aboutsummaryrefslogtreecommitdiff
path: root/id/server/modules/moa-id-modules-saml1
diff options
context:
space:
mode:
Diffstat (limited to 'id/server/modules/moa-id-modules-saml1')
-rw-r--r--id/server/modules/moa-id-modules-saml1/pom.xml20
-rw-r--r--id/server/modules/moa-id-modules-saml1/src/main/java/at/gv/egovernment/moa/id/protocols/saml1/GetArtifactAction.java27
-rw-r--r--id/server/modules/moa-id-modules-saml1/src/main/java/at/gv/egovernment/moa/id/protocols/saml1/GetAuthenticationDataService.java375
-rw-r--r--id/server/modules/moa-id-modules-saml1/src/main/java/at/gv/egovernment/moa/id/protocols/saml1/SAML1AssertionResponseBuildException.java86
-rw-r--r--id/server/modules/moa-id-modules-saml1/src/main/java/at/gv/egovernment/moa/id/protocols/saml1/SAML1AuthenticationServer.java74
-rw-r--r--id/server/modules/moa-id-modules-saml1/src/main/java/at/gv/egovernment/moa/id/protocols/saml1/SAML1Protocol.java231
-rw-r--r--id/server/modules/moa-id-modules-saml1/src/main/java/at/gv/egovernment/moa/id/protocols/saml1/SAML1RequestImpl.java48
-rw-r--r--id/server/modules/moa-id-modules-saml1/src/main/resources/META-INF/services/at.gv.egovernment.moa.id.moduls.IModulInfo1
-rw-r--r--id/server/modules/moa-id-modules-saml1/src/main/resources/plain_info.vm14
-rw-r--r--id/server/modules/moa-id-modules-saml1/src/main/resources/soap_error.vm4
-rw-r--r--id/server/modules/moa-id-modules-saml1/src/main/resources/soap_success.vm4
-rw-r--r--id/server/modules/moa-id-modules-saml1/src/main/resources/wsdl/MOA-ID-1.x.vm40
-rw-r--r--id/server/modules/moa-id-modules-saml1/src/main/resources/wsdl/MOA-SPSS-1.2.vm528
13 files changed, 1150 insertions, 302 deletions
diff --git a/id/server/modules/moa-id-modules-saml1/pom.xml b/id/server/modules/moa-id-modules-saml1/pom.xml
index 81c356ced..256fb4af2 100644
--- a/id/server/modules/moa-id-modules-saml1/pom.xml
+++ b/id/server/modules/moa-id-modules-saml1/pom.xml
@@ -8,7 +8,6 @@
<groupId>MOA.id.server.modules</groupId>
<artifactId>moa-id-module-saml1</artifactId>
- <version>${moa-id-version}</version>
<packaging>jar</packaging>
<name>MOA ID-Module SAML1</name>
@@ -24,7 +23,18 @@
<artifactId>moa-id-lib</artifactId>
<scope>test</scope>
<type>test-jar</type>
- <version>3.0.3-Snapshot</version>
+ </dependency>
+
+ <dependency>
+ <groupId>MOA.id.server</groupId>
+ <artifactId>moa-id-lib</artifactId>
+ </dependency>
+
+ <!-- Only for development to use SAML1 protocol
+ SAML1 is removed from official OPB release -->
+ <dependency>
+ <groupId>MOA.id.server.modules</groupId>
+ <artifactId>moa-id-module-eIDAS</artifactId>
</dependency>
<dependency>
@@ -44,6 +54,12 @@
<artifactId>moa-id-module-eIDAS</artifactId>
</dependency>
+ <dependency>
+ <groupId>junit</groupId>
+ <artifactId>junit</artifactId>
+ <scope>test</scope>
+ </dependency>
+
</dependencies>
diff --git a/id/server/modules/moa-id-modules-saml1/src/main/java/at/gv/egovernment/moa/id/protocols/saml1/GetArtifactAction.java b/id/server/modules/moa-id-modules-saml1/src/main/java/at/gv/egovernment/moa/id/protocols/saml1/GetArtifactAction.java
index 15c3a3358..61a73335c 100644
--- a/id/server/modules/moa-id-modules-saml1/src/main/java/at/gv/egovernment/moa/id/protocols/saml1/GetArtifactAction.java
+++ b/id/server/modules/moa-id-modules-saml1/src/main/java/at/gv/egovernment/moa/id/protocols/saml1/GetArtifactAction.java
@@ -27,13 +27,15 @@ import java.util.List;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
+import org.springframework.beans.factory.annotation.Autowired;
+import org.springframework.stereotype.Service;
+
import at.gv.egovernment.moa.id.auth.MOAIDAuthConstants;
import at.gv.egovernment.moa.id.auth.data.AuthenticationSessionStorageConstants;
import at.gv.egovernment.moa.id.auth.data.ExtendedSAMLAttribute;
import at.gv.egovernment.moa.id.auth.exception.AuthenticationException;
import at.gv.egovernment.moa.id.auth.servlet.RedirectServlet;
-import at.gv.egovernment.moa.id.config.auth.AuthConfigurationProviderFactory;
-import at.gv.egovernment.moa.id.config.auth.OAAuthParameter;
+import at.gv.egovernment.moa.id.config.auth.IOAAuthParameters;
import at.gv.egovernment.moa.id.data.IAuthData;
import at.gv.egovernment.moa.id.data.SLOInformationImpl;
import at.gv.egovernment.moa.id.data.SLOInformationInterface;
@@ -43,8 +45,11 @@ import at.gv.egovernment.moa.logging.Logger;
import at.gv.egovernment.moa.util.URLEncoder;
import eu.eidas.auth.commons.IPersonalAttributeList;
+@Service("SAML1_GetArtifactAction")
public class GetArtifactAction implements IAction {
+ @Autowired private SAML1AuthenticationServer saml1server;
+
public SLOInformationInterface processRequest(IRequest req, HttpServletRequest httpReq,
HttpServletResponse httpResp, IAuthData obj) throws AuthenticationException {
@@ -67,17 +72,14 @@ public class GetArtifactAction implements IAction {
}
try {
- OAAuthParameter oaParam = AuthConfigurationProviderFactory.getInstance()
- .getOnlineApplicationParameter(oaURL);
-
- SAML1AuthenticationServer saml1server = SAML1AuthenticationServer.getInstace();
-
+ IOAAuthParameters oaParam = req.getOnlineApplicationConfiguration();
+
// add other stork attributes to MOA assertion if available
IPersonalAttributeList storkAttributes = authData.getGenericData(
AuthenticationSessionStorageConstants.STORK_ATTRIBUTELIST,
IPersonalAttributeList.class);
if(null != storkAttributes) {
- List<ExtendedSAMLAttribute> moaExtendedSAMLAttibutes = SAML1AuthenticationServer.addAdditionalSTORKAttributes(storkAttributes);
+ List<ExtendedSAMLAttribute> moaExtendedSAMLAttibutes = saml1server.addAdditionalSTORKAttributes(storkAttributes);
authData.getExtendedSAMLAttributesOA().addAll(moaExtendedSAMLAttibutes);
Logger.info("MOA assertion assembled and SAML Artifact generated.");
}
@@ -85,10 +87,11 @@ public class GetArtifactAction implements IAction {
String samlArtifactBase64 = saml1server.BuildSAMLArtifact(oaParam, authData, sourceID);
if (authData.isSsoSession()) {
- String url = AuthConfigurationProviderFactory.getInstance().getPublicURLPrefix() + "/RedirectServlet";
+ String url = req.getAuthURL() + "/RedirectServlet";
url = addURLParameter(url, RedirectServlet.REDIRCT_PARAM_URL, URLEncoder.encode(oaURL, "UTF-8"));
if (!oaParam.getBusinessService())
- url = addURLParameter(url, MOAIDAuthConstants.PARAM_TARGET, URLEncoder.encode(req.getTarget(), "UTF-8"));
+ url = addURLParameter(url, MOAIDAuthConstants.PARAM_TARGET,
+ URLEncoder.encode(req.getGenericData(SAML1Protocol.REQ_DATA_TARGET, String.class), "UTF-8"));
url = addURLParameter(url, MOAIDAuthConstants.PARAM_SAMLARTIFACT, URLEncoder.encode(samlArtifactBase64, "UTF-8"));
url = httpResp.encodeRedirectURL(url);
@@ -100,7 +103,7 @@ public class GetArtifactAction implements IAction {
String redirectURL = oaURL;
if (!oaParam.getBusinessService()) {
redirectURL = addURLParameter(redirectURL, MOAIDAuthConstants.PARAM_TARGET,
- URLEncoder.encode(req.getTarget(), "UTF-8"));
+ URLEncoder.encode(req.getGenericData(SAML1Protocol.REQ_DATA_TARGET, String.class), "UTF-8"));
}
@@ -114,7 +117,7 @@ public class GetArtifactAction implements IAction {
}
SLOInformationInterface sloInformation =
- new SLOInformationImpl(authData.getAssertionID(), null, null, req.requestedModule());
+ new SLOInformationImpl(req.getAuthURL(), authData.getAssertionID(), null, null, req.requestedModule());
return sloInformation;
diff --git a/id/server/modules/moa-id-modules-saml1/src/main/java/at/gv/egovernment/moa/id/protocols/saml1/GetAuthenticationDataService.java b/id/server/modules/moa-id-modules-saml1/src/main/java/at/gv/egovernment/moa/id/protocols/saml1/GetAuthenticationDataService.java
index 2b4aaf458..fc5837e51 100644
--- a/id/server/modules/moa-id-modules-saml1/src/main/java/at/gv/egovernment/moa/id/protocols/saml1/GetAuthenticationDataService.java
+++ b/id/server/modules/moa-id-modules-saml1/src/main/java/at/gv/egovernment/moa/id/protocols/saml1/GetAuthenticationDataService.java
@@ -46,19 +46,39 @@
package at.gv.egovernment.moa.id.protocols.saml1;
+import java.io.BufferedReader;
+import java.io.IOException;
+import java.io.InputStream;
+import java.io.InputStreamReader;
+import java.io.StringWriter;
import java.util.Calendar;
-import org.apache.axis.AxisFault;
+import javax.servlet.http.HttpServletRequest;
+import javax.servlet.http.HttpServletResponse;
+import javax.xml.parsers.ParserConfigurationException;
+import javax.xml.transform.TransformerException;
+
import org.apache.commons.lang3.StringEscapeUtils;
+import org.apache.velocity.VelocityContext;
+import org.apache.velocity.app.VelocityEngine;
+import org.springframework.beans.factory.annotation.Autowired;
+import org.springframework.stereotype.Controller;
+import org.springframework.web.bind.annotation.RequestMapping;
+import org.springframework.web.bind.annotation.RequestMethod;
import org.w3c.dom.Element;
import org.w3c.dom.NodeList;
+import org.xml.sax.SAXException;
import at.gv.egovernment.moa.id.auth.builder.SAMLResponseBuilder;
import at.gv.egovernment.moa.id.auth.exception.AuthenticationException;
import at.gv.egovernment.moa.id.auth.exception.MOAIDException;
+import at.gv.egovernment.moa.id.auth.servlet.AbstractController;
import at.gv.egovernment.moa.id.util.ErrorResponseUtils;
+import at.gv.egovernment.moa.id.util.HTTPUtils;
import at.gv.egovernment.moa.id.util.MOAIDMessageProvider;
import at.gv.egovernment.moa.id.util.Random;
+import at.gv.egovernment.moa.id.util.VelocityProvider;
+import at.gv.egovernment.moa.logging.Logger;
import at.gv.egovernment.moa.util.Constants;
import at.gv.egovernment.moa.util.DOMUtils;
import at.gv.egovernment.moa.util.DateTimeUtils;
@@ -67,147 +87,262 @@ import at.gv.egovernment.moa.util.XPathUtils;
/**
* Web service for picking up authentication data created in the MOA-ID Auth component.
