summaryrefslogtreecommitdiff
path: root/id/server
diff options
context:
space:
mode:
Diffstat (limited to 'id/server')
-rw-r--r--id/server/auth/src/main/webapp/BKAuswahl-MOA-Template-Howto.pdfbin175414 -> 175412 bytes
-rw-r--r--id/server/auth/src/main/webapp/WEB-INF/web.xml14
-rw-r--r--id/server/auth/src/main/webapp/css/index.css14
-rw-r--r--id/server/auth/src/main/webapp/iframeHandyBKU.html5
-rw-r--r--id/server/auth/src/main/webapp/index.html57
-rw-r--r--id/server/data/deploy/conf/moa-id/SampleMOAIDConfiguration.xml88
-rw-r--r--id/server/data/deploy/conf/moa-id/SampleMOAIDConfigurationProxy.xml86
-rw-r--r--id/server/data/deploy/conf/moa-id/SampleMOAIDConfiguration_withTestBKs.xml82
-rw-r--r--id/server/data/deploy/conf/moa-id/SampleMOAIDConfiguration_withTestBKsProxy.xml90
-rw-r--r--id/server/data/deploy/conf/moa-id/SampleMOAWIDConfiguration.xml63
-rw-r--r--id/server/data/deploy/conf/moa-id/SampleMOAWIDConfigurationProxy.xml53
-rw-r--r--id/server/data/deploy/conf/moa-id/SampleMOAWIDConfiguration_withTestBKs.xml53
-rw-r--r--id/server/data/deploy/conf/moa-id/SampleMOAWIDConfiguration_withTestBKsProxy.xml58
-rw-r--r--id/server/data/deploy/conf/moa-id/transforms/TransformsInfoAuthBlockTable_DE.xml272
-rw-r--r--id/server/data/deploy/conf/moa-id/transforms/TransformsInfoAuthBlockTable_EN.xml270
-rw-r--r--id/server/data/deploy/conf/moa-spss/profiles/MOAIDTransformAuthBlockTable_DE.xml274
-rw-r--r--id/server/data/deploy/conf/moa-spss/profiles/MOAIDTransformAuthBlockTable_EN.xml272
-rw-r--r--id/server/doc/MOA-ID-Configuration-1.5.0.xsd15
-rw-r--r--id/server/doc/moa_id/id-admin.htm7
-rw-r--r--id/server/doc/moa_id/id-admin_1.htm5
-rw-r--r--id/server/doc/moa_id/id-admin_2.htm29
-rw-r--r--id/server/doc/moa_id/id-anwendung_1.htm12
-rw-r--r--id/server/doc/moa_id/moa.htm8
-rw-r--r--id/server/idserverlib/pom.xml7
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/AuthenticationServer.java240
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/MOAIDAuthConstants.java2
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/GetIdentityLinkFormBuilder.java67
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/VerifyXMLSignatureRequestBuilder.java79
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/data/AuthenticationSession.java45
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/GetForeignIDServlet.java9
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/GetMISSessionIDServlet.java174
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/ProcessValidatorInputServlet.java4
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/StartAuthenticationServlet.java18
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/VerifyAuthenticationBlockServlet.java2
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/VerifyCertificateServlet.java214
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/VerifyIdentityLinkServlet.java37
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/validator/parep/ParepUtils.java9
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/validator/parep/ParepValidator.java6
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/ConfigurationBuilder.java32
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/auth/AuthConfigurationProvider.java15
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/auth/OAAuthParameter.java21
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/proxy/servlet/ProxyServlet.java12
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/util/ParamValidatorUtils.java3
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/util/ServletUtils.java3
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/util/client/mis/simple/MISMandate.java48
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/util/client/mis/simple/MISSessionId.java22
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/util/client/mis/simple/MISSimpleClient.java261
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/util/client/mis/simple/MISSimpleClientException.java22
-rw-r--r--id/server/idserverlib/src/main/resources/resources/properties/id_messages_de.properties4
-rw-r--r--id/server/idserverlib/src/test/java/test/abnahme/A/Test100StartAuthentication.java16
-rw-r--r--id/server/idserverlib/src/test/java/test/abnahme/AbnahmeTestCase.java1
-rw-r--r--id/server/idserverlib/src/test/java/test/abnahme/P/Test100LoginParameterResolver.java251
-rw-r--r--id/server/idserverlib/src/test/java/test/at/gv/egovernment/moa/id/auth/AuthenticationServerTest.java2
53 files changed, 2201 insertions, 1252 deletions
diff --git a/id/server/auth/src/main/webapp/BKAuswahl-MOA-Template-Howto.pdf b/id/server/auth/src/main/webapp/BKAuswahl-MOA-Template-Howto.pdf
index b68d247cb..bb0e11a80 100644
--- a/id/server/auth/src/main/webapp/BKAuswahl-MOA-Template-Howto.pdf
+++ b/id/server/auth/src/main/webapp/BKAuswahl-MOA-Template-Howto.pdf
Binary files differ
diff --git a/id/server/auth/src/main/webapp/WEB-INF/web.xml b/id/server/auth/src/main/webapp/WEB-INF/web.xml
index e1261b819..ef75dff24 100644
--- a/id/server/auth/src/main/webapp/WEB-INF/web.xml
+++ b/id/server/auth/src/main/webapp/WEB-INF/web.xml
@@ -29,6 +29,13 @@
<servlet-class>at.gv.egovernment.moa.id.auth.servlet.VerifyCertificateServlet</servlet-class>
</servlet>
<servlet>
+ <servlet-name>GetMISSessionID</servlet-name>
+ <display-name>GetMISSessionID</display-name>
+ <description>Get the MIS session ID coming from security layer</description>
+ <servlet-class>at.gv.egovernment.moa.id.auth.servlet.GetMISSessionIDServlet</servlet-class>
+ </servlet>
+
+ <servlet>
<servlet-name>GetForeignID</servlet-name>
<display-name>GetForeignID</display-name>
<description>Gets the foreign eID from security layer</description>
@@ -88,11 +95,14 @@
<servlet-name>VerifyIdentityLink</servlet-name>
<url-pattern>/VerifyIdentityLink</url-pattern>
</servlet-mapping>
- <servlet-mapping>
+ <servlet-mapping>
<servlet-name>VerifyCertificate</servlet-name>
<url-pattern>/VerifyCertificate</url-pattern>
</servlet-mapping>
-
+ <servlet-mapping>
+ <servlet-name>GetMISSessionID</servlet-name>
+ <url-pattern>/GetMISSessionID</url-pattern>
+ </servlet-mapping>
<servlet-mapping>
<servlet-name>GetForeignID</servlet-name>
<url-pattern>/GetForeignID</url-pattern>
