2.40.0.10.2.1.1.261.34";
+ public static final String EID_SECTOR_FOR_IDENTIFIER_NAME = URN_OID_PREFIX + EID_SECTOR_FOR_IDENTIFIER_OID;
+ public static final String EID_SECTOR_FOR_IDENTIFIER_FRIENDLY_NAME = "EID-SECTOR-FOR-IDENTIFIER";
+ public static final int EID_SECTOR_FOR_IDENTIFIER_MAX_LENGTH = 255;
+
+ public static final String EID_SOURCE_PIN_OID = "1.2.40.0.10.2.1.1.261.36";
+ public static final String EID_SOURCE_PIN_NAME = URN_OID_PREFIX + EID_SOURCE_PIN_OID;
+ public static final String EID_SOURCE_PIN_FRIENDLY_NAME = "EID-SOURCE-PIN";
+ public static final int EID_SOURCE_PIN_MAX_LENGTH = 128;
+
+ public static final String EID_SOURCE_PIN_TYPE_OID = "1.2.40.0.10.2.1.1.261.104";
+ public static final String EID_SOURCE_PIN_TYPE_NAME = URN_OID_PREFIX + EID_SOURCE_PIN_TYPE_OID;
+ public static final String EID_SOURCE_PIN_TYPE_FRIENDLY_NAME = "EID-SOURCE-PIN-TYPE";
+ public static final int EID_SOURCE_PIN_TYPE_MAX_LENGTH = 128;
+
+ public static final String EID_IDENTITY_LINK_OID = "1.2.40.0.10.2.1.1.261.38";
+ public static final String EID_IDENTITY_LINK_NAME = URN_OID_PREFIX + EID_IDENTITY_LINK_OID;
+ public static final String EID_IDENTITY_LINK_FRIENDLY_NAME = "EID-IDENTITY-LINK";
+ public static final int EID_IDENTITY_LINK_MAX_LENGTH = 32767;
+
+ public static final String EID_AUTH_BLOCK_OID = "1.2.40.0.10.2.1.1.261.62";
+ public static final String EID_AUTH_BLOCK_NAME = URN_OID_PREFIX + EID_AUTH_BLOCK_OID;
+ public static final String EID_AUTH_BLOCK_FRIENDLY_NAME = "EID-AUTH-BLOCK";
+ public static final int EID_AUTH_BLOCK_MAX_LENGTH = 32767;
+
+ public static final String EID_CCS_URL_OID = "1.2.40.0.10.2.1.1.261.64";
+ public static final String EID_CCS_URL_NAME = URN_OID_PREFIX + EID_CCS_URL_OID;
+ public static final String EID_CCS_URL_FRIENDLY_NAME = "EID-CCS-URL";
+ public static final int EID_CCS_URL_MAX_LENGTH = 1024;
+
+ public static final String EID_SIGNER_CERTIFICATE_OID = "1.2.40.0.10.2.1.1.261.66";
+ public static final String EID_SIGNER_CERTIFICATE_NAME = URN_OID_PREFIX + EID_SIGNER_CERTIFICATE_OID;
+ public static final String EID_SIGNER_CERTIFICATE_FRIENDLY_NAME = "EID-SIGNER-CERTIFICATE";
+ public static final int EID_SIGNER_CERTIFICATE_MAX_LENGTH = 32767;
+
+ public static final String EID_STORK_TOKEN_OID = "1.2.40.0.10.2.1.1.261.96";
+ public static final String EID_STORK_TOKEN_NAME = URN_OID_PREFIX + EID_STORK_TOKEN_OID;
+ public static final String EID_STORK_TOKEN_FRIENDLY_NAME = "EID-STORK-TOKEN";
+ public static final int EID_STORK_TOKEN_MAX_LENGTH = 32767;
+
+ public static final String MANDATE_TYPE_OID = "1.2.40.0.10.2.1.1.261.68";
+ public static final String MANDATE_TYPE_NAME = URN_OID_PREFIX + MANDATE_TYPE_OID;
+ public static final String MANDATE_TYPE_FRIENDLY_NAME = "MANDATE-TYPE";
+ public static final int MANDATE_TYPE_MAX_LENGTH = 256;
+
+ public static final String MANDATE_NAT_PER_SOURCE_PIN_OID = "1.2.40.0.10.2.1.1.261.70";
+ public static final String MANDATE_NAT_PER_SOURCE_PIN_NAME = URN_OID_PREFIX + MANDATE_NAT_PER_SOURCE_PIN_OID;
+ public static final String MANDATE_NAT_PER_SOURCE_PIN_FRIENDLY_NAME = "MANDATOR-NATURAL-PERSON-SOURCE-PIN";
+ public static final int MANDATE_NAT_PER_SOURCE_PIN_MAX_LENGTH = 128;
+
+ public static final String MANDATE_LEG_PER_SOURCE_PIN_OID = "1.2.40.0.10.2.1.1.261.100";
+ public static final String MANDATE_LEG_PER_SOURCE_PIN_NAME = URN_OID_PREFIX + MANDATE_LEG_PER_SOURCE_PIN_OID;
+ public static final String MANDATE_LEG_PER_SOURCE_PIN_FRIENDLY_NAME = "MANDATOR-LEGAL-PERSON-SOURCE-PIN";
+ public static final int MANDATE_LEG_PER_SOURCE_PIN_MAX_LENGTH = 128;
+
+ public static final String MANDATE_NAT_PER_SOURCE_PIN_TYPE_OID = "1.2.40.0.10.2.1.1.261.102";
+ public static final String MANDATE_NAT_PER_SOURCE_PIN_TYPE_NAME = URN_OID_PREFIX + MANDATE_NAT_PER_SOURCE_PIN_TYPE_OID;
+ public static final String MANDATE_NAT_PER_SOURCE_PIN_TYPE_FRIENDLY_NAME = "MANDATOR-NATURAL-PERSON-SOURCE-PIN-TYPE";
+ public static final int MANDATE_NAT_PER_SOURCE_PIN_TYPE_MAX_LENGTH = 128;
+
+ public static final String MANDATE_LEG_PER_SOURCE_PIN_TYPE_OID = "1.2.40.0.10.2.1.1.261.76";
+ public static final String MANDATE_LEG_PER_SOURCE_PIN_TYPE_NAME = URN_OID_PREFIX + MANDATE_LEG_PER_SOURCE_PIN_TYPE_OID;
+ public static final String MANDATE_LEG_PER_SOURCE_PIN_TYPE_FRIENDLY_NAME = "MANDATOR-LEGAL-PERSON-SOURCE-PIN-TYPE";
+ public static final int MANDATE_LEG_PER_SOURCE_PIN_TYPE_MAX_LENGTH = 128;
+
+ public static final String MANDATE_NAT_PER_BPK_OID = "1.2.40.0.10.2.1.1.261.98";
+ public static final String MANDATE_NAT_PER_BPK_NAME = URN_OID_PREFIX + MANDATE_NAT_PER_BPK_OID;
+ public static final String MANDATE_NAT_PER_BPK_FRIENDLY_NAME = "MANDATOR-NATURAL-PERSON-BPK";
+ public static final int MANDATE_NAT_PER_BPK_MAX_LENGTH = 1024;
+
+ public static final String MANDATE_NAT_PER_ENC_BPK_LIST_OID = "1.2.40.0.10.2.1.1.261.72";
+ public static final String MANDATE_NAT_PER_ENC_BPK_LIST_NAME = URN_OID_PREFIX + MANDATE_NAT_PER_ENC_BPK_LIST_OID;
+ public static final String MANDATE_NAT_PER_ENC_BPK_LIST_FRIENDLY_NAME = "MANDATOR-NATURAL-PERSON-ENC-BPK-LIST";
+ public static final int MANDATE_NAT_PER_ENC_BPK_LIST_MAX_LENGTH = 32767;
+
+ public static final String MANDATE_NAT_PER_GIVEN_NAME_OID = "1.2.40.0.10.2.1.1.261.78";
+ public static final String MANDATE_NAT_PER_GIVEN_NAME_NAME = URN_OID_PREFIX + MANDATE_NAT_PER_GIVEN_NAME_OID;
+ public static final String MANDATE_NAT_PER_GIVEN_NAME_FRIENDLY_NAME = "MANDATOR-NATURAL-PERSON-GIVEN-NAME";
+ public static final int MANDATE_NAT_PER_GIVEN_NAME_MAX_LENGTH = 128;
+
+ public static final String MANDATE_NAT_PER_FAMILY_NAME_OID = "1.2.40.0.10.2.1.1.261.80";
+ public static final String MANDATE_NAT_PER_FAMILY_NAME_NAME = URN_OID_PREFIX + MANDATE_NAT_PER_FAMILY_NAME_OID;
+ public static final String MANDATE_NAT_PER_FAMILY_NAME_FRIENDLY_NAME = "MANDATOR-NATURAL-PERSON-FAMILY-NAME";
+ public static final int MANDATE_NAT_PER_FAMILY_NAME_MAX_LENGTH = 128;
+
+ public static final String MANDATE_NAT_PER_BIRTHDATE_OID = "1.2.40.0.10.2.1.1.261.82";
+ public static final String MANDATE_NAT_PER_BIRTHDATE_NAME = URN_OID_PREFIX + MANDATE_NAT_PER_BIRTHDATE_OID;
+ public static final String MANDATE_NAT_PER_BIRTHDATE_FRIENDLY_NAME = "MANDATOR-NATURAL-PERSON-BIRTHDATE";
+ public static final String MANDATE_NAT_PER_BIRTHDATE_FORMAT_PATTERN = BIRTHDATE_FORMAT_PATTERN;
+
+ public static final String MANDATE_LEG_PER_FULL_NAME_OID = "1.2.40.0.10.2.1.1.261.84";
+ public static final String MANDATE_LEG_PER_FULL_NAME_NAME = URN_OID_PREFIX + MANDATE_LEG_PER_FULL_NAME_OID;
+ public static final String MANDATE_LEG_PER_FULL_NAME_FRIENDLY_NAME = "MANDATOR-LEGAL-PERSON-FULL-NAME";
+ public static final int MANDATE_LEG_PER_FULL_NAME_MAX_LENGTH = 256;
+
+ public static final String MANDATE_PROF_REP_OID_OID = "1.2.40.0.10.2.1.1.261.86";
+ public static final String MANDATE_PROF_REP_OID_NAME = URN_OID_PREFIX + MANDATE_PROF_REP_OID_OID;
+ public static final String MANDATE_PROF_REP_OID_FRIENDLY_NAME = "MANDATOR-PROF-REP-OID";
+ public static final int MANDATE_PROF_REP_OID_MAX_LENGTH = 256;
+
+ public static final String MANDATE_PROF_REP_DESC_OID = "1.2.40.0.10.2.1.1.261.88";
+ public static final String MANDATE_PROF_REP_DESC_NAME = URN_OID_PREFIX + MANDATE_PROF_REP_DESC_OID;
+ public static final String MANDATE_PROF_REP_DESC_FRIENDLY_NAME = "MANDATOR-PROF-REP-DESCRIPTION";
+ public static final int MANDATE_PROF_REP_DESC_MAX_LENGTH = 1024;
+
+ public static final String MANDATE_REFERENCE_VALUE_OID = "1.2.40.0.10.2.1.1.261.90";
+ public static final String MANDATE_REFERENCE_VALUE_NAME = URN_OID_PREFIX + MANDATE_REFERENCE_VALUE_OID;
+ public static final String MANDATE_REFERENCE_VALUE_FRIENDLY_NAME = "MANDATE-REFERENCE-VALUE";
+ public static final int MANDATE_REFERENCE_VALUE_MAX_LENGTH = 100;
+
+ public static final String MANDATE_FULL_MANDATE_OID = "1.2.40.0.10.2.1.1.261.92";
+ public static final String MANDATE_FULL_MANDATE_NAME = URN_OID_PREFIX + MANDATE_FULL_MANDATE_OID;
+ public static final String MANDATE_FULL_MANDATE_FRIENDLY_NAME = "MANDATE-FULL-MANDATE";
+ public static final int MANDATE_FULL_MANDATE_MAX_LENGTH = 32767;
+
+ public static final String INVOICE_RECPT_ID_OID = "1.2.40.0.10.2.1.1.261.40";
+ public static final String INVOICE_RECPT_ID_NAME = URN_OID_PREFIX + INVOICE_RECPT_ID_OID;
+ public static final String INVOICE_RECPT_ID_FRIENDLY_NAME = "INVOICE-RECPT-ID";
+ public static final int INVOICE_RECPT_ID_MAX_LENGTH = 64;
+
+ public static final String COST_CENTER_ID_OID = "1.2.40.0.10.2.1.1.261.50";
+ public static final String COST_CENTER_ID_NAME = URN_OID_PREFIX + COST_CENTER_ID_OID;
+ public static final String COST_CENTER_ID_FRIENDLY_NAME = "COST-CENTER-ID";
+ public static final int COST_CENTER_ID_MAX_LENGTH = 32767;
+
+ public static final String CHARGE_CODE_OID = "1.2.40.0.10.2.1.1.261.60";
+ public static final String CHARGE_CODE_NAME = URN_OID_PREFIX + CHARGE_CODE_OID;
+ public static final String CHARGE_CODE_FRIENDLY_NAME = "CHARGE-CODE";
+ public static final int CHARGE_CODE_MAX_LENGTH = 32767;
+}
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/PVPProcessor.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/PVPProcessor.java
new file mode 100644
index 000000000..d7079ba5c
--- /dev/null
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/PVPProcessor.java
@@ -0,0 +1,12 @@
+package at.gv.egovernment.moa.id.protocols.pvp2x;
+
+import at.gv.egovernment.moa.id.auth.servlet.AuthServlet;
+
+public class PVPProcessor extends AuthServlet {
+
+ /**
+ *
+ */
+ private static final long serialVersionUID = 4102075202310068260L;
+
+}
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/PVPTargetConfiguration.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/PVPTargetConfiguration.java
new file mode 100644
index 000000000..d842d5fe0
--- /dev/null
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/PVPTargetConfiguration.java
@@ -0,0 +1,36 @@
+package at.gv.egovernment.moa.id.protocols.pvp2x;
+
+import at.gv.egovernment.moa.id.moduls.RequestImpl;
+import at.gv.egovernment.moa.id.protocols.pvp2x.binding.MOARequest;
+
+public class PVPTargetConfiguration extends RequestImpl {
+ MOARequest request;
+ String binding;
+ String consumerURL;
+
+ public MOARequest getRequest() {
+ return request;
+ }
+
+ public void setRequest(MOARequest request) {
+ this.request = request;
+ }
+
+ public String getBinding() {
+ return binding;
+ }
+
+ public void setBinding(String binding) {
+ this.binding = binding;
+ }
+
+ public String getConsumerURL() {
+ return consumerURL;
+ }
+
+ public void setConsumerURL(String consumerURL) {
+ this.consumerURL = consumerURL;
+ }
+
+
+}
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/binding/ArtifactBinding.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/binding/ArtifactBinding.java
new file mode 100644
index 000000000..1d51d91f1
--- /dev/null
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/binding/ArtifactBinding.java
@@ -0,0 +1,98 @@
+package at.gv.egovernment.moa.id.protocols.pvp2x.binding;
+
+import javax.servlet.http.HttpServletRequest;
+import javax.servlet.http.HttpServletResponse;
+
+import org.apache.velocity.app.VelocityEngine;
+import org.apache.velocity.runtime.RuntimeConstants;
+import org.opensaml.common.SAMLObject;
+import org.opensaml.common.binding.BasicSAMLMessageContext;
+import org.opensaml.common.xml.SAMLConstants;
+import org.opensaml.saml2.binding.encoding.HTTPArtifactEncoder;
+import org.opensaml.saml2.core.RequestAbstractType;
+import org.opensaml.saml2.core.StatusResponseType;
+import org.opensaml.saml2.metadata.SingleSignOnService;
+import org.opensaml.saml2.metadata.impl.SingleSignOnServiceBuilder;
+import org.opensaml.ws.message.decoder.MessageDecodingException;
+import org.opensaml.ws.message.encoder.MessageEncodingException;
+import org.opensaml.ws.transport.http.HttpServletResponseAdapter;
+import org.opensaml.xml.security.SecurityException;
+import org.opensaml.xml.security.credential.Credential;
+import org.opensaml.xml.signature.Signature;
+
+import at.gv.egovernment.moa.id.protocols.pvp2x.PVPAssertionStorage;
+import at.gv.egovernment.moa.id.protocols.pvp2x.signer.CredentialProvider;
+import at.gv.egovernment.moa.id.protocols.pvp2x.signer.CredentialsNotAvailableException;
+
+public class ArtifactBinding implements IDecoder, IEncoder {
+
+ public void encodeRequest(HttpServletRequest req, HttpServletResponse resp,
+ RequestAbstractType request, String targetLocation)
+ throws MessageEncodingException, SecurityException {
+ // TODO Auto-generated method stub
+
+ }
+
+ public void encodeRespone(HttpServletRequest req, HttpServletResponse resp,
+ StatusResponseType response, String targetLocation)
+ throws MessageEncodingException, SecurityException {
+ try {
+ Credential credentials = CredentialProvider
+ .getIDPSigningCredential();
+
+ Signature signer = CredentialProvider.getIDPSignature(credentials);
+ response.setSignature(signer);
+
+ VelocityEngine engine = new VelocityEngine();
+ engine.setProperty(RuntimeConstants.ENCODING_DEFAULT, "UTF-8");
+ engine.setProperty(RuntimeConstants.OUTPUT_ENCODING, "UTF-8");
+ engine.setProperty(RuntimeConstants.ENCODING_DEFAULT, "UTF-8");
+ engine.setProperty(RuntimeConstants.RESOURCE_LOADER, "classpath");
+ engine.setProperty("classpath.resource.loader.class",
+ "org.apache.velocity.runtime.resource.loader.ClasspathResourceLoader");
+ engine.init();
+
+ HTTPArtifactEncoder encoder = new HTTPArtifactEncoder(engine,
+ "resources/templates/pvp_postbinding_template.html",
+ PVPAssertionStorage.getInstance());
+
+ encoder.setPostEncoding(false);
+ HttpServletResponseAdapter responseAdapter = new HttpServletResponseAdapter(
+ resp, true);
+ BasicSAMLMessageContext<SAMLObject, SAMLObject, SAMLObject> context = new BasicSAMLMessageContext<SAMLObject, SAMLObject, SAMLObject>();
+ SingleSignOnService service = new SingleSignOnServiceBuilder()
+ .buildObject();
+ service.setBinding(SAMLConstants.SAML2_ARTIFACT_BINDING_URI);
+ service.setLocation(targetLocation);
+ context.setOutboundSAMLMessageSigningCredential(credentials);
+ context.setPeerEntityEndpoint(service);
+ context.setOutboundSAMLMessage(response);
+ context.setOutboundMessageTransport(responseAdapter);
+
+ encoder.encode(context);
+ } catch (CredentialsNotAvailableException e) {
+ e.printStackTrace();
+ throw new SecurityException(e);
+ }
+ }
+
+ public MOARequest decodeRequest(HttpServletRequest req,
+ HttpServletResponse resp) throws MessageDecodingException,
+ SecurityException {
+ // TODO Auto-generated method stub
+ return null;
+ }
+
+ public MOAResponse decodeRespone(HttpServletRequest req,
+ HttpServletResponse resp) throws MessageDecodingException,
+ SecurityException {
+ // TODO Auto-generated method stub
+ return null;
+ }
+
+ public boolean handleDecode(String action, HttpServletRequest req) {
+ // TODO Auto-generated method stub
+ return false;
+ }
+
+}
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/binding/IDecoder.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/binding/IDecoder.java
new file mode 100644
index 000000000..0f82d9a3f
--- /dev/null
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/binding/IDecoder.java
@@ -0,0 +1,21 @@
+package at.gv.egovernment.moa.id.protocols.pvp2x.binding;
+
+import javax.servlet.http.HttpServletRequest;
+import javax.servlet.http.HttpServletResponse;
+
+import org.opensaml.ws.message.decoder.MessageDecodingException;
+import org.opensaml.xml.security.SecurityException;
+
+import at.gv.egovernment.moa.id.protocols.pvp2x.exceptions.PVP2Exception;
+
+public interface IDecoder {
+ public MOARequest decodeRequest(HttpServletRequest req,
+ HttpServletResponse resp)
+ throws MessageDecodingException, SecurityException, PVP2Exception;
+
+ public MOAResponse decodeRespone(HttpServletRequest req,
+ HttpServletResponse resp)
+ throws MessageDecodingException, SecurityException, PVP2Exception;
+
+ public boolean handleDecode(String action, HttpServletRequest req);
+}
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/binding/IEncoder.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/binding/IEncoder.java
new file mode 100644
index 000000000..66526534d
--- /dev/null
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/binding/IEncoder.java
@@ -0,0 +1,30 @@
+package at.gv.egovernment.moa.id.protocols.pvp2x.binding;
+
+import javax.servlet.http.HttpServletRequest;
+import javax.servlet.http.HttpServletResponse;
+
+import org.opensaml.saml2.core.RequestAbstractType;
+import org.opensaml.saml2.core.StatusResponseType;
+import org.opensaml.ws.message.encoder.MessageEncodingException;
+import org.opensaml.xml.security.SecurityException;
+
+import at.gv.egovernment.moa.id.protocols.pvp2x.exceptions.PVP2Exception;
+
+public interface IEncoder {
+ public void encodeRequest(HttpServletRequest req,
+ HttpServletResponse resp, RequestAbstractType request, String targetLocation)
+ throws MessageEncodingException, SecurityException, PVP2Exception;
+
+ /**
+ * Encoder SAML Response
+ * @param req The http request
+ * @param resp The http response
+ * @param response The repsonse object
+ * @param targetLocation
+ * @throws MessageEncodingException
+ * @throws SecurityException
+ */
+ public void encodeRespone(HttpServletRequest req,
+ HttpServletResponse resp, StatusResponseType response, String targetLocation)
+ throws MessageEncodingException, SecurityException, PVP2Exception;
+}
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/binding/MOARequest.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/binding/MOARequest.java
new file mode 100644
index 000000000..946f62066
--- /dev/null
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/binding/MOARequest.java
@@ -0,0 +1,40 @@
+package at.gv.egovernment.moa.id.protocols.pvp2x.binding;
+
+import org.opensaml.saml2.core.RequestAbstractType;
+import org.opensaml.saml2.metadata.EntityDescriptor;
+
+public class MOARequest {
+ private RequestAbstractType samlRequest;
+ private EntityDescriptor entityMetadata;
+ private boolean verified = false;
+
+ public MOARequest(RequestAbstractType request) {
+ samlRequest = request;
+ }
+
+ public RequestAbstractType getSamlRequest() {
+ return samlRequest;
+ }
+
+ public void setSamlRequest(RequestAbstractType request) {
+ this.samlRequest = request;
+ }
+
+ public boolean isVerified() {
+ return verified;
+ }
+
+ public void setVerified(boolean verified) {
+ this.verified = verified;
+ }
+
+ public EntityDescriptor getEntityMetadata() {
+ return entityMetadata;
+ }
+
+ public void setEntityMetadata(EntityDescriptor entityMetadata) {
+ this.entityMetadata = entityMetadata;
+ }
+
+
+}
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/binding/MOAResponse.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/binding/MOAResponse.java
new file mode 100644
index 000000000..47f935b0c
--- /dev/null
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/binding/MOAResponse.java
@@ -0,0 +1,38 @@
+package at.gv.egovernment.moa.id.protocols.pvp2x.binding;
+
+import org.opensaml.saml2.core.Response;
+import org.opensaml.saml2.metadata.EntityDescriptor;
+
+public class MOAResponse {
+ private Response samlResponse;
+ private EntityDescriptor entityMetadata;
+ private boolean verified = false;
+
+ public MOAResponse(Response response) {
+ samlResponse = response;
+ }
+
+ public Response getSamlResponse() {
+ return samlResponse;
+ }
+
+ public void setSamlResponse(Response samlResponse) {
+ this.samlResponse = samlResponse;
+ }
+
+ public boolean isVerified() {
+ return verified;
+ }
+
+ public void setVerified(boolean verified) {
+ this.verified = verified;
+ }
+
+ public EntityDescriptor getEntityMetadata() {
+ return entityMetadata;
+ }
+
+ public void setEntityMetadata(EntityDescriptor entityMetadata) {
+ this.entityMetadata = entityMetadata;
+ }
+}
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/binding/MOAURICompare.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/binding/MOAURICompare.java
new file mode 100644
index 000000000..513939e5d
--- /dev/null
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/binding/MOAURICompare.java
@@ -0,0 +1,12 @@
+package at.gv.egovernment.moa.id.protocols.pvp2x.binding;
+
+import org.opensaml.common.binding.decoding.URIComparator;
+
+public class MOAURICompare implements URIComparator {
+
+ public boolean compare(String uri1, String uri2) {
+ // TODO: implement proper equalizer for rewritten URLS
+ return true;
+ }
+
+}
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/binding/PostBinding.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/binding/PostBinding.java
new file mode 100644
index 000000000..85861297c
--- /dev/null
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/binding/PostBinding.java
@@ -0,0 +1,139 @@
+package at.gv.egovernment.moa.id.protocols.pvp2x.binding;
+
+import javax.servlet.http.HttpServletRequest;
+import javax.servlet.http.HttpServletResponse;
+
+import org.apache.velocity.app.VelocityEngine;
+import org.apache.velocity.runtime.RuntimeConstants;
+import org.opensaml.common.SAMLObject;
+import org.opensaml.common.binding.BasicSAMLMessageContext;
+import org.opensaml.common.xml.SAMLConstants;
+import org.opensaml.saml2.binding.decoding.HTTPPostDecoder;
+import org.opensaml.saml2.binding.encoding.HTTPPostEncoder;
+import org.opensaml.saml2.core.RequestAbstractType;
+import org.opensaml.saml2.core.Response;
+import org.opensaml.saml2.core.StatusResponseType;
+import org.opensaml.saml2.metadata.SPSSODescriptor;
+import org.opensaml.saml2.metadata.SingleSignOnService;
+import org.opensaml.saml2.metadata.impl.SingleSignOnServiceBuilder;
+import org.opensaml.saml2.metadata.provider.MetadataProviderException;
+import org.opensaml.ws.message.decoder.MessageDecodingException;
+import org.opensaml.ws.message.encoder.MessageEncodingException;
+import org.opensaml.ws.transport.http.HttpServletRequestAdapter;
+import org.opensaml.ws.transport.http.HttpServletResponseAdapter;
+import org.opensaml.xml.parse.BasicParserPool;
+import org.opensaml.xml.security.SecurityException;
+import org.opensaml.xml.security.credential.Credential;
+
+import at.gv.egovernment.moa.id.auth.stork.VelocityProvider;
+import at.gv.egovernment.moa.id.protocols.pvp2x.metadata.MOAMetadataProvider;
+import at.gv.egovernment.moa.id.protocols.pvp2x.signer.CredentialProvider;
+import at.gv.egovernment.moa.id.protocols.pvp2x.signer.CredentialsNotAvailableException;
+import at.gv.egovernment.moa.logging.Logger;
+
+public class PostBinding implements IDecoder, IEncoder {
+
+ public void encodeRequest(HttpServletRequest req, HttpServletResponse resp,
+ RequestAbstractType request, String targetLocation)
+ throws MessageEncodingException, SecurityException {
+ // TODO Auto-generated method stub
+
+ }
+
+ public void encodeRespone(HttpServletRequest req, HttpServletResponse resp,
+ StatusResponseType response, String targetLocation)
+ throws MessageEncodingException, SecurityException {
+
+ try {
+ Credential credentials = CredentialProvider
+ .getIDPSigningCredential();
+
+ // VelocityEngine engine =
+ // VelocityProvider.getClassPathVelocityEngine();
+ VelocityEngine engine = new VelocityEngine();
+ engine.setProperty(RuntimeConstants.ENCODING_DEFAULT, "UTF-8");
+ engine.setProperty(RuntimeConstants.OUTPUT_ENCODING, "UTF-8");
+ engine.setProperty(RuntimeConstants.ENCODING_DEFAULT, "UTF-8");
+ engine.setProperty(RuntimeConstants.RESOURCE_LOADER, "classpath");
+ engine.setProperty("classpath.resource.loader.class",
+ "org.apache.velocity.runtime.resource.loader.ClasspathResourceLoader");
+ engine.setProperty(RuntimeConstants.RUNTIME_LOG_LOGSYSTEM_CLASS,
+ "org.apache.velocity.runtime.log.SimpleLog4JLogSystem");
+ engine.init();
+
+ HTTPPostEncoder encoder = new HTTPPostEncoder(engine,
+ "resources/templates/pvp_postbinding_template.html");
+ HttpServletResponseAdapter responseAdapter = new HttpServletResponseAdapter(
+ resp, true);
+ BasicSAMLMessageContext<SAMLObject, SAMLObject, SAMLObject> context = new BasicSAMLMessageContext<SAMLObject, SAMLObject, SAMLObject>();
+ SingleSignOnService service = new SingleSignOnServiceBuilder()
+ .buildObject();
+ service.setBinding(SAMLConstants.SAML2_POST_BINDING_URI);
+ service.setLocation(targetLocation);
+ context.setOutboundSAMLMessageSigningCredential(credentials);
+ context.setPeerEntityEndpoint(service);
+ // context.setOutboundMessage(authReq);
+ context.setOutboundSAMLMessage(response);
+ context.setOutboundMessageTransport(responseAdapter);
+
+ encoder.encode(context);
+ } catch (CredentialsNotAvailableException e) {
+ e.printStackTrace();
+ throw new SecurityException(e);
+ } catch (Exception e) {
+ e.printStackTrace();
+ throw new SecurityException(e);
+ }
+ }
+
+ public MOARequest decodeRequest(HttpServletRequest req,
+ HttpServletResponse resp) throws MessageDecodingException,
+ SecurityException {
+
+ HTTPPostDecoder decode = new HTTPPostDecoder(new BasicParserPool());
+ BasicSAMLMessageContext<RequestAbstractType, ?, ?> messageContext = new BasicSAMLMessageContext<RequestAbstractType, SAMLObject, SAMLObject>();
+ messageContext
+ .setInboundMessageTransport(new HttpServletRequestAdapter(req));
+ decode.setURIComparator(new MOAURICompare());
+ messageContext.setPeerEntityRole(SPSSODescriptor.DEFAULT_ELEMENT_NAME);
+
+ messageContext.setMetadataProvider(MOAMetadataProvider.getInstance());
+
+ decode.decode(messageContext);
+
+ RequestAbstractType inboundMessage = (RequestAbstractType) messageContext
+ .getInboundMessage();
+
+ MOARequest request = new MOARequest(inboundMessage);
+ request.setVerified(false);
+ request.setEntityMetadata(messageContext.getPeerEntityMetadata());
+ return request;
+
+ }
+
+ public MOAResponse decodeRespone(HttpServletRequest req,
+ HttpServletResponse resp) throws MessageDecodingException,
+ SecurityException {
+
+ HTTPPostDecoder decode = new HTTPPostDecoder(new BasicParserPool());
+ BasicSAMLMessageContext<Response, ?, ?> messageContext = new BasicSAMLMessageContext<Response, SAMLObject, SAMLObject>();
+ messageContext
+ .setInboundMessageTransport(new HttpServletRequestAdapter(req));
+
+ messageContext.setPeerEntityRole(SPSSODescriptor.DEFAULT_ELEMENT_NAME);
+
+ decode.decode(messageContext);
+
+ Response inboundMessage = (Response) messageContext.getInboundMessage();
+
+ MOAResponse moaResponse = new MOAResponse(inboundMessage);
+ moaResponse.setVerified(false);
+ moaResponse.setEntityMetadata(messageContext.getPeerEntityMetadata());
+ return moaResponse;
+
+ }
+
+ public boolean handleDecode(String action, HttpServletRequest req) {
+ return (req.getMethod().equals("POST"));
+ }
+}
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/binding/RedirectBinding.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/binding/RedirectBinding.java
new file mode 100644
index 000000000..86801dde5
--- /dev/null
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/binding/RedirectBinding.java
@@ -0,0 +1,148 @@
+package at.gv.egovernment.moa.id.protocols.pvp2x.binding;
+
+import javax.servlet.http.HttpServletRequest;
+import javax.servlet.http.HttpServletResponse;
+
+import org.opensaml.common.SAMLObject;
+import org.opensaml.common.binding.BasicSAMLMessageContext;
+import org.opensaml.common.xml.SAMLConstants;
+import org.opensaml.saml2.binding.decoding.HTTPRedirectDeflateDecoder;
+import org.opensaml.saml2.binding.encoding.HTTPRedirectDeflateEncoder;
+import org.opensaml.saml2.binding.security.SAML2HTTPRedirectDeflateSignatureRule;
+import org.opensaml.saml2.core.RequestAbstractType;
+import org.opensaml.saml2.core.Response;
+import org.opensaml.saml2.core.StatusResponseType;
+import org.opensaml.saml2.metadata.SPSSODescriptor;
+import org.opensaml.saml2.metadata.SingleSignOnService;
+import org.opensaml.saml2.metadata.impl.SingleSignOnServiceBuilder;
+import org.opensaml.saml2.metadata.provider.MetadataProviderException;
+import org.opensaml.ws.message.decoder.MessageDecodingException;
+import org.opensaml.ws.message.encoder.MessageEncodingException;
+import org.opensaml.ws.security.SecurityPolicyResolver;
+import org.opensaml.ws.security.provider.BasicSecurityPolicy;
+import org.opensaml.ws.security.provider.StaticSecurityPolicyResolver;
+import org.opensaml.ws.transport.http.HttpServletRequestAdapter;
+import org.opensaml.ws.transport.http.HttpServletResponseAdapter;
+import org.opensaml.xml.parse.BasicParserPool;
+import org.opensaml.xml.security.SecurityException;
+import org.opensaml.xml.security.credential.Credential;
+
+import at.gv.egovernment.moa.id.protocols.pvp2x.PVP2XProtocol;
+import at.gv.egovernment.moa.id.protocols.pvp2x.metadata.MOAMetadataProvider;
+import at.gv.egovernment.moa.id.protocols.pvp2x.signer.CredentialProvider;
+import at.gv.egovernment.moa.id.protocols.pvp2x.signer.CredentialsNotAvailableException;
+import at.gv.egovernment.moa.id.protocols.pvp2x.verification.TrustEngineFactory;
+import at.gv.egovernment.moa.logging.Logger;
+
+public class RedirectBinding implements IDecoder, IEncoder {
+
+ public void encodeRequest(HttpServletRequest req, HttpServletResponse resp,
+ RequestAbstractType request, String targetLocation)
+ throws MessageEncodingException, SecurityException {
+ // TODO: implement
+ }
+
+ public void encodeRespone(HttpServletRequest req, HttpServletResponse resp,
+ StatusResponseType response, String targetLocation)
+ throws MessageEncodingException, SecurityException {
+ try {
+ Credential credentials = CredentialProvider
+ .getIDPSigningCredential();
+
+ HTTPRedirectDeflateEncoder encoder = new HTTPRedirectDeflateEncoder();
+ HttpServletResponseAdapter responseAdapter = new HttpServletResponseAdapter(
+ resp, true);
+ BasicSAMLMessageContext<SAMLObject, SAMLObject, SAMLObject> context = new BasicSAMLMessageContext<SAMLObject, SAMLObject, SAMLObject>();
+ SingleSignOnService service = new SingleSignOnServiceBuilder()
+ .buildObject();
+ service.setBinding(SAMLConstants.SAML2_REDIRECT_BINDING_URI);
+ service.setLocation(targetLocation);
+ context.setOutboundSAMLMessageSigningCredential(credentials);
+ context.setPeerEntityEndpoint(service);
+ // context.setOutboundMessage(authReq);
+ context.setOutboundSAMLMessage(response);
+ context.setOutboundMessageTransport(responseAdapter);
+
+ encoder.encode(context);
+ } catch (CredentialsNotAvailableException e) {
+ e.printStackTrace();
+ throw new SecurityException(e);
+ }
+ }
+
+ public MOARequest decodeRequest(HttpServletRequest req,
+ HttpServletResponse resp) throws MessageDecodingException,
+ SecurityException {
+
+ HTTPRedirectDeflateDecoder decode = new HTTPRedirectDeflateDecoder(
+ new BasicParserPool());
+ decode.setURIComparator(new MOAURICompare());
+ BasicSAMLMessageContext<RequestAbstractType, ?, ?> messageContext = new BasicSAMLMessageContext<RequestAbstractType, SAMLObject, SAMLObject>();
+ messageContext
+ .setInboundMessageTransport(new HttpServletRequestAdapter(req));
+
+ messageContext.setMetadataProvider(MOAMetadataProvider.getInstance());
+
+ SAML2HTTPRedirectDeflateSignatureRule signatureRule = new SAML2HTTPRedirectDeflateSignatureRule(
+ TrustEngineFactory.getSignatureKnownKeysTrustEngine());
+
+ BasicSecurityPolicy policy = new BasicSecurityPolicy();
+ policy.getPolicyRules().add(signatureRule);
+ SecurityPolicyResolver resolver = new StaticSecurityPolicyResolver(
+ policy);
+ messageContext.setPeerEntityRole(SPSSODescriptor.DEFAULT_ELEMENT_NAME);
+ messageContext.setSecurityPolicyResolver(resolver);
+
+ decode.decode(messageContext);
+
+ signatureRule.evaluate(messageContext);
+
+ RequestAbstractType inboundMessage = (RequestAbstractType) messageContext
+ .getInboundMessage();
+ MOARequest request = new MOARequest(inboundMessage);
+ request.setVerified(true);
+ request.setEntityMetadata(messageContext.getPeerEntityMetadata());
+ return request;
+ }
+
+ public MOAResponse decodeRespone(HttpServletRequest req,
+ HttpServletResponse resp) throws MessageDecodingException,
+ SecurityException {
+
+ HTTPRedirectDeflateDecoder decode = new HTTPRedirectDeflateDecoder(
+ new BasicParserPool());
+ BasicSAMLMessageContext<Response, ?, ?> messageContext = new BasicSAMLMessageContext<Response, SAMLObject, SAMLObject>();
+ messageContext
+ .setInboundMessageTransport(new HttpServletRequestAdapter(req));
+
+ SAML2HTTPRedirectDeflateSignatureRule signatureRule = new SAML2HTTPRedirectDeflateSignatureRule(
+ TrustEngineFactory.getSignatureKnownKeysTrustEngine());
+
+ // signatureRule.evaluate(messageContext);
+ BasicSecurityPolicy policy = new BasicSecurityPolicy();
+ policy.getPolicyRules().add(signatureRule);
+ SecurityPolicyResolver resolver = new StaticSecurityPolicyResolver(
+ policy);
+ messageContext.setPeerEntityRole(SPSSODescriptor.DEFAULT_ELEMENT_NAME);
+ messageContext.setSecurityPolicyResolver(resolver);
+ MOAMetadataProvider provider = null;
+
+ provider = MOAMetadataProvider.getInstance();
+
+ messageContext.setMetadataProvider(provider);
+
+ decode.decode(messageContext);
+
+ Response inboundMessage = (Response) messageContext.getInboundMessage();
+
+ MOAResponse moaResponse = new MOAResponse(inboundMessage);
+ moaResponse.setVerified(true);
+ moaResponse.setEntityMetadata(messageContext.getPeerEntityMetadata());
+ return moaResponse;
+ }
+
+ public boolean handleDecode(String action, HttpServletRequest req) {
+ return (action.equals(PVP2XProtocol.REDIRECT) && req.getMethod()
+ .equals("GET"));
+ }
+}
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/binding/SoapBinding.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/binding/SoapBinding.java
new file mode 100644
index 000000000..04ec3eaee
--- /dev/null
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/binding/SoapBinding.java
@@ -0,0 +1,87 @@
+package at.gv.egovernment.moa.id.protocols.pvp2x.binding;
+
+import javax.servlet.http.HttpServletRequest;
+import javax.servlet.http.HttpServletResponse;
+
+import org.opensaml.common.SAMLObject;
+import org.opensaml.common.binding.BasicSAMLMessageContext;
+import org.opensaml.common.xml.SAMLConstants;
+import org.opensaml.saml2.binding.encoding.HTTPSOAP11Encoder;
+import org.opensaml.saml2.core.RequestAbstractType;
+import org.opensaml.saml2.core.StatusResponseType;
+import org.opensaml.saml2.metadata.SingleSignOnService;
+import org.opensaml.saml2.metadata.impl.SingleSignOnServiceBuilder;
+import org.opensaml.ws.message.decoder.MessageDecodingException;
+import org.opensaml.ws.message.encoder.MessageEncodingException;
+import org.opensaml.ws.soap.soap11.decoder.http.HTTPSOAP11Decoder;
+import org.opensaml.ws.transport.http.HttpServletRequestAdapter;
+import org.opensaml.ws.transport.http.HttpServletResponseAdapter;
+import org.opensaml.xml.security.SecurityException;
+import org.opensaml.xml.security.credential.Credential;
+
+import at.gv.egovernment.moa.id.protocols.pvp2x.PVP2XProtocol;
+import at.gv.egovernment.moa.id.protocols.pvp2x.exceptions.BindingNotSupportedException;
+import at.gv.egovernment.moa.id.protocols.pvp2x.exceptions.PVP2Exception;
+import at.gv.egovernment.moa.id.protocols.pvp2x.signer.CredentialProvider;
+import at.gv.egovernment.moa.id.protocols.pvp2x.signer.CredentialsNotAvailableException;
+
+public class SoapBinding implements IDecoder, IEncoder {
+
+ public MOARequest decodeRequest(HttpServletRequest req,
+ HttpServletResponse resp) throws MessageDecodingException,
+ SecurityException, PVP2Exception {
+ HTTPSOAP11Decoder soapDecoder = new HTTPSOAP11Decoder();
+ BasicSAMLMessageContext<RequestAbstractType, ?, ?> messageContext =
+ new BasicSAMLMessageContext<RequestAbstractType, SAMLObject, SAMLObject>();
+ messageContext
+ .setInboundMessageTransport(new HttpServletRequestAdapter(
+ req));
+ soapDecoder.decode(messageContext);
+
+ RequestAbstractType inboundMessage = (RequestAbstractType) messageContext
+ .getInboundMessage();
+
+ MOARequest request = new MOARequest(inboundMessage);
+
+ return request;
+ }
+
+ public MOAResponse decodeRespone(HttpServletRequest req,
+ HttpServletResponse resp) throws MessageDecodingException,
+ SecurityException, PVP2Exception {
+ throw new BindingNotSupportedException(SAMLConstants.SAML2_SOAP11_BINDING_URI + " response");
+ }
+
+ public boolean handleDecode(String action, HttpServletRequest req) {
+ return (action.equals(PVP2XProtocol.SOAP));
+ }
+
+ public void encodeRequest(HttpServletRequest req, HttpServletResponse resp,
+ RequestAbstractType request, String targetLocation)
+ throws MessageEncodingException, SecurityException, PVP2Exception {
+
+ }
+
+ public void encodeRespone(HttpServletRequest req, HttpServletResponse resp,
+ StatusResponseType response, String targetLocation)
+ throws MessageEncodingException, SecurityException, PVP2Exception {
+ try {
+ Credential credentials = CredentialProvider
+ .getIDPSigningCredential();
+
+ HTTPSOAP11Encoder encoder = new HTTPSOAP11Encoder();
+ HttpServletResponseAdapter responseAdapter = new HttpServletResponseAdapter(
+ resp, true);
+ BasicSAMLMessageContext<SAMLObject, SAMLObject, SAMLObject> context = new BasicSAMLMessageContext<SAMLObject, SAMLObject, SAMLObject>();
+ context.setOutboundSAMLMessageSigningCredential(credentials);
+ context.setOutboundSAMLMessage(response);
+ context.setOutboundMessageTransport(responseAdapter);
+
+ encoder.encode(context);
+ } catch (CredentialsNotAvailableException e) {
+ e.printStackTrace();
+ throw new SecurityException(e);
+ }
+ }
+
+}
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/CitizenTokenBuilder.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/CitizenTokenBuilder.java
new file mode 100644
index 000000000..ab880bb9e
--- /dev/null
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/CitizenTokenBuilder.java
@@ -0,0 +1,158 @@
+package at.gv.egovernment.moa.id.protocols.pvp2x.builder;
+
+import org.opensaml.saml2.core.Attribute;
+import org.opensaml.saml2.core.AttributeStatement;
+import org.opensaml.saml2.core.AttributeValue;
+import org.opensaml.xml.Configuration;
+import org.opensaml.xml.XMLObject;
+import org.opensaml.xml.schema.XSInteger;
+import org.opensaml.xml.schema.XSString;
+import org.opensaml.xml.schema.impl.XSIntegerBuilder;
+import org.opensaml.xml.schema.impl.XSStringBuilder;
+
+import at.gv.egovernment.moa.id.BuildException;
+import at.gv.egovernment.moa.id.auth.AuthenticationServer;
+import at.gv.egovernment.moa.id.auth.data.AuthenticationSession;
+import at.gv.egovernment.moa.id.config.ConfigurationException;
+import at.gv.egovernment.moa.id.config.auth.AuthConfigurationProvider;
+import at.gv.egovernment.moa.id.config.auth.OAAuthParameter;
+import at.gv.egovernment.moa.id.data.AuthenticationData;
+import at.gv.egovernment.moa.id.protocols.pvp2x.binding.MOARequest;
+import at.gv.egovernment.moa.id.protocols.pvp2x.utils.SAML2Utils;
+
+public class CitizenTokenBuilder {
+
+ public static XMLObject buildAttributeStringValue(String value) {
+ XSStringBuilder stringBuilder = (XSStringBuilder) Configuration.getBuilderFactory().getBuilder(XSString.TYPE_NAME);
+ XSString stringValue = stringBuilder.buildObject(AttributeValue.DEFAULT_ELEMENT_NAME, XSString.TYPE_NAME);
+ stringValue.setValue(value);
+ return stringValue;
+ }
+
+ public static XMLObject buildAttributeIntegerValue(int value) {
+ XSIntegerBuilder integerBuilder = (XSIntegerBuilder) Configuration.getBuilderFactory().getBuilder(XSInteger.TYPE_NAME);
+ XSInteger integerValue = integerBuilder.buildObject(AttributeValue.DEFAULT_ELEMENT_NAME, XSInteger.TYPE_NAME);
+ integerValue.setValue(value);
+ return integerValue;
+ }
+
+ public static Attribute buildStringAttribute(String friendlyName,
+ String name, String value) {
+ Attribute attribute =
+ SAML2Utils.createSAMLObject(Attribute.class);
+ attribute.setFriendlyName(friendlyName);
+ attribute.setName(name);
+ attribute.getAttributeValues().add(buildAttributeStringValue(value));
+ return attribute;
+ }
+
+ public static Attribute buildIntegerAttribute(String friendlyName,
+ String name, int value) {
+ Attribute attribute =
+ SAML2Utils.createSAMLObject(Attribute.class);
+ attribute.setFriendlyName(friendlyName);
+ attribute.setName(name);
+ attribute.getAttributeValues().add(buildAttributeIntegerValue(value));
+ return attribute;
+ }
+
+ public static Attribute buildPVPVersion(String value) {
+ return buildStringAttribute("PVP-VERSION",
+ "urn:oid:1.2.40.0.10.2.1.1.261.10", value);
+ }
+
+ public static Attribute buildSecClass(int value) {
+ return buildIntegerAttribute("SECCLASS",
+ "", value);
+ }
+
+ public static Attribute buildPrincipalName(String value) {
+ return buildStringAttribute("PRINCIPAL-NAME",
+ "urn:oid:1.2.40.0.10.2.1.1.261.20", value);
+ }
+
+ public static Attribute buildGivenName(String value) {
+ return buildStringAttribute("GIVEN-NAME",
+ "urn:oid:2.5.4.42", value);
+ }
+
+ public static Attribute buildBirthday(String value) {
+ return buildStringAttribute("BIRTHDATE",
+ "urn:oid:1.2.40.0.10.2.1.1.55", value);
+ }
+
+ public static Attribute buildBPK(String value) {
+ return buildStringAttribute("BPK",
+ "urn:oid:1.2.40.0.10.2.1.1.149", value);
+ }
+
+ public static Attribute buildEID_CITIZEN_QAALEVEL(int value) {
+ return buildIntegerAttribute("EID-CITIZEN-QAA-LEVEL",
+ "urn:oid:1.2.40.0.10.2.1.1.261.94", value);
+ }
+
+ public static Attribute buildEID_ISSUING_NATION(String value) {
+ return buildStringAttribute("EID-ISSUING-NATION",
+ "urn:oid:1.2.40.0.10.2.1.1.261.32", value);
+ }
+
+ public static Attribute buildEID_SECTOR_FOR_IDENTIFIER(String value) {
+ return buildStringAttribute("EID-SECTOR-FOR-IDENTIFIER",
+ "urn:oid:1.2.40.0.10.2.1.1.261.34", value);
+ }
+
+
+// public static AttributeStatement buildCitizenToken(MOARequest obj,
+// AuthenticationSession authSession) {
+// AttributeStatement statement =
+// SAML2Utils.createSAMLObject(AttributeStatement.class);
+//
+// //TL: AuthData generation is moved out from VerifyAuthBlockServlet
+// try {
+//
+// //TODO: LOAD oaParam from request and not from MOASession in case of SSO
+// OAAuthParameter oaParam = AuthConfigurationProvider.getInstance()
+// .getOnlineApplicationParameter(authSession.getPublicOAURLPrefix());
+//
+// AuthenticationData authData = AuthenticationServer.buildAuthenticationData(authSession,
+// oaParam,
+// authSession.getTarget());
+//
+// Attribute pvpVersion = buildPVPVersion("2.1");
+// Attribute secClass = buildSecClass(3);
+// Attribute principalName = buildPrincipalName(authData.getFamilyName());
+// Attribute givenName = buildGivenName(authData.getGivenName());
+// Attribute birthdate = buildBirthday(authData.getDateOfBirth());
+//
+// //TL: getIdentificationValue holds the baseID --> change to pBK
+// Attribute bpk = buildBPK(authData.getBPK());
+//
+// Attribute eid_citizen_qaa = buildEID_CITIZEN_QAALEVEL(3);
+// Attribute eid_issuing_nation = buildEID_ISSUING_NATION("AT");
+// Attribute eid_sector_for_id = buildEID_SECTOR_FOR_IDENTIFIER(authData.getIdentificationType());
+//
+// statement.getAttributes().add(pvpVersion);
+// statement.getAttributes().add(secClass);
+// statement.getAttributes().add(principalName);
+// statement.getAttributes().add(givenName);
+// statement.getAttributes().add(birthdate);
+// statement.getAttributes().add(bpk);
+// statement.getAttributes().add(eid_citizen_qaa);
+// statement.getAttributes().add(eid_issuing_nation);
+// statement.getAttributes().add(eid_sector_for_id);
+//
+// return statement;
+//
+// } catch (ConfigurationException e) {
+//
+// // TODO: check Exception Handling
+// return null;
+// } catch (BuildException e) {
+//
+// // TODO: check Exception Handling
+// return null;
+// }
+//
+//
+// }
+}
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/PVPAttributeBuilder.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/PVPAttributeBuilder.java
new file mode 100644
index 000000000..60e510de2
--- /dev/null
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/PVPAttributeBuilder.java
@@ -0,0 +1,98 @@
+package at.gv.egovernment.moa.id.protocols.pvp2x.builder;
+
+import java.util.ArrayList;
+import java.util.HashMap;
+import java.util.Iterator;
+import java.util.List;
+
+import org.opensaml.saml2.core.Attribute;
+
+import at.gv.egovernment.moa.id.auth.data.AuthenticationSession;
+import at.gv.egovernment.moa.id.config.auth.OAAuthParameter;
+import at.gv.egovernment.moa.id.data.AuthenticationData;
+import at.gv.egovernment.moa.id.protocols.pvp2x.builder.attributes.BPKAttributeBuilder;
+import at.gv.egovernment.moa.id.protocols.pvp2x.builder.attributes.BirthdateAttributeBuilder;
+import at.gv.egovernment.moa.id.protocols.pvp2x.builder.attributes.EIDCitizenQAALevelAttributeBuilder;
+import at.gv.egovernment.moa.id.protocols.pvp2x.builder.attributes.EIDIssuingNationAttributeBuilder;
+import at.gv.egovernment.moa.id.protocols.pvp2x.builder.attributes.EIDSectorForIDAttributeBuilder;
+import at.gv.egovernment.moa.id.protocols.pvp2x.builder.attributes.GivenNameAttributeBuilder;
+import at.gv.egovernment.moa.id.protocols.pvp2x.builder.attributes.IAttributeBuilder;
+import at.gv.egovernment.moa.id.protocols.pvp2x.builder.attributes.MandateFullMandateAttributeBuilder;
+import at.gv.egovernment.moa.id.protocols.pvp2x.builder.attributes.MandateLegalPersonFullNameAttributeBuilder;
+import at.gv.egovernment.moa.id.protocols.pvp2x.builder.attributes.MandateLegalPersonSourcePinAttributeBuilder;
+import at.gv.egovernment.moa.id.protocols.pvp2x.builder.attributes.MandateLegalPersonSourcePinTypeAttributeBuilder;
+import at.gv.egovernment.moa.id.protocols.pvp2x.builder.attributes.MandateNaturalPersonBPKAttributeBuilder;
+import at.gv.egovernment.moa.id.protocols.pvp2x.builder.attributes.MandateNaturalPersonBirthDateAttributeBuilder;
+import at.gv.egovernment.moa.id.protocols.pvp2x.builder.attributes.MandateNaturalPersonFamilyNameAttributeBuilder;
+import at.gv.egovernment.moa.id.protocols.pvp2x.builder.attributes.MandateNaturalPersonGivenNameAttributeBuilder;
+import at.gv.egovernment.moa.id.protocols.pvp2x.builder.attributes.MandateNaturalPersonSourcePinAttributeBuilder;
+import at.gv.egovernment.moa.id.protocols.pvp2x.builder.attributes.MandateNaturalPersonSourcePinTypeAttributeBuilder;
+import at.gv.egovernment.moa.id.protocols.pvp2x.builder.attributes.MandateProfRepDescAttributeBuilder;
+import at.gv.egovernment.moa.id.protocols.pvp2x.builder.attributes.MandateProfRepOIDAttributeBuilder;
+import at.gv.egovernment.moa.id.protocols.pvp2x.builder.attributes.MandateReferenceValueAttributeBuilder;
+import at.gv.egovernment.moa.id.protocols.pvp2x.builder.attributes.MandateTypeAttributeBuilder;
+import at.gv.egovernment.moa.id.protocols.pvp2x.builder.attributes.PVPVersionAttributeBuilder;
+import at.gv.egovernment.moa.id.protocols.pvp2x.builder.attributes.PrincipalNameAttributeBuilder;
+import at.gv.egovernment.moa.id.protocols.pvp2x.exceptions.PVP2Exception;
+
+public class PVPAttributeBuilder {
+
+ private static HashMap<String, IAttributeBuilder> builders;
+
+ private static void addBuilder(IAttributeBuilder builder) {
+ builders.put(builder.getName(), builder);
+ }
+
+ static {
+ builders = new HashMap<String, IAttributeBuilder>();
+ // Citizen Token normal
+ addBuilder(new PVPVersionAttributeBuilder());
+ addBuilder(new PrincipalNameAttributeBuilder());
+ addBuilder(new GivenNameAttributeBuilder());
+ addBuilder(new BirthdateAttributeBuilder());
+ addBuilder(new BPKAttributeBuilder());
+ addBuilder(new EIDCitizenQAALevelAttributeBuilder());
+ addBuilder(new EIDIssuingNationAttributeBuilder());
+ addBuilder(new EIDSectorForIDAttributeBuilder());
+
+ // Mandate Attributes
+ addBuilder(new MandateTypeAttributeBuilder());
+ addBuilder(new MandateLegalPersonFullNameAttributeBuilder());
+ addBuilder(new MandateLegalPersonSourcePinAttributeBuilder());
+ addBuilder(new MandateLegalPersonSourcePinTypeAttributeBuilder());
+ addBuilder(new MandateNaturalPersonBirthDateAttributeBuilder());
+ addBuilder(new MandateNaturalPersonBPKAttributeBuilder());
+ addBuilder(new MandateNaturalPersonFamilyNameAttributeBuilder());
+ addBuilder(new MandateNaturalPersonGivenNameAttributeBuilder());
+ addBuilder(new MandateNaturalPersonSourcePinAttributeBuilder());
+ addBuilder(new MandateNaturalPersonSourcePinTypeAttributeBuilder());
+ addBuilder(new MandateTypeAttributeBuilder());
+ addBuilder(new MandateProfRepOIDAttributeBuilder());
+ addBuilder(new MandateProfRepDescAttributeBuilder());
+ addBuilder(new MandateReferenceValueAttributeBuilder());
+ addBuilder(new MandateFullMandateAttributeBuilder());
+ }
+
+ public static Attribute buildAttribute(String name,
+ AuthenticationSession authSession,
+ OAAuthParameter oaParam, AuthenticationData authData) throws PVP2Exception {
+ if (builders.containsKey(name)) {
+ return builders.get(name).build(authSession, oaParam, authData);
+ }
+ return null;
+ }
+
+ public static List<Attribute> buildSupportedEmptyAttributes() {
+ List<Attribute> attributes = new ArrayList<Attribute>();
+ Iterator<IAttributeBuilder> builderIt = builders.values().iterator();
+ while (builderIt.hasNext()) {
+ IAttributeBuilder builder = builderIt.next();
+ Attribute emptyAttribute = builder.buildEmpty();
+ if (emptyAttribute != null) {
+ attributes.add(emptyAttribute);
+ }
+ }
+ return attributes;
+ }
+
+}
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/assertion/PVP2AssertionBuilder.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/assertion/PVP2AssertionBuilder.java
new file mode 100644
index 000000000..17fc52a8c
--- /dev/null
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/assertion/PVP2AssertionBuilder.java
@@ -0,0 +1,325 @@
+package at.gv.egovernment.moa.id.protocols.pvp2x.builder.assertion;
+
+import java.util.Iterator;
+import java.util.List;
+
+import org.joda.time.DateTime;
+import org.opensaml.common.xml.SAMLConstants;
+import org.opensaml.saml2.core.Assertion;
+import org.opensaml.saml2.core.Attribute;
+import org.opensaml.saml2.core.AttributeStatement;
+import org.opensaml.saml2.core.Audience;
+import org.opensaml.saml2.core.AudienceRestriction;
+import org.opensaml.saml2.core.AuthnContext;
+import org.opensaml.saml2.core.AuthnContextClassRef;
+import org.opensaml.saml2.core.AuthnRequest;
+import org.opensaml.saml2.core.AuthnStatement;
+import org.opensaml.saml2.core.Conditions;
+import org.opensaml.saml2.core.Issuer;
+import org.opensaml.saml2.core.NameID;
+import org.opensaml.saml2.core.RequestedAuthnContext;
+import org.opensaml.saml2.core.Subject;
+import org.opensaml.saml2.core.SubjectConfirmation;
+import org.opensaml.saml2.core.SubjectConfirmationData;
+import org.opensaml.saml2.metadata.AttributeConsumingService;
+import org.opensaml.saml2.metadata.EntityDescriptor;
+import org.opensaml.saml2.metadata.NameIDFormat;
+import org.opensaml.saml2.metadata.RequestedAttribute;
+import org.opensaml.saml2.metadata.SPSSODescriptor;
+import org.w3c.dom.Element;
+
+import at.gv.e_government.reference.namespace.mandates._20040701_.Mandate;
+import at.gv.e_government.reference.namespace.persondata._20020228_.CorporateBodyType;
+import at.gv.e_government.reference.namespace.persondata._20020228_.IdentificationType;
+import at.gv.e_government.reference.namespace.persondata._20020228_.PhysicalPersonType;
+import at.gv.egovernment.moa.id.MOAIDException;
+import at.gv.egovernment.moa.id.auth.AuthenticationServer;
+import at.gv.egovernment.moa.id.auth.builder.BPKBuilder;
+import at.gv.egovernment.moa.id.auth.data.AuthenticationSession;
+import at.gv.egovernment.moa.id.config.auth.AuthConfigurationProvider;
+import at.gv.egovernment.moa.id.config.auth.OAAuthParameter;
+import at.gv.egovernment.moa.id.data.AuthenticationData;
+import at.gv.egovernment.moa.id.protocols.pvp2x.PVPConstants;
+import at.gv.egovernment.moa.id.protocols.pvp2x.builder.PVPAttributeBuilder;
+import at.gv.egovernment.moa.id.protocols.pvp2x.config.PVPConfiguration;
+import at.gv.egovernment.moa.id.protocols.pvp2x.exceptions.NameIDFormatNotSupportedException;
+import at.gv.egovernment.moa.id.protocols.pvp2x.exceptions.NoAuthContextException;
+import at.gv.egovernment.moa.id.protocols.pvp2x.exceptions.NoMandateDataAvailableException;
+import at.gv.egovernment.moa.id.protocols.pvp2x.exceptions.PVP2Exception;
+import at.gv.egovernment.moa.id.protocols.pvp2x.exceptions.QAANotSupportedException;
+import at.gv.egovernment.moa.id.protocols.pvp2x.exceptions.UnprovideableAttributeException;
+import at.gv.egovernment.moa.id.protocols.pvp2x.utils.SAML2Utils;
+import at.gv.egovernment.moa.id.util.MandateBuilder;
+import at.gv.egovernment.moa.logging.Logger;
+import at.gv.egovernment.moa.util.Constants;
+
+public class PVP2AssertionBuilder implements PVPConstants {
+ public static Assertion buildAssertion(AuthnRequest authnRequest,
+ AuthenticationSession authSession, EntityDescriptor peerEntity)
+ throws MOAIDException {
+ Assertion assertion = SAML2Utils.createSAMLObject(Assertion.class);
+
+ RequestedAuthnContext reqAuthnContext = authnRequest
+ .getRequestedAuthnContext();
+
+ if (reqAuthnContext == null) {
+ throw new NoAuthContextException();
+ }
+
+ boolean stork_qaa_1_4_found = false;
+
+ AuthnContextClassRef authnContextClassRef = SAML2Utils
+ .createSAMLObject(AuthnContextClassRef.class);
+
+ List<AuthnContextClassRef> reqAuthnContextClassRefIt = reqAuthnContext
+ .getAuthnContextClassRefs();
+
+ if (reqAuthnContextClassRefIt.size() == 0) {
+ stork_qaa_1_4_found = true;
+ authnContextClassRef.setAuthnContextClassRef(STORK_QAA_1_4);
+
+ } else {
+ for (AuthnContextClassRef authnClassRef : reqAuthnContextClassRefIt) {
+ String qaa_uri = authnClassRef.getAuthnContextClassRef();
+ if (qaa_uri.trim().equals(STORK_QAA_1_4)
+ || qaa_uri.trim().equals(STORK_QAA_1_3)
+ || qaa_uri.trim().equals(STORK_QAA_1_2)
+ || qaa_uri.trim().equals(STORK_QAA_1_1)) {
+
+ if (authSession.isForeigner()) {
+ //TODO: insert QAA check
+
+ stork_qaa_1_4_found = false;
+
+ } else {
+ stork_qaa_1_4_found = true;
+ authnContextClassRef.setAuthnContextClassRef(STORK_QAA_1_4);
+ }
+ break;
+ }
+ }
+ }
+
+ if (!stork_qaa_1_4_found) {
+ throw new QAANotSupportedException(STORK_QAA_1_4);
+ }
+
+// reqAuthnContextClassRefIt = reqAuthnContext.getAuthnContextClassRefs()
+// .iterator();
+//
+// StringBuilder authContextsb = new StringBuilder();
+//
+// while (reqAuthnContextClassRefIt.hasNext()) {
+// AuthnContextClassRef authnClassRef = reqAuthnContextClassRefIt
+// .next();
+// String[] qaa_uris = authnClassRef.getAuthnContextClassRef().split(
+// "\\s+");
+// for (int i = 0; i < qaa_uris.length; i++) {
+// if (qaa_uris[i].trim().equals(STORK_QAA_1_4)
+// || qaa_uris[i].trim().equals(STORK_QAA_1_3)
+// || qaa_uris[i].trim().equals(STORK_QAA_1_2)
+// || qaa_uris[i].trim().equals(STORK_QAA_1_1)) {
+// authContextsb.append(qaa_uris[i].trim());
+// authContextsb.append(" ");
+// }
+// }
+//
+// }
+
+ AuthnContext authnContext = SAML2Utils
+ .createSAMLObject(AuthnContext.class);
+ authnContext.setAuthnContextClassRef(authnContextClassRef);
+
+ AuthnStatement authnStatement = SAML2Utils
+ .createSAMLObject(AuthnStatement.class);
+ String remoteSessionID = SAML2Utils.getSecureIdentifier();
+ authnStatement.setAuthnInstant(new DateTime());
+ // currently dummy id ...