*
- * @author Paul Ivancsics
- * @version $Id: GetAuthenticationDataService.java 1233 2012-01-26 21:59:33Z kstranacher $
- * @see at.gv.egovernment.moa.id.auth.AuthenticationServer#getAuthenticationData
+ * This getAssertion WebService implementations a hacked solution to integrate SAML1 into
+ * the new Spring based MOA-ID implementation.
+ *
+ * @deprecated
+ * It is too bad about the time to implement a better solution,
+ * since SAML1 is deprecated MOA-ID >= 2.0.0
+ *
+ * @author tlenz
*/
-public class GetAuthenticationDataService implements Constants {
+@Controller
+public class GetAuthenticationDataService extends AbstractController implements Constants {
- /**
- * Constructor for GetAuthenticationDataService.
- */
- public GetAuthenticationDataService() {
- super();
- }
+ @Autowired private SAML1AuthenticationServer saml1AuthServer;
+
+ private static final String PARAM_WSDL="wsdl";
+ private static final String PARAM_XSD="xsd";
+
+ private static final String TEMPLATE_PLAIN_INFO="plain_info.vm";
+ private static final String TEMPLATE_WSDL="wsdl/MOA-ID-1.x.vm";
+ private static final String TEMPLATE_XSD="wsdl/MOA-SPSS-1.2.vm";
+ private static final String TEMPLATE_SOAP_ERROR="soap_error.vm";
+ private static final String TEMPLATE_SOAP_SUCCESS="soap_success.vm";
+
+ private static final String SERVICE_ENDPOINT = "/services/GetAuthenticationData";
+
+ private static final String CONTEXT_ENDPOINT = "endpoint";
+ private static final String CONTEXT_ERROR = "error";
+
+ private static final String CONTEXT_SOAP_RESPONSEID = "responseID";
+ private static final String CONTEXT_SOAP_REQUESTEID = "requestID";
+ private static final String CONTEXT_SOAP_ISSUEINSTANT = "issueInstant";
+ private static final String CONTEXT_SOAP_ERRORMESSAGE = "errorMsg";
+ private static final String CONTEXT_SOAP_STATUSCODE = "statusCode";
+ private static final String CONTEXT_SOAP_ASSERTION = "assertion";
+
+ @RequestMapping(value = "/services/GetAuthenticationData", method = {RequestMethod.POST})
+ public void getAuthenticationData(HttpServletRequest req, HttpServletResponse resp)
+ throws IOException {
+ InputStream is = null;
+ VelocityContext context = new VelocityContext();
+ try {
+ is = req.getInputStream();
+ Element soapReq = DOMUtils.parseXmlNonValidating(is);
- /**
- * Takes a <code>lt;samlp:Request&gt;</code> containing a
- * <code>SAML artifact</code> and returns the corresponding
- * authentication data <code>lt;saml:Assertion&gt;</code>
- * (obtained from the <code>AuthenticationServer</code>),
- * enclosed in a <code>lt;samlp:Response&gt;</code>.
- * <br/>Bad requests are mapped into various <code>lt;samlp:StatusCode&gt;</code>s,
- * possibly containing enclosed sub-<code>lt;samlp:StatusCode&gt;</code>s.
- * The status codes are defined in the SAML specification.
- *
- * @param requests request elements of type <code>lt;samlp:Request&gt;</code>;
- * only 1 request element is allowed
- * @return response element of type <code>lt;samlp:Response&gt;</code>,
- * packed into an <code>Element[]</code>
- * @throws AxisFault thrown when an error occurs in assembling the
- * <code>lt;samlp:Response&gt;</code>
- */
- public Element[] Request(Element[] requests)
- throws AxisFault {
-
- Element request = requests[0];
- Element[] responses = new Element[1];
+ //process request
+ Element soapResp = processRequest(soapReq);
+
+ String respString = DOMUtils.serializeNode(soapResp, true);
+
+ resp.setContentType("text/xml;charset=UTF-8");
+ context.put(CONTEXT_SOAP_ASSERTION, respString);
+ evaluateTemplate(context, resp, TEMPLATE_SOAP_SUCCESS);
+
+ } catch (ParserConfigurationException | SAXException | IOException | TransformerException e) {
+ Logger.error("SAML1 GetAuthenticationData receive a non-valid request.", e);
+ resp.setContentType("text/xml;charset=UTF-8");
+
+ context.put(CONTEXT_SOAP_ISSUEINSTANT, DateTimeUtils.buildDateTimeUTC(Calendar.getInstance()));
+ context.put(CONTEXT_SOAP_RESPONSEID, Random.nextRandom());
+ context.put(CONTEXT_SOAP_STATUSCODE, "samlp:Requester");
+ context.put(CONTEXT_SOAP_ERRORMESSAGE, e.getMessage());
+
+ evaluateTemplate(context, resp, TEMPLATE_SOAP_ERROR);
+
+ } catch (SAML1AssertionResponseBuildException e) {
+ Logger.error("SAML1 GetAuthenticationData response build failed..", e);
+ resp.setContentType("text/xml;charset=UTF-8");
+
+ context.put(CONTEXT_SOAP_ISSUEINSTANT, e.getIssueInstant());
+ context.put(CONTEXT_SOAP_REQUESTEID, e.getRequestID());
+ context.put(CONTEXT_SOAP_RESPONSEID, e.getResponseID());
+ context.put(CONTEXT_SOAP_STATUSCODE, "samlp:Responder");
+ context.put(CONTEXT_SOAP_ERRORMESSAGE, e.getMessage());
+
+ evaluateTemplate(context, resp, TEMPLATE_SOAP_ERROR);
+
+ } finally {
+ try {
+ if (is != null)
+ is.close();
+
+ } catch (Exception e) {
+
+ }
+ }
+ }
+
+ @RequestMapping(value = "/services/GetAuthenticationData", method = {RequestMethod.GET})
+ public void getAuthenticationDataWSDL(HttpServletRequest req, HttpServletResponse resp)
+ throws Exception {
+ String wsdl_param = req.getParameter(PARAM_WSDL);
+ String xsd_param = req.getParameter(PARAM_XSD);
+
+ String fullServiceEndPoint = HTTPUtils.extractAuthURLFromRequest(req) + SERVICE_ENDPOINT;
+
+ VelocityContext context = new VelocityContext();
+ context.put(CONTEXT_ENDPOINT, fullServiceEndPoint);
+
+ if (wsdl_param != null) {
+ //print wsdl
+ resp.setContentType("text/xml;charset=UTF-8");
+ evaluateTemplate(context, resp, TEMPLATE_WSDL);
+
+ } else if (xsd_param != null){
+ //print xsd
+ resp.setContentType("text/xml;charset=UTF-8");
+ evaluateTemplate(context, resp, TEMPLATE_XSD);
+
+ } else {
+ //print plain info
+ resp.setContentType("text/html;charset=UTF-8");
+ evaluateTemplate(context, resp, TEMPLATE_PLAIN_INFO);
+
+ }
+
+ }
+
+ private Element processRequest(Element soapReq) throws ParserConfigurationException, IOException, SAXException, TransformerException, SAML1AssertionResponseBuildException {
String requestID = "";
String statusCode = "";
String subStatusCode = null;
String statusMessageCode = null;
String statusMessage = null;
String samlAssertion = "";
- if (requests.length > 1) {
- // more than 1 request given as parameter
- statusCode = "samlp:Requester";
- subStatusCode = "samlp:TooManyResponses";
- statusMessageCode = "1201";
- }
+ Element responses;
+
+ //select soap-body element
+ NodeList saml1ReqList = soapReq.getElementsByTagNameNS(soapReq.getNamespaceURI(), "Body");;
+ if (saml1ReqList.getLength() != 1) {
+ saml1ReqList = soapReq.getElementsByTagNameNS(soapReq.getNamespaceURI(), "body");;
+ if (saml1ReqList.getLength() != 1) {
+ throw new SAXException("No unique 'soap-env:Body' element.");
+
+ }
+ }
+
+ //get first child from body --> should be the SAML1 Request element
+ Element saml1Req;
+ if (saml1ReqList.item(0).getFirstChild() instanceof Element)
+ saml1Req = (Element) saml1ReqList.item(0).getFirstChild();
+
else {
- try {
- DOMUtils.validateElement(request, ALL_SCHEMA_LOCATIONS, null);
- NodeList samlArtifactList = XPathUtils.selectNodeList(request, "samlp:AssertionArtifact");
- if (samlArtifactList.getLength() == 0) {
- // no SAML artifact given in request
- statusCode = "samlp:Requester";
- statusMessageCode = "1202";
- }
- else if (samlArtifactList.getLength() > 1) {
- // too many SAML artifacts given in request
- statusCode = "samlp:Requester";
- subStatusCode = "samlp:TooManyResponses";
- statusMessageCode = "1203";
- }
+ throw new SAXException("First child of 'soap-env:Body' element has a wrong type.");
- else {
- Element samlArtifactElem = (Element)samlArtifactList.item(0);
- requestID = request.getAttribute("RequestID");
- String samlArtifact = DOMUtils.getText(samlArtifactElem);
- SAML1AuthenticationServer saml1server = SAML1AuthenticationServer.getInstace();
+ }
+
+ //validate the SAML1 request element, which we selected above
+ DOMUtils.validateElement(saml1Req, ALL_SCHEMA_LOCATIONS, null);
+
+ //parse inforamtion from SAML1 request
+ try {
+ NodeList samlArtifactList = XPathUtils.selectNodeList(saml1Req, "samlp:AssertionArtifact");
+ if (samlArtifactList.getLength() == 0) {
+ // no SAML artifact given in request
+ statusCode = "samlp:Requester";
+ statusMessageCode = "1202";
+
+ } else if (samlArtifactList.getLength() > 1) {
+ // too many SAML artifacts given in request
+ statusCode = "samlp:Requester";
+ subStatusCode = "samlp:TooManyResponses";
+ statusMessageCode = "1203";
+
+ } else {
+ Element samlArtifactElem = (Element)samlArtifactList.item(0);
+ requestID = saml1Req.getAttribute("RequestID");
+ String samlArtifact = DOMUtils.getText(samlArtifactElem);
+
+ try {
+ samlAssertion = saml1AuthServer.getSaml1AuthenticationData(samlArtifact);
+
+ // success
+ statusCode = "samlp:Success";
+ statusMessageCode = "1200";
+ } catch (ClassCastException ex) {
try {
+ Throwable error = saml1AuthServer.getErrorResponse(samlArtifact);
