aboutsummaryrefslogtreecommitdiff
path: root/id/server
diff options
context:
space:
mode:
Diffstat (limited to 'id/server')
-rw-r--r--id/server/auth/pom.xml24
-rw-r--r--id/server/auth/src/main/resources/log4j.properties27
-rw-r--r--id/server/auth/src/main/webapp/Blockdiagramm.pngbin84989 -> 201953 bytes
-rw-r--r--id/server/auth/src/main/webapp/WEB-INF/urlrewrite.xml6
-rw-r--r--id/server/auth/src/main/webapp/anmeldeablauf.pngbin51580 -> 51158 bytes
-rw-r--r--id/server/auth/src/main/webapp/index.html6
-rw-r--r--id/server/auth/src/main/webapp/moa_errorcodes.html329
-rw-r--r--id/server/data/deploy/conf/moa-id-configuration/certs/certstore/0ED5CDAFA436F005D3F8351F242765C0B56DE4A3/60916A7AFE1F0EA965ECC9375BE974971B5DC1E6bin0 -> 1549 bytes
-rw-r--r--id/server/data/deploy/conf/moa-id-configuration/certs/certstore/1BC54FCD10AC931CD35BDBDCD622330B06FF615E/C200667FF6D7CD3CD371EB2FD6A8E741D5D3EA28bin0 -> 880 bytes
-rw-r--r--id/server/data/deploy/conf/moa-id-configuration/certs/certstore/238ACC1D03DA5A2E7E580D760FB3EE218FDC5A97/D3C063F219ED073E34AD5D750B327629FFD59AF2bin0 -> 979 bytes
-rw-r--r--id/server/data/deploy/conf/moa-id-configuration/certs/certstore/844A1479AD61EA2C122DA87572364FDB6EFF5F81/0BB438D6E2D13BE3FD8CF0807BD560D3CB5C4A98bin0 -> 1156 bytes
-rw-r--r--id/server/data/deploy/conf/moa-id-configuration/certs/certstore/88BBA52A5AF119284F03A7D0D1DA61934EE57A79/FE4F09F5D1A4AADE9232D9E2D6B9A2552BC48A22bin0 -> 1147 bytes
-rw-r--r--id/server/data/deploy/conf/moa-id-configuration/certs/certstore/C15B362B586F7D6FE99A08C386E6DEAC7C0B93BC/BECE82B2F908174E2379652769C6942AF1F0CC5Ebin0 -> 982 bytes
-rw-r--r--id/server/data/deploy/conf/moa-id-configuration/certs/truststore/A-Trust-nQual-03.crt23
-rw-r--r--id/server/data/deploy/conf/moa-id-configuration/certs/truststore/IAIKTestRootCA.crt21
-rw-r--r--id/server/data/deploy/conf/moa-id-configuration/keys/application[password].p12 (renamed from id/server/data/deploy/conf/moa-id-configuration/keys/moa_idp.p12)bin7885 -> 7885 bytes
-rw-r--r--id/server/data/deploy/conf/moa-id-configuration/keys/moa_idp.crt24
-rw-r--r--id/server/data/deploy/conf/moa-id-configuration/keys/request.crt (renamed from id/server/data/deploy/conf/moa-id-configuration/keys/assertion.crt)0
-rw-r--r--id/server/data/deploy/conf/moa-id-configuration/moa-id-configtool.properties10
-rw-r--r--id/server/data/deploy/conf/moa-id-oa/keys/application[password].p12 (renamed from id/server/data/deploy/conf/moa-id-oa/keys/moa_idp.p12)bin7885 -> 7885 bytes
-rw-r--r--id/server/data/deploy/conf/moa-id-oa/keys/moa_idp.crt24
-rw-r--r--id/server/data/deploy/conf/moa-id-oa/oa.properties11
-rw-r--r--id/server/data/deploy/conf/moa-id/keys/moa_idp[password].p12bin0 -> 5346 bytes
-rw-r--r--id/server/data/deploy/conf/moa-id/moa-id.properties13
-rw-r--r--id/server/doc/conf/Catalina/localhost/proxy.xml25
-rw-r--r--id/server/doc/conf/moa-id-configuration/htmlTemplates/loginFormFull.html846
-rw-r--r--id/server/doc/conf/moa-id-configuration/htmlTemplates/sendAssertionFormFull.html617
-rw-r--r--id/server/doc/conf/moa-id-configuration/keys/assertion.crt24
-rw-r--r--id/server/doc/conf/moa-id-configuration/keys/encryption.crt (renamed from id/server/data/deploy/conf/moa-id/keys/encryption.crt)0
-rw-r--r--id/server/doc/conf/moa-id-configuration/keys/metadata.crt24
-rw-r--r--id/server/doc/conf/moa-id-configuration/keys/moa_idp[password].p12 (renamed from id/server/data/deploy/conf/moa-id/keys/moa_idp.p12)bin7885 -> 7885 bytes
-rw-r--r--id/server/doc/conf/moa-id-configuration/mail/activation_template.html39
-rw-r--r--id/server/doc/conf/moa-id-configuration/mail/admin_template.html40
-rw-r--r--id/server/doc/conf/moa-id-configuration/mail/oa_activation_template.html37
-rw-r--r--id/server/doc/conf/moa-id-configuration/mail/rejected_template.html37
-rw-r--r--id/server/doc/conf/moa-id-configuration/mail/verification_template.html43
-rw-r--r--id/server/doc/conf/moa-id-configuration/moa-id-configtool.properties77
-rw-r--r--id/server/doc/conf/moa-id-configuration/transforms/TransformsInfoAuthBlockTable_DE_2.0.xml7
-rw-r--r--id/server/doc/conf/moa-id-oa/keys/application[password].p12bin0 -> 7885 bytes
-rw-r--r--id/server/doc/conf/moa-id-oa/keys/assertion.crt24
-rw-r--r--id/server/doc/conf/moa-id-oa/keys/encryption.crt24
-rw-r--r--id/server/doc/conf/moa-id-oa/keys/metadata.crt24
-rw-r--r--id/server/doc/conf/moa-id-oa/oa.properties21
-rw-r--r--id/server/doc/conf/moa-id-proxy/MOAIDConfiguration.xml67
-rw-r--r--id/server/doc/conf/moa-id-proxy/errorpages/errorpage-auth_debug.jsp53
-rw-r--r--id/server/doc/conf/moa-id-proxy/errorpages/errorpage-auth_empty.jsp13
-rw-r--r--id/server/doc/conf/moa-id-proxy/errorpages/errorpage-proxy_debug.jsp53
-rw-r--r--id/server/doc/conf/moa-id-proxy/errorpages/errorpage-proxy_empty.jsp13
-rw-r--r--id/server/doc/conf/moa-id/MOAIdentities.xsd59
-rw-r--r--id/server/doc/conf/moa-id/SampleIdentities.xml34
-rw-r--r--id/server/doc/conf/moa-id/certs/ca-certs/A-Trust-nQual-03.cerbin0 -> 979 bytes
-rw-r--r--id/server/doc/conf/moa-id/certs/ca-certs/a-sign-SSL-03.cerbin0 -> 1147 bytes
-rw-r--r--id/server/doc/conf/moa-id/certs/ca-certs/gateway.stammzahlenregister.gv.at.cerbin0 -> 1356 bytes
-rw-r--r--id/server/doc/conf/moa-id/certs/ca-certs/szrgw.egiz.gv.at.crt33
-rw-r--r--id/server/doc/conf/moa-id/htmlTemplates/loginFormFull.html846
-rw-r--r--id/server/doc/conf/moa-id/htmlTemplates/sendAssertionFormFull.html617
-rw-r--r--id/server/doc/conf/moa-id/keys/assertion.crt24
-rw-r--r--id/server/doc/conf/moa-id/keys/encryption.crt24
-rw-r--r--id/server/doc/conf/moa-id/keys/metadata.crt24
-rw-r--r--id/server/doc/conf/moa-id/keys/moa_idp[password].p12bin0 -> 7885 bytes
-rw-r--r--id/server/doc/conf/moa-id/keys/storkDemoKeys.jksbin0 -> 9023 bytes
-rw-r--r--id/server/doc/conf/moa-id/log4j.properties27
-rw-r--r--id/server/doc/conf/moa-id/moa-id.properties117
-rw-r--r--id/server/doc/conf/moa-id/monitoring/MOA-ID-Auth_Monitoring.crt18
-rw-r--r--id/server/doc/conf/moa-id/monitoring/monitoring_idl.xml87
-rw-r--r--id/server/doc/conf/moa-id/oa/BasicOAConfiguration.xml9
-rw-r--r--id/server/doc/conf/moa-id/oa/HeaderOAConfiguration.xml10
-rw-r--r--id/server/doc/conf/moa-id/oa/ParamOAConfiguration.xml10
-rw-r--r--id/server/doc/conf/moa-id/oa/SampleOAConfiguration.xml9
-rw-r--r--id/server/doc/conf/moa-id/oa/SamplewbPKOAConfiguration.xml9
-rw-r--r--id/server/doc/conf/moa-id/stork/SamlEngine.xml70
-rw-r--r--id/server/doc/conf/moa-id/stork/SignModule_incoming.xml12
-rw-r--r--id/server/doc/conf/moa-id/stork/SignModule_incoming_attr.xml12
-rw-r--r--id/server/doc/conf/moa-id/stork/SignModule_outgoing.xml12
-rw-r--r--id/server/doc/conf/moa-id/stork/StorkSamlEngine_VIDP.xml94
-rw-r--r--id/server/doc/conf/moa-id/stork/StorkSamlEngine_incoming.xml94
-rw-r--r--id/server/doc/conf/moa-id/stork/StorkSamlEngine_incoming_attr.xml94
-rw-r--r--id/server/doc/conf/moa-id/stork/StorkSamlEngine_outgoing.xml94
-rw-r--r--id/server/doc/conf/moa-id/stork/storkDemoKeysPT.jksbin0 -> 3013 bytes
-rw-r--r--id/server/doc/conf/moa-id/stork/storkDemoKeys_minividp_old.jksbin0 -> 4592 bytes
-rw-r--r--id/server/doc/conf/moa-id/transforms/TransformsInfoAuthBlockTable_DE.xml161
-rw-r--r--id/server/doc/conf/moa-id/transforms/TransformsInfoAuthBlockTable_DE_2.0.xml7
-rw-r--r--id/server/doc/conf/moa-id/transforms/TransformsInfoAuthBlockTable_EN.xml161
-rw-r--r--id/server/doc/conf/moa-spss/SampleMOASPSSConfiguration.xml83
-rw-r--r--id/server/doc/conf/moa-spss/certstore/01540E2704537AA810D671E1C4106FD8821EB52A/C2556DADDF68A9EEF7F5C14A24CA33BCA930B201bin0 -> 1385 bytes
-rw-r--r--id/server/doc/conf/moa-spss/certstore/0A5C2C9276B649D088A86BD9FD97E2B95658481D/08CAE18D8CFF86144CB8FFD671B916CAAB8BD4E9bin0 -> 991 bytes
-rw-r--r--id/server/doc/conf/moa-spss/certstore/10D143E18C03A4A29F783D26F2F67E3B64C35CB0/BE9D654B0DE0F3CC53CA36703DD9D9049A5F9330bin0 -> 995 bytes
-rw-r--r--id/server/doc/conf/moa-spss/certstore/238ACC1D03DA5A2E7E580D760FB3EE218FDC5A97/D3C063F219ED073E34AD5D750B327629FFD59AF2bin0 -> 979 bytes
-rw-r--r--id/server/doc/conf/moa-spss/certstore/31B5BA02D476873C5220CDCFA0C095C4A31DEFDF/88D6151358A5E3C81D7AE1A536121DC03011BC03bin0 -> 1205 bytes
-rw-r--r--id/server/doc/conf/moa-spss/certstore/328AA897B7E6270202B2FC0889FF88D66BB41122/35A40EF932B1F23980E2C672FC939E91EEBD0317bin0 -> 1262 bytes
-rw-r--r--id/server/doc/conf/moa-spss/certstore/3314CE3E42175EACC28D57C35F192430BBADAC1A/B1D0BC027906A3B7E7518C93ACB26D978233ED27bin0 -> 1171 bytes
-rw-r--r--id/server/doc/conf/moa-spss/certstore/47ED4C584F9DCD54A6C2925252C5603ADAC93F49/84E4E75DBB2FD6397E6ABBD27FBE16D5BA71923Ebin0 -> 1747 bytes
-rw-r--r--id/server/doc/conf/moa-spss/certstore/68AF646E90A6FF370230F64ACD4E8A4F12C03916/CA80A13D41116E24CB1479E970CDC1C030C5907Cbin0 -> 1272 bytes
-rw-r--r--id/server/doc/conf/moa-spss/certstore/6F5F08A3A5D59CA877CB146F00BB0264369B2304/7A2CFA69FCA284D4627012A7A55662594C803B2Abin0 -> 901 bytes
-rw-r--r--id/server/doc/conf/moa-spss/certstore/6F5F08A3A5D59CA877CB146F00BB0264369B2304/ADEC5673B57A18F16EFAF75EEFBFAD4841E2CD2Bbin0 -> 901 bytes
-rw-r--r--id/server/doc/conf/moa-spss/certstore/88BBA52A5AF119284F03A7D0D1DA61934EE57A79/FE4F09F5D1A4AADE9232D9E2D6B9A2552BC48A22bin0 -> 1147 bytes
-rw-r--r--id/server/doc/conf/moa-spss/certstore/9014D44A2072A5D74E12C7FE47F37D68371E1C42/679A4F81FC705DDEC419778DD2EBD875F4C242C6bin0 -> 975 bytes
-rw-r--r--id/server/doc/conf/moa-spss/certstore/9014D44A2072A5D74E12C7FE47F37D68371E1C42/82096E6D9B1248321625323D52858642CB0B748Ebin0 -> 975 bytes
-rw-r--r--id/server/doc/conf/moa-spss/certstore/A95F0C3FA54CA93E3D5BA61AD23459300FA498D6/D4D1370FD1D9EAA46412008FF3E59E114BCF724Abin0 -> 1111 bytes
-rw-r--r--id/server/doc/conf/moa-spss/certstore/A95F0C3FA54CA93E3D5BA61AD23459300FA498D6/DFA7DDEF5C212F0F0651E2A9DE1CE4A1AC63AF7Abin0 -> 1110 bytes
-rw-r--r--id/server/doc/conf/moa-spss/certstore/A95F0C3FA54CA93E3D5BA61AD23459300FA498D6/E619D25B380B7B13FDA33E8A58CD82D8A88E0515bin0 -> 1111 bytes
-rw-r--r--id/server/doc/conf/moa-spss/certstore/A95F0C3FA54CA93E3D5BA61AD23459300FA498D6/F825578F8F5484DFB40F81867C392D6CB0012B92bin0 -> 1110 bytes
-rw-r--r--id/server/doc/conf/moa-spss/certstore/AC1B67D7D5A300767C0944ACE8458DD49960F1BD/4D523730501ADB80A76B0B473A4D21C7D86F8374bin0 -> 1167 bytes
-rw-r--r--id/server/doc/conf/moa-spss/certstore/AF03510E8BCAE72BB7C4E9D1910B4E12057075A4/7AC3EFA52DE27A930EC8754DB5E061476948E914bin0 -> 1028 bytes
-rw-r--r--id/server/doc/conf/moa-spss/certstore/BF375B55D8D7CFC31FD8E3FBF7B1981A91A1A6CA/42EFDDE6BFF35ED0BAE6ACDD204C50AE86C4F4FAbin0 -> 975 bytes
-rw-r--r--id/server/doc/conf/moa-spss/certstore/BF375B55D8D7CFC31FD8E3FBF7B1981A91A1A6CA/51C01567BCB22968EF5A297B7EA84E195594E0E8bin0 -> 975 bytes
-rw-r--r--id/server/doc/conf/moa-spss/certstore/CC93161E57C3898635E1D086008BD053F542457F/7D60E314AA6AEF548A614A9354C5068192051A29bin0 -> 2278 bytes
-rw-r--r--id/server/doc/conf/moa-spss/certstore/E47BA33321A8A919414A123C91F5D253766AB078/698563ECEE29232C5304487D972310F86650C3A6bin0 -> 1185 bytes
-rw-r--r--id/server/doc/conf/moa-spss/certstore/toBeAdded/A-Trust-Root-05.20130923-20230920.SerNoFCDB4.cerbin0 -> 1485 bytes
-rw-r--r--id/server/doc/conf/moa-spss/certstore/toBeAdded/A-Trust-nQual-03.20050817-20150817.SerNo016c1e.cerbin0 -> 979 bytes
-rw-r--r--id/server/doc/conf/moa-spss/certstore/toBeAdded/a-sign-SSL-03.cerbin0 -> 1147 bytes
-rw-r--r--id/server/doc/conf/moa-spss/certstore/toBeAdded/atrust_OCSP_Responder_03-1.crtbin0 -> 1185 bytes
-rw-r--r--id/server/doc/conf/moa-spss/profiles/MOAIDTransformAuthBlockTable_DE.xml159
-rw-r--r--id/server/doc/conf/moa-spss/profiles/MOAIDTransformAuthBlockTable_DE_2.0.xml7
-rw-r--r--id/server/doc/conf/moa-spss/profiles/MOAIDTransformAuthBlockTable_EN.xml159
-rw-r--r--id/server/doc/conf/moa-spss/sslKeys/customer1/moa-ssl-kunde1.derbin0 -> 1076 bytes
-rw-r--r--id/server/doc/conf/moa-spss/sslKeys/customer1/moa-ssl-kunde1[pwd=kunde1].p12bin0 -> 4893 bytes
-rw-r--r--id/server/doc/conf/moa-spss/sslKeys/customer1/trustedServers[pwd=servers].keystorebin0 -> 1202 bytes
-rw-r--r--id/server/doc/conf/moa-spss/sslKeys/customer2/moa-ssl-kunde2.derbin0 -> 1076 bytes
-rw-r--r--id/server/doc/conf/moa-spss/sslKeys/customer2/moa-ssl-kunde2[pwd=kunde2].p12bin0 -> 4893 bytes
-rw-r--r--id/server/doc/conf/moa-spss/sslKeys/customer2/trustedServers[pwd=servers].keystorebin0 -> 1202 bytes
-rw-r--r--id/server/doc/conf/moa-spss/sslKeys/server/moa-ssl-server.derbin0 -> 1115 bytes
-rw-r--r--id/server/doc/conf/moa-spss/sslKeys/tomcat/tomcat[pwd=server].keystorebin0 -> 4481 bytes
-rw-r--r--id/server/doc/conf/moa-spss/sslKeys/tomcat/trustedClients[pwd=clients].keystorebin0 -> 1078 bytes
-rw-r--r--id/server/doc/conf/moa-spss/trustProfiles/C-PEPS-Test/ES_C-PEPS_Test.cer16
-rw-r--r--id/server/doc/conf/moa-spss/trustProfiles/C-PEPS-Test/IT_C-PEPS_Test.cer21
-rw-r--r--id/server/doc/conf/moa-spss/trustProfiles/C-PEPS-Test/PT_C-PEPS_Test.cer32
-rw-r--r--id/server/doc/conf/moa-spss/trustProfiles/C-PEPS-Test/SI_C-PEPS_Test.cer31
-rw-r--r--id/server/doc/conf/moa-spss/trustProfiles/C-PEPS/ES_C-PEPS.cer43
-rw-r--r--id/server/doc/conf/moa-spss/trustProfiles/C-PEPS/IT_C-PEPS.cer21
-rw-r--r--id/server/doc/conf/moa-spss/trustProfiles/C-PEPS/PT_C-PEPS.cer33
-rw-r--r--id/server/doc/conf/moa-spss/trustProfiles/C-PEPS/SI_C-PEPS.cer31
-rw-r--r--id/server/doc/conf/moa-spss/trustProfiles/MOAIDBuergerkarteAuthentisierungsDatenMitTestkarten/A-Trust-Qual-01.20011130-20041130.SerNo01f6(SecureSignatureKeypair).cerbin0 -> 901 bytes
-rw-r--r--id/server/doc/conf/moa-spss/trustProfiles/MOAIDBuergerkarteAuthentisierungsDatenMitTestkarten/A-Trust-Qual-01.20011215-20041215.SerNo021e(SecureSignatureKeypair).cerbin0 -> 901 bytes
-rw-r--r--id/server/doc/conf/moa-spss/trustProfiles/MOAIDBuergerkarteAuthentisierungsDatenMitTestkarten/A-Trust-Qual-01.20020207-20050207.SerNo0291(SecureSignatureKeypair).cerbin0 -> 1110 bytes
-rw-r--r--id/server/doc/conf/moa-spss/trustProfiles/MOAIDBuergerkarteAuthentisierungsDatenMitTestkarten/A-Trust-Qual-01.20020207-20050207.SerNo210d(SecureSignatureKeypair).cerbin0 -> 1110 bytes
-rw-r--r--id/server/doc/conf/moa-spss/trustProfiles/MOAIDBuergerkarteAuthentisierungsDatenMitTestkarten/A-Trust-Qual-01.20041201-20141201.SerNoE243(SecureSignatureKeypair).cerbin0 -> 1111 bytes
-rw-r--r--id/server/doc/conf/moa-spss/trustProfiles/MOAIDBuergerkarteAuthentisierungsDatenMitTestkarten/A-Trust-Qual-01b.20041201-20141201.SerNo01C854.cerbin0 -> 1111 bytes
-rw-r--r--id/server/doc/conf/moa-spss/trustProfiles/MOAIDBuergerkarteAuthentisierungsDatenMitTestkarten/A-Trust-Qual-02.20041203-20141203.SerNoE248(SecureSignatureKeypair).cerbin0 -> 975 bytes
-rw-r--r--id/server/doc/conf/moa-spss/trustProfiles/MOAIDBuergerkarteAuthentisierungsDatenMitTestkarten/A-Trust-Qual-02b.20041203-20141203.SerNo01C857.cerbin0 -> 975 bytes
-rw-r--r--id/server/doc/conf/moa-spss/trustProfiles/MOAIDBuergerkarteAuthentisierungsDatenMitTestkarten/A-Trust-Qual-03.20080425-20180425.SerNoe694(SecureSignatureKeypair).cerbin0 -> 975 bytes
-rw-r--r--id/server/doc/conf/moa-spss/trustProfiles/MOAIDBuergerkarteAuthentisierungsDatenMitTestkarten/A-Trust-Qual-03b.20080424-20180424.SerNo041D14.cerbin0 -> 975 bytes
-rw-r--r--id/server/doc/conf/moa-spss/trustProfiles/MOAIDBuergerkarteAuthentisierungsDatenMitTestkarten/A-Trust-Root-05.20130923-20230920.SerNoFCDB4.cerbin0 -> 1485 bytes
-rw-r--r--id/server/doc/conf/moa-spss/trustProfiles/MOAIDBuergerkarteAuthentisierungsDatenMitTestkarten/A-Trust-nQual-03.20050817-20150817.SerNo016c1e.cerbin0 -> 979 bytes
-rw-r--r--id/server/doc/conf/moa-spss/trustProfiles/MOAIDBuergerkarteAuthentisierungsDatenMitTestkarten/C=AT,O=Hauptverband oesterr. Sozialvers.,CN=Root-CA 1-2045.derbin0 -> 1747 bytes
-rw-r--r--id/server/doc/conf/moa-spss/trustProfiles/MOAIDBuergerkarteAuthentisierungsDatenMitTestkarten/EGIZ_Test_CA_-_User.20070829-20140101.SerNo00.cerbin0 -> 1262 bytes
-rw-r--r--id/server/doc/conf/moa-spss/trustProfiles/MOAIDBuergerkarteAuthentisierungsDatenMitTestkarten/a-sign-Premium-Test-Sig-02.20041227-20141201.SerNo00b5ac.cerbin0 -> 1028 bytes
-rw-r--r--id/server/doc/conf/moa-spss/trustProfiles/MOAIDBuergerkarteAuthentisierungsDatenMitTestkarten/a-sign-TEST-Qual-01a.20041117-20141117.SerNo00da88.cerbin0 -> 991 bytes
-rw-r--r--id/server/doc/conf/moa-spss/trustProfiles/MOAIDBuergerkarteAuthentisierungsDatenMitTestkarten/a-sign-TEST-nQual-01a.20041117-20080630.SerNo00da8b.cerbin0 -> 995 bytes
-rw-r--r--id/server/doc/conf/moa-spss/trustProfiles/MOAIDBuergerkarteAuthentisierungsDatenOhneTestkarten/A-Trust-Qual-01.20011130-20041130.SerNo01f6(SecureSignatureKeypair).cerbin0 -> 901 bytes
-rw-r--r--id/server/doc/conf/moa-spss/trustProfiles/MOAIDBuergerkarteAuthentisierungsDatenOhneTestkarten/A-Trust-Qual-01.20011215-20041215.SerNo021e(SecureSignatureKeypair).cerbin0 -> 901 bytes
-rw-r--r--id/server/doc/conf/moa-spss/trustProfiles/MOAIDBuergerkarteAuthentisierungsDatenOhneTestkarten/A-Trust-Qual-01.20020207-20050207.SerNo0291(SecureSignatureKeypair).cerbin0 -> 1110 bytes
-rw-r--r--id/server/doc/conf/moa-spss/trustProfiles/MOAIDBuergerkarteAuthentisierungsDatenOhneTestkarten/A-Trust-Qual-01.20020207-20050207.SerNo210d(SecureSignatureKeypair).cerbin0 -> 1110 bytes
-rw-r--r--id/server/doc/conf/moa-spss/trustProfiles/MOAIDBuergerkarteAuthentisierungsDatenOhneTestkarten/A-Trust-Qual-01.20041201-20141201.SerNoE243(SecureSignatureKeypair).cerbin0 -> 1111 bytes
-rw-r--r--id/server/doc/conf/moa-spss/trustProfiles/MOAIDBuergerkarteAuthentisierungsDatenOhneTestkarten/A-Trust-Qual-01b.20041201-20141201.SerNo01C854.cerbin0 -> 1111 bytes
-rw-r--r--id/server/doc/conf/moa-spss/trustProfiles/MOAIDBuergerkarteAuthentisierungsDatenOhneTestkarten/A-Trust-Qual-02.20041203-20141203.SerNoE248(SecureSignatureKeypair).cerbin0 -> 975 bytes
-rw-r--r--id/server/doc/conf/moa-spss/trustProfiles/MOAIDBuergerkarteAuthentisierungsDatenOhneTestkarten/A-Trust-Qual-02b.20041203-20141203.SerNo01C857.cerbin0 -> 975 bytes
-rw-r--r--id/server/doc/conf/moa-spss/trustProfiles/MOAIDBuergerkarteAuthentisierungsDatenOhneTestkarten/A-Trust-Qual-03.20080425-20180425.SerNoe694(SecureSignatureKeypair).cerbin0 -> 975 bytes
-rw-r--r--id/server/doc/conf/moa-spss/trustProfiles/MOAIDBuergerkarteAuthentisierungsDatenOhneTestkarten/A-Trust-Qual-03b.20080424-20180424.SerNo041D14.cerbin0 -> 975 bytes
-rw-r--r--id/server/doc/conf/moa-spss/trustProfiles/MOAIDBuergerkarteAuthentisierungsDatenOhneTestkarten/A-Trust-Root-05.20130923-20230920.SerNoFCDB4.cerbin0 -> 1485 bytes
-rw-r--r--id/server/doc/conf/moa-spss/trustProfiles/MOAIDBuergerkarteAuthentisierungsDatenOhneTestkarten/A-Trust-nQual-03.20050817-20150817.SerNo016c1e.cerbin0 -> 979 bytes
-rw-r--r--id/server/doc/conf/moa-spss/trustProfiles/MOAIDBuergerkarteAuthentisierungsDatenOhneTestkarten/C=AT,O=Hauptverband oesterr. Sozialvers.,CN=Root-CA 1-2045.derbin0 -> 1747 bytes
-rw-r--r--id/server/doc/conf/moa-spss/trustProfiles/MOAIDBuergerkartePersonenbindungMitTestkarten/A-CERT-GOVERNMENT-20090505-20360918.SerNo0E.cerbin0 -> 2278 bytes
-rw-r--r--id/server/doc/conf/moa-spss/trustProfiles/MOAIDBuergerkartePersonenbindungMitTestkarten/A-Trust-nQual-03.20050817-20150817.SerNo016c1e.cerbin0 -> 979 bytes
-rw-r--r--id/server/doc/conf/moa-spss/trustProfiles/MOAIDBuergerkartePersonenbindungMitTestkarten/EGIZ_Test_CA_-_Signaturdienst.20070829-20140101.SerNo02.cerbin0 -> 1272 bytes
-rw-r--r--id/server/doc/conf/moa-spss/trustProfiles/MOAIDBuergerkartePersonenbindungMitTestkarten/Nikolaus_Schwab.20040219-20070219.SerNo5C39.cerbin0 -> 1205 bytes
-rw-r--r--id/server/doc/conf/moa-spss/trustProfiles/MOAIDBuergerkartePersonenbindungMitTestkarten/Waltraut_Kotschy.20070119-20120119.SerNo02DE1C.cerbin0 -> 1385 bytes
-rw-r--r--id/server/doc/conf/moa-spss/trustProfiles/MOAIDBuergerkartePersonenbindungMitTestkarten/a-sign-corporate-light-02.cerbin0 -> 1167 bytes
-rw-r--r--id/server/doc/conf/moa-spss/trustProfiles/MOAIDBuergerkartePersonenbindungMitTestkarten/a-sign-corporate-light-03-20051114-20151114.SerNo01AAED.cerbin0 -> 1171 bytes
-rw-r--r--id/server/doc/conf/moa-spss/trustProfiles/MOAIDBuergerkartePersonenbindungOhneTestkarten/A-CERT-GOVERNMENT-20090505-20360918.SerNo0E.cerbin0 -> 2278 bytes
-rw-r--r--id/server/doc/conf/moa-spss/trustProfiles/MOAIDBuergerkartePersonenbindungOhneTestkarten/A-Trust-nQual-03.20050817-20150817.SerNo016c1e.cerbin0 -> 979 bytes
-rw-r--r--id/server/doc/conf/moa-spss/trustProfiles/MOAIDBuergerkartePersonenbindungOhneTestkarten/Nikolaus_Schwab.20040219-20070219.SerNo5C39.cerbin0 -> 1205 bytes
-rw-r--r--id/server/doc/conf/moa-spss/trustProfiles/MOAIDBuergerkartePersonenbindungOhneTestkarten/Waltraut_Kotschy.20070119-20120119.SerNo02DE1C.cerbin0 -> 1385 bytes
-rw-r--r--id/server/doc/conf/moa-spss/trustProfiles/MOAIDBuergerkartePersonenbindungOhneTestkarten/a-sign-corporate-light-02.cerbin0 -> 1167 bytes
-rw-r--r--id/server/doc/conf/moa-spss/trustProfiles/MOAIDBuergerkartePersonenbindungOhneTestkarten/a-sign-corporate-light-03-20051114-20151114.SerNo01AAED.cerbin0 -> 1171 bytes
-rw-r--r--id/server/doc/handbook/application/application.html24
-rw-r--r--id/server/doc/handbook/config/config.html134
-rw-r--r--id/server/doc/handbook/index.html4
-rw-r--r--id/server/doc/handbook/install/install.html10
-rw-r--r--id/server/doc/handbook/interfederation/interfederation.html73
-rw-r--r--id/server/doc/handbook/intro/Blockdiagramm.pngbin84989 -> 201953 bytes
-rw-r--r--id/server/doc/handbook/intro/anmeldeablauf.pngbin51580 -> 51158 bytes
-rw-r--r--id/server/doc/handbook/intro/intro.html6
-rw-r--r--id/server/doc/handbook/protocol/protocol.html379
-rw-r--r--id/server/idserverlib/pom.xml69
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/advancedlogging/StatisticLogger.java66
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/AuthenticationServer.java384
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/MOAIDAuthConstants.java2
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/AuthenticationBlockAssertionBuilder.java12
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/AuthenticationDataAssertionBuilder.java6
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/AuthenticationDataBuilder.java628
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/DynamicOAAuthParameterBuilder.java109
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/GetIdentityLinkFormBuilder.java4
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/LoginFormBuilder.java7
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/data/AuthenticationSession.java77
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/exception/BKUException.java10
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/exception/DynamicOABuildException.java40
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/exception/InvalidProtocolRequestException.java44
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/exception/MISSimpleClientException.java9
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/parser/IdentityLinkAssertionParser.java2
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/AuthServlet.java6
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/GetForeignIDServlet.java3
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/GetMISSessionIDServlet.java11
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/LogOutServlet.java6
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/RedirectServlet.java85
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/SSOSendAssertionServlet.java4
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/VerifyAuthenticationBlockServlet.java88
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/stork/STORKResponseProcessor.java24
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/validator/CreateXMLSignatureResponseValidator.java4
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/validator/VerifyXMLSignatureResponseValidator.java9
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/validator/parep/ParepUtils.java42
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/client/SZRGWClient.java4
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/client/SZRGWClientException.java39
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/ConfigurationProvider.java20
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/OAParameter.java15
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/auth/AuthConfigurationProvider.java19
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/auth/IOAAuthParameters.java148
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/auth/OAAuthParameter.java166
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/auth/data/DynamicOAAuthParameters.java386
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/data/AuthenticationData.java1070
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/data/IAuthData.java86
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/data/SLOInformationContainer.java155
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/data/SLOInformationImpl.java156
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/data/SLOInformationInterface.java63
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/entrypoints/DispatcherServlet.java126
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/moduls/AuthenticationManager.java228
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/moduls/IAction.java6
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/moduls/IRequest.java11
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/moduls/RequestImpl.java49
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/moduls/SSOManager.java184
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/monitoring/IdentityLinkTestModule.java8
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/monitoring/TestManager.java3
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/oauth20/OAuth20Configuration.java5
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/oauth20/OAuth20Constants.java2
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/oauth20/attributes/OAuth20AttributeBuilder.java80
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/oauth20/attributes/OpenIdAuthenticationTimeAttribute.java7
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/oauth20/attributes/OpenIdExpirationTimeAttribute.java5
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/oauth20/attributes/OpenIdIssueInstantAttribute.java5
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/oauth20/attributes/OpenIdIssuerAttribute.java5
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/oauth20/attributes/OpenIdSubjectIdentifierAttribute.java5
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/oauth20/attributes/ProfileDateOfBirthAttribute.java7
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/oauth20/attributes/ProfileFamilyNameAttribute.java5
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/oauth20/attributes/ProfileGivenNameAttribute.java5
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/oauth20/exceptions/OAuth20OANotSupportedException.java44
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/oauth20/exceptions/OAuth20ServerErrorException.java2
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/oauth20/protocol/OAuth20AuthAction.java39
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/oauth20/protocol/OAuth20AuthRequest.java56
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/oauth20/protocol/OAuth20BaseRequest.java3
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/oauth20/protocol/OAuth20Protocol.java31
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/oauth20/protocol/OAuth20TokenAction.java7
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/oauth20/protocol/OAuth20TokenRequest.java12
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/AttributQueryAction.java178
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/AuthenticationAction.java16
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/MetadataAction.java350
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/PVP2XProtocol.java467
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/PVPConstants.java4
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/PVPTargetConfiguration.java92
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/SingleLogOutAction.java361
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/binding/ArtifactBinding.java15
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/binding/IDecoder.java11
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/binding/IEncoder.java2
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/binding/MOAURICompare.java19
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/binding/PostBinding.java124
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/binding/RedirectBinding.java144
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/binding/SoapBinding.java55
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/AttributQueryBuilder.java185
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/AuthResponseBuilder.java152
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/PVPAttributeBuilder.java25
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/SingleLogOutBuilder.java186
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/assertion/PVP2AssertionBuilder.java204
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/attributes/BPKAttributeBuilder.java5
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/attributes/BirthdateAttributeBuilder.java40
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/attributes/EIDAuthBlock.java7
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/attributes/EIDCcsURL.java7
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/attributes/EIDCitizenQAALevelAttributeBuilder.java14
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/attributes/EIDIdentityLinkBuilder.java35
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/attributes/EIDIssuingNationAttributeBuilder.java39
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/attributes/EIDSTORKTOKEN.java22
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/attributes/EIDSectorForIDAttributeBuilder.java5
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/attributes/EIDSignerCertificate.java7
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/attributes/EIDSourcePIN.java8
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/attributes/EIDSourcePINType.java5
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/attributes/GivenNameAttributeBuilder.java7
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/attributes/IAttributeBuilder.java5
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/attributes/MandateFullMandateAttributeBuilder.java9
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/attributes/MandateLegalPersonFullNameAttributeBuilder.java9
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/attributes/MandateLegalPersonSourcePinAttributeBuilder.java9
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/attributes/MandateLegalPersonSourcePinTypeAttributeBuilder.java9
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/attributes/MandateNaturalPersonBPKAttributeBuilder.java16
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/attributes/MandateNaturalPersonBirthDateAttributeBuilder.java9
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/attributes/MandateNaturalPersonFamilyNameAttributeBuilder.java9
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/attributes/MandateNaturalPersonGivenNameAttributeBuilder.java9
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/attributes/MandateNaturalPersonSourcePinAttributeBuilder.java16
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/attributes/MandateNaturalPersonSourcePinTypeAttributeBuilder.java14
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/attributes/MandateProfRepDescAttributeBuilder.java30
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/attributes/MandateProfRepOIDAttributeBuilder.java28
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/attributes/MandateReferenceValueAttributeBuilder.java9
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/attributes/MandateTypeAttributeBuilder.java9
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/attributes/PVPVersionAttributeBuilder.java5
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/attributes/PrincipalNameAttributeBuilder.java7
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/attributes/STORKAdoptedFamilyNameAttributBuilder.java7
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/attributes/STORKAgeAttributBuilder.java7
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/attributes/STORKAttributHelper.java3
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/attributes/STORKCanonicalResidenceAddressAttributBuilder.java7
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/attributes/STORKCountryCodeOfBirthAttributBuilder.java7
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/attributes/STORKFiscalNumberAttributBuilder.java7
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/attributes/STORKGenderAttributBuilder.java7
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/attributes/STORKInhertedFamilyNameAttributBuilder.java7
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/attributes/STORKIsAgeOverAttributBuilder.java7
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/attributes/STORKMaritalStatusAttributBuilder.java7
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/attributes/STORKNationalityCodeAttributBuilder.java7
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/attributes/STORKPseudonymAttributBuilder.java7
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/attributes/STORKResidencePermitAttributBuilder.java7
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/attributes/STORKTextResidenceAddressAttributBuilder.java7
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/attributes/STORKTitleAttributBuilder.java7
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/attributes/exceptions/AttributePolicyException.java (renamed from id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/exceptions/PVP2EncodingException.java)26
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/config/PVPConfiguration.java37
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/exceptions/AssertionAttributeExtractorExeption.java50
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/exceptions/AssertionValidationExeption.java49
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/exceptions/AttributQueryException.java (renamed from id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/exceptions/NoAuthContextException.java)23
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/exceptions/InvalidAssertionEncryptionException.java2
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/exceptions/NOSLOServiceDescriptorException.java44
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/exceptions/NameIDFormatNotSupportedException.java4
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/exceptions/SLOException.java41
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/messages/InboundMessage.java (renamed from id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/binding/MOARequest.java)112
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/messages/InboundMessageInterface.java38
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/messages/MOARequest.java66
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/messages/MOAResponse.java (renamed from id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/binding/MOAResponse.java)52
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/metadata/MOAMetadataProvider.java96
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/requestHandler/ArtifactResolution.java20
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/requestHandler/AuthnRequestHandler.java161
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/requestHandler/IRequestHandler.java12
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/requestHandler/RequestManager.java11
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/signer/CredentialProvider.java28
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/utils/AssertionAttributeExtractor.java111
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/utils/AttributeExtractor.java85
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/utils/MOASAMLSOAPClient.java93
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/utils/SAML2Utils.java13
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/verification/SAMLVerificationEngine.java135
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/verification/metadata/InterfederatedIDPPublicServiceFilter.java76
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/verification/metadata/MetadataFilterChain.java82
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/verification/metadata/MetadataSignatureFilter.java (renamed from id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/verification/MetadataSignatureFilter.java)7
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/saml1/GetArtifactAction.java65
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/saml1/GetAuthenticationDataService.java21
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/saml1/SAML1AuthenticationData.java177
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/saml1/SAML1AuthenticationServer.java84
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/saml1/SAML1Protocol.java31
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/saml1/SAML1RequestImpl.java45
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/AttributeCollector.java31
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/AttributeProvider.java7
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/AuthenticationRequest.java53
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/ConsentEvaluator.java10
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/EHvdAttributeProviderPlugin.java13
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/MOASTORKRequest.java80
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/MOASTORKResponse.java15
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/MandateAttributeRequestProvider.java5
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/MandateRetrievalRequest.java20
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/STORKProtocol.java1
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/SignedDocAttributeRequestProvider.java23
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/StorkAttributeRequestProvider.java26
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/proxy/DefaultLoginParameterResolver.java9
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/proxy/LoginParameterResolver.java5
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/proxy/XMLLoginParameterResolverEncryptedData.java9
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/proxy/XMLLoginParameterResolverPlainData.java10
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/proxy/invoke/GetAuthenticationDataInvoker.java3
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/proxy/parser/AuthenticationDataAssertionParser.java5
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/proxy/parser/SAMLResponseParser.java3
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/proxy/servlet/ProxyServlet.java3
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/storage/AssertionStorage.java58
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/storage/AuthenticationSessionStoreage.java635
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/storage/DBExceptionStoreImpl.java2
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/util/ErrorResponseUtils.java103
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/util/SSLUtils.java105
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/util/client/mis/simple/MISMandate.java25
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/util/client/mis/simple/MISSimpleClient.java42
-rw-r--r--id/server/idserverlib/src/main/resources/resources/properties/id_messages_de.properties29
-rw-r--r--id/server/idserverlib/src/main/resources/resources/properties/protocol_response_statuscodes_de.properties187
-rw-r--r--id/server/idserverlib/src/test/java/test/at/gv/egovernment/moa/id/proxy/parser/SAMLResponseParserTest.java3
-rw-r--r--id/server/moa-id-commons/pom.xml41
-rw-r--r--id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/db/dao/session/AuthenticatedSessionStore.java44
-rw-r--r--id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/db/dao/session/InterfederationSessionStore.java195
-rw-r--r--id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/db/dao/session/OASessionStore.java70
-rw-r--r--id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/db/dao/statistic/StatisticLog.java18
-rw-r--r--id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/ex/MOAHttpProtocolSocketFactoryException.java42
-rw-r--r--id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/utils/MOAHttpProtocolSocketFactory.java129
-rw-r--r--id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/utils/ssl/CertStoreConfigurationImpl.java (renamed from id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/iaik/config/CertStoreConfigurationImpl.java)21
-rw-r--r--id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/utils/ssl/MOAIDTrustManager.java (renamed from id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/iaik/pki/jsse/MOAIDTrustManager.java)5
-rw-r--r--id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/utils/ssl/ObservableImpl.java (renamed from id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/iaik/servertools/observer/ObservableImpl.java)2
-rw-r--r--id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/utils/ssl/PKIConfigurationImpl.java (renamed from id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/iaik/config/PKIConfigurationImpl.java)10
-rw-r--r--id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/utils/ssl/PKIProfileImpl.java (renamed from id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/iaik/pki/PKIProfileImpl.java)4
-rw-r--r--id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/utils/ssl/RevocationConfigurationImpl.java (renamed from id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/iaik/config/RevocationConfigurationImpl.java)4
-rw-r--r--id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/utils/ssl/SSLConfigurationException.java71
-rw-r--r--id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/utils/ssl/SSLUtils.java186
-rw-r--r--id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/utils/ssl/ValidationConfigurationImpl.java (renamed from id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/iaik/config/ValidationConfigurationImpl.java)14
-rw-r--r--id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/validation/TargetValidator.java104
-rw-r--r--id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/validation/ValidationHelper.java387
-rw-r--r--id/server/moa-id-commons/src/main/java/org/apache/commons/httpclient/MOAHttpClient.java100
-rw-r--r--id/server/moa-id-commons/src/main/resources/config/bindings.xjb5
-rw-r--r--id/server/moa-id-commons/src/main/resources/config/moaid_config_2.0.xsd51
-rw-r--r--id/server/pom.xml25
-rw-r--r--id/server/proxy/pom.xml21
-rw-r--r--id/server/stork2-commons/pom.xml23
-rw-r--r--id/server/stork2-saml-engine/pom.xml37
-rw-r--r--id/server/stork2-saml-engine/src/main/java/eu/stork/peps/auth/engine/core/impl/SignP12.java35
-rw-r--r--id/server/stork2-saml-engine/src/main/java/eu/stork/peps/auth/engine/core/impl/SignSW.java36
405 files changed, 16862 insertions, 3007 deletions
diff --git a/id/server/auth/pom.xml b/id/server/auth/pom.xml
index 618429a8e..cbc147c0a 100644
--- a/id/server/auth/pom.xml
+++ b/id/server/auth/pom.xml
@@ -2,12 +2,13 @@
<parent>
<groupId>MOA.id</groupId>
<artifactId>moa-id</artifactId>
- <version>2.0.1</version>
+ <version>2.x</version>
</parent>
<modelVersion>4.0.0</modelVersion>
<groupId>MOA.id.server</groupId>
<artifactId>moa-id-auth</artifactId>
+ <version>${moa-id-version}</version>
<packaging>war</packaging>
<name>MOA ID-Auth WebService</name>
@@ -27,7 +28,26 @@
<!--sourceDirectory>${basedir}/../idserverlib/src/main/java</sourceDirectory-->
<!--testSourceDirectory>${basedir}/../idserverlib/src/test/java</testSourceDirectory-->
<plugins>
- <plugin>
+
+ <plugin>
+ <groupId>org.codehaus.mojo</groupId>
+ <artifactId>properties-maven-plugin</artifactId>
+ <version>1.0-alpha-2</version>
+ <executions>
+ <execution>
+ <phase>initialize</phase>
+ <goals>
+ <goal>read-project-properties</goal>
+ </goals>
+ <configuration>
+ <files>
+ <file>${basedir}/../../../moa-id.properties</file>
+ </files>
+ </configuration>
+ </execution>
+ </executions>
+ </plugin>
+ <plugin>
<groupId>org.apache.maven.plugins</groupId>
<artifactId>maven-war-plugin</artifactId>
<version>2.1.1</version>
diff --git a/id/server/auth/src/main/resources/log4j.properties b/id/server/auth/src/main/resources/log4j.properties
new file mode 100644
index 000000000..ecdfad165
--- /dev/null
+++ b/id/server/auth/src/main/resources/log4j.properties
@@ -0,0 +1,27 @@
+# commons-logging setup
+org.apache.commons.logging.LogFactory=org.apache.commons.logging.impl.Log4jFactory
+
+# define log4j root loggers
+log4j.rootLogger=info, stdout, R
+log4j.logger.at.gv.egovernment.moa=info, R
+log4j.logger.at.gv.egovernment.moa.spss=info, R
+log4j.logger.iaik.server=info, R
+log4j.logger.at.gv.egovernment.moa.id=info, R
+log4j.logger.at.gv.egovernment.moa.id.proxy=info, R
+log4j.logger.eu.stork=info, R
+log4j.logger.org.hibernate=warn, R
+
+# configure the stdout appender
+log4j.appender.stdout=org.apache.log4j.ConsoleAppender
+log4j.appender.stdout.layout=org.apache.log4j.PatternLayout
+#log4j.appender.stdout.layout.ConversionPattern=%5p | %d{dd HH:mm:ss,SSS} | %20c | %10t | %m%n
+log4j.appender.stdout.layout.ConversionPattern=%5p | %d{dd HH:mm:ss,SSS} | %20.20c | %10t | %m%n
+
+# configure the rolling file appender (R)
+log4j.appender.R=org.apache.log4j.RollingFileAppender
+log4j.appender.R.File=${catalina.base}/logs/moa-id.log
+log4j.appender.R.MaxFileSize=10000KB
+log4j.appender.R.MaxBackupIndex=1
+log4j.appender.R.layout=org.apache.log4j.PatternLayout
+log4j.appender.R.layout.ConversionPattern=%5p | %d{dd HH:mm:ss,SSS} | %t | %m%n
+
diff --git a/id/server/auth/src/main/webapp/Blockdiagramm.png b/id/server/auth/src/main/webapp/Blockdiagramm.png
index f5bdb9e3a..1490530ea 100644
--- a/id/server/auth/src/main/webapp/Blockdiagramm.png
+++ b/id/server/auth/src/main/webapp/Blockdiagramm.png
Binary files differ
diff --git a/id/server/auth/src/main/webapp/WEB-INF/urlrewrite.xml b/id/server/auth/src/main/webapp/WEB-INF/urlrewrite.xml
index 6f451ec79..6da7396a1 100644
--- a/id/server/auth/src/main/webapp/WEB-INF/urlrewrite.xml
+++ b/id/server/auth/src/main/webapp/WEB-INF/urlrewrite.xml
@@ -48,9 +48,13 @@
<to type="forward">/dispatcher?mod=id_pvp2x&amp;action=Post&amp;%{query-string}</to>
</rule>
<rule match-type="regex">
- <from>^/PVP2Soap$</from>
+ <from>^/pvp2/Soap$</from>
<to type="forward">/dispatcher?mod=id_pvp2x&amp;action=Soap</to>
</rule>
+ <rule match-type="regex">
+ <from>^/pvp2/attributequery$</from>
+ <to type="forward">/dispatcher?mod=id_pvp2x&amp;action=AttributeQuery</to>
+ </rule>
<rule match-type="regex">
<from>^/stork2/StartAuthentication$</from>
diff --git a/id/server/auth/src/main/webapp/anmeldeablauf.png b/id/server/auth/src/main/webapp/anmeldeablauf.png
index a6af21c5f..59bdefe62 100644
--- a/id/server/auth/src/main/webapp/anmeldeablauf.png
+++ b/id/server/auth/src/main/webapp/anmeldeablauf.png
Binary files differ
diff --git a/id/server/auth/src/main/webapp/index.html b/id/server/auth/src/main/webapp/index.html
index 32e2eea23..4faff7746 100644
--- a/id/server/auth/src/main/webapp/index.html
+++ b/id/server/auth/src/main/webapp/index.html
@@ -2,7 +2,7 @@
<html>
<head>
<meta http-equiv="content-type" content="text/html; charset=ISO-8859-1" >
- <title>MOA-ID 2.0 RC1</title>
+ <title>MOA-ID 2.1.x</title>
<link rel="stylesheet" href="./common/MOA.css" type="text/css">
</head>
<body link="#990000">
@@ -14,7 +14,7 @@
</tr>
</table>
<hr/>
- <p class="title">MOA-ID 2.0.1</p>
+ <p class="title">MOA-ID 2.1.0-RC1</p>
<hr/>
<h1>Inhalt</h1>
<ol>
@@ -40,7 +40,7 @@
<ol>
<li><u>CORE LOGIC</u>: Diese Komponente ist die zentrale Logik zur Steuerung der einzelnen Prozesse innerhalb MOA-ID 2.x.</li>
<li><u>Protocol Adapter</u>: Stellt die in MOA-ID 2.x unterst&uuml;tzten Authentifizierungsprotokolle f&uuml;r die Anbindung von Service Providern zur Verf&uuml;gung.</li>
- <li><u>Auth Sources</u>: Stellt die von MOA-ID 2.x unterst&uuml;tzte Identifikationsmechanismen zur Verf&uuml;gung. Dies sind die &ouml;sterreichische B&uuml;rgerkarte oder Handy-Signatur sowie die Anmeldung ausl&auml;ndischer Personen mit Hilfe des STORK Protokoll.</li>
+ <li><u>Auth Sources</u>: Stellt die von MOA-ID 2.x unterst&uuml;tzte Identifikationsmechanismen zur Verf&uuml;gung. Dies sind die &ouml;sterreichische B&uuml;rgerkarte oder Handy-Signatur, die Anmeldung ausl&auml;ndischer Personen mit Hilfe des STORK Protokoll oder mittels Single Sign-On von einem weiteren vertrauensw&uuml;rdigen Identity Provider (Interfederation).</li>
<li><u>Template Generator</u>: Der Template Generator erzeugt f&uuml;r Service Provider die entsprechenden Login-Masken f&uuml;r die Integration in die eigene Web-Applikation.</li>
<li><u>SSO Module</u>: Das Single Sign-On (SSO) Modul verwaltet die zus&auml;tzlichen Operationen die sich aus der Umsetzung von SSO ergeben. Dies umfasst im Besonderen das SSO Session-Management.</li>
<li><u>Statistic Module</u>: Dieses Modul dient zur Generierung von anonymisierten Statistikdaten aus den Anmeldeinformationen. </li>
diff --git a/id/server/auth/src/main/webapp/moa_errorcodes.html b/id/server/auth/src/main/webapp/moa_errorcodes.html
new file mode 100644
index 000000000..927ad167c
--- /dev/null
+++ b/id/server/auth/src/main/webapp/moa_errorcodes.html
@@ -0,0 +1,329 @@
+<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">
+<html>
+<head>
+ <meta http-equiv="content-type" content="text/html; charset=ISO-8859-1" >
+ <title>MOA-ID 2.0.x</title>
+ <link rel="stylesheet" href="./common/MOA.css" type="text/css">
+</head>
+<body>
+<h2>&Uuml;bersicht der m&ouml;glichen MOA-ID spezifischen Statuscodes
+</h2>
+<h3><a name="statuscodes_1xxxx" id="allgemeines_zugangspunkte7"></a>1.3.1 Statuscodes 1xxxx</h3>
+<p>Alle Statuscodes beginnent mit der Zahl eins beschreiben Fehler welche w&auml;hrend des Identifizerungs- und Authentifizierungsvorgangs aufgetreten sind.</p>
+<h4><a name="statuscodes_10xxx" id="allgemeines_zugangspunkte11"></a>1.3.1.1 Authentifizierung (10xxx)</h4>
+<table width="1237" border="1">
+ <tr>
+ <th width="214" scope="col">Statuscode</th>
+ <th width="1007" scope="col">Beschreibung</th>
+ </tr>
+ <tr>
+ <td><a name="1000" id="allgemeines_zugangspunkte"></a>1000</td>
+ <td>Anmeldung an der angeforderten Online-Applikation wird nicht unterst&uuml;tzt.</td>
+ </tr>
+ <tr>
+ <td><a name="1001" id="allgemeines_zugangspunkte2"></a>1001</td>
+ <td>Es ist bereits eine Anmeldung im Gange.</td>
+ </tr>
+ <tr>
+ <td><a name="1002" id="allgemeines_zugangspunkte3"></a>1002</td>
+ <td>Fehlerhafter Parameter</td>
+ </tr>
+ <tr>
+ <td><a name="1003" id="allgemeines_zugangspunkte4"></a>1003</td>
+ <td>Anfrage nur &uuml;ber https m&ouml;glich</td>
+ </tr>
+ <tr>
+ <td><a name="1004" id="allgemeines_zugangspunkte5"></a>1004</td>
+ <td>Zertifikat konnte nicht ausgelesen werden</td>
+ </tr>
+ <tr>
+ <td><a name="1005" id="allgemeines_zugangspunkte6"></a>1005</td>
+ <td>Die Authentifizierung wurde durch den Benutzer abgebrochen</td>
+ </tr>
+ <tr>
+ <td><a name="1006" id="allgemeines_zugangspunkte25"></a>1006</td>
+ <td>Vollmachtsmodus f&uuml;r nicht-&ouml;ffentlichen Bereich wird nicht unterst&uuml;tzt.</td>
+ </tr>
+ <tr>
+ <td><a name="1007" id="allgemeines_zugangspunkte26"></a>1007</td>
+ <td>Vollmachtsmodus f&uuml;r ausl&auml;ndische Personen wird nicht unterst&uuml;tzt.</td>
+ </tr>
+</table>
+<h4><a name="statuscodes_11xxx" id="allgemeines_zugangspunkte12"></a>1.3.1.2 Validierung (11xxx)</h4>
+<table width="1237" border="1">
+ <tr>
+ <th width="214" scope="col">Statuscode</th>
+ <th width="1007" scope="col">Beschreibung</th>
+ </tr>
+ <tr>
+ <td><a name="1100" id="allgemeines_zugangspunkte27"></a>1100</td>
+ <td>Ung&uuml;ltige MOA SessionID</td>
+ </tr>
+ <tr>
+ <td><a name="1101" id="allgemeines_zugangspunkte28"></a>1101</td>
+ <td>Fehler beim Parsen eines Parameters</td>
+ </tr>
+ <tr>
+ <td><a name="1102" id="allgemeines_zugangspunkte29"></a>1102</td>
+ <td>Fehler beim Validieren der Personenbindung</td>
+ </tr>
+ <tr>
+ <td><a name="1103" id="allgemeines_zugangspunkte30"></a>1103</td>
+ <td>Signatur ung&uuml;ltig</td>
+ </tr>
+ <tr>
+ <td><a name="1104" id="allgemeines_zugangspunkte31"></a>1104</td>
+ <td>Zertifikat der Personenbindung ung&uuml;ltig</td>
+ </tr>
+ <tr>
+ <td><a name="1105" id="allgemeines_zugangspunkte32"></a>1105</td>
+ <td>Zertifikat der Signature ung&uuml;ltig</td>
+ </tr>
+ <tr>
+ <td><a name="1106" id="allgemeines_zugangspunkte33"></a>1106</td>
+ <td>Fehler beim Validieren des AuthBlocks</td>
+ </tr>
+ <tr>
+ <td><a name="1107" id="allgemeines_zugangspunkte34"></a>1107</td>
+ <td>Fehler beim Validieren eines SSL-Server-Endzertifikates</td>
+ </tr>
+ <tr>
+ <td><a name="1108" id="allgemeines_zugangspunkte35"></a>1108</td>
+ <td>Fehler beim Validieren der Online Vollmacht.</td>
+ </tr>
+ <tr>
+ <td><a name="1109" id="allgemeines_zugangspunkte36"></a>1109</td>
+ <td>Fehler beim validieren der SZR-Gateway Response</td>
+ </tr>
+</table>
+<h4><a name="statuscodes_12xxx" id="allgemeines_zugangspunkte13"></a>1.3.1.3 STORK (12xxx)</h4>
+<table width="1237" border="1">
+ <tr>
+ <th width="214" scope="col">Statuscode</th>
+ <th width="1007" scope="col">Beschreibung</th>
+ </tr>
+ <tr>
+ <td><a name="1200" id="allgemeines_zugangspunkte37"></a>1200</td>
+ <td>Fehler beim erstellen des STORK Authentifizierungsrequests</td>
+ </tr>
+ <tr>
+ <td><a name="1201" id="allgemeines_zugangspunkte38"></a>1201</td>
+ <td>Fehler beim validieren der STORK Authentifizierungsresponse</td>
+ </tr>
+ <tr>
+ <td><a name="1202" id="allgemeines_zugangspunkte39"></a>1202</td>
+ <td>STORK Authentifizierungsresponse antwortet mit einem Fehler</td>
+ </tr>
+ <tr>
+ <td><a name="1203" id="allgemeines_zugangspunkte40"></a>1203</td>
+ <td>Fehler beim Sammeln von STORK Attributen</td>
+ </tr>
+</table>
+<h3><a name="statuscodes_4xxxx" id="allgemeines_zugangspunkte8"></a>1.3.2 Statuscodes 4xxxx</h3>
+<p>Alles Statuscodes beginnent mit der Zahl vier beschreiben Fehler die w&auml;hrend der Kommunikation mit externen Services aufgetreten sind.</p>
+<h4><a name="statuscodes_40xxx" id="allgemeines_zugangspunkte19"></a>1.3.2.1 BKU (40xxxx)</h4>
+<p>Tritt w&auml;hrend des Anmeldevorgangs in der B&uuml;rgerkartenumgebung ein Fehler auf so wird der entsprechende Fehlercode an den Service Provider weitergereicht. Der der durch das Modul MOA-ID-Auth weitergereichte Statuscode f&uuml;r B&uuml;rgerkartenumgebungsfehler wei&szlig;t das folgende zweiteilige Format auf. Der erste Teil, bestehend aus zwei Dezimalstellen, kennzeichnet den Fehler als Fehler als B&uuml;rgerkartenumgebungsfehler. Der zweite Teil, bestehend aus vier Dezimalstellen bezeichnet den eindeutigen Identifikator des Fehers aus der B&uuml;rgerkartenumgebung (<a href="http://www.buergerkarte.at/konzept/securitylayer/spezifikation/20140114/">siehe SecurityLayer Spezifikation</a>). </p>
+<p align="right"><em><a name="40" id="allgemeines_zugangspunkte41"></a>{40}{xxxxx}</em></p>
+<blockquote>
+ <p>{40} ... MOA-ID Statuscode f&uuml;r Fehler aus der B&uuml;rgerkartenumgebung</p>
+ <p>{xxxx} .... Fehlercode der B&uuml;rgerkartenumgebung.</p>
+</blockquote>
+<h4><a name="statuscodes_41xxx" id="allgemeines_zugangspunkte20"></a>1.3.2.2 MIS (41xxxx)</h4>
+<p>Tritt w&auml;hrend der Kommunikation mit dem Online-Vollmachten Service oder der Vollmachtsauswahl ein Fehler auf so wird der entsprechende Fehlercode an den Service Provider weitergereicht. Der der durch das Modul MOA-ID-Auth weitergereichte Statuscode f&uuml;r Fehler aus dem Online-Vollmachten Service wei&szlig;t das folgende zweiteilige Format auf. Der erste Teil, bestehend aus drei Dezimalstellen, kennzeichnet den Fehler als Fehler als Online-Vollmachten Service Fehler. Der zweite Teil, bestehend aus drei Dezimalstellen bezeichnet den eindeutigen Identifikator des Fehlers aus dem Online-Vollmachten Service (<a href="http://reference.e-government.gv.at/AG-II-Architektur-mis-1-1-0.2890.0.html">siehe Online-Vollmachten Spezifikation</a>). </p>
+<p><em><a name="41" id="allgemeines_zugangspunkte42"></a>{411}{xxxx}</em></p>
+<blockquote>
+ <p>{411} ... MOA-ID Statuscode f&uuml;r Fehler aus dem Online-Vollmachten Service.</p>
+ <p>{xxx} .... Fehlercode des Online-Vollmachten Service.</p>
+</blockquote>
+<p>Zus&auml;tzlich zu den gemappeden Fehlern aus dem Online-Vollmachen Service werden zus&auml;tzliche weitere Fehlercodes definiert.</p>
+<table width="1237" border="1">
+ <tr>
+ <th width="214" scope="col">Statuscode</th>
+ <th width="1007" scope="col">Beschreibung</th>
+ </tr>
+ <tr>
+ <td>41000</td>
+ <td>Das Online-Vollmachten Service ist nicht erreichbar</td>
+ </tr>
+ <tr>
+ <td>41001</td>
+ <td>Allgemeiner Fehler bei der Kommunikation mit dem Online-Vollmachten Service</td>
+ </tr>
+</table>
+<h4><a name="statuscodes_42xxx" id="allgemeines_zugangspunkte21"></a>1.3.2.3 SZR-Gateway (42xxx)</h4>
+<table width="1237" border="1">
+ <tr>
+ <th width="214" scope="col">Statuscode</th>
+ <th width="1007" scope="col">Beschreibung</th>
+ </tr>
+ <tr>
+ <td><a name="4200" id="allgemeines_zugangspunkte43"></a>4200</td>
+ <td>Das SZR-Gateway Service ist nicht erreichbar</td>
+ </tr>
+ <tr>
+ <td><a name="4201" id="allgemeines_zugangspunkte44"></a>4201</td>
+ <td>Die Antragung in das SZR ist fehlgeschlagen</td>
+ </tr>
+</table>
+<h4><a name="statuscodes_43xxx" id="allgemeines_zugangspunkte22"></a>1.3.2.4 MOA SP/SS(43xxx)</h4>
+<table width="1237" border="1">
+ <tr>
+ <th width="214" scope="col">Statuscode</th>
+ <th width="1007" scope="col">Beschreibung</th>
+ </tr>
+ <tr>
+ <td><a name="4300" id="allgemeines_zugangspunkte45"></a>4300</td>
+ <td>Fehler beim Aufruf von MOA SP/SS</td>
+ </tr>
+</table>
+<h4><a name="statuscodes_44xxx" id="allgemeines_zugangspunkte23"></a>1.3.2.5 Interfederation (44xxx)</h4>
+<table width="1237" border="1">
+ <tr>
+ <th width="214" scope="col">Statuscode</th>
+ <th width="1007" scope="col">Beschreibung</th>
+ </tr>
+ <tr>
+ <td><a name="4400" id="allgemeines_zugangspunkte46"></a>4400</td>
+ <td>Fehler beim generieren der Anmeldedaten</td>
+ </tr>
+</table>
+<h3><a name="statuscodes_6xxxx" id="allgemeines_zugangspunkte9"></a>1.3.3 Statuscodes 6xxxx</h3>
+<p>Alles Statuscodes beginnent mit der Zahl sechs beschreiben protokolspezifische Fehler die nicht durch das jeweilige Authentifizierungsprotokoll abgebildet werden.</p>
+<h4><a name="statuscodes_61xxx" id="allgemeines_zugangspunkte24"></a>1.3.3.1 Allgemein (61xxx)</h4>
+<table width="1237" border="1">
+ <tr>
+ <th width="214" scope="col">Statuscode</th>
+ <th width="1007" scope="col">Beschreibung</th>
+ </tr>
+ <tr>
+ <td><a name="6000" id="allgemeines_zugangspunkte47"></a>6000</td>
+ <td>Das Authentifizierungsprotokoll wurde nicht erkannt oder wird nicht unterst&uuml;zt</td>
+ </tr>
+ <tr>
+ <td><a name="6001" id="allgemeines_zugangspunkte48"></a>6001</td>
+ <td>Der STORK Request wurde nicht erkannt oder wird nicht unterst&uuml;zt</td>
+ </tr>
+</table>
+<h4><a name="statuscodes_61xxx" id="allgemeines_zugangspunkte16"></a>1.3.3.2 PVP 2.1 (61xxx)</h4>
+<table width="1237" border="1">
+ <tr>
+ <th width="214" scope="col">Statuscode</th>
+ <th width="1007" scope="col">Beschreibung</th>
+ </tr>
+ <tr>
+ <td><a name="6100" id="allgemeines_zugangspunkte49"></a>6100</td>
+ <td>Fehler beim erstellen der PVP 2.1 Response</td>
+ </tr>
+ <tr>
+ <td><a name="6101" id="allgemeines_zugangspunkte50"></a>6101</td>
+ <td>Fehler beim verschl&uuml;sseln der PVP 2.1 Assertion</td>
+ </tr>
+ <tr>
+ <td><a name="6102" id="allgemeines_zugangspunkte51"></a>6102</td>
+ <td>Authentifizierung entspricht nicht dem geforderten QAA Level</td>
+ </tr>
+ <tr>
+ <td><a name="6103" id="allgemeines_zugangspunkte52"></a>6103</td>
+ <td>F&uuml;r die im Requst angegebene EnityID konnten keine g&uuml;ltigen Metadaten gefunden werden</td>
+ </tr>
+ <tr>
+ <td><a name="6104" id="allgemeines_zugangspunkte53"></a>6104</td>
+ <td>Die Signatur des Requests konnte nicht g&uuml;ltig validiert werden. Entweder ist die Signatur ung&uuml;ltig oder das Signaturzertifikat stimmt nicht mit dem in den Metadaten hinterlegten Zertifikat &uuml;berein.</td>
+ </tr>
+ <tr>
+ <td><a name="6105" id="allgemeines_zugangspunkte54"></a>6105</td>
+ <td>Der Request konnte nicht g&uuml;ltig validiert werden.</td>
+ </tr>
+</table>
+<h4><a name="statuscodes_62xxx" id="allgemeines_zugangspunkte17"></a>1.3.3.3 OpenID Connect (62xxx)</h4>
+<table width="1237" border="1">
+ <tr>
+ <th width="214" scope="col">Statuscode</th>
+ <th width="1007" scope="col">Beschreibung</th>
+ </tr>
+ <tr>
+ <td><a name="6200" id="allgemeines_zugangspunkte55"></a>6200</td>
+ <td>Fehlerhafte redirect url</td>
+ </tr>
+</table>
+<h4><a name="statuscodes_63xxx" id="allgemeines_zugangspunkte18"></a>1.3.3.4 SAML 1(63xxx)</h4>
+<table width="1237" border="1">
+ <tr>
+ <th width="214" scope="col">Statuscode</th>
+ <th width="1007" scope="col">Beschreibung</th>
+ </tr>
+ <tr>
+ <td><a name="6300" id="allgemeines_zugangspunkte56"></a>6300</td>
+ <td>Fehlerhaftes SAML Artifact Format</td>
+ </tr>
+</table>
+<h3><a name="statuscodes_9xxxx" id="allgemeines_zugangspunkte10"></a>1.3.4 Statuscodes 9xxxx</h3>
+<p>Alles Statuscodes beginnent mit der Zahl neun beschreiben interne Serverfehler.</p>
+<h4><a name="statuscodes_90xxx" id="allgemeines_zugangspunkte14"></a>1.3.4.1 Konfigurationsfehler (90xxx)</h4>
+<table width="1237" border="1">
+ <tr>
+ <th width="214" scope="col">Statuscode</th>
+ <th width="1007" scope="col">Beschreibung</th>
+ </tr>
+ <tr>
+ <td><a name="9000" id="allgemeines_zugangspunkte57"></a>9000</td>
+ <td>Fehlerhaftes BKU-Selection Template</td>
+ </tr>
+ <tr>
+ <td><a name="9001" id="allgemeines_zugangspunkte58"></a>9001</td>
+ <td>Fehlerhaftes Send-Assertion Template</td>
+ </tr>
+ <tr>
+ <td><a name="9002" id="allgemeines_zugangspunkte59"></a>9002</td>
+ <td>Fehlerhaftes SecurityLayer Template.</td>
+ </tr>
+ <tr>
+ <td><a name="9003" id="allgemeines_zugangspunkte60"></a>9003</td>
+ <td>Fehlerhafte STORK VIDP Konfiguration</td>
+ </tr>
+ <tr>
+ <td><a name="9004" id="allgemeines_zugangspunkte61"></a>9004</td>
+ <td>Fehlerhafte STORK Konfiguration</td>
+ </tr>
+ <tr>
+ <td><a name="9005" id="allgemeines_zugangspunkte62"></a>9005</td>
+ <td>Fehlerhafte OpenID Connect Konfiguration</td>
+ </tr>
+ <tr>
+ <td><a name="9006" id="allgemeines_zugangspunkte63"></a>9006</td>
+ <td>Es sind keine Vollmachtsprofile konfiguriert.</td>
+ </tr>
+ <tr>
+ <td><a name="9007" id="allgemeines_zugangspunkte64"></a>9007</td>
+ <td>Der SZR-Gateway Client konnte nicht initialisiert werden.</td>
+ </tr>
+</table>
+<h4><a name="statuscodes_91xxx" id="allgemeines_zugangspunkte15"></a>1.3.4.2 Interne Fehler (91xxx)</h4>
+<table width="1237" border="1">
+ <tr>
+ <th width="214" scope="col">Statuscode</th>
+ <th width="1007" scope="col">Beschreibung</th>
+ </tr>
+ <tr>
+ <td><a name="9100" id="allgemeines_zugangspunkte65"></a>9100</td>
+ <td>Fehler beim einlesen einer externen Resource.</td>
+ </tr>
+ <tr>
+ <td><a name="9101" id="allgemeines_zugangspunkte66"></a>9101</td>
+ <td>Datenbankzugriffsfehler</td>
+ </tr>
+ <tr>
+ <td><a name="9102" id="allgemeines_zugangspunkte67"></a>9102</td>
+ <td>Fehler beim Erzeugen einer internen Datenstruktur</td>
+ </tr>
+ <tr>
+ <td><a name="9103" id="allgemeines_zugangspunkte68"></a>9103</td>
+ <td>Fehler bei der Verarbeitung eines Templates</td>
+ </tr>
+ <tr>
+ <td><a name="9199" id="allgemeines_zugangspunkte69"></a>9199</td>
+ <td>Allgemeiner interner Fehler</td>
+ </tr>
+</table>
+</body>
+</html> \ No newline at end of file
diff --git a/id/server/data/deploy/conf/moa-id-configuration/certs/certstore/0ED5CDAFA436F005D3F8351F242765C0B56DE4A3/60916A7AFE1F0EA965ECC9375BE974971B5DC1E6 b/id/server/data/deploy/conf/moa-id-configuration/certs/certstore/0ED5CDAFA436F005D3F8351F242765C0B56DE4A3/60916A7AFE1F0EA965ECC9375BE974971B5DC1E6
new file mode 100644
index 000000000..dfe7072c1
--- /dev/null
+++ b/id/server/data/deploy/conf/moa-id-configuration/certs/certstore/0ED5CDAFA436F005D3F8351F242765C0B56DE4A3/60916A7AFE1F0EA965ECC9375BE974971B5DC1E6
Binary files differ
diff --git a/id/server/data/deploy/conf/moa-id-configuration/certs/certstore/1BC54FCD10AC931CD35BDBDCD622330B06FF615E/C200667FF6D7CD3CD371EB2FD6A8E741D5D3EA28 b/id/server/data/deploy/conf/moa-id-configuration/certs/certstore/1BC54FCD10AC931CD35BDBDCD622330B06FF615E/C200667FF6D7CD3CD371EB2FD6A8E741D5D3EA28
new file mode 100644
index 000000000..38c2de589
--- /dev/null
+++ b/id/server/data/deploy/conf/moa-id-configuration/certs/certstore/1BC54FCD10AC931CD35BDBDCD622330B06FF615E/C200667FF6D7CD3CD371EB2FD6A8E741D5D3EA28
Binary files differ
diff --git a/id/server/data/deploy/conf/moa-id-configuration/certs/certstore/238ACC1D03DA5A2E7E580D760FB3EE218FDC5A97/D3C063F219ED073E34AD5D750B327629FFD59AF2 b/id/server/data/deploy/conf/moa-id-configuration/certs/certstore/238ACC1D03DA5A2E7E580D760FB3EE218FDC5A97/D3C063F219ED073E34AD5D750B327629FFD59AF2
new file mode 100644
index 000000000..33e776369
--- /dev/null
+++ b/id/server/data/deploy/conf/moa-id-configuration/certs/certstore/238ACC1D03DA5A2E7E580D760FB3EE218FDC5A97/D3C063F219ED073E34AD5D750B327629FFD59AF2
Binary files differ
diff --git a/id/server/data/deploy/conf/moa-id-configuration/certs/certstore/844A1479AD61EA2C122DA87572364FDB6EFF5F81/0BB438D6E2D13BE3FD8CF0807BD560D3CB5C4A98 b/id/server/data/deploy/conf/moa-id-configuration/certs/certstore/844A1479AD61EA2C122DA87572364FDB6EFF5F81/0BB438D6E2D13BE3FD8CF0807BD560D3CB5C4A98
new file mode 100644
index 000000000..e13546c72
--- /dev/null
+++ b/id/server/data/deploy/conf/moa-id-configuration/certs/certstore/844A1479AD61EA2C122DA87572364FDB6EFF5F81/0BB438D6E2D13BE3FD8CF0807BD560D3CB5C4A98
Binary files differ
diff --git a/id/server/data/deploy/conf/moa-id-configuration/certs/certstore/88BBA52A5AF119284F03A7D0D1DA61934EE57A79/FE4F09F5D1A4AADE9232D9E2D6B9A2552BC48A22 b/id/server/data/deploy/conf/moa-id-configuration/certs/certstore/88BBA52A5AF119284F03A7D0D1DA61934EE57A79/FE4F09F5D1A4AADE9232D9E2D6B9A2552BC48A22
new file mode 100644
index 000000000..a699436ca
--- /dev/null
+++ b/id/server/data/deploy/conf/moa-id-configuration/certs/certstore/88BBA52A5AF119284F03A7D0D1DA61934EE57A79/FE4F09F5D1A4AADE9232D9E2D6B9A2552BC48A22
Binary files differ
diff --git a/id/server/data/deploy/conf/moa-id-configuration/certs/certstore/C15B362B586F7D6FE99A08C386E6DEAC7C0B93BC/BECE82B2F908174E2379652769C6942AF1F0CC5E b/id/server/data/deploy/conf/moa-id-configuration/certs/certstore/C15B362B586F7D6FE99A08C386E6DEAC7C0B93BC/BECE82B2F908174E2379652769C6942AF1F0CC5E
new file mode 100644
index 000000000..c3363a922
--- /dev/null
+++ b/id/server/data/deploy/conf/moa-id-configuration/certs/certstore/C15B362B586F7D6FE99A08C386E6DEAC7C0B93BC/BECE82B2F908174E2379652769C6942AF1F0CC5E
Binary files differ
diff --git a/id/server/data/deploy/conf/moa-id-configuration/certs/truststore/A-Trust-nQual-03.crt b/id/server/data/deploy/conf/moa-id-configuration/certs/truststore/A-Trust-nQual-03.crt
new file mode 100644
index 000000000..23ddad0bd
--- /dev/null
+++ b/id/server/data/deploy/conf/moa-id-configuration/certs/truststore/A-Trust-nQual-03.crt
@@ -0,0 +1,23 @@
+-----BEGIN CERTIFICATE-----
+MIIDzzCCAregAwIBAgIDAWweMA0GCSqGSIb3DQEBBQUAMIGNMQswCQYDVQQGEwJB
+VDFIMEYGA1UECgw/QS1UcnVzdCBHZXMuIGYuIFNpY2hlcmhlaXRzc3lzdGVtZSBp
+bSBlbGVrdHIuIERhdGVudmVya2VociBHbWJIMRkwFwYDVQQLDBBBLVRydXN0LW5R
+dWFsLTAzMRkwFwYDVQQDDBBBLVRydXN0LW5RdWFsLTAzMB4XDTA1MDgxNzIyMDAw
+MFoXDTE1MDgxNzIyMDAwMFowgY0xCzAJBgNVBAYTAkFUMUgwRgYDVQQKDD9BLVRy
+dXN0IEdlcy4gZi4gU2ljaGVyaGVpdHNzeXN0ZW1lIGltIGVsZWt0ci4gRGF0ZW52
+ZXJrZWhyIEdtYkgxGTAXBgNVBAsMEEEtVHJ1c3QtblF1YWwtMDMxGTAXBgNVBAMM
+EEEtVHJ1c3QtblF1YWwtMDMwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIB
+AQCtPWFuA/OQO8BBC4SAzewqo51ru27CQoT3URThoKgtUaNR8t4j8DRE/5TrzAUj
+lUC5B3ilJfYKvUWG6Nm9wASOhURh73+nyfrBJcyFLGM/BWBzSQXgYHiVEEvc+RFZ
+znF/QJuKqiTfC0Li21a8StKlDJu3Qz7dg9MmEALP6iPESU7l0+m0iKsMrmKS1GWH
+2WrX9IWf5DMiJaXlyDO6w8dB3F/GaswADm0yqLaHNgBid5seHzTLkDx4iHQF63n1
+k3Flyp3HaxgtPVxO59X4PzF9j4fsCiIvI+n+u33J4PTs63zEsMMtYrWacdaxaujs
+2e3Vcuy+VwHOBVWf3tFgiBCzAgMBAAGjNjA0MA8GA1UdEwEB/wQFMAMBAf8wEQYD
+VR0OBAoECERqlWdVeRFPMA4GA1UdDwEB/wQEAwIBBjANBgkqhkiG9w0BAQUFAAOC
+AQEAVdRU0VlIXLOThaq/Yy/kgM40ozRiPvbY7meIMQQDbwvUB/tOdQ/TLtPAF8fG
+KOwGDREkDg6lXb+MshOWcdzUzg4NCmgybLlBMRmrsQd7TZjTXLDR8KdCoLXEjq/+
+8T/0709GAHbrAvv5ndJAlseIOrifEXnzgGWovR/TeIGgUUw3tKZdJXDRZslo+S4R
+FGjxVJgIrCaSD96JntT6s3kr0qN51OyLrIdTaEJMUVF0HhsnLuP1Hyl0Te2v9+GS
+mYHovjrHF1D2t8b8m7CKa9aIA5GPBnc6hQLdmNVDeD/GMBWsm2vLV7eJUYs66MmE
+DNuxUCAKGkq6ahq97BvIxYSazQ==
+-----END CERTIFICATE-----
diff --git a/id/server/data/deploy/conf/moa-id-configuration/certs/truststore/IAIKTestRootCA.crt b/id/server/data/deploy/conf/moa-id-configuration/certs/truststore/IAIKTestRootCA.crt
new file mode 100644
index 000000000..765d61e8e
--- /dev/null
+++ b/id/server/data/deploy/conf/moa-id-configuration/certs/truststore/IAIKTestRootCA.crt
@@ -0,0 +1,21 @@
+-----BEGIN CERTIFICATE-----
+MIIDbDCCAlSgAwIBAgIBATANBgkqhkiG9w0BAQUFADBHMRowGAYDVQQDExFJQUlL
+IFRlc3QgUm9vdCBDQTENMAsGA1UEChMESUFJSzENMAsGA1UEBxMER3JhejELMAkG
+A1UEBhMCQVQwHhcNMDgwMTE0MTc1MzA3WhcNMTgwMTE0MTc1MzA3WjBHMRowGAYD
+VQQDExFJQUlLIFRlc3QgUm9vdCBDQTENMAsGA1UEChMESUFJSzENMAsGA1UEBxME
+R3JhejELMAkGA1UEBhMCQVQwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIB
+AQC6KO6ltDC+smJsFFYz8cjB3BwFg97ZSi/xplSPYRAc/UJfWmXMUksIQ/74mMtr
+XvZCykYckiZTU19pFPf+GzHesp8PgQPScfEHVpLbXAeMrg5zZLInz0dhwBRkeZUb
+4wFcn4kaQODoGqi9gxpCqDQEc/lZp2rULgxwZWu9WYTmXps+wl7EPAUkCF3vI6jp
+8ZvEZ3uUtZycee5biRbzSs25/vtUyumrPKBGNiK1nSIoHmWpXWUZvRP44Wxmen6k
+AT9UV3SVUt1mPDb2ofsVbUtUoUE6QgiMNfhr66cXL6fZpS8/+h6T9oZncsEXz7ii
+4ZiezsSS/8ZwYelsjMoZOyhnAgMBAAGjYzBhMA4GA1UdDwEB/wQEAwIBxjAPBgNV
+HRMBAf8EBTADAQH/MB0GA1UdDgQWBBSQlsST3+0l+oqAodh9XJCXAonZdDAfBgNV
+HSMEGDAWgBSQlsST3+0l+oqAodh9XJCXAonZdDANBgkqhkiG9w0BAQUFAAOCAQEA
+hjb8n4zLRS8KVANvTj5P0RfzFsXHsJFWoHv5lH5HETi5tkX/YD1AdDTLfV6GihmL
+Wn5hDT4owhw6moz8Q1H1X1N+3FZyzIrP96T1hoXbUTxcmc3Vt7wl+IsUA4fg5kfn
+WXn+93NFYQMd/iZOz/ByhEIiG022eRsSYkzm+Fl674k/eukPZCeCETlIMjpUGkEO
+ASws3KB98GyLG8SJ+7nssdol6rlL8agnz8iqTxGrqgYjkzb8uTKPMrxZ8tCUskSP
+uJHuDXdUJXACgOdZqTU6hdV+S/m2BeIj7+q8B7XWaivnsla5q/RWA1EoyAfWW54x
+iBGgBJ14RnNU0QKr0o9m8A==
+-----END CERTIFICATE-----
diff --git a/id/server/data/deploy/conf/moa-id-configuration/keys/moa_idp.p12 b/id/server/data/deploy/conf/moa-id-configuration/keys/application[password].p12
index 78cab1e89..78cab1e89 100644
--- a/id/server/data/deploy/conf/moa-id-configuration/keys/moa_idp.p12
+++ b/id/server/data/deploy/conf/moa-id-configuration/keys/application[password].p12
Binary files differ
diff --git a/id/server/data/deploy/conf/moa-id-configuration/keys/moa_idp.crt b/id/server/data/deploy/conf/moa-id-configuration/keys/moa_idp.crt
new file mode 100644
index 000000000..bd9640b37
--- /dev/null
+++ b/id/server/data/deploy/conf/moa-id-configuration/keys/moa_idp.crt
@@ -0,0 +1,24 @@
+-----BEGIN CERTIFICATE-----
+MIIECTCCAvGgAwIBAgIJAIHjIpba8E6mMA0GCSqGSIb3DQEBBQUAMGAxCzAJBgNV
+BAYTAkFUMRMwEQYDVQQIEwpTb21lLVN0YXRlMSEwHwYDVQQKExhJbnRlcm5ldCBX
+aWRnaXRzIFB0eSBMdGQxGTAXBgNVBAMTEE1ldGFkYXRhIFNpZ25pbmcwHhcNMTQw
+MjA0MTA0MTA4WhcNMjQwMjAyMTA0MTA4WjBgMQswCQYDVQQGEwJBVDETMBEGA1UE
+CBMKU29tZS1TdGF0ZTEhMB8GA1UEChMYSW50ZXJuZXQgV2lkZ2l0cyBQdHkgTHRk
+MRkwFwYDVQQDExBNZXRhZGF0YSBTaWduaW5nMIIBIjANBgkqhkiG9w0BAQEFAAOC
+AQ8AMIIBCgKCAQEAvfDn2hbBnvywRNc7wmToItDzXitkl9nfM9Q3ubEN9qAh4/PD
+ICrKdzFBq08a7NR5xNJhDCUhhZ/W20ZJvh+1dwQdgSzanA91iVKbL4YFYKbnM9/x
+tarTAMZMWH34qIkfwkKyTEDWeOqFG2653azO5e+0DFiBV7AytR3dmy1ZnJoqhGIY
+O4EzINikof1M7t5I8xBS3gAyQKyu0yhbj5AyUujpNIPX0JeE1C1DsrHaeuAHZXLh
+zHEWSG3NVXrn8HAXAAtqGJ+E9SRztqsigDjNjbqrrp/vmPUag9Rb2o8/flEZTPRS
+ttCQTHK8jst/I2qgLkePB5kSp65caXUf4xuFqQIDAQABo4HFMIHCMB0GA1UdDgQW
+BBQFbqjmW9JHVCWwocMdO0EodAfy/jCBkgYDVR0jBIGKMIGHgBQFbqjmW9JHVCWw
+ocMdO0EodAfy/qFkpGIwYDELMAkGA1UEBhMCQVQxEzARBgNVBAgTClNvbWUtU3Rh
+dGUxITAfBgNVBAoTGEludGVybmV0IFdpZGdpdHMgUHR5IEx0ZDEZMBcGA1UEAxMQ
+TWV0YWRhdGEgU2lnbmluZ4IJAIHjIpba8E6mMAwGA1UdEwQFMAMBAf8wDQYJKoZI
+hvcNAQEFBQADggEBAECK58eJgkd54gQAV9gGXRC2LV1tdBzn89Q57Ff/UwBQzN0M
++uytem8lwVCpUeAk6N01/krzmSbJojqpXId+O/iHhQ8lwDmJnXRrCZH7APiQ3yC0
+p4ufWtxhqixc+Itl96HzHDRXb7eZkXdVERGM26UGwyaBfxkIcLdpMoojlHBJlHaA
+oHDYiJHQBmqk5+YMOuEOnpsKY0115MZ38DoppNfeAFG8K4ZDI5vH9VWk8PDJu+jv
+tWbhXNsKiiCMdZrsnvGjxPpk/6zJpJpBcwCzhIvnaEobijKMO+6aH/6zfbB6JKn/
+Dz3Rw+0WbypFYbbpIzWRCkXSAQju/w3vHBGnCyI=
+-----END CERTIFICATE-----
diff --git a/id/server/data/deploy/conf/moa-id-configuration/keys/assertion.crt b/id/server/data/deploy/conf/moa-id-configuration/keys/request.crt
index aa4e23cb1..aa4e23cb1 100644
--- a/id/server/data/deploy/conf/moa-id-configuration/keys/assertion.crt
+++ b/id/server/data/deploy/conf/moa-id-configuration/keys/request.crt
diff --git a/id/server/data/deploy/conf/moa-id-configuration/moa-id-configtool.properties b/id/server/data/deploy/conf/moa-id-configuration/moa-id-configtool.properties
index 05b5fbdef..c7bc6600e 100644
--- a/id/server/data/deploy/conf/moa-id-configuration/moa-id-configtool.properties
+++ b/id/server/data/deploy/conf/moa-id-configuration/moa-id-configtool.properties
@@ -1,8 +1,16 @@
+********
+*
+*$PATH_TO_CONFIG$ muss durch den eigentlichen Pfad ersetzt werden!
+*
+******
+
#General config
general.login.deaktivate=false
general.publicURLContext=https://localhost:8443/moa-id-configuration
general.defaultlanguage=de
+general.ssl.certstore=certs/certstore
+general.ssl.truststore=certs/truststore
##Mail
general.mail.host=smtp.localhost...
@@ -39,7 +47,7 @@ general.login.pvp2.idp.metadata.entityID=https://localhost:8443/moa-id-auth
general.login.pvp2.idp.sso.logout.url=https://localhost:8443/moa-id-auth/LogOut?redirect=
general.login.pvp2.metadata.entities.name=MOA-ID 2.x Configuration Tool
-general.login.pvp2.keystore.url=$PATH_TO_CONFIG$/conf/moa-id-configuration/keys/application.p12
+general.login.pvp2.keystore.url=$PATH_TO_CONFIG$/conf/moa-id-configuration/keys/application[password].p12
general.login.pvp2.keystore.password=password
general.login.pvp2.keystore.type=PKCS12
diff --git a/id/server/data/deploy/conf/moa-id-oa/keys/moa_idp.p12 b/id/server/data/deploy/conf/moa-id-oa/keys/application[password].p12
index 78cab1e89..78cab1e89 100644
--- a/id/server/data/deploy/conf/moa-id-oa/keys/moa_idp.p12
+++ b/id/server/data/deploy/conf/moa-id-oa/keys/application[password].p12
Binary files differ
diff --git a/id/server/data/deploy/conf/moa-id-oa/keys/moa_idp.crt b/id/server/data/deploy/conf/moa-id-oa/keys/moa_idp.crt
new file mode 100644
index 000000000..bd9640b37
--- /dev/null
+++ b/id/server/data/deploy/conf/moa-id-oa/keys/moa_idp.crt
@@ -0,0 +1,24 @@
+-----BEGIN CERTIFICATE-----
+MIIECTCCAvGgAwIBAgIJAIHjIpba8E6mMA0GCSqGSIb3DQEBBQUAMGAxCzAJBgNV
+BAYTAkFUMRMwEQYDVQQIEwpTb21lLVN0YXRlMSEwHwYDVQQKExhJbnRlcm5ldCBX
+aWRnaXRzIFB0eSBMdGQxGTAXBgNVBAMTEE1ldGFkYXRhIFNpZ25pbmcwHhcNMTQw
+MjA0MTA0MTA4WhcNMjQwMjAyMTA0MTA4WjBgMQswCQYDVQQGEwJBVDETMBEGA1UE
+CBMKU29tZS1TdGF0ZTEhMB8GA1UEChMYSW50ZXJuZXQgV2lkZ2l0cyBQdHkgTHRk
+MRkwFwYDVQQDExBNZXRhZGF0YSBTaWduaW5nMIIBIjANBgkqhkiG9w0BAQEFAAOC
+AQ8AMIIBCgKCAQEAvfDn2hbBnvywRNc7wmToItDzXitkl9nfM9Q3ubEN9qAh4/PD
+ICrKdzFBq08a7NR5xNJhDCUhhZ/W20ZJvh+1dwQdgSzanA91iVKbL4YFYKbnM9/x
+tarTAMZMWH34qIkfwkKyTEDWeOqFG2653azO5e+0DFiBV7AytR3dmy1ZnJoqhGIY
+O4EzINikof1M7t5I8xBS3gAyQKyu0yhbj5AyUujpNIPX0JeE1C1DsrHaeuAHZXLh
+zHEWSG3NVXrn8HAXAAtqGJ+E9SRztqsigDjNjbqrrp/vmPUag9Rb2o8/flEZTPRS
+ttCQTHK8jst/I2qgLkePB5kSp65caXUf4xuFqQIDAQABo4HFMIHCMB0GA1UdDgQW
+BBQFbqjmW9JHVCWwocMdO0EodAfy/jCBkgYDVR0jBIGKMIGHgBQFbqjmW9JHVCWw
+ocMdO0EodAfy/qFkpGIwYDELMAkGA1UEBhMCQVQxEzARBgNVBAgTClNvbWUtU3Rh
+dGUxITAfBgNVBAoTGEludGVybmV0IFdpZGdpdHMgUHR5IEx0ZDEZMBcGA1UEAxMQ
+TWV0YWRhdGEgU2lnbmluZ4IJAIHjIpba8E6mMAwGA1UdEwQFMAMBAf8wDQYJKoZI
+hvcNAQEFBQADggEBAECK58eJgkd54gQAV9gGXRC2LV1tdBzn89Q57Ff/UwBQzN0M
++uytem8lwVCpUeAk6N01/krzmSbJojqpXId+O/iHhQ8lwDmJnXRrCZH7APiQ3yC0
+p4ufWtxhqixc+Itl96HzHDRXb7eZkXdVERGM26UGwyaBfxkIcLdpMoojlHBJlHaA
+oHDYiJHQBmqk5+YMOuEOnpsKY0115MZ38DoppNfeAFG8K4ZDI5vH9VWk8PDJu+jv
+tWbhXNsKiiCMdZrsnvGjxPpk/6zJpJpBcwCzhIvnaEobijKMO+6aH/6zfbB6JKn/
+Dz3Rw+0WbypFYbbpIzWRCkXSAQju/w3vHBGnCyI=
+-----END CERTIFICATE-----
diff --git a/id/server/data/deploy/conf/moa-id-oa/oa.properties b/id/server/data/deploy/conf/moa-id-oa/oa.properties
index 1a3684fcb..f247dcea6 100644
--- a/id/server/data/deploy/conf/moa-id-oa/oa.properties
+++ b/id/server/data/deploy/conf/moa-id-oa/oa.properties
@@ -1,11 +1,18 @@
+********
+*
+*$PATH_TO_CONFIG$ muss durch den eigentlichen Pfad ersetzt werden!
+*
+******
+
+general.publicURLContext=https://localhost:8443/moa-id-oa
+
general.login.pvp2.idp.metadata.url=https://localhost:8443/moa-id-auth/pvp2/metadata
general.login.pvp2.idp.metadata.certificate=$PATH_TO_CONFIG$/conf/moa-id-oa/keys/moa_idp.crt
general.login.pvp2.idp.metadata.entityID=https://localhost:8443/moa-id-auth
general.login.pvp2.OA.metadata.entities.name=MOA-ID 2.x Demo-Application
-general.login.pvp2.OA.metadata.entity.name=https://localhost:8443/oa
-general.login.pvp2.OA.keystore.url=$PATH_TO_CONFIG$/conf/moa-id-oa/keys/application.p12
+general.login.pvp2.OA.keystore.url=$PATH_TO_CONFIG$/conf/moa-id-oa/keys/application[password].p12
general.login.pvp2.OA.keystore.password=password
general.login.pvp2.OA.keystore.type=PKCS12
diff --git a/id/server/data/deploy/conf/moa-id/keys/moa_idp[password].p12 b/id/server/data/deploy/conf/moa-id/keys/moa_idp[password].p12
new file mode 100644
index 000000000..25f585be5
--- /dev/null
+++ b/id/server/data/deploy/conf/moa-id/keys/moa_idp[password].p12
Binary files differ
diff --git a/id/server/data/deploy/conf/moa-id/moa-id.properties b/id/server/data/deploy/conf/moa-id/moa-id.properties
index bf9cf84d0..e8a75c348 100644
--- a/id/server/data/deploy/conf/moa-id/moa-id.properties
+++ b/id/server/data/deploy/conf/moa-id/moa-id.properties
@@ -1,3 +1,10 @@
+********
+*
+*$PATH_TO_CONFIG$ muss durch den eigentlichen Pfad ersetzt werden!
+*
+******
+
+
##General MOA-ID 2.0 Configuration
#MOA-ID 2.0 XML configuration files (necessary, if inmemory database is used)
@@ -38,15 +45,17 @@ service.foreignidentities.clientKeyStorePassword=
##Protocol configuration##
#PVP2
-protocols.pvp2.idp.ks.file=file:$PATH_TO_CONFIG$/conf/moa-id/keys/moa_idp.p12
+protocols.pvp2.idp.ks.file=file:$PATH_TO_CONFIG$/conf/moa-id/keys/moa_idp[password].p12
protocols.pvp2.idp.ks.kspassword=password
protocols.pvp2.idp.ks.metadata.alias=pvp_metadata
protocols.pvp2.idp.ks.metadata.keypassword=password
protocols.pvp2.idp.ks.assertion.sign.alias=pvp_assertion
protocols.pvp2.idp.ks.assertion.sign.keypassword=password
+protocols.pvp2.idp.ks.assertion.encryption.alias=pvp_assertion
+protocols.pvp2.idp.ks.assertion.encryption.keypassword=password
#OpenID connect (OAuth)
-protocols.oauth20.jwt.ks.file=file:$PATH_TO_CONFIG$/conf/moa-id/keys/moa_idp.p12
+protocols.oauth20.jwt.ks.file=file:$PATH_TO_CONFIG$/conf/moa-id/keys/moa_idp[password].p12
protocols.oauth20.jwt.ks.password=password
protocols.oauth20.jwt.ks.key.name=oauth
protocols.oauth20.jwt.ks.key.password=password
diff --git a/id/server/doc/conf/Catalina/localhost/proxy.xml b/id/server/doc/conf/Catalina/localhost/proxy.xml
new file mode 100644
index 000000000..eef60b953
--- /dev/null
+++ b/id/server/doc/conf/Catalina/localhost/proxy.xml
@@ -0,0 +1,25 @@
+<!--
+
+ Context configuration file for the MOA-Proxy App
+
+ aus einer Tomcat 4.x.xx server.xml Datei:
+ <Context path="" docBase="../moa-id-proxy.war" debug="0"/>
+
+-->
+<Context path="" docBase="${catalina.base}/webappsProxy/moa-id-proxy.war" privileged="true"
+
+ antiResourceLocking="false" antiJARLocking="false">
+
+<!--
+<ResourceLink name="users" global="UserDatabase"
+ type="org.apache.catalina.UserDatabase"/>
+-->
+
+ <!-- Uncomment this Valve to limit access to the Admin app to localhost
+ for obvious security reasons. Allow may be a comma-separated list of
+ hosts (or even regular expressions).
+ <Valve className="org.apache.catalina.valves.RemoteAddrValve"
+ allow="127.0.0.1"/>
+ -->
+
+</Context>
diff --git a/id/server/doc/conf/moa-id-configuration/htmlTemplates/loginFormFull.html b/id/server/doc/conf/moa-id-configuration/htmlTemplates/loginFormFull.html
new file mode 100644
index 000000000..ef070b8eb
--- /dev/null
+++ b/id/server/doc/conf/moa-id-configuration/htmlTemplates/loginFormFull.html
@@ -0,0 +1,846 @@
+<!DOCTYPE html>
+<html>
+<head>
+<meta content="text/html; charset=utf-8" http-equiv="Content-Type">
+
+ <!-- MOA-ID 2.x BKUSelection Layout CSS -->
+ <style type="text/css">
+ @media screen and (min-width: 650px) {
+
+ body {
+ margin:0;
+ padding:0;
+ color : #000;
+ background-color : #fff;
+ text-align: center;
+ background-color: #6B7B8B;
+ }
+
+ #localBKU p {
+ font-size: 0.7em;
+ }
+
+ #localBKU input{
+ font-size: 0.7em;
+ /*border-radius: 5px;*/
+ }
+
+ #bkuselectionarea input[type=button] {
+ font-size: 0.85em;
+ /*border-radius: 7px;*/
+ margin-bottom: 25px;
+ min-width: 80px;
+ }
+
+ #mandateLogin {
+ font-size: 0.85em;
+ }
+
+ #bku_header h2 {
+ font-size: 0.8em;
+ }
+
+
+ #page {
+ display: block;
+ border: 2px solid rgb(0,0,0);
+ width: 650px;
+ height: 460px;
+ margin: 0 auto;
+ margin-top: 5%;
+ position: relative;
+ border-radius: 25px;
+ background: rgb(255,255,255);
+ }
+
+ #page1 {
+ text-align: center;
+ }
+
+ #main {
+ /* clear:both; */
+ position:relative;
+ margin: 0 auto;
+ width: 250px;
+ text-align: center;
+ }
+
+ .OA_header {
+ /* background-color: white;*/
+ font-size: 20pt;
+ margin-bottom: 25px;
+ margin-top: 25px;
+ }
+
+ #leftcontent {
+ /*float:left; */
+ width:250px;
+ margin-bottom: 25px;
+ text-align: left;
+ border: 1px solid rgb(0,0,0);
+ }
+
+ #selectArea {
+ font-size: 15px;
+ padding-bottom: 65px;
+ }
+
+ #leftcontent {
+ width: 300px;
+ margin-top: 30px;
+ }
+
+ #bku_header {
+ height: 5%;
+ padding-bottom: 3px;
+ padding-top: 3px;
+ }
+
+ #bkulogin {
+ overflow:hidden;
+ min-width: 190px;
+ min-height: 180px;
+ /*height: 260px;*/
+ }
+
+ h2#tabheader{
+ font-size: 1.1em;
+ padding-left: 2%;
+ padding-right: 2%;
+ position: relative;
+ }
+
+ #stork h2 {
+ font-size: 1.0em;
+ margin-bottom: 2%;
+ }
+
+ .setAssertionButton_full {
+ background: #efefef;
+ cursor: pointer;
+ margin-top: 15px;
+ width: 100px;
+ height: 30px
+ }
+
+ #leftbutton {
+ width: 30%;
+ float:left;
+ margin-left: 40px;
+ }
+
+ #rightbutton {
+ width: 30%;
+ float:right;
+ margin-right: 45px;
+ text-align: right;
+ }
+
+ button {
+ height: 25px;
+ width: 75px;
+ margin-bottom: 10px;
+ }
+
+ #validation {
+ position: absolute;
+ bottom: 0px;
+ margin-left: 270px;
+ padding-bottom: 10px;
+ }
+
+ }
+
+ @media screen and (max-width: 205px) {
+ #localBKU p {
+ font-size: 0.6em;
+ }
+
+ #localBKU input {
+ font-size: 0.6em;
+ min-width: 60px;
+ /* max-width: 65px; */
+ min-height: 1.0em;
+ /* border-radius: 5px; */
+ }
+
+ #bkuselectionarea input[type=button] {
+ font-size: 0.7em;
+ min-width: 55px;
+ /*min-height: 1.1em;
+ border-radius: 5px;*/
+ margin-bottom: 2%
+ }
+
+ #mandateLogin {
+ font-size: 0.65em;
+ }
+
+ #bku_header h2 {
+ font-size: 0.8em;
+ margin-top: -0.4em;
+ padding-top: 0.4em;
+ }
+
+ #bkulogin {
+ min-height: 150px;
+ }
+ }
+
+ @media screen and (max-width: 249px) and (min-width: 206px) {
+ #localBKU p {
+ font-size: 0.7em;
+ }
+
+ #localBKU input {
+ font-size: 0.7em;
+ min-width: 70px;
+ /* max-width: 75px; */
+ min-height: 0.95em;
+ /* border-radius: 6px; */
+ }
+
+ #bkuselectionarea input[type=button] {
+ font-size: 0.75em;
+ min-width: 60px;
+ /* min-height: 0.95em;
+ border-radius: 6px; */
+ margin-bottom: 5%
+ }
+
+ #mandateLogin {
+ font-size: 0.75em;
+ }
+
+ #bku_header h2 {
+ font-size: 0.9em;
+ margin-top: -0.45em;
+ padding-top: 0.45em;
+ }
+
+ #bkulogin {
+ min-height: 180px;
+ }
+ }
+
+ @media screen and (max-width: 299px) and (min-width: 250px) {
+ #localBKU p {
+ font-size: 0.9em;
+ }
+
+ #localBKU input {
+ font-size: 0.8em;
+ min-width: 70px;
+ /* max-width: 75px; */
+ /* border-radius: 6px; */
+ }
+
+ #bkuselectionarea input[type=button] {
+ font-size: 0.85em;
+ /* min-height: 1.05em;
+ border-radius: 7px; */
+ margin-bottom: 10%;
+ }
+
+ #mandateLogin {
+ font-size: 1em;
+ }
+
+ #bku_header h2 {
+ font-size: 1.0em;
+ margin-top: -0.50em;
+ padding-top: 0.50em;
+ }
+ }
+
+ @media screen and (max-width: 399px) and (min-width: 300px) {
+ #localBKU p {
+ font-size: 0.9em;
+ }
+
+ #localBKU input {
+ font-size: 0.8em;
+ min-width: 70px;
+ /* max-width: 75px; */
+ /* border-radius: 6px; */
+ }
+
+ #bkuselectionarea input[type=button] {
+ font-size: 0.9em;
+ /* min-height: 1.2em;
+ border-radius: 8px; */
+ margin-bottom: 10%;
+ max-width: 80px;
+ }
+
+ #mandateLogin {
+ font-size: 1em;
+ }
+
+ #bku_header h2 {
+ font-size: 1.1em;
+ margin-top: -0.55em;
+ padding-top: 0.55em;
+ }
+ }
+
+ @media screen and (max-width: 649px) and (min-width: 400px) {
+ #localBKU p {
+ font-size: 0.9em;
+ }
+
+ #localBKU input {
+ font-size: 0.8em;
+ min-width: 70px;
+ /* max-width: 80px; */
+ /* border-radius: 6px; */
+ }
+
+ #bkuselectionarea input[type=button] {
+ font-size: 1.0em;
+ /* min-height: 1.3em;
+ border-radius: 10px; */
+ margin-bottom: 10%;
+ max-width: 85px;
+ }
+
+ #mandateLogin {
+ font-size: 1.2em;
+ }
+
+ #bku_header h2 {
+ font-size: 1.3em;
+ margin-top: -0.65em;
+ padding-top: 0.65em;
+ }
+ }
+
+
+
+ @media screen and (max-width: 649px) {
+
+ body {
+ margin:0;
+ padding:0;
+ color : #000;
+ text-align: center;
+ font-size: 100%;
+ background-color: #MAIN_BACKGOUNDCOLOR#;
+ }
+
+ #page {
+ visibility: hidden;
+ margin-top: 0%;
+ }
+
+ #page1 {
+ visibility: hidden;
+ }
+
+ #main {
+ visibility: hidden;
+ }
+
+ #validation {
+ visibility: hidden;
+ display: none;
+ }
+
+ .OA_header {
+ margin-bottom: 0px;
+ margin-top: 0px;
+ font-size: 0pt;
+ visibility: hidden;
+ }
+
+ #leftcontent {
+ visibility: visible;
+ margin-bottom: 0px;
+ text-align: left;
+ border:none;
+ vertical-align: middle;
+ min-height: 173px;
+ min-width: 204px;
+
+ }
+
+ #bku_header {
+ height: 10%;
+ min-height: 1.2em;
+ margin-top: 1%;
+ }
+
+ h2#tabheader{
+ padding-left: 2%;
+ padding-right: 2%;
+ position: relative;
+ top: 50%;
+ }
+
+ #stork h2 {
+ font-size: 0.9em;
+ margin-bottom: 2%;
+ }
+
+ #bkulogin {
+ min-width: 190px;
+ min-height: 155px;
+ }
+
+ .setAssertionButton_full {
+ background: #efefef;
+ cursor: pointer;
+ margin-top: 15px;
+ width: 70px;
+ height: 25px;
+ }
+
+ input[type=button] {
+/* height: 11%; */
+ width: 70%;
+ }
+ }
+
+ * {
+ margin: 0;
+ padding: 0;
+ font-family: #FONTTYPE#;
+ }
+
+ #selectArea {
+ padding-top: 10px;
+ padding-bottom: 55px;
+ padding-left: 10px;
+ }
+
+ .setAssertionButton {
+ background: #efefef;
+ cursor: pointer;
+ margin-top: 15px;
+ width: 70px;
+ height: 25px;
+ }
+
+ #leftbutton {
+ width: 35%;
+ float:left;
+ margin-left: 15px;
+ }
+
+ #rightbutton {
+ width: 35%;
+ float:right;
+ margin-right: 25px;
+ text-align: right;
+ }
+
+ #stork {
+ /*margin-bottom: 10px;*/
+ /* margin-top: 5px; */
+ }
+
+ #mandateLogin {
+ padding-bottom: 4%;
+ padding-top: 4%;
+ height: 10%;
+ position: relative;
+ text-align: center;
+ }
+
+ .verticalcenter {
+ vertical-align: middle;
+ }
+
+ #mandateLogin div {
+ clear: both;
+ margin-top: -1%;
+ position: relative;
+ top: 50%;
+ }
+
+ #bkuselectionarea {
+ position: relative;
+ display: block;
+ }
+
+ #localBKU {
+ padding-left: 5%;
+ padding-right: 2%;
+ padding-bottom: 4%;
+ /*padding-top: 4%;*/
+ position: relative;
+ clear: both;
+ }
+
+ #bkukarte {
+ float:left;
+ text-align:center;
+ width:40%;
+ min-height: 70px;
+ padding-left: 5%;
+ padding-top: 2%;
+ }
+
+ #bkuhandy {
+ float:right;
+ text-align:center;
+ width:40%;
+ min-height: 90px;
+ padding-right: 5%;
+ padding-top: 2%;
+ }
+
+ .bkuimage {
+ width: 90%;
+ height: auto;
+ }
+
+ #mandate{
+ text-align:center;
+ padding : 5px 5px 5px 5px;
+ }
+
+/* input[type=button], .sendButton {
+ background: #BUTTON_BACKGROUNDCOLOR#;
+ color: #BUTTON_COLOR#;
+/* border:1px solid #000; */
+/* cursor: pointer;
+/* box-shadow: 3px 3px 3px #222222; */
+/* }
+
+/* button:hover, button:focus, button:active,
+ .sendButton:hover , .sendButton:focus, .sendButton:active,
+ #mandateCheckBox:hover, #mandateCheckBox:focus, #mandateCheckBox:active {
+ background: #BUTTON_BACKGROUNDCOLOR_FOCUS#;
+ color: #BUTTON_COLOR#;
+/* border:1px solid #000; */
+/* cursor: pointer;
+/* box-shadow: -1px -1px 3px #222222; */
+/* }
+
+*/
+ input {
+ /*border:1px solid #000;*/
+ cursor: pointer;
+ }
+
+ #localBKU input {
+/* color: #BUTTON_COLOR#; */
+ border: 0px;
+ display: inline-block;
+
+ }
+
+ #localBKU input:hover, #localBKU input:focus, #localBKU input:active {
+ text-decoration: underline;
+ }
+
+ #installJava, #BrowserNOK {
+ clear:both;
+ font-size:0.8em;
+ padding:4px;
+ }
+
+ .selectText{
+
+ }
+
+ .selectTextHeader{
+
+ }
+
+ .sendButton {
+ width: 30%;
+ margin-bottom: 1%;
+ }
+
+ #leftcontent a {
+ text-decoration:none;
+ color: #000;
+ /* display:block;*/
+ padding:4px;
+ }
+
+ #leftcontent a:hover, #leftcontent a:focus, #leftcontent a:active {
+ text-decoration:underline;
+ color: #000;
+ }
+
+ .infobutton {
+ background-color: #005a00;
+ color: white;
+ font-family: serif;
+ text-decoration: none;
+ padding-top: 2px;
+ padding-right: 4px;
+ padding-bottom: 2px;
+ padding-left: 4px;
+ font-weight: bold;
+ }
+
+ .hell {
+ background-color : #MAIN_BACKGOUNDCOLOR#;
+ color: #MAIN_COLOR#;
+ }
+
+ .dunkel {
+ background-color: #HEADER_BACKGROUNDCOLOR#;
+ color: #HEADER_COLOR#;
+ }
+
+ .main_header {
+ color: black;
+ font-size: 32pt;
+ position: absolute;
+ right: 10%;
+ top: 40px;
+
+ }
+
+ </style>
+<!-- MOA-ID 2.x BKUSelection JavaScript fucnctions-->
+<script type="text/javascript">
+ function isIE() {
+ return (/MSIE (\d+\.\d+);/.test(navigator.userAgent));
+ }
+ function isFullscreen() {
+ try {
+ return ((top.innerWidth == screen.width) && (top.innerHeight == screen.height));
+ } catch (e) {
+ return false;
+ }
+ }
+ function isActivexEnabled() {
+ var supported = null;
+ try {
+ supported = !!new ActiveXObject("htmlfile");
+ } catch (e) {
+ supported = false;
+ }
+ return supported;
+ }
+ function isMetro() {
+ if (!isIE())
+ return false;
+ return !isActivexEnabled() && isFullscreen();
+ }
+ window.onload=function() {
+ document.getElementById("localBKU").style.display="block";
+ return;
+ }
+ function bkuLocalClicked() {
+ setMandateSelection();
+ }
+
+ function bkuOnlineClicked() {
+ if (isMetro())
+ document.getElementById("metroDetected").style.display="block";
+ document.getElementById("localBKU").style.display="block";
+/* if (checkMandateSSO())
+ return; */
+
+ setMandateSelection();
+/* setSSOSelection(); */
+
+ var iFrameURL = "#AUTH_URL#" + "?";
+ iFrameURL += "bkuURI=" + "#ONLINE#";
+ iFrameURL += "&useMandate=" + document.getElementById("useMandate").value;
+/* iFrameURL += "&SSO=" + document.getElementById("useSSO").value; */
+ iFrameURL += "&MODUL=" + "#MODUL#";
+ iFrameURL += "&ACTION=" + "#ACTION#";
+ iFrameURL += "&MOASessionID=" + "#SESSIONID#";
+ generateIFrame(iFrameURL);
+ }
+ function bkuHandyClicked() {
+ document.getElementById("localBKU").style.display="none";
+/* if (checkMandateSSO())
+ return; */
+
+ setMandateSelection();
+/* setSSOSelection(); */
+
+ var iFrameURL = "#AUTH_URL#" + "?";
+ iFrameURL += "bkuURI=" + "#HANDY#";
+ iFrameURL += "&useMandate=" + document.getElementById("useMandate").value;
+/* iFrameURL += "&SSO=" + document.getElementById("useSSO").value; */
+ iFrameURL += "&MODUL=" + "#MODUL#";
+ iFrameURL += "&ACTION=" + "#ACTION#";
+ iFrameURL += "&MOASessionID=" + "#SESSIONID#";
+ generateIFrame(iFrameURL);
+ }
+ function storkClicked() {
+ document.getElementById("localBKU").style.display="none";
+/* if (checkMandateSSO())
+ return; */
+
+ setMandateSelection();
+/* setSSOSelection(); */
+
+ var ccc = "AT";
+ var countrySelection = document.getElementById("cccSelection");
+ if (countrySelection != null) {
+ ccc = document.getElementById("cccSelection").value;
+ }
+ var iFrameURL = "#AUTH_URL#" + "?";
+ iFrameURL += "bkuURI=" + "#ONLINE#";
+ iFrameURL += "&useMandate=" + document.getElementById("useMandate").value;
+ iFrameURL += "&CCC=" + ccc;
+/* iFrameURL += "&SSO=" + document.getElementById("useSSO").value; */
+ iFrameURL += "&MODUL=" + "#MODUL#";
+ iFrameURL += "&ACTION=" + "#ACTION#";
+ iFrameURL += "&MOASessionID=" + "#SESSIONID#";
+ generateIFrame(iFrameURL);
+ }
+ function generateIFrame(iFrameURL) {
+ var el = document.getElementById("bkulogin");
+ var width = el.clientWidth;
+ var heigth = el.clientHeight - 20;
+ var parent = el.parentNode;
+
+ iFrameURL += "&heigth=" + heigth;
+ iFrameURL += "&width=" + width;
+
+ var iframe = document.createElement("iframe");
+ iframe.setAttribute("src", iFrameURL);
+ iframe.setAttribute("width", el.clientWidth - 1);
+ iframe.setAttribute("height", el.clientHeight - 1);
+ iframe.setAttribute("frameborder", "0");
+ iframe.setAttribute("scrolling", "no");
+ iframe.setAttribute("title", "Login");
+ parent.replaceChild(iframe, el);
+ }
+ function setMandateSelection() {
+ document.getElementById("moaidform").action = "#AUTH_URL#";
+ document.getElementById("useMandate").value = "false";
+ var checkbox = document.getElementById("mandateCheckBox");
+ if (checkbox != null) {
+ if (document.getElementById("mandateCheckBox").checked) {
+ document.getElementById("useMandate").value = "true";
+ }
+ }
+ }
+ function onChangeChecks() {
+ if (top.innerWidth < 650) {
+ document.getElementById("moaidform").setAttribute("target","_parent");
+ } else {
+ document.getElementById("moaidform").removeAttribute("target");
+ }
+
+ }
+/* function setSSOSelection() {
+ document.getElementById("useSSO").value = "false";
+ var checkbox = document.getElementById("SSOCheckBox");
+ if (checkbox != null) {
+ if (document.getElementById("SSOCheckBox").checked) {
+ document.getElementById("useSSO").value = "true";
+ }
+ }
+ } */
+
+/* function checkMandateSSO() {
+ var sso = document.getElementById("SSOCheckBox");
+ var mandate = document.getElementById("mandateCheckBox");
+
+
+ if (sso.checked && mandate.checked) {
+ alert("Anmeldung in Vertretung in kombination mit Single Sign-On wird aktuell noch nicht unterstützt!")
+ mandate.checked = false;
+ sso.checked = false;
+ return true;
+ } else {
+ return false;
+ }
+ } */
+ </script>
+<title>Anmeldung mittels Bürgerkarte oder Handy-Signatur</title>
+</head>
+<body onload="onChangeChecks();" onresize="onChangeChecks();">
+ <div id="page">
+ <div id="page1" class="case selected-case" role="main">
+ <h2 class="OA_header" role="heading">Anmeldung an: #OAName#</h2>
+ <div id="main">
+ <div id="leftcontent" class="hell" role="application">
+ <div id="bku_header" class="dunkel">
+ <h2 id="tabheader" class="dunkel" role="heading">#HEADER_TEXT#</h2>
+ </div>
+ <div id="bkulogin" class="hell" role="form">
+ <div id="mandateLogin" style="">
+ <div>
+ <input tabindex="1" type="checkbox" name="Mandate"
+ id="mandateCheckBox" class="verticalcenter" role="checkbox"
+ onClick='document.getElementById("mandateCheckBox").setAttribute("aria-checked", document.getElementById("mandateCheckBox").checked);'#MANDATECHECKED#>
+ <label for="mandateCheckBox" class="verticalcenter">in
+ Vertretung anmelden</label>
+ <!--a href="info_mandates.html"
+ target="_blank"
+ class="infobutton verticalcenter"
+ tabindex="5">i</a-->
+ </div>
+ </div>
+ <div id="bkuselectionarea">
+ <div id="bkukarte">
+ <img class="bkuimage" src="#CONTEXTPATH#/img/online-bku.png"
+ alt="OnlineBKU" /> <input name="bkuButtonOnline" type="button"
+ onClick="bkuOnlineClicked();" tabindex="2" role="button"
+ value="Karte" />
+ </div>
+ <div id="bkuhandy">
+ <img class="bkuimage" src="#CONTEXTPATH#/img/mobile-bku.png"
+ alt="HandyBKU" /> <input name="bkuButtonHandy" type="button"
+ onClick="bkuHandyClicked();" tabindex="3" role="button"
+ value="HANDY" />
+ </div>
+ </div>
+ <div id="localBKU">
+ <form method="get" id="moaidform" action="#AUTH_URL#"
+ class="verticalcenter" target="_parent">
+ <input type="hidden" name="bkuURI" value="#LOCAL#"> <input
+ type="hidden" name="useMandate" id="useMandate"> <input
+ type="hidden" name="SSO" id="useSSO"> <input
+ type="hidden" name="CCC" id="ccc"> <input type="hidden"
+ name="MODUL" value="#MODUL#"> <input type="hidden"
+ name="ACTION" value="#ACTION#"> <input type="hidden"
+ name="MOASessionID" value="#SESSIONID#">
+ <input type="submit" value=">lokale Bürgerkartenumgebung" tabindex="4"
+ role="button" class="hell"
+ onclick="setMandateSelection();"
+ >
+ <!--p>
+ <small>Alternativ können Sie eine lokal installierte BKU verwenden.</small>
+ </p-->
+ </form>
+ </div>
+
+ <div id="stork" align="center" style="#STORKVISIBLE#">
+ <h2 id="tabheader" class="dunkel">Home Country Selection</h2>
+ <p>
+ <select name="cccSelection" id="cccSelection" size="1" style="width: 120px; margin-right: 5px;" >
+ #PEPSLIST#
+ </select>
+ <button name="bkuButton" type="button" onClick="storkClicked();">Proceed</button>
+ <a href="info_stork.html" target="_blank" class="infobutton" style="color:#FFF">i</a>
+ </p>
+ </div>
+
+ <div id="metroDetected" style="display: none">
+ <p>Anscheinend verwenden Sie Internet Explorer im
+ Metro-Modus. Wählen Sie bitte "Auf dem Desktop anzeigen" aus den
+ Optionen um die Karten-Anmeldung starten zu können.</p>
+ </div>
+ </div>
+ </div>
+ </div>
+ </div>
+ <div id="validation">
+ <a href="http://validator.w3.org/check?uri="> <img
+ style="border: 0; width: 88px; height: 31px"
+ src="#CONTEXTPATH#/img/valid-html5-blue.png" alt="HTML5 ist valide!" />
+ </a> <a href="http://jigsaw.w3.org/css-validator/"> <img
+ style="border: 0; width: 88px; height: 31px"
+ src="http://jigsaw.w3.org/css-validator/images/vcss-blue"
+ alt="CSS ist valide!" />
+ </a>
+ </div>
+ </div>
+</body>
+</html>
diff --git a/id/server/doc/conf/moa-id-configuration/htmlTemplates/sendAssertionFormFull.html b/id/server/doc/conf/moa-id-configuration/htmlTemplates/sendAssertionFormFull.html
new file mode 100644
index 000000000..b80d654cc
--- /dev/null
+++ b/id/server/doc/conf/moa-id-configuration/htmlTemplates/sendAssertionFormFull.html
@@ -0,0 +1,617 @@
+<!DOCTYPE html>
+<html>
+<head>
+ <meta content="text/html; charset=utf-8" http-equiv="Content-Type">
+ <!-- MOA-ID 2.x BKUSelection Layout CSS -->
+ <style type="text/css">
+ @media screen and (min-width: 650px) {
+
+ body {
+ margin:0;
+ padding:0;
+ color : #000;
+ background-color : #fff;
+ text-align: center;
+ background-color: #6B7B8B;
+ }
+
+ #localBKU p {
+ font-size: 0.7em;
+ }
+
+ #localBKU input{
+ font-size: 0.7em;
+ border-radius: 5px;
+ }
+
+ #bkuselectionarea button {
+ font-size: 0.85em;
+ border-radius: 7px;
+ margin-bottom: 25px;
+ }
+
+ #mandateLogin {
+ font-size: 0.85em;
+ }
+
+ #bku_header h2 {
+ font-size: 0.8em;
+ }
+
+
+ #page {
+ display: block;
+ border: 2px solid rgb(0,0,0);
+ width: 650px;
+ height: 440px;
+ margin: 0 auto;
+ margin-top: 5%;
+ position: relative;
+ border-radius: 25px;
+ background: rgb(255,255,255);
+ }
+
+ #page1 {
+ text-align: center;
+ }
+
+ #main {
+ /* clear:both; */
+ position:relative;
+ margin: 0 auto;
+ width: 250px;
+ text-align: center;
+ }
+
+ .OA_header {
+ /* background-color: white;*/
+ font-size: 20pt;
+ margin-bottom: 25px;
+ margin-top: 25px;
+ }
+
+ #leftcontent {
+ width: 300px;
+ margin-top: 30px;
+ padding-bottom: 15px;
+ margin-bottom: 25px;
+ text-align: left;
+ border: 1px solid rgb(0,0,0);
+ }
+
+ #selectArea {
+ font-size: 15px;
+ padding-bottom: 65px;
+ }
+
+ #selectArea h3 {
+ margin-bottom: 25px;
+ }
+
+ #bku_header {
+ height: 5%;
+ padding-bottom: 3px;
+ padding-top: 3px;
+ }
+
+ #bkulogin {
+ overflow:hidden;
+ min-width: 190px;
+ min-height: 180px;
+ /*height: 260px;*/
+ }
+
+ h2#tabheader{
+ font-size: 1.1em;
+ padding-left: 2%;
+ padding-right: 2%;
+ position: relative;
+ }
+
+ .setAssertionButton_full {
+ margin-top: 15px;
+ width: 100px;
+ height: 30px;
+ font-size: 1.3em;
+ min-height: 1.3em;
+/* border-radius: 10px;*/
+ }
+
+ #leftbutton {
+ width: 30%;
+ float:left;
+ margin-left: 40px;
+ }
+
+ #rightbutton {
+ width: 30%;
+ float:right;
+ margin-right: 45px;
+ text-align: right;
+ }
+
+ button {
+ height: 25px;
+ width: 90px;
+ margin-bottom: 10px;
+ }
+
+ #validation {
+ position: absolute;
+ bottom: 0px;
+ margin-left: 270px;
+ padding-bottom: 10px;
+ }
+
+ }
+
+ @media screen and (max-width: 205px) {
+ #localBKU p {
+ font-size: 0.6em;
+ }
+
+ #localBKU input {
+ font-size: 0.7em;
+ min-width: 70px;
+ min-height: 1.2em;
+ border-radius: 5px;
+ }
+
+ #bkuselectionarea button, .setAssertionButton_full {
+ font-size: 0.8em;
+ min-width: 65px;
+ min-height: 1.3em;
+ /* border-radius: 5px; */
+ margin-bottom: 2%
+ }
+
+ #mandateLogin {
+ font-size: 0.65em;
+ }
+
+ #bku_header h2, #selectArea h3 {
+ font-size: 0.8em;
+ margin-top: -0.4em;
+ }
+ }
+
+ @media screen and (max-width: 249px) and (min-width: 206px) {
+ #localBKU p {
+ font-size: 0.7em;
+ }
+
+ #localBKU input {
+ font-size: 0.85em;
+ min-width: 80px;
+ min-height: 0.95em;
+ border-radius: 6px;
+ }
+
+ #bkuselectionarea button, .setAssertionButton_full {
+ font-size: 0.85em;
+ min-width: 70px;
+ min-height: 0.95em;
+ /* border-radius: 6px; */
+ margin-bottom: 2%
+ }
+
+ #mandateLogin {
+ font-size: 0.75em;
+ }
+
+ #bku_header h2, #selectArea h3 {
+ font-size: 0.9em;
+ margin-top: -0.45em;
+ }
+ }
+
+ @media screen and (max-width: 299px) and (min-width: 250px) {
+ #localBKU p {
+ font-size: 0.9em;
+ }
+
+ #localBKU input {
+ font-size: 0.9em;
+ min-width: 100px;
+ border-radius: 6px;
+ }
+
+ #bkuselectionarea button, .setAssertionButton_full {
+ font-size: 1.0em;
+ min-height: 1.05em;
+ /* border-radius: 7px; */
+ margin-bottom: 5%;
+ }
+
+ #mandateLogin {
+ font-size: 1em;
+ }
+
+ #bku_header h2, #selectArea h3 {
+ font-size: 1.0em;
+ margin-top: -0.50em;
+ }
+ }
+
+ @media screen and (max-width: 399px) and (min-width: 300px) {
+ #localBKU p {
+ font-size: 0.9em;
+ }
+
+ #localBKU input {
+ font-size: 0.9em;
+ min-width: 100px;
+ border-radius: 6px;
+ }
+
+ #bkuselectionarea button, .setAssertionButton_full {
+ font-size: 1.1em;
+ min-height: 1.2em;
+ /* border-radius: 8px; */
+ margin-bottom: 5%;
+ }
+
+ #mandateLogin {
+ font-size: 1em;
+ }
+
+ #bku_header h2, #selectArea h3 {
+ font-size: 1.1em;
+ margin-top: -0.55em;
+ }
+ }
+
+ @media screen and (max-width: 649px) and (min-width: 400px) {
+ #localBKU p {
+ font-size: 0.9em;
+ }
+
+ #localBKU input {
+ font-size: 0.9em;
+ min-width: 100px;
+ border-radius: 6px;
+ }
+
+ #bkuselectionarea button, .setAssertionButton_full {
+ font-size: 1.3em;
+ min-height: 1.3em;
+/* border-radius: 10px; */
+ margin-bottom: 5%;
+ }
+
+ #mandateLogin {
+ font-size: 1.2em;
+ }
+
+ #bku_header h2, #selectArea h3 {
+ font-size: 1.3em;
+ margin-top: -0.65em;
+ }
+ }
+
+
+
+ @media screen and (max-width: 649px) {
+
+ body {
+ margin:0;
+ padding:0;
+ color : #000;
+ text-align: center;
+ font-size: 100%;
+ background-color: #MAIN_BACKGOUNDCOLOR#;
+ }
+
+ #page {
+ visibility: hidden;
+ margin-top: 0%;
+ }
+
+ #page1 {
+ visibility: hidden;
+ }
+
+ #main {
+ visibility: hidden;
+ }
+
+ #validation {
+ visibility: hidden;
+ display: none;
+ }
+
+ .OA_header {
+ margin-bottom: 0px;
+ margin-top: 0px;
+ font-size: 0pt;
+ visibility: hidden;
+ }
+
+ #leftcontent {
+ visibility: visible;
+ margin-bottom: 0px;
+ text-align: left;
+ border:none;
+ min-width: 190px;
+/* min-height: 190px; */
+ vertical-align: middle;
+
+ }
+
+ #bku_header {
+ height: 10%;
+ min-height: 1.2em;
+ margin-top: 1%;
+ }
+
+ h2#tabheader{
+ padding-left: 2%;
+ padding-right: 2%;
+ padding-top: 1%;
+ position: relative;
+ top: 50%;
+ }
+
+ #bkulogin {
+ min-width: 190px;
+ min-height: 150px;
+ }
+
+ .setAssertionButton_full {
+ margin-top: 15px;
+ width: 70%;
+ height: 11%;
+ min-width: 60px;
+ min-height: 25px;
+ }
+
+ #selectArea h3 {
+ margin-top: 2%;
+ }
+
+ button {
+ height: 11%;
+ width: 70%;
+ }
+ }
+
+ * {
+ margin: 0;
+ padding: 0;
+/* border: 0; */
+ font-family: #FONTTYPE#;
+ }
+
+ #selectArea {
+ padding-top: 10px;
+ padding-bottom: 55px;
+ padding-left: 10px;
+ }
+
+ .setAssertionButton {
+ background: #efefef;
+ cursor: pointer;
+ margin-top: 15px;
+ width: 70px;
+ height: 25px;
+ }
+
+ #leftbutton {
+ width: 35%;
+ float:left;
+ margin-left: 15px;
+ }
+
+ #rightbutton {
+ width: 35%;
+ float:right;
+ margin-right: 25px;
+ text-align: right;
+ }
+
+ #stork {
+ margin-bottom: 10px;
+ margin-top: 5px;
+ }
+
+ #mandateLogin {
+ padding-bottom: 2%;
+ padding-top: 2%;
+ height: 10%;
+ position: relative;
+ text-align: center;
+ }
+
+ .verticalcenter {
+ vertical-align: middle;
+ }
+
+ #mandateLogin > div {
+ clear: both;
+ margin-top: -1%;
+ position: relative;
+ top: 50%;
+ }
+
+ #bkuselectionarea {
+ position: relative;
+ display: block;
+ }
+
+ #localBKU {
+ padding-left: 5%;
+ padding-right: 2%;
+ padding-bottom: 2%;
+ position: relative;
+ clear: both;
+ }
+
+ #bkukarte {
+ float:left;
+ text-align:center;
+ width:40%;
+ min-height: 70px;
+ padding-left: 5%;
+ padding-top: 2%;
+ }
+
+ #bkuhandy {
+ float:right;
+ text-align:center;
+ width:40%;
+ min-height: 90px;
+ padding-right: 5%;
+ padding-top: 2%;
+ }
+
+ .bkuimage {
+ width: 90%;
+ height: auto;
+ }
+
+ #mandate{
+ text-align:center;
+ padding : 5px 5px 5px 5px;
+ }
+
+ button, .sendButton {
+/* background: #BUTTON_BACKGROUNDCOLOR#;
+ color: #BUTTON_COLOR#; */
+ cursor: pointer;
+
+/* border:1px solid #000;
+ box-shadow: 3px 3px 3px #222222; */
+ }
+
+ button:hover, button:focus, button:active,
+ .sendButton:hover , .sendButton:focus, .sendButton:active,
+ #mandateCheckBox:hover, #mandateCheckBox:focus, #mandateCheckBox:active {
+/* background: #BUTTON_BACKGROUNDCOLOR_FOCUS#;
+ color: #BUTTON_COLOR#; */
+ cursor: pointer;
+
+/* border:1px solid #000;
+ box-shadow: -1px -1px 3px #222222; */
+ }
+
+ #installJava, #BrowserNOK {
+ clear:both;
+ font-size:0.8em;
+ padding:4px;
+ }
+
+ .selectText{
+
+ }
+
+ .selectTextHeader{
+
+ }
+
+ #leftcontent a {
+ text-decoration:none;
+ color: #000;
+ /* display:block;*/
+ padding:4px;
+ }
+
+ #leftcontent a:hover, #leftcontent a:focus, #leftcontent a:active {
+ text-decoration:underline;
+ color: #000;
+ }
+
+ .infobutton {
+ background-color: #005a00;
+ color: white;
+ font-family: serif;
+ text-decoration: none;
+ padding-top: 2px;
+ padding-right: 4px;
+ padding-bottom: 2px;
+ padding-left: 4px;
+ font-weight: bold;
+ }
+
+ .hell {
+ background-color : #MAIN_BACKGOUNDCOLOR#;
+ color: #MAIN_COLOR#;
+ }
+
+ .dunkel {
+ background-color: #HEADER_BACKGROUNDCOLOR#;
+ color: #HEADER_COLOR#;
+ }
+
+ .main_header {
+ color: black;
+ font-size: 32pt;
+ position: absolute;
+ right: 10%;
+ top: 40px;
+
+ }
+
+ </style>
+
+
+ <title>Anmeldung an Online-Applikation</title>
+</head>
+
+
+<body>
+ <div id="page">
+
+ <div id="page1" class="case selected-case" role="main">
+
+<!-- <h2 class="OA_header">Anmeldung an: #OAName#</h2> -->
+
+ <div id="main">
+ <div id="leftcontent" class="hell">
+ <div id="bku_header" class="dunkel">
+ <h2 id="tabheader" class="dunkel" role="heading">
+ Anmeldeinformationen:
+ </h2>
+ </div>
+
+ <div id="selectArea" class="hell" role="application">
+ <h3>Anmeldung an: #OAName#</h3>
+
+<!-- <div class="hell"> -->
+ <div id="leftbutton">
+ <form method="post" id="moaidform_yes" action="#URL#">
+ <input type="hidden" name="value" value="true">
+ <input type="hidden" name="mod" value="#MODUL#">
+ <input type="hidden" name="action" value="#ACTION#">
+ <input type="hidden" name="identifier" value="#ID#">
+ <input type="submit" value="Ja" class="setAssertionButton_full sendButton" role="button">
+ </form>
+ </div>
+ <div id="rightbutton">
+ <form method="post" id="moaidform_no" action="#URL#">
+ <input type="hidden" name="value" value="false">
+ <input type="hidden" name="mod" value="#MODUL#">
+ <input type="hidden" name="action" value="#ACTION#">
+ <input type="hidden" name="identifier" value="#ID#">
+ <input type="submit" value="Nein" class="setAssertionButton_full sendButton" role="button">
+ </form>
+ </div>
+
+ </div>
+ </div>
+ </div>
+ </div>
+ <div id="validation">
+ <a href="http://validator.w3.org/check?uri=">
+ <img style="border:0;width:88px;height:31px"
+ src="#CONTEXTPATH#/img/valid-html5-blue.png"
+ alt="HTML5 ist valide!" />
+ </a>
+ <a href="http://jigsaw.w3.org/css-validator/">
+ <img style="border:0;width:88px;height:31px"
+ src="http://jigsaw.w3.org/css-validator/images/vcss-blue"
+ alt="CSS ist valide!" />
+ </a>
+ </div>
+ </div>
+</body>
+</html>
diff --git a/id/server/doc/conf/moa-id-configuration/keys/assertion.crt b/id/server/doc/conf/moa-id-configuration/keys/assertion.crt
new file mode 100644
index 000000000..aa4e23cb1
--- /dev/null
+++ b/id/server/doc/conf/moa-id-configuration/keys/assertion.crt
@@ -0,0 +1,24 @@
+-----BEGIN CERTIFICATE-----
+MIIEDDCCAvSgAwIBAgIJAI6ivoxdit5XMA0GCSqGSIb3DQEBBQUAMGExCzAJBgNV
+BAYTAkFUMRMwEQYDVQQIEwpTb21lLVN0YXRlMSEwHwYDVQQKExhJbnRlcm5ldCBX
+aWRnaXRzIFB0eSBMdGQxGjAYBgNVBAMTEUFzc2VydGlvbiBTaWduaW5nMB4XDTE0
+MDIwNDEwNDEzOVoXDTI0MDIwMjEwNDEzOVowYTELMAkGA1UEBhMCQVQxEzARBgNV
+BAgTClNvbWUtU3RhdGUxITAfBgNVBAoTGEludGVybmV0IFdpZGdpdHMgUHR5IEx0
+ZDEaMBgGA1UEAxMRQXNzZXJ0aW9uIFNpZ25pbmcwggEiMA0GCSqGSIb3DQEBAQUA
+A4IBDwAwggEKAoIBAQD5tysT9qt3zoIf6GZJP0qCO0wuAD9lS0v6IzF6lKmY2sts
+2OHjC2KX2CQWruLmA2bdxeVSX21JrcCJrLh3qzpEkBGrcaqJz2AeJ6jRamYgWa/y
++4AADlPHJntdX3w+H/z6quCgvuylGcOhEo5Eoaef0U1cn3AR5Cu1yAtSMhnhrBU8
+upiHfpRvGx+UA55zQpctlhB8vw2i+6zvFI2MGV5cmJ56dF7IlDa+Yp6udlUhUAEn
+SKVLSiEifvnYD3F5F/yHg08zxvjU0Q2Yx/dp+gYK7obZvDtsmPRd24oo+CThhdf9
+8PHtfHew4cwUXyUiMzDYC0i4m8a4FsViryPBnjL9AgMBAAGjgcYwgcMwHQYDVR0O
+BBYEFCx2GmAN2fE3EdGbt/9tQZZFKGR6MIGTBgNVHSMEgYswgYiAFCx2GmAN2fE3
+EdGbt/9tQZZFKGR6oWWkYzBhMQswCQYDVQQGEwJBVDETMBEGA1UECBMKU29tZS1T
+dGF0ZTEhMB8GA1UEChMYSW50ZXJuZXQgV2lkZ2l0cyBQdHkgTHRkMRowGAYDVQQD
+ExFBc3NlcnRpb24gU2lnbmluZ4IJAI6ivoxdit5XMAwGA1UdEwQFMAMBAf8wDQYJ
+KoZIhvcNAQEFBQADggEBAPIKVBFv+lGInuACtVTVfkhHp9OJWQxDaf6vxYjvqmDl
+DZ6XMQgglNRTrF1iXxWGWU+JQQWITAWFeGJ83KhFcP7jycsW3cUmwoQDmI34Zv/b
+crS0/NFug/n8hITUCBfZwpyrBXUnJrIqtPdfPXYJNN4D/XHZBJ8NeaQWg8SApJ60
+LuUIAZcFSyTiOC0qI9VlBmSpqp5rJwLnvoadNECubwuHlws0e0lTtRBNOuq0mId3
+0isb3ct7x4628JIWTH1GjuFa05YG1d6Tt0mkyfNXK2I9OYx44b9UrJIpfIDdE6E5
+ljapkxheZJuBZWjH01dgo5/Fl3OLczcWQKdSHdHREfo=
+-----END CERTIFICATE-----
diff --git a/id/server/data/deploy/conf/moa-id/keys/encryption.crt b/id/server/doc/conf/moa-id-configuration/keys/encryption.crt
index c9d94f9b6..c9d94f9b6 100644
--- a/id/server/data/deploy/conf/moa-id/keys/encryption.crt
+++ b/id/server/doc/conf/moa-id-configuration/keys/encryption.crt
diff --git a/id/server/doc/conf/moa-id-configuration/keys/metadata.crt b/id/server/doc/conf/moa-id-configuration/keys/metadata.crt
new file mode 100644
index 000000000..bd9640b37
--- /dev/null
+++ b/id/server/doc/conf/moa-id-configuration/keys/metadata.crt
@@ -0,0 +1,24 @@
+-----BEGIN CERTIFICATE-----
+MIIECTCCAvGgAwIBAgIJAIHjIpba8E6mMA0GCSqGSIb3DQEBBQUAMGAxCzAJBgNV
+BAYTAkFUMRMwEQYDVQQIEwpTb21lLVN0YXRlMSEwHwYDVQQKExhJbnRlcm5ldCBX
+aWRnaXRzIFB0eSBMdGQxGTAXBgNVBAMTEE1ldGFkYXRhIFNpZ25pbmcwHhcNMTQw
+MjA0MTA0MTA4WhcNMjQwMjAyMTA0MTA4WjBgMQswCQYDVQQGEwJBVDETMBEGA1UE
+CBMKU29tZS1TdGF0ZTEhMB8GA1UEChMYSW50ZXJuZXQgV2lkZ2l0cyBQdHkgTHRk
+MRkwFwYDVQQDExBNZXRhZGF0YSBTaWduaW5nMIIBIjANBgkqhkiG9w0BAQEFAAOC
+AQ8AMIIBCgKCAQEAvfDn2hbBnvywRNc7wmToItDzXitkl9nfM9Q3ubEN9qAh4/PD
+ICrKdzFBq08a7NR5xNJhDCUhhZ/W20ZJvh+1dwQdgSzanA91iVKbL4YFYKbnM9/x
+tarTAMZMWH34qIkfwkKyTEDWeOqFG2653azO5e+0DFiBV7AytR3dmy1ZnJoqhGIY
+O4EzINikof1M7t5I8xBS3gAyQKyu0yhbj5AyUujpNIPX0JeE1C1DsrHaeuAHZXLh
+zHEWSG3NVXrn8HAXAAtqGJ+E9SRztqsigDjNjbqrrp/vmPUag9Rb2o8/flEZTPRS
+ttCQTHK8jst/I2qgLkePB5kSp65caXUf4xuFqQIDAQABo4HFMIHCMB0GA1UdDgQW
+BBQFbqjmW9JHVCWwocMdO0EodAfy/jCBkgYDVR0jBIGKMIGHgBQFbqjmW9JHVCWw
+ocMdO0EodAfy/qFkpGIwYDELMAkGA1UEBhMCQVQxEzARBgNVBAgTClNvbWUtU3Rh
+dGUxITAfBgNVBAoTGEludGVybmV0IFdpZGdpdHMgUHR5IEx0ZDEZMBcGA1UEAxMQ
+TWV0YWRhdGEgU2lnbmluZ4IJAIHjIpba8E6mMAwGA1UdEwQFMAMBAf8wDQYJKoZI
+hvcNAQEFBQADggEBAECK58eJgkd54gQAV9gGXRC2LV1tdBzn89Q57Ff/UwBQzN0M
++uytem8lwVCpUeAk6N01/krzmSbJojqpXId+O/iHhQ8lwDmJnXRrCZH7APiQ3yC0
+p4ufWtxhqixc+Itl96HzHDRXb7eZkXdVERGM26UGwyaBfxkIcLdpMoojlHBJlHaA
+oHDYiJHQBmqk5+YMOuEOnpsKY0115MZ38DoppNfeAFG8K4ZDI5vH9VWk8PDJu+jv
+tWbhXNsKiiCMdZrsnvGjxPpk/6zJpJpBcwCzhIvnaEobijKMO+6aH/6zfbB6JKn/
+Dz3Rw+0WbypFYbbpIzWRCkXSAQju/w3vHBGnCyI=
+-----END CERTIFICATE-----
diff --git a/id/server/data/deploy/conf/moa-id/keys/moa_idp.p12 b/id/server/doc/conf/moa-id-configuration/keys/moa_idp[password].p12
index 78cab1e89..78cab1e89 100644
--- a/id/server/data/deploy/conf/moa-id/keys/moa_idp.p12
+++ b/id/server/doc/conf/moa-id-configuration/keys/moa_idp[password].p12
Binary files differ
diff --git a/id/server/doc/conf/moa-id-configuration/mail/activation_template.html b/id/server/doc/conf/moa-id-configuration/mail/activation_template.html
new file mode 100644
index 000000000..adac14f56
--- /dev/null
+++ b/id/server/doc/conf/moa-id-configuration/mail/activation_template.html
@@ -0,0 +1,39 @@
+<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
+<html xmlns="http://www.w3.org/1999/xhtml">
+<head>
+<meta http-equiv="Content-Type" content="text/html; charset=ISO-8859-15" />
+<title>Benachrichtigung</title>
+<style type="text/css">
+body {
+ line-height: 1;
+ color: black;
+ background: white;
+ min-height: 101%;
+ font-size: 0.8em;
+ font-family: Verdana, Arial, Helvetica, sans-serif;
+}
+</style>
+
+</head>
+
+<body>
+<div style="width: 708px; border: 1px solid #bbbbbb">
+ <p>Sehr geehrte(r) #GIVENNAME# #FAMILYNAME#,</p>
+ <p>&nbsp;</p>
+ <p>Ihr Benutzeraccount f&uuml;r das MOA-ID 2.x Verwaltungs- und Konfigurationstool wurde soeben durch den Administrator freigegeben.</p>
+ <p>Sie k&ouml;nnen Sich ab nun unter folgendem Link am Konfigurationstool anmelden und Ihre Online-Applikationen verwalten.
+ <a href="#MANDATE_SERVICE_LINK#">#MANDATE_SERVICE_LINK#</a>.</p>
+
+ <p>&nbsp;</p>
+ <p>Graz, #TODAY_DATE#</p>
+ <p align="right">E-Government Innovationszentrum <br />
+ Inffeldgasse 16a<br />
+ 8010 Graz<br />
+ <br />
+ Telefon: +43 (316) 873-5514 <br />
+ Fax: +43 (316) 873-5520 <br />
+ E-Mail: <a href="mailto:moa-id-configuration@egiz.gv.at" target="_blank" title="E-Mail an: ">moa-id-configuration@egiz.gv.at</a>
+ </p>
+</div>
+</body>
+</html>
diff --git a/id/server/doc/conf/moa-id-configuration/mail/admin_template.html b/id/server/doc/conf/moa-id-configuration/mail/admin_template.html
new file mode 100644
index 000000000..dd5872514
--- /dev/null
+++ b/id/server/doc/conf/moa-id-configuration/mail/admin_template.html
@@ -0,0 +1,40 @@
+<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
+<html xmlns="http://www.w3.org/1999/xhtml">
+<head>
+<meta http-equiv="Content-Type" content="text/html; charset=ISO-8859-15" />
+<title>Benachrichtigung</title>
+<style type="text/css">
+body {
+ line-height: 1;
+ color: black;
+ background: white;
+ min-height: 101%;
+ font-size: 0.8em;
+ font-family: Verdana, Arial, Helvetica, sans-serif;
+}
+</style>
+
+</head>
+
+<body>
+<div style="width: 708px; border: 1px solid #bbbbbb">
+ <p>Sehr geehrte(r) Administrator(in),</p>
+ <p>&nbsp;</p>
+ <p>Am MOA-ID 2.x Verwaltungs- und Konfigurationstool liegen offene Antr&auml;ge vor.</p>
+
+ <p>Aktuell warten #NUMBER_USERSS# neue Benutzeraccount(s) und #NUMBER_OAS# neue Online-Applikation(en)
+ auf eine Freigabe durch einen Administrator.</p>
+
+ <p>&nbsp;</p>
+ <p>Graz, #TODAY_DATE#</p>
+ <p align="right">E-Government Innovationszentrum <br />
+ Inffeldgasse 16a<br />
+ 8010 Graz<br />
+ <br />
+ Telefon: +43 (316) 873-5514 <br />
+ Fax: +43 (316) 873-5520 <br />
+ E-Mail: <a href="mailto:moa-id-configuration@egiz.gv.at" target="_blank" title="E-Mail an: ">moa-id-configuration@egiz.gv.at</a>
+ </p>
+</div>
+</body>
+</html>
diff --git a/id/server/doc/conf/moa-id-configuration/mail/oa_activation_template.html b/id/server/doc/conf/moa-id-configuration/mail/oa_activation_template.html
new file mode 100644
index 000000000..e809de743
--- /dev/null
+++ b/id/server/doc/conf/moa-id-configuration/mail/oa_activation_template.html
@@ -0,0 +1,37 @@
+<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
+<html xmlns="http://www.w3.org/1999/xhtml">
+<head>
+<meta http-equiv="Content-Type" content="text/html; charset=ISO-8859-15" />
+<title>Benachrichtigung</title>
+<style type="text/css">
+body {
+ line-height: 1;
+ color: black;
+ background: white;
+ min-height: 101%;
+ font-size: 0.8em;
+ font-family: Verdana, Arial, Helvetica, sans-serif;
+}
+</style>
+
+</head>
+
+<body>
+<div style="width: 708px; border: 1px solid #bbbbbb">
+ <p>Sehr geehrte(r) #GIVENNAME# #FAMILYNAME#,</p>
+ <p>&nbsp;</p>
+ <p>Ihre Online-Applikation mit der ID #OANAME# wurde soeben durch den Administrator freigegeben.</p>
+
+ <p>&nbsp;</p>
+ <p>Graz, #TODAY_DATE#</p>
+ <p align="right">E-Government Innovationszentrum <br />
+ Inffeldgasse 16a<br />
+ 8010 Graz<br />
+ <br />
+ Telefon: +43 (316) 873-5514 <br />
+ Fax: +43 (316) 873-5520 <br />
+ E-Mail: <a href="mailto:moa-id-configuration@egiz.gv.at" target="_blank" title="E-Mail an: ">moa-id-configuration@egiz.gv.at</a>
+ </p>
+</div>
+</body>
+</html>
diff --git a/id/server/doc/conf/moa-id-configuration/mail/rejected_template.html b/id/server/doc/conf/moa-id-configuration/mail/rejected_template.html
new file mode 100644
index 000000000..b5abff125
--- /dev/null
+++ b/id/server/doc/conf/moa-id-configuration/mail/rejected_template.html
@@ -0,0 +1,37 @@
+<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
+<html xmlns="http://www.w3.org/1999/xhtml">
+<head>
+<meta http-equiv="Content-Type" content="text/html; charset=ISO-8859-15" />
+<title>Benachrichtigung</title>
+<style type="text/css">
+body {
+ line-height: 1;
+ color: black;
+ background: white;
+ min-height: 101%;
+ font-size: 0.8em;
+ font-family: Verdana, Arial, Helvetica, sans-serif;
+}
+</style>
+
+</head>
+
+<body>
+<div style="width: 708px; border: 1px solid #bbbbbb">
+ <p>Sehr geehrte(r) #GIVENNAME# #FAMILYNAME#,</p>
+ <p>&nbsp;</p>
+ <p>Ihr Benutzeraccount f&uuml;r das MOA-ID 2.x Verwaltungs- und Konfigurationstool wurde soeben durch einen Administrator gel&ouml;scht.</p>
+
+ <p>&nbsp;</p>
+ <p>Graz, #TODAY_DATE#</p>
+ <p align="right">E-Government Innovationszentrum <br />
+ Inffeldgasse 16a<br />
+ 8010 Graz<br />
+ <br />
+ Telefon: +43 (316) 873-5514 <br />
+ Fax: +43 (316) 873-5520 <br />
+ E-Mail: <a href="mailto:moa-id-configuration@egiz.gv.at" target="_blank" title="E-Mail an: ">moa-id-configuration@egiz.gv.at</a>
+ </p>
+</div>
+</body>
+</html>
diff --git a/id/server/doc/conf/moa-id-configuration/mail/verification_template.html b/id/server/doc/conf/moa-id-configuration/mail/verification_template.html
new file mode 100644
index 000000000..fb4a3f2c4
--- /dev/null
+++ b/id/server/doc/conf/moa-id-configuration/mail/verification_template.html
@@ -0,0 +1,43 @@
+<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
+<html xmlns="http://www.w3.org/1999/xhtml">
+<head>
+<meta http-equiv="Content-Type" content="text/html; charset=ISO-8859-15" />
+<title>Benachrichtigung</title>
+<style type="text/css">
+body {
+ line-height: 1;
+ color: black;
+ background: white;
+ min-height: 101%;
+ font-size: 0.8em;
+ font-family: Verdana, Arial, Helvetica, sans-serif;
+}
+</style>
+
+</head>
+
+<body>
+<div style="width: 708px; border: 1px solid #bbbbbb">
+ <p>Sehr geehrte(r) #GIVENNAME# #FAMILYNAME#,</p>
+ <p>&nbsp;</p>
+ <p>Sie haben einen Benutzeraccount f&uuml;r das MOA-ID 2.x Verwaltungs- und Konfigurationstool beantragt.</p>
+ <p>Um Ihren Antrag abzuschließen &ouml;ffnen Sie bitte den folgenden Link in Ihrem Browser.<br>
+ <a href="#MANDATE_SERVICE_LINK#">#MANDATE_SERVICE_LINK#</a>.<br>
+ Anschließend wird Ihre Antrag an den zust&auml;ndigen Administrator weitergeleitet.
+ Sie erhalten danach eine weitere Best&auml;tigung sobald Ihr Benutzeraccount freigeschalten wurde.</p>
+
+ <p>Sollten Sie keinen Account beantragt haben k&ouml;nnen Sie dieses Mail ignorieren.</p>
+
+ <p>&nbsp;</p>
+ <p>Graz, #TODAY_DATE#</p>
+ <p align="right">E-Government Innovationszentrum <br />
+ Inffeldgasse 16a<br />
+ 8010 Graz<br />
+ <br />
+ Telefon: +43 (316) 873-5514 <br />
+ Fax: +43 (316) 873-5520 <br />
+ E-Mail: <a href="mailto:moa-id-configuration@egiz.gv.at" target="_blank" title="E-Mail an: ">moa-id-configuration@egiz.gv.at</a>
+ </p>
+</div>
+</body>
+</html>
diff --git a/id/server/doc/conf/moa-id-configuration/moa-id-configtool.properties b/id/server/doc/conf/moa-id-configuration/moa-id-configtool.properties
new file mode 100644
index 000000000..05b5fbdef
--- /dev/null
+++ b/id/server/doc/conf/moa-id-configuration/moa-id-configtool.properties
@@ -0,0 +1,77 @@
+#General config
+general.login.deaktivate=false
+general.publicURLContext=https://localhost:8443/moa-id-configuration
+
+general.defaultlanguage=de
+
+##Mail
+general.mail.host=smtp.localhost...