diff --git a/id/server/auth/src/main/webapp/css/index.css b/id/server/auth/src/main/webapp/css/index.css
index 39b715a6e..28fea78e3 100644
--- a/id/server/auth/src/main/webapp/css/index.css
+++ b/id/server/auth/src/main/webapp/css/index.css
@@ -94,7 +94,7 @@ h2#tabheader, h2#contentheader {
#bkulogin {
overflow:hidden;
- width:220px;
+ width:220px;
}
#bkukarte {
@@ -212,18 +212,6 @@ p {
vertical-align: middle;
}
-.infobutton {
- background-color: #005a00;
- color: white;
- font-family: serif;
- text-decoration: none;
- padding-top: 2px;
- padding-right: 4px;
- padding-bottom: 2px;
- padding-left: 4px;
- font-weight: bold;
-}
-
/* [OPTIONAL] Geben Sie hier die Farbe fuer den hellen Hintergrund an */
.hell {
background-color : #DDDDDD;
diff --git a/id/server/auth/src/main/webapp/iframeHandyBKU.html b/id/server/auth/src/main/webapp/iframeHandyBKU.html
index 06639c7e5..4661eea70 100644
--- a/id/server/auth/src/main/webapp/iframeHandyBKU.html
+++ b/id/server/auth/src/main/webapp/iframeHandyBKU.html
@@ -28,9 +28,6 @@
i = url.indexOf(follower);
url = url.substring(0, i-1);
}
-
-
- // alert (name + ": " + url);
return url;
@@ -42,7 +39,7 @@
<form method="POST" name="moaidform">
<input type="hidden" name="Template">
- <input type="hidden" name="bkuURI" value="https://www.a-trust.at/mobile/https-security-layer-request/default.aspx">
+ <input type="hidden" name="bkuURI" value="https://www.handy-signatur.at/mobile/https-security-layer-request/default.aspx">
<input type="hidden" name="useMandate">
</form>
diff --git a/id/server/auth/src/main/webapp/index.html b/id/server/auth/src/main/webapp/index.html
index 0e12035e9..51bcc7156 100644
--- a/id/server/auth/src/main/webapp/index.html
+++ b/id/server/auth/src/main/webapp/index.html
@@ -12,25 +12,30 @@
// [MUSS] Geben Sie hier die URL zum Aufruf von MOA-ID an
// z.B.: https://yoururl.at/moa-id-auth/StartAuthentication?Target=IT&OA=https://youronlineapplication.at
- var MOA_ID_STARTAUTHENTICATION = "[MOA_ID_STARTAUTHENTICATION]";
+ // var MOA_ID_STARTAUTHENTICATION = "[MOA_ID_STARTAUTHENTICATION]";
+ var MOA_ID_STARTAUTHENTICATION = "https://localhost:8443/moa-id-auth/StartAuthentication?Target=sss&OA=https://localhost:8443/TestMOAID_OA/LoginServletExample";
// [MUSS] Geben Sie hier die URL zum MOA-ID Template fuer die lokale BKU an
// z.B.: https://yoururl.at/moa-id-auth/template_localBKU.html
- var URL_TO_LOKALBKU_TEMPLATE = "[URL_TO_LOKALBKU_TEMPLATE]";
+ //var URL_TO_LOKALBKU_TEMPLATE = "[URL_TO_LOKALBKU_TEMPLATE]";
+ var URL_TO_LOKALBKU_TEMPLATE = "https://localhost:8443/moa-id-auth/template_localBKU.html";
// [MUSS] Geben Sie hier die URL zum MOA-ID Template fuer die Online BKU an
// z.B.: "https://yoururl.at/moa-id-auth/template_onlineBKU.html"
- var URL_TO_ONLINEBKU_TEMPLATE = "[URL_TO_ONLINEBKU_TEMPLATE]";
+ //var URL_TO_ONLINEBKU_TEMPLATE = "[URL_TO_ONLINEBKU_TEMPLATE]";
+ var URL_TO_ONLINEBKU_TEMPLATE = "https://localhost:8443/moa-id-auth/template_onlineBKU.html";
// [MUSS] Geben Sie hier die URL zur Online BKU an
// z.B.: value="https://yoururl.at/bkuonline/https-security-layer-request"
- var URL_TO_ONLINEBKU = "[URL_TO_ONLINEBKU]";
-
+ //var URL_TO_ONLINEBKU = "[URL_TO_ONLINEBKU]";
+ //var URL_TO_ONLINEBKU = "http://localhost:8082/bkuonline/http-security-layer-request";
+ var URL_TO_ONLINEBKU = "https://localhost:8444/bkuonline/https-security-layer-request";
+
// [MUSS] Geben Sie hier die URL zum MOA-ID Template fuer die Handy Signatur an -->
<!-- z.B.: value="https://yoururl.at/moa-id-auth/template_handyBKU.html"-->
- var URL_TO_HANDYSIGNATUR_TEMPLATE = "[URL_TO_HANDYSIGNATUR_TEMPLATE]";
-
-
+ //var URL_TO_HANDYSIGNATUR_TEMPLATE = "[URL_TO_HANDYSIGNATUR_TEMPLATE]";
+ var URL_TO_HANDYSIGNATUR_TEMPLATE = "https://localhost:8443/moa-id-auth/template_handyBKU.html";
+
window.onload=function() {
document.getElementById("localBKU").style.display="none";
@@ -45,23 +50,23 @@
// set values for local BKU
document.getElementById("form_local_bku").action = MOA_ID_STARTAUTHENTICATION;
document.getElementById("input_localBKU_template").value = URL_TO_LOKALBKU_TEMPLATE;
- if (document.getElementById("mandateCheckBox").checked) {
- document.getElementById("useMandate").value = "true";
- }
- else {
- document.getElementById("useMandate").value = "false";
+ document.getElementById("useMandate").value = "false";
+ var checkbox = document.getElementById("mandateCheckBox")
+ if (checkbox != null) {
+ if (document.getElementById("mandateCheckBox").checked) {
+ document.getElementById("useMandate").value = "true";
+ }
}
-
+
// set values for online BKU
var el = document.getElementById("bkulogin");
var parent = el.parentNode;
- var checkBox = document.getElementById("mandateCheckBox");
var iFrameURL = "iframeOnlineBKU.html" + "?";
iFrameURL += "bkuURI=" + URL_TO_ONLINEBKU + "&";
iFrameURL += "Template=" + URL_TO_ONLINEBKU_TEMPLATE + "&";
iFrameURL += "startAuth=" + MOA_ID_STARTAUTHENTICATION + "&";
- iFrameURL += "useMandate=" + checkBox.checked ;
+ iFrameURL += "useMandate=" + document.getElementById("useMandate").value;
var iframe = document.createElement("iframe");
iframe.setAttribute("src", iFrameURL);
@@ -78,17 +83,24 @@
function bkuHandyClicked() {
document.getElementById("localBKU").style.display="none";
+ document.getElementById("useMandate").value = "false";
+ var checkbox = document.getElementById("mandateCheckBox")
+ if (checkbox != null) {
+ if (document.getElementById("mandateCheckBox").checked) {
+ document.getElementById("useMandate").value = "true";
+ }
+ }
+
// set values for Handy Signatur
var el = document.getElementById("bkulogin");
var parent = el.parentNode;
- var checkBox = document.getElementById("mandateCheckBox");
+
var iFrameURL = "iframeHandyBKU.html" + "?";
iFrameURL += "Template=" + URL_TO_HANDYSIGNATUR_TEMPLATE + "&";
iFrameURL += "startAuth=" + MOA_ID_STARTAUTHENTICATION + "&";
- iFrameURL += "useMandate=" + checkBox.checked ;
+ iFrameURL += "useMandate=" + document.getElementById("useMandate").value;
-
var iframe = document.createElement("iframe");
iframe.setAttribute("src", iFrameURL);
iframe.setAttribute("width", "220");
@@ -136,9 +148,12 @@
<div id="bkuhandy" class="hell">
