diff options
Diffstat (limited to 'id/server')
12 files changed, 957 insertions, 173 deletions
| diff --git a/id/server/auth/pom.xml b/id/server/auth/pom.xml index c50d4ce47..b9c55148c 100644 --- a/id/server/auth/pom.xml +++ b/id/server/auth/pom.xml @@ -92,15 +92,6 @@          <!-- we need Axis 1.1 here, 1.0 is included in SPSS -->  		<dependency> -			<groupId>axis</groupId> -			<artifactId>axis</artifactId> -		</dependency> -		<dependency> -    		<groupId>org.tuckey</groupId> -    		<artifactId>urlrewritefilter</artifactId> -    		<version>4.0.4</version> -		</dependency> -		<dependency>  			<groupId>MOA.spss.server</groupId>  			<artifactId>moa-spss-lib</artifactId>  			<exclusions> @@ -109,13 +100,13 @@  					<groupId>iaik</groupId>  				</exclusion>  				<exclusion> -					<artifactId>axis-wsdl4j</artifactId> -					<groupId>axis</groupId> -				</exclusion> -				<exclusion>  					<groupId>commons-logging</groupId>  					<artifactId>commons-logging</artifactId>  				</exclusion> +				<exclusion> +					<artifactId>axis-wsdl4j</artifactId> +					<groupId>axis</groupId> +				</exclusion>  			</exclusions>  		</dependency>  		<dependency> @@ -130,6 +121,10 @@  					<groupId>ch.qos.logback</groupId>  					<artifactId>logback-classic</artifactId>  				</exclusion> +				<exclusion> +					<artifactId>axis</artifactId> +					<groupId>axis</groupId> +				</exclusion>  			</exclusions>  		</dependency> diff --git a/id/server/auth/src/main/webapp/WEB-INF/server-config.wsdd b/id/server/auth/src/main/webapp/WEB-INF/server-config.wsdd deleted file mode 100644 index 121ec3cf9..000000000 --- a/id/server/auth/src/main/webapp/WEB-INF/server-config.wsdd +++ /dev/null @@ -1,29 +0,0 @@ -<?xml version="1.0" encoding="UTF-8"?>
 -<deployment name="defaultClientConfig"
 -            xmlns="http://xml.apache.org/axis/wsdd/"
 -            xmlns:java="http://xml.apache.org/axis/wsdd/providers/java"
 -            xmlns:handler="http://xml.apache.org/axis/wsdd/providers/handler">
 -
 -  <handler name="URLMapper" type="java:org.apache.axis.handlers.http.URLMapper"/>
 -  <handler name="MsgDispatcher" type="java:org.apache.axis.providers.java.MsgProvider"/>
 -  <handler name="HTTPAuthHandler" type="java:org.apache.axis.handlers.http.HTTPAuthHandler"/>
 -
 -  <service name="GetAuthenticationData" provider="java:MSG">
 -    <namespace>urn:oasis:names:tc:SAML:1.0:protocol</namespace>
 -    <parameter name="allowedMethods" value="Request"/>
 -    <parameter name="className" value="at.gv.egovernment.moa.id.protocols.saml1.GetAuthenticationDataService"/>
 -    <wsdlFile>/resources/wsdl/MOA-ID-1.x.wsdl</wsdlFile>
 -    <requestFlow>
 -    </requestFlow>
 -    <responseFlow>
 -    </responseFlow>
 -  </service>
 -
 -  <transport name="http">
 -    <requestFlow>
 -      <handler type="URLMapper"/>
 -      <handler type="HTTPAuthHandler"/>
 -    </requestFlow>
 -  </transport>
 -
 -</deployment>
 diff --git a/id/server/auth/src/main/webapp/WEB-INF/web.xml b/id/server/auth/src/main/webapp/WEB-INF/web.xml index 4b129f374..92dcf1266 100644 --- a/id/server/auth/src/main/webapp/WEB-INF/web.xml +++ b/id/server/auth/src/main/webapp/WEB-INF/web.xml @@ -112,7 +112,7 @@  		<url-pattern>/idpSingleLogout</url-pattern>  	</servlet-mapping> --> -	<servlet> +<!-- 	<servlet>  		<display-name>Apache-Axis Servlet</display-name>  		<servlet-name>AxisServlet</servlet-name>  		<servlet-class>org.apache.axis.transport.http.AxisServlet</servlet-class> @@ -120,7 +120,7 @@  	<servlet-mapping>  		<servlet-name>AxisServlet</servlet-name>  		<url-pattern>/services/*</url-pattern> -	</servlet-mapping> +	</servlet-mapping> -->  <!-- 	<servlet>  		<display-name>Dispatcher Servlet</display-name> diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/interceptor/WebFrontEndSecurityInterceptor.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/interceptor/WebFrontEndSecurityInterceptor.java index 7835687e8..c5a9ad34b 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/interceptor/WebFrontEndSecurityInterceptor.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/interceptor/WebFrontEndSecurityInterceptor.java @@ -34,6 +34,7 @@ import at.gv.egovernment.moa.id.config.auth.AuthConfiguration;  import at.gv.egovernment.moa.id.util.HTTPUtils;  import at.gv.egovernment.moa.id.util.MOAIDMessageProvider;  import at.gv.egovernment.moa.logging.Logger; +import at.gv.egovernment.moa.util.MiscUtil;  /**   * @author tlenz @@ -49,7 +50,15 @@ public class WebFrontEndSecurityInterceptor implements HandlerInterceptor {  	@Override  	public boolean preHandle(HttpServletRequest request, HttpServletResponse response, Object handler)  			throws Exception { - +		 +		//only for SAML1 GetAuthenticationData webService functionality +		String requestedServlet = request.getServletPath();		 +		if (MiscUtil.isNotEmpty(requestedServlet) && requestedServlet.startsWith("/services/GetAuthenticationData")) { +			Logger.debug("SAML1 GetAuthenticationServices allow access without SSL"); +			return true; +			 +		} +		  		//check AuthURL  	    String authURL = HTTPUtils.extractAuthURLFromRequest(request);  		if (!authURL.startsWith("https:") && !authConfig.isHTTPAuthAllowed()) { diff --git a/id/server/modules/moa-id-modul-citizencard_authentication/src/main/java/at/gv/egovernment/moa/id/auth/builder/SAMLResponseBuilder.java b/id/server/modules/moa-id-modul-citizencard_authentication/src/main/java/at/gv/egovernment/moa/id/auth/builder/SAMLResponseBuilder.java index 8b0d906fe..306c871fc 100644 --- a/id/server/modules/moa-id-modul-citizencard_authentication/src/main/java/at/gv/egovernment/moa/id/auth/builder/SAMLResponseBuilder.java +++ b/id/server/modules/moa-id-modul-citizencard_authentication/src/main/java/at/gv/egovernment/moa/id/auth/builder/SAMLResponseBuilder.java @@ -123,7 +123,8 @@ public class SAMLResponseBuilder implements Constants {          statusMessage,           StringUtils.removeXMLDeclaration(samlAssertion) });    		Element domResponse = DOMUtils.parseDocument(xmlResponse, false, ALL_SCHEMA_LOCATIONS, null).getDocumentElement(); -		  return domResponse; +		return domResponse; +		    	}    	catch (Throwable ex) {    		throw new BuildException( diff --git a/id/server/modules/moa-id-modules-saml1/src/main/java/at/gv/egovernment/moa/id/protocols/saml1/GetAuthenticationDataService.java b/id/server/modules/moa-id-modules-saml1/src/main/java/at/gv/egovernment/moa/id/protocols/saml1/GetAuthenticationDataService.java index 7e46e53fe..fc5837e51 100644 --- a/id/server/modules/moa-id-modules-saml1/src/main/java/at/gv/egovernment/moa/id/protocols/saml1/GetAuthenticationDataService.java +++ b/id/server/modules/moa-id-modules-saml1/src/main/java/at/gv/egovernment/moa/id/protocols/saml1/GetAuthenticationDataService.java @@ -46,18 +46,39 @@  package at.gv.egovernment.moa.id.protocols.saml1; +import java.io.BufferedReader; +import java.io.IOException; +import java.io.InputStream; +import java.io.InputStreamReader; +import java.io.StringWriter;  import java.util.Calendar; -import org.apache.axis.AxisFault; +import javax.servlet.http.HttpServletRequest; +import javax.servlet.http.HttpServletResponse; +import javax.xml.parsers.ParserConfigurationException; +import javax.xml.transform.TransformerException; +  import org.apache.commons.lang3.StringEscapeUtils; +import org.apache.velocity.VelocityContext; +import org.apache.velocity.app.VelocityEngine; +import org.springframework.beans.factory.annotation.Autowired; +import org.springframework.stereotype.Controller; +import org.springframework.web.bind.annotation.RequestMapping; +import org.springframework.web.bind.annotation.RequestMethod;  import org.w3c.dom.Element;  import org.w3c.dom.NodeList; +import org.xml.sax.SAXException;  import at.gv.egovernment.moa.id.auth.builder.SAMLResponseBuilder; +import at.gv.egovernment.moa.id.auth.exception.AuthenticationException;  import at.gv.egovernment.moa.id.auth.exception.MOAIDException; +import at.gv.egovernment.moa.id.auth.servlet.AbstractController;  import at.gv.egovernment.moa.id.util.ErrorResponseUtils; +import at.gv.egovernment.moa.id.util.HTTPUtils;  import at.gv.egovernment.moa.id.util.MOAIDMessageProvider;  import at.gv.egovernment.moa.id.util.Random; +import at.gv.egovernment.moa.id.util.VelocityProvider; +import at.gv.egovernment.moa.logging.Logger;  import at.gv.egovernment.moa.util.Constants;  import at.gv.egovernment.moa.util.DOMUtils;  import at.gv.egovernment.moa.util.DateTimeUtils; @@ -66,151 +87,262 @@ import at.gv.egovernment.moa.util.XPathUtils;  /**   * Web service for picking up authentication data created in the MOA-ID Auth component.   *  - * @author Paul Ivancsics - * @version $Id: GetAuthenticationDataService.java 1233 2012-01-26 21:59:33Z kstranacher $ - * @see at.gv.egovernment.moa.id.auth.AuthenticationServer#getAuthenticationData + * This getAssertion WebService implementations a hacked solution to integrate SAML1 into + * the new Spring based MOA-ID implementation. + *   + * @deprecated + * It is too bad about the time to implement a better solution,  + * since SAML1 is deprecated MOA-ID >= 2.0.0  + *  + * @author tlenz   */ -public class GetAuthenticationDataService implements Constants { +@Controller +public class GetAuthenticationDataService extends AbstractController implements Constants { -  /** -   * Constructor for GetAuthenticationDataService. -   */ -  public GetAuthenticationDataService() { -    super(); -  } +	@Autowired private SAML1AuthenticationServer saml1AuthServer; +	 +	private static final String PARAM_WSDL="wsdl"; +	private static final String PARAM_XSD="xsd"; +   +	private static final String TEMPLATE_PLAIN_INFO="plain_info.vm"; +	private static final String TEMPLATE_WSDL="wsdl/MOA-ID-1.x.vm"; +	private static final String TEMPLATE_XSD="wsdl/MOA-SPSS-1.2.vm";	 +	private static final String TEMPLATE_SOAP_ERROR="soap_error.vm"; +	private static final String TEMPLATE_SOAP_SUCCESS="soap_success.vm"; +	 +	private static final String SERVICE_ENDPOINT = "/services/GetAuthenticationData"; +	 +	private static final String CONTEXT_ENDPOINT = "endpoint"; +	private static final String CONTEXT_ERROR = "error"; +	 +	private static final String CONTEXT_SOAP_RESPONSEID = "responseID"; +	private static final String CONTEXT_SOAP_REQUESTEID = "requestID"; +	private static final String CONTEXT_SOAP_ISSUEINSTANT = "issueInstant"; +	private static final String CONTEXT_SOAP_ERRORMESSAGE = "errorMsg"; +	private static final String CONTEXT_SOAP_STATUSCODE = "statusCode"; +	private static final String CONTEXT_SOAP_ASSERTION = "assertion"; +	 +	@RequestMapping(value = "/services/GetAuthenticationData", method = {RequestMethod.POST}) +	public void getAuthenticationData(HttpServletRequest req, HttpServletResponse resp) +		    throws IOException { +		InputStream is = null; +		VelocityContext context = new VelocityContext(); +		try {  +			is = req.getInputStream();		 +			Element soapReq = DOMUtils.parseXmlNonValidating(is); -	/** -	 * Takes a <code>lt;samlp:Request></code> containing a  -	 * <code>SAML artifact</code> and returns the corresponding  -	 * authentication data <code>lt;saml:Assertion></code>  -	 * (obtained from the <code>AuthenticationServer</code>), -	 * enclosed in a <code>lt;samlp:Response></code>. -	 * <br/>Bad requests are mapped into various <code>lt;samlp:StatusCode></code>s, -	 * possibly containing enclosed sub-<code>lt;samlp:StatusCode></code>s. -	 * The status codes are defined in the SAML specification. -	 *  -	 * @param requests request elements of type <code>lt;samlp:Request></code>; -	 * 				 only 1 request element is allowed -	 * @return response element of type <code>lt;samlp:Response></code>, -	 * 				  packed into an <code>Element[]</code> -	 * @throws AxisFault thrown when an error occurs in assembling the  -	 * 					<code>lt;samlp:Response></code> -	 */ -  public Element[] Request(Element[] requests)  -  	throws AxisFault { -  		 -		Element request = requests[0]; -		Element[] responses = new Element[1]; +			//process request +			Element soapResp = processRequest(soapReq);  +		     +			String respString = DOMUtils.serializeNode(soapResp, true); +			 +			resp.setContentType("text/xml;charset=UTF-8"); +			context.put(CONTEXT_SOAP_ASSERTION, respString); +			evaluateTemplate(context, resp, TEMPLATE_SOAP_SUCCESS); +						 +		} catch (ParserConfigurationException | SAXException | IOException | TransformerException e) { +			Logger.error("SAML1 GetAuthenticationData receive a non-valid request.", e); +			resp.setContentType("text/xml;charset=UTF-8"); +					 +			context.put(CONTEXT_SOAP_ISSUEINSTANT, DateTimeUtils.buildDateTimeUTC(Calendar.getInstance())); +			context.put(CONTEXT_SOAP_RESPONSEID, Random.nextRandom()); +			context.put(CONTEXT_SOAP_STATUSCODE, "samlp:Requester"); +			context.put(CONTEXT_SOAP_ERRORMESSAGE, e.getMessage()); +			 +			evaluateTemplate(context, resp, TEMPLATE_SOAP_ERROR); +			 +		} catch (SAML1AssertionResponseBuildException e) { +			Logger.error("SAML1 GetAuthenticationData response build