+ authnStatement.setSessionIndex(remoteSessionID);
+ authnStatement.setAuthnContext(authnContext);
+
+ assertion.getAuthnStatements().add(authnStatement);
+
+ SPSSODescriptor spSSODescriptor = peerEntity
+ .getSPSSODescriptor(SAMLConstants.SAML20P_NS);
+
+ Integer aIdx = authnRequest.getAttributeConsumingServiceIndex();
+ int idx = 0;
+
+ if (aIdx != null) {
+ idx = aIdx.intValue();
+ }
+
+ AttributeConsumingService attributeConsumingService = spSSODescriptor
+ .getAttributeConsumingServices().get(idx);
+
+ AttributeStatement attributeStatement = SAML2Utils
+ .createSAMLObject(AttributeStatement.class);
+
+ Subject subject = SAML2Utils.createSAMLObject(Subject.class);
+ NameID subjectNameID = SAML2Utils.createSAMLObject(NameID.class);
+ boolean foundFormat = false;
+
+ // TL: AuthData generation is moved to Assertion generation.
+
+ Iterator<NameIDFormat> formatIt = spSSODescriptor.getNameIDFormats()
+ .iterator();
+ while (formatIt.hasNext()) {
+ if (formatIt.next().getFormat().equals(NameID.PERSISTENT)) {
+ foundFormat = true;
+ break;
+ }
+ }
+ if (!foundFormat) {
+ // TODO use correct exception
+ throw new NameIDFormatNotSupportedException("");
+ }
+
+ // TODO: Check if we need to hide source pin
+ /*
+ * if(authSession.getUseMandate()) { Element mandate =
+ * authSession.getMandate(); if(authSession.getBusinessService()) { //
+ * Hide Source PIN! ParepUtils.HideStammZahlen(mandate, true, null,
+ * authSession.getDomainIdentifier(), true); } else {
+ * ParepUtils.HideStammZahlen(mandate, false, authSession.getTarget(),
+ * null, true); } }
+ */
+
+ // TODO: LOAD oaParam from request and not from MOASession in case of
+ // SSO
+ OAAuthParameter oaParam = AuthConfigurationProvider.getInstance()
+ .getOnlineApplicationParameter(
+ peerEntity.getEntityID());
+
+ AuthenticationData authData = AuthenticationServer
+ .buildAuthenticationData(authSession, oaParam,
+ oaParam.getTarget());
+
+ Iterator<RequestedAttribute> it = attributeConsumingService
+ .getRequestAttributes().iterator();
+ while (it.hasNext()) {
+ RequestedAttribute reqAttribut = it.next();
+ try {
+ Attribute attr = PVPAttributeBuilder.buildAttribute(
+ reqAttribut.getName(), authSession, oaParam, authData);
+ if (attr == null) {
+ if (reqAttribut.isRequired()) {
+ throw new UnprovideableAttributeException(
+ reqAttribut.getName());
+ }
+ } else {
+ attributeStatement.getAttributes().add(attr);
+ }
+ } catch (PVP2Exception e) {
+ Logger.error(
+ "Attribute generation failed! for "
+ + reqAttribut.getFriendlyName(), e);
+ if (reqAttribut.isRequired()) {
+ throw new UnprovideableAttributeException(
+ reqAttribut.getName());
+ }
+ }
+ }
+
+ if (attributeStatement.getAttributes().size() > 0) {
+ assertion.getAttributeStatements().add(attributeStatement);
+ }
+
+ subjectNameID.setFormat(NameID.PERSISTENT);
+
+ //TLenz: set correct bPK Type and Value from AuthData
+ if (authSession.getUseMandate()) {
+ Element mandate = authSession.getMandate();
+ if(mandate == null) {
+ throw new NoMandateDataAvailableException();
+ }
+ Mandate mandateObject = MandateBuilder.buildMandate(mandate);
+ if(mandateObject == null) {
+ throw new NoMandateDataAvailableException();
+ }
+ CorporateBodyType corporation = mandateObject.getMandator().getCorporateBody();
+ PhysicalPersonType pysicalperson = mandateObject.getMandator().getPhysicalPerson();
+
+ IdentificationType id;
+ if(corporation != null && corporation.getIdentification().size() > 0)
+ id = corporation.getIdentification().get(0);
+
+
+ else if (pysicalperson != null && pysicalperson.getIdentification().size() > 0)
+ id = pysicalperson.getIdentification().get(0);
+
+ else {
+ Logger.error("Failed to generate IdentificationType");
+ throw new NoMandateDataAvailableException();
+ }
+
+ String bpktype = id.getType();
+ String bpk = id.getValue().getValue();
+
+ if (bpktype.equals(Constants.URN_PREFIX_BASEID)) {
+ if (authSession.getBusinessService()) {
+ subjectNameID.setValue(new BPKBuilder().buildWBPK(bpk, oaParam.getIdentityLinkDomainIdentifier()));
+ if (oaParam.getIdentityLinkDomainIdentifier().startsWith(AuthenticationSession.REGISTERANDORDNR_PREFIX_))
+ subjectNameID.setNameQualifier(oaParam.getIdentityLinkDomainIdentifier());
+ else
+ subjectNameID.setNameQualifier(Constants.URN_PREFIX_WBPK + "+" + oaParam.getIdentityLinkDomainIdentifier());
+
+ } else {
+ subjectNameID.setValue(new BPKBuilder().buildBPK(bpk, oaParam.getTarget()));
+ if (oaParam.getTarget().startsWith(Constants.URN_PREFIX_CDID + "+"))
+ subjectNameID.setNameQualifier(oaParam.getTarget());
+ else
+ subjectNameID.setNameQualifier(Constants.URN_PREFIX_CDID + "+" + oaParam.getTarget());
+ }
+
+
+ } else {
+ subjectNameID.setNameQualifier(bpktype);
+ subjectNameID.setValue(bpk);
+ }
+
+ } else {
+ subjectNameID.setNameQualifier(authData.getBPKType());
+ subjectNameID.setValue(authData.getBPK());
+ }
+
+
+ subject.setNameID(subjectNameID);
+
+ SubjectConfirmation subjectConfirmation = SAML2Utils
+ .createSAMLObject(SubjectConfirmation.class);
+ subjectConfirmation.setMethod(SubjectConfirmation.METHOD_BEARER);
+ SubjectConfirmationData subjectConfirmationData = SAML2Utils
+ .createSAMLObject(SubjectConfirmationData.class);
+ subjectConfirmationData.setInResponseTo(authnRequest.getID());
+ subjectConfirmationData.setNotOnOrAfter(new DateTime().plusMinutes(20));
+ subjectConfirmationData.setRecipient(peerEntity.getEntityID());
+
+ subjectConfirmation.setSubjectConfirmationData(subjectConfirmationData);
+
+ subject.getSubjectConfirmations().add(subjectConfirmation);
+
+ Conditions conditions = SAML2Utils.createSAMLObject(Conditions.class);
+ AudienceRestriction audienceRestriction = SAML2Utils
+ .createSAMLObject(AudienceRestriction.class);
+ Audience audience = SAML2Utils.createSAMLObject(Audience.class);
+
+ audience.setAudienceURI(peerEntity.getEntityID());
+ audienceRestriction.getAudiences().add(audience);
+ conditions.setNotBefore(new DateTime());
+ conditions.setNotOnOrAfter(new DateTime().plusMinutes(20));
+ conditions.getAudienceRestrictions().add(audienceRestriction);
+
+ assertion.setConditions(conditions);
+
+ Issuer issuer = SAML2Utils.createSAMLObject(Issuer.class);
+ issuer.setValue(PVPConfiguration.getInstance().getIDPIssuerName());
+ issuer.setFormat(NameID.ENTITY);
+ assertion.setIssuer(issuer);
+ assertion.setSubject(subject);
+ assertion.setID(SAML2Utils.getSecureIdentifier());
+ assertion.setIssueInstant(new DateTime());
+
+ return assertion;
+ }
+}
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/attributes/BPKAttributeBuilder.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/attributes/BPKAttributeBuilder.java
new file mode 100644
index 000000000..4fb76c377
--- /dev/null
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/attributes/BPKAttributeBuilder.java
@@ -0,0 +1,37 @@
+package at.gv.egovernment.moa.id.protocols.pvp2x.builder.attributes;
+
+import org.opensaml.saml2.core.Attribute;
+
+import at.gv.egovernment.moa.id.auth.data.AuthenticationSession;
+import at.gv.egovernment.moa.id.config.auth.OAAuthParameter;
+import at.gv.egovernment.moa.id.data.AuthenticationData;
+import at.gv.egovernment.moa.util.Constants;
+
+public class BPKAttributeBuilder extends BaseAttributeBuilder {
+
+ public String getName() {
+ return BPK_NAME;
+ }
+
+ public Attribute build(AuthenticationSession authSession,
+ OAAuthParameter oaParam, AuthenticationData authData) {
+ String bpk = authData.getBPK();
+ String type = authData.getBPKType();
+
+ if (type.startsWith(Constants.URN_PREFIX_WBPK))
+ type = type.substring((Constants.URN_PREFIX_WBPK+"+").length());
+ else if (type.startsWith(Constants.URN_PREFIX_CDID))
+ type = type.substring((Constants.URN_PREFIX_CDID+"+").length());
+
+ if(bpk.length() > BPK_MAX_LENGTH) {
+ bpk = bpk.substring(0, BPK_MAX_LENGTH);
+ }
+ return buildStringAttribute(BPK_FRIENDLY_NAME, BPK_NAME, type + ":" + bpk);
+ }
+
+
+ public Attribute buildEmpty() {
+ return buildemptyAttribute(BPK_FRIENDLY_NAME, BPK_NAME);
+ }
+
+}
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/attributes/BaseAttributeBuilder.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/attributes/BaseAttributeBuilder.java
new file mode 100644
index 000000000..d3c79c939
--- /dev/null
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/attributes/BaseAttributeBuilder.java
@@ -0,0 +1,62 @@
+package at.gv.egovernment.moa.id.protocols.pvp2x.builder.attributes;
+
+import org.opensaml.saml2.core.Attribute;
+import org.opensaml.saml2.core.AttributeValue;
+import org.opensaml.xml.Configuration;
+import org.opensaml.xml.XMLObject;
+import org.opensaml.xml.schema.XSInteger;
+import org.opensaml.xml.schema.XSString;
+import org.opensaml.xml.schema.impl.XSIntegerBuilder;
+import org.opensaml.xml.schema.impl.XSStringBuilder;
+
+import at.gv.egovernment.moa.id.protocols.pvp2x.PVPConstants;
+import at.gv.egovernment.moa.id.protocols.pvp2x.utils.SAML2Utils;
+
+public abstract class BaseAttributeBuilder implements PVPConstants, IAttributeBuilder {
+
+
+ protected static XMLObject buildAttributeStringValue(String value) {
+ XSStringBuilder stringBuilder = (XSStringBuilder) Configuration.getBuilderFactory().getBuilder(XSString.TYPE_NAME);
+ XSString stringValue = stringBuilder.buildObject(AttributeValue.DEFAULT_ELEMENT_NAME, XSString.TYPE_NAME);
+ stringValue.setValue(value);
+ return stringValue;
+ }
+
+ protected static XMLObject buildAttributeIntegerValue(int value) {
+ XSIntegerBuilder integerBuilder = (XSIntegerBuilder) Configuration.getBuilderFactory().getBuilder(XSInteger.TYPE_NAME);
+ XSInteger integerValue = integerBuilder.buildObject(AttributeValue.DEFAULT_ELEMENT_NAME, XSInteger.TYPE_NAME);
+ integerValue.setValue(value);
+ return integerValue;
+ }
+
+ protected static Attribute buildStringAttribute(String friendlyName,
+ String name, String value) {
+ Attribute attribute =
+ SAML2Utils.createSAMLObject(Attribute.class);
+ attribute.setFriendlyName(friendlyName);
+ attribute.setName(name);
+ attribute.setNameFormat(Attribute.URI_REFERENCE);
+ attribute.getAttributeValues().add(buildAttributeStringValue(value));
+ return attribute;
+ }
+
+ protected static Attribute buildIntegerAttribute(String friendlyName,
+ String name, int value) {
+ Attribute attribute =
+ SAML2Utils.createSAMLObject(Attribute.class);
+ attribute.setFriendlyName(friendlyName);
+ attribute.setName(name);
+ attribute.setNameFormat(Attribute.URI_REFERENCE);
+ attribute.getAttributeValues().add(buildAttributeIntegerValue(value));
+ return attribute;
+ }
+
+ protected static Attribute buildemptyAttribute(String friendlyName, String name) {
+ Attribute attribute =
+ SAML2Utils.createSAMLObject(Attribute.class);
+ attribute.setFriendlyName(friendlyName);
+ attribute.setName(name);
+ attribute.setNameFormat(Attribute.URI_REFERENCE);
+ return attribute;
+ }
+}
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/attributes/BirthdateAttributeBuilder.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/attributes/BirthdateAttributeBuilder.java
new file mode 100644
index 000000000..fa42fc54f
--- /dev/null
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/attributes/BirthdateAttributeBuilder.java
@@ -0,0 +1,45 @@
+package at.gv.egovernment.moa.id.protocols.pvp2x.builder.attributes;
+
+import java.text.DateFormat;
+import java.text.ParseException;
+import java.text.SimpleDateFormat;
+import java.util.Date;
+
+import org.opensaml.saml2.core.Attribute;
+
+import at.gv.egovernment.moa.id.auth.data.AuthenticationSession;
+import at.gv.egovernment.moa.id.config.auth.OAAuthParameter;
+import at.gv.egovernment.moa.id.data.AuthenticationData;
+
+public class BirthdateAttributeBuilder extends BaseAttributeBuilder {
+
+ public static final String IDENTITY_LINK_DATE_FORMAT = "yyyy-MM-dd";
+
+ public String getName() {
+ return BIRTHDATE_NAME;
+ }
+
+ public Attribute build(AuthenticationSession authSession,
+ OAAuthParameter oaParam, AuthenticationData authData) {
+ try {
+ DateFormat identityLinkFormat = new SimpleDateFormat(
+ IDENTITY_LINK_DATE_FORMAT);
+ Date date = identityLinkFormat.parse(authSession.getIdentityLink()
+ .getDateOfBirth());
+ DateFormat pvpDateFormat = new SimpleDateFormat(
+ BIRTHDATE_FORMAT_PATTERN);
+ String dateString = pvpDateFormat.format(date);
+ return buildStringAttribute(BIRTHDATE_FRIENDLY_NAME,
+ BIRTHDATE_NAME, dateString);
+ } catch (ParseException e) {
+ e.printStackTrace();
+ return null;
+ }
+ }
+
+ public Attribute buildEmpty() {
+ return buildemptyAttribute(BIRTHDATE_FRIENDLY_NAME,
+ BIRTHDATE_NAME);
+ }
+
+}
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/attributes/EIDCitizenQAALevelAttributeBuilder.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/attributes/EIDCitizenQAALevelAttributeBuilder.java
new file mode 100644
index 000000000..5ddd87c7b
--- /dev/null
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/attributes/EIDCitizenQAALevelAttributeBuilder.java
@@ -0,0 +1,27 @@
+package at.gv.egovernment.moa.id.protocols.pvp2x.builder.attributes;
+
+import org.opensaml.saml2.core.Attribute;
+
+import at.gv.egovernment.moa.id.auth.data.AuthenticationSession;
+import at.gv.egovernment.moa.id.config.auth.OAAuthParameter;
+import at.gv.egovernment.moa.id.data.AuthenticationData;
+
+public class EIDCitizenQAALevelAttributeBuilder extends BaseAttributeBuilder {
+
+ public String getName() {
+ return EID_CITIZEN_QAA_LEVEL_NAME;
+ }
+
+ public Attribute build(AuthenticationSession authSession,
+ OAAuthParameter oaParam, AuthenticationData authData) {
+ return buildIntegerAttribute(EID_CITIZEN_QAA_LEVEL_FRIENDLY_NAME,
+ EID_CITIZEN_QAA_LEVEL_NAME, 4);
+ }
+
+
+ public Attribute buildEmpty() {
+ return buildemptyAttribute(EID_CITIZEN_QAA_LEVEL_FRIENDLY_NAME,
+ EID_CITIZEN_QAA_LEVEL_NAME);
+ }
+
+}
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/attributes/EIDIssuingNationAttributeBuilder.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/attributes/EIDIssuingNationAttributeBuilder.java
new file mode 100644
index 000000000..08e4e67b3
--- /dev/null
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/attributes/EIDIssuingNationAttributeBuilder.java
@@ -0,0 +1,60 @@
+package at.gv.egovernment.moa.id.protocols.pvp2x.builder.attributes;
+
+import iaik.x509.X509Certificate;
+
+import javax.naming.ldap.LdapName;
+import javax.naming.ldap.Rdn;
+
+import org.opensaml.saml2.core.Attribute;
+
+import at.gv.egovernment.moa.id.auth.data.AuthenticationSession;
+import at.gv.egovernment.moa.id.config.auth.OAAuthParameter;
+import at.gv.egovernment.moa.id.data.AuthenticationData;
+import at.gv.egovernment.moa.logging.Logger;
+
+public class EIDIssuingNationAttributeBuilder extends BaseAttributeBuilder {
+
+ public String getName() {
+ return EID_ISSUING_NATION_NAME;
+ }
+
+ public Attribute build(AuthenticationSession authSession,
+ OAAuthParameter oaParam, AuthenticationData authData) {
+ String countryCode = "AT";
+
+
+ if (authSession.getStorkAuthnRequest() != null) {
+ countryCode = authSession.getStorkAuthnRequest()
+ .getCitizenCountryCode();
+ } else {
+
+ //TODO: replace with TSL lookup when TSL is ready!
+ X509Certificate certificate = authSession.getSignerCertificate();
+
+ if (certificate != null) {
+ try {
+ LdapName ln = new LdapName(certificate.getIssuerDN()
+ .getName());
+ for (Rdn rdn : ln.getRdns()) {
+ if (rdn.getType().equalsIgnoreCase("C")) {
+ Logger.info("C is: " + rdn.getValue());
+ countryCode = rdn.getValue().toString();
+ break;
+ }
+ }
+ } catch (Exception e) {
+ Logger.error("Failed to extract country code from certificate", e);
+ }
+ }
+ }
+
+ return buildStringAttribute(EID_ISSUING_NATION_FRIENDLY_NAME,
+ EID_ISSUING_NATION_NAME, countryCode);
+ }
+
+ public Attribute buildEmpty() {
+ return buildemptyAttribute(EID_ISSUING_NATION_FRIENDLY_NAME,
+ EID_ISSUING_NATION_NAME);
+ }
+
+}
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/attributes/EIDSectorForIDAttributeBuilder.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/attributes/EIDSectorForIDAttributeBuilder.java
new file mode 100644
index 000000000..8cb2b5be6
--- /dev/null
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/attributes/EIDSectorForIDAttributeBuilder.java
@@ -0,0 +1,27 @@
+package at.gv.egovernment.moa.id.protocols.pvp2x.builder.attributes;
+
+import org.opensaml.saml2.core.Attribute;
+
+import at.gv.egovernment.moa.id.auth.data.AuthenticationSession;
+import at.gv.egovernment.moa.id.config.auth.OAAuthParameter;
+import at.gv.egovernment.moa.id.data.AuthenticationData;
+
+public class EIDSectorForIDAttributeBuilder extends BaseAttributeBuilder {
+
+ public String getName() {
+ return EID_SECTOR_FOR_IDENTIFIER_NAME;
+ }
+
+ public Attribute build(AuthenticationSession authSession,
+ OAAuthParameter oaParam, AuthenticationData authData) {
+ String bpktype = authData.getBPKType();
+ return buildStringAttribute(EID_SECTOR_FOR_IDENTIFIER_FRIENDLY_NAME,
+ EID_SECTOR_FOR_IDENTIFIER_NAME, bpktype);
+ }
+
+ public Attribute buildEmpty() {
+ return buildemptyAttribute(EID_SECTOR_FOR_IDENTIFIER_FRIENDLY_NAME,
+ EID_SECTOR_FOR_IDENTIFIER_NAME);
+ }
+
+}
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/attributes/GivenNameAttributeBuilder.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/attributes/GivenNameAttributeBuilder.java
new file mode 100644
index 000000000..5c8151c01
--- /dev/null
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/attributes/GivenNameAttributeBuilder.java
@@ -0,0 +1,24 @@
+package at.gv.egovernment.moa.id.protocols.pvp2x.builder.attributes;
+
+import org.opensaml.saml2.core.Attribute;
+
+import at.gv.egovernment.moa.id.auth.data.AuthenticationSession;
+import at.gv.egovernment.moa.id.config.auth.OAAuthParameter;
+import at.gv.egovernment.moa.id.data.AuthenticationData;
+
+public class GivenNameAttributeBuilder extends BaseAttributeBuilder {
+
+ public String getName() {
+ return GIVEN_NAME_NAME;
+ }
+
+ public Attribute build(AuthenticationSession authSession,
+ OAAuthParameter oaParam, AuthenticationData authData) {
+ return buildStringAttribute(GIVEN_NAME_FRIENDLY_NAME, GIVEN_NAME_NAME, authSession.getIdentityLink().getGivenName());
+ }
+
+ public Attribute buildEmpty() {
+ return buildemptyAttribute(GIVEN_NAME_FRIENDLY_NAME, GIVEN_NAME_NAME);
+ }
+
+}
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/attributes/IAttributeBuilder.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/attributes/IAttributeBuilder.java
new file mode 100644
index 000000000..173fbd52f
--- /dev/null
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/attributes/IAttributeBuilder.java
@@ -0,0 +1,15 @@
+package at.gv.egovernment.moa.id.protocols.pvp2x.builder.attributes;
+
+import org.opensaml.saml2.core.Attribute;
+
+import at.gv.egovernment.moa.id.auth.data.AuthenticationSession;
+import at.gv.egovernment.moa.id.config.auth.OAAuthParameter;
+import at.gv.egovernment.moa.id.data.AuthenticationData;
+import at.gv.egovernment.moa.id.protocols.pvp2x.exceptions.PVP2Exception;
+
+public interface IAttributeBuilder {
+ public String getName();
+ public Attribute build(AuthenticationSession authSession,
+ OAAuthParameter oaParam, AuthenticationData authData) throws PVP2Exception;
+ public Attribute buildEmpty();
+}
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/attributes/MandateFullMandateAttributeBuilder.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/attributes/MandateFullMandateAttributeBuilder.java
new file mode 100644
index 000000000..cecd90448
--- /dev/null
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/attributes/MandateFullMandateAttributeBuilder.java
@@ -0,0 +1,49 @@
+package at.gv.egovernment.moa.id.protocols.pvp2x.builder.attributes;
+
+import java.io.IOException;
+
+import javax.xml.transform.TransformerException;
+
+import org.opensaml.saml2.core.Attribute;
+
+import at.gv.egovernment.moa.id.auth.data.AuthenticationSession;
+import at.gv.egovernment.moa.id.config.auth.OAAuthParameter;
+import at.gv.egovernment.moa.id.data.AuthenticationData;
+import at.gv.egovernment.moa.id.protocols.pvp2x.exceptions.PVP2Exception;
+import at.gv.egovernment.moa.logging.Logger;
+import at.gv.egovernment.moa.util.DOMUtils;
+
+public class MandateFullMandateAttributeBuilder extends BaseAttributeBuilder {
+
+ public String getName() {
+ return MANDATE_FULL_MANDATE_NAME;
+ }
+
+ public Attribute build(AuthenticationSession authSession,
+ OAAuthParameter oaParam, AuthenticationData authData)
+ throws PVP2Exception {
+ if (authSession.getUseMandate()) {
+ if (authSession.getMandate() != null) {
+ String fullMandate;
+ try {
+ fullMandate = DOMUtils.serializeNode(authSession
+ .getMandate());
+ return buildStringAttribute(MANDATE_FULL_MANDATE_FRIENDLY_NAME,
+ MANDATE_FULL_MANDATE_NAME, fullMandate);
+ } catch (TransformerException e) {
+ Logger.error("Failed to generate Full Mandate", e);
+ } catch (IOException e) {
+ Logger.error("Failed to generate Full Mandate", e);
+ }
+ }
+ }
+ return null;
+
+ }
+
+ public Attribute buildEmpty() {
+ return buildemptyAttribute(MANDATE_FULL_MANDATE_FRIENDLY_NAME,
+ MANDATE_FULL_MANDATE_NAME);
+ }
+
+}
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/attributes/MandateLegalPersonFullNameAttributeBuilder.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/attributes/MandateLegalPersonFullNameAttributeBuilder.java
new file mode 100644
index 000000000..15059c036
--- /dev/null
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/attributes/MandateLegalPersonFullNameAttributeBuilder.java
@@ -0,0 +1,51 @@
+package at.gv.egovernment.moa.id.protocols.pvp2x.builder.attributes;
+
+import org.opensaml.saml2.core.Attribute;
+import org.w3c.dom.Element;
+
+import at.gv.e_government.reference.namespace.mandates._20040701_.Mandate;
+import at.gv.e_government.reference.namespace.persondata._20020228_.CorporateBodyType;
+import at.gv.egovernment.moa.id.auth.data.AuthenticationSession;
+import at.gv.egovernment.moa.id.config.auth.OAAuthParameter;
+import at.gv.egovernment.moa.id.data.AuthenticationData;
+import at.gv.egovernment.moa.id.protocols.pvp2x.exceptions.NoMandateDataAvailableException;
+import at.gv.egovernment.moa.id.protocols.pvp2x.exceptions.PVP2Exception;
+import at.gv.egovernment.moa.id.util.MandateBuilder;
+import at.gv.egovernment.moa.logging.Logger;
+
+public class MandateLegalPersonFullNameAttributeBuilder extends BaseAttributeBuilder {
+
+ public String getName() {
+ return MANDATE_LEG_PER_FULL_NAME_NAME;
+ }
+
+ public Attribute build(AuthenticationSession authSession,
+ OAAuthParameter oaParam, AuthenticationData authData) throws PVP2Exception {
+ if(authSession.getUseMandate()) {
+ Element mandate = authSession.getMandate();
+ if(mandate == null) {
+ throw new NoMandateDataAvailableException();
+ }
+ Mandate mandateObject = MandateBuilder.buildMandate(mandate);
+ if(mandateObject == null) {
+ throw new NoMandateDataAvailableException();
+ }
+ CorporateBodyType corporation = mandateObject.getMandator().getCorporateBody();
+ if(corporation == null) {
+ Logger.error("No corporation mandate");
+ throw new NoMandateDataAvailableException();
+ }
+
+ return buildStringAttribute(MANDATE_LEG_PER_FULL_NAME_FRIENDLY_NAME,
+ MANDATE_LEG_PER_FULL_NAME_NAME, corporation.getFullName());
+ }
+ return null;
+
+ }
+
+ public Attribute buildEmpty() {
+ return buildemptyAttribute(MANDATE_LEG_PER_FULL_NAME_FRIENDLY_NAME,
+ MANDATE_LEG_PER_FULL_NAME_NAME);
+ }
+
+}
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/attributes/MandateLegalPersonSourcePinAttributeBuilder.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/attributes/MandateLegalPersonSourcePinAttributeBuilder.java
new file mode 100644
index 000000000..820efb209
--- /dev/null
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/attributes/MandateLegalPersonSourcePinAttributeBuilder.java
@@ -0,0 +1,64 @@
+package at.gv.egovernment.moa.id.protocols.pvp2x.builder.attributes;
+
+import org.opensaml.saml2.core.Attribute;
+import org.w3c.dom.Element;
+
+import at.gv.e_government.reference.namespace.mandates._20040701_.Mandate;
+import at.gv.e_government.reference.namespace.persondata._20020228_.CorporateBodyType;
+import at.gv.e_government.reference.namespace.persondata._20020228_.IdentificationType;
+import at.gv.egovernment.moa.id.auth.data.AuthenticationSession;
+import at.gv.egovernment.moa.id.config.auth.OAAuthParameter;
+import at.gv.egovernment.moa.id.data.AuthenticationData;
+import at.gv.egovernment.moa.id.protocols.pvp2x.exceptions.NoMandateDataAvailableException;
+import at.gv.egovernment.moa.id.protocols.pvp2x.exceptions.PVP2Exception;
+import at.gv.egovernment.moa.id.util.MandateBuilder;
+import at.gv.egovernment.moa.logging.Logger;
+
+public class MandateLegalPersonSourcePinAttributeBuilder extends BaseAttributeBuilder {
+
+ public String getName() {
+ return MANDATE_LEG_PER_SOURCE_PIN_NAME;
+ }
+
+ public Attribute build(AuthenticationSession authSession,
+ OAAuthParameter oaParam, AuthenticationData authData) throws PVP2Exception {
+ if(authSession.getUseMandate()) {
+ Element mandate = authSession.getMandate();
+ if(mandate == null) {
+ throw new NoMandateDataAvailableException();
+ }
+ Mandate mandateObject = MandateBuilder.buildMandate(mandate);
+ if(mandateObject == null) {
+ throw new NoMandateDataAvailableException();
+ }
+ CorporateBodyType corporation = mandateObject.getMandator().getCorporateBody();
+ if(corporation == null) {
+ Logger.error("No corporation mandate");
+ throw new NoMandateDataAvailableException();
+ }
+ IdentificationType id = null;
+ if(corporation.getIdentification().size() == 0) {
+ Logger.error("Failed to generate IdentificationType");
+ throw new NoMandateDataAvailableException();
+ }
+ id = corporation.getIdentification().get(0);
+ /*if(authSession.getBusinessService()) {
+ id = MandateBuilder.getWBPKIdentification(corporation);
+ } else {
+ id = MandateBuilder.getBPKIdentification(corporation);
+ }*/
+ /*if(id == null) {
+ Logger.error("Failed to generate IdentificationType");
+ throw new NoMandateDataAvailableException();
+ }*/
+ return buildStringAttribute(MANDATE_LEG_PER_SOURCE_PIN_FRIENDLY_NAME,
+ MANDATE_LEG_PER_SOURCE_PIN_NAME, id.getValue().getValue());
+ }
+ return null;
+
+ }
+
+ public Attribute buildEmpty() {
+ return buildemptyAttribute(MANDATE_LEG_PER_SOURCE_PIN_FRIENDLY_NAME, MANDATE_LEG_PER_SOURCE_PIN_NAME);
+ }
+}
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/attributes/MandateLegalPersonSourcePinTypeAttributeBuilder.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/attributes/MandateLegalPersonSourcePinTypeAttributeBuilder.java
new file mode 100644
index 000000000..44b58d04f
--- /dev/null
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/attributes/MandateLegalPersonSourcePinTypeAttributeBuilder.java
@@ -0,0 +1,67 @@
+package at.gv.egovernment.moa.id.protocols.pvp2x.builder.attributes;
+
+import org.opensaml.saml2.core.Attribute;
+import org.w3c.dom.Element;
+
+import at.gv.e_government.reference.namespace.mandates._20040701_.Mandate;
+import at.gv.e_government.reference.namespace.persondata._20020228_.CorporateBodyType;
+import at.gv.e_government.reference.namespace.persondata._20020228_.IdentificationType;
+import at.gv.egovernment.moa.id.auth.data.AuthenticationSession;
+import at.gv.egovernment.moa.id.config.auth.OAAuthParameter;
+import at.gv.egovernment.moa.id.data.AuthenticationData;
+import at.gv.egovernment.moa.id.protocols.pvp2x.exceptions.NoMandateDataAvailableException;
+import at.gv.egovernment.moa.id.protocols.pvp2x.exceptions.PVP2Exception;
+import at.gv.egovernment.moa.id.util.MandateBuilder;
+import at.gv.egovernment.moa.logging.Logger;
+
+public class MandateLegalPersonSourcePinTypeAttributeBuilder extends
+ BaseAttributeBuilder {
+
+ public String getName() {
+ return MANDATE_LEG_PER_SOURCE_PIN_TYPE_NAME;
+ }
+
+ public Attribute build(AuthenticationSession authSession,
+ OAAuthParameter oaParam, AuthenticationData authData)
+ throws PVP2Exception {
+ if (authSession.getUseMandate()) {
+ Element mandate = authSession.getMandate();
+ if (mandate == null) {
+ throw new NoMandateDataAvailableException();
+ }
+ Mandate mandateObject = MandateBuilder.buildMandate(mandate);
+ if (mandateObject == null) {
+ throw new NoMandateDataAvailableException();
+ }
+ CorporateBodyType corporation = mandateObject.getMandator()
+ .getCorporateBody();
+ if (corporation == null) {
+ Logger.error("No corporate mandate");
+ throw new NoMandateDataAvailableException();
+ }
+ IdentificationType id = null;
+ if(corporation.getIdentification().size() == 0) {
+ Logger.error("Failed to generate IdentificationType");
+ throw new NoMandateDataAvailableException();
+ }
+ id = corporation.getIdentification().get(0);
+ /*id = MandateBuilder.getBPKIdentification(corporate);
+ if (id == null) {
+ Logger.error("Failed to generate IdentificationType");
+ throw new NoMandateDataAvailableException();
+ }*/
+ return buildStringAttribute(
+ MANDATE_LEG_PER_SOURCE_PIN_TYPE_FRIENDLY_NAME,
+ MANDATE_LEG_PER_SOURCE_PIN_TYPE_NAME, id.getType());
+ }
+ return null;
+
+ }
+
+ public Attribute buildEmpty() {
+ return buildemptyAttribute(
+ MANDATE_LEG_PER_SOURCE_PIN_TYPE_FRIENDLY_NAME,
+ MANDATE_LEG_PER_SOURCE_PIN_TYPE_NAME);
+ }
+
+}
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/attributes/MandateNaturalPersonBPKAttributeBuilder.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/attributes/MandateNaturalPersonBPKAttributeBuilder.java
new file mode 100644
index 000000000..49e013fe0
--- /dev/null
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/attributes/MandateNaturalPersonBPKAttributeBuilder.java
@@ -0,0 +1,90 @@
+package at.gv.egovernment.moa.id.protocols.pvp2x.builder.attributes;
+
+import org.opensaml.saml2.core.Attribute;
+import org.w3c.dom.Element;
+
+import at.gv.e_government.reference.namespace.mandates._20040701_.Mandate;
+import at.gv.e_government.reference.namespace.persondata._20020228_.IdentificationType;
+import at.gv.e_government.reference.namespace.persondata._20020228_.PhysicalPersonType;
+import at.gv.egovernment.moa.id.BuildException;
+import at.gv.egovernment.moa.id.auth.builder.BPKBuilder;
+import at.gv.egovernment.moa.id.auth.data.AuthenticationSession;
+import at.gv.egovernment.moa.id.config.auth.OAAuthParameter;
+import at.gv.egovernment.moa.id.data.AuthenticationData;
+import at.gv.egovernment.moa.id.protocols.pvp2x.exceptions.NoMandateDataAvailableException;
+import at.gv.egovernment.moa.id.protocols.pvp2x.exceptions.PVP2Exception;
+import at.gv.egovernment.moa.id.util.MandateBuilder;
+import at.gv.egovernment.moa.logging.Logger;
+import at.gv.egovernment.moa.util.Constants;
+
+public class MandateNaturalPersonBPKAttributeBuilder extends BaseAttributeBuilder {
+
+ public String getName() {
+ return MANDATE_NAT_PER_BPK_NAME;
+ }
+
+ public Attribute build(AuthenticationSession authSession,
+ OAAuthParameter oaParam, AuthenticationData authData) throws PVP2Exception {
+ if(authSession.getUseMandate()) {
+ Element mandate = authSession.getMandate();
+ if(mandate == null) {
+ throw new NoMandateDataAvailableException();
+ }
+ Mandate mandateObject = MandateBuilder.buildMandate(mandate);
+ if(mandateObject == null) {
+ throw new NoMandateDataAvailableException();
+ }
+ PhysicalPersonType physicalPerson = mandateObject.getMandator()
+ .getPhysicalPerson();
+ if (physicalPerson == null) {
+ Logger.error("No physicalPerson mandate");
+ throw new NoMandateDataAvailableException();
+ }
+ IdentificationType id = null;
+ id = physicalPerson.getIdentification().get(0);
+// if(authSession.getBusinessService()) {
+// id = MandateBuilder.getWBPKIdentification(physicalPerson);
+// } else {
+// id = MandateBuilder.getBPKIdentification(physicalPerson);
+// }
+ if(id == null) {
+ Logger.error("Failed to generate IdentificationType");
+ throw new NoMandateDataAvailableException();
+ }
+
+ String bpk;
+ try {
+
+ if (id.getType().equals(Constants.URN_PREFIX_BASEID)) {
+ if (authSession.getBusinessService()) {
+ bpk = new BPKBuilder().buildWBPK(id.getValue().getValue(), oaParam.getIdentityLinkDomainIdentifier());
+
+ }
+
+ else {
+ bpk = new BPKBuilder().buildBPK(id.getValue().getValue(), oaParam.getTarget());
+
+ }
+
+ } else
+ bpk = id.getValue().getValue();
+
+ } catch (BuildException e ){
+ Logger.error("Failed to generate IdentificationType");
+ throw new NoMandateDataAvailableException();
+ }
+
+ return buildStringAttribute(MANDATE_NAT_PER_BPK_FRIENDLY_NAME,
+ MANDATE_NAT_PER_BPK_NAME, bpk);
+ }
+ return null;
+
+ }
+
+ public Attribute buildEmpty() {
+ return buildemptyAttribute(MANDATE_NAT_PER_BPK_FRIENDLY_NAME,
+ MANDATE_NAT_PER_BPK_NAME);
+ }
+
+
+}
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/attributes/MandateNaturalPersonBirthDateAttributeBuilder.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/attributes/MandateNaturalPersonBirthDateAttributeBuilder.java
new file mode 100644
index 000000000..a87d4d25c
--- /dev/null
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/attributes/MandateNaturalPersonBirthDateAttributeBuilder.java
@@ -0,0 +1,74 @@
+package at.gv.egovernment.moa.id.protocols.pvp2x.builder.attributes;
+
+import java.text.DateFormat;
+import java.text.ParseException;
+import java.text.SimpleDateFormat;
+import java.util.Date;
+
+import org.opensaml.saml2.core.Attribute;
+import org.w3c.dom.Element;
+
+import at.gv.e_government.reference.namespace.mandates._20040701_.Mandate;
+import at.gv.e_government.reference.namespace.persondata._20020228_.PhysicalPersonType;
+import at.gv.egovernment.moa.id.auth.data.AuthenticationSession;
+import at.gv.egovernment.moa.id.config.auth.OAAuthParameter;
+import at.gv.egovernment.moa.id.data.AuthenticationData;
+import at.gv.egovernment.moa.id.protocols.pvp2x.exceptions.InvalidDateFormatException;
+import at.gv.egovernment.moa.id.protocols.pvp2x.exceptions.NoMandateDataAvailableException;
+import at.gv.egovernment.moa.id.protocols.pvp2x.exceptions.PVP2Exception;
+import at.gv.egovernment.moa.id.util.MandateBuilder;
+import at.gv.egovernment.moa.logging.Logger;
+
+public class MandateNaturalPersonBirthDateAttributeBuilder extends
+ BaseAttributeBuilder {
+
+ public String getName() {
+ return MANDATE_NAT_PER_BIRTHDATE_NAME;
+ }
+
+ public Attribute build(AuthenticationSession authSession,
+ OAAuthParameter oaParam, AuthenticationData authData)
+ throws PVP2Exception {
+ if (authSession.getUseMandate()) {
+ Element mandate = authSession.getMandate();
+ if (mandate == null) {
+ throw new NoMandateDataAvailableException();
+ }
+ Mandate mandateObject = MandateBuilder.buildMandate(mandate);
+ if (mandateObject == null) {
+ throw new NoMandateDataAvailableException();
+ }
+ PhysicalPersonType physicalPerson = mandateObject.getMandator()
+ .getPhysicalPerson();
+ if (physicalPerson == null) {
+ Logger.error("No physicalPerson mandate");
+ throw new NoMandateDataAvailableException();
+ }
+
+ String dateOfBirth = physicalPerson.getDateOfBirth();
+ try {
+ DateFormat mandateFormat = new SimpleDateFormat(
+ MandateBuilder.MANDATE_DATE_OF_BIRTH_FORMAT);
+ Date date = mandateFormat.parse(dateOfBirth);
+ DateFormat pvpDateFormat = new SimpleDateFormat(
+ MANDATE_NAT_PER_BIRTHDATE_FORMAT_PATTERN);
+ String dateString = pvpDateFormat.format(date);
+
+ return buildStringAttribute(
+ MANDATE_NAT_PER_BIRTHDATE_FRIENDLY_NAME,
+ MANDATE_NAT_PER_BIRTHDATE_NAME, dateString);
+ } catch (ParseException e) {
+ e.printStackTrace();
+ throw new InvalidDateFormatException();
+ }
+ }
+ return null;
+
+ }
+
+ public Attribute buildEmpty() {
+ return buildemptyAttribute(MANDATE_NAT_PER_BIRTHDATE_FRIENDLY_NAME,
+ MANDATE_NAT_PER_BIRTHDATE_NAME);
+ }
+
+}
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/attributes/MandateNaturalPersonFamilyNameAttributeBuilder.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/attributes/MandateNaturalPersonFamilyNameAttributeBuilder.java
new file mode 100644
index 000000000..6744e5d20
--- /dev/null
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/attributes/MandateNaturalPersonFamilyNameAttributeBuilder.java
@@ -0,0 +1,61 @@
+package at.gv.egovernment.moa.id.protocols.pvp2x.builder.attributes;
+
+import java.util.Iterator;
+
+import org.opensaml.saml2.core.Attribute;
+import org.w3c.dom.Element;
+
+import at.gv.e_government.reference.namespace.mandates._20040701_.Mandate;
+import at.gv.e_government.reference.namespace.persondata._20020228_.PersonNameType.FamilyName;
+import at.gv.e_government.reference.namespace.persondata._20020228_.PhysicalPersonType;
+import at.gv.egovernment.moa.id.auth.data.AuthenticationSession;
+import at.gv.egovernment.moa.id.config.auth.OAAuthParameter;
+import at.gv.egovernment.moa.id.data.AuthenticationData;
+import at.gv.egovernment.moa.id.protocols.pvp2x.exceptions.NoMandateDataAvailableException;
+import at.gv.egovernment.moa.id.protocols.pvp2x.exceptions.PVP2Exception;
+import at.gv.egovernment.moa.id.util.MandateBuilder;
+import at.gv.egovernment.moa.logging.Logger;
+
+public class MandateNaturalPersonFamilyNameAttributeBuilder extends BaseAttributeBuilder {
+
+ public String getName() {
+ return MANDATE_NAT_PER_FAMILY_NAME_NAME;
+ }
+
+ public Attribute build(AuthenticationSession authSession,
+ OAAuthParameter oaParam, AuthenticationData authData) throws PVP2Exception {
+ if(authSession.getUseMandate()) {
+ Element mandate = authSession.getMandate();
+ if(mandate == null) {
+ throw new NoMandateDataAvailableException();
+ }
+ Mandate mandateObject = MandateBuilder.buildMandate(mandate);
+ if(mandateObject == null) {
+ throw new NoMandateDataAvailableException();
+ }
+ PhysicalPersonType physicalPerson = mandateObject.getMandator().getPhysicalPerson();
+ if(physicalPerson == null) {
+ Logger.error("No physicalPerson mandate");
+ throw new NoMandateDataAvailableException();
+ }
+
+ StringBuilder sb = new StringBuilder();
+ Iterator<FamilyName> fNamesit = physicalPerson.getName().getFamilyName().iterator();
+
+ while(fNamesit.hasNext()) {
+ sb.append(" " + fNamesit.next().getValue());
+ }
+
+ return buildStringAttribute(MANDATE_NAT_PER_FAMILY_NAME_FRIENDLY_NAME,
+ MANDATE_NAT_PER_FAMILY_NAME_NAME, sb.toString());
+ }
+ return null;
+
+ }
+
+ public Attribute buildEmpty() {
+ return buildemptyAttribute(MANDATE_NAT_PER_FAMILY_NAME_FRIENDLY_NAME,
+ MANDATE_NAT_PER_FAMILY_NAME_NAME);
+ }
+
+}
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/attributes/MandateNaturalPersonGivenNameAttributeBuilder.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/attributes/MandateNaturalPersonGivenNameAttributeBuilder.java
new file mode 100644
index 000000000..67aa8df0e
--- /dev/null
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/attributes/MandateNaturalPersonGivenNameAttributeBuilder.java
@@ -0,0 +1,60 @@
+package at.gv.egovernment.moa.id.protocols.pvp2x.builder.attributes;
+
+import java.util.Iterator;
+
+import org.opensaml.saml2.core.Attribute;
+import org.w3c.dom.Element;
+
+import at.gv.e_government.reference.namespace.mandates._20040701_.Mandate;
+import at.gv.e_government.reference.namespace.persondata._20020228_.PhysicalPersonType;
+import at.gv.egovernment.moa.id.auth.data.AuthenticationSession;
+import at.gv.egovernment.moa.id.config.auth.OAAuthParameter;
+import at.gv.egovernment.moa.id.data.AuthenticationData;
+import at.gv.egovernment.moa.id.protocols.pvp2x.exceptions.NoMandateDataAvailableException;
+import at.gv.egovernment.moa.id.protocols.pvp2x.exceptions.PVP2Exception;
+import at.gv.egovernment.moa.id.util.MandateBuilder;
+import at.gv.egovernment.moa.logging.Logger;
+
+public class MandateNaturalPersonGivenNameAttributeBuilder extends BaseAttributeBuilder {
+
+ public String getName() {
+ return MANDATE_NAT_PER_GIVEN_NAME_NAME;
+ }
+
+ public Attribute build(AuthenticationSession authSession,
+ OAAuthParameter oaParam, AuthenticationData authData) throws PVP2Exception {
+ if(authSession.getUseMandate()) {
+ Element mandate = authSession.getMandate();
+ if(mandate == null) {
+ throw new NoMandateDataAvailableException();
+ }
+ Mandate mandateObject = MandateBuilder.buildMandate(mandate);
+ if(mandateObject == null) {
+ throw new NoMandateDataAvailableException();
+ }
+ PhysicalPersonType physicalPerson = mandateObject.getMandator().getPhysicalPerson();
+ if(physicalPerson == null) {
+ Logger.error("No physicalPerson mandate");
+ throw new NoMandateDataAvailableException();
+ }
+
+ StringBuilder sb = new StringBuilder();
+ Iterator<String> gNamesit = physicalPerson.getName().getGivenName().iterator();
+
+ while(gNamesit.hasNext()) {
+ sb.append(" " + gNamesit.next());
+ }
+
+ return buildStringAttribute(MANDATE_NAT_PER_GIVEN_NAME_FRIENDLY_NAME,
+ MANDATE_NAT_PER_GIVEN_NAME_NAME, sb.toString());
+ }
+ return null;
+
+ }
+
+ public Attribute buildEmpty() {
+ return buildemptyAttribute(MANDATE_NAT_PER_GIVEN_NAME_FRIENDLY_NAME,
+ MANDATE_NAT_PER_GIVEN_NAME_NAME);
+ }
+
+}
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/attributes/MandateNaturalPersonSourcePinAttributeBuilder.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/attributes/MandateNaturalPersonSourcePinAttributeBuilder.java
new file mode 100644
index 000000000..eaa7e88af
--- /dev/null
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/attributes/MandateNaturalPersonSourcePinAttributeBuilder.java
@@ -0,0 +1,65 @@
+package at.gv.egovernment.moa.id.protocols.pvp2x.builder.attributes;
+
+import org.opensaml.saml2.core.Attribute;
+import org.w3c.dom.Element;
+
+import at.gv.e_government.reference.namespace.mandates._20040701_.Mandate;
+import at.gv.e_government.reference.namespace.persondata._20020228_.IdentificationType;
+import at.gv.e_government.reference.namespace.persondata._20020228_.PhysicalPersonType;
+import at.gv.egovernment.moa.id.auth.data.AuthenticationSession;
+import at.gv.egovernment.moa.id.config.auth.OAAuthParameter;
+import at.gv.egovernment.moa.id.data.AuthenticationData;
+import at.gv.egovernment.moa.id.protocols.pvp2x.exceptions.NoMandateDataAvailableException;
+import at.gv.egovernment.moa.id.protocols.pvp2x.exceptions.PVP2Exception;
+import at.gv.egovernment.moa.id.util.MandateBuilder;
+import at.gv.egovernment.moa.logging.Logger;
+
+public class MandateNaturalPersonSourcePinAttributeBuilder extends
+ BaseAttributeBuilder {
+
+ public String getName() {
+ return MANDATE_NAT_PER_SOURCE_PIN_OID;
+ }
+
+ public Attribute build(AuthenticationSession authSession,
+ OAAuthParameter oaParam, AuthenticationData authData)
+ throws PVP2Exception {
+ if(authSession.getUseMandate()) {
+ Element mandate = authSession.getMandate();
+ if(mandate == null) {
+ throw new NoMandateDataAvailableException();
+ }
+ Mandate mandateObject = MandateBuilder.buildMandate(mandate);
+ if(mandateObject == null) {
+ throw new NoMandateDataAvailableException();
+ }
+ PhysicalPersonType physicalPerson = mandateObject.getMandator()
+ .getPhysicalPerson();
+ if (physicalPerson == null) {
+ Logger.error("No physicalPerson mandate");
+ throw new NoMandateDataAvailableException();
+ }
+ IdentificationType id = null;
+ id = physicalPerson.getIdentification().get(0);
+ /*if(authSession.getBusinessService()) {
+ id = MandateBuilder.getWBPKIdentification(physicalPerson);
+ } else {
+ id = MandateBuilder.getBPKIdentification(physicalPerson);
+ }*/
+ if(id == null) {
+ Logger.error("Failed to generate IdentificationType");
+ throw new NoMandateDataAvailableException();
+ }
+
+ return buildStringAttribute(MANDATE_NAT_PER_SOURCE_PIN_FRIENDLY_NAME,
+ MANDATE_NAT_PER_SOURCE_PIN_NAME, id.getValue().getValue());
+ }
+ return null;
+ }
+
+ public Attribute buildEmpty() {
+ return buildemptyAttribute(MANDATE_NAT_PER_SOURCE_PIN_FRIENDLY_NAME,
+ MANDATE_NAT_PER_SOURCE_PIN_NAME);
+ }
+
+}
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/attributes/MandateNaturalPersonSourcePinTypeAttributeBuilder.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/attributes/MandateNaturalPersonSourcePinTypeAttributeBuilder.java
new file mode 100644
index 000000000..7b8f59dd2
--- /dev/null
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/attributes/MandateNaturalPersonSourcePinTypeAttributeBuilder.java
@@ -0,0 +1,65 @@
+package at.gv.egovernment.moa.id.protocols.pvp2x.builder.attributes;
+
+import org.opensaml.saml2.core.Attribute;
+import org.w3c.dom.Element;
+
+import at.gv.e_government.reference.namespace.mandates._20040701_.Mandate;
+import at.gv.e_government.reference.namespace.persondata._20020228_.IdentificationType;
+import at.gv.e_government.reference.namespace.persondata._20020228_.PhysicalPersonType;
+import at.gv.egovernment.moa.id.auth.data.AuthenticationSession;
+import at.gv.egovernment.moa.id.config.auth.OAAuthParameter;
+import at.gv.egovernment.moa.id.data.AuthenticationData;
+import at.gv.egovernment.moa.id.protocols.pvp2x.exceptions.NoMandateDataAvailableException;
+import at.gv.egovernment.moa.id.protocols.pvp2x.exceptions.PVP2Exception;
+import at.gv.egovernment.moa.id.util.MandateBuilder;
+import at.gv.egovernment.moa.logging.Logger;
+
+public class MandateNaturalPersonSourcePinTypeAttributeBuilder extends
+ BaseAttributeBuilder {
+
+ public String getName() {
+ return MANDATE_NAT_PER_SOURCE_PIN_TYPE_OID;
+ }
+
+ public Attribute build(AuthenticationSession authSession,
+ OAAuthParameter oaParam, AuthenticationData authData)
+ throws PVP2Exception {
+ if(authSession.getUseMandate()) {
+ Element mandate = authSession.getMandate();
+ if(mandate == null) {
+ throw new NoMandateDataAvailableException();
+ }
+ Mandate mandateObject = MandateBuilder.buildMandate(mandate);
+ if(mandateObject == null) {
+ throw new NoMandateDataAvailableException();
+ }
+ PhysicalPersonType physicalPerson = mandateObject.getMandator()
+ .getPhysicalPerson();
+ if (physicalPerson == null) {
+ Logger.error("No physicalPerson mandate");
+ throw new NoMandateDataAvailableException();
+ }
+ IdentificationType id = null;
+ id = physicalPerson.getIdentification().get(0);
+ /*if(authSession.getBusinessService()) {
+ id = MandateBuilder.getWBPKIdentification(physicalPerson);
+ } else {
+ id = MandateBuilder.getBPKIdentification(physicalPerson);
+ }*/
+ if(id == null) {
+ Logger.error("Failed to generate IdentificationType");
+ throw new NoMandateDataAvailableException();
+ }
+
+ return buildStringAttribute(MANDATE_NAT_PER_SOURCE_PIN_TYPE_FRIENDLY_NAME,
+ MANDATE_NAT_PER_SOURCE_PIN_TYPE_NAME, id.getType());
+ }
+ return null;
+ }
+
+ public Attribute buildEmpty() {
+ return buildemptyAttribute(MANDATE_NAT_PER_SOURCE_PIN_TYPE_FRIENDLY_NAME,
+ MANDATE_NAT_PER_SOURCE_PIN_TYPE_NAME);
+ }
+
+}
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/attributes/MandateProfRepDescAttributeBuilder.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/attributes/MandateProfRepDescAttributeBuilder.java
new file mode 100644
index 000000000..b7c356112
--- /dev/null
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/attributes/MandateProfRepDescAttributeBuilder.java
@@ -0,0 +1,48 @@
+package at.gv.egovernment.moa.id.protocols.pvp2x.builder.attributes;
+
+import org.opensaml.saml2.core.Attribute;
+import org.w3c.dom.Element;
+
+import at.gv.egovernment.moa.id.auth.data.AuthenticationSession;
+import at.gv.egovernment.moa.id.auth.validator.parep.ParepValidator;
+import at.gv.egovernment.moa.id.config.auth.OAAuthParameter;
+import at.gv.egovernment.moa.id.data.AuthenticationData;
+import at.gv.egovernment.moa.id.protocols.pvp2x.exceptions.NoMandateDataAvailableException;
+import at.gv.egovernment.moa.id.protocols.pvp2x.exceptions.PVP2Exception;
+import at.gv.egovernment.moa.id.protocols.pvp2x.utils.AttributeExtractor;
+
+public class MandateProfRepDescAttributeBuilder extends BaseAttributeBuilder {
+
+ public String getName() {
+ return MANDATE_PROF_REP_DESC_NAME;
+ }
+
+ public Attribute build(AuthenticationSession authSession,
+ OAAuthParameter oaParam, AuthenticationData authData) throws PVP2Exception {
+ if(authSession.getUseMandate()) {
+ Element mandate = authSession.getMandate();
+ if(mandate == null) {
+ throw new NoMandateDataAvailableException();
+ }
+
+ String text = AttributeExtractor.extractSAMLAttributeOA(
+ ParepValidator.EXT_SAML_MANDATE_OIDTEXTUALDESCRIPTION,
+ authSession);
+
+ if(text == null) {
+ return null;
+ }
+
+ return buildStringAttribute(MANDATE_PROF_REP_DESC_FRIENDLY_NAME,
+ MANDATE_PROF_REP_DESC_NAME, text);
+
+ }
+ return null;
+
+ }
+
+ public Attribute buildEmpty() {
+ return buildemptyAttribute(MANDATE_PROF_REP_DESC_FRIENDLY_NAME,
+ MANDATE_PROF_REP_DESC_NAME);
+ }
+}
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/attributes/MandateProfRepOIDAttributeBuilder.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/attributes/MandateProfRepOIDAttributeBuilder.java
new file mode 100644
index 000000000..740a99649
--- /dev/null
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/attributes/MandateProfRepOIDAttributeBuilder.java
@@ -0,0 +1,49 @@
+package at.gv.egovernment.moa.id.protocols.pvp2x.builder.attributes;
+
+import org.opensaml.saml2.core.Attribute;
+import org.w3c.dom.Element;
+
+import at.gv.egovernment.moa.id.auth.data.AuthenticationSession;
+import at.gv.egovernment.moa.id.auth.validator.parep.ParepValidator;
+import at.gv.egovernment.moa.id.config.auth.OAAuthParameter;
+import at.gv.egovernment.moa.id.data.AuthenticationData;
+import at.gv.egovernment.moa.id.protocols.pvp2x.exceptions.NoMandateDataAvailableException;
+import at.gv.egovernment.moa.id.protocols.pvp2x.exceptions.PVP2Exception;
+import at.gv.egovernment.moa.id.protocols.pvp2x.utils.AttributeExtractor;
+
+public class MandateProfRepOIDAttributeBuilder extends BaseAttributeBuilder {
+
+ public String getName() {
+ return MANDATE_PROF_REP_OID_NAME;
+ }
+
+ public Attribute build(AuthenticationSession authSession,
+ OAAuthParameter oaParam, AuthenticationData authData) throws PVP2Exception {
+ if(authSession.getUseMandate()) {
+ Element mandate = authSession.getMandate();
+ if(mandate == null) {
+ throw new NoMandateDataAvailableException();
+ }
+
+ String oid = AttributeExtractor.extractSAMLAttributeOA(
+ ParepValidator.EXT_SAML_MANDATE_OID,
+ authSession);
+
+ if(oid == null) {
+ return null;
+ }
+
+ return buildStringAttribute(MANDATE_PROF_REP_OID_FRIENDLY_NAME,
+ MANDATE_PROF_REP_OID_NAME, oid);
+
+ }
+ return null;
+
+ }
+
+ public Attribute buildEmpty() {
+ return buildemptyAttribute(MANDATE_PROF_REP_OID_FRIENDLY_NAME,
+ MANDATE_PROF_REP_OID_NAME);
+ }
+}
+ \ No newline at end of file
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/attributes/MandateReferenceValueAttributeBuilder.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/attributes/MandateReferenceValueAttributeBuilder.java
new file mode 100644
index 000000000..5a50473d3
--- /dev/null
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/attributes/MandateReferenceValueAttributeBuilder.java
@@ -0,0 +1,43 @@
+package at.gv.egovernment.moa.id.protocols.pvp2x.builder.attributes;
+
+import org.opensaml.saml2.core.Attribute;
+import org.w3c.dom.Element;
+
+import at.gv.e_government.reference.namespace.mandates._20040701_.Mandate;
+import at.gv.egovernment.moa.id.auth.data.AuthenticationSession;
+import at.gv.egovernment.moa.id.config.auth.OAAuthParameter;
+import at.gv.egovernment.moa.id.data.AuthenticationData;
+import at.gv.egovernment.moa.id.protocols.pvp2x.exceptions.NoMandateDataAvailableException;
+import at.gv.egovernment.moa.id.protocols.pvp2x.exceptions.PVP2Exception;
+import at.gv.egovernment.moa.id.util.MandateBuilder;
+
+public class MandateReferenceValueAttributeBuilder extends BaseAttributeBuilder {
+
+ public String getName() {
+ return MANDATE_REFERENCE_VALUE_NAME;
+ }
+
+ public Attribute build(AuthenticationSession authSession,
+ OAAuthParameter oaParam, AuthenticationData authData) throws PVP2Exception {
+ if(authSession.getUseMandate()) {
+ Element mandate = authSession.getMandate();
+ if(mandate == null) {
+ throw new NoMandateDataAvailableException();
+ }
+ Mandate mandateObject = MandateBuilder.buildMandate(mandate);
+ if(mandateObject == null) {
+ throw new NoMandateDataAvailableException();
+ }
+
+ return buildStringAttribute(MANDATE_REFERENCE_VALUE_FRIENDLY_NAME,
+ MANDATE_REFERENCE_VALUE_NAME, mandateObject.getMandateID());
+ }
+ return null;
+
+ }
+
+ public Attribute buildEmpty() {
+ return buildemptyAttribute(MANDATE_REFERENCE_VALUE_FRIENDLY_NAME,
+ MANDATE_REFERENCE_VALUE_NAME);
+ }
+}
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/attributes/MandateTypeAttributeBuilder.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/attributes/MandateTypeAttributeBuilder.java
new file mode 100644
index 000000000..bc7fdaf73
--- /dev/null
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/attributes/MandateTypeAttributeBuilder.java
@@ -0,0 +1,41 @@
+package at.gv.egovernment.moa.id.protocols.pvp2x.builder.attributes;
+
+import org.opensaml.saml2.core.Attribute;
+import org.w3c.dom.Element;
+
+import at.gv.e_government.reference.namespace.mandates._20040701_.Mandate;
+import at.gv.egovernment.moa.id.auth.data.AuthenticationSession;
+import at.gv.egovernment.moa.id.config.auth.OAAuthParameter;
+import at.gv.egovernment.moa.id.data.AuthenticationData;
+import at.gv.egovernment.moa.id.protocols.pvp2x.exceptions.ResponderErrorException;
+import at.gv.egovernment.moa.id.util.MandateBuilder;
+
+public class MandateTypeAttributeBuilder extends BaseAttributeBuilder {
+
+ public String getName() {
+ return MANDATE_TYPE_NAME;
+ }
+
+ public Attribute build(AuthenticationSession authSession,
+ OAAuthParameter oaParam, AuthenticationData authData) throws ResponderErrorException {
+ if(authSession.getUseMandate()) {
+ Element mandate = authSession.getMandate();
+ if(mandate == null) {
+ throw new ResponderErrorException("No mandate data available", null);
+ }
+ Mandate mandateObject = MandateBuilder.buildMandate(mandate);
+ if(mandateObject == null) {
+ throw new ResponderErrorException("No mandate data available", null);
+ }
+
+ return buildStringAttribute(MANDATE_TYPE_FRIENDLY_NAME, MANDATE_TYPE_NAME, mandateObject.getAnnotation());
+ }
+ return null;
+
+ }
+
+ public Attribute buildEmpty() {
+ return buildemptyAttribute(MANDATE_TYPE_FRIENDLY_NAME, MANDATE_TYPE_NAME);
+ }
+
+}
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/attributes/PVPVersionAttributeBuilder.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/attributes/PVPVersionAttributeBuilder.java
new file mode 100644
index 000000000..545d70d76
--- /dev/null
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/attributes/PVPVersionAttributeBuilder.java
@@ -0,0 +1,24 @@
+package at.gv.egovernment.moa.id.protocols.pvp2x.builder.attributes;
+
+import org.opensaml.saml2.core.Attribute;
+
+import at.gv.egovernment.moa.id.auth.data.AuthenticationSession;
+import at.gv.egovernment.moa.id.config.auth.OAAuthParameter;
+import at.gv.egovernment.moa.id.data.AuthenticationData;
+
+public class PVPVersionAttributeBuilder extends BaseAttributeBuilder {
+
+ public String getName() {
+ return PVP_VERSION_NAME;
+ }
+
+ public Attribute build(AuthenticationSession authSession,
+ OAAuthParameter oaParam, AuthenticationData authData) {
