aboutsummaryrefslogtreecommitdiff
path: root/id/server/idserverlib
diff options
context:
space:
mode:
Diffstat (limited to 'id/server/idserverlib')
-rw-r--r--id/server/idserverlib/pom.xml314
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/advancedlogging/MOAIDEventConstants.java6
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/MOAIDAuthInitializer.java2
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/AuthenticationDataBuilder.java78
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/data/AuthenticationSession.java12
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/data/VerifyXMLSignatureResponse.java1
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/modules/BKUSelectionModuleImpl.java12
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/modules/SingleSignOnConsentsModuleImpl.java3
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/modules/internal/tasks/EvaluateSSOConsentsTaskImpl.java3
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/modules/internal/tasks/GenerateBKUSelectionFrameTask.java2
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/modules/internal/tasks/GenerateSSOConsentEvaluatorFrameTask.java2
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/parser/VerifyXMLSignatureResponseParser.java2
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/GUILayoutBuilderServlet.java10
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/GeneralProcessEngineSignalController.java3
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/IDPSingleLogOutServlet.java49
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/RedirectServlet.java12
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/auth/PropertyBasedAuthConfigurationProvider.java7
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/data/IMOAAuthData.java6
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/data/MOAAuthenticationData.java33
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/moduls/AuthenticationManager.java16
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/builder/attributes/SimpleStringAttributeGenerator.java68
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/SingleLogOutBuilder.java18
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/metadata/MOAMetadataProvider.java12
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/signer/IDPCredentialProvider.java3
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/utils/MOASAMLSOAPClient.java4
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/validation/AuthnRequestValidator.java6
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/util/SSLUtils.java4
-rw-r--r--id/server/idserverlib/src/main/resources/META-INF/services/at.gv.egiz.eaaf.core.api.idp.auth.modules.AuthModule1
-rw-r--r--id/server/idserverlib/src/main/resources/moaid.authentication.beans.xml27
-rw-r--r--id/server/idserverlib/src/main/resources/resources/properties/id_messages_de.properties4
-rw-r--r--id/server/idserverlib/src/main/resources/resources/properties/protocol_response_statuscodes_de.properties3
-rw-r--r--id/server/idserverlib/src/test/java/at/gv/egovernment/moa/id/config/auth/data/DummyAuthConfig.java24
-rw-r--r--id/server/idserverlib/src/test/java/at/gv/egovernment/moa/id/config/auth/data/DummyAuthSession.java10
-rw-r--r--id/server/idserverlib/src/test/java/at/gv/egovernment/moa/id/config/auth/data/DummyAuthStorage.java2
-rw-r--r--id/server/idserverlib/src/test/java/test/tlenz/simpletest.java6
35 files changed, 413 insertions, 352 deletions
diff --git a/id/server/idserverlib/pom.xml b/id/server/idserverlib/pom.xml
index 4d8843ead..02069517c 100644
--- a/id/server/idserverlib/pom.xml
+++ b/id/server/idserverlib/pom.xml
@@ -4,12 +4,11 @@
<parent>
<groupId>MOA.id</groupId>
<artifactId>moa-id</artifactId>
- <version>3.x</version>
+ <version>4.1.0</version>
</parent>
<groupId>MOA.id.server</groupId>
<artifactId>moa-id-lib</artifactId>
- <version>${moa-id-version}</version>
<packaging>jar</packaging>
<name>MOA ID API</name>
@@ -21,7 +20,7 @@
<repository>
<id>shibboleth.internet2.edu</id>
<name>Internet2</name>
- <url>https://build.shibboleth.net/nexus/content/groups/public/</url>
+ <url>https://apps.egiz.gv.at/shibboleth_nexus/</url>
</repository>
</repositories>
@@ -44,7 +43,7 @@
<dependency>
<groupId>javax.annotation</groupId>
<artifactId>javax.annotation-api</artifactId>
- <version>1.2</version>
+ <version>1.3.2</version>
</dependency>
<dependency>
@@ -74,7 +73,6 @@
<dependency>
<groupId>at.gv.egiz.components</groupId>
<artifactId>egiz-spring-api</artifactId>
- <version>0.1</version>
</dependency>
<dependency>
@@ -176,12 +174,21 @@
</exclusions>
</dependency>
- <dependency>
- <groupId>commons-collections</groupId>
- <artifactId>commons-collections</artifactId>
- </dependency>
+ <dependency>
+ <groupId>commons-collections</groupId>
+ <artifactId>commons-collections</artifactId>
+ </dependency>
- <dependency>
+ <dependency>
+ <groupId>javax.xml.ws</groupId>
+ <artifactId>jaxws-api</artifactId>
+ </dependency>
+ <dependency>
+ <groupId>javax.jws</groupId>
+ <artifactId>javax.jws-api</artifactId>
+ </dependency>
+
+ <dependency>
<groupId>org.apache.cxf</groupId>
<artifactId>cxf-rt-frontend-jaxws</artifactId>
</dependency>
@@ -244,6 +251,10 @@
<groupId>commons-discovery</groupId>
<artifactId>commons-discovery</artifactId>
</dependency> -->
+ <dependency>
+ <groupId>org.apache.commons</groupId>
+ <artifactId>commons-text</artifactId>
+ </dependency>
<dependency>
<groupId>commons-fileupload</groupId>
<artifactId>commons-fileupload</artifactId>
@@ -487,18 +498,18 @@
<dependency>
<groupId>org.springframework.data</groupId>
<artifactId>spring-data-redis</artifactId>
- <version>${org.springframework.data.spring-data-redis}</version>
</dependency>
<dependency>
<groupId>org.apache.commons</groupId>
<artifactId>commons-pool2</artifactId>
- <version>2.6.0</version>
+ <version>2.6.2</version>
</dependency>
<dependency>
<groupId>redis.clients</groupId>
<artifactId>jedis</artifactId>
- <version>2.9.0</version>
+ <!-- version>3.0.1</version -->
+ <version>3.1.0</version>
</dependency>
<!-- <dependency>
@@ -515,94 +526,177 @@
<dependency>
<groupId>com.fasterxml.jackson.core</groupId>
<artifactId>jackson-core</artifactId>
- <version>2.9.7</version>
</dependency>
</dependencies>
+ <profiles>
+ <profile>
+ <id>java8</id>
+ <activation>
+ <jdk>[1.7,1.8]</jdk>
+ </activation>
+ <build>
+ <plugins>
+ <plugin>
+ <groupId>org.apache.maven.plugins</groupId>
+ <artifactId>maven-javadoc-plugin</artifactId>
+ <version>3.0.1</version>
+ <dependencies>
+ <dependency>
+ <groupId>javax.annotation</groupId>
+ <artifactId>javax.annotation-api</artifactId>
+ <version>1.3.1</version>
+ <scope>compile</scope>
+ </dependency>
+ </dependencies>
+ <configuration>
+ <charset>UTF-8</charset>
+ <docencoding>UTF-8</docencoding>
+ <quiet>true</quiet>
+ <author>false</author>
+ <version>false</version>
+ <use>true</use>
+ <failOnError>false</failOnError>
+ <excludePackageNames>at.gv.egovernment.moa.spss.server.*;at.gv.egovernment.moa.spss.api.impl.*;at.gv.egovernment.moa.spss.impl.*;at.gv.egovernment.moa.id.client.*</excludePackageNames>
+ <tags>
+ <tag>
+ <name>pre</name>
+ <placement>a</placement>
+ <head>Preconditions:</head>
+ </tag>
+ <tag>
+ <name>post</name>
+ <placement>a</placement>
+ <head>Postconditions:</head>
+ </tag>
+ </tags>
+ <links>
+ <link>http://docs.oracle.com/javase/7/docs/api/</link>
+ <link>http://logging.apache.org/log4j/docs/api/</link>
+ </links>
+ <target>1.7</target>
+ </configuration>
+ <executions>
+ <execution>
+ <id>generate-javadoc</id>
+ <phase>package</phase>
+ <goals>
+ <goal>jar</goal>
+ </goals>
+ </execution>
+ </executions>
+ </plugin>
+ <plugin>
+ <artifactId>maven-surefire-plugin</artifactId>
+ <version>${surefire.version}</version>
+ <configuration>
+ <threadCount>1</threadCount>
+ </configuration>
+ <dependencies>
+ <dependency>
+ <groupId>org.apache.maven.surefire</groupId>
+ <artifactId>surefire-junit47</artifactId>
+ <version>${surefire.version}</version>
+ </dependency>
+ </dependencies>
+ </plugin>
+ </plugins>
+ </build>
+ </profile>
+ <profile>
+ <id>java9</id>
+ <activation>
+ <jdk>[1.9,1.99)</jdk>
+ </activation>
+ <build>
+ <plugins>
+ <plugin>
+ <groupId>org.apache.maven.plugins</groupId>
+ <artifactId>maven-javadoc-plugin</artifactId>
+ <version>3.0.1</version>
+ <dependencies>
+ <dependency>
+ <groupId>javax.annotation</groupId>
+ <artifactId>javax.annotation-api</artifactId>
+ <version>1.3.1</version>
+ <scope>compile</scope>
+ </dependency>
+ </dependencies>
+ <configuration>
+ <charset>UTF-8</charset>
+ <docencoding>UTF-8</docencoding>
+ <quiet>true</quiet>
+ <author>false</author>
+ <version>false</version>
+ <use>true</use>
+ <failOnError>false</failOnError>
+ <excludePackageNames>at.gv.egovernment.moa.spss.server.*;at.gv.egovernment.moa.spss.api.impl.*;at.gv.egovernment.moa.spss.impl.*;at.gv.egovernment.moa.id.client.*</excludePackageNames>
+ <tags>
+ <tag>
+ <name>pre</name>
+ <placement>a</placement>
+ <head>Preconditions:</head>
+ </tag>
+ <tag>
+ <name>post</name>
+ <placement>a</placement>
+ <head>Postconditions:</head>
+ </tag>
+ </tags>
+ <links>
+ <link>http://docs.oracle.com/javase/7/docs/api/</link>
+ <link>http://logging.apache.org/log4j/docs/api/</link>
+ </links>
+ <target>1.7</target>
+ </configuration>
+ <executions>
+ <execution>
+ <id>generate-javadoc</id>
+ <phase>package</phase>
+ <goals>
+ <goal>jar</goal>
+ </goals>
+ <configuration>
+ <!-- <additionalparam>-Xdoclint:none ${additionalparam}</additionalparam> -->
+ <additionalparam>--add-modules ALL-SYSTEM ${additionalparam}</additionalparam>
+ <additionalOptions>--add-modules ALL-SYSTEM</additionalOptions>
+ </configuration>
+ </execution>
+ </executions>
+ </plugin>
+ <plugin>
+ <artifactId>maven-surefire-plugin</artifactId>
+ <version>${surefire.version}</version>
+ <configuration>
+ <threadCount>1</threadCount>
+ <argLine>--add-modules java.xml.bind</argLine>
+ </configuration>
+ <dependencies>
+ <dependency>
+ <groupId>org.apache.maven.surefire</groupId>
+ <artifactId>surefire-junit47</artifactId>
+ <version>${surefire.version}</version>
+ </dependency>
+ </dependencies>
+ </plugin>
+ </plugins>
+ </build>
+ </profile>
+ </profiles>
+
<build>
- <plugins>
-<!-- <plugin>
- <groupId>org.codehaus.mojo</groupId>
- <artifactId>properties-maven-plugin</artifactId>
- <version>1.0-alpha-2</version>
- <executions>
- <execution>
- <phase>initialize</phase>
- <goals>