failed..", e); +			resp.setContentType("text/xml;charset=UTF-8"); +			 +			context.put(CONTEXT_SOAP_ISSUEINSTANT, e.getIssueInstant()); +			context.put(CONTEXT_SOAP_REQUESTEID, e.getRequestID()); +			context.put(CONTEXT_SOAP_RESPONSEID, e.getResponseID()); +			context.put(CONTEXT_SOAP_STATUSCODE, "samlp:Responder"); +			context.put(CONTEXT_SOAP_ERRORMESSAGE, e.getMessage()); +			 +			evaluateTemplate(context, resp, TEMPLATE_SOAP_ERROR); +			 +		} finally { +			try { +				if (is != null) +					is.close(); +				 +			} catch (Exception e) { +								 +			}			 +		}		 +	} +		 +	@RequestMapping(value = "/services/GetAuthenticationData", method = {RequestMethod.GET}) +	public void getAuthenticationDataWSDL(HttpServletRequest req, HttpServletResponse resp) +		    throws Exception {		 +		String wsdl_param = req.getParameter(PARAM_WSDL); +		String xsd_param = req.getParameter(PARAM_XSD); +				 +		String fullServiceEndPoint = HTTPUtils.extractAuthURLFromRequest(req) + SERVICE_ENDPOINT; +		 +		VelocityContext context = new VelocityContext();		 +		context.put(CONTEXT_ENDPOINT, fullServiceEndPoint); +		 +		if (wsdl_param != null) { +			//print wsdl +			resp.setContentType("text/xml;charset=UTF-8"); +			evaluateTemplate(context, resp, TEMPLATE_WSDL); +			 +		} else if (xsd_param != null){ +			//print xsd +			resp.setContentType("text/xml;charset=UTF-8"); +			evaluateTemplate(context, resp, TEMPLATE_XSD); +						 +		} else { +			//print plain info +			resp.setContentType("text/html;charset=UTF-8"); +			evaluateTemplate(context, resp, TEMPLATE_PLAIN_INFO); +			 +		} +				 +	} +	 +	private Element processRequest(Element soapReq) throws ParserConfigurationException, IOException, SAXException, TransformerException, SAML1AssertionResponseBuildException {  		String requestID = "";  		String statusCode = "";  		String subStatusCode = null;  		String statusMessageCode = null;  		String statusMessage = null;  		String samlAssertion = ""; -		if (requests.length > 1) { -			// more than 1 request given as parameter -			statusCode = "samlp:Requester"; -			subStatusCode = "samlp:TooManyResponses"; -			statusMessageCode = "1201"; -		} +		Element responses; + +		//select soap-body element +		NodeList saml1ReqList = soapReq.getElementsByTagNameNS(soapReq.getNamespaceURI(), "Body");;				 +		if (saml1ReqList.getLength() != 1) { +			saml1ReqList = soapReq.getElementsByTagNameNS(soapReq.getNamespaceURI(), "body");; +			if (saml1ReqList.getLength() != 1) { +				throw new SAXException("No unique 'soap-env:Body' element."); +				 +			}	 +		}  +		 +		//get first child from body --> should be the SAML1 Request element  +		Element saml1Req; +		if (saml1ReqList.item(0).getFirstChild() instanceof Element) +			saml1Req = (Element) saml1ReqList.item(0).getFirstChild(); +			  		else { -			try { -				DOMUtils.validateElement(request, ALL_SCHEMA_LOCATIONS, null); -				NodeList samlArtifactList = XPathUtils.selectNodeList(request, "samlp:AssertionArtifact"); -				if (samlArtifactList.getLength() == 0) { -					// no SAML artifact given in request -					statusCode = "samlp:Requester"; -					statusMessageCode = "1202"; -				} -				else if (samlArtifactList.getLength() > 1) { -					// too many SAML artifacts given in request -					statusCode = "samlp:Requester"; -					subStatusCode = "samlp:TooManyResponses"; -					statusMessageCode = "1203"; -				} +			throw new SAXException("First child of 'soap-env:Body' element has a wrong type."); -				else { -					Element samlArtifactElem = (Element)samlArtifactList.item(0); -                    requestID = request.getAttribute("RequestID"); -					String samlArtifact = DOMUtils.getText(samlArtifactElem); -					 -					 -					//SAML1AuthenticationServer saml1server = SAML1AuthenticationServer.getInstace(); -					 -					try { +		} -						samlAssertion = "Find a solution to integrate Axis 1 into Spring"; -						//samlAssertion = saml1server.getSaml1AuthenticationData(samlArtifact); -                         -						// success -						statusCode = "samlp:Success"; -						statusMessageCode = "1200"; -					} -					 -					catch (ClassCastException ex) { +		//validate the SAML1 request element, which we selected above  +		DOMUtils.validateElement(saml1Req, ALL_SCHEMA_LOCATIONS, null);	 +		 +		//parse inforamtion from SAML1 request +		try { +			NodeList samlArtifactList = XPathUtils.selectNodeList(saml1Req, "samlp:AssertionArtifact"); +			if (samlArtifactList.getLength() == 0) { +				// no SAML artifact given in request +				statusCode = "samlp:Requester"; +				statusMessageCode = "1202"; +				 +			} else if (samlArtifactList.getLength() > 1) { +				// too many SAML artifacts given in request +				statusCode = "samlp:Requester"; +				subStatusCode = "samlp:TooManyResponses"; +				statusMessageCode = "1203"; +				 +			} else { +				Element samlArtifactElem = (Element)samlArtifactList.item(0); +                requestID = saml1Req.getAttribute("RequestID"); +				String samlArtifact = DOMUtils.getText(samlArtifactElem); +								 +				try { +					samlAssertion = saml1AuthServer.getSaml1AuthenticationData(samlArtifact); +                     +					// success +					statusCode = "samlp:Success"; +					statusMessageCode = "1200"; -						try { -							//Throwable error = saml1server.getErrorResponse(samlArtifact); -							Throwable error = new Exception("Find a solution to integrate Axis 1 into Spring"); -							statusCode = "samlp:Responder"; +				} catch (ClassCastException ex) {				 +					try { +						Throwable error = saml1AuthServer.getErrorResponse(samlArtifact); +						statusCode = "samlp:Responder"; +						 +						ErrorResponseUtils errorUtils = ErrorResponseUtils.getInstance(); +						 +						if (error instanceof MOAIDException) { +							statusMessageCode = ((MOAIDException)error).getMessageId(); +							statusMessage = StringEscapeUtils.escapeXml(((MOAIDException)error).getMessage()); -							ErrorResponseUtils errorUtils = ErrorResponseUtils.getInstance(); +						} else { +							statusMessage = StringEscapeUtils.escapeXml(error.getMessage()); -							if (error instanceof MOAIDException) { -								statusMessageCode = ((MOAIDException)error).getMessageId(); -								statusMessage = StringEscapeUtils.escapeXml(((MOAIDException)error).getMessage()); -								 -							} else { -								statusMessage = StringEscapeUtils.escapeXml(error.getMessage()); -							}							 -							subStatusCode = errorUtils.getResponseErrorCode(error); -																 -						} catch (Exception e) { -							//no