diff options
Diffstat (limited to 'id/server/idserverlib/src')
34 files changed, 224 insertions, 227 deletions
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/advancedlogging/MOAIDEventConstants.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/advancedlogging/MOAIDEventConstants.java index d654eb359..f6d116198 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/advancedlogging/MOAIDEventConstants.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/advancedlogging/MOAIDEventConstants.java @@ -97,6 +97,12 @@ public interface MOAIDEventConstants extends EventConstants { public static final int AUTHPROCESS_EIDAS_AT_CONNECTOR_RECEIVED = 6202; public static final int AUTHPROCESS_EIDAS_AT_CONNECTOR_RECEIVED_ERROR = 6203; public static final int AUTHPROCESS_EIDAS_AT_CONNECTOR_MDS_VALID = 6204; + + public static final int AUTHPROCESS_EID_SERVICE_SELECTED = 6300; + public static final int AUTHPROCESS_EID_SERVICE_REQUESTED = 6301; + public static final int AUTHPROCESS_EID_SERVICE_RECEIVED = 6302; + public static final int AUTHPROCESS_EID_SERVICE_RECEIVED_ERROR = 6303; + public static final int AUTHPROCESS_EID_SERVICE_ATTRIBUTES_VALID = 6304; //person information public static final int PERSONAL_INFORMATION_PROF_REPRESENTATIVE_BPK = 5000; diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/MOAIDAuthInitializer.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/MOAIDAuthInitializer.java index a35b45af2..b0f452861 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/MOAIDAuthInitializer.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/MOAIDAuthInitializer.java @@ -158,7 +158,7 @@ public class MOAIDAuthInitializer { fixJava8_141ProblemWithSSLAlgorithms(); - if (!authConf.getBasicMOAIDConfigurationBoolean(ConfigurationProviderImpl.VALIDATION_AUTHBLOCK_TARGETFRIENDLYNAME, true)) + if (!authConf.getBasicConfigurationBoolean(ConfigurationProviderImpl.VALIDATION_AUTHBLOCK_TARGETFRIENDLYNAME, true)) Logger.info("AuthBlock 'TargetFriendlyName' validation deactivated"); diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/AuthenticationDataBuilder.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/AuthenticationDataBuilder.java index acf59cebf..d26f7b396 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/AuthenticationDataBuilder.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/AuthenticationDataBuilder.java @@ -53,6 +53,7 @@ import at.gv.egiz.eaaf.core.api.idp.auth.data.IIdentityLink; import at.gv.egiz.eaaf.core.exceptions.EAAFAuthenticationException; import at.gv.egiz.eaaf.core.exceptions.EAAFBuilderException; import at.gv.egiz.eaaf.core.exceptions.EAAFConfigurationException; +import at.gv.egiz.eaaf.core.exceptions.EAAFException; import at.gv.egiz.eaaf.core.exceptions.EAAFParserException; import at.gv.egiz.eaaf.core.exceptions.EAAFStorageException; import at.gv.egiz.eaaf.core.exceptions.XPathException; @@ -60,6 +61,7 @@ import at.gv.egiz.eaaf.core.impl.data.Pair; import at.gv.egiz.eaaf.core.impl.idp.AuthenticationData; import at.gv.egiz.eaaf.core.impl.idp.auth.builder.AbstractAuthenticationDataBuilder; import at.gv.egiz.eaaf.core.impl.idp.auth.builder.BPKBuilder; +import at.gv.egiz.eaaf.core.impl.idp.builder.SimpleStringAttributeGenerator; import at.gv.egiz.eaaf.core.impl.utils.XPathUtils; import at.gv.egovernment.moa.id.auth.data.AuthenticationSessionStorageConstants; import at.gv.egovernment.moa.id.auth.data.AuthenticationSessionWrapper; @@ -84,7 +86,6 @@ import at.gv.egovernment.moa.id.data.MISMandate; import at.gv.egovernment.moa.id.data.MOAAuthenticationData; import at.gv.egovernment.moa.id.protocols.builder.attributes.MandateNaturalPersonSourcePinAttributeBuilder; import at.gv.egovernment.moa.id.protocols.builder.attributes.MandateNaturalPersonSourcePinTypeAttributeBuilder; -import at.gv.egovernment.moa.id.protocols.builder.attributes.SimpleStringAttributeGenerator; import at.gv.egovernment.moa.id.protocols.pvp2x.PVPConstants; import at.gv.egovernment.moa.id.storage.IAuthenticationSessionStoreage; import at.gv.egovernment.moa.id.util.IdentityLinkReSigner; @@ -116,7 +117,7 @@ public class AuthenticationDataBuilder extends AbstractAuthenticationDataBuilder @PostConstruct private void initialize() { - Map<String, String> pubKeyMap = authConfig.getBasicMOAIDConfigurationWithPrefix(CONFIGURATION_PROP_FOREIGN_BPK_ENC_KEYS); + Map<String, String> pubKeyMap = authConfig.getBasicConfigurationWithPrefix(CONFIGURATION_PROP_FOREIGN_BPK_ENC_KEYS); for (Entry<String, String> el : pubKeyMap.entrySet()) { try { encKeyMap.put(el.getKey(), new X509Certificate(Base64Utils.decode(el.getValue(), false))); @@ -134,7 +135,7 @@ public class AuthenticationDataBuilder extends AbstractAuthenticationDataBuilder } @Override - public IAuthData buildAuthenticationData(IRequest pendingReq) throws EAAFAuthenticationException { + protected IAuthData buildDeprecatedAuthData(IRequest pendingReq) throws EAAFException { try { return buildAuthenticationData(pendingReq, pendingReq.getSessionData(AuthenticationSessionWrapper.class), @@ -145,7 +146,6 @@ public class AuthenticationDataBuilder extends AbstractAuthenticationDataBuilder throw new EAAFAuthenticationException("builder.11", new Object[]{e.getMessage()}, e); } - } private IAuthData buildAuthenticationData(IRequest pendingReq, @@ -216,7 +216,7 @@ public class AuthenticationDataBuilder extends AbstractAuthenticationDataBuilder IOAAuthParameters oaParam, IRequest protocolRequest) throws BuildException, ConfigurationException, EAAFBuilderException { try { //generate basic authentication data - generateBasicAuthData(authData, protocolRequest, session); + generateDeprecatedBasicAuthData(authData, protocolRequest, session); //set Austrian eID demo-mode flag authData.setIseIDNewDemoMode(Boolean.parseBoolean( @@ -428,6 +428,24 @@ public class AuthenticationDataBuilder extends AbstractAuthenticationDataBuilder authData.setMISMandate(misMandate); authData.setUseMandate(true); + //#################################################### + // set bPK and IdentityLink for Organwalter --> + // Organwalter has a special bPK is received from MIS + if (authData.isUseMandate() && session.isOW() && misMandate != null + && MiscUtil.isNotEmpty(misMandate.getOWbPK())) { + //TODO: if full-mandate is removed in OPB --> OWbPK functionality needs an update!!! + authData.setBPK(misMandate.getOWbPK()); + authData.setBPKType(Constants.URN_PREFIX_CDID + "+" + "OW"); + Logger.trace("Authenticated User is OW: " + misMandate.getOWbPK()); + + //set bPK and IdenityLink for all other + Logger.debug("User is an OW. Set original IDL into authdata ... "); + authData.setIdentityLink(session.getIdentityLink()); + + + + } + } catch (IOException e) { Logger.error("Base64 decoding of PVP-Attr:"+ PVPConstants.MANDATE_FULL_MANDATE_FRIENDLY_NAME + " FAILED.", e); @@ -471,24 +489,7 @@ public class AuthenticationDataBuilder extends AbstractAuthenticationDataBuilder } } - //#################################################### - // set bPK and IdentityLink for Organwalter --> - // Organwalter has a special bPK is received from MIS - if (authData.isUseMandate() && session.isOW() && misMandate != null - && MiscUtil.isNotEmpty(misMandate.getOWbPK())) { - //TODO: if full-mandate is removed in OPB --> OWbPK functionality needs an update!!! - authData.setBPK(misMandate.getOWbPK()); - authData.setBPKType(Constants.URN_PREFIX_CDID + "+" + "OW"); - Logger.trace("Authenticated User is OW: " + misMandate.getOWbPK()); - - //set bPK and IdenityLink for all other - Logger.debug("User is an OW. Set original IDL into authdata ... "); - authData.setIdentityLink(session.getIdentityLink()); - - - - } - + //################################################################### //set PVP role attribute (implemented for ISA 1.18 action) includedToGenericAuthData.remove(PVPConstants.ROLES_NAME); @@ -926,4 +927,35 @@ public class AuthenticationDataBuilder extends AbstractAuthenticationDataBuilder } } } + @Override + protected boolean matchsReceivedbPKToOnlineApplication(ISPConfiguration oaParam, String bPKType) { + boolean bPKTypeMatch = oaParam.getAreaSpecificTargetIdentifier().equals(bPKType); + if (!bPKTypeMatch) { + Logger.trace("bPKType does not match to Online-Application. Checking if it is Prof.Rep. bPK ... "); + if (EAAFConstants.URN_PREFIX_OW_BPK.equals(bPKType)) { + Logger.debug("Find Prof.Rep. bPKType. This matchs on every SP-Target"); + bPKTypeMatch = true; + + } else + Logger.trace("bPKType is not of type: " + EAAFConstants.URN_PREFIX_OW_BPK + " Matching failed."); + + } + + return bPKTypeMatch; + + } + + @Override + protected IAuthData getAuthDataInstance(IRequest pendingReq) throws EAAFException { + throw new RuntimeException("This method is NOT supported by MOA-ID"); + + } + + @Override + protected void buildServiceSpecificAuthenticationData(IAuthData authData, IRequest pendingReq) + throws EAAFException { + throw new RuntimeException("This method is NOT supported by MOA-ID"); + + } + } diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/data/AuthenticationSession.