diff options
Diffstat (limited to 'id/server/moa-id-commons/src/main')
16 files changed, 352 insertions, 88 deletions
diff --git a/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/api/AuthConfiguration.java b/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/api/AuthConfiguration.java index 541285219..a787cea00 100644 --- a/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/api/AuthConfiguration.java +++ b/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/api/AuthConfiguration.java @@ -44,7 +44,7 @@ public interface AuthConfiguration extends ConfigurationProvider{ public ConnectionParameterInterface getMoaSpConnectionParameter() throws ConfigurationException; - public ConnectionParameterInterface getForeignIDConnectionParameter(IOAAuthParameters oaParameters) throws ConfigurationException; +// public ConnectionParameterInterface getForeignIDConnectionParameter(IOAAuthParameters oaParameters) throws ConfigurationException; /** * Get parameters to connect the Online Mandate-Service (MIS) diff --git a/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/api/IOAAuthParameters.java b/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/api/IOAAuthParameters.java index 67a6552ef..5df4a4163 100644 --- a/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/api/IOAAuthParameters.java +++ b/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/api/IOAAuthParameters.java @@ -22,6 +22,7 @@ */ package at.gv.egovernment.moa.id.commons.api; +import java.io.Serializable; import java.security.PrivateKey; import java.util.Collection; import java.util.List; @@ -227,4 +228,11 @@ public interface IOAAuthParameters extends ISPConfiguration{ public List<Integer> getReversionsLoggingEventCodes(); + /** + * Get a List of sectors for that this service provider requires foreign bPKs + * + * @return list of sectors, or null if no sectors are defined + */ + public List<String> foreignbPKSectorsRequested(); + }
\ No newline at end of file diff --git a/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/api/exceptions/MOAIDException.java b/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/api/exceptions/MOAIDException.java index 388e6d229..b5ae04c4e 100644 --- a/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/api/exceptions/MOAIDException.java +++ b/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/api/exceptions/MOAIDException.java @@ -50,7 +50,6 @@ import java.io.PrintStream; import java.io.PrintWriter; import at.gv.egiz.eaaf.core.exceptions.EAAFException; -import at.gv.egovernment.moa.id.commons.utils.MOAIDMessageProvider; /** * Base class of technical MOA exceptions. @@ -66,12 +65,12 @@ public class MOAIDException extends EAAFException { * */ private static final long serialVersionUID = -1507246171708083912L; -/** message ID */ - private String messageId; - /** wrapped exception */ - private Throwable wrapped; + /** message ID */ + private String messageId; + /** wrapped exception */ + private Throwable wrapped; - private Object[] parameters; + private Object[] parameters; /** * Create a new <code>MOAIDException</code>. @@ -81,7 +80,7 @@ public class MOAIDException extends EAAFException { * @param parameters Additional message parameters. */ public MOAIDException(String messageId, Object[] parameters) { - super(MOAIDMessageProvider.getInstance().getMessage(messageId, parameters)); + super(messageId, parameters); this.messageId = messageId; this.parameters = parameters; } @@ -100,7 +99,7 @@ public class MOAIDException extends EAAFException { Object[] parameters, Throwable wrapped) { - super(MOAIDMessageProvider.getInstance().getMessage(messageId, parameters)); + super(messageId, parameters, wrapped); this.messageId = messageId; this.wrapped = wrapped; this.parameters = parameters; diff --git a/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/config/ConfigurationMigrationUtils.java b/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/config/ConfigurationMigrationUtils.java index de120fd9c..4555f61d2 100644 --- a/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/config/ConfigurationMigrationUtils.java +++ b/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/config/ConfigurationMigrationUtils.java @@ -32,6 +32,8 @@ import java.util.Iterator; import java.util.List; import java.util.Map; +import org.apache.commons.lang3.StringUtils; + import at.gv.egiz.eaaf.core.impl.utils.KeyValueUtils; import at.gv.egovernment.moa.id.commons.MOAIDConstants; import at.gv.egovernment.moa.id.commons.db.dao.config.deprecated.AttributeProviderPlugin; @@ -174,13 +176,32 @@ public class ConfigurationMigrationUtils { } } + if (MiscUtil.isNotEmpty(oa.getForeignbPKTargetList())) + result.put(MOAIDConfigurationConstants.SERVICE_AUTH_TARGET_FOREIGN, oa.getForeignbPKTargetList()); + else + result.put(MOAIDConfigurationConstants.SERVICE_AUTH_TARGET_FOREIGN, StringUtils.EMPTY); + + //convert