authentication data for given SAML artifact -							statusCode = "samlp:Requester"; -							subStatusCode = "samlp:ResourceNotRecognized"; -							statusMessage = ex.toString(); -						} -						 +						}							 +						subStatusCode = errorUtils.getResponseErrorCode(error); +															 +					} catch (Exception e) { +						//no authentication data for given SAML artifact +						statusCode = "samlp:Requester"; +						subStatusCode = "samlp:ResourceNotRecognized"; +						statusMessage = ex.toString();  					} -//					catch (AuthenticationException ex) { -//						//no authentication data for given SAML artifact -//						statusCode = "samlp:Requester"; -//						subStatusCode = "samlp:ResourceNotRecognized"; -//						statusMessage = ex.toString(); -//					} +				} catch (AuthenticationException ex) { +					//no authentication data for given SAML artifact +					statusCode = "samlp:Requester"; +					subStatusCode = "samlp:ResourceNotRecognized"; +					statusMessage = ex.toString();  				}  			} -	    catch (Throwable t) { -	    	// invalid request format -				statusCode = "samlp:Requester"; -				statusMessageCode = "1204"; -	    } +			 +			 +		} catch (Throwable t) { +			// invalid request format +			statusCode = "samlp:Requester"; +			statusMessageCode = "1204"; +			 +		} + +		String responseID = Random.nextRandom();			 +		String issueInstant = DateTimeUtils.buildDateTimeUTC(Calendar.getInstance()); + +		try {		 +			if (statusMessage == null) +				statusMessage = MOAIDMessageProvider.getInstance().getMessage(statusMessageCode, null); +				responses = new SAMLResponseBuilder().build( +						responseID, requestID, issueInstant, statusCode, subStatusCode, statusMessage, samlAssertion);			 +				return responses; +				 +		} catch (Throwable e) { +			throw new SAML1AssertionResponseBuildException(responseID, issueInstant,  +					requestID, "1299", e.getMessage(), e); +			 +		}  	} +	 +	 +	private void evaluateTemplate(VelocityContext context, HttpServletResponse httpResp, String templateURL) throws IOException { +		InputStream is = null; +		try { +			is = Thread.currentThread() +					.getContextClassLoader() +					.getResourceAsStream(templateURL);	 +		 +			VelocityEngine engine = VelocityProvider.getClassPathVelocityEngine();		 +			BufferedReader reader = new BufferedReader(new InputStreamReader(is ));				 +			StringWriter writer = new StringWriter();						 +			engine.evaluate(context, writer, "SAML1 GetAuthenticationData", reader);		             +			httpResp.getOutputStream().write(writer.toString().getBytes("UTF-8")); +			 +		} catch (Exception e) { +			Logger.error("SAML1 GetAuthenticationData has an error:", e); +			throw new IOException(e); +			 +		} finally { +			if (is != null)  +				is.close(); +			 +		}  -    try { -			String responseID = Random.nextRandom();			 -			String issueInstant = DateTimeUtils.buildDateTimeUTC(Calendar.getInstance()); -			 -      if (statusMessage == null) -			  statusMessage = MOAIDMessageProvider.getInstance().getMessage(statusMessageCode, null); -	    responses[0] = new SAMLResponseBuilder().build( -	    	responseID, requestID, issueInstant, statusCode, subStatusCode, statusMessage, samlAssertion); -     -  	} -    catch (MOAIDException e) { -	    AxisFault fault = AxisFault.makeFault(e); -	    fault.setFaultDetail(new Element[] { e.toErrorResponse()}); -	    throw fault; -    }  -    catch (Throwable t) { -	    MOAIDException e = new MOAIDException("1299", null, t); -	    AxisFault fault = AxisFault.makeFault(e); -	    fault.setFaultDetail(new Element[] { e.toErrorResponse()}); -	    throw fault; -    } -    return responses; -  } -  	 +	}  	  } + diff --git a/id/server/modules/moa-id-modules-saml1/src/main/java/at/gv/egovernment/moa/id/protocols/saml1/SAML1AssertionResponseBuildException.java b/id/server/modules/moa-id-modules-saml1/src/main/java/at/gv/egovernment/moa/id/protocols/saml1/SAML1AssertionResponseBuildException.java new file mode 100644 index 000000000..0c06a94df --- /dev/null +++ b/id/server/modules/moa-id-modules-saml1/src/main/java/at/gv/egovernment/moa/id/protocols/saml1/SAML1AssertionResponseBuildException.java @@ -0,0 +1,86 @@ +/* + * Copyright 2014 Federal Chancellery Austria + * MOA-ID has been developed in a cooperation between BRZ, the Federal + * Chancellery Austria - ICT staff unit, and Graz University of Technology. + * + * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by + * the European Commission - subsequent versions of the EUPL (the "Licence"); + * You may not use this work except in compliance with the Licence. + * You may obtain a copy of the Licence at: + * http://www.osor.eu/eupl/ + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the Licence is distributed on an "AS IS" basis, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the Licence for the specific language governing permissions and + * limitations under the Licence. + * + * This product combines work with different licenses. See the "NOTICE" text + * file for details on the various modules and licenses. + * The "NOTICE" text file is part of the distribution. Any derivative works + * that you distribute must include a readable copy of the "NOTICE" text file. + */ +package at.gv.egovernment.moa.id.protocols.saml1; + +/** + * @author tlenz + * + */ +public class SAML1AssertionResponseBuildException extends Exception { + +	private static final long serialVersionUID = -394698807368683821L; +	 +	private String responseID; +	private String issueInstant; +	private String requestID; +	private String errorCode; +	 +	/** +	 * @param responseID +	 * @param issueInstant +	 * @param requestID +	 * @param string +	 * @param message +	 */ +	public SAML1AssertionResponseBuildException(String responseID, String issueInstant, String requestID, String errorCode, +			String errorMsg, Throwable throwable) { +		super(errorMsg, throwable); +		 +		this.requestID = requestID; +		this.issueInstant = issueInstant; +		this.responseID = responseID; +		this.errorCode = errorCode; +	} + +	/** +	 * @return the responseID +	 */ +	public String getResponseID() { +		return responseID; +	} + +	/** +	 * @return the issueInstant +	 */ +	public String getIssueInstant() { +		return issueInstant; +	} + +	/** +	 * @return the requestID +	 */ +	public String getRequestID() { +		return requestID; +	} + +	/** +	 * @return the errorCode +	 */ +	public String getErrorCode() { +		return errorCode; +	} + +	 +	 + +} diff --git a/id/server/modules/moa-id-modules-saml1/src/main/resources/plain_info.vm b/id/server/modules/moa-id-modules-saml1/src/main/resources/plain_info.vm new file mode 100644 index 000000000..dfc11820f --- /dev/null +++ b/id/server/modules/moa-id-modules-saml1/src/main/resources/plain_info.vm @@ -0,0 +1,14 @@ +<html> +<head> +<meta content="text/html; charset=utf-8" http-equiv="Content-Type"> +</head> +<body> +<h1>GetAuthenticationData</h1> +<p>Hi there, this is an Web service!