aboutsummaryrefslogtreecommitdiff
path: root/id/server/moa-id-commons/src/main/java
diff options
context:
space:
mode:
Diffstat (limited to 'id/server/moa-id-commons/src/main/java')
-rw-r--r--id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/MOAIDConstants.java14
-rw-r--r--id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/api/AuthConfiguration.java10
-rw-r--r--id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/api/ConfigurationProvider.java9
-rw-r--r--id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/api/IOAAuthParameters.java7
-rw-r--r--id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/api/IRequest.java28
-rw-r--r--id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/api/data/AuthProzessDataConstants.java66
-rw-r--r--id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/api/data/ExtendedSAMLAttribute.java119
-rw-r--r--id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/api/data/IAuthenticationSession.java296
-rw-r--r--id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/api/data/IIdentityLink.java175
-rw-r--r--id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/api/data/IMISMandate.java (renamed from id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/logging/LoggingContext.java)83
-rw-r--r--id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/api/data/IVerifiyXMLSignatureResponse.java161
-rw-r--r--id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/api/exceptions/SessionDataStorageException.java9
-rw-r--r--id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/config/ConfigurationMigrationUtils.java30
-rw-r--r--id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/config/SpringProfileConstants.java8
-rw-r--r--id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/db/MOASessionDBUtils.java192
-rw-r--r--id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/db/NewConfigurationDBRead.java11
-rw-r--r--id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/db/StatisticLogDBUtils.java192
-rw-r--r--id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/db/dao/config/deprecated/OASTORK.java35
-rw-r--r--id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/db/dao/config/deprecated/STORK.java32
-rw-r--r--id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/db/dao/session/AssertionStore.java17
-rw-r--r--id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/db/dao/session/AuthenticatedSessionStore.java4
-rw-r--r--id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/db/dao/statistic/StatisticLog.java2
-rw-r--r--id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/utils/MOAHttpProtocolSocketFactory.java90
-rw-r--r--id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/utils/ssl/CertStoreConfigurationImpl.java18
-rw-r--r--id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/utils/ssl/MOAIDTrustManager.java44
-rw-r--r--id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/utils/ssl/PKIConfigurationImpl.java118
-rw-r--r--id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/utils/ssl/PKIProfileImpl.java59
-rw-r--r--id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/utils/ssl/RevocationConfigurationImpl.java44
-rw-r--r--id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/utils/ssl/SSLUtils.java124
-rw-r--r--id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/logging/LogMsg.java67
-rw-r--r--id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/logging/LoggingContextManager.java80
-rw-r--r--id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/util/Constants.java13
-rw-r--r--id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/util/MOAEntityResolver.java3
-rw-r--r--id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/util/MOAErrorHandler.java2
-rw-r--r--id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/util/SSLUtils.java244
35 files changed, 1350 insertions, 1056 deletions
diff --git a/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/MOAIDConstants.java b/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/MOAIDConstants.java
index 6726aacb5..6d573efe8 100644
--- a/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/MOAIDConstants.java
+++ b/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/MOAIDConstants.java
@@ -40,11 +40,13 @@ public class MOAIDConstants {
public static final String PREFIX_WPBK = "urn:publicid:gv.at:wbpk+";
public static final String PREFIX_STORK = "urn:publicid:gv.at:storkid+";
+ public static final String PREFIX_EIDAS = "urn:publicid:gv.at:eidasid+";
public static final String IDENIFICATIONTYPE_FN = "FN";
public static final String IDENIFICATIONTYPE_ERSB = "ERSB";
public static final String IDENIFICATIONTYPE_ZVR = "ZVR";
public static final String IDENIFICATIONTYPE_STORK = "STORK";
+ public static final String IDENIFICATIONTYPE_EIDAS = "eIDAS";
public static final String KEYBOXIDENTIFIER_SECURE = "SecureSignatureKeypair";
public static final String KEYBOXIDENTIFIER_CERTIFIED = "CertifiedKeypair";
@@ -61,16 +63,22 @@ public class MOAIDConstants {
public static final List<String> ALLOWED_KEYBOXIDENTIFIER;
public static final List<String> ALLOWED_REDIRECTTARGETNAMES;
public static final List<String> ALLOWED_STORKATTRIBUTEPROVIDERS;
+ public static final List<String> ALLOWED_eIDAS_LOA;
public static final List<String> JDBC_DRIVER_NEEDS_WORKAROUND;
public static final String UNIQUESESSIONIDENTIFIER = "uniqueSessionIdentifier";
+ public static final String eIDAS_LOA_LOW = "http://eidas.europa.eu/LoA/low";
+ public static final String eIDAS_LOA_SUBSTANTIAL = "http://eidas.europa.eu/LoA/substantial";
+ public static final String eIDAS_LOA_HIGH = "http://eidas.europa.eu/LoA/high";
+
static {
Hashtable<String, String> tmp = new Hashtable<String, String>();
tmp.put(IDENIFICATIONTYPE_FN, "Firmenbuchnummer");
tmp.put(IDENIFICATIONTYPE_ZVR, "Vereinsnummer");
tmp.put(IDENIFICATIONTYPE_ERSB, "ERsB Kennzahl");
tmp.put(IDENIFICATIONTYPE_STORK, "STORK");
+ tmp.put(IDENIFICATIONTYPE_EIDAS, "eIDAS");
BUSINESSSERVICENAMES = Collections.unmodifiableMap(tmp);
List<String> awbpk = new ArrayList<String>();
@@ -87,6 +95,12 @@ public class MOAIDConstants {
keyboxIDs.add(KEYBOXIDENTIFIER_CERTIFIED);
ALLOWED_KEYBOXIDENTIFIER = Collections.unmodifiableList(keyboxIDs);
+ List<String> eIDASLOA = new ArrayList<String>();
+ eIDASLOA.add(eIDAS_LOA_LOW);
+ eIDASLOA.add(eIDAS_LOA_SUBSTANTIAL);
+ eIDASLOA.add(eIDAS_LOA_HIGH);
+ ALLOWED_eIDAS_LOA = Collections.unmodifiableList(eIDASLOA);
+
List<String> redirectTargets = new ArrayList<String>();
redirectTargets.add(REDIRECTTARGET_BLANK);
redirectTargets.add(REDIRECTTARGET_PARENT);
diff --git a/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/api/AuthConfiguration.java b/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/api/AuthConfiguration.java
index 6b51c8683..2a8f8727a 100644
--- a/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/api/AuthConfiguration.java
+++ b/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/api/AuthConfiguration.java
@@ -31,6 +31,16 @@ public interface AuthConfiguration extends ConfigurationProvider{
*/
public String getBasicMOAIDConfiguration(final String key);
+
+ /**
+ * Get a configuration value from basic file based MOA-ID configuration
+ *
+ * @param key configuration key
+ * @param defaultValue Default value if no value with this key is found
+ * @return configuration value
+ */
+ public String getBasicMOAIDConfiguration(final String key, final String defaultValue);
+
public int getTransactionTimeOut();
public int getSSOCreatedTimeOut();
public int getSSOUpdatedTimeOut();
diff --git a/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/api/ConfigurationProvider.java b/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/api/ConfigurationProvider.java
index ca0a56049..e14f9c9ce 100644
--- a/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/api/ConfigurationProvider.java
+++ b/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/api/ConfigurationProvider.java
@@ -60,7 +60,12 @@ public interface ConfigurationProvider {
public String getTrustedCACertificates();
- public String getCertstoreDirectory();
-
public boolean isTrustmanagerrevoationchecking();
+
+ /**
+ * Get active Spring profiles from file based configuration
+ *
+ * @return Array of currently configurated Spring profiles
+ */
+ public String[] getActiveProfiles();
}
diff --git a/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/api/IOAAuthParameters.java b/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/api/IOAAuthParameters.java
index be6d34275..1aea8d7b6 100644
--- a/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/api/IOAAuthParameters.java
+++ b/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/api/IOAAuthParameters.java
@@ -152,7 +152,12 @@ public interface IOAAuthParameters {
*/
public boolean isShowStorkLogin();
- public Integer getQaaLevel();
+ /**
+ * Return the eIDAS LoA which is minimum required
+ *
+ * @return eIDAS LoA as URL identifier
+ */
+ public String getQaaLevel();
public boolean isRequireConsentForStorkAttributes();
diff --git a/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/api/IRequest.java b/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/api/IRequest.java
index b23b4474b..88cd89319 100644
--- a/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/api/IRequest.java
+++ b/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/api/IRequest.java
@@ -24,6 +24,9 @@ package at.gv.egovernment.moa.id.commons.api;
import java.util.Collection;
+import org.opensaml.saml2.metadata.provider.MetadataProvider;
+
+import at.gv.egovernment.moa.id.commons.api.data.IAuthenticationSession;
import at.gv.egovernment.moa.id.commons.api.exceptions.SessionDataStorageException;
public interface IRequest {
@@ -107,14 +110,30 @@ public interface IRequest {
/**
- * Hold the identifier of the MOASession which is associated with this request
+ * Hold the identifier of the SSO MOASession which is associated with this request
*
- * @return MOASession identifier if a associated session exists, otherwise null
+ * @return SSO MOASession identifier if a associated session exists, otherwise null
*/
- public String getMOASessionIdentifier();
+ public String getInternalSSOSessionIdentifier();
/**
+ * Hold the MOASession object of a pending request
+ * This MOASession object is NOT stored to AuthenticationSession database, because it is only part of the pending request
+ *
+ * @return {@link IAuthenticationSession} AuthenticationSession data object of this pending request
+ */
+ public IAuthenticationSession getMOASession();
+
+
+ /**
+ * Populate the MOASession object of a pending request with information from an SSO session database
+ *
+ * @param ssoSession
+ */
+ public void populateMOASessionWithSSOInformation(IAuthenticationSession ssoSession);
+
+ /**
* Holds a unique transaction identifier, which could be used for looging
* This transaction identifier is unique for a single identification and authentication process
*
@@ -193,9 +212,10 @@ public interface IRequest {
/**
* This method get a Set of PVP 2.1 attribute, which are request by this pending-request.
+ * @param metadataProvider SAML2 Metadata Provider, or null if no metadata provider is required
*
* @return A set of PVP attribute names or null if no attributes are requested
* or the Service Provider, which sends this request needs no attributes
*/
- public Collection<String> getRequestedAttributes();
+ public Collection<String> getRequestedAttributes(MetadataProvider metadataProvider);
}
diff --git a/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/api/data/AuthProzessDataConstants.java b/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/api/data/AuthProzessDataConstants.java
new file mode 100644
index 000000000..db413b0f5
--- /dev/null
+++ b/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/api/data/AuthProzessDataConstants.java
@@ -0,0 +1,66 @@
+/*
+ * Copyright 2014 Federal Chancellery Austria
+ * MOA-ID has been developed in a cooperation between BRZ, the Federal
+ * Chancellery Austria - ICT staff unit, and Graz University of Technology.
+ *
+ * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by
+ * the European Commission - subsequent versions of the EUPL (the "Licence");
+ * You may not use this work except in compliance with the Licence.
+ * You may obtain a copy of the Licence at:
+ * http://www.osor.eu/eupl/
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the Licence is distributed on an "AS IS" basis,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the Licence for the specific language governing permissions and
+ * limitations under the Licence.
+ *
+ * This product combines work with different licenses. See the "NOTICE" text
+ * file for details on the various modules and licenses.
+ * The "NOTICE" text file is part of the distribution. Any derivative works
+ * that you distribute must include a readable copy of the "NOTICE" text file.
+ */
+package at.gv.egovernment.moa.id.commons.api.data;
+
+/**
+ * @author tlenz
+ *
+ */
+public interface AuthProzessDataConstants {
+
+ public static final String GENERIC_PREFIX = "generic_";
+
+
+ public static final String FLAG_IS_FOREIGNER = "direct_flagIsForeigner";
+ public static final String FLAG_USE_MANDATE = "direct_flagUseMandate";
+ public static final String FLAG_IS_ORGANWALTER = "direct_flagOrganwalter";
+ public static final String FLAG_IS_AUTHENTICATED = "direct_flagIsAuth";
+ public static final String FLAG_SAMLATTRIBUTEGEBEORWBPK = "direct_SAMLAttributeGebeORwbpk";
+
+
+ public static final String VALUE_CREATED = "direct_created";
+ public static final String VALUE_ISSUEINSTANT = "direct_issueInstant";
+ public static final String VALUE_SESSIONID = "direct_sessionId";
+ public static final String VALUE_SIGNER_CERT = "direct_signerCert";
+ public static final String VALUE_IDENTITYLINK = "direct_idl";
+ public static final String VALUE_BKUURL = "direct_bkuUrl";
+ public static final String VALUE_AUTHBLOCK = "direct_authBlock";
+
+ public static final String VALUE_AUTNBLOCKTOKKEN = "direct_authblocktokken";
+ public static final String VALUE_QAALEVEL = "direct_qaaLevel";
+ public static final String VALUE_VERIFYSIGRESP = "direct_verifySigResp";
+
+ public static final String VALUE_MISSESSIONID = "direct_MIS_SessionId";
+ public static final String VALUE_MISREFVALUE = "direct_MIS_RefValue";
+ public static final String VALUE_MISMANDATE = "direct_MIS_Mandate";
+
+
+
+
+ @Deprecated
+ public static final String VALUE_EXTENTEDSAMLATTRAUTH = "direct_extSamlAttrAuth";
+
+ @Deprecated
+ public static final String VALUE_EXTENTEDSAMLATTROA = "direct_extSamlAttrOA";
+
+}
diff --git a/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/api/data/ExtendedSAMLAttribute.java b/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/api/data/ExtendedSAMLAttribute.java
new file mode 100644
index 000000000..e9045e727
--- /dev/null
+++ b/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/api/data/ExtendedSAMLAttribute.java
@@ -0,0 +1,119 @@
+/*******************************************************************************
+ * Copyright 2014 Federal Chancellery Austria
+ * MOA-ID has been developed in a cooperation between BRZ, the Federal
+ * Chancellery Austria - ICT staff unit, and Graz University of Technology.
+ *
+ * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by
+ * the European Commission - subsequent versions of the EUPL (the "Licence");
+ * You may not use this work except in compliance with the Licence.
+ * You may obtain a copy of the Licence at:
+ * http://www.osor.eu/eupl/
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the Licence is distributed on an "AS IS" basis,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the Licence for the specific language governing permissions and
+ * limitations under the Licence.
+ *
+ * This product combines work with different licenses. See the "NOTICE" text
+ * file for details on the various modules and licenses.
+ * The "NOTICE" text file is part of the distribution. Any derivative works
+ * that you distribute must include a readable copy of the "NOTICE" text file.
+ ******************************************************************************/
+/*
+ * Copyright 2003 Federal Chancellery Austria
+ * MOA-ID has been developed in a cooperation between BRZ, the Federal
+ * Chancellery Austria - ICT staff unit, and Graz University of Technology.
+ *
+ * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by
+ * the European Commission - subsequent versions of the EUPL (the "Licence");
+ * You may not use this work except in compliance with the Licence.
+ * You may obtain a copy of the Licence at:
+ * http://www.osor.eu/eupl/
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the Licence is distributed on an "AS IS" basis,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the Licence for the specific language governing permissions and
+ * limitations under the Licence.