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/data/AuthenticationSession.java index cadaec2a0..8b587c550 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/data/AuthenticationSession.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/data/AuthenticationSession.java @@ -674,5 +674,17 @@ public class AuthenticationSession implements Serializable, IAuthenticationSessi result.put(GENERIC_PREFIX + el.getKey(), el.getValue()); return Collections.unmodifiableMap(result); + } + + @Override + public boolean isEIDProcess() { + return false; + + } + + @Override + public void setEIDProcess(boolean value) { + Logger.warn("set E-ID process will be ignored!!!"); + } } diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/data/VerifyXMLSignatureResponse.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/data/VerifyXMLSignatureResponse.java index c054976ec..636871a09 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/data/VerifyXMLSignatureResponse.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/data/VerifyXMLSignatureResponse.java @@ -261,7 +261,6 @@ public Date getSigningDateTime() { /* (non-Javadoc) * @see at.gv.egovernment.moa.id.auth.data.IVerifiyXMLSignatureResponse#setSigningDateTime(java.util.Date) */ -@Override public void setSigningDateTime(Date signingDateTime) { this.signingDateTime = signingDateTime; } diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/modules/BKUSelectionModuleImpl.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/modules/BKUSelectionModuleImpl.java index 48d652671..6426e0e0c 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/modules/BKUSelectionModuleImpl.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/modules/BKUSelectionModuleImpl.java @@ -22,9 +22,14 @@ */ package at.gv.egovernment.moa.id.auth.modules; +import org.springframework.beans.factory.annotation.Autowired; + +import at.gv.egiz.eaaf.core.api.IRequest; +import at.gv.egiz.eaaf.core.api.idp.IConfiguration; import at.gv.egiz.eaaf.core.api.idp.auth.modules.AuthModule; import at.gv.egiz.eaaf.core.api.idp.process.ExecutionContext; import at.gv.egovernment.moa.id.commons.MOAIDAuthConstants; +import at.gv.egovernment.moa.id.config.auth.PropertyBasedAuthConfigurationProvider; /** * @author tlenz @@ -32,6 +37,8 @@ import at.gv.egovernment.moa.id.commons.MOAIDAuthConstants; */ public class BKUSelectionModuleImpl implements AuthModule { + @Autowired(required=false) private IConfiguration configuration; + /* (non-Javadoc) * @see at.gv.egovernment.moa.id.auth.modules.AuthModule#getPriority() */ @@ -44,13 +51,14 @@ public class BKUSelectionModuleImpl implements AuthModule { * @see at.gv.egovernment.moa.id.auth.modules.AuthModule#selectProcess(at.gv.egovernment.moa.id.process.api.ExecutionContext) */ @Override - public String selectProcess(ExecutionContext context) { + public String selectProcess(ExecutionContext context, IRequest pendingReq) { boolean performBKUSelection = false; Object performBKUSelectionObj = context.get(MOAIDAuthConstants.PROCESSCONTEXT_PERFORM_BKUSELECTION); if (performBKUSelectionObj != null && performBKUSelectionObj instanceof Boolean) performBKUSelection = (boolean) performBKUSelectionObj; - if (performBKUSelection) + if (performBKUSelection && configuration != null + && configuration.getBasicConfigurationBoolean(PropertyBasedAuthConfigurationProvider.PROP_MOAID_MODE, false)) return "BKUSelectionProcess"; else diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/modules/SingleSignOnConsentsModuleImpl.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/modules/SingleSignOnConsentsModuleImpl.java index b624e13ef..e8ce0f9c1 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/modules/SingleSignOnConsentsModuleImpl.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/modules/SingleSignOnConsentsModuleImpl.java @@ -22,6 +22,7 @@ */ package at.gv.egovernment.moa.id.auth.modules; +import at.gv.egiz.eaaf.core.api.IRequest; import at.gv.egiz.eaaf.core.api.idp.auth.modules.AuthModule; import at.gv.egiz.eaaf.core.api.idp.process.ExecutionContext; @@ -46,7 +47,7 @@ public class SingleSignOnConsentsModuleImpl implements AuthModule { * @see at.gv.egovernment.moa.id.auth.modules.AuthModule#selectProcess(at.gv.egovernment.moa.id.process.api.ExecutionContext) */ @Override - public String selectProcess(ExecutionContext context) { + public String selectProcess(ExecutionContext context, IRequest pendingReq) { Object evaluationObj = context.get(PARAM_SSO_CONSENTS_EVALUATION); if (evaluationObj != null && evaluationObj instanceof Boolean) { boolean evaluateSSOConsents = (boolean) evaluationObj; diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/modules/internal/tasks/EvaluateSSOConsentsTaskImpl.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/modules/internal/tasks/EvaluateSSOConsentsTaskImpl.java index 375b144d7..2c099abf6 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/modules/internal/tasks/EvaluateSSOConsentsTaskImpl.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/modules/internal/tasks/EvaluateSSOConsentsTaskImpl.java @@ -98,6 +98,7 @@ public class EvaluateSSOConsentsTaskImpl extends AbstractAuthServletTask { pendingReq.setRawDataToTransaction(ssoMOSSession.getKeyValueRepresentationFromAuthSession());; //authenticate pending-request + pendingReq.setNeedUserConsent(false); pendingReq.setAuthenticated(true); pendingReq.setAbortedByUser(false); @@ -112,7 +113,7 @@ public class EvaluateSSOConsentsTaskImpl extends AbstractAuthServletTask { requestStoreage.storePendingRequest(pendingReq); //redirect to auth. protocol finalization - performRedirectToProtocolFinialization(pendingReq, response); + performRedirectToProtocolFinialization(executionContext, pendingReq, request, response); } catch (MOAIDException e) { throw new TaskExecutionException(pendingReq, e.getMessage(), e); diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/modules/internal/tasks/GenerateBKUSelectionFrameTask.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/modules/internal/tasks/GenerateBKUSelectionFrameTask.java index 98e632bd8..cc070f8fd 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/modules/internal/tasks/GenerateBKUSelectionFrameTask.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/modules/internal/tasks/GenerateBKUSelectionFrameTask.java @@ -73,7 +73,7 @@ public class GenerateBKUSelectionFrameTask extends AbstractAuthServletTask { SPSpecificGUIBuilderConfigurationWithDBLoad.VIEW_BKUSELECTION, GeneralProcessEngineSignalController.ENDPOINT_BKUSELECTION_EVALUATION); - guiBuilder.build(response, config, "BKU-Selection form"); + guiBuilder.build(request, response, config, "BKU-Selection form"); } catch (GUIBuildException e) { Logger.warn("Can not build GUI:'BKU-Selection'. Msg:" + e.getMessage()); diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/modules/internal/tasks/GenerateSSOConsentEvaluatorFrameTask.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/modules/internal/tasks/GenerateSSOConsentEvaluatorFrameTask.java index 3c364e924..64c3721df 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/modules/internal/tasks/GenerateSSOConsentEvaluatorFrameTask.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/modules/internal/tasks/GenerateSSOConsentEvaluatorFrameTask.java @@ -71,7 +71,7 @@ public class GenerateSSOConsentEvaluatorFrameTask extends AbstractAuthServletTas SPSpecificGUIBuilderConfigurationWithDBLoad.VIEW_SENDASSERTION, GeneralProcessEngineSignalController.ENDPOINT_SENDASSERTION_EVALUATION); - guiBuilder.build(response, config, "SendAssertion-Evaluation"); + guiBuilder.build(request, response, config, "SendAssertion-Evaluation"); //Log consents evaluator event to revisionslog revisionsLogger.logEvent(pendingReq, MOAIDEventConstants.AUTHPROCESS_SSO_ASK_USER_START); diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/parser/VerifyXMLSignatureResponseParser.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/parser/VerifyXMLSignatureResponseParser.java index c66353846..32660a3db 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/parser/VerifyXMLSignatureResponseParser.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/parser/VerifyXMLSignatureResponseParser.java @@ -176,7 +176,7 @@ public class VerifyXMLSignatureResponseParser { public IVerifiyXMLSignatureResponse parseData() throws ParseException { - IVerifiyXMLSignatureResponse respData=new VerifyXMLSignatureResponse(); + VerifyXMLSignatureResponse respData=new VerifyXMLSignatureResponse(); try { diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/GUILayoutBuilderServlet.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/GUILayoutBuilderServlet.java index 18aa93cc9..6803264dd 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/GUILayoutBuilderServlet.