</p> +#if($error) +	<i>Your request has an error: $error</i> +#else +	<i>Perhaps there will be a form for invoking the service here...</i> +#end +</body> +</html> diff --git a/id/server/modules/moa-id-modules-saml1/src/main/resources/soap_error.vm b/id/server/modules/moa-id-modules-saml1/src/main/resources/soap_error.vm new file mode 100644 index 000000000..65945e2de --- /dev/null +++ b/id/server/modules/moa-id-modules-saml1/src/main/resources/soap_error.vm @@ -0,0 +1,4 @@ +<?xml version="1.0" encoding="UTF-8"?> +<soapenv:Envelope xmlns:soapenv="http://schemas.xmlsoap.org/soap/envelope/" xmlns:xsd="http://www.w3.org/2001/XMLSchema" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"> + <soapenv:Body><samlp:Response #if($requestID) InResponseTo="$requestID" #end IssueInstant="$issueInstant" MajorVersion="1" MinorVersion="0" ResponseID="$responseID" xmlns:saml="urn:oasis:names:tc:SAML:1.0:assertion" xmlns:samlp="urn:oasis:names:tc:SAML:1.0:protocol">  <samlp:Status>    <samlp:StatusCode Value="$statusCode"/>    <samlp:StatusMessage>$errorMsg</samlp:StatusMessage>  </samlp:Status>  </samlp:Response> </soapenv:Body> +</soapenv:Envelope>
\ No newline at end of file diff --git a/id/server/modules/moa-id-modules-saml1/src/main/resources/soap_success.vm b/id/server/modules/moa-id-modules-saml1/src/main/resources/soap_success.vm new file mode 100644 index 000000000..7dad2c259 --- /dev/null +++ b/id/server/modules/moa-id-modules-saml1/src/main/resources/soap_success.vm @@ -0,0 +1,4 @@ +<?xml version="1.0" encoding="UTF-8"?> +<soapenv:Envelope xmlns:soapenv="http://schemas.xmlsoap.org/soap/envelope/" xmlns:xsd="http://www.w3.org/2001/XMLSchema" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"> + <soapenv:Body>$assertion</soapenv:Body> +</soapenv:Envelope>
\ No newline at end of file diff --git a/id/server/modules/moa-id-modules-saml1/src/main/resources/wsdl/MOA-ID-1.x.vm b/id/server/modules/moa-id-modules-saml1/src/main/resources/wsdl/MOA-ID-1.x.vm new file mode 100644 index 000000000..74be59723 --- /dev/null +++ b/id/server/modules/moa-id-modules-saml1/src/main/resources/wsdl/MOA-ID-1.x.vm @@ -0,0 +1,40 @@ +<?xml version="1.0" encoding="UTF-8"?> +<definitions name="MOA" targetNamespace="http://reference.e-government.gv.at/namespace/moa/20020822#" xmlns="http://schemas.xmlsoap.org/wsdl/" xmlns:tns="http://reference.e-government.gv.at/namespace/moa/20020822#" xmlns:soap="http://schemas.xmlsoap.org/wsdl/soap/" xmlns:samlp="urn:oasis:names:tc:SAML:1.0:protocol" xmlns:moa="http://reference.e-government.gv.at/namespace/moa/20020822#" xmlns:xsd="http://www.w3.org/1999/XMLSchema" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:schemaLocation="http://schemas.xmlsoap.org/wsdl/ http://schemas.xmlsoap.org/wsdl/"> +	<import namespace="http://reference.e-government.gv.at/namespace/moa/20020822#" location="$endpoint?xsd"/> +	<message name="GetAuthenticationDataInput"> +		<part name="body" element="samlp:Request"/> +	</message> +	<message name="GetAuthenticationDataOutput"> +		<part name="body" element="samlp:Response"/> +	</message> +	<message name="MOAFault"> +		<part name="body" element="moa:ErrorResponse"/> +	</message> +	<portType name="IdentificationPortType"> +		<operation name="getAuthenticationData"> +			<input message="tns:GetAuthenticationDataInput"/> +			<output message="tns:GetAuthenticationDataOutput"/> +			<fault name="MOAFault" message="tns:MOAFault"/> +		</operation> +	</portType> +	<binding name="IdentificationBinding" type="tns:IdentificationPortType" xsi:schemaLocation="http://schemas.xmlsoap.org/wsdl/soap/ http://schemas.xmlsoap.org/wsdl/soap/"> +		<soap:binding style="document" transport="http://schemas.xmlsoap.org/soap/http"/> +		<operation name="getAuthenticationData"> +			<soap:operation soapAction="urn:GetAuthenticationDataAction"/> +			<input> +				<soap:body use="literal" namespace="http://reference.e-government.gv.at/namespace/moa/20020822#"/> +			</input> +			<output> +				<soap:body use="literal" namespace="http://reference.e-government.gv.at/namespace/moa/20020822#"/> +			</output> +			<fault name="MOAFault"> +				<soap:fault name="MOAFault" use="literal" namespace="http://reference.e-government.gv.at/namespace/moa/20020822#"/> +			</fault> +		</operation> +	</binding> +	<service name="GetAuthenticationDataService"> +		<port name="IdentificationPort" binding="tns:IdentificationBinding"> +			<soap:address location="$endpoint"/> +		</port> +	</service> +</definitions> diff --git a/id/server/modules/moa-id-modules-saml1/src/main/resources/wsdl/MOA-SPSS-1.2.vm b/id/server/modules/moa-id-modules-saml1/src/main/resources/wsdl/MOA-SPSS-1.2.vm new file mode 100644 index 000000000..4c86626a0 --- /dev/null +++ b/id/server/modules/moa-id-modules-saml1/src/main/resources/wsdl/MOA-SPSS-1.2.vm @@ -0,0 +1,528 @@ +<?xml version="1.0" encoding="UTF-8"?> +<!-- MOA SP/SS 1.2 Schema --> +<xsd:schema +	targetNamespace="http://reference.e-government.gv.at/namespace/moa/20020822#" +	xmlns:dsig="http://www.w3.org/2000/09/xmldsig#" xmlns:xsd="http://www.w3.org/2001/XMLSchema" +	xmlns="http://reference.e-government.gv.at/namespace/moa/20020822#" +	elementFormDefault="qualified" attributeFormDefault="unqualified" +	version="1.2"> +	<xsd:import namespace="http://www.w3.org/2000/09/xmldsig#" +		schemaLocation="http://www.w3.org/TR/xmldsig-core/xmldsig-core-schema.xsd" /> +	<xsd:import namespace="http://www.w3.org/XML/1998/namespace" +		schemaLocation="http://www.w3.org/2001/xml.xsd" /> +	<!--########## Create XML Signature ### --> +	<!