+ return buildStringAttribute(PVP_VERSION_FRIENDLY_NAME, PVP_VERSION_NAME, PVP_VERSION_2_1);
+ }
+
+ public Attribute buildEmpty() {
+ return buildemptyAttribute(PVP_VERSION_FRIENDLY_NAME, PVP_VERSION_NAME);
+ }
+
+}
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/attributes/PrincipalNameAttributeBuilder.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/attributes/PrincipalNameAttributeBuilder.java
new file mode 100644
index 000000000..7ca7eb829
--- /dev/null
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/attributes/PrincipalNameAttributeBuilder.java
@@ -0,0 +1,24 @@
+package at.gv.egovernment.moa.id.protocols.pvp2x.builder.attributes;
+
+import org.opensaml.saml2.core.Attribute;
+
+import at.gv.egovernment.moa.id.auth.data.AuthenticationSession;
+import at.gv.egovernment.moa.id.config.auth.OAAuthParameter;
+import at.gv.egovernment.moa.id.data.AuthenticationData;
+
+public class PrincipalNameAttributeBuilder extends BaseAttributeBuilder {
+
+ public String getName() {
+ return PRINCIPAL_NAME_NAME;
+ }
+
+ public Attribute build(AuthenticationSession authSession,
+ OAAuthParameter oaParam, AuthenticationData authData) {
+ return buildStringAttribute(PRINCIPAL_NAME_FRIENDLY_NAME, PRINCIPAL_NAME_NAME, authSession.getIdentityLink().getFamilyName());
+ }
+
+ public Attribute buildEmpty() {
+ return buildemptyAttribute(PRINCIPAL_NAME_FRIENDLY_NAME, PRINCIPAL_NAME_NAME);
+ }
+
+}
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/config/PVPConfiguration.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/config/PVPConfiguration.java
new file mode 100644
index 000000000..0786f896a
--- /dev/null
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/config/PVPConfiguration.java
@@ -0,0 +1,339 @@
+package at.gv.egovernment.moa.id.protocols.pvp2x.config;
+
+import iaik.x509.X509Certificate;
+
+import java.io.File;
+import java.io.FileInputStream;
+import java.security.cert.CertificateException;
+import java.util.ArrayList;
+import java.util.Iterator;
+import java.util.List;
+import java.util.Properties;
+import java.util.Set;
+
+import org.opensaml.saml2.metadata.Company;
+import org.opensaml.saml2.metadata.ContactPerson;
+import org.opensaml.saml2.metadata.ContactPersonTypeEnumeration;
+import org.opensaml.saml2.metadata.EmailAddress;
+import org.opensaml.saml2.metadata.GivenName;
+import org.opensaml.saml2.metadata.LocalizedString;
+import org.opensaml.saml2.metadata.Organization;
+import org.opensaml.saml2.metadata.OrganizationDisplayName;
+import org.opensaml.saml2.metadata.OrganizationName;
+import org.opensaml.saml2.metadata.OrganizationURL;
+import org.opensaml.saml2.metadata.SurName;
+import org.opensaml.saml2.metadata.TelephoneNumber;
+
+import at.gv.egovernment.moa.id.commons.db.dao.config.Contact;
+import at.gv.egovernment.moa.id.commons.db.dao.config.OAPVP2;
+import at.gv.egovernment.moa.id.commons.db.dao.config.PVP2;
+import at.gv.egovernment.moa.id.config.ConfigurationException;
+import at.gv.egovernment.moa.id.config.ConfigurationProvider;
+import at.gv.egovernment.moa.id.config.auth.AuthConfigurationProvider;
+import at.gv.egovernment.moa.id.config.auth.OAAuthParameter;
+import at.gv.egovernment.moa.id.protocols.pvp2x.utils.Digester;
+import at.gv.egovernment.moa.id.protocols.pvp2x.utils.SAML2Utils;
+import at.gv.egovernment.moa.logging.Logger;
+
+public class PVPConfiguration {
+
+ private static PVPConfiguration instance;
+
+ public static PVPConfiguration getInstance() {
+ if (instance == null) {
+ instance = new PVPConfiguration();
+ }
+ return instance;
+ }
+
+ public static final String PVP2_METADATA = "/pvp2/metadata";
+ public static final String PVP2_REDIRECT = "/pvp2/redirect";
+ public static final String PVP2_POST = "/pvp2/post";
+
+ public static final String PVP_CONFIG_FILE = "pvp2config.properties";
+ public static final String IDP_JAVAKEYSTORE = "idp.ks.file";
+ public static final String IDP_KEYALIAS = "idp.ks.alias";
+ public static final String IDP_KS_PASS = "idp.ks.kspassword";
+ public static final String IDP_KEY_PASS = "idp.ks.keypassword";
+
+ public static final String IDP_ISSUER_NAME = "idp.issuer.name";
+
+ public static final String METADATA_FILE = "md.dir";
+ public static final String METADATA_EXTENSION = "md.ext";
+
+ public static final String IDP_ENTITY = "idp.entityid";
+ public static final String IDP_ORG_NAME = "idp.org.name";
+ public static final String IDP_ORG_DISPNAME = "idp.org.dispname";
+ public static final String IDP_ORG_URL = "idp.org.url";
+
+ public static final String IDP_PUBLIC_URL = "idp.public.url";
+
+ public static final String IDP_TRUST_STORE = "idp.truststore";
+ public static final String SP_TARGET_PREFIX = "sp.target.";
+
+ public static final String IDP_CONTACT_PREFIX = "idp.contact";
+ public static final String IDP_CONTACT_LIST = "idp.contact_list";
+
+ public static final String IDP_CONTACT_SURNAME = "surname";
+ public static final String IDP_CONTACT_GIVENNAME = "givenname";
+ public static final String IDP_CONTACT_MAIL = "mail";
+ public static final String IDP_CONTACT_TYPE = "type";
+ public static final String IDP_CONTACT_COMPANY = "company";
+ public static final String IDP_CONTACT_PHONE = "phone";
+
+ PVP2 generalpvpconfigdb;
+ Properties props;
+
+ private PVPConfiguration() {
+ try {
+ generalpvpconfigdb = AuthConfigurationProvider.getInstance().getGeneralPVP2DBConfig();
+ props = AuthConfigurationProvider.getInstance().getGeneralPVP2ProperiesConfig();
+
+ } catch (ConfigurationException e) {
+ e.printStackTrace();
+ }
+ }
+
+ public String getIDPPublicPath() {
+ String publicPath = generalpvpconfigdb.getPublicURLPrefix();
+ if(publicPath != null) {
+ if(publicPath.endsWith("/")) {
+ publicPath = publicPath.substring(0, publicPath.length()-2);
+ }
+ }
+ return publicPath;
+ }
+
+ public String getIDPSSOPostService() {
+ return getIDPPublicPath() + PVP2_POST;
+ }
+
+ public String getIDPSSORedirectService() {
+ return getIDPPublicPath() + PVP2_REDIRECT;
+ }
+
+ public String getIDPSSOMetadataService() {
+ return getIDPPublicPath() + PVP2_METADATA;
+ }
+
+ public String getIDPKeyStoreFilename() {
+ return props.getProperty(IDP_JAVAKEYSTORE);
+ }
+
+ public String getIDPKeyStorePassword() {
+ return props.getProperty(IDP_KS_PASS);
+ }
+
+ public String getIDPKeyAlias() {
+ return props.getProperty(IDP_KEYALIAS);
+ }
+
+ public String getIDPKeyPassword() {
+ return props.getProperty(IDP_KEY_PASS);
+ }
+
+ public String getIDPIssuerName() {
+ return generalpvpconfigdb.getIssuerName();
+ }
+
+ public List<String> getMetadataFiles() {
+ String filter = props.getProperty(METADATA_EXTENSION);
+
+ if (filter == null) {
+ filter = ".mdxml";
+ }
+
+ List<String> files = new ArrayList<String>();
+
+ File[] faFiles = new File(props.getProperty(METADATA_FILE)).listFiles();
+ for (File file : faFiles) {
+ if (!file.isDirectory()) {
+ if (file.getName().endsWith(filter)) {
+ files.add(file.getAbsolutePath());
+ }
+ }
+ }
+
+ return files;
+ }
+
+ //TODO:
+ public String getTargetForSP(String sp) {
+
+ try {
+ OAAuthParameter oaParam = AuthConfigurationProvider.getInstance().getOnlineApplicationParameter(sp);
+
+ if (oaParam != null)
+ return oaParam.getTarget();
+
+ Logger.warn("OnlineApplication with ID "+ sp + " is not found.");
+ return null;
+
+ } catch (ConfigurationException e) {
+ Logger.warn("OnlineApplication with ID "+ sp + " is not found.");
+ return null;
+ }
+
+ }
+
+
+ public iaik.x509.X509Certificate getTrustEntityCertificate(String entityID) {
+
+ try {
+ OAAuthParameter oaParam = AuthConfigurationProvider.getInstance().getOnlineApplicationParameter(entityID);
+
+ if (oaParam == null) {
+ Logger.warn("Online Application with ID " + entityID + " not found!");
+ return null;
+ }
+
+ OAPVP2 pvp2param = oaParam.getPVP2Parameter();
+
+ if (pvp2param == null) {
+ return null;
+ }
+
+ Logger.info("Load TrustEntityCertificate ("+entityID+") from Database.");
+ return new X509Certificate(pvp2param.getCertificate());
+
+ } catch (CertificateException e) {
+ Logger.warn("Signer certificate can not be loaded from session database!", e);
+ return null;
+
+ } catch (ConfigurationException e) {
+ e.printStackTrace();
+ return null;
+ }
+ }
+
+ public List<ContactPerson> getIDPContacts() {
+ List<ContactPerson> list = new ArrayList<ContactPerson>();
+
+ List<Contact> contacts = generalpvpconfigdb.getContact();
+
+ if (contacts != null) {
+
+ for (Contact contact : contacts) {
+
+ ContactPerson person = SAML2Utils
+ .createSAMLObject(ContactPerson.class);
+
+ String type = contact.getType();
+
+ if (type == null) {
+ Logger.error("IDP Contact with SurName " + contact.getSurName()
+ + " has no type defined!");
+ break;
+ }
+
+ ContactPersonTypeEnumeration enumType = null;
+
+ if (type.equals(ContactPersonTypeEnumeration.ADMINISTRATIVE
+ .toString())) {
+ enumType = ContactPersonTypeEnumeration.ADMINISTRATIVE;
+ } else if (type.equals(ContactPersonTypeEnumeration.BILLING
+ .toString())) {
+ enumType = ContactPersonTypeEnumeration.BILLING;
+ } else if (type.equals(ContactPersonTypeEnumeration.OTHER
+ .toString())) {
+ enumType = ContactPersonTypeEnumeration.OTHER;
+ } else if (type.equals(ContactPersonTypeEnumeration.SUPPORT
+ .toString())) {
+ enumType = ContactPersonTypeEnumeration.SUPPORT;
+ } else if (type.equals(ContactPersonTypeEnumeration.TECHNICAL
+ .toString())) {
+ enumType = ContactPersonTypeEnumeration.TECHNICAL;
+ }
+
+ if (enumType == null) {
+ Logger.error("IDP Contact with SurName " + contact.getSurName()
+ + " has invalid type defined: " + type);
+ break;
+ }
+
+ person.setType(enumType);
+
+ String givenName = contact.getGivenName();
+
+ if (givenName != null) {
+ GivenName name = SAML2Utils
+ .createSAMLObject(GivenName.class);
+ name.setName(givenName);
+ person.setGivenName(name);
+ }
+
+ String company = contact.getCompany();
+
+ if (company != null) {
+ Company comp = SAML2Utils.createSAMLObject(Company.class);
+ comp.setName(company);
+ person.setCompany(comp);
+ }
+
+ String surname = contact.getSurName();
+
+ if (surname != null) {
+ SurName name = SAML2Utils.createSAMLObject(SurName.class);
+ name.setName(surname);
+ person.setSurName(name);
+ }
+
+ List<String> phones = contact.getPhone();
+ for (String phone : phones) {
+ TelephoneNumber telePhone = SAML2Utils
+ .createSAMLObject(TelephoneNumber.class);
+ telePhone.setNumber(phone);
+ person.getTelephoneNumbers().add(telePhone);
+ }
+
+ List<String> mails = contact.getMail();
+ for (String mail : mails) {
+ EmailAddress mailAddress = SAML2Utils
+ .createSAMLObject(EmailAddress.class);
+ mailAddress.setAddress(mail);
+ person.getEmailAddresses().add(mailAddress);
+ }
+
+ list.add(person);
+ }
+ }
+ return list;
+ }
+
+ public Organization getIDPOrganisation() {
+ Organization org = SAML2Utils.createSAMLObject(Organization.class);
+
+ at.gv.egovernment.moa.id.commons.db.dao.config.Organization organisation = generalpvpconfigdb.getOrganization();
+
+ String org_name = null;
+ String org_dispname = null;
+ String org_url = null;
+
+ if (organisation != null) {
+ org_name = organisation.getName();
+ org_dispname = organisation.getDisplayName();
+ org_url = organisation.getURL();
+ }
+
+ if (org_name == null || org_dispname == null || org_url == null) {
+ return null;
+ }
+
+ OrganizationDisplayName dispName = SAML2Utils
+ .createSAMLObject(OrganizationDisplayName.class);
+ dispName.setName(new LocalizedString(org_dispname, "de"));
+ org.getDisplayNames().add(dispName);
+
+ OrganizationName name = SAML2Utils
+ .createSAMLObject(OrganizationName.class);
+ name.setName(new LocalizedString(org_name, "de"));
+ org.getOrganizationNames().add(name);
+
+ OrganizationURL url = SAML2Utils
+ .createSAMLObject(OrganizationURL.class);
+ url.setURL(new LocalizedString(org_url, "de"));
+ org.getURLs().add(url);
+
+ return org;
+ }
+}
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/exceptions/BindingNotSupportedException.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/exceptions/BindingNotSupportedException.java
new file mode 100644
index 000000000..51c4b7e72
--- /dev/null
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/exceptions/BindingNotSupportedException.java
@@ -0,0 +1,19 @@
+package at.gv.egovernment.moa.id.protocols.pvp2x.exceptions;
+
+import org.opensaml.saml2.core.StatusCode;
+
+public class BindingNotSupportedException extends PVP2Exception {
+
+ public BindingNotSupportedException(String binding) {
+ super("pvp2.11", new Object[] {binding});
+ this.statusCodeValue = StatusCode.UNSUPPORTED_BINDING_URI;
+ }
+
+ /**
+ *
+ */
+ private static final long serialVersionUID = -7227603941387879360L;
+
+
+
+}
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/exceptions/InvalidAssertionConsumerServiceException.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/exceptions/InvalidAssertionConsumerServiceException.java
new file mode 100644
index 000000000..521b55580
--- /dev/null
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/exceptions/InvalidAssertionConsumerServiceException.java
@@ -0,0 +1,17 @@
+package at.gv.egovernment.moa.id.protocols.pvp2x.exceptions;
+
+import org.opensaml.saml2.core.StatusCode;
+
+public class InvalidAssertionConsumerServiceException extends PVP2Exception {
+
+ public InvalidAssertionConsumerServiceException(int idx) {
+ super("pvp2.00", new Object[]{idx});
+ this.statusCodeValue = StatusCode.REQUESTER_URI;
+ }
+
+ /**
+ *
+ */
+ private static final long serialVersionUID = 7861790149343943091L;
+
+}
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/exceptions/InvalidDateFormatException.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/exceptions/InvalidDateFormatException.java
new file mode 100644
index 000000000..799d26ccb
--- /dev/null
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/exceptions/InvalidDateFormatException.java
@@ -0,0 +1,17 @@
+package at.gv.egovernment.moa.id.protocols.pvp2x.exceptions;
+
+import org.opensaml.saml2.core.StatusCode;
+
+public class InvalidDateFormatException extends PVP2Exception {
+
+ public InvalidDateFormatException() {
+ super("pvp2.02", null);
+ this.statusCodeValue = StatusCode.REQUESTER_URI;
+ }
+
+ /**
+ *
+ */
+ private static final long serialVersionUID = -6867976890237846085L;
+
+}
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/exceptions/MandateAttributesNotHandleAbleException.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/exceptions/MandateAttributesNotHandleAbleException.java
new file mode 100644
index 000000000..41a56639a
--- /dev/null
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/exceptions/MandateAttributesNotHandleAbleException.java
@@ -0,0 +1,17 @@
+package at.gv.egovernment.moa.id.protocols.pvp2x.exceptions;
+
+import org.opensaml.saml2.core.StatusCode;
+
+public class MandateAttributesNotHandleAbleException extends PVP2Exception {
+
+ public MandateAttributesNotHandleAbleException() {
+ super("pvp2.03", null);
+ this.statusCodeValue = StatusCode.REQUESTER_URI;
+ }
+
+ /**
+ *
+ */
+ private static final long serialVersionUID = -1466424425852327722L;
+
+}
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/exceptions/NameIDFormatNotSupportedException.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/exceptions/NameIDFormatNotSupportedException.java
new file mode 100644
index 000000000..7dc9d5645
--- /dev/null
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/exceptions/NameIDFormatNotSupportedException.java
@@ -0,0 +1,14 @@
+package at.gv.egovernment.moa.id.protocols.pvp2x.exceptions;
+
+public class NameIDFormatNotSupportedException extends PVP2Exception {
+
+ public NameIDFormatNotSupportedException(String nameIDFormat) {
+ super("pvp2.12", new Object[] {nameIDFormat});
+ }
+
+ /**
+ *
+ */
+ private static final long serialVersionUID = -2270762519437873336L;
+
+}
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/exceptions/NoAuthContextException.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/exceptions/NoAuthContextException.java
new file mode 100644
index 000000000..cd81de30f
--- /dev/null
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/exceptions/NoAuthContextException.java
@@ -0,0 +1,17 @@
+package at.gv.egovernment.moa.id.protocols.pvp2x.exceptions;
+
+import org.opensaml.saml2.core.StatusCode;
+
+public class NoAuthContextException extends PVP2Exception {
+
+ /**
+ *
+ */
+ private static final long serialVersionUID = 7040652043174500992L;
+
+ public NoAuthContextException() {
+ super("pvp2.04", null);
+ this.statusCodeValue = StatusCode.REQUESTER_URI;
+ }
+
+}
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/exceptions/NoCredentialsException.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/exceptions/NoCredentialsException.java
new file mode 100644
index 000000000..6af97301f
--- /dev/null
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/exceptions/NoCredentialsException.java
@@ -0,0 +1,21 @@
+package at.gv.egovernment.moa.id.protocols.pvp2x.exceptions;
+
+import org.opensaml.saml2.core.StatusCode;
+
+public class NoCredentialsException extends PVP2Exception {
+
+ public static final String MOA_IDP_TARGET = "MOA-ID";
+
+ public NoCredentialsException(String target) {
+ super("pvp2.08", new Object[] {target});
+ this.statusCodeValue = StatusCode.REQUEST_DENIED_URI;
+ }
+
+ /**
+ *
+ */
+ private static final long serialVersionUID = -9086515080686076313L;
+
+
+
+}
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/exceptions/NoMandateDataAvailableException.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/exceptions/NoMandateDataAvailableException.java
new file mode 100644
index 000000000..d24905f68
--- /dev/null
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/exceptions/NoMandateDataAvailableException.java
@@ -0,0 +1,14 @@
+package at.gv.egovernment.moa.id.protocols.pvp2x.exceptions;
+
+public class NoMandateDataAvailableException extends PVP2Exception {
+
+ public NoMandateDataAvailableException() {
+ super("pvp2.06", null);
+ }
+
+ /**
+ *
+ */
+ private static final long serialVersionUID = 4540420741715406351L;
+
+}
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/exceptions/NoMetadataInformationException.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/exceptions/NoMetadataInformationException.java
new file mode 100644
index 000000000..c45820cfb
--- /dev/null
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/exceptions/NoMetadataInformationException.java
@@ -0,0 +1,17 @@
+package at.gv.egovernment.moa.id.protocols.pvp2x.exceptions;
+
+import org.opensaml.saml2.core.StatusCode;
+
+public class NoMetadataInformationException extends PVP2Exception {
+
+ public NoMetadataInformationException() {
+ super("pvp2.15", null);
+ this.statusCodeValue = StatusCode.UNKNOWN_PRINCIPAL_URI;
+ }
+
+ /**
+ *
+ */
+ private static final long serialVersionUID = -4608068445208032193L;
+
+}
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/exceptions/PVP2EncodingException.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/exceptions/PVP2EncodingException.java
new file mode 100644
index 000000000..a9bd8104e
--- /dev/null
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/exceptions/PVP2EncodingException.java
@@ -0,0 +1,18 @@
+package at.gv.egovernment.moa.id.protocols.pvp2x.exceptions;
+
+public class PVP2EncodingException extends PVP2Exception {
+
+ public PVP2EncodingException() {
+ super("pvp2.01", null);
+ }
+
+ public PVP2EncodingException(Throwable wrapped) {
+ super("pvp2.01", null, wrapped);
+ }
+
+ /**
+ *
+ */
+ private static final long serialVersionUID = -1348774139990071020L;
+
+}
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/exceptions/PVP2Exception.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/exceptions/PVP2Exception.java
new file mode 100644
index 000000000..990a76562
--- /dev/null
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/exceptions/PVP2Exception.java
@@ -0,0 +1,39 @@
+package at.gv.egovernment.moa.id.protocols.pvp2x.exceptions;
+
+import org.opensaml.saml2.core.StatusCode;
+
+import at.gv.egovernment.moa.id.MOAIDException;
+
+public abstract class PVP2Exception extends MOAIDException {
+
+ protected String statusCodeValue = StatusCode.RESPONDER_URI;
+ protected String statusMessageValue = null;
+
+ public PVP2Exception(String messageId, Object[] parameters,
+ Throwable wrapped) {
+ super(messageId, parameters, wrapped);
+ this.statusMessageValue = this.getMessage();
+ }
+
+ public PVP2Exception(String messageId, Object[] parameters) {
+ super(messageId, parameters);
+ this.statusMessageValue = this.getMessage();
+ }
+
+
+ public String getStatusCodeValue() {
+ return (this.statusCodeValue);
+ }
+
+ public String getStatusMessageValue() {
+ return (this.statusMessageValue);
+ }
+
+ /**
+ *
+ */
+ private static final long serialVersionUID = 7669537952484421069L;
+
+
+
+}
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/exceptions/QAANotSupportedException.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/exceptions/QAANotSupportedException.java
new file mode 100644
index 000000000..be22be859
--- /dev/null
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/exceptions/QAANotSupportedException.java
@@ -0,0 +1,18 @@
+package at.gv.egovernment.moa.id.protocols.pvp2x.exceptions;
+
+import org.opensaml.saml2.core.StatusCode;
+
+
+public class QAANotSupportedException extends PVP2Exception {
+
+ public QAANotSupportedException(String qaa) {
+ super("pvp2.05", new Object[] {qaa});
+ this.statusCodeValue = StatusCode.REQUESTER_URI;
+ }
+
+ /**
+ *
+ */
+ private static final long serialVersionUID = -3964192953884089323L;
+
+}
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/exceptions/RequestDeniedException.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/exceptions/RequestDeniedException.java
new file mode 100644
index 000000000..61c41d82b
--- /dev/null
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/exceptions/RequestDeniedException.java
@@ -0,0 +1,17 @@
+package at.gv.egovernment.moa.id.protocols.pvp2x.exceptions;
+
+import org.opensaml.saml2.core.StatusCode;
+
+public class RequestDeniedException extends PVP2Exception {
+
+ public RequestDeniedException() {
+ super("pvp2.14", null);
+ this.statusCodeValue = StatusCode.REQUEST_DENIED_URI;
+ }
+
+ /**
+ *
+ */
+ private static final long serialVersionUID = 4415896615794730553L;
+
+}
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/exceptions/ResponderErrorException.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/exceptions/ResponderErrorException.java
new file mode 100644
index 000000000..a24320cbc
--- /dev/null
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/exceptions/ResponderErrorException.java
@@ -0,0 +1,22 @@
+package at.gv.egovernment.moa.id.protocols.pvp2x.exceptions;
+
+import org.opensaml.saml2.core.StatusCode;
+
+public class ResponderErrorException extends PVP2Exception {
+
+ /**
+ *
+ */
+ private static final long serialVersionUID = -425416760138285446L;
+
+ public ResponderErrorException(String messageId, Object[] parameters,
+ Throwable wrapped) {
+ super(messageId, parameters, wrapped);
+ this.statusCodeValue = StatusCode.RESPONDER_URI;
+ }
+
+ public ResponderErrorException(String messageId, Object[] parameters) {
+ super(messageId, parameters);
+ this.statusCodeValue = StatusCode.RESPONDER_URI;
+ }
+}
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/exceptions/SAMLRequestNotSignedException.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/exceptions/SAMLRequestNotSignedException.java
new file mode 100644
index 000000000..e0f576205
--- /dev/null
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/exceptions/SAMLRequestNotSignedException.java
@@ -0,0 +1,22 @@
+package at.gv.egovernment.moa.id.protocols.pvp2x.exceptions;
+
+import org.opensaml.saml2.core.StatusCode;
+
+public class SAMLRequestNotSignedException extends PVP2Exception {
+
+ public SAMLRequestNotSignedException() {
+ super("pvp2.07", null);
+ this.statusCodeValue = StatusCode.REQUESTER_URI;
+ }
+
+ public SAMLRequestNotSignedException(Throwable e) {
+ super("pvp2.07", null, e);
+ this.statusCodeValue = StatusCode.REQUESTER_URI;
+ }
+
+ /**
+ *
+ */
+ private static final long serialVersionUID = 1L;
+
+}
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/exceptions/SAMLRequestNotSupported.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/exceptions/SAMLRequestNotSupported.java
new file mode 100644
index 000000000..029470b94
--- /dev/null
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/exceptions/SAMLRequestNotSupported.java
@@ -0,0 +1,18 @@
+package at.gv.egovernment.moa.id.protocols.pvp2x.exceptions;
+
+import org.opensaml.saml2.core.StatusCode;
+
+
+public class SAMLRequestNotSupported extends PVP2Exception {
+
+ public SAMLRequestNotSupported() {
+ super("pvp2.09", null);
+ this.statusCodeValue = StatusCode.REQUEST_UNSUPPORTED_URI;
+ }
+
+ /**
+ *
+ */
+ private static final long serialVersionUID = 1244883178458802767L;
+
+}
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/exceptions/UnprovideableAttributeException.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/exceptions/UnprovideableAttributeException.java
new file mode 100644
index 000000000..0a91cc61a
--- /dev/null
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/exceptions/UnprovideableAttributeException.java
@@ -0,0 +1,15 @@
+package at.gv.egovernment.moa.id.protocols.pvp2x.exceptions;
+
+import org.opensaml.saml2.core.StatusCode;
+
+public class UnprovideableAttributeException extends PVP2Exception {
+ /**
+ *
+ */
+ private static final long serialVersionUID = 3972197758163647157L;
+
+ public UnprovideableAttributeException(String attributeName) {
+ super("pvp2.10", new Object[] {attributeName});
+ this.statusCodeValue = StatusCode.UNKNOWN_ATTR_PROFILE_URI;
+ }
+}
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/metadata/MOAMetadataProvider.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/metadata/MOAMetadataProvider.java
new file mode 100644
index 000000000..99567478d
--- /dev/null
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/metadata/MOAMetadataProvider.java
@@ -0,0 +1,144 @@
+package at.gv.egovernment.moa.id.protocols.pvp2x.metadata;
+
+import java.io.File;
+import java.security.cert.CertificateException;
+import java.util.Iterator;
+import java.util.List;
+import java.util.Timer;
+
+import javax.xml.namespace.QName;
+
+import org.apache.commons.httpclient.HttpClient;
+import org.apache.commons.httpclient.protocol.Protocol;
+import org.opensaml.saml2.metadata.EntitiesDescriptor;
+import org.opensaml.saml2.metadata.EntityDescriptor;
+import org.opensaml.saml2.metadata.RoleDescriptor;
+import org.opensaml.saml2.metadata.provider.ChainingMetadataProvider;
+import org.opensaml.saml2.metadata.provider.FilesystemMetadataProvider;
+import org.opensaml.saml2.metadata.provider.HTTPMetadataProvider;
+import org.opensaml.saml2.metadata.provider.MetadataFilter;
+import org.opensaml.saml2.metadata.provider.MetadataProvider;
+import org.opensaml.saml2.metadata.provider.MetadataProviderException;
+import org.opensaml.xml.XMLObject;
+import org.opensaml.xml.parse.BasicParserPool;
+
+import at.gv.egovernment.moa.id.auth.validator.parep.client.szrgw.SZRGWSecureSocketFactory;
+import at.gv.egovernment.moa.id.commons.db.ConfigurationDBRead;
+import at.gv.egovernment.moa.id.commons.db.ConfigurationDBUtils;
+import at.gv.egovernment.moa.id.commons.db.dao.config.OAPVP2;
+import at.gv.egovernment.moa.id.commons.db.dao.config.OnlineApplication;
+import at.gv.egovernment.moa.id.config.auth.AuthConfigurationProvider;
+import at.gv.egovernment.moa.id.protocols.pvp2x.verification.MetadataSignatureFilter;
+import at.gv.egovernment.moa.id.util.SSLUtils;
+import at.gv.egovernment.moa.logging.Logger;
+
+public class MOAMetadataProvider implements MetadataProvider {
+
+ private static MOAMetadataProvider instance = null;
+
+ private static Object mutex = new Object();
+
+ public static MOAMetadataProvider getInstance() {
+ if (instance == null) {
+ synchronized (mutex) {
+ if (instance == null) {
+ instance = new MOAMetadataProvider();
+ }
+ }
+ }
+ return instance;
+ }
+
+ MetadataProvider internalProvider;
+
+ private MOAMetadataProvider() {
+ ChainingMetadataProvider chainProvider = new ChainingMetadataProvider();
+ Logger.info("Loading metadata");
+ List<OnlineApplication> oaList = ConfigurationDBRead
+ .getAllActiveOnlineApplications();
+ Iterator<OnlineApplication> oaIt = oaList.iterator();
+ while (oaIt.hasNext()) {
+ try {
+ OnlineApplication oa = oaIt.next();
+ Logger.info("Loading metadata for: " + oa.getFriendlyName());
+ OAPVP2 pvp2Config = oa.getAuthComponentOA().getOAPVP2();
+ if (pvp2Config != null) {
+ String metadataURL = pvp2Config.getMetadataURL();
+ try {
+ // TODO: use proper SSL checking
+ HTTPMetadataProvider httpProvider = new HTTPMetadataProvider(
+ metadataURL, 20000);
+ httpProvider.setParserPool(new BasicParserPool());
+ httpProvider.setRequireValidMetadata(true);
+ MetadataFilter filter = new MetadataSignatureFilter(
+ metadataURL, pvp2Config.getCertificate());
+ httpProvider.setMetadataFilter(filter);
+ chainProvider.addMetadataProvider(httpProvider);
+ httpProvider.initialize();
+ } catch (MetadataProviderException e) {
+ Logger.error(
+ "Failed to add Metadata file for "
+ + oa.getFriendlyName() + "[ "
+ + e.getMessage() + " ]", e);
+ } catch (CertificateException e) {
+ Logger.error(
+ "Failed to add Metadata file for "
+ + oa.getFriendlyName() + "[ "
+ + e.getMessage() + " ]", e);
+ }
+ } else {
+ Logger.info(oa.getFriendlyName()
+ + " is not a PVP2 Application skipping");
+ }
+ } catch (Throwable e) {
+ Logger.error(
+ "Failed to add Metadata (unhandled reason: "
+ + e.getMessage(), e);
+ }
+ }
+
+ internalProvider = chainProvider;
+ }
+
+ public boolean requireValidMetadata() {
+ return internalProvider.requireValidMetadata();
+ }
+
+ public void setRequireValidMetadata(boolean requireValidMetadata) {
+ internalProvider.setRequireValidMetadata(requireValidMetadata);
+ }
+
+ public MetadataFilter getMetadataFilter() {
+ return internalProvider.getMetadataFilter();
+ }
+
+ public void setMetadataFilter(MetadataFilter newFilter)
+ throws MetadataProviderException {
+ internalProvider.setMetadataFilter(newFilter);
+ }
+
+ public XMLObject getMetadata() throws MetadataProviderException {
+ return internalProvider.getMetadata();
+ }
+
+ public EntitiesDescriptor getEntitiesDescriptor(String name)
+ throws MetadataProviderException {
+ return internalProvider.getEntitiesDescriptor(name);
+ }
+
+ public EntityDescriptor getEntityDescriptor(String entityID)
+ throws MetadataProviderException {
+ return internalProvider.getEntityDescriptor(entityID);
+ }
+
+ public List<RoleDescriptor> getRole(String entityID, QName roleName)
+ throws MetadataProviderException {
+ return internalProvider.getRole(entityID, roleName);
+ }
+
+ public RoleDescriptor getRole(String entityID, QName roleName,
+ String supportedProtocol) throws MetadataProviderException {
+ return internalProvider.getRole(entityID, roleName, supportedProtocol);
+ }
+
+}
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/requestHandler/ArtifactResolution.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/requestHandler/ArtifactResolution.java
new file mode 100644
index 000000000..d479de2d7
--- /dev/null
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/requestHandler/ArtifactResolution.java
@@ -0,0 +1,56 @@
+package at.gv.egovernment.moa.id.protocols.pvp2x.requestHandler;
+
+import javax.servlet.http.HttpServletRequest;
+import javax.servlet.http.HttpServletResponse;
+
+import org.joda.time.DateTime;
+import org.opensaml.common.binding.artifact.SAMLArtifactMap.SAMLArtifactMapEntry;
+import org.opensaml.saml2.core.ArtifactResolve;
+import org.opensaml.saml2.core.ArtifactResponse;
+
+import at.gv.egovernment.moa.id.MOAIDException;
+import at.gv.egovernment.moa.id.auth.data.AuthenticationSession;
+import at.gv.egovernment.moa.id.protocols.pvp2x.PVPAssertionStorage;
+import at.gv.egovernment.moa.id.protocols.pvp2x.binding.MOARequest;
+import at.gv.egovernment.moa.id.protocols.pvp2x.binding.SoapBinding;
+import at.gv.egovernment.moa.id.protocols.pvp2x.exceptions.RequestDeniedException;
+import at.gv.egovernment.moa.id.protocols.pvp2x.utils.SAML2Utils;
+import at.gv.egovernment.moa.logging.Logger;
+
+public class ArtifactResolution implements IRequestHandler {
+
+ public boolean handleObject(MOARequest obj) {
+ return (obj.getSamlRequest() instanceof ArtifactResolve);
+ }
+
+ public void process(MOARequest obj, HttpServletRequest req,
+ HttpServletResponse resp, AuthenticationSession moasession) throws MOAIDException {
+ if (!handleObject(obj)) {
+ throw new MOAIDException("pvp2.13", null);
+ }
+
+ ArtifactResolve artifactResolve = (ArtifactResolve) obj
+ .getSamlRequest();
+ String artifactID = artifactResolve.getArtifact().getArtifact();
+
+ PVPAssertionStorage pvpAssertion = PVPAssertionStorage.getInstance();
+
+ if (!pvpAssertion.contains(artifactID)) {
+ throw new RequestDeniedException();
+ } else {
+ try {
+ SAMLArtifactMapEntry assertion = pvpAssertion.get(artifactID);
+ ArtifactResponse response = SAML2Utils
+ .createSAMLObject(ArtifactResponse.class);
+ response.setMessage(assertion.getSamlMessage());
+ response.setIssueInstant(new DateTime());
+ SoapBinding encoder = new SoapBinding();
+ encoder.encodeRespone(req, resp, response, null);
+ } catch (Exception e) {
+ Logger.error("Failed to resolve artifact", e);
+ }
+ }
+
+ }
+
+}
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/requestHandler/AuthnRequestHandler.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/requestHandler/AuthnRequestHandler.java
new file mode 100644
index 000000000..f8270cf33
--- /dev/null
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/requestHandler/AuthnRequestHandler.java
@@ -0,0 +1,120 @@
+package at.gv.egovernment.moa.id.protocols.pvp2x.requestHandler;
+
+import javax.servlet.http.HttpServletRequest;
+import javax.servlet.http.HttpServletResponse;
+
+import org.opensaml.common.xml.SAMLConstants;
+import org.opensaml.saml2.core.Assertion;
+import org.opensaml.saml2.core.AuthnRequest;
+import org.opensaml.saml2.core.Issuer;
+import org.opensaml.saml2.core.NameID;
+import org.opensaml.saml2.core.Response;
+import org.opensaml.saml2.metadata.AssertionConsumerService;
+import org.opensaml.saml2.metadata.EntityDescriptor;
+import org.opensaml.saml2.metadata.SPSSODescriptor;
+import org.opensaml.ws.message.encoder.MessageEncodingException;
+import org.opensaml.xml.security.SecurityException;
+
+import at.gv.egovernment.moa.id.AuthenticationException;
+import at.gv.egovernment.moa.id.MOAIDException;
+import at.gv.egovernment.moa.id.auth.data.AuthenticationSession;
+import at.gv.egovernment.moa.id.moduls.AuthenticationManager;
+import at.gv.egovernment.moa.id.protocols.pvp2x.PVPConstants;
+import at.gv.egovernment.moa.id.protocols.pvp2x.binding.ArtifactBinding;
+import at.gv.egovernment.moa.id.protocols.pvp2x.binding.IEncoder;
+import at.gv.egovernment.moa.id.protocols.pvp2x.binding.MOARequest;
+import at.gv.egovernment.moa.id.protocols.pvp2x.binding.PostBinding;
+import at.gv.egovernment.moa.id.protocols.pvp2x.binding.RedirectBinding;
+import at.gv.egovernment.moa.id.protocols.pvp2x.builder.assertion.PVP2AssertionBuilder;
+import at.gv.egovernment.moa.id.protocols.pvp2x.config.PVPConfiguration;
+import at.gv.egovernment.moa.id.protocols.pvp2x.exceptions.BindingNotSupportedException;
+import at.gv.egovernment.moa.id.protocols.pvp2x.exceptions.InvalidAssertionConsumerServiceException;
+import at.gv.egovernment.moa.id.protocols.pvp2x.utils.SAML2Utils;
+import at.gv.egovernment.moa.id.storage.AuthenticationSessionStoreage;
+import at.gv.egovernment.moa.logging.Logger;
+
+public class AuthnRequestHandler implements IRequestHandler, PVPConstants {
+
+ public boolean handleObject(MOARequest obj) {
+ return (obj.getSamlRequest() instanceof AuthnRequest);
+ }
+
+ public void process(MOARequest obj, HttpServletRequest req,
+ HttpServletResponse resp, AuthenticationSession authSession) throws MOAIDException {
+ if (!handleObject(obj)) {
+ throw new MOAIDException("pvp2.13", null);
+ }
+
+ AuthnRequest authnRequest = (AuthnRequest) obj.getSamlRequest();
+ EntityDescriptor peerEntity = obj.getEntityMetadata();
+
+// if (!AuthenticationSessionStoreage.isAuthenticated(authSession.getSessionID())) {
+// throw new AuthenticationException("auth.21", new Object[] {});
+// }
+
+// AuthenticationManager authmanager = AuthenticationManager.getInstance();
+// AuthenticationSession authSession =authmanager.getAuthenticationSession(req.getSession());
+
+ // authSession.getM
+
+ Assertion assertion = PVP2AssertionBuilder.buildAssertion(authnRequest, authSession, peerEntity);
+
+ Response authResponse = SAML2Utils.createSAMLObject(Response.class);
+
+
+ Issuer nissuer = SAML2Utils.createSAMLObject(Issuer.class);
+ nissuer.setValue(PVPConfiguration.getInstance().getIDPIssuerName());
+ nissuer.setFormat(NameID.ENTITY);
+ authResponse.setIssuer(nissuer);
+ authResponse.setInResponseTo(authnRequest.getID());
+ authResponse.getAssertions().add(assertion);
+ authResponse.setStatus(SAML2Utils.getSuccessStatus());
+
+ Integer aIdx = authnRequest.getAssertionConsumerServiceIndex();
+ int idx = 0;
+
+ if (aIdx != null) {
+ idx = aIdx.intValue();
+ }
+
+ SPSSODescriptor spSSODescriptor = peerEntity
+ .getSPSSODescriptor(SAMLConstants.SAML20P_NS);
+
+ AssertionConsumerService consumerService = spSSODescriptor
+ .getAssertionConsumerServices().get(idx);
+
+ if (consumerService == null) {
+ throw new InvalidAssertionConsumerServiceException(idx);
+ }
+ String oaURL = consumerService.getLocation();
+
+ IEncoder binding = null;
+
+ if (consumerService.getBinding().equals(
+ SAMLConstants.SAML2_REDIRECT_BINDING_URI)) {
+ binding = new RedirectBinding();
+ } else if (consumerService.getBinding().equals(
+ SAMLConstants.SAML2_ARTIFACT_BINDING_URI)) {
+ // TODO: not supported YET!!
+ binding = new ArtifactBinding();
+ } else if (consumerService.getBinding().equals(
+ SAMLConstants.SAML2_POST_BINDING_URI)) {
+ binding = new PostBinding();
+ }
+
+ if (binding == null) {
+ throw new BindingNotSupportedException(consumerService.getBinding());
+ }
+
+ try {
+ binding.encodeRespone(req, resp, authResponse, oaURL);
+ // TODO add remoteSessionID to AuthSession ExternalPVPSessionStore
+ } catch (MessageEncodingException e) {
+ Logger.error("Message Encoding exception", e);
+ throw new MOAIDException("pvp2.01", null, e);
+ } catch (SecurityException e) {
+ Logger.error("Security exception", e);
+ throw new MOAIDException("pvp2.01", null, e);
+ }
+ }
+}
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/requestHandler/IRequestHandler.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/requestHandler/IRequestHandler.java
new file mode 100644
index 000000000..458316c6d
--- /dev/null
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/requestHandler/IRequestHandler.java
@@ -0,0 +1,15 @@
+package at.gv.egovernment.moa.id.protocols.pvp2x.requestHandler;
+
+import javax.servlet.http.HttpServletRequest;
+import javax.servlet.http.HttpServletResponse;
+
+import at.gv.egovernment.moa.id.MOAIDException;
+import at.gv.egovernment.moa.id.auth.data.AuthenticationSession;
+import at.gv.egovernment.moa.id.protocols.pvp2x.binding.MOARequest;
+
+public interface IRequestHandler {
+ public boolean handleObject(MOARequest obj);
+
+ public void process(MOARequest obj, HttpServletRequest req,
+ HttpServletResponse resp, AuthenticationSession moasession) throws MOAIDException;
+}
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/requestHandler/RequestManager.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/requestHandler/RequestManager.java
new file mode 100644
index 000000000..a043bfde5
--- /dev/null
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/requestHandler/RequestManager.java
@@ -0,0 +1,48 @@
+package at.gv.egovernment.moa.id.protocols.pvp2x.requestHandler;
+
+import java.util.ArrayList;
+import java.util.Iterator;
+import java.util.List;
+
+import javax.servlet.http.HttpServletRequest;
+import javax.servlet.http.HttpServletResponse;
+
+import at.gv.egovernment.moa.id.MOAIDException;
+import at.gv.egovernment.moa.id.auth.data.AuthenticationSession;
+import at.gv.egovernment.moa.id.protocols.pvp2x.binding.MOARequest;
+import at.gv.egovernment.moa.id.protocols.pvp2x.exceptions.SAMLRequestNotSupported;
+
+public class RequestManager {
+
+ private static RequestManager instance = null;
+
+ private List<IRequestHandler> handler;
+
+ public static synchronized RequestManager getInstance() {
+ if(instance == null) {
+ instance = new RequestManager();
+ }
+ return instance;
+ }
+
+ private RequestManager() {
+ handler = new ArrayList<IRequestHandler>();
+ handler.add(new AuthnRequestHandler());
+ handler.add(new ArtifactResolution());
+ }
+
+ public void handle(MOARequest obj, HttpServletRequest req, HttpServletResponse resp, AuthenticationSession moasession)
+ throws SAMLRequestNotSupported, MOAIDException {
+ Iterator<IRequestHandler> it = handler.iterator();
+ while(it.hasNext()) {
+ IRequestHandler handler = it.next();
+ if(handler.handleObject(obj)) {
+ handler.process(obj, req, resp, moasession);
+ return;
+ }
+ }
+
+ // not handled
+ throw new SAMLRequestNotSupported();
+ }
+}
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/signer/CredentialProvider.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/signer/CredentialProvider.java
new file mode 100644
index 000000000..38251ab56
--- /dev/null
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/signer/CredentialProvider.java
@@ -0,0 +1,96 @@
+package at.gv.egovernment.moa.id.protocols.pvp2x.signer;
+
+import iaik.pkcs.pkcs12.PKCS12;
+import iaik.x509.X509Certificate;
+
+import java.io.File;
+import java.io.FileInputStream;
+import java.io.FileNotFoundException;
+import java.io.IOException;
+import java.security.KeyStore;
+import java.security.cert.CertificateException;
+
+import javax.jws.soap.SOAPBinding.Use;
+
+import org.opensaml.xml.security.credential.Credential;
+import org.opensaml.xml.security.credential.UsageType;
+import org.opensaml.xml.security.x509.BasicX509Credential;
+import org.opensaml.xml.security.x509.KeyStoreX509CredentialAdapter;
+import org.opensaml.xml.security.x509.X509Credential;
+import org.opensaml.xml.signature.Signature;
+import org.opensaml.xml.signature.SignatureConstants;
+
+import at.gv.egovernment.moa.id.protocols.pvp2x.config.PVPConfiguration;
+import at.gv.egovernment.moa.id.protocols.pvp2x.utils.SAML2Utils;
+import at.gv.egovernment.moa.logging.Logger;
+import at.gv.egovernment.moa.util.KeyStoreUtils;
+
+public class CredentialProvider {
+ public static Credential getIDPSigningCredential()
+ throws CredentialsNotAvailableException {
+ KeyStore keyStore;
+ PVPConfiguration config = PVPConfiguration.getInstance();
+ try {
+ keyStore = KeyStoreUtils.loadKeyStore(config.getIDPKeyStoreFilename(),
+ config.getIDPKeyStorePassword());
+
+ KeyStoreX509CredentialAdapter credentials = new KeyStoreX509CredentialAdapter(
+ keyStore, config.getIDPKeyAlias(), config
+ .getIDPKeyPassword().toCharArray());
+
+ credentials.setUsageType(UsageType.SIGNING);
+ return credentials;
+ } catch (Exception e) {
+ Logger.error("Failed to generate IDP Signing credentials");
+ e.printStackTrace();
+ throw new CredentialsNotAvailableException(e.getMessage(), null);
+ }
+ }
+
+ public static Signature getIDPSignature(Credential credentials) {
+ Signature signer = SAML2Utils.createSAMLObject(Signature.class);
+ signer.setSignatureAlgorithm(SignatureConstants.ALGO_ID_SIGNATURE_RSA_SHA256);
+ signer.setCanonicalizationAlgorithm(SignatureConstants.ALGO_ID_C14N_EXCL_OMIT_COMMENTS);
+ signer.setSigningCredential(credentials);
+ return signer;
+ }
+
+ public static Credential getSPTrustedCredential(String entityID)
+ throws CredentialsNotAvailableException {
+
+ iaik.x509.X509Certificate cert = PVPConfiguration.getInstance()
+ .getTrustEntityCertificate(entityID);
+
+ if (cert == null) {
+ throw new CredentialsNotAvailableException("ServiceProvider Certificate can not be loaded from Database", null);
+ }
+
+ BasicX509Credential credential = new BasicX509Credential();
+ credential.setEntityId(entityID);
+ credential.setUsageType(UsageType.SIGNING);
+ credential.setPublicKey(cert.getPublicKey());
+
+ return credential;
+ }
+ /*
+ * public static Credential getTrustedCredential() throws
+ * CredentialsNotAvailableException { String filename =
+ * PVPConfiguration.getInstance().getTrustEntityCertificate("sp.crt");
+ *
+ * iaik.x509.X509Certificate cert; try { cert = new X509Certificate(new
+ * FileInputStream(new File(filename))); } catch (CertificateException e) {
+ * e.printStackTrace(); throw new
+ * CredentialsNotAvailableException(e.getMessage(), null); } catch
+ * (FileNotFoundException e) { e.printStackTrace(); throw new
+ * CredentialsNotAvailableException(e.getMessage(), null); } catch
+ * (IOException e) { e.printStackTrace(); throw new
+ * CredentialsNotAvailableException(e.getMessage(), null); }
+ *
+ * BasicX509Credential credential = new BasicX509Credential();
+ * credential.setEntityId("sp.crt");
+ * credential.setUsageType(UsageType.SIGNING);
+ * credential.setPublicKey(cert.getPublicKey());
+ *
+ * return credential; }
+ */
+}
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/signer/CredentialsNotAvailableException.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/signer/CredentialsNotAvailableException.java
new file mode 100644
index 000000000..56864bc1f
--- /dev/null
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/signer/CredentialsNotAvailableException.java
@@ -0,0 +1,17 @@
+package at.gv.egovernment.moa.id.protocols.pvp2x.signer;
+
+import at.gv.egovernment.moa.id.MOAIDException;
+
+public class CredentialsNotAvailableException extends MOAIDException {
+
+ public CredentialsNotAvailableException(String messageId,
+ Object[] parameters) {
+ super(messageId, parameters);
+ }
+
+ /**
+ *
+ */
+ private static final long serialVersionUID = -2564476345552842599L;
+
+}
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/signer/SAMLSigner.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/signer/SAMLSigner.java
new file mode 100644
index 000000000..b88998cd1
--- /dev/null
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/signer/SAMLSigner.java
@@ -0,0 +1,5 @@
+package at.gv.egovernment.moa.id.protocols.pvp2x.signer;
+
+public class SAMLSigner {
+
+}
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/utils/AttributeExtractor.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/utils/AttributeExtractor.java
new file mode 100644
index 000000000..a59fc17c5
--- /dev/null
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/utils/AttributeExtractor.java
@@ -0,0 +1,66 @@
+package at.gv.egovernment.moa.id.protocols.pvp2x.utils;
+
+import java.util.Iterator;
+import java.util.List;
+
+import at.gv.egovernment.moa.id.auth.data.AuthenticationSession;
+import at.gv.egovernment.moa.id.auth.data.ExtendedSAMLAttribute;
+import at.gv.egovernment.moa.id.auth.validator.parep.ParepValidator;
+
+public class AttributeExtractor {
+
+ public static String extractSAMLAttributeOA(String name,
+ AuthenticationSession authSession) {
+ List extAttributes = authSession.getExtendedSAMLAttributesOA();
+ if(extAttributes == null) {
+ return null;
+ }
+ Iterator extAttributesIt = extAttributes.iterator();
+ String value = null;
+ while(extAttributesIt.hasNext()) {
+ Object attr = extAttributesIt.next();
+ if(attr instanceof ExtendedSAMLAttribute) {
+ ExtendedSAMLAttribute extAttribute = (ExtendedSAMLAttribute) attr;
+ if(extAttribute.getName().equals(name)) {
+ if(extAttribute.getValue() instanceof String) {
+ return extAttribute.getValue().toString();
+ }
+ break;
+ }
+ }
+ }
+ return null;
+ }
+
+ public static String extractSAMLAttributeAUTH(String name,
+ AuthenticationSession authSession) {
+ List extAttributes = authSession.getExtendedSAMLAttributesAUTH();
+ if(extAttributes == null) {
+ return null;
+ }
+ Iterator extAttributesIt = extAttributes.iterator();
+ String value = null;
+ while(extAttributesIt.hasNext()) {
+ Object attr = extAttributesIt.next();
+ if(attr instanceof ExtendedSAMLAttribute) {
+ ExtendedSAMLAttribute extAttribute = (ExtendedSAMLAttribute) attr;
+ if(extAttribute.getName().equals(name)) {
+ if(extAttribute.getValue() instanceof String) {
+ return extAttribute.getValue().toString();
+ }
+ break;
+ }
+ }
+ }
+ return null;
+ }
+
+ public static String extractSAMLAttributeBOTH(String name,
+ AuthenticationSession authSession) {
+ String value = extractSAMLAttributeOA(name, authSession);
+ if(value == null) {
+ value = extractSAMLAttributeAUTH(name, authSession);
+ }
+ return value;
+ }
+}
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/utils/CheckMandateAttributes.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/utils/CheckMandateAttributes.java
new file mode 100644
index 000000000..66d0b1d46
--- /dev/null
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/utils/CheckMandateAttributes.java
@@ -0,0 +1,47 @@
+package at.gv.egovernment.moa.id.protocols.pvp2x.utils;
+
+import java.util.ArrayList;
+import java.util.Iterator;
+import java.util.List;
+
+import org.opensaml.saml2.metadata.AttributeConsumingService;
+import org.opensaml.saml2.metadata.RequestedAttribute;
+
+import at.gv.egovernment.moa.id.protocols.pvp2x.PVPConstants;
+
+public class CheckMandateAttributes implements PVPConstants {
+ private static List<String> minMandateAttributes;
+
+ static {
+ minMandateAttributes = new ArrayList<String>();
+ minMandateAttributes.add(MANDATE_TYPE_NAME);
+
+ minMandateAttributes.add(MANDATE_LEG_PER_FULL_NAME_NAME);
+ minMandateAttributes.add(MANDATE_LEG_PER_SOURCE_PIN_NAME);
+ minMandateAttributes.add(MANDATE_LEG_PER_SOURCE_PIN_TYPE_NAME);
+
+ minMandateAttributes.add(MANDATE_NAT_PER_BIRTHDATE_NAME);
+ minMandateAttributes.add(MANDATE_NAT_PER_GIVEN_NAME_NAME);
+ minMandateAttributes.add(MANDATE_NAT_PER_BPK_NAME);
+ minMandateAttributes.add(MANDATE_NAT_PER_FAMILY_NAME_NAME);
+
+ minMandateAttributes.add(MANDATE_PROF_REP_OID_NAME);
+ minMandateAttributes.add(MANDATE_PROF_REP_DESC_NAME);
+ minMandateAttributes.add(MANDATE_REFERENCE_VALUE_NAME);
+ }
+
+ public static boolean canHandleMandate(AttributeConsumingService attributeConsumer) {
+ List<String> attrList = new ArrayList<String>(minMandateAttributes);
+ Iterator<RequestedAttribute> attrIt = attributeConsumer.getRequestAttributes().iterator();
+
+ while(attrIt.hasNext()) {
+ RequestedAttribute reqAttr = attrIt.next();
+
+ if(attrList.contains(reqAttr.getName())) {
+ attrList.remove(reqAttr.getName());
+ }
+ }
+
+ return attrList.isEmpty();
+ }
+}
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/utils/Digester.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/utils/Digester.java
new file mode 100644
index 000000000..7d81825d9
--- /dev/null
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/utils/Digester.java
@@ -0,0 +1,26 @@
+package at.gv.egovernment.moa.id.protocols.pvp2x.utils;
+
+import java.security.MessageDigest;
+import java.security.NoSuchAlgorithmException;
+
+public class Digester {
+ public static String byteArrayToHexString(byte[] b) {
+ String result = "";
+ for (int i=0; i < b.length; i++) {
+ result +=
+ Integer.toString( ( b[i] & 0xff ) + 0x100, 16).substring( 1 );
+ }
+ return result;
+ }
+
+ public static String toSHA1(byte[] convertme) {
+ MessageDigest md = null;
+ try {
+ md = MessageDigest.getInstance("SHA-1");
+ }
+ catch(NoSuchAlgorithmException e) {
+ e.printStackTrace();
+ }
+ return byteArrayToHexString(md.digest(convertme));
+ }
+}
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/utils/PrettyPrinter.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/utils/PrettyPrinter.java
new file mode 100644
index 000000000..807da0ebe
--- /dev/null
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/utils/PrettyPrinter.java
@@ -0,0 +1,301 @@
+package at.gv.egovernment.moa.id.protocols.pvp2x.utils;
+
+import java.io.*;
+import javax.xml.parsers.*;
+import javax.xml.transform.*;
+import javax.xml.transform.dom.*;
+import javax.xml.transform.stream.*;
+
+import org.w3c.dom.Document;
+
+import org.xml.sax.*;
+import org.xml.sax.helpers.*;
+
+
+/**
+This class "pretty prints" an XML stream to something more human-readable.
+It duplicates the character content with some modifications to whitespace,
+restoring line breaks and a simple pattern of indenting child elements.
+
+This version of the class acts as a SAX 2.0 <code>DefaultHandler</code>,
+so to provide the unformatted XML just pass a new instance to a SAX parser.
+Its output is via the {@link #toString toString} method.
+
+One major limitation: we gather character data for elements in a single
+buffer, so mixed-content documents will lose a lot of data! This works
+best with data-centric documents where elements either have single values
+or child elements, but not both.
+
+@author Will Provost
+*/
+/*
+Copyright 2002-2003 by Will Provost.
+All rights reserved.
+*/
+public class PrettyPrinter
+ extends DefaultHandler
+{
+ /**
+ Convenience method to wrap pretty-printing SAX pass over existing content.
+ */
+ public static String prettyPrint (byte[] content)
+ {
+ try
+ {
+ PrettyPrinter pretty = new PrettyPrinter ();
+ SAXParserFactory factory = SAXParserFactory.newInstance ();
+ factory.setFeature
+ ("http://xml.org/sax/features/namespace-prefixes", true);
+ factory.newSAXParser ().parse
+ (new ByteArrayInputStream (content), pretty);
+ return pretty.toString ();
+ }
+ catch (Exception ex)
+ {
+ ex.printStackTrace ();
+ return "EXCEPTION: " + ex.getClass ().getName () + " saying \"" +
+ ex.getMessage () + "\"";
+ }
+ }
+
+ /**
+ Convenience method to wrap pretty-printing SAX pass over existing content.
+ */
+ public static String prettyPrint (String content)
+ {
+ try
+ {
+ PrettyPrinter pretty = new PrettyPrinter ();
+ SAXParserFactory factory = SAXParserFactory.newInstance ();
+ factory.setFeature
+ ("http://xml.org/sax/features/namespace-prefixes", true);
+ factory.newSAXParser ().parse (content, pretty);
+ return pretty.toString ();
+ }
+ catch (Exception ex)
+ {
+ ex.printStackTrace ();
+ return "EXCEPTION: " + ex.getClass ().getName () + " saying \"" +
+ ex.getMessage () + "\"";
+ }
+ }
+
+ /**
+ Convenience method to wrap pretty-printing SAX pass over existing content.
+ */
+ public static String prettyPrint (InputStream content)
+ {
+ try
+ {
+ PrettyPrinter pretty = new PrettyPrinter ();
+ SAXParserFactory factory = SAXParserFactory.newInstance ();
+ factory.setFeature
+ ("http://xml.org/sax/features/namespace-prefixes", true);
+ factory.newSAXParser ().parse (content, pretty);
+ return pretty.toString ();
+ }
+ catch (Exception ex)
+ {
+ ex.printStackTrace ();
+ return "EXCEPTION: " + ex.getClass ().getName () + " saying \"" +
+ ex.getMessage () + "\"";
+ }
+ }
+
+ /**
+ Convenience method to wrap pretty-printing SAX pass over existing content.