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/GUILayoutBuilderServlet.java @@ -59,7 +59,7 @@ public class GUILayoutBuilderServlet extends AbstractController { @Autowired AuthConfiguration authConfig; @Autowired IRequestStorage requestStoreage; - @Autowired IGUIFormBuilder formBuilder; + @Autowired IGUIFormBuilder formBuilder; public GUILayoutBuilderServlet() { super(); @@ -93,7 +93,7 @@ public class GUILayoutBuilderServlet extends AbstractController { } //build GUI component - formBuilder.build(resp, config, MOAIDConstants.DEFAULT_CONTENT_TYPE_HTML_UTF8, "BKUDetection-Frame"); + formBuilder.build(req, resp, config, MOAIDConstants.DEFAULT_CONTENT_TYPE_HTML_UTF8, "BKUDetection-Frame"); } catch (Exception e) { @@ -124,7 +124,7 @@ public class GUILayoutBuilderServlet extends AbstractController { null); //build GUI component - formBuilder.build(resp, config, "text/css; charset=UTF-8", "CSS-Form"); + formBuilder.build(req, resp, config, "text/css; charset=UTF-8", "CSS-Form"); } catch (Exception e) { Logger.warn("GUI ressource:'CSS' generation FAILED.", e); @@ -153,7 +153,7 @@ public class GUILayoutBuilderServlet extends AbstractController { GeneralProcessEngineSignalController.ENDPOINT_BKUSELECTION_EVALUATION); //build GUI component - formBuilder.build(resp, config, "text/javascript; charset=UTF-8", "JavaScript"); + formBuilder.build(req, resp, config, "text/javascript; charset=UTF-8", "JavaScript"); } catch (Exception e) { Logger.warn("GUI ressource:'JavaScript' generation FAILED.", e); @@ -168,7 +168,7 @@ public class GUILayoutBuilderServlet extends AbstractController { req.getParameter(EAAFConstants.PARAM_HTTP_TARGET_PENDINGREQUESTID)); if (MiscUtil.isNotEmpty(pendingReqID)) { - IRequest pendingReq = requestStorage.getPendingRequest(pendingReqID); + IRequest pendingReq = requestStoreage.getPendingRequest(pendingReqID); if (pendingReq != null) { Logger.trace("GUI-Layout builder: Pending-request:" + pendingReqID + " found -> Build specific template"); diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/GeneralProcessEngineSignalController.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/GeneralProcessEngineSignalController.java index 87325989a..09b18d9c6 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/GeneralProcessEngineSignalController.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/GeneralProcessEngineSignalController.java @@ -31,6 +31,7 @@ import org.springframework.stereotype.Controller; import org.springframework.web.bind.annotation.RequestMapping; import org.springframework.web.bind.annotation.RequestMethod; +import at.gv.egiz.eaaf.core.exceptions.EAAFException; import at.gv.egiz.eaaf.core.impl.idp.controller.AbstractProcessEngineSignalController; /** @@ -50,7 +51,7 @@ public class GeneralProcessEngineSignalController extends AbstractProcessEngineS "/signalProcess" }, method = {RequestMethod.POST, RequestMethod.GET}) - public void performGenericAuthenticationProcess(HttpServletRequest req, HttpServletResponse resp) throws IOException { + public void performGenericAuthenticationProcess(HttpServletRequest req, HttpServletResponse resp) throws IOException, EAAFException { signalProcessManagement(req, resp); } diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/IDPSingleLogOutServlet.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/IDPSingleLogOutServlet.java index c39d78d8b..496501760 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/IDPSingleLogOutServlet.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/IDPSingleLogOutServlet.java @@ -37,10 +37,13 @@ import org.springframework.web.bind.annotation.RequestMapping; import org.springframework.web.bind.annotation.RequestMethod; import at.gv.egiz.eaaf.core.api.IRequest; +import at.gv.egiz.eaaf.core.api.gui.IGUIFormBuilder; import at.gv.egiz.eaaf.core.api.idp.auth.IAuthenticationManager; +import at.gv.egiz.eaaf.core.api.idp.auth.services.IProtocolAuthenticationService; import at.gv.egiz.eaaf.core.api.idp.slo.ISLOInformationContainer; import at.gv.egiz.eaaf.core.exceptions.EAAFException; import at.gv.egiz.eaaf.core.exceptions.GUIBuildException; +import at.gv.egiz.eaaf.core.exceptions.SLOException; import at.gv.egiz.eaaf.core.impl.idp.controller.AbstractController; import at.gv.egiz.eaaf.core.impl.utils.HTTPUtils; import at.gv.egiz.eaaf.core.impl.utils.Random; @@ -70,13 +73,14 @@ public class IDPSingleLogOutServlet extends AbstractController { @Autowired SSOManager ssoManager; @Autowired IAuthenticationManager authManager; - @Autowired IAuthenticationSessionStoreage authenicationStorage; - @Autowired SingleLogOutBuilder sloBuilder; - + @Autowired IAuthenticationSessionStoreage authenicationStorage; + @Autowired IProtocolAuthenticationService protAuthService; + @Autowired(required=true) private IGUIFormBuilder guiBuilder; + @Autowired(required=false) SingleLogOutBuilder sloBuilder; @RequestMapping(value = "/idpSingleLogout", method = {RequestMethod.GET}) public void doGet(HttpServletRequest req, HttpServletResponse resp) - throws ServletException, IOException { + throws ServletException, IOException, EAAFException { Logger.debug("Receive IDP-initiated SingleLogOut"); String authURL = HTTPUtils.extractAuthURLFromRequest(req); @@ -117,21 +121,21 @@ public class IDPSingleLogOutServlet extends AbstractController { null); if (MOAIDAuthConstants.SLOSTATUS_SUCCESS.equals(status)) - config.putCustomParameter("successMsg", + config.putCustomParameter(null, "successMsg", MOAIDMessageProvider.getInstance().getMessage("slo.00", null)); else - config.putCustomParameterWithOutEscaption("errorMsg", + config.putCustomParameterWithOutEscaption(null, "errorMsg", MOAIDMessageProvider.getInstance().getMessage("slo.01", null)); - guiBuilder.build(resp, config, "Single-LogOut GUI"); + guiBuilder.build(req, resp, config, "Single-LogOut GUI"); } catch (GUIBuildException e) { - handleErrorNoRedirect(e, req, resp, false); + protAuthService.handleErrorNoRedirect(e, req, resp, false); } catch (MOADatabaseException e) { - handleErrorNoRedirect(e, req, resp, false); + protAuthService.handleErrorNoRedirect(e, req, resp, false); } catch (EAAFException e) { - handleErrorNoRedirect(e, req, resp, false); + protAuthService.handleErrorNoRedirect(e, req, resp, false); } @@ -146,15 +150,22 @@ public class IDPSingleLogOutServlet extends AbstractController { if(MiscUtil.isNotEmpty(internalSSOId)) { ISLOInformationContainer sloInfoContainer = authManager.performSingleLogOut(req, resp, null, internalSSOId); - Logger.debug("Starting technical SLO process ... "); - sloBuilder.toTechnicalLogout(sloInfoContainer, req, resp, authURL); + if (sloBuilder != null) { + Logger.debug("Starting technical SLO process ... "); + sloBuilder.toTechnicalLogout(sloInfoContainer, req, resp, authURL); + + } else { + Logger.warn("Can NOT perfom Single LogOut process! NO SLOBuilder in ClassPath"); + throw new SLOException("init.05", new Object[] {"Missing depentency or modul not active"}); + + } return; } } } catch (Exception e) { - handleErrorNoRedirect(e, req, resp, false); + protAuthService.handleErrorNoRedirect(e, req, resp, false); } @@ -166,7 +177,7 @@ public class IDPSingleLogOutServlet extends AbstractController { SLOInformationContainer sloContainer = transactionStorage.get(restartProcess, SLOInformationContainer.class); if (sloContainer == null) { Logger.info("No Single LogOut processing information with ID: " + restartProcess); - handleErrorNoRedirect(new MOAIDException("slo.03", null), req, resp, false); + protAuthService.handleErrorNoRedirect(new MOAIDException("slo.03", null), req, resp, false); return; } @@ -176,7 +187,7 @@ public class IDPSingleLogOutServlet extends AbstractController { String redirectURL = null; IRequest sloReq = sloContainer.getSloRequest(); - if (sloReq != null && sloReq instanceof PVPSProfilePendingRequest) { + if (sloBuilder != null && sloReq != null && sloReq instanceof PVPSProfilePendingRequest) { //send SLO response to SLO request issuer SingleLogoutService sloService = sloBuilder.getResponseSLODescriptor((PVPSProfilePendingRequest)sloContainer.getSloRequest()); LogoutResponse message = sloBuilder.buildSLOResponseMessage(sloService, (PVPSProfilePendingRequest)sloContainer.getSloRequest(), sloContainer.getSloFailedOAs()); @@ -233,10 +244,10 @@ public class IDPSingleLogOutServlet extends AbstractController { DefaultGUIFormBuilderConfiguration.VIEW_SINGLELOGOUT, null); - config.putCustomParameterWithOutEscaption("errorMsg", + config.putCustomParameterWithOutEscaption(null, "errorMsg", MOAIDMessageProvider.getInstance().getMessage("slo.01", null)); - guiBuilder.build(resp, config, "Single-LogOut GUI"); + guiBuilder.build(req, resp, config, "Single-LogOut GUI"); } catch (GUIBuildException e) { e.printStackTrace(); @@ -251,10 +262,10 @@ public class IDPSingleLogOutServlet extends AbstractController { DefaultGUIFormBuilderConfiguration.VIEW_SINGLELOGOUT, null); - config.putCustomParameter("successMsg", + config.putCustomParameter(null, "successMsg", MOAIDMessageProvider.getInstance().getMessage("slo.02", null)); - guiBuilder.build(resp, config, "Single-LogOut GUI"); + guiBuilder.build(req, resp, config, "Single-LogOut GUI"); } catch (GUIBuildException e) { e.printStackTrace(); diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/RedirectServlet.