--### Create XML Signature Request ### --> +	<xsd:element name="CreateXMLSignatureRequest"> +		<xsd:complexType> +			<xsd:complexContent> +				<xsd:extension base="CreateXMLSignatureRequestType" /> +			</xsd:complexContent> +		</xsd:complexType> +	</xsd:element> +	<xsd:complexType name="CreateXMLSignatureRequestType"> +		<xsd:sequence> +			<xsd:element name="KeyIdentifier" type="KeyIdentifierType" /> +			<xsd:element name="SingleSignatureInfo" maxOccurs="unbounded"> +				<xsd:annotation> +					<xsd:documentation>Ermöglichung der Stapelsignatur durch +						wiederholte Angabe dieses Elements</xsd:documentation> +				</xsd:annotation> +				<xsd:complexType> +					<xsd:sequence> +						<xsd:element name="DataObjectInfo" maxOccurs="unbounded"> +							<xsd:complexType> +								<xsd:complexContent> +									<xsd:extension base="DataObjectInfoType"> +										<xsd:attribute name="ChildOfManifest" type="xsd:boolean" +											use="optional" default="false" /> +									</xsd:extension> +								</xsd:complexContent> +							</xsd:complexType> +						</xsd:element> +						<xsd:element name="CreateSignatureInfo" minOccurs="0"> +							<xsd:complexType> +								<xsd:sequence> +									<xsd:element name="CreateSignatureEnvironment" +										type="ContentOptionalRefType" /> +									<xsd:choice> +										<xsd:annotation> +											<xsd:documentation>Auswahl: Entweder explizite Angabe des +												Signaturorts sowie ggf. sinnvoller Supplements im Zshg. mit +												der Signaturumgebung, oder Verweis auf ein benanntes Profil +											</xsd:documentation> +										</xsd:annotation> +										<xsd:element ref="CreateSignatureEnvironmentProfile" /> +										<xsd:element name="CreateSignatureEnvironmentProfileID" +											type="ProfileIdentifierType" /> +									</xsd:choice> +								</xsd:sequence> +							</xsd:complexType> +						</xsd:element> +					</xsd:sequence> +					<xsd:attribute name="SecurityLayerConformity" type="xsd:boolean" +						use="optional" default="true" /> +				</xsd:complexType> +			</xsd:element> +		</xsd:sequence> +	</xsd:complexType> +	<!--### Create XML Signature Response ### --> +	<xsd:complexType name="CreateXMLSignatureResponseType"> +		<xsd:choice maxOccurs="unbounded"> +			<xsd:annotation> +				<xsd:documentation>Kardinalität 1..oo erlaubt die Antwort auf eine +					Stapelsignatur-Anfrage</xsd:documentation> +			</xsd:annotation> +			<xsd:element name="SignatureEnvironment"> +				<xsd:annotation> +					<xsd:documentation>Resultat, falls die Signaturerstellung +						erfolgreich war</xsd:documentation> +				</xsd:annotation> +				<xsd:complexType> +					<xsd:sequence> +						<xsd:any namespace="##any" processContents="lax" /> +					</xsd:sequence> +				</xsd:complexType> +			</xsd:element> +			<xsd:element ref="ErrorResponse" /> +		</xsd:choice> +	</xsd:complexType> +	<xsd:element name="CreateXMLSignatureResponse" type="CreateXMLSignatureResponseType" /> +	<!--########## Verify CMS Signature ### --> +	<!--### Verifiy CMS Signature Request ### --> +	<xsd:element name="VerifyCMSSignatureRequest"> +		<xsd:complexType> +			<xsd:complexContent> +				<xsd:extension base="VerifyCMSSignatureRequestType"> +					<xsd:attribute name="Signatories" type="SignatoriesType" +						use="optional" default="1" /> +				</xsd:extension> +			</xsd:complexContent> +		</xsd:complexType> +	</xsd:element> +	<xsd:complexType name="VerifyCMSSignatureRequestType"> +		<xsd:sequence> +			<xsd:element name="DateTime" type="xsd:dateTime" +				minOccurs="0" /> +			<xsd:element name="CMSSignature" type="xsd:base64Binary" /> +			<xsd:element name="DataObject" type="CMSDataObjectOptionalMetaType" +				minOccurs="0" /> +			<xsd:element name="TrustProfileID"> +				<xsd:annotation> +					<xsd:documentation>mit diesem Profil wird eine Menge von +						vertrauenswürdigen Wurzelzertifikaten spezifiziert +					</xsd:documentation> +				</xsd:annotation> +			</xsd:element> +		</xsd:sequence> +	</xsd:complexType> +	<!--### Verify CMS Signature Response ### --> +	<xsd:element name="VerifyCMSSignatureResponse" type="VerifyCMSSignatureResponseType" /> +	<xsd:complexType name="VerifyCMSSignatureResponseType"> +		<xsd:sequence maxOccurs="unbounded"> +			<xsd:element name="SignerInfo" type="dsig:KeyInfoType"> +				<xsd:annotation> +					<xsd:documentation>only ds:X509Data and RetrievalMethod is +						supported; QualifiedCertificate is included as +						X509Data/any;publicAuthority is included as X509Data/any +					</xsd:documentation> +				</xsd:annotation> +			</xsd:element> +			<xsd:element name="SignatureCheck" type="CheckResultType" /> +			<xsd:element name="CertificateCheck" type="CheckResultType" /> +		</xsd:sequence> +	</xsd:complexType> +	<!--########## Verify XML Signature ### --> +	<!--### Verify XML Signature Request ### --> +	<xsd:element name="VerifyXMLSignatureRequest" type="VerifyXMLSignatureRequestType" /> +	<xsd:complexType name="VerifyXMLSignatureRequestType"> +		<xsd:sequence> +			<xsd:element name="DateTime" type="xsd:dateTime" +				minOccurs="0" /> +			<xsd:element name="VerifySignatureInfo"> +				<xsd:complexType> +					<xsd:sequence> +						<xsd:element name="VerifySignatureEnvironment" type="ContentOptionalRefType" /> +						<xsd:element name="VerifySignatureLocation" type="xsd:token" /> +					</xsd:sequence> +				</xsd:complexType> +			</xsd:element> +			<xsd:choice minOccurs="0" maxOccurs="unbounded"> +				<xsd:element ref="SupplementProfile" /> +				<xsd:element name="SupplementProfileID" type="xsd:string" /> +			</xsd:choice> +			<xsd:element name="SignatureManifestCheckParams" +				minOccurs="0"> +				<xsd:complexType> +					<xsd:sequence> +						<xsd:element name="ReferenceInfo" type="VerifyTransformsDataType" +							maxOccurs="unbounded"> +							<xsd:annotation> +								<xsd:documentation>Pro dsig:Reference-Element in der zu +									überprüfenden XML-Signatur muss hier ein ReferenceInfo-Element +									erscheinen. Die Reihenfolge der einzelnen ReferenceInfo +									Elemente entspricht jener der dsig:Reference Elemente in der +									XML-Signatur.</xsd:documentation> +							</xsd:annotation> +						</xsd:element> +					</xsd:sequence> +					<xsd:attribute name="ReturnReferenceInputData" type="xsd:boolean" +						use="optional" default="true" /> +				</xsd:complexType> +			</xsd:element> +			<xsd:element name="ReturnHashInputData" minOccurs="0" /> +			<xsd:element name="TrustProfileID"> +				<xsd:annotation> +					<xsd:documentation>mit diesem Profil wird eine Menge von +						vertrauenswürdigen Wurzelzertifikaten spezifiziert +					</xsd:documentation> +				</xsd:annotation> +			</xsd:element> +		</xsd:sequence> +	</xsd:complexType> +	<!