+#general.mail.host.port=
+#general.mail.host.username=
+#general.mail.host.password=
+
+general.mail.from.name=MOA-ID 2.x Konfigurationstool
+general.mail.from.address=no-reply@localhost
+
+general.mail.useraccountrequest.verification.subject=MOA-ID 2.x - Benutzerverifikation
+general.mail.useraccountrequest.verification.template=mail/verification_template.html
+
+general.mail.useraccountrequest.isactive.subject=MOA-ID 2.x - Benutzeraktivierung
+general.mail.useraccountrequest.isactive.template=mail/activation_template.html
+general.mail.useraccountrequest.rejected.template=mail/rejected_template.html
+
+general.mail.createOArequest.isactive.subject=MOA-ID 2.x - Online-Applikationsaktivierung
+general.mail.createOArequest.isactive.template=mail/oa_activation_template.html
+
+general.mail.admin.adress=admin@localhost
+general.mail.admin.subject=MOA-ID 2.x - Statusmeldung
+general.mail.admin.adresses.template=mail/admin_template.html
+
+
+general.moaid.instance.url=https://localhost:8443/moa-id-auth/
+
+##PVP2 Authentication
+general.login.pvp2.isactive=true
+
+general.login.pvp2.idp.metadata.url=https://localhost:8443/moa-id-auth/pvp2/metadata
+general.login.pvp2.idp.metadata.certificate=$PATH_TO_CONFIG$/conf/moa-id-configuration/keys/moa_idp.crt
+general.login.pvp2.idp.metadata.entityID=https://localhost:8443/moa-id-auth
+general.login.pvp2.idp.sso.logout.url=https://localhost:8443/moa-id-auth/LogOut?redirect=
+
+general.login.pvp2.metadata.entities.name=MOA-ID 2.x Configuration Tool
+general.login.pvp2.keystore.url=$PATH_TO_CONFIG$/conf/moa-id-configuration/keys/application.p12
+general.login.pvp2.keystore.password=password
+general.login.pvp2.keystore.type=PKCS12
+
+general.login.pvp2.keystore.metadata.key.alias=pvp_metadata
+general.login.pvp2.keystore.metadata.key.password=password
+
+general.login.pvp2.keystore.authrequest.encryption.key.alias=pvp_encryption
+general.login.pvp2.keystore.authrequest.encryption.key.password=password
+
+general.login.pvp2.keystore.authrequest.key.alias=pvp_request
+general.login.pvp2.keystore.authrequest.key.password=password
+
+#UserRequestCleanUP time in hours
+general.userrequests.cleanup.delay=18
+
+##Hibnerate configuration for MOA-ID 2.0 configuration
+hibernate.dialect=org.hibernate.dialect.MySQLDialect
+hibernate.connection.url=jdbc:mysql://localhost/moa-id-config?charSet=utf-8&autoReconnect=true
+hibernate.connection.charSet=utf-8
+hibernate.connection.driver_class=com.mysql.jdbc.Driver
+hibernate.connection.username=
+hibernate.connection.password=
+
+hibernate.hbm2ddl.auto=update
+hibernate.current_session_context_class=thread
+hibernate.transaction.flush_before_completion=true
+hibernate.transaction.auto_close_session=true
+hibernate.show_sql=false
+hibernate.format_sql=true
+hibernate.c3p0.acquire_increment=3
+hibernate.c3p0.idle_test_period=300
+hibernate.c3p0.timeout=300
+hibernate.c3p0.max_size=20
+hibernate.c3p0.max_statements=0
+hibernate.c3p0.min_size=3 \ No newline at end of file
diff --git a/id/server/doc/conf/moa-id-configuration/transforms/TransformsInfoAuthBlockTable_DE_2.0.xml b/id/server/doc/conf/moa-id-configuration/transforms/TransformsInfoAuthBlockTable_DE_2.0.xml
new file mode 100644
index 000000000..e225ca6e0
--- /dev/null
+++ b/id/server/doc/conf/moa-id-configuration/transforms/TransformsInfoAuthBlockTable_DE_2.0.xml
@@ -0,0 +1,7 @@
+<sl10:TransformsInfo><dsig:Transforms xmlns:dsig="http://www.w3.org/2000/09/xmldsig#"><dsig:Transform Algorithm="http://www.w3.org/TR/1999/REC-xslt-19991116"><xsl:stylesheet version="1.0" xmlns:xsl="http://www.w3.org/1999/XSL/Transform" xmlns:saml="urn:oasis:names:tc:SAML:1.0:assertion" xmlns:pr="http://reference.e-government.gv.at/namespace/persondata/20020228#" exclude-result-prefixes="pr saml"><xsl:output method="xml" xml:space="default"/><xsl:template match="/" xmlns="http://www.w3.org/1999/xhtml"><html><head><title>Signatur der Anmeldedaten</title><style type="text/css" media="screen">
+ .normalstyle { font-size: medium; }
+ .italicstyle { font-size: medium; font-style: italic; }
+ .titlestyle{ text-decoration:underline; font-weight:bold; font-size: medium; }
+ .h4style{ font-size: large; }
+ </style></head><body><h4 class="h4style">Anmeldedaten:</h4><xsl:if test="string(//saml:Attribute[@AttributeName='SpecialText']/saml:AttributeValue)"><p class="normalstyle"><xsl:value-of select="//saml:Attribute[@AttributeName='SpecialText']/saml:AttributeValue"/></p></xsl:if><p class="titlestyle">Daten zur Person</p><table class="parameters"><xsl:if test="normalize-space(//@Issuer)"><tr><td class="italicstyle">Name:</td><td class="normalstyle"><xsl:value-of select="//@Issuer"/></td></tr></xsl:if><xsl:if test="string(//saml:Attribute[@AttributeName='Geburtsdatum']/saml:AttributeValue)"><tr><td class="italicstyle">Geburtsdatum:</td><td class="normalstyle"><xsl:value-of select="substring(//saml:Attribute[@AttributeName='Geburtsdatum']/saml:AttributeValue,9,2)"/><xsl:text>.</xsl:text><xsl:value-of select="substring(//saml:Attribute[@AttributeName='Geburtsdatum']/saml:AttributeValue,6,2)"/><xsl:text>.</xsl:text><xsl:value-of select="substring(//saml:Attribute[@AttributeName='Geburtsdatum']/saml:AttributeValue,1,4)"/></td></tr></xsl:if><xsl:if test="//saml:Attribute[@AttributeName='OIDTextualDescription']"><tr><td class="italicstyle">Rolle:</td><td class="normalstyle"><xsl:value-of select="//saml:Attribute[@AttributeName='OIDTextualDescription']/saml:AttributeValue"/></td></tr></xsl:if><xsl:if test="//saml:Attribute[@AttributeName='mandateReferenceValue']"><tr><td class="italicstyle">Vollmacht:</td><td class="normalstyle"><xsl:text>Ich melde mich in Vertretung an. Im nächsten Schritt wird mir eine Liste der für mich verfügbaren Vertretungsverhältnisse angezeigt, aus denen ich eines auswählen werde.</xsl:text></td></tr></xsl:if></table><p class="titlestyle">Daten zur Anwendung</p><table class="parameters"><tr><td class="italicstyle">Name:</td><td class="normalstyle"><xsl:value-of select="//saml:Attribute[@AttributeName='oaFriendlyName']/saml:AttributeValue"/></td></tr><tr><td class="italicstyle">Staat:</td><td class="normalstyle">Österreich</td></tr></table><p class="titlestyle">Technische Parameter</p><table class="parameters"><tr><td class="italicstyle">URL:</td><td class="normalstyle"><xsl:value-of select="//saml:Attribute[@AttributeName='OA']/saml:AttributeValue"/></td></tr><xsl:if test="//saml:Attribute[@AttributeName='Geschaeftsbereich']"><tr><td class="italicstyle">Bereich:</td><td class="normalstyle"><xsl:value-of select="//saml:Attribute[@AttributeName='Geschaeftsbereich']/saml:AttributeValue"/></td></tr></xsl:if><xsl:if test="//saml:Attribute[@AttributeName='mandateReferenceValue']"><tr><td class="italicstyle">
+ Vollmachten-Referenz:</td><td class="normalstyle"><xsl:value-of select="//saml:Attribute[@AttributeName='mandateReferenceValue']"/></td></tr></xsl:if><xsl:if test="//saml:Attribute[@AttributeName='IdentityLinkDomainIdentifierType']"><tr><td class="italicstyle"><xsl:value-of select="//saml:Attribute[@AttributeName='IdentityLinkDomainIdentifierType']"/>:</td><td class="normalstyle"><xsl:value-of select="//saml:Attribute[@AttributeName='wbPK']/saml:AttributeValue/pr:Identification/pr:Type"/></td></tr></xsl:if><xsl:if test="//saml:Attribute[@AttributeName='bPK'] or //saml:Attribute[@AttributeName='wbPK']"><tr><td class="italicstyle">Identifikator:</td><td class="normalstyle"><xsl:value-of select="//saml:Attribute[@AttributeName='bPK']/saml:AttributeValue/pr:Identification/pr:Value"/><xsl:value-of select="//saml:Attribute[@AttributeName='wbPK']/saml:AttributeValue/pr:Identification/pr:Value"/></td></tr></xsl:if><xsl:if test="//saml:Attribute[@AttributeName='OIDTextualDescription']"><tr><td class="italicstyle">OID:</td><td class="normalstyle"><xsl:value-of select="//saml:Attribute[@AttributeName='OID']/saml:AttributeValue"/></td></tr></xsl:if><xsl:if test="//saml:Attribute[@AttributeName='HPI']"><tr><td class="italicstyle">HPI:</td><td class="normalstyle"><xsl:value-of select="//saml:Attribute[@AttributeName='HPI']/saml:AttributeValue"/></td></tr></xsl:if><xsl:if test="//saml:Attribute[@AttributeName='UniqueTokken']"><tr><td class="italicstyle">SessionTokken:</td><td class="normalstyle"><xsl:value-of select="//saml:Attribute[@AttributeName='UniqueTokken']/saml:AttributeValue"/></td></tr></xsl:if><tr><td class="italicstyle">Datum:</td><td class="normalstyle"><xsl:value-of select="substring(//@IssueInstant,9,2)"/><xsl:text>.</xsl:text><xsl:value-of select="substring(//@IssueInstant,6,2)"/><xsl:text>.</xsl:text><xsl:value-of select="substring(//@IssueInstant,1,4)"/></td></tr><tr><td class="italicstyle">Uhrzeit:</td><td class="normalstyle"><xsl:value-of select="substring(//@IssueInstant,12,2)"/><xsl:text>:</xsl:text><xsl:value-of select="substring(//@IssueInstant,15,2)"/><xsl:text>:</xsl:text><xsl:value-of select="substring(//@IssueInstant,18,2)"/></td></tr></table></body></html></xsl:template></xsl:stylesheet></dsig:Transform><dsig:Transform Algorithm="http://www.w3.org/TR/2001/REC-xml-c14n-20010315#WithComments"/></dsig:Transforms><sl10:FinalDataMetaInfo><sl10:MimeType>application/xhtml+xml</sl10:MimeType></sl10:FinalDataMetaInfo></sl10:TransformsInfo> \ No newline at end of file
diff --git a/id/server/doc/conf/moa-id-oa/keys/application[password].p12 b/id/server/doc/conf/moa-id-oa/keys/application[password].p12
new file mode 100644
index 000000000..78cab1e89
--- /dev/null
+++ b/id/server/doc/conf/moa-id-oa/keys/application[password].p12
Binary files differ
diff --git a/id/server/doc/conf/moa-id-oa/keys/assertion.crt b/id/server/doc/conf/moa-id-oa/keys/assertion.crt
new file mode 100644
index 000000000..aa4e23cb1
--- /dev/null
+++ b/id/server/doc/conf/moa-id-oa/keys/assertion.crt
@@ -0,0 +1,24 @@
+-----BEGIN CERTIFICATE-----
+MIIEDDCCAvSgAwIBAgIJAI6ivoxdit5XMA0GCSqGSIb3DQEBBQUAMGExCzAJBgNV
+BAYTAkFUMRMwEQYDVQQIEwpTb21lLVN0YXRlMSEwHwYDVQQKExhJbnRlcm5ldCBX
+aWRnaXRzIFB0eSBMdGQxGjAYBgNVBAMTEUFzc2VydGlvbiBTaWduaW5nMB4XDTE0
+MDIwNDEwNDEzOVoXDTI0MDIwMjEwNDEzOVowYTELMAkGA1UEBhMCQVQxEzARBgNV
+BAgTClNvbWUtU3RhdGUxITAfBgNVBAoTGEludGVybmV0IFdpZGdpdHMgUHR5IEx0
+ZDEaMBgGA1UEAxMRQXNzZXJ0aW9uIFNpZ25pbmcwggEiMA0GCSqGSIb3DQEBAQUA
+A4IBDwAwggEKAoIBAQD5tysT9qt3zoIf6GZJP0qCO0wuAD9lS0v6IzF6lKmY2sts
+2OHjC2KX2CQWruLmA2bdxeVSX21JrcCJrLh3qzpEkBGrcaqJz2AeJ6jRamYgWa/y
++4AADlPHJntdX3w+H/z6quCgvuylGcOhEo5Eoaef0U1cn3AR5Cu1yAtSMhnhrBU8
+upiHfpRvGx+UA55zQpctlhB8vw2i+6zvFI2MGV5cmJ56dF7IlDa+Yp6udlUhUAEn
+SKVLSiEifvnYD3F5F/yHg08zxvjU0Q2Yx/dp+gYK7obZvDtsmPRd24oo+CThhdf9
+8PHtfHew4cwUXyUiMzDYC0i4m8a4FsViryPBnjL9AgMBAAGjgcYwgcMwHQYDVR0O
+BBYEFCx2GmAN2fE3EdGbt/9tQZZFKGR6MIGTBgNVHSMEgYswgYiAFCx2GmAN2fE3
+EdGbt/9tQZZFKGR6oWWkYzBhMQswCQYDVQQGEwJBVDETMBEGA1UECBMKU29tZS1T
+dGF0ZTEhMB8GA1UEChMYSW50ZXJuZXQgV2lkZ2l0cyBQdHkgTHRkMRowGAYDVQQD
+ExFBc3NlcnRpb24gU2lnbmluZ4IJAI6ivoxdit5XMAwGA1UdEwQFMAMBAf8wDQYJ
+KoZIhvcNAQEFBQADggEBAPIKVBFv+lGInuACtVTVfkhHp9OJWQxDaf6vxYjvqmDl
+DZ6XMQgglNRTrF1iXxWGWU+JQQWITAWFeGJ83KhFcP7jycsW3cUmwoQDmI34Zv/b
+crS0/NFug/n8hITUCBfZwpyrBXUnJrIqtPdfPXYJNN4D/XHZBJ8NeaQWg8SApJ60
+LuUIAZcFSyTiOC0qI9VlBmSpqp5rJwLnvoadNECubwuHlws0e0lTtRBNOuq0mId3
+0isb3ct7x4628JIWTH1GjuFa05YG1d6Tt0mkyfNXK2I9OYx44b9UrJIpfIDdE6E5
+ljapkxheZJuBZWjH01dgo5/Fl3OLczcWQKdSHdHREfo=
+-----END CERTIFICATE-----
diff --git a/id/server/doc/conf/moa-id-oa/keys/encryption.crt b/id/server/doc/conf/moa-id-oa/keys/encryption.crt
new file mode 100644
index 000000000..c9d94f9b6
--- /dev/null
+++ b/id/server/doc/conf/moa-id-oa/keys/encryption.crt
@@ -0,0 +1,24 @@
+-----BEGIN CERTIFICATE-----
+MIID9zCCAt+gAwIBAgIJAMC/5DRgVin3MA0GCSqGSIb3DQEBBQUAMFoxCzAJBgNV
+BAYTAkFUMRMwEQYDVQQIEwpTb21lLVN0YXRlMSEwHwYDVQQKExhJbnRlcm5ldCBX
+aWRnaXRzIFB0eSBMdGQxEzARBgNVBAMTCkVuY3J5cHRpb24wHhcNMTQwMjA0MTA0
+MjA2WhcNMjQwMjAyMTA0MjA2WjBaMQswCQYDVQQGEwJBVDETMBEGA1UECBMKU29t
+ZS1TdGF0ZTEhMB8GA1UEChMYSW50ZXJuZXQgV2lkZ2l0cyBQdHkgTHRkMRMwEQYD
+VQQDEwpFbmNyeXB0aW9uMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA
+qgKWs3IW4giGsbAUm/wRH+lcggVpOPkNqqtNA48Qfwkq/lSWdeHp0+xXOwR1Oull
+TpmfbqJouUoHf6jCt1EXqlQR2oQ1oYYjLncVMhZ9ajXVFJEBl6tw9Em4aCzkkTdL
+HfWoh21iDnYOXTgP23/59xpuvy85O39hKnysXIcniqeb1uHthMiN25R8g4bPOQNb
+OfoMXpXdVbHxM77ZDSbk88BMRsq8SnlPdelaf8HsZomtnLKXvSDLivTZloxtHjBa
+aJNS/H1zr3HI+lq4S4VH+8ilj53OeWHjstGCFiTRtZy2hZvG2PegNIL7shMN/h4i
+h+OCn/ImAW9Kf599wve5iQIDAQABo4G/MIG8MB0GA1UdDgQWBBQzMzOrGfjN+Tnz
+zbFTyLPgHS4FkjCBjAYDVR0jBIGEMIGBgBQzMzOrGfjN+TnzzbFTyLPgHS4FkqFe
+pFwwWjELMAkGA1UEBhMCQVQxEzARBgNVBAgTClNvbWUtU3RhdGUxITAfBgNVBAoT
+GEludGVybmV0IFdpZGdpdHMgUHR5IEx0ZDETMBEGA1UEAxMKRW5jcnlwdGlvboIJ
+AMC/5DRgVin3MAwGA1UdEwQFMAMBAf8wDQYJKoZIhvcNAQEFBQADggEBAADZoknf
+lcG0O9sL8CALO6UmPy1+ZlOXndoqqNu3uvzj7hvjT5RPY4hTyfrkUn5EqlHwLSCf
+C7rOxcGvRHT3/REwOef8H3MGdSV81esa5EbrRfGWjLOXoQFrIOhz5bxqoU0B7Obh
+3IUA2yCGz4SlXjMdMWN670ETglnthdY4z2Ot8n4E2YNXlRSubowat7ylkqjKvyaB
+Iz/RVgDxblkOK+bqPSKaNWvadItnMyh7Y8C3LD3tQpwYViJ0QOJ9BMujULma7Tb8
+lVIhmx3y2cU8nCqG0VPSTE6AMnuONuQjJTGFsRdDREFrALtjUpsUOXU6+19ywYSi
+LYiLYskPglktuck=
+-----END CERTIFICATE-----
diff --git a/id/server/doc/conf/moa-id-oa/keys/metadata.crt b/id/server/doc/conf/moa-id-oa/keys/metadata.crt
new file mode 100644
index 000000000..bd9640b37
--- /dev/null
+++ b/id/server/doc/conf/moa-id-oa/keys/metadata.crt
@@ -0,0 +1,24 @@
+-----BEGIN CERTIFICATE-----
+MIIECTCCAvGgAwIBAgIJAIHjIpba8E6mMA0GCSqGSIb3DQEBBQUAMGAxCzAJBgNV
+BAYTAkFUMRMwEQYDVQQIEwpTb21lLVN0YXRlMSEwHwYDVQQKExhJbnRlcm5ldCBX
+aWRnaXRzIFB0eSBMdGQxGTAXBgNVBAMTEE1ldGFkYXRhIFNpZ25pbmcwHhcNMTQw
+MjA0MTA0MTA4WhcNMjQwMjAyMTA0MTA4WjBgMQswCQYDVQQGEwJBVDETMBEGA1UE
+CBMKU29tZS1TdGF0ZTEhMB8GA1UEChMYSW50ZXJuZXQgV2lkZ2l0cyBQdHkgTHRk
+MRkwFwYDVQQDExBNZXRhZGF0YSBTaWduaW5nMIIBIjANBgkqhkiG9w0BAQEFAAOC
+AQ8AMIIBCgKCAQEAvfDn2hbBnvywRNc7wmToItDzXitkl9nfM9Q3ubEN9qAh4/PD
+ICrKdzFBq08a7NR5xNJhDCUhhZ/W20ZJvh+1dwQdgSzanA91iVKbL4YFYKbnM9/x
+tarTAMZMWH34qIkfwkKyTEDWeOqFG2653azO5e+0DFiBV7AytR3dmy1ZnJoqhGIY
+O4EzINikof1M7t5I8xBS3gAyQKyu0yhbj5AyUujpNIPX0JeE1C1DsrHaeuAHZXLh
+zHEWSG3NVXrn8HAXAAtqGJ+E9SRztqsigDjNjbqrrp/vmPUag9Rb2o8/flEZTPRS
+ttCQTHK8jst/I2qgLkePB5kSp65caXUf4xuFqQIDAQABo4HFMIHCMB0GA1UdDgQW
+BBQFbqjmW9JHVCWwocMdO0EodAfy/jCBkgYDVR0jBIGKMIGHgBQFbqjmW9JHVCWw
+ocMdO0EodAfy/qFkpGIwYDELMAkGA1UEBhMCQVQxEzARBgNVBAgTClNvbWUtU3Rh
+dGUxITAfBgNVBAoTGEludGVybmV0IFdpZGdpdHMgUHR5IEx0ZDEZMBcGA1UEAxMQ
+TWV0YWRhdGEgU2lnbmluZ4IJAIHjIpba8E6mMAwGA1UdEwQFMAMBAf8wDQYJKoZI
+hvcNAQEFBQADggEBAECK58eJgkd54gQAV9gGXRC2LV1tdBzn89Q57Ff/UwBQzN0M
++uytem8lwVCpUeAk6N01/krzmSbJojqpXId+O/iHhQ8lwDmJnXRrCZH7APiQ3yC0
+p4ufWtxhqixc+Itl96HzHDRXb7eZkXdVERGM26UGwyaBfxkIcLdpMoojlHBJlHaA
+oHDYiJHQBmqk5+YMOuEOnpsKY0115MZ38DoppNfeAFG8K4ZDI5vH9VWk8PDJu+jv
+tWbhXNsKiiCMdZrsnvGjxPpk/6zJpJpBcwCzhIvnaEobijKMO+6aH/6zfbB6JKn/
+Dz3Rw+0WbypFYbbpIzWRCkXSAQju/w3vHBGnCyI=
+-----END CERTIFICATE-----
diff --git a/id/server/doc/conf/moa-id-oa/oa.properties b/id/server/doc/conf/moa-id-oa/oa.properties
new file mode 100644
index 000000000..a24f800f2
--- /dev/null
+++ b/id/server/doc/conf/moa-id-oa/oa.properties
@@ -0,0 +1,21 @@
+general.publicURLContext=https://localhost:8443/oa
+
+general.login.pvp2.idp.metadata.url=https://localhost:8443/moa-id-auth/pvp2/metadata
+general.login.pvp2.idp.metadata.certificate=$PATH_TO_CONFIG$/conf/moa-id-oa/keys/moa_idp.crt
+general.login.pvp2.idp.metadata.entityID=https://localhost:8443/moa-id-auth
+
+general.login.pvp2.OA.metadata.entities.name=MOA-ID 2.x Demo-Application
+
+general.login.pvp2.OA.keystore.url=$PATH_TO_CONFIG$/conf/moa-id-oa/keys/application.p12
+general.login.pvp2.OA.keystore.password=password
+general.login.pvp2.OA.keystore.type=PKCS12
+
+general.login.pvp2.OA.keystore.metadata.sign.key.alias=pvp_metadata
+general.login.pvp2.OA.keystore.metadata.sign.key.password=password
+
+general.login.pvp2.keystore.authrequest.sign.key.alias=pvp_request
+general.login.pvp2.keystore.authrequest.sign.key.password=password
+
+general.login.pvp2.keystore.assertion.encryption.key.alias=pvp_encryption
+general.login.pvp2.keystore.assertion.encryption.key.password=password
+
diff --git a/id/server/doc/conf/moa-id-proxy/MOAIDConfiguration.xml b/id/server/doc/conf/moa-id-proxy/MOAIDConfiguration.xml
new file mode 100644
index 000000000..51b36a1da
--- /dev/null
+++ b/id/server/doc/conf/moa-id-proxy/MOAIDConfiguration.xml
@@ -0,0 +1,67 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!-- Beispielkonfiguration fuer MOA-ID -->
+<MOA-IDConfiguration xmlns="http://www.buergerkarte.at/namespaces/moaconfig#" xmlns:dsig="http://www.w3.org/2000/09/xmldsig#" xmlns:sl10="http://www.buergerkarte.at/namespaces/securitylayer/20020225#" xmlns:sl11="http://www.buergerkarte.at/namespaces/securitylayer/20020831#">
+ <!-- Konfiguration fuer MOA-ID-PROXY -->
+ <ProxyComponent>
+ <!-- URL und akzeptierte TLS-Server-Zertifikate des MOA-ID-AUTH Web Service -->
+ <AuthComponent>
+ <ConnectionParameter URL="http://labda.iaik.tugraz.at:8080/moa-id-auth/services/GetAuthenticationData">
+ <AcceptedServerCertificates>certs/server-certs</AcceptedServerCertificates>
+ <!-- <ClientKeyStore password="Keystore Pass">file_to_clientkeystore</ClientKeyStore> -->
+ </ConnectionParameter>
+ </AuthComponent>
+ </ProxyComponent>
+
+ <!-- Eintragung fuer jede Online-Applikation -->
+ <!-- Demo Online-Applikation: Zugriff auf www.digitales.oesterreich.gv.at ueber MOA-ID-PROXY -->
+ <OnlineApplication type="businessService" publicURLPrefix="https://proxy.gv.at" friendlyName="Test Application">
+ <!-- fuer MOA-ID-PROXY -->
+ <ProxyComponent configFileURL="oa/BasicOAConfiguration.xml" sessionTimeOut="600"
+ loginParameterResolverImpl="at.gv.egiz.moa.id.proxy.MySQLLoginParameterResolver"
+ loginParameterResolverConfiguration="/var/lib/tomcat6/webapps/moa-id-proxy-umgmt/WEB-INF/classes/hibernate.cfg.xml"
+ connectionBuilderImpl="at.gv.egovernment.moa.id.proxy.EnhancedConnectionBuilder"
+ errorRedirectURL="https://proxy.gv.at/oa2">
+
+ <!-- URL und akzeptierte TLS-Server-Zertifikate der Online-Applikation -->
+ <ConnectionParameter URL="https://proxy.gv.at/oa">
+ <AcceptedServerCertificates>certs/server-certs</AcceptedServerCertificates>
+ <!-- <ClientKeyStore password="Keystore Pass">file_to_clientkeystore</ClientKeyStore> -->
+ </ConnectionParameter>
+ </ProxyComponent>
+ </OnlineApplication>
+
+ <!-- Eintragung fuer jede Online-Applikation -->
+ <!-- Demo Online-Applikation: Zugriff auf www.digitales.oesterreich.gv.at ueber MOA-ID-PROXY -->
+ <OnlineApplication type="businessService" publicURLPrefix="https://proxy.gv.at" friendlyName="Test Application">
+ <!-- fuer MOA-ID-PROXY -->
+ <ProxyComponent configFileURL="oa/BasicOAConfiguration.xml" sessionTimeOut="600"
+ errorRedirectURL="https://proxy.gv.at/oa2">
+
+ <!-- URL und akzeptierte TLS-Server-Zertifikate der Online-Applikation -->
+ <ConnectionParameter URL="https://proxy.gv.at/oa">
+ <AcceptedServerCertificates>certs/server-certs</AcceptedServerCertificates>
+ <!-- <ClientKeyStore password="Keystore Pass">file_to_clientkeystore</ClientKeyStore> -->
+ </ConnectionParameter>
+ </ProxyComponent>
+ </OnlineApplication>
+
+ <!-- ChainingModes fuer die Zertifikatspfadueberpruefug der TLS-Zertifikate -->
+ <ChainingModes systemDefaultMode="pkix">
+ </ChainingModes>
+ <!-- fuer MOA-ID-AUTH: CA-Zertifikat des Servers MOA-SP, falls dieses Service ueber HTTPS angesprochen wird
+ fuer MOA-ID-PROXY: CA-Zertifikat des Servers MOA-ID-AUTH, falls dieses Service ueber HTTPS angesprochen wird
+ zusaeztlich: CA-Zertifikat aller Online-Applikationen, die ueber HTTPS angesprochen werden -->
+ <TrustedCACertificates>certs/ca-certs</TrustedCACertificates>
+ <!-- Cache-Verzeichnis fuer-Zertifikate -->
+ <!-- Hinweis: wenn TC in linux oder unix betrieben wird vollstaendigen pfad fuer DirectoryCertStoreParameters.RootDir verwenden -->
+ <GenericConfiguration name="DirectoryCertStoreParameters.RootDir" value="/etc/tomcat6/moa-id/certs/certstore"/>
+ <!-- Time-Out fuer die Anmeldung von Beginn bis zum Anlegen der Anmeldedaten, in Sekunden -->
+ <GenericConfiguration name="AuthenticationSession.TimeOut" value="600"/>
+ <!-- Time-Out fuer die Anmeldung vom Anlegen bis zum Abholen der Anmeldedaten, in Sekunden -->
+ <GenericConfiguration name="AuthenticationData.TimeOut" value="120"/>
+ <!-- Alternatives Data URL prefix (falls Webserver vorgeschaltet wird) -->
+ <!--GenericConfiguration name="FrontendServlets.DataURLPrefix" value="https://<your_webserver>/moa-id-auth/"/ -->
+ <!-- HTTP Verbindung auf Frontend Servlets zulassen / verbieten (falls Webserver vorgeschaltet wird) -->
+ <!-- GenericConfiguration name="FrontendServlets.EnableHTTPConnection" value="true"/ -->
+ <!-- URL Liste der vertrauenwürdigen Bürgekartenumgebungen -->
+</MOA-IDConfiguration>
diff --git a/id/server/doc/conf/moa-id-proxy/errorpages/errorpage-auth_debug.jsp b/id/server/doc/conf/moa-id-proxy/errorpages/errorpage-auth_debug.jsp
new file mode 100644
index 000000000..0cb4e8fea
--- /dev/null
+++ b/id/server/doc/conf/moa-id-proxy/errorpages/errorpage-auth_debug.jsp
@@ -0,0 +1,53 @@
+<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0 Transitional//EN">
+<%@ page contentType="text/html; charset=UTF-8" %>
+<html>
+<head>
+<title>Ein Fehler ist aufgetreten</title>
+</head>
+<% Throwable exceptionThrown = (Throwable)request.getAttribute("ExceptionThrown");
+ String errorMessage = (String)request.getAttribute("ErrorMessage");
+ String wrongParameters = (String)request.getAttribute("WrongParameters");
+ String logLevel = (String)request.getAttribute("LogLevel");
+%>
+
+<body>
+<h1>Fehler bei der Anmeldung</h1>
+<p>Bei der Anmeldung ist ein Fehler aufgetreten.</p>
+
+<% if (logLevel != null) { %>
+<% if (errorMessage != null) { %>
+<p>
+<%= errorMessage%><br>
+</p>
+<% } %>
+<% if (exceptionThrown != null) { %>
+<p>
+<%= exceptionThrown.getMessage()%>
+</p>
+<% } %>
+<% if (wrongParameters != null) { %>
+<p>Die Angabe der Parameter ist unvollst&auml;ndig.<br></p>
+<b> <%= wrongParameters %> </b><br>
+<p>
+ Beispiele f&uuml;r korrekte Links zur MOA-ID Authentisierung sind:
+</p>
+<p>
+<tt>&lt;a href="https://&lt;MOA-URL&gt;/StartAuthentication?Target=&lt;Gesch&auml;ftsbereich&gt;&amp;OA=&lt;OA-URL&gt;&amp;Template=&lt;Template-URL&gt;&quot;&gt;</tt>
+</p>
+<p>
+<tt>&lt;a href="https://&lt;MOA-URL&gt;/SelectBKU?Target=&lt;Gesch&auml;ftsbereich&gt;&amp;OA=&lt;OA-URL&gt;&amp;Template=&lt;Template-URL&gt;&amp;BKUSelectionTemplate=&lt;BKU-Template-URL&gt;&quot;&gt;</tt>
+</p>
+<p>
+Im Falle einer Applikation aus dem privatwirtschaftlichen Bereich (type="businessService") entf&auml;llt die Angabe des <i>Target</i> Parameters:
+</p>
+<p>
+<tt>&lt;a href="https://&lt;MOA-URL&gt;/StartAuthentication?OA=&lt;OA-URL&gt;&amp;Template=&lt;Template-URL&gt;&quot;&gt;</tt>
+</p>
+<p>
+<tt>&lt;a href="https://&lt;MOA-URL&gt;/SelectBKU?OA=&lt;OA-URL&gt;&amp;Template=&lt;Template-URL&gt;&amp;BKUSelectionTemplate=&lt;BKU-Template-URL&gt;&quot;&gt;</tt>
+</p>
+<p>Die Angabe der Parameter <tt>&quot;Template&quot;</tt> und <tt>&quot;BKUSelectionTemplate&quot;</tt> ist optional.</p>
+<% } %>
+<% } %>
+</body>
+</html> \ No newline at end of file
diff --git a/id/server/doc/conf/moa-id-proxy/errorpages/errorpage-auth_empty.jsp b/id/server/doc/conf/moa-id-proxy/errorpages/errorpage-auth_empty.jsp
new file mode 100644
index 000000000..0b3992bfd
--- /dev/null
+++ b/id/server/doc/conf/moa-id-proxy/errorpages/errorpage-auth_empty.jsp
@@ -0,0 +1,13 @@
+<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0 Transitional//EN">
+<%@ page contentType="text/html; charset=UTF-8" %>
+<html>
+<head>
+<title>Ein Fehler ist aufgetreten</title>
+</head>
+
+<body>
+<h1>Fehler bei der Anmeldung</h1>
+<p>Bei der Anmeldung ist ein Fehler aufgetreten.</p>
+
+</body>
+</html> \ No newline at end of file
diff --git a/id/server/doc/conf/moa-id-proxy/errorpages/errorpage-proxy_debug.jsp b/id/server/doc/conf/moa-id-proxy/errorpages/errorpage-proxy_debug.jsp
new file mode 100644
index 000000000..0cb4e8fea
--- /dev/null
+++ b/id/server/doc/conf/moa-id-proxy/errorpages/errorpage-proxy_debug.jsp
@@ -0,0 +1,53 @@
+<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0 Transitional//EN">
+<%@ page contentType="text/html; charset=UTF-8" %>
+<html>
+<head>
+<title>Ein Fehler ist aufgetreten</title>
+</head>
+<% Throwable exceptionThrown = (Throwable)request.getAttribute("ExceptionThrown");
+ String errorMessage = (String)request.getAttribute("ErrorMessage");
+ String wrongParameters = (String)request.getAttribute("WrongParameters");
+ String logLevel = (String)request.getAttribute("LogLevel");
+%>
+
+<body>
+<h1>Fehler bei der Anmeldung</h1>
+<p>Bei der Anmeldung ist ein Fehler aufgetreten.</p>
+
+<% if (logLevel != null) { %>
+<% if (errorMessage != null) { %>
+<p>
+<%= errorMessage%><br>
+</p>
+<% } %>
+<% if (exceptionThrown != null) { %>
+<p>
+<%= exceptionThrown.getMessage()%>
+</p>
+<% } %>
+<% if (wrongParameters != null) { %>
+<p>Die Angabe der Parameter ist unvollst&auml;ndig.<br></p>
+<b> <%= wrongParameters %> </b><br>
+<p>
+ Beispiele f&uuml;r korrekte Links zur MOA-ID Authentisierung sind:
+</p>
+<p>
+<tt>&lt;a href="https://&lt;MOA-URL&gt;/StartAuthentication?Target=&lt;Gesch&auml;ftsbereich&gt;&amp;OA=&lt;OA-URL&gt;&amp;Template=&lt;Template-URL&gt;&quot;&gt;</tt>
+</p>
+<p>
+<tt>&lt;a href="https://&lt;MOA-URL&gt;/SelectBKU?Target=&lt;Gesch&auml;ftsbereich&gt;&amp;OA=&lt;OA-URL&gt;&amp;Template=&lt;Template-URL&gt;&amp;BKUSelectionTemplate=&lt;BKU-Template-URL&gt;&quot;&gt;</tt>
+</p>
+<p>
+Im Falle einer Applikation aus dem privatwirtschaftlichen Bereich (type="businessService") entf&auml;llt die Angabe des <i>Target</i> Parameters:
+</p>
+<p>
+<tt>&lt;a href="https://&lt;MOA-URL&gt;/StartAuthentication?OA=&lt;OA-URL&gt;&amp;Template=&lt;Template-URL&gt;&quot;&gt;</tt>
+</p>
+<p>
+<tt>&lt;a href="https://&lt;MOA-URL&gt;/SelectBKU?OA=&lt;OA-URL&gt;&amp;Template=&lt;Template-URL&gt;&amp;BKUSelectionTemplate=&lt;BKU-Template-URL&gt;&quot;&gt;</tt>
+</p>
+<p>Die Angabe der Parameter <tt>&quot;Template&quot;</tt> und <tt>&quot;BKUSelectionTemplate&quot;</tt> ist optional.</p>
+<% } %>
+<% } %>
+</body>
+</html> \ No newline at end of file
diff --git a/id/server/doc/conf/moa-id-proxy/errorpages/errorpage-proxy_empty.jsp b/id/server/doc/conf/moa-id-proxy/errorpages/errorpage-proxy_empty.jsp
new file mode 100644
index 000000000..0b3992bfd
--- /dev/null
+++ b/id/server/doc/conf/moa-id-proxy/errorpages/errorpage-proxy_empty.jsp
@@ -0,0 +1,13 @@
+<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0 Transitional//EN">
+<%@ page contentType="text/html; charset=UTF-8" %>
+<html>
+<head>
+<title>Ein Fehler ist aufgetreten</title>
+</head>
+
+<body>
+<h1>Fehler bei der Anmeldung</h1>
+<p>Bei der Anmeldung ist ein Fehler aufgetreten.</p>
+
+</body>
+</html> \ No newline at end of file
diff --git a/id/server/doc/conf/moa-id/MOAIdentities.xsd b/id/server/doc/conf/moa-id/MOAIdentities.xsd
new file mode 100644
index 000000000..e075ead5e
--- /dev/null
+++ b/id/server/doc/conf/moa-id/MOAIdentities.xsd
@@ -0,0 +1,59 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!-- edited with XMLSPY v5 rel. 4 U (http://www.xmlspy.com) by Rudolf Schamberger (Stabsstelle IKT-Strategie) (Bundesrechenzentrum GmbH) -->
+<xs:schema targetNamespace="http://reference.e-government.gv.at/namespace/moa/20020822#/xmllpr20030814" xmlns:xs="http://www.w3.org/2001/XMLSchema" xmlns:tns="http://reference.e-government.gv.at/namespace/moa/20020822#/xmllpr20030814" elementFormDefault="qualified" attributeFormDefault="unqualified">
+ <xs:element name="MOAIdentities">
+ <xs:annotation>
+ <xs:documentation>MOAIdentities provides a mapping from identities to parameters used in the XMLLoginParameterResolver of MOA-ID</xs:documentation>
+ </xs:annotation>
+ <xs:complexType>
+ <xs:sequence maxOccurs="unbounded">
+ <xs:element name="Mapping">
+ <xs:complexType>
+ <xs:sequence>
+ <xs:element name="Identity">
+ <xs:complexType>
+ <xs:choice>
+ <xs:element name="NamedIdentity" type="tns:NamedIdentityType"/>
+ <xs:element name="bPKIdentity" type="tns:bPKIdentitiyType"/>
+ <xs:element name="wbPKIdentity" type="tns:wbPKIdentitiyType"/>
+ </xs:choice>
+ </xs:complexType>
+ </xs:element>
+ <xs:element name="Parameters" type="tns:ParametersType"/>
+ </xs:sequence>
+ </xs:complexType>
+ </xs:element>
+ </xs:sequence>
+ </xs:complexType>
+ </xs:element>
+ <xs:complexType name="wbPKIdentitiyType">
+ <xs:simpleContent>
+ <xs:extension base="xs:boolean">
+ <xs:attribute name="wbPK" type="xs:string" use="required"/>
+ </xs:extension>
+ </xs:simpleContent>
+ </xs:complexType>
+ <xs:complexType name="bPKIdentitiyType">
+ <xs:simpleContent>
+ <xs:extension base="xs:boolean">
+ <xs:attribute name="bPK" type="xs:string" use="required"/>
+ </xs:extension>
+ </xs:simpleContent>
+ </xs:complexType>
+ <xs:complexType name="NamedIdentityType">
+ <xs:simpleContent>
+ <xs:extension base="xs:boolean">
+ <xs:attribute name="SurName" type="xs:string" use="required"/>
+ <xs:attribute name="GivenName" type="xs:string" use="required"/>
+ <xs:attribute name="BirthDate" type="xs:string" use="optional"/>
+ </xs:extension>
+ </xs:simpleContent>
+ </xs:complexType>
+ <xs:complexType name="ParametersType">
+ <xs:attribute name="UN" type="xs:string" use="optional"/>
+ <xs:attribute name="PW" type="xs:string" use="optional"/>
+ <xs:attribute name="Param1" type="xs:string" use="optional"/>
+ <xs:attribute name="Param2" type="xs:string" use="optional"/>
+ <xs:attribute name="Param3" type="xs:string" use="optional"/>
+ </xs:complexType>
+</xs:schema>
diff --git a/id/server/doc/conf/moa-id/SampleIdentities.xml b/id/server/doc/conf/moa-id/SampleIdentities.xml
new file mode 100644
index 000000000..abda0bf64
--- /dev/null
+++ b/id/server/doc/conf/moa-id/SampleIdentities.xml
@@ -0,0 +1,34 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!-- Beispielkonfiguration für den Einsatz der MOA-ID Proxy-Komponenten unter Einsatz eines speziellen XMLLoginParameterResolver
+ Damit kann unter Einsatz des XMLLoginParameterResolverPlainData (s.u.) eine Einschränkung von Benutzer für OA erfolgen. -->
+<!-- Beispiel für ein Element ProxyComponent in der MOA-ID Konfigurationsdatei welches den XMLLoginParameterResolverPlainData
+ mit der Benutzerdatei Identities.xml verwendet um sich über Basic Authentication (401) an einer Webseite anzumeldne -->
+
+
+<!--
+ <ProxyComponent configFileURL="oa/SampleOAConfiguration.xml" sessionTimeOut="600"
+ loginParameterResolverImpl="at.gv.egovernment.moa.id.proxy.XMLLoginParameterResolverPlainData"
+ loginParameterResolverConfiguration="Identities.xml">
+ <ConnectionParameter URL="http://www.digitales.oesterreich.gv.at/">
+ </ConnectionParameter>
+ </ProxyComponent>
+-->
+<MOAIdentities xmlns="http://reference.e-government.gv.at/namespace/moa/20020822#/xmllpr20030814" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:schemaLocation="http://reference.e-government.gv.at/namespace/moa/20020822#/xmllpr20030814 MOAIdentities.xsd">
+ <!-- Eintrag aller Benutzer mit Berechtigung -->
+ <!-- Die Daten müssen in der Schreibweise wie in der Personenbindung (= Schreibweise des ZMRs) eingegeben werden -->
+
+ <!-- Benutzerin Kunz -->
+ <Mapping>
+ <Identity>
+ <NamedIdentity SurName="Kunz" GivenName="Karin Stella" BirthDate="1900-01-01">1</NamedIdentity>
+ </Identity>
+ <Parameters UN="KunzKS" PW="geheim"/>
+ </Mapping>
+ <!-- Benutzer Mustermann -->
+ <Mapping>
+ <Identity>
+ <NamedIdentity SurName="Mustermann-Fall" GivenName="Max Moriz" BirthDate="1900-01-01">1</NamedIdentity>
+ </Identity>
+ <Parameters UN="MustMM" PW="höchst?Geheim"/>
+ </Mapping>
+</MOAIdentities>
diff --git a/id/server/doc/conf/moa-id/certs/ca-certs/A-Trust-nQual-03.cer b/id/server/doc/conf/moa-id/certs/ca-certs/A-Trust-nQual-03.cer
new file mode 100644
index 000000000..33e776369
--- /dev/null
+++ b/id/server/doc/conf/moa-id/certs/ca-certs/A-Trust-nQual-03.cer
Binary files differ
diff --git a/id/server/doc/conf/moa-id/certs/ca-certs/a-sign-SSL-03.cer b/id/server/doc/conf/moa-id/certs/ca-certs/a-sign-SSL-03.cer
new file mode 100644
index 000000000..a699436ca
--- /dev/null
+++ b/id/server/doc/conf/moa-id/certs/ca-certs/a-sign-SSL-03.cer
Binary files differ
diff --git a/id/server/doc/conf/moa-id/certs/ca-certs/gateway.stammzahlenregister.gv.at.cer b/id/server/doc/conf/moa-id/certs/ca-certs/gateway.stammzahlenregister.gv.at.cer
new file mode 100644
index 000000000..ff90e35f5
--- /dev/null
+++ b/id/server/doc/conf/moa-id/certs/ca-certs/gateway.stammzahlenregister.gv.at.cer
Binary files differ
diff --git a/id/server/doc/conf/moa-id/certs/ca-certs/szrgw.egiz.gv.at.crt b/id/server/doc/conf/moa-id/certs/ca-certs/szrgw.egiz.gv.at.crt
new file mode 100644
index 000000000..0780bc44f
--- /dev/null
+++ b/id/server/doc/conf/moa-id/certs/ca-certs/szrgw.egiz.gv.at.crt
@@ -0,0 +1,33 @@
+-----BEGIN CERTIFICATE-----
+MIIFsDCCBJigAwIBAgIHASBxw0JY9jANBgkqhkiG9w0BAQUFADCBrDEcMBoGA1UE
+AxMTRXVyb1BLSSBJQUlLIFNTTCBDQTEmMCQGA1UEChMdR3JheiBVbml2ZXJzaXR5
+IG9mIFRlY2hub2xvZ3kxSDBGBgNVBAsTP0luc3RpdHV0ZSBmb3IgQXBwbGllZCBJ
+bmZvcm1hdGlvbiBQcm9jZXNzaW5nIGFuZCBDb21tdW5pY2F0aW9uczENMAsGA1UE
+BxMER3JhejELMAkGA1UEBhMCQVQwHhcNMTMxMjAzMTYzODUyWhcNMTUxMjAzMTYz
+ODUyWjCBqTELMAkGA1UEBhMCQVQxDTALBgNVBAcTBEdyYXoxJjAkBgNVBAoTHUdy
+YXogVW5pdmVyc2l0eSBvZiBUZWNobm9sb2d5MUgwRgYDVQQLEz9JbnN0aXR1dGUg
+Zm9yIEFwcGxpZWQgSW5mb3JtYXRpb24gUHJvY2Vzc2luZyBhbmQgQ29tbXVuaWNh
+dGlvbnMxGTAXBgNVBAMTEHN6cmd3LmVnaXouZ3YuYXQwggEiMA0GCSqGSIb3DQEB
+AQUAA4IBDwAwggEKAoIBAQDPDRBxrsDziPzz+GAcdJ2m6kOkJcr4REzMzP9dULRv
+R6EbVvvwQgPpAEcuqH+101ZwcIHNSCSQF30HnkJVF9hQ+4jIKjvUQ96hkZUC8OyI
+9WfJfPjCtMea9Mk4YsI2DVc6xoiuNKSeZt6ER0b3YDRFX6x4QqQpgt3uIMKjHxBf
+ESB9ehKLEPnQTgIzblvVrPWRAjVd+nZq40ZW1Im9Kq2pRk1gt5xiGh0q5qCV17Yj
+mzTcO4tcgW7iFJ8Tj1Cdog7AOBkhGXGtndfhH/EwGo08PZ1PEYwA5wTVHEhq/Nom
+zBKhDBRdDBhWOuxMeX8zSffuBYf9Oa9RGZBPErUi9HgHAgMBAAGjggHWMIIB0jAO
+BgNVHQ8BAf8EBAMCBLAwFgYDVR0lAQH/BAwwCgYIKwYBBQUHAwEwDAYDVR0TAQH/
+BAIwADBQBgNVHSAESTBHMEUGDCsGAQQBlRIBAgMBATA1MDMGCCsGAQUFBwIBFido
+dHRwOi8vZXVyb3BraS5pYWlrLmF0L2NhL2lhaWsvY3BzLzEuMy8wHQYDVR0OBBYE
+FFi1nfsT7YEJ9PKNzMHBtXbl574ZMEgGA1UdHwRBMD8wPaA7oDmGN2h0dHA6Ly9j
+YS5pYWlrLnR1Z3Jhei5hdC9jYXBzby9jcmxzL0V1cm9QS0lJQUlLX1NTTC5jcmww
+gZoGCCsGAQUFBwEBBIGNMIGKMEIGCCsGAQUFBzABhjZodHRwOi8vY2EuaWFpay50
+dWdyYXouYXQvY2Fwc28vT0NTUD9jYT1FdXJvUEtJSUFJS19TU0wwRAYIKwYBBQUH
+MAKGOGh0dHA6Ly9jYS5pYWlrLnR1Z3Jhei5hdC9jYXBzby9jZXJ0cy9FdXJvUEtJ
+SUFJS19TU0wuY2VyMCEGA1UdEQQaMBiBFnRob21hcy5sZW56QGVnaXouZ3YuYXQw
+HwYDVR0jBBgwFoAUFZk0u+CXsy4oNl3WeM9osRQzuEkwDQYJKoZIhvcNAQEFBQAD
+ggEBAItlnRWi7nFbd9oahK06YNgkI6c3zPfWp3anaYOxZt+AakjI7IoV2YprNVWJ
+2RZ2KA7rM3xNO1i1/H6TcWpjIJy+zsejvyXjQbC9e+wy3hD7iqtCt4oWqzIg61NE
+u1j1u/r9/yozDEkOYv7XY+X5xNBCZ1YfbOwKltLdCWhk6MSK9xDUoeub0DyD3OIS
+4VBVfftsVaJA9vY9e62aSpysEU6VoJpoXVLv1pGeCMajF9d7umCs+daguugbUNMM
+FIfAll/9kcEG7FmpLaWA1qRpfTb8XZ6j/J0YrWAzyyCmLiQJRmhDDipi7PqAJBz6
+9aau5Lhfs4OYoKxgiw7WxOJldFo=
+-----END CERTIFICATE-----
diff --git a/id/server/doc/conf/moa-id/htmlTemplates/loginFormFull.html b/id/server/doc/conf/moa-id/htmlTemplates/loginFormFull.html
new file mode 100644
index 000000000..ef070b8eb
--- /dev/null
+++ b/id/server/doc/conf/moa-id/htmlTemplates/loginFormFull.html
@@ -0,0 +1,846 @@
+<!DOCTYPE html>
+<html>
+<head>
+<meta content="text/html; charset=utf-8" http-equiv="Content-Type">
+
+ <!-- MOA-ID 2.x BKUSelection Layout CSS -->
+ <style type="text/css">
+ @media screen and (min-width: 650px) {
+
+ body {
+ margin:0;
+ padding:0;
+ color : #000;
+ background-color : #fff;
+ text-align: center;
+ background-color: #6B7B8B;
+ }
+
+ #localBKU p {
+ font-size: 0.7em;
+ }
+
+ #localBKU input{
+ font-size: 0.7em;
+ /*border-radius: 5px;*/
+ }
+
+ #bkuselectionarea input[type=button] {
+ font-size: 0.85em;
+ /*border-radius: 7px;*/
+ margin-bottom: 25px;
+ min-width: 80px;
+ }
+
+ #mandateLogin {
+ font-size: 0.85em;
+ }
+
+ #bku_header h2 {
+ font-size: 0.8em;
+ }
+
+
+ #page {
+ display: block;
+ border: 2px solid rgb(0,0,0);
+ width: 650px;
+ height: 460px;
+ margin: 0 auto;
+ margin-top: 5%;
+ position: relative;
+ border-radius: 25px;
+ background: rgb(255,255,255);
+ }
+
+ #page1 {
+ text-align: center;
+ }
+
+ #main {
+ /* clear:both; */
+ position:relative;
+ margin: 0 auto;
+ width: 250px;
+ text-align: center;
+ }
+
+ .OA_header {
+ /* background-color: white;*/
+ font-size: 20pt;
+ margin-bottom: 25px;
+ margin-top: 25px;
+ }
+
+ #leftcontent {
+ /*float:left; */
+ width:250px;
+ margin-bottom: 25px;
+ text-align: left;
+ border: 1px solid rgb(0,0,0);
+ }
+
+ #selectArea {
+ font-size: 15px;
+ padding-bottom: 65px;
+ }
+
+ #leftcontent {
+ width: 300px;
+ margin-top: 30px;
+ }
+
+ #bku_header {
+ height: 5%;
+ padding-bottom: 3px;
+ padding-top: 3px;
+ }
+
+ #bkulogin {
+ overflow:hidden;
+ min-width: 190px;
+ min-height: 180px;
+ /*height: 260px;*/
+ }
+
+ h2#tabheader{
+ font-size: 1.1em;
+ padding-left: 2%;
+ padding-right: 2%;
+ position: relative;
+ }
+
+ #stork h2 {
+ font-size: 1.0em;
+ margin-bottom: 2%;
+ }
+
+ .setAssertionButton_full {
+ background: #efefef;
+ cursor: pointer;
+ margin-top: 15px;
+ width: 100px;
+ height: 30px
+ }
+
+ #leftbutton {
+ width: 30%;
+ float:left;
+ margin-left: 40px;
+ }
+
+ #rightbutton {
+ width: 30%;
+ float:right;
+ margin-right: 45px;
+ text-align: right;
+ }
+
+ button {
+ height: 25px;
+ width: 75px;
+ margin-bottom: 10px;
+ }
+
+ #validation {
+ position: absolute;
+ bottom: 0px;
+ margin-left: 270px;
+ padding-bottom: 10px;
+ }
+
+ }
+
+ @media screen and (max-width: 205px) {
+ #localBKU p {
+ font-size: 0.6em;
+ }
+
+ #localBKU input {
+ font-size: 0.6em;
+ min-width: 60px;
+ /* max-width: 65px; */
+ min-height: 1.0em;
+ /* border-radius: 5px; */
+ }
+
+ #bkuselectionarea input[type=button] {
+ font-size: 0.7em;
+ min-width: 55px;
+ /*min-height: 1.1em;
+ border-radius: 5px;*/
+ margin-bottom: 2%
+ }
+
+ #mandateLogin {
+ font-size: 0.65em;
+ }
+
+ #bku_header h2 {
+ font-size: 0.8em;
+ margin-top: -0.4em;
+ padding-top: 0.4em;
+ }
+
+ #bkulogin {
+ min-height: 150px;
+ }
+ }
+
+ @media screen and (max-width: 249px) and (min-width: 206px) {
+ #localBKU p {
+ font-size: 0.7em;
+ }
+
+ #localBKU input {
+ font-size: 0.7em;
+ min-width: 70px;
+ /* max-width: 75px; */
+ min-height: 0.95em;
+ /* border-radius: 6px; */
+ }
+
+ #bkuselectionarea input[type=button] {
+ font-size: 0.75em;
+ min-width: 60px;
+ /* min-height: 0.95em;
+ border-radius: 6px; */
+ margin-bottom: 5%
+ }
+
+ #mandateLogin {
+ font-size: 0.75em;
+ }
+
+ #bku_header h2 {
+ font-size: 0.9em;
+ margin-top: -0.45em;
+ padding-top: 0.45em;
+ }
+
+ #bkulogin {
+ min-height: 180px;
+ }
+ }
+
+ @media screen and (max-width: 299px) and (min-width: 250px) {
+ #localBKU p {
+ font-size: 0.9em;
+ }
+
+ #localBKU input {
+ font-size: 0.8em;
+ min-width: 70px;
+ /* max-width: 75px; */
+ /* border-radius: 6px; */
+ }
+
+ #bkuselectionarea input[type=button] {
+ font-size: 0.85em;
+ /* min-height: 1.05em;
+ border-radius: 7px; */
+ margin-bottom: 10%;
+ }
+
+ #mandateLogin {
+ font-size: 1em;
+ }
+
+ #bku_header h2 {
+ font-size: 1.0em;
+ margin-top: -0.50em;
+ padding-top: 0.50em;
+ }
+ }
+
+ @media screen and (max-width: 399px) and (min-width: 300px) {
+ #localBKU p {
+ font-size: 0.9em;
+ }
+
+ #localBKU input {
+ font-size: 0.8em;
+ min-width: 70px;
+ /* max-width: 75px; */
+ /* border-radius: 6px; */
+ }
+
+ #bkuselectionarea input[type=button] {
+ font-size: 0.9em;
+ /* min-height: 1.2em;
+ border-radius: 8px; */
+ margin-bottom: 10%;
+ max-width: 80px;
+ }
+
+ #mandateLogin {
+ font-size: 1em;
+ }
+
+ #bku_header h2 {
+ font-size: 1.1em;
+ margin-top: -0.55em;
+ padding-top: 0.55em;
+ }
+ }
+
+ @media screen and (max-width: 649px) and (min-width: 400px) {
+ #localBKU p {
+ font-size: 0.9em;
+ }
+
+ #localBKU input {
+ font-size: 0.8em;
+ min-width: 70px;
+ /* max-width: 80px; */
+ /* border-radius: 6px; */
+ }
+
+ #bkuselectionarea input[type=button] {
+ font-size: 1.0em;
+ /* min-height: 1.3em;
+ border-radius: 10px; */
+ margin-bottom: 10%;
+ max-width: 85px;
+ }
+
+ #mandateLogin {
+ font-size: 1.2em;
+ }
+
+ #bku_header h2 {
+ font-size: 1.3em;
+ margin-top: -0.65em;
+ padding-top: 0.65em;
+ }
+ }
+
+
+
+ @media screen and (max-width: 649px) {
+
+ body {
+ margin:0;
+ padding:0;
+ color : #000;
+ text-align: center;
+ font-size: 100%;
+ background-color: #MAIN_BACKGOUNDCOLOR#;
+ }
+
+ #page {
+ visibility: hidden;
+ margin-top: 0%;
+ }
+
+ #page1 {
+ visibility: hidden;
+ }
+
+ #main {
+ visibility: hidden;
+ }
+
+ #validation {
+ visibility: hidden;
+ display: none;
+ }
+
+ .OA_header {
+ margin-bottom: 0px;
+ margin-top: 0px;
+ font-size: 0pt;
+ visibility: hidden;
+ }
+
+ #leftcontent {
+ visibility: visible;
+ margin-bottom: 0px;
+ text-align: left;
+ border:none;
+ vertical-align: middle;
+ min-height: 173px;
+ min-width: 204px;
+
+ }
+
+ #bku_header {
+ height: 10%;
+ min-height: 1.2em;
+ margin-top: 1%;
+ }
+
+ h2#tabheader{
+ padding-left: 2%;
+ padding-right: 2%;
+ position: relative;
+ top: 50%;
+ }
+
+ #stork h2 {
+ font-size: 0.9em;
+ margin-bottom: 2%;
+ }
+
+ #bkulogin {
+ min-width: 190px;
+ min-height: 155px;
+ }
+
+ .setAssertionButton_full {
+ background: #efefef;
+ cursor: pointer;
+ margin-top: 15px;
+ width: 70px;
+ height: 25px;
+ }
+
+ input[type=button] {
+/* height: 11%; */
+ width: 70%;
+ }
+ }
+
+ * {
+ margin: 0;
+ padding: 0;
+ font-family: #FONTTYPE#;
+ }
+
+ #selectArea {
+ padding-top: 10px;
+ padding-bottom: 55px;
+ padding-left: 10px;
+ }
+
+ .setAssertionButton {
+ background: #efefef;
+ cursor: pointer;
+ margin-top: 15px;
+ width: 70px;
+ height: 25px;
+ }
+
+ #leftbutton {
+ width: 35%;
+ float:left;
+ margin-left: 15px;
+ }
+
+ #rightbutton {
+ width: 35%;
+ float:right;
+ margin-right: 25px;
+ text-align: right;
+ }
+
+ #stork {
+ /*margin-bottom: 10px;*/
+ /* margin-top: 5px; */
+ }
+
+ #mandateLogin {
+ padding-bottom: 4%;
+ padding-top: 4%;
+ height: 10%;
+ position: relative;
+ text-align: center;
+ }
+
+ .verticalcenter {
+ vertical-align: middle;
+ }
+
+ #mandateLogin div {
+ clear: both;
+ margin-top: -1%;
+ position: relative;
+ top: 50%;
+ }
+
+ #bkuselectionarea {
+ position: relative;
+ display: block;
+ }
+
+ #localBKU {
+ padding-left: 5%;
+ padding-right: 2%;
+ padding-bottom: 4%;
+ /*padding-top: 4%;*/
+ position: relative;
+ clear: both;
+ }
+
+ #bkukarte {
+ float:left;
+ text-align:center;
+ width:40%;
+ min-height: 70px;
+ padding-left: 5%;
+ padding-top: 2%;
+ }
+
+ #bkuhandy {
+ float:right;
+ text-align:center;
+ width:40%;
+ min-height: 90px;
+ padding-right: 5%;
+ padding-top: 2%;
+ }
+
+ .bkuimage {
+ width: 90%;
+ height: auto;
+ }
+
+ #mandate{
+ text-align:center;
+ padding : 5px 5px 5px 5px;
+ }
+
+/* input[type=button], .sendButton {
+ background: #BUTTON_BACKGROUNDCOLOR#;
+ color: #BUTTON_COLOR#;
+/* border:1px solid #000; */
+/* cursor: pointer;
+/* box-shadow: 3px 3px 3px #222222; */
+/* }
+
+/* button:hover, button:focus, button:active,
+ .sendButton:hover , .sendButton:focus, .sendButton:active,
+ #mandateCheckBox:hover, #mandateCheckBox:focus, #mandateCheckBox:active {
+ background: #BUTTON_BACKGROUNDCOLOR_FOCUS#;
+ color: #BUTTON_COLOR#;
+/* border:1px solid #000; */
+/* cursor: pointer;
+/* box-shadow: -1px -1px 3px #222222; */
+/* }
+
+*/
+ input {
+ /*border:1px solid #000;*/
+ cursor: pointer;
+ }
+
+ #localBKU input {
+/* color: #BUTTON_COLOR#; */
+ border: 0px;
+ display: inline-block;
+
+ }
+
+ #localBKU input:hover, #localBKU input:focus, #localBKU input:active {
+ text-decoration: underline;
+ }
+
+ #installJava, #BrowserNOK {
+ clear:both;
+ font-size:0.8em;
+ padding:4px;
+ }
+
+ .selectText{
+
+ }
+
+ .selectTextHeader{
+
+ }
+
+ .sendButton {
+ width: 30%;
+ margin-bottom: 1%;
+ }
+
+ #leftcontent a {
+ text-decoration:none;
+ color: #000;
+ /* display:block;*/
+ padding:4px;
+ }
+
+ #leftcontent a:hover, #leftcontent a:focus, #leftcontent a:active {
+ text-decoration:underline;
+ color: #000;
+ }
+
+ .infobutton {
+ background-color: #005a00;
+ color: white;
+ font-family: serif;
+ text-decoration: none;
+ padding-top: 2px;
+ padding-right: 4px;
+ padding-bottom: 2px;
+ padding-left: 4px;
+ font-weight: bold;
+ }
+
+ .hell {
+ background-color : #MAIN_BACKGOUNDCOLOR#;
+ color: #MAIN_COLOR#;
+ }
+
+ .dunkel {
+ background-color: #HEADER_BACKGROUNDCOLOR#;
+ color: #HEADER_COLOR#;
+ }
+
+ .main_header {
+ color: black;
+ font-size: 32pt;
+ position: absolute;
+ right: 10%;
+ top: 40px;
+
+ }
+
+ </style>
+<!-- MOA-ID 2.x BKUSelection JavaScript fucnctions-->
+<script type="text/javascript">
+ function isIE() {
+ return (/MSIE (\d+\.\d+);/.test(navigator.userAgent));
+ }
+ function isFullscreen() {
+ try {
+ return ((top.innerWidth == screen.width) && (top.innerHeight == screen.height));
+ } catch (e) {
+ return false;
+ }
+ }
+ function isActivexEnabled() {
+ var supported = null;
+ try {
+ supported = !!new ActiveXObject("htmlfile");
+ } catch (e) {
+ supported = false;
+ }
+ return supported;
+ }
+ function isMetro() {
+ if (!isIE())
+ return false;
+ return !isActivexEnabled() && isFullscreen();
+ }
+ window.onload=function() {
+ document.getElementById("localBKU").style.display="block";
+ return;
+ }
+ function bkuLocalClicked() {
+ setMandateSelection();
+ }
+
+ function bkuOnlineClicked() {
+ if (isMetro())
+ document.getElementById("metroDetected").style.display="block";
+ document.getElementById("localBKU").style.display="block";
+/* if (checkMandateSSO())
+ return; */
+
+ setMandateSelection();
+/* setSSOSelection(); */
+
+ var iFrameURL = "#AUTH_URL#" + "?";
+ iFrameURL += "bkuURI=" + "#ONLINE#";
+ iFrameURL += "&useMandate=" + document.getElementById("useMandate").value;
+/* iFrameURL += "&SSO=" + document.getElementById("useSSO").value; */
+ iFrameURL += "&MODUL=" + "#MODUL#";
+ iFrameURL += "&ACTION=" + "#ACTION#";
+ iFrameURL += "&MOASessionID=" + "#SESSIONID#";
+ generateIFrame(iFrameURL);
+ }
+ function bkuHandyClicked() {
+ document.getElementById("localBKU").style.display="none";
+/* if (checkMandateSSO())
+ return; */
+
+ setMandateSelection();
+/* setSSOSelection(); */
+
+ var iFrameURL = "#AUTH_URL#" + "?";
+ iFrameURL += "bkuURI=" + "#HANDY#";
+ iFrameURL += "&useMandate=" + document.getElementById("useMandate").value;
+/* iFrameURL += "&SSO=" + document.getElementById("useSSO").value; */
+ iFrameURL += "&MODUL=" + "#MODUL#";
+ iFrameURL += "&ACTION=" + "#ACTION#";
+ iFrameURL += "&MOASessionID=" + "#SESSIONID#";
+ generateIFrame(iFrameURL);
+ }
+ function storkClicked() {
+ document.getElementById("localBKU").style.display="none";
+/* if (checkMandateSSO())
+ return; */
+
+ setMandateSelection();
+/* setSSOSelection(); */
+
+ var ccc = "AT";
+ var countrySelection = document.getElementById("cccSelection");
+ if (countrySelection != null) {
+ ccc = document.getElementById("cccSelection").value;
+ }
+ var iFrameURL = "#AUTH_URL#" + "?";
+ iFrameURL += "bkuURI=" + "#ONLINE#";
+ iFrameURL += "&useMandate=" + document.getElementById("useMandate").value;
+ iFrameURL += "&CCC=" + ccc;
+/* iFrameURL += "&SSO=" + document.getElementById("useSSO").value; */
+ iFrameURL += "&MODUL=" + "#MODUL#";
+ iFrameURL += "&ACTION=" + "#ACTION#";
+ iFrameURL += "&MOASessionID=" + "#SESSIONID#";
+ generateIFrame(iFrameURL);
+ }
+ function generateIFrame(iFrameURL) {
+ var el = document.getElementById("bkulogin");
+ var width = el.clientWidth;
+ var heigth = el.clientHeight - 20;
+ var parent = el.parentNode;
+
+ iFrameURL += "&heigth=" + heigth;
+ iFrameURL += "&width=" + width;
+
+ var iframe = document.createElement("iframe");
+ iframe.setAttribute("src", iFrameURL);
+ iframe.setAttribute("width", el.clientWidth - 1);
+ iframe.setAttribute("height", el.clientHeight - 1);
+ iframe.setAttribute("frameborder", "0");
+ iframe.setAttribute("scrolling", "no");
+ iframe.setAttribute("title", "Login");
+ parent.replaceChild(iframe, el);
+ }
+ function setMandateSelection() {
+ document.getElementById("moaidform").action = "#AUTH_URL#";
+ document.getElementById("useMandate").value = "false";
+ var checkbox = document.getElementById("mandateCheckBox");
+ if (checkbox != null) {
+ if (document.getElementById("mandateCheckBox").checked) {
+ document.getElementById("useMandate").value = "true";
+ }
+ }
+ }
+ function onChangeChecks() {
+ if (top.innerWidth < 650) {
+ document.getElementById("moaidform").setAttribute("target","_parent");
+ } else {
+ document.getElementById("moaidform").removeAttribute("target");
+ }
+
+ }
+/* function setSSOSelection() {
+ document.getElementById("useSSO").value = "false";
+ var checkbox = document.getElementById("SSOCheckBox");
+ if (checkbox != null) {
+ if (document.getElementById("SSOCheckBox").checked) {
+ document.getElementById("useSSO").value = "true";
+ }
+ }
+ } */
+
+/* function checkMandateSSO() {
+ var sso = document.getElementById("SSOCheckBox");
+ var mandate = document.getElementById("mandateCheckBox");
+
+
+ if (sso.checked && mandate.checked) {
+ alert("Anmeldung in Vertretung in kombination mit Single Sign-On wird aktuell noch nicht unterstützt!")
+ mandate.checked = false;
+ sso.checked = false;
+ return true;
+ } else {
+ return false;
+ }
+ } */
+ </script>
+<title>Anmeldung mittels Bürgerkarte oder Handy-Signatur</title>
+</head>
+<body onload="onChangeChecks();" onresize="onChangeChecks();">
+ <div id="page">
+ <div id="page1" class="case selected-case" role="main">
+ <h2 class="OA_header" role="heading">Anmeldung an: #OAName#</h2>
+ <div id="main">
+ <div id="leftcontent" class="hell" role="application">
+ <div id="bku_header" class="dunkel">
+ <h2 id="tabheader" class="dunkel" role="heading">#HEADER_TEXT#</h2>
+ </div>
+ <div id="bkulogin" class="hell" role="form">
+ <div id="mandateLogin" style="">
+ <div>
+ <input tabindex="1" type="checkbox" name="Mandate"
+ id="mandateCheckBox" class="verticalcenter" role="checkbox"
+ onClick='document.getElementById("mandateCheckBox").setAttribute("aria-checked", document.getElementById("mandateCheckBox").checked);'#MANDATECHECKED#>
+ <label for="mandateCheckBox" class="verticalcenter">in
+ Vertretung anmelden</label>
+ <!--a href="info_mandates.html"
+ target="_blank"
+ class="infobutton verticalcenter"
+ tabindex="5">i</a-->
+ </div>
+ </div>
+ <div id="bkuselectionarea">
+ <div id="bkukarte">
+ <img class="bkuimage" src="#CONTEXTPATH#/img/online-bku.png"
+ alt="OnlineBKU" /> <input name="bkuButtonOnline" type="button"
+ onClick="bkuOnlineClicked();" tabindex="2" role="button"
+ value="Karte" />
+ </div>
+ <div id="bkuhandy">
+ <img class="bkuimage" src="#CONTEXTPATH#/img/mobile-bku.png"
+ alt="HandyBKU" /> <input name="bkuButtonHandy" type="button"
+ onClick="bkuHandyClicked();" tabindex="3" role="button"
+ value="HANDY" />
+ </div>
+ </div>
+ <div id="localBKU">
+ <form method="get" id="moaidform" action="#AUTH_URL#"
+ class="verticalcenter" target="_parent">
+ <input type="hidden" name="bkuURI" value="#LOCAL#"> <input
+ type="hidden" name="useMandate" id="useMandate"> <input
+ type="hidden" name="SSO" id="useSSO"> <input
+ type="hidden" name="CCC" id="ccc"> <input type="hidden"
+ name="MODUL" value="#MODUL#"> <input type="hidden"
+ name="ACTION" value="#ACTION#"> <input type="hidden"
+ name="MOASessionID" value="#SESSIONID#">
+ <input type="submit" value=">lokale Bürgerkartenumgebung" tabindex="4"
+ role="button" class="hell"
+ onclick="setMandateSelection();"
+ >
+ <!--p>
+ <small>Alternativ können Sie eine lokal installierte BKU verwenden.</small>
+ </p-->
+ </form>
+ </div>
+
+ <div id="stork" align="center" style="#STORKVISIBLE#">
+ <h2 id="tabheader" class="dunkel">Home Country Selection</h2>
+ <p>
+ <select name="cccSelection" id="cccSelection" size="1" style="width: 120px; margin-right: 5px;" >
+ #PEPSLIST#
+ </select>
+ <button name="bkuButton" type="button" onClick="storkClicked();">Proceed</button>
+ <a href="info_stork.html" target="_blank" class="infobutton" style="color:#FFF">i</a>
+ </p>
+ </div>
+
+ <div id="metroDetected" style="display: none">
+ <p>Anscheinend verwenden Sie Internet Explorer im
+ Metro-Modus. Wählen Sie bitte "Auf dem Desktop anzeigen" aus den
+ Optionen um die Karten-Anmeldung starten zu können.</p>
+ </div>
+ </div>
+ </div>
+ </div>
+ </div>
+ <div id="validation">
+ <a href="http://validator.w3.org/check?uri="> <img
+ style="border: 0; width: 88px; height: 31px"
+ src="#CONTEXTPATH#/img/valid-html5-blue.png" alt="HTML5 ist valide!" />
+ </a> <a href="http://jigsaw.w3.org/css-validator/"> <img
+ style="border: 0; width: 88px; height: 31px"
+ src="http://jigsaw.w3.org/css-validator/images/vcss-blue"
+ alt="CSS ist valide!" />
+ </a>
+ </div>
+ </div>
+</body>
+</html>
diff --git a/id/server/doc/conf/moa-id/htmlTemplates/sendAssertionFormFull.html b/id/server/doc/conf/moa-id/htmlTemplates/sendAssertionFormFull.html
new file mode 100644
index 000000000..b80d654cc
--- /dev/null
+++ b/id/server/doc/conf/moa-id/htmlTemplates/sendAssertionFormFull.html
@@ -0,0 +1,617 @@
+<!DOCTYPE html>
+<html>
+<head>
+ <meta content="text/html; charset=utf-8" http-equiv="Content-Type">
+ <!-- MOA-ID 2.x BKUSelection Layout CSS -->
+ <style type="text/css">
+ @media screen and (min-width: 650px) {
+
+ body {
+ margin:0;
+ padding:0;
+ color : #000;
+ background-color : #fff;
+ text-align: center;
+ background-color: #6B7B8B;
+ }
+
+ #localBKU p {
+ font-size: 0.7em;
+ }
+
+ #localBKU input{
+ font-size: 0.7em;
+ border-radius: 5px;
+ }
+
+ #bkuselectionarea button {
+ font-size: 0.85em;
+ border-radius: 7px;
+ margin-bottom: 25px;
+ }
+
+ #mandateLogin {
+ font-size: 0.85em;
+ }
+
+ #bku_header h2 {
+ font-size: 0.8em;
+ }
+
+
+ #page {
+ display: block;
+ border: 2px solid rgb(0,0,0);
+ width: 650px;
+ height: 440px;
+ margin: 0 auto;
+ margin-top: 5%;
+ position: relative;
+ border-radius: 25px;
+ background: rgb(255,255,255);
+ }
+
+ #page1 {
+ text-align: center;
+ }
+
+ #main {
+ /* clear:both; */
+ position:relative;
+ margin: 0 auto;
+ width: 250px;
+ text-align: center;
+ }
+
+ .OA_header {
+ /* background-color: white;*/
+ font-size: 20pt;
+ margin-bottom: 25px;
+ margin-top: 25px;
+ }
+
+ #leftcontent {
+ width: 300px;
+ margin-top: 30px;
+ padding-bottom: 15px;
+ margin-bottom: 25px;
+ text-align: left;
+ border: 1px solid rgb(0,0,0);
+ }
+
+ #selectArea {
+ font-size: 15px;
+ padding-bottom: 65px;
+ }
+
+ #selectArea h3 {
+ margin-bottom: 25px;
+ }
+
+ #bku_header {
+ height: 5%;
+ padding-bottom: 3px;
+ padding-top: 3px;
+ }
+
+ #bkulogin {
+ overflow:hidden;
+ min-width: 190px;
+ min-height: 180px;
+ /*height: 260px;*/
+ }
+
+ h2#tabheader{
+ font-size: 1.1em;
+ padding-left: 2%;
+ padding-right: 2%;
+ position: relative;
+ }
+
+ .setAssertionButton_full {
+ margin-top: 15px;
+ width: 100px;
+ height: 30px;
+ font-size: 1.3em;
+ min-height: 1.3em;
+/* border-radius: 10px;*/
+ }
+
+ #leftbutton {
+ width: 30%;
+ float:left;
+ margin-left: 40px;
+ }
+
+ #rightbutton {
+ width: 30%;
+ float:right;
+ margin-right: 45px;
+ text-align: right;
+ }
+
+ button {
+ height: 25px;
+ width: 90px;
+ margin-bottom: 10px;
+ }
+
+ #validation {
+ position: absolute;
+ bottom: 0px;
+ margin-left: 270px;
+ padding-bottom: 10px;
+ }
+
+ }
+
+ @media screen and (max-width: 205px) {
+ #localBKU p {
+ font-size: 0.6em;
+ }
+
+ #localBKU input {
+ font-size: 0.7em;
+ min-width: 70px;
+ min-height: 1.2em;
+ border-radius: 5px;
+ }
+
+ #bkuselectionarea button, .setAssertionButton_full {
+ font-size: 0.8em;
+ min-width: 65px;
+ min-height: 1.3em;
+ /* border-radius: 5px; */
+ margin-bottom: 2%
+ }
+
+ #mandateLogin {
+ font-size: 0.65em;
+ }
+
+ #bku_header h2, #selectArea h3 {
+ font-size: 0.8em;
+ margin-top: -0.4em;
+ }
+ }
+
+ @media screen and (max-width: 249px) and (min-width: 206px) {
+ #localBKU p {
+ font-size: 0.7em;
+ }
+
+ #localBKU input {
+ font-size: 0.85em;
+ min-width: 80px;
+ min-height: 0.95em;
+ border-radius: 6px;
+ }
+
+ #bkuselectionarea button, .setAssertionButton_full {
+ font-size: 0.85em;
+ min-width: 70px;
+ min-height: 0.95em;
+ /* border-radius: 6px; */
+ margin-bottom: 2%
+ }
+
+ #mandateLogin {
+ font-size: 0.75em;
+ }
+
+ #bku_header h2, #selectArea h3 {
+ font-size: 0.9em;
+ margin-top: -0.45em;
+ }
+ }
+
+ @media screen and (max-width: 299px) and (min-width: 250px) {
+ #localBKU p {
+ font-size: 0.9em;
+ }
+
+ #localBKU input {
+ font-size: 0.9em;
+ min-width: 100px;
+ border-radius: 6px;
+ }
+
+ #bkuselectionarea button, .setAssertionButton_full {
+ font-size: 1.0em;
+ min-height: 1.05em;
+ /* border-radius: 7px; */
+ margin-bottom: 5%;
+ }
+
+ #mandateLogin {
+ font-size: 1em;
+ }
+
+ #bku_header h2, #selectArea h3 {
+ font-size: 1.0em;
+ margin-top: -0.50em;
+ }
+ }
+
+ @media screen and (max-width: 399px) and (min-width: 300px) {
+ #localBKU p {
+ font-size: 0.9em;
+ }
+
+ #localBKU input {
+ font-size: 0.9em;
+ min-width: 100px;
+ border-radius: 6px;
+ }
+
+ #bkuselectionarea button, .setAssertionButton_full {
+ font-size: 1.1em;
+ min-height: 1.2em;
+ /* border-radius: 8px; */
+ margin-bottom: 5%;
+ }
+
+ #mandateLogin {
+ font-size: 1em;
+ }
+
+ #bku_header h2, #selectArea h3 {
+ font-size: 1.1em;
+ margin-top: -0.55em;
+ }
+ }
+
+ @media screen and (max-width: 649px) and (min-width: 400px) {
+ #localBKU p {
+ font-size: 0.9em;
+ }
+
+ #localBKU input {
+ font-size: 0.9em;
+ min-width: 100px;
+ border-radius: 6px;
+ }
+
+ #bkuselectionarea button, .setAssertionButton_full {
+ font-size: 1.3em;
+ min-height: 1.3em;
+/* border-radius: 10px; */
+ margin-bottom: 5%;
+ }
+
+ #mandateLogin {
+ font-size: 1.2em;
+ }
+
+ #bku_header h2, #selectArea h3 {
+ font-size: 1.3em;
+ margin-top: -0.65em;
+ }
+ }
+
+
+
+ @media screen and (max-width: 649px) {
+
+ body {
+ margin:0;
+ padding:0;
+ color : #000;
+ text-align: center;
+ font-size: 100%;
+ background-color: #MAIN_BACKGOUNDCOLOR#;
+ }
+
+ #page {
+ visibility: hidden;
+ margin-top: 0%;
+ }
+
+ #page1 {
+ visibility: hidden;
+ }
+
+ #main {
+ visibility: hidden;
+ }
+
+ #validation {
+ visibility: hidden;
+ display: none;
+ }
+
+ .OA_header {
+ margin-bottom: 0px;
+ margin-top: 0px;
+ font-size: 0pt;
+ visibility: hidden;
+ }
+
+ #leftcontent {
+ visibility: visible;
+ margin-bottom: 0px;
+ text-align: left;
+ border:none;
+ min-width: 190px;
+/* min-height: 190px; */
+ vertical-align: middle;
+
+ }
+
+ #bku_header {
+ height: 10%;
+ min-height: 1.2em;
+ margin-top: 1%;
+ }
+
+ h2#tabheader{
+ padding-left: 2%;
+ padding-right: 2%;
+ padding-top: 1%;
+ position: relative;
+ top: 50%;
+ }
+
+ #bkulogin {
+ min-width: 190px;
+ min-height: 150px;
+ }
+
+ .setAssertionButton_full {
+ margin-top: 15px;
+ width: 70%;
+ height: 11%;
+ min-width: 60px;
+ min-height: 25px;
+ }
+
+ #selectArea h3 {
+ margin-top: 2%;
+ }
+
+ button {
+ height: 11%;
+ width: 70%;
+ }
+ }
+
+ * {
+ margin: 0;
+ padding: 0;
+/* border: 0; */
+ font-family: #FONTTYPE#;
+ }
+
+ #selectArea {
+ padding-top: 10px;
+ padding-bottom: 55px;
+ padding-left: 10px;
+ }
+
+ .setAssertionButton {
+ background: #efefef;
+ cursor: pointer;
+ margin-top: 15px;
+ width: 70px;
+ height: 25px;
+ }
+
+ #leftbutton {
+ width: 35%;
+ float:left;
+ margin-left: 15px;
+ }
+
+ #rightbutton {
+ width: 35%;
+ float:right;
+ margin-right: 25px;
+ text-align: right;
+ }
+
+ #stork {
+ margin-bottom: 10px;
+ margin-top: 5px;
+ }
+
+ #mandateLogin {
+ padding-bottom: 2%;
+ padding-top: 2%;
+ height: 10%;
+ position: relative;
+ text-align: center;
+ }
+
+ .verticalcenter {
+ vertical-align: middle;
+ }
+
+ #mandateLogin > div {
+ clear: both;
+ margin-top: -1%;
+ position: relative;
+ top: 50%;
+ }
+
+ #bkuselectionarea {
+ position: relative;
+ display: block;
+ }
+
+ #localBKU {
+ padding-left: 5%;
+ padding-right: 2%;
+ padding-bottom: 2%;
+ position: relative;
+ clear: both;
+ }
+
+ #bkukarte {
+ float:left;
+ text-align:center;
+ width:40%;
+ min-height: 70px;
+ padding-left: 5%;
+ padding-top: 2%;
+ }
+
+ #bkuhandy {
+ float:right;
+ text-align:center;
+ width:40%;
+ min-height: 90px;
+ padding-right: 5%;
+ padding-top: 2%;
+ }
+
+ .bkuimage {
+ width: 90%;
+ height: auto;
+ }
+
+ #mandate{
+ text-align:center;
+ padding : 5px 5px 5px 5px;
+ }
+
+ button, .sendButton {
+/* background: #BUTTON_BACKGROUNDCOLOR#;
+ color: #BUTTON_COLOR#; */
+ cursor: pointer;
+
+/* border:1px solid #000;
+ box-shadow: 3px 3px 3px #222222; */
+ }
+
+ button:hover, button:focus, button:active,
+ .sendButton:hover , .sendButton:focus, .sendButton:active,
+ #mandateCheckBox:hover, #mandateCheckBox:focus, #mandateCheckBox:active {
+/* background: #BUTTON_BACKGROUNDCOLOR_FOCUS#;
+ color: #BUTTON_COLOR#; */
+ cursor: pointer;
+
+/* border:1px solid #000;
+ box-shadow: -1px -1px 3px #222222; */
+ }
+
+ #installJava, #BrowserNOK {
+ clear:both;
+ font-size:0.8em;
+ padding:4px;
+ }
+
+ .selectText{
+
+ }
+
+ .selectTextHeader{
+
+ }
+
+ #leftcontent a {
+ text-decoration:none;
+ color: #000;
+ /* display:block;*/
+ padding:4px;
+ }
+
+ #leftcontent a:hover, #leftcontent a:focus, #leftcontent a:active {
+ text-decoration:underline;
+ color: #000;
+ }
+
+ .infobutton {
+ background-color: #005a00;
+ color: white;
+ font-family: serif;
+ text-decoration: none;
+ padding-top: 2px;
+ padding-right: 4px;
+ padding-bottom: 2px;
+ padding-left: 4px;
+ font-weight: bold;
+ }
+
+ .hell {
+ background-color : #MAIN_BACKGOUNDCOLOR#;
+ color: #MAIN_COLOR#;
+ }
+
+ .dunkel {
+ background-color: #HEADER_BACKGROUNDCOLOR#;
+ color: #HEADER_COLOR#;
+ }
+
+ .main_header {
+ color: black;
+ font-size: 32pt;
+ position: absolute;
+ right: 10%;
+ top: 40px;
+
+ }
+
+ </style>
+
+
+ <title>Anmeldung an Online-Applikation</title>
+</head>
+
+
+<body>
+ <div id="page">
+
+ <div id="page1" class="case selected-case" role="main">
+
+<!-- <h2 class="OA_header">Anmeldung an: #OAName#</h2> -->
+
+ <div id="main">
+ <div id="leftcontent" class="hell">
+ <div id="bku_header" class="dunkel">
+ <h2 id="tabheader" class="dunkel" role="heading">
+ Anmeldeinformationen:
+ </h2>
+ </div>
+
+ <div id="selectArea" class="hell" role="application">
+ <h3>Anmeldung an: #OAName#</h3>
+
+<!-- <div class="hell"> -->
+ <div id="leftbutton">
+ <form method="post" id="moaidform_yes" action="#URL#">
+ <input type="hidden" name="value" value="true">
+ <input type="hidden" name="mod" value="#MODUL#">
+ <input type="hidden" name="action" value="#ACTION#">
+ <input type="hidden" name="identifier" value="#ID#">
+ <input type="submit" value="Ja" class="setAssertionButton_full sendButton" role="button">
+ </form>
+ </div>
+ <div id="rightbutton">
+ <form method="post" id="moaidform_no" action="#URL#">
+ <input type="hidden" name="value" value="false">
+ <input type="hidden" name="mod" value="#MODUL#">
+ <input type="hidden" name="action" value="#ACTION#">
+ <input type="hidden" name="identifier" value="#ID#">
+ <input type="submit" value="Nein" class="setAssertionButton_full sendButton" role="button">
+ </form>
+ </div>
+
+ </div>
+ </div>
+ </div>
+ </div>
+ <div id="validation">
+ <a href="http://validator.w3.org/check?uri=">
+ <img style="border:0;width:88px;height:31px"
+ src="#CONTEXTPATH#/img/valid-html5-blue.png"
+ alt="HTML5 ist valide!" />
+ </a>
+ <a href="http://jigsaw.w3.org/css-validator/">
+ <img style="border:0;width:88px;height:31px"
+ src="http://jigsaw.w3.org/css-validator/images/vcss-blue"
+ alt="CSS ist valide!" />
+ </a>
+ </div>
+ </div>
+</body>
+</html>
diff --git a/id/server/doc/conf/moa-id/keys/assertion.crt b/id/server/doc/conf/moa-id/keys/assertion.crt
new file mode 100644
index 000000000..aa4e23cb1
--- /dev/null
+++ b/id/server/doc/conf/moa-id/keys/assertion.crt
@@ -0,0 +1,24 @@
+-----BEGIN CERTIFICATE-----
+MIIEDDCCAvSgAwIBAgIJAI6ivoxdit5XMA0GCSqGSIb3DQEBBQUAMGExCzAJBgNV
+BAYTAkFUMRMwEQYDVQQIEwpTb21lLVN0YXRlMSEwHwYDVQQKExhJbnRlcm5ldCBX
+aWRnaXRzIFB0eSBMdGQxGjAYBgNVBAMTEUFzc2VydGlvbiBTaWduaW5nMB4XDTE0
+MDIwNDEwNDEzOVoXDTI0MDIwMjEwNDEzOVowYTELMAkGA1UEBhMCQVQxEzARBgNV
+BAgTClNvbWUtU3RhdGUxITAfBgNVBAoTGEludGVybmV0IFdpZGdpdHMgUHR5IEx0
+ZDEaMBgGA1UEAxMRQXNzZXJ0aW9uIFNpZ25pbmcwggEiMA0GCSqGSIb3DQEBAQUA
+A4IBDwAwggEKAoIBAQD5tysT9qt3zoIf6GZJP0qCO0wuAD9lS0v6IzF6lKmY2sts
+2OHjC2KX2CQWruLmA2bdxeVSX21JrcCJrLh3qzpEkBGrcaqJz2AeJ6jRamYgWa/y
++4AADlPHJntdX3w+H/z6quCgvuylGcOhEo5Eoaef0U1cn3AR5Cu1yAtSMhnhrBU8
+upiHfpRvGx+UA55zQpctlhB8vw2i+6zvFI2MGV5cmJ56dF7IlDa+Yp6udlUhUAEn
+SKVLSiEifvnYD3F5F/yHg08zxvjU0Q2Yx/dp+gYK7obZvDtsmPRd24oo+CThhdf9
+8PHtfHew4cwUXyUiMzDYC0i4m8a4FsViryPBnjL9AgMBAAGjgcYwgcMwHQYDVR0O
+BBYEFCx2GmAN2fE3EdGbt/9tQZZFKGR6MIGTBgNVHSMEgYswgYiAFCx2GmAN2fE3
+EdGbt/9tQZZFKGR6oWWkYzBhMQswCQYDVQQGEwJBVDETMBEGA1UECBMKU29tZS1T
+dGF0ZTEhMB8GA1UEChMYSW50ZXJuZXQgV2lkZ2l0cyBQdHkgTHRkMRowGAYDVQQD
+ExFBc3NlcnRpb24gU2lnbmluZ4IJAI6ivoxdit5XMAwGA1UdEwQFMAMBAf8wDQYJ
+KoZIhvcNAQEFBQADggEBAPIKVBFv+lGInuACtVTVfkhHp9OJWQxDaf6vxYjvqmDl
+DZ6XMQgglNRTrF1iXxWGWU+JQQWITAWFeGJ83KhFcP7jycsW3cUmwoQDmI34Zv/b
+crS0/NFug/n8hITUCBfZwpyrBXUnJrIqtPdfPXYJNN4D/XHZBJ8NeaQWg8SApJ60
+LuUIAZcFSyTiOC0qI9VlBmSpqp5rJwLnvoadNECubwuHlws0e0lTtRBNOuq0mId3
+0isb3ct7x4628JIWTH1GjuFa05YG1d6Tt0mkyfNXK2I9OYx44b9UrJIpfIDdE6E5
+ljapkxheZJuBZWjH01dgo5/Fl3OLczcWQKdSHdHREfo=
+-----END CERTIFICATE-----
diff --git a/id/server/doc/conf/moa-id/keys/encryption.crt b/id/server/doc/conf/moa-id/keys/encryption.crt
new file mode 100644
index 000000000..c9d94f9b6
--- /dev/null
+++ b/id/server/doc/conf/moa-id/keys/encryption.crt
@@ -0,0 +1,24 @@
+-----BEGIN CERTIFICATE-----
+MIID9zCCAt+gAwIBAgIJAMC/5DRgVin3MA0GCSqGSIb3DQEBBQUAMFoxCzAJBgNV
+BAYTAkFUMRMwEQYDVQQIEwpTb21lLVN0YXRlMSEwHwYDVQQKExhJbnRlcm5ldCBX
+aWRnaXRzIFB0eSBMdGQxEzARBgNVBAMTCkVuY3J5cHRpb24wHhcNMTQwMjA0MTA0
+MjA2WhcNMjQwMjAyMTA0MjA2WjBaMQswCQYDVQQGEwJBVDETMBEGA1UECBMKU29t
+ZS1TdGF0ZTEhMB8GA1UEChMYSW50ZXJuZXQgV2lkZ2l0cyBQdHkgTHRkMRMwEQYD
+VQQDEwpFbmNyeXB0aW9uMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA
+qgKWs3IW4giGsbAUm/wRH+lcggVpOPkNqqtNA48Qfwkq/lSWdeHp0+xXOwR1Oull
+TpmfbqJouUoHf6jCt1EXqlQR2oQ1oYYjLncVMhZ9ajXVFJEBl6tw9Em4aCzkkTdL
+HfWoh21iDnYOXTgP23/59xpuvy85O39hKnysXIcniqeb1uHthMiN25R8g4bPOQNb
+OfoMXpXdVbHxM77ZDSbk88BMRsq8SnlPdelaf8HsZomtnLKXvSDLivTZloxtHjBa
+aJNS/H1zr3HI+lq4S4VH+8ilj53OeWHjstGCFiTRtZy2hZvG2PegNIL7shMN/h4i
+h+OCn/ImAW9Kf599wve5iQIDAQABo4G/MIG8MB0GA1UdDgQWBBQzMzOrGfjN+Tnz
+zbFTyLPgHS4FkjCBjAYDVR0jBIGEMIGBgBQzMzOrGfjN+TnzzbFTyLPgHS4FkqFe
+pFwwWjELMAkGA1UEBhMCQVQxEzARBgNVBAgTClNvbWUtU3RhdGUxITAfBgNVBAoT
+GEludGVybmV0IFdpZGdpdHMgUHR5IEx0ZDETMBEGA1UEAxMKRW5jcnlwdGlvboIJ
+AMC/5DRgVin3MAwGA1UdEwQFMAMBAf8wDQYJKoZIhvcNAQEFBQADggEBAADZoknf
+lcG0O9sL8CALO6UmPy1+ZlOXndoqqNu3uvzj7hvjT5RPY4hTyfrkUn5EqlHwLSCf
+C7rOxcGvRHT3/REwOef8H3MGdSV81esa5EbrRfGWjLOXoQFrIOhz5bxqoU0B7Obh
+3IUA2yCGz4SlXjMdMWN670ETglnthdY4z2Ot8n4E2YNXlRSubowat7ylkqjKvyaB
+Iz/RVgDxblkOK+bqPSKaNWvadItnMyh7Y8C3LD3tQpwYViJ0QOJ9BMujULma7Tb8
+lVIhmx3y2cU8nCqG0VPSTE6AMnuONuQjJTGFsRdDREFrALtjUpsUOXU6+19ywYSi
+LYiLYskPglktuck=
+-----END CERTIFICATE-----
diff --git a/id/server/doc/conf/moa-id/keys/metadata.crt b/id/server/doc/conf/moa-id/keys/metadata.crt
new file mode 100644
index 000000000..bd9640b37
--- /dev/null
+++ b/id/server/doc/conf/moa-id/keys/metadata.crt
@@ -0,0 +1,24 @@
+-----BEGIN CERTIFICATE-----
+MIIECTCCAvGgAwIBAgIJAIHjIpba8E6mMA0GCSqGSIb3DQEBBQUAMGAxCzAJBgNV
+BAYTAkFUMRMwEQYDVQQIEwpTb21lLVN0YXRlMSEwHwYDVQQKExhJbnRlcm5ldCBX
+aWRnaXRzIFB0eSBMdGQxGTAXBgNVBAMTEE1ldGFkYXRhIFNpZ25pbmcwHhcNMTQw
+MjA0MTA0MTA4WhcNMjQwMjAyMTA0MTA4WjBgMQswCQYDVQQGEwJBVDETMBEGA1UE
+CBMKU29tZS1TdGF0ZTEhMB8GA1UEChMYSW50ZXJuZXQgV2lkZ2l0cyBQdHkgTHRk
+MRkwFwYDVQQDExBNZXRhZGF0YSBTaWduaW5nMIIBIjANBgkqhkiG9w0BAQEFAAOC
+AQ8AMIIBCgKCAQEAvfDn2hbBnvywRNc7wmToItDzXitkl9nfM9Q3ubEN9qAh4/PD
+ICrKdzFBq08a7NR5xNJhDCUhhZ/W20ZJvh+1dwQdgSzanA91iVKbL4YFYKbnM9/x
+tarTAMZMWH34qIkfwkKyTEDWeOqFG2653azO5e+0DFiBV7AytR3dmy1ZnJoqhGIY
+O4EzINikof1M7t5I8xBS3gAyQKyu0yhbj5AyUujpNIPX0JeE1C1DsrHaeuAHZXLh
+zHEWSG3NVXrn8HAXAAtqGJ+E9SRztqsigDjNjbqrrp/vmPUag9Rb2o8/flEZTPRS
+ttCQTHK8jst/I2qgLkePB5kSp65caXUf4xuFqQIDAQABo4HFMIHCMB0GA1UdDgQW
+BBQFbqjmW9JHVCWwocMdO0EodAfy/jCBkgYDVR0jBIGKMIGHgBQFbqjmW9JHVCWw
+ocMdO0EodAfy/qFkpGIwYDELMAkGA1UEBhMCQVQxEzARBgNVBAgTClNvbWUtU3Rh
+dGUxITAfBgNVBAoTGEludGVybmV0IFdpZGdpdHMgUHR5IEx0ZDEZMBcGA1UEAxMQ
+TWV0YWRhdGEgU2lnbmluZ4IJAIHjIpba8E6mMAwGA1UdEwQFMAMBAf8wDQYJKoZI
+hvcNAQEFBQADggEBAECK58eJgkd54gQAV9gGXRC2LV1tdBzn89Q57Ff/UwBQzN0M
++uytem8lwVCpUeAk6N01/krzmSbJojqpXId+O/iHhQ8lwDmJnXRrCZH7APiQ3yC0
+p4ufWtxhqixc+Itl96HzHDRXb7eZkXdVERGM26UGwyaBfxkIcLdpMoojlHBJlHaA
+oHDYiJHQBmqk5+YMOuEOnpsKY0115MZ38DoppNfeAFG8K4ZDI5vH9VWk8PDJu+jv
+tWbhXNsKiiCMdZrsnvGjxPpk/6zJpJpBcwCzhIvnaEobijKMO+6aH/6zfbB6JKn/
+Dz3Rw+0WbypFYbbpIzWRCkXSAQju/w3vHBGnCyI=
+-----END CERTIFICATE-----
diff --git a/id/server/doc/conf/moa-id/keys/moa_idp[password].p12 b/id/server/doc/conf/moa-id/keys/moa_idp[password].p12
new file mode 100644
index 000000000..78cab1e89
--- /dev/null
+++ b/id/server/doc/conf/moa-id/keys/moa_idp[password].p12
Binary files differ
diff --git a/id/server/doc/conf/moa-id/keys/storkDemoKeys.jks b/id/server/doc/conf/moa-id/keys/storkDemoKeys.jks
new file mode 100644
index 000000000..8196ab319
--- /dev/null
+++ b/id/server/doc/conf/moa-id/keys/storkDemoKeys.jks
Binary files differ
diff --git a/id/server/doc/conf/moa-id/log4j.properties b/id/server/doc/conf/moa-id/log4j.properties
new file mode 100644
index 000000000..310b58a3d
--- /dev/null
+++ b/id/server/doc/conf/moa-id/log4j.properties
@@ -0,0 +1,27 @@
+# commons-logging setup
+org.apache.commons.logging.LogFactory=org.apache.commons.logging.impl.Log4jFactory
+
+# define log4j root loggers
+log4j.rootLogger=info, stdout, R
+log4j.logger.at.gv.egovernment.moa=info
+log4j.logger.at.gv.egovernment.moa.spss=info
+log4j.logger.iaik.server=info
+log4j.logger.at.gv.egovernment.moa.id=info
+log4j.logger.at.gv.egovernment.moa.id.proxy=info
+log4j.logger.eu.stork=info
+log4j.logger.org.hibernate=warn
+
+# configure the stdout appender
+log4j.appender.stdout=org.apache.log4j.ConsoleAppender
+log4j.appender.stdout.layout=org.apache.log4j.PatternLayout
+#log4j.appender.stdout.layout.ConversionPattern=%5p | %d{dd HH:mm:ss,SSS} | %20c | %10t | %m%n
+log4j.appender.stdout.layout.ConversionPattern=%5p | %d{dd HH:mm:ss,SSS} | %20.20c | %10t | %m%n
+
+# configure the rolling file appender (R)
+log4j.appender.R=org.apache.log4j.RollingFileAppender
+log4j.appender.R.File=${catalina.base}/logs/moa-id.log
+log4j.appender.R.MaxFileSize=10000KB
+log4j.appender.R.MaxBackupIndex=1
+log4j.appender.R.layout=org.apache.log4j.PatternLayout
+log4j.appender.R.layout.ConversionPattern=%5p | %d{dd HH:mm:ss,SSS} | %t | %m%n
+
diff --git a/id/server/doc/conf/moa-id/moa-id.properties b/id/server/doc/conf/moa-id/moa-id.properties
new file mode 100644
index 000000000..bf9cf84d0
--- /dev/null
+++ b/id/server/doc/conf/moa-id/moa-id.properties
@@ -0,0 +1,117 @@
+##General MOA-ID 2.0 Configuration
+
+#MOA-ID 2.0 XML configuration files (necessary, if inmemory database is used)
+#configuration.xml=$PATH_TO_CONFIG$/conf/moa-id/MOAIDConfiguration-2.0.xml
+
+##For Testing
+configuration.validation.certificate.QC.ignore=false
+protocols.pvp2.assertion.encryption.active=false
+
+##General MOA-ID 2.0 operations
+#MOA-ID 2.0 session information encryption key (PassPhrase)
+configuration.moasession.key=SessionEncryptionKey
+
+#MOA-ID 2.0 Monitoring Servlet
+configuration.monitoring.active=false
+configuration.monitoring.message.success=All Tests passed!
+configuration.monitoring.test.identitylink.url=$PATH_TO_CONFIG$/conf/moa-id/monitoring/monitoring_idl.xml
+
+#MOA-ID 2.0 Advanced Logging
+configuration.advancedlogging.active=false
+
+##Webservice Client Configuration
+#MOA-SP webservice
+#service.moasp.acceptedServerCertificates=
+#service.moasp.clientKeyStore=
+#service.moasp.clientKeyStorePassword=
+
+#Online mandates webservice (MIS)
+service.onlinemandates.acceptedServerCertificates=
+service.onlinemandates.clientKeyStore=keys/....
+service.onlinemandates.clientKeyStorePassword=
+
+#Foreign Identities (SZRGW)
+service.foreignidentities.acceptedServerCertificates=
+service.foreignidentities.clientKeyStore=keys/....
+service.foreignidentities.clientKeyStorePassword=
+
+
+##Protocol configuration##
+#PVP2
+protocols.pvp2.idp.ks.file=file:$PATH_TO_CONFIG$/conf/moa-id/keys/moa_idp.p12
+protocols.pvp2.idp.ks.kspassword=password
+protocols.pvp2.idp.ks.metadata.alias=pvp_metadata
+protocols.pvp2.idp.ks.metadata.keypassword=password
+protocols.pvp2.idp.ks.assertion.sign.alias=pvp_assertion
+protocols.pvp2.idp.ks.assertion.sign.keypassword=password
+
+#OpenID connect (OAuth)
+protocols.oauth20.jwt.ks.file=file:$PATH_TO_CONFIG$/conf/moa-id/keys/moa_idp.p12
+protocols.oauth20.jwt.ks.password=password
+protocols.oauth20.jwt.ks.key.name=oauth
+protocols.oauth20.jwt.ks.key.password=password
+
+##Database configuration##
+#Hibnerate configuration for MOA-ID 2.0 session store
+moasession.hibernate.dialect=org.hibernate.dialect.MySQLDialect
+moasession.hibernate.connection.url=jdbc:mysql://localhost/moa-id-session?charSet=utf-8
+moasession.hibernate.connection.charSet=utf-8
+moasession.hibernate.connection.driver_class=com.mysql.jdbc.Driver
+moasession.hibernate.connection.username=
+moasession.hibernate.connection.password=
+
+moasession.hibernate.hbm2ddl.auto=update
+moasession.hibernate.current_session_context_class=thread
+moasession.hibernate.transaction.flush_before_completion=true
+moasession.hibernate.transaction.auto_close_session=true
+moasession.hibernate.show_sql=false
+moasession.hibernate.format_sql=true
+moasession.hibernate.c3p0.acquire_increment=3
+moasession.hibernate.c3p0.idle_test_period=60
+moasession.hibernate.c3p0.timeout=60
+moasession.hibernate.c3p0.max_size=20
+moasession.hibernate.c3p0.max_statements=0
+moasession.hibernate.c3p0.min_size=3
+
+#Hibnerate configuration for MOA-ID 2.0 configuration
+configuration.hibernate.dialect=org.hibernate.dialect.MySQLDialect
+configuration.hibernate.connection.url=jdbc:mysql://localhost/moa-id-config?charSet=utf-8&autoReconnect=true
+configuration.hibernate.connection.charSet=utf-8
+configuration.hibernate.connection.driver_class=com.mysql.jdbc.Driver
+configuration.hibernate.connection.username=
+configuration.hibernate.connection.password=
+
+configuration.hibernate.hbm2ddl.auto=update
+configuration.hibernate.current_session_context_class=thread
+configuration.hibernate.transaction.auto_close_session=true
+configuration.hibernate.show_sql=false
+configuration.hibernate.format_sql=true
+configuration.hibernate.connection.provider_class=org.hibernate.service.jdbc.connections.internal.C3P0ConnectionProvider
+configuration.hibernate.c3p0.acquire_increment=3
+configuration.hibernate.c3p0.idle_test_period=60
+configuration.hibernate.c3p0.timeout=300
+configuration.hibernate.c3p0.max_size=20
+configuration.hibernate.c3p0.max_statements=0
+configuration.hibernate.c3p0.min_size=3
+
+#
+#Hibnerate configuration for MOA-ID 2.0 advanced statistic logging
+advancedlogging.hibernate.dialect=org.hibernate.dialect.MySQLDialect
+advancedlogging.hibernate.connection.url=jdbc:mysql://localhost/moa-id-statistic?charSet=utf-8&autoReconnect=true
+advancedlogging.hibernate.connection.charSet=utf-8
+advancedlogging.hibernate.connection.driver_class=com.mysql.jdbc.Driver
+advancedlogging.hibernate.connection.username=
+advancedlogging.hibernate.connection.password=
+
+advancedlogging.hibernate.hbm2ddl.auto=update
+advancedlogging.hibernate.current_session_context_class=thread
+advancedlogging.hibernate.transaction.auto_close_session=true
+advancedlogging.hibernate.show_sql=false
+advancedlogging.hibernate.format_sql=true
+advancedlogging.hibernate.connection.provider_class=org.hibernate.service.jdbc.connections.internal.C3P0ConnectionProvider
+advancedlogging.hibernate.c3p0.acquire_increment=3
+advancedlogging.hibernate.c3p0.idle_test_period=60
+advancedlogging.hibernate.c3p0.timeout=300
+advancedlogging.hibernate.c3p0.max_size=20
+advancedlogging.hibernate.c3p0.max_statements=0
+advancedlogging.hibernate.c3p0.min_size=3
diff --git a/id/server/doc/conf/moa-id/monitoring/MOA-ID-Auth_Monitoring.crt b/id/server/doc/conf/moa-id/monitoring/MOA-ID-Auth_Monitoring.crt
new file mode 100644
index 000000000..7c3252dcb
--- /dev/null
+++ b/id/server/doc/conf/moa-id/monitoring/MOA-ID-Auth_Monitoring.crt
@@ -0,0 +1,18 @@
+-----BEGIN CERTIFICATE-----
+MIIC8TCCAdkCBFM0RyYwDQYJKoZIhvcNAQEFBQAwPTELMAkGA1UEBhMCQVQxDTAL
+BgNVBAoMBEVHSVoxHzAdBgNVBAMMFk1PQS1JRC1BdXRoX01vbml0b3JpbmcwHhcN
+MTQwMzI3MTU0MzM0WhcNMTYwOTEyMTU0MzM0WjA9MQswCQYDVQQGEwJBVDENMAsG
+A1UECgwERUdJWjEfMB0GA1UEAwwWTU9BLUlELUF1dGhfTW9uaXRvcmluZzCCASIw
+DQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAJSQBR+b3KmRUklO9lmQzVtWCY4Y
+/mI3FR5Jma5hjosmKaFfLrExwpXMZIpDFljULtF1+pOaln66rlqRBOvzkhJvY5xD
+31GEG1XRi6rWxLGObmTuG2ZeSh3KpPOReUyrkrQ2UFQEo5Ytc/C/Ad3vQJdw3hPa
+Koi0Uszgyf3a1RD8b2EewqYXxPHMortSzbpg9cZ7BYg2+iAF2WbgAmUx0Kp7GvfN
+QnPMWZtu0E/pBEn5QKc6UZm1F0KR/Vq/ymDdEPlX+4261Ak26lyJJcn0BRRgrkK5
+bced+/SvxzXNae03ePSx4q9g4VLZw+j28lIpk1ngH8V8EAjzQDOBzvQQ6jsCAwEA
+ATANBgkqhkiG9w0BAQUFAAOCAQEAPis2r4hI6ld6KDnHs+f8wC3Vr/atFqeryqlj
+COIoX6HoxSczvGY7uimek43ezD+PDUntohrlukZO6YfqKrlgKBWg1kiBxK0ISZkS
+QgIraHexuT6eZ4558I43eGEiATzEkb+h60aO4YI7IyVbS5T9Rwb8fv9LzUgDtTtZ
+ALtVVr9c3ZG+O7bYEFNA0jkHU3n8gzLNsR5TVB8S693VDv8OMn8oef0EXRCuTW9V
+GUQyNpAO/gtlSW43NOc/ZL4lPdl0qzYtil5mKUTvuMvec37lhlpbzywSHq8boGBA
+RDjfEDR8ObgjGU7ik9nBkNMgeB6rEOAYZmiCZVMMUxPuIF9Nzw==
+-----END CERTIFICATE-----
diff --git a/id/server/doc/conf/moa-id/monitoring/monitoring_idl.xml b/id/server/doc/conf/moa-id/monitoring/monitoring_idl.xml
new file mode 100644
index 000000000..6a0602c04
--- /dev/null
+++ b/id/server/doc/conf/moa-id/monitoring/monitoring_idl.xml
@@ -0,0 +1,87 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<saml:Assertion xmlns:saml="urn:oasis:names:tc:SAML:1.0:assertion" xmlns:ecdsa="http://www.w3.org/2001/04/xmldsig-more#" xmlns:pr="http://reference.e-government.gv.at/namespace/persondata/20020228#" xmlns:si="http://www.w3.org/2001/XMLSchema-instance" AssertionID="szr.bmi.gv.at-AssertionID13456264458587874" IssueInstant="2012-08-22T11:07:25+01:00" Issuer="http://portal.bmi.gv.at/ref/szr/issuer" MajorVersion="1" MinorVersion="0" xmlns:dsig="http://www.w3.org/2000/09/xmldsig#">
+ <saml:AttributeStatement>
+ <saml:Subject>
+ <saml:SubjectConfirmation>
+ <saml:ConfirmationMethod>urn:oasis:names:tc:SAML:1.0:cm:sender-vouches</saml:ConfirmationMethod>
+ <saml:SubjectConfirmationData>
+ <pr:Person si:type="pr:PhysicalPersonType">
+ <pr:Identification>
+ <pr:Value>wJO/bvDJjUysG0yARn7I6w==</pr:Value>
+ <pr:Type>urn:publicid:gv.at:baseid</pr:Type>
+ </pr:Identification>
+ <pr:Name>
+ <pr:GivenName>XXXRúùd</pr:GivenName>
+ <pr:FamilyName primary="undefined">XXXVàn Nisteĺrooy</pr:FamilyName>
+ </pr:Name>
+ <pr:DateOfBirth>1969-02-13</pr:DateOfBirth>
+ </pr:Person>
+ </saml:SubjectConfirmationData>
+ </saml:SubjectConfirmation>
+ </saml:Subject>
+ <saml:Attribute AttributeName="CitizenPublicKey" AttributeNamespace="urn:publicid:gv.at:namespaces:identitylink:1.2">
+ <saml:AttributeValue>
+ <ecdsa:ECDSAKeyValue>
+ <ecdsa:DomainParameters>
+ <ecdsa:NamedCurve URN="urn:oid:1.2.840.10045.3.1.7"/>
+ </ecdsa:DomainParameters>
+ <ecdsa:PublicKey>
+ <ecdsa:X Value="22280299907126338788314199678167217078072953115254374209747379168424021905237" si:type="ecdsa:PrimeFieldElemType"/>
+ <ecdsa:Y Value="40387096985250872237992703378062984723606079359080588656963239072881568409170" si:type="ecdsa:PrimeFieldElemType"/>
+ </ecdsa:PublicKey>
+ </ecdsa:ECDSAKeyValue>
+ </saml:AttributeValue>
+ </saml:Attribute>
+ <saml:Attribute AttributeName="CitizenPublicKey" AttributeNamespace="urn:publicid:gv.at:namespaces:identitylink:1.2">
+ <saml:AttributeValue>
+ <dsig:RSAKeyValue>
+ <dsig:Modulus>4Y4FL09VhczsfYQgFPuycP8quJNZBAAu1R1rFXNodI2711B6BTMjAGQn6xuFWfd3/nyFav/MLTr/
+t2VazvANS4TRFxJAcWyIx7xbxCdzZr6gJ+FCmq4g5JPrQvt50v3JX+wKSYft1gHBOWlDn90Ia4Gm
+P8MVuze21T+VVKM6ZklmS6d5PT1er/uYQFydGErmJ17xlSQG6Fi5xuftopBDyJxG1tL1KIebpLFg
+gaM2EyuB1HxH8/+Mfqa4UgeqIH65</dsig:Modulus>
+ <dsig:Exponent>AQAB</dsig:Exponent>
+ </dsig:RSAKeyValue>
+ </saml:AttributeValue>
+ </saml:Attribute>
+ </saml:AttributeStatement>
+ <dsig:Signature>
+ <dsig:SignedInfo>
+ <dsig:CanonicalizationMethod Algorithm="http://www.w3.org/TR/2001/REC-xml-c14n-20010315"/>
+ <dsig:SignatureMethod Algorithm="http://www.w3.org/2000/09/xmldsig#rsa-sha1"/>
+ <dsig:Reference URI="">
+ <dsig:Transforms>
+ <dsig:Transform Algorithm="http://www.w3.org/2000/09/xmldsig#enveloped-signature"/>
+ </dsig:Transforms>
+ <dsig:DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"/>
+ <dsig:DigestValue>s/7GYPVfkHIvy5RcB5QRnXVSWwo=</dsig:DigestValue>
+ </dsig:Reference>
+ </dsig:SignedInfo>
+ <dsig:SignatureValue>LSsx2zO/XyJ9RCEcChmQ2+251PtaFz07sBw1DBw0Eui4mjRRMSaKXxD0GoQDRzvQQNYusLNqpGiixscBIb4XcR8ipSjZVPnH2E19o/O2fz2uFDWnlCHEhhG8OMNT2XzS6lZtMSSzVcAJINLBlz6DKG63+NhClb+1lUHoLa5CpwYDW/guVKLng8PNElBY5mw3GOSL8PskFsYK+bnRUAvvgGigm3XLtlZ4QQWDsGBNgJxW0boAm5vei+YVHVxrkL2YDkdvGUmD+RjzwZx8fxlfN4ajR00Q5mNc0xQtaL/g+vKdL6EeegZAKPZ/jrEpN0RZfuxPaAmt4t0Jav51mTKa4w==</dsig:SignatureValue>
+ <dsig:KeyInfo>
+ <dsig:KeyValue>
+ <dsig:RSAKeyValue>
+ <dsig:Modulus>lJAFH5vcqZFSSU72WZDNW1YJjhj+YjcVHkmZrmGOiyYpoV8usTHClcxkikMWWNQu0XX6k5qWfrquWpEE6/OSEm9jnEPfUYQbVdGLqtbEsY5uZO4bZl5KHcqk85F5TKuStDZQVASjli1z8L8B3e9Al3DeE9oqiLRSzODJ/drVEPxvYR7CphfE8cyiu1LNumD1xnsFiDb6IAXZZuACZTHQqnsa981Cc8xZm27QT+kESflApzpRmbUXQpH9Wr/KYN0Q+Vf7jbrUCTbqXIklyfQFFGCuQrltx5379K/HNc1p7Td49LHir2DhUtnD6PbyUimTWeAfxXwQCPNAM4HO9BDqOw==</dsig:Modulus>
+ <dsig:Exponent>AAEAAQ==</dsig:Exponent>
+ </dsig:RSAKeyValue>
+ </dsig:KeyValue>
+ <dsig:X509Data>
+ <dsig:X509Certificate>MIIC8TCCAdkCBFM0RyYwDQYJKoZIhvcNAQEFBQAwPTELMAkGA1UEBhMCQVQxDTAL
+BgNVBAoMBEVHSVoxHzAdBgNVBAMMFk1PQS1JRC1BdXRoX01vbml0b3JpbmcwHhcN
+MTQwMzI3MTU0MzM0WhcNMTYwOTEyMTU0MzM0WjA9MQswCQYDVQQGEwJBVDENMAsG
+A1UECgwERUdJWjEfMB0GA1UEAwwWTU9BLUlELUF1dGhfTW9uaXRvcmluZzCCASIw
+DQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAJSQBR+b3KmRUklO9lmQzVtWCY4Y
+/mI3FR5Jma5hjosmKaFfLrExwpXMZIpDFljULtF1+pOaln66rlqRBOvzkhJvY5xD
+31GEG1XRi6rWxLGObmTuG2ZeSh3KpPOReUyrkrQ2UFQEo5Ytc/C/Ad3vQJdw3hPa
+Koi0Uszgyf3a1RD8b2EewqYXxPHMortSzbpg9cZ7BYg2+iAF2WbgAmUx0Kp7GvfN
+QnPMWZtu0E/pBEn5QKc6UZm1F0KR/Vq/ymDdEPlX+4261Ak26lyJJcn0BRRgrkK5
+bced+/SvxzXNae03ePSx4q9g4VLZw+j28lIpk1ngH8V8EAjzQDOBzvQQ6jsCAwEA
+ATANBgkqhkiG9w0BAQUFAAOCAQEAPis2r4hI6ld6KDnHs+f8wC3Vr/atFqeryqlj
+COIoX6HoxSczvGY7uimek43ezD+PDUntohrlukZO6YfqKrlgKBWg1kiBxK0ISZkS
+QgIraHexuT6eZ4558I43eGEiATzEkb+h60aO4YI7IyVbS5T9Rwb8fv9LzUgDtTtZ
+ALtVVr9c3ZG+O7bYEFNA0jkHU3n8gzLNsR5TVB8S693VDv8OMn8oef0EXRCuTW9V
+GUQyNpAO/gtlSW43NOc/ZL4lPdl0qzYtil5mKUTvuMvec37lhlpbzywSHq8boGBA
+RDjfEDR8ObgjGU7ik9nBkNMgeB6rEOAYZmiCZVMMUxPuIF9Nzw==</dsig:X509Certificate>
+ </dsig:X509Data>
+ </dsig:KeyInfo>
+ </dsig:Signature>
+</saml:Assertion>
diff --git a/id/server/doc/conf/moa-id/oa/BasicOAConfiguration.xml b/id/server/doc/conf/moa-id/oa/BasicOAConfiguration.xml
new file mode 100644
index 000000000..fc99cea79
--- /dev/null
+++ b/id/server/doc/conf/moa-id/oa/BasicOAConfiguration.xml
@@ -0,0 +1,9 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!-- Demokonfiguration fuer eine Online Applikation (OA) welche 401 Basic Authentication zur Uebergabe der Parameter verwendet -->
+<Configuration xmlns="http://www.buergerkarte.at/namespaces/moaconfig#" xmlns:sl10="http://www.buergerkarte.at/namespaces/securitylayer/20020225#" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance">
+ <LoginType>stateless</LoginType>
+ <BasicAuth>
+ <UserID>MOAFamilyName</UserID>
+ <Password>MOAGivenName</Password>
+ </BasicAuth>
+</Configuration>
diff --git a/id/server/doc/conf/moa-id/oa/HeaderOAConfiguration.xml b/id/server/doc/conf/moa-id/oa/HeaderOAConfiguration.xml
new file mode 100644
index 000000000..4d34c3646
--- /dev/null
+++ b/id/server/doc/conf/moa-id/oa/HeaderOAConfiguration.xml
@@ -0,0 +1,10 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!-- Demokonfiguration fuer eine Online Applikation (OA) welche Header Authentication zur Uebergabe der Parameter verwendet -->
+<Configuration xmlns="http://www.buergerkarte.at/namespaces/moaconfig#" xmlns:sl10="http://www.buergerkarte.at/namespaces/securitylayer/20020225#" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance">
+ <LoginType>stateless</LoginType>
+ <HeaderAuth>
+ <!-- zusaetzlicher Header GivenName -->
+ <Header Name="X-MOAParameterGivenName" Value="MOAGivenName"></Header>
+ <Header Name="X-MOAParameterFamilyName" Value="MOAFamilyName"></Header>
+ </HeaderAuth>
+</Configuration>
diff --git a/id/server/doc/conf/moa-id/oa/ParamOAConfiguration.xml b/id/server/doc/conf/moa-id/oa/ParamOAConfiguration.xml
new file mode 100644
index 000000000..979faca95
--- /dev/null
+++ b/id/server/doc/conf/moa-id/oa/ParamOAConfiguration.xml
@@ -0,0 +1,10 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!-- Demokonfiguration fuer eine Online Applikation (OA) welche Parameter Authentication verwendet -->
+<Configuration xmlns="http://www.buergerkarte.at/namespaces/moaconfig#" xmlns:sl10="http://www.buergerkarte.at/namespaces/securitylayer/20020225#" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance">
+ <LoginType>stateless</LoginType>
+ <ParamAuth>
+ <!-- URL Parameter GivenName und FamilyName -->
+ <Parameter Name="GivenName" Value="MOAGivenName"></Parameter>
+ <Parameter Name="FamilyName" Value="MOAFamilyName"></Parameter>
+ </ParamAuth>
+</Configuration>
diff --git a/id/server/doc/conf/moa-id/oa/SampleOAConfiguration.xml b/id/server/doc/conf/moa-id/oa/SampleOAConfiguration.xml
new file mode 100644
index 000000000..edbfe7aa5
--- /dev/null
+++ b/id/server/doc/conf/moa-id/oa/SampleOAConfiguration.xml
@@ -0,0 +1,9 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!-- Demokonfiguration fuer Online Applikation (OA) welche 401 Basic Authentication zur Uebergabe der Parameter verwendet -->
+<Configuration xmlns="http://www.buergerkarte.at/namespaces/moaconfig#" xmlns:sl10="http://www.buergerkarte.at/namespaces/securitylayer/20020225#" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance">
+ <LoginType>stateless</LoginType>
+ <BasicAuth>
+ <UserID>MOAFamilyName</UserID>
+ <Password>MOAGivenName</Password>
+ </BasicAuth>
+</Configuration>
diff --git a/id/server/doc/conf/moa-id/oa/SamplewbPKOAConfiguration.xml b/id/server/doc/conf/moa-id/oa/SamplewbPKOAConfiguration.xml
new file mode 100644
index 000000000..2cff3bd67
--- /dev/null
+++ b/id/server/doc/conf/moa-id/oa/SamplewbPKOAConfiguration.xml
@@ -0,0 +1,9 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!-- Demokonfiguration fuer eine Online Applikation (OA) welche 401 Basic Authentication zur Uebergabe der Parameter verwendet -->
+<Configuration xmlns="http://www.buergerkarte.at/namespaces/moaconfig#" xmlns:sl10="http://www.buergerkarte.at/namespaces/securitylayer/20020225#" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance">
+ <LoginType>stateless</LoginType>
+ <BasicAuth>
+ <UserID>MOAWBPK</UserID>
+ <Password>MOAGivenName</Password>
+ </BasicAuth>
+</Configuration>
diff --git a/id/server/doc/conf/moa-id/stork/SamlEngine.xml b/id/server/doc/conf/moa-id/stork/SamlEngine.xml
new file mode 100644
index 000000000..166a48ff8
--- /dev/null
+++ b/id/server/doc/conf/moa-id/stork/SamlEngine.xml
@@ -0,0 +1,70 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<instances>
+
+
+ <!-- Configuration name-->
+ <instance name="outgoing">
+ <!-- Configurations parameters StorkSamlEngine -->
+ <configuration name="SamlEngineConf">
+ <parameter name="fileConfiguration" value="StorkSamlEngine_outgoing.xml" />
+ </configuration>
+
+ <!-- Settings module signature-->
+ <configuration name="SignatureConf">
+ <!-- Specific signature module -->
+ <parameter name="class" value="eu.stork.peps.auth.engine.core.impl.SignSW" />
+ <!-- Settings specific module -->
+ <parameter name="fileConfiguration" value="SignModule_outgoing.xml" />
+ </configuration>
+ </instance>
+
+ <instance name="incoming">
+ <!-- Configurations parameters StorkSamlEngine -->
+ <configuration name="SamlEngineConf">
+ <parameter name="fileConfiguration" value="StorkSamlEngine_incoming.xml" />
+ </configuration>
+
+ <!-- Settings module signature-->
+ <configuration name="SignatureConf">
+ <!-- Specific signature module -->
+ <parameter name="class" value="eu.stork.peps.auth.engine.core.impl.SignSW" />
+ <!-- Settings specific module -->
+ <parameter name="fileConfiguration" value="SignModule_incoming.xml" />
+ </configuration>
+ </instance>
+
+
+ <instance name="incoming_attr">
+ <!-- Configurations parameters StorkSamlEngine -->
+ <configuration name="SamlEngineConf">
+ <parameter name="fileConfiguration" value="StorkSamlEngine_incoming_attr.xml" />
+ </configuration>
+
+ <!-- Settings module signature-->
+ <configuration name="SignatureConf">
+ <!-- Specific signature module -->
+ <parameter name="class" value="eu.stork.peps.auth.engine.core.impl.SignSW" />
+ <!-- Settings specific module -->
+ <parameter name="fileConfiguration" value="SignModule_incoming_attr.xml" />
+ </configuration>
+ </instance>
+
+
+ <instance name="VIDP">
+ <!-- Configurations parameters StorkSamlEngine -->
+ <configuration name="SamlEngineConf">
+ <parameter name="fileConfiguration" value="StorkSamlEngine_VIDP.xml" />
+ </configuration>
+
+ <!-- Settings module signature-->
+ <configuration name="SignatureConf">
+ <!-- Specific signature module -->
+ <parameter name="class" value="eu.stork.peps.auth.engine.core.impl.SignSW" />
+ <!-- Settings specific module -->
+ <parameter name="fileConfiguration" value="SignModule_incoming.xml" />
+ </configuration>
+ </instance>
+
+
+
+</instances>
diff --git a/id/server/doc/conf/moa-id/stork/SignModule_incoming.xml b/id/server/doc/conf/moa-id/stork/SignModule_incoming.xml
new file mode 100644
index 000000000..68b15e667
--- /dev/null
+++ b/id/server/doc/conf/moa-id/stork/SignModule_incoming.xml
@@ -0,0 +1,12 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE properties SYSTEM "http://java.sun.com/dtd/properties.dtd">
+
+<properties>
+ <comment>SWModule sign with JKS.</comment>
+ <entry key="keystorePath">/home/stork/repos/moa-idspss/id/server/data/deploy/conf/moa-id/stork/storkDemoKeysPT.jks</entry>
+ <entry key="keyStorePassword">local-demo</entry>
+ <entry key="keyPassword">local-demo</entry>
+ <entry key="issuer">CN=local-demo, O=Indra, L=Madrid, ST=Spain, C=ES</entry>
+ <entry key="serialNumber">4BA89DB2</entry>
+ <entry key="keystoreType">JKS</entry>
+</properties>
diff --git a/id/server/doc/conf/moa-id/stork/SignModule_incoming_attr.xml b/id/server/doc/conf/moa-id/stork/SignModule_incoming_attr.xml
new file mode 100644
index 000000000..68b15e667
--- /dev/null
+++ b/id/server/doc/conf/moa-id/stork/SignModule_incoming_attr.xml
@@ -0,0 +1,12 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE properties SYSTEM "http://java.sun.com/dtd/properties.dtd">
+
+<properties>
+ <comment>SWModule sign with JKS.</comment>
+ <entry key="keystorePath">/home/stork/repos/moa-idspss/id/server/data/deploy/conf/moa-id/stork/storkDemoKeysPT.jks</entry>
+ <entry key="keyStorePassword">local-demo</entry>
+ <entry key="keyPassword">local-demo</entry>
+ <entry key="issuer">CN=local-demo, O=Indra, L=Madrid, ST=Spain, C=ES</entry>
+ <entry key="serialNumber">4BA89DB2</entry>
+ <entry key="keystoreType">JKS</entry>
+</properties>
diff --git a/id/server/doc/conf/moa-id/stork/SignModule_outgoing.xml b/id/server/doc/conf/moa-id/stork/SignModule_outgoing.xml
new file mode 100644
index 000000000..7139c5a41
--- /dev/null
+++ b/id/server/doc/conf/moa-id/stork/SignModule_outgoing.xml
@@ -0,0 +1,12 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE properties SYSTEM "http://java.sun.com/dtd/properties.dtd">
+
+<properties>
+ <comment>SWModule sign with JKS.</comment>
+ <entry key="keystorePath">projects/stork2/code/moa-idspss/id/server/stork2-saml-engine/src/test/resources/storkDemoKeys.jks</entry>
+ <entry key="keyStorePassword">local-demo</entry>
+ <entry key="keyPassword">local-demo</entry>
+ <entry key="issuer">CN=local-demo-cert, O=Indra, L=Madrid, ST=Spain, C=ES</entry>
+ <entry key="serialNumber">4BA89DB2</entry>
+ <entry key="keystoreType">JKS</entry>
+</properties> \ No newline at end of file
diff --git a/id/server/doc/conf/moa-id/stork/StorkSamlEngine_VIDP.xml b/id/server/doc/conf/moa-id/stork/StorkSamlEngine_VIDP.xml
new file mode 100644
index 000000000..83e69ac23
--- /dev/null
+++ b/id/server/doc/conf/moa-id/stork/StorkSamlEngine_VIDP.xml
@@ -0,0 +1,94 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE properties SYSTEM "http://java.sun.com/dtd/properties.dtd">
+
+<properties>
+ <comment>SAML constants for AuthnRequests and Responses.</comment>
+
+ <!--
+ Types of consent obtained from the user for this authentication and
+ data transfer.
+ Allow values: 'unspecified'.
+ -->
+ <entry key="consentAuthnRequest">unspecified</entry>
+
+ <!--
+ Allow values: 'obtained', 'prior', 'current-implicit', 'current-explicit', 'unspecified'.
+ -->
+ <entry key="consentAuthnResponse">obtained</entry>
+
+ <!--URI representing the classification of the identifier
+ Allow values: 'entity'.
+ -->
+ <entry key="formatEntity">entity</entry>
+
+ <!--Only HTTP-POST binding is only supported for inter PEPS-->
+ <!--The SOAP binding is only supported for direct communication between SP-MW and VIdP-->
+ <entry key="protocolBinding">HTTP-POST</entry>
+
+
+
+
+ <!--URI representing the classification of the identifier
+ Allow values: 'entity'.
+ <entry key="eIDSectorShare">true</entry>
+ <entry key="eIDCrossSectorShare">true</entry>
+ <entry key="eIDCrossBorderShare">true</entry>
+ -->
+
+
+
+ <!-- A friendly name for the attribute that can be displayed to a user -->
+ <entry key="friendlyName">false</entry>
+
+ <!-- A friendly name for the attribute that can be displayed to a user -->
+ <entry key="isRequired">true</entry>
+
+ <!--PEPS in the Service Provider's country-->
+ <entry key="requester">http://S-PEPS.gov.xx</entry>
+
+ <!--PEPS in the citizen's origin country-->
+ <entry key="responder">http://C-PEPS.gov.xx</entry>
+
+ <!--Subject cannot be confirmed on or after this seconds time (positive number)-->
+ <entry key="timeNotOnOrAfter">300</entry>
+
+ <!--Validation IP of the response-->
+ <entry key="ipAddrValidation">false</entry>
+
+
+ <!--Subject Attribute Definitions-->
+ <entry key="eIdentifier">http://www.stork.gov.eu/1.0/eIdentifier</entry>
+ <entry key="givenName">http://www.stork.gov.eu/1.0/givenName</entry>
+ <entry key="surname">http://www.stork.gov.eu/1.0/surname</entry>
+ <entry key="inheritedFamilyName">http://www.stork.gov.eu/1.0/inheritedFamilyName</entry>
+ <entry key="adoptedFamilyName">http://www.stork.gov.eu/1.0/adoptedFamilyName</entry>
+ <entry key="gender">http://www.stork.gov.eu/1.0/gender</entry>
+ <entry key="dateOfBirth">http://www.stork.gov.eu/1.0/dateOfBirth</entry>
+ <entry key="countryCodeOfBirth">http://www.stork.gov.eu/1.0/countryCodeOfBirth</entry>
+ <entry key="nationalityCode">http://www.stork.gov.eu/1.0/nationalityCode</entry>
+ <entry key="maritalStatus">http://www.stork.gov.eu/1.0/maritalStatus</entry>
+ <entry key="residenceAddress">http://www.stork.gov.eu/1.0/residenceAddress</entry>
+ <entry key="eMail">http://www.stork.gov.eu/1.0/eMail</entry>
+ <entry key="academicTitle">http://www.stork.gov.eu/1.0/academicTitle</entry>
+ <entry key="pseudonym">http://www.stork.gov.eu/1.0/pseudonym</entry>
+ <entry key="age">http://www.stork.gov.eu/1.0/age</entry>
+ <entry key="isAgeOver">http://www.stork.gov.eu/1.0/isAgeOver</entry>
+ <entry key="fiscalNumber">http://www.stork.gov.eu/1.0/fiscalNumber</entry>
+
+ <entry key="textResidenceAddress">http://www.stork.gov.eu/1.0/textResidenceAddress</entry>
+ <entry key="canonicalResidenceAddress">http://www.stork.gov.eu/1.0/canonicalResidenceAddress</entry>
+
+ <entry key="title">http://www.stork.gov.eu/1.0/title</entry>
+ <entry key="residencePermit">http://www.stork.gov.eu/1.0/residencePermit</entry>
+
+ <entry key="signedDoc">http://www.stork.gov.eu/1.0/signedDoc</entry>
+ <entry key="citizen509Certificate">http://www.stork.gov.eu/1.0/citizen509Certificate</entry>
+
+ <entry key="newAttribute1">http://www.stork.gov.eu/1.0/newAttribute1</entry>
+ <entry key="newAttribute2">http://www.stork.gov.eu/1.0/newAttribute2</entry>
+ <entry key="hasDegree">http://www.stork.gov.eu/1.0/hasDegree</entry>
+ <entry key="mandateContent">http://www.stork.gov.eu/1.0/mandateContent</entry>
+ <entry key="representative">http://www.stork.gov.eu/1.0/representative</entry>
+ <entry key="represented">http://www.stork.gov.eu/1.0/represented</entry>
+
+</properties>
diff --git a/id/server/doc/conf/moa-id/stork/StorkSamlEngine_incoming.xml b/id/server/doc/conf/moa-id/stork/StorkSamlEngine_incoming.xml
new file mode 100644
index 000000000..83e69ac23
--- /dev/null
+++ b/id/server/doc/conf/moa-id/stork/StorkSamlEngine_incoming.xml
@@ -0,0 +1,94 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE properties SYSTEM "http://java.sun.com/dtd/properties.dtd">
+
+<properties>
+ <comment>SAML constants for AuthnRequests and Responses.</comment>
+
+ <!--
+ Types of consent obtained from the user for this authentication and
+ data transfer.
+ Allow values: 'unspecified'.
+ -->
+ <entry key="consentAuthnRequest">unspecified</entry>
+
+ <!--
+ Allow values: 'obtained', 'prior', 'current-implicit', 'current-explicit', 'unspecified'.
+ -->
+ <entry key="consentAuthnResponse">obtained</entry>
+
+ <!--URI representing the classification of the identifier
+ Allow values: 'entity'.
+ -->
+ <entry key="formatEntity">entity</entry>
+
+ <!--Only HTTP-POST binding is only supported for inter PEPS-->
+ <!--The SOAP binding is only supported for direct communication between SP-MW and VIdP-->
+ <entry key="protocolBinding">HTTP-POST</entry>
+
+
+
+
+ <!--URI representing the classification of the identifier
+ Allow values: 'entity'.
+ <entry key="eIDSectorShare">true</entry>
+ <entry key="eIDCrossSectorShare">true</entry>
+ <entry key="eIDCrossBorderShare">true</entry>
+ -->
+
+
+
+ <!-- A friendly name for the attribute that can be displayed to a user -->
+ <entry key="friendlyName">false</entry>
+
+ <!-- A friendly name for the attribute that can be displayed to a user -->
+ <entry key="isRequired">true</entry>
+
+ <!--PEPS in the Service Provider's country-->
+ <entry key="requester">http://S-PEPS.gov.xx</entry>
+
+ <!--PEPS in the citizen's origin country-->
+ <entry key="responder">http://C-PEPS.gov.xx</entry>
+
+ <!--Subject cannot be confirmed on or after this seconds time (positive number)-->
+ <entry key="timeNotOnOrAfter">300</entry>
+
+ <!--Validation IP of the response-->
+ <entry key="ipAddrValidation">false</entry>
+
+
+ <!--Subject Attribute Definitions-->
+ <entry key="eIdentifier">http://www.stork.gov.eu/1.0/eIdentifier</entry>
+ <entry key="givenName">http://www.stork.gov.eu/1.0/givenName</entry>
+ <entry key="surname">http://www.stork.gov.eu/1.0/surname</entry>
+ <entry key="inheritedFamilyName">http://www.stork.gov.eu/1.0/inheritedFamilyName</entry>
+ <entry key="adoptedFamilyName">http://www.stork.gov.eu/1.0/adoptedFamilyName</entry>
+ <entry key="gender">http://www.stork.gov.eu/1.0/gender</entry>
+ <entry key="dateOfBirth">http://www.stork.gov.eu/1.0/dateOfBirth</entry>
+ <entry key="countryCodeOfBirth">http://www.stork.gov.eu/1.0/countryCodeOfBirth</entry>
+ <entry key="nationalityCode">http://www.stork.gov.eu/1.0/nationalityCode</entry>
+ <entry key="maritalStatus">http://www.stork.gov.eu/1.0/maritalStatus</entry>
+ <entry key="residenceAddress">http://www.stork.gov.eu/1.0/residenceAddress</entry>
+ <entry key="eMail">http://www.stork.gov.eu/1.0/eMail</entry>
+ <entry key="academicTitle">http://www.stork.gov.eu/1.0/academicTitle</entry>
+ <entry key="pseudonym">http://www.stork.gov.eu/1.0/pseudonym</entry>
+ <entry key="age">http://www.stork.gov.eu/1.0/age</entry>
+ <entry key="isAgeOver">http://www.stork.gov.eu/1.0/isAgeOver</entry>
+ <entry key="fiscalNumber">http://www.stork.gov.eu/1.0/fiscalNumber</entry>
+
+ <entry key="textResidenceAddress">http://www.stork.gov.eu/1.0/textResidenceAddress</entry>
+ <entry key="canonicalResidenceAddress">http://www.stork.gov.eu/1.0/canonicalResidenceAddress</entry>
+
+ <entry key="title">http://www.stork.gov.eu/1.0/title</entry>
+ <entry key="residencePermit">http://www.stork.gov.eu/1.0/residencePermit</entry>
+
+ <entry key="signedDoc">http://www.stork.gov.eu/1.0/signedDoc</entry>
+ <entry key="citizen509Certificate">http://www.stork.gov.eu/1.0/citizen509Certificate</entry>
+
+ <entry key="newAttribute1">http://www.stork.gov.eu/1.0/newAttribute1</entry>
+ <entry key="newAttribute2">http://www.stork.gov.eu/1.0/newAttribute2</entry>
+ <entry key="hasDegree">http://www.stork.gov.eu/1.0/hasDegree</entry>
+ <entry key="mandateContent">http://www.stork.gov.eu/1.0/mandateContent</entry>
+ <entry key="representative">http://www.stork.gov.eu/1.0/representative</entry>
+ <entry key="represented">http://www.stork.gov.eu/1.0/represented</entry>
+
+</properties>
diff --git a/id/server/doc/conf/moa-id/stork/StorkSamlEngine_incoming_attr.xml b/id/server/doc/conf/moa-id/stork/StorkSamlEngine_incoming_attr.xml
new file mode 100644
index 000000000..83e69ac23
--- /dev/null
+++ b/id/server/doc/conf/moa-id/stork/StorkSamlEngine_incoming_attr.xml
@@ -0,0 +1,94 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE properties SYSTEM "http://java.sun.com/dtd/properties.dtd">
+
+<properties>
+ <comment>SAML constants for AuthnRequests and Responses.</comment>
+
+ <!--
+ Types of consent obtained from the user for this authentication and
+ data transfer.
+ Allow values: 'unspecified'.
+ -->
+ <entry key="consentAuthnRequest">unspecified</entry>
+
+ <!--
+ Allow values: 'obtained', 'prior', 'current-implicit', 'current-explicit', 'unspecified'.
+ -->
+ <entry key="consentAuthnResponse">obtained</entry>
+
+ <!--URI representing the classification of the identifier
+ Allow values: 'entity'.
+ -->
+ <entry key="formatEntity">entity</entry>
+
+ <!--Only HTTP-POST binding is only supported for inter PEPS-->
+ <!--The SOAP binding is only supported for direct communication between SP-MW and VIdP-->
+ <entry key="protocolBinding">HTTP-POST</entry>
+
+
+
+
+ <!--URI representing the classification of the identifier
+ Allow values: 'entity'.
+ <entry key="eIDSectorShare">true</entry>
+ <entry key="eIDCrossSectorShare">true</entry>
+ <entry key="eIDCrossBorderShare">true</entry>
+ -->
+
+
+
+ <!-- A friendly name for the attribute that can be displayed to a user -->
+ <entry key="friendlyName">false</entry>
+
+ <!-- A friendly name for the attribute that can be displayed to a user -->
+ <entry key="isRequired">true</entry>
+
+ <!--PEPS in the Service Provider's country-->
+ <entry key="requester">http://S-PEPS.gov.xx</entry>
+
+ <!--PEPS in the citizen's origin country-->
+ <entry key="responder">http://C-PEPS.gov.xx</entry>
+
+ <!--Subject cannot be confirmed on or after this seconds time (positive number)-->
+ <entry key="timeNotOnOrAfter">300</entry>
+
+ <!--Validation IP of the response-->
+ <entry key="ipAddrValidation">false</entry>
+
+
+ <!--Subject Attribute Definitions-->
+ <entry key="eIdentifier">http://www.stork.gov.eu/1.0/eIdentifier</entry>
+ <entry key="givenName">http://www.stork.gov.eu/1.0/givenName</entry>
+ <entry key="surname">http://www.stork.gov.eu/1.0/surname</entry>
+ <entry key="inheritedFamilyName">http://www.stork.gov.eu/1.0/inheritedFamilyName</entry>
+ <entry key="adoptedFamilyName">http://www.stork.gov.eu/1.0/adoptedFamilyName</entry>
+ <entry key="gender">http://www.stork.gov.eu/1.0/gender</entry>
+ <entry key="dateOfBirth">http://www.stork.gov.eu/1.0/dateOfBirth</entry>
+ <entry key="countryCodeOfBirth">http://www.stork.gov.eu/1.0/countryCodeOfBirth</entry>
+ <entry key="nationalityCode">http://www.stork.gov.eu/1.0/nationalityCode</entry>
+ <entry key="maritalStatus">http://www.stork.gov.eu/1.0/maritalStatus</entry>
+ <entry key="residenceAddress">http://www.stork.gov.eu/1.0/residenceAddress</entry>
+ <entry key="eMail">http://www.stork.gov.eu/1.0/eMail</entry>
+ <entry key="academicTitle">http://www.stork.gov.eu/1.0/academicTitle</entry>
+ <entry key="pseudonym">http://www.stork.gov.eu/1.0/pseudonym</entry>
+ <entry key="age">http://www.stork.gov.eu/1.0/age</entry>
+ <entry key="isAgeOver">http://www.stork.gov.eu/1.0/isAgeOver</entry>
+ <entry key="fiscalNumber">http://www.stork.gov.eu/1.0/fiscalNumber</entry>
+
+ <entry key="textResidenceAddress">http://www.stork.gov.eu/1.0/textResidenceAddress</entry>
+ <entry key="canonicalResidenceAddress">http://www.stork.gov.eu/1.0/canonicalResidenceAddress</entry>
+
+ <entry key="title">http://www.stork.gov.eu/1.0/title</entry>
+ <entry key="residencePermit">http://www.stork.gov.eu/1.0/residencePermit</entry>
+
+ <entry key="signedDoc">http://www.stork.gov.eu/1.0/signedDoc</entry>
+ <entry key="citizen509Certificate">http://www.stork.gov.eu/1.0/citizen509Certificate</entry>
+
+ <entry key="newAttribute1">http://www.stork.gov.eu/1.0/newAttribute1</entry>
+ <entry key="newAttribute2">http://www.stork.gov.eu/1.0/newAttribute2</entry>
+ <entry key="hasDegree">http://www.stork.gov.eu/1.0/hasDegree</entry>
+ <entry key="mandateContent">http://www.stork.gov.eu/1.0/mandateContent</entry>
+ <entry key="representative">http://www.stork.gov.eu/1.0/representative</entry>
+ <entry key="represented">http://www.stork.gov.eu/1.0/represented</entry>
+
+</properties>
diff --git a/id/server/doc/conf/moa-id/stork/StorkSamlEngine_outgoing.xml b/id/server/doc/conf/moa-id/stork/StorkSamlEngine_outgoing.xml
new file mode 100644
index 000000000..b095b9e7e
--- /dev/null
+++ b/id/server/doc/conf/moa-id/stork/StorkSamlEngine_outgoing.xml
@@ -0,0 +1,94 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE properties SYSTEM "http://java.sun.com/dtd/properties.dtd">
+
+<properties>
+ <comment>SAML constants for AuthnRequests and Responses.</comment>
+
+ <!--
+ Types of consent obtained from the user for this authentication and
+ data transfer.
+ Allow values: 'unspecified'.
+ -->
+ <entry key="consentAuthnRequest">unspecified</entry>
+
+ <!--
+ Allow values: 'obtained', 'prior', 'current-implicit', 'current-explicit', 'unspecified'.
+ -->
+ <entry key="consentAuthnResponse">obtained</entry>
+
+ <!--URI representing the classification of the identifier
+ Allow values: 'entity'.
+ -->
+ <entry key="formatEntity">entity</entry>
+
+ <!--Only HTTP-POST binding is only supported for inter PEPS-->
+ <!--The SOAP binding is only supported for direct communication between SP-MW and VIdP-->
+ <entry key="protocolBinding">HTTP-POST</entry>
+
+
+
+
+ <!--URI representing the classification of the identifier
+ Allow values: 'entity'.