+ statusCode = "samlp:Responder";
+
+ ErrorResponseUtils errorUtils = ErrorResponseUtils.getInstance();
+
+ if (error instanceof MOAIDException) {
+ statusMessageCode = ((MOAIDException)error).getMessageId();
+ statusMessage = StringEscapeUtils.escapeXml(((MOAIDException)error).getMessage());
- samlAssertion = saml1server.getSaml1AuthenticationData(samlArtifact);
-
- // success
- statusCode = "samlp:Success";
- statusMessageCode = "1200";
- }
-
- catch (ClassCastException ex) {
-
- try {
- Throwable error = saml1server.getErrorResponse(samlArtifact);
- statusCode = "samlp:Responder";
-
- ErrorResponseUtils errorUtils = ErrorResponseUtils.getInstance();
+ } else {
+ statusMessage = StringEscapeUtils.escapeXml(error.getMessage());
- if (error instanceof MOAIDException) {
- statusMessageCode = ((MOAIDException)error).getMessageId();
- statusMessage = StringEscapeUtils.escapeXml(((MOAIDException)error).getMessage());
-
- } else {
- statusMessage = StringEscapeUtils.escapeXml(error.getMessage());
- }
- subStatusCode = errorUtils.getResponseErrorCode(error);
-
- } catch (Exception e) {
- //no authentication data for given SAML artifact
- statusCode = "samlp:Requester";
- subStatusCode = "samlp:ResourceNotRecognized";
- statusMessage = ex.toString();
- }
-
- }
-
- catch (AuthenticationException ex) {
+ }
+ subStatusCode = errorUtils.getResponseErrorCode(error);
+
+ } catch (Exception e) {
//no authentication data for given SAML artifact
statusCode = "samlp:Requester";
subStatusCode = "samlp:ResourceNotRecognized";
statusMessage = ex.toString();
}
+
+ } catch (AuthenticationException ex) {
+ //no authentication data for given SAML artifact
+ statusCode = "samlp:Requester";
+ subStatusCode = "samlp:ResourceNotRecognized";
+ statusMessage = ex.toString();
}
}
- catch (Throwable t) {
- // invalid request format
- statusCode = "samlp:Requester";
- statusMessageCode = "1204";
- }
+
+
+ } catch (Throwable t) {
+ // invalid request format
+ statusCode = "samlp:Requester";
+ statusMessageCode = "1204";
+
+ }
+
+ String responseID = Random.nextRandom();
+ String issueInstant = DateTimeUtils.buildDateTimeUTC(Calendar.getInstance());
+
+ try {
+ if (statusMessage == null)
+ statusMessage = MOAIDMessageProvider.getInstance().getMessage(statusMessageCode, null);
+ responses = new SAMLResponseBuilder().build(
+ responseID, requestID, issueInstant, statusCode, subStatusCode, statusMessage, samlAssertion);
+ return responses;
+
+ } catch (Throwable e) {
+ throw new SAML1AssertionResponseBuildException(responseID, issueInstant,
+ requestID, "1299", e.getMessage(), e);
+
+ }
}
+
+
+ private void evaluateTemplate(VelocityContext context, HttpServletResponse httpResp, String templateURL) throws IOException {
+ InputStream is = null;
+ try {
+ is = Thread.currentThread()
+ .getContextClassLoader()
+ .getResourceAsStream(templateURL);
+
+ VelocityEngine engine = VelocityProvider.getClassPathVelocityEngine();
+ BufferedReader reader = new BufferedReader(new InputStreamReader(is ));
+ StringWriter writer = new StringWriter();
+ engine.evaluate(context, writer, "SAML1 GetAuthenticationData", reader);
+ httpResp.getOutputStream().write(writer.toString().getBytes("UTF-8"));
+
+ } catch (Exception e) {
+ Logger.error("SAML1 GetAuthenticationData has an error:", e);
+ throw new IOException(e);
+
+ } finally {
+ if (is != null)
+ is.close();
+
+ }
- try {
- String responseID = Random.nextRandom();
- String issueInstant = DateTimeUtils.buildDateTimeUTC(Calendar.getInstance());
-
- if (statusMessage == null)
- statusMessage = MOAIDMessageProvider.getInstance().getMessage(statusMessageCode, null);
- responses[0] = new SAMLResponseBuilder().build(
- responseID, requestID, issueInstant, statusCode, subStatusCode, statusMessage, samlAssertion);
-
- }
- catch (MOAIDException e) {
- AxisFault fault = AxisFault.makeFault(e);
- fault.setFaultDetail(new Element[] { e.toErrorResponse()});
- throw fault;
- }
- catch (Throwable t) {
- MOAIDException e = new MOAIDException("1299", null, t);
- AxisFault fault = AxisFault.makeFault(e);
- fault.setFaultDetail(new Element[] { e.toErrorResponse()});
- throw fault;
- }
- return responses;
- }
-
+ }
}
+
diff --git a/id/server/modules/moa-id-modules-saml1/src/main/java/at/gv/egovernment/moa/id/protocols/saml1/SAML1AssertionResponseBuildException.java b/id/server/modules/moa-id-modules-saml1/src/main/java/at/gv/egovernment/moa/id/protocols/saml1/SAML1AssertionResponseBuildException.java
new file mode 100644
index 000000000..0c06a94df
--- /dev/null
+++ b/id/server/modules/moa-id-modules-saml1/src/main/java/at/gv/egovernment/moa/id/protocols/saml1/SAML1AssertionResponseBuildException.java
@@ -0,0 +1,86 @@
+/*
+ * Copyright 2014 Federal Chancellery Austria
+ * MOA-ID has been developed in a cooperation between BRZ, the Federal
+ * Chancellery Austria - ICT staff unit, and Graz University of Technology.
+ *
+ * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by
+ * the European Commission - subsequent versions of the EUPL (the "Licence");
+ * You may not use this work except in compliance with the Licence.
+ * You may obtain a copy of the Licence at:
+ * http://www.osor.eu/eupl/
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the Licence is distributed on an "AS IS" basis,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the Licence for the specific language governing permissions and
+ * limitations under the Licence.
+ *
+ * This product combines work with different licenses. See the "NOTICE" text
+ * file for details on the various modules and licenses.
+ * The "NOTICE" text file is part of the distribution. Any derivative works
+ * that you distribute must include a readable copy of the "NOTICE" text file.
+ */
+package at.gv.egovernment.moa.id.protocols.saml1;
+
+/**
+ * @author tlenz
+ *
+ */
+public class SAML1AssertionResponseBuildException extends Exception {
+
+ private static final long serialVersionUID = -394698807368683821L;
+
+ private String responseID;
+ private String issueInstant;
+ private String requestID;
+ private String errorCode;
+
+ /**
+ * @param responseID
+ * @param issueInstant
+ * @param requestID
+ * @param string
+ * @param message
+ */
+ public SAML1AssertionResponseBuildException(String responseID, String issueInstant, String requestID, String errorCode,
+ String errorMsg, Throwable throwable) {
+ super(errorMsg, throwable);
+
+ this.requestID = requestID;
+ this.issueInstant = issueInstant;
+ this.responseID = responseID;
+ this.errorCode = errorCode;
+ }
+
+ /**
+ * @return the responseID
+ */
+ public String getResponseID() {
+ return responseID;
+ }
+
+ /**
+ * @return the issueInstant
+ */
+ public String getIssueInstant() {
+ return issueInstant;
+ }
+
+ /**
+ * @return the requestID
+ */
+ public String getRequestID() {
+ return requestID;
+ }
+
+ /**
+ * @return the errorCode
+ */
+ public String getErrorCode() {
+ return errorCode;
+ }
+
+
+
+
+}
diff --git a/id/server/modules/moa-id-modules-saml1/src/main/java/at/gv/egovernment/moa/id/protocols/saml1/SAML1AuthenticationServer.java b/id/server/modules/moa-id-modules-saml1/src/main/java/at/gv/egovernment/moa/id/protocols/saml1/SAML1AuthenticationServer.java
index 421d00cbe..5eb39880e 100644
--- a/id/server/modules/moa-id-modules-saml1/src/main/java/at/gv/egovernment/moa/id/protocols/saml1/SAML1AuthenticationServer.java
+++ b/id/server/modules/moa-id-modules-saml1/src/main/java/at/gv/egovernment/moa/id/protocols/saml1/SAML1AuthenticationServer.java
@@ -35,6 +35,8 @@ import javax.xml.parsers.ParserConfigurationException;
import javax.xml.transform.TransformerException;
import org.apache.commons.lang3.StringEscapeUtils;
+import org.springframework.beans.factory.annotation.Autowired;
+import org.springframework.stereotype.Service;
import org.w3c.dom.Element;
import org.xml.sax.SAXException;
@@ -56,11 +58,11 @@ import at.gv.egovernment.moa.id.auth.parser.SAMLArtifactParser;
import at.gv.egovernment.moa.id.auth.validator.parep.ParepUtils;
import at.gv.egovernment.moa.id.commons.db.ex.MOADatabaseException;
import at.gv.egovernment.moa.id.config.ConfigurationException;
-import at.gv.egovernment.moa.id.config.auth.OAAuthParameter;
+import at.gv.egovernment.moa.id.config.auth.IOAAuthParameters;
import at.gv.egovernment.moa.id.config.auth.data.SAML1ConfigurationParameters;
import at.gv.egovernment.moa.id.data.AuthenticationData;
import at.gv.egovernment.moa.id.moduls.IRequest;
-import at.gv.egovernment.moa.id.storage.AssertionStorage;
+import at.gv.egovernment.moa.id.storage.ITransactionStorage;
import at.gv.egovernment.moa.id.util.Random;
import at.gv.egovernment.moa.logging.Logger;
import at.gv.egovernment.moa.util.Base64Utils;
@@ -77,19 +79,10 @@ import eu.eidas.auth.commons.IPersonalAttributeList;
import eu.eidas.auth.commons.PersonalAttribute;
//import at.gv.egovernment.moa.id.util.IdentityLinkReSigner;