selected SZR-GW service if (MiscUtil.isNotEmpty(oa.getSelectedSZRGWServiceURL())) - result.put(MOAIDConfigurationConstants.SERVICE_EXTERNAL_SZRGW_SERVICE_URL, oa.getSelectedSZRGWServiceURL()); + result.put(MOAIDConfigurationConstants.SERVICE_EXTERNAL_CENTRAL_EIDASNODE_SERVICE_URL, oa.getSelectedSZRGWServiceURL()); AuthComponentOA oaauth = oa.getAuthComponentOA(); if (oaauth != null) { + //convert SL20 infos + if (oaauth.isSl20Active() != null) + result.put(MOAIDConfigurationConstants.SERVICE_AUTH_SL20_ENABLED, oaauth.isSl20Active().toString()); + else + result.put(MOAIDConfigurationConstants.SERVICE_AUTH_SL20_ENABLED, Boolean.FALSE.toString()); + + if (MiscUtil.isNotEmpty(oaauth.getSl20EndPoints())) + result.put(MOAIDConfigurationConstants.SERVICE_AUTH_SL20_ENDPOINTS, oaauth.getSl20EndPoints()); + else + result.put(MOAIDConfigurationConstants.SERVICE_AUTH_SL20_ENDPOINTS, StringUtils.EMPTY); + + + //convert business identifier IdentificationNumber idnumber = oaauth.getIdentificationNumber(); if (idnumber != null) { @@ -770,7 +791,17 @@ public class ConfigurationMigrationUtils { } - dbOA.setSelectedSZRGWServiceURL(oa.get(MOAIDConfigurationConstants.SERVICE_EXTERNAL_SZRGW_SERVICE_URL)); + //set SL20 things + if (MiscUtil.isNotEmpty(oa.get(MOAIDConfigurationConstants.SERVICE_AUTH_SL20_ENABLED))) + authoa.setSl20Active(Boolean.valueOf(oa.get(MOAIDConfigurationConstants.SERVICE_AUTH_SL20_ENABLED))); + else + authoa.setSl20Active(false); + + authoa.setSl20EndPoints(oa.get(MOAIDConfigurationConstants.SERVICE_AUTH_SL20_ENDPOINTS)); + + + + dbOA.setSelectedSZRGWServiceURL(oa.get(MOAIDConfigurationConstants.SERVICE_EXTERNAL_CENTRAL_EIDASNODE_SERVICE_URL)); dbOA.setMandateServiceSelectionTemplateURL(oa.get(MOAIDConfigurationConstants.SERVICE_AUTH_TEMPLATES_ELGAMANDATESERVICESELECTION_URL)); dbOA.setSaml2PostBindingTemplateURL(oa.get(MOAIDConfigurationConstants.SERVICE_AUTH_TEMPLATES_SAML2POSTBINDING_URL)); @@ -826,6 +857,9 @@ public class ConfigurationMigrationUtils { } } + if (MiscUtil.isNotEmpty(oa.get(MOAIDConfigurationConstants.SERVICE_AUTH_TARGET_FOREIGN))) + dbOA.setForeignbPKTargetList(oa.get(MOAIDConfigurationConstants.SERVICE_AUTH_TARGET_FOREIGN)); + //store BKU-URLs BKUURLS bkuruls = new BKUURLS(); authoa.setBKUURLS(bkuruls); @@ -1220,7 +1254,7 @@ public class ConfigurationMigrationUtils { if (foreign != null) { ConnectionParameterClientAuthType connect_foreign = foreign.getConnectionParameter(); if (connect_foreign != null) { - result.put(MOAIDConfigurationConstants.GENERAL_AUTH_SERVICES_SZRGW_URL, + result.put(MOAIDConfigurationConstants.GENERAL_AUTH_SERVICES_CENTRAL_EIDASNODE_URL, connect_foreign.getURL()); } } @@ -1738,13 +1772,13 @@ public class ConfigurationMigrationUtils { dbauth.setForeignIdentities(dbforeign); } - if (MiscUtil.isNotEmpty(moaconfig.get(MOAIDConfigurationConstants.GENERAL_AUTH_SERVICES_SZRGW_URL))) { + if (MiscUtil.isNotEmpty(moaconfig.get(MOAIDConfigurationConstants.GENERAL_AUTH_SERVICES_CENTRAL_EIDASNODE_URL))) { ConnectionParameterClientAuthType forcon = dbforeign.getConnectionParameter(); if (forcon == null) { forcon = new ConnectionParameterClientAuthType(); dbforeign.setConnectionParameter(forcon); } - forcon.setURL(moaconfig.get(MOAIDConfigurationConstants.GENERAL_AUTH_SERVICES_SZRGW_URL)); + forcon.setURL(moaconfig.get(MOAIDConfigurationConstants.GENERAL_AUTH_SERVICES_CENTRAL_EIDASNODE_URL)); } ForeignIdentities foreign = dbauth.getForeignIdentities(); diff --git a/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/config/MOAIDConfigurationConstants.java b/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/config/MOAIDConfigurationConstants.java index bb7bcfd0f..a6315fe2c 100644 --- a/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/config/MOAIDConfigurationConstants.java +++ b/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/config/MOAIDConfigurationConstants.java @@ -63,6 +63,8 @@ public final class MOAIDConfigurationConstants extends MOAIDConstants { private static final String SERVICE_AUTH_TARGET_BUSINESS = SERVICE_AUTH_TARGET + ".business"; public static final String SERVICE_AUTH_TARGET_BUSINESS_TYPE = SERVICE_AUTH_TARGET_BUSINESS + ".type"; public static final String SERVICE_AUTH_TARGET_BUSINESS_VALUE = SERVICE_AUTH_TARGET_BUSINESS + ".value"; + public static final String SERVICE_AUTH_TARGET_FOREIGN = SERVICE_AUTH_TARGET + ".foreign"; + public static final String SERVICE_AUTH_TARGET_PUBLIC_TARGET = SERVICE_AUTH_TARGET_PUBLIC + ".target"; public static final String SERVICE_AUTH_TARGET_PUBLIC_TARGET_SUB = SERVICE_AUTH_TARGET_PUBLIC + ".target.sub"; @@ -84,6 +86,9 @@ public final class MOAIDConfigurationConstants extends MOAIDConstants { public static final String SERVICE_AUTH_BKU_AUTHBLOCKTEXT = AUTH + ".authblock.additionaltext"; public static final String SERVICE_AUTH_BKU_AUTHBLOCK_REMOVEBPK = AUTH + ".authblock.removebPK"; + public static final String SERVICE_AUTH_SL20_ENABLED = AUTH + ".sl20.enabled"; + public static final String SERVICE_AUTH_SL20_ENDPOINTS = AUTH + ".sl20.endpoints"; + private static final String SERVICE_AUTH_TEMPLATES = AUTH + "." + TEMPLATES; public static final String SERVICE_AUTH_TEMPLATES_BKUSELECTION_DATA = SERVICE_AUTH_TEMPLATES + ".bkuselection.data"; public static final String SERVICE_AUTH_TEMPLATES_BKUSELECTION_PREVIEW = SERVICE_AUTH_TEMPLATES + ".bkuselection.preview"; @@ -190,7 +195,7 @@ public final class MOAIDConfigurationConstants extends MOAIDConstants { public static final String SERVICE_EXTERNAL_ELGA_MANDATE_SERVICE_URL = ELGA_MANDATE_SERVICE_URL; public static final String SERVICE_EXTERNAL_MIS_SERVICE_URL = "modules.mis.service.url"; - public static final String SERVICE_EXTERNAL_SZRGW_SERVICE_URL = "modules.szrgw.service.url"; + public static final String SERVICE_EXTERNAL_CENTRAL_EIDASNODE_SERVICE_URL = "modules.szrgw.service.url"; //Namespaces for general MOA-ID config public static final String GENERAL_PUBLICURLPREFIX = PREFIX_MOAID_GENERAL + ".publicURLPrefix"; @@ -224,7 +229,7 @@ public final class MOAIDConfigurationConstants extends MOAIDConstants { public static final String GENERAL_AUTH_MOASP_URL = GENERAL_AUTH + ".moasp.url"; public static final String GENERAL_AUTH_SERVICES_OVS_URL = GENERAL_AUTH + ".services.ovs.url"; - public static final String GENERAL_AUTH_SERVICES_SZRGW_URL = GENERAL_AUTH + ".services.szrgw.url"; + public static final String GENERAL_AUTH_SERVICES_CENTRAL_EIDASNODE_URL = GENERAL_AUTH + ".services.szrgw.url"; public static final String GENERAL_AUTH_SERVICES_HVB_URL = GENERAL_AUTH + ".services.hvb.url"; public static final String GENERAL_AUTH_SERVICES_ELGA_MANDATE_SERVICE_URL = PREFIX_MOAID_GENERAL + "." + ELGA_MANDATE_SERVICE_URL; diff --git a/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/db/dao/config/deprecated/AuthComponentOA.java b/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/db/dao/config/deprecated/AuthComponentOA.java index 04efb0afe..852df16e6 100644 --- a/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/db/dao/config/deprecated/AuthComponentOA.java +++ b/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/db/dao/config/deprecated/AuthComponentOA.java @@ -11,23 +11,17 @@ package at.gv.egovernment.moa.id.commons.db.dao.config.deprecated; import java.io.Serializable; import java.util.ArrayList; import java.util.List; + import javax.persistence.CascadeType; -import javax.persistence.Column; -import javax.persistence.Entity; -import javax.persistence.GeneratedValue; -import javax.persistence.GenerationType; -import javax.persistence.Id; -import javax.persistence.Inheritance; -import javax.persistence.InheritanceType; -import javax.persistence.JoinColumn; import javax.persistence.ManyToOne; import javax.persistence.OneToMany; -import javax.persistence.Table; import javax.xml.bind.annotation.XmlAccessType; import javax.xml.bind.annotation.XmlAccessorType; import javax.xml.bind.annotation.XmlAttribute; import javax.xml.bind.annotation.XmlElement; +import javax.xml.bind.annotation.XmlTransient; import javax.xml.bind.annotation.XmlType; + import org.jvnet.jaxb2_commons.lang.Equals; import org.jvnet.jaxb2_commons.lang.EqualsStrategy; import org.jvnet.jaxb2_commons.lang.HashCode; @@ -162,6 +156,13 @@ public class AuthComponentOA @XmlAttribute(name = "Hjid") protected Long hjid; + + @XmlTransient + protected Boolean sl20Active; + @XmlTransient + protected String sl20EndPoints; + + /** * Gets the value of the bkuurls property. * @@ -522,11 +523,28 @@ public class AuthComponentOA + public Long getHjid() { return hjid; } - /** + public Boolean isSl20Active() { + return sl20Active; + } + + public void setSl20Active(Boolean sl20Active) { + this.sl20Active = sl20Active; + } + + public String getSl20EndPoints() { + return sl20EndPoints; + } + + public void setSl20EndPoints(String sl20EndPoints) { + this.sl20EndPoints = sl20EndPoints; + } + + /** * Sets the value of the hjid property. * * @param value diff --git a/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/db/dao/config/deprecated/OnlineApplication.java b/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/db/dao/config/deprecated/OnlineApplication.java index 196923ce6..e37873a72 100644 --- a/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/db/dao/config/deprecated/OnlineApplication.java +++ b/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/db/dao/config/deprecated/OnlineApplication.java @@ -115,10 +115,20 @@ public class OnlineApplication @XmlTransient protected String mandateServiceSelectionTemplateURL = null; + @XmlTransient + protected String foreignbPKTargetList = null; + - - /** + public String getForeignbPKTargetList() { + return foreignbPKTargetList; + } + + public void