+ <entry key="eIDSectorShare">true</entry>
+ <entry key="eIDCrossSectorShare">true</entry>
+ <entry key="eIDCrossBorderShare">true</entry>
+ -->
+
+
+
+ <!-- A friendly name for the attribute that can be displayed to a user -->
+ <entry key="friendlyName">false</entry>
+
+ <!-- A friendly name for the attribute that can be displayed to a user -->
+ <entry key="isRequired">true</entry>
+
+ <!--PEPS in the Service Provider's country-->
+ <entry key="requester">http://S-PEPS.gov.xx</entry>
+
+ <!--PEPS in the citizen's origin country-->
+ <entry key="responder">http://C-PEPS.gov.xx</entry>
+
+ <!--Subject cannot be confirmed on or after this seconds time (positive number)-->
+ <entry key="timeNotOnOrAfter">300</entry>
+
+ <!--Validation IP of the response-->
+ <entry key="ipAddrValidation">false</entry>
+
+
+ <!--Subject Attribute Definitions-->
+ <entry key="eIdentifier">http://www.stork.gov.eu/1.0/eIdentifier</entry>
+ <entry key="givenName">http://www.stork.gov.eu/1.0/givenName</entry>
+ <entry key="surname">http://www.stork.gov.eu/1.0/surname</entry>
+ <entry key="inheritedFamilyName">http://www.stork.gov.eu/1.0/inheritedFamilyName</entry>
+ <entry key="adoptedFamilyName">http://www.stork.gov.eu/1.0/adoptedFamilyName</entry>
+ <entry key="gender">http://www.stork.gov.eu/1.0/gender</entry>
+ <entry key="dateOfBirth">http://www.stork.gov.eu/1.0/dateOfBirth</entry>
+ <entry key="countryCodeOfBirth">http://www.stork.gov.eu/1.0/countryCodeOfBirth</entry>
+ <entry key="nationalityCode">http://www.stork.gov.eu/1.0/nationalityCode</entry>
+ <entry key="maritalStatus">http://www.stork.gov.eu/1.0/maritalStatus</entry>
+ <entry key="residenceAddress">http://www.stork.gov.eu/1.0/residenceAddress</entry>
+ <entry key="eMail">http://www.stork.gov.eu/1.0/eMail</entry>
+ <entry key="academicTitle">http://www.stork.gov.eu/1.0/academicTitle</entry>
+ <entry key="pseudonym">http://www.stork.gov.eu/1.0/pseudonym</entry>
+ <entry key="age">http://www.stork.gov.eu/1.0/age</entry>
+ <entry key="isAgeOver">http://www.stork.gov.eu/1.0/isAgeOver</entry>
+ <entry key="fiscalNumber">http://www.stork.gov.eu/1.0/fiscalNumber</entry>
+
+ <entry key="textResidenceAddress">http://www.stork.gov.eu/1.0/textResidenceAddress</entry>
+ <entry key="canonicalResidenceAddress">http://www.stork.gov.eu/1.0/canonicalResidenceAddress</entry>
+
+ <entry key="title">http://www.stork.gov.eu/1.0/title</entry>
+ <entry key="residencePermit">http://www.stork.gov.eu/1.0/residencePermit</entry>
+
+ <entry key="signedDoc">http://www.stork.gov.eu/1.0/signedDoc</entry>
+ <entry key="citizen509Certificate">http://www.stork.gov.eu/1.0/citizen509Certificate</entry>
+
+ <entry key="newAttribute1">http://www.stork.gov.eu/1.0/newAttribute1</entry>
+ <entry key="newAttribute2">http://www.stork.gov.eu/1.0/newAttribute2</entry>
+ <entry key="hasDegree">http://www.stork.gov.eu/1.0/hasDegree</entry>
+ <entry key="mandateContent">http://www.stork.gov.eu/1.0/mandateContent</entry>
+ <entry key="representative">http://www.stork.gov.eu/1.0/representative</entry>
+ <entry key="represented">http://www.stork.gov.eu/1.0/represented</entry>
+
+</properties> \ No newline at end of file
diff --git a/id/server/doc/conf/moa-id/stork/storkDemoKeysPT.jks b/id/server/doc/conf/moa-id/stork/storkDemoKeysPT.jks
new file mode 100644
index 000000000..f9baad202
--- /dev/null
+++ b/id/server/doc/conf/moa-id/stork/storkDemoKeysPT.jks
Binary files differ
diff --git a/id/server/doc/conf/moa-id/stork/storkDemoKeys_minividp_old.jks b/id/server/doc/conf/moa-id/stork/storkDemoKeys_minividp_old.jks
new file mode 100644
index 000000000..efaeac86c
--- /dev/null
+++ b/id/server/doc/conf/moa-id/stork/storkDemoKeys_minividp_old.jks
Binary files differ
diff --git a/id/server/doc/conf/moa-id/transforms/TransformsInfoAuthBlockTable_DE.xml b/id/server/doc/conf/moa-id/transforms/TransformsInfoAuthBlockTable_DE.xml
new file mode 100644
index 000000000..1165d8b32
--- /dev/null
+++ b/id/server/doc/conf/moa-id/transforms/TransformsInfoAuthBlockTable_DE.xml
@@ -0,0 +1,161 @@
+<sl10:TransformsInfo>
+ <dsig:Transforms xmlns:dsig="http://www.w3.org/2000/09/xmldsig#">
+ <dsig:Transform Algorithm="http://www.w3.org/TR/1999/REC-xslt-19991116">
+ <xsl:stylesheet version="1.0" xmlns:xsl="http://www.w3.org/1999/XSL/Transform" xmlns:saml="urn:oasis:names:tc:SAML:1.0:assertion" xmlns:pr="http://reference.e-government.gv.at/namespace/persondata/20020228#" exclude-result-prefixes="pr saml">
+ <xsl:output method="xml" xml:space="default"/>
+ <xsl:template match="/" xmlns="http://www.w3.org/1999/xhtml">
+ <html>
+ <head>
+ <title>Signatur der Anmeldedaten</title>
+ <style type="text/css" media="screen">
+ .normalstyle { font-size: medium; }
+ .italicstyle { font-size: medium; font-style: italic; }
+ .titlestyle{ text-decoration:underline; font-weight:bold; font-size: medium; }
+ .h4style{ font-size: large; }
+ </style>
+ </head>
+ <body>
+ <h4 class="h4style">Anmeldedaten:</h4>
+ <p class="titlestyle">Daten zur Person</p>
+ <table class="parameters">
+ <xsl:if test="normalize-space(//@Issuer)">
+ <tr>
+ <td class="italicstyle">Name:</td>
+ <td class="normalstyle">
+ <xsl:value-of select="//@Issuer"/>
+ </td>
+ </tr>
+ </xsl:if>
+ <xsl:if test="string(//saml:Attribute[@AttributeName='Geburtsdatum']/saml:AttributeValue)">
+ <tr>
+ <td class="italicstyle">Geburtsdatum:</td>
+ <td class="normalstyle">
+ <xsl:value-of select="substring(//saml:Attribute[@AttributeName='Geburtsdatum']/saml:AttributeValue,9,2)"/>
+ <xsl:text>.</xsl:text>
+ <xsl:value-of select="substring(//saml:Attribute[@AttributeName='Geburtsdatum']/saml:AttributeValue,6,2)"/>
+ <xsl:text>.</xsl:text>
+ <xsl:value-of select="substring(//saml:Attribute[@AttributeName='Geburtsdatum']/saml:AttributeValue,1,4)"/>
+ </td>
+ </tr>
+ </xsl:if>
+ <xsl:if test="//saml:Attribute[@AttributeName='OIDTextualDescription']">
+ <tr>
+ <td class="italicstyle">Rolle:</td>
+ <td class="normalstyle">
+ <xsl:value-of select="//saml:Attribute[@AttributeName='OIDTextualDescription']/saml:AttributeValue"/>
+ </td>
+ </tr>
+ </xsl:if>
+ <xsl:if test="//saml:Attribute[@AttributeName='mandateReferenceValue']">
+ <tr>
+ <td class="italicstyle">Vollmacht:</td>
+ <td class="normalstyle">
+ <xsl:text>Ich melde mich in Vertretung an. Im nächsten Schritt wird mir eine Liste der für mich verfügbaren Vertretungsverhältnisse angezeigt, aus denen ich eines auswählen werde.</xsl:text>
+ </td>
+ </tr>
+ </xsl:if>
+ </table>
+ <p class="titlestyle">Daten zur Anwendung</p>
+ <table class="parameters">
+ <tr>
+ <td class="italicstyle">Name:</td>
+ <td class="normalstyle">
+ <xsl:value-of select="//saml:Attribute[@AttributeName='oaFriendlyName']/saml:AttributeValue"/>
+ </td>
+ </tr>
+ <tr>
+ <td class="italicstyle">Staat:</td>
+ <td class="normalstyle">Österreich</td>
+ </tr>
+ </table>
+ <p class="titlestyle">Technische Parameter</p>
+ <table class="parameters">
+ <tr>
+ <td class="italicstyle">URL:</td>
+ <td class="normalstyle">
+ <xsl:value-of select="//saml:Attribute[@AttributeName='OA']/saml:AttributeValue"/>
+ </td>
+ </tr>
+ <xsl:if test="//saml:Attribute[@AttributeName='Geschaeftsbereich']">
+ <tr>
+ <td class="italicstyle">Bereich:</td>
+ <td class="normalstyle">
+ <xsl:value-of select="//saml:Attribute[@AttributeName='Geschaeftsbereich']/saml:AttributeValue"/>
+ </td>
+ </tr>
+ </xsl:if>
+ <xsl:if test="//saml:Attribute[@AttributeName='mandateReferenceValue']">
+ <tr>
+ <td class="italicstyle">
+ Vollmachten-Referenz:</td>
+ <td class="normalstyle">
+ <xsl:value-of select="//saml:Attribute[@AttributeName='mandateReferenceValue']"/>
+ </td>
+ </tr>
+ </xsl:if>
+ <xsl:if test="//saml:Attribute[@AttributeName='IdentityLinkDomainIdentifierType']">
+ <tr>
+ <td class="italicstyle">
+ <xsl:value-of select="//saml:Attribute[@AttributeName='IdentityLinkDomainIdentifierType']"/>:</td>
+ <td class="normalstyle">
+ <xsl:value-of select="//saml:Attribute[@AttributeName='wbPK']/saml:AttributeValue/pr:Identification/pr:Type"/>
+ </td>
+ </tr>
+ </xsl:if>
+ <xsl:if test="//saml:Attribute[@AttributeName='bPK'] or //saml:Attribute[@AttributeName='wbPK']">
+ <tr>
+ <td class="italicstyle">Identifikator:</td>
+ <td class="normalstyle">
+ <xsl:value-of select="//saml:Attribute[@AttributeName='bPK']/saml:AttributeValue/pr:Identification/pr:Value"/>
+ <xsl:value-of select="//saml:Attribute[@AttributeName='wbPK']/saml:AttributeValue/pr:Identification/pr:Value"/>
+ </td>
+ </tr>
+ </xsl:if>
+ <xsl:if test="//saml:Attribute[@AttributeName='OIDTextualDescription']">
+ <tr>
+ <td class="italicstyle">OID:</td>
+ <td class="normalstyle">
+ <xsl:value-of select="//saml:Attribute[@AttributeName='OID']/saml:AttributeValue"/>
+ </td>
+ </tr>
+ </xsl:if>
+ <xsl:if test="//saml:Attribute[@AttributeName='HPI']">
+ <tr>
+ <td class="italicstyle">HPI:</td>
+ <td class="normalstyle">
+ <xsl:value-of select="//saml:Attribute[@AttributeName='HPI']/saml:AttributeValue"/>
+ </td>
+ </tr>
+ </xsl:if>
+ <tr>
+ <td class="italicstyle">Datum:</td>
+ <td class="normalstyle">
+ <xsl:value-of select="substring(//@IssueInstant,9,2)"/>
+ <xsl:text>.</xsl:text>
+ <xsl:value-of select="substring(//@IssueInstant,6,2)"/>
+ <xsl:text>.</xsl:text>
+ <xsl:value-of select="substring(//@IssueInstant,1,4)"/>
+ </td>
+ </tr>
+ <tr>
+ <td class="italicstyle">Uhrzeit:</td>
+ <td class="normalstyle">
+ <xsl:value-of select="substring(//@IssueInstant,12,2)"/>
+ <xsl:text>:</xsl:text>
+ <xsl:value-of select="substring(//@IssueInstant,15,2)"/>
+ <xsl:text>:</xsl:text>
+ <xsl:value-of select="substring(//@IssueInstant,18,2)"/>
+ </td>
+ </tr>
+ </table>
+ </body>
+ </html>
+ </xsl:template>
+ </xsl:stylesheet>
+ </dsig:Transform>
+ <dsig:Transform Algorithm="http://www.w3.org/TR/2001/REC-xml-c14n-20010315#WithComments"/>
+ </dsig:Transforms>
+ <sl10:FinalDataMetaInfo>
+ <sl10:MimeType>application/xhtml+xml</sl10:MimeType>
+ </sl10:FinalDataMetaInfo>
+</sl10:TransformsInfo>
diff --git a/id/server/doc/conf/moa-id/transforms/TransformsInfoAuthBlockTable_DE_2.0.xml b/id/server/doc/conf/moa-id/transforms/TransformsInfoAuthBlockTable_DE_2.0.xml
new file mode 100644
index 000000000..e225ca6e0
--- /dev/null
+++ b/id/server/doc/conf/moa-id/transforms/TransformsInfoAuthBlockTable_DE_2.0.xml
@@ -0,0 +1,7 @@
+<sl10:TransformsInfo><dsig:Transforms xmlns:dsig="http://www.w3.org/2000/09/xmldsig#"><dsig:Transform Algorithm="http://www.w3.org/TR/1999/REC-xslt-19991116"><xsl:stylesheet version="1.0" xmlns:xsl="http://www.w3.org/1999/XSL/Transform" xmlns:saml="urn:oasis:names:tc:SAML:1.0:assertion" xmlns:pr="http://reference.e-government.gv.at/namespace/persondata/20020228#" exclude-result-prefixes="pr saml"><xsl:output method="xml" xml:space="default"/><xsl:template match="/" xmlns="http://www.w3.org/1999/xhtml"><html><head><title>Signatur der Anmeldedaten</title><style type="text/css" media="screen">
+ .normalstyle { font-size: medium; }
+ .italicstyle { font-size: medium; font-style: italic; }
+ .titlestyle{ text-decoration:underline; font-weight:bold; font-size: medium; }
+ .h4style{ font-size: large; }
+ </style></head><body><h4 class="h4style">Anmeldedaten:</h4><xsl:if test="string(//saml:Attribute[@AttributeName='SpecialText']/saml:AttributeValue)"><p class="normalstyle"><xsl:value-of select="//saml:Attribute[@AttributeName='SpecialText']/saml:AttributeValue"/></p></xsl:if><p class="titlestyle">Daten zur Person</p><table class="parameters"><xsl:if test="normalize-space(//@Issuer)"><tr><td class="italicstyle">Name:</td><td class="normalstyle"><xsl:value-of select="//@Issuer"/></td></tr></xsl:if><xsl:if test="string(//saml:Attribute[@AttributeName='Geburtsdatum']/saml:AttributeValue)"><tr><td class="italicstyle">Geburtsdatum:</td><td class="normalstyle"><xsl:value-of select="substring(//saml:Attribute[@AttributeName='Geburtsdatum']/saml:AttributeValue,9,2)"/><xsl:text>.</xsl:text><xsl:value-of select="substring(//saml:Attribute[@AttributeName='Geburtsdatum']/saml:AttributeValue,6,2)"/><xsl:text>.</xsl:text><xsl:value-of select="substring(//saml:Attribute[@AttributeName='Geburtsdatum']/saml:AttributeValue,1,4)"/></td></tr></xsl:if><xsl:if test="//saml:Attribute[@AttributeName='OIDTextualDescription']"><tr><td class="italicstyle">Rolle:</td><td class="normalstyle"><xsl:value-of select="//saml:Attribute[@AttributeName='OIDTextualDescription']/saml:AttributeValue"/></td></tr></xsl:if><xsl:if test="//saml:Attribute[@AttributeName='mandateReferenceValue']"><tr><td class="italicstyle">Vollmacht:</td><td class="normalstyle"><xsl:text>Ich melde mich in Vertretung an. Im nächsten Schritt wird mir eine Liste der für mich verfügbaren Vertretungsverhältnisse angezeigt, aus denen ich eines auswählen werde.</xsl:text></td></tr></xsl:if></table><p class="titlestyle">Daten zur Anwendung</p><table class="parameters"><tr><td class="italicstyle">Name:</td><td class="normalstyle"><xsl:value-of select="//saml:Attribute[@AttributeName='oaFriendlyName']/saml:AttributeValue"/></td></tr><tr><td class="italicstyle">Staat:</td><td class="normalstyle">Österreich</td></tr></table><p class="titlestyle">Technische Parameter</p><table class="parameters"><tr><td class="italicstyle">URL:</td><td class="normalstyle"><xsl:value-of select="//saml:Attribute[@AttributeName='OA']/saml:AttributeValue"/></td></tr><xsl:if test="//saml:Attribute[@AttributeName='Geschaeftsbereich']"><tr><td class="italicstyle">Bereich:</td><td class="normalstyle"><xsl:value-of select="//saml:Attribute[@AttributeName='Geschaeftsbereich']/saml:AttributeValue"/></td></tr></xsl:if><xsl:if test="//saml:Attribute[@AttributeName='mandateReferenceValue']"><tr><td class="italicstyle">
+ Vollmachten-Referenz:</td><td class="normalstyle"><xsl:value-of select="//saml:Attribute[@AttributeName='mandateReferenceValue']"/></td></tr></xsl:if><xsl:if test="//saml:Attribute[@AttributeName='IdentityLinkDomainIdentifierType']"><tr><td class="italicstyle"><xsl:value-of select="//saml:Attribute[@AttributeName='IdentityLinkDomainIdentifierType']"/>:</td><td class="normalstyle"><xsl:value-of select="//saml:Attribute[@AttributeName='wbPK']/saml:AttributeValue/pr:Identification/pr:Type"/></td></tr></xsl:if><xsl:if test="//saml:Attribute[@AttributeName='bPK'] or //saml:Attribute[@AttributeName='wbPK']"><tr><td class="italicstyle">Identifikator:</td><td class="normalstyle"><xsl:value-of select="//saml:Attribute[@AttributeName='bPK']/saml:AttributeValue/pr:Identification/pr:Value"/><xsl:value-of select="//saml:Attribute[@AttributeName='wbPK']/saml:AttributeValue/pr:Identification/pr:Value"/></td></tr></xsl:if><xsl:if test="//saml:Attribute[@AttributeName='OIDTextualDescription']"><tr><td class="italicstyle">OID:</td><td class="normalstyle"><xsl:value-of select="//saml:Attribute[@AttributeName='OID']/saml:AttributeValue"/></td></tr></xsl:if><xsl:if test="//saml:Attribute[@AttributeName='HPI']"><tr><td class="italicstyle">HPI:</td><td class="normalstyle"><xsl:value-of select="//saml:Attribute[@AttributeName='HPI']/saml:AttributeValue"/></td></tr></xsl:if><xsl:if test="//saml:Attribute[@AttributeName='UniqueTokken']"><tr><td class="italicstyle">SessionTokken:</td><td class="normalstyle"><xsl:value-of select="//saml:Attribute[@AttributeName='UniqueTokken']/saml:AttributeValue"/></td></tr></xsl:if><tr><td class="italicstyle">Datum:</td><td class="normalstyle"><xsl:value-of select="substring(//@IssueInstant,9,2)"/><xsl:text>.</xsl:text><xsl:value-of select="substring(//@IssueInstant,6,2)"/><xsl:text>.</xsl:text><xsl:value-of select="substring(//@IssueInstant,1,4)"/></td></tr><tr><td class="italicstyle">Uhrzeit:</td><td class="normalstyle"><xsl:value-of select="substring(//@IssueInstant,12,2)"/><xsl:text>:</xsl:text><xsl:value-of select="substring(//@IssueInstant,15,2)"/><xsl:text>:</xsl:text><xsl:value-of select="substring(//@IssueInstant,18,2)"/></td></tr></table></body></html></xsl:template></xsl:stylesheet></dsig:Transform><dsig:Transform Algorithm="http://www.w3.org/TR/2001/REC-xml-c14n-20010315#WithComments"/></dsig:Transforms><sl10:FinalDataMetaInfo><sl10:MimeType>application/xhtml+xml</sl10:MimeType></sl10:FinalDataMetaInfo></sl10:TransformsInfo> \ No newline at end of file
diff --git a/id/server/doc/conf/moa-id/transforms/TransformsInfoAuthBlockTable_EN.xml b/id/server/doc/conf/moa-id/transforms/TransformsInfoAuthBlockTable_EN.xml
new file mode 100644
index 000000000..e220b8f82
--- /dev/null
+++ b/id/server/doc/conf/moa-id/transforms/TransformsInfoAuthBlockTable_EN.xml
@@ -0,0 +1,161 @@
+<sl10:TransformsInfo>
+ <dsig:Transforms xmlns:dsig="http://www.w3.org/2000/09/xmldsig#">
+ <dsig:Transform Algorithm="http://www.w3.org/TR/1999/REC-xslt-19991116">
+ <xsl:stylesheet version="1.0" xmlns:xsl="http://www.w3.org/1999/XSL/Transform" xmlns:saml="urn:oasis:names:tc:SAML:1.0:assertion" xmlns:pr="http://reference.e-government.gv.at/namespace/persondata/20020228#" exclude-result-prefixes="pr saml">
+ <xsl:output method="xml" xml:space="default"/>
+ <xsl:template match="/" xmlns="http://www.w3.org/1999/xhtml">
+ <html>
+ <head>
+ <title>Signing the authentication data</title>
+ <style type="text/css" media="screen">
+ .normalstyle { font-size: medium; }
+ .italicstyle { font-size: medium; font-style: italic; }
+ .titlestyle{ text-decoration:underline; font-weight:bold; font-size: medium; }
+ .h4style{ font-size: large; }
+ </style>
+ </head>
+ <body>
+ <h4 class="h4style">Authentication Data:</h4>
+ <p class="titlestyle">Personal Data</p>
+ <table class="parameters">
+ <xsl:if test="normalize-space(//@Issuer)">
+ <tr>
+ <td class="italicstyle">Name:</td>
+ <td class="normalstyle">
+ <xsl:value-of select="//@Issuer"/>
+ </td>
+ </tr>
+ </xsl:if>
+ <xsl:if test="string(//saml:Attribute[@AttributeName='Geburtsdatum']/saml:AttributeValue)">
+ <tr>
+ <td class="italicstyle">Date of Birth:</td>
+ <td class="normalstyle">
+ <xsl:value-of select="substring(//saml:Attribute[@AttributeName='Geburtsdatum']/saml:AttributeValue,9,2)"/>
+ <xsl:text>.</xsl:text>
+ <xsl:value-of select="substring(//saml:Attribute[@AttributeName='Geburtsdatum']/saml:AttributeValue,6,2)"/>
+ <xsl:text>.</xsl:text>
+ <xsl:value-of select="substring(//saml:Attribute[@AttributeName='Geburtsdatum']/saml:AttributeValue,1,4)"/>
+ </td>
+ </tr>
+ </xsl:if>
+ <xsl:if test="//saml:Attribute[@AttributeName='OIDTextualDescription']">
+ <tr>
+ <td class="italicstyle">Role:</td>
+ <td class="normalstyle">
+ <xsl:value-of select="//saml:Attribute[@AttributeName='OIDTextualDescription']/saml:AttributeValue"/>
+ </td>
+ </tr>
+ </xsl:if>
+ <xsl:if test="//saml:Attribute[@AttributeName='mandateReferenceValue']">
+ <tr>
+ <td class="italicstyle">Mandate:</td>
+ <td class="normalstyle">
+ <xsl:text>I log in as representative. In the next step a list of available mandates is shown. Here I select one mandate.</xsl:text>
+ </td>
+ </tr>
+ </xsl:if>
+ </table>
+ <p class="titlestyle">Application Data</p>
+ <table class="parameters">
+ <tr>
+ <td class="italicstyle">Name:</td>
+ <td class="normalstyle">
+ <xsl:value-of select="//saml:Attribute[@AttributeName='oaFriendlyName']/saml:AttributeValue"/>
+ </td>
+ </tr>
+ <tr>
+ <td class="italicstyle">Country:</td>
+ <td class="normalstyle">Austria</td>
+ </tr>
+ </table>
+ <p class="titlestyle">Technical Parameters</p>
+ <table class="parameters">
+ <tr>
+ <td class="italicstyle">URL:</td>
+ <td class="normalstyle">
+ <xsl:value-of select="//saml:Attribute[@AttributeName='OA']/saml:AttributeValue"/>
+ </td>
+ </tr>
+ <xsl:if test="//saml:Attribute[@AttributeName='Geschaeftsbereich']">
+ <tr>
+ <td class="italicstyle">Sector:</td>
+ <td class="normalstyle">
+ <xsl:value-of select="//saml:Attribute[@AttributeName='Geschaeftsbereich']/saml:AttributeValue"/>
+ </td>
+ </tr>
+ </xsl:if>
+ <xsl:if test="//saml:Attribute[@AttributeName='mandateReferenceValue']">
+ <tr>
+ <td class="italicstyle">
+ Mandate Reference:</td>
+ <td class="normalstyle">
+ <xsl:value-of select="//saml:Attribute[@AttributeName='mandateReferenceValue']"/>
+ </td>
+ </tr>
+ </xsl:if>
+ <xsl:if test="//saml:Attribute[@AttributeName='IdentityLinkDomainIdentifierType']">
+ <tr>
+ <td class="italicstyle">
+ <xsl:value-of select="//saml:Attribute[@AttributeName='IdentityLinkDomainIdentifierType']"/>:</td>
+ <td class="normalstyle">
+ <xsl:value-of select="//saml:Attribute[@AttributeName='wbPK']/saml:AttributeValue/pr:Identification/pr:Type"/>
+ </td>
+ </tr>
+ </xsl:if>
+ <xsl:if test="//saml:Attribute[@AttributeName='bPK'] or //saml:Attribute[@AttributeName='wbPK']">
+ <tr>
+ <td class="italicstyle">Identifier:</td>
+ <td class="normalstyle">
+ <xsl:value-of select="//saml:Attribute[@AttributeName='bPK']/saml:AttributeValue/pr:Identification/pr:Value"/>
+ <xsl:value-of select="//saml:Attribute[@AttributeName='wbPK']/saml:AttributeValue/pr:Identification/pr:Value"/>
+ </td>
+ </tr>
+ </xsl:if>
+ <xsl:if test="//saml:Attribute[@AttributeName='OIDTextualDescription']">
+ <tr>
+ <td class="italicstyle">OID:</td>
+ <td class="normalstyle">
+ <xsl:value-of select="//saml:Attribute[@AttributeName='OID']/saml:AttributeValue"/>
+ </td>
+ </tr>
+ </xsl:if>
+ <xsl:if test="//saml:Attribute[@AttributeName='HPI']">
+ <tr>
+ <td class="italicstyle">HPI:</td>
+ <td class="normalstyle">
+ <xsl:value-of select="//saml:Attribute[@AttributeName='HPI']/saml:AttributeValue"/>
+ </td>
+ </tr>
+ </xsl:if>
+ <tr>
+ <td class="italicstyle">Date:</td>
+ <td class="normalstyle">
+ <xsl:value-of select="substring(//@IssueInstant,9,2)"/>
+ <xsl:text>.</xsl:text>
+ <xsl:value-of select="substring(//@IssueInstant,6,2)"/>
+ <xsl:text>.</xsl:text>
+ <xsl:value-of select="substring(//@IssueInstant,1,4)"/>
+ </td>
+ </tr>
+ <tr>
+ <td class="italicstyle">Time:</td>
+ <td class="normalstyle">
+ <xsl:value-of select="substring(//@IssueInstant,12,2)"/>
+ <xsl:text>:</xsl:text>
+ <xsl:value-of select="substring(//@IssueInstant,15,2)"/>
+ <xsl:text>:</xsl:text>
+ <xsl:value-of select="substring(//@IssueInstant,18,2)"/>
+ </td>
+ </tr>
+ </table>
+ </body>
+ </html>
+ </xsl:template>
+ </xsl:stylesheet>
+ </dsig:Transform>
+ <dsig:Transform Algorithm="http://www.w3.org/TR/2001/REC-xml-c14n-20010315#WithComments"/>
+ </dsig:Transforms>
+ <sl10:FinalDataMetaInfo>
+ <sl10:MimeType>application/xhtml+xml</sl10:MimeType>
+ </sl10:FinalDataMetaInfo>
+</sl10:TransformsInfo>
diff --git a/id/server/doc/conf/moa-spss/SampleMOASPSSConfiguration.xml b/id/server/doc/conf/moa-spss/SampleMOASPSSConfiguration.xml
new file mode 100644
index 000000000..14acd54f2
--- /dev/null
+++ b/id/server/doc/conf/moa-spss/SampleMOASPSSConfiguration.xml
@@ -0,0 +1,83 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!--MOA SPSS 1.3 Configuration File created by MOA SPSS Configuration Mapper-->
+<cfg:MOAConfiguration xmlns:cfg="http://reference.e-government.gv.at/namespace/moaconfig/20021122#" xmlns:dsig="http://www.w3.org/2000/09/xmldsig#">
+ <cfg:SignatureVerification>
+ <cfg:CertificateValidation>
+ <cfg:PathConstruction>
+ <cfg:AutoAddCertificates>true</cfg:AutoAddCertificates>
+ <cfg:UseAuthorityInformationAccess>true</cfg:UseAuthorityInformationAccess>
+ <cfg:CertificateStore>
+ <cfg:DirectoryStore>
+ <cfg:Location>certstore</cfg:Location>
+ </cfg:DirectoryStore>
+ </cfg:CertificateStore>
+ </cfg:PathConstruction>
+ <cfg:PathValidation>
+ <cfg:ChainingMode>
+ <cfg:DefaultMode>pkix</cfg:DefaultMode>
+ <cfg:TrustAnchor>
+ <cfg:Identification>
+ <dsig:X509IssuerName>CN=A-Trust-nQual-0,OU=A-Trust-nQual-0,O=A-Trust,C=AT</dsig:X509IssuerName>
+ <dsig:X509SerialNumber>536</dsig:X509SerialNumber>
+ </cfg:Identification>
+ <cfg:Mode>chaining</cfg:Mode>
+ </cfg:TrustAnchor>
+ </cfg:ChainingMode>
+ <cfg:TrustProfile>
+ <cfg:Id>MOAIDBuergerkartePersonenbindung</cfg:Id>
+ <cfg:TrustAnchorsLocation>trustProfiles/MOAIDBuergerkartePersonenbindungOhneTestkarten</cfg:TrustAnchorsLocation>
+ </cfg:TrustProfile>
+ <cfg:TrustProfile>
+ <cfg:Id>MOAIDBuergerkarteAuthentisierungsDaten</cfg:Id>
+ <cfg:TrustAnchorsLocation>trustProfiles/MOAIDBuergerkarteAuthentisierungsDatenOhneTestkarten</cfg:TrustAnchorsLocation>
+ </cfg:TrustProfile>
+ <cfg:TrustProfile>
+ <cfg:Id>MOAIDBuergerkartePersonenbindungMitTestkarten</cfg:Id>
+ <cfg:TrustAnchorsLocation>trustProfiles/MOAIDBuergerkartePersonenbindungMitTestkarten</cfg:TrustAnchorsLocation>
+ </cfg:TrustProfile>
+ <cfg:TrustProfile>
+ <cfg:Id>MOAIDBuergerkarteAuthentisierungsDatenMitTestkarten</cfg:Id>
+ <cfg:TrustAnchorsLocation>trustProfiles/MOAIDBuergerkarteAuthentisierungsDatenMitTestkarten</cfg:TrustAnchorsLocation>
+ </cfg:TrustProfile>
+ <cfg:TrustProfile>
+ <cfg:Id>C-PEPS-Test</cfg:Id>
+ <cfg:TrustAnchorsLocation>trustProfiles/C-PEPS-Test</cfg:TrustAnchorsLocation>
+ </cfg:TrustProfile>
+ <cfg:TrustProfile>
+ <cfg:Id>C-PEPS</cfg:Id>
+ <cfg:TrustAnchorsLocation>trustProfiles/C-PEPS</cfg:TrustAnchorsLocation>
+ </cfg:TrustProfile>
+ </cfg:PathValidation>
+ <cfg:RevocationChecking>
+ <cfg:EnableChecking>true</cfg:EnableChecking>
+ <cfg:MaxRevocationAge>0</cfg:MaxRevocationAge>
+ <cfg:ServiceOrder>
+ <cfg:Service>CRL</cfg:Service>
+ <cfg:Service>OCSP</cfg:Service>
+ </cfg:ServiceOrder>
+ <cfg:Archiving>
+ <cfg:EnableArchiving>false</cfg:EnableArchiving>
+ <cfg:ArchiveDuration>365</cfg:ArchiveDuration>
+ <cfg:Archive>
+ <cfg:DatabaseArchive>
+ <cfg:JDBCURL>jdbc:url</cfg:JDBCURL>
+ <cfg:JDBCDriverClassName>fully.qualified.classname</cfg:JDBCDriverClassName>
+ </cfg:DatabaseArchive>
+ </cfg:Archive>
+ </cfg:Archiving>
+ </cfg:RevocationChecking>
+ </cfg:CertificateValidation>
+ <cfg:VerifyTransformsInfoProfile>
+ <cfg:Id>MOAIDTransformAuthBlockTable_DE_2.0</cfg:Id>
+ <cfg:Location>profiles/MOAIDTransformAuthBlockTable_DE_2.0.xml</cfg:Location>
+ </cfg:VerifyTransformsInfoProfile>
+ <cfg:VerifyTransformsInfoProfile>
+ <cfg:Id>MOAIDTransformAuthBlockTable_DE</cfg:Id>
+ <cfg:Location>profiles/MOAIDTransformAuthBlockTable_DE.xml</cfg:Location>
+ </cfg:VerifyTransformsInfoProfile>
+ <cfg:VerifyTransformsInfoProfile>
+ <cfg:Id>MOAIDTransformAuthBlockTable_EN</cfg:Id>
+ <cfg:Location>profiles/MOAIDTransformAuthBlockTable_EN.xml</cfg:Location>
+ </cfg:VerifyTransformsInfoProfile>
+ </cfg:SignatureVerification>
+</cfg:MOAConfiguration>
diff --git a/id/server/doc/conf/moa-spss/certstore/01540E2704537AA810D671E1C4106FD8821EB52A/C2556DADDF68A9EEF7F5C14A24CA33BCA930B201 b/id/server/doc/conf/moa-spss/certstore/01540E2704537AA810D671E1C4106FD8821EB52A/C2556DADDF68A9EEF7F5C14A24CA33BCA930B201
new file mode 100644
index 000000000..592c96230
--- /dev/null
+++ b/id/server/doc/conf/moa-spss/certstore/01540E2704537AA810D671E1C4106FD8821EB52A/C2556DADDF68A9EEF7F5C14A24CA33BCA930B201
Binary files differ
diff --git a/id/server/doc/conf/moa-spss/certstore/0A5C2C9276B649D088A86BD9FD97E2B95658481D/08CAE18D8CFF86144CB8FFD671B916CAAB8BD4E9 b/id/server/doc/conf/moa-spss/certstore/0A5C2C9276B649D088A86BD9FD97E2B95658481D/08CAE18D8CFF86144CB8FFD671B916CAAB8BD4E9
new file mode 100644
index 000000000..cac44093a
--- /dev/null
+++ b/id/server/doc/conf/moa-spss/certstore/0A5C2C9276B649D088A86BD9FD97E2B95658481D/08CAE18D8CFF86144CB8FFD671B916CAAB8BD4E9
Binary files differ
diff --git a/id/server/doc/conf/moa-spss/certstore/10D143E18C03A4A29F783D26F2F67E3B64C35CB0/BE9D654B0DE0F3CC53CA36703DD9D9049A5F9330 b/id/server/doc/conf/moa-spss/certstore/10D143E18C03A4A29F783D26F2F67E3B64C35CB0/BE9D654B0DE0F3CC53CA36703DD9D9049A5F9330
new file mode 100644
index 000000000..32893db7f
--- /dev/null
+++ b/id/server/doc/conf/moa-spss/certstore/10D143E18C03A4A29F783D26F2F67E3B64C35CB0/BE9D654B0DE0F3CC53CA36703DD9D9049A5F9330
Binary files differ
diff --git a/id/server/doc/conf/moa-spss/certstore/238ACC1D03DA5A2E7E580D760FB3EE218FDC5A97/D3C063F219ED073E34AD5D750B327629FFD59AF2 b/id/server/doc/conf/moa-spss/certstore/238ACC1D03DA5A2E7E580D760FB3EE218FDC5A97/D3C063F219ED073E34AD5D750B327629FFD59AF2
new file mode 100644
index 000000000..33e776369
--- /dev/null
+++ b/id/server/doc/conf/moa-spss/certstore/238ACC1D03DA5A2E7E580D760FB3EE218FDC5A97/D3C063F219ED073E34AD5D750B327629FFD59AF2
Binary files differ
diff --git a/id/server/doc/conf/moa-spss/certstore/31B5BA02D476873C5220CDCFA0C095C4A31DEFDF/88D6151358A5E3C81D7AE1A536121DC03011BC03 b/id/server/doc/conf/moa-spss/certstore/31B5BA02D476873C5220CDCFA0C095C4A31DEFDF/88D6151358A5E3C81D7AE1A536121DC03011BC03
new file mode 100644
index 000000000..376d0753f
--- /dev/null
+++ b/id/server/doc/conf/moa-spss/certstore/31B5BA02D476873C5220CDCFA0C095C4A31DEFDF/88D6151358A5E3C81D7AE1A536121DC03011BC03
Binary files differ
diff --git a/id/server/doc/conf/moa-spss/certstore/328AA897B7E6270202B2FC0889FF88D66BB41122/35A40EF932B1F23980E2C672FC939E91EEBD0317 b/id/server/doc/conf/moa-spss/certstore/328AA897B7E6270202B2FC0889FF88D66BB41122/35A40EF932B1F23980E2C672FC939E91EEBD0317
new file mode 100644
index 000000000..73553b996
--- /dev/null
+++ b/id/server/doc/conf/moa-spss/certstore/328AA897B7E6270202B2FC0889FF88D66BB41122/35A40EF932B1F23980E2C672FC939E91EEBD0317
Binary files differ
diff --git a/id/server/doc/conf/moa-spss/certstore/3314CE3E42175EACC28D57C35F192430BBADAC1A/B1D0BC027906A3B7E7518C93ACB26D978233ED27 b/id/server/doc/conf/moa-spss/certstore/3314CE3E42175EACC28D57C35F192430BBADAC1A/B1D0BC027906A3B7E7518C93ACB26D978233ED27
new file mode 100644
index 000000000..5171276f4
--- /dev/null
+++ b/id/server/doc/conf/moa-spss/certstore/3314CE3E42175EACC28D57C35F192430BBADAC1A/B1D0BC027906A3B7E7518C93ACB26D978233ED27
Binary files differ
diff --git a/id/server/doc/conf/moa-spss/certstore/47ED4C584F9DCD54A6C2925252C5603ADAC93F49/84E4E75DBB2FD6397E6ABBD27FBE16D5BA71923E b/id/server/doc/conf/moa-spss/certstore/47ED4C584F9DCD54A6C2925252C5603ADAC93F49/84E4E75DBB2FD6397E6ABBD27FBE16D5BA71923E
new file mode 100644
index 000000000..3be7b6a06
--- /dev/null
+++ b/id/server/doc/conf/moa-spss/certstore/47ED4C584F9DCD54A6C2925252C5603ADAC93F49/84E4E75DBB2FD6397E6ABBD27FBE16D5BA71923E
Binary files differ
diff --git a/id/server/doc/conf/moa-spss/certstore/68AF646E90A6FF370230F64ACD4E8A4F12C03916/CA80A13D41116E24CB1479E970CDC1C030C5907C b/id/server/doc/conf/moa-spss/certstore/68AF646E90A6FF370230F64ACD4E8A4F12C03916/CA80A13D41116E24CB1479E970CDC1C030C5907C
new file mode 100644
index 000000000..277b6083a
--- /dev/null
+++ b/id/server/doc/conf/moa-spss/certstore/68AF646E90A6FF370230F64ACD4E8A4F12C03916/CA80A13D41116E24CB1479E970CDC1C030C5907C
Binary files differ
diff --git a/id/server/doc/conf/moa-spss/certstore/6F5F08A3A5D59CA877CB146F00BB0264369B2304/7A2CFA69FCA284D4627012A7A55662594C803B2A b/id/server/doc/conf/moa-spss/certstore/6F5F08A3A5D59CA877CB146F00BB0264369B2304/7A2CFA69FCA284D4627012A7A55662594C803B2A
new file mode 100644
index 000000000..ad13d7b28
--- /dev/null
+++ b/id/server/doc/conf/moa-spss/certstore/6F5F08A3A5D59CA877CB146F00BB0264369B2304/7A2CFA69FCA284D4627012A7A55662594C803B2A
Binary files differ
diff --git a/id/server/doc/conf/moa-spss/certstore/6F5F08A3A5D59CA877CB146F00BB0264369B2304/ADEC5673B57A18F16EFAF75EEFBFAD4841E2CD2B b/id/server/doc/conf/moa-spss/certstore/6F5F08A3A5D59CA877CB146F00BB0264369B2304/ADEC5673B57A18F16EFAF75EEFBFAD4841E2CD2B
new file mode 100644
index 000000000..d361d919f
--- /dev/null
+++ b/id/server/doc/conf/moa-spss/certstore/6F5F08A3A5D59CA877CB146F00BB0264369B2304/ADEC5673B57A18F16EFAF75EEFBFAD4841E2CD2B
Binary files differ
diff --git a/id/server/doc/conf/moa-spss/certstore/88BBA52A5AF119284F03A7D0D1DA61934EE57A79/FE4F09F5D1A4AADE9232D9E2D6B9A2552BC48A22 b/id/server/doc/conf/moa-spss/certstore/88BBA52A5AF119284F03A7D0D1DA61934EE57A79/FE4F09F5D1A4AADE9232D9E2D6B9A2552BC48A22
new file mode 100644
index 000000000..a699436ca
--- /dev/null
+++ b/id/server/doc/conf/moa-spss/certstore/88BBA52A5AF119284F03A7D0D1DA61934EE57A79/FE4F09F5D1A4AADE9232D9E2D6B9A2552BC48A22
Binary files differ
diff --git a/id/server/doc/conf/moa-spss/certstore/9014D44A2072A5D74E12C7FE47F37D68371E1C42/679A4F81FC705DDEC419778DD2EBD875F4C242C6 b/id/server/doc/conf/moa-spss/certstore/9014D44A2072A5D74E12C7FE47F37D68371E1C42/679A4F81FC705DDEC419778DD2EBD875F4C242C6
new file mode 100644
index 000000000..36a442b89
--- /dev/null
+++ b/id/server/doc/conf/moa-spss/certstore/9014D44A2072A5D74E12C7FE47F37D68371E1C42/679A4F81FC705DDEC419778DD2EBD875F4C242C6
Binary files differ
diff --git a/id/server/doc/conf/moa-spss/certstore/9014D44A2072A5D74E12C7FE47F37D68371E1C42/82096E6D9B1248321625323D52858642CB0B748E b/id/server/doc/conf/moa-spss/certstore/9014D44A2072A5D74E12C7FE47F37D68371E1C42/82096E6D9B1248321625323D52858642CB0B748E
new file mode 100644
index 000000000..54f809962
--- /dev/null
+++ b/id/server/doc/conf/moa-spss/certstore/9014D44A2072A5D74E12C7FE47F37D68371E1C42/82096E6D9B1248321625323D52858642CB0B748E
Binary files differ
diff --git a/id/server/doc/conf/moa-spss/certstore/A95F0C3FA54CA93E3D5BA61AD23459300FA498D6/D4D1370FD1D9EAA46412008FF3E59E114BCF724A b/id/server/doc/conf/moa-spss/certstore/A95F0C3FA54CA93E3D5BA61AD23459300FA498D6/D4D1370FD1D9EAA46412008FF3E59E114BCF724A
new file mode 100644
index 000000000..3c7775b6e
--- /dev/null
+++ b/id/server/doc/conf/moa-spss/certstore/A95F0C3FA54CA93E3D5BA61AD23459300FA498D6/D4D1370FD1D9EAA46412008FF3E59E114BCF724A
Binary files differ
diff --git a/id/server/doc/conf/moa-spss/certstore/A95F0C3FA54CA93E3D5BA61AD23459300FA498D6/DFA7DDEF5C212F0F0651E2A9DE1CE4A1AC63AF7A b/id/server/doc/conf/moa-spss/certstore/A95F0C3FA54CA93E3D5BA61AD23459300FA498D6/DFA7DDEF5C212F0F0651E2A9DE1CE4A1AC63AF7A
new file mode 100644
index 000000000..b6f39e354
--- /dev/null
+++ b/id/server/doc/conf/moa-spss/certstore/A95F0C3FA54CA93E3D5BA61AD23459300FA498D6/DFA7DDEF5C212F0F0651E2A9DE1CE4A1AC63AF7A
Binary files differ
diff --git a/id/server/doc/conf/moa-spss/certstore/A95F0C3FA54CA93E3D5BA61AD23459300FA498D6/E619D25B380B7B13FDA33E8A58CD82D8A88E0515 b/id/server/doc/conf/moa-spss/certstore/A95F0C3FA54CA93E3D5BA61AD23459300FA498D6/E619D25B380B7B13FDA33E8A58CD82D8A88E0515
new file mode 100644
index 000000000..f9fef65fc
--- /dev/null
+++ b/id/server/doc/conf/moa-spss/certstore/A95F0C3FA54CA93E3D5BA61AD23459300FA498D6/E619D25B380B7B13FDA33E8A58CD82D8A88E0515
Binary files differ
diff --git a/id/server/doc/conf/moa-spss/certstore/A95F0C3FA54CA93E3D5BA61AD23459300FA498D6/F825578F8F5484DFB40F81867C392D6CB0012B92 b/id/server/doc/conf/moa-spss/certstore/A95F0C3FA54CA93E3D5BA61AD23459300FA498D6/F825578F8F5484DFB40F81867C392D6CB0012B92
new file mode 100644
index 000000000..f9f27442b
--- /dev/null
+++ b/id/server/doc/conf/moa-spss/certstore/A95F0C3FA54CA93E3D5BA61AD23459300FA498D6/F825578F8F5484DFB40F81867C392D6CB0012B92
Binary files differ
diff --git a/id/server/doc/conf/moa-spss/certstore/AC1B67D7D5A300767C0944ACE8458DD49960F1BD/4D523730501ADB80A76B0B473A4D21C7D86F8374 b/id/server/doc/conf/moa-spss/certstore/AC1B67D7D5A300767C0944ACE8458DD49960F1BD/4D523730501ADB80A76B0B473A4D21C7D86F8374
new file mode 100644
index 000000000..61a7ccb15
--- /dev/null
+++ b/id/server/doc/conf/moa-spss/certstore/AC1B67D7D5A300767C0944ACE8458DD49960F1BD/4D523730501ADB80A76B0B473A4D21C7D86F8374
Binary files differ
diff --git a/id/server/doc/conf/moa-spss/certstore/AF03510E8BCAE72BB7C4E9D1910B4E12057075A4/7AC3EFA52DE27A930EC8754DB5E061476948E914 b/id/server/doc/conf/moa-spss/certstore/AF03510E8BCAE72BB7C4E9D1910B4E12057075A4/7AC3EFA52DE27A930EC8754DB5E061476948E914
new file mode 100644
index 000000000..911640d0e
--- /dev/null
+++ b/id/server/doc/conf/moa-spss/certstore/AF03510E8BCAE72BB7C4E9D1910B4E12057075A4/7AC3EFA52DE27A930EC8754DB5E061476948E914
Binary files differ
diff --git a/id/server/doc/conf/moa-spss/certstore/BF375B55D8D7CFC31FD8E3FBF7B1981A91A1A6CA/42EFDDE6BFF35ED0BAE6ACDD204C50AE86C4F4FA b/id/server/doc/conf/moa-spss/certstore/BF375B55D8D7CFC31FD8E3FBF7B1981A91A1A6CA/42EFDDE6BFF35ED0BAE6ACDD204C50AE86C4F4FA
new file mode 100644
index 000000000..ab9e0cd7d
--- /dev/null
+++ b/id/server/doc/conf/moa-spss/certstore/BF375B55D8D7CFC31FD8E3FBF7B1981A91A1A6CA/42EFDDE6BFF35ED0BAE6ACDD204C50AE86C4F4FA
Binary files differ
diff --git a/id/server/doc/conf/moa-spss/certstore/BF375B55D8D7CFC31FD8E3FBF7B1981A91A1A6CA/51C01567BCB22968EF5A297B7EA84E195594E0E8 b/id/server/doc/conf/moa-spss/certstore/BF375B55D8D7CFC31FD8E3FBF7B1981A91A1A6CA/51C01567BCB22968EF5A297B7EA84E195594E0E8
new file mode 100644
index 000000000..01965769d
--- /dev/null
+++ b/id/server/doc/conf/moa-spss/certstore/BF375B55D8D7CFC31FD8E3FBF7B1981A91A1A6CA/51C01567BCB22968EF5A297B7EA84E195594E0E8
Binary files differ
diff --git a/id/server/doc/conf/moa-spss/certstore/CC93161E57C3898635E1D086008BD053F542457F/7D60E314AA6AEF548A614A9354C5068192051A29 b/id/server/doc/conf/moa-spss/certstore/CC93161E57C3898635E1D086008BD053F542457F/7D60E314AA6AEF548A614A9354C5068192051A29
new file mode 100644
index 000000000..afe6fdf09
--- /dev/null
+++ b/id/server/doc/conf/moa-spss/certstore/CC93161E57C3898635E1D086008BD053F542457F/7D60E314AA6AEF548A614A9354C5068192051A29
Binary files differ
diff --git a/id/server/doc/conf/moa-spss/certstore/E47BA33321A8A919414A123C91F5D253766AB078/698563ECEE29232C5304487D972310F86650C3A6 b/id/server/doc/conf/moa-spss/certstore/E47BA33321A8A919414A123C91F5D253766AB078/698563ECEE29232C5304487D972310F86650C3A6
new file mode 100644
index 000000000..ebfbce9a0
--- /dev/null
+++ b/id/server/doc/conf/moa-spss/certstore/E47BA33321A8A919414A123C91F5D253766AB078/698563ECEE29232C5304487D972310F86650C3A6
Binary files differ
diff --git a/id/server/doc/conf/moa-spss/certstore/toBeAdded/A-Trust-Root-05.20130923-20230920.SerNoFCDB4.cer b/id/server/doc/conf/moa-spss/certstore/toBeAdded/A-Trust-Root-05.20130923-20230920.SerNoFCDB4.cer
new file mode 100644
index 000000000..b9a0e5a61
--- /dev/null
+++ b/id/server/doc/conf/moa-spss/certstore/toBeAdded/A-Trust-Root-05.20130923-20230920.SerNoFCDB4.cer
Binary files differ
diff --git a/id/server/doc/conf/moa-spss/certstore/toBeAdded/A-Trust-nQual-03.20050817-20150817.SerNo016c1e.cer b/id/server/doc/conf/moa-spss/certstore/toBeAdded/A-Trust-nQual-03.20050817-20150817.SerNo016c1e.cer
new file mode 100644
index 000000000..33e776369
--- /dev/null
+++ b/id/server/doc/conf/moa-spss/certstore/toBeAdded/A-Trust-nQual-03.20050817-20150817.SerNo016c1e.cer
Binary files differ
diff --git a/id/server/doc/conf/moa-spss/certstore/toBeAdded/a-sign-SSL-03.cer b/id/server/doc/conf/moa-spss/certstore/toBeAdded/a-sign-SSL-03.cer
new file mode 100644
index 000000000..a699436ca
--- /dev/null
+++ b/id/server/doc/conf/moa-spss/certstore/toBeAdded/a-sign-SSL-03.cer
Binary files differ
diff --git a/id/server/doc/conf/moa-spss/certstore/toBeAdded/atrust_OCSP_Responder_03-1.crt b/id/server/doc/conf/moa-spss/certstore/toBeAdded/atrust_OCSP_Responder_03-1.crt
new file mode 100644
index 000000000..ebfbce9a0
--- /dev/null
+++ b/id/server/doc/conf/moa-spss/certstore/toBeAdded/atrust_OCSP_Responder_03-1.crt
Binary files differ
diff --git a/id/server/doc/conf/moa-spss/profiles/MOAIDTransformAuthBlockTable_DE.xml b/id/server/doc/conf/moa-spss/profiles/MOAIDTransformAuthBlockTable_DE.xml
new file mode 100644
index 000000000..afeccd25f
--- /dev/null
+++ b/id/server/doc/conf/moa-spss/profiles/MOAIDTransformAuthBlockTable_DE.xml
@@ -0,0 +1,159 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<VerifyTransformsInfoProfile xmlns="http://reference.e-government.gv.at/namespace/moa/20020822#">
+ <dsig:Transforms xmlns:dsig="http://www.w3.org/2000/09/xmldsig#">
+ <dsig:Transform Algorithm="http://www.w3.org/TR/1999/REC-xslt-19991116">
+ <xsl:stylesheet version="1.0" xmlns:xsl="http://www.w3.org/1999/XSL/Transform" xmlns:saml="urn:oasis:names:tc:SAML:1.0:assertion" xmlns:pr="http://reference.e-government.gv.at/namespace/persondata/20020228#" exclude-result-prefixes="pr saml">
+ <xsl:output method="xml" xml:space="default"/>
+ <xsl:template match="/" xmlns="http://www.w3.org/1999/xhtml">
+ <html>
+ <head>
+ <title>Signatur der Anmeldedaten</title>
+ <style type="text/css" media="screen">
+ .normalstyle { font-size: medium; }
+ .italicstyle { font-size: medium; font-style: italic; }
+ .titlestyle{ text-decoration:underline; font-weight:bold; font-size: medium; }
+ .h4style{ font-size: large; }
+ </style>
+ </head>
+ <body>
+ <h4 class="h4style">Anmeldedaten:</h4>
+ <p class="titlestyle">Daten zur Person</p>
+ <table class="parameters">
+ <xsl:if test="normalize-space(//@Issuer)">
+ <tr>
+ <td class="italicstyle">Name:</td>
+ <td class="normalstyle">
+ <xsl:value-of select="//@Issuer"/>
+ </td>
+ </tr>
+ </xsl:if>
+ <xsl:if test="string(//saml:Attribute[@AttributeName='Geburtsdatum']/saml:AttributeValue)">
+ <tr>
+ <td class="italicstyle">Geburtsdatum:</td>
+ <td class="normalstyle">
+ <xsl:value-of select="substring(//saml:Attribute[@AttributeName='Geburtsdatum']/saml:AttributeValue,9,2)"/>
+ <xsl:text>.</xsl:text>
+ <xsl:value-of select="substring(//saml:Attribute[@AttributeName='Geburtsdatum']/saml:AttributeValue,6,2)"/>
+ <xsl:text>.</xsl:text>
+ <xsl:value-of select="substring(//saml:Attribute[@AttributeName='Geburtsdatum']/saml:AttributeValue,1,4)"/>
+ </td>
+ </tr>
+ </xsl:if>
+ <xsl:if test="//saml:Attribute[@AttributeName='OIDTextualDescription']">
+ <tr>
+ <td class="italicstyle">Rolle:</td>
+ <td class="normalstyle">
+ <xsl:value-of select="//saml:Attribute[@AttributeName='OIDTextualDescription']/saml:AttributeValue"/>
+ </td>
+ </tr>
+ </xsl:if>
+ <xsl:if test="//saml:Attribute[@AttributeName='mandateReferenceValue']">
+ <tr>
+ <td class="italicstyle">Vollmacht:</td>
+ <td class="normalstyle">
+ <xsl:text>Ich melde mich in Vertretung an. Im nächsten Schritt wird mir eine Liste der für mich verfügbaren Vertretungsverhältnisse angezeigt, aus denen ich eines auswählen werde.</xsl:text>
+ </td>
+ </tr>
+ </xsl:if>
+ </table>
+ <p class="titlestyle">Daten zur Anwendung</p>
+ <table class="parameters">
+ <tr>
+ <td class="italicstyle">Name:</td>
+ <td class="normalstyle">
+ <xsl:value-of select="//saml:Attribute[@AttributeName='oaFriendlyName']/saml:AttributeValue"/>
+ </td>
+ </tr>
+ <tr>
+ <td class="italicstyle">Staat:</td>
+ <td class="normalstyle">Österreich</td>
+ </tr>
+ </table>
+ <p class="titlestyle">Technische Parameter</p>
+ <table class="parameters">
+ <tr>
+ <td class="italicstyle">URL:</td>
+ <td class="normalstyle">
+ <xsl:value-of select="//saml:Attribute[@AttributeName='OA']/saml:AttributeValue"/>
+ </td>
+ </tr>
+ <xsl:if test="//saml:Attribute[@AttributeName='Geschaeftsbereich']">
+ <tr>
+ <td class="italicstyle">Bereich:</td>
+ <td class="normalstyle">
+ <xsl:value-of select="//saml:Attribute[@AttributeName='Geschaeftsbereich']/saml:AttributeValue"/>
+ </td>
+ </tr>
+ </xsl:if>
+ <xsl:if test="//saml:Attribute[@AttributeName='mandateReferenceValue']">
+ <tr>
+ <td class="italicstyle">
+ Vollmachten-Referenz:</td>
+ <td class="normalstyle">
+ <xsl:value-of select="//saml:Attribute[@AttributeName='mandateReferenceValue']"/>
+ </td>
+ </tr>
+ </xsl:if>
+ <xsl:if test="//saml:Attribute[@AttributeName='IdentityLinkDomainIdentifierType']">
+ <tr>
+ <td class="italicstyle">
+ <xsl:value-of select="//saml:Attribute[@AttributeName='IdentityLinkDomainIdentifierType']"/>:</td>
+ <td class="normalstyle">
+ <xsl:value-of select="//saml:Attribute[@AttributeName='wbPK']/saml:AttributeValue/pr:Identification/pr:Type"/>
+ </td>
+ </tr>
+ </xsl:if>
+ <xsl:if test="//saml:Attribute[@AttributeName='bPK'] or //saml:Attribute[@AttributeName='wbPK']">
+ <tr>
+ <td class="italicstyle">Identifikator:</td>
+ <td class="normalstyle">
+ <xsl:value-of select="//saml:Attribute[@AttributeName='bPK']/saml:AttributeValue/pr:Identification/pr:Value"/>
+ <xsl:value-of select="//saml:Attribute[@AttributeName='wbPK']/saml:AttributeValue/pr:Identification/pr:Value"/>
+ </td>
+ </tr>
+ </xsl:if>
+ <xsl:if test="//saml:Attribute[@AttributeName='OIDTextualDescription']">
+ <tr>
+ <td class="italicstyle">OID:</td>
+ <td class="normalstyle">
+ <xsl:value-of select="//saml:Attribute[@AttributeName='OID']/saml:AttributeValue"/>
+ </td>
+ </tr>
+ </xsl:if>
+ <xsl:if test="//saml:Attribute[@AttributeName='HPI']">
+ <tr>
+ <td class="italicstyle">HPI:</td>
+ <td class="normalstyle">
+ <xsl:value-of select="//saml:Attribute[@AttributeName='HPI']/saml:AttributeValue"/>
+ </td>
+ </tr>
+ </xsl:if>
+ <tr>
+ <td class="italicstyle">Datum:</td>
+ <td class="normalstyle">
+ <xsl:value-of select="substring(//@IssueInstant,9,2)"/>
+ <xsl:text>.</xsl:text>
+ <xsl:value-of select="substring(//@IssueInstant,6,2)"/>
+ <xsl:text>.</xsl:text>
+ <xsl:value-of select="substring(//@IssueInstant,1,4)"/>
+ </td>
+ </tr>
+ <tr>
+ <td class="italicstyle">Uhrzeit:</td>
+ <td class="normalstyle">
+ <xsl:value-of select="substring(//@IssueInstant,12,2)"/>
+ <xsl:text>:</xsl:text>
+ <xsl:value-of select="substring(//@IssueInstant,15,2)"/>
+ <xsl:text>:</xsl:text>
+ <xsl:value-of select="substring(//@IssueInstant,18,2)"/>
+ </td>
+ </tr>
+ </table>
+ </body>
+ </html>
+ </xsl:template>
+ </xsl:stylesheet>
+ </dsig:Transform>
+ <dsig:Transform Algorithm="http://www.w3.org/TR/2001/REC-xml-c14n-20010315#WithComments"/>
+ </dsig:Transforms>
+</VerifyTransformsInfoProfile>
diff --git a/id/server/doc/conf/moa-spss/profiles/MOAIDTransformAuthBlockTable_DE_2.0.xml b/id/server/doc/conf/moa-spss/profiles/MOAIDTransformAuthBlockTable_DE_2.0.xml
new file mode 100644
index 000000000..dc472efcb
--- /dev/null
+++ b/id/server/doc/conf/moa-spss/profiles/MOAIDTransformAuthBlockTable_DE_2.0.xml
@@ -0,0 +1,7 @@
+<?xml version="1.0" encoding="UTF-8"?><VerifyTransformsInfoProfile xmlns="http://reference.e-government.gv.at/namespace/moa/20020822#"><dsig:Transforms xmlns:dsig="http://www.w3.org/2000/09/xmldsig#"><dsig:Transform Algorithm="http://www.w3.org/TR/1999/REC-xslt-19991116"><xsl:stylesheet version="1.0" xmlns:xsl="http://www.w3.org/1999/XSL/Transform" xmlns:saml="urn:oasis:names:tc:SAML:1.0:assertion" xmlns:pr="http://reference.e-government.gv.at/namespace/persondata/20020228#" exclude-result-prefixes="pr saml"><xsl:output method="xml" xml:space="default"/><xsl:template match="/" xmlns="http://www.w3.org/1999/xhtml"><html><head><title>Signatur der Anmeldedaten</title><style type="text/css" media="screen">
+ .normalstyle { font-size: medium; }
+ .italicstyle { font-size: medium; font-style: italic; }
+ .titlestyle{ text-decoration:underline; font-weight:bold; font-size: medium; }
+ .h4style{ font-size: large; }
+ </style></head><body><h4 class="h4style">Anmeldedaten:</h4><xsl:if test="string(//saml:Attribute[@AttributeName='SpecialText']/saml:AttributeValue)"><p class="normalstyle"><xsl:value-of select="//saml:Attribute[@AttributeName='SpecialText']/saml:AttributeValue"/></p></xsl:if><p class="titlestyle">Daten zur Person</p><table class="parameters"><xsl:if test="normalize-space(//@Issuer)"><tr><td class="italicstyle">Name:</td><td class="normalstyle"><xsl:value-of select="//@Issuer"/></td></tr></xsl:if><xsl:if test="string(//saml:Attribute[@AttributeName='Geburtsdatum']/saml:AttributeValue)"><tr><td class="italicstyle">Geburtsdatum:</td><td class="normalstyle"><xsl:value-of select="substring(//saml:Attribute[@AttributeName='Geburtsdatum']/saml:AttributeValue,9,2)"/><xsl:text>.</xsl:text><xsl:value-of select="substring(//saml:Attribute[@AttributeName='Geburtsdatum']/saml:AttributeValue,6,2)"/><xsl:text>.</xsl:text><xsl:value-of select="substring(//saml:Attribute[@AttributeName='Geburtsdatum']/saml:AttributeValue,1,4)"/></td></tr></xsl:if><xsl:if test="//saml:Attribute[@AttributeName='OIDTextualDescription']"><tr><td class="italicstyle">Rolle:</td><td class="normalstyle"><xsl:value-of select="//saml:Attribute[@AttributeName='OIDTextualDescription']/saml:AttributeValue"/></td></tr></xsl:if><xsl:if test="//saml:Attribute[@AttributeName='mandateReferenceValue']"><tr><td class="italicstyle">Vollmacht:</td><td class="normalstyle"><xsl:text>Ich melde mich in Vertretung an. Im nächsten Schritt wird mir eine Liste der für mich verfügbaren Vertretungsverhältnisse angezeigt, aus denen ich eines auswählen werde.</xsl:text></td></tr></xsl:if></table><p class="titlestyle">Daten zur Anwendung</p><table class="parameters"><tr><td class="italicstyle">Name:</td><td class="normalstyle"><xsl:value-of select="//saml:Attribute[@AttributeName='oaFriendlyName']/saml:AttributeValue"/></td></tr><tr><td class="italicstyle">Staat:</td><td class="normalstyle">Österreich</td></tr></table><p class="titlestyle">Technische Parameter</p><table class="parameters"><tr><td class="italicstyle">URL:</td><td class="normalstyle"><xsl:value-of select="//saml:Attribute[@AttributeName='OA']/saml:AttributeValue"/></td></tr><xsl:if test="//saml:Attribute[@AttributeName='Geschaeftsbereich']"><tr><td class="italicstyle">Bereich:</td><td class="normalstyle"><xsl:value-of select="//saml:Attribute[@AttributeName='Geschaeftsbereich']/saml:AttributeValue"/></td></tr></xsl:if><xsl:if test="//saml:Attribute[@AttributeName='mandateReferenceValue']"><tr><td class="italicstyle">
+ Vollmachten-Referenz:</td><td class="normalstyle"><xsl:value-of select="//saml:Attribute[@AttributeName='mandateReferenceValue']"/></td></tr></xsl:if><xsl:if test="//saml:Attribute[@AttributeName='IdentityLinkDomainIdentifierType']"><tr><td class="italicstyle"><xsl:value-of select="//saml:Attribute[@AttributeName='IdentityLinkDomainIdentifierType']"/>:</td><td class="normalstyle"><xsl:value-of select="//saml:Attribute[@AttributeName='wbPK']/saml:AttributeValue/pr:Identification/pr:Type"/></td></tr></xsl:if><xsl:if test="//saml:Attribute[@AttributeName='bPK'] or //saml:Attribute[@AttributeName='wbPK']"><tr><td class="italicstyle">Identifikator:</td><td class="normalstyle"><xsl:value-of select="//saml:Attribute[@AttributeName='bPK']/saml:AttributeValue/pr:Identification/pr:Value"/><xsl:value-of select="//saml:Attribute[@AttributeName='wbPK']/saml:AttributeValue/pr:Identification/pr:Value"/></td></tr></xsl:if><xsl:if test="//saml:Attribute[@AttributeName='OIDTextualDescription']"><tr><td class="italicstyle">OID:</td><td class="normalstyle"><xsl:value-of select="//saml:Attribute[@AttributeName='OID']/saml:AttributeValue"/></td></tr></xsl:if><xsl:if test="//saml:Attribute[@AttributeName='HPI']"><tr><td class="italicstyle">HPI:</td><td class="normalstyle"><xsl:value-of select="//saml:Attribute[@AttributeName='HPI']/saml:AttributeValue"/></td></tr></xsl:if><xsl:if test="//saml:Attribute[@AttributeName='UniqueTokken']"><tr><td class="italicstyle">SessionTokken:</td><td class="normalstyle"><xsl:value-of select="//saml:Attribute[@AttributeName='UniqueTokken']/saml:AttributeValue"/></td></tr></xsl:if><tr><td class="italicstyle">Datum:</td><td class="normalstyle"><xsl:value-of select="substring(//@IssueInstant,9,2)"/><xsl:text>.</xsl:text><xsl:value-of select="substring(//@IssueInstant,6,2)"/><xsl:text>.</xsl:text><xsl:value-of select="substring(//@IssueInstant,1,4)"/></td></tr><tr><td class="italicstyle">Uhrzeit:</td><td class="normalstyle"><xsl:value-of select="substring(//@IssueInstant,12,2)"/><xsl:text>:</xsl:text><xsl:value-of select="substring(//@IssueInstant,15,2)"/><xsl:text>:</xsl:text><xsl:value-of select="substring(//@IssueInstant,18,2)"/></td></tr></table></body></html></xsl:template></xsl:stylesheet></dsig:Transform><dsig:Transform Algorithm="http://www.w3.org/TR/2001/REC-xml-c14n-20010315#WithComments"/></dsig:Transforms></VerifyTransformsInfoProfile> \ No newline at end of file
diff --git a/id/server/doc/conf/moa-spss/profiles/MOAIDTransformAuthBlockTable_EN.xml b/id/server/doc/conf/moa-spss/profiles/MOAIDTransformAuthBlockTable_EN.xml
new file mode 100644
index 000000000..1665254fd
--- /dev/null
+++ b/id/server/doc/conf/moa-spss/profiles/MOAIDTransformAuthBlockTable_EN.xml
@@ -0,0 +1,159 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<VerifyTransformsInfoProfile xmlns="http://reference.e-government.gv.at/namespace/moa/20020822#">
+ <dsig:Transforms xmlns:dsig="http://www.w3.org/2000/09/xmldsig#">
+ <dsig:Transform Algorithm="http://www.w3.org/TR/1999/REC-xslt-19991116">
+ <xsl:stylesheet version="1.0" xmlns:xsl="http://www.w3.org/1999/XSL/Transform" xmlns:saml="urn:oasis:names:tc:SAML:1.0:assertion" xmlns:pr="http://reference.e-government.gv.at/namespace/persondata/20020228#" exclude-result-prefixes="pr saml">
+ <xsl:output method="xml" xml:space="default"/>
+ <xsl:template match="/" xmlns="http://www.w3.org/1999/xhtml">
+ <html>
+ <head>
+ <title>Signing the authentication data</title>
+ <style type="text/css" media="screen">
+ .normalstyle { font-size: medium; }
+ .italicstyle { font-size: medium; font-style: italic; }
+ .titlestyle{ text-decoration:underline; font-weight:bold; font-size: medium; }
+ .h4style{ font-size: large; }
+ </style>
+ </head>
+ <body>
+ <h4 class="h4style">Authentication Data:</h4>
+ <p class="titlestyle">Personal Data</p>
+ <table class="parameters">
+ <xsl:if test="normalize-space(//@Issuer)">
+ <tr>
+ <td class="italicstyle">Name:</td>
+ <td class="normalstyle">
+ <xsl:value-of select="//@Issuer"/>
+ </td>
+ </tr>
+ </xsl:if>
+ <xsl:if test="string(//saml:Attribute[@AttributeName='Geburtsdatum']/saml:AttributeValue)">
+ <tr>
+ <td class="italicstyle">Date of Birth:</td>
+ <td class="normalstyle">
+ <xsl:value-of select="substring(//saml:Attribute[@AttributeName='Geburtsdatum']/saml:AttributeValue,9,2)"/>
+ <xsl:text>.</xsl:text>
+ <xsl:value-of select="substring(//saml:Attribute[@AttributeName='Geburtsdatum']/saml:AttributeValue,6,2)"/>
+ <xsl:text>.</xsl:text>
+ <xsl:value-of select="substring(//saml:Attribute[@AttributeName='Geburtsdatum']/saml:AttributeValue,1,4)"/>
+ </td>
+ </tr>
+ </xsl:if>
+ <xsl:if test="//saml:Attribute[@AttributeName='OIDTextualDescription']">
+ <tr>
+ <td class="italicstyle">Role:</td>
+ <td class="normalstyle">
+ <xsl:value-of select="//saml:Attribute[@AttributeName='OIDTextualDescription']/saml:AttributeValue"/>
+ </td>
+ </tr>
+ </xsl:if>
+ <xsl:if test="//saml:Attribute[@AttributeName='mandateReferenceValue']">
+ <tr>
+ <td class="italicstyle">Mandate:</td>
+ <td class="normalstyle">
+ <xsl:text>I log in as representative. In the next step a list of available mandates is shown. Here I select one mandate.</xsl:text>
+ </td>
+ </tr>
+ </xsl:if>
+ </table>
+ <p class="titlestyle">Application Data</p>
+ <table class="parameters">
+ <tr>
+ <td class="italicstyle">Name:</td>
+ <td class="normalstyle">
+ <xsl:value-of select="//saml:Attribute[@AttributeName='oaFriendlyName']/saml:AttributeValue"/>
+ </td>
+ </tr>
+ <tr>
+ <td class="italicstyle">Country:</td>
+ <td class="normalstyle">Austria</td>
+ </tr>
+ </table>
+ <p class="titlestyle">Technical Parameters</p>
+ <table class="parameters">
+ <tr>
+ <td class="italicstyle">URL:</td>
+ <td class="normalstyle">
+ <xsl:value-of select="//saml:Attribute[@AttributeName='OA']/saml:AttributeValue"/>
+ </td>
+ </tr>
+ <xsl:if test="//saml:Attribute[@AttributeName='Geschaeftsbereich']">
+ <tr>
+ <td class="italicstyle">Sector:</td>
+ <td class="normalstyle">
+ <xsl:value-of select="//saml:Attribute[@AttributeName='Geschaeftsbereich']/saml:AttributeValue"/>
+ </td>
+ </tr>
+ </xsl:if>
+ <xsl:if test="//saml:Attribute[@AttributeName='mandateReferenceValue']">
+ <tr>
+ <td class="italicstyle">
+ Mandate Reference:</td>
+ <td class="normalstyle">
+ <xsl:value-of select="//saml:Attribute[@AttributeName='mandateReferenceValue']"/>
+ </td>
+ </tr>
+ </xsl:if>
+ <xsl:if test="//saml:Attribute[@AttributeName='IdentityLinkDomainIdentifierType']">
+ <tr>
+ <td class="italicstyle">
+ <xsl:value-of select="//saml:Attribute[@AttributeName='IdentityLinkDomainIdentifierType']"/>:</td>
+ <td class="normalstyle">
+ <xsl:value-of select="//saml:Attribute[@AttributeName='wbPK']/saml:AttributeValue/pr:Identification/pr:Type"/>
+ </td>
+ </tr>
+ </xsl:if>
+ <xsl:if test="//saml:Attribute[@AttributeName='bPK'] or //saml:Attribute[@AttributeName='wbPK']">
+ <tr>
+ <td class="italicstyle">Identifier:</td>
+ <td class="normalstyle">
+ <xsl:value-of select="//saml:Attribute[@AttributeName='bPK']/saml:AttributeValue/pr:Identification/pr:Value"/>
+ <xsl:value-of select="//saml:Attribute[@AttributeName='wbPK']/saml:AttributeValue/pr:Identification/pr:Value"/>
+ </td>
+ </tr>
+ </xsl:if>
+ <xsl:if test="//saml:Attribute[@AttributeName='OIDTextualDescription']">
+ <tr>
+ <td class="italicstyle">OID:</td>
+ <td class="normalstyle">
+ <xsl:value-of select="//saml:Attribute[@AttributeName='OID']/saml:AttributeValue"/>
+ </td>
+ </tr>
+ </xsl:if>
+ <xsl:if test="//saml:Attribute[@AttributeName='HPI']">
+ <tr>
+ <td class="italicstyle">HPI:</td>
+ <td class="normalstyle">
+ <xsl:value-of select="//saml:Attribute[@AttributeName='HPI']/saml:AttributeValue"/>
+ </td>
+ </tr>
+ </xsl:if>
+ <tr>
+ <td class="italicstyle">Date:</td>
+ <td class="normalstyle">
+ <xsl:value-of select="substring(//@IssueInstant,9,2)"/>
+ <xsl:text>.</xsl:text>
+ <xsl:value-of select="substring(//@IssueInstant,6,2)"/>
+ <xsl:text>.</xsl:text>
+ <xsl:value-of select="substring(//@IssueInstant,1,4)"/>
+ </td>
+ </tr>
+ <tr>
+ <td class="italicstyle">Time:</td>
+ <td class="normalstyle">
+ <xsl:value-of select="substring(//@IssueInstant,12,2)"/>
+ <xsl:text>:</xsl:text>
+ <xsl:value-of select="substring(//@IssueInstant,15,2)"/>
+ <xsl:text>:</xsl:text>
+ <xsl:value-of select="substring(//@IssueInstant,18,2)"/>
+ </td>
+ </tr>
+ </table>
+ </body>
+ </html>
+ </xsl:template>
+ </xsl:stylesheet>
+ </dsig:Transform>
+ <dsig:Transform Algorithm="http://www.w3.org/TR/2001/REC-xml-c14n-20010315#WithComments"/>
+ </dsig:Transforms>
+</VerifyTransformsInfoProfile>
diff --git a/id/server/doc/conf/moa-spss/sslKeys/customer1/moa-ssl-kunde1.der b/id/server/doc/conf/moa-spss/sslKeys/customer1/moa-ssl-kunde1.der
new file mode 100644
index 000000000..1851527de
--- /dev/null
+++ b/id/server/doc/conf/moa-spss/sslKeys/customer1/moa-ssl-kunde1.der
Binary files differ
diff --git a/id/server/doc/conf/moa-spss/sslKeys/customer1/moa-ssl-kunde1[pwd=kunde1].p12 b/id/server/doc/conf/moa-spss/sslKeys/customer1/moa-ssl-kunde1[pwd=kunde1].p12
new file mode 100644
index 000000000..314cbc862
--- /dev/null
+++ b/id/server/doc/conf/moa-spss/sslKeys/customer1/moa-ssl-kunde1[pwd=kunde1].p12
Binary files differ
diff --git a/id/server/doc/conf/moa-spss/sslKeys/customer1/trustedServers[pwd=servers].keystore b/id/server/doc/conf/moa-spss/sslKeys/customer1/trustedServers[pwd=servers].keystore
new file mode 100644
index 000000000..bd9765a4c
--- /dev/null
+++ b/id/server/doc/conf/moa-spss/sslKeys/customer1/trustedServers[pwd=servers].keystore
Binary files differ
diff --git a/id/server/doc/conf/moa-spss/sslKeys/customer2/moa-ssl-kunde2.der b/id/server/doc/conf/moa-spss/sslKeys/customer2/moa-ssl-kunde2.der
new file mode 100644
index 000000000..f50aa4d68
--- /dev/null
+++ b/id/server/doc/conf/moa-spss/sslKeys/customer2/moa-ssl-kunde2.der
Binary files differ
diff --git a/id/server/doc/conf/moa-spss/sslKeys/customer2/moa-ssl-kunde2[pwd=kunde2].p12 b/id/server/doc/conf/moa-spss/sslKeys/customer2/moa-ssl-kunde2[pwd=kunde2].p12
new file mode 100644
index 000000000..e5820fdf2
--- /dev/null
+++ b/id/server/doc/conf/moa-spss/sslKeys/customer2/moa-ssl-kunde2[pwd=kunde2].p12
Binary files differ
diff --git a/id/server/doc/conf/moa-spss/sslKeys/customer2/trustedServers[pwd=servers].keystore b/id/server/doc/conf/moa-spss/sslKeys/customer2/trustedServers[pwd=servers].keystore
new file mode 100644
index 000000000..bd9765a4c
--- /dev/null
+++ b/id/server/doc/conf/moa-spss/sslKeys/customer2/trustedServers[pwd=servers].keystore
Binary files differ
diff --git a/id/server/doc/conf/moa-spss/sslKeys/server/moa-ssl-server.der b/id/server/doc/conf/moa-spss/sslKeys/server/moa-ssl-server.der
new file mode 100644
index 000000000..e0f78a82c
--- /dev/null
+++ b/id/server/doc/conf/moa-spss/sslKeys/server/moa-ssl-server.der
Binary files differ
diff --git a/id/server/doc/conf/moa-spss/sslKeys/tomcat/tomcat[pwd=server].keystore b/id/server/doc/conf/moa-spss/sslKeys/tomcat/tomcat[pwd=server].keystore
new file mode 100644
index 000000000..da42549d4
--- /dev/null
+++ b/id/server/doc/conf/moa-spss/sslKeys/tomcat/tomcat[pwd=server].keystore
Binary files differ
diff --git a/id/server/doc/conf/moa-spss/sslKeys/tomcat/trustedClients[pwd=clients].keystore b/id/server/doc/conf/moa-spss/sslKeys/tomcat/trustedClients[pwd=clients].keystore
new file mode 100644
index 000000000..bdc296cf4
--- /dev/null
+++ b/id/server/doc/conf/moa-spss/sslKeys/tomcat/trustedClients[pwd=clients].keystore
Binary files differ
diff --git a/id/server/doc/conf/moa-spss/trustProfiles/C-PEPS-Test/ES_C-PEPS_Test.cer b/id/server/doc/conf/moa-spss/trustProfiles/C-PEPS-Test/ES_C-PEPS_Test.cer
new file mode 100644
index 000000000..af1f5f4a3
--- /dev/null
+++ b/id/server/doc/conf/moa-spss/trustProfiles/C-PEPS-Test/ES_C-PEPS_Test.cer
@@ -0,0 +1,16 @@
+MIIDWDCCAkCgAwIBAAIETgGmXDANBgkqhkiG9w0BAQUFADBuMSYwJAYJKoZIhvcNAQkBFhdqYWxj
+YWxkZW1vcmFub0BpbmRyYS5lczELMAkGA1UEBhMCRVMxEDAOBgNVBAgMB0VzcGHDsWExDzANBgNV
+BAoTBm1wdC5lczEUMBIGA1UEAxMLODguODQuOTQuMjQwHhcNMTEwNjIyMDgyMjUyWhcNMTQwMzE4
+MDgyMjUyWjBuMSYwJAYJKoZIhvcNAQkBFhdqYWxjYWxkZW1vcmFub0BpbmRyYS5lczELMAkGA1UE
+BhMCRVMxEDAOBgNVBAgMB0VzcGHDsWExDzANBgNVBAoTBm1wdC5lczEUMBIGA1UEAxMLODguODQu
+OTQuMjQwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCSNeKJi+dOYTy4s/7aL1AXRBj0
+BlPRgHUYknGMU/Aog09AqKz5WZ95926NpufBHVZ5XVKW42Fxfrpk2fnSaAORrk6affYgdfm8HXcd
+dCD9i4yQkLADKpe3Gi29YeBUNC+j+E+iJaxP2whuXsLCpkYcmfbvx6yQkiPa3VFtw7omfEgGe1LQ
+9+ZvNh36Z895rUP/vgoOKi6AjXed4OgOmtyKx9k7AwnG2w040pt1I6LErlbmxoxtk0/11ecaEjzU
+RhxKdCXTuV9jSH7hsnbM9qehLnZSoZqdTYJgxVGyzqpo3SUta13oTn/8ugpRAneoC86m+AA0xmNn
+XZRY4pPgqLjxAgMBAAEwDQYJKoZIhvcNAQEFBQADggEBABwRU7MLJcbm51fPQHtT+mypYslA4xFy
+zve7SyC2zCowFVZhnIwW19Cd0izGjfKPZZYS28N5EHmIQgxSNgJZi6693HINr0K5NPZd/jWRK46I
+uLK7je/K3oDUHnQXJ9xDkgRSDPZj/Wf0ZN+CDEAadhKopF5aJi8QyoYIsPxzn0p8SSgy5UsuKko6
+ov12x3B9O9mwM9HprO8FqzXbKdTaBgrZWVYOHPlD+cl9xSdrcZH347iwI6xEMtkASpXmxN9xLueE
+jI4eTuH148+Pzyr4iNIvfRQLY9iNJSmjoTJm0oKdGzKN0orSw/Ni53vpInziuR2FjYtQ4Zpf2why
+Ht0CXp0= \ No newline at end of file
diff --git a/id/server/doc/conf/moa-spss/trustProfiles/C-PEPS-Test/IT_C-PEPS_Test.cer b/id/server/doc/conf/moa-spss/trustProfiles/C-PEPS-Test/IT_C-PEPS_Test.cer
new file mode 100644
index 000000000..e754cad52
--- /dev/null
+++ b/id/server/doc/conf/moa-spss/trustProfiles/C-PEPS-Test/IT_C-PEPS_Test.cer
@@ -0,0 +1,21 @@
+-----BEGIN CERTIFICATE-----
+MIIDcjCCAlqgAwIBAgIES8cgYjANBgkqhkiG9w0BAQUFADB7MSswKQYJKoZIhvcN
+AQkBFhx3ZWJtYXN0ZXJAc3R1ZGVudGkucG9saXRvLml0MQswCQYDVQQGEwJJVDEO
+MAwGA1UECgwFU1RPUksxDTALBgNVBAsMBFBFUFMxIDAeBgNVBAMMF2l0LXBlcHMt
+c3RvcmsucG9saXRvLml0MB4XDTEwMDQxNTE0MTkxNFoXDTM1MDQwOTE0MTkxNFow
+ezErMCkGCSqGSIb3DQEJARYcd2VibWFzdGVyQHN0dWRlbnRpLnBvbGl0by5pdDEL
+MAkGA1UEBhMCSVQxDjAMBgNVBAoMBVNUT1JLMQ0wCwYDVQQLDARQRVBTMSAwHgYD
+VQQDDBdpdC1wZXBzLXN0b3JrLnBvbGl0by5pdDCCASIwDQYJKoZIhvcNAQEBBQAD
+ggEPADCCAQoCggEBAMtNR5qqszWjwl8TlGpYUPrglCCrEZQSQYnekPcSLhumMxCv
+z0+pksnf/ArfSDisvzVNYSbpuEBr4o/LM3WahBMGJVJZJjXstNjePNETvfBbfEU+
++v27AabeZRK8KGizfry1q1tPuXRp/g+AfftZ/SBYe5CkdCUylnBItU22aEAHhGNT
+OkFebwWUxgWjy1mIjljnoish2y9UrWadvW+2rdkNT6m1WyG1aHy2K9rXldi82PGE
+WgCNNS+baj/2gVVAMo+iqZn8E/2n9Q0kSbJ60GTXWivWqdQbX3oJnS8t30Iha7Au
+zHmOvFbsi8LVA6Z4UfItgHrLxzO+U+x9ZSvA6TsCAwEAATANBgkqhkiG9w0BAQUF
+AAOCAQEAUPDg0VD4CG46bwYEbJ1H+5oDJibQ264JDq+E4z5YY2HLMf640ujKCz+o
+/33GIDyVrqjq8Zk1l0CSyLEW/49r87g4LunMVilty63aYRnj3+wWPNTbSTwfWXgu
+WcD00QnVoWparUnh75CfKUBm7lzn+q2WZPU18KpbXLw5E9rsRHnmaINqa9c5Fm6W
+VcP0qvrDizkEJ04gW3hadSKUEmHLNt1hnX1pnq7LJblb4AwLrpXNDfVZr8RdwRg7
+M5tBvGeKVRpniGILiND0UXkrKgkuWJkMzBiShg8YULtAaOC2D6lIkXAZnute6xaJ
+QNVdXrjW5oFUTw/YnHcg+bdCRlTCaA==
+-----END CERTIFICATE----- \ No newline at end of file
diff --git a/id/server/doc/conf/moa-spss/trustProfiles/C-PEPS-Test/PT_C-PEPS_Test.cer b/id/server/doc/conf/moa-spss/trustProfiles/C-PEPS-Test/PT_C-PEPS_Test.cer
new file mode 100644
index 000000000..e05727d0a
--- /dev/null
+++ b/id/server/doc/conf/moa-spss/trustProfiles/C-PEPS-Test/PT_C-PEPS_Test.cer
@@ -0,0 +1,32 @@
+-----BEGIN CERTIFICATE-----
+MIIFjTCCBHWgAwIBAgIEQm3h+zANBgkqhkiG9w0BAQUFADA+MQswCQYDVQQGEwJw
+dDEVMBMGA1UEChMMTVVMVElDRVJULUNBMRgwFgYDVQQDEw9NVUxUSUNFUlQtQ0Eg
+MDIwHhcNMTEwNzIxMTU0NjMxWhcNMTIwODE3MTU0MTE3WjCBwTELMAkGA1UEBhMC
+UFQxFTATBgNVBAoTDE1VTFRJQ0VSVC1DQTEWMBQGA1UECxMNQ0VSVElQT1IgLSBS
+QTESMBAGA1UECxMJQ29ycG9yYXRlMTMwMQYDVQQLEypBZ2VuY2lhIHBhcmEgYSBN
+b2Rlcm5pemFjYW8gQWRtaW5pc3RyYXRpdmExGDAWBgNVBAsTD1dlYiBBcHBsaWNh
+dGlvbjEgMB4GA1UEAxMXUEVQUyBQb3J0dWd1ZXMgZGUgVGVzdGUwgZ8wDQYJKoZI
+hvcNAQEBBQADgY0AMIGJAoGBALo91gnq+SQj8yPx8ssFEKuPvAfagO8f+EagEs+u
+XJhLx41GpFZesMuolxf86n3TdxJHcLSXI224HqZu3BtXExUiD1LCAvtGCjzOr6Rg
+oySwhIQrgMEsKRRpkQN0jQHIMze11EXqVAJ2+MDX9V4cABuIEd9LOOl0PcQmc7m8
+jcKXAgMBAAGjggKRMIICjTALBgNVHQ8EBAMCA/gwOAYIKwYBBQUHAQEELDAqMCgG
+CCsGAQUFBzABhhxodHRwOi8vb2NzcC5tdWx0aWNlcnQuY29tL2NhMIHgBgNVHSAE
+gdgwgdUwTQYJKwYBBAGwPAoCMEAwPgYIKwYBBQUHAgEWMmh0dHA6Ly93d3cubXVs
+dGljZXJ0LmNvbS9jcHMvbXVsdGljZXJ0LWNhLWNwcy5odG1sMIGDBgsrBgEEAbA8
+CgKIBjB0MHIGCCsGAQUFBwICMGYeZABoAHQAdABwADoALwAvAHcAdwB3AC4AbQB1
+AGwAdABpAGMAZQByAHQALgBjAG8AbQAvAGMAcAAvAG0AdQBsAHQAaQBjAGUAcgB0
+AC0AYwBhAC0AMQAwADMAMAAuAGgAdABtAGwwEQYJYIZIAYb4QgEBBAQDAgSwMIIB
+AQYDVR0fBIH5MIH2MIGaoIGXoIGUhi9odHRwOi8vd3d3Lm11bHRpY2VydC5jb20v
+Y2EvbXVsdGljZXJ0LWNhLTAyLmNybIZhbGRhcDovL2xkYXAubXVsdGljZXJ0LmNv
+bS9jbj1NVUxUSUNFUlQtQ0ElMjAwMixvPU1VTFRJQ0VSVC1DQSxjPVBUP2NlcnRp
+ZmljYXRlUmV2b2NhdGlvbkxpc3Q/YmFzZTBXoFWgU6RRME8xCzAJBgNVBAYTAnB0
+MRUwEwYDVQQKEwxNVUxUSUNFUlQtQ0ExGDAWBgNVBAMTD01VTFRJQ0VSVC1DQSAw
+MjEPMA0GA1UEAxMGQ1JMMjI4MB8GA1UdIwQYMBaAFB3DuYilGL5gpyymY8pmKvwM
+J8G9MB0GA1UdDgQWBBRH/+uES4Jsr1UV5WeSoN3v1vUaPDAJBgNVHRMEAjAAMA0G
+CSqGSIb3DQEBBQUAA4IBAQAOFAxM2U6HyZgWl5h6UB1MUUL4j9VTQQOs6nw4hm22
+QK3SF+DPL6oXS1j+RKDHYNlpAfQ5r5ObcaxhEkaXOUZJ4q/3z1qScMVaZ1fjU0FB
+hRyAUE2qfiHp/0Ql4V2IrQqcBZ+mEQD5DFwNgx/UDr22lO0idjHnmxRed83/Mrm0
+03v+2eAujlsE9NfayP8oo9HkYNh5KvFjveCpUNv4IW18xEJLNDFd3dUEeb9UO+Bv
+eEkrxmo6k/k7usuRUfGrXBaFuxcL71l3lFD4k66CB3m7atcbohmbiAYhfHnLegpR
+EVKVolR6O3ljt3ou+Y79oI4U7bhn0U256R9hoobnX9Un
+-----END CERTIFICATE----- \ No newline at end of file
diff --git a/id/server/doc/conf/moa-spss/trustProfiles/C-PEPS-Test/SI_C-PEPS_Test.cer b/id/server/doc/conf/moa-spss/trustProfiles/C-PEPS-Test/SI_C-PEPS_Test.cer
new file mode 100644
index 000000000..a131767fb
--- /dev/null
+++ b/id/server/doc/conf/moa-spss/trustProfiles/C-PEPS-Test/SI_C-PEPS_Test.cer
@@ -0,0 +1,31 @@
+-----BEGIN CERTIFICATE-----
+MIIFbDCCBFSgAwIBAgIEQLK59zANBgkqhkiG9w0BAQUFADA+MQswCQYDVQQGEwJz
+aTEbMBkGA1UEChMSc3RhdGUtaW5zdGl0dXRpb25zMRIwEAYDVQQLEwlzaXRlc3Qt
+Y2EwHhcNMTAwMzMwMTMwOTIzWhcNMTUwMzMwMTMzOTIzWjCBhjELMAkGA1UEBhMC
+c2kxGzAZBgNVBAoTEnN0YXRlLWluc3RpdHV0aW9uczESMBAGA1UECxMJU0lURVNU
+LUNBMRkwFwYDVQQLExBjZXJ0aWZpY2F0ZXMtd2ViMSswEwYDVQQDEwxURVNUIFBF
+UFMgU0kwFAYDVQQFEw0zMDAzMjAxMDAwMDAxMIIBIjANBgkqhkiG9w0BAQEFAAOC
+AQ8AMIIBCgKCAQEA4h6L9Pv1TK7fz5K6Uur0Rli6EKzZwTtv9xXhSt2xlI4wFWzz
+FiCy5/O/Q5GPRa10YoMc8s7WmMdM5yI/bU0BF2t5SYtEH7MwbGaFZFKJt17OtbpZ
+AaCSoh6fm1yO0HtVVkG9UdH4mswS3wHp/d1C91lQNba2enVc2p9Nd4gYop/zbroE
+toFeDyHxTl0mYN/cUHQFT4H24hzAfWXh2FOBfNSnvNl2HnPJOT6HnrUBsdyzkSzL
+N0Eis2R1G5+mQkzAwW6UOroojvMclEJK3z1oekj2OWj1FhalTNmA5D9dkDymTRn4
+o3BW2S7ovmWPmxYUW9s26bkPhz/CbCQwIF9yPQIDAQABo4ICJzCCAiMwDgYDVR0P
+AQH/BAQDAgWgMCsGA1UdEAQkMCKADzIwMTAwMzMwMTMwOTIzWoEPMjAxNTAzMzAx
+MzM5MjNaMEsGA1UdIAREMEIwNgYLKwYBBAGvWQIBAQIwJzAlBggrBgEFBQcCARYZ
+aHR0cDovL3d3dy5jYS5nb3Yuc2kvY3BzLzAIBgYEAIswAQIwGAYIKwYBBQUHAQME
+DDAKMAgGBgQAjkYBATAeBgNVHREEFzAVgRN0ZXN0LnNpLXBlcHNAZ292LnNpMIH2
+BgNVHR8Ege4wgeswVaBToFGkTzBNMQswCQYDVQQGEwJzaTEbMBkGA1UEChMSc3Rh
+dGUtaW5zdGl0dXRpb25zMRIwEAYDVQQLEwlzaXRlc3QtY2ExDTALBgNVBAMTBENS
+TDMwgZGggY6ggYuGWGxkYXA6Ly94NTAwLmdvdi5zaS9vdT1zaXRlc3QtY2Esbz1z
+dGF0ZS1pbnN0aXR1dGlvbnMsYz1zaT9jZXJ0aWZpY2F0ZVJldm9jYXRpb25MaXN0
+P2Jhc2WGL2h0dHA6Ly93d3cuc2lnZW4tY2Euc2kvY3JsL3NpdGVzdC9zaXRlc3Qt
+Y2EuY3JsMB8GA1UdIwQYMBaAFFRJB0aHzx2JncqucqeooKBptyHnMB0GA1UdDgQW
+BBQySemeDi10DbeTYj1tkGZ5Zo4mwjAJBgNVHRMEAjAAMBkGCSqGSIb2fQdBAAQM
+MAobBFY3LjEDAgOoMA0GCSqGSIb3DQEBBQUAA4IBAQASQ4l1Vd+MRDLFo2A6qYYW
+LVqTvtPLIk7v7Bswmq2SFAL2XmPoL5xbQFeDW+LiWhQBmrlgWyI7gbi/1/rs1E00
+Z4Skn8l97tuIyuxvCKTFhJDx9pzgUQGowoCYo9IzcMNQpxx6lkepreCDuc+e0fAb
+vTNGEpvQ7DkgrwJdcsUAElQ4OJ0ifELoah1DH8wpU31zr7D3YsizZgpu5TEIGP54
+AOhbFeZEmZlTU6gwNw4iTf6nVQkGaxsJt6gGGsyL8RUuvwpVRR3WmplCtjXryGCe
+4B/agAe3EKUh15IaPvWqdixSjySxjBI1bN8IEFHYPZmuwh7Y1FQuOYQGjuSLsJy9
+-----END CERTIFICATE----- \ No newline at end of file
diff --git a/id/server/doc/conf/moa-spss/trustProfiles/C-PEPS/ES_C-PEPS.cer b/id/server/doc/conf/moa-spss/trustProfiles/C-PEPS/ES_C-PEPS.cer
new file mode 100644
index 000000000..d79ad8385
--- /dev/null
+++ b/id/server/doc/conf/moa-spss/trustProfiles/C-PEPS/ES_C-PEPS.cer
@@ -0,0 +1,43 @@
+-----BEGIN CERTIFICATE-----
+MIIHrDCCBpSgAwIBAgIIZFwvd8biuV0wDQYJKoZIhvcNAQEFBQAwUjERMA8GA1UE
+AxMIQUNDVi1DQTIxDzANBgNVBAsTBlBLSUdWQTEfMB0GA1UEChMWR2VuZXJhbGl0
+YXQgVmFsZW5jaWFuYTELMAkGA1UEBhMCRVMwHhcNMTAwNTI3MTYxNTA2WhcNMTMw
+NTI2MTYyNTA2WjCBgTEaMBgGA1UEAwwRUGxhdGFmb3JtYSBAZmlybWExEjAQBgNV
+BAUTCVMyODExMDAxQzEbMBkGA1UECwwSc2VsbG8gZWxlY3Ryw7NuaWNvMSUwIwYD
+VQQKExxNaW5pc3RlcmlvIGRlIGxhIFByZXNpZGVuY2lhMQswCQYDVQQGEwJFUzCC
+ASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAM3IaIrzYOjbUYmS2nK7/GpD
+R6N3sVbBNxF5s/bCCQ44tL5MIz7I889GCMD8vrCd//5pAezPO8vZLpdh78QUZrCl
+k+E79ENYjVmjP4g0KlqlI0b5AOVc+dcE27/V6D6pCYDkVdn7puFDgzzSqksTNdL5
+uZZMM1L7Dkq0DfCjumYrfulp5i5PrYqrOh7wkXB1G+FGP0plN8at0tm5Q8EPXT7n
+/ogV9glWXG+vLkfIe2SKkdyU/08fecQH3f/jhrc5Bm0+uFvHP9DcS8usWpZojJWW
+iQb96B5bdPXqUsKnZVDj+b7HRkx3UjvvEipMV3Kr5E+E0sg1K4jLgj5+atyoRcEC
+AwEAAaOCBFQwggRQMAwGA1UdEwEB/wQCMAAwDgYDVR0PAQH/BAQDAgTwMB0GA1Ud
+JQQWMBQGCCsGAQUFBwMCBggrBgEFBQcDBDAdBgNVHQ4EFgQUhAkD/z9ux2qjm4l+
+FheI6+F3CfwwHwYDVR0jBBgwFoAUs3jtBaV5QTrC9MBSKP9jQz+/44EwggEyBgNV
+HREEggEpMIIBJYEWc29wb3J0ZS5hZmlybWE1QG1wci5lc6SCAQkwggEFMSEwHwYJ
+YIVUAQMFAgIBDBJzZWxsbyBlbGVjdHLDs25pY28xKzApBglghVQBAwUCAgITHE1p
+bmlzdGVyaW8gZGUgbGEgUHJlc2lkZW5jaWExGDAWBglghVQBAwUCAgMTCVMyODEx
+MDAxQzEPMA0GCWCFVAEDBQICBBMAMUQwQgYJYIVUAQMFAgIFDDVQbGF0YWZvcm1h
+IGRlIHZhbGlkYWNpw7NuIHkgZmlybWEgZWxlY3Ryw7NuaWNhIEBmaXJtYTEPMA0G
+CWCFVAEDBQICBhMAMQ8wDQYJYIVUAQMFAgIHEwAxDzANBglghVQBAwUCAggTADEP
+MA0GCWCFVAEDBQICCRMAMIIB8AYDVR0gBIIB5zCCAeMwggHfBgsrBgEEAb9VAxEC
+ADCCAc4wggGYBggrBgEFBQcCAjCCAYoeggGGAEMAZQByAHQAaQBmAGkAYwBhAGQA
+bwAgAHIAZQBjAG8AbgBvAGMAaQBkAG8AIABwAGEAcgBhACAAcwBlAGwAbABvACAA
+ZABlACAA8wByAGcAYQBuAG8AIABlAG4AIABzAG8AcABvAHIAdABlACAAcwBvAGYA
+dAB3AGEAcgBlACAAZQB4AHAAZQBkAGkAZABvACAAcABvAHIAIABsAGEAIABBAHUA
+dABvAHIAaQB0AGEAdAAgAGQAZQAgAEMAZQByAHQAaQBmAGkAYwBhAGMAaQDzACAA
+ZABlACAAbABhACAAQwBvAG0AdQBuAGkAdABhAHQAIABWAGEAbABlAG4AYwBpAGEA
+bgBhACAAKABQAGwALgAgAE0AYQBuAGkAcwBlAHMAIAAxAC4AIABDAEkARgAgAFMA
+NAA2ADEAMQAwADAAMQBBACkALgAgAEMAUABTACAAeQAgAEMAUAAgAGUAbgAgAGgA
+dAB0AHAAOgAvAC8AdwB3AHcALgBhAGMAYwB2AC4AZQBzMDAGCCsGAQUFBwIBFiRo
+dHRwOi8vd3d3LmFjY3YuZXMvbGVnaXNsYWNpb25fYy5odG0wOQYDVR0fBDIwMDAu
+oCygKoYoaHR0cDovL3d3dy5hY2N2LmVzL2dlc3RjZXJ0L2FjY3YtY2EyLmNybDAv
+BggrBgEFBQcBAQQjMCEwHwYIKwYBBQUHMAGGE2h0dHA6Ly9vY3NwLmFjY3YuZXMw
+OwYIKwYBBQUHAQMELzAtMBQGCCsGAQUFBwsCMAgGBgQAjkYBATAIBgYEAI5GAQEw
+CwYGBACORgEDAgEPMA0GCSqGSIb3DQEBBQUAA4IBAQCknVr82ZpMROTkrk/OwC7e
+fccNqbmKEwM4peAUG4tLWnYaDh2hav/3Y7auXkd2CW9XID6C/6E8EqG6wGNwplyq
+LyfrkYmbppJN2/LDr+ZHFoul030o/KzbVRrzZ5zAS5vUnOG42TzpP3sgtMV5V2vg
+V3ZygZbm55+2JDH1RBlCZuJzOPSwLk2rfGcMecHduUN8AxuLN52VKs1LMdmuPhe0
+ZvcVabvmmqzBJGRC8VJ0fwJKB/c6b4rl5WZTYUnQ7+SIoI/+RxJCITnO2SrxRh0Z
+rXLaE62aJ6W/Jnu+lfqIVoQSyauSlybpbL1iS/o0IFFbQvnY6RoCAOqsg3ee+4Om
+-----END CERTIFICATE----- \ No newline at end of file
diff --git a/id/server/doc/conf/moa-spss/trustProfiles/C-PEPS/IT_C-PEPS.cer b/id/server/doc/conf/moa-spss/trustProfiles/C-PEPS/IT_C-PEPS.cer
new file mode 100644
index 000000000..e754cad52
--- /dev/null
+++ b/id/server/doc/conf/moa-spss/trustProfiles/C-PEPS/IT_C-PEPS.cer
@@ -0,0 +1,21 @@
+-----BEGIN CERTIFICATE-----
+MIIDcjCCAlqgAwIBAgIES8cgYjANBgkqhkiG9w0BAQUFADB7MSswKQYJKoZIhvcN
+AQkBFhx3ZWJtYXN0ZXJAc3R1ZGVudGkucG9saXRvLml0MQswCQYDVQQGEwJJVDEO
+MAwGA1UECgwFU1RPUksxDTALBgNVBAsMBFBFUFMxIDAeBgNVBAMMF2l0LXBlcHMt
+c3RvcmsucG9saXRvLml0MB4XDTEwMDQxNTE0MTkxNFoXDTM1MDQwOTE0MTkxNFow
+ezErMCkGCSqGSIb3DQEJARYcd2VibWFzdGVyQHN0dWRlbnRpLnBvbGl0by5pdDEL
+MAkGA1UEBhMCSVQxDjAMBgNVBAoMBVNUT1JLMQ0wCwYDVQQLDARQRVBTMSAwHgYD
+VQQDDBdpdC1wZXBzLXN0b3JrLnBvbGl0by5pdDCCASIwDQYJKoZIhvcNAQEBBQAD
+ggEPADCCAQoCggEBAMtNR5qqszWjwl8TlGpYUPrglCCrEZQSQYnekPcSLhumMxCv
+z0+pksnf/ArfSDisvzVNYSbpuEBr4o/LM3WahBMGJVJZJjXstNjePNETvfBbfEU+
++v27AabeZRK8KGizfry1q1tPuXRp/g+AfftZ/SBYe5CkdCUylnBItU22aEAHhGNT
+OkFebwWUxgWjy1mIjljnoish2y9UrWadvW+2rdkNT6m1WyG1aHy2K9rXldi82PGE
+WgCNNS+baj/2gVVAMo+iqZn8E/2n9Q0kSbJ60GTXWivWqdQbX3oJnS8t30Iha7Au
+zHmOvFbsi8LVA6Z4UfItgHrLxzO+U+x9ZSvA6TsCAwEAATANBgkqhkiG9w0BAQUF
+AAOCAQEAUPDg0VD4CG46bwYEbJ1H+5oDJibQ264JDq+E4z5YY2HLMf640ujKCz+o
+/33GIDyVrqjq8Zk1l0CSyLEW/49r87g4LunMVilty63aYRnj3+wWPNTbSTwfWXgu
+WcD00QnVoWparUnh75CfKUBm7lzn+q2WZPU18KpbXLw5E9rsRHnmaINqa9c5Fm6W
+VcP0qvrDizkEJ04gW3hadSKUEmHLNt1hnX1pnq7LJblb4AwLrpXNDfVZr8RdwRg7
+M5tBvGeKVRpniGILiND0UXkrKgkuWJkMzBiShg8YULtAaOC2D6lIkXAZnute6xaJ
+QNVdXrjW5oFUTw/YnHcg+bdCRlTCaA==
+-----END CERTIFICATE----- \ No newline at end of file
diff --git a/id/server/doc/conf/moa-spss/trustProfiles/C-PEPS/PT_C-PEPS.cer b/id/server/doc/conf/moa-spss/trustProfiles/C-PEPS/PT_C-PEPS.cer
new file mode 100644
index 000000000..950aaab0d
--- /dev/null
+++ b/id/server/doc/conf/moa-spss/trustProfiles/C-PEPS/PT_C-PEPS.cer
@@ -0,0 +1,33 @@
+-----BEGIN CERTIFICATE-----
+MIIFojCCBIqgAwIBAgIEQmx+HTANBgkqhkiG9w0BAQUFADA+MQswCQYDVQQGEwJw
+dDEVMBMGA1UEChMMTVVMVElDRVJULUNBMRgwFgYDVQQDEw9NVUxUSUNFUlQtQ0Eg
+MDIwHhcNMTAwNTE3MTAyMjMyWhcNMTMwNTE3MTAyMzM4WjCB1jELMAkGA1UEBhMC
+UFQxFTATBgNVBAoTDE1VTFRJQ0VSVC1DQTEWMBQGA1UECxMNQ0VSVElQT1IgLSBS
+QTESMBAGA1UECxMJQ29ycG9yYXRlMT4wPAYDVQQLEzVBTUEgLSBBZ2VuY2lhIHBh
+cmEgYSBNb2Rlcm5pemFjYW8gQWRtaW5pc3RyYXRpdmEgSS5QLjEYMBYGA1UECxMP
+V2ViIEFwcGxpY2F0aW9uMSowKAYDVQQDEyFzYW1sLmV1LWlkLmNhcnRhb2RlY2lk
+YWRhby5nb3YucHQwgZ8wDQYJKoZIhvcNAQEBBQADgY0AMIGJAoGBAMe2B9O1xCJp
+CmT2/AuypD1q9kbwge1Y0VjY5FOkhYPfki/XuuFpEdUa7KrurbcoDuuAmgjIxCIn
+v8vYAK5axY8hlPg9fp+vtRlmo1it5Y9IGY2mMvtN6OwoBzJOqKJypNexyAgIIR/u
+PqhVZjQAwGkTe1JrcDswKOKGbv21M1+pAgMBAAGjggKRMIICjTALBgNVHQ8EBAMC
+A/gwOAYIKwYBBQUHAQEELDAqMCgGCCsGAQUFBzABgRxodHRwOi8vb2NzcC5tdWx0
+aWNlcnQuY29tL2NhMIHgBgNVHSAEgdgwgdUwTQYJKwYBBAGwPAoCMEAwPgYIKwYB
+BQUHAgEWMmh0dHA6Ly93d3cubXVsdGljZXJ0LmNvbS9jcHMvbXVsdGljZXJ0LWNh
+LWNwcy5odG1sMIGDBgsrBgEEAbA8CgKIBjB0MHIGCCsGAQUFBwICMGYeZABoAHQA
+dABwADoALwAvAHcAdwB3AC4AbQB1AGwAdABpAGMAZQByAHQALgBjAG8AbQAvAGMA
+cAAvAG0AdQBsAHQAaQBjAGUAcgB0AC0AYwBhAC0AMQAwADMAMAAuAGgAdABtAGww
+EQYJYIZIAYb4QgEBBAQDAgSwMIIBAQYDVR0fBIH5MIH2MIGaoIGXoIGUhi9odHRw
+Oi8vd3d3Lm11bHRpY2VydC5jb20vY2EvbXVsdGljZXJ0LWNhLTAyLmNybIZhbGRh
+cDovL2xkYXAubXVsdGljZXJ0LmNvbS9jbj1NVUxUSUNFUlQtQ0ElMjAwMixvPU1V
+TFRJQ0VSVC1DQSxjPVBUP2NlcnRpZmljYXRlUmV2b2NhdGlvbkxpc3Q/YmFzZTBX
+oFWgU6RRME8xCzAJBgNVBAYTAnB0MRUwEwYDVQQKEwxNVUxUSUNFUlQtQ0ExGDAW
+BgNVBAMTD01VTFRJQ0VSVC1DQSAwMjEPMA0GA1UEAxMGQ1JMMTczMB8GA1UdIwQY
+MBaAFB3DuYilGL5gpyymY8pmKvwMJ8G9MB0GA1UdDgQWBBT+DvK0cR8Qa3uUWWYV
+rUfVGZeUTDAJBgNVHRMEAjAAMA0GCSqGSIb3DQEBBQUAA4IBAQBiXYB/Nst7hDnV
+RS9D6VjifN1F+JaxtwSLZBoxkij2mi/1kXRugKjkpo6e8Kwb24Wv7G+/ZAFjm3zN
+WK9v0ziR192l+4lWke8wRVwHW4Ecsp3nOwOxCiCYkX4uVPDZQT5+cPeNYJbOwYyd
+4jbHTPrPT7T2CmtgdqOIu2Dc+1aHyg9ZnhCGgwEwDbvq+grUr9RcHqmWqfdR3Eou
+TvLugaM54N4Bur8rolFatHzETbKjvXfWzpHoTTFEekyHgQXWdnmVny8JajBFUmE5
+TkONB+V+Jj/R2YPfF++9tRKwc4ifNeduWzSD6ohx+OFimdx2gKHIdkkAMfK09z1M
+vz83eaDr
+-----END CERTIFICATE-----
diff --git a/id/server/doc/conf/moa-spss/trustProfiles/C-PEPS/SI_C-PEPS.cer b/id/server/doc/conf/moa-spss/trustProfiles/C-PEPS/SI_C-PEPS.cer
new file mode 100644
index 000000000..2051a22c2
--- /dev/null
+++ b/id/server/doc/conf/moa-spss/trustProfiles/C-PEPS/SI_C-PEPS.cer
@@ -0,0 +1,31 @@
+-----BEGIN CERTIFICATE-----
+MIIFXDCCBESgAwIBAgIEOl3pnzANBgkqhkiG9w0BAQUFADA9MQswCQYDVQQGEwJz
+aTEbMBkGA1UEChMSc3RhdGUtaW5zdGl0dXRpb25zMREwDwYDVQQLEwhzaWdvdi1j
+YTAeFw0xMDA2MTAxMDUwMTVaFw0xNTA2MTAxMTIwMTVaMIGEMQswCQYDVQQGEwJz
+aTEbMBkGA1UEChMSc3RhdGUtaW5zdGl0dXRpb25zMRkwFwYDVQQLExB3ZWItY2Vy
+dGlmaWNhdGVzMRMwEQYDVQQLEwpHb3Zlcm5tZW50MSgwEAYDVQQDEwlQRVBTIFNB
+TUwwFAYDVQQFEw0xMjM1ODU3NTE4MDEzMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8A
+MIIBCgKCAQEAw9gh7flrQC1UUc0Dw1jFXQ5sDVwSjjO/QqUsvIysAGELNJTxs3/j
+vFOsokBOWlZEbocZXDqeLJtzO4zmpblc7c9okyZIi0sj+dEqKiMF7XbFfjo1NZ2c
+xJdQ4ENR1jLkiHSb5Z345dQ7VY6wju0ezMMA5O9cIywGWcSyH9h007tezhTWJeL5
+aN2gMvFs3tGx7Uv9JH9geIOopWlcQANSDkvAnCf/iu1YhbUmx+jYtcxlywtJ8Tri
+ON3GlFLr4ew4O8SrVxeQQ28yKKDEP/Y3399KWdQDwK/CeFy6flW3kYTiGDPnUH5T
+u9yEATomwnujhPHJZN6d46JFiTWFsll4aQIDAQABo4ICGjCCAhYwDgYDVR0PAQH/
+BAQDAgWgMCsGA1UdEAQkMCKADzIwMTAwNjEwMTA1MDE1WoEPMjAxNTA2MTAxMTIw
+MTVaMEoGA1UdIARDMEEwNQYKKwYBBAGvWQEBBTAnMCUGCCsGAQUFBwIBFhlodHRw
+Oi8vd3d3LmNhLmdvdi5zaS9jcHMvMAgGBgQAizABAjAYBggrBgEFBQcBAwQMMAow
+CAYGBACORgEBMBcGA1UdEQQQMA6BDHN0b3JrQGdvdi5zaTCB8QYDVR0fBIHpMIHm
+MFWgU6BRpE8wTTELMAkGA1UEBhMCc2kxGzAZBgNVBAoTEnN0YXRlLWluc3RpdHV0
+aW9uczERMA8GA1UECxMIc2lnb3YtY2ExDjAMBgNVBAMTBUNSTDI3MIGMoIGJoIGG
+hldsZGFwOi8veDUwMC5nb3Yuc2kvb3U9c2lnb3YtY2Esbz1zdGF0ZS1pbnN0aXR1
+dGlvbnMsYz1zaT9jZXJ0aWZpY2F0ZVJldm9jYXRpb25MaXN0P2Jhc2WGK2h0dHA6
+Ly93d3cuc2lnb3YtY2EuZ292LnNpL2NybC9zaWdvdi1jYS5jcmwwHwYDVR0jBBgw
+FoAUHvjUU2uzgwbpBAZXAvmlv8ZYPHIwHQYDVR0OBBYEFDY0NJgPdteoK8mw3FG7
+lde6PRboMAkGA1UdEwQCMAAwGQYJKoZIhvZ9B0EABAwwChsEVjcuMQMCA6gwDQYJ
+KoZIhvcNAQEFBQADggEBAInmtHMCOob3469jLaA/WvRXFUv0QelW4cS9Zr1QrZzW
+Wp1YUiwkWfILHkDJgvbo6qn8iUDyKSNPhgXFVKfWbBlbuUds9F2FCJ41g5n2jXZc
+Lz0IOpae4a9LHmNLdT0UKEGbUJ5a4wRaZEWLVfwrkN2GJPeWeeigbunYKtdVlceP
+4DZg8T1c/vpi8lrbTxSLUAzn0ie8FRod6k19y49QG5sudvwjeQgp309dUze0ULun
+YYTFkkc5d2uzqEa2WYcxHYz4+hKPHejbGGKC1OZz+zH7ZGGr0mtLYjSvXv+5VKTj
+85/a/sdD+vzNneKEGbLk7iupk0On5BIkJdWqnz/IeDk=
+-----END CERTIFICATE----- \ No newline at end of file
diff --git a/id/server/doc/conf/moa-spss/trustProfiles/MOAIDBuergerkarteAuthentisierungsDatenMitTestkarten/A-Trust-Qual-01.20011130-20041130.SerNo01f6(SecureSignatureKeypair).cer b/id/server/doc/conf/moa-spss/trustProfiles/MOAIDBuergerkarteAuthentisierungsDatenMitTestkarten/A-Trust-Qual-01.20011130-20041130.SerNo01f6(SecureSignatureKeypair).cer
new file mode 100644
index 000000000..d361d919f
--- /dev/null
+++ b/id/server/doc/conf/moa-spss/trustProfiles/MOAIDBuergerkarteAuthentisierungsDatenMitTestkarten/A-Trust-Qual-01.20011130-20041130.SerNo01f6(SecureSignatureKeypair).cer
Binary files differ
diff --git a/id/server/doc/conf/moa-spss/trustProfiles/MOAIDBuergerkarteAuthentisierungsDatenMitTestkarten/A-Trust-Qual-01.20011215-20041215.SerNo021e(SecureSignatureKeypair).cer b/id/server/doc/conf/moa-spss/trustProfiles/MOAIDBuergerkarteAuthentisierungsDatenMitTestkarten/A-Trust-Qual-01.20011215-20041215.SerNo021e(SecureSignatureKeypair).cer
new file mode 100644
index 000000000..ad13d7b28
--- /dev/null
+++ b/id/server/doc/conf/moa-spss/trustProfiles/MOAIDBuergerkarteAuthentisierungsDatenMitTestkarten/A-Trust-Qual-01.20011215-20041215.SerNo021e(SecureSignatureKeypair).cer
Binary files differ
diff --git a/id/server/doc/conf/moa-spss/trustProfiles/MOAIDBuergerkarteAuthentisierungsDatenMitTestkarten/A-Trust-Qual-01.20020207-20050207.SerNo0291(SecureSignatureKeypair).cer b/id/server/doc/conf/moa-spss/trustProfiles/MOAIDBuergerkarteAuthentisierungsDatenMitTestkarten/A-Trust-Qual-01.20020207-20050207.SerNo0291(SecureSignatureKeypair).cer
new file mode 100644
index 000000000..f9f27442b
--- /dev/null
+++ b/id/server/doc/conf/moa-spss/trustProfiles/MOAIDBuergerkarteAuthentisierungsDatenMitTestkarten/A-Trust-Qual-01.20020207-20050207.SerNo0291(SecureSignatureKeypair).cer
Binary files differ
diff --git a/id/server/doc/conf/moa-spss/trustProfiles/MOAIDBuergerkarteAuthentisierungsDatenMitTestkarten/A-Trust-Qual-01.20020207-20050207.SerNo210d(SecureSignatureKeypair).cer b/id/server/doc/conf/moa-spss/trustProfiles/MOAIDBuergerkarteAuthentisierungsDatenMitTestkarten/A-Trust-Qual-01.20020207-20050207.SerNo210d(SecureSignatureKeypair).cer
new file mode 100644
index 000000000..b6f39e354
--- /dev/null
+++ b/id/server/doc/conf/moa-spss/trustProfiles/MOAIDBuergerkarteAuthentisierungsDatenMitTestkarten/A-Trust-Qual-01.20020207-20050207.SerNo210d(SecureSignatureKeypair).cer
Binary files differ
diff --git a/id/server/doc/conf/moa-spss/trustProfiles/MOAIDBuergerkarteAuthentisierungsDatenMitTestkarten/A-Trust-Qual-01.20041201-20141201.SerNoE243(SecureSignatureKeypair).cer b/id/server/doc/conf/moa-spss/trustProfiles/MOAIDBuergerkarteAuthentisierungsDatenMitTestkarten/A-Trust-Qual-01.20041201-20141201.SerNoE243(SecureSignatureKeypair).cer
new file mode 100644
index 000000000..f9fef65fc
--- /dev/null
+++ b/id/server/doc/conf/moa-spss/trustProfiles/MOAIDBuergerkarteAuthentisierungsDatenMitTestkarten/A-Trust-Qual-01.20041201-20141201.SerNoE243(SecureSignatureKeypair).cer
Binary files differ
diff --git a/id/server/doc/conf/moa-spss/trustProfiles/MOAIDBuergerkarteAuthentisierungsDatenMitTestkarten/A-Trust-Qual-01b.20041201-20141201.SerNo01C854.cer b/id/server/doc/conf/moa-spss/trustProfiles/MOAIDBuergerkarteAuthentisierungsDatenMitTestkarten/A-Trust-Qual-01b.20041201-20141201.SerNo01C854.cer
new file mode 100644
index 000000000..3c7775b6e
--- /dev/null
+++ b/id/server/doc/conf/moa-spss/trustProfiles/MOAIDBuergerkarteAuthentisierungsDatenMitTestkarten/A-Trust-Qual-01b.20041201-20141201.SerNo01C854.cer
Binary files differ
diff --git a/id/server/doc/conf/moa-spss/trustProfiles/MOAIDBuergerkarteAuthentisierungsDatenMitTestkarten/A-Trust-Qual-02.20041203-20141203.SerNoE248(SecureSignatureKeypair).cer b/id/server/doc/conf/moa-spss/trustProfiles/MOAIDBuergerkarteAuthentisierungsDatenMitTestkarten/A-Trust-Qual-02.20041203-20141203.SerNoE248(SecureSignatureKeypair).cer
new file mode 100644
index 000000000..36a442b89
--- /dev/null
+++ b/id/server/doc/conf/moa-spss/trustProfiles/MOAIDBuergerkarteAuthentisierungsDatenMitTestkarten/A-Trust-Qual-02.20041203-20141203.SerNoE248(SecureSignatureKeypair).cer
Binary files differ
diff --git a/id/server/doc/conf/moa-spss/trustProfiles/MOAIDBuergerkarteAuthentisierungsDatenMitTestkarten/A-Trust-Qual-02b.20041203-20141203.SerNo01C857.cer b/id/server/doc/conf/moa-spss/trustProfiles/MOAIDBuergerkarteAuthentisierungsDatenMitTestkarten/A-Trust-Qual-02b.20041203-20141203.SerNo01C857.cer
new file mode 100644
index 000000000..54f809962
--- /dev/null
+++ b/id/server/doc/conf/moa-spss/trustProfiles/MOAIDBuergerkarteAuthentisierungsDatenMitTestkarten/A-Trust-Qual-02b.20041203-20141203.SerNo01C857.cer
Binary files differ
diff --git a/id/server/doc/conf/moa-spss/trustProfiles/MOAIDBuergerkarteAuthentisierungsDatenMitTestkarten/A-Trust-Qual-03.20080425-20180425.SerNoe694(SecureSignatureKeypair).cer b/id/server/doc/conf/moa-spss/trustProfiles/MOAIDBuergerkarteAuthentisierungsDatenMitTestkarten/A-Trust-Qual-03.20080425-20180425.SerNoe694(SecureSignatureKeypair).cer
new file mode 100644
index 000000000..ab9e0cd7d
--- /dev/null
+++ b/id/server/doc/conf/moa-spss/trustProfiles/MOAIDBuergerkarteAuthentisierungsDatenMitTestkarten/A-Trust-Qual-03.20080425-20180425.SerNoe694(SecureSignatureKeypair).cer
Binary files differ
diff --git a/id/server/doc/conf/moa-spss/trustProfiles/MOAIDBuergerkarteAuthentisierungsDatenMitTestkarten/A-Trust-Qual-03b.20080424-20180424.SerNo041D14.cer b/id/server/doc/conf/moa-spss/trustProfiles/MOAIDBuergerkarteAuthentisierungsDatenMitTestkarten/A-Trust-Qual-03b.20080424-20180424.SerNo041D14.cer
new file mode 100644
index 000000000..01965769d
--- /dev/null
+++ b/id/server/doc/conf/moa-spss/trustProfiles/MOAIDBuergerkarteAuthentisierungsDatenMitTestkarten/A-Trust-Qual-03b.20080424-20180424.SerNo041D14.cer
Binary files differ
diff --git a/id/server/doc/conf/moa-spss/trustProfiles/MOAIDBuergerkarteAuthentisierungsDatenMitTestkarten/A-Trust-Root-05.20130923-20230920.SerNoFCDB4.cer b/id/server/doc/conf/moa-spss/trustProfiles/MOAIDBuergerkarteAuthentisierungsDatenMitTestkarten/A-Trust-Root-05.20130923-20230920.SerNoFCDB4.cer
new file mode 100644
index 000000000..b9a0e5a61
--- /dev/null
+++ b/id/server/doc/conf/moa-spss/trustProfiles/MOAIDBuergerkarteAuthentisierungsDatenMitTestkarten/A-Trust-Root-05.20130923-20230920.SerNoFCDB4.cer
Binary files differ
diff --git a/id/server/doc/conf/moa-spss/trustProfiles/MOAIDBuergerkarteAuthentisierungsDatenMitTestkarten/A-Trust-nQual-03.20050817-20150817.SerNo016c1e.cer b/id/server/doc/conf/moa-spss/trustProfiles/MOAIDBuergerkarteAuthentisierungsDatenMitTestkarten/A-Trust-nQual-03.20050817-20150817.SerNo016c1e.cer
new file mode 100644
index 000000000..33e776369
--- /dev/null
+++ b/id/server/doc/conf/moa-spss/trustProfiles/MOAIDBuergerkarteAuthentisierungsDatenMitTestkarten/A-Trust-nQual-03.20050817-20150817.SerNo016c1e.cer
Binary files differ
diff --git a/id/server/doc/conf/moa-spss/trustProfiles/MOAIDBuergerkarteAuthentisierungsDatenMitTestkarten/C=AT,O=Hauptverband oesterr. Sozialvers.,CN=Root-CA 1-2045.der b/id/server/doc/conf/moa-spss/trustProfiles/MOAIDBuergerkarteAuthentisierungsDatenMitTestkarten/C=AT,O=Hauptverband oesterr. Sozialvers.,CN=Root-CA 1-2045.der
new file mode 100644
index 000000000..3be7b6a06
--- /dev/null
+++ b/id/server/doc/conf/moa-spss/trustProfiles/MOAIDBuergerkarteAuthentisierungsDatenMitTestkarten/C=AT,O=Hauptverband oesterr. Sozialvers.,CN=Root-CA 1-2045.der
Binary files differ
diff --git a/id/server/doc/conf/moa-spss/trustProfiles/MOAIDBuergerkarteAuthentisierungsDatenMitTestkarten/EGIZ_Test_CA_-_User.20070829-20140101.SerNo00.cer b/id/server/doc/conf/moa-spss/trustProfiles/MOAIDBuergerkarteAuthentisierungsDatenMitTestkarten/EGIZ_Test_CA_-_User.20070829-20140101.SerNo00.cer
new file mode 100644
index 000000000..73553b996
--- /dev/null
+++ b/id/server/doc/conf/moa-spss/trustProfiles/MOAIDBuergerkarteAuthentisierungsDatenMitTestkarten/EGIZ_Test_CA_-_User.20070829-20140101.SerNo00.cer
Binary files differ
diff --git a/id/server/doc/conf/moa-spss/trustProfiles/MOAIDBuergerkarteAuthentisierungsDatenMitTestkarten/a-sign-Premium-Test-Sig-02.20041227-20141201.SerNo00b5ac.cer b/id/server/doc/conf/moa-spss/trustProfiles/MOAIDBuergerkarteAuthentisierungsDatenMitTestkarten/a-sign-Premium-Test-Sig-02.20041227-20141201.SerNo00b5ac.cer
new file mode 100644
index 000000000..911640d0e
--- /dev/null
+++ b/id/server/doc/conf/moa-spss/trustProfiles/MOAIDBuergerkarteAuthentisierungsDatenMitTestkarten/a-sign-Premium-Test-Sig-02.20041227-20141201.SerNo00b5ac.cer
Binary files differ
diff --git a/id/server/doc/conf/moa-spss/trustProfiles/MOAIDBuergerkarteAuthentisierungsDatenMitTestkarten/a-sign-TEST-Qual-01a.20041117-20141117.SerNo00da88.cer b/id/server/doc/conf/moa-spss/trustProfiles/MOAIDBuergerkarteAuthentisierungsDatenMitTestkarten/a-sign-TEST-Qual-01a.20041117-20141117.SerNo00da88.cer
new file mode 100644
index 000000000..cac44093a
--- /dev/null
+++ b/id/server/doc/conf/moa-spss/trustProfiles/MOAIDBuergerkarteAuthentisierungsDatenMitTestkarten/a-sign-TEST-Qual-01a.20041117-20141117.SerNo00da88.cer
Binary files differ
diff --git a/id/server/doc/conf/moa-spss/trustProfiles/MOAIDBuergerkarteAuthentisierungsDatenMitTestkarten/a-sign-TEST-nQual-01a.20041117-20080630.SerNo00da8b.cer b/id/server/doc/conf/moa-spss/trustProfiles/MOAIDBuergerkarteAuthentisierungsDatenMitTestkarten/a-sign-TEST-nQual-01a.20041117-20080630.SerNo00da8b.cer
new file mode 100644
index 000000000..32893db7f
--- /dev/null
+++ b/id/server/doc/conf/moa-spss/trustProfiles/MOAIDBuergerkarteAuthentisierungsDatenMitTestkarten/a-sign-TEST-nQual-01a.20041117-20080630.SerNo00da8b.cer
Binary files differ
diff --git a/id/server/doc/conf/moa-spss/trustProfiles/MOAIDBuergerkarteAuthentisierungsDatenOhneTestkarten/A-Trust-Qual-01.20011130-20041130.SerNo01f6(SecureSignatureKeypair).cer b/id/server/doc/conf/moa-spss/trustProfiles/MOAIDBuergerkarteAuthentisierungsDatenOhneTestkarten/A-Trust-Qual-01.20011130-20041130.SerNo01f6(SecureSignatureKeypair).cer
new file mode 100644
index 000000000..d361d919f
--- /dev/null
+++ b/id/server/doc/conf/moa-spss/trustProfiles/MOAIDBuergerkarteAuthentisierungsDatenOhneTestkarten/A-Trust-Qual-01.20011130-20041130.SerNo01f6(SecureSignatureKeypair).cer
Binary files differ
diff --git a/id/server/doc/conf/moa-spss/trustProfiles/MOAIDBuergerkarteAuthentisierungsDatenOhneTestkarten/A-Trust-Qual-01.20011215-20041215.SerNo021e(SecureSignatureKeypair).cer b/id/server/doc/conf/moa-spss/trustProfiles/MOAIDBuergerkarteAuthentisierungsDatenOhneTestkarten/A-Trust-Qual-01.20011215-20041215.SerNo021e(SecureSignatureKeypair).cer
new file mode 100644
index 000000000..ad13d7b28
--- /dev/null
+++ b/id/server/doc/conf/moa-spss/trustProfiles/MOAIDBuergerkarteAuthentisierungsDatenOhneTestkarten/A-Trust-Qual-01.20011215-20041215.SerNo021e(SecureSignatureKeypair).cer
Binary files differ
diff --git a/id/server/doc/conf/moa-spss/trustProfiles/MOAIDBuergerkarteAuthentisierungsDatenOhneTestkarten/A-Trust-Qual-01.20020207-20050207.SerNo0291(SecureSignatureKeypair).cer b/id/server/doc/conf/moa-spss/trustProfiles/MOAIDBuergerkarteAuthentisierungsDatenOhneTestkarten/A-Trust-Qual-01.20020207-20050207.SerNo0291(SecureSignatureKeypair).cer
new file mode 100644
index 000000000..f9f27442b
--- /dev/null
+++ b/id/server/doc/conf/moa-spss/trustProfiles/MOAIDBuergerkarteAuthentisierungsDatenOhneTestkarten/A-Trust-Qual-01.20020207-20050207.SerNo0291(SecureSignatureKeypair).cer
Binary files differ
diff --git a/id/server/doc/conf/moa-spss/trustProfiles/MOAIDBuergerkarteAuthentisierungsDatenOhneTestkarten/A-Trust-Qual-01.20020207-20050207.SerNo210d(SecureSignatureKeypair).cer b/id/server/doc/conf/moa-spss/trustProfiles/MOAIDBuergerkarteAuthentisierungsDatenOhneTestkarten/A-Trust-Qual-01.20020207-20050207.SerNo210d(SecureSignatureKeypair).cer
new file mode 100644
index 000000000..b6f39e354
--- /dev/null
+++ b/id/server/doc/conf/moa-spss/trustProfiles/MOAIDBuergerkarteAuthentisierungsDatenOhneTestkarten/A-Trust-Qual-01.20020207-20050207.SerNo210d(SecureSignatureKeypair).cer
Binary files differ
diff --git a/id/server/doc/conf/moa-spss/trustProfiles/MOAIDBuergerkarteAuthentisierungsDatenOhneTestkarten/A-Trust-Qual-01.20041201-20141201.SerNoE243(SecureSignatureKeypair).cer b/id/server/doc/conf/moa-spss/trustProfiles/MOAIDBuergerkarteAuthentisierungsDatenOhneTestkarten/A-Trust-Qual-01.20041201-20141201.SerNoE243(SecureSignatureKeypair).cer
new file mode 100644
index 000000000..f9fef65fc
--- /dev/null
+++ b/id/server/doc/conf/moa-spss/trustProfiles/MOAIDBuergerkarteAuthentisierungsDatenOhneTestkarten/A-Trust-Qual-01.20041201-20141201.SerNoE243(SecureSignatureKeypair).cer
Binary files differ
diff --git a/id/server/doc/conf/moa-spss/trustProfiles/MOAIDBuergerkarteAuthentisierungsDatenOhneTestkarten/A-Trust-Qual-01b.20041201-20141201.SerNo01C854.cer b/id/server/doc/conf/moa-spss/trustProfiles/MOAIDBuergerkarteAuthentisierungsDatenOhneTestkarten/A-Trust-Qual-01b.20041201-20141201.SerNo01C854.cer
new file mode 100644
index 000000000..3c7775b6e
--- /dev/null
+++ b/id/server/doc/conf/moa-spss/trustProfiles/MOAIDBuergerkarteAuthentisierungsDatenOhneTestkarten/A-Trust-Qual-01b.20041201-20141201.SerNo01C854.cer
Binary files differ
diff --git a/id/server/doc/conf/moa-spss/trustProfiles/MOAIDBuergerkarteAuthentisierungsDatenOhneTestkarten/A-Trust-Qual-02.20041203-20141203.SerNoE248(SecureSignatureKeypair).cer b/id/server/doc/conf/moa-spss/trustProfiles/MOAIDBuergerkarteAuthentisierungsDatenOhneTestkarten/A-Trust-Qual-02.20041203-20141203.SerNoE248(SecureSignatureKeypair).cer
new file mode 100644
index 000000000..36a442b89
--- /dev/null
+++ b/id/server/doc/conf/moa-spss/trustProfiles/MOAIDBuergerkarteAuthentisierungsDatenOhneTestkarten/A-Trust-Qual-02.20041203-20141203.SerNoE248(SecureSignatureKeypair).cer
Binary files differ
diff --git a/id/server/doc/conf/moa-spss/trustProfiles/MOAIDBuergerkarteAuthentisierungsDatenOhneTestkarten/A-Trust-Qual-02b.20041203-20141203.SerNo01C857.cer b/id/server/doc/conf/moa-spss/trustProfiles/MOAIDBuergerkarteAuthentisierungsDatenOhneTestkarten/A-Trust-Qual-02b.20041203-20141203.SerNo01C857.cer
new file mode 100644
index 000000000..54f809962
--- /dev/null
+++ b/id/server/doc/conf/moa-spss/trustProfiles/MOAIDBuergerkarteAuthentisierungsDatenOhneTestkarten/A-Trust-Qual-02b.20041203-20141203.SerNo01C857.cer
Binary files differ
diff --git a/id/server/doc/conf/moa-spss/trustProfiles/MOAIDBuergerkarteAuthentisierungsDatenOhneTestkarten/A-Trust-Qual-03.20080425-20180425.SerNoe694(SecureSignatureKeypair).cer b/id/server/doc/conf/moa-spss/trustProfiles/MOAIDBuergerkarteAuthentisierungsDatenOhneTestkarten/A-Trust-Qual-03.20080425-20180425.SerNoe694(SecureSignatureKeypair).cer
new file mode 100644
index 000000000..ab9e0cd7d
--- /dev/null
+++ b/id/server/doc/conf/moa-spss/trustProfiles/MOAIDBuergerkarteAuthentisierungsDatenOhneTestkarten/A-Trust-Qual-03.20080425-20180425.SerNoe694(SecureSignatureKeypair).cer
Binary files differ
diff --git a/id/server/doc/conf/moa-spss/trustProfiles/MOAIDBuergerkarteAuthentisierungsDatenOhneTestkarten/A-Trust-Qual-03b.20080424-20180424.SerNo041D14.cer b/id/server/doc/conf/moa-spss/trustProfiles/MOAIDBuergerkarteAuthentisierungsDatenOhneTestkarten/A-Trust-Qual-03b.20080424-20180424.SerNo041D14.cer
new file mode 100644
index 000000000..01965769d
--- /dev/null
+++ b/id/server/doc/conf/moa-spss/trustProfiles/MOAIDBuergerkarteAuthentisierungsDatenOhneTestkarten/A-Trust-Qual-03b.20080424-20180424.SerNo041D14.cer
Binary files differ
diff --git a/id/server/doc/conf/moa-spss/trustProfiles/MOAIDBuergerkarteAuthentisierungsDatenOhneTestkarten/A-Trust-Root-05.20130923-20230920.SerNoFCDB4.cer b/id/server/doc/conf/moa-spss/trustProfiles/MOAIDBuergerkarteAuthentisierungsDatenOhneTestkarten/A-Trust-Root-05.20130923-20230920.SerNoFCDB4.cer
new file mode 100644
index 000000000..b9a0e5a61
--- /dev/null
+++ b/id/server/doc/conf/moa-spss/trustProfiles/MOAIDBuergerkarteAuthentisierungsDatenOhneTestkarten/A-Trust-Root-05.20130923-20230920.SerNoFCDB4.cer
Binary files differ
diff --git a/id/server/doc/conf/moa-spss/trustProfiles/MOAIDBuergerkarteAuthentisierungsDatenOhneTestkarten/A-Trust-nQual-03.20050817-20150817.SerNo016c1e.cer b/id/server/doc/conf/moa-spss/trustProfiles/MOAIDBuergerkarteAuthentisierungsDatenOhneTestkarten/A-Trust-nQual-03.20050817-20150817.SerNo016c1e.cer
new file mode 100644
index 000000000..33e776369
--- /dev/null
+++ b/id/server/doc/conf/moa-spss/trustProfiles/MOAIDBuergerkarteAuthentisierungsDatenOhneTestkarten/A-Trust-nQual-03.20050817-20150817.SerNo016c1e.cer
Binary files differ
diff --git a/id/server/doc/conf/moa-spss/trustProfiles/MOAIDBuergerkarteAuthentisierungsDatenOhneTestkarten/C=AT,O=Hauptverband oesterr. Sozialvers.,CN=Root-CA 1-2045.der b/id/server/doc/conf/moa-spss/trustProfiles/MOAIDBuergerkarteAuthentisierungsDatenOhneTestkarten/C=AT,O=Hauptverband oesterr. Sozialvers.,CN=Root-CA 1-2045.der
new file mode 100644
index 000000000..3be7b6a06
--- /dev/null
+++ b/id/server/doc/conf/moa-spss/trustProfiles/MOAIDBuergerkarteAuthentisierungsDatenOhneTestkarten/C=AT,O=Hauptverband oesterr. Sozialvers.,CN=Root-CA 1-2045.der
Binary files differ
diff --git a/id/server/doc/conf/moa-spss/trustProfiles/MOAIDBuergerkartePersonenbindungMitTestkarten/A-CERT-GOVERNMENT-20090505-20360918.SerNo0E.cer b/id/server/doc/conf/moa-spss/trustProfiles/MOAIDBuergerkartePersonenbindungMitTestkarten/A-CERT-GOVERNMENT-20090505-20360918.SerNo0E.cer
new file mode 100644
index 000000000..afe6fdf09
--- /dev/null
+++ b/id/server/doc/conf/moa-spss/trustProfiles/MOAIDBuergerkartePersonenbindungMitTestkarten/A-CERT-GOVERNMENT-20090505-20360918.SerNo0E.cer
Binary files differ
diff --git a/id/server/doc/conf/moa-spss/trustProfiles/MOAIDBuergerkartePersonenbindungMitTestkarten/A-Trust-nQual-03.20050817-20150817.SerNo016c1e.cer b/id/server/doc/conf/moa-spss/trustProfiles/MOAIDBuergerkartePersonenbindungMitTestkarten/A-Trust-nQual-03.20050817-20150817.SerNo016c1e.cer
new file mode 100644
index 000000000..33e776369
--- /dev/null
+++ b/id/server/doc/conf/moa-spss/trustProfiles/MOAIDBuergerkartePersonenbindungMitTestkarten/A-Trust-nQual-03.20050817-20150817.SerNo016c1e.cer
Binary files differ
diff --git a/id/server/doc/conf/moa-spss/trustProfiles/MOAIDBuergerkartePersonenbindungMitTestkarten/EGIZ_Test_CA_-_Signaturdienst.20070829-20140101.SerNo02.cer b/id/server/doc/conf/moa-spss/trustProfiles/MOAIDBuergerkartePersonenbindungMitTestkarten/EGIZ_Test_CA_-_Signaturdienst.20070829-20140101.SerNo02.cer
new file mode 100644
index 000000000..277b6083a
--- /dev/null
+++ b/id/server/doc/conf/moa-spss/trustProfiles/MOAIDBuergerkartePersonenbindungMitTestkarten/EGIZ_Test_CA_-_Signaturdienst.20070829-20140101.SerNo02.cer
Binary files differ
diff --git a/id/server/doc/conf/moa-spss/trustProfiles/MOAIDBuergerkartePersonenbindungMitTestkarten/Nikolaus_Schwab.20040219-20070219.SerNo5C39.cer b/id/server/doc/conf/moa-spss/trustProfiles/MOAIDBuergerkartePersonenbindungMitTestkarten/Nikolaus_Schwab.20040219-20070219.SerNo5C39.cer
new file mode 100644
index 000000000..376d0753f
--- /dev/null
+++ b/id/server/doc/conf/moa-spss/trustProfiles/MOAIDBuergerkartePersonenbindungMitTestkarten/Nikolaus_Schwab.20040219-20070219.SerNo5C39.cer
Binary files differ
diff --git a/id/server/doc/conf/moa-spss/trustProfiles/MOAIDBuergerkartePersonenbindungMitTestkarten/Waltraut_Kotschy.20070119-20120119.SerNo02DE1C.cer b/id/server/doc/conf/moa-spss/trustProfiles/MOAIDBuergerkartePersonenbindungMitTestkarten/Waltraut_Kotschy.20070119-20120119.SerNo02DE1C.cer
new file mode 100644
index 000000000..592c96230
--- /dev/null
+++ b/id/server/doc/conf/moa-spss/trustProfiles/MOAIDBuergerkartePersonenbindungMitTestkarten/Waltraut_Kotschy.20070119-20120119.SerNo02DE1C.cer
Binary files differ
diff --git a/id/server/doc/conf/moa-spss/trustProfiles/MOAIDBuergerkartePersonenbindungMitTestkarten/a-sign-corporate-light-02.cer b/id/server/doc/conf/moa-spss/trustProfiles/MOAIDBuergerkartePersonenbindungMitTestkarten/a-sign-corporate-light-02.cer
new file mode 100644
index 000000000..61a7ccb15
--- /dev/null
+++ b/id/server/doc/conf/moa-spss/trustProfiles/MOAIDBuergerkartePersonenbindungMitTestkarten/a-sign-corporate-light-02.cer
Binary files differ
diff --git a/id/server/doc/conf/moa-spss/trustProfiles/MOAIDBuergerkartePersonenbindungMitTestkarten/a-sign-corporate-light-03-20051114-20151114.SerNo01AAED.cer b/id/server/doc/conf/moa-spss/trustProfiles/MOAIDBuergerkartePersonenbindungMitTestkarten/a-sign-corporate-light-03-20051114-20151114.SerNo01AAED.cer
new file mode 100644
index 000000000..5171276f4
--- /dev/null
+++ b/id/server/doc/conf/moa-spss/trustProfiles/MOAIDBuergerkartePersonenbindungMitTestkarten/a-sign-corporate-light-03-20051114-20151114.SerNo01AAED.cer
Binary files differ
diff --git a/id/server/doc/conf/moa-spss/trustProfiles/MOAIDBuergerkartePersonenbindungOhneTestkarten/A-CERT-GOVERNMENT-20090505-20360918.SerNo0E.cer b/id/server/doc/conf/moa-spss/trustProfiles/MOAIDBuergerkartePersonenbindungOhneTestkarten/A-CERT-GOVERNMENT-20090505-20360918.SerNo0E.cer
new file mode 100644
index 000000000..afe6fdf09
--- /dev/null
+++ b/id/server/doc/conf/moa-spss/trustProfiles/MOAIDBuergerkartePersonenbindungOhneTestkarten/A-CERT-GOVERNMENT-20090505-20360918.SerNo0E.cer
Binary files differ
diff --git a/id/server/doc/conf/moa-spss/trustProfiles/MOAIDBuergerkartePersonenbindungOhneTestkarten/A-Trust-nQual-03.20050817-20150817.SerNo016c1e.cer b/id/server/doc/conf/moa-spss/trustProfiles/MOAIDBuergerkartePersonenbindungOhneTestkarten/A-Trust-nQual-03.20050817-20150817.SerNo016c1e.cer
new file mode 100644
index 000000000..33e776369
--- /dev/null
+++ b/id/server/doc/conf/moa-spss/trustProfiles/MOAIDBuergerkartePersonenbindungOhneTestkarten/A-Trust-nQual-03.20050817-20150817.SerNo016c1e.cer
Binary files differ
diff --git a/id/server/doc/conf/moa-spss/trustProfiles/MOAIDBuergerkartePersonenbindungOhneTestkarten/Nikolaus_Schwab.20040219-20070219.SerNo5C39.cer b/id/server/doc/conf/moa-spss/trustProfiles/MOAIDBuergerkartePersonenbindungOhneTestkarten/Nikolaus_Schwab.20040219-20070219.SerNo5C39.cer
new file mode 100644
index 000000000..376d0753f
--- /dev/null
+++ b/id/server/doc/conf/moa-spss/trustProfiles/MOAIDBuergerkartePersonenbindungOhneTestkarten/Nikolaus_Schwab.20040219-20070219.SerNo5C39.cer
Binary files differ
diff --git a/id/server/doc/conf/moa-spss/trustProfiles/MOAIDBuergerkartePersonenbindungOhneTestkarten/Waltraut_Kotschy.20070119-20120119.SerNo02DE1C.cer b/id/server/doc/conf/moa-spss/trustProfiles/MOAIDBuergerkartePersonenbindungOhneTestkarten/Waltraut_Kotschy.20070119-20120119.SerNo02DE1C.cer
new file mode 100644
index 000000000..592c96230
--- /dev/null
+++ b/id/server/doc/conf/moa-spss/trustProfiles/MOAIDBuergerkartePersonenbindungOhneTestkarten/Waltraut_Kotschy.20070119-20120119.SerNo02DE1C.cer
Binary files differ
diff --git a/id/server/doc/conf/moa-spss/trustProfiles/MOAIDBuergerkartePersonenbindungOhneTestkarten/a-sign-corporate-light-02.cer b/id/server/doc/conf/moa-spss/trustProfiles/MOAIDBuergerkartePersonenbindungOhneTestkarten/a-sign-corporate-light-02.cer
new file mode 100644
index 000000000..61a7ccb15
--- /dev/null
+++ b/id/server/doc/conf/moa-spss/trustProfiles/MOAIDBuergerkartePersonenbindungOhneTestkarten/a-sign-corporate-light-02.cer
Binary files differ
diff --git a/id/server/doc/conf/moa-spss/trustProfiles/MOAIDBuergerkartePersonenbindungOhneTestkarten/a-sign-corporate-light-03-20051114-20151114.SerNo01AAED.cer b/id/server/doc/conf/moa-spss/trustProfiles/MOAIDBuergerkartePersonenbindungOhneTestkarten/a-sign-corporate-light-03-20051114-20151114.SerNo01AAED.cer
new file mode 100644
index 000000000..5171276f4
--- /dev/null
+++ b/id/server/doc/conf/moa-spss/trustProfiles/MOAIDBuergerkartePersonenbindungOhneTestkarten/a-sign-corporate-light-03-20051114-20151114.SerNo01AAED.cer
Binary files differ
diff --git a/id/server/doc/handbook/application/application.html b/id/server/doc/handbook/application/application.html
index 83e301089..7fd729683 100644
--- a/id/server/doc/handbook/application/application.html
+++ b/id/server/doc/handbook/application/application.html
@@ -110,6 +110,12 @@ https://&lt;host&gt;:&lt;port&gt;/moa-id-oa/
<th width="559" scope="col">Beschreibung</th>
</tr>
<tr>
+ <td>general.publicURLContext</td>
+ <td>https://localhost:8443/moa-id-oa</td>
+ <td><p>URL unter der das Modul MOA-ID-OA erreichbar ist.</p>
+ <p><strong>Hinweis:</strong> Ist dieser Parameter nicht vorhanden wird die URL aus dem ersten Request generiert.</p></td>
+ </tr>
+ <tr>
<td>general.login.pvp2.idp.metadata.url</td>
<td>https://demo.egiz.gv.at/moa-id-auth/<br>
pvp2/metadata</td>
@@ -117,7 +123,7 @@ https://&lt;host&gt;:&lt;port&gt;/moa-id-oa/
</tr>
<tr>
<td>general.login.pvp2.idp.metadata.certificate</td>
- <td>keys/metadata.crt</td>
+ <td>keys/moa_idp.crt</td>
<td>Zertifikat mit dem die PVP2.1 Metadaten des IDP signiert sind. Dieser Zertifikat wird zur Pr&uuml;fung der IDP Metadaten verwendet.</td>
</tr>
<tr>
@@ -138,12 +144,12 @@ https://&lt;host&gt;:&lt;port&gt;/moa-id-oa/
</tr>
<tr>
<td>general.login.pvp2.keystore.url</td>
- <td>keys/moa_idp.p12</td>
+ <td>keys/application[password].p12</td>
<td>Keystore mit Schl&uuml;ssel und Zertifikaten welche f&uuml;r das signieren und verschl&uuml;sseln der PVP2.1 Nachrichten verwendet werden sollen.</td>
</tr>
<tr>
<td>general.login.pvp2.keystore.password</td>
- <td>123456</td>
+ <td>password</td>
<td>Passwort des Keystores</td>
</tr>
<tr>
@@ -157,32 +163,32 @@ https://&lt;host&gt;:&lt;port&gt;/moa-id-oa/
</tr>
<tr>
<td>general.login.pvp2.keystore.metadata.key.alias</td>
- <td>metadata</td>
+ <td>pvp_metadata</td>
<td>Name des Schl&uuml;ssels der zum Signieren der Metadaten des Modules MOA-ID-Configuration verwendet werden soll</td>
</tr>
<tr>
<td>general.login.pvp2.keystore.metadata.key.password</td>
- <td>123456</td>
+ <td>password</td>
<td>Passwort des Schl&uuml;ssels der zum Signieren der Metadaten verwendet werden soll.</td>
</tr>
<tr>
<td>general.login.pvp2.keystore.authrequest.encryption.key.alias</td>
- <td>encryption</td>
+ <td>pvp_encryption</td>
<td>Name des Schl&uuml;ssels der zum Verschl&uuml;sseln der Anmeldeinformation, welche vom IDP an das Konfigurationstool &uuml;bermittelt, verwendet werden soll</td>
</tr>
<tr>
<td>general.login.pvp2.keystore.authrequest.encryption.key.password</td>
- <td>123456</td>
+ <td>password</td>
<td>Passwort des Schl&uuml;ssels zum Verschl&uuml;sseln der Anmeldeinformation.</td>
</tr>
<tr>
<td>general.login.pvp2.keystore.authrequest.key.alias</td>
- <td>authrequest</td>
+ <td>pvp_request</td>
<td>Name des Schl&uuml;ssels zum Signieren des Authentifizierungsrequests der an den IDP gestellt wird.</td>
</tr>
<tr>
<td>general.login.pvp2.keystore.authrequest.key.password</td>
- <td>123456</td>
+ <td>password</td>
<td>Passwort des Schl&uuml;ssels zum Signieren des Authentifizierungsrequests.</td>
</tr>
</table>
diff --git a/id/server/doc/handbook/config/config.html b/id/server/doc/handbook/config/config.html
index ddbe1ac37..6a54d61c0 100644
--- a/id/server/doc/handbook/config/config.html
+++ b/id/server/doc/handbook/config/config.html
@@ -6,6 +6,7 @@
<link rel="stylesheet" href="../common/MOA.css" type="text/css">
</head>
<body link="#990000">
+ X
<table class="logoTable" width="100%" border="0" cellspacing="0" cellpadding="10">
<tr>
<td align="center" class="logoTitle" width="267"><img src="../common/LogoBKA.png" alt="Logo BKA" width="267" height="37" align="left"></td>
@@ -167,7 +168,8 @@
</ol>
<p>Optional kann nach dem Schritt 3 Basiskonfiguration des Modules MOA-ID-Auth eine <a href="#import_export_legacy">bestehende MOA-ID 1.5.1 Konfiguration importiert</a> werden. F&uuml;r bestehende Konfigurationen &lt; 1.5.1 wird eine vollst&auml;ndige Neukonfiguration empfohlen.</p>
<h1><a name="uebersicht_zentraledatei" id="uebersicht_zentraledatei"></a>2 Basiskonfiguration</h1>
-<p>Die Basiskonfiguration f&uuml;r die Module MOA-ID-Auth und MOA-ID-Configuration erfolgt mit Hilfe textueller propertie Dateien. Diese Propertie Dateien beinhalten alle Konfigurationsparameter welche f&uuml;r den Start der Module erforderlich sind und m&uuml;ssen der Java Virtual Machine durch eine System Property mitgeteilt werden. Alle &Auml;nderungen die an der Basiskonfiguration vorgenommen werden erfordern einen Neustart der jeweiligen Java Virtual Machine. </p>
+<p>Die Basiskonfiguration f&uuml;r die Module MOA-ID-Auth und MOA-ID-Configuration erfolgt mit Hilfe textueller propertie Dateien. Diese Propertie Dateien beinhalten alle Konfigurationsparameter welche f&uuml;r den Start der Module erforderlich sind und m&uuml;ssen der Java Virtual Machine durch eine System Property mitgeteilt werden. Alle &Auml;nderungen die an der Basiskonfiguration vorgenommen werden erfordern einen Neustart der jeweiligen Java Virtual Machine.</p>
+<p><strong>Hinweis:</strong> Alle URL Konfigurationsparameter auf Dateien ohne den Prefix <em>file:/</em> werden als relative Pfadangaben zum Konfigurationsbasisverzeichnis des jeweiligen Modules interpretiert.</p>
<h2><a name="uebersicht_zentraledatei_aktualisierung" id="uebersicht_zentraledatei_aktualisierung"></a>2.1 MOA-ID-Configuration</h2>
<p>Dieser Abschnitt behandelt die Basiskonfiguration des Modules MOA-ID-Configuration. Der erste Teilabschnitt behandelt die Bekanntmachung der Konfigurationsdatei mittels einer System Property und der zweite Teilabschnitt beschreibt die einzelnen Konfigurationsparameter im Detail. Eine Konfiguration die als Ausgangspunkt f&uuml;r die individuelle Konfiguration verwendet werden kann finden Sie <a href="../../conf/moa-id-configuration/moa-id-configtool.properties">hier</a>.</p>
<h3><a name="moa_id_config_property" id="uebersicht_zentraledatei_aktualisierung7"></a>2.1.1 Bekanntmachung der Konfigurationsdatei</h3>
@@ -206,28 +208,22 @@
<p><strong>Hinweis</strong>: Aktuell wird nur Deutsch (de) oder Englisch (en) unterst&uuml;tzt.</p></td>
</tr>
<tr>
- <td>general.userrequests.cleanup.delay</td>
- <td>18</td>
- <td>Innerhalb dieses Zeitraums muss ein neuer Benutzer die im Benutzerprofil hinterlegte eMail Adresse validieren. </td>
+ <td>general.ssl.certstore</td>
+ <td>certs/certstore</td>
+ <td>Gibt den Pfadnamen zu einem Verzeichnis an, das als Zertifikatsspeicher im Zuge der TLS-Server-Zertifikats&uuml;berpr&uuml;fung verwendet wird.</td>
</tr>
-</table>
-<h4>
-<a name="moa_id_config_parameters_sprache" id="uebersicht_zentraledatei_aktualisierung30"></a>2.1.2.2 Sprachauswahl</h4>
-<p>Der folgende Konfigurationsparameter ist optional.</p>
-<table width="1247" border="1">
<tr>
- <th width="176" scope="col">Name</th>
- <th width="222" scope="col">Beispielwert</th>
- <th width="827" scope="col">Beschreibung</th>
+ <td>general.ssl.truststore</td>
+ <td>certs/truststore</td>
+ <td>TrustedCACertificates enth&auml;lt das Verzeichnis (relativ zur MOA-ID-Auth Basiskonfigurationsdatei), das jene Zertifikate enth&auml;lt, die als vertrauensw&uuml;rdig betrachtet werden. Im Zuge der &Uuml;berpr&uuml;fung der TLS-Serverzertifikate wird die Zertifikatspfaderstellung an einem dieser Zertifikate beendet. Dieses Verzeichnis wird zur Pr&uuml;fung der SSL Serverzertifikate beim Download von PVP 2.1 Metadaten verwendet.</td>
</tr>
<tr>
- <td>general.defaultlanguage</td>
- <td>en</td>
- <td>Die Sprache von der Benutzeroberfläche. Derzeit nur <i>en</i> oder <i>de</i> unterstützt.</td>
+ <td>general.userrequests.cleanup.delay</td>
+ <td>18</td>
+ <td>Innerhalb dieses Zeitraums muss ein neuer Benutzer die im Benutzerprofil hinterlegte eMail Adresse validieren. </td>
</tr>
</table>
-</h4>
-<h4><a name="moa_id_config_parameters_database" id="uebersicht_zentraledatei_aktualisierung10"></a>2.1.2.3 Datenbankzugriff</h4>
+<h4>2.1.2.3 Datenbankzugriff</h4>
<p>Diese Konfigurationsparameter sind nicht optional und m&uuml;ssen in der Konfigurationsdatei enthalten sein und individuell angepasst werden. F&uuml;r die Beispielkonfiguration wurde mySQL als Datenbank verwendet wodurch sich die Konfigurationsparameter auf mySQL beziehen. Das Modul MOA-ID-Configuration kann jedoch auch mit Datenbanken anderer Hersteller betrieben werden. Hierf&uuml;r wird jedoch auf die <a href="http://docs.jboss.org/hibernate/core/4.2/manual/en-US/html/">Hibernate Dokumention</a> verwiesen, welches im Module MOA-ID-Configuration f&uuml;r den Datenbankzugriff verwendet wird. </p>
<table width="1247" border="1">
<tr>
@@ -284,7 +280,7 @@
</tr>
<tr>
<td>general.login.pvp2.idp.metadata.certificate</td>
- <td>keys/metadata.crt</td>
+ <td>keys/moa_idp.crt</td>
<td>Zertifikat mit dem die PVP2.1 Metadaten des IDP signiert sind. Dieser Zertifikat wird zur Pr&uuml;fung der IDP Metadaten verwendet.</td>
</tr>
<tr>
@@ -305,12 +301,12 @@
</tr>
<tr>
<td>general.login.pvp2.keystore.url</td>
- <td>keys/moa_idp.p12</td>
+ <td>keys/application[password].p12</td>
<td>Keystore mit Schl&uuml;ssel und Zertifikaten welche f&uuml;r das signieren und verschl&uuml;sseln der PVP2.1 Nachrichten verwendet werden sollen.</td>
</tr>
<tr>
<td>general.login.pvp2.keystore.password</td>
- <td>123456</td>
+ <td>password</td>
<td>Passwort des Keystores</td>
</tr>
<tr>
@@ -324,32 +320,32 @@
</tr>
<tr>
<td>general.login.pvp2.keystore.metadata.key.alias</td>
- <td>metadata</td>
+ <td>pvp_metadata</td>
<td>Name des Schl&uuml;ssels der zum Signieren der Metadaten des Modules MOA-ID-Configuration verwendet werden soll</td>
</tr>
<tr>
<td>general.login.pvp2.keystore.metadata.key.password</td>
- <td>123456</td>
+ <td>password</td>
<td>Passwort des Schl&uuml;ssels der zum Signieren der Metadaten verwendet werden soll.</td>
</tr>
<tr>
<td>general.login.pvp2.keystore.authrequest.encryption.key.alias</td>
- <td>encryption</td>
+ <td>pvp_encryption</td>
<td>Name des Schl&uuml;ssels der zum Verschl&uuml;sseln der Anmeldeinformation, welche vom IDP an das Konfigurationstool &uuml;bermittelt, verwendet werden soll</td>
</tr>
<tr>
<td>general.login.pvp2.keystore.authrequest.encryption.key.password</td>
- <td>123456</td>
+ <td>password</td>
<td>Passwort des Schl&uuml;ssels zum Verschl&uuml;sseln der Anmeldeinformation.</td>
</tr>
<tr>
<td>general.login.pvp2.keystore.authrequest.key.alias</td>
- <td>authrequest</td>
+ <td>pvp_request</td>
<td>Name des Schl&uuml;ssels zum Signieren des Authentifizierungsrequests der an den IDP gestellt wird.</td>
</tr>
<tr>
<td>general.login.pvp2.keystore.authrequest.key.password</td>
- <td>123456</td>
+ <td>password</td>
<td>Passwort des Schl&uuml;ssels zum Signieren des Authentifizierungsrequests.</td>
</tr>
</table>
@@ -699,34 +695,44 @@ https://&lt;host&gt;:&lt;port&gt;/moa-id-auth/MonitoringServlet</pre>
</tr>
<tr>
<td>protocols.pvp2.idp.ks.file</td>
- <td>keys/pvp.p12</td>
+ <td>keys/moa_idp[password].p12</td>
<td>Dateiname des Java Keystore oder PKCS12 Keystore zur Signierung von PVP 2.1 spezifischen Inhalten. (PVP 2.1 Metadaten, PVP 2.1 Assertion)</td>
</tr>
<tr>
<td>protocols.pvp2.idp.ks.kspassword</td>
- <td>pass1234</td>
+ <td>password</td>
<td>Passwort zum Keystore</td>
</tr>
<tr>
<td>protocols.pvp2.idp.ks.metadata.alias</td>
- <td>metadata</td>
+ <td>pvp_metadata</td>
<td>Name des Schl&uuml;ssels der zur Signierung der PVP 2.1 Metadaten </td>
</tr>
<tr>
<td>protocols.pvp2.idp.ks.metadata.keypassword</td>
- <td>pass1234</td>
+ <td>password</td>
<td>Passwort des Schl&uuml;ssels der zur Signierung der PVP 2.1 Metadaten </td>
</tr>
<tr>
<td>protocols.pvp2.idp.ks.assertion.sign.alias</td>
- <td>signing</td>
+ <td>pvp_assertion</td>
<td>Name des Schl&uuml;ssels mit dem die PVP 2.1 Assertion durch MOA-ID-Auth unterschieben wird</td>
</tr>
<tr>
<td>protocols.pvp2.idp.ks.assertion.sign.keypassword</td>
- <td>pass1234</td>
+ <td>password</td>
<td>Passwort des Schl&uuml;ssels mit dem die PVP 2.1 Assertion durch MOA-ID-Auth unterschieben wird</td>
</tr>
+ <tr>
+ <td>protocols.pvp2.sp.ks.assertion.encryption.alias</td>
+ <td>pvp_encryption</td>
+ <td>Name des Schl&uuml;ssels mit dem PVP 2.1 Assertion f&uuml;r MOA-ID-Auth als Service Provider durch einen weiteren IDP Verschl&uuml;sselt werden sollen (siehe Kapitel <a href="./../interfederation/interfederation.html">Interfederation</a>)</td>
+ </tr>
+ <tr>
+ <td>protocols.pvp2.sp.ks.assertion.encryption.keypassword</td>
+ <td>password</td>
+ <td>Passwort des Schl&uuml;ssels mit dem PVP 2.1 Assertion f&uuml;r MOA-ID-Auth als Service Provider durch einen weiteren IDP Verschl&uuml;sselt werden sollen (siehe Kapitel <a href="./../interfederation/interfederation.html">Interfederation</a>)</td>
+ </tr>
</table>
<p>&nbsp;</p>
<h5><a name="basisconfig_moa_id_auth_param_protocol_openid" id="uebersicht_bekanntmachung11"></a>2.2.2.3.2 OpenID Connect</h5>
@@ -738,22 +744,22 @@ https://&lt;host&gt;:&lt;port&gt;/moa-id-auth/MonitoringServlet</pre>
</tr>
<tr>
<td>protocols.oauth20.jwt.ks.file</td>
- <td>keys/openID.p12</td>
+ <td>keys/moa_idp[password].p12</td>
<td>Dateiname des Java Keystore oder PKCS12 Keystore zur Signierung des OpenID Connect <em>id_token</em></td>
</tr>
<tr>
<td>protocols.oauth20.jwt.ks.password=</td>
- <td>pass1234</td>
+ <td>passsword</td>
<td>Passwort zum Keystore</td>
</tr>
<tr>
<td>protocols.oauth20.jwt.ks.key.name</td>
- <td>openID</td>
+ <td>pvp_assertion</td>
<td>Name des Schl&uuml;ssels der zum Signieren des <em>id_tokens</em> verwendet wird</td>
</tr>
<tr>
<td>protocols.oauth20.jwt.ks.key.password</td>
- <td>pass1234</td>
+ <td>pasword</td>
<td>Password des Schl&uuml;ssels der zum Signieren des <em>id_tokens</em> verwendet wird</td>
</tr>
</table>
@@ -1076,7 +1082,7 @@ Checking</td>
<tr>
<td><p>TrustedCACertificates</p></td>
<td>certs/ca-certs</td>
- <td>TrustedCACertificates enth&auml;lt das Verzeichnis (relativ zur MOA-ID-Auth Basiskonfigurationsdatei), das jene Zertifikate enth&auml;lt, die als vertrauensw&uuml;rdig betrachtet werden. Im Zuge der &Uuml;berpr&uuml;fung der TLS-Serverzertifikate wird die Zertifikatspfaderstellung an einem dieser Zertifikate beendet.</td>
+ <td>TrustedCACertificates enth&auml;lt das Verzeichnis (relativ zur MOA-ID-Auth Basiskonfigurationsdatei), das jene Zertifikate enth&auml;lt, die als vertrauensw&uuml;rdig betrachtet werden. Im Zuge der &Uuml;berpr&uuml;fung der TLS-Serverzertifikate wird die Zertifikatspfaderstellung an einem dieser Zertifikate beendet. Dieses Verzeichnis wird zur Pr&uuml;fung der SSL Serverzertifikate f&uuml;r den Zugriff auf das Online-Vollmachten Service, den Stammzahlenregister Gateway und das abholen von PVP 2.1 Metadaten via SSL verwendet.</td>
</tr>
<tr>
<td>ChainingMode</td>
@@ -1216,15 +1222,16 @@ Checking</td>
</tr>
<tr>
<td><span id="wwlbl_loadGeneralConfig_moaconfig_ssoSpecialText">SSO AuthBlockText</span></td>
- <td>Ich #NAME# stimme am #DATE# um #TIME# einer Anmeldung mittels Single Sign-On zu.</td>
+ <td>Ich #NAME#, geboren am #BIRTHDAY# stimme am #DATE# um #TIME# einer Anmeldung mittels Single Sign-On zu.</td>
<td><p>Zus&auml;tzlicher Text der in den AuthBlock eingetragen und von der BenutzerIn oder dem Benutzer signiert wird. Dieser Text, darf aus Buchstaben, Zahlen und Satzzeichen bestehen und wird als direkt nach der &Uuml;berschrift &quot;Anmeldeinformationen&quot; in den Aufblock eingeblendet. Die folgenden Schl&uuml;sselw&ouml;rter k&ouml;nnen zus&auml;tzlich verwendet werden und werden w&auml;hrend des Anmeldevorgangs durch die entsprechenden Anmeldedaten ersetzt.</p>
<ul>
<li>#NAME# wird ersetzt durch Vor- und&nbsp;Familienname (z.B. Max Mustermann)</li>
+ <li>#BIRTHDAY# wird durch das Geburtsdatum ersetzt (z.B. 01.01.1978)</li>
<li>#DATE# wird ersetzt durch das aktuelle Datum (z.B. 05.02.2014)</li>
<li>#TIME# wird ersetzt durch die aktuelle Uhrzeit (z.B. 10:35)</li>
</ul>
<p>Der nebenstehende Beispielwert w&uuml;rde somit zu folgendem Anmeldetext im AuthBlock f&uuml;hren:</p>
- <p><em>Ich Max Mustermann stimme am 05.02.2014 um 10:35 einer Anmeldung mittels Single Sign-On zu.</em></p></td>
+ <p><em>Ich Max Mustermann, geboren am 01.01.1978 stimme am 05.02.2014 um 10:35 einer Anmeldung mittels Single Sign-On zu.</em></p></td>
</tr>
</table>
<h3><a name="konfigurationsparameter_allgemein_stork" id="konfigurationsparameter_allgemein_bku8"></a>3.1.8 Secure idenTity acrOss boRders linKed (STORK)</h3>
@@ -1529,13 +1536,6 @@ Soll die B&uuml;rgerkartenauswahl weiterhin, wie in MOA-ID 1.5.1 im Kontext der
<td align="center">&nbsp;</td>
<td>Definiert ob die Online-Applikation dem &ouml;ffentlichen Bereich oder dem privatwirtschaftlichen Bereich (Business Service) zugeordnet ist. Ja nach Bereich sind unterschiedliche Konfigurationsparameter erforderlich.</td>
</tr>
- <tr>
- <td>STORK Applikation</td>
- <td>&nbsp;</td>
- <td align="center">X</td>
- <td align="center">X</td>
- <td>Definiert ob die Applikation eine STORK VIDP Applikation ist. Detailinformationen hierzu finden Sie im Kapitel <a href="#konfigurationsparameter_oa_stork">STORK</a>.</td>
- </tr>
</table>
<h4><a name="konfigurationsparameter_oa_general_public" id="uebersicht_zentraledatei_aktualisierung18"></a>3.2.1.1 &Ouml;ffentlicher Bereich</h4>
<p>Wurde die Online-Applikation einem &ouml;ffentlichen Bereich zugeordnet muss in weiterer Folge der zugeordnete Bereich definiert werden. Hierf&uuml;r stehen folgende Parameter zur Verf&uuml;gung.</p>
@@ -1585,8 +1585,8 @@ Soll die B&uuml;rgerkartenauswahl weiterhin, wie in MOA-ID 1.5.1 im Kontext der
<ul>
<li>FN: Die Stammzahl ist eine Firmenbuchnummer. (Beispiel: <em>FN468924i</em>)</li>
<li>ZVR: Die Stammzahl ist eine Vereinsnummer. (Beispiel: ZVR124572)</li>
- <li>ERSB: Die Stammzahl ist einer Kennzahl aus dem Erg&auml;nzungsregister f&uuml;r sonstige Betroffene (ERsB) (Beispiel: ERSB1425367879
- </li>
+ <li>ERSB: Die Stammzahl ist einer Kennzahl aus dem Erg&auml;nzungsregister f&uuml;r sonstige Betroffene (ERsB) (Beispiel: ERSB1425367879)</li>
+ <li>STORK: L&auml;ndercode dem der Service Provider zugeordnet werden kann. Wird f&uuml;r die Ableitung des STORK-eIdentifiers verwendet.</li>
</ul>
<table width="1250" border="1">
<tr>
@@ -1598,11 +1598,13 @@ Soll die B&uuml;rgerkartenauswahl weiterhin, wie in MOA-ID 1.5.1 im Kontext der
</tr>
<tr>
<td><span id="wwlbl_loadOA_generalOA_identificationType">Identifikationsnummer</span></td>
- <td><em>FN 468924i<br>
- ZVR124572</em></td>
+ <td><p><em>FN 468924i<br>
+ ZVR 124572<br>
+ STORK SI
+ </em></p></td>
<td align="center">&nbsp;</td>
<td align="center">&nbsp;</td>
- <td>Stammzahl eines privatwirtschaftlichen Unternehmens. Die Angabe erfolgt durch den Prefix des Bereichs aus dem die Stammzahl stammt und der eigentlichen Stammzahl.</td>
+ <td>Stammzahl eines privatwirtschaftlichen Unternehmens oder L&auml;ndercode des STORK Service-Providers bei Verwendung des Modules MOA-ID als <a href="#konfigurationsparameter_oa_protocol_vidp">STORK VIDP</a>. Die Angabe erfolgt durch den Prefix des Bereichs aus dem die Stammzahl stammt und der eigentlichen Stammzahl oder des L&auml;ndercodes im Falle von STORK.</td>
</tr>
</table>
@@ -1902,10 +1904,10 @@ Soll die B&uuml;rgerkartenauswahl weiterhin, wie in MOA-ID 1.5.1 im Kontext der
<p>Dieser Abschnitt dient zur Konfiguration des VIDP Modus des Modules MOA-ID-Auth. Die Konfiguration der nachfolgenden Parameter ist somit nur n&ouml;tig wenn die MOA-ID-Auth Instanz als STORK2 VIDP betrieben werden soll.</p>
<table width="1250" border="1">
<tr>
- <th scope="col">Name</th>
- <th scope="col">Beispielwert</th>
- <th scope="col">Optional</th>
- <th scope="col">Beschreibung</th>
+ <th width="185" scope="col">Name</th>
+ <th width="85" scope="col">Beispielwert</th>
+ <th width="66" scope="col">Optional</th>
+ <th width="886" scope="col">Beschreibung</th>
</tr>
<tr>
<td><p>VIDP Interface aktiv</p></td>
@@ -1914,12 +1916,6 @@ Soll die B&uuml;rgerkartenauswahl weiterhin, wie in MOA-ID 1.5.1 im Kontext der
<td><p>Stellt fest, ob das VIDP Interface aktiviert wird.</p></td>
</tr>
<tr>
- <td width="185"><p>Landesvorwahl</p></td>
- <td width="85">ES</td>
- <td width="66" align="center">X</td>
- <td width="886"><p>L&auml;ndercode in dem der Service Provider zugeordnet werden kann. Wird f&uuml;r die Ableitung des STORK-eIdentifiers verwendet.</p></td>
- </tr>
- <tr>
<td><p>Zustimmung f&uuml;r das Ausliefern der Attribute</p></td>
<td>&nbsp;</td>
<td align="center">X</td>
@@ -1983,20 +1979,18 @@ wenn die individuelle Security-Layer Transformation den Formvorschriften der Sp
</tr>
<tr>
<td>AuthblockText</td>
- <td>Mit meiner Anmeldung bestätige ich #NAME# am #DATE# um #TIME# die Übernahme aller meiner Zustellstücke.</td>
+ <td>Ich #NAME#, geboren am #BIRTHDAY# stimme am #DATE# um #TIME# einer Anmeldung mittels Single Sign-On zu.</td>
<td align="center">X</td>
- <td align="center">X</td>
- <td><p>Zus&auml;tzlicher online-applikationsspezifischer Text der in den AuthBlock eingetragen und somit von der BenutzerIn oder dem Benutzer signiert wird. Dieser Text, darf aus Buchstaben, Zahlen und Satzzeichen bestehen und wird direkt nach der &Uuml;berschrift &quot;Anmeldeinformationen&quot; in den Aufblock eingeblendet. Die folgenden Schl&uuml;sselw&ouml;rter k&ouml;nnen zus&auml;tzlich verwendet werden und werden w&auml;hrend des Anmeldevorgangs durch die entsprechenden Anmeldedaten ersetzt.</p>
+ <td align="center" valign="middle">X</td>
+ <td><p>Zus&auml;tzlicher Text der in den AuthBlock eingetragen und von der BenutzerIn oder dem Benutzer signiert wird. Dieser Text, darf aus Buchstaben, Zahlen und Satzzeichen bestehen und wird als direkt nach der &Uuml;berschrift &quot;Anmeldeinformationen&quot; in den Aufblock eingeblendet. Die folgenden Schl&uuml;sselw&ouml;rter k&ouml;nnen zus&auml;tzlich verwendet werden und werden w&auml;hrend des Anmeldevorgangs durch die entsprechenden Anmeldedaten ersetzt.</p>
<ul>
- <li>#NAME# wird ersetzt durch Vor- und Familienname (z.B. Max Mustermann)</li>
+ <li>#NAME# wird ersetzt durch Vor- und&nbsp;Familienname (z.B. Max Mustermann)</li>
+ <li>#BIRTHDAY# wird durch das Geburtsdatum ersetzt (z.B. 01.01.1978)</li>
<li>#DATE# wird ersetzt durch das aktuelle Datum (z.B. 05.02.2014)</li>
<li>#TIME# wird ersetzt durch die aktuelle Uhrzeit (z.B. 10:35)</li>
</ul>
- <p>Der nebenstehende Beispielwert w&uuml;rde somit zu folgendem Anmeldetext im AuthBlock f&uuml;hren:</p>
- <p><em>Mit meiner Anmeldung bestätige ich Max Mustermann am 05.02.2014 um 10:35 die Übernahme aller meiner Zustellstücke.</em></p>
- <p><strong>Hinweis:</strong> Diese Option steht in Kombination mit Single Sign-On nicht zur Verfügung, da bei Verwendung von Single Sign-On ein
- spezieller Single Sign-On AuthBlock verwendet wird (siehe <a href="#konfigurationsparameter_allgemein_sso">Kapitel 3.1.8</a>).</p>
- </td>
+ <p>Der nebenstehende Beispielwert w&uuml;rde somit zu folgendem Anmeldetext im AuthBlock f&uuml;hren:</p>
+ <p><em>Ich Max Mustermann, geboren am 01.01.1978 stimme am 05.02.2014 um 10:35 einer Anmeldung mittels Single Sign-On zu.</em></p></td>
</tr>
<tr>
<td>bPk/wbPk ausblenden</td>
diff --git a/id/server/doc/handbook/index.html b/id/server/doc/handbook/index.html
index 345c3af70..acab7517a 100644
--- a/id/server/doc/handbook/index.html
+++ b/id/server/doc/handbook/index.html
@@ -15,7 +15,7 @@
</table>
<hr/>
<p class="title">MOA-ID (Identifikation) </p>
- <p class="subtitle">&Uuml;bersicht zur Dokumentation der Version 2.0.1 </p>
+ <p class="subtitle">&Uuml;bersicht zur Dokumentation der Version 2.1.0 </p>
<hr/>
<dl>
<dt><a href="./intro/intro.html">Einf&uuml;hrung</a></dt>
@@ -26,6 +26,8 @@
<dd>Erl&auml;uterung aller Konfigurationsoptionen sowie Leitfaden f&uuml;r h&auml;ufige Konfigurationsaufgaben.</dd>
<dt><a href="./protocol/protocol.html">Protokolle</a></dt>
<dd>Erl&auml;uterung der unterst&uuml;tzen Authentifizierungsprotokolle.</dd>
+ <dt><a href="./interfederation/interfederation.html">Interfederation</a><a href="./interfederation/interfederation.html"></a></dt>
+ <dd>Dieser Abschnitt die Interfederation zwischen MOA-ID-Auth Services.</dd>
<dt><a href="./application/application.html">Anwendungen</a></dt>
<dd>Erl&auml;utert die Integration in bestehende Online-Applikationen und beschreibt die beigelegten Demo Applikationen</dd>
<dt><a href="./additional/additional.html">Zusatzinformationen</a></dt>
diff --git a/id/server/doc/handbook/install/install.html b/id/server/doc/handbook/install/install.html
index 3db04c197..ffd700a55 100644
--- a/id/server/doc/handbook/install/install.html
+++ b/id/server/doc/handbook/install/install.html
@@ -112,7 +112,7 @@
<dd> Entpacken Sie die Datei <code>moa-id-auth-2.0.0.zip</code> in ein beliebiges Verzeichnis. Dieses Verzeichnis wird im weiteren Verlauf als <code>$MOA_ID_AUTH_INST</code> bezeichnet. </dd>
<dt>Installation der Kryptographiebibliotheken von SIC/IAIK</dt>
<dd>
- <p>Kopieren Sie alle Dateien aus dem Verzeichnis <code>$MOA_SPSS_INST/ext</code> in das Verzeichnis <code>$JAVA_HOME/jre/lib/ext</code>. Zus&auml;tzlich m&uuml;ssen Sie die Rechtedateien Ihrer Java SE austauschen. Laden Sie dazu die passenden <span class="term">Unlimited Strength
+ <p>Kopieren Sie alle Dateien aus dem Verzeichnis <code>$MOA_ID_AUTH_INST/ext</code> in das Verzeichnis <code>$JAVA_HOME/jre/lib/ext</code>. Zus&auml;tzlich m&uuml;ssen Sie die Rechtedateien Ihrer Java SE austauschen. Laden Sie dazu die passenden <span class="term">Unlimited Strength
Jurisdiction Policy Files</span> von der <a href="http://java.com/download" target="_blank">Java SE Downloadseite </a>und achten Sie darauf die f&uuml;r ihre verwendete Java SE Installation richtige Version zu nehmen. Anschlie&szlig;end folgen Sie der darin enthaltenen Installationsanweisung. </p>
@@ -138,12 +138,12 @@
<p> Um die Module MOA-ID-Auth und MOA-ID-Configuratuion in Tomcat f&uuml;r den Einsatz vorzubereiten, sind folgende Schritte notwendig:</p>
<ul>
<li>Die Datei <code>$MOA_ID_AUTH_INST/moa-id_auth.war</code> enth&auml;lt das einsatzfertige MOA-ID-Auth Webarchiv und muss ins Verzeichnis <code>$CATALINA_HOME/webapps</code> kopiert werden. Dort wird sie beim ersten Start von Tomcat automatisch ins Verzeichnis <code>$CATALINA_HOME/webapps/moa-id-auth</code> entpackt. </li>
- <li>Die Konfigurationsdatei mit der Basiskonfiguration f&uuml;r MOA-ID-Auth und die zugeh&ouml;rigen Verzeichnisse m&uuml;ssen in ein beliebiges Verzeichnis im Dateisystem kopiert werden (z.B. <code>$CATALINA_HOME/conf/moa-id</code>). Eine funktionsf&auml;hige Konfiguration, die als Ausgangspunkt f&uuml;r die Basiskonfiguration des MOA-ID-Auth Modules dienen kann, finden Sie <a href="../../../conf/moa-id/moa-id.properties">hier</a>. <br>
+ <li>Die Konfigurationsdatei mit der Basiskonfiguration f&uuml;r MOA-ID-Auth und die zugeh&ouml;rigen Verzeichnisse m&uuml;ssen in ein beliebiges Verzeichnis im Dateisystem kopiert werden (z.B. <code>$CATALINA_HOME/conf/moa-id</code>). Eine funktionsf&auml;hige Konfiguration, die als Ausgangspunkt f&uuml;r die Konfiguration des MOA-ID-Auth Modules dienen kann, finden Sie <a href="../../../conf/moa-id/moa-id.properties">hier</a>. Diese funktionsf&auml;hige Konfiguration enth&auml;lt auch eine MOA-SPSS Konfiguration, da das Modul MOA-SPSS zurSignaturpr&uuml;fung im Modul MOA-ID-Auth verwendet wird.<br>
</li>
<li> Die Dateien <code>xalan.jar</code>, <code>xercesImpl.jar, serializer.jar </code> und <code>xml-apis.jar</code> aus dem Verzeichnis <code>$MOA_ID_AUTH_INST/endorsed</code> m&uuml;ssen in das Tomcat-Verzeichnis <code>$CATALINA_HOME/endorsed</code> (bzw. <code>$CATALINA_HOME/common/endorsed</code> bis Apache Tomcat Version 5.5) kopiert werden. Sind gleichnamige Dateien dort bereits vorhanden, m&uuml;ssen sie &uuml;berschrieben werden. Die ggf. in diesem Verzeichnis vorhandene Datei <code>xmlParserAPIs.jar</code> muss gel&ouml;scht werden. Sollte das Verzeichnis <code>endorsed</code> nicht vorhanden sein, dann muss dieses zuerst erstellt werden.</li>
- <li>Folgende <span class="term">System Properties</span> k&ouml;nnen gesetzt werden (wird beim Starten von Tomcat der <span class="term">Java Virtual Machine</span> in der Umgebungsvariablen <code>CATALINA_OPTS</code> in der Form <code>-D&lt;name&gt;=&lt;wert&gt;</code> &uuml;bergeben):
- <ul>
- <li id="klein"><code>moa.id.configuration</code>: Pfad und Name der Basiskonfigurationsdatei f&uuml;r MOA-ID-Auth. Eine beispielhafte Konfigurationsdatei fnden Sie <a href="../../../conf/moa-id/moa-id.properties">hier</a>. Wird ein relativer Pfad angegeben, wird dieser relativ zum Startverzeichnis der <span class="term">Java Virtual Machine</span> interpretiert.</li>
+ <li>Folgende <span class="term">System Properties</span> k&ouml;nnen gesetzt werden (wird beim Starten von Tomcat der <span class="term">Java Virtual Machine</span> in der Umgebungsvariablen <code>CATALINA_OPTS</code> in der Form <code>-D&lt;name&gt;=&lt;wert&gt;</code> &uuml;bergeben). Eine Beispielkonfiguration in welcher diese Umgebungsvariablen gesetzt werden finden Sie <a href="../../../deploy/tomcat/">hier</a>.
+<ul>
+ <li id="klein"><code>moa.id.configuration</code>: Pfad und Name der Basiskonfigurationsdatei f&uuml;r MOA-ID-Auth. Eine beispielhafte Konfigurationsdatei fnden Sie <a href="../../../deploy/conf/moa-id/moa-id.properties">hier</a>. Wird ein relativer Pfad angegeben, wird dieser relativ zum Startverzeichnis der <span class="term">Java Virtual Machine</span> interpretiert.</li>
<li><code>moa.spss.server.configuration</code>: Pfad und Name der zentralen Konfigurationsdatei f&uuml;r MOA SP/SS. Eine beispielhafte Konfigurationsdatei finden Sie <a href="../../../conf/moa-spss/SampleMOASPSSConfiguration.xml">hier</a>. Wird ein relativer Pfad angegeben, wird dieser relativ zum Startverzeichnis der <span class="term">Java Virtual Machine</span> interpretiert. Ist diese <span class="term">System Property</span> nicht gesetzt, wird automatisch eine im Webarchiv unter <code>WEB-INF/conf</code> enthaltene Default-Konfiguration herangezogen.</li>
<li><code>eu.stork.samlengine.config.location</code>: Pfad auf den Ordner mit den zentralen Konfigurationsdateien f&uuml;r STORK. Die Beispielkonfiguration f&uuml;r das Modul MOA-ID-Auth enth&auml;lt bereits den<a href="../../../conf/moa-id/stork/"> Ordner f&uuml;r die STORK Konfiguration</a>. </li>
<li id="klein"><code>log4j.configuration</code>: URL der Log4j Konfigurationsdatei. Eine beispielhafte Log4j-Konfiguration finden Sie <a href="../../../conf/moa-id/log4j.properties">hier</a>. Wird eine relative URL angegeben, wird diese als File-URL relativ zum Startverzeichnis der <span class="term">Java Virtual Machine</span> interpretiert. Ist diese <span class="term">System Property</span> nicht gesetzt, wird automatisch eine im Webarchiv unter <code>WEB-INF/classes</code> enthaltene Default-Konfiguration herangezogen.</li>
diff --git a/id/server/doc/handbook/interfederation/interfederation.html b/id/server/doc/handbook/interfederation/interfederation.html
new file mode 100644
index 000000000..b67124806
--- /dev/null
+++ b/id/server/doc/handbook/interfederation/interfederation.html
@@ -0,0 +1,73 @@
+<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">
+<html>
+<head>
+ <meta http-equiv="content-type" content="text/html; charset=ISO-8859-1" >
+ <title>MOA-ID - Protokolle</title>
+ <link rel="stylesheet" href="../common/MOA.css" type="text/css">
+</head>
+<body link="#990000">
+ <table class="logoTable" width="100%" border="0" cellspacing="0" cellpadding="10">
+ <tr>
+ <td align="center" class="logoTitle" width="267"><img src="../common/LogoBKA.png" alt="Logo BKA" width="267" height="37" align="left"></td>
+ <td align="center" class="logoTitle">Dokumentation</td>
+ <td align="center" class="logoTitle" width="123"><img src="../common/LogoEGIZ.png" alt="Logo EGIZ" width="230" height="81" align="right"></td>
+ </tr>
+ </table>
+ <hr/>
+ <p class="title"><a href="../index.html">MOA-ID (Identifikation) </a></p>
+<p class="subtitle">Interfederation</p>
+ <hr/>
+<h1>Inhalt</h1>
+ <ol>
+ <li><a href="#allgemeines">Allgemeines</a>
+ <ol>
+ <li>. </li>
+ </ol>
+ </li>
+</ol>
+ <p>&nbsp;</p>
+ <h1>Allgemeines</h1>
+ <p>Ab der Version 2.0.2 des Modulepackets MOA-ID unterst&uuml;tzt das Modul MOA-ID-Auth Single Sign-On Interfederation zwischen Instanzen des Modules MOA-ID-Auth, welche bei unterschiedlichen Service Providern betrieben werden. Die nachfolgende Abbildung zeigt das Blockdiagramm einer solchen Systemkonfiguration und beschreibt die Funktionalit&auml;t auf einer abstrakten Ebene.</p>
+ <p>&nbsp;</p>
+ <p>&nbsp;</p>
+ <p>&nbsp; </p>
+ <p>&nbsp;</p>
+<h1><a name="referenzierte_spezifikation" id="uebersicht_zentraledatei_aktualisierung30"></a>A Referenzierte Spezifikation</h1>
+<table class="fixedWidth" border="1" cellpadding="2">
+ <tbody>
+ <tr>
+ <th>Spezifikation</th>
+ <th>Link</th>
+ </tr>
+ <tr id="sl">
+ <td><p>Security Layer Spezifikation V1.2.0</p></td>
+ <td><a href="http://www.buergerkarte.at/konzept/securitylayer/spezifikation/20140114/">http://www.buergerkarte.at/konzept/securitylayer/spezifikation/20140114/</a></td>
+ </tr>
+ <tr>
+ <td>PVP 2.1 S-Profil Spezifikation</td>
+ <td><a href="http://reference.e-government.gv.at/uploads/media/PVP2-S-Profil_2_0_0_a-2011-08-31.pdf">http://reference.e-government.gv.at/uploads/media/PVP2-S-Profil_2_0_0_a-2011-08-31.pdf</a></td>
+ </tr>
+ <tr>
+ <td>OpenID Connect</td>
+ <td><a href="http://openid.net/connect/">http://openid.net/connect/</a></td>
+ </tr>
+ <tr>
+ <td>STORK 2</td>
+ <td>@TODO Link</td>
+ </tr>
+ <tr>
+ <td>Metadata for the OASIS Security Assertion Markup Language (SAML) V2.0</td>
+ <td><a href="#http://docs.oasis-open.org/security/saml/v2.0/saml-metadata-2.0-os.pdf">http://docs.oasis-open.org/security/saml/v2.0/saml-metadata-2.0-os.pdf</a></td>
+ </tr>
+ <tr>
+ <td>Assertions and Protocols for the OASIS Security Assertion Markup Language (SAML) V2.0</td>
+ <td><a href="http://docs.oasis-open.org/security/saml/v2.0/saml-core-2.0-os.pdf">http://docs.oasis-open.org/security/saml/v2.0/saml-core-2.0-os.pdf</a></td>
+ </tr>
+ <tr>
+ <td>Assertions and Protocols for the OASIS Security Assertion Markup Language (SAML) V1.1</td>
+ <td><a href="https://www.oasis-open.org/committees/download.php/3406/oasis-sstc-saml-core-1.1.pdf">https://www.oasis-open.org/committees/download.php/3406/oasis-sstc-saml-core-1.1.pdf</a></td>
+ </tr>
+ </tbody>
+</table>
+</body>
+</html>
diff --git a/id/server/doc/handbook/intro/Blockdiagramm.png b/id/server/doc/handbook/intro/Blockdiagramm.png
index f5bdb9e3a..1490530ea 100644
--- a/id/server/doc/handbook/intro/Blockdiagramm.png
+++ b/id/server/doc/handbook/intro/Blockdiagramm.png
Binary files differ
diff --git a/id/server/doc/handbook/intro/anmeldeablauf.png b/id/server/doc/handbook/intro/anmeldeablauf.png
index a6af21c5f..59bdefe62 100644
--- a/id/server/doc/handbook/intro/anmeldeablauf.png
+++ b/id/server/doc/handbook/intro/anmeldeablauf.png
Binary files differ
diff --git a/id/server/doc/handbook/intro/intro.html b/id/server/doc/handbook/intro/intro.html
index ffa3c37a4..9b42c9e7a 100644
--- a/id/server/doc/handbook/intro/intro.html
+++ b/id/server/doc/handbook/intro/intro.html
@@ -41,7 +41,7 @@
<ol>
<li><u>CORE LOGIC</u>: Diese Komponente ist die zentrale Logik zur Steuerung der einzelnen Prozesse innerhalb MOA-ID 2.x.</li>
<li><u>Protocol Adapter</u>: Stellt die in MOA-ID 2.x unterst&uuml;tzten <a href="../protocol/protocol.html">Authentifizierungsprotokolle</a> f&uuml;r die Anbindung von Service Providern zur Verf&uuml;gung.</li>
- <li><u>Auth Sources</u>: Stellt die von MOA-ID 2.x unterst&uuml;tzte Identifikationsmechanismen zur Verf&uuml;gung. Dies sind die &ouml;sterreichische B&uuml;rgerkarte oder Handy-Signatur sowie die Anmeldung ausl&auml;ndischer Personen mit Hilfe des STORK Protokoll.</li>
+ <li><u>Auth Sources</u>: Stellt die von MOA-ID 2.x unterst&uuml;tzte Identifikationsmechanismen zur Verf&uuml;gung. Dies sind die &ouml;sterreichische B&uuml;rgerkarte oder Handy-Signatur, die Anmeldung ausl&auml;ndischer Personen mit Hilfe des STORK Protokoll oder mittels Single Sign-On von einem weiteren vertrauensw&uuml;rdigen Identity Provider (Interfederation).</li>
<li><u>Template Generator</u>: Der Template Generator erzeugt f&uuml;r Service Provider die entsprechenden Login-Masken f&uuml;r die Integration in die eigene Web-Applikation.</li>
<li><u>SSO Module</u>: Das Single Sign-On (SSO) Modul verwaltet die zus&auml;tzlichen Operationen die sich aus der Umsetzung von SSO ergeben. Dies umfasst im Besonderen das SSO Session-Management.</li>
<li><u>Statistic Module</u>: Dieses Modul dient zur Generierung von anonymisierten Statistikdaten aus den Anmeldeinformationen. </li>
@@ -56,8 +56,8 @@
<h3><a name="allgemeines_service_szrgw" id="allgemeines_service3"></a>1.1.2 Ausl&auml;ndische B&uuml;rger</h3>
<p> Ab der MOA-ID Release 1.4.7 ist es m&ouml;glich, dass sich auch ausl&auml;ndische B&uuml;rger mittels MOA-ID einloggen k&ouml;nnen. Hierzu wird eine Verbindung zu einem sogenannten Stammzahlenregister-Gateway aufgebaut, dass basierend auf den Zertifikatsdaten des ausl&auml;ndischen B&uuml;rgers eine Eintragung im Erg&auml;nzungsregister f&uuml;r nat&uuml;rliche Personen gem&auml;&szlig; E-Government Gesetz &sect;6(5) vornimmt. Somit ist es m&ouml;glich, dass eine Personenbindung ausgestellt werden kann, die in weitere Folge an MOA-ID weitergeleitet wird. Der Zugang zu diesem Stammzahlenregister-Gateway ist &uuml;ber eine Client-Server Authentifizierung abgesichert. Als Client-Zertifikate werden Zertifikate der Firmen A-Trust bzw. A-CERT, die mit der Verwaltungs- oder Dienstleistereigenschaft versehen sind, akzeptiert. </p>
<h1><a name="moaidauth" id="moaidauth"></a>2 MOA-ID-Auth</h1>
-<p>Das Modul MOA-ID-Auth dient der Identifizierung und Authentifizierung im Rahmen eines Anmeldevorgangs an einer Online-Applikation. Die Identifizierung und Authentifizierung erfolgt mit B&uuml;rgerkartem, Handy-Signatur oder f&uuml;r aus&auml;ndische Personen mittels STORK.</p>
-<p>Die Funktionalit&auml;t und der Aufbau der Schnittstellen des Modules MOA-ID-Auth in Richtung Online-Applikation wird im Kapitel <a href="../protocol/protocol.html">Protokolle</a> beschriebe.
+<p>Das Modul MOA-ID-Auth dient der Identifizierung und Authentifizierung im Rahmen eines Anmeldevorgangs an einer Online-Applikation. Die Identifizierung und Authentifizierung erfolgt mit B&uuml;rgerkartem, Handy-Signatur oder f&uuml;r ausl&auml;ndische Personen mittels STORK.</p>
+<p>Die Funktionalit&auml;t und der Aufbau der Schnittstellen des Modules MOA-ID-Auth in Richtung Online-Applikation wird im Kapitel <a href="../protocol/protocol.html">Protokolle</a> beschrieben.
