diff options
Diffstat (limited to 'id/server/idserverlib')
12 files changed, 424 insertions, 79 deletions
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/AuthenticationServer.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/AuthenticationServer.java index a772e0457..af7841321 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/AuthenticationServer.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/AuthenticationServer.java @@ -291,6 +291,7 @@ public class AuthenticationServer implements MOAIDAuthConstants { * may be <code>null</code>; in this case, the default location will be used * @param useMandate Indicates if mandate is used or not * @param templateURL URL providing an HTML template for the HTML form generated + * @param templateMandteURL URL providing an HTML template for the HTML form generated (for signing in mandates mode) * @param scheme determines the protocol used * @return HTML form * @throws AuthenticationException @@ -391,6 +392,8 @@ public class AuthenticationServer implements MOAIDAuthConstants { ex); } } + + String pushInfobox = ""; VerifyInfoboxParameters verifyInfoboxParameters = oaParam.getVerifyInfoboxParameters(); if (verifyInfoboxParameters != null) { @@ -887,6 +890,8 @@ public class AuthenticationServer implements MOAIDAuthConstants { session.setExtendedSAMLAttributesAUTH(new Vector()); // Initialize SAML Attributes session.setExtendedSAMLAttributesOA(new Vector()); + //System.out.println("SAML set: " + session.getExtendedSAMLAttributesAUTH().size()); + if (verifyInfoboxParameters != null) { infoboxParameters = verifyInfoboxParameters.getInfoboxParameters(); @@ -1720,6 +1725,7 @@ public class AuthenticationServer implements MOAIDAuthConstants { } AuthenticationData authData = null; synchronized (authenticationDataStore) { + System.out.println("assertionHandle: " + assertionHandle); authData = (AuthenticationData) authenticationDataStore.get(assertionHandle); if (authData == null) { Logger.error("Assertion not found for SAML Artifact: " + samlArtifact); diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/AuthenticationBlockAssertionBuilder.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/AuthenticationBlockAssertionBuilder.java index bab387b4a..d105c3206 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/AuthenticationBlockAssertionBuilder.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/AuthenticationBlockAssertionBuilder.java @@ -190,9 +190,12 @@ public class AuthenticationBlockAssertionBuilder extends AuthenticationAssertion } ExtendedSAMLAttribute bpkAttribute = new ExtendedSAMLAttributeImpl("bPK", bpkSamlValueElement, Constants.MOA_NS_URI, ExtendedSAMLAttribute.ADD_TO_AUTHBLOCK_ONLY); - + + System.out.println("extendedSAMLAttributes: " + extendedSAMLAttributes.size()); + extendedSAMLAttributes.add(bpkAttribute); - //gebeORwbpk = gebeORwbpk + MessageFormat.format(BPK_ATTRIBUTE, new Object[] { identityLinkValue, identityLinkType }); + + //gebeORwbpk = gebeORwbpk + MessageFormat.format(BPK_ATTRIBUTE, new Object[] { identityLinkValue, identityLinkType }); wbpkNSDeclaration = " xmlns:pr=\"" + PD_NS_URI + "\""; //..BZ } diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/CreateXMLSignatureRequestBuilder.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/CreateXMLSignatureRequestBuilder.java index c61e2dd84..4d29c9135 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/CreateXMLSignatureRequestBuilder.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/CreateXMLSignatureRequestBuilder.java @@ -152,8 +152,8 @@ public class CreateXMLSignatureRequestBuilder implements Constants { // request += "</style>"; request += "</head>"; request += "<body>"; - request += "<h4 class=\"h4style\">Authentication Data:</h4>"; - request += "<p class=\"titlestyle\">Personal Data</p>"; + request += "<h4 class=\"h4style\">Anmeldedaten für (Requesting Application Access for):</h4>"; + request += "<p class=\"titlestyle\">Persönliche Daten (Personal Data)</p>"; request += "<table class=\"parameters\">"; request += "<tr>"; request += "<td class=\"italicstyle\">Name:</td>"; @@ -162,21 +162,21 @@ public class CreateXMLSignatureRequestBuilder implements Constants { request += "</td>"; request += "</tr>"; request += "</table>"; - request += "<p class=\"titlestyle\">Application Data</p>"; + request += "<p class=\"titlestyle\">Daten zur Anwendung (Application Data)</p>"; request += "<table class=\"parameters\">"; request += "<tr>"; - request += "<td class=\"italicstyle\">Name:</td>"; + request += "<td class=\"italicstyle\">Dienst (Service):</td>"; request += "<td class=\"normalstyle\">"; // friendlyname from OA request += StringUtils.isEmpty(oaParam.getFriendlyName()) ? "" : oaParam.getFriendlyName(); request += "</td>"; request += "</tr>"; request += "<tr>"; - request += "<td class=\"italicstyle\">Country:</td>"; - request += "<td class=\"normalstyle\">Austria</td>"; + request += "<td class=\"italicstyle\">Land (Country):</td>"; + request += "<td class=\"normalstyle\">Österreich (Austria)</td>"; request += "</tr>"; request += "</table>"; - request += "<p class=\"titlestyle\">Technical Parameters</p>"; + request += "<p class=\"titlestyle\">Technische Parameter (Technical Parameters)</p>"; request += "<table class=\"parameters\">"; request += "<tr>"; request += "<td class=\"italicstyle\">URL:</td>"; @@ -203,7 +203,7 @@ public class CreateXMLSignatureRequestBuilder implements Constants { // OA is publicservice request += "<tr>"; request += "<td class=\"italicstyle\">"; - request += "Sector:</td>"; + request += "Sektor (Sector):</td>"; request += "<td class=\"normalstyle\">"; request += target + " (" + sectorName + ")"; request += "</td>"; @@ -212,27 +212,45 @@ public class CreateXMLSignatureRequestBuilder implements Constants { } request += "<tr>"; - request += "<td class=\"italicstyle\">Date:</td>"; + request += "<td class=\"italicstyle\">Datum (Date):</td>"; request += "<td class=\"normalstyle\">"; request += date; request += "</td>"; request += "</tr>"; request += "<tr>"; - request += "<td class=\"italicstyle\">Time:</td>"; + request += "<td class=\"italicstyle\">Zeit (Time):</td>"; request += "<td class=\"normalstyle\">"; request += time; request += "</td>"; request += "</tr>"; request += "</table>"; - request += "<p class=\"normalstyle\">I hereby request to access this e-government application by using my " + - "domestic electronic identity. <br/>" + - "I further affirm that I am not yet registered with the Austrian Central " + - "Residents Registry and that I am not obliged to register with the Austrian " + - "Central Residents Registry according to Austrian law.<br/>" + - "In the event I am not yet registered with the Supplementary Register, I " + - "explicitly grant to do so according to §6 (5) E-Government Act (EGovG, idF: " + - "BGBl. I Nr. 7/2008 und BGBl. I Nr. 59/2008).</p>"; + request += "<p class=\"normalstyle\">Mit der Anmeldung erfolgt eine Abfrage des Ergänzungsregister für " + + "natürliche Personen (ERnP), damit ich meinen elektronischen " + + "Identitätsnachweis (meine elektronische Identitätskarte) unmittelbar " + + "als Österreichische Bürgerkarte verwenden kann. Ich bin nicht im " + + "Zentralen Melderegister eingetragen und stimme, sofern ich nicht im " + + "ERnP eingetragen bin, einer Eintragung ins ERnP zu. Ich nehme zur " + + "Kenntnis, dass die Eintragung ins ERnP ausschließlich der Aufzeichnung " + + "jener Daten, die für die eindeutige Identität notwendig sind, dient.</p>"; + + request += "<p class=\"normalstyle\">I affirm that I am not registered with the Austrian Central " + + "Register of Residents or the Supplementary Register for Natural Persons. I therefore " + + "apply for registration in the Supplementary Register for Natural Persons in order to use " + + "my electronic identity (my electronic ID card) as an Austrian citizen card. I take note " + + "that registration in the Supplementary Register for Natural Persons solely serves keeping " + + "records of those data that are used for validation of unique identity and that those data " + + "is only used for e-government purposes.</p>"; + + +// request += "<p class=\"normalstyle\">I hereby request to access this e-government application by using my " + +// "domestic electronic identity. <br/>" + +// "I further affirm that I am not yet registered with the Austrian Central " + +// "Residents Registry and that I am not obliged to register with the Austrian " + +// "Central Residents Registry according to Austrian law.<br/>" + +// "In the event I am not yet registered with the Supplementary Register, I " + +// "explicitly grant to do so according to §6 (5) E-Government Act (EGovG, idF: " + +// "BGBl. I Nr. 7/2008 und BGBl. I Nr. 59/2008).</p>"; request += "</body>"; request += "</html>"; diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/GetIdentityLinkFormBuilder.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/GetIdentityLinkFormBuilder.java index 9bab8643f..dcaed084a 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/GetIdentityLinkFormBuilder.