- <goal>read-project-properties</goal>
- </goals>
- <configuration>
- <files>
- <file>${basedir}/../../../moa-id.properties</file>
- </files>
- </configuration>
- </execution>
- </executions>
- </plugin> -->
-
- <plugin>
- <groupId>org.apache.maven.plugins</groupId>
- <artifactId>maven-dependency-plugin</artifactId>
- <version>2.8</version>
- <executions>
- </executions>
- </plugin>
+ <plugins>
+ <plugin>
+ <groupId>org.apache.maven.plugins</groupId>
+ <artifactId>maven-dependency-plugin</artifactId>
+ <version>2.8</version>
+ <executions>
+ </executions>
+ </plugin>
+
- <plugin>
- <groupId>org.apache.maven.plugins</groupId>
- <artifactId>maven-javadoc-plugin</artifactId>
- <version>3.0.1</version>
- <dependencies>
- <dependency>
- <groupId>javax.annotation</groupId>
- <artifactId>javax.annotation-api</artifactId>
- <version>1.3.1</version>
- <scope>compile</scope>
- </dependency>
- </dependencies>
- <configuration>
- <charset>UTF-8</charset>
- <docencoding>UTF-8</docencoding>
- <quiet>true</quiet>
- <author>false</author>
- <version>false</version>
- <use>true</use>
- <failOnError>false</failOnError>
- <excludePackageNames>at.gv.egovernment.moa.spss.server.*;at.gv.egovernment.moa.spss.api.impl.*;at.gv.egovernment.moa.spss.impl.*;at.gv.egovernment.moa.id.client.*</excludePackageNames>
- <tags>
- <tag>
- <name>pre</name>
- <placement>a</placement>
- <head>Preconditions:</head>
- </tag>
- <tag>
- <name>post</name>
- <placement>a</placement>
- <head>Postconditions:</head>
- </tag>
- </tags>
- <links>
- <link>http://docs.oracle.com/javase/7/docs/api/</link>
- <link>http://logging.apache.org/log4j/docs/api/</link>
- </links>
- <target>1.7</target>
- </configuration>
- <executions>
- <execution>
- <id>generate-javadoc</id>
- <phase>package</phase>
- <goals>
- <goal>jar</goal>
- </goals>
- <configuration>
- <!-- <additionalparam>-Xdoclint:none ${additionalparam}</additionalparam> -->
- <additionalparam>--add-modules ALL-SYSTEM ${additionalparam}</additionalparam>
- <additionalOptions>--add-modules ALL-SYSTEM</additionalOptions>
- </configuration>
- </execution>
- </executions>
- </plugin>
+
<plugin>
<groupId>org.apache.maven.plugins</groupId>
<artifactId>maven-compiler-plugin</artifactId>
@@ -617,13 +711,6 @@
<plugin>
<groupId>org.apache.maven.plugins</groupId>
<artifactId>maven-jar-plugin</artifactId>
-<!-- <configuration>
- <skip>true</skip>
- <skipTests>true</skipTests>
- <archive>
- <addMavenDescriptor>false</addMavenDescriptor>
- </archive>
- </configuration> -->
<executions>
<execution>
<goals>
@@ -632,29 +719,6 @@
</execution>
</executions>
</plugin>
-
- <!-- enable co-existence of testng and junit -->
- <plugin>
- <artifactId>maven-surefire-plugin</artifactId>
- <version>${surefire.version}</version>
- <configuration>
- <threadCount>1</threadCount>
- <argLine>--add-modules java.xml.bind</argLine>
- </configuration>
- <dependencies>
- <dependency>
- <groupId>org.apache.maven.surefire</groupId>
- <artifactId>surefire-junit47</artifactId>
- <version>${surefire.version}</version>
- </dependency>
-<!-- <dependency>
- <groupId>org.apache.maven.surefire</groupId>
- <artifactId>surefire-testng</artifactId>
- <version>${surefire.version}</version>
- </dependency> -->
- </dependencies>
- </plugin>
-
</plugins>
</build>
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/advancedlogging/MOAIDEventConstants.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/advancedlogging/MOAIDEventConstants.java
index d654eb359..f6d116198 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/advancedlogging/MOAIDEventConstants.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/advancedlogging/MOAIDEventConstants.java
@@ -97,6 +97,12 @@ public interface MOAIDEventConstants extends EventConstants {
public static final int AUTHPROCESS_EIDAS_AT_CONNECTOR_RECEIVED = 6202;
public static final int AUTHPROCESS_EIDAS_AT_CONNECTOR_RECEIVED_ERROR = 6203;
public static final int AUTHPROCESS_EIDAS_AT_CONNECTOR_MDS_VALID = 6204;
+
+ public static final int AUTHPROCESS_EID_SERVICE_SELECTED = 6300;
+ public static final int AUTHPROCESS_EID_SERVICE_REQUESTED = 6301;
+ public static final int AUTHPROCESS_EID_SERVICE_RECEIVED = 6302;
+ public static final int AUTHPROCESS_EID_SERVICE_RECEIVED_ERROR = 6303;
+ public static final int AUTHPROCESS_EID_SERVICE_ATTRIBUTES_VALID = 6304;
//person information
public static final int PERSONAL_INFORMATION_PROF_REPRESENTATIVE_BPK = 5000;
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/MOAIDAuthInitializer.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/MOAIDAuthInitializer.java
index a35b45af2..b0f452861 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/MOAIDAuthInitializer.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/MOAIDAuthInitializer.java
@@ -158,7 +158,7 @@ public class MOAIDAuthInitializer {
fixJava8_141ProblemWithSSLAlgorithms();
- if (!authConf.getBasicMOAIDConfigurationBoolean(ConfigurationProviderImpl.VALIDATION_AUTHBLOCK_TARGETFRIENDLYNAME, true))
+ if (!authConf.getBasicConfigurationBoolean(ConfigurationProviderImpl.VALIDATION_AUTHBLOCK_TARGETFRIENDLYNAME, true))
Logger.info("AuthBlock 'TargetFriendlyName' validation deactivated");
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/AuthenticationDataBuilder.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/AuthenticationDataBuilder.java
index acf59cebf..d26f7b396 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/AuthenticationDataBuilder.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/AuthenticationDataBuilder.java
@@ -53,6 +53,7 @@ import at.gv.egiz.eaaf.core.api.idp.auth.data.IIdentityLink;
import at.gv.egiz.eaaf.core.exceptions.EAAFAuthenticationException;
import at.gv.egiz.eaaf.core.exceptions.EAAFBuilderException;
import at.gv.egiz.eaaf.core.exceptions.EAAFConfigurationException;
+import at.gv.egiz.eaaf.core.exceptions.EAAFException;
import at.gv.egiz.eaaf.core.exceptions.EAAFParserException;
import at.gv.egiz.eaaf.core.exceptions.EAAFStorageException;
import at.gv.egiz.eaaf.core.exceptions.XPathException;
@@ -60,6 +61,7 @@ import at.gv.egiz.eaaf.core.impl.data.Pair;
import at.gv.egiz.eaaf.core.impl.idp.AuthenticationData;
import at.gv.egiz.eaaf.core.impl.idp.auth.builder.AbstractAuthenticationDataBuilder;
import at.gv.egiz.eaaf.core.impl.idp.auth.builder.BPKBuilder;
+import at.gv.egiz.eaaf.core.impl.idp.builder.SimpleStringAttributeGenerator;
import at.gv.egiz.eaaf.core.impl.utils.XPathUtils;
import at.gv.egovernment.moa.id.auth.data.AuthenticationSessionStorageConstants;
import at.gv.egovernment.moa.id.auth.data.AuthenticationSessionWrapper;
@@ -84,7 +86,6 @@ import at.gv.egovernment.moa.id.data.MISMandate;
import at.gv.egovernment.moa.id.data.MOAAuthenticationData;
import at.gv.egovernment.moa.id.protocols.builder.attributes.MandateNaturalPersonSourcePinAttributeBuilder;
import at.gv.egovernment.moa.id.protocols.builder.attributes.MandateNaturalPersonSourcePinTypeAttributeBuilder;
-import at.gv.egovernment.moa.id.protocols.builder.attributes.SimpleStringAttributeGenerator;
import at.gv.egovernment.moa.id.protocols.pvp2x.PVPConstants;
import at.gv.egovernment.moa.id.storage.IAuthenticationSessionStoreage;
import at.gv.egovernment.moa.id.util.IdentityLinkReSigner;
@@ -116,7 +117,7 @@ public class AuthenticationDataBuilder extends AbstractAuthenticationDataBuilder
@PostConstruct
private void initialize() {
- Map<String, String> pubKeyMap = authConfig.getBasicMOAIDConfigurationWithPrefix(CONFIGURATION_PROP_FOREIGN_BPK_ENC_KEYS);
+ Map<String, String> pubKeyMap = authConfig.getBasicConfigurationWithPrefix(CONFIGURATION_PROP_FOREIGN_BPK_ENC_KEYS);
for (Entry<String, String> el : pubKeyMap.entrySet()) {
try {
encKeyMap.put(el.getKey(), new X509Certificate(Base64Utils.decode(el.getValue(), false)));
@@ -134,7 +135,7 @@ public class AuthenticationDataBuilder extends AbstractAuthenticationDataBuilder
}
@Override
- public IAuthData buildAuthenticationData(IRequest pendingReq) throws EAAFAuthenticationException {
+ protected IAuthData buildDeprecatedAuthData(IRequest pendingReq) throws EAAFException {
try {
return buildAuthenticationData(pendingReq,
pendingReq.getSessionData(AuthenticationSessionWrapper.class),
@@ -145,7 +146,6 @@ public class AuthenticationDataBuilder extends AbstractAuthenticationDataBuilder
throw new EAAFAuthenticationException("builder.11", new Object[]{e.getMessage()}, e);
}
-
}
private IAuthData buildAuthenticationData(IRequest pendingReq,
@@ -216,7 +216,7 @@ public class AuthenticationDataBuilder extends AbstractAuthenticationDataBuilder
IOAAuthParameters oaParam, IRequest protocolRequest) throws BuildException, ConfigurationException, EAAFBuilderException {
try {
//generate basic authentication data
- generateBasicAuthData(authData, protocolRequest, session);
+ generateDeprecatedBasicAuthData(authData, protocolRequest, session);
//set Austrian eID demo-mode flag
authData.setIseIDNewDemoMode(Boolean.parseBoolean(
@@ -428,6 +428,24 @@ public class AuthenticationDataBuilder extends AbstractAuthenticationDataBuilder
authData.setMISMandate(misMandate);
authData.setUseMandate(true);
+ //####################################################
+ // set bPK and IdentityLink for Organwalter -->
+ // Organwalter has a special bPK is received from MIS
+ if (authData.isUseMandate() && session.isOW() && misMandate != null
+ && MiscUtil.isNotEmpty(misMandate.getOWbPK())) {
+ //TODO: if full-mandate is removed in OPB --> OWbPK functionality needs an update!!!
+ authData.setBPK(misMandate.getOWbPK());
+ authData.setBPKType(Constants.URN_PREFIX_CDID + "+" + "OW");
+ Logger.trace("Authenticated User is OW: " + misMandate.getOWbPK());
+
+ //set bPK and IdenityLink for all other
+ Logger.debug("User is an OW. Set original IDL into authdata ... ");
+ authData.setIdentityLink(session.getIdentityLink());
+
+
+
+ }
+
} catch (IOException e) {
Logger.error("Base64 decoding of PVP-Attr:"+ PVPConstants.MANDATE_FULL_MANDATE_FRIENDLY_NAME
+ " FAILED.", e);
@@ -471,24 +489,7 @@ public class AuthenticationDataBuilder extends AbstractAuthenticationDataBuilder
}
}
- //####################################################
- // set bPK and IdentityLink for Organwalter -->
- // Organwalter has a special bPK is received from MIS
- if (authData.isUseMandate() && session.isOW() && misMandate != null
- && MiscUtil.isNotEmpty(misMandate.getOWbPK())) {
- //TODO: if full-mandate is removed in OPB --> OWbPK functionality needs an update!!!