+ */
+ public static String prettyPrint (Document doc)
+ throws TransformerException
+ {
+ try
+ {
+ ByteArrayOutputStream buffer = new ByteArrayOutputStream ();
+ TransformerFactory.newInstance ().newTransformer()
+ .transform (new DOMSource (doc), new StreamResult (buffer));
+ byte[] rawResult = buffer.toByteArray ();
+ buffer.close ();
+
+ return prettyPrint (rawResult);
+ }
+ catch (Exception ex)
+ {
+ ex.printStackTrace ();
+ return "EXCEPTION: " + ex.getClass ().getName () + " saying \"" +
+ ex.getMessage () + "\"";
+ }
+ }
+
+ public static class StreamAdapter
+ extends OutputStream
+ {
+ public StreamAdapter (Writer finalDestination)
+ {
+ this.finalDestination = finalDestination;
+ }
+
+ public void write (int b)
+ {
+ out.write (b);
+ }
+
+ public void flushPretty ()
+ throws IOException
+ {
+ PrintWriter finalPrinter = new PrintWriter (finalDestination);
+ finalPrinter.println
+ (PrettyPrinter.prettyPrint (out.toByteArray ()));
+ finalPrinter.close ();
+ out.close ();
+ }
+
+ private ByteArrayOutputStream out = new ByteArrayOutputStream ();
+ Writer finalDestination;
+ }
+
+ /**
+ Call this to get the formatted XML post-parsing.
+ */
+ public String toString ()
+ {
+ return output.toString ();
+ }
+
+ /**
+ Prints the XML declaration.
+ */
+ public void startDocument ()
+ throws SAXException
+ {
+ output.append ("<?xml version=\"1.0\" encoding=\"UTF-8\" ?>")
+ .append (endLine);
+ }
+
+ /**
+ Prints a blank line at the end of the reformatted document.
+ */
+ public void endDocument () throws SAXException
+ {
+ output.append (endLine);
+ }
+
+ /**
+ Writes the start tag for the element.
+ Attributes are written out, one to a text line. Starts gathering
+ character data for the element.
+ */
+ public void startElement
+ (String URI, String name, String qName, Attributes attributes)
+ throws SAXException
+ {
+ if (justHitStartTag)
+ output.append ('>');
+
+ output.append (endLine)
+ .append (indent)
+ .append ('<')
+ .append (qName);
+
+ int length = attributes.getLength ();
+ for (int a = 0; a < length; ++a)
+ output.append (endLine)
+ .append (indent)
+ .append (standardIndent)
+ .append (attributes.getQName (a))
+ .append ("=\"")
+ .append (attributes.getValue (a))
+ .append ('\"');
+
+ if (length > 0)
+ output.append (endLine)
+ .append (indent);
+
+ indent += standardIndent;
+ currentValue = new StringBuffer ();
+ justHitStartTag = true;
+ }
+
+ /**
+ Checks the {@link #currentValue} buffer to gather element content.
+ Writes this out if it is available. Writes the element end tag.
+ */
+ public void endElement (String URI, String name, String qName)
+ throws SAXException
+ {
+ indent = indent.substring
+ (0, indent.length () - standardIndent.length ());
+
+ if (currentValue == null)
+ output.append (endLine)
+ .append (indent)
+ .append ("</")
+ .append (qName)
+ .append ('>');
+ else if (currentValue.length () != 0)
+ output.append ('>')
+ .append (currentValue.toString ())
+ .append ("</")
+ .append (qName)
+ .append ('>');
+ else
+ output.append ("/>");
+
+ currentValue = null;
+ justHitStartTag = false;
+ }
+
+ /**
+ When the {@link #currentValue} buffer is enabled, appends character
+ data into it, to be gathered when the element end tag is encountered.
+ */
+ public void characters (char[] chars, int start, int length)
+ throws SAXException
+ {
+ if (currentValue != null)
+ currentValue.append (escape (chars, start, length));
+ }
+
+ /**
+ Filter to pass strings to output, escaping <b>&lt;</b> and <b>&amp;</b>
+ characters to &amp;lt; and &amp;amp; respectively.
+ */
+ private static String escape (char[] chars, int start, int length)
+ {
+ StringBuffer result = new StringBuffer ();
+ for (int c = start; c < start + length; ++c)
+ if (chars[c] == '<')
+ result.append ("&lt;");
+ else if (chars[c] == '&')
+ result.append ("&amp;");
+ else
+ result.append (chars[c]);
+
+ return result.toString ();
+ }
+
+ /**
+ This whitespace string is expanded and collapsed to manage the output
+ indenting.
+ */
+ private String indent = "";
+
+ /**
+ A buffer for character data. It is &quot;enabled&quot; in
+ {@link #startElement startElement} by being initialized to a
+ new <b>StringBuffer</b>, and then read and reset to
+ <code>null</code> in {@link #endElement endElement}.
+ */
+ private StringBuffer currentValue = null;
+
+ /**
+ The primary buffer for accumulating the formatted XML.
+ */
+ private StringBuffer output = new StringBuffer ();
+
+ private boolean justHitStartTag;
+
+ private static final String standardIndent = " ";
+ private static final String endLine =
+ System.getProperty ("line.separator");
+}
+
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/utils/SAML2Utils.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/utils/SAML2Utils.java
new file mode 100644
index 000000000..d6ac121b1
--- /dev/null
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/utils/SAML2Utils.java
@@ -0,0 +1,82 @@
+package at.gv.egovernment.moa.id.protocols.pvp2x.utils;
+
+import java.io.IOException;
+import java.security.NoSuchAlgorithmException;
+
+import javax.xml.namespace.QName;
+import javax.xml.parsers.DocumentBuilder;
+import javax.xml.parsers.DocumentBuilderFactory;
+import javax.xml.parsers.ParserConfigurationException;
+import javax.xml.transform.TransformerException;
+
+import org.opensaml.Configuration;
+import org.opensaml.common.impl.SecureRandomIdentifierGenerator;
+import org.opensaml.saml2.core.Status;
+import org.opensaml.saml2.core.StatusCode;
+import org.opensaml.xml.XMLObject;
+import org.opensaml.xml.XMLObjectBuilderFactory;
+import org.opensaml.xml.io.Marshaller;
+import org.opensaml.xml.io.MarshallingException;
+import org.w3c.dom.Document;
+
+import eu.stork.vidp.messages.common.STORKBootstrap;
+
+public class SAML2Utils {
+
+ public static <T> T createSAMLObject(final Class<T> clazz) {
+ try {
+ XMLObjectBuilderFactory builderFactory = Configuration
+ .getBuilderFactory();
+
+ QName defaultElementName = (QName) clazz.getDeclaredField(
+ "DEFAULT_ELEMENT_NAME").get(null);
+ @SuppressWarnings("unchecked")
+ T object = (T) builderFactory.getBuilder(defaultElementName)
+ .buildObject(defaultElementName);
+ return object;
+ } catch (Throwable e) {
+ e.printStackTrace();
+ return null;
+ }
+ }
+
+ public static String getSecureIdentifier() {
+ return idGenerator.generateIdentifier();
+ }
+
+ private static SecureRandomIdentifierGenerator idGenerator;
+
+ private static DocumentBuilder builder;
+ static {
+ DocumentBuilderFactory factory = DocumentBuilderFactory.newInstance();
+ factory.setNamespaceAware(true);
+ try {
+ builder = factory.newDocumentBuilder();
+ } catch (ParserConfigurationException e) {
+ // TODO Auto-generated catch block
+ e.printStackTrace();
+ }
+ try {
+ idGenerator = new SecureRandomIdentifierGenerator();
+ } catch(NoSuchAlgorithmException e) {
+ e.printStackTrace();
+ }
+ }
+
+ public static Document asDOMDocument(XMLObject object) throws IOException,
+ MarshallingException, TransformerException {
+ Document document = builder.newDocument();
+ Marshaller out = Configuration.getMarshallerFactory().getMarshaller(
+ object);
+ out.marshall(object, document);
+ return document;
+ }
+
+ public static Status getSuccessStatus() {
+ Status status = SAML2Utils.createSAMLObject(Status.class);
+ StatusCode statusCode = SAML2Utils.createSAMLObject(StatusCode.class);
+ statusCode.setValue(StatusCode.SUCCESS_URI);
+ status.setStatusCode(statusCode);
+ return status;
+ }
+}
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/utils/StoredAssertion.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/utils/StoredAssertion.java
new file mode 100644
index 000000000..70793d073
--- /dev/null
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/utils/StoredAssertion.java
@@ -0,0 +1,48 @@
+package at.gv.egovernment.moa.id.protocols.pvp2x.utils;
+
+import org.joda.time.DateTime;
+import org.opensaml.common.SAMLObject;
+import org.opensaml.common.binding.artifact.SAMLArtifactMap.SAMLArtifactMapEntry;
+
+public class StoredAssertion implements SAMLArtifactMapEntry {
+ private String artifact;
+ private String relyingPartyId;
+ private String issuerId;
+ private SAMLObject samlMessage;
+ private DateTime expirationTime;
+
+ public StoredAssertion(String artifact,
+ String relyingPartyId,
+ String issuerId,
+ SAMLObject samlMessage) {
+ this.artifact = artifact;
+ this.relyingPartyId = relyingPartyId;
+ this.issuerId = issuerId;
+ this.samlMessage = samlMessage;
+ this.expirationTime = new DateTime();
+ this.expirationTime.plusMinutes(5);
+ }
+
+ public DateTime getExpirationTime() {
+ return expirationTime;
+ }
+
+ public boolean isExpired() {
+ return this.expirationTime.isAfterNow();
+ }
+
+ public void onExpire() {
+ }
+ public String getArtifact() {
+ return artifact;
+ }
+ public String getIssuerId() {
+ return issuerId;
+ }
+ public String getRelyingPartyId() {
+ return relyingPartyId;
+ }
+ public SAMLObject getSamlMessage() {
+ return samlMessage;
+ }
+}
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/validation/ChainSAMLValidator.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/validation/ChainSAMLValidator.java
new file mode 100644
index 000000000..bf30c72cb
--- /dev/null
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/validation/ChainSAMLValidator.java
@@ -0,0 +1,28 @@
+package at.gv.egovernment.moa.id.protocols.pvp2x.validation;
+
+import java.util.ArrayList;
+import java.util.Iterator;
+import java.util.List;
+
+import org.opensaml.saml2.core.RequestAbstractType;
+
+import at.gv.egovernment.moa.id.MOAIDException;
+
+public class ChainSAMLValidator implements ISAMLValidator {
+
+private List<ISAMLValidator> validator = new ArrayList<ISAMLValidator>();
+
+ public void addValidator(ISAMLValidator validator) {
+ this.validator.add(validator);
+ }
+
+ public void validateRequest(RequestAbstractType request)
+ throws MOAIDException {
+ Iterator<ISAMLValidator> validatorIterator = validator.iterator();
+ while(validatorIterator.hasNext()) {
+ ISAMLValidator validator = validatorIterator.next();
+ validator.validateRequest(request);
+ }
+ }
+
+}
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/validation/ISAMLValidator.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/validation/ISAMLValidator.java
new file mode 100644
index 000000000..525a0870e
--- /dev/null
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/validation/ISAMLValidator.java
@@ -0,0 +1,9 @@
+package at.gv.egovernment.moa.id.protocols.pvp2x.validation;
+
+import org.opensaml.saml2.core.RequestAbstractType;
+
+import at.gv.egovernment.moa.id.MOAIDException;
+
+public interface ISAMLValidator {
+ public void validateRequest(RequestAbstractType request) throws MOAIDException;
+}
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/validation/SAMLSignatureValidator.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/validation/SAMLSignatureValidator.java
new file mode 100644
index 000000000..db1241e6f
--- /dev/null
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/validation/SAMLSignatureValidator.java
@@ -0,0 +1,42 @@
+package at.gv.egovernment.moa.id.protocols.pvp2x.validation;
+
+import org.opensaml.common.SignableSAMLObject;
+import org.opensaml.saml2.core.RequestAbstractType;
+import org.opensaml.security.SAMLSignatureProfileValidator;
+import org.opensaml.xml.validation.ValidationException;
+
+import at.gv.egovernment.moa.id.MOAIDException;
+import at.gv.egovernment.moa.id.protocols.pvp2x.exceptions.SAMLRequestNotSignedException;
+
+public class SAMLSignatureValidator implements ISAMLValidator {
+
+ public void validateRequest(RequestAbstractType request)
+ throws MOAIDException {
+ if (request.getSignature() == null) {
+ throw new SAMLRequestNotSignedException();
+ }
+
+ try {
+ SAMLSignatureProfileValidator sigValidator = new SAMLSignatureProfileValidator();
+ sigValidator.validate(request.getSignature());
+ } catch (ValidationException e) {
+ e.printStackTrace();
+ throw new SAMLRequestNotSignedException(e);
+ }
+ }
+
+ public static void validateSignable(SignableSAMLObject signableObject)
+ throws MOAIDException {
+ if (signableObject.getSignature() == null) {
+ throw new SAMLRequestNotSignedException();
+ }
+
+ try {
+ SAMLSignatureProfileValidator sigValidator = new SAMLSignatureProfileValidator();
+ sigValidator.validate(signableObject.getSignature());
+ } catch (ValidationException e) {
+ e.printStackTrace();
+ throw new SAMLRequestNotSignedException(e);
+ }
+ }
+}
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/verification/ChainSAMLVerifier.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/verification/ChainSAMLVerifier.java
new file mode 100644
index 000000000..5cea607bc
--- /dev/null
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/verification/ChainSAMLVerifier.java
@@ -0,0 +1,28 @@
+package at.gv.egovernment.moa.id.protocols.pvp2x.verification;
+
+import java.util.ArrayList;
+import java.util.Iterator;
+import java.util.List;
+
+import org.opensaml.saml2.core.RequestAbstractType;
+
+import at.gv.egovernment.moa.id.MOAIDException;
+
+public class ChainSAMLVerifier implements ISAMLVerifier {
+
+ private List<ISAMLVerifier> verifier = new ArrayList<ISAMLVerifier>();
+
+ public void addVerifier(ISAMLVerifier verifier) {
+ this.verifier.add(verifier);
+ }
+
+ public void verifyRequest(RequestAbstractType request)
+ throws MOAIDException {
+ Iterator<ISAMLVerifier> verifyIterator = verifier.iterator();
+ while(verifyIterator.hasNext()) {
+ ISAMLVerifier verifier = verifyIterator.next();
+ verifier.verifyRequest(request);
+ }
+ }
+
+}
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/verification/EntityVerifier.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/verification/EntityVerifier.java
new file mode 100644
index 000000000..b78c2f264
--- /dev/null
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/verification/EntityVerifier.java
@@ -0,0 +1,160 @@
+package at.gv.egovernment.moa.id.protocols.pvp2x.verification;
+
+import java.util.Iterator;
+import java.util.List;
+
+import org.opensaml.saml2.metadata.EntitiesDescriptor;
+import org.opensaml.saml2.metadata.EntityDescriptor;
+import org.opensaml.security.SAMLSignatureProfileValidator;
+import org.opensaml.xml.security.credential.Credential;
+import org.opensaml.xml.signature.SignatureValidator;
+import org.opensaml.xml.validation.ValidationException;
+
+import at.gv.egovernment.moa.id.MOAIDException;
+import at.gv.egovernment.moa.id.commons.db.ConfigurationDBRead;
+import at.gv.egovernment.moa.id.commons.db.dao.config.OAPVP2;
+import at.gv.egovernment.moa.id.commons.db.dao.config.OnlineApplication;
+import at.gv.egovernment.moa.id.protocols.pvp2x.exceptions.NoCredentialsException;
+import at.gv.egovernment.moa.id.protocols.pvp2x.exceptions.SAMLRequestNotSignedException;
+import at.gv.egovernment.moa.id.protocols.pvp2x.signer.CredentialProvider;
+import at.gv.egovernment.moa.logging.Logger;
+
+public class EntityVerifier {
+
+ public static byte[] fetchSavedCredential(String entityID) {
+ List<OnlineApplication> oaList = ConfigurationDBRead
+ .getAllActiveOnlineApplications();
+ Iterator<OnlineApplication> oaIt = oaList.iterator();
+ while (oaIt.hasNext()) {
+ OnlineApplication oa = oaIt.next();
+ if (oa.getPublicURLPrefix().equals(entityID)) {
+ OAPVP2 pvp2Config = oa.getAuthComponentOA().getOAPVP2();
+ if (pvp2Config != null) {
+ return pvp2Config.getCertificate();
+ }
+ }
+ }
+ return null;
+ }
+
+ public static void verify(EntityDescriptor entityDescriptor)
+ throws MOAIDException {
+ if (entityDescriptor.getSignature() == null) {
+ throw new SAMLRequestNotSignedException();
+ }
+
+ try {
+ SAMLSignatureProfileValidator sigValidator = new SAMLSignatureProfileValidator();
+ sigValidator.validate(entityDescriptor.getSignature());
+ } catch (ValidationException e) {
+ Logger.error("Failed to validate Signature", e);
+ throw new SAMLRequestNotSignedException(e);
+ }
+
+ Credential credential = CredentialProvider
+ .getSPTrustedCredential(entityDescriptor.getEntityID());
+ if (credential == null) {
+ throw new NoCredentialsException(entityDescriptor.getEntityID());
+ }
+
+ SignatureValidator sigValidator = new SignatureValidator(credential);
+ try {
+ sigValidator.validate(entityDescriptor.getSignature());
+ } catch (ValidationException e) {
+ Logger.error("Failed to verfiy Signature", e);
+ throw new SAMLRequestNotSignedException(e);
+ }
+ }
+
+ public static void verify(EntityDescriptor entityDescriptor, Credential cred)
+ throws MOAIDException {
+ if (entityDescriptor.getSignature() == null) {
+ throw new SAMLRequestNotSignedException();
+ }
+
+ try {
+ SAMLSignatureProfileValidator sigValidator = new SAMLSignatureProfileValidator();
+ sigValidator.validate(entityDescriptor.getSignature());
+ } catch (ValidationException e) {
+ Logger.error("Failed to validate Signature", e);
+ throw new SAMLRequestNotSignedException(e);
+ }
+
+ SignatureValidator sigValidator = new SignatureValidator(cred);
+ try {
+ sigValidator.validate(entityDescriptor.getSignature());
+ } catch (ValidationException e) {
+ Logger.error("Failed to verfiy Signature", e);
+ throw new SAMLRequestNotSignedException(e);
+ }
+ }
+
+ public static void verify(EntitiesDescriptor entityDescriptor,
+ Credential cred) throws MOAIDException {
+ if (entityDescriptor.getSignature() == null) {
+ throw new SAMLRequestNotSignedException();
+ }
+
+ try {
+ SAMLSignatureProfileValidator sigValidator = new SAMLSignatureProfileValidator();
+ sigValidator.validate(entityDescriptor.getSignature());
+ } catch (ValidationException e) {
+ Logger.error("Failed to validate Signature", e);
+ throw new SAMLRequestNotSignedException(e);
+ }
+
+ SignatureValidator sigValidator = new SignatureValidator(cred);
+ try {
+ sigValidator.validate(entityDescriptor.getSignature());
+
+ } catch (ValidationException e) {
+ Logger.error("Failed to verfiy Signature", e);
+ throw new SAMLRequestNotSignedException(e);
+ }
+ }
+
+ public static void verify(EntitiesDescriptor entityDescriptor)
+ throws MOAIDException {
+ if (entityDescriptor.getSignature() == null) {
+ throw new SAMLRequestNotSignedException();
+ }
+
+ try {
+ SAMLSignatureProfileValidator sigValidator = new SAMLSignatureProfileValidator();
+ sigValidator.validate(entityDescriptor.getSignature());
+ } catch (ValidationException e) {
+ Logger.error("Failed to validate Signature", e);
+ throw new SAMLRequestNotSignedException(e);
+ }
+
+ List<EntityDescriptor> entities = entityDescriptor
+ .getEntityDescriptors();
+
+ if (entities.size() > 0) {
+
+ if (entities.size() > 1) {
+ Logger.warn("More then one EntityID in Metadatafile with Name "
+ + entityDescriptor.getName()
+ + " defined. Actually only the first"
+ + " entryID is used to select the certificate to perform Metadata verification.");
+ }
+
+ Credential credential = CredentialProvider
+ .getSPTrustedCredential(entities.get(0).getEntityID());
+
+ if (credential == null) {
+ throw new NoCredentialsException("moaID IDP");
+ }
+
+ SignatureValidator sigValidator = new SignatureValidator(credential);
+ try {
+ sigValidator.validate(entityDescriptor.getSignature());
+
+ } catch (ValidationException e) {
+ Logger.error("Failed to verfiy Signature", e);
+ throw new SAMLRequestNotSignedException(e);
+ }
+ }
+ }
+
+}
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/verification/ISAMLVerifier.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/verification/ISAMLVerifier.java
new file mode 100644
index 000000000..a577f3f46
--- /dev/null
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/verification/ISAMLVerifier.java
@@ -0,0 +1,9 @@
+package at.gv.egovernment.moa.id.protocols.pvp2x.verification;
+
+import org.opensaml.saml2.core.RequestAbstractType;
+
+import at.gv.egovernment.moa.id.MOAIDException;
+
+public interface ISAMLVerifier {
+ public void verifyRequest(RequestAbstractType request) throws MOAIDException;
+}
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/verification/MetadataSignatureFilter.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/verification/MetadataSignatureFilter.java
new file mode 100644
index 000000000..36dc2442c
--- /dev/null
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/verification/MetadataSignatureFilter.java
@@ -0,0 +1,78 @@
+package at.gv.egovernment.moa.id.protocols.pvp2x.verification;
+
+import iaik.x509.X509Certificate;
+
+import java.security.cert.CertificateException;
+import java.util.Iterator;
+
+import org.opensaml.saml2.metadata.EntitiesDescriptor;
+import org.opensaml.saml2.metadata.EntityDescriptor;
+import org.opensaml.saml2.metadata.provider.FilterException;
+import org.opensaml.saml2.metadata.provider.MetadataFilter;
+import org.opensaml.xml.XMLObject;
+import org.opensaml.xml.security.credential.Credential;
+import org.opensaml.xml.security.x509.BasicX509Credential;
+
+import at.gv.egovernment.moa.id.MOAIDException;
+import at.gv.egovernment.moa.logging.Logger;
+
+public class MetadataSignatureFilter implements MetadataFilter {
+
+ private String metadataURL;
+ private BasicX509Credential savedCredential;
+
+ public MetadataSignatureFilter(String url, byte[] certificate)
+ throws CertificateException {
+ this.metadataURL = url;
+ X509Certificate cert = new X509Certificate(certificate);
+ savedCredential = new BasicX509Credential();
+ savedCredential.setEntityCertificate(cert);
+ }
+
+ public void processEntityDescriptorr(EntityDescriptor desc) throws MOAIDException {
+
+ String entityID = desc.getEntityID();
+
+ EntityVerifier.verify(desc);
+ }
+
+ public void processEntitiesDescriptor(EntitiesDescriptor desc) throws MOAIDException {
+ Iterator<EntitiesDescriptor> entID = desc.getEntitiesDescriptors().iterator();
+
+ if(desc.getSignature() != null) {
+ EntityVerifier.verify(desc, this.savedCredential);
+ }
+
+ while(entID.hasNext()) {
+ processEntitiesDescriptor(entID.next());
+ }
+
+ Iterator<EntityDescriptor> entIT = desc.getEntityDescriptors().iterator();
+
+ while(entID.hasNext()) {
+ processEntityDescriptorr(entIT.next());
+ }
+ }
+
+ public void doFilter(XMLObject metadata) throws FilterException {
+ try {
+ if (metadata instanceof EntitiesDescriptor) {
+ EntitiesDescriptor entitiesDescriptor = (EntitiesDescriptor) metadata;
+ if(entitiesDescriptor.getSignature() == null) {
+ throw new MOAIDException("Root element of metadata file has to be signed", null);
+ }
+ processEntitiesDescriptor(entitiesDescriptor);
+ } /*else if (metadata instanceof EntityDescriptor) {
+ EntityDescriptor entityDescriptor = (EntityDescriptor) metadata;
+ processEntityDescriptorr(entityDescriptor);
+ } */else {
+ throw new MOAIDException("Invalid Metadata file Root element is no EntitiesDescriptor", null);
+ }
+ Logger.info("Metadata Filter done OK");
+ } catch (MOAIDException e) {
+ e.printStackTrace();
+ throw new FilterException(e);
+ }
+ }
+
+}
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/verification/SAMLVerificationEngine.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/verification/SAMLVerificationEngine.java
new file mode 100644
index 000000000..8df418f9a
--- /dev/null
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/verification/SAMLVerificationEngine.java
@@ -0,0 +1,67 @@
+package at.gv.egovernment.moa.id.protocols.pvp2x.verification;
+
+import org.opensaml.common.xml.SAMLConstants;
+import org.opensaml.saml2.core.RequestAbstractType;
+import org.opensaml.saml2.core.Response;
+import org.opensaml.saml2.metadata.IDPSSODescriptor;
+import org.opensaml.saml2.metadata.SPSSODescriptor;
+import org.opensaml.security.MetadataCriteria;
+import org.opensaml.security.SAMLSignatureProfileValidator;
+import org.opensaml.xml.security.CriteriaSet;
+import org.opensaml.xml.security.credential.UsageType;
+import org.opensaml.xml.security.criteria.EntityIDCriteria;
+import org.opensaml.xml.security.criteria.UsageCriteria;
+import org.opensaml.xml.signature.SignatureTrustEngine;
+import org.opensaml.xml.validation.ValidationException;
+
+public class SAMLVerificationEngine {
+
+ public void verifyResponse(Response samlObj, SignatureTrustEngine sigTrustEngine ) throws org.opensaml.xml.security.SecurityException, Exception {
+ SAMLSignatureProfileValidator profileValidator = new SAMLSignatureProfileValidator();
+ try {
+ profileValidator.validate(samlObj.getSignature());
+ } catch (ValidationException e) {
+ // Indicates signature did not conform to SAML Signature profile
+ e.printStackTrace();
+ }
+
+ CriteriaSet criteriaSet = new CriteriaSet();
+ criteriaSet.add( new EntityIDCriteria(samlObj.getIssuer().getValue()) );
+ criteriaSet.add( new MetadataCriteria(SPSSODescriptor.DEFAULT_ELEMENT_NAME, SAMLConstants.SAML20P_NS) );
+ criteriaSet.add( new UsageCriteria(UsageType.SIGNING) );
+
+ try {
+ if (!sigTrustEngine.validate(samlObj.getSignature(), criteriaSet)) {
+ throw new Exception("Signature was either invalid or signing key could not be established as trusted");
+ }
+ } catch (SecurityException e) {
+ // Indicates processing error evaluating the signature
+ e.printStackTrace();
+ }
+ }
+
+ public void verifyRequest(RequestAbstractType samlObj, SignatureTrustEngine sigTrustEngine ) throws org.opensaml.xml.security.SecurityException, Exception {
+ SAMLSignatureProfileValidator profileValidator = new SAMLSignatureProfileValidator();
+ try {
+ profileValidator.validate(samlObj.getSignature());
+ } catch (ValidationException e) {
+ // Indicates signature did not conform to SAML Signature profile
+ e.printStackTrace();
+ }
+
+ CriteriaSet criteriaSet = new CriteriaSet();
+ criteriaSet.add( new EntityIDCriteria(samlObj.getIssuer().getValue()) );
+ criteriaSet.add( new MetadataCriteria(SPSSODescriptor.DEFAULT_ELEMENT_NAME, SAMLConstants.SAML20P_NS) );
+ criteriaSet.add( new UsageCriteria(UsageType.SIGNING) );
+
+ try {
+ if (!sigTrustEngine.validate(samlObj.getSignature(), criteriaSet)) {
+ throw new Exception("Signature was either invalid or signing key could not be established as trusted");
+ }
+ } catch (SecurityException e) {
+ // Indicates processing error evaluating the signature
+ e.printStackTrace();
+ }
+ }
+
+}
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/verification/SAMLVerifierMOASP.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/verification/SAMLVerifierMOASP.java
new file mode 100644
index 000000000..6dbaae0a1
--- /dev/null
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/verification/SAMLVerifierMOASP.java
@@ -0,0 +1,108 @@
+package at.gv.egovernment.moa.id.protocols.pvp2x.verification;
+
+import org.opensaml.saml2.core.RequestAbstractType;
+import org.opensaml.security.SAMLSignatureProfileValidator;
+import org.opensaml.xml.validation.ValidationException;
+import org.w3c.dom.Element;
+
+import at.gv.egovernment.moa.id.BuildException;
+import at.gv.egovernment.moa.id.MOAIDException;
+import at.gv.egovernment.moa.id.ParseException;
+import at.gv.egovernment.moa.id.ServiceException;
+import at.gv.egovernment.moa.id.auth.builder.VerifyXMLSignatureRequestBuilder;
+import at.gv.egovernment.moa.id.auth.data.VerifyXMLSignatureResponse;
+import at.gv.egovernment.moa.id.auth.invoke.SignatureVerificationInvoker;
+import at.gv.egovernment.moa.id.auth.parser.VerifyXMLSignatureResponseParser;
+import at.gv.egovernment.moa.id.config.ConfigurationException;
+import at.gv.egovernment.moa.id.config.auth.AuthConfigurationProvider;
+import at.gv.egovernment.moa.logging.Logger;
+import eu.stork.vidp.messages.util.XMLUtil;
+
+public class SAMLVerifierMOASP implements ISAMLVerifier {
+
+
+ //TODO: implement via metadata validator ....
+ public void verifyRequest(RequestAbstractType request)
+ throws MOAIDException {
+ // validate Signature
+ try {
+ if (request.isSigned()) {
+
+ String trustProfileID = AuthConfigurationProvider.getInstance()
+ .getStorkConfig().getSignatureVerificationParameter()
+ .getTrustProfileID();
+
+ Logger.trace("Starting validation of Signature references");
+ try {
+ SAMLSignatureProfileValidator sigValidator = new SAMLSignatureProfileValidator();
+ sigValidator.validate(request.getSignature());
+ } catch (ValidationException e) {
+ Logger.error("Validation of XML Signature refrences failed: "
+ + e.getMessage());
+ throw new SecurityException(e);
+ }
+ Logger.debug("XML Signature references are OK.");
+
+ Logger.debug("Invoking MOA-SP with TrustProfileID: "
+ + trustProfileID);
+
+ // builds a <VerifyXMLSignatureRequest> for a call of MOA-SP
+ Element domVerifyXMLSignatureRequest = new VerifyXMLSignatureRequestBuilder()
+ .build(XMLUtil.printXML(request.getDOM()).getBytes(),
+ trustProfileID);
+
+ Logger.trace("VerifyXMLSignatureRequest for MOA-SP succesfully built");
+
+ Logger.trace("Calling MOA-SP");
+ // invokes the call
+ Element domVerifyXMLSignatureResponse = new SignatureVerificationInvoker()
+ .verifyXMLSignature(domVerifyXMLSignatureRequest);
+
+ // parses the <VerifyXMLSignatureResponse>
+ VerifyXMLSignatureResponse verifyXMLSignatureResponse = new VerifyXMLSignatureResponseParser(
+ domVerifyXMLSignatureResponse).parseData();
+
+ Logger.trace("Received VerifyXMLSignatureResponse from MOA-SP");
+
+ if (verifyXMLSignatureResponse.getSignatureCheckCode() != 0) {
+ String msg = "Signature of SAMLResponse not valid";
+ Logger.error(msg);
+ throw new SecurityException(msg);
+ }
+
+ Logger.debug("Signature of SAML response successfully verified");
+
+ if (verifyXMLSignatureResponse.getCertificateCheckCode() != 0) {
+ String msg = "Certificate of SAMLResponse not valid";
+ Logger.error(msg);
+ throw new SecurityException(msg);
+ }
+
+ Logger.debug("Signing certificate of SAML response succesfully verified");
+
+ } else {
+ String msg = "SAML Object is not signed.";
+ throw new SecurityException(msg);
+ }
+
+ } catch (ConfigurationException e) {
+ String msg = "Unable to load STORK configuration for STORK SAML Response signature verification.";
+ Logger.error(msg, e);
+ throw new SecurityException(msg, e);
+ } catch (ParseException e) {
+ String msg = "Unable to parse VerifyXMLSignature Request or Response.";
+ Logger.error(msg, e);
+ throw new SecurityException(msg, e);
+ } catch (BuildException e) {
+ String msg = "Unable to parse VerifyXMLSignature Request or Response.";
+ Logger.error(msg, e);
+ throw new SecurityException(msg, e);
+ } catch (ServiceException e) {
+ String msg = "Unable to invoke MOA-SP.";
+ Logger.error(msg, e);
+ throw new SecurityException(msg, e);
+ }
+
+ }
+
+}
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/verification/TrustEngineFactory.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/verification/TrustEngineFactory.java
new file mode 100644
index 000000000..f3c5ed86a
--- /dev/null
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/verification/TrustEngineFactory.java
@@ -0,0 +1,71 @@
+package at.gv.egovernment.moa.id.protocols.pvp2x.verification;
+
+import java.util.ArrayList;
+import java.util.List;
+
+import org.opensaml.saml2.metadata.provider.MetadataProviderException;
+import org.opensaml.security.MetadataCredentialResolver;
+import org.opensaml.xml.security.credential.CredentialResolver;
+import org.opensaml.xml.security.keyinfo.BasicProviderKeyInfoCredentialResolver;
+import org.opensaml.xml.security.keyinfo.KeyInfoCredentialResolver;
+import org.opensaml.xml.security.keyinfo.KeyInfoProvider;
+import org.opensaml.xml.security.keyinfo.provider.DSAKeyValueProvider;
+import org.opensaml.xml.security.keyinfo.provider.InlineX509DataProvider;
+import org.opensaml.xml.security.keyinfo.provider.RSAKeyValueProvider;
+import org.opensaml.xml.signature.SignatureTrustEngine;
+import org.opensaml.xml.signature.impl.ExplicitKeySignatureTrustEngine;
+import org.opensaml.xml.signature.impl.PKIXSignatureTrustEngine;
+
+import sun.security.krb5.Credentials;
+
+import at.gv.egovernment.moa.id.protocols.pvp2x.metadata.MOAMetadataProvider;
+import edu.internet2.middleware.shibboleth.common.security.MetadataPKIXValidationInformationResolver;
+
+public class TrustEngineFactory {
+
+ public static SignatureTrustEngine getSignatureTrustEngine() {
+ try {
+ MetadataPKIXValidationInformationResolver mdResolver = new MetadataPKIXValidationInformationResolver(
+ MOAMetadataProvider.getInstance());
+
+ List<KeyInfoProvider> keyInfoProvider = new ArrayList<KeyInfoProvider>();
+ keyInfoProvider.add(new DSAKeyValueProvider());
+ keyInfoProvider.add(new RSAKeyValueProvider());
+ keyInfoProvider.add(new InlineX509DataProvider());
+
+ KeyInfoCredentialResolver keyInfoResolver = new BasicProviderKeyInfoCredentialResolver(
+ keyInfoProvider);
+
+ PKIXSignatureTrustEngine engine = new PKIXSignatureTrustEngine(
+ mdResolver, keyInfoResolver);
+
+ return engine;
+
+ } catch (Exception e) {
+ e.printStackTrace();
+ return null;
+ }
+ }
+
+ public static SignatureTrustEngine getSignatureKnownKeysTrustEngine() {
+ MetadataCredentialResolver resolver;
+
+ resolver = new MetadataCredentialResolver(
+ MOAMetadataProvider.getInstance());
+
+ List<KeyInfoProvider> keyInfoProvider = new ArrayList<KeyInfoProvider>();
+ keyInfoProvider.add(new DSAKeyValueProvider());
+ keyInfoProvider.add(new RSAKeyValueProvider());
+ keyInfoProvider.add(new InlineX509DataProvider());
+
+ KeyInfoCredentialResolver keyInfoResolver = new BasicProviderKeyInfoCredentialResolver(
+ keyInfoProvider);
+
+ ExplicitKeySignatureTrustEngine engine = new ExplicitKeySignatureTrustEngine(
+ resolver, keyInfoResolver);
+
+ return engine;
+
+ }
+
+}
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/saml1/GetArtifactAction.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/saml1/GetArtifactAction.java
new file mode 100644
index 000000000..75825d92d
--- /dev/null
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/saml1/GetArtifactAction.java
@@ -0,0 +1,186 @@
+package at.gv.egovernment.moa.id.protocols.saml1;
+
+import java.io.IOException;
+import java.io.PrintWriter;
+import java.io.UnsupportedEncodingException;
+
+import javax.servlet.http.HttpServletRequest;
+import javax.servlet.http.HttpServletResponse;
+import javax.servlet.http.HttpSession;
+
+import org.apache.commons.lang.StringEscapeUtils;
+
+import at.gv.egovernment.moa.id.AuthenticationException;
+import at.gv.egovernment.moa.id.BuildException;
+import at.gv.egovernment.moa.id.auth.WrongParametersException;
+import at.gv.egovernment.moa.id.auth.builder.RedirectFormBuilder;
+import at.gv.egovernment.moa.id.auth.data.AuthenticationSession;
+import at.gv.egovernment.moa.id.auth.servlet.RedirectServlet;
+import at.gv.egovernment.moa.id.commons.db.dao.session.AuthenticatedSessionStore;
+import at.gv.egovernment.moa.id.commons.db.ex.MOADatabaseException;
+import at.gv.egovernment.moa.id.config.ConfigurationException;
+import at.gv.egovernment.moa.id.config.auth.AuthConfigurationProvider;
+import at.gv.egovernment.moa.id.config.auth.OAAuthParameter;
+import at.gv.egovernment.moa.id.data.AuthenticationData;
+import at.gv.egovernment.moa.id.moduls.AuthenticationManager;
+import at.gv.egovernment.moa.id.moduls.IAction;
+import at.gv.egovernment.moa.id.moduls.IRequest;
+import at.gv.egovernment.moa.id.storage.AuthenticationSessionStoreage;
+import at.gv.egovernment.moa.id.util.ParamValidatorUtils;
+import at.gv.egovernment.moa.logging.Logger;
+import at.gv.egovernment.moa.util.URLEncoder;
+
+public class GetArtifactAction implements IAction {
+
+ public void processRequest(IRequest req, HttpServletRequest httpReq,
+ HttpServletResponse httpResp, AuthenticationSession session) throws AuthenticationException {
+
+// HttpSession httpSession = httpReq.getSession();
+// AuthenticationManager authmanager = AuthenticationManager.getInstance();
+// AuthenticationSession session = authmanager.getAuthenticationSession(httpSession);
+
+// if (!AuthenticationSessionStoreage.isAuthenticated(session.getSessionID())) {
+// throw new AuthenticationException("auth.21", new Object[] {});
+// }
+
+ String oaURL = (String) req.getOAURL();
+ String target = (String) req.getTarget();
+
+ try {
+
+
+ if (oaURL == null) {
+ throw new WrongParametersException("StartAuthentication",
+ PARAM_OA, "auth.12");
+ }
+
+ // check parameter
+ if (!ParamValidatorUtils.isValidOA(oaURL))
+ throw new WrongParametersException("StartAuthentication",
+ PARAM_OA, "auth.12");
+
+
+ // if (oaURL == null) {
+// oaURL = session.getOAURLRequested();
+// }
+
+
+ // TODO: Support Mandate MODE!
+ OAAuthParameter oaParam = AuthConfigurationProvider.getInstance()
+ .getOnlineApplicationParameter(oaURL);
+
+ // builds authentication data and stores it together with a SAML
+ // artifact
+
+ //TODO: check, if this is correct!!!!
+ //AuthenticationData authData = buildAuthenticationData(session, session.getXMLVerifySignatureResponse(),
+ // useUTC, false);
+
+ SAML1AuthenticationServer saml1server = SAML1AuthenticationServer.getInstace();
+
+ AuthenticationData authData = SAML1AuthenticationServer.buildAuthenticationData(session,
+ oaParam,
+ target);
+
+ String samlArtifactBase64 = saml1server.BuildSAMLArtifact(session, oaParam, authData);
+
+ if (AuthenticationSessionStoreage.isSSOSession(session.getSessionID())) {
+ String url = "RedirectServlet";
+ url = addURLParameter(url, RedirectServlet.REDIRCT_PARAM_URL, URLEncoder.encode(oaURL, "UTF-8"));
+ if (!oaParam.getBusinessService())
+ url = addURLParameter(url, PARAM_TARGET, URLEncoder.encode(oaParam.getTarget(), "UTF-8"));
+ url = addURLParameter(url, PARAM_SAMLARTIFACT, URLEncoder.encode(samlArtifactBase64, "UTF-8"));
+ url = httpResp.encodeRedirectURL(url);
+
+ httpResp.setContentType("text/html");
+ httpResp.setStatus(302);
+ httpResp.addHeader("Location", url);
+
+ } else {
+ String redirectURL = oaURL;
+
+ //session.getOAURLRequested();
+
+ if (!oaParam.getBusinessService()) {
+// redirectURL = addURLParameter(redirectURL, PARAM_TARGET,
+// URLEncoder.encode(session.getTarget(), "UTF-8"));
+ redirectURL = addURLParameter(redirectURL, PARAM_TARGET,
+ URLEncoder.encode(oaParam.getTarget(), "UTF-8"));
+
+
+ }
+ redirectURL = addURLParameter(redirectURL, PARAM_SAMLARTIFACT,
+ URLEncoder.encode(samlArtifactBase64, "UTF-8"));
+ redirectURL = httpResp.encodeRedirectURL(redirectURL);
+ httpResp.setContentType("text/html");
+ httpResp.setStatus(302);
+ httpResp.addHeader("Location", redirectURL);
+ Logger.debug("REDIRECT TO: " + redirectURL);
+ }
+ // CONFIRMATION FOR SSO!
+ /*
+ * OAAuthParameter oaParam =
+ * AuthConfigurationProvider.getInstance().
+ * getOnlineApplicationParameter(oaURL);
+ *
+ * String friendlyName = oaParam.getFriendlyName(); if(friendlyName
+ * == null) { friendlyName = oaURL; }
+ *
+ *
+ * LoginConfirmationBuilder builder = new
+ * LoginConfirmationBuilder();
+ * builder.addParameter(PARAM_SAMLARTIFACT, samlArtifactBase64);
+ * String form = builder.finish(oaURL, session.getIdentityLink()
+ * .getName(), friendlyName);
+ */
+
+ /*
+ * resp.setContentType("text/html");
+ *
+ * OutputStream out = resp.getOutputStream();
+ * out.write(form.getBytes("UTF-8")); out.flush(); out.close();
+ */
+
+ } catch (WrongParametersException ex) {
+ // handleWrongParameters(ex, req, httpResp);
+ ex.printStackTrace();
+ } catch (ConfigurationException e) {
+ // TODO Auto-generated catch block
+ e.printStackTrace();
+ } catch (BuildException e) {
+ // TODO Auto-generated catch block
+ e.printStackTrace();
+ } catch (AuthenticationException e) {
+ // TODO Auto-generated catch block
+ e.printStackTrace();
+ } catch (UnsupportedEncodingException e) {
+ // TODO Auto-generated catch block
+ e.printStackTrace();
+ } catch (IOException e) {
+ // TODO Auto-generated catch block
+ e.printStackTrace();
+ } catch (MOADatabaseException e) {
+ // TODO Auto-generated catch block
+ e.printStackTrace();
+ }
+ }
+
+ protected static String addURLParameter(String url, String paramname,
+ String paramvalue) {
+ String param = paramname + "=" + paramvalue;
+ if (url.indexOf("?") < 0)
+ return url + "?" + param;
+ else
+ return url + "&" + param;
+ }
+
+ public boolean needAuthentication(IRequest req, HttpServletRequest httpReq,
+ HttpServletResponse httpResp) {
+ return true;
+ }
+
+ public String getDefaultActionName() {
+ return SAML1Protocol.GETARTIFACT;
+ }
+
+}
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/saml1/GetArtifactServlet.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/saml1/GetArtifactServlet.java
new file mode 100644
index 000000000..433302b4f
--- /dev/null
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/saml1/GetArtifactServlet.java
@@ -0,0 +1,135 @@
+package at.gv.egovernment.moa.id.protocols.saml1;
+
+import java.io.IOException;
+
+import javax.servlet.ServletException;
+import javax.servlet.http.HttpServletRequest;
+import javax.servlet.http.HttpServletResponse;
+import javax.servlet.http.HttpSession;
+
+import org.apache.commons.lang.StringEscapeUtils;
+
+import at.gv.egovernment.moa.id.AuthenticationException;
+import at.gv.egovernment.moa.id.BuildException;
+import at.gv.egovernment.moa.id.auth.WrongParametersException;
+import at.gv.egovernment.moa.id.auth.data.AuthenticationSession;
+import at.gv.egovernment.moa.id.auth.servlet.AuthServlet;
+import at.gv.egovernment.moa.id.config.ConfigurationException;
+import at.gv.egovernment.moa.id.moduls.AuthenticationManager;
+import at.gv.egovernment.moa.id.util.ParamValidatorUtils;
+import at.gv.egovernment.moa.logging.Logger;
+import at.gv.egovernment.moa.util.URLEncoder;
+
+public class GetArtifactServlet extends AuthServlet {
+
+ /**
+ *
+ */
+ private static final long serialVersionUID = 3593264832041467899L;
+
+ /**
+ * Constructor for GetArtifactServlet.
+ */
+ public GetArtifactServlet() {
+ super();
+ }
+
+ @Override
+ protected void doGet(HttpServletRequest req, HttpServletResponse resp)
+ throws ServletException, IOException {
+ HttpSession httpSession = req.getSession();
+
+
+
+// AuthenticationSession session = AuthenticationManager
+// .getAuthenticationSession(httpSession);
+//
+// String oaURL = (String) req.getAttribute(PARAM_OA);
+// oaURL = StringEscapeUtils.escapeHtml(oaURL);
+//
+// String target = (String) req.getAttribute(PARAM_TARGET);
+// target = StringEscapeUtils.escapeHtml(target);
+//
+// try {
+//
+// // check parameter
+// if (!ParamValidatorUtils.isValidOA(oaURL))
+// throw new WrongParametersException("StartAuthentication",
+// PARAM_OA, "auth.12");
+//
+// if (oaURL == null) {
+// oaURL = session.getOAURLRequested();
+// }
+//
+// if (oaURL == null) {
+// throw new WrongParametersException("StartAuthentication",
+// PARAM_OA, "auth.12");
+// }
+//
+// String samlArtifactBase64 = SAML1AuthenticationServer
+// .BuildSAMLArtifact(session);
+//
+// String redirectURL = oaURL;
+// session.getOAURLRequested();
+// if (!session.getBusinessService()) {
+// redirectURL = addURLParameter(redirectURL, PARAM_TARGET,
+// URLEncoder.encode(session.getTarget(), "UTF-8"));
+//
+// }
+// redirectURL = addURLParameter(redirectURL, PARAM_SAMLARTIFACT,
+// URLEncoder.encode(samlArtifactBase64, "UTF-8"));
+// redirectURL = resp.encodeRedirectURL(redirectURL);
+//
+// resp.setContentType("text/html");
+// resp.setStatus(302);
+//
+// resp.addHeader("Location", redirectURL);
+// Logger.debug("REDIRECT TO: " + redirectURL);
+//
+// // CONFIRMATION FOR SSO!
+// /*
+// * OAAuthParameter oaParam =
+// * AuthConfigurationProvider.getInstance().
+// * getOnlineApplicationParameter(oaURL);
+// *
+// * String friendlyName = oaParam.getFriendlyName(); if(friendlyName
+// * == null) { friendlyName = oaURL; }
+// *
+// *
+// * LoginConfirmationBuilder builder = new
+// * LoginConfirmationBuilder();
+// * builder.addParameter(PARAM_SAMLARTIFACT, samlArtifactBase64);
+// * String form = builder.finish(oaURL, session.getIdentityLink()
+// * .getName(), friendlyName);
+// */
+//
+// /*
+// resp.setContentType("text/html");
+//
+// OutputStream out = resp.getOutputStream();
+// out.write(form.getBytes("UTF-8"));
+// out.flush();
+// out.close();*/
+//
+// } catch (WrongParametersException ex) {
+// handleWrongParameters(ex, req, resp);
+// } catch (ConfigurationException e) {
+// // TODO Auto-generated catch block
+// e.printStackTrace();
+// } catch (BuildException e) {
+// // TODO Auto-generated catch block
+// e.printStackTrace();
+// } catch (AuthenticationException e) {
+// // TODO Auto-generated catch block
+// e.printStackTrace();
+// }
+
+ }
+
+ @Override
+ protected void doPost(HttpServletRequest req, HttpServletResponse resp)
+ throws ServletException, IOException {
+ doGet(req, resp);
+ }
+
+}
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/GetAuthenticationDataService.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/saml1/GetAuthenticationDataService.java
index b5c72ef9f..1fbcb9a46 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/GetAuthenticationDataService.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/saml1/GetAuthenticationDataService.java
@@ -22,18 +22,17 @@
*/
-package at.gv.egovernment.moa.id.auth.servlet;
+package at.gv.egovernment.moa.id.protocols.saml1;
import java.util.Calendar;
import org.apache.axis.AxisFault;
+import org.apache.commons.lang3.StringEscapeUtils;
import org.w3c.dom.Element;
-
import org.w3c.dom.NodeList;
import at.gv.egovernment.moa.id.AuthenticationException;
import at.gv.egovernment.moa.id.MOAIDException;
-import at.gv.egovernment.moa.id.auth.AuthenticationServer;
import at.gv.egovernment.moa.id.auth.builder.SAMLResponseBuilder;
import at.gv.egovernment.moa.id.data.AuthenticationData;
import at.gv.egovernment.moa.id.util.MOAIDMessageProvider;
@@ -47,7 +46,7 @@ import at.gv.egovernment.moa.util.XPathUtils;
* Web service for picking up authentication data created in the MOA-ID Auth component.
*
* @author Paul Ivancsics
- * @version $Id$
+ * @version $Id: GetAuthenticationDataService.java 1233 2012-01-26 21:59:33Z kstranacher $
* @see at.gv.egovernment.moa.id.auth.AuthenticationServer#getAuthenticationData
*/
public class GetAuthenticationDataService implements Constants {
@@ -80,12 +79,12 @@ public class GetAuthenticationDataService implements Constants {
throws AxisFault {
Element request = requests[0];
- Element[] responses = new Element[1];
+ Element[] responses = new Element[1];
String requestID = "";
String statusCode = "";
String subStatusCode = null;
String statusMessageCode = null;
- String statusMessage = null;
+ String statusMessage = null;
String samlAssertion = "";
boolean useUTC = false;
if (requests.length > 1) {
@@ -109,23 +108,53 @@ public class GetAuthenticationDataService implements Constants {
subStatusCode = "samlp:TooManyResponses";
statusMessageCode = "1203";
}
+
else {
Element samlArtifactElem = (Element)samlArtifactList.item(0);
requestID = request.getAttribute("RequestID");
String samlArtifact = DOMUtils.getText(samlArtifactElem);
+ SAML1AuthenticationServer saml1server = SAML1AuthenticationServer.getInstace();
+
try {
-
- AuthenticationData authData = AuthenticationServer.getInstance().
- getAuthenticationData(samlArtifact);
+
+ AuthenticationData authData = saml1server.getSaml1AuthenticationData(samlArtifact);
- useUTC = authData.getUseUTC();
- // success
- samlAssertion = authData.getSamlAssertion();
- statusCode = "samlp:Success";
- statusMessageCode = "1200";
- }
- catch (AuthenticationException ex) {
- // no authentication data for given SAML artifact
+ useUTC = authData.getUseUTC();
+
+ // success
+ samlAssertion = authData.getSamlAssertion();
+ statusCode = "samlp:Success";
+ statusMessageCode = "1200";
+ }
+
+ catch (ClassCastException ex) {
+
+ try {
+ Throwable error = saml1server.getErrorResponse(samlArtifact);
+ statusCode = "samlp:Responder";
+ subStatusCode = "samlp:RequestDenied";
+
+ if (error instanceof MOAIDException) {
+ statusMessageCode = ((MOAIDException)error).getMessageId();
+ statusMessage = StringEscapeUtils.escapeXml(((MOAIDException)error).getMessage());
+
+ } else {
+ statusMessage = StringEscapeUtils.escapeXml(error.getMessage());
+ }
+
+
+
+ } catch (Exception e) {
+ //no authentication data for given SAML artifact
+ statusCode = "samlp:Requester";
+ subStatusCode = "samlp:ResourceNotRecognized";
+ statusMessage = ex.toString();
+ }
+
+ }
+
+ catch (AuthenticationException ex) {
+ //no authentication data for given SAML artifact
statusCode = "samlp:Requester";
subStatusCode = "samlp:ResourceNotRecognized";
statusMessage = ex.toString();
@@ -137,10 +166,12 @@ public class GetAuthenticationDataService implements Constants {
statusCode = "samlp:Requester";
statusMessageCode = "1204";
}
- }
+ }
+
try {
String responseID = Random.nextRandom();
String issueInstant = DateTimeUtils.buildDateTime(Calendar.getInstance(), useUTC);
+
if (statusMessage == null)
statusMessage = MOAIDMessageProvider.getInstance().getMessage(statusMessageCode, null);
responses[0] = new SAMLResponseBuilder().build(
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/saml1/SAML1AuthenticationServer.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/saml1/SAML1AuthenticationServer.java
new file mode 100644
index 000000000..fec2d2b35
--- /dev/null
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/saml1/SAML1AuthenticationServer.java
@@ -0,0 +1,522 @@
+package at.gv.egovernment.moa.id.protocols.saml1;
+
+import java.io.IOException;
+import java.util.Date;
+import java.util.List;
+
+import javax.xml.parsers.ParserConfigurationException;
+import javax.xml.transform.TransformerException;
+
+import org.w3c.dom.Element;
+import org.xml.sax.SAXException;
+
+import at.gv.egovernment.moa.id.AuthenticationException;
+import at.gv.egovernment.moa.id.BuildException;
+import at.gv.egovernment.moa.id.ParseException;
+import at.gv.egovernment.moa.id.ServiceException;
+import at.gv.egovernment.moa.id.auth.AuthenticationServer;
+import at.gv.egovernment.moa.id.auth.builder.AuthenticationDataAssertionBuilder;
+import at.gv.egovernment.moa.id.auth.builder.BPKBuilder;
+import at.gv.egovernment.moa.id.auth.builder.PersonDataBuilder;
+import at.gv.egovernment.moa.id.auth.builder.SAMLArtifactBuilder;
+import at.gv.egovernment.moa.id.auth.data.AuthenticationSession;
+import at.gv.egovernment.moa.id.auth.data.ExtendedSAMLAttribute;
+import at.gv.egovernment.moa.id.auth.data.IdentityLink;
+import at.gv.egovernment.moa.id.auth.parser.SAMLArtifactParser;
+import at.gv.egovernment.moa.id.auth.validator.ValidateException;
+import at.gv.egovernment.moa.id.auth.validator.parep.ParepUtils;
+import at.gv.egovernment.moa.id.commons.db.dao.config.OASAML1;
+import at.gv.egovernment.moa.id.commons.db.ex.MOADatabaseException;
+import at.gv.egovernment.moa.id.config.ConfigurationException;
+import at.gv.egovernment.moa.id.config.auth.OAAuthParameter;
+import at.gv.egovernment.moa.id.data.AuthenticationData;
+import at.gv.egovernment.moa.id.moduls.IRequest;
+import at.gv.egovernment.moa.id.storage.AssertionStorage;
+import at.gv.egovernment.moa.logging.Logger;
+import at.gv.egovernment.moa.util.Base64Utils;
+import at.gv.egovernment.moa.util.Constants;
+import at.gv.egovernment.moa.util.DOMUtils;
+import at.gv.egovernment.moa.util.StringUtils;
+
+public class SAML1AuthenticationServer extends AuthenticationServer {
+
+ private static SAML1AuthenticationServer instance;
+
+ public static SAML1AuthenticationServer getInstace() {
+ if (instance == null)
+ instance = new SAML1AuthenticationServer();
+
+ return instance;
+ }
+
+ //private static Map authenticationDataStore = new HashMap();
+ private static AssertionStorage authenticationDataStore = AssertionStorage.getInstance();
+
+
+ //TODO: make this time configurable
+ /**
+ * time out in milliseconds used by {@link cleanup} for authentication data
+ * store
+ */
+ private static final long authDataTimeOut = 2 * 60 * 1000; // default 2 minutes
+
+
+ public Throwable getErrorResponse(String samlArtifact) throws AuthenticationException {
+ try {
+ new SAMLArtifactParser(samlArtifact).parseAssertionHandle();
+
+ } catch (ParseException ex) {
+ throw new AuthenticationException("1205", new Object[] {
+ samlArtifact, ex.toString() });
+ }
+ Throwable error = null;
+ synchronized (authenticationDataStore) {
+ try {
+ error = authenticationDataStore
+ .get(samlArtifact, Throwable.class);
+
+ authenticationDataStore.remove(samlArtifact);
+
+ } catch (MOADatabaseException e) {
+ Logger.error("Assertion not found for SAML Artifact: " + samlArtifact);
+ throw new AuthenticationException("1206", new Object[] { samlArtifact });
+ }
+
+ }
+
+ return error;
+ }
+
+ /**
+ * Retrieves <code>AuthenticationData</code> indexed by the SAML artifact.
+ * The <code>AuthenticationData</code> is deleted from the store upon end of
+ * this call.
+ *
+ * @return <code>AuthenticationData</code>
+ */
+ public AuthenticationData getSaml1AuthenticationData(String samlArtifact)
+ throws AuthenticationException {
+ try {
+ new SAMLArtifactParser(samlArtifact).parseAssertionHandle();
+
+ } catch (ParseException ex) {
+ throw new AuthenticationException("1205", new Object[] {
+ samlArtifact, ex.toString() });
+ }
+ AuthenticationData authData = null;
+ synchronized (authenticationDataStore) {
+ // System.out.println("assertionHandle: " + assertionHandle);
+
+ try {
+ authData = authenticationDataStore
+ .get(samlArtifact, AuthenticationData.class);
+
+ } catch (MOADatabaseException e) {
+ Logger.error("Assertion not found for SAML Artifact: " + samlArtifact);
+ throw new AuthenticationException("1206", new Object[] { samlArtifact });
+ }
+ }
+
+ boolean keepAssertion = false;
+
+ //removed from MOA-ID 2.0 config
+// try {
+// String boolStr = AuthConfigurationProvider.getInstance()
+// .getGenericConfigurationParameter(
+// "AuthenticationServer.KeepAssertion");
+// if (null != boolStr && boolStr.equalsIgnoreCase("true"))
+// keepAssertion = true;// Only allowed for debug purposes!!!