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/RedirectServlet.java index 478462adb..abb19c6cf 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/RedirectServlet.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/RedirectServlet.java @@ -122,9 +122,9 @@ public class RedirectServlet { authURL, DefaultGUIFormBuilderConfiguration.VIEW_REDIRECT, null); - config.putCustomParameterWithOutEscaption(URL, StringEscapeUtils.escapeHtml(url)); - config.putCustomParameter(TARGET, redirectTarget); - guiBuilder.build(resp, config, "RedirectForm.html"); + config.putCustomParameterWithOutEscaption(null, URL, StringEscapeUtils.escapeHtml(url)); + config.putCustomParameter(null, TARGET, redirectTarget); + guiBuilder.build(req, resp, config, "RedirectForm.html"); } else if (MiscUtil.isNotEmpty(interIDP)) { //store IDP identifier and redirect to generate AuthRequst service @@ -153,10 +153,10 @@ public class RedirectServlet { authURL, DefaultGUIFormBuilderConfiguration.VIEW_REDIRECT, null); - config.putCustomParameterWithOutEscaption(URL, StringEscapeUtils.escapeHtml(url)); - config.putCustomParameter(TARGET, redirectTarget); + config.putCustomParameterWithOutEscaption(null, URL, StringEscapeUtils.escapeHtml(url)); + config.putCustomParameter(null, TARGET, redirectTarget); - guiBuilder.build(resp, config, "RedirectForm.html"); + guiBuilder.build(req, resp, config, "RedirectForm.html"); } diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/auth/PropertyBasedAuthConfigurationProvider.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/auth/PropertyBasedAuthConfigurationProvider.java index fff019ae7..eae7aae9d 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/auth/PropertyBasedAuthConfigurationProvider.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/auth/PropertyBasedAuthConfigurationProvider.java @@ -51,6 +51,8 @@ import iaik.pki.revocation.RevocationSourceTypes; public class PropertyBasedAuthConfigurationProvider extends ConfigurationProviderImpl implements AuthConfiguration { + public static final String PROP_MOAID_MODE = "general.moaidmode.active"; + private static final boolean TRUST_MANAGER_REVOCATION_CHECKING_DEFAULT = true; private MOAIDConfiguration configuration; @@ -231,7 +233,9 @@ public class PropertyBasedAuthConfigurationProvider extends ConfigurationProvide allowedProtcols.setSAML1Active( configuration.getBooleanValue(MOAIDConfigurationConstants.GENERAL_PROTOCOLS_SAML1_ENABLED, false)); allowedProtcols.setPVP21Active( - configuration.getBooleanValue(MOAIDConfigurationConstants.GENERAL_PROTOCOLS_PVP2X_ENABLED, true)); + configuration.getBooleanValue( + MOAIDConfigurationConstants.GENERAL_PROTOCOLS_PVP2X_ENABLED, true) + && getBasicConfigurationBoolean(PROP_MOAID_MODE, false)); return allowedProtcols; @@ -1307,5 +1311,4 @@ public class PropertyBasedAuthConfigurationProvider extends ConfigurationProvide } } } - } diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/data/IMOAAuthData.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/data/IMOAAuthData.java index af4cf6fa7..7a298220b 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/data/IMOAAuthData.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/data/IMOAAuthData.java @@ -4,11 +4,11 @@ import java.util.List; import org.w3c.dom.Element; -import at.gv.egiz.eaaf.core.api.idp.IAuthData; +import at.gv.egiz.eaaf.core.api.idp.IEidAuthData; import at.gv.egiz.eaaf.core.impl.data.Pair; import at.gv.egovernment.moa.id.commons.api.data.IMISMandate; -public interface IMOAAuthData extends IAuthData{ +public interface IMOAAuthData extends IEidAuthData{ @Deprecated /** @@ -34,7 +34,6 @@ public interface IMOAAuthData extends IAuthData{ */ List<Pair<String, String>> getEncMandateNaturalPersonbPKList(); - byte[] getSignerCertificate(); String getAuthBlock(); boolean isPublicAuthority(); String getPublicAuthorityCode(); @@ -42,7 +41,6 @@ public interface IMOAAuthData extends IAuthData{ String getBkuURL(); String getInterfederatedIDP(); boolean isInterfederatedSSOSession(); - boolean isUseMandate(); IMISMandate getMISMandate(); Element getMandate(); String getMandateReferenceValue(); diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/data/MOAAuthenticationData.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/data/MOAAuthenticationData.java index 897a06e62..f79e80cd2 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/data/MOAAuthenticationData.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/data/MOAAuthenticationData.java @@ -30,7 +30,7 @@ import org.w3c.dom.Element; import at.gv.egiz.eaaf.core.api.data.ILoALevelMapper; import at.gv.egiz.eaaf.core.impl.data.Pair; -import at.gv.egiz.eaaf.core.impl.idp.AuthenticationData; +import at.gv.egiz.eaaf.core.impl.idp.EidAuthenticationData; import at.gv.egiz.eaaf.core.impl.utils.DOMUtils; import at.gv.egiz.eaaf.modules.pvp2.sp.exception.AssertionAttributeExtractorExeption; import at.gv.egovernment.moa.id.commons.api.data.IMISMandate; @@ -45,14 +45,13 @@ import at.gv.egovernment.moa.util.MiscUtil; * @author tlenz * */ -public class MOAAuthenticationData extends AuthenticationData implements IMOAAuthData, Serializable { +public class MOAAuthenticationData extends EidAuthenticationData implements IMOAAuthData, Serializable { private static final long serialVersionUID = 1L; private boolean qualifiedCertificate; private boolean publicAuthority; private String publicAuthorityCode; private String bkuURL; - private byte[] signerCertificate = null; private String authBlock = null; private String QAALevel = null; @@ -63,7 +62,6 @@ public class MOAAuthenticationData extends AuthenticationData implements IMOAAut private List<AuthenticationRole> roles = null; private String pvpAttribute_OU = null; - private boolean useMandate = false; private IMISMandate mandate = null; private String mandateReferenceValue = null; @@ -116,21 +114,6 @@ public class MOAAuthenticationData extends AuthenticationData implements IMOAAut return this.encbPKList; } - - @Override - public byte[] getSignerCertificate() { - return signerCertificate; - } - - - /** - * @param signerCertificate the signerCertificate to set - */ - public void setSignerCertificate(byte[] signerCertificate) { - this.signerCertificate = signerCertificate; - } - - @Override public String getAuthBlock() { return authBlock; @@ -176,18 +159,6 @@ public class MOAAuthenticationData extends AuthenticationData implements IMOAAut this.mandate = mandate; } - - @Override - public boolean isUseMandate() { - return useMandate; - } - - - public void setUseMandate(boolean useMandate) { - this.useMandate = useMandate; - } - - @Override public boolean isPublicAuthority() { return publicAuthority; diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/moduls/AuthenticationManager.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/moduls/AuthenticationManager.java index 77abe07af..9beeb6cc2 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/moduls/AuthenticationManager.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/moduls/AuthenticationManager.java @@ -67,7 +67,7 @@ public class AuthenticationManager extends AbstractAuthenticationManager { public static final String MOA_AUTHENTICATED = "MoaAuthenticated"; @Autowired private IAuthenticationSessionStoreage authenticatedSessionStore; - @Autowired private SingleLogOutBuilder sloBuilder;; + @Autowired(required=false) private SingleLogOutBuilder sloBuilder;; @Override @@ -118,8 +118,18 @@ public class AuthenticationManager extends AbstractAuthenticationManager { sloContainer.setSessionID(uniqueSessionIdentifier); sloContainer.setSloRequest(pvpReq); - sloBuilder.parseActiveIDPs(sloContainer, dbIDPs, pvpSLOIssuer); - sloBuilder.parseActiveOAs(sloContainer, dbOAs, pvpSLOIssuer); + if (sloBuilder != null) { + Logger.trace("Parse active SPs into SLOContainer ... "); + sloBuilder.parseActiveIDPs(sloContainer, dbIDPs, pvpSLOIssuer); + sloBuilder.parseActiveOAs(sloContainer, dbOAs, pvpSLOIssuer); + + } else { + Logger.warn("NO SLOBuilder in ClassPath / Single LogOut NOT possible! Mark SLO as FAILED"); + sloContainer.putFailedOA(pvpReq.getAuthURL()); + + Logger.info("Only the IDP session will be closed soon ..."); + + } Logger.debug("Active SSO Service-Provider: " + " BackChannel:" + sloContainer.getActiveBackChannelOAs().size() diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/builder/attributes/SimpleStringAttributeGenerator.