- authData.setBPK(misMandate.getOWbPK());
- authData.setBPKType(Constants.URN_PREFIX_CDID + "+" + "OW");
- Logger.trace("Authenticated User is OW: " + misMandate.getOWbPK());
-
- //set bPK and IdenityLink for all other
- Logger.debug("User is an OW. Set original IDL into authdata ... ");
- authData.setIdentityLink(session.getIdentityLink());
-
-
-
- }
-
+
//###################################################################
//set PVP role attribute (implemented for ISA 1.18 action)
includedToGenericAuthData.remove(PVPConstants.ROLES_NAME);
@@ -926,4 +927,35 @@ public class AuthenticationDataBuilder extends AbstractAuthenticationDataBuilder
}
}
}
+ @Override
+ protected boolean matchsReceivedbPKToOnlineApplication(ISPConfiguration oaParam, String bPKType) {
+ boolean bPKTypeMatch = oaParam.getAreaSpecificTargetIdentifier().equals(bPKType);
+ if (!bPKTypeMatch) {
+ Logger.trace("bPKType does not match to Online-Application. Checking if it is Prof.Rep. bPK ... ");
+ if (EAAFConstants.URN_PREFIX_OW_BPK.equals(bPKType)) {
+ Logger.debug("Find Prof.Rep. bPKType. This matchs on every SP-Target");
+ bPKTypeMatch = true;
+
+ } else
+ Logger.trace("bPKType is not of type: " + EAAFConstants.URN_PREFIX_OW_BPK + " Matching failed.");
+
+ }
+
+ return bPKTypeMatch;
+
+ }
+
+ @Override
+ protected IAuthData getAuthDataInstance(IRequest pendingReq) throws EAAFException {
+ throw new RuntimeException("This method is NOT supported by MOA-ID");
+
+ }
+
+ @Override
+ protected void buildServiceSpecificAuthenticationData(IAuthData authData, IRequest pendingReq)
+ throws EAAFException {
+ throw new RuntimeException("This method is NOT supported by MOA-ID");
+
+ }
+
}
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/data/AuthenticationSession.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/data/AuthenticationSession.java
index cadaec2a0..8b587c550 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/data/AuthenticationSession.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/data/AuthenticationSession.java
@@ -674,5 +674,17 @@ public class AuthenticationSession implements Serializable, IAuthenticationSessi
result.put(GENERIC_PREFIX + el.getKey(), el.getValue());
return Collections.unmodifiableMap(result);
+ }
+
+ @Override
+ public boolean isEIDProcess() {
+ return false;
+
+ }
+
+ @Override
+ public void setEIDProcess(boolean value) {
+ Logger.warn("set E-ID process will be ignored!!!");
+
}
}
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/data/VerifyXMLSignatureResponse.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/data/VerifyXMLSignatureResponse.java
index c054976ec..636871a09 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/data/VerifyXMLSignatureResponse.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/data/VerifyXMLSignatureResponse.java
@@ -261,7 +261,6 @@ public Date getSigningDateTime() {
/* (non-Javadoc)
* @see at.gv.egovernment.moa.id.auth.data.IVerifiyXMLSignatureResponse#setSigningDateTime(java.util.Date)
*/
-@Override
public void setSigningDateTime(Date signingDateTime) {
this.signingDateTime = signingDateTime;
}
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/modules/BKUSelectionModuleImpl.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/modules/BKUSelectionModuleImpl.java
index 48d652671..6426e0e0c 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/modules/BKUSelectionModuleImpl.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/modules/BKUSelectionModuleImpl.java
@@ -22,9 +22,14 @@
*/
package at.gv.egovernment.moa.id.auth.modules;
+import org.springframework.beans.factory.annotation.Autowired;
+
+import at.gv.egiz.eaaf.core.api.IRequest;
+import at.gv.egiz.eaaf.core.api.idp.IConfiguration;
import at.gv.egiz.eaaf.core.api.idp.auth.modules.AuthModule;
import at.gv.egiz.eaaf.core.api.idp.process.ExecutionContext;
import at.gv.egovernment.moa.id.commons.MOAIDAuthConstants;
+import at.gv.egovernment.moa.id.config.auth.PropertyBasedAuthConfigurationProvider;
/**
* @author tlenz
@@ -32,6 +37,8 @@ import at.gv.egovernment.moa.id.commons.MOAIDAuthConstants;
*/
public class BKUSelectionModuleImpl implements AuthModule {
+ @Autowired(required=false) private IConfiguration configuration;
+
/* (non-Javadoc)
* @see at.gv.egovernment.moa.id.auth.modules.AuthModule#getPriority()
*/
@@ -44,13 +51,14 @@ public class BKUSelectionModuleImpl implements AuthModule {
* @see at.gv.egovernment.moa.id.auth.modules.AuthModule#selectProcess(at.gv.egovernment.moa.id.process.api.ExecutionContext)
*/
@Override
- public String selectProcess(ExecutionContext context) {
+ public String selectProcess(ExecutionContext context, IRequest pendingReq) {
boolean performBKUSelection = false;
Object performBKUSelectionObj = context.get(MOAIDAuthConstants.PROCESSCONTEXT_PERFORM_BKUSELECTION);
if (performBKUSelectionObj != null && performBKUSelectionObj instanceof Boolean)
performBKUSelection = (boolean) performBKUSelectionObj;
- if (performBKUSelection)
+ if (performBKUSelection && configuration != null
+ && configuration.getBasicConfigurationBoolean(PropertyBasedAuthConfigurationProvider.PROP_MOAID_MODE, false))
return "BKUSelectionProcess";
else
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/modules/SingleSignOnConsentsModuleImpl.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/modules/SingleSignOnConsentsModuleImpl.java
index b624e13ef..e8ce0f9c1 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/modules/SingleSignOnConsentsModuleImpl.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/modules/SingleSignOnConsentsModuleImpl.java
@@ -22,6 +22,7 @@
*/
package at.gv.egovernment.moa.id.auth.modules;
+import at.gv.egiz.eaaf.core.api.IRequest;
import at.gv.egiz.eaaf.core.api.idp.auth.modules.AuthModule;
import at.gv.egiz.eaaf.core.api.idp.process.ExecutionContext;
@@ -46,7 +47,7 @@ public class SingleSignOnConsentsModuleImpl implements AuthModule {
* @see at.gv.egovernment.moa.id.auth.modules.AuthModule#selectProcess(at.gv.egovernment.moa.id.process.api.ExecutionContext)
*/
@Override
- public String selectProcess(ExecutionContext context) {
+ public String selectProcess(ExecutionContext context, IRequest pendingReq) {
Object evaluationObj = context.get(PARAM_SSO_CONSENTS_EVALUATION);
if (evaluationObj != null && evaluationObj instanceof Boolean) {
boolean evaluateSSOConsents = (boolean) evaluationObj;
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/modules/internal/tasks/EvaluateSSOConsentsTaskImpl.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/modules/internal/tasks/EvaluateSSOConsentsTaskImpl.java
index 375b144d7..2c099abf6 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/modules/internal/tasks/EvaluateSSOConsentsTaskImpl.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/modules/internal/tasks/EvaluateSSOConsentsTaskImpl.java
@@ -98,6 +98,7 @@ public class EvaluateSSOConsentsTaskImpl extends AbstractAuthServletTask {
pendingReq.setRawDataToTransaction(ssoMOSSession.getKeyValueRepresentationFromAuthSession());;
//authenticate pending-request
+ pendingReq.setNeedUserConsent(false);
pendingReq.setAuthenticated(true);
pendingReq.setAbortedByUser(false);
@@ -112,7 +113,7 @@ public class EvaluateSSOConsentsTaskImpl extends AbstractAuthServletTask {
requestStoreage.storePendingRequest(pendingReq);
//redirect to auth. protocol finalization
- performRedirectToProtocolFinialization(pendingReq, response);
+ performRedirectToProtocolFinialization(executionContext, pendingReq, request, response);
} catch (MOAIDException e) {
throw new TaskExecutionException(pendingReq, e.getMessage(), e);
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/modules/internal/tasks/GenerateBKUSelectionFrameTask.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/modules/internal/tasks/GenerateBKUSelectionFrameTask.java
index 98e632bd8..cc070f8fd 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/modules/internal/tasks/GenerateBKUSelectionFrameTask.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/modules/internal/tasks/GenerateBKUSelectionFrameTask.java
@@ -73,7 +73,7 @@ public class GenerateBKUSelectionFrameTask extends AbstractAuthServletTask {
SPSpecificGUIBuilderConfigurationWithDBLoad.VIEW_BKUSELECTION,
GeneralProcessEngineSignalController.ENDPOINT_BKUSELECTION_EVALUATION);
- guiBuilder.build(response, config, "BKU-Selection form");
+ guiBuilder.build(request, response, config, "BKU-Selection form");
} catch (GUIBuildException e) {
Logger.warn("Can not build GUI:'BKU-Selection'. Msg:" + e.getMessage());
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/modules/internal/tasks/GenerateSSOConsentEvaluatorFrameTask.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/modules/internal/tasks/GenerateSSOConsentEvaluatorFrameTask.java
index 3c364e924..64c3721df 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/modules/internal/tasks/GenerateSSOConsentEvaluatorFrameTask.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/modules/internal/tasks/GenerateSSOConsentEvaluatorFrameTask.java
@@ -71,7 +71,7 @@ public class GenerateSSOConsentEvaluatorFrameTask extends AbstractAuthServletTas
SPSpecificGUIBuilderConfigurationWithDBLoad.VIEW_SENDASSERTION,
GeneralProcessEngineSignalController.ENDPOINT_SENDASSERTION_EVALUATION);
- guiBuilder.build(response, config, "SendAssertion-Evaluation");
+ guiBuilder.build(request, response, config, "SendAssertion-Evaluation");
//Log consents evaluator event to revisionslog
revisionsLogger.logEvent(pendingReq, MOAIDEventConstants.AUTHPROCESS_SSO_ASK_USER_START);
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/parser/VerifyXMLSignatureResponseParser.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/parser/VerifyXMLSignatureResponseParser.java
index c66353846..32660a3db 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/parser/VerifyXMLSignatureResponseParser.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/parser/VerifyXMLSignatureResponseParser.java
@@ -176,7 +176,7 @@ public class VerifyXMLSignatureResponseParser {
public IVerifiyXMLSignatureResponse parseData() throws ParseException {
- IVerifiyXMLSignatureResponse respData=new VerifyXMLSignatureResponse();
+ VerifyXMLSignatureResponse respData=new VerifyXMLSignatureResponse();
try {
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/GUILayoutBuilderServlet.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/GUILayoutBuilderServlet.java
index 18aa93cc9..6803264dd 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/GUILayoutBuilderServlet.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/GUILayoutBuilderServlet.java
@@ -59,7 +59,7 @@ public class GUILayoutBuilderServlet extends AbstractController {
@Autowired AuthConfiguration authConfig;
@Autowired IRequestStorage requestStoreage;
- @Autowired IGUIFormBuilder formBuilder;
+ @Autowired IGUIFormBuilder formBuilder;
public GUILayoutBuilderServlet() {
super();
@@ -93,7 +93,7 @@ public class GUILayoutBuilderServlet extends AbstractController {
}
//build GUI component
- formBuilder.build(resp, config, MOAIDConstants.DEFAULT_CONTENT_TYPE_HTML_UTF8, "BKUDetection-Frame");
+ formBuilder.build(req, resp, config, MOAIDConstants.DEFAULT_CONTENT_TYPE_HTML_UTF8, "BKUDetection-Frame");
} catch (Exception e) {
@@ -124,7 +124,7 @@ public class GUILayoutBuilderServlet extends AbstractController {
null);
//build GUI component
- formBuilder.build(resp, config, "text/css; charset=UTF-8", "CSS-Form");
+ formBuilder.build(req, resp, config, "text/css; charset=UTF-8", "CSS-Form");
} catch (Exception e) {