+//
+// } catch (ConfigurationException ex) {
+// throw new AuthenticationException("1205", new Object[] {
+// samlArtifact, ex.toString() });
+// }
+ if (!keepAssertion) {
+ authenticationDataStore.remove(samlArtifact);
+ }
+
+ long now = new Date().getTime();
+
+ if (now - authData.getTimestamp().getTime() > authDataTimeOut)
+ throw new AuthenticationException("1207", new Object[] { samlArtifact });
+
+ Logger.debug("Assertion delivered for SAML Artifact: " + samlArtifact);
+
+ return authData;
+ }
+
+ public String BuildErrorAssertion(Throwable error, IRequest protocolRequest)
+ throws BuildException, MOADatabaseException {
+
+ String samlArtifact = new SAMLArtifactBuilder().build(
+ protocolRequest.getOAURL(), protocolRequest.getRequestID(),
+ null);
+
+ authenticationDataStore.put(samlArtifact, error);
+
+ return samlArtifact;
+ }
+
+ public String BuildSAMLArtifact(AuthenticationSession session,
+ OAAuthParameter oaParam,
+ AuthenticationData authData)
+ throws ConfigurationException, BuildException, AuthenticationException {
+
+ //Load SAML1 Parameter from OA config
+ OASAML1 saml1parameter = oaParam.getSAML1Parameter();
+
+ boolean useCondition = saml1parameter.isUseCondition();
+ int conditionLength = saml1parameter.getConditionLength().intValue();
+
+ try {
+
+ //set BASE64 encoded signer certificate
+ String signerCertificateBase64 = "";
+ if (saml1parameter.isProvideCertificate()) {
+ byte[] signerCertificate = session.getEncodedSignerCertificate();
+ if (signerCertificate != null) {
+
+ signerCertificateBase64 = Base64Utils
+ .encode(signerCertificate);
+ } else {
+ Logger.info("\"provideCertificate\" is \"true\", but no signer certificate available");
+ }
+ }
+
+ //set prPersion
+ boolean provideStammzahl = saml1parameter.isProvideStammzahl();
+ String prPerson = new PersonDataBuilder().build(authData.getIdentityLink(),
+ provideStammzahl);
+
+ //set Authblock
+ String authBlock = saml1parameter.isProvideAUTHBlock() ? session
+ .getAuthBlock() : "";
+
+ //set IdentityLink for assortion
+ String ilAssertion = saml1parameter.isProvideIdentityLink() ? authData.getIdentityLink()
+ .getSerializedSamlAssertion()
+ : "";
+ if (!saml1parameter.isProvideStammzahl()) {
+ ilAssertion = StringUtils.replaceAll(ilAssertion, authData.getIdentityLink()
+ .getIdentificationValue(), "");
+ }
+
+ String samlAssertion;
+
+ if (session.getUseMandate()) {
+ List oaAttributes = session.getExtendedSAMLAttributesOA();
+
+ if (saml1parameter.isProvideFullMandatorData()) {
+
+ try {
+
+ ExtendedSAMLAttribute[] extendedSAMLAttributes = addExtendedSamlAttributes(
+ session.getMISMandate(), oaParam.getBusinessService(),
+ saml1parameter.isProvideStammzahl());
+
+ if (extendedSAMLAttributes != null) {
+
+ String identifier = "MISService";
+ String friendlyName ="MISService";
+
+ int length = extendedSAMLAttributes.length;
+ for (int i = 0; i < length; i++) {
+ ExtendedSAMLAttribute samlAttribute = extendedSAMLAttributes[i];
+
+ Object value = verifySAMLAttribute(samlAttribute, i, identifier,
+ friendlyName);
+
+ if ((value instanceof String) || (value instanceof Element)) {
+ switch (samlAttribute.getAddToAUTHBlock()) {
+ case ExtendedSAMLAttribute.ADD_TO_AUTHBLOCK:
+ replaceExtendedSAMLAttribute(oaAttributes, samlAttribute);
+ break;
+ case ExtendedSAMLAttribute.NOT_ADD_TO_AUTHBLOCK:
+ replaceExtendedSAMLAttribute(oaAttributes, samlAttribute);
+ break;
+ default:
+ Logger
+ .info("Invalid return value from method \"getAddToAUTHBlock()\" ("
+ + samlAttribute.getAddToAUTHBlock()
+ + ") in SAML attribute number "
+ + (i + 1)
+ + " for infobox " + identifier);
+ throw new ValidateException("validator.47", new Object[] {
+ friendlyName, String.valueOf((i + 1)) });
+ }
+ } else {
+ Logger
+ .info("The type of SAML-Attribute number "
+ + (i + 1)
+ + " returned from "
+ + identifier
+ + "-infobox validator is not valid. Must be either \"java.Lang.String\""
+ + " or \"org.w3c.dom.Element\"");
+ throw new ValidateException("validator.46", new Object[] {
+ identifier, String.valueOf((i + 1)) });
+ }
+ }
+ }
+
+ } catch (SAXException e) {
+ throw new AuthenticationException("auth.16",
+ new Object[] { GET_MIS_SESSIONID }, e);
+ } catch (IOException e) {
+ throw new AuthenticationException("auth.16",
+ new Object[] { GET_MIS_SESSIONID }, e);
+ } catch (ParserConfigurationException e) {
+ throw new AuthenticationException("auth.16",
+ new Object[] { GET_MIS_SESSIONID }, e);
+ } catch (TransformerException e) {
+ throw new AuthenticationException("auth.16",
+ new Object[] { GET_MIS_SESSIONID }, e);
+ }
+ }
+
+ String mandateDate = generateMandateDate(session, oaParam, authData);
+
+ samlAssertion = new AuthenticationDataAssertionBuilder().buildMandate(
+ authData,
+ prPerson,
+ mandateDate,
+ authBlock,
+ ilAssertion,
+ session.getBkuURL(),
+ signerCertificateBase64,
+ oaParam.getBusinessService(),
+ oaAttributes,
+ useCondition,
+ conditionLength);
+
+ } else {
+ samlAssertion = new AuthenticationDataAssertionBuilder().build(
+ authData,
+ prPerson,
+ authBlock,
+ ilAssertion,
+ session.getBkuURL(),
+ signerCertificateBase64,
+ oaParam.getBusinessService(),
+ session.getExtendedSAMLAttributesOA(),
+ useCondition,
+ conditionLength);
+ }
+
+ authData.setSamlAssertion(samlAssertion);
+
+ String samlArtifact = new SAMLArtifactBuilder().build(
+ session.getAuthURL(), session.getSessionID(),
+ saml1parameter.getSourceID());
+
+ storeAuthenticationData(samlArtifact, authData);
+
+ Logger.info("Anmeldedaten zu MOASession " + session.getSessionID()
+ + " angelegt, SAML Artifakt " + samlArtifact);
+ return samlArtifact;
+
+ } catch (Throwable ex) {
+ throw new BuildException("builder.00", new Object[] {
+ "AuthenticationData", ex.toString() }, ex);
+ }
+
+ }
+
+ private String generateMandateDate(AuthenticationSession session,
+ OAAuthParameter oaParam, AuthenticationData authData
+ ) throws AuthenticationException, BuildException,
+ ParseException, ConfigurationException, ServiceException,
+ ValidateException {
+
+ if (session == null)
+ throw new AuthenticationException("auth.10", new Object[] {
+ REQ_VERIFY_AUTH_BLOCK, PARAM_SESSIONID });
+
+ //AuthenticationSession session = getSession(sessionID);
+ // AuthConfigurationProvider authConf =
+ // AuthConfigurationProvider.getInstance();
+
+ IdentityLink tempIdentityLink = null;
+
+ Element mandate = session.getMandate();
+
+ if (session.getUseMandate()) {
+ tempIdentityLink = new IdentityLink();
+ Element mandator = ParepUtils.extractMandator(mandate);
+ String dateOfBirth = "";
+ Element prPerson = null;
+ String familyName = "";
+ String givenName = "";
+ String identificationType = "";
+ String identificationValue = "";
+ if (mandator != null) {
+ boolean physical = ParepUtils.isPhysicalPerson(mandator);
+ if (physical) {
+ familyName = ParepUtils.extractText(mandator,
+ "descendant-or-self::pr:Name/pr:FamilyName/text()");
+ givenName = ParepUtils.extractText(mandator,
+ "descendant-or-self::pr:Name/pr:GivenName/text()");
+ dateOfBirth = ParepUtils
+ .extractMandatorDateOfBirth(mandator);
+ } else {
+ familyName = ParepUtils.extractMandatorFullName(mandator);
+ }
+ identificationType = ParepUtils.getIdentification(mandator,
+ "Type");
+ identificationValue = ParepUtils.extractMandatorWbpk(mandator);
+
+ prPerson = ParepUtils.extractPrPersonOfMandate(mandate);
+ if (physical
+ && oaParam.getBusinessService()
+ && identificationType != null
+ && Constants.URN_PREFIX_BASEID
+ .equals(identificationType)) {
+ // now we calculate the wbPK and do so if we got it from the
+ // BKU
+
+
+ //load IdentityLinkDomainType from OAParam
+ String type = oaParam.getIdentityLinkDomainIdentifier();
+ if (type.startsWith(Constants.URN_PREFIX_WBPK + "+"))
+ identificationType = type;
+ else
+ identificationType = Constants.URN_PREFIX_WBPK + "+"
+ + type;
+
+
+ identificationValue = new BPKBuilder().buildWBPK(
+ identificationValue, identificationType);
+ ParepUtils
+ .HideStammZahlen(prPerson, true, null, null, true);
+ }
+
+ tempIdentityLink.setDateOfBirth(dateOfBirth);
+ tempIdentityLink.setFamilyName(familyName);
+ tempIdentityLink.setGivenName(givenName);
+ tempIdentityLink.setIdentificationType(identificationType);
+ tempIdentityLink.setIdentificationValue(identificationValue);
+ tempIdentityLink.setPrPerson(prPerson);
+ try {
+ tempIdentityLink.setSamlAssertion(authData.getIdentityLink()
+ .getSamlAssertion());
+ } catch (Exception e) {
+ throw new ValidateException("validator.64", null);
+ }
+
+ }
+
+ }
+
+ Element mandatePerson = tempIdentityLink.getPrPerson();
+
+ String mandateData = null;
+ try {
+
+ boolean provideStammzahl = oaParam.getSAML1Parameter().isProvideStammzahl();
+
+ String oatargetType;
+
+ if(oaParam.getBusinessService()) {
+ oatargetType = AuthenticationSession.REGISTERANDORDNR_PREFIX_+session.getDomainIdentifier();
+
+ } else {
+ oatargetType = AuthenticationSession.TARGET_PREFIX_ + oaParam.getTarget();
+ }
+
+ Element prIdentification = (Element) mandatePerson
+ .getElementsByTagNameNS(Constants.PD_NS_URI,
+ "Identification").item(0);
+
+ if (!oatargetType.equals(tempIdentityLink.getIdentificationType())) {
+
+ String isPrPerson = mandatePerson.getAttribute("xsi:type");
+
+ if (!StringUtils.isEmpty(isPrPerson)) {
+ if (isPrPerson.equalsIgnoreCase("pr:PhysicalPerson")) {
+ String baseid = getBaseId(mandatePerson);
+ Element identificationBpK = createIdentificationBPK(mandatePerson,
+ baseid, oaParam.getTarget());
+
+ if (!provideStammzahl) {
+ prIdentification.getFirstChild().setTextContent("");
+ }
+
+ mandatePerson.insertBefore(identificationBpK,
+ prIdentification);
+ }
+ }
+
+ } else {
+
+// Element identificationBpK = mandatePerson.getOwnerDocument()
+// .createElementNS(Constants.PD_NS_URI, "Identification");
+// Element valueBpK = mandatePerson.getOwnerDocument().createElementNS(
+// Constants.PD_NS_URI, "Value");
+//
+// valueBpK.appendChild(mandatePerson.getOwnerDocument().createTextNode(
+// tempIdentityLink.getIdentificationValue()));
+// Element typeBpK = mandatePerson.getOwnerDocument().createElementNS(
+// Constants.PD_NS_URI, "Type");
+// typeBpK.appendChild(mandatePerson.getOwnerDocument().createTextNode(
+// "urn:publicid:gv.at:cdid+bpk"));
+// identificationBpK.appendChild(valueBpK);
+// identificationBpK.appendChild(typeBpK);
+//
+// mandatePerson.insertBefore(identificationBpK, prIdentification);
+ }
+
+
+ mandateData = DOMUtils.serializeNode(mandatePerson);
+
+ } catch (TransformerException e1) {
+ throw new AuthenticationException("auth.16",
+ new Object[] { GET_MIS_SESSIONID });
+ } catch (IOException e1) {
+ throw new AuthenticationException("auth.16",
+ new Object[] { GET_MIS_SESSIONID });
+ }
+
+ return mandateData;
+ }
+
+
+
+
+ /**
+ * Stores authentication data indexed by the assertion handle contained in
+ * the given saml artifact.
+ *
+ * @param samlArtifact
+ * SAML artifact
+ * @param authData
+ * authentication data
+ * @throws AuthenticationException
+ * when SAML artifact is invalid
+ */
+ private void storeAuthenticationData(String samlArtifact,
+ AuthenticationData authData) throws AuthenticationException {
+
+ try {
+ SAMLArtifactParser parser = new SAMLArtifactParser(samlArtifact);
+ // check type code 0x0001
+ byte[] typeCode = parser.parseTypeCode();
+ if (typeCode[0] != 0 || typeCode[1] != 1)
+ throw new AuthenticationException("auth.06",
+ new Object[] { samlArtifact });
+ parser.parseAssertionHandle();
+
+ synchronized (authenticationDataStore) {
+ Logger.debug("Assertion stored for SAML Artifact: "
+ + samlArtifact);
+ authenticationDataStore.put(samlArtifact, authData);
+ }
+
+ } catch (AuthenticationException ex) {
+ throw ex;
+
+ } catch (Throwable ex) {
+ throw new AuthenticationException("auth.06",
+ new Object[] { samlArtifact });
+ }
+ }
+
+}
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/saml1/SAML1Protocol.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/saml1/SAML1Protocol.java
new file mode 100644
index 000000000..a310b16ff
--- /dev/null
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/saml1/SAML1Protocol.java
@@ -0,0 +1,175 @@
+package at.gv.egovernment.moa.id.protocols.saml1;
+
+import java.util.ArrayList;
+import java.util.HashMap;
+import java.util.List;
+
+import javax.servlet.http.HttpServletRequest;
+import javax.servlet.http.HttpServletResponse;
+
+import org.apache.commons.lang.StringEscapeUtils;
+
+import at.gv.egovernment.moa.id.AuthenticationException;
+import at.gv.egovernment.moa.id.MOAIDException;
+import at.gv.egovernment.moa.id.auth.MOAIDAuthConstants;
+import at.gv.egovernment.moa.id.auth.WrongParametersException;
+import at.gv.egovernment.moa.id.auth.servlet.RedirectServlet;
+import at.gv.egovernment.moa.id.config.auth.AuthConfigurationProvider;
+import at.gv.egovernment.moa.id.config.auth.OAAuthParameter;
+import at.gv.egovernment.moa.id.moduls.IAction;
+import at.gv.egovernment.moa.id.moduls.IModulInfo;
+import at.gv.egovernment.moa.id.moduls.IRequest;
+import at.gv.egovernment.moa.id.moduls.ServletInfo;
+import at.gv.egovernment.moa.id.moduls.ServletType;
+import at.gv.egovernment.moa.id.moduls.RequestImpl;
+import at.gv.egovernment.moa.id.util.ParamValidatorUtils;
+import at.gv.egovernment.moa.logging.Logger;
+import at.gv.egovernment.moa.util.URLEncoder;
+
+public class SAML1Protocol implements IModulInfo, MOAIDAuthConstants {
+
+ public static final String NAME = SAML1Protocol.class.getName();
+ public static final String PATH = "id_saml1";
+
+ public static final String GETARTIFACT = "GetArtifact";
+
+ private static List<ServletInfo> servletList = new ArrayList<ServletInfo>();
+
+ private static HashMap<String, IAction> actions = new HashMap<String, IAction>();
+
+ static {
+ servletList.add(new ServletInfo(GetArtifactServlet.class, GETARTIFACT,
+ ServletType.AUTH));
+
+ actions.put(GETARTIFACT, new GetArtifactAction());
+
+ instance = new SAML1Protocol();
+ }
+
+ private static SAML1Protocol instance = null;
+
+ public static SAML1Protocol getInstance() {
+ if (instance == null) {
+ instance = new SAML1Protocol();
+ }
+ return instance;
+ }
+
+ public List<ServletInfo> getServlets() {
+ return servletList;
+ }
+
+
+ public String getName() {
+ return NAME;
+ }
+
+ public String getPath() {
+ return PATH;
+ }
+
+ public IRequest preProcess(HttpServletRequest request,
+ HttpServletResponse response, String action) throws MOAIDException {
+ RequestImpl config = new RequestImpl();
+ String oaURL = (String) request.getParameter(PARAM_OA);
+ oaURL = StringEscapeUtils.escapeHtml(oaURL);
+
+ String target = (String) request.getParameter(PARAM_TARGET);
+ target = StringEscapeUtils.escapeHtml(target);
+
+ //the target parameter is used to define the OA in SAML1 standard
+ if (target != null && target.startsWith("http")) {
+ oaURL = target;
+ target = null;
+ }
+
+ if (!ParamValidatorUtils.isValidOA(oaURL))
+ throw new WrongParametersException("StartAuthentication", PARAM_OA,
+ "auth.12");
+ config.setOAURL(oaURL);
+
+ //load Target only from OA config
+ OAAuthParameter oaParam = AuthConfigurationProvider.getInstance()
+ .getOnlineApplicationParameter(oaURL);
+
+ if (oaParam == null)
+ throw new AuthenticationException("auth.00",
+ new Object[] { oaURL });
+
+ config.setTarget(oaParam.getTarget());
+
+
+ //TODO: set reauthenticate if OA.useSSO=false
+
+ request.getSession().setAttribute(PARAM_OA, oaURL);
+ request.getSession().setAttribute(PARAM_TARGET, oaParam.getTarget());
+ return config;
+ }
+
+ public boolean generateErrorMessage(Throwable e,
+ HttpServletRequest request, HttpServletResponse response,
+ IRequest protocolRequest)
+ throws Throwable{
+
+ SAML1AuthenticationServer saml1authentication = SAML1AuthenticationServer.getInstace();
+
+ String samlArtifactBase64 = saml1authentication.BuildErrorAssertion(e, protocolRequest);
+
+ String url = "RedirectServlet";
+ url = addURLParameter(url, RedirectServlet.REDIRCT_PARAM_URL, URLEncoder.encode(protocolRequest.getOAURL(), "UTF-8"));
+ url = addURLParameter(url, PARAM_SAMLARTIFACT, URLEncoder.encode(samlArtifactBase64, "UTF-8"));
+ url = response.encodeRedirectURL(url);
+
+ response.setContentType("text/html");
+ response.setStatus(302);
+ response.addHeader("Location", url);
+ Logger.debug("REDIRECT TO: " + url);
+
+ return true;
+ }
+
+ public IAction getAction(String action) {
+ return actions.get(action);
+ }
+
+ public IAction canHandleRequest(HttpServletRequest request,
+ HttpServletResponse response) {
+ return null;
+ }
+
+ public boolean validate(HttpServletRequest request,
+ HttpServletResponse response, IRequest pending) {
+
+ //TODO: funktioniert so nicht!!!
+
+// String oaURL = (String) request.getParameter(PARAM_OA);
+// oaURL = StringEscapeUtils.escapeHtml(oaURL);
+// String target = (String) request.getParameter(PARAM_TARGET);
+// target = StringEscapeUtils.escapeHtml(target);
+//
+// //the target parameter is used to define the OA in SAML1 standard
+// if (target.startsWith("http")) {
+// oaURL = target;
+// target = null;
+// }
+//
+// if (oaURL != null) {
+// if (oaURL.equals(pending.getOAURL()))
+// return true;
+// else
+// return false;
+// }
+
+ return true;
+ }
+
+ protected static String addURLParameter(String url, String paramname,
+ String paramvalue) {
+ String param = paramname + "=" + paramvalue;
+ if (url.indexOf("?") < 0)
+ return url + "?" + param;
+ else
+ return url + "&" + param;
+ }
+
+}
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/proxy/DefaultConnectionBuilder.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/proxy/DefaultConnectionBuilder.java
index c1e64dd53..e1bd38d68 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/proxy/DefaultConnectionBuilder.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/proxy/DefaultConnectionBuilder.java
@@ -63,9 +63,11 @@ public class DefaultConnectionBuilder implements ConnectionBuilder {
* @throws ConfigurationException on any config error
*/
public DefaultConnectionBuilder() throws ConfigurationException {
- cbDisableHostnameVerification = BoolUtils.valueOf(
- ProxyConfigurationProvider.getInstance().getGenericConfigurationParameter(
- "ProxyComponent.DisableHostnameVerification"));
+ //INFO: removed from MOA-ID 2.0 config
+ cbDisableHostnameVerification = false;
+// cbDisableHostnameVerification = BoolUtils.valueOf(
+// ProxyConfigurationProvider.getInstance().getGenericConfigurationParameter(
+// "ProxyComponent.DisableHostnameVerification"));
//TODO MOA-ID BRZ undocumented feature
if (cbDisableHostnameVerification)
Logger.warn("ProxyComponent.DisableHostnameVerification: " + cbDisableHostnameVerification);
@@ -113,7 +115,7 @@ public class DefaultConnectionBuilder implements ConnectionBuilder {
//conn.setAllowUserInteraction(true);
conn.setInstanceFollowRedirects(false);
- // JSSE Abhängigkeit
+ // JSSE Abhängigkeit
if (conn instanceof HttpsURLConnection && sslSocketFactory != null) {
HttpsURLConnection httpsConn = (HttpsURLConnection) conn;
httpsConn.setSSLSocketFactory(sslSocketFactory);
@@ -187,7 +189,7 @@ public class DefaultConnectionBuilder implements ConnectionBuilder {
* Hostname Verification Check
*/
- // JSSE Abhängigkeit
+ // JSSE Abhängigkeit
private class HostnameNonVerifier implements HostnameVerifier {
public boolean verify(String hostname, SSLSession session) {
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/proxy/DefaultLoginParameterResolver.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/proxy/DefaultLoginParameterResolver.java
index 7a356aaf0..03b012a27 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/proxy/DefaultLoginParameterResolver.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/proxy/DefaultLoginParameterResolver.java
@@ -136,8 +136,10 @@ public class DefaultLoginParameterResolver implements LoginParameterResolver {
return authData.getDateOfBirth();
if (predicate.equals(MOABPK))
return authData.getBPK();
- if (predicate.equals(MOAWBPK))
- return authData.getWBPK();
+
+ //AuthData holdes the correct BPK/WBPK
+ if (predicate.equals(MOAWBPK))
+ return authData.getBPK();
if (predicate.equals(MOAPublicAuthority))
if (authData.isPublicAuthority())
return "true";
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/proxy/ElakConnectionBuilder.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/proxy/ElakConnectionBuilder.java
index 29c8b3bca..1243960ac 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/proxy/ElakConnectionBuilder.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/proxy/ElakConnectionBuilder.java
@@ -86,9 +86,12 @@ public class ElakConnectionBuilder implements ConnectionBuilder {
* @throws ConfigurationException on any config error
*/
public ElakConnectionBuilder() throws ConfigurationException {
- cbDisableHostnameVerification = BoolUtils.valueOf(
- ProxyConfigurationProvider.getInstance().getGenericConfigurationParameter(
- "ProxyComponent.DisableHostnameVerification"));
+
+ //INFO: removed from MOA-ID 2.0 config
+ cbDisableHostnameVerification = false;
+// cbDisableHostnameVerification = BoolUtils.valueOf(
+// ProxyConfigurationProvider.getInstance().getGenericConfigurationParameter(
+// "ProxyComponent.DisableHostnameVerification"));
//TODO MOA-ID BRZ undocumented feature
if (cbDisableHostnameVerification)
Logger.warn("ProxyComponent.DisableHostnameVerification: " + cbDisableHostnameVerification);
@@ -204,7 +207,7 @@ public class ElakConnectionBuilder implements ConnectionBuilder {
//conn.setUseCaches(false);
webDavConn.setAllowUserInteraction(true);
webDavConn.setInstanceFollowRedirects(false);
- // JSSE Abhängigkeit
+ // JSSE Abhängigkeit
if (conn instanceof HttpsURLConnection && sslSocketFactory != null) {
HttpsURLConnection httpsConn = (HttpsURLConnection) conn;
httpsConn.setSSLSocketFactory(sslSocketFactory);
@@ -258,7 +261,7 @@ public class ElakConnectionBuilder implements ConnectionBuilder {
* A private class to change the standard HostName verifier to disable the
* Hostname Verification Check
*/
-//JSSE Abhängigkeit
+//JSSE Abhängigkeit
private class HostnameNonVerifier implements HostnameVerifier {
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/proxy/EnhancedConnectionBuilder.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/proxy/EnhancedConnectionBuilder.java
index 023b2c272..9bbef8aa9 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/proxy/EnhancedConnectionBuilder.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/proxy/EnhancedConnectionBuilder.java
@@ -46,7 +46,7 @@ import at.gv.egovernment.moa.util.BoolUtils;
/**
* Outlook Web Access (OWA) Implementierung von <code>ConnectionBuilder</code>.
- * uses the HTTP(s)Client from Ronald Tschalär.
+ * uses the HTTP(s)Client from Ronald Tschalär.
* origin version (without https support) is available at http://www.innovation.ch/java/HTTPClient/
*
* @author pdanner
@@ -79,9 +79,12 @@ public class EnhancedConnectionBuilder implements ConnectionBuilder {
* @throws ConfigurationException on any config error
*/
public EnhancedConnectionBuilder() throws ConfigurationException {
- cbDisableHostnameVerification = BoolUtils.valueOf(
- ProxyConfigurationProvider.getInstance().getGenericConfigurationParameter(
- "ProxyComponent.DisableHostnameVerification"));
+
+ //INFO: removed from MOA-ID 2.0 config
+ cbDisableHostnameVerification = false;
+// cbDisableHostnameVerification = BoolUtils.valueOf(
+// ProxyConfigurationProvider.getInstance().getGenericConfigurationParameter(
+// "ProxyComponent.DisableHostnameVerification"));
//TODO MOA-ID BRZ undocumented feature
if (cbDisableHostnameVerification)
Logger.warn("ProxyComponent.DisableHostnameVerification: " + cbDisableHostnameVerification);
@@ -168,7 +171,7 @@ public class EnhancedConnectionBuilder implements ConnectionBuilder {
* A private class to change the standard HostName verifier to disable the
* Hostname Verification Check
*/
- // JSSE Abhängigkeit
+ // JSSE Abhängigkeit
private class HostnameNonVerifier implements HostnameVerifier {
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/proxy/MOAIDProxyInitializer.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/proxy/MOAIDProxyInitializer.java
index 61f38412e..e075c99ef 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/proxy/MOAIDProxyInitializer.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/proxy/MOAIDProxyInitializer.java
@@ -33,7 +33,7 @@ import java.security.GeneralSecurityException;
import javax.net.ssl.SSLSocketFactory;
import at.gv.egovernment.moa.id.config.ConfigurationException;
-import at.gv.egovernment.moa.id.config.ConnectionParameter;
+import at.gv.egovernment.moa.id.config.legacy.ConnectionParameter;
import at.gv.egovernment.moa.id.config.proxy.OAProxyParameter;
import at.gv.egovernment.moa.id.config.proxy.ProxyConfigurationProvider;
import at.gv.egovernment.moa.id.iaik.config.LoggerConfigImpl;
@@ -91,8 +91,10 @@ public class MOAIDProxyInitializer {
ConnectionParameter connParamAuth = proxyConf.getAuthComponentConnectionParameter();
if (connParamAuth!=null) {
if (connParamAuth.isHTTPSURL()) {
- SSLSocketFactory ssf = SSLUtils.getSSLSocketFactory(proxyConf, connParamAuth);
- AxisSecureSocketFactory.initialize(ssf);
+
+ //TODO: einkommentieren!!!!
+ //SSLSocketFactory ssf = SSLUtils.getSSLSocketFactory(proxyConf, connParamAuth);
+ //AxisSecureSocketFactory.initialize(ssf);
}
} else {
throw new ConfigurationException("config.16", null);
@@ -104,8 +106,10 @@ public class MOAIDProxyInitializer {
for (int i = 0; i < oaParams.length; i++) {
OAProxyParameter oaParam = oaParams[i];
ConnectionParameter oaConnParam = oaParam.getConnectionParameter();
- if (oaConnParam.isHTTPSURL())
- SSLUtils.getSSLSocketFactory(proxyConf, oaConnParam);
+ if (oaConnParam.isHTTPSURL());
+
+ //TODO: einkommentieren!!!!
+ //SSLUtils.getSSLSocketFactory(proxyConf, oaConnParam);
}
// Initializes the ConnectionBuilderFactory from configuration data
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/proxy/XMLLoginParameterResolverEncryptedData.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/proxy/XMLLoginParameterResolverEncryptedData.java
index 1fc257ea8..1a466c520 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/proxy/XMLLoginParameterResolverEncryptedData.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/proxy/XMLLoginParameterResolverEncryptedData.java
@@ -499,8 +499,10 @@ public class XMLLoginParameterResolverEncryptedData implements LoginParameterRes
return authData.getDateOfBirth();
if (predicate.equals("MOABPK"))
return authData.getBPK();
+
+ //AuthData holdes the correct BPK/WBPK
if (predicate.equals("MOAWBPK"))
- return authData.getWBPK();
+ return authData.getBPK();
if (predicate.equals("MOAPublicAuthority"))
if (authData.isPublicAuthority())
return "true";
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/proxy/XMLLoginParameterResolverPlainData.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/proxy/XMLLoginParameterResolverPlainData.java
index 6f698770c..b904161a1 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/proxy/XMLLoginParameterResolverPlainData.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/proxy/XMLLoginParameterResolverPlainData.java
@@ -324,8 +324,10 @@ public class XMLLoginParameterResolverPlainData
return authData.getDateOfBirth();
if(predicate.equals(MOABPK))
return authData.getBPK();
+
+ //AuthData holds the correct BPK/WBPK
if(predicate.equals(MOAWBPK))
- return authData.getWBPK();
+ return authData.getBPK();
if(predicate.equals(MOAPublicAuthority))
if(authData.isPublicAuthority())
return "true";
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/proxy/invoke/GetAuthenticationDataInvoker.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/proxy/invoke/GetAuthenticationDataInvoker.java
index fa455b4ef..6cb7ffdfc 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/proxy/invoke/GetAuthenticationDataInvoker.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/proxy/invoke/GetAuthenticationDataInvoker.java
@@ -41,7 +41,7 @@ import at.gv.egovernment.moa.id.BuildException;
import at.gv.egovernment.moa.id.ParseException;
import at.gv.egovernment.moa.id.ServiceException;
import at.gv.egovernment.moa.id.config.ConfigurationException;
-import at.gv.egovernment.moa.id.config.ConnectionParameter;
+import at.gv.egovernment.moa.id.config.legacy.ConnectionParameter;
import at.gv.egovernment.moa.id.config.proxy.ProxyConfigurationProvider;
import at.gv.egovernment.moa.id.data.AuthenticationData;
import at.gv.egovernment.moa.id.data.SAMLStatus;
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/proxy/parser/AuthenticationDataAssertionParser.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/proxy/parser/AuthenticationDataAssertionParser.java
index f2aca057a..1589f1440 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/proxy/parser/AuthenticationDataAssertionParser.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/proxy/parser/AuthenticationDataAssertionParser.java
@@ -130,7 +130,7 @@ public class AuthenticationDataAssertionParser implements Constants {
try {
AuthenticationData authData = new AuthenticationData();
- //ÄNDERN: NUR der Identification-Teil
+ //ÄNDERN: NUR der Identification-Teil
authData.setSamlAssertion(DOMUtils.serializeNode(samlAssertion));
authData.setMajorVersion(new Integer(
XPathUtils.getAttributeValue(samlAssertion, MAJOR_VERSION_XPATH, "-1")).intValue());
@@ -143,10 +143,17 @@ public class AuthenticationDataAssertionParser implements Constants {
authData.setIssueInstant(
XPathUtils.getAttributeValue(samlAssertion, ISSUE_INSTANT_XPATH, ""));
String pkValue = XPathUtils.getElementValue(samlAssertion, PK_XPATH, "");
+
+
+ //TODO: set pBK and Type
if (XPathUtils.getAttributeValue(samlAssertion, NAME_QUALIFIER_XPATH, "").equalsIgnoreCase(URN_PREFIX_BPK)) {
- authData.setBPK(pkValue);
+ //bPK
+ authData.setBPK(Constants.URN_PREFIX_BPK);
+
} else {
- authData.setWBPK(pkValue);
+ //wbPK
+ authData.setBPK(pkValue);
+ authData.setBPKType(XPathUtils.getElementValue(samlAssertion, IDENTIFICATION_TYPE_XPATH, ""));
}
authData.setIdentificationValue(
XPathUtils.getElementValue(samlAssertion, IDENTIFICATION_VALUE_XPATH, ""));
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/proxy/servlet/ProxyServlet.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/proxy/servlet/ProxyServlet.java
index a55e02cdd..ddaab7a28 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/proxy/servlet/ProxyServlet.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/proxy/servlet/ProxyServlet.java
@@ -55,7 +55,7 @@ import at.gv.egovernment.moa.id.MOAIDException;
import at.gv.egovernment.moa.id.ParseException;
import at.gv.egovernment.moa.id.ServiceException;
import at.gv.egovernment.moa.id.config.ConfigurationException;
-import at.gv.egovernment.moa.id.config.ConnectionParameter;
+import at.gv.egovernment.moa.id.config.legacy.ConnectionParameter;
import at.gv.egovernment.moa.id.config.proxy.OAConfiguration;
import at.gv.egovernment.moa.id.config.proxy.OAProxyParameter;
import at.gv.egovernment.moa.id.config.proxy.ProxyConfigurationProvider;
@@ -265,7 +265,9 @@ public class ProxyServlet extends HttpServlet {
// setup SSLSocketFactory for communication with the online application
if (oaConnParam.isHTTPSURL()) {
try {
- ssf = SSLUtils.getSSLSocketFactory(proxyConf, oaConnParam);
+
+ //TODO: einkommentieren!!!!
+ //ssf = SSLUtils.getSSLSocketFactory(proxyConf, oaConnParam);
} catch (Throwable ex) {
throw new ProxyException(
"proxy.05",
@@ -440,7 +442,7 @@ private int tunnelRequest(HttpServletRequest req, HttpServletResponse resp, Map
}
}
- /* Soll auch bei anderen bindings zuerst ein passwort probiert werden können:
+ /* Soll auch bei anderen bindings zuerst ein passwort probiert werden k�nnen:
//if we have the first Login-Try and we have Binding to Username and a predefined Password we try this one first
// full binding will be covered by next block
if (loginTry==1 && !OAConfiguration.BINDUNG_FULL.equals(binding)) {
@@ -662,7 +664,7 @@ private int tunnelRequest(HttpServletRequest req, HttpServletResponse resp, Map
}
}
-// // Überschrift im Browser-Passworteingabedialog setzen (sonst ist der reale host eingetragen)
+// // Ãœberschrift im Browser-Passworteingabedialog setzen (sonst ist der reale host eingetragen)
// if (headerKey.equalsIgnoreCase("WWW-Authenticate") && headerValue.startsWith("Basic realm=\"")) {
// headerValue = "Basic realm=\"" + publicURLPrefix + "\"";
// if (OAConfiguration.BINDUNG_USERNAME.equals(originBinding) || OAConfiguration.BINDUNG_NOMATCH.equals(originBinding)) {
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/storage/AssertionStorage.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/storage/AssertionStorage.java
new file mode 100644
index 000000000..b01a6a36e
--- /dev/null
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/storage/AssertionStorage.java
@@ -0,0 +1,156 @@
+package at.gv.egovernment.moa.id.storage;
+
+import iaik.util.logging.Log;
+
+import java.io.Serializable;
+import java.util.Date;
+import java.util.List;
+
+import org.apache.commons.lang.SerializationUtils;
+import org.hibernate.HibernateException;
+import org.hibernate.Query;
+import org.hibernate.Session;
+
+import at.gv.egovernment.moa.id.commons.db.MOASessionDBUtils;
+import at.gv.egovernment.moa.id.commons.db.dao.session.AssertionStore;
+import at.gv.egovernment.moa.id.commons.db.ex.MOADatabaseException;
+import at.gv.egovernment.moa.logging.Logger;
+import at.gv.egovernment.moa.util.MiscUtil;
+
+public class AssertionStorage {
+
+ private static AssertionStorage instance = null;
+
+ public static AssertionStorage getInstance() {
+ if(instance == null) {
+ instance = new AssertionStorage();
+ }
+ return instance;
+ }
+
+ public boolean containsKey(String artifact) {
+ try {
+ searchInDatabase(artifact);
+ return true;
+
+ } catch (MOADatabaseException e) {
+ return false;
+ }
+
+ }
+
+ public void put(String artifact, Object assertion) throws MOADatabaseException {
+ //setup AssertionStore element
+ AssertionStore element = new AssertionStore();
+ element.setArtifact(artifact);
+ element.setType(assertion.getClass().getName());
+ element.setDatatime(new Date());
+
+ //serialize the Assertion for Database storage
+ byte[] data = SerializationUtils.serialize((Serializable) assertion);
+ element.setAssertion(data);
+
+ //store AssertionStore element to Database
+ try {
+ MOASessionDBUtils.saveOrUpdate(element);
+ Log.info("Assertion with Artifact=" + artifact + " is stored in Database");
+
+ } catch (MOADatabaseException e) {
+ Logger.warn("Assertion could not be stored.");
+ throw new MOADatabaseException(e);
+ }
+
+ }
+
+ public <T> T get(String artifact, final Class<T> clazz) throws MOADatabaseException {
+
+ AssertionStore element = searchInDatabase(artifact);
+
+ //Deserialize Assertion
+ Object data = SerializationUtils.deserialize(element.getAssertion());
+
+ //check if assertion has the correct class type
+ try {
+ @SuppressWarnings("unchecked")
+ T test = (T) Class.forName(element.getType()).cast(data);
+ return test;
+
+ } catch (Exception e) {
+ Log.warn("Assertion Cast-Exception by using Artifact=" + artifact);
+ throw new MOADatabaseException("Assertion Cast-Exception");
+ }
+ }
+
+ public void clean(long now, long authDataTimeOut) {
+ Date expioredate = new Date(now - authDataTimeOut);
+
+ List<AssertionStore> results;
+ Session session = MOASessionDBUtils.getCurrentSession();
+
+ synchronized (session) {
+ session.beginTransaction();
+ Query query = session.getNamedQuery("getAssertionWithTimeOut");
+ query.setTimestamp("timeout", expioredate);
+ results = query.list();
+ session.getTransaction().commit();
+ }
+
+ if (results.size() != 0) {
+ for(AssertionStore result : results) {
+ try {
+ MOASessionDBUtils.delete(result);
+ Logger.info("Remove Assertion with Artifact=" + result.getArtifact()
+ + " after assertion timeout.");
+
+ } catch (HibernateException e){
+ Logger.warn("Assertion with Artifact=" + result.getArtifact()
+ + " not removed after timeout! (Error during Database communication)", e);
+ }
+
+ }
+ }
+ }
+
+ public void remove(String artifact) {
+
+ try {
+ AssertionStore element = searchInDatabase(artifact);
+ MOASessionDBUtils.delete(element);
+
+ } catch (MOADatabaseException e) {
+ Logger.info("Assertion not removed! (Assertion with Artifact=" + artifact
+ + "not found)");
+
+ } catch (HibernateException e) {
+ Logger.warn("Assertion not removed! (Error during Database communication)", e);
+ }
+ }
+
+ @SuppressWarnings("rawtypes")
+ private AssertionStore searchInDatabase(String artifact) throws MOADatabaseException {
+ MiscUtil.assertNotNull(artifact, "artifact");
+ Logger.trace("Getting Assertion with Artifact " + artifact + " from database.");
+ Session session = MOASessionDBUtils.getCurrentSession();
+ List result;
+
+ synchronized (session) {
+ session.beginTransaction();
+ Query query = session.getNamedQuery("getAssertionWithArtifact");
+ query.setString("artifact", artifact);
+ result = query.list();
+
+ //send transaction
+ session.getTransaction().commit();
+ }
+
+ Logger.trace("Found entries: " + result.size());
+
+ //Assertion requires an unique artifact
+ if (result.size() != 1) {
+ Logger.trace("No entries found.");
+ throw new MOADatabaseException("No Assertion found with this Artifact");
+ }
+
+ return (AssertionStore) result.get(0);
+ }
+}
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/storage/AuthenticationSessionStoreage.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/storage/AuthenticationSessionStoreage.java
new file mode 100644
index 000000000..498188ffe
--- /dev/null
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/storage/AuthenticationSessionStoreage.java
@@ -0,0 +1,496 @@
+package at.gv.egovernment.moa.id.storage;
+
+import iaik.util.logging.Log;
+
+import java.io.Serializable;
+import java.util.Date;
+import java.util.HashMap;
+import java.util.Iterator;
+import java.util.List;
+import java.util.Set;
+
+import org.apache.commons.lang.SerializationUtils;
+import org.hibernate.HibernateException;
+import org.hibernate.Query;
+import org.hibernate.Session;
+import org.hibernate.Transaction;
+
+import at.gv.egovernment.moa.id.AuthenticationException;
+import at.gv.egovernment.moa.id.BuildException;
+import at.gv.egovernment.moa.id.MOAIDException;
+import at.gv.egovernment.moa.id.auth.data.AuthenticationSession;
+import at.gv.egovernment.moa.id.commons.db.MOASessionDBUtils;
+import at.gv.egovernment.moa.id.commons.db.dao.session.AssertionStore;
+import at.gv.egovernment.moa.id.commons.db.dao.session.AuthenticatedSessionStore;
+import at.gv.egovernment.moa.id.commons.db.dao.session.OASessionStore;
+import at.gv.egovernment.moa.id.commons.db.dao.session.OldSSOSessionIDStore;
+import at.gv.egovernment.moa.id.commons.db.ex.MOADatabaseException;
+import at.gv.egovernment.moa.id.util.Random;
+import at.gv.egovernment.moa.id.util.SessionEncrytionUtil;
+import at.gv.egovernment.moa.logging.Logger;
+import at.gv.egovernment.moa.util.MiscUtil;
+
+public class AuthenticationSessionStoreage {
+
+ //private static HashMap<String, AuthenticationSession> sessionStore = new HashMap<String, AuthenticationSession>();
+
+ public static boolean isAuthenticated(String moaSessionID) {
+
+ AuthenticatedSessionStore session;
+
+ try {
+ session = searchInDatabase(moaSessionID);
+ return session.isAuthenticated();
+
+ } catch (MOADatabaseException e) {
+ return false;
+ }
+ }
+
+ public static void setAuthenticated(String moaSessionID, boolean value) {
+
+ AuthenticatedSessionStore session;
+
+ try {
+ session = searchInDatabase(moaSessionID);
+ session.setAuthenticated(value);
+ MOASessionDBUtils.saveOrUpdate(session);
+
+
+ } catch (MOADatabaseException e) {
+ Logger.warn("isAuthenticated can not be stored in MOASession " + moaSessionID, e);
+ }
+ }
+
+ public static AuthenticationSession createSession() throws MOADatabaseException {
+ String id = Random.nextRandom();
+ AuthenticationSession session = new AuthenticationSession(id);
+
+ AuthenticatedSessionStore dbsession = new AuthenticatedSessionStore();
+ dbsession.setSessionid(id);
+ dbsession.setAuthenticated(false);
+
+ //set Timestamp in this state, because automated timestamp generation is buggy in Hibernate 4.2.1
+ dbsession.setCreated(new Date());
+ dbsession.setUpdated(new Date());
+
+ dbsession.setSession(SerializationUtils.serialize(session));
+
+ //store AssertionStore element to Database
+ try {
+ MOASessionDBUtils.saveOrUpdate(dbsession);
+ Log.info("MOASession with sessionID=" + id + " is stored in Database");
+
+ } catch (MOADatabaseException e) {
+ Logger.warn("MOASession could not be created.");
+ throw new MOADatabaseException(e);
+ }
+
+ return session;
+ }
+
+ public static void storeSession(AuthenticationSession session) throws MOADatabaseException, BuildException {
+
+ try {
+ AuthenticatedSessionStore dbsession = searchInDatabase(session.getSessionID());
+ dbsession.setAuthenticated(session.isAuthenticated());
+ byte[] serialized = SerializationUtils.serialize(session);
+
+ dbsession.setSession(SessionEncrytionUtil.encrypt(serialized));
+
+ //set Timestamp in this state, because automated timestamp generation is buggy in Hibernate 4.2.1
+ dbsession.setUpdated(new Date());
+
+ MOASessionDBUtils.saveOrUpdate(dbsession);
+ Log.info("MOASession with sessionID=" + session.getSessionID() + " is stored in Database");
+
+ } catch (MOADatabaseException e) {
+ Logger.warn("MOASession could not be stored.");
+ throw new MOADatabaseException(e);
+ }
+ }
+
+ public static void storeSession(AuthenticationSession session, String pendingRequestID) throws MOADatabaseException, BuildException {
+
+ try {
+ AuthenticatedSessionStore dbsession = searchInDatabase(session.getSessionID());
+ dbsession.setPendingRequestID(pendingRequestID);
+
+ dbsession.setAuthenticated(session.isAuthenticated());
+ byte[] serialized = SerializationUtils.serialize(session);
+
+ dbsession.setSession(SessionEncrytionUtil.encrypt(serialized));
+
+ //set Timestamp in this state, because automated timestamp generation is buggy in Hibernate 4.2.1
+ dbsession.setUpdated(new Date());
+
+ MOASessionDBUtils.saveOrUpdate(dbsession);
+ Log.info("MOASession with sessionID=" + session.getSessionID() + " is stored in Database");
+
+ } catch (MOADatabaseException e) {
+ Logger.warn("MOASession could not be stored.");
+ throw new MOADatabaseException(e);
+ }
+ }
+
+
+ public static void destroySession(String moaSessionID) throws MOADatabaseException {
+
+ Session session = MOASessionDBUtils.getCurrentSession();
+
+ List result;
+
+ synchronized (session) {
+
+ session.beginTransaction();
+ Query query = session.getNamedQuery("getSessionWithID");
+ query.setString("sessionid", moaSessionID);
+ result = query.list();
+
+
+ Logger.trace("Found entries: " + result.size());
+
+ //Assertion requires an unique artifact
+ if (result.size() != 1) {
+ Logger.trace("No entries found.");
+ throw new MOADatabaseException("No session found with this sessionID");
+ }
+
+ AuthenticatedSessionStore dbsession = (AuthenticatedSessionStore) result.get(0);
+
+ //delete MOA Session
+ session.delete(dbsession);
+ session.getTransaction().commit();
+ }
+
+ }
+
+// public static void dumpSessionStore() {
+// synchronized (sessionStore) {
+// Set<String> keys = sessionStore.keySet();
+// Iterator<String> keyIterator = keys.iterator();
+// while(keyIterator.hasNext()) {
+// String key = keyIterator.next();
+// AuthenticationSession session = sessionStore.get(key);
+// Logger.info("Key: " + key + " -> " + session.toString());
+// }
+// }
+// }
+
+ public static String changeSessionID(AuthenticationSession session)
+ throws AuthenticationException, BuildException {
+
+ try {
+ AuthenticatedSessionStore dbsession = searchInDatabase(session.getSessionID());
+
+ String id = Random.nextRandom();
+ session.setSessionID(id);
+
+ dbsession.setSessionid(id);
+ dbsession.setAuthenticated(session.isAuthenticated());
+
+ byte[] serialized = SerializationUtils.serialize(session);
+
+ dbsession.setSession(SessionEncrytionUtil.encrypt(serialized));
+
+ //set Timestamp in this state, because automated timestamp generation is buggy in Hibernate 4.2.1
+ dbsession.setUpdated(new Date());
+
+ MOASessionDBUtils.saveOrUpdate(dbsession);
+
+ return id;
+
+ } catch (MOADatabaseException e) {
+ throw new AuthenticationException("TODO!", null);
+ }
+ }
+
+ public static void addSSOInformation(String moaSessionID, String SSOSessionID,
+ String OAUrl) throws AuthenticationException {
+
+ AuthenticatedSessionStore dbsession;
+ Transaction tx = null;
+
+ try {
+
+ Session session = MOASessionDBUtils.getCurrentSession();
+ List result;
+
+ synchronized (session) {
+
+ tx = session.beginTransaction();
+ Query query = session.getNamedQuery("getSessionWithID");
+ query.setString("sessionid", moaSessionID);
+ result = query.list();
+
+
+ Logger.trace("Found entries: " + result.size());
+
+ //Assertion requires an unique artifact
+ if (result.size() != 1) {
+ Logger.trace("No entries found.");
+ throw new MOADatabaseException("No session found with this sessionID");
+ }
+
+ dbsession = (AuthenticatedSessionStore) result.get(0);
+
+ //set active OA applications
+ OASessionStore activeOA = new OASessionStore();
+ activeOA.setOaurlprefix(OAUrl);
+ activeOA.setMoasession(dbsession);
+ activeOA.setCreated(new Date());
+
+ List<OASessionStore> activeOAs = dbsession.getActiveOAsessions();
+ activeOAs.add(activeOA);
+ dbsession.setActiveOAsessions(activeOAs);
+
+
+ //Store used SSOId
+ if (dbsession.getSSOsessionid() != null) {
+ OldSSOSessionIDStore oldSSOId = new OldSSOSessionIDStore();
+ oldSSOId.setOldsessionid(dbsession.getSSOsessionid());
+ oldSSOId.setMoasession(dbsession);
+
+ List<OldSSOSessionIDStore> oldSSOIds = dbsession.getOldssosessionids();
+ oldSSOIds.add(oldSSOId);
+ }
+
+ dbsession.setSSOSession(true);
+ dbsession.setSSOsessionid(SSOSessionID);
+ dbsession.setAuthenticated(false);
+ dbsession.setPendingRequestID("");
+
+ //Store MOASession
+ session.saveOrUpdate(dbsession);
+
+ //send transaction
+ tx.commit();
+ }
+
+ } catch (MOADatabaseException e) {
+ throw new AuthenticationException("No MOASession found with Id="+moaSessionID, null);
+
+ } catch(HibernateException e) {
+ Logger.warn("Error during database saveOrUpdate. Rollback.", e);
+ tx.rollback();
+ throw new AuthenticationException("SSO Session information can not be stored! --> SSO is deactivated", null);
+ }
+ }
+
+
+ public static AuthenticationSession getSession(String sessionID) throws MOADatabaseException {
+
+ try {
+ AuthenticatedSessionStore dbsession = searchInDatabase(sessionID);
+
+ //decrypt Session
+ byte[] decrypted = SessionEncrytionUtil.decrypt(dbsession.getSession());
+
+ AuthenticationSession session = (AuthenticationSession) SerializationUtils.deserialize(decrypted);
+
+ return session;
+
+ } catch (MOADatabaseException e) {
+ Logger.info("No MOA Session with id: " + sessionID);
+ throw new MOADatabaseException("No MOA Session with id: " + sessionID);
+
+ } catch (Throwable e) {
+ Log.warn("MOASession deserialization-exception by using MOASessionID=" + sessionID);
+ throw new MOADatabaseException("MOASession deserialization-exception");
+ }
+ }
+
+ public static boolean isSSOSession(String sessionID) throws MOADatabaseException {
+ try {
+ AuthenticatedSessionStore dbsession = searchInDatabase(sessionID);
+ return dbsession.isSSOSession();
+
+ } catch (MOADatabaseException e) {
+ Logger.info("No MOA Session with id: " + sessionID);
+ throw new MOADatabaseException("No MOA Session with id: " + sessionID);
+ }
+
+
+ }
+
+ public static String getMOASessionID(String SSOSessionID) {
+ MiscUtil.assertNotNull(SSOSessionID, "moasessionID");
+ Logger.trace("Get authenticated session with SSOID " + SSOSessionID + " from database.");
+ Session session = MOASessionDBUtils.getCurrentSession();
+
+ List<AuthenticatedSessionStore> result;
+
+ synchronized (session) {
+ session.beginTransaction();
+ Query query = session.getNamedQuery("getSessionWithSSOID");
+ query.setString("sessionid", SSOSessionID);
+ result = query.list();
+
+ //send transaction
+ session.getTransaction().commit();
+ }
+
+ Logger.trace("Found entries: " + result.size());
+
+ //Assertion requires an unique artifact
+ if (result.size() != 1) {
+ Logger.trace("No entries found.");
+ return null;
+
+ } else {
+ return result.get(0).getSessionid();
+
+ }
+
+ }
+
+ public static boolean isValidSessionWithSSOID(String SSOId, String moaSessionId) {
+
+ MiscUtil.assertNotNull(SSOId, "SSOSessionID");
+ Logger.trace("Get authenticated session with SSOID " + SSOId + " from database.");
+ Session session = MOASessionDBUtils.getCurrentSession();
+
+ List<AuthenticatedSessionStore> result;
+
+ synchronized (session) {
+ session.beginTransaction();
+ Query query = session.getNamedQuery("getSessionWithSSOID");
+ query.setString("sessionid", SSOId);
+ result = query.list();
+
+ //send transaction
+ session.getTransaction().commit();
+ }
+
+ Logger.trace("Found entries: " + result.size());
+
+ //Assertion requires an unique artifact
+ if (result.size() != 1) {
+ Logger.trace("No entries found.");
+ return false;
+
+ } else {
+ return true;
+
+// AuthenticatedSessionStore dbsession = result.get(0);
+//
+//
+// if (dbsession.getSessionid().equals(moaSessionId) && dbsession.isAuthenticated()) {
+// Log.info("Found SSO Session Cookie for MOA Session =" + moaSessionId);
+// return true;
+//
+// } else {
+// Log.warn("Found SSO Session with ID="+ dbsession.getSessionid()
+// + " but this Session does not match to MOA Sesson ID=" + moaSessionId);
+// }
+//
+// return false;
+ }
+
+ }
+
+ public static boolean deleteSessionWithPendingRequestID(String id) {
+ MiscUtil.assertNotNull(id, "PendingRequestID");
+ Logger.trace("Delete MOAsession with PendingRequestID " + id + " from database.");
+ Session session = MOASessionDBUtils.getCurrentSession();
+
+ List<AuthenticatedSessionStore> result;
+
+ synchronized (session) {
+ session.beginTransaction();
+ Query query = session.getNamedQuery("getSessionWithPendingRequestID");
+ query.setString("sessionid", id);
+ result = query.list();
+
+ //send transaction
+ session.getTransaction().commit();
+ }
+
+ Logger.trace("Found entries: " + result.size());
+
+ //Assertion requires an unique artifact
+ if (result.size() != 1) {
+ Logger.trace("No entries found.");
+ return false;
+
+ } else {
+ MOASessionDBUtils.delete(result.get(0));
+ return true;
+ }
+
+
+ }
+
+ public static String getPendingRequestID(String sessionID) {
+ try {
+ AuthenticatedSessionStore dbsession = searchInDatabase(sessionID);
+ return dbsession.getPendingRequestID();
+
+ } catch (MOADatabaseException e) {
+ Logger.warn("MOASession with ID " + sessionID + " not found");
+ return "";
+ }
+
+ }
+
+ public static void clean(long now, long authDataTimeOutCreated, long authDataTimeOutUpdated) {
+ Date expioredatecreate = new Date(now - authDataTimeOutCreated);
+ Date expioredateupdate = new Date(now - authDataTimeOutUpdated);
+
+ List<AuthenticatedSessionStore> results;
+ Session session = MOASessionDBUtils.getCurrentSession();
+
+ synchronized (session) {
+ session.beginTransaction();
+ Query query = session.getNamedQuery("getMOAISessionsWithTimeOut");
+ query.setTimestamp("timeoutcreate", expioredatecreate);
+ query.setTimestamp("timeoutupdate", expioredateupdate);
+ results = query.list();
+ session.getTransaction().commit();
+ }
+
+ if (results.size() != 0) {
+ for(AuthenticatedSessionStore result : results) {
+ try {
+ MOASessionDBUtils.delete(result);
+ Logger.info("Authenticated session with sessionID=" + result.getSessionid()
+ + " after session timeout.");
+
+ } catch (HibernateException e){
+ Logger.warn("Authenticated session with sessionID=" + result.getSessionid()
+ + " not removed after timeout! (Error during Database communication)", e);
+ }
+
+ }
+ }
+ }
+
+ @SuppressWarnings("rawtypes")
+ private static AuthenticatedSessionStore searchInDatabase(String sessionID) throws MOADatabaseException {
+ MiscUtil.assertNotNull(sessionID, "moasessionID");
+ Logger.trace("Get authenticated session with sessionID " + sessionID + " from database.");
+ Session session = MOASessionDBUtils.getCurrentSession();
+
+ List result;
+
+ synchronized (session) {
+ session.beginTransaction();
+ Query query = session.getNamedQuery("getSessionWithID");
+ query.setString("sessionid", sessionID);
+ result = query.list();
+
+ //send transaction
+ session.getTransaction().commit();
+ }
+
+ Logger.trace("Found entries: " + result.size());
+
+ //Assertion requires an unique artifact
+ if (result.size() != 1) {
+ Logger.trace("No entries found.");
+ throw new MOADatabaseException("No session found with this sessionID");
+ }
+
+ return (AuthenticatedSessionStore) result.get(0);
+ }
+}
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/storage/ExceptionStoreImpl.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/storage/ExceptionStoreImpl.java
new file mode 100644
index 000000000..5ea3be837
--- /dev/null
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/storage/ExceptionStoreImpl.java
@@ -0,0 +1,36 @@
+package at.gv.egovernment.moa.id.storage;
+
+import java.util.HashMap;
+import java.util.Map;
+
+import at.gv.egovernment.moa.id.util.Random;
+
+public class ExceptionStoreImpl implements IExceptionStore {
+
+ // Just a quick implementation
+ private static IExceptionStore store;
+
+ public static IExceptionStore getStore() {
+ if(store == null) {
+ store = new ExceptionStoreImpl();
+ }
+ return store;
+ }
+
+ private Map<String, Throwable> exceptionStore = new HashMap<String, Throwable>();
+
+ public String storeException(Throwable e) {
+ String id = Random.nextRandom();
+ exceptionStore.put(id, e);
+ return id;
+ }
+
+ public Throwable fetchException(String id) {
+ return exceptionStore.get(id);
+ }
+
+ public void removeException(String id) {
+ exceptionStore.remove(id);
+ }
+
+}
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/storage/IExceptionStore.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/storage/IExceptionStore.java
new file mode 100644
index 000000000..5c51fff73
--- /dev/null
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/storage/IExceptionStore.java
@@ -0,0 +1,7 @@
+package at.gv.egovernment.moa.id.storage;
+
+public interface IExceptionStore {
+ public String storeException(Throwable e);
+ public Throwable fetchException(String id);
+ public void removeException(String id);
+}
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/util/HTTPSessionUtils.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/util/HTTPSessionUtils.java
new file mode 100644
index 000000000..1e9cb9024
--- /dev/null
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/util/HTTPSessionUtils.java
@@ -0,0 +1,70 @@
+package at.gv.egovernment.moa.id.util;
+
+import java.util.Enumeration;
+import java.util.HashMap;
+import java.util.Iterator;
+import java.util.Set;
+
+import javax.servlet.http.HttpSession;
+
+public class HTTPSessionUtils {
+
+// public static HashMap<String, Object> extractAllProperties(HttpSession session) {
+// @SuppressWarnings("unchecked")
+// Enumeration<String> keys = (Enumeration<String>)session.getAttributeNames();
+// HashMap<String, Object> properties = new HashMap<String, Object>();
+//
+// while(keys.hasMoreElements()) {
+// Object keyObject = keys.nextElement();
+// String key = keyObject.toString();
+// Object value = session.getAttribute(key);
+// properties.put(key, value);
+// }
+//
+// return properties;
+// }
+//
+// public static void pushAllProperties(HttpSession session, HashMap<String, Object> properties) {
+// Set<String> keys = properties.keySet();
+// Iterator<String> keysIterator = keys.iterator();
+// while(keysIterator.hasNext()) {
+// String key = keysIterator.next();
+// session.setAttribute(key, properties.get(key));
+// }
+// }
+//
+// public static boolean getHTTPSessionBoolean(HttpSession session, String name, boolean fallback) {
+// Object obj = session.getAttribute(name);
+// if(obj == null) {
+// return fallback;
+// }
+//
+// if(obj instanceof Boolean) {
+// Boolean b = (Boolean)obj;
+// if(b != null) {
+// return b.booleanValue();
+// }
+// }
+// return fallback;
+// }
+//
+// public static void setHTTPSessionBoolean(HttpSession session, String name, boolean value) {
+// session.setAttribute(name, new Boolean(value));
+// }
+//
+// public static String getHTTPSessionString(HttpSession session, String name, String fallback) {
+// Object obj = session.getAttribute(name);
+// if(obj == null) {
+// return fallback;
+// }
+//
+// if(obj instanceof String) {
+// return (String)obj;
+// }
+// return fallback;
+// }
+//
+// public static void setHTTPSessionString(HttpSession session, String name, String value) {
+// session.setAttribute(name, value);
+// }
+}
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/util/MandateBuilder.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/util/MandateBuilder.java
new file mode 100644
index 000000000..b56a54c90
--- /dev/null
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/util/MandateBuilder.java
@@ -0,0 +1,59 @@
+package at.gv.egovernment.moa.id.util;
+
+import java.util.Iterator;
+
+import javax.xml.bind.JAXBContext;
+import javax.xml.bind.JAXBException;
+import javax.xml.bind.Unmarshaller;
+
+import org.w3c.dom.Element;
+import org.w3._2000._09.xmldsig_.*;
+import at.gv.e_government.reference.namespace.*;
+import at.gv.e_government.reference.namespace.mandates._20040701_.Mandate;
+import at.gv.e_government.reference.namespace.persondata._20020228_.AbstractPersonType;
+import at.gv.e_government.reference.namespace.persondata._20020228_.IdentificationType;
+import at.gv.egovernment.moa.logging.Logger;
+import at.gv.egovernment.moa.spss.MOAException;
+import at.gv.egovernment.moa.util.Constants;
+
+@SuppressWarnings("unused")
+public class MandateBuilder {
+
+ public static final String MANDATE_DATE_OF_BIRTH_FORMAT = "yyyy-MM-dd";
+
+ public static Mandate buildMandate(Element mandate) {
+
+ try {
+ JAXBContext jc = JAXBContext.newInstance("at.gv.e_government.reference.namespace.mandates._20040701_");
+
+ Unmarshaller u = jc.createUnmarshaller();
+ Mandate mand = (Mandate) u.unmarshal(mandate);
+ return mand;
+ } catch (JAXBException e) {
+ Logger.error("Failed to parse Mandate", e);
+ }
+ return null;
+ }
+
+ public static IdentificationType getWBPKIdentification(AbstractPersonType person) {
+ Iterator<IdentificationType> typesIt = person.getIdentification().iterator();
+ while(typesIt.hasNext()) {
+ IdentificationType id = typesIt.next();
+ if(id.getType().startsWith(Constants.URN_PREFIX_WBPK)) {
+ return id;
+ }
+ }
+ return null;
+ }
+
+ public static IdentificationType getBPKIdentification(AbstractPersonType person) {
+ Iterator<IdentificationType> typesIt = person.getIdentification().iterator();
+ while(typesIt.hasNext()) {
+ IdentificationType id = typesIt.next();
+ if(id.getType().startsWith(Constants.URN_PREFIX_BPK)) {
+ return id;
+ }
+ }
+ return null;
+ }
+}
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/util/ParamValidatorUtils.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/util/ParamValidatorUtils.java
index bd79f88b7..ea823889f 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/util/ParamValidatorUtils.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/util/ParamValidatorUtils.java
@@ -41,13 +41,17 @@ import javax.xml.parsers.ParserConfigurationException;
import org.xml.sax.InputSource;
import org.xml.sax.SAXException;
+import at.gv.egovernment.moa.id.auth.MOAIDAuthConstants;
+import at.gv.egovernment.moa.id.auth.WrongParametersException;
+import at.gv.egovernment.moa.id.commons.db.dao.config.TemplateType;
import at.gv.egovernment.moa.id.config.ConfigurationException;
import at.gv.egovernment.moa.id.config.auth.AuthConfigurationProvider;
import at.gv.egovernment.moa.logging.Logger;
+import at.gv.egovernment.moa.util.MiscUtil;
import at.gv.egovernment.moa.util.StringUtils;
-public class ParamValidatorUtils {
+public class ParamValidatorUtils implements MOAIDAuthConstants{
/**
* Checks if the given target is valid
@@ -175,7 +179,7 @@ public class ParamValidatorUtils {
* @param target HTTP parameter from request
* @return
*/
- public static boolean isValidBKUURI(String bkuURI) {
+ public static boolean isValidBKUURI(String bkuURI, List<String> allowedBKUs) {
Logger.debug("Ueberpruefe Parameter bkuURI");
// if non parameter is given return true
@@ -200,9 +204,7 @@ public class ParamValidatorUtils {
}
else {
Logger.debug("Parameter bkuURI ist keine lokale BKU. Ueberpruefe Liste der vertrauenswuerdigen BKUs.");
- AuthConfigurationProvider authConf = AuthConfigurationProvider.getInstance();
- List trustedBKUs = authConf.getTrustedBKUs();
- boolean b = trustedBKUs.contains(bkuURI);
+ boolean b = allowedBKUs.contains(bkuURI);
if (b) {
Logger.debug("Parameter bkuURI erfolgreich ueberprueft");
return true;
@@ -212,10 +214,12 @@ public class ParamValidatorUtils {
return false;
}
}
-
-
}
- else {
+ else if (MOAIDAuthConstants.REQ_BKU_TYPES.contains(bkuURI)) {
+ Logger.debug("Parameter bkuURI from configuration is used.");
+ return true;
+
+ } else {
Logger.error("Fehler Ueberpruefung Parameter bkuURI. bkuURI beginnt nicht mit http or https");
return false;
}
@@ -224,10 +228,7 @@ public class ParamValidatorUtils {
} catch (MalformedURLException e) {
Logger.error("Fehler Ueberpruefung Parameter bkuURI", e);
return false;
- } catch (ConfigurationException e) {
- Logger.error("Fehler Ueberpruefung Parameter bkuURI", e);
- return false;
- }
+ }
}
@@ -237,7 +238,7 @@ public class ParamValidatorUtils {
* @param template
* @return
*/
- public static boolean isValidTemplate(HttpServletRequest req, String template) {
+ public static boolean isValidTemplate(HttpServletRequest req, String template, List<TemplateType> oaSlTemplates) {
Logger.debug("Ueberpruefe Parameter Template bzw. bkuSelectionTemplateURL");
@@ -266,7 +267,14 @@ public class ParamValidatorUtils {
else {
//check against configured trustet template urls
AuthConfigurationProvider authConf = AuthConfigurationProvider.getInstance();
- List trustedTemplateURLs = authConf.getTrustedTemplateURLs();
+ List<String> trustedTemplateURLs = authConf.getSLRequestTemplates();
+
+ //get OA specific template URLs
+ if (oaSlTemplates != null && oaSlTemplates.size() > 0) {
+ for (TemplateType el : oaSlTemplates)
+ trustedTemplateURLs.add(el.getURL());
+ }
+
boolean b = trustedTemplateURLs.contains(template);
if (b) {
Logger.debug("Parameter Template erfolgreich ueberprueft");
@@ -308,18 +316,18 @@ public class ParamValidatorUtils {
Logger.debug("Parameter MOASessionId ist null");
return true;
}
-
-
- Pattern pattern = Pattern.compile("[0-9-]*");
+
+ Pattern pattern = Pattern.compile("[0-9-]*");
Matcher matcher = pattern.matcher(sessionID);
boolean b = matcher.matches();
if (b) {
Logger.debug("Parameter MOASessionId erfolgreich ueberprueft");
return true;
}
- else {
- Logger.error("Fehler Ueberpruefung Parameter MOASessionId. MOASessionId entspricht nicht den Kriterien (nur Zeichen 0-9 und -)");
- return false;
+ else {
+ Logger.error("Fehler Ueberpruefung Parameter MOASessionId. MOASessionId entspricht nicht den Kriterien (nur Zeichen 0-9 und -)");
+ return false;
+
}
}
@@ -467,7 +475,39 @@ public class ParamValidatorUtils {
return false;
}
- }
+ }
+
+ public static boolean areAllLegacyParametersAvailable(HttpServletRequest req) {
+
+ String oaURL = req.getParameter(PARAM_OA);
+ String bkuURL = req.getParameter(PARAM_BKU);
+ String templateURL = req.getParameter(PARAM_TEMPLATE);
+ String useMandate = req.getParameter(PARAM_USEMANDATE);
+ String ccc = req.getParameter(PARAM_CCC);
+
+
+ // check parameter
+ try {
+ if (!ParamValidatorUtils.isValidOA(oaURL))
+ throw new WrongParametersException("StartAuthentication", PARAM_OA, "auth.12");
+ if (MiscUtil.isEmpty(bkuURL))
+ throw new WrongParametersException("StartAuthentication", PARAM_BKU, "auth.12");
+ if (MiscUtil.isEmpty(templateURL))
+ throw new WrongParametersException("StartAuthentication", PARAM_TEMPLATE, "auth.12");
+ if (!ParamValidatorUtils.isValidUseMandate(useMandate))
+ throw new WrongParametersException("StartAuthentication", PARAM_USEMANDATE, "auth.12");
+ if (!ParamValidatorUtils.isValidCCC(ccc))
+ throw new WrongParametersException("StartAuthentication", PARAM_CCC, "auth.12");
+
+ } catch (WrongParametersException e) {
+ return false;
+ }
+
+ if (StringUtils.isEmpty(oaURL) || StringUtils.isEmpty(templateURL) || StringUtils.isEmpty(bkuURL))
+ return false;
+ else
+ return true;
+ }
}
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/util/Random.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/util/Random.java
index d006dcdfc..f1d0ecd45 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/util/Random.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/util/Random.java
@@ -24,9 +24,16 @@
package at.gv.egovernment.moa.id.util;
+
+import iaik.security.random.SeedGenerator;
+
+import java.io.IOException;
import java.nio.ByteBuffer;
import java.security.SecureRandom;
+import at.gv.egovernment.moa.logging.Logger;
+import at.gv.egovernment.moa.util.Base64Utils;
+
/**
* Random number generator used to generate ID's
* @author Paul Ivancsics
@@ -35,21 +42,36 @@ import java.security.SecureRandom;
public class Random {
/** random number generator used */
- private static SecureRandom random = new SecureRandom();
+ //private static SecureRandom random = new SecureRandom();
+ private static SecureRandom random;
+ private static SeedGenerator seedgenerator;
+
+ static {
+ random = iaik.security.random.SHA256FIPS186Random.getDefault();
+ seedgenerator = iaik.security.random.AutoSeedGenerator.getDefault();
+
+
+ }
/**
* Creates a new random number, to be used as an ID.