+@Service("SAML1AuthenticationServer")
public class SAML1AuthenticationServer extends AuthenticationServer {
-
- private static SAML1AuthenticationServer instance;
-
- public static SAML1AuthenticationServer getInstace() {
- if (instance == null)
- instance = new SAML1AuthenticationServer();
- return instance;
- }
-
- private static AssertionStorage authenticationDataStore = AssertionStorage.getInstance();
-
+ @Autowired private ITransactionStorage authenticationDataStore;
/**
* time out in milliseconds used by {@link cleanup} for authentication data
@@ -107,20 +100,23 @@ public class SAML1AuthenticationServer extends AuthenticationServer {
samlArtifact, ex.toString() });
}
Throwable error = null;
- synchronized (authenticationDataStore) {
- try {
- error = authenticationDataStore
- .get(samlArtifact, Throwable.class);
+ try {
+ error = authenticationDataStore
+ .get(samlArtifact, Throwable.class);
- authenticationDataStore.remove(samlArtifact);
-
- } catch (MOADatabaseException e) {
+ if (error == null) {
Logger.error("Assertion not found for SAML Artifact: " + samlArtifact);
throw new AuthenticationException("1206", new Object[] { samlArtifact });
+
}
-
+
+ authenticationDataStore.remove(samlArtifact);
+
+ } catch (MOADatabaseException e) {
+ Logger.error("Assertion not found for SAML Artifact: " + samlArtifact);
+ throw new AuthenticationException("1206", new Object[] { samlArtifact });
}
-
+
return error;
}
@@ -129,7 +125,7 @@ public class SAML1AuthenticationServer extends AuthenticationServer {
* @param iPersonalAttributeList STORK attribute list
* @return
*/
- public static List<ExtendedSAMLAttribute> addAdditionalSTORKAttributes(IPersonalAttributeList iPersonalAttributeList) {
+ public List<ExtendedSAMLAttribute> addAdditionalSTORKAttributes(IPersonalAttributeList iPersonalAttributeList) {
List<ExtendedSAMLAttribute> moaExtendedSAMLAttributeList = new Vector<ExtendedSAMLAttribute>();
if(null == iPersonalAttributeList)
@@ -177,22 +173,24 @@ public class SAML1AuthenticationServer extends AuthenticationServer {
throw new AuthenticationException("1205", new Object[] {
samlArtifact, ex.toString() });
}
- String authData = null;
- synchronized (authenticationDataStore) {
- // System.out.println("assertionHandle: " + assertionHandle);
-
- try {
- authData = authenticationDataStore
- .get(samlArtifact, String.class, authDataTimeOut);
+ String authData = null;
+ try {
+ authData = authenticationDataStore
+ .get(samlArtifact, String.class, authDataTimeOut);
- } catch (MOADatabaseException e) {
+ if (authData == null) {
Logger.error("Assertion not found for SAML Artifact: " + samlArtifact);
throw new AuthenticationException("1206", new Object[] { samlArtifact });
- }
- }
+
+ }
- authenticationDataStore.remove(samlArtifact);
+ } catch (MOADatabaseException e) {
+ Logger.error("Assertion not found for SAML Artifact: " + samlArtifact);
+ throw new AuthenticationException("1206", new Object[] { samlArtifact });
+ }
+
+ authenticationDataStore.remove(samlArtifact);
Logger.debug("Assertion delivered for SAML Artifact: " + samlArtifact);
return authData;
@@ -210,7 +208,7 @@ public class SAML1AuthenticationServer extends AuthenticationServer {
return samlArtifact;
}
- public String BuildSAMLArtifact(OAAuthParameter oaParam,
+ public String BuildSAMLArtifact(IOAAuthParameters oaParam,
SAML1AuthenticationData authData, String sourceID)
throws ConfigurationException, BuildException, AuthenticationException {
@@ -435,7 +433,7 @@ public class SAML1AuthenticationServer extends AuthenticationServer {
}
- private String generateMandateDate(OAAuthParameter oaParam, AuthenticationData authData
+ private String generateMandateDate(IOAAuthParameters oaParam, AuthenticationData authData
) throws AuthenticationException, BuildException,
ParseException, ConfigurationException, ServiceException,
ValidateException {
@@ -616,11 +614,11 @@ public class SAML1AuthenticationServer extends AuthenticationServer {
new Object[] { samlArtifact });
parser.parseAssertionHandle();
- synchronized (authenticationDataStore) {
+ //synchronized (authenticationDataStore) {
Logger.debug("Assertion stored for SAML Artifact: "
+ samlArtifact);
authenticationDataStore.put(samlArtifact, samlAssertion);
- }
+ //}
} catch (AuthenticationException ex) {
throw ex;
diff --git a/id/server/modules/moa-id-modules-saml1/src/main/java/at/gv/egovernment/moa/id/protocols/saml1/SAML1Protocol.java b/id/server/modules/moa-id-modules-saml1/src/main/java/at/gv/egovernment/moa/id/protocols/saml1/SAML1Protocol.java
index 7416dfb00..1b1815b44 100644
--- a/id/server/modules/moa-id-modules-saml1/src/main/java/at/gv/egovernment/moa/id/protocols/saml1/SAML1Protocol.java
+++ b/id/server/modules/moa-id-modules-saml1/src/main/java/at/gv/egovernment/moa/id/protocols/saml1/SAML1Protocol.java
@@ -22,18 +22,20 @@
*******************************************************************************/
package at.gv.egovernment.moa.id.protocols.saml1;
+import java.io.IOException;
import java.util.Arrays;
-import java.util.HashMap;
import java.util.List;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import org.apache.commons.lang.StringEscapeUtils;
+import org.springframework.beans.factory.annotation.Autowired;
+import org.springframework.stereotype.Controller;
+import org.springframework.web.bind.annotation.RequestMapping;
+import org.springframework.web.bind.annotation.RequestMethod;
import at.gv.egovernment.moa.id.advancedlogging.MOAIDEventConstants;
-import at.gv.egovernment.moa.id.advancedlogging.MOAReversionLogger;
-import at.gv.egovernment.moa.id.auth.MOAIDAuthConstants;
import at.gv.egovernment.moa.id.auth.exception.InvalidProtocolRequestException;
import at.gv.egovernment.moa.id.auth.exception.MOAIDException;
import at.gv.egovernment.moa.id.auth.exception.ProtocolNotActiveException;
@@ -42,17 +44,30 @@ import at.gv.egovernment.moa.id.auth.servlet.RedirectServlet;
import at.gv.egovernment.moa.id.config.auth.AuthConfigurationProviderFactory;
import at.gv.egovernment.moa.id.config.auth.OAAuthParameter;
import at.gv.egovernment.moa.id.config.auth.data.SAML1ConfigurationParameters;
-import at.gv.egovernment.moa.id.moduls.IAction;
-import at.gv.egovernment.moa.id.moduls.IModulInfo;
import at.gv.egovernment.moa.id.moduls.IRequest;
+import at.gv.egovernment.moa.id.protocols.AbstractAuthProtocolModulController;
import at.gv.egovernment.moa.id.protocols.pvp2x.PVPConstants;
import at.gv.egovernment.moa.id.util.ParamValidatorUtils;
import at.gv.egovernment.moa.logging.Logger;
import at.gv.egovernment.moa.util.MiscUtil;
import at.gv.egovernment.moa.util.URLEncoder;
-public class SAML1Protocol extends MOAIDAuthConstants implements IModulInfo {
+/**
+ * SAML1 authentication protocol implementation
+ *
+ * @deprecated
+ * @author tlenz
+ *
+ */
+
+@Controller
+public class SAML1Protocol extends AbstractAuthProtocolModulController {
+ @Autowired private SAML1AuthenticationServer saml1AuthServer;
+
+ public static final String REQ_DATA_SOURCEID = "saml1_sourceID";
+ public static final String REQ_DATA_TARGET = "saml1_target";
+
public static final String NAME = SAML1Protocol.class.getName();
public static final String PATH = "id_saml1";
@@ -72,24 +87,6 @@ public class SAML1Protocol extends MOAIDAuthConstants implements IModulInfo {
PVPConstants.EID_SOURCE_PIN_TYPE_NAME
});
- private static HashMap<String, IAction> actions = new HashMap<String, IAction>();
-
- static {
-
- actions.put(GETARTIFACT, new GetArtifactAction());
-
- instance = new SAML1Protocol();
- }
-
- private static SAML1Protocol instance = null;
-
- public static SAML1Protocol getInstance() {
- if (instance == null) {
- instance = new SAML1Protocol();
- }
- return instance;
- }
-
public String getName() {
return NAME;
}
@@ -98,94 +95,133 @@ public class SAML1Protocol extends MOAIDAuthConstants implements IModulInfo {
return PATH;
}
- public IRequest preProcess(HttpServletRequest request,
- HttpServletResponse response, String action,
- String sessionId, String transactionId) throws MOAIDException {
- SAML1RequestImpl config = new SAML1RequestImpl();
-
+
+ @RequestMapping(value = "/StartAuthentication", method = {RequestMethod.POST, RequestMethod.GET})
+ public void PVPMetadataRequest(HttpServletRequest req, HttpServletResponse resp) throws MOAIDException, IOException {
if (!AuthConfigurationProviderFactory.getInstance().getAllowedProtocols().isSAML1Active()) {
Logger.info("SAML1 is deaktivated!");
throw new ProtocolNotActiveException("auth.22", new Object[] { "SAML 1" });
}
-
- String oaURL = (String) request.getParameter(PARAM_OA);
- //oaURL = StringEscapeUtils.escapeHtml(oaURL);
-
- String target = (String) request.getParameter(PARAM_TARGET);
- target = StringEscapeUtils.escapeHtml(target);
-
- String sourceID = request.getParameter(PARAM_SOURCEID);
- sourceID = StringEscapeUtils.escapeHtml(sourceID);