<p>F&uuml;r den Betrieb von MOA-ID-Auth ist der Einsatz von MOA-Signaturpr&uuml;fung (MOA-SP) erforderlich.</p>
<h2><a name="ablauf" id="ablauf"></a> 2.1 Ablauf einer Anmeldung</h2>
<p>Die nachfolgende Grafik beschreibt den Ablauf eines Abmeldevorgangs an einer Online-Applikation mit Hilfe von MOA-ID-Auth unter Verwendung der B&uuml;rgerkarte oder der Handy-Signatur.</p>
diff --git a/id/server/doc/handbook/protocol/protocol.html b/id/server/doc/handbook/protocol/protocol.html
index 5055a4325..40277aa6b 100644
--- a/id/server/doc/handbook/protocol/protocol.html
+++ b/id/server/doc/handbook/protocol/protocol.html
@@ -23,6 +23,14 @@
<ol>
<li><a href="#allgemeines_zugangspunkte">&Uuml;bersicht der Zugangspunkte</a></li>
<li><a href="#allgemeines_attribute">&Uuml;bersicht der m&ouml;glichen Attribute</a></li>
+ <li><a href="#statuscodes">&Uuml;bersicht der m&ouml;glichen MOA-ID spezifischen Statuscodes</a>
+<ol>
+ <li><a href="#statuscodes_1xxxx">Statuscodes 1xxxx</a></li>
+ <li><a href="#statuscodes_4xxxx">Statuscodes 4xxxx</a></li>
+ <li><a href="#statuscodes_6xxxx">Statuscodes 6xxxx</a></li>
+ <li><a href="#statuscodes_9xxxx">Statuscodes 9xxxx</a></li>
+ </ol>
+ </li>
<li><a href="#allgemeines_sso">Single Sign-On</a></li>
<li><a href="#allgemeines_ssologout">SSO Logout </a></li>
<li><a href="#allgemeines_legacy">Legacy Request (B&uuml;rgerkartenauswahl beim Service Provider)</a></li>
@@ -35,7 +43,7 @@
<li><a href="#pvp21_binding">Zugangspunkte</a>
<ol>
<li><a href="#2.3.1 Authentifizierungsrequest">Authentifizierungsrequest</a></li>
- <li><a href="#pvp21_binding_response">Authentifizierungsrespon</a></li>
+ <li><a href="#pvp21_binding_response">Authentifizierungsresponse</a></li>
</ol>
</li>
</ol>
@@ -50,6 +58,7 @@
<li><a href="#openid_req_authnresp">AuthCode Response</a></li>
<li><a href="#openid_req_tokenreq">AccessToken Request</a></li>
<li><a href="#openid_req_tokenresp">AccessToken Response</a></li>
+ <li><a href="#openid_req_errorresponse">Error Response</a></li>
</ol>
</li>
</ol>
@@ -486,7 +495,328 @@ Redirect Binding</td>
<p><strong>Hinweis:</strong> Dieses Attribut steht nur bei einer Anmeldung mittels STORK zur Verf&uuml;gung.</p></td>
</tr>
</table>
-<h2><a name="allgemeines_sso" id="allgemeines_zugangspunkte3"></a>1.3 Single Sign-On</h2>
+<h2><a name="statuscodes" id="allgemeines_zugangspunkte6"></a>1.3 &Uuml;bersicht der m&ouml;glichen MOA-ID spezifischen Statuscodes</h2>
+<p>Vom Modul MOA-ID-Auth werden verschiedene Authentifizierungsprotololle wobei diese Protokolle die Fehlerr&uuml;ckgabe unterschiedlich spezifizieren. Zus&auml;tzlich zu den protokolabh&auml;ngigen Statuscodes (<a href="#referenzierte_spezifikation">siehe Spezifikation des jeweiligen Protokolls</a>) werden zus&auml;tzliche protokollunabh&auml;ngige Statuscodes an den Service Provider zur&uuml;ckgeliefert, wobei sich das Format der Fehlerr&uuml;ckgabe jedoch weiterhin protokolspezifisch ist.</p>
+<p>Die nachfolgende Tabelle zeigt alle protokollunabh&auml;ngigen Statuscodes welche vom Modul MOA-ID-Auth zur&uuml;ckgeliefert werden k&ouml;nnen.</p>
+<h3><a name="statuscodes_1xxxx" id="allgemeines_zugangspunkte7"></a>1.3.1 Statuscodes 1xxxx</h3>
+<p>Alle Statuscodes beginnent mit der Zahl eins beschreiben Fehler welche w&auml;hrend des Identifizerungs- und Authentifizierungsvorgangs aufgetreten sind.</p>
+<h4><a name="statuscodes_10xxx" id="allgemeines_zugangspunkte11"></a>1.3.1.1 Authentifizierung (10xxx)</h4>
+<table width="1237" border="1">
+ <tr>
+ <th width="214" scope="col">Statuscode</th>
+ <th width="1007" scope="col">Beschreibung</th>
+ </tr>
+ <tr>
+ <td>1000</td>
+ <td>Anmeldung an der angeforderten Online-Applikation wird nicht unterst&uuml;tzt.</td>
+ </tr>
+ <tr>
+ <td>1001</td>
+ <td>Es ist bereits eine Anmeldung im Gange.</td>
+ </tr>
+ <tr>
+ <td>1002</td>
+ <td>Fehlerhafter Parameter</td>
+ </tr>
+ <tr>
+ <td>1003</td>
+ <td>Anfrage nur &uuml;ber https m&ouml;glich</td>
+ </tr>
+ <tr>
+ <td>1004</td>
+ <td>Zertifikat konnte nicht ausgelesen werden</td>
+ </tr>
+ <tr>
+ <td>1005</td>
+ <td>Die Authentifizierung wurde durch den Benutzer abgebrochen</td>
+ </tr>
+ <tr>
+ <td>1006</td>
+ <td>Vollmachtsmodus f&uuml;r nicht-&ouml;ffentlichen Bereich wird nicht unterst&uuml;tzt.</td>
+ </tr>
+ <tr>
+ <td>1007</td>
+ <td>Vollmachtsmodus f&uuml;r ausl&auml;ndische Personen wird nicht unterst&uuml;tzt.</td>
+ </tr>
+</table>
+<h4><a name="statuscodes_11xxx" id="allgemeines_zugangspunkte12"></a>1.3.1.2 Validierung (11xxx)</h4>
+<table width="1237" border="1">
+ <tr>
+ <th width="214" scope="col">Statuscode</th>
+ <th width="1007" scope="col">Beschreibung</th>
+ </tr>
+ <tr>
+ <td>1100</td>
+ <td>Ung&uuml;ltige MOA SessionID</td>
+ </tr>
+ <tr>
+ <td>1101</td>
+ <td>Fehler beim Parsen eines Parameters</td>
+ </tr>
+ <tr>
+ <td>1102</td>
+ <td>Fehler beim Validieren der Personenbindung</td>
+ </tr>
+ <tr>
+ <td>1103</td>
+ <td>Signatur ung&uuml;ltig</td>
+ </tr>
+ <tr>
+ <td>1104</td>
+ <td>Zertifikat der Personenbindung ung&uuml;ltig</td>
+ </tr>
+ <tr>
+ <td>1105</td>
+ <td>Zertifikat der Signature ung&uuml;ltig</td>
+ </tr>
+ <tr>
+ <td>1106</td>
+ <td>Fehler beim Validieren des AuthBlocks</td>
+ </tr>
+ <tr>
+ <td>1107</td>
+ <td>Fehler beim Validieren eines SSL-Server-Endzertifikates</td>
+ </tr>
+ <tr>
+ <td>1108</td>
+ <td>Fehler beim Validieren der Online Vollmacht.</td>
+ </tr>
+ <tr>
+ <td>1109</td>
+ <td>Fehler beim validieren der SZR-Gateway Response</td>
+ </tr>
+</table>
+<h4><a name="statuscodes_12xxx" id="allgemeines_zugangspunkte13"></a>1.3.1.3 STORK (12xxx)</h4>
+<table width="1237" border="1">
+ <tr>
+ <th width="214" scope="col">Statuscode</th>
+ <th width="1007" scope="col">Beschreibung</th>
+ </tr>
+ <tr>
+ <td>1200</td>
+ <td>Fehler beim erstellen des STORK Authentifizierungsrequests</td>
+ </tr>
+ <tr>
+ <td>1201</td>
+ <td>Fehler beim validieren der STORK Authentifizierungsresponse</td>
+ </tr>
+ <tr>
+ <td>1202</td>
+ <td>STORK Authentifizierungsresponse antwortet mit einem Fehler</td>
+ </tr>
+ <tr>
+ <td>1203</td>
+ <td>Fehler beim Sammeln von STORK Attributen</td>
+ </tr>
+</table>
+<h3><a name="statuscodes_4xxxx" id="allgemeines_zugangspunkte8"></a>1.3.2 Statuscodes 4xxxx</h3>
+<p>Alles Statuscodes beginnent mit der Zahl vier beschreiben Fehler die w&auml;hrend der Kommunikation mit externen Services aufgetreten sind.</p>
+<h4><a name="statuscodes_40xxx" id="allgemeines_zugangspunkte19"></a>1.3.2.1 BKU (40xxxx)</h4>
+<p>Tritt w&auml;hrend des Anmeldevorgangs in der B&uuml;rgerkartenumgebung ein Fehler auf so wird der entsprechende Fehlercode an den Service Provider weitergereicht. Der der durch das Modul MOA-ID-Auth weitergereichte Statuscode f&uuml;r B&uuml;rgerkartenumgebungsfehler wei&szlig;t das folgende zweiteilige Format auf. Der erste Teil, bestehend aus zwei Dezimalstellen, kennzeichnet den Fehler als Fehler als B&uuml;rgerkartenumgebungsfehler. Der zweite Teil, bestehend aus vier Dezimalstellen bezeichnet den eindeutigen Identifikator des Fehers aus der B&uuml;rgerkartenumgebung (<a href="#referenzierte_spezifikation">siehe SecurityLayer Spezifikation</a>). </p>
+<p align="right"><em>{40}{xxxxx}</em></p>
+<blockquote>
+ <p>{40} ... MOA-ID Statuscode f&uuml;r Fehler aus der B&uuml;rgerkartenumgebung</p>
+ <p>{xxxx} .... Fehlercode der B&uuml;rgerkartenumgebung.</p>
+</blockquote>
+<h4><a name="statuscodes_41xxx" id="allgemeines_zugangspunkte20"></a>1.3.2.2 MIS (41xxxx)</h4>
+<p>Tritt w&auml;hrend der Kommunikation mit dem Online-Vollmachten Service oder der Vollmachtsauswahl ein Fehler auf so wird der entsprechende Fehlercode an den Service Provider weitergereicht. Der der durch das Modul MOA-ID-Auth weitergereichte Statuscode f&uuml;r Fehler aus dem Online-Vollmachten Service wei&szlig;t das folgende zweiteilige Format auf. Der erste Teil, bestehend aus drei Dezimalstellen, kennzeichnet den Fehler als Fehler als Online-Vollmachten Service Fehler. Der zweite Teil, bestehend aus drei Dezimalstellen bezeichnet den eindeutigen Identifikator des Fehlers aus dem Online-Vollmachten Service (<a href="#referenzierte_spezifikation">siehe Online-Vollmachten Spezifikation</a>). </p>
+<p><em>{411}{xxxx}</em></p>
+<blockquote>
+ <p>{411} ... MOA-ID Statuscode f&uuml;r Fehler aus dem Online-Vollmachten Service.</p>
+ <p>{xxx} .... Fehlercode des Online-Vollmachten Service.</p>
+</blockquote>
+<p>Zus&auml;tzlich zu den gemappeden Fehlern aus dem Online-Vollmachen Service werden zus&auml;tzliche weitere Fehlercodes definiert.</p>
+<table width="1237" border="1">
+ <tr>
+ <th width="214" scope="col">Statuscode</th>
+ <th width="1007" scope="col">Beschreibung</th>
+ </tr>
+ <tr>
+ <td>41000</td>
+ <td>Das Online-Vollmachten Service ist nicht erreichbar</td>
+ </tr>
+ <tr>
+ <td>41001</td>
+ <td>Allgemeiner Fehler bei der Kommunikation mit dem Online-Vollmachten Service</td>
+ </tr>
+</table>
+<h4><a name="statuscodes_42xxx" id="allgemeines_zugangspunkte21"></a>1.3.2.3 SZR-Gateway (42xxx)</h4>
+<table width="1237" border="1">
+ <tr>
+ <th width="214" scope="col">Statuscode</th>
+ <th width="1007" scope="col">Beschreibung</th>
+ </tr>
+ <tr>
+ <td>4200</td>
+ <td>Das SZR-Gateway Service ist nicht erreichbar</td>
+ </tr>
+ <tr>
+ <td>4201</td>
+ <td>Die Antragung in das SZR ist fehlgeschlagen</td>
+ </tr>
+</table>
+<h4><a name="statuscodes_43xxx" id="allgemeines_zugangspunkte22"></a>1.3.2.4 MOA SP/SS(43xxx)</h4>
+<table width="1237" border="1">
+ <tr>
+ <th width="214" scope="col">Statuscode</th>
+ <th width="1007" scope="col">Beschreibung</th>
+ </tr>
+ <tr>
+ <td>4300</td>
+ <td>Fehler beim Aufruf von MOA SP/SS</td>
+ </tr>
+</table>
+<h4><a name="statuscodes_44xxx" id="allgemeines_zugangspunkte23"></a>1.3.2.5 Interfederation (44xxx)</h4>
+<table width="1237" border="1">
+ <tr>
+ <th width="214" scope="col">Statuscode</th>
+ <th width="1007" scope="col">Beschreibung</th>
+ </tr>
+ <tr>
+ <td>4400</td>
+ <td>Fehler beim generieren der Anmeldedaten</td>
+ </tr>
+</table>
+<h3><a name="statuscodes_6xxxx" id="allgemeines_zugangspunkte9"></a>1.3.3 Statuscodes 6xxxx</h3>
+<p>Alles Statuscodes beginnent mit der Zahl sechs beschreiben protokolspezifische Fehler die nicht durch das jeweilige Authentifizierungsprotokoll abgebildet werden.</p>
+<h4><a name="statuscodes_61xxx" id="allgemeines_zugangspunkte24"></a>1.3.3.1 Allgemein (61xxx)</h4>
+<table width="1237" border="1">
+ <tr>
+ <th width="214" scope="col">Statuscode</th>
+ <th width="1007" scope="col">Beschreibung</th>
+ </tr>
+ <tr>
+ <td>6000</td>
+ <td>Das Authentifizierungsprotokoll wurde nicht erkannt oder wird nicht unterst&uuml;zt</td>
+ </tr>
+ <tr>
+ <td>6001</td>
+ <td>Der STORK Request wurde nicht erkannt oder wird nicht unterst&uuml;zt</td>
+ </tr>
+</table>
+<h4><a name="statuscodes_61xxx" id="allgemeines_zugangspunkte16"></a>1.3.3.2 PVP 2.1 (61xxx)</h4>
+<table width="1237" border="1">
+ <tr>
+ <th width="214" scope="col">Statuscode</th>
+ <th width="1007" scope="col">Beschreibung</th>
+ </tr>
+ <tr>
+ <td>6100</td>
+ <td>Fehler beim erstellen der PVP 2.1 Response</td>
+ </tr>
+ <tr>
+ <td>6101</td>
+ <td>Fehler beim verschl&uuml;sseln der PVP 2.1 Assertion</td>
+ </tr>
+ <tr>
+ <td>6102</td>
+ <td>Authentifizierung entspricht nicht dem geforderten QAA Level</td>
+ </tr>
+ <tr>
+ <td>6103</td>
+ <td>F&uuml;r die im Requst angegebene EnityID konnten keine g&uuml;ltigen Metadaten gefunden werden</td>
+ </tr>
+ <tr>
+ <td>6104</td>
+ <td>Die Signatur des Requests konnte nicht g&uuml;ltig validiert werden. Entweder ist die Signatur ung&uuml;ltig oder das Signaturzertifikat stimmt nicht mit dem in den Metadaten hinterlegten Zertifikat &uuml;berein.</td>
+ </tr>
+ <tr>
+ <td>6105</td>
+ <td>Der Request konnte nicht g&uuml;ltig validiert werden.</td>
+ </tr>
+</table>
+<h4><a name="statuscodes_62xxx" id="allgemeines_zugangspunkte17"></a>1.3.3.3 OpenID Connect (62xxx)</h4>
+<table width="1237" border="1">
+ <tr>
+ <th width="214" scope="col">Statuscode</th>
+ <th width="1007" scope="col">Beschreibung</th>
+ </tr>
+ <tr>
+ <td>6200</td>
+ <td>Fehlerhafte redirect url</td>
+ </tr>
+</table>
+<h4><a name="statuscodes_63xxx" id="allgemeines_zugangspunkte18"></a>1.3.3.4 SAML 1(63xxx)</h4>
+<table width="1237" border="1">
+ <tr>
+ <th width="214" scope="col">Statuscode</th>
+ <th width="1007" scope="col">Beschreibung</th>
+ </tr>
+ <tr>
+ <td>6300</td>
+ <td>Fehlerhaftes SAML Artifact Format</td>
+ </tr>
+</table>
+<h3><a name="statuscodes_9xxxx" id="allgemeines_zugangspunkte10"></a>1.3.4 Statuscodes 9xxxx</h3>
+<p>Alles Statuscodes beginnent mit der Zahl neun beschreiben interne Serverfehler.</p>
+<h4><a name="statuscodes_90xxx" id="allgemeines_zugangspunkte14"></a>1.3.4.1 Konfigurationsfehler (90xxx)</h4>
+<table width="1237" border="1">
+ <tr>
+ <th width="214" scope="col">Statuscode</th>
+ <th width="1007" scope="col">Beschreibung</th>
+ </tr>
+ <tr>
+ <td>9000</td>
+ <td>Fehlerhaftes BKU-Selection Template</td>
+ </tr>
+ <tr>
+ <td>9001</td>
+ <td>Fehlerhaftes Send-Assertion Template</td>
+ </tr>
+ <tr>
+ <td>9002</td>
+ <td>Fehlerhaftes SecurityLayer Template.</td>
+ </tr>
+ <tr>
+ <td>9003</td>
+ <td>Fehlerhafte STORK VIDP Konfiguration</td>
+ </tr>
+ <tr>
+ <td>9004</td>
+ <td>Fehlerhafte STORK Konfiguration</td>
+ </tr>
+ <tr>
+ <td>9005</td>
+ <td>Fehlerhafte OpenID Connect Konfiguration</td>
+ </tr>
+ <tr>
+ <td>9006</td>
+ <td>Es sind keine Vollmachtsprofile konfiguriert.</td>
+ </tr>
+ <tr>
+ <td>9007</td>
+ <td>Der SZR-Gateway Client konnte nicht initialisiert werden.</td>
+ </tr>
+</table>
+<h4><a name="statuscodes_91xxx" id="allgemeines_zugangspunkte15"></a>1.3.4.2 Interne Fehler (91xxx)</h4>
+<table width="1237" border="1">
+ <tr>
+ <th width="214" scope="col">Statuscode</th>
+ <th width="1007" scope="col">Beschreibung</th>
+ </tr>
+ <tr>
+ <td>9100</td>
+ <td>Fehler beim einlesen einer externen Resource.</td>
+ </tr>
+ <tr>
+ <td>9101</td>
+ <td>Datenbankzugriffsfehler</td>
+ </tr>
+ <tr>
+ <td>9102</td>
+ <td>Fehler beim Erzeugen einer internen Datenstruktur</td>
+ </tr>
+ <tr>
+ <td>9103</td>
+ <td>Fehler bei der Verarbeitung eines Templates</td>
+ </tr>
+ <tr>
+ <td>9199</td>
+ <td>Allgemeiner interner Fehler</td>
+ </tr>
+</table>
+<p>&nbsp;</p>
+<h2><a name="allgemeines_sso" id="allgemeines_zugangspunkte3"></a>1.4 Single Sign-On</h2>
<p>Das Modul MOA-ID-Auth unterst&uuml;tzt ab der Version 2.0 Single Sign-On (SSO), wobei diese Funktionalit&auml;t unabh&auml;ngig vom verwendeten Protokoll ist. Bei Verwendung von SSO muss sich der Benutzer nur ein Mal bei MOA-ID-Auth authentifizieren und danach steht die authentifizierte Session f&uuml;r die BenutzerIn oder den Benutzer f&uuml;r weitere Anmeldevorg&auml;nge ohne weitere Authentifizierung mittels B&uuml;rgerkarte, Handy-Signatur oder STORK zur Verf&uuml;gung. Die SSO Session kann danach durch <a href="#allgemeines_ssologout">die BenutzerIn oder den Benutzer beendet</a> werden, oder sie wird von MOA-ID-Auth nach der <a href="./../config/config.html#konfigurationsparameter_allgemein_timeouts">maximal erlaubten Sessionzeit</a> serverseitig beendet. </p>
<p>Das nachfolgende Sequenzdiagramm zeigt eine Anmeldung mittels Single Sign-On an zwei Online-Applikationen unter Verwendung von PVP 2.1. Aus Gr&uuml;nden der &Uuml;bersichtlichkeit wurden die Teile welche die Kommunikation mit der B&uuml;rgerkartenumgebung, die Vollmachten-Auswahl oder den Metadatenaustausch betreffen bewusst nicht ber&uuml;cksichtigt.</p>
<p><img src="sso_sequence.png" width="1095" height="978" alt="Sequenzdiagramm einer Anmeldung mittels Single Sign-On"></p>
@@ -515,7 +845,7 @@ Redirect Binding</td>
<li>Ist die Validierung der Assertion erfolgreich wird die BenutzerIn oder der Benutzer an der Online-Applikation 2 angemeldet</li>
</ol>
<p>Zus&auml;tzliche Informationen zur Konfiguration und die sich daraus ergebenden Anforderungen oder Einschr&auml;nkungen finden sie <a href="./../config/config.html#konfigurationsparameter_allgemein_sso">hier</a>.</p>
-<h2><a name="allgemeines_ssologout" id="allgemeines_zugangspunkte5"></a>1.4 SSO Logout </h2>
+<h2><a name="allgemeines_ssologout" id="allgemeines_zugangspunkte5"></a>1.5 SSO Logout </h2>
<p>Das Modul MOA-ID-Auth stellt ein einfaches Service zur Beendigung einer bestehenden Single Sign-On Session zur Verf&uuml;gung. Nach dem Aufruf dieses Service aus dem Browser des Users wird eine bestehende SSO Session beendet und anschlie&szlig;end wird die BenutzerIn oder der Benutzer an eine im LogOut Request angegebene URL weitergeleitet. </p>
<p>Das SSO Logout Service steht unter folgender URL zur Verf&uuml;gung und ben&ouml;tigt einen http GET Parameter:</p>
<pre>http://&lt;host&gt;:&lt;port&gt;/moa-id-auth/LogOut
@@ -543,7 +873,7 @@ https://&lt;host&gt;:&lt;port&gt;/moa-id-auth/LogOut
<pre>https://demo.egiz.gv.at/moa-id-auth/LogOut?redirect=https://demo.egiz.gv.at/demoportal-openID_demo
</pre>
<p><strong>Hinweis:</strong> Dieses Service bietet jedoch NICHT eine vollst&auml;ndige Single Log-Out Funktionalit&auml;t wie sie im SAML 2 Protokoll vorgesehen ist, sondern beendet ausschlie&szlig;lich die SSO Session in der MOA-ID-Auth Instanz.</p>
-<h2><a name="allgemeines_legacy" id="allgemeines_zugangspunkte4"></a>1.5 Legacy Request (B&uuml;rgerkartenauswahl beim Service Provider)</h2>
+<h2><a name="allgemeines_legacy" id="allgemeines_zugangspunkte4"></a>1.6 Legacy Request (B&uuml;rgerkartenauswahl beim Service Provider)</h2>
<p>Soll die B&uuml;rgerkartenauswahl jedoch weiterhin, wie aus MOA-ID 1.5.1 bekannt direkt in der Online-Applikation des Service Providers erfolgen muss f&uuml;r das jeweilige Protokoll der <a href="./../config/config.html#konfigurationsparameter_allgemein_protocol_legacy">Legacy Modus aktiviert</a> werden. Wird der Legacy Modus verwendet muss jedoch zus&auml;tzlich zu den protokollspezifischen Parametern mindestens der Parameter <em>bkuURI</em>, welcher die gew&auml;hlte B&uuml;rgerkartenumgebung enth&auml;lt, im Authentifizierungsrequest an MOA-ID-Auth &uuml;bergeben werden (siehe <a href="#saml1_startauth">Protokoll SAML 1</a>). Die folgenden Parameter stehen bei Verwendung des Legacy Modus unabh&auml;ngig vom verwendeten Protokoll zur Verf&uuml;gung und bilden den gesamten Umfang der B&uuml;rgerkartenauswahl, wie aus MOA-ID 1.5.1 bekannt, ab.</p>
<table border="1" width="1247">
<tbody>
@@ -713,10 +1043,11 @@ https://&lt;host&gt;:&lt;port&gt;/moa-id-auth/pvp2/metadata
<td><p>Dieses Element beinhaltet als Attribut den Status Code des Anmeldevorgangs. Nochfolgend die wichtigsten Statuscodes und eine kurze Beschreibung.</p>
<ul>
<li><em>urn:oasis:names:tc:SAML:2.0:status:Success</em>: Der Anmeldevorgang konnte Erfolgreich durchgef&uuml;hrt werden. </li>
- <li><em>MOA-ID-Auth Fehlercode</em>: W&auml;hrenddes Anmeldevorgangs ist ein Fehler aufgetreten wobei f&uuml;r diesen Fehler in Fehlercode existiert. Zus&auml;tzlich beinhaltet der Wert dieses Elements eine kurze Fehlerbeschreibung.</li>
- <li><em>urn:oasis:names:tc:SAML:2.0:status:Responder</em>: W&auml;hrend des Anmeldevorgangs ist ein Fehler aufgetreten wobei diesem Fehler kein Fehlercode zugeordnet ist (Allgemeiner Fehler). Zus&auml;tzlich beinhaltet der Wert dieses Elements jedoch eine kurze Fehlerbeschreibung.</li>
+ <li><em>urn:oasis:names:tc:SAML:2.0:status:Responder</em>: W&auml;hrend des Anmeldevorgangs ist ein Fehler aufgetreten. Das Element <code>/saml2p:Response/saml2p:Status/saml2p:StatusCode</code><code>/saml2p:StatusCode</code> beinhaltet einen MOA-ID-Auth Fehlercode (siehe <a href="#statuscodes">Kapitel 1.3</a>). Zus&auml;tzlich beinhaltet der Wert dieses Elements jedoch eine kurze Fehlerbeschreibung.</li>
<li><em>urn:oasis:names:tc:SAML:2.0:status:NoPassive</em>: Die BenutzerIn oder der Benutzer ist aktuell keine aktive und g&uuml;ltige Single Sign-On Session mit MOA-ID-Auth. N&auml;here Details zum <em>isPassiv</em> Authentifizierungsrequest finden Sie in der PVP 2.1 oder der SAML2 Spezifikation.</li>
- </ul></td>
+ <li><em>urn:oasis:names:tc:SAML:2.0:status:Requester</em>: Der Authentifizierungsrequest konnte nicht erfolgreich validiert werden.</li>
+ </ul>
+ <p><strong>Hinweis:</strong> Eine vollst&auml;ndige Aufstellung aller m&ouml;gtlichen SAML2 spezifischen Statuscodes fnden Sie in der SAML2 Spezifikation.</p></td>
</tr>
</table>
<table border="1" cellpadding="2" class="fixedWidth">
@@ -1002,6 +1333,31 @@ Folgende Parameter müssen mit dem AuthCode-Request mitgesendet werden, wobei für
XUVrWOLrLl0nx7RkKU8NXNHq-rvKMzqg&quot;
} </pre>
+<h3><a name="openid_req_errorresponse" id="openid_req_errorresponse"></a>3.2.5 Error Response</h3>
+<p>Sollte w&auml;hrend des Authentifizierungsvorgangs ein Fehler auftreten antwortet das Modul MOA-ID-Auth mit einer Error Response. Diese beinhaltet folgende Parameter</p>
+<table width="1247" border="1">
+ <tr>
+ <th width="115" scope="col">Name</th>
+ <th width="262" scope="col">Beispielwert</th>
+ <th width="848" scope="col">Beschreibung</th>
+ </tr>
+ <tr>
+ <td>error</td>
+ <td>invalid_request_object</td>
+ <td><p>Fehlercode laut OpenID Connect Spezifikation</p></td>
+ </tr>
+ <tr>
+ <td>error_description</td>
+ <td>Der Request ist ung&uuml;ltig</td>
+ <td><p>Kurze textuelle Fehlerbeschreibung</p></td>
+ </tr>
+ <tr>
+ <td>error_uri</td>
+ <td>https://demo.egiz.gv.at/demoportal_moaid-2.0/moa_errorcodes.html#1000</td>
+ <td>URL auf eine Seite mit zus&auml;tzlicher Fehlerbeschreibung</td>
+ </tr>
+</table>
+<p>&nbsp;</p>
<h1><a name="saml1"></a>3 SAML 1</h1>
<p>SAML 1 wird durch MOA-ID-Auth 2.0 auch weiterhin, aus Gr&uuml;nden der Abw&auml;rtskompatibilit&auml;t, als Authentifizierungsprotokoll unterst&uuml;tzt. Es wird jedoch der Umstieg auf ein aktuelles Authentifizierungsprotokoll wie PVP 2.1 oder OpenID Connect empfohlen.</p>
<p>Die nachfolgenden Abschnitte beschreiben den Anmeldevorgang unter Verwendung von SAML1 wobei die Funktionalit&auml;t, wie sie aus MOA-ID &lt;= 1.5.1 bekannt ist, auch weiterhin unterst&uuml;tzt wird (B&uuml;rgerkartenauswahl auf Seiten des Service Provider). Zus&auml;tzlich steht f&uuml;r SAML 1 jedoch auch die Funktionalit&auml;t der automatischen Generierung der B&uuml;rgerkartenauswahl durch das Modul MOA-ID-Auth zur Verf&uuml;gung.</p>
@@ -1116,13 +1472,14 @@ In diesem Redirect werden der Gesch&auml;ftsbereich und ein SAML-Artifact als Pa
<p>Der Service Provider kann anschlie&szlig;end die Assertion, welche die Anmeldedaten oder eine Fehlermeldung beinhaltet, unter Verwendung des SAMLArtifact, am Modul MOA-ID-Auth abholen.</p>
<p>Das MOA-ID-AUTH Web Service wird &uuml;ber einen &lt;samlp:Request&gt; aufgerufen. Der &lt;samlp:Request&gt; enth&auml;lt in einem &lt;samlp:AssertionArtifact&gt; das von MOA-ID-AUTH &uuml;bergebene SAML-Artifact. <br>
<br>
-MOA-ID-AUTH liefert als Antwort einen &lt;samlp:Response&gt;. Die Anmeldedaten sind im &lt;samlp:Response&gt; in Form einer &lt;saml:Assertion&gt; enthalten. </p>
+MOA-ID-AUTH liefert als Antwort einen &lt;samlp:Response&gt;. Die Anmeldedaten sind im &lt;samlp:Response&gt; in Form einer &lt;saml:Assertion&gt; enthalten. <br>
+Sollte w&auml;hrend des Anmeldevorgangs ein Fehler aufgetreten sein, antworted das Modul MOA-ID-Auth mit einer Fehlerbeschreibung in der SAML Response. Das Element <code>/samlp:Response/samlp:Status/samlp:StatusCode</code><code>/</code> beinhaltet auf jeden Fall einen allgemeinen Fehlercode laut SAML1 Spezifikation. Zus&auml;tzlich kann das Element <code>/samlp:Response/samlp:Status/samlp:StatusCode</code><code>/</code><code>samlp:StatusCode</code><code>/</code>einen MOA-ID-Auth Fehlercode (siehe <a href="#statuscodes">Kapitel 1.3</a>) beinhalten. Au&szlig;erdem erfolgt eine kurze textuelle Fehlerbeschreibung im Element <code>/samlp:Response/samlp:Status/</code><code>samlp:StatusMessage/</code>.</p>
<ul>
<li> <a href="file:///D:/Projekte/svn/moa-id/moa-idspss/id/server/doc/cs-sstc-schema-protocol-01.xsd">SAML 1.0 Protocol Schema</a> <br>
</li>
<li> <a href="file:///D:/Projekte/svn/moa-id/moa-idspss/id/server/doc/cs-sstc-schema-assertion-01.xsd">SAML 1.0 Assertion Schema</a></li>
</ul>
-<p>Der detaillierte Aufbau der &lt;saml:Assertion&gt; zu den Anmeldedaten ist in der <a href="file:///D:/Projekte/svn/moa-id/moa-idspss/id/server/doc/MOA_ID_1.4_20070306.pdf">Spezifikation MOA-ID 1.4</a> beschrieben. </p>
+<p>Der detaillierte Aufbau der &lt;saml:Assertion&gt; zu den Anmeldedaten ist in der <a href="./../spec/MOA_ID_1.4_20070802.pdf">Spezifikation MOA-ID 1.4</a> beschrieben.</p>
<h1><a name="referenzierte_spezifikation" id="uebersicht_zentraledatei_aktualisierung30"></a>A Referenzierte Spezifikation</h1>
<table class="fixedWidth" border="1" cellpadding="2">
<tbody>
@@ -1135,6 +1492,10 @@ MOA-ID-AUTH liefert als Antwort einen &lt;samlp:Response&gt;. Die Anmeldedaten
<td><a href="http://www.buergerkarte.at/konzept/securitylayer/spezifikation/20140114/">http://www.buergerkarte.at/konzept/securitylayer/spezifikation/20140114/</a></td>
</tr>
<tr>
+ <td>Online-Vollmachten Spezifikation </td>
+ <td><a href="http://reference.e-government.gv.at/AG-II-Architektur-mis-1-1-0.2890.0.html">http://reference.e-government.gv.at/AG-II-Architektur-mis-1-1-0.2890.0.html</a></td>
+ </tr>
+ <tr>
<td>PVP 2.1 S-Profil Spezifikation</td>
<td><a href="http://reference.e-government.gv.at/uploads/media/PVP2-S-Profil_2_0_0_a-2011-08-31.pdf">http://reference.e-government.gv.at/uploads/media/PVP2-S-Profil_2_0_0_a-2011-08-31.pdf</a></td>
</tr>
diff --git a/id/server/idserverlib/pom.xml b/id/server/idserverlib/pom.xml
index 285a5da9c..f1518951f 100644
--- a/id/server/idserverlib/pom.xml
+++ b/id/server/idserverlib/pom.xml
@@ -3,12 +3,13 @@
<parent>
<groupId>MOA.id</groupId>
<artifactId>moa-id</artifactId>
- <version>2.0.1</version>
+ <version>2.x</version>
</parent>
<modelVersion>4.0.0</modelVersion>
<groupId>MOA.id.server</groupId>
<artifactId>moa-id-lib</artifactId>
+ <version>${moa-id-version}</version>
<packaging>jar</packaging>
<name>MOA ID API</name>
@@ -131,21 +132,21 @@
<artifactId>slf4j-api</artifactId>
<version>1.7.6</version>
</dependency>
- <dependency>
+<!-- <dependency>
<groupId>org.slf4j</groupId>
<artifactId>slf4j-simple</artifactId>
<version>1.7.6</version>
- </dependency>
+ </dependency> -->
<dependency>
<groupId>org.slf4j</groupId>
<artifactId>jcl-over-slf4j</artifactId>
<version>1.7.6</version>
</dependency>
- <dependency>
+<!-- <dependency>
<groupId>org.slf4j</groupId>
<artifactId>log4j-over-slf4j</artifactId>
<version>1.7.6</version>
- </dependency>
+ </dependency> -->
<dependency>
<groupId>org.slf4j</groupId>
<artifactId>jul-to-slf4j</artifactId>
@@ -271,6 +272,25 @@
<build>
<plugins>
+ <plugin>
+ <groupId>org.codehaus.mojo</groupId>
+ <artifactId>properties-maven-plugin</artifactId>
+ <version>1.0-alpha-2</version>
+ <executions>
+ <execution>
+ <phase>initialize</phase>
+ <goals>
+ <goal>read-project-properties</goal>
+ </goals>
+ <configuration>
+ <files>
+ <file>${basedir}/../../../moa-id.properties</file>
+ </files>
+ </configuration>
+ </execution>
+ </executions>
+ </plugin>
+
<plugin>
<groupId>org.apache.maven.plugins</groupId>
<artifactId>maven-compiler-plugin</artifactId>
@@ -279,25 +299,8 @@
<target>1.6</target>
</configuration>
</plugin>
- <plugin>
- <groupId>org.apache.maven.plugins</groupId>
- <artifactId>maven-jar-plugin</artifactId>
- <configuration>
- <skip>true</skip>
- <skipTests>true</skipTests>
- <archive>
- <addMavenDescriptor>false</addMavenDescriptor>
- </archive>
- </configuration>
- <executions>
- <execution>
- <goals>
- <goal>test-jar</goal>
- </goals>
- </execution>
- </executions>
- </plugin>
- <plugin>
+
+ <plugin>
<groupId>org.apache.maven.plugins</groupId>
<artifactId>maven-javadoc-plugin</artifactId>
<version>2.9.1</version>
@@ -338,6 +341,24 @@
</execution>
</executions>
</plugin>
+ <plugin>
+ <groupId>org.apache.maven.plugins</groupId>
+ <artifactId>maven-jar-plugin</artifactId>
+ <configuration>
+ <skip>true</skip>
+ <skipTests>true</skipTests>
+ <archive>
+ <addMavenDescriptor>false</addMavenDescriptor>
+ </archive>
+ </configuration>
+ <executions>
+ <execution>
+ <goals>
+ <goal>test-jar</goal>
+ </goals>
+ </execution>
+ </executions>
+ </plugin>
</plugins>
</build>
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/advancedlogging/StatisticLogger.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/advancedlogging/StatisticLogger.java
index d4b5d1c05..f20339506 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/advancedlogging/StatisticLogger.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/advancedlogging/StatisticLogger.java
@@ -41,6 +41,7 @@ import at.gv.egovernment.moa.id.auth.exception.BKUException;
import at.gv.egovernment.moa.id.auth.exception.MISSimpleClientException;
import at.gv.egovernment.moa.id.auth.exception.MOAIDException;
import at.gv.egovernment.moa.id.auth.exception.ServiceException;
+import at.gv.egovernment.moa.id.client.SZRGWClientException;
import at.gv.egovernment.moa.id.commons.db.ConfigurationDBRead;
import at.gv.egovernment.moa.id.commons.db.ConfigurationDBUtils;
import at.gv.egovernment.moa.id.commons.db.StatisticLogDBUtils;
@@ -51,7 +52,8 @@ import at.gv.egovernment.moa.id.commons.db.dao.statistic.StatisticLog;
import at.gv.egovernment.moa.id.commons.db.ex.MOADatabaseException;
import at.gv.egovernment.moa.id.config.ConfigurationException;
import at.gv.egovernment.moa.id.config.auth.AuthConfigurationProvider;
-import at.gv.egovernment.moa.id.config.auth.OAAuthParameter;
+import at.gv.egovernment.moa.id.config.auth.IOAAuthParameters;
+import at.gv.egovernment.moa.id.data.IAuthData;
import at.gv.egovernment.moa.id.moduls.IRequest;
import at.gv.egovernment.moa.id.storage.AuthenticationSessionStoreage;
import at.gv.egovernment.moa.id.util.client.mis.simple.MISMandate;
@@ -73,6 +75,7 @@ public class StatisticLogger {
private static final String ERRORTYPE_MOASP = "moa-sp";
private static final String ERRORTYPE_MANDATE = "mandate";
private static final String ERRORTYPE_MOAID = "moa-id";
+ private static final String ERRORTYPE_SZRGW = "szrgw";
private static StatisticLogger instance;
@@ -97,9 +100,9 @@ public class StatisticLogger {
}
}
- public void logSuccessOperation(IRequest protocolRequest, AuthenticationSession moasession, boolean isSSOSession) {
+ public void logSuccessOperation(IRequest protocolRequest, IAuthData authData, boolean isSSOSession) {
- if ( isAktive && protocolRequest != null && moasession != null) {
+ if ( isAktive && protocolRequest != null && authData != null) {
OnlineApplication dbOA = ConfigurationDBRead.getOnlineApplication(protocolRequest.getOAURL());
@@ -128,9 +131,18 @@ public class StatisticLogger {
dblog.setOatarget(dbOA.getAuthComponentOA().getIdentificationNumber().getValue());
else
dblog.setOatarget(dbOA.getTarget());
+
+ dblog.setInterfederatedSSOSession(authData.isInterfederatedSSOSession());
- dblog.setBkuurl(moasession.getBkuURL());
- dblog.setBkutype(findBKUType(moasession.getBkuURL(), dbOA));
+ if (authData.isInterfederatedSSOSession()) {
+ dblog.setBkutype(IOAAuthParameters.INDERFEDERATEDIDP);
+ dblog.setBkuurl(authData.getInterfederatedIDP());
+
+ } else {
+ dblog.setBkuurl(authData.getBkuURL());
+ dblog.setBkutype(findBKUType(authData.getBkuURL(), dbOA));
+
+ }
dblog.setProtocoltype(protocolRequest.requestedModule());
dblog.setProtocolsubtype(protocolRequest.requestedAction());
@@ -138,10 +150,10 @@ public class StatisticLogger {
//log MandateInforamtion
- if (moasession.getUseMandate()) {
- dblog.setMandatelogin(moasession.getUseMandate());
+ if (authData.isUseMandate()) {
+ dblog.setMandatelogin(authData.isUseMandate());
- MISMandate mandate = moasession.getMISMandate();
+ MISMandate mandate = authData.getMISMandate();
if (mandate != null) {
if (MiscUtil.isNotEmpty(mandate.getProfRep())) {
@@ -297,7 +309,13 @@ public class StatisticLogger {
dblog.setErrorcode(error.getBkuErrorCode());
dblog.setErrormessage(getErrorMessageWithMaxLength(error.getBkuErrorMessage(), MAXERRORLENGTH));
- }else if (throwable instanceof MISSimpleClientException) {
+ } else if (throwable instanceof SZRGWClientException) {
+ SZRGWClientException error = (SZRGWClientException) throwable;
+ dblog.setErrortype(ERRORTYPE_SZRGW);
+ dblog.setErrorcode(error.getSzrErrorCode());
+ dblog.setErrormessage(getErrorMessageWithMaxLength(error.getSzrErrorMessage(), MAXERRORLENGTH));
+
+ } else if (throwable instanceof MISSimpleClientException) {
MISSimpleClientException error = (MISSimpleClientException) throwable;
dblog.setErrortype(ERRORTYPE_MANDATE);
dblog.setErrorcode(error.getMISErrorCode());
@@ -333,13 +351,13 @@ public class StatisticLogger {
BKUURLS bkuurls = oaAuth.getBKUURLS();
if (bkuurls != null) {
if (bkuURL.equals(bkuurls.getHandyBKU()))
- return OAAuthParameter.HANDYBKU;
+ return IOAAuthParameters.HANDYBKU;
if (bkuURL.equals(bkuurls.getLocalBKU()))
- return OAAuthParameter.LOCALBKU;
+ return IOAAuthParameters.LOCALBKU;
if (bkuURL.equals(bkuurls.getOnlineBKU()))
- return OAAuthParameter.ONLINEBKU;
+ return IOAAuthParameters.ONLINEBKU;
}
}
}
@@ -348,14 +366,14 @@ public class StatisticLogger {
try {
AuthConfigurationProvider authconfig = AuthConfigurationProvider.getInstance();
- if (bkuURL.equals(authconfig.getDefaultBKUURL(OAAuthParameter.ONLINEBKU)))
- return OAAuthParameter.ONLINEBKU;
+ if (bkuURL.equals(authconfig.getDefaultBKUURL(IOAAuthParameters.ONLINEBKU)))
+ return IOAAuthParameters.ONLINEBKU;
- if (bkuURL.equals(authconfig.getDefaultBKUURL(OAAuthParameter.LOCALBKU)))
- return OAAuthParameter.LOCALBKU;
+ if (bkuURL.equals(authconfig.getDefaultBKUURL(IOAAuthParameters.LOCALBKU)))
+ return IOAAuthParameters.LOCALBKU;
- if (bkuURL.equals(authconfig.getDefaultBKUURL(OAAuthParameter.HANDYBKU)))
- return OAAuthParameter.HANDYBKU;
+ if (bkuURL.equals(authconfig.getDefaultBKUURL(IOAAuthParameters.HANDYBKU)))
+ return IOAAuthParameters.HANDYBKU;
} catch (ConfigurationException e) {
Logger.info("Advanced Logging: Default BKUs read failed");
@@ -364,17 +382,17 @@ public class StatisticLogger {
Logger.debug("Staticic Log search BKUType from generneric Parameters");
if (bkuURL.endsWith(GENERIC_LOCALBKU)) {
- Logger.debug("BKUURL " + bkuURL + " is mapped to " + OAAuthParameter.LOCALBKU);
- return OAAuthParameter.LOCALBKU;
+ Logger.debug("BKUURL " + bkuURL + " is mapped to " + IOAAuthParameters.LOCALBKU);
+ return IOAAuthParameters.LOCALBKU;
}
if (bkuURL.startsWith(GENERIC_HANDYBKU)) {
- Logger.debug("BKUURL " + bkuURL + " is mapped to " + OAAuthParameter.HANDYBKU);
- return OAAuthParameter.HANDYBKU;
+ Logger.debug("BKUURL " + bkuURL + " is mapped to " + IOAAuthParameters.HANDYBKU);
+ return IOAAuthParameters.HANDYBKU;
}
- Logger.debug("BKUURL " + bkuURL + " is mapped to " + OAAuthParameter.ONLINEBKU);
- return OAAuthParameter.ONLINEBKU;
+ Logger.debug("BKUURL " + bkuURL + " is mapped to " + IOAAuthParameters.ONLINEBKU);
+ return IOAAuthParameters.ONLINEBKU;
}
}
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/AuthenticationServer.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/AuthenticationServer.java
index d7083ec81..4709f8c68 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/AuthenticationServer.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/AuthenticationServer.java
@@ -2,6 +2,7 @@
package at.gv.egovernment.moa.id.auth;
import iaik.asn1.ObjectID;
+import iaik.pki.PKIRuntimeException;
import iaik.util.logging.Log;
import iaik.x509.X509Certificate;
import iaik.x509.X509ExtensionInitException;
@@ -314,12 +315,18 @@ public class AuthenticationServer implements MOAIDAuthConstants {
appletwidth = StringEscapeUtils.escapeHtml(appletwidth);
- //TODO: cleanup before MOA-ID 2.1 release
- String htmlForm = new GetIdentityLinkFormBuilder().build(template,
- session.getBkuURL(), infoboxReadRequest, dataURL, null,
- null, pushInfobox, oaParam, appletheigth, appletwidth);
-
- return htmlForm;
+ //TODO: cleanup before MOA-ID 2.1 release
+ try {
+ String htmlForm = new GetIdentityLinkFormBuilder().build(template,
+ session.getBkuURL(), infoboxReadRequest, dataURL, null,
+ null, pushInfobox, oaParam, appletheigth, appletwidth);
+
+ return htmlForm;
+
+ } catch (BuildException e) {
+ throw new BuildException("builder.07", null, e);
+
+ }
}
/**
@@ -524,16 +531,16 @@ public class AuthenticationServer implements MOAIDAuthConstants {
} catch (SAXException e) {
- throw new AuthenticationException("auth.16",
+ throw new AuthenticationException("auth.15",
new Object[]{GET_MIS_SESSIONID}, e);
} catch (IOException e) {
- throw new AuthenticationException("auth.16",
+ throw new AuthenticationException("auth.15",
new Object[]{GET_MIS_SESSIONID}, e);
} catch (ParserConfigurationException e) {
- throw new AuthenticationException("auth.16",
+ throw new AuthenticationException("auth.15",
new Object[]{GET_MIS_SESSIONID}, e);
} catch (TransformerException e) {
- throw new AuthenticationException("auth.16",
+ throw new AuthenticationException("auth.15",
new Object[]{GET_MIS_SESSIONID}, e);
}
@@ -553,9 +560,9 @@ public class AuthenticationServer implements MOAIDAuthConstants {
OAAuthParameter oaParam) throws ConfigurationException,
BuildException, ValidateException {
- // check for intermediate processing of the infoboxes
- if (session.isValidatorInputPending())
- return "Redirect to Input Processor";
+// // check for intermediate processing of the infoboxes
+// if (session.isValidatorInputPending())
+// return "Redirect to Input Processor";
if (authConf == null)
authConf = AuthConfigurationProvider.getInstance();
@@ -611,9 +618,9 @@ public class AuthenticationServer implements MOAIDAuthConstants {
OAAuthParameter oaParam, X509Certificate cert)
throws ConfigurationException {
- // check for intermediate processing of the infoboxes
- if (session.isValidatorInputPending())
- return "Redirect to Input Processor";
+// // check for intermediate processing of the infoboxes
+// if (session.isValidatorInputPending())
+// return "Redirect to Input Processor";
if (authConf == null)
authConf = AuthConfigurationProvider.getInstance();
@@ -1164,11 +1171,31 @@ public class AuthenticationServer implements MOAIDAuthConstants {
vtids, tpid);
// debug output
- // invokes the call
- Element domVsresp = new SignatureVerificationInvoker()
- .verifyXMLSignature(domVsreq);
- // debug output
+ Element domVsresp = null;
+
+// try {
+ // invokes the call
+ domVsresp = new SignatureVerificationInvoker()
+ .verifyXMLSignature(domVsreq);
+ // debug output
+
+// } catch ( ServiceException e) {
+// Logger.error("Signature verification error. ", e);
+// Logger.error("Signed Data: " + session.getAuthBlock());
+// try {
+// Logger.error("VerifyRequest: " + DOMUtils.serializeNode(domVsreq));
+// } catch (TransformerException e1) {
+// e1.printStackTrace();
+//
+// } catch (IOException e1) {
+// e1.printStackTrace();
+//
+// }
+//
+// throw e;
+// }
+
// parses the <VerifyXMLSignatureResponse>
VerifyXMLSignatureResponse vsresp = new VerifyXMLSignatureResponseParser(
domVsresp).parseData();
@@ -1196,48 +1223,66 @@ public class AuthenticationServer implements MOAIDAuthConstants {
// date and time
CreateXMLSignatureResponseValidator.getInstance().validateSigningDateTime(csresp);
- // compares the public keys from the identityLink with the AuthBlock
- VerifyXMLSignatureResponseValidator.getInstance().validateCertificate(
- vsresp, session.getIdentityLink());
-
- // post processing of the infoboxes
- Iterator iter = session.getInfoboxValidatorIterator();
- boolean formpending = false;
- if (iter != null) {
- while (!formpending && iter.hasNext()) {
- Vector infoboxValidatorVector = (Vector) iter.next();
- String identifier = (String) infoboxValidatorVector.get(0);
- String friendlyName = (String) infoboxValidatorVector.get(1);
- InfoboxValidator infoboxvalidator = (InfoboxValidator) infoboxValidatorVector
- .get(2);
- InfoboxValidationResult infoboxValidationResult = null;
- try {
- infoboxValidationResult = infoboxvalidator.validate(csresp
- .getSamlAssertion());
- } catch (ValidateException e) {
- Logger.error("Error validating " + identifier + " infobox:"
- + e.getMessage());
- throw new ValidateException("validator.44",
- new Object[]{friendlyName});
- }
- if (!infoboxValidationResult.isValid()) {
- Logger.info("Validation of " + identifier
- + " infobox failed.");
- throw new ValidateException("validator.40", new Object[]{
- friendlyName,
- infoboxValidationResult.getErrorMessage()});
- }
- String form = infoboxvalidator.getForm();
- if (ParepUtils.isEmpty(form)) {
- AddAdditionalSAMLAttributes(
- session,
- infoboxValidationResult.getExtendedSamlAttributes(),
- identifier, friendlyName);
- } else {
- return "Redirect to Input Processor";
- }
- }
- }
+ try {
+ // compares the public keys from the identityLink with the AuthBlock
+ VerifyXMLSignatureResponseValidator.getInstance().validateCertificate(
+ vsresp, session.getIdentityLink());
+
+ } catch ( ValidateException e) {
+ Logger.error("Signature verification error. ", e);
+ Logger.error("Signed Data: " + session.getAuthBlock());
+ try {
+ Logger.error("VerifyRequest: " + DOMUtils.serializeNode(domVsreq));
+ Logger.error("VerifyResponse: " + DOMUtils.serializeNode(domVsresp));
+ } catch (TransformerException e1) {
+ e1.printStackTrace();
+
+ } catch (IOException e1) {
+ e1.printStackTrace();
+
+ }
+
+ throw e;
+ }
+
+// // post processing of the infoboxes
+// Iterator iter = session.getInfoboxValidatorIterator();
+// boolean formpending = false;
+// if (iter != null) {
+// while (!formpending && iter.hasNext()) {
+// Vector infoboxValidatorVector = (Vector) iter.next();
+// String identifier = (String) infoboxValidatorVector.get(0);
+// String friendlyName = (String) infoboxValidatorVector.get(1);
+// InfoboxValidator infoboxvalidator = (InfoboxValidator) infoboxValidatorVector
+// .get(2);
+// InfoboxValidationResult infoboxValidationResult = null;
+// try {
+// infoboxValidationResult = infoboxvalidator.validate(csresp
+// .getSamlAssertion());
+// } catch (ValidateException e) {
+// Logger.error("Error validating " + identifier + " infobox:"
+// + e.getMessage());
+// throw new ValidateException("validator.44",
+// new Object[]{friendlyName});
+// }
+// if (!infoboxValidationResult.isValid()) {
+// Logger.info("Validation of " + identifier
+// + " infobox failed.");
+// throw new ValidateException("validator.40", new Object[]{
+// friendlyName,
+// infoboxValidationResult.getErrorMessage()});
+// }
+// String form = infoboxvalidator.getForm();
+// if (ParepUtils.isEmpty(form)) {
+// AddAdditionalSAMLAttributes(
+// session,
+// infoboxValidationResult.getExtendedSamlAttributes(),
+// identifier, friendlyName);
+// } else {
+// return "Redirect to Input Processor";
+// }
+// }
+// }
session.setXMLVerifySignatureResponse(vsresp);
session.setSignerCertificate(vsresp.getX509certificate());
@@ -1358,44 +1403,44 @@ public class AuthenticationServer implements MOAIDAuthConstants {
throw new AuthenticationException("auth.10", new Object[]{
REQ_VERIFY_AUTH_BLOCK, PARAM_SESSIONID});
- // post processing of the infoboxes
- Iterator iter = session.getInfoboxValidatorIterator();
- boolean formpending = false;
- if (iter != null) {
- while (!formpending && iter.hasNext()) {
- Vector infoboxValidatorVector = (Vector) iter.next();
- String identifier = (String) infoboxValidatorVector.get(0);
- String friendlyName = (String) infoboxValidatorVector.get(1);
- InfoboxValidator infoboxvalidator = (InfoboxValidator) infoboxValidatorVector
- .get(2);
- InfoboxValidationResult infoboxValidationResult = null;
- try {
- infoboxValidationResult = infoboxvalidator.validate(session
- .getIdentityLink().getSamlAssertion());
- } catch (ValidateException e) {
- Logger.error("Error validating " + identifier + " infobox:"
- + e.getMessage());
- throw new ValidateException("validator.44",
- new Object[]{friendlyName});
- }
- if (!infoboxValidationResult.isValid()) {
- Logger.info("Validation of " + identifier
- + " infobox failed.");
- throw new ValidateException("validator.40", new Object[]{
- friendlyName,
- infoboxValidationResult.getErrorMessage()});
- }
- String form = infoboxvalidator.getForm();
- if (ParepUtils.isEmpty(form)) {
- AddAdditionalSAMLAttributes(
- session,
- infoboxValidationResult.getExtendedSamlAttributes(),
- identifier, friendlyName);
- } else {
- return "Redirect to Input Processor";
- }
- }
- }
+// // post processing of the infoboxes
+// Iterator iter = session.getInfoboxValidatorIterator();
+// boolean formpending = false;
+// if (iter != null) {
+// while (!formpending && iter.hasNext()) {
+// Vector infoboxValidatorVector = (Vector) iter.next();
+// String identifier = (String) infoboxValidatorVector.get(0);
+// String friendlyName = (String) infoboxValidatorVector.get(1);
+// InfoboxValidator infoboxvalidator = (InfoboxValidator) infoboxValidatorVector
+// .get(2);
+// InfoboxValidationResult infoboxValidationResult = null;
+// try {
+// infoboxValidationResult = infoboxvalidator.validate(session
+// .getIdentityLink().getSamlAssertion());
+// } catch (ValidateException e) {
+// Logger.error("Error validating " + identifier + " infobox:"
+// + e.getMessage());
+// throw new ValidateException("validator.44",
+// new Object[]{friendlyName});
+// }
+// if (!infoboxValidationResult.isValid()) {
+// Logger.info("Validation of " + identifier
+// + " infobox failed.");
+// throw new ValidateException("validator.40", new Object[]{
+// friendlyName,
+// infoboxValidationResult.getErrorMessage()});
+// }
+// String form = infoboxvalidator.getForm();
+// if (ParepUtils.isEmpty(form)) {
+// AddAdditionalSAMLAttributes(
+// session,
+// infoboxValidationResult.getExtendedSamlAttributes(),
+// identifier, friendlyName);
+// } else {
+// return "Redirect to Input Processor";
+// }
+// }
+// }
VerifyXMLSignatureResponse vsresp = new VerifyXMLSignatureResponse();
X509Certificate cert = session.getSignerCertificate();
@@ -1415,127 +1460,6 @@ public class AuthenticationServer implements MOAIDAuthConstants {
}
/**
- * Builds the AuthenticationData object together with the corresponding
- * <code>&lt;saml:Assertion&gt;</code>
- *
- * @param session authentication session
- * @param verifyXMLSigResp VerifyXMLSignatureResponse from MOA-SP
- * @param useUTC uses correct UTC time format
- * @param useUTC indicates that authenticated citizen is a foreigner
- * @param isForeigner indicates whether Austrian (false) or foreigner (true) authenticates
- * @return AuthenticationData object
- * @throws ConfigurationException while accessing configuration data
- * @throws BuildException while building the <code>&lt;saml:Assertion&gt;</code>
- */
- public static AuthenticationData buildAuthenticationData(
- AuthenticationSession session, OAAuthParameter oaParam, String target)
- throws ConfigurationException, BuildException {
-
- IdentityLink identityLink = session.getIdentityLink();
- AuthenticationData authData = new AuthenticationData();
-
- VerifyXMLSignatureResponse verifyXMLSigResp = session.getXMLVerifySignatureResponse();
-
- boolean businessService = oaParam.getBusinessService();
-
- authData.setMajorVersion(1);
- authData.setMinorVersion(0);
- authData.setAssertionID(Random.nextRandom());
- authData.setIssuer(session.getAuthURL());
-
- authData.setIssueInstant(DateTimeUtils.buildDateTimeUTC(Calendar
- .getInstance()));
-
- //baseID or wbpk in case of BusinessService without SSO or BusinessService SSO
- authData.setIdentificationValue(identityLink.getIdentificationValue());
- authData.setIdentificationType(identityLink.getIdentificationType());
-
- authData.setGivenName(identityLink.getGivenName());
- authData.setFamilyName(identityLink.getFamilyName());
- authData.setDateOfBirth(identityLink.getDateOfBirth());
- authData.setQualifiedCertificate(verifyXMLSigResp
- .isQualifiedCertificate());
- authData.setPublicAuthority(verifyXMLSigResp.isPublicAuthority());
- authData.setPublicAuthorityCode(verifyXMLSigResp
- .getPublicAuthorityCode());
- authData.setBkuURL(session.getBkuURL());
-
- try {
-
- MISMandate mandate = session.getMISMandate();
-
- if (session.getUseMandate() && session.isOW()
- && mandate != null && MiscUtil.isNotEmpty(mandate.getOWbPK())) {
- authData.setBPK(mandate.getOWbPK());
- authData.setBPKType(Constants.URN_PREFIX_CDID + "+" + "OW");
- authData.setIdentityLink(identityLink);
- Logger.trace("Authenticated User is OW: " + mandate.getOWbPK());
-
- } else {
-
- if (businessService) {
- //since we have foreigner, wbPK is not calculated in BKU
- if (identityLink.getIdentificationType().equals(Constants.URN_PREFIX_BASEID)) {
-
- String registerAndOrdNr = oaParam.getIdentityLinkDomainIdentifier();
-
- if (registerAndOrdNr.startsWith(AuthenticationSession.REGISTERANDORDNR_PREFIX_)) {
- // If domainIdentifier starts with prefix
- // "urn:publicid:gv.at:wbpk+"; remove this prefix
- registerAndOrdNr = registerAndOrdNr
- .substring(AuthenticationSession.REGISTERANDORDNR_PREFIX_.length());
- Logger.debug("Register and ordernumber prefix stripped off; resulting register string: "
- + registerAndOrdNr);
- }
-
- String wbpkBase64 = new BPKBuilder().buildWBPK(identityLink.getIdentificationValue(), registerAndOrdNr);
- authData.setBPK(wbpkBase64);
- authData.setBPKType(Constants.URN_PREFIX_WBPK + "+" + registerAndOrdNr);
-
- } else {
- authData.setBPK(identityLink.getIdentificationValue());
- authData.setBPKType(identityLink.getIdentificationType());
-
- }
-
- Logger.trace("Authenticate user with wbPK " + authData.getBPK());
-
- Element idlassertion = session.getIdentityLink().getSamlAssertion();
- //set bpk/wpbk;
- Node prIdentification = XPathUtils.selectSingleNode(idlassertion, IdentityLinkAssertionParser.PERSON_IDENT_VALUE_XPATH);
- prIdentification.getFirstChild().setNodeValue(authData.getBPK());
- //set bkp/wpbk type
- Node prIdentificationType = XPathUtils.selectSingleNode(idlassertion, IdentityLinkAssertionParser.PERSON_IDENT_TYPE_XPATH);
- prIdentificationType.getFirstChild().setNodeValue(authData.getBPKType());
-
- IdentityLinkAssertionParser idlparser = new IdentityLinkAssertionParser(idlassertion);
- IdentityLink idl = idlparser.parseIdentityLink();
- authData.setIdentityLink(idl);
-
- } else {
-
- if (identityLink.getIdentificationType().equals(Constants.URN_PREFIX_BASEID)) {
- // only compute bPK if online application is a public service and we have the Stammzahl
- String bpkBase64 = new BPKBuilder().buildBPK(identityLink.getIdentificationValue(), target);
- authData.setBPK(bpkBase64);
- authData.setBPKType(Constants.URN_PREFIX_CDID + "+" + oaParam.getTarget());
- }
-
- Logger.trace("Authenticate user with bPK " + authData.getBPK());
-
- authData.setIdentityLink(identityLink);
- }
- }
-
- return authData;
-
- } catch (Throwable ex) {
- throw new BuildException("builder.00", new Object[]{
- "AuthenticationData", ex.toString()}, ex);
- }
- }
-
- /**
* Retrieves a session from the session store.
*
* @param id session ID
@@ -1773,6 +1697,11 @@ public class AuthenticationServer implements MOAIDAuthConstants {
request.setMIS(mis);
}
+ if (MiscUtil.isEmpty(connectionParameters.getUrl())) {
+ Logger.warn("SZR-Gateway Service URL is empty");
+ throw new SZRGWClientException("service.07");
+ }
+
Logger.info("Starte Kommunikation mit dem Stammzahlenregister Gateway(" + connectionParameters.getUrl() + ")...");
CreateIdentityLinkResponse response = client.sentCreateIDLRequest(request, connectionParameters.getUrl());
return response;
@@ -1826,11 +1755,13 @@ public class AuthenticationServer implements MOAIDAuthConstants {
String destination = cpeps.getPepsURL().toExternalForm();
Logger.debug("C-PEPS URL: " + destination);
- String acsURL = HTTPUtils.getBaseURL(req) + PEPSConnectorServlet.PEPSCONNECTOR_SERVLET_URL_PATTERN;
+
+ String issuerValue = AuthConfigurationProvider.getInstance().getPublicURLPrefix();
+ String acsURL = new DataURLBuilder().buildDataURL(issuerValue,
+ PEPSConnectorServlet.PEPSCONNECTOR_SERVLET_URL_PATTERN, moasession.getSessionID());
Logger.debug("MOA Assertion Consumer URL (PEPSConnctor): " + acsURL);
String providerName = oaParam.getFriendlyName();
- String issuerValue = HTTPUtils.getBaseURL(req);
Logger.debug("Issuer value: " + issuerValue);
// prepare collection of required attributes
@@ -1903,6 +1834,13 @@ public class AuthenticationServer implements MOAIDAuthConstants {
Logger.debug("STORK AuthnRequest succesfully assembled.");
STORKSAMLEngine samlEngine = STORKSAMLEngine.getInstance("outgoing");
+
+ if (samlEngine == null) {
+ Logger.error("Could not initalize STORK SAML engine.");
+ throw new MOAIDException("stork.00", null);
+
+ }
+
try {
authnRequest = samlEngine.generateSTORKAuthnRequest(authnRequest);
} catch (STORKSAMLEngineException e) {
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/MOAIDAuthConstants.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/MOAIDAuthConstants.java
index 0173c67a1..6f83da367 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/MOAIDAuthConstants.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/MOAIDAuthConstants.java
@@ -31,6 +31,8 @@ public interface MOAIDAuthConstants {
public static final String PARAM_MODUL = "MODUL";
public static final String PARAM_ACTION = "ACTION";
public static final String PARAM_SSO = "SSO";
+ public static final String INTERFEDERATION_IDP = "interIDP";
+
/** servlet parameter &quot;sourceID&quot; */
public static final String PARAM_SOURCEID = "sourceID";
/** servlet parameter &quot;BKUSelectionTemplate&quot; */
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/AuthenticationBlockAssertionBuilder.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/AuthenticationBlockAssertionBuilder.java
index db9bc588f..a6c2cde05 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/AuthenticationBlockAssertionBuilder.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/AuthenticationBlockAssertionBuilder.java
@@ -51,6 +51,7 @@ import at.gv.egovernment.moa.id.auth.exception.ParseException;
import at.gv.egovernment.moa.id.config.ConfigurationException;
import at.gv.egovernment.moa.id.config.TargetToSectorNameMapper;
import at.gv.egovernment.moa.id.config.auth.AuthConfigurationProvider;
+import at.gv.egovernment.moa.id.config.auth.IOAAuthParameters;
import at.gv.egovernment.moa.id.config.auth.OAAuthParameter;
import at.gv.egovernment.moa.id.util.Random;
import at.gv.egovernment.moa.logging.Logger;
@@ -272,7 +273,7 @@ public class AuthenticationBlockAssertionBuilder extends AuthenticationAssertion
}
String specialText = MessageFormat.format(SPECIAL_TEXT_ATTRIBUTE,
- new Object[] { generateSpecialText(text, issuer, issueInstant) });
+ new Object[] { generateSpecialText(text, issuer, gebDat, issueInstant) });
//generate unique AuthBlock tokken
String uniquetokken = Random.nextRandom();
@@ -424,7 +425,7 @@ public class AuthenticationBlockAssertionBuilder extends AuthenticationAssertion
}
String specialText = MessageFormat.format(SPECIAL_TEXT_ATTRIBUTE,
- new Object[] { generateSpecialText(text, issuer, issueInstant) });
+ new Object[] { generateSpecialText(text, issuer, gebDat, issueInstant) });
//generate unique AuthBlock tokken
String uniquetokken = Random.nextRandom();
@@ -454,12 +455,13 @@ public class AuthenticationBlockAssertionBuilder extends AuthenticationAssertion
}
- public static String generateSpecialText(String inputtext, String issuer, String issueInstant) {
+ public static String generateSpecialText(String inputtext, String issuer, String gebDat, String issueInstant) {
Calendar datetime = DatatypeConverter.parseDateTime(issueInstant);
SimpleDateFormat dateformat = new SimpleDateFormat("dd.MM.yyyy");
SimpleDateFormat timeformat = new SimpleDateFormat("HH:mm:ss");
String text = inputtext.replaceAll("#NAME#", issuer);
+ text = text.replaceAll("#BIRTHDAY#", gebDat);
text = text.replaceAll("#DATE#", dateformat.format(datetime.getTime()));
text = text.replaceAll("#TIME#", timeformat.format(datetime.getTime()));
@@ -495,7 +497,7 @@ public class AuthenticationBlockAssertionBuilder extends AuthenticationAssertion
String gebDat,
List<ExtendedSAMLAttribute> extendedSAMLAttributes,
AuthenticationSession session,
- OAAuthParameter oaParam)
+ IOAAuthParameters oaParam)
throws BuildException
{
session.setSAMLAttributeGebeORwbpk(true);
@@ -536,7 +538,7 @@ public class AuthenticationBlockAssertionBuilder extends AuthenticationAssertion
if (MiscUtil.isEmpty(text))
text="";
String specialText = MessageFormat.format(SPECIAL_TEXT_ATTRIBUTE,
- new Object[] { generateSpecialText(text, issuer, issueInstant) });
+ new Object[] { generateSpecialText(text, issuer, gebDat, issueInstant) });
//generate unique AuthBlock tokken
String uniquetokken = Random.nextRandom();
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/AuthenticationDataAssertionBuilder.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/AuthenticationDataAssertionBuilder.java
index 531303300..ba4440bf8 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/AuthenticationDataAssertionBuilder.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/AuthenticationDataAssertionBuilder.java
@@ -33,6 +33,7 @@ import at.gv.egovernment.moa.id.auth.data.ExtendedSAMLAttribute;
import at.gv.egovernment.moa.id.auth.exception.BuildException;
import at.gv.egovernment.moa.id.auth.exception.ParseException;
import at.gv.egovernment.moa.id.data.AuthenticationData;
+import at.gv.egovernment.moa.id.protocols.saml1.SAML1AuthenticationData;
import at.gv.egovernment.moa.logging.Logger;
import at.gv.egovernment.moa.util.Constants;
import at.gv.egovernment.moa.util.DateTimeUtils;
@@ -224,7 +225,7 @@ public class AuthenticationDataAssertionBuilder extends AuthenticationAssertionB
* @throws BuildException if an error occurs during the build process
*/
public String build(
- AuthenticationData authData,
+ SAML1AuthenticationData authData,
String xmlPersonData,
String xmlAuthBlock,
String xmlIdentityLink,
@@ -238,6 +239,7 @@ public class AuthenticationDataAssertionBuilder extends AuthenticationAssertionB
{
String isQualifiedCertificate = authData.isQualifiedCertificate() ? "true" : "false";
+
String publicAuthorityAttribute = "";
if (authData.isPublicAuthority()) {
String publicAuthorityIdentification = authData.getPublicAuthorityCode();
@@ -344,7 +346,7 @@ public class AuthenticationDataAssertionBuilder extends AuthenticationAssertionB
* @throws BuildException if an error occurs during the build process
*/
public String buildMandate(
- AuthenticationData authData,
+ SAML1AuthenticationData authData,
String xmlPersonData,
String xmlMandateData,
String xmlAuthBlock,
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/AuthenticationDataBuilder.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/AuthenticationDataBuilder.java
new file mode 100644
index 000000000..792b6cdd7
--- /dev/null
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/AuthenticationDataBuilder.java
@@ -0,0 +1,628 @@
+/*
+ * Copyright 2014 Federal Chancellery Austria
+ * MOA-ID has been developed in a cooperation between BRZ, the Federal
+ * Chancellery Austria - ICT staff unit, and Graz University of Technology.
+ *
+ * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by
+ * the European Commission - subsequent versions of the EUPL (the "Licence");
+ * You may not use this work except in compliance with the Licence.
+ * You may obtain a copy of the Licence at:
+ * http://www.osor.eu/eupl/
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the Licence is distributed on an "AS IS" basis,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the Licence for the specific language governing permissions and
+ * limitations under the Licence.
+ *
+ * This product combines work with different licenses. See the "NOTICE" text
+ * file for details on the various modules and licenses.
+ * The "NOTICE" text file is part of the distribution. Any derivative works
+ * that you distribute must include a readable copy of the "NOTICE" text file.
+ */
+package at.gv.egovernment.moa.id.auth.builder;
+
+import iaik.x509.X509Certificate;
+
+import java.io.IOException;
+import java.io.InputStream;
+import java.util.ArrayList;
+import java.util.List;
+
+import javax.naming.ldap.LdapName;
+import javax.naming.ldap.Rdn;
+
+import org.opensaml.saml2.core.Assertion;
+import org.opensaml.saml2.core.Attribute;
+import org.opensaml.saml2.core.AttributeQuery;
+import org.opensaml.saml2.core.AttributeStatement;
+import org.opensaml.saml2.core.Response;
+import org.opensaml.ws.soap.common.SOAPException;
+import org.opensaml.xml.XMLObject;
+import org.opensaml.xml.security.SecurityException;
+import org.w3c.dom.Element;
+import org.w3c.dom.Node;
+
+import eu.stork.peps.auth.commons.PersonalAttribute;
+import eu.stork.peps.auth.commons.PersonalAttributeList;
+
+import at.gv.egovernment.moa.id.auth.MOAIDAuthConstants;
+import at.gv.egovernment.moa.id.auth.data.AuthenticationSession;
+import at.gv.egovernment.moa.id.auth.data.IdentityLink;
+import at.gv.egovernment.moa.id.auth.data.VerifyXMLSignatureResponse;
+import at.gv.egovernment.moa.id.auth.exception.BuildException;
+import at.gv.egovernment.moa.id.auth.exception.DynamicOABuildException;
+import at.gv.egovernment.moa.id.auth.exception.ParseException;
+import at.gv.egovernment.moa.id.auth.exception.WrongParametersException;
+import at.gv.egovernment.moa.id.auth.parser.IdentityLinkAssertionParser;
+import at.gv.egovernment.moa.id.commons.db.MOASessionDBUtils;
+import at.gv.egovernment.moa.id.commons.db.dao.session.InterfederationSessionStore;
+import at.gv.egovernment.moa.id.commons.db.dao.session.OASessionStore;
+import at.gv.egovernment.moa.id.commons.db.ex.MOADatabaseException;
+import at.gv.egovernment.moa.id.config.ConfigurationException;
+import at.gv.egovernment.moa.id.config.auth.AuthConfigurationProvider;
+import at.gv.egovernment.moa.id.config.auth.IOAAuthParameters;
+import at.gv.egovernment.moa.id.config.auth.OAAuthParameter;
+import at.gv.egovernment.moa.id.data.AuthenticationData;
+import at.gv.egovernment.moa.id.data.IAuthData;
+import at.gv.egovernment.moa.id.moduls.IRequest;
+import at.gv.egovernment.moa.id.protocols.pvp2x.PVPConstants;
+import at.gv.egovernment.moa.id.protocols.pvp2x.PVPTargetConfiguration;
+import at.gv.egovernment.moa.id.protocols.pvp2x.builder.AttributQueryBuilder;
+import at.gv.egovernment.moa.id.protocols.pvp2x.exceptions.AssertionAttributeExtractorExeption;
+import at.gv.egovernment.moa.id.protocols.pvp2x.exceptions.AssertionValidationExeption;
+import at.gv.egovernment.moa.id.protocols.pvp2x.exceptions.AttributQueryException;
+import at.gv.egovernment.moa.id.protocols.pvp2x.messages.MOARequest;
+import at.gv.egovernment.moa.id.protocols.pvp2x.utils.MOASAMLSOAPClient;
+import at.gv.egovernment.moa.id.protocols.pvp2x.verification.SAMLVerificationEngine;
+import at.gv.egovernment.moa.id.protocols.pvp2x.verification.TrustEngineFactory;
+import at.gv.egovernment.moa.id.protocols.saml1.SAML1AuthenticationData;
+import at.gv.egovernment.moa.id.protocols.saml1.SAML1RequestImpl;
+import at.gv.egovernment.moa.id.storage.AuthenticationSessionStoreage;
+import at.gv.egovernment.moa.id.util.IdentityLinkReSigner;
+import at.gv.egovernment.moa.id.util.ParamValidatorUtils;
+import at.gv.egovernment.moa.id.util.client.mis.simple.MISMandate;
+import at.gv.egovernment.moa.logging.Logger;
+import at.gv.egovernment.moa.util.Base64Utils;
+import at.gv.egovernment.moa.util.Constants;
+import at.gv.egovernment.moa.util.MiscUtil;
+import at.gv.egovernment.moa.util.XPathUtils;
+
+/**
+ * @author tlenz
+ *
+ */
+public class AuthenticationDataBuilder implements MOAIDAuthConstants {
+
+ public static IAuthData buildAuthenticationData(IRequest protocolRequest,
+ AuthenticationSession session, List<Attribute> reqAttributes) throws ConfigurationException, BuildException, WrongParametersException, DynamicOABuildException {
+
+
+ String oaID = protocolRequest.getOAURL();
+ if (oaID == null) {
+ throw new WrongParametersException("StartAuthentication",
+ PARAM_OA, "auth.12");
+ }
+
+ // check parameter
+ if (!ParamValidatorUtils.isValidOA(oaID))
+ throw new WrongParametersException("StartAuthentication",
+ PARAM_OA, "auth.12");
+
+ AuthenticationData authdata = null;
+
+ if (protocolRequest instanceof SAML1RequestImpl) {
+ //request is SAML1
+ SAML1AuthenticationData saml1authdata = new SAML1AuthenticationData();
+ saml1authdata.setExtendedSAMLAttributesOA(session.getExtendedSAMLAttributesOA());
+
+ authdata = saml1authdata;
+
+ } else {
+ authdata = new AuthenticationData();
+
+ }
+
+ //reuse some parameters if it is a reauthentication
+ OASessionStore activeOA = AuthenticationSessionStoreage.searchActiveOASSOSession(session, oaID, protocolRequest.requestedModule());
+ if (activeOA != null) {
+ authdata.setSessionIndex(activeOA.getAssertionSessionID());
+ authdata.setNameID(activeOA.getUserNameID());
+ authdata.setNameIDFormat(activeOA.getUserNameIDFormat());
+
+ //mark AttributeQuery as used
+ if ( protocolRequest instanceof PVPTargetConfiguration &&
+ ((PVPTargetConfiguration) protocolRequest).getRequest() instanceof MOARequest &&
+ ((PVPTargetConfiguration) protocolRequest).getRequest().getInboundMessage() instanceof AttributeQuery) {
+ try {
+ activeOA.setAttributeQueryUsed(true);
+ MOASessionDBUtils.saveOrUpdate(activeOA);
+
+ } catch (MOADatabaseException e) {
+ Logger.error("MOASession interfederation information can not stored to database.", e);
+
+ }
+ }
+
+ }
+
+ InterfederationSessionStore interfIDP = AuthenticationSessionStoreage.searchInterfederatedIDPFORAttributeQueryWithSessionID(session);
+
+ IOAAuthParameters oaParam = null;
+ if (reqAttributes == null) {
+ //get OnlineApplication from MOA-ID-Auth configuration
+ oaParam = AuthConfigurationProvider.getInstance()
+ .getOnlineApplicationParameter(oaID);
+
+ } else {
+ //build OnlineApplication dynamic from requested attributes
+ oaParam = DynamicOAAuthParameterBuilder.buildFromAttributeQuery(reqAttributes, interfIDP);
+
+ }
+
+ if (interfIDP != null ) {
+ //IDP is a chained interfederated IDP and Authentication is requested
+ if (oaParam.isInderfederationIDP() && protocolRequest instanceof PVPTargetConfiguration &&
+ !(((PVPTargetConfiguration)protocolRequest).getRequest() instanceof AttributeQuery)) {
+ //only set minimal response attributes
+ authdata.setQAALevel(interfIDP.getQAALevel());
+ authdata.setBPK(interfIDP.getUserNameID());
+
+ } else {
+ //get attributes from interfederated IDP
+ OAAuthParameter idp = AuthConfigurationProvider.getInstance().getOnlineApplicationParameter(interfIDP.getIdpurlprefix());
+ getAuthDataFromInterfederation(authdata, session, oaParam, protocolRequest, interfIDP, idp, reqAttributes);
+
+ //mark attribute request as used
+ try {
+ if (idp.isInterfederationSSOStorageAllowed()) {
+ interfIDP.setAttributesRequested(true);
+ MOASessionDBUtils.saveOrUpdate(interfIDP);
+
+ } else {
+ MOASessionDBUtils.delete(interfIDP);
+ }
+
+ } catch (MOADatabaseException e) {
+ Logger.error("MOASession interfederation information can not stored to database.", e);
+
+ }
+ }
+
+ } else {
+ //build AuthenticationData from MOASession
+ buildAuthDataFormMOASession(authdata, session, oaParam);
+
+ }
+
+ return authdata;
+ }
+
+ /**
+ * @param req
+ * @param session
+ * @param reqAttributes
+ * @return
+ * @throws WrongParametersException
+ * @throws ConfigurationException
+ * @throws BuildException
+ * @throws DynamicOABuildException
+ */
+ public static IAuthData buildAuthenticationData(IRequest req,
+ AuthenticationSession session) throws WrongParametersException, ConfigurationException, BuildException, DynamicOABuildException {
+ return buildAuthenticationData(req, session, null);
+ }
+
+ /**
+ * @param authdata
+ * @param session
+ * @param oaParam
+ * @param protocolRequest
+ * @param interfIDP
+ * @param idp
+ * @param reqQueryAttr
+ * @throws ConfigurationException
+ */
+ private static void getAuthDataFromInterfederation(
+ AuthenticationData authdata, AuthenticationSession session,
+ IOAAuthParameters oaParam, IRequest req,
+ InterfederationSessionStore interfIDP, OAAuthParameter idp, List<Attribute> reqQueryAttr) throws BuildException, ConfigurationException{
+
+ try {
+ List<Attribute> attributs = null;
+
+ //IDP is a chained interfederated IDP and request is of type AttributQuery
+ if (oaParam.isInderfederationIDP() && req instanceof PVPTargetConfiguration &&
+ (((PVPTargetConfiguration)req).getRequest() instanceof AttributeQuery) &&
+ reqQueryAttr != null) {
+ attributs = reqQueryAttr;
+
+ //IDP is a service provider IDP and request interfederated IDP to collect attributes
+ } else {
+
+ //TODO: check if response include attributes and map this attributes to requested attributes
+
+ //get PVP 2.1 attributes from protocol specific requested attributes
+ attributs = req.getRequestedAttributes();
+
+ }
+
+ //collect attributes by using BackChannel communication
+ String endpoint = idp.getIDPAttributQueryServiceURL();
+ if (MiscUtil.isEmpty(endpoint)) {
+ Logger.error("No AttributeQueryURL for interfederationIDP " + oaParam.getPublicURLPrefix());
+ throw new ConfigurationException("No AttributeQueryURL for interfederationIDP " + oaParam.getPublicURLPrefix(), null);
+ }
+
+ //build attributQuery request
+ AttributeQuery query =
+ AttributQueryBuilder.buildAttributQueryRequest(interfIDP.getUserNameID(), endpoint, attributs);
+
+ //build SOAP request
+ List<XMLObject> xmlObjects = MOASAMLSOAPClient.send(endpoint, query);
+
+ if (xmlObjects.size() == 0) {
+ Logger.error("Receive emptry AttributeQuery response-body.");
+ throw new AttributQueryException("Receive emptry AttributeQuery response-body.", null);
+
+ }
+
+ if (xmlObjects.get(0) instanceof Response) {
+ Response intfResp = (Response) xmlObjects.get(0);
+
+ //validate PVP 2.1 response
+ try {
+ SAMLVerificationEngine engine = new SAMLVerificationEngine();
+ engine.verifyResponse(intfResp, TrustEngineFactory.getSignatureKnownKeysTrustEngine());
+
+ SAMLVerificationEngine.validateAssertion(intfResp, false);
+
+ } catch (Exception e) {
+ Logger.warn("PVP 2.1 assertion validation FAILED.", e);
+ throw new AssertionValidationExeption("PVP 2.1 assertion validation FAILED.", null, e);
+ }
+
+ //parse response information to authData
+ buildAuthDataFormInterfederationResponse(authdata, session, intfResp);
+
+ } else {
+ Logger.error("Receive AttributeQuery response-body include no PVP 2.1 response");
+ throw new AttributQueryException("Receive AttributeQuery response-body include no PVP 2.1 response.", null);
+
+ }
+
+ } catch (SOAPException e) {
+ throw new BuildException("builder.06", null, e);
+
+ } catch (SecurityException e) {
+ throw new BuildException("builder.06", null, e);
+
+ } catch (AttributQueryException e) {
+ throw new BuildException("builder.06", null, e);
+
+ } catch (BuildException e) {
+ throw new BuildException("builder.06", null, e);
+
+ } catch (AssertionValidationExeption e) {
+ throw new BuildException("builder.06", null, e);
+
+ } catch (AssertionAttributeExtractorExeption e) {
+ throw new BuildException("builder.06", null, e);
+
+ }
+ }
+
+ private static void buildAuthDataFormInterfederationResponse(AuthenticationData authData, AuthenticationSession session,
+ Response intfResp) throws BuildException, AssertionAttributeExtractorExeption {
+
+ Logger.debug("Build AuthData from assertion starts ....");
+
+ Assertion assertion = intfResp.getAssertions().get(0);
+
+ if (assertion.getAttributeStatements().size() == 0) {
+ Logger.warn("Can not build AuthData from Assertion. NO Attributes included.");
+ throw new AssertionAttributeExtractorExeption("Can not build AuthData from Assertion. NO Attributes included.", null);
+
+ }
+
+ AttributeStatement attrStat = assertion.getAttributeStatements().get(0);
+ for (Attribute attr : attrStat.getAttributes()) {
+
+ if (attr.getName().equals(PVPConstants.PRINCIPAL_NAME_NAME))
+ authData.setFamilyName(attr.getAttributeValues().get(0).getDOM().getTextContent());
+
+ if (attr.getName().equals(PVPConstants.GIVEN_NAME_NAME))
+ authData.setGivenName(attr.getAttributeValues().get(0).getDOM().getTextContent());
+
+ if (attr.getName().equals(PVPConstants.BIRTHDATE_NAME))
+ authData.setDateOfBirth(attr.getAttributeValues().get(0).getDOM().getTextContent());
+
+ if (attr.getName().equals(PVPConstants.BPK_NAME)) {
+ String pvpbPK = attr.getAttributeValues().get(0).getDOM().getTextContent();
+ authData.setBPK(pvpbPK.split(":")[1]);
+ }
+
+ if (attr.getName().equals(PVPConstants.EID_SECTOR_FOR_IDENTIFIER_NAME))
+ authData.setBPKType(attr.getAttributeValues().get(0).getDOM().getTextContent());
+
+ if (attr.getName().equals(PVPConstants.EID_CITIZEN_QAA_LEVEL_NAME))
+ authData.setQAALevel(PVPConstants.STORK_QAA_PREFIX +
+ attr.getAttributeValues().get(0).getDOM().getTextContent());
+
+ if (attr.getName().equals(PVPConstants.EID_ISSUING_NATION_NAME))
+ authData.setCcc(attr.getAttributeValues().get(0).getDOM().getTextContent());
+
+ if (attr.getName().equals(PVPConstants.EID_CCS_URL_NAME))
+ authData.setBkuURL(attr.getAttributeValues().get(0).getDOM().getTextContent());
+
+ if (attr.getName().equals(PVPConstants.EID_AUTH_BLOCK_NAME)) {
+ try {
+ byte[] authBlock = Base64Utils.decode(attr.getAttributeValues().get(0).getDOM().getTextContent(), false);
+ authData.setAuthBlock(new String(authBlock, "UTF-8"));
+
+ } catch (IOException e) {
+ Logger.error("Received AuthBlock is not valid", e);
+
+ }
+ }
+
+ if (attr.getName().equals(PVPConstants.EID_SIGNER_CERTIFICATE_NAME)) {
+ try {
+ authData.setSignerCertificate(Base64Utils.decode(
+ attr.getAttributeValues().get(0).getDOM().getTextContent(), false));
+
+ } catch (IOException e) {
+ Logger.error("Received SignerCertificate is not valid", e);
+
+ }
+ }
+
+ if (attr.getName().equals(PVPConstants.EID_SOURCE_PIN_NAME))
+ authData.setIdentificationValue(attr.getAttributeValues().get(0).getDOM().getTextContent());
+
+ if (attr.getName().equals(PVPConstants.EID_SOURCE_PIN_TYPE_NAME))
+ authData.setIdentificationType(attr.getAttributeValues().get(0).getDOM().getTextContent());
+
+ if (attr.getName().equals(PVPConstants.EID_IDENTITY_LINK_NAME)) {
+ try {
+ InputStream idlStream = Base64Utils.decodeToStream(attr.getAttributeValues().get(0).getDOM().getTextContent(), false);
+ IdentityLink idl = new IdentityLinkAssertionParser(idlStream).parseIdentityLink();
+ authData.setIdentityLink(idl);
+
+ } catch (ParseException e) {
+ Logger.error("Received IdentityLink is not valid", e);
+
+ } catch (Exception e) {
+ Logger.error("Received IdentityLink is not valid", e);
+
+ }
+ }
+
+ if (attr.getName().equals(PVPConstants.MANDATE_REFERENCE_VALUE_NAME))
+ authData.setMandateReferenceValue(attr.getAttributeValues().get(0).getDOM().getTextContent());
+
+
+ if (attr.getName().equals(PVPConstants.MANDATE_FULL_MANDATE_NAME)) {
+ try {
+ byte[] mandate = Base64Utils.decode(
+ attr.getAttributeValues().get(0).getDOM().getTextContent(), false);
+
+ if (authData.getMISMandate() == null)
+ authData.setMISMandate(new MISMandate());
+ authData.getMISMandate().setMandate(mandate);
+
+ authData.setUseMandate(true);
+
+ } catch (Exception e) {
+ Logger.error("Received Mandate is not valid", e);
+ throw new AssertionAttributeExtractorExeption(PVPConstants.MANDATE_FULL_MANDATE_NAME);
+
+ }
+ }
+
+ if (attr.getName().equals(PVPConstants.MANDATE_PROF_REP_OID_NAME)) {
+ if (authData.getMISMandate() == null)
+ authData.setMISMandate(new MISMandate());
+ authData.getMISMandate().setProfRep(
+ attr.getAttributeValues().get(0).getDOM().getTextContent());
+
+ }
+
+ if (attr.getName().equals(PVPConstants.EID_STORK_TOKEN_NAME)) {
+ authData.setStorkAuthnResponse(attr.getAttributeValues().get(0).getDOM().getTextContent());
+ authData.setForeigner(true);
+ }
+
+ if (attr.getName().startsWith(PVPConstants.STORK_ATTRIBUTE_PREFIX)) {
+
+ if (authData.getStorkAttributes() == null)
+ authData.setStorkAttributes(new PersonalAttributeList());
+
+ List<String> storkAttrValues = new ArrayList<String>();
+ storkAttrValues.add(attr.getAttributeValues().get(0).getDOM().getTextContent());
+ PersonalAttribute storkAttr = new PersonalAttribute(attr.getName(),
+ false, storkAttrValues , "Available");
+ authData.getStorkAttributes().put(attr.getName(), storkAttr );
+ authData.setForeigner(true);
+ }
+
+ }
+
+ authData.setSsoSession(true);
+
+ //only for SAML1
+ if (PVPConstants.STORK_QAA_1_4.equals(authData.getQAALevel()))
+ authData.setQualifiedCertificate(true);
+ else
+ authData.setQualifiedCertificate(false);
+ authData.setPublicAuthority(false);
+ }
+
+ private static void buildAuthDataFormMOASession(AuthenticationData authData, AuthenticationSession session,
+ IOAAuthParameters oaParam) throws BuildException {
+
+ String target = oaParam.getTarget();
+
+ IdentityLink identityLink = session.getIdentityLink();
+
+ VerifyXMLSignatureResponse verifyXMLSigResp = session.getXMLVerifySignatureResponse();
+
+ boolean businessService = oaParam.getBusinessService();
+
+ authData.setIssuer(session.getAuthURL());
+
+ //baseID or wbpk in case of BusinessService without SSO or BusinessService SSO
+ authData.setIdentificationValue(identityLink.getIdentificationValue());
+ authData.setIdentificationType(identityLink.getIdentificationType());
+
+ authData.setGivenName(identityLink.getGivenName());
+ authData.setFamilyName(identityLink.getFamilyName());
+ authData.setDateOfBirth(identityLink.getDateOfBirth());
+ authData.setQualifiedCertificate(verifyXMLSigResp
+ .isQualifiedCertificate());
+ authData.setPublicAuthority(verifyXMLSigResp.isPublicAuthority());
+ authData.setPublicAuthorityCode(verifyXMLSigResp
+ .getPublicAuthorityCode());
+ authData.setBkuURL(session.getBkuURL());
+
+ authData.setStorkAttributes(session.getStorkAttributes());
+ authData.setStorkAuthnResponse(session.getStorkAuthnResponse());
+ authData.setStorkRequest(session.getStorkAuthnRequest());
+
+ authData.setSignerCertificate(session.getEncodedSignerCertificate());
+ authData.setAuthBlock(session.getAuthBlock());
+
+ authData.setForeigner(session.isForeigner());
+ authData.setQAALevel(session.getQAALevel());
+
+ if (session.isForeigner()) {
+ if (authData.getStorkAuthnRequest() != null) {
+ authData.setCcc(authData.getStorkAuthnRequest()
+ .getCitizenCountryCode());
+
+ } else {
+
+ try {
+ //TODO: replace with TSL lookup when TSL is ready!
+ X509Certificate certificate = new X509Certificate(authData.getSignerCertificate());
+
+ if (certificate != null) {
+
+ LdapName ln = new LdapName(certificate.getIssuerDN()
+ .getName());
+ for (Rdn rdn : ln.getRdns()) {
+ if (rdn.getType().equalsIgnoreCase("C")) {
+ Logger.info("C is: " + rdn.getValue());
+ authData.setCcc(rdn.getValue().toString());
+ break;
+ }
+ }
+ }
+
+ } catch (Exception e) {
+ Logger.error("Failed to extract country code from certificate", e);
+
+ }
+ }
+
+ } else {
+ authData.setCcc("AT");
+
+ }
+
+ try {
+
+ authData.setSsoSession(AuthenticationSessionStoreage.isSSOSession(session.getSessionID()));
+
+
+ /* TODO: Support SSO Mandate MODE!
+ * Insert functionality to translate mandates in case of SSO
+ */
+
+
+ MISMandate mandate = session.getMISMandate();
+ authData.setMISMandate(mandate);
+ authData.setUseMandate(session.getUseMandate());
+ authData.setMandateReferenceValue(session.getMandateReferenceValue());
+
+ if (session.getUseMandate() && session.isOW()
+ && mandate != null && MiscUtil.isNotEmpty(mandate.getOWbPK())) {
+ authData.setBPK(mandate.getOWbPK());
+ authData.setBPKType(Constants.URN_PREFIX_CDID + "+" + "OW");
+
+ //TODO: check in case of mandates for business services
+ authData.setIdentityLink(identityLink);
+ Logger.trace("Authenticated User is OW: " + mandate.getOWbPK());
+
+ } else {
+
+ if (businessService) {
+ //since we have foreigner, wbPK is not calculated in BKU
+ if (identityLink.getIdentificationType().equals(Constants.URN_PREFIX_BASEID)) {
+
+ String registerAndOrdNr = oaParam.getIdentityLinkDomainIdentifier();
+
+ if (registerAndOrdNr.startsWith(AuthenticationSession.REGISTERANDORDNR_PREFIX_)) {
+ // If domainIdentifier starts with prefix
+ // "urn:publicid:gv.at:wbpk+"; remove this prefix
+ registerAndOrdNr = registerAndOrdNr
+ .substring(AuthenticationSession.REGISTERANDORDNR_PREFIX_.length());
+ Logger.debug("Register and ordernumber prefix stripped off; resulting register string: "
+ + registerAndOrdNr);
+ }
+
+ String wbpkBase64 = new BPKBuilder().buildWBPK(identityLink.getIdentificationValue(), registerAndOrdNr);
+ authData.setBPK(wbpkBase64);
+ authData.setBPKType(Constants.URN_PREFIX_WBPK + "+" + registerAndOrdNr);
+
+ } else {
+ authData.setBPK(identityLink.getIdentificationValue());
+ authData.setBPKType(identityLink.getIdentificationType());
+
+ }
+
+ Logger.trace("Authenticate user with wbPK " + authData.getBPK());
+
+ Element idlassertion = session.getIdentityLink().getSamlAssertion();
+ //set bpk/wpbk;
+ Node prIdentification = XPathUtils.selectSingleNode(idlassertion, IdentityLinkAssertionParser.PERSON_IDENT_VALUE_XPATH);
+ prIdentification.getFirstChild().setNodeValue(authData.getBPK());
+ //set bkp/wpbk type
+ Node prIdentificationType = XPathUtils.selectSingleNode(idlassertion, IdentityLinkAssertionParser.PERSON_IDENT_TYPE_XPATH);
+ prIdentificationType.getFirstChild().setNodeValue(authData.getBPKType());
+
+ IdentityLinkAssertionParser idlparser = new IdentityLinkAssertionParser(idlassertion);
+ IdentityLink idl = idlparser.parseIdentityLink();
+
+ //resign IDL
+ IdentityLinkReSigner identitylinkresigner = IdentityLinkReSigner.getInstance();
+ Element resignedilAssertion;
+ resignedilAssertion = identitylinkresigner.resignIdentityLink(idl.getSamlAssertion());
+ IdentityLinkAssertionParser resignedIDLParser = new IdentityLinkAssertionParser(resignedilAssertion);
+ IdentityLink resignedIDL = resignedIDLParser.parseIdentityLink();
+
+ authData.setIdentityLink(resignedIDL);
+
+ } else {
+
+ if (identityLink.getIdentificationType().equals(Constants.URN_PREFIX_BASEID)) {
+ // only compute bPK if online application is a public service and we have the Stammzahl
+ String bpkBase64 = new BPKBuilder().buildBPK(identityLink.getIdentificationValue(), target);
+ authData.setBPK(bpkBase64);
+ authData.setBPKType(Constants.URN_PREFIX_CDID + "+" + oaParam.getTarget());
+ }
+
+ Logger.trace("Authenticate user with bPK " + authData.getBPK());
+
+ authData.setIdentityLink(identityLink);
+ }
+ }
+
+
+ } catch (Throwable ex) {
+ throw new BuildException("builder.00", new Object[]{
+ "AuthenticationData", ex.toString()}, ex);
+ }
+
+ }
+}
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/DynamicOAAuthParameterBuilder.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/DynamicOAAuthParameterBuilder.java
new file mode 100644
index 000000000..132b6af01
--- /dev/null
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/DynamicOAAuthParameterBuilder.java
@@ -0,0 +1,109 @@
+/*
+ * Copyright 2014 Federal Chancellery Austria
+ * MOA-ID has been developed in a cooperation between BRZ, the Federal
+ * Chancellery Austria - ICT staff unit, and Graz University of Technology.
+ *
+ * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by
+ * the European Commission - subsequent versions of the EUPL (the "Licence");
+ * You may not use this work except in compliance with the Licence.
+ * You may obtain a copy of the Licence at:
+ * http://www.osor.eu/eupl/
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the Licence is distributed on an "AS IS" basis,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the Licence for the specific language governing permissions and
+ * limitations under the Licence.
+ *
+ * This product combines work with different licenses. See the "NOTICE" text
+ * file for details on the various modules and licenses.
+ * The "NOTICE" text file is part of the distribution. Any derivative works
+ * that you distribute must include a readable copy of the "NOTICE" text file.
+ */
+package at.gv.egovernment.moa.id.auth.builder;
+
+import java.util.List;
+
+import org.opensaml.saml2.core.Attribute;
+
+import at.gv.egovernment.moa.id.auth.exception.DynamicOABuildException;
+import at.gv.egovernment.moa.id.commons.db.dao.session.InterfederationSessionStore;
+import at.gv.egovernment.moa.id.config.ConfigurationException;
+import at.gv.egovernment.moa.id.config.auth.AuthConfigurationProvider;
+import at.gv.egovernment.moa.id.config.auth.IOAAuthParameters;
+import at.gv.egovernment.moa.id.config.auth.OAAuthParameter;
+import at.gv.egovernment.moa.id.config.auth.data.DynamicOAAuthParameters;
+import at.gv.egovernment.moa.id.protocols.pvp2x.PVPConstants;
+import at.gv.egovernment.moa.logging.Logger;
+import at.gv.egovernment.moa.util.Constants;
+
+/**
+ * @author tlenz
+ *
+ */
+public class DynamicOAAuthParameterBuilder {
+
+ public static IOAAuthParameters buildFromAttributeQuery(List<Attribute> reqAttributes, InterfederationSessionStore interfIDP) throws DynamicOABuildException {
+
+ Logger.debug("Build dynamic OAConfiguration from AttributeQuery and interfederation information");
+
+ try {
+ DynamicOAAuthParameters dynamicOA = new DynamicOAAuthParameters();
+
+ for (Attribute attr : reqAttributes) {
+ //get Target or BusinessService from request
+ if (attr.getName().equals(PVPConstants.EID_SECTOR_FOR_IDENTIFIER_NAME)) {
+ String attrValue = attr.getAttributeValues().get(0).getDOM().getTextContent();
+ if (attrValue.startsWith(Constants.URN_PREFIX_CDID)) {
+ dynamicOA.setBusinessService(false);
+ dynamicOA.setTarget(attrValue.substring((Constants.URN_PREFIX_CDID + "+").length()));
+
+ } else if( attrValue.startsWith(Constants.URN_PREFIX_WBPK) ||
+ attrValue.startsWith(Constants.URN_PREFIX_STORK) ) {
+ dynamicOA.setBusinessService(true);
+ dynamicOA.setTarget(attrValue);
+
+ } else {
+ Logger.error("Sector identification " + attrValue + " is not a valid Target or BusinessServiceArea");
+ throw new DynamicOABuildException("Sector identification " + attrValue + " is not a valid Target or BusinessServiceArea", null);
+
+ }
+
+ }
+
+ }
+
+ if (interfIDP != null) {
+ //load interfederated IDP informations
+ OAAuthParameter idp = AuthConfigurationProvider.getInstance().getOnlineApplicationParameter(interfIDP.getIdpurlprefix());
+ if (idp == null) {
+ Logger.warn("Interfederated IDP configuration is not loadable.");
+ throw new DynamicOABuildException("Interfederated IDP configuration is not loadable.", null);
+
+ }
+
+ dynamicOA.setApplicationID(idp.getPublicURLPrefix());
+ dynamicOA.setInderfederatedIDP(idp.isInderfederationIDP());
+ dynamicOA.setIDPQueryURL(idp.getIDPAttributQueryServiceURL());
+
+ //check if IDP service area policy. BusinessService IDPs can only request wbPKs
+ if (!dynamicOA.getBusinessService() && !idp.isIDPPublicService()) {
+ Logger.error("Interfederated IDP " + idp.getPublicURLPrefix()
+ + " has a BusinessService-IDP but requests PublicService attributes.");
+ throw new DynamicOABuildException("Interfederated IDP " + idp.getPublicURLPrefix()
+ + " has a BusinessService-IDP but requests PublicService attributes.", null);
+
+ }
+ }
+
+ return dynamicOA;
+
+ } catch (ConfigurationException e) {
+ Logger.warn("Internel server errror. Basic configuration load failed.", e);
+ throw new DynamicOABuildException("Basic configuration load failed.", null);
+ }
+
+
+
+ }
+}
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/GetIdentityLinkFormBuilder.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/GetIdentityLinkFormBuilder.java
index ab93f509c..dc981ba33 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/GetIdentityLinkFormBuilder.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/GetIdentityLinkFormBuilder.java
@@ -52,7 +52,7 @@ import java.io.StringWriter;
import java.util.Map;
import at.gv.egovernment.moa.id.auth.exception.BuildException;
-import at.gv.egovernment.moa.id.config.auth.OAAuthParameter;
+import at.gv.egovernment.moa.id.config.auth.IOAAuthParameters;
import at.gv.egovernment.moa.id.util.FormBuildUtils;
import at.gv.egovernment.moa.util.MiscUtil;
@@ -153,7 +153,7 @@ public class GetIdentityLinkFormBuilder extends Builder {
String dataURL,
String certInfoXMLRequest,
String certInfoDataURL,
- String pushInfobox, OAAuthParameter oaParam,
+ String pushInfobox, IOAAuthParameters oaParam,
String appletheigth,
String appletwidth)
throws BuildException
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/LoginFormBuilder.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/LoginFormBuilder.java
index 4d80be1e8..54196427e 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/LoginFormBuilder.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/LoginFormBuilder.java
@@ -40,6 +40,7 @@ import at.gv.egovernment.moa.id.commons.db.ConfigurationDBRead;
import at.gv.egovernment.moa.id.commons.db.dao.config.CPEPS;
import at.gv.egovernment.moa.id.config.ConfigurationException;
import at.gv.egovernment.moa.id.config.auth.AuthConfigurationProvider;
+import at.gv.egovernment.moa.id.config.auth.IOAAuthParameters;
import at.gv.egovernment.moa.id.config.auth.OAAuthParameter;
import at.gv.egovernment.moa.id.protocols.saml1.SAML1Protocol;
import at.gv.egovernment.moa.id.util.FormBuildUtils;
@@ -105,9 +106,9 @@ public class LoginFormBuilder {
IOUtils.copy(input, writer);
template = writer.toString();
template = template.replace(AUTH_URL, SERVLET);
- template = template.replace(BKU_ONLINE, OAAuthParameter.ONLINEBKU);
- template = template.replace(BKU_HANDY, OAAuthParameter.HANDYBKU);
- template = template.replace(BKU_LOCAL, OAAuthParameter.LOCALBKU);
+ template = template.replace(BKU_ONLINE, IOAAuthParameters.ONLINEBKU);
+ template = template.replace(BKU_HANDY, IOAAuthParameters.HANDYBKU);
+ template = template.replace(BKU_LOCAL, IOAAuthParameters.LOCALBKU);
} catch (Exception e) {
Logger.error("Failed to read template", e);
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/data/AuthenticationSession.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/data/AuthenticationSession.java
index 4bae0300b..c5ba49b2e 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/data/AuthenticationSession.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/data/AuthenticationSession.java
@@ -203,10 +203,10 @@ public class AuthenticationSession implements Serializable {
*/
private List<ExtendedSAMLAttribute> extendedSAMLAttributesAUTH;
- /**
- * If infobox validators are needed after signing, they can be stored in this list.
- */
- private List infoboxValidators;
+// /**
+// * If infobox validators are needed after signing, they can be stored in this list.
+// */
+// private List infoboxValidators;
/**
* The register and number in the register parameter in case of a business service application.
@@ -347,7 +347,7 @@ public class AuthenticationSession implements Serializable {
public AuthenticationSession(String id) {
sessionID = id;
// setTimestampStart();
- infoboxValidators = new ArrayList();
+// infoboxValidators = new ArrayList();
}
public X509Certificate getSignerCertificate() {
@@ -712,15 +712,15 @@ public class AuthenticationSession implements Serializable {
this.issueInstant = issueInstant;
}
- /**
- * Returns the iterator to the stored infobox validators.
- *
- * @return Iterator
- */
- public Iterator getInfoboxValidatorIterator() {
- if (infoboxValidators == null) return null;
- return infoboxValidators.iterator();
- }
+// /**
+// * Returns the iterator to the stored infobox validators.
+// *
+// * @return Iterator
+// */
+// public Iterator getInfoboxValidatorIterator() {
+// if (infoboxValidators == null) return null;
+// return infoboxValidators.iterator();
+// }
// /**
// * Adds an infobox validator class to the stored infobox validators.
@@ -744,23 +744,23 @@ public class AuthenticationSession implements Serializable {
// return infoboxValidators.iterator();
// }
- /**
- * Tests for pending input events of the infobox validators.
- *
- * @return true if a validator has a form to show
- */
- public boolean isValidatorInputPending() {
- boolean result = false;
- Iterator iter = getInfoboxValidatorIterator();
- if (iter != null) {
- while (!result && iter.hasNext()) {
- Vector infoboxValidatorVector = (Vector) iter.next();
- InfoboxValidator infoboxvalidator = (InfoboxValidator) infoboxValidatorVector.get(2);
- if (!ParepUtils.isEmpty(infoboxvalidator.getForm())) result = true;
- }
- }
- return result;
- }
+// /**
+// * Tests for pending input events of the infobox validators.
+// *
+// * @return true if a validator has a form to show
+// */
+// public boolean isValidatorInputPending() {
+// boolean result = false;
+// Iterator iter = getInfoboxValidatorIterator();
+// if (iter != null) {
+// while (!result && iter.hasNext()) {
+// Vector infoboxValidatorVector = (Vector) iter.next();
+// InfoboxValidator infoboxvalidator = (InfoboxValidator) infoboxValidatorVector.get(2);
+// if (!ParepUtils.isEmpty(infoboxvalidator.getForm())) result = true;
+// }
+// }
+// return result;
+// }
// /**
// * Returns the first pending infobox validator.
@@ -956,20 +956,7 @@ public class AuthenticationSession implements Serializable {
public void setMISMandate(MISMandate mandate) {
this.mandate = mandate;
}
-
- public Element getMandate() {
- try {
- byte[] byteMandate = mandate.getMandate();
- String stringMandate = new String(byteMandate);
- return DOMUtils.parseDocument(stringMandate, false, null, null).getDocumentElement();
-
- }
- catch (Throwable e) {
- Logger.warn("Mandate content could not be generated from MISMandate.");
- return null;
- }
- }
-
+
/**
* @return the ssoRequested
*/
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/exception/BKUException.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/exception/BKUException.java
index f1d3b078e..9c2960c4c 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/exception/BKUException.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/exception/BKUException.java
@@ -29,16 +29,6 @@ public class BKUException extends MOAIDException {
private String bkuErrorCode;
private String bkuErrorMessage;
- public BKUException(String messageId, Object[] parameters) {
- super(messageId, parameters);
-
- }
-
-
- public BKUException(String messageId, Object[] parameters, Throwable wrapped) {
- super(messageId, parameters, wrapped);
- }
-
public BKUException(String messageId, Object[] parameters,
String bkuErrorCode, String bkuErrorMessage) {
super(messageId, parameters);
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/exception/DynamicOABuildException.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/exception/DynamicOABuildException.java
new file mode 100644
index 000000000..554cf7370
--- /dev/null
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/exception/DynamicOABuildException.java
@@ -0,0 +1,40 @@
+/*
+ * Copyright 2014 Federal Chancellery Austria
+ * MOA-ID has been developed in a cooperation between BRZ, the Federal
+ * Chancellery Austria - ICT staff unit, and Graz University of Technology.
+ *
+ * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by
+ * the European Commission - subsequent versions of the EUPL (the "Licence");
+ * You may not use this work except in compliance with the Licence.
+ * You may obtain a copy of the Licence at:
+ * http://www.osor.eu/eupl/
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the Licence is distributed on an "AS IS" basis,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the Licence for the specific language governing permissions and
+ * limitations under the Licence.
+ *
+ * This product combines work with different licenses. See the "NOTICE" text
+ * file for details on the various modules and licenses.
+ * The "NOTICE" text file is part of the distribution. Any derivative works
+ * that you distribute must include a readable copy of the "NOTICE" text file.
+ */
+package at.gv.egovernment.moa.id.auth.exception;
+
+/**
+ * @author tlenz
+ *
+ */
+public class DynamicOABuildException extends MOAIDException {
+
+
+ private static final long serialVersionUID = 3756862942519706809L;
+
+
+ public DynamicOABuildException(String messageId, Object[] parameters) {
+ super(messageId, parameters);
+ // TODO Auto-generated constructor stub
+ }
+
+}
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/exception/InvalidProtocolRequestException.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/exception/InvalidProtocolRequestException.java
new file mode 100644
index 000000000..4f68bbac0
--- /dev/null
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/exception/InvalidProtocolRequestException.java
@@ -0,0 +1,44 @@
+/*
+ * Copyright 2014 Federal Chancellery Austria
+ * MOA-ID has been developed in a cooperation between BRZ, the Federal
+ * Chancellery Austria - ICT staff unit, and Graz University of Technology.
+ *
+ * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by
+ * the European Commission - subsequent versions of the EUPL (the "Licence");
+ * You may not use this work except in compliance with the Licence.
+ * You may obtain a copy of the Licence at:
+ * http://www.osor.eu/eupl/
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the Licence is distributed on an "AS IS" basis,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the Licence for the specific language governing permissions and
+ * limitations under the Licence.
+ *
+ * This product combines work with different licenses. See the "NOTICE" text
+ * file for details on the various modules and licenses.
+ * The "NOTICE" text file is part of the distribution. Any derivative works
+ * that you distribute must include a readable copy of the "NOTICE" text file.
+ */
+package at.gv.egovernment.moa.id.auth.exception;
+
+/**
+ * @author tlenz
+ *
+ */
+public class InvalidProtocolRequestException extends MOAIDException {
+
+ /**
+ *
+ */
+ private static final long serialVersionUID = -7866198705324084601L;
+
+ /**
+ * @param messageId
+ * @param parameters
+ */
+ public InvalidProtocolRequestException(String messageId, Object[] parameters) {
+ super(messageId, parameters);
+ }
+
+}
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/exception/MISSimpleClientException.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/exception/MISSimpleClientException.java
index e26ab6597..c80cbea26 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/exception/MISSimpleClientException.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/exception/MISSimpleClientException.java
@@ -46,6 +46,7 @@
package at.gv.egovernment.moa.id.auth.exception;
+
public class MISSimpleClientException extends MOAIDException {
private static final long serialVersionUID = 1L;
@@ -59,22 +60,16 @@ public class MISSimpleClientException extends MOAIDException {
public MISSimpleClientException(String message) {
super(message, null);
- this.misErrorMessage = message;
}
public MISSimpleClientException(String message, String code, String text) {
- super(message, null);
+ super(message, new Object[] { code , text });
this.misErrorMessage = text;
this.misErrorCode = code;
}
- public MISSimpleClientException(Throwable cause) {
- super("UNDEFINED ERROR", null, cause);
- }
-
public MISSimpleClientException(String message, Throwable cause) {
super(message, null, cause);
- this.misErrorMessage = message;
}
/**
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/parser/IdentityLinkAssertionParser.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/parser/IdentityLinkAssertionParser.java
index ab4a91df9..e2802c1d2 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/parser/IdentityLinkAssertionParser.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/parser/IdentityLinkAssertionParser.java
@@ -241,7 +241,7 @@ public class IdentityLinkAssertionParser {
* @param xmlAssertion <code>&lt;saml:Assertion&gt;</code> as InputStream
* @throws ParseException on any parsing error
*/
- public IdentityLinkAssertionParser(InputStream xmlAssertion) throws Exception {
+ public IdentityLinkAssertionParser(InputStream xmlAssertion) throws ParseException {
try {
assertionElem = DOMUtils.parseXmlValidating(xmlAssertion);
}
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/AuthServlet.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/AuthServlet.java
index f6cd2b776..175aeeab7 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/AuthServlet.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/AuthServlet.java
@@ -75,6 +75,7 @@ import org.apache.commons.fileupload.servlet.ServletFileUpload;
import at.gv.egovernment.moa.id.advancedlogging.StatisticLogger;
import at.gv.egovernment.moa.id.auth.MOAIDAuthConstants;
import at.gv.egovernment.moa.id.auth.exception.AuthenticationException;
+import at.gv.egovernment.moa.id.auth.exception.MOAIDException;
import at.gv.egovernment.moa.id.auth.exception.WrongParametersException;
import at.gv.egovernment.moa.id.config.ConfigurationException;
import at.gv.egovernment.moa.id.entrypoints.DispatcherServlet;
@@ -193,6 +194,11 @@ public class AuthServlet extends HttpServlet implements MOAIDAuthConstants {
req.setAttribute("LogLevel", "debug");
}
+ if (!(exceptionThrown instanceof MOAIDException)) {
+ Logger.error("Receive an internal error: Message=" + exceptionThrown.getMessage(), exceptionThrown);
+
+ }
+
IExceptionStore store = DBExceptionStoreImpl.getStore();
String id = store.storeException(exceptionThrown);
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/GetForeignIDServlet.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/GetForeignIDServlet.java
index 17dd9e343..f11489dd2 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/GetForeignIDServlet.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/GetForeignIDServlet.java
@@ -208,7 +208,8 @@ public class GetForeignIDServlet extends AuthServlet {
if (null != response.getErrorResponse()){
// TODO fix exception parameter
- throw new SZRGWClientException(response.getErrorResponse().getErrorCode().toString(), null);
+ throw new SZRGWClientException("service.08", (String)response.getErrorResponse().getErrorCode(),
+ (String)response.getErrorResponse().getInfo());
}
else {
IdentityLinkAssertionParser ilParser = new IdentityLinkAssertionParser(new ByteArrayInputStream(response.getIdentityLink()));
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/GetMISSessionIDServlet.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/GetMISSessionIDServlet.java
index a776bbe9a..9e2e845b5 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/GetMISSessionIDServlet.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/GetMISSessionIDServlet.java
@@ -65,7 +65,6 @@ import at.gv.egovernment.moa.id.auth.MOAIDAuthConstants;
import at.gv.egovernment.moa.id.auth.builder.DataURLBuilder;
import at.gv.egovernment.moa.id.auth.data.AuthenticationSession;
import at.gv.egovernment.moa.id.auth.exception.AuthenticationException;
-import at.gv.egovernment.moa.id.auth.exception.MISSimpleClientException;
import at.gv.egovernment.moa.id.auth.exception.MOAIDException;
import at.gv.egovernment.moa.id.auth.exception.WrongParametersException;
import at.gv.egovernment.moa.id.commons.db.ConfigurationDBUtils;
@@ -190,13 +189,9 @@ public class GetMISSessionIDServlet extends AuthServlet {
List<MISMandate> list = MISSimpleClient.sendGetMandatesRequest(
connectionParameters.getUrl(), misSessionID, sslFactory);
- if (list == null) {
+ if (list == null || list.size() == 0) {
Logger.error("Keine Vollmacht gefunden.");
- throw new MISSimpleClientException("Keine Vollmacht gefunden");
- }
- if (list.size() == 0) {
- Logger.error("Keine Vollmacht gefunden.");
- throw new MISSimpleClientException("Keine Vollmacht gefunden");
+ throw new AuthenticationException("auth.15", null);
}
// for now: list contains only one element
@@ -205,7 +200,7 @@ public class GetMISSessionIDServlet extends AuthServlet {
String sMandate = new String(mandate.getMandate());
if (sMandate == null || sMandate.compareToIgnoreCase("") == 0) {
Logger.error("Mandate is empty.");
- throw new AuthenticationException("auth.16",
+ throw new AuthenticationException("auth.15",
new Object[] { GET_MIS_SESSIONID });
}
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/LogOutServlet.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/LogOutServlet.java
index fc4ec305d..9b300578a 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/LogOutServlet.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/LogOutServlet.java
@@ -53,7 +53,6 @@ import javax.servlet.ServletException;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
-import at.gv.egovernment.moa.id.auth.MOAIDAuthInitializer;
import at.gv.egovernment.moa.id.commons.db.ConfigurationDBRead;
import at.gv.egovernment.moa.id.commons.db.ConfigurationDBUtils;
import at.gv.egovernment.moa.id.commons.db.dao.config.OnlineApplication;
@@ -62,7 +61,6 @@ import at.gv.egovernment.moa.id.moduls.AuthenticationManager;
import at.gv.egovernment.moa.id.moduls.RequestStorage;
import at.gv.egovernment.moa.id.moduls.SSOManager;
import at.gv.egovernment.moa.id.storage.AuthenticationSessionStoreage;
-import at.gv.egovernment.moa.id.util.MOAIDMessageProvider;
import at.gv.egovernment.moa.logging.Logger;
import at.gv.egovernment.moa.util.MiscUtil;
@@ -101,13 +99,13 @@ public class LogOutServlet extends AuthServlet {
}
- if (ssomanager.isValidSSOSession(ssoid, req)) {
+ if (ssomanager.isValidSSOSession(ssoid, null)) {
//TODO: Single LogOut Implementation
//delete SSO session and MOA session
AuthenticationManager authmanager = AuthenticationManager.getInstance();
- String moasessionid = AuthenticationSessionStoreage.getMOASessionID(ssoid);
+ String moasessionid = AuthenticationSessionStoreage.getMOASessionSSOID(ssoid);
RequestStorage.removePendingRequest(AuthenticationSessionStoreage.getPendingRequestID(moasessionid));
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/RedirectServlet.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/RedirectServlet.java
index 00acdc540..57755ca9f 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/RedirectServlet.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/RedirectServlet.java
@@ -33,6 +33,7 @@ import at.gv.egovernment.moa.id.auth.builder.RedirectFormBuilder;
import at.gv.egovernment.moa.id.commons.db.ConfigurationDBRead;
import at.gv.egovernment.moa.id.commons.db.ConfigurationDBUtils;
import at.gv.egovernment.moa.id.commons.db.dao.config.OnlineApplication;
+import at.gv.egovernment.moa.id.moduls.SSOManager;
import at.gv.egovernment.moa.logging.Logger;
import at.gv.egovernment.moa.util.MiscUtil;
import at.gv.egovernment.moa.util.URLEncoder;
@@ -53,8 +54,10 @@ public class RedirectServlet extends AuthServlet{
String url = req.getParameter(REDIRCT_PARAM_URL);
String target = req.getParameter(PARAM_TARGET);
String artifact = req.getParameter(PARAM_SAMLARTIFACT);
+ String interIDP = req.getParameter(INTERFEDERATION_IDP);
- if (MiscUtil.isEmpty(artifact)) {
+
+ if (MiscUtil.isEmpty(artifact) && MiscUtil.isEmpty(interIDP)) {
resp.sendError(HttpServletResponse.SC_FORBIDDEN, "Parameters not valid");
return;
}
@@ -68,14 +71,57 @@ public class RedirectServlet extends AuthServlet{
resp.sendError(HttpServletResponse.SC_FORBIDDEN, "Parameters not valid");
return;
- } else {
- try {
- String test = oa.getAuthComponentOA().getTemplates().getBKUSelectionCustomization().getAppletRedirectTarget();
- if (MiscUtil.isNotEmpty(test))
- redirectTarget = test;
+ } else {
+ //Redirect is a SAML1 send Artifact redirct
+ if (MiscUtil.isNotEmpty(artifact)) {
+ try {
+ String test = oa.getAuthComponentOA().getTemplates().getBKUSelectionCustomization().getAppletRedirectTarget();
+ if (MiscUtil.isNotEmpty(test))
+ redirectTarget = test;
+
+ } catch (Exception e) {
+ Logger.debug("Use default redirectTarget.");
+ }
+
+ Logger.info("Redirect to " + url);
+
+ if (MiscUtil.isNotEmpty(target)) {
+// redirectURL = addURLParameter(redirectURL, PARAM_TARGET,
+// URLEncoder.encode(session.getTarget(), "UTF-8"));
+ url = addURLParameter(url, PARAM_TARGET,
+ URLEncoder.encode(target, "UTF-8"));
+
+
+ }
+ url = addURLParameter(url, PARAM_SAMLARTIFACT,
+ URLEncoder.encode(artifact, "UTF-8"));
+ url = resp.encodeRedirectURL(url);
+
+ String redirect_form = RedirectFormBuilder.buildLoginForm(url, redirectTarget);
+
+ resp.setContentType("text/html;charset=UTF-8");
+ resp.setStatus(HttpServletResponse.SC_OK);
+ PrintWriter out = new PrintWriter(resp.getOutputStream());
+ out.write(redirect_form);
+ out.flush();
+
+ } else if (MiscUtil.isNotEmpty(interIDP)) {
+ //store IDP identifier and redirect to generate AuthRequst service
+ Logger.info("Receive an interfederation redirect request for IDP " + interIDP);
+ SSOManager sso = SSOManager.getInstance();
+ sso.setInterfederationIDPCookie(req, resp, interIDP);
+
+ Logger.debug("Redirect to " + url);
+ url = resp.encodeRedirectURL(url);
+ resp.setContentType("text/html");
+ resp.setStatus(HttpServletResponse.SC_FOUND);
+ resp.addHeader("Location", url);
+
+
+ } else {
+ resp.sendError(HttpServletResponse.SC_FORBIDDEN, "Parameters not valid");
+ return;
- } catch (Exception e) {
- Logger.debug("Use default redirectTarget.");
}
}
@@ -88,29 +134,6 @@ public class RedirectServlet extends AuthServlet{
ConfigurationDBUtils.closeSession();
}
-
- Logger.info("Redirect to " + url);
-
- if (MiscUtil.isNotEmpty(target)) {
-// redirectURL = addURLParameter(redirectURL, PARAM_TARGET,
-// URLEncoder.encode(session.getTarget(), "UTF-8"));
- url = addURLParameter(url, PARAM_TARGET,
- URLEncoder.encode(target, "UTF-8"));
-
-
- }
- url = addURLParameter(url, PARAM_SAMLARTIFACT,
- URLEncoder.encode(artifact, "UTF-8"));
- url = resp.encodeRedirectURL(url);
-
- String redirect_form = RedirectFormBuilder.buildLoginForm(url, redirectTarget);
-
- resp.setContentType("text/html;charset=UTF-8");
- PrintWriter out = new PrintWriter(resp.getOutputStream());
- out.write(redirect_form);
- out.flush();
-
-
}
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/SSOSendAssertionServlet.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/SSOSendAssertionServlet.java
index 997241822..495c4ca5b 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/SSOSendAssertionServlet.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/SSOSendAssertionServlet.java
@@ -108,7 +108,7 @@ public class SSOSendAssertionServlet extends AuthServlet{
}
}
- boolean isValidSSOSession = ssomanager.isValidSSOSession(ssoId, req);
+ boolean isValidSSOSession = ssomanager.isValidSSOSession(ssoId, null);
String moaSessionID = null;
@@ -124,7 +124,7 @@ public class SSOSendAssertionServlet extends AuthServlet{
}
if (valueString.compareToIgnoreCase("true") == 0) {
- moaSessionID = AuthenticationSessionStoreage.getMOASessionID(ssoId);
+ moaSessionID = AuthenticationSessionStoreage.getMOASessionSSOID(ssoId);
AuthenticationSession moasession = AuthenticationSessionStoreage.getSession(moaSessionID);
AuthenticationSessionStoreage.setAuthenticated(moaSessionID, true);
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/VerifyAuthenticationBlockServlet.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/VerifyAuthenticationBlockServlet.java
index 787dc6f10..98edf1fe4 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/VerifyAuthenticationBlockServlet.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/VerifyAuthenticationBlockServlet.java
@@ -227,7 +227,7 @@ public class VerifyAuthenticationBlockServlet extends AuthServlet {
if (profiles == null) {
Logger.error("No Mandate/Profile for OA configured.");
- throw new AuthenticationException("auth.16", new Object[] { GET_MIS_SESSIONID});
+ throw new AuthenticationException("config.21", new Object[] { GET_MIS_SESSIONID});
}
// String profilesArray[] = profiles.split(",");
@@ -238,6 +238,7 @@ public class VerifyAuthenticationBlockServlet extends AuthServlet {
String oaFriendlyName = oaParam.getFriendlyName();
String mandateReferenceValue = session.getMandateReferenceValue();
byte[] cert = session.getEncodedSignerCertificate();
+ byte[] authBlock = session.getAuthBlock().getBytes();
//TODO: check in case of SSO!!!
String targetType = null;
@@ -252,7 +253,17 @@ public class VerifyAuthenticationBlockServlet extends AuthServlet {
targetType = AuthenticationSession.TARGET_PREFIX_ + oaParam.getTarget();
}
- MISSessionId misSessionID = MISSimpleClient.sendSessionIdRequest(connectionParameters.getUrl(), idl, cert, oaFriendlyName, redirectURL, mandateReferenceValue, profiles, targetType, sslFactory);
+ MISSessionId misSessionID = MISSimpleClient.sendSessionIdRequest(
+ connectionParameters.getUrl(),
+ idl,
+ cert,
+ oaFriendlyName,
+ redirectURL,
+ mandateReferenceValue,
+ profiles,
+ targetType,
+ authBlock,
+ sslFactory);
if (misSessionID == null) {
Logger.error("Fehler bei Anfrage an Vollmachten Service. MIS Session ID ist null.");
@@ -323,78 +334,5 @@ public class VerifyAuthenticationBlockServlet extends AuthServlet {
}
}
-
- /**
- * Calls the MIS Service
- * @param session
- * @throws IOException
- */
-// private void callMISService(AuthenticationSession session, HttpServletRequest req, HttpServletResponse resp) throws IOException {
-//
-// try {
-// AuthConfigurationProvider authConf= AuthConfigurationProvider.getInstance();
-// ConnectionParameter connectionParameters = authConf.getOnlineMandatesConnectionParameter();
-// SSLSocketFactory sslFactory = SSLUtils.getSSLSocketFactory(AuthConfigurationProvider.getInstance(), connectionParameters);
-//
-// // get identitity link as byte[]
-// Element elem = session.getIdentityLink().getSamlAssertion();
-// String s = DOMUtils.serializeNode(elem);
-//
-// System.out.println("IDL: " + s);
-//
-// byte[] idl = s.getBytes();
-//
-// // redirect url
-// // build redirect(to the GetMISSessionIdSerlvet)
-// String redirectURL =
-// new DataURLBuilder().buildDataURL(
-// session.getAuthURL(),
-// GET_MIS_SESSIONID,
-// session.getSessionID());
-//
-// String oaURL = session.getOAURLRequested();
-// OAAuthParameter oaParam = authConf.getOnlineApplicationParameter(oaURL);
-// String profiles = oaParam.getMandateProfiles();
-//
-// if (profiles == null) {
-// Logger.error("No Mandate/Profile for OA configured.");
-// throw new AuthenticationException("auth.16", new Object[] { GET_MIS_SESSIONID});
-// }
-//
-// String profilesArray[] = profiles.split(",");
-// for(int i = 0; i < profilesArray.length; i++) {
-// profilesArray[i] = profilesArray[i].trim();
-// }
-//
-// String oaFriendlyName = oaParam.getFriendlyName();
-// String mandateReferenceValue = session.getMandateReferenceValue();
-// X509Certificate cert = session.getSignerCertificate();
-// MISSessionId misSessionID = MISSimpleClient.sendSessionIdRequest(connectionParameters.getUrl(), idl, cert.getEncoded(), oaFriendlyName, redirectURL, mandateReferenceValue, profilesArray, sslFactory);
-// String redirectMISGUI = misSessionID.getRedirectURL();
-//
-// if (misSessionID == null) {
-// Logger.error("Fehler bei Anfrage an Vollmachten Service. MIS Session ID ist null.");
-// throw new MISSimpleClientException("Fehler bei Anfrage an Vollmachten Service.");
-// }
-//
-// session.setMISSessionID(misSessionID.getSessiondId());
-//
-// resp.setStatus(302);
-// resp.addHeader("Location", redirectMISGUI);
-// Logger.debug("REDIRECT TO: " + redirectURL);
-// }
-// catch (MOAIDException ex) {
-// handleError(null, ex, req, resp);
-// } catch (GeneralSecurityException ex) {
-// handleError(null, ex, req, resp);
-// } catch (PKIException e) {
-// handleError(null, e, req, resp);
-// } catch (MISSimpleClientException e) {
-// handleError(null, e, req, resp);
-// } catch (TransformerException e) {
-// handleError(null, e, req, resp);
-// }
-// }
-
}
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/stork/STORKResponseProcessor.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/stork/STORKResponseProcessor.java
index c3b45f165..2c8b44404 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/stork/STORKResponseProcessor.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/stork/STORKResponseProcessor.java
@@ -53,6 +53,7 @@ import at.gv.egovernment.moa.id.auth.AuthenticationServer;
import at.gv.egovernment.moa.id.auth.data.ExtendedSAMLAttribute;
import at.gv.egovernment.moa.id.auth.data.ExtendedSAMLAttributeImpl;
import at.gv.egovernment.moa.id.auth.data.IdentityLink;
+import at.gv.egovernment.moa.id.auth.exception.MOAIDException;
import at.gv.egovernment.moa.id.auth.exception.ParseException;
import at.gv.egovernment.moa.id.auth.parser.IdentityLinkAssertionParser;
import at.gv.egovernment.moa.id.client.SZRGWClientException;
@@ -124,8 +125,9 @@ public class STORKResponseProcessor {
* @param filters the filters
* @return Identity Link
* @throws STORKException the sTORK exception
+ * @throws MOAIDException
*/
- public static IdentityLink connectToSZRGateway(IPersonalAttributeList attributeList, String oaFriendlyName, String targetType, String targetValue, List<String> filters) throws STORKException {
+ public static IdentityLink connectToSZRGateway(IPersonalAttributeList attributeList, String oaFriendlyName, String targetType, String targetValue, List<String> filters) throws STORKException, MOAIDException {
Logger.trace("Calling SZR Gateway with the following attributes:");
CreateIdentityLinkResponse identityLinkResponse = null;
@@ -209,8 +211,8 @@ public class STORKResponseProcessor {
}
if (null != identityLinkResponse.getErrorResponse()){
- // TODO fix exception parameter
- throw new SZRGWClientException(identityLinkResponse.getErrorResponse().getErrorCode().toString(), null);
+ throw new SZRGWClientException("service.08", (String)identityLinkResponse.getErrorResponse().getErrorCode(),
+ (String)identityLinkResponse.getErrorResponse().getInfo());
}
else {
IdentityLinkAssertionParser ilParser = new IdentityLinkAssertionParser(new ByteArrayInputStream(identityLinkResponse.getIdentityLink()));
@@ -223,19 +225,13 @@ public class STORKResponseProcessor {
// }
}
- } catch (SZRGWClientException e) {
- Logger.error("Error connecting SZR-Gateway: ", e);
- throw new STORKException("Error connecting SZR-Gateway: ", e);
+
} catch (ParseException e) {
Logger.error("Error parsing IdentityLink received from SZR-Gateway: ", e);
- throw new STORKException("Error parsing IdentityLink received from SZR-Gateway: ", e);
- } catch(STORKException e) {
- throw e;
- } catch (Exception e) {
- // TODO Auto-generated catch block
- e.printStackTrace();
- }
-
+ throw new MOAIDException("auth.25", null, e);
+
+ }
+
return identityLink;
}
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/validator/CreateXMLSignatureResponseValidator.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/validator/CreateXMLSignatureResponseValidator.java
index b2c47fac0..762d9af2c 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/validator/CreateXMLSignatureResponseValidator.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/validator/CreateXMLSignatureResponseValidator.java
@@ -299,7 +299,7 @@ public class CreateXMLSignatureResponseValidator {
}
- String specialText = AuthenticationBlockAssertionBuilder.generateSpecialText(text, issuer, issueInstant);
+ String specialText = AuthenticationBlockAssertionBuilder.generateSpecialText(text, issuer, identityLink.getDateOfBirth(), issueInstant);
if (!samlSpecialText.equals(specialText)) {
throw new ValidateException("validator.67", new Object[] {samlSpecialText, specialText});
}
@@ -528,7 +528,7 @@ public class CreateXMLSignatureResponseValidator {
}
- String specialText = AuthenticationBlockAssertionBuilder.generateSpecialText(text, issuer, issueInstant);
+ String specialText = AuthenticationBlockAssertionBuilder.generateSpecialText(text, issuer, identityLink.getDateOfBirth(), issueInstant);
if (!samlSpecialText.equals(specialText)) {
throw new ValidateException("validator.67", new Object[] {samlSpecialText, specialText});
}
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/validator/VerifyXMLSignatureResponseValidator.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/validator/VerifyXMLSignatureResponseValidator.java
index b69fdd9ab..4fd7fa965 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/validator/VerifyXMLSignatureResponseValidator.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/validator/VerifyXMLSignatureResponseValidator.java
@@ -229,10 +229,17 @@ public class VerifyXMLSignatureResponseValidator {
if(ecdsakey.equals(ecdsaPubKeySignature))
found = true;
}
+
+// Logger.debug("IDL-Pubkey=" + idl.getPublicKey()[i].getClass().getName()
+// + " Resp-Pubkey=" + pubKeySignature.getClass().getName());
+
}
- if (!found)
+ if (!found) {
+
throw new ValidateException("validator.09", null);
+
+ }
}
}
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/validator/parep/ParepUtils.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/validator/parep/ParepUtils.java
index 5483b865e..0e2251f21 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/validator/parep/ParepUtils.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/validator/parep/ParepUtils.java
@@ -113,27 +113,27 @@ public class ParepUtils {
}
}
- /*
- *
- */
- public static String extractRepresentativeID(Element mandate) throws ValidateException {
- try {
- Element nameSpaceNode = mandate.getOwnerDocument().createElement("NameSpaceNode");
- nameSpaceNode.setAttribute("xmlns:md", SZRGWConstants.MANDATE_NS);
- Node resultNode = XPathAPI.selectSingleNode(mandate, "//md:Mandate/attribute::MandateID", nameSpaceNode);
- if (resultNode != null) {
- // because following line is not ready for JDK 1.4.x we need to get the childnode;
- // return resultNode.getTextContent();
- Node textNode = resultNode.getFirstChild();
- if (textNode != null) {
- return textNode.getNodeValue();
- }
- }
- return null;
- } catch (Exception e) {
- throw new ValidateException("validator.62", null);
- }
- }
+// /*
+// *
+// */
+// public static String extractRepresentativeID(Element mandate) throws ValidateException {
+// try {
+// Element nameSpaceNode = mandate.getOwnerDocument().createElement("NameSpaceNode");
+// nameSpaceNode.setAttribute("xmlns:md", SZRGWConstants.MANDATE_NS);
+// Node resultNode = XPathAPI.selectSingleNode(mandate, "//md:Mandate/attribute::MandateID", nameSpaceNode);
+// if (resultNode != null) {
+// // because following line is not ready for JDK 1.4.x we need to get the childnode;
+// // return resultNode.getTextContent();
+// Node textNode = resultNode.getFirstChild();
+// if (textNode != null) {
+// return textNode.getNodeValue();
+// }
+// }
+// return null;
+// } catch (Exception e) {
+// throw new ValidateException("validator.62", null);
+// }
+// }
/**
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/client/SZRGWClient.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/client/SZRGWClient.java
index a9f41819d..c675885c9 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/client/SZRGWClient.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/client/SZRGWClient.java
@@ -69,7 +69,7 @@ public class SZRGWClient {
if (serviceUrl.toLowerCase().startsWith("https")) {
Logger.trace("Using ssl for SZRGW client request.");
if (sslContext == null) {
- throw new SZRGWClientException("SSL context from configuration is empty. Please configure an SSL context in the configuration first.", null);
+ throw new SZRGWClientException();
}
requestContext.put(JAXWSProperties.SSL_SOCKET_FACTORY, sslContext);
@@ -95,7 +95,7 @@ public class SZRGWClient {
} catch (Exception e) {
Logger.warn("SZRGW Client initialization FAILED.", e);
- throw new SZRGWClientException("SZRGW Client initialization FAILED.", null);
+ throw new SZRGWClientException();
}
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/client/SZRGWClientException.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/client/SZRGWClientException.java
index d15ded8a8..2038e3f18 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/client/SZRGWClientException.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/client/SZRGWClientException.java
@@ -28,12 +28,47 @@ public class SZRGWClientException extends MOAIDException{
private static final long serialVersionUID = 1L;
+ private String szrErrorCode = null;
+ private String szrErrorMessage = null;
+
public SZRGWClientException(String messageId, Object[] parameters) {
super(messageId, parameters);
}
- public SZRGWClientException(SZRGWClientException e1) {
- super("", null, e1);
+ public SZRGWClientException(String messageId) {
+ super(messageId, null);
+ }
+
+ public SZRGWClientException(String messageId, Throwable e1) {
+ super(messageId, null, e1);
+ }
+
+ public SZRGWClientException(String messageId, String szrErrorCode, String szrErrorMessage) {
+ super(messageId, null);
+ this.szrErrorCode = szrErrorCode;
+ this.szrErrorMessage = szrErrorMessage;
+ }
+
+ /**
+ *
+ */
+ public SZRGWClientException() {
+ super("service.09", null);
+ }
+
+ /**
+ * @return the szrErrorCode
+ */
+ public String getSzrErrorCode() {
+ return szrErrorCode;
+ }
+
+ /**
+ * @return the szrErrorMessage
+ */
+ public String getSzrErrorMessage() {
+ return szrErrorMessage;
}
+
}
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/ConfigurationProvider.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/ConfigurationProvider.java
index dc5ec430e..88ed7885f 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/ConfigurationProvider.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/ConfigurationProvider.java
@@ -135,23 +135,11 @@ public class ConfigurationProvider {
return rootConfigFileDir;
}
- /**
- * Return the chaining mode for a given trust anchor.
- *
- * @param trustAnchor The trust anchor for which the chaining mode should be
- * returned.
- * @return The chaining mode for the given trust anchor. If the trust anchor
- * has not been configured separately, the system default will be returned.
- */
- public String getChainingMode(X509Certificate trustAnchor) {
- Principal issuer = trustAnchor.getIssuerDN();
- BigInteger serial = trustAnchor.getSerialNumber();
- IssuerAndSerial issuerAndSerial = new IssuerAndSerial(issuer, serial);
-
- String mode = (String) chainingModes.get(issuerAndSerial);
- return mode != null ? mode : defaultChainingMode;
+ public String getDefaultChainingMode() {
+ return defaultChainingMode;
}
-
+
+
/**
* Returns the trustedCACertificates.
* @return String
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/OAParameter.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/OAParameter.java
index 31b88263b..b2bcd443f 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/OAParameter.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/OAParameter.java
@@ -68,6 +68,7 @@ public class OAParameter {
this.oAuth20Config = oa.getAuthComponentOA().getOAOAUTH20();
+ this.isInderfederationIDP = oa.isIsInterfederationIDP();
}
@@ -104,6 +105,8 @@ public class OAParameter {
private boolean removePBKFromAuthblock;
+ private Boolean isInderfederationIDP;
+
/**
* Contains the oAuth 2.0 configuration (client id, secret and redirect uri)
*/
@@ -141,4 +144,16 @@ public class OAParameter {
return oAuth20Config;
}
+ /**
+ * @return the isInderfederationIDP
+ */
+ public boolean isInderfederationIDP() {
+ if (isInderfederationIDP == null)
+ return false;
+
+ return isInderfederationIDP;
+ }
+
+
+
}
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/auth/AuthConfigurationProvider.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/auth/AuthConfigurationProvider.java
index 8b5c8d796..dca0958f3 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/auth/AuthConfigurationProvider.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/auth/AuthConfigurationProvider.java
@@ -63,7 +63,6 @@ import javax.xml.bind.JAXBContext;
import javax.xml.bind.Unmarshaller;
import org.hibernate.cfg.Configuration;
-import org.opensaml.DefaultBootstrap;
import at.gv.egovernment.moa.id.auth.AuthenticationServer;
import at.gv.egovernment.moa.id.auth.MOAIDAuthConstants;
@@ -96,6 +95,7 @@ import at.gv.egovernment.moa.id.commons.db.dao.config.VerifyIdentityLink;
import at.gv.egovernment.moa.id.commons.db.dao.session.AssertionStore;
import at.gv.egovernment.moa.id.commons.db.dao.session.AuthenticatedSessionStore;
import at.gv.egovernment.moa.id.commons.db.dao.session.ExceptionStore;
+import at.gv.egovernment.moa.id.commons.db.dao.session.InterfederationSessionStore;
import at.gv.egovernment.moa.id.commons.db.dao.session.OASessionStore;
import at.gv.egovernment.moa.id.commons.db.dao.session.OldSSOSessionIDStore;
import at.gv.egovernment.moa.id.commons.db.dao.statistic.StatisticLog;
@@ -339,6 +339,7 @@ public class AuthConfigurationProvider extends ConfigurationProvider {
config.addAnnotatedClass(OASessionStore.class);
config.addAnnotatedClass(OldSSOSessionIDStore.class);
config.addAnnotatedClass(ExceptionStore.class);
+ config.addAnnotatedClass(InterfederationSessionStore.class);
config.addProperties(moaSessionProp);
MOASessionDBUtils.initHibernate(config, moaSessionProp);
@@ -695,17 +696,17 @@ public class AuthConfigurationProvider extends ConfigurationProvider {
Logger.warn("Error in MOA-ID Configuration. No SLRequestTemplates found");
throw new ConfigurationException("config.02", null);
} else {
- SLRequestTemplates.put(OAAuthParameter.ONLINEBKU, templ.getOnlineBKU());
- SLRequestTemplates.put(OAAuthParameter.LOCALBKU, templ.getLocalBKU());
- SLRequestTemplates.put(OAAuthParameter.HANDYBKU, templ.getHandyBKU());
+ SLRequestTemplates.put(IOAAuthParameters.ONLINEBKU, templ.getOnlineBKU());
+ SLRequestTemplates.put(IOAAuthParameters.LOCALBKU, templ.getLocalBKU());
+ SLRequestTemplates.put(IOAAuthParameters.HANDYBKU, templ.getHandyBKU());
}
//set Default BKU URLS
DefaultBKUs bkuuls = moaidconfig.getDefaultBKUs();
if (bkuuls != null) {
- DefaultBKUURLs.put(OAAuthParameter.ONLINEBKU, bkuuls.getOnlineBKU());
- DefaultBKUURLs.put(OAAuthParameter.LOCALBKU, bkuuls.getLocalBKU());
- DefaultBKUURLs.put(OAAuthParameter.HANDYBKU, bkuuls.getHandyBKU());
+ DefaultBKUURLs.put(IOAAuthParameters.ONLINEBKU, bkuuls.getOnlineBKU());
+ DefaultBKUURLs.put(IOAAuthParameters.LOCALBKU, bkuuls.getLocalBKU());
+ DefaultBKUURLs.put(IOAAuthParameters.HANDYBKU, bkuuls.getHandyBKU());
}
//set SSO Config
@@ -884,7 +885,7 @@ public class AuthConfigurationProvider extends ConfigurationProvider {
return el;
else {
Logger.warn("getSLRequestTemplates: BKU Type does not match: "
- + OAAuthParameter.ONLINEBKU + " or " + OAAuthParameter.HANDYBKU + " or " + OAAuthParameter.LOCALBKU);
+ + IOAAuthParameters.ONLINEBKU + " or " + IOAAuthParameters.HANDYBKU + " or " + IOAAuthParameters.LOCALBKU);
return null;
}
}
@@ -899,7 +900,7 @@ public class AuthConfigurationProvider extends ConfigurationProvider {
return el;
else {
Logger.warn("getSLRequestTemplates: BKU Type does not match: "
- + OAAuthParameter.ONLINEBKU + " or " + OAAuthParameter.HANDYBKU + " or " + OAAuthParameter.LOCALBKU);
+ + IOAAuthParameters.ONLINEBKU + " or " + IOAAuthParameters.HANDYBKU + " or " + IOAAuthParameters.LOCALBKU);
return null;
}
}
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/auth/IOAAuthParameters.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/auth/IOAAuthParameters.java
new file mode 100644
index 000000000..a59cc10e0
--- /dev/null
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/auth/IOAAuthParameters.java
@@ -0,0 +1,148 @@
+/*
+ * Copyright 2014 Federal Chancellery Austria
+ * MOA-ID has been developed in a cooperation between BRZ, the Federal
+ * Chancellery Austria - ICT staff unit, and Graz University of Technology.
+ *
+ * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by
+ * the European Commission - subsequent versions of the EUPL (the "Licence");
+ * You may not use this work except in compliance with the Licence.
+ * You may obtain a copy of the Licence at:
+ * http://www.osor.eu/eupl/
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the Licence is distributed on an "AS IS" basis,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the Licence for the specific language governing permissions and
+ * limitations under the Licence.
+ *
+ * This product combines work with different licenses. See the "NOTICE" text
+ * file for details on the various modules and licenses.
+ * The "NOTICE" text file is part of the distribution. Any derivative works
+ * that you distribute must include a readable copy of the "NOTICE" text file.
+ */
+package at.gv.egovernment.moa.id.config.auth;
+
+import java.util.List;
+import java.util.Map;
+
+import at.gv.egovernment.moa.id.commons.db.dao.config.AttributeProviderPlugin;
+import at.gv.egovernment.moa.id.commons.db.dao.config.CPEPS;
+import at.gv.egovernment.moa.id.commons.db.dao.config.OAPVP2;
+import at.gv.egovernment.moa.id.commons.db.dao.config.OASAML1;
+import at.gv.egovernment.moa.id.commons.db.dao.config.OAStorkAttribute;
+import at.gv.egovernment.moa.id.commons.db.dao.config.TemplateType;
+
+/**
+ * @author tlenz
+ *
+ */
+public interface IOAAuthParameters {
+
+ public static final String ONLINEBKU = "online";
+ public static final String HANDYBKU = "handy";
+ public static final String LOCALBKU = "local";
+ public static final String INDERFEDERATEDIDP = "interfederated";
+
+
+ public String getPublicURLPrefix();
+
+ public boolean getBusinessService();
+
+ public String getTarget();
+
+ public boolean isInderfederationIDP();
+
+ /**
+ * @return the identityLinkDomainIdentifier
+ */
+ public String getIdentityLinkDomainIdentifier();
+
+ /**
+ * @return the keyBoxIdentifier
+ */
+ public String getKeyBoxIdentifier();
+
+ /**
+ * @return the transformsInfos
+ */
+ public List<String> getTransformsInfos();
+
+ public OASAML1 getSAML1Parameter();
+
+ public OAPVP2 getPVP2Parameter();
+
+ /**
+ * @return the templateURL
+ */
+ public List<TemplateType> getTemplateURL();
+
+ public String getAditionalAuthBlockText();
+
+ public String getBKUURL(String bkutype);
+
+ public List<String> getBKUURL();
+
+ public boolean useSSO();
+
+ public boolean useSSOQuestion();
+
+ public String getSingleLogOutURL();
+
+ /**
+ * @return the mandateProfiles
+ */
+ public List<String> getMandateProfiles();
+
+ /**
+ * @return the identityLinkDomainIdentifierType
+ */
+ public String getIdentityLinkDomainIdentifierType();
+
+ public boolean isShowMandateCheckBox();
+
+ public boolean isOnlyMandateAllowed();
+
+ /**
+ * Shall we show the stork login in the bku selection frontend?
+ *
+ * @return true, if is we should show stork login
+ */
+ public boolean isShowStorkLogin();
+
+ public Map<String, String> getFormCustomizaten();
+
+ public Integer getQaaLevel();
+
+ /**
+ * @return the requestedAttributes
+ */
+ public List<OAStorkAttribute> getRequestedAttributes();
+
+ public boolean isRequireConsentForStorkAttributes();
+
+ public List<AttributeProviderPlugin> getStorkAPs();
+
+ public byte[] getBKUSelectionTemplate();
+
+ public byte[] getSendAssertionTemplate();
+
+ public List<CPEPS> getPepsList();
+
+ public String getIDPAttributQueryServiceURL();
+
+ /**
+ * @return
+ */
+ boolean isInboundSSOInterfederationAllowed();
+
+ /**
+ * @return
+ */
+ boolean isInterfederationSSOStorageAllowed();
+
+ /**
+ * @return
+ */
+ boolean isOutboundSSOInterfederationAllowed();
+
+} \ No newline at end of file
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/auth/OAAuthParameter.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/auth/OAAuthParameter.java
index 492770aad..7fc5746ee 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/auth/OAAuthParameter.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/auth/OAAuthParameter.java
@@ -57,6 +57,7 @@ import at.gv.egovernment.moa.id.commons.db.dao.config.BKUSelectionCustomizationT
import at.gv.egovernment.moa.id.commons.db.dao.config.BKUURLS;
import at.gv.egovernment.moa.id.commons.db.dao.config.CPEPS;
import at.gv.egovernment.moa.id.commons.db.dao.config.IdentificationNumber;
+import at.gv.egovernment.moa.id.commons.db.dao.config.InterfederationIDPType;
import at.gv.egovernment.moa.id.commons.db.dao.config.Mandates;
import at.gv.egovernment.moa.id.commons.db.dao.config.MandatesProfileNameItem;
import at.gv.egovernment.moa.id.commons.db.dao.config.OAPVP2;
@@ -85,13 +86,11 @@ import at.gv.egovernment.moa.util.MiscUtil;
*
* @author Harald Bratko
*/
-public class OAAuthParameter extends OAParameter {
+public class OAAuthParameter extends OAParameter implements IOAAuthParameters {
- public static final String ONLINEBKU = "online";
- public static final String HANDYBKU = "handy";
- public static final String LOCALBKU = "local";
-
private AuthComponentOA oa_auth;
+ private String keyBoxIdentifier;
+ private InterfederationIDPType inderfederatedIDP = null;
public OAAuthParameter(OnlineApplication oa) {
super(oa);
@@ -99,13 +98,15 @@ public class OAAuthParameter extends OAParameter {
this.oa_auth = oa.getAuthComponentOA();
this.keyBoxIdentifier = oa.getKeyBoxIdentifier().value();
-}
+
+ this.inderfederatedIDP = oa.getInterfederationIDP();
+ }
- private String keyBoxIdentifier;
-/**
- * @return the identityLinkDomainIdentifier
+/* (non-Javadoc)
+ * @see at.gv.egovernment.moa.id.config.auth.IOAAuthParameters#getIdentityLinkDomainIdentifier()
*/
+@Override
public String getIdentityLinkDomainIdentifier() {
IdentificationNumber idnumber = oa_auth.getIdentificationNumber();
@@ -115,34 +116,45 @@ public String getIdentityLinkDomainIdentifier() {
return null;
}
-/**
- * @return the keyBoxIdentifier
+/* (non-Javadoc)
+ * @see at.gv.egovernment.moa.id.config.auth.IOAAuthParameters#getKeyBoxIdentifier()
*/
+@Override
public String getKeyBoxIdentifier() {
return keyBoxIdentifier;
}
-/**
- * @return the transformsInfos
+/* (non-Javadoc)
+ * @see at.gv.egovernment.moa.id.config.auth.IOAAuthParameters#getTransformsInfos()
*/
+@Override
public List<String> getTransformsInfos() {
List<TransformsInfoType> transformations = oa_auth.getTransformsInfo();
return ConfigurationUtils.getTransformInfos(transformations);
}
+ /* (non-Javadoc)
+ * @see at.gv.egovernment.moa.id.config.auth.IOAAuthParameters#getSAML1Parameter()
+ */
+ @Override
public OASAML1 getSAML1Parameter() {
return oa_auth.getOASAML1();
}
+ /* (non-Javadoc)
+ * @see at.gv.egovernment.moa.id.config.auth.IOAAuthParameters#getPVP2Parameter()
+ */
+ @Override
public OAPVP2 getPVP2Parameter() {
return oa_auth.getOAPVP2();
}
- /**
- * @return the templateURL
+ /* (non-Javadoc)
+ * @see at.gv.egovernment.moa.id.config.auth.IOAAuthParameters#getTemplateURL()
*/
+ @Override
public List<TemplateType> getTemplateURL() {
TemplatesType templates = oa_auth.getTemplates();
@@ -154,6 +166,10 @@ public List<String> getTransformsInfos() {
return null;
}
+ /* (non-Javadoc)
+ * @see at.gv.egovernment.moa.id.config.auth.IOAAuthParameters#getAditionalAuthBlockText()
+ */
+ @Override
public String getAditionalAuthBlockText() {
TemplatesType templates = oa_auth.getTemplates();
@@ -163,6 +179,10 @@ public List<String> getTransformsInfos() {
return null;
}
+ /* (non-Javadoc)
+ * @see at.gv.egovernment.moa.id.config.auth.IOAAuthParameters#getBKUURL(java.lang.String)
+ */
+ @Override
public String getBKUURL(String bkutype) {
BKUURLS bkuurls = oa_auth.getBKUURLS();
if (bkuurls != null) {
@@ -179,6 +199,10 @@ public List<String> getTransformsInfos() {
return null;
}
+ /* (non-Javadoc)
+ * @see at.gv.egovernment.moa.id.config.auth.IOAAuthParameters#getBKUURL()
+ */
+ @Override
public List<String> getBKUURL() {
BKUURLS bkuurls = oa_auth.getBKUURLS();
@@ -196,6 +220,10 @@ public List<String> getTransformsInfos() {
}
+ /* (non-Javadoc)
+ * @see at.gv.egovernment.moa.id.config.auth.IOAAuthParameters#useSSO()
+ */
+ @Override
public boolean useSSO() {
OASSO sso = oa_auth.getOASSO();
if (sso != null)
@@ -204,6 +232,10 @@ public List<String> getTransformsInfos() {
return false;
}
+ /* (non-Javadoc)
+ * @see at.gv.egovernment.moa.id.config.auth.IOAAuthParameters#useSSOQuestion()
+ */
+ @Override
public boolean useSSOQuestion() {
OASSO sso = oa_auth.getOASSO();
if (sso != null)
@@ -213,6 +245,10 @@ public List<String> getTransformsInfos() {
}
+ /* (non-Javadoc)
+ * @see at.gv.egovernment.moa.id.config.auth.IOAAuthParameters#getSingleLogOutURL()
+ */
+ @Override
public String getSingleLogOutURL() {
OASSO sso = oa_auth.getOASSO();
if (sso != null)
@@ -221,9 +257,10 @@ public List<String> getTransformsInfos() {
return null;
}
-/**
- * @return the mandateProfiles
+/* (non-Javadoc)
+ * @see at.gv.egovernment.moa.id.config.auth.IOAAuthParameters#getMandateProfiles()
*/
+@Override
public List<String> getMandateProfiles() {
Mandates mandates = oa_auth.getMandates();
@@ -253,9 +290,10 @@ public List<String> getMandateProfiles() {
return null;
}
-/**
- * @return the identityLinkDomainIdentifierType
+/* (non-Javadoc)
+ * @see at.gv.egovernment.moa.id.config.auth.IOAAuthParameters#getIdentityLinkDomainIdentifierType()
*/
+@Override
public String getIdentityLinkDomainIdentifierType() {
IdentificationNumber idnumber = oa_auth.getIdentificationNumber();
if (idnumber != null)
@@ -265,6 +303,10 @@ public String getIdentityLinkDomainIdentifierType() {
}
+/* (non-Javadoc)
+ * @see at.gv.egovernment.moa.id.config.auth.IOAAuthParameters#isShowMandateCheckBox()
+ */
+@Override
public boolean isShowMandateCheckBox() {
TemplatesType templates = oa_auth.getTemplates();
if (templates != null) {
@@ -277,6 +319,10 @@ public boolean isShowMandateCheckBox() {
return true;
}
+/* (non-Javadoc)
+ * @see at.gv.egovernment.moa.id.config.auth.IOAAuthParameters#isOnlyMandateAllowed()
+ */
+@Override
public boolean isOnlyMandateAllowed() {
TemplatesType templates = oa_auth.getTemplates();
if (templates != null) {
@@ -289,11 +335,10 @@ public boolean isOnlyMandateAllowed() {
return false;
}
- /**
- * Shall we show the stork login in the bku selection frontend?
- *
- * @return true, if is we should show stork login
+ /* (non-Javadoc)
+ * @see at.gv.egovernment.moa.id.config.auth.IOAAuthParameters#isShowStorkLogin()
*/
+ @Override
public boolean isShowStorkLogin() {
try {
return oa_auth.getOASTORK().isStorkLogonEnabled();
@@ -303,6 +348,10 @@ public boolean isOnlyMandateAllowed() {
}
}
+/* (non-Javadoc)
+ * @see at.gv.egovernment.moa.id.config.auth.IOAAuthParameters#getFormCustomizaten()
+ */
+@Override
public Map<String, String> getFormCustomizaten() {
TemplatesType templates = oa_auth.getTemplates();
@@ -354,6 +403,10 @@ public Map<String, String> getFormCustomizaten() {
return map;
}
+/* (non-Javadoc)
+ * @see at.gv.egovernment.moa.id.config.auth.IOAAuthParameters#getQaaLevel()
+ */
+@Override
public Integer getQaaLevel() {
if (oa_auth.getOASTORK() != null && oa_auth.getOASTORK().getQaa() != null)
@@ -363,21 +416,34 @@ public Integer getQaaLevel() {
return 4;
}
-/**
- * @return the requestedAttributes
+/* (non-Javadoc)
+ * @see at.gv.egovernment.moa.id.config.auth.IOAAuthParameters#getRequestedAttributes()
*/
+@Override
public List<OAStorkAttribute> getRequestedAttributes() {
return oa_auth.getOASTORK().getOAAttributes();
}
+/* (non-Javadoc)
+ * @see at.gv.egovernment.moa.id.config.auth.IOAAuthParameters#isRequireConsentForStorkAttributes()
+ */
+@Override
public boolean isRequireConsentForStorkAttributes() {
return oa_auth.getOASTORK().isRequireConsent();
}
+/* (non-Javadoc)
+ * @see at.gv.egovernment.moa.id.config.auth.IOAAuthParameters#getStorkAPs()
+ */
+@Override
public List<AttributeProviderPlugin> getStorkAPs() {
return oa_auth.getOASTORK().getAttributeProviders();
}
+/* (non-Javadoc)
+ * @see at.gv.egovernment.moa.id.config.auth.IOAAuthParameters#getBKUSelectionTemplate()
+ */
+@Override
public byte[] getBKUSelectionTemplate() {
TemplatesType templates = oa_auth.getTemplates();
@@ -389,6 +455,10 @@ public byte[] getBKUSelectionTemplate() {
return null;
}
+/* (non-Javadoc)
+ * @see at.gv.egovernment.moa.id.config.auth.IOAAuthParameters#getSendAssertionTemplate()
+ */
+@Override
public byte[] getSendAssertionTemplate() {
TemplatesType templates = oa_auth.getTemplates();
@@ -400,8 +470,54 @@ public byte[] getSendAssertionTemplate() {
return null;
}
+/* (non-Javadoc)
+ * @see at.gv.egovernment.moa.id.config.auth.IOAAuthParameters#getPepsList()
+ */
+@Override
public List<CPEPS> getPepsList() {
return new ArrayList<CPEPS>(oa_auth.getOASTORK().getCPEPS());
}
+
+/* (non-Javadoc)
+ * @see at.gv.egovernment.moa.id.config.auth.IOAAuthParameters#getIDPAttributQueryServiceURL()
+ */
+@Override
+public String getIDPAttributQueryServiceURL() {
+ if (inderfederatedIDP != null)
+ return inderfederatedIDP.getAttributeQueryURL();
+
+ else
+ return null;
+
+}
+
+@Override
+public boolean isInboundSSOInterfederationAllowed() {
+ if (inderfederatedIDP != null)
+ return inderfederatedIDP.isInboundSSO();
+ else
+ return false;
+}
+
+@Override
+public boolean isOutboundSSOInterfederationAllowed() {
+ if (inderfederatedIDP != null)
+ return inderfederatedIDP.isOutboundSSO();
+ else
+ return false;
+}
+
+@Override
+public boolean isInterfederationSSOStorageAllowed() {
+ if (inderfederatedIDP != null)
+ return inderfederatedIDP.isStoreSSOSession();
+ else
+ return false;
+}
+
+public boolean isIDPPublicService() {
+ return !getBusinessService();
}
+
+}
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/auth/data/DynamicOAAuthParameters.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/auth/data/DynamicOAAuthParameters.java
new file mode 100644
index 000000000..02ac09d70
--- /dev/null
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/auth/data/DynamicOAAuthParameters.java
@@ -0,0 +1,386 @@
+/*
+ * Copyright 2014 Federal Chancellery Austria
+ * MOA-ID has been developed in a cooperation between BRZ, the Federal
+ * Chancellery Austria - ICT staff unit, and Graz University of Technology.
+ *
+ * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by
+ * the European Commission - subsequent versions of the EUPL (the "Licence");
+ * You may not use this work except in compliance with the Licence.
+ * You may obtain a copy of the Licence at:
+ * http://www.osor.eu/eupl/
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the Licence is distributed on an "AS IS" basis,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the Licence for the specific language governing permissions and
+ * limitations under the Licence.
+ *
+ * This product combines work with different licenses. See the "NOTICE" text
+ * file for details on the various modules and licenses.
+ * The "NOTICE" text file is part of the distribution. Any derivative works
+ * that you distribute must include a readable copy of the "NOTICE" text file.
+ */
+package at.gv.egovernment.moa.id.config.auth.data;
+
+import java.util.List;
+import java.util.Map;
+
+import at.gv.egovernment.moa.id.commons.db.dao.config.AttributeProviderPlugin;
+import at.gv.egovernment.moa.id.commons.db.dao.config.CPEPS;
+import at.gv.egovernment.moa.id.commons.db.dao.config.OAPVP2;
+import at.gv.egovernment.moa.id.commons.db.dao.config.OASAML1;
+import at.gv.egovernment.moa.id.commons.db.dao.config.OAStorkAttribute;
+import at.gv.egovernment.moa.id.commons.db.dao.config.TemplateType;
+import at.gv.egovernment.moa.id.config.auth.IOAAuthParameters;
+
+/**
+ * @author tlenz
+ *
+ */
+public class DynamicOAAuthParameters implements IOAAuthParameters {
+
+ private String applicationID = null;
+
+ private boolean isBusinessService;
+ private String target;
+ private String businessTarget;
+
+ private boolean inderfederatedIDP;
+ private String IDPQueryURL;
+
+ /* (non-Javadoc)
+ * @see at.gv.egovernment.moa.id.config.auth.IOAAuthParameters#getBusinessService()
+ */
+ @Override
+ public boolean getBusinessService() {
+ return this.isBusinessService;
+ }
+
+ /* (non-Javadoc)
+ * @see at.gv.egovernment.moa.id.config.auth.IOAAuthParameters#getTarget()
+ */
+ @Override
+ public String getTarget() {
+ return this.target;
+ }
+
+ /* (non-Javadoc)
+ * @see at.gv.egovernment.moa.id.config.auth.IOAAuthParameters#getIdentityLinkDomainIdentifier()
+ */
+ @Override
+ public String getIdentityLinkDomainIdentifier() {
+ return this.businessTarget;
+ }
+
+ /* (non-Javadoc)
+ * @see at.gv.egovernment.moa.id.config.auth.IOAAuthParameters#isInderfederationIDP()
+ */
+ @Override
+ public boolean isInderfederationIDP() {
+ return this.inderfederatedIDP;
+ }
+
+ /* (non-Javadoc)
+ * @see at.gv.egovernment.moa.id.config.auth.IOAAuthParameters#getIDPAttributQueryServiceURL()
+ */
+ @Override
+ public String getIDPAttributQueryServiceURL() {
+ return this.IDPQueryURL;
+ }
+
+ /* (non-Javadoc)
+ * @see at.gv.egovernment.moa.id.config.auth.IOAAuthParameters#getKeyBoxIdentifier()
+ */
+ @Override
+ public String getKeyBoxIdentifier() {
+ // TODO Auto-generated method stub
+ return null;
+ }
+
+ /* (non-Javadoc)
+ * @see at.gv.egovernment.moa.id.config.auth.IOAAuthParameters#getTransformsInfos()
+ */
+ @Override
+ public List<String> getTransformsInfos() {
+ // TODO Auto-generated method stub
+ return null;
+ }
+
+ /* (non-Javadoc)
+ * @see at.gv.egovernment.moa.id.config.auth.IOAAuthParameters#getSAML1Parameter()
+ */
+ @Override
+ public OASAML1 getSAML1Parameter() {
+ // TODO Auto-generated method stub
+ return null;
+ }
+
+ /* (non-Javadoc)
+ * @see at.gv.egovernment.moa.id.config.auth.IOAAuthParameters#getPVP2Parameter()
+ */
+ @Override
+ public OAPVP2 getPVP2Parameter() {
+ // TODO Auto-generated method stub
+ return null;
+ }
+
+ /* (non-Javadoc)
+ * @see at.gv.egovernment.moa.id.config.auth.IOAAuthParameters#getTemplateURL()
+ */
+ @Override
+ public List<TemplateType> getTemplateURL() {
+ // TODO Auto-generated method stub
+ return null;
+ }
+
+ /* (non-Javadoc)
+ * @see at.gv.egovernment.moa.id.config.auth.IOAAuthParameters#getAditionalAuthBlockText()
+ */
+ @Override
+ public String getAditionalAuthBlockText() {
+ // TODO Auto-generated method stub
+ return null;
+ }
+
+ /* (non-Javadoc)
+ * @see at.gv.egovernment.moa.id.config.auth.IOAAuthParameters#getBKUURL(java.lang.String)
+ */
+ @Override
+ public String getBKUURL(String bkutype) {
+ // TODO Auto-generated method stub
+ return null;
+ }
+
+ /* (non-Javadoc)
+ * @see at.gv.egovernment.moa.id.config.auth.IOAAuthParameters#getBKUURL()
+ */
+ @Override
+ public List<String> getBKUURL() {
+ // TODO Auto-generated method stub
+ return null;
+ }
+
+ /* (non-Javadoc)
+ * @see at.gv.egovernment.moa.id.config.auth.IOAAuthParameters#useSSO()
+ */
+ @Override
+ public boolean useSSO() {
+ // TODO Auto-generated method stub
+ return false;
+ }
+
+ /* (non-Javadoc)
+ * @see at.gv.egovernment.moa.id.config.auth.IOAAuthParameters#useSSOQuestion()
+ */
+ @Override
+ public boolean useSSOQuestion() {
+ // TODO Auto-generated method stub
+ return false;
+ }
+
+ /* (non-Javadoc)
+ * @see at.gv.egovernment.moa.id.config.auth.IOAAuthParameters#getSingleLogOutURL()
+ */
+ @Override
+ public String getSingleLogOutURL() {
+ // TODO Auto-generated method stub
+ return null;
+ }
+
+ /* (non-Javadoc)
+ * @see at.gv.egovernment.moa.id.config.auth.IOAAuthParameters#getMandateProfiles()
+ */
+ @Override
+ public List<String> getMandateProfiles() {
+ // TODO Auto-generated method stub
+ return null;
+ }
+
+ /* (non-Javadoc)
+ * @see at.gv.egovernment.moa.id.config.auth.IOAAuthParameters#getIdentityLinkDomainIdentifierType()
+ */
+ @Override
+ public String getIdentityLinkDomainIdentifierType() {
+ // TODO Auto-generated method stub
+ return null;
+ }
+
+ /* (non-Javadoc)
+ * @see at.gv.egovernment.moa.id.config.auth.IOAAuthParameters#isShowMandateCheckBox()
+ */
+ @Override
+ public boolean isShowMandateCheckBox() {
+ // TODO Auto-generated method stub
+ return false;
+ }
+
+ /* (non-Javadoc)
+ * @see at.gv.egovernment.moa.id.config.auth.IOAAuthParameters#isOnlyMandateAllowed()
+ */
+ @Override
+ public boolean isOnlyMandateAllowed() {
+ // TODO Auto-generated method stub
+ return false;
+ }
+
+ /* (non-Javadoc)
+ * @see at.gv.egovernment.moa.id.config.auth.IOAAuthParameters#isShowStorkLogin()
+ */
+ @Override
+ public boolean isShowStorkLogin() {
+ // TODO Auto-generated method stub
+ return false;
+ }
+
+ /* (non-Javadoc)
+ * @see at.gv.egovernment.moa.id.config.auth.IOAAuthParameters#getFormCustomizaten()
+ */
+ @Override
+ public Map<String, String> getFormCustomizaten() {
+ // TODO Auto-generated method stub
+ return null;
+ }
+
+ /* (non-Javadoc)
+ * @see at.gv.egovernment.moa.id.config.auth.IOAAuthParameters#getQaaLevel()
+ */
+ @Override
+ public Integer getQaaLevel() {
+ // TODO Auto-generated method stub
+ return null;
+ }
+
+ /* (non-Javadoc)
+ * @see at.gv.egovernment.moa.id.config.auth.IOAAuthParameters#getRequestedAttributes()
+ */
+ @Override
+ public List<OAStorkAttribute> getRequestedAttributes() {
+ // TODO Auto-generated method stub
+ return null;
+ }
+
+ /* (non-Javadoc)
+ * @see at.gv.egovernment.moa.id.config.auth.IOAAuthParameters#isRequireConsentForStorkAttributes()
+ */
+ @Override
+ public boolean isRequireConsentForStorkAttributes() {
+ // TODO Auto-generated method stub
+ return false;
+ }
+
+ /* (non-Javadoc)
+ * @see at.gv.egovernment.moa.id.config.auth.IOAAuthParameters#getStorkAPs()
+ */
+ @Override
+ public List<AttributeProviderPlugin> getStorkAPs() {
+ // TODO Auto-generated method stub
+ return null;
+ }
+
+ /* (non-Javadoc)
+ * @see at.gv.egovernment.moa.id.config.auth.IOAAuthParameters#getBKUSelectionTemplate()
+ */
+ @Override
+ public byte[] getBKUSelectionTemplate() {
+ // TODO Auto-generated method stub
+ return null;
+ }
+
+ /* (non-Javadoc)
+ * @see at.gv.egovernment.moa.id.config.auth.IOAAuthParameters#getSendAssertionTemplate()
+ */
+ @Override
+ public byte[] getSendAssertionTemplate() {
+ // TODO Auto-generated method stub
+ return null;
+ }
+
+ /* (non-Javadoc)
+ * @see at.gv.egovernment.moa.id.config.auth.IOAAuthParameters#getPepsList()
+ */
+ @Override
+ public List<CPEPS> getPepsList() {
+ // TODO Auto-generated method stub
+ return null;
+ }
+
+ /**
+ * @param isBusinessService the isBusinessService to set
+ */
+ public void setBusinessService(boolean isBusinessService) {
+ this.isBusinessService = isBusinessService;
+ }
+
+ /**
+ * @param target the target to set
+ */
+ public void setTarget(String target) {
+ this.target = target;
+ }
+
+ /**
+ * @param businessTarget the businessTarget to set
+ */
+ public void setBusinessTarget(String businessTarget) {
+ this.businessTarget = businessTarget;
+ }
+
+ /**
+ * @param inderfederatedIDP the inderfederatedIDP to set
+ */
+ public void setInderfederatedIDP(boolean inderfederatedIDP) {
+ this.inderfederatedIDP = inderfederatedIDP;
+ }
+
+ /**
+ * @param iDPQueryURL the iDPQueryURL to set
+ */
+ public void setIDPQueryURL(String iDPQueryURL) {
+ IDPQueryURL = iDPQueryURL;
+ }
+
+ /* (non-Javadoc)
+ * @see at.gv.egovernment.moa.id.config.auth.IOAAuthParameters#getPublicURLPrefix()
+ */
+ @Override
+ public String getPublicURLPrefix() {
+ return this.applicationID;
+ }
+
+ /**
+ * @param applicationID the applicationID to set
+ */
+ public void setApplicationID(String applicationID) {
+ this.applicationID = applicationID;
+ }
+
+ /* (non-Javadoc)
+ * @see at.gv.egovernment.moa.id.config.auth.IOAAuthParameters#isInboundSSOInterfederationAllowed()
+ */
+ @Override
+ public boolean isInboundSSOInterfederationAllowed() {
+ // TODO Auto-generated method stub
+ return false;
+ }
+
+ /* (non-Javadoc)
+ * @see at.gv.egovernment.moa.id.config.auth.IOAAuthParameters#isInterfederationSSOStorageAllowed()
+ */
+ @Override
+ public boolean isInterfederationSSOStorageAllowed() {
+ // TODO Auto-generated method stub
+ return false;
+ }
+
+ /* (non-Javadoc)
+ * @see at.gv.egovernment.moa.id.config.auth.IOAAuthParameters#isOutboundSSOInterfederationAllowed()
+ */
+ @Override
+ public boolean isOutboundSSOInterfederationAllowed() {
+ // TODO Auto-generated method stub
+ return false;
+ }
+
+
+
+}
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/data/AuthenticationData.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/data/AuthenticationData.java
index f9d3986d7..33e62d3d0 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/data/AuthenticationData.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/data/AuthenticationData.java
@@ -1,27 +1,5 @@
-/*******************************************************************************
- * Copyright 2014 Federal Chancellery Austria
- * MOA-ID has been developed in a cooperation between BRZ, the Federal
- * Chancellery Austria - ICT staff unit, and Graz University of Technology.