*
* @return random long as a String
*/
public static String nextRandom() {
-
- byte[] b = new byte[16]; // 16 bytes = 128 bits
- random.nextBytes(b);
-
- ByteBuffer bb = ByteBuffer.wrap(b);
- long l = bb.getLong();
+ byte[] b = new byte[32]; // 32 bytes = 256 bits
+ random.nextBytes(b);
+
+ ByteBuffer bb = ByteBuffer.wrap(b);
+ long l = bb.getLong();
+ return "" + l;
+
+
+ }
+
+ public static void seedRandom() {
- return "" + l;
+ if (seedgenerator.seedAvailable())
+ random.setSeed(seedgenerator.getSeed());
}
}
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/util/SSLUtils.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/util/SSLUtils.java
index a0add1054..a6619fc11 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/util/SSLUtils.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/util/SSLUtils.java
@@ -79,7 +79,7 @@ public class SSLUtils {
*/
public static void initialize() {
sslSocketFactories = new HashMap();
- // JSSE Abhängigkeit
+ // JSSE Abhängigkeit
//Security.addProvider(new com.sun.net.ssl.internal.ssl.Provider());
Security.addProvider(new IAIK());
//System.setProperty("java.protocol.handler.pkgs", "com.sun.net.ssl.internal.www.protocol");
@@ -154,9 +154,7 @@ public class SSLUtils {
PKIConfiguration cfg = null;
if (! PKIFactory.getInstance().isAlreadyConfigured())
cfg = new PKIConfigurationImpl(conf);
- String boolString = conf.getGenericConfigurationParameter(ConfigurationProvider.TRUST_MANAGER_REVOCATION_CHECKING);
- //not using BoolUtils because default value hast to be true!
- boolean checkRevocation = !("false".equals(boolString) || "0".equals(boolString));
+ boolean checkRevocation = conf.isTrustmanagerrevoationchecking();
PKIProfile profile = new PKIProfileImpl(trustStoreURL, checkRevocation);
// This call fixes a bug occuring when PKIConfiguration is
// initialized by the MOA-SP initialization code, in case
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/util/ServletUtils.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/util/ServletUtils.java
index 2ff9e5210..db6d7aa53 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/util/ServletUtils.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/util/ServletUtils.java
@@ -31,6 +31,7 @@ import java.io.IOException;
import java.io.OutputStream;
import java.net.URLEncoder;
+import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import at.gv.egovernment.moa.id.MOAIDException;
@@ -145,5 +146,17 @@ public class ServletUtils {
Logger.debug("Finished POST " + servletName);
}
-
+
+ public static String getBaseUrl( HttpServletRequest request ) {
+ if ( ( request.getServerPort() == 80 ) ||
+ ( request.getServerPort() == 443 ) )
+ return request.getScheme() + "://" +
+ request.getServerName() +
+ request.getContextPath();
+ else
+ return request.getScheme() + "://" +
+ request.getServerName() + ":" + request.getServerPort() +
+ request.getContextPath();
+ }
+
}
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/util/SessionEncrytionUtil.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/util/SessionEncrytionUtil.java
new file mode 100644
index 000000000..1f8c31bb5
--- /dev/null
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/util/SessionEncrytionUtil.java
@@ -0,0 +1,83 @@
+package at.gv.egovernment.moa.id.util;
+
+import java.security.InvalidKeyException;
+import java.security.NoSuchAlgorithmException;
+import java.security.spec.InvalidKeySpecException;
+import java.security.spec.KeySpec;
+
+import javax.crypto.Cipher;
+import javax.crypto.NoSuchPaddingException;
+import javax.crypto.SecretKey;
+import javax.crypto.SecretKeyFactory;
+import javax.crypto.spec.PBEKeySpec;
+import javax.crypto.spec.SecretKeySpec;
+
+import at.gv.egovernment.moa.id.BuildException;
+import at.gv.egovernment.moa.id.config.auth.AuthConfigurationProvider;
+import at.gv.egovernment.moa.logging.Logger;
+
+public class SessionEncrytionUtil {
+
+ static SecretKey secret = null;
+
+ static {
+ try {
+ String key = AuthConfigurationProvider.getInstance().getMOASessionEncryptionKey();
+
+ if (key != null) {
+ SecretKeyFactory factory;
+
+ factory = SecretKeyFactory.getInstance("PBKDF2WithHmacSHA1");
+ KeySpec spec = new PBEKeySpec(key.toCharArray(), "TestSALT".getBytes(), 1024, 128);
+ SecretKey tmp = factory.generateSecret(spec);
+ secret = new SecretKeySpec(tmp.getEncoded(), "AES");
+
+
+ } else {
+ Logger.warn("MOASession encryption is deaktivated.");
+ }
+
+ } catch (Exception e) {
+ Logger.warn("MOASession encryption can not be inizialized.", e);
+ }
+
+ }
+
+ public static byte[] encrypt(byte[] data) throws BuildException {
+ Cipher cipher;
+
+ if (secret != null) {
+ try {
+ cipher = Cipher.getInstance("AES/ECB/"+"ISO10126Padding");
+ cipher.init(Cipher.ENCRYPT_MODE, secret);
+
+ Logger.debug("Encrypt MOASession");
+ return cipher.doFinal(data);
+
+ } catch (Exception e) {
+ Logger.warn("MOASession is not encrypted",e);
+ throw new BuildException("MOASession is not encrypted", new Object[]{}, e);
+ }
+ } else
+ return data;
+ }
+
+ public static byte[] decrypt(byte[] data) throws BuildException {
+ Cipher cipher;
+
+ if (secret != null) {
+ try {
+ cipher = Cipher.getInstance("AES/ECB/"+"ISO10126Padding");
+ cipher.init(Cipher.DECRYPT_MODE, secret);
+
+ Logger.debug("Decrypt MOASession");
+ return cipher.doFinal(data);
+
+ } catch (Exception e) {
+ Logger.warn("MOASession is not decrypted",e);
+ throw new BuildException("MOASession is not decrypted", new Object[]{}, e);
+ }
+ } else
+ return data;
+ }
+}
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/util/VelocityLogAdapter.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/util/VelocityLogAdapter.java
new file mode 100644
index 000000000..caa8f1769
--- /dev/null
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/util/VelocityLogAdapter.java
@@ -0,0 +1,77 @@
+package at.gv.egovernment.moa.id.util;
+
+import org.apache.velocity.app.Velocity;
+import org.apache.velocity.runtime.RuntimeServices;
+import org.apache.velocity.runtime.log.LogChute;
+
+import at.gv.egovernment.moa.logging.Logger;
+
+public class VelocityLogAdapter implements LogChute {
+
+ public VelocityLogAdapter() {
+ try
+ {
+ /*
+ * register this class as a logger with the Velocity singleton
+ * (NOTE: this would not work for the non-singleton method.)
+ */
+ Velocity.setProperty(Velocity.RUNTIME_LOG_LOGSYSTEM, this );
+ Velocity.init();
+ }
+ catch (Exception e)
+ {
+ Logger.error("Failed to register Velocity logger");
+ }
+ }
+
+ public void init(RuntimeServices arg0) throws Exception {
+ }
+
+ public boolean isLevelEnabled(int arg0) {
+ switch(arg0) {
+ case LogChute.DEBUG_ID:
+ return Logger.isDebugEnabled();
+ case LogChute.TRACE_ID:
+ return Logger.isTraceEnabled();
+ default:
+ return true;
+ }
+ }
+
+ public void log(int arg0, String arg1) {
+ switch(arg0) {
+ case LogChute.DEBUG_ID:
+ Logger.debug(arg1);
+ break;
+ case LogChute.TRACE_ID:
+ Logger.trace(arg1);
+ break;
+ case LogChute.INFO_ID:
+ Logger.info(arg1);
+ break;
+ case LogChute.WARN_ID:
+ Logger.warn(arg1);
+ break;
+ case LogChute.ERROR_ID:
+ default:
+ Logger.error(arg1);
+ break;
+ }
+ }
+
+ public void log(int arg0, String arg1, Throwable arg2) {
+ switch(arg0) {
+ case LogChute.DEBUG_ID:
+ case LogChute.TRACE_ID:
+ case LogChute.INFO_ID:
+ case LogChute.WARN_ID:
+ Logger.warn(arg1, arg2);
+ break;
+ case LogChute.ERROR_ID:
+ default:
+ Logger.error(arg1, arg2);
+ break;
+ }
+ }
+
+}
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/util/client/mis/simple/MISMandate.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/util/client/mis/simple/MISMandate.java
index 80f2d744c..979744edb 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/util/client/mis/simple/MISMandate.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/util/client/mis/simple/MISMandate.java
@@ -23,19 +23,23 @@
package at.gv.egovernment.moa.id.util.client.mis.simple;
+
+import java.io.Serializable;
-public class MISMandate {
-
+public class MISMandate implements Serializable{
+
+ private static final long serialVersionUID = 1L;
+
final static private String OID_NOTAR = "1.2.40.0.10.3.1";
- final static private String TEXT_NOTAR = "berufsmäßige(r) Parteienvertreter(in) mit Notariatseigenschaft";
+ final static private String TEXT_NOTAR = "berufsmäßige(r) Parteienvertreter(in) mit Notariatseigenschaft";
final static private String OID_RECHTSANWALT = "1.2.40.0.10.3.2";
- final static private String TEXT_RECHTSANWALT = "berufsmäßige(r) Parteienvertreter(in) mit Rechtsanwaltseigenschaft";
+ final static private String TEXT_RECHTSANWALT = "berufsmäßige(r) Parteienvertreter(in) mit Rechtsanwaltseigenschaft";
final static private String OID_ZIVILTECHNIKER = "1.2.40.0.10.3.3";
- final static private String TEXT_ZIVILTECHNIKER = "berufsmäßige(r) Parteienvertreter(in) mit Ziviltechnikerinneneigenschaft";
+ final static private String TEXT_ZIVILTECHNIKER = "berufsmäßige(r) Parteienvertreter(in) mit Ziviltechnikerinneneigenschaft";
- final static private String OID_ORGANWALTER = "1.2.40.0.10.3.4";
+ final static public String OID_ORGANWALTER = "1.2.40.0.10.3.4";
final static private String TEXT_ORGANWALTER = "Organwalter";
@@ -73,7 +77,7 @@ public class MISMandate {
if (this.oid.equalsIgnoreCase(OID_ORGANWALTER))
return TEXT_ORGANWALTER;
- return "Keine textuelle Beschreibung für OID " + oid;
+ return "Keine textuelle Beschreibung für OID " + oid;
}
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/util/client/mis/simple/MISSimpleClient.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/util/client/mis/simple/MISSimpleClient.java
index ad4e45a2b..8970abc10 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/util/client/mis/simple/MISSimpleClient.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/util/client/mis/simple/MISSimpleClient.java
@@ -109,16 +109,7 @@ public class MISSimpleClient {
ArrayList foundMandates = new ArrayList();
for (int i=0; i<mandateElements.getLength(); i++) {
Element mandate = (Element) mandateElements.item(i);
-
-// try {
-// String s = DOMUtils.serializeNode(mandate);
-// System.out.println("\n\n Mandate: \n" + s);
-// } catch (IOException e) {
-// // TODO Auto-generated catch block
-// e.printStackTrace();
-// }
-
-
+
MISMandate misMandate = new MISMandate();
if (mandate.hasAttribute("ProfessionalRepresentative")) {
// System.out.println("OID: " + mandate.getAttribute("ProfessionalRepresentative"));
@@ -143,7 +134,7 @@ public class MISSimpleClient {
}
}
- public static MISSessionId sendSessionIdRequest(String webServiceURL, byte[] idl, byte[] cert, String oaFriendlyName, String redirectURL, String referenceValue, String mandateIdentifier[], SSLSocketFactory sSLSocketFactory) throws MISSimpleClientException {
+ public static MISSessionId sendSessionIdRequest(String webServiceURL, byte[] idl, byte[] cert, String oaFriendlyName, String redirectURL, String referenceValue, String mandateIdentifier[], String targetType, SSLSocketFactory sSLSocketFactory) throws MISSimpleClientException {
if (webServiceURL == null) {
throw new NullPointerException("Argument webServiceURL must not be null.");
}
@@ -201,7 +192,17 @@ public class MISSimpleClient {
}
filtersElement.appendChild(mandateIdentifiersElement);
mirElement.appendChild(filtersElement);
- }
+ }
+
+ //add Target element
+ Element targetElement = doc.createElementNS(MIS_NS, "Target");
+ Element targetTypeElement = doc.createElementNS(MIS_NS, "Type");
+ targetTypeElement.appendChild(doc.createTextNode(targetType));
+ targetElement.appendChild(targetTypeElement);
+ mirElement.appendChild(targetElement);
+
+
+
// send soap request
Element mandateIssueResponseElement = sendSOAPRequest(webServiceURL, mirElement);
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/util/legacy/LegacyHelper.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/util/legacy/LegacyHelper.java
new file mode 100644
index 000000000..03521cf2f
--- /dev/null
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/util/legacy/LegacyHelper.java
@@ -0,0 +1,33 @@
+package at.gv.egovernment.moa.id.util.legacy;
+
+import javax.servlet.http.HttpServletRequest;
+
+import org.apache.commons.lang.StringEscapeUtils;
+
+import at.gv.egovernment.moa.id.auth.MOAIDAuthConstants;
+import at.gv.egovernment.moa.id.auth.WrongParametersException;
+import at.gv.egovernment.moa.id.util.ParamValidatorUtils;
+
+public class LegacyHelper implements MOAIDAuthConstants{
+
+ public static boolean isUseMandateRequested(HttpServletRequest req) throws WrongParametersException {
+
+ String useMandate = req.getParameter(PARAM_USEMANDATE);
+ useMandate = StringEscapeUtils.escapeHtml(useMandate);
+ if (!ParamValidatorUtils.isValidUseMandate(useMandate))
+ throw new WrongParametersException("StartAuthentication", PARAM_USEMANDATE, "auth.12");
+
+ //check UseMandate flag
+ String useMandateString = null;
+ if ((useMandate != null) && (useMandate.compareTo("") != 0)) {
+ useMandateString = useMandate;
+ } else {
+ useMandateString = "false";
+ }
+
+ if (useMandateString.compareToIgnoreCase("true") == 0)
+ return true;
+ else
+ return false;
+ }
+}
diff --git a/id/server/idserverlib/src/main/java/org/w3/_2000/_09/xmldsig_/CanonicalizationMethodType.java b/id/server/idserverlib/src/main/java/org/w3/_2000/_09/xmldsig_/CanonicalizationMethodType.java
new file mode 100644
index 000000000..b393b179c
--- /dev/null
+++ b/id/server/idserverlib/src/main/java/org/w3/_2000/_09/xmldsig_/CanonicalizationMethodType.java
@@ -0,0 +1,109 @@
+//
+// This file was generated by the JavaTM Architecture for XML Binding(JAXB) Reference Implementation, vJAXB 2.1.10 in JDK 6
+// See <a href="http://java.sun.com/xml/jaxb">http://java.sun.com/xml/jaxb</a>
+// Any modifications to this file will be lost upon recompilation of the source schema.
+// Generated on: 2013.06.19 at 11:53:10 AM CEST
+//
+
+
+package org.w3._2000._09.xmldsig_;
+
+import java.util.ArrayList;
+import java.util.List;
+import javax.xml.bind.annotation.XmlAccessType;
+import javax.xml.bind.annotation.XmlAccessorType;
+import javax.xml.bind.annotation.XmlAnyElement;
+import javax.xml.bind.annotation.XmlAttribute;
+import javax.xml.bind.annotation.XmlMixed;
+import javax.xml.bind.annotation.XmlSchemaType;
+import javax.xml.bind.annotation.XmlType;
+
+
+/**
+ * <p>Java class for CanonicalizationMethodType complex type.
+ *
+ * <p>The following schema fragment specifies the expected content contained within this class.
+ *
+ * <pre>
+ * &lt;complexType name="CanonicalizationMethodType">
+ * &lt;complexContent>
+ * &lt;restriction base="{http://www.w3.org/2001/XMLSchema}anyType">
+ * &lt;sequence>
+ * &lt;any maxOccurs="unbounded" minOccurs="0"/>
+ * &lt;/sequence>
+ * &lt;attribute name="Algorithm" use="required" type="{http://www.w3.org/2001/XMLSchema}anyURI" />
+ * &lt;/restriction>
+ * &lt;/complexContent>
+ * &lt;/complexType>
+ * </pre>
+ *
+ *
+ */
+@XmlAccessorType(XmlAccessType.FIELD)
+@XmlType(name = "CanonicalizationMethodType", propOrder = {
+ "content"
+})
+public class CanonicalizationMethodType {
+
+ @XmlMixed
+ @XmlAnyElement(lax = true)
+ protected List<Object> content;
+ @XmlAttribute(name = "Algorithm", required = true)
+ @XmlSchemaType(name = "anyURI")
+ protected String algorithm;
+
+ /**
+ * Gets the value of the content property.
+ *
+ * <p>
+ * This accessor method returns a reference to the live list,
+ * not a snapshot. Therefore any modification you make to the
+ * returned list will be present inside the JAXB object.
+ * This is why there is not a <CODE>set</CODE> method for the content property.
+ *
+ * <p>
+ * For example, to add a new item, do as follows:
+ * <pre>
+ * getContent().add(newItem);
+ * </pre>
+ *
+ *
+ * <p>
+ * Objects of the following type(s) are allowed in the list
+ * {@link String }
+ * {@link Object }
+ *
+ *
+ */
+ public List<Object> getContent() {
+ if (content == null) {
+ content = new ArrayList<Object>();
+ }
+ return this.content;
+ }
+
+ /**
+ * Gets the value of the algorithm property.
+ *
+ * @return
+ * possible object is
+ * {@link String }
+ *
+ */
+ public String getAlgorithm() {
+ return algorithm;
+ }
+
+ /**
+ * Sets the value of the algorithm property.
+ *
+ * @param value
+ * allowed object is
+ * {@link String }
+ *
+ */
+ public void setAlgorithm(String value) {
+ this.algorithm = value;
+ }
+
+}
diff --git a/id/server/idserverlib/src/main/java/org/w3/_2000/_09/xmldsig_/DSAKeyValueType.java b/id/server/idserverlib/src/main/java/org/w3/_2000/_09/xmldsig_/DSAKeyValueType.java
new file mode 100644
index 000000000..7c77fd0bc
--- /dev/null
+++ b/id/server/idserverlib/src/main/java/org/w3/_2000/_09/xmldsig_/DSAKeyValueType.java
@@ -0,0 +1,241 @@
+//
+// This file was generated by the JavaTM Architecture for XML Binding(JAXB) Reference Implementation, vJAXB 2.1.10 in JDK 6
+// See <a href="http://java.sun.com/xml/jaxb">http://java.sun.com/xml/jaxb</a>
+// Any modifications to this file will be lost upon recompilation of the source schema.
+// Generated on: 2013.06.19 at 11:53:10 AM CEST
+//
+
+
+package org.w3._2000._09.xmldsig_;
+
+import javax.xml.bind.annotation.XmlAccessType;
+import javax.xml.bind.annotation.XmlAccessorType;
+import javax.xml.bind.annotation.XmlElement;
+import javax.xml.bind.annotation.XmlType;
+
+
+/**
+ * <p>Java class for DSAKeyValueType complex type.
+ *
+ * <p>The following schema fragment specifies the expected content contained within this class.
+ *
+ * <pre>
+ * &lt;complexType name="DSAKeyValueType">
+ * &lt;complexContent>
+ * &lt;restriction base="{http://www.w3.org/2001/XMLSchema}anyType">
+ * &lt;sequence>
+ * &lt;sequence minOccurs="0">
+ * &lt;element name="P" type="{http://www.w3.org/2000/09/xmldsig#}CryptoBinary"/>
+ * &lt;element name="Q" type="{http://www.w3.org/2000/09/xmldsig#}CryptoBinary"/>
+ * &lt;/sequence>
+ * &lt;element name="J" type="{http://www.w3.org/2000/09/xmldsig#}CryptoBinary" minOccurs="0"/>
+ * &lt;element name="G" type="{http://www.w3.org/2000/09/xmldsig#}CryptoBinary" minOccurs="0"/>
+ * &lt;element name="Y" type="{http://www.w3.org/2000/09/xmldsig#}CryptoBinary"/>
+ * &lt;sequence minOccurs="0">
+ * &lt;element name="Seed" type="{http://www.w3.org/2000/09/xmldsig#}CryptoBinary"/>
+ * &lt;element name="PgenCounter" type="{http://www.w3.org/2000/09/xmldsig#}CryptoBinary"/>
+ * &lt;/sequence>
+ * &lt;/sequence>
+ * &lt;/restriction>
+ * &lt;/complexContent>
+ * &lt;/complexType>
+ * </pre>
+ *
+ *
+ */
+@XmlAccessorType(XmlAccessType.FIELD)
+@XmlType(name = "DSAKeyValueType", propOrder = {
+ "p",
+ "q",
+ "j",
+ "g",
+ "y",
+ "seed",
+ "pgenCounter"
+})
+public class DSAKeyValueType {
+
+ @XmlElement(name = "P")
+ protected String p;
+ @XmlElement(name = "Q")
+ protected String q;
+ @XmlElement(name = "J")
+ protected String j;
+ @XmlElement(name = "G")
+ protected String g;
+ @XmlElement(name = "Y", required = true)
+ protected String y;
+ @XmlElement(name = "Seed")
+ protected String seed;
+ @XmlElement(name = "PgenCounter")
+ protected String pgenCounter;
+
+ /**
+ * Gets the value of the p property.
+ *
+ * @return
+ * possible object is
+ * {@link String }
+ *
+ */
+ public String getP() {
+ return p;
+ }
+
+ /**
+ * Sets the value of the p property.
+ *
+ * @param value
+ * allowed object is
+ * {@link String }
+ *
+ */
+ public void setP(String value) {
+ this.p = value;
+ }
+
+ /**
+ * Gets the value of the q property.
+ *
+ * @return
+ * possible object is
+ * {@link String }
+ *
+ */
+ public String getQ() {
+ return q;
+ }
+
+ /**
+ * Sets the value of the q property.
+ *
+ * @param value
+ * allowed object is
+ * {@link String }
+ *
+ */
+ public void setQ(String value) {
+ this.q = value;
+ }
+
+ /**
+ * Gets the value of the j property.
+ *
+ * @return
+ * possible object is
+ * {@link String }
+ *
+ */
+ public String getJ() {
+ return j;
+ }
+
+ /**
+ * Sets the value of the j property.
+ *
+ * @param value
+ * allowed object is
+ * {@link String }
+ *
+ */
+ public void setJ(String value) {
+ this.j = value;
+ }
+
+ /**
+ * Gets the value of the g property.
+ *
+ * @return
+ * possible object is
+ * {@link String }
+ *
+ */
+ public String getG() {
+ return g;
+ }
+
+ /**
+ * Sets the value of the g property.
+ *
+ * @param value
+ * allowed object is
+ * {@link String }
+ *
+ */
+ public void setG(String value) {
+ this.g = value;
+ }
+
+ /**
+ * Gets the value of the y property.
+ *
+ * @return
+ * possible object is
+ * {@link String }
+ *
+ */
+ public String getY() {
+ return y;
+ }
+
+ /**
+ * Sets the value of the y property.
+ *
+ * @param value
+ * allowed object is
+ * {@link String }
+ *
+ */
+ public void setY(String value) {
+ this.y = value;
+ }
+
+ /**
+ * Gets the value of the seed property.
+ *
+ * @return
+ * possible object is
+ * {@link String }
+ *
+ */
+ public String getSeed() {
+ return seed;
+ }
+
+ /**
+ * Sets the value of the seed property.
+ *
+ * @param value
+ * allowed object is
+ * {@link String }
+ *
+ */
+ public void setSeed(String value) {
+ this.seed = value;
+ }
+
+ /**
+ * Gets the value of the pgenCounter property.
+ *
+ * @return
+ * possible object is
+ * {@link String }
+ *
+ */
+ public String getPgenCounter() {
+ return pgenCounter;
+ }
+
+ /**
+ * Sets the value of the pgenCounter property.
+ *
+ * @param value
+ * allowed object is
+ * {@link String }
+ *
+ */
+ public void setPgenCounter(String value) {
+ this.pgenCounter = value;
+ }
+
+}
diff --git a/id/server/idserverlib/src/main/java/org/w3/_2000/_09/xmldsig_/DigestMethodType.java b/id/server/idserverlib/src/main/java/org/w3/_2000/_09/xmldsig_/DigestMethodType.java
new file mode 100644
index 000000000..4fca03d47
--- /dev/null
+++ b/id/server/idserverlib/src/main/java/org/w3/_2000/_09/xmldsig_/DigestMethodType.java
@@ -0,0 +1,111 @@
+//
+// This file was generated by the JavaTM Architecture for XML Binding(JAXB) Reference Implementation, vJAXB 2.1.10 in JDK 6
+// See <a href="http://java.sun.com/xml/jaxb">http://java.sun.com/xml/jaxb</a>
+// Any modifications to this file will be lost upon recompilation of the source schema.
+// Generated on: 2013.06.19 at 11:53:10 AM CEST
+//
+
+
+package org.w3._2000._09.xmldsig_;
+
+import java.util.ArrayList;
+import java.util.List;
+import javax.xml.bind.annotation.XmlAccessType;
+import javax.xml.bind.annotation.XmlAccessorType;
+import javax.xml.bind.annotation.XmlAnyElement;
+import javax.xml.bind.annotation.XmlAttribute;
+import javax.xml.bind.annotation.XmlMixed;
+import javax.xml.bind.annotation.XmlSchemaType;
+import javax.xml.bind.annotation.XmlType;
+import org.w3c.dom.Element;
+
+
+/**
+ * <p>Java class for DigestMethodType complex type.
+ *
+ * <p>The following schema fragment specifies the expected content contained within this class.
+ *
+ * <pre>
+ * &lt;complexType name="DigestMethodType">
+ * &lt;complexContent>
+ * &lt;restriction base="{http://www.w3.org/2001/XMLSchema}anyType">
+ * &lt;sequence>
+ * &lt;any processContents='lax' namespace='##other' maxOccurs="unbounded" minOccurs="0"/>
+ * &lt;/sequence>
+ * &lt;attribute name="Algorithm" use="required" type="{http://www.w3.org/2001/XMLSchema}anyURI" />
+ * &lt;/restriction>
+ * &lt;/complexContent>
+ * &lt;/complexType>
+ * </pre>
+ *
+ *
+ */
+@XmlAccessorType(XmlAccessType.FIELD)
+@XmlType(name = "DigestMethodType", propOrder = {
+ "content"
+})
+public class DigestMethodType {
+
+ @XmlMixed
+ @XmlAnyElement(lax = true)
+ protected List<Object> content;
+ @XmlAttribute(name = "Algorithm", required = true)
+ @XmlSchemaType(name = "anyURI")
+ protected String algorithm;
+
+ /**
+ * Gets the value of the content property.
+ *
+ * <p>
+ * This accessor method returns a reference to the live list,
+ * not a snapshot. Therefore any modification you make to the
+ * returned list will be present inside the JAXB object.
+ * This is why there is not a <CODE>set</CODE> method for the content property.
+ *
+ * <p>
+ * For example, to add a new item, do as follows:
+ * <pre>
+ * getContent().add(newItem);
+ * </pre>
+ *
+ *
+ * <p>
+ * Objects of the following type(s) are allowed in the list
+ * {@link String }
+ * {@link Element }
+ * {@link Object }
+ *
+ *
+ */
+ public List<Object> getContent() {
+ if (content == null) {
+ content = new ArrayList<Object>();
+ }
+ return this.content;
+ }
+
+ /**
+ * Gets the value of the algorithm property.
+ *
+ * @return
+ * possible object is
+ * {@link String }
+ *
+ */
+ public String getAlgorithm() {
+ return algorithm;
+ }
+
+ /**
+ * Sets the value of the algorithm property.
+ *
+ * @param value
+ * allowed object is
+ * {@link String }
+ *
+ */
+ public void setAlgorithm(String value) {
+ this.algorithm = value;
+ }
+
+}
diff --git a/id/server/idserverlib/src/main/java/org/w3/_2000/_09/xmldsig_/KeyInfoType.java b/id/server/idserverlib/src/main/java/org/w3/_2000/_09/xmldsig_/KeyInfoType.java
new file mode 100644
index 000000000..be872a357
--- /dev/null
+++ b/id/server/idserverlib/src/main/java/org/w3/_2000/_09/xmldsig_/KeyInfoType.java
@@ -0,0 +1,142 @@
+//
+// This file was generated by the JavaTM Architecture for XML Binding(JAXB) Reference Implementation, vJAXB 2.1.10 in JDK 6
+// See <a href="http://java.sun.com/xml/jaxb">http://java.sun.com/xml/jaxb</a>
+// Any modifications to this file will be lost upon recompilation of the source schema.
+// Generated on: 2013.06.19 at 11:53:10 AM CEST
+//
+
+
+package org.w3._2000._09.xmldsig_;
+
+import java.util.ArrayList;
+import java.util.List;
+import javax.xml.bind.JAXBElement;
+import javax.xml.bind.annotation.XmlAccessType;
+import javax.xml.bind.annotation.XmlAccessorType;
+import javax.xml.bind.annotation.XmlAnyElement;
+import javax.xml.bind.annotation.XmlAttribute;
+import javax.xml.bind.annotation.XmlElementRef;
+import javax.xml.bind.annotation.XmlElementRefs;
+import javax.xml.bind.annotation.XmlID;
+import javax.xml.bind.annotation.XmlMixed;
+import javax.xml.bind.annotation.XmlSchemaType;
+import javax.xml.bind.annotation.XmlType;
+import javax.xml.bind.annotation.adapters.CollapsedStringAdapter;
+import javax.xml.bind.annotation.adapters.XmlJavaTypeAdapter;
+import org.w3c.dom.Element;
+
+
+/**
+ * <p>Java class for KeyInfoType complex type.
+ *
+ * <p>The following schema fragment specifies the expected content contained within this class.
+ *
+ * <pre>
+ * &lt;complexType name="KeyInfoType">
+ * &lt;complexContent>
+ * &lt;restriction base="{http://www.w3.org/2001/XMLSchema}anyType">
+ * &lt;choice maxOccurs="unbounded">
+ * &lt;element ref="{http://www.w3.org/2000/09/xmldsig#}KeyName"/>
+ * &lt;element ref="{http://www.w3.org/2000/09/xmldsig#}KeyValue"/>
+ * &lt;element ref="{http://www.w3.org/2000/09/xmldsig#}RetrievalMethod"/>
+ * &lt;element ref="{http://www.w3.org/2000/09/xmldsig#}X509Data"/>
+ * &lt;element ref="{http://www.w3.org/2000/09/xmldsig#}PGPData"/>
+ * &lt;element ref="{http://www.w3.org/2000/09/xmldsig#}SPKIData"/>
+ * &lt;element ref="{http://www.w3.org/2000/09/xmldsig#}MgmtData"/>
+ * &lt;any processContents='lax' namespace='##other'/>
+ * &lt;/choice>
+ * &lt;attribute name="Id" type="{http://www.w3.org/2001/XMLSchema}ID" />
+ * &lt;/restriction>
+ * &lt;/complexContent>
+ * &lt;/complexType>
+ * </pre>
+ *
+ *
+ */
+@XmlAccessorType(XmlAccessType.FIELD)
+@XmlType(name = "KeyInfoType", propOrder = {
+ "content"
+})
+public class KeyInfoType {
+
+ @XmlElementRefs({
+ @XmlElementRef(name = "MgmtData", namespace = "http://www.w3.org/2000/09/xmldsig#", type = JAXBElement.class),
+ @XmlElementRef(name = "X509Data", namespace = "http://www.w3.org/2000/09/xmldsig#", type = JAXBElement.class),
+ @XmlElementRef(name = "RetrievalMethod", namespace = "http://www.w3.org/2000/09/xmldsig#", type = JAXBElement.class),
+ @XmlElementRef(name = "SPKIData", namespace = "http://www.w3.org/2000/09/xmldsig#", type = JAXBElement.class),
+ @XmlElementRef(name = "PGPData", namespace = "http://www.w3.org/2000/09/xmldsig#", type = JAXBElement.class),
+ @XmlElementRef(name = "KeyValue", namespace = "http://www.w3.org/2000/09/xmldsig#", type = JAXBElement.class),
+ @XmlElementRef(name = "KeyName", namespace = "http://www.w3.org/2000/09/xmldsig#", type = JAXBElement.class)
+ })
+ @XmlMixed
+ @XmlAnyElement(lax = true)
+ protected List<Object> content;
+ @XmlAttribute(name = "Id")
+ @XmlJavaTypeAdapter(CollapsedStringAdapter.class)
+ @XmlID
+ @XmlSchemaType(name = "ID")
+ protected String id;
+
+ /**
+ * Gets the value of the content property.
+ *
+ * <p>
+ * This accessor method returns a reference to the live list,
+ * not a snapshot. Therefore any modification you make to the
+ * returned list will be present inside the JAXB object.
+ * This is why there is not a <CODE>set</CODE> method for the content property.
+ *
+ * <p>
+ * For example, to add a new item, do as follows:
+ * <pre>
+ * getContent().add(newItem);
+ * </pre>
+ *
+ *
+ * <p>
+ * Objects of the following type(s) are allowed in the list
+ * {@link String }
+ * {@link JAXBElement }{@code <}{@link String }{@code >}
+ * {@link JAXBElement }{@code <}{@link X509DataType }{@code >}
+ * {@link Object }
+ * {@link Element }
+ * {@link JAXBElement }{@code <}{@link RetrievalMethodType }{@code >}
+ * {@link JAXBElement }{@code <}{@link SPKIDataType }{@code >}
+ * {@link JAXBElement }{@code <}{@link PGPDataType }{@code >}
+ * {@link JAXBElement }{@code <}{@link KeyValueType }{@code >}
+ * {@link JAXBElement }{@code <}{@link String }{@code >}
+ *
+ *
+ */
+ public List<Object> getContent() {
+ if (content == null) {
+ content = new ArrayList<Object>();
+ }
+ return this.content;
+ }
+
+ /**
+ * Gets the value of the id property.
+ *
+ * @return
+ * possible object is
+ * {@link String }
+ *
+ */
+ public String getId() {
+ return id;
+ }
+
+ /**
+ * Sets the value of the id property.
+ *
+ * @param value
+ * allowed object is
+ * {@link String }
+ *
+ */
+ public void setId(String value) {
+ this.id = value;
+ }
+
+}
diff --git a/id/server/idserverlib/src/main/java/org/w3/_2000/_09/xmldsig_/KeyValueType.java b/id/server/idserverlib/src/main/java/org/w3/_2000/_09/xmldsig_/KeyValueType.java
new file mode 100644
index 000000000..98967ec80
--- /dev/null
+++ b/id/server/idserverlib/src/main/java/org/w3/_2000/_09/xmldsig_/KeyValueType.java
@@ -0,0 +1,92 @@
+//
+// This file was generated by the JavaTM Architecture for XML Binding(JAXB) Reference Implementation, vJAXB 2.1.10 in JDK 6
+// See <a href="http://java.sun.com/xml/jaxb">http://java.sun.com/xml/jaxb</a>
+// Any modifications to this file will be lost upon recompilation of the source schema.
+// Generated on: 2013.06.19 at 11:53:10 AM CEST
+//
+
+
+package org.w3._2000._09.xmldsig_;
+
+import java.util.ArrayList;
+import java.util.List;
+import javax.xml.bind.JAXBElement;
+import javax.xml.bind.annotation.XmlAccessType;
+import javax.xml.bind.annotation.XmlAccessorType;
+import javax.xml.bind.annotation.XmlAnyElement;
+import javax.xml.bind.annotation.XmlElementRef;
+import javax.xml.bind.annotation.XmlElementRefs;
+import javax.xml.bind.annotation.XmlMixed;
+import javax.xml.bind.annotation.XmlType;
+import org.w3c.dom.Element;
+
+
+/**
+ * <p>Java class for KeyValueType complex type.
+ *
+ * <p>The following schema fragment specifies the expected content contained within this class.
+ *
+ * <pre>
+ * &lt;complexType name="KeyValueType">
+ * &lt;complexContent>
+ * &lt;restriction base="{http://www.w3.org/2001/XMLSchema}anyType">
+ * &lt;choice>
+ * &lt;element ref="{http://www.w3.org/2000/09/xmldsig#}DSAKeyValue"/>
+ * &lt;element ref="{http://www.w3.org/2000/09/xmldsig#}RSAKeyValue"/>
+ * &lt;any processContents='lax' namespace='##other'/>
+ * &lt;/choice>
+ * &lt;/restriction>
+ * &lt;/complexContent>
+ * &lt;/complexType>
+ * </pre>
+ *
+ *
+ */
+@XmlAccessorType(XmlAccessType.FIELD)
+@XmlType(name = "KeyValueType", propOrder = {
+ "content"
+})
+public class KeyValueType {
+
+ @XmlElementRefs({
+ @XmlElementRef(name = "RSAKeyValue", namespace = "http://www.w3.org/2000/09/xmldsig#", type = JAXBElement.class),
+ @XmlElementRef(name = "DSAKeyValue", namespace = "http://www.w3.org/2000/09/xmldsig#", type = JAXBElement.class)
+ })
+ @XmlMixed
+ @XmlAnyElement(lax = true)
+ protected List<Object> content;
+
+ /**
+ * Gets the value of the content property.
+ *
+ * <p>
+ * This accessor method returns a reference to the live list,
+ * not a snapshot. Therefore any modification you make to the
+ * returned list will be present inside the JAXB object.
+ * This is why there is not a <CODE>set</CODE> method for the content property.
+ *
+ * <p>
+ * For example, to add a new item, do as follows:
+ * <pre>
+ * getContent().add(newItem);
+ * </pre>
+ *
+ *
+ * <p>
+ * Objects of the following type(s) are allowed in the list
+ * {@link String }
+ * {@link Element }
+ * {@link JAXBElement }{@code <}{@link RSAKeyValueType }{@code >}
+ * {@link JAXBElement }{@code <}{@link DSAKeyValueType }{@code >}
+ * {@link Object }
+ *
+ *
+ */
+ public List<Object> getContent() {
+ if (content == null) {
+ content = new ArrayList<Object>();
+ }
+ return this.content;
+ }
+
+}
diff --git a/id/server/idserverlib/src/main/java/org/w3/_2000/_09/xmldsig_/ManifestType.java b/id/server/idserverlib/src/main/java/org/w3/_2000/_09/xmldsig_/ManifestType.java
new file mode 100644
index 000000000..6c81286dd
--- /dev/null
+++ b/id/server/idserverlib/src/main/java/org/w3/_2000/_09/xmldsig_/ManifestType.java
@@ -0,0 +1,111 @@
+//
+// This file was generated by the JavaTM Architecture for XML Binding(JAXB) Reference Implementation, vJAXB 2.1.10 in JDK 6
+// See <a href="http://java.sun.com/xml/jaxb">http://java.sun.com/xml/jaxb</a>
+// Any modifications to this file will be lost upon recompilation of the source schema.
+// Generated on: 2013.06.19 at 11:53:10 AM CEST
+//
+
+
+package org.w3._2000._09.xmldsig_;
+
+import java.util.ArrayList;
+import java.util.List;
+import javax.xml.bind.annotation.XmlAccessType;
+import javax.xml.bind.annotation.XmlAccessorType;
+import javax.xml.bind.annotation.XmlAttribute;
+import javax.xml.bind.annotation.XmlElement;
+import javax.xml.bind.annotation.XmlID;
+import javax.xml.bind.annotation.XmlSchemaType;
+import javax.xml.bind.annotation.XmlType;
+import javax.xml.bind.annotation.adapters.CollapsedStringAdapter;
+import javax.xml.bind.annotation.adapters.XmlJavaTypeAdapter;
+
+
+/**
+ * <p>Java class for ManifestType complex type.
+ *
+ * <p>The following schema fragment specifies the expected content contained within this class.
+ *
+ * <pre>
+ * &lt;complexType name="ManifestType">
+ * &lt;complexContent>
+ * &lt;restriction base="{http://www.w3.org/2001/XMLSchema}anyType">
+ * &lt;sequence>
+ * &lt;element ref="{http://www.w3.org/2000/09/xmldsig#}Reference" maxOccurs="unbounded"/>
+ * &lt;/sequence>
+ * &lt;attribute name="Id" type="{http://www.w3.org/2001/XMLSchema}ID" />
+ * &lt;/restriction>
+ * &lt;/complexContent>
+ * &lt;/complexType>
+ * </pre>
+ *
+ *
+ */
+@XmlAccessorType(XmlAccessType.FIELD)
+@XmlType(name = "ManifestType", propOrder = {
+ "reference"
+})
+public class ManifestType {
+
+ @XmlElement(name = "Reference", required = true)
+ protected List<ReferenceType> reference;
+ @XmlAttribute(name = "Id")
+ @XmlJavaTypeAdapter(CollapsedStringAdapter.class)
+ @XmlID
+ @XmlSchemaType(name = "ID")
+ protected String id;
+
+ /**
+ * Gets the value of the reference property.
+ *
+ * <p>
+ * This accessor method returns a reference to the live list,
+ * not a snapshot. Therefore any modification you make to the
+ * returned list will be present inside the JAXB object.
+ * This is why there is not a <CODE>set</CODE> method for the reference property.
+ *
+ * <p>
+ * For example, to add a new item, do as follows:
+ * <pre>
+ * getReference().add(newItem);
+ * </pre>
+ *
+ *
+ * <p>
+ * Objects of the following type(s) are allowed in the list
+ * {@link ReferenceType }
+ *
+ *
+ */
+ public List<ReferenceType> getReference() {
+ if (reference == null) {
+ reference = new ArrayList<ReferenceType>();
+ }
+ return this.reference;
+ }
+
+ /**
+ * Gets the value of the id property.
+ *
+ * @return
+ * possible object is
+ * {@link String }
+ *
+ */
+ public String getId() {
+ return id;
+ }
+
+ /**
+ * Sets the value of the id property.
+ *
+ * @param value
+ * allowed object is
+ * {@link String }
+ *
+ */
+ public void setId(String value) {
+ this.id = value;
+ }
+
+}
diff --git a/id/server/idserverlib/src/main/java/org/w3/_2000/_09/xmldsig_/ObjectFactory.java b/id/server/idserverlib/src/main/java/org/w3/_2000/_09/xmldsig_/ObjectFactory.java
new file mode 100644
index 000000000..cf31e0e07
--- /dev/null
+++ b/id/server/idserverlib/src/main/java/org/w3/_2000/_09/xmldsig_/ObjectFactory.java
@@ -0,0 +1,559 @@
+//
+// This file was generated by the JavaTM Architecture for XML Binding(JAXB) Reference Implementation, vJAXB 2.1.10 in JDK 6
+// See <a href="http://java.sun.com/xml/jaxb">http://java.sun.com/xml/jaxb</a>
+// Any modifications to this file will be lost upon recompilation of the source schema.
+// Generated on: 2013.06.19 at 11:53:10 AM CEST
+//
+
+
+package org.w3._2000._09.xmldsig_;
+
+import java.math.BigInteger;
+import javax.xml.bind.JAXBElement;
+import javax.xml.bind.annotation.XmlElementDecl;
+import javax.xml.bind.annotation.XmlRegistry;
+import javax.xml.namespace.QName;
+
+
+/**
+ * This object contains factory methods for each
+ * Java content interface and Java element interface
+ * generated in the org.w3._2000._09.xmldsig_ package.
+ * <p>An ObjectFactory allows you to programatically
+ * construct new instances of the Java representation
+ * for XML content. The Java representation of XML
+ * content can consist of schema derived interfaces
+ * and classes representing the binding of schema
+ * type definitions, element declarations and model
+ * groups. Factory methods for each of these are
+ * provided in this class.
+ *
+ */
+@XmlRegistry
+public class ObjectFactory {
+
+ private final static QName _PGPData_QNAME = new QName("http://www.w3.org/2000/09/xmldsig#", "PGPData");
+ private final static QName _SPKIData_QNAME = new QName("http://www.w3.org/2000/09/xmldsig#", "SPKIData");
+ private final static QName _RetrievalMethod_QNAME = new QName("http://www.w3.org/2000/09/xmldsig#", "RetrievalMethod");
+ private final static QName _CanonicalizationMethod_QNAME = new QName("http://www.w3.org/2000/09/xmldsig#", "CanonicalizationMethod");
+ private final static QName _SignatureProperty_QNAME = new QName("http://www.w3.org/2000/09/xmldsig#", "SignatureProperty");
+ private final static QName _Manifest_QNAME = new QName("http://www.w3.org/2000/09/xmldsig#", "Manifest");
+ private final static QName _Transforms_QNAME = new QName("http://www.w3.org/2000/09/xmldsig#", "Transforms");
+ private final static QName _SignatureMethod_QNAME = new QName("http://www.w3.org/2000/09/xmldsig#", "SignatureMethod");
+ private final static QName _KeyInfo_QNAME = new QName("http://www.w3.org/2000/09/xmldsig#", "KeyInfo");
+ private final static QName _DigestMethod_QNAME = new QName("http://www.w3.org/2000/09/xmldsig#", "DigestMethod");
+ private final static QName _MgmtData_QNAME = new QName("http://www.w3.org/2000/09/xmldsig#", "MgmtData");
+ private final static QName _Reference_QNAME = new QName("http://www.w3.org/2000/09/xmldsig#", "Reference");
+ private final static QName _RSAKeyValue_QNAME = new QName("http://www.w3.org/2000/09/xmldsig#", "RSAKeyValue");
+ private final static QName _Signature_QNAME = new QName("http://www.w3.org/2000/09/xmldsig#", "Signature");
+ private final static QName _DSAKeyValue_QNAME = new QName("http://www.w3.org/2000/09/xmldsig#", "DSAKeyValue");
+ private final static QName _SignedInfo_QNAME = new QName("http://www.w3.org/2000/09/xmldsig#", "SignedInfo");
+ private final static QName _Object_QNAME = new QName("http://www.w3.org/2000/09/xmldsig#", "Object");
+ private final static QName _SignatureValue_QNAME = new QName("http://www.w3.org/2000/09/xmldsig#", "SignatureValue");
+ private final static QName _Transform_QNAME = new QName("http://www.w3.org/2000/09/xmldsig#", "Transform");
+ private final static QName _X509Data_QNAME = new QName("http://www.w3.org/2000/09/xmldsig#", "X509Data");
+ private final static QName _DigestValue_QNAME = new QName("http://www.w3.org/2000/09/xmldsig#", "DigestValue");
+ private final static QName _SignatureProperties_QNAME = new QName("http://www.w3.org/2000/09/xmldsig#", "SignatureProperties");
+ private final static QName _KeyName_QNAME = new QName("http://www.w3.org/2000/09/xmldsig#", "KeyName");
+ private final static QName _KeyValue_QNAME = new QName("http://www.w3.org/2000/09/xmldsig#", "KeyValue");
+ private final static QName _SignatureMethodTypeHMACOutputLength_QNAME = new QName("http://www.w3.org/2000/09/xmldsig#", "HMACOutputLength");
+ private final static QName _SPKIDataTypeSPKISexp_QNAME = new QName("http://www.w3.org/2000/09/xmldsig#", "SPKISexp");
+ private final static QName _TransformTypeXPath_QNAME = new QName("http://www.w3.org/2000/09/xmldsig#", "XPath");
+ private final static QName _X509DataTypeX509IssuerSerial_QNAME = new QName("http://www.w3.org/2000/09/xmldsig#", "X509IssuerSerial");
+ private final static QName _X509DataTypeX509Certificate_QNAME = new QName("http://www.w3.org/2000/09/xmldsig#", "X509Certificate");
+ private final static QName _X509DataTypeX509SKI_QNAME = new QName("http://www.w3.org/2000/09/xmldsig#", "X509SKI");
+ private final static QName _X509DataTypeX509SubjectName_QNAME = new QName("http://www.w3.org/2000/09/xmldsig#", "X509SubjectName");
+ private final static QName _X509DataTypeX509CRL_QNAME = new QName("http://www.w3.org/2000/09/xmldsig#", "X509CRL");
+ private final static QName _PGPDataTypePGPKeyID_QNAME = new QName("http://www.w3.org/2000/09/xmldsig#", "PGPKeyID");
+ private final static QName _PGPDataTypePGPKeyPacket_QNAME = new QName("http://www.w3.org/2000/09/xmldsig#", "PGPKeyPacket");
+
+ /**
+ * Create a new ObjectFactory that can be used to create new instances of schema derived classes for package: org.w3._2000._09.xmldsig_
+ *
+ */
+ public ObjectFactory() {
+ }
+
+ /**
+ * Create an instance of {@link SignaturePropertyType }
+ *
+ */
+ public SignaturePropertyType createSignaturePropertyType() {
+ return new SignaturePropertyType();
+ }
+
+ /**
+ * Create an instance of {@link SPKIDataType }
+ *
+ */
+ public SPKIDataType createSPKIDataType() {
+ return new SPKIDataType();
+ }
+
+ /**
+ * Create an instance of {@link SignaturePropertiesType }
+ *
+ */
+ public SignaturePropertiesType createSignaturePropertiesType() {
+ return new SignaturePropertiesType();
+ }
+
+ /**
+ * Create an instance of {@link X509DataType }
+ *
+ */
+ public X509DataType createX509DataType() {
+ return new X509DataType();
+ }
+
+ /**
+ * Create an instance of {@link TransformsType }
+ *
+ */
+ public TransformsType createTransformsType() {
+ return new TransformsType();
+ }
+
+ /**
+ * Create an instance of {@link RetrievalMethodType }
+ *
+ */
+ public RetrievalMethodType createRetrievalMethodType() {
+ return new RetrievalMethodType();
+ }
+
+ /**
+ * Create an instance of {@link DigestMethodType }
+ *
+ */
+ public DigestMethodType createDigestMethodType() {
+ return new DigestMethodType();
+ }
+
+ /**
+ * Create an instance of {@link SignatureValueType }
+ *
+ */
+ public SignatureValueType createSignatureValueType() {
+ return new SignatureValueType();
+ }
+
+ /**
+ * Create an instance of {@link SignatureType }
+ *
+ */
+ public SignatureType createSignatureType() {
+ return new SignatureType();
+ }
+
+ /**
+ * Create an instance of {@link ManifestType }
+ *
+ */
+ public ManifestType createManifestType() {
+ return new ManifestType();
+ }
+
+ /**
+ * Create an instance of {@link KeyValueType }
+ *
+ */
+ public KeyValueType createKeyValueType() {
+ return new KeyValueType();
+ }
+
+ /**
+ * Create an instance of {@link TransformType }
+ *
+ */
+ public TransformType createTransformType() {
+ return new TransformType();
+ }
+
+ /**
+ * Create an instance of {@link DSAKeyValueType }
+ *
+ */
+ public DSAKeyValueType createDSAKeyValueType() {
+ return new DSAKeyValueType();
+ }
+
+ /**
+ * Create an instance of {@link CanonicalizationMethodType }
+ *
+ */
+ public CanonicalizationMethodType createCanonicalizationMethodType() {
+ return new CanonicalizationMethodType();
+ }
+
+ /**
+ * Create an instance of {@link SignatureMethodType }
+ *
+ */
+ public SignatureMethodType createSignatureMethodType() {
+ return new SignatureMethodType();
+ }
+
+ /**
+ * Create an instance of {@link X509IssuerSerialType }
+ *
+ */
+ public X509IssuerSerialType createX509IssuerSerialType() {
+ return new X509IssuerSerialType();
+ }
+
+ /**
+ * Create an instance of {@link PGPDataType }
+ *
+ */
+ public PGPDataType createPGPDataType() {
+ return new PGPDataType();
+ }
+
+ /**
+ * Create an instance of {@link ObjectType }
+ *
+ */
+ public ObjectType createObjectType() {
+ return new ObjectType();
+ }
+
+ /**
+ * Create an instance of {@link ReferenceType }
+ *
+ */
+ public ReferenceType createReferenceType() {
+ return new ReferenceType();
+ }
+
+ /**
+ * Create an instance of {@link SignedInfoType }
+ *
+ */
+ public SignedInfoType createSignedInfoType() {
+ return new SignedInfoType();
+ }
+
+ /**
+ * Create an instance of {@link KeyInfoType }
+ *
+ */
+ public KeyInfoType createKeyInfoType() {
+ return new KeyInfoType();
+ }
+
+ /**
+ * Create an instance of {@link RSAKeyValueType }
+ *
+ */
+ public RSAKeyValueType createRSAKeyValueType() {
+ return new RSAKeyValueType();
+ }
+
+ /**
+ * Create an instance of {@link JAXBElement }{@code <}{@link PGPDataType }{@code >}}
+ *
+ */
+ @XmlElementDecl(namespace = "http://www.w3.org/2000/09/xmldsig#", name = "PGPData")
+ public JAXBElement<PGPDataType> createPGPData(PGPDataType value) {
+ return new JAXBElement<PGPDataType>(_PGPData_QNAME, PGPDataType.class, null, value);
+ }
+
+ /**
+ * Create an instance of {@link JAXBElement }{@code <}{@link SPKIDataType }{@code >}}
+ *
+ */
+ @XmlElementDecl(namespace = "http://www.w3.org/2000/09/xmldsig#", name = "SPKIData")
+ public JAXBElement<SPKIDataType> createSPKIData(SPKIDataType value) {
+ return new JAXBElement<SPKIDataType>(_SPKIData_QNAME, SPKIDataType.class, null, value);
+ }
+
+ /**
+ * Create an instance of {@link JAXBElement }{@code <}{@link RetrievalMethodType }{@code >}}
+ *
+ */
+ @XmlElementDecl(namespace = "http://www.w3.org/2000/09/xmldsig#", name = "RetrievalMethod")
+ public JAXBElement<RetrievalMethodType> createRetrievalMethod(RetrievalMethodType value) {
+ return new JAXBElement<RetrievalMethodType>(_RetrievalMethod_QNAME, RetrievalMethodType.class, null, value);
+ }
+
+ /**
+ * Create an instance of {@link JAXBElement }{@code <}{@link CanonicalizationMethodType }{@code >}}
+ *
+ */
+ @XmlElementDecl(namespace = "http://www.w3.org/2000/09/xmldsig#", name = "CanonicalizationMethod")
+ public JAXBElement<CanonicalizationMethodType> createCanonicalizationMethod(CanonicalizationMethodType value) {
+ return new JAXBElement<CanonicalizationMethodType>(_CanonicalizationMethod_QNAME, CanonicalizationMethodType.class, null, value);
+ }
+
+ /**
+ * Create an instance of {@link JAXBElement }{@code <}{@link SignaturePropertyType }{@code >}}
+ *
+ */
+ @XmlElementDecl(namespace = "http://www.w3.org/2000/09/xmldsig#", name = "SignatureProperty")
+ public JAXBElement<SignaturePropertyType> createSignatureProperty(SignaturePropertyType value) {
+ return new JAXBElement<SignaturePropertyType>(_SignatureProperty_QNAME, SignaturePropertyType.class, null, value);
+ }
+
+ /**
+ * Create an instance of {@link JAXBElement }{@code <}{@link ManifestType }{@code >}}
+ *
+ */
+ @XmlElementDecl(namespace = "http://www.w3.org/2000/09/xmldsig#", name = "Manifest")
+ public JAXBElement<ManifestType> createManifest(ManifestType value) {
+ return new JAXBElement<ManifestType>(_Manifest_QNAME, ManifestType.class, null, value);
+ }
+
+ /**
+ * Create an instance of {@link JAXBElement }{@code <}{@link TransformsType }{@code >}}
+ *
+ */
+ @XmlElementDecl(namespace = "http://www.w3.org/2000/09/xmldsig#", name = "Transforms")
+ public JAXBElement<TransformsType> createTransforms(TransformsType value) {
+ return new JAXBElement<TransformsType>(_Transforms_QNAME, TransformsType.class, null, value);
+ }
+
+ /**
+ * Create an instance of {@link JAXBElement }{@code <}{@link SignatureMethodType }{@code >}}
+ *
+ */
+ @XmlElementDecl(namespace = "http://www.w3.org/2000/09/xmldsig#", name = "SignatureMethod")
+ public JAXBElement<SignatureMethodType> createSignatureMethod(SignatureMethodType value) {
+ return new JAXBElement<SignatureMethodType>(_SignatureMethod_QNAME, SignatureMethodType.class, null, value);
+ }
+
+ /**
+ * Create an instance of {@link JAXBElement }{@code <}{@link KeyInfoType }{@code >}}
+ *
+ */
+ @XmlElementDecl(namespace = "http://www.w3.org/2000/09/xmldsig#", name = "KeyInfo")
+ public JAXBElement<KeyInfoType> createKeyInfo(KeyInfoType value) {
+ return new JAXBElement<KeyInfoType>(_KeyInfo_QNAME, KeyInfoType.class, null, value);
+ }
+
+ /**
+ * Create an instance of {@link JAXBElement }{@code <}{@link DigestMethodType }{@code >}}
+ *
+ */
+ @XmlElementDecl(namespace = "http://www.w3.org/2000/09/xmldsig#", name = "DigestMethod")
+ public JAXBElement<DigestMethodType> createDigestMethod(DigestMethodType value) {
+ return new JAXBElement<DigestMethodType>(_DigestMethod_QNAME, DigestMethodType.class, null, value);
+ }
+
+ /**
+ * Create an instance of {@link JAXBElement }{@code <}{@link String }{@code >}}
+ *
+ */
+ @XmlElementDecl(namespace = "http://www.w3.org/2000/09/xmldsig#", name = "MgmtData")
+ public JAXBElement<String> createMgmtData(String value) {
+ return new JAXBElement<String>(_MgmtData_QNAME, String.class, null, value);
+ }
+
+ /**
+ * Create an instance of {@link JAXBElement }{@code <}{@link ReferenceType }{@code >}}
+ *
+ */
+ @XmlElementDecl(namespace = "http://www.w3.org/2000/09/xmldsig#", name = "Reference")
+ public JAXBElement<ReferenceType> createReference(ReferenceType value) {
+ return new JAXBElement<ReferenceType>(_Reference_QNAME, ReferenceType.class, null, value);
+ }
+
+ /**
+ * Create an instance of {@link JAXBElement }{@code <}{@link RSAKeyValueType }{@code >}}
+ *
+ */
+ @XmlElementDecl(namespace = "http://www.w3.org/2000/09/xmldsig#", name = "RSAKeyValue")
+ public JAXBElement<RSAKeyValueType> createRSAKeyValue(RSAKeyValueType value) {
+ return new JAXBElement<RSAKeyValueType>(_RSAKeyValue_QNAME, RSAKeyValueType.class, null, value);
+ }
+
+ /**
+ * Create an instance of {@link JAXBElement }{@code <}{@link SignatureType }{@code >}}
+ *
+ */
+ @XmlElementDecl(namespace = "http://www.w3.org/2000/09/xmldsig#", name = "Signature")
+ public JAXBElement<SignatureType> createSignature(SignatureType value) {
+ return new JAXBElement<SignatureType>(_Signature_QNAME, SignatureType.class, null, value);
+ }
+
+ /**
+ * Create an instance of {@link JAXBElement }{@code <}{@link DSAKeyValueType }{@code >}}
+ *
+ */
+ @XmlElementDecl(namespace = "http://www.w3.org/2000/09/xmldsig#", name = "DSAKeyValue")
+ public JAXBElement<DSAKeyValueType> createDSAKeyValue(DSAKeyValueType value) {
+ return new JAXBElement<DSAKeyValueType>(_DSAKeyValue_QNAME, DSAKeyValueType.class, null, value);
+ }
+
+ /**
+ * Create an instance of {@link JAXBElement }{@code <}{@link SignedInfoType }{@code >}}
+ *
+ */
+ @XmlElementDecl(namespace = "http://www.w3.org/2000/09/xmldsig#", name = "SignedInfo")
+ public JAXBElement<SignedInfoType> createSignedInfo(SignedInfoType value) {
+ return new JAXBElement<SignedInfoType>(_SignedInfo_QNAME, SignedInfoType.class, null, value);
+ }
+
+ /**
+ * Create an instance of {@link JAXBElement }{@code <}{@link ObjectType }{@code >}}
+ *
+ */
+ @XmlElementDecl(namespace = "http://www.w3.org/2000/09/xmldsig#", name = "Object")
+ public JAXBElement<ObjectType> createObject(ObjectType value) {
+ return new JAXBElement<ObjectType>(_Object_QNAME, ObjectType.class, null, value);
+ }
+
+ /**
+ * Create an instance of {@link JAXBElement }{@code <}{@link SignatureValueType }{@code >}}
+ *
+ */
+ @XmlElementDecl(namespace = "http://www.w3.org/2000/09/xmldsig#", name = "SignatureValue")
+ public JAXBElement<SignatureValueType> createSignatureValue(SignatureValueType value) {
+ return new JAXBElement<SignatureValueType>(_SignatureValue_QNAME, SignatureValueType.class, null, value);
+ }
+
+ /**
+ * Create an instance of {@link JAXBElement }{@code <}{@link TransformType }{@code >}}
+ *
+ */
+ @XmlElementDecl(namespace = "http://www.w3.org/2000/09/xmldsig#", name = "Transform")
+ public JAXBElement<TransformType> createTransform(TransformType value) {
+ return new JAXBElement<TransformType>(_Transform_QNAME, TransformType.class, null, value);
+ }
+
+ /**
+ * Create an instance of {@link JAXBElement }{@code <}{@link X509DataType }{@code >}}
+ *
+ */
+ @XmlElementDecl(namespace = "http://www.w3.org/2000/09/xmldsig#", name = "X509Data")
+ public JAXBElement<X509DataType> createX509Data(X509DataType value) {
+ return new JAXBElement<X509DataType>(_X509Data_QNAME, X509DataType.class, null, value);
+ }
+
+ /**
+ * Create an instance of {@link JAXBElement }{@code <}{@link String }{@code >}}
+ *
+ */
+ @XmlElementDecl(namespace = "http://www.w3.org/2000/09/xmldsig#", name = "DigestValue")
+ public JAXBElement<String> createDigestValue(String value) {
+ return new JAXBElement<String>(_DigestValue_QNAME, String.class, null, value);
+ }
+
+ /**
+ * Create an instance of {@link JAXBElement }{@code <}{@link SignaturePropertiesType }{@code >}}
+ *
+ */
+ @XmlElementDecl(namespace = "http://www.w3.org/2000/09/xmldsig#", name = "SignatureProperties")
+ public JAXBElement<SignaturePropertiesType> createSignatureProperties(SignaturePropertiesType value) {
+ return new JAXBElement<SignaturePropertiesType>(_SignatureProperties_QNAME, SignaturePropertiesType.class, null, value);
+ }
+
+ /**
+ * Create an instance of {@link JAXBElement }{@code <}{@link String }{@code >}}
+ *
+ */
+ @XmlElementDecl(namespace = "http://www.w3.org/2000/09/xmldsig#", name = "KeyName")
+ public JAXBElement<String> createKeyName(String value) {
+ return new JAXBElement<String>(_KeyName_QNAME, String.class, null, value);
+ }
+
+ /**
+ * Create an instance of {@link JAXBElement }{@code <}{@link KeyValueType }{@code >}}
+ *
+ */
+ @XmlElementDecl(namespace = "http://www.w3.org/2000/09/xmldsig#", name = "KeyValue")
+ public JAXBElement<KeyValueType> createKeyValue(KeyValueType value) {
+ return new JAXBElement<KeyValueType>(_KeyValue_QNAME, KeyValueType.class, null, value);
+ }
+
+ /**
+ * Create an instance of {@link JAXBElement }{@code <}{@link BigInteger }{@code >}}
+ *
+ */
+ @XmlElementDecl(namespace = "http://www.w3.org/2000/09/xmldsig#", name = "HMACOutputLength", scope = SignatureMethodType.class)
+ public JAXBElement<BigInteger> createSignatureMethodTypeHMACOutputLength(BigInteger value) {
+ return new JAXBElement<BigInteger>(_SignatureMethodTypeHMACOutputLength_QNAME, BigInteger.class, SignatureMethodType.class, value);
+ }
+
+ /**
+ * Create an instance of {@link JAXBElement }{@code <}{@link String }{@code >}}
+ *
+ */
+ @XmlElementDecl(namespace = "http://www.w3.org/2000/09/xmldsig#", name = "SPKISexp", scope = SPKIDataType.class)
+ public JAXBElement<String> createSPKIDataTypeSPKISexp(String value) {
+ return new JAXBElement<String>(_SPKIDataTypeSPKISexp_QNAME, String.class, SPKIDataType.class, value);
+ }
+
+ /**
+ * Create an instance of {@link JAXBElement }{@code <}{@link String }{@code >}}
+ *
+ */
+ @XmlElementDecl(namespace = "http://www.w3.org/2000/09/xmldsig#", name = "XPath", scope = TransformType.class)
+ public JAXBElement<String> createTransformTypeXPath(String value) {
+ return new JAXBElement<String>(_TransformTypeXPath_QNAME, String.class, TransformType.class, value);
+ }
+
+ /**
+ * Create an instance of {@link JAXBElement }{@code <}{@link X509IssuerSerialType }{@code >}}
+ *
+ */
+ @XmlElementDecl(namespace = "http://www.w3.org/2000/09/xmldsig#", name = "X509IssuerSerial", scope = X509DataType.class)
+ public JAXBElement<X509IssuerSerialType> createX509DataTypeX509IssuerSerial(X509IssuerSerialType value) {
+ return new JAXBElement<X509IssuerSerialType>(_X509DataTypeX509IssuerSerial_QNAME, X509IssuerSerialType.class, X509DataType.class, value);
+ }
+
+ /**
+ * Create an instance of {@link JAXBElement }{@code <}{@link String }{@code >}}
+ *
+ */
+ @XmlElementDecl(namespace = "http://www.w3.org/2000/09/xmldsig#", name = "X509Certificate", scope = X509DataType.class)
+ public JAXBElement<String> createX509DataTypeX509Certificate(String value) {
+ return new JAXBElement<String>(_X509DataTypeX509Certificate_QNAME, String.class, X509DataType.class, value);
+ }
+
+ /**
+ * Create an instance of {@link JAXBElement }{@code <}{@link String }{@code >}}
+ *
+ */
+ @XmlElementDecl(namespace = "http://www.w3.org/2000/09/xmldsig#", name = "X509SKI", scope = X509DataType.class)
+ public JAXBElement<String> createX509DataTypeX509SKI(String value) {
+ return new JAXBElement<String>(_X509DataTypeX509SKI_QNAME, String.class, X509DataType.class, value);
+ }
+
+ /**
+ * Create an instance of {@link JAXBElement }{@code <}{@link String }{@code >}}
+ *
+ */
+ @XmlElementDecl(namespace = "http://www.w3.org/2000/09/xmldsig#", name = "X509SubjectName", scope = X509DataType.class)
+ public JAXBElement<String> createX509DataTypeX509SubjectName(String value) {
+ return new JAXBElement<String>(_X509DataTypeX509SubjectName_QNAME, String.class, X509DataType.class, value);
+ }
+
+ /**
+ * Create an instance of {@link JAXBElement }{@code <}{@link String }{@code >}}
+ *
+ */
+ @XmlElementDecl(namespace = "http://www.w3.org/2000/09/xmldsig#", name = "X509CRL", scope = X509DataType.class)
+ public JAXBElement<String> createX509DataTypeX509CRL(String value) {
+ return new JAXBElement<String>(_X509DataTypeX509CRL_QNAME, String.class, X509DataType.class, value);
+ }
+
+ /**
+ * Create an instance of {@link JAXBElement }{@code <}{@link String }{@code >}}
+ *
+ */
+ @XmlElementDecl(namespace = "http://www.w3.org/2000/09/xmldsig#", name = "PGPKeyID", scope = PGPDataType.class)
+ public JAXBElement<String> createPGPDataTypePGPKeyID(String value) {
+ return new JAXBElement<String>(_PGPDataTypePGPKeyID_QNAME, String.class, PGPDataType.class, value);
+ }
+
+ /**
+ * Create an instance of {@link JAXBElement }{@code <}{@link String }{@code >}}
+ *
+ */
+ @XmlElementDecl(namespace = "http://www.w3.org/2000/09/xmldsig#", name = "PGPKeyPacket", scope = PGPDataType.class)
+ public JAXBElement<String> createPGPDataTypePGPKeyPacket(String value) {
+ return new JAXBElement<String>(_PGPDataTypePGPKeyPacket_QNAME, String.class, PGPDataType.class, value);
+ }
+
+}
diff --git a/id/server/idserverlib/src/main/java/org/w3/_2000/_09/xmldsig_/ObjectType.java b/id/server/idserverlib/src/main/java/org/w3/_2000/_09/xmldsig_/ObjectType.java
new file mode 100644
index 000000000..95313f887
--- /dev/null
+++ b/id/server/idserverlib/src/main/java/org/w3/_2000/_09/xmldsig_/ObjectType.java
@@ -0,0 +1,171 @@
+//
+// This file was generated by the JavaTM Architecture for XML Binding(JAXB) Reference Implementation, vJAXB 2.1.10 in JDK 6
+// See <a href="http://java.sun.com/xml/jaxb">http://java.sun.com/xml/jaxb</a>
+// Any modifications to this file will be lost upon recompilation of the source schema.