setForeignbPKTargetList(String foreignbPKTargetList) { + this.foreignbPKTargetList = foreignbPKTargetList; + } + + /** * @return the saml2PostBindingTemplateURL */ public String getSaml2PostBindingTemplateURL() { diff --git a/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/db/dao/session/AuthenticatedSessionStore.java b/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/db/dao/session/AuthenticatedSessionStore.java index b13f0ba5b..93db98cf9 100644 --- a/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/db/dao/session/AuthenticatedSessionStore.java +++ b/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/db/dao/session/AuthenticatedSessionStore.java @@ -103,6 +103,7 @@ public class AuthenticatedSessionStore implements Serializable{ private String additionalInformation; @Column(name = "additionalInformationBytes", nullable=true) + @Lob private byte[] additionalInformationBytes; @Column(name = "created", updatable=false, nullable=false) @@ -349,19 +350,56 @@ public class AuthenticatedSessionStore implements Serializable{ this.isInterfederatedSSOSession = isInterfederatedSSOSession; } - /** - * @return the additionalInformation - */ - public byte[] getAdditionalInformation() { + @Deprecated + public String getAdditionalInformation() { + return additionalInformation; + } + + @Deprecated + public void setAdditionalInformation(String additionalInformation) { + this.additionalInformation = additionalInformation; + } + + public byte[] getAdditionalInformationBytes() { return additionalInformationBytes; } - /** - * @param additionalInformation the additionalInformation to set - */ - public void setAdditionalInformation(byte[] additionalInformation) { - this.additionalInformationBytes = additionalInformation; + public void setAdditionalInformationBytes(byte[] additionalInformationBytes) { + this.additionalInformationBytes = additionalInformationBytes; } + +// /** +// * @return the additionalInformation +// */ +// @Deprecated +// public String getAdditionalInformation() { +// try { +// if (this.additionalInformationBytes != null) +// return new String(this.additionalInformationBytes, "UTF-8"); +// else +// return null; +// +// } catch (UnsupportedEncodingException e) { +// throw new RuntimeException("Something is very strange, because UTF-8 encoding IS NOT supported", e); +// +// } +// } + +// @Deprecated +// public void setAdditionalInformation(String additionalInformation) { +// try { +// if (StringUtils.isNotEmpty(additionalInformation)) +// this.additionalInformationBytes = additionalInformation.getBytes("UTF-8"); +// +// } catch (UnsupportedEncodingException e) { +// throw new RuntimeException("Something is very strange, because UTF-8 encoding IS NOT supported", e); +// +// } +// } + + + + diff --git a/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/utils/MOAIDMessageProvider.java b/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/utils/MOAIDMessageProvider.java index 2cb867cbc..f4143e434 100644 --- a/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/utils/MOAIDMessageProvider.java +++ b/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/utils/MOAIDMessageProvider.java @@ -50,7 +50,7 @@ import java.util.Locale; import org.springframework.stereotype.Service; -import at.gv.egiz.eaaf.core.api.IStatusMessager; +import at.gv.egiz.eaaf.core.api.IStatusMessenger; import at.gv.egiz.eaaf.core.exceptions.ProcessExecutionException; import at.gv.egovernment.moa.id.commons.api.exceptions.BKUException; import at.gv.egovernment.moa.id.commons.api.exceptions.MISSimpleClientException; @@ -60,7 +60,7 @@ import at.gv.egovernment.moa.util.MiscUtil; @Service("MOAIDMessageProvider") -public class MOAIDMessageProvider implements IStatusMessager { +public class MOAIDMessageProvider implements IStatusMessenger { //internal messanges private static final String[] DEFAULT_MESSAGE_RESOURCES = { "resources/properties/id_messages" }; @@ -125,10 +125,10 @@ public String getResponseErrorCode(Throwable throwable) { errorCode = mapInternalErrorToExternalError(error.getMessageId()); } else if (throwable instanceof ProcessExecutionException) { - errorCode = IStatusMessager.CODES_EXTERNAL_ERROR_PROCESSENGINE; + errorCode = IStatusMessenger.CODES_EXTERNAL_ERROR_PROCESSENGINE; } else { - errorCode = IStatusMessager.CODES_EXTERNAL_ERROR_GENERIC; + errorCode = IStatusMessenger.CODES_EXTERNAL_ERROR_GENERIC; } @@ -141,7 +141,7 @@ public String mapInternalErrorToExternalError(String intErrorCode) { String extErrorCode = externalError.getMessage(intErrorCode, null); if (MiscUtil.isEmpty(extErrorCode)) - extErrorCode = IStatusMessager.CODES_EXTERNAL_ERROR_GENERIC; + extErrorCode = IStatusMessenger.CODES_EXTERNAL_ERROR_GENERIC; return extErrorCode; } diff --git a/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/validation/IPKIXValidator.java