+ *
+ * This product combines work with different licenses. See the "NOTICE" text
+ * file for details on the various modules and licenses.
+ * The "NOTICE" text file is part of the distribution. Any derivative works
+ * that you distribute must include a readable copy of the "NOTICE" text file.
+ */
+
+
+package at.gv.egovernment.moa.id.commons.api.data;
+
+/**
+ * A SAML-Attribute to be appended to the final SAML-Assertion
+ * that will be passed to the online application.
+ */
+public interface ExtendedSAMLAttribute {
+ /**
+ * Add this attribute only to the SAML-Assertion
+ * passed to the online application, but not to
+ * the AUTH-Block.
+ */
+ public final static int NOT_ADD_TO_AUTHBLOCK = 0;
+ /**
+ * Add this attribute to both, the AUTH-Block and the
+ * final SAML-Assertion passed to the online application.
+ */
+ public final static int ADD_TO_AUTHBLOCK = 1;
+ /**
+ * Add this attribute to only the AUTH-Block, but not
+ * to the final SAML-Assertion passed to the online application.
+ */
+ public final static int ADD_TO_AUTHBLOCK_ONLY = 2;
+
+ /**
+ * The value of the SAML-Attribute. This must be either a
+ * <code>org.w3c.Element</code> or a <code>java.lang.String</code>
+ * object. Each other type will be ignored. <br>
+ * If, for example, the type of the actual SAML-Attribute is a
+ * <code>&lt;xsd:boolean&gt;</code> the value must be either the String
+ * <code>&quot;true&quot;</code> or <code>&quot;false&quot;</code>.
+ * Or the <code>&lt;xsd:integer&gt;</code> number <code>273</code>
+ * has to be the String <code>&quot;273&quot;</code>.
+ *
+ * @return The value of the SAML-Attribute. Must not be <code>null</code>.
+ */
+ public Object getValue();
+
+ /**
+ * The name of the SAML-Attribute.
+ *
+ * @return The name of the SAML-Attribute. Must not be <code>null</code>.
+ */
+ public String getName();
+
+ /**
+ * The namespace of the SAML-Attribute.
+ * An application will use the context specific namespace URI for the attribute it returns.
+ * However, if the application cannot explicitely assign a namespace URI, the
+ * {@link at.gv.egovernment.moa.util.Constants#MOA_NS_URI default} MOA namespace URI
+ * should be used.
+ *
+ * @return The namespace of the SAML-Attribute. Must not be <code>null</code>.
+ */
+ public String getNameSpace();
+
+ /**
+ * Specifies if this SAML-Attribute should be added to the AUTH-Block.
+ * <br>
+ * Depending on the returned value, this SAML-Attribute should be only added to the
+ * final SAML-Assertion passed to the online application (0), to both, the final
+ * assertion and the AUTH-Block (1) or to the AUTH-Block only (2).
+ *
+ * @return <ul>
+ * <li>0 - add this SAML-Attribute to the final SAML-Assertion only</li>
+ * <li>1 - add this SAML-Attribute to both, the final SAML-Assertion and the
+ * AUTH-Block</li>
+ * <li>2 - add this SAML-Attribute to the AUTH-Block only
+ * </ul>
+ */
+ public int getAddToAUTHBlock();
+
+}
diff --git a/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/api/data/IAuthenticationSession.java b/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/api/data/IAuthenticationSession.java
new file mode 100644
index 000000000..8bffceaed
--- /dev/null
+++ b/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/api/data/IAuthenticationSession.java
@@ -0,0 +1,296 @@
+/*
+ * Copyright 2014 Federal Chancellery Austria
+ * MOA-ID has been developed in a cooperation between BRZ, the Federal
+ * Chancellery Austria - ICT staff unit, and Graz University of Technology.
+ *
+ * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by
+ * the European Commission - subsequent versions of the EUPL (the "Licence");
+ * You may not use this work except in compliance with the Licence.
+ * You may obtain a copy of the Licence at:
+ * http://www.osor.eu/eupl/
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the Licence is distributed on an "AS IS" basis,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the Licence for the specific language governing permissions and
+ * limitations under the Licence.
+ *
+ * This product combines work with different licenses. See the "NOTICE" text
+ * file for details on the various modules and licenses.
+ * The "NOTICE" text file is part of the distribution. Any derivative works
+ * that you distribute must include a readable copy of the "NOTICE" text file.
+ */
+package at.gv.egovernment.moa.id.commons.api.data;
+
+import java.util.Date;
+import java.util.List;
+import java.util.Map;
+
+import at.gv.egovernment.moa.id.commons.api.exceptions.SessionDataStorageException;
+import iaik.x509.X509Certificate;
+
+/**
+ * @author tlenz
+ *
+ */
+public interface IAuthenticationSession {
+
+ boolean isAuthenticated();
+
+ void setAuthenticated(boolean authenticated);
+
+ X509Certificate getSignerCertificate();
+
+ byte[] getEncodedSignerCertificate();
+
+ void setSignerCertificate(X509Certificate signerCertificate);
+
+ /**
+ * Returns the identityLink.
+ *
+ * @return IdentityLink
+ */
+ IIdentityLink getIdentityLink();
+
+ /**
+ * Returns the sessionID.
+ *
+ * @return String
+ */
+ String getSessionID();
+
+ /**
+ * Sets the identityLink.
+ *
+ * @param identityLink
+ * The identityLink to set
+ */
+ void setIdentityLink(IIdentityLink identityLink);
+
+ /**
+ * Sets the sessionID.
+ *
+ * @param sessionId
+ * The sessionID to set
+ */
+ void setSessionID(String sessionId);
+
+ /**
+ * Returns the BKU URL.
+ *
+ * @return String
+ */
+ String getBkuURL();
+
+ /**
+ * Sets the bkuURL
+ *
+ * @param bkuURL
+ * The BKU URL to set
+ */
+ void setBkuURL(String bkuURL);
+
+ /**
+ * Returns the authBlock.
+ *
+ * @return String
+ */
+ String getAuthBlock();
+
+ /**
+ * Sets the authBlock.
+ *
+ * @param authBlock
+ * The authBlock to set
+ */
+ void setAuthBlock(String authBlock);
+
+ /**
+ * Returns the SAML Attributes to be appended to the AUTHBlock. Maybe <code>null</code>.
+ *
+ * @return The SAML Attributes to be appended to the AUTHBlock. Maybe <code>null</code>.
+ */
+ List<ExtendedSAMLAttribute> getExtendedSAMLAttributesAUTH();
+
+ /**
+ * Sets the SAML Attributes to be appended to the AUTHBlock.
+ *
+ * @param extendedSAMLAttributesAUTH
+ * The SAML Attributes to be appended to the AUTHBlock.
+ */
+ void setExtendedSAMLAttributesAUTH(List<ExtendedSAMLAttribute> extendedSAMLAttributesAUTH);
+
+ /**
+ * Returns the SAML Attributes to be appended to the SAML assertion delivered to the online
+ * application. Maybe <code>null</code>.
+ *
+ * @return The SAML Attributes to be appended to the SAML assertion delivered to the online
+ * application
+ */
+ List<ExtendedSAMLAttribute> getExtendedSAMLAttributesOA();
+
+ /**
+ * Sets the SAML Attributes to be appended to the SAML assertion delivered to the online
+ * application.
+ *
+ * @param extendedSAMLAttributesOA
+ * The SAML Attributes to be appended to the SAML assertion delivered to the online
+ * application.
+ */
+ void setExtendedSAMLAttributesOA(List<ExtendedSAMLAttribute> extendedSAMLAttributesOA);
+
+ /**
+ * Returns the boolean value for either a target or a wbPK is provided as SAML Attribute in the
+ * SAML Assertion or not.
+ *
+ * @return true either a target or a wbPK is provided as SAML Attribute in the SAML Assertion or
+ * false if not.
+ */
+ boolean getSAMLAttributeGebeORwbpk();
+
+ /**
+ * Sets the boolean value for either a target or a wbPK is provided as SAML Attribute in the
+ * SAML Assertion or not.
+ *
+ * @param samlAttributeGebeORwbpk
+ * The boolean for value either a target or wbPK is provided as SAML Attribute in the
+ * SAML Assertion or not.
+ */
+ void setSAMLAttributeGebeORwbpk(boolean samlAttributeGebeORwbpk);
+
+ /**
+ * Returns the issuing time of the AUTH-Block SAML assertion.
+ *
+ * @return The issuing time of the AUTH-Block SAML assertion.
+ */
+ String getIssueInstant();
+
+ /**
+ * Sets the issuing time of the AUTH-Block SAML assertion.
+ *
+ * @param issueInstant
+ * The issueInstant to set.
+ */
+ void setIssueInstant(String issueInstant);
+
+ /**
+ *
+ * @param useMandate
+ * indicates if mandate is used or not
+ */
+ void setUseMandate(String useMandate);
+
+ void setUseMandates(boolean useMandates);
+
+ /**
+ * @return
+ */
+ boolean isMandateUsed();
+
+ /**
+ *
+ * @param misSessionID
+ * indicates the MIS session ID
+ */
+ void setMISSessionID(String misSessionID);
+
+ /**
+ * Returns the MIS session ID
+ *
+ * @return
+ */
+ String getMISSessionID();
+
+ /**
+ * @return the mandateReferenceValue
+ */
+ String getMandateReferenceValue();
+
+ /**
+ * @param mandateReferenceValue
+ * the mandateReferenceValue to set
+ */
+ void setMandateReferenceValue(String mandateReferenceValue);
+
+ boolean isForeigner();
+
+ void setForeigner(boolean isForeigner);
+
+ IVerifiyXMLSignatureResponse getXMLVerifySignatureResponse();
+
+ void setXMLVerifySignatureResponse(IVerifiyXMLSignatureResponse xMLVerifySignatureResponse);
+
+ IMISMandate getMISMandate();
+
+ void setMISMandate(IMISMandate mandate);
+
+ /**
+ * @return the isOW
+ */
+ boolean isOW();
+
+ /**
+ * @param isOW
+ * the isOW to set
+ */
+ void setOW(boolean isOW);
+
+ /**
+ * @return the authBlockTokken
+ */
+ String getAuthBlockTokken();
+
+ /**
+ * @param authBlockTokken
+ * the authBlockTokken to set
+ */
+ void setAuthBlockTokken(String authBlockTokken);
+
+ /**
+ * eIDAS QAA level
+ *
+ * @return the qAALevel
+ */
+ String getQAALevel();
+
+ /**
+ * set QAA level in eIDAS form
+ *
+ * @param qAALevel the qAALevel to set
+ */
+ void setQAALevel(String qAALevel);
+
+ /**
+ * @return the sessionCreated
+ */
+ Date getSessionCreated();
+
+ Map<String, Object> getGenericSessionDataStorage();
+
+ /**
+ * Returns a generic session-data object with is stored with a specific identifier
+ *
+ * @param key The specific identifier of the session-data object
+ * @return The session-data object or null if no data is found with this key
+ */
+ Object getGenericDataFromSession(String key);
+
+ /**
+ * Returns a generic session-data object with is stored with a specific identifier
+ *
+ * @param key The specific identifier of the session-data object
+ * @param clazz The class type which is stored with this key
+ * @return The session-data object or null if no data is found with this key
+ */
+ <T> T getGenericDataFromSession(String key, Class<T> clazz);
+
+ /**
+ * Store a generic data-object to session with a specific identifier
+ *
+ * @param key Identifier for this data-object
+ * @param object Generic data-object which should be stored. This data-object had to be implement the 'java.io.Serializable' interface
+ * @throws SessionDataStorageException Error message if the data-object can not stored to generic session-data storage
+ */
+ void setGenericDataToSession(String key, Object object) throws SessionDataStorageException;
+
+} \ No newline at end of file
diff --git a/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/api/data/IIdentityLink.java b/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/api/data/IIdentityLink.java
new file mode 100644
index 000000000..3a0ccd7c9
--- /dev/null
+++ b/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/api/data/IIdentityLink.java
@@ -0,0 +1,175 @@
+/*
+ * Copyright 2014 Federal Chancellery Austria
+ * MOA-ID has been developed in a cooperation between BRZ, the Federal
+ * Chancellery Austria - ICT staff unit, and Graz University of Technology.
+ *
+ * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by
+ * the European Commission - subsequent versions of the EUPL (the "Licence");
+ * You may not use this work except in compliance with the Licence.
+ * You may obtain a copy of the Licence at:
+ * http://www.osor.eu/eupl/
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the Licence is distributed on an "AS IS" basis,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the Licence for the specific language governing permissions and
+ * limitations under the Licence.
+ *
+ * This product combines work with different licenses. See the "NOTICE" text
+ * file for details on the various modules and licenses.
+ * The "NOTICE" text file is part of the distribution. Any derivative works
+ * that you distribute must include a readable copy of the "NOTICE" text file.
+ */
+package at.gv.egovernment.moa.id.commons.api.data;
+
+import java.io.IOException;
+import java.security.PublicKey;
+
+import javax.xml.transform.TransformerException;
+
+import org.w3c.dom.Element;
+
+/**
+ * @author tlenz
+ *
+ */
+public interface IIdentityLink {
+
+ /**
+ * Returns the dateOfBirth.
+ * @return Calendar
+ */
+ String getDateOfBirth();
+
+ /**
+ * Returns the familyName.
+ * @return String
+ */
+ String getFamilyName();
+
+ /**
+ * Returns the givenName.
+ * @return String
+ */
+ String getGivenName();
+
+ /**
+ * Returns the name.
+ * @return The name.
+ */
+ String getName();
+
+ /**
+ * Returns the identificationValue.
+ * <code>"identificationValue"</code> is the translation of <code>"Stammzahl"</code>.
+ * @return String
+ */
+ String getIdentificationValue();
+
+ /**
+ * Returns the identificationType.
+ * <code>"identificationType"</code> type of the identificationValue in the IdentityLink.
+ * @return String
+ */
+ String getIdentificationType();
+
+ /**
+ * Sets the dateOfBirth.
+ * @param dateOfBirth The dateOfBirth to set
+ */
+ void setDateOfBirth(String dateOfBirth);
+
+ /**
+ * Sets the familyName.
+ * @param familyName The familyName to set
+ */
+ void setFamilyName(String familyName);
+
+ /**
+ * Sets the givenName.
+ * @param givenName The givenName to set
+ */
+ void setGivenName(String givenName);
+
+ /**
+ * Sets the identificationValue.
+ * <code>"identificationValue"</code> is the translation of <code>"Stammzahl"</code>.
+ * @param identificationValue The identificationValue to set
+ */
+ void setIdentificationValue(String identificationValue);
+
+ /**
+ * Sets the Type of the identificationValue.
+ * @param identificationType The type of identificationValue to set
+ */
+ void setIdentificationType(String identificationType);
+
+ /**
+ * Returns the samlAssertion.
+ * @return Element
+ */
+ Element getSamlAssertion();
+
+ /**
+ * Returns the samlAssertion.
+ * @return Element
+ */
+ String getSerializedSamlAssertion();
+
+ /**
+ * Sets the samlAssertion and the serializedSamlAssertion.