<button name="bkuButton" type="button" onClick="bkuHandyClicked();">HANDY</button>
</div>
- <div id="mandate">
- <input type="checkbox" name="Mandate" style="vertical-align: middle; margin-right: 5px;" id="mandateCheckBox"><label>in Vertretung anmelden</label>
+
+ <!-- [OPTIONAL] Um die Anmeldung mit Vollmachten auszublenden, kommentieren Sie das folgende div (mandate) aus -->
+ <div id="mandate">
+ <input type="checkbox" name="Mandate" style="vertical-align: middle; margin-right: 5px;" id="mandateCheckBox"><label>in Vertretung anmelden</label>
</div>
+
</div>
diff --git a/id/server/data/deploy/conf/moa-id/SampleMOAIDConfiguration.xml b/id/server/data/deploy/conf/moa-id/SampleMOAIDConfiguration.xml
index b1418fb0b..8dd49e2d7 100644
--- a/id/server/data/deploy/conf/moa-id/SampleMOAIDConfiguration.xml
+++ b/id/server/data/deploy/conf/moa-id/SampleMOAIDConfiguration.xml
@@ -39,63 +39,10 @@
<TrustProfileID>MOAIDBuergerkarteAuthentisierungsDaten</TrustProfileID>
<!-- VerifyTransformsInfoProfile mit den Transformationen fuer die Anzeige der Anmeldedaten im Secure Viewer (muss in MOA-SP konfiguriert sein) -->
<!-- Wählen Sie hier entsprechende der Sprachauswahl im Element <SecurityLayer><TransformsInfo> das deutsche oder englische Profil -->
- <VerifyTransformsInfoProfileID>MOAIDTransformAuthBlockTable_DE</VerifyTransformsInfoProfileID>
- <!-- <VerifyTransformsInfoProfileID>MOAIDTransformAuthBlockTable_EN</VerifyTransformsInfoProfileID>-->
+ <!--<VerifyTransformsInfoProfileID>MOAIDTransformAuthBlockTable_DE</VerifyTransformsInfoProfileID>-->
+ <VerifyTransformsInfoProfileID>MOAIDTransformAuthBlockTable_EN</VerifyTransformsInfoProfileID>
</VerifyAuthBlock>
</MOA-SP>
- <VerifyInfoboxes>
- <!-- Zur Aktivierung der Vollmachten-Infobox Ueberpruefung ist das ? (Processing Instruction) im Element Infobox zu entfernen -->
- <?Infobox Identifier="Mandates" required="false" provideStammzahl="true" provideIdentityLink="true">
- <FriendlyName>Vollmachten</FriendlyName>
- <!--
- <ApplicationSpecificParameters>
- <ConnectionParameter URL="http://demo.egiz.gv.at/moavv/services/moavvService">
- <AcceptedServerCertificates>certs/server-certs</AcceptedServerCertificates>
- <!- - ClientKeyStore password="Keystore Pass">file_to_clientkeystore</ClientKeyStore - ->
- </ConnectionParameter>
- <mdp:MandateCheckProfileReference xmlns:mdp="http://reference.e-government.gv.at/namespace/mandateprofile/20041105#" ProfileName="Postvollmacht" ProfileVersion="1"/>
- <!-- Kompatibilitaetsmodus: der Vertreter darf sich mit Vollmacht als der Vertretene anmelden -->
- <CompatibilityMode>false</CompatibilityMode>
- </ApplicationSpecificParameters>
- -->
- <!-- Konfigurationsteil fuer berufliche Parteienvertretung -->
- <ParepSpecificParameters>
- <!-- In der folgenden Zeile kann der Vollmachten Validator deaktiviert werden (berufliche Parteienvertretung bleibt aktiviert, soferne Vertretungen konfiguriert sind)> -->
- <EnableInfoboxValidator>false</EnableInfoboxValidator>
- <PartyRepresentation>
- <!-- Standardklasse, die Daten vervollstaendigt -->
- <!-- InputProcessor template="/resources/templates/ParepTemplate.html">at.gv.egovernment.moa.id.auth.validator.parep.ParepInputProcessorImpl</InputProcessor-->
- <!-- User-Inputformular immer anzeigen (auch wenn die notwendigen Daten bereits vollstaendig vorausgefuellt vorhanden sind) -->
- <!--AlwaysShowForm>true</AlwaysShowForm-->
- <!-- Standard-Stammzahlenregister-Gateway -->
- <ConnectionParameter URL="https://gateway.stammzahlenregister.gv.at/services/MandateCreation">
- <!-- AcceptedServerCertificates>certs/server-certs</AcceptedServerCertificates-->
- <ClientKeyStore password="Keystore Pass">file_to_clientkeystore</ClientKeyStore>
- </ConnectionParameter>
- <!-- Notare -->
- <PartyRepresentative oid="1.2.40.0.10.3.1" representPhysicalParty="true" representCorporateParty="true" representationText="berufsmäßige(r) Parteienvertreter(in) mit Notariatseigenschaft"/>
- <!-- Rechtsanwaelte -->
- <PartyRepresentative oid="1.2.40.0.10.3.2" representPhysicalParty="true" representCorporateParty="true" representationText="berufsmäßige(r) Parteienvertreter(in) mit Rechtsanwaltseigenschaft"/>
- <!-- Ziviltechniker -->
- <!--
- <PartyRepresentative oid="1.2.40.0.10.3.3" representPhysicalParty="true" representCorporateParty="true" representationText="berufsmäßige(r) Parteienvertreter(in) mit Ziviltechnikerinneneigenschaft)">
- <!- - Standardklasse, die Daten vervollstaendigt - ->
- <!- - InputProcessor template="/resources/templates/ParepTemplate.html">at.gv.egovernment.moa.id.auth.validator.parep.ParepInputProcessorImpl</InputProcessor- ->
- <!- - User-Inputformular immer anzeigen (auch wenn die notwendigen Daten bereits vollstaendig vorausgefuellt vorhanden sind) - ->
- <!- - AlwaysShowForm>true</AlwaysShowForm- ->
- <!- - Spezifisches-Stammzahlenregister-Gateway - ->
- <ConnectionParameter URL="https://gateway.stammzahlenregister.gv.at/services/MandateCreation">
- <!- - AcceptedServerCertificates>certs/server-certs</AcceptedServerCertificates- ->
- <ClientKeyStore password="Keystore Pass">file_to_clientkeystore</ClientKeyStore>
- </ConnectionParameter>
- </PartyRepresentative>
- -->
- <!-- Organwalter -->
- <PartyRepresentative oid="1.2.40.0.10.3.10" representPhysicalParty="true" representCorporateParty="false" representationText="Organwalter"/>
- </PartyRepresentation>
- </ParepSpecificParameters>
- </Infobox?>
- </VerifyInfoboxes>
<!-- Einstellungen für den Zugriff auf das Stammzahlenregister-Gateway - für ausländische Personen -->
<ForeignIdentities>
<!-- Echtsystem (Eintragung ins ERnP nur mit Echtkarten gemäß E-Government Gleichwertigkeits Verordnung) -->
@@ -104,11 +51,28 @@
<!--<ConnectionParameter URL="https://gateway.stammzahlenregister.gv.at:8443/services/IdentityLinkCreation">-->
<!-- Geben Sie hier ihren Client Keystore für den Zugriff auf das Stammzahlenregister-Gateway an -->
- <!-- Voraussetzung: A-Trust Zertifikat mit Verwaltungseigenschaft. Wenn ihr MOA-ID Zertifikat -->
- <!-- diese Voraussetzung erfüllt, können Sie dieses hier angeben. -->
+ <!-- Voraussetzung: A-Trust oder A-CERT Zertifikat mit Verwaltungseigenschaft oder Dienstleistereigenschaft. -->