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/builder/attributes/SimpleStringAttributeGenerator.java deleted file mode 100644 index 5daa71b1f..000000000 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/builder/attributes/SimpleStringAttributeGenerator.java +++ /dev/null @@ -1,68 +0,0 @@ -/* - * Copyright 2014 Federal Chancellery Austria - * MOA-ID has been developed in a cooperation between BRZ, the Federal - * Chancellery Austria - ICT staff unit, and Graz University of Technology. - * - * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by - * the European Commission - subsequent versions of the EUPL (the "Licence"); - * You may not use this work except in compliance with the Licence. - * You may obtain a copy of the Licence at: - * http://www.osor.eu/eupl/ - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the Licence is distributed on an "AS IS" basis, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the Licence for the specific language governing permissions and - * limitations under the Licence. - * - * This product combines work with different licenses. See the "NOTICE" text - * file for details on the various modules and licenses. - * The "NOTICE" text file is part of the distribution. Any derivative works - * that you distribute must include a readable copy of the "NOTICE" text file. - */ -package at.gv.egovernment.moa.id.protocols.builder.attributes; - -import at.gv.egiz.eaaf.core.api.idp.IAttributeGenerator; - -/** - * @author tlenz - * - */ -public class SimpleStringAttributeGenerator implements IAttributeGenerator<String> { - - /* (non-Javadoc) - * @see at.gv.egovernment.moa.id.protocols.builder.attributes.IAttributeGenerator#buildStringAttribute(java.lang.String, java.lang.String, java.lang.String) - */ - @Override - public String buildStringAttribute(String friendlyName, String name, String value) { - return value; - - } - - /* (non-Javadoc) - * @see at.gv.egovernment.moa.id.protocols.builder.attributes.IAttributeGenerator#buildIntegerAttribute(java.lang.String, java.lang.String, int) - */ - @Override - public String buildIntegerAttribute(String friendlyName, String name, int value) { - return String.valueOf(value); - - } - - /* (non-Javadoc) - * @see at.gv.egovernment.moa.id.protocols.builder.attributes.IAttributeGenerator#buildLongAttribute(java.lang.String, java.lang.String, long) - */ - @Override - public String buildLongAttribute(String friendlyName, String name, long value) { - return String.valueOf(value); - - } - - /* (non-Javadoc) - * @see at.gv.egovernment.moa.id.protocols.builder.attributes.IAttributeGenerator#buildEmptyAttribute(java.lang.String, java.lang.String) - */ - @Override - public String buildEmptyAttribute(String friendlyName, String name) { - return null; - } - -} diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/SingleLogOutBuilder.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/SingleLogOutBuilder.java index 8229fb405..19b79d165 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/SingleLogOutBuilder.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/SingleLogOutBuilder.java @@ -223,11 +223,11 @@ public class SingleLogOutBuilder { DefaultGUIFormBuilderConfiguration.VIEW_SINGLELOGOUT, null); - config.putCustomParameterWithOutEscaption("redirectURLs", sloReqList); - config.putCustomParameterWithOutEscaption("timeoutURL", timeOutURL); - config.putCustomParameter("timeout", String.valueOf(SLOTIMEOUT)); + config.putCustomParameterWithOutEscaption(null, "redirectURLs", sloReqList); + config.putCustomParameterWithOutEscaption(null, "timeoutURL", timeOutURL); + config.putCustomParameter(null, "timeout", String.valueOf(SLOTIMEOUT)); - guiBuilder.build(httpResp, config, "Single-LogOut GUI"); + guiBuilder.build(httpReq, httpResp, config, "Single-LogOut GUI"); } else { @@ -249,16 +249,16 @@ public class SingleLogOutBuilder { if (sloContainer.getSloFailedOAs() == null || sloContainer.getSloFailedOAs().size() == 0) { revisionsLogger.logEvent(sloContainer.getSessionID(), sloContainer.getTransactionID(), MOAIDEventConstants.AUTHPROCESS_SLO_ALL_VALID); - config.putCustomParameter("successMsg", + config.putCustomParameter(null, "successMsg", MOAIDMessageProvider.getInstance().getMessage("slo.00", null)); } else { revisionsLogger.logEvent(sloContainer.getSessionID(), sloContainer.getTransactionID(), MOAIDEventConstants.AUTHPROCESS_SLO_NOT_ALL_VALID); - config.putCustomParameterWithOutEscaption("errorMsg", + config.putCustomParameterWithOutEscaption(null, "errorMsg", MOAIDMessageProvider.getInstance().getMessage("slo.01", null)); } - guiBuilder.build(httpResp, config, "Single-LogOut GUI"); + guiBuilder.build(httpReq, httpResp, config, "Single-LogOut GUI"); } @@ -285,11 +285,11 @@ public class SingleLogOutBuilder { null); revisionsLogger.logEvent(sloContainer.getSessionID(), sloContainer.getTransactionID(), MOAIDEventConstants.AUTHPROCESS_SLO_NOT_ALL_VALID); - config.putCustomParameterWithOutEscaption("errorMsg", + config.putCustomParameterWithOutEscaption(null, "errorMsg", MOAIDMessageProvider.getInstance().getMessage("slo.01", null)); try { - guiBuilder.build(httpResp, config, "Single-LogOut GUI"); + guiBuilder.build(httpReq, httpResp, config, "Single-LogOut GUI"); } catch (GUIBuildException e1) { Logger.warn("Can not build GUI:'Single-LogOut'. Msg:" + e.getMessage()); diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/metadata/MOAMetadataProvider.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/metadata/MOAMetadataProvider.java index 4fc37d88f..0be49a23e 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/metadata/MOAMetadataProvider.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/metadata/MOAMetadataProvider.java @@ -64,7 +64,7 @@ public class MOAMetadataProvider extends AbstractChainingMetadataProvider { @Override protected String getMetadataURL(String entityId) throws EAAFConfigurationException { - ISPConfiguration oaParam = authConfig.getServiceProviderConfiguration(entityId); + ISPConfiguration oaParam = moaAuthConfig.getServiceProviderConfiguration(entityId); if (oaParam != null) return oaParam.getConfigurationValue(MOAIDConfigurationConstants.SERVICE_PROTOCOLS_PVP2X_URL); @@ -78,7 +78,7 @@ public class MOAMetadataProvider extends AbstractChainingMetadataProvider { @Override protected MetadataProvider createNewMetadataProvider(String entityId) throws EAAFConfigurationException, IOException, CertificateException { - ISPConfiguration oaParam = authConfig.getServiceProviderConfiguration(entityId); + ISPConfiguration oaParam = moaAuthConfig.getServiceProviderConfiguration(entityId); if (oaParam != null) { String metadataURL = oaParam.getConfigurationValue(MOAIDConfigurationConstants.SERVICE_PROTOCOLS_PVP2X_URL); String certBase64 = oaParam.getConfigurationValue(MOAIDConfigurationConstants.SERVICE_PROTOCOLS_PVP2X_CERTIFICATE); @@ -117,7 +117,7 @@ public class MOAMetadataProvider extends AbstractChainingMetadataProvider { while (oaInterator.hasNext()) { Entry<String, String> oaKeyPair = oaInterator.next(); - ISPConfiguration oaParam = authConfig.getServiceProviderConfiguration(oaKeyPair.getValue()); + ISPConfiguration oaParam = moaAuthConfig.getServiceProviderConfiguration(oaKeyPair.getValue()); if (oaParam != null) { String metadataurl = oaParam.getConfigurationValue(MOAIDConfigurationConstants.SERVICE_PROTOCOLS_PVP2X_URL); if (MiscUtil.isNotEmpty(metadataurl)) @@ -146,14 +146,14 @@ public class MOAMetadataProvider extends AbstractChainingMetadataProvider { //FIX: change hostname validation default flag to true when httpClient is updated to > 4.4 MOAHttpProtocolSocketFactory protoSocketFactory = new MOAHttpProtocolSocketFactory( PVPConstants.SSLSOCKETFACTORYNAME, - moaAuthConfig.getBasicMOAIDConfigurationBoolean( + moaAuthConfig.getBasicConfigurationBoolean( AuthConfiguration.PROP_KEY_SSL_USE_JVM_TRUSTSTORE, false), moaAuthConfig.getTrustedCACertificates(), null, AuthConfiguration.DEFAULT_X509_CHAININGMODE, moaAuthConfig.isTrustmanagerrevoationchecking(), moaAuthConfig.getRevocationMethodOrder(), - moaAuthConfig.getBasicMOAIDConfigurationBoolean( + moaAuthConfig.getBasicConfigurationBoolean( AuthConfiguration.PROP_KEY_SSL_HOSTNAME_VALIDATION, false)); httpClient.setCustomSSLTrustStore(metadataURL, protoSocketFactory); @@ -173,7 +173,7 @@ public class MOAMetadataProvider extends AbstractChainingMetadataProvider { filterChain.getFilters().add(new SchemaValidationFilter(moaAuthConfig.isPVPSchemaValidationActive())); filterChain.getFilters().add(new MetadataSignatureFilter(metadataURL, certificate)); filterChain.getFilters().add( - new PVPEntityCategoryFilter(authConfig.getBasicMOAIDConfigurationBoolean( + new PVPEntityCategoryFilter(authConfig.getBasicConfigurationBoolean( AuthConfiguration.PROP_KEY_PROTOCOL_PVP_METADATA_ENTITYCATEGORY_RESOLVER, false))); diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/signer/IDPCredentialProvider.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/signer/IDPCredentialProvider.java index 389d97b18..ad7328433 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/signer/IDPCredentialProvider.