+ * @param samlAssertion The samlAssertion to set
+ */
+ void setSamlAssertion(Element samlAssertion) throws TransformerException, IOException;
+
+ /**
+ * Returns the dsigReferenceTransforms.
+ * @return Element[]
+ */
+ Element[] getDsigReferenceTransforms();
+
+ /**
+ * Sets the dsigReferenceTransforms.
+ * @param dsigReferenceTransforms The dsigReferenceTransforms to set
+ */
+ void setDsigReferenceTransforms(Element[] dsigReferenceTransforms);
+
+ /**
+ * Returns the publicKey.
+ * @return PublicKey[]
+ */
+ PublicKey[] getPublicKey();
+
+ /**
+ * Sets the publicKey.
+ * @param publicKey The publicKey to set
+ */
+ void setPublicKey(PublicKey[] publicKey);
+
+ /**
+ * Returns the prPerson.
+ * @return Element
+ */
+ Element getPrPerson();
+
+ /**
+ * Sets the prPerson.
+ * @param prPerson The prPerson to set
+ */
+ void setPrPerson(Element prPerson);
+
+ /**
+ * Returns the issuing time of the identity link SAML assertion.
+ *
+ * @return The issuing time of the identity link SAML assertion.
+ */
+ String getIssueInstant();
+
+ /**
+ * Sets the issuing time of the identity link SAML assertion.
+ *
+ * @param issueInstant The issueInstant to set.
+ */
+ void setIssueInstant(String issueInstant);
+
+} \ No newline at end of file
diff --git a/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/logging/LoggingContext.java b/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/api/data/IMISMandate.java
index db4b93a0b..5bf8b9779 100644
--- a/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/logging/LoggingContext.java
+++ b/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/api/data/IMISMandate.java
@@ -1,5 +1,5 @@
/*
- * Copyright 2003 Federal Chancellery Austria
+ * Copyright 2014 Federal Chancellery Austria
* MOA-ID has been developed in a cooperation between BRZ, the Federal
* Chancellery Austria - ICT staff unit, and Graz University of Technology.
*
@@ -20,51 +20,46 @@
* The "NOTICE" text file is part of the distribution. Any derivative works
* that you distribute must include a readable copy of the "NOTICE" text file.
*/
+package at.gv.egovernment.moa.id.commons.api.data;
+import org.w3c.dom.Element;
-package at.gv.egovernment.moa.logging;
+import at.gv.e_government.reference.namespace.mandates._20040701_.Mandate;
/**
- * Encapsulates contextual information (i.e. per request information) for
- * logging purposes.
- *
- * @author Patrick Peck
- * @version $Id$
+ * @author tlenz
+ *
*/
-public class LoggingContext {
- /** The name of the node ID system property. */
- public static final String NODE_ID_PROPERTY = "moa.node-id";
-
- /** The current transaction ID. */
- private String transactionID;
- /** The node ID. */
- private String nodeID;
-
- /**
- * Create a new <code>LoggingContext</code>.
- *
- * @param transactionID The transaction ID. May be <code>null</code>.
- */
- public LoggingContext(String transactionID) {
- this.transactionID = transactionID;
- this.nodeID = System.getProperty(NODE_ID_PROPERTY);
- }
-
- /**
- * Return the transaction ID.
- *
- * @return The transaction ID.
- */
- public String getTransactionID() {
- return transactionID;
- }
-
- /**
- * Return the node ID.
- *
- * @return The node ID.
- */
- public String getNodeID() {
- return nodeID;
- }
-}
+public interface IMISMandate {
+
+ String getProfRep();
+
+ void setProfRep(String oid);
+
+ void setOWbPK(String oWbPK);
+
+ String getOWbPK();
+
+ byte[] getMandate();
+
+ Element getMandateDOM();
+
+ Mandate getMandateJaxB();
+
+ void setMandate(byte[] mandate);
+
+ String getTextualDescriptionOfOID();
+ // /**
+ // * @return the isFullMandateIncluded
+ // */
+ // public boolean isFullMandateIncluded() {
+ // return isFullMandateIncluded;
+ // }
+ // /**
+ // * @param isFullMandateIncluded the isFullMandateIncluded to set
+ // */
+ // public void setFullMandateIncluded(boolean isFullMandateIncluded) {
+ // this.isFullMandateIncluded = isFullMandateIncluded;
+ // }
+
+} \ No newline at end of file
diff --git a/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/api/data/IVerifiyXMLSignatureResponse.java b/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/api/data/IVerifiyXMLSignatureResponse.java
new file mode 100644
index 000000000..08dfcae71
--- /dev/null
+++ b/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/api/data/IVerifiyXMLSignatureResponse.java
@@ -0,0 +1,161 @@
+/*
+ * Copyright 2014 Federal Chancellery Austria
+ * MOA-ID has been developed in a cooperation between BRZ, the Federal
+ * Chancellery Austria - ICT staff unit, and Graz University of Technology.
+ *
+ * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by
+ * the European Commission - subsequent versions of the EUPL (the "Licence");
+ * You may not use this work except in compliance with the Licence.
+ * You may obtain a copy of the Licence at:
+ * http://www.osor.eu/eupl/
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the Licence is distributed on an "AS IS" basis,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the Licence for the specific language governing permissions and
+ * limitations under the Licence.
+ *
+ * This product combines work with different licenses. See the "NOTICE" text
+ * file for details on the various modules and licenses.
+ * The "NOTICE" text file is part of the distribution. Any derivative works
+ * that you distribute must include a readable copy of the "NOTICE" text file.
+ */
+package at.gv.egovernment.moa.id.commons.api.data;
+
+import java.util.Date;
+
+import iaik.x509.X509Certificate;
+
+/**
+ * @author tlenz
+ *
+ */
+public interface IVerifiyXMLSignatureResponse {
+
+ /**
+ * Returns the certificateCheckCode.
+ * @return int
+ */
+ int getCertificateCheckCode();
+
+ /**
+ * Returns the signatureCheckCode.
+ * @return int
+ */
+ int getSignatureCheckCode();
+
+ /**
+ * Returns the xmlDSIGManifestCheckCode.
+ * @return int
+ */
+ int getXmlDSIGManifestCheckCode();
+
+ /**
+ * Returns the xmlDsigSubjectName.
+ * @return String
+ */
+ String getXmlDsigSubjectName();
+
+ /**
+ * Sets the certificateCheckCode.
+ * @param certificateCheckCode The certificateCheckCode to set
+ */
+ void setCertificateCheckCode(int certificateCheckCode);
+
+ /**
+ * Sets the signatureCheckCode.
+ * @param signatureCheckCode The signatureCheckCode to set
+ */
+ void setSignatureCheckCode(int signatureCheckCode);
+
+ /**
+ * Sets the xmlDSIGManifestCheckCode.
+ * @param xmlDSIGManifestCheckCode The xmlDSIGManifestCheckCode to set
+ */
+ void setXmlDSIGManifestCheckCode(int xmlDSIGManifestCheckCode);
+
+ /**
+ * Sets the xmlDsigSubjectName.
+ * @param xmlDsigSubjectName The xmlDsigSubjectName to set
+ */
+ void setXmlDsigSubjectName(String xmlDsigSubjectName);
+
+ /**
+ * Returns the publicAuthorityCode.
+ * @return int
+ */
+ String getPublicAuthorityCode();
+
+ /**
+ * Sets the publicAuthorityCode.
+ * @param publicAuthorityCode The publicAuthorityCode to set
+ */
+ void setPublicAuthorityCode(String publicAuthorityCode);
+
+ /**
+ * Returns the qualifiedCertificate.
+ * @return boolean
+ */
+ boolean isQualifiedCertificate();
+
+ /**
+ * Returns the x509certificate.
+ * @return X509Certificate
+ */
+ X509Certificate getX509certificate();
+
+ /**
+ * Sets the qualifiedCertificate.
+ * @param qualifiedCertificate The qualifiedCertificate to set
+ */
+ void setQualifiedCertificate(boolean qualifiedCertificate);
+
+ /**
+ * Sets the x509certificate.
+ * @param x509certificate The x509certificate to set
+ */
+ void setX509certificate(X509Certificate x509certificate);
+
+ /**
+ * Returns the xmlDSIGManigest.
+ * @return boolean
+ */
+ boolean isXmlDSIGManigest();
+
+ /**
+ * Sets the xmlDSIGManigest.
+ * @param xmlDSIGManigest The xmlDSIGManigest to set
+ */
+ void setXmlDSIGManigest(boolean xmlDSIGManigest);
+
+ /**
+ * Returns the publicAuthority.
+ * @return boolean
+ */
+ boolean isPublicAuthority();
+
+ /**
+ * Sets the publicAuthority.
+ * @param publicAuthority The publicAuthority to set
+ */
+ void setPublicAuthority(boolean publicAuthority);
+
+ /**
+ * Returns the the resulting code of the signature manifest check.
+ *
+ * @return The code of the sigature manifest check.
+ */
+ int getSignatureManifestCheckCode();
+
+ /**
+ * Sets the signatureManifestCode.
+ *
+ * @param signatureManifestCheckCode The signatureManifestCode to set.
+ */
+ void setSignatureManifestCheckCode(int signatureManifestCheckCode);
+
+ Date getSigningDateTime();
+
+ void setSigningDateTime(Date signingDateTime);
+
+} \ No newline at end of file
diff --git a/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/api/exceptions/SessionDataStorageException.java b/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/api/exceptions/SessionDataStorageException.java
index 9414556a2..caff67985 100644
--- a/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/api/exceptions/SessionDataStorageException.java
+++ b/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/api/exceptions/SessionDataStorageException.java
@@ -42,4 +42,13 @@ public class SessionDataStorageException extends MOAIDException {
}
+ /**
+ * @param string
+ * @param object
+ * @param e
+ */
+ public SessionDataStorageException(String string, Object[] object, Throwable e) {
+ super(string, object, e);
+ }
+
}
diff --git a/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/config/ConfigurationMigrationUtils.java b/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/config/ConfigurationMigrationUtils.java
index d80856c1c..b1abcdd06 100644
--- a/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/config/ConfigurationMigrationUtils.java
+++ b/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/config/ConfigurationMigrationUtils.java
@@ -32,6 +32,7 @@ import java.util.Iterator;
import java.util.List;
import java.util.Map;
+import at.gv.egovernment.moa.id.commons.MOAIDConstants;
import at.gv.egovernment.moa.id.commons.db.dao.config.deprecated.AttributeProviderPlugin;
import at.gv.egovernment.moa.id.commons.db.dao.config.deprecated.AuthComponentGeneral;
import at.gv.egovernment.moa.id.commons.db.dao.config.deprecated.AuthComponentOA;
@@ -188,6 +189,10 @@ public class ConfigurationMigrationUtils {
if (MOAIDConfigurationConstants.PREFIX_WPBK.startsWith(split[0]) && split.length >= 2) {
result.put(MOAIDConfigurationConstants.SERVICE_AUTH_TARGET_BUSINESS_TYPE, split[1]);
result.put(MOAIDConfigurationConstants.SERVICE_AUTH_TARGET_BUSINESS_VALUE, split[2]);
+
+ } else if (MOAIDConfigurationConstants.PREFIX_EIDAS.startsWith(split[0]) && split.length >= 2) {
+ result.put(MOAIDConfigurationConstants.SERVICE_AUTH_TARGET_BUSINESS_TYPE, MOAIDConfigurationConstants.IDENIFICATIONTYPE_EIDAS);
+ result.put(MOAIDConfigurationConstants.SERVICE_AUTH_TARGET_BUSINESS_VALUE, split[1] + "+" + split[2]);
} else if (MOAIDConfigurationConstants.PREFIX_STORK.startsWith(split[0]) && split.length >= 2) {
result.put(MOAIDConfigurationConstants.SERVICE_AUTH_TARGET_BUSINESS_TYPE, MOAIDConfigurationConstants.IDENIFICATIONTYPE_STORK);
@@ -362,10 +367,11 @@ public class ConfigurationMigrationUtils {
else
result.put(MOAIDConfigurationConstants.SERVICE_AUTH_STORK_ENABLED, Boolean.FALSE.toString());
- if (config.getQaa() != null)
- result.put(MOAIDConfigurationConstants.SERVICE_AUTH_STORK_MINQAALEVEL, config.getQaa().toString());
+ if (config.geteIDAS_LOA() != null)
+ result.put(MOAIDConfigurationConstants.SERVICE_AUTH_STORK_MINQAALEVEL, config.geteIDAS_LOA());
else
- result.put(MOAIDConfigurationConstants.SERVICE_AUTH_STORK_MINQAALEVEL, "4");
+ result.put(MOAIDConfigurationConstants.SERVICE_AUTH_STORK_MINQAALEVEL,
+ MOAIDConstants.eIDAS_LOA_HIGH);
// fetch vidp config
@@ -773,9 +779,15 @@ public class ConfigurationMigrationUtils {
if (oa.get(MOAIDConfigurationConstants.SERVICE_AUTH_TARGET_BUSINESS_TYPE) != null &&
oa.get(MOAIDConfigurationConstants.SERVICE_AUTH_TARGET_BUSINESS_VALUE) != null) {
- if (oa.get(MOAIDConfigurationConstants.SERVICE_AUTH_TARGET_BUSINESS_TYPE).equals(MOAIDConfigurationConstants.IDENIFICATIONTYPE_STORK)) {
+
+ if (oa.get(MOAIDConfigurationConstants.SERVICE_AUTH_TARGET_BUSINESS_TYPE).equals(MOAIDConfigurationConstants.IDENIFICATIONTYPE_EIDAS)) {
+ idnumber.setValue(MOAIDConfigurationConstants.PREFIX_EIDAS + oa.get(MOAIDConfigurationConstants.SERVICE_AUTH_TARGET_BUSINESS_VALUE));
+ idnumber.setType(MOAIDConfigurationConstants.BUSINESSSERVICENAMES.get(oa.get(MOAIDConfigurationConstants.SERVICE_AUTH_TARGET_BUSINESS_TYPE)));
+
+ } else if (oa.get(MOAIDConfigurationConstants.SERVICE_AUTH_TARGET_BUSINESS_TYPE).equals(MOAIDConfigurationConstants.IDENIFICATIONTYPE_STORK)) {
idnumber.setValue(MOAIDConfigurationConstants.PREFIX_STORK + "AT" + "+" + oa.get(MOAIDConfigurationConstants.SERVICE_AUTH_TARGET_BUSINESS_VALUE));
idnumber.setType(MOAIDConfigurationConstants.BUSINESSSERVICENAMES.get(oa.get(MOAIDConfigurationConstants.SERVICE_AUTH_TARGET_BUSINESS_TYPE)));
+
} else {
idnumber.setValue(MOAIDConfigurationConstants.PREFIX_WPBK + oa.get(MOAIDConfigurationConstants.SERVICE_AUTH_TARGET_BUSINESS_TYPE) + "+" + oa.get(MOAIDConfigurationConstants.SERVICE_AUTH_TARGET_BUSINESS_VALUE));
idnumber.setType(MOAIDConfigurationConstants.BUSINESSSERVICENAMES.get(oa.get(MOAIDConfigurationConstants.SERVICE_AUTH_TARGET_BUSINESS_TYPE)));
@@ -1487,11 +1499,11 @@ public class ConfigurationMigrationUtils {
try {
result.put(MOAIDConfigurationConstants.GENERAL_AUTH_STORK_QAA,
- String.valueOf(stork.getQualityAuthenticationAssuranceLevel()));
+ stork.getGeneral_eIDAS_LOA());
} catch(NullPointerException e) {
result.put(MOAIDConfigurationConstants.GENERAL_AUTH_STORK_QAA,
- String.valueOf(4));
+ MOAIDConstants.eIDAS_LOA_HIGH);
}
}
@@ -1735,6 +1747,12 @@ public class ConfigurationMigrationUtils {
}
+ //set eIDAS default LoA from general configuration
+ String eIDASDefaultLOA = moaconfig.get(MOAIDConfigurationConstants.GENERAL_AUTH_STORK_QAA);
+ if (MiscUtil.isNotEmpty(eIDASDefaultLOA))
+ stork.setGeneral_eIDAS_LOA(eIDASDefaultLOA);
+
+
Map<String, StorkAttribute> attrMap = new HashMap<String, StorkAttribute>();
Map<String, CPEPS> cpepsMap = new HashMap<String, CPEPS>();
diff --git a/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/config/SpringProfileConstants.java b/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/config/SpringProfileConstants.java
new file mode 100644
index 000000000..14824b1f8
--- /dev/null
+++ b/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/config/SpringProfileConstants.java
@@ -0,0 +1,8 @@
+package at.gv.egovernment.moa.id.commons.config;
+
+public final class SpringProfileConstants {
+
+ public static final String ADVANCED_LOG = "advancedLogOn";
+ public static final String REDIS_BACKEND = "redisBackend";
+ public static final String DB_BACKEND = "dbBackend";
+}
diff --git a/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/db/MOASessionDBUtils.java b/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/db/MOASessionDBUtils.java
deleted file mode 100644
index ecb13ef34..000000000
--- a/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/db/MOASessionDBUtils.java
+++ /dev/null
@@ -1,192 +0,0 @@
-/*******************************************************************************
- * Copyright 2014 Federal Chancellery Austria
- * MOA-ID has been developed in a cooperation between BRZ, the Federal
- * Chancellery Austria - ICT staff unit, and Graz University of Technology.