Logger.warn("GUI ressource:'CSS' generation FAILED.", e);
@@ -153,7 +153,7 @@ public class GUILayoutBuilderServlet extends AbstractController {
GeneralProcessEngineSignalController.ENDPOINT_BKUSELECTION_EVALUATION);
//build GUI component
- formBuilder.build(resp, config, "text/javascript; charset=UTF-8", "JavaScript");
+ formBuilder.build(req, resp, config, "text/javascript; charset=UTF-8", "JavaScript");
} catch (Exception e) {
Logger.warn("GUI ressource:'JavaScript' generation FAILED.", e);
@@ -168,7 +168,7 @@ public class GUILayoutBuilderServlet extends AbstractController {
req.getParameter(EAAFConstants.PARAM_HTTP_TARGET_PENDINGREQUESTID));
if (MiscUtil.isNotEmpty(pendingReqID)) {
- IRequest pendingReq = requestStorage.getPendingRequest(pendingReqID);
+ IRequest pendingReq = requestStoreage.getPendingRequest(pendingReqID);
if (pendingReq != null) {
Logger.trace("GUI-Layout builder: Pending-request:"
+ pendingReqID + " found -> Build specific template");
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/GeneralProcessEngineSignalController.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/GeneralProcessEngineSignalController.java
index 87325989a..09b18d9c6 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/GeneralProcessEngineSignalController.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/GeneralProcessEngineSignalController.java
@@ -31,6 +31,7 @@ import org.springframework.stereotype.Controller;
import org.springframework.web.bind.annotation.RequestMapping;
import org.springframework.web.bind.annotation.RequestMethod;
+import at.gv.egiz.eaaf.core.exceptions.EAAFException;
import at.gv.egiz.eaaf.core.impl.idp.controller.AbstractProcessEngineSignalController;
/**
@@ -50,7 +51,7 @@ public class GeneralProcessEngineSignalController extends AbstractProcessEngineS
"/signalProcess"
},
method = {RequestMethod.POST, RequestMethod.GET})
- public void performGenericAuthenticationProcess(HttpServletRequest req, HttpServletResponse resp) throws IOException {
+ public void performGenericAuthenticationProcess(HttpServletRequest req, HttpServletResponse resp) throws IOException, EAAFException {
signalProcessManagement(req, resp);
}
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/IDPSingleLogOutServlet.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/IDPSingleLogOutServlet.java
index c39d78d8b..496501760 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/IDPSingleLogOutServlet.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/IDPSingleLogOutServlet.java
@@ -37,10 +37,13 @@ import org.springframework.web.bind.annotation.RequestMapping;
import org.springframework.web.bind.annotation.RequestMethod;
import at.gv.egiz.eaaf.core.api.IRequest;
+import at.gv.egiz.eaaf.core.api.gui.IGUIFormBuilder;
import at.gv.egiz.eaaf.core.api.idp.auth.IAuthenticationManager;
+import at.gv.egiz.eaaf.core.api.idp.auth.services.IProtocolAuthenticationService;
import at.gv.egiz.eaaf.core.api.idp.slo.ISLOInformationContainer;
import at.gv.egiz.eaaf.core.exceptions.EAAFException;
import at.gv.egiz.eaaf.core.exceptions.GUIBuildException;
+import at.gv.egiz.eaaf.core.exceptions.SLOException;
import at.gv.egiz.eaaf.core.impl.idp.controller.AbstractController;
import at.gv.egiz.eaaf.core.impl.utils.HTTPUtils;
import at.gv.egiz.eaaf.core.impl.utils.Random;
@@ -70,13 +73,14 @@ public class IDPSingleLogOutServlet extends AbstractController {
@Autowired SSOManager ssoManager;
@Autowired IAuthenticationManager authManager;
- @Autowired IAuthenticationSessionStoreage authenicationStorage;
- @Autowired SingleLogOutBuilder sloBuilder;
-
+ @Autowired IAuthenticationSessionStoreage authenicationStorage;
+ @Autowired IProtocolAuthenticationService protAuthService;
+ @Autowired(required=true) private IGUIFormBuilder guiBuilder;
+ @Autowired(required=false) SingleLogOutBuilder sloBuilder;
@RequestMapping(value = "/idpSingleLogout", method = {RequestMethod.GET})
public void doGet(HttpServletRequest req, HttpServletResponse resp)
- throws ServletException, IOException {
+ throws ServletException, IOException, EAAFException {
Logger.debug("Receive IDP-initiated SingleLogOut");
String authURL = HTTPUtils.extractAuthURLFromRequest(req);
@@ -117,21 +121,21 @@ public class IDPSingleLogOutServlet extends AbstractController {
null);
if (MOAIDAuthConstants.SLOSTATUS_SUCCESS.equals(status))
- config.putCustomParameter("successMsg",
+ config.putCustomParameter(null, "successMsg",
MOAIDMessageProvider.getInstance().getMessage("slo.00", null));
else
- config.putCustomParameterWithOutEscaption("errorMsg",
+ config.putCustomParameterWithOutEscaption(null, "errorMsg",
MOAIDMessageProvider.getInstance().getMessage("slo.01", null));
- guiBuilder.build(resp, config, "Single-LogOut GUI");
+ guiBuilder.build(req, resp, config, "Single-LogOut GUI");
} catch (GUIBuildException e) {
- handleErrorNoRedirect(e, req, resp, false);
+ protAuthService.handleErrorNoRedirect(e, req, resp, false);
} catch (MOADatabaseException e) {
- handleErrorNoRedirect(e, req, resp, false);
+ protAuthService.handleErrorNoRedirect(e, req, resp, false);
} catch (EAAFException e) {
- handleErrorNoRedirect(e, req, resp, false);
+ protAuthService.handleErrorNoRedirect(e, req, resp, false);
}
@@ -146,15 +150,22 @@ public class IDPSingleLogOutServlet extends AbstractController {
if(MiscUtil.isNotEmpty(internalSSOId)) {
ISLOInformationContainer sloInfoContainer = authManager.performSingleLogOut(req, resp, null, internalSSOId);
- Logger.debug("Starting technical SLO process ... ");
- sloBuilder.toTechnicalLogout(sloInfoContainer, req, resp, authURL);
+ if (sloBuilder != null) {
+ Logger.debug("Starting technical SLO process ... ");
+ sloBuilder.toTechnicalLogout(sloInfoContainer, req, resp, authURL);
+
+ } else {
+ Logger.warn("Can NOT perfom Single LogOut process! NO SLOBuilder in ClassPath");
+ throw new SLOException("init.05", new Object[] {"Missing depentency or modul not active"});
+
+ }
return;
}
}
} catch (Exception e) {
- handleErrorNoRedirect(e, req, resp, false);
+ protAuthService.handleErrorNoRedirect(e, req, resp, false);
}
@@ -166,7 +177,7 @@ public class IDPSingleLogOutServlet extends AbstractController {
SLOInformationContainer sloContainer = transactionStorage.get(restartProcess, SLOInformationContainer.class);
if (sloContainer == null) {
Logger.info("No Single LogOut processing information with ID: " + restartProcess);
- handleErrorNoRedirect(new MOAIDException("slo.03", null), req, resp, false);
+ protAuthService.handleErrorNoRedirect(new MOAIDException("slo.03", null), req, resp, false);
return;
}
@@ -176,7 +187,7 @@ public class IDPSingleLogOutServlet extends AbstractController {
String redirectURL = null;
IRequest sloReq = sloContainer.getSloRequest();
- if (sloReq != null && sloReq instanceof PVPSProfilePendingRequest) {
+ if (sloBuilder != null && sloReq != null && sloReq instanceof PVPSProfilePendingRequest) {
//send SLO response to SLO request issuer
SingleLogoutService sloService = sloBuilder.getResponseSLODescriptor((PVPSProfilePendingRequest)sloContainer.getSloRequest());
LogoutResponse message = sloBuilder.buildSLOResponseMessage(sloService, (PVPSProfilePendingRequest)sloContainer.getSloRequest(), sloContainer.getSloFailedOAs());
@@ -233,10 +244,10 @@ public class IDPSingleLogOutServlet extends AbstractController {
DefaultGUIFormBuilderConfiguration.VIEW_SINGLELOGOUT,
null);
- config.putCustomParameterWithOutEscaption("errorMsg",
+ config.putCustomParameterWithOutEscaption(null, "errorMsg",
MOAIDMessageProvider.getInstance().getMessage("slo.01", null));
- guiBuilder.build(resp, config, "Single-LogOut GUI");
+ guiBuilder.build(req, resp, config, "Single-LogOut GUI");
} catch (GUIBuildException e) {
e.printStackTrace();
@@ -251,10 +262,10 @@ public class IDPSingleLogOutServlet extends AbstractController {
DefaultGUIFormBuilderConfiguration.VIEW_SINGLELOGOUT,
null);
- config.putCustomParameter("successMsg",
+ config.putCustomParameter(null, "successMsg",
MOAIDMessageProvider.getInstance().getMessage("slo.02", null));
- guiBuilder.build(resp, config, "Single-LogOut GUI");
+ guiBuilder.build(req, resp, config, "Single-LogOut GUI");
} catch (GUIBuildException e) {
e.printStackTrace();
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/RedirectServlet.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/RedirectServlet.java
index 478462adb..abb19c6cf 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/RedirectServlet.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/RedirectServlet.java
@@ -122,9 +122,9 @@ public class RedirectServlet {
authURL,
DefaultGUIFormBuilderConfiguration.VIEW_REDIRECT,
null);
- config.putCustomParameterWithOutEscaption(URL, StringEscapeUtils.escapeHtml(url));
- config.putCustomParameter(TARGET, redirectTarget);
- guiBuilder.build(resp, config, "RedirectForm.html");
+ config.putCustomParameterWithOutEscaption(null, URL, StringEscapeUtils.escapeHtml(url));
+ config.putCustomParameter(null, TARGET, redirectTarget);
+ guiBuilder.build(req, resp, config, "RedirectForm.html");
} else if (MiscUtil.isNotEmpty(interIDP)) {
//store IDP identifier and redirect to generate AuthRequst service
@@ -153,10 +153,10 @@ public class RedirectServlet {
authURL,
DefaultGUIFormBuilderConfiguration.VIEW_REDIRECT,
null);
- config.putCustomParameterWithOutEscaption(URL, StringEscapeUtils.escapeHtml(url));
- config.putCustomParameter(TARGET, redirectTarget);
+ config.putCustomParameterWithOutEscaption(null, URL, StringEscapeUtils.escapeHtml(url));
+ config.putCustomParameter(null, TARGET, redirectTarget);
- guiBuilder.build(resp, config, "RedirectForm.html");
+ guiBuilder.build(req, resp, config, "RedirectForm.html");
}
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/auth/PropertyBasedAuthConfigurationProvider.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/auth/PropertyBasedAuthConfigurationProvider.java
index fff019ae7..eae7aae9d 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/auth/PropertyBasedAuthConfigurationProvider.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/auth/PropertyBasedAuthConfigurationProvider.java
@@ -51,6 +51,8 @@ import iaik.pki.revocation.RevocationSourceTypes;
public class PropertyBasedAuthConfigurationProvider extends ConfigurationProviderImpl implements AuthConfiguration {
+ public static final String PROP_MOAID_MODE = "general.moaidmode.active";
+
private static final boolean TRUST_MANAGER_REVOCATION_CHECKING_DEFAULT = true;
private MOAIDConfiguration configuration;
@@ -231,7 +233,9 @@ public class PropertyBasedAuthConfigurationProvider extends ConfigurationProvide
allowedProtcols.setSAML1Active(
configuration.getBooleanValue(MOAIDConfigurationConstants.GENERAL_PROTOCOLS_SAML1_ENABLED, false));
allowedProtcols.setPVP21Active(
- configuration.getBooleanValue(MOAIDConfigurationConstants.GENERAL_PROTOCOLS_PVP2X_ENABLED, true));
+ configuration.getBooleanValue(
+ MOAIDConfigurationConstants.GENERAL_PROTOCOLS_PVP2X_ENABLED, true)
+ && getBasicConfigurationBoolean(PROP_MOAID_MODE, false));
return allowedProtcols;
@@ -1307,5 +1311,4 @@ public class PropertyBasedAuthConfigurationProvider extends ConfigurationProvide
}
}
}
-
}
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/data/IMOAAuthData.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/data/IMOAAuthData.java
index af4cf6fa7..7a298220b 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/data/IMOAAuthData.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/data/IMOAAuthData.java
@@ -4,11 +4,11 @@ import java.util.List;