- *
- * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by
- * the European Commission - subsequent versions of the EUPL (the "Licence");
- * You may not use this work except in compliance with the Licence.
- * You may obtain a copy of the Licence at:
- * http://www.osor.eu/eupl/
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the Licence is distributed on an "AS IS" basis,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the Licence for the specific language governing permissions and
- * limitations under the Licence.
- *
- * This product combines work with different licenses. See the "NOTICE" text
- * file for details on the various modules and licenses.
- * The "NOTICE" text file is part of the distribution. Any derivative works
- * that you distribute must include a readable copy of the "NOTICE" text file.
- ******************************************************************************/
/*
- * Copyright 2003 Federal Chancellery Austria
+ * Copyright 2014 Federal Chancellery Austria
* MOA-ID has been developed in a cooperation between BRZ, the Federal
* Chancellery Austria - ICT staff unit, and Graz University of Technology.
*
@@ -42,455 +20,643 @@
* The "NOTICE" text file is part of the distribution. Any derivative works
* that you distribute must include a readable copy of the "NOTICE" text file.
*/
-
-
package at.gv.egovernment.moa.id.data;
import java.io.Serializable;
+import java.text.DateFormat;
+import java.text.ParseException;
+import java.text.SimpleDateFormat;
import java.util.Date;
+import org.w3c.dom.Element;
+
+import eu.stork.peps.auth.commons.IPersonalAttributeList;
+import eu.stork.peps.auth.commons.STORKAuthnRequest;
+
import at.gv.egovernment.moa.id.auth.data.IdentityLink;
+import at.gv.egovernment.moa.id.util.client.mis.simple.MISMandate;
+import at.gv.egovernment.moa.logging.Logger;
+import at.gv.egovernment.moa.util.DOMUtils;
+import at.gv.egovernment.moa.util.DateTimeUtils;
+import at.gv.egovernment.moa.util.MiscUtil;
/**
- * Encapsulates authentication data contained in a <code>&lt;saml:Assertion&gt;</code>.
+ * @author tlenz
*
- * @author Paul Ivancsics
- * @version $Id$
*/
+public class AuthenticationData implements IAuthData, Serializable {
-public class AuthenticationData implements Serializable {
- /**
- *
- */
private static final long serialVersionUID = -1042697056735596866L;
-/**
- * major version number of the SAML assertion
- */
- private int majorVersion;
- /**
- * minor version number of the SAML assertion
- */
- private int minorVersion;
- /**
- * identifier for this assertion
- */
- private String assertionID;
- /**
- * URL of the MOA-ID Auth component issueing this assertion
- */
- private String issuer;
- /**
- * time instant of issue of this assertion
- */
- private String issueInstant;
- /**
- * user identification value (Stammzahl); <code>null</code>,
- * if the authentication module is configured not to return this data
- */
- private String identificationValue;
- /**
- * user identification type
- */
- private String identificationType;
+ public static final String IDENTITY_LINK_DATE_FORMAT = "yyyy-MM-dd";
+ /**
+ * URL of the MOA-ID Auth component issueing this assertion
+ */
+ private String issuer;
+ /**
+ * time instant of issue of this assertion
+ */
+ private Date issueInstant;
+ /**
+ * user identification value (Stammzahl); <code>null</code>,
+ * if the authentication module is configured not to return this data
+ */
+ private String identificationValue;
+ /**
+ * user identification type
+ */
+ private String identificationType;
+
+ /**
+ * user identityLink specialized to OAParamter
+ */
+ private IdentityLink identityLink;
+
+ /**
+ * application specific user identifier (bPK/wbPK)
+ */
+ private String bPK;
+
+ /**
+ * application specific user identifier type
+ */
+ private String bPKType;
+
+ /**
+ * given name of the user
+ */
+ private String givenName;
+ /**
+ * family name of the user
+ */
+ private String familyName;
+ /**
+ * date of birth of the user
+ */
+ private Date dateOfBirth;
+ /**
+ * says whether the certificate is a qualified certificate or not
+ */
+ private boolean qualifiedCertificate;
+ /**
+ * says whether the certificate is a public authority or not
+ */
+ private boolean publicAuthority;
+ /**
+ * public authority code (Beh&ouml;rdenkennzeichen - BKZ)
+ */
+ private String publicAuthorityCode;
+
+ /**
+ * URL of the BKU
+ */
+ private String bkuURL;
+ /**
+ * the corresponding <code>lt;saml:Assertion&gt;</code>
+ */
+
+ /**
+ * STORK attributes from response
+ */
+ private String ccc = null;
+ private IPersonalAttributeList storkAttributes = null;
+ private String storkAuthnResponse;
+ private STORKAuthnRequest storkRequest = null;
+
+ private byte[] signerCertificate = null;
+
+ private String authBlock = null;
+
+ private boolean useMandate = false;
+ private MISMandate mandate = null;
+ private String mandateReferenceValue = null;
+
+ private boolean foreigner =false;
+ private String QAALevel = null;
+
+ private boolean ssoSession = false;
+
+ private boolean interfederatedSSOSession = false;
+ private String interfederatedIDP = null;
+
+ private String sessionIndex = null;
+ private String nameID = null;
+ private String nameIDFormat = null;
+
+ public AuthenticationData() {
+ issueInstant = new Date();
+ }
+
+ /**
+ * Returns the publicAuthority.
+ * @return boolean
+ */
+ public boolean isPublicAuthority() {
+ return publicAuthority;
+ }
+
+ /**
+ * Returns the publicAuthorityCode.
+ * @return String
+ */
+ public String getPublicAuthorityCode() {
+ return publicAuthorityCode;
+ }
+
+ /**
+ * Returns the qualifiedCertificate.
+ * @return boolean
+ */
+ public boolean isQualifiedCertificate() {
+ return qualifiedCertificate;
+ }
+
+ /**
+ * Returns the bPK.
+ * @return String
+ */
+ public String getBPK() {
+ return bPK;
+ }
+
+ /**
+ * Sets the publicAuthority.
+ * @param publicAuthority The publicAuthority to set
+ */
+ public void setPublicAuthority(boolean publicAuthority) {
+ this.publicAuthority = publicAuthority;
+ }
+
+ /**
+ * Sets the publicAuthorityCode.
+ * @param publicAuthorityIdentification The publicAuthorityCode to set
+ */
+ public void setPublicAuthorityCode(String publicAuthorityIdentification) {
+ this.publicAuthorityCode = publicAuthorityIdentification;
+ }
+
+ /**
+ * Sets the qualifiedCertificate.
+ * @param qualifiedCertificate The qualifiedCertificate to set
+ */
+ public void setQualifiedCertificate(boolean qualifiedCertificate) {
+ this.qualifiedCertificate = qualifiedCertificate;
+ }
+
+ /**
+ * Sets the bPK.
+ * @param bPK The bPK to set
+ */
+ public void setBPK(String bPK) {
+ this.bPK = bPK;
+ }
+
+ /**
+ * Returns the dateOfBirth.
+ * @return String
+ */
+ public Date getDateOfBirth() {
+ return dateOfBirth;
+ }
+
+ public String getFormatedDateOfBirth() {
+ DateFormat pvpDateFormat = new SimpleDateFormat(IDENTITY_LINK_DATE_FORMAT);
+ if (getDateOfBirth() != null)
+ return pvpDateFormat.format(getDateOfBirth());
+ else
+ return "1900-01-01";
+ }
+
+ /**
+ * Returns the familyName.
+ * @return String
+ */
+ public String getFamilyName() {
+ return familyName;
+ }
+
+ /**
+ * Returns the givenName.
+ * @return String
+ */
+ public String getGivenName() {
+ return givenName;
+ }
+
+ /**
+ * Returns the identificationValue.
+ * @return String
+ */
+ public String getIdentificationValue() {
+ return identificationValue;
+ }
+
+ /**
+ * Returns the identificationType
+ * @return String
+ */
+ public String getIdentificationType() {
+ return identificationType;
+ }
+
+ /**
+ * Returns the issueInstant.
+ * @return String
+ */
+ public String getIssueInstantString() {
+ return DateTimeUtils.buildDateTimeUTC(issueInstant);
+
+ }
+
+ /**
+ * Returns the issueInstant.
+ * @return String
+ */
+ public Date getIssueInstant() {
+ return issueInstant;
+
+ }
+
+ public void setIssueInstant(Date date) {
+ this.issueInstant = date;
+ }
+
+ /**
+ * Returns the issuer.
+ * @return String
+ */
+ public String getIssuer() {
+ return issuer;
+ }
+
+ /**
+ * Returns the BKU URL.
+ * @return String
+ */
+ public String getBkuURL() {
+ return bkuURL;
+ }
+
+ /**
+ * Sets the dateOfBirth.
+ * @param dateOfBirth The dateOfBirth to set
+ */
+ public void setDateOfBirth(Date dateOfBirth) {
+ this.dateOfBirth = dateOfBirth;
+ }
+
+ public void setDateOfBirth(String dateOfBirth) {
+ try {
+ if (MiscUtil.isNotEmpty(dateOfBirth)) {
+ DateFormat identityLinkFormat = new SimpleDateFormat(IDENTITY_LINK_DATE_FORMAT);
+ this.dateOfBirth = identityLinkFormat.parse(dateOfBirth);
+ }
+
+ } catch (ParseException e) {
+ Logger.warn("Parse dateOfBirht from IdentityLink FAILED", e);
+
+ }
+ }
+
+ /**
+ * Sets the familyName.
+ * @param familyName The familyName to set
+ */
+ public void setFamilyName(String familyName) {
+ this.familyName = familyName;
+ }
+
+ /**
+ * Sets the givenName.
+ * @param givenName The givenName to set
+ */
+ public void setGivenName(String givenName) {
+ this.givenName = givenName;
+ }
+
+ /**
+ * Sets the identificationValue.
+ * @param identificationValue The identificationValue to set
+ */
+ public void setIdentificationValue(String identificationValue) {
+ this.identificationValue = identificationValue;
+ }
+
+ /**
+ * Sets the identificationType.
+ * @param identificationType The identificationType to set
+ */
+ public void setIdentificationType(String identificationType) {
+ this.identificationType = identificationType;
+ }
+
+ /**
+ * Sets the issuer.
+ * @param issuer The issuer to set
+ */
+ public void setIssuer(String issuer) {
+ this.issuer = issuer;
+ }
+
+ /**
+ * Sets the bkuURL
+ * @param url The BKU URL to set
+ */
+ public void setBkuURL(String url) {
+ this.bkuURL = url;
+ }
+
+ public String getBPKType() {
+ return bPKType;
+ }
+
+ public void setBPKType(String bPKType) {
+ this.bPKType = bPKType;
+ }
+
+ /**
+ * @return the identityLink
+ */
+ public IdentityLink getIdentityLink() {
+ return identityLink;
+ }
+
+ /**
+ * @param identityLink the identityLink to set
+ */
+ public void setIdentityLink(IdentityLink identityLink) {
+ this.identityLink = identityLink;
+ }
+
+
+ /**
+ * @return the storkAttributes
+ */
+ public IPersonalAttributeList getStorkAttributes() {
+ return storkAttributes;
+ }
+
+
/**
- * user identityLink specialized to OAParamter
+ * @param storkAttributes the storkAttributes to set
*/
- private IdentityLink identityLink;
+ public void setStorkAttributes(IPersonalAttributeList storkAttributes) {
+ this.storkAttributes = storkAttributes;
+ }
+
+
+ /**
+ * @return the signerCertificate
+ */
+ public byte[] getSignerCertificate() {
+ return signerCertificate;
+ }
+
+
+ /**
+ * @param signerCertificate the signerCertificate to set
+ */
+ public void setSignerCertificate(byte[] signerCertificate) {
+ this.signerCertificate = signerCertificate;
+ }
+
+
+ /**
+ * @return the authBlock
+ */
+ public String getAuthBlock() {
+ return authBlock;
+ }
+
+
+ /**
+ * @param authBlock the authBlock to set
+ */
+ public void setAuthBlock(String authBlock) {
+ this.authBlock = authBlock;
+ }
+
+
+ /**
+ * @return the mandate
+ */
+ public MISMandate getMISMandate() {
+ return mandate;
+ }
+
+ public Element getMandate() {
+ try {
+ byte[] byteMandate = mandate.getMandate();
+ String stringMandate = new String(byteMandate);
+ return DOMUtils.parseDocument(stringMandate, false, null, null).getDocumentElement();
+
+ }
+ catch (Throwable e) {
+ Logger.warn("Mandate content could not be generated from MISMandate.");
+ return null;
+ }
+ }
- /**
- * application specific user identifier (bPK/wbPK)
- */
- private String bPK;
-
- /**
- * application specific user identifier type
- */
- private String bPKType;
-
- /**
- * given name of the user
- */
- private String givenName;
- /**
- * family name of the user
- */
- private String familyName;
- /**
- * date of birth of the user
- */
- private String dateOfBirth;
- /**
- * says whether the certificate is a qualified certificate or not
- */
- private boolean qualifiedCertificate;
- /**
- * says whether the certificate is a public authority or not
- */
- private boolean publicAuthority;
- /**
- * public authority code (Beh&ouml;rdenkennzeichen - BKZ)
- */
- private String publicAuthorityCode;
- /**
- * The base64 encoded signer certificate.
- */
- private String signerCertificate;
- /**
- * URL of the BKU
- */
- private String bkuURL;
- /**
- * the corresponding <code>lt;saml:Assertion&gt;</code>
- */
- private String samlAssertion;
-
- /** useUTC */
-// private boolean useUTC;
- /**
- * creation timestamp
- */
- Date timestamp;
-
-
-
- //this method is only required for MOA-ID Proxy 2.0 Release.
- //TODO: remove it, if MOA-ID Proxy is not supported anymore.
- public String getWBPK() {
- return bPK;
- }
-
-
- /**
- * Constructor for AuthenticationData.
- */
- public AuthenticationData() {
- timestamp = new Date();
- }
-
- /**
- * Returns the minorVersion.
- * @return int
- */
- public int getMinorVersion() {
- return minorVersion;
- }
-
- /**
- * Returns the publicAuthority.
- * @return boolean
- */
- public boolean isPublicAuthority() {
- return publicAuthority;
- }
-
- /**
- * Returns the publicAuthorityCode.
- * @return String
- */
- public String getPublicAuthorityCode() {
- return publicAuthorityCode;
- }
-
- /**
- * Returns the qualifiedCertificate.
- * @return boolean
- */
- public boolean isQualifiedCertificate() {
- return qualifiedCertificate;
- }
-
- /**
- * Returns the bPK.
- * @return String
- */
- public String getBPK() {
- return bPK;
- }
-
-// /**
-// * Returns useUTC
-// * @return useUTC
-// */
-// public boolean getUseUTC() {
-// return useUTC;
-// }
-
- /**
- * Sets the minorVersion.
- * @param minorVersion The minorVersion to set
- */
- public void setMinorVersion(int minorVersion) {
- this.minorVersion = minorVersion;
- }
-
- /**
- * Sets the publicAuthority.
- * @param publicAuthority The publicAuthority to set
- */
- public void setPublicAuthority(boolean publicAuthority) {
- this.publicAuthority = publicAuthority;
- }
-
- /**
- * Sets the publicAuthorityCode.
- * @param publicAuthorityIdentification The publicAuthorityCode to set
- */
- public void setPublicAuthorityCode(String publicAuthorityIdentification) {
- this.publicAuthorityCode = publicAuthorityIdentification;
- }
-
- /**
- * Sets the qualifiedCertificate.
- * @param qualifiedCertificate The qualifiedCertificate to set
- */
- public void setQualifiedCertificate(boolean qualifiedCertificate) {
- this.qualifiedCertificate = qualifiedCertificate;
- }
-
- /**
- * Sets the bPK.
- * @param bPK The bPK to set
- */
- public void setBPK(String bPK) {
- this.bPK = bPK;
- }
-
-// /**
-// * Sets the wbPK.
-// * @param wbPK The wbPK to set
-// */
-// public void setWBPK(String wbPK) {
-// this.wbPK = wbPK;
-// }
-
-// public void setUseUTC(boolean useUTC) {
-// this.useUTC = useUTC;
-// }
-
- /**
- * Returns the assertionID.
- * @return String
- */
- public String getAssertionID() {
- return assertionID;
- }
-
- /**
- * Returns the dateOfBirth.
- * @return String
- */
- public String getDateOfBirth() {
- return dateOfBirth;
- }
-
- /**
- * Returns the familyName.
- * @return String
- */
- public String getFamilyName() {
- return familyName;
- }
-
- /**
- * Returns the givenName.
- * @return String
- */
- public String getGivenName() {
- return givenName;
- }
-
- /**
- * Returns the identificationValue.
- * @return String
- */
- public String getIdentificationValue() {
- return identificationValue;
- }
-
- /**
- * Returns the identificationType
- * @return String
- */
- public String getIdentificationType() {
- return identificationType;
- }
-
- /**
- * Returns the issueInstant.
- * @return String
- */
- public String getIssueInstant() {
- return issueInstant;
- }
-
- /**
- * Returns the issuer.
- * @return String
- */
- public String getIssuer() {
- return issuer;
- }
-
- /**
- * Returns the majorVersion.
- * @return int
- */
- public int getMajorVersion() {
- return majorVersion;
- }
-
- /**
- * Returns the BKU URL.
- * @return String
- */
- public String getBkuURL() {
- return bkuURL;
- }
-
- /**
- * Returns the signer certificate.
- * @return String
- */
- public String getSignerCertificate() {
- return signerCertificate;
- }
-
- /**
- * Sets the assertionID.
- * @param assertionID The assertionID to set
- */
- public void setAssertionID(String assertionID) {
- this.assertionID = assertionID;
- }
-
- /**
- * Sets the dateOfBirth.
- * @param dateOfBirth The dateOfBirth to set
- */
- public void setDateOfBirth(String dateOfBirth) {
- this.dateOfBirth = dateOfBirth;
- }
-
- /**
- * Sets the familyName.
- * @param familyName The familyName to set
- */
- public void setFamilyName(String familyName) {
- this.familyName = familyName;
- }
-
- /**
- * Sets the givenName.
- * @param givenName The givenName to set
- */
- public void setGivenName(String givenName) {
- this.givenName = givenName;
- }
-
- /**
- * Sets the identificationValue.
- * @param identificationValue The identificationValue to set
- */
- public void setIdentificationValue(String identificationValue) {
- this.identificationValue = identificationValue;
- }
-
- /**
- * Sets the identificationType.
- * @param identificationType The identificationType to set
- */
- public void setIdentificationType(String identificationType) {
- this.identificationType = identificationType;
- }
-
- /**
- * Sets the issueInstant.
- * @param issueInstant The issueInstant to set
- */
- public void setIssueInstant(String issueInstant) {
- this.issueInstant = issueInstant;
- }
-
- /**
- * Sets the issuer.
- * @param issuer The issuer to set
- */
- public void setIssuer(String issuer) {
- this.issuer = issuer;
- }
-
- /**
- * Sets the majorVersion.
- * @param majorVersion The majorVersion to set
- */
- public void setMajorVersion(int majorVersion) {
- this.majorVersion = majorVersion;
- }
-
- /**
- * Sets the bkuURL
- * @param url The BKU URL to set
- */
- public void setBkuURL(String url) {
- this.bkuURL = url;
- }
-
- /**
- * Sets the signer certificate
- * @param signerCertificate The signer certificate
- */
- public void setSignerCertificate(String signerCertificate) {
- this.signerCertificate = signerCertificate;
- }
-
- /**
- * Returns the samlAssertion.
- * @return String
- */
- public String getSamlAssertion() {
- return samlAssertion;
- }
-
- /**
- * Sets the samlAssertion.
- * @param samlAssertion The samlAssertion to set
- */
- public void setSamlAssertion(String samlAssertion) {
- this.samlAssertion = samlAssertion;
- }
-
- /**
- * Returns the timestamp.
- * @return Date
- */
- public Date getTimestamp() {
- return timestamp;
- }
-
-public String getBPKType() {
- return bPKType;
-}
-public void setBPKType(String bPKType) {
- this.bPKType = bPKType;
-}
+ /**
+ * @param mandate the mandate to set
+ */
+ public void setMISMandate(MISMandate mandate) {
+ this.mandate = mandate;
+ }
-/**
- * @return the identityLink
- */
-public IdentityLink getIdentityLink() {
- return identityLink;
-}
-/**
- * @param identityLink the identityLink to set
- */
-public void setIdentityLink(IdentityLink identityLink) {
- this.identityLink = identityLink;
-}
+ /**
+ * @return the useMandate
+ */
+ public boolean isUseMandate() {
+ return useMandate;
+ }
+ /**
+ * @param useMandate the useMandate to set
+ */
+ public void setUseMandate(boolean useMandate) {
+ this.useMandate = useMandate;
+ }
-
+
+ /**
+ * @return
+ */
+ public String getQAALevel() {
+ return this.QAALevel;
+ }
+
+
+ /**
+ * @return
+ */
+ public boolean isForeigner() {
+ return this.foreigner;
+ }
+
+
+ /**
+ * @param foreigner the foreigner to set
+ */
+ public void setForeigner(boolean foreigner) {
+ this.foreigner = foreigner;
+ }
+
+
+ /**
+ * @param qAALevel the qAALevel to set
+ */
+ public void setQAALevel(String qAALevel) {
+ QAALevel = qAALevel;
+ }
+
+
+ /**
+ * @return the ssoSession
+ */
+ public boolean isSsoSession() {
+ return ssoSession;
+ }
+
+
+ /**
+ * @param ssoSession the ssoSession to set
+ */
+ public void setSsoSession(boolean ssoSession) {
+ this.ssoSession = ssoSession;
+ }
+
+ /**
+ * @param storkRequest the storkRequest to set
+ */
+ public void setStorkRequest(STORKAuthnRequest storkRequest) {
+ this.storkRequest = storkRequest;
+ }
+
+ /* (non-Javadoc)
+ * @see at.gv.egovernment.moa.id.data.IAuthData#getStorkAuthnRequest()
+ */
+ @Override
+ public STORKAuthnRequest getStorkAuthnRequest() {
+ return this.storkRequest;
+ }
+
+ /**
+ * @return the storkAuthnResponse
+ */
+ public String getStorkAuthnResponse() {
+ return storkAuthnResponse;
+ }
+
+ /**
+ * @param storkAuthnResponse the storkAuthnResponse to set
+ */
+ public void setStorkAuthnResponse(String storkAuthnResponse) {
+ this.storkAuthnResponse = storkAuthnResponse;
+ }
+
+ /**
+ * @return the mandateReferenceValue
+ */
+ public String getMandateReferenceValue() {
+ return mandateReferenceValue;
+ }
+
+ /**
+ * @param mandateReferenceValue the mandateReferenceValue to set
+ */
+ public void setMandateReferenceValue(String mandateReferenceValue) {
+ this.mandateReferenceValue = mandateReferenceValue;
+ }
+
+ /**
+ * @return the ccc
+ */
+ public String getCcc() {
+ return ccc;
+ }
+
+ /**
+ * @param ccc the ccc to set
+ */
+ public void setCcc(String ccc) {
+ this.ccc = ccc;
+ }
+
+ /**
+ * @return the sessionIndex
+ */
+ public String getSessionIndex() {
+ return sessionIndex;
+ }
+
+ /**
+ * @param sessionIndex the sessionIndex to set
+ */
+ public void setSessionIndex(String sessionIndex) {
+ this.sessionIndex = sessionIndex;
+ }
+
+ /* (non-Javadoc)
+ * @see at.gv.egovernment.moa.id.data.IAuthData#getNameID()
+ */
+ @Override
+ public String getNameID() {
+ return this.nameID;
+ }
+
+ /**
+ * @param nameID the nameID to set
+ */
+ public void setNameID(String nameID) {
+ this.nameID = nameID;
+ }
+
+ /**
+ * @return the nameIDFormat
+ */
+ public String getNameIDFormat() {
+ return nameIDFormat;
+ }
+
+ /**
+ * @param nameIDFormat the nameIDFormat to set
+ */
+ public void setNameIDFormat(String nameIDFormat) {
+ this.nameIDFormat = nameIDFormat;
+ }
+
+ /**
+ * @return the interfederatedSSOSession
+ */
+ public boolean isInterfederatedSSOSession() {
+ return interfederatedSSOSession;
+ }
+
+ /**
+ * @param interfederatedSSOSession the interfederatedSSOSession to set
+ */
+ public void setInterfederatedSSOSession(boolean interfederatedSSOSession) {
+ this.interfederatedSSOSession = interfederatedSSOSession;
+ }
+
+ /**
+ * @return the interfederatedIDP
+ */
+ public String getInterfederatedIDP() {
+ return interfederatedIDP;
+ }
+
+ /**
+ * @param interfederatedIDP the interfederatedIDP to set
+ */
+ public void setInterfederatedIDP(String interfederatedIDP) {
+ this.interfederatedIDP = interfederatedIDP;
+ }
+
+
+
}
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/data/IAuthData.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/data/IAuthData.java
new file mode 100644
index 000000000..4ea81f134
--- /dev/null
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/data/IAuthData.java
@@ -0,0 +1,86 @@
+/*
+ * Copyright 2014 Federal Chancellery Austria
+ * MOA-ID has been developed in a cooperation between BRZ, the Federal
+ * Chancellery Austria - ICT staff unit, and Graz University of Technology.
+ *
+ * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by
+ * the European Commission - subsequent versions of the EUPL (the "Licence");
+ * You may not use this work except in compliance with the Licence.
+ * You may obtain a copy of the Licence at:
+ * http://www.osor.eu/eupl/
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the Licence is distributed on an "AS IS" basis,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the Licence for the specific language governing permissions and
+ * limitations under the Licence.
+ *
+ * This product combines work with different licenses. See the "NOTICE" text
+ * file for details on the various modules and licenses.
+ * The "NOTICE" text file is part of the distribution. Any derivative works
+ * that you distribute must include a readable copy of the "NOTICE" text file.
+ */
+package at.gv.egovernment.moa.id.data;
+
+import java.util.Date;
+
+import org.w3c.dom.Element;
+
+import eu.stork.peps.auth.commons.IPersonalAttributeList;
+import eu.stork.peps.auth.commons.STORKAuthnRequest;
+
+import at.gv.egovernment.moa.id.auth.data.IdentityLink;
+import at.gv.egovernment.moa.id.util.client.mis.simple.MISMandate;
+
+/**
+ * @author tlenz
+ *
+ */
+public interface IAuthData {
+
+ Date getIssueInstant();
+ String getIssuer();
+
+ boolean isSsoSession();
+ boolean isInterfederatedSSOSession();
+ boolean isUseMandate();
+
+ String getFamilyName();
+ String getGivenName();
+ Date getDateOfBirth();
+ String getFormatedDateOfBirth();
+
+ String getBPK();
+ String getBPKType();
+
+ String getInterfederatedIDP();
+
+ String getIdentificationValue();
+ String getIdentificationType();
+
+ String getBkuURL();
+
+ IdentityLink getIdentityLink();
+ byte[] getSignerCertificate();
+ String getAuthBlock();
+
+ boolean isPublicAuthority();
+ String getPublicAuthorityCode();
+ boolean isQualifiedCertificate();
+
+ MISMandate getMISMandate();
+ Element getMandate();
+ String getMandateReferenceValue();
+
+ String getQAALevel();
+
+ String getSessionIndex();
+ String getNameID();
+ String getNameIDFormat();
+
+ boolean isForeigner();
+ String getCcc();
+ STORKAuthnRequest getStorkAuthnRequest();
+ String getStorkAuthnResponse();
+ IPersonalAttributeList getStorkAttributes();
+}
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/data/SLOInformationContainer.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/data/SLOInformationContainer.java
new file mode 100644
index 000000000..a0f3dd309
--- /dev/null
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/data/SLOInformationContainer.java
@@ -0,0 +1,155 @@
+/*
+ * Copyright 2014 Federal Chancellery Austria
+ * MOA-ID has been developed in a cooperation between BRZ, the Federal
+ * Chancellery Austria - ICT staff unit, and Graz University of Technology.
+ *
+ * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by
+ * the European Commission - subsequent versions of the EUPL (the "Licence");
+ * You may not use this work except in compliance with the Licence.
+ * You may obtain a copy of the Licence at:
+ * http://www.osor.eu/eupl/
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the Licence is distributed on an "AS IS" basis,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the Licence for the specific language governing permissions and
+ * limitations under the Licence.
+ *
+ * This product combines work with different licenses. See the "NOTICE" text
+ * file for details on the various modules and licenses.
+ * The "NOTICE" text file is part of the distribution. Any derivative works
+ * that you distribute must include a readable copy of the "NOTICE" text file.
+ */
+package at.gv.egovernment.moa.id.data;
+
+import java.io.Serializable;
+import java.util.ArrayList;
+import java.util.Iterator;
+import java.util.LinkedHashMap;
+import java.util.List;
+
+import org.opensaml.common.xml.SAMLConstants;
+import org.opensaml.saml2.metadata.SingleLogoutService;
+
+import at.gv.egovernment.moa.id.commons.db.dao.session.OASessionStore;
+import at.gv.egovernment.moa.id.protocols.pvp2x.PVP2XProtocol;
+import at.gv.egovernment.moa.id.protocols.pvp2x.PVPTargetConfiguration;
+import at.gv.egovernment.moa.id.protocols.pvp2x.builder.SingleLogOutBuilder;
+import at.gv.egovernment.moa.id.protocols.pvp2x.exceptions.NOSLOServiceDescriptorException;
+
+/**
+ * @author tlenz
+ *
+ */
+public class SLOInformationContainer implements Serializable {
+
+ private static final long serialVersionUID = 7148730740582881862L;
+
+ private PVPTargetConfiguration sloRequest = null;
+ private LinkedHashMap<String, SLOInformationImpl> activeFrontChannalOAs = null;
+ private LinkedHashMap<String, SLOInformationImpl> activeBackChannelOAs = null;
+ private List<String> sloFailedOAs = null;
+
+
+ public void parseActiveOAs(List<OASessionStore> dbOAs, String removeOAID) {
+ activeFrontChannalOAs = new LinkedHashMap<String, SLOInformationImpl>();
+ activeBackChannelOAs = new LinkedHashMap<String, SLOInformationImpl>();
+
+ if (dbOAs != null) {
+ for (OASessionStore oa : dbOAs) {
+ //Actually only PVP 2.1 support Single LogOut
+ if (PVP2XProtocol.NAME.equals(oa.getProtocolType()) &&
+ !oa.getOaurlprefix().equals(removeOAID)) {
+ SingleLogoutService sloDesc;
+ try {
+ sloDesc = SingleLogOutBuilder.getRequestSLODescriptor(oa.getOaurlprefix());
+
+ if (sloDesc.getBinding().equals(SAMLConstants.SAML2_SOAP11_BINDING_URI))
+ activeBackChannelOAs.put(oa.getOaurlprefix(),
+ new SLOInformationImpl(
+ oa.getAssertionSessionID(),
+ oa.getUserNameID(),
+ oa.getUserNameIDFormat(),
+ oa.getProtocolType(),
+ sloDesc));
+
+ else
+ activeFrontChannalOAs.put(oa.getOaurlprefix(),
+ new SLOInformationImpl(
+ oa.getAssertionSessionID(),
+ oa.getUserNameID(),
+ oa.getUserNameIDFormat(),
+ oa.getProtocolType(),
+ sloDesc));
+
+ } catch (NOSLOServiceDescriptorException e) {
+ putFailedOA(oa.getOaurlprefix());
+
+ }
+
+ } else
+ putFailedOA(oa.getOaurlprefix());
+ }
+ }
+ }
+
+ public String getNextFrontChannelOA() {
+ Iterator<String> interator = activeFrontChannalOAs.keySet().iterator();
+ if (interator.hasNext())
+ return interator.next();
+
+ else
+ return null;
+ }
+
+ public SLOInformationImpl getFrontChannelOASessionDescripten(String oaID) {
+ return activeFrontChannalOAs.get(oaID);
+ }
+
+ public void removeFrontChannelOA(String oaID) {
+ activeFrontChannalOAs.remove(oaID);
+ }
+
+ public Iterator<String> getNextBackChannelOA() {
+ return activeBackChannelOAs.keySet().iterator();
+ }
+
+ public SLOInformationImpl getBackChannelOASessionDescripten(String oaID) {
+ return activeBackChannelOAs.get(oaID);
+ }
+
+ public void removeBackChannelOA(String oaID) {
+ activeBackChannelOAs.remove(oaID);
+ }
+
+ /**
+ * @return the sloRequest
+ */
+ public PVPTargetConfiguration getSloRequest() {
+ return sloRequest;
+ }
+
+ /**
+ * @param sloRequest the sloRequest to set
+ */
+ public void setSloRequest(PVPTargetConfiguration sloRequest) {
+ this.sloRequest = sloRequest;
+ }
+
+ /**
+ * @return the sloFailedOAs
+ */
+ public List<String> getSloFailedOAs() {
+ return sloFailedOAs;
+ }
+
+ public void putFailedOA(String oaID) {
+ if (sloFailedOAs == null)
+ sloFailedOAs = new ArrayList<String>();
+ sloFailedOAs.add(oaID);
+ }
+
+
+
+
+}
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/data/SLOInformationImpl.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/data/SLOInformationImpl.java
new file mode 100644
index 000000000..55b213702
--- /dev/null
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/data/SLOInformationImpl.java
@@ -0,0 +1,156 @@
+/*
+ * Copyright 2014 Federal Chancellery Austria
+ * MOA-ID has been developed in a cooperation between BRZ, the Federal
+ * Chancellery Austria - ICT staff unit, and Graz University of Technology.
+ *
+ * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by
+ * the European Commission - subsequent versions of the EUPL (the "Licence");
+ * You may not use this work except in compliance with the Licence.
+ * You may obtain a copy of the Licence at:
+ * http://www.osor.eu/eupl/
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the Licence is distributed on an "AS IS" basis,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the Licence for the specific language governing permissions and
+ * limitations under the Licence.
+ *
+ * This product combines work with different licenses. See the "NOTICE" text
+ * file for details on the various modules and licenses.
+ * The "NOTICE" text file is part of the distribution. Any derivative works
+ * that you distribute must include a readable copy of the "NOTICE" text file.
+ */
+package at.gv.egovernment.moa.id.data;
+
+import java.io.Serializable;
+
+import org.opensaml.saml2.metadata.SingleLogoutService;
+
+/**
+ * @author tlenz
+ *
+ */
+public class SLOInformationImpl implements SLOInformationInterface, Serializable {
+
+ private static final long serialVersionUID = 295577931870512387L;
+ private String sessionIndex = null;
+ private String nameID = null;
+ private String protocolType = null;
+ private String nameIDFormat = null;
+ private String binding = null;
+ private String serviceURL = null;
+
+ public SLOInformationImpl(String sessionID, String nameID, String nameIDFormat, String protocolType) {
+ new SLOInformationImpl(sessionID, nameID, nameIDFormat, protocolType, null);
+ }
+
+ public SLOInformationImpl(String sessionID, String nameID, String nameIDFormat, String protocolType, SingleLogoutService sloService) {
+ this.sessionIndex = sessionID;
+ this.nameID = nameID;
+ this.nameIDFormat = nameIDFormat;
+ this.protocolType = protocolType;
+
+ if (sloService != null) {
+ this.binding = sloService.getBinding();
+ this.serviceURL = sloService.getLocation();
+
+ }
+ }
+
+
+ /**
+ *
+ */
+ public SLOInformationImpl() {
+
+ }
+
+
+ /* (non-Javadoc)
+ * @see at.gv.egovernment.moa.id.data.SLOInformationInterface#getSessionIndex()
+ */
+ @Override
+ public String getSessionIndex() {
+ return sessionIndex;
+
+ }
+
+ /* (non-Javadoc)
+ * @see at.gv.egovernment.moa.id.data.SLOInformationInterface#getUserNameIdentifier()
+ */
+ @Override
+ public String getUserNameIdentifier() {
+ return nameID;
+
+ }
+
+
+ /**
+ * @param sessionIndex the sessionIndex to set
+ */
+ public void setSessionIndex(String sessionIndex) {
+ this.sessionIndex = sessionIndex;
+ }
+
+
+ /**
+ * @param nameID the nameID to set
+ */
+ public void setUserNameIdentifier(String nameID) {
+ this.nameID = nameID;
+ }
+
+
+
+ /**
+ * @param protocolType the protocolType to set
+ */
+ public void setProtocolType(String protocolType) {
+ this.protocolType = protocolType;
+ }
+
+
+ /* (non-Javadoc)
+ * @see at.gv.egovernment.moa.id.data.SLOInformationInterface#getProtocolType()
+ */
+ @Override
+ public String getProtocolType() {
+ return protocolType;
+ }
+
+
+ /* (non-Javadoc)
+ * @see at.gv.egovernment.moa.id.data.SLOInformationInterface#getUserNameIDFormat()
+ */
+ @Override
+ public String getUserNameIDFormat() {
+ return this.nameIDFormat;
+ }
+
+
+ /**
+ * @param nameIDFormat the nameIDFormat to set
+ */
+ public void setNameIDFormat(String nameIDFormat) {
+ this.nameIDFormat = nameIDFormat;
+ }
+
+ /**
+ * @return the binding
+ */
+ public String getBinding() {
+ return binding;
+ }
+
+ /**
+ * @return the serviceURL
+ */
+ public String getServiceURL() {
+ return serviceURL;
+ }
+
+
+
+
+
+}
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/data/SLOInformationInterface.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/data/SLOInformationInterface.java
new file mode 100644
index 000000000..b2241f8ed
--- /dev/null
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/data/SLOInformationInterface.java
@@ -0,0 +1,63 @@
+/*
+ * Copyright 2014 Federal Chancellery Austria
+ * MOA-ID has been developed in a cooperation between BRZ, the Federal
+ * Chancellery Austria - ICT staff unit, and Graz University of Technology.
+ *
+ * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by
+ * the European Commission - subsequent versions of the EUPL (the "Licence");
+ * You may not use this work except in compliance with the Licence.
+ * You may obtain a copy of the Licence at:
+ * http://www.osor.eu/eupl/
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the Licence is distributed on an "AS IS" basis,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the Licence for the specific language governing permissions and
+ * limitations under the Licence.
+ *
+ * This product combines work with different licenses. See the "NOTICE" text
+ * file for details on the various modules and licenses.
+ * The "NOTICE" text file is part of the distribution. Any derivative works
+ * that you distribute must include a readable copy of the "NOTICE" text file.
+ */
+package at.gv.egovernment.moa.id.data;
+
+/**
+ * @author tlenz
+ *
+ */
+public interface SLOInformationInterface{
+
+
+ /**
+ * get AssertionID which was used for Service Provider Single LogOut request
+ *
+ * @return
+ * SessionID (SessionIndex in case of SAML2)
+ */
+ public String getSessionIndex();
+
+ /**
+ * get user identifier which was used
+ *
+ * @return
+ * bPK / wbPK (nameID in case of SAML2)
+ */
+ public String getUserNameIdentifier();
+
+
+ /**
+ * get protocol type which was used for authentication
+ *
+ * @return
+ * return authentication protocol type
+ */
+ public String getProtocolType();
+
+ /**
+ * @return
+ */
+ public String getUserNameIDFormat();
+
+
+}
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/entrypoints/DispatcherServlet.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/entrypoints/DispatcherServlet.java
index 480deb867..a3827ab73 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/entrypoints/DispatcherServlet.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/entrypoints/DispatcherServlet.java
@@ -25,20 +25,18 @@ package at.gv.egovernment.moa.id.entrypoints;
import java.io.IOException;
import java.util.Iterator;
-import java.util.Map;
-import java.util.Set;
-import java.util.concurrent.ConcurrentHashMap;
import javax.servlet.ServletConfig;
import javax.servlet.ServletException;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
-import javax.servlet.http.HttpSession;
import at.gv.egovernment.moa.id.advancedlogging.StatisticLogger;
import at.gv.egovernment.moa.id.auth.MOAIDAuthInitializer;
+import at.gv.egovernment.moa.id.auth.builder.AuthenticationDataBuilder;
import at.gv.egovernment.moa.id.auth.data.AuthenticationSession;
import at.gv.egovernment.moa.id.auth.exception.AuthenticationException;
+import at.gv.egovernment.moa.id.auth.exception.InvalidProtocolRequestException;
import at.gv.egovernment.moa.id.auth.exception.MOAIDException;
import at.gv.egovernment.moa.id.auth.exception.ProtocolNotActiveException;
import at.gv.egovernment.moa.id.auth.exception.WrongParametersException;
@@ -46,6 +44,8 @@ import at.gv.egovernment.moa.id.auth.servlet.AuthServlet;
import at.gv.egovernment.moa.id.commons.db.ConfigurationDBUtils;
import at.gv.egovernment.moa.id.config.auth.AuthConfigurationProvider;
import at.gv.egovernment.moa.id.config.auth.OAAuthParameter;
+import at.gv.egovernment.moa.id.data.IAuthData;
+import at.gv.egovernment.moa.id.data.SLOInformationInterface;
import at.gv.egovernment.moa.id.moduls.AuthenticationManager;
import at.gv.egovernment.moa.id.moduls.IAction;
import at.gv.egovernment.moa.id.moduls.IModulInfo;
@@ -57,6 +57,7 @@ import at.gv.egovernment.moa.id.moduls.SSOManager;
import at.gv.egovernment.moa.id.protocols.pvp2x.exceptions.AuthnRequestValidatorException;
import at.gv.egovernment.moa.id.storage.AuthenticationSessionStoreage;
import at.gv.egovernment.moa.id.storage.DBExceptionStoreImpl;
+import at.gv.egovernment.moa.id.util.ErrorResponseUtils;
import at.gv.egovernment.moa.id.util.MOAIDMessageProvider;
import at.gv.egovernment.moa.id.util.Random;
import at.gv.egovernment.moa.id.util.legacy.LegacyHelper;
@@ -223,8 +224,10 @@ public class DispatcherServlet extends AuthServlet{
}
}
- //HttpSession httpSession = req.getSession();
- //Map<String, IRequest> protocolRequests = null;
+ //get SSO Cookie for Request
+ SSOManager ssomanager = SSOManager.getInstance();
+ String ssoId = ssomanager.getSSOSessionID(req);
+
IRequest protocolRequest = null;
try {
@@ -249,18 +252,47 @@ public class DispatcherServlet extends AuthServlet{
try {
protocolRequest = info.preProcess(req, resp, action);
- if (protocolRequest != null) {
-
+ //request is a valid interfederation response
+ if (protocolRequest != null &&
+ protocolRequest.getInterfederationResponse() != null ) {
+ Logger.debug("Create new interfederated MOA-Session and add to HTTPRequest");
+
+ //reload SP protocol implementation
+ info = ModulStorage.getModuleByPath(protocolRequest.requestedModule());
+ moduleAction = info.getAction(protocolRequest.requestedAction());
+
+ //create interfederated mOASession
+ String sessionID =
+ AuthenticationSessionStoreage.createInterfederatedSession(protocolRequest, true, ssoId);
+ req.getParameterMap().put(PARAM_SESSIONID, sessionID);
+
+ Logger.info("PreProcessing of SSO interfederation response complete. ");
+
+ //request is a not valid interfederation response -> Restart local authentication
+ } else if (protocolRequest != null &&
+ MiscUtil.isNotEmpty(protocolRequest.getRequestID())) {
+ Logger.info("Restart authentication with stored " + protocolRequest.requestedModule()
+ + " AuthnRequest for OnlineApplication " + protocolRequest.getOAURL());
+
+ //request is a new authentication request
+ } else if (protocolRequest != null &&
+ MiscUtil.isEmpty(protocolRequest.getRequestID())) {
//Start new Authentication
- protocolRequest.setAction(action);
protocolRequest.setModule(module);
- protocolRequestID = Random.nextRandom();
- protocolRequest.setRequestID(protocolRequestID);
- RequestStorage.setPendingRequest(protocolRequest);
+ //if preProcessing has not set a specific action from decoded request
+ // then set the default action
+ if (MiscUtil.isEmpty(protocolRequest.requestedAction()))
+ protocolRequest.setAction(action);
+ else
+ moduleAction = info.getAction(protocolRequest.requestedAction());
+ protocolRequestID = Random.nextRandom();
+ protocolRequest.setRequestID(protocolRequestID);
+ RequestStorage.setPendingRequest(protocolRequest);
Logger.debug(DispatcherServlet.class.getName()+": Create PendingRequest with ID " + protocolRequestID + ".");
-
+
+
} else {
Logger.error("Failed to generate a valid protocol request!");
resp.setContentType("text/html;charset=UTF-8");
@@ -280,30 +312,42 @@ public class DispatcherServlet extends AuthServlet{
StatisticLogger logger = StatisticLogger.getInstance();
logger.logErrorOperation(e, e.getErrorRequest());
return;
-
- } catch (MOAIDException e) {
+
+ }catch (InvalidProtocolRequestException e) {
+ ErrorResponseUtils utils = ErrorResponseUtils.getInstance();
+ String code = utils.mapInternalErrorToExternalError(e.getMessageId());
+ String descr = e.getMessage();
+ Logger.error("Protocol validation FAILED!");
+ resp.setContentType("text/html;charset=UTF-8");
+ resp.sendError(HttpServletResponse.SC_BAD_REQUEST, "Protocol validation FAILED!" +
+ "(Errorcode=" + code +
+ " | Description=" + descr + ")");
+ return;
+ } catch (MOAIDException e) {
Logger.error("Failed to generate a valid protocol request!");
resp.setContentType("text/html;charset=UTF-8");
- resp.sendError(HttpServletResponse.SC_BAD_REQUEST, "NO valid protocol request received!");
+ resp.sendError(HttpServletResponse.SC_BAD_REQUEST, "NO valid protocol request received!" +
+ "(Errorcode=6000"
+ +" | Description=Das Authentifizierungsprotokoll wurde nicht erkannt oder wird nicht unterst\u00FCzt" + ")");
return;
}
}
AuthenticationManager authmanager = AuthenticationManager.getInstance();
- SSOManager ssomanager = SSOManager.getInstance();
String moasessionID = null;
String newSSOSessionId = null;
AuthenticationSession moasession = null;
-
- //get SSO Cookie for Request
- String ssoId = ssomanager.getSSOSessionID(req);
-
- boolean needAuthentication = moduleAction.needAuthentication(protocolRequest, req, resp);
+ IAuthData authData = null;
+
+ boolean needAuthentication = moduleAction.needAuthentication(protocolRequest, req, resp);
if (needAuthentication) {
-
+
+ //check if interfederation IDP is requested
+ ssomanager.checkInterfederationIsRequested(req, resp, protocolRequest);
+
//check SSO session
if (ssoId != null) {
String correspondingMOASession = ssomanager.existsOldSSOSession(ssoId);
@@ -326,8 +370,8 @@ public class DispatcherServlet extends AuthServlet{
}
- isValidSSOSession = ssomanager.isValidSSOSession(ssoId, req);
- useSSOOA = oaParam.useSSO();
+ isValidSSOSession = ssomanager.isValidSSOSession(ssoId, protocolRequest);
+ useSSOOA = oaParam.useSSO() || oaParam.isInderfederationIDP();
//if a legacy request is used SSO should not be allowed, actually
@@ -377,38 +421,36 @@ public class DispatcherServlet extends AuthServlet{
if (oaParam.useSSOQuestion() && !AuthenticationSessionStoreage.isAuthenticated(moasessionID)) {
authmanager.sendTransmitAssertionQuestion(req, resp, protocolRequest, oaParam);
return;
- }
- }
- else {
+ }
- moasessionID = (String) req.getParameter(PARAM_SESSIONID);
-
+ } else {
+ moasessionID = (String) req.getParameter(PARAM_SESSIONID);
moasession = AuthenticationSessionStoreage.getSession(moasessionID);
- }
-
+
+ }
//save SSO session usage in Database
newSSOSessionId = ssomanager.createSSOSessionInformations(moasessionID, protocolRequest.getOAURL());
- if (newSSOSessionId != null) {
+ if (MiscUtil.isNotEmpty(newSSOSessionId)) {
ssomanager.setSSOSessionID(req, resp, newSSOSessionId);
} else {
ssomanager.deleteSSOSessionID(req, resp);
+
}
- } else {
-
- moasessionID = (String) req.getParameter(PARAM_SESSIONID);
-
+ } else {
+ moasessionID = (String) req.getParameter(PARAM_SESSIONID);
moasession = AuthenticationSessionStoreage.getSession(moasessionID);
moasessionID = AuthenticationSessionStoreage.changeSessionID(moasession);
+
}
-
-
+ //build authenticationdata from session information and OA configuration
+ authData = AuthenticationDataBuilder.buildAuthenticationData(protocolRequest, moasession);
}
-
- String assertionID = moduleAction.processRequest(protocolRequest, req, resp, moasession);
+
+ SLOInformationInterface assertionID = moduleAction.processRequest(protocolRequest, req, resp, authData);
RequestStorage.removePendingRequest(protocolRequestID);
@@ -436,7 +478,7 @@ public class DispatcherServlet extends AuthServlet{
//Advanced statistic logging
StatisticLogger logger = StatisticLogger.getInstance();
- logger.logSuccessOperation(protocolRequest, moasession, isSSOSession);
+ logger.logSuccessOperation(protocolRequest, authData, isSSOSession);
}
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/moduls/AuthenticationManager.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/moduls/AuthenticationManager.java
index 03a61d08f..5a06b3ecd 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/moduls/AuthenticationManager.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/moduls/AuthenticationManager.java
@@ -24,12 +24,37 @@ package at.gv.egovernment.moa.id.moduls;
import java.io.IOException;
import java.io.PrintWriter;
+import java.security.NoSuchAlgorithmException;
import java.util.List;
import javax.servlet.ServletException;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
+import org.joda.time.DateTime;
+import org.opensaml.common.impl.SecureRandomIdentifierGenerator;
+import org.opensaml.common.xml.SAMLConstants;
+import org.opensaml.saml2.core.AuthnContextClassRef;
+import org.opensaml.saml2.core.AuthnContextComparisonTypeEnumeration;
+import org.opensaml.saml2.core.AuthnRequest;
+import org.opensaml.saml2.core.Issuer;
+import org.opensaml.saml2.core.NameID;
+import org.opensaml.saml2.core.NameIDPolicy;
+import org.opensaml.saml2.core.NameIDType;
+import org.opensaml.saml2.core.RequestedAuthnContext;
+import org.opensaml.saml2.core.Subject;
+import org.opensaml.saml2.metadata.EntityDescriptor;
+import org.opensaml.saml2.metadata.IDPSSODescriptor;
+import org.opensaml.saml2.metadata.SingleSignOnService;
+import org.opensaml.saml2.metadata.provider.MetadataProviderException;
+import org.opensaml.security.MetadataCredentialResolver;
+import org.opensaml.security.MetadataCredentialResolverFactory;
+import org.opensaml.security.MetadataCriteria;
+import org.opensaml.ws.message.encoder.MessageEncodingException;
+import org.opensaml.xml.security.CriteriaSet;
+import org.opensaml.xml.security.SecurityException;
+import org.opensaml.xml.security.criteria.EntityIDCriteria;
+
import at.gv.egovernment.moa.id.auth.builder.LoginFormBuilder;
import at.gv.egovernment.moa.id.auth.builder.SendAssertionFormBuilder;
import at.gv.egovernment.moa.id.auth.builder.StartAuthenticationBuilder;
@@ -42,9 +67,17 @@ import at.gv.egovernment.moa.id.auth.servlet.AuthServlet;
import at.gv.egovernment.moa.id.commons.db.ex.MOADatabaseException;
import at.gv.egovernment.moa.id.config.auth.AuthConfigurationProvider;
import at.gv.egovernment.moa.id.config.auth.OAAuthParameter;
+import at.gv.egovernment.moa.id.protocols.pvp2x.binding.ArtifactBinding;
+import at.gv.egovernment.moa.id.protocols.pvp2x.binding.IEncoder;
+import at.gv.egovernment.moa.id.protocols.pvp2x.binding.PostBinding;
+import at.gv.egovernment.moa.id.protocols.pvp2x.binding.RedirectBinding;
+import at.gv.egovernment.moa.id.protocols.pvp2x.config.PVPConfiguration;
+import at.gv.egovernment.moa.id.protocols.pvp2x.metadata.MOAMetadataProvider;
+import at.gv.egovernment.moa.id.protocols.pvp2x.utils.SAML2Utils;
import at.gv.egovernment.moa.id.storage.AuthenticationSessionStoreage;
import at.gv.egovernment.moa.id.util.ParamValidatorUtils;
import at.gv.egovernment.moa.logging.Logger;
+import at.gv.egovernment.moa.util.MiscUtil;
import at.gv.egovernment.moa.util.StringUtils;
public class AuthenticationManager extends AuthServlet {
@@ -65,7 +98,6 @@ public class AuthenticationManager extends AuthServlet {
return instance;
}
-
/**
* Checks if this request can authenticate a MOA Session
*
@@ -82,9 +114,7 @@ public class AuthenticationManager extends AuthServlet {
AuthenticationSession authSession;
try {
authSession = AuthenticationSessionStoreage.getSession(sessionID);
-
-
-
+
if (authSession != null) {
Logger.info("MOASession found! A: "
+ authSession.isAuthenticated() + ", AU "
@@ -148,16 +178,168 @@ public class AuthenticationManager extends AuthServlet {
public void doAuthentication(HttpServletRequest request,
HttpServletResponse response, IRequest target)
throws ServletException, IOException, MOAIDException {
+
Logger.info("Starting authentication ...");
+
+ if (MiscUtil.isEmpty(target.getRequestedIDP())) {
+ perfomLocalAuthentication(request, response, target);
+
+ } else {
+ Logger.info("Use IDP " + target.getRequestedIDP() + " for authentication ...");
+ buildPVP21AuthenticationRequest(request, response, target);
+
+ }
+ }
+
+ public void sendTransmitAssertionQuestion(HttpServletRequest request,
+ HttpServletResponse response, IRequest target, OAAuthParameter oaParam)
+ throws ServletException, IOException, MOAIDException {
+
+ String form = SendAssertionFormBuilder.buildForm(target.requestedModule(),
+ target.requestedAction(), target.getRequestID(), oaParam, request.getContextPath());
+
+ response.setContentType("text/html;charset=UTF-8");
+ PrintWriter out = new PrintWriter(response.getOutputStream());
+ out.print(form);
+ out.flush();
+ }
+
+ private void buildPVP21AuthenticationRequest(HttpServletRequest request,
+ HttpServletResponse response, IRequest target)
+ throws ServletException, IOException, MOAIDException {
+
+ boolean requiredLocalAuthentication = true;
+
+ Logger.debug("Build PVP 2.1 authentication request");
+
+ //get IDP metadata
+ try {
+ OAAuthParameter idp = AuthConfigurationProvider.getInstance().getOnlineApplicationParameter(target.getRequestedIDP());
+ if (!idp.isInderfederationIDP() || !idp.isInboundSSOInterfederationAllowed()) {
+ Logger.info("Requested interfederation IDP " + target.getRequestedIDP() + " is not valid for interfederation.");
+ Logger.info("Switch to local authentication on this IDP ... ");
+ perfomLocalAuthentication(request, response, target);
+ return;
+
+ }
+
+ EntityDescriptor idpEntity = MOAMetadataProvider.getInstance().
+ getEntityDescriptor(target.getRequestedIDP());
+
+ if (idpEntity != null ) {
+
+ //fetch endpoint from IDP metadata
+ SingleSignOnService redirectEndpoint = null;
+ for (SingleSignOnService sss :
+ idpEntity.getIDPSSODescriptor(SAMLConstants.SAML20P_NS).getSingleSignOnServices()) {
+
+ // use POST binding as default if it exists
+ //TODO: maybe use RedirectBinding as default
+ if (sss.getBinding().equals(SAMLConstants.SAML2_POST_BINDING_URI)) {
+ redirectEndpoint = sss;
+
+ } else if ( sss.getBinding().equals(SAMLConstants.SAML2_REDIRECT_BINDING_URI) &&
+ redirectEndpoint == null )
+ redirectEndpoint = sss;
+ }
+
+ if (redirectEndpoint != null) {
+
+ AuthnRequest authReq = SAML2Utils
+ .createSAMLObject(AuthnRequest.class);
+ SecureRandomIdentifierGenerator gen = new SecureRandomIdentifierGenerator();
+ authReq.setID(gen.generateIdentifier());
-// if (!ParamValidatorUtils.isValidOA(target.getOAURL()))
-// throw new WrongParametersException("StartAuthentication", PARAM_OA,
-// "auth.12");
-//
-// if (target.getOAURL() == null) {
-// throw new WrongParametersException("StartAuthentication", PARAM_OA,
-// "auth.12");
-// }
+ //send passive AuthnRequest
+ authReq.setIsPassive(true);
+
+ authReq.setAssertionConsumerServiceIndex(0);
+ authReq.setIssueInstant(new DateTime());
+ Subject subject = SAML2Utils.createSAMLObject(Subject.class);
+ NameID name = SAML2Utils.createSAMLObject(NameID.class);
+ Issuer issuer = SAML2Utils.createSAMLObject(Issuer.class);
+
+ String serviceURL = PVPConfiguration.getInstance().getIDPPublicPath();
+ name.setValue(serviceURL);
+ issuer.setValue(serviceURL);
+
+ subject.setNameID(name);
+ authReq.setSubject(subject);
+ issuer.setFormat(NameIDType.ENTITY);
+ authReq.setIssuer(issuer);
+ NameIDPolicy policy = SAML2Utils
+ .createSAMLObject(NameIDPolicy.class);
+ policy.setAllowCreate(true);
+ policy.setFormat(NameID.TRANSIENT);
+ authReq.setNameIDPolicy(policy);
+
+ authReq.setDestination(redirectEndpoint.getLocation());
+
+ RequestedAuthnContext reqAuthContext =
+ SAML2Utils.createSAMLObject(RequestedAuthnContext.class);
+
+ AuthnContextClassRef authnClassRef =
+ SAML2Utils.createSAMLObject(AuthnContextClassRef.class);
+ authnClassRef.setAuthnContextClassRef("http://www.stork.gov.eu/1.0/citizenQAALevel/4");
+ reqAuthContext.setComparison(AuthnContextComparisonTypeEnumeration.MINIMUM);
+ reqAuthContext.getAuthnContextClassRefs().add(authnClassRef);
+ authReq.setRequestedAuthnContext(reqAuthContext);
+
+
+ IEncoder binding = null;
+ if (redirectEndpoint.getBinding().equals(
+ SAMLConstants.SAML2_REDIRECT_BINDING_URI)) {
+ binding = new RedirectBinding();
+
+ } else if (redirectEndpoint.getBinding().equals(
+ SAMLConstants.SAML2_POST_BINDING_URI)) {
+ binding = new PostBinding();
+
+ }
+
+ binding.encodeRequest(request, response, authReq,
+ redirectEndpoint.getLocation(), target.getRequestID());
+
+ //build and send request without an error
+ requiredLocalAuthentication = false;
+
+ } else {
+ Logger.warn("Requested IDP " + target.getRequestedIDP()
+ + " does not support POST or Redirect Binding.");
+
+ }
+
+ } else {
+ Logger.warn("Requested IDP " + target.getRequestedIDP()
+ + " is not found in InterFederation configuration");
+
+ }
+
+ } catch (MetadataProviderException e) {
+ Logger.error("IDP metadata error." , e);
+
+ } catch (NoSuchAlgorithmException e) {
+ Logger.error("Build IDP authentication request FAILED.", e);
+
+ } catch (MessageEncodingException e) {
+ Logger.error("Build IDP authentication request FAILED.", e);
+
+ } catch (SecurityException e) {
+ Logger.error("Build IDP authentication request FAILED.", e);
+
+ }
+
+ if (requiredLocalAuthentication) {
+ Logger.info("Switch to local authentication on this IDP ... ");
+ perfomLocalAuthentication(request, response, target);
+ }
+ }
+
+
+ private void perfomLocalAuthentication(HttpServletRequest request,
+ HttpServletResponse response, IRequest target)
+ throws ServletException, IOException, MOAIDException {
+ Logger.debug("Starting authentication on this IDP ...");
setNoCachingHeadersInHttpRespone(request, response);
@@ -183,17 +365,12 @@ public class AuthenticationManager extends AuthServlet {
if (legacyallowed && legacyparamavail) {
- //parse request parameter into MOASession
-
+ //parse request parameter into MOASession
StartAuthentificationParameterParser.parse(request, response, moasession, target);
Logger.info("Start Authentication Module: " + moasession.getModul()
+ " Action: " + moasession.getAction());
-
- //start authentication process
-// session.getServletContext().getNamedDispatcher("StartAuthentication")
-// .forward(request, response);
-
+
StartAuthenticationBuilder startauth = StartAuthenticationBuilder.getInstance();
String getIdentityLinkForm = startauth.build(moasession, request, response);
@@ -260,17 +437,4 @@ public class AuthenticationManager extends AuthServlet {
out.flush();
}
}
-
- public void sendTransmitAssertionQuestion(HttpServletRequest request,
- HttpServletResponse response, IRequest target, OAAuthParameter oaParam)
- throws ServletException, IOException, MOAIDException {
-
- String form = SendAssertionFormBuilder.buildForm(target.requestedModule(),
- target.requestedAction(), target.getRequestID(), oaParam, request.getContextPath());
-
- response.setContentType("text/html;charset=UTF-8");
- PrintWriter out = new PrintWriter(response.getOutputStream());
- out.print(form);
- out.flush();
- }
}
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/moduls/IAction.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/moduls/IAction.java
index 9a3d3986b..529e2ab81 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/moduls/IAction.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/moduls/IAction.java
@@ -26,11 +26,13 @@ import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import at.gv.egovernment.moa.id.auth.MOAIDAuthConstants;
-import at.gv.egovernment.moa.id.auth.data.AuthenticationSession;
import at.gv.egovernment.moa.id.auth.exception.MOAIDException;
+import at.gv.egovernment.moa.id.data.AuthenticationData;
+import at.gv.egovernment.moa.id.data.IAuthData;
+import at.gv.egovernment.moa.id.data.SLOInformationInterface;
public interface IAction extends MOAIDAuthConstants {
- public String processRequest(IRequest req, HttpServletRequest httpReq, HttpServletResponse httpResp, AuthenticationSession moasession)
+ public SLOInformationInterface processRequest(IRequest req, HttpServletRequest httpReq, HttpServletResponse httpResp, IAuthData authData)
throws MOAIDException;
public boolean needAuthentication(IRequest req, HttpServletRequest httpReq, HttpServletResponse httpResp);
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/moduls/IRequest.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/moduls/IRequest.java
index 2ef24c084..aaeb84f92 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/moduls/IRequest.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/moduls/IRequest.java
@@ -22,6 +22,12 @@
*******************************************************************************/
package at.gv.egovernment.moa.id.moduls;
+import java.util.List;
+
+import org.opensaml.saml2.core.Attribute;
+
+import at.gv.egovernment.moa.id.protocols.pvp2x.messages.MOAResponse;
+
public interface IRequest {
public String getOAURL();
public boolean isPassiv();
@@ -33,7 +39,10 @@ public interface IRequest {
public void setAction(String action);
public String getTarget();
public void setRequestID(String id);
- public String getRequestID();
+ public String getRequestID();
+ public String getRequestedIDP();
+ public MOAResponse getInterfederationResponse();
+ public List<Attribute> getRequestedAttributes();
//public void setTarget();
}
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/moduls/RequestImpl.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/moduls/RequestImpl.java
index b9b1742e4..4a54a516b 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/moduls/RequestImpl.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/moduls/RequestImpl.java
@@ -23,8 +23,13 @@
package at.gv.egovernment.moa.id.moduls;
import java.io.Serializable;
+import java.util.List;
-public class RequestImpl implements IRequest, Serializable{
+import org.opensaml.saml2.core.Attribute;
+
+import at.gv.egovernment.moa.id.protocols.pvp2x.messages.MOAResponse;
+
+public abstract class RequestImpl implements IRequest, Serializable{
private static final long serialVersionUID = 1L;
@@ -37,6 +42,16 @@ public class RequestImpl implements IRequest, Serializable{
private String target = null;
private String requestID;
+ //MOA-ID interfederation
+ private String requestedIDP = null;
+ private MOAResponse response = null;
+
+ /**
+ * This method map the protocol specific requested attributes to PVP 2.1 attributes.
+ *
+ * @return List of PVP 2.1 attributes with maps all protocol specific attributes
+ */
+ public abstract List<Attribute> getRequestedAttributes();
public void setOAURL(String value) {
oaURL = value;
@@ -102,4 +117,36 @@ public class RequestImpl implements IRequest, Serializable{
public String getRequestID() {
return requestID;
}
+
+ /* (non-Javadoc)
+ * @see at.gv.egovernment.moa.id.moduls.IRequest#getRequestedIDP()
+ */
+ @Override
+ public String getRequestedIDP() {
+ return requestedIDP;
+ }
+
+ /**
+ * @param requestedIDP the requestedIDP to set
+ */
+ public void setRequestedIDP(String requestedIDP) {
+ this.requestedIDP = requestedIDP;
+ }
+
+ /**
+ * @return the response
+ */
+ public MOAResponse getInterfederationResponse() {
+ return response;
+ }
+
+ /**
+ * @param response the response to set
+ */
+ public void setInterfederationResponse(MOAResponse response) {
+ this.response = response;
+ }
+
+
+
}
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/moduls/SSOManager.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/moduls/SSOManager.java
index 684c6630a..f4f89a4ba 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/moduls/SSOManager.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/moduls/SSOManager.java
@@ -31,11 +31,15 @@ import javax.servlet.http.HttpServletResponse;
import org.hibernate.Query;
import org.hibernate.Session;
+import at.gv.egovernment.moa.id.auth.MOAIDAuthConstants;
+import at.gv.egovernment.moa.id.auth.data.AuthenticationSession;
import at.gv.egovernment.moa.id.commons.db.MOASessionDBUtils;
import at.gv.egovernment.moa.id.commons.db.dao.session.AuthenticatedSessionStore;
+import at.gv.egovernment.moa.id.commons.db.dao.session.InterfederationSessionStore;
import at.gv.egovernment.moa.id.commons.db.dao.session.OldSSOSessionIDStore;
import at.gv.egovernment.moa.id.config.ConfigurationException;
import at.gv.egovernment.moa.id.config.auth.AuthConfigurationProvider;
+import at.gv.egovernment.moa.id.config.auth.OAAuthParameter;
import at.gv.egovernment.moa.id.storage.AuthenticationSessionStoreage;
import at.gv.egovernment.moa.id.util.Random;
import at.gv.egovernment.moa.logging.Logger;
@@ -44,9 +48,12 @@ import at.gv.egovernment.moa.util.MiscUtil;
public class SSOManager {
private static final String SSOCOOKIE = "MOA_ID_SSO";
+ private static final String SSOINTERFEDERATION = "MOA_INTERFEDERATION_SSO";
private static final int DEFAULTSSOTIMEOUT = 15 * 60; // sec
+ private static final int INTERFEDERATIONCOOKIEMAXAGE = 5 * 60;// sec
+
private static SSOManager instance = null;
private static int sso_timeout;
@@ -68,7 +75,46 @@ public class SSOManager {
return instance;
}
- public boolean isValidSSOSession(String ssoSessionID, HttpServletRequest httpReq) {
+ public void checkInterfederationIsRequested(HttpServletRequest httpReq, HttpServletResponse httpResp,
+ IRequest protocolRequest) {
+ String interIDP = httpReq.getParameter(MOAIDAuthConstants.INTERFEDERATION_IDP);
+
+ if (MiscUtil.isNotEmpty(protocolRequest.getRequestedIDP())) {
+ Logger.info("Protocolspecific preprocessing already set interfederation IDP " + protocolRequest.getRequestedIDP());
+
+ }
+
+ if (protocolRequest instanceof RequestImpl) {
+ //check if IDP is requested
+ RequestImpl moaReq = (RequestImpl) protocolRequest;
+ if (MiscUtil.isNotEmpty(interIDP)) {
+ Logger.info("Receive SSO request for interfederation IDP " + interIDP);
+ moaReq.setRequestedIDP(interIDP);
+
+ } else {
+ //check if IDP cookie is set
+ String cookie = getValueFromCookie(httpReq, SSOINTERFEDERATION);
+ if (MiscUtil.isNotEmpty(cookie)) {
+ Logger.info("Receive SSO request for interfederated IDP from Cookie " + cookie);
+ moaReq.setRequestedIDP(cookie);
+
+ deleteCookie(httpReq, httpResp, SSOINTERFEDERATION);
+ }
+ }
+
+ } else {
+ Logger.warn("Request is not of type RequestImpl");
+
+ }
+ }
+
+ public void setInterfederationIDPCookie(HttpServletRequest httpReq, HttpServletResponse httpResp, String value) {
+ setCookie(httpReq, httpResp, SSOINTERFEDERATION, value, INTERFEDERATIONCOOKIEMAXAGE);
+
+ }
+
+
+ public boolean isValidSSOSession(String ssoSessionID, IRequest protocolRequest) {
// search SSO Session
if (ssoSessionID == null) {
@@ -76,15 +122,43 @@ public class SSOManager {
return false;
}
- // String moaSessionId =HTTPSessionUtils.getHTTPSessionString(httpReq.getSession(),
- // AuthenticationManager.MOA_SESSION, null);
+ AuthenticatedSessionStore storedSession = AuthenticationSessionStoreage.isValidSessionWithSSOID(ssoSessionID, null);
- return AuthenticationSessionStoreage.isValidSessionWithSSOID(ssoSessionID, null);
+ if (storedSession == null)
+ return false;
+
+ else {
+ if (protocolRequest != null &&
+ protocolRequest instanceof RequestImpl &&
+ storedSession.isInterfederatedSSOSession() &&
+ !storedSession.isAuthenticated()) {
+
+ if (MiscUtil.isEmpty(((RequestImpl) protocolRequest).getRequestedIDP())) {
+ InterfederationSessionStore selectedIDP = AuthenticationSessionStoreage.searchInterfederatedIDPFORSSOWithMOASession(storedSession.getSessionid());
+
+ if (selectedIDP != null) {
+ //no local SSO session exist -> request interfederated IDP
+ ((RequestImpl) protocolRequest).setRequestedIDP(selectedIDP.getIdpurlprefix());
+
+ } else {
+ Logger.warn("MOASession is marked as interfederated SSO session but no interfederated IDP is found. Switch to local authentication ...");
+ MOASessionDBUtils.delete(storedSession);
+
+ }
+ }
+
+ return false;
+
+ }
+
+ return true;
+ }
}
public String getMOASession(String ssoSessionID) {
- return AuthenticationSessionStoreage.getMOASessionID(ssoSessionID);
+ return AuthenticationSessionStoreage.getMOASessionSSOID(ssoSessionID);
+
}
public String existsOldSSOSession(String ssoId) {
@@ -95,24 +169,10 @@ public class SSOManager {
List<OldSSOSessionIDStore> result;
synchronized (session) {
-
-// try {
-// session.getTransaction().rollback();
-// }
-// catch (Exception e) {
-// e.printStackTrace();
-// }
-// try {
-// session.getSessionFactory().openSession();
-// }
-// catch (Exception e) {
-// e.printStackTrace();
-// }
- // session.getTransaction().begin();
-
+
session.beginTransaction();
Query query = session.getNamedQuery("getSSOSessionWithOldSessionID");
- query.setString("sessionid", ssoId);
+ query.setParameter("sessionid", ssoId);
result = query.list();
// send transaction
@@ -156,22 +216,58 @@ public class SSOManager {
return newSSOId;
}
-
+
public void setSSOSessionID(HttpServletRequest httpReq, HttpServletResponse httpResp, String ssoId) {
- Cookie[] cookies = httpReq.getCookies();
+ setCookie(httpReq, httpResp, SSOCOOKIE, ssoId, sso_timeout);
- if (cookies != null) {
- deleteSSOSessionID(httpReq, httpResp);
- }
+ }
- Cookie cookie = new Cookie(SSOCOOKIE, ssoId);
- cookie.setMaxAge(sso_timeout);
- cookie.setSecure(true);
- cookie.setPath(httpReq.getContextPath());
- httpResp.addCookie(cookie);
+ public String getSSOSessionID(HttpServletRequest httpReq) {
+ return getValueFromCookie(httpReq, SSOCOOKIE);
+
+ }
+
+ public void deleteSSOSessionID(HttpServletRequest httpReq, HttpServletResponse httpResp) {
+ deleteCookie(httpReq, httpResp, SSOCOOKIE);
}
- public String getSSOSessionID(HttpServletRequest httpReq) {
+ /**
+ * @param entityID
+ * @param request
+ */
+ public boolean removeInterfederatedSSOIDP(String entityID,
+ HttpServletRequest request) {
+
+ String ssoSessionID = getSSOSessionID(request);
+
+ if (MiscUtil.isNotEmpty(ssoSessionID)) {
+
+ AuthenticatedSessionStore storedSession = AuthenticationSessionStoreage.isValidSessionWithSSOID(ssoSessionID, null);
+
+ if (storedSession == null)
+ return false;
+
+ InterfederationSessionStore selectedIDP = AuthenticationSessionStoreage.searchInterfederatedIDPFORSSOWithMOASessionIDPID(storedSession.getSessionid(), entityID);
+
+ if (selectedIDP != null) {
+ //no local SSO session exist -> request interfederated IDP
+ Logger.info("Delete interfederated IDP " + selectedIDP.getIdpurlprefix()
+ + " from MOASession " + storedSession.getSessionid());
+ MOASessionDBUtils.delete(selectedIDP);
+
+ } else {
+ Logger.warn("MOASession is marked as interfederated SSO session but no interfederated IDP is found. Switch to local authentication ...");
+
+ }
+
+ return true;
+
+ } else
+ return false;
+
+ }
+
+ private String getValueFromCookie(HttpServletRequest httpReq, String cookieName) {
Cookie[] cookies = httpReq.getCookies();
if (cookies != null) {
@@ -181,7 +277,7 @@ public class SSOManager {
// (firefox)
// if (cookie.getName().equals(SSOCOOKIE) && cookie.getSecure()) {
- if (cookie.getName().equals(SSOCOOKIE)) {
+ if (cookie.getName().equals(cookieName)) {
return cookie.getValue();
}
}
@@ -189,13 +285,21 @@ public class SSOManager {
return null;
}
- public void deleteSSOSessionID(HttpServletRequest httpReq, HttpServletResponse httpResp) {
- Cookie[] cookies = httpReq.getCookies();
+ private void setCookie(HttpServletRequest httpReq, HttpServletResponse httpResp,
+ String cookieName, String cookieValue, int maxAge) {
- if (cookies != null) {
- for (Cookie cookie : cookies) {
- if (!cookie.getName().equals(SSOCOOKIE)) httpResp.addCookie(cookie);
- }
- }
+ Cookie cookie = new Cookie(cookieName, cookieValue);
+ cookie.setMaxAge(maxAge);
+ cookie.setSecure(true);
+
+ //TODO: could be a problem if the IDP is accessible from different contextPaths or Domains
+ cookie.setPath(httpReq.getContextPath());
+
+ httpResp.addCookie(cookie);
+ }
+
+ private void deleteCookie(HttpServletRequest httpReq, HttpServletResponse httpResp, String cookieName) {
+ setCookie(httpReq, httpResp, cookieName, "", 1);
}
+
}
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/monitoring/IdentityLinkTestModule.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/monitoring/IdentityLinkTestModule.java
index b95c08044..6c2f3e75a 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/monitoring/IdentityLinkTestModule.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/monitoring/IdentityLinkTestModule.java
@@ -22,9 +22,8 @@
*******************************************************************************/
package at.gv.egovernment.moa.id.monitoring;
-import java.io.File;
-import java.io.FileInputStream;
import java.io.InputStream;
+import java.net.URL;
import java.util.List;
import org.w3c.dom.Element;
@@ -49,8 +48,9 @@ public class IdentityLinkTestModule implements TestModuleInterface {
public void initializeTest(long delayParam, String url) throws Exception{
if (MiscUtil.isNotEmpty(url)) {
- File idlfile = new File(url);
- InputStream idlstream = new FileInputStream(idlfile);
+
+ URL keystoreURL = new URL(url);
+ InputStream idlstream = keystoreURL.openStream();
identityLink = new IdentityLinkAssertionParser(idlstream).parseIdentityLink();
}
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/monitoring/TestManager.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/monitoring/TestManager.java
index ccfa6d5d1..84581abe8 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/monitoring/TestManager.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/monitoring/TestManager.java
@@ -30,6 +30,7 @@ import java.util.Map;
import at.gv.egovernment.moa.id.config.ConfigurationException;
import at.gv.egovernment.moa.id.config.auth.AuthConfigurationProvider;
import at.gv.egovernment.moa.logging.Logger;
+import at.gv.egovernment.moa.util.FileUtils;
public class TestManager {
@@ -54,7 +55,7 @@ public class TestManager {
//add IdentityLink verification test
IdentityLinkTestModule test2 = new IdentityLinkTestModule();
- String idlurl = config.getMonitoringTestIdentityLinkURL();
+ String idlurl = FileUtils.makeAbsoluteURL(config.getMonitoringTestIdentityLinkURL(), config.getRootConfigFileDir());
try {
test2.initializeTest(0, idlurl);
tests.put(test2.getName(), test2);;
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/oauth20/OAuth20Configuration.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/oauth20/OAuth20Configuration.java
index 8d45a5d86..93a2f7d6d 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/oauth20/OAuth20Configuration.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/oauth20/OAuth20Configuration.java
@@ -26,6 +26,7 @@ import java.util.Properties;
import at.gv.egovernment.moa.id.config.ConfigurationException;
import at.gv.egovernment.moa.id.config.auth.AuthConfigurationProvider;
+import at.gv.egovernment.moa.util.FileUtils;
public class OAuth20Configuration {
@@ -44,10 +45,12 @@ public class OAuth20Configuration {
public static final String JWT_KEY_PASSWORD = "jwt.ks.key.password";
private Properties props;
+ private String rootDir = null;
private OAuth20Configuration() {
try {
props = AuthConfigurationProvider.getInstance().getGeneralOAuth20ProperiesConfig();
+ rootDir = AuthConfigurationProvider.getInstance().getRootConfigFileDir();
}
catch (ConfigurationException e) {
e.printStackTrace();
@@ -55,7 +58,7 @@ public class OAuth20Configuration {
}
public String getJWTKeyStore() {
- return props.getProperty(JWT_KEYSTORE);
+ return FileUtils.makeAbsoluteURL(props.getProperty(JWT_KEYSTORE), rootDir);
}
public String getJWTKeyStorePassword() {
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/oauth20/OAuth20Constants.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/oauth20/OAuth20Constants.java
index 677b5e7ab..75501d812 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/oauth20/OAuth20Constants.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/oauth20/OAuth20Constants.java
@@ -28,6 +28,8 @@ public final class OAuth20Constants {
throw new InstantiationError();
}
+ public static final String ERRORPAGE = "moa_errorcodes.html";
+
// error parameters and error codes
public static final String PARAM_ERROR = "error";
public static final String PARAM_ERROR_DESCRIPTION = "error_description";
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/oauth20/attributes/OAuth20AttributeBuilder.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/oauth20/attributes/OAuth20AttributeBuilder.java
index 394fd1430..3b0d07ce1 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/oauth20/attributes/OAuth20AttributeBuilder.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/oauth20/attributes/OAuth20AttributeBuilder.java
@@ -27,9 +27,8 @@ import java.util.List;
import org.apache.commons.lang.StringUtils;
-import at.gv.egovernment.moa.id.auth.data.AuthenticationSession;
import at.gv.egovernment.moa.id.config.auth.OAAuthParameter;
-import at.gv.egovernment.moa.id.data.AuthenticationData;
+import at.gv.egovernment.moa.id.data.IAuthData;
import at.gv.egovernment.moa.id.protocols.oauth20.Pair;
import at.gv.egovernment.moa.id.protocols.pvp2x.builder.attributes.BPKAttributeBuilder;
import at.gv.egovernment.moa.id.protocols.pvp2x.builder.attributes.EIDAuthBlock;
@@ -173,10 +172,10 @@ public final class OAuth20AttributeBuilder {
}
private static void addAttibutes(final List<IAttributeBuilder> builders, final JsonObject jsonObject,
- final AuthenticationSession authSession, final OAAuthParameter oaParam, final AuthenticationData authData) {
+ final OAAuthParameter oaParam, final IAuthData authData) {
for (IAttributeBuilder b : builders) {
try {
- Pair<String, JsonPrimitive> attribute = b.build(authSession, oaParam, authData, generator);
+ Pair<String, JsonPrimitive> attribute = b.build(oaParam, authData, generator);
if (attribute != null && !StringUtils.isEmpty(attribute.getSecond().getAsString())) {
jsonObject.add(attribute.getFirst(), attribute.getSecond());
}
@@ -187,33 +186,70 @@ public final class OAuth20AttributeBuilder {
}
}
- public static void addScopeOpenId(final JsonObject jsonObject, final AuthenticationSession authSession,
- final OAAuthParameter oaParam, final AuthenticationData authData) {
- addAttibutes(buildersOpenId, jsonObject, authSession, oaParam, authData);
+ public static void addScopeOpenId(final JsonObject jsonObject,
+ final OAAuthParameter oaParam, final IAuthData authData) {
+ addAttibutes(buildersOpenId, jsonObject, oaParam, authData);
}
- public static void addScopeProfile(final JsonObject jsonObject, final AuthenticationSession authSession,
- final OAAuthParameter oaParam, final AuthenticationData authData) {
- addAttibutes(buildersProfile, jsonObject, authSession, oaParam, authData);
+ public static void addScopeProfile(final JsonObject jsonObject,
+ final OAAuthParameter oaParam, final IAuthData authData) {
+ addAttibutes(buildersProfile, jsonObject, oaParam, authData);
}
- public static void addScopeEID(final JsonObject jsonObject, final AuthenticationSession authSession,
- final OAAuthParameter oaParam, final AuthenticationData authData) {
- addAttibutes(buildersEID, jsonObject, authSession, oaParam, authData);
+ public static void addScopeEID(final JsonObject jsonObject,
+ final OAAuthParameter oaParam, final IAuthData authData) {
+ addAttibutes(buildersEID, jsonObject, oaParam, authData);
}
- public static void addScopeEIDGov(final JsonObject jsonObject, final AuthenticationSession authSession,
- final OAAuthParameter oaParam, final AuthenticationData authData) {
- addAttibutes(buildersEIDGov, jsonObject, authSession, oaParam, authData);
+ public static void addScopeEIDGov(final JsonObject jsonObject,
+ final OAAuthParameter oaParam, final IAuthData authData) {
+ addAttibutes(buildersEIDGov, jsonObject, oaParam, authData);
}
- public static void addScopeMandate(final JsonObject jsonObject, final AuthenticationSession authSession,
- final OAAuthParameter oaParam, final AuthenticationData authData) {
- addAttibutes(buildersMandate, jsonObject, authSession, oaParam, authData);
+ public static void addScopeMandate(final JsonObject jsonObject,
+ final OAAuthParameter oaParam, final IAuthData authData) {
+ addAttibutes(buildersMandate, jsonObject, oaParam, authData);
}
- public static void addScopeSTORK(final JsonObject jsonObject, final AuthenticationSession authSession,
- final OAAuthParameter oaParam, final AuthenticationData authData) {
- addAttibutes(buildersSTORK, jsonObject, authSession, oaParam, authData);
+ public static void addScopeSTORK(final JsonObject jsonObject,
+ final OAAuthParameter oaParam, final IAuthData authData) {
+ addAttibutes(buildersSTORK, jsonObject, oaParam, authData);
}
+
+ /**
+ * @return the buildersprofile
+ */
+ public static List<IAttributeBuilder> getBuildersprofile() {
+ return buildersProfile;
+ }
+
+ /**
+ * @return the builderseid
+ */
+ public static List<IAttributeBuilder> getBuilderseid() {
+ return buildersEID;
+ }
+
+ /**
+ * @return the builderseidgov
+ */
+ public static List<IAttributeBuilder> getBuilderseidgov() {
+ return buildersEIDGov;
+ }
+
+ /**
+ * @return the buildersmandate
+ */
+ public static List<IAttributeBuilder> getBuildersmandate() {
+ return buildersMandate;
+ }
+
+ /**
+ * @return the buildersstork
+ */
+ public static List<IAttributeBuilder> getBuildersstork() {
+ return buildersSTORK;
+ }
+
+
}
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/oauth20/attributes/OpenIdAuthenticationTimeAttribute.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/oauth20/attributes/OpenIdAuthenticationTimeAttribute.java
index da1980896..121648499 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/oauth20/attributes/OpenIdAuthenticationTimeAttribute.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/oauth20/attributes/OpenIdAuthenticationTimeAttribute.java
@@ -22,9 +22,8 @@
*******************************************************************************/
package at.gv.egovernment.moa.id.protocols.oauth20.attributes;
-import at.gv.egovernment.moa.id.auth.data.AuthenticationSession;
import at.gv.egovernment.moa.id.config.auth.OAAuthParameter;
-import at.gv.egovernment.moa.id.data.AuthenticationData;
+import at.gv.egovernment.moa.id.data.IAuthData;
import at.gv.egovernment.moa.id.protocols.pvp2x.builder.attributes.IAttributeBuilder;
import at.gv.egovernment.moa.id.protocols.pvp2x.builder.attributes.IAttributeGenerator;
import at.gv.egovernment.moa.id.protocols.pvp2x.builder.attributes.exceptions.AttributeException;
@@ -35,9 +34,9 @@ public class OpenIdAuthenticationTimeAttribute implements IAttributeBuilder {
return "auth_time";
}
- public <ATT> ATT build(AuthenticationSession authSession, OAAuthParameter oaParam, AuthenticationData authData,
+ public <ATT> ATT build(OAAuthParameter oaParam, IAuthData authData,
IAttributeGenerator<ATT> g) throws AttributeException {
- return g.buildLongAttribute(this.getName(), "", ((long) (authData.getTimestamp().getTime() / 1000)));
+ return g.buildLongAttribute(this.getName(), "", ((long) (authData.getIssueInstant().getTime() / 1000)));
}
public <ATT> ATT buildEmpty(IAttributeGenerator<ATT> g) {
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/oauth20/attributes/OpenIdExpirationTimeAttribute.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/oauth20/attributes/OpenIdExpirationTimeAttribute.java
index e7a85705a..9230c0105 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/oauth20/attributes/OpenIdExpirationTimeAttribute.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/oauth20/attributes/OpenIdExpirationTimeAttribute.java
@@ -24,9 +24,8 @@ package at.gv.egovernment.moa.id.protocols.oauth20.attributes;
import java.util.Date;
-import at.gv.egovernment.moa.id.auth.data.AuthenticationSession;
import at.gv.egovernment.moa.id.config.auth.OAAuthParameter;
-import at.gv.egovernment.moa.id.data.AuthenticationData;
+import at.gv.egovernment.moa.id.data.IAuthData;
import at.gv.egovernment.moa.id.protocols.pvp2x.builder.attributes.IAttributeBuilder;
import at.gv.egovernment.moa.id.protocols.pvp2x.builder.attributes.IAttributeGenerator;
import at.gv.egovernment.moa.id.protocols.pvp2x.builder.attributes.exceptions.AttributeException;
@@ -39,7 +38,7 @@ public class OpenIdExpirationTimeAttribute implements IAttributeBuilder {
return "exp";
}
- public <ATT> ATT build(AuthenticationSession authSession, OAAuthParameter oaParam, AuthenticationData authData,
+ public <ATT> ATT build(OAAuthParameter oaParam, IAuthData authData,
IAttributeGenerator<ATT> g) throws AttributeException {
return g.buildLongAttribute(this.getName(), "", (long) (new Date().getTime() / 1000 + expirationTime));
}
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/oauth20/attributes/OpenIdIssueInstantAttribute.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/oauth20/attributes/OpenIdIssueInstantAttribute.java
index a75dfd029..3bdda5c2a 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/oauth20/attributes/OpenIdIssueInstantAttribute.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/oauth20/attributes/OpenIdIssueInstantAttribute.java
@@ -24,9 +24,8 @@ package at.gv.egovernment.moa.id.protocols.oauth20.attributes;
import java.util.Date;
-import at.gv.egovernment.moa.id.auth.data.AuthenticationSession;
import at.gv.egovernment.moa.id.config.auth.OAAuthParameter;
-import at.gv.egovernment.moa.id.data.AuthenticationData;
+import at.gv.egovernment.moa.id.data.IAuthData;
import at.gv.egovernment.moa.id.protocols.pvp2x.builder.attributes.IAttributeBuilder;
import at.gv.egovernment.moa.id.protocols.pvp2x.builder.attributes.IAttributeGenerator;
import at.gv.egovernment.moa.id.protocols.pvp2x.builder.attributes.exceptions.AttributeException;
@@ -37,7 +36,7 @@ public class OpenIdIssueInstantAttribute implements IAttributeBuilder {
return "iat";
}
- public <ATT> ATT build(AuthenticationSession authSession, OAAuthParameter oaParam, AuthenticationData authData,
+ public <ATT> ATT build(OAAuthParameter oaParam, IAuthData authData,
IAttributeGenerator<ATT> g) throws AttributeException {
return g.buildLongAttribute(this.getName(), "", (long) (new Date().getTime() / 1000));
}
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/oauth20/attributes/OpenIdIssuerAttribute.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/oauth20/attributes/OpenIdIssuerAttribute.java
index d21f1a5bb..85c46d5b2 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/oauth20/attributes/OpenIdIssuerAttribute.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/oauth20/attributes/OpenIdIssuerAttribute.java
@@ -22,9 +22,8 @@
*******************************************************************************/
package at.gv.egovernment.moa.id.protocols.oauth20.attributes;
-import at.gv.egovernment.moa.id.auth.data.AuthenticationSession;
import at.gv.egovernment.moa.id.config.auth.OAAuthParameter;
-import at.gv.egovernment.moa.id.data.AuthenticationData;
+import at.gv.egovernment.moa.id.data.IAuthData;
import at.gv.egovernment.moa.id.protocols.pvp2x.builder.attributes.IAttributeBuilder;
import at.gv.egovernment.moa.id.protocols.pvp2x.builder.attributes.IAttributeGenerator;
import at.gv.egovernment.moa.id.protocols.pvp2x.builder.attributes.exceptions.AttributeException;
@@ -35,7 +34,7 @@ public class OpenIdIssuerAttribute implements IAttributeBuilder {
return "iss";
}
- public <ATT> ATT build(AuthenticationSession authSession, OAAuthParameter oaParam, AuthenticationData authData,
+ public <ATT> ATT build(OAAuthParameter oaParam, IAuthData authData,
IAttributeGenerator<ATT> g) throws AttributeException {
return g.buildStringAttribute(this.getName(), "", authData.getIssuer());
}
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/oauth20/attributes/OpenIdSubjectIdentifierAttribute.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/oauth20/attributes/OpenIdSubjectIdentifierAttribute.java
index bc48ce915..d5bda0dba 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/oauth20/attributes/OpenIdSubjectIdentifierAttribute.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/oauth20/attributes/OpenIdSubjectIdentifierAttribute.java
@@ -22,9 +22,8 @@
*******************************************************************************/
package at.gv.egovernment.moa.id.protocols.oauth20.attributes;
-import at.gv.egovernment.moa.id.auth.data.AuthenticationSession;
import at.gv.egovernment.moa.id.config.auth.OAAuthParameter;
-import at.gv.egovernment.moa.id.data.AuthenticationData;
+import at.gv.egovernment.moa.id.data.IAuthData;
import at.gv.egovernment.moa.id.protocols.pvp2x.builder.attributes.IAttributeBuilder;
import at.gv.egovernment.moa.id.protocols.pvp2x.builder.attributes.IAttributeGenerator;
import at.gv.egovernment.moa.id.protocols.pvp2x.builder.attributes.exceptions.AttributeException;
@@ -35,7 +34,7 @@ public class OpenIdSubjectIdentifierAttribute implements IAttributeBuilder {
return "sub";
}
- public <ATT> ATT build(AuthenticationSession authSession, OAAuthParameter oaParam, AuthenticationData authData,
+ public <ATT> ATT build(OAAuthParameter oaParam, IAuthData authData,
IAttributeGenerator<ATT> g) throws AttributeException {
return g.buildStringAttribute(this.getName(), "", authData.getBPK());
}
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/oauth20/attributes/ProfileDateOfBirthAttribute.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/oauth20/attributes/ProfileDateOfBirthAttribute.java
index a92b0c12d..dd84536ed 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/oauth20/attributes/ProfileDateOfBirthAttribute.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/oauth20/attributes/ProfileDateOfBirthAttribute.java
@@ -22,9 +22,8 @@
*******************************************************************************/
package at.gv.egovernment.moa.id.protocols.oauth20.attributes;
-import at.gv.egovernment.moa.id.auth.data.AuthenticationSession;
import at.gv.egovernment.moa.id.config.auth.OAAuthParameter;
-import at.gv.egovernment.moa.id.data.AuthenticationData;
+import at.gv.egovernment.moa.id.data.IAuthData;
import at.gv.egovernment.moa.id.protocols.pvp2x.builder.attributes.IAttributeBuilder;
import at.gv.egovernment.moa.id.protocols.pvp2x.builder.attributes.IAttributeGenerator;
import at.gv.egovernment.moa.id.protocols.pvp2x.builder.attributes.exceptions.AttributeException;
@@ -35,9 +34,9 @@ public class ProfileDateOfBirthAttribute implements IAttributeBuilder {
return "birthdate";
}
- public <ATT> ATT build(AuthenticationSession authSession, OAAuthParameter oaParam, AuthenticationData authData,
+ public <ATT> ATT build(OAAuthParameter oaParam, IAuthData authData,
IAttributeGenerator<ATT> g) throws AttributeException {
- return g.buildStringAttribute(this.getName(), "", authData.getDateOfBirth());
+ return g.buildStringAttribute(this.getName(), "", authData.getFormatedDateOfBirth());
}
public <ATT> ATT buildEmpty(IAttributeGenerator<ATT> g) {
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/oauth20/attributes/ProfileFamilyNameAttribute.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/oauth20/attributes/ProfileFamilyNameAttribute.java
index 5ce22a6c6..02cc66e4b 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/oauth20/attributes/ProfileFamilyNameAttribute.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/oauth20/attributes/ProfileFamilyNameAttribute.java
@@ -22,9 +22,8 @@
*******************************************************************************/
package at.gv.egovernment.moa.id.protocols.oauth20.attributes;
-import at.gv.egovernment.moa.id.auth.data.AuthenticationSession;
import at.gv.egovernment.moa.id.config.auth.OAAuthParameter;
-import at.gv.egovernment.moa.id.data.AuthenticationData;
+import at.gv.egovernment.moa.id.data.IAuthData;
import at.gv.egovernment.moa.id.protocols.pvp2x.builder.attributes.IAttributeBuilder;
import at.gv.egovernment.moa.id.protocols.pvp2x.builder.attributes.IAttributeGenerator;
import at.gv.egovernment.moa.id.protocols.pvp2x.builder.attributes.exceptions.AttributeException;
@@ -35,7 +34,7 @@ public class ProfileFamilyNameAttribute implements IAttributeBuilder {
return "family_name";
}
- public <ATT> ATT build(AuthenticationSession authSession, OAAuthParameter oaParam, AuthenticationData authData,
+ public <ATT> ATT build(OAAuthParameter oaParam, IAuthData authData,
IAttributeGenerator<ATT> g) throws AttributeException {
return g.buildStringAttribute(this.getName(), "", authData.getFamilyName());
}
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/oauth20/attributes/ProfileGivenNameAttribute.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/oauth20/attributes/ProfileGivenNameAttribute.java
index 047bfa9a9..302ce8105 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/oauth20/attributes/ProfileGivenNameAttribute.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/oauth20/attributes/ProfileGivenNameAttribute.java
@@ -22,9 +22,8 @@
*******************************************************************************/
package at.gv.egovernment.moa.id.protocols.oauth20.attributes;
-import at.gv.egovernment.moa.id.auth.data.AuthenticationSession;
import at.gv.egovernment.moa.id.config.auth.OAAuthParameter;
-import at.gv.egovernment.moa.id.data.AuthenticationData;
+import at.gv.egovernment.moa.id.data.IAuthData;
import at.gv.egovernment.moa.id.protocols.pvp2x.builder.attributes.IAttributeBuilder;
import at.gv.egovernment.moa.id.protocols.pvp2x.builder.attributes.IAttributeGenerator;
import at.gv.egovernment.moa.id.protocols.pvp2x.builder.attributes.exceptions.AttributeException;
@@ -35,7 +34,7 @@ public class ProfileGivenNameAttribute implements IAttributeBuilder {
return "given_name";
}
- public <ATT> ATT build(AuthenticationSession authSession, OAAuthParameter oaParam, AuthenticationData authData,
+ public <ATT> ATT build(OAAuthParameter oaParam, IAuthData authData,
IAttributeGenerator<ATT> g) throws AttributeException {
return g.buildStringAttribute(this.getName(), "", authData.getGivenName());
}
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/oauth20/exceptions/OAuth20OANotSupportedException.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/oauth20/exceptions/OAuth20OANotSupportedException.java
new file mode 100644
index 000000000..0edeb89bc
--- /dev/null
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/oauth20/exceptions/OAuth20OANotSupportedException.java
@@ -0,0 +1,44 @@
+/*
+ * Copyright 2014 Federal Chancellery Austria
+ * MOA-ID has been developed in a cooperation between BRZ, the Federal
+ * Chancellery Austria - ICT staff unit, and Graz University of Technology.
+ *
+ * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by
+ * the European Commission - subsequent versions of the EUPL (the "Licence");
+ * You may not use this work except in compliance with the Licence.
+ * You may obtain a copy of the Licence at:
+ * http://www.osor.eu/eupl/
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the Licence is distributed on an "AS IS" basis,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the Licence for the specific language governing permissions and
+ * limitations under the Licence.
+ *
+ * This product combines work with different licenses. See the "NOTICE" text
+ * file for details on the various modules and licenses.
+ * The "NOTICE" text file is part of the distribution. Any derivative works
+ * that you distribute must include a readable copy of the "NOTICE" text file.
+ */
+package at.gv.egovernment.moa.id.protocols.oauth20.exceptions;
+
+import at.gv.egovernment.moa.id.protocols.oauth20.OAuth20Constants;
+
+/**
+ * @author tlenz
+ *
+ */
+public class OAuth20OANotSupportedException extends OAuth20Exception {
+
+ private static final long serialVersionUID = -8713091674236329339L;
+
+ /**
+ * @param errorCode
+ * @param messageId
+ * @param parameters
+ */
+ public OAuth20OANotSupportedException() {
+ super(OAuth20Constants.ERROR_SERVER_ERROR, "oauth20.06", new Object[] {});
+ }
+
+}
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/oauth20/exceptions/OAuth20ServerErrorException.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/oauth20/exceptions/OAuth20ServerErrorException.java
index d560e46f0..470507f08 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/oauth20/exceptions/OAuth20ServerErrorException.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/oauth20/exceptions/OAuth20ServerErrorException.java
@@ -28,7 +28,7 @@ public class OAuth20ServerErrorException extends OAuth20Exception {
private static final long serialVersionUID = 1L;
public OAuth20ServerErrorException() {
- super(OAuth20Constants.ERROR_SERVER_ERROR, "oauth20.06", new Object[] {});
+ super(OAuth20Constants.ERROR_SERVER_ERROR, "oauth20.10", new Object[] {});
}
}
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/oauth20/protocol/OAuth20AuthAction.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/oauth20/protocol/OAuth20AuthAction.java
index d60b8c230..4c70ce995 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/oauth20/protocol/OAuth20AuthAction.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/oauth20/protocol/OAuth20AuthAction.java
@@ -30,13 +30,12 @@ import java.util.UUID;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
-import at.gv.egovernment.moa.id.auth.AuthenticationServer;
-import at.gv.egovernment.moa.id.auth.data.AuthenticationSession;
import at.gv.egovernment.moa.id.auth.exception.MOAIDException;
-import at.gv.egovernment.moa.id.commons.db.ex.MOADatabaseException;
import at.gv.egovernment.moa.id.config.auth.AuthConfigurationProvider;
import at.gv.egovernment.moa.id.config.auth.OAAuthParameter;
-import at.gv.egovernment.moa.id.data.AuthenticationData;
+import at.gv.egovernment.moa.id.data.IAuthData;
+import at.gv.egovernment.moa.id.data.SLOInformationImpl;
+import at.gv.egovernment.moa.id.data.SLOInformationInterface;
import at.gv.egovernment.moa.id.moduls.IAction;
import at.gv.egovernment.moa.id.moduls.IRequest;
import at.gv.egovernment.moa.id.protocols.oauth20.OAuth20Constants;
@@ -51,14 +50,13 @@ import at.gv.egovernment.moa.id.protocols.oauth20.json.OAuth20SignatureUtil;
import at.gv.egovernment.moa.id.protocols.oauth20.json.OAuthJsonToken;
import at.gv.egovernment.moa.id.protocols.oauth20.json.OAuthSigner;
import at.gv.egovernment.moa.id.storage.AssertionStorage;
-import at.gv.egovernment.moa.id.storage.AuthenticationSessionStoreage;
import at.gv.egovernment.moa.id.util.Random;
import at.gv.egovernment.moa.logging.Logger;
class OAuth20AuthAction implements IAction {
- public String processRequest(IRequest req, HttpServletRequest httpReq, HttpServletResponse httpResp,
- AuthenticationSession moasession) throws MOAIDException {
+ public SLOInformationInterface processRequest(IRequest req, HttpServletRequest httpReq, HttpServletResponse httpResp,
+ IAuthData authData) throws MOAIDException {
OAuth20AuthRequest oAuthRequest = (OAuth20AuthRequest) req;
String responseType = oAuthRequest.getResponseType();
@@ -76,7 +74,7 @@ class OAuth20AuthAction implements IAction {
o.setCode(code);
//generate idToken from MOASession
- Map<String, Object> idToken = generateIDToken(o, oAuthRequest, moasession, accessToken);
+ Map<String, Object> idToken = generateIDToken(o, oAuthRequest, authData, accessToken);
o.setAuthDataSession(idToken);
} else if (responseType.equals(OAuth20Constants.RESPONSE_TOKEN)) {
@@ -100,7 +98,11 @@ class OAuth20AuthAction implements IAction {
httpResp.addHeader("Location", finalUrl);
Logger.debug("REDIRECT TO: " + finalUrl.toString());
- return accessToken;
+
+ //TODO: maybe add bPK / wbPK to SLO information
+ SLOInformationInterface sloInformation = new SLOInformationImpl(accessToken, null, null, req.requestedModule());
+
+ return sloInformation;
}
catch (Exception e) {
@@ -118,7 +120,7 @@ class OAuth20AuthAction implements IAction {
}
private Map<String, Object> generateIDToken(OAuth20SessionObject auth20SessionObject,
- OAuth20AuthRequest oAuthRequest, AuthenticationSession moasession, String accessToken) throws SignatureException, MOAIDException {
+ OAuth20AuthRequest oAuthRequest, IAuthData authData, String accessToken) throws SignatureException, MOAIDException {
// create response
Map<String, Object> params = new HashMap<String, Object>();
@@ -128,7 +130,7 @@ class OAuth20AuthAction implements IAction {
// build id token and scope
Pair<String, String> pair = buildIdToken(auth20SessionObject.getScope(), oAuthRequest,
- moasession);
+ authData);
Logger.debug("RESPONSE ID_TOKEN: " + pair.getFirst());
params.put(OAuth20Constants.RESPONSE_ID_TOKEN, pair.getFirst());
Logger.debug("RESPONSE SCOPE: " + pair.getSecond());
@@ -138,34 +140,33 @@ class OAuth20AuthAction implements IAction {
}
- private Pair<String, String> buildIdToken(String scope, OAuth20AuthRequest oAuthRequest, AuthenticationSession session)
+ private Pair<String, String> buildIdToken(String scope, OAuth20AuthRequest oAuthRequest, IAuthData authData)
throws MOAIDException, SignatureException {
OAAuthParameter oaParam = AuthConfigurationProvider.getInstance().getOnlineApplicationParameter(oAuthRequest.getOAURL());
- AuthenticationData authData = AuthenticationServer.buildAuthenticationData(session, oaParam, oAuthRequest.getTarget());
OAuthSigner signer = OAuth20SignatureUtil.loadSigner(authData.getIssuer());
OAuthJsonToken token = new OAuthJsonToken(signer);
StringBuilder resultScopes = new StringBuilder();
// always fill with open id
- OAuth20AttributeBuilder.addScopeOpenId(token.getPayloadAsJsonObject(), session, oaParam, authData);
+ OAuth20AttributeBuilder.addScopeOpenId(token.getPayloadAsJsonObject(), oaParam, authData);
resultScopes.append("openId");
for (String s : scope.split(" ")) {
if (s.equalsIgnoreCase("profile")) {
- OAuth20AttributeBuilder.addScopeProfile(token.getPayloadAsJsonObject(), session, oaParam, authData);
+ OAuth20AttributeBuilder.addScopeProfile(token.getPayloadAsJsonObject(), oaParam, authData);
resultScopes.append(" profile");
} else if (s.equalsIgnoreCase("eID")) {
- OAuth20AttributeBuilder.addScopeEID(token.getPayloadAsJsonObject(), session, oaParam, authData);
+ OAuth20AttributeBuilder.addScopeEID(token.getPayloadAsJsonObject(), oaParam, authData);
resultScopes.append(" eID");
} else if (s.equalsIgnoreCase("eID_gov")) {
- OAuth20AttributeBuilder.addScopeEIDGov(token.getPayloadAsJsonObject(), session, oaParam, authData);
+ OAuth20AttributeBuilder.addScopeEIDGov(token.getPayloadAsJsonObject(), oaParam, authData);
resultScopes.append(" eID_gov");
} else if (s.equalsIgnoreCase("mandate")) {
- OAuth20AttributeBuilder.addScopeMandate(token.getPayloadAsJsonObject(), session, oaParam, authData);
+ OAuth20AttributeBuilder.addScopeMandate(token.getPayloadAsJsonObject(), oaParam, authData);
resultScopes.append(" mandate");
} else if (s.equalsIgnoreCase("stork")) {
- OAuth20AttributeBuilder.addScopeSTORK(token.getPayloadAsJsonObject(), session, oaParam, authData);
+ OAuth20AttributeBuilder.addScopeSTORK(token.getPayloadAsJsonObject(), oaParam, authData);
resultScopes.append(" stork");
}
}
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/oauth20/protocol/OAuth20AuthRequest.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/oauth20/protocol/OAuth20AuthRequest.java
index dc3335631..c47e366a1 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/oauth20/protocol/OAuth20AuthRequest.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/oauth20/protocol/OAuth20AuthRequest.java
@@ -22,17 +22,29 @@
*******************************************************************************/
package at.gv.egovernment.moa.id.protocols.oauth20.protocol;
+import java.util.HashMap;
+import java.util.List;
+import java.util.Map;
+
import javax.servlet.http.HttpServletRequest;
+import org.opensaml.saml2.core.Attribute;
+
import at.gv.egovernment.moa.id.commons.db.dao.config.OAOAUTH20;
import at.gv.egovernment.moa.id.config.ConfigurationException;
import at.gv.egovernment.moa.id.config.auth.AuthConfigurationProvider;
+import at.gv.egovernment.moa.id.config.auth.OAAuthParameter;
import at.gv.egovernment.moa.id.protocols.oauth20.OAuth20Constants;
import at.gv.egovernment.moa.id.protocols.oauth20.OAuth20Util;
+import at.gv.egovernment.moa.id.protocols.oauth20.attributes.OAuth20AttributeBuilder;
import at.gv.egovernment.moa.id.protocols.oauth20.exceptions.OAuth20AccessDeniedException;
import at.gv.egovernment.moa.id.protocols.oauth20.exceptions.OAuth20Exception;
import at.gv.egovernment.moa.id.protocols.oauth20.exceptions.OAuth20ResponseTypeException;
import at.gv.egovernment.moa.id.protocols.oauth20.exceptions.OAuth20WrongParameterException;
+import at.gv.egovernment.moa.id.protocols.pvp2x.PVP2XProtocol;
+import at.gv.egovernment.moa.id.protocols.pvp2x.builder.AttributQueryBuilder;
+import at.gv.egovernment.moa.id.protocols.pvp2x.builder.attributes.IAttributeBuilder;
+import at.gv.egovernment.moa.logging.Logger;
class OAuth20AuthRequest extends OAuth20BaseRequest {
@@ -153,4 +165,48 @@ class OAuth20AuthRequest extends OAuth20BaseRequest {
}
}
+
+ /* (non-Javadoc)
+ * @see at.gv.egovernment.moa.id.moduls.RequestImpl#getRequestedAttributes()
+ */
+ @Override
+ public List<Attribute> getRequestedAttributes() {
+ Map<String, String> reqAttr = new HashMap<String, String>();
+ for (String el : PVP2XProtocol.DEFAULTREQUESTEDATTRFORINTERFEDERATION)
+ reqAttr.put(el, "");
+
+ try {
+ OAAuthParameter oa = AuthConfigurationProvider.getInstance().getOnlineApplicationParameter(getOAURL());
+
+ for (String s : scope.split(" ")) {
+ if (s.equalsIgnoreCase("profile")) {
+ for (IAttributeBuilder el :OAuth20AttributeBuilder.getBuildersprofile())
+ reqAttr.put(el.getName(), "");
+
+ } else if (s.equalsIgnoreCase("eID")) {
+ for (IAttributeBuilder el :OAuth20AttributeBuilder.getBuilderseid())
+ reqAttr.put(el.getName(), "");
+
+ } else if (s.equalsIgnoreCase("eID_gov")) {
+ for (IAttributeBuilder el :OAuth20AttributeBuilder.getBuilderseidgov())
+ reqAttr.put(el.getName(), "");
+
+ } else if (s.equalsIgnoreCase("mandate")) {
+ for (IAttributeBuilder el :OAuth20AttributeBuilder.getBuildersmandate())
+ reqAttr.put(el.getName(), "");
+
+ } else if (s.equalsIgnoreCase("stork")) {
+ for (IAttributeBuilder el :OAuth20AttributeBuilder.getBuildersstork())
+ reqAttr.put(el.getName(), "");
+
+ }
+ }
+
+ return AttributQueryBuilder.buildSAML2AttributeList(oa, reqAttr.keySet().iterator());
+
+ } catch (ConfigurationException e) {
+ Logger.error("Load configuration for OA " + getOAURL() + " FAILED", e);
+ return null;
+ }
+ }
}
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/oauth20/protocol/OAuth20BaseRequest.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/oauth20/protocol/OAuth20BaseRequest.java
index d0b43d25a..d08bd593a 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/oauth20/protocol/OAuth20BaseRequest.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/oauth20/protocol/OAuth20BaseRequest.java
@@ -39,6 +39,7 @@ import at.gv.egovernment.moa.id.moduls.RequestImpl;
import at.gv.egovernment.moa.id.protocols.oauth20.OAuth20Constants;
import at.gv.egovernment.moa.id.protocols.oauth20.exceptions.OAuth20Exception;
import at.gv.egovernment.moa.id.protocols.oauth20.exceptions.OAuth20InvalidRequestException;
+import at.gv.egovernment.moa.id.protocols.oauth20.exceptions.OAuth20OANotSupportedException;
import at.gv.egovernment.moa.id.protocols.oauth20.exceptions.OAuth20ServerErrorException;
import at.gv.egovernment.moa.id.protocols.oauth20.exceptions.OAuth20WrongParameterException;
import at.gv.egovernment.moa.id.util.ParamValidatorUtils;
@@ -89,7 +90,7 @@ abstract class OAuth20BaseRequest extends RequestImpl {
}
if (StringUtils.isEmpty(config.getOAuthClientSecret()) || StringUtils.isEmpty(config.getOAuthClientId())
|| StringUtils.isEmpty(config.getOAuthRedirectUri())) {
- throw new OAuth20ServerErrorException();
+ throw new OAuth20OANotSupportedException();
}
}
catch (ConfigurationException e) {
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/oauth20/protocol/OAuth20Protocol.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/oauth20/protocol/OAuth20Protocol.java
index 00b7a83f0..9dac8d5a0 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/oauth20/protocol/OAuth20Protocol.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/oauth20/protocol/OAuth20Protocol.java
@@ -2,6 +2,7 @@ package at.gv.egovernment.moa.id.protocols.oauth20.protocol;
import java.net.URLEncoder;
import java.util.HashMap;
+import java.util.List;
import java.util.Map;
import javax.servlet.http.HttpServletRequest;
@@ -10,17 +11,22 @@ import javax.servlet.http.HttpServletResponse;
import org.apache.commons.lang.StringUtils;
import at.gv.egovernment.moa.id.auth.exception.MOAIDException;
+import at.gv.egovernment.moa.id.config.auth.AuthConfigurationProvider;
import at.gv.egovernment.moa.id.moduls.IAction;
import at.gv.egovernment.moa.id.moduls.IModulInfo;
import at.gv.egovernment.moa.id.moduls.IRequest;
import at.gv.egovernment.moa.id.protocols.oauth20.OAuth20Constants;
import at.gv.egovernment.moa.id.protocols.oauth20.OAuth20Util;
import at.gv.egovernment.moa.id.protocols.oauth20.exceptions.OAuth20Exception;
+import at.gv.egovernment.moa.id.protocols.pvp2x.PVPConstants;
+import at.gv.egovernment.moa.id.util.ErrorResponseUtils;
import at.gv.egovernment.moa.logging.Logger;
import at.gv.egovernment.moa.util.MiscUtil;
import com.google.gson.JsonObject;
+import edu.emory.mathcs.backport.java.util.Arrays;
+
public class OAuth20Protocol implements IModulInfo {
public static final String NAME = OAuth20Protocol.class.getName();
@@ -29,6 +35,13 @@ public class OAuth20Protocol implements IModulInfo {
public static final String AUTH_ACTION = "AUTH";
public static final String TOKEN_ACTION = "TOKEN";
+ @SuppressWarnings("unchecked")
+ public static final List<String> DEFAULTREQUESTEDATTRFORINTERFEDERATION = Arrays.asList(
+ new String[] {
+ PVPConstants.EID_SECTOR_FOR_IDENTIFIER_NAME,
+ PVPConstants.BPK_NAME
+ });
+
private static HashMap<String, IAction> actions = new HashMap<String, IAction>();
static {
@@ -87,20 +100,27 @@ public class OAuth20Protocol implements IModulInfo {
*/
public boolean generateErrorMessage(Throwable e, HttpServletRequest request, HttpServletResponse response, IRequest protocolRequest)
throws Throwable {
-
+
// get error code and description
String errorCode;
String errorDescription;
- // String errorUri = "http://tools.ietf.org/html/draft-ietf-oauth-v2-11";
+ String errorUri = AuthConfigurationProvider.getInstance().getPublicURLPrefix()
+ +"/" + OAuth20Constants.ERRORPAGE;
+ String moaError = null;
+
+ ErrorResponseUtils errorUtils = ErrorResponseUtils.getInstance();
if (e instanceof OAuth20Exception) {
errorCode = ((OAuth20Exception) e).getErrorCode();
errorDescription = URLEncoder.encode(((OAuth20Exception) e).getMessageId() + ": " + e.getMessage(), "UTF-8");
+ moaError = errorUtils.mapInternalErrorToExternalError(((OAuth20Exception) e).getMessageId());
+
} else {
errorCode = OAuth20Constants.ERROR_SERVER_ERROR;
errorDescription = URLEncoder.encode(e.getMessage(), "UTF-8");
+ moaError = errorUtils.getResponseErrorCode(e);
}
-
+
String paramRedirect = null;
String state = null;
boolean isAuthRequest = false;
@@ -144,7 +164,8 @@ public class OAuth20Protocol implements IModulInfo {
OAuth20Util.addParameterToURL(url, OAuth20Constants.PARAM_ERROR, errorCode);
OAuth20Util.addParameterToURL(url, OAuth20Constants.PARAM_ERROR_DESCRIPTION, errorDescription);
- // OAuth20Util.addParameterToURL(url, OAuth20Constants.PARAM_ERROR_URI, errorUri);
+ if (MiscUtil.isNotEmpty(moaError))
+ OAuth20Util.addParameterToURL(url, OAuth20Constants.PARAM_ERROR_URI, errorUri + "#" + moaError);
OAuth20Util.addParameterToURL(url, OAuth20Constants.PARAM_STATE, state);
response.setContentType("text/html");
@@ -159,7 +180,7 @@ public class OAuth20Protocol implements IModulInfo {
Map<String, Object> params = new HashMap<String, Object>();
params.put(OAuth20Constants.PARAM_ERROR, errorCode);
params.put(OAuth20Constants.PARAM_ERROR_DESCRIPTION, errorDescription);
- // params.put(OAuth20Constants.PARAM_ERROR_URI, errorUri);
+ params.put(OAuth20Constants.PARAM_ERROR_URI, errorUri + "#" + moaError);
// create response
JsonObject jsonObject = new JsonObject();
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/oauth20/protocol/OAuth20TokenAction.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/oauth20/protocol/OAuth20TokenAction.java
index 3f6c148eb..944da38d0 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/oauth20/protocol/OAuth20TokenAction.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/oauth20/protocol/OAuth20TokenAction.java
@@ -26,9 +26,10 @@ package at.gv.egovernment.moa.id.protocols.oauth20.protocol;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
-import at.gv.egovernment.moa.id.auth.data.AuthenticationSession;
import at.gv.egovernment.moa.id.auth.exception.MOAIDException;
import at.gv.egovernment.moa.id.commons.db.ex.MOADatabaseException;
+import at.gv.egovernment.moa.id.data.IAuthData;
+import at.gv.egovernment.moa.id.data.SLOInformationInterface;
import at.gv.egovernment.moa.id.moduls.IAction;
import at.gv.egovernment.moa.id.moduls.IRequest;
import at.gv.egovernment.moa.id.protocols.oauth20.OAuth20SessionObject;
@@ -42,8 +43,8 @@ import com.google.gson.JsonObject;
class OAuth20TokenAction implements IAction {
- public String processRequest(IRequest req, HttpServletRequest httpReq, HttpServletResponse httpResp,
- AuthenticationSession moasession) throws MOAIDException {
+ public SLOInformationInterface processRequest(IRequest req, HttpServletRequest httpReq, HttpServletResponse httpResp,
+ IAuthData authData) throws MOAIDException {
OAuth20SessionObject auth20SessionObject = null;
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/oauth20/protocol/OAuth20TokenRequest.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/oauth20/protocol/OAuth20TokenRequest.java
index 0f1ba23b3..3c90a5773 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/oauth20/protocol/OAuth20TokenRequest.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/oauth20/protocol/OAuth20TokenRequest.java
@@ -22,8 +22,12 @@
*******************************************************************************/
package at.gv.egovernment.moa.id.protocols.oauth20.protocol;
+import java.util.List;
+
import javax.servlet.http.HttpServletRequest;
+import org.opensaml.saml2.core.Attribute;
+
import at.gv.egovernment.moa.id.commons.db.dao.config.OAOAUTH20;
import at.gv.egovernment.moa.id.config.ConfigurationException;
import at.gv.egovernment.moa.id.config.auth.AuthConfigurationProvider;
@@ -137,4 +141,12 @@ class OAuth20TokenRequest extends OAuth20BaseRequest {
this.allowedParameters.add(OAuth20Constants.PARAM_SCOPE);
this.allowedParameters.add(OAuth20Constants.PARAM_REDIRECT_URI);
}
+
+ /* (non-Javadoc)
+ * @see at.gv.egovernment.moa.id.moduls.RequestImpl#getRequestedAttributes()
+ */
+ @Override
+ public List<Attribute> getRequestedAttributes() {
+ return null;
+ }
}
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/AttributQueryAction.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/AttributQueryAction.java
new file mode 100644
index 000000000..71d1c26d4
--- /dev/null
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/AttributQueryAction.java
@@ -0,0 +1,178 @@
+/*
+ * Copyright 2014 Federal Chancellery Austria
+ * MOA-ID has been developed in a cooperation between BRZ, the Federal
+ * Chancellery Austria - ICT staff unit, and Graz University of Technology.
+ *
+ * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by
+ * the European Commission - subsequent versions of the EUPL (the "Licence");
+ * You may not use this work except in compliance with the Licence.
+ * You may obtain a copy of the Licence at:
+ * http://www.osor.eu/eupl/
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the Licence is distributed on an "AS IS" basis,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the Licence for the specific language governing permissions and
+ * limitations under the Licence.
+ *
+ * This product combines work with different licenses. See the "NOTICE" text
+ * file for details on the various modules and licenses.
+ * The "NOTICE" text file is part of the distribution. Any derivative works
+ * that you distribute must include a readable copy of the "NOTICE" text file.
+ */
+package at.gv.egovernment.moa.id.protocols.pvp2x;
+
+
+import java.util.ArrayList;
+import java.util.List;
+
+import javax.servlet.http.HttpServletRequest;
+import javax.servlet.http.HttpServletResponse;
+
+import org.joda.time.DateTime;
+import org.opensaml.saml2.core.Assertion;
+import org.opensaml.saml2.core.Attribute;
+import org.opensaml.saml2.core.AttributeQuery;
+import org.opensaml.saml2.core.Response;
+import org.opensaml.ws.message.encoder.MessageEncodingException;
+import org.opensaml.xml.security.SecurityException;
+
+import edu.emory.mathcs.backport.java.util.Arrays;
+
+import at.gv.egovernment.moa.id.auth.builder.AuthenticationDataBuilder;
+import at.gv.egovernment.moa.id.auth.data.AuthenticationSession;
+import at.gv.egovernment.moa.id.auth.exception.MOAIDException;
+import at.gv.egovernment.moa.id.data.IAuthData;
+import at.gv.egovernment.moa.id.data.SLOInformationInterface;
+import at.gv.egovernment.moa.id.moduls.IAction;
+import at.gv.egovernment.moa.id.moduls.IRequest;
+import at.gv.egovernment.moa.id.protocols.pvp2x.binding.SoapBinding;
+import at.gv.egovernment.moa.id.protocols.pvp2x.builder.AuthResponseBuilder;
+import at.gv.egovernment.moa.id.protocols.pvp2x.builder.assertion.PVP2AssertionBuilder;
+import at.gv.egovernment.moa.id.protocols.pvp2x.exceptions.AttributQueryException;
+import at.gv.egovernment.moa.id.protocols.pvp2x.messages.MOARequest;
+import at.gv.egovernment.moa.id.storage.AuthenticationSessionStoreage;
+import at.gv.egovernment.moa.logging.Logger;
+
+/**
+ * @author tlenz
+ *
+ */
+public class AttributQueryAction implements IAction {
+
+ @SuppressWarnings("unchecked")
+ private final static List<String> DEFAULTSTORKATTRIBUTES = Arrays.asList(
+ new String[]{PVPConstants.EID_STORK_TOKEN_NAME});
+
+ @SuppressWarnings("unchecked")
+ private final static List<String> DEFAULTMANDATEATTRIBUTES = Arrays.asList(
+ new String[]{ PVPConstants.MANDATE_FULL_MANDATE_NAME,
+ PVPConstants.MANDATE_PROF_REP_OID_NAME});
+
+
+
+ /* (non-Javadoc)
+ * @see at.gv.egovernment.moa.id.moduls.IAction#processRequest(at.gv.egovernment.moa.id.moduls.IRequest, javax.servlet.http.HttpServletRequest, javax.servlet.http.HttpServletResponse, at.gv.egovernment.moa.id.data.IAuthData)
+ */
+ @Override
+ public SLOInformationInterface processRequest(IRequest req,
+ HttpServletRequest httpReq, HttpServletResponse httpResp,
+ IAuthData authData) throws MOAIDException {
+
+ if (req instanceof PVPTargetConfiguration &&
+ ((PVPTargetConfiguration) req).getRequest() instanceof MOARequest &&
+ ((MOARequest)((PVPTargetConfiguration) req).getRequest()).getSamlRequest() instanceof AttributeQuery) {
+
+ AttributeQuery attrQuery = (AttributeQuery)((MOARequest)((PVPTargetConfiguration) req).getRequest()).getSamlRequest();
+
+ //load moaSession
+ String nameID = attrQuery.getSubject().getNameID().getValue();
+
+ AuthenticationSession session = AuthenticationSessionStoreage.getSessionWithUserNameID(nameID);
+ if (session == null) {
+ Logger.warn("AttributeQuery nameID does not match to an active single sign-on session.");
+ throw new AttributQueryException("AttributeQuery nameID does not match to an active single sign-on session.", null);
+
+ }
+
+ DateTime date = new DateTime();
+
+ //generate authData
+ authData = AuthenticationDataBuilder.buildAuthenticationData(req, session, attrQuery.getAttributes());
+
+ //add default attributes in case of mandates or STORK is in use
+ List<String> attrList = addDefaultAttributes(attrQuery, authData);
+
+ //build PVP 2.1 assertion
+ Assertion assertion = PVP2AssertionBuilder.buildAssertion(attrQuery, attrList, authData, date, authData.getSessionIndex());
+
+ //build PVP 2.1 response
+ Response authResponse = AuthResponseBuilder.buildResponse(attrQuery, date, assertion);
+
+ try {
+ SoapBinding decoder = new SoapBinding();
+ decoder.encodeRespone(httpReq, httpResp, authResponse, null, null);
+ return null;
+
+ } catch (MessageEncodingException e) {
+ Logger.error("Message Encoding exception", e);
+ throw new MOAIDException("pvp2.01", null, e);
+
+ } catch (SecurityException e) {
+ Logger.error("Security exception", e);
+ throw new MOAIDException("pvp2.01", null, e);
+
+ }
+
+ } else {
+ Logger.error("Process AttributeQueryAction but request is NOT of type AttributQuery.");
+ throw new MOAIDException("pvp2.13", null);
+
+ }
+ }
+
+ /* (non-Javadoc)
+ * @see at.gv.egovernment.moa.id.moduls.IAction#needAuthentication(at.gv.egovernment.moa.id.moduls.IRequest, javax.servlet.http.HttpServletRequest, javax.servlet.http.HttpServletResponse)
+ */
+ @Override
+ public boolean needAuthentication(IRequest req, HttpServletRequest httpReq,
+ HttpServletResponse httpResp) {
+ return false;
+ }
+
+ /* (non-Javadoc)
+ * @see at.gv.egovernment.moa.id.moduls.IAction#getDefaultActionName()
+ */
+ @Override
+ public String getDefaultActionName() {
+ return PVP2XProtocol.ATTRIBUTEQUERY;
+ }
+
+ private List<String> addDefaultAttributes(AttributeQuery query, IAuthData authData) {
+
+ List<String> reqAttributs = new ArrayList<String>();
+
+ for (Attribute attr : query.getAttributes()) {
+ reqAttributs.add(attr.getName());
+
+ }
+
+ //add default STORK attributes if it is a STORK authentication
+ if (authData.isForeigner() && !reqAttributs.containsAll(DEFAULTSTORKATTRIBUTES)) {
+ for (String el : DEFAULTSTORKATTRIBUTES) {
+ if (!reqAttributs.contains(el))
+ reqAttributs.add(el);
+ }
+ }
+
+ //add default mandate attributes if it is a authentication with mandates
+ if (authData.isUseMandate() && !reqAttributs.containsAll(DEFAULTMANDATEATTRIBUTES)) {
+ for (String el : DEFAULTMANDATEATTRIBUTES) {
+ if (!reqAttributs.contains(el))
+ reqAttributs.add(el);
+ }
+ }
+
+ return reqAttributs;
+ }
+}
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/AuthenticationAction.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/AuthenticationAction.java
index 10618071a..70db9cc23 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/AuthenticationAction.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/AuthenticationAction.java
@@ -25,19 +25,27 @@ package at.gv.egovernment.moa.id.protocols.pvp2x;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
-import at.gv.egovernment.moa.id.auth.data.AuthenticationSession;
import at.gv.egovernment.moa.id.auth.exception.MOAIDException;
+import at.gv.egovernment.moa.id.data.IAuthData;
+import at.gv.egovernment.moa.id.data.SLOInformationImpl;
+import at.gv.egovernment.moa.id.data.SLOInformationInterface;
import at.gv.egovernment.moa.id.moduls.IAction;
import at.gv.egovernment.moa.id.moduls.IRequest;
import at.gv.egovernment.moa.id.protocols.pvp2x.requestHandler.RequestManager;
public class AuthenticationAction implements IAction {
- public String processRequest(IRequest req, HttpServletRequest httpReq,
- HttpServletResponse httpResp, AuthenticationSession moasession) throws MOAIDException {
+ public SLOInformationInterface processRequest(IRequest req, HttpServletRequest httpReq,
+ HttpServletResponse httpResp, IAuthData authData) throws MOAIDException {
PVPTargetConfiguration pvpRequest = (PVPTargetConfiguration) req;
- return RequestManager.getInstance().handle(pvpRequest.request, httpReq, httpResp, moasession);
+
+ SLOInformationImpl sloInformation = (SLOInformationImpl) RequestManager.getInstance().handle(pvpRequest.request, httpReq, httpResp, authData);
+
+ //set protocol type
+ sloInformation.setProtocolType(req.requestedModule());
+
+ return sloInformation;
}
public boolean needAuthentication(IRequest req, HttpServletRequest httpReq,
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/MetadataAction.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/MetadataAction.java
index 99cba3277..01f7e18ba 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/MetadataAction.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/MetadataAction.java
@@ -38,30 +38,42 @@ import org.joda.time.DateTime;
import org.opensaml.Configuration;
import org.opensaml.common.xml.SAMLConstants;
import org.opensaml.saml2.core.NameIDType;
+import org.opensaml.saml2.metadata.AssertionConsumerService;
+import org.opensaml.saml2.metadata.AttributeConsumingService;
import org.opensaml.saml2.metadata.ContactPerson;
import org.opensaml.saml2.metadata.EntitiesDescriptor;
import org.opensaml.saml2.metadata.EntityDescriptor;
import org.opensaml.saml2.metadata.IDPSSODescriptor;
import org.opensaml.saml2.metadata.KeyDescriptor;
+import org.opensaml.saml2.metadata.LocalizedString;
import org.opensaml.saml2.metadata.NameIDFormat;
+import org.opensaml.saml2.metadata.RoleDescriptor;
+import org.opensaml.saml2.metadata.SPSSODescriptor;
+import org.opensaml.saml2.metadata.ServiceName;
+import org.opensaml.saml2.metadata.SingleLogoutService;
import org.opensaml.saml2.metadata.SingleSignOnService;
import org.opensaml.xml.io.Marshaller;
+import org.opensaml.xml.security.SecurityException;
import org.opensaml.xml.security.SecurityHelper;
import org.opensaml.xml.security.credential.Credential;
import org.opensaml.xml.security.credential.UsageType;
import org.opensaml.xml.security.keyinfo.KeyInfoGenerator;
+import org.opensaml.xml.security.x509.X509Credential;
import org.opensaml.xml.security.x509.X509KeyInfoGeneratorFactory;
import org.opensaml.xml.signature.Signature;
import org.opensaml.xml.signature.Signer;
import org.w3c.dom.Document;
-import at.gv.egovernment.moa.id.auth.data.AuthenticationSession;
import at.gv.egovernment.moa.id.auth.exception.MOAIDException;
+import at.gv.egovernment.moa.id.config.ConfigurationException;
+import at.gv.egovernment.moa.id.data.IAuthData;
+import at.gv.egovernment.moa.id.data.SLOInformationInterface;
import at.gv.egovernment.moa.id.moduls.IAction;
import at.gv.egovernment.moa.id.moduls.IRequest;
import at.gv.egovernment.moa.id.protocols.pvp2x.builder.PVPAttributeBuilder;
import at.gv.egovernment.moa.id.protocols.pvp2x.config.PVPConfiguration;
import at.gv.egovernment.moa.id.protocols.pvp2x.signer.CredentialProvider;
+import at.gv.egovernment.moa.id.protocols.pvp2x.signer.CredentialsNotAvailableException;
import at.gv.egovernment.moa.id.protocols.pvp2x.utils.SAML2Utils;
import at.gv.egovernment.moa.logging.Logger;
@@ -69,8 +81,8 @@ public class MetadataAction implements IAction {
private static final int VALIDUNTIL_IN_HOURS = 24;
- public String processRequest(IRequest req, HttpServletRequest httpReq,
- HttpServletResponse httpResp, AuthenticationSession moasession) throws MOAIDException {
+ public SLOInformationInterface processRequest(IRequest req, HttpServletRequest httpReq,
+ HttpServletResponse httpResp, IAuthData authData) throws MOAIDException {
try {
EntitiesDescriptor idpEntitiesDescriptor =
@@ -110,6 +122,7 @@ public class MetadataAction implements IAction {
//keyInfoFactory.setEmitPublicKeyValue(true);
keyInfoFactory.setEmitEntityIDAsKeyName(true);
keyInfoFactory.setEmitEntityCertificate(true);
+
KeyInfoGenerator keyInfoGenerator = keyInfoFactory.newInstance();
Credential metadataSigningCredential = CredentialProvider.getIDPMetaDataSigningCredential();
@@ -120,106 +133,12 @@ public class MetadataAction implements IAction {
SecurityHelper.prepareSignatureParams(signature, metadataSigningCredential, null, null);
idpEntitiesDescriptor.setSignature(signature);
-
-// //set SignatureMethode
-// signature.setSignatureAlgorithm(PVPConstants.DEFAULT_SIGNING_METHODE);
-//
-// //set DigestMethode
-// List<ContentReference> contentList = signature.getContentReferences();
-// for (ContentReference content : contentList) {
-//
-// if (content instanceof SAMLObjectContentReference) {
-//
-// SAMLObjectContentReference el = (SAMLObjectContentReference) content;
-// el.setDigestAlgorithm(PVPConstants.DEFAULT_DIGESTMETHODE);
-//
-// }
-// }
-
-
-// KeyInfoBuilder metadataKeyInfoBuilder = new KeyInfoBuilder();
-// KeyInfo metadataKeyInfo = metadataKeyInfoBuilder.buildObject();
-// //KeyInfoHelper.addCertificate(metadataKeyInfo, metadataSigningCredential.);
-// signature.setKeyInfo(metadataKeyInfo );
-
-
-
- IDPSSODescriptor idpSSODescriptor = SAML2Utils
- .createSAMLObject(IDPSSODescriptor.class);
- idpSSODescriptor.addSupportedProtocol(SAMLConstants.SAML20P_NS);
-
- idpSSODescriptor.setWantAuthnRequestsSigned(true);
-
- if (PVPConfiguration.getInstance().getIDPSSOPostService() != null) {
- SingleSignOnService postSingleSignOnService = SAML2Utils
- .createSAMLObject(SingleSignOnService.class);
-
- postSingleSignOnService.setLocation(PVPConfiguration
- .getInstance().getIDPSSOPostService());
- postSingleSignOnService
- .setBinding(SAMLConstants.SAML2_POST_BINDING_URI);
-
- idpSSODescriptor.getSingleSignOnServices().add(
- postSingleSignOnService);
- }
-
- if (PVPConfiguration.getInstance().getIDPSSORedirectService() != null) {
- SingleSignOnService redirectSingleSignOnService = SAML2Utils
- .createSAMLObject(SingleSignOnService.class);
-
- redirectSingleSignOnService.setLocation(PVPConfiguration
- .getInstance().getIDPSSORedirectService());
- redirectSingleSignOnService
- .setBinding(SAMLConstants.SAML2_REDIRECT_BINDING_URI);
-
- idpSSODescriptor.getSingleSignOnServices().add(
- redirectSingleSignOnService);
- }
-
- /*if (PVPConfiguration.getInstance().getIDPResolveSOAPService() != null) {
- ArtifactResolutionService artifactResolutionService = SAML2Utils
- .createSAMLObject(ArtifactResolutionService.class);
-
- artifactResolutionService
- .setBinding(SAMLConstants.SAML2_SOAP11_BINDING_URI);
- artifactResolutionService.setLocation(PVPConfiguration
- .getInstance().getIDPResolveSOAPService());
-
- artifactResolutionService.setIndex(0);
-
- idpSSODescriptor.getArtifactResolutionServices().add(
- artifactResolutionService);
- }*/
-
- //set assertion signing key
- Credential assertionSigingCredential = CredentialProvider
- .getIDPAssertionSigningCredential();
-
- KeyDescriptor signKeyDescriptor = SAML2Utils
- .createSAMLObject(KeyDescriptor.class);
- signKeyDescriptor.setUse(UsageType.SIGNING);
- signKeyDescriptor.setKeyInfo(keyInfoGenerator.generate(assertionSigingCredential));
- idpSSODescriptor.getKeyDescriptors().add(signKeyDescriptor);
-
- idpSSODescriptor.getAttributes().addAll(PVPAttributeBuilder.buildSupportedEmptyAttributes());
-
- NameIDFormat persistenNameIDFormat = SAML2Utils.createSAMLObject(NameIDFormat.class);
- persistenNameIDFormat.setFormat(NameIDType.PERSISTENT);
-
- idpSSODescriptor.getNameIDFormats().add(persistenNameIDFormat);
-
- NameIDFormat transientNameIDFormat = SAML2Utils.createSAMLObject(NameIDFormat.class);
- transientNameIDFormat.setFormat(NameIDType.TRANSIENT);
+ //set IDP metadata
+ idpEntityDescriptor.getRoleDescriptors().add(generateIDPMetadata(keyInfoGenerator));
- idpSSODescriptor.getNameIDFormats().add(transientNameIDFormat);
-
- NameIDFormat unspecifiedNameIDFormat = SAML2Utils.createSAMLObject(NameIDFormat.class);
- unspecifiedNameIDFormat.setFormat(NameIDType.UNSPECIFIED);
-
- idpSSODescriptor.getNameIDFormats().add(unspecifiedNameIDFormat);
-
- idpEntityDescriptor.getRoleDescriptors().add(idpSSODescriptor);
+ //set SP metadata for interfederation
+ idpEntityDescriptor.getRoleDescriptors().add(generateSPMetadata(keyInfoGenerator));
DocumentBuilder builder;
DocumentBuilderFactory factory = DocumentBuilderFactory
@@ -243,9 +162,8 @@ public class MetadataAction implements IAction {
sw.close();
String metadataXML = sw.toString();
-
- System.out.println("METADATA: " + metadataXML);
-
+ Logger.debug("METADATA: " + metadataXML);
+
httpResp.setContentType("text/xml");
httpResp.getOutputStream().write(metadataXML.getBytes());
@@ -268,4 +186,228 @@ public class MetadataAction implements IAction {
return (PVP2XProtocol.METADATA);
}
+ private RoleDescriptor generateSPMetadata(KeyInfoGenerator keyInfoGenerator) throws CredentialsNotAvailableException, SecurityException, ConfigurationException {
+
+ Logger.debug("Set SP Metadata key information");
+
+ SPSSODescriptor spSSODescriptor = SAML2Utils
+ .createSAMLObject(SPSSODescriptor.class);
+
+ spSSODescriptor.setAuthnRequestsSigned(true);
+ spSSODescriptor.setWantAssertionsSigned(true);
+
+
+ //Set AuthRequest Signing certificate
+ X509Credential authcredential = CredentialProvider.getIDPAssertionSigningCredential();
+
+ KeyDescriptor signKeyDescriptor = SAML2Utils
+ .createSAMLObject(KeyDescriptor.class);
+ signKeyDescriptor.setUse(UsageType.SIGNING);
+ signKeyDescriptor.setKeyInfo(keyInfoGenerator.generate(authcredential));
+ spSSODescriptor.getKeyDescriptors().add(signKeyDescriptor);
+
+
+ //set AuthRequest encryption certificate
+
+ X509Credential authEncCredential = CredentialProvider.getIDPAssertionEncryptionCredential();
+
+ if (authEncCredential != null) {
+ KeyDescriptor encryKeyDescriptor = SAML2Utils
+ .createSAMLObject(KeyDescriptor.class);
+ encryKeyDescriptor.setUse(UsageType.ENCRYPTION);
+ encryKeyDescriptor.setKeyInfo(keyInfoGenerator.generate(authEncCredential));
+ spSSODescriptor.getKeyDescriptors().add(encryKeyDescriptor);
+
+ } else {
+ Logger.warn("No Assertion Encryption-Key defined. This setting is not recommended!");
+
+ }
+
+ NameIDFormat persistentnameIDFormat = SAML2Utils.createSAMLObject(NameIDFormat.class);
+ persistentnameIDFormat.setFormat(NameIDType.PERSISTENT);
+
+ spSSODescriptor.getNameIDFormats().add(persistentnameIDFormat);
+
+ NameIDFormat transientnameIDFormat = SAML2Utils.createSAMLObject(NameIDFormat.class);
+ transientnameIDFormat.setFormat(NameIDType.TRANSIENT);
+
+ spSSODescriptor.getNameIDFormats().add(transientnameIDFormat);
+
+ NameIDFormat unspecifiednameIDFormat = SAML2Utils.createSAMLObject(NameIDFormat.class);
+ unspecifiednameIDFormat.setFormat(NameIDType.UNSPECIFIED);
+
+ spSSODescriptor.getNameIDFormats().add(unspecifiednameIDFormat);
+
+ //add assertion consumer services
+ AssertionConsumerService postassertionConsumerService =
+ SAML2Utils.createSAMLObject(AssertionConsumerService.class);
+ postassertionConsumerService.setIndex(0);
+ postassertionConsumerService.setBinding(SAMLConstants.SAML2_POST_BINDING_URI);
+ postassertionConsumerService.setLocation(PVPConfiguration
+ .getInstance().getIDPSSOPostService());
+ postassertionConsumerService.setIsDefault(true);
+ spSSODescriptor.getAssertionConsumerServices().add(postassertionConsumerService);
+
+ AssertionConsumerService redirectassertionConsumerService =
+ SAML2Utils.createSAMLObject(AssertionConsumerService.class);
+ redirectassertionConsumerService.setIndex(1);
+ redirectassertionConsumerService.setBinding(SAMLConstants.SAML2_REDIRECT_BINDING_URI);
+ redirectassertionConsumerService.setLocation(PVPConfiguration
+ .getInstance().getIDPSSORedirectService());
+ spSSODescriptor.getAssertionConsumerServices().add(redirectassertionConsumerService);
+
+
+ //add SLO descriptor
+// SingleLogoutService postSLOService =
+// SAML2Utils.createSAMLObject(SingleLogoutService.class);
+// postSLOService.setLocation(PVPConfiguration
+// .getInstance().getIDPSSOPostService());
+// postSLOService
+// .setBinding(SAMLConstants.SAML2_POST_BINDING_URI);
+// spSSODescriptor.getSingleLogoutServices().add(postSLOService);
+//
+// SingleLogoutService redirectSLOService =
+// SAML2Utils.createSAMLObject(SingleLogoutService.class);
+// redirectSLOService.setLocation(PVPConfiguration
+// .getInstance().getIDPSSOPostService());
+// redirectSLOService
+// .setBinding(SAMLConstants.SAML2_REDIRECT_BINDING_URI);
+// spSSODescriptor.getSingleLogoutServices().add(redirectSLOService);
+
+
+ spSSODescriptor.addSupportedProtocol(SAMLConstants.SAML20P_NS);
+
+ AttributeConsumingService attributeService =
+ SAML2Utils.createSAMLObject(AttributeConsumingService.class);
+
+ attributeService.setIndex(0);
+ attributeService.setIsDefault(true);
+ ServiceName serviceName = SAML2Utils.createSAMLObject(ServiceName.class);
+ serviceName.setName(new LocalizedString("Default Service", "de"));
+ attributeService.getNames().add(serviceName);
+
+ return spSSODescriptor;
+ }
+
+ private IDPSSODescriptor generateIDPMetadata(KeyInfoGenerator keyInfoGenerator) throws ConfigurationException, CredentialsNotAvailableException, SecurityException {
+
+
+// //set SignatureMethode
+// signature.setSignatureAlgorithm(PVPConstants.DEFAULT_SIGNING_METHODE);
+//
+// //set DigestMethode
+// List<ContentReference> contentList = signature.getContentReferences();
+// for (ContentReference content : contentList) {
+//
+// if (content instanceof SAMLObjectContentReference) {
+//
+// SAMLObjectContentReference el = (SAMLObjectContentReference) content;
+// el.setDigestAlgorithm(PVPConstants.DEFAULT_DIGESTMETHODE);
+//
+// }
+// }
+
+
+// KeyInfoBuilder metadataKeyInfoBuilder = new KeyInfoBuilder();
+// KeyInfo metadataKeyInfo = metadataKeyInfoBuilder.buildObject();
+// //KeyInfoHelper.addCertificate(metadataKeyInfo, metadataSigningCredential.);
+// signature.setKeyInfo(metadataKeyInfo );
+
+
+ IDPSSODescriptor idpSSODescriptor = SAML2Utils
+ .createSAMLObject(IDPSSODescriptor.class);
+
+ idpSSODescriptor.addSupportedProtocol(SAMLConstants.SAML20P_NS);
+
+ idpSSODescriptor.setWantAuthnRequestsSigned(true);
+
+ if (PVPConfiguration.getInstance().getIDPSSOPostService() != null) {
+ //add SSO descriptor
+ SingleSignOnService postSingleSignOnService = SAML2Utils
+ .createSAMLObject(SingleSignOnService.class);
+ postSingleSignOnService.setLocation(PVPConfiguration
+ .getInstance().getIDPSSOPostService());
+ postSingleSignOnService
+ .setBinding(SAMLConstants.SAML2_POST_BINDING_URI);
+ idpSSODescriptor.getSingleSignOnServices().add(
+ postSingleSignOnService);
+
+ //add SLO descriptor
+// SingleLogoutService postSLOService =
+// SAML2Utils.createSAMLObject(SingleLogoutService.class);
+// postSLOService.setLocation(PVPConfiguration
+// .getInstance().getIDPSSOPostService());
+// postSLOService
+// .setBinding(SAMLConstants.SAML2_POST_BINDING_URI);
+// idpSSODescriptor.getSingleLogoutServices().add(postSLOService);
+
+ }
+
+ if (PVPConfiguration.getInstance().getIDPSSORedirectService() != null) {
+ //add SSO descriptor
+ SingleSignOnService redirectSingleSignOnService = SAML2Utils
+ .createSAMLObject(SingleSignOnService.class);
+ redirectSingleSignOnService.setLocation(PVPConfiguration
+ .getInstance().getIDPSSORedirectService());
+ redirectSingleSignOnService
+ .setBinding(SAMLConstants.SAML2_REDIRECT_BINDING_URI);
+ idpSSODescriptor.getSingleSignOnServices().add(
+ redirectSingleSignOnService);
+
+ //add SLO descriptor
+// SingleLogoutService redirectSLOService =
+// SAML2Utils.createSAMLObject(SingleLogoutService.class);
+// redirectSLOService.setLocation(PVPConfiguration
+// .getInstance().getIDPSSOPostService());
+// redirectSLOService
+// .setBinding(SAMLConstants.SAML2_REDIRECT_BINDING_URI);
+// idpSSODescriptor.getSingleLogoutServices().add(redirectSLOService);
+ }
+
+ /*if (PVPConfiguration.getInstance().getIDPResolveSOAPService() != null) {
+ ArtifactResolutionService artifactResolutionService = SAML2Utils
+ .createSAMLObject(ArtifactResolutionService.class);
+
+ artifactResolutionService
+ .setBinding(SAMLConstants.SAML2_SOAP11_BINDING_URI);
+ artifactResolutionService.setLocation(PVPConfiguration
+ .getInstance().getIDPResolveSOAPService());
+
+ artifactResolutionService.setIndex(0);
+
+ idpSSODescriptor.getArtifactResolutionServices().add(
+ artifactResolutionService);
+ }*/
+
+ //set assertion signing key
+ Credential assertionSigingCredential = CredentialProvider
+ .getIDPAssertionSigningCredential();
+
+ KeyDescriptor signKeyDescriptor = SAML2Utils
+ .createSAMLObject(KeyDescriptor.class);
+ signKeyDescriptor.setUse(UsageType.SIGNING);
+ signKeyDescriptor.setKeyInfo(keyInfoGenerator.generate(assertionSigingCredential));
+ idpSSODescriptor.getKeyDescriptors().add(signKeyDescriptor);
+
+ idpSSODescriptor.getAttributes().addAll(PVPAttributeBuilder.buildSupportedEmptyAttributes());
+
+ NameIDFormat persistenNameIDFormat = SAML2Utils.createSAMLObject(NameIDFormat.class);
+ persistenNameIDFormat.setFormat(NameIDType.PERSISTENT);
+
+ idpSSODescriptor.getNameIDFormats().add(persistenNameIDFormat);
+
+ NameIDFormat transientNameIDFormat = SAML2Utils.createSAMLObject(NameIDFormat.class);
+ transientNameIDFormat.setFormat(NameIDType.TRANSIENT);
+
+ idpSSODescriptor.getNameIDFormats().add(transientNameIDFormat);
+
+ NameIDFormat unspecifiedNameIDFormat = SAML2Utils.createSAMLObject(NameIDFormat.class);
+ unspecifiedNameIDFormat.setFormat(NameIDType.UNSPECIFIED);
+
+ idpSSODescriptor.getNameIDFormats().add(unspecifiedNameIDFormat);
+
+ return idpSSODescriptor;
+
+ }
+
}
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/PVP2XProtocol.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/PVP2XProtocol.java
index e81b23d41..863bfe501 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/PVP2XProtocol.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/PVP2XProtocol.java
@@ -22,8 +22,7 @@
*******************************************************************************/
package at.gv.egovernment.moa.id.protocols.pvp2x;
-import iaik.pkcs.pkcs11.objects.Object;
-
+import java.io.IOException;
import java.util.ArrayList;
import java.util.HashMap;
import java.util.Iterator;
@@ -31,11 +30,17 @@ import java.util.List;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
+import javax.xml.transform.TransformerException;
import org.apache.commons.lang.StringEscapeUtils;
+import org.joda.time.DateTime;
import org.opensaml.common.xml.SAMLConstants;
+import org.opensaml.saml2.core.AttributeQuery;
import org.opensaml.saml2.core.AuthnRequest;
-import org.opensaml.saml2.core.RequestAbstractType;
+import org.opensaml.saml2.core.Issuer;
+import org.opensaml.saml2.core.LogoutRequest;
+import org.opensaml.saml2.core.LogoutResponse;
+import org.opensaml.saml2.core.NameID;
import org.opensaml.saml2.core.Response;
import org.opensaml.saml2.core.Status;
import org.opensaml.saml2.core.StatusCode;
@@ -45,32 +50,53 @@ import org.opensaml.saml2.metadata.AssertionConsumerService;
import org.opensaml.saml2.metadata.AttributeConsumingService;
import org.opensaml.saml2.metadata.EntityDescriptor;
import org.opensaml.saml2.metadata.SPSSODescriptor;
+import org.opensaml.ws.security.SecurityPolicyException;
+import org.opensaml.xml.io.MarshallingException;
+import org.opensaml.xml.security.SecurityException;
+import org.opensaml.xml.signature.SignableXMLObject;
+
+import edu.emory.mathcs.backport.java.util.Arrays;
import at.gv.egovernment.moa.id.auth.MOAIDAuthConstants;
+import at.gv.egovernment.moa.id.auth.exception.InvalidProtocolRequestException;
import at.gv.egovernment.moa.id.auth.exception.MOAIDException;
import at.gv.egovernment.moa.id.auth.exception.ProtocolNotActiveException;
+import at.gv.egovernment.moa.id.auth.exception.WrongParametersException;
import at.gv.egovernment.moa.id.config.auth.AuthConfigurationProvider;
+import at.gv.egovernment.moa.id.config.auth.OAAuthParameter;
import at.gv.egovernment.moa.id.moduls.IAction;
import at.gv.egovernment.moa.id.moduls.IModulInfo;
import at.gv.egovernment.moa.id.moduls.IRequest;
import at.gv.egovernment.moa.id.moduls.NoPassivAuthenticationException;
+import at.gv.egovernment.moa.id.moduls.RequestImpl;
+import at.gv.egovernment.moa.id.moduls.RequestStorage;
+import at.gv.egovernment.moa.id.moduls.SSOManager;
import at.gv.egovernment.moa.id.protocols.pvp2x.binding.IDecoder;
import at.gv.egovernment.moa.id.protocols.pvp2x.binding.IEncoder;
-import at.gv.egovernment.moa.id.protocols.pvp2x.binding.MOARequest;
+import at.gv.egovernment.moa.id.protocols.pvp2x.binding.SoapBinding;
+import at.gv.egovernment.moa.id.protocols.pvp2x.messages.InboundMessage;
+import at.gv.egovernment.moa.id.protocols.pvp2x.messages.MOARequest;
+import at.gv.egovernment.moa.id.protocols.pvp2x.messages.MOAResponse;
import at.gv.egovernment.moa.id.protocols.pvp2x.binding.PostBinding;
import at.gv.egovernment.moa.id.protocols.pvp2x.binding.RedirectBinding;
-import at.gv.egovernment.moa.id.protocols.pvp2x.exceptions.AuthnRequestValidatorException;
+import at.gv.egovernment.moa.id.protocols.pvp2x.config.PVPConfiguration;
+import at.gv.egovernment.moa.id.protocols.pvp2x.exceptions.AssertionValidationExeption;
+import at.gv.egovernment.moa.id.protocols.pvp2x.exceptions.AttributQueryException;
import at.gv.egovernment.moa.id.protocols.pvp2x.exceptions.MandateAttributesNotHandleAbleException;
import at.gv.egovernment.moa.id.protocols.pvp2x.exceptions.NameIDFormatNotSupportedException;
import at.gv.egovernment.moa.id.protocols.pvp2x.exceptions.NoMetadataInformationException;
import at.gv.egovernment.moa.id.protocols.pvp2x.exceptions.PVP2Exception;
+import at.gv.egovernment.moa.id.protocols.pvp2x.exceptions.SLOException;
import at.gv.egovernment.moa.id.protocols.pvp2x.utils.CheckMandateAttributes;
import at.gv.egovernment.moa.id.protocols.pvp2x.utils.SAML2Utils;
import at.gv.egovernment.moa.id.protocols.pvp2x.validation.AuthnRequestValidator;
import at.gv.egovernment.moa.id.protocols.pvp2x.verification.SAMLVerificationEngine;
import at.gv.egovernment.moa.id.protocols.pvp2x.verification.TrustEngineFactory;
+import at.gv.egovernment.moa.id.util.ErrorResponseUtils;
+import at.gv.egovernment.moa.id.util.ParamValidatorUtils;
import at.gv.egovernment.moa.id.util.VelocityLogAdapter;
import at.gv.egovernment.moa.logging.Logger;
+import at.gv.egovernment.moa.util.MiscUtil;
public class PVP2XProtocol implements IModulInfo, MOAIDAuthConstants {
@@ -81,18 +107,29 @@ public class PVP2XProtocol implements IModulInfo, MOAIDAuthConstants {
public static final String POST = "Post";
public static final String SOAP = "Soap";
public static final String METADATA = "Metadata";
+ public static final String ATTRIBUTEQUERY = "AttributeQuery";
+ public static final String SINGLELOGOUT = "SingleLogOut";
private static List<IDecoder> decoder = new ArrayList<IDecoder>();
private static HashMap<String, IAction> actions = new HashMap<String, IAction>();
+ @SuppressWarnings("unchecked")
+ public static final List<String> DEFAULTREQUESTEDATTRFORINTERFEDERATION = Arrays.asList(
+ new String[] {
+ PVPConstants.EID_SECTOR_FOR_IDENTIFIER_NAME
+ });
+
static {
decoder.add(new PostBinding());
decoder.add(new RedirectBinding());
+ decoder.add(new SoapBinding());
actions.put(REDIRECT, new AuthenticationAction());
actions.put(POST, new AuthenticationAction());
actions.put(METADATA, new MetadataAction());
+ actions.put(ATTRIBUTEQUERY, new AttributQueryAction());
+ actions.put(SINGLELOGOUT, new SingleLogOutAction());
//TODO: insert getArtifact action
@@ -133,7 +170,7 @@ public class PVP2XProtocol implements IModulInfo, MOAIDAuthConstants {
public PVP2XProtocol() {
super();
}
-
+
public IRequest preProcess(HttpServletRequest request,
HttpServletResponse response, String action) throws MOAIDException {
@@ -147,6 +184,7 @@ public class PVP2XProtocol implements IModulInfo, MOAIDAuthConstants {
if(METADATA.equals(action)) {
return new PVPTargetConfiguration();
+
}
IDecoder decoder = findDecoder(action, request);
@@ -154,103 +192,88 @@ public class PVP2XProtocol implements IModulInfo, MOAIDAuthConstants {
return null;
}
try {
- PVPTargetConfiguration config = new PVPTargetConfiguration();
-
-
- MOARequest moaRequest = decoder.decodeRequest(request, response);
-
- RequestAbstractType samlReq = moaRequest.getSamlRequest();
-
- //String xml = PrettyPrinter.prettyPrint(SAML2Utils.asDOMDocument(samlReq));
- //Logger.info("SAML : " + xml);
-
- if(!moaRequest.isVerified()) {
- SAMLVerificationEngine engine = new SAMLVerificationEngine();
- engine.verifyRequest(samlReq, TrustEngineFactory.getSignatureKnownKeysTrustEngine());
- moaRequest.setVerified(true);
- }
-
- if(!(samlReq instanceof AuthnRequest)) {
- throw new MOAIDException("Unsupported request", new Object[] {});
- }
-
- EntityDescriptor metadata = moaRequest.getEntityMetadata();
- if(metadata == null) {
- throw new NoMetadataInformationException();
- }
- SPSSODescriptor spSSODescriptor = metadata.getSPSSODescriptor(SAMLConstants.SAML20P_NS);
+ InboundMessage msg = (InboundMessage) decoder.decode(request, response);
- AuthnRequest authnRequest = (AuthnRequest)samlReq;
-
- Integer aIdx = authnRequest.getAssertionConsumerServiceIndex();
- int assertionidx = 0;
-
- if(aIdx != null) {
- assertionidx = aIdx.intValue();
+ if (MiscUtil.isEmpty(msg.getEntityID())) {
+ throw new InvalidProtocolRequestException("pvp2.20", new Object[] {});
- } else {
- assertionidx = SAML2Utils.getDefaultAssertionConsumerServiceIndex(spSSODescriptor);
}
- aIdx = authnRequest.getAttributeConsumingServiceIndex();
- int attributeIdx = 0;
-
- if(aIdx != null) {
- attributeIdx = aIdx.intValue();
+ if(!msg.isVerified()) {
+ SAMLVerificationEngine engine = new SAMLVerificationEngine();
+ engine.verify(msg, TrustEngineFactory.getSignatureKnownKeysTrustEngine());
+ msg.setVerified(true);
+
}
+
+ if (msg instanceof MOARequest &&
+ ((MOARequest)msg).getSamlRequest() instanceof AuthnRequest)
+ return preProcessAuthRequest(request, response, (MOARequest) msg);
- AssertionConsumerService consumerService = spSSODescriptor.getAssertionConsumerServices().get(assertionidx);
+ else if (msg instanceof MOARequest &&
+ ((MOARequest)msg).getSamlRequest() instanceof AttributeQuery)
+ return preProcessAttributQueryRequest(request, response, (MOARequest) msg);
+
+ else if (msg instanceof MOARequest &&
+ ((MOARequest)msg).getSamlRequest() instanceof LogoutRequest)
+ return preProcessLogOut(request, response, (MOARequest) msg);
- AttributeConsumingService attributeConsumer = null;
+ else if (msg instanceof MOARequest &&
+ ((MOARequest)msg).getSamlRequest() instanceof LogoutResponse)
+ return preProcessLogOut(request, response, (MOARequest) msg);
- if (spSSODescriptor.getAttributeConsumingServices() != null &&
- spSSODescriptor.getAttributeConsumingServices().size() > 0) {
- attributeConsumer = spSSODescriptor.getAttributeConsumingServices().get(attributeIdx);
- }
+ else if (msg instanceof MOAResponse) {
+ //load service provider AuthRequest from session
+
+ IRequest obj = RequestStorage.getPendingRequest(msg.getRelayState());
+ if (obj instanceof RequestImpl) {
+ RequestImpl iReqSP = (RequestImpl) obj;
+
+ MOAResponse processedMsg = preProcessAuthResponse((MOAResponse) msg);
+
+ if ( processedMsg != null ) {
+ iReqSP.setInterfederationResponse(processedMsg);
+
+ } else {
+ Logger.info("Interfederated IDP " + msg.getEntityID() + " has NO valid SSO session."
+ +". Switch back local authentication process ...");
- String oaURL = moaRequest.getEntityMetadata().getEntityID();
- String binding = consumerService.getBinding();
-// String entityID = moaRequest.getEntityMetadata().getEntityID();
-
- Logger.info("Dispatch PVP2 Request: OAURL=" + oaURL + " Binding=" + binding);
-
- oaURL = StringEscapeUtils.escapeHtml(oaURL);
-
- config.setOAURL(oaURL);
- config.setBinding(binding);
- config.setRequest(moaRequest);
- config.setConsumerURL(consumerService.getLocation());
+ SSOManager ssomanager = SSOManager.getInstance();
+ ssomanager.removeInterfederatedSSOIDP(msg.getEntityID(), request);
+
+ iReqSP.setRequestedIDP(null);
- String useMandate = request.getParameter(PARAM_USEMANDATE);
- if(useMandate != null) {
- if(useMandate.equals("true") && attributeConsumer != null) {
- if(!CheckMandateAttributes.canHandleMandate(attributeConsumer)) {
- throw new MandateAttributesNotHandleAbleException();
}
+
+ return iReqSP;
+
}
- }
- //validate AuthnRequest
- try {
- AuthnRequestValidator.validate((AuthnRequestImpl) samlReq);
-
- } catch (AuthnRequestValidatorException e) {
- if (generateErrorMessage(e, request, response, config)) {
- throw new AuthnRequestValidatorException(e.getMessage(),
- new Object[] {}, config);
-
- } else {
- throw new MOAIDException(e.getMessage(), new Object[] {});
-
- }
+ Logger.error("Stored PVP21 authrequest from service provider has an unsuppored type.");
+ return null;
+
+ } else {
+ Logger.error("Receive unsupported PVP21 message");
+ throw new MOAIDException("Unsupported PVP21 message", new Object[] {});
}
-
- //request.getSession().setAttribute(PARAM_OA, oaURL);
- return config;
-
} catch (PVP2Exception e) {
throw e;
+
+ } catch (SecurityPolicyException e) {
+ String samlRequest = request.getParameter("SAMLRequest");
+ Logger.warn("Receive INVALID protocol request: " + samlRequest, e);
+ throw new InvalidProtocolRequestException("pvp2.21", new Object[] {});
+
+ } catch (SecurityException e) {
+ String samlRequest = request.getParameter("SAMLRequest");
+ Logger.warn("Receive INVALID protocol request: " + samlRequest, e);
+ throw new InvalidProtocolRequestException("pvp2.22", new Object[] {e.getMessage()});
+
+ } catch (InvalidProtocolRequestException e) {
+ String samlRequest = request.getParameter("SAMLRequest");
+ Logger.warn("Receive INVALID protocol request: " + samlRequest, e);
+ throw e;
} catch (Throwable e) {
String samlRequest = request.getParameter("SAMLRequest");
@@ -278,6 +301,10 @@ public class PVP2XProtocol implements IModulInfo, MOAIDAuthConstants {
Status status = SAML2Utils.createSAMLObject(Status.class);
StatusCode statusCode = SAML2Utils.createSAMLObject(StatusCode.class);
StatusMessage statusMessage = SAML2Utils.createSAMLObject(StatusMessage.class);
+
+ ErrorResponseUtils errorUtils = ErrorResponseUtils.getInstance();
+ String moaError = null;
+
if(e instanceof NoPassivAuthenticationException) {
statusCode.setValue(StatusCode.NO_PASSIVE_URI);
statusMessage.setMessage(StringEscapeUtils.escapeXml(e.getLocalizedMessage()));
@@ -285,6 +312,10 @@ public class PVP2XProtocol implements IModulInfo, MOAIDAuthConstants {
} else if (e instanceof NameIDFormatNotSupportedException) {
statusCode.setValue(StatusCode.INVALID_NAMEID_POLICY_URI);
statusMessage.setMessage(StringEscapeUtils.escapeXml(e.getLocalizedMessage()));
+
+ } else if (e instanceof SLOException) {
+ //SLOExecpetions only occurs if session information is lost
+ return false;
} else if(e instanceof PVP2Exception) {
PVP2Exception ex = (PVP2Exception) e;
@@ -292,11 +323,20 @@ public class PVP2XProtocol implements IModulInfo, MOAIDAuthConstants {
String statusMessageValue = ex.getStatusMessageValue();
if(statusMessageValue != null) {
statusMessage.setMessage(StringEscapeUtils.escapeXml(statusMessageValue));
- }
+ }
+ moaError = errorUtils.mapInternalErrorToExternalError(ex.getMessageId());
} else {
statusCode.setValue(StatusCode.RESPONDER_URI);
statusMessage.setMessage(StringEscapeUtils.escapeXml(e.getLocalizedMessage()));
+ moaError = errorUtils.getResponseErrorCode(e);
+ }
+
+
+ if (MiscUtil.isNotEmpty(moaError)) {
+ StatusCode moaStatusCode = SAML2Utils.createSAMLObject(StatusCode.class);
+ moaStatusCode.setValue(moaError);
+ statusCode.setStatusCode(moaStatusCode);
}
status.setStatusCode(statusCode);
@@ -306,16 +346,27 @@ public class PVP2XProtocol implements IModulInfo, MOAIDAuthConstants {
samlResponse.setStatus(status);
String remoteSessionID = SAML2Utils.getSecureIdentifier();
samlResponse.setID(remoteSessionID);
-
+
+ samlResponse.setIssueInstant(new DateTime());
+ Issuer nissuer = SAML2Utils.createSAMLObject(Issuer.class);
+ nissuer.setValue(PVPConfiguration.getInstance().getIDPPublicPath());
+ nissuer.setFormat(NameID.ENTITY);
+ samlResponse.setIssuer(nissuer);
+
IEncoder encoder = null;
- if(pvpRequest.getBinding().equals(SAMLConstants.SAML2_REDIRECT_BINDING_URI)) {
+ if(pvpRequest.getBinding().equals(SAMLConstants.SAML2_REDIRECT_BINDING_URI)) {
encoder = new RedirectBinding();
- } else if(pvpRequest.getBinding().equals(SAMLConstants.SAML2_ARTIFACT_BINDING_URI)) {
+
+ } else if(pvpRequest.getBinding().equals(SAMLConstants.SAML2_ARTIFACT_BINDING_URI)) {
// TODO: not supported YET!!