+ <!-- Wenn ihr MOA-ID Zertifikat diese Voraussetzung erfüllt, können Sie dieses hier angeben. -->
<ClientKeyStore password="password">cert/clientcert.p12</ClientKeyStore>
</ConnectionParameter>
</ForeignIdentities>
+
+ <!-- Einstellungen für den Zugriff auf das Online-Vollmachten Service -->
+ <!-- <OnlineMandates> -->
+ <!-- Echtsystem -->
+ <!-- <ConnectionParameter URL="https://vollmachten.stammzahlenregister.gv.at/mis/MandateIssueRequest">-->
+ <!-- Testsystem -->
+ <!-- <ConnectionParameter URL="https://vollmachten.stammzahlenregister.gv.at/mis-test/MandateIssueRequest">-->
+ <!-- Geben Sie hier ihren Client Keystore für den Zugriff auf das Online-Vollmachten System an -->
+ <!-- Voraussetzung: A-Trust oder A-CERT Zertifikat mit Verwaltungseigenschaft oder Dienstleistereigenschaft. -->
+ <!-- Wenn ihr MOA-ID Zertifikat diese Voraussetzung erfüllt, können Sie dieses hier angeben. -->
+ <!-- <ClientKeyStore password="password">certs/clientcert.p12</ClientKeyStore> -->
+ <!-- </ConnectionParameter> -->
+ <!-- Hinweis: Um den Online-Vollmachten Modus für eine Online Applikation zu aktivieren, müssen Sie das Vollmachten Profil angeben -->
+ <!-- (siehe Element OnlineMandates unter MOA-IDConfiguration/AuthComponent/OnlineMandates)-->
+ <!-- </OnlineMandates> -->
+
+
</AuthComponent>
<!-- Eintragung fuer jede Online-Applikation -->
<!-- publicURLPrefix referenziert hier keine richtige Online Applikation; muss angepasst werden -->
@@ -132,6 +96,14 @@
<!-- <TransformsInfo filename="transforms/TransformsInfoAuthBlock.xml"/> -->
<!-- TransformInfo in Tabellenform, alternative Variante fuer aeltere BKU -->
<!-- <TransformsInfo filename="transforms/TransformsInfoAuthBlock_deprecated.xml"/> -->
+
+ <!-- Aktivieren von Vollmachten fuer diese Online-Applikation-->
+ <!-- Hinweis: Hierzu muss auch die Verbindung zum Online-Vollmachten Service konfigurieren -->
+ <!-- (siehe OnlineApplication/AuthComponent/Mandates)-->
+ <!--<Mandates>-->
+ <!-- Liste der Vollmachten-Identifikatoren, die festlegen mit welchen Vollmachtstypen man sich bei der Online-Applikation anmelden kann-->
+<!-- <Profiles>Prokura,PostvollmachtAufBasisProkura,WKOVollmachtAufBasisProkura,ZVR,ZVRMitPostvollmacht,ERsB,ErsBMitPostvollmacht,PostvollmachtBilateral,GeneralvollmachtBilateral,WKOVollmachtBilateral</Profiles>-->
+<!-- </Mandates>-->
</AuthComponent>
</OnlineApplication>
<!-- ChainingModes fuer die Zertifikatspfadueberpruefung der TLS-Zertifikate -->
@@ -151,7 +123,9 @@
<!--GenericConfiguration name="FrontendServlets.DataURLPrefix" value="https://<your_webserver>/moa-id-auth/"/ -->
<!-- HTTP Verbindung auf Frontend Servlets zulassen / verbieten (falls Webserver vorgeschaltet wird) -->
<!-- GenericConfiguration name="FrontendServlets.EnableHTTPConnection" value="true"/ -->
+ <!-- URL Liste der vertrauenwürdigen Bürgekartenumgebungen -->
<TrustedBKUs>
+ <BKUURL>https://www.handy-signatur.at/mobile/https-security-layer-request/default.aspx</BKUURL>
<BKUURL>https://www.a-trust.at/mobile/https-security-layer-request/default.aspx</BKUURL>
</TrustedBKUs>
</MOA-IDConfiguration>
diff --git a/id/server/data/deploy/conf/moa-id/SampleMOAIDConfigurationProxy.xml b/id/server/data/deploy/conf/moa-id/SampleMOAIDConfigurationProxy.xml
index 0f09ff7d5..11b794888 100644
--- a/id/server/data/deploy/conf/moa-id/SampleMOAIDConfigurationProxy.xml
+++ b/id/server/data/deploy/conf/moa-id/SampleMOAIDConfigurationProxy.xml
@@ -43,60 +43,8 @@
<!-- <VerifyTransformsInfoProfileID>MOAIDTransformAuthBlockTable_EN</VerifyTransformsInfoProfileID>-->
</VerifyAuthBlock>
</MOA-SP>
- <VerifyInfoboxes>
- <!-- Zur Aktivierung der Vollmachten-Infobox Ueberpruefung ist das ? (Processing Instruction) im Element Infobox zu entfernen -->
- <?Infobox Identifier="Mandates" required="false" provideStammzahl="true" provideIdentityLink="true">
- <FriendlyName>Vollmachten</FriendlyName>
- <!--
- <ApplicationSpecificParameters>
- <ConnectionParameter URL="http://demo.egiz.gv.at/moavv/services/moavvService">
- <AcceptedServerCertificates>certs/server-certs</AcceptedServerCertificates>
- <!- - ClientKeyStore password="Keystore Pass">file_to_clientkeystore</ClientKeyStore - ->
- </ConnectionParameter>
- <mdp:MandateCheckProfileReference xmlns:mdp="http://reference.e-government.gv.at/namespace/mandateprofile/20041105#" ProfileName="Postvollmacht" ProfileVersion="1"/>
- <!-- Kompatibilitaetsmodus: der Vertreter darf sich mit Vollmacht als der Vertretene anmelden -->
- <CompatibilityMode>false</CompatibilityMode>
- </ApplicationSpecificParameters>
- -->
- <!-- Konfigurationsteil fuer berufliche Parteienvertretung -->
- <ParepSpecificParameters>
- <!-- In der folgenden Zeile kann der Vollmachten Validator deaktiviert werden (berufliche Parteienvertretung bleibt aktiviert, soferne Vertretungen konfiguriert sind)> -->
- <EnableInfoboxValidator>false</EnableInfoboxValidator>
- <PartyRepresentation>
- <!-- Standardklasse, die Daten vervollstaendigt -->
- <!-- InputProcessor template="/resources/templates/ParepTemplate.html">at.gv.egovernment.moa.id.auth.validator.parep.ParepInputProcessorImpl</InputProcessor-->
- <!-- User-Inputformular immer anzeigen (auch wenn die notwendigen Daten bereits vollstaendig vorausgefuellt vorhanden sind) -->
- <!--AlwaysShowForm>true</AlwaysShowForm-->
- <!-- Standard-Stammzahlenregister-Gateway -->
- <ConnectionParameter URL="https://gateway.stammzahlenregister.gv.at/services/MandateCreation">
- <!-- AcceptedServerCertificates>certs/server-certs</AcceptedServerCertificates-->
- <ClientKeyStore password="Keystore Pass">file_to_clientkeystore</ClientKeyStore>
- </ConnectionParameter>
- <!-- Notare -->
- <PartyRepresentative oid="1.2.40.0.10.3.1" representPhysicalParty="true" representCorporateParty="true" representationText="berufsmäßige(r) Parteienvertreter(in) mit Notariatseigenschaft"/>
- <!-- Rechtsanwaelte -->
- <PartyRepresentative oid="1.2.40.0.10.3.2" representPhysicalParty="true" representCorporateParty="true" representationText="berufsmäßige(r) Parteienvertreter(in) mit Rechtsanwaltseigenschaft"/>
- <!-- Ziviltechniker -->
- <!--