import org.w3c.dom.Element;
-import at.gv.egiz.eaaf.core.api.idp.IAuthData;
+import at.gv.egiz.eaaf.core.api.idp.IEidAuthData;
import at.gv.egiz.eaaf.core.impl.data.Pair;
import at.gv.egovernment.moa.id.commons.api.data.IMISMandate;
-public interface IMOAAuthData extends IAuthData{
+public interface IMOAAuthData extends IEidAuthData{
@Deprecated
/**
@@ -34,7 +34,6 @@ public interface IMOAAuthData extends IAuthData{
*/
List<Pair<String, String>> getEncMandateNaturalPersonbPKList();
- byte[] getSignerCertificate();
String getAuthBlock();
boolean isPublicAuthority();
String getPublicAuthorityCode();
@@ -42,7 +41,6 @@ public interface IMOAAuthData extends IAuthData{
String getBkuURL();
String getInterfederatedIDP();
boolean isInterfederatedSSOSession();
- boolean isUseMandate();
IMISMandate getMISMandate();
Element getMandate();
String getMandateReferenceValue();
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/data/MOAAuthenticationData.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/data/MOAAuthenticationData.java
index 897a06e62..f79e80cd2 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/data/MOAAuthenticationData.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/data/MOAAuthenticationData.java
@@ -30,7 +30,7 @@ import org.w3c.dom.Element;
import at.gv.egiz.eaaf.core.api.data.ILoALevelMapper;
import at.gv.egiz.eaaf.core.impl.data.Pair;
-import at.gv.egiz.eaaf.core.impl.idp.AuthenticationData;
+import at.gv.egiz.eaaf.core.impl.idp.EidAuthenticationData;
import at.gv.egiz.eaaf.core.impl.utils.DOMUtils;
import at.gv.egiz.eaaf.modules.pvp2.sp.exception.AssertionAttributeExtractorExeption;
import at.gv.egovernment.moa.id.commons.api.data.IMISMandate;
@@ -45,14 +45,13 @@ import at.gv.egovernment.moa.util.MiscUtil;
* @author tlenz
*
*/
-public class MOAAuthenticationData extends AuthenticationData implements IMOAAuthData, Serializable {
+public class MOAAuthenticationData extends EidAuthenticationData implements IMOAAuthData, Serializable {
private static final long serialVersionUID = 1L;
private boolean qualifiedCertificate;
private boolean publicAuthority;
private String publicAuthorityCode;
private String bkuURL;
- private byte[] signerCertificate = null;
private String authBlock = null;
private String QAALevel = null;
@@ -63,7 +62,6 @@ public class MOAAuthenticationData extends AuthenticationData implements IMOAAut
private List<AuthenticationRole> roles = null;
private String pvpAttribute_OU = null;
- private boolean useMandate = false;
private IMISMandate mandate = null;
private String mandateReferenceValue = null;
@@ -116,21 +114,6 @@ public class MOAAuthenticationData extends AuthenticationData implements IMOAAut
return this.encbPKList;
}
-
- @Override
- public byte[] getSignerCertificate() {
- return signerCertificate;
- }
-
-
- /**
- * @param signerCertificate the signerCertificate to set
- */
- public void setSignerCertificate(byte[] signerCertificate) {
- this.signerCertificate = signerCertificate;
- }
-
-
@Override
public String getAuthBlock() {
return authBlock;
@@ -176,18 +159,6 @@ public class MOAAuthenticationData extends AuthenticationData implements IMOAAut
this.mandate = mandate;
}
-
- @Override
- public boolean isUseMandate() {
- return useMandate;
- }
-
-
- public void setUseMandate(boolean useMandate) {
- this.useMandate = useMandate;
- }
-
-
@Override
public boolean isPublicAuthority() {
return publicAuthority;
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/moduls/AuthenticationManager.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/moduls/AuthenticationManager.java
index 77abe07af..9beeb6cc2 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/moduls/AuthenticationManager.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/moduls/AuthenticationManager.java
@@ -67,7 +67,7 @@ public class AuthenticationManager extends AbstractAuthenticationManager {
public static final String MOA_AUTHENTICATED = "MoaAuthenticated";
@Autowired private IAuthenticationSessionStoreage authenticatedSessionStore;
- @Autowired private SingleLogOutBuilder sloBuilder;;
+ @Autowired(required=false) private SingleLogOutBuilder sloBuilder;;
@Override
@@ -118,8 +118,18 @@ public class AuthenticationManager extends AbstractAuthenticationManager {
sloContainer.setSessionID(uniqueSessionIdentifier);
sloContainer.setSloRequest(pvpReq);
- sloBuilder.parseActiveIDPs(sloContainer, dbIDPs, pvpSLOIssuer);
- sloBuilder.parseActiveOAs(sloContainer, dbOAs, pvpSLOIssuer);
+ if (sloBuilder != null) {
+ Logger.trace("Parse active SPs into SLOContainer ... ");
+ sloBuilder.parseActiveIDPs(sloContainer, dbIDPs, pvpSLOIssuer);
+ sloBuilder.parseActiveOAs(sloContainer, dbOAs, pvpSLOIssuer);
+
+ } else {
+ Logger.warn("NO SLOBuilder in ClassPath / Single LogOut NOT possible! Mark SLO as FAILED");
+ sloContainer.putFailedOA(pvpReq.getAuthURL());
+
+ Logger.info("Only the IDP session will be closed soon ...");
+
+ }
Logger.debug("Active SSO Service-Provider: "
+ " BackChannel:" + sloContainer.getActiveBackChannelOAs().size()
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/builder/attributes/SimpleStringAttributeGenerator.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/builder/attributes/SimpleStringAttributeGenerator.java
deleted file mode 100644
index 5daa71b1f..000000000
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/builder/attributes/SimpleStringAttributeGenerator.java
+++ /dev/null
@@ -1,68 +0,0 @@
-/*
- * Copyright 2014 Federal Chancellery Austria
- * MOA-ID has been developed in a cooperation between BRZ, the Federal
- * Chancellery Austria - ICT staff unit, and Graz University of Technology.
- *
- * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by
- * the European Commission - subsequent versions of the EUPL (the "Licence");
- * You may not use this work except in compliance with the Licence.
- * You may obtain a copy of the Licence at:
- * http://www.osor.eu/eupl/
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the Licence is distributed on an "AS IS" basis,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the Licence for the specific language governing permissions and
- * limitations under the Licence.
- *
- * This product combines work with different licenses. See the "NOTICE" text
- * file for details on the various modules and licenses.
- * The "NOTICE" text file is part of the distribution. Any derivative works
- * that you distribute must include a readable copy of the "NOTICE" text file.
- */
-package at.gv.egovernment.moa.id.protocols.builder.attributes;
-
-import at.gv.egiz.eaaf.core.api.idp.IAttributeGenerator;
-
-/**
- * @author tlenz
- *
- */
-public class SimpleStringAttributeGenerator implements IAttributeGenerator<String> {
-
- /* (non-Javadoc)
- * @see at.gv.egovernment.moa.id.protocols.builder.attributes.IAttributeGenerator#buildStringAttribute(java.lang.String, java.lang.String, java.lang.String)
- */
- @Override
- public String buildStringAttribute(String friendlyName, String name, String value) {
- return value;
-
- }
-
- /* (non-Javadoc)
- * @see at.gv.egovernment.moa.id.protocols.builder.attributes.IAttributeGenerator#buildIntegerAttribute(java.lang.String, java.lang.String, int)
- */
- @Override
- public String buildIntegerAttribute(String friendlyName, String name, int value) {
- return String.valueOf(value);
-
- }
-
- /* (non-Javadoc)
- * @see at.gv.egovernment.moa.id.protocols.builder.attributes.IAttributeGenerator#buildLongAttribute(java.lang.String, java.lang.String, long)
- */
- @Override
- public String buildLongAttribute(String friendlyName, String name, long value) {
- return String.valueOf(value);
-
- }
-
- /* (non-Javadoc)
- * @see at.gv.egovernment.moa.id.protocols.builder.attributes.IAttributeGenerator#buildEmptyAttribute(java.lang.String, java.lang.String)
- */
- @Override
- public String buildEmptyAttribute(String friendlyName, String name) {
- return null;
- }
-
-}
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/SingleLogOutBuilder.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/SingleLogOutBuilder.java
index 8229fb405..19b79d165 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/SingleLogOutBuilder.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/SingleLogOutBuilder.java
@@ -223,11 +223,11 @@ public class SingleLogOutBuilder {
DefaultGUIFormBuilderConfiguration.VIEW_SINGLELOGOUT,
null);
- config.putCustomParameterWithOutEscaption("redirectURLs", sloReqList);
- config.putCustomParameterWithOutEscaption("timeoutURL", timeOutURL);
- config.putCustomParameter("timeout", String.valueOf(SLOTIMEOUT));
+ config.putCustomParameterWithOutEscaption(null, "redirectURLs", sloReqList);
+ config.putCustomParameterWithOutEscaption(null, "timeoutURL", timeOutURL);
+ config.putCustomParameter(null, "timeout", String.valueOf(SLOTIMEOUT));
- guiBuilder.build(httpResp, config, "Single-LogOut GUI");
+ guiBuilder.build(httpReq, httpResp, config, "Single-LogOut GUI");
} else {
@@ -249,16 +249,16 @@ public class SingleLogOutBuilder {
if (sloContainer.getSloFailedOAs() == null ||
sloContainer.getSloFailedOAs().size() == 0) {
revisionsLogger.logEvent(sloContainer.getSessionID(), sloContainer.getTransactionID(), MOAIDEventConstants.AUTHPROCESS_SLO_ALL_VALID);
- config.putCustomParameter("successMsg",
+ config.putCustomParameter(null, "successMsg",
MOAIDMessageProvider.getInstance().getMessage("slo.00", null));
} else {
revisionsLogger.logEvent(sloContainer.getSessionID(), sloContainer.getTransactionID(), MOAIDEventConstants.AUTHPROCESS_SLO_NOT_ALL_VALID);
- config.putCustomParameterWithOutEscaption("errorMsg",
+ config.putCustomParameterWithOutEscaption(null, "errorMsg",
MOAIDMessageProvider.getInstance().getMessage("slo.01", null));
}
- guiBuilder.build(httpResp, config, "Single-LogOut GUI");
+ guiBuilder.build(httpReq, httpResp, config, "Single-LogOut GUI");
}
@@ -285,11 +285,11 @@ public class SingleLogOutBuilder {
null);
revisionsLogger.logEvent(sloContainer.getSessionID(), sloContainer.getTransactionID(), MOAIDEventConstants.AUTHPROCESS_SLO_NOT_ALL_VALID);
- config.putCustomParameterWithOutEscaption("errorMsg",
+ config.putCustomParameterWithOutEscaption(null, "errorMsg",
MOAIDMessageProvider.getInstance().getMessage("slo.01", null));
try {
- guiBuilder.build(httpResp, config, "Single-LogOut GUI");
+ guiBuilder.build(httpReq, httpResp, config, "Single-LogOut GUI");
} catch (GUIBuildException e1) {
Logger.warn("Can not build GUI:'Single-LogOut'. Msg:" + e.getMessage());
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/metadata/MOAMetadataProvider.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/metadata/MOAMetadataProvider.java
index 4fc37d88f..0be49a23e 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/metadata/MOAMetadataProvider.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/metadata/MOAMetadataProvider.java
@@ -64,7 +64,7 @@ public class MOAMetadataProvider extends AbstractChainingMetadataProvider {
@Override
protected String getMetadataURL(String entityId) throws EAAFConfigurationException {
- ISPConfiguration oaParam = authConfig.getServiceProviderConfiguration(entityId);
+ ISPConfiguration oaParam = moaAuthConfig.getServiceProviderConfiguration(entityId);
if (oaParam != null)
return oaParam.getConfigurationValue(MOAIDConfigurationConstants.SERVICE_PROTOCOLS_PVP2X_URL);
@@ -78,7 +78,7 @@ public class MOAMetadataProvider extends AbstractChainingMetadataProvider {
@Override
protected MetadataProvider createNewMetadataProvider(String entityId) throws EAAFConfigurationException, IOException, CertificateException {