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/GetIdentityLinkFormBuilder.java @@ -15,11 +15,19 @@ */ package at.gv.egovernment.moa.id.auth.builder; +import java.io.BufferedReader; import java.io.IOException; import java.io.StringReader; import java.io.StringWriter; +import at.gv.egovernment.moa.id.AuthenticationException; import at.gv.egovernment.moa.id.BuildException; +import at.gv.egovernment.moa.id.config.ConfigurationException; +import at.gv.egovernment.moa.id.config.OnlineMandatesTemplates; +import at.gv.egovernment.moa.id.config.auth.AuthConfigurationProvider; +import at.gv.egovernment.moa.id.config.auth.OAAuthParameter; +import at.gv.egovernment.moa.logging.Logger; +import at.gv.egovernment.moa.util.FileUtils; /** * Builder for HTML form requesting the security layer implementation @@ -43,6 +51,8 @@ public class GetIdentityLinkFormBuilder extends Builder { private static final String CERTINFO_DATAURL_TAG = "<CertInfoDataURL>"; /** special tag in the HTML template to be substituted for the infoboxes to be pushed from the BKU */ private static final String PUSHINFOBOX_TAG = "<PushInfobox>"; + /** special tag in the HTML template to be substituted for the BKU URL */ + private static final String MANDATE_TAG = "<Mandate>"; /** private static int all contains the representation to replace all tags*/ private static final int ALL = -1; @@ -83,48 +93,101 @@ public class GetIdentityLinkFormBuilder extends Builder { "</body>" + nl + "</html>"; - /** default HTML template */ - private static final String DEFAULT_HTML_TEMPLATE_FOR_MANDATES = + /** default HTML template for mandates */ + private static final String DEFAULT_HTML_TEMPLATE_FOR_MANDATES_OLD = "<html>" + nl + "<head>" + nl + - "<meta http-equiv=\"content-type\" content=\"text/html; charset=UTF-8\">" + nl + + "<meta http-equiv=\"content-type\" content=\"text/html; charset=UTF-8\">" + nl + "<title>Vollmachten-Anmeldung</title>" + nl + - "<script type=\"text/javascript\">" + nl + - "window.onload=function() {" + nl + - "document.VollmachtenForm.submit();" + nl + - "document.VollmachtenForm.Senden.disabled=true;" + nl + - "return;" + nl + - "}" + nl + - "</script>" + nl + - "</head>" + nl + - "<body>" + nl + - "<form name=\"VollmachtenForm\"" + nl + - " action=\"" + BKU_TAG + "\"" + nl + - " method=\"post\">" + nl + - " <input type=\"hidden\" " + nl + - " name=\"XMLRequest\"" + nl + - " value=\"" + XMLREQUEST_TAG + "\"/>" + nl + - " <input type=\"hidden\" " + nl + - " name=\"DataURL\"" + nl + - " value=\"" + DATAURL_TAG + "\"/>" + nl + - " <input type=\"hidden\" " + nl + - " name=\"PushInfobox\"" + nl + - " value=\"" + PUSHINFOBOX_TAG + "\"/>" + nl + - " <input type=\"submit\" value=\"Starte Signatur\" name=\"Senden\"/>" + nl + - "</form>" + nl + - "<form name=\"CertificateInfoForm\"" + nl + - " action=\"" + BKU_TAG + "\"" + nl + - " method=\"post\">" + nl + - " <input type=\"hidden\" " + nl + - " name=\"XMLRequest\"" + nl + - " value=\"" + CERTINFO_XMLREQUEST_TAG + "\"/>" + nl + - " <input type=\"hidden\" " + nl + - " name=\"DataURL\"" + nl + - " value=\"" + CERTINFO_DATAURL_TAG + "\"/>" + nl + -// " <input type=\"submit\" value=\"Information zu Wurzelzertifikaten\"/>" + nl + - " <input type=\"hidden\" value=\"Information zu Wurzelzertifikaten\"/>" + nl + - "</form>" + nl + - "</body>" + nl + + "<script language=\"javascript\">" + nl + + " function fillFrame() {" + nl + + " var f = top.frames['mandate'];" + nl + + " with (f.document) {" + nl + + " open();" + nl + + " <Mandate>" + nl + + " close();" + nl + + " }" + nl + + " }" + nl + + "</script>" + nl + + "</head>" + nl + + "<body onLoad=\"fillFrame(); return false;\">" + nl + + "<h2>Vollmachten-Anmeldung</h2>" + nl + + "<iframe name=\"mandate\" src=\"\" frameborder=\"0\" width=\"250\" height=\"400\"></iframe>" + nl + + "</body>" + nl + + "</html>"; + + + /** default HTML template - iFrame */ + private static final String DEFAULT_HTML_TEMPLATE_IFRAME_FOR_MANDATES_OLD = + "<html>" + + "<head>" + + //"<base target=\"_parent\">" + + "<meta http-equiv=\"content-type\" content=\"text/html; charset=UTF-8\">" + + "<title>Vollmachten-Anmeldung</title>" + + "</head>" + + "<body onLoad=\"document.VollmachtenForm.submit();\">" + + "<form name=\"VollmachtenForm\"" + + " action=\"" + BKU_TAG + "\"" + + " method=\"post\">" + + " <input type=\"hidden\" " + + " name=\"XMLRequest\"" + + " value=\"" + XMLREQUEST_TAG + "\"/>" + + " <input