- <PartyRepresentative oid="1.2.40.0.10.3.3" representPhysicalParty="true" representCorporateParty="true" representationText="berufsmäßige(r) Parteienvertreter(in) mit Ziviltechnikerinneneigenschaft)">
- <!- - Standardklasse, die Daten vervollstaendigt - ->
- <!- - InputProcessor template="/resources/templates/ParepTemplate.html">at.gv.egovernment.moa.id.auth.validator.parep.ParepInputProcessorImpl</InputProcessor- ->
- <!- - User-Inputformular immer anzeigen (auch wenn die notwendigen Daten bereits vollstaendig vorausgefuellt vorhanden sind) - ->
- <!- - AlwaysShowForm>true</AlwaysShowForm- ->
- <!- - Spezifisches-Stammzahlenregister-Gateway - ->
- <ConnectionParameter URL="https://gateway.stammzahlenregister.gv.at/services/MandateCreation">
- <!- - AcceptedServerCertificates>certs/server-certs</AcceptedServerCertificates- ->
- <ClientKeyStore password="Keystore Pass">file_to_clientkeystore</ClientKeyStore>
- </ConnectionParameter>
- </PartyRepresentative>
- -->
- <!-- Organwalter -->
- <PartyRepresentative oid="1.2.40.0.10.3.10" representPhysicalParty="true" representCorporateParty="false" representationText="Organwalter"/>
- </PartyRepresentation>
- </ParepSpecificParameters>
- </Infobox?>
- </VerifyInfoboxes>
- <!-- Einstellungen für den Zugriff auf das Stammzahlenregister-Gateway - für ausländische Personen -->
+
+<!-- Einstellungen für den Zugriff auf das Stammzahlenregister-Gateway - für ausländische Personen -->
<ForeignIdentities>
<!-- Echtsystem (Eintragung ins ERnP nur mit Echtkarten gemäß E-Government Gleichwertigkeits Verordnung) -->
<ConnectionParameter URL="https://gateway.stammzahlenregister.gv.at/services/IdentityLinkCreation">
@@ -104,11 +52,27 @@
<!--<ConnectionParameter URL="https://gateway.stammzahlenregister.gv.at:8443/services/IdentityLinkCreation">-->
<!-- Geben Sie hier ihren Client Keystore für den Zugriff auf das Stammzahlenregister-Gateway an -->
- <!-- Voraussetzung: A-Trust Zertifikat mit Verwaltungseigenschaft. Wenn ihr MOA-ID Zertifikat -->
- <!-- diese Voraussetzung erfüllt, können Sie dieses hier angeben. -->
+ <!-- Voraussetzung: A-Trust oder A-CERT Zertifikat mit Verwaltungseigenschaft oder Dienstleistereigenschaft. -->
+ <!-- Wenn ihr MOA-ID Zertifikat diese Voraussetzung erfüllt, können Sie dieses hier angeben. -->
<ClientKeyStore password="password">cert/clientcert.p12</ClientKeyStore>
</ConnectionParameter>
</ForeignIdentities>
+
+ <!-- Einstellungen für den Zugriff auf das Online-Vollmachten Service -->
+ <!-- <OnlineMandates> -->
+ <!-- Echtsystem -->
+ <!-- <ConnectionParameter URL="https://vollmachten.stammzahlenregister.gv.at/mis/MandateIssueRequest">-->
+ <!-- Testsystem -->
+ <!-- <ConnectionParameter URL="https://vollmachten.stammzahlenregister.gv.at/mis-test/MandateIssueRequest">-->
+ <!-- Geben Sie hier ihren Client Keystore für den Zugriff auf das Online-Vollmachten System an -->
+ <!-- Voraussetzung: A-Trust oder A-CERT Zertifikat mit Verwaltungseigenschaft oder Dienstleistereigenschaft. -->
+ <!-- Wenn ihr MOA-ID Zertifikat diese Voraussetzung erfüllt, können Sie dieses hier angeben. -->
+ <!-- <ClientKeyStore password="password">certs/clientcert.p12</ClientKeyStore> -->
+ <!-- </ConnectionParameter> -->
+ <!-- Hinweis: Um den Online-Vollmachten Modus für eine Online Applikation zu aktivieren, müssen Sie das Vollmachten Profil angeben -->
+ <!-- (siehe Element OnlineMandates unter MOA-IDConfiguration/AuthComponent/OnlineMandates)-->
+ <!-- </OnlineMandates> -->
+
</AuthComponent>
<!-- Konfiguration fuer MOA-ID-PROXY -->
<ProxyComponent>
@@ -142,6 +106,13 @@
<!-- <TransformsInfo filename="transforms/TransformsInfoAuthBlock.xml"/> -->
<!-- TransformInfo in Tabellenform, alternative Variante fuer aeltere BKU -->
<!-- <TransformsInfo filename="transforms/TransformsInfoAuthBlock_deprecated.xml"/> -->
+ <!-- Aktivieren von Vollmachten fuer diese Online-Applikation-->
+ <!-- Hinweis: Hierzu muss auch die Verbindung zum Online-Vollmachten Service konfigurieren -->
+ <!-- (siehe OnlineApplication/AuthComponent/Mandates)-->
+ <!--<Mandates>-->
+ <!-- Liste der Vollmachten-Identifikatoren, die festlegen mit welchen Vollmachtstypen man sich bei der Online-Applikation anmelden kann-->
+<!-- <Profiles>Prokura,PostvollmachtAufBasisProkura,WKOVollmachtAufBasisProkura,ZVR,ZVRMitPostvollmacht,ERsB,ErsBMitPostvollmacht,PostvollmachtBilateral,GeneralvollmachtBilateral,WKOVollmachtBilateral</Profiles>-->
+<!-- </Mandates>-->
</AuthComponent>
<!-- fuer MOA-ID-PROXY -->
<ProxyComponent configFileURL="oa/SampleOAConfiguration.xml" sessionTimeOut="600">
@@ -171,7 +142,10 @@
<!--GenericConfiguration name="FrontendServlets.DataURLPrefix" value="https://<your_webserver>/moa-id-auth/"/ -->
<!-- HTTP Verbindung auf Frontend Servlets zulassen / verbieten (falls Webserver vorgeschaltet wird) -->
<!-- GenericConfiguration name="FrontendServlets.EnableHTTPConnection" value="true"/ -->
+ <!-- URL Liste der vertrauenwürdigen Bürgekartenumgebungen -->
<TrustedBKUs>
+ <BKUURL>https://www.handy-signatur.at/mobile/https-security-layer-request/default.aspx</BKUURL>
<BKUURL>https://www.a-trust.at/mobile/https-security-layer-request/default.aspx</BKUURL>
</TrustedBKUs>
+
</MOA-IDConfiguration>
diff --git a/id/server/data/deploy/conf/moa-id/SampleMOAIDConfiguration_withTestBKs.xml b/id/server/data/deploy/conf/moa-id/SampleMOAIDConfiguration_withTestBKs.xml
index fd565b538..80c7a8dfd 100644
--- a/id/server/data/deploy/conf/moa-id/SampleMOAIDConfiguration_withTestBKs.xml
+++ b/id/server/data/deploy/conf/moa-id/SampleMOAIDConfiguration_withTestBKs.xml
@@ -44,64 +44,6 @@
<!-- <VerifyTransformsInfoProfileID>MOAIDTransformAuthBlockTable_EN</VerifyTransformsInfoProfileID>-->
</VerifyAuthBlock>
</MOA-SP>
- <!-- Gueltige Signatoren des IdentityLinks, der von der Buergerkarte gelesen wird -->
- <!-- IdentityLinkSigners-->
- <!-- Testkarten (a.sign test government sowie Security Kapsel Neu/SeLaNext ab Version 1.0.3 wird unterstuetzt) -->
- <!--X509SubjectName>CN=Test Signaturdienst Personenbindung,OU=IKT-Stabsstelle des Bundes,O=Bundeskanzleramt,C=AT</X509SubjectName-->
- <!--/IdentityLinkSigners-->
- <VerifyInfoboxes>
- <!-- Zur Aktivierung der Vollmachten-Infobox Ueberpruefung ist das ? (Processing Instruction) im Element Infobox zu entfernen -->