- ISPConfiguration oaParam = authConfig.getServiceProviderConfiguration(entityId);
+ ISPConfiguration oaParam = moaAuthConfig.getServiceProviderConfiguration(entityId);
if (oaParam != null) {
String metadataURL = oaParam.getConfigurationValue(MOAIDConfigurationConstants.SERVICE_PROTOCOLS_PVP2X_URL);
String certBase64 = oaParam.getConfigurationValue(MOAIDConfigurationConstants.SERVICE_PROTOCOLS_PVP2X_CERTIFICATE);
@@ -117,7 +117,7 @@ public class MOAMetadataProvider extends AbstractChainingMetadataProvider {
while (oaInterator.hasNext()) {
Entry<String, String> oaKeyPair = oaInterator.next();
- ISPConfiguration oaParam = authConfig.getServiceProviderConfiguration(oaKeyPair.getValue());
+ ISPConfiguration oaParam = moaAuthConfig.getServiceProviderConfiguration(oaKeyPair.getValue());
if (oaParam != null) {
String metadataurl = oaParam.getConfigurationValue(MOAIDConfigurationConstants.SERVICE_PROTOCOLS_PVP2X_URL);
if (MiscUtil.isNotEmpty(metadataurl))
@@ -146,14 +146,14 @@ public class MOAMetadataProvider extends AbstractChainingMetadataProvider {
//FIX: change hostname validation default flag to true when httpClient is updated to > 4.4
MOAHttpProtocolSocketFactory protoSocketFactory = new MOAHttpProtocolSocketFactory(
PVPConstants.SSLSOCKETFACTORYNAME,
- moaAuthConfig.getBasicMOAIDConfigurationBoolean(
+ moaAuthConfig.getBasicConfigurationBoolean(
AuthConfiguration.PROP_KEY_SSL_USE_JVM_TRUSTSTORE, false),
moaAuthConfig.getTrustedCACertificates(),
null,
AuthConfiguration.DEFAULT_X509_CHAININGMODE,
moaAuthConfig.isTrustmanagerrevoationchecking(),
moaAuthConfig.getRevocationMethodOrder(),
- moaAuthConfig.getBasicMOAIDConfigurationBoolean(
+ moaAuthConfig.getBasicConfigurationBoolean(
AuthConfiguration.PROP_KEY_SSL_HOSTNAME_VALIDATION, false));
httpClient.setCustomSSLTrustStore(metadataURL, protoSocketFactory);
@@ -173,7 +173,7 @@ public class MOAMetadataProvider extends AbstractChainingMetadataProvider {
filterChain.getFilters().add(new SchemaValidationFilter(moaAuthConfig.isPVPSchemaValidationActive()));
filterChain.getFilters().add(new MetadataSignatureFilter(metadataURL, certificate));
filterChain.getFilters().add(
- new PVPEntityCategoryFilter(authConfig.getBasicMOAIDConfigurationBoolean(
+ new PVPEntityCategoryFilter(authConfig.getBasicConfigurationBoolean(
AuthConfiguration.PROP_KEY_PROTOCOL_PVP_METADATA_ENTITYCATEGORY_RESOLVER,
false)));
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/signer/IDPCredentialProvider.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/signer/IDPCredentialProvider.java
index 389d97b18..ad7328433 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/signer/IDPCredentialProvider.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/signer/IDPCredentialProvider.java
@@ -25,6 +25,7 @@ package at.gv.egovernment.moa.id.protocols.pvp2x.signer;
import java.util.Properties;
import org.springframework.beans.factory.annotation.Autowired;
+import org.springframework.stereotype.Service;
import at.gv.egiz.eaaf.core.exceptions.EAAFException;
import at.gv.egiz.eaaf.core.impl.utils.FileUtils;
@@ -32,7 +33,7 @@ import at.gv.egiz.eaaf.modules.pvp2.impl.utils.AbstractCredentialProvider;
import at.gv.egovernment.moa.id.commons.api.AuthConfiguration;
import at.gv.egovernment.moa.util.MiscUtil;
-//@Service("PVPIDPCredentialProvider")
+@Service("PVPIDPCredentialProvider")
public class IDPCredentialProvider extends AbstractCredentialProvider {
public static final String IDP_JAVAKEYSTORE = "idp.ks.file";
public static final String IDP_KS_PASS = "idp.ks.kspassword";
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/utils/MOASAMLSOAPClient.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/utils/MOASAMLSOAPClient.java
index bd908f894..534f6797b 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/utils/MOASAMLSOAPClient.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/utils/MOASAMLSOAPClient.java
@@ -76,14 +76,14 @@ public class MOASAMLSOAPClient {
SecureProtocolSocketFactory sslprotocolsocketfactory =
new MOAHttpProtocolSocketFactory(
PVPConstants.SSLSOCKETFACTORYNAME,
- AuthConfigurationProviderFactory.getInstance().getBasicMOAIDConfigurationBoolean(
+ AuthConfigurationProviderFactory.getInstance().getBasicConfigurationBoolean(
AuthConfiguration.PROP_KEY_SSL_USE_JVM_TRUSTSTORE, false),
AuthConfigurationProviderFactory.getInstance().getTrustedCACertificates(),
null,
AuthConfigurationProviderFactory.getInstance().getDefaultChainingMode(),
AuthConfigurationProviderFactory.getInstance().isTrustmanagerrevoationchecking(),
AuthConfigurationProviderFactory.getInstance().getRevocationMethodOrder(),
- AuthConfigurationProviderFactory.getInstance().getBasicMOAIDConfigurationBoolean(
+ AuthConfigurationProviderFactory.getInstance().getBasicConfigurationBoolean(
AuthConfiguration.PROP_KEY_SSL_HOSTNAME_VALIDATION, false));
clientBuilder.setHttpsProtocolSocketFactory(sslprotocolsocketfactory );
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/validation/AuthnRequestValidator.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/validation/AuthnRequestValidator.java
index 19f865325..5ed237948 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/validation/AuthnRequestValidator.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/validation/AuthnRequestValidator.java
@@ -13,7 +13,7 @@ import org.springframework.stereotype.Service;
import at.gv.egiz.eaaf.core.api.IRequest;
import at.gv.egiz.eaaf.core.exceptions.AuthnRequestValidatorException;
-import at.gv.egiz.eaaf.modules.pvp2.api.validation.IAuthnRequestValidator;
+import at.gv.egiz.eaaf.modules.pvp2.api.validation.IAuthnRequestPostProcessor;
import at.gv.egiz.eaaf.modules.pvp2.exception.NameIDFormatNotSupportedException;
import at.gv.egovernment.moa.id.commons.MOAIDAuthConstants;
import at.gv.egovernment.moa.id.protocols.pvp2x.exceptions.MandateAttributesNotHandleAbleException;
@@ -26,9 +26,9 @@ import at.gv.egovernment.moa.logging.Logger;
*
*/
@Service("MOAAuthnRequestValidator")
-public class AuthnRequestValidator implements IAuthnRequestValidator {
+public class AuthnRequestValidator implements IAuthnRequestPostProcessor {
- public void validate(HttpServletRequest httpReq, IRequest pendingReq, AuthnRequest authnReq, SPSSODescriptor spSSODescriptor) throws AuthnRequestValidatorException{
+ public void process(HttpServletRequest httpReq, IRequest pendingReq, AuthnRequest authnReq, SPSSODescriptor spSSODescriptor) throws AuthnRequestValidatorException{
//validate NameIDPolicy
NameIDPolicy nameIDPolicy = authnReq.getNameIDPolicy();
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/util/SSLUtils.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/util/SSLUtils.java
index 6bf44a527..e84bca330 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/util/SSLUtils.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/util/SSLUtils.java
@@ -94,7 +94,7 @@ public class SSLUtils {
ConfigurationProvider conf, String url )
throws IOException, GeneralSecurityException, ConfigurationException, PKIException {
- boolean useStandardJavaTrustStore = conf.getBasicMOAIDConfigurationBoolean(
+ boolean useStandardJavaTrustStore = conf.getBasicConfigurationBoolean(
AuthConfiguration.PROP_KEY_SSL_USE_JVM_TRUSTSTORE,
false);
@@ -154,7 +154,7 @@ public class SSLUtils {
ConnectionParameterInterface connParam)
throws IOException, GeneralSecurityException, ConfigurationException, PKIException {
- boolean useStandardJavaTrustStore = conf.getBasicMOAIDConfigurationBoolean(
+ boolean useStandardJavaTrustStore = conf.getBasicConfigurationBoolean(
AuthConfiguration.PROP_KEY_SSL_USE_JVM_TRUSTSTORE,
false);
diff --git a/id/server/idserverlib/src/main/resources/META-INF/services/at.gv.egiz.eaaf.core.api.idp.auth.modules.AuthModule b/id/server/idserverlib/src/main/resources/META-INF/services/at.gv.egiz.eaaf.core.api.idp.auth.modules.AuthModule
index 5116c2a08..65452db3c 100644
--- a/id/server/idserverlib/src/main/resources/META-INF/services/at.gv.egiz.eaaf.core.api.idp.auth.modules.AuthModule
+++ b/id/server/idserverlib/src/main/resources/META-INF/services/at.gv.egiz.eaaf.core.api.idp.auth.modules.AuthModule
@@ -1,2 +1 @@
-at.gv.egovernment.moa.id.auth.modules.BKUSelectionModuleImpl
at.gv.egovernment.moa.id.auth.modules.SingleSignOnConsentsModuleImpl \ No newline at end of file
diff --git a/id/server/idserverlib/src/main/resources/moaid.authentication.beans.xml b/id/server/idserverlib/src/main/resources/moaid.authentication.beans.xml
index 02c683305..598376261 100644
--- a/id/server/idserverlib/src/main/resources/moaid.authentication.beans.xml
+++ b/id/server/idserverlib/src/main/resources/moaid.authentication.beans.xml
@@ -21,36 +21,41 @@
<context:component-scan base-package="at.gv.egovernment.moa.id.auth.servlet" />
<context:component-scan base-package="at.gv.egovernment.moa.id.protocols" />
-
+
+ <bean id="bkuSelectionProcess"
+ class="at.gv.egovernment.moa.id.auth.modules.BKUSelectionModuleImpl"/>
+
+ <bean id="eaafProtocolAuthenticationService"
+ class="at.gv.egiz.eaaf.core.impl.idp.auth.services.ProtocolAuthenticationService">
+ <property name="guiBuilder" ref="guiFormBuilder" />
+ </bean>
+
<bean id="PVPIDPCredentialProvider"
class="at.gv.egovernment.moa.id.protocols.pvp2x.signer.IDPCredentialProvider" />
<bean id="PVP2XProtocol"
class="at.gv.egovernment.moa.id.protocols.pvp2x.PVP2XProtocol">
- <property name="pvpIDPCredentials">
- <ref bean="PVPIDPCredentialProvider" />
- </property>
+ <property name="pvpIDPCredentials" ref="PVPIDPCredentialProvider" />
</bean>
<bean id="pvpMetadataService"
class="at.gv.egiz.eaaf.modules.pvp2.idp.impl.MetadataAction">
- <property name="pvpIDPCredentials">
- <ref bean="PVPIDPCredentialProvider" />
- </property>
+ <property name="pvpIDPCredentials" ref="PVPIDPCredentialProvider" />
</bean>
<bean id="PVPAuthenticationRequestAction"
class="at.gv.egiz.eaaf.modules.pvp2.idp.impl.AuthenticationAction">
- <property name="pvpIDPCredentials">
- <ref bean="PVPIDPCredentialProvider" />
- </property>
+ <property name="pvpIDPCredentials" ref="PVPIDPCredentialProvider" />
</bean>
-
+
<bean id="MOAAuthnRequestValidator"
class="at.gv.egovernment.moa.id.protocols.pvp2x.validation.AuthnRequestValidator" />
<bean id="MOAID_AuthenticationManager"
class="at.gv.egovernment.moa.id.moduls.AuthenticationManager"/>
+
+ <bean id="simplePendingReqIdGenerationStrategy"
+ class="at.gv.egiz.eaaf.core.impl.utils.SimplePendingRequestIdGenerationStrategy"/>
<bean id="AuthenticationDataBuilder"
class="at.gv.egovernment.moa.id.auth.builder.AuthenticationDataBuilder"/>
diff --git a/id/server/idserverlib/src/main/resources/resources/properties/id_messages_de.properties b/id/server/idserverlib/src/main/resources/resources/properties/id_messages_de.properties
index 3b636aaee..fa7bc659e 100644
--- a/id/server/idserverlib/src/main/resources/resources/properties/id_messages_de.properties
+++ b/id/server/idserverlib/src/main/resources/resources/properties/id_messages_de.properties
@@ -62,6 +62,8 @@ init.00=MOA-ID-Auth wurde erfolgreich gestartet
init.01=Fehler beim Aktivieren des IAIK-JCE/JSSE/JDK1.3 Workaround\: SSL ist m\u00F6glicherweise nicht verf\u00FCgbar
init.02=Fehler beim Starten des Service MOA-ID-Auth
init.04=Fehler beim Datenbankzugriff mit der SessionID {0}
+init.05=Allgemeiner interner Fehler! Ursache: '{0}'
+
internal.00=W\u00e4hrend des Anmeldevorgangs wurde ein nicht erlaubter Prozesszustand erreicht wodurch der Anmeldeprozess aus sicherheitsgr\u00FCnden abgebrochen wurde.