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/signer/IDPCredentialProvider.java @@ -25,6 +25,7 @@ package at.gv.egovernment.moa.id.protocols.pvp2x.signer; import java.util.Properties; import org.springframework.beans.factory.annotation.Autowired; +import org.springframework.stereotype.Service; import at.gv.egiz.eaaf.core.exceptions.EAAFException; import at.gv.egiz.eaaf.core.impl.utils.FileUtils; @@ -32,7 +33,7 @@ import at.gv.egiz.eaaf.modules.pvp2.impl.utils.AbstractCredentialProvider; import at.gv.egovernment.moa.id.commons.api.AuthConfiguration; import at.gv.egovernment.moa.util.MiscUtil; -//@Service("PVPIDPCredentialProvider") +@Service("PVPIDPCredentialProvider") public class IDPCredentialProvider extends AbstractCredentialProvider { public static final String IDP_JAVAKEYSTORE = "idp.ks.file"; public static final String IDP_KS_PASS = "idp.ks.kspassword"; diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/utils/MOASAMLSOAPClient.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/utils/MOASAMLSOAPClient.java index bd908f894..534f6797b 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/utils/MOASAMLSOAPClient.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/utils/MOASAMLSOAPClient.java @@ -76,14 +76,14 @@ public class MOASAMLSOAPClient { SecureProtocolSocketFactory sslprotocolsocketfactory = new MOAHttpProtocolSocketFactory( PVPConstants.SSLSOCKETFACTORYNAME, - AuthConfigurationProviderFactory.getInstance().getBasicMOAIDConfigurationBoolean( + AuthConfigurationProviderFactory.getInstance().getBasicConfigurationBoolean( AuthConfiguration.PROP_KEY_SSL_USE_JVM_TRUSTSTORE, false), AuthConfigurationProviderFactory.getInstance().getTrustedCACertificates(), null, AuthConfigurationProviderFactory.getInstance().getDefaultChainingMode(), AuthConfigurationProviderFactory.getInstance().isTrustmanagerrevoationchecking(), AuthConfigurationProviderFactory.getInstance().getRevocationMethodOrder(), - AuthConfigurationProviderFactory.getInstance().getBasicMOAIDConfigurationBoolean( + AuthConfigurationProviderFactory.getInstance().getBasicConfigurationBoolean( AuthConfiguration.PROP_KEY_SSL_HOSTNAME_VALIDATION, false)); clientBuilder.setHttpsProtocolSocketFactory(sslprotocolsocketfactory ); diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/validation/AuthnRequestValidator.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/validation/AuthnRequestValidator.java index 19f865325..5ed237948 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/validation/AuthnRequestValidator.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/validation/AuthnRequestValidator.java @@ -13,7 +13,7 @@ import org.springframework.stereotype.Service; import at.gv.egiz.eaaf.core.api.IRequest; import at.gv.egiz.eaaf.core.exceptions.AuthnRequestValidatorException; -import at.gv.egiz.eaaf.modules.pvp2.api.validation.IAuthnRequestValidator; +import at.gv.egiz.eaaf.modules.pvp2.api.validation.IAuthnRequestPostProcessor; import at.gv.egiz.eaaf.modules.pvp2.exception.NameIDFormatNotSupportedException; import at.gv.egovernment.moa.id.commons.MOAIDAuthConstants; import at.gv.egovernment.moa.id.protocols.pvp2x.exceptions.MandateAttributesNotHandleAbleException; @@ -26,9 +26,9 @@ import at.gv.egovernment.moa.logging.Logger; * */ @Service("MOAAuthnRequestValidator") -public class AuthnRequestValidator implements IAuthnRequestValidator { +public class AuthnRequestValidator implements IAuthnRequestPostProcessor { - public void validate(HttpServletRequest httpReq, IRequest pendingReq, AuthnRequest authnReq, SPSSODescriptor spSSODescriptor) throws AuthnRequestValidatorException{ + public void process(HttpServletRequest httpReq, IRequest pendingReq, AuthnRequest authnReq, SPSSODescriptor spSSODescriptor) throws AuthnRequestValidatorException{ //validate NameIDPolicy NameIDPolicy nameIDPolicy = authnReq.getNameIDPolicy(); diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/util/SSLUtils.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/util/SSLUtils.java index 6bf44a527..e84bca330 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/util/SSLUtils.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/util/SSLUtils.java @@ -94,7 +94,7 @@ public class SSLUtils { ConfigurationProvider conf, String url ) throws IOException, GeneralSecurityException, ConfigurationException, PKIException { - boolean useStandardJavaTrustStore = conf.getBasicMOAIDConfigurationBoolean( + boolean useStandardJavaTrustStore = conf.getBasicConfigurationBoolean( AuthConfiguration.PROP_KEY_SSL_USE_JVM_TRUSTSTORE, false); @@ -154,7 +154,7 @@ public class SSLUtils { ConnectionParameterInterface connParam) throws IOException, GeneralSecurityException, ConfigurationException, PKIException { - boolean useStandardJavaTrustStore = conf.getBasicMOAIDConfigurationBoolean( + boolean useStandardJavaTrustStore = conf.getBasicConfigurationBoolean( AuthConfiguration.PROP_KEY_SSL_USE_JVM_TRUSTSTORE, false); diff --git a/id/server/idserverlib/src/main/resources/META-INF/services/at.gv.egiz.eaaf.core.api.idp.auth.modules.AuthModule b/id/server/idserverlib/src/main/resources/META-INF/services/at.gv.egiz.eaaf.core.api.idp.auth.modules.AuthModule index 5116c2a08..65452db3c 100644 --- a/id/server/idserverlib/src/main/resources/META-INF/services/at.gv.egiz.eaaf.core.api.idp.auth.modules.AuthModule +++ b/id/server/idserverlib/src/main/resources/META-INF/services/at.gv.egiz.eaaf.core.api.idp.auth.modules.AuthModule @@ -1,2 +1 @@ -at.gv.egovernment.moa.id.auth.modules.BKUSelectionModuleImpl at.gv.egovernment.moa.id.auth.modules.SingleSignOnConsentsModuleImpl
\ No newline at end of file diff --git a/id/server/idserverlib/src/main/resources/moaid.authentication.beans.xml b/id/server/idserverlib/src/main/resources/moaid.authentication.beans.xml index 02c683305..598376261 100644 --- a/id/server/idserverlib/src/main/resources/moaid.authentication.beans.xml +++ b/id/server/idserverlib/src/main/resources/moaid.authentication.beans.xml @@ -21,36 +21,41 @@ <context:component-scan base-package="at.gv.egovernment.moa.id.auth.servlet" /> <context:component-scan base-package="at.gv.egovernment.moa.id.protocols" /> - + + <bean id="bkuSelectionProcess" + class="at.gv.egovernment.moa.id.auth.modules.BKUSelectionModuleImpl"/> + + <bean id="eaafProtocolAuthenticationService" + class="at.gv.egiz.eaaf.core.impl.idp.auth.services.ProtocolAuthenticationService"> + <property name="guiBuilder" ref="guiFormBuilder" /> + </bean> + <bean id="PVPIDPCredentialProvider" class="at.gv.egovernment.moa.id.protocols.pvp2x.signer.IDPCredentialProvider" /> <bean id="PVP2XProtocol" class="at.gv.egovernment.moa.id.protocols.pvp2x.PVP2XProtocol"> - <property name="pvpIDPCredentials"> - <ref bean="PVPIDPCredentialProvider" /> - </property> + <property name="pvpIDPCredentials" ref="PVPIDPCredentialProvider" /> </bean> <bean id="pvpMetadataService" class="at.gv.egiz.eaaf.modules.pvp2.idp.impl.MetadataAction"> - <property name="pvpIDPCredentials"> - <ref bean="PVPIDPCredentialProvider" /> - </property> + <property name="pvpIDPCredentials" ref="PVPIDPCredentialProvider" /> </bean> <bean id="PVPAuthenticationRequestAction" class="at.gv.egiz.eaaf.modules.pvp2.idp.impl.AuthenticationAction"> - <property name="pvpIDPCredentials"> - <ref bean="PVPIDPCredentialProvider" /> - </property> + <property name="pvpIDPCredentials" ref="PVPIDPCredentialProvider" /> </bean> - + <bean id="MOAAuthnRequestValidator" class="at.gv.egovernment.moa.id.protocols.pvp2x.validation.AuthnRequestValidator" /> <bean id="MOAID_AuthenticationManager" class="at.gv.egovernment.moa.id.moduls.AuthenticationManager"/> + + <bean id="simplePendingReqIdGenerationStrategy" + class="at.gv.egiz.eaaf.core.impl.utils.SimplePendingRequestIdGenerationStrategy"/> <bean id="AuthenticationDataBuilder" class="at.gv.egovernment.moa.id.auth.builder.AuthenticationDataBuilder"/> diff --git a/id/server/idserverlib/src/main/resources/resources/properties/id_messages_de.properties b/id/server/idserverlib/src/main/resources/resources/properties/id_messages_de.properties index 3b636aaee..fa7bc659e 100644 --- a/id/server/idserverlib/src/main/resources/resources/properties/id_messages_de.properties +++ b/id/server/idserverlib/src/main/resources/resources/properties/id_messages_de.properties @@ -62,6 +62,8 @@ init.00=MOA-ID-Auth wurde erfolgreich gestartet init.01=Fehler beim Aktivieren des IAIK-JCE/JSSE/JDK1.3 Workaround\: SSL ist m\u00F6glicherweise nicht verf\u00FCgbar
init.02=Fehler beim Starten des Service MOA-ID-Auth
init.04=Fehler beim Datenbankzugriff mit der SessionID {0}
+init.05=Allgemeiner interner Fehler! Ursache: '{0}'
+
internal.00=W\u00e4hrend des Anmeldevorgangs wurde ein nicht erlaubter Prozesszustand erreicht wodurch der Anmeldeprozess aus sicherheitsgr\u00FCnden abgebrochen wurde.
internal.01=W\u00e4hrend des Abmeldevorgangs wurde ein nicht erlaubter Prozesszustand erreicht wodurch der Abmeldeprozess abgebrochen wurde.