//binding = new ArtifactBinding();
+
} else if(pvpRequest.getBinding().equals(SAMLConstants.SAML2_POST_BINDING_URI)) {
encoder = new PostBinding();
+
+ } else if (pvpRequest.getBinding().equals(SAMLConstants.SAML2_SOAP11_BINDING_URI)) {
+ encoder = new SoapBinding();
}
if(encoder == null) {
@@ -340,8 +391,10 @@ public class PVP2XProtocol implements IModulInfo, MOAIDAuthConstants {
HttpServletResponse response) {
if(request.getParameter("SAMLRequest") != null && request.getMethod().equals("GET")) {
return getAction(REDIRECT);
+
} else if(request.getParameter("SAMLRequest") != null && request.getMethod().equals("POST")) {
return getAction(POST);
+
}
if(METADATA.equals(request.getParameter("action"))) {
@@ -352,8 +405,240 @@ public class PVP2XProtocol implements IModulInfo, MOAIDAuthConstants {
public boolean validate(HttpServletRequest request,
HttpServletResponse response, IRequest pending) {
- // TODO implement validation!
+
return true;
}
+
+ /**
+ * PreProcess Single LogOut request
+ * @param request
+ * @param response
+ * @param msg
+ * @return
+ * @throws MOAIDException
+ */
+ private IRequest preProcessLogOut(HttpServletRequest request,
+ HttpServletResponse response, MOARequest msg) throws MOAIDException {
+
+ PVPTargetConfiguration config = new PVPTargetConfiguration();
+
+ if (((MOARequest)msg).getSamlRequest() instanceof LogoutRequest) {
+ //preProcess single logout request from service provider
+
+ EntityDescriptor metadata = msg.getEntityMetadata();
+ if(metadata == null) {
+ throw new NoMetadataInformationException();
+ }
+
+
+
+ String oaURL = metadata.getEntityID();
+ oaURL = StringEscapeUtils.escapeHtml(oaURL);
+
+ Logger.info("Dispatch PVP2 SingleLogOut: OAURL=" + oaURL + " Binding=" + msg.getRequestBinding());
+
+ config.setOAURL(oaURL);
+ config.setBinding(msg.getRequestBinding());
+
+
+ } else if (((MOARequest)msg).getSamlRequest() instanceof LogoutResponse) {
+ //preProcess single logour response from service provider
+
+ LogoutResponse resp = (LogoutResponse) (((MOARequest)msg).getSamlRequest());
+
+ Logger.debug("PreProcess SLO Response from " + resp.getIssuer());
+
+ if (!resp.getDestination().startsWith(
+ PVPConfiguration.getInstance().getIDPPublicPath())) {
+ Logger.warn("PVP 2.1 single logout response destination does not match to IDP URL");
+ throw new AssertionValidationExeption("PVP 2.1 single logout response destination does not match to IDP URL", null);
+
+ }
+
+ //TODO: check if relayState exists
+ msg.getRelayState();
+
+
+ } else
+ throw new MOAIDException("Unsupported request", new Object[] {});
+
+
+ config.setRequest(msg);
+ config.setAction(SINGLELOGOUT);
+ return config;
+ }
+
+ /**
+ * PreProcess AttributeQuery request
+ * @param request
+ * @param response
+ * @param moaRequest
+ * @return
+ * @throws Throwable
+ */
+ private IRequest preProcessAttributQueryRequest(HttpServletRequest request,
+ HttpServletResponse response, MOARequest moaRequest) throws Throwable {
+
+ AttributeQuery attrQuery = (AttributeQuery) moaRequest.getSamlRequest();
+ moaRequest.setEntityID(attrQuery.getIssuer().getValue());
+
+ //validate destination
+ String destinaten = attrQuery.getDestination();
+ if (!PVPConfiguration.getInstance().getIDPAttributeQueryService().equals(destinaten)) {
+ Logger.warn("AttributeQuery destination does not match IDP AttributeQueryService URL");
+ throw new AttributQueryException("AttributeQuery destination does not match IDP AttributeQueryService URL", null);
+
+ }
+
+ //check if Issuer is an interfederation IDP
+ // check parameter
+ if (!ParamValidatorUtils.isValidOA(moaRequest.getEntityID()))
+ throw new WrongParametersException("StartAuthentication",
+ PARAM_OA, "auth.12");
+
+ OAAuthParameter oa = AuthConfigurationProvider.getInstance().getOnlineApplicationParameter(moaRequest.getEntityID());
+ if (!oa.isInderfederationIDP()) {
+ Logger.warn("AttributeQuery requests are only allowed for interfederation IDPs.");
+ throw new AttributQueryException("AttributeQuery requests are only allowed for interfederation IDPs.", null);
+
+ }
+
+ if (!oa.isOutboundSSOInterfederationAllowed()) {
+ Logger.warn("Interfederation IDP " + oa.getPublicURLPrefix() + " does not allow outgoing SSO interfederation.");
+ throw new AttributQueryException("Interfederation IDP does not allow outgoing SSO interfederation.", null);
+
+ }
+
+ PVPTargetConfiguration config = new PVPTargetConfiguration();
+ config.setRequest(moaRequest);
+ config.setOAURL(moaRequest.getEntityID());
+ config.setBinding(SAMLConstants.SAML2_SOAP11_BINDING_URI);
+
+ return config;
+ }
+
+ /**
+ * PreProcess Authn request
+ * @param request
+ * @param response
+ * @param moaRequest
+ * @return
+ * @throws Throwable
+ */
+ private IRequest preProcessAuthRequest(HttpServletRequest request,
+ HttpServletResponse response, MOARequest moaRequest) throws Throwable {
+
+ SignableXMLObject samlReq = moaRequest.getSamlRequest();
+
+ if(!(samlReq instanceof AuthnRequest)) {
+ throw new MOAIDException("Unsupported request", new Object[] {});
+ }
+
+ EntityDescriptor metadata = moaRequest.getEntityMetadata();
+ if(metadata == null) {
+ throw new NoMetadataInformationException();
+ }
+ SPSSODescriptor spSSODescriptor = metadata.getSPSSODescriptor(SAMLConstants.SAML20P_NS);
+
+ AuthnRequest authnRequest = (AuthnRequest)samlReq;
+
+ Integer aIdx = authnRequest.getAssertionConsumerServiceIndex();
+ int assertionidx = 0;
+
+ if(aIdx != null) {
+ assertionidx = aIdx.intValue();
+
+ } else {
+ assertionidx = SAML2Utils.getDefaultAssertionConsumerServiceIndex(spSSODescriptor);
+ }
+
+ aIdx = authnRequest.getAttributeConsumingServiceIndex();
+ int attributeIdx = 0;
+
+ if(aIdx != null) {
+ attributeIdx = aIdx.intValue();
+ }
+
+ AssertionConsumerService consumerService = spSSODescriptor.getAssertionConsumerServices().get(assertionidx);
+
+ AttributeConsumingService attributeConsumer = null;
+
+ if (spSSODescriptor.getAttributeConsumingServices() != null &&
+ spSSODescriptor.getAttributeConsumingServices().size() > 0) {
+ attributeConsumer = spSSODescriptor.getAttributeConsumingServices().get(attributeIdx);
+ }
+
+ PVPTargetConfiguration config = new PVPTargetConfiguration();
+
+ String oaURL = moaRequest.getEntityMetadata().getEntityID();
+ String binding = consumerService.getBinding();
+
+ Logger.info("Dispatch PVP2 AuthnRequest: OAURL=" + oaURL + " Binding=" + binding);
+
+ oaURL = StringEscapeUtils.escapeHtml(oaURL);
+
+ config.setOAURL(oaURL);
+ config.setBinding(binding);
+ config.setRequest(moaRequest);
+ config.setConsumerURL(consumerService.getLocation());
+
+ //parse AuthRequest
+ AuthnRequestImpl authReq = (AuthnRequestImpl) samlReq;
+ config.setPassiv(authReq.isPassive());
+ config.setForce(authReq.isForceAuthn());
+
+ //validate AuthnRequest
+ AuthnRequestValidator.validate(authReq);
+
+ String useMandate = request.getParameter(PARAM_USEMANDATE);
+ if(useMandate != null) {
+ if(useMandate.equals("true") && attributeConsumer != null) {
+ if(!CheckMandateAttributes.canHandleMandate(attributeConsumer)) {
+ throw new MandateAttributesNotHandleAbleException();
+ }
+ }
+ }
+
+ return config;
+ }
+
+ /**
+ * PreProcess AuthResponse and Assertion
+ * @param msg
+ */
+ private MOAResponse preProcessAuthResponse(MOAResponse msg) {
+ Logger.debug("Start PVP21 assertion processing... ");
+ Response samlResp = msg.getResponse();
+
+ try {
+ if (samlResp.getStatus().getStatusCode().getValue().equals(StatusCode.SUCCESS_URI)) {
+
+ //validate PVP 2.1 assertion
+ SAMLVerificationEngine.validateAssertion(samlResp, true);
+
+ msg.setSAMLMessage(SAML2Utils.asDOMDocument(samlResp).getDocumentElement());
+ return msg;
+
+ } else {
+ Logger.debug("Receive StatusCode " + samlResp.getStatus().getStatusCode().getValue()
+ + " from interfederated IDP.");
+
+ }
+
+ } catch (IOException e) {
+ Logger.warn("Interfederation response marshaling FAILED.", e);
+
+ } catch (MarshallingException e) {
+ Logger.warn("Interfederation response marshaling FAILED.", e);
+
+ } catch (TransformerException e) {
+ Logger.warn("Interfederation response marshaling FAILED.", e);
+
+ } catch (AssertionValidationExeption e) {
+ //error is already logged, to nothing
+ }
+
+ return null;
+ }
}
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/PVPConstants.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/PVPConstants.java
index 7946c7596..47c297914 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/PVPConstants.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/PVPConstants.java
@@ -27,6 +27,8 @@ import org.opensaml.xml.signature.SignatureConstants;
public interface PVPConstants {
+ public static final String SSLSOCKETFACTORYNAME = "MOAMetaDataProvider";
+
public static final String DEFAULT_SIGNING_METHODE = SignatureConstants.ALGO_ID_SIGNATURE_RSA_SHA256;
public static final String DEFAULT_DIGESTMETHODE = SignatureConstants.ALGO_ID_DIGEST_SHA256;
public static final String DEFAULT_SYM_ENCRYPTION_METHODE = EncryptionConstants.ALGO_ID_BLOCKCIPHER_AES128;
@@ -39,6 +41,8 @@ public interface PVPConstants {
public static final String STORK_QAA_1_3 = "http://www.stork.gov.eu/1.0/citizenQAALevel/3";
public static final String STORK_QAA_1_4 = "http://www.stork.gov.eu/1.0/citizenQAALevel/4";
+ public static final String STORK_ATTRIBUTE_PREFIX = "http://www.stork.gov.eu/1.0/";
+
public static final String URN_OID_PREFIX = "urn:oid:";
public static final String PVP_VERSION_OID = "1.2.40.0.10.2.1.1.261.10";
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/PVPTargetConfiguration.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/PVPTargetConfiguration.java
index b3887a444..65da23565 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/PVPTargetConfiguration.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/PVPTargetConfiguration.java
@@ -22,22 +22,41 @@
*******************************************************************************/
package at.gv.egovernment.moa.id.protocols.pvp2x;
+import java.util.HashMap;
+import java.util.List;
+import java.util.Map;
+
+import org.opensaml.common.xml.SAMLConstants;
+import org.opensaml.saml2.core.Attribute;
+import org.opensaml.saml2.core.impl.AuthnRequestImpl;
+import org.opensaml.saml2.metadata.AttributeConsumingService;
+import org.opensaml.saml2.metadata.RequestedAttribute;
+import org.opensaml.saml2.metadata.SPSSODescriptor;
+
+import at.gv.egovernment.moa.id.config.ConfigurationException;
+import at.gv.egovernment.moa.id.config.auth.AuthConfigurationProvider;
+import at.gv.egovernment.moa.id.config.auth.OAAuthParameter;
import at.gv.egovernment.moa.id.moduls.RequestImpl;
-import at.gv.egovernment.moa.id.protocols.pvp2x.binding.MOARequest;
+import at.gv.egovernment.moa.id.protocols.pvp2x.builder.AttributQueryBuilder;
+import at.gv.egovernment.moa.id.protocols.pvp2x.exceptions.NoMetadataInformationException;
+import at.gv.egovernment.moa.id.protocols.pvp2x.messages.InboundMessage;
+import at.gv.egovernment.moa.id.protocols.pvp2x.messages.MOARequest;
+import at.gv.egovernment.moa.id.protocols.pvp2x.messages.MOAResponse;
+import at.gv.egovernment.moa.logging.Logger;
public class PVPTargetConfiguration extends RequestImpl {
private static final long serialVersionUID = 4889919265919638188L;
- MOARequest request;
+ InboundMessage request;
String binding;
String consumerURL;
-
- public MOARequest getRequest() {
+
+ public InboundMessage getRequest() {
return request;
}
- public void setRequest(MOARequest request) {
+ public void setRequest(InboundMessage request) {
this.request = request;
}
@@ -55,6 +74,67 @@ public class PVPTargetConfiguration extends RequestImpl {
public void setConsumerURL(String consumerURL) {
this.consumerURL = consumerURL;
+
}
-
+
+ /* (non-Javadoc)
+ * @see at.gv.egovernment.moa.id.moduls.RequestImpl#getRequestedAttributes()
+ */
+ @Override
+ public List<Attribute> getRequestedAttributes() {
+
+ Map<String, String> reqAttr = new HashMap<String, String>();
+ for (String el : PVP2XProtocol.DEFAULTREQUESTEDATTRFORINTERFEDERATION)
+ reqAttr.put(el, "");
+
+ try {
+ OAAuthParameter oa = AuthConfigurationProvider.getInstance().getOnlineApplicationParameter(getOAURL());
+
+ SPSSODescriptor spSSODescriptor = getRequest().getEntityMetadata().getSPSSODescriptor(SAMLConstants.SAML20P_NS);
+ if (spSSODescriptor.getAttributeConsumingServices() != null &&
+ spSSODescriptor.getAttributeConsumingServices().size() > 0) {
+
+ Integer aIdx = null;
+ if (getRequest() instanceof MOARequest &&
+ ((MOARequest)getRequest()).getSamlRequest() instanceof AuthnRequestImpl) {
+ AuthnRequestImpl authnRequest = (AuthnRequestImpl)((MOARequest)getRequest()).getSamlRequest();
+ aIdx = authnRequest.getAttributeConsumingServiceIndex();
+
+ } else {
+ Logger.error("MOARequest is NOT of type AuthnRequest");
+ }
+
+ int idx = 0;
+
+ AttributeConsumingService attributeConsumingService = null;
+
+ if (aIdx != null) {
+ idx = aIdx.intValue();
+ attributeConsumingService = spSSODescriptor
+ .getAttributeConsumingServices().get(idx);
+
+ } else {
+ List<AttributeConsumingService> attrConsumingServiceList = spSSODescriptor.getAttributeConsumingServices();
+ for (AttributeConsumingService el : attrConsumingServiceList) {
+ if (el.isDefault())
+ attributeConsumingService = el;
+ }
+ }
+
+ for ( RequestedAttribute attr : attributeConsumingService.getRequestAttributes())
+ reqAttr.put(attr.getName(), "");
+ }
+
+ return AttributQueryBuilder.buildSAML2AttributeList(oa, reqAttr.keySet().iterator());
+
+ } catch (NoMetadataInformationException e) {
+ Logger.warn("NO metadata found for Entity " + getRequest().getEntityID());
+ return null;
+
+ } catch (ConfigurationException e) {
+ Logger.error("Load configuration for OA " + getOAURL() + " FAILED", e);
+ return null;
+ }
+
+ }
}
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/SingleLogOutAction.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/SingleLogOutAction.java
new file mode 100644
index 000000000..c67d10ab7
--- /dev/null
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/SingleLogOutAction.java
@@ -0,0 +1,361 @@
+/*
+ * Copyright 2014 Federal Chancellery Austria
+ * MOA-ID has been developed in a cooperation between BRZ, the Federal
+ * Chancellery Austria - ICT staff unit, and Graz University of Technology.
+ *
+ * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by
+ * the European Commission - subsequent versions of the EUPL (the "Licence");
+ * You may not use this work except in compliance with the Licence.
+ * You may obtain a copy of the Licence at:
+ * http://www.osor.eu/eupl/
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the Licence is distributed on an "AS IS" basis,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the Licence for the specific language governing permissions and
+ * limitations under the Licence.
+ *
+ * This product combines work with different licenses. See the "NOTICE" text
+ * file for details on the various modules and licenses.
+ * The "NOTICE" text file is part of the distribution. Any derivative works
+ * that you distribute must include a readable copy of the "NOTICE" text file.
+ */
+package at.gv.egovernment.moa.id.protocols.pvp2x;
+
+import java.util.Iterator;
+import java.util.List;
+
+import javax.servlet.http.HttpServletRequest;
+import javax.servlet.http.HttpServletResponse;
+
+import org.opensaml.common.xml.SAMLConstants;
+import org.opensaml.saml2.core.LogoutRequest;
+import org.opensaml.saml2.core.LogoutResponse;
+import org.opensaml.saml2.core.RequestAbstractType;
+import org.opensaml.saml2.core.Status;
+import org.opensaml.saml2.core.StatusCode;
+import org.opensaml.saml2.metadata.SingleLogoutService;
+import org.opensaml.ws.message.encoder.MessageEncodingException;
+import org.opensaml.ws.soap.common.SOAPException;
+import org.opensaml.xml.XMLObject;
+import org.opensaml.xml.security.SecurityException;
+
+import at.gv.egovernment.moa.id.auth.data.AuthenticationSession;
+import at.gv.egovernment.moa.id.auth.exception.MOAIDException;
+import at.gv.egovernment.moa.id.commons.db.dao.session.OASessionStore;
+import at.gv.egovernment.moa.id.commons.db.ex.MOADatabaseException;
+import at.gv.egovernment.moa.id.config.auth.AuthConfigurationProvider;
+import at.gv.egovernment.moa.id.data.IAuthData;
+import at.gv.egovernment.moa.id.data.SLOInformationContainer;
+import at.gv.egovernment.moa.id.data.SLOInformationImpl;
+import at.gv.egovernment.moa.id.data.SLOInformationInterface;
+import at.gv.egovernment.moa.id.moduls.IAction;
+import at.gv.egovernment.moa.id.moduls.IRequest;
+import at.gv.egovernment.moa.id.moduls.SSOManager;
+import at.gv.egovernment.moa.id.protocols.pvp2x.binding.IEncoder;
+import at.gv.egovernment.moa.id.protocols.pvp2x.binding.PostBinding;
+import at.gv.egovernment.moa.id.protocols.pvp2x.binding.RedirectBinding;
+import at.gv.egovernment.moa.id.protocols.pvp2x.builder.SingleLogOutBuilder;
+import at.gv.egovernment.moa.id.protocols.pvp2x.exceptions.BindingNotSupportedException;
+import at.gv.egovernment.moa.id.protocols.pvp2x.exceptions.SLOException;
+import at.gv.egovernment.moa.id.protocols.pvp2x.messages.MOARequest;
+import at.gv.egovernment.moa.id.protocols.pvp2x.utils.MOASAMLSOAPClient;
+import at.gv.egovernment.moa.id.storage.AssertionStorage;
+import at.gv.egovernment.moa.id.storage.AuthenticationSessionStoreage;
+import at.gv.egovernment.moa.id.util.Random;
+import at.gv.egovernment.moa.logging.Logger;
+import at.gv.egovernment.moa.util.MiscUtil;
+
+/**
+ * @author tlenz
+ *
+ */
+public class SingleLogOutAction implements IAction {
+
+ /* (non-Javadoc)
+ * @see at.gv.egovernment.moa.id.moduls.IAction#processRequest(at.gv.egovernment.moa.id.moduls.IRequest, javax.servlet.http.HttpServletRequest, javax.servlet.http.HttpServletResponse, at.gv.egovernment.moa.id.data.IAuthData)
+ */
+ @Override
+ public SLOInformationInterface processRequest(IRequest req,
+ HttpServletRequest httpReq, HttpServletResponse httpResp,
+ IAuthData authData) throws MOAIDException {
+
+ PVPTargetConfiguration pvpReq = (PVPTargetConfiguration) req;
+
+ if (pvpReq.getRequest() instanceof MOARequest) {
+ MOARequest samlReq = (MOARequest) pvpReq.getRequest();
+ if (samlReq.getSamlRequest() instanceof LogoutRequest) {
+ Logger.debug("Process Single LogOut request");
+ LogoutRequest logOutReq = (LogoutRequest) samlReq.getSamlRequest();
+
+ AuthenticationSession session =
+ AuthenticationSessionStoreage.searchMOASessionWithNameIDandOAID(
+ logOutReq.getIssuer().getValue(),
+ logOutReq.getNameID().getValue());
+
+ if (session == null) {
+ Logger.warn("Can not find active SSO session with nameID "
+ + logOutReq.getNameID().getValue() + " and OA "
+ + logOutReq.getIssuer().getValue());
+ Logger.info("Search active SSO session with SSO session cookie");
+ SSOManager ssomanager = SSOManager.getInstance();
+ String ssoID = ssomanager.getSSOSessionID(httpReq);
+ if (MiscUtil.isEmpty(ssoID)) {
+ Logger.warn("Can not find active Session. Single LogOut not possible!");
+ SingleLogoutService sloService = SingleLogOutBuilder.getResponseSLODescriptor(pvpReq);
+ LogoutResponse message = SingleLogOutBuilder.buildSLOErrorResponse(sloService, pvpReq);
+ sendFrontChannelSLOMessage(sloService, message, httpReq, httpResp, samlReq.getRelayState());
+ return null;
+
+ } else {
+ String moasession = ssomanager.getMOASession(ssoID);
+ try {
+ session = AuthenticationSessionStoreage.getSession(moasession);
+
+ } catch (MOADatabaseException e) {
+ Logger.warn("Can not find active Session. Single LogOut not possible!");
+ SingleLogoutService sloService = SingleLogOutBuilder.getResponseSLODescriptor(pvpReq);
+ LogoutResponse message = SingleLogOutBuilder.buildSLOErrorResponse(sloService, pvpReq);
+ sendFrontChannelSLOMessage(sloService, message, httpReq, httpResp, samlReq.getRelayState());
+ return null;
+
+ }
+ }
+ }
+
+ //store active OAs to SLOContaine
+ List<OASessionStore> dbOAs = AuthenticationSessionStoreage.getAllActiveOAFromMOASession(session);
+ SLOInformationContainer sloContainer = new SLOInformationContainer();
+ sloContainer.setSloRequest(pvpReq);
+ sloContainer.parseActiveOAs(dbOAs, logOutReq.getIssuer().getValue());
+
+ //terminate MOASession
+ try {
+ AuthenticationSessionStoreage.destroySession(session.getSessionID());
+
+ } catch (MOADatabaseException e) {
+ Logger.warn("Delete MOASession FAILED.");
+ sloContainer.putFailedOA(AuthConfigurationProvider.getInstance().getPublicURLPrefix());
+
+ }
+
+ //start service provider back channel logout process
+ Iterator<String> nextOAInterator = sloContainer.getNextBackChannelOA();
+ while (nextOAInterator.hasNext()) {
+ SLOInformationImpl sloDescr = sloContainer.getBackChannelOASessionDescripten(nextOAInterator.next());
+ LogoutRequest sloReq = SingleLogOutBuilder.buildSLORequestMessage(sloDescr);
+
+ try {
+ List<XMLObject> soapResp = MOASAMLSOAPClient.send(sloDescr.getServiceURL(), sloReq);
+
+ LogoutResponse sloResp = null;
+ for (XMLObject el : soapResp) {
+ if (el instanceof LogoutResponse)
+ sloResp = (LogoutResponse) el;
+ }
+
+ if (sloResp == null) {
+ Logger.warn("Single LogOut for OA " + sloReq.getIssuer().getValue()
+ + " FAILED. NO LogOut response received.");
+ sloContainer.putFailedOA(sloReq.getIssuer().getValue());
+
+ }
+
+ checkStatusCode(sloContainer, sloResp);
+
+ } catch (SOAPException e) {
+ Logger.warn("Single LogOut for OA " + sloReq.getIssuer().getValue()
+ + " FAILED.", e);
+ sloContainer.putFailedOA(sloReq.getIssuer().getValue());
+
+ } catch (SecurityException e) {
+ Logger.warn("Single LogOut for OA " + sloReq.getIssuer().getValue()
+ + " FAILED.", e);
+ sloContainer.putFailedOA(sloReq.getIssuer().getValue());
+
+ }
+ }
+
+ //start service provider front channel logout process
+ try {
+ doFrontChannelLogOut(sloContainer, httpReq, httpResp);
+
+ } catch (MOADatabaseException e) {
+ Logger.error("MOA AssertionDatabase ERROR", e);
+ SingleLogoutService sloService = SingleLogOutBuilder.getResponseSLODescriptor(pvpReq);
+ LogoutResponse message = SingleLogOutBuilder.buildSLOErrorResponse(sloService, pvpReq);
+ sendFrontChannelSLOMessage(sloService, message, httpReq, httpResp, samlReq.getRelayState());
+ return null;
+
+ }
+
+ } else if (samlReq.getSamlRequest() instanceof LogoutResponse) {
+ Logger.debug("Process Single LogOut response");
+ LogoutResponse logOutResp = (LogoutResponse) samlReq.getSamlRequest();
+
+ try {
+ if (MiscUtil.isEmpty(samlReq.getRelayState())) {
+ Logger.warn("SLO Response from " + logOutResp.getIssuer().getValue()
+ + " has no SAML2 RelayState.");
+ throw new SLOException("pvp2.19", null);
+
+ }
+
+ SLOInformationContainer sloContainer =
+ AssertionStorage.getInstance().get(samlReq.getRelayState(), SLOInformationContainer.class);
+ checkStatusCode(sloContainer, logOutResp);
+ sloContainer.removeFrontChannelOA(logOutResp.getIssuer().getValue());
+ doFrontChannelLogOut(sloContainer, httpReq, httpResp);
+
+ } catch (MOADatabaseException e) {
+ Logger.error("MOA AssertionDatabase ERROR", e);
+ throw new SLOException("pvp2.19", null);
+
+ }
+
+ } else {
+ Logger.error("Process SingleLogOutAction but request is NOT of type LogoutRequest or LogoutResponse.");
+ throw new MOAIDException("pvp2.13", null);
+
+ }
+
+ } else {
+ Logger.error("Process SingleLogOutAction but request is NOT of type MOARequest.");
+ throw new MOAIDException("pvp2.13", null);
+
+ }
+
+ return null;
+ }
+
+ /* (non-Javadoc)
+ * @see at.gv.egovernment.moa.id.moduls.IAction#needAuthentication(at.gv.egovernment.moa.id.moduls.IRequest, javax.servlet.http.HttpServletRequest, javax.servlet.http.HttpServletResponse)
+ */
+ @Override
+ public boolean needAuthentication(IRequest req, HttpServletRequest httpReq,
+ HttpServletResponse httpResp) {
+ return false;
+ }
+
+ /* (non-Javadoc)
+ * @see at.gv.egovernment.moa.id.moduls.IAction#getDefaultActionName()
+ */
+ @Override
+ public String getDefaultActionName() {
+ return PVP2XProtocol.SINGLELOGOUT;
+ }
+
+ private void checkStatusCode(SLOInformationContainer sloContainer, LogoutResponse logOutResp) {
+ Status status = logOutResp.getStatus();
+ if (!status.getStatusCode().equals(StatusCode.SUCCESS_URI)) {
+ Logger.warn("Single LogOut for OA " + logOutResp.getIssuer().getValue()
+ + " FAILED. (ResponseCode: " + status.getStatusCode().getValue()
+ + " Message: " + status.getStatusMessage().getMessage() + ")");
+ sloContainer.putFailedOA(logOutResp.getIssuer().getValue());
+
+ } else
+ Logger.debug("Single LogOut for OA " + logOutResp.getIssuer().getValue() + " SUCCESS");
+
+ }
+
+ private void doFrontChannelLogOut(SLOInformationContainer sloContainer,
+ HttpServletRequest httpReq, HttpServletResponse httpResp
+ ) throws MOAIDException, MOADatabaseException {
+ String nextOA = sloContainer.getNextFrontChannelOA();
+ if (MiscUtil.isNotEmpty(nextOA)) {
+ SLOInformationImpl sloDescr = sloContainer.getFrontChannelOASessionDescripten(nextOA);
+ LogoutRequest sloReq = SingleLogOutBuilder.buildSLORequestMessage(sloDescr);
+ String relayState = Random.nextRandom();
+
+ AssertionStorage.getInstance().put(relayState, sloContainer);
+
+ sendFrontChannelSLOMessage(sloDescr.getServiceURL(), sloDescr.getBinding(),
+ sloReq, httpReq, httpResp, relayState);
+
+ } else {
+ //send SLO response to SLO request issuer
+ PVPTargetConfiguration pvpReq = sloContainer.getSloRequest();
+ MOARequest samlReq = (MOARequest) pvpReq.getRequest();
+ SingleLogoutService sloService = SingleLogOutBuilder.getResponseSLODescriptor(pvpReq);
+ LogoutResponse message = SingleLogOutBuilder.buildSLOResponseMessage(sloService, pvpReq, sloContainer.getSloFailedOAs());
+ sendFrontChannelSLOMessage(sloService, message, httpReq, httpResp, samlReq.getRelayState());
+
+ }
+ }
+
+ /**
+ * @param serviceURL
+ * @param binding
+ * @param sloReq
+ * @param httpReq
+ * @param httpResp
+ * @param relayState
+ */
+ private void sendFrontChannelSLOMessage(String serviceURL, String bindingType,
+ RequestAbstractType sloReq, HttpServletRequest httpReq,
+ HttpServletResponse httpResp, String relayState) throws MOAIDException {
+ IEncoder binding = null;
+ if (bindingType.equals(
+ SAMLConstants.SAML2_REDIRECT_BINDING_URI)) {
+ binding = new RedirectBinding();
+
+ } else if (bindingType.equals(
+ SAMLConstants.SAML2_POST_BINDING_URI)) {
+ binding = new PostBinding();
+
+ }
+
+ if (binding == null) {
+ throw new BindingNotSupportedException(bindingType);
+ }
+
+ try {
+ binding.encodeRequest(httpReq, httpResp, sloReq,
+ serviceURL, relayState);
+
+ } catch (MessageEncodingException e) {
+ Logger.error("Message Encoding exception", e);
+ throw new MOAIDException("pvp2.01", null, e);
+
+ } catch (SecurityException e) {
+ Logger.error("Security exception", e);
+ throw new MOAIDException("pvp2.01", null, e);
+
+ }
+
+ }
+
+ private void sendFrontChannelSLOMessage(SingleLogoutService consumerService,
+ LogoutResponse sloResp, HttpServletRequest req, HttpServletResponse resp,
+ String relayState) throws MOAIDException {
+ IEncoder binding = null;
+ if (consumerService.getBinding().equals(
+ SAMLConstants.SAML2_REDIRECT_BINDING_URI)) {
+ binding = new RedirectBinding();
+
+ } else if (consumerService.getBinding().equals(
+ SAMLConstants.SAML2_POST_BINDING_URI)) {
+ binding = new PostBinding();
+
+ }
+
+ if (binding == null) {
+ throw new BindingNotSupportedException(consumerService.getBinding());
+ }
+
+ try {
+ binding.encodeRespone(req, resp, sloResp,
+ consumerService.getLocation(), relayState);
+
+ } catch (MessageEncodingException e) {
+ Logger.error("Message Encoding exception", e);
+ throw new MOAIDException("pvp2.01", null, e);
+
+ } catch (SecurityException e) {
+ Logger.error("Security exception", e);
+ throw new MOAIDException("pvp2.01", null, e);
+
+ }
+
+ }
+}
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/binding/ArtifactBinding.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/binding/ArtifactBinding.java
index 43a17af23..8691667f0 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/binding/ArtifactBinding.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/binding/ArtifactBinding.java
@@ -43,13 +43,14 @@ import org.opensaml.xml.security.credential.Credential;
import org.opensaml.xml.signature.Signature;
import at.gv.egovernment.moa.id.protocols.pvp2x.PVPAssertionStorage;
+import at.gv.egovernment.moa.id.protocols.pvp2x.messages.InboundMessageInterface;
import at.gv.egovernment.moa.id.protocols.pvp2x.signer.CredentialProvider;
import at.gv.egovernment.moa.id.protocols.pvp2x.signer.CredentialsNotAvailableException;
public class ArtifactBinding implements IDecoder, IEncoder {
public void encodeRequest(HttpServletRequest req, HttpServletResponse resp,
- RequestAbstractType request, String targetLocation)
+ RequestAbstractType request, String targetLocation, String relayState)
throws MessageEncodingException, SecurityException {
}
@@ -100,23 +101,21 @@ public class ArtifactBinding implements IDecoder, IEncoder {
}
}
- public MOARequest decodeRequest(HttpServletRequest req,
+ public InboundMessageInterface decode(HttpServletRequest req,
HttpServletResponse resp) throws MessageDecodingException,
SecurityException {
return null;
}
- public MOAResponse decodeRespone(HttpServletRequest req,
- HttpServletResponse resp) throws MessageDecodingException,
- SecurityException {
-
- return null;
- }
public boolean handleDecode(String action, HttpServletRequest req) {
return false;
}
+
+ public String getSAML2BindingName() {
+ return SAMLConstants.SAML2_ARTIFACT_BINDING_URI;
+ }
}
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/binding/IDecoder.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/binding/IDecoder.java
index b64b28de8..fb17c02b8 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/binding/IDecoder.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/binding/IDecoder.java
@@ -29,15 +29,14 @@ import org.opensaml.ws.message.decoder.MessageDecodingException;
import org.opensaml.xml.security.SecurityException;
import at.gv.egovernment.moa.id.protocols.pvp2x.exceptions.PVP2Exception;
+import at.gv.egovernment.moa.id.protocols.pvp2x.messages.InboundMessageInterface;
public interface IDecoder {
- public MOARequest decodeRequest(HttpServletRequest req,
+ public InboundMessageInterface decode(HttpServletRequest req,
HttpServletResponse resp)
throws MessageDecodingException, SecurityException, PVP2Exception;
-
- public MOAResponse decodeRespone(HttpServletRequest req,
- HttpServletResponse resp)
- throws MessageDecodingException, SecurityException, PVP2Exception;
-
+
public boolean handleDecode(String action, HttpServletRequest req);
+
+ public String getSAML2BindingName();
}
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/binding/IEncoder.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/binding/IEncoder.java
index f7dfd055c..de5548a44 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/binding/IEncoder.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/binding/IEncoder.java
@@ -34,7 +34,7 @@ import at.gv.egovernment.moa.id.protocols.pvp2x.exceptions.PVP2Exception;
public interface IEncoder {
public void encodeRequest(HttpServletRequest req,
- HttpServletResponse resp, RequestAbstractType request, String targetLocation)
+ HttpServletResponse resp, RequestAbstractType request, String targetLocation, String relayState)
throws MessageEncodingException, SecurityException, PVP2Exception;
/**
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/binding/MOAURICompare.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/binding/MOAURICompare.java
index 1d6b227d6..6080f8a33 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/binding/MOAURICompare.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/binding/MOAURICompare.java
@@ -26,9 +26,22 @@ import org.opensaml.common.binding.decoding.URIComparator;
public class MOAURICompare implements URIComparator {
- public boolean compare(String uri1, String uri2) {
- // TODO: implement proper equalizer for rewritten URLS
- return true;
+ /**
+ * @param idpssoPostService
+ */
+
+ private String serviceURL = "";
+
+ public MOAURICompare(String serviceURL) {
+ this.serviceURL = serviceURL;
+ }
+
+ public boolean compare(String uri1, String uri2) {
+ if (this.serviceURL.equals(uri1))
+ return true;
+
+ else
+ return false;
}
}
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/binding/PostBinding.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/binding/PostBinding.java
index 11e280d8f..a2fe5c01b 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/binding/PostBinding.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/binding/PostBinding.java
@@ -34,7 +34,9 @@ import org.opensaml.saml2.binding.encoding.HTTPPostEncoder;
import org.opensaml.saml2.core.RequestAbstractType;
import org.opensaml.saml2.core.Response;
import org.opensaml.saml2.core.StatusResponseType;
+import org.opensaml.saml2.metadata.IDPSSODescriptor;
import org.opensaml.saml2.metadata.SPSSODescriptor;
+import org.opensaml.saml2.metadata.SingleLogoutService;
import org.opensaml.saml2.metadata.SingleSignOnService;
import org.opensaml.saml2.metadata.impl.SingleSignOnServiceBuilder;
import org.opensaml.ws.message.decoder.MessageDecodingException;
@@ -47,6 +49,14 @@ import org.opensaml.xml.security.credential.Credential;
import org.opensaml.xml.security.x509.KeyStoreX509CredentialAdapter;
import org.opensaml.xml.security.x509.X509Credential;
+import at.gv.egovernment.moa.id.config.ConfigurationException;
+import at.gv.egovernment.moa.id.protocols.pvp2x.PVP2XProtocol;
+import at.gv.egovernment.moa.id.protocols.pvp2x.config.PVPConfiguration;
+import at.gv.egovernment.moa.id.protocols.pvp2x.exceptions.PVP2Exception;
+import at.gv.egovernment.moa.id.protocols.pvp2x.messages.InboundMessage;
+import at.gv.egovernment.moa.id.protocols.pvp2x.messages.InboundMessageInterface;
+import at.gv.egovernment.moa.id.protocols.pvp2x.messages.MOARequest;
+import at.gv.egovernment.moa.id.protocols.pvp2x.messages.MOAResponse;
import at.gv.egovernment.moa.id.protocols.pvp2x.metadata.MOAMetadataProvider;
import at.gv.egovernment.moa.id.protocols.pvp2x.signer.CredentialProvider;
import at.gv.egovernment.moa.id.protocols.pvp2x.signer.CredentialsNotAvailableException;
@@ -56,10 +66,38 @@ import at.gv.egovernment.moa.logging.Logger;
public class PostBinding implements IDecoder, IEncoder {
public void encodeRequest(HttpServletRequest req, HttpServletResponse resp,
- RequestAbstractType request, String targetLocation)
+ RequestAbstractType request, String targetLocation, String relayState)
throws MessageEncodingException, SecurityException {
- // TODO Auto-generated method stub
+
+ try {
+ X509Credential credentials = CredentialProvider
+ .getIDPAssertionSigningCredential();
+
+ VelocityEngine engine = VelocityProvider.getClassPathVelocityEngine();
+ HTTPPostEncoder encoder = new HTTPPostEncoder(engine,
+ "resources/templates/pvp_postbinding_template.html");
+ HttpServletResponseAdapter responseAdapter = new HttpServletResponseAdapter(
+ resp, true);
+ BasicSAMLMessageContext<SAMLObject, SAMLObject, SAMLObject> context = new BasicSAMLMessageContext<SAMLObject, SAMLObject, SAMLObject>();
+ SingleSignOnService service = new SingleSignOnServiceBuilder().buildObject();
+ service.setBinding("urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST");
+ service.setLocation(targetLocation);;
+
+ context.setOutboundSAMLMessageSigningCredential(credentials);
+ context.setPeerEntityEndpoint(service);
+ context.setOutboundSAMLMessage(request);
+ context.setOutboundMessageTransport(responseAdapter);
+ context.setRelayState(relayState);
+ encoder.encode(context);
+
+ } catch (CredentialsNotAvailableException e) {
+ e.printStackTrace();
+ throw new SecurityException(e);
+ } catch (Exception e) {
+ e.printStackTrace();
+ throw new SecurityException(e);
+ }
}
public void encodeRespone(HttpServletRequest req, HttpServletResponse resp,
@@ -100,63 +138,63 @@ public class PostBinding implements IDecoder, IEncoder {
}
}
- public MOARequest decodeRequest(HttpServletRequest req,
+ public InboundMessageInterface decode(HttpServletRequest req,
HttpServletResponse resp) throws MessageDecodingException,
SecurityException {
HTTPPostDecoder decode = new HTTPPostDecoder(new BasicParserPool());
- BasicSAMLMessageContext<RequestAbstractType, ?, ?> messageContext = new BasicSAMLMessageContext<RequestAbstractType, SAMLObject, SAMLObject>();
+ BasicSAMLMessageContext<SAMLObject, ?, ?> messageContext = new BasicSAMLMessageContext<SAMLObject, SAMLObject, SAMLObject>();
messageContext
.setInboundMessageTransport(new HttpServletRequestAdapter(req));
- decode.setURIComparator(new MOAURICompare());
- messageContext.setPeerEntityRole(SPSSODescriptor.DEFAULT_ELEMENT_NAME);
-
+ try {
+ decode.setURIComparator(new MOAURICompare(PVPConfiguration.getInstance().getIDPSSOPostService()));
+
+ } catch (ConfigurationException e) {
+ throw new SecurityException(e);
+ }
+
+ decode.decode(messageContext);
+
messageContext.setMetadataProvider(MOAMetadataProvider.getInstance());
-
- decode.decode(messageContext);
-
- RequestAbstractType inboundMessage = (RequestAbstractType) messageContext
- .getInboundMessage();
-
+ InboundMessage msg = null;
+
+ if (messageContext.getInboundMessage() instanceof RequestAbstractType) {
+ messageContext.setPeerEntityRole(SPSSODescriptor.DEFAULT_ELEMENT_NAME);
+
+ RequestAbstractType inboundMessage = (RequestAbstractType) messageContext
+ .getInboundMessage();
+ msg = new MOARequest(inboundMessage, getSAML2BindingName());
+
+ } else if (messageContext.getInboundMessage() instanceof Response){
+ messageContext.setPeerEntityRole(IDPSSODescriptor.DEFAULT_ELEMENT_NAME);
+
+ Response inboundMessage = (Response) messageContext.getInboundMessage();
+ msg = new MOAResponse(inboundMessage);
+
+ } else
+ //create empty container if request type is unknown
+ msg = new InboundMessage();
- MOARequest request = new MOARequest(inboundMessage);
- request.setVerified(false);
+ msg.setVerified(false);
+ decode.decode(messageContext);
if (messageContext.getPeerEntityMetadata() != null)
- request.setEntityID(messageContext.getPeerEntityMetadata().getEntityID());
+ msg.setEntityID(messageContext.getPeerEntityMetadata().getEntityID());
else
- Logger.info("No Metadata found for OA with EntityID " + inboundMessage.getIssuer().getValue());
+ Logger.info("No Metadata found for OA with EntityID " + messageContext.getInboundMessageIssuer());
- request.setRelayState(messageContext.getRelayState());
- return request;
-
- }
-
- public MOAResponse decodeRespone(HttpServletRequest req,
- HttpServletResponse resp) throws MessageDecodingException,
- SecurityException {
-
- HTTPPostDecoder decode = new HTTPPostDecoder(new BasicParserPool());
- BasicSAMLMessageContext<Response, ?, ?> messageContext = new BasicSAMLMessageContext<Response, SAMLObject, SAMLObject>();
- messageContext
- .setInboundMessageTransport(new HttpServletRequestAdapter(req));
-
- messageContext.setPeerEntityRole(SPSSODescriptor.DEFAULT_ELEMENT_NAME);
-
- decode.decode(messageContext);
-
- Response inboundMessage = (Response) messageContext.getInboundMessage();
-
- MOAResponse moaResponse = new MOAResponse(inboundMessage);
- moaResponse.setVerified(false);
- moaResponse.setEntityMetadata(messageContext.getPeerEntityMetadata());
- return moaResponse;
-
+ msg.setRelayState(messageContext.getRelayState());
+
+ return msg;
}
public boolean handleDecode(String action, HttpServletRequest req) {
- return (req.getMethod().equals("POST"));
+ return (req.getMethod().equals("POST") && action.equals(PVP2XProtocol.POST));
+ }
+
+ public String getSAML2BindingName() {
+ return SAMLConstants.SAML2_POST_BINDING_URI;
}
}
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/binding/RedirectBinding.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/binding/RedirectBinding.java
index dc6a1f637..8fba6cde0 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/binding/RedirectBinding.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/binding/RedirectBinding.java
@@ -35,6 +35,7 @@ import org.opensaml.saml2.binding.security.SAML2HTTPRedirectDeflateSignatureRule
import org.opensaml.saml2.core.RequestAbstractType;
import org.opensaml.saml2.core.Response;
import org.opensaml.saml2.core.StatusResponseType;
+import org.opensaml.saml2.metadata.IDPSSODescriptor;
import org.opensaml.saml2.metadata.SPSSODescriptor;
import org.opensaml.saml2.metadata.SingleSignOnService;
import org.opensaml.saml2.metadata.impl.SingleSignOnServiceBuilder;
@@ -50,7 +51,13 @@ import org.opensaml.xml.security.SecurityException;
import org.opensaml.xml.security.credential.Credential;
import org.opensaml.xml.security.x509.X509Credential;
+import at.gv.egovernment.moa.id.config.ConfigurationException;
import at.gv.egovernment.moa.id.protocols.pvp2x.PVP2XProtocol;
+import at.gv.egovernment.moa.id.protocols.pvp2x.config.PVPConfiguration;
+import at.gv.egovernment.moa.id.protocols.pvp2x.messages.InboundMessage;
+import at.gv.egovernment.moa.id.protocols.pvp2x.messages.InboundMessageInterface;
+import at.gv.egovernment.moa.id.protocols.pvp2x.messages.MOARequest;
+import at.gv.egovernment.moa.id.protocols.pvp2x.messages.MOAResponse;
import at.gv.egovernment.moa.id.protocols.pvp2x.metadata.MOAMetadataProvider;
import at.gv.egovernment.moa.id.protocols.pvp2x.signer.CredentialProvider;
import at.gv.egovernment.moa.id.protocols.pvp2x.signer.CredentialsNotAvailableException;
@@ -61,9 +68,34 @@ import at.gv.egovernment.moa.util.DOMUtils;
public class RedirectBinding implements IDecoder, IEncoder {
public void encodeRequest(HttpServletRequest req, HttpServletResponse resp,
- RequestAbstractType request, String targetLocation)
+ RequestAbstractType request, String targetLocation, String relayState)
throws MessageEncodingException, SecurityException {
- // TODO: implement
+
+ try {
+ X509Credential credentials = CredentialProvider
+ .getIDPAssertionSigningCredential();
+
+ Logger.debug("create SAML RedirectBinding response");
+
+ HTTPRedirectDeflateEncoder encoder = new HTTPRedirectDeflateEncoder();
+ HttpServletResponseAdapter responseAdapter = new HttpServletResponseAdapter(
+ resp, true);
+ BasicSAMLMessageContext<SAMLObject, SAMLObject, SAMLObject> context = new BasicSAMLMessageContext<SAMLObject, SAMLObject, SAMLObject>();
+ SingleSignOnService service = new SingleSignOnServiceBuilder()
+ .buildObject();
+ service.setBinding(SAMLConstants.SAML2_REDIRECT_BINDING_URI);
+ service.setLocation(targetLocation);
+ context.setOutboundSAMLMessageSigningCredential(credentials);
+ context.setPeerEntityEndpoint(service);
+ context.setOutboundSAMLMessage(request);
+ context.setOutboundMessageTransport(responseAdapter);
+ context.setRelayState(relayState);
+
+ encoder.encode(context);
+ } catch (CredentialsNotAvailableException e) {
+ e.printStackTrace();
+ throw new SecurityException(e);
+ }
}
public void encodeRespone(HttpServletRequest req, HttpServletResponse resp,
@@ -85,10 +117,10 @@ public class RedirectBinding implements IDecoder, IEncoder {
service.setLocation(targetLocation);
context.setOutboundSAMLMessageSigningCredential(credentials);
context.setPeerEntityEndpoint(service);
- // context.setOutboundMessage(authReq);
context.setOutboundSAMLMessage(response);
context.setOutboundMessageTransport(responseAdapter);
-
+ context.setRelayState(relayState);
+
encoder.encode(context);
} catch (CredentialsNotAvailableException e) {
e.printStackTrace();
@@ -96,84 +128,80 @@ public class RedirectBinding implements IDecoder, IEncoder {
}
}
- public MOARequest decodeRequest(HttpServletRequest req,
+ public InboundMessageInterface decode(HttpServletRequest req,
HttpServletResponse resp) throws MessageDecodingException,
SecurityException {
HTTPRedirectDeflateDecoder decode = new HTTPRedirectDeflateDecoder(
new BasicParserPool());
- decode.setURIComparator(new MOAURICompare());
- BasicSAMLMessageContext<RequestAbstractType, ?, ?> messageContext = new BasicSAMLMessageContext<RequestAbstractType, SAMLObject, SAMLObject>();
- messageContext
- .setInboundMessageTransport(new HttpServletRequestAdapter(req));
-
- messageContext.setMetadataProvider(MOAMetadataProvider.getInstance());
-
- SAML2HTTPRedirectDeflateSignatureRule signatureRule = new SAML2HTTPRedirectDeflateSignatureRule(
- TrustEngineFactory.getSignatureKnownKeysTrustEngine());
-
- SAML2AuthnRequestsSignedRule signedRole = new SAML2AuthnRequestsSignedRule();
-
- BasicSecurityPolicy policy = new BasicSecurityPolicy();
- policy.getPolicyRules().add(signatureRule);
- policy.getPolicyRules().add(signedRole);
+ try {
+ decode.setURIComparator(new MOAURICompare(PVPConfiguration.getInstance().getIDPSSORedirectService()));
- SecurityPolicyResolver resolver = new StaticSecurityPolicyResolver(
- policy);
- messageContext.setPeerEntityRole(SPSSODescriptor.DEFAULT_ELEMENT_NAME);
- messageContext.setSecurityPolicyResolver(resolver);
+ } catch (ConfigurationException e) {
+ throw new SecurityException(e);
+
+ }
- decode.decode(messageContext);
-
- signatureRule.evaluate(messageContext);
-
- RequestAbstractType inboundMessage = (RequestAbstractType) messageContext
- .getInboundMessage();
- MOARequest request = new MOARequest(inboundMessage);
- request.setVerified(true);
- request.setEntityID(messageContext.getPeerEntityMetadata().getEntityID());
- return request;
- }
-
- public MOAResponse decodeRespone(HttpServletRequest req,
- HttpServletResponse resp) throws MessageDecodingException,
- SecurityException {
-
- HTTPRedirectDeflateDecoder decode = new HTTPRedirectDeflateDecoder(
- new BasicParserPool());
- BasicSAMLMessageContext<Response, ?, ?> messageContext = new BasicSAMLMessageContext<Response, SAMLObject, SAMLObject>();
+ BasicSAMLMessageContext<SAMLObject, ?, ?> messageContext = new BasicSAMLMessageContext<SAMLObject, SAMLObject, SAMLObject>();
messageContext
.setInboundMessageTransport(new HttpServletRequestAdapter(req));
+ decode.decode(messageContext);
+
+ messageContext.setMetadataProvider(MOAMetadataProvider.getInstance());
+
SAML2HTTPRedirectDeflateSignatureRule signatureRule = new SAML2HTTPRedirectDeflateSignatureRule(
TrustEngineFactory.getSignatureKnownKeysTrustEngine());
-
- // signatureRule.evaluate(messageContext);
+ SAML2AuthnRequestsSignedRule signedRole = new SAML2AuthnRequestsSignedRule();
BasicSecurityPolicy policy = new BasicSecurityPolicy();
policy.getPolicyRules().add(signatureRule);
+ policy.getPolicyRules().add(signedRole);
SecurityPolicyResolver resolver = new StaticSecurityPolicyResolver(
- policy);
- messageContext.setPeerEntityRole(SPSSODescriptor.DEFAULT_ELEMENT_NAME);
+ policy);
messageContext.setSecurityPolicyResolver(resolver);
- MOAMetadataProvider provider = null;
-
- provider = MOAMetadataProvider.getInstance();
+
+ InboundMessage msg = null;
+
+ if (messageContext.getInboundMessage() instanceof RequestAbstractType) {
+ messageContext.setPeerEntityRole(SPSSODescriptor.DEFAULT_ELEMENT_NAME);
+
+ RequestAbstractType inboundMessage = (RequestAbstractType) messageContext
+ .getInboundMessage();
+ msg = new MOARequest(inboundMessage, getSAML2BindingName());
+
+
+ } else if (messageContext.getInboundMessage() instanceof Response){
+ messageContext.setPeerEntityRole(IDPSSODescriptor.DEFAULT_ELEMENT_NAME);
+
+ Response inboundMessage = (Response) messageContext.getInboundMessage();
+ msg = new MOAResponse(inboundMessage);
+
+ } else
+ //create empty container if request type is unknown
+ msg = new InboundMessage();
- messageContext.setMetadataProvider(provider);
+ signatureRule.evaluate(messageContext);
+ msg.setVerified(true);
decode.decode(messageContext);
-
- Response inboundMessage = (Response) messageContext.getInboundMessage();
-
- MOAResponse moaResponse = new MOAResponse(inboundMessage);
- moaResponse.setVerified(true);
- moaResponse.setEntityMetadata(messageContext.getPeerEntityMetadata());
- return moaResponse;
+ if (messageContext.getPeerEntityMetadata() != null)
+ msg.setEntityID(messageContext.getPeerEntityMetadata().getEntityID());
+
+ else
+ Logger.info("No Metadata found for OA with EntityID " + messageContext.getInboundMessageIssuer());
+
+ msg.setRelayState(messageContext.getRelayState());
+
+ return msg;
}
public boolean handleDecode(String action, HttpServletRequest req) {
return (action.equals(PVP2XProtocol.REDIRECT) && req.getMethod()
.equals("GET"));
}
+
+ public String getSAML2BindingName() {
+ return SAMLConstants.SAML2_REDIRECT_BINDING_URI;
+ }
}
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/binding/SoapBinding.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/binding/SoapBinding.java
index 1d41654eb..75332cfea 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/binding/SoapBinding.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/binding/SoapBinding.java
@@ -22,6 +22,8 @@
*******************************************************************************/
package at.gv.egovernment.moa.id.protocols.pvp2x.binding;
+import java.util.List;
+
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
@@ -33,51 +35,68 @@ import org.opensaml.saml2.core.RequestAbstractType;
import org.opensaml.saml2.core.StatusResponseType;
import org.opensaml.ws.message.decoder.MessageDecodingException;
import org.opensaml.ws.message.encoder.MessageEncodingException;
+import org.opensaml.ws.soap.client.BasicSOAPMessageContext;
+import org.opensaml.ws.soap.soap11.Envelope;
import org.opensaml.ws.soap.soap11.decoder.http.HTTPSOAP11Decoder;
import org.opensaml.ws.transport.http.HttpServletRequestAdapter;
import org.opensaml.ws.transport.http.HttpServletResponseAdapter;
+import org.opensaml.xml.XMLObject;
+import org.opensaml.xml.parse.BasicParserPool;
import org.opensaml.xml.security.SecurityException;
import org.opensaml.xml.security.credential.Credential;
+import org.opensaml.xml.signature.SignableXMLObject;
import at.gv.egovernment.moa.id.protocols.pvp2x.PVP2XProtocol;
+import at.gv.egovernment.moa.id.protocols.pvp2x.exceptions.AttributQueryException;
import at.gv.egovernment.moa.id.protocols.pvp2x.exceptions.BindingNotSupportedException;
import at.gv.egovernment.moa.id.protocols.pvp2x.exceptions.PVP2Exception;
+import at.gv.egovernment.moa.id.protocols.pvp2x.messages.InboundMessageInterface;
+import at.gv.egovernment.moa.id.protocols.pvp2x.messages.MOARequest;
import at.gv.egovernment.moa.id.protocols.pvp2x.signer.CredentialProvider;
import at.gv.egovernment.moa.id.protocols.pvp2x.signer.CredentialsNotAvailableException;
+import at.gv.egovernment.moa.logging.Logger;
public class SoapBinding implements IDecoder, IEncoder {
- public MOARequest decodeRequest(HttpServletRequest req,
+ public InboundMessageInterface decode(HttpServletRequest req,
HttpServletResponse resp) throws MessageDecodingException,
SecurityException, PVP2Exception {
- HTTPSOAP11Decoder soapDecoder = new HTTPSOAP11Decoder();
- BasicSAMLMessageContext<RequestAbstractType, ?, ?> messageContext =
- new BasicSAMLMessageContext<RequestAbstractType, SAMLObject, SAMLObject>();
+ HTTPSOAP11Decoder soapDecoder = new HTTPSOAP11Decoder(new BasicParserPool());
+ BasicSAMLMessageContext<SAMLObject, ?, ?> messageContext =
+ new BasicSAMLMessageContext<SAMLObject, SAMLObject, SAMLObject>();
messageContext
.setInboundMessageTransport(new HttpServletRequestAdapter(
req));
+
soapDecoder.decode(messageContext);
-
- RequestAbstractType inboundMessage = (RequestAbstractType) messageContext
+
+ Envelope inboundMessage = (Envelope) messageContext
.getInboundMessage();
- MOARequest request = new MOARequest(inboundMessage);
+ if (inboundMessage.getBody() != null) {
+ List<XMLObject> xmlElemList = inboundMessage.getBody().getUnknownXMLObjects();
- return request;
- }
-
- public MOAResponse decodeRespone(HttpServletRequest req,
- HttpServletResponse resp) throws MessageDecodingException,
- SecurityException, PVP2Exception {
- throw new BindingNotSupportedException(SAMLConstants.SAML2_SOAP11_BINDING_URI + " response");
+ if (!xmlElemList.isEmpty()) {
+ SignableXMLObject attrReq = (SignableXMLObject) xmlElemList.get(0);
+ MOARequest request = new MOARequest(attrReq, getSAML2BindingName());
+ request.setEntityID(messageContext.getPeerEntityMetadata().getEntityID());
+ request.setVerified(false);
+ return request;
+
+ }
+ }
+
+ Logger.error("Receive empty PVP 2.1 attributequery request.");
+ throw new AttributQueryException("Receive empty PVP 2.1 attributequery request.", null);
}
public boolean handleDecode(String action, HttpServletRequest req) {
- return (action.equals(PVP2XProtocol.SOAP));
+ return (req.getMethod().equals("POST") &&
+ (action.equals(PVP2XProtocol.SOAP) || action.equals(PVP2XProtocol.ATTRIBUTEQUERY)));
}
public void encodeRequest(HttpServletRequest req, HttpServletResponse resp,
- RequestAbstractType request, String targetLocation)
+ RequestAbstractType request, String targetLocation, String relayState)
throws MessageEncodingException, SecurityException, PVP2Exception {
}
@@ -103,5 +122,9 @@ public class SoapBinding implements IDecoder, IEncoder {
throw new SecurityException(e);
}
}
+
+ public String getSAML2BindingName() {
+ return SAMLConstants.SAML2_SOAP11_BINDING_URI;
+ }
}
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/AttributQueryBuilder.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/AttributQueryBuilder.java
new file mode 100644
index 000000000..6296d102f
--- /dev/null
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/AttributQueryBuilder.java
@@ -0,0 +1,185 @@
+/*
+ * Copyright 2014 Federal Chancellery Austria
+ * MOA-ID has been developed in a cooperation between BRZ, the Federal
+ * Chancellery Austria - ICT staff unit, and Graz University of Technology.
+ *
+ * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by
+ * the European Commission - subsequent versions of the EUPL (the "Licence");
+ * You may not use this work except in compliance with the Licence.
+ * You may obtain a copy of the Licence at:
+ * http://www.osor.eu/eupl/
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the Licence is distributed on an "AS IS" basis,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the Licence for the specific language governing permissions and
+ * limitations under the Licence.
+ *
+ * This product combines work with different licenses. See the "NOTICE" text
+ * file for details on the various modules and licenses.
+ * The "NOTICE" text file is part of the distribution. Any derivative works
+ * that you distribute must include a readable copy of the "NOTICE" text file.
+ */
+package at.gv.egovernment.moa.id.protocols.pvp2x.builder;
+
+import java.util.ArrayList;
+import java.util.Iterator;
+import java.util.List;
+import java.util.Set;
+
+import javax.xml.parsers.DocumentBuilder;
+import javax.xml.parsers.DocumentBuilderFactory;
+import javax.xml.parsers.ParserConfigurationException;
+
+import org.joda.time.DateTime;
+import org.opensaml.Configuration;
+import org.opensaml.saml2.core.Attribute;
+import org.opensaml.saml2.core.AttributeQuery;
+import org.opensaml.saml2.core.Issuer;
+import org.opensaml.saml2.core.NameID;
+import org.opensaml.saml2.core.Subject;
+import org.opensaml.saml2.core.impl.AttributeQueryBuilder;
+import org.opensaml.xml.io.Marshaller;
+import org.opensaml.xml.io.MarshallingException;
+import org.opensaml.xml.security.x509.X509Credential;
+import org.opensaml.xml.signature.Signature;
+import org.opensaml.xml.signature.SignatureConstants;
+import org.opensaml.xml.signature.SignatureException;
+import org.opensaml.xml.signature.Signer;
+import org.w3c.dom.Document;
+
+import at.gv.egovernment.moa.id.config.ConfigurationException;
+import at.gv.egovernment.moa.id.config.auth.OAAuthParameter;
+import at.gv.egovernment.moa.id.protocols.pvp2x.PVPConstants;
+import at.gv.egovernment.moa.id.protocols.pvp2x.builder.attributes.SamlAttributeGenerator;
+import at.gv.egovernment.moa.id.protocols.pvp2x.config.PVPConfiguration;
+import at.gv.egovernment.moa.id.protocols.pvp2x.exceptions.AttributQueryException;
+import at.gv.egovernment.moa.id.protocols.pvp2x.signer.CredentialProvider;
+import at.gv.egovernment.moa.id.protocols.pvp2x.signer.CredentialsNotAvailableException;
+import at.gv.egovernment.moa.id.protocols.pvp2x.utils.SAML2Utils;
+import at.gv.egovernment.moa.logging.Logger;
+import at.gv.egovernment.moa.util.Constants;
+
+/**
+ * @author tlenz
+ *
+ */
+public class AttributQueryBuilder {
+
+ public static List<Attribute> buildSAML2AttributeList(OAAuthParameter oa, Iterator<String> iterator) {
+
+ Logger.debug("Build OA specific Attributes for AttributQuery request");
+
+ List<Attribute> attrList = new ArrayList<Attribute>();
+
+ SamlAttributeGenerator generator = new SamlAttributeGenerator();
+
+ while(iterator.hasNext()) {
+ String rA = iterator.next();
+ Attribute attr = PVPAttributeBuilder.buildEmptyAttribute(rA);
+ if (attr == null) {
+ Logger.warn("Attribut " + rA + " has no valid Name");
+
+ } else {
+ //add OA specific information
+ if (rA.equals(PVPConstants.EID_SECTOR_FOR_IDENTIFIER_NAME)) {
+ if (oa.getBusinessService())
+ attr = generator.buildStringAttribute(attr.getFriendlyName(),
+ attr.getName(), oa.getIdentityLinkDomainIdentifier());
+ else
+ attr = generator.buildStringAttribute(attr.getFriendlyName(),
+ attr.getName(), Constants.URN_PREFIX_CDID + "+" + oa.getTarget());
+ }
+
+ //TODO: add attribute values for SSO with mandates (ProfileList)
+
+
+ attrList.add(attr);
+ }
+ }
+
+ return attrList;
+ }
+
+
+ public static AttributeQuery buildAttributQueryRequest(String nameID,
+ String endpoint, List<Attribute> requestedAttributes) throws AttributQueryException {
+
+
+ try {
+
+ AttributeQuery query = new AttributeQueryBuilder().buildObject();
+
+ //set user nameID
+ Subject subject = SAML2Utils.createSAMLObject(Subject.class);
+ NameID subjectNameID = SAML2Utils.createSAMLObject(NameID.class);
+ subjectNameID.setValue(nameID);
+ subjectNameID.setFormat(NameID.TRANSIENT);
+ subject.setNameID(subjectNameID);
+ query.setSubject(subject);
+
+ //set attributes
+ query.getAttributes().addAll(requestedAttributes);
+
+ //set general request parameters
+ DateTime now = new DateTime();
+ query.setIssueInstant(now);
+
+ Issuer nissuer = SAML2Utils.createSAMLObject(Issuer.class);
+ nissuer.setValue(PVPConfiguration.getInstance().getIDPPublicPath());
+ nissuer.setFormat(NameID.ENTITY);
+ query.setIssuer(nissuer);
+
+ String sessionID = SAML2Utils.getSecureIdentifier();
+ query.setID(sessionID);
+
+ query.setDestination(endpoint);
+
+ X509Credential idpSigningCredential = CredentialProvider.getIDPAssertionSigningCredential();
+
+ Signature signer = SAML2Utils.createSAMLObject(Signature.class);
+ signer.setSignatureAlgorithm(SignatureConstants.ALGO_ID_SIGNATURE_RSA_SHA1);
+ signer.setCanonicalizationAlgorithm(SignatureConstants.ALGO_ID_C14N_EXCL_OMIT_COMMENTS);
+ signer.setSigningCredential(idpSigningCredential);
+ query.setSignature(signer);
+
+ DocumentBuilder builder;
+ DocumentBuilderFactory factory = DocumentBuilderFactory
+ .newInstance();
+
+ builder = factory.newDocumentBuilder();
+ Document document = builder.newDocument();
+ Marshaller out = Configuration.getMarshallerFactory()
+ .getMarshaller(query);
+ out.marshall(query, document);
+
+ Signer.signObject(signer);
+
+ return query;
+
+ } catch (ConfigurationException e) {
+ Logger.error("Build AttributQuery Request FAILED.", e);
+ throw new AttributQueryException("Build AttributQuery Request FAILED.", null, e);
+
+ } catch (CredentialsNotAvailableException e) {
+ Logger.error("Build AttributQuery Request FAILED.", e);
+ throw new AttributQueryException("Build AttributQuery Request FAILED.", null, e);
+
+ } catch (ParserConfigurationException e) {
+ Logger.error("Build AttributQuery Request FAILED.", e);
+ throw new AttributQueryException("Build AttributQuery Request FAILED.", null, e);
+
+ } catch (MarshallingException e) {
+ Logger.error("Build AttributQuery Request FAILED.", e);
+ throw new AttributQueryException("Build AttributQuery Request FAILED.", null, e);
+
+ } catch (SignatureException e) {
+ Logger.error("Build AttributQuery Request FAILED.", e);
+ throw new AttributQueryException("Build AttributQuery Request FAILED.", null, e);
+
+ }
+
+
+ }
+
+}
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/AuthResponseBuilder.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/AuthResponseBuilder.java
new file mode 100644
index 000000000..4ef09184d
--- /dev/null
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/AuthResponseBuilder.java
@@ -0,0 +1,152 @@
+/*
+ * Copyright 2014 Federal Chancellery Austria
+ * MOA-ID has been developed in a cooperation between BRZ, the Federal
+ * Chancellery Austria - ICT staff unit, and Graz University of Technology.
+ *
+ * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by
+ * the European Commission - subsequent versions of the EUPL (the "Licence");
+ * You may not use this work except in compliance with the Licence.
+ * You may obtain a copy of the Licence at:
+ * http://www.osor.eu/eupl/
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the Licence is distributed on an "AS IS" basis,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the Licence for the specific language governing permissions and
+ * limitations under the Licence.
+ *
+ * This product combines work with different licenses. See the "NOTICE" text
+ * file for details on the various modules and licenses.
+ * The "NOTICE" text file is part of the distribution. Any derivative works
+ * that you distribute must include a readable copy of the "NOTICE" text file.
+ */
+package at.gv.egovernment.moa.id.protocols.pvp2x.builder;
+
+import java.util.ArrayList;
+import java.util.Date;
+import java.util.List;
+
+import org.joda.time.DateTime;
+import org.opensaml.Configuration;
+import org.opensaml.common.xml.SAMLConstants;
+import org.opensaml.saml2.core.Assertion;
+import org.opensaml.saml2.core.EncryptedAssertion;
+import org.opensaml.saml2.core.Issuer;
+import org.opensaml.saml2.core.NameID;
+import org.opensaml.saml2.core.RequestAbstractType;
+import org.opensaml.saml2.core.Response;
+import org.opensaml.saml2.encryption.Encrypter;
+import org.opensaml.saml2.encryption.Encrypter.KeyPlacement;
+import org.opensaml.saml2.metadata.SPSSODescriptor;
+import org.opensaml.security.MetadataCredentialResolver;
+import org.opensaml.security.MetadataCriteria;
+import org.opensaml.xml.encryption.EncryptionException;
+import org.opensaml.xml.encryption.EncryptionParameters;
+import org.opensaml.xml.encryption.KeyEncryptionParameters;
+import org.opensaml.xml.security.CriteriaSet;
+import org.opensaml.xml.security.SecurityException;
+import org.opensaml.xml.security.credential.UsageType;
+import org.opensaml.xml.security.criteria.EntityIDCriteria;
+import org.opensaml.xml.security.criteria.UsageCriteria;
+import org.opensaml.xml.security.keyinfo.KeyInfoGeneratorFactory;
+import org.opensaml.xml.security.x509.X509Credential;
+
+import at.gv.egovernment.moa.id.config.ConfigurationException;
+import at.gv.egovernment.moa.id.config.auth.AuthConfigurationProvider;
+import at.gv.egovernment.moa.id.protocols.pvp2x.PVPConstants;
+import at.gv.egovernment.moa.id.protocols.pvp2x.config.PVPConfiguration;
+import at.gv.egovernment.moa.id.protocols.pvp2x.exceptions.InvalidAssertionEncryptionException;
+import at.gv.egovernment.moa.id.protocols.pvp2x.metadata.MOAMetadataProvider;
+import at.gv.egovernment.moa.id.protocols.pvp2x.utils.SAML2Utils;
+import at.gv.egovernment.moa.logging.Logger;
+
+/**
+ * @author tlenz
+ *
+ */
+public class AuthResponseBuilder {
+
+ public static Response buildResponse(RequestAbstractType req, DateTime date, Assertion assertion) throws InvalidAssertionEncryptionException, ConfigurationException {
+ Response authResponse = SAML2Utils.createSAMLObject(Response.class);
+
+ Issuer nissuer = SAML2Utils.createSAMLObject(Issuer.class);
+
+ //change to entity value from entity name to IDP EntityID (URL)
+ nissuer.setValue(PVPConfiguration.getInstance().getIDPPublicPath());
+ nissuer.setFormat(NameID.ENTITY);
+ authResponse.setIssuer(nissuer);
+ authResponse.setInResponseTo(req.getID());
+
+ //set responseID
+ String remoteSessionID = SAML2Utils.getSecureIdentifier();
+ authResponse.setID(remoteSessionID);
+
+
+ //SAML2 response required IssueInstant
+ authResponse.setIssueInstant(date);
+
+ authResponse.setStatus(SAML2Utils.getSuccessStatus());
+
+ //check, if metadata includes an encryption key
+ MetadataCredentialResolver mdCredResolver =
+ new MetadataCredentialResolver(MOAMetadataProvider.getInstance());
+
+ CriteriaSet criteriaSet = new CriteriaSet();
+ criteriaSet.add( new EntityIDCriteria(req.getIssuer().getValue()) );
+ criteriaSet.add( new MetadataCriteria(SPSSODescriptor.DEFAULT_ELEMENT_NAME, SAMLConstants.SAML20P_NS) );
+ criteriaSet.add( new UsageCriteria(UsageType.ENCRYPTION) );
+
+ X509Credential encryptionCredentials = null;
+ try {
+ encryptionCredentials = (X509Credential) mdCredResolver.resolveSingle(criteriaSet);
+
+ } catch (SecurityException e2) {
+ Logger.warn("Can not extract the Assertion Encryption-Key from metadata", e2);
+ throw new InvalidAssertionEncryptionException();
+
+ }
+
+ boolean isEncryptionActive = AuthConfigurationProvider.getInstance().isPVP2AssertionEncryptionActive();
+ if (encryptionCredentials != null && isEncryptionActive) {
+ //encrypt SAML2 assertion
+
+ try {
+
+ EncryptionParameters dataEncParams = new EncryptionParameters();
+ dataEncParams.setAlgorithm(PVPConstants.DEFAULT_SYM_ENCRYPTION_METHODE);
+
+ List<KeyEncryptionParameters> keyEncParamList = new ArrayList<KeyEncryptionParameters>();
+ KeyEncryptionParameters keyEncParam = new KeyEncryptionParameters();
+
+ keyEncParam.setEncryptionCredential(encryptionCredentials);
+ keyEncParam.setAlgorithm(PVPConstants.DEFAULT_ASYM_ENCRYPTION_METHODE);
+ KeyInfoGeneratorFactory kigf = Configuration.getGlobalSecurityConfiguration()
+ .getKeyInfoGeneratorManager().getDefaultManager()
+ .getFactory(encryptionCredentials);
+ keyEncParam.setKeyInfoGenerator(kigf.newInstance());
+ keyEncParamList.add(keyEncParam);
+
+ Encrypter samlEncrypter = new Encrypter(dataEncParams, keyEncParamList);
+ //samlEncrypter.setKeyPlacement(KeyPlacement.INLINE);
+ samlEncrypter.setKeyPlacement(KeyPlacement.PEER);
+
+ EncryptedAssertion encryptAssertion = null;
+
+ encryptAssertion = samlEncrypter.encrypt(assertion);
+
+ authResponse.getEncryptedAssertions().add(encryptAssertion);
+
+ } catch (EncryptionException e1) {
+ Logger.warn("Can not encrypt the PVP2 assertion", e1);
+ throw new InvalidAssertionEncryptionException();
+
+ }
+
+ } else {
+ authResponse.getAssertions().add(assertion);
+
+ }
+
+ return authResponse;
+ }
+}
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/PVPAttributeBuilder.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/PVPAttributeBuilder.java
index 39e35120c..8b6e71e6b 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/PVPAttributeBuilder.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/PVPAttributeBuilder.java
@@ -29,9 +29,8 @@ import java.util.List;
import org.opensaml.saml2.core.Attribute;
-import at.gv.egovernment.moa.id.auth.data.AuthenticationSession;
import at.gv.egovernment.moa.id.config.auth.OAAuthParameter;
-import at.gv.egovernment.moa.id.data.AuthenticationData;
+import at.gv.egovernment.moa.id.data.IAuthData;
import at.gv.egovernment.moa.id.protocols.pvp2x.builder.attributes.BPKAttributeBuilder;
import at.gv.egovernment.moa.id.protocols.pvp2x.builder.attributes.BirthdateAttributeBuilder;
import at.gv.egovernment.moa.id.protocols.pvp2x.builder.attributes.EIDAuthBlock;
@@ -150,11 +149,11 @@ public class PVPAttributeBuilder {
addBuilder(new STORKTitleAttributBuilder());
}
- public static Attribute buildAttribute(String name, AuthenticationSession authSession, OAAuthParameter oaParam,
- AuthenticationData authData) throws PVP2Exception {
+ public static Attribute buildAttribute(String name, OAAuthParameter oaParam,
+ IAuthData authData) throws PVP2Exception {
if (builders.containsKey(name)) {
try {
- return builders.get(name).build(authSession, oaParam, authData, generator);
+ return builders.get(name).build(oaParam, authData, generator);
}
catch (AttributeException e) {
if (e instanceof UnavailableAttributeException) {
@@ -171,6 +170,22 @@ public class PVPAttributeBuilder {
return null;
}
+ public static Attribute buildEmptyAttribute(String name) {
+ if (builders.containsKey(name)) {
+ return builders.get(name).buildEmpty(generator);
+ }
+ return null;
+ }
+
+ public static Attribute buildAttribute(String name, String value) {
+ if (builders.containsKey(name)) {
+ return builders.get(name).buildEmpty(generator);
+ }
+ return null;
+ }
+
+
+
public static List<Attribute> buildSupportedEmptyAttributes() {
List<Attribute> attributes = new ArrayList<Attribute>();
Iterator<IAttributeBuilder> builderIt = builders.values().iterator();
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/SingleLogOutBuilder.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/SingleLogOutBuilder.java
new file mode 100644
index 000000000..04d374e93
--- /dev/null
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/SingleLogOutBuilder.java
@@ -0,0 +1,186 @@
+/*
+ * Copyright 2014 Federal Chancellery Austria
+ * MOA-ID has been developed in a cooperation between BRZ, the Federal
+ * Chancellery Austria - ICT staff unit, and Graz University of Technology.
+ *
+ * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by
+ * the European Commission - subsequent versions of the EUPL (the "Licence");
+ * You may not use this work except in compliance with the Licence.
+ * You may obtain a copy of the Licence at:
+ * http://www.osor.eu/eupl/
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the Licence is distributed on an "AS IS" basis,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the Licence for the specific language governing permissions and
+ * limitations under the Licence.
+ *
+ * This product combines work with different licenses. See the "NOTICE" text
+ * file for details on the various modules and licenses.
+ * The "NOTICE" text file is part of the distribution. Any derivative works
+ * that you distribute must include a readable copy of the "NOTICE" text file.
+ */
+package at.gv.egovernment.moa.id.protocols.pvp2x.builder;
+
+import java.util.List;
+
+import org.joda.time.DateTime;
+import org.opensaml.common.xml.SAMLConstants;
+import org.opensaml.saml2.core.Issuer;
+import org.opensaml.saml2.core.LogoutRequest;
+import org.opensaml.saml2.core.LogoutResponse;
+import org.opensaml.saml2.core.NameID;
+import org.opensaml.saml2.core.Status;
+import org.opensaml.saml2.core.StatusCode;
+import org.opensaml.saml2.core.StatusMessage;
+import org.opensaml.saml2.metadata.EntityDescriptor;
+import org.opensaml.saml2.metadata.SPSSODescriptor;
+import org.opensaml.saml2.metadata.SingleLogoutService;
+import org.opensaml.saml2.metadata.provider.MetadataProviderException;
+
+import at.gv.egovernment.moa.id.config.ConfigurationException;
+import at.gv.egovernment.moa.id.data.SLOInformationImpl;
+import at.gv.egovernment.moa.id.protocols.pvp2x.PVPTargetConfiguration;
+import at.gv.egovernment.moa.id.protocols.pvp2x.config.PVPConfiguration;
+import at.gv.egovernment.moa.id.protocols.pvp2x.exceptions.NOSLOServiceDescriptorException;
+import at.gv.egovernment.moa.id.protocols.pvp2x.exceptions.NoMetadataInformationException;
+import at.gv.egovernment.moa.id.protocols.pvp2x.messages.MOARequest;
+import at.gv.egovernment.moa.id.protocols.pvp2x.metadata.MOAMetadataProvider;
+import at.gv.egovernment.moa.id.protocols.pvp2x.utils.SAML2Utils;
+import at.gv.egovernment.moa.id.util.MOAIDMessageProvider;
+import at.gv.egovernment.moa.logging.Logger;
+
+/**
+ * @author tlenz
+ *
+ */
+public class SingleLogOutBuilder {
+
+ public static LogoutRequest buildSLORequestMessage(SLOInformationImpl sloInfo) throws ConfigurationException {
+ LogoutRequest sloReq = SAML2Utils.createSAMLObject(LogoutRequest.class);
+
+ Issuer issuer = SAML2Utils.createSAMLObject(Issuer.class);
+ issuer.setValue(PVPConfiguration.getInstance().getIDPPublicPath());
+ issuer.setFormat(NameID.ENTITY);
+ sloReq.setIssuer(issuer);
+ sloReq.setIssueInstant(new DateTime());
+
+ sloReq.setDestination(sloInfo.getServiceURL());
+
+ NameID nameID = SAML2Utils.createSAMLObject(NameID.class);
+ nameID.setFormat(sloInfo.getUserNameIDFormat());
+ nameID.setValue(sloInfo.getUserNameIdentifier());
+ sloReq.setNameID(nameID );
+
+ return sloReq;
+ }
+
+ public static LogoutResponse buildSLOErrorResponse(SingleLogoutService sloService, PVPTargetConfiguration spRequest) throws ConfigurationException {
+ LogoutResponse sloResp = SAML2Utils.createSAMLObject(LogoutResponse.class);
+ Issuer issuer = SAML2Utils.createSAMLObject(Issuer.class);
+ issuer.setValue(PVPConfiguration.getInstance().getIDPPublicPath());
+ issuer.setFormat(NameID.ENTITY);
+ sloResp.setIssuer(issuer);
+ sloResp.setIssueInstant(new DateTime());
+ sloResp.setDestination(sloService.getLocation());
+ Status status = SAML2Utils.createSAMLObject(Status.class);
+ StatusCode statusCode = SAML2Utils.createSAMLObject(StatusCode.class);
+ StatusMessage statusMessage = SAML2Utils.createSAMLObject(StatusMessage.class);
+ statusCode.setValue(StatusCode.PARTIAL_LOGOUT_URI);
+ statusMessage.setMessage(MOAIDMessageProvider.getInstance().getMessage("pvp2.18", null));
+ status.setStatusCode(statusCode);
+ status.setStatusMessage(statusMessage);
+ sloResp.setStatus(status);
+ return sloResp;
+ }
+
+ public static LogoutResponse buildSLOResponseMessage(SingleLogoutService sloService, PVPTargetConfiguration spRequest, List<String> failedOAs) throws ConfigurationException {
+ LogoutResponse sloResp = SAML2Utils.createSAMLObject(LogoutResponse.class);
+ Issuer issuer = SAML2Utils.createSAMLObject(Issuer.class);
+ issuer.setValue(PVPConfiguration.getInstance().getIDPPublicPath());
+ issuer.setFormat(NameID.ENTITY);
+ sloResp.setIssuer(issuer);
+ sloResp.setIssueInstant(new DateTime());
+ sloResp.setDestination(sloService.getLocation());
+
+ Status status;
+ if (failedOAs == null || failedOAs.size() == 0) {
+ status = SAML2Utils.getSuccessStatus();
+
+ } else {
+ status = SAML2Utils.createSAMLObject(Status.class);
+ StatusCode statusCode = SAML2Utils.createSAMLObject(StatusCode.class);
+ StatusMessage statusMessage = SAML2Utils.createSAMLObject(StatusMessage.class);
+ statusCode.setValue(StatusCode.PARTIAL_LOGOUT_URI);
+ statusMessage.setMessage(MOAIDMessageProvider.getInstance().getMessage("pvp2.18", null));
+ status.setStatusCode(statusCode);
+ status.setStatusMessage(statusMessage);
+
+ }
+ sloResp.setStatus(status);
+ return sloResp;
+
+ }
+
+ public static SingleLogoutService getRequestSLODescriptor(String entityID) throws NOSLOServiceDescriptorException {
+ try {
+ EntityDescriptor entity = MOAMetadataProvider.getInstance().getEntityDescriptor(entityID);
+ SPSSODescriptor spsso = entity.getSPSSODescriptor(SAMLConstants.SAML20P_NS);
+
+ SingleLogoutService sloService = null;
+ for (SingleLogoutService el : spsso.getSingleLogoutServices()) {
+ if (el.getBinding().equals(SAMLConstants.SAML2_SOAP11_BINDING_URI))
+ sloService = el;
+
+ else if (el.getBinding().equals(SAMLConstants.SAML2_REDIRECT_BINDING_URI)
+ && (
+ (sloService != null && !sloService.getBinding().equals(SAMLConstants.SAML2_SOAP11_BINDING_URI))
+ || sloService == null)
+ )
+ sloService = el;
+
+ else if (el.getBinding().equals(SAMLConstants.SAML2_POST_BINDING_URI)
+ && (
+ (sloService != null
+ && !sloService.getBinding().equals(SAMLConstants.SAML2_SOAP11_BINDING_URI)
+ && !sloService.getBinding().equals(SAMLConstants.SAML2_REDIRECT_BINDING_URI))
+ || sloService == null)
+ )
+ sloService = el;
+ }
+
+ if (sloService == null) {
+ Logger.error("Found no SLO ServiceDescriptor in Metadata");
+ throw new NOSLOServiceDescriptorException("NO SLO ServiceDescriptor", null);
+
+ }
+ return sloService;
+
+ } catch (MetadataProviderException e) {
+ Logger.error("Found no SLO ServiceDescriptor in Metadata");
+ throw new NOSLOServiceDescriptorException("NO SLO ServiceDescriptor", null);
+ }
+
+ }
+
+ public static SingleLogoutService getResponseSLODescriptor(PVPTargetConfiguration spRequest) throws NoMetadataInformationException, NOSLOServiceDescriptorException {
+ MOARequest moaReq = (MOARequest) spRequest.getRequest();
+ EntityDescriptor metadata = moaReq.getEntityMetadata();
+ SPSSODescriptor spsso = metadata.getSPSSODescriptor(SAMLConstants.SAML20P_NS);
+
+ SingleLogoutService sloService = null;
+ for (SingleLogoutService el : spsso.getSingleLogoutServices()) {
+ if (el.getBinding().equals(spRequest.getBinding()))
+ sloService = el;
+ }
+ if (sloService == null && spsso.getSingleLogoutServices().size() != 0)
+ sloService = spsso.getSingleLogoutServices().get(0);
+
+ else {
+ Logger.error("Found no SLO ServiceDescriptor in Metadata");
+ throw new NOSLOServiceDescriptorException("NO SLO ServiceDescriptor", null);
+ }
+ return sloService;
+ }
+
+}
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/assertion/PVP2AssertionBuilder.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/assertion/PVP2AssertionBuilder.java
index 9def5d22c..4d6343fce 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/assertion/PVP2AssertionBuilder.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/assertion/PVP2AssertionBuilder.java
@@ -23,6 +23,7 @@
package at.gv.egovernment.moa.id.protocols.pvp2x.builder.assertion;
import java.security.MessageDigest;
+import java.util.ArrayList;
import java.util.Iterator;
import java.util.List;
@@ -30,6 +31,7 @@ import org.joda.time.DateTime;
import org.opensaml.common.xml.SAMLConstants;
import org.opensaml.saml2.core.Assertion;
import org.opensaml.saml2.core.Attribute;
+import org.opensaml.saml2.core.AttributeQuery;
import org.opensaml.saml2.core.AttributeStatement;
import org.opensaml.saml2.core.Audience;
import org.opensaml.saml2.core.AudienceRestriction;
@@ -53,29 +55,28 @@ import org.opensaml.saml2.metadata.RequestedAttribute;
import org.opensaml.saml2.metadata.SPSSODescriptor;
import org.w3c.dom.Element;
-import edu.emory.mathcs.backport.java.util.Arrays;
import at.gv.e_government.reference.namespace.mandates._20040701_.Mandate;
import at.gv.e_government.reference.namespace.persondata._20020228_.CorporateBodyType;
import at.gv.e_government.reference.namespace.persondata._20020228_.IdentificationType;
import at.gv.e_government.reference.namespace.persondata._20020228_.PhysicalPersonType;
-import at.gv.egovernment.moa.id.auth.AuthenticationServer;
import at.gv.egovernment.moa.id.auth.builder.BPKBuilder;
import at.gv.egovernment.moa.id.auth.data.AuthenticationSession;
import at.gv.egovernment.moa.id.auth.exception.MOAIDException;
+import at.gv.egovernment.moa.id.config.ConfigurationException;
import at.gv.egovernment.moa.id.config.auth.AuthConfigurationProvider;
import at.gv.egovernment.moa.id.config.auth.OAAuthParameter;
-import at.gv.egovernment.moa.id.data.AuthenticationData;
+import at.gv.egovernment.moa.id.data.IAuthData;
+import at.gv.egovernment.moa.id.data.SLOInformationImpl;
import at.gv.egovernment.moa.id.protocols.pvp2x.PVPConstants;
import at.gv.egovernment.moa.id.protocols.pvp2x.builder.PVPAttributeBuilder;
import at.gv.egovernment.moa.id.protocols.pvp2x.config.PVPConfiguration;
-import at.gv.egovernment.moa.id.protocols.pvp2x.exceptions.InvalidAssertionConsumerServiceException;
-import at.gv.egovernment.moa.id.protocols.pvp2x.exceptions.NameIDFormatNotSupportedException;
-import at.gv.egovernment.moa.id.protocols.pvp2x.exceptions.NoAuthContextException;
+import at.gv.egovernment.moa.id.protocols.pvp2x.exceptions.MandateAttributesNotHandleAbleException;
import at.gv.egovernment.moa.id.protocols.pvp2x.exceptions.NoMandateDataAvailableException;
import at.gv.egovernment.moa.id.protocols.pvp2x.exceptions.PVP2Exception;
import at.gv.egovernment.moa.id.protocols.pvp2x.exceptions.QAANotSupportedException;
import at.gv.egovernment.moa.id.protocols.pvp2x.exceptions.UnprovideableAttributeException;
+import at.gv.egovernment.moa.id.protocols.pvp2x.utils.CheckMandateAttributes;
import at.gv.egovernment.moa.id.protocols.pvp2x.utils.SAML2Utils;
import at.gv.egovernment.moa.id.util.MandateBuilder;
import at.gv.egovernment.moa.id.util.QAALevelVerifier;
@@ -83,12 +84,65 @@ import at.gv.egovernment.moa.id.util.Random;
import at.gv.egovernment.moa.logging.Logger;
import at.gv.egovernment.moa.util.Base64Utils;
import at.gv.egovernment.moa.util.Constants;
+import at.gv.egovernment.moa.util.MiscUtil;
public class PVP2AssertionBuilder implements PVPConstants {
+
+ public static Assertion buildAssertion(AttributeQuery attrQuery,
+ List<String> reqAttributes, IAuthData authData, DateTime date, String sessionIndex) throws ConfigurationException {
+
+
+ AuthnContextClassRef authnContextClassRef = SAML2Utils.createSAMLObject(AuthnContextClassRef.class);
+ authnContextClassRef.setAuthnContextClassRef(authData.getQAALevel());
+
+ List<Attribute> attrList = new ArrayList<Attribute>();
+ if (reqAttributes != null) {
+ Iterator<String> it = reqAttributes.iterator();
+ while (it.hasNext()) {
+ String reqAttributName = it.next();
+ try {
+ Attribute attr = PVPAttributeBuilder.buildAttribute(
+ reqAttributName, null, authData);
+ if (attr == null) {
+ Logger.error(
+ "Attribute generation failed! for "
+ + reqAttributName);
+
+ } else {
+ attrList.add(attr);
+
+ }
+
+ } catch (PVP2Exception e) {
+ Logger.error(
+ "Attribute generation failed! for "
+ + reqAttributName);
+
+ } catch (Exception e) {
+ Logger.error(
+ "General Attribute generation failed! for "
+ + reqAttributName);
+
+ }
+ }
+ }
+
+
+ NameID subjectNameID = SAML2Utils.createSAMLObject(NameID.class);
+ subjectNameID.setFormat(attrQuery.getSubject().getNameID().getFormat());
+ subjectNameID.setValue(attrQuery.getSubject().getNameID().getValue());
+
+ SubjectConfirmationData subjectConfirmationData = null;
+
+ return buildGenericAssertion(attrQuery.getIssuer().getValue(), date,
+ authnContextClassRef, attrList, subjectNameID, subjectConfirmationData, sessionIndex);
+ }
+
public static Assertion buildAssertion(AuthnRequest authnRequest,
- AuthenticationSession authSession, EntityDescriptor peerEntity, DateTime date, AssertionConsumerService assertionConsumerService)
+ IAuthData authData, EntityDescriptor peerEntity, DateTime date,
+ AssertionConsumerService assertionConsumerService, SLOInformationImpl sloInformation)
throws MOAIDException {
- Assertion assertion = SAML2Utils.createSAMLObject(Assertion.class);
+
RequestedAuthnContext reqAuthnContext = authnRequest
.getRequestedAuthnContext();
@@ -101,7 +155,7 @@ public class PVP2AssertionBuilder implements PVPConstants {
peerEntity.getEntityID());
if (reqAuthnContext == null) {
- authnContextClassRef.setAuthnContextClassRef(authSession.getQAALevel());
+ authnContextClassRef.setAuthnContextClassRef(authData.getQAALevel());
} else {
@@ -112,7 +166,7 @@ public class PVP2AssertionBuilder implements PVPConstants {
if (reqAuthnContextClassRefIt.size() == 0) {
- QAALevelVerifier.verifyQAALevel(authSession.getQAALevel(),
+ QAALevelVerifier.verifyQAALevel(authData.getQAALevel(),
STORK_QAA_1_4);
stork_qaa_1_4_found = true;
@@ -126,20 +180,20 @@ public class PVP2AssertionBuilder implements PVPConstants {
|| qaa_uri.trim().equals(STORK_QAA_1_2)
|| qaa_uri.trim().equals(STORK_QAA_1_1)) {
- if (authSession.isForeigner()) {
- QAALevelVerifier.verifyQAALevel(authSession.getQAALevel(),
+ if (authData.isForeigner()) {
+ QAALevelVerifier.verifyQAALevel(authData.getQAALevel(),
STORK_QAA_PREFIX + oaParam.getQaaLevel());
stork_qaa_1_4_found = true;
- authnContextClassRef.setAuthnContextClassRef(authSession.getQAALevel());
+ authnContextClassRef.setAuthnContextClassRef(authData.getQAALevel());
} else {
- QAALevelVerifier.verifyQAALevel(authSession.getQAALevel(),
+ QAALevelVerifier.verifyQAALevel(authData.getQAALevel(),
qaa_uri.trim());
stork_qaa_1_4_found = true;
- authnContextClassRef.setAuthnContextClassRef(authSession.getQAALevel());
+ authnContextClassRef.setAuthnContextClassRef(authData.getQAALevel());
}
break;
@@ -152,33 +206,13 @@ public class PVP2AssertionBuilder implements PVPConstants {
}
}
- AuthnContext authnContext = SAML2Utils
- .createSAMLObject(AuthnContext.class);
- authnContext.setAuthnContextClassRef(authnContextClassRef);
-
- AuthnStatement authnStatement = SAML2Utils
- .createSAMLObject(AuthnStatement.class);
- String remoteSessionID = SAML2Utils.getSecureIdentifier();
- authnStatement.setAuthnInstant(date);
- // currently dummy id ...
- authnStatement.setSessionIndex(remoteSessionID);
- authnStatement.setAuthnContext(authnContext);
- assertion.getAuthnStatements().add(authnStatement);
SPSSODescriptor spSSODescriptor = peerEntity
.getSPSSODescriptor(SAMLConstants.SAML20P_NS);
-
- AttributeStatement attributeStatement = SAML2Utils
- .createSAMLObject(AttributeStatement.class);
-
- Subject subject = SAML2Utils.createSAMLObject(Subject.class);
-
- AuthenticationData authData = AuthenticationServer
- .buildAuthenticationData(authSession, oaParam,
- oaParam.getTarget());
-
+
//add Attributes to Assertion
+ List<Attribute> attrList = new ArrayList<Attribute>();
if (spSSODescriptor.getAttributeConsumingServices() != null &&
spSSODescriptor.getAttributeConsumingServices().size() > 0) {
@@ -199,22 +233,22 @@ public class PVP2AssertionBuilder implements PVPConstants {
attributeConsumingService = el;
}
}
-
- if (attributeConsumingService != null) {
+
+ if (attributeConsumingService != null) {
Iterator<RequestedAttribute> it = attributeConsumingService
.getRequestAttributes().iterator();
while (it.hasNext()) {
RequestedAttribute reqAttribut = it.next();
try {
Attribute attr = PVPAttributeBuilder.buildAttribute(
- reqAttribut.getName(), authSession, oaParam, authData);
+ reqAttribut.getName(), oaParam, authData);
if (attr == null) {
if (reqAttribut.isRequired()) {
throw new UnprovideableAttributeException(
reqAttribut.getName());
}
} else {
- attributeStatement.getAttributes().add(attr);
+ attrList.add(attr);
}
} catch (PVP2Exception e) {
Logger.error(
@@ -224,19 +258,26 @@ public class PVP2AssertionBuilder implements PVPConstants {
throw new UnprovideableAttributeException(
reqAttribut.getName());
}
+
+ } catch (Exception e) {
+ Logger.error(
+ "General Attribute generation failed! for "
+ + reqAttribut.getFriendlyName(), e);
+ if (reqAttribut.isRequired()) {
+ throw new UnprovideableAttributeException(
+ reqAttribut.getName());
+ }
+
}
}
}
}
- if (attributeStatement.getAttributes().size() > 0) {
- assertion.getAttributeStatements().add(attributeStatement);
- }
NameID subjectNameID = SAML2Utils.createSAMLObject(NameID.class);
- //TLenz: set correct bPK Type and Value from AuthData
- if (authSession.getUseMandate()) {
- Element mandate = authSession.getMandate();
+ //build nameID and nameID Format from moasession
+ if (authData.isUseMandate()) {
+ Element mandate = authData.getMandate();
if(mandate == null) {
throw new NoMandateDataAvailableException();
}
@@ -265,7 +306,7 @@ public class PVP2AssertionBuilder implements PVPConstants {
if (bpktype.equals(Constants.URN_PREFIX_BASEID)) {
- if (authSession.getBusinessService()) {
+ if (oaParam.getBusinessService()) {
subjectNameID.setValue(new BPKBuilder().buildWBPK(bpk, oaParam.getIdentityLinkDomainIdentifier()));
if (oaParam.getIdentityLinkDomainIdentifier().startsWith(AuthenticationSession.REGISTERANDORDNR_PREFIX_))
subjectNameID.setNameQualifier(oaParam.getIdentityLinkDomainIdentifier());
@@ -334,21 +375,68 @@ public class PVP2AssertionBuilder implements PVPConstants {
}
} else
- subjectNameID.setFormat(nameIDFormat);
-
-
- subject.setNameID(subjectNameID);
+ subjectNameID.setFormat(nameIDFormat);
+
- SubjectConfirmation subjectConfirmation = SAML2Utils
- .createSAMLObject(SubjectConfirmation.class);
- subjectConfirmation.setMethod(SubjectConfirmation.METHOD_BEARER);
+ String sessionIndex = null;
+
+ //if request is a reauthentication and NameIDFormat match reuse old session information
+ if (MiscUtil.isNotEmpty(authData.getNameID()) &&
+ MiscUtil.isNotEmpty(authData.getNameIDFormat()) &&
+ nameIDFormat.equals(authData.getNameIDFormat())) {
+ subjectNameID.setValue(authData.getNameID());
+ sessionIndex = authData.getSessionIndex();
+
+ } else
+ sessionIndex = SAML2Utils.getSecureIdentifier();
+
SubjectConfirmationData subjectConfirmationData = SAML2Utils
.createSAMLObject(SubjectConfirmationData.class);
subjectConfirmationData.setInResponseTo(authnRequest.getID());
subjectConfirmationData.setNotOnOrAfter(date.plusMinutes(5));
subjectConfirmationData.setRecipient(assertionConsumerService.getLocation());
+
+ //set SLO information
+ sloInformation.setUserNameIdentifier(subjectNameID.getValue());
+ sloInformation.setNameIDFormat(subjectNameID.getFormat());
+ sloInformation.setSessionIndex(sessionIndex);
+
+ return buildGenericAssertion(peerEntity.getEntityID(), date, authnContextClassRef, attrList, subjectNameID, subjectConfirmationData, sessionIndex);
+ }
+
+ private static Assertion buildGenericAssertion(String entityID, DateTime date,
+ AuthnContextClassRef authnContextClassRef, List<Attribute> attrList,
+ NameID subjectNameID, SubjectConfirmationData subjectConfirmationData,
+ String sessionIndex) throws ConfigurationException {
+ Assertion assertion = SAML2Utils.createSAMLObject(Assertion.class);
+
+ AuthnContext authnContext = SAML2Utils
+ .createSAMLObject(AuthnContext.class);
+ authnContext.setAuthnContextClassRef(authnContextClassRef);
+ AuthnStatement authnStatement = SAML2Utils
+ .createSAMLObject(AuthnStatement.class);
+
+ authnStatement.setAuthnInstant(date);
+ authnStatement.setSessionIndex(sessionIndex);
+ authnStatement.setAuthnContext(authnContext);
+
+ assertion.getAuthnStatements().add(authnStatement);
+
+ AttributeStatement attributeStatement = SAML2Utils
+ .createSAMLObject(AttributeStatement.class);
+ attributeStatement.getAttributes().addAll(attrList);
+ if (attributeStatement.getAttributes().size() > 0) {
+ assertion.getAttributeStatements().add(attributeStatement);
+ }
+
+ Subject subject = SAML2Utils.createSAMLObject(Subject.class);
+ subject.setNameID(subjectNameID);
+
+ SubjectConfirmation subjectConfirmation = SAML2Utils
+ .createSAMLObject(SubjectConfirmation.class);
+ subjectConfirmation.setMethod(SubjectConfirmation.METHOD_BEARER);
subjectConfirmation.setSubjectConfirmationData(subjectConfirmationData);
subject.getSubjectConfirmations().add(subjectConfirmation);
@@ -358,7 +446,7 @@ public class PVP2AssertionBuilder implements PVPConstants {
.createSAMLObject(AudienceRestriction.class);
Audience audience = SAML2Utils.createSAMLObject(Audience.class);
- audience.setAudienceURI(peerEntity.getEntityID());
+ audience.setAudienceURI(entityID);
audienceRestriction.getAudiences().add(audience);
conditions.setNotBefore(date);
@@ -377,7 +465,7 @@ public class PVP2AssertionBuilder implements PVPConstants {
assertion.setSubject(subject);
assertion.setID(SAML2Utils.getSecureIdentifier());
assertion.setIssueInstant(date);
-
- return assertion;
+
+ return assertion;
}
}
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/attributes/BPKAttributeBuilder.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/attributes/BPKAttributeBuilder.java
index 648651350..3dd1dd064 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/attributes/BPKAttributeBuilder.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/attributes/BPKAttributeBuilder.java
@@ -22,9 +22,8 @@
*******************************************************************************/
package at.gv.egovernment.moa.id.protocols.pvp2x.builder.attributes;
-import at.gv.egovernment.moa.id.auth.data.AuthenticationSession;
import at.gv.egovernment.moa.id.config.auth.OAAuthParameter;
-import at.gv.egovernment.moa.id.data.AuthenticationData;
+import at.gv.egovernment.moa.id.data.IAuthData;
import at.gv.egovernment.moa.id.protocols.pvp2x.builder.attributes.exceptions.AttributeException;
import at.gv.egovernment.moa.logging.Logger;
import at.gv.egovernment.moa.util.Constants;
@@ -35,7 +34,7 @@ public class BPKAttributeBuilder implements IPVPAttributeBuilder {
return BPK_NAME;
}
- public <ATT> ATT build(AuthenticationSession authSession, OAAuthParameter oaParam, AuthenticationData authData,
+ public <ATT> ATT build(OAAuthParameter oaParam, IAuthData authData,
IAttributeGenerator<ATT> g) throws AttributeException {
String bpk = authData.getBPK();
String type = authData.getBPKType();
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/attributes/BirthdateAttributeBuilder.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/attributes/BirthdateAttributeBuilder.java
index f3d815e7d..89ec383ce 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/attributes/BirthdateAttributeBuilder.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/attributes/BirthdateAttributeBuilder.java
@@ -23,47 +23,31 @@
package at.gv.egovernment.moa.id.protocols.pvp2x.builder.attributes;
import java.text.DateFormat;
-import java.text.ParseException;
import java.text.SimpleDateFormat;
-import java.util.Date;
-import at.gv.egovernment.moa.id.auth.data.AuthenticationSession;
import at.gv.egovernment.moa.id.config.auth.OAAuthParameter;
-import at.gv.egovernment.moa.id.data.AuthenticationData;
+import at.gv.egovernment.moa.id.data.IAuthData;
import at.gv.egovernment.moa.id.protocols.pvp2x.builder.attributes.exceptions.AttributeException;
-import at.gv.egovernment.moa.util.MiscUtil;
public class BirthdateAttributeBuilder implements IPVPAttributeBuilder {
-
- public static final String IDENTITY_LINK_DATE_FORMAT = "yyyy-MM-dd";
-
+
public String getName() {
return BIRTHDATE_NAME;
}
- public <ATT> ATT build(AuthenticationSession authSession, OAAuthParameter oaParam, AuthenticationData authData,
+ public <ATT> ATT build(OAAuthParameter oaParam, IAuthData authData,
IAttributeGenerator<ATT> g) throws AttributeException {
- try {
- DateFormat identityLinkFormat = new SimpleDateFormat(IDENTITY_LINK_DATE_FORMAT);
+
+ if (authData.getDateOfBirth() != null) {
+ DateFormat pvpDateFormat = new SimpleDateFormat(BIRTHDATE_FORMAT_PATTERN);
+ String dateString = pvpDateFormat.format(authData.getDateOfBirth());
+
+ return g.buildStringAttribute(BIRTHDATE_FRIENDLY_NAME, BIRTHDATE_NAME, dateString);
- if (MiscUtil.isNotEmpty(authSession.getIdentityLink().getDateOfBirth())) {
- Date date = identityLinkFormat.parse(authSession.getIdentityLink().getDateOfBirth());
- DateFormat pvpDateFormat = new SimpleDateFormat(BIRTHDATE_FORMAT_PATTERN);
- String dateString = pvpDateFormat.format(date);
+ } else {
+ //build empty attribute if no Birthday date is found (STORK2)
+ return g.buildEmptyAttribute(BIRTHDATE_FRIENDLY_NAME, BIRTHDATE_NAME);
- return g.buildStringAttribute(BIRTHDATE_FRIENDLY_NAME, BIRTHDATE_NAME, dateString);
-
- } else {
- //build empty attribute if no Birthday date is found (STORK2)
- return g.buildEmptyAttribute(BIRTHDATE_FRIENDLY_NAME, BIRTHDATE_NAME);
-
- }
-
- //return buildStringAttribute(BIRTHDATE_FRIENDLY_NAME, BIRTHDATE_NAME, dateString);
- }
- catch (ParseException e) {
- e.printStackTrace();
- return null;
}
}
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/attributes/EIDAuthBlock.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/attributes/EIDAuthBlock.java
index 56972248b..ded9e7166 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/attributes/EIDAuthBlock.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/attributes/EIDAuthBlock.java
@@ -26,9 +26,8 @@ import iaik.util.logging.Log;
import java.io.IOException;
-import at.gv.egovernment.moa.id.auth.data.AuthenticationSession;
import at.gv.egovernment.moa.id.config.auth.OAAuthParameter;
-import at.gv.egovernment.moa.id.data.AuthenticationData;
+import at.gv.egovernment.moa.id.data.IAuthData;
import at.gv.egovernment.moa.id.protocols.pvp2x.builder.attributes.exceptions.AttributeException;
import at.gv.egovernment.moa.id.protocols.pvp2x.builder.attributes.exceptions.UnavailableAttributeException;
import at.gv.egovernment.moa.util.Base64Utils;
@@ -40,11 +39,11 @@ public class EIDAuthBlock implements IPVPAttributeBuilder {
return EID_AUTH_BLOCK_NAME;
}
- public <ATT> ATT build(AuthenticationSession authSession, OAAuthParameter oaParam, AuthenticationData authData,
+ public <ATT> ATT build(OAAuthParameter oaParam, IAuthData authData,
IAttributeGenerator<ATT> g) throws AttributeException {
try {
- String authblock = authSession.getAuthBlock();
+ String authblock = authData.getAuthBlock();
if (MiscUtil.isNotEmpty(authblock)) {
return g.buildStringAttribute(EID_AUTH_BLOCK_FRIENDLY_NAME, EID_AUTH_BLOCK_NAME,
Base64Utils.encode(authblock.getBytes()));
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/attributes/EIDCcsURL.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/attributes/EIDCcsURL.java
index 7179dd090..2df5ec22e 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/attributes/EIDCcsURL.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/attributes/EIDCcsURL.java
@@ -22,9 +22,8 @@
*******************************************************************************/
package at.gv.egovernment.moa.id.protocols.pvp2x.builder.attributes;
-import at.gv.egovernment.moa.id.auth.data.AuthenticationSession;
import at.gv.egovernment.moa.id.config.auth.OAAuthParameter;
-import at.gv.egovernment.moa.id.data.AuthenticationData;
+import at.gv.egovernment.moa.id.data.IAuthData;
import at.gv.egovernment.moa.id.protocols.pvp2x.builder.attributes.exceptions.AttributeException;
import at.gv.egovernment.moa.id.protocols.pvp2x.builder.attributes.exceptions.UnavailableAttributeException;
import at.gv.egovernment.moa.util.MiscUtil;
@@ -35,10 +34,10 @@ public class EIDCcsURL implements IPVPAttributeBuilder {
return EID_CCS_URL_NAME;
}
- public <ATT> ATT build(AuthenticationSession authSession, OAAuthParameter oaParam, AuthenticationData authData,
+ public <ATT> ATT build(OAAuthParameter oaParam, IAuthData authData,
IAttributeGenerator<ATT> g) throws AttributeException {
- String bkuurl = authSession.getBkuURL();
+ String bkuurl = authData.getBkuURL();
if (MiscUtil.isNotEmpty(bkuurl))
return g.buildStringAttribute(EID_CCS_URL_FRIENDLY_NAME, EID_CCS_URL_NAME, bkuurl);
else
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/attributes/EIDCitizenQAALevelAttributeBuilder.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/attributes/EIDCitizenQAALevelAttributeBuilder.java
index 02088eea1..365f36594 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/attributes/EIDCitizenQAALevelAttributeBuilder.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/attributes/EIDCitizenQAALevelAttributeBuilder.java
@@ -22,9 +22,8 @@
*******************************************************************************/
package at.gv.egovernment.moa.id.protocols.pvp2x.builder.attributes;
-import at.gv.egovernment.moa.id.auth.data.AuthenticationSession;
import at.gv.egovernment.moa.id.config.auth.OAAuthParameter;
-import at.gv.egovernment.moa.id.data.AuthenticationData;
+import at.gv.egovernment.moa.id.data.IAuthData;
import at.gv.egovernment.moa.id.protocols.pvp2x.builder.attributes.exceptions.AttributeException;
public class EIDCitizenQAALevelAttributeBuilder implements IPVPAttributeBuilder {
@@ -33,10 +32,17 @@ public class EIDCitizenQAALevelAttributeBuilder implements IPVPAttributeBuilder
return EID_CITIZEN_QAA_LEVEL_NAME;
}
- public <ATT> ATT build(AuthenticationSession authSession, OAAuthParameter oaParam, AuthenticationData authData,
+ public <ATT> ATT build(OAAuthParameter oaParam, IAuthData authData,
IAttributeGenerator<ATT> g) throws AttributeException {
+
+ String qaaLevel = null;
+ if (authData.getQAALevel().startsWith(STORK_QAA_PREFIX))
+ qaaLevel = authData.getQAALevel().substring(STORK_QAA_PREFIX.length());
+ else
+ qaaLevel = authData.getQAALevel();
+
return g.buildIntegerAttribute(EID_CITIZEN_QAA_LEVEL_FRIENDLY_NAME,
- EID_CITIZEN_QAA_LEVEL_NAME, 4);
+ EID_CITIZEN_QAA_LEVEL_NAME, Integer.valueOf(qaaLevel));
}
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/attributes/EIDIdentityLinkBuilder.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/attributes/EIDIdentityLinkBuilder.java
index 2d86586d2..531369e9a 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/attributes/EIDIdentityLinkBuilder.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/attributes/EIDIdentityLinkBuilder.java
@@ -24,19 +24,11 @@ package at.gv.egovernment.moa.id.protocols.pvp2x.builder.attributes;
import java.io.IOException;
-import javax.xml.transform.TransformerException;
-
-import org.w3c.dom.Element;
-
-import at.gv.egovernment.moa.id.auth.data.AuthenticationSession;
-import at.gv.egovernment.moa.id.auth.exception.MOAIDException;
import at.gv.egovernment.moa.id.config.auth.OAAuthParameter;
-import at.gv.egovernment.moa.id.data.AuthenticationData;
+import at.gv.egovernment.moa.id.data.IAuthData;
import at.gv.egovernment.moa.id.protocols.pvp2x.builder.attributes.exceptions.AttributeException;
-import at.gv.egovernment.moa.id.util.IdentityLinkReSigner;
import at.gv.egovernment.moa.logging.Logger;
import at.gv.egovernment.moa.util.Base64Utils;
-import at.gv.egovernment.moa.util.DOMUtils;
public class EIDIdentityLinkBuilder implements IPVPAttributeBuilder {
@@ -44,36 +36,15 @@ public class EIDIdentityLinkBuilder implements IPVPAttributeBuilder {
return EID_IDENTITY_LINK_NAME;
}
- public <ATT> ATT build(AuthenticationSession authSession, OAAuthParameter oaParam, AuthenticationData authData,
+ public <ATT> ATT build(OAAuthParameter oaParam, IAuthData authData,
IAttributeGenerator<ATT> g) throws AttributeException {
try {
String ilAssertion = null;
- if (oaParam.getBusinessService()) {
+ ilAssertion = authData.getIdentityLink().getSerializedSamlAssertion();
- IdentityLinkReSigner identitylinkresigner = IdentityLinkReSigner.getInstance();
-
- Element resignedilAssertion;
-
- resignedilAssertion = identitylinkresigner.resignIdentityLink(authData.getIdentityLink()
- .getSamlAssertion());
-
- ilAssertion = DOMUtils.serializeNode(resignedilAssertion);
-
- } else
- ilAssertion = authData.getIdentityLink().getSerializedSamlAssertion();
-
-
return g.buildStringAttribute(EID_IDENTITY_LINK_FRIENDLY_NAME,
EID_IDENTITY_LINK_NAME, Base64Utils.encode(ilAssertion.getBytes()));
- } catch (MOAIDException e) {
- Logger.warn("IdentityLink serialization error.", e);
- return g.buildEmptyAttribute(EID_IDENTITY_LINK_FRIENDLY_NAME,
- EID_IDENTITY_LINK_NAME);
- } catch (TransformerException e) {
- Logger.warn("IdentityLink serialization error.", e);
- return g.buildEmptyAttribute(EID_IDENTITY_LINK_FRIENDLY_NAME,
- EID_IDENTITY_LINK_NAME);
} catch (IOException e) {
Logger.warn("IdentityLink serialization error.", e);
return g.buildEmptyAttribute(EID_IDENTITY_LINK_FRIENDLY_NAME,
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/attributes/EIDIssuingNationAttributeBuilder.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/attributes/EIDIssuingNationAttributeBuilder.java
index 39d4d29e7..9b85af9f8 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/attributes/EIDIssuingNationAttributeBuilder.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/attributes/EIDIssuingNationAttributeBuilder.java
@@ -22,16 +22,9 @@
*******************************************************************************/
package at.gv.egovernment.moa.id.protocols.pvp2x.builder.attributes;
-import iaik.x509.X509Certificate;
-
-import javax.naming.ldap.LdapName;
-import javax.naming.ldap.Rdn;
-
-import at.gv.egovernment.moa.id.auth.data.AuthenticationSession;
import at.gv.egovernment.moa.id.config.auth.OAAuthParameter;
-import at.gv.egovernment.moa.id.data.AuthenticationData;
+import at.gv.egovernment.moa.id.data.IAuthData;
import at.gv.egovernment.moa.id.protocols.pvp2x.builder.attributes.exceptions.AttributeException;
-import at.gv.egovernment.moa.logging.Logger;
public class EIDIssuingNationAttributeBuilder implements IPVPAttributeBuilder {
@@ -39,35 +32,9 @@ public class EIDIssuingNationAttributeBuilder implements IPVPAttributeBuilder {
return EID_ISSUING_NATION_NAME;
}
- public <ATT> ATT build(AuthenticationSession authSession, OAAuthParameter oaParam, AuthenticationData authData,
+ public <ATT> ATT build(OAAuthParameter oaParam, IAuthData authData,
IAttributeGenerator<ATT> g) throws AttributeException {
- String countryCode = "AT";
-
-
- if (authSession.getStorkAuthnRequest() != null) {
- countryCode = authSession.getStorkAuthnRequest()
- .getCitizenCountryCode();
- } else {
-
- //TODO: replace with TSL lookup when TSL is ready!
- X509Certificate certificate = authSession.getSignerCertificate();
-
- if (certificate != null) {
- try {
- LdapName ln = new LdapName(certificate.getIssuerDN()
- .getName());
- for (Rdn rdn : ln.getRdns()) {
- if (rdn.getType().equalsIgnoreCase("C")) {
- Logger.info("C is: " + rdn.getValue());
- countryCode = rdn.getValue().toString();
- break;
- }
- }
- } catch (Exception e) {
- Logger.error("Failed to extract country code from certificate", e);
- }
- }
- }
+ String countryCode = authData.getCcc();
return g.buildStringAttribute(EID_ISSUING_NATION_FRIENDLY_NAME,
EID_ISSUING_NATION_NAME, countryCode);
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/attributes/EIDSTORKTOKEN.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/attributes/EIDSTORKTOKEN.java
index e8fba6af2..04cc59b10 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/attributes/EIDSTORKTOKEN.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/attributes/EIDSTORKTOKEN.java
@@ -22,11 +22,14 @@
*******************************************************************************/
package at.gv.egovernment.moa.id.protocols.pvp2x.builder.attributes;
-import at.gv.egovernment.moa.id.auth.data.AuthenticationSession;
+import java.io.IOException;
+
import at.gv.egovernment.moa.id.config.auth.OAAuthParameter;
-import at.gv.egovernment.moa.id.data.AuthenticationData;
+import at.gv.egovernment.moa.id.data.IAuthData;
import at.gv.egovernment.moa.id.protocols.pvp2x.builder.attributes.exceptions.AttributeException;
import at.gv.egovernment.moa.id.protocols.pvp2x.builder.attributes.exceptions.UnavailableAttributeException;
+import at.gv.egovernment.moa.logging.Logger;
+import at.gv.egovernment.moa.util.Base64Utils;
import at.gv.egovernment.moa.util.MiscUtil;
public class EIDSTORKTOKEN implements IPVPAttributeBuilder {
@@ -35,21 +38,28 @@ public class EIDSTORKTOKEN implements IPVPAttributeBuilder {
return EID_STORK_TOKEN_NAME;
}
- public <ATT> ATT build(AuthenticationSession authSession, OAAuthParameter oaParam, AuthenticationData authData,
+ public <ATT> ATT build(OAAuthParameter oaParam, IAuthData authData,
IAttributeGenerator<ATT> g) throws AttributeException {
- if (!authSession.isForeigner()) {
+ if (!authData.isForeigner()) {
throw new UnavailableAttributeException(EID_STORK_TOKEN_NAME);
} else {
- String storkResponse = authSession.getStorkAuthnResponse();
+ String storkResponse = authData.getStorkAuthnResponse();
if ( MiscUtil.isEmpty(storkResponse) ) {
throw new UnavailableAttributeException(EID_STORK_TOKEN_NAME);
} else {
- return g.buildStringAttribute(EID_STORK_TOKEN_FRIENDLY_NAME, EID_STORK_TOKEN_NAME, storkResponse);
+ try {
+ return g.buildStringAttribute(EID_STORK_TOKEN_FRIENDLY_NAME, EID_STORK_TOKEN_NAME,
+ Base64Utils.encode(storkResponse.getBytes()));
+
+ } catch (IOException e) {
+ Logger.warn("Encode AuthBlock BASE64 failed.", e);
+ throw new UnavailableAttributeException(EID_STORK_TOKEN_NAME);
+ }
}
}
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/attributes/EIDSectorForIDAttributeBuilder.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/attributes/EIDSectorForIDAttributeBuilder.java
index 807d59050..7f52e1d47 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/attributes/EIDSectorForIDAttributeBuilder.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/attributes/EIDSectorForIDAttributeBuilder.java
@@ -22,9 +22,8 @@
*******************************************************************************/
package at.gv.egovernment.moa.id.protocols.pvp2x.builder.attributes;
-import at.gv.egovernment.moa.id.auth.data.AuthenticationSession;
import at.gv.egovernment.moa.id.config.auth.OAAuthParameter;
-import at.gv.egovernment.moa.id.data.AuthenticationData;
+import at.gv.egovernment.moa.id.data.IAuthData;
import at.gv.egovernment.moa.id.protocols.pvp2x.builder.attributes.exceptions.AttributeException;
public class EIDSectorForIDAttributeBuilder implements IPVPAttributeBuilder {
@@ -33,7 +32,7 @@ public class EIDSectorForIDAttributeBuilder implements IPVPAttributeBuilder {
return EID_SECTOR_FOR_IDENTIFIER_NAME;
}
- public <ATT> ATT build(AuthenticationSession authSession, OAAuthParameter oaParam, AuthenticationData authData,
+ public <ATT> ATT build(OAAuthParameter oaParam, IAuthData authData,
IAttributeGenerator<ATT> g) throws AttributeException {
String bpktype = authData.getBPKType();
return g.buildStringAttribute(EID_SECTOR_FOR_IDENTIFIER_FRIENDLY_NAME,
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/attributes/EIDSignerCertificate.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/attributes/EIDSignerCertificate.java
index 7cd415ada..df1bc1860 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/attributes/EIDSignerCertificate.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/attributes/EIDSignerCertificate.java
@@ -26,9 +26,8 @@ import iaik.util.logging.Log;
import java.io.IOException;
-import at.gv.egovernment.moa.id.auth.data.AuthenticationSession;
import at.gv.egovernment.moa.id.config.auth.OAAuthParameter;
-import at.gv.egovernment.moa.id.data.AuthenticationData;
+import at.gv.egovernment.moa.id.data.IAuthData;
import at.gv.egovernment.moa.id.protocols.pvp2x.builder.attributes.exceptions.AttributeException;
import at.gv.egovernment.moa.id.protocols.pvp2x.builder.attributes.exceptions.UnavailableAttributeException;
import at.gv.egovernment.moa.util.Base64Utils;
@@ -39,11 +38,11 @@ public class EIDSignerCertificate implements IPVPAttributeBuilder {
return EID_SIGNER_CERTIFICATE_NAME;
}
- public <ATT> ATT build(AuthenticationSession authSession, OAAuthParameter oaParam, AuthenticationData authData,
+ public <ATT> ATT build(OAAuthParameter oaParam, IAuthData authData,
IAttributeGenerator<ATT> g) throws AttributeException {
try {
- byte[] signerCertificate = authSession.getEncodedSignerCertificate();
+ byte[] signerCertificate = authData.getSignerCertificate();
if (signerCertificate != null) {
return g.buildStringAttribute(EID_SIGNER_CERTIFICATE_FRIENDLY_NAME, EID_SIGNER_CERTIFICATE_NAME, Base64Utils
.encode(signerCertificate));
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/attributes/EIDSourcePIN.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/attributes/EIDSourcePIN.java
index 5bf65da04..a8b703fc2 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/attributes/EIDSourcePIN.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/attributes/EIDSourcePIN.java
@@ -22,10 +22,10 @@
*******************************************************************************/
package at.gv.egovernment.moa.id.protocols.pvp2x.builder.attributes;
-import at.gv.egovernment.moa.id.auth.data.AuthenticationSession;
import at.gv.egovernment.moa.id.config.auth.OAAuthParameter;
-import at.gv.egovernment.moa.id.data.AuthenticationData;
+import at.gv.egovernment.moa.id.data.IAuthData;
import at.gv.egovernment.moa.id.protocols.pvp2x.builder.attributes.exceptions.AttributeException;
+import at.gv.egovernment.moa.id.protocols.pvp2x.builder.attributes.exceptions.AttributePolicyException;
import at.gv.egovernment.moa.id.protocols.pvp2x.builder.attributes.exceptions.UnavailableAttributeException;
public class EIDSourcePIN implements IPVPAttributeBuilder {
@@ -34,11 +34,11 @@ public class EIDSourcePIN implements IPVPAttributeBuilder {
return EID_SOURCE_PIN_NAME;
}
- public <ATT> ATT build(AuthenticationSession authSession, OAAuthParameter oaParam, AuthenticationData authData,
+ public <ATT> ATT build(OAAuthParameter oaParam, IAuthData authData,
IAttributeGenerator<ATT> g) throws AttributeException {
if (oaParam.getBusinessService())
- throw new UnavailableAttributeException(EID_SOURCE_PIN_NAME);
+ throw new AttributePolicyException(EID_SOURCE_PIN_NAME);
else {
return g.buildStringAttribute(EID_SOURCE_PIN_FRIENDLY_NAME, EID_SOURCE_PIN_NAME, authData.getIdentificationValue());
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/attributes/EIDSourcePINType.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/attributes/EIDSourcePINType.java
index ec509f74b..0681419fc 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/attributes/EIDSourcePINType.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/attributes/EIDSourcePINType.java
@@ -22,9 +22,8 @@
*******************************************************************************/
package at.gv.egovernment.moa.id.protocols.pvp2x.builder.attributes;
-import at.gv.egovernment.moa.id.auth.data.AuthenticationSession;
import at.gv.egovernment.moa.id.config.auth.OAAuthParameter;
-import at.gv.egovernment.moa.id.data.AuthenticationData;
+import at.gv.egovernment.moa.id.data.IAuthData;
import at.gv.egovernment.moa.id.protocols.pvp2x.builder.attributes.exceptions.AttributeException;
import at.gv.egovernment.moa.id.protocols.pvp2x.builder.attributes.exceptions.UnavailableAttributeException;
@@ -34,7 +33,7 @@ public class EIDSourcePINType implements IPVPAttributeBuilder {
return EID_SOURCE_PIN_TYPE_NAME;
}
- public <ATT> ATT build(AuthenticationSession authSession, OAAuthParameter oaParam, AuthenticationData authData,
+ public <ATT> ATT build(OAAuthParameter oaParam, IAuthData authData,
IAttributeGenerator<ATT> g) throws AttributeException {
if (oaParam.getBusinessService())
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/attributes/GivenNameAttributeBuilder.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/attributes/GivenNameAttributeBuilder.java
index 7bd5e2db5..fcde1e9bd 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/attributes/GivenNameAttributeBuilder.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/attributes/GivenNameAttributeBuilder.java
@@ -22,9 +22,8 @@
*******************************************************************************/
package at.gv.egovernment.moa.id.protocols.pvp2x.builder.attributes;
-import at.gv.egovernment.moa.id.auth.data.AuthenticationSession;
import at.gv.egovernment.moa.id.config.auth.OAAuthParameter;
-import at.gv.egovernment.moa.id.data.AuthenticationData;
+import at.gv.egovernment.moa.id.data.IAuthData;
import at.gv.egovernment.moa.id.protocols.pvp2x.builder.attributes.exceptions.AttributeException;
public class GivenNameAttributeBuilder implements IPVPAttributeBuilder {
@@ -33,9 +32,9 @@ public class GivenNameAttributeBuilder implements IPVPAttributeBuilder {
return GIVEN_NAME_NAME;
}
- public <ATT> ATT build(AuthenticationSession authSession, OAAuthParameter oaParam, AuthenticationData authData,
+ public <ATT> ATT build(OAAuthParameter oaParam, IAuthData authData,
IAttributeGenerator<ATT> g) throws AttributeException {
- return g.buildStringAttribute(GIVEN_NAME_FRIENDLY_NAME, GIVEN_NAME_NAME, authSession.getIdentityLink().getGivenName());
+ return g.buildStringAttribute(GIVEN_NAME_FRIENDLY_NAME, GIVEN_NAME_NAME, authData.getGivenName());
}
public <ATT> ATT buildEmpty(IAttributeGenerator<ATT> g) {
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/attributes/IAttributeBuilder.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/attributes/IAttributeBuilder.java
index 55b16edfb..d66b0ab02 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/attributes/IAttributeBuilder.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/attributes/IAttributeBuilder.java
@@ -22,15 +22,14 @@
*******************************************************************************/
package at.gv.egovernment.moa.id.protocols.pvp2x.builder.attributes;
-import at.gv.egovernment.moa.id.auth.data.AuthenticationSession;
import at.gv.egovernment.moa.id.config.auth.OAAuthParameter;
-import at.gv.egovernment.moa.id.data.AuthenticationData;
+import at.gv.egovernment.moa.id.data.IAuthData;
import at.gv.egovernment.moa.id.protocols.pvp2x.builder.attributes.exceptions.AttributeException;
public interface IAttributeBuilder {
public String getName();
- public <ATT> ATT build(final AuthenticationSession authSession, final OAAuthParameter oaParam, final AuthenticationData authData,
+ public <ATT> ATT build(final OAAuthParameter oaParam, final IAuthData authData,
final IAttributeGenerator<ATT> g) throws AttributeException;
public <ATT> ATT buildEmpty(final IAttributeGenerator<ATT> g);
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/attributes/MandateFullMandateAttributeBuilder.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/attributes/MandateFullMandateAttributeBuilder.java
index 4528aa1fe..670398ff6 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/attributes/MandateFullMandateAttributeBuilder.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/attributes/MandateFullMandateAttributeBuilder.java
@@ -29,6 +29,7 @@ import javax.xml.transform.TransformerException;
import at.gv.egovernment.moa.id.auth.data.AuthenticationSession;
import at.gv.egovernment.moa.id.config.auth.OAAuthParameter;
import at.gv.egovernment.moa.id.data.AuthenticationData;
+import at.gv.egovernment.moa.id.data.IAuthData;
import at.gv.egovernment.moa.id.protocols.pvp2x.builder.attributes.exceptions.AttributeException;
import at.gv.egovernment.moa.logging.Logger;
import at.gv.egovernment.moa.util.Base64Utils;
@@ -40,13 +41,13 @@ public class MandateFullMandateAttributeBuilder implements IPVPAttributeBuilder
return MANDATE_FULL_MANDATE_NAME;
}
- public <ATT> ATT build(AuthenticationSession authSession, OAAuthParameter oaParam, AuthenticationData authData,
+ public <ATT> ATT build(OAAuthParameter oaParam, IAuthData authData,
IAttributeGenerator<ATT> g) throws AttributeException {
- if (authSession.getUseMandate()) {
- if (authSession.getMandate() != null) {
+ if (authData.isUseMandate()) {
+ if (authData.getMandate() != null) {
String fullMandate;
try {
- fullMandate = DOMUtils.serializeNode(authSession
+ fullMandate = DOMUtils.serializeNode(authData
.getMandate());
return g.buildStringAttribute(MANDATE_FULL_MANDATE_FRIENDLY_NAME,
MANDATE_FULL_MANDATE_NAME, Base64Utils.encode(fullMandate.getBytes()));
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/attributes/MandateLegalPersonFullNameAttributeBuilder.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/attributes/MandateLegalPersonFullNameAttributeBuilder.java
index 9ab1de50d..9230e47fc 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/attributes/MandateLegalPersonFullNameAttributeBuilder.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/attributes/MandateLegalPersonFullNameAttributeBuilder.java
@@ -26,9 +26,8 @@ import org.w3c.dom.Element;
import at.gv.e_government.reference.namespace.mandates._20040701_.Mandate;
import at.gv.e_government.reference.namespace.persondata._20020228_.CorporateBodyType;
-import at.gv.egovernment.moa.id.auth.data.AuthenticationSession;
import at.gv.egovernment.moa.id.config.auth.OAAuthParameter;
-import at.gv.egovernment.moa.id.data.AuthenticationData;
+import at.gv.egovernment.moa.id.data.IAuthData;
import at.gv.egovernment.moa.id.protocols.pvp2x.builder.attributes.exceptions.AttributeException;
import at.gv.egovernment.moa.id.protocols.pvp2x.builder.attributes.exceptions.NoMandateDataAttributeException;
import at.gv.egovernment.moa.id.util.MandateBuilder;
@@ -40,10 +39,10 @@ public class MandateLegalPersonFullNameAttributeBuilder implements IPVPAttribute
return MANDATE_LEG_PER_FULL_NAME_NAME;
}
- public <ATT> ATT build(AuthenticationSession authSession, OAAuthParameter oaParam, AuthenticationData authData,
+ public <ATT> ATT build(OAAuthParameter oaParam, IAuthData authData,
IAttributeGenerator<ATT> g) throws AttributeException {
- if (authSession.getUseMandate()) {
- Element mandate = authSession.getMandate();
+ if (authData.isUseMandate()) {
+ Element mandate = authData.getMandate();
if (mandate == null) {
throw new NoMandateDataAttributeException();
}
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/attributes/MandateLegalPersonSourcePinAttributeBuilder.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/attributes/MandateLegalPersonSourcePinAttributeBuilder.java
index ca68704c9..04103f28a 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/attributes/MandateLegalPersonSourcePinAttributeBuilder.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/attributes/MandateLegalPersonSourcePinAttributeBuilder.java
@@ -27,9 +27,8 @@ import org.w3c.dom.Element;
import at.gv.e_government.reference.namespace.mandates._20040701_.Mandate;
import at.gv.e_government.reference.namespace.persondata._20020228_.CorporateBodyType;
import at.gv.e_government.reference.namespace.persondata._20020228_.IdentificationType;
-import at.gv.egovernment.moa.id.auth.data.AuthenticationSession;
import at.gv.egovernment.moa.id.config.auth.OAAuthParameter;
-import at.gv.egovernment.moa.id.data.AuthenticationData;
+import at.gv.egovernment.moa.id.data.IAuthData;
import at.gv.egovernment.moa.id.protocols.pvp2x.builder.attributes.exceptions.AttributeException;
import at.gv.egovernment.moa.id.protocols.pvp2x.builder.attributes.exceptions.NoMandateDataAttributeException;
import at.gv.egovernment.moa.id.util.MandateBuilder;
@@ -41,10 +40,10 @@ public class MandateLegalPersonSourcePinAttributeBuilder implements IPVPAttribu
return MANDATE_LEG_PER_SOURCE_PIN_NAME;
}
- public <ATT> ATT build(AuthenticationSession authSession, OAAuthParameter oaParam, AuthenticationData authData,
+ public <ATT> ATT build(OAAuthParameter oaParam, IAuthData authData,
IAttributeGenerator<ATT> g) throws AttributeException {
- if(authSession.getUseMandate()) {
- Element mandate = authSession.getMandate();
+ if(authData.isUseMandate()) {
+ Element mandate = authData.getMandate();
if(mandate == null) {
throw new NoMandateDataAttributeException();
}
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/attributes/MandateLegalPersonSourcePinTypeAttributeBuilder.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/attributes/MandateLegalPersonSourcePinTypeAttributeBuilder.java
index 5656d1769..02e1d7ce0 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/attributes/MandateLegalPersonSourcePinTypeAttributeBuilder.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/attributes/MandateLegalPersonSourcePinTypeAttributeBuilder.java
@@ -27,9 +27,8 @@ import org.w3c.dom.Element;
import at.gv.e_government.reference.namespace.mandates._20040701_.Mandate;
import at.gv.e_government.reference.namespace.persondata._20020228_.CorporateBodyType;
import at.gv.e_government.reference.namespace.persondata._20020228_.IdentificationType;
-import at.gv.egovernment.moa.id.auth.data.AuthenticationSession;
import at.gv.egovernment.moa.id.config.auth.OAAuthParameter;
-import at.gv.egovernment.moa.id.data.AuthenticationData;
+import at.gv.egovernment.moa.id.data.IAuthData;
import at.gv.egovernment.moa.id.protocols.pvp2x.builder.attributes.exceptions.AttributeException;
import at.gv.egovernment.moa.id.protocols.pvp2x.builder.attributes.exceptions.NoMandateDataAttributeException;
import at.gv.egovernment.moa.id.util.MandateBuilder;
@@ -41,10 +40,10 @@ public class MandateLegalPersonSourcePinTypeAttributeBuilder implements IPVPAttr
return MANDATE_LEG_PER_SOURCE_PIN_TYPE_NAME;
}
- public <ATT> ATT build(AuthenticationSession authSession, OAAuthParameter oaParam, AuthenticationData authData,
+ public <ATT> ATT build(OAAuthParameter oaParam, IAuthData authData,
IAttributeGenerator<ATT> g) throws AttributeException {
- if (authSession.getUseMandate()) {
- Element mandate = authSession.getMandate();
+ if (authData.isUseMandate()) {
+ Element mandate = authData.getMandate();
if (mandate == null) {
throw new NoMandateDataAttributeException();
}
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/attributes/MandateNaturalPersonBPKAttributeBuilder.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/attributes/MandateNaturalPersonBPKAttributeBuilder.java
index 039fc8af8..38456302c 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/attributes/MandateNaturalPersonBPKAttributeBuilder.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/attributes/MandateNaturalPersonBPKAttributeBuilder.java
@@ -28,10 +28,9 @@ import at.gv.e_government.reference.namespace.mandates._20040701_.Mandate;
import at.gv.e_government.reference.namespace.persondata._20020228_.IdentificationType;
import at.gv.e_government.reference.namespace.persondata._20020228_.PhysicalPersonType;
import at.gv.egovernment.moa.id.auth.builder.BPKBuilder;
-import at.gv.egovernment.moa.id.auth.data.AuthenticationSession;
import at.gv.egovernment.moa.id.auth.exception.BuildException;
import at.gv.egovernment.moa.id.config.auth.OAAuthParameter;
-import at.gv.egovernment.moa.id.data.AuthenticationData;
+import at.gv.egovernment.moa.id.data.IAuthData;
import at.gv.egovernment.moa.id.protocols.pvp2x.builder.attributes.exceptions.AttributeException;
import at.gv.egovernment.moa.id.protocols.pvp2x.builder.attributes.exceptions.NoMandateDataAttributeException;
import at.gv.egovernment.moa.id.util.MandateBuilder;
@@ -44,10 +43,10 @@ public class MandateNaturalPersonBPKAttributeBuilder implements IPVPAttributeBui
return MANDATE_NAT_PER_BPK_NAME;
}
- public <ATT> ATT build(AuthenticationSession authSession, OAAuthParameter oaParam, AuthenticationData authData,
+ public <ATT> ATT build(OAAuthParameter oaParam, IAuthData authData,
IAttributeGenerator<ATT> g) throws AttributeException {
- if (authSession.getUseMandate()) {
- Element mandate = authSession.getMandate();
+ if (authData.isUseMandate()) {
+ Element mandate = authData.getMandate();
if (mandate == null) {
throw new NoMandateDataAttributeException();
}
@@ -62,11 +61,6 @@ public class MandateNaturalPersonBPKAttributeBuilder implements IPVPAttributeBui
}
IdentificationType id = null;
id = physicalPerson.getIdentification().get(0);
- // if(authSession.getBusinessService()) {
- // id = MandateBuilder.getWBPKIdentification(physicalPerson);
- // } else {
- // id = MandateBuilder.getBPKIdentification(physicalPerson);
- // }
if (id == null) {
Logger.error("Failed to generate IdentificationType");
throw new NoMandateDataAttributeException();
@@ -76,7 +70,7 @@ public class MandateNaturalPersonBPKAttributeBuilder implements IPVPAttributeBui
try {
if (id.getType().equals(Constants.URN_PREFIX_BASEID)) {
- if (authSession.getBusinessService()) {
+ if (oaParam.getBusinessService()) {
bpk = new BPKBuilder().buildWBPK(id.getValue().getValue(), oaParam.getIdentityLinkDomainIdentifier());
}
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/attributes/MandateNaturalPersonBirthDateAttributeBuilder.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/attributes/MandateNaturalPersonBirthDateAttributeBuilder.java
index f5dc277bd..4fcfd4650 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/attributes/MandateNaturalPersonBirthDateAttributeBuilder.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/attributes/MandateNaturalPersonBirthDateAttributeBuilder.java
@@ -31,9 +31,8 @@ import org.w3c.dom.Element;
import at.gv.e_government.reference.namespace.mandates._20040701_.Mandate;
import at.gv.e_government.reference.namespace.persondata._20020228_.PhysicalPersonType;
-import at.gv.egovernment.moa.id.auth.data.AuthenticationSession;
import at.gv.egovernment.moa.id.config.auth.OAAuthParameter;
-import at.gv.egovernment.moa.id.data.AuthenticationData;
+import at.gv.egovernment.moa.id.data.IAuthData;
import at.gv.egovernment.moa.id.protocols.pvp2x.builder.attributes.exceptions.AttributeException;
import at.gv.egovernment.moa.id.protocols.pvp2x.builder.attributes.exceptions.InvalidDateFormatAttributeException;
import at.gv.egovernment.moa.id.protocols.pvp2x.builder.attributes.exceptions.NoMandateDataAttributeException;
@@ -46,10 +45,10 @@ public class MandateNaturalPersonBirthDateAttributeBuilder implements IPVPAttrib
return MANDATE_NAT_PER_BIRTHDATE_NAME;
}
- public <ATT> ATT build(AuthenticationSession authSession, OAAuthParameter oaParam, AuthenticationData authData,
+ public <ATT> ATT build(OAAuthParameter oaParam, IAuthData authData,
IAttributeGenerator<ATT> g) throws AttributeException {
- if (authSession.getUseMandate()) {
- Element mandate = authSession.getMandate();
+ if (authData.isUseMandate()) {
+ Element mandate = authData.getMandate();
if (mandate == null) {
throw new NoMandateDataAttributeException();
}
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/attributes/MandateNaturalPersonFamilyNameAttributeBuilder.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/attributes/MandateNaturalPersonFamilyNameAttributeBuilder.java
index 2a7bafdbc..3452d7ed0 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/attributes/MandateNaturalPersonFamilyNameAttributeBuilder.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/attributes/MandateNaturalPersonFamilyNameAttributeBuilder.java
@@ -29,9 +29,8 @@ import org.w3c.dom.Element;
import at.gv.e_government.reference.namespace.mandates._20040701_.Mandate;
import at.gv.e_government.reference.namespace.persondata._20020228_.PersonNameType.FamilyName;
import at.gv.e_government.reference.namespace.persondata._20020228_.PhysicalPersonType;
-import at.gv.egovernment.moa.id.auth.data.AuthenticationSession;
import at.gv.egovernment.moa.id.config.auth.OAAuthParameter;
-import at.gv.egovernment.moa.id.data.AuthenticationData;
+import at.gv.egovernment.moa.id.data.IAuthData;
import at.gv.egovernment.moa.id.protocols.pvp2x.builder.attributes.exceptions.AttributeException;
import at.gv.egovernment.moa.id.protocols.pvp2x.builder.attributes.exceptions.NoMandateDataAttributeException;
import at.gv.egovernment.moa.id.util.MandateBuilder;
@@ -43,10 +42,10 @@ public class MandateNaturalPersonFamilyNameAttributeBuilder implements IPVPAttr
return MANDATE_NAT_PER_FAMILY_NAME_NAME;
}
- public <ATT> ATT build(AuthenticationSession authSession, OAAuthParameter oaParam, AuthenticationData authData,
+ public <ATT> ATT build(OAAuthParameter oaParam, IAuthData authData,
IAttributeGenerator<ATT> g) throws AttributeException {
- if(authSession.getUseMandate()) {
- Element mandate = authSession.getMandate();
+ if(authData.isUseMandate()) {
+ Element mandate = authData.getMandate();
if(mandate == null) {
throw new NoMandateDataAttributeException();
}
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/attributes/MandateNaturalPersonGivenNameAttributeBuilder.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/attributes/MandateNaturalPersonGivenNameAttributeBuilder.java
index 4707c385a..59d5c65fe 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/attributes/MandateNaturalPersonGivenNameAttributeBuilder.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/attributes/MandateNaturalPersonGivenNameAttributeBuilder.java
@@ -28,9 +28,8 @@ import org.w3c.dom.Element;
import at.gv.e_government.reference.namespace.mandates._20040701_.Mandate;
import at.gv.e_government.reference.namespace.persondata._20020228_.PhysicalPersonType;
-import at.gv.egovernment.moa.id.auth.data.AuthenticationSession;
import at.gv.egovernment.moa.id.config.auth.OAAuthParameter;
-import at.gv.egovernment.moa.id.data.AuthenticationData;
+import at.gv.egovernment.moa.id.data.IAuthData;
import at.gv.egovernment.moa.id.protocols.pvp2x.builder.attributes.exceptions.AttributeException;
import at.gv.egovernment.moa.id.protocols.pvp2x.builder.attributes.exceptions.NoMandateDataAttributeException;
import at.gv.egovernment.moa.id.util.MandateBuilder;
@@ -42,10 +41,10 @@ public class MandateNaturalPersonGivenNameAttributeBuilder implements IPVPAttrib
return MANDATE_NAT_PER_GIVEN_NAME_NAME;
}
- public <ATT> ATT build(AuthenticationSession authSession, OAAuthParameter oaParam, AuthenticationData authData,
+ public <ATT> ATT build(OAAuthParameter oaParam, IAuthData authData,
IAttributeGenerator<ATT> g) throws AttributeException {
- if (authSession.getUseMandate()) {
- Element mandate = authSession.getMandate();
+ if (authData.isUseMandate()) {
+ Element mandate = authData.getMandate();
if (mandate == null) {
throw new NoMandateDataAttributeException();
}
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/attributes/MandateNaturalPersonSourcePinAttributeBuilder.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/attributes/MandateNaturalPersonSourcePinAttributeBuilder.java
index 7fbbce9bc..444312759 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/attributes/MandateNaturalPersonSourcePinAttributeBuilder.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/attributes/MandateNaturalPersonSourcePinAttributeBuilder.java
@@ -30,7 +30,9 @@ import at.gv.e_government.reference.namespace.persondata._20020228_.PhysicalPers
import at.gv.egovernment.moa.id.auth.data.AuthenticationSession;
import at.gv.egovernment.moa.id.config.auth.OAAuthParameter;
import at.gv.egovernment.moa.id.data.AuthenticationData;
+import at.gv.egovernment.moa.id.data.IAuthData;
import at.gv.egovernment.moa.id.protocols.pvp2x.builder.attributes.exceptions.AttributeException;
+import at.gv.egovernment.moa.id.protocols.pvp2x.builder.attributes.exceptions.AttributePolicyException;
import at.gv.egovernment.moa.id.protocols.pvp2x.builder.attributes.exceptions.NoMandateDataAttributeException;
import at.gv.egovernment.moa.id.util.MandateBuilder;
import at.gv.egovernment.moa.logging.Logger;
@@ -41,10 +43,10 @@ public class MandateNaturalPersonSourcePinAttributeBuilder implements IPVPAttri
return MANDATE_NAT_PER_SOURCE_PIN_NAME;
}
- public <ATT> ATT build(AuthenticationSession authSession, OAAuthParameter oaParam, AuthenticationData authData,
+ public <ATT> ATT build(OAAuthParameter oaParam, IAuthData authData,
IAttributeGenerator<ATT> g) throws AttributeException {
- if(authSession.getUseMandate()) {
- Element mandate = authSession.getMandate();
+ if(authData.isUseMandate()) {
+ Element mandate = authData.getMandate();
if(mandate == null) {
throw new NoMandateDataAttributeException();
}
@@ -61,12 +63,10 @@ public class MandateNaturalPersonSourcePinAttributeBuilder implements IPVPAttri
IdentificationType id = null;
id = physicalPerson.getIdentification().get(0);
- if(authSession.getBusinessService()) {
- id = MandateBuilder.getWBPKIdentification(physicalPerson);
-
-// } else {
-// id = MandateBuilder.getBPKIdentification(physicalPerson);
+ if(oaParam.getBusinessService()) {
+ throw new AttributePolicyException(this.getName());
}
+
if(id == null) {
Logger.error("Failed to generate IdentificationType");
throw new NoMandateDataAttributeException();
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/attributes/MandateNaturalPersonSourcePinTypeAttributeBuilder.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/attributes/MandateNaturalPersonSourcePinTypeAttributeBuilder.java
index 538cee048..6adc9b532 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/attributes/MandateNaturalPersonSourcePinTypeAttributeBuilder.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/attributes/MandateNaturalPersonSourcePinTypeAttributeBuilder.java
@@ -27,9 +27,8 @@ import org.w3c.dom.Element;
import at.gv.e_government.reference.namespace.mandates._20040701_.Mandate;
import at.gv.e_government.reference.namespace.persondata._20020228_.IdentificationType;
import at.gv.e_government.reference.namespace.persondata._20020228_.PhysicalPersonType;
-import at.gv.egovernment.moa.id.auth.data.AuthenticationSession;
import at.gv.egovernment.moa.id.config.auth.OAAuthParameter;
-import at.gv.egovernment.moa.id.data.AuthenticationData;
+import at.gv.egovernment.moa.id.data.IAuthData;
import at.gv.egovernment.moa.id.protocols.pvp2x.builder.attributes.exceptions.AttributeException;
import at.gv.egovernment.moa.id.protocols.pvp2x.builder.attributes.exceptions.NoMandateDataAttributeException;
import at.gv.egovernment.moa.id.util.MandateBuilder;
@@ -41,10 +40,10 @@ public class MandateNaturalPersonSourcePinTypeAttributeBuilder implements IPVPAt
return MANDATE_NAT_PER_SOURCE_PIN_TYPE_NAME;
}
- public <ATT> ATT build(AuthenticationSession authSession, OAAuthParameter oaParam, AuthenticationData authData,
+ public <ATT> ATT build(OAAuthParameter oaParam, IAuthData authData,
IAttributeGenerator<ATT> g) throws AttributeException {
- if(authSession.getUseMandate()) {
- Element mandate = authSession.getMandate();
+ if(authData.isUseMandate()) {
+ Element mandate = authData.getMandate();
if(mandate == null) {
throw new NoMandateDataAttributeException();
}
@@ -60,11 +59,6 @@ public class MandateNaturalPersonSourcePinTypeAttributeBuilder implements IPVPAt
}
IdentificationType id = null;
id = physicalPerson.getIdentification().get(0);
- /*if(authSession.getBusinessService()) {
- id = MandateBuilder.getWBPKIdentification(physicalPerson);
- } else {
- id = MandateBuilder.getBPKIdentification(physicalPerson);
- }*/
if(id == null) {
Logger.error("Failed to generate IdentificationType");
throw new NoMandateDataAttributeException();
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/attributes/MandateProfRepDescAttributeBuilder.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/attributes/MandateProfRepDescAttributeBuilder.java
index 814211b24..4c981cb24 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/attributes/MandateProfRepDescAttributeBuilder.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/attributes/MandateProfRepDescAttributeBuilder.java
@@ -22,14 +22,12 @@
*******************************************************************************/
package at.gv.egovernment.moa.id.protocols.pvp2x.builder.attributes;
-import org.w3c.dom.Element;
-
-import at.gv.egovernment.moa.id.auth.data.AuthenticationSession;
import at.gv.egovernment.moa.id.config.auth.OAAuthParameter;
-import at.gv.egovernment.moa.id.data.AuthenticationData;
+import at.gv.egovernment.moa.id.data.IAuthData;
import at.gv.egovernment.moa.id.protocols.pvp2x.builder.attributes.exceptions.AttributeException;
import at.gv.egovernment.moa.id.protocols.pvp2x.builder.attributes.exceptions.NoMandateDataAttributeException;
-import at.gv.egovernment.moa.id.protocols.pvp2x.utils.AttributeExtractor;
+import at.gv.egovernment.moa.id.util.client.mis.simple.MISMandate;
+import at.gv.egovernment.moa.util.MiscUtil;
public class MandateProfRepDescAttributeBuilder implements IPVPAttributeBuilder {
@@ -37,24 +35,24 @@ public class MandateProfRepDescAttributeBuilder implements IPVPAttributeBuilder
return MANDATE_PROF_REP_DESC_NAME;
}
- public <ATT> ATT build(AuthenticationSession authSession, OAAuthParameter oaParam, AuthenticationData authData,
+ public <ATT> ATT build(OAAuthParameter oaParam, IAuthData authData,
IAttributeGenerator<ATT> g) throws AttributeException {
- if(authSession.getUseMandate()) {
- Element mandate = authSession.getMandate();
+ if(authData.isUseMandate()) {
+ MISMandate mandate = authData.getMISMandate();
+
+
if(mandate == null) {
throw new NoMandateDataAttributeException();
}
- String text = AttributeExtractor.extractSAMLAttributeOA(
- EXT_SAML_MANDATE_OIDTEXTUALDESCRIPTION,
- authSession);
+ String text = mandate.getTextualDescriptionOfOID();
- if(text == null) {
+ if(MiscUtil.isEmpty(text)) {
return null;
- }
-
- return g.buildStringAttribute(MANDATE_PROF_REP_DESC_FRIENDLY_NAME,
- MANDATE_PROF_REP_DESC_NAME, text);
+
+ } else
+ return g.buildStringAttribute(MANDATE_PROF_REP_DESC_FRIENDLY_NAME,
+ MANDATE_PROF_REP_DESC_NAME, text);
}
return null;
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/attributes/MandateProfRepOIDAttributeBuilder.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/attributes/MandateProfRepOIDAttributeBuilder.java
index b040072a6..1a3311c8a 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/attributes/MandateProfRepOIDAttributeBuilder.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/attributes/MandateProfRepOIDAttributeBuilder.java
@@ -22,14 +22,12 @@
*******************************************************************************/
package at.gv.egovernment.moa.id.protocols.pvp2x.builder.attributes;
-import org.w3c.dom.Element;
-
-import at.gv.egovernment.moa.id.auth.data.AuthenticationSession;
import at.gv.egovernment.moa.id.config.auth.OAAuthParameter;
-import at.gv.egovernment.moa.id.data.AuthenticationData;
+import at.gv.egovernment.moa.id.data.IAuthData;
import at.gv.egovernment.moa.id.protocols.pvp2x.builder.attributes.exceptions.AttributeException;
import at.gv.egovernment.moa.id.protocols.pvp2x.builder.attributes.exceptions.NoMandateDataAttributeException;
-import at.gv.egovernment.moa.id.protocols.pvp2x.utils.AttributeExtractor;
+import at.gv.egovernment.moa.id.util.client.mis.simple.MISMandate;
+import at.gv.egovernment.moa.util.MiscUtil;
public class MandateProfRepOIDAttributeBuilder implements IPVPAttributeBuilder {
@@ -37,21 +35,21 @@ public class MandateProfRepOIDAttributeBuilder implements IPVPAttributeBuilder {
return MANDATE_PROF_REP_OID_NAME;
}
- public <ATT> ATT build(AuthenticationSession authSession, OAAuthParameter oaParam, AuthenticationData authData,
+ public <ATT> ATT build(OAAuthParameter oaParam, IAuthData authData,
IAttributeGenerator<ATT> g) throws AttributeException {
- if (authSession.getUseMandate()) {
- Element mandate = authSession.getMandate();
+ if (authData.isUseMandate()) {
+
+ MISMandate mandate = authData.getMISMandate();
if (mandate == null) {
throw new NoMandateDataAttributeException();
}
- String oid = AttributeExtractor.extractSAMLAttributeOA(EXT_SAML_MANDATE_OID, authSession);
-
- if (oid == null) {
- return null;
- }
-
- return g.buildStringAttribute(MANDATE_PROF_REP_OID_FRIENDLY_NAME, MANDATE_PROF_REP_OID_NAME, oid);
+ String oid = mandate.getProfRep();
+
+ if(MiscUtil.isEmpty(oid))
+ return null;
+ else
+ return g.buildStringAttribute(MANDATE_PROF_REP_OID_FRIENDLY_NAME, MANDATE_PROF_REP_OID_NAME, oid);
}
return null;
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/attributes/MandateReferenceValueAttributeBuilder.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/attributes/MandateReferenceValueAttributeBuilder.java
index 7e7b57e4f..7b41e9bb6 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/attributes/MandateReferenceValueAttributeBuilder.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/attributes/MandateReferenceValueAttributeBuilder.java
@@ -22,9 +22,8 @@
*******************************************************************************/
package at.gv.egovernment.moa.id.protocols.pvp2x.builder.attributes;
-import at.gv.egovernment.moa.id.auth.data.AuthenticationSession;
import at.gv.egovernment.moa.id.config.auth.OAAuthParameter;
-import at.gv.egovernment.moa.id.data.AuthenticationData;
+import at.gv.egovernment.moa.id.data.IAuthData;
import at.gv.egovernment.moa.id.protocols.pvp2x.builder.attributes.exceptions.AttributeException;
public class MandateReferenceValueAttributeBuilder implements IPVPAttributeBuilder {
@@ -33,12 +32,12 @@ public class MandateReferenceValueAttributeBuilder implements IPVPAttributeBuild
return MANDATE_REFERENCE_VALUE_NAME;
}
- public <ATT> ATT build(AuthenticationSession authSession, OAAuthParameter oaParam, AuthenticationData authData,
+ public <ATT> ATT build(OAAuthParameter oaParam, IAuthData authData,
IAttributeGenerator<ATT> g) throws AttributeException {
- if (authSession.getUseMandate()) {
+ if (authData.isUseMandate()) {
return g.buildStringAttribute(MANDATE_REFERENCE_VALUE_FRIENDLY_NAME, MANDATE_REFERENCE_VALUE_NAME,
- authSession.getMandateReferenceValue());
+ authData.getMandateReferenceValue());
}
return null;
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/attributes/MandateTypeAttributeBuilder.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/attributes/MandateTypeAttributeBuilder.java
index 4842141fc..63165f52a 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/attributes/MandateTypeAttributeBuilder.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/attributes/MandateTypeAttributeBuilder.java
@@ -25,9 +25,8 @@ package at.gv.egovernment.moa.id.protocols.pvp2x.builder.attributes;
import org.w3c.dom.Element;
import at.gv.e_government.reference.namespace.mandates._20040701_.Mandate;
-import at.gv.egovernment.moa.id.auth.data.AuthenticationSession;
import at.gv.egovernment.moa.id.config.auth.OAAuthParameter;
-import at.gv.egovernment.moa.id.data.AuthenticationData;
+import at.gv.egovernment.moa.id.data.IAuthData;
import at.gv.egovernment.moa.id.protocols.pvp2x.builder.attributes.exceptions.AttributeException;
import at.gv.egovernment.moa.id.protocols.pvp2x.builder.attributes.exceptions.NoMandateDataAttributeException;
import at.gv.egovernment.moa.id.util.MandateBuilder;
@@ -38,10 +37,10 @@ public class MandateTypeAttributeBuilder implements IPVPAttributeBuilder {
return MANDATE_TYPE_NAME;
}
- public <ATT> ATT build(AuthenticationSession authSession, OAAuthParameter oaParam, AuthenticationData authData,
+ public <ATT> ATT build(OAAuthParameter oaParam, IAuthData authData,
IAttributeGenerator<ATT> g) throws AttributeException {
- if (authSession.getUseMandate()) {
- Element mandate = authSession.getMandate();
+ if (authData.isUseMandate()) {
+ Element mandate = authData.getMandate();
if (mandate == null) {
throw new NoMandateDataAttributeException();
}
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/attributes/PVPVersionAttributeBuilder.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/attributes/PVPVersionAttributeBuilder.java
index e8c410555..674efa0d1 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/attributes/PVPVersionAttributeBuilder.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/attributes/PVPVersionAttributeBuilder.java
@@ -22,9 +22,8 @@
*******************************************************************************/
package at.gv.egovernment.moa.id.protocols.pvp2x.builder.attributes;
-import at.gv.egovernment.moa.id.auth.data.AuthenticationSession;
import at.gv.egovernment.moa.id.config.auth.OAAuthParameter;
-import at.gv.egovernment.moa.id.data.AuthenticationData;
+import at.gv.egovernment.moa.id.data.IAuthData;
import at.gv.egovernment.moa.id.protocols.pvp2x.builder.attributes.exceptions.AttributeException;
public class PVPVersionAttributeBuilder implements IPVPAttributeBuilder {
@@ -33,7 +32,7 @@ public class PVPVersionAttributeBuilder implements IPVPAttributeBuilder {
return PVP_VERSION_NAME;
}
- public <ATT> ATT build(AuthenticationSession authSession, OAAuthParameter oaParam, AuthenticationData authData,
+ public <ATT> ATT build(OAAuthParameter oaParam, IAuthData authData,
IAttributeGenerator<ATT> g) throws AttributeException {
return g.buildStringAttribute(PVP_VERSION_FRIENDLY_NAME, PVP_VERSION_NAME, PVP_VERSION_2_1);
}
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/attributes/PrincipalNameAttributeBuilder.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/attributes/PrincipalNameAttributeBuilder.java
index c687b2bff..11fdeb232 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/attributes/PrincipalNameAttributeBuilder.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/attributes/PrincipalNameAttributeBuilder.java
@@ -22,9 +22,8 @@
*******************************************************************************/
package at.gv.egovernment.moa.id.protocols.pvp2x.builder.attributes;
-import at.gv.egovernment.moa.id.auth.data.AuthenticationSession;
import at.gv.egovernment.moa.id.config.auth.OAAuthParameter;
-import at.gv.egovernment.moa.id.data.AuthenticationData;
+import at.gv.egovernment.moa.id.data.IAuthData;
import at.gv.egovernment.moa.id.protocols.pvp2x.builder.attributes.exceptions.AttributeException;
public class PrincipalNameAttributeBuilder implements IPVPAttributeBuilder {
@@ -33,9 +32,9 @@ public class PrincipalNameAttributeBuilder implements IPVPAttributeBuilder {
return PRINCIPAL_NAME_NAME;
}
- public <ATT> ATT build(AuthenticationSession authSession, OAAuthParameter oaParam, AuthenticationData authData,
+ public <ATT> ATT build(OAAuthParameter oaParam, IAuthData authData,
IAttributeGenerator<ATT> g) throws AttributeException {
- return g.buildStringAttribute(PRINCIPAL_NAME_FRIENDLY_NAME, PRINCIPAL_NAME_NAME, authSession.getIdentityLink().getFamilyName());
+ return g.buildStringAttribute(PRINCIPAL_NAME_FRIENDLY_NAME, PRINCIPAL_NAME_NAME, authData.getFamilyName());
}
public <ATT> ATT buildEmpty(IAttributeGenerator<ATT> g) {
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/attributes/STORKAdoptedFamilyNameAttributBuilder.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/attributes/STORKAdoptedFamilyNameAttributBuilder.java
index b81b30e5b..aff0fc0ef 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/attributes/STORKAdoptedFamilyNameAttributBuilder.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/attributes/STORKAdoptedFamilyNameAttributBuilder.java
@@ -22,10 +22,9 @@
*******************************************************************************/
package at.gv.egovernment.moa.id.protocols.pvp2x.builder.attributes;
-import at.gv.egovernment.moa.id.auth.data.AuthenticationSession;
import at.gv.egovernment.moa.id.auth.stork.STORKConstants;
import at.gv.egovernment.moa.id.config.auth.OAAuthParameter;
-import at.gv.egovernment.moa.id.data.AuthenticationData;
+import at.gv.egovernment.moa.id.data.IAuthData;
import at.gv.egovernment.moa.id.protocols.pvp2x.builder.attributes.exceptions.AttributeException;
public class STORKAdoptedFamilyNameAttributBuilder implements IPVPAttributeBuilder {
@@ -34,11 +33,11 @@ public class STORKAdoptedFamilyNameAttributBuilder implements IPVPAttributeBuild
return STORKConstants.ADOPTEDFAMILYNAME_NAME;
}
- public <ATT> ATT build(AuthenticationSession authSession, OAAuthParameter oaParam, AuthenticationData authData,
+ public <ATT> ATT build(OAAuthParameter oaParam, IAuthData authData,
IAttributeGenerator<ATT> g) throws AttributeException {
return g.buildStringAttribute(STORKConstants.ADOPTEDFAMILYNAME_FRIENDLYNAME, STORKConstants.ADOPTEDFAMILYNAME_NAME,
- STORKAttributHelper.getAttribut(STORKConstants.ADOPTEDFAMILYNAME_NAME, authSession));
+ STORKAttributHelper.getAttribut(STORKConstants.ADOPTEDFAMILYNAME_NAME, authData));
}
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/attributes/STORKAgeAttributBuilder.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/attributes/STORKAgeAttributBuilder.java
index 98fe853ff..fb7c60a95 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/attributes/STORKAgeAttributBuilder.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/attributes/STORKAgeAttributBuilder.java
@@ -22,10 +22,9 @@
*******************************************************************************/
package at.gv.egovernment.moa.id.protocols.pvp2x.builder.attributes;
-import at.gv.egovernment.moa.id.auth.data.AuthenticationSession;
import at.gv.egovernment.moa.id.auth.stork.STORKConstants;
import at.gv.egovernment.moa.id.config.auth.OAAuthParameter;
-import at.gv.egovernment.moa.id.data.AuthenticationData;
+import at.gv.egovernment.moa.id.data.IAuthData;
import at.gv.egovernment.moa.id.protocols.pvp2x.builder.attributes.exceptions.AttributeException;
public class STORKAgeAttributBuilder implements IPVPAttributeBuilder {
@@ -34,11 +33,11 @@ public class STORKAgeAttributBuilder implements IPVPAttributeBuilder {
return STORKConstants.AGE_NAME;
}
- public <ATT> ATT build(AuthenticationSession authSession, OAAuthParameter oaParam, AuthenticationData authData,
+ public <ATT> ATT build(OAAuthParameter oaParam, IAuthData authData,
IAttributeGenerator<ATT> g) throws AttributeException {
return g.buildStringAttribute(STORKConstants.AGE_FRIENDLYNAME, STORKConstants.AGE_NAME,
- STORKAttributHelper.getAttribut(STORKConstants.AGE_NAME, authSession));
+ STORKAttributHelper.getAttribut(STORKConstants.AGE_NAME, authData));
}
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/attributes/STORKAttributHelper.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/attributes/STORKAttributHelper.java
index 6d2b031a5..387e49d25 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/attributes/STORKAttributHelper.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/attributes/STORKAttributHelper.java
@@ -26,6 +26,7 @@ import eu.stork.peps.auth.commons.IPersonalAttributeList;
import eu.stork.peps.auth.commons.PersonalAttribute;
import at.gv.egovernment.moa.id.auth.data.AuthenticationSession;
import at.gv.egovernment.moa.id.auth.stork.STORKConstants;
+import at.gv.egovernment.moa.id.data.IAuthData;
import at.gv.egovernment.moa.id.protocols.pvp2x.builder.attributes.exceptions.UnavailableAttributeException;
import at.gv.egovernment.moa.logging.Logger;
@@ -36,7 +37,7 @@ import at.gv.egovernment.moa.logging.Logger;
public class STORKAttributHelper {
public static String getAttribut(String attributName,
- AuthenticationSession authSession) throws UnavailableAttributeException {
+ IAuthData authSession) throws UnavailableAttributeException {
if (!authSession.isForeigner()) {
throw new UnavailableAttributeException(attributName);
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/attributes/STORKCanonicalResidenceAddressAttributBuilder.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/attributes/STORKCanonicalResidenceAddressAttributBuilder.java
index c3d6f070d..ddfa63b51 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/attributes/STORKCanonicalResidenceAddressAttributBuilder.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/attributes/STORKCanonicalResidenceAddressAttributBuilder.java
@@ -22,10 +22,9 @@
*******************************************************************************/
package at.gv.egovernment.moa.id.protocols.pvp2x.builder.attributes;
-import at.gv.egovernment.moa.id.auth.data.AuthenticationSession;
import at.gv.egovernment.moa.id.auth.stork.STORKConstants;
import at.gv.egovernment.moa.id.config.auth.OAAuthParameter;
-import at.gv.egovernment.moa.id.data.AuthenticationData;
+import at.gv.egovernment.moa.id.data.IAuthData;
import at.gv.egovernment.moa.id.protocols.pvp2x.builder.attributes.exceptions.AttributeException;
public class STORKCanonicalResidenceAddressAttributBuilder implements IPVPAttributeBuilder {
@@ -34,11 +33,11 @@ public class STORKCanonicalResidenceAddressAttributBuilder implements IPVPAttrib
return STORKConstants.CANONICALRESIDENCEADDRESS_NAME;
}
- public <ATT> ATT build(AuthenticationSession authSession, OAAuthParameter oaParam, AuthenticationData authData,
+ public <ATT> ATT build(OAAuthParameter oaParam, IAuthData authData,
IAttributeGenerator<ATT> g) throws AttributeException {
return g.buildStringAttribute(STORKConstants.CANONICALRESIDENCEADDRESS_FRIENDLYNAME, STORKConstants.CANONICALRESIDENCEADDRESS_NAME,
- STORKAttributHelper.getAttribut(STORKConstants.CANONICALRESIDENCEADDRESS_NAME, authSession));
+ STORKAttributHelper.getAttribut(STORKConstants.CANONICALRESIDENCEADDRESS_NAME, authData));
}
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/attributes/STORKCountryCodeOfBirthAttributBuilder.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/attributes/STORKCountryCodeOfBirthAttributBuilder.java
index c873a86ea..08cd65a6d 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/attributes/STORKCountryCodeOfBirthAttributBuilder.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/attributes/STORKCountryCodeOfBirthAttributBuilder.java
@@ -22,10 +22,9 @@
*******************************************************************************/
package at.gv.egovernment.moa.id.protocols.pvp2x.builder.attributes;
-import at.gv.egovernment.moa.id.auth.data.AuthenticationSession;
import at.gv.egovernment.moa.id.auth.stork.STORKConstants;
import at.gv.egovernment.moa.id.config.auth.OAAuthParameter;
-import at.gv.egovernment.moa.id.data.AuthenticationData;
+import at.gv.egovernment.moa.id.data.IAuthData;
import at.gv.egovernment.moa.id.protocols.pvp2x.builder.attributes.exceptions.AttributeException;
public class STORKCountryCodeOfBirthAttributBuilder implements IPVPAttributeBuilder {
@@ -34,11 +33,11 @@ public class STORKCountryCodeOfBirthAttributBuilder implements IPVPAttributeBuil
return STORKConstants.CONTRYCODEOFBIRTH_NAME;
}
- public <ATT> ATT build(AuthenticationSession authSession, OAAuthParameter oaParam, AuthenticationData authData,
+ public <ATT> ATT build(OAAuthParameter oaParam, IAuthData authData,
IAttributeGenerator<ATT> g) throws AttributeException {
return g.buildStringAttribute(STORKConstants.CONTRYCODEOFBIRTH_FRIENDLYNAME, STORKConstants.CONTRYCODEOFBIRTH_NAME,
- STORKAttributHelper.getAttribut(STORKConstants.CONTRYCODEOFBIRTH_NAME, authSession));
+ STORKAttributHelper.getAttribut(STORKConstants.CONTRYCODEOFBIRTH_NAME, authData));
}
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/attributes/STORKFiscalNumberAttributBuilder.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/attributes/STORKFiscalNumberAttributBuilder.java
index 394bffa31..f3a77708b 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/attributes/STORKFiscalNumberAttributBuilder.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/attributes/STORKFiscalNumberAttributBuilder.java
@@ -22,10 +22,9 @@
*******************************************************************************/
package at.gv.egovernment.moa.id.protocols.pvp2x.builder.attributes;
-import at.gv.egovernment.moa.id.auth.data.AuthenticationSession;
import at.gv.egovernment.moa.id.auth.stork.STORKConstants;
import at.gv.egovernment.moa.id.config.auth.OAAuthParameter;
-import at.gv.egovernment.moa.id.data.AuthenticationData;
+import at.gv.egovernment.moa.id.data.IAuthData;
import at.gv.egovernment.moa.id.protocols.pvp2x.builder.attributes.exceptions.AttributeException;
public class STORKFiscalNumberAttributBuilder implements IPVPAttributeBuilder {
@@ -34,11 +33,11 @@ public class STORKFiscalNumberAttributBuilder implements IPVPAttributeBuilder {
return STORKConstants.FISCALNUMBER_NAME;
}
- public <ATT> ATT build(AuthenticationSession authSession, OAAuthParameter oaParam, AuthenticationData authData,
+ public <ATT> ATT build(OAAuthParameter oaParam, IAuthData authData,
IAttributeGenerator<ATT> g) throws AttributeException {
return g.buildStringAttribute(STORKConstants.FISCALNUMBER_FRIENDLYNAME, STORKConstants.FISCALNUMBER_NAME,
- STORKAttributHelper.getAttribut(STORKConstants.FISCALNUMBER_NAME, authSession));
+ STORKAttributHelper.getAttribut(STORKConstants.FISCALNUMBER_NAME, authData));
}
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/attributes/STORKGenderAttributBuilder.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/attributes/STORKGenderAttributBuilder.java
index 9209e73c4..6f62dbf89 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/attributes/STORKGenderAttributBuilder.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/attributes/STORKGenderAttributBuilder.java
@@ -22,10 +22,9 @@
*******************************************************************************/
package at.gv.egovernment.moa.id.protocols.pvp2x.builder.attributes;
-import at.gv.egovernment.moa.id.auth.data.AuthenticationSession;
import at.gv.egovernment.moa.id.auth.stork.STORKConstants;
import at.gv.egovernment.moa.id.config.auth.OAAuthParameter;
-import at.gv.egovernment.moa.id.data.AuthenticationData;
+import at.gv.egovernment.moa.id.data.IAuthData;
import at.gv.egovernment.moa.id.protocols.pvp2x.builder.attributes.exceptions.AttributeException;
public class STORKGenderAttributBuilder implements IPVPAttributeBuilder {
@@ -34,11 +33,11 @@ public class STORKGenderAttributBuilder implements IPVPAttributeBuilder {
return STORKConstants.GENDER_NAME;
}
- public <ATT> ATT build(AuthenticationSession authSession, OAAuthParameter oaParam, AuthenticationData authData,
+ public <ATT> ATT build(OAAuthParameter oaParam, IAuthData authData,
IAttributeGenerator<ATT> g) throws AttributeException {
return g.buildStringAttribute(STORKConstants.GENDER_FRIENDLYNAME, STORKConstants.GENDER_NAME,
- STORKAttributHelper.getAttribut(STORKConstants.GENDER_NAME, authSession));
+ STORKAttributHelper.getAttribut(STORKConstants.GENDER_NAME, authData));
}
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/attributes/STORKInhertedFamilyNameAttributBuilder.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/attributes/STORKInhertedFamilyNameAttributBuilder.java
index 59f345bd3..65bf9ff6e 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/attributes/STORKInhertedFamilyNameAttributBuilder.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/attributes/STORKInhertedFamilyNameAttributBuilder.java
@@ -22,10 +22,9 @@
*******************************************************************************/
package at.gv.egovernment.moa.id.protocols.pvp2x.builder.attributes;
-import at.gv.egovernment.moa.id.auth.data.AuthenticationSession;
import at.gv.egovernment.moa.id.auth.stork.STORKConstants;
import at.gv.egovernment.moa.id.config.auth.OAAuthParameter;
-import at.gv.egovernment.moa.id.data.AuthenticationData;
+import at.gv.egovernment.moa.id.data.IAuthData;
import at.gv.egovernment.moa.id.protocols.pvp2x.builder.attributes.exceptions.AttributeException;
public class STORKInhertedFamilyNameAttributBuilder implements IPVPAttributeBuilder {
@@ -34,11 +33,11 @@ public class STORKInhertedFamilyNameAttributBuilder implements IPVPAttributeBuil
return STORKConstants.INHERITEDFAMILYNAME_NAME;
}
- public <ATT> ATT build(AuthenticationSession authSession, OAAuthParameter oaParam, AuthenticationData authData,
+ public <ATT> ATT build(OAAuthParameter oaParam, IAuthData authData,
IAttributeGenerator<ATT> g) throws AttributeException {
return g.buildStringAttribute(STORKConstants.INHERITEDFAMILYNAME_FRIENDLYNAME, STORKConstants.INHERITEDFAMILYNAME_NAME,
- STORKAttributHelper.getAttribut(STORKConstants.INHERITEDFAMILYNAME_NAME, authSession));
+ STORKAttributHelper.getAttribut(STORKConstants.INHERITEDFAMILYNAME_NAME, authData));
}
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/attributes/STORKIsAgeOverAttributBuilder.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/attributes/STORKIsAgeOverAttributBuilder.java
index d99833f13..a7a77d7b4 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/attributes/STORKIsAgeOverAttributBuilder.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/attributes/STORKIsAgeOverAttributBuilder.java
@@ -22,10 +22,9 @@
*******************************************************************************/
package at.gv.egovernment.moa.id.protocols.pvp2x.builder.attributes;
-import at.gv.egovernment.moa.id.auth.data.AuthenticationSession;
import at.gv.egovernment.moa.id.auth.stork.STORKConstants;
import at.gv.egovernment.moa.id.config.auth.OAAuthParameter;
-import at.gv.egovernment.moa.id.data.AuthenticationData;
+import at.gv.egovernment.moa.id.data.IAuthData;
import at.gv.egovernment.moa.id.protocols.pvp2x.builder.attributes.exceptions.AttributeException;
public class STORKIsAgeOverAttributBuilder implements IPVPAttributeBuilder {
@@ -34,11 +33,11 @@ public class STORKIsAgeOverAttributBuilder implements IPVPAttributeBuilder {
return STORKConstants.ISAGEOVER_NAME;
}
- public <ATT> ATT build(AuthenticationSession authSession, OAAuthParameter oaParam, AuthenticationData authData,
+ public <ATT> ATT build(OAAuthParameter oaParam, IAuthData authData,
IAttributeGenerator<ATT> g) throws AttributeException {
return g.buildStringAttribute(STORKConstants.ISAGEOVER_FRIENDLYNAME, STORKConstants.ISAGEOVER_NAME,
- STORKAttributHelper.getAttribut(STORKConstants.ISAGEOVER_NAME, authSession));
+ STORKAttributHelper.getAttribut(STORKConstants.ISAGEOVER_NAME, authData));
}
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/attributes/STORKMaritalStatusAttributBuilder.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/attributes/STORKMaritalStatusAttributBuilder.java
index 1e627e723..c6ce4e32a 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/attributes/STORKMaritalStatusAttributBuilder.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/attributes/STORKMaritalStatusAttributBuilder.java
@@ -22,10 +22,9 @@
*******************************************************************************/
package at.gv.egovernment.moa.id.protocols.pvp2x.builder.attributes;
-import at.gv.egovernment.moa.id.auth.data.AuthenticationSession;
import at.gv.egovernment.moa.id.auth.stork.STORKConstants;
import at.gv.egovernment.moa.id.config.auth.OAAuthParameter;
-import at.gv.egovernment.moa.id.data.AuthenticationData;
+import at.gv.egovernment.moa.id.data.IAuthData;
import at.gv.egovernment.moa.id.protocols.pvp2x.builder.attributes.exceptions.AttributeException;
public class STORKMaritalStatusAttributBuilder implements IPVPAttributeBuilder {
@@ -34,11 +33,11 @@ public class STORKMaritalStatusAttributBuilder implements IPVPAttributeBuilder
return STORKConstants.MARITALSTATUS_NAME;
}
- public <ATT> ATT build(AuthenticationSession authSession, OAAuthParameter oaParam, AuthenticationData authData,
+ public <ATT> ATT build(OAAuthParameter oaParam, IAuthData authData,
IAttributeGenerator<ATT> g) throws AttributeException {
return g.buildStringAttribute(STORKConstants.MARITALSTATUS_FRIENDLYNAME, STORKConstants.MARITALSTATUS_NAME,
- STORKAttributHelper.getAttribut(STORKConstants.MARITALSTATUS_NAME, authSession));
+ STORKAttributHelper.getAttribut(STORKConstants.MARITALSTATUS_NAME, authData));
}
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/attributes/STORKNationalityCodeAttributBuilder.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/attributes/STORKNationalityCodeAttributBuilder.java
index d46219996..8db5ceeb8 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/attributes/STORKNationalityCodeAttributBuilder.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/attributes/STORKNationalityCodeAttributBuilder.java
@@ -22,10 +22,9 @@
*******************************************************************************/
package at.gv.egovernment.moa.id.protocols.pvp2x.builder.attributes;
-import at.gv.egovernment.moa.id.auth.data.AuthenticationSession;
import at.gv.egovernment.moa.id.auth.stork.STORKConstants;
import at.gv.egovernment.moa.id.config.auth.OAAuthParameter;
-import at.gv.egovernment.moa.id.data.AuthenticationData;
+import at.gv.egovernment.moa.id.data.IAuthData;
import at.gv.egovernment.moa.id.protocols.pvp2x.builder.attributes.exceptions.AttributeException;
public class STORKNationalityCodeAttributBuilder implements IPVPAttributeBuilder {
@@ -34,11 +33,11 @@ public class STORKNationalityCodeAttributBuilder implements IPVPAttributeBuilder
return STORKConstants.NATIONALITYCODE_NAME;
}
- public <ATT> ATT build(AuthenticationSession authSession, OAAuthParameter oaParam, AuthenticationData authData,
+ public <ATT> ATT build(OAAuthParameter oaParam, IAuthData authData,
IAttributeGenerator<ATT> g) throws AttributeException {
return g.buildStringAttribute(STORKConstants.NATIONALITYCODE_FRIENDLYNAME, STORKConstants.NATIONALITYCODE_NAME,
- STORKAttributHelper.getAttribut(STORKConstants.NATIONALITYCODE_NAME, authSession));
+ STORKAttributHelper.getAttribut(STORKConstants.NATIONALITYCODE_NAME, authData));
}
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/attributes/STORKPseudonymAttributBuilder.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/attributes/STORKPseudonymAttributBuilder.java
index 7bf6716ec..421f8c28d 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/attributes/STORKPseudonymAttributBuilder.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/attributes/STORKPseudonymAttributBuilder.java
@@ -22,10 +22,9 @@
*******************************************************************************/
package at.gv.egovernment.moa.id.protocols.pvp2x.builder.attributes;
-import at.gv.egovernment.moa.id.auth.data.AuthenticationSession;
import at.gv.egovernment.moa.id.auth.stork.STORKConstants;
import at.gv.egovernment.moa.id.config.auth.OAAuthParameter;
-import at.gv.egovernment.moa.id.data.AuthenticationData;
+import at.gv.egovernment.moa.id.data.IAuthData;
import at.gv.egovernment.moa.id.protocols.pvp2x.builder.attributes.exceptions.AttributeException;
public class STORKPseudonymAttributBuilder implements IPVPAttributeBuilder {
@@ -34,11 +33,11 @@ public class STORKPseudonymAttributBuilder implements IPVPAttributeBuilder {
return STORKConstants.PSEUDONYM_NAME;
}
- public <ATT> ATT build(AuthenticationSession authSession, OAAuthParameter oaParam, AuthenticationData authData,
+ public <ATT> ATT build(OAAuthParameter oaParam, IAuthData authData,
IAttributeGenerator<ATT> g) throws AttributeException {
return g.buildStringAttribute(STORKConstants.PSEUDONYM_FRIENDLYNAME, STORKConstants.PSEUDONYM_NAME,
- STORKAttributHelper.getAttribut(STORKConstants.PSEUDONYM_NAME, authSession));
+ STORKAttributHelper.getAttribut(STORKConstants.PSEUDONYM_NAME, authData));
}
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/attributes/STORKResidencePermitAttributBuilder.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/attributes/STORKResidencePermitAttributBuilder.java
index d47de1ff9..ceff4cf4f 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/attributes/STORKResidencePermitAttributBuilder.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/attributes/STORKResidencePermitAttributBuilder.java
@@ -22,10 +22,9 @@
*******************************************************************************/
package at.gv.egovernment.moa.id.protocols.pvp2x.builder.attributes;
-import at.gv.egovernment.moa.id.auth.data.AuthenticationSession;
import at.gv.egovernment.moa.id.auth.stork.STORKConstants;
import at.gv.egovernment.moa.id.config.auth.OAAuthParameter;
-import at.gv.egovernment.moa.id.data.AuthenticationData;
+import at.gv.egovernment.moa.id.data.IAuthData;
import at.gv.egovernment.moa.id.protocols.pvp2x.builder.attributes.exceptions.AttributeException;
public class STORKResidencePermitAttributBuilder implements IPVPAttributeBuilder {
@@ -34,11 +33,11 @@ public class STORKResidencePermitAttributBuilder implements IPVPAttributeBuilder
return STORKConstants.RESIDENCEPERMIT_NAME;
}
- public <ATT> ATT build(AuthenticationSession authSession, OAAuthParameter oaParam, AuthenticationData authData,
+ public <ATT> ATT build(OAAuthParameter oaParam, IAuthData authData,
IAttributeGenerator<ATT> g) throws AttributeException {
return g.buildStringAttribute(STORKConstants.RESIDENCEPERMIT_FRIENDLYNAME, STORKConstants.RESIDENCEPERMIT_NAME,
- STORKAttributHelper.getAttribut(STORKConstants.RESIDENCEPERMIT_NAME, authSession));
+ STORKAttributHelper.getAttribut(STORKConstants.RESIDENCEPERMIT_NAME, authData));
}
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/attributes/STORKTextResidenceAddressAttributBuilder.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/attributes/STORKTextResidenceAddressAttributBuilder.java
index c75d6b0fb..1344883bf 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/attributes/STORKTextResidenceAddressAttributBuilder.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/attributes/STORKTextResidenceAddressAttributBuilder.java
@@ -22,10 +22,9 @@
*******************************************************************************/
package at.gv.egovernment.moa.id.protocols.pvp2x.builder.attributes;
-import at.gv.egovernment.moa.id.auth.data.AuthenticationSession;
import at.gv.egovernment.moa.id.auth.stork.STORKConstants;
import at.gv.egovernment.moa.id.config.auth.OAAuthParameter;
-import at.gv.egovernment.moa.id.data.AuthenticationData;
+import at.gv.egovernment.moa.id.data.IAuthData;
import at.gv.egovernment.moa.id.protocols.pvp2x.builder.attributes.exceptions.AttributeException;
public class STORKTextResidenceAddressAttributBuilder implements IPVPAttributeBuilder {
@@ -34,11 +33,11 @@ public class STORKTextResidenceAddressAttributBuilder implements IPVPAttributeBu
return STORKConstants.TEXTRESIDENCEADDRESS_NAME;
}
- public <ATT> ATT build(AuthenticationSession authSession, OAAuthParameter oaParam, AuthenticationData authData,
+ public <ATT> ATT build(OAAuthParameter oaParam, IAuthData authData,
IAttributeGenerator<ATT> g) throws AttributeException {
return g.buildStringAttribute(STORKConstants.TEXTRESIDENCEADDRESS_FRIENDLYNAME, STORKConstants.TEXTRESIDENCEADDRESS_NAME,
- STORKAttributHelper.getAttribut(STORKConstants.TEXTRESIDENCEADDRESS_NAME, authSession));
+ STORKAttributHelper.getAttribut(STORKConstants.TEXTRESIDENCEADDRESS_NAME, authData));
}
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/attributes/STORKTitleAttributBuilder.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/attributes/STORKTitleAttributBuilder.java
index 357b2fe0d..5209697d6 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/attributes/STORKTitleAttributBuilder.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/attributes/STORKTitleAttributBuilder.java
@@ -22,10 +22,9 @@
*******************************************************************************/
package at.gv.egovernment.moa.id.protocols.pvp2x.builder.attributes;
-import at.gv.egovernment.moa.id.auth.data.AuthenticationSession;
import at.gv.egovernment.moa.id.auth.stork.STORKConstants;
import at.gv.egovernment.moa.id.config.auth.OAAuthParameter;
-import at.gv.egovernment.moa.id.data.AuthenticationData;
+import at.gv.egovernment.moa.id.data.IAuthData;
import at.gv.egovernment.moa.id.protocols.pvp2x.builder.attributes.exceptions.AttributeException;
public class STORKTitleAttributBuilder implements IPVPAttributeBuilder {
@@ -34,11 +33,11 @@ public class STORKTitleAttributBuilder implements IPVPAttributeBuilder {
return STORKConstants.TITLE_NAME;
}
- public <ATT> ATT build(AuthenticationSession authSession, OAAuthParameter oaParam, AuthenticationData authData,
+ public <ATT> ATT build(OAAuthParameter oaParam, IAuthData authData,
IAttributeGenerator<ATT> g) throws AttributeException {
return g.buildStringAttribute(STORKConstants.TITLE_FRIENDLYNAME, STORKConstants.TITLE_NAME,
- STORKAttributHelper.getAttribut(STORKConstants.TITLE_NAME, authSession));
+ STORKAttributHelper.getAttribut(STORKConstants.TITLE_NAME, authData));
}
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/exceptions/PVP2EncodingException.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/attributes/exceptions/AttributePolicyException.java
index 60fe47364..1e0e2ee51 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/exceptions/PVP2EncodingException.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/attributes/exceptions/AttributePolicyException.java
@@ -20,21 +20,21 @@
* The "NOTICE" text file is part of the distribution. Any derivative works
* that you distribute must include a readable copy of the "NOTICE" text file.