-
- //the target parameter is used to define the OA in SAML1 standard
- if (target != null && target.startsWith("http")) {
- oaURL = target;
- target = null;
- }
- if (MiscUtil.isEmpty(oaURL)) {
- Logger.info("Receive SAML1 request with no OA parameter. Authentication STOPPED!");
- throw new WrongParametersException("StartAuthentication", PARAM_OA,
- "auth.12");
+ SAML1RequestImpl pendingReq = applicationContext.getBean(SAML1RequestImpl.class);
+ pendingReq.initialize(req);
+ pendingReq.setModule(NAME);
+
+ revisionsLogger.logEvent(MOAIDEventConstants.SESSION_CREATED, pendingReq.getUniqueSessionIdentifier());
+ revisionsLogger.logEvent(MOAIDEventConstants.TRANSACTION_CREATED, pendingReq.getUniqueTransactionIdentifier());
+ revisionsLogger.logEvent(
+ pendingReq.getUniqueSessionIdentifier(),
+ pendingReq.getUniqueTransactionIdentifier(),
+ MOAIDEventConstants.TRANSACTION_IP,
+ req.getRemoteAddr());
+
+ //preProcess SAML1 Request
+ preProcess(req, resp, pendingReq);
- }
-
- if (!ParamValidatorUtils.isValidOA(oaURL))
- throw new WrongParametersException("StartAuthentication", PARAM_OA,
- "auth.12");
-
- config.setOAURL(oaURL);
-
- Logger.info("Dispatch SAML1 Request: OAURL=" + oaURL);
-
- if (!ParamValidatorUtils.isValidSourceID(sourceID))
- throw new WrongParametersException("StartAuthentication", PARAM_SOURCEID, "auth.12");
-
-
- //load Target only from OA config
- OAAuthParameter oaParam = AuthConfigurationProviderFactory.getInstance()
- .getOnlineApplicationParameter(oaURL);
-
- if (oaParam == null)
- throw new InvalidProtocolRequestException("auth.00",
- new Object[] { null });
+ performAuthentication(req, resp, pendingReq);
+ return;
- SAML1ConfigurationParameters saml1 = oaParam.getSAML1Parameter();
- if (saml1 == null || !(saml1.isIsActive() != null && saml1.isIsActive()) ) {
- Logger.info("Online-Application " + oaURL + " can not use SAML1 for authentication.");
- throw new InvalidProtocolRequestException("auth.00",
- new Object[] { null });
- }
- config.setOnlineApplicationConfiguration(oaParam);
- config.setSourceID(sourceID);
-
- MOAReversionLogger.getInstance().logEvent(sessionId, transactionId, MOAIDEventConstants.AUTHPROTOCOL_SAML1_AUTHNREQUEST);
-
- if (MiscUtil.isNotEmpty(target))
- config.setTarget(target);
-
- else
- config.setTarget(oaParam.getTarget());
+ }
+
+
+ public void preProcess(HttpServletRequest request,
+ HttpServletResponse response, SAML1RequestImpl pendingRequest) throws MOAIDException {
+ try {
+ String oaURL = (String) request.getParameter(PARAM_OA);
+ //oaURL = StringEscapeUtils.escapeHtml(oaURL);
+
+ String target = (String) request.getParameter(PARAM_TARGET);
+ target = StringEscapeUtils.escapeHtml(target);
+
+ String sourceID = request.getParameter(PARAM_SOURCEID);
+ sourceID = StringEscapeUtils.escapeHtml(sourceID);
+
+ //the target parameter is used to define the OA in SAML1 standard
+ if (target != null && target.startsWith("http")) {
+ oaURL = target;
+ target = null;
+ }
+
+ if (MiscUtil.isEmpty(oaURL)) {
+ Logger.info("Receive SAML1 request with no OA parameter. Authentication STOPPED!");
+ throw new WrongParametersException("StartAuthentication", PARAM_OA,
+ "auth.12");
+
+ }
+
+ if (!ParamValidatorUtils.isValidOA(oaURL))
+ throw new WrongParametersException("StartAuthentication", PARAM_OA,
+ "auth.12");
+
+ pendingRequest.setOAURL(oaURL);
+
+ Logger.info("Dispatch SAML1 Request: OAURL=" + oaURL);
+
+ if (!ParamValidatorUtils.isValidSourceID(sourceID))
+ throw new WrongParametersException("StartAuthentication", PARAM_SOURCEID, "auth.12");
+
+
+ //load Target only from OA config
+ OAAuthParameter oaParam = AuthConfigurationProviderFactory.getInstance()
+ .getOnlineApplicationParameter(oaURL);
+ if (oaParam == null)
+ throw new InvalidProtocolRequestException("auth.00",
+ new Object[] { null });
+
+ SAML1ConfigurationParameters saml1 = oaParam.getSAML1Parameter();
+ if (saml1 == null || !(saml1.isIsActive() != null && saml1.isIsActive()) ) {
+ Logger.info("Online-Application " + oaURL + " can not use SAML1 for authentication.");
+ throw new InvalidProtocolRequestException("auth.00",
+ new Object[] { null });
+ }
+ pendingRequest.setOnlineApplicationConfiguration(oaParam);
+
+
+ //check and set SourceID
+ if (oaParam.getSAML1Parameter() != null &&
+ MiscUtil.isNotEmpty(oaParam.getSAML1Parameter().getSourceID())) {
+ pendingRequest.setSourceID(oaParam.getSAML1Parameter().getSourceID());
- return config;
+ } else
+ pendingRequest.setSourceID(sourceID);
+
+ revisionsLogger.logEvent(pendingRequest, MOAIDEventConstants.AUTHPROTOCOL_SAML1_AUTHNREQUEST);
+
+ if (MiscUtil.isNotEmpty(target))
+ pendingRequest.setGenericDataToSession(REQ_DATA_TARGET, target);
+
+ else
+ pendingRequest.setGenericDataToSession(REQ_DATA_TARGET, oaParam.getTarget());
+
+ //AuthnRequest needs authentication
+ pendingRequest.setNeedAuthentication(true);
+
+ //set protocol action, which should be executed after authentication
+ pendingRequest.setAction(GetArtifactAction.class.getName());
+
+ } catch (WrongParametersException e) {
+ throw new InvalidProtocolRequestException(e.getMessageId(), e.getParameters());
+
+ } catch (InvalidProtocolRequestException e) {
+ throw e;
+
+ }
+
}
public boolean generateErrorMessage(Throwable e,
HttpServletRequest request, HttpServletResponse response,
IRequest protocolRequest)
throws Throwable{
-
- OAAuthParameter oa = AuthConfigurationProviderFactory.getInstance().getOnlineApplicationParameter(protocolRequest.getOAURL());
- if (!oa.getSAML1Parameter().isProvideAllErrors())
+ if (!protocolRequest.getOnlineApplicationConfiguration().getSAML1Parameter().isProvideAllErrors())
return false;
- else {
- SAML1AuthenticationServer saml1authentication = SAML1AuthenticationServer.getInstace();
- String samlArtifactBase64 = saml1authentication.BuildErrorAssertion(e, protocolRequest);
+ else {
+ String samlArtifactBase64 = saml1AuthServer.BuildErrorAssertion(e, protocolRequest);
- String url = AuthConfigurationProviderFactory.getInstance().getPublicURLPrefix() + "/RedirectServlet";
+ String url = protocolRequest.getAuthURL() + "/RedirectServlet";
url = addURLParameter(url, RedirectServlet.REDIRCT_PARAM_URL, URLEncoder.encode(protocolRequest.getOAURL(), "UTF-8"));
url = addURLParameter(url, PARAM_SAMLARTIFACT, URLEncoder.encode(samlArtifactBase64, "UTF-8"));
url = response.encodeRedirectURL(url);
@@ -199,15 +235,6 @@ public class SAML1Protocol extends MOAIDAuthConstants implements IModulInfo {
}
}
- public IAction getAction(String action) {
- return actions.get(action);
- }
-
- public IAction canHandleRequest(HttpServletRequest request,
- HttpServletResponse response) {
- return null;
- }
-
public boolean validate(HttpServletRequest request,
HttpServletResponse response, IRequest pending) {
diff --git a/id/server/modules/moa-id-modules-saml1/src/main/java/at/gv/egovernment/moa/id/protocols/saml1/SAML1RequestImpl.java b/id/server/modules/moa-id-modules-saml1/src/main/java/at/gv/egovernment/moa/id/protocols/saml1/SAML1RequestImpl.java
index 5370573a7..e85f8ce6b 100644
--- a/id/server/modules/moa-id-modules-saml1/src/main/java/at/gv/egovernment/moa/id/protocols/saml1/SAML1RequestImpl.java
+++ b/id/server/modules/moa-id-modules-saml1/src/main/java/at/gv/egovernment/moa/id/protocols/saml1/SAML1RequestImpl.java
@@ -23,25 +23,25 @@
package at.gv.egovernment.moa.id.protocols.saml1;
import java.util.ArrayList;
+import java.util.Collection;
import java.util.List;
-import org.opensaml.saml2.core.Attribute;
+import org.springframework.beans.factory.config.BeanDefinition;
+import org.springframework.context.annotation.Scope;
+import org.springframework.stereotype.Component;
-import at.gv.egovernment.moa.id.config.ConfigurationException;
-import at.gv.egovernment.moa.id.config.auth.AuthConfigurationProviderFactory;
-import at.gv.egovernment.moa.id.config.auth.OAAuthParameter;
import at.gv.egovernment.moa.id.config.auth.data.SAML1ConfigurationParameters;
import at.gv.egovernment.moa.id.moduls.RequestImpl;
import at.gv.egovernment.moa.id.protocols.pvp2x.PVPConstants;
-import at.gv.egovernment.moa.id.protocols.pvp2x.builder.AttributQueryBuilder;
-import at.gv.egovernment.moa.logging.Logger;
/**
* @author tlenz
*
*/
+@Component("SAML1RequestImpl")
+@Scope(value = BeanDefinition.SCOPE_PROTOTYPE)
public class SAML1RequestImpl extends RequestImpl {
-
+
private static final long serialVersionUID = -4961979968425683115L;
private String sourceID = null;
@@ -64,32 +64,26 @@ public class SAML1RequestImpl extends RequestImpl {
* @see at.gv.egovernment.moa.id.moduls.RequestImpl#getRequestedAttributes()
*/
@Override
- public List<Attribute> getRequestedAttributes() {
+ public Collection<String> getRequestedAttributes() {
List<String> reqAttr = new ArrayList<String>();
reqAttr.addAll(SAML1Protocol.DEFAULTREQUESTEDATTRFORINTERFEDERATION);
- try {