@@ -122,6 +124,8 @@ builder.08=Authentication process could NOT completed. Reason: {0} builder.09=Can not build GUI component. Reason: {0}
builder.10=Can not create or update SSO session. SSO NOT POSSIBLE
builder.11=Fehler beim generieren der Anmeldedaten f\u00FCr die Online Applikation
+builder.12=Can not build attribute: {0}
+builder.13=No valid bPK received. Maybe there is a mismatch between ApplicationRegister and MOA-ID configuration
service.00=Fehler beim Aufruf des Web Service: {0}
service.01=Fehler beim Aufruf des Web Service: kein Endpoint
diff --git a/id/server/idserverlib/src/main/resources/resources/properties/protocol_response_statuscodes_de.properties b/id/server/idserverlib/src/main/resources/resources/properties/protocol_response_statuscodes_de.properties index b878eadf3..5ecb242bd 100644 --- a/id/server/idserverlib/src/main/resources/resources/properties/protocol_response_statuscodes_de.properties +++ b/id/server/idserverlib/src/main/resources/resources/properties/protocol_response_statuscodes_de.properties @@ -93,6 +93,9 @@ builder.08=1008 builder.09=9103 builder.10=1009 builder.11=9102 +builder.12=1008 +builder.13=1008 + service.00=4300 service.03=4300 diff --git a/id/server/idserverlib/src/test/java/at/gv/egovernment/moa/id/config/auth/data/DummyAuthConfig.java b/id/server/idserverlib/src/test/java/at/gv/egovernment/moa/id/config/auth/data/DummyAuthConfig.java index c0ae06a82..1ab54471c 100644 --- a/id/server/idserverlib/src/test/java/at/gv/egovernment/moa/id/config/auth/data/DummyAuthConfig.java +++ b/id/server/idserverlib/src/test/java/at/gv/egovernment/moa/id/config/auth/data/DummyAuthConfig.java @@ -113,7 +113,7 @@ public class DummyAuthConfig implements AuthConfiguration { } @Override - public Map<String, String> getBasicMOAIDConfigurationWithPrefix(String prefix) { + public Map<String, String> getBasicConfigurationWithPrefix(String prefix) { Map<String, String> result = new HashMap<String, String>(); if (AuthenticationDataBuilder.CONFIGURATION_PROP_FOREIGN_BPK_ENC_KEYS.equals(prefix)) { result.put("BMI+T1", "MIICuTCCAaGgAwIBAgIEWQMr6TANBgkqhkiG9w0BAQsFADAPMQ0wCwYDVQQDDARyb290MB4XDTE3MDQyODExNDgyN1oXDTE4MDQyODExNDgyN1owDzENMAsGA1UEAwwEcm9vdDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAKavdekY9h6te6UoCvahSKqhlNk+ZMGq1aBvj129J10wJoz3BsO86cK/ounvzrE9g6FOOeEtlb/lRRTwhO601o9/dXhIvSalpKgAF4owTuhxKUEhEUNJr4pUxFSm8OkPHEXqSXsn6W7tg/G0r12z246RAApw5jpzDDdYYY8gEZFXURf1xYnbKFPoNlPIyFj0vN7Afe+Fo8v3Brb05iQkC3wBxMnL2LZ7XLK8uu93VG/mOrUrEtZkFzOWg0c3WBKQgxCD/F5BMouXBSsNu7lzV2qEyX0uIiEQrv75Fk32DjQqx41S31lByFnL8YbYWX4lsCv0O9Smhjrn6+k91JsvcDECAwEAAaMdMBswDAYDVR0TBAUwAwEB/zALBgNVHQ8EBAMCAb4wDQYJKoZIhvcNAQELBQADggEBAAFQVd6PHrpBDTw+YUYj3yOgjFlKiSTEb4s59O74CZGbgElE2k36bqEJwki8W2ZiK+L3aeA1XCYF9cuI8QBWHJXg3UQFtDMF2zieOy/BBEA0HN6q4IjQKbt9cNR3w7nMp+lJ/BUlX6AIqfmSgJ6bKVlUsu4yuhstDBXy7QOAuQ8q76qkk7j6uiahWCyBRb5R9TDj7mQn0nM/tbeUUZa7Mxje/W4YhdatNYasTnExCyEE4S6lpSiJQdrkFGlRWp6Ia41/r6GZsAZ6pss+xyxDbJySqbVn2ro6WV4kMbrh/gX1HbmrF5UGIO/qvM+5yM6+wUfLtqPCK0PtLkI940E3WfM="); @@ -419,7 +419,7 @@ public class DummyAuthConfig implements AuthConfiguration { } @Override - public boolean getBasicMOAIDConfigurationBoolean(String key, boolean defaultValue) { + public boolean getBasicConfigurationBoolean(String key, boolean defaultValue) { if (AbstractAuthenticationDataBuilder.CONFIG_PROP_ENABLE_IDL_ATTRIBUTE_ESCAPEING.equals(key)) { if (isIDLEscapingEnabled == null) return defaultValue; @@ -433,24 +433,12 @@ public class DummyAuthConfig implements AuthConfiguration { } @Override - public URI getConfigurationFilePath() { - // TODO Auto-generated method stub - return null; - } - - @Override public URI getConfigurationRootDirectory() { // TODO Auto-generated method stub return null; } @Override - public Properties getFullConfigurationProperties() { - // TODO Auto-generated method stub - return null; - } - - @Override public ISPConfiguration getServiceProviderConfiguration(String arg0) throws EAAFConfigurationException { // TODO Auto-generated method stub return null; @@ -471,7 +459,11 @@ public class DummyAuthConfig implements AuthConfiguration { public void setIsIDLEscapingEnabled(Boolean isIDLEscapingEnabled) { this.isIDLEscapingEnabled = isIDLEscapingEnabled; } - - + + @Override + public Boolean getBasicConfigurationBoolean(String key) { + // TODO Auto-generated method stub + return null; + } } diff --git a/id/server/idserverlib/src/test/java/at/gv/egovernment/moa/id/config/auth/data/DummyAuthSession.java b/id/server/idserverlib/src/test/java/at/gv/egovernment/moa/id/config/auth/data/DummyAuthSession.java index ad68e089e..2d033d858 100644 --- a/id/server/idserverlib/src/test/java/at/gv/egovernment/moa/id/config/auth/data/DummyAuthSession.java +++ b/id/server/idserverlib/src/test/java/at/gv/egovernment/moa/id/config/auth/data/DummyAuthSession.java @@ -292,5 +292,15 @@ public class DummyAuthSession implements IAuthenticationSession, AuthProzessData } + @Override + public boolean isEIDProcess() { + return false; + } + + @Override + public void setEIDProcess(boolean value) { + + } + } diff --git a/id/server/idserverlib/src/test/java/at/gv/egovernment/moa/id/config/auth/data/DummyAuthStorage.java b/id/server/idserverlib/src/test/java/at/gv/egovernment/moa/id/config/auth/data/DummyAuthStorage.java index 846819868..d774cc8c3 100644 --- a/id/server/idserverlib/src/test/java/at/gv/egovernment/moa/id/config/auth/data/DummyAuthStorage.java +++ b/id/server/idserverlib/src/test/java/at/gv/egovernment/moa/id/config/auth/data/DummyAuthStorage.java @@ -20,7 +20,7 @@ import at.gv.egovernment.moa.id.commons.db.ex.MOADatabaseException; import at.gv.egovernment.moa.id.storage.IAuthenticationSessionStoreage; public class DummyAuthStorage implements IAuthenticationSessionStoreage { - + @Override public AuthenticationSession createInternalSSOSession(IRequest target) throws MOADatabaseException, BuildException { // TODO Auto-generated method stub diff --git a/id/server/idserverlib/src/test/java/test/tlenz/simpletest.java b/id/server/idserverlib/src/test/java/test/tlenz/simpletest.java index caf672d05..049c2324e 100644 --- a/id/server/idserverlib/src/test/java/test/tlenz/simpletest.java +++ b/id/server/idserverlib/src/test/java/test/tlenz/simpletest.java @@ -1,6 +1,5 @@ package test.tlenz; -import java.io.ByteArrayInputStream; import java.io.File; import java.io.FileInputStream; import java.io.InputStream; @@ -27,8 +26,6 @@ import at.gv.egovernment.moa.spss.api.xmlverify.VerifySignatureLocation; import at.gv.egovernment.moa.spss.api.xmlverify.VerifyXMLSignatureRequest; import at.gv.egovernment.moa.spss.api.xmlverify.VerifyXMLSignatureResponse; import iaik.asn1.ASN1; -import iaik.asn1.ASN1Object; -import iaik.utils.ASN1InputStream; /******************************************************************************* * Copyright 2014 Federal Chancellery Austria @@ -76,7 +73,8 @@ public class simpletest { try { try { - String test = "3082065406092A864886F70D010702A082064530820641020101310B300906052B240302010500300B06092A864886F70D010701A08204B3308204AF30820397A00302010202030E6CBE300D06092A864886F70D0101050500308197310B300906035504061302415431483046060355040A0C3F412D5472757374204765732E20662E20536963686572686569747373797374656D6520696D20656C656B74722E20446174656E7665726B65687220476D6248311E301C060355040B0C15612D7369676E2D5072656D69756D2D5369672D3032311E301C06035504030C15612D7369676E2D5072656D69756D2D5369672D3032301E170D3133303431303130343633335A170D3138303431303038343633335A305E310B30090603550406130241543116301406035504030C0D41726D696E20466973636865723110300E06035504040C0746697363686572310E300C060355042A0C0541726D696E311530130603550405130C3933373131343838363833343059301306072A8648CE3D020106082A8648CE3D03010703420004BF7ADE98B7CD89A0559F2BA9463454E08DBE3516A86BB7B8F4FDBB42FF24A03991AF5BD63D72197F63AB03C88260C31E4A9C17DB5E8681FCAE1D7CF90EB1ACD1A38202053082020130110603551D0E040A0408433A176E9B70B5CD300E0603551D0F0101FF0404030206C030130603551D23040C300A80084DDFE1FF4BD9C9DF301E0603551D1104173015811361726D696E40666973636865722E6F722E617430090603551D1304023000307B06082B06010505070101046F306D304206082B060105050730028636687474703A2F2F7777772E612D74727573742E61742F63657274732F612D7369676E2D5072656D69756D2D5369672D3032612E637274302706082B06010505073001861B687474703A2F2F6F6373702E612D74727573742E61742F6F63737030590603551D2004523050304406062