*******************************************************************************/
-package at.gv.egovernment.moa.id.protocols.pvp2x.exceptions;
+package at.gv.egovernment.moa.id.protocols.pvp2x.builder.attributes.exceptions;
-public class PVP2EncodingException extends PVP2Exception {
-
- public PVP2EncodingException() {
- super("pvp2.01", null);
+public class AttributePolicyException extends AttributeException {
+
+ private static final long serialVersionUID = 1L;
+
+ private String attributeName;
+
+ public AttributePolicyException(String attributeName) {
+ super("Attribute " + attributeName + " is restricted by IDP policy.");
+ this.attributeName = attributeName;
}
- public PVP2EncodingException(Throwable wrapped) {
- super("pvp2.01", null, wrapped);
+ public String getAttributeName() {
+ return attributeName;
}
-
- /**
- *
- */
- private static final long serialVersionUID = -1348774139990071020L;
-
+
}
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/config/PVPConfiguration.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/config/PVPConfiguration.java
index ebfffb648..255fba093 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/config/PVPConfiguration.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/config/PVPConfiguration.java
@@ -52,9 +52,11 @@ import at.gv.egovernment.moa.id.commons.db.dao.config.Contact;
import at.gv.egovernment.moa.id.commons.db.dao.config.OAPVP2;
import at.gv.egovernment.moa.id.config.ConfigurationException;
import at.gv.egovernment.moa.id.config.auth.AuthConfigurationProvider;
+import at.gv.egovernment.moa.id.config.auth.IOAAuthParameters;
import at.gv.egovernment.moa.id.config.auth.OAAuthParameter;
import at.gv.egovernment.moa.id.protocols.pvp2x.utils.SAML2Utils;
import at.gv.egovernment.moa.logging.Logger;
+import at.gv.egovernment.moa.util.FileUtils;
import at.gv.egovernment.moa.util.MiscUtil;
public class PVPConfiguration {
@@ -68,9 +70,11 @@ public class PVPConfiguration {
return instance;
}
- public static final String PVP2_METADATA = "/pvp2/metadata";
- public static final String PVP2_REDIRECT = "/pvp2/redirect";
- public static final String PVP2_POST = "/pvp2/post";
+ public static final String PVP2_METADATA = "/pvp2/metadata";
+ public static final String PVP2_REDIRECT = "/pvp2/redirect";
+ public static final String PVP2_POST = "/pvp2/post";
+ public static final String PVP2_SOAP = "/pvp2/soap";
+ public static final String PVP2_ATTRIBUTEQUERY = "/pvp2/attributequery";
public static final String PVP_CONFIG_FILE = "pvp2config.properties";
@@ -83,6 +87,9 @@ public class PVPConfiguration {
public static final String IDP_KEYALIASASSERTION = "idp.ks.assertion.sign.alias";
public static final String IDP_KEY_PASSASSERTION = "idp.ks.assertion.sign.keypassword";
+ public static final String IDP_KEYALIASENCRYTPION = "sp.ks.assertion.encryption.alias";
+ public static final String IDP_KEY_PASSENCRYTPION = "sp.ks.assertion.encryption.keypassword";
+
public static final String IDP_ISSUER_NAME = "idp.issuer.name";
public static final String METADATA_FILE = "md.dir";
@@ -112,12 +119,14 @@ public class PVPConfiguration {
//PVP2 generalpvpconfigdb;
Properties props;
+ String rootDir = null;
private PVPConfiguration() {
try {
//generalpvpconfigdb = AuthConfigurationProvider.getInstance().getGeneralPVP2DBConfig();
props = AuthConfigurationProvider.getInstance().getGeneralPVP2ProperiesConfig();
-
+ rootDir = AuthConfigurationProvider.getInstance().getRootConfigFileDir();
+
} catch (ConfigurationException e) {
e.printStackTrace();
}
@@ -138,6 +147,14 @@ public class PVPConfiguration {
return getIDPPublicPath() + PVP2_POST;
}
+ public String getIDPSSOSOAPService() throws ConfigurationException {
+ return getIDPPublicPath() + PVP2_SOAP;
+ }
+
+ public String getIDPAttributeQueryService() throws ConfigurationException {
+ return getIDPPublicPath() + PVP2_ATTRIBUTEQUERY;
+ }
+
public String getIDPSSORedirectService() throws ConfigurationException {
return getIDPPublicPath() + PVP2_REDIRECT;
}
@@ -147,7 +164,7 @@ public class PVPConfiguration {
}
public String getIDPKeyStoreFilename() {
- return props.getProperty(IDP_JAVAKEYSTORE);
+ return FileUtils.makeAbsoluteURL(props.getProperty(IDP_JAVAKEYSTORE), rootDir);
}
public String getIDPKeyStorePassword() {
@@ -170,6 +187,14 @@ public class PVPConfiguration {
return props.getProperty(IDP_KEY_PASSASSERTION);
}
+ public String getIDPKeyAliasAssertionEncryption() {
+ return props.getProperty(IDP_KEYALIASASSERTION);
+ }
+
+ public String getIDPKeyPasswordAssertionEncryption() {
+ return props.getProperty(IDP_KEY_PASSASSERTION);
+ }
+
public String getIDPIssuerName() throws ConfigurationException {
if (moaIDVersion == null) {
@@ -223,7 +248,7 @@ public class PVPConfiguration {
public iaik.x509.X509Certificate getTrustEntityCertificate(String entityID) {
try {
- OAAuthParameter oaParam = AuthConfigurationProvider.getInstance().getOnlineApplicationParameter(entityID);
+ IOAAuthParameters oaParam = AuthConfigurationProvider.getInstance().getOnlineApplicationParameter(entityID);
if (oaParam == null) {
Logger.warn("Online Application with ID " + entityID + " not found!");
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/exceptions/AssertionAttributeExtractorExeption.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/exceptions/AssertionAttributeExtractorExeption.java
new file mode 100644
index 000000000..69ca4e8f5
--- /dev/null
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/exceptions/AssertionAttributeExtractorExeption.java
@@ -0,0 +1,50 @@
+/*
+ * Copyright 2014 Federal Chancellery Austria
+ * MOA-ID has been developed in a cooperation between BRZ, the Federal
+ * Chancellery Austria - ICT staff unit, and Graz University of Technology.
+ *
+ * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by
+ * the European Commission - subsequent versions of the EUPL (the "Licence");
+ * You may not use this work except in compliance with the Licence.
+ * You may obtain a copy of the Licence at:
+ * http://www.osor.eu/eupl/
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the Licence is distributed on an "AS IS" basis,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the Licence for the specific language governing permissions and
+ * limitations under the Licence.
+ *
+ * This product combines work with different licenses. See the "NOTICE" text
+ * file for details on the various modules and licenses.
+ * The "NOTICE" text file is part of the distribution. Any derivative works
+ * that you distribute must include a readable copy of the "NOTICE" text file.
+ */
+package at.gv.egovernment.moa.id.protocols.pvp2x.exceptions;
+
+/**
+ * @author tlenz
+ *
+ */
+public class AssertionAttributeExtractorExeption extends PVP2Exception {
+
+ /**
+ *
+ */
+ private static final long serialVersionUID = -6459000942830951492L;
+
+ public AssertionAttributeExtractorExeption(String attributeName) {
+ super("Parse PVP2.1 assertion FAILED: Attribute " + attributeName
+ + " can not extract.", null);
+ }
+
+ public AssertionAttributeExtractorExeption(String messageId,
+ Object[] parameters) {
+ super(messageId, parameters);
+ }
+
+ public AssertionAttributeExtractorExeption() {
+ super("Parse PVP2.1 assertion FAILED. Interfederation not possible", null);
+ }
+
+}
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/exceptions/AssertionValidationExeption.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/exceptions/AssertionValidationExeption.java
new file mode 100644
index 000000000..fcd8472b1
--- /dev/null
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/exceptions/AssertionValidationExeption.java
@@ -0,0 +1,49 @@
+/*
+ * Copyright 2014 Federal Chancellery Austria
+ * MOA-ID has been developed in a cooperation between BRZ, the Federal
+ * Chancellery Austria - ICT staff unit, and Graz University of Technology.
+ *
+ * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by
+ * the European Commission - subsequent versions of the EUPL (the "Licence");
+ * You may not use this work except in compliance with the Licence.
+ * You may obtain a copy of the Licence at:
+ * http://www.osor.eu/eupl/
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the Licence is distributed on an "AS IS" basis,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the Licence for the specific language governing permissions and
+ * limitations under the Licence.
+ *
+ * This product combines work with different licenses. See the "NOTICE" text
+ * file for details on the various modules and licenses.
+ * The "NOTICE" text file is part of the distribution. Any derivative works
+ * that you distribute must include a readable copy of the "NOTICE" text file.
+ */
+package at.gv.egovernment.moa.id.protocols.pvp2x.exceptions;
+
+import at.gv.egovernment.moa.id.config.ConfigurationException;
+
+/**
+ * @author tlenz
+ *
+ */
+public class AssertionValidationExeption extends PVP2Exception {
+
+ private static final long serialVersionUID = -3987805399122286259L;
+
+ public AssertionValidationExeption(String messageId, Object[] parameters) {
+ super(messageId, parameters);
+ }
+
+ /**
+ * @param string
+ * @param object
+ * @param e
+ */
+ public AssertionValidationExeption(String string, Object[] parameters,
+ Throwable e) {
+ super(string, parameters, e);
+ }
+
+}
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/exceptions/NoAuthContextException.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/exceptions/AttributQueryException.java
index fdc8c8d39..9008a7183 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/exceptions/NoAuthContextException.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/exceptions/AttributQueryException.java
@@ -1,4 +1,4 @@
-/*******************************************************************************
+/*
* Copyright 2014 Federal Chancellery Austria
* MOA-ID has been developed in a cooperation between BRZ, the Federal
* Chancellery Austria - ICT staff unit, and Graz University of Technology.
@@ -19,21 +19,26 @@
* file for details on the various modules and licenses.
* The "NOTICE" text file is part of the distribution. Any derivative works
* that you distribute must include a readable copy of the "NOTICE" text file.
- *******************************************************************************/
+ */
package at.gv.egovernment.moa.id.protocols.pvp2x.exceptions;
-import org.opensaml.saml2.core.StatusCode;
-
-public class NoAuthContextException extends PVP2Exception {
+/**
+ * @author tlenz
+ *
+ */
+public class AttributQueryException extends PVP2Exception {
/**
*
*/
- private static final long serialVersionUID = 7040652043174500992L;
+ private static final long serialVersionUID = -4302422507173728748L;
- public NoAuthContextException() {
- super("pvp2.04", null);
- this.statusCodeValue = StatusCode.REQUESTER_URI;
+ public AttributQueryException(String messageId, Object[] parameters) {
+ super(messageId, parameters);
+ }
+
+ public AttributQueryException(String messageId, Object[] parameters, Throwable e) {
+ super(messageId, parameters, e);
}
}
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/exceptions/InvalidAssertionEncryptionException.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/exceptions/InvalidAssertionEncryptionException.java
index 69da5c09c..b49070bd6 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/exceptions/InvalidAssertionEncryptionException.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/exceptions/InvalidAssertionEncryptionException.java
@@ -30,7 +30,7 @@ public class InvalidAssertionEncryptionException extends PVP2Exception {
public InvalidAssertionEncryptionException() {
super("pvp2.16", new Object[]{});
- this.statusCodeValue = StatusCode.REQUESTER_URI;
+ this.statusCodeValue = StatusCode.RESPONDER_URI;
}
}
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/exceptions/NOSLOServiceDescriptorException.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/exceptions/NOSLOServiceDescriptorException.java
new file mode 100644
index 000000000..204e1c2a5
--- /dev/null
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/exceptions/NOSLOServiceDescriptorException.java
@@ -0,0 +1,44 @@
+/*
+ * Copyright 2014 Federal Chancellery Austria
+ * MOA-ID has been developed in a cooperation between BRZ, the Federal
+ * Chancellery Austria - ICT staff unit, and Graz University of Technology.
+ *
+ * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by
+ * the European Commission - subsequent versions of the EUPL (the "Licence");
+ * You may not use this work except in compliance with the Licence.
+ * You may obtain a copy of the Licence at:
+ * http://www.osor.eu/eupl/
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the Licence is distributed on an "AS IS" basis,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the Licence for the specific language governing permissions and
+ * limitations under the Licence.
+ *
+ * This product combines work with different licenses. See the "NOTICE" text
+ * file for details on the various modules and licenses.
+ * The "NOTICE" text file is part of the distribution. Any derivative works
+ * that you distribute must include a readable copy of the "NOTICE" text file.
+ */
+package at.gv.egovernment.moa.id.protocols.pvp2x.exceptions;
+
+/**
+ * @author tlenz
+ *
+ */
+public class NOSLOServiceDescriptorException extends PVP2Exception {
+
+ /**
+ *
+ */
+ private static final long serialVersionUID = -3073730570511152661L;
+
+ /**
+ * @param messageId
+ * @param parameters
+ */
+ public NOSLOServiceDescriptorException(String messageId, Object[] parameters) {
+ super(messageId, parameters);
+ }
+
+}
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/exceptions/NameIDFormatNotSupportedException.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/exceptions/NameIDFormatNotSupportedException.java
index b5facde34..87e443930 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/exceptions/NameIDFormatNotSupportedException.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/exceptions/NameIDFormatNotSupportedException.java
@@ -22,10 +22,14 @@
*******************************************************************************/
package at.gv.egovernment.moa.id.protocols.pvp2x.exceptions;
+import org.opensaml.saml2.core.StatusCode;
+
public class NameIDFormatNotSupportedException extends AuthnRequestValidatorException {
public NameIDFormatNotSupportedException(String nameIDFormat) {
super("pvp2.12", new Object[] {nameIDFormat});
+ statusCodeValue = StatusCode.INVALID_NAMEID_POLICY_URI;
+
}
/**
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/exceptions/SLOException.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/exceptions/SLOException.java
new file mode 100644
index 000000000..9f1b6168e
--- /dev/null
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/exceptions/SLOException.java
@@ -0,0 +1,41 @@
+/*
+ * Copyright 2014 Federal Chancellery Austria
+ * MOA-ID has been developed in a cooperation between BRZ, the Federal
+ * Chancellery Austria - ICT staff unit, and Graz University of Technology.
+ *
+ * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by
+ * the European Commission - subsequent versions of the EUPL (the "Licence");
+ * You may not use this work except in compliance with the Licence.
+ * You may obtain a copy of the Licence at:
+ * http://www.osor.eu/eupl/
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the Licence is distributed on an "AS IS" basis,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the Licence for the specific language governing permissions and
+ * limitations under the Licence.
+ *
+ * This product combines work with different licenses. See the "NOTICE" text
+ * file for details on the various modules and licenses.
+ * The "NOTICE" text file is part of the distribution. Any derivative works
+ * that you distribute must include a readable copy of the "NOTICE" text file.
+ */
+package at.gv.egovernment.moa.id.protocols.pvp2x.exceptions;
+
+/**
+ * @author tlenz
+ *
+ */
+public class SLOException extends PVP2Exception {
+ private static final long serialVersionUID = -5284624715788385022L;
+
+ /**
+ * @param messageId
+ * @param parameters
+ */
+ public SLOException(String messageId, Object[] parameters) {
+ super(messageId, parameters);
+ // TODO Auto-generated constructor stub
+ }
+
+}
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/binding/MOARequest.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/messages/InboundMessage.java
index 11054fd57..332caf967 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/binding/MOARequest.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/messages/InboundMessage.java
@@ -1,4 +1,4 @@
-/*******************************************************************************
+/*
* Copyright 2014 Federal Chancellery Austria
* MOA-ID has been developed in a cooperation between BRZ, the Federal
* Chancellery Austria - ICT staff unit, and Graz University of Technology.
@@ -19,106 +19,96 @@
* file for details on the various modules and licenses.
* The "NOTICE" text file is part of the distribution. Any derivative works
* that you distribute must include a readable copy of the "NOTICE" text file.
- *******************************************************************************/
-package at.gv.egovernment.moa.id.protocols.pvp2x.binding;
+ */
+package at.gv.egovernment.moa.id.protocols.pvp2x.messages;
import java.io.Serializable;
-import org.opensaml.Configuration;
-import org.opensaml.saml2.core.RequestAbstractType;
-import org.opensaml.saml2.core.impl.RequestAbstractTypeMarshaller;
-import org.opensaml.saml2.core.impl.RequestAbstractTypeUnmarshaller;
import org.opensaml.saml2.metadata.EntityDescriptor;
import org.opensaml.saml2.metadata.provider.MetadataProviderException;
-import org.opensaml.xml.XMLObject;
-import org.opensaml.xml.io.Unmarshaller;
-import org.opensaml.xml.io.UnmarshallerFactory;
-import org.opensaml.xml.io.UnmarshallingException;
import org.w3c.dom.Element;
-import at.gv.egovernment.moa.id.auth.exception.MOAIDException;
import at.gv.egovernment.moa.id.protocols.pvp2x.exceptions.NoMetadataInformationException;
import at.gv.egovernment.moa.id.protocols.pvp2x.metadata.MOAMetadataProvider;
import at.gv.egovernment.moa.logging.Logger;
-public class MOARequest implements Serializable{
+/**
+ * @author tlenz
+ *
+ */
+public class InboundMessage implements InboundMessageInterface, Serializable{
private static final long serialVersionUID = 2395131650841669663L;
- private Element samlRequest;
+ private Element samlMessage = null;
private boolean verified = false;
private String entityID = null;
private String relayState = null;
- public MOARequest(RequestAbstractType request) {
- samlRequest = request.getDOM();
- }
-
- public RequestAbstractType getSamlRequest() {
- UnmarshallerFactory unmarshallerFactory = Configuration.getUnmarshallerFactory();
- Unmarshaller unmashaller = unmarshallerFactory.getUnmarshaller(samlRequest);
+
+ public EntityDescriptor getEntityMetadata() throws NoMetadataInformationException {
try {
- return (RequestAbstractType) unmashaller.unmarshall(samlRequest);
+ return MOAMetadataProvider.getInstance().getEntityDescriptor(this.entityID);
- } catch (UnmarshallingException e) {
- Logger.warn("AuthnRequest Unmarshaller error", e);
- return null;
- }
-
+ } catch (MetadataProviderException e) {
+ Logger.warn("No Metadata for EntitiyID " + entityID);
+ throw new NoMetadataInformationException();
+ }
}
-
-
/**
- * @return the relayState
+ * @param entitiyID the entitiyID to set
*/
- public String getRelayState() {
- return relayState;
+ public void setEntityID(String entitiyID) {
+ this.entityID = entitiyID;
}
-
+
+ public void setVerified(boolean verified) {
+ this.verified = verified;
+ }
+
/**
* @param relayState the relayState to set
*/
public void setRelayState(String relayState) {
this.relayState = relayState;
}
-
- public void setSamlRequest(RequestAbstractType request) {
- this.samlRequest = request.getDOM();
- }
-
- public boolean isVerified() {
- return verified;
- }
-
- public void setVerified(boolean verified) {
- this.verified = verified;
+
+ public void setSAMLMessage(Element msg) {
+ this.samlMessage = msg;
}
-
- public EntityDescriptor getEntityMetadata() throws NoMetadataInformationException {
-
- try {
- return MOAMetadataProvider.getInstance().getEntityDescriptor(this.entityID);
-
- } catch (MetadataProviderException e) {
- Logger.warn("No Metadata for EntitiyID " + entityID);
- throw new NoMetadataInformationException();
- }
+
+ /* (non-Javadoc)
+ * @see at.gv.egovernment.moa.id.protocols.pvp2x.messages.PVP21InboundMessage#getRelayState()
+ */
+ @Override
+ public String getRelayState() {
+ return relayState;
}
- /**
- * @return the entitiyID
+ /* (non-Javadoc)
+ * @see at.gv.egovernment.moa.id.protocols.pvp2x.messages.PVP21InboundMessage#getEntityID()
*/
+ @Override
public String getEntityID() {
return entityID;
}
- /**
- * @param entitiyID the entitiyID to set
+ /* (non-Javadoc)
+ * @see at.gv.egovernment.moa.id.protocols.pvp2x.messages.PVP21InboundMessage#isVerified()
*/
- public void setEntityID(String entitiyID) {
- this.entityID = entitiyID;
+ @Override
+ public boolean isVerified() {
+ return verified;
}
-
+
+ /* (non-Javadoc)
+ * @see at.gv.egovernment.moa.id.protocols.pvp2x.messages.PVP21InboundMessage#getInboundMessage()
+ */
+ @Override
+ public Element getInboundMessage() {
+ return samlMessage;
+ }
+
}
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/messages/InboundMessageInterface.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/messages/InboundMessageInterface.java
new file mode 100644
index 000000000..60a6f069a
--- /dev/null
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/messages/InboundMessageInterface.java
@@ -0,0 +1,38 @@
+/*
+ * Copyright 2014 Federal Chancellery Austria
+ * MOA-ID has been developed in a cooperation between BRZ, the Federal
+ * Chancellery Austria - ICT staff unit, and Graz University of Technology.
+ *
+ * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by
+ * the European Commission - subsequent versions of the EUPL (the "Licence");
+ * You may not use this work except in compliance with the Licence.
+ * You may obtain a copy of the Licence at:
+ * http://www.osor.eu/eupl/
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the Licence is distributed on an "AS IS" basis,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the Licence for the specific language governing permissions and
+ * limitations under the Licence.
+ *
+ * This product combines work with different licenses. See the "NOTICE" text
+ * file for details on the various modules and licenses.
+ * The "NOTICE" text file is part of the distribution. Any derivative works
+ * that you distribute must include a readable copy of the "NOTICE" text file.
+ */
+package at.gv.egovernment.moa.id.protocols.pvp2x.messages;
+
+import org.w3c.dom.Element;
+
+/**
+ * @author tlenz
+ *
+ */
+public interface InboundMessageInterface {
+
+ public String getRelayState();
+ public String getEntityID();
+ public boolean isVerified();
+ public Element getInboundMessage();
+
+}
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/messages/MOARequest.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/messages/MOARequest.java
new file mode 100644
index 000000000..7679e74a6
--- /dev/null
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/messages/MOARequest.java
@@ -0,0 +1,66 @@
+/*******************************************************************************
+ * Copyright 2014 Federal Chancellery Austria
+ * MOA-ID has been developed in a cooperation between BRZ, the Federal
+ * Chancellery Austria - ICT staff unit, and Graz University of Technology.
+ *
+ * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by
+ * the European Commission - subsequent versions of the EUPL (the "Licence");
+ * You may not use this work except in compliance with the Licence.
+ * You may obtain a copy of the Licence at:
+ * http://www.osor.eu/eupl/
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the Licence is distributed on an "AS IS" basis,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the Licence for the specific language governing permissions and
+ * limitations under the Licence.
+ *
+ * This product combines work with different licenses. See the "NOTICE" text
+ * file for details on the various modules and licenses.
+ * The "NOTICE" text file is part of the distribution. Any derivative works
+ * that you distribute must include a readable copy of the "NOTICE" text file.
+ *******************************************************************************/
+package at.gv.egovernment.moa.id.protocols.pvp2x.messages;
+
+
+import org.opensaml.Configuration;
+import org.opensaml.saml2.core.RequestAbstractType;
+import org.opensaml.xml.io.Unmarshaller;
+import org.opensaml.xml.io.UnmarshallerFactory;
+import org.opensaml.xml.io.UnmarshallingException;
+import org.opensaml.xml.signature.SignableXMLObject;
+
+import at.gv.egovernment.moa.id.protocols.pvp2x.messages.InboundMessage;
+import at.gv.egovernment.moa.logging.Logger;
+
+public class MOARequest extends InboundMessage{
+
+ private static final long serialVersionUID = 8613921176727607896L;
+
+ private String binding = null;
+
+ public MOARequest(SignableXMLObject inboundMessage, String binding) {
+ setSAMLMessage(inboundMessage.getDOM());
+ this.binding = binding;
+
+ }
+
+ public String getRequestBinding() {
+ return binding;
+ }
+
+ public SignableXMLObject getSamlRequest() {
+ UnmarshallerFactory unmarshallerFactory = Configuration.getUnmarshallerFactory();
+ Unmarshaller unmashaller = unmarshallerFactory.getUnmarshaller(getInboundMessage());
+
+ try {
+ return (SignableXMLObject) unmashaller.unmarshall(getInboundMessage());
+
+ } catch (UnmarshallingException e) {
+ Logger.warn("AuthnRequest Unmarshaller error", e);
+ return null;
+ }
+
+ }
+
+}
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/binding/MOAResponse.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/messages/MOAResponse.java
index 3d21d95c4..870273cf3 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/binding/MOAResponse.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/messages/MOAResponse.java
@@ -20,41 +20,37 @@
* The "NOTICE" text file is part of the distribution. Any derivative works
* that you distribute must include a readable copy of the "NOTICE" text file.
*******************************************************************************/
-package at.gv.egovernment.moa.id.protocols.pvp2x.binding;
+package at.gv.egovernment.moa.id.protocols.pvp2x.messages;
+import org.opensaml.Configuration;
import org.opensaml.saml2.core.Response;
-import org.opensaml.saml2.metadata.EntityDescriptor;
+import org.opensaml.xml.io.Unmarshaller;
+import org.opensaml.xml.io.UnmarshallerFactory;
+import org.opensaml.xml.io.UnmarshallingException;
-public class MOAResponse {
- private Response samlResponse;
- private EntityDescriptor entityMetadata;
- private boolean verified = false;
+import at.gv.egovernment.moa.id.protocols.pvp2x.messages.InboundMessage;
+import at.gv.egovernment.moa.logging.Logger;
- public MOAResponse(Response response) {
- samlResponse = response;
- }
-
- public Response getSamlResponse() {
- return samlResponse;
- }
-
- public void setSamlResponse(Response samlResponse) {
- this.samlResponse = samlResponse;
- }
+public class MOAResponse extends InboundMessage {
+
+ private static final long serialVersionUID = -1133012928130138501L;
- public boolean isVerified() {
- return verified;
+ public MOAResponse(Response response) {
+ setSAMLMessage(response.getDOM());
}
- public void setVerified(boolean verified) {
- this.verified = verified;
+ public Response getResponse() {
+ UnmarshallerFactory unmarshallerFactory = Configuration.getUnmarshallerFactory();
+ Unmarshaller unmashaller = unmarshallerFactory.getUnmarshaller(getInboundMessage());
+
+ try {
+ return (Response) unmashaller.unmarshall(getInboundMessage());
+
+ } catch (UnmarshallingException e) {
+ Logger.warn("AuthnResponse Unmarshaller error", e);
+ return null;
+ }
+
}
- public EntityDescriptor getEntityMetadata() {
- return entityMetadata;
- }
-
- public void setEntityMetadata(EntityDescriptor entityMetadata) {
- this.entityMetadata = entityMetadata;
- }
}
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/metadata/MOAMetadataProvider.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/metadata/MOAMetadataProvider.java
index 6d9022bd9..a57fb5717 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/metadata/MOAMetadataProvider.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/metadata/MOAMetadataProvider.java
@@ -22,6 +22,7 @@
*******************************************************************************/
package at.gv.egovernment.moa.id.protocols.pvp2x.metadata;
+import java.security.cert.CertificateException;
import java.util.ArrayList;
import java.util.Collection;
import java.util.Date;
@@ -31,9 +32,10 @@ import java.util.List;
import java.util.Map;
import java.util.Timer;
+import javax.net.ssl.SSLHandshakeException;
import javax.xml.namespace.QName;
-import org.apache.commons.httpclient.HttpClient;
+import org.apache.commons.httpclient.MOAHttpClient;
import org.opensaml.saml2.metadata.EntitiesDescriptor;
import org.opensaml.saml2.metadata.EntityDescriptor;
import org.opensaml.saml2.metadata.RoleDescriptor;
@@ -46,9 +48,15 @@ import org.opensaml.xml.XMLObject;
import org.opensaml.xml.parse.BasicParserPool;
import at.gv.egovernment.moa.id.commons.db.ConfigurationDBRead;
+import at.gv.egovernment.moa.id.commons.db.dao.config.ChainingModeType;
import at.gv.egovernment.moa.id.commons.db.dao.config.OAPVP2;
import at.gv.egovernment.moa.id.commons.db.dao.config.OnlineApplication;
-import at.gv.egovernment.moa.id.protocols.pvp2x.verification.MetadataSignatureFilter;
+import at.gv.egovernment.moa.id.commons.ex.MOAHttpProtocolSocketFactoryException;
+import at.gv.egovernment.moa.id.commons.utils.MOAHttpProtocolSocketFactory;
+import at.gv.egovernment.moa.id.config.auth.AuthConfigurationProvider;
+import at.gv.egovernment.moa.id.protocols.pvp2x.PVPConstants;
+import at.gv.egovernment.moa.id.protocols.pvp2x.verification.metadata.InterfederatedIDPPublicServiceFilter;
+import at.gv.egovernment.moa.id.protocols.pvp2x.verification.metadata.MetadataFilterChain;
import at.gv.egovernment.moa.logging.Logger;
import at.gv.egovernment.moa.util.MiscUtil;
@@ -118,14 +126,15 @@ public class MOAMetadataProvider implements MetadataProvider {
}
}
+ //set Timestamp
+ Date oldTimeStamp = timestamp;
+ timestamp = new Date();
+
//load all PVP2 OAs form ConfigurationDatabase and
//compare actually loaded Providers with configured PVP2 OAs
List<OnlineApplication> oaList = ConfigurationDBRead
.getAllActiveOnlineApplications();
-
- //set Timestamp
- timestamp = new Date();
-
+
Iterator<OnlineApplication> oaIt = oaList.iterator();
while (oaIt.hasNext()) {
HTTPMetadataProvider httpProvider = null;
@@ -138,7 +147,16 @@ public class MOAMetadataProvider implements MetadataProvider {
String metadataurl = pvp2Config.getMetadataURL();
if (loadedproviders.containsKey(metadataurl)) {
- //PVP2 OA is actually loaded, to nothing
+
+ if (pvp2Config.getUpdateRequiredItem() != null &&
+ pvp2Config.getUpdateRequiredItem().after(oldTimeStamp)) {
+ //PVP2 OA is actually loaded, but update is requested
+ Logger.info("Reload metadata for: " + oa.getFriendlyName());
+ loadedproviders.get(metadataurl).refresh();
+
+ }
+
+ // PVP2 OA is actually loaded, to nothing
providersinuse.put(metadataurl, loadedproviders.get(metadataurl));
loadedproviders.remove(metadataurl);
@@ -146,11 +164,14 @@ public class MOAMetadataProvider implements MetadataProvider {
} else if ( MiscUtil.isNotEmpty(metadataurl) &&
!providersinuse.containsKey(metadataurl) ) {
//PVP2 OA is new, add it to MOAMetadataProvider
+
Logger.info("Loading metadata for: " + oa.getFriendlyName());
httpProvider = createNewHTTPMetaDataProvider(
pvp2Config.getMetadataURL(),
pvp2Config.getCertificate(),
- oa.getFriendlyName());
+ oa.getFriendlyName(),
+ buildMetadataFilterChain(oa, pvp2Config.getMetadataURL(),
+ pvp2Config.getCertificate()));
if (httpProvider != null)
providersinuse.put(metadataurl, httpProvider);
@@ -256,7 +277,9 @@ public class MOAMetadataProvider implements MetadataProvider {
httpProvider = createNewHTTPMetaDataProvider(
metadataURL,
pvp2Config.getCertificate(),
- oa.getFriendlyName());
+ oa.getFriendlyName(),
+ buildMetadataFilterChain(oa, metadataURL,
+ pvp2Config.getCertificate()));
if (httpProvider != null)
providersinuse.put(metadataURL, httpProvider);
@@ -295,13 +318,45 @@ public class MOAMetadataProvider implements MetadataProvider {
timestamp = new Date();
}
- private HTTPMetadataProvider createNewHTTPMetaDataProvider(String metadataURL, byte[] certificate, String oaName) {
+ private MetadataFilterChain buildMetadataFilterChain(OnlineApplication oa, String metadataURL, byte[] certificate) throws CertificateException {
+ MetadataFilterChain filterChain = new MetadataFilterChain(metadataURL, certificate);
+
+ if (oa.isIsInterfederationIDP() != null && oa.isIsInterfederationIDP()) {
+ Logger.info("Online-Application is an interfederated IDP. Add addional Metadata policies");
+ filterChain.getFilters().add(new InterfederatedIDPPublicServiceFilter(metadataURL, oa.getType()));
+
+ }
+
+ return filterChain;
+ }
+
+ private HTTPMetadataProvider createNewHTTPMetaDataProvider(String metadataURL, byte[] certificate, String oaName, MetadataFilterChain filter) {
HTTPMetadataProvider httpProvider = null;
Timer timer= null;
-
- try {
+ MOAHttpClient httpClient = null;
+ try {
+ httpClient = new MOAHttpClient();
+
+ if (metadataURL.startsWith("https:")) {
+ try {
+ MOAHttpProtocolSocketFactory protoSocketFactory = new MOAHttpProtocolSocketFactory(
+ PVPConstants.SSLSOCKETFACTORYNAME,
+ AuthConfigurationProvider.getInstance().getCertstoreDirectory(),
+ AuthConfigurationProvider.getInstance().getTrustedCACertificates(),
+ null,
+ ChainingModeType.fromValue(AuthConfigurationProvider.getInstance().getDefaultChainingMode()),
+ AuthConfigurationProvider.getInstance().isTrustmanagerrevoationchecking());
+
+ httpClient.setCustomSSLTrustStore(metadataURL, protoSocketFactory);
+
+ } catch (MOAHttpProtocolSocketFactoryException e) {
+ Logger.warn("MOA SSL-TrustStore can not initialized. Use default Java TrustStore.");
+
+ }
+ }
+
timer = new Timer();
- httpProvider = new HTTPMetadataProvider(timer, new HttpClient(),
+ httpProvider = new HTTPMetadataProvider(timer, httpClient,
metadataURL);
httpProvider.setParserPool(new BasicParserPool());
httpProvider.setRequireValidMetadata(true);
@@ -309,17 +364,20 @@ public class MOAMetadataProvider implements MetadataProvider {
httpProvider.setMaxRefreshDelay(1000*60*60*24); //24 hours
//httpProvider.setRefreshDelayFactor(0.1F);
- // TODO: use proper SSL checking
-
- MetadataFilter filter = new MetadataSignatureFilter(
- metadataURL, certificate);
+ if (filter == null) {
+ filter = new MetadataFilterChain(metadataURL, certificate);
+ }
httpProvider.setMetadataFilter(filter);
httpProvider.initialize();
return httpProvider;
-
-
+
} catch (Throwable e) {
+ if (e.getCause() != null && e.getCause().getCause() instanceof SSLHandshakeException) {
+ Logger.warn("SSL-Server certificate for metadata "
+ + metadataURL + " not trusted.", e);
+ }
+
Logger.error(
"Failed to add Metadata file for "
+ oaName + "[ "
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/requestHandler/ArtifactResolution.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/requestHandler/ArtifactResolution.java
index 04ef4cdbf..303fc2924 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/requestHandler/ArtifactResolution.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/requestHandler/ArtifactResolution.java
@@ -30,10 +30,12 @@ import org.opensaml.common.binding.artifact.SAMLArtifactMap.SAMLArtifactMapEntry
import org.opensaml.saml2.core.ArtifactResolve;
import org.opensaml.saml2.core.ArtifactResponse;
-import at.gv.egovernment.moa.id.auth.data.AuthenticationSession;
import at.gv.egovernment.moa.id.auth.exception.MOAIDException;
+import at.gv.egovernment.moa.id.data.IAuthData;
+import at.gv.egovernment.moa.id.data.SLOInformationInterface;
import at.gv.egovernment.moa.id.protocols.pvp2x.PVPAssertionStorage;
-import at.gv.egovernment.moa.id.protocols.pvp2x.binding.MOARequest;
+import at.gv.egovernment.moa.id.protocols.pvp2x.messages.InboundMessage;
+import at.gv.egovernment.moa.id.protocols.pvp2x.messages.MOARequest;
import at.gv.egovernment.moa.id.protocols.pvp2x.binding.SoapBinding;
import at.gv.egovernment.moa.id.protocols.pvp2x.exceptions.RequestDeniedException;
import at.gv.egovernment.moa.id.protocols.pvp2x.utils.SAML2Utils;
@@ -41,18 +43,18 @@ import at.gv.egovernment.moa.logging.Logger;
public class ArtifactResolution implements IRequestHandler {
- public boolean handleObject(MOARequest obj) {
- return (obj.getSamlRequest() instanceof ArtifactResolve);
+ public boolean handleObject(InboundMessage obj) {
+ return (obj instanceof MOARequest &&
+ ((MOARequest)obj).getSamlRequest() instanceof ArtifactResolve);
}
- public String process(MOARequest obj, HttpServletRequest req,
- HttpServletResponse resp, AuthenticationSession moasession) throws MOAIDException {
+ public SLOInformationInterface process(InboundMessage obj, HttpServletRequest req,
+ HttpServletResponse resp, IAuthData authData) throws MOAIDException {
if (!handleObject(obj)) {
throw new MOAIDException("pvp2.13", null);
}
-
- ArtifactResolve artifactResolve = (ArtifactResolve) obj
- .getSamlRequest();
+
+ ArtifactResolve artifactResolve = (ArtifactResolve) ((MOARequest)obj).getSamlRequest();
String artifactID = artifactResolve.getArtifact().getArtifact();
PVPAssertionStorage pvpAssertion = PVPAssertionStorage.getInstance();
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/requestHandler/AuthnRequestHandler.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/requestHandler/AuthnRequestHandler.java
index fd7ff9885..ca5210d21 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/requestHandler/AuthnRequestHandler.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/requestHandler/AuthnRequestHandler.java
@@ -22,72 +22,55 @@
*******************************************************************************/
package at.gv.egovernment.moa.id.protocols.pvp2x.requestHandler;
-import java.util.ArrayList;
-import java.util.List;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import org.joda.time.DateTime;
-import org.opensaml.Configuration;
import org.opensaml.common.xml.SAMLConstants;
import org.opensaml.saml2.core.Assertion;
import org.opensaml.saml2.core.AuthnRequest;
-import org.opensaml.saml2.core.EncryptedAssertion;
-import org.opensaml.saml2.core.Issuer;
-import org.opensaml.saml2.core.NameID;
import org.opensaml.saml2.core.Response;
-import org.opensaml.saml2.encryption.Encrypter;
-import org.opensaml.saml2.encryption.Encrypter.KeyPlacement;
import org.opensaml.saml2.metadata.AssertionConsumerService;
import org.opensaml.saml2.metadata.EntityDescriptor;
import org.opensaml.saml2.metadata.SPSSODescriptor;
-import org.opensaml.security.MetadataCredentialResolver;
-import org.opensaml.security.MetadataCriteria;
import org.opensaml.ws.message.encoder.MessageEncodingException;
-import org.opensaml.xml.encryption.EncryptionException;
-import org.opensaml.xml.encryption.EncryptionParameters;
-import org.opensaml.xml.encryption.KeyEncryptionParameters;
-import org.opensaml.xml.security.CriteriaSet;
import org.opensaml.xml.security.SecurityException;
-import org.opensaml.xml.security.credential.UsageType;
-import org.opensaml.xml.security.criteria.EntityIDCriteria;
-import org.opensaml.xml.security.criteria.UsageCriteria;
-import org.opensaml.xml.security.keyinfo.KeyInfoGeneratorFactory;
-import org.opensaml.xml.security.x509.X509Credential;
-
-import at.gv.egovernment.moa.id.auth.data.AuthenticationSession;
import at.gv.egovernment.moa.id.auth.exception.MOAIDException;
-import at.gv.egovernment.moa.id.config.auth.AuthConfigurationProvider;
+import at.gv.egovernment.moa.id.data.IAuthData;
+import at.gv.egovernment.moa.id.data.SLOInformationImpl;
+import at.gv.egovernment.moa.id.data.SLOInformationInterface;
import at.gv.egovernment.moa.id.protocols.pvp2x.PVPConstants;
import at.gv.egovernment.moa.id.protocols.pvp2x.binding.ArtifactBinding;
import at.gv.egovernment.moa.id.protocols.pvp2x.binding.IEncoder;
-import at.gv.egovernment.moa.id.protocols.pvp2x.binding.MOARequest;
+import at.gv.egovernment.moa.id.protocols.pvp2x.messages.InboundMessage;
+import at.gv.egovernment.moa.id.protocols.pvp2x.messages.MOARequest;
import at.gv.egovernment.moa.id.protocols.pvp2x.binding.PostBinding;
import at.gv.egovernment.moa.id.protocols.pvp2x.binding.RedirectBinding;
+import at.gv.egovernment.moa.id.protocols.pvp2x.builder.AuthResponseBuilder;
import at.gv.egovernment.moa.id.protocols.pvp2x.builder.assertion.PVP2AssertionBuilder;
-import at.gv.egovernment.moa.id.protocols.pvp2x.config.PVPConfiguration;
import at.gv.egovernment.moa.id.protocols.pvp2x.exceptions.BindingNotSupportedException;
import at.gv.egovernment.moa.id.protocols.pvp2x.exceptions.InvalidAssertionConsumerServiceException;
-import at.gv.egovernment.moa.id.protocols.pvp2x.exceptions.InvalidAssertionEncryptionException;
-import at.gv.egovernment.moa.id.protocols.pvp2x.metadata.MOAMetadataProvider;
import at.gv.egovernment.moa.id.protocols.pvp2x.utils.SAML2Utils;
import at.gv.egovernment.moa.logging.Logger;
public class AuthnRequestHandler implements IRequestHandler, PVPConstants {
- public boolean handleObject(MOARequest obj) {
- return (obj.getSamlRequest() instanceof AuthnRequest);
+ public boolean handleObject(InboundMessage obj) {
+
+ return (obj instanceof MOARequest &&
+ ((MOARequest)obj).getSamlRequest() instanceof AuthnRequest);
}
- public String process(MOARequest obj, HttpServletRequest req,
- HttpServletResponse resp, AuthenticationSession authSession) throws MOAIDException {
+ public SLOInformationInterface process(InboundMessage obj, HttpServletRequest req,
+ HttpServletResponse resp, IAuthData authData) throws MOAIDException {
if (!handleObject(obj)) {
throw new MOAIDException("pvp2.13", null);
}
-
+
//get basic information
- AuthnRequest authnRequest = (AuthnRequest) obj.getSamlRequest();
+ MOARequest moaRequest = (MOARequest) obj;
+ AuthnRequest authnRequest = (AuthnRequest) moaRequest.getSamlRequest();
EntityDescriptor peerEntity = obj.getEntityMetadata();
SPSSODescriptor spSSODescriptor = peerEntity
.getSPSSODescriptor(SAMLConstants.SAML20P_NS);
@@ -113,91 +96,14 @@ public class AuthnRequestHandler implements IRequestHandler, PVPConstants {
DateTime date = new DateTime();
- //build Assertion
- Assertion assertion = PVP2AssertionBuilder.buildAssertion(authnRequest, authSession, peerEntity, date, consumerService);
-
- Response authResponse = SAML2Utils.createSAMLObject(Response.class);
-
- Issuer nissuer = SAML2Utils.createSAMLObject(Issuer.class);
-
- //change to entity value from entity name to IDP EntityID (URL)
- nissuer.setValue(PVPConfiguration.getInstance().getIDPPublicPath());
- nissuer.setFormat(NameID.ENTITY);
- authResponse.setIssuer(nissuer);
- authResponse.setInResponseTo(authnRequest.getID());
-
- //set responseID
- String remoteSessionID = SAML2Utils.getSecureIdentifier();
- authResponse.setID(remoteSessionID);
-
+ SLOInformationImpl sloInformation = new SLOInformationImpl();
- //SAML2 response required IssueInstant
- authResponse.setIssueInstant(date);
+ //build Assertion
+ Assertion assertion = PVP2AssertionBuilder.buildAssertion(authnRequest, authData,
+ peerEntity, date, consumerService, sloInformation);
- authResponse.setStatus(SAML2Utils.getSuccessStatus());
-
- String oaURL = consumerService.getLocation();
-
- //check, if metadata includes an encryption key
- MetadataCredentialResolver mdCredResolver =
- new MetadataCredentialResolver(MOAMetadataProvider.getInstance());
-
- CriteriaSet criteriaSet = new CriteriaSet();
- criteriaSet.add( new EntityIDCriteria(obj.getSamlRequest().getIssuer().getValue()) );
- criteriaSet.add( new MetadataCriteria(SPSSODescriptor.DEFAULT_ELEMENT_NAME, SAMLConstants.SAML20P_NS) );
- criteriaSet.add( new UsageCriteria(UsageType.ENCRYPTION) );
-
- X509Credential encryptionCredentials = null;
- try {
- encryptionCredentials = (X509Credential) mdCredResolver.resolveSingle(criteriaSet);
-
- } catch (SecurityException e2) {
- Logger.warn("Can not extract the Assertion Encryption-Key from metadata", e2);
- throw new InvalidAssertionEncryptionException();
-
- }
-
- boolean isEncryptionActive = AuthConfigurationProvider.getInstance().isPVP2AssertionEncryptionActive();
- if (encryptionCredentials != null && isEncryptionActive) {
- //encrypt SAML2 assertion
-
- try {
-
- EncryptionParameters dataEncParams = new EncryptionParameters();
- dataEncParams.setAlgorithm(PVPConstants.DEFAULT_SYM_ENCRYPTION_METHODE);
-
- List<KeyEncryptionParameters> keyEncParamList = new ArrayList<KeyEncryptionParameters>();
- KeyEncryptionParameters keyEncParam = new KeyEncryptionParameters();
-
- keyEncParam.setEncryptionCredential(encryptionCredentials);
- keyEncParam.setAlgorithm(PVPConstants.DEFAULT_ASYM_ENCRYPTION_METHODE);
- KeyInfoGeneratorFactory kigf = Configuration.getGlobalSecurityConfiguration()
- .getKeyInfoGeneratorManager().getDefaultManager()
- .getFactory(encryptionCredentials);
- keyEncParam.setKeyInfoGenerator(kigf.newInstance());
- keyEncParamList.add(keyEncParam);
-
- Encrypter samlEncrypter = new Encrypter(dataEncParams, keyEncParamList);
- //samlEncrypter.setKeyPlacement(KeyPlacement.INLINE);
- samlEncrypter.setKeyPlacement(KeyPlacement.PEER);
-
- EncryptedAssertion encryptAssertion = null;
-
- encryptAssertion = samlEncrypter.encrypt(assertion);
-
- authResponse.getEncryptedAssertions().add(encryptAssertion);
-
- } catch (EncryptionException e1) {
- Logger.warn("Can not encrypt the PVP2 assertion", e1);
- throw new InvalidAssertionEncryptionException();
-
- }
-
- } else {
- authResponse.getAssertions().add(assertion);
-
- }
-
+ Response authResponse = AuthResponseBuilder.buildResponse(authnRequest, date, assertion);
+
IEncoder binding = null;
if (consumerService.getBinding().equals(
@@ -218,32 +124,21 @@ public class AuthnRequestHandler implements IRequestHandler, PVPConstants {
if (binding == null) {
throw new BindingNotSupportedException(consumerService.getBinding());
}
-
+
try {
- binding.encodeRespone(req, resp, authResponse, oaURL, obj.getRelayState());
- // TODO add remoteSessionID to AuthSession ExternalPVPSessionStore
-
-// Logger logger = new Logger();
-// logger.debug("Redirect Binding Request = " + PrettyPrinter.prettyPrint(SAML2Utils.asDOMDocument(authResponse)));
-
-
- return assertion.getID();
+ binding.encodeRespone(req, resp, authResponse,
+ consumerService.getLocation(), obj.getRelayState());
+
+ return sloInformation;
} catch (MessageEncodingException e) {
Logger.error("Message Encoding exception", e);
throw new MOAIDException("pvp2.01", null, e);
+
} catch (SecurityException e) {
Logger.error("Security exception", e);
throw new MOAIDException("pvp2.01", null, e);
-// } catch (TransformerException e) {
-// Logger.error("Security exception", e);
-// throw new MOAIDException("pvp2.01", null, e);
-// } catch (IOException e) {
-// Logger.error("Security exception", e);
-// throw new MOAIDException("pvp2.01", null, e);
-// } catch (MarshallingException e) {
-// Logger.error("Security exception", e);
-// throw new MOAIDException("pvp2.01", null, e);
+
}
}
}
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/requestHandler/IRequestHandler.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/requestHandler/IRequestHandler.java
index 92a47adb3..d1ae0b202 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/requestHandler/IRequestHandler.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/requestHandler/IRequestHandler.java
@@ -25,13 +25,15 @@ package at.gv.egovernment.moa.id.protocols.pvp2x.requestHandler;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
-import at.gv.egovernment.moa.id.auth.data.AuthenticationSession;
import at.gv.egovernment.moa.id.auth.exception.MOAIDException;
-import at.gv.egovernment.moa.id.protocols.pvp2x.binding.MOARequest;
+import at.gv.egovernment.moa.id.data.IAuthData;
+import at.gv.egovernment.moa.id.data.SLOInformationInterface;
+import at.gv.egovernment.moa.id.protocols.pvp2x.messages.InboundMessage;
+import at.gv.egovernment.moa.id.protocols.pvp2x.messages.MOARequest;
public interface IRequestHandler {
- public boolean handleObject(MOARequest obj);
+ public boolean handleObject(InboundMessage obj);
- public String process(MOARequest obj, HttpServletRequest req,
- HttpServletResponse resp, AuthenticationSession moasession) throws MOAIDException;
+ public SLOInformationInterface process(InboundMessage obj, HttpServletRequest req,
+ HttpServletResponse resp, IAuthData authData) throws MOAIDException;
}
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/requestHandler/RequestManager.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/requestHandler/RequestManager.java
index a4f43a97a..5b9bf940d 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/requestHandler/RequestManager.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/requestHandler/RequestManager.java
@@ -29,9 +29,12 @@ import java.util.List;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
-import at.gv.egovernment.moa.id.auth.data.AuthenticationSession;
import at.gv.egovernment.moa.id.auth.exception.MOAIDException;
-import at.gv.egovernment.moa.id.protocols.pvp2x.binding.MOARequest;
+import at.gv.egovernment.moa.id.data.AuthenticationData;
+import at.gv.egovernment.moa.id.data.IAuthData;
+import at.gv.egovernment.moa.id.data.SLOInformationInterface;
+import at.gv.egovernment.moa.id.protocols.pvp2x.messages.InboundMessage;
+import at.gv.egovernment.moa.id.protocols.pvp2x.messages.MOARequest;
import at.gv.egovernment.moa.id.protocols.pvp2x.exceptions.SAMLRequestNotSupported;
public class RequestManager {
@@ -53,13 +56,13 @@ public class RequestManager {
handler.add(new ArtifactResolution());
}
- public String handle(MOARequest obj, HttpServletRequest req, HttpServletResponse resp, AuthenticationSession moasession)
+ public SLOInformationInterface handle(InboundMessage obj, HttpServletRequest req, HttpServletResponse resp, IAuthData authData)
throws SAMLRequestNotSupported, MOAIDException {
Iterator<IRequestHandler> it = handler.iterator();
while(it.hasNext()) {
IRequestHandler handler = it.next();
if(handler.handleObject(obj)) {
- return handler.process(obj, req, resp, moasession);
+ return handler.process(obj, req, resp, authData);
}
}
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/signer/CredentialProvider.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/signer/CredentialProvider.java
index d95e21a0e..48e435777 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/signer/CredentialProvider.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/signer/CredentialProvider.java
@@ -39,6 +39,7 @@ import at.gv.egovernment.moa.id.protocols.pvp2x.config.PVPConfiguration;
import at.gv.egovernment.moa.id.protocols.pvp2x.utils.SAML2Utils;
import at.gv.egovernment.moa.logging.Logger;
import at.gv.egovernment.moa.util.KeyStoreUtils;
+import at.gv.egovernment.moa.util.MiscUtil;
public class CredentialProvider {
@@ -86,7 +87,32 @@ public class CredentialProvider {
throw new CredentialsNotAvailableException(e.getMessage(), null);
}
}
-
+
+ public static X509Credential getIDPAssertionEncryptionCredential()
+ throws CredentialsNotAvailableException {
+ PVPConfiguration config = PVPConfiguration.getInstance();
+ try {
+ if (keyStore == null)
+ keyStore = KeyStoreUtils.loadKeyStore(config.getIDPKeyStoreFilename(),
+ config.getIDPKeyStorePassword());
+
+ //if no encryption key is configured return null
+ if (MiscUtil.isEmpty(config.getIDPKeyAliasAssertionEncryption()))
+ return null;
+
+ MOAKeyStoreX509CredentialAdapter credentials = new MOAKeyStoreX509CredentialAdapter(
+ keyStore, config.getIDPKeyAliasAssertionEncryption(), config
+ .getIDPKeyPasswordAssertionEncryption().toCharArray());
+
+ credentials.setUsageType(UsageType.ENCRYPTION);
+ return (X509Credential) credentials;
+ } catch (Exception e) {
+ Logger.error("Failed to generate IDP Assertion Encryption credentials");
+ e.printStackTrace();
+ throw new CredentialsNotAvailableException(e.getMessage(), null);
+ }
+ }
+
public static Signature getIDPSignature(Credential credentials) {
PrivateKey privatekey = credentials.getPrivateKey();
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/utils/AssertionAttributeExtractor.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/utils/AssertionAttributeExtractor.java
new file mode 100644
index 000000000..61b481447
--- /dev/null
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/utils/AssertionAttributeExtractor.java
@@ -0,0 +1,111 @@
+/*******************************************************************************
+ * Copyright 2014 Federal Chancellery Austria
+ * MOA-ID has been developed in a cooperation between BRZ, the Federal
+ * Chancellery Austria - ICT staff unit, and Graz University of Technology.
+ *
+ * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by
+ * the European Commission - subsequent versions of the EUPL (the "Licence");
+ * You may not use this work except in compliance with the Licence.
+ * You may obtain a copy of the Licence at:
+ * http://www.osor.eu/eupl/
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the Licence is distributed on an "AS IS" basis,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the Licence for the specific language governing permissions and
+ * limitations under the Licence.
+ *
+ * This product combines work with different licenses. See the "NOTICE" text
+ * file for details on the various modules and licenses.
+ * The "NOTICE" text file is part of the distribution. Any derivative works
+ * that you distribute must include a readable copy of the "NOTICE" text file.
+ *******************************************************************************/
+package at.gv.egovernment.moa.id.protocols.pvp2x.utils;
+
+import java.util.List;
+
+import org.opensaml.saml2.core.Assertion;
+import org.opensaml.saml2.core.AuthnContextClassRef;
+import org.opensaml.saml2.core.AuthnStatement;
+import org.opensaml.saml2.core.Response;
+import org.opensaml.saml2.core.Subject;
+
+import at.gv.egovernment.moa.id.protocols.pvp2x.exceptions.AssertionAttributeExtractorExeption;
+import at.gv.egovernment.moa.logging.Logger;
+import at.gv.egovernment.moa.util.MiscUtil;
+
+public class AssertionAttributeExtractor {
+
+ private Assertion assertion = null;
+
+ public AssertionAttributeExtractor(Response samlResponse) throws AssertionAttributeExtractorExeption {
+ if (samlResponse != null) {
+ if (samlResponse.getAssertions().size() == 0)
+ throw new AssertionAttributeExtractorExeption("Assertion");
+
+ else if (samlResponse.getAssertions().size() > 1)
+ Logger.warn("Found more then ONE PVP2.1 assertions. Only the First is used.");
+
+ assertion = samlResponse.getAssertions().get(0);
+
+ } else
+ throw new AssertionAttributeExtractorExeption();
+ }
+
+ public String getNameID() throws AssertionAttributeExtractorExeption {
+ if (assertion.getSubject() != null) {
+ Subject subject = assertion.getSubject();
+
+ if (subject.getNameID() != null) {
+ if (MiscUtil.isNotEmpty(subject.getNameID().getValue()))
+ return subject.getNameID().getValue();
+
+ else
+ Logger.error("SAML2 NameID Element is empty.");
+ }
+ }
+
+ throw new AssertionAttributeExtractorExeption("nameID");
+ }
+
+ public String getSessionIndex() throws AssertionAttributeExtractorExeption {
+ AuthnStatement authn = getAuthnStatement();
+
+ if (MiscUtil.isNotEmpty(authn.getSessionIndex()))
+ return authn.getSessionIndex();
+
+ else
+ throw new AssertionAttributeExtractorExeption("SessionIndex");
+ }
+
+ /**
+ * @return
+ * @throws AssertionAttributeExtractorExeption
+ */
+ public String getQAALevel() throws AssertionAttributeExtractorExeption {
+ AuthnStatement authn = getAuthnStatement();
+ if (authn.getAuthnContext() != null && authn.getAuthnContext().getAuthnContextClassRef() != null) {
+ AuthnContextClassRef qaaClass = authn.getAuthnContext().getAuthnContextClassRef();
+
+ if (MiscUtil.isNotEmpty(qaaClass.getAuthnContextClassRef()))
+ return qaaClass.getAuthnContextClassRef();
+
+ else
+ throw new AssertionAttributeExtractorExeption("AuthnContextClassRef (QAALevel)");
+ }
+
+ throw new AssertionAttributeExtractorExeption("AuthnContextClassRef");
+ }
+
+ private AuthnStatement getAuthnStatement() throws AssertionAttributeExtractorExeption {
+ List<AuthnStatement> authnList = assertion.getAuthnStatements();
+ if (authnList.size() == 0)
+ throw new AssertionAttributeExtractorExeption("AuthnStatement");
+
+ else if (authnList.size() > 1)
+ Logger.warn("Found more then ONE AuthnStatements in PVP2.1 assertions. Only the First is used.");
+
+ return authnList.get(0);
+ }
+
+}
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/utils/AttributeExtractor.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/utils/AttributeExtractor.java
deleted file mode 100644
index 666bfab3c..000000000
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/utils/AttributeExtractor.java
+++ /dev/null
@@ -1,85 +0,0 @@
-/*******************************************************************************
- * Copyright 2014 Federal Chancellery Austria
- * MOA-ID has been developed in a cooperation between BRZ, the Federal
- * Chancellery Austria - ICT staff unit, and Graz University of Technology.
- *
- * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by
- * the European Commission - subsequent versions of the EUPL (the "Licence");
- * You may not use this work except in compliance with the Licence.
- * You may obtain a copy of the Licence at:
- * http://www.osor.eu/eupl/
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the Licence is distributed on an "AS IS" basis,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the Licence for the specific language governing permissions and
- * limitations under the Licence.
- *
- * This product combines work with different licenses. See the "NOTICE" text
- * file for details on the various modules and licenses.
- * The "NOTICE" text file is part of the distribution. Any derivative works
- * that you distribute must include a readable copy of the "NOTICE" text file.
- *******************************************************************************/
-package at.gv.egovernment.moa.id.protocols.pvp2x.utils;
-
-import java.util.Iterator;
-import java.util.List;
-
-import at.gv.egovernment.moa.id.auth.data.AuthenticationSession;
-import at.gv.egovernment.moa.id.auth.data.ExtendedSAMLAttribute;
-
-public class AttributeExtractor {
-
- public static String extractSAMLAttributeOA(String name,
- AuthenticationSession authSession) {
- List<ExtendedSAMLAttribute> extAttributes = authSession.getExtendedSAMLAttributesOA();
- if(extAttributes == null) {
- return null;
- }
- Iterator<ExtendedSAMLAttribute> extAttributesIt = extAttributes.iterator();
- while(extAttributesIt.hasNext()) {
- Object attr = extAttributesIt.next();
- if(attr instanceof ExtendedSAMLAttribute) {
- ExtendedSAMLAttribute extAttribute = (ExtendedSAMLAttribute) attr;
- if(extAttribute.getName().equals(name)) {
- if(extAttribute.getValue() instanceof String) {
- return extAttribute.getValue().toString();
- }
- break;
- }
- }
- }
- return null;
- }
-
- public static String extractSAMLAttributeAUTH(String name,
- AuthenticationSession authSession) {
- List<ExtendedSAMLAttribute> extAttributes = authSession.getExtendedSAMLAttributesAUTH();
- if(extAttributes == null) {
- return null;
- }
- Iterator<ExtendedSAMLAttribute> extAttributesIt = extAttributes.iterator();
- while(extAttributesIt.hasNext()) {
- Object attr = extAttributesIt.next();
- if(attr instanceof ExtendedSAMLAttribute) {
- ExtendedSAMLAttribute extAttribute = (ExtendedSAMLAttribute) attr;
- if(extAttribute.getName().equals(name)) {
- if(extAttribute.getValue() instanceof String) {
- return extAttribute.getValue().toString();
- }
- break;
- }
- }
- }
- return null;
- }
-
- public static String extractSAMLAttributeBOTH(String name,
- AuthenticationSession authSession) {
- String value = extractSAMLAttributeOA(name, authSession);
- if(value == null) {
- value = extractSAMLAttributeAUTH(name, authSession);
- }
- return value;
- }
-}
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/utils/MOASAMLSOAPClient.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/utils/MOASAMLSOAPClient.java
new file mode 100644
index 000000000..12de97a3f
--- /dev/null
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/utils/MOASAMLSOAPClient.java
@@ -0,0 +1,93 @@
+/*
+ * Copyright 2014 Federal Chancellery Austria
+ * MOA-ID has been developed in a cooperation between BRZ, the Federal
+ * Chancellery Austria - ICT staff unit, and Graz University of Technology.
+ *
+ * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by
+ * the European Commission - subsequent versions of the EUPL (the "Licence");
+ * You may not use this work except in compliance with the Licence.
+ * You may obtain a copy of the Licence at:
+ * http://www.osor.eu/eupl/
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the Licence is distributed on an "AS IS" basis,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the Licence for the specific language governing permissions and
+ * limitations under the Licence.
+ *
+ * This product combines work with different licenses. See the "NOTICE" text
+ * file for details on the various modules and licenses.
+ * The "NOTICE" text file is part of the distribution. Any derivative works
+ * that you distribute must include a readable copy of the "NOTICE" text file.
+ */
+package at.gv.egovernment.moa.id.protocols.pvp2x.utils;
+
+import java.util.List;
+
+import org.apache.commons.httpclient.protocol.SecureProtocolSocketFactory;
+import org.opensaml.ws.soap.client.BasicSOAPMessageContext;
+import org.opensaml.ws.soap.client.http.HttpClientBuilder;
+import org.opensaml.ws.soap.client.http.HttpSOAPClient;
+import org.opensaml.ws.soap.common.SOAPException;
+import org.opensaml.ws.soap.soap11.Body;
+import org.opensaml.ws.soap.soap11.Envelope;
+import org.opensaml.xml.XMLObject;
+import org.opensaml.xml.parse.BasicParserPool;
+import org.opensaml.xml.security.SecurityException;
+
+import at.gv.egovernment.moa.id.commons.db.dao.config.ChainingModeType;
+import at.gv.egovernment.moa.id.commons.ex.MOAHttpProtocolSocketFactoryException;
+import at.gv.egovernment.moa.id.commons.utils.MOAHttpProtocolSocketFactory;
+import at.gv.egovernment.moa.id.config.ConfigurationException;
+import at.gv.egovernment.moa.id.config.auth.AuthConfigurationProvider;
+import at.gv.egovernment.moa.id.protocols.pvp2x.PVPConstants;
+import at.gv.egovernment.moa.logging.Logger;
+
+/**
+ * @author tlenz
+ *
+ */
+public class MOASAMLSOAPClient {
+
+ public static List<XMLObject> send(String destination, XMLObject payLoad) throws ConfigurationException, SOAPException, SecurityException {
+ //build SOAP request
+ BasicParserPool parserPool = new BasicParserPool();
+ parserPool.setNamespaceAware(true);
+
+ Envelope soapRequest = SAML2Utils.buildSOAP11Envelope(payLoad);
+
+ BasicSOAPMessageContext soapContext = new BasicSOAPMessageContext();
+ soapContext.setOutboundMessage(soapRequest);
+
+ HttpClientBuilder clientBuilder = new HttpClientBuilder();
+ if (destination.startsWith("https")) {
+ try {
+ SecureProtocolSocketFactory sslprotocolsocketfactory =
+ new MOAHttpProtocolSocketFactory(
+ PVPConstants.SSLSOCKETFACTORYNAME,
+ AuthConfigurationProvider.getInstance().getCertstoreDirectory(),
+ AuthConfigurationProvider.getInstance().getTrustedCACertificates(),
+ null,
+ ChainingModeType.fromValue(AuthConfigurationProvider.getInstance().getDefaultChainingMode()),
+ AuthConfigurationProvider.getInstance().isTrustmanagerrevoationchecking());
+ clientBuilder.setHttpsProtocolSocketFactory(sslprotocolsocketfactory );
+
+ } catch (MOAHttpProtocolSocketFactoryException e) {
+ Logger.warn("MOA SSL-TrustStore can not initialized. Use default Java TrustStore.");
+
+ }
+ }
+
+ HttpSOAPClient soapClient = new HttpSOAPClient(clientBuilder.buildClient(), parserPool);
+
+ //send request to IDP
+ soapClient.send(destination, soapContext);
+
+ //parse response
+ Envelope soapResponse = (Envelope) soapContext.getInboundMessage();
+ Body soapBody = soapResponse.getBody();
+
+ return soapBody.getUnknownXMLObjects();
+
+ }
+}
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/utils/SAML2Utils.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/utils/SAML2Utils.java
index b52e37e06..9d57c2bae 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/utils/SAML2Utils.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/utils/SAML2Utils.java
@@ -38,6 +38,8 @@ import org.opensaml.saml2.core.Status;
import org.opensaml.saml2.core.StatusCode;
import org.opensaml.saml2.metadata.AssertionConsumerService;
import org.opensaml.saml2.metadata.SPSSODescriptor;
+import org.opensaml.ws.soap.soap11.Body;
+import org.opensaml.ws.soap.soap11.Envelope;
import org.opensaml.xml.XMLObject;
import org.opensaml.xml.XMLObjectBuilderFactory;
import org.opensaml.xml.io.Marshaller;
@@ -115,4 +117,15 @@ public class SAML2Utils {
return 0;
}
+
+ public static Envelope buildSOAP11Envelope(XMLObject payload) {
+ XMLObjectBuilderFactory bf = Configuration.getBuilderFactory();
+ Envelope envelope = (Envelope) bf.getBuilder(Envelope.DEFAULT_ELEMENT_NAME).buildObject(Envelope.DEFAULT_ELEMENT_NAME);
+ Body body = (Body) bf.getBuilder(Body.DEFAULT_ELEMENT_NAME).buildObject(Body.DEFAULT_ELEMENT_NAME);
+
+ body.getUnknownXMLObjects().add(payload);
+ envelope.setBody(body);
+
+ return envelope;
+ }
}
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/verification/SAMLVerificationEngine.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/verification/SAMLVerificationEngine.java
index ac222ee54..6388042d9 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/verification/SAMLVerificationEngine.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/verification/SAMLVerificationEngine.java
@@ -22,21 +22,60 @@
*******************************************************************************/
package at.gv.egovernment.moa.id.protocols.pvp2x.verification;
+import java.util.ArrayList;
+import java.util.List;
+
+import org.joda.time.DateTime;
import org.opensaml.common.xml.SAMLConstants;
+import org.opensaml.saml2.core.Conditions;
+import org.opensaml.saml2.core.EncryptedAssertion;
import org.opensaml.saml2.core.RequestAbstractType;
import org.opensaml.saml2.core.Response;
+import org.opensaml.saml2.core.StatusCode;
+import org.opensaml.saml2.encryption.Decrypter;
+import org.opensaml.saml2.encryption.EncryptedElementTypeEncryptedKeyResolver;
+import org.opensaml.saml2.metadata.IDPSSODescriptor;
import org.opensaml.saml2.metadata.SPSSODescriptor;
import org.opensaml.security.MetadataCriteria;
import org.opensaml.security.SAMLSignatureProfileValidator;
+import org.opensaml.xml.encryption.ChainingEncryptedKeyResolver;
+import org.opensaml.xml.encryption.DecryptionException;
+import org.opensaml.xml.encryption.InlineEncryptedKeyResolver;
+import org.opensaml.xml.encryption.SimpleRetrievalMethodEncryptedKeyResolver;
import org.opensaml.xml.security.CriteriaSet;
import org.opensaml.xml.security.credential.UsageType;
import org.opensaml.xml.security.criteria.EntityIDCriteria;
import org.opensaml.xml.security.criteria.UsageCriteria;
+import org.opensaml.xml.security.keyinfo.StaticKeyInfoCredentialResolver;
+import org.opensaml.xml.security.x509.X509Credential;
import org.opensaml.xml.signature.SignatureTrustEngine;
import org.opensaml.xml.validation.ValidationException;
+import at.gv.egovernment.moa.id.auth.exception.InvalidProtocolRequestException;
+import at.gv.egovernment.moa.id.config.ConfigurationException;
+import at.gv.egovernment.moa.id.protocols.pvp2x.config.PVPConfiguration;
+import at.gv.egovernment.moa.id.protocols.pvp2x.exceptions.AssertionValidationExeption;
+import at.gv.egovernment.moa.id.protocols.pvp2x.messages.InboundMessage;
+import at.gv.egovernment.moa.id.protocols.pvp2x.messages.MOARequest;
+import at.gv.egovernment.moa.id.protocols.pvp2x.messages.MOAResponse;
+import at.gv.egovernment.moa.id.protocols.pvp2x.signer.CredentialProvider;
+import at.gv.egovernment.moa.id.protocols.pvp2x.signer.CredentialsNotAvailableException;
+import at.gv.egovernment.moa.logging.Logger;
+
public class SAMLVerificationEngine {
+
+ public void verify(InboundMessage msg, SignatureTrustEngine sigTrustEngine ) throws org.opensaml.xml.security.SecurityException, Exception {
+ if (msg instanceof MOARequest &&
+ ((MOARequest)msg).getSamlRequest() instanceof RequestAbstractType)
+ verifyRequest(((RequestAbstractType)((MOARequest)msg).getSamlRequest()), sigTrustEngine);
+
+ else
+ verifyResponse(((MOAResponse)msg).getResponse(), sigTrustEngine);
+
+ }
+
+
public void verifyResponse(Response samlObj, SignatureTrustEngine sigTrustEngine ) throws org.opensaml.xml.security.SecurityException, Exception {
SAMLSignatureProfileValidator profileValidator = new SAMLSignatureProfileValidator();
try {
@@ -48,16 +87,16 @@ public class SAMLVerificationEngine {
CriteriaSet criteriaSet = new CriteriaSet();
criteriaSet.add( new EntityIDCriteria(samlObj.getIssuer().getValue()) );
- criteriaSet.add( new MetadataCriteria(SPSSODescriptor.DEFAULT_ELEMENT_NAME, SAMLConstants.SAML20P_NS) );
+ criteriaSet.add( new MetadataCriteria(IDPSSODescriptor.DEFAULT_ELEMENT_NAME, SAMLConstants.SAML20P_NS) );
criteriaSet.add( new UsageCriteria(UsageType.SIGNING) );
try {
if (!sigTrustEngine.validate(samlObj.getSignature(), criteriaSet)) {
- throw new Exception("Signature was either invalid or signing key could not be established as trusted");
+ throw new InvalidProtocolRequestException("pvp2.21", new Object[] {});
}
} catch (SecurityException e) {
- // Indicates processing error evaluating the signature
e.printStackTrace();
+ throw new InvalidProtocolRequestException("pvp2.21", new Object[] {});
}
}
@@ -78,12 +117,96 @@ public class SAMLVerificationEngine {
try {
if (!sigTrustEngine.validate(samlObj.getSignature(), criteriaSet)) {
- throw new Exception("Signature was either invalid or signing key could not be established as trusted");
+ throw new InvalidProtocolRequestException("pvp2.21", new Object[] {});
}
} catch (SecurityException e) {
- // Indicates processing error evaluating the signature
- e.printStackTrace();
+ e.printStackTrace();
+ throw new InvalidProtocolRequestException("pvp2.21", new Object[] {});
}
}
+ public static void validateAssertion(Response samlResp, boolean validateDestination) throws AssertionValidationExeption {
+ try {
+ if (samlResp.getStatus().getStatusCode().getValue().equals(StatusCode.SUCCESS_URI)) {
+ List<org.opensaml.saml2.core.Assertion> saml2assertions = new ArrayList<org.opensaml.saml2.core.Assertion>();
+
+ if (validateDestination && !samlResp.getDestination().startsWith(
+ PVPConfiguration.getInstance().getIDPPublicPath())) {
+ Logger.warn("PVP 2.1 assertion destination does not match to IDP URL");
+ throw new AssertionValidationExeption("PVP 2.1 assertion destination does not match to IDP URL", null);
+
+ }
+
+ //check encrypted Assertion
+ List<EncryptedAssertion> encryAssertionList = samlResp.getEncryptedAssertions();
+ if (encryAssertionList != null && encryAssertionList.size() > 0) {
+ //decrypt assertions
+
+ Logger.debug("Found encryped assertion. Start decryption ...");
+
+ X509Credential authDecCredential = CredentialProvider.getIDPAssertionEncryptionCredential();
+
+ StaticKeyInfoCredentialResolver skicr =
+ new StaticKeyInfoCredentialResolver(authDecCredential);
+
+ ChainingEncryptedKeyResolver encryptedKeyResolver = new ChainingEncryptedKeyResolver();
+ encryptedKeyResolver.getResolverChain().add( new InlineEncryptedKeyResolver() );
+ encryptedKeyResolver.getResolverChain().add( new EncryptedElementTypeEncryptedKeyResolver() );
+ encryptedKeyResolver.getResolverChain().add( new SimpleRetrievalMethodEncryptedKeyResolver() );
+
+ Decrypter samlDecrypter =
+ new Decrypter(null, skicr, encryptedKeyResolver);
+
+ for (EncryptedAssertion encAssertion : encryAssertionList) {
+ saml2assertions.add(samlDecrypter.decrypt(encAssertion));
+
+ }
+
+ Logger.debug("Assertion decryption finished. ");
+
+ } else {
+ saml2assertions.addAll(samlResp.getAssertions());
+
+ }
+
+ for (org.opensaml.saml2.core.Assertion saml2assertion : saml2assertions) {
+
+ Conditions conditions = saml2assertion.getConditions();
+ DateTime notbefore = conditions.getNotBefore();
+ DateTime notafter = conditions.getNotOnOrAfter();
+ if ( notbefore.isAfterNow() || notafter.isBeforeNow() ) {
+ Logger.warn("PVP2 Assertion is out of Date");
+ saml2assertions.remove(saml2assertion);
+
+ }
+ }
+
+ if (saml2assertions.isEmpty()) {
+ Logger.info("No valid PVP 2.1 assertion received.");
+ throw new AssertionValidationExeption("No valid PVP 2.1 assertion received.", null);
+ }
+
+ samlResp.getAssertions().clear();
+ samlResp.getEncryptedAssertions().clear();
+ samlResp.getAssertions().addAll(saml2assertions);
+
+ } else {
+ Logger.info("PVP 2.1 assertion includes an error. Receive errorcode "
+ + samlResp.getStatus().getStatusCode().getValue());
+ throw new AssertionValidationExeption("PVP 2.1 assertion includes an error. Receive errorcode "
+ + samlResp.getStatus().getStatusCode().getValue(), null);
+ }
+
+ } catch (CredentialsNotAvailableException e) {
+ Logger.warn("Assertion decrypt FAILED - No Credentials", e);
+ throw new AssertionValidationExeption("Assertion decrypt FAILED - No Credentials", null, e);
+
+ } catch (DecryptionException e) {
+ Logger.warn("Assertion decrypt FAILED.", e);
+ throw new AssertionValidationExeption("Assertion decrypt FAILED.", null, e);
+
+ } catch (ConfigurationException e) {
+ throw new AssertionValidationExeption("pvp.12", null, e);
+ }
+ }
}
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/verification/metadata/InterfederatedIDPPublicServiceFilter.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/verification/metadata/InterfederatedIDPPublicServiceFilter.java
new file mode 100644
index 000000000..3d608fd6d
--- /dev/null
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/verification/metadata/InterfederatedIDPPublicServiceFilter.java
@@ -0,0 +1,76 @@
+/*
+ * Copyright 2014 Federal Chancellery Austria
+ * MOA-ID has been developed in a cooperation between BRZ, the Federal
+ * Chancellery Austria - ICT staff unit, and Graz University of Technology.
+ *
+ * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by
+ * the European Commission - subsequent versions of the EUPL (the "Licence");
+ * You may not use this work except in compliance with the Licence.
+ * You may obtain a copy of the Licence at:
+ * http://www.osor.eu/eupl/
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the Licence is distributed on an "AS IS" basis,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the Licence for the specific language governing permissions and
+ * limitations under the Licence.
+ *
+ * This product combines work with different licenses. See the "NOTICE" text
+ * file for details on the various modules and licenses.
+ * The "NOTICE" text file is part of the distribution. Any derivative works
+ * that you distribute must include a readable copy of the "NOTICE" text file.
+ */
+package at.gv.egovernment.moa.id.protocols.pvp2x.verification.metadata;
+
+import org.opensaml.saml2.metadata.provider.FilterException;
+import org.opensaml.saml2.metadata.provider.MetadataFilter;
+import org.opensaml.xml.XMLObject;
+
+import at.gv.egovernment.moa.id.commons.db.dao.config.InterfederationIDPType;
+import at.gv.egovernment.moa.id.commons.validation.ValidationHelper;
+import at.gv.egovernment.moa.logging.Logger;
+
+/**
+ * @author tlenz
+ *
+ */
+public class InterfederatedIDPPublicServiceFilter implements MetadataFilter {
+
+ private String metadataURL;
+ private boolean isPublicService = false;
+
+ /**
+ *
+ */
+ public InterfederatedIDPPublicServiceFilter(String metadataURL, String oaType) {
+ Logger.debug("Add " + this.getClass().getName() + " to metadata policy");
+ this.metadataURL = metadataURL;
+
+ if (oaType.equals("businessService"))
+ this.isPublicService = false;
+ else
+ this.isPublicService = true;
+ }
+
+
+ /* (non-Javadoc)
+ * @see org.opensaml.saml2.metadata.provider.MetadataFilter#doFilter(org.opensaml.xml.XMLObject)
+ */
+ @Override
+ public void doFilter(XMLObject arg0) throws FilterException {
+
+ boolean metadatacheck = ValidationHelper.isPublicServiceAllowed(this.metadataURL);
+
+ if (isPublicService && isPublicService != metadatacheck) {
+ Logger.warn("Interfederated IDP " + metadataURL + " is configured " +
+ "as Public-Servic IDP but PublicService policy check FAILED.");
+ throw new FilterException("Interfederated IDP " + metadataURL + " is configured " +
+ "as Public-Servic IDP but PublicService policy check FAILED.");
+
+ }
+
+ Logger.info("Metadata PublicService policy check done OK");
+
+ }
+
+}
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/verification/metadata/MetadataFilterChain.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/verification/metadata/MetadataFilterChain.java
new file mode 100644
index 000000000..4e1d939ff
--- /dev/null
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/verification/metadata/MetadataFilterChain.java
@@ -0,0 +1,82 @@
+/*
+ * Copyright 2014 Federal Chancellery Austria
+ * MOA-ID has been developed in a cooperation between BRZ, the Federal
+ * Chancellery Austria - ICT staff unit, and Graz University of Technology.
+ *
+ * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by
+ * the European Commission - subsequent versions of the EUPL (the "Licence");
+ * You may not use this work except in compliance with the Licence.
+ * You may obtain a copy of the Licence at:
+ * http://www.osor.eu/eupl/
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the Licence is distributed on an "AS IS" basis,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the Licence for the specific language governing permissions and
+ * limitations under the Licence.
+ *
+ * This product combines work with different licenses. See the "NOTICE" text
+ * file for details on the various modules and licenses.
+ * The "NOTICE" text file is part of the distribution. Any derivative works
+ * that you distribute must include a readable copy of the "NOTICE" text file.
+ */
+package at.gv.egovernment.moa.id.protocols.pvp2x.verification.metadata;
+
+import java.security.cert.CertificateException;
+import java.util.ArrayList;
+import java.util.List;
+
+import org.opensaml.saml2.metadata.provider.FilterException;
+import org.opensaml.saml2.metadata.provider.MetadataFilter;
+import org.opensaml.xml.XMLObject;
+
+import at.gv.egovernment.moa.logging.Logger;
+
+/**
+ * @author tlenz
+ *
+ */
+public class MetadataFilterChain implements MetadataFilter {
+
+ private List<MetadataFilter> filters = new ArrayList<MetadataFilter>();
+
+ /**
+ * @throws CertificateException
+ *
+ */
+ public MetadataFilterChain(String url, byte[] certificate) throws CertificateException {
+ addDefaultFilters(url, certificate);
+ }
+
+ public void addDefaultFilters(String url, byte[] certificate) throws CertificateException {
+ filters.add(new MetadataSignatureFilter(url, certificate));
+
+ }
+
+ /**
+ * @return the filter
+ */
+ public List<MetadataFilter> getFilters() {
+ return filters;
+ }
+
+
+ /* (non-Javadoc)
+ * @see org.opensaml.saml2.metadata.provider.MetadataFilter#doFilter(org.opensaml.xml.XMLObject)
+ */
+ @Override
+ public void doFilter(XMLObject arg0) throws FilterException {
+ for (MetadataFilter filter : filters) {
+ Logger.trace("Use MOAMetadatafilter " + filter.getClass().getName());
+ filter.doFilter(arg0);
+ }
+
+ }
+
+
+
+
+
+
+
+}
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/verification/MetadataSignatureFilter.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/verification/metadata/MetadataSignatureFilter.java
index ed0cf9c62..0405fa114 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/verification/MetadataSignatureFilter.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/verification/metadata/MetadataSignatureFilter.java
@@ -20,7 +20,7 @@
* The "NOTICE" text file is part of the distribution. Any derivative works
* that you distribute must include a readable copy of the "NOTICE" text file.
*******************************************************************************/
-package at.gv.egovernment.moa.id.protocols.pvp2x.verification;
+package at.gv.egovernment.moa.id.protocols.pvp2x.verification.metadata;
import iaik.x509.X509Certificate;
@@ -39,6 +39,7 @@ import org.opensaml.xml.security.x509.BasicX509Credential;
import at.gv.egovernment.moa.id.auth.exception.MOAIDException;
import at.gv.egovernment.moa.id.commons.db.ConfigurationDBUtils;
import at.gv.egovernment.moa.id.protocols.pvp2x.exceptions.NoCredentialsException;
+import at.gv.egovernment.moa.id.protocols.pvp2x.verification.EntityVerifier;
import at.gv.egovernment.moa.logging.Logger;
public class MetadataSignatureFilter implements MetadataFilter {
@@ -151,9 +152,9 @@ public class MetadataSignatureFilter implements MetadataFilter {
ConfigurationDBUtils.closeSession();
- Logger.info("Metadata Filter done OK");
+ Logger.info("Metadata signature policy check done OK");
} catch (MOAIDException e) {
- e.printStackTrace();
+ Logger.warn("Metadata signature policy check FAILED.", e);
throw new FilterException(e);
}
}
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/saml1/GetArtifactAction.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/saml1/GetArtifactAction.java
index c337433b6..67f780b3a 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/saml1/GetArtifactAction.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/saml1/GetArtifactAction.java
@@ -27,30 +27,26 @@ import java.util.List;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
-import at.gv.egovernment.moa.id.auth.AuthenticationServer;
-import at.gv.egovernment.moa.id.auth.data.AuthenticationSession;
import at.gv.egovernment.moa.id.auth.data.ExtendedSAMLAttribute;
import at.gv.egovernment.moa.id.auth.exception.AuthenticationException;
-import at.gv.egovernment.moa.id.auth.exception.WrongParametersException;
import at.gv.egovernment.moa.id.auth.servlet.RedirectServlet;
import at.gv.egovernment.moa.id.auth.stork.STORKResponseProcessor;
import at.gv.egovernment.moa.id.config.auth.AuthConfigurationProvider;
import at.gv.egovernment.moa.id.config.auth.OAAuthParameter;
-import at.gv.egovernment.moa.id.data.AuthenticationData;
+import at.gv.egovernment.moa.id.data.IAuthData;
+import at.gv.egovernment.moa.id.data.SLOInformationImpl;
+import at.gv.egovernment.moa.id.data.SLOInformationInterface;
import at.gv.egovernment.moa.id.moduls.IAction;
import at.gv.egovernment.moa.id.moduls.IRequest;
-import at.gv.egovernment.moa.id.storage.AuthenticationSessionStoreage;
-import at.gv.egovernment.moa.id.util.ParamValidatorUtils;
import at.gv.egovernment.moa.logging.Logger;
import at.gv.egovernment.moa.util.URLEncoder;
public class GetArtifactAction implements IAction {
- public String processRequest(IRequest req, HttpServletRequest httpReq,
- HttpServletResponse httpResp, AuthenticationSession session) throws AuthenticationException {
+ public SLOInformationInterface processRequest(IRequest req, HttpServletRequest httpReq,
+ HttpServletResponse httpResp, IAuthData obj) throws AuthenticationException {
String oaURL = (String) req.getOAURL();
- String target = (String) req.getTarget();
String sourceID = null;
if (req instanceof SAML1RequestImpl) {
@@ -59,42 +55,32 @@ public class GetArtifactAction implements IAction {
}
- try {
-
-
- if (oaURL == null) {
- throw new WrongParametersException("StartAuthentication",
- PARAM_OA, "auth.12");
- }
+ SAML1AuthenticationData authData;
+ if (obj instanceof SAML1AuthenticationData) {
+ authData = (SAML1AuthenticationData) obj;
- // check parameter
- if (!ParamValidatorUtils.isValidOA(oaURL))
- throw new WrongParametersException("StartAuthentication",
- PARAM_OA, "auth.12");
-
- // TODO: Support Mandate MODE!
+ } else {
+ Logger.error("AuthDate is NOT of type SAML1AuthenticationData.");
+ throw new AuthenticationException("AuthDate is NOT of type SAML1AuthenticationData.", new Object[]{});
+ }
+
+ try {
OAAuthParameter oaParam = AuthConfigurationProvider.getInstance()
- .getOnlineApplicationParameter(oaURL);
-
- SAML1AuthenticationServer saml1server = SAML1AuthenticationServer.getInstace();
-
- AuthenticationData authData = SAML1AuthenticationServer.buildAuthenticationData(session,
- oaParam,
- target);
+ .getOnlineApplicationParameter(oaURL);
+ SAML1AuthenticationServer saml1server = SAML1AuthenticationServer.getInstace();
+
// add other stork attributes to MOA assertion if available
- if(null != session.getStorkAttributes()) {
- List<ExtendedSAMLAttribute> moaExtendedSAMLAttibutes = STORKResponseProcessor.addAdditionalSTORKAttributes(session.getStorkAttributes());
- session.getExtendedSAMLAttributesOA().addAll(moaExtendedSAMLAttibutes);
- //produce MOA-Assertion and artifact
- AuthenticationServer.getInstance().getForeignAuthenticationData(session);
+ if(null != authData.getStorkAttributes()) {
+ List<ExtendedSAMLAttribute> moaExtendedSAMLAttibutes = STORKResponseProcessor.addAdditionalSTORKAttributes(authData.getStorkAttributes());
+ authData.getExtendedSAMLAttributesOA().addAll(moaExtendedSAMLAttibutes);
Logger.info("MOA assertion assembled and SAML Artifact generated.");
}
- String samlArtifactBase64 = saml1server.BuildSAMLArtifact(session, oaParam, authData, sourceID);
+ String samlArtifactBase64 = saml1server.BuildSAMLArtifact(oaParam, authData, sourceID);
- if (AuthenticationSessionStoreage.isSSOSession(session.getSessionID())) {
- String url = "RedirectServlet";
+ if (authData.isSsoSession()) {
+ String url = AuthConfigurationProvider.getInstance().getPublicURLPrefix() + "/RedirectServlet";
url = addURLParameter(url, RedirectServlet.REDIRCT_PARAM_URL, URLEncoder.encode(oaURL, "UTF-8"));
if (!oaParam.getBusinessService())
url = addURLParameter(url, PARAM_TARGET, URLEncoder.encode(oaParam.getTarget(), "UTF-8"));
@@ -122,7 +108,10 @@ public class GetArtifactAction implements IAction {
Logger.debug("REDIRECT TO: " + redirectURL);
}
- return authData.getAssertionID();
+ SLOInformationInterface sloInformation =
+ new SLOInformationImpl(authData.getAssertionID(), null, null, req.requestedModule());
+
+ return sloInformation;
} catch (Exception ex) {
Logger.error("SAML1 Assertion build error", ex);
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/saml1/GetAuthenticationDataService.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/saml1/GetAuthenticationDataService.java
index 0f5e9ee68..2b4aaf458 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/saml1/GetAuthenticationDataService.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/saml1/GetAuthenticationDataService.java
@@ -56,7 +56,7 @@ import org.w3c.dom.NodeList;
import at.gv.egovernment.moa.id.auth.builder.SAMLResponseBuilder;
import at.gv.egovernment.moa.id.auth.exception.AuthenticationException;
import at.gv.egovernment.moa.id.auth.exception.MOAIDException;
-import at.gv.egovernment.moa.id.data.AuthenticationData;
+import at.gv.egovernment.moa.id.util.ErrorResponseUtils;
import at.gv.egovernment.moa.id.util.MOAIDMessageProvider;
import at.gv.egovernment.moa.id.util.Random;
import at.gv.egovernment.moa.util.Constants;
@@ -138,12 +138,9 @@ public class GetAuthenticationDataService implements Constants {
try {
- AuthenticationData authData = saml1server.getSaml1AuthenticationData(samlArtifact);
+ samlAssertion = saml1server.getSaml1AuthenticationData(samlArtifact);
-// useUTC = authData.getUseUTC();
-
// success
- samlAssertion = authData.getSamlAssertion();
statusCode = "samlp:Success";
statusMessageCode = "1200";
}
@@ -153,18 +150,18 @@ public class GetAuthenticationDataService implements Constants {
try {
Throwable error = saml1server.getErrorResponse(samlArtifact);
statusCode = "samlp:Responder";
- subStatusCode = "samlp:RequestDenied";
+
+ ErrorResponseUtils errorUtils = ErrorResponseUtils.getInstance();
if (error instanceof MOAIDException) {
- statusMessageCode = ((MOAIDException)error).getMessageId();
+ statusMessageCode = ((MOAIDException)error).getMessageId();
statusMessage = StringEscapeUtils.escapeXml(((MOAIDException)error).getMessage());
} else {
- statusMessage = StringEscapeUtils.escapeXml(error.getMessage());
- }
-
-
-
+ statusMessage = StringEscapeUtils.escapeXml(error.getMessage());
+ }
+ subStatusCode = errorUtils.getResponseErrorCode(error);
+
} catch (Exception e) {
//no authentication data for given SAML artifact
statusCode = "samlp:Requester";
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/saml1/SAML1AuthenticationData.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/saml1/SAML1AuthenticationData.java
new file mode 100644
index 000000000..d48c0a9bb
--- /dev/null
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/saml1/SAML1AuthenticationData.java
@@ -0,0 +1,177 @@
+/*******************************************************************************
+ * Copyright 2014 Federal Chancellery Austria
+ * MOA-ID has been developed in a cooperation between BRZ, the Federal
+ * Chancellery Austria - ICT staff unit, and Graz University of Technology.
+ *
+ * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by
+ * the European Commission - subsequent versions of the EUPL (the "Licence");
+ * You may not use this work except in compliance with the Licence.
+ * You may obtain a copy of the Licence at:
+ * http://www.osor.eu/eupl/
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the Licence is distributed on an "AS IS" basis,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the Licence for the specific language governing permissions and
+ * limitations under the Licence.
+ *
+ * This product combines work with different licenses. See the "NOTICE" text
+ * file for details on the various modules and licenses.
+ * The "NOTICE" text file is part of the distribution. Any derivative works
+ * that you distribute must include a readable copy of the "NOTICE" text file.
+ ******************************************************************************/
+/*
+ * Copyright 2003 Federal Chancellery Austria
+ * MOA-ID has been developed in a cooperation between BRZ, the Federal
+ * Chancellery Austria - ICT staff unit, and Graz University of Technology.
+ *
+ * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by
+ * the European Commission - subsequent versions of the EUPL (the "Licence");
+ * You may not use this work except in compliance with the Licence.
+ * You may obtain a copy of the Licence at:
+ * http://www.osor.eu/eupl/
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the Licence is distributed on an "AS IS" basis,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the Licence for the specific language governing permissions and
+ * limitations under the Licence.
+ *
+ * This product combines work with different licenses. See the "NOTICE" text
+ * file for details on the various modules and licenses.
+ * The "NOTICE" text file is part of the distribution. Any derivative works
+ * that you distribute must include a readable copy of the "NOTICE" text file.
+ */
+
+
+package at.gv.egovernment.moa.id.protocols.saml1;
+
+import java.text.ParseException;
+import java.util.List;
+
+import at.gv.egovernment.moa.id.auth.data.ExtendedSAMLAttribute;
+import at.gv.egovernment.moa.id.data.AuthenticationData;
+import at.gv.egovernment.moa.id.util.Random;
+import at.gv.egovernment.moa.logging.Logger;
+import at.gv.egovernment.moa.util.DateTimeUtils;
+
+/**
+ * Encapsulates authentication data contained in a <code>&lt;saml:Assertion&gt;</code>.
+ *
+ * @author Paul Ivancsics
+ * @version $Id$
+ */
+
+public class SAML1AuthenticationData extends AuthenticationData {
+ /**
+ *
+ */
+ private static final long serialVersionUID = -1042697056735596866L;
+/**
+ * major version number of the SAML assertion
+ */
+ private int majorVersion;
+ /**
+ * minor version number of the SAML assertion
+ */
+ private int minorVersion;
+ /**
+ * identifier for this assertion
+ */
+ private String assertionID;
+/**
+ * @return the majorVersion
+ */
+
+ private String samlAssertion = null;
+
+ private List<ExtendedSAMLAttribute> extendedSAMLAttributesOA;
+
+
+ public SAML1AuthenticationData() {
+ this.setMajorVersion(1);
+ this.setMinorVersion(0);
+ this.setAssertionID(Random.nextRandom());
+ }
+
+
+ //this method is only required for MOA-ID Proxy 2.0 Release.
+ //TODO: remove it, if MOA-ID Proxy is not supported anymore.
+ public String getWBPK() {
+ return getBPK();
+ }
+
+public int getMajorVersion() {
+ return majorVersion;
+}
+/**
+ * @param majorVersion the majorVersion to set
+ */
+public void setMajorVersion(int majorVersion) {
+ this.majorVersion = majorVersion;
+}
+/**
+ * @return the minorVersion
+ */
+public int getMinorVersion() {
+ return minorVersion;
+}
+/**
+ * @param minorVersion the minorVersion to set
+ */
+public void setMinorVersion(int minorVersion) {
+ this.minorVersion = minorVersion;
+}
+/**
+ * @return the assertionID
+ */
+public String getAssertionID() {
+ return assertionID;
+}
+/**
+ * @param assertionID the assertionID to set
+ */
+public void setAssertionID(String assertionID) {
+ this.assertionID = assertionID;
+}
+
+public void setIssueInstant(String date) {
+ try {
+ setIssueInstant(DateTimeUtils.parseDateTime(date));
+
+ } catch (ParseException e) {
+ Logger.error("Parse IssueInstant element FAILED.", e);
+
+ }
+}
+
+/**
+ * @return the samlAssertion
+ */
+public String getSamlAssertion() {
+ return samlAssertion;
+}
+
+/**
+ * @param samlAssertion the samlAssertion to set
+ */
+public void setSamlAssertion(String samlAssertion) {
+ this.samlAssertion = samlAssertion;
+}
+
+/**
+ * @return the extendedSAMLAttributesOA
+ */
+public List<ExtendedSAMLAttribute> getExtendedSAMLAttributesOA() {
+ return extendedSAMLAttributesOA;
+}
+
+/**
+ * @param extendedSAMLAttributesOA the extendedSAMLAttributesOA to set
+ */
+public void setExtendedSAMLAttributesOA(
+ List<ExtendedSAMLAttribute> extendedSAMLAttributesOA) {
+ this.extendedSAMLAttributesOA = extendedSAMLAttributesOA;
+}
+
+}
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/saml1/SAML1AuthenticationServer.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/saml1/SAML1AuthenticationServer.java
index 6391860ff..52b9b40ab 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/saml1/SAML1AuthenticationServer.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/saml1/SAML1AuthenticationServer.java
@@ -23,7 +23,6 @@
package at.gv.egovernment.moa.id.protocols.saml1;
import java.io.IOException;
-import java.util.Date;
import java.util.List;
import javax.xml.parsers.ParserConfigurationException;
@@ -116,7 +115,7 @@ public class SAML1AuthenticationServer extends AuthenticationServer {
*
* @return <code>AuthenticationData</code>
*/
- public AuthenticationData getSaml1AuthenticationData(String samlArtifact)
+ public String getSaml1AuthenticationData(String samlArtifact)
throws AuthenticationException {
try {
new SAMLArtifactParser(samlArtifact).parseAssertionHandle();
@@ -125,13 +124,13 @@ public class SAML1AuthenticationServer extends AuthenticationServer {
throw new AuthenticationException("1205", new Object[] {
samlArtifact, ex.toString() });
}
- AuthenticationData authData = null;
+ String authData = null;
synchronized (authenticationDataStore) {
// System.out.println("assertionHandle: " + assertionHandle);
try {
authData = authenticationDataStore
- .get(samlArtifact, AuthenticationData.class);
+ .get(samlArtifact, String.class, authDataTimeOut);
} catch (MOADatabaseException e) {
Logger.error("Assertion not found for SAML Artifact: " + samlArtifact);
@@ -140,12 +139,7 @@ public class SAML1AuthenticationServer extends AuthenticationServer {
}
authenticationDataStore.remove(samlArtifact);
-
- long now = new Date().getTime();
-
- if (now - authData.getTimestamp().getTime() > authDataTimeOut)
- throw new AuthenticationException("1207", new Object[] { samlArtifact });
-
+
Logger.debug("Assertion delivered for SAML Artifact: " + samlArtifact);
return authData;
@@ -163,9 +157,8 @@ public class SAML1AuthenticationServer extends AuthenticationServer {
return samlArtifact;
}
- public String BuildSAMLArtifact(AuthenticationSession session,
- OAAuthParameter oaParam,
- AuthenticationData authData, String sourceID)
+ public String BuildSAMLArtifact(OAAuthParameter oaParam,
+ SAML1AuthenticationData authData, String sourceID)
throws ConfigurationException, BuildException, AuthenticationException {
//Load SAML1 Parameter from OA config
@@ -179,7 +172,7 @@ public class SAML1AuthenticationServer extends AuthenticationServer {
//set BASE64 encoded signer certificate
String signerCertificateBase64 = "";
if (saml1parameter.isProvideCertificate()) {
- byte[] signerCertificate = session.getEncodedSignerCertificate();
+ byte[] signerCertificate = authData.getSignerCertificate();
if (signerCertificate != null) {
signerCertificateBase64 = Base64Utils
@@ -195,41 +188,31 @@ public class SAML1AuthenticationServer extends AuthenticationServer {
provideStammzahl);
//set Authblock
- String authBlock = saml1parameter.isProvideAUTHBlock() ? session
+ String authBlock = saml1parameter.isProvideAUTHBlock() ? authData
.getAuthBlock() : "";
//set IdentityLink for assortion
String ilAssertion = "";
if (saml1parameter.isProvideIdentityLink()) {
- if (oaParam.getBusinessService()) {
- //IdentityLinkReSigner identitylinkresigner = IdentityLinkReSigner.getInstance();
-
-// Element resignedilAssertion = identitylinkresigner.resignIdentityLink(authData.getIdentityLink()
-// .getSamlAssertion());
-//
-// ilAssertion = DOMUtils.serializeNode(resignedilAssertion);
+ ilAssertion = authData.getIdentityLink().getSerializedSamlAssertion();
- } else {
- ilAssertion = authData.getIdentityLink().getSerializedSamlAssertion();
-
- if (!saml1parameter.isProvideStammzahl())
- ilAssertion = StringUtils.replaceAll(ilAssertion, authData.getIdentityLink()
- .getIdentificationValue(), "");
-
- }
+ if (!saml1parameter.isProvideStammzahl())
+ ilAssertion = StringUtils.replaceAll(ilAssertion, authData.getIdentityLink()
+ .getIdentificationValue(), "");
}
+
String samlAssertion;
- if (session.getUseMandate()) {
- List<ExtendedSAMLAttribute> oaAttributes = session.getExtendedSAMLAttributesOA();
+ if (authData.isUseMandate()) {
+ List<ExtendedSAMLAttribute> oaAttributes = authData.getExtendedSAMLAttributesOA();
if (saml1parameter.isProvideFullMandatorData()) {
try {
ExtendedSAMLAttribute[] extendedSAMLAttributes = addExtendedSamlAttributes(
- session.getMISMandate(), oaParam.getBusinessService(),
+ authData.getMISMandate(), oaParam.getBusinessService(),
saml1parameter.isProvideStammzahl());
if (extendedSAMLAttributes != null) {
@@ -293,7 +276,7 @@ public class SAML1AuthenticationServer extends AuthenticationServer {
}
}
- String mandateDate = generateMandateDate(session, oaParam, authData);
+ String mandateDate = generateMandateDate(oaParam, authData);
samlAssertion = new AuthenticationDataAssertionBuilder().buildMandate(
authData,
@@ -301,7 +284,7 @@ public class SAML1AuthenticationServer extends AuthenticationServer {
mandateDate,
authBlock,
ilAssertion,
- session.getBkuURL(),
+ authData.getBkuURL(),
signerCertificateBase64,
oaParam.getBusinessService(),
oaAttributes,
@@ -314,24 +297,23 @@ public class SAML1AuthenticationServer extends AuthenticationServer {
prPerson,
authBlock,
ilAssertion,
- session.getBkuURL(),
+ authData.getBkuURL(),
signerCertificateBase64,
oaParam.getBusinessService(),
- session.getExtendedSAMLAttributesOA(),
+ authData.getExtendedSAMLAttributesOA(),
useCondition,
conditionLength);
}
- authData.setSamlAssertion(samlAssertion);
+ //authData.setSamlAssertion(samlAssertion);
String samlArtifact = new SAMLArtifactBuilder().build(
- session.getAuthURL(), Random.nextRandom(),
+ authData.getIssuer(), Random.nextRandom(),
sourceID);
- storeAuthenticationData(samlArtifact, authData);
+ storeAuthenticationData(samlArtifact, samlAssertion);
- Logger.info("Anmeldedaten zu MOASession " + session.getSessionID()
- + " angelegt, SAML Artifakt " + samlArtifact);
+ Logger.info("Anmeldedaten angelegt, SAML Artifakt " + samlArtifact);
return samlArtifact;
} catch (Throwable ex) {
@@ -341,21 +323,20 @@ public class SAML1AuthenticationServer extends AuthenticationServer {
}
- private String generateMandateDate(AuthenticationSession session,
- OAAuthParameter oaParam, AuthenticationData authData
+ private String generateMandateDate(OAAuthParameter oaParam, AuthenticationData authData
) throws AuthenticationException, BuildException,
ParseException, ConfigurationException, ServiceException,
ValidateException {
- if (session == null)
+ if (authData == null)
throw new AuthenticationException("auth.10", new Object[] {
REQ_VERIFY_AUTH_BLOCK, PARAM_SESSIONID });
IdentityLink tempIdentityLink = null;
- Element mandate = session.getMandate();
+ Element mandate = authData.getMandate();
- if (session.getUseMandate()) {
+ if (authData.isUseMandate()) {
tempIdentityLink = new IdentityLink();
Element mandator = ParepUtils.extractMandator(mandate);
String dateOfBirth = "";
@@ -432,7 +413,10 @@ public class SAML1AuthenticationServer extends AuthenticationServer {
String oatargetType;
if(oaParam.getBusinessService()) {
- oatargetType = AuthenticationSession.REGISTERANDORDNR_PREFIX_+session.getDomainIdentifier();
+ if (oaParam.getIdentityLinkDomainIdentifier().startsWith(AuthenticationSession.REGISTERANDORDNR_PREFIX_))
+ oatargetType = oaParam.getIdentityLinkDomainIdentifier();
+ else
+ oatargetType = AuthenticationSession.REGISTERANDORDNR_PREFIX_+oaParam.getIdentityLinkDomainIdentifier();
} else {
oatargetType = AuthenticationSession.TARGET_PREFIX_ + oaParam.getTarget();
@@ -509,7 +493,7 @@ public class SAML1AuthenticationServer extends AuthenticationServer {
* when SAML artifact is invalid
*/
private void storeAuthenticationData(String samlArtifact,
- AuthenticationData authData) throws AuthenticationException {
+ String samlAssertion) throws AuthenticationException {
try {
SAMLArtifactParser parser = new SAMLArtifactParser(samlArtifact);
@@ -523,7 +507,7 @@ public class SAML1AuthenticationServer extends AuthenticationServer {
synchronized (authenticationDataStore) {
Logger.debug("Assertion stored for SAML Artifact: "
+ samlArtifact);
- authenticationDataStore.put(samlArtifact, authData);
+ authenticationDataStore.put(samlArtifact, samlAssertion);
}
} catch (AuthenticationException ex) {
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/saml1/SAML1Protocol.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/saml1/SAML1Protocol.java
index b6a2ac0b6..dafcb9987 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/saml1/SAML1Protocol.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/saml1/SAML1Protocol.java
@@ -23,12 +23,15 @@
package at.gv.egovernment.moa.id.protocols.saml1;
import java.util.HashMap;
+import java.util.List;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import org.apache.commons.lang.StringEscapeUtils;
+import edu.emory.mathcs.backport.java.util.Arrays;
+
import at.gv.egovernment.moa.id.auth.MOAIDAuthConstants;
import at.gv.egovernment.moa.id.auth.exception.AuthenticationException;
import at.gv.egovernment.moa.id.auth.exception.MOAIDException;
@@ -41,7 +44,7 @@ import at.gv.egovernment.moa.id.config.auth.OAAuthParameter;
import at.gv.egovernment.moa.id.moduls.IAction;
import at.gv.egovernment.moa.id.moduls.IModulInfo;
import at.gv.egovernment.moa.id.moduls.IRequest;
-import at.gv.egovernment.moa.id.moduls.RequestImpl;
+import at.gv.egovernment.moa.id.protocols.pvp2x.PVPConstants;
import at.gv.egovernment.moa.id.util.ParamValidatorUtils;
import at.gv.egovernment.moa.logging.Logger;
import at.gv.egovernment.moa.util.MiscUtil;
@@ -54,8 +57,23 @@ public class SAML1Protocol implements IModulInfo, MOAIDAuthConstants {
public static final String GETARTIFACT = "GetArtifact";
- private static HashMap<String, IAction> actions = new HashMap<String, IAction>();
+ @SuppressWarnings("unchecked")
+ public static final List<String> DEFAULTREQUESTEDATTRFORINTERFEDERATION = Arrays.asList(
+ new String[] {
+ PVPConstants.BPK_NAME,
+ PVPConstants.EID_SECTOR_FOR_IDENTIFIER_NAME,
+ PVPConstants.GIVEN_NAME_NAME,
+ PVPConstants.PRINCIPAL_NAME_NAME,
+ PVPConstants.BIRTHDATE_NAME,
+ PVPConstants.EID_CCS_URL_NAME,
+ PVPConstants.EID_CITIZEN_QAA_LEVEL_NAME,
+ PVPConstants.EID_IDENTITY_LINK_NAME,
+ PVPConstants.EID_SOURCE_PIN_NAME,
+ PVPConstants.EID_SOURCE_PIN_TYPE_NAME
+ });
+ private static HashMap<String, IAction> actions = new HashMap<String, IAction>();
+
static {
actions.put(GETARTIFACT, new GetArtifactAction());
@@ -139,12 +157,9 @@ public class SAML1Protocol implements IModulInfo, MOAIDAuthConstants {
new Object[] { oaURL });
}
- config.setSourceID(sourceID);
-
+ config.setSourceID(sourceID);
config.setTarget(oaParam.getTarget());
-
-// request.getSession().setAttribute(PARAM_OA, oaURL);
-// request.getSession().setAttribute(PARAM_TARGET, oaParam.getTarget());
+
return config;
}
@@ -157,7 +172,7 @@ public class SAML1Protocol implements IModulInfo, MOAIDAuthConstants {
String samlArtifactBase64 = saml1authentication.BuildErrorAssertion(e, protocolRequest);
- String url = "RedirectServlet";
+ String url = AuthConfigurationProvider.getInstance().getPublicURLPrefix() + "/RedirectServlet";
url = addURLParameter(url, RedirectServlet.REDIRCT_PARAM_URL, URLEncoder.encode(protocolRequest.getOAURL(), "UTF-8"));
url = addURLParameter(url, PARAM_SAMLARTIFACT, URLEncoder.encode(samlArtifactBase64, "UTF-8"));
url = response.encodeRedirectURL(url);
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/saml1/SAML1RequestImpl.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/saml1/SAML1RequestImpl.java
index 72adfe0e7..9bf88534f 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/saml1/SAML1RequestImpl.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/saml1/SAML1RequestImpl.java
@@ -22,7 +22,19 @@
*/
package at.gv.egovernment.moa.id.protocols.saml1;
+import java.util.ArrayList;
+import java.util.List;
+
+import org.opensaml.saml2.core.Attribute;
+
+import at.gv.egovernment.moa.id.commons.db.dao.config.OASAML1;
+import at.gv.egovernment.moa.id.config.ConfigurationException;
+import at.gv.egovernment.moa.id.config.auth.AuthConfigurationProvider;
+import at.gv.egovernment.moa.id.config.auth.OAAuthParameter;
import at.gv.egovernment.moa.id.moduls.RequestImpl;
+import at.gv.egovernment.moa.id.protocols.pvp2x.PVPConstants;
+import at.gv.egovernment.moa.id.protocols.pvp2x.builder.AttributQueryBuilder;
+import at.gv.egovernment.moa.logging.Logger;
/**
* @author tlenz
@@ -48,4 +60,37 @@ public class SAML1RequestImpl extends RequestImpl {
this.sourceID = sourceID;
}
+ /* (non-Javadoc)
+ * @see at.gv.egovernment.moa.id.moduls.RequestImpl#getRequestedAttributes()
+ */
+ @Override
+ public List<Attribute> getRequestedAttributes() {
+
+ List<String> reqAttr = new ArrayList<String>();
+ reqAttr.addAll(SAML1Protocol.DEFAULTREQUESTEDATTRFORINTERFEDERATION);
+
+ try {
+ OAAuthParameter oa = AuthConfigurationProvider.getInstance().getOnlineApplicationParameter(getOAURL());
+ OASAML1 saml1 = oa.getSAML1Parameter();
+ if (saml1 != null) {
+ if (saml1.isProvideAUTHBlock())
+ reqAttr.add(PVPConstants.EID_AUTH_BLOCK_NAME);
+
+ if (saml1.isProvideCertificate())
+ reqAttr.add(PVPConstants.EID_SIGNER_CERTIFICATE_NAME);
+
+ if (saml1.isProvideFullMandatorData())
+ reqAttr.add(PVPConstants.MANDATE_FULL_MANDATE_NAME);
+ }
+
+ return AttributQueryBuilder.buildSAML2AttributeList(oa, reqAttr.iterator());
+
+ } catch (ConfigurationException e) {
+ Logger.error("Load configuration for OA " + getOAURL() + " FAILED", e);
+ return null;
+ }
+
+
+ }
+
}
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/AttributeCollector.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/AttributeCollector.java
index 2f6dfe555..307715324 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/AttributeCollector.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/AttributeCollector.java
@@ -1,6 +1,5 @@
package at.gv.egovernment.moa.id.protocols.stork2;
-import java.io.StringWriter;
import java.util.ArrayList;
import java.util.List;
@@ -13,17 +12,17 @@ import at.gv.egovernment.moa.id.commons.db.dao.config.StorkAttribute;
import at.gv.egovernment.moa.id.commons.db.ex.MOADatabaseException;
import at.gv.egovernment.moa.id.config.auth.AuthConfigurationProvider;
import at.gv.egovernment.moa.id.config.auth.OAAuthParameter;
+import at.gv.egovernment.moa.id.data.IAuthData;
+import at.gv.egovernment.moa.id.data.SLOInformationImpl;
+import at.gv.egovernment.moa.id.data.SLOInformationInterface;
import at.gv.egovernment.moa.id.moduls.IAction;
import at.gv.egovernment.moa.id.moduls.IRequest;
import at.gv.egovernment.moa.id.storage.AssertionStorage;
-import at.gv.egovernment.moa.id.util.VelocityProvider;
import at.gv.egovernment.moa.logging.Logger;
import eu.stork.peps.auth.commons.*;
import eu.stork.peps.auth.engine.STORKSAMLEngine;
import eu.stork.peps.exceptions.STORKSAMLEngineException;
-import org.apache.velocity.Template;
-import org.apache.velocity.VelocityContext;
-import org.apache.velocity.app.VelocityEngine;
+
import org.opensaml.common.impl.SecureRandomIdentifierGenerator;
import javax.servlet.http.HttpServletRequest;
@@ -47,7 +46,7 @@ public class AttributeCollector implements IAction {
/* (non-Javadoc)
* @see at.gv.egovernment.moa.id.moduls.IAction#processRequest(at.gv.egovernment.moa.id.moduls.IRequest, javax.servlet.http.HttpServletRequest, javax.servlet.http.HttpServletResponse, at.gv.egovernment.moa.id.auth.data.AuthenticationSession)
*/
- public String processRequest(IRequest req, HttpServletRequest httpReq, HttpServletResponse httpResp, AuthenticationSession moasession) throws MOAIDException {
+ public SLOInformationInterface processRequest(IRequest req, HttpServletRequest httpReq, HttpServletResponse httpResp, IAuthData authData) throws MOAIDException {
// - fetch the container
String artifactId = (String) httpReq.getParameter(ARTIFACT_ID);
@@ -108,7 +107,7 @@ public class AttributeCollector implements IAction {
// read configuration parameters of OA
OAAuthParameter oaParam = AuthConfigurationProvider.getInstance().getOnlineApplicationParameter(container.getRequest().getAssertionConsumerServiceURL());
if (oaParam == null)
- throw new AuthenticationException("stork.12", new Object[]{moasession.getPublicOAURLPrefix()});
+ throw new AuthenticationException("stork.12", new Object[]{container.getRequest().getAssertionConsumerServiceURL()});
// find the attribute provider plugin that can handle the response
IPersonalAttributeList newAttributes = null;
@@ -134,7 +133,14 @@ public class AttributeCollector implements IAction {
addOrUpdateAll(container.getResponse().getPersonalAttributeList(), newAttributes);
// see if we need some more attributes
- return processRequest(container, httpReq, httpResp, moasession, oaParam);
+ SLOInformationImpl sloInfo = (SLOInformationImpl) processRequest(container, httpReq, httpResp, authData, oaParam);
+
+ if (sloInfo == null) {
+ sloInfo = new SLOInformationImpl(null, null, null, req.requestedModule());
+ }
+
+ return sloInfo;
+
}
/**
@@ -145,7 +151,7 @@ public class AttributeCollector implements IAction {
* @return the string
* @throws MOAIDException
*/
- public String processRequest(DataContainer container, HttpServletRequest request, HttpServletResponse response, AuthenticationSession moasession, OAAuthParameter oaParam) throws MOAIDException {
+ public SLOInformationInterface processRequest(DataContainer container, HttpServletRequest request, HttpServletResponse response, IAuthData authData, OAAuthParameter oaParam) throws MOAIDException {
// check if there are attributes we need to fetch
IPersonalAttributeList requestAttributeList = container.getRequest().getPersonalAttributeList();
@@ -193,7 +199,7 @@ public class AttributeCollector implements IAction {
//aquiredAttributes = currentProvider.acquire(currentAttribute, container.getRequest().getSpCountry(), moasession);
//aquiredAttributes = currentProvider.acquire(missingAttributes, container.getRequest().getSpCountry(), moasession);
- aquiredAttributes = currentProvider.acquire(currentProviderConfiguredAttributes, container.getRequest().getSpCountry(), moasession);
+ aquiredAttributes = currentProvider.acquire(currentProviderConfiguredAttributes, container.getRequest().getSpCountry(), authData);
Logger.info(currentProvider.getClass().getSimpleName() + " can handle attribute '" + currentAttribute.getName() + "'");
break;
@@ -222,7 +228,7 @@ public class AttributeCollector implements IAction {
else
new ConsentEvaluator().generateSTORKResponse(response, container);
- return "12345"; // AssertionId
+ return null; // AssertionId
// TODO
} catch (ExternalAttributeRequestRequiredException e) {
@@ -250,7 +256,8 @@ public class AttributeCollector implements IAction {
throw new MOAIDException("stork.11", null);
}
- return "12345"; // TODO what to do here?
+ //TODO: in case of Single LogOut -> SLO information has to be stored
+ return null; // TODO what to do here?
}
}
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/AttributeProvider.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/AttributeProvider.java
index d7a4bfcc2..7647c8e89 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/AttributeProvider.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/AttributeProvider.java
@@ -6,6 +6,7 @@ import javax.servlet.http.HttpServletResponse;
import at.gv.egovernment.moa.id.auth.data.AuthenticationSession;
import at.gv.egovernment.moa.id.auth.exception.MOAIDException;
import at.gv.egovernment.moa.id.config.auth.OAAuthParameter;
+import at.gv.egovernment.moa.id.data.IAuthData;
import eu.stork.peps.auth.commons.IPersonalAttributeList;
import eu.stork.peps.auth.commons.PersonalAttribute;
@@ -25,15 +26,15 @@ public interface AttributeProvider {
*
* @param attributes the list of attributes to be acquired
* @param spCountyCode the sp county code
- * @param moasession the moasession
+ * @param authData the moasession
* @return the personal attribute
* @throws UnsupportedAttributeException the unsupported attribute exception
* @throws ExternalAttributeRequestRequiredException an attribute request to an external service has to be done
* @throws MOAIDException the mOAID exception
*/
- public IPersonalAttributeList acquire(PersonalAttribute attributes, String spCountyCode, AuthenticationSession moasession) throws UnsupportedAttributeException, ExternalAttributeRequestRequiredException, MOAIDException;
+ public IPersonalAttributeList acquire(PersonalAttribute attributes, String spCountyCode, IAuthData authData) throws UnsupportedAttributeException, ExternalAttributeRequestRequiredException, MOAIDException;
- public IPersonalAttributeList acquire(List<PersonalAttribute> attributes, String spCountyCode, AuthenticationSession moasession) throws UnsupportedAttributeException, ExternalAttributeRequestRequiredException, MOAIDException;
+ public IPersonalAttributeList acquire(List<PersonalAttribute> attributes, String spCountyCode, IAuthData authData) throws UnsupportedAttributeException, ExternalAttributeRequestRequiredException, MOAIDException;
/**
* Perform redirect.
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/AuthenticationRequest.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/AuthenticationRequest.java
index 51ec1fff3..0312f776b 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/AuthenticationRequest.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/AuthenticationRequest.java
@@ -5,7 +5,11 @@ import at.gv.egovernment.moa.id.auth.exception.AuthenticationException;
import at.gv.egovernment.moa.id.auth.exception.MOAIDException;
import at.gv.egovernment.moa.id.commons.db.ex.MOADatabaseException;
import at.gv.egovernment.moa.id.config.auth.AuthConfigurationProvider;
+import at.gv.egovernment.moa.id.config.auth.IOAAuthParameters;
import at.gv.egovernment.moa.id.config.auth.OAAuthParameter;
+import at.gv.egovernment.moa.id.data.IAuthData;
+import at.gv.egovernment.moa.id.data.SLOInformationImpl;
+import at.gv.egovernment.moa.id.data.SLOInformationInterface;
import at.gv.egovernment.moa.id.moduls.IAction;
import at.gv.egovernment.moa.id.moduls.IRequest;
import at.gv.egovernment.moa.id.storage.AssertionStorage;
@@ -41,13 +45,13 @@ public class AuthenticationRequest implements IAction {
private VelocityEngine velocityEngine;
- private AuthenticationSession moaSession = null;
+ private IAuthData authData = null;
private MOASTORKRequest moaStorkRequest = null;
- public String processRequest(IRequest req, HttpServletRequest httpReq, HttpServletResponse httpResp, AuthenticationSession moasession) throws MOAIDException {
+ public SLOInformationInterface processRequest(IRequest req, HttpServletRequest httpReq, HttpServletResponse httpResp, IAuthData authData) throws MOAIDException {
- this.moaSession = moasession;
+ this.authData = authData;
if ((req instanceof MOASTORKRequest) && ((MOASTORKRequest) req).getStorkAuthnRequest().getCitizenCountryCode().equals("AT")) {
@@ -56,9 +60,10 @@ public class AuthenticationRequest implements IAction {
Logger.debug("Entering MOASTORKRequest");
httpResp.reset();
- OAAuthParameter oaParam = AuthConfigurationProvider.getInstance().getOnlineApplicationParameter(moasession.getPublicOAURLPrefix());
+ //TODO: CHECK: req.getOAURL() should return the unique OA identifier
+ OAAuthParameter oaParam = AuthConfigurationProvider.getInstance().getOnlineApplicationParameter(req.getOAURL());
if (oaParam == null)
- throw new AuthenticationException("stork.12", new Object[]{moasession.getPublicOAURLPrefix()});
+ throw new AuthenticationException("stork.12", new Object[]{req.getOAURL()});
MOASTORKResponse moaStorkResponse = new MOASTORKResponse();
@@ -84,7 +89,7 @@ public class AuthenticationRequest implements IAction {
// }
// Get personal attributtes from MOA/IdentityLink
- moaStorkResponse.setPersonalAttributeList(populateAttributes());
+ moaStorkResponse.setPersonalAttributeList(populateAttributes(oaParam));
}
//moaStorkResponse.setCountry(moaStorkRequest.getSpCountry());
@@ -105,7 +110,7 @@ public class AuthenticationRequest implements IAction {
Logger.debug("Data container prepared");
- return (new AttributeCollector()).processRequest(container, httpReq, httpResp, moasession, oaParam);
+ return (new AttributeCollector()).processRequest(container, httpReq, httpResp, authData, oaParam);
}
// check if we are getting request for citizen of some other country
else if (req instanceof MOASTORKRequest) {
@@ -125,7 +130,7 @@ public class AuthenticationRequest implements IAction {
/*
Handles STORKAuthnRequeste received for citizens of other countries
*/
- private String handleMOAStorkRequest(String instanceName, MOASTORKRequest moastorkRequest, String remoteAddr, HttpServletResponse httpResp) throws MOAIDException {
+ private SLOInformationInterface handleMOAStorkRequest(String instanceName, MOASTORKRequest moastorkRequest, String remoteAddr, HttpServletResponse httpResp) throws MOAIDException {
STORKAuthnRequest spAuthnRequest = moastorkRequest.getStorkAuthnRequest();
STORKAuthnRequest storkAuthnRequest = null;
@@ -140,7 +145,7 @@ public class AuthenticationRequest implements IAction {
throw new MOAIDException("stork.05", null); // TODO
}
-
+ //TODO: in case of Single LogOut -> SLO information has to be stored
// check if citizen country is configured in the system
if (!(AuthConfigurationProvider.getInstance().getStorkConfig().getCpepsMap().containsKey(citizenCountryCode))) {
Logger.error("Citizen country PEPS not configured in MOA instance: " + citizenCountryCode);
@@ -205,15 +210,18 @@ public class AuthenticationRequest implements IAction {
e.printStackTrace();
}
- // preparing redirection for the client
+ // preparing redirection for the client
performRedirection("SAMLRequest", destinationURL, storkAuthnRequest.getTokenSaml(), httpResp);
- return "xxxx";// TODO
+
+ SLOInformationImpl sloInfo = new SLOInformationImpl();
+ sloInfo.setProtocolType(moastorkRequest.requestedModule());
+ return sloInfo;
}
/*
Handles STORKAuthnResponse received from PEPS (return to SP)
*/
- private String handleMOAStorkResponse(String instanceName, MOASTORKResponse moastorkResponse, String remoteAddr, HttpServletResponse httpResp) throws MOAIDException {
+ private SLOInformationInterface handleMOAStorkResponse(String instanceName, MOASTORKResponse moastorkResponse, String remoteAddr, HttpServletResponse httpResp) throws MOAIDException {
STORKAuthnResponse authnResponse = null;
@@ -257,7 +265,8 @@ public class AuthenticationRequest implements IAction {
// preparing redirection for the client
performRedirection("SAMLResponse", dataContainer.getRequest().getAssertionConsumerServiceURL(), authnResponse.getTokenSaml(), httpResp);
- return "yyyyy"; // TODO
+
+ return null;
}
/*
@@ -392,16 +401,16 @@ public class AuthenticationRequest implements IAction {
// does nothing
- public void mandate(AuthenticationSession moasession) {
+ public void mandate(IAuthData authData) {
- if (moasession.getUseMandate()) {
+ if (authData.isUseMandate()) {
try {
- MISMandate mandate = moasession.getMISMandate();
+ MISMandate mandate = authData.getMISMandate();
String owbpk = mandate.getOWbPK();
byte[] mand = mandate.getMandate();
String profprep = mandate.getProfRep();
//String textdesc = mandate.getTextualDescriptionOfOID();
- Element mndt = moasession.getMandate();
+ Element mndt = authData.getMandate();
iterate(mndt.getAttributes());
Logger.debug("mandate encoded: " + new String(org.bouncycastle.util.encoders.Base64.encode(mand)));
@@ -413,14 +422,14 @@ public class AuthenticationRequest implements IAction {
}
- public PersonalAttributeList populateAttributes() {
+ public PersonalAttributeList populateAttributes(IOAAuthParameters oaParam) {
IPersonalAttributeList attrLst = moaStorkRequest.getStorkAuthnRequest().getPersonalAttributeList();
Logger.info("Found " + attrLst.size() + " personal attributes in the request.");
// Define attribute list to be populated
PersonalAttributeList attributeList = new PersonalAttributeList();
- MOAAttributeProvider moaAttributeProvider = new MOAAttributeProvider(moaSession.getIdentityLink(), moaStorkRequest);
+ MOAAttributeProvider moaAttributeProvider = new MOAAttributeProvider(authData.getIdentityLink(), moaStorkRequest);
try {
for (PersonalAttribute personalAttribute : attrLst) {
@@ -431,10 +440,8 @@ public class AuthenticationRequest implements IAction {
Logger.error("Exception, attributes: " + e.getMessage());
}
- Logger.debug("AUTHBLOCK " + moaSession.getAuthBlock());
- Logger.debug("TARGET " + moaSession.getTarget() + " " + moaSession.getTargetFriendlyName());
- Logger.debug("SESSION IDENTIFIER " + moaSession.getCcc() + " " + moaSession.getDomainIdentifier());
- Logger.debug("AUTHBLOCKTOKKEN" + moaSession.getAuthBlockTokken());
+ Logger.debug("AUTHBLOCK " + authData.getAuthBlock());
+ Logger.debug("SESSION IDENTIFIER " + authData.getCcc() + " " + oaParam.getIdentityLinkDomainIdentifier());
return attributeList;
}
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/ConsentEvaluator.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/ConsentEvaluator.java
index 9a3376e4c..d827e73cf 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/ConsentEvaluator.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/ConsentEvaluator.java
@@ -7,7 +7,9 @@ import at.gv.egovernment.moa.id.auth.data.AuthenticationSession;
import at.gv.egovernment.moa.id.auth.exception.MOAIDException;
import at.gv.egovernment.moa.id.commons.db.ex.MOADatabaseException;
import at.gv.egovernment.moa.id.config.auth.AuthConfigurationProvider;
-import at.gv.egovernment.moa.id.config.auth.OAAuthParameter;
+import at.gv.egovernment.moa.id.config.auth.IOAAuthParameters;
+import at.gv.egovernment.moa.id.data.IAuthData;
+import at.gv.egovernment.moa.id.data.SLOInformationInterface;
import at.gv.egovernment.moa.id.moduls.IAction;
import at.gv.egovernment.moa.id.moduls.IRequest;
import at.gv.egovernment.moa.id.storage.AssertionStorage;
@@ -40,7 +42,7 @@ public class ConsentEvaluator implements IAction {
/* (non-Javadoc)
* @see at.gv.egovernment.moa.id.moduls.IAction#processRequest(at.gv.egovernment.moa.id.moduls.IRequest, javax.servlet.http.HttpServletRequest, javax.servlet.http.HttpServletResponse, at.gv.egovernment.moa.id.auth.data.AuthenticationSession)
*/
- public String processRequest(IRequest req, HttpServletRequest httpReq, HttpServletResponse httpResp, AuthenticationSession moasession) throws MOAIDException {
+ public SLOInformationInterface processRequest(IRequest req, HttpServletRequest httpReq, HttpServletResponse httpResp, IAuthData authData) throws MOAIDException {
// - fetch the container
String artifactId = (String) httpReq.getParameter(ARTIFACT_ID);
@@ -64,7 +66,7 @@ public class ConsentEvaluator implements IAction {
// build and send response
generateSTORKResponse(httpResp, container);
- return "12345"; // AssertionId
+ return null; // AssertionId
}
/**
@@ -76,7 +78,7 @@ public class ConsentEvaluator implements IAction {
* @return the string
* @throws MOAIDException the mOAID exception
*/
- public String requestConsent(DataContainer container, HttpServletResponse response, OAAuthParameter oaParam) throws MOAIDException {
+ public String requestConsent(DataContainer container, HttpServletResponse response, IOAAuthParameters oaParam) throws MOAIDException {
// prepare redirect
String newArtifactId;
try {
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/EHvdAttributeProviderPlugin.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/EHvdAttributeProviderPlugin.java
index c132d5640..2c4793f8f 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/EHvdAttributeProviderPlugin.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/EHvdAttributeProviderPlugin.java
@@ -19,6 +19,7 @@ import at.gv.egovernment.moa.id.auth.builder.BPKBuilder;
import at.gv.egovernment.moa.id.auth.data.AuthenticationSession;
import at.gv.egovernment.moa.id.auth.exception.MOAIDException;
import at.gv.egovernment.moa.id.config.auth.OAAuthParameter;
+import at.gv.egovernment.moa.id.data.IAuthData;
import at.gv.egovernment.moa.logging.Logger;
import eu.stork.peps.auth.commons.IPersonalAttributeList;
import eu.stork.peps.auth.commons.PersonalAttribute;
@@ -51,7 +52,7 @@ public class EHvdAttributeProviderPlugin implements AttributeProvider {
/* (non-Javadoc)
* @see at.gv.egovernment.moa.id.protocols.stork2.AttributeProvider#acquire(eu.stork.peps.auth.commons.PersonalAttribute)
*/
- public IPersonalAttributeList acquire(PersonalAttribute attribute, String spCountryCode, AuthenticationSession moasession)
+ public IPersonalAttributeList acquire(PersonalAttribute attribute, String spCountryCode, IAuthData authData)
throws UnsupportedAttributeException,
ExternalAttributeRequestRequiredException, MOAIDException {
@@ -94,7 +95,9 @@ public class EHvdAttributeProviderPlugin implements AttributeProvider {
requestBodyElem.addAttribute(envelope.createName("xmlns"), "http://gesundheit.gv.at/BAGDAD/DataAccessService");
SOAPElement requestBodyElem1 = requestBodyElem.addChildElement("bPK");
- requestBodyElem1.addTextNode(new BPKBuilder().buildBPK(moasession.getIdentityLink().getIdentificationValue(), "GH"));
+
+ //TODO: CHECK: IdentificationValue containts wbPK if MOA-ID is used as VIDP
+ requestBodyElem1.addTextNode(new BPKBuilder().buildBPK(authData.getIdentificationValue(), "GH"));
requestMessage.saveChanges();
@@ -190,7 +193,7 @@ public class EHvdAttributeProviderPlugin implements AttributeProvider {
// add stork id for verification
ArrayList<String> value = new ArrayList<String>();
- value.add(new BPKBuilder().buildStorkeIdentifier(moasession.getIdentityLink(), spCountryCode));
+ value.add(new BPKBuilder().buildStorkeIdentifier(authData.getIdentityLink(), spCountryCode));
result.add(new PersonalAttribute("eIdentifier", false, value, "Available"));
return result;
@@ -200,9 +203,9 @@ public class EHvdAttributeProviderPlugin implements AttributeProvider {
}
@Override
- public IPersonalAttributeList acquire(List<PersonalAttribute> attributes, String spCountyCode, AuthenticationSession moasession) throws UnsupportedAttributeException, ExternalAttributeRequestRequiredException, MOAIDException {
+ public IPersonalAttributeList acquire(List<PersonalAttribute> attributes, String spCountyCode, IAuthData authData) throws UnsupportedAttributeException, ExternalAttributeRequestRequiredException, MOAIDException {
if (attributes.size() == 1) {
- return acquire(attributes.get(0), spCountyCode, moasession);
+ return acquire(attributes.get(0), spCountyCode, authData);
} else {
throw new MOAIDException("stork.13", new Object[] { }); // TODO message only one attribute supported by this provider
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/MOASTORKRequest.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/MOASTORKRequest.java
index a5a91fa55..d7927a917 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/MOASTORKRequest.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/MOASTORKRequest.java
@@ -1,8 +1,11 @@
package at.gv.egovernment.moa.id.protocols.stork2;
-import java.io.Serializable;
+import java.util.List;
-import at.gv.egovernment.moa.id.moduls.IRequest;
+import org.opensaml.saml2.core.Attribute;
+
+import at.gv.egovernment.moa.id.moduls.RequestImpl;
+import at.gv.egovernment.moa.id.protocols.pvp2x.messages.MOAResponse;
import at.gv.egovernment.moa.logging.Logger;
import eu.stork.peps.auth.commons.IPersonalAttributeList;
import eu.stork.peps.auth.commons.STORKAttrQueryRequest;
@@ -14,7 +17,7 @@ import eu.stork.peps.auth.commons.STORKAuthnResponse;
*
* @author bsuzic
*/
-public class MOASTORKRequest implements IRequest, Serializable {
+public class MOASTORKRequest extends RequestImpl {
/** The Constant serialVersionUID. */
private static final long serialVersionUID = 4581953368724501376L;
@@ -22,15 +25,6 @@ public class MOASTORKRequest implements IRequest, Serializable {
/** The request id. */
private String requestID;
- /** The target. */
- private String target = null;
-
- /** The module. */
- String module = null;
-
- /** The action. */
- String action = null;
-
/** The stork authn request. */
private STORKAuthnRequest storkAuthnRequest;
@@ -128,41 +122,6 @@ public class MOASTORKRequest implements IRequest, Serializable {
}
/* (non-Javadoc)
- * @see at.gv.egovernment.moa.id.moduls.IRequest#requestedModule()
- */
- public String requestedModule() {
- return this.module;
- }
-
- /* (non-Javadoc)
- * @see at.gv.egovernment.moa.id.moduls.IRequest#requestedAction()
- */
- public String requestedAction() {
- return action;
- }
-
- /* (non-Javadoc)
- * @see at.gv.egovernment.moa.id.moduls.IRequest#setModule(java.lang.String)
- */
- public void setModule(String module) {
- this.module = module;
- }
-
- /* (non-Javadoc)
- * @see at.gv.egovernment.moa.id.moduls.IRequest#setAction(java.lang.String)
- */
- public void setAction(String action) {
- this.action = action;
- }
-
- /* (non-Javadoc)
- * @see at.gv.egovernment.moa.id.moduls.IRequest#getTarget()
- */
- public String getTarget() {
- return this.target;
- }
-
- /* (non-Javadoc)
* @see at.gv.egovernment.moa.id.moduls.IRequest#setRequestID(java.lang.String)
*/
public void setRequestID(String id) {
@@ -211,4 +170,31 @@ public class MOASTORKRequest implements IRequest, Serializable {
else
return this.storkAuthnRequest.getAssertionConsumerServiceURL();
}
+
+ /* (non-Javadoc)
+ * @see at.gv.egovernment.moa.id.moduls.IRequest#getRequestedIDP()
+ */
+ @Override
+ public String getRequestedIDP() {
+ // TODO Auto-generated method stub
+ return null;
+ }
+
+ /* (non-Javadoc)
+ * @see at.gv.egovernment.moa.id.moduls.IRequest#getInterfederationResponse()
+ */
+ @Override
+ public MOAResponse getInterfederationResponse() {
+ // TODO Auto-generated method stub
+ return null;
+ }
+
+ /* (non-Javadoc)
+ * @see at.gv.egovernment.moa.id.moduls.RequestImpl#getRequestedAttributes()
+ */
+ @Override
+ public List<Attribute> getRequestedAttributes() {
+ // TODO Auto-generated method stub
+ return null;
+ }
}
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/MOASTORKResponse.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/MOASTORKResponse.java
index 7d9e20cd0..2cd0e1d57 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/MOASTORKResponse.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/MOASTORKResponse.java
@@ -1,6 +1,7 @@
package at.gv.egovernment.moa.id.protocols.stork2;
import at.gv.egovernment.moa.id.moduls.IRequest;
+import at.gv.egovernment.moa.id.moduls.RequestImpl;
import at.gv.egovernment.moa.logging.Logger;
import eu.stork.peps.auth.commons.IPersonalAttributeList;
import eu.stork.peps.auth.commons.PersonalAttributeList;
@@ -8,13 +9,16 @@ import eu.stork.peps.auth.commons.STORKAttrQueryResponse;
import eu.stork.peps.auth.commons.STORKAuthnResponse;
import java.io.Serializable;
+import java.util.List;
+
+import org.opensaml.saml2.core.Attribute;
/**
* Implements MOA request and stores StorkAuthn/Attr-Request related data.
*
* @author bsuzic
*/
-public class MOASTORKResponse implements IRequest, Serializable {
+public class MOASTORKResponse extends RequestImpl {
/**
* The Constant serialVersionUID.