type=\"hidden\" " + + " name=\"DataURL\"" + + " value=\"" + DATAURL_TAG + "\"/>" + + " <input type=\"hidden\" " + + " name=\"PushInfobox\"" + + " value=\"" + PUSHINFOBOX_TAG + "\"/>" + + " <input type=\"submit\" value=\"Starte Signatur\" name=\"Senden\"/>" + + "</form>" + + "<form name=\"CertificateInfoForm\"" + + " action=\"" + BKU_TAG + "\"" + + " method=\"post\">" + + " <input type=\"hidden\" " + + " name=\"XMLRequest\"" + + " value=\"" + CERTINFO_XMLREQUEST_TAG + "\"/>" + + " <input type=\"hidden\" " + + " name=\"DataURL\"" + + " value=\"" + CERTINFO_DATAURL_TAG + "\"/>" + + " <input type=\"hidden\" value=\"Information zu Wurzelzertifikaten\"/>" + + "</form>" + + "</body>" + + "</html>"; + + /** default HTML template for Online mandates */ + private static final String DEFAULT_HTML_TEMPLATE_IFRAME_FOR_MANDATES = + "<html>" + + "<head>" + + "<meta http-equiv=\"content-type\" content=\"text/html; charset=UTF-8\">" + + "<title>Vollmachten-Anmeldung</title>" + + "</head>" + + "<body onLoad=\"document.VollmachtenForm.submit();\">" + + "<form name=\"VollmachtenForm\"" + + " action=\"" + BKU_TAG + "\"" + + " method=\"post\">" + + " <input type=\"hidden\" " + + " name=\"XMLRequest\"" + + " value=\"" + XMLREQUEST_TAG + "\"/>" + + " <input type=\"hidden\" " + + " name=\"DataURL\"" + + " value=\"" + DATAURL_TAG + "\"/>" + + " <input type=\"hidden\" " + + " name=\"PushInfobox\"" + + " value=\"" + PUSHINFOBOX_TAG + "\"/>" + + " <input type=\"submit\" value=\"Starte Signatur\" name=\"Senden\"/>" + + "</form>" + + "<form name=\"CertificateInfoForm\"" + + " action=\"" + BKU_TAG + "\"" + + " method=\"post\">" + + " <input type=\"hidden\" " + + " name=\"XMLRequest\"" + + " value=\"" + CERTINFO_XMLREQUEST_TAG + "\"/>" + + " <input type=\"hidden\" " + + " name=\"DataURL\"" + + " value=\"" + CERTINFO_DATAURL_TAG + "\"/>" + + " <input type=\"hidden\" value=\"Information zu Wurzelzertifikaten\"/>" + + "</form>" + + "</body>" + "</html>"; /** @@ -167,25 +230,101 @@ public class GetIdentityLinkFormBuilder extends Builder { /** * Builds the HTML form, including XML Request and data URL as parameters. * - * @param htmlTemplate template to be used for the HTML form; - * may be <code>null</code>, in this case a default layout will be produced * @param xmlRequest XML Request to be sent as a parameter in the form * @param bkuURL URL of the "Bürgerkartenumgebung" the form will be submitted to; * may be <code>null</code>, in this case the default URL will be used * @param dataURL DataURL to be sent as a parameter in the form */ public String buildCreateSignature( - String bkuURL, + String bkuURL, String xmlRequest, - String dataURL) + String dataURL, + String oaUrl) throws BuildException { - String htmlForm = DEFAULT_HTML_TEMPLATE_FOR_MANDATES; - htmlForm = replaceTag(htmlForm, BKU_TAG, bkuURL, true, ALL); - htmlForm = replaceTag(htmlForm, XMLREQUEST_TAG, encodeParameter(xmlRequest), true, ALL); - htmlForm = replaceTag(htmlForm, DATAURL_TAG, dataURL, true, ALL); - return htmlForm; + String htmlForm = ""; + OAAuthParameter oaParam; + try { + oaParam = AuthConfigurationProvider.getInstance().getOnlineApplicationParameter(oaUrl); + } catch (ConfigurationException e) { + Logger.error("Error on building HTMl form for online mandates: " + e.getMessage()); + throw new BuildException("builder.03", null); + } + + OnlineMandatesTemplates[] templatesOnlineMandates = oaParam.getTemplateOnlineMandates(); + if (templatesOnlineMandates == null) { + // no templates given + htmlForm = DEFAULT_HTML_TEMPLATE_IFRAME_FOR_MANDATES; + htmlForm = replaceTag(htmlForm, BKU_TAG, bkuURL, true, ALL); + htmlForm = replaceTag(htmlForm, XMLREQUEST_TAG, encodeParameter(xmlRequest), true, ALL); + htmlForm = replaceTag(htmlForm, DATAURL_TAG, dataURL, true, ALL); + } else { + String moaidTemplateUrl = null; + String mandateTemplateUrl = null; + // check for configured bku URL + for (int i = 0; i < templatesOnlineMandates.length; i++) { + if (templatesOnlineMandates[i].getBkuURL().compareToIgnoreCase(bkuURL) == 0) { + moaidTemplateUrl = templatesOnlineMandates[i].getMoaIdTemplateURL(); + mandateTemplateUrl = templatesOnlineMandates[i].getMandatesTemplateURL(); + } + } + if (moaidTemplateUrl == null || mandateTemplateUrl == null) { + Logger.debug("Configured and used BKU URL are not equal. So standard template is used."); + htmlForm = DEFAULT_HTML_TEMPLATE_IFRAME_FOR_MANDATES; + htmlForm = replaceTag(htmlForm, BKU_TAG, bkuURL, true, ALL); + htmlForm = replaceTag(htmlForm, XMLREQUEST_TAG, encodeParameter(xmlRequest), true, ALL); + htmlForm = replaceTag(htmlForm, DATAURL_TAG, dataURL, true, ALL); + } else { + // use configured templates + String moaidTemplate; + String mandateTemplate; + try { + moaidTemplate = new String(FileUtils.readURL(moaidTemplateUrl)); + } catch (IOException ex) { + throw new BuildException("auth.03", new Object[] { moaidTemplateUrl, ex.toString()},ex); + } + try { + mandateTemplate = new String(FileUtils.readURL(mandateTemplateUrl)); + } catch (IOException ex) { + throw new BuildException("auth.03", new Object[] { mandateTemplateUrl, ex.toString()},ex); + } + + + // Mandatem template with iFrame + htmlForm = mandateTemplate; + + + // HTML form with XML signature request, which is filled into the iFrame + String htmlFormiFrame = moaidTemplate; + htmlFormiFrame = replaceTag(htmlFormiFrame, BKU_TAG, bkuURL, true, ALL); + htmlFormiFrame = replaceTag(htmlFormiFrame, XMLREQUEST_TAG, encodeParameter(xmlRequest), true, ALL); + htmlFormiFrame = replaceTag(htmlFormiFrame, DATAURL_TAG, dataURL, true, ALL); + htmlFormiFrame = htmlFormiFrame.replaceAll("\"", "\\\""); + htmlFormiFrame = htmlFormiFrame.replaceAll("'", "\\\\'"); + + // add writeln('[data]') for each line in the iframe + BufferedReader reader = new BufferedReader(new StringReader(htmlFormiFrame)); + String str; + String htmlFormiFrameWriteLn = ""; + try { + while ((str = reader.readLine()) != null) { + if (str.length() > 0) + htmlFormiFrameWriteLn += "writeln('" + str + "');"; + } + } catch(IOException e) { + throw new BuildException("builder.03", null); + } + + htmlForm = replaceTag(htmlForm, MANDATE_TAG, htmlFormiFrameWriteLn, true, ALL); + + } + + } + + return htmlForm; + } + /** * Encodes a string for inclusion as a parameter in the form. * Double quotes are substituted by <code>"&quot;"</code>. diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/SAMLArtifactBuilder.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/SAMLArtifactBuilder.java index f0e9c7484..c94eb0b25 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/SAMLArtifactBuilder.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/SAMLArtifactBuilder.java @@ -64,6 +64,10 @@ public class SAMLArtifactBuilder { byte[] sourceID; // alternative sourceId String alternativeSourceID = AuthConfigurationProvider.getInstance().getGenericConfigurationParameter(GENERIC_CONFIG_PARAM_SOURCEID); + + System.out.println("alternativeSourceID: " + alternativeSourceID); + System.out.println("authURL: " + authURL); + if (!ParepUtils.isEmpty(alternativeSourceID)) { // if generic config parameter "AuthenticationServer.SourceID" is given, use that sourceID instead of authURL; sourceID = md.digest(alternativeSourceID.getBytes()); @@ -71,6 +75,9 @@ public class SAMLArtifactBuilder { } else { sourceID = md.digest(authURL.getBytes()); } + + System.out.println("sourceID: " + new String(sourceID)); + byte[] assertionHandle = md.digest(sessionID.getBytes()); ByteArrayOutputStream out = new ByteArrayOutputStream(42); out.write(0); @@ -78,7 +85,9 @@ public class SAMLArtifactBuilder { out.write(sourceID, 0, 20); out.write(assertionHandle, 0, 20); byte[] samlArtifact = out.toByteArray(); + System.out.println("samlArtifact: " + new String(samlArtifact)); String samlArtifactBase64 = Base64Utils.encode(samlArtifact); + System.out.println("samlArtifact Base64: " + samlArtifactBase64); return samlArtifactBase64; } catch (Throwable ex) { diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/data/AuthenticationSession.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/data/AuthenticationSession.java index 554b5012e..3d040d476 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/data/AuthenticationSession.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/data/AuthenticationSession.java @@ -64,6 +64,7 @@ public class AuthenticationSession { * HTML template URL */ private String templateURL; + /** * URL of the BKU */ @@ -363,14 +364,16 @@ public class AuthenticationSession { public String getTemplateURL() { return templateURL; } - + + /** * @param string the template URL */ public void setTemplateURL(String string) { templateURL = string; } - + + /** * Returns the SAML Attributes to be appended to the AUTHBlock. Maybe <code>null</code>. * diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/GetMISSessionIDServlet.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/GetMISSessionIDServlet.java index 4c0abdb0f..0270eb3cb 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/GetMISSessionIDServlet.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/GetMISSessionIDServlet.java @@ -16,6 +16,7 @@ import javax.servlet.http.HttpServletResponse; import org.apache.commons.fileupload.FileUploadException;