+// Generated on: 2013.06.19 at 11:53:10 AM CEST
+//
+
+
+package org.w3._2000._09.xmldsig_;
+
+import java.util.ArrayList;
+import java.util.List;
+import javax.xml.bind.annotation.XmlAccessType;
+import javax.xml.bind.annotation.XmlAccessorType;
+import javax.xml.bind.annotation.XmlAnyElement;
+import javax.xml.bind.annotation.XmlAttribute;
+import javax.xml.bind.annotation.XmlID;
+import javax.xml.bind.annotation.XmlMixed;
+import javax.xml.bind.annotation.XmlSchemaType;
+import javax.xml.bind.annotation.XmlType;
+import javax.xml.bind.annotation.adapters.CollapsedStringAdapter;
+import javax.xml.bind.annotation.adapters.XmlJavaTypeAdapter;
+import org.w3c.dom.Element;
+
+
+/**
+ * <p>Java class for ObjectType complex type.
+ *
+ * <p>The following schema fragment specifies the expected content contained within this class.
+ *
+ * <pre>
+ * &lt;complexType name="ObjectType">
+ * &lt;complexContent>
+ * &lt;restriction base="{http://www.w3.org/2001/XMLSchema}anyType">
+ * &lt;sequence maxOccurs="unbounded" minOccurs="0">
+ * &lt;any processContents='lax'/>
+ * &lt;/sequence>
+ * &lt;attribute name="Id" type="{http://www.w3.org/2001/XMLSchema}ID" />
+ * &lt;attribute name="MimeType" type="{http://www.w3.org/2001/XMLSchema}string" />
+ * &lt;attribute name="Encoding" type="{http://www.w3.org/2001/XMLSchema}anyURI" />
+ * &lt;/restriction>
+ * &lt;/complexContent>
+ * &lt;/complexType>
+ * </pre>
+ *
+ *
+ */
+@XmlAccessorType(XmlAccessType.FIELD)
+@XmlType(name = "ObjectType", propOrder = {
+ "content"
+})
+public class ObjectType {
+
+ @XmlMixed
+ @XmlAnyElement(lax = true)
+ protected List<Object> content;
+ @XmlAttribute(name = "Id")
+ @XmlJavaTypeAdapter(CollapsedStringAdapter.class)
+ @XmlID
+ @XmlSchemaType(name = "ID")
+ protected String id;
+ @XmlAttribute(name = "MimeType")
+ protected String mimeType;
+ @XmlAttribute(name = "Encoding")
+ @XmlSchemaType(name = "anyURI")
+ protected String encoding;
+
+ /**
+ * Gets the value of the content property.
+ *
+ * <p>
+ * This accessor method returns a reference to the live list,
+ * not a snapshot. Therefore any modification you make to the
+ * returned list will be present inside the JAXB object.
+ * This is why there is not a <CODE>set</CODE> method for the content property.
+ *
+ * <p>
+ * For example, to add a new item, do as follows:
+ * <pre>
+ * getContent().add(newItem);
+ * </pre>
+ *
+ *
+ * <p>
+ * Objects of the following type(s) are allowed in the list
+ * {@link String }
+ * {@link Element }
+ * {@link Object }
+ *
+ *
+ */
+ public List<Object> getContent() {
+ if (content == null) {
+ content = new ArrayList<Object>();
+ }
+ return this.content;
+ }
+
+ /**
+ * Gets the value of the id property.
+ *
+ * @return
+ * possible object is
+ * {@link String }
+ *
+ */
+ public String getId() {
+ return id;
+ }
+
+ /**
+ * Sets the value of the id property.
+ *
+ * @param value
+ * allowed object is
+ * {@link String }
+ *
+ */
+ public void setId(String value) {
+ this.id = value;
+ }
+
+ /**
+ * Gets the value of the mimeType property.
+ *
+ * @return
+ * possible object is
+ * {@link String }
+ *
+ */
+ public String getMimeType() {
+ return mimeType;
+ }
+
+ /**
+ * Sets the value of the mimeType property.
+ *
+ * @param value
+ * allowed object is
+ * {@link String }
+ *
+ */
+ public void setMimeType(String value) {
+ this.mimeType = value;
+ }
+
+ /**
+ * Gets the value of the encoding property.
+ *
+ * @return
+ * possible object is
+ * {@link String }
+ *
+ */
+ public String getEncoding() {
+ return encoding;
+ }
+
+ /**
+ * Sets the value of the encoding property.
+ *
+ * @param value
+ * allowed object is
+ * {@link String }
+ *
+ */
+ public void setEncoding(String value) {
+ this.encoding = value;
+ }
+
+}
diff --git a/id/server/idserverlib/src/main/java/org/w3/_2000/_09/xmldsig_/PGPDataType.java b/id/server/idserverlib/src/main/java/org/w3/_2000/_09/xmldsig_/PGPDataType.java
new file mode 100644
index 000000000..1f18a5df7
--- /dev/null
+++ b/id/server/idserverlib/src/main/java/org/w3/_2000/_09/xmldsig_/PGPDataType.java
@@ -0,0 +1,105 @@
+//
+// This file was generated by the JavaTM Architecture for XML Binding(JAXB) Reference Implementation, vJAXB 2.1.10 in JDK 6
+// See <a href="http://java.sun.com/xml/jaxb">http://java.sun.com/xml/jaxb</a>
+// Any modifications to this file will be lost upon recompilation of the source schema.
+// Generated on: 2013.06.19 at 11:53:10 AM CEST
+//
+
+
+package org.w3._2000._09.xmldsig_;
+
+import java.util.ArrayList;
+import java.util.List;
+import javax.xml.bind.JAXBElement;
+import javax.xml.bind.annotation.XmlAccessType;
+import javax.xml.bind.annotation.XmlAccessorType;
+import javax.xml.bind.annotation.XmlAnyElement;
+import javax.xml.bind.annotation.XmlElementRef;
+import javax.xml.bind.annotation.XmlElementRefs;
+import javax.xml.bind.annotation.XmlType;
+import org.w3c.dom.Element;
+
+
+/**
+ * <p>Java class for PGPDataType complex type.
+ *
+ * <p>The following schema fragment specifies the expected content contained within this class.
+ *
+ * <pre>
+ * &lt;complexType name="PGPDataType">
+ * &lt;complexContent>
+ * &lt;restriction base="{http://www.w3.org/2001/XMLSchema}anyType">
+ * &lt;choice>
+ * &lt;sequence>
+ * &lt;element name="PGPKeyID" type="{http://www.w3.org/2000/09/xmldsig#}CryptoBinary"/>
+ * &lt;element name="PGPKeyPacket" type="{http://www.w3.org/2000/09/xmldsig#}CryptoBinary" minOccurs="0"/>
+ * &lt;any processContents='lax' namespace='##other' maxOccurs="unbounded" minOccurs="0"/>
+ * &lt;/sequence>
+ * &lt;sequence>
+ * &lt;element name="PGPKeyPacket" type="{http://www.w3.org/2000/09/xmldsig#}CryptoBinary"/>
+ * &lt;any processContents='lax' namespace='##other' maxOccurs="unbounded" minOccurs="0"/>
+ * &lt;/sequence>
+ * &lt;/choice>
+ * &lt;/restriction>
+ * &lt;/complexContent>
+ * &lt;/complexType>
+ * </pre>
+ *
+ *
+ */
+@XmlAccessorType(XmlAccessType.FIELD)
+@XmlType(name = "PGPDataType", propOrder = {
+ "content"
+})
+public class PGPDataType {
+
+ @XmlElementRefs({
+ @XmlElementRef(name = "PGPKeyID", namespace = "http://www.w3.org/2000/09/xmldsig#", type = JAXBElement.class),
+ @XmlElementRef(name = "PGPKeyPacket", namespace = "http://www.w3.org/2000/09/xmldsig#", type = JAXBElement.class)
+ })
+ @XmlAnyElement(lax = true)
+ protected List<Object> content;
+
+ /**
+ * Gets the rest of the content model.
+ *
+ * <p>
+ * You are getting this "catch-all" property because of the following reason:
+ * The field name "PGPKeyPacket" is used by two different parts of a schema. See:
+ * line 190 of file:/home/afitzek/mandate_xml/W3C-XMLDSig.xsd
+ * line 186 of file:/home/afitzek/mandate_xml/W3C-XMLDSig.xsd
+ * <p>
+ * To get rid of this property, apply a property customization to one
+ * of both of the following declarations to change their names:
+ * Gets the value of the content property.
+ *
+ * <p>
+ * This accessor method returns a reference to the live list,
+ * not a snapshot. Therefore any modification you make to the
+ * returned list will be present inside the JAXB object.
+ * This is why there is not a <CODE>set</CODE> method for the content property.
+ *
+ * <p>
+ * For example, to add a new item, do as follows:
+ * <pre>
+ * getContent().add(newItem);
+ * </pre>
+ *
+ *
+ * <p>
+ * Objects of the following type(s) are allowed in the list
+ * {@link Element }
+ * {@link JAXBElement }{@code <}{@link String }{@code >}
+ * {@link JAXBElement }{@code <}{@link String }{@code >}
+ * {@link Object }
+ *
+ *
+ */
+ public List<Object> getContent() {
+ if (content == null) {
+ content = new ArrayList<Object>();
+ }
+ return this.content;
+ }
+
+}
diff --git a/id/server/idserverlib/src/main/java/org/w3/_2000/_09/xmldsig_/RSAKeyValueType.java b/id/server/idserverlib/src/main/java/org/w3/_2000/_09/xmldsig_/RSAKeyValueType.java
new file mode 100644
index 000000000..a7c7ab393
--- /dev/null
+++ b/id/server/idserverlib/src/main/java/org/w3/_2000/_09/xmldsig_/RSAKeyValueType.java
@@ -0,0 +1,97 @@
+//
+// This file was generated by the JavaTM Architecture for XML Binding(JAXB) Reference Implementation, vJAXB 2.1.10 in JDK 6
+// See <a href="http://java.sun.com/xml/jaxb">http://java.sun.com/xml/jaxb</a>
+// Any modifications to this file will be lost upon recompilation of the source schema.
+// Generated on: 2013.06.19 at 11:53:10 AM CEST
+//
+
+
+package org.w3._2000._09.xmldsig_;
+
+import javax.xml.bind.annotation.XmlAccessType;
+import javax.xml.bind.annotation.XmlAccessorType;
+import javax.xml.bind.annotation.XmlElement;
+import javax.xml.bind.annotation.XmlType;
+
+
+/**
+ * <p>Java class for RSAKeyValueType complex type.
+ *
+ * <p>The following schema fragment specifies the expected content contained within this class.
+ *
+ * <pre>
+ * &lt;complexType name="RSAKeyValueType">
+ * &lt;complexContent>
+ * &lt;restriction base="{http://www.w3.org/2001/XMLSchema}anyType">
+ * &lt;sequence>
+ * &lt;element name="Modulus" type="{http://www.w3.org/2000/09/xmldsig#}CryptoBinary"/>
+ * &lt;element name="Exponent" type="{http://www.w3.org/2000/09/xmldsig#}CryptoBinary"/>
+ * &lt;/sequence>
+ * &lt;/restriction>
+ * &lt;/complexContent>
+ * &lt;/complexType>
+ * </pre>
+ *
+ *
+ */
+@XmlAccessorType(XmlAccessType.FIELD)
+@XmlType(name = "RSAKeyValueType", propOrder = {
+ "modulus",
+ "exponent"
+})
+public class RSAKeyValueType {
+
+ @XmlElement(name = "Modulus", required = true)
+ protected String modulus;
+ @XmlElement(name = "Exponent", required = true)
+ protected String exponent;
+
+ /**
+ * Gets the value of the modulus property.
+ *
+ * @return
+ * possible object is
+ * {@link String }
+ *
+ */
+ public String getModulus() {
+ return modulus;
+ }
+
+ /**
+ * Sets the value of the modulus property.
+ *
+ * @param value
+ * allowed object is
+ * {@link String }
+ *
+ */
+ public void setModulus(String value) {
+ this.modulus = value;
+ }
+
+ /**
+ * Gets the value of the exponent property.
+ *
+ * @return
+ * possible object is
+ * {@link String }
+ *
+ */
+ public String getExponent() {
+ return exponent;
+ }
+
+ /**
+ * Sets the value of the exponent property.
+ *
+ * @param value
+ * allowed object is
+ * {@link String }
+ *
+ */
+ public void setExponent(String value) {
+ this.exponent = value;
+ }
+
+}
diff --git a/id/server/idserverlib/src/main/java/org/w3/_2000/_09/xmldsig_/ReferenceType.java b/id/server/idserverlib/src/main/java/org/w3/_2000/_09/xmldsig_/ReferenceType.java
new file mode 100644
index 000000000..74327ab2a
--- /dev/null
+++ b/id/server/idserverlib/src/main/java/org/w3/_2000/_09/xmldsig_/ReferenceType.java
@@ -0,0 +1,216 @@
+//
+// This file was generated by the JavaTM Architecture for XML Binding(JAXB) Reference Implementation, vJAXB 2.1.10 in JDK 6
+// See <a href="http://java.sun.com/xml/jaxb">http://java.sun.com/xml/jaxb</a>
+// Any modifications to this file will be lost upon recompilation of the source schema.
+// Generated on: 2013.06.19 at 11:53:10 AM CEST
+//
+
+
+package org.w3._2000._09.xmldsig_;
+
+import javax.xml.bind.annotation.XmlAccessType;
+import javax.xml.bind.annotation.XmlAccessorType;
+import javax.xml.bind.annotation.XmlAttribute;
+import javax.xml.bind.annotation.XmlElement;
+import javax.xml.bind.annotation.XmlID;
+import javax.xml.bind.annotation.XmlSchemaType;
+import javax.xml.bind.annotation.XmlType;
+import javax.xml.bind.annotation.adapters.CollapsedStringAdapter;
+import javax.xml.bind.annotation.adapters.XmlJavaTypeAdapter;
+
+
+/**
+ * <p>Java class for ReferenceType complex type.
+ *
+ * <p>The following schema fragment specifies the expected content contained within this class.
+ *
+ * <pre>
+ * &lt;complexType name="ReferenceType">
+ * &lt;complexContent>
+ * &lt;restriction base="{http://www.w3.org/2001/XMLSchema}anyType">
+ * &lt;sequence>
+ * &lt;element ref="{http://www.w3.org/2000/09/xmldsig#}Transforms" minOccurs="0"/>
+ * &lt;element ref="{http://www.w3.org/2000/09/xmldsig#}DigestMethod"/>
+ * &lt;element ref="{http://www.w3.org/2000/09/xmldsig#}DigestValue"/>
+ * &lt;/sequence>
+ * &lt;attribute name="Id" type="{http://www.w3.org/2001/XMLSchema}ID" />
+ * &lt;attribute name="URI" type="{http://www.w3.org/2001/XMLSchema}anyURI" />
+ * &lt;attribute name="Type" type="{http://www.w3.org/2001/XMLSchema}anyURI" />
+ * &lt;/restriction>
+ * &lt;/complexContent>
+ * &lt;/complexType>
+ * </pre>
+ *
+ *
+ */
+@XmlAccessorType(XmlAccessType.FIELD)
+@XmlType(name = "ReferenceType", propOrder = {
+ "transforms",
+ "digestMethod",
+ "digestValue"
+})
+public class ReferenceType {
+
+ @XmlElement(name = "Transforms")
+ protected TransformsType transforms;
+ @XmlElement(name = "DigestMethod", required = true)
+ protected DigestMethodType digestMethod;
+ @XmlElement(name = "DigestValue", required = true)
+ protected String digestValue;
+ @XmlAttribute(name = "Id")
+ @XmlJavaTypeAdapter(CollapsedStringAdapter.class)
+ @XmlID
+ @XmlSchemaType(name = "ID")
+ protected String id;
+ @XmlAttribute(name = "URI")
+ @XmlSchemaType(name = "anyURI")
+ protected String uri;
+ @XmlAttribute(name = "Type")
+ @XmlSchemaType(name = "anyURI")
+ protected String type;
+
+ /**
+ * Gets the value of the transforms property.
+ *
+ * @return
+ * possible object is
+ * {@link TransformsType }
+ *
+ */
+ public TransformsType getTransforms() {
+ return transforms;
+ }
+
+ /**
+ * Sets the value of the transforms property.
+ *
+ * @param value
+ * allowed object is
+ * {@link TransformsType }
+ *
+ */
+ public void setTransforms(TransformsType value) {
+ this.transforms = value;
+ }
+
+ /**
+ * Gets the value of the digestMethod property.
+ *
+ * @return
+ * possible object is
+ * {@link DigestMethodType }
+ *
+ */
+ public DigestMethodType getDigestMethod() {
+ return digestMethod;
+ }
+
+ /**
+ * Sets the value of the digestMethod property.
+ *
+ * @param value
+ * allowed object is
+ * {@link DigestMethodType }
+ *
+ */
+ public void setDigestMethod(DigestMethodType value) {
+ this.digestMethod = value;
+ }
+
+ /**
+ * Gets the value of the digestValue property.
+ *
+ * @return
+ * possible object is
+ * {@link String }
+ *
+ */
+ public String getDigestValue() {
+ return digestValue;
+ }
+
+ /**
+ * Sets the value of the digestValue property.
+ *
+ * @param value
+ * allowed object is
+ * {@link String }
+ *
+ */
+ public void setDigestValue(String value) {
+ this.digestValue = value;
+ }
+
+ /**
+ * Gets the value of the id property.
+ *
+ * @return
+ * possible object is
+ * {@link String }
+ *
+ */
+ public String getId() {
+ return id;
+ }
+
+ /**
+ * Sets the value of the id property.
+ *
+ * @param value
+ * allowed object is
+ * {@link String }
+ *
+ */
+ public void setId(String value) {
+ this.id = value;
+ }
+
+ /**
+ * Gets the value of the uri property.
+ *
+ * @return
+ * possible object is
+ * {@link String }
+ *
+ */
+ public String getURI() {
+ return uri;
+ }
+
+ /**
+ * Sets the value of the uri property.
+ *
+ * @param value
+ * allowed object is
+ * {@link String }
+ *
+ */
+ public void setURI(String value) {
+ this.uri = value;
+ }
+
+ /**
+ * Gets the value of the type property.
+ *
+ * @return
+ * possible object is
+ * {@link String }
+ *
+ */
+ public String getType() {
+ return type;
+ }
+
+ /**
+ * Sets the value of the type property.
+ *
+ * @param value
+ * allowed object is
+ * {@link String }
+ *
+ */
+ public void setType(String value) {
+ this.type = value;
+ }
+
+}
diff --git a/id/server/idserverlib/src/main/java/org/w3/_2000/_09/xmldsig_/RetrievalMethodType.java b/id/server/idserverlib/src/main/java/org/w3/_2000/_09/xmldsig_/RetrievalMethodType.java
new file mode 100644
index 000000000..ee006a5f4
--- /dev/null
+++ b/id/server/idserverlib/src/main/java/org/w3/_2000/_09/xmldsig_/RetrievalMethodType.java
@@ -0,0 +1,127 @@
+//
+// This file was generated by the JavaTM Architecture for XML Binding(JAXB) Reference Implementation, vJAXB 2.1.10 in JDK 6
+// See <a href="http://java.sun.com/xml/jaxb">http://java.sun.com/xml/jaxb</a>
+// Any modifications to this file will be lost upon recompilation of the source schema.
+// Generated on: 2013.06.19 at 11:53:10 AM CEST
+//
+
+
+package org.w3._2000._09.xmldsig_;
+
+import javax.xml.bind.annotation.XmlAccessType;
+import javax.xml.bind.annotation.XmlAccessorType;
+import javax.xml.bind.annotation.XmlAttribute;
+import javax.xml.bind.annotation.XmlElement;
+import javax.xml.bind.annotation.XmlSchemaType;
+import javax.xml.bind.annotation.XmlType;
+
+
+/**
+ * <p>Java class for RetrievalMethodType complex type.
+ *
+ * <p>The following schema fragment specifies the expected content contained within this class.
+ *
+ * <pre>
+ * &lt;complexType name="RetrievalMethodType">
+ * &lt;complexContent>
+ * &lt;restriction base="{http://www.w3.org/2001/XMLSchema}anyType">
+ * &lt;sequence>
+ * &lt;element name="Transforms" type="{http://www.w3.org/2000/09/xmldsig#}TransformsType" minOccurs="0"/>
+ * &lt;/sequence>
+ * &lt;attribute name="URI" type="{http://www.w3.org/2001/XMLSchema}anyURI" />
+ * &lt;attribute name="Type" type="{http://www.w3.org/2001/XMLSchema}anyURI" />
+ * &lt;/restriction>
+ * &lt;/complexContent>
+ * &lt;/complexType>
+ * </pre>
+ *
+ *
+ */
+@XmlAccessorType(XmlAccessType.FIELD)
+@XmlType(name = "RetrievalMethodType", propOrder = {
+ "transforms"
+})
+public class RetrievalMethodType {
+
+ @XmlElement(name = "Transforms")
+ protected TransformsType transforms;
+ @XmlAttribute(name = "URI")
+ @XmlSchemaType(name = "anyURI")
+ protected String uri;
+ @XmlAttribute(name = "Type")
+ @XmlSchemaType(name = "anyURI")
+ protected String type;
+
+ /**
+ * Gets the value of the transforms property.
+ *
+ * @return
+ * possible object is
+ * {@link TransformsType }
+ *
+ */
+ public TransformsType getTransforms() {
+ return transforms;
+ }
+
+ /**
+ * Sets the value of the transforms property.
+ *
+ * @param value
+ * allowed object is
+ * {@link TransformsType }
+ *
+ */
+ public void setTransforms(TransformsType value) {
+ this.transforms = value;
+ }
+
+ /**
+ * Gets the value of the uri property.
+ *
+ * @return
+ * possible object is
+ * {@link String }
+ *
+ */
+ public String getURI() {
+ return uri;
+ }
+
+ /**
+ * Sets the value of the uri property.
+ *
+ * @param value
+ * allowed object is
+ * {@link String }
+ *
+ */
+ public void setURI(String value) {
+ this.uri = value;
+ }
+
+ /**
+ * Gets the value of the type property.
+ *
+ * @return
+ * possible object is
+ * {@link String }
+ *
+ */
+ public String getType() {
+ return type;
+ }
+
+ /**
+ * Sets the value of the type property.
+ *
+ * @param value
+ * allowed object is
+ * {@link String }
+ *
+ */
+ public void setType(String value) {
+ this.type = value;
+ }
+
+}
diff --git a/id/server/idserverlib/src/main/java/org/w3/_2000/_09/xmldsig_/SPKIDataType.java b/id/server/idserverlib/src/main/java/org/w3/_2000/_09/xmldsig_/SPKIDataType.java
new file mode 100644
index 000000000..12d633339
--- /dev/null
+++ b/id/server/idserverlib/src/main/java/org/w3/_2000/_09/xmldsig_/SPKIDataType.java
@@ -0,0 +1,83 @@
+//
+// This file was generated by the JavaTM Architecture for XML Binding(JAXB) Reference Implementation, vJAXB 2.1.10 in JDK 6
+// See <a href="http://java.sun.com/xml/jaxb">http://java.sun.com/xml/jaxb</a>
+// Any modifications to this file will be lost upon recompilation of the source schema.
+// Generated on: 2013.06.19 at 11:53:10 AM CEST
+//
+
+
+package org.w3._2000._09.xmldsig_;
+
+import java.util.ArrayList;
+import java.util.List;
+import javax.xml.bind.JAXBElement;
+import javax.xml.bind.annotation.XmlAccessType;
+import javax.xml.bind.annotation.XmlAccessorType;
+import javax.xml.bind.annotation.XmlAnyElement;
+import javax.xml.bind.annotation.XmlElementRef;
+import javax.xml.bind.annotation.XmlType;
+import org.w3c.dom.Element;
+
+
+/**
+ * <p>Java class for SPKIDataType complex type.
+ *
+ * <p>The following schema fragment specifies the expected content contained within this class.
+ *
+ * <pre>
+ * &lt;complexType name="SPKIDataType">
+ * &lt;complexContent>
+ * &lt;restriction base="{http://www.w3.org/2001/XMLSchema}anyType">
+ * &lt;sequence maxOccurs="unbounded">
+ * &lt;element name="SPKISexp" type="{http://www.w3.org/2000/09/xmldsig#}CryptoBinary"/>
+ * &lt;any processContents='lax' namespace='##other' minOccurs="0"/>
+ * &lt;/sequence>
+ * &lt;/restriction>
+ * &lt;/complexContent>
+ * &lt;/complexType>
+ * </pre>
+ *
+ *
+ */
+@XmlAccessorType(XmlAccessType.FIELD)
+@XmlType(name = "SPKIDataType", propOrder = {
+ "spkiSexpAndAny"
+})
+public class SPKIDataType {
+
+ @XmlElementRef(name = "SPKISexp", namespace = "http://www.w3.org/2000/09/xmldsig#", type = JAXBElement.class)
+ @XmlAnyElement(lax = true)
+ protected List<Object> spkiSexpAndAny;
+
+ /**
+ * Gets the value of the spkiSexpAndAny property.
+ *
+ * <p>
+ * This accessor method returns a reference to the live list,
+ * not a snapshot. Therefore any modification you make to the
+ * returned list will be present inside the JAXB object.
+ * This is why there is not a <CODE>set</CODE> method for the spkiSexpAndAny property.
+ *
+ * <p>
+ * For example, to add a new item, do as follows:
+ * <pre>
+ * getSPKISexpAndAny().add(newItem);
+ * </pre>
+ *
+ *
+ * <p>
+ * Objects of the following type(s) are allowed in the list
+ * {@link Element }
+ * {@link Object }
+ * {@link JAXBElement }{@code <}{@link String }{@code >}
+ *
+ *
+ */
+ public List<Object> getSPKISexpAndAny() {
+ if (spkiSexpAndAny == null) {
+ spkiSexpAndAny = new ArrayList<Object>();
+ }
+ return this.spkiSexpAndAny;
+ }
+
+}
diff --git a/id/server/idserverlib/src/main/java/org/w3/_2000/_09/xmldsig_/SignatureMethodType.java b/id/server/idserverlib/src/main/java/org/w3/_2000/_09/xmldsig_/SignatureMethodType.java
new file mode 100644
index 000000000..35e715a26
--- /dev/null
+++ b/id/server/idserverlib/src/main/java/org/w3/_2000/_09/xmldsig_/SignatureMethodType.java
@@ -0,0 +1,115 @@
+//
+// This file was generated by the JavaTM Architecture for XML Binding(JAXB) Reference Implementation, vJAXB 2.1.10 in JDK 6
+// See <a href="http://java.sun.com/xml/jaxb">http://java.sun.com/xml/jaxb</a>
+// Any modifications to this file will be lost upon recompilation of the source schema.
+// Generated on: 2013.06.19 at 11:53:10 AM CEST
+//
+
+
+package org.w3._2000._09.xmldsig_;
+
+import java.math.BigInteger;
+import java.util.ArrayList;
+import java.util.List;
+import javax.xml.bind.JAXBElement;
+import javax.xml.bind.annotation.XmlAccessType;
+import javax.xml.bind.annotation.XmlAccessorType;
+import javax.xml.bind.annotation.XmlAnyElement;
+import javax.xml.bind.annotation.XmlAttribute;
+import javax.xml.bind.annotation.XmlElementRef;
+import javax.xml.bind.annotation.XmlMixed;
+import javax.xml.bind.annotation.XmlSchemaType;
+import javax.xml.bind.annotation.XmlType;
+
+
+/**
+ * <p>Java class for SignatureMethodType complex type.
+ *
+ * <p>The following schema fragment specifies the expected content contained within this class.
+ *
+ * <pre>
+ * &lt;complexType name="SignatureMethodType">
+ * &lt;complexContent>
+ * &lt;restriction base="{http://www.w3.org/2001/XMLSchema}anyType">
+ * &lt;sequence>
+ * &lt;element name="HMACOutputLength" type="{http://www.w3.org/2000/09/xmldsig#}HMACOutputLengthType" minOccurs="0"/>
+ * &lt;any namespace='##other' maxOccurs="unbounded" minOccurs="0"/>
+ * &lt;/sequence>
+ * &lt;attribute name="Algorithm" use="required" type="{http://www.w3.org/2001/XMLSchema}anyURI" />
+ * &lt;/restriction>
+ * &lt;/complexContent>
+ * &lt;/complexType>
+ * </pre>
+ *
+ *
+ */
+@XmlAccessorType(XmlAccessType.FIELD)
+@XmlType(name = "SignatureMethodType", propOrder = {
+ "content"
+})
+public class SignatureMethodType {
+
+ @XmlElementRef(name = "HMACOutputLength", namespace = "http://www.w3.org/2000/09/xmldsig#", type = JAXBElement.class)
+ @XmlMixed
+ @XmlAnyElement(lax = true)
+ protected List<Object> content;
+ @XmlAttribute(name = "Algorithm", required = true)
+ @XmlSchemaType(name = "anyURI")
+ protected String algorithm;
+
+ /**
+ * Gets the value of the content property.
+ *
+ * <p>
+ * This accessor method returns a reference to the live list,
+ * not a snapshot. Therefore any modification you make to the
+ * returned list will be present inside the JAXB object.
+ * This is why there is not a <CODE>set</CODE> method for the content property.
+ *
+ * <p>
+ * For example, to add a new item, do as follows:
+ * <pre>
+ * getContent().add(newItem);
+ * </pre>
+ *
+ *
+ * <p>
+ * Objects of the following type(s) are allowed in the list
+ * {@link String }
+ * {@link Object }
+ * {@link JAXBElement }{@code <}{@link BigInteger }{@code >}
+ *
+ *
+ */
+ public List<Object> getContent() {
+ if (content == null) {
+ content = new ArrayList<Object>();
+ }
+ return this.content;
+ }
+
+ /**
+ * Gets the value of the algorithm property.
+ *
+ * @return
+ * possible object is
+ * {@link String }
+ *
+ */
+ public String getAlgorithm() {
+ return algorithm;
+ }
+
+ /**
+ * Sets the value of the algorithm property.
+ *
+ * @param value
+ * allowed object is
+ * {@link String }
+ *
+ */
+ public void setAlgorithm(String value) {
+ this.algorithm = value;
+ }
+
+}
diff --git a/id/server/idserverlib/src/main/java/org/w3/_2000/_09/xmldsig_/SignaturePropertiesType.java b/id/server/idserverlib/src/main/java/org/w3/_2000/_09/xmldsig_/SignaturePropertiesType.java
new file mode 100644
index 000000000..20da01d83
--- /dev/null
+++ b/id/server/idserverlib/src/main/java/org/w3/_2000/_09/xmldsig_/SignaturePropertiesType.java
@@ -0,0 +1,111 @@
+//
+// This file was generated by the JavaTM Architecture for XML Binding(JAXB) Reference Implementation, vJAXB 2.1.10 in JDK 6
+// See <a href="http://java.sun.com/xml/jaxb">http://java.sun.com/xml/jaxb</a>
+// Any modifications to this file will be lost upon recompilation of the source schema.
+// Generated on: 2013.06.19 at 11:53:10 AM CEST
+//
+
+
+package org.w3._2000._09.xmldsig_;
+
+import java.util.ArrayList;
+import java.util.List;
+import javax.xml.bind.annotation.XmlAccessType;
+import javax.xml.bind.annotation.XmlAccessorType;
+import javax.xml.bind.annotation.XmlAttribute;
+import javax.xml.bind.annotation.XmlElement;
+import javax.xml.bind.annotation.XmlID;
+import javax.xml.bind.annotation.XmlSchemaType;
+import javax.xml.bind.annotation.XmlType;
+import javax.xml.bind.annotation.adapters.CollapsedStringAdapter;
+import javax.xml.bind.annotation.adapters.XmlJavaTypeAdapter;
+
+
+/**
+ * <p>Java class for SignaturePropertiesType complex type.
+ *
+ * <p>The following schema fragment specifies the expected content contained within this class.
+ *
+ * <pre>
+ * &lt;complexType name="SignaturePropertiesType">
+ * &lt;complexContent>
+ * &lt;restriction base="{http://www.w3.org/2001/XMLSchema}anyType">
+ * &lt;sequence>
+ * &lt;element ref="{http://www.w3.org/2000/09/xmldsig#}SignatureProperty" maxOccurs="unbounded"/>
+ * &lt;/sequence>
+ * &lt;attribute name="Id" type="{http://www.w3.org/2001/XMLSchema}ID" />
+ * &lt;/restriction>
+ * &lt;/complexContent>
+ * &lt;/complexType>
+ * </pre>
+ *
+ *
+ */
+@XmlAccessorType(XmlAccessType.FIELD)
+@XmlType(name = "SignaturePropertiesType", propOrder = {
+ "signatureProperty"
+})
+public class SignaturePropertiesType {
+
+ @XmlElement(name = "SignatureProperty", required = true)
+ protected List<SignaturePropertyType> signatureProperty;
+ @XmlAttribute(name = "Id")
+ @XmlJavaTypeAdapter(CollapsedStringAdapter.class)
+ @XmlID
+ @XmlSchemaType(name = "ID")
+ protected String id;
+
+ /**
+ * Gets the value of the signatureProperty property.
+ *
+ * <p>
+ * This accessor method returns a reference to the live list,
+ * not a snapshot. Therefore any modification you make to the
+ * returned list will be present inside the JAXB object.
+ * This is why there is not a <CODE>set</CODE> method for the signatureProperty property.
+ *
+ * <p>
+ * For example, to add a new item, do as follows:
+ * <pre>
+ * getSignatureProperty().add(newItem);
+ * </pre>
+ *
+ *
+ * <p>
+ * Objects of the following type(s) are allowed in the list
+ * {@link SignaturePropertyType }
+ *
+ *
+ */
+ public List<SignaturePropertyType> getSignatureProperty() {
+ if (signatureProperty == null) {
+ signatureProperty = new ArrayList<SignaturePropertyType>();
+ }
+ return this.signatureProperty;
+ }
+
+ /**
+ * Gets the value of the id property.
+ *
+ * @return
+ * possible object is
+ * {@link String }
+ *
+ */
+ public String getId() {
+ return id;
+ }
+
+ /**
+ * Sets the value of the id property.
+ *
+ * @param value
+ * allowed object is
+ * {@link String }
+ *
+ */
+ public void setId(String value) {
+ this.id = value;
+ }
+
+}
diff --git a/id/server/idserverlib/src/main/java/org/w3/_2000/_09/xmldsig_/SignaturePropertyType.java b/id/server/idserverlib/src/main/java/org/w3/_2000/_09/xmldsig_/SignaturePropertyType.java
new file mode 100644
index 000000000..52f630ae8
--- /dev/null
+++ b/id/server/idserverlib/src/main/java/org/w3/_2000/_09/xmldsig_/SignaturePropertyType.java
@@ -0,0 +1,144 @@
+//
+// This file was generated by the JavaTM Architecture for XML Binding(JAXB) Reference Implementation, vJAXB 2.1.10 in JDK 6
+// See <a href="http://java.sun.com/xml/jaxb">http://java.sun.com/xml/jaxb</a>
+// Any modifications to this file will be lost upon recompilation of the source schema.
+// Generated on: 2013.06.19 at 11:53:10 AM CEST
+//
+
+
+package org.w3._2000._09.xmldsig_;
+
+import java.util.ArrayList;
+import java.util.List;
+import javax.xml.bind.annotation.XmlAccessType;
+import javax.xml.bind.annotation.XmlAccessorType;
+import javax.xml.bind.annotation.XmlAnyElement;
+import javax.xml.bind.annotation.XmlAttribute;
+import javax.xml.bind.annotation.XmlID;
+import javax.xml.bind.annotation.XmlMixed;
+import javax.xml.bind.annotation.XmlSchemaType;
+import javax.xml.bind.annotation.XmlType;
+import javax.xml.bind.annotation.adapters.CollapsedStringAdapter;
+import javax.xml.bind.annotation.adapters.XmlJavaTypeAdapter;
+import org.w3c.dom.Element;
+
+
+/**
+ * <p>Java class for SignaturePropertyType complex type.
+ *
+ * <p>The following schema fragment specifies the expected content contained within this class.
+ *
+ * <pre>
+ * &lt;complexType name="SignaturePropertyType">
+ * &lt;complexContent>
+ * &lt;restriction base="{http://www.w3.org/2001/XMLSchema}anyType">
+ * &lt;choice maxOccurs="unbounded">
+ * &lt;any processContents='lax' namespace='##other'/>
+ * &lt;/choice>
+ * &lt;attribute name="Target" use="required" type="{http://www.w3.org/2001/XMLSchema}anyURI" />
+ * &lt;attribute name="Id" type="{http://www.w3.org/2001/XMLSchema}ID" />
+ * &lt;/restriction>
+ * &lt;/complexContent>
+ * &lt;/complexType>
+ * </pre>
+ *
+ *
+ */
+@XmlAccessorType(XmlAccessType.FIELD)
+@XmlType(name = "SignaturePropertyType", propOrder = {
+ "content"
+})
+public class SignaturePropertyType {
+
+ @XmlMixed
+ @XmlAnyElement(lax = true)
+ protected List<Object> content;
+ @XmlAttribute(name = "Target", required = true)
+ @XmlSchemaType(name = "anyURI")
+ protected String target;
+ @XmlAttribute(name = "Id")
+ @XmlJavaTypeAdapter(CollapsedStringAdapter.class)
+ @XmlID
+ @XmlSchemaType(name = "ID")
+ protected String id;
+
+ /**
+ * Gets the value of the content property.
+ *
+ * <p>
+ * This accessor method returns a reference to the live list,
+ * not a snapshot. Therefore any modification you make to the
+ * returned list will be present inside the JAXB object.
+ * This is why there is not a <CODE>set</CODE> method for the content property.
+ *
+ * <p>
+ * For example, to add a new item, do as follows:
+ * <pre>
+ * getContent().add(newItem);
+ * </pre>
+ *
+ *
+ * <p>
+ * Objects of the following type(s) are allowed in the list
+ * {@link String }
+ * {@link Element }
+ * {@link Object }
+ *
+ *
+ */
+ public List<Object> getContent() {
+ if (content == null) {
+ content = new ArrayList<Object>();
+ }
+ return this.content;
+ }
+
+ /**
+ * Gets the value of the target property.
+ *
+ * @return
+ * possible object is
+ * {@link String }
+ *
+ */
+ public String getTarget() {
+ return target;
+ }
+
+ /**
+ * Sets the value of the target property.
+ *
+ * @param value
+ * allowed object is
+ * {@link String }
+ *
+ */
+ public void setTarget(String value) {
+ this.target = value;
+ }
+
+ /**
+ * Gets the value of the id property.
+ *
+ * @return
+ * possible object is
+ * {@link String }
+ *
+ */
+ public String getId() {
+ return id;
+ }
+
+ /**
+ * Sets the value of the id property.
+ *
+ * @param value
+ * allowed object is
+ * {@link String }
+ *
+ */
+ public void setId(String value) {
+ this.id = value;
+ }
+
+}
diff --git a/id/server/idserverlib/src/main/java/org/w3/_2000/_09/xmldsig_/SignatureType.java b/id/server/idserverlib/src/main/java/org/w3/_2000/_09/xmldsig_/SignatureType.java
new file mode 100644
index 000000000..c4f33b799
--- /dev/null
+++ b/id/server/idserverlib/src/main/java/org/w3/_2000/_09/xmldsig_/SignatureType.java
@@ -0,0 +1,195 @@
+//
+// This file was generated by the JavaTM Architecture for XML Binding(JAXB) Reference Implementation, vJAXB 2.1.10 in JDK 6
+// See <a href="http://java.sun.com/xml/jaxb">http://java.sun.com/xml/jaxb</a>
+// Any modifications to this file will be lost upon recompilation of the source schema.
+// Generated on: 2013.06.19 at 11:53:10 AM CEST
+//
+
+
+package org.w3._2000._09.xmldsig_;
+
+import java.util.ArrayList;
+import java.util.List;
+import javax.xml.bind.annotation.XmlAccessType;
+import javax.xml.bind.annotation.XmlAccessorType;
+import javax.xml.bind.annotation.XmlAttribute;
+import javax.xml.bind.annotation.XmlElement;
+import javax.xml.bind.annotation.XmlID;
+import javax.xml.bind.annotation.XmlSchemaType;
+import javax.xml.bind.annotation.XmlType;
+import javax.xml.bind.annotation.adapters.CollapsedStringAdapter;
+import javax.xml.bind.annotation.adapters.XmlJavaTypeAdapter;
+
+
+/**
+ * <p>Java class for SignatureType complex type.
+ *
+ * <p>The following schema fragment specifies the expected content contained within this class.
+ *
+ * <pre>
+ * &lt;complexType name="SignatureType">
+ * &lt;complexContent>
+ * &lt;restriction base="{http://www.w3.org/2001/XMLSchema}anyType">
+ * &lt;sequence>
+ * &lt;element ref="{http://www.w3.org/2000/09/xmldsig#}SignedInfo"/>
+ * &lt;element ref="{http://www.w3.org/2000/09/xmldsig#}SignatureValue"/>
+ * &lt;element ref="{http://www.w3.org/2000/09/xmldsig#}KeyInfo" minOccurs="0"/>
+ * &lt;element ref="{http://www.w3.org/2000/09/xmldsig#}Object" maxOccurs="unbounded" minOccurs="0"/>
+ * &lt;/sequence>
+ * &lt;attribute name="Id" type="{http://www.w3.org/2001/XMLSchema}ID" />
+ * &lt;/restriction>
+ * &lt;/complexContent>
+ * &lt;/complexType>
+ * </pre>
+ *
+ *
+ */
+@XmlAccessorType(XmlAccessType.FIELD)
+@XmlType(name = "SignatureType", propOrder = {
+ "signedInfo",
+ "signatureValue",
+ "keyInfo",
+ "object"
+})
+public class SignatureType {
+
+ @XmlElement(name = "SignedInfo", required = true)
+ protected SignedInfoType signedInfo;
+ @XmlElement(name = "SignatureValue", required = true)
+ protected SignatureValueType signatureValue;
+ @XmlElement(name = "KeyInfo")
+ protected KeyInfoType keyInfo;
+ @XmlElement(name = "Object")
+ protected List<ObjectType> object;
+ @XmlAttribute(name = "Id")
+ @XmlJavaTypeAdapter(CollapsedStringAdapter.class)
+ @XmlID
+ @XmlSchemaType(name = "ID")
+ protected String id;
+
+ /**
+ * Gets the value of the signedInfo property.
+ *
+ * @return
+ * possible object is
+ * {@link SignedInfoType }
+ *
+ */
+ public SignedInfoType getSignedInfo() {
+ return signedInfo;
+ }
+
+ /**
+ * Sets the value of the signedInfo property.
+ *
+ * @param value
+ * allowed object is
+ * {@link SignedInfoType }
+ *
+ */
+ public void setSignedInfo(SignedInfoType value) {
+ this.signedInfo = value;
+ }
+
+ /**
+ * Gets the value of the signatureValue property.
+ *
+ * @return
+ * possible object is
+ * {@link SignatureValueType }
+ *
+ */
+ public SignatureValueType getSignatureValue() {
+ return signatureValue;
+ }
+
+ /**
+ * Sets the value of the signatureValue property.
+ *
+ * @param value
+ * allowed object is
+ * {@link SignatureValueType }
+ *
+ */
+ public void setSignatureValue(SignatureValueType value) {
+ this.signatureValue = value;
+ }
+
+ /**
+ * Gets the value of the keyInfo property.
+ *
+ * @return
+ * possible object is
+ * {@link KeyInfoType }
+ *
+ */
+ public KeyInfoType getKeyInfo() {
+ return keyInfo;
+ }
+
+ /**
+ * Sets the value of the keyInfo property.
+ *
+ * @param value
+ * allowed object is
+ * {@link KeyInfoType }
+ *
+ */
+ public void setKeyInfo(KeyInfoType value) {
+ this.keyInfo = value;
+ }
+
+ /**
+ * Gets the value of the object property.
+ *
+ * <p>
+ * This accessor method returns a reference to the live list,
+ * not a snapshot. Therefore any modification you make to the
+ * returned list will be present inside the JAXB object.
+ * This is why there is not a <CODE>set</CODE> method for the object property.
+ *
+ * <p>
+ * For example, to add a new item, do as follows:
+ * <pre>
+ * getObject().add(newItem);
+ * </pre>
+ *
+ *
+ * <p>
+ * Objects of the following type(s) are allowed in the list
+ * {@link ObjectType }
+ *
+ *
+ */
+ public List<ObjectType> getObject() {
+ if (object == null) {
+ object = new ArrayList<ObjectType>();
+ }
+ return this.object;
+ }
+
+ /**
+ * Gets the value of the id property.
+ *
+ * @return
+ * possible object is
+ * {@link String }
+ *
+ */
+ public String getId() {
+ return id;
+ }
+
+ /**
+ * Sets the value of the id property.
+ *
+ * @param value
+ * allowed object is
+ * {@link String }
+ *
+ */
+ public void setId(String value) {
+ this.id = value;
+ }
+
+}
diff --git a/id/server/idserverlib/src/main/java/org/w3/_2000/_09/xmldsig_/SignatureValueType.java b/id/server/idserverlib/src/main/java/org/w3/_2000/_09/xmldsig_/SignatureValueType.java
new file mode 100644
index 000000000..92e9ca169
--- /dev/null
+++ b/id/server/idserverlib/src/main/java/org/w3/_2000/_09/xmldsig_/SignatureValueType.java
@@ -0,0 +1,101 @@
+//
+// This file was generated by the JavaTM Architecture for XML Binding(JAXB) Reference Implementation, vJAXB 2.1.10 in JDK 6
+// See <a href="http://java.sun.com/xml/jaxb">http://java.sun.com/xml/jaxb</a>
+// Any modifications to this file will be lost upon recompilation of the source schema.
+// Generated on: 2013.06.19 at 11:53:10 AM CEST
+//
+
+
+package org.w3._2000._09.xmldsig_;
+
+import javax.xml.bind.annotation.XmlAccessType;
+import javax.xml.bind.annotation.XmlAccessorType;
+import javax.xml.bind.annotation.XmlAttribute;
+import javax.xml.bind.annotation.XmlID;
+import javax.xml.bind.annotation.XmlSchemaType;
+import javax.xml.bind.annotation.XmlType;
+import javax.xml.bind.annotation.XmlValue;
+import javax.xml.bind.annotation.adapters.CollapsedStringAdapter;
+import javax.xml.bind.annotation.adapters.XmlJavaTypeAdapter;
+
+
+/**
+ * <p>Java class for SignatureValueType complex type.
+ *
+ * <p>The following schema fragment specifies the expected content contained within this class.
+ *
+ * <pre>
+ * &lt;complexType name="SignatureValueType">
+ * &lt;simpleContent>
+ * &lt;extension base="&lt;http://www.w3.org/2000/09/xmldsig#>CryptoBinary">
+ * &lt;attribute name="Id" type="{http://www.w3.org/2001/XMLSchema}ID" />
+ * &lt;/extension>
+ * &lt;/simpleContent>
+ * &lt;/complexType>
+ * </pre>
+ *
+ *
+ */
+@XmlAccessorType(XmlAccessType.FIELD)
+@XmlType(name = "SignatureValueType", propOrder = {
+ "value"
+})
+public class SignatureValueType {
+
+ @XmlValue
+ protected String value;
+ @XmlAttribute(name = "Id")
+ @XmlJavaTypeAdapter(CollapsedStringAdapter.class)
+ @XmlID
+ @XmlSchemaType(name = "ID")
+ protected String id;
+
+ /**
+ * Gets the value of the value property.
+ *
+ * @return
+ * possible object is
+ * {@link String }
+ *
+ */
+ public String getValue() {
+ return value;
+ }
+
+ /**
+ * Sets the value of the value property.
+ *
+ * @param value
+ * allowed object is
+ * {@link String }
+ *
+ */
+ public void setValue(String value) {
+ this.value = value;
+ }
+
+ /**
+ * Gets the value of the id property.
+ *
+ * @return
+ * possible object is
+ * {@link String }
+ *
+ */
+ public String getId() {
+ return id;
+ }
+
+ /**
+ * Sets the value of the id property.
+ *
+ * @param value
+ * allowed object is
+ * {@link String }
+ *
+ */
+ public void setId(String value) {
+ this.id = value;
+ }
+
+}
diff --git a/id/server/idserverlib/src/main/java/org/w3/_2000/_09/xmldsig_/SignedInfoType.java b/id/server/idserverlib/src/main/java/org/w3/_2000/_09/xmldsig_/SignedInfoType.java
new file mode 100644
index 000000000..8b87feb7c
--- /dev/null
+++ b/id/server/idserverlib/src/main/java/org/w3/_2000/_09/xmldsig_/SignedInfoType.java
@@ -0,0 +1,167 @@
+//
+// This file was generated by the JavaTM Architecture for XML Binding(JAXB) Reference Implementation, vJAXB 2.1.10 in JDK 6
+// See <a href="http://java.sun.com/xml/jaxb">http://java.sun.com/xml/jaxb</a>
+// Any modifications to this file will be lost upon recompilation of the source schema.
+// Generated on: 2013.06.19 at 11:53:10 AM CEST
+//
+
+
+package org.w3._2000._09.xmldsig_;
+
+import java.util.ArrayList;
+import java.util.List;
+import javax.xml.bind.annotation.XmlAccessType;
+import javax.xml.bind.annotation.XmlAccessorType;
+import javax.xml.bind.annotation.XmlAttribute;
+import javax.xml.bind.annotation.XmlElement;
+import javax.xml.bind.annotation.XmlID;
+import javax.xml.bind.annotation.XmlSchemaType;
+import javax.xml.bind.annotation.XmlType;
+import javax.xml.bind.annotation.adapters.CollapsedStringAdapter;
+import javax.xml.bind.annotation.adapters.XmlJavaTypeAdapter;
+
+
+/**
+ * <p>Java class for SignedInfoType complex type.
+ *
+ * <p>The following schema fragment specifies the expected content contained within this class.
+ *
+ * <pre>
+ * &lt;complexType name="SignedInfoType">
+ * &lt;complexContent>
+ * &lt;restriction base="{http://www.w3.org/2001/XMLSchema}anyType">
+ * &lt;sequence>
+ * &lt;element ref="{http://www.w3.org/2000/09/xmldsig#}CanonicalizationMethod"/>
+ * &lt;element ref="{http://www.w3.org/2000/09/xmldsig#}SignatureMethod"/>
+ * &lt;element ref="{http://www.w3.org/2000/09/xmldsig#}Reference" maxOccurs="unbounded"/>
+ * &lt;/sequence>
+ * &lt;attribute name="Id" type="{http://www.w3.org/2001/XMLSchema}ID" />
+ * &lt;/restriction>
+ * &lt;/complexContent>
+ * &lt;/complexType>
+ * </pre>
+ *
+ *
+ */
+@XmlAccessorType(XmlAccessType.FIELD)
+@XmlType(name = "SignedInfoType", propOrder = {
+ "canonicalizationMethod",
+ "signatureMethod",
+ "reference"
+})
+public class SignedInfoType {
+
+ @XmlElement(name = "CanonicalizationMethod", required = true)
+ protected CanonicalizationMethodType canonicalizationMethod;
+ @XmlElement(name = "SignatureMethod", required = true)
+ protected SignatureMethodType signatureMethod;
+ @XmlElement(name = "Reference", required = true)
+ protected List<ReferenceType> reference;
+ @XmlAttribute(name = "Id")
+ @XmlJavaTypeAdapter(CollapsedStringAdapter.class)
+ @XmlID
+ @XmlSchemaType(name = "ID")
+ protected String id;
+
+ /**
+ * Gets the value of the canonicalizationMethod property.