A280011010B303A303806082B06010505070201162C687474703A2F2F7777772E612D74727573742E61742F646F63732F63702F612D7369676E2D5072656D69756D3008060604008B300101302706082B060105050701030101FF041830163008060604008E460101300A06082B06010505070B0130819A0603551D1F04819230818F30818CA08189A081868681836C6461703A2F2F6C6461702E612D74727573742E61742F6F753D612D7369676E2D5072656D69756D2D5369672D30322C6F3D412D54727573742C633D41543F63657274696669636174657265766F636174696F6E6C6973743F626173653F6F626A656374636C6173733D65696443657274696669636174696F6E417574686F72697479300D06092A864886F70D01010505000382010100352830958A68A260CFEFB1DA157C1452E22735A2BBC40F51A19D22481766537630C8E0C99CCE50F614E437ABFF943C7D6A69CCB0F79ED6A9B5356182DFBA095F3534671073D586F70B002CEF846E6D4447031AFBFE5D727D2A893688294D494C37454C187F15611EFDFA84D64D0C9D4E3EC9FF8A126A842EDB70D1F9AD497A1A11CC1363AAFD76D7412F21248B855363D3AB771C538D5610BC7F0FCEA359F33F5FA6A228E0539C16AF12A1B2DE608719CBE39C41AFE5BD0CDDC781F00C6A86B21BA252DD23DAEBB3B91CADE8278B330945CA11D4A77188197E744BA9B5288E9D4A4C7502D706D7CEA569D258E116E6ACE42F4C24449803076C30A7BABE26CAE7318201693082016502010130819F308197310B300906035504061302415431483046060355040A0C3F412D5472757374204765732E20662E20536963686572686569747373797374656D6520696D20656C656B74722E20446174656E7665726B65687220476D6248311E301C060355040B0C15612D7369676E2D5072656D69756D2D5369672D3032311E301C06035504030C15612D7369676E2D5072656D69756D2D5369672D303202030E6CBE300906052B240302010500A05F301806092A864886F70D010903310B06092A864886F70D010701301E06092A864886F70D0109053111180F32303137303631393130303130305A302306092A864886F70D010904311604149D0A3FDC7F8CED863952B468C927AC87CE227B68300E060A04007F0007010104010605000440002B459189C71E69CC13E111ED1F493D89681E0A815CCEA297AC3D76A48A75E7D11081F08D7A0FAA4210205D2B8A0A7A83E0F5211AD51BDE2581D4C4E400C06AA1000000000000000000000"; + //String test = "3082065406092A864886F70D010702A082064530820641020101310B300906052B240302010500300B06092A864886F70D010701A08204B3308204AF30820397A00302010202030E6CBE300D06092A864886F70D0101050500308197310B300906035504061302415431483046060355040A0C3F412D5472757374204765732E20662E20536963686572686569747373797374656D6520696D20656C656B74722E20446174656E7665726B65687220476D6248311E301C060355040B0C15612D7369676E2D5072656D69756D2D5369672D3032311E301C06035504030C15612D7369676E2D5072656D69756D2D5369672D3032301E170D3133303431303130343633335A170D3138303431303038343633335A305E310B30090603550406130241543116301406035504030C0D41726D696E20466973636865723110300E06035504040C0746697363686572310E300C060355042A0C0541726D696E311530130603550405130C3933373131343838363833343059301306072A8648CE3D020106082A8648CE3D03010703420004BF7ADE98B7CD89A0559F2BA9463454E08DBE3516A86BB7B8F4FDBB42FF24A03991AF5BD63D72197F63AB03C88260C31E4A9C17DB5E8681FCAE1D7CF90EB1ACD1A38202053082020130110603551D0E040A0408433A176E9B70B5CD300E0603551D0F0101FF0404030206C030130603551D23040C300A80084DDFE1FF4BD9C9DF301E0603551D1104173015811361726D696E40666973636865722E6F722E617430090603551D1304023000307B06082B06010505070101046F306D304206082B060105050730028636687474703A2F2F7777772E612D74727573742E61742F63657274732F612D7369676E2D5072656D69756D2D5369672D3032612E637274302706082B06010505073001861B687474703A2F2F6F6373702E612D74727573742E61742F6F63737030590603551D2004523050304406062A280011010B303A303806082B06010505070201162C687474703A2F2F7777772E612D74727573742E61742F646F63732F63702F612D7369676E2D5072656D69756D3008060604008B300101302706082B060105050701030101FF041830163008060604008E460101300A06082B06010505070B0130819A0603551D1F04819230818F30818CA08189A081868681836C6461703A2F2F6C6461702E612D74727573742E61742F6F753D612D7369676E2D5072656D69756D2D5369672D30322C6F3D412D54727573742C633D41543F63657274696669636174657265766F636174696F6E6C6973743F626173653F6F626A656374636C6173733D65696443657274696669636174696F6E417574686F72697479300D06092A864886F70D01010505000382010100352830958A68A260CFEFB1DA157C1452E22735A2BBC40F51A19D22481766537630C8E0C99CCE50F614E437ABFF943C7D6A69CCB0F79ED6A9B5356182DFBA095F3534671073D586F70B002CEF846E6D4447031AFBFE5D727D2A893688294D494C37454C187F15611EFDFA84D64D0C9D4E3EC9FF8A126A842EDB70D1F9AD497A1A11CC1363AAFD76D7412F21248B855363D3AB771C538D5610BC7F0FCEA359F33F5FA6A228E0539C16AF12A1B2DE608719CBE39C41AFE5BD0CDDC781F00C6A86B21BA252DD23DAEBB3B91CADE8278B330945CA11D4A77188197E744BA9B5288E9D4A4C7502D706D7CEA569D258E116E6ACE42F4C24449803076C30A7BABE26CAE7318201693082016502010130819F308197310B300906035504061302415431483046060355040A0C3F412D5472757374204765732E20662E20536963686572686569747373797374656D6520696D20656C656B74722E20446174656E7665726B65687220476D6248311E301C060355040B0C15612D7369676E2D5072656D69756D2D5369672D3032311E301C06035504030C15612D7369676E2D5072656D69756D2D5369672D303202030E6CBE300906052B240302010500A05F301806092A864886F70D010903310B06092A864886F70D010701301E06092A864886F70D0109053111180F32303137303631393130303130305A302306092A864886F70D010904311604149D0A3FDC7F8CED863952B468C927AC87CE227B68300E060A04007F0007010104010605000440002B459189C71E69CC13E111ED1F493D89681E0A815CCEA297AC3D76A48A75E7D11081F08D7A0FAA4210205D2B8A0A7A83E0F5211AD51BDE2581D4C4E400C06AA1000000000000000000000"; + String test = "308006092a864886f70d010702a0803080020101310f300d06096086480165030402010500308006092a864886f70d0107010000a08204953082049130820379a0030201020203133594300d06092a864886f70d0101050500308197310b300906035504061302415431483046060355040a0c3f412d5472757374204765732e20662e20536963686572686569747373797374656d6520696d20656c656b74722e20446174656e7665726b65687220476d6248311e301c060355040b0c15612d7369676e2d5072656d69756d2d5369672d3032311e301c06035504030c15612d7369676e2d5072656d69756d2d5369672d3032301e170d3134303530323039303734395a170d3139303530323039303734395a3060310b30090603550406130241543117301506035504030c0e4d6178204d75737465726d616e6e3113301106035504040c0a4d75737465726d616e6e310c300a060355042a0c034d6178311530130603550405130c3237333736313333323837363059301306072a8648ce3d020106082a8648ce3d03010703420004f7be38b8b730fd5ab3b62a54de3ca256f0f81c0b99116affce3326258448a23a1406207d6e9a8b217fee06466d43d7bed6cbf27c4e3049600576b66f8836a5f3a38201e5308201e130110603551d0e040a04084daa6d7cb1103d48300e0603551d0f0101ff0404030206c030130603551d23040c300a80084ddfe1ff4bd9c9df30090603551d1304023000307b06082b06010505070101046f306d304206082b060105050730028636687474703a2f2f7777772e612d74727573742e61742f63657274732f612d7369676e2d5072656d69756d2d5369672d3032612e637274302706082b06010505073001861b687474703a2f2f6f6373702e612d74727573742e61742f6f63737030590603551d2004523050304406062a280011010b303a303806082b06010505070201162c687474703a2f2f7777772e612d74727573742e61742f646f63732f63702f612d7369676e2d5072656d69756d3008060604008b300101302706082b060105050701030101ff041830163008060604008e460101300a06082b06010505070b0130819a0603551d1f04819230818f30818ca08189a081868681836c6461703a2f2f6c6461702e612d74727573742e61742f6f753d612d7369676e2d5072656d69756d2d5369672d30322c6f3d412d54727573742c633d41543f63657274696669636174657265766f636174696f6e6c6973743f626173653f6f626a656374636c6173733d65696443657274696669636174696f6e417574686f72697479300d06092a864886f70d01010505000382010100cd7da6254ccf3aec8479bddc2539ceb9ef591a1b51d8757bb6851d2974c909ada603ec18cf96da6a829ca71a6e55d84855f4d7e34776dc1b709c551e466069d6f3e1b805491ef86a9ac3e95ad871d3d382eab50e9268ea0b7312e40304d8215c6c42e5a101a73f839f47aa55ef47642c471d9e1852c6a67c5b0b6aab13d0e7340c0fdfc284a90ee1460baf17cab1d1eecfb513704fdd2460e65dd56fb644e19cc0a80883f31da1d4872809797964e6dc3bd6e09beb45ebc39abcb9356f564f24e2b01fdd9aa6b5353c8ee37f6938fc4b7de1480b4889c9a9b16d16a161db060fb0aa3681175209b7e48b9892c6de847eb76c5122f0543e637b7bc259a8507b883182010d3082010902010130819f308197310b300906035504061302415431483046060355040a0c3f412d5472757374204765732e20662e20536963686572686569747373797374656d6520696d20656c656b74722e20446174656e7665726b65687220476d6248311e301c060355040b0c15612d7369676e2d5072656d69756d2d5369672d3032311e301c06035504030c15612d7369676e2d5072656d69756d2d5369672d30320203133594300d06096086480165030402010500300b06072a8648ce3d0201050004463044022079c3a32116fba799d77df0458e88f1d3370251382030f8d54f136afbe6635c39022072dc7bc7411a96b47717817f9c851954f6b511a30e47944221acc985bab6502b00000000000000000"; byte[] bytes = new byte[test.length()/2]; for (int i=0; i<test.length()/2; i++) { bytes[i] = (byte) Integer.parseInt(test.substring(i*2, i*2+2), 16); |