- *
- * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by
- * the European Commission - subsequent versions of the EUPL (the "Licence");
- * You may not use this work except in compliance with the Licence.
- * You may obtain a copy of the Licence at:
- * http://www.osor.eu/eupl/
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the Licence is distributed on an "AS IS" basis,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the Licence for the specific language governing permissions and
- * limitations under the Licence.
- *
- * This product combines work with different licenses. See the "NOTICE" text
- * file for details on the various modules and licenses.
- * The "NOTICE" text file is part of the distribution. Any derivative works
- * that you distribute must include a readable copy of the "NOTICE" text file.
- *******************************************************************************/
-package at.gv.egovernment.moa.id.commons.db;
-
-import java.util.Properties;
-
-import org.apache.commons.lang3.StringUtils;
-import org.hibernate.HibernateException;
-import org.hibernate.Session;
-import org.hibernate.SessionFactory;
-import org.hibernate.Transaction;
-import org.hibernate.boot.registry.StandardServiceRegistryBuilder;
-import org.hibernate.cfg.Configuration;
-import org.hibernate.service.ServiceRegistry;
-
-import at.gv.egovernment.moa.id.commons.db.ex.MOADatabaseException;
-import at.gv.egovernment.moa.logging.Logger;
-
-public final class MOASessionDBUtils {
-
- private static SessionFactory sessionFactory;
- private static ServiceRegistry serviceRegistry;
-
- @SuppressWarnings("rawtypes")
- private static final ThreadLocal THREAD_LOCAL = new ThreadLocal();
- private static boolean automaticSessionHandling = false;
-
- private static final String[] AUTOMATIC_SESSION_HANDLING_VALUES = new String[] { "jta", "thread" };
- private static final String SESSION_HANDLING_KEY = "hibernate.current_session_context_class";
-
- protected MOASessionDBUtils() { }
-
- public static void initHibernate(Configuration config, Properties hibernateProperties) {
-
- String scm = StringUtils.trimToNull(hibernateProperties.getProperty(SESSION_HANDLING_KEY));
- if (scm != null) {
- automaticSessionHandling = scm.indexOf(AUTOMATIC_SESSION_HANDLING_VALUES[0]) != -1 || scm.indexOf(AUTOMATIC_SESSION_HANDLING_VALUES[1]) != -1;
- }
- Logger.debug("Evaluating hibernate property \"" + SESSION_HANDLING_KEY + "\".");
- if (automaticSessionHandling) {
- Logger.info("Hibernate is automatically handling session context management.");
- } else {
- Logger.info("Hibernate is NOT automatically handling session context management. Using build-in ThreadLocal session handling.");
- }
- try {
- //Create the SessionFactory
- Logger.debug("Creating initial MOASession session factory...");
-
- config.configure("hibernate_moasession.cfg.xml");
- //serviceRegistry = new ServiceRegistryBuilder().applySettings(config.getProperties()).buildServiceRegistry();
-
- serviceRegistry = new StandardServiceRegistryBuilder().
- applySettings(config.getProperties()).build();
-
- sessionFactory = config.buildSessionFactory(serviceRegistry);
- Logger.debug("Initial MOASession session factory successfully created.");
-
- } catch (Throwable ex) {
- Logger.error("Initial MOASession session factory creation failed: " + ex.getMessage());
- throw new ExceptionInInitializerError(ex);
- }
- }
-
- /**
- * Checks if a session factory is currently available. If necessary a new
- * session factory is created.
- *
- * @return current (or new) session factory
- * @throws HibernateException
- * thrown if a hibernate error occurs
- */
- public static Session getCurrentSession() {
- if (automaticSessionHandling) {
- return sessionFactory.getCurrentSession();
- }
- Session session = (Session) THREAD_LOCAL.get();
- // Open a new Session, if this Thread has none yet
- if (session == null || !session.isConnected()) {
- session = getNewSession();
- }
- return session;
- }
-
- @SuppressWarnings("unchecked")
- public static Session getNewSession() {
- if (automaticSessionHandling) {
- Logger.warn("Session is being automatically handled by hibernate. Therefore this session maybe not being newly created. Use HibernateUtil.getCurrentSession() instead.");
- return sessionFactory.getCurrentSession();
- }
- Session session = (Session) THREAD_LOCAL.get();
- if (session != null) {
- Logger.warn("Previous MOASession session has not been closed; closing session now.");
- closeSession();
- }
- Logger.debug("Opening new MOASession hibernate session...");
- try {
- session = sessionFactory.openSession();
- THREAD_LOCAL.set(session);
- } catch (HibernateException hex) {
- Logger.error(hex.getMessage());
- }
- return session;
- }
-
- /**
- * Closes the current session.
- *
- * @throws HibernateException
- * thrown if session is already closed or a hibernate error
- * occurs.
- */
- @SuppressWarnings("unchecked")
- public static void closeSession() {
- if (automaticSessionHandling) {
- Logger.warn("Session is being automatically handled by hibernate. Therefore the current session cannot be closed on demand.");
- return;
- }
- Logger.debug("Closing current MOASession hibernate session...");
- Session session = (Session) THREAD_LOCAL.get();
- THREAD_LOCAL.set(null);
- if (session != null) {
- try {
- session.close();
-
- } catch (HibernateException hex) {
- Logger.error(hex.getMessage());
- }
- }
- }
-
- public static boolean saveOrUpdate(Object dbo) throws MOADatabaseException {
- Transaction tx = null;
- try {
- Session session = MOASessionDBUtils.getCurrentSession();
-
- synchronized (session) {
- tx = session.beginTransaction();
- session.saveOrUpdate(dbo);
- tx.commit();
- }
- return true;
-
- } catch(HibernateException e) {
- Logger.warn("Error during MOASession database saveOrUpdate. Rollback.", e);
- if (tx != null)
- tx.rollback();
- throw new MOADatabaseException(e);
- }
- }
-
- public static boolean delete(Object dbo) {
- Transaction tx = null;
- try {
- Session session = MOASessionDBUtils.getCurrentSession();
-
- synchronized (session) {
- tx = session.beginTransaction();
- session.delete(dbo);
- tx.commit();
- }
-
- return true;
-
- } catch(HibernateException e) {
- Logger.warn("Error during MOASession database delete. Rollback.", e);
- if (tx != null)
- tx.rollback();
- return false;
- }
- }
-
-}
diff --git a/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/db/NewConfigurationDBRead.java b/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/db/NewConfigurationDBRead.java
index e2f793edf..3928cf8c0 100644
--- a/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/db/NewConfigurationDBRead.java
+++ b/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/db/NewConfigurationDBRead.java
@@ -6,6 +6,7 @@ import java.util.List;
import java.util.Map;
import org.springframework.beans.factory.annotation.Autowired;
+import org.springframework.transaction.annotation.Transactional;
import at.gv.egiz.components.configuration.api.ConfigurationException;
import at.gv.egovernment.moa.id.commons.config.ConfigurationMigrationUtils;
@@ -39,6 +40,7 @@ public class NewConfigurationDBRead {
}
+ @Transactional
public Map<String, String> getOnlineApplicationKeyValueWithId(String id, boolean backupVersion) {
try {
if (backupVersion)
@@ -57,6 +59,7 @@ public class NewConfigurationDBRead {
*
* @return
*/
+ @Transactional
public List<OnlineApplication> getAllOnlineApplications() {
Logger.trace("Get All OnlineApplications from database.");
@@ -113,6 +116,7 @@ public class NewConfigurationDBRead {
*
* @return
*/
+ @Transactional
public List<OnlineApplication> getAllNewOnlineApplications() {
Logger.trace("Get All New OnlineApplications from database.");
@@ -139,6 +143,7 @@ public class NewConfigurationDBRead {
*
* @return
*/
+ @Transactional
public at.gv.egovernment.moa.id.commons.db.dao.config.deprecated.MOAIDConfiguration getMOAIDConfiguration() {
Logger.trace("Load MOAID Configuration from database.");
Map<String, String> generalConfig;
@@ -168,6 +173,7 @@ public class NewConfigurationDBRead {
*
* @return
*/
+ @Transactional
public List<OnlineApplication> getAllActiveOnlineApplications() {
Logger.trace("Get All New OnlineApplications from database.");
@@ -195,6 +201,7 @@ public class NewConfigurationDBRead {
* @param id
* @return
*/
+ @Transactional
public OnlineApplication getActiveOnlineApplication(String id) {
Logger.trace("Getting Active OnlineApplication with ID " + id + " from database.");
@@ -226,6 +233,7 @@ public class NewConfigurationDBRead {
* @param dbid
* @return
*/
+ @Transactional
public OnlineApplication getOnlineApplication(long dbid) {
Logger.trace("Getting OnlineApplication with DBID " + dbid + " from database.");
@@ -248,6 +256,7 @@ public class NewConfigurationDBRead {
* @param id
* @return
*/
+ @Transactional
public List<OnlineApplication> getOnlineApplications(String id) {
Logger.trace("Getting OnlineApplication with ID " + id + " from database.");
@@ -273,6 +282,7 @@ public class NewConfigurationDBRead {
* @param id
* @return
*/
+ @Transactional
public OnlineApplication getOnlineApplication(String id) {
Logger.trace("Getting OnlineApplication with ID " + id + " from database.");
@@ -297,6 +307,7 @@ public class NewConfigurationDBRead {
* @param id
* @return
*/
+ @Transactional
public List<OnlineApplication> searchOnlineApplications(String id) {
Logger.trace("Getting OnlineApplication with ID " + id + " from database.");
diff --git a/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/db/StatisticLogDBUtils.java b/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/db/StatisticLogDBUtils.java
deleted file mode 100644
index 7e031cc76..000000000
--- a/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/db/StatisticLogDBUtils.java
+++ /dev/null
@@ -1,192 +0,0 @@
-/*******************************************************************************
- * Copyright 2014 Federal Chancellery Austria
- * MOA-ID has been developed in a cooperation between BRZ, the Federal
- * Chancellery Austria - ICT staff unit, and Graz University of Technology.
- *
- * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by
- * the European Commission - subsequent versions of the EUPL (the "Licence");
- * You may not use this work except in compliance with the Licence.
- * You may obtain a copy of the Licence at:
- * http://www.osor.eu/eupl/
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the Licence is distributed on an "AS IS" basis,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the Licence for the specific language governing permissions and
- * limitations under the Licence.
- *
- * This product combines work with different licenses. See the "NOTICE" text
- * file for details on the various modules and licenses.
- * The "NOTICE" text file is part of the distribution. Any derivative works
- * that you distribute must include a readable copy of the "NOTICE" text file.
- *******************************************************************************/
-package at.gv.egovernment.moa.id.commons.db;
-
-import java.util.Properties;
-
-import org.apache.commons.lang3.StringUtils;
-import org.hibernate.HibernateException;
-import org.hibernate.Session;
-import org.hibernate.SessionFactory;
-import org.hibernate.Transaction;
-import org.hibernate.boot.registry.StandardServiceRegistryBuilder;
-import org.hibernate.cfg.Configuration;
-import org.hibernate.service.ServiceRegistry;
-
-import at.gv.egovernment.moa.id.commons.db.ex.MOADatabaseException;
-import at.gv.egovernment.moa.logging.Logger;
-
-public final class StatisticLogDBUtils {
-
- private static SessionFactory sessionFactory;
- private static ServiceRegistry serviceRegistry;
-
- @SuppressWarnings("rawtypes")
- private static final ThreadLocal THREAD_LOCAL_STATISTIC = new ThreadLocal();
- private static boolean automaticSessionHandling = false;
-
- private static final String[] AUTOMATIC_SESSION_HANDLING_VALUES = new String[] { "jta", "thread" };
- private static final String SESSION_HANDLING_KEY = "hibernate.current_session_context_class";
-
- protected StatisticLogDBUtils() { }
-
- public static void initHibernate(Configuration config, Properties hibernateProperties) {
-
- String scm = StringUtils.trimToNull(hibernateProperties.getProperty(SESSION_HANDLING_KEY));
- if (scm != null) {
- automaticSessionHandling = scm.indexOf(AUTOMATIC_SESSION_HANDLING_VALUES[0]) != -1 || scm.indexOf(AUTOMATIC_SESSION_HANDLING_VALUES[1]) != -1;
- }
- Logger.debug("Evaluating hibernate property \"" + SESSION_HANDLING_KEY + "\".");
- if (automaticSessionHandling) {
- Logger.info("Hibernate is automatically handling session context management.");
- } else {
- Logger.info("Hibernate is NOT automatically handling session context management. Using build-in ThreadLocal session handling.");
- }
- try {
- //Create the SessionFactory
- Logger.debug("Creating initial StatisicLogger session factory...");
-
- config.configure("hibernate_statistic.cfg.xml");
- //serviceRegistry = new ServiceRegistryBuilder().applySettings(config.getProperties()).buildServiceRegistry();
-
- serviceRegistry = new StandardServiceRegistryBuilder().
