diff options
Diffstat (limited to 'id/server/idserverlib')
22 files changed, 1236 insertions, 399 deletions
| diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/AuthenticationServer.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/AuthenticationServer.java index 911920e83..9abbf2970 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/AuthenticationServer.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/AuthenticationServer.java @@ -389,95 +389,31 @@ public class AuthenticationServer implements MOAIDAuthConstants {  	 * @see GetIdentityLinkFormBuilder  	 * @see InfoboxReadRequestBuilder  	 */ -	public String startAuthentication(String authURL, String target, -			String targetFriendlyName, String oaURL, String templateURL, -			String bkuURL, String useMandate, String sessionID, String scheme, -			String sourceID, String modul, String action) throws WrongParametersException, +	public String startAuthentication(AuthenticationSession session, String scheme) throws WrongParametersException,  			AuthenticationException, ConfigurationException, BuildException { -		String useMandateString = null; -		boolean useMandateBoolean = false; -		if ((useMandate != null) && (useMandate.compareTo("") != 0)) { -			useMandateString = useMandate; -		} else { -			useMandateString = "false"; -		} - -		if (useMandateString.compareToIgnoreCase("true") == 0) -			useMandateBoolean = true; -		else -			useMandateBoolean = false; - -		if (isEmpty(sessionID)) { -			if (isEmpty(authURL)) -				throw new WrongParametersException("StartAuthentication", -						"AuthURL", "auth.05"); - -			// check if HTTP Connection may be allowed (through -			// FRONTEND_SERVLETS_ENABLE_HTTP_CONNECTION_PROPERTY) -			String boolStr = AuthConfigurationProvider -					.getInstance() -					.getGenericConfigurationParameter( -							AuthConfigurationProvider.FRONTEND_SERVLETS_ENABLE_HTTP_CONNECTION_PROPERTY); -			if ((!authURL.startsWith("https:")) -					&& (false == BoolUtils.valueOf(boolStr))) -				throw new AuthenticationException("auth.07", -						new Object[] { authURL + "*" }); -			if (isEmpty(oaURL)) -				throw new WrongParametersException("StartAuthentication", -						PARAM_OA, "auth.05"); +		if (session == null) { +			throw new AuthenticationException("auth.18", new Object[] { });  		} -		AuthenticationSession session; -		OAAuthParameter oaParam; -		if (sessionID != null) { -			session = getSession(sessionID); -			oaParam = AuthConfigurationProvider.getInstance() -					.getOnlineApplicationParameter( -							session.getPublicOAURLPrefix()); -		} else { -			oaParam = AuthConfigurationProvider.getInstance() -					.getOnlineApplicationParameter(oaURL); -			if (oaParam == null) -				throw new AuthenticationException("auth.00", -						new Object[] { oaURL }); -			if (!oaParam.getBusinessService()) { -				if (isEmpty(target)) -					throw new WrongParametersException("StartAuthentication", -							PARAM_TARGET, "auth.05"); -			} else { -				if (useMandateBoolean) { -					Logger -							.error("Online-Mandate Mode for bussines application not supported."); -					throw new AuthenticationException("auth.17", null); -				} -				target = null; -				targetFriendlyName = null; -			} -			session = newSession(); -			Logger.info("MOASession " + session.getSessionID() + " angelegt"); -			session.setTarget(target); -			session.setTargetFriendlyName(targetFriendlyName); -			session.setOAURLRequested(oaURL); -			session.setPublicOAURLPrefix(oaParam.getPublicURLPrefix()); -			session.setAuthURL(authURL); -			session.setTemplateURL(templateURL); -			session.setBusinessService(oaParam.getBusinessService()); -			session.setModul(modul); -			session.setAction(action); -			if (sourceID != null) -				session.setSourceID(sourceID); -		} -		// BKU URL has not been set yet, even if session already exists -		if (bkuURL == null) { -			if (scheme != null && scheme.equalsIgnoreCase("https")) { -				bkuURL = DEFAULT_BKU_HTTPS; -			} else { -				bkuURL = DEFAULT_BKU; +		 +		//load OnlineApplication configuration +	    OAAuthParameter oaParam = +		          AuthConfigurationProvider.getInstance().getOnlineApplicationParameter(session.getPublicOAURLPrefix()); +		        if (oaParam == null) +		          throw new AuthenticationException("auth.00", new Object[] { session.getPublicOAURLPrefix() }); +		 +		//load Template +		String template = null; +		if (session.getTemplateURL() != null) { +			try { +				template = new String(FileUtils.readURL(session.getTemplateURL())); +			} catch (IOException ex) { +				throw new AuthenticationException("auth.03", new Object[] { +						session.getTemplateURL(), ex.toString() }, ex);  			}  		} -		session.setBkuURL(bkuURL); -		session.setDomainIdentifier(oaParam.getIdentityLinkDomainIdentifier()); -		session.setUseMandate(useMandateString); + +		//build ReadInfobox request         		String infoboxReadRequest = new InfoboxReadRequestBuilder().build(  				oaParam.getSlVersion12(), oaParam.getBusinessService(), oaParam  						.getIdentityLinkDomainIdentifier()); @@ -485,22 +421,7 @@ public class AuthenticationServer implements MOAIDAuthConstants {  		String dataURL = new DataURLBuilder().buildDataURL(  				session.getAuthURL(), REQ_VERIFY_IDENTITY_LINK, session  						.getSessionID()); -		String template = null; -		// override template url by url from configuration file -		if (oaParam.getTemplateURL() != null) { -			templateURL = oaParam.getTemplateURL(); -		} else { -			templateURL = session.getTemplateURL(); -		} -		if (templateURL != null) { -			try { -				template = new String(FileUtils.readURL(templateURL)); -			} catch (IOException ex) { -				throw new AuthenticationException("auth.03", new Object[] { -						templateURL, ex.toString() }, ex); -			} -		} - +		  		String pushInfobox = "";  		VerifyInfoboxParameters verifyInfoboxParameters = oaParam  				.getVerifyInfoboxParameters(); @@ -509,21 +430,17 @@ public class AuthenticationServer implements MOAIDAuthConstants {  			session.setPushInfobox(pushInfobox);  		} -		try { -			AuthenticationSessionStoreage.storeSession(session); -			 -		} catch (MOADatabaseException e) { -			throw new AuthenticationException("", null); -		} -		 +		//build CertInfo request  		String certInfoRequest = new CertInfoVerifyXMLSignatureRequestBuilder()  				.build(oaParam.getSlVersion12());  		String certInfoDataURL = new DataURLBuilder()  				.buildDataURL(session.getAuthURL(), REQ_START_AUTHENTICATION,  						session.getSessionID()); +		  		String htmlForm = new GetIdentityLinkFormBuilder().build(template, -				bkuURL, infoboxReadRequest, dataURL, certInfoRequest, +				session.getBkuURL(), infoboxReadRequest, dataURL, certInfoRequest,  				certInfoDataURL, pushInfobox); +		  		return htmlForm;  	} @@ -2311,6 +2228,8 @@ public class AuthenticationServer implements MOAIDAuthConstants {  			throws AuthenticationException, BuildException, ParseException,  			ConfigurationException, ServiceException, ValidateException { +		//TODO: CHECK if STORK parts works correct!!!! +		  		if (isEmpty(sessionID))  			throw new AuthenticationException("auth.10", new Object[] {  					REQ_VERIFY_AUTH_BLOCK, PARAM_SESSIONID }); @@ -2784,46 +2703,21 @@ public class AuthenticationServer implements MOAIDAuthConstants {  	public static void startSTORKAuthentication(  			HttpServletRequest req,  			HttpServletResponse resp,  -			String ccc, -			String oaURL, -			String target, -			String targetFriendlyName, -			String authURL, -			String sourceID, -			String modul, -			String action) throws MOAIDException, AuthenticationException, WrongParametersException, ConfigurationException { +			AuthenticationSession moasession) throws MOAIDException, AuthenticationException, WrongParametersException, ConfigurationException { -		//read configuration paramters of OA -		OAAuthParameter oaParam = AuthConfigurationProvider.getInstance().getOnlineApplicationParameter(oaURL); -		if (oaParam == null) -				throw new AuthenticationException("auth.00", new Object[] { oaURL }); -		 -		if (!oaParam.getBusinessService()) { -			if (StringUtils.isEmpty(target)) -				throw new WrongParametersException("StartAuthentication", PARAM_TARGET, "auth.05"); -		} else {		 -			target = null;			 +		if (moasession == null) { +			throw new AuthenticationException("auth.18", new Object[] { });  		} -		//create MOA session -		AuthenticationSession moaSession = newSession(); -		Logger.info("MOASession " + moaSession.getSessionID() + " angelegt"); -		moaSession.setTarget(target); -		moaSession.setTargetFriendlyName(targetFriendlyName); -		moaSession.setOAURLRequested(oaURL); -		moaSession.setPublicOAURLPrefix(oaParam.getPublicURLPrefix()); -		moaSession.setAuthURL(authURL);		 -		moaSession.setBusinessService(oaParam.getBusinessService()); -		moaSession.setDomainIdentifier(oaParam.getIdentityLinkDomainIdentifier()); -		moaSession.setAction(action); -		moaSession.setModul(modul); -		if (sourceID != null) -			moaSession.setSourceID(sourceID); +		//read configuration paramters of OA +		OAAuthParameter oaParam = AuthConfigurationProvider.getInstance().getOnlineApplicationParameter(moasession.getPublicOAURLPrefix()); +		if (oaParam == null) +				throw new AuthenticationException("auth.00", new Object[] { moasession.getPublicOAURLPrefix() });  		//Start of STORK Processing		  		STORKConfig storkConfig = AuthConfigurationProvider.getInstance().getStorkConfig(); -		CPEPS cpeps = storkConfig.getCPEPS(ccc); +		CPEPS cpeps = storkConfig.getCPEPS(moasession.getCcc());  		Logger.debug("Preparing to assemble STORK AuthnRequest witht the following values:");		      	String destination = cpeps.getPepsURL().toExternalForm();    	 @@ -2838,7 +2732,7 @@ public class AuthenticationServer implements MOAIDAuthConstants {      	QualityAuthenticationAssuranceLevel qaaLevel = null;//TODO UNCOMMENT AGAIN !! = STORKMessagesBuilder.buildQualityAuthenticationAssuranceLevel(oaParam.getQaaLevel().getValue()); -    	Logger.debug("QAALevel: " + qaaLevel.getValue()); +    	//Logger.debug("QAALevel: " + qaaLevel.getValue());      	RequestedAttributes requestedAttributes = null; @@ -2850,7 +2744,7 @@ public class AuthenticationServer implements MOAIDAuthConstants {      	//check if country specific attributes must be additionally requested      	if (!cpeps.getCountrySpecificRequestedAttributes().isEmpty()) {      		//add country specific attributes to be requested (Hierarchy: default oa attributes > country specific attributes > oa specific attributes -    		Logger.debug("We have addtional country specific attributes to be requested from the C-PEPS of country: " + ccc); +    		Logger.debug("We have addtional country specific attributes to be requested from the C-PEPS of country: " + moasession.getCcc());      		Logger.debug("The following attributes are requested for this specific country:");      		List<RequestedAttribute> countrySpecificReqAttributeList = new ArrayList<RequestedAttribute>(cpeps.getCountrySpecificRequestedAttributes());      		for (RequestedAttribute csReqAttr : countrySpecificReqAttributeList) { @@ -2888,13 +2782,13 @@ public class AuthenticationServer implements MOAIDAuthConstants {  			}  		} -    	String spSector = StringUtils.isEmpty(target) ? "Business" : target; +    	String spSector = StringUtils.isEmpty(moasession.getTarget()) ? "Business" : moasession.getTarget();      	String spInstitution = StringUtils.isEmpty(oaParam.getFriendlyName()) ? "UNKNOWN" : oaParam.getFriendlyName();      	String spApplication = spInstitution;      	String spCountry = "AT";      	String textToBeSigned =  -    		CreateXMLSignatureRequestBuilder.buildForeignIDTextToBeSigned("wie im  Signaturzertifikat (as in my signature certificate)", oaParam, moaSession); +    		CreateXMLSignatureRequestBuilder.buildForeignIDTextToBeSigned("wie im  Signaturzertifikat (as in my signature certificate)", oaParam, moasession);      	//generate AuthnRquest    	      	STORKAuthnRequest storkAuthnRequest = STORKAuthnRequestProcessor.generateSTORKAuthnRequest( @@ -2944,9 +2838,9 @@ public class AuthenticationServer implements MOAIDAuthConstants {  		Logger.debug("STORK AuthnRequest successfully internally validated.");  		//send -		moaSession.setStorkAuthnRequest(storkAuthnRequest); +		moasession.setStorkAuthnRequest(storkAuthnRequest);  		HttpSession httpSession = req.getSession(); -		httpSession.setAttribute("MOA-Session-ID", moaSession.getSessionID()); +		httpSession.setAttribute("MOA-Session-ID", moasession.getSessionID());  		Logger.debug("Preparing to send STORK AuthnRequest."); diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/MOAIDAuthConstants.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/MOAIDAuthConstants.java index 01c875533..47bf61db4 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/MOAIDAuthConstants.