- OAAuthParameter oa = AuthConfigurationProviderFactory.getInstance().getOnlineApplicationParameter(getOAURL());
- SAML1ConfigurationParameters saml1 = oa.getSAML1Parameter();
- if (saml1 != null) {
- if (saml1.isProvideAUTHBlock())
- reqAttr.add(PVPConstants.EID_AUTH_BLOCK_NAME);
-
- if (saml1.isProvideCertificate())
- reqAttr.add(PVPConstants.EID_SIGNER_CERTIFICATE_NAME);
-
- if (saml1.isProvideFullMandatorData())
- reqAttr.add(PVPConstants.MANDATE_FULL_MANDATE_NAME);
- }
-
- return AttributQueryBuilder.buildSAML2AttributeList(oa, reqAttr.iterator());
+ SAML1ConfigurationParameters saml1 = this.getOnlineApplicationConfiguration().getSAML1Parameter();
+ if (saml1 != null) {
+ if (saml1.isProvideAUTHBlock())
+ reqAttr.add(PVPConstants.EID_AUTH_BLOCK_NAME);
- } catch (ConfigurationException e) {
- Logger.error("Load configuration for OA " + getOAURL() + " FAILED", e);
- return null;
+ if (saml1.isProvideCertificate())
+ reqAttr.add(PVPConstants.EID_SIGNER_CERTIFICATE_NAME);
+
+ if (saml1.isProvideFullMandatorData())
+ reqAttr.add(PVPConstants.MANDATE_FULL_MANDATE_NAME);
}
-
+
+ //return attributQueryBuilder.buildSAML2AttributeList(this.getOnlineApplicationConfiguration(), reqAttr.iterator());
+
+ return reqAttr;
}
diff --git a/id/server/modules/moa-id-modules-saml1/src/main/resources/META-INF/services/at.gv.egovernment.moa.id.moduls.IModulInfo b/id/server/modules/moa-id-modules-saml1/src/main/resources/META-INF/services/at.gv.egovernment.moa.id.moduls.IModulInfo
deleted file mode 100644
index 5bff0dbc2..000000000
--- a/id/server/modules/moa-id-modules-saml1/src/main/resources/META-INF/services/at.gv.egovernment.moa.id.moduls.IModulInfo
+++ /dev/null
@@ -1 +0,0 @@
-at.gv.egovernment.moa.id.protocols.saml1.SAML1Protocol \ No newline at end of file
diff --git a/id/server/modules/moa-id-modules-saml1/src/main/resources/plain_info.vm b/id/server/modules/moa-id-modules-saml1/src/main/resources/plain_info.vm
new file mode 100644
index 000000000..dfc11820f
--- /dev/null
+++ b/id/server/modules/moa-id-modules-saml1/src/main/resources/plain_info.vm
@@ -0,0 +1,14 @@
+<html>
+<head>
+<meta content="text/html; charset=utf-8" http-equiv="Content-Type">
+</head>
+<body>
+<h1>GetAuthenticationData</h1>
+<p>Hi there, this is an Web service!</p>
+#if($error)
+ <i>Your request has an error: $error</i>
+#else
+ <i>Perhaps there will be a form for invoking the service here...</i>
+#end
+</body>
+</html>
diff --git a/id/server/modules/moa-id-modules-saml1/src/main/resources/soap_error.vm b/id/server/modules/moa-id-modules-saml1/src/main/resources/soap_error.vm
new file mode 100644
index 000000000..65945e2de
--- /dev/null
+++ b/id/server/modules/moa-id-modules-saml1/src/main/resources/soap_error.vm
@@ -0,0 +1,4 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<soapenv:Envelope xmlns:soapenv="http://schemas.xmlsoap.org/soap/envelope/" xmlns:xsd="http://www.w3.org/2001/XMLSchema" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance">
+ <soapenv:Body><samlp:Response #if($requestID) InResponseTo="$requestID" #end IssueInstant="$issueInstant" MajorVersion="1" MinorVersion="0" ResponseID="$responseID" xmlns:saml="urn:oasis:names:tc:SAML:1.0:assertion" xmlns:samlp="urn:oasis:names:tc:SAML:1.0:protocol"> <samlp:Status> <samlp:StatusCode Value="$statusCode"/> <samlp:StatusMessage>$errorMsg</samlp:StatusMessage> </samlp:Status> </samlp:Response> </soapenv:Body>
+</soapenv:Envelope> \ No newline at end of file
diff --git a/id/server/modules/moa-id-modules-saml1/src/main/resources/soap_success.vm b/id/server/modules/moa-id-modules-saml1/src/main/resources/soap_success.vm
new file mode 100644
index 000000000..7dad2c259
--- /dev/null
+++ b/id/server/modules/moa-id-modules-saml1/src/main/resources/soap_success.vm
@@ -0,0 +1,4 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<soapenv:Envelope xmlns:soapenv="http://schemas.xmlsoap.org/soap/envelope/" xmlns:xsd="http://www.w3.org/2001/XMLSchema" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance">
+ <soapenv:Body>$assertion</soapenv:Body>
+</soapenv:Envelope> \ No newline at end of file
diff --git a/id/server/modules/moa-id-modules-saml1/src/main/resources/wsdl/MOA-ID-1.x.vm b/id/server/modules/moa-id-modules-saml1/src/main/resources/wsdl/MOA-ID-1.x.vm
new file mode 100644
index 000000000..74be59723
--- /dev/null
+++ b/id/server/modules/moa-id-modules-saml1/src/main/resources/wsdl/MOA-ID-1.x.vm
@@ -0,0 +1,40 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<definitions name="MOA" targetNamespace="http://reference.e-government.gv.at/namespace/moa/20020822#" xmlns="http://schemas.xmlsoap.org/wsdl/" xmlns:tns="http://reference.e-government.gv.at/namespace/moa/20020822#" xmlns:soap="http://schemas.xmlsoap.org/wsdl/soap/" xmlns:samlp="urn:oasis:names:tc:SAML:1.0:protocol" xmlns:moa="http://reference.e-government.gv.at/namespace/moa/20020822#" xmlns:xsd="http://www.w3.org/1999/XMLSchema" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:schemaLocation="http://schemas.xmlsoap.org/wsdl/ http://schemas.xmlsoap.org/wsdl/">
+ <import namespace="http://reference.e-government.gv.at/namespace/moa/20020822#" location="$endpoint?xsd"/>
+ <message name="GetAuthenticationDataInput">
+ <part name="body" element="samlp:Request"/>
+ </message>
+ <message name="GetAuthenticationDataOutput">
+ <part name="body" element="samlp:Response"/>
+ </message>
+ <message name="MOAFault">
+ <part name="body" element="moa:ErrorResponse"/>
+ </message>
+ <portType name="IdentificationPortType">
+ <operation name="getAuthenticationData">
+ <input message="tns:GetAuthenticationDataInput"/>
+ <output message="tns:GetAuthenticationDataOutput"/>
+ <fault name="MOAFault" message="tns:MOAFault"/>
+ </operation>
+ </portType>
+ <binding name="IdentificationBinding" type="tns:IdentificationPortType" xsi:schemaLocation="http://schemas.xmlsoap.org/wsdl/soap/ http://schemas.xmlsoap.org/wsdl/soap/">
+ <soap:binding style="document" transport="http://schemas.xmlsoap.org/soap/http"/>
+ <operation name="getAuthenticationData">
+ <soap:operation soapAction="urn:GetAuthenticationDataAction"/>
+ <input>
+ <soap:body use="literal" namespace="http://reference.e-government.gv.at/namespace/moa/20020822#"/>
+ </input>
+ <output>
+ <soap:body use="literal" namespace="http://reference.e-government.gv.at/namespace/moa/20020822#"/>
+ </output>
+ <fault name="MOAFault">
+ <soap:fault name="MOAFault" use="literal" namespace="http://reference.e-government.gv.at/namespace/moa/20020822#"/>
+ </fault>
+ </operation>
+ </binding>
+ <service name="GetAuthenticationDataService">
+ <port name="IdentificationPort" binding="tns:IdentificationBinding">
+ <soap:address location="$endpoint"/>
+ </port>
+ </service>
+</definitions>
diff --git a/id/server/modules/moa-id-modules-saml1/src/main/resources/wsdl/MOA-SPSS-1.2.vm b/id/server/modules/moa-id-modules-saml1/src/main/resources/wsdl/MOA-SPSS-1.2.vm
new file mode 100644
index 000000000..4c86626a0
--- /dev/null
+++ b/id/server/modules/moa-id-modules-saml1/src/main/resources/wsdl/MOA-SPSS-1.2.vm
@@ -0,0 +1,528 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!-- MOA SP/SS 1.2 Schema -->
+<xsd:schema
+ targetNamespace="http://reference.e-government.gv.at/namespace/moa/20020822#"
+ xmlns:dsig="http://www.w3.org/2000/09/xmldsig#" xmlns:xsd="http://www.w3.org/2001/XMLSchema"
+ xmlns="http://reference.e-government.gv.at/namespace/moa/20020822#"
+ elementFormDefault="qualified" attributeFormDefault="unqualified"
+ version="1.2">
+ <xsd:import namespace="http://www.w3.org/2000/09/xmldsig#"
+ schemaLocation="http://www.w3.org/TR/xmldsig-core/xmldsig-core-schema.xsd" />
+ <xsd:import namespace="http://www.w3.org/XML/1998/namespace"
+ schemaLocation="http://www.w3.org/2001/xml.xsd" />
+ <!--########## Create XML Signature ### -->
+ <!--### Create XML Signature Request ### -->
+ <xsd:element name="CreateXMLSignatureRequest">
+ <xsd:complexType>
+ <xsd:complexContent>
+ <xsd:extension base="CreateXMLSignatureRequestType" />
+ </xsd:complexContent>
+ </xsd:complexType>
+ </xsd:element>
+ <xsd:complexType name="CreateXMLSignatureRequestType">
+ <xsd:sequence>
+ <xsd:element name="KeyIdentifier" type="KeyIdentifierType" />
+ <xsd:element name="SingleSignatureInfo" maxOccurs="unbounded">
+ <xsd:annotation>
+ <xsd:documentation>Ermöglichung der Stapelsignatur durch
+ wiederholte Angabe dieses Elements</xsd:documentation>
+ </xsd:annotation>
+ <xsd:complexType>
+ <xsd:sequence>
+ <xsd:element name="DataObjectInfo" maxOccurs="unbounded">
+ <xsd:complexType>
+ <xsd:complexContent>
+ <xsd:extension base="DataObjectInfoType">
+ <xsd:attribute name="ChildOfManifest" type="xsd:boolean"
+ use="optional" default="false" />
+ </xsd:extension>
+ </xsd:complexContent>
+ </xsd:complexType>
+ </xsd:element>
+ <xsd:element name="CreateSignatureInfo" minOccurs="0">
+ <xsd:complexType>
+ <xsd:sequence>
+ <xsd:element name="CreateSignatureEnvironment"