internal.01=W\u00e4hrend des Abmeldevorgangs wurde ein nicht erlaubter Prozesszustand erreicht wodurch der Abmeldeprozess abgebrochen wurde.
@@ -122,6 +124,8 @@ builder.08=Authentication process could NOT completed. Reason: {0}
builder.09=Can not build GUI component. Reason: {0}
builder.10=Can not create or update SSO session. SSO NOT POSSIBLE
builder.11=Fehler beim generieren der Anmeldedaten f\u00FCr die Online Applikation
+builder.12=Can not build attribute: {0}
+builder.13=No valid bPK received. Maybe there is a mismatch between ApplicationRegister and MOA-ID configuration
service.00=Fehler beim Aufruf des Web Service: {0}
service.01=Fehler beim Aufruf des Web Service: kein Endpoint
diff --git a/id/server/idserverlib/src/main/resources/resources/properties/protocol_response_statuscodes_de.properties b/id/server/idserverlib/src/main/resources/resources/properties/protocol_response_statuscodes_de.properties
index b878eadf3..5ecb242bd 100644
--- a/id/server/idserverlib/src/main/resources/resources/properties/protocol_response_statuscodes_de.properties
+++ b/id/server/idserverlib/src/main/resources/resources/properties/protocol_response_statuscodes_de.properties
@@ -93,6 +93,9 @@ builder.08=1008
builder.09=9103
builder.10=1009
builder.11=9102
+builder.12=1008
+builder.13=1008
+
service.00=4300
service.03=4300
diff --git a/id/server/idserverlib/src/test/java/at/gv/egovernment/moa/id/config/auth/data/DummyAuthConfig.java b/id/server/idserverlib/src/test/java/at/gv/egovernment/moa/id/config/auth/data/DummyAuthConfig.java
index c0ae06a82..1ab54471c 100644
--- a/id/server/idserverlib/src/test/java/at/gv/egovernment/moa/id/config/auth/data/DummyAuthConfig.java
+++ b/id/server/idserverlib/src/test/java/at/gv/egovernment/moa/id/config/auth/data/DummyAuthConfig.java
@@ -113,7 +113,7 @@ public class DummyAuthConfig implements AuthConfiguration {
}
@Override
- public Map<String, String> getBasicMOAIDConfigurationWithPrefix(String prefix) {
+ public Map<String, String> getBasicConfigurationWithPrefix(String prefix) {
Map<String, String> result = new HashMap<String, String>();
if (AuthenticationDataBuilder.CONFIGURATION_PROP_FOREIGN_BPK_ENC_KEYS.equals(prefix)) {
result.put("BMI+T1", "MIICuTCCAaGgAwIBAgIEWQMr6TANBgkqhkiG9w0BAQsFADAPMQ0wCwYDVQQDDARyb290MB4XDTE3MDQyODExNDgyN1oXDTE4MDQyODExNDgyN1owDzENMAsGA1UEAwwEcm9vdDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAKavdekY9h6te6UoCvahSKqhlNk+ZMGq1aBvj129J10wJoz3BsO86cK/ounvzrE9g6FOOeEtlb/lRRTwhO601o9/dXhIvSalpKgAF4owTuhxKUEhEUNJr4pUxFSm8OkPHEXqSXsn6W7tg/G0r12z246RAApw5jpzDDdYYY8gEZFXURf1xYnbKFPoNlPIyFj0vN7Afe+Fo8v3Brb05iQkC3wBxMnL2LZ7XLK8uu93VG/mOrUrEtZkFzOWg0c3WBKQgxCD/F5BMouXBSsNu7lzV2qEyX0uIiEQrv75Fk32DjQqx41S31lByFnL8YbYWX4lsCv0O9Smhjrn6+k91JsvcDECAwEAAaMdMBswDAYDVR0TBAUwAwEB/zALBgNVHQ8EBAMCAb4wDQYJKoZIhvcNAQELBQADggEBAAFQVd6PHrpBDTw+YUYj3yOgjFlKiSTEb4s59O74CZGbgElE2k36bqEJwki8W2ZiK+L3aeA1XCYF9cuI8QBWHJXg3UQFtDMF2zieOy/BBEA0HN6q4IjQKbt9cNR3w7nMp+lJ/BUlX6AIqfmSgJ6bKVlUsu4yuhstDBXy7QOAuQ8q76qkk7j6uiahWCyBRb5R9TDj7mQn0nM/tbeUUZa7Mxje/W4YhdatNYasTnExCyEE4S6lpSiJQdrkFGlRWp6Ia41/r6GZsAZ6pss+xyxDbJySqbVn2ro6WV4kMbrh/gX1HbmrF5UGIO/qvM+5yM6+wUfLtqPCK0PtLkI940E3WfM=");
@@ -419,7 +419,7 @@ public class DummyAuthConfig implements AuthConfiguration {
}
@Override
- public boolean getBasicMOAIDConfigurationBoolean(String key, boolean defaultValue) {
+ public boolean getBasicConfigurationBoolean(String key, boolean defaultValue) {
if (AbstractAuthenticationDataBuilder.CONFIG_PROP_ENABLE_IDL_ATTRIBUTE_ESCAPEING.equals(key)) {
if (isIDLEscapingEnabled == null)
return defaultValue;
@@ -433,24 +433,12 @@ public class DummyAuthConfig implements AuthConfiguration {
}
@Override
- public URI getConfigurationFilePath() {
- // TODO Auto-generated method stub
- return null;
- }
-
- @Override
public URI getConfigurationRootDirectory() {
// TODO Auto-generated method stub
return null;
}
@Override
- public Properties getFullConfigurationProperties() {
- // TODO Auto-generated method stub
- return null;
- }
-
- @Override
public ISPConfiguration getServiceProviderConfiguration(String arg0) throws EAAFConfigurationException {
// TODO Auto-generated method stub
return null;
@@ -471,7 +459,11 @@ public class DummyAuthConfig implements AuthConfiguration {
public void setIsIDLEscapingEnabled(Boolean isIDLEscapingEnabled) {
this.isIDLEscapingEnabled = isIDLEscapingEnabled;
}
-
-
+
+ @Override
+ public Boolean getBasicConfigurationBoolean(String key) {
+ // TODO Auto-generated method stub
+ return null;
+ }
}
diff --git a/id/server/idserverlib/src/test/java/at/gv/egovernment/moa/id/config/auth/data/DummyAuthSession.java b/id/server/idserverlib/src/test/java/at/gv/egovernment/moa/id/config/auth/data/DummyAuthSession.java
index ad68e089e..2d033d858 100644
--- a/id/server/idserverlib/src/test/java/at/gv/egovernment/moa/id/config/auth/data/DummyAuthSession.java
+++ b/id/server/idserverlib/src/test/java/at/gv/egovernment/moa/id/config/auth/data/DummyAuthSession.java
@@ -292,5 +292,15 @@ public class DummyAuthSession implements IAuthenticationSession, AuthProzessData
}
+ @Override
+ public boolean isEIDProcess() {
+ return false;
+ }
+
+ @Override
+ public void setEIDProcess(boolean value) {
+
+ }
+
}
diff --git a/id/server/idserverlib/src/test/java/at/gv/egovernment/moa/id/config/auth/data/DummyAuthStorage.java b/id/server/idserverlib/src/test/java/at/gv/egovernment/moa/id/config/auth/data/DummyAuthStorage.java
index 846819868..d774cc8c3 100644
--- a/id/server/idserverlib/src/test/java/at/gv/egovernment/moa/id/config/auth/data/DummyAuthStorage.java
+++ b/id/server/idserverlib/src/test/java/at/gv/egovernment/moa/id/config/auth/data/DummyAuthStorage.java
@@ -20,7 +20,7 @@ import at.gv.egovernment.moa.id.commons.db.ex.MOADatabaseException;
import at.gv.egovernment.moa.id.storage.IAuthenticationSessionStoreage;
public class DummyAuthStorage implements IAuthenticationSessionStoreage {
-
+
@Override
public AuthenticationSession createInternalSSOSession(IRequest target) throws MOADatabaseException, BuildException {
// TODO Auto-generated method stub
diff --git a/id/server/idserverlib/src/test/java/test/tlenz/simpletest.java b/id/server/idserverlib/src/test/java/test/tlenz/simpletest.java
index caf672d05..049c2324e 100644
--- a/id/server/idserverlib/src/test/java/test/tlenz/simpletest.java
+++ b/id/server/idserverlib/src/test/java/test/tlenz/simpletest.java
@@ -1,6 +1,5 @@
package test.tlenz;
-import java.io.ByteArrayInputStream;
import java.io.File;
import java.io.FileInputStream;
import java.io.InputStream;
@@ -27,8 +26,6 @@ import at.gv.egovernment.moa.spss.api.xmlverify.VerifySignatureLocation;
import at.gv.egovernment.moa.spss.api.xmlverify.VerifyXMLSignatureRequest;
import at.gv.egovernment.moa.spss.api.xmlverify.VerifyXMLSignatureResponse;
import iaik.asn1.ASN1;
-import iaik.asn1.ASN1Object;
-import iaik.utils.ASN1InputStream;
/*******************************************************************************
* Copyright 2014 Federal Chancellery Austria
@@ -76,7 +73,8 @@ public class simpletest {
try {
try {
- String test = "3082065406092A864886F70D010702A082064530820641020101310B300906052B240302010500300B06092A864886F70D010701A08204B3308204AF30820397A00302010202030E6CBE300D06092A864886F70D0101050500308197310B300906035504061302415431483046060355040A0C3F412D5472757374204765732E20662E20536963686572686569747373797374656D6520696D20656C656B74722E20446174656E7665726B65687220476D6248311E301C060355040B0C15612D7369676E2D5072656D69756D2D5369672D3032311E301C06035504030C15612D7369676E2D5072656D69756D2D5369672D3032301E170D3133303431303130343633335A170D3138303431303038343633335A305E310B30090603550406130241543116301406035504030C0D41726D696E20466973636865723110300E06035504040C0746697363686572310E300C060355042A0C0541726D696E311530130603550405130C3933373131343838363833343059301306072A8648CE3D020106082A8648CE3D03010703420004BF7ADE98B7CD89A0559F2BA9463454E08DBE3516A86BB7B8F4FDBB42FF24A03991AF5BD63D72197F63AB03C88260C31E4A9C17DB5E8681FCAE1D7CF90EB1ACD1A38202053082020130110603551D0E040A0408433A176E9B70B5CD300E0603551D0F0101FF0404030206C030130603551D23040C300A80084DDFE1FF4BD9C9DF301E0603551D1104173015811361726D696E40666973636865722E6F722E617430090603551D1304023000307B06082B06010505070101046F306D304206082B060105050730028636687474703A2F2F7777772E612D74727573742E61742F63657274732F612D7369676E2D5072656D69756D2D5369672D3032612E637274302706082B06010505073001861B687474703A2F