- applySettings(config.getProperties()).build();
-
- sessionFactory = config.buildSessionFactory(serviceRegistry);
- Logger.debug("Initial StatisicLogger session factory successfully created.");
-
- } catch (Throwable ex) {
- Logger.error("Initial StatisicLogger session factory creation failed: " + ex.getMessage());
- throw new ExceptionInInitializerError(ex);
- }
- }
-
- /**
- * Checks if a session factory is currently available. If necessary a new
- * session factory is created.
- *
- * @return current (or new) session factory
- * @throws HibernateException
- * thrown if a hibernate error occurs
- */
- public static Session getCurrentSession() {
- if (automaticSessionHandling) {
- return sessionFactory.getCurrentSession();
- }
- Session session = (Session) THREAD_LOCAL_STATISTIC.get();
- // Open a new Session, if this Thread has none yet
- if (session == null || !session.isConnected()) {
- session = getNewSession();
- }
- return session;
- }
-
- @SuppressWarnings("unchecked")
- public static Session getNewSession() {
- if (automaticSessionHandling) {
- Logger.warn("Session is being automatically handled by hibernate. Therefore this session maybe not being newly created. Use HibernateUtil.getCurrentSession() instead.");
- return sessionFactory.getCurrentSession();
- }
- Session session = (Session) THREAD_LOCAL_STATISTIC.get();
- if (session != null) {
- Logger.warn("Previous StatisicLogger session has not been closed; closing session now.");
- closeSession();
- }
- Logger.debug("Opening new StatisicLogger hibernate session...");
- try {
- session = sessionFactory.openSession();
- THREAD_LOCAL_STATISTIC.set(session);
- } catch (HibernateException hex) {
- Logger.error(hex.getMessage());
- }
- return session;
- }
-
- /**
- * Closes the current session.
- *
- * @throws HibernateException
- * thrown if session is already closed or a hibernate error
- * occurs.
- */
- @SuppressWarnings("unchecked")
- public static void closeSession() {
- if (automaticSessionHandling) {
- Logger.warn("Session is being automatically handled by hibernate. Therefore the current session cannot be closed on demand.");
- return;
- }
- Logger.debug("Closing current StatisicLogger hibernate session...");
- Session session = (Session) THREAD_LOCAL_STATISTIC.get();
- THREAD_LOCAL_STATISTIC.set(null);
- if (session != null) {
- try {
- session.close();
-
- } catch (HibernateException hex) {
- Logger.error(hex.getMessage());
- }
- }
- }
-
- public static boolean saveOrUpdate(Object dbo) throws MOADatabaseException {
- Transaction tx = null;
- try {
- Session session = StatisticLogDBUtils.getCurrentSession();
-
- synchronized (session) {
- tx = session.beginTransaction();
- session.saveOrUpdate(dbo);
- tx.commit();
- }
-
- Logger.info("Insert advanced statistic log entry into database");
- return true;
-
- } catch(HibernateException e) {
- Logger.warn("Error during StatisicLogger database saveOrUpdate. Rollback.", e);
- tx.rollback();
- throw new MOADatabaseException(e);
- }
- }
-
- public static boolean delete(Object dbo) {
- Transaction tx = null;
- try {
- Session session = StatisticLogDBUtils.getCurrentSession();
-
- synchronized (session) {
- tx = session.beginTransaction();
- session.delete(dbo);
- tx.commit();
- }
-
- return true;
-
- } catch(HibernateException e) {
- Logger.warn("Error during StatisicLogger database delete. Rollback.", e);
- tx.rollback();
- return false;
- }
- }
-
-}
diff --git a/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/db/dao/config/deprecated/OASTORK.java b/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/db/dao/config/deprecated/OASTORK.java
index 397fd828b..0f76c4e63 100644
--- a/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/db/dao/config/deprecated/OASTORK.java
+++ b/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/db/dao/config/deprecated/OASTORK.java
@@ -11,29 +11,21 @@ package at.gv.egovernment.moa.id.commons.db.dao.config.deprecated;
import java.io.Serializable;
import java.util.ArrayList;
import java.util.List;
-import javax.persistence.Basic;
+
import javax.persistence.CascadeType;
-import javax.persistence.Column;
-import javax.persistence.Entity;
-import javax.persistence.GeneratedValue;
-import javax.persistence.GenerationType;
-import javax.persistence.Id;
-import javax.persistence.Inheritance;
-import javax.persistence.InheritanceType;
-import javax.persistence.JoinColumn;
import javax.persistence.JoinTable;
import javax.persistence.ManyToMany;
import javax.persistence.OneToMany;
-import javax.persistence.Table;
import javax.xml.bind.annotation.XmlAccessType;
import javax.xml.bind.annotation.XmlAccessorType;
import javax.xml.bind.annotation.XmlAttribute;
import javax.xml.bind.annotation.XmlElement;
import javax.xml.bind.annotation.XmlRootElement;
import javax.xml.bind.annotation.XmlSchemaType;
+import javax.xml.bind.annotation.XmlTransient;
import javax.xml.bind.annotation.XmlType;
import javax.xml.bind.annotation.adapters.XmlJavaTypeAdapter;
-import com.sun.tools.xjc.runtime.ZeroOneBooleanAdapter;
+
import org.jvnet.jaxb2_commons.lang.Equals;
import org.jvnet.jaxb2_commons.lang.EqualsStrategy;
import org.jvnet.jaxb2_commons.lang.HashCode;
@@ -43,6 +35,8 @@ import org.jvnet.jaxb2_commons.lang.JAXBHashCodeStrategy;
import org.jvnet.jaxb2_commons.locator.ObjectLocator;
import org.jvnet.jaxb2_commons.locator.util.LocatorUtils;
+import com.sun.tools.xjc.runtime.ZeroOneBooleanAdapter;
+
/**
* <p>Java class for anonymous complex type.
@@ -110,6 +104,9 @@ public class OASTORK
@XmlAttribute(name = "Hjid")
protected Long hjid;
+ @XmlTransient
+ protected String eIDAS_LOA = null;
+
/**
* Gets the value of the storkLogonEnabled property.
*
@@ -162,7 +159,23 @@ public class OASTORK
this.qaa = value;
}
+
+
/**
+ * @return the eIDAS_LOA
+ */
+ public String geteIDAS_LOA() {
+ return eIDAS_LOA;
+ }
+
+ /**
+ * @param eIDAS_LOA the eIDAS_LOA to set
+ */
+ public void seteIDAS_LOA(String eIDAS_LOA) {
+ this.eIDAS_LOA = eIDAS_LOA;
+ }
+
+ /**
* Gets the value of the oaAttributes property.
*
* <p>
diff --git a/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/db/dao/config/deprecated/STORK.java b/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/db/dao/config/deprecated/STORK.java
index 59b300e95..bcd159702 100644
--- a/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/db/dao/config/deprecated/STORK.java
+++ b/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/db/dao/config/deprecated/STORK.java
@@ -11,25 +11,18 @@ package at.gv.egovernment.moa.id.commons.db.dao.config.deprecated;
import java.io.Serializable;
import java.util.ArrayList;
import java.util.List;
-import javax.persistence.Basic;
+
import javax.persistence.CascadeType;
-import javax.persistence.Column;
-import javax.persistence.Entity;
-import javax.persistence.GeneratedValue;
-import javax.persistence.GenerationType;
-import javax.persistence.Id;
-import javax.persistence.Inheritance;
-import javax.persistence.InheritanceType;
-import javax.persistence.JoinColumn;
import javax.persistence.ManyToOne;
import javax.persistence.OneToMany;
-import javax.persistence.Table;
import javax.xml.bind.annotation.XmlAccessType;
import javax.xml.bind.annotation.XmlAccessorType;
import javax.xml.bind.annotation.XmlAttribute;
import javax.xml.bind.annotation.XmlElement;
import javax.xml.bind.annotation.XmlRootElement;
+import javax.xml.bind.annotation.XmlTransient;
import javax.xml.bind.annotation.XmlType;
+
import org.jvnet.jaxb2_commons.lang.Equals;
import org.jvnet.jaxb2_commons.lang.EqualsStrategy;
import org.jvnet.jaxb2_commons.lang.HashCode;
@@ -94,6 +87,9 @@ public class STORK
@XmlAttribute(name = "Hjid")
protected Long hjid;
+ @XmlTransient
+ protected String general_eIDAS_LOA = null;
+
/**
* Gets the value of the cpeps property.
*
@@ -257,7 +253,21 @@ public class STORK
this.hjid = value;
}
- public boolean equals(ObjectLocator thisLocator, ObjectLocator thatLocator, Object object, EqualsStrategy strategy) {
+ /**
+ * @return the general_eIDAS_LOA
+ */
+ public String getGeneral_eIDAS_LOA() {
+ return general_eIDAS_LOA;
+ }
+
+ /**
+ * @param general_eIDAS_LOA the general_eIDAS_LOA to set
+ */
+ public void setGeneral_eIDAS_LOA(String general_eIDAS_LOA) {
+ this.general_eIDAS_LOA = general_eIDAS_LOA;
+ }
+
+ public boolean equals(ObjectLocator thisLocator, ObjectLocator thatLocator, Object object, EqualsStrategy strategy) {
if (!(object instanceof STORK)) {
return false;
}
diff --git a/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/db/dao/session/AssertionStore.java b/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/db/dao/session/AssertionStore.java
index 46683a928..4c6cd16c0 100644
--- a/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/db/dao/session/AssertionStore.java
+++ b/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/db/dao/session/AssertionStore.java
@@ -37,6 +37,8 @@ import javax.persistence.Table;
import org.hibernate.annotations.DynamicUpdate;
+import com.fasterxml.jackson.annotation.JsonCreator;
+
@Entity
@@ -48,11 +50,22 @@ import org.hibernate.annotations.DynamicUpdate;
})
public class AssertionStore implements Serializable{
+ /**
+ *
+ */
+ private static final long serialVersionUID = 2804964892915004185L;
+
+
+
+ @JsonCreator
+ public AssertionStore(){
+
+ }
+
- private static final long serialVersionUID = 1L;
@Id
- @GeneratedValue(strategy = GenerationType.AUTO)
+ @GeneratedValue(strategy = GenerationType.AUTO)
@Column(name = "id", unique=true, nullable=false)
private long id;
diff --git a/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/db/dao/session/AuthenticatedSessionStore.java b/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/db/dao/session/AuthenticatedSessionStore.java
index 128dd79df..eeaf03544 100644
--- a/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/db/dao/session/AuthenticatedSessionStore.java
+++ b/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/db/dao/session/AuthenticatedSessionStore.java
@@ -59,7 +59,9 @@ import org.hibernate.annotations.DynamicUpdate;
@NamedQuery(name="getMOASessionWithNameIDandOAID", query = "select authenticatedsessionstore from AuthenticatedSessionStore authenticatedsessionstore join fetch authenticatedsessionstore.activeOAsessions activeOAsessions where activeOAsessions.oaurlprefix = :oaID and activeOAsessions.userNameID = :nameID"),
@NamedQuery(name="getInterfederatedIDPForAttributeQueryWithSessionID", query = "select authenticatedsessionstore from AuthenticatedSessionStore authenticatedsessionstore join fetch authenticatedsessionstore.inderfederation inderfederations where inderfederations.attributesRequested is false and authenticatedsessionstore.sessionid = :sessionID"),
@NamedQuery(name="getInterfederatedIDPForSSOWithSessionID", query = "select authenticatedsessionstore from AuthenticatedSessionStore authenticatedsessionstore join fetch authenticatedsessionstore.inderfederation inderfederations where inderfederations.attributesRequested is true and inderfederations.storeSSOInformation is true and authenticatedsessionstore.sessionid = :sessionID order by inderfederations.QAALevel DESC"),
- @NamedQuery(name="getInterfederatedIDPForSSOWithSessionIDIDPID", query = "select authenticatedsessionstore from AuthenticatedSessionStore authenticatedsessionstore join fetch authenticatedsessionstore.inderfederation inderfederations where inderfederations.attributesRequested is true and authenticatedsessionstore.sessionid = :sessionID and inderfederations.idpurlprefix = :idpID")
+ @NamedQuery(name="getInterfederatedIDPForSSOWithSessionIDIDPID", query = "select authenticatedsessionstore from AuthenticatedSessionStore authenticatedsessionstore join fetch authenticatedsessionstore.inderfederation inderfederations where inderfederations.attributesRequested is true and authenticatedsessionstore.sessionid = :sessionID and inderfederations.idpurlprefix = :idpID"),
+ @NamedQuery(name="getAllActiveOAsForSessionID", query = "select activeOAsessions from AuthenticatedSessionStore authenticatedsessionstore join authenticatedsessionstore.activeOAsessions activeOAsessions where authenticatedsessionstore.sessionid = :sessionID "),
+ @NamedQuery(name="getAllActiveIDPsForSessionID", query = "select inderfederation from AuthenticatedSessionStore authenticatedsessionstore join authenticatedsessionstore.inderfederation inderfederation where authenticatedsessionstore.sessionid = :sessionID ")
})
public class AuthenticatedSessionStore implements Serializable{
diff --git a/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/db/dao/statistic/StatisticLog.java b/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/db/dao/statistic/StatisticLog.java
index 97f26812f..ba48f8caf 100644
--- a/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/db/dao/statistic/StatisticLog.java
+++ b/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/db/dao/statistic/StatisticLog.java
@@ -39,7 +39,7 @@ import org.hibernate.annotations.DynamicUpdate;
@Entity
-@DynamicUpdate(value=true)
+//@DynamicUpdate(value=true)
@Table(name = "statisticlog")
@NamedQueries({
@NamedQuery(name="getAllEntriesNotBeforeTimeStamp", query = "select statisiclog from StatisticLog statisiclog where statisiclog.timestamp > :timeout")
diff --git a/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/utils/MOAHttpProtocolSocketFactory.java b/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/utils/MOAHttpProtocolSocketFactory.java
index 2ade63c1c..84743b8c7 100644
--- a/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/utils/MOAHttpProtocolSocketFactory.java
+++ b/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/utils/MOAHttpProtocolSocketFactory.java
@@ -22,24 +22,25 @@
*/
package at.gv.egovernment.moa.id.commons.utils;
-import iaik.pki.PKIException;
-
import java.io.IOException;
import java.net.InetAddress;
import java.net.Socket;
import java.net.UnknownHostException;
import java.security.GeneralSecurityException;
-import javax.net.ssl.SSLContext;
+import javax.net.ssl.SSLSocket;
import javax.net.ssl.SSLSocketFactory;
import org.apache.commons.httpclient.ConnectTimeoutException;
import org.apache.commons.httpclient.params.HttpConnectionParams;
import org.apache.commons.httpclient.protocol.SecureProtocolSocketFactory;
+import org.apache.commons.lang3.StringUtils;
import at.gv.egovernment.moa.id.commons.ex.MOAHttpProtocolSocketFactoryException;
import at.gv.egovernment.moa.id.commons.utils.ssl.SSLConfigurationException;
-import at.gv.egovernment.moa.id.commons.utils.ssl.SSLUtils;
+import at.gv.egovernment.moa.util.MiscUtil;
+import at.gv.egovernment.moaspss.logging.Logger;
+import iaik.pki.PKIException;
/**
* @author tlenz
@@ -53,22 +54,47 @@ public class MOAHttpProtocolSocketFactory implements SecureProtocolSocketFactory
public MOAHttpProtocolSocketFactory (
String url,
- String certStoreRootDirParam,
String trustStoreURL,
String acceptedServerCertURL,
String chainingMode,
- boolean checkRevocation
- ) throws MOAHttpProtocolSocketFactoryException {
- super();
+ boolean checkRevocation,
+ String[] revocationMethodOrder) throws MOAHttpProtocolSocketFactoryException {
+ internalInitialize(url, null, trustStoreURL, acceptedServerCertURL, chainingMode, checkRevocation, revocationMethodOrder);
+ }
+
+ /**
+ * @param string
+ * @param certStoreDirectory
+ * @param trustStoreDirectory
+ * @param object
+ * @param string2
+ * @param b
+ * @param strings
+ */
+ public MOAHttpProtocolSocketFactory(String url, String certStoreDirectory, String trustStoreURL,
+ String acceptedServerCertURL,
+ String chainingMode,
+ boolean checkRevocation,
+ String[] revocationMethodOrder) throws MOAHttpProtocolSocketFactoryException {
+ internalInitialize(url, certStoreDirectory, trustStoreURL, acceptedServerCertURL, chainingMode, checkRevocation, revocationMethodOrder);
+
+ }
+
+ private void internalInitialize(String url, String certStoreDirectory, String trustStoreURL,
+ String acceptedServerCertURL,
+ String chainingMode,
+ boolean checkRevocation,
+ String[] revocationMethodOrder) throws MOAHttpProtocolSocketFactoryException {
try {
- this.sslfactory = SSLUtils.getSSLSocketFactory(
+ this.sslfactory = at.gv.egovernment.moa.id.commons.utils.ssl.SSLUtils.getSSLSocketFactory(
url,
- certStoreRootDirParam,
+ certStoreDirectory,
trustStoreURL,
acceptedServerCertURL,
chainingMode,
- checkRevocation,
+ checkRevocation,
+ revocationMethodOrder,
null,
null,
null);
@@ -86,7 +112,7 @@ public class MOAHttpProtocolSocketFactory implements SecureProtocolSocketFactory
throw new MOAHttpProtocolSocketFactoryException("Initialize SSL Context FAILED", e);
}
-
+
}
/* (non-Javadoc)
@@ -94,8 +120,8 @@ public class MOAHttpProtocolSocketFactory implements SecureProtocolSocketFactory
*/
public Socket createSocket(String host, int port, InetAddress localAddress,
int localPort) throws IOException, UnknownHostException {
- return this.sslfactory.createSocket(host, port,
- localAddress, localPort);
+ return setEnabledSslCiphers(this.sslfactory.createSocket(host, port,
+ localAddress, localPort));
}
/* (non-Javadoc)
@@ -104,8 +130,8 @@ public class MOAHttpProtocolSocketFactory implements SecureProtocolSocketFactory
public Socket createSocket(String host, int port, InetAddress localAddress,
int localPort, HttpConnectionParams params) throws IOException,
UnknownHostException, ConnectTimeoutException {
- return this.sslfactory.createSocket(host, port,
- localAddress, localPort);
+ return setEnabledSslCiphers(this.sslfactory.createSocket(host, port,
+ localAddress, localPort));
}
/* (non-Javadoc)
@@ -113,16 +139,40 @@ public class MOAHttpProtocolSocketFactory implements SecureProtocolSocketFactory
*/
public Socket createSocket(String host, int port) throws IOException,
UnknownHostException {
- return this.sslfactory.createSocket(host, port);
+ return setEnabledSslCiphers(this.sslfactory.createSocket(host, port));
}
-
+
/* (non-Javadoc)
* @see org.apache.commons.httpclient.protocol.SecureProtocolSocketFactory#createSocket(java.net.Socket, java.lang.String, int, boolean)
*/
public Socket createSocket(Socket socket, String host, int port,
boolean autoClose) throws IOException, UnknownHostException {
- return this.sslfactory.createSocket(socket, host,
- port, autoClose);
+ return setEnabledSslCiphers(this.sslfactory.createSocket(socket, host,
+ port, autoClose));
}
+ /**
+ * Enable only a specific subset of TLS cipher suites
+ * This subset can be set by 'https.cipherSuites' SystemProperty (z.B. -Dhttps.cipherSuites=...)