--### Verify XML Signature Response ### --> +	<xsd:element name="VerifyXMLSignatureResponse" type="VerifyXMLSignatureResponseType" /> +	<xsd:complexType name="VerifyXMLSignatureResponseType"> +		<xsd:sequence> +			<xsd:element name="SignerInfo" type="dsig:KeyInfoType"> +				<xsd:annotation> +					<xsd:documentation>only ds:X509Data and ds:RetrievalMethod is +						supported; QualifiedCertificate is included as X509Data/any; +						PublicAuthority is included as X509Data/any</xsd:documentation> +				</xsd:annotation> +			</xsd:element> +			<xsd:element name="HashInputData" type="ContentExLocRefBaseType" +				minOccurs="0" maxOccurs="unbounded" /> +			<xsd:element name="ReferenceInputData" type="ContentExLocRefBaseType" +				minOccurs="0" maxOccurs="unbounded" /> +			<xsd:element name="SignatureCheck" type="ReferencesCheckResultType" /> +			<xsd:element name="SignatureManifestCheck" type="ReferencesCheckResultType" +				minOccurs="0" /> +			<xsd:element name="XMLDSIGManifestCheck" type="ManifestRefsCheckResultType" +				minOccurs="0" maxOccurs="unbounded" /> +			<xsd:element name="CertificateCheck" type="CheckResultType" /> +		</xsd:sequence> +	</xsd:complexType> +	<xsd:simpleType name="ProfileIdentifierType"> +		<xsd:restriction base="xsd:token" /> +	</xsd:simpleType> +	<xsd:complexType name="MetaInfoType"> +		<xsd:sequence> +			<xsd:element name="MimeType" type="MimeTypeType" /> +			<xsd:element name="Description" type="xsd:anyURI" +				minOccurs="0" /> +			<xsd:any namespace="##other" minOccurs="0" maxOccurs="unbounded" /> +		</xsd:sequence> +	</xsd:complexType> +	<xsd:complexType name="FinalDataMetaInfoType"> +		<xsd:complexContent> +			<xsd:extension base="MetaInfoType"> +				<xsd:sequence> +					<xsd:element name="Type" type="xsd:anyURI" minOccurs="0" /> +				</xsd:sequence> +			</xsd:extension> +		</xsd:complexContent> +	</xsd:complexType> +	<xsd:complexType name="DataObjectInfoType"> +		<xsd:sequence> +			<xsd:element name="DataObject"> +				<xsd:complexType> +					<xsd:complexContent> +						<xsd:extension base="ContentOptionalRefType" /> +					</xsd:complexContent> +				</xsd:complexType> +			</xsd:element> +			<xsd:choice> +				<xsd:annotation> +					<xsd:documentation>Auswahl: Entweder explizite Angabe EINER +						Transformationskette inklusive ggf. sinnvoller Supplements oder +						Verweis auf ein benanntes Profil</xsd:documentation> +				</xsd:annotation> +				<xsd:element ref="CreateTransformsInfoProfile" /> +				<xsd:element name="CreateTransformsInfoProfileID" type="ProfileIdentifierType" /> +			</xsd:choice> +		</xsd:sequence> +		<xsd:attribute name="Structure" use="required"> +			<xsd:simpleType> +				<xsd:restriction base="xsd:string"> +					<xsd:enumeration value="detached" /> +					<xsd:enumeration value="enveloping" /> +				</xsd:restriction> +			</xsd:simpleType> +		</xsd:attribute> +	</xsd:complexType> +	<xsd:complexType name="TransformsInfoType"> +		<xsd:sequence> +			<xsd:element ref="dsig:Transforms" minOccurs="0" /> +			<xsd:element name="FinalDataMetaInfo" type="FinalDataMetaInfoType" /> +		</xsd:sequence> +	</xsd:complexType> +	<xsd:complexType name="XMLDataObjectAssociationType"> +		<xsd:sequence> +			<xsd:element name="MetaInfo" type="MetaInfoType" +				minOccurs="0" /> +			<xsd:element name="Content" type="ContentRequiredRefType" /> +		</xsd:sequence> +	</xsd:complexType> +	<xsd:complexType name="CMSDataObjectOptionalMetaType"> +		<xsd:sequence> +			<xsd:element name="MetaInfo" type="MetaInfoType" +				minOccurs="0" /> +			<xsd:element name="Content" type="CMSContentBaseType" /> +		</xsd:sequence> +	</xsd:complexType> +	<xsd:complexType name="CMSContentBaseType"> +		<xsd:complexContent> +			<xsd:restriction base="ContentOptionalRefType"> +				<xsd:choice minOccurs="0"> +					<xsd:element name="Base64Content" type="xsd:base64Binary" /> +				</xsd:choice> +			</xsd:restriction> +		</xsd:complexContent> +	</xsd:complexType> +	<xsd:complexType name="CheckResultType"> +		<xsd:sequence> +			<xsd:element name="Code" type="xsd:nonNegativeInteger" /> +			<xsd:element name="Info" type="AnyChildrenType" +				minOccurs="0" /> +		</xsd:sequence> +	</xsd:complexType> +	<xsd:complexType name="ReferencesCheckResultType"> +		<xsd:complexContent> +			<xsd:restriction base="CheckResultType"> +				<xsd:sequence> +					<xsd:element name="Code" type="xsd:nonNegativeInteger" /> +					<xsd:element name="Info" type="ReferencesCheckResultInfoType" +						minOccurs="0" /> +				</xsd:sequence> +			</xsd:restriction> +		</xsd:complexContent> +	</xsd:complexType> +	<xsd:complexType name="ReferencesCheckResultInfoType" +		mixed="true"> +		<xsd:complexContent mixed="true"> +			<xsd:restriction base="AnyChildrenType"> +				<xsd:sequence> +					<xsd:any namespace="##other" processContents="lax" +						minOccurs="0" maxOccurs="unbounded" /> +					<xsd:element name="FailedReference" type="xsd:positiveInteger" +						minOccurs="0" maxOccurs="unbounded" /> +				</xsd:sequence> +			</xsd:restriction> +		</xsd:complexContent> +	</xsd:complexType> +	<xsd:complexType name="ManifestRefsCheckResultType"> +		<xsd:complexContent> +			<xsd:restriction base="CheckResultType"> +				<xsd:sequence> +					<xsd:element name="Code" type="xsd:nonNegativeInteger" /> +					<xsd:element name="Info" type="ManifestRefsCheckResultInfoType" /> +				</xsd:sequence> +			</xsd:restriction> +		</xsd:complexContent> +	</xsd:complexType> +	<xsd:complexType name="ManifestRefsCheckResultInfoType" +		mixed="true"> +		<xsd:complexContent mixed="true"> +			<xsd:restriction base="AnyChildrenType"> +				<xsd:sequence> +					<xsd:any namespace="##other" processContents="lax" +						minOccurs="0" maxOccurs="unbounded" /> +					<xsd:element name="FailedReference" type="xsd:positiveInteger" +						minOccurs="0" maxOccurs="unbounded" /> +					<xsd:element name="ReferringSigReference" type="xsd:positiveInteger" /> +				</xsd:sequence> +			</xsd:restriction> +		</xsd:complexContent> +	</xsd:complexType> +	<!--########## Error Response ### --> +	<xsd:element name="ErrorResponse" type="ErrorResponseType"> +		<xsd:annotation> +			<xsd:documentation>Resultat, falls die Signaturerstellung gescheitert +				ist</xsd:documentation> +		</xsd:annotation> +	</xsd:element> +	<xsd:complexType name="ErrorResponseType"> +		<xsd:sequence> +			<xsd:element name="ErrorCode" type="xsd:integer" /> +			<xsd:element name="Info" type="xsd:string" /> +		</xsd:sequence> +	</xsd:complexType> +	<!