2F6F6373702E612D74727573742E61742F6F63737030590603551D2004523050304406062A280011010B303A303806082B06010505070201162C687474703A2F2F7777772E612D74727573742E61742F646F63732F63702F612D7369676E2D5072656D69756D3008060604008B300101302706082B060105050701030101FF041830163008060604008E460101300A06082B06010505070B0130819A0603551D1F04819230818F30818CA08189A081868681836C6461703A2F2F6C6461702E612D74727573742E61742F6F753D612D7369676E2D5072656D69756D2D5369672D30322C6F3D412D54727573742C633D41543F63657274696669636174657265766F636174696F6E6C6973743F626173653F6F626A656374636C6173733D65696443657274696669636174696F6E417574686F72697479300D06092A864886F70D01010505000382010100352830958A68A260CFEFB1DA157C1452E22735A2BBC40F51A19D22481766537630C8E0C99CCE50F614E437ABFF943C7D6A69CCB0F79ED6A9B5356182DFBA095F3534671073D586F70B002CEF846E6D4447031AFBFE5D727D2A893688294D494C37454C187F15611EFDFA84D64D0C9D4E3EC9FF8A126A842EDB70D1F9AD497A1A11CC1363AAFD76D7412F21248B855363D3AB771C538D5610BC7F0FCEA359F33F5FA6A228E0539C16AF12A1B2DE608719CBE39C41AFE5BD0CDDC781F00C6A86B21BA252DD23DAEBB3B91CADE8278B330945CA11D4A77188197E744BA9B5288E9D4A4C7502D706D7CEA569D258E116E6ACE42F4C24449803076C30A7BABE26CAE7318201693082016502010130819F308197310B300906035504061302415431483046060355040A0C3F412D5472757374204765732E20662E20536963686572686569747373797374656D6520696D20656C656B74722E20446174656E7665726B65687220476D6248311E301C060355040B0C15612D7369676E2D5072656D69756D2D5369672D3032311E301C06035504030C15612D7369676E2D5072656D69756D2D5369672D303202030E6CBE300906052B240302010500A05F301806092A864886F70D010903310B06092A864886F70D010701301E06092A864886F70D0109053111180F32303137303631393130303130305A302306092A864886F70D010904311604149D0A3FDC7F8CED863952B468C927AC87CE227B68300E060A04007F0007010104010605000440002B459189C71E69CC13E111ED1F493D89681E0A815CCEA297AC3D76A48A75E7D11081F08D7A0FAA4210205D2B8A0A7A83E0F5211AD51BDE2581D4C4E400C06AA1000000000000000000000";
+ //String test = "3082065406092A864886F70D010702A082064530820641020101310B300906052B240302010500300B06092A864886F70D010701A08204B3308204AF30820397A00302010202030E6CBE300D06092A864886F70D0101050500308197310B300906035504061302415431483046060355040A0C3F412D5472757374204765732E20662E20536963686572686569747373797374656D6520696D20656C656B74722E20446174656E7665726B65687220476D6248311E301C060355040B0C15612D7369676E2D5072656D69756D2D5369672D3032311E301C06035504030C15612D7369676E2D5072656D69756D2D5369672D3032301E170D3133303431303130343633335A170D3138303431303038343633335A305E310B30090603550406130241543116301406035504030C0D41726D696E20466973636865723110300E06035504040C0746697363686572310E300C060355042A0C0541726D696E311530130603550405130C3933373131343838363833343059301306072A8648CE3D020106082A8648CE3D03010703420004BF7ADE98B7CD89A0559F2BA9463454E08DBE3516A86BB7B8F4FDBB42FF24A03991AF5BD63D72197F63AB03C88260C31E4A9C17DB5E8681FCAE1D7CF90EB1ACD1A38202053082020130110603551D0E040A0408433A176E9B70B5CD300E0603551D0F0101FF0404030206C030130603551D23040C300A80084DDFE1FF4BD9C9DF301E0603551D1104173015811361726D696E40666973636865722E6F722E617430090603551D1304023000307B06082B06010505070101046F306D304206082B060105050730028636687474703A2F2F7777772E612D74727573742E61742F63657274732F612D7369676E2D5072656D69756D2D5369672D3032612E637274302706082B06010505073001861B687474703A2F2F6F6373702E612D74727573742E61742F6F63737030590603551D2004523050304406062A280011010B303A303806082B06010505070201162C687474703A2F2F7777772E612D74727573742E61742F646F63732F63702F612D7369676E2D5072656D69756D3008060604008B300101302706082B060105050701030101FF041830163008060604008E460101300A06082B06010505070B0130819A0603551D1F04819230818F30818CA08189A081868681836C6461703A2F2F6C6461702E612D74727573742E61742F6F753D612D7369676E2D5072656D69756D2D5369672D30322C6F3D412D54727573742C633D41543F63657274696669636174657265766F636174696F6E6C6973743F626173653F6F626A656374636C6173733D65696443657274696669636174696F6E417574686F72697479300D06092A864886F70D01010505000382010100352830958A68A260CFEFB1DA157C1452E22735A2BBC40F51A19D22481766537630C8E0C99CCE50F614E437ABFF943C7D6A69CCB0F79ED6A9B5356182DFBA095F3534671073D586F70B002CEF846E6D4447031AFBFE5D727D2A893688294D494C37454C187F15611EFDFA84D64D0C9D4E3EC9FF8A126A842EDB70D1F9AD497A1A11CC1363AAFD76D7412F21248B855363D3AB771C538D5610BC7F0FCEA359F33F5FA6A228E0539C16AF12A1B2DE608719CBE39C41AFE5BD0CDDC781F00C6A86B21BA252DD23DAEBB3B91CADE8278B330945CA11D4A77188197E744BA9B5288E9D4A4C7502D706D7CEA569D258E116E6ACE42F4C24449803076C30A7BABE26CAE7318201693082016502010130819F308197310B300906035504061302415431483046060355040A0C3F412D5472757374204765732E20662E20536963686572686569747373797374656D6520696D20656C656B74722E20446174656E7665726B65687220476D6248311E301C060355040B0C15612D7369676E2D5072656D69756D2D5369672D3032311E301C06035504030C15612D7369676E2D5072656D69756D2D5369672D303202030E6CBE300906052B240302010500A05F301806092A864886F70D010903310B06092A864886F70D010701301E06092A864886F70D0109053111180F32303137303631393130303130305A302306092A864886F70D010904311604149D0A3FDC7F8CED863952B468C927AC87CE227B68300E060A04007F0007010104010605000440002B459189C71E69CC13E111ED1F493D89681E0A815CCEA297AC3D76A48A75E7D11081F08D7A0FAA4210205D2B8A0A7A83E0F5211AD51BDE2581D4C4E400C06AA1000000000000000000000";
+ String test = "308006092a864886f70d010702a0803080020101310f300d06096086480165030402010500308006092a864886f70d0107010000a08204953082049130820379a0030201020203133594300d06092a864886f70d0101050500308197310b300906035504061302415431483046060355040a0c3f412d5472757374204765732e20662e20536963686572686569747373797374656d6520696d20656c656b74722e20446174656e7665726b65687220476d6248311e301c060355040b0c15612d7369676e2d5072656d69756d2d5369672d3032311e301c06035504030c15612d7369676e2d5072656d69756d2d5369672d3032301e170d3134303530323039303734395a170d3139303530323039303734395a3060310b30090603550406130241543117301506035504030c0e4d6178204d75737465726d616e6e3113301106035504040c0a4d75737465726d616e6e310c300a060355042a0c034d6178311530130603550405130c3237333736313333323837363059301306072a8648ce3d020106082a8648ce3d03010703420004f7be38b8b730fd5ab3b62a54de3ca256f0f81c0b99116affce3326258448a23a1406207d6e9a8b217fee06466d43d7bed6cbf27c4e3049600576b66f8836a5f3a38201e5308201e130110603551d0e040a04084daa6d7cb1103d48300e0603551d0f0101ff0404030206c030130603551d23040c300a80084ddfe1ff4bd9c9df30090603551d1304023000307b06082b06010505070101046f306d304206082b060105050730028636687474703a2f2f7777772e612d74727573742e61742f63657274732f612d7369676e2d5072656d69756d2d5369672d3032612e637274302706082b06010505073001861b687474703a2f2f6f6373702e612d74727573742e61742f6f63737030590603551d2004523050304406062a280011010b303a303806082b06010505070201162c687474703a2f2f7777772e612d74727573742e61742f646f63732f63702f612d7369676e2d5072656d69756d3008060604008b300101302706082b060105050701030101ff041830163008060604008e460101300a06082b06010505070b0130819a0603551d1f04819230818f30818ca08189a081868681836c6461703a2f2f6c6461702e612d74727573742e61742f6f753d612d7369676e2d5072656d69756d2d5369672d30322c6f3d412d54727573742c633d41543f63657274696669636174657265766f636174696f6e6c6973743f626173653f6f626a656374636c6173733d65696443657274696669636174696f6e417574686f72697479300d06092a864886f70d01010505000382010100cd7da6254ccf3aec8479bddc2539ceb9ef591a1b51d8757bb6851d2974c909ada603ec18cf96da6a829ca71a6e55d84855f4d7e34776dc1b709c551e466069d6f3e1b805491ef86a9ac3e95ad871d3d382eab50e9268ea0b7312e40304d8215c6c42e5a101a73f839f47aa55ef47642c471d9e1852c6a67c5b0b6aab13d0e7340c0fdfc284a90ee1460baf17cab1d1eecfb513704fdd2460e65dd56fb644e19cc0a80883f31da1d4872809797964e6dc3bd6e09beb45ebc39abcb9356f564f24e2b01fdd9aa6b5353c8ee37f6938fc4b7de1480b4889c9a9b16d16a161db060fb0aa3681175209b7e48b9892c6de847eb76c5122f0543e637b7bc259a8507b883182010d3082010902010130819f308197310b300906035504061302415431483046060355040a0c3f412d5472757374204765732e20662e20536963686572686569747373797374656d6520696d20656c656b74722e20446174656e7665726b65687220476d6248311e301c060355040b0c15612d7369676e2d5072656d69756d2d5369672d3032311e301c06035504030c15612d7369676e2d5072656d69756d2d5369672d30320203133594300d06096086480165030402010500300b06072a8648ce3d0201050004463044022079c3a32116fba799d77df0458e88f1d3370251382030f8d54f136afbe6635c39022072dc7bc7411a96b47717817f9c851954f6b511a30e47944221acc985bab6502b00000000000000000";
byte[] bytes = new byte[test.length()/2];
for (int i=0; i<test.length()/2; i++) {
bytes[i] = (byte) Integer.parseInt(test.substring(i*2, i*2+2), 16);