+ *
+ * @param sslSocket {@link SSLSocket}
+ * @return {@link SSLSocket} with Ciphersuites
+ */
+ private Socket setEnabledSslCiphers(Socket sslSocket) {
+ if (sslSocket instanceof SSLSocket) {
+ String systemProp = System.getProperty("https.cipherSuites");
+ if (MiscUtil.isNotEmpty(systemProp)) {
+ ((SSLSocket) sslSocket).setEnabledCipherSuites(systemProp.split(","));
+
+ }
+
+ try {
+ Logger.trace("Enabled SSL-Cipher: " + StringUtils.join(((SSLSocket) sslSocket).getEnabledCipherSuites(), ","));
+ } catch (Exception e) {
+ Logger.error(e);
+ }
+ }
+
+ return sslSocket;
+ }
}
diff --git a/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/utils/ssl/CertStoreConfigurationImpl.java b/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/utils/ssl/CertStoreConfigurationImpl.java
index 00e750f58..d65cea08c 100644
--- a/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/utils/ssl/CertStoreConfigurationImpl.java
+++ b/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/utils/ssl/CertStoreConfigurationImpl.java
@@ -46,14 +46,16 @@
package at.gv.egovernment.moa.id.commons.utils.ssl;
+import java.io.File;
+import java.util.Collections;
+import java.util.Set;
+
import at.gv.egovernment.moa.logging.Logger;
import iaik.pki.store.certstore.CertStoreConfiguration;
import iaik.pki.store.certstore.CertStoreParameters;
import iaik.pki.store.certstore.CertStoreTypes;
import iaik.pki.store.certstore.directory.DirectoryCertStoreParameters;
-import java.io.File;
-
/**
* Implementation of interface needed to initialize an IAIK JSSE <code>TrustManager</code>
*
@@ -128,7 +130,7 @@ public class CertStoreConfigurationImpl extends ObservableImpl
* @see iaik.pki.store.certstore.directory.DirectoryCertStoreParameters#createNew()
*/
public boolean createNew() {
- return false;
+ return true;
}
/**
@@ -153,4 +155,14 @@ public class CertStoreConfigurationImpl extends ObservableImpl
return CertStoreTypes.DIRECTORY;
}
+ /* (non-Javadoc)
+ * @see iaik.pki.store.certstore.directory.DirectoryCertStoreParameters#getVirtualStores()
+ */
+ @Override
+ public Set getVirtualStores() {
+ //TODO: only for Testing and not complete !!!Ask Harald !!!!
+ return Collections.EMPTY_SET;
+
+ }
+
}
diff --git a/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/utils/ssl/MOAIDTrustManager.java b/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/utils/ssl/MOAIDTrustManager.java
index eaef3f1d4..9fc6f799d 100644
--- a/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/utils/ssl/MOAIDTrustManager.java
+++ b/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/utils/ssl/MOAIDTrustManager.java
@@ -57,11 +57,11 @@ import java.util.ArrayList;
import java.util.List;
import at.gv.egovernment.moa.logging.Logger;
-import at.gv.egovernment.moa.logging.LoggingContext;
-import at.gv.egovernment.moa.logging.LoggingContextManager;
-
+import at.gv.egovernment.moaspss.logging.LoggingContext;
+import at.gv.egovernment.moaspss.logging.LoggingContextManager;
import iaik.pki.jsse.IAIKX509TrustManager;
+
/**
* <code>TrustManager</code> implementation featuring CRL checking (inherited from
* <code>IAIKX509TrustManager</code>), plus server-end-SSL-certificate checking.
@@ -95,14 +95,14 @@ public class MOAIDTrustManager extends IAIKX509TrustManager {
* Fixes a bug occuring in the case MOA-SP is called by API.
* In this case, IAIKX509TrustManager uses the LogginConfig of MOA-SP.
* This method must be called before a MOAIDTrustManager is constructed,
- * from every thread.
- */
+ * from every thread.
+ */
public static void initializeLoggingContext() {
if (LoggingContextManager.getInstance().getLoggingContext() == null)
LoggingContextManager.getInstance().setLoggingContext(
new LoggingContext(Thread.currentThread().getName()));
}
-
+
/**
* Builds an Array of accepted server certificates from an URL,
@@ -161,4 +161,36 @@ public class MOAIDTrustManager extends IAIKX509TrustManager {
{
return true;
}
+
+// public void init(PKIConfiguration pkiConfig, PKIProfile pkiProfile) throws PKIException {
+// if (pkiProfile == null) {
+// throw new NullPointerException("pkiConfig parameter must not be null");
+//
+// }
+//
+// TransactionId tid = new TransactionIdImpl("Init");
+// log_.info(tid, "Setting up IAIKX509TrustManager", null);
+// if (pkiConfig != null) {
+// PKIFactory.getInstance().configure(pkiConfig, tid);
+//// log_.info(tid, "Registering LDAP protocol handler", null);
+//// String protocolHandlers =
+//// System.getProperty("java.protocol.handler.pkgs");
+//// if (protocolHandlers == null) {
+//// protocolHandlers = "iaik.pki";
+////
+//// } else {
+//// protocolHandlers = protocolHandlers + "|iaik.pki";
+////
+//// }
+////
+//// System.setProperty("java.protocol.handler.pkgs", protocolHandlers);
+//// log_.info(tid, "Registered protocol handlers: " + protocolHandlers, null);
+//
+// }
+//
+// pkiProfile_ = pkiProfile;
+// pkiFactory_ = PKIFactory.getInstance();
+// initialized_ = true;
+// }
+
}
diff --git a/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/utils/ssl/PKIConfigurationImpl.java b/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/utils/ssl/PKIConfigurationImpl.java
deleted file mode 100644
index 5d8c7a54e..000000000
--- a/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/utils/ssl/PKIConfigurationImpl.java
+++ /dev/null
@@ -1,118 +0,0 @@
-/*******************************************************************************
- * Copyright 2014 Federal Chancellery Austria
- * MOA-ID has been developed in a cooperation between BRZ, the Federal
- * Chancellery Austria - ICT staff unit, and Graz University of Technology.
- *
- * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by
- * the European Commission - subsequent versions of the EUPL (the "Licence");
- * You may not use this work except in compliance with the Licence.
- * You may obtain a copy of the Licence at:
- * http://www.osor.eu/eupl/
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the Licence is distributed on an "AS IS" basis,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the Licence for the specific language governing permissions and
- * limitations under the Licence.
- *
- * This product combines work with different licenses. See the "NOTICE" text
- * file for details on the various modules and licenses.
- * The "NOTICE" text file is part of the distribution. Any derivative works
- * that you distribute must include a readable copy of the "NOTICE" text file.
- ******************************************************************************/
-/*
- * Copyright 2003 Federal Chancellery Austria
- * MOA-ID has been developed in a cooperation between BRZ, the Federal
- * Chancellery Austria - ICT staff unit, and Graz University of Technology.
- *
- * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by
- * the European Commission - subsequent versions of the EUPL (the "Licence");
- * You may not use this work except in compliance with the Licence.
- * You may obtain a copy of the Licence at:
- * http://www.osor.eu/eupl/
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the Licence is distributed on an "AS IS" basis,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the Licence for the specific language governing permissions and
- * limitations under the Licence.
- *
- * This product combines work with different licenses. See the "NOTICE" text
- * file for details on the various modules and licenses.
- * The "NOTICE" text file is part of the distribution. Any derivative works
- * that you distribute must include a readable copy of the "NOTICE" text file.
- */
-
-
-package at.gv.egovernment.moa.id.commons.utils.ssl;
-
-import iaik.pki.PKIConfiguration;
-import iaik.pki.pathvalidation.ValidationConfiguration;
-import iaik.pki.revocation.RevocationConfiguration;
-import iaik.pki.store.certstore.CertStoreConfiguration;
-import iaik.pki.store.revocation.archive.ArchiveConfiguration;
-
-/**
- * Implementation of interface <code>PKIConfiguration</code> needed to
- * initialize an IAIK JSSE <code>TrustManager</code>
- *
- * @author Paul Ivancsics
- * @version $Id$
- */
-public class PKIConfigurationImpl implements PKIConfiguration {
- /** The configuration for the CertStore */
- private CertStoreConfiguration certStoreConfiguration;
- /** The configuration for the RevocationChecks */
- private RevocationConfiguration revocationConfiguration;
- /** The configuration for the Validation */
- private ValidationConfiguration validationConfiguration;
-
- /**
- * Constructor
- * @param conf the Configuration for the PKIConfig
- * @throws ConfigurationException for any config error
- */
- public PKIConfigurationImpl(String certStoreRootDirParam, String chainingMode) throws SSLConfigurationException {
-
- certStoreConfiguration = new CertStoreConfigurationImpl(certStoreRootDirParam);
- revocationConfiguration = new RevocationConfigurationImpl();
- validationConfiguration = new ValidationConfigurationImpl(chainingMode);
- }
-
- /**
- * @see iaik.pki.PKIConfiguration#getCertStoreConfiguration()
- */
- public CertStoreConfiguration getCertStoreConfiguration() {
- return certStoreConfiguration;
- }
-
- /**
- * @see iaik.pki.PKIConfiguration#getRevocationConfiguration()
- */
- public RevocationConfiguration getRevocationConfiguration() {
- return revocationConfiguration;
- }
-
- /**
- * @see iaik.pki.PKIConfiguration#getArchiveConfiguration()
- */
- public ArchiveConfiguration getArchiveConfiguration() {
- return null;
- }
-
- /**
- * @see iaik.pki.PKIConfiguration#getValidationConfiguration()
- */
- public ValidationConfiguration getValidationConfiguration() {
- return validationConfiguration;
- }
-
-/* (non-Javadoc)
- * @see iaik.pki.PKIConfiguration#getTimeout()
- */
- public int getTimeout() {
- // TODO Auto-generated method stub
- return 0;
-}
-
-}
diff --git a/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/utils/ssl/PKIProfileImpl.java b/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/utils/ssl/PKIProfileImpl.java
index 59994a257..1c8b6e18d 100644
--- a/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/utils/ssl/PKIProfileImpl.java
+++ b/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/utils/ssl/PKIProfileImpl.java
@@ -46,10 +46,12 @@
package at.gv.egovernment.moa.id.commons.utils.ssl;
+import java.security.NoSuchAlgorithmException;
import java.security.cert.X509Certificate;
import java.util.Collections;
import java.util.Set;
+import iaik.asn1.structures.AlgorithmID;
import iaik.pki.PKIProfile;
import iaik.pki.pathvalidation.ValidationProfile;
import iaik.pki.revocation.RevocationProfile;
@@ -66,7 +68,7 @@ import iaik.pki.store.truststore.TrustStoreTypes;
*/
public class PKIProfileImpl extends ObservableImpl
implements PKIProfile, RevocationProfile, TrustStoreProfile, ValidationProfile {
-
+
/**
* URI to the truststore
*/
@@ -77,6 +79,10 @@ public class PKIProfileImpl extends ObservableImpl
*/
private boolean revocationChecking;
+
+ private String[] revocationCheckMethode = new String[] {RevocationSourceTypes.CRL};
+ protected String ocspRequestHashAlgorithm_ = null;
+
/**
* The trust profile identifier.