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/MOAIDAuthConstants.java @@ -24,6 +24,9 @@  package at.gv.egovernment.moa.id.auth; +import java.util.Arrays; +import java.util.List; +  import iaik.asn1.ObjectID; @@ -118,5 +121,12 @@ public interface MOAIDAuthConstants {    public static final String PARTY_REPRESENTATION_OID_NUMBER = "1.2.40.0.10.3";    /** the number of the certifcate extension for party organ representatives */    public static final String PARTY_ORGAN_REPRESENTATION_OID_NUMBER = PARTY_REPRESENTATION_OID_NUMBER + ".10"; +   +  /**BKU type identifiers to use bkuURI from configuration*/  +  public static final String REQ_BKU_TYPE_LOCAL = "local"; +  public static final String REQ_BKU_TYPE_ONLINE = "online";  +  public static final String REQ_BKU_TYPE_HANDY = "handy";  +  public static final List<String> REQ_BKU_TYPES = Arrays.asList(REQ_BKU_TYPE_LOCAL, REQ_BKU_TYPE_ONLINE, REQ_BKU_TYPE_HANDY); +  } diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/AuthenticationBlockAssertionBuilder.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/AuthenticationBlockAssertionBuilder.java index 412f1db81..897933ea0 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/AuthenticationBlockAssertionBuilder.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/AuthenticationBlockAssertionBuilder.java @@ -26,8 +26,13 @@ package at.gv.egovernment.moa.id.auth.builder;  import java.io.StringWriter;  import java.text.MessageFormat; +import java.text.SimpleDateFormat; +import java.util.Calendar; +import java.util.Date;  import java.util.List; +import java.util.Locale; +import javax.xml.bind.DatatypeConverter;  import javax.xml.transform.Result;  import javax.xml.transform.Source;  import javax.xml.transform.Transformer; @@ -49,6 +54,7 @@ import at.gv.egovernment.moa.id.config.ConfigurationException;  import at.gv.egovernment.moa.id.config.TargetToSectorNameMapper;  import at.gv.egovernment.moa.id.config.auth.AuthConfigurationProvider;  import at.gv.egovernment.moa.id.config.auth.OAAuthParameter; +import at.gv.egovernment.moa.id.config.proxy.OAConfiguration;  import at.gv.egovernment.moa.id.util.Random;  import at.gv.egovernment.moa.logging.Logger;  import at.gv.egovernment.moa.util.Constants; @@ -79,6 +85,7 @@ public class AuthenticationBlockAssertionBuilder extends AuthenticationAssertion      "     <saml:AttributeValue>{6}</saml:AttributeValue>" + NL +      "   </saml:Attribute>" + NL +      "{7}" + +    "{8}" +      " </saml:AttributeStatement>" + NL +      "</saml:Assertion>"; @@ -97,6 +104,11 @@ public class AuthenticationBlockAssertionBuilder extends AuthenticationAssertion      "     </saml:AttributeValue>" + NL +      "   </saml:Attribute>" + NL; +  private static String SPECIAL_TEXT_ATTRIBUTE = +		    "   <saml:Attribute AttributeName=''SpecialText'' AttributeNamespace=''" + MOA_NS_URI + "''>" + NL + +		    "     <saml:AttributeValue>{0}</saml:AttributeValue>" + NL +   +		    "   </saml:Attribute>" + NL; +      private static String PR_IDENTIFICATION_ATTRIBUTE =              "       <pr:Identification xmlns:pr=\"" + PD_NS_URI + "\">" + NL + @@ -107,7 +119,7 @@ public class AuthenticationBlockAssertionBuilder extends AuthenticationAssertion    /**     * The number of SAML attributes included in this AUTH-Block (without the extended SAML attributes).     */ -  public static final int NUM_OF_SAML_ATTRIBUTES = 3; +  public static final int NUM_OF_SAML_ATTRIBUTES = 4;    /**     * Constructor for AuthenticationBlockAssertionBuilder. @@ -172,8 +184,7 @@ public class AuthenticationBlockAssertionBuilder extends AuthenticationAssertion        Logger.error("Error on building AUTH-Block: " + e.getMessage());           throw new BuildException("builder.00", new Object[] { "AUTH-Block", e.toString()});     } -     -     +             if (target == null) {        // OA is a business application        if (!Constants.URN_PREFIX_HPI.equals(identityLinkType)) { @@ -252,6 +263,15 @@ public class AuthenticationBlockAssertionBuilder extends AuthenticationAssertion      extendedSAMLAttributes.add(oaFriendlyNameAttribute); +     +    //TODO: load special text from OAconfig  +    String text = "Hiermit bestätige ich, #NAME#, die Übernahme sämtlicher eingelangter Zustellstücke zum #DATE# um #TIME#."; +    //String text = ""; +     +     +   	String specialText =  MessageFormat.format(SPECIAL_TEXT_ATTRIBUTE,  +   			new Object[] { generateSpecialText(text, issuer, issueInstant) }); +          String assertion;      try {    	        assertion = MessageFormat.format( @@ -263,6 +283,7 @@ public class AuthenticationBlockAssertionBuilder extends AuthenticationAssertion            gebeORwbpk,             oaURL,             gebDat, +          specialText,            buildExtendedSAMLAttributes(extendedSAMLAttributes)});      } catch (ParseException e) {        Logger.error("Error on building AUTH-Block: " + e.getMessage()); @@ -385,6 +406,13 @@ public class AuthenticationBlockAssertionBuilder extends AuthenticationAssertion      extendedSAMLAttributes.add(oaFriendlyNameAttribute);      //..BZ +    //TODO: load special text from OAconfig  +    //String text = "Hiermit bestätige ich, #NAME#, die Übernahme sämtlicher eingelangter Zustellstücke zum #DATE# um #TIME#."; +    String text = ""; +     +   	String specialText =  MessageFormat.format(SPECIAL_TEXT_ATTRIBUTE,  +   			new Object[] { generateSpecialText(text, issuer, issueInstant) }); +          String assertion;      try {        assertion = MessageFormat.format( @@ -396,6 +424,7 @@ public class AuthenticationBlockAssertionBuilder extends AuthenticationAssertion            gebeORwbpk,             oaURL,             gebDat, +          specialText,            buildExtendedSAMLAttributes(extendedSAMLAttributes)});      } catch (ParseException e) {        Logger.error("Error on building AUTH-Block: " + e.getMessage()); @@ -406,6 +435,17 @@ public class AuthenticationBlockAssertionBuilder extends AuthenticationAssertion    } +  public static String generateSpecialText(String inputtext, String issuer, String issueInstant) { +	   	Calendar datetime = DatatypeConverter.parseDateTime(issueInstant); +	   	SimpleDateFormat dateformat = new SimpleDateFormat("dd.MM.yyyy"); +	   	SimpleDateFormat timeformat = new SimpleDateFormat("HH:mm:ss"); +	  +	   	String text = inputtext.replaceAll("#NAME#", issuer); +	   	text = text.replaceAll("#DATE#", dateformat.format(datetime.getTime())); +	   	text = text.replaceAll("#TIME#", timeformat.format(datetime.getTime())); +	   	 +	   	return text; +  }    public static String xmlToString(Node node) {        try { diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/LoginFormBuilder.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/LoginFormBuilder.java index 5191a2f81..83b7ae592 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/LoginFormBuilder.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/LoginFormBuilder.java @@ -10,11 +10,12 @@ import at.gv.egovernment.moa.logging.Logger;  public class LoginFormBuilder { +	private static String SERVLET = "GenerateIframeTemplate"; +	  	private static String AUTH_URL = "#AUTH_URL#"; -	private static String OA_URL = "#OA_URL#"; -	private static String RED_URL = "#RED_URL#";  	private static String MODUL = "#MODUL#";  	private static String ACTION = "#ACTION#"; +	private static String OANAME = "#OAName#";  	private static String template; @@ -29,7 +30,7 @@ public class LoginFormBuilder {  				StringWriter writer = new StringWriter();  				IOUtils.copy(input, writer);  				template = writer.toString(); -				template = template.replace(AUTH_URL, "StartBKUAuthentication"); +				template = template.replace(AUTH_URL, SERVLET);  			} catch (Exception e) {  				Logger.error("Failed to read template", e);  			} @@ -38,11 +39,10 @@ public class LoginFormBuilder {  		return template;  	} -	public static String buildLoginForm(String oaURL, String modul, String action) { +	public static String buildLoginForm(String modul, String action, String oaname) {  		String value = getTemplate();  		if(value != null) { -			value = value.replace(OA_URL, oaURL);  			if(modul == null) {  				modul = SAML1Protocol.PATH;  			} @@ -51,6 +51,7 @@ public class LoginFormBuilder {  			}  			value = value.replace(MODUL, modul);  			value = value.replace(ACTION, action); +			value = value.replace(OANAME, oaname);  		}  		return value;  	} diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/StartAuthenticationBuilder.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/StartAuthenticationBuilder.java new file mode 100644 index 000000000..8a9c2b4fd --- /dev/null +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/StartAuthenticationBuilder.java @@ -0,0 +1,56 @@ +package at.gv.egovernment.moa.id.auth.builder; + +import javax.servlet.http.HttpServletRequest; +import javax.servlet.http.HttpServletResponse; + +import at.gv.egovernment.moa.id.AuthenticationException; +import at.gv.egovernment.moa.id.MOAIDException; +import at.gv.egovernment.moa.id.auth.AuthenticationServer; +import at.gv.egovernment.moa.id.auth.WrongParametersException; +import at.gv.egovernment.moa.id.auth.data.AuthenticationSession; +import at.gv.egovernment.moa.id.config.auth.AuthConfigurationProvider; +import at.gv.egovernment.moa.id.config.stork.STORKConfig; +import at.gv.egovernment.moa.logging.Logger; +import at.gv.egovernment.moa.util.StringUtils; + +public class StartAuthenticationBuilder { + +	private static StartAuthenticationBuilder instance = null; +	 +	public static StartAuthenticationBuilder getInstance() { +		if (instance == null) { +			instance = new StartAuthenticationBuilder(); +		} +		return instance; +	} +	 +	 +	public String build(AuthenticationSession moasession, HttpServletRequest req, +			HttpServletResponse resp) throws WrongParametersException, MOAIDException { +		 +		if (moasession == null) { +			throw new AuthenticationException("auth.18", new Object[] { }); +		} +		   +	    STORKConfig storkConfig = AuthConfigurationProvider.getInstance().getStorkConfig(); +	     +	    Logger.info("Starting authentication for a citizen of country: " + (StringUtils.isEmpty(moasession.getCcc()) ? "AT" : moasession.getCcc()));     +	    // STORK or normal authentication +	    if (storkConfig.isSTORKAuthentication(moasession.getCcc())) { +	    	//STORK authentication +	    	Logger.trace("Found C-PEPS configuration for citizen of country: " + moasession.getCcc()); +	    	Logger.debug("Starting STORK authentication"); +	    	 +	    	AuthenticationServer.startSTORKAuthentication(req, resp, moasession); +	    	return ""; +	    	 +	    } else { +	    	//normal MOA-ID authentication +	    	Logger.debug("Starting normal MOA-ID authentication"); +		    			    	    	 +	    	String getIdentityLinkForm = AuthenticationServer.getInstance().startAuthentication(moasession, req.getScheme());	    + +	    	return getIdentityLinkForm; +	    } +	} +} diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/data/AuthenticationSession.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/data/AuthenticationSession.java index e023acafa..22a3337e3 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/data/AuthenticationSession.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/data/AuthenticationSession.java @@ -113,6 +113,12 @@ public class AuthenticationSession implements Serializable {  	 */  	private boolean useMandate; +	 +	/** +	 * STORK +	 */ +	private String ccc; +	  	/**  	 * Reference value for mandate  	 */ @@ -1025,6 +1031,16 @@ public class AuthenticationSession implements Serializable {  	public void setStorkAuthnRequest(STORKAuthnRequest storkAuthnRequest) {  		this.storkAuthnRequest = storkAuthnRequest;  	} + +	public String getCcc() { +		return ccc; +	} + +	public void setCcc(String ccc) { +		this.ccc = ccc; +	} +	 +	  //	public CreateXMLSignatureResponse getXMLCreateSignatureResponse() {  //		return XMLCreateSignatureResponse; diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/parser/StartAuthentificationParameterParser.