+ type="ContentOptionalRefType" />
+ <xsd:choice>
+ <xsd:annotation>
+ <xsd:documentation>Auswahl: Entweder explizite Angabe des
+ Signaturorts sowie ggf. sinnvoller Supplements im Zshg. mit
+ der Signaturumgebung, oder Verweis auf ein benanntes Profil
+ </xsd:documentation>
+ </xsd:annotation>
+ <xsd:element ref="CreateSignatureEnvironmentProfile" />
+ <xsd:element name="CreateSignatureEnvironmentProfileID"
+ type="ProfileIdentifierType" />
+ </xsd:choice>
+ </xsd:sequence>
+ </xsd:complexType>
+ </xsd:element>
+ </xsd:sequence>
+ <xsd:attribute name="SecurityLayerConformity" type="xsd:boolean"
+ use="optional" default="true" />
+ </xsd:complexType>
+ </xsd:element>
+ </xsd:sequence>
+ </xsd:complexType>
+ <!--### Create XML Signature Response ### -->
+ <xsd:complexType name="CreateXMLSignatureResponseType">
+ <xsd:choice maxOccurs="unbounded">
+ <xsd:annotation>
+ <xsd:documentation>Kardinalität 1..oo erlaubt die Antwort auf eine
+ Stapelsignatur-Anfrage</xsd:documentation>
+ </xsd:annotation>
+ <xsd:element name="SignatureEnvironment">
+ <xsd:annotation>
+ <xsd:documentation>Resultat, falls die Signaturerstellung
+ erfolgreich war</xsd:documentation>
+ </xsd:annotation>
+ <xsd:complexType>
+ <xsd:sequence>
+ <xsd:any namespace="##any" processContents="lax" />
+ </xsd:sequence>
+ </xsd:complexType>
+ </xsd:element>
+ <xsd:element ref="ErrorResponse" />
+ </xsd:choice>
+ </xsd:complexType>
+ <xsd:element name="CreateXMLSignatureResponse" type="CreateXMLSignatureResponseType" />
+ <!--########## Verify CMS Signature ### -->
+ <!--### Verifiy CMS Signature Request ### -->
+ <xsd:element name="VerifyCMSSignatureRequest">
+ <xsd:complexType>
+ <xsd:complexContent>
+ <xsd:extension base="VerifyCMSSignatureRequestType">
+ <xsd:attribute name="Signatories" type="SignatoriesType"
+ use="optional" default="1" />
+ </xsd:extension>
+ </xsd:complexContent>
+ </xsd:complexType>
+ </xsd:element>
+ <xsd:complexType name="VerifyCMSSignatureRequestType">
+ <xsd:sequence>
+ <xsd:element name="DateTime" type="xsd:dateTime"
+ minOccurs="0" />
+ <xsd:element name="CMSSignature" type="xsd:base64Binary" />
+ <xsd:element name="DataObject" type="CMSDataObjectOptionalMetaType"
+ minOccurs="0" />
+ <xsd:element name="TrustProfileID">
+ <xsd:annotation>
+ <xsd:documentation>mit diesem Profil wird eine Menge von
+ vertrauenswürdigen Wurzelzertifikaten spezifiziert
+ </xsd:documentation>
+ </xsd:annotation>
+ </xsd:element>
+ </xsd:sequence>
+ </xsd:complexType>
+ <!--### Verify CMS Signature Response ### -->
+ <xsd:element name="VerifyCMSSignatureResponse" type="VerifyCMSSignatureResponseType" />
+ <xsd:complexType name="VerifyCMSSignatureResponseType">
+ <xsd:sequence maxOccurs="unbounded">
+ <xsd:element name="SignerInfo" type="dsig:KeyInfoType">
+ <xsd:annotation>
+ <xsd:documentation>only ds:X509Data and RetrievalMethod is
+ supported; QualifiedCertificate is included as
+ X509Data/any;publicAuthority is included as X509Data/any
+ </xsd:documentation>
+ </xsd:annotation>
+ </xsd:element>
+ <xsd:element name="SignatureCheck" type="CheckResultType" />
+ <xsd:element name="CertificateCheck" type="CheckResultType" />
+ </xsd:sequence>
+ </xsd:complexType>
+ <!--########## Verify XML Signature ### -->
+ <!--### Verify XML Signature Request ### -->
+ <xsd:element name="VerifyXMLSignatureRequest" type="VerifyXMLSignatureRequestType" />
+ <xsd:complexType name="VerifyXMLSignatureRequestType">
+ <xsd:sequence>
+ <xsd:element name="DateTime" type="xsd:dateTime"
+ minOccurs="0" />
+ <xsd:element name="VerifySignatureInfo">
+ <xsd:complexType>
+ <xsd:sequence>
+ <xsd:element name="VerifySignatureEnvironment" type="ContentOptionalRefType" />
+ <xsd:element name="VerifySignatureLocation" type="xsd:token" />
+ </xsd:sequence>
+ </xsd:complexType>
+ </xsd:element>
+ <xsd:choice minOccurs="0" maxOccurs="unbounded">
+ <xsd:element ref="SupplementProfile" />
+ <xsd:element name="SupplementProfileID" type="xsd:string" />
+ </xsd:choice>
+ <xsd:element name="SignatureManifestCheckParams"
+ minOccurs="0">
+ <xsd:complexType>
+ <xsd:sequence>
+ <xsd:element name="ReferenceInfo" type="VerifyTransformsDataType"
+ maxOccurs="unbounded">
+ <xsd:annotation>
+ <xsd:documentation>Pro dsig:Reference-Element in der zu
+ überprüfenden XML-Signatur muss hier ein ReferenceInfo-Element
+ erscheinen. Die Reihenfolge der einzelnen ReferenceInfo
+ Elemente entspricht jener der dsig:Reference Elemente in der
+ XML-Signatur.</xsd:documentation>
+ </xsd:annotation>
+ </xsd:element>
+ </xsd:sequence>
+ <xsd:attribute name="ReturnReferenceInputData" type="xsd:boolean"
+ use="optional" default="true" />
+ </xsd:complexType>
+ </xsd:element>
+ <xsd:element name="ReturnHashInputData" minOccurs="0" />
+ <xsd:element name="TrustProfileID">
+ <xsd:annotation>
+ <xsd:documentation>mit diesem Profil wird eine Menge von
+ vertrauenswürdigen Wurzelzertifikaten spezifiziert
+ </xsd:documentation>
+ </xsd:annotation>
+ </xsd:element>
+ </xsd:sequence>
+ </xsd:complexType>
+ <!--### Verify XML Signature Response ### -->
+ <xsd:element name="VerifyXMLSignatureResponse" type="VerifyXMLSignatureResponseType" />
+ <xsd:complexType name="VerifyXMLSignatureResponseType">
+ <xsd:sequence>
+ <xsd:element name="SignerInfo" type="dsig:KeyInfoType">
+ <xsd:annotation>
+ <xsd:documentation>only ds:X509Data and ds:RetrievalMethod is
+ supported; QualifiedCertificate is included as X509Data/any;
+ PublicAuthority is included as X509Data/any</xsd:documentation>
+ </xsd:annotation>
+ </xsd:element>
+ <xsd:element name="HashInputData" type="ContentExLocRefBaseType"
+ minOccurs="0" maxOccurs="unbounded" />
+ <xsd:element name="ReferenceInputData" type="ContentExLocRefBaseType"
+ minOccurs="0" maxOccurs="unbounded" />
+ <xsd:element name="SignatureCheck" type="ReferencesCheckResultType" />
+ <xsd:element name="SignatureManifestCheck" type="ReferencesCheckResultType"
+ minOccurs="0" />
+ <xsd:element name="XMLDSIGManifestCheck" type="ManifestRefsCheckResultType"
+ minOccurs="0" maxOccurs="unbounded" />
+ <xsd:element name="CertificateCheck" type="CheckResultType" />
+ </xsd:sequence>
+ </xsd:complexType>
+ <xsd:simpleType name="ProfileIdentifierType">
+ <xsd:restriction base="xsd:token" />
+ </xsd:simpleType>
+ <xsd:complexType name="MetaInfoType">
+ <xsd:sequence>
+ <xsd:element name="MimeType" type="MimeTypeType" />
+ <xsd:element name="Description" type="xsd:anyURI"
+ minOccurs="0" />
+ <xsd:any namespace="##other" minOccurs="0" maxOccurs="unbounded" />
+ </xsd:sequence>
+ </xsd:complexType>
+ <xsd:complexType name="FinalDataMetaInfoType">
+ <xsd:complexContent>
+ <xsd:extension base="MetaInfoType">
+ <xsd:sequence>
+ <xsd:element name="Type" type="xsd:anyURI" minOccurs="0" />
+ </xsd:sequence>
+ </xsd:extension>
+ </xsd:complexContent>
+ </xsd:complexType>
+ <xsd:complexType name="DataObjectInfoType">
+ <xsd:sequence>
+ <xsd:element name="DataObject">
+ <xsd:complexType>
+ <xsd:complexContent>
+ <xsd:extension base="ContentOptionalRefType" />
+ </xsd:complexContent>
+ </xsd:complexType>
+ </xsd:element>
+ <xsd:choice>
+ <xsd:annotation>
+ <xsd:documentation>Auswahl: Entweder explizite Angabe EINER
+ Transformationskette inklusive ggf. sinnvoller Supplements oder
+ Verweis auf ein benanntes Profil</xsd:documentation>
+ </xsd:annotation>
+ <xsd:element ref="CreateTransformsInfoProfile" />
+ <xsd:element name="CreateTransformsInfoProfileID" type="ProfileIdentifierType" />
+ </xsd:choice>
+ </xsd:sequence>
+ <xsd:attribute name="Structure" use="required">
+ <xsd:simpleType>
+ <xsd:restriction base="xsd:string">
+ <xsd:enumeration value="detached" />
+ <xsd:enumeration value="enveloping" />
+ </xsd:restriction>
+ </xsd:simpleType>
+ </xsd:attribute>
+ </xsd:complexType>
+ <xsd:complexType name="TransformsInfoType">
+ <xsd:sequence>
+ <xsd:element ref="dsig:Transforms" minOccurs="0" />
+ <xsd:element name="FinalDataMetaInfo" type="FinalDataMetaInfoType" />
+ </xsd:sequence>
+ </xsd:complexType>
+ <xsd:complexType name="XMLDataObjectAssociationType">
+ <xsd:sequence>
+ <xsd:element name="MetaInfo" type="MetaInfoType"
+ minOccurs="0" />
+ <xsd:element name="Content" type="ContentRequiredRefType" />
+ </xsd:sequence>
+ </xsd:complexType>
+ <xsd:complexType name="CMSDataObjectOptionalMetaType">
+ <xsd:sequence>
+ <xsd:element name="MetaInfo" type="MetaInfoType"
+ minOccurs="0" />
+ <xsd:element name="Content" type="CMSContentBaseType" />
+ </xsd:sequence>
+ </xsd:complexType>
+ <xsd:complexType name="CMSContentBaseType">
+ <xsd:complexContent>
+ <xsd:restriction base="ContentOptionalRefType">
+ <xsd:choice minOccurs="0">
+ <xsd:element name="Base64Content" type="xsd:base64Binary" />
+ </xsd:choice>
+ </xsd:restriction>
+ </xsd:complexContent>
+ </xsd:complexType>
+ <xsd:complexType name="CheckResultType">
+ <xsd:sequence>
+ <xsd:element name="Code" type="xsd:nonNegativeInteger" />