*/
@@ -96,13 +102,6 @@ public class PKIProfileImpl extends ObservableImpl
}
/**
- * @see iaik.pki.PKIProfile#autoAddCertificates()
- */
- public boolean autoAddCertificates() {
- return true;
- }
-
- /**
* @see iaik.pki.PKIProfile#getRevocationProfile()
*/
public RevocationProfile getRevocationProfile() {
@@ -134,23 +133,43 @@ public class PKIProfileImpl extends ObservableImpl
* @see iaik.pki.revocation.RevocationProfile#getMaxRevocationAge(java.lang.String)
*/
public long getMaxRevocationAge(String arg0) {
- return 0;
+ return 0L;
}
/**
* @see iaik.pki.revocation.RevocationProfile#getOCSPRequestHashAlgorithm()
*/
public String getOCSPRequestHashAlgorithm() {
- return null;
+ if (ocspRequestHashAlgorithm_ == null) {
+ try
+ {
+ ocspRequestHashAlgorithm_ = AlgorithmID.sha1.getImplementationName();
+ }
+ catch (NoSuchAlgorithmException localNoSuchAlgorithmException) {}
+ }
+ return ocspRequestHashAlgorithm_;
}
+ public void setOCSPRequestHashAlgorithm(AlgorithmID paramAlgorithmID)
+ throws NoSuchAlgorithmException
+ {
+ if (paramAlgorithmID == null) {
+ throw new NullPointerException("Algorithm must not be null.");
+ }
+ ocspRequestHashAlgorithm_ = paramAlgorithmID.getImplementationName();
+ }
+
/**
* @see iaik.pki.revocation.RevocationProfile#getPreferredServiceOrder(java.security.cert.X509Certificate)
*/
public String[] getPreferredServiceOrder(X509Certificate arg0) {
- return new String[] {RevocationSourceTypes.CRL};
+ return revocationCheckMethode;
}
+ public void setPreferredServiceOrder(String[] order) {
+ this.revocationCheckMethode = order;
+ }
+
/**
* @see iaik.pki.store.truststore.TrustStoreProfile#getType()
*/
@@ -227,4 +246,22 @@ public class PKIProfileImpl extends ObservableImpl
public void setId(String id) {
this.id = id;
}
+
+/* (non-Javadoc)
+ * @see iaik.pki.PKIProfile#autoAddCertificates()
+ */
+@Override
+public int autoAddCertificates() {
+ return 1;
+
+}
+
+/* (non-Javadoc)
+ * @see iaik.pki.PKIProfile#getIndirectRevocationTrustStoreProfile()
+ */
+@Override
+public TrustStoreProfile getIndirectRevocationTrustStoreProfile() {
+ return null;
+
+}
}
diff --git a/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/utils/ssl/RevocationConfigurationImpl.java b/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/utils/ssl/RevocationConfigurationImpl.java
index b5e0543db..449f77209 100644
--- a/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/utils/ssl/RevocationConfigurationImpl.java
+++ b/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/utils/ssl/RevocationConfigurationImpl.java
@@ -46,13 +46,14 @@
package at.gv.egovernment.moa.id.commons.utils.ssl;
-import iaik.pki.revocation.RevocationConfiguration;
-
import java.security.cert.X509Certificate;
import java.util.Collections;
import java.util.Date;
import java.util.Set;
+import iaik.pki.revocation.RevocationConfiguration;
+import iaik.pki.revocation.dbcrl.config.DBCrlConfig;
+
/**
* Implementation of interface needed to initialize an IAIK JSSE <code>TrustManager</code>
* @author Paul Ivancsics
@@ -81,4 +82,43 @@ public class RevocationConfigurationImpl extends ObservableImpl implements Revoc
return null;
}
+/* (non-Javadoc)
+ * @see iaik.pki.revocation.RevocationConfiguration#getKeepRevocationInfo()
+ */
+@Override
+public boolean getKeepRevocationInfo() {
+ return false;
+}
+
+/* (non-Javadoc)
+ * @see iaik.pki.revocation.RevocationConfiguration#getPositiveOCSPResponders()
+ */
+@Override
+public Set getPositiveOCSPResponders() {
+
+// //TODO: !!!!! ASK Harald !!!!!
+// Map<String, String> test = new HashMap<String, String>();
+// test.put("ALL", "ALL");
+// return test.keySet();
+
+ return Collections.EMPTY_SET;
+}
+
+/* (non-Javadoc)
+ * @see iaik.pki.revocation.RevocationConfiguration#skipIndirectCRLCheckForAlternativeDistributionPoints()
+ */
+@Override
+public boolean skipIndirectCRLCheckForAlternativeDistributionPoints() {
+ //TODO: !!!!! ASK Harald !!!!!
+ return false;
+}
+
+/* (non-Javadoc)
+ * @see iaik.pki.revocation.RevocationConfiguration#getDataBaseCRLConfig()
+ */
+@Override
+public DBCrlConfig getDataBaseCRLConfig() {
+ return null;
+}
+
}
diff --git a/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/utils/ssl/SSLUtils.java b/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/utils/ssl/SSLUtils.java
index 68437a04d..4ecda435d 100644
--- a/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/utils/ssl/SSLUtils.java
+++ b/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/utils/ssl/SSLUtils.java
@@ -46,25 +46,26 @@
package at.gv.egovernment.moa.id.commons.utils.ssl;
-import iaik.pki.PKIConfiguration;
-import iaik.pki.PKIException;
-import iaik.pki.PKIFactory;
-import iaik.pki.PKIProfile;
-import iaik.pki.jsse.IAIKX509TrustManager;
-import iaik.security.provider.IAIK;
-
import java.io.IOException;
import java.security.GeneralSecurityException;
+import java.security.KeyStore;
import java.security.Security;
import java.util.HashMap;
import java.util.Map;
import javax.net.ssl.KeyManager;
+import javax.net.ssl.KeyManagerFactory;
import javax.net.ssl.SSLContext;
import javax.net.ssl.SSLSocketFactory;
import javax.net.ssl.TrustManager;
import at.gv.egovernment.moa.logging.Logger;
+import at.gv.egovernment.moa.util.KeyStoreUtils;
+import iaik.pki.DefaultPKIConfiguration;
+import iaik.pki.PKIException;
+import iaik.pki.PKIFactory;
+//import iaik.pki.jsse.IAIKX509TrustManager;
+import iaik.security.provider.IAIK;
/**
@@ -92,24 +93,7 @@ public class SSLUtils {
}
-
- /**
- * Creates an <code>SSLSocketFactory</code> which utilizes an
- * <code>IAIKX509TrustManager</code> for the given trust store,
- * and the given key store.
- *
- * @param conf configuration provider providing a generic properties pointing
- * to trusted CA store and certificate store root
- * @param connParam connection parameter containing the client key store settings
- * to be used in case of client authentication;
- * if <code>connParam.getClientKeyStore() == null</code>, client authentication
- * is assumed to be disabled
- * @return <code>SSLSocketFactory</code> to be used by an <code>HttpsURLConnection</code>
- * @throws IOException thrown while reading key store file
- * @throws GeneralSecurityException thrown while creating the socket factory
- * @throws ConfigurationException on invalid configuration data
- * @throws PKIException while initializing the <code>IAIKX509TrustManager</code>
- */
+
public static SSLSocketFactory getSSLSocketFactory(
String url,
String certStoreRootDirParam,
@@ -117,9 +101,10 @@ public class SSLUtils {
String acceptedServerCertURL,
String chainingMode,
boolean checkRevocation,
+ String[] revocationMethodOrder,
String clientKeyStoreURL,
String clientKeyStorePassword,
- String clientKeyStoreType
+ String clientKeyStoreType
)
throws IOException, GeneralSecurityException, SSLConfigurationException, PKIException {
@@ -134,9 +119,10 @@ public class SSLUtils {
chainingMode,
trustStoreURL,
acceptedServerCertURL,
- checkRevocation);
+ checkRevocation,
+ revocationMethodOrder);
- KeyManager[] kms = at.gv.egovernment.moa.util.SSLUtils.getKeyManagers(
+ KeyManager[] kms = getKeyManagers(
clientKeyStoreType, clientKeyStoreURL, clientKeyStorePassword);
SSLContext ctx = SSLContext.getInstance("TLS");
ctx.init(kms, tms, null);
@@ -154,6 +140,68 @@ public class SSLUtils {
}
/**
+ * Loads the client key store from file and gets the
+ * <code>KeyManager</code>s from a default <code>KeyManagerFactory</code>,
+ * initialized from the given client key store.
+ * @param clientKeyStoreType key store type of <code>clientKeyStore</code>
+ * @param clientKeyStoreURL URL of key store containing keys to be used for
+ * client authentication; if <code>null</code>, the default key store will be utilized
+ * @param clientKeyStorePassword password used to check the integrity of the client key store;
+ * if <code>null</code>, it will not be checked
+ * @return <code>KeyManager</code>s to be used for creating an
+ * <code>SSLSocketFactory</code> utilizing the given client key store
+ * @throws IOException thrown while reading from the key store file
+ * @throws GeneralSecurityException thrown while initializing the
+ * default <code>KeyManagerFactory</code>
+ */
+ public static KeyManager[] getKeyManagers (
+ String clientKeyStoreType,
+ String clientKeyStoreURL,
+ String clientKeyStorePassword)
+ throws IOException, GeneralSecurityException {
+
+ if (clientKeyStoreURL == null)
+ return null;
+
+ // Set up the KeyStore to use. We need to load the file into
+ // a KeyStore instance.
+ KeyStore clientKeyStore = KeyStoreUtils.loadKeyStore(
+ clientKeyStoreType, clientKeyStoreURL, clientKeyStorePassword);
+ return getKeyManagers(clientKeyStore, clientKeyStorePassword);
+ }
+ /**
+ * Gets the <code>KeyManager</code>s from a default <code>KeyManagerFactory</code>,
+ * initialized from the given client key store.
+ * @param clientKeyStore client key store
+ * @param clientKeyStorePassword if provided, it will be used to check
+ * the integrity of the client key store; if omitted, it will not be checked
+ * @return <code>KeyManager</code>s to be used for creating an
+ * <code>SSLSocketFactory</code> utilizing the given client key store
+ * @throws GeneralSecurityException thrown while initializing the
+ * default <code>KeyManagerFactory</code>
+ */
+ public static KeyManager[] getKeyManagers (
+ KeyStore clientKeyStore,
+ String clientKeyStorePassword)
+ throws GeneralSecurityException {
+
+ if (clientKeyStore == null)
+ return null;
+
+ // Now we initialize the default KeyManagerFactory with this KeyStore
+ String alg=KeyManagerFactory.getDefaultAlgorithm();
+ KeyManagerFactory kmFact=KeyManagerFactory.getInstance(alg);
+ char[] password = null;
+ if (clientKeyStorePassword != null)
+ password = clientKeyStorePassword.toCharArray();
+ kmFact.init(clientKeyStore, password);
+
+ // And now get the KeyManagers
+ KeyManager[] kms=kmFact.getKeyManagers();
+ return kms;
+ }
+
+ /**
* Initializes an <code>IAIKX509TrustManager</code> for a given trust store,
* using configuration data.
*
@@ -167,18 +215,26 @@ public class SSLUtils {
*/
private static TrustManager[] getTrustManagers(String certStoreRootDirParam,
String chainingMode, String trustStoreURL, String acceptedServerCertURL,
- boolean checkRevocation)
+ boolean checkRevocation, String[] revocationMethodOrder)
throws SSLConfigurationException, PKIException, IOException, GeneralSecurityException {
- PKIConfiguration cfg = null;
- if (! PKIFactory.getInstance().isAlreadyConfigured())
- cfg = new PKIConfigurationImpl(certStoreRootDirParam, chainingMode);
- PKIProfile profile = new PKIProfileImpl(trustStoreURL, checkRevocation);
+ DefaultPKIConfiguration cfg = null;
+ if (! PKIFactory.getInstance().isAlreadyConfigured()) {
+ CertStoreConfigurationImpl certStoreConf = new CertStoreConfigurationImpl(certStoreRootDirParam);
+ cfg = new DefaultPKIConfiguration(certStoreConf.getParameters());
+ cfg.setChainingMode(chainingMode);
+ Logger.info("Set-up PKI module configuration ... ");
+
+ }
+
+ PKIProfileImpl profile = new PKIProfileImpl(trustStoreURL, checkRevocation);
+ profile.setPreferredServiceOrder(revocationMethodOrder);
+
// This call fixes a bug occuring when PKIConfiguration is
// initialized by the MOA-SP initialization code, in case
// MOA-SP is called by API
MOAIDTrustManager.initializeLoggingContext();
- IAIKX509TrustManager tm = new MOAIDTrustManager(acceptedServerCertURL);
+ MOAIDTrustManager tm = new MOAIDTrustManager(acceptedServerCertURL);
tm.init(cfg, profile);
return new TrustManager[] {tm};
}
diff --git a/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/logging/LogMsg.java b/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/logging/LogMsg.java
deleted file mode 100644
index 51667f010..000000000
--- a/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/logging/LogMsg.java
+++ /dev/null
@@ -1,67 +0,0 @@
-/*
- * Copyright 2003 Federal Chancellery Austria
- * MOA-ID has been developed in a cooperation between BRZ, the Federal
- * Chancellery Austria - ICT staff unit, and Graz University of Technology.
- *
- * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by
- * the European Commission - subsequent versions of the EUPL (the "Licence");
- * You may not use this work except in compliance with the Licence.
- * You may obtain a copy of the Licence at:
- * http://www.osor.eu/eupl/
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the Licence is distributed on an "AS IS" basis,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the Licence for the specific language governing permissions and
- * limitations under the Licence.
- *
- * This product combines work with different licenses. See the "NOTICE" text
- * file for details on the various modules and licenses.
- * The "NOTICE" text file is part of the distribution. Any derivative works
- * that you distribute must include a readable copy of the "NOTICE" text file.
- */
-
-
-package at.gv.egovernment.moa.logging;
-
-/**
- * A unified message type to log messages from inside the MOA subsystem.
- *
- * @author Patrick Peck
- * @version $Id$
- */
-public class LogMsg {
- /** The message to log. */
- private Object message;
-
- /**
- * Create a <code>LogMsg</code> object.
- *
- * @param message The actual message to log. May be <code>null</code>.
- */
- public LogMsg(Object message) {
- this.message = message;
- }
-
- /**
- * Convert this log message to a <code>String</code>.
- *
- * @return The <code>String</code> representation of this log message.
- */
- public String toString() {
- StringBuffer msg = new StringBuffer();
- LoggingContext ctx =
- LoggingContextManager.getInstance().getLoggingContext();
- String tid = ctx != null ? ctx.getTransactionID() : null;
- String nodeId = ctx != null ? ctx.getNodeID() : null;
-
- msg.append("TID=");
- msg.append(tid != null ? tid : "<null>");
- msg.append(" NID=");
- msg.append(nodeId != null ? nodeId : "<null>");
- msg.append(" MSG=");
- msg.append(message != null ? message.toString() : "<null>");
-
- return msg.toString();
- }
-}
diff --git a/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/logging/LoggingContextManager.java b/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/logging/LoggingContextManager.java
deleted file mode 100644
index f0d7b4c07..000000000
--- a/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/logging/LoggingContextManager.java
+++ /dev/null
@@ -1,80 +0,0 @@
-/*
- * Copyright 2003 Federal Chancellery Austria
- * MOA-ID has been developed in a cooperation between BRZ, the Federal
- * Chancellery Austria - ICT staff unit, and Graz University of Technology.