--########## Auxiliary Types ### --> +	<xsd:simpleType name="KeyIdentifierType"> +		<xsd:restriction base="xsd:string" /> +	</xsd:simpleType> +	<xsd:simpleType name="KeyStorageType"> +		<xsd:restriction base="xsd:string"> +			<xsd:enumeration value="Software" /> +			<xsd:enumeration value="Hardware" /> +		</xsd:restriction> +	</xsd:simpleType> +	<xsd:simpleType name="MimeTypeType"> +		<xsd:restriction base="xsd:token" /> +	</xsd:simpleType> +	<xsd:complexType name="AnyChildrenType" mixed="true"> +		<xsd:sequence> +			<xsd:any namespace="##any" processContents="lax" minOccurs="0" +				maxOccurs="unbounded" /> +		</xsd:sequence> +	</xsd:complexType> +	<xsd:complexType name="XMLContentType" mixed="true"> +		<xsd:complexContent mixed="true"> +			<xsd:extension base="AnyChildrenType"> +				<xsd:attribute ref="xml:space" use="optional" /> +			</xsd:extension> +		</xsd:complexContent> +	</xsd:complexType> +	<xsd:complexType name="ContentBaseType"> +		<xsd:choice minOccurs="0"> +			<xsd:element name="Base64Content" type="xsd:base64Binary" /> +			<xsd:element name="XMLContent" type="XMLContentType" /> +			<xsd:element name="LocRefContent" type="xsd:anyURI" /> +		</xsd:choice> +	</xsd:complexType> +	<xsd:complexType name="ContentExLocRefBaseType"> +		<xsd:complexContent> +			<xsd:restriction base="ContentBaseType"> +				<xsd:choice minOccurs="0"> +					<xsd:element name="Base64Content" type="xsd:base64Binary" /> +					<xsd:element name="XMLContent" type="XMLContentType" /> +				</xsd:choice> +			</xsd:restriction> +		</xsd:complexContent> +	</xsd:complexType> +	<xsd:complexType name="ContentOptionalRefType"> +		<xsd:complexContent> +			<xsd:extension base="ContentBaseType"> +				<xsd:attribute name="Reference" type="xsd:anyURI" use="optional" /> +			</xsd:extension> +		</xsd:complexContent> +	</xsd:complexType> +	<xsd:complexType name="ContentRequiredRefType"> +		<xsd:complexContent> +			<xsd:restriction base="ContentOptionalRefType"> +				<xsd:choice minOccurs="0"> +					<xsd:element name="Base64Content" type="xsd:base64Binary" /> +					<xsd:element name="XMLContent" type="XMLContentType" /> +					<xsd:element name="LocRefContent" type="xsd:anyURI" /> +				</xsd:choice> +				<xsd:attribute name="Reference" type="xsd:anyURI" use="required" /> +			</xsd:restriction> +		</xsd:complexContent> +	</xsd:complexType> +	<xsd:complexType name="VerifyTransformsDataType"> +		<xsd:choice maxOccurs="unbounded"> +			<xsd:annotation> +				<xsd:documentation>Ein oder mehrere Transformationswege können von +					der Applikation an MOA mitgeteilt werden. Die zu prüfende Signatur +					hat zumindest einem dieser Transformationswege zu entsprechen. Die +					Angabe kann explizit oder als Profilbezeichner erfolgen. +				</xsd:documentation> +			</xsd:annotation> +			<xsd:element ref="VerifyTransformsInfoProfile" /> +			<xsd:element name="VerifyTransformsInfoProfileID" type="xsd:string"> +				<xsd:annotation> +					<xsd:documentation>Profilbezeichner für einen Transformationsweg +					</xsd:documentation> +				</xsd:annotation> +			</xsd:element> +		</xsd:choice> +	</xsd:complexType> +	<xsd:element name="QualifiedCertificate" /> +	<xsd:element name="PublicAuthority" type="PublicAuthorityType" /> +	<xsd:complexType name="PublicAuthorityType"> +		<xsd:sequence> +			<xsd:element name="Code" type="xsd:string" minOccurs="0" /> +		</xsd:sequence> +	</xsd:complexType> +	<xsd:simpleType name="SignatoriesType"> +		<xsd:union memberTypes="AllSignatoriesType"> +			<xsd:simpleType> +				<xsd:list itemType="xsd:positiveInteger" /> +			</xsd:simpleType> +		</xsd:union> +	</xsd:simpleType> +	<xsd:simpleType name="AllSignatoriesType"> +		<xsd:restriction base="xsd:string"> +			<xsd:enumeration value="all" /> +		</xsd:restriction> +	</xsd:simpleType> +	<xsd:complexType name="CreateSignatureLocationType"> +		<xsd:simpleContent> +			<xsd:extension base="xsd:token"> +				<xsd:attribute name="Index" type="xsd:nonNegativeInteger" +					use="required" /> +			</xsd:extension> +		</xsd:simpleContent> +	</xsd:complexType> +	<xsd:complexType name="TransformParameterType"> +		<xsd:choice minOccurs="0"> +			<xsd:annotation> +				<xsd:documentation>Die Angabe des Transformationsparameters +					(explizit oder als Hashwert) kann unterlassen werden, wenn die +					Applikation von der Unveränderlichkeit des Inhalts der in +					"Transformationsparamter", Attribut "URI" angegebenen URI ausgehen +					kann.</xsd:documentation> +			</xsd:annotation> +			<xsd:element name="Base64Content" type="xsd:base64Binary"> +				<xsd:annotation> +					<xsd:documentation>Der Transformationsparameter explizit angegeben. +					</xsd:documentation> +				</xsd:annotation> +			</xsd:element> +			<xsd:element name="Hash"> +				<xsd:annotation> +					<xsd:documentation>Der Hashwert des Transformationsparameters. +					</xsd:documentation> +				</xsd:annotation> +				<xsd:complexType> +					<xsd:sequence> +						<xsd:element ref="dsig:DigestMethod" /> +						<xsd:element ref="dsig:DigestValue" /> +					</xsd:sequence> +				</xsd:complexType> +			</xsd:element> +		</xsd:choice> +		<xsd:attribute name="URI" type="xsd:anyURI" use="required" /> +	</xsd:complexType> +	<xsd:element name="CreateSignatureEnvironmentProfile"> +		<xsd:complexType> +			<xsd:sequence> +				<xsd:element name="CreateSignatureLocation" type="CreateSignatureLocationType" /> +				<xsd:element name="Supplement" type="XMLDataObjectAssociationType" +					minOccurs="0" maxOccurs="unbounded" /> +			</xsd:sequence> +		</xsd:complexType> +	</xsd:element> +	<xsd:element name="VerifyTransformsInfoProfile"> +		<xsd:annotation> +			<xsd:documentation>Explizite Angabe des Transformationswegs +			</xsd:documentation> +		</xsd:annotation> +		<xsd:complexType> +			<xsd:sequence> +				<xsd:element ref="dsig:Transforms" minOccurs="0" /> +				<xsd:element name="TransformParameter" type="TransformParameterType" +					minOccurs="0" maxOccurs="unbounded"> +					<xsd:annotation> +						<xsd:documentation>Alle impliziten Transformationsparameter, die +							zum Durchlaufen der oben angeführten Transformationskette bekannt +							sein müssen, müssen hier angeführt werden. Das Attribut "URI" +							bezeichnet den Transformationsparameter in exakt jener Weise, wie +							er in der zu überprüfenden Signatur gebraucht wird. +						</xsd:documentation> +					</xsd:annotation> +				</xsd:element> +			</xsd:sequence> +		</xsd:complexType> +	</xsd:element> +	<xsd:element name="Supplement" type="XMLDataObjectAssociationType" /> +	<xsd:element name="SupplementProfile" type="XMLDataObjectAssociationType" /> +	<xsd:element name="CreateTransformsInfoProfile"> +		<xsd:complexType> +			<xsd:sequence> +				<xsd:element name="CreateTransformsInfo" type="TransformsInfoType" /> +				<xsd:element ref="Supplement" minOccurs="0" maxOccurs="unbounded" /> +			</xsd:sequence> +		</xsd:complexType> +	</xsd:element> +</xsd:schema> | 