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/parser/StartAuthentificationParameterParser.java new file mode 100644 index 000000000..1d3c82aaf --- /dev/null +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/parser/StartAuthentificationParameterParser.java @@ -0,0 +1,239 @@ +package at.gv.egovernment.moa.id.auth.parser; + +import javax.servlet.http.HttpServletRequest; +import javax.servlet.http.HttpServletResponse; +import javax.servlet.http.HttpSession; + +import org.apache.commons.lang.StringEscapeUtils; + +import at.gv.egovernment.moa.id.AuthenticationException; +import at.gv.egovernment.moa.id.MOAIDException; +import at.gv.egovernment.moa.id.auth.MOAIDAuthConstants; +import at.gv.egovernment.moa.id.auth.WrongParametersException; +import at.gv.egovernment.moa.id.auth.data.AuthenticationSession; +import at.gv.egovernment.moa.id.config.auth.AuthConfigurationProvider; +import at.gv.egovernment.moa.id.config.auth.OAAuthParameter; +import at.gv.egovernment.moa.id.moduls.IRequest; +import at.gv.egovernment.moa.id.moduls.RequestStorage; +import at.gv.egovernment.moa.id.protocols.saml1.SAML1Protocol; +import at.gv.egovernment.moa.id.util.ParamValidatorUtils; +import at.gv.egovernment.moa.logging.Logger; +import at.gv.egovernment.moa.util.BoolUtils; +import at.gv.egovernment.moa.util.StringUtils; + +public class StartAuthentificationParameterParser implements MOAIDAuthConstants{ + +	public static void parse(AuthenticationSession moasession,  +			String target, +			String sourceID, +			String oaURL, +			String bkuURL, +			String templateURL, +			String useMandate, +			String ccc, +			String module, +			String action, +			HttpServletRequest req) throws WrongParametersException, MOAIDException { +		 +		String targetFriendlyName = null; +		 +	    // escape parameter strings +	    //TODO: use URLEncoder.encode!! +	    target = StringEscapeUtils.escapeHtml(target); +	    sourceID = StringEscapeUtils.escapeHtml(sourceID); +	    oaURL = StringEscapeUtils.escapeHtml(oaURL); +	    bkuURL = StringEscapeUtils.escapeHtml(bkuURL); +	    templateURL = StringEscapeUtils.escapeHtml(templateURL); +	    useMandate = StringEscapeUtils.escapeHtml(useMandate); +	    ccc = StringEscapeUtils.escapeHtml(ccc); + +	      // check parameter +		if (!ParamValidatorUtils.isValidOA(oaURL)) +         throw new WrongParametersException("StartAuthentication", PARAM_OA, "auth.12"); +	    if (!ParamValidatorUtils.isValidBKUURI(bkuURL)) +	       throw new WrongParametersException("StartAuthentication", PARAM_BKU, "auth.12"); +	    if (!ParamValidatorUtils.isValidTemplate(req, templateURL)) +	       throw new WrongParametersException("StartAuthentication", PARAM_TEMPLATE, "auth.12"); +	    if (!ParamValidatorUtils.isValidUseMandate(useMandate)) +             throw new WrongParametersException("StartAuthentication", PARAM_USEMANDATE, "auth.12");		     +	    if (!ParamValidatorUtils.isValidSourceID(sourceID)) +             throw new WrongParametersException("StartAuthentication", PARAM_SOURCEID, "auth.12"); +	    if (!ParamValidatorUtils.isValidCCC(ccc)) +             throw new WrongParametersException("StartAuthentication", PARAM_CCC, "auth.12"); +	    		     +		//check UseMandate flag +		String useMandateString = null; +		boolean useMandateBoolean = false; +		if ((useMandate != null) && (useMandate.compareTo("") != 0)) { +			useMandateString = useMandate; +		} else { +			useMandateString = "false"; +		} + +		if (useMandateString.compareToIgnoreCase("true") == 0) +			useMandateBoolean = true; +		else +			useMandateBoolean = false; +	     +		moasession.setUseMandate(useMandateString); +					 +	    //load OnlineApplication configuration +	    OAAuthParameter oaParam; +		if (moasession.getPublicOAURLPrefix() != null) { +			oaParam = AuthConfigurationProvider.getInstance() +					.getOnlineApplicationParameter( +							moasession.getPublicOAURLPrefix()); +			 +	        if (oaParam == null) +		          throw new AuthenticationException("auth.00",  +		        		  new Object[] { moasession.getPublicOAURLPrefix() }); +			 +		} else { +			oaParam = AuthConfigurationProvider.getInstance() +					.getOnlineApplicationParameter(oaURL); +			 +			if (oaParam == null) +				throw new AuthenticationException("auth.00", +						new Object[] { oaURL }); +			 +			 +		    // get target and target friendly name from config +		    String targetConfig = oaParam.getTarget(); +			String targetFriendlyNameConfig = oaParam.getTargetFriendlyName(); +			 			 +			if (StringUtils.isEmpty(targetConfig)) { +			    	// no target attribut is given in OA config +			    	// target is used from request +			    	// check parameter +			 	if (!ParamValidatorUtils.isValidTarget(target)) +			   		throw new WrongParametersException("StartAuthentication", PARAM_TARGET, "auth.12");			    			    +			} else { +			    	// use target from config			    	 +			    	target = targetConfig; +			    	targetFriendlyName = targetFriendlyNameConfig; +			} +			 +			 +			if (!oaParam.getBusinessService()) { +				if (isEmpty(target)) +					throw new WrongParametersException("StartAuthentication", +							PARAM_TARGET, "auth.05"); +				 +			} else { +				if (useMandateBoolean) { +					Logger.error("Online-Mandate Mode for bussines application not supported."); +					throw new AuthenticationException("auth.17", null); +				} +				target = null; +				targetFriendlyName = null; +			} +			 +			moasession.setPublicOAURLPrefix(oaParam.getPublicURLPrefix()); +			moasession.setTarget(target); +			moasession.setTargetFriendlyName(targetFriendlyName); +			moasession.setBusinessService(oaParam.getBusinessService()); +			moasession.setDomainIdentifier(oaParam.getIdentityLinkDomainIdentifier()); +		} +	    +		//check OnlineApplicationURL +		if (isEmpty(oaURL)) +			throw new WrongParametersException("StartAuthentication", +					PARAM_OA, "auth.05"); +		moasession.setOAURLRequested(oaURL); +		 +		//check AuthURL +	    String authURL = req.getScheme() + "://" + req.getServerName(); +	    if ((req.getScheme().equalsIgnoreCase("https") && req.getServerPort()!=443) || (req.getScheme().equalsIgnoreCase("http") && req.getServerPort()!=80)) {  +	      authURL = authURL.concat(":" + req.getServerPort()); +	    } +	    authURL = authURL.concat(req.getContextPath() + "/"); +		 +		if (isEmpty(authURL)) +			throw new WrongParametersException("StartAuthentication", +					"AuthURL", "auth.05"); + +		// check if HTTP Connection may be allowed (through +		// FRONTEND_SERVLETS_ENABLE_HTTP_CONNECTION_PROPERTY) +		String boolStr = AuthConfigurationProvider +				.getInstance() +				.getGenericConfigurationParameter( +						AuthConfigurationProvider.FRONTEND_SERVLETS_ENABLE_HTTP_CONNECTION_PROPERTY); +		if ((!authURL.startsWith("https:")) +				&& (false == BoolUtils.valueOf(boolStr))) +			throw new AuthenticationException("auth.07", +					new Object[] { authURL + "*" }); +		 +		moasession.setAuthURL(authURL); + +		//check and set SourceID +		if (sourceID != null) +			moasession.setSourceID(sourceID); +		 +		// BKU URL has not been set yet, even if session already exists +		if (bkuURL == null) { +			if (req.getScheme() != null && req.getScheme().equalsIgnoreCase("https")) { +				bkuURL = DEFAULT_BKU_HTTPS; +			} else { +				bkuURL = DEFAULT_BKU; +			} +		} +		moasession.setBkuURL(bkuURL); +		 +		// override template url by url from configuration file +		if (oaParam.getTemplateURL() != null) { +			templateURL = oaParam.getTemplateURL(); +		} +		moasession.setTemplateURL(templateURL); +		moasession.setCcc(ccc); +		 +	} +	 +	public static void parse(HttpServletRequest req, HttpServletResponse resp,  +			AuthenticationSession moasession) throws WrongParametersException, MOAIDException { +		 +	    //check Module and Action +	    HttpSession httpSession = req.getSession();     +	    IRequest request = RequestStorage.getPendingRequest(httpSession); +	     +	    String modul = request.requestedModule();//req.getParameter(PARAM_MODUL); +	    String action = request.requestedAction();//req.getParameter(PARAM_ACTION); +	     +	    modul = StringEscapeUtils.escapeHtml(modul); +	    action = StringEscapeUtils.escapeHtml(action); +	    if(modul == null) { +	    	modul = SAML1Protocol.PATH; +	    } +	     +	    if(action == null) { +	    	action = SAML1Protocol.GETARTIFACT; +	    } +		moasession.setModul(modul); +		moasession.setAction(action); +				 +		//get Parameters from request +		String target = req.getParameter(PARAM_TARGET); +	    String sourceID = req.getParameter(PARAM_SOURCEID); +	    String oaURL = req.getParameter(PARAM_OA); +	    String bkuURL = req.getParameter(PARAM_BKU); +	    String templateURL = req.getParameter(PARAM_TEMPLATE); +	    String useMandate = req.getParameter(PARAM_USEMANDATE); +	    String ccc = req.getParameter(PARAM_CCC); + +	    oaURL = request.getOAURL(); +	    target = request.getTarget(); +	     +	    parse(moasession, target, sourceID, oaURL, bkuURL, templateURL, useMandate, ccc, modul, action, req); + +	} +	 +	/** +	 * Checks a parameter. +	 *  +	 * @param param +	 *            parameter +	 * @return true if the parameter is null or empty +	 */ +	private static boolean isEmpty(String param) { +		return param == null || param.length() == 0; +	} +} diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/GenerateIFrameTemplateServlet.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/GenerateIFrameTemplateServlet.java new file mode 100644 index 000000000..29d407dc7 --- /dev/null +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/GenerateIFrameTemplateServlet.java @@ -0,0 +1,178 @@ +package at.gv.egovernment.moa.id.auth.servlet; + +import java.io.IOException; +import java.io.PrintWriter; +import java.util.Arrays; +import java.util.List; + +import javax.servlet.ServletConfig; +import javax.servlet.ServletException; +import javax.servlet.http.HttpServletRequest; +import javax.servlet.http.HttpServletResponse; +import javax.servlet.http.HttpSession; + +import org.apache.commons.lang.StringEscapeUtils; +import org.bouncycastle.asn1.x509.Target; + +import com.trilead.ssh2.Session; + +import at.gv.egovernment.moa.id.AuthenticationException; +import at.gv.egovernment.moa.id.MOAIDException; +import at.gv.egovernment.moa.id.auth.MOAIDAuthInitializer; +import at.gv.egovernment.moa.id.auth.WrongParametersException; +import at.gv.egovernment.moa.id.auth.builder.StartAuthenticationBuilder; +import at.gv.egovernment.moa.id.auth.data.AuthenticationSession; +import at.gv.egovernment.moa.id.auth.parser.StartAuthentificationParameterParser; +import at.gv.egovernment.moa.id.commons.db.ex.MOADatabaseException; +import at.gv.egovernment.moa.id.config.auth.AuthConfigurationProvider; +import at.gv.egovernment.moa.id.config.auth.OAAuthParameter; +import at.gv.egovernment.moa.id.moduls.AuthenticationManager; +import at.gv.egovernment.moa.id.storage.AuthenticationSessionStoreage; +import at.gv.egovernment.moa.id.util.MOAIDMessageProvider; +import at.gv.egovernment.moa.logging.Logger; +import at.gv.egovernment.moa.util.StringUtils; + +public class GenerateIFrameTemplateServlet extends AuthServlet { + +	private static final long serialVersionUID = 1L; + +	public void init(ServletConfig servletConfig) throws ServletException { +		    try { +		      super.init(servletConfig); +		      MOAIDAuthInitializer.initialize(); +		      Logger.debug("default platform file.encoding: " + System.getProperty("file.encoding")); +		      Logger.info(MOAIDMessageProvider.getInstance().getMessage("init.00", null)); +		    } +		    catch (Exception ex) { +		      Logger.fatal(MOAIDMessageProvider.getInstance().getMessage("init.02", null), ex); +		      throw new ServletException(ex); +		    } +		  } +	   +	protected void doGet(HttpServletRequest req, HttpServletResponse resp) +			throws ServletException, IOException { +		Logger.info("Receive " + GenerateIFrameTemplateServlet.class + " Request"); +	 +	    try { +	    	String bkuid = req.getParameter(PARAM_BKU); +	    	String useMandate = req.getParameter(PARAM_USEMANDATE); +	    	String ccc = req.getParameter(PARAM_CCC); +	    +	    	String moasessionid = null; +	    	AuthenticationSession moasession = null; +	    +	    	try { +	    	    moasessionid = (String) req.getSession().getAttribute(AuthenticationManager.MOA_SESSION); +				moasession = AuthenticationSessionStoreage.getSession(moasessionid); +				 +			} catch (MOADatabaseException e) { +				Logger.info("MOASession with SessionID="+ moasessionid + " is not found in Database"); +				throw new MOAIDException("init.04", new Object[] { +						moasessionid}); +				 +			} catch (Throwable e) { +				Logger.info("No HTTP Session found!"); +				throw new MOAIDException("auth.18", new Object[] {}); +			} +	    	 +	    	//load OA Config +			OAAuthParameter oaParam = AuthConfigurationProvider.getInstance() +					.getOnlineApplicationParameter(moasession.getOAURLRequested()); +			 +			if (oaParam == null) +				throw new AuthenticationException("auth.00", new Object[] { moasession.getOAURLRequested() }); +			 +			else { +	    	 +				//load Parameters from config +		    	String target = oaParam.getTarget(); +		    	String sourceID = ""; //TODO: load from Config +		    	String bkuURL = getBKUURIFromConfig(Integer.valueOf(bkuid), oaParam); +		    	String templateURL = getTemplateURIFromConfig(Integer.valueOf(bkuid), oaParam);; + +		    	 +		    	//parse all OA parameters i +		    	StartAuthentificationParameterParser.parse(moasession,  +		    											   target,  +		    											   sourceID, +		    											   moasession.getOAURLRequested(), +		    											   bkuURL, +		    											   templateURL, +		    											   useMandate, +		    											   ccc,  +		    											   moasession.getModul(), +		    											   moasession.getAction(), +		    											   req); +			} +			 +		    StartAuthenticationBuilder startauth = StartAuthenticationBuilder.getInstance();			 +		    String getIdentityLinkForm = startauth.build(moasession, req, resp); +			 +			//store MOASession +			try { +				AuthenticationSessionStoreage.storeSession(moasession);				 +			} catch (MOADatabaseException e) { +				Logger.error("Database Error! MOASession is not stored!"); +				throw new MOAIDException("init.04", new Object[] { +						moasession.getSessionID()}); +			} +		     +		    if (!StringUtils.isEmpty(getIdentityLinkForm)) { +		    	resp.setContentType("text/html;charset=UTF-8"); +		    	PrintWriter out = new PrintWriter(resp.getOutputStream()); +		    	out.print(getIdentityLinkForm); +		    	out.flush(); +		    	Logger.debug("Finished GET "+GenerateIFrameTemplateServlet.class); +		    } +	    }  +	    catch (WrongParametersException ex) { +	    	handleWrongParameters(ex, req, resp); +	    } +	           +	    catch (MOAIDException ex) { +	    	handleError(null, ex, req, resp); +	    } +	     +	     +	} +		 +	private String getTemplateURIFromConfig(int bkuID, OAAuthParameter oaParam) throws WrongParametersException { +		//TODO: CHANGE to real OA config +		 +		List<String> bkuURIs = Arrays.asList( +				"http://labda.iaik.tugraz.at:8080/moa-id-auth/template_onlineBKU.html", +				"http://labda.iaik.tugraz.at:8080/moa-id-auth/template_handyBKU.html", +				"http://labda.iaik.tugraz.at:8080/moa-id-auth/template_localBKU.html"); +		 +//		List<String> bkuURIs = Arrays.asList( +//				"http://demo.egiz.gv.at/demoportal_moaid-2.0/template_onlineBKU.html", +//				"http://demo.egiz.gv.at/demoportal_moaid-2.0/template_handyBKU.html", +//				"http://demo.egiz.gv.at/demoportal_moaid-2.0/template_localBKU.html"); +		 +		if (bkuID < bkuURIs.size()) +			return bkuURIs.get(bkuID); +		else +			throw new WrongParametersException("GenerateIFrameTemplate", PARAM_TEMPLATE, +					"auth.12"); +	} +	 +	private String getBKUURIFromConfig(int bkuID, OAAuthParameter oaParam) throws WrongParametersException { +		//TODO: CHANGE to real OA config	 +		 +		List<String> bkuURIs = Arrays.asList( +				"https://labda.iaik.tugraz.at:8843/bkuonline/https-security-layer-request", +				"https://www.handy-signatur.at/mobile/https-security-layer-request/default.aspx", +				"https://127.0.0.1:3496/https-security-layer-request"); +			 +//			List<String> bkuURIs = Arrays.asList( +//					"https://demo.egiz.gv.at/demoportal_bkuonline/https-security-layer-request", +//					"https://www.handy-signatur.at/mobile/https-security-layer-request/default.aspx", +//					"https://127.0.0.1:3496/https-security-layer-request"); +		 +		if (bkuID < bkuURIs.size()) +			return bkuURIs.get(bkuID); +		else +			throw new WrongParametersException("GenerateIFrameTemplate", PARAM_BKU, +					"auth.12"); +	} +} diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/StartAuthenticationServlet.