- *
- * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by
- * the European Commission - subsequent versions of the EUPL (the "Licence");
- * You may not use this work except in compliance with the Licence.
- * You may obtain a copy of the Licence at:
- * http://www.osor.eu/eupl/
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the Licence is distributed on an "AS IS" basis,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the Licence for the specific language governing permissions and
- * limitations under the Licence.
- *
- * This product combines work with different licenses. See the "NOTICE" text
- * file for details on the various modules and licenses.
- * The "NOTICE" text file is part of the distribution. Any derivative works
- * that you distribute must include a readable copy of the "NOTICE" text file.
- */
-
-
-package at.gv.egovernment.moa.logging;
-
-/**
- * Provides each thread with a single instance of <code>LoggingContext</code>.
- *
- * @author Patrick Peck
- * @version $Id$
- */
-public class LoggingContextManager {
- /** The single instance of this class. */
- private static LoggingContextManager instance = null;
-
- /** The <code>LoggingContext</code> for each thread. */
- private ThreadLocal context;
-
- /**
- * Get the single instance of the <code>LoggingContextManager</code> class.
- *
- * @return LoggingContextManager The single instance.
- */
- public static synchronized LoggingContextManager getInstance() {
- if (instance == null) {
- instance = new LoggingContextManager();
- }
- return instance;
- }
-
- /**
- * Creates a new <code>LoggingContextManager</code>.
- *
- * Protected to disallow direct instantiation.
- */
- protected LoggingContextManager() {
- context = new ThreadLocal();
- }
-
- /**
- * Set the <code>LoggingContext</code> context for the current thread.
- *
- * @param ctx The <code>LoggingContext</code> for the current thread.
- */
- public void setLoggingContext(LoggingContext ctx) {
- context.set(ctx);
- }
-
- /**
- * Return the <code>LoggingContext</code> for the current thread.
- *
- * @return LoggingContext The <code>LoggingContext</code> for the current
- * thread, or <code>null</code> if none has been set.
- */
- public LoggingContext getLoggingContext() {
- return (LoggingContext) context.get();
- }
-
-}
diff --git a/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/util/Constants.java b/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/util/Constants.java
index 5a5f4edac..260b2ecb1 100644
--- a/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/util/Constants.java
+++ b/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/util/Constants.java
@@ -24,7 +24,10 @@
package at.gv.egovernment.moa.util;
+import java.util.Collections;
import java.util.HashMap;
+import java.util.Map;
+
/**
* Contains various constants used throughout the system.
@@ -509,6 +512,14 @@ public interface Constants {
/**
* A map used to map namespace prefixes to namespace URIs
*/
- public static HashMap<String, String> nSMap = new HashMap<String, String>(5);
+ public static final Map<String, String> nSMap = Collections.unmodifiableMap(new HashMap<String, String>(){
+ private static final long serialVersionUID = 3845384324295136490L;
+ {
+ put(Constants.SAML_PREFIX, Constants.SAML_NS_URI);
+ put(Constants.ECDSA_PREFIX, "http://www.w3.org/2001/04/xmldsig-more#");
+ put(Constants.DSIG_PREFIX, Constants.DSIG_NS_URI);
+ }
+ });
+
}
diff --git a/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/util/MOAEntityResolver.java b/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/util/MOAEntityResolver.java
index 8f3ffd4c6..b1a3f8446 100644
--- a/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/util/MOAEntityResolver.java
+++ b/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/util/MOAEntityResolver.java
@@ -31,7 +31,6 @@ import org.apache.xerces.util.URI.MalformedURIException;
import org.xml.sax.EntityResolver;
import org.xml.sax.InputSource;
-import at.gv.egovernment.moa.logging.LogMsg;
import at.gv.egovernment.moa.logging.Logger;
/**
@@ -72,7 +71,7 @@ public class MOAEntityResolver implements EntityResolver {
if (Logger.isDebugEnabled()) {
Logger.debug(
- new LogMsg("resolveEntity: p=" + publicId + " s=" + systemId));
+ new at.gv.egovernment.moaspss.logging.LogMsg("resolveEntity: p=" + publicId + " s=" + systemId));
}
if (publicId != null) {
diff --git a/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/util/MOAErrorHandler.java b/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/util/MOAErrorHandler.java
index 3769b264d..ea71a677f 100644
--- a/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/util/MOAErrorHandler.java
+++ b/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/util/MOAErrorHandler.java
@@ -28,8 +28,8 @@ import org.apache.xml.utils.DefaultErrorHandler;
import org.xml.sax.SAXException;
import org.xml.sax.SAXParseException;
-import at.gv.egovernment.moa.logging.LogMsg;
import at.gv.egovernment.moa.logging.Logger;
+import at.gv.egovernment.moaspss.logging.LogMsg;
/**
* An <code>ErrorHandler</code> that logs a message and throws a
diff --git a/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/util/SSLUtils.java b/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/util/SSLUtils.java
deleted file mode 100644
index c2c67ec58..000000000
--- a/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/util/SSLUtils.java
+++ /dev/null
@@ -1,244 +0,0 @@
-/*
- * Copyright 2003 Federal Chancellery Austria
- * MOA-ID has been developed in a cooperation between BRZ, the Federal
- * Chancellery Austria - ICT staff unit, and Graz University of Technology.
- *
- * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by
- * the European Commission - subsequent versions of the EUPL (the "Licence");
- * You may not use this work except in compliance with the Licence.
- * You may obtain a copy of the Licence at:
- * http://www.osor.eu/eupl/
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the Licence is distributed on an "AS IS" basis,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the Licence for the specific language governing permissions and
- * limitations under the Licence.
- *
- * This product combines work with different licenses. See the "NOTICE" text
- * file for details on the various modules and licenses.
- * The "NOTICE" text file is part of the distribution. Any derivative works
- * that you distribute must include a readable copy of the "NOTICE" text file.
- */
-
-
-package at.gv.egovernment.moa.util;
-
-import java.io.IOException;
-import java.io.InputStream;
-import java.security.GeneralSecurityException;
-import java.security.KeyStore;
-
-import javax.net.ssl.KeyManager;
-import javax.net.ssl.KeyManagerFactory;
-import javax.net.ssl.SSLContext;
-import javax.net.ssl.SSLSocketFactory;
-import javax.net.ssl.TrustManager;
-import javax.net.ssl.TrustManagerFactory;
-
-/**
- * Utility for connecting to server applications via SSL.
- *
- * @author Paul Ivancsics
- * @version $Id$
- */
-public class SSLUtils {
-
- /**
- * Creates an <code>SSLSocketFactory</code> which utilizes the given trust store.
- *
- * @param trustStoreType key store type of trust store
- * @param trustStoreInputStream input stream for reading JKS trust store containing
- * trusted server certificates; if <code>null</code>, the default
- * trust store will be utilized
- * @param trustStorePassword if provided, it will be used to check
- * the integrity of the trust store; if omitted, it will not be checked
- * @return <code>SSLSocketFactory</code> to be used by an <code>HttpsURLConnection</code>
- * @throws IOException thrown while reading from the input stream
- * @throws GeneralSecurityException thrown while creating the socket factory
- */
- public static SSLSocketFactory getSSLSocketFactory(
- String trustStoreType,
- InputStream trustStoreInputStream,
- String trustStorePassword)
- throws IOException, GeneralSecurityException {
-
- TrustManager[] tms = getTrustManagers(trustStoreType, trustStoreInputStream, trustStorePassword);
- SSLContext ctx = SSLContext.getInstance("TLS");
- ctx.init(null, tms, null);
-
- SSLSocketFactory sf = ctx.getSocketFactory();
- return sf;
- }
- /**
- * Creates an <code>SSLSocketFactory</code> which utilizes the
- * given trust store and keystore.
- *
- * @param trustStore trust store containing trusted server certificates;
- * if <code>null</code>, the default trust store will be utilized
- * @param clientKeyStoreType key store type of <code>clientKeyStore</code>
- * @param clientKeyStoreURL URL of key store containing keys to be used for
- * client authentication; if <code>null</code>, the default key store will be utilized
- * @param clientKeyStorePassword if provided, it will be used to check
- * the integrity of the client key store; if omitted, it will not be checked
- * @return <code>SSLSocketFactory</code> to be used by an <code>HttpsURLConnection</code>
- * @throws IOException thrown while reading key store file
- * @throws GeneralSecurityException thrown while creating the socket factory
- */
- public static SSLSocketFactory getSSLSocketFactory(
- KeyStore trustStore,
- String clientKeyStoreType,
- String clientKeyStoreURL,
- String clientKeyStorePassword)
- throws IOException, GeneralSecurityException {
-
- SSLContext ctx = getSSLContext(
- trustStore, clientKeyStoreType, clientKeyStoreURL, clientKeyStorePassword);
- SSLSocketFactory sf = ctx.getSocketFactory();
- return sf;
- }
- /**
- * Creates an <code>SSLContext</code> initialized for the
- * given trust store and keystore.
- *
- * @param trustStore trust store containing trusted server certificates;
- * if <code>null</code>, the default trust store will be utilized
- * @param clientKeyStoreType key store type of <code>clientKeyStore</code>
- * @param clientKeyStoreURL URL of key store containing keys to be used for
- * client authentication; if <code>null</code>, the default key store will be utilized
- * @param clientKeyStorePassword if provided, it will be used to check
- * the integrity of the client key store; if omitted, it will not be checked
- * @return <code>SSLContext</code> to be used for creating an <code>SSLSocketFactory</code>
- * @throws IOException thrown while reading key store file
- * @throws GeneralSecurityException thrown while creating the SSL context
- */
- public static SSLContext getSSLContext(
- KeyStore trustStore,
- String clientKeyStoreType,
- String clientKeyStoreURL,
- String clientKeyStorePassword)
- throws IOException, GeneralSecurityException {
-
- TrustManager[] tms = getTrustManagers(trustStore);
- KeyManager[] kms = getKeyManagers(clientKeyStoreType, clientKeyStoreURL, clientKeyStorePassword);
- SSLContext ctx = SSLContext.getInstance("TLS");
- ctx.init(kms, tms, null);
- return ctx;
- }
- /**
- * Loads the trust store from an input stream and gets the
- * <code>TrustManager</code>s from a default <code>TrustManagerFactory</code>,
- * initialized from the given trust store.
- * @param trustStoreType key store type of trust store
- * @param trustStoreInputStream input stream for reading JKS trust store containing
- * trusted server certificates; if <code>null</code>, the default
- * trust store will be utilized
- * @param trustStorePassword if provided, it will be used to check
- * the integrity of the trust store; if omitted, it will not be checked
- * @return <code>TrustManager</code>s to be used for creating an
- * <code>SSLSocketFactory</code> utilizing the given trust store
- * @throws IOException thrown while reading from the input stream
- * @throws GeneralSecurityException thrown while initializing the
- * default <code>TrustManagerFactory</code>
- */
- protected static TrustManager[] getTrustManagers(
- String trustStoreType,
- InputStream trustStoreInputStream,
- String trustStorePassword)
- throws IOException, GeneralSecurityException {
-
- if (trustStoreInputStream == null)
- return null;
-
- // Set up the TrustStore to use. We need to load the file into
- // a KeyStore instance.
- KeyStore trustStore = KeyStoreUtils.loadKeyStore(trustStoreType, trustStoreInputStream, trustStorePassword);
- return getTrustManagers(trustStore);
- }
- /**
- * Gets the <code>TrustManager</code>s from a default <code>TrustManagerFactory</code>,
- * initialized from the given trust store.
- *
- * @param trustStore the trust store to use
- * @return <code>TrustManager</code>s to be used for creating an
- * <code>SSLSocketFactory</code> utilizing the given trust store
- * @throws GeneralSecurityException thrown while initializing the
- * default <code>TrustManagerFactory</code>
- */
- protected static TrustManager[] getTrustManagers(KeyStore trustStore)
- throws GeneralSecurityException {
-
- if (trustStore == null)
- return null;
-
- // Initialize the default TrustManagerFactory with this KeyStore
- String alg=TrustManagerFactory.getDefaultAlgorithm();
- TrustManagerFactory tmFact=TrustManagerFactory.getInstance(alg);
- tmFact.init(trustStore);
-
- // And now get the TrustManagers
- TrustManager[] tms=tmFact.getTrustManagers();
- return tms;
- }
- /**
- * Loads the client key store from file and gets the
- * <code>KeyManager</code>s from a default <code>KeyManagerFactory</code>,
- * initialized from the given client key store.
- * @param clientKeyStoreType key store type of <code>clientKeyStore</code>
- * @param clientKeyStoreURL URL of key store containing keys to be used for
- * client authentication; if <code>null</code>, the default key store will be utilized
- * @param clientKeyStorePassword password used to check the integrity of the client key store;
- * if <code>null</code>, it will not be checked
- * @return <code>KeyManager</code>s to be used for creating an
- * <code>SSLSocketFactory</code> utilizing the given client key store
- * @throws IOException thrown while reading from the key store file
- * @throws GeneralSecurityException thrown while initializing the
- * default <code>KeyManagerFactory</code>
- */
- public static KeyManager[] getKeyManagers (
- String clientKeyStoreType,
- String clientKeyStoreURL,
- String clientKeyStorePassword)
- throws IOException, GeneralSecurityException {
-
- if (clientKeyStoreURL == null)
- return null;
-
- // Set up the KeyStore to use. We need to load the file into
- // a KeyStore instance.
- KeyStore clientKeyStore = KeyStoreUtils.loadKeyStore(
- clientKeyStoreType, clientKeyStoreURL, clientKeyStorePassword);
- return getKeyManagers(clientKeyStore, clientKeyStorePassword);
- }
- /**
- * Gets the <code>KeyManager</code>s from a default <code>KeyManagerFactory</code>,
- * initialized from the given client key store.
- * @param clientKeyStore client key store
- * @param clientKeyStorePassword if provided, it will be used to check
- * the integrity of the client key store; if omitted, it will not be checked
- * @return <code>KeyManager</code>s to be used for creating an
- * <code>SSLSocketFactory</code> utilizing the given client key store
- * @throws GeneralSecurityException thrown while initializing the
- * default <code>KeyManagerFactory</code>
- */
- public static KeyManager[] getKeyManagers (
- KeyStore clientKeyStore,
- String clientKeyStorePassword)
- throws GeneralSecurityException {
-
- if (clientKeyStore == null)
- return null;
-
- // Now we initialize the default KeyManagerFactory with this KeyStore
- String alg=KeyManagerFactory.getDefaultAlgorithm();
- KeyManagerFactory kmFact=KeyManagerFactory.getInstance(alg);
- char[] password = null;
- if (clientKeyStorePassword != null)
- password = clientKeyStorePassword.toCharArray();
- kmFact.init(clientKeyStore, password);
-
- // And now get the KeyManagers
- KeyManager[] kms=kmFact.getKeyManagers();
- return kms;
- }
-}