+ *
+ * @return
+ * possible object is
+ * {@link CanonicalizationMethodType }
+ *
+ */
+ public CanonicalizationMethodType getCanonicalizationMethod() {
+ return canonicalizationMethod;
+ }
+
+ /**
+ * Sets the value of the canonicalizationMethod property.
+ *
+ * @param value
+ * allowed object is
+ * {@link CanonicalizationMethodType }
+ *
+ */
+ public void setCanonicalizationMethod(CanonicalizationMethodType value) {
+ this.canonicalizationMethod = value;
+ }
+
+ /**
+ * Gets the value of the signatureMethod property.
+ *
+ * @return
+ * possible object is
+ * {@link SignatureMethodType }
+ *
+ */
+ public SignatureMethodType getSignatureMethod() {
+ return signatureMethod;
+ }
+
+ /**
+ * Sets the value of the signatureMethod property.
+ *
+ * @param value
+ * allowed object is
+ * {@link SignatureMethodType }
+ *
+ */
+ public void setSignatureMethod(SignatureMethodType value) {
+ this.signatureMethod = value;
+ }
+
+ /**
+ * Gets the value of the reference property.
+ *
+ * <p>
+ * This accessor method returns a reference to the live list,
+ * not a snapshot. Therefore any modification you make to the
+ * returned list will be present inside the JAXB object.
+ * This is why there is not a <CODE>set</CODE> method for the reference property.
+ *
+ * <p>
+ * For example, to add a new item, do as follows:
+ * <pre>
+ * getReference().add(newItem);
+ * </pre>
+ *
+ *
+ * <p>
+ * Objects of the following type(s) are allowed in the list
+ * {@link ReferenceType }
+ *
+ *
+ */
+ public List<ReferenceType> getReference() {
+ if (reference == null) {
+ reference = new ArrayList<ReferenceType>();
+ }
+ return this.reference;
+ }
+
+ /**
+ * Gets the value of the id property.
+ *
+ * @return
+ * possible object is
+ * {@link String }
+ *
+ */
+ public String getId() {
+ return id;
+ }
+
+ /**
+ * Sets the value of the id property.
+ *
+ * @param value
+ * allowed object is
+ * {@link String }
+ *
+ */
+ public void setId(String value) {
+ this.id = value;
+ }
+
+}
diff --git a/id/server/idserverlib/src/main/java/org/w3/_2000/_09/xmldsig_/TransformType.java b/id/server/idserverlib/src/main/java/org/w3/_2000/_09/xmldsig_/TransformType.java
new file mode 100644
index 000000000..1ac4bb0f1
--- /dev/null
+++ b/id/server/idserverlib/src/main/java/org/w3/_2000/_09/xmldsig_/TransformType.java
@@ -0,0 +1,116 @@
+//
+// This file was generated by the JavaTM Architecture for XML Binding(JAXB) Reference Implementation, vJAXB 2.1.10 in JDK 6
+// See <a href="http://java.sun.com/xml/jaxb">http://java.sun.com/xml/jaxb</a>
+// Any modifications to this file will be lost upon recompilation of the source schema.
+// Generated on: 2013.06.19 at 11:53:10 AM CEST
+//
+
+
+package org.w3._2000._09.xmldsig_;
+
+import java.util.ArrayList;
+import java.util.List;
+import javax.xml.bind.JAXBElement;
+import javax.xml.bind.annotation.XmlAccessType;
+import javax.xml.bind.annotation.XmlAccessorType;
+import javax.xml.bind.annotation.XmlAnyElement;
+import javax.xml.bind.annotation.XmlAttribute;
+import javax.xml.bind.annotation.XmlElementRef;
+import javax.xml.bind.annotation.XmlMixed;
+import javax.xml.bind.annotation.XmlSchemaType;
+import javax.xml.bind.annotation.XmlType;
+import org.w3c.dom.Element;
+
+
+/**
+ * <p>Java class for TransformType complex type.
+ *
+ * <p>The following schema fragment specifies the expected content contained within this class.
+ *
+ * <pre>
+ * &lt;complexType name="TransformType">
+ * &lt;complexContent>
+ * &lt;restriction base="{http://www.w3.org/2001/XMLSchema}anyType">
+ * &lt;choice maxOccurs="unbounded" minOccurs="0">
+ * &lt;any processContents='lax' namespace='##other'/>
+ * &lt;element name="XPath" type="{http://www.w3.org/2001/XMLSchema}string"/>
+ * &lt;/choice>
+ * &lt;attribute name="Algorithm" use="required" type="{http://www.w3.org/2001/XMLSchema}anyURI" />
+ * &lt;/restriction>
+ * &lt;/complexContent>
+ * &lt;/complexType>
+ * </pre>
+ *
+ *
+ */
+@XmlAccessorType(XmlAccessType.FIELD)
+@XmlType(name = "TransformType", propOrder = {
+ "content"
+})
+public class TransformType {
+
+ @XmlElementRef(name = "XPath", namespace = "http://www.w3.org/2000/09/xmldsig#", type = JAXBElement.class)
+ @XmlMixed
+ @XmlAnyElement(lax = true)
+ protected List<Object> content;
+ @XmlAttribute(name = "Algorithm", required = true)
+ @XmlSchemaType(name = "anyURI")
+ protected String algorithm;
+
+ /**
+ * Gets the value of the content property.
+ *
+ * <p>
+ * This accessor method returns a reference to the live list,
+ * not a snapshot. Therefore any modification you make to the
+ * returned list will be present inside the JAXB object.
+ * This is why there is not a <CODE>set</CODE> method for the content property.
+ *
+ * <p>
+ * For example, to add a new item, do as follows:
+ * <pre>
+ * getContent().add(newItem);
+ * </pre>
+ *
+ *
+ * <p>
+ * Objects of the following type(s) are allowed in the list
+ * {@link Element }
+ * {@link String }
+ * {@link JAXBElement }{@code <}{@link String }{@code >}
+ * {@link Object }
+ *
+ *
+ */
+ public List<Object> getContent() {
+ if (content == null) {
+ content = new ArrayList<Object>();
+ }
+ return this.content;
+ }
+
+ /**
+ * Gets the value of the algorithm property.
+ *
+ * @return
+ * possible object is
+ * {@link String }
+ *
+ */
+ public String getAlgorithm() {
+ return algorithm;
+ }
+
+ /**
+ * Sets the value of the algorithm property.
+ *
+ * @param value
+ * allowed object is
+ * {@link String }
+ *
+ */
+ public void setAlgorithm(String value) {
+ this.algorithm = value;
+ }
+
+}
diff --git a/id/server/idserverlib/src/main/java/org/w3/_2000/_09/xmldsig_/TransformsType.java b/id/server/idserverlib/src/main/java/org/w3/_2000/_09/xmldsig_/TransformsType.java
new file mode 100644
index 000000000..243e1aa52
--- /dev/null
+++ b/id/server/idserverlib/src/main/java/org/w3/_2000/_09/xmldsig_/TransformsType.java
@@ -0,0 +1,76 @@
+//
+// This file was generated by the JavaTM Architecture for XML Binding(JAXB) Reference Implementation, vJAXB 2.1.10 in JDK 6
+// See <a href="http://java.sun.com/xml/jaxb">http://java.sun.com/xml/jaxb</a>
+// Any modifications to this file will be lost upon recompilation of the source schema.
+// Generated on: 2013.06.19 at 11:53:10 AM CEST
+//
+
+
+package org.w3._2000._09.xmldsig_;
+
+import java.util.ArrayList;
+import java.util.List;
+import javax.xml.bind.annotation.XmlAccessType;
+import javax.xml.bind.annotation.XmlAccessorType;
+import javax.xml.bind.annotation.XmlElement;
+import javax.xml.bind.annotation.XmlType;
+
+
+/**
+ * <p>Java class for TransformsType complex type.
+ *
+ * <p>The following schema fragment specifies the expected content contained within this class.
+ *
+ * <pre>
+ * &lt;complexType name="TransformsType">
+ * &lt;complexContent>
+ * &lt;restriction base="{http://www.w3.org/2001/XMLSchema}anyType">
+ * &lt;sequence>
+ * &lt;element ref="{http://www.w3.org/2000/09/xmldsig#}Transform" maxOccurs="unbounded"/>
+ * &lt;/sequence>
+ * &lt;/restriction>
+ * &lt;/complexContent>
+ * &lt;/complexType>
+ * </pre>
+ *
+ *
+ */
+@XmlAccessorType(XmlAccessType.FIELD)
+@XmlType(name = "TransformsType", propOrder = {
+ "transform"
+})
+public class TransformsType {
+
+ @XmlElement(name = "Transform", required = true)
+ protected List<TransformType> transform;
+
+ /**
+ * Gets the value of the transform property.
+ *
+ * <p>
+ * This accessor method returns a reference to the live list,
+ * not a snapshot. Therefore any modification you make to the
+ * returned list will be present inside the JAXB object.
+ * This is why there is not a <CODE>set</CODE> method for the transform property.
+ *
+ * <p>
+ * For example, to add a new item, do as follows:
+ * <pre>
+ * getTransform().add(newItem);
+ * </pre>
+ *
+ *
+ * <p>
+ * Objects of the following type(s) are allowed in the list
+ * {@link TransformType }
+ *
+ *
+ */
+ public List<TransformType> getTransform() {
+ if (transform == null) {
+ transform = new ArrayList<TransformType>();
+ }
+ return this.transform;
+ }
+
+}
diff --git a/id/server/idserverlib/src/main/java/org/w3/_2000/_09/xmldsig_/X509DataType.java b/id/server/idserverlib/src/main/java/org/w3/_2000/_09/xmldsig_/X509DataType.java
new file mode 100644
index 000000000..e58941023
--- /dev/null
+++ b/id/server/idserverlib/src/main/java/org/w3/_2000/_09/xmldsig_/X509DataType.java
@@ -0,0 +1,100 @@
+//
+// This file was generated by the JavaTM Architecture for XML Binding(JAXB) Reference Implementation, vJAXB 2.1.10 in JDK 6
+// See <a href="http://java.sun.com/xml/jaxb">http://java.sun.com/xml/jaxb</a>
+// Any modifications to this file will be lost upon recompilation of the source schema.
+// Generated on: 2013.06.19 at 11:53:10 AM CEST
+//
+
+
+package org.w3._2000._09.xmldsig_;
+
+import java.util.ArrayList;
+import java.util.List;
+import javax.xml.bind.JAXBElement;
+import javax.xml.bind.annotation.XmlAccessType;
+import javax.xml.bind.annotation.XmlAccessorType;
+import javax.xml.bind.annotation.XmlAnyElement;
+import javax.xml.bind.annotation.XmlElementRef;
+import javax.xml.bind.annotation.XmlElementRefs;
+import javax.xml.bind.annotation.XmlType;
+import org.w3c.dom.Element;
+
+
+/**
+ * <p>Java class for X509DataType complex type.
+ *
+ * <p>The following schema fragment specifies the expected content contained within this class.
+ *
+ * <pre>
+ * &lt;complexType name="X509DataType">
+ * &lt;complexContent>
+ * &lt;restriction base="{http://www.w3.org/2001/XMLSchema}anyType">
+ * &lt;sequence maxOccurs="unbounded">
+ * &lt;choice>
+ * &lt;element name="X509IssuerSerial" type="{http://www.w3.org/2000/09/xmldsig#}X509IssuerSerialType"/>
+ * &lt;element name="X509SKI" type="{http://www.w3.org/2000/09/xmldsig#}CryptoBinary"/>
+ * &lt;element name="X509SubjectName" type="{http://www.w3.org/2001/XMLSchema}string"/>
+ * &lt;element name="X509Certificate" type="{http://www.w3.org/2000/09/xmldsig#}CryptoBinary"/>
+ * &lt;element name="X509CRL" type="{http://www.w3.org/2000/09/xmldsig#}CryptoBinary"/>
+ * &lt;any processContents='lax' namespace='##other'/>
+ * &lt;/choice>
+ * &lt;/sequence>
+ * &lt;/restriction>
+ * &lt;/complexContent>
+ * &lt;/complexType>
+ * </pre>
+ *
+ *
+ */
+@XmlAccessorType(XmlAccessType.FIELD)
+@XmlType(name = "X509DataType", propOrder = {
+ "x509IssuerSerialOrX509SKIOrX509SubjectName"
+})
+public class X509DataType {
+
+ @XmlElementRefs({
+ @XmlElementRef(name = "X509SKI", namespace = "http://www.w3.org/2000/09/xmldsig#", type = JAXBElement.class),
+ @XmlElementRef(name = "X509IssuerSerial", namespace = "http://www.w3.org/2000/09/xmldsig#", type = JAXBElement.class),
+ @XmlElementRef(name = "X509SubjectName", namespace = "http://www.w3.org/2000/09/xmldsig#", type = JAXBElement.class),
+ @XmlElementRef(name = "X509CRL", namespace = "http://www.w3.org/2000/09/xmldsig#", type = JAXBElement.class),
+ @XmlElementRef(name = "X509Certificate", namespace = "http://www.w3.org/2000/09/xmldsig#", type = JAXBElement.class)
+ })
+ @XmlAnyElement(lax = true)
+ protected List<Object> x509IssuerSerialOrX509SKIOrX509SubjectName;
+
+ /**
+ * Gets the value of the x509IssuerSerialOrX509SKIOrX509SubjectName property.
+ *
+ * <p>
+ * This accessor method returns a reference to the live list,
+ * not a snapshot. Therefore any modification you make to the
+ * returned list will be present inside the JAXB object.
+ * This is why there is not a <CODE>set</CODE> method for the x509IssuerSerialOrX509SKIOrX509SubjectName property.
+ *
+ * <p>
+ * For example, to add a new item, do as follows:
+ * <pre>
+ * getX509IssuerSerialOrX509SKIOrX509SubjectName().add(newItem);
+ * </pre>
+ *
+ *
+ * <p>
+ * Objects of the following type(s) are allowed in the list
+ * {@link JAXBElement }{@code <}{@link String }{@code >}
+ * {@link JAXBElement }{@code <}{@link X509IssuerSerialType }{@code >}
+ * {@link JAXBElement }{@code <}{@link String }{@code >}
+ * {@link Object }
+ * {@link Element }
+ * {@link JAXBElement }{@code <}{@link String }{@code >}
+ * {@link JAXBElement }{@code <}{@link String }{@code >}
+ *
+ *
+ */
+ public List<Object> getX509IssuerSerialOrX509SKIOrX509SubjectName() {
+ if (x509IssuerSerialOrX509SKIOrX509SubjectName == null) {
+ x509IssuerSerialOrX509SKIOrX509SubjectName = new ArrayList<Object>();
+ }
+ return this.x509IssuerSerialOrX509SKIOrX509SubjectName;
+ }
+
+}
diff --git a/id/server/idserverlib/src/main/java/org/w3/_2000/_09/xmldsig_/X509IssuerSerialType.java b/id/server/idserverlib/src/main/java/org/w3/_2000/_09/xmldsig_/X509IssuerSerialType.java
new file mode 100644
index 000000000..66502598e
--- /dev/null
+++ b/id/server/idserverlib/src/main/java/org/w3/_2000/_09/xmldsig_/X509IssuerSerialType.java
@@ -0,0 +1,98 @@
+//
+// This file was generated by the JavaTM Architecture for XML Binding(JAXB) Reference Implementation, vJAXB 2.1.10 in JDK 6
+// See <a href="http://java.sun.com/xml/jaxb">http://java.sun.com/xml/jaxb</a>
+// Any modifications to this file will be lost upon recompilation of the source schema.
+// Generated on: 2013.06.19 at 11:53:10 AM CEST
+//
+
+
+package org.w3._2000._09.xmldsig_;
+
+import java.math.BigInteger;
+import javax.xml.bind.annotation.XmlAccessType;
+import javax.xml.bind.annotation.XmlAccessorType;
+import javax.xml.bind.annotation.XmlElement;
+import javax.xml.bind.annotation.XmlType;
+
+
+/**
+ * <p>Java class for X509IssuerSerialType complex type.
+ *
+ * <p>The following schema fragment specifies the expected content contained within this class.
+ *
+ * <pre>
+ * &lt;complexType name="X509IssuerSerialType">
+ * &lt;complexContent>
+ * &lt;restriction base="{http://www.w3.org/2001/XMLSchema}anyType">
+ * &lt;sequence>
+ * &lt;element name="X509IssuerName" type="{http://www.w3.org/2001/XMLSchema}string"/>
+ * &lt;element name="X509SerialNumber" type="{http://www.w3.org/2001/XMLSchema}integer"/>
+ * &lt;/sequence>
+ * &lt;/restriction>
+ * &lt;/complexContent>
+ * &lt;/complexType>
+ * </pre>
+ *
+ *
+ */
+@XmlAccessorType(XmlAccessType.FIELD)
+@XmlType(name = "X509IssuerSerialType", propOrder = {
+ "x509IssuerName",
+ "x509SerialNumber"
+})
+public class X509IssuerSerialType {
+
+ @XmlElement(name = "X509IssuerName", required = true)
+ protected String x509IssuerName;
+ @XmlElement(name = "X509SerialNumber", required = true)
+ protected BigInteger x509SerialNumber;
+
+ /**
+ * Gets the value of the x509IssuerName property.
+ *
+ * @return
+ * possible object is
+ * {@link String }
+ *
+ */
+ public String getX509IssuerName() {
+ return x509IssuerName;
+ }
+
+ /**
+ * Sets the value of the x509IssuerName property.
+ *
+ * @param value
+ * allowed object is
+ * {@link String }
+ *
+ */
+ public void setX509IssuerName(String value) {
+ this.x509IssuerName = value;
+ }
+
+ /**
+ * Gets the value of the x509SerialNumber property.
+ *
+ * @return
+ * possible object is
+ * {@link BigInteger }
+ *
+ */
+ public BigInteger getX509SerialNumber() {
+ return x509SerialNumber;
+ }
+
+ /**
+ * Sets the value of the x509SerialNumber property.
+ *
+ * @param value
+ * allowed object is
+ * {@link BigInteger }
+ *
+ */
+ public void setX509SerialNumber(BigInteger value) {
+ this.x509SerialNumber = value;
+ }
+
+}
diff --git a/id/server/idserverlib/src/main/java/org/w3/_2000/_09/xmldsig_/package-info.java b/id/server/idserverlib/src/main/java/org/w3/_2000/_09/xmldsig_/package-info.java
new file mode 100644
index 000000000..3ec4bd567
--- /dev/null
+++ b/id/server/idserverlib/src/main/java/org/w3/_2000/_09/xmldsig_/package-info.java
@@ -0,0 +1,9 @@
+//
+// This file was generated by the JavaTM Architecture for XML Binding(JAXB) Reference Implementation, vJAXB 2.1.10 in JDK 6
+// See <a href="http://java.sun.com/xml/jaxb">http://java.sun.com/xml/jaxb</a>
+// Any modifications to this file will be lost upon recompilation of the source schema.
+// Generated on: 2013.06.19 at 11:53:10 AM CEST
+//
+
+@javax.xml.bind.annotation.XmlSchema(namespace = "http://www.w3.org/2000/09/xmldsig#", elementFormDefault = javax.xml.bind.annotation.XmlNsForm.QUALIFIED)
+package org.w3._2000._09.xmldsig_;
diff --git a/id/server/idserverlib/src/main/resources/resources/properties/id_messages_de.properties b/id/server/idserverlib/src/main/resources/resources/properties/id_messages_de.properties
index 8089b851c..272f26efb 100644
--- a/id/server/idserverlib/src/main/resources/resources/properties/id_messages_de.properties
+++ b/id/server/idserverlib/src/main/resources/resources/properties/id_messages_de.properties
@@ -8,70 +8,78 @@
# status messages included in <samlp:Response> of GetAuthenticationDataService
1200=Anfrage erfolgreich beantwortet
-1201=Fehlerhaftes Requestformat: mehr als 1 Request übergeben
-1202=Fehlerhaftes Requestformat: kein SAML-Artifakt übergeben
-1203=Fehlerhaftes Requestformat: mehr als 1 SAML-Artifakt übergeben
+1201=Fehlerhaftes Requestformat\: mehr als 1 Request ?bergeben
+1202=Fehlerhaftes Requestformat\: kein SAML-Artifakt ?bergeben
+1203=Fehlerhaftes Requestformat\: mehr als 1 SAML-Artifakt ?bergeben
1204=Fehlerhaftes Requestformat
1205=Fehler beim Abholen der Anmeldedaten, fehlerhaftes SAML-Artifakt Format (SAML-Artifakt={0}): {1}
1206=Fehler beim Abholen der Anmeldedaten, unbekanntes SAML-Artifakt (SAML-Artifakt={0})
-1207=Zeitüberschreitung beim Abholen der Anmeldedaten (SAML-Artifakt={0})
+1207=Zeitüberschreitung beim Abholen der Anmeldedaten (SAML-Artifakt\={0})
1299=Interner Server-Fehler
-auth.00=Anmeldung an dieser Applikation wird nicht unterstützt (URL={0})
+auth.00=Anmeldung an dieser Applikation wird nicht unterst?tzt (URL\={0})
auth.01=Die Anmeldung ist bereits im Gange (MOASessionID={0})
auth.02=MOASessionID ist unbekannt (MOASessionID={0})
auth.03=Fehler beim Abholen einer Datei von der URL "{0}": Interne Fehlermeldung: {1}
auth.04=Fehler beim Auslesen der Resource "{0}": {1}
auth.05=Fehlender Parameter "{1}" beim Aufruf von "{0}"
auth.06=Fehler beim Speichern der Anmeldedaten, fehlerhaftes SAML-Artifact Format (SAML-Artifact={0})
-auth.07=Aufruf von {0} muss mit Schema "https:" erfolgen. <br><b>Hinweis:</b> Bitte Dokumentation zu GenericConfiguration: "FrontendServlets.EnableHTTPConnection" beachten.
-auth.08=In der Bürgerkartenumgebung ist ein Fehler aufgetreten: <br>Fehlercode <i>{0}</i>: {1}
-auth.09=Zur Auswahlseite der Bürgertenumgebung (URL={0}) konnte keine Verbindung hergestellt werden. : <br>HTTP-Statuscode <i>{1}</i>
+#auth.07=Aufruf von {0} muss mit Schema "https:" erfolgen. <br><b>Hinweis:</b> Bitte Dokumentation zu GenericConfiguration: "FrontendServlets.EnableHTTPConnection" beachten.
+auth.07=Aufruf von {0} muss mit Schema "https:" erfolgen.
+auth.08=In der Bürgerkartenumgebung ist ein Fehler aufgetreten\: <br>Fehlercode <i>{0}</i>\: {1}
+auth.09=Zur Auswahlseite der Bürgertenumgebung (URL\={0}) konnte keine Verbindung hergestellt werden. \: <br>HTTP-Statuscode <i>{1}</i>
auth.10=Fehler beim Aufruf von "{0}": Parameter "{1}" fehlt
-auth.11=Die zentral gespeicherte Auswahlseite für Bürgerkartenumgebungen konnte nicht geladen werden. Bitte informieren Sie den Adminstrator des Servers und versuchen Sie die Anmeldung in einiger Zeit abermals. <br>URL "{0}" Interne Fehlermeldung: {1}
+auth.11=Die zentral gespeicherte Auswahlseite für Bürgerkartenumgebungen konnte nicht geladen werden. Bitte informieren Sie den Adminstrator des Servers und versuchen Sie die Anmeldung in einiger Zeit abermals. <br>URL "{0}" Interne Fehlermeldung\: {1}
auth.12=Fehlerhafter Parameter "{1}" beim Aufruf von "{0}"
-auth.13=Vollmachtenmodus für ausländische Bürger wird nicht unterstützt.
+auth.13=Vollmachtenmodus für ausl�ndische B�rger wird nicht unterst�tzt.
auth.14=Zertifikat konnte nicht ausgelesen werden.
auth.15=Fehler bei Anfrage an Vollmachten Service.
-auth.16=Fehler bei Abarbeitung der Vollmacht in "{0}"
-auth.17=Vollmachtenmodus für nicht-öffentlichen Bereich wird nicht unterstützt.
+auth.16=Fehler bei Abarbeitung der Vollmacht in "{0}"
+auth.17=Vollmachtenmodus für nicht-öffentlichen Bereich wird nicht unterstützt.
+auth.18=Keine MOASessionID vorhanden
+auth.19=Die Authentifizierung kann nicht passiv durchgeführt werden.
+auth.20=No valid MOA session found. Authentification process is abourted.
+auth.21=Der Anmeldevorgang wurde durch den Benutzer abgebrochen.
init.00=MOA ID Authentisierung wurde erfolgreich gestartet
-init.01=Fehler beim Aktivieren des IAIK-JCE/JSSE/JDK1.3 Workaround: SSL ist möglicherweise nicht verfügbar
+init.01=Fehler beim Aktivieren des IAIK-JCE/JSSE/JDK1.3 Workaround\: SSL ist möglicherweise nicht verfügbar
init.02=Fehler beim Starten des Service MOA ID Authentisierung
+init.04=Fehler beim Datenbankzugriff mit der SessionID {0}
+
config.00=MOA ID Konfiguration erfolgreich geladen: {0}
config.01=Umgebungsvariable "moa.id.configuration" nicht gesetzt
-config.02=Nicht klassifizierter Fehler in der Konfiguration (siehe Log-Datei für Details)
-config.03=Fehler beim Einlesen der Konfiguration (siehe Log-Datei für Details)
-config.04=Fehler beim Lesen der MOA ID Konfiguration; es wird weiterhin die ursprüngliche Konfiguration verwendet
-config.05=Fehlerhafter Wert für "{0}" in der MOA ID Konfiguration
-config.06=Doppelter Eintrag in der Konfiguration für die Online-Applikation gefunden: {0}
+config.02=Nicht klassifizierter Fehler in der Konfiguration (siehe Log-Datei für Details)
+config.03=Fehler beim Einlesen der Konfiguration (siehe Log-Datei für Details)
+config.04=Fehler beim Lesen der MOA ID Konfiguration; es wird weiterhin die ursprüngliche Konfiguration verwendet
+config.05=Fehlerhafter Wert für "{0}" in der MOA ID Konfiguration
+config.06=Doppelter Eintrag in der Konfiguration für die Online-Applikation gefunden: {0}
config.07=Klasse {0} kann nicht instanziert werden
-config.08=Fehlender Wert für "{0}" in der MOA ID Konfiguration
+config.08=Fehlender Wert für "{0}" in der MOA ID Konfiguration
config.09=Fehler beim Erstellen von X509IssuerSerial (IssuerName={0}, SerialNumber={1})
config.10=Fehler in der MOA SPSS Konfiguration: {0}
config.11=LoginParameterResolver konnte nicht konfiguriert werden {0}
config.12=Standard DATA URL Prefix "{0}" wird anstatt des konfigurierten DATA URL Prefix verwendet
config.13=Konfiguriertes DATA URL Prefix "{0}" muss mit http:// bzw. https:// beginnen
config.14=LoginParameterResolver-Fehler: {0}
-config.15=Das Personenbindungs-Trust-Profil (TrustProfileID = {0}) darf nicht für die Verifikation anderer Infoboxen verwendet werden.
+config.15=Das Personenbindungs-Trust-Profil (TrustProfileID = {0}) darf nicht für die Verifikation anderer Infoboxen verwendet werden.
config.16=MOA ID Proxy konnte nicht gestartet werden. Das Element ConnnectionParameter im allgemeinen Konfigurationsteil der MOA-ID-PROXY Konfigurationsdatei fehlt.
-
+config.17=Fehler beim initialisieren von Hibernate
+config.18=Keine MOA-ID 2.x Konfiguration gefunden.
parser.00=Leichter Fehler beim Parsen: {0}
parser.01=Fehler beim Parsen: {0}
parser.02=Schwerer Fehler beim Parsen: {0}
-parser.03=Fehler beim Parsen oder Konvertieren eines ECDSA-Schlüssels: {0}
+parser.03=Fehler beim Parsen oder Konvertieren eines ECDSA-Schlüssels\: {0}
parser.04=Fehler beim Serialisieren: {0}
parser.05=Fehler beim Serialisieren: SAML-Attribute {0} (Namespace: {1}) konnte nicht serialsiert werden.
-parser.06=Fehler beim Parsen: {0}-InfoboxResponse nicht vollständig ({1} im {2} fehlt)
-parser.07=Fehler beim Parsen: Assoziatives Array im {0}-InfoboxResponse enthält einen Schlüssel ohne zugehörigen Wert ("Key"-Element statt "Pair"-Element).
+parser.06=Fehler beim Parsen\: {0}-InfoboxResponse nicht vollst?ndig ({1} im {2} fehlt)
+parser.07=Fehler beim Parsen\: Assoziatives Array im {0}-InfoboxResponse enthält einen Schlüssel ohne zugehörigen Wert ("Key"-Element statt "Pair"-Element).
builder.00=Fehler beim Aufbau der Struktur "{0}": {1}
builder.01=Fehlerhaftes Template: Kennung "{0}" fehlt
builder.02=Fehler beim Ausblenden von Stammzahlen
-builder.03=Fehler beim Aufbau des HTML Codes für Vollmachten
+builder.03=Fehler beim Aufbau des HTML Codes für Vollmachten
service.00=Fehler beim Aufruf des Web Service: {0}
service.01=Fehler beim Aufruf des Web Service: kein Endpoint
@@ -85,102 +93,121 @@ cleaner.03=Abgelaufene Anmeldedaten zur SAML-Assertion ID {0} wurden aus dem Spe
proxy.00=MOA ID Proxy wurde erfolgreich gestartet
proxy.01=Unbekannter URL {0}, erwarteter URL auf {1}
-proxy.02=Unbekannter URL {0}. <br>Es wurde keine Übereinstimmung zum Attribut publicURLPrefix im Element 'OnlineApplication' der verwendeten MOA-ID Konfigurationsdatei gefunden.
+proxy.02=Unbekannter URL {0}. <br>Es wurde keine Ãœbereinstimmung zum Attribut publicURLPrefix im Element 'OnlineApplication' der verwendeten MOA-ID Konfigurationsdatei gefunden.
proxy.04=URL {0} : {1}
-proxy.05=Fehler beim Aufbauen der SSLSocketFactory für {0} : {1}
+proxy.05=Fehler beim Aufbauen der SSLSocketFactory für {0} \: {1}
proxy.06=Fehler beim Starten des Service MOA ID Proxy
proxy.07=Sie sind nicht bzw. nicht mehr angemeldet. Melden Sie sich bitte erneut an.
-proxy.08=Kein URL-Mapping in der HttpSession verfügbar (URL {0})
+proxy.08=Kein URL-Mapping in der HttpSession verfügbar (URL {0})
proxy.09=Fehler beim Aufruf des MOA-ID Auth API: {0}
proxy.10=Fehler beim Weiterleiten (MOA-ID Proxy)
proxy.11=Beim Weiterleiten der Verbindung zur Anwendung ist ein Fehler aufgetreten.
proxy.12=Fehler bei der Anmeldung. <br>Eine Anmeldung an der Anwendung <b>{0}</b> war nicht m&ouml;glich. <br>Pr&uuml;fen Sie bitte ihre Berechtigung.
-proxy.13=Fehler beim Aufruf des LoginParameterResolvers zu URL-Präfix: {0}
-proxy.14=<p> Folgende Ursachen können zu dem Fehler geführt haben:</p><ol><li>Sie sind nicht mehr angemeldet (Verbindungen werden aus Sicherheitsgründen bei längerer Inaktivität beendet.)<br>Melden Sie sich bitte erneut an.</li><li> Die Kommunikation mit dem Server schlug fehl.<br> </li></ol>
-proxy.15=Auf die gewünschte Seite kann nicht zugegriffen werden, Sie besitzen nicht die benötigte Berechtigung.
+proxy.13=Fehler beim Aufruf des LoginParameterResolvers zu URL-Pr?fix\: {0}
+proxy.14=<p> Folgende Ursachen können zu dem Fehler geführt haben\:</p><ol><li>Sie sind nicht mehr angemeldet (Verbindungen werden aus Sicherheitsgründen bei längerer Inaktivität beendet.)<br>Melden Sie sich bitte erneut an.</li><li> Die Kommunikation mit dem Server schlug fehl.<br> </li></ol>
+proxy.15=Auf die gewünschte Seite kann nicht zugegriffen werden, Sie besitzen nicht die ben�tigte Berechtigung.
proxy.16=Fehler bei der Anmeldung. <br>Eine Anmeldung an der Anwendung <b>{0}</b> war nicht m&ouml;glich. Die maximale Anzahl von {1} ung&uuml;ltigen Loginversuchen wurde &uuml;berschritten.<br>Pr&uuml;fen Sie bitte ihre Berechtigung.
validator.00=Kein SAML:Assertion Objekt gefunden {0}
validator.01=Im Subject kommt mehr als ein Element des Typs PhysicalPersonType vor {0}
-validator.02=Das verwendete Schlüsselformat eines öffentlichen Schlüssels ist unbekannt {0}
-validator.03=Der Namespace eines öffentlichen Schlüssels ist ungültig {0}
-validator.04=Es wurde ein SAML:Attribut ohne öffentlichen Schlüssel gefunden {0}
+validator.02=Das verwendete Schlüsselformat eines öffentlichen Schlüssels ist unbekannt {0}
+validator.03=Der Namespace eines öffentlicher Schlüssels ist ungültig {0}
+validator.04=Es wurde ein SAML\:Attribut ohne öffentlichen Schlüssel gefunden {0}
validator.05=Es wurde {0} keine DSIG:Signature gefunden
-validator.06=Die Signatur ist ungültig
-validator.07=Das Zertifikat der Personenbindung ist ungültig.<br>{0}
-validator.08=Das Manifest ist ungültig
-validator.09=Die öffentlichen Schlüssel des Identitiy Link stimmen nicht mit dem retournierten Zertifikat überein
+validator.06=Die Signatur ist ungültig
+validator.07=Das Zertifikat der Personenbindung ist ungültig.<br>{0}
+validator.08=Das Manifest ist ungültig
+validator.09=Die öffentlichen Schlüssel des Identitiy Link stimmen nicht mit dem retournierten Zertifikat überein
-validator.10=Anzahl der URLs zur Authentisierungskomponente ungültig {0}
-validator.11="Geschäftsbereich" wurde nicht in den SAML-Attributen gefunden {0}
-validator.12=Der Namespace des SAML-Attributs "Geschäftsbereich" ist ungültig {0}
-validator.13=Das Target des 'Geschäftsbereichs' ist ungültig {0}
+validator.10=Anzahl der URLs zur Authentisierungskomponente ungültig {0}
+validator.11="Geschäftsbereich" wurde nicht in den SAML-Attributen gefunden {0}
+validator.12=Der Namespace des SAML-Attributs "Geschäftsbereich" ist ungültig {0}
+validator.13=Das Target des 'Geschäftsbereichs' ist ungültig {0}
validator.14="OA" wurde nicht in den SAML-Attributen gefunden {0}
-validator.15=Der Namespace des SAML-Attributs "OA" ist ungültig {0}
+validator.15=Der Namespace des SAML-Attributs "OA" ist ungültig {0}
validator.16=Die vorkonfigurierte URL der OnlineApplikation ist fehlerhaft {0}
-validator.17= Der SubjectDN-Name des von MOA-SP retournierten Zertifikats ist ungültig {0}
-#validator.18= Der SubjectDN-Name des von MOA-SP retournierten Zertifikats ist nicht als gültiger SubjectDN-Name für eine Personenbindung konfiguriert. <b>{0}</b> wurde NICHT in der Konfiguration gefunden
-validator.18= Das Zertifikat mit dem die Personenbindung signiert wurde, ist nicht zum Signieren der Personenbindung zulässig. Es konnte weder der SubjectDN ({0}) einem berechtigten Namen zugeordnet werden, noch enthält das Zertifikat die Erweiterung "Eigenschaft zur Ausstellung von Personenbindungen".
+validator.17= Der SubjectDN-Name des von MOA-SP retournierten Zertifikats ist ungültig {0}
+#validator.18= Der SubjectDN-Name des von MOA-SP retournierten Zertifikats ist nicht als g�ltiger SubjectDN-Name f�r eine Personenbindung konfiguriert. <b>{0}</b> wurde NICHT in der Konfiguration gefunden
+validator.18= Das Zertifikat mit dem die Personenbindung signiert wurde, ist nicht zum Signieren der Personenbindung zulässig. Es konnte weder der SubjectDN ({0}) einem berechtigten Namen zugeordnet werden, noch enthält das Zertifikat die Erweiterung "Eigenschaft zur Ausstellung von Personenbindungen".
-validator.19=Das verwendete Zertifikat zum Signieren ist ungültig.<br>{0}
+validator.19=Das verwendete Zertifikat zum Signieren ist ungültig.<br>{0}
-validator.21=Es konnte keine formal korrekte Zertifikatskette vom Signatorzertifikat zu einem vertrauenswürdigen Wurzelzertifikat konstruiert werden.
-validator.22=Eine formal korrekte Zertifikatskette vom Signatorzertifikat zu einem vertrauenswürdigen Wurzelzertifikat konnte konstruiert werden. Für zumindest ein Zertifikat dieser Kette fällt der Prüfzeitpunkt nicht in das Gültigkeitsintervall.
-validator.23=Eine formal korrekte Zertifikatskette vom Signatorzertifikat zu einem vertrauenswürdigen Wurzelzertifikat konnte konstruiert werden. Für alle Zertifikate dieser Kette fällt der Prüfzeitpunkt in das jeweilige Gültigkeitsintervall. Für zumindest ein Zertifikat konnte der Zertifikatstatus nicht festgestellt werden.
-validator.24=Eine formal korrekte Zertifikatskette vom Signatorzertifikat zu einem vertrauenswürdigen Wurzelzertifikat konnte konstruiert werden. Für alle Zertifikate dieser Kette fällt der Prüfzeitpunkt in das jeweilige Gültigkeitsintervall. Zumindest ein Zertifikat ist zum Prüfzeitpunkt widerrufen.
-validator.25=Eine formal korrekte Zertifikatskette vom Signatorzertifikat zu einem vertrauenswürdigen Wurzelzertifikat konnte konstruiert werden. Für alle Zertifikate dieser Kette fällt der Prüfzeitpunkt in das jeweilige Gültigkeitsintervall. Kein Zertifikat dieser Kette ist zum Prüfzeitpunkt widerrufen. Zumindest ein Zertifikat ist zum Prüfzeitpunkt gesperrt.
+validator.21=Es konnte keine formal korrekte Zertifikatskette vom Signatorzertifikat zu einem vertrauenswürdigen Wurzelzertifikat konstruiert werden.
+validator.22=Eine formal korrekte Zertifikatskette vom Signatorzertifikat zu einem vertrauenswürdigen Wurzelzertifikat konnte konstruiert werden. Für zumindest ein Zertifikat dieser Kette f�llt der Pr�fzeitpunkt nicht in das Gültigkeitsintervall.
+validator.23=Eine formal korrekte Zertifikatskette vom Signatorzertifikat zu einem vertrauenswürdigen Wurzelzertifikat konnte konstruiert werden. Für alle Zertifikate dieser Kette fällt der Prüfzeitpunkt in das jeweilige Gültigkeitsintervall. Für zumindest ein Zertifikat konnte der Zertifikatstatus nicht festgestellt werden.
+validator.24=Eine formal korrekte Zertifikatskette vom Signatorzertifikat zu einem vertrauenswürdigen Wurzelzertifikat konnte konstruiert werden. Für alle Zertifikate dieser Kette fällt der Prüfzeitpunkt in das jeweilige Gültigkeitsintervall. Zumindest ein Zertifikat ist zum Prüfzeitpunkt widerrufen.
+validator.25=Eine formal korrekte Zertifikatskette vom Signatorzertifikat zu einem vertrauenswürdigen Wurzelzertifikat konnte konstruiert werden. Für alle Zertifikate dieser Kette fällt der Prüfzeitpunkt in das jeweilige Gültigkeitsintervall. Kein Zertifikat dieser Kette ist zum Prüfzeitpunkt widerrufen. Zumindest ein Zertifikat ist zum Prüfzeitpunkt gesperrt.
-validator.26=OA Applikation ist eine Wirtschaftsapplikation, trotzdem ist ein SAML-Attribut "Geschäftsbereich" enthalten
+validator.26=OA Applikation ist eine Wirtschaftsapplikation, trotzdem ist ein SAML-Attribut "Geschäftsbereich" enthalten
validator.27=OA Applikation ist keine Wirtschaftsapplikation, trotzdem ist ein SAML-Attribut "wbPK" enthalten
validator.28=Fehlerhafter Wert im "wbPK" SAML-Attribut {0}
validator.29=Fehler beim Auslesen des "wbPK" SAML-Attributs {0}
-validator.30=Der Namespace des SAML-Attributs "wbPK" ist ungültig {0}
+validator.30=Der Namespace des SAML-Attributs "wbPK" ist ung�ltig {0}
validator.31="wbPK" wurde nicht in den SAML-Attributen gefunden {0}
validator.32="Issuer" im AUTH-Block nicht vorhanden.
-validator.33="Issuer"-Attribut im AUTH-Block ("{0}") stimmt nicht mit dem Namen in der Personenbindung ("{1}") überein.
-validator.34=Das Geburtsdatum ({0}) stimmt nicht mit dem in der Personenbindung ({1}) überein.
-validator.35=Der Namespace des SAML-Attributs "Geburtsdatum" ist ungültig.
-validator.36=Die Anzahl der SAML-Attribute im AUTH-Block wurde verändert: {0} statt der erwarteten {1}
-validator.37=Die Reihenfolge der SAML-Attribute im AUTH-Block wurde verändert: Attribut "{0}" anstelle von Attribut "{1}" an der {2}. Position
-validator.38=Der {0} des SAML-Attributs Nummer {1} ({2}) im AUTH-Block ist ungültig: "{3}" anstelle von "{4}"
-validator.39=Der Austellungszeitpunkt (IssueInstant) im AUTH-Block wurde verändert: {0} anstelle von {1}. Möglicherweise wurde Ihre Bürgerkartenumgebung kompromittiert. Verwenden Sie Ihre Bürgerkarte bis auf weiteres nicht mehr, und setzen Sie sich umgehend mit dem Betreiber des Online-Dienstes, an dem Sie sich anmelden wollten, in Verbindung.
-
-
-validator.40=Überprüfung der {0}-Infobox fehlgeschlagen: {1}
-validator.41=Überprüfung der {0}-Infobox fehlgeschlagen: Keine Konfigurationsparameter zur Überprüfung der {0}-Infobox vorhanden.
-validator.42=Überprüfung der {0}-Infobox fehlgeschlagen: Es konnte keine geeignete Applikation zur Verifikation der {0}-Infobox geladen werden.
-validator.43=Überprüfung der {0}-Infobox fehlgeschlagen: Der InfoboxReadResponse für die {0}-Infobox konnte nicht erfolgreich geparst werden.
-validator.44=Überprüfung der {0}-Infobox fehlgeschlagen: In der {0}-Infobox Prüfapplikation ist ein Fehler aufgetreten.
-validator.45=Überprüfung der {0}-Infobox fehlgeschlagen: Der {1} des von der {0}-Infobox Prüfapplikation zurückgegebenen SAML-Attributes Nummer {2} ist {3}.
-validator.46=Überprüfung der {0}-Infobox fehlgeschlagen: Der Wert des von der Prüfapplikation zurückgegebenen SAML-Attributes Nummer {1} ist ungültig.
-validator.47=Überprüfung der {0}-Infobox fehlgeschlagen: Das von der Prüfapplikation zurückgegebene SAML-Attribut Nummer {1} kann nicht eindeutig zugeordnet werden.
-validator.48={0}-Infobox wurde nicht von der BKU übermittelt: Für die Anmeldung an dieser Online-Applikation ist die {0}-Infobox erforderlich. Bitte melden Sie sich erneut an, und selektieren Sie in Ihrer BKU die {0}-Infobox.
+validator.33="Issuer"-Attribut im AUTH-Block ("{0}") stimmt nicht mit dem Namen in der Personenbindung ("{1}") überein.
+validator.34=Das Geburtsdatum ({0}) stimmt nicht mit dem in der Personenbindung ({1}) überein.
+validator.35=Der Namespace des SAML-Attributs "Geburtsdatum" ist ungültig.
+validator.36=Die Anzahl der SAML-Attribute im AUTH-Block wurde verändert\: {0} statt der erwarteten {1}
+validator.37=Die Reihenfolge der SAML-Attribute im AUTH-Block wurde verändert\: Attribut "{0}" anstelle von Attribut "{1}" an der {2}. Position
+validator.38=Der {0} des SAML-Attributs Nummer {1} ({2}) im AUTH-Block ist ungültig\: "{3}" anstelle von "{4}"
+validator.39=Der Austellungszeitpunkt (IssueInstant) im AUTH-Block wurde verändert\: {0} anstelle von {1}. Möglicherweise wurde Ihre Bürgerkartenumgebung kompromittiert. Verwenden Sie Ihre Bürgerkarte bis auf weiteres nicht mehr, und setzen Sie sich umgehend mit dem Betreiber des Online-Dienstes, an dem Sie sich anmelden wollten, in Verbindung.
+
+
+validator.40=?berpr?fung der {0}-Infobox fehlgeschlagen\: {1}
+validator.41=?berpr?fung der {0}-Infobox fehlgeschlagen\: Keine Konfigurationsparameter zur ?berpr?fung der {0}-Infobox vorhanden.
+validator.42=?berpr?fung der {0}-Infobox fehlgeschlagen\: Es konnte keine geeignete Applikation zur Verifikation der {0}-Infobox geladen werden.
+validator.43=?berpr?fung der {0}-Infobox fehlgeschlagen\: Der InfoboxReadResponse f?r die {0}-Infobox konnte nicht erfolgreich geparst werden.
+validator.44=?berpr?fung der {0}-Infobox fehlgeschlagen\: In der {0}-Infobox Pr?fapplikation ist ein Fehler aufgetreten.
+validator.45=?berpr?fung der {0}-Infobox fehlgeschlagen\: Der {1} des von der {0}-Infobox Pr?fapplikation zur?ckgegebenen SAML-Attributes Nummer {2} ist {3}.
+validator.46=?berpr?fung der {0}-Infobox fehlgeschlagen\: Der Wert des von der Pr?fapplikation zur?ckgegebenen SAML-Attributes Nummer {1} ist ung?ltig.
+validator.47=?berpr?fung der {0}-Infobox fehlgeschlagen\: Das von der Pr?fapplikation zur?ckgegebene SAML-Attribut Nummer {1} kann nicht eindeutig zugeordnet werden.
+validator.48={0}-Infobox wurde nicht von der BKU ?bermittelt\: F?r die Anmeldung an dieser Online-Applikation ist die {0}-Infobox erforderlich. Bitte melden Sie sich erneut an, und selektieren Sie in Ihrer BKU die {0}-Infobox.
validator.49=Beim Ermitteln der Personenbindungs-OID im Zertifikat, mit dem die Personenbindung signiert wurde, ist ein Fehler aufgetreten.
-validator.50=Transformationskette in der Signatur stimmt mit keiner Transformationskette aus dem Prüfprofil überein.
+validator.50=Transformationskette in der Signatur stimmt mit keiner Transformationskette aus dem Pr�fprofil �berein.
-validator.60=Überprüfung der {0}-Infobox fehlgeschlagen: Vollmachtenprüfung ist für diesen Typ von Vollmachten nicht aktiviert. Die übermittelte Vollmacht kann nicht für eine Anmeldung verwendet werden.
-validator.61=Überprüfung der {0}-Infobox fehlgeschlagen: Vollmachtenprüfung ist für diesen Typ von Vollmachten für berufliche Parteienvertreter nicht aktiviert. Die übermittelte Vollmacht kann nicht für eine Anmeldung verwendet werden.
-validator.62=Fehler in der Übermittlung: keine primäre Vollmacht übergeben.
-validator.63=Es ist ein Fehler bei der Formulargenerierung für berufliche Parteienvetretung aufgetreten.
+validator.60=?berpr?fung der {0}-Infobox fehlgeschlagen\: Vollmachtenpr?fung ist f?r diesen Typ von Vollmachten nicht aktiviert. Die ?bermittelte Vollmacht kann nicht f?r eine Anmeldung verwendet werden.
+validator.61=?berpr?fung der {0}-Infobox fehlgeschlagen\: Vollmachtenpr?fung ist f?r diesen Typ von Vollmachten f?r berufliche Parteienvertreter nicht aktiviert. Die ?bermittelte Vollmacht kann nicht f?r eine Anmeldung verwendet werden.
+validator.62=Fehler in der ?bermittlung\: keine prim?re Vollmacht ?bergeben.
+validator.63=Es ist ein Fehler bei der Formulargenerierung f�r berufliche Parteienvetretung aufgetreten.
validator.64=Fehler beim Austausch von Vollmachtsdaten
-validator.65=Es ist ein Fehler bei der Formulargenerierung für berufliche Parteienvetretung aufgetreten - kein Formular zur Anzeige vorhanden.
-validator.66=Überprüfung der {0}-Infobox fehlgeschlagen: berufliche Parteienvetretung ist nicht konfiguriert.
+validator.65=Es ist ein Fehler bei der Formulargenerierung f�r berufliche Parteienvetretung aufgetreten - kein Formular zur Anzeige vorhanden.
+validator.66=?berpr?fung der {0}-Infobox fehlgeschlagen\: berufliche Parteienvetretung ist nicht konfiguriert.
+
+validator.67=Der Specialtext ({0}) stimmt nicht mit dem für diese Applikation hinterlegten Text ({1}) überein.
ssl.01=Validierung des SSL-Server-Endzertifikates hat fehlgeschlagen
stork.00=STORK SAML AuthnRequest konnte nicht signiert werden
-stork.01=STORK SAML AuthnRequest nicht gültig
+stork.01=STORK SAML AuthnRequest nicht g�ltig
stork.02=STORK SAML AuthnRequest kann nicht an folgende URL geschickt werden: {0}
stork.04=STORK SAML Response konnte nicht decodiert werden
stork.05=STORK SAML Response Validierung fehlgeschlagen
-stork.06=STORK SAML Response enthält eine Fehlermeldung: {0}
-stork.07=Es existiert kein STORK AuthnRequest für diese STORK Response
+stork.06=STORK SAML Response enth?lt eine Fehlermeldung\: {0}
+stork.07=Es existiert kein STORK AuthnRequest f�r diese STORK Response
stork.08=STORK SAML Assertion Validierung fehlgeschlagen
-stork.09=Fehler beim Überprüfen der STORK BürgerInnen Signatur
+stork.09=Fehler beim �berpr�fen der STORK B�rgerInnen Signatur
stork.10=Fehler in der Verbindung zum SZR-Gateway
+
+pvp2.00={0} ist kein gueltiger consumer service index
+pvp2.01=Fehler beim kodieren der PVP2 Antwort
+pvp2.02=Ungueltiges Datumsformat
+pvp2.03=Vollmachtattribute nicht in Metadaten verfuegbar
+pvp2.04=Kein Authorisierungs Context verfuegbar
+pvp2.05=Es wird nur {0} als QAA unterstuetzt
+pvp2.06=Keine Vollmacht verfuegbar
+pvp2.07=SAML Anfrage nicht korrekt digital signiert
+pvp2.08=Keine Credentials fuer {0} verfuegbar
+pvp2.09=SAML Anfrage wird nicht unterstuetzt
+pvp2.10=Attribut {0} nicht verfuegbar
+pvp2.11=Binding {0} wird nicht unterstuetzt
+pvp2.12=NameID Format {0} wird nicht unterstuetzt
+pvp2.13=Interner Server Fehler
+pvp2.14=SAML Anfrage verweigert
+pvp2.15=Keine Metadateninformation gefunden
diff --git a/id/server/idserverlib/src/main/resources/resources/templates/pvp_postbinding_template.html b/id/server/idserverlib/src/main/resources/resources/templates/pvp_postbinding_template.html
new file mode 100644
index 000000000..ccd85a38a
--- /dev/null
+++ b/id/server/idserverlib/src/main/resources/resources/templates/pvp_postbinding_template.html
@@ -0,0 +1,51 @@
+##
+## Velocity Template for SAML 2 HTTP-POST binding
+##
+## Velocity context may contain the following properties
+## action - String - the action URL for the form
+## RelayState - String - the relay state for the message
+## SAMLRequest - String - the Base64 encoded SAML Request
+## SAMLResponse - String - the Base64 encoded SAML Response
+
+<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en">
+
+ <body onload="document.forms[0].submit()">
+ <noscript>
+ <p>
+ <strong>Note:</strong> Since your browser does not support JavaScript,
+ you must press the Continue button once to proceed.
+ </p>
+ </noscript>
+
+
+ <div id="alert">Your login is being processed. Thank you for waiting.</div>
+
+ <style type="text/css">
+ <!--
+ #alert {
+ margin:100px 250px;
+ font-family: Verdana, Arial, Helvetica, sans-serif;
+ font-size:14px;
+ font-weight:normal;
+ }
+ -->
+ </style>
+
+ <form action="${action}" method="post" target="_parent">
+ <div>
+ #if($RelayState)<input type="hidden" name="RelayState" value="${RelayState}"/>#end
+
+ #if($SAMLRequest)<input type="hidden" name="SAMLRequest" value="${SAMLRequest}"/>#end
+
+ #if($SAMLResponse)<input type="hidden" name="SAMLResponse" value="${SAMLResponse}"/>#end
+
+ </div>
+ <noscript>
+ <div>
+ <input type="submit" value="Continue"/>
+ </div>
+ </noscript>
+ </form>
+
+ </body>
+</html> \ No newline at end of file
diff --git a/id/server/idserverlib/src/main/resources/resources/templates/redirectForm.html b/id/server/idserverlib/src/main/resources/resources/templates/redirectForm.html
new file mode 100644
index 000000000..cde1ac7a5
--- /dev/null
+++ b/id/server/idserverlib/src/main/resources/resources/templates/redirectForm.html
@@ -0,0 +1,12 @@
+<html>
+<head>
+ <meta content="text/html; charset=utf-8" http-equiv="Content-Type">
+ <script type="text/javascript">
+ </script>
+</head>
+
+
+<body onload="document.getElementById('link').click();">
+ <a href="#URL#" target="_parent" id="link">CLICK to perform a redirect back to Online Application</a>
+</body>
+</html>
diff --git a/id/server/idserverlib/src/main/resources/resources/templates/sendAssertionFormFull.html b/id/server/idserverlib/src/main/resources/resources/templates/sendAssertionFormFull.html
new file mode 100644
index 000000000..f4377ace4
--- /dev/null
+++ b/id/server/idserverlib/src/main/resources/resources/templates/sendAssertionFormFull.html
@@ -0,0 +1,106 @@
+<html>
+<head>
+ <meta content="text/html; charset=utf-8" http-equiv="Content-Type">
+ <meta content="text/css" http-equiv="Content-Style-Type">
+ <link rel="stylesheet" type="text/css" href="#CONTEXTPATH#/css/index.css">
+ <link type="text/css" rel="stylesheet" href="#CONTEXTPATH#/css/2.0/stammzahl.css">
+ <link type="text/css" rel="stylesheet" href="#CONTEXTPATH#/css/2.0/stylesnew.css">
+ <link type="text/css" rel="stylesheet" href="#CONTEXTPATH#/css/2.0/stylesinput.css">
+
+</head>
+
+
+<body>
+ <div class="pageWidth">
+
+ <div id="pagebase">
+ <div id="page">
+
+ <div id="header" class="header clearfix">
+ <h1 class="main_header">MOA-ID 2.0 - Login Preview</h1>
+
+<!-- <ul id="servicenav">
+ <li><a href="http://www.dsk.gv.at">Datenschutzkommission<span class="hidden">.</span></a></li>
+ <li><a href="http://www.stammzahlenregister.gv.at/site/5109/default.aspx">Stammzahlenregister<span class="hidden">.</span></a></li>
+ <li><a href="http://www.dsk.gv.at/DesktopDefault.aspx?alias=dvr">Datenverarbeitungsregister<span class="hidden">.</span></a></li>
+ <li><a href="http://www.dsk.gv.at/DesktopDefault.aspx?alias=dsken" lang="en" class="last-item">English<span class="hidden">.</span></a></li>
+ </ul> -->
+
+ <div id="mainnavjump"></div>
+ <p id="homelink"><img src="#CONTEXTPATH#/img/2.0/logo.png" style="width: 250px" alt="EGIZ"></p>
+ <ul id="mainnav" class="clearfix">
+<!-- <li><a href="http://www2.egiz.gv.at">Home<span class="hidden">.</span></a></li> -->
+<!-- <li><a href="http://www.stammzahlenregister.gv.at/site/5970/default.aspx">bPK<span class="hidden">.</span></a></li>
+ <li><a href="http://www.stammzahlenregister.gv.at/site/5981/default.aspx">Ergänzungsregister<span class="hidden">.</span></a></li>
+ <li class="selected"><a href="http://www.stammzahlenregister.gv.at/site/5983/default.aspx" class="current">Vollmachten<span class="hidden"> (gew&auml;hlt)</span><span class="hidden">.</span></a></li>
+ <li><a href="http://www.stammzahlenregister.gv.at/site/6001/default.aspx">Veröffentlichungen<span class="hidden">.</span></a></li> -->
+ </ul>
+
+ </div>
+
+
+ <br class="clearAll">
+
+ <div id="viewcontrol" class="switch">
+ <div id="page1" class="case selected-case">
+ <div style="margin-left: 0px;">
+
+<!-- <h2 class="OA_header">Anmeldung an: #OAName#</h2> -->
+
+ <div id="main" class="full">
+ <div id="leftcontent" class="full">
+ <h2 id="tabheader" class="dunkel full">
+ Anmeldeinformationen:
+
+ </h2>
+
+ <div id="selectArea" class="hell full">
+ <b>Anmeldung an:</b>
+ <p>#OAName#</p>
+
+
+<!-- <div class="hell"> -->
+ <div id="leftbutton" class="hell full">
+ <form method="post" id="moaidform_yes" action="#URL#">
+ <input type="hidden" name="value" value="true">
+ <input type="hidden" name="mod" value="#MODUL#">
+ <input type="hidden" name="action" value="#ACTION#">
+ <input type="hidden" name="identifier" value="#ID#">
+ <input type="submit" size="400" value="Ja" class="setAssertionButton_full">
+ </form>
+ </div>
+ <div id="rightbutton" class="hell full">
+ <form method="post" id="moaidform_no" action="#URL#">
+ <input type="hidden" name="value" value="false">
+ <input type="hidden" name="mod" value="#MODUL#">
+ <input type="hidden" name="action" value="#ACTION#">
+ <input type="hidden" name="identifier" value="#ID#">
+ <input type="submit" size="400" value="Nein" class="setAssertionButton_full">
+ </form>
+ </div>
+
+ </div>
+ </div>
+ </div>
+ </div>
+ </div>
+
+ <br style="clear: both">
+ <div id="footer" class="clearfix">
+
+<!-- <h2 class="hidden">&Uuml;ber die Website der Stammzahlenregisterbeh&ouml;rde</h2>
+ <ul>
+ <li><a href="http://www.stammzahlenregister.gv.at/site/5115/Default.aspx" class="first-item">Impressum<span class="hidden">.</span></a></li>
+ <li><a href="http://www.stammzahlenregister.gv.at/site/6004/Default.aspx" lang="en">Sitemap<span class="hidden">.</span></a></li>
+
+ <li><a href="http://www.stammzahlenregister.gv.at/site/5122/Default.aspx">Kontakt<span class="hidden">.</span></a></li>
+ <li><a href="http://www.stammzahlenregister.gv.at/site/6005/Default.aspx">Hilfe<span class="hidden">.</span></a></li>
+ </ul> -->
+ </div>
+
+
+ </div>
+ </div>
+ </div>
+</body>
+</html>
diff --git a/id/server/idserverlib/src/main/resources/resources/templates/sendAssertionFormIFrame.html b/id/server/idserverlib/src/main/resources/resources/templates/sendAssertionFormIFrame.html
new file mode 100644
index 000000000..a30bbfa9a
--- /dev/null
+++ b/id/server/idserverlib/src/main/resources/resources/templates/sendAssertionFormIFrame.html
@@ -0,0 +1,44 @@
+<html>
+<head>
+ <meta content="text/html; charset=utf-8" http-equiv="Content-Type">
+ <meta content="text/css" http-equiv="Content-Style-Type">
+ <link rel="stylesheet" type="text/css" href="#CONTEXTPATH#/css/index.css">
+</head>
+
+
+<body>
+ <div id="leftcontent">
+ <h2 id="tabheader" class="dunkel">
+ Anmeldeinformationen:
+
+ </h2>
+
+ <div id="selectArea" class="hell">
+ <b>Anmeldung an:</b>
+ <p>#OAName#</p>
+
+
+<!-- <div class="hell"> -->
+ <div id="leftbutton" class="hell">
+ <form method="post" id="moaidform_yes" action="#URL#">
+ <input type="hidden" name="value" value="true">
+ <input type="hidden" name="mod" value="#MODUL#">
+ <input type="hidden" name="action" value="#ACTION#">
+ <input type="hidden" name="identifier" value="#ID#">
+ <input type="submit" size="400" value="Ja" class="setAssertionButton">
+ </form>
+ </div>
+ <div id="rightbutton" class="hell">
+ <form method="post" id="moaidform_no" action="#URL#">
+ <input type="hidden" name="value" value="false">
+ <input type="hidden" name="mod" value="#MODUL#">
+ <input type="hidden" name="action" value="#ACTION#">
+ <input type="hidden" name="identifier" value="#ID#">
+ <input type="submit" size="400" value="Nein" class="setAssertionButton">
+ </form>
+ </div>
+
+ </div>
+ </div>
+</body>
+</html>