@@ -257,5 +261,14 @@ public class MOASTORKResponse implements IRequest, Serializable {
this.action = action;
}
+ /* (non-Javadoc)
+ * @see at.gv.egovernment.moa.id.moduls.RequestImpl#getRequestedAttributes()
+ */
+ @Override
+ public List<Attribute> getRequestedAttributes() {
+ // TODO Auto-generated method stub
+ return null;
+ }
+
}
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/MandateAttributeRequestProvider.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/MandateAttributeRequestProvider.java
index d4f7066d0..edba7b754 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/MandateAttributeRequestProvider.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/MandateAttributeRequestProvider.java
@@ -4,6 +4,7 @@ import at.gv.egovernment.moa.id.auth.data.AuthenticationSession;
import at.gv.egovernment.moa.id.auth.exception.MOAIDException;
import at.gv.egovernment.moa.id.commons.db.dao.config.AttributeProviderPlugin;
import at.gv.egovernment.moa.id.config.auth.OAAuthParameter;
+import at.gv.egovernment.moa.id.data.IAuthData;
import at.gv.egovernment.moa.id.util.HTTPUtils;
import at.gv.egovernment.moa.id.util.VelocityProvider;
import at.gv.egovernment.moa.logging.Logger;
@@ -48,7 +49,7 @@ public class MandateAttributeRequestProvider implements AttributeProvider {
return "MandateAttributeRequestProvider";
}
- public IPersonalAttributeList acquire(PersonalAttribute attribute, String spCountryCode, AuthenticationSession moasession) throws UnsupportedAttributeException, ExternalAttributeRequestRequiredException, MOAIDException {
+ public IPersonalAttributeList acquire(PersonalAttribute attribute, String spCountryCode, IAuthData authData) throws UnsupportedAttributeException, ExternalAttributeRequestRequiredException, MOAIDException {
Logger.info("Acquiring attribute: " + attribute.getName() + ", by: " + getAttrProviderName());
this.spCountryCode = spCountryCode;
requestedAttributes = new PersonalAttributeList(1);
@@ -69,7 +70,7 @@ public class MandateAttributeRequestProvider implements AttributeProvider {
}
@Override
- public IPersonalAttributeList acquire(List<PersonalAttribute> attributes, String spCountryCode, AuthenticationSession moasession) throws UnsupportedAttributeException, ExternalAttributeRequestRequiredException, MOAIDException {
+ public IPersonalAttributeList acquire(List<PersonalAttribute> attributes, String spCountryCode, IAuthData moasession) throws UnsupportedAttributeException, ExternalAttributeRequestRequiredException, MOAIDException {
Logger.info("Acquiring " + attributes.size() + " attributes, by: " + getAttrProviderName());
this.spCountryCode = spCountryCode;
requestedAttributes = new PersonalAttributeList(attributes.size());
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/MandateRetrievalRequest.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/MandateRetrievalRequest.java
index 9c7f45146..811d828e1 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/MandateRetrievalRequest.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/MandateRetrievalRequest.java
@@ -3,6 +3,8 @@ package at.gv.egovernment.moa.id.protocols.stork2;
import at.gv.egovernment.moa.id.auth.data.AuthenticationSession;
import at.gv.egovernment.moa.id.auth.exception.AuthenticationException;
import at.gv.egovernment.moa.id.auth.exception.MOAIDException;
+import at.gv.egovernment.moa.id.data.IAuthData;
+import at.gv.egovernment.moa.id.data.SLOInformationInterface;
import at.gv.egovernment.moa.id.config.auth.AuthConfigurationProvider;
import at.gv.egovernment.moa.id.config.auth.OAAuthParameter;
import at.gv.egovernment.moa.id.moduls.IAction;
@@ -28,28 +30,26 @@ import javax.xml.namespace.QName;
import java.io.StringWriter;
import java.math.BigInteger;
import java.util.ArrayList;
-import java.util.HashMap;
-import java.util.List;
/**
*
*/
public class MandateRetrievalRequest implements IAction {
- private AuthenticationSession moaSession;
+ private IAuthData authData;
private MOASTORKRequest moaStorkRequest;
- public String processRequest(IRequest req, HttpServletRequest httpReq, HttpServletResponse httpResp, AuthenticationSession moasession) throws MOAIDException {
+ public SLOInformationInterface processRequest(IRequest req, HttpServletRequest httpReq, HttpServletResponse httpResp, IAuthData authData) throws MOAIDException {
Logger.debug("Entering AttributeRequest for MandateProvider");
httpResp.reset();
- OAAuthParameter oaParam = AuthConfigurationProvider.getInstance().getOnlineApplicationParameter(moasession.getPublicOAURLPrefix());
+ OAAuthParameter oaParam = AuthConfigurationProvider.getInstance().getOnlineApplicationParameter(req.getOAURL());
if (oaParam == null)
- throw new AuthenticationException("stork.12", new Object[]{moasession.getPublicOAURLPrefix()});
+ throw new AuthenticationException("stork.12", new Object[]{req.getOAURL()});
MOASTORKResponse moaStorkResponse = new MOASTORKResponse();
STORKAttrQueryResponse attrResponse = new STORKAttrQueryResponse();
- this.moaSession = moasession;
+ this.authData = authData;
if ((req instanceof MOASTORKRequest)) {
this.moaStorkRequest = (MOASTORKRequest) req;
@@ -63,10 +63,10 @@ public class MandateRetrievalRequest implements IAction {
MandateContainer mandateContainer = null;
try {
- mandateContainer = new CorporateBodyMandateContainer(new String(moaSession.getMISMandate().getMandate(), "UTF-8"));
+ mandateContainer = new CorporateBodyMandateContainer(new String(authData.getMISMandate().getMandate(), "UTF-8"));
} catch (Exception ex) {
try {
- mandateContainer = new PhyPersonMandateContainer(new String(moaSession.getMISMandate().getMandate(), "UTF-8"));
+ mandateContainer = new PhyPersonMandateContainer(new String(authData.getMISMandate().getMandate(), "UTF-8"));
} catch (Exception ex2) {
Logger.error("Could not extract data and create mandate container.");
throw new MOAIDException("stork.16", new Object[] {}); // TODO
@@ -285,6 +285,4 @@ public class MandateRetrievalRequest implements IAction {
public String getDefaultActionName() {
return STORKProtocol.MANDATERETRIEVALREQUEST;
}
-
-
}
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/STORKProtocol.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/STORKProtocol.java
index e93a7ec87..ed9c45126 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/STORKProtocol.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/STORKProtocol.java
@@ -147,6 +147,7 @@ public class STORKProtocol implements IModulInfo, MOAIDAuthConstants {
STORK2Request.setSTORKAuthnRequest(authnRequest);
STORK2Request.setSTORKAttrRequest(attrRequest);
+
return STORK2Request;
} else {
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/SignedDocAttributeRequestProvider.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/SignedDocAttributeRequestProvider.java
index 89eb07815..553063ae8 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/SignedDocAttributeRequestProvider.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/SignedDocAttributeRequestProvider.java
@@ -16,6 +16,7 @@ import org.apache.velocity.app.VelocityEngine;
import at.gv.egovernment.moa.id.auth.data.AuthenticationSession;
import at.gv.egovernment.moa.id.auth.exception.MOAIDException;
import at.gv.egovernment.moa.id.config.auth.OAAuthParameter;
+import at.gv.egovernment.moa.id.data.IAuthData;
import at.gv.egovernment.moa.id.util.VelocityProvider;
import at.gv.egovernment.moa.logging.Logger;
import eu.stork.peps.auth.commons.IPersonalAttributeList;
@@ -56,7 +57,7 @@ public class SignedDocAttributeRequestProvider implements AttributeProvider {
* at.gv.egovernment.moa.id.protocols.stork2.AttributeProvider#acquire(java
* .lang.String)
*/
- public IPersonalAttributeList acquire(PersonalAttribute attribute, String spCountyCode, AuthenticationSession moasession) throws UnsupportedAttributeException,
+ public IPersonalAttributeList acquire(PersonalAttribute attribute, String spCountyCode, IAuthData authData) throws UnsupportedAttributeException,
ExternalAttributeRequestRequiredException {
if(!attributes.contains(attribute.getName())) {
throw new UnsupportedAttributeException();
@@ -126,4 +127,24 @@ public class SignedDocAttributeRequestProvider implements AttributeProvider {
}
}
+ /* (non-Javadoc)
+ * @see at.gv.egovernment.moa.id.protocols.stork2.AttributeProvider#acquire(java.util.List, java.lang.String, at.gv.egovernment.moa.id.data.IAuthData)
+ */
+ @Override
+ public IPersonalAttributeList acquire(List<PersonalAttribute> attributes,
+ String spCountyCode, IAuthData authData)
+ throws UnsupportedAttributeException,
+ ExternalAttributeRequestRequiredException, MOAIDException {
+ // TODO Auto-generated method stub
+ return null;
+ }
+
+ /* (non-Javadoc)
+ * @see at.gv.egovernment.moa.id.protocols.stork2.AttributeProvider#getSupportedAttributeNames()
+ */
+ @Override
+ public List<String> getSupportedAttributeNames() throws MOAIDException {
+ // TODO Auto-generated method stub
+ return null;
+ }
}
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/StorkAttributeRequestProvider.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/StorkAttributeRequestProvider.java
index c0e613b82..3a73dafae 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/StorkAttributeRequestProvider.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/StorkAttributeRequestProvider.java
@@ -1,6 +1,8 @@
package at.gv.egovernment.moa.id.protocols.stork2;
import java.io.StringWriter;
+import java.util.List;
+
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
@@ -11,6 +13,7 @@ import org.apache.velocity.app.VelocityEngine;
import at.gv.egovernment.moa.id.auth.data.AuthenticationSession;
import at.gv.egovernment.moa.id.auth.exception.MOAIDException;
import at.gv.egovernment.moa.id.config.auth.OAAuthParameter;
+import at.gv.egovernment.moa.id.data.IAuthData;
import at.gv.egovernment.moa.id.util.HTTPUtils;
import at.gv.egovernment.moa.id.util.VelocityProvider;
import at.gv.egovernment.moa.logging.Logger;
@@ -55,7 +58,7 @@ public class StorkAttributeRequestProvider implements AttributeProvider {
/* (non-Javadoc)
* @see at.gv.egovernment.moa.id.protocols.stork2.AttributeProvider#acquire(java.lang.String)
*/
- public IPersonalAttributeList acquire(PersonalAttribute attribute, String spCountyCode, AuthenticationSession moasession)
+ public IPersonalAttributeList acquire(PersonalAttribute attribute, String spCountyCode, IAuthData authData)
throws UnsupportedAttributeException, ExternalAttributeRequestRequiredException {
if (!attributes.contains(attribute.getName()))
@@ -158,5 +161,26 @@ public class StorkAttributeRequestProvider implements AttributeProvider {
Logger.info("STORK AttrRequest successfully rendered!");
}
+ /* (non-Javadoc)
+ * @see at.gv.egovernment.moa.id.protocols.stork2.AttributeProvider#acquire(java.util.List, java.lang.String, at.gv.egovernment.moa.id.data.IAuthData)
+ */
+ @Override
+ public IPersonalAttributeList acquire(List<PersonalAttribute> attributes,
+ String spCountyCode, IAuthData authData)
+ throws UnsupportedAttributeException,
+ ExternalAttributeRequestRequiredException, MOAIDException {
+ // TODO Auto-generated method stub
+ return null;
+ }
+
+ /* (non-Javadoc)
+ * @see at.gv.egovernment.moa.id.protocols.stork2.AttributeProvider#getSupportedAttributeNames()
+ */
+ @Override
+ public List<String> getSupportedAttributeNames() throws MOAIDException {
+ // TODO Auto-generated method stub
+ return null;
+ }
+
}
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/proxy/DefaultLoginParameterResolver.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/proxy/DefaultLoginParameterResolver.java
index 34add9895..f094dfabf 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/proxy/DefaultLoginParameterResolver.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/proxy/DefaultLoginParameterResolver.java
@@ -54,6 +54,7 @@ import java.util.Map;
import at.gv.egovernment.moa.id.config.proxy.OAConfiguration;
import at.gv.egovernment.moa.id.data.AuthenticationData;
+import at.gv.egovernment.moa.id.protocols.saml1.SAML1AuthenticationData;
import at.gv.egovernment.moa.util.Base64Utils;
import at.gv.egovernment.moa.util.URLEncoder;
@@ -78,7 +79,7 @@ public class DefaultLoginParameterResolver implements LoginParameterResolver {
*/
public Map getAuthenticationHeaders(
OAConfiguration oaConf,
- AuthenticationData authData,
+ SAML1AuthenticationData authData,
String clientIPAddress,
boolean businessService,
String publicURLPrefix) {
@@ -116,7 +117,7 @@ public class DefaultLoginParameterResolver implements LoginParameterResolver {
*/
public Map getAuthenticationParameters(
OAConfiguration oaConf,
- AuthenticationData authData,
+ SAML1AuthenticationData authData,
String clientIPAddress,
boolean businessService,
String publicURLPrefix) {
@@ -149,13 +150,13 @@ public class DefaultLoginParameterResolver implements LoginParameterResolver {
* @param clientIPAddress client IP address
* @return header or parameter value resolved; <code>null</code> if unknown name is given
*/
- private static String resolveValue(String predicate, AuthenticationData authData, String clientIPAddress) {
+ private static String resolveValue(String predicate, SAML1AuthenticationData authData, String clientIPAddress) {
if (predicate.equals(MOAGivenName))
return authData.getGivenName();
if (predicate.equals(MOAFamilyName))
return authData.getFamilyName();
if (predicate.equals(MOADateOfBirth))
- return authData.getDateOfBirth();
+ return authData.getFormatedDateOfBirth();
if (predicate.equals(MOABPK))
return authData.getBPK();
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/proxy/LoginParameterResolver.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/proxy/LoginParameterResolver.java
index cd751b7ee..d432f8c41 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/proxy/LoginParameterResolver.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/proxy/LoginParameterResolver.java
@@ -50,6 +50,7 @@ import java.util.Map;
import at.gv.egovernment.moa.id.config.proxy.OAConfiguration;
import at.gv.egovernment.moa.id.data.AuthenticationData;
+import at.gv.egovernment.moa.id.protocols.saml1.SAML1AuthenticationData;
/**
* Determines authentication parameters and headers to be added to a {@link java.net.URLConnection}
@@ -102,7 +103,7 @@ public interface LoginParameterResolver {
*/
public Map getAuthenticationHeaders(
OAConfiguration oaConf,
- AuthenticationData authData,
+ SAML1AuthenticationData authData,
String clientIPAddress,
boolean businessService,
String publicURLPrefix) throws LoginParameterResolverException, NotAllowedException;
@@ -122,7 +123,7 @@ public interface LoginParameterResolver {
*/
public Map getAuthenticationParameters(
OAConfiguration oaConf,
- AuthenticationData authData,
+ SAML1AuthenticationData authData,
String clientIPAddress,
boolean businessService,
String publicURLPrefix) throws LoginParameterResolverException, NotAllowedException;
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/proxy/XMLLoginParameterResolverEncryptedData.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/proxy/XMLLoginParameterResolverEncryptedData.java
index 9f3de08aa..a5c632077 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/proxy/XMLLoginParameterResolverEncryptedData.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/proxy/XMLLoginParameterResolverEncryptedData.java
@@ -77,6 +77,7 @@ import org.xml.sax.SAXException;
import at.gv.egovernment.moa.id.config.ConfigurationProvider;
import at.gv.egovernment.moa.id.config.proxy.OAConfiguration;
import at.gv.egovernment.moa.id.data.AuthenticationData;
+import at.gv.egovernment.moa.id.protocols.saml1.SAML1AuthenticationData;
import at.gv.egovernment.moa.logging.Logger;
import at.gv.egovernment.moa.util.Base64Utils;
import at.gv.egovernment.moa.util.Constants;
@@ -373,7 +374,7 @@ public class XMLLoginParameterResolverEncryptedData implements LoginParameterRes
*/
public Map getAuthenticationHeaders(
OAConfiguration oaConf,
- AuthenticationData authData,
+ SAML1AuthenticationData authData,
String clientIPAddress,
boolean businessService,
String publicURLPrefix) throws LoginParameterResolverException, NotAllowedException {
@@ -447,7 +448,7 @@ public class XMLLoginParameterResolverEncryptedData implements LoginParameterRes
*/
public Map getAuthenticationParameters(
OAConfiguration oaConf,
- AuthenticationData authData,
+ SAML1AuthenticationData authData,
String clientIPAddress,
boolean businessService,
String publicURLPrefix) throws LoginParameterResolverException, NotAllowedException {
@@ -511,14 +512,14 @@ public class XMLLoginParameterResolverEncryptedData implements LoginParameterRes
*/
private static String resolveValue(
String predicate,
- AuthenticationData authData,
+ SAML1AuthenticationData authData,
String clientIPAddress) {
if (predicate.equals("MOAGivenName"))
return authData.getGivenName();
if (predicate.equals("MOAFamilyName"))
return authData.getFamilyName();
if (predicate.equals("MOADateOfBirth"))
- return authData.getDateOfBirth();
+ return authData.getFormatedDateOfBirth();
if (predicate.equals("MOABPK"))
return authData.getBPK();
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/proxy/XMLLoginParameterResolverPlainData.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/proxy/XMLLoginParameterResolverPlainData.java
index 2760a736b..740421024 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/proxy/XMLLoginParameterResolverPlainData.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/proxy/XMLLoginParameterResolverPlainData.java
@@ -48,10 +48,12 @@ package at.gv.egovernment.moa.id.proxy;
import at.gv.egovernment.moa.id.config.proxy.OAConfiguration;
import at.gv.egovernment.moa.id.data.AuthenticationData;
+import at.gv.egovernment.moa.id.protocols.saml1.SAML1AuthenticationData;
import at.gv.egovernment.moa.logging.Logger;
import at.gv.egovernment.moa.util.Base64Utils;
import java.io.IOException;
import java.util.*;
+
import org.apache.xerces.parsers.DOMParser;
import org.w3c.dom.*;
@@ -196,7 +198,7 @@ public class XMLLoginParameterResolverPlainData
}
//TODO document
- public Map getAuthenticationHeaders(OAConfiguration oaConf, AuthenticationData authData, String clientIPAddress, boolean businessService, String publicURLPrefix) throws NotAllowedException
+ public Map getAuthenticationHeaders(OAConfiguration oaConf, SAML1AuthenticationData authData, String clientIPAddress, boolean businessService, String publicURLPrefix) throws NotAllowedException
{
Map result = new HashMap();
if(oaConf.getAuthType().equals("basic"))
@@ -318,7 +320,7 @@ public class XMLLoginParameterResolverPlainData
return result;
}
- public Map getAuthenticationParameters(OAConfiguration oaConf, AuthenticationData authData, String clientIPAddress, boolean businessService, String publicURLPrefix)
+ public Map getAuthenticationParameters(OAConfiguration oaConf, SAML1AuthenticationData authData, String clientIPAddress, boolean businessService, String publicURLPrefix)
{
Map result = new HashMap();
if(oaConf.getAuthType().equals("param"))
@@ -336,14 +338,14 @@ public class XMLLoginParameterResolverPlainData
return result;
}
- private static String resolveValue(String predicate, AuthenticationData authData, String clientIPAddress)
+ private static String resolveValue(String predicate, SAML1AuthenticationData authData, String clientIPAddress)
{
if(predicate.equals(MOAGivenName))
return authData.getGivenName();
if(predicate.equals(MOAFamilyName))
return authData.getFamilyName();
if(predicate.equals(MOADateOfBirth))
- return authData.getDateOfBirth();
+ return authData.getFormatedDateOfBirth();
if(predicate.equals(MOABPK))
return authData.getBPK();
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/proxy/invoke/GetAuthenticationDataInvoker.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/proxy/invoke/GetAuthenticationDataInvoker.java
index 0ef2077a3..26da33e34 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/proxy/invoke/GetAuthenticationDataInvoker.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/proxy/invoke/GetAuthenticationDataInvoker.java
@@ -68,6 +68,7 @@ import at.gv.egovernment.moa.id.config.legacy.ConnectionParameter;
import at.gv.egovernment.moa.id.config.proxy.ProxyConfigurationProvider;
import at.gv.egovernment.moa.id.data.AuthenticationData;
import at.gv.egovernment.moa.id.data.SAMLStatus;
+import at.gv.egovernment.moa.id.protocols.saml1.SAML1AuthenticationData;
import at.gv.egovernment.moa.id.proxy.builder.SAMLRequestBuilder;
import at.gv.egovernment.moa.id.proxy.parser.SAMLResponseParser;
import at.gv.egovernment.moa.id.proxy.servlet.ProxyException;
@@ -107,7 +108,7 @@ public class GetAuthenticationDataInvoker {
* @return AuthenticationData
* @throws MOAIDException
*/
- public AuthenticationData getAuthenticationData(String samlArtifact)
+ public SAML1AuthenticationData getAuthenticationData(String samlArtifact)
throws MOAIDException {
ConnectionParameter authConnParam =
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/proxy/parser/AuthenticationDataAssertionParser.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/proxy/parser/AuthenticationDataAssertionParser.java
index 35f72d36d..ebda8dae0 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/proxy/parser/AuthenticationDataAssertionParser.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/proxy/parser/AuthenticationDataAssertionParser.java
@@ -50,6 +50,7 @@ import org.w3c.dom.Element;
import at.gv.egovernment.moa.id.auth.exception.ParseException;
import at.gv.egovernment.moa.id.data.AuthenticationData;
+import at.gv.egovernment.moa.id.protocols.saml1.SAML1AuthenticationData;
import at.gv.egovernment.moa.util.BoolUtils;
import at.gv.egovernment.moa.util.Constants;
import at.gv.egovernment.moa.util.DOMUtils;
@@ -147,11 +148,11 @@ public class AuthenticationDataAssertionParser implements Constants {
* @return <code>AuthenticationData</code> object
* @throws ParseException on any error
*/
- public AuthenticationData parseAuthenticationData()
+ public SAML1AuthenticationData parseAuthenticationData()
throws ParseException {
try {
- AuthenticationData authData = new AuthenticationData();
+ SAML1AuthenticationData authData = new SAML1AuthenticationData();
//ÄNDERN: NUR der Identification-Teil
authData.setSamlAssertion(DOMUtils.serializeNode(samlAssertion));
authData.setMajorVersion(new Integer(
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/proxy/parser/SAMLResponseParser.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/proxy/parser/SAMLResponseParser.java
index 9835c554d..cec8dbe6c 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/proxy/parser/SAMLResponseParser.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/proxy/parser/SAMLResponseParser.java
@@ -51,6 +51,7 @@ import org.w3c.dom.Element;
import at.gv.egovernment.moa.id.auth.exception.ParseException;
import at.gv.egovernment.moa.id.data.AuthenticationData;
import at.gv.egovernment.moa.id.data.SAMLStatus;
+import at.gv.egovernment.moa.id.protocols.saml1.SAML1AuthenticationData;
import at.gv.egovernment.moa.util.Constants;
import at.gv.egovernment.moa.util.XPathUtils;
@@ -130,7 +131,7 @@ public class SAMLResponseParser implements Constants {
* @return <code>AuthenticationData</code> object
* @throws ParseException on any parsing error
*/
- public AuthenticationData parseAuthenticationData()
+ public SAML1AuthenticationData parseAuthenticationData()
throws ParseException {
Element samlAssertion;
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/proxy/servlet/ProxyServlet.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/proxy/servlet/ProxyServlet.java
index 52f72f577..9447f2e35 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/proxy/servlet/ProxyServlet.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/proxy/servlet/ProxyServlet.java
@@ -84,6 +84,7 @@ import at.gv.egovernment.moa.id.config.proxy.OAConfiguration;
import at.gv.egovernment.moa.id.config.proxy.OAProxyParameter;
import at.gv.egovernment.moa.id.config.proxy.ProxyConfigurationProvider;
import at.gv.egovernment.moa.id.data.AuthenticationData;
+import at.gv.egovernment.moa.id.protocols.saml1.SAML1AuthenticationData;
import at.gv.egovernment.moa.id.proxy.ConnectionBuilder;
import at.gv.egovernment.moa.id.proxy.ConnectionBuilderFactory;
import at.gv.egovernment.moa.id.proxy.LoginParameterResolver;
@@ -232,7 +233,7 @@ public class ProxyServlet extends HttpServlet {
// boolean targetprovided = req.getParameter(PARAM_TARGET) != null;
// get authentication data from the MOA-ID Auth component
- AuthenticationData authData;
+ SAML1AuthenticationData authData;
try {
authData = new GetAuthenticationDataInvoker().getAuthenticationData(samlArtifact);
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/storage/AssertionStorage.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/storage/AssertionStorage.java
index 6d8979da3..890ec9f0d 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/storage/AssertionStorage.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/storage/AssertionStorage.java
@@ -31,9 +31,11 @@ import org.hibernate.HibernateException;
import org.hibernate.Query;
import org.hibernate.Session;
+import at.gv.egovernment.moa.id.auth.exception.AuthenticationException;
import at.gv.egovernment.moa.id.commons.db.MOASessionDBUtils;
import at.gv.egovernment.moa.id.commons.db.dao.session.AssertionStore;
import at.gv.egovernment.moa.id.commons.db.ex.MOADatabaseException;
+import at.gv.egovernment.moa.id.data.AuthenticationData;
import at.gv.egovernment.moa.logging.Logger;
import at.gv.egovernment.moa.util.MiscUtil;
@@ -82,10 +84,41 @@ public class AssertionStorage {
}
- public <T> T get(String artifact, final Class<T> clazz) throws MOADatabaseException {
+
+ /**
+ * @param samlArtifact
+ * @param class1
+ * @param authdatatimeout
+ * @return
+ * @throws MOADatabaseException
+ * @throws AuthenticationException
+ */
+ public <T> T get(String samlArtifact,
+ final Class<T> clazz) throws MOADatabaseException {
+
+ try {
+ return get(samlArtifact, clazz, -1);
+
+ } catch (AuthenticationException e) {
+ //this execption only occurs if an additional timeOut is used
+ Logger.error("This exeption should not occur!!!!", e);
+ return null;
+ }
+ }
+
+ public <T> T get(String artifact, final Class<T> clazz, long authdatatimeout) throws MOADatabaseException, AuthenticationException {
AssertionStore element = searchInDatabase(artifact);
+ if (authdatatimeout > -1) {
+ //check timeout
+ long now = new Date().getTime();
+
+ if (now - element.getDatatime().getTime() > authdatatimeout)
+ throw new AuthenticationException("1207", new Object[] { artifact });
+ }
+
+
//Deserialize Assertion
Object data = SerializationUtils.deserialize(element.getAssertion());
@@ -118,7 +151,7 @@ public class AssertionStorage {
if (results.size() != 0) {
for(AssertionStore result : results) {
try {
- MOASessionDBUtils.delete(result);
+ cleanDelete(result);
Logger.info("Remove sessioninformation with ID=" + result.getArtifact()
+ " after timeout.");
@@ -135,7 +168,7 @@ public class AssertionStorage {
try {
AssertionStore element = searchInDatabase(artifact);
- MOASessionDBUtils.delete(element);
+ cleanDelete(element);
Logger.info("Remove sessioninformation with ID" + artifact);
@@ -148,6 +181,23 @@ public class AssertionStorage {
}
}
+ private void cleanDelete(AssertionStore element) {
+ try {
+ element.setAssertion(new byte[]{});
+ MOASessionDBUtils.saveOrUpdate(element);
+
+ } catch (MOADatabaseException e) {
+ Logger.warn("Blank shortTime session with artifact=" + element.getArtifact() + " FAILED.", e);
+
+ } finally {
+ if (!MOASessionDBUtils.delete(element))
+ Logger.error("ShortTime session with artifact=" + element.getArtifact()
+ + " not removed! (Error during Database communication)");
+
+ }
+
+ }
+
@SuppressWarnings("rawtypes")
private AssertionStore searchInDatabase(String artifact) throws MOADatabaseException {
MiscUtil.assertNotNull(artifact, "artifact");
@@ -158,7 +208,7 @@ public class AssertionStorage {
synchronized (session) {
session.beginTransaction();
Query query = session.getNamedQuery("getAssertionWithArtifact");
- query.setString("artifact", artifact);
+ query.setParameter("artifact", artifact);
result = query.list();
//send transaction
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/storage/AuthenticationSessionStoreage.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/storage/AuthenticationSessionStoreage.java
index e6efa0256..26922a13b 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/storage/AuthenticationSessionStoreage.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/storage/AuthenticationSessionStoreage.java
@@ -22,10 +22,12 @@
*******************************************************************************/
package at.gv.egovernment.moa.id.storage;
+import java.util.ArrayList;
import java.util.Date;
import java.util.List;
import org.apache.commons.lang.SerializationUtils;
+import org.apache.commons.lang.StringEscapeUtils;
import org.hibernate.HibernateException;
import org.hibernate.Query;
import org.hibernate.Session;
@@ -36,10 +38,15 @@ import at.gv.egovernment.moa.id.auth.exception.AuthenticationException;
import at.gv.egovernment.moa.id.auth.exception.BuildException;
import at.gv.egovernment.moa.id.commons.db.MOASessionDBUtils;
import at.gv.egovernment.moa.id.commons.db.dao.session.AuthenticatedSessionStore;
+import at.gv.egovernment.moa.id.commons.db.dao.session.InterfederationSessionStore;
import at.gv.egovernment.moa.id.commons.db.dao.session.OASessionStore;
import at.gv.egovernment.moa.id.commons.db.dao.session.OldSSOSessionIDStore;
import at.gv.egovernment.moa.id.commons.db.ex.MOADatabaseException;
import at.gv.egovernment.moa.id.data.EncryptedData;
+import at.gv.egovernment.moa.id.data.SLOInformationInterface;
+import at.gv.egovernment.moa.id.moduls.IRequest;
+import at.gv.egovernment.moa.id.protocols.pvp2x.exceptions.AssertionAttributeExtractorExeption;
+import at.gv.egovernment.moa.id.protocols.pvp2x.utils.AssertionAttributeExtractor;
import at.gv.egovernment.moa.id.util.Random;
import at.gv.egovernment.moa.id.util.SessionEncrytionUtil;
import at.gv.egovernment.moa.logging.Logger;
@@ -62,21 +69,6 @@ public class AuthenticationSessionStoreage {
}
}
- public static void setAuthenticated(String moaSessionID, boolean value) {
-
- AuthenticatedSessionStore session;
-
- try {
- session = searchInDatabase(moaSessionID);
- session.setAuthenticated(value);
- MOASessionDBUtils.saveOrUpdate(session);
-
-
- } catch (MOADatabaseException e) {
- Logger.warn("isAuthenticated can not be stored in MOASession " + moaSessionID, e);
- }
- }
-
public static AuthenticationSession createSession() throws MOADatabaseException {
String id = Random.nextRandom();
AuthenticationSession session = new AuthenticationSession(id);
@@ -103,44 +95,39 @@ public class AuthenticationSessionStoreage {
return session;
}
-
- public static void storeSession(AuthenticationSession session) throws MOADatabaseException, BuildException {
+
+ public static AuthenticationSession getSession(String sessionID) throws MOADatabaseException {
try {
- AuthenticatedSessionStore dbsession = searchInDatabase(session.getSessionID());
- dbsession.setAuthenticated(session.isAuthenticated());
- byte[] serialized = SerializationUtils.serialize(session);
-
- EncryptedData encdata = SessionEncrytionUtil.encrypt(serialized);
- dbsession.setSession(encdata.getEncData());
- dbsession.setIv(encdata.getIv());
-
- //set Timestamp in this state, because automated timestamp generation is buggy in Hibernate 4.2.1
- dbsession.setUpdated(new Date());
-
- MOASessionDBUtils.saveOrUpdate(dbsession);
- Logger.debug("MOASession with sessionID=" + session.getSessionID() + " is stored in Database");
-
+ AuthenticatedSessionStore dbsession = searchInDatabase(sessionID);
+ return decryptSession(dbsession);
+
} catch (MOADatabaseException e) {
- Logger.warn("MOASession could not be stored.");
- throw new MOADatabaseException(e);
- }
+ Logger.info("No MOA Session with id: " + sessionID);
+ throw new MOADatabaseException("No MOA Session with id: " + sessionID);
+
+ } catch (Throwable e) {
+ Logger.warn("MOASession deserialization-exception by using MOASessionID=" + sessionID, e);
+ throw new MOADatabaseException("MOASession deserialization-exception");
+ }
+ }
+
+ public static void storeSession(AuthenticationSession session) throws MOADatabaseException, BuildException {
+ storeSession(session, null);
}
public static void storeSession(AuthenticationSession session, String pendingRequestID) throws MOADatabaseException, BuildException {
try {
AuthenticatedSessionStore dbsession = searchInDatabase(session.getSessionID());
- dbsession.setPendingRequestID(pendingRequestID);
-
- dbsession.setAuthenticated(session.isAuthenticated());
- byte[] serialized = SerializationUtils.serialize(session);
- EncryptedData encdata = SessionEncrytionUtil.encrypt(serialized);
- dbsession.setSession(encdata.getEncData());
- dbsession.setIv(encdata.getIv());
+ if (MiscUtil.isNotEmpty(pendingRequestID))
+ dbsession.setPendingRequestID(pendingRequestID);
+
+ encryptSession(session, dbsession);
//set Timestamp in this state, because automated timestamp generation is buggy in Hibernate 4.2.1
+ dbsession.setAuthenticated(session.isAuthenticated());
dbsession.setUpdated(new Date());
MOASessionDBUtils.saveOrUpdate(dbsession);
@@ -152,10 +139,9 @@ public class AuthenticationSessionStoreage {
}
}
-
public static void destroySession(String moaSessionID) throws MOADatabaseException {
- Session session = MOASessionDBUtils.getCurrentSession();
+ Session session = MOASessionDBUtils.getCurrentSession();
List<AuthenticatedSessionStore> result;
@@ -163,7 +149,7 @@ public class AuthenticationSessionStoreage {
session.beginTransaction();
Query query = session.getNamedQuery("getSessionWithID");
- query.setString("sessionid", moaSessionID);
+ query.setParameter("sessionid", moaSessionID);
result = query.list();
@@ -175,11 +161,9 @@ public class AuthenticationSessionStoreage {
throw new MOADatabaseException("No session found with this sessionID");
}
- AuthenticatedSessionStore dbsession = (AuthenticatedSessionStore) result.get(0);
-
- //delete MOA Session
- session.delete(dbsession);
- session.getTransaction().commit();
+ AuthenticatedSessionStore dbsession = (AuthenticatedSessionStore) result.get(0);
+ session.getTransaction().commit();
+ cleanDelete(dbsession);
}
}
@@ -196,16 +180,11 @@ public class AuthenticationSessionStoreage {
+ "to " + id);
session.setSessionID(id);
+ encryptSession(session, dbsession);
dbsession.setSessionid(id);
dbsession.setAuthenticated(session.isAuthenticated());
-
- byte[] serialized = SerializationUtils.serialize(session);
-
- EncryptedData encdata = SessionEncrytionUtil.encrypt(serialized);
- dbsession.setSession(encdata.getEncData());
- dbsession.setIv(encdata.getIv());
-
+
//set Timestamp in this state, because automated timestamp generation is buggy in Hibernate 4.2.1
dbsession.setUpdated(new Date());
@@ -219,9 +198,94 @@ public class AuthenticationSessionStoreage {
throw new AuthenticationException("TODO!", null);
}
}
+
+ public static void setAuthenticated(String moaSessionID, boolean value) {
+
+ AuthenticatedSessionStore session;
+
+ try {
+ session = searchInDatabase(moaSessionID);
+ session.setAuthenticated(value);
+ MOASessionDBUtils.saveOrUpdate(session);
+
+ } catch (MOADatabaseException e) {
+ Logger.warn("isAuthenticated can not be stored in MOASession " + moaSessionID, e);
+ }
+ }
+
+ public static String getMOASessionSSOID(String SSOSessionID) {
+ MiscUtil.assertNotNull(SSOSessionID, "SSOsessionID");
+ Logger.trace("Get authenticated session with SSOID " + SSOSessionID + " from database.");
+ Session session = MOASessionDBUtils.getCurrentSession();
+
+ List<AuthenticatedSessionStore> result;
+
+ synchronized (session) {
+ session.beginTransaction();
+ Query query = session.getNamedQuery("getSessionWithSSOID");
+ query.setParameter("sessionid", SSOSessionID);
+ result = query.list();
+
+ //send transaction
+ session.getTransaction().commit();
+ }
+
+ Logger.trace("Found entries: " + result.size());
+
+ //Assertion requires an unique artifact
+ if (result.size() != 1) {
+ Logger.trace("No entries found.");
+ return null;
+
+ } else {
+ return result.get(0).getSessionid();
+
+ }
+ }
+
+ public static boolean isSSOSession(String sessionID) throws MOADatabaseException {
+ try {
+ AuthenticatedSessionStore dbsession = searchInDatabase(sessionID);
+ return dbsession.isSSOSession();
+
+ } catch (MOADatabaseException e) {
+ Logger.info("No MOA Session with id: " + sessionID);
+ throw new MOADatabaseException("No MOA Session with id: " + sessionID);
+ }
+ }
+
+ public static AuthenticatedSessionStore isValidSessionWithSSOID(String SSOId, String moaSessionId) {
+ MiscUtil.assertNotNull(SSOId, "SSOSessionID");
+ Logger.trace("Get authenticated session with SSOID " + SSOId + " from database.");
+ Session session = MOASessionDBUtils.getCurrentSession();
+
+ List<AuthenticatedSessionStore> result;
+
+ synchronized (session) {
+ session.beginTransaction();
+ Query query = session.getNamedQuery("getSessionWithSSOID");
+ query.setParameter("sessionid", SSOId);
+ result = query.list();
+
+ //send transaction
+ session.getTransaction().commit();
+ }
+
+ Logger.trace("Found entries: " + result.size());
+
+ //Assertion requires an unique artifact
+ if (result.size() != 1) {
+ Logger.trace("No entries found.");
+ return null;
+
+ } else {
+ return result.get(0);
+ }
+ }
+
public static void addSSOInformation(String moaSessionID, String SSOSessionID,
- String assertionID, String OAUrl) throws AuthenticationException {
+ SLOInformationInterface SLOInfo, String OAUrl) throws AuthenticationException {
AuthenticatedSessionStore dbsession;
Transaction tx = null;
@@ -237,7 +301,7 @@ public class AuthenticationSessionStoreage {
tx = session.beginTransaction();
Query query = session.getNamedQuery("getSessionWithID");
- query.setString("sessionid", moaSessionID);
+ query.setParameter("sessionid", moaSessionID);
result = query.list();
@@ -251,13 +315,34 @@ public class AuthenticationSessionStoreage {
}
dbsession = (AuthenticatedSessionStore) result.get(0);
-
+
+ OASessionStore activeOA = null;
+ //check if OA already has an active OA session
+ if (dbsession.getActiveOAsessions() != null) {
+ for (OASessionStore el : dbsession.getActiveOAsessions()) {
+ if (el.getOaurlprefix().equals(OAUrl))
+ activeOA = el;
+ }
+ }
+
+ if (activeOA == null)
+ activeOA = new OASessionStore();
+
//set active OA applications
- OASessionStore activeOA = new OASessionStore();
activeOA.setOaurlprefix(OAUrl);
activeOA.setMoasession(dbsession);
activeOA.setCreated(new Date());
- activeOA.setAssertionSessionID(assertionID);
+
+ //set additional information for SLO
+ if (SLOInfo != null) {
+ activeOA.setAssertionSessionID(SLOInfo.getSessionIndex());
+ activeOA.setUserNameID(SLOInfo.getUserNameIdentifier());
+ activeOA.setUserNameIDFormat(SLOInfo.getUserNameIDFormat());
+ activeOA.setProtocolType(SLOInfo.getProtocolType());
+ activeOA.setAttributeQueryUsed(false);
+
+
+ }
List<OASessionStore> activeOAs = dbsession.getActiveOAsessions();
activeOAs.add(activeOA);
@@ -286,7 +371,7 @@ public class AuthenticationSessionStoreage {
tx.commit();
Logger.debug("Add SSO-Session login information for OA: " + OAUrl
- + " and AssertionID: " + assertionID);
+ + " and AssertionID: " + SLOInfo.getSessionIndex());
}
} catch (MOADatabaseException e) {
@@ -298,56 +383,75 @@ public class AuthenticationSessionStoreage {
throw new AuthenticationException("SSO Session information can not be stored! --> SSO is deactivated", null);
}
}
-
-
- public static AuthenticationSession getSession(String sessionID) throws MOADatabaseException {
+
+ public static List<OASessionStore> getAllActiveOAFromMOASession(AuthenticationSession moaSession) {
+ MiscUtil.assertNotNull(moaSession, "MOASession");
try {
- AuthenticatedSessionStore dbsession = searchInDatabase(sessionID);
+ AuthenticatedSessionStore dbsession = searchInDatabase(moaSession.getSessionID());
+ return dbsession.getActiveOAsessions();
- //decrypt Session
- EncryptedData encdata = new EncryptedData(dbsession.getSession(),
- dbsession.getIv());
- byte[] decrypted = SessionEncrytionUtil.decrypt(encdata);
-
- AuthenticationSession session = (AuthenticationSession) SerializationUtils.deserialize(decrypted);
-
- return session;
-
} catch (MOADatabaseException e) {
- Logger.info("No MOA Session with id: " + sessionID);
- throw new MOADatabaseException("No MOA Session with id: " + sessionID);
+ Logger.warn("NO session information found for sessionID " + moaSession.getSessionID(), e);
- } catch (Throwable e) {
- Logger.warn("MOASession deserialization-exception by using MOASessionID=" + sessionID, e);
- throw new MOADatabaseException("MOASession deserialization-exception");
}
+
+ return null;
}
- public static boolean isSSOSession(String sessionID) throws MOADatabaseException {
- try {
- AuthenticatedSessionStore dbsession = searchInDatabase(sessionID);
- return dbsession.isSSOSession();
+ public static AuthenticationSession searchMOASessionWithNameIDandOAID(String oaID, String userNameID) {
+ MiscUtil.assertNotNull(oaID, "OnlineApplicationIdentifier");
+ MiscUtil.assertNotNull(userNameID, "userNameID");
+ Logger.trace("Get moaSession for userNameID " + userNameID + " and OA "
+ + oaID + " from database.");
+ Session session = MOASessionDBUtils.getCurrentSession();
+
+ List<AuthenticatedSessionStore> result;
+
+ synchronized (session) {
+ session.beginTransaction();
+ Query query = session.getNamedQuery("getMOASessionWithNameIDandOAID");
+ query.setParameter("oaID", oaID);
+ query.setParameter("nameID", userNameID);
+ result = query.list();
+
+ //send transaction
+ session.getTransaction().commit();
+ }
+
+ Logger.trace("Found entries: " + result.size());
+
+ //Assertion requires an unique artifact
+ if (result.size() != 1) {
+ Logger.trace("No unique entry found.");
+ return null;
+
+ }
+ try {
+ return decryptSession(result.get(0));
- } catch (MOADatabaseException e) {
- Logger.info("No MOA Session with id: " + sessionID);
- throw new MOADatabaseException("No MOA Session with id: " + sessionID);
+ } catch (BuildException e) {
+ Logger.warn("MOASession deserialization-exception by using MOASessionID=" + result.get(0).getSessionid(), e);
+ return null;
}
-
-
}
- public static String getMOASessionID(String SSOSessionID) {
- MiscUtil.assertNotNull(SSOSessionID, "moasessionID");
- Logger.trace("Get authenticated session with SSOID " + SSOSessionID + " from database.");
+ public static OASessionStore searchActiveOASSOSession(AuthenticationSession moaSession, String oaID, String protocolType) {
+ MiscUtil.assertNotNull(moaSession, "MOASession");
+ MiscUtil.assertNotNull(oaID, "OnlineApplicationIdentifier");
+ MiscUtil.assertNotNull(protocolType, "usedProtocol");
+ Logger.trace("Get active OnlineApplication for sessionID " + moaSession.getSessionID() + " with OAID "
+ + oaID + " from database.");
Session session = MOASessionDBUtils.getCurrentSession();
List<AuthenticatedSessionStore> result;
synchronized (session) {
session.beginTransaction();
- Query query = session.getNamedQuery("getSessionWithSSOID");
- query.setString("sessionid", SSOSessionID);
+ Query query = session.getNamedQuery("getActiveOAWithSessionIDandOAIDandProtocol");
+ query.setParameter("sessionID", moaSession.getSessionID());
+ query.setParameter("oaID", oaID);
+ query.setParameter("protocol", protocolType);
result = query.list();
//send transaction
@@ -357,29 +461,71 @@ public class AuthenticationSessionStoreage {
Logger.trace("Found entries: " + result.size());
//Assertion requires an unique artifact
- if (result.size() != 1) {
+ if (result.size() == 0) {
Logger.trace("No entries found.");
- return null;
-
- } else {
- return result.get(0).getSessionid();
-
+ return null;
+
}
+ return result.get(0).getActiveOAsessions().get(0);
}
- public static boolean isValidSessionWithSSOID(String SSOId, String moaSessionId) {
-
- MiscUtil.assertNotNull(SSOId, "SSOSessionID");
- Logger.trace("Get authenticated session with SSOID " + SSOId + " from database.");
+ public static String getPendingRequestID(String sessionID) {
+ try {
+ AuthenticatedSessionStore dbsession = searchInDatabase(sessionID);
+ return dbsession.getPendingRequestID();
+
+ } catch (MOADatabaseException e) {
+ Logger.warn("MOASession with ID " + sessionID + " not found");
+ return "";
+ }
+ }
+
+ public static AuthenticationSession getSessionWithPendingRequestID(String pedingRequestID) {
+ try {
+ MiscUtil.assertNotNull(pedingRequestID, "pedingRequestID");
+ Logger.trace("Get authenticated session with pedingRequestID " + pedingRequestID + " from database.");
+ Session session = MOASessionDBUtils.getCurrentSession();
+
+ List<AuthenticatedSessionStore> result;
+
+ synchronized (session) {
+ session.beginTransaction();
+ Query query = session.getNamedQuery("getSessionWithPendingRequestID");
+ query.setParameter("sessionid", pedingRequestID);
+ result = query.list();
+
+ //send transaction
+ session.getTransaction().commit();
+ }
+
+ Logger.trace("Found entries: " + result.size());
+
+ //Assertion requires an unique artifact
+ if (result.size() != 1) {
+ Logger.trace("No entries found.");
+ return null;
+ }
+
+ return decryptSession(result.get(0));
+
+ } catch (Throwable e) {
+ Logger.warn("MOASession deserialization-exception by using MOASessionID=" + pedingRequestID);
+ return null;
+ }
+ }
+
+ public static boolean deleteSessionWithPendingRequestID(String id) {
+ MiscUtil.assertNotNull(id, "PendingRequestID");
+ Logger.trace("Delete MOAsession with PendingRequestID " + id + " from database.");
Session session = MOASessionDBUtils.getCurrentSession();
List<AuthenticatedSessionStore> result;
synchronized (session) {
session.beginTransaction();
- Query query = session.getNamedQuery("getSessionWithSSOID");
- query.setString("sessionid", SSOId);
+ Query query = session.getNamedQuery("getSessionWithPendingRequestID");
+ query.setParameter("sessionid", id);
result = query.list();
//send transaction
@@ -394,22 +540,91 @@ public class AuthenticationSessionStoreage {
return false;
} else {
+ cleanDelete(result.get(0));
return true;
}
+
+ }
+
+ public static AuthenticationSession getSessionWithUserNameID(String nameID) {
+
+ try {
+ MiscUtil.assertNotNull(nameID, "nameID");
+ Logger.trace("Get authenticated session with pedingRequestID " + nameID + " from database.");
+ Session session = MOASessionDBUtils.getCurrentSession();
+
+ List<AuthenticatedSessionStore> result;
+
+ synchronized (session) {
+ session.beginTransaction();
+ Query query = session.getNamedQuery("getMOAISessionWithUserNameID");
+ query.setParameter("usernameid", StringEscapeUtils.escapeHtml(nameID));
+ result = query.list();
+
+ //send transaction
+ session.getTransaction().commit();
+ }
+
+ Logger.trace("Found entries: " + result.size());
+
+ //Assertion requires an unique artifact
+ if (result.size() == 0) {
+ Logger.trace("No entries found.");
+ return null;
+ }
+
+ return decryptSession(result.get(0));
+
+ } catch (Throwable e) {
+ Logger.warn("MOASession deserialization-exception by using MOASessionID=" + nameID);
+ return null;
+ }
+
+ }
+
+ public static InterfederationSessionStore searchInterfederatedIDPFORSSOWithMOASession(String sessionID) {
+ MiscUtil.assertNotNull(sessionID, "MOASession");
+ Logger.trace("Get interfederated IDP for SSO with sessionID " + sessionID + " from database.");
+ Session session = MOASessionDBUtils.getCurrentSession();
+
+ List<AuthenticatedSessionStore> result;
+
+ synchronized (session) {
+ session.beginTransaction();
+ Query query = session.getNamedQuery("getInterfederatedIDPForSSOWithSessionID");
+ query.setParameter("sessionID", sessionID);
+ result = query.list();
+
+ //send transaction
+ session.getTransaction().commit();
+ }
+
+ Logger.trace("Found entries: " + result.size());
+
+ //Assertion requires an unique artifact
+ if (result.size() == 0) {
+ Logger.trace("No entries found.");
+ return null;
+
+ }
+
+ return result.get(0).getInderfederation().get(0);
}
- public static boolean deleteSessionWithPendingRequestID(String id) {
- MiscUtil.assertNotNull(id, "PendingRequestID");
- Logger.trace("Delete MOAsession with PendingRequestID " + id + " from database.");
+ public static InterfederationSessionStore searchInterfederatedIDPFORSSOWithMOASessionIDPID(String sessionID, String idpID) {
+ MiscUtil.assertNotNull(sessionID, "MOASession");
+ MiscUtil.assertNotNull(idpID, "Interfederated IDP ID");
+ Logger.trace("Get interfederated IDP "+ idpID + " for SSO with sessionID " + sessionID + " from database.");
Session session = MOASessionDBUtils.getCurrentSession();
List<AuthenticatedSessionStore> result;
synchronized (session) {
session.beginTransaction();
- Query query = session.getNamedQuery("getSessionWithPendingRequestID");
- query.setString("sessionid", id);
+ Query query = session.getNamedQuery("getInterfederatedIDPForSSOWithSessionIDIDPID");
+ query.setParameter("sessionID", sessionID);
+ query.setParameter("idpID", idpID);
result = query.list();
//send transaction
@@ -419,33 +634,138 @@ public class AuthenticationSessionStoreage {
Logger.trace("Found entries: " + result.size());
//Assertion requires an unique artifact
- if (result.size() != 1) {
+ if (result.size() == 0) {
Logger.trace("No entries found.");
- return false;
-
- } else {
- MOASessionDBUtils.delete(result.get(0));
- return true;
+ return null;
+
}
-
-
+
+ return result.get(0).getInderfederation().get(0);
}
- public static String getPendingRequestID(String sessionID) {
+ public static String createInterfederatedSession(IRequest req, boolean isAuthenticated, String ssoID) throws MOADatabaseException, AssertionAttributeExtractorExeption {
+ AuthenticatedSessionStore dbsession = null;
+
+ //search for active SSO session
+ if (MiscUtil.isNotEmpty(ssoID)) {
+ String moaSession = getMOASessionSSOID(ssoID);
+ if (MiscUtil.isNotEmpty(moaSession)) {
+ try {
+ dbsession = searchInDatabase(moaSession);
+
+ }catch (MOADatabaseException e) {
+
+ }
+ }
+ }
+
+ String id = null;
+ Date now = new Date();
+
+ //create new MOASession if any exists
+ if (dbsession == null) {
+ id = Random.nextRandom();
+ dbsession = new AuthenticatedSessionStore();
+ dbsession.setSessionid(id);
+ dbsession.setCreated(now);
+
+ } else {
+ id = dbsession.getSessionid();
+
+ }
+
+ dbsession.setInterfederatedSSOSession(true);
+ dbsession.setAuthenticated(isAuthenticated);
+ dbsession.setUpdated(now);
+
+ AuthenticationSession session = new AuthenticationSession(id);
+ session.setAuthenticated(true);
+ session.setAuthenticatedUsed(false);
+ dbsession.setSession(SerializationUtils.serialize(session));
+
+ //add interfederation information
+ List<InterfederationSessionStore> idpList = dbsession.getInderfederation();
+ InterfederationSessionStore idp = null;
+ if (idpList == null) {
+ idpList = new ArrayList<InterfederationSessionStore>();
+ dbsession.setInderfederation(idpList);
+
+ } else {
+ for (InterfederationSessionStore el : idpList) {
+ //resue old entry if interfederation IDP is reused for authentication
+ if (el.getIdpurlprefix().equals(req.getInterfederationResponse().getEntityID()))
+ idp = el;
+
+ }
+ }
+
+ //create new interfederation IDP entry
+ if (idp == null) {
+ idp = new InterfederationSessionStore();
+ idp.setCreated(now);
+ idp.setIdpurlprefix(req.getInterfederationResponse().getEntityID());
+ idp.setMoasession(dbsession);
+ idpList.add(idp);
+
+ }
+ AssertionAttributeExtractor extract = new AssertionAttributeExtractor(req.getInterfederationResponse().getResponse());
+ idp.setSessionIndex(extract.getSessionIndex());
+ idp.setUserNameID(extract.getNameID());
+ idp.setAttributesRequested(false);
+ idp.setQAALevel(extract.getQAALevel());
+
+ //store AssertionStore element to Database
try {
- AuthenticatedSessionStore dbsession = searchInDatabase(sessionID);
- return dbsession.getPendingRequestID();
+ MOASessionDBUtils.saveOrUpdate(dbsession);
+ Logger.info("MOASession with sessionID=" + id + " is stored in Database");
} catch (MOADatabaseException e) {
- Logger.warn("MOASession with ID " + sessionID + " not found");
- return "";
+ Logger.warn("MOASession could not be created.");
+ throw new MOADatabaseException(e);
}
+ return id;
}
- public static AuthenticationSession getSessionWithPendingRequestID(String pedingRequestID) {
+ public static InterfederationSessionStore searchInterfederatedIDPFORAttributeQueryWithSessionID(AuthenticationSession moaSession) {
+ MiscUtil.assertNotNull(moaSession, "MOASession");
+ Logger.trace("Get interfederated IDP for AttributeQuery with sessionID " + moaSession.getSessionID() + " from database.");
+ Session session = MOASessionDBUtils.getCurrentSession();
+
+ List<AuthenticatedSessionStore> result;
+
+ synchronized (session) {
+ session.beginTransaction();
+ Query query = session.getNamedQuery("getInterfederatedIDPForAttributeQueryWithSessionID");
+ query.setParameter("sessionID", moaSession.getSessionID());
+ result = query.list();
+
+ //send transaction
+ session.getTransaction().commit();
+ }
+
+ Logger.trace("Found entries: " + result.size());
+
+ //Assertion requires an unique artifact
+ if (result.size() == 0) {
+ Logger.trace("No entries found.");
+ return null;
+
+ }
+
+ return result.get(0).getInderfederation().get(0);
+ }
+
+ /**
+ * @param entityID
+ * @param requestID
+ */
+ public static boolean removeInterfederetedSession(String entityID,
+ String pedingRequestID) {
try {
+ Logger.debug("Remove interfederated IDP from local SSO session ...");
+
MiscUtil.assertNotNull(pedingRequestID, "pedingRequestID");
Logger.trace("Get authenticated session with pedingRequestID " + pedingRequestID + " from database.");
Session session = MOASessionDBUtils.getCurrentSession();
@@ -455,7 +775,7 @@ public class AuthenticationSessionStoreage {
synchronized (session) {
session.beginTransaction();
Query query = session.getNamedQuery("getSessionWithPendingRequestID");
- query.setString("sessionid", pedingRequestID);
+ query.setParameter("sessionid", pedingRequestID);
result = query.list();
//send transaction
@@ -467,20 +787,27 @@ public class AuthenticationSessionStoreage {
//Assertion requires an unique artifact
if (result.size() != 1) {
Logger.trace("No entries found.");
- return null;
+ return false;
}
- //decrypt Session
- EncryptedData encdata = new EncryptedData(result.get(0).getSession(),
- result.get(0).getIv());
- byte[] decrypted = SessionEncrytionUtil.decrypt(encdata);
- return (AuthenticationSession) SerializationUtils.deserialize(decrypted);
-
+ AuthenticatedSessionStore authsession = result.get(0);
+
+ List<InterfederationSessionStore> idpSessions = authsession.getInderfederation();
+ if (idpSessions != null) {
+ for (InterfederationSessionStore idp : idpSessions) {
+ if (idp.getIdpurlprefix().equals(entityID))
+ idpSessions.remove(idp);
+
+ }
+ }
+
+ MOASessionDBUtils.saveOrUpdate(authsession);
+ return true;
} catch (Throwable e) {
Logger.warn("MOASession deserialization-exception by using MOASessionID=" + pedingRequestID);
- return null;
- }
+ return false;
+ }
}
public static void clean(long now, long authDataTimeOutCreated, long authDataTimeOutUpdated) {
@@ -502,7 +829,7 @@ public class AuthenticationSessionStoreage {
if (results.size() != 0) {
for(AuthenticatedSessionStore result : results) {
try {
- MOASessionDBUtils.delete(result);
+ cleanDelete(result);
Logger.info("Authenticated session with sessionID=" + result.getSessionid()
+ " after session timeout.");
@@ -510,11 +837,43 @@ public class AuthenticationSessionStoreage {
Logger.warn("Authenticated session with sessionID=" + result.getSessionid()
+ " not removed after timeout! (Error during Database communication)", e);
}
-
}
}
}
+ private static void encryptSession(AuthenticationSession session, AuthenticatedSessionStore dbsession) throws BuildException {
+ byte[] serialized = SerializationUtils.serialize(session);
+
+ EncryptedData encdata = SessionEncrytionUtil.encrypt(serialized);
+ dbsession.setSession(encdata.getEncData());
+ dbsession.setIv(encdata.getIv());
+ }
+
+ private static AuthenticationSession decryptSession(AuthenticatedSessionStore dbsession) throws BuildException {
+ EncryptedData encdata = new EncryptedData(dbsession.getSession(),
+ dbsession.getIv());
+ byte[] decrypted = SessionEncrytionUtil.decrypt(encdata);
+
+ return (AuthenticationSession) SerializationUtils.deserialize(decrypted);
+
+ }
+
+ private static void cleanDelete(AuthenticatedSessionStore result) {
+ try {
+ result.setSession(new byte[] {});
+ MOASessionDBUtils.saveOrUpdate(result);
+
+ } catch (MOADatabaseException e) {
+ Logger.warn("Blank authenticated session with sessionID=" + result.getSessionid() + " FAILED.", e);
+
+ } finally {
+ if (!MOASessionDBUtils.delete(result))
+ Logger.error("Authenticated session with sessionID=" + result.getSessionid()
+ + " not removed! (Error during Database communication)");
+
+ }
+ }
+
@SuppressWarnings("rawtypes")
private static AuthenticatedSessionStore searchInDatabase(String sessionID) throws MOADatabaseException {
MiscUtil.assertNotNull(sessionID, "moasessionID");
@@ -526,7 +885,7 @@ public class AuthenticationSessionStoreage {
synchronized (session) {
session.beginTransaction();
Query query = session.getNamedQuery("getSessionWithID");
- query.setString("sessionid", sessionID);
+ query.setParameter("sessionid", sessionID);
result = query.list();
//send transaction
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/storage/DBExceptionStoreImpl.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/storage/DBExceptionStoreImpl.java
index ae8e5ee27..054ad1014 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/storage/DBExceptionStoreImpl.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/storage/DBExceptionStoreImpl.java
@@ -154,7 +154,7 @@ public class DBExceptionStoreImpl implements IExceptionStore {
synchronized (session) {
session.beginTransaction();
Query query = session.getNamedQuery("getExceptionWithID");
- query.setString("id", id);
+ query.setParameter("id", id);
result = query.list();
//send transaction
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/util/ErrorResponseUtils.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/util/ErrorResponseUtils.java
new file mode 100644
index 000000000..aff7e5057
--- /dev/null
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/util/ErrorResponseUtils.java
@@ -0,0 +1,103 @@
+/*
+ * Copyright 2014 Federal Chancellery Austria
+ * MOA-ID has been developed in a cooperation between BRZ, the Federal
+ * Chancellery Austria - ICT staff unit, and Graz University of Technology.
+ *
+ * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by
+ * the European Commission - subsequent versions of the EUPL (the "Licence");
+ * You may not use this work except in compliance with the Licence.
+ * You may obtain a copy of the Licence at:
+ * http://www.osor.eu/eupl/
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the Licence is distributed on an "AS IS" basis,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the Licence for the specific language governing permissions and
+ * limitations under the Licence.
+ *
+ * This product combines work with different licenses. See the "NOTICE" text
+ * file for details on the various modules and licenses.
+ * The "NOTICE" text file is part of the distribution. Any derivative works
+ * that you distribute must include a readable copy of the "NOTICE" text file.
+ */
+package at.gv.egovernment.moa.id.util;
+
+import java.util.Locale;
+
+import at.gv.egovernment.moa.id.auth.exception.BKUException;
+import at.gv.egovernment.moa.id.auth.exception.MISSimpleClientException;
+import at.gv.egovernment.moa.id.auth.exception.MOAIDException;
+import at.gv.egovernment.moa.id.protocols.oauth20.exceptions.OAuth20Exception;
+import at.gv.egovernment.moa.id.protocols.pvp2x.exceptions.PVP2Exception;
+import at.gv.egovernment.moa.util.Messages;
+import at.gv.egovernment.moa.util.MiscUtil;
+
+/**
+ * @author tlenz
+ *
+ */
+public class ErrorResponseUtils {
+
+ public static final String INTERNALERRORCODE = "9199";
+
+ private static ErrorResponseUtils instance = null;
+ private static final String[] DEFAULT_MESSAGE_RESOURCES =
+ { "resources/properties/protocol_response_statuscodes" };
+ private static final Locale[] DEFAULT_MESSAGE_LOCALES =
+ new Locale[] { new Locale("de", "AT") };
+ private Messages messages = null;
+
+
+ public static ErrorResponseUtils getInstance() {
+ if (instance == null) {
+ instance = new ErrorResponseUtils(DEFAULT_MESSAGE_RESOURCES, DEFAULT_MESSAGE_LOCALES);
+
+ }
+ return instance;
+ }
+
+ private ErrorResponseUtils(String[] resourceNames, Locale[] locales) {
+ this.messages = new Messages(resourceNames, locales);
+ }
+
+ public String getResponseErrorCode(Throwable throwable) {
+ String errorCode = null;
+
+ if (throwable instanceof BKUException) {
+ BKUException error = (BKUException) throwable;
+ errorCode = mapInternalErrorToExternalError(error.getMessageId()) +
+ error.getBkuErrorCode();
+
+ } else if (throwable instanceof MISSimpleClientException) {
+ MISSimpleClientException error = (MISSimpleClientException) throwable;
+
+ if (MiscUtil.isNotEmpty(error.getMISErrorCode()))
+ errorCode = mapInternalErrorToExternalError(error.getMessageId()) +
+ error.getMISErrorCode();
+ else
+ errorCode = mapInternalErrorToExternalError(error.getMessageId());
+
+ } else if (throwable instanceof MOAIDException) {
+ MOAIDException error = (MOAIDException) throwable;
+ errorCode = mapInternalErrorToExternalError(error.getMessageId());
+
+ } else {
+ errorCode = INTERNALERRORCODE;
+
+ }
+
+ return errorCode;
+
+ }
+
+ public String mapInternalErrorToExternalError(String intErrorCode) {
+ String extErrorCode = messages.getMessage(intErrorCode, null);
+
+ if (MiscUtil.isEmpty(extErrorCode))
+ extErrorCode = INTERNALERRORCODE;
+
+ return extErrorCode;
+
+ }
+
+}
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/util/SSLUtils.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/util/SSLUtils.java
index ed3f297c7..81abe3f5a 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/util/SSLUtils.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/util/SSLUtils.java
@@ -46,11 +46,7 @@
package at.gv.egovernment.moa.id.util;
-import iaik.pki.PKIConfiguration;
import iaik.pki.PKIException;
-import iaik.pki.PKIFactory;
-import iaik.pki.PKIProfile;
-import iaik.pki.jsse.IAIKX509TrustManager;
import iaik.security.provider.IAIK;
import java.io.BufferedInputStream;
@@ -62,26 +58,19 @@ import java.io.Reader;
import java.net.URL;
import java.security.GeneralSecurityException;
import java.security.Security;
-import java.util.HashMap;
-import java.util.Map;
import javax.net.ssl.HttpsURLConnection;
-import javax.net.ssl.KeyManager;
-import javax.net.ssl.SSLContext;
import javax.net.ssl.SSLSocketFactory;
-import javax.net.ssl.TrustManager;
import org.apache.regexp.RE;
import org.apache.regexp.RESyntaxException;
+import at.gv.egovernment.moa.id.commons.utils.ssl.SSLConfigurationException;
import at.gv.egovernment.moa.id.config.ConfigurationException;
import at.gv.egovernment.moa.id.config.ConfigurationProvider;
import at.gv.egovernment.moa.id.config.ConnectionParameter;
import at.gv.egovernment.moa.id.config.ConnectionParameterInterface;
-import at.gv.egovernment.moa.id.iaik.config.PKIConfigurationImpl;
-import at.gv.egovernment.moa.id.iaik.pki.PKIProfileImpl;
-import at.gv.egovernment.moa.id.iaik.pki.jsse.MOAIDTrustManager;
-import at.gv.egovernment.moa.logging.Logger;
+import at.gv.egovernment.moa.id.config.auth.AuthConfigurationProvider;
/**
@@ -94,14 +83,7 @@ import at.gv.egovernment.moa.logging.Logger;
*/
public class SSLUtils {
- /** SSLSocketFactory store, mapping URL->SSLSocketFactory **/
- private static Map<String, SSLSocketFactory> sslSocketFactories = new HashMap<String, SSLSocketFactory>();
-
- /**
- * Initializes the SSLSocketFactory store.
- */
public static void initialize() {
- sslSocketFactories = new HashMap<String, SSLSocketFactory>();
// JSSE Abhängigkeit
//Security.addProvider(new com.sun.net.ssl.internal.ssl.Provider());
Security.addProvider(new IAIK());
@@ -132,61 +114,38 @@ public class SSLUtils {
ConnectionParameterInterface connParam)
throws IOException, GeneralSecurityException, ConfigurationException, PKIException {
- Logger.debug("Get SSLSocketFactory for " + connParam.getUrl());
- // retrieve SSLSocketFactory if already created
- SSLSocketFactory ssf = (SSLSocketFactory)sslSocketFactories.get(connParam.getUrl());
- if (ssf != null)
- return ssf;
-
- // else create new SSLSocketFactory
- String trustStoreURL = conf.getTrustedCACertificates();
-
- if (trustStoreURL == null)
- throw new ConfigurationException(
- "config.08", new Object[] {"TrustedCACertificates"});
- String acceptedServerCertURL = connParam.getAcceptedServerCertificates();
-
- TrustManager[] tms = getTrustManagers(conf, trustStoreURL, acceptedServerCertURL);
-
- KeyManager[] kms = at.gv.egovernment.moa.util.SSLUtils.getKeyManagers(
- "pkcs12", connParam.getClientKeyStore(), connParam.getClientKeyStorePassword());
- SSLContext ctx = SSLContext.getInstance("TLS");
- ctx.init(kms, tms, null); ssf = ctx.getSocketFactory();
- // store SSLSocketFactory
- sslSocketFactories.put(connParam.getUrl(), ssf);
- return ssf;
+ // else create new SSLSocketFactory
+ String trustStoreURL = conf.getTrustedCACertificates();
+
+ if (trustStoreURL == null)
+ throw new ConfigurationException(
+ "config.08", new Object[] {"TrustedCACertificates"});
+
+ String acceptedServerCertURL = connParam.getAcceptedServerCertificates();
+
+ //INFO: MOA-ID 2.x always use defaultChainingMode
+
+ try {
+ SSLSocketFactory ssf =
+ at.gv.egovernment.moa.id.commons.utils.ssl.SSLUtils.getSSLSocketFactory(
+ connParam.getUrl(),
+ conf.getCertstoreDirectory(),
+ trustStoreURL,
+ acceptedServerCertURL,
+ AuthConfigurationProvider.getInstance().getDefaultChainingMode(),
+ AuthConfigurationProvider.getInstance().isTrustmanagerrevoationchecking(),
+ connParam.getClientKeyStore(),
+ connParam.getClientKeyStorePassword(),
+ "pkcs12");
+
+ return ssf;
+
+ } catch (SSLConfigurationException e) {
+ throw new ConfigurationException(e.getErrorID(), e.getParameters(), e.getE());
+
+ }
}
-
- /**
- * Initializes an <code>IAIKX509TrustManager</code> for a given trust store,
- * using configuration data.
- *
- * @param conf MOA-ID configuration provider
- * @param trustStoreURL trust store URL
- * @param acceptedServerCertURL file URL pointing to directory containing accepted server SSL certificates
- * @return <code>TrustManager</code> array containing the <code>IAIKX509TrustManager</code>
- * @throws ConfigurationException on invalid configuration data
- * @throws IOException on data-reading problems
- * @throws PKIException while initializing the <code>IAIKX509TrustManager</code>
- */
- public static TrustManager[] getTrustManagers(
- ConfigurationProvider conf, String trustStoreURL, String acceptedServerCertURL)
- throws ConfigurationException, PKIException, IOException, GeneralSecurityException {
-
- PKIConfiguration cfg = null;
- if (! PKIFactory.getInstance().isAlreadyConfigured())
- cfg = new PKIConfigurationImpl(conf);
- boolean checkRevocation = conf.isTrustmanagerrevoationchecking();
- PKIProfile profile = new PKIProfileImpl(trustStoreURL, checkRevocation);
- // This call fixes a bug occuring when PKIConfiguration is
- // initialized by the MOA-SP initialization code, in case
- // MOA-SP is called by API
- MOAIDTrustManager.initializeLoggingContext();
- IAIKX509TrustManager tm = new MOAIDTrustManager(acceptedServerCertURL);
- tm.init(cfg, profile);
- return new TrustManager[] {tm};
- }
/**
* Reads a file, given by URL, into a byte array,
* securing the connection by IAIKX509TrustManager.
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/util/client/mis/simple/MISMandate.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/util/client/mis/simple/MISMandate.java
index 385dd753c..f7785d2c2 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/util/client/mis/simple/MISMandate.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/util/client/mis/simple/MISMandate.java
@@ -48,6 +48,8 @@ package at.gv.egovernment.moa.id.util.client.mis.simple;
import java.io.Serializable;
+import at.gv.egovernment.moa.util.MiscUtil;
+
public class MISMandate implements Serializable{
private static final long serialVersionUID = 1L;
@@ -90,16 +92,21 @@ public class MISMandate implements Serializable{
}
public String getTextualDescriptionOfOID() {
- if (this.oid.equalsIgnoreCase(OID_NOTAR))
- return TEXT_NOTAR;
- if (this.oid.equalsIgnoreCase(OID_RECHTSANWALT))
- return TEXT_RECHTSANWALT;
- if (this.oid.equalsIgnoreCase(OID_ZIVILTECHNIKER))
- return TEXT_ZIVILTECHNIKER;
- if (this.oid.equalsIgnoreCase(OID_ORGANWALTER))
- return TEXT_ORGANWALTER;
+ if (MiscUtil.isNotEmpty(this.oid)) {
+ if (this.oid.equalsIgnoreCase(OID_NOTAR))
+ return TEXT_NOTAR;
+ if (this.oid.equalsIgnoreCase(OID_RECHTSANWALT))
+ return TEXT_RECHTSANWALT;
+ if (this.oid.equalsIgnoreCase(OID_ZIVILTECHNIKER))
+ return TEXT_ZIVILTECHNIKER;
+ if (this.oid.equalsIgnoreCase(OID_ORGANWALTER))
+ return TEXT_ORGANWALTER;
- return "Keine textuelle Beschreibung für OID " + oid;
+ return "Keine textuelle Beschreibung für OID " + oid;
+
+ } else {
+ return null;
+ }
}
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/util/client/mis/simple/MISSimpleClient.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/util/client/mis/simple/MISSimpleClient.java
index b9c4e88b7..aaf793987 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/util/client/mis/simple/MISSimpleClient.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/util/client/mis/simple/MISSimpleClient.java
@@ -149,17 +149,17 @@ public class MISSimpleClient {
}
return foundMandates;
} catch (ParserConfigurationException e) {
- throw new MISSimpleClientException(e);
+ throw new MISSimpleClientException("service.06", e);
} catch (DOMException e) {
- throw new MISSimpleClientException(e);
+ throw new MISSimpleClientException("service.06", e);
} catch (TransformerException e) {
- throw new MISSimpleClientException(e);
+ throw new MISSimpleClientException("service.06", e);
}
}
- public static MISSessionId sendSessionIdRequest(String webServiceURL, byte[] idl, byte[] cert, String oaFriendlyName, String redirectURL, String referenceValue, List<String> mandateIdentifier, String targetType, SSLSocketFactory sSLSocketFactory) throws MISSimpleClientException {
+ public static MISSessionId sendSessionIdRequest(String webServiceURL, byte[] idl, byte[] cert, String oaFriendlyName, String redirectURL, String referenceValue, List<String> mandateIdentifier, String targetType, byte[] authBlock, SSLSocketFactory sSLSocketFactory) throws MISSimpleClientException {
if (webServiceURL == null) {
- throw new NullPointerException("Argument webServiceURL must not be null.");
+ throw new MISSimpleClientException("service.04");
}
if (idl == null) {
throw new NullPointerException("Argument idl must not be null.");
@@ -224,8 +224,11 @@ public class MISSimpleClient {
targetElement.appendChild(targetTypeElement);
mirElement.appendChild(targetElement);
-
-
+ //add AuthBlock element
+ Element authBlockElement = doc.createElementNS(MIS_NS, "authBlock");
+ authBlockElement.appendChild(doc.createTextNode(new String(Base64.encodeBase64(authBlock))));
+ mirElement.appendChild(authBlockElement);
+
// send soap request
Element mandateIssueResponseElement = sendSOAPRequest(webServiceURL, mirElement);
@@ -253,11 +256,11 @@ public class MISSimpleClient {
return msid;
} catch (ParserConfigurationException e) {
- throw new MISSimpleClientException(e);
+ throw new MISSimpleClientException("service.06", e);
} catch (DOMException e) {
- throw new MISSimpleClientException(e);
+ throw new MISSimpleClientException("service.06", e);
} catch (TransformerException e) {
- throw new MISSimpleClientException(e);
+ throw new MISSimpleClientException("service.06", e);
}
}
@@ -271,9 +274,10 @@ public class MISSimpleClient {
if (errorElement != null) {
String code = ((Node) XPathAPI.selectSingleNode(mandateIssueResponseElement, "//mis:MandateIssueResponse/mis:Error/mis:Code/text()", NS_NODE)).getNodeValue();
String text = ((Node) XPathAPI.selectSingleNode(mandateIssueResponseElement, "//mis:MandateIssueResponse/mis:Error/mis:Text/text()", NS_NODE)).getNodeValue();
- throw new MISSimpleClientException("Fehler beim Abfragen des Online-Vollmachten Services: " + code + " / " + text, code, text); }
+ throw new MISSimpleClientException("service.05", code, text); }
+
} catch (TransformerException e) {
- throw new MISSimpleClientException(e);
+ throw new MISSimpleClientException("auth.15", e);
}
}
@@ -308,19 +312,19 @@ public class MISSimpleClient {
return unpackFromSOAP(doc.getDocumentElement());
} catch(IOException e) {
- throw new MISSimpleClientException(e.getLocalizedMessage(), e);
+ throw new MISSimpleClientException("service.04", e);
} catch (TransformerException e) {
- throw new MISSimpleClientException(e);
+ throw new MISSimpleClientException("service.06", e);
} catch (SAXException e) {
- throw new MISSimpleClientException(e);
+ throw new MISSimpleClientException("service.06", e);
} catch (ParserConfigurationException e) {
- throw new MISSimpleClientException(e);
+ throw new MISSimpleClientException("service.06", e);
} catch (Exception e) {
- throw new MISSimpleClientException(e.getLocalizedMessage(), e);
+ throw new MISSimpleClientException("service.06", e);
}
@@ -336,7 +340,7 @@ public class MISSimpleClient {
soapBody.appendChild(doc.importNode(element, true));
return soapEnvelope;
} catch(ParserConfigurationException e) {
- throw new MISSimpleClientException(e);
+ throw new MISSimpleClientException("service.06", e);
}
}
@@ -344,7 +348,7 @@ public class MISSimpleClient {
try {
return (Element) XPathAPI.selectSingleNode(element, "/soap:Envelope/soap:Body/child::*[position()=1]", NS_NODE);
} catch(TransformerException e) {
- throw new MISSimpleClientException(e);
+ throw new MISSimpleClientException("service.06", e);
}
}
}
diff --git a/id/server/idserverlib/src/main/resources/resources/properties/id_messages_de.properties b/id/server/idserverlib/src/main/resources/resources/properties/id_messages_de.properties
index 3cd8ee24a..c8cca157d 100644
--- a/id/server/idserverlib/src/main/resources/resources/properties/id_messages_de.properties
+++ b/id/server/idserverlib/src/main/resources/resources/properties/id_messages_de.properties
@@ -24,7 +24,6 @@ auth.03=Fehler beim Abholen einer Datei von der URL "{0}": Interne Fehlermeldung
auth.04=Fehler beim Auslesen der Resource "{0}": {1}
auth.05=Fehlender Parameter "{1}" beim Aufruf von "{0}"
auth.06=Fehler beim Speichern der Anmeldedaten, fehlerhaftes SAML-Artifact Format (SAML-Artifact={0})
-#auth.07=Aufruf von {0} muss mit Schema "https:" erfolgen. <br><b>Hinweis:</b> Bitte Dokumentation zu GenericConfiguration: "FrontendServlets.EnableHTTPConnection" beachten.
auth.07=Aufruf von {0} muss mit Schema "https:" erfolgen.
auth.08=In der B\u00FCrgerkartenumgebung ist ein Fehler aufgetreten\: <br>Fehlercode <i>{0}</i>\: {1}
auth.09=Zur Auswahlseite der B\u00FCrgertenumgebung (URL\={0}) konnte keine Verbindung hergestellt werden. \: <br>HTTP-Statuscode <i>{1}</i>
@@ -33,7 +32,7 @@ auth.11=Die zentral gespeicherte Auswahlseite f\u00FCr B\u00FCrgerkartenumgebung
auth.12=Fehlerhafter Parameter "{1}" beim Aufruf von "{0}"
auth.13=Vollmachtenmodus f\u00FCr ausl\u00E4ndische B\u00FCrger wird nicht unterst\u00FCtzt.
auth.14=Zertifikat konnte nicht ausgelesen werden.
-auth.15=Fehler bei Anfrage an Vollmachten Service.
+auth.15=Fehler beim validieren der Online-Vollmacht.
auth.16=Fehler bei Abarbeitung der Vollmacht in "{0}"
auth.17=Vollmachtenmodus f\u00FCr nicht-\u00F6ffentlichen Bereich wird nicht unterst\u00FCtzt.
auth.18=Keine MOASessionID vorhanden
@@ -43,6 +42,7 @@ auth.21=Der Anmeldevorgang wurde durch den Benutzer abgebrochen.
auth.22=Das Protokoll {0} ist deaktiviert.
auth.23=Das BKU-Selektion Template entspricht nicht der Spezifikation von MOA-ID 2.x.
auth.24=Das Send-Assertion Template entspricht nicht der Spezifikation von MOA-ID 2.x.
+auth.25=Fehler beim validieren der SZR-Gateway Response.
init.00=MOA ID Authentisierung wurde erfolgreich gestartet
init.01=Fehler beim Aktivieren des IAIK-JCE/JSSE/JDK1.3 Workaround\: SSL ist m\u00F6glicherweise nicht verf\u00FCgbar
@@ -70,7 +70,8 @@ config.16=MOA ID Proxy konnte nicht gestartet werden. Das Element ConnnectionPar
config.17=Fehler beim initialisieren von Hibernate
config.18=Keine MOA-ID 2.x Konfiguration gefunden.
config.19=Kein Schl\u00FCssel f\u00FCr die Resignierung der Personenbindung gefunden.
-config.20=Umgebungsvariable "moa.id.proxy.configuration" nicht gesetzt
+config.20=Umgebungsvariable "moa.id.proxy.configuration" nicht gesetzt
+config.21=F\u00FCr diese Online Applikation sind keine Vollmachtsprofile hinterlegt.
parser.00=Leichter Fehler beim Parsen: {0}
parser.01=Fehler beim Parsen: {0}
@@ -87,11 +88,19 @@ builder.02=Fehler beim Ausblenden von Stammzahlen
builder.03=Fehler beim Aufbau des HTML Codes f\u00FCr Vollmachten
builder.04=Die Personenbindung konnte nicht neu signiert werden und wird aus diesem Grund nicht ausgeliefert. MOA-SS lieferte folgenden Fehlercode {0} und Fehler {1} zur\u00FCck.
builder.05=Beim resignieren der Personenbindung ist ein allgemeiner Fehler aufgetreten und wird aus diesem Grund nicht ausgeliefert.
+builder.06=Fehler beim generieren der Anmeldedaten aus SSO IDP Interfederation Informationen.
+builder.07=Fehlerhaftes SecurityLayer Template.
service.00=Fehler beim Aufruf des Web Service: {0}
service.01=Fehler beim Aufruf des Web Service: kein Endpoint
service.02=Fehler beim Aufruf des Web Service, Status {0}: {1}
service.03=Fehler beim Aufruf des SPSS-API: {0}
+service.04=Das Online-Vollmachten Service ist unter {0} nicht erreichbar.
+service.05=Fehler beim Anfragen des Online-Vollmachen Service: {0} / {1}
+service.06=Allgemeiner Fehler beim Anfragen des Online-Vollmachten Service
+service.07=Der SZR-Gateway ist unter {0} nicht erreichbar.
+service.08=Die Eintragung der ausländischen Person am SZR-Gateway ist fehlgeschlagen.
+service.09=Der SZR-Gateway Client konnte nicht initialisiert werden.
cleaner.00=AuthenticationSessionCleaner wurde gestartet
cleaner.01=Fehler im AuthenticationSessionCleaner
@@ -129,7 +138,7 @@ validator.08=Das Manifest ist ung\u00FCltig
validator.09=Die \u00F6ffentlichen Schl\u00FCssel des Identitiy Link stimmen nicht mit dem retournierten Zertifikat \u00FCberein
validator.10=Anzahl der URLs zur Authentisierungskomponente ung\u00FCltig {0}
-validator.11="Gesch�ftsbereich" wurde nicht in den SAML-Attributen gefunden {0}
+validator.11="Gesch\\u00E4ftsbereich" wurde nicht in den SAML-Attributen gefunden {0}
validator.12=Der Namespace des SAML-Attributs "Gesch\\u00E4ftsbereich" ist ung\u00FCltig {0}
validator.13=Das Target des 'Gesch\u00E4ftsbereichs' ist ung\u00FCltig {0}
validator.14="OA" wurde nicht in den SAML-Attributen gefunden {0}
@@ -137,7 +146,6 @@ validator.15=Der Namespace des SAML-Attributs "OA" ist ung\u00FCltig {0}
validator.16=Die vorkonfigurierte URL der OnlineApplikation ist fehlerhaft {0}
validator.17= Der SubjectDN-Name des von MOA-SP retournierten Zertifikats ist ung\u00FCltig {0}
-#validator.18= Der SubjectDN-Name des von MOA-SP retournierten Zertifikats ist nicht als g�ltiger SubjectDN-Name f�r eine Personenbindung konfiguriert. <b>{0}</b> wurde NICHT in der Konfiguration gefunden
validator.18= Das Zertifikat mit dem die Personenbindung signiert wurde, ist nicht zum Signieren der Personenbindung zul\u00E4ssig. Es konnte weder der SubjectDN ({0}) einem berechtigten Namen zugeordnet werden, noch enth?lt das Zertifikat die Erweiterung "Eigenschaft zur Ausstellung von Personenbindungen".
validator.19=Das verwendete Zertifikat zum Signieren ist ung\u00FCltig.<br>{0}
@@ -152,7 +160,7 @@ validator.26=OA Applikation ist eine Wirtschaftsapplikation, trotzdem ist ein SA
validator.27=OA Applikation ist keine Wirtschaftsapplikation, trotzdem ist ein SAML-Attribut "wbPK" enthalten
validator.28=Fehlerhafter Wert im "wbPK" SAML-Attribut {0}
validator.29=Fehler beim Auslesen des "wbPK" SAML-Attributs {0}
-validator.30=Der Namespace des SAML-Attributs "wbPK" ist ung�ltig {0}
+validator.30=Der Namespace des SAML-Attributs "wbPK" ist ung\u00FCltig {0}
validator.31="wbPK" wurde nicht in den SAML-Attributen gefunden {0}
@@ -212,7 +220,7 @@ stork.13=Fehler beim Sammeln eines Attributes in einem AttributProviderPlugin
stork.14=Es wurde weder Authentifizierungs/ noch Attributerequest empfangen
stork.15=Unbekannte request.
stork.16=Ein Attribute aus zwei verschiedenen Quellen unterscheidet sich\: {0}
-stork.17=Fehler beim Einholen der Zustimmung für Attribut\u00FCbertragung durch den Benutzer
+stork.17=Fehler beim Einholen der Zustimmung f\uFFFDr Attribut\u00FCbertragung durch den Benutzer
stork.18=STORK-SAML Engine konnte nicht initialisiert werden.
pvp2.00={0} ist kein gueltiger consumer service index
@@ -233,6 +241,11 @@ pvp2.14=SAML Anfrage verweigert
pvp2.15=Keine Metadateninformation gefunden
pvp2.16=Fehler beim verschl\u00FCsseln der PVP2 Assertion
pvp2.17=Der QAA Level {0} entspricht nicht dem angeforderten QAA Level {1}
+pvp2.18=Es konnten nicht alle Single Sign-On Sessions beendet werden.
+pvp2.19=Der Single LogOut Vorgang musste wegen eines unkorregierbaren Fehler abgebrochen werden.
+pvp2.20=Für die im Request angegebene EntityID konnten keine g\u00FCltigen Metadaten gefunden werden.
+pvp2.21=Die Signature des Requests konnte nicht g\u00FCltig validiert werden.
+pvp2.22=Der Request konnte nicht g\u00FCltig validiert werden (Fehler={0}).
oauth20.01=Fehlerhafte redirect url
oauth20.02=Fehlender Parameter "{0}"
@@ -241,5 +254,5 @@ oauth20.04=Die Art der Anmeldung wird nicht unterstuetzt
oauth20.05=Der angegebene Benutzer ist nicht berechtigt
oauth20.06=Die angegebene OA kann nicht verwendet werden
oauth20.07=Angeforderter grant_type ist nicht erlaubt
-oauth20.08=Nicht berechtigt f�r Token-Request
+oauth20.08=Nicht berechtigt f\u00FCr Token-Request
oauth20.09=Zertifikat fuer JSON Web-Token ist falsch konfiguriert. Fehler bei "{0}"
diff --git a/id/server/idserverlib/src/main/resources/resources/properties/protocol_response_statuscodes_de.properties b/id/server/idserverlib/src/main/resources/resources/properties/protocol_response_statuscodes_de.properties
new file mode 100644
index 000000000..2a55ea64c
--- /dev/null
+++ b/id/server/idserverlib/src/main/resources/resources/properties/protocol_response_statuscodes_de.properties
@@ -0,0 +1,187 @@
+auth.00=1000
+auth.01=1001
+auth.02=1100
+auth.03=9000
+auth.04=9100
+auth.05=1002
+auth.06=6200
+auth.07=1003
+auth.08=40
+auth.09=9100
+auth.10=1002
+auth.11=9100
+auth.12=1002
+auth.13=1007
+auth.14=1004
+auth.15=1108
+auth.16=9102
+auth.17=1006
+auth.18=1100
+auth.20=1100
+auth.21=1005
+auth.22=6000
+auth.23=9000
+auth.24=9001
+auth.25=1109
+
+init.00=9199
+init.01=9199
+init.02=9199
+init.04=9101
+
+config.00=9199
+config.01=9199
+config.02=9199
+config.03=9199
+config.04=9199
+config.05=9199
+config.06=9199
+config.07=9199
+config.08=9199
+config.09=9199
+config.10=9199
+config.11=9199
+config.12=9199
+config.13=9199
+config.14=9199
+config.15=9199
+config.16=9199
+config.17=9199
+config.18=9199
+config.19=9199
+config.20=9199
+config.21=9006
+
+parser.00=1101
+parser.01=1101
+parser.02=1101
+parser.03=1101
+parser.04=1101
+parser.05=1101
+parser.06=1101
+parser.07=1101
+
+builder.00=9102
+builder.01=9103
+builder.02=9102
+builder.03=9102
+builder.04=Die Personenbindung konnte nicht neu signiert werden und wird aus diesem Grund nicht ausgeliefert. MOA-SS lieferte folgenden Fehlercode {0} und Fehler {1} zur\u00FCck.
+builder.05=Beim resignieren der Personenbindung ist ein allgemeiner Fehler aufgetreten und wird aus diesem Grund nicht ausgeliefert.
+builder.06=4400
+builder.07=9002
+
+service.00=4300
+service.03=4300
+service.04=41000
+service.05=411
+service.06=41001
+service.07=4200
+service.08=4201
+service.09=9007
+
+validator.00=1102
+validator.01=1102
+validator.02=1102
+validator.03=1102
+validator.04=1102
+validator.05=1102
+
+validator.06=1103
+validator.07=1104
+validator.08=1103
+validator.09=1106
+
+validator.10=1106
+validator.11=1106
+validator.12=1106
+validator.13=1106
+validator.14=1106
+validator.15=1106
+validator.16=1106
+
+validator.17=1104
+validator.18=1104
+
+validator.19=1105
+
+validator.21=1103
+validator.22=1103
+validator.23=1103
+validator.24=1103
+validator.25=1103
+
+validator.26=1106
+validator.27=1106
+validator.28=1106
+validator.29=1106
+validator.30=1106
+validator.31=1106
+
+validator.32=1106
+validator.33=1106
+validator.34=1106
+validator.35=1106
+validator.36=1106
+validator.37=1106
+validator.38=1106
+validator.39=1106
+
+validator.40=9199
+validator.41=9199
+validator.42=9199
+validator.43=9199
+validator.44=9199
+validator.45=9102
+validator.46=9102
+validator.47=9102
+validator.48=9199
+
+validator.49=1104
+validator.50=1106
+
+validator.64=9102
+
+validator.67=1106
+validator.68=1106
+validator.69=1106
+validator.70=1106
+validator.71=1105
+
+ssl.01=1107
+
+stork.00=1200
+stork.01=1200
+stork.02=1200
+stork.04=1201
+stork.05=1201
+stork.06=1202
+stork.07=1201
+stork.08=1201
+stork.09=1201
+stork.10=4200
+stork.11=1203
+stork.12=9003
+stork.13=1203
+stork.14=6001
+stork.15=6001
+stork.16=1203
+stork.17=1203
+stork.18=9004
+
+pvp2.01=6100
+pvp2.06=6100
+pvp2.13=9199
+pvp2.16=6101
+pvp2.17=6102
+pvp2.20=6103
+pvp2.21=6104
+pvp2.22=6105
+
+oauth20.01=6200
+oauth20.06=1000
+oauth20.09=9005
+oauth20.10=9102
+
+##Map MIS/BKU statuscodes to MOA-ID-Auth statuscodes
+mis.301=1005
+bku.6001=1005 \ No newline at end of file
diff --git a/id/server/idserverlib/src/test/java/test/at/gv/egovernment/moa/id/proxy/parser/SAMLResponseParserTest.java b/id/server/idserverlib/src/test/java/test/at/gv/egovernment/moa/id/proxy/parser/SAMLResponseParserTest.java
index e5bde81fd..3acf20a41 100644
--- a/id/server/idserverlib/src/test/java/test/at/gv/egovernment/moa/id/proxy/parser/SAMLResponseParserTest.java
+++ b/id/server/idserverlib/src/test/java/test/at/gv/egovernment/moa/id/proxy/parser/SAMLResponseParserTest.java
@@ -52,6 +52,7 @@ import test.at.gv.egovernment.moa.id.UnitTestCase;
import at.gv.egovernment.moa.id.data.AuthenticationData;
import at.gv.egovernment.moa.id.data.SAMLStatus;
+import at.gv.egovernment.moa.id.protocols.saml1.SAML1AuthenticationData;
import at.gv.egovernment.moa.id.proxy.parser.SAMLResponseParser;
import at.gv.egovernment.moa.util.Constants;
import at.gv.egovernment.moa.util.DOMUtils;
@@ -209,7 +210,7 @@ public class SAMLResponseParserTest extends UnitTestCase {
assertEquals("samlp:Success", status.getStatusCode());
assertEquals("samlp:Success", status.getSubStatusCode());
assertEquals("Ollas leiwand", status.getStatusMessage());
- AuthenticationData authData = parser.parseAuthenticationData();
+ SAML1AuthenticationData authData = parser.parseAuthenticationData();
assertEquals(1, authData.getMajorVersion());
assertEquals(0, authData.getMinorVersion());
assertEquals("-4633313027464114584", authData.getAssertionID());
diff --git a/id/server/moa-id-commons/pom.xml b/id/server/moa-id-commons/pom.xml
index 6c2e12c65..4b2ae6536 100644
--- a/id/server/moa-id-commons/pom.xml
+++ b/id/server/moa-id-commons/pom.xml
@@ -4,11 +4,12 @@
<parent>
<groupId>MOA.id</groupId>
<artifactId>moa-id</artifactId>
- <version>2.0.1</version>
+ <version>2.x</version>
</parent>
<artifactId>moa-id-commons</artifactId>
<name>moa-id-commons</name>
<groupId>MOA.id.server</groupId>
+ <version>${moa-id-version}</version>
<profiles>
<profile>
@@ -64,11 +65,20 @@
<version>3.3.1</version>
</dependency>
<dependency>
+ <groupId>commons-httpclient</groupId>
+ <artifactId>commons-httpclient</artifactId>
+ </dependency>
+ <dependency>
<groupId>MOA</groupId>
<artifactId>moa-common</artifactId>
<type>jar</type>
</dependency>
+ <dependency>
+ <groupId>iaik.prod</groupId>
+ <artifactId>iaik_X509TrustManager</artifactId>
+ </dependency>
+
<!-- dependency>
<groupId>com.sun.xml.bind</groupId>
<artifactId>jaxb-xjc</artifactId>
@@ -127,6 +137,7 @@
</resources>
<plugins>
+
<plugin>
<groupId>org.apache.maven.plugins</groupId>
<artifactId>maven-compiler-plugin</artifactId>
@@ -184,7 +195,7 @@
</configuration>
</plugin>
- <plugin>
+<!-- <plugin>
<groupId>org.apache.maven.plugins</groupId>
<artifactId>maven-javadoc-plugin</artifactId>
<version>2.5</version>
@@ -226,10 +237,27 @@
</goals>
</execution>
</executions>
- </plugin>
- </plugins>
- <pluginManagement>
- <plugins>
+ </plugin> -->
+
+ <plugin>
+ <groupId>org.codehaus.mojo</groupId>
+ <artifactId>properties-maven-plugin</artifactId>
+ <version>1.0-alpha-2</version>
+ <executions>
+ <execution>
+ <phase>initialize</phase>
+ <goals>
+ <goal>read-project-properties</goal>
+ </goals>
+ <configuration>
+ <files>
+ <file>${basedir}/../../../moa-id.properties</file>
+ </files>
+ </configuration>
+ </execution>
+ </executions>
+ </plugin>
+
<!--This plugin's configuration is used to store Eclipse m2e settings only. It has no influence on the Maven build itself.-->
<plugin>
<groupId>org.eclipse.m2e</groupId>
@@ -262,6 +290,5 @@
</configuration>
</plugin>
</plugins>
- </pluginManagement>
</build>
</project> \ No newline at end of file
diff --git a/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/db/dao/session/AuthenticatedSessionStore.java b/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/db/dao/session/AuthenticatedSessionStore.java
index 730a328ab..5cfb1bb92 100644
--- a/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/db/dao/session/AuthenticatedSessionStore.java
+++ b/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/db/dao/session/AuthenticatedSessionStore.java
@@ -30,6 +30,7 @@ import java.util.List;
import javax.persistence.CascadeType;
import javax.persistence.Column;
import javax.persistence.Entity;
+import javax.persistence.FetchType;
import javax.persistence.GeneratedValue;
import javax.persistence.GenerationType;
import javax.persistence.Id;
@@ -53,7 +54,13 @@ import org.hibernate.annotations.DynamicUpdate;
@NamedQuery(name="getSessionWithID", query = "select authenticatedsessionstore from AuthenticatedSessionStore authenticatedsessionstore where authenticatedsessionstore.sessionid = :sessionid"),
@NamedQuery(name="getSessionWithSSOID", query = "select authenticatedsessionstore from AuthenticatedSessionStore authenticatedsessionstore where authenticatedsessionstore.SSOsessionid = :sessionid"),
@NamedQuery(name="getSessionWithPendingRequestID", query = "select authenticatedsessionstore from AuthenticatedSessionStore authenticatedsessionstore where authenticatedsessionstore.pendingRequestID = :sessionid"),
- @NamedQuery(name="getMOAISessionsWithTimeOut", query = "select authenticatedsessionstore from AuthenticatedSessionStore authenticatedsessionstore where authenticatedsessionstore.created < :timeoutcreate or authenticatedsessionstore.updated < :timeoutupdate")
+ @NamedQuery(name="getMOAISessionsWithTimeOut", query = "select authenticatedsessionstore from AuthenticatedSessionStore authenticatedsessionstore where authenticatedsessionstore.created < :timeoutcreate or authenticatedsessionstore.updated < :timeoutupdate"),
+ @NamedQuery(name="getMOAISessionWithUserNameID", query = "select authenticatedsessionstore from AuthenticatedSessionStore authenticatedsessionstore join fetch authenticatedsessionstore.activeOAsessions activeOAsessions where activeOAsessions.userNameID = :usernameid and activeOAsessions.attributeQueryUsed is false"),
+ @NamedQuery(name="getActiveOAWithSessionIDandOAIDandProtocol", query = "select authenticatedsessionstore from AuthenticatedSessionStore authenticatedsessionstore join fetch authenticatedsessionstore.activeOAsessions activeOAsessions where activeOAsessions.oaurlprefix = :oaID and activeOAsessions.protocolType = :protocol and authenticatedsessionstore.sessionid = :sessionID"),
+ @NamedQuery(name="getMOASessionWithNameIDandOAID", query = "select authenticatedsessionstore from AuthenticatedSessionStore authenticatedsessionstore join fetch authenticatedsessionstore.activeOAsessions activeOAsessions where activeOAsessions.oaurlprefix = :oaID and activeOAsessions.userNameID = :nameID"),
+ @NamedQuery(name="getInterfederatedIDPForAttributeQueryWithSessionID", query = "select authenticatedsessionstore from AuthenticatedSessionStore authenticatedsessionstore join fetch authenticatedsessionstore.inderfederation inderfederations where inderfederations.attributesRequested is false and authenticatedsessionstore.sessionid = :sessionID"),
+ @NamedQuery(name="getInterfederatedIDPForSSOWithSessionID", query = "select authenticatedsessionstore from AuthenticatedSessionStore authenticatedsessionstore join fetch authenticatedsessionstore.inderfederation inderfederations where inderfederations.attributesRequested is true and authenticatedsessionstore.sessionid = :sessionID order by inderfederations.QAALevel DESC"),
+ @NamedQuery(name="getInterfederatedIDPForSSOWithSessionIDIDPID", query = "select authenticatedsessionstore from AuthenticatedSessionStore authenticatedsessionstore join fetch authenticatedsessionstore.inderfederation inderfederations where inderfederations.attributesRequested is true and authenticatedsessionstore.sessionid = :sessionID and inderfederations.idpurlprefix = :idpID")
})
public class AuthenticatedSessionStore implements Serializable{
@@ -82,6 +89,9 @@ public class AuthenticatedSessionStore implements Serializable{
@Column(name = "isSSOSession", nullable=false)
private boolean isSSOSession = false;
+
+ @Column(name = "isInterfederatedSSOSession", nullable=false)
+ private boolean isInterfederatedSSOSession = false;
@Column(name = "pendingRequestID", nullable=false)
private String pendingRequestID = "";
@@ -100,6 +110,9 @@ public class AuthenticatedSessionStore implements Serializable{
@OneToMany(mappedBy="moasession", cascade=CascadeType.ALL)
private List<OldSSOSessionIDStore> oldssosessionids = null;
+ @OneToMany(mappedBy="moasession", cascade=CascadeType.ALL, fetch=FetchType.EAGER)
+ private List<InterfederationSessionStore> inderfederation = null;
+
@PrePersist
protected void created() {
this.updated = this.created = new Date();
@@ -193,6 +206,20 @@ public class AuthenticatedSessionStore implements Serializable{
public void setOldssosessionids(List<OldSSOSessionIDStore> oldssosessionids) {
this.oldssosessionids = oldssosessionids;
}
+
+ /**
+ * @return the inderfederation
+ */
+ public List<InterfederationSessionStore> getInderfederation() {
+ return inderfederation;
+ }
+
+ /**
+ * @param inderfederation the inderfederation to set
+ */
+ public void setInderfederation(List<InterfederationSessionStore> inderfederation) {
+ this.inderfederation = inderfederation;
+ }
/**
* @return the pendingRequestID
@@ -221,8 +248,21 @@ public class AuthenticatedSessionStore implements Serializable{
public void setIv(byte[] iv) {
this.iv = iv;
}
+
+ /**
+ * @return the isInterfederatedSSOSession
+ */
+ public boolean isInterfederatedSSOSession() {
+ return isInterfederatedSSOSession;
+ }
+
+ /**
+ * @param isInterfederatedSSOSession the isInterfederatedSSOSession to set
+ */
+ public void setInterfederatedSSOSession(boolean isInterfederatedSSOSession) {
+ this.isInterfederatedSSOSession = isInterfederatedSSOSession;
+ }
-
}
diff --git a/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/db/dao/session/InterfederationSessionStore.java b/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/db/dao/session/InterfederationSessionStore.java
new file mode 100644
index 000000000..1fcdd9b9b
--- /dev/null
+++ b/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/db/dao/session/InterfederationSessionStore.java
@@ -0,0 +1,195 @@
+/*******************************************************************************
+ * Copyright 2014 Federal Chancellery Austria
+ * MOA-ID has been developed in a cooperation between BRZ, the Federal
+ * Chancellery Austria - ICT staff unit, and Graz University of Technology.
+ *
+ * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by
+ * the European Commission - subsequent versions of the EUPL (the "Licence");
+ * You may not use this work except in compliance with the Licence.
+ * You may obtain a copy of the Licence at:
+ * http://www.osor.eu/eupl/
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the Licence is distributed on an "AS IS" basis,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the Licence for the specific language governing permissions and
+ * limitations under the Licence.
+ *
+ * This product combines work with different licenses. See the "NOTICE" text
+ * file for details on the various modules and licenses.
+ * The "NOTICE" text file is part of the distribution. Any derivative works
+ * that you distribute must include a readable copy of the "NOTICE" text file.
+ *******************************************************************************/
+package at.gv.egovernment.moa.id.commons.db.dao.session;
+
+import java.io.Serializable;
+import java.util.Date;
+
+import javax.persistence.Column;
+import javax.persistence.Entity;
+import javax.persistence.FetchType;
+import javax.persistence.GeneratedValue;
+import javax.persistence.GenerationType;
+import javax.persistence.Id;
+import javax.persistence.JoinColumn;
+import javax.persistence.ManyToOne;
+import javax.persistence.Table;
+
+import org.hibernate.annotations.DynamicUpdate;
+
+@Entity
+@DynamicUpdate(value=true)
+@Table(name = "interfederation")
+
+public class InterfederationSessionStore implements Serializable{
+
+ private static final long serialVersionUID = 1L;
+
+ @Id
+ @GeneratedValue(strategy = GenerationType.IDENTITY)
+ @Column(name = "id", unique=true, nullable=false)
+ private long id;
+
+ @Column(name = "idpurlprefix", unique=false, nullable=false)
+ private String idpurlprefix;
+
+ @Column(name = "sessionIndex", unique=false, nullable=false)
+ private String sessionIndex;
+
+ @Column(name = "nameID", unique=false, nullable=false)
+ private String userNameID;
+
+ @Column(name = "QAALevel", unique=false, nullable=false)
+ private String QAALevel;
+
+ @Column(name = "attributesRequested", unique=false, nullable=true)
+ private boolean attributesRequested;
+
+ @Column(name = "created", updatable=false, nullable=false)
+// @Temporal(TemporalType.TIMESTAMP)
+ private Date created;
+
+// @PrePersist
+// protected void created() {
+// this.created = new Date();
+// }
+
+ @ManyToOne(fetch=FetchType.LAZY)
+ @JoinColumn(name = "moasession")
+ private AuthenticatedSessionStore moasession;
+
+ /**
+ * @return the id
+ */
+ public long getId() {
+ return id;
+ }
+
+ /**
+ * @param id the id to set
+ */
+ public void setId(long id) {
+ this.id = id;
+ }
+
+ /**
+ * @return the idpurlprefix
+ */
+ public String getIdpurlprefix() {
+ return idpurlprefix;
+ }
+
+ /**
+ * @param idpurlprefix the idpurlprefix to set
+ */
+ public void setIdpurlprefix(String idpurlprefix) {
+ this.idpurlprefix = idpurlprefix;
+ }
+
+ /**
+ * @return the sessionIndex
+ */
+ public String getSessionIndex() {
+ return sessionIndex;
+ }
+
+ /**
+ * @param sessionIndex the sessionIndex to set
+ */
+ public void setSessionIndex(String sessionIndex) {
+ this.sessionIndex = sessionIndex;
+ }
+
+ /**
+ * @return the userNameID
+ */
+ public String getUserNameID() {
+ return userNameID;
+ }
+
+ /**
+ * @param userNameID the userNameID to set
+ */
+ public void setUserNameID(String userNameID) {
+ this.userNameID = userNameID;
+ }
+
+ /**
+ * @return the attributesRequested
+ */
+ public boolean isAttributesRequested() {
+ return attributesRequested;
+ }
+
+ /**
+ * @param attributesRequested the attributesRequested to set
+ */
+ public void setAttributesRequested(boolean attributesRequested) {
+ this.attributesRequested = attributesRequested;
+ }
+
+ /**
+ * @return the created
+ */
+ public Date getCreated() {
+ return created;
+ }
+
+ /**
+ * @param created the created to set
+ */
+ public void setCreated(Date created) {
+ this.created = created;
+ }
+
+ /**
+ * @return the moasession
+ */
+ public AuthenticatedSessionStore getMoasession() {
+ return moasession;
+ }
+
+ /**
+ * @param moasession the moasession to set
+ */
+ public void setMoasession(AuthenticatedSessionStore moasession) {
+ this.moasession = moasession;
+ }
+
+ /**
+ * @return the qAALevel
+ */
+ public String getQAALevel() {
+ return QAALevel;
+ }
+
+ /**
+ * @param qAALevel the qAALevel to set
+ */
+ public void setQAALevel(String qAALevel) {
+ QAALevel = qAALevel;
+ }
+
+
+}
+
diff --git a/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/db/dao/session/OASessionStore.java b/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/db/dao/session/OASessionStore.java
index 6d1b64262..539de990f 100644
--- a/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/db/dao/session/OASessionStore.java
+++ b/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/db/dao/session/OASessionStore.java
@@ -56,6 +56,18 @@ public class OASessionStore implements Serializable{
@Column(name = "assertionSessionID", unique=false, nullable=true)
private String assertionSessionID;
+ @Column(name = "userNameID", unique=false, nullable=true)
+ private String userNameID;
+
+ @Column(name = "userNameIDFormat", unique=false, nullable=true)
+ private String userNameIDFormat;
+
+ @Column(name = "protocolType", unique=false, nullable=true)
+ private String protocolType;
+
+ @Column(name = "attributequeryused", unique=false, nullable=false)
+ private boolean attributeQueryUsed = false;
+
@Column(name = "created", updatable=false, nullable=false)
// @Temporal(TemporalType.TIMESTAMP)
private Date created;
@@ -115,6 +127,64 @@ public class OASessionStore implements Serializable{
this.assertionSessionID = assertionSessionID;
}
+ /**
+ * @return the userNameID
+ */
+ public String getUserNameID() {
+ return userNameID;
+ }
+
+ /**
+ * @param userNameID the userNameID to set
+ */
+ public void setUserNameID(String userNameID) {
+ this.userNameID = userNameID;
+ }
+
+ /**
+ * @return the protocolType
+ */
+ public String getProtocolType() {
+ return protocolType;
+ }
+
+ /**
+ * @param protocolType the protocolType to set
+ */
+ public void setProtocolType(String protocolType) {
+ this.protocolType = protocolType;
+ }
+
+ /**
+ * @return the attributeQueryUsed
+ */
+ public boolean isAttributeQueryUsed() {
+ return attributeQueryUsed;
+ }
+
+ /**
+ * @param attributeQueryUsed the attributeQueryUsed to set
+ */
+ public void setAttributeQueryUsed(boolean attributeQueryUsed) {
+ this.attributeQueryUsed = attributeQueryUsed;
+ }
+
+ /**
+ * @return the userNameIDFormat
+ */
+ public String getUserNameIDFormat() {
+ return userNameIDFormat;
+ }
+
+ /**
+ * @param userNameIDFormat the userNameIDFormat to set
+ */
+ public void setUserNameIDFormat(String userNameIDFormat) {
+ this.userNameIDFormat = userNameIDFormat;
+ }
+
+
+
}
diff --git a/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/db/dao/statistic/StatisticLog.java b/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/db/dao/statistic/StatisticLog.java
index 65c9003e3..b557d2dc9 100644
--- a/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/db/dao/statistic/StatisticLog.java
+++ b/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/db/dao/statistic/StatisticLog.java
@@ -78,6 +78,9 @@ public class StatisticLog implements Serializable{
@Column(name = "isSSOLogin", unique=false)
private boolean ssosession;
+ @Column(name = "isInterfederatedSSOLogin", unique=false)
+ private boolean interfederatedSSOSession;
+
@Column(name = "isBusinessService", unique=false)
private boolean businessservice;
@@ -390,6 +393,21 @@ public class StatisticLog implements Serializable{
public void setErrortype(String errortype) {
this.errortype = errortype;
}
+
+ /**
+ * @return the interfederatedSSOSession
+ */
+ public boolean isInterfederatedSSOSession() {
+ return interfederatedSSOSession;
+ }
+
+ /**
+ * @param interfederatedSSOSession the interfederatedSSOSession to set
+ */
+ public void setInterfederatedSSOSession(boolean interfederatedSSOSession) {
+ this.interfederatedSSOSession = interfederatedSSOSession;
+ }
+
diff --git a/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/ex/MOAHttpProtocolSocketFactoryException.java b/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/ex/MOAHttpProtocolSocketFactoryException.java
new file mode 100644
index 000000000..c6d8b1d79
--- /dev/null
+++ b/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/ex/MOAHttpProtocolSocketFactoryException.java
@@ -0,0 +1,42 @@
+/*
+ * Copyright 2014 Federal Chancellery Austria
+ * MOA-ID has been developed in a cooperation between BRZ, the Federal
+ * Chancellery Austria - ICT staff unit, and Graz University of Technology.
+ *
+ * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by
+ * the European Commission - subsequent versions of the EUPL (the "Licence");
+ * You may not use this work except in compliance with the Licence.
+ * You may obtain a copy of the Licence at:
+ * http://www.osor.eu/eupl/
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the Licence is distributed on an "AS IS" basis,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the Licence for the specific language governing permissions and
+ * limitations under the Licence.
+ *
+ * This product combines work with different licenses. See the "NOTICE" text
+ * file for details on the various modules and licenses.
+ * The "NOTICE" text file is part of the distribution. Any derivative works
+ * that you distribute must include a readable copy of the "NOTICE" text file.
+ */
+package at.gv.egovernment.moa.id.commons.ex;
+
+/**
+ * @author tlenz
+ *
+ */
+public class MOAHttpProtocolSocketFactoryException extends Exception {
+
+ private static final long serialVersionUID = 4934502074731319897L;
+
+
+ public MOAHttpProtocolSocketFactoryException(String message) {
+ super(message);
+ }
+
+ public MOAHttpProtocolSocketFactoryException(String message, Throwable e) {
+ super(message, e );
+ }
+
+}
diff --git a/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/utils/MOAHttpProtocolSocketFactory.java b/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/utils/MOAHttpProtocolSocketFactory.java
new file mode 100644
index 000000000..3b6fc34ea
--- /dev/null
+++ b/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/utils/MOAHttpProtocolSocketFactory.java
@@ -0,0 +1,129 @@
+/*
+ * Copyright 2014 Federal Chancellery Austria
+ * MOA-ID has been developed in a cooperation between BRZ, the Federal
+ * Chancellery Austria - ICT staff unit, and Graz University of Technology.
+ *
+ * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by
+ * the European Commission - subsequent versions of the EUPL (the "Licence");
+ * You may not use this work except in compliance with the Licence.
+ * You may obtain a copy of the Licence at:
+ * http://www.osor.eu/eupl/
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the Licence is distributed on an "AS IS" basis,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the Licence for the specific language governing permissions and
+ * limitations under the Licence.
+ *
+ * This product combines work with different licenses. See the "NOTICE" text
+ * file for details on the various modules and licenses.
+ * The "NOTICE" text file is part of the distribution. Any derivative works
+ * that you distribute must include a readable copy of the "NOTICE" text file.
+ */
+package at.gv.egovernment.moa.id.commons.utils;
+
+import iaik.pki.PKIException;
+
+import java.io.IOException;
+import java.net.InetAddress;
+import java.net.Socket;
+import java.net.UnknownHostException;
+import java.security.GeneralSecurityException;
+
+import javax.net.ssl.SSLContext;
+import javax.net.ssl.SSLSocketFactory;
+
+import org.apache.commons.httpclient.ConnectTimeoutException;
+import org.apache.commons.httpclient.params.HttpConnectionParams;
+import org.apache.commons.httpclient.protocol.SecureProtocolSocketFactory;
+
+import at.gv.egovernment.moa.id.commons.db.dao.config.ChainingModeType;
+import at.gv.egovernment.moa.id.commons.ex.MOAHttpProtocolSocketFactoryException;
+import at.gv.egovernment.moa.id.commons.utils.ssl.SSLConfigurationException;
+import at.gv.egovernment.moa.id.commons.utils.ssl.SSLUtils;
+
+/**
+ * @author tlenz
+ *
+ */
+public class MOAHttpProtocolSocketFactory implements SecureProtocolSocketFactory {
+
+
+
+ private SSLSocketFactory sslfactory = null;
+
+ public MOAHttpProtocolSocketFactory (
+ String url,
+ String certStoreRootDirParam,
+ String trustStoreURL,
+ String acceptedServerCertURL,
+ ChainingModeType chainingMode,
+ boolean checkRevocation
+ ) throws MOAHttpProtocolSocketFactoryException {
+ super();
+
+ try {
+ this.sslfactory = SSLUtils.getSSLSocketFactory(
+ url,
+ certStoreRootDirParam,
+ trustStoreURL,
+ acceptedServerCertURL,
+ chainingMode.value(),
+ checkRevocation,
+ null,
+ null,
+ null);
+
+ } catch (IOException e) {
+ throw new MOAHttpProtocolSocketFactoryException("Initialize SSL Context FAILED", e);
+
+ } catch (GeneralSecurityException e) {
+ throw new MOAHttpProtocolSocketFactoryException("Initialize SSL Context FAILED", e);
+
+ } catch (SSLConfigurationException e) {
+ throw new MOAHttpProtocolSocketFactoryException("SSL Configuration loading FAILED.", e);
+
+ } catch (PKIException e) {
+ throw new MOAHttpProtocolSocketFactoryException("Initialize SSL Context FAILED", e);
+
+ }
+
+ }
+
+ /* (non-Javadoc)
+ * @see org.apache.commons.httpclient.protocol.ProtocolSocketFactory#createSocket(java.lang.String, int, java.net.InetAddress, int)
+ */
+ public Socket createSocket(String host, int port, InetAddress localAddress,
+ int localPort) throws IOException, UnknownHostException {
+ return this.sslfactory.createSocket(host, port,
+ localAddress, localPort);
+ }
+
+ /* (non-Javadoc)
+ * @see org.apache.commons.httpclient.protocol.ProtocolSocketFactory#createSocket(java.lang.String, int, java.net.InetAddress, int, org.apache.commons.httpclient.params.HttpConnectionParams)
+ */
+ public Socket createSocket(String host, int port, InetAddress localAddress,
+ int localPort, HttpConnectionParams params) throws IOException,
+ UnknownHostException, ConnectTimeoutException {
+ return this.sslfactory.createSocket(host, port,
+ localAddress, localPort);
+ }
+
+ /* (non-Javadoc)
+ * @see org.apache.commons.httpclient.protocol.ProtocolSocketFactory#createSocket(java.lang.String, int)
+ */
+ public Socket createSocket(String host, int port) throws IOException,
+ UnknownHostException {
+ return this.sslfactory.createSocket(host, port);
+ }
+
+ /* (non-Javadoc)
+ * @see org.apache.commons.httpclient.protocol.SecureProtocolSocketFactory#createSocket(java.net.Socket, java.lang.String, int, boolean)
+ */
+ public Socket createSocket(Socket socket, String host, int port,
+ boolean autoClose) throws IOException, UnknownHostException {
+ return this.sslfactory.createSocket(socket, host,
+ port, autoClose);
+ }
+
+}
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/iaik/config/CertStoreConfigurationImpl.java b/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/utils/ssl/CertStoreConfigurationImpl.java
index b6fe20a61..00e750f58 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/iaik/config/CertStoreConfigurationImpl.java
+++ b/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/utils/ssl/CertStoreConfigurationImpl.java
@@ -44,11 +44,8 @@
*/
-package at.gv.egovernment.moa.id.iaik.config;
+package at.gv.egovernment.moa.id.commons.utils.ssl;
-import at.gv.egovernment.moa.id.config.ConfigurationException;
-import at.gv.egovernment.moa.id.config.ConfigurationProvider;
-import at.gv.egovernment.moa.id.iaik.servertools.observer.ObservableImpl;
import at.gv.egovernment.moa.logging.Logger;
import iaik.pki.store.certstore.CertStoreConfiguration;
import iaik.pki.store.certstore.CertStoreParameters;
@@ -69,10 +66,7 @@ public class CertStoreConfigurationImpl extends ObservableImpl
* identifies the rootDirectory
*/
private String rootDirectory;
- /**
- * ConfigurationProvider
- */
- private ConfigurationProvider conf;
+
/**
* Array for storing all CertStoreParameters
*/
@@ -85,13 +79,10 @@ public class CertStoreConfigurationImpl extends ObservableImpl
* @throws ConfigurationException an any config-error
* being read.
*/
- public CertStoreConfigurationImpl(ConfigurationProvider conf) throws ConfigurationException {
- this.conf = conf;
-
- String certStoreRootDirParam = conf.getCertstoreDirectory();
+ public CertStoreConfigurationImpl(String certStoreRootDirParam) throws SSLConfigurationException {
if (certStoreRootDirParam == null)
- throw new ConfigurationException(
+ throw new SSLConfigurationException(
"config.08", new Object[]{"CertStoreDirectory"});
//rootDirectory = FileUtils.makeAbsoluteURL(certStoreRootDirParam, conf.getRootConfigFileDir());
@@ -105,13 +96,13 @@ public class CertStoreConfigurationImpl extends ObservableImpl
if (!f.exists()) {
Logger.error("File does not exists: " + f.getAbsolutePath());
- throw new ConfigurationException(
+ throw new SSLConfigurationException(
"config.05", new Object[]{"CertStoreDirectory"});
}
if (!f.isDirectory()) {
Logger.error("File is not a directory: " + f.getAbsolutePath());
- throw new ConfigurationException(
+ throw new SSLConfigurationException(
"config.05", new Object[]{"CertStoreDirectory"});
}
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/iaik/pki/jsse/MOAIDTrustManager.java b/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/utils/ssl/MOAIDTrustManager.java
index 202be882e..eaef3f1d4 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/iaik/pki/jsse/MOAIDTrustManager.java
+++ b/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/utils/ssl/MOAIDTrustManager.java
@@ -44,7 +44,7 @@
*/
-package at.gv.egovernment.moa.id.iaik.pki.jsse;
+package at.gv.egovernment.moa.id.commons.utils.ssl;
import java.io.File;
import java.io.FileInputStream;
@@ -56,7 +56,6 @@ import java.security.cert.X509Certificate;
import java.util.ArrayList;
import java.util.List;
-import at.gv.egovernment.moa.id.util.MOAIDMessageProvider;
import at.gv.egovernment.moa.logging.Logger;
import at.gv.egovernment.moa.logging.LoggingContext;
import at.gv.egovernment.moa.logging.LoggingContextManager;
@@ -150,7 +149,7 @@ public class MOAIDTrustManager extends IAIKX509TrustManager {
if (serverCert.equals(acceptedServerCert))
return true;
}
- Logger.warn(MOAIDMessageProvider.getInstance().getMessage("ssl.01", null));
+ Logger.warn("SSL certificate validation FAILED.");
return false;
}
}
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/iaik/servertools/observer/ObservableImpl.java b/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/utils/ssl/ObservableImpl.java
index 16184502d..fa9cd879d 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/iaik/servertools/observer/ObservableImpl.java
+++ b/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/utils/ssl/ObservableImpl.java
@@ -44,7 +44,7 @@
*/
-package at.gv.egovernment.moa.id.iaik.servertools.observer;
+package at.gv.egovernment.moa.id.commons.utils.ssl;
import iaik.pki.store.observer.NotificationData;
import iaik.pki.store.observer.Observable;
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/iaik/config/PKIConfigurationImpl.java b/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/utils/ssl/PKIConfigurationImpl.java
index 064d8a835..5d8c7a54e 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/iaik/config/PKIConfigurationImpl.java
+++ b/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/utils/ssl/PKIConfigurationImpl.java
@@ -44,10 +44,8 @@
*/
-package at.gv.egovernment.moa.id.iaik.config;
+package at.gv.egovernment.moa.id.commons.utils.ssl;
-import at.gv.egovernment.moa.id.config.ConfigurationException;
-import at.gv.egovernment.moa.id.config.ConfigurationProvider;
import iaik.pki.PKIConfiguration;
import iaik.pki.pathvalidation.ValidationConfiguration;
import iaik.pki.revocation.RevocationConfiguration;
@@ -74,11 +72,11 @@ public class PKIConfigurationImpl implements PKIConfiguration {
* @param conf the Configuration for the PKIConfig
* @throws ConfigurationException for any config error
*/
- public PKIConfigurationImpl(ConfigurationProvider conf) throws ConfigurationException {
+ public PKIConfigurationImpl(String certStoreRootDirParam, String chainingMode) throws SSLConfigurationException {
- certStoreConfiguration = new CertStoreConfigurationImpl(conf);
+ certStoreConfiguration = new CertStoreConfigurationImpl(certStoreRootDirParam);
revocationConfiguration = new RevocationConfigurationImpl();
- validationConfiguration = new ValidationConfigurationImpl(conf);
+ validationConfiguration = new ValidationConfigurationImpl(chainingMode);
}
/**
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/iaik/pki/PKIProfileImpl.java b/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/utils/ssl/PKIProfileImpl.java
index 8afba2a12..59994a257 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/iaik/pki/PKIProfileImpl.java
+++ b/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/utils/ssl/PKIProfileImpl.java
@@ -44,7 +44,7 @@
*/
-package at.gv.egovernment.moa.id.iaik.pki;
+package at.gv.egovernment.moa.id.commons.utils.ssl;
import java.security.cert.X509Certificate;
import java.util.Collections;
@@ -57,8 +57,6 @@ import iaik.pki.revocation.RevocationSourceTypes;
import iaik.pki.store.truststore.TrustStoreProfile;
import iaik.pki.store.truststore.TrustStoreTypes;
-import at.gv.egovernment.moa.id.iaik.servertools.observer.ObservableImpl;
-
/**
* Implementation of the <code>PKIProfile</code> interface and subinterfaces
* providing information needed for certificate path validation.
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/iaik/config/RevocationConfigurationImpl.java b/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/utils/ssl/RevocationConfigurationImpl.java
index 2c24161f6..b5e0543db 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/iaik/config/RevocationConfigurationImpl.java
+++ b/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/utils/ssl/RevocationConfigurationImpl.java
@@ -44,7 +44,7 @@
*/
-package at.gv.egovernment.moa.id.iaik.config;
+package at.gv.egovernment.moa.id.commons.utils.ssl;
import iaik.pki.revocation.RevocationConfiguration;
@@ -53,8 +53,6 @@ import java.util.Collections;
import java.util.Date;
import java.util.Set;
-import at.gv.egovernment.moa.id.iaik.servertools.observer.ObservableImpl;
-
/**
* Implementation of interface needed to initialize an IAIK JSSE <code>TrustManager</code>
* @author Paul Ivancsics
diff --git a/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/utils/ssl/SSLConfigurationException.java b/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/utils/ssl/SSLConfigurationException.java
new file mode 100644
index 000000000..b1334ad67
--- /dev/null
+++ b/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/utils/ssl/SSLConfigurationException.java
@@ -0,0 +1,71 @@
+/*
+ * Copyright 2014 Federal Chancellery Austria
+ * MOA-ID has been developed in a cooperation between BRZ, the Federal
+ * Chancellery Austria - ICT staff unit, and Graz University of Technology.
+ *
+ * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by
+ * the European Commission - subsequent versions of the EUPL (the "Licence");
+ * You may not use this work except in compliance with the Licence.
+ * You may obtain a copy of the Licence at:
+ * http://www.osor.eu/eupl/
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the Licence is distributed on an "AS IS" basis,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the Licence for the specific language governing permissions and
+ * limitations under the Licence.
+ *
+ * This product combines work with different licenses. See the "NOTICE" text
+ * file for details on the various modules and licenses.
+ * The "NOTICE" text file is part of the distribution. Any derivative works
+ * that you distribute must include a readable copy of the "NOTICE" text file.
+ */
+package at.gv.egovernment.moa.id.commons.utils.ssl;
+
+/**
+ * @author tlenz
+ *
+ */
+public class SSLConfigurationException extends Exception {
+
+ private static final long serialVersionUID = -3705679559648920151L;
+
+ private String errorID = null;
+ private Object[] parameters = null;
+ private Throwable e = null;
+
+ public SSLConfigurationException(String errorID, Object[] parameters) {
+ this.errorID = errorID;
+ this.parameters = parameters;
+ }
+
+ public SSLConfigurationException(String errorID, Object[] parameters, Throwable e) {
+ this.errorID = errorID;
+ this.parameters = parameters;
+ this.e = e;
+ }
+
+ /**
+ * @return the errorID
+ */
+ public String getErrorID() {
+ return errorID;
+ }
+
+ /**
+ * @return the parameters
+ */
+ public Object[] getParameters() {
+ return parameters;
+ }
+
+ /**
+ * @return the e
+ */
+ public Throwable getE() {
+ return e;
+ }
+
+
+
+}
diff --git a/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/utils/ssl/SSLUtils.java b/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/utils/ssl/SSLUtils.java
new file mode 100644
index 000000000..68437a04d
--- /dev/null
+++ b/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/utils/ssl/SSLUtils.java
@@ -0,0 +1,186 @@
+/*******************************************************************************
+ * Copyright 2014 Federal Chancellery Austria
+ * MOA-ID has been developed in a cooperation between BRZ, the Federal
+ * Chancellery Austria - ICT staff unit, and Graz University of Technology.
+ *
+ * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by
+ * the European Commission - subsequent versions of the EUPL (the "Licence");
+ * You may not use this work except in compliance with the Licence.
+ * You may obtain a copy of the Licence at:
+ * http://www.osor.eu/eupl/
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the Licence is distributed on an "AS IS" basis,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the Licence for the specific language governing permissions and
+ * limitations under the Licence.
+ *
+ * This product combines work with different licenses. See the "NOTICE" text
+ * file for details on the various modules and licenses.
+ * The "NOTICE" text file is part of the distribution. Any derivative works
+ * that you distribute must include a readable copy of the "NOTICE" text file.
+ ******************************************************************************/
+/*
+ * Copyright 2003 Federal Chancellery Austria
+ * MOA-ID has been developed in a cooperation between BRZ, the Federal
+ * Chancellery Austria - ICT staff unit, and Graz University of Technology.
+ *
+ * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by
+ * the European Commission - subsequent versions of the EUPL (the "Licence");
+ * You may not use this work except in compliance with the Licence.
+ * You may obtain a copy of the Licence at:
+ * http://www.osor.eu/eupl/
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the Licence is distributed on an "AS IS" basis,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the Licence for the specific language governing permissions and
+ * limitations under the Licence.
+ *
+ * This product combines work with different licenses. See the "NOTICE" text
+ * file for details on the various modules and licenses.
+ * The "NOTICE" text file is part of the distribution. Any derivative works
+ * that you distribute must include a readable copy of the "NOTICE" text file.
+ */
+
+
+package at.gv.egovernment.moa.id.commons.utils.ssl;
+
+import iaik.pki.PKIConfiguration;
+import iaik.pki.PKIException;
+import iaik.pki.PKIFactory;
+import iaik.pki.PKIProfile;
+import iaik.pki.jsse.IAIKX509TrustManager;
+import iaik.security.provider.IAIK;
+
+import java.io.IOException;
+import java.security.GeneralSecurityException;
+import java.security.Security;
+import java.util.HashMap;
+import java.util.Map;
+
+import javax.net.ssl.KeyManager;
+import javax.net.ssl.SSLContext;
+import javax.net.ssl.SSLSocketFactory;
+import javax.net.ssl.TrustManager;
+
+import at.gv.egovernment.moa.logging.Logger;
+
+
+/**
+ * Utility for a obtaining a secure socket factory using <code>IAIKX509TrustManager</code>.
+ * This <code>TrustManager</code> implementation features CRL checking.<br/>
+ * <code>SSLUtils</code> caches secure socket factories for given <code>ConnectionParameter</code>s.
+ *
+ * @author Paul Ivancsics
+ * @version $Id$
+ */
+public class SSLUtils {
+
+ /** SSLSocketFactory store, mapping URL->SSLSocketFactory **/
+ private static Map<String, SSLSocketFactory> sslSocketFactories = new HashMap<String, SSLSocketFactory>();
+
+ /**
+ * Initializes the SSLSocketFactory store.
+ */
+ public static void initialize() {
+ sslSocketFactories = new HashMap<String, SSLSocketFactory>();
+ // JSSE Abhängigkeit
+ //Security.addProvider(new com.sun.net.ssl.internal.ssl.Provider());
+ Security.addProvider(new IAIK());
+ //System.setProperty("java.protocol.handler.pkgs", "com.sun.net.ssl.internal.www.protocol");
+
+
+ }
+
+ /**
+ * Creates an <code>SSLSocketFactory</code> which utilizes an
+ * <code>IAIKX509TrustManager</code> for the given trust store,
+ * and the given key store.
+ *
+ * @param conf configuration provider providing a generic properties pointing
+ * to trusted CA store and certificate store root
+ * @param connParam connection parameter containing the client key store settings
+ * to be used in case of client authentication;
+ * if <code>connParam.getClientKeyStore() == null</code>, client authentication
+ * is assumed to be disabled
+ * @return <code>SSLSocketFactory</code> to be used by an <code>HttpsURLConnection</code>
+ * @throws IOException thrown while reading key store file
+ * @throws GeneralSecurityException thrown while creating the socket factory
+ * @throws ConfigurationException on invalid configuration data
+ * @throws PKIException while initializing the <code>IAIKX509TrustManager</code>
+ */
+ public static SSLSocketFactory getSSLSocketFactory(
+ String url,
+ String certStoreRootDirParam,
+ String trustStoreURL,
+ String acceptedServerCertURL,
+ String chainingMode,
+ boolean checkRevocation,
+ String clientKeyStoreURL,
+ String clientKeyStorePassword,
+ String clientKeyStoreType
+ )
+ throws IOException, GeneralSecurityException, SSLConfigurationException, PKIException {
+
+ Logger.debug("Get SSLSocketFactory for " + url);
+ // retrieve SSLSocketFactory if already created
+ SSLSocketFactory ssf = (SSLSocketFactory)sslSocketFactories.get(url);
+ if (ssf != null)
+ return ssf;
+
+ TrustManager[] tms = getTrustManagers(
+ certStoreRootDirParam,
+ chainingMode,
+ trustStoreURL,
+ acceptedServerCertURL,
+ checkRevocation);
+
+ KeyManager[] kms = at.gv.egovernment.moa.util.SSLUtils.getKeyManagers(
+ clientKeyStoreType, clientKeyStoreURL, clientKeyStorePassword);
+ SSLContext ctx = SSLContext.getInstance("TLS");
+ ctx.init(kms, tms, null);
+ ssf = ctx.getSocketFactory();
+ // store SSLSocketFactory
+ sslSocketFactories.put(url, ssf);
+ return ssf;
+ }
+
+ public static void removeSSLSocketFactory(String url) {
+ Logger.info("Remove SSLSocketFactory for URL " + url);
+ if (sslSocketFactories.containsKey(url))
+ sslSocketFactories.remove(url);
+
+ }
+
+ /**
+ * Initializes an <code>IAIKX509TrustManager</code> for a given trust store,
+ * using configuration data.
+ *
+ * @param conf MOA-ID configuration provider
+ * @param trustStoreURL trust store URL
+ * @param acceptedServerCertURL file URL pointing to directory containing accepted server SSL certificates
+ * @return <code>TrustManager</code> array containing the <code>IAIKX509TrustManager</code>
+ * @throws ConfigurationException on invalid configuration data
+ * @throws IOException on data-reading problems
+ * @throws PKIException while initializing the <code>IAIKX509TrustManager</code>
+ */
+ private static TrustManager[] getTrustManagers(String certStoreRootDirParam,
+ String chainingMode, String trustStoreURL, String acceptedServerCertURL,
+ boolean checkRevocation)
+ throws SSLConfigurationException, PKIException, IOException, GeneralSecurityException {
+
+ PKIConfiguration cfg = null;
+ if (! PKIFactory.getInstance().isAlreadyConfigured())
+ cfg = new PKIConfigurationImpl(certStoreRootDirParam, chainingMode);
+ PKIProfile profile = new PKIProfileImpl(trustStoreURL, checkRevocation);
+ // This call fixes a bug occuring when PKIConfiguration is
+ // initialized by the MOA-SP initialization code, in case
+ // MOA-SP is called by API
+ MOAIDTrustManager.initializeLoggingContext();
+ IAIKX509TrustManager tm = new MOAIDTrustManager(acceptedServerCertURL);
+ tm.init(cfg, profile);
+ return new TrustManager[] {tm};
+ }
+
+}
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/iaik/config/ValidationConfigurationImpl.java b/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/utils/ssl/ValidationConfigurationImpl.java
index d230eef26..275aed4c4 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/iaik/config/ValidationConfigurationImpl.java
+++ b/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/utils/ssl/ValidationConfigurationImpl.java
@@ -44,15 +44,13 @@
*/
-package at.gv.egovernment.moa.id.iaik.config;
+package at.gv.egovernment.moa.id.commons.utils.ssl;
import iaik.pki.pathvalidation.ValidationConfiguration;
import java.security.cert.X509Certificate;
import java.security.spec.AlgorithmParameterSpec;
-import at.gv.egovernment.moa.id.config.ConfigurationProvider;
-import at.gv.egovernment.moa.id.iaik.servertools.observer.ObservableImpl;
/**
* Implementation of interface needed to initialize an IAIK JSSE <code>TrustManager</code>
@@ -62,21 +60,23 @@ import at.gv.egovernment.moa.id.iaik.servertools.observer.ObservableImpl;
public class ValidationConfigurationImpl extends ObservableImpl
implements ValidationConfiguration {
/** The ConfigurationProvider for the validation*/
- private ConfigurationProvider conf;
+ private String chainingMode;
/**
* Constructor
* @param conf with the configuration
*/
- public ValidationConfigurationImpl(ConfigurationProvider conf) {
- this.conf = conf;
+ public ValidationConfigurationImpl(String chainingMode) {
+ this.chainingMode = chainingMode;
}
/**
* @see iaik.pki.pathvalidation.ValidationConfiguration#getChainingMode(java.security.cert.X509Certificate)
*/
public String getChainingMode(X509Certificate trustAnchor) {
- String chainingMode = conf.getChainingMode(trustAnchor);
+
+ //INFO: MOA-ID 2.x always use defaultChainingMode
+
return chainingMode;
}
diff --git a/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/validation/TargetValidator.java b/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/validation/TargetValidator.java
new file mode 100644
index 000000000..2ad50568a
--- /dev/null
+++ b/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/validation/TargetValidator.java
@@ -0,0 +1,104 @@
+/*******************************************************************************
+ * Copyright 2014 Federal Chancellery Austria
+ * MOA-ID has been developed in a cooperation between BRZ, the Federal
+ * Chancellery Austria - ICT staff unit, and Graz University of Technology.
+ *
+ * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by
+ * the European Commission - subsequent versions of the EUPL (the "Licence");
+ * You may not use this work except in compliance with the Licence.
+ * You may obtain a copy of the Licence at:
+ * http://www.osor.eu/eupl/
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the Licence is distributed on an "AS IS" basis,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the Licence for the specific language governing permissions and
+ * limitations under the Licence.
+ *
+ * This product combines work with different licenses. See the "NOTICE" text
+ * file for details on the various modules and licenses.
+ * The "NOTICE" text file is part of the distribution. Any derivative works
+ * that you distribute must include a readable copy of the "NOTICE" text file.
+ *******************************************************************************/
+package at.gv.egovernment.moa.id.commons.validation;
+
+import java.util.ArrayList;
+import java.util.Collections;
+import java.util.HashMap;
+import java.util.List;
+import java.util.Map;
+
+import at.gv.egovernment.moa.util.MiscUtil;
+
+
+public class TargetValidator {
+
+ private static Map<String, String> targetList = null;
+
+ static {
+ targetList = new HashMap<String, String>();
+ targetList.put("AR", "Arbeit");
+ targetList.put("AS", "Amtliche Statistik");
+ targetList.put("BF", "Bildung und Forschung");
+ targetList.put("BW", "Bauen und Wohnen");
+ targetList.put("EA", "EU und Auswärtige Angelegenheiten");
+ targetList.put("EF", "Ein- und Ausfuhr");
+ targetList.put("GH", "Gesundheit");
+ targetList.put("GS", "Gesellschaft und Soziales");
+// targetList.put("GS-RE", "Restitution");
+ targetList.put("JR", "Justiz/Zivilrechtswesen");
+ targetList.put("KL", "Kultus");
+ targetList.put("KU", "Kunst und Kultur");
+ targetList.put("LF", "Land- und Forstwirtschaft");
+ targetList.put("LV", "Landesverteidigung");
+ targetList.put("RT", "Rundfunk und sonstige Medien sowie Telekommunikation");
+ targetList.put("SA", "Steuern und Abgaben");
+ targetList.put("SA", "Sport und Freizeit");
+ targetList.put("SO", "Sicherheit und Ordnung");
+// targetList.put("SO-VR", "Vereinsregister");
+// targetList.put("SR-RG", "Strafregister");
+ targetList.put("SV", "Sozialversicherung");
+ targetList.put("UW", "Umwelt");
+ targetList.put("VT", "Verkehr und Technik");
+ targetList.put("VV", "Vermögensverwaltung");
+ targetList.put("WT", "Wirtschaft");
+ targetList.put("ZP", "Personenidentität und Bürgerrechte(zur Person)");
+ targetList.put("BR", "Bereichsübergreifender Rechtsschutz");
+ targetList.put("HR", "Zentrales Rechnungswesen");
+ targetList.put("KI", "Auftraggeberinterne allgemeine Kanzleiindizes");
+ targetList.put("OI", "Öffentlichkeitsarbeit");
+ targetList.put("PV", "Personalverwaltung");
+ targetList.put("RD", "Zentraler Rechtsdienst");
+ targetList.put("VS", "Zentrale Durchführung von Verwaltungsstrafverfahren");
+// targetList.put("VS-RG", "Zentrales Verwaltungsstrafregister");
+ targetList.put("ZU", "Zustellungen");
+ }
+
+ public static List<String> getListOfTargets() {
+ Map<String, String> list = new HashMap<String, String>();
+ list.put("", "");
+ list.putAll(targetList);
+
+ List<String> sortedList = new ArrayList<String>();
+ sortedList.addAll(list.keySet());
+ Collections.sort(sortedList);
+
+ return sortedList;
+
+ }
+
+ public static String getTargetFriendlyName(String target) {
+ String name = targetList.get(target);
+
+ if (MiscUtil.isNotEmpty(name))
+ return name;
+ else
+ return null;
+ }
+
+ public static boolean isValidTarget(String target) {
+ return targetList.containsKey(target);
+ }
+
+
+}
diff --git a/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/validation/ValidationHelper.java b/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/validation/ValidationHelper.java
new file mode 100644
index 000000000..be6d7d01e
--- /dev/null
+++ b/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/validation/ValidationHelper.java
@@ -0,0 +1,387 @@
+/*******************************************************************************
+ * Copyright 2014 Federal Chancellery Austria
+ * MOA-ID has been developed in a cooperation between BRZ, the Federal
+ * Chancellery Austria - ICT staff unit, and Graz University of Technology.
+ *
+ * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by
+ * the European Commission - subsequent versions of the EUPL (the "Licence");
+ * You may not use this work except in compliance with the Licence.
+ * You may obtain a copy of the Licence at:
+ * http://www.osor.eu/eupl/
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the Licence is distributed on an "AS IS" basis,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the Licence for the specific language governing permissions and
+ * limitations under the Licence.
+ *
+ * This product combines work with different licenses. See the "NOTICE" text
+ * file for details on the various modules and licenses.
+ * The "NOTICE" text file is part of the distribution. Any derivative works
+ * that you distribute must include a readable copy of the "NOTICE" text file.
+ *******************************************************************************/
+package at.gv.egovernment.moa.id.commons.validation;
+
+import iaik.asn1.ObjectID;
+import iaik.utils.Util;
+import iaik.x509.X509Certificate;
+import iaik.x509.X509ExtensionInitException;
+
+import java.io.IOException;
+import java.net.MalformedURLException;
+import java.net.URL;
+import java.net.UnknownHostException;
+import java.security.cert.Certificate;
+import java.security.cert.CertificateEncodingException;
+import java.security.cert.CertificateException;
+import java.text.ParseException;
+import java.text.SimpleDateFormat;
+import java.util.regex.Matcher;
+import java.util.regex.Pattern;
+
+import javax.net.ssl.HttpsURLConnection;
+import javax.net.ssl.SSLSession;
+import javax.net.ssl.SSLSocket;
+import javax.net.ssl.SSLSocketFactory;
+
+import org.apache.log4j.Logger;
+
+
+public class ValidationHelper {
+
+ public static final String PUBLICSERVICE_URL_POSTFIX = ".gv.at";
+
+ private static final Logger log = Logger.getLogger(ValidationHelper.class);
+ private static final String TEMPLATE_DATEFORMAT = "dd.MM.yyyy";
+
+
+
+ public static boolean isPublicServiceAllowed(String identifier) {
+
+ SSLSocket socket = null;
+
+ try {
+ URL url = new URL(identifier);
+ String host = url.getHost();
+
+ if (host.endsWith("/"))
+ host = host.substring(0, host.length()-1);
+
+ if (url.getHost().endsWith(PUBLICSERVICE_URL_POSTFIX)) {
+ log.debug("PublicURLPrefix with .gv.at Domain found.");
+ return true;
+
+ } else {
+ SSLSocketFactory factory = HttpsURLConnection.getDefaultSSLSocketFactory();
+ socket = (SSLSocket) factory.createSocket(url.getHost(), url.getPort());
+ socket.startHandshake();
+
+ SSLSession session = socket.getSession();
+ Certificate[] servercerts = session.getPeerCertificates();
+ X509Certificate[] iaikChain = new X509Certificate[servercerts.length];
+ for (int i=0; i<servercerts.length; i++) {
+ iaikChain[i] = new X509Certificate(servercerts[i].getEncoded());
+ }
+
+
+ X509Certificate cert = Util.arrangeCertificateChain(iaikChain, false)[0];
+
+ if (cert != null) {
+ ObjectID vwOID = new ObjectID("1.2.40.0.10.1.1.1"); // Verwaltungseigenschaft
+ ObjectID dOID = new ObjectID("1.2.40.0.10.1.1.2"); // Dienstleistereigenschaft
+
+
+ if ((cert.getExtension(vwOID) == null) && (cert.getExtension(dOID) == null)) {
+ return false;
+
+ } else {
+ log.info("Found correct X509 Extension in server certificate. PublicService is allowed");
+ return true;
+ }
+ }
+
+ return false;
+ }
+
+ } catch (MalformedURLException e) {
+ log.warn("PublicURLPrefix can not parsed to URL", e);
+ return false;
+
+ } catch (UnknownHostException e) {
+ log.warn("Can not connect to PublicURLPrefix Server", e);
+ return false;
+
+ } catch (IOException e) {
+ log.warn("Can not connect to PublicURLPrefix Server", e);
+ return false;
+
+ } catch (CertificateEncodingException e) {
+ log.warn("Can not parse X509 server certificate", e);
+ return false;
+
+ } catch (CertificateException e) {
+ log.warn("Can not read X509 server certificate", e);
+ return false;
+
+ } catch (X509ExtensionInitException e) {
+ log.warn("Can not read X509 server certificate extension", e);
+ return false;
+ }
+
+ finally {
+ if (socket != null)
+ try {
+ socket.close();
+ } catch (IOException e) {
+ log.warn("SSL Socket can not be closed.", e);
+ }
+ }
+ }
+
+ public static boolean validateOAID(String oaIDObj) {
+ if (oaIDObj != null) {
+ try {
+
+ long oaID = Long.valueOf(oaIDObj);
+
+ if (oaID > 0 && oaID < Long.MAX_VALUE)
+ return true;
+
+ } catch (Throwable t) {
+ log.warn("No valid DataBase OAID received! " + oaIDObj);
+ }
+ }
+ return false;
+ }
+
+ public static boolean validateNumber(String value) {
+
+ log.debug("Validate Number " + value);
+
+ try {
+ Float.valueOf(value);
+
+ return true;
+
+ } catch (NumberFormatException e) {
+ return false;
+ }
+
+
+ }
+
+ public static boolean validatePhoneNumber(String value) {
+ log.debug ("Validate PhoneNumber " + value);
+
+ /* ************************************************************************************************
+ * Legende:
+ * ======== AA = post/pre-Text
+ * BB = (+49)
+ * CC = Vorwahl
+ * DD = Durchwahl
+ * EE = Nebenstelle
+ * Pattern p = Pattern.compile("^ [a-zA-Z .,;:/\\-]* [ ]* [(]{0,1}[ ]*[+]{0,1}[ ]*[0-9]{0,2}[ ]*[)]{0,1} [ ]* [0-9]*[ ]* [0-9][ ]* [0-9]* [ ]* [a-zA-Z .,;:\\/-]* $");
+ * ------- AA ------- --------------------- BB --------------------- --------- CC -------- - DD - - EE - ------- AA -------
+ * ************************************************************************************************ */
+ Pattern pattern = Pattern.compile("^[a-zA-Z .,;:/\\-]*[ ]*[(]{0,1}[ ]*[+]{0,1}[ ]*[0-9]{0,2}[ ]*[)]{0,1}[ ]*[0-9]*[ ]*[0-9]*[ ]*[0-9]*[ ]*[a-zA-Z .,;:\\/-]*$");
+ Matcher matcher = pattern.matcher(value);
+ boolean b = matcher.matches();
+ if (b) {
+ log.debug("Parameter PhoneNumber erfolgreich ueberprueft");
+ return true;
+ }
+ else {
+ log.error("Fehler Ueberpruefung Parameter PhoneNumber. PhoneNumber entspricht nicht den Kriterien ^ [a-zA-Z .,;:/\\-]* [ ]* [(]{0,1}[ ]*[+]{0,1}[ ]*[0-9]{0,2}[ ]*[)]{0,1} [ ]* [0-9]*[ ]*[/\\-]{0,1} [ ]*[ ]* [0-9]* [ ]* [a-zA-Z .,;:\\/-]* $");
+ return false;
+ }
+
+
+ }
+
+ public static boolean validateURL(String urlString) {
+
+ log.debug("Validate URL " + urlString);
+
+ if (urlString.startsWith("http") || urlString.startsWith("https")) {
+ try {
+ new URL(urlString);
+ return true;
+
+ } catch (MalformedURLException e) {
+ }
+ }
+
+ return false;
+ }
+
+// public static boolean validateGeneralURL(String urlString) {
+//
+// log.debug("Validate URL " + urlString);
+//
+// try {
+// new URL(urlString);
+// return true;
+//
+// } catch (MalformedURLException e) {
+//
+// }
+//
+// return false;
+// }
+
+ public static boolean isValidAdminTarget(String target) {
+
+ log.debug("Ueberpruefe Parameter Target");
+
+ Pattern pattern = Pattern.compile("[a-zA-Z-]{1,5}");
+ Matcher matcher = pattern.matcher(target);
+ boolean b = matcher.matches();
+ if (b) {
+ log.debug("Parameter SSO-Target erfolgreich ueberprueft. SSO Target is PublicService.");
+ return true;
+ }
+ else {
+ log.info("Parameter SSO-Target entspricht nicht den Kriterien " +
+ "(nur Zeichen a-z, A-Z und -, sowie 1-5 Zeichen lang) fuer den oeffentlichen Bereich. " +
+ "Valiere SSO-Target fuer privatwirtschaftliche Bereiche.");
+ return false;
+ }
+ }
+
+ public static boolean isValidTarget(String target) {
+
+ log.debug("Ueberpruefe Parameter Target");
+
+ if (TargetValidator.isValidTarget(target)) {
+ log.debug("Parameter Target erfolgreich ueberprueft");
+ return true;
+ }
+ else {
+ log.error("Fehler Ueberpruefung Parameter Target. Target entspricht nicht den Kriterien (nur Zeichen a-z, A-Z und -, sowie 1-5 Zeichen lang)");
+ return false;
+ }
+
+ }
+
+ public static boolean isValidSourceID(String sourceID) {
+
+ log.debug("Ueberpruefe Parameter sourceID");
+
+ Pattern pattern = Pattern.compile("[\\w-_]{1,20}");
+ Matcher matcher = pattern.matcher(sourceID);
+ boolean b = matcher.matches();
+ if (b) {
+ log.debug("Parameter sourceID erfolgreich ueberprueft");
+ return true;
+ }
+ else {
+ log.error("Fehler Ueberpruefung Parameter sourceID. SourceID entspricht nicht den Kriterien (nur Zeichen a-z, A-Z, - und _, sowie 1-20 Zeichen lang)");
+ return false;
+ }
+ }
+
+ public static boolean isDateFormat(String dateString) {
+ if (dateString.length() > TEMPLATE_DATEFORMAT.length())
+ return false;
+
+ SimpleDateFormat sdf = new SimpleDateFormat(TEMPLATE_DATEFORMAT);
+ try {
+ sdf.parse(dateString);
+ return true;
+
+ } catch (ParseException e) {
+ return false;
+ }
+ }
+
+ public static boolean isEmailAddressFormat(String address) {
+ if (address == null) {
+ return false;
+ }
+ return Pattern.compile("^[a-zA-Z0-9._%+-]+@[a-zA-Z0-9.-]+\\.[a-zA-Z]{2,6}$").matcher(address).matches();
+ }
+
+ public static boolean isValidOAIdentifier(String param) {
+ if (param == null) {
+ return false;
+ }
+ return param.indexOf(";") != -1 ||
+ param.indexOf("%") != -1 ||
+ param.indexOf("\"") != -1 ||
+ param.indexOf("'") != -1 ||
+ param.indexOf("?") != -1 ||
+ param.indexOf("`") != -1 ||
+ param.indexOf(",") != -1 ||
+ param.indexOf("<") != -1 ||
+ param.indexOf(">") != -1 ||
+ param.indexOf("\\") != -1;
+
+ }
+
+ public static String getNotValidOAIdentifierCharacters() {
+
+ return "; % \" ' ` , < > \\";
+ }
+
+ public static boolean containsPotentialCSSCharacter(String param, boolean commaallowed) {
+
+ if (param == null) {
+ return false;
+ }
+ return param.indexOf(";") != -1 ||
+ param.indexOf("%") != -1 ||
+ param.indexOf("\"") != -1 ||
+ param.indexOf("'") != -1 ||
+ param.indexOf("?") != -1 ||
+ param.indexOf("`") != -1 ||
+ ( param.indexOf(",") != -1 && !commaallowed ) ||
+ param.indexOf("<") != -1 ||
+ param.indexOf(">") != -1 ||
+ param.indexOf("\\") != -1 ||
+ param.indexOf("/") != -1;
+ }
+
+ public static String getPotentialCSSCharacter(boolean commaallowed) {
+
+ if (commaallowed)
+ return "; % \" ' ` < > \\ /";
+ else
+ return "; % \" ' ` , < > \\ /";
+ }
+
+ public static boolean isNotValidIdentityLinkSigner(String param) {
+ if (param == null) {
+ return false;
+ }
+ return param.indexOf(";") != -1 ||
+ param.indexOf("%") != -1 ||
+ param.indexOf("\"") != -1 ||
+ param.indexOf("'") != -1 ||
+ param.indexOf("?") != -1 ||
+ param.indexOf("`") != -1 ||
+ param.indexOf("<") != -1 ||
+ param.indexOf(">") != -1;
+
+ }
+
+ public static String getNotValidIdentityLinkSignerCharacters() {
+
+ return "; % \" ' ` < >";
+ }
+
+ public static boolean isValidHexValue(String param) {
+
+ try {
+ if (param.startsWith("#") && param.length() <= 7) {
+ Long.decode(param);
+ return true;
+ }
+
+ } catch (Exception e) {
+
+ }
+ return false;
+
+ }
+
+}
diff --git a/id/server/moa-id-commons/src/main/java/org/apache/commons/httpclient/MOAHttpClient.java b/id/server/moa-id-commons/src/main/java/org/apache/commons/httpclient/MOAHttpClient.java
new file mode 100644
index 000000000..e4aa6a284
--- /dev/null
+++ b/id/server/moa-id-commons/src/main/java/org/apache/commons/httpclient/MOAHttpClient.java
@@ -0,0 +1,100 @@
+/*
+ * Copyright 2014 Federal Chancellery Austria
+ * MOA-ID has been developed in a cooperation between BRZ, the Federal
+ * Chancellery Austria - ICT staff unit, and Graz University of Technology.
+ *
+ * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by
+ * the European Commission - subsequent versions of the EUPL (the "Licence");
+ * You may not use this work except in compliance with the Licence.
+ * You may obtain a copy of the Licence at:
+ * http://www.osor.eu/eupl/
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the Licence is distributed on an "AS IS" basis,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the Licence for the specific language governing permissions and
+ * limitations under the Licence.
+ *
+ * This product combines work with different licenses. See the "NOTICE" text
+ * file for details on the various modules and licenses.
+ * The "NOTICE" text file is part of the distribution. Any derivative works
+ * that you distribute must include a readable copy of the "NOTICE" text file.
+ */
+package org.apache.commons.httpclient;
+
+import java.io.IOException;
+import java.net.MalformedURLException;
+import java.net.URL;
+
+import org.apache.commons.httpclient.HostConfiguration;
+import org.apache.commons.httpclient.HttpClient;
+import org.apache.commons.httpclient.HttpException;
+import org.apache.commons.httpclient.HttpMethod;
+import org.apache.commons.httpclient.HttpMethodDirector;
+import org.apache.commons.httpclient.HttpState;
+import org.apache.commons.httpclient.URI;
+import org.apache.commons.httpclient.protocol.Protocol;
+import org.apache.commons.httpclient.protocol.SecureProtocolSocketFactory;
+
+import at.gv.egovernment.moa.id.commons.ex.MOAHttpProtocolSocketFactoryException;
+
+/**
+ * @author tlenz
+ *
+ *HTTP client which can be used with MOA SSL TrustStore implementation
+ *
+ */
+public class MOAHttpClient extends HttpClient {
+
+
+ public void setCustomSSLTrustStore(String metadataURL, SecureProtocolSocketFactory protoSocketFactory) throws MOAHttpProtocolSocketFactoryException, MalformedURLException {
+ ;
+
+ URL url = new URL(metadataURL);
+ int port = -1;
+ if (url.getPort() < 0)
+ port = url.getDefaultPort();
+ else
+ port = url.getPort();
+
+ Protocol authhttps = new Protocol("https", protoSocketFactory, port);
+ getHostConfiguration().setHost(url.getHost(), port, authhttps);
+
+ }
+
+ public int executeMethod(HostConfiguration hostconfig,
+ final HttpMethod method, final HttpState state)
+ throws IOException, HttpException {
+
+ if (method == null) {
+ throw new IllegalArgumentException("HttpMethod parameter may not be null");
+ }
+ HostConfiguration defaulthostconfig = getHostConfiguration();
+ if (hostconfig == null) {
+ hostconfig = defaulthostconfig;
+ }
+ URI uri = method.getURI();
+ if (hostconfig == defaulthostconfig || uri.isAbsoluteURI()) {
+ // make a deep copy of the host defaults
+ hostconfig = (HostConfiguration) hostconfig.clone();
+
+ /**
+ * Only build default host with default protocol if protocol is empty
+ *
+ * In case of https, the methode setCustomSSLTrustStore can be used to set a
+ * the MOA TrustStore for SSL connection validation
+ */
+ if (uri.isAbsoluteURI() && hostconfig.getProtocol() == null) {
+ hostconfig.setHost(uri);
+ }
+ }
+
+ HttpMethodDirector methodDirector = new HttpMethodDirector(
+ getHttpConnectionManager(),
+ hostconfig,
+ getParams(),
+ (state == null ? getState() : state));
+ methodDirector.executeMethod(method);
+ return method.getStatusCode();
+ }
+}
diff --git a/id/server/moa-id-commons/src/main/resources/config/bindings.xjb b/id/server/moa-id-commons/src/main/resources/config/bindings.xjb
index f2701bec4..cf04319c8 100644
--- a/id/server/moa-id-commons/src/main/resources/config/bindings.xjb
+++ b/id/server/moa-id-commons/src/main/resources/config/bindings.xjb
@@ -1,7 +1,8 @@
-<jaxb:bindings version="1.0"
+<jaxb:bindings version="2.1"
xmlns:jaxb="http://java.sun.com/xml/ns/jaxb"
xmlns:xsd="http://www.w3.org/2001/XMLSchema"
- xmlns:xjc="http://java.sun.com/xml/ns/jaxb/xjc">
+ xmlns:xjc="http://java.sun.com/xml/ns/jaxb/xjc"
+ jaxb:extensionBindingPrefixes="hj">
<jaxb:bindings schemaLocation="moaid_config_2.0.xsd" node="/xsd:schema">
<jaxb:globalBindings localScoping="toplevel">
diff --git a/id/server/moa-id-commons/src/main/resources/config/moaid_config_2.0.xsd b/id/server/moa-id-commons/src/main/resources/config/moaid_config_2.0.xsd
index d7f48e51a..3a2914cb4 100644
--- a/id/server/moa-id-commons/src/main/resources/config/moaid_config_2.0.xsd
+++ b/id/server/moa-id-commons/src/main/resources/config/moaid_config_2.0.xsd
@@ -1,6 +1,6 @@
<?xml version="1.0" encoding="UTF-8"?>
<!-- Mit XMLSpy v2013 sp1 (http://www.altova.com) von Thomas Lenz (Graz University of Technology IAIK) bearbeitet -->
-<xsd:schema xmlns="http://www.buergerkarte.at/namespaces/moaconfig#" xmlns:xsd="http://www.w3.org/2001/XMLSchema" targetNamespace="http://www.buergerkarte.at/namespaces/moaconfig#" elementFormDefault="qualified" attributeFormDefault="unqualified" version="2.0.0">
+<xsd:schema xmlns="http://www.buergerkarte.at/namespaces/moaconfig#" xmlns:xsd="http://www.w3.org/2001/XMLSchema" xmlns:jaxb="http://java.sun.com/xml/ns/jaxb" xmlns:hj="http://hyperjaxb3.jvnet.org/ejb/schemas/customizations" xmlns:xjc="http://java.sun.com/xml/ns/jaxb/xjc" targetNamespace="http://www.buergerkarte.at/namespaces/moaconfig#" elementFormDefault="qualified" attributeFormDefault="unqualified" version="2.0.0" jaxb:extensionBindingPrefixes="xjc hj" jaxb:version="2.0">
<xsd:complexType name="OnlineApplication">
<xsd:complexContent>
<xsd:extension base="OnlineApplicationType">
@@ -481,10 +481,27 @@
</xsd:element>
</xsd:sequence>
</xsd:complexType>
+ <xsd:complexType name="InterfederationIDPType">
+ <xsd:sequence>
+ <xsd:element name="attributeQueryURL" type="xsd:string" minOccurs="0" maxOccurs="1"/>
+ <xsd:element name="storeSSOSession" type="xsd:boolean" minOccurs="1" maxOccurs="1" default="true"/>
+ </xsd:sequence>
+ <xsd:attribute name="inboundSSO" type="xsd:boolean" default="true"/>
+ <xsd:attribute name="outboundSSO" type="xsd:boolean" default="true"/>
+ </xsd:complexType>
<xsd:complexType name="OnlineApplicationType">
<xsd:sequence>
+ <xsd:element name="isNew" type="xsd:boolean" default="false" minOccurs="0" maxOccurs="1">
+ <xsd:annotation>
+ <xsd:appinfo>
+ <hj:ignored/>
+ </xsd:appinfo>
+ </xsd:annotation>
+ </xsd:element>
<xsd:element name="isActive" type="xsd:boolean" default="false" minOccurs="1" maxOccurs="1"/>
<xsd:element name="isAdminRequired" type="xsd:boolean" default="false" minOccurs="0" maxOccurs="1"/>
+ <xsd:element name="isInterfederationIDP" type="xsd:boolean" default="false" minOccurs="0" maxOccurs="1"/>
+ <xsd:element name="InterfederationIDP" type="InterfederationIDPType" minOccurs="0" maxOccurs="1"/>
<xsd:element name="AuthComponent_OA" minOccurs="0">
<xsd:annotation>
<xsd:documentation>enthält Parameter über die OA, die die
@@ -842,6 +859,7 @@
<xsd:sequence>
<xsd:element name="metadataURL" type="xsd:anyURI" minOccurs="1" maxOccurs="1"/>
<xsd:element name="certificate" type="xsd:base64Binary" minOccurs="1" maxOccurs="1"/>
+ <xsd:element name="updateRequired" type="xsd:dateTime" minOccurs="1" maxOccurs="1"/>
</xsd:sequence>
</xsd:complexType>
</xsd:element>
@@ -884,17 +902,12 @@
<xsd:element name="OA_STORK">
<xsd:complexType>
<xsd:sequence>
- <xsd:element name="StorkLogonEnabled" type="xsd:boolean"
- default="true" />
- <xsd:element ref="Qaa" minOccurs="0" maxOccurs="1" />
- <xsd:element ref="OAAttributes" minOccurs="0"
- maxOccurs="unbounded" />
- <xsd:element name="VidpEnabled" type="xsd:boolean"
- default="false" />
- <xsd:element ref="AttributeProviders" minOccurs="0"
- maxOccurs="unbounded" />
- <xsd:element name="requireConsent" type="xsd:boolean"
- default="true" />
+ <xsd:element name="StorkLogonEnabled" type="xsd:boolean" default="true"/>
+ <xsd:element ref="Qaa" minOccurs="0" maxOccurs="1"/>
+ <xsd:element ref="OAAttributes" minOccurs="0" maxOccurs="unbounded"/>
+ <xsd:element name="VidpEnabled" type="xsd:boolean" default="false"/>
+ <xsd:element ref="AttributeProviders" minOccurs="0" maxOccurs="unbounded"/>
+ <xsd:element name="requireConsent" type="xsd:boolean" default="true"/>
<xsd:element ref="C-PEPS" maxOccurs="unbounded"/>
</xsd:sequence>
</xsd:complexType>
@@ -942,6 +955,20 @@
<xsd:element name="isPVP2Generated" type="xsd:boolean" minOccurs="0" maxOccurs="1"/>
<xsd:element name="lastLogin" type="xsd:string" minOccurs="1" maxOccurs="1"/>
<xsd:element name="OnlineApplication" type="OnlineApplication" minOccurs="0" maxOccurs="unbounded"/>
+ <xsd:element name="onlyBusinessService" type="xsd:boolean" default="false" minOccurs="1" maxOccurs="1">
+ <xsd:annotation>
+ <xsd:appinfo>
+ <hj:ignored/>
+ </xsd:appinfo>
+ </xsd:annotation>
+ </xsd:element>
+ <xsd:element name="businessServiceType" type="xsd:string" minOccurs="0" maxOccurs="1">
+ <xsd:annotation>
+ <xsd:appinfo>
+ <hj:ignored/>
+ </xsd:appinfo>
+ </xsd:annotation>
+ </xsd:element>
</xsd:sequence>
</xsd:complexType>
<xsd:complexType name="BKUSelectionCustomizationType">
diff --git a/id/server/pom.xml b/id/server/pom.xml
index d748c01eb..cd2f82e84 100644
--- a/id/server/pom.xml
+++ b/id/server/pom.xml
@@ -4,7 +4,7 @@
<parent>
<groupId>MOA</groupId>
<artifactId>id</artifactId>
- <version>2.0.1</version>
+ <version>2.x</version>
</parent>
<modelVersion>4.0.0</modelVersion>
@@ -26,4 +26,27 @@
<repositoryPath>${basedir}/../../repository</repositoryPath>
</properties>
+ <build>
+ <plugins>
+ <plugin>
+ <groupId>org.codehaus.mojo</groupId>
+ <artifactId>properties-maven-plugin</artifactId>
+ <version>1.0-alpha-2</version>
+ <executions>
+ <execution>
+ <phase>initialize</phase>
+ <goals>
+ <goal>read-project-properties</goal>
+ </goals>
+ <configuration>
+ <files>
+ <file>${basedir}/../../moa-id.properties</file>
+ </files>
+ </configuration>
+ </execution>
+ </executions>
+ </plugin>
+ </plugins>
+ </build>
+
</project>
diff --git a/id/server/proxy/pom.xml b/id/server/proxy/pom.xml
index e47b31144..dbae5ca30 100644
--- a/id/server/proxy/pom.xml
+++ b/id/server/proxy/pom.xml
@@ -2,7 +2,7 @@
<parent>
<groupId>MOA.id</groupId>
<artifactId>moa-id</artifactId>
- <version>2.0.1</version>
+ <version>2.x</version>
</parent>
<properties>
@@ -26,6 +26,25 @@
<build>
<plugins>
+ <plugin>
+ <groupId>org.codehaus.mojo</groupId>
+ <artifactId>properties-maven-plugin</artifactId>
+ <version>1.0-alpha-2</version>
+ <executions>
+ <execution>
+ <phase>initialize</phase>
+ <goals>
+ <goal>read-project-properties</goal>
+ </goals>
+ <configuration>
+ <files>
+ <file>${basedir}/../../../moa-id.properties</file>
+ </files>
+ </configuration>
+ </execution>
+ </executions>
+ </plugin>
+
<plugin>
<groupId>org.apache.maven.plugins</groupId>
<artifactId>maven-war-plugin</artifactId>
diff --git a/id/server/stork2-commons/pom.xml b/id/server/stork2-commons/pom.xml
index c1dd27924..e74f702a8 100644
--- a/id/server/stork2-commons/pom.xml
+++ b/id/server/stork2-commons/pom.xml
@@ -3,7 +3,7 @@
<parent>
<groupId>MOA.id</groupId>
<artifactId>moa-id</artifactId>
- <version>2.0.1</version>
+ <version>2.x</version>
</parent>
<modelVersion>4.0.0</modelVersion>
<groupId>eu.stork</groupId>
@@ -145,6 +145,27 @@
</plugins>
</pluginManagement>
<plugins>
+
+
+ <plugin>
+ <groupId>org.codehaus.mojo</groupId>
+ <artifactId>properties-maven-plugin</artifactId>
+ <version>1.0-alpha-2</version>
+ <executions>
+ <execution>
+ <phase>initialize</phase>
+ <goals>
+ <goal>read-project-properties</goal>
+ </goals>
+ <configuration>
+ <files>
+ <file>${basedir}/../../../moa-id.properties</file>
+ </files>
+ </configuration>
+ </execution>
+ </executions>
+ </plugin>
+
<plugin>
<groupId>org.apache.maven.plugins</groupId>
<artifactId>maven-javadoc-plugin</artifactId>
diff --git a/id/server/stork2-saml-engine/pom.xml b/id/server/stork2-saml-engine/pom.xml
index 015697c5c..5a6621f12 100644
--- a/id/server/stork2-saml-engine/pom.xml
+++ b/id/server/stork2-saml-engine/pom.xml
@@ -3,7 +3,7 @@
<parent>
<groupId>MOA.id</groupId>
<artifactId>moa-id</artifactId>
- <version>2.0.1</version>
+ <version>2.x</version>
</parent>
<modelVersion>4.0.0</modelVersion>
@@ -49,6 +49,12 @@
<groupId>eu.stork</groupId>
<artifactId>Commons</artifactId>
<version>${commons.version}</version>
+ <exclusions>
+ <exclusion>
+ <groupId>org.bouncycastle</groupId>
+ <artifactId>bcprov-jdk16</artifactId>
+ </exclusion>
+ </exclusions>
</dependency>
<dependency>
@@ -84,21 +90,21 @@
<artifactId>slf4j-api</artifactId>
<version>1.7.6</version>
</dependency>
- <dependency>
+<!-- <dependency>
<groupId>org.slf4j</groupId>
<artifactId>slf4j-simple</artifactId>
<version>1.7.6</version>
- </dependency>
+ </dependency> -->
<dependency>
<groupId>org.slf4j</groupId>
<artifactId>jcl-over-slf4j</artifactId>
<version>1.7.6</version>
</dependency>
- <dependency>
+<!-- <dependency>
<groupId>org.slf4j</groupId>
<artifactId>log4j-over-slf4j</artifactId>
<version>1.7.6</version>
- </dependency>
+ </dependency> -->
<dependency>
<groupId>org.slf4j</groupId>
<artifactId>jul-to-slf4j</artifactId>
@@ -145,9 +151,30 @@
<skip>true</skip>
</configuration>
</plugin>
+
</plugins>
</pluginManagement>
<plugins>
+
+ <plugin>
+ <groupId>org.codehaus.mojo</groupId>
+ <artifactId>properties-maven-plugin</artifactId>
+ <version>1.0-alpha-2</version>
+ <executions>
+ <execution>
+ <phase>initialize</phase>
+ <goals>
+ <goal>read-project-properties</goal>
+ </goals>
+ <configuration>
+ <files>
+ <file>${basedir}/../../../moa-id.properties</file>
+ </files>
+ </configuration>
+ </execution>
+ </executions>
+ </plugin>
+
<plugin>
<groupId>org.apache.maven.plugins</groupId>
<artifactId>maven-source-plugin</artifactId>
diff --git a/id/server/stork2-saml-engine/src/main/java/eu/stork/peps/auth/engine/core/impl/SignP12.java b/id/server/stork2-saml-engine/src/main/java/eu/stork/peps/auth/engine/core/impl/SignP12.java
index 6d9ac9ce3..06e80dc14 100644
--- a/id/server/stork2-saml-engine/src/main/java/eu/stork/peps/auth/engine/core/impl/SignP12.java
+++ b/id/server/stork2-saml-engine/src/main/java/eu/stork/peps/auth/engine/core/impl/SignP12.java
@@ -41,7 +41,6 @@ import eu.stork.peps.auth.engine.X509PrincipalUtil;
import org.apache.commons.io.IOUtils;
import org.apache.commons.lang.NotImplementedException;
import org.bouncycastle.jce.X509Principal;
-import org.bouncycastle.jce.provider.BouncyCastleProvider;
import org.opensaml.Configuration;
import org.opensaml.common.SAMLObject;
import org.opensaml.common.SignableSAMLObject;
@@ -518,23 +517,23 @@ public final class SignP12 implements SAMLEngineSignI {
FileInputStream fisTrustStore = null;
try {
- // Dynamically register Bouncy Castle provider.
- boolean found = false;
- // Check if BouncyCastle is already registered as a provider
- final Provider[] providers = Security.getProviders();
- for (int i = 0; i < providers.length; i++) {
- if (providers[i].getName().equals(
- BouncyCastleProvider.PROVIDER_NAME)) {
- found = true;
- }
- }
-
- // Register only if the provider has not been previously registered
- if (!found) {
- LOG.debug("SAMLCore: Register Bouncy Castle provider.");
- Security.insertProviderAt(new BouncyCastleProvider(), Security
- .getProviders().length);
- }
+// // Dynamically register Bouncy Castle provider.
+// boolean found = false;
+// // Check if BouncyCastle is already registered as a provider
+// final Provider[] providers = Security.getProviders();
+// for (int i = 0; i < providers.length; i++) {
+// if (providers[i].getName().equals(
+// BouncyCastleProvider.PROVIDER_NAME)) {
+// found = true;
+// }
+// }
+//
+// // Register only if the provider has not been previously registered
+// if (!found) {
+// LOG.debug("SAMLCore: Register Bouncy Castle provider.");
+// Security.insertProviderAt(new BouncyCastleProvider(), Security
+// .getProviders().length);
+// }
p12Store = KeyStore.getInstance(properties
.getProperty("keystoreType"));
diff --git a/id/server/stork2-saml-engine/src/main/java/eu/stork/peps/auth/engine/core/impl/SignSW.java b/id/server/stork2-saml-engine/src/main/java/eu/stork/peps/auth/engine/core/impl/SignSW.java
index e31688069..39be750cd 100644
--- a/id/server/stork2-saml-engine/src/main/java/eu/stork/peps/auth/engine/core/impl/SignSW.java
+++ b/id/server/stork2-saml-engine/src/main/java/eu/stork/peps/auth/engine/core/impl/SignSW.java
@@ -22,7 +22,7 @@ import eu.stork.peps.exceptions.SAMLEngineException;
import org.apache.commons.io.IOUtils;
import org.apache.commons.lang.NotImplementedException;
import org.bouncycastle.jce.X509Principal;
-import org.bouncycastle.jce.provider.BouncyCastleProvider;
+//import org.bouncycastle.jce.provider.BouncyCastleProvider;
import org.opensaml.Configuration;
import org.opensaml.common.SAMLObject;
import org.opensaml.common.SignableSAMLObject;
@@ -488,23 +488,23 @@ public class SignSW implements SAMLEngineSignI {
LOG.info("Load Cryptographic Service Provider");
FileInputStream fis = null;
try {
- // Dynamically register Bouncy Castle provider.
- boolean found = false;
- // Check if BouncyCastle is already registered as a provider
- final Provider[] providers = Security.getProviders();
- for (int i = 0; i < providers.length; i++) {
- if (providers[i].getName().equals(
- BouncyCastleProvider.PROVIDER_NAME)) {
- found = true;
- }
- }
-
- // Register only if the provider has not been previously registered
- if (!found) {
- LOG.info("SAMLCore: Register Bouncy Castle provider.");
- Security.insertProviderAt(new BouncyCastleProvider(), Security
- .getProviders().length);
- }
+// // Dynamically register Bouncy Castle provider.
+// boolean found = false;
+// // Check if BouncyCastle is already registered as a provider
+// final Provider[] providers = Security.getProviders();
+// for (int i = 0; i < providers.length; i++) {
+// if (providers[i].getName().equals(
+// BouncyCastleProvider.PROVIDER_NAME)) {
+// found = true;
+// }
+// }
+//
+// // Register only if the provider has not been previously registered
+// if (!found) {
+// LOG.info("SAMLCore: Register Bouncy Castle provider.");
+// Security.insertProviderAt(new BouncyCastleProvider(), Security
+// .getProviders().length);
+// }
storkOwnKeyStore = KeyStore.getInstance(properties
.getProperty(KEYSTORE_TYPE));