b/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/validation/IPKIXValidator.java new file mode 100644 index 000000000..ce32cbd0d --- /dev/null +++ b/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/validation/IPKIXValidator.java @@ -0,0 +1,6 @@ +package at.gv.egovernment.moa.id.commons.validation; + +public interface IPKIXValidator { + + +} diff --git a/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/validation/MOASPPKIXCertValidator.java b/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/validation/MOASPPKIXCertValidator.java new file mode 100644 index 000000000..fda567452 --- /dev/null +++ b/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/validation/MOASPPKIXCertValidator.java @@ -0,0 +1,9 @@ +package at.gv.egovernment.moa.id.commons.validation; + +import org.springframework.stereotype.Service; + +@Service +public class MOASPPKIXCertValidator implements IPKIXValidator { + + +} diff --git a/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/validation/PKIXValidatorConfiguration.java b/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/validation/PKIXValidatorConfiguration.java new file mode 100644 index 000000000..20235c4b6 --- /dev/null +++ b/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/validation/PKIXValidatorConfiguration.java @@ -0,0 +1,21 @@ +package at.gv.egovernment.moa.id.commons.validation; + +public class PKIXValidatorConfiguration { + + public enum CHAININGMODE { + pkix, chaining + } + + public enum REVOCATIONCHECKMETHODES { + crl, ocsp + } + + private String trustStorePath = null; + private String certStorePath = null; + private boolean revocationChecking = true; + private REVOCATIONCHECKMETHODES[] revocationCheckMode = {REVOCATIONCHECKMETHODES.ocsp, REVOCATIONCHECKMETHODES.crl}; + private CHAININGMODE chaining = CHAININGMODE.pkix; + + + +} diff --git a/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/util/Constants.java b/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/util/Constants.java index c94222ea0..47abbf29a 100644 --- a/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/util/Constants.java +++ b/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/util/Constants.java @@ -281,7 +281,7 @@ public interface Constants { /** Local location of the XAdES v1.1.1 schema definition */ public static final String XADES_1_3_2_SCHEMA_LOCATION = - SCHEMA_ROOT + "XAdES-1.3.2.xsd"; + SCHEMA_ROOT + "XAdES01903v132-201601.xsd"; /** URI of the XAdES v1.3.2 namespace */ public static final String XADES_1_3_2_NS_URI = "http://uri.etsi.org/01903/v1.3.2#"; @@ -290,7 +290,7 @@ public interface Constants { /** Local location of the XAdES v1.4.1 schema definition */ public static final String XADES_1_4_1_SCHEMA_LOCATION = - SCHEMA_ROOT + "XAdES-1.4.1.xsd"; + SCHEMA_ROOT + "XAdES01903v141-201601.xsd"; /** URI of the XAdES v1.4.1 namespace */ public static final String XADES_1_4_1_NS_URI = "http://uri.etsi.org/01903/v1.4.1#"; diff --git a/id/server/moa-id-commons/src/main/resources/resources/schemas/XAdES-1.4.1.xsd b/id/server/moa-id-commons/src/main/resources/resources/schemas/XAdES-1.4.1.xsd deleted file mode 100644 index 274dbdca1..000000000 --- a/id/server/moa-id-commons/src/main/resources/resources/schemas/XAdES-1.4.1.xsd +++ /dev/null @@ -1,15 +0,0 @@ -<?xml version="1.0" encoding="UTF-8"?> -<xsd:schema targetNamespace="http://uri.etsi.org/01903/v1.4.1#" xmlns="http://uri.etsi.org/01903/v1.4.1#" xmlns:xsd="http://www.w3.org/2001/XMLSchema" xmlns:xades="http://uri.etsi.org/01903/v1.3.2#" elementFormDefault="qualified"> - <xsd:import namespace="http://uri.etsi.org/01903/v1.3.2#" schemaLocation="XAdES-1.3.2.xsd"/> - <!-- Start CertificateValues --> - <xsd:element name="TimeStampValidationData" type="ValidationDataType"/> - <xsd:complexType name="ValidationDataType"> - <xsd:sequence> - <xsd:element ref="xades:CertificateValues" minOccurs="0" /> - <xsd:element ref="xades:RevocationValues" minOccurs="0" /> - </xsd:sequence> - <xsd:attribute name="Id" type="xsd:ID" use="optional"/> - <xsd:attribute name="UR" type="xsd:anyURI" use="optional"/> - </xsd:complexType> - <xsd:element name="ArchiveTimeStampV2" type="xades:XAdESTimeStampType"/> -</xsd:schema> diff --git a/id/server/moa-id-commons/src/main/resources/resources/schemas/XAdES-1.3.2.xsd b/id/server/moa-id-commons/src/main/resources/resources/schemas/XAdES01903v132-201601.xsd index b05691515..e7a5f3a02 100644 --- a/id/server/moa-id-commons/src/main/resources/resources/schemas/XAdES-1.3.2.xsd +++ b/id/server/moa-id-commons/src/main/resources/resources/schemas/XAdES01903v132-201601.xsd @@ -1,6 +1,6 @@ <?xml version="1.0" encoding="UTF-8"?> <xsd:schema targetNamespace="http://uri.etsi.org/01903/v1.3.2#" xmlns:xsd="http://www.w3.org/2001/XMLSchema" xmlns="http://uri.etsi.org/01903/v1.3.2#" xmlns:ds="http://www.w3.org/2000/09/xmldsig#" elementFormDefault="qualified"> - <xsd:import namespace="http://www.w3.org/2000/09/xmldsig#" schemaLocation="xmldsig-core-schema.xsd"/> + <xsd:import namespace="http://www.w3.org/2000/09/xmldsig#" schemaLocation="http://www.w3.org/TR/2008/REC-xmldsig-core-20080610/xmldsig-core-schema.xsd"/> <!