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/StartAuthenticationServlet.java index e15d8f908..16ff65477 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/StartAuthenticationServlet.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/StartAuthenticationServlet.java @@ -43,7 +43,9 @@ import at.gv.egovernment.moa.id.MOAIDException;  import at.gv.egovernment.moa.id.auth.AuthenticationServer;  import at.gv.egovernment.moa.id.auth.MOAIDAuthInitializer;  import at.gv.egovernment.moa.id.auth.WrongParametersException; +import at.gv.egovernment.moa.id.auth.data.AuthenticationSession;  import at.gv.egovernment.moa.id.auth.stork.STORKAuthnRequestProcessor; +import at.gv.egovernment.moa.id.commons.db.ex.MOADatabaseException;  import at.gv.egovernment.moa.id.config.auth.AuthConfigurationProvider;  import at.gv.egovernment.moa.id.config.auth.OAAuthParameter;  import at.gv.egovernment.moa.id.config.stork.CPEPS; @@ -51,6 +53,7 @@ import at.gv.egovernment.moa.id.config.stork.STORKConfig;  import at.gv.egovernment.moa.id.moduls.IRequest;  import at.gv.egovernment.moa.id.moduls.RequestStorage;  import at.gv.egovernment.moa.id.protocols.saml1.SAML1Protocol; +import at.gv.egovernment.moa.id.storage.AuthenticationSessionStoreage;  import at.gv.egovernment.moa.id.util.HTTPUtils;  import at.gv.egovernment.moa.id.util.MOAIDMessageProvider;  import at.gv.egovernment.moa.id.util.ParamValidatorUtils; @@ -94,130 +97,66 @@ public class StartAuthenticationServlet extends AuthServlet {    protected void doGet(HttpServletRequest req, HttpServletResponse resp)      throws ServletException, IOException { -	Logger.debug("GET StartAuthentication"); -    String authURL = req.getScheme() + "://" + req.getServerName(); -    if ((req.getScheme().equalsIgnoreCase("https") && req.getServerPort()!=443) || (req.getScheme().equalsIgnoreCase("http") && req.getServerPort()!=80)) {  -      authURL = authURL.concat(":" + req.getServerPort()); -    } -    authURL = authURL.concat(req.getContextPath() + "/"); +	Logger.debug("GET StartAuthentication");   +	  	 +	String sessionID = req.getParameter(PARAM_SESSIONID); +	 sessionID = (String) req.getAttribute(PARAM_SESSIONID); + + +	 +	try { +		 +		if (StringUtils.isEmpty(sessionID))  +			throw new MOAIDException("auth.18", null); +		 +		sessionID = StringEscapeUtils.escapeHtml(sessionID); +		 +		if (!ParamValidatorUtils.isValidSessionID(sessionID)) +		    throw new WrongParametersException("StartAuthentication", PARAM_SESSIONID, "auth.12"); +		 +		setNoCachingHeadersInHttpRespone(req, resp); -    HttpSession httpSession = req.getSession(); -     -    String target = req.getParameter(PARAM_TARGET); -    String sourceID = req.getParameter(PARAM_SOURCEID); -    String oaURL = req.getParameter(PARAM_OA); -    String bkuURL = req.getParameter(PARAM_BKU); -    String templateURL = req.getParameter(PARAM_TEMPLATE); -    String sessionID = req.getParameter(PARAM_SESSIONID); -    String useMandate = req.getParameter(PARAM_USEMANDATE); -    String ccc = req.getParameter(PARAM_CCC); -     -    IRequest request = RequestStorage.getPendingRequest(httpSession); -     -    String modul = request.requestedModule();//req.getParameter(PARAM_MODUL); -    String action = request.requestedAction();//req.getParameter(PARAM_ACTION); -    request.getOAURL(); -     -    // escape parameter strings -    //TODO: use URLEncoder.encode!! -    target = StringEscapeUtils.escapeHtml(target); -    sourceID = StringEscapeUtils.escapeHtml(sourceID); -    oaURL = StringEscapeUtils.escapeHtml(oaURL); -    bkuURL = StringEscapeUtils.escapeHtml(bkuURL); -    templateURL = StringEscapeUtils.escapeHtml(templateURL); -    sessionID = StringEscapeUtils.escapeHtml(sessionID); -    useMandate = StringEscapeUtils.escapeHtml(useMandate); -    ccc = StringEscapeUtils.escapeHtml(ccc); -    modul = StringEscapeUtils.escapeHtml(modul); -    action = StringEscapeUtils.escapeHtml(action); -     -    oaURL = request.getOAURL(); -    target = request.getTarget(); -     -    setNoCachingHeadersInHttpRespone(req, resp); - 	 -    	try { -		      // check parameter -    		if (!ParamValidatorUtils.isValidOA(oaURL)) -             throw new WrongParametersException("StartAuthentication", PARAM_OA, "auth.12"); -		    if (!ParamValidatorUtils.isValidBKUURI(bkuURL)) -		       throw new WrongParametersException("StartAuthentication", PARAM_BKU, "auth.12"); -		    if (!ParamValidatorUtils.isValidTemplate(req, templateURL)) -		       throw new WrongParametersException("StartAuthentication", PARAM_TEMPLATE, "auth.12"); -		    if (!ParamValidatorUtils.isValidSessionID(sessionID)) -             throw new WrongParametersException("StartAuthentication", PARAM_SESSIONID, "auth.12"); -		    if (!ParamValidatorUtils.isValidUseMandate(useMandate)) -	             throw new WrongParametersException("StartAuthentication", PARAM_USEMANDATE, "auth.12");		     -		    if (!ParamValidatorUtils.isValidSourceID(sourceID)) -	             throw new WrongParametersException("StartAuthentication", PARAM_SOURCEID, "auth.12"); -		    if (!ParamValidatorUtils.isValidCCC(ccc)) -	             throw new WrongParametersException("StartAuthentication", PARAM_CCC, "auth.12"); -		     -		    if(modul == null) { -		    	modul = SAML1Protocol.PATH; -		    } -		     -		    if(action == null) { -		    	action = SAML1Protocol.GETARTIFACT; -		    } -		         -		    Logger.info("Start Authentication Module: " + modul + " Action: " + action); -		     -		    OAAuthParameter oaParam = -		          AuthConfigurationProvider.getInstance().getOnlineApplicationParameter(oaURL); -		        if (oaParam == null) -		          throw new AuthenticationException("auth.00", new Object[] { oaURL }); -		     -		    // get target and target friendly name from config -		    String targetConfig = oaParam.getTarget(); -			String targetFriendlyNameConfig = oaParam.getTargetFriendlyName(); -			 -			String targetFriendlyName = null; -			    			 -			if (StringUtils.isEmpty(targetConfig)) { -			    	// no target attribut is given in OA config -			    	// target is used from request -			    	// check parameter -			 	if (!ParamValidatorUtils.isValidTarget(target)) -			   		throw new WrongParametersException("StartAuthentication", PARAM_TARGET, "auth.12");			    			    -			} else { -			    	// use target from config			    	 -			    	target = targetConfig; -			    	targetFriendlyName = targetFriendlyNameConfig; -			}		     - -		    STORKConfig storkConfig = AuthConfigurationProvider.getInstance().getStorkConfig(); -		     -		    Logger.info("Starting authentication for a citizen of country: " + (StringUtils.isEmpty(ccc) ? "AT" : ccc));     -		    // STORK or normal authentication -		    if (storkConfig.isSTORKAuthentication(ccc)) { -		    	//STORK authentication -		    	Logger.trace("Found C-PEPS configuration for citizen of country: " + ccc); -		    	Logger.debug("Starting STORK authentication"); -		    	 -		    	AuthenticationServer.startSTORKAuthentication(req, resp, ccc, oaURL, target, targetFriendlyName, authURL, sourceID, modul, action);							 -		    	 -		    } else { -		    	//normal MOA-ID authentication -		    	Logger.debug("Starting normal MOA-ID authentication"); -			    			    	    	 -		    	String getIdentityLinkForm = AuthenticationServer.getInstance().startAuthentication(authURL, target, targetFriendlyName, oaURL, templateURL, bkuURL, useMandate, sessionID, req.getScheme(), sourceID, modul, action);	    +	    //TODO: Load MOASession +    	AuthenticationSession moasession = AuthenticationSessionStoreage.getSession(sessionID);   -				resp.setContentType("text/html;charset=UTF-8"); -				PrintWriter out = new PrintWriter(resp.getOutputStream()); -				out.print(getIdentityLinkForm); -				out.flush(); -		    } -			Logger.debug("Finished GET StartAuthentication"); +	    STORKConfig storkConfig = AuthConfigurationProvider.getInstance().getStorkConfig(); +	     +	    Logger.info("Starting authentication for a citizen of country: " + (StringUtils.isEmpty(moasession.getCcc()) ? "AT" : moasession.getCcc()));     +	    // STORK or normal authentication +	    if (storkConfig.isSTORKAuthentication(moasession.getCcc())) { +	    	//STORK authentication +	    	Logger.trace("Found C-PEPS configuration for citizen of country: " + moasession.getCcc()); +	    	Logger.debug("Starting STORK authentication"); +	    	 +	    	//TODO: insert sessionID to STORK!! +	    	AuthenticationServer.startSTORKAuthentication(req, resp, moasession);							 +	    	 +	    } else { +	    	//normal MOA-ID authentication +	    	Logger.debug("Starting normal MOA-ID authentication"); +		    			    	    	 +	    	String getIdentityLinkForm = AuthenticationServer.getInstance().startAuthentication(moasession, req.getScheme());	    + +			resp.setContentType("text/html;charset=UTF-8"); +			PrintWriter out = new PrintWriter(resp.getOutputStream()); +			out.print(getIdentityLinkForm); +			out.flush(); +	    } +		Logger.debug("Finished GET StartAuthentication"); -		} +	} +	      catch (WrongParametersException ex) {        handleWrongParameters(ex, req, resp);      } -		catch (MOAIDException ex) { -			handleError(null, ex, req, resp); -		} +     +	catch (MOAIDException ex) { +		handleError(null, ex, req, resp); +			 +	} catch (MOADatabaseException e) { +		handleError(null, e, req, resp); +	}    } diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/validator/CreateXMLSignatureResponseValidator.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/validator/CreateXMLSignatureResponseValidator.java index 8d2f95cce..93bc0d214 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/validator/CreateXMLSignatureResponseValidator.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/validator/CreateXMLSignatureResponseValidator.java @@ -231,7 +231,29 @@ public class CreateXMLSignatureResponseValidator {      } else {        throw new ValidateException("validator.35", null);      } +      +    // check four attribute could be a special text +    samlAttribute = samlAttributes[3 + offset]; +    if (!samlAttribute.getName().equals("SpecialText")) { +      throw new ValidateException( +          "validator.37",  +          new Object[] {samlAttribute.getName(), "SpecialText", String.valueOf(3)}); +    } +    if (samlAttribute.getNamespace().equals("http://reference.e-government.gv.at/namespace/moa/20020822#")) { +      String samlSpecialText = (String)samlAttribute.getValue(); +       +      //TODO:load Text from OA config +      String text = "Hiermit bestätige ich, #NAME#, die Übernahme sämtlicher eingelangter Zustellstücke zum #DATE# um #TIME#."; +      //String text = ""; +      String specialText = AuthenticationBlockAssertionBuilder.generateSpecialText(text, issuer, issueInstant); +      if (!samlSpecialText.equals(specialText)) { +        throw new ValidateException("validator.67", new Object[] {samlSpecialText, specialText}); +      } +    } else { +      throw new ValidateException("validator.35", null); +    } +          // now check the extended SAML attributes      int i = AuthenticationBlockAssertionBuilder.NUM_OF_SAML_ATTRIBUTES + offset;      if (extendedSAMLAttributes != null) { diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/auth/AuthConfigurationProvider.