- <?Infobox Identifier="Mandates" required="false" provideStammzahl="true" provideIdentityLink="true">
- <FriendlyName>Vollmachten</FriendlyName>
- <!--
- <ApplicationSpecificParameters>
- <ConnectionParameter URL="http://demo.egiz.gv.at/moavv/services/moavvService">
- <AcceptedServerCertificates>certs/server-certs</AcceptedServerCertificates>
- <!- - ClientKeyStore password="Keystore Pass">file_to_clientkeystore</ClientKeyStore - ->
- </ConnectionParameter>
- <mdp:MandateCheckProfileReference xmlns:mdp="http://reference.e-government.gv.at/namespace/mandateprofile/20041105#" ProfileName="Postvollmacht" ProfileVersion="1"/>
- <!-- Kompatibilitaetsmodus: der Vertreter darf sich mit Vollmacht als der Vertretene anmelden -->
- <CompatibilityMode>false</CompatibilityMode>
- </ApplicationSpecificParameters>
- -->
- <!-- Konfigurationsteil fuer berufliche Parteienvertretung -->
- <ParepSpecificParameters>
- <!-- In der folgenden Zeile kann der Vollmachten Validator deaktiviert werden (berufliche Parteienvertretung bleibt aktiviert, soferne Vertretungen konfiguriert sind)> -->
- <EnableInfoboxValidator>false</EnableInfoboxValidator>
- <PartyRepresentation>
- <!-- Standardklasse, die Daten vervollstaendigt -->
- <!-- InputProcessor template="/resources/templates/ParepTemplate.html">at.gv.egovernment.moa.id.auth.validator.parep.ParepInputProcessorImpl</InputProcessor-->
- <!-- User-Inputformular immer anzeigen (auch wenn die notwendigen Daten bereits vollstaendig vorausgefuellt vorhanden sind) -->
- <!--AlwaysShowForm>true</AlwaysShowForm-->
- <!-- Standard-Stammzahlenregister-Gateway -->
- <ConnectionParameter URL="https://gateway.stammzahlenregister.gv.at/services/MandateCreation">
- <!-- AcceptedServerCertificates>certs/server-certs</AcceptedServerCertificates-->
- <ClientKeyStore password="Keystore Pass">file_to_clientkeystore</ClientKeyStore>
- </ConnectionParameter>
- <!-- Notare -->
- <PartyRepresentative oid="1.2.40.0.10.3.1" representPhysicalParty="true" representCorporateParty="true" representationText="berufsmäßige(r) Parteienvertreter(in) mit Notariatseigenschaft"/>
- <!-- Rechtsanwaelte -->
- <PartyRepresentative oid="1.2.40.0.10.3.2" representPhysicalParty="true" representCorporateParty="true" representationText="berufsmäßige(r) Parteienvertreter(in) mit Rechtsanwaltseigenschaft"/>
- <!-- Ziviltechniker -->
- <!--
- <PartyRepresentative oid="1.2.40.0.10.3.3" representPhysicalParty="true" representCorporateParty="true" representationText="berufsmäßige(r) Parteienvertreter(in) mit Ziviltechnikerinneneigenschaft)">
- <!- - Standardklasse, die Daten vervollstaendigt - ->
- <!- - InputProcessor template="/resources/templates/ParepTemplate.html">at.gv.egovernment.moa.id.auth.validator.parep.ParepInputProcessorImpl</InputProcessor- ->
- <!- - User-Inputformular immer anzeigen (auch wenn die notwendigen Daten bereits vollstaendig vorausgefuellt vorhanden sind) - ->
- <!- - AlwaysShowForm>true</AlwaysShowForm- ->
- <!- - Spezifisches-Stammzahlenregister-Gateway - ->
- <ConnectionParameter URL="https://gateway.stammzahlenregister.gv.at/services/MandateCreation">
- <!- - AcceptedServerCertificates>certs/server-certs</AcceptedServerCertificates- ->
- <ClientKeyStore password="Keystore Pass">file_to_clientkeystore</ClientKeyStore>
- </ConnectionParameter>
- </PartyRepresentative>
- -->
- <!-- Organwalter -->
- <PartyRepresentative oid="1.2.40.0.10.3.10" representPhysicalParty="true" representCorporateParty="false" representationText="Organwalter"/>
- </PartyRepresentation>
- </ParepSpecificParameters>
- </Infobox?>
- </VerifyInfoboxes>
<!-- Einstellungen für den Zugriff auf das Stammzahlenregister-Gateway - für ausländische Personen -->
<ForeignIdentities>
<!-- Echtsystem (Eintragung ins ERnP nur mit Echtkarten gemäß E-Government Gleichwertigkeits Verordnung) -->
@@ -115,6 +57,22 @@
<ClientKeyStore password="password">cert/clientcert.p12</ClientKeyStore>
</ConnectionParameter>
</ForeignIdentities>
+
+ <!-- Einstellungen für den Zugriff auf das Online-Vollmachten Service -->
+ <!-- <OnlineMandates> -->
+ <!-- Echtsystem -->
+ <!-- <ConnectionParameter URL="https://vollmachten.stammzahlenregister.gv.at/mis/MandateIssueRequest">-->
+ <!-- Testsystem -->
+ <!-- <ConnectionParameter URL="https://vollmachten.stammzahlenregister.gv.at/mis-test/MandateIssueRequest">-->
+ <!-- Geben Sie hier ihren Client Keystore für den Zugriff auf das Online-Vollmachten System an -->
+ <!-- Voraussetzung: A-Trust oder A-CERT Zertifikat mit Verwaltungseigenschaft oder Dienstleistereigenschaft. -->
+ <!-- Wenn ihr MOA-ID Zertifikat diese Voraussetzung erfüllt, können Sie dieses hier angeben. -->
+ <!-- <ClientKeyStore password="password">certs/clientcert.p12</ClientKeyStore> -->
+ <!-- </ConnectionParameter> -->
+ <!-- Hinweis: Um den Online-Vollmachten Modus für eine Online Applikation zu aktivieren, müssen Sie das Vollmachten Profil angeben -->
+ <!-- (siehe Element OnlineMandates unter MOA-IDConfiguration/AuthComponent/OnlineMandates)-->
+ <!-- </OnlineMandates> -->
+
</AuthComponent>
<!-- Eintragung fuer jede Online-Applikation -->
<!-- publicURLPrefix referenziert hier keine richtige Online Applikation; muss angepasst werden -->
@@ -138,6 +96,13 @@
<!-- <TransformsInfo filename="transforms/TransformsInfoAuthBlock.xml"/> -->
<!-- TransformInfo in Tabellenform, alternative Variante fuer aeltere BKU -->
<!-- <TransformsInfo filename="transforms/TransformsInfoAuthBlock_deprecated.xml"/> -->
+ <!-- Aktivieren von Vollmachten fuer diese Online-Applikation-->
+ <!-- Hinweis: Hierzu muss auch die Verbindung zum Online-Vollmachten Service konfigurieren -->
+ <!-- (siehe OnlineApplication/AuthComponent/Mandates)-->
+ <!-- <Mandates> -->
+ <!-- Liste der Vollmachten-Identifikatoren, die festlegt mit welchen Vollmachtstyp man sich bei der Online-Applikation anmelden kann-->
+ <!--<Profiles>Prokura,PostvollmachtAufBasisProkura,WKOVollmachtAufBasisProkura,ZVR,ZVRMitPostvollmacht,ERsB,ErsBMitPostvollmacht,PostvollmachtBilateral,GeneralvollmachtBilateral,WKOVollmachtBilateral</Profiles>-->
+ <!--</Mandates> -->
</AuthComponent>
</OnlineApplication>