+ <xsd:element name="Info" type="AnyChildrenType"
+ minOccurs="0" />
+ </xsd:sequence>
+ </xsd:complexType>
+ <xsd:complexType name="ReferencesCheckResultType">
+ <xsd:complexContent>
+ <xsd:restriction base="CheckResultType">
+ <xsd:sequence>
+ <xsd:element name="Code" type="xsd:nonNegativeInteger" />
+ <xsd:element name="Info" type="ReferencesCheckResultInfoType"
+ minOccurs="0" />
+ </xsd:sequence>
+ </xsd:restriction>
+ </xsd:complexContent>
+ </xsd:complexType>
+ <xsd:complexType name="ReferencesCheckResultInfoType"
+ mixed="true">
+ <xsd:complexContent mixed="true">
+ <xsd:restriction base="AnyChildrenType">
+ <xsd:sequence>
+ <xsd:any namespace="##other" processContents="lax"
+ minOccurs="0" maxOccurs="unbounded" />
+ <xsd:element name="FailedReference" type="xsd:positiveInteger"
+ minOccurs="0" maxOccurs="unbounded" />
+ </xsd:sequence>
+ </xsd:restriction>
+ </xsd:complexContent>
+ </xsd:complexType>
+ <xsd:complexType name="ManifestRefsCheckResultType">
+ <xsd:complexContent>
+ <xsd:restriction base="CheckResultType">
+ <xsd:sequence>
+ <xsd:element name="Code" type="xsd:nonNegativeInteger" />
+ <xsd:element name="Info" type="ManifestRefsCheckResultInfoType" />
+ </xsd:sequence>
+ </xsd:restriction>
+ </xsd:complexContent>
+ </xsd:complexType>
+ <xsd:complexType name="ManifestRefsCheckResultInfoType"
+ mixed="true">
+ <xsd:complexContent mixed="true">
+ <xsd:restriction base="AnyChildrenType">
+ <xsd:sequence>
+ <xsd:any namespace="##other" processContents="lax"
+ minOccurs="0" maxOccurs="unbounded" />
+ <xsd:element name="FailedReference" type="xsd:positiveInteger"
+ minOccurs="0" maxOccurs="unbounded" />
+ <xsd:element name="ReferringSigReference" type="xsd:positiveInteger" />
+ </xsd:sequence>
+ </xsd:restriction>
+ </xsd:complexContent>
+ </xsd:complexType>
+ <!--########## Error Response ### -->
+ <xsd:element name="ErrorResponse" type="ErrorResponseType">
+ <xsd:annotation>
+ <xsd:documentation>Resultat, falls die Signaturerstellung gescheitert
+ ist</xsd:documentation>
+ </xsd:annotation>
+ </xsd:element>
+ <xsd:complexType name="ErrorResponseType">
+ <xsd:sequence>
+ <xsd:element name="ErrorCode" type="xsd:integer" />
+ <xsd:element name="Info" type="xsd:string" />
+ </xsd:sequence>
+ </xsd:complexType>
+ <!--########## Auxiliary Types ### -->
+ <xsd:simpleType name="KeyIdentifierType">
+ <xsd:restriction base="xsd:string" />
+ </xsd:simpleType>
+ <xsd:simpleType name="KeyStorageType">
+ <xsd:restriction base="xsd:string">
+ <xsd:enumeration value="Software" />
+ <xsd:enumeration value="Hardware" />
+ </xsd:restriction>
+ </xsd:simpleType>
+ <xsd:simpleType name="MimeTypeType">
+ <xsd:restriction base="xsd:token" />
+ </xsd:simpleType>
+ <xsd:complexType name="AnyChildrenType" mixed="true">
+ <xsd:sequence>
+ <xsd:any namespace="##any" processContents="lax" minOccurs="0"
+ maxOccurs="unbounded" />
+ </xsd:sequence>
+ </xsd:complexType>
+ <xsd:complexType name="XMLContentType" mixed="true">
+ <xsd:complexContent mixed="true">
+ <xsd:extension base="AnyChildrenType">
+ <xsd:attribute ref="xml:space" use="optional" />
+ </xsd:extension>
+ </xsd:complexContent>
+ </xsd:complexType>
+ <xsd:complexType name="ContentBaseType">
+ <xsd:choice minOccurs="0">
+ <xsd:element name="Base64Content" type="xsd:base64Binary" />
+ <xsd:element name="XMLContent" type="XMLContentType" />
+ <xsd:element name="LocRefContent" type="xsd:anyURI" />
+ </xsd:choice>
+ </xsd:complexType>
+ <xsd:complexType name="ContentExLocRefBaseType">
+ <xsd:complexContent>
+ <xsd:restriction base="ContentBaseType">
+ <xsd:choice minOccurs="0">
+ <xsd:element name="Base64Content" type="xsd:base64Binary" />
+ <xsd:element name="XMLContent" type="XMLContentType" />
+ </xsd:choice>
+ </xsd:restriction>
+ </xsd:complexContent>
+ </xsd:complexType>
+ <xsd:complexType name="ContentOptionalRefType">
+ <xsd:complexContent>
+ <xsd:extension base="ContentBaseType">
+ <xsd:attribute name="Reference" type="xsd:anyURI" use="optional" />
+ </xsd:extension>
+ </xsd:complexContent>
+ </xsd:complexType>
+ <xsd:complexType name="ContentRequiredRefType">
+ <xsd:complexContent>
+ <xsd:restriction base="ContentOptionalRefType">
+ <xsd:choice minOccurs="0">
+ <xsd:element name="Base64Content" type="xsd:base64Binary" />
+ <xsd:element name="XMLContent" type="XMLContentType" />
+ <xsd:element name="LocRefContent" type="xsd:anyURI" />
+ </xsd:choice>
+ <xsd:attribute name="Reference" type="xsd:anyURI" use="required" />
+ </xsd:restriction>
+ </xsd:complexContent>
+ </xsd:complexType>
+ <xsd:complexType name="VerifyTransformsDataType">
+ <xsd:choice maxOccurs="unbounded">
+ <xsd:annotation>
+ <xsd:documentation>Ein oder mehrere Transformationswege können von
+ der Applikation an MOA mitgeteilt werden. Die zu prüfende Signatur
+ hat zumindest einem dieser Transformationswege zu entsprechen. Die
+ Angabe kann explizit oder als Profilbezeichner erfolgen.
+ </xsd:documentation>
+ </xsd:annotation>
+ <xsd:element ref="VerifyTransformsInfoProfile" />
+ <xsd:element name="VerifyTransformsInfoProfileID" type="xsd:string">
+ <xsd:annotation>
+ <xsd:documentation>Profilbezeichner für einen Transformationsweg
+ </xsd:documentation>
+ </xsd:annotation>
+ </xsd:element>
+ </xsd:choice>
+ </xsd:complexType>
+ <xsd:element name="QualifiedCertificate" />
+ <xsd:element name="PublicAuthority" type="PublicAuthorityType" />
+ <xsd:complexType name="PublicAuthorityType">
+ <xsd:sequence>
+ <xsd:element name="Code" type="xsd:string" minOccurs="0" />
+ </xsd:sequence>
+ </xsd:complexType>
+ <xsd:simpleType name="SignatoriesType">
+ <xsd:union memberTypes="AllSignatoriesType">
+ <xsd:simpleType>
+ <xsd:list itemType="xsd:positiveInteger" />
+ </xsd:simpleType>
+ </xsd:union>
+ </xsd:simpleType>
+ <xsd:simpleType name="AllSignatoriesType">
+ <xsd:restriction base="xsd:string">
+ <xsd:enumeration value="all" />
+ </xsd:restriction>
+ </xsd:simpleType>
+ <xsd:complexType name="CreateSignatureLocationType">
+ <xsd:simpleContent>
+ <xsd:extension base="xsd:token">
+ <xsd:attribute name="Index" type="xsd:nonNegativeInteger"
+ use="required" />
+ </xsd:extension>
+ </xsd:simpleContent>
+ </xsd:complexType>
+ <xsd:complexType name="TransformParameterType">
+ <xsd:choice minOccurs="0">
+ <xsd:annotation>
+ <xsd:documentation>Die Angabe des Transformationsparameters
+ (explizit oder als Hashwert) kann unterlassen werden, wenn die
+ Applikation von der Unveränderlichkeit des Inhalts der in
+ "Transformationsparamter", Attribut "URI" angegebenen URI ausgehen
+ kann.</xsd:documentation>
+ </xsd:annotation>
+ <xsd:element name="Base64Content" type="xsd:base64Binary">
+ <xsd:annotation>
+ <xsd:documentation>Der Transformationsparameter explizit angegeben.
+ </xsd:documentation>
+ </xsd:annotation>
+ </xsd:element>
+ <xsd:element name="Hash">
+ <xsd:annotation>
+ <xsd:documentation>Der Hashwert des Transformationsparameters.
+ </xsd:documentation>
+ </xsd:annotation>
+ <xsd:complexType>
+ <xsd:sequence>
+ <xsd:element ref="dsig:DigestMethod" />
+ <xsd:element ref="dsig:DigestValue" />
+ </xsd:sequence>
+ </xsd:complexType>
+ </xsd:element>
+ </xsd:choice>
+ <xsd:attribute name="URI" type="xsd:anyURI" use="required" />
+ </xsd:complexType>
+ <xsd:element name="CreateSignatureEnvironmentProfile">
+ <xsd:complexType>
+ <xsd:sequence>
+ <xsd:element name="CreateSignatureLocation" type="CreateSignatureLocationType" />
+ <xsd:element name="Supplement" type="XMLDataObjectAssociationType"
+ minOccurs="0" maxOccurs="unbounded" />
+ </xsd:sequence>
+ </xsd:complexType>
+ </xsd:element>
+ <xsd:element name="VerifyTransformsInfoProfile">
+ <xsd:annotation>
+ <xsd:documentation>Explizite Angabe des Transformationswegs
+ </xsd:documentation>
+ </xsd:annotation>
+ <xsd:complexType>
+ <xsd:sequence>
+ <xsd:element ref="dsig:Transforms" minOccurs="0" />
+ <xsd:element name="TransformParameter" type="TransformParameterType"
+ minOccurs="0" maxOccurs="unbounded">
+ <xsd:annotation>
+ <xsd:documentation>Alle impliziten Transformationsparameter, die
+ zum Durchlaufen der oben angeführten Transformationskette bekannt
+ sein müssen, müssen hier angeführt werden. Das Attribut "URI"
+ bezeichnet den Transformationsparameter in exakt jener Weise, wie
+ er in der zu überprüfenden Signatur gebraucht wird.
+ </xsd:documentation>
+ </xsd:annotation>
+ </xsd:element>
+ </xsd:sequence>
+ </xsd:complexType>
+ </xsd:element>
+ <xsd:element name="Supplement" type="XMLDataObjectAssociationType" />
+ <xsd:element name="SupplementProfile" type="XMLDataObjectAssociationType" />
+ <xsd:element name="CreateTransformsInfoProfile">
+ <xsd:complexType>
+ <xsd:sequence>
+ <xsd:element name="CreateTransformsInfo" type="TransformsInfoType" />
+ <xsd:element ref="Supplement" minOccurs="0" maxOccurs="unbounded" />
+ </xsd:sequence>
+ </xsd:complexType>
+ </xsd:element>
+</xsd:schema>