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/auth/AuthConfigurationProvider.java index d1e3d809c..0771fb86c 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/auth/AuthConfigurationProvider.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/auth/AuthConfigurationProvider.java @@ -43,8 +43,10 @@ import test.tlenz.simpletest;  import eu.stork.vidp.messages.common.STORKBootstrap;  import at.gv.egovernment.moa.id.commons.db.HibernateUtil; -import at.gv.egovernment.moa.id.commons.db.dao.AssertionStore; -import at.gv.egovernment.moa.id.commons.db.dao.AuthenticatedSessionStore; +import at.gv.egovernment.moa.id.commons.db.dao.session.AssertionStore; +import at.gv.egovernment.moa.id.commons.db.dao.session.AuthenticatedSessionStore; +import at.gv.egovernment.moa.id.commons.db.dao.session.OASessionStore; +import at.gv.egovernment.moa.id.commons.db.dao.session.OldSSOSessionIDStore;  import at.gv.egovernment.moa.id.config.ConfigurationBuilder;  import at.gv.egovernment.moa.id.config.ConfigurationException;  import at.gv.egovernment.moa.id.config.ConfigurationProvider; @@ -305,6 +307,8 @@ public class AuthConfigurationProvider extends ConfigurationProvider {  				Configuration hibernateConfig = new Configuration();  			    hibernateConfig.addAnnotatedClass(AssertionStore.class);  			    hibernateConfig.addAnnotatedClass(AuthenticatedSessionStore.class); +			    hibernateConfig.addAnnotatedClass(OASessionStore.class); +			    hibernateConfig.addAnnotatedClass(OldSSOSessionIDStore.class);  			    hibernateConfig.addProperties(props);  			    HibernateUtil.initHibernate(hibernateConfig, props);  			  } diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/entrypoints/DispatcherServlet.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/entrypoints/DispatcherServlet.java index c993290e9..5342cd0d3 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/entrypoints/DispatcherServlet.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/entrypoints/DispatcherServlet.java @@ -188,7 +188,8 @@ public class DispatcherServlet extends AuthServlet {  					// check if pending request is same protocol and action  					if (!protocolRequest.requestedModule().equals(module)  							|| !protocolRequest.requestedAction() -									.equals(action)) { +									.equals(action) +							|| !info.validate(req, resp, protocolRequest)) {  						resp.sendError(HttpServletResponse.SC_CONFLICT);  						Logger.error("Different Request is pending in this session!");  						return; @@ -210,7 +211,9 @@ public class DispatcherServlet extends AuthServlet {  				}  				RequestStorage.setPendingRequest(httpSession, protocolRequest); - +				 +				AuthenticationManager authmanager = AuthenticationManager.getInstance(); +				  				if (moduleAction.needAuthentication(protocolRequest, req, resp)) {  					if (protocolRequest.isPassiv()  							&& protocolRequest.forceAuth()) { @@ -219,30 +222,30 @@ public class DispatcherServlet extends AuthServlet {  					}  					if (protocolRequest.forceAuth()) { -						if (!AuthenticationManager.tryPerformAuthentication( +						if (!authmanager.tryPerformAuthentication(  								req, resp)) { -							AuthenticationManager.doAuthentication(req, resp, +							authmanager.doAuthentication(req, resp,  									protocolRequest);  							return;  						}  					} else if (protocolRequest.isPassiv()) { -						if (AuthenticationManager.tryPerformAuthentication(req, +						if (authmanager.tryPerformAuthentication(req,  								resp) -								|| AuthenticationManager.isAuthenticated(req, +								|| authmanager.isAuthenticated(req,  										resp)) {  							// Passive authentication ok!  						} else {  							throw new NoPassivAuthenticationException();  						}  					} else { -						if (AuthenticationManager.tryPerformAuthentication(req, +						if (authmanager.tryPerformAuthentication(req,  								resp) -								|| AuthenticationManager.isAuthenticated(req, +								|| authmanager.isAuthenticated(req,  										resp)) {  							// Is authenticated .. proceed  						} else {  							// Start authentication! -							AuthenticationManager.doAuthentication(req, resp, +							authmanager.doAuthentication(req, resp,  									protocolRequest);  							return;  						} @@ -253,7 +256,7 @@ public class DispatcherServlet extends AuthServlet {  				RequestStorage.removePendingRequest(httpSession); -				AuthenticationManager.logout(req, resp); +				authmanager.logout(req, resp);  			} catch (Throwable e) {  				e.printStackTrace(); diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/moduls/AuthenticationManager.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/moduls/AuthenticationManager.java index 21e431bf8..5e792ab78 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/moduls/AuthenticationManager.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/moduls/AuthenticationManager.java @@ -1,28 +1,57 @@  package at.gv.egovernment.moa.id.moduls;  import java.io.IOException; +import java.io.PrintWriter; +import java.util.ArrayList; +import java.util.Arrays; +import java.util.List; +import javax.servlet.RequestDispatcher; +import javax.servlet.ServletContext;  import javax.servlet.ServletException; +import javax.servlet.http.HttpServlet;  import javax.servlet.http.HttpServletRequest;  import javax.servlet.http.HttpServletResponse;  import javax.servlet.http.HttpSession; +import at.gv.egovernment.moa.id.AuthenticationException;  import at.gv.egovernment.moa.id.MOAIDException;  import at.gv.egovernment.moa.id.auth.MOAIDAuthConstants;  import at.gv.egovernment.moa.id.auth.WrongParametersException; +import at.gv.egovernment.moa.id.auth.builder.LoginFormBuilder; +import at.gv.egovernment.moa.id.auth.builder.StartAuthenticationBuilder;  import at.gv.egovernment.moa.id.auth.data.AuthenticationSession; +import at.gv.egovernment.moa.id.auth.parser.StartAuthentificationParameterParser; +import at.gv.egovernment.moa.id.auth.servlet.AuthServlet;  import at.gv.egovernment.moa.id.commons.db.ex.MOADatabaseException; +import at.gv.egovernment.moa.id.config.auth.AuthConfigurationProvider; +import at.gv.egovernment.moa.id.config.auth.OAAuthParameter;  import at.gv.egovernment.moa.id.storage.AuthenticationSessionStoreage;  import at.gv.egovernment.moa.id.util.HTTPSessionUtils;  import at.gv.egovernment.moa.id.util.ParamValidatorUtils;  import at.gv.egovernment.moa.logging.Logger; +import at.gv.egovernment.moa.util.StringUtils; -public class AuthenticationManager implements MOAIDAuthConstants { +public class AuthenticationManager extends AuthServlet { +	private static AuthenticationManager instance = null; +	 +	private static final long serialVersionUID = 1L; +	  	public static final String MOA_SESSION = "MoaAuthenticationSession";  	public static final String MOA_AUTHENTICATED = "MoaAuthenticated"; -	public static AuthenticationSession getAuthenticationSession( +	 +	public static AuthenticationManager getInstance() { +		if (instance == null) { +			instance = new AuthenticationManager(); +		} +		 +		return instance; +	} +	 +	 +	public AuthenticationSession getAuthenticationSession(  			HttpSession session) {  		String sessionID = HTTPSessionUtils.getHTTPSessionString(session,  				MOA_SESSION, null); @@ -44,7 +73,7 @@ public class AuthenticationManager implements MOAIDAuthConstants {  	 * @param response  	 * @return  	 */ -	public static boolean isAuthenticated(HttpServletRequest request, +	public boolean isAuthenticated(HttpServletRequest request,  			HttpServletResponse response) {  		Logger.info("Checking authentication"); @@ -84,7 +113,7 @@ public class AuthenticationManager implements MOAIDAuthConstants {  	 * @param response  	 * @return  	 */ -	public static boolean tryPerformAuthentication(HttpServletRequest request, +	public boolean tryPerformAuthentication(HttpServletRequest request,  			HttpServletResponse response) {  		HttpSession session = request.getSession(); @@ -116,7 +145,7 @@ public class AuthenticationManager implements MOAIDAuthConstants {  		return false;  	} -	public static void logout(HttpServletRequest request, +	public void logout(HttpServletRequest request,  			HttpServletResponse response) {  		Logger.info("Logout"); @@ -146,8 +175,7 @@ public class AuthenticationManager implements MOAIDAuthConstants {  			authSession.setAuthenticated(false);  			HTTPSessionUtils.setHTTPSessionString(session, MOA_SESSION, null); // remove moa session from HTTP Session -			//TODO: delete session from Database!!! -			//AuthenticationSessionStoreage.destroySession(moaSessionID); +			AuthenticationSessionStoreage.destroySession(moaSessionID);  			session.invalidate(); @@ -158,10 +186,9 @@ public class AuthenticationManager implements MOAIDAuthConstants {  	} -	public static void doAuthentication(HttpServletRequest request, +	public void doAuthentication(HttpServletRequest request,  			HttpServletResponse response, IRequest target)  			throws ServletException, IOException, MOAIDException { -		HttpSession session = request.getSession();  		Logger.info("Starting authentication ...");  		if (!ParamValidatorUtils.isValidOA(target.getOAURL())) @@ -173,18 +200,134 @@ public class AuthenticationManager implements MOAIDAuthConstants {  					"auth.12");  		} -		// TODO: Build authentication form +		setNoCachingHeadersInHttpRespone(request, response); +		 +		//TODO:move this to config!!! +		final List<String> PROTOCOLS_LEGACY_ALLOWED = Arrays.asList("id_saml1","id_pvp2x"); + +		//is legacy allowed +		boolean legacyallowed = PROTOCOLS_LEGACY_ALLOWED.contains(target.requestedModule()); -		/* -		 * String loginForm = LoginFormBuilder.buildLoginForm(target.getOAURL(), -		 * modul, protocol); -		 *  -		 * response.setContentType("text/html;charset=UTF-8"); PrintWriter out = -		 * new PrintWriter(response.getOutputStream()); out.print(loginForm); -		 * out.flush(); return; -		 */ +		//check legacy request parameter  +		boolean legacyparamavail = ParamValidatorUtils.areAllLegacyParametersAvailable(request); +		 +		AuthenticationSession moasession; +		 +		if (legacyallowed && legacyparamavail) { +			 +			//check if an MOASession exists and if not create an new MOASession +			moasession = getORCreateMOASession(request); +			 +			//parse request parameter into MOASession +			try{ +				StartAuthentificationParameterParser.parse(request, response, moasession); +				 +			} +	    	catch (WrongParametersException ex) { +	            handleWrongParameters(ex, request, response); +	          } +	           +	      	catch (MOAIDException ex) { +	      			handleError(null, ex, request, response); +	      	} +						 +		    Logger.info("Start Authentication Module: " + moasession.getModul()  +		    		+ " Action: " + moasession.getAction()); +			 +			//start authentication process +//			session.getServletContext().getNamedDispatcher("StartAuthentication") +//				.forward(request, response); +		     +		    StartAuthenticationBuilder startauth = StartAuthenticationBuilder.getInstance(); +			 +		    String getIdentityLinkForm = startauth.build(moasession, request, response); +			 +			//store MOASession +			try { +				AuthenticationSessionStoreage.storeSession(moasession);				 +			} catch (MOADatabaseException e) { +				Logger.error("Database Error! MOASession is not stored!"); +				throw new MOAIDException("init.04", new Object[] { +						moasession.getSessionID()}); +			} +		     +		    if (!StringUtils.isEmpty(getIdentityLinkForm)) { +		    	response.setContentType("text/html;charset=UTF-8"); +		    	PrintWriter out = new PrintWriter(response.getOutputStream()); +		    	out.print(getIdentityLinkForm); +		    	out.flush(); +		    	Logger.debug("Finished GET StartAuthentication"); +		    } +			 +		} else { +			//load Parameters from OnlineApplicationConfiguration +			OAAuthParameter oaParam = AuthConfigurationProvider.getInstance() +					.getOnlineApplicationParameter(target.getOAURL()); +			 +			if (oaParam == null) { +				//TODO: Find a better place for this!! +				request.getSession().invalidate(); +				throw new AuthenticationException("auth.00", new Object[] { target.getOAURL() }); +			} +				 +			 +			else { +				 +				//check if an MOASession exists and if not create an new MOASession +				moasession = getORCreateMOASession(request); -		session.getServletContext().getNamedDispatcher("StartAuthentication") -				.forward(request, response); +				//set OnlineApplication configuration in Session +				moasession.setOAURLRequested(target.getOAURL()); +				moasession.setAction(target.requestedAction()); +				moasession.setModul(target.requestedModule()); +			} +						 +			//Build authentication form +			String loginForm = LoginFormBuilder.buildLoginForm(target.requestedModule(),  +					target.requestedAction(), oaParam.getFriendlyName()); +			 +			//store MOASession +			try { +				AuthenticationSessionStoreage.storeSession(moasession);				 +			} catch (MOADatabaseException e) { +				Logger.error("Database Error! MOASession is not stored!"); +				throw new MOAIDException("init.04", new Object[] { +						moasession.getSessionID()}); +			} +			 +			//set MOAIDSession +			request.getSession().setAttribute(MOA_SESSION, moasession.getSessionID()); +			 +			response.setContentType("text/html;charset=UTF-8"); +			PrintWriter out = new PrintWriter(response.getOutputStream());  +			out.print(loginForm); +			out.flush();  +		}  	} +	 +	private AuthenticationSession getORCreateMOASession(HttpServletRequest request) throws MOAIDException { +		 +		//String sessionID = request.getParameter(PARAM_SESSIONID);  +		String sessionID = (String) request.getSession().getAttribute(MOA_SESSION); +		AuthenticationSession moasession; +		 +		try { +			moasession = AuthenticationSessionStoreage.getSession(sessionID); +			Logger.info("Found existing MOASession with sessionID=" + sessionID  +					+ ". This session is used for reauthentification."); +			 +		} catch (MOADatabaseException e) { +			try { +				moasession = AuthenticationSessionStoreage.createSession(); +				Logger.info("Create a new MOASession with sessionID=" + sessionID + "."); +				 +			} catch (MOADatabaseException e1) { +				Logger.error("Database Error! MOASession are not created."); +				throw new MOAIDException("init.04", new Object[] { +						"0"}); +			} +		} +		 +		return moasession; +	}	  } diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/moduls/IModulInfo.