<!-- ChainingModes fuer die Zertifikatspfadueberpruefung der TLS-Zertifikate -->
@@ -159,6 +124,7 @@
<!-- GenericConfiguration name="FrontendServlets.EnableHTTPConnection" value="true"/ -->
<!-- Vertrauenswürdige Bürgerkartenumgebungen -->
<TrustedBKUs>
+ <BKUURL>https://www.handy-signatur.at/mobile/https-security-layer-request/default.aspx</BKUURL>
<BKUURL>https://www.a-trust.at/mobile/https-security-layer-request/default.aspx</BKUURL>
</TrustedBKUs>
</MOA-IDConfiguration>
diff --git a/id/server/data/deploy/conf/moa-id/SampleMOAIDConfiguration_withTestBKsProxy.xml b/id/server/data/deploy/conf/moa-id/SampleMOAIDConfiguration_withTestBKsProxy.xml
index b3c655155..dd207f76d 100644
--- a/id/server/data/deploy/conf/moa-id/SampleMOAIDConfiguration_withTestBKsProxy.xml
+++ b/id/server/data/deploy/conf/moa-id/SampleMOAIDConfiguration_withTestBKsProxy.xml
@@ -44,77 +44,36 @@
<!-- <VerifyTransformsInfoProfileID>MOAIDTransformAuthBlockTable_EN</VerifyTransformsInfoProfileID>-->
</VerifyAuthBlock>
</MOA-SP>
- <!-- Gueltige Signatoren des IdentityLinks, der von der Buergerkarte gelesen wird -->
- <!-- IdentityLinkSigners-->
- <!-- Testkarten (a.sign test government sowie Security Kapsel Neu/SeLaNext ab Version 1.0.3 wird unterstuetzt) -->
- <!--X509SubjectName>CN=Test Signaturdienst Personenbindung,OU=IKT-Stabsstelle des Bundes,O=Bundeskanzleramt,C=AT</X509SubjectName-->
- <!--/IdentityLinkSigners-->
- <VerifyInfoboxes>
- <!-- Zur Aktivierung der Vollmachten-Infobox Ueberpruefung ist das ? (Processing Instruction) im Element Infobox zu entfernen -->
- <?Infobox Identifier="Mandates" required="false" provideStammzahl="true" provideIdentityLink="true">
- <FriendlyName>Vollmachten</FriendlyName>
- <!--
- <ApplicationSpecificParameters>
- <ConnectionParameter URL="http://demo.egiz.gv.at/moavv/services/moavvService">
- <AcceptedServerCertificates>certs/server-certs</AcceptedServerCertificates>
- <!- - ClientKeyStore password="Keystore Pass">file_to_clientkeystore</ClientKeyStore - ->
- </ConnectionParameter>
- <mdp:MandateCheckProfileReference xmlns:mdp="http://reference.e-government.gv.at/namespace/mandateprofile/20041105#" ProfileName="Postvollmacht" ProfileVersion="1"/>
- <!-- Kompatibilitaetsmodus: der Vertreter darf sich mit Vollmacht als der Vertretene anmelden -->
- <CompatibilityMode>false</CompatibilityMode>
- </ApplicationSpecificParameters>
- -->
- <!-- Konfigurationsteil fuer berufliche Parteienvertretung -->
- <ParepSpecificParameters>
- <!-- In der folgenden Zeile kann der Vollmachten Validator deaktiviert werden (berufliche Parteienvertretung bleibt aktiviert, soferne Vertretungen konfiguriert sind)> -->
- <EnableInfoboxValidator>false</EnableInfoboxValidator>
- <PartyRepresentation>
- <!-- Standardklasse, die Daten vervollstaendigt -->
- <!-- InputProcessor template="/resources/templates/ParepTemplate.html">at.gv.egovernment.moa.id.auth.validator.parep.ParepInputProcessorImpl</InputProcessor-->
- <!-- User-Inputformular immer anzeigen (auch wenn die notwendigen Daten bereits vollstaendig vorausgefuellt vorhanden sind) -->
- <!--AlwaysShowForm>true</AlwaysShowForm-->
- <!-- Standard-Stammzahlenregister-Gateway -->
- <ConnectionParameter URL="https://gateway.stammzahlenregister.gv.at/services/MandateCreation">
- <!-- AcceptedServerCertificates>certs/server-certs</AcceptedServerCertificates-->
- <ClientKeyStore password="Keystore Pass">file_to_clientkeystore</ClientKeyStore>
- </ConnectionParameter>
- <!-- Notare -->
- <PartyRepresentative oid="1.2.40.0.10.3.1" representPhysicalParty="true" representCorporateParty="true" representationText="berufsmäßige(r) Parteienvertreter(in) mit Notariatseigenschaft"/>
- <!-- Rechtsanwaelte -->
- <PartyRepresentative oid="1.2.40.0.10.3.2" representPhysicalParty="true" representCorporateParty="true" representationText="berufsmäßige(r) Parteienvertreter(in) mit Rechtsanwaltseigenschaft"/>
- <!-- Ziviltechniker -->
- <!--
- <PartyRepresentative oid="1.2.40.0.10.3.3" representPhysicalParty="true" representCorporateParty="true" representationText="berufsmäßige(r) Parteienvertreter(in) mit Ziviltechnikerinneneigenschaft)">
- <!- - Standardklasse, die Daten vervollstaendigt - ->
- <!- - InputProcessor template="/resources/templates/ParepTemplate.html">at.gv.egovernment.moa.id.auth.validator.parep.ParepInputProcessorImpl</InputProcessor- ->
- <!- - User-Inputformular immer anzeigen (auch wenn die notwendigen Daten bereits vollstaendig vorausgefuellt vorhanden sind) - ->
- <!- - AlwaysShowForm>true</AlwaysShowForm- ->
- <!- - Spezifisches-Stammzahlenregister-Gateway - ->
- <ConnectionParameter URL="https://gateway.stammzahlenregister.gv.at/services/MandateCreation">
- <!- - AcceptedServerCertificates>certs/server-certs</AcceptedServerCertificates- ->
- <ClientKeyStore password="Keystore Pass">file_to_clientkeystore</ClientKeyStore>
- </ConnectionParameter>
- </PartyRepresentative>
- -->
- <!-- Organwalter -->
- <PartyRepresentative oid="1.2.40.0.10.3.10" representPhysicalParty="true" representCorporateParty="false" representationText="Organwalter"/>
- </PartyRepresentation>
- </ParepSpecificParameters>
- </Infobox?>
- </VerifyInfoboxes>
<!-- Einstellungen für den Zugriff auf das Stammzahlenregister-Gateway - für ausländische Personen -->
<ForeignIdentities>
<!-- Echtsystem (Eintragung ins ERnP nur mit Echtkarten gemäß E-Government Gleichwertigkeits Verordnung) -->
<ConnectionParameter URL="https://gateway.stammzahlenregister.gv.at/services/IdentityLinkCreation">
<!-- Testsystem (Eintragung ins ERnP - auch für Testkarten) -->
<!--<ConnectionParameter URL="https://gateway.stammzahlenregister.gv.at:8443/services/IdentityLinkCreation">-->
-
+
<!-- Geben Sie hier ihren Client Keystore für den Zugriff auf das Stammzahlenregister-Gateway an -->
- <!-- Voraussetzung: A-Trust Zertifikat mit Verwaltungseigenschaft. Wenn ihr MOA-ID Zertifikat -->
- <!-- diese Voraussetzung erfüllt, können Sie dieses hier angeben. -->
+ <!-- Voraussetzung: A-Trust oder A-CERT Zertifikat mit Verwaltungseigenschaft oder Dienstleistereigenschaft. -->
+ <!-- Wenn ihr MOA-ID Zertifikat diese Voraussetzung erfüllt, können Sie dieses hier angeben. -->
<ClientKeyStore password="password">cert/clientcert.p12</ClientKeyStore>