import org.apache.commons.lang.StringEscapeUtils;
+import at.gv.egovernment.moa.id.AuthenticationException;
import at.gv.egovernment.moa.id.BuildException;
import at.gv.egovernment.moa.id.MOAIDException;
import at.gv.egovernment.moa.id.auth.AuthenticationServer;
@@ -32,6 +33,7 @@ import at.gv.egovernment.moa.id.util.client.mis.simple.MISMandate; import at.gv.egovernment.moa.id.util.client.mis.simple.MISSimpleClient;
import at.gv.egovernment.moa.id.util.client.mis.simple.MISSimpleClientException;
import at.gv.egovernment.moa.logging.Logger;
+import at.gv.egovernment.moa.util.FileUtils;
/**
* Servlet requested for getting the foreign eID
@@ -143,8 +145,8 @@ public class GetMISSessionIDServlet extends AuthServlet { session.getSessionID());
Logger.debug(createXMLSignatureRequestOrRedirect);
-
- String request = getHTMLForm(createXMLSignatureRequestOrRedirect, session.getBkuURL(), dataurl);
+
+ String request = getHTMLForm(createXMLSignatureRequestOrRedirect, session.getBkuURL(), dataurl, session.getPublicOAURLPrefix());
resp.setContentType("text/html;charset=UTF-8");
PrintWriter out = new PrintWriter(resp.getOutputStream());
@@ -164,8 +166,8 @@ public class GetMISSessionIDServlet extends AuthServlet { }
}
- private static String getHTMLForm(String request, String bkuURI, String dataURL) throws BuildException {
- return new GetIdentityLinkFormBuilder().buildCreateSignature(bkuURI, request, dataURL);
+ private static String getHTMLForm(String request, String bkuURI, String dataURL, String oaUrl) throws BuildException {
+ return new GetIdentityLinkFormBuilder().buildCreateSignature(bkuURI, request, dataURL, oaUrl);
}
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/VerifyAuthenticationBlockServlet.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/VerifyAuthenticationBlockServlet.java index f1fb15be0..44a1f3098 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/VerifyAuthenticationBlockServlet.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/VerifyAuthenticationBlockServlet.java @@ -102,6 +102,7 @@ public class VerifyAuthenticationBlockServlet extends AuthServlet { resp.setHeader(MOAIDAuthConstants.HEADER_PRAGMA,MOAIDAuthConstants.HEADER_VALUE_PRAGMA); resp.setHeader(MOAIDAuthConstants.HEADER_CACHE_CONTROL,MOAIDAuthConstants.HEADER_VALUE_CACHE_CONTROL); resp.addHeader(MOAIDAuthConstants.HEADER_CACHE_CONTROL,MOAIDAuthConstants.HEADER_VALUE_CACHE_CONTROL_IE); + Map parameters; try @@ -142,8 +143,10 @@ public class VerifyAuthenticationBlockServlet extends AuthServlet { } resp.setContentType("text/html"); resp.setStatus(302); - resp.addHeader("Location", redirectURL); + + resp.addHeader("Location", redirectURL); Logger.debug("REDIRECT TO: " + redirectURL); + } catch (MOAIDException ex) { diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/ConfigurationBuilder.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/ConfigurationBuilder.java index b5275cdd5..5a598b03d 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/ConfigurationBuilder.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/ConfigurationBuilder.java @@ -94,6 +94,13 @@ public class ConfigurationBuilder { /** an XPATH-Expression */ protected static final String AUTH_TEMPLATE_XPATH = ROOT + CONF + "AuthComponent/" + CONF + "Templates/" + CONF + "Template/@URL"; + /** an XPATH-Expression */ + public static final String AUTH_TEMPLATE_ONLINEMANDATES_BKU_XPATH = + ROOT + CONF + "AuthComponent/" + CONF + "Templates/" + CONF + "OnlineMandates/" + CONF + "BKU"; + + + //protected static final String AUTH_MANDATE_TEMPLATE_XPATH = +// ROOT + CONF + "AuthComponent/" + CONF + "Templates/" + CONF + "MandateTemplate/@URL"; /** an XPATH-Expression */ protected static final String INPUT_PROCESSOR_TEMPLATE_XPATH = ROOT + CONF + "AuthComponent/" + CONF + "Templates/" + CONF + "InputProcessorSignTemplate/@URL"; @@ -145,6 +152,11 @@ public class ConfigurationBuilder { /** an XPATH-Expression */ protected static final String OA_AUTH_COMPONENT_TEMPLATE_XPATH = CONF + "Templates/" + CONF + "Template/@URL"; + /** an XPATH-Expression */ + public static final String OA_AUTH_COMPONENT_TEMPLATE_ONLINEMANDATES_BKU_XPATH = + CONF + "Templates/" + CONF + "OnlineMandates/" + CONF + "BKU"; + //protected static final String OA_AUTH_COMPONENT_MANDATE_TEMPLATE_XPATH = + //CONF + "Templates/" + CONF + "MandateTemplate/@URL"; /** an XPATH-Expression */ protected static final String OA_AUTH_COMPONENT_TRANSFORMS_INFO_FILENAME_XPATH = CONF + "TransformsInfo/@filename"; /** an XPATH-Expression */ @@ -465,10 +477,12 @@ public class ConfigurationBuilder { String bkuSelectionTemplateURL = XPathUtils.getAttributeValue(configElem_, AUTH_BKUSELECT_TEMPLATE_XPATH, null); String templateURL = - XPathUtils.getAttributeValue(configElem_, AUTH_TEMPLATE_XPATH, null); + XPathUtils.getAttributeValue(configElem_, AUTH_TEMPLATE_XPATH, null); String inputProcessorSignTemplateURL = XPathUtils.getAttributeValue(configElem_, INPUT_PROCESSOR_TEMPLATE_XPATH, null); + OnlineMandatesTemplates[] templatesOnlineMandates = buildTemplateOnlineMandates(configElem_); + List OA_set = new ArrayList(); NodeList OAIter = XPathUtils.selectNodeList(configElem_, OA_XPATH); @@ -536,7 +550,9 @@ public class ConfigurationBuilder { oap.setProvideIdentityLink(BoolUtils.valueOf(authComponent.getAttribute("provideIdentityLink"))); oap.setProvideCertificate(BoolUtils.valueOf(authComponent.getAttribute("provideCertificate"))); oap.setBkuSelectionTemplateURL(buildTemplateURL(authComponent, OA_AUTH_COMPONENT_BKUSELECT_TEMPLATE_XPATH, bkuSelectionTemplateURL)); - oap.setTemplateURL(buildTemplateURL(authComponent, OA_AUTH_COMPONENT_TEMPLATE_XPATH, templateURL)); + oap.setTemplateURL(buildTemplateURL(authComponent, OA_AUTH_COMPONENT_TEMPLATE_XPATH, templateURL)); + oap.setTemplateOnlineMandates(buildTemplateOnlineMandatesOA(authComponent, templatesOnlineMandates)); + oap.setInputProcessorSignTemplateURL(buildTemplateURL(authComponent, INPUT_PROCESSOR_TEMPLATE_XPATH, inputProcessorSignTemplateURL)); // load OA specific transforms if present String[] transformsInfoFileNames = buildTransformsInfoFileNames(authComponent, OA_AUTH_COMPONENT_TRANSFORMS_INFO_FILENAME_XPATH); @@ -590,6 +606,77 @@ public class ConfigurationBuilder { } return templateURL; } + + + + protected OnlineMandatesTemplates[] buildTemplateOnlineMandates(Node contextNode) { + String xpathExpr = AUTH_TEMPLATE_ONLINEMANDATES_BKU_XPATH; + List onlineMandatesTemplatesList = new ArrayList(); + + NodeIterator bkuIter = XPathUtils.selectNodeIterator(contextNode, xpathExpr); + + Element bkuElem; + while ((bkuElem = (Element) bkuIter.nextNode()) != null) { + String bkuUrl = XPathUtils.getAttributeValue(bkuElem, "@URL", null); + String moaidTemplateUrl = XPathUtils.getAttributeValue(bkuElem, CONF + "MOA-ID-Template/@URL", null); + String mandateTemplateUrl = XPathUtils.getAttributeValue(bkuElem, CONF + "MandateTemplate/@URL", null); + + OnlineMandatesTemplates template = new OnlineMandatesTemplates(); + template.setBkuURL(bkuUrl); + if (moaidTemplateUrl != null) { + moaidTemplateUrl = FileUtils.makeAbsoluteURL(moaidTemplateUrl, rootConfigFileDir_); + } + if (moaidTemplateUrl != null) { + mandateTemplateUrl = FileUtils.makeAbsoluteURL(mandateTemplateUrl, rootConfigFileDir_); + } + template.setMoaIdTemplateURL(moaidTemplateUrl); + template.setMandatesTemplateURL(mandateTemplateUrl); + + onlineMandatesTemplatesList.add(template); + + } + + if (onlineMandatesTemplatesList.isEmpty()) + return null; + + OnlineMandatesTemplates[] onlinemandatesTemplates = new OnlineMandatesTemplates[onlineMandatesTemplatesList.size()]; + onlineMandatesTemplatesList.toArray(onlinemandatesTemplates); + + return onlinemandatesTemplates; + + } + + protected OnlineMandatesTemplates[] buildTemplateOnlineMandatesOA(Node contextNode, OnlineMandatesTemplates[] defaultTemplatesOnlineMandates) { + + String xpathExpr = OA_AUTH_COMPONENT_TEMPLATE_ONLINEMANDATES_BKU_XPATH; + List onlineMandatesTemplatesList = new ArrayList(); + + NodeIterator bkuIter = XPathUtils.selectNodeIterator(contextNode, xpathExpr); + + Element bkuElem; + while ((bkuElem = (Element) bkuIter.nextNode()) != null) { + String bkuUrl = XPathUtils.getAttributeValue(bkuElem, "@URL", null); + String moaidTemplateUrl = XPathUtils.getAttributeValue(bkuElem, CONF + "MOA-ID-Template/@URL", null); + String mandateTemplateUrl = XPathUtils.getAttributeValue(bkuElem, CONF + "MandateTemplate/@URL", null); + + OnlineMandatesTemplates template = new OnlineMandatesTemplates(); + template.setBkuURL(bkuUrl); + template.setMoaIdTemplateURL(moaidTemplateUrl); + template.setMandatesTemplateURL(mandateTemplateUrl); + + onlineMandatesTemplatesList.add(template); + + } + + if (onlineMandatesTemplatesList.isEmpty()) + return defaultTemplatesOnlineMandates; + + OnlineMandatesTemplates[] onlinemandatesTemplates = new OnlineMandatesTemplates[onlineMandatesTemplatesList.size()]; + onlineMandatesTemplatesList.toArray(onlinemandatesTemplates); + + return onlinemandatesTemplates; + + } /** diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/OnlineMandatesTemplates.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/OnlineMandatesTemplates.java new file mode 100644 index 000000000..9ff2467a0 --- /dev/null +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/OnlineMandatesTemplates.java @@ -0,0 +1,54 @@ +package at.gv.egovernment.moa.id.config;