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/moduls/IModulInfo.java index 5a2bb1efc..679ccb000 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/moduls/IModulInfo.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/moduls/IModulInfo.java @@ -22,4 +22,7 @@ public interface IModulInfo {  	public boolean generateErrorMessage(Throwable e,  			HttpServletRequest request, HttpServletResponse response,  			IRequest protocolRequest) throws Throwable; +	 +	public boolean validate(HttpServletRequest request,  +			HttpServletResponse response, IRequest pending);  } diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/PVP2XProtocol.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/PVP2XProtocol.java index 5ea596eeb..11710904b 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/PVP2XProtocol.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/PVP2XProtocol.java @@ -231,4 +231,10 @@ public class PVP2XProtocol implements IModulInfo, MOAIDAuthConstants {  		return null;  	} +	public boolean validate(HttpServletRequest request, +			HttpServletResponse response, IRequest pending) { +		// TODO implement validation! +		return true; +	} +  } diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/requestHandler/AuthnRequestHandler.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/requestHandler/AuthnRequestHandler.java index 964c19208..f05866f70 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/requestHandler/AuthnRequestHandler.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/requestHandler/AuthnRequestHandler.java @@ -70,8 +70,8 @@ public class AuthnRequestHandler implements IRequestHandler {  				spSSODescriptor.getAttributeConsumingServices().iterator().next(); -		AuthenticationSession authSession = -				AuthenticationManager.getAuthenticationSession(req.getSession()); +		AuthenticationManager authmanager = AuthenticationManager.getInstance(); +		AuthenticationSession authSession =authmanager.getAuthenticationSession(req.getSession());  		AttributeStatement attributeStatement = SAML2Utils.createSAMLObject(AttributeStatement.class); diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/saml1/GetArtifactAction.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/saml1/GetArtifactAction.java index 5649e5260..de87ebc50 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/saml1/GetArtifactAction.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/saml1/GetArtifactAction.java @@ -26,8 +26,8 @@ public class GetArtifactAction implements IAction {  			HttpServletResponse httpResp) {  		HttpSession httpSession = httpReq.getSession(); -		AuthenticationSession session = AuthenticationManager -				.getAuthenticationSession(httpSession); +		AuthenticationManager authmanager = AuthenticationManager.getInstance(); +		AuthenticationSession session = authmanager.getAuthenticationSession(httpSession);  		String oaURL = (String) httpReq.getAttribute(PARAM_OA);  		oaURL = StringEscapeUtils.escapeHtml(oaURL); diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/saml1/GetArtifactServlet.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/saml1/GetArtifactServlet.java index 47050bf28..7f7d82a20 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/saml1/GetArtifactServlet.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/saml1/GetArtifactServlet.java @@ -39,8 +39,8 @@ public class GetArtifactServlet extends AuthServlet {  			throws ServletException, IOException {  		HttpSession httpSession = req.getSession(); -		AuthenticationSession session = AuthenticationManager -				.getAuthenticationSession(httpSession); +		AuthenticationManager authmanager = AuthenticationManager.getInstance(); +		AuthenticationSession session = authmanager.getAuthenticationSession(httpSession);  		String oaURL = (String) req.getAttribute(PARAM_OA);  		oaURL = StringEscapeUtils.escapeHtml(oaURL); diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/saml1/SAML1Protocol.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/saml1/SAML1Protocol.java index 678d5f961..610c61343 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/saml1/SAML1Protocol.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/saml1/SAML1Protocol.java @@ -69,6 +69,14 @@ public class SAML1Protocol implements IModulInfo, MOAIDAuthConstants {  		oaURL = StringEscapeUtils.escapeHtml(oaURL);  		String target = (String) request.getParameter(PARAM_TARGET);  		target = StringEscapeUtils.escapeHtml(target); +		 +		//the target parameter is used to define the OA in SAML1 standard +		if (target != null && target.startsWith("http")) { +			oaURL = target; +			target = null; +		} +		 +		  		if (!ParamValidatorUtils.isValidOA(oaURL))  			throw new WrongParametersException("StartAuthentication", PARAM_OA,  					"auth.12"); @@ -95,4 +103,30 @@ public class SAML1Protocol implements IModulInfo, MOAIDAuthConstants {  		return null;  	} +	public boolean validate(HttpServletRequest request, +			HttpServletResponse response, IRequest pending) { + +		//TODO: funktioniert so nicht!!! +		 +//		String oaURL = (String) request.getParameter(PARAM_OA); +//		oaURL = StringEscapeUtils.escapeHtml(oaURL); +//		String target = (String) request.getParameter(PARAM_TARGET); +//		target = StringEscapeUtils.escapeHtml(target); +//		 +//		//the target parameter is used to define the OA in SAML1 standard +//		if (target.startsWith("http")) { +//			oaURL = target; +//			target = null; +//		} +//		 +//		if (oaURL != null) { +//			if (oaURL.equals(pending.getOAURL())) +//				return true; +//			else +//				return false; +//		} +		 +		return true; +	} +  } diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/util/ParamValidatorUtils.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/util/ParamValidatorUtils.java index bd79f88b7..6c8365e67 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/util/ParamValidatorUtils.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/util/ParamValidatorUtils.java @@ -41,13 +41,15 @@ import javax.xml.parsers.ParserConfigurationException;  import org.xml.sax.InputSource;  import org.xml.sax.SAXException; +import at.gv.egovernment.moa.id.auth.MOAIDAuthConstants; +import at.gv.egovernment.moa.id.auth.WrongParametersException;  import at.gv.egovernment.moa.id.config.ConfigurationException;  import at.gv.egovernment.moa.id.config.auth.AuthConfigurationProvider;  import at.gv.egovernment.moa.logging.Logger;  import at.gv.egovernment.moa.util.StringUtils; -public class ParamValidatorUtils {
 +public class ParamValidatorUtils implements MOAIDAuthConstants{
     /**
      * Checks if the given target is valid
 @@ -212,10 +214,12 @@ public class ParamValidatorUtils {  		    			  return false;
  		    		  }  
  	    		  }
 -	    		  
 -	    			
  	    	  }
 -	    	  else {
 +	    	  else if (MOAIDAuthConstants.REQ_BKU_TYPES.contains(bkuURI)) { +	    		  Logger.debug("Parameter bkuURI from configuration is used."); +	    		  return true; +	    		   +	    	  } else {
  	    		  Logger.error("Fehler Ueberpruefung Parameter bkuURI. bkuURI beginnt nicht mit http or https");
  	    		  return false;
  	    	  }
 @@ -467,7 +471,39 @@ public class ParamValidatorUtils {  		   return false;
  	   }	
 -   }
 +   } +    +	public static boolean areAllLegacyParametersAvailable(HttpServletRequest req) { +		 +	    String oaURL = req.getParameter(PARAM_OA); +	    String bkuURL = req.getParameter(PARAM_BKU); +	    String templateURL = req.getParameter(PARAM_TEMPLATE); +	    String useMandate = req.getParameter(PARAM_USEMANDATE); +	    String ccc = req.getParameter(PARAM_CCC); +	     +	     +	      // check parameter +	    try { +			if (!ParamValidatorUtils.isValidOA(oaURL))			 +				throw new WrongParametersException("StartAuthentication", PARAM_OA, "auth.12"); +		    if (!ParamValidatorUtils.isValidBKUURI(bkuURL)) +		       throw new WrongParametersException("StartAuthentication", PARAM_BKU, "auth.12"); +		    if (!ParamValidatorUtils.isValidTemplate(req, templateURL)) +		       throw new WrongParametersException("StartAuthentication", PARAM_TEMPLATE, "auth.12"); +		    if (!ParamValidatorUtils.isValidUseMandate(useMandate)) +	           throw new WrongParametersException("StartAuthentication", PARAM_USEMANDATE, "auth.12");		     +		    if (!ParamValidatorUtils.isValidCCC(ccc)) +	           throw new WrongParametersException("StartAuthentication", PARAM_CCC, "auth.12"); +		     +		} catch (WrongParametersException e) { +			return false; +		} + +	    if (StringUtils.isEmpty(oaURL) || StringUtils.isEmpty(templateURL) || StringUtils.isEmpty(bkuURL)) +	    	return false; +	    else +	    	return true; +	}
  }
 diff --git a/id/server/idserverlib/src/main/resources/resources/properties/id_messages_de.properties b/id/server/idserverlib/src/main/resources/resources/properties/id_messages_de.properties index 75f35cb70..d9c55c5db 100644 --- a/id/server/idserverlib/src/main/resources/resources/properties/id_messages_de.properties +++ b/id/server/idserverlib/src/main/resources/resources/properties/id_messages_de.properties @@ -8,16 +8,16 @@  # status messages included in <samlp:Response> of GetAuthenticationDataService
  1200=Anfrage erfolgreich beantwortet
 -1201=Fehlerhaftes Requestformat: mehr als 1 Request �bergeben
 -1202=Fehlerhaftes Requestformat: kein SAML-Artifakt �bergeben
 -1203=Fehlerhaftes Requestformat: mehr als 1 SAML-Artifakt �bergeben
 +1201=Fehlerhaftes Requestformat\: mehr als 1 Request ?bergeben
 +1202=Fehlerhaftes Requestformat\: kein SAML-Artifakt ?bergeben
 +1203=Fehlerhaftes Requestformat\: mehr als 1 SAML-Artifakt ?bergeben
  1204=Fehlerhaftes Requestformat
  1205=Fehler beim Abholen der Anmeldedaten, fehlerhaftes SAML-Artifakt Format (SAML-Artifakt={0}): {1}
  1206=Fehler beim Abholen der Anmeldedaten, unbekanntes SAML-Artifakt (SAML-Artifakt={0})
 -1207=Zeit�berschreitung beim Abholen der Anmeldedaten (SAML-Artifakt={0})
 +1207=Zeit?berschreitung beim Abholen der Anmeldedaten (SAML-Artifakt\={0})
  1299=Interner Server-Fehler
 -auth.00=Anmeldung an dieser Applikation wird nicht unterst�tzt (URL={0})
 +auth.00=Anmeldung an dieser Applikation wird nicht unterst?tzt (URL\={0})
  auth.01=Die Anmeldung ist bereits im Gange (MOASessionID={0})
  auth.02=MOASessionID ist unbekannt (MOASessionID={0})
  auth.03=Fehler beim Abholen einer Datei von der URL "{0}": Interne Fehlermeldung: {1}
 @@ -25,20 +25,23 @@ auth.04=Fehler beim Auslesen der Resource "{0}": {1}  auth.05=Fehlender Parameter "{1}" beim Aufruf von "{0}"
  auth.06=Fehler beim Speichern der Anmeldedaten, fehlerhaftes SAML-Artifact Format (SAML-Artifact={0})
  auth.07=Aufruf von {0} muss mit Schema "https:" erfolgen. <br><b>Hinweis:</b> Bitte Dokumentation zu GenericConfiguration: "FrontendServlets.EnableHTTPConnection" beachten.
 -auth.08=In der B�rgerkartenumgebung ist ein Fehler aufgetreten: <br>Fehlercode <i>{0}</i>: {1}
 -auth.09=Zur Auswahlseite der B�rgertenumgebung (URL={0}) konnte keine Verbindung hergestellt werden. : <br>HTTP-Statuscode <i>{1}</i>
 +auth.08=In der B?rgerkartenumgebung ist ein Fehler aufgetreten\: <br>Fehlercode <i>{0}</i>\: {1}
 +auth.09=Zur Auswahlseite der B?rgertenumgebung (URL\={0}) konnte keine Verbindung hergestellt werden. \: <br>HTTP-Statuscode <i>{1}</i>
  auth.10=Fehler beim Aufruf von "{0}": Parameter "{1}" fehlt
 -auth.11=Die zentral gespeicherte Auswahlseite f�r B�rgerkartenumgebungen konnte nicht geladen werden. Bitte informieren Sie den Adminstrator des Servers und versuchen Sie die Anmeldung in einiger Zeit abermals. <br>URL "{0}" Interne Fehlermeldung: {1}
 +auth.11=Die zentral gespeicherte Auswahlseite f?r B?rgerkartenumgebungen konnte nicht geladen werden. Bitte informieren Sie den Adminstrator des Servers und versuchen Sie die Anmeldung in einiger Zeit abermals. <br>URL "{0}" Interne Fehlermeldung\: {1}
  auth.12=Fehlerhafter Parameter "{1}" beim Aufruf von "{0}"
  auth.13=Vollmachtenmodus f�r ausl�ndische B�rger wird nicht unterst�tzt.
  auth.14=Zertifikat konnte nicht ausgelesen werden.
  auth.15=Fehler bei Anfrage an Vollmachten Service.
  auth.16=Fehler bei Abarbeitung der Vollmacht in "{0}"
  auth.17=Vollmachtenmodus f�r nicht-�ffentlichen Bereich wird nicht unterst�tzt.