-- Start auxiliary types definitions: AnyType, ObjectIdentifierType, EncapsulatedPKIDataType and containers for time-stamp tokens --> <!-- Start AnyType --> @@ -125,8 +125,8 @@ EncapsulatedPKIDataType and containers for time-stamp tokens --> <xsd:element name="QualifyingProperties" type="QualifyingPropertiesType"/> <xsd:complexType name="QualifyingPropertiesType"> <xsd:sequence> - <xsd:element name="SignedProperties" type="SignedPropertiesType" minOccurs="0"/> - <xsd:element name="UnsignedProperties" type="UnsignedPropertiesType" minOccurs="0"/> + <xsd:element ref="SignedProperties" minOccurs="0"/> + <xsd:element ref="UnsignedProperties" minOccurs="0"/> </xsd:sequence> <xsd:attribute name="Target" type="xsd:anyURI" use="required"/> <xsd:attribute name="Id" type="xsd:ID" use="optional"/> @@ -136,8 +136,8 @@ EncapsulatedPKIDataType and containers for time-stamp tokens --> <xsd:element name="SignedProperties" type="SignedPropertiesType"/> <xsd:complexType name="SignedPropertiesType"> <xsd:sequence> - <xsd:element name="SignedSignatureProperties" type="SignedSignaturePropertiesType" minOccurs="0"/> - <xsd:element name="SignedDataObjectProperties" type="SignedDataObjectPropertiesType" minOccurs="0"/> + <xsd:element ref="SignedSignatureProperties" minOccurs="0"/> + <xsd:element ref="SignedDataObjectProperties" minOccurs="0"/> </xsd:sequence> <xsd:attribute name="Id" type="xsd:ID" use="optional"/> </xsd:complexType> @@ -146,21 +146,26 @@ EncapsulatedPKIDataType and containers for time-stamp tokens --> <xsd:element name="UnsignedProperties" type="UnsignedPropertiesType"/> <xsd:complexType name="UnsignedPropertiesType"> <xsd:sequence> - <xsd:element name="UnsignedSignatureProperties" type="UnsignedSignaturePropertiesType" minOccurs="0"/> - <xsd:element name="UnsignedDataObjectProperties" type="UnsignedDataObjectPropertiesType" minOccurs="0"/> + <xsd:element ref="UnsignedSignatureProperties" minOccurs="0"/> + <xsd:element ref="UnsignedDataObjectProperties" minOccurs="0"/> </xsd:sequence> <xsd:attribute name="Id" type="xsd:ID" use="optional"/> </xsd:complexType> <!-- End UnsignedProperties--> <!-- Start SignedSignatureProperties--> + <!-- Definition changed: added new optional children for EN --> <xsd:element name="SignedSignatureProperties" type="SignedSignaturePropertiesType"/> <xsd:complexType name="SignedSignaturePropertiesType"> <xsd:sequence> - <xsd:element name="SigningTime" type="xsd:dateTime" minOccurs="0"/> - <xsd:element name="SigningCertificate" type="CertIDListType" minOccurs="0"/> - <xsd:element name="SignaturePolicyIdentifier" type="SignaturePolicyIdentifierType" minOccurs="0"/> - <xsd:element name="SignatureProductionPlace" type="SignatureProductionPlaceType" minOccurs="0"/> - <xsd:element name="SignerRole" type="SignerRoleType" minOccurs="0"/> + <xsd:element ref="SigningTime" minOccurs="0"/> + <xsd:element ref="SigningCertificate" minOccurs="0"/> + <xsd:element ref="SigningCertificateV2" minOccurs="0"/> + <xsd:element ref="SignaturePolicyIdentifier" minOccurs="0"/> + <xsd:element ref="SignatureProductionPlace" minOccurs="0"/> + <xsd:element ref="SignatureProductionPlaceV2" minOccurs="0"/> + <xsd:element ref="SignerRole" minOccurs="0"/> + <xsd:element ref="SignerRoleV2" minOccurs="0"/> + <xsd:any namespace="##other" minOccurs="0" maxOccurs="unbounded"/> </xsd:sequence> <xsd:attribute name="Id" type="xsd:ID" use="optional"/> </xsd:complexType> @@ -169,10 +174,11 @@ EncapsulatedPKIDataType and containers for time-stamp tokens --> <xsd:element name="SignedDataObjectProperties" type="SignedDataObjectPropertiesType"/> <xsd:complexType name="SignedDataObjectPropertiesType"> <xsd:sequence> - <xsd:element name="DataObjectFormat" type="DataObjectFormatType" minOccurs="0" maxOccurs="unbounded"/> - <xsd:element name="CommitmentTypeIndication" type="CommitmentTypeIndicationType" minOccurs="0" maxOccurs="unbounded"/> - <xsd:element name="AllDataObjectsTimeStamp" type="XAdESTimeStampType" minOccurs="0" maxOccurs="unbounded"/> - <xsd:element name="IndividualDataObjectsTimeStamp" type="XAdESTimeStampType" minOccurs="0" maxOccurs="unbounded"/> + <xsd:element ref="DataObjectFormat" minOccurs="0" maxOccurs="unbounded"/> + <xsd:element ref="CommitmentTypeIndication" minOccurs="0" maxOccurs="unbounded"/> + <xsd:element ref="AllDataObjectsTimeStamp" minOccurs="0" maxOccurs="unbounded"/> + <xsd:element ref="IndividualDataObjectsTimeStamp" minOccurs="0" maxOccurs="unbounded"/> + <xsd:any namespace="##other" minOccurs="0" maxOccurs="unbounded"/> </xsd:sequence> <xsd:attribute name="Id" type="xsd:ID" use="optional"/> </xsd:complexType> @@ -181,19 +187,19 @@ EncapsulatedPKIDataType and containers for time-stamp tokens --> <xsd:element name="UnsignedSignatureProperties" type="UnsignedSignaturePropertiesType"/> <xsd:complexType name="UnsignedSignaturePropertiesType"> <xsd:choice maxOccurs="unbounded"> - <xsd:element name="CounterSignature" type="CounterSignatureType"/> - <xsd:element name="SignatureTimeStamp" type="XAdESTimeStampType"/> - <xsd:element name="CompleteCertificateRefs" type="CompleteCertificateRefsType"/> - <xsd:element name="CompleteRevocationRefs" type="CompleteRevocationRefsType"/> - <xsd:element name="AttributeCertificateRefs" type="CompleteCertificateRefsType"/> - <xsd:element name="AttributeRevocationRefs" type="CompleteRevocationRefsType"/> - <xsd:element name="SigAndRefsTimeStamp" type="XAdESTimeStampType"/> - <xsd:element name="RefsOnlyTimeStamp" type="XAdESTimeStampType"/> - <xsd:element name="CertificateValues" type="CertificateValuesType"/> - <xsd:element name="RevocationValues" type="RevocationValuesType"/> - <xsd:element name="AttrAuthoritiesCertValues" type="CertificateValuesType"/> - <xsd:element name="AttributeRevocationValues" type="RevocationValuesType"/> - <xsd:element name="ArchiveTimeStamp" type="XAdESTimeStampType"/> + <xsd:element ref="CounterSignature"/> + <xsd:element ref="SignatureTimeStamp"/> + <xsd:element ref="CompleteCertificateRefs"/> + <xsd:element ref="CompleteRevocationRefs"/> + <xsd:element ref="AttributeCertificateRefs"/> + <xsd:element ref="AttributeRevocationRefs"/> + <xsd:element ref="SigAndRefsTimeStamp"/> + <xsd:element ref="RefsOnlyTimeStamp"/> + <xsd:element ref="CertificateValues"/> + <xsd:element ref="RevocationValues"/> + <xsd:element ref="AttrAuthoritiesCertValues"/> + <xsd:element ref="AttributeRevocationValues"/> + <xsd:element ref="ArchiveTimeStamp"/> <xsd:any namespace="##other"/> </xsd:choice> <xsd:attribute name="Id" type="xsd:ID" use="optional"/> @@ -240,6 +246,21 @@ EncapsulatedPKIDataType and containers for time-stamp tokens --> </xsd:sequence> </xsd:complexType> <!-- End SigningCertificate --> + <!-- Start SigningCertificateV2 and CertIDListV2Type --> + <xsd:element name="SigningCertificateV2" type="CertIDListV2Type"/> + <xsd:complexType name="CertIDListV2Type"> + <xsd:sequence> + <xsd:element name="Cert" type="CertIDTypeV2" maxOccurs="unbounded"/> + </xsd:sequence> + </xsd:complexType> + <xsd:complexType name="CertIDTypeV2"> + <xsd:sequence> + <xsd:element name="CertDigest" type="DigestAlgAndValueType"/> + <xsd:element name="IssuerSerialV2" type="xsd:base64Binary" minOccurs="0"/> + </xsd:sequence> + <xsd:attribute name="URI" type="xsd:anyURI" use="optional"/> + </xsd:complexType> + <!-- End SigningCertificateV2 and CertIDListV2Type --> <!-- Start SignaturePolicyIdentifier --> <xsd:element name="SignaturePolicyIdentifier" type="SignaturePolicyIdentifierType"/> <xsd:complexType name="SignaturePolicyIdentifierType"> @@ -287,6 +308,7 @@ EncapsulatedPKIDataType and containers for time-stamp tokens --> <xsd:sequence> <xsd:element ref="ds:Signature"/> </xsd:sequence> + <xsd:attribute name="Id" type="xsd:ID" use="optional"/> </xsd:complexType> <!-- End CounterSignature --> <!-- Start DataObjectFormat --> @@ -330,6 +352,18 @@ EncapsulatedPKIDataType and containers for time-stamp tokens --> </xsd:sequence> </xsd:complexType> <!-- End SignatureProductionPlace --> + <!-- Start SignatureProductionPlaceV2 and SignatureProductionPlaceV2Type --> + <xsd:element name="SignatureProductionPlaceV2" type="SignatureProductionPlaceV2Type"/> + <xsd:complexType name="SignatureProductionPlaceV2Type"> + <xsd:sequence> + <xsd:element name="City" type="xsd:string" minOccurs="0"/> + <xsd:element name="StreetAddress" type="xsd:string" minOccurs="0"/> + <xsd:element name="StateOrProvince" type="xsd:string" minOccurs="0"/> + <xsd:element name="PostalCode" type="xsd:string" minOccurs="0"/> + <xsd:element name="CountryName" type="xsd:string" minOccurs="0"/> + </xsd:sequence> + </xsd:complexType> + <!-- End SignatureProductionPlace --> <!-- Start SignerRole --> <xsd:element name="SignerRole" type="SignerRoleType"/> <xsd:complexType name="SignerRoleType"> @@ -349,6 +383,38 @@ EncapsulatedPKIDataType and containers for time-stamp tokens --> </xsd:sequence> </xsd:complexType> <!-- End SignerRole --> + <!