+
+public class OnlineMandatesTemplates {
+
+ private String bkuURL;
+
+ private String moaIdTemplateURL;
+
+ private String mandatesTemplateURL;
+
+ /**
+ * @return the bkuURL
+ */
+ public String getBkuURL() {
+ return bkuURL;
+ }
+
+ /**
+ * @param bkuURL the bkuURL to set
+ */
+ public void setBkuURL(String bkuURL) {
+ this.bkuURL = bkuURL;
+ }
+
+ /**
+ * @return the moaIdTemplateURL
+ */
+ public String getMoaIdTemplateURL() {
+ return moaIdTemplateURL;
+ }
+
+ /**
+ * @param moaIdTemplateURL the moaIdTemplateURL to set
+ */
+ public void setMoaIdTemplateURL(String moaIdTemplateURL) {
+ this.moaIdTemplateURL = moaIdTemplateURL;
+ }
+
+ /**
+ * @return the mandatesTemplateURL
+ */
+ public String getMandatesTemplateURL() {
+ return mandatesTemplateURL;
+ }
+
+ /**
+ * @param mandatesTemplateURL the mandatesTemplateURL to set
+ */
+ public void setMandatesTemplateURL(String mandatesTemplateURL) {
+ this.mandatesTemplateURL = mandatesTemplateURL;
+ }
+
+
+}
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/auth/OAAuthParameter.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/auth/OAAuthParameter.java index aa5aa21a3..fbaf32c1c 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/auth/OAAuthParameter.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/auth/OAAuthParameter.java @@ -16,6 +16,7 @@ package at.gv.egovernment.moa.id.config.auth; import at.gv.egovernment.moa.id.config.OAParameter; +import at.gv.egovernment.moa.id.config.OnlineMandatesTemplates; /** * Configuration parameters belonging to an online application, @@ -79,6 +80,8 @@ public class OAAuthParameter extends OAParameter { * template for web page "Anmeldung mit Bürgerkarte" */ private String templateURL; + + private OnlineMandatesTemplates[] templateOnlineMandates; /** * template for web page "Signatur der Anmeldedaten" */ @@ -167,7 +170,8 @@ public class OAAuthParameter extends OAParameter { return provideCertificate; } - /** + +/** * Returns the key box identifier. * @return String */ @@ -193,6 +197,7 @@ public class OAAuthParameter extends OAParameter { return templateURL; } + /** * Returns the inputProcessorSignTemplateURL url. * @return The inputProcessorSignTemplateURL url or <code>null</code> if no url for @@ -239,6 +244,21 @@ public class OAAuthParameter extends OAParameter { this.transformsInfos = transformsInfos; } /** + * @return the templateOnlineMandates + */ +public OnlineMandatesTemplates[] getTemplateOnlineMandates() { + return templateOnlineMandates; +} + +/** + * @param templateOnlineMandates the templateOnlineMandates to set + */ +public void setTemplateOnlineMandates( + OnlineMandatesTemplates[] templateOnlineMandates) { + this.templateOnlineMandates = templateOnlineMandates; +} + +/** * Sets the provideAuthBlock. * @param provideAuthBlock The provideAuthBlock to set */ @@ -295,7 +315,7 @@ public class OAAuthParameter extends OAParameter { public void setTemplateURL(String templateURL) { this.templateURL = templateURL; } - + /** * Sets the input processor sign form template url. * diff --git a/id/server/idserverlib/src/main/resources/resources/properties/id_messages_de.properties b/id/server/idserverlib/src/main/resources/resources/properties/id_messages_de.properties index f206f6bbb..b8ee6ac68 100644 --- a/id/server/idserverlib/src/main/resources/resources/properties/id_messages_de.properties +++ b/id/server/idserverlib/src/main/resources/resources/properties/id_messages_de.properties @@ -70,6 +70,7 @@ parser.07=Fehler beim Parsen: Assoziatives Array im {0}-InfoboxResponse enthält builder.00=Fehler beim Aufbau der Struktur "{0}": {1}
builder.01=Fehlerhaftes Template: Kennung "{0}" fehlt
builder.02=Fehler beim Ausblenden von Stammzahlen
+builder.03=Fehler beim Aufbau des HTML Codes für Vollmachten
service.00=Fehler beim Aufruf des Web Service: {0}
service.01=Fehler beim Aufruf des Web Service: kein Endpoint
|