 +auth.18=Keine MOASessionID vorhanden
  init.00=MOA ID Authentisierung wurde erfolgreich gestartet
 -init.01=Fehler beim Aktivieren des IAIK-JCE/JSSE/JDK1.3 Workaround: SSL ist m�glicherweise nicht verf�gbar
 +init.01=Fehler beim Aktivieren des IAIK-JCE/JSSE/JDK1.3 Workaround\: SSL ist m?glicherweise nicht verf?gbar
  init.02=Fehler beim Starten des Service MOA ID Authentisierung
 +init.04=Fehler beim Datenbankzugriff mit der SessionID {0}
 + 
  config.00=MOA ID Konfiguration erfolgreich geladen: {0}
  config.01=Umgebungsvariable "moa.id.configuration" nicht gesetzt
 @@ -62,11 +65,11 @@ config.17=Fehler beim initialisieren von Hibernate  parser.00=Leichter Fehler beim Parsen: {0}
  parser.01=Fehler beim Parsen: {0}
  parser.02=Schwerer Fehler beim Parsen: {0}
 -parser.03=Fehler beim Parsen oder Konvertieren eines ECDSA-Schl�ssels: {0}
 +parser.03=Fehler beim Parsen oder Konvertieren eines ECDSA-Schl?ssels\: {0}
  parser.04=Fehler beim Serialisieren: {0}
  parser.05=Fehler beim Serialisieren: SAML-Attribute {0} (Namespace: {1}) konnte nicht serialsiert werden.
 -parser.06=Fehler beim Parsen: {0}-InfoboxResponse nicht vollst�ndig ({1} im {2} fehlt)
 -parser.07=Fehler beim Parsen: Assoziatives Array im {0}-InfoboxResponse enth�lt einen Schl�ssel ohne zugeh�rigen Wert ("Key"-Element statt "Pair"-Element).
 +parser.06=Fehler beim Parsen\: {0}-InfoboxResponse nicht vollst?ndig ({1} im {2} fehlt)
 +parser.07=Fehler beim Parsen\: Assoziatives Array im {0}-InfoboxResponse enth?lt einen Schl?ssel ohne zugeh?rigen Wert ("Key"-Element statt "Pair"-Element).
  builder.00=Fehler beim Aufbau der Struktur "{0}": {1}
  builder.01=Fehlerhaftes Template: Kennung "{0}" fehlt
 @@ -87,7 +90,7 @@ proxy.00=MOA ID Proxy wurde erfolgreich gestartet  proxy.01=Unbekannter URL {0}, erwarteter URL auf {1}
  proxy.02=Unbekannter URL {0}. <br>Es wurde keine �bereinstimmung zum Attribut publicURLPrefix im Element 'OnlineApplication' der verwendeten MOA-ID Konfigurationsdatei gefunden.
  proxy.04=URL {0} : {1}
 -proxy.05=Fehler beim Aufbauen der SSLSocketFactory f�r {0} : {1}
 +proxy.05=Fehler beim Aufbauen der SSLSocketFactory f?r {0} \: {1}
  proxy.06=Fehler beim Starten des Service MOA ID Proxy
  proxy.07=Sie sind nicht bzw. nicht mehr angemeldet. Melden Sie sich bitte erneut an.
  proxy.08=Kein URL-Mapping in der HttpSession verf�gbar (URL {0})
 @@ -95,8 +98,8 @@ proxy.09=Fehler beim Aufruf des MOA-ID Auth API: {0}  proxy.10=Fehler beim Weiterleiten (MOA-ID Proxy)
  proxy.11=Beim Weiterleiten der Verbindung zur Anwendung ist ein Fehler aufgetreten.
  proxy.12=Fehler bei der Anmeldung. <br>Eine Anmeldung an der Anwendung <b>{0}</b> war nicht möglich. <br>Prüfen Sie bitte ihre Berechtigung.
 -proxy.13=Fehler beim Aufruf des LoginParameterResolvers zu URL-Pr�fix: {0} 
 -proxy.14=<p> Folgende Ursachen k�nnen zu dem Fehler gef�hrt haben:</p><ol><li>Sie sind nicht mehr angemeldet (Verbindungen werden aus Sicherheitsgr�nden bei l�ngerer Inaktivit�t beendet.)<br>Melden Sie sich bitte erneut an.</li><li> Die Kommunikation mit dem Server schlug fehl.<br> </li></ol>
 +proxy.13=Fehler beim Aufruf des LoginParameterResolvers zu URL-Pr?fix\: {0} 
 +proxy.14=<p> Folgende Ursachen k?nnen zu dem Fehler gef?hrt haben\:</p><ol><li>Sie sind nicht mehr angemeldet (Verbindungen werden aus Sicherheitsgr?nden bei l?ngerer Inaktivit?t beendet.)<br>Melden Sie sich bitte erneut an.</li><li> Die Kommunikation mit dem Server schlug fehl.<br> </li></ol>
  proxy.15=Auf die gew�nschte Seite kann nicht zugegriffen werden, Sie besitzen nicht die ben�tigte Berechtigung. 
  proxy.16=Fehler bei der Anmeldung. <br>Eine Anmeldung an der Anwendung <b>{0}</b> war nicht möglich. Die maximale Anzahl von {1} ungültigen Loginversuchen wurde überschritten.<br>Prüfen Sie bitte ihre Berechtigung.
 @@ -104,7 +107,7 @@ validator.00=Kein SAML:Assertion Objekt gefunden {0}  validator.01=Im Subject kommt mehr als ein Element des Typs PhysicalPersonType vor {0}
  validator.02=Das verwendete Schl�sselformat eines �ffentlichen Schl�ssels ist unbekannt {0}
  validator.03=Der Namespace eines �ffentlichen Schl�ssels ist ung�ltig {0}
 -validator.04=Es wurde ein SAML:Attribut ohne �ffentlichen Schl�ssel gefunden {0}
 +validator.04=Es wurde ein SAML\:Attribut ohne ?ffentlichen Schl?ssel gefunden {0}
  validator.05=Es wurde {0} keine DSIG:Signature gefunden
  validator.06=Die Signatur ist ung�ltig
 @@ -144,33 +147,35 @@ validator.32="Issuer" im AUTH-Block nicht vorhanden.  validator.33="Issuer"-Attribut im AUTH-Block ("{0}") stimmt nicht mit dem Namen in der Personenbindung ("{1}") �berein.
  validator.34=Das Geburtsdatum ({0}) stimmt nicht mit dem in der Personenbindung ({1}) �berein.
  validator.35=Der Namespace des SAML-Attributs "Geburtsdatum" ist ung�ltig.
 -validator.36=Die Anzahl der SAML-Attribute im AUTH-Block wurde ver�ndert: {0} statt der erwarteten {1}
 -validator.37=Die Reihenfolge der SAML-Attribute im AUTH-Block wurde ver�ndert: Attribut "{0}" anstelle von Attribut "{1}" an der {2}. Position 
 -validator.38=Der {0} des SAML-Attributs Nummer {1} ({2}) im AUTH-Block ist ung�ltig: "{3}" anstelle von "{4}"
 -validator.39=Der Austellungszeitpunkt (IssueInstant) im AUTH-Block wurde ver�ndert: {0} anstelle von {1}. M�glicherweise wurde Ihre B�rgerkartenumgebung kompromittiert. Verwenden Sie Ihre B�rgerkarte bis auf weiteres nicht mehr, und setzen Sie sich umgehend mit dem Betreiber des Online-Dienstes, an dem Sie sich anmelden wollten, in Verbindung.
 -
 -
 -validator.40=�berpr�fung der {0}-Infobox fehlgeschlagen: {1}
 -validator.41=�berpr�fung der {0}-Infobox fehlgeschlagen: Keine Konfigurationsparameter zur �berpr�fung der {0}-Infobox vorhanden.
 -validator.42=�berpr�fung der {0}-Infobox fehlgeschlagen: Es konnte keine geeignete Applikation zur Verifikation der {0}-Infobox geladen werden.
 -validator.43=�berpr�fung der {0}-Infobox fehlgeschlagen: Der InfoboxReadResponse f�r die {0}-Infobox konnte nicht erfolgreich geparst werden.
 -validator.44=�berpr�fung der {0}-Infobox fehlgeschlagen: In der {0}-Infobox Pr�fapplikation ist ein Fehler aufgetreten.
 -validator.45=�berpr�fung der {0}-Infobox fehlgeschlagen: Der {1} des von der {0}-Infobox Pr�fapplikation zur�ckgegebenen SAML-Attributes Nummer {2} ist {3}.
 -validator.46=�berpr�fung der {0}-Infobox fehlgeschlagen: Der Wert des von der Pr�fapplikation zur�ckgegebenen SAML-Attributes Nummer {1} ist ung�ltig.
 -validator.47=�berpr�fung der {0}-Infobox fehlgeschlagen: Das von der Pr�fapplikation zur�ckgegebene SAML-Attribut Nummer {1} kann nicht eindeutig zugeordnet werden.
 -validator.48={0}-Infobox wurde nicht von der BKU �bermittelt: F�r die Anmeldung an dieser Online-Applikation ist die {0}-Infobox erforderlich. Bitte melden Sie sich erneut an, und selektieren Sie in Ihrer BKU die {0}-Infobox.
 +validator.36=Die Anzahl der SAML-Attribute im AUTH-Block wurde ver?ndert\: {0} statt der erwarteten {1}
 +validator.37=Die Reihenfolge der SAML-Attribute im AUTH-Block wurde ver?ndert\: Attribut "{0}" anstelle von Attribut "{1}" an der {2}. Position 
 +validator.38=Der {0} des SAML-Attributs Nummer {1} ({2}) im AUTH-Block ist ung?ltig\: "{3}" anstelle von "{4}"
 +validator.39=Der Austellungszeitpunkt (IssueInstant) im AUTH-Block wurde ver?ndert\: {0} anstelle von {1}. M?glicherweise wurde Ihre B?rgerkartenumgebung kompromittiert. Verwenden Sie Ihre B?rgerkarte bis auf weiteres nicht mehr, und setzen Sie sich umgehend mit dem Betreiber des Online-Dienstes, an dem Sie sich anmelden wollten, in Verbindung.
 +
 +
 +validator.40=?berpr?fung der {0}-Infobox fehlgeschlagen\: {1}
 +validator.41=?berpr?fung der {0}-Infobox fehlgeschlagen\: Keine Konfigurationsparameter zur ?berpr?fung der {0}-Infobox vorhanden.
 +validator.42=?berpr?fung der {0}-Infobox fehlgeschlagen\: Es konnte keine geeignete Applikation zur Verifikation der {0}-Infobox geladen werden.
 +validator.43=?berpr?fung der {0}-Infobox fehlgeschlagen\: Der InfoboxReadResponse f?r die {0}-Infobox konnte nicht erfolgreich geparst werden.
 +validator.44=?berpr?fung der {0}-Infobox fehlgeschlagen\: In der {0}-Infobox Pr?fapplikation ist ein Fehler aufgetreten.
 +validator.45=?berpr?fung der {0}-Infobox fehlgeschlagen\: Der {1} des von der {0}-Infobox Pr?fapplikation zur?ckgegebenen SAML-Attributes Nummer {2} ist {3}.
 +validator.46=?berpr?fung der {0}-Infobox fehlgeschlagen\: Der Wert des von der Pr?fapplikation zur?ckgegebenen SAML-Attributes Nummer {1} ist ung?ltig.
 +validator.47=?berpr?fung der {0}-Infobox fehlgeschlagen\: Das von der Pr?fapplikation zur?ckgegebene SAML-Attribut Nummer {1} kann nicht eindeutig zugeordnet werden.
 +validator.48={0}-Infobox wurde nicht von der BKU ?bermittelt\: F?r die Anmeldung an dieser Online-Applikation ist die {0}-Infobox erforderlich. Bitte melden Sie sich erneut an, und selektieren Sie in Ihrer BKU die {0}-Infobox.
  validator.49=Beim Ermitteln der Personenbindungs-OID im Zertifikat, mit dem die Personenbindung signiert wurde, ist ein Fehler aufgetreten.
  validator.50=Transformationskette in der Signatur stimmt mit keiner Transformationskette aus dem Pr�fprofil �berein.
 -validator.60=�berpr�fung der {0}-Infobox fehlgeschlagen: Vollmachtenpr�fung ist f�r diesen Typ von Vollmachten nicht aktiviert. Die �bermittelte Vollmacht kann nicht f�r eine Anmeldung verwendet werden.
 -validator.61=�berpr�fung der {0}-Infobox fehlgeschlagen: Vollmachtenpr�fung ist f�r diesen Typ von Vollmachten f�r berufliche Parteienvertreter nicht aktiviert. Die �bermittelte Vollmacht kann nicht f�r eine Anmeldung verwendet werden.
 -validator.62=Fehler in der �bermittlung: keine prim�re Vollmacht �bergeben.
 +validator.60=?berpr?fung der {0}-Infobox fehlgeschlagen\: Vollmachtenpr?fung ist f?r diesen Typ von Vollmachten nicht aktiviert. Die ?bermittelte Vollmacht kann nicht f?r eine Anmeldung verwendet werden.
 +validator.61=?berpr?fung der {0}-Infobox fehlgeschlagen\: Vollmachtenpr?fung ist f?r diesen Typ von Vollmachten f?r berufliche Parteienvertreter nicht aktiviert. Die ?bermittelte Vollmacht kann nicht f?r eine Anmeldung verwendet werden.
 +validator.62=Fehler in der ?bermittlung\: keine prim?re Vollmacht ?bergeben.
  validator.63=Es ist ein Fehler bei der Formulargenerierung f�r berufliche Parteienvetretung aufgetreten.
  validator.64=Fehler beim Austausch von Vollmachtsdaten
  validator.65=Es ist ein Fehler bei der Formulargenerierung f�r berufliche Parteienvetretung aufgetreten - kein Formular zur Anzeige vorhanden.
 -validator.66=�berpr�fung der {0}-Infobox fehlgeschlagen: berufliche Parteienvetretung ist nicht konfiguriert.
 +validator.66=?berpr?fung der {0}-Infobox fehlgeschlagen\: berufliche Parteienvetretung ist nicht konfiguriert.