-- Start SignerRoleV2 and SignerRoleV2Type --> + <xsd:element name="SignerRoleV2" type="SignerRoleV2Type"/> + <xsd:complexType name="SignerRoleV2Type"> + <xsd:sequence> + <xsd:element ref="ClaimedRoles" minOccurs="0"/> + <xsd:element ref="CertifiedRolesV2" minOccurs="0"/> + <xsd:element ref="SignedAssertions" minOccurs="0"/> + </xsd:sequence> + </xsd:complexType> + <xsd:element name="ClaimedRoles" type="ClaimedRolesListType"/> + <xsd:element name="CertifiedRolesV2" type="CertifiedRolesListTypeV2"/> + <xsd:element name="SignedAssertions" type="SignedAssertionsListType"/> + <xsd:complexType name="CertifiedRolesListTypeV2"> + <xsd:sequence> + <xsd:element name="CertifiedRole" type="CertifiedRoleTypeV2" maxOccurs="unbounded"/> + </xsd:sequence> + </xsd:complexType> + <xsd:complexType name="CertifiedRoleTypeV2"> + <xsd:choice> + <xsd:element ref="X509AttributeCertificate"/> + <xsd:element ref="OtherAttributeCertificate"/> + </xsd:choice> + </xsd:complexType> + <xsd:element name="X509AttributeCertificate" type="EncapsulatedPKIDataType"/> + <xsd:element name="OtherAttributeCertificate" type="AnyType"/> + <xsd:complexType name="SignedAssertionsListType"> + <xsd:sequence> + <xsd:element ref="SignedAssertion" maxOccurs="unbounded"/> + </xsd:sequence> + </xsd:complexType> + <xsd:element name="SignedAssertion" type="AnyType"/> + <!-- End SignerRoleV2 and SignerRoleV2Type --> <xsd:element name="AllDataObjectsTimeStamp" type="XAdESTimeStampType"/> <xsd:element name="IndividualDataObjectsTimeStamp" type="XAdESTimeStampType"/> <xsd:element name="SignatureTimeStamp" type="XAdESTimeStampType"/> @@ -464,3 +530,4 @@ EncapsulatedPKIDataType and containers for time-stamp tokens --> <xsd:element name="AttributeRevocationValues" type="RevocationValuesType"/> <xsd:element name="ArchiveTimeStamp" type="XAdESTimeStampType"/> </xsd:schema> + diff --git a/id/server/moa-id-commons/src/main/resources/resources/schemas/XAdES01903v141-201601.xsd b/id/server/moa-id-commons/src/main/resources/resources/schemas/XAdES01903v141-201601.xsd new file mode 100644 index 000000000..1f3aaf935 --- /dev/null +++ b/id/server/moa-id-commons/src/main/resources/resources/schemas/XAdES01903v141-201601.xsd @@ -0,0 +1,64 @@ +<?xml version="1.0" encoding="UTF-8"?> +<xsd:schema targetNamespace="http://uri.etsi.org/01903/v1.4.1#" xmlns:ds="http://www.w3.org/2000/09/xmldsig#" xmlns="http://uri.etsi.org/01903/v1.4.1#" xmlns:xsd="http://www.w3.org/2001/XMLSchema" xmlns:xades="http://uri.etsi.org/01903/v1.3.2#" elementFormDefault="qualified"> + <xsd:import namespace="http://www.w3.org/2000/09/xmldsig#" schemaLocation="http://www.w3.org/TR/2008/REC-xmldsig-core-20080610/xmldsig-core-schema.xsd"/> + <xsd:import namespace="http://uri.etsi.org/01903/v1.3.2#" schemaLocation="http://uri.etsi.org/01903/v1.3.2/XAdES01903v132-201601.xsd"/> + <!-- Start CertificateValues --> + <xsd:element name="TimeStampValidationData" type="ValidationDataType"/> + <xsd:complexType name="ValidationDataType"> + <xsd:sequence> + <xsd:element ref="xades:CertificateValues" minOccurs="0"/> + <xsd:element ref="xades:RevocationValues" minOccurs="0"/> + </xsd:sequence> + <xsd:attribute name="Id" type="xsd:ID" use="optional"/> + <xsd:attribute name="URI" type="xsd:anyURI" use="optional"/> + </xsd:complexType> + <xsd:element name="SignaturePolicyStore" type="SignaturePolicyStoreType"/> + <xsd:complexType name="SignaturePolicyStoreType"> + <xsd:sequence> + <xsd:element ref="SPDocSpecification"/> + <xsd:choice> + <xsd:element name="SignaturePolicyDocument" type="xsd:base64Binary"/> + <xsd:element name="SigPolDocLocalURI" type="xsd:anyURI"/> + </xsd:choice> + </xsd:sequence> + <xsd:attribute name="Id" type="xsd:ID" use="optional"/> + </xsd:complexType> + <xsd:element name="SPDocSpecification" type="xades:ObjectIdentifierType"/> + <!-- --> + <!-- Start RenewedDigests--> + <!-- --> + <xsd:element name="RenewedDigests" type="RenewedDigestsType"/> + <xsd:complexType name="RenewedDigestsType"> + <xsd:sequence> + <xsd:element ref="ds:DigestMethod"/> + <xsd:element ref="RecomputedDigestValue" maxOccurs="unbounded"/> + </xsd:sequence> + <xsd:attribute name="Id" type="xsd:ID" use="optional"/> + </xsd:complexType> + <xsd:element name="RecomputedDigestValue" type="RecomputedDigestValueType"/> + <xsd:complexType name="RecomputedDigestValueType"> + <xsd:simpleContent> + <xsd:extension base="ds:DigestValueType"> + <xsd:attribute name="Order" type="xsd:integer" use="required"/> + </xsd:extension> + </xsd:simpleContent> + </xsd:complexType> + <!-- --> + <!-- End RenewedDigests--> + <!-- --> + <!-- ArchiveTimeStamp in namespace with URI 'http://uri.etsi.org/01903/v1.4.1#'--> + <xsd:element name="ArchiveTimeStamp" type="xades:XAdESTimeStampType"/> + <!--CompleteCertificateRefsV2 and AttributeCertificateRefsV2--> + <xsd:element name="CompleteCertificateRefsV2" type="CompleteCertificateRefsTypeV2"/> + <xsd:element name="AttributeCertificateRefsV2" type="CompleteCertificateRefsTypeV2"/> + <xsd:complexType name="CompleteCertificateRefsTypeV2"> + <xsd:sequence> + <xsd:element name="CertRefs" type="xades:CertIDListV2Type"/> + </xsd:sequence> + <xsd:attribute name="Id" type="xsd:ID" use="optional"/> + </xsd:complexType> + <!-- SigAndRefsTimeStampV2 and RefsOnlyTimeStampV2--> + <xsd:element name="SigAndRefsTimeStampV2" type="xades:XAdESTimeStampType"/> + <xsd:element name="RefsOnlyTimeStampV2" type="xades:XAdESTimeStampType"/> +</xsd:schema> + |