 +
 +validator.67=Der Specialtext ({0}) stimmt nicht mit dem für diese Applikation hinterlegten Text ({1}) überein.
  ssl.01=Validierung des SSL-Server-Endzertifikates hat fehlgeschlagen
 @@ -179,7 +184,7 @@ stork.01=STORK SAML AuthnRequest nicht g�ltig  stork.02=STORK SAML AuthnRequest kann nicht an folgende URL geschickt werden: {0}
  stork.04=STORK SAML Response konnte nicht decodiert werden
  stork.05=STORK SAML Response Validierung fehlgeschlagen
 -stork.06=STORK SAML Response enth�lt eine Fehlermeldung: {0}
 +stork.06=STORK SAML Response enth?lt eine Fehlermeldung\: {0}
  stork.07=Es existiert kein STORK AuthnRequest f�r diese STORK Response
  stork.08=STORK SAML Assertion Validierung fehlgeschlagen
  stork.09=Fehler beim �berpr�fen der STORK B�rgerInnen Signatur
 diff --git a/id/server/idserverlib/src/main/resources/resources/templates/loginForm.html b/id/server/idserverlib/src/main/resources/resources/templates/loginForm.html index 576683dc7..688732c15 100644 --- a/id/server/idserverlib/src/main/resources/resources/templates/loginForm.html +++ b/id/server/idserverlib/src/main/resources/resources/templates/loginForm.html @@ -1,59 +1,267 @@  <html>  <head> +	<meta content="text/html; charset=utf-8" http-equiv="Content-Type"> +	<meta content="text/css" http-equiv="Content-Style-Type"> +	<link rel="stylesheet" type="text/css" href="css/index.css"> +	<link type="text/css" rel="stylesheet" href="css/2.0/stammzahl.css"> +	<link type="text/css" rel="stylesheet" href="css/2.0/stylesnew.css"> +	<link type="text/css" rel="stylesheet" href="css/2.0/stylesinput.css"> +	<script type="text/javascript"> +		function isIE() { +			return (/MSIE (\d+\.\d+);/.test(navigator.userAgent)); +		} + +		function isFullscreen() { +			try { +				return ((top.innerWidth == screen.width) && (top.innerHeight == screen.height)); +			} catch (e) { +				return false; +			} +		} + +		function isActivexEnabled() { +			var supported = null; +			try { +				supported = !!new ActiveXObject("htmlfile"); +			} catch (e) { +				supported = false; +			} +			return supported; +		} + +		function isMetro() { +			if (!isIE()) +				return false; +			return !isActivexEnabled() && isFullscreen(); +		} + +		window.onload=function() { +			document.getElementById("localBKU").style.display="none"; +			return; +		} + +		function bkuOnlineClicked() { +			if (isMetro()) +				document.getElementById("metroDetected").style.display="block"; +			document.getElementById("localBKU").style.display="block"; + +			setMandateSelection(); + +			var iFrameURL = "#AUTH_URL#" + "?"; +			iFrameURL += "bkuURI=" + "0"; +			iFrameURL += "&useMandate=" + document.getElementById("useMandate").value; +			iFrameURL += "&MODUL=" + "#MODUL#"; +			iFrameURL += "&ACTION=" + "#ACTION#"; + +			generateIFrame(iFrameURL); +		} + +		function bkuHandyClicked() { +			document.getElementById("localBKU").style.display="none"; + +			setMandateSelection(); + +			var iFrameURL = "#AUTH_URL#" + "?"; +			iFrameURL += "bkuURI=" + "1"; +			iFrameURL += "&useMandate=" + document.getElementById("useMandate").value; +			iFrameURL += "&MODUL=" + "#MODUL#"; +			iFrameURL += "&ACTION=" + "#ACTION#"; + +			generateIFrame(iFrameURL); +		} + +		function storkClicked() { +			document.getElementById("localBKU").style.display="none";  + +			setMandateSelection(); + +			var ccc = "AT"; +			var countrySelection = document.getElementById("cccSelection"); + +			if (countrySelection !=  null) { +				ccc = document.getElementById("cccSelection").value; +			} + +			var iFrameURL = "#AUTH_URL#" + "?"; +			iFrameURL += "bkuURI=" + "0"; +			iFrameURL += "&useMandate=" + document.getElementById("useMandate").value; +			iFrameURL += "&ccc=" + ccc; +			iFrameURL += "&MODUL=" + "#MODUL#"; +			iFrameURL += "&ACTION=" + "#ACTION#"; + +			generateIFrame(iFrameURL); +		} + +		function generateIFrame(iFrameURL) { +			var el = document.getElementById("bkulogin"); +			var parent = el.parentNode; + +			var iframe = document.createElement("iframe"); +			iframe.setAttribute("src", iFrameURL); +			iframe.setAttribute("width", "220"); +			iframe.setAttribute("height", "165"); +			iframe.setAttribute("frameborder", "0"); +			iframe.setAttribute("scrolling", "no"); +			iframe.setAttribute("title", "Login"); + +			parent.replaceChild(iframe, el); +		} + +		function setMandateSelection() { +			document.getElementById("moaidform").action = "#AUTH_URL#"; + +			document.getElementById("useMandate").value = "false"; +			var checkbox = document.getElementById("mandateCheckBox"); +			if (checkbox !=  null) { +				if (document.getElementById("mandateCheckBox").checked) { +					document.getElementById("useMandate").value = "true"; +				} +			} +		} +	</script>  </head> + +  <body> -	<div style="width: 250px"> -		<div id="bku_area"> -			<form action="#AUTH_URL#" method="get" id="fcard"> -				<input type="hidden" name="bkuURI" value="https://127.0.0.1:3496/https-security-layer-request"> -				<input type="hidden" name="OA" value="#OA_URL#"> -				<input type="hidden" name="MODUL" value="#MODUL#"> -				<input type="hidden" name="ACTION" value="#ACTION#"> -				<input type="checkbox" id="mandateCheckBox" name="useMandate" value="true"> -				<label for="mandateCheckBox">in Vertretung anmelden</label> -				<div -					style="float: left; width: 48%; text-align: center; position: relative;"> -					<div class="image"> -						<img src="img/karte.gif" alt="Login mit Karte" width="76" -							height="50" style="margin-top: 1.5em;"> +	<div class="pageWidth"> + +		<div id="pagebase"> +		<div id="page"> + +		<div id="header" class="header clearfix"> +			<h1 class="main_header">MOA-ID 2.0 - Login Preview</h1> + +<!-- 			<ul id="servicenav"> +				<li><a href="http://www.dsk.gv.at">Datenschutzkommission<span class="hidden">.</span></a></li> +			    <li><a href="http://www.stammzahlenregister.gv.at/site/5109/default.aspx">Stammzahlenregister<span class="hidden">.</span></a></li> +			    <li><a href="http://www.dsk.gv.at/DesktopDefault.aspx?alias=dvr">Datenverarbeitungsregister<span class="hidden">.</span></a></li> +			    <li><a href="http://www.dsk.gv.at/DesktopDefault.aspx?alias=dsken" lang="en" class="last-item">English<span class="hidden">.</span></a></li>	 +			</ul> --> + +			<div id="mainnavjump"></div> +			<p id="homelink"><img src="img/2.0/logo.png" style="width: 250px" alt="EGIZ"></p> +			<ul id="mainnav" class="clearfix"> +<!-- 				<li><a href="http://www2.egiz.gv.at">Home<span class="hidden">.</span></a></li> --> +<!-- 				<li><a href="http://www.stammzahlenregister.gv.at/site/5970/default.aspx">bPK<span class="hidden">.</span></a></li> +				<li><a href="http://www.stammzahlenregister.gv.at/site/5981/default.aspx">Ergänzungsregister<span class="hidden">.</span></a></li> +				<li class="selected"><a href="http://www.stammzahlenregister.gv.at/site/5983/default.aspx" class="current">Vollmachten<span class="hidden"> (gewählt)</span><span class="hidden">.</span></a></li> +				<li><a href="http://www.stammzahlenregister.gv.at/site/6001/default.aspx">Veröffentlichungen<span class="hidden">.</span></a></li> --> +			</ul> + +		</div> + + +		<br class="clearAll"> + +		<div id="viewcontrol" class="switch"> +			<div id="page1" class="case selected-case"> +				<div style="margin-left: 0px;"> + +					<h2 class="OA_header">Anmeldung an: #OAName#</h2> + +					<div id="main"> +					<div id="leftcontent"> +						<h2 id="tabheader" class="dunkel"> +							Login mit Bürgerkarte +						</h2> +						<div id="bkulogin" class="hell"> + +							<div id="mandateLogin" style="margin-top: 10px; margin-bottom: 10px"> +								<table style="margin-left: auto; margin-right: auto;"> +									<tr> +										<td><input tabindex="1" type="checkbox" name="Mandate" +											style="vertical-align: middle; margin-right: 5px" +											id="mandateCheckBox"></td> +										<td><label for="mandateCheckBox">in Vertretung anmelden</label></td> +										<td><a href="info_mandates.html" target="_blank" +											class="infobutton" style="margin-left: 5px" tabindex="5">i</a></td> +									</tr> +								</table> +							</div> +	 +							<div id="bkukarte" class="hell"> +								<button name="bkuButton" type="button" onClick="bkuOnlineClicked();">KARTE</button> +							</div> +	 +							<div id="bkuhandy" class="hell"> +								<button name="bkuButton" type="button" onClick="bkuHandyClicked();">HANDY</button> +							</div> +	 +	<!-- 						<div id="mandate"> +								<input type="checkbox" name="Mandate" style="vertical-align: middle; margin-right: 5px;" id="mandateCheckBox"> +								<label>in Vertretung anmelden</label> +								<a href="info_mandates.html" target="_blank" class="infobutton" style="color:#FFF">i</a> +							</div> --> +		 +							<div id="stork" class="hell" align="center"> +								<div id="leftcontent" style="margin-bottom:10px"> +									<h2 id="tabheader" class="dunkel"> +										Home Country Selection +									</h2> +								</div> +								<p> +									<select name="cccSelection" id="cccSelection" size="1" style="width: 120px; margin-right: 5px;" > +										<option value="BE">België/Belgique</option> +										<option value="EE">Eesti</option> +										<option value="ES">España</option> +										<option value="IS">Ísland</option> +										<option value="IT">Italia</option> +										<option value="LI">Liechtenstein</option> +										<option value="LT">Lithuania</option> +										<option value="PT">Portugal</option> +										<option value="SI">Slovenija</option> +										<option value="FI">Suomi</option> +										<option value="SE">Sverige</option> +									</select> +									<button name="bkuButton" type="button" onClick="storkClicked();">Send</button> +									<a href="info_stork.html" target="_blank" class="infobutton" style="color:#FFF">i</a>								 +								</p> +							</div> +						</div> + +						<div id="metroDetected" style="display:none" class="hell"> +							<p> +								Anscheinend verwenden Sie Internet Explorer im Metro-Modus. Wählen Sie bitte "Auf dem Desktop anzeigen" aus den Optionen um die Karten-Anmeldung starten zu können. +							</p> +						</div> + +						<div id="localBKU" style="display:none" class="hell"> +							<hr> +							<form method="get" id="moaidform"> +								<input type="hidden" name="bkuURI" value="2"> +								<input type="hidden" name="useMandate" id="useMandate"> +								<input type="hidden" name="CCC" id="ccc"> +								<input type="hidden" name="MODUL" value="#MODUL#"> +								<input type="hidden" name="ACTION" value="#ACTION#"> +								<input type="submit" size="400" value="lokale BKU" class="sendButton"> +							</form> +							<p> +								<small>Alternativ können Sie eine lokal installierte BKU verwenden.</small> +							</p> +						</div>  					</div> -					<input type="submit" id="startOnlineBku" name="startOnlineBku" -						value="Karte" class="button"> -				</div> -				<div -					style="float: left; width: 48%; text-align: center; position: relative;"> -					<div class="image"> -						<img src="img/handy.gif" alt="Login mit Handy" width="34" -							height="57" style="margin-top: 1em;">  					</div> -					<input type="submit" id="startMobileBku" name="startMobileBku" -						value="Handy" class="button">  				</div> -			</form> +			</div> +		</div> + +		<br style="clear: both"> +		<div id="footer" class="clearfix"> + +<!-- 			<h2 class="hidden">Über die Website der Stammzahlenregisterbehörde</h2> +			<ul> +				<li><a href="http://www.stammzahlenregister.gv.at/site/5115/Default.aspx" class="first-item">Impressum<span class="hidden">.</span></a></li> +				<li><a href="http://www.stammzahlenregister.gv.at/site/6004/Default.aspx" lang="en">Sitemap<span class="hidden">.</span></a></li> +		 +				<li><a href="http://www.stammzahlenregister.gv.at/site/5122/Default.aspx">Kontakt<span class="hidden">.</span></a></li> +				<li><a href="http://www.stammzahlenregister.gv.at/site/6005/Default.aspx">Hilfe<span class="hidden">.</span></a></li> +			</ul> --> +		</div> + + +		</div>  		</div> -		<form name="storkForm" method="POST" -			action="#AUTH_URL#"> -			<input type="hidden" name="bkuURI" value="https://127.0.0.1:3496/https-security-layer-request"> -			<input type="hidden" name="OA" value="#OA_URL#"> -			<input type="hidden" name="MODULE" value="#MODULE#"> -			<input type="hidden" name="ACTION" value="#ACTION#"> -			<select name="CCC" size="1" style="width: 120px"> -				<option value="BE">België/Belgique</option> -				<option value="EE">Eesti</option> -				<option value="ES">España</option> -				<option value="IS">Ísland</option> -				<option value="IT">Italia</option> -				<option value="LI">Liechtenstein</option> -				<option value="LT">Lithuania</option> -				<option value="PT">Portugal</option> -				<option value="SI">Slovenija</option> -				<option value="FI">Suomi</option> -				<option value="SE">Sverige</option> -			</select> <input type="submit" name="storkButton" value="Send" alt="Send" -				class="button" /> <a href="info_stork.html" target="_blank" -				class="infobutton" style="color: #FFF">i</a> -		</form>  	</div>  </body> -</html>
\ No newline at end of file +</html> | 