</ConnectionParameter>
</ForeignIdentities>
+
+ <!-- Einstellungen für den Zugriff auf das Online-Vollmachten Service -->
+ <!-- <OnlineMandates> -->
+ <!-- Echtsystem -->
+ <!-- <ConnectionParameter URL="https://vollmachten.stammzahlenregister.gv.at/mis/MandateIssueRequest">-->
+ <!-- Testsystem -->
+ <!-- <ConnectionParameter URL="https://vollmachten.stammzahlenregister.gv.at/mis-test/MandateIssueRequest">-->
+ <!-- Geben Sie hier ihren Client Keystore für den Zugriff auf das Online-Vollmachten System an -->
+ <!-- Voraussetzung: A-Trust oder A-CERT Zertifikat mit Verwaltungseigenschaft oder Dienstleistereigenschaft. -->
+ <!-- Wenn ihr MOA-ID Zertifikat diese Voraussetzung erfüllt, können Sie dieses hier angeben. -->
+ <!-- <ClientKeyStore password="password">certs/clientcert.p12</ClientKeyStore> -->
+ <!-- </ConnectionParameter> -->
+ <!-- Hinweis: Um den Online-Vollmachten Modus für eine Online Applikation zu aktivieren, müssen Sie das Vollmachten Profil angeben -->
+ <!-- (siehe Element OnlineMandates unter MOA-IDConfiguration/AuthComponent/OnlineMandates)-->
+ <!-- </OnlineMandates> -->
+
+
</AuthComponent>
<!-- Konfiguration fuer MOA-ID-PROXY -->
<ProxyComponent>
@@ -148,6 +107,13 @@
<!-- <TransformsInfo filename="transforms/TransformsInfoAuthBlock.xml"/> -->
<!-- TransformInfo in Tabellenform, alternative Variante fuer aeltere BKU -->
<!-- <TransformsInfo filename="transforms/TransformsInfoAuthBlock_deprecated.xml"/> -->
+ <!-- Aktivieren von Vollmachten fuer diese Online-Applikation-->
+ <!-- Hinweis: Hierzu muss auch die Verbindung zum Online-Vollmachten Service konfigurieren -->
+ <!-- (siehe OnlineApplication/AuthComponent/Mandates)-->
+ <!--<Mandates>-->
+ <!-- Liste der Vollmachten-Identifikatoren, die festlegen mit welchen Vollmachtstypen man sich bei der Online-Applikation anmelden kann-->
+<!-- <Profiles>Prokura,PostvollmachtAufBasisProkura,WKOVollmachtAufBasisProkura,ZVR,ZVRMitPostvollmacht,ERsB,ErsBMitPostvollmacht,PostvollmachtBilateral,GeneralvollmachtBilateral,WKOVollmachtBilateral</Profiles>-->
+<!-- </Mandates>-->
</AuthComponent>
<!-- fuer MOA-ID-PROXY -->
<ProxyComponent configFileURL="oa/SampleOAConfiguration.xml" sessionTimeOut="600">
@@ -177,7 +143,9 @@
<!--GenericConfiguration name="FrontendServlets.DataURLPrefix" value="https://<your_webserver>/moa-id-auth/"/ -->
<!-- HTTP Verbindung auf Frontend Servlets zulassen / verbieten (falls Webserver vorgeschaltet wird) -->
<!-- GenericConfiguration name="FrontendServlets.EnableHTTPConnection" value="true"/ -->
+ <!-- URL Liste der vertrauenwürdigen Bürgekartenumgebungen -->
<TrustedBKUs>
+ <BKUURL>https://www.handy-signatur.at/mobile/https-security-layer-request/default.aspx</BKUURL>
<BKUURL>https://www.a-trust.at/mobile/https-security-layer-request/default.aspx</BKUURL>
</TrustedBKUs>
</MOA-IDConfiguration>
diff --git a/id/server/data/deploy/conf/moa-id/SampleMOAWIDConfiguration.xml b/id/server/data/deploy/conf/moa-id/SampleMOAWIDConfiguration.xml
index 3f1d95562..3d062900d 100644
--- a/id/server/data/deploy/conf/moa-id/SampleMOAWIDConfiguration.xml
+++ b/id/server/data/deploy/conf/moa-id/SampleMOAWIDConfiguration.xml
@@ -43,70 +43,20 @@
<!-- <VerifyTransformsInfoProfileID>MOAIDTransformAuthBlockTable_EN</VerifyTransformsInfoProfileID>-->
</VerifyAuthBlock>
</MOA-SP>
- <VerifyInfoboxes>
- <!-- Zur Aktivierung der Vollmachten-Infobox Ueberpruefung ist das ? (Processing Instruction) im Element Infobox zu entfernen -->
- <?Infobox Identifier="Mandates" required="false" provideStammzahl="true" provideIdentityLink="true">
- <FriendlyName>Vollmachten</FriendlyName>
- <!--
- <ApplicationSpecificParameters>
- <ConnectionParameter URL="http://demo.egiz.gv.at/moavv/services/moavvService">
- <AcceptedServerCertificates>certs/server-certs</AcceptedServerCertificates>
- <!- - ClientKeyStore password="Keystore Pass">file_to_clientkeystore</ClientKeyStore - ->
- </ConnectionParameter>
- <mdp:MandateCheckProfileReference xmlns:mdp="http://reference.e-government.gv.at/namespace/mandateprofile/20041105#" ProfileName="Postvollmacht" ProfileVersion="1"/>
- <!-- Kompatibilitaetsmodus: der Vertreter darf sich mit Vollmacht als der Vertretene anmelden -->
- <CompatibilityMode>false</CompatibilityMode>
- </ApplicationSpecificParameters>
- -->
- <!-- Konfigurationsteil fuer berufliche Parteienvertretung -->
- <ParepSpecificParameters>
- <!-- In der folgenden Zeile kann der Vollmachten Validator deaktiviert werden (berufliche Parteienvertretung bleibt aktiviert, soferne Vertretungen konfiguriert sind)> -->
- <EnableInfoboxValidator>false</EnableInfoboxValidator>
- <PartyRepresentation>
- <!-- Standardklasse, die Daten vervollstaendigt -->
- <!-- InputProcessor template="/resources/templates/ParepTemplate.html">at.gv.egovernment.moa.id.auth.validator.parep.ParepInputProcessorImpl</InputProcessor-->
- <!-- User-Inputformular immer anzeigen (auch wenn die notwendigen Daten bereits vollstaendig vorausgefuellt vorhanden sind) -->
- <!--AlwaysShowForm>true</AlwaysShowForm-->
- <!-- Standard-Stammzahlenregister-Gateway -->
- <ConnectionParameter URL="https://gateway.stammzahlenregister.gv.at/services/MandateCreation">
- <!-- AcceptedServerCertificates>certs/server-certs</AcceptedServerCertificates-->
- <ClientKeyStore password="Keystore Pass">file_to_clientkeystore</ClientKeyStore>
- </ConnectionParameter>
- <!-- Notare -->
- <PartyRepresentative oid="1.2.40.0.10.3.1" representPhysicalParty="true" representCorporateParty="true" representationText="berufsmäßige(r) Parteienvertreter(in) mit Notariatseigenschaft"/>
- <!-- Rechtsanwaelte -->
- <PartyRepresentative oid="1.2.40.0.10.3.2" representPhysicalParty="true" representCorporateParty="true" representationText="berufsmäßige(r) Parteienvertreter(in) mit Rechtsanwaltseigenschaft"/>
- <!-- Ziviltechniker -->
- <!--
- <PartyRepresentative oid="1.2.40.0.10.3.3" representPhysicalParty="true" representCorporateParty="true" representationText="berufsmäßige(r) Parteienvertreter(in) mit Ziviltechnikerinneneigenschaft)">
- <!- - Standardklasse, die Daten vervollstaendigt - ->
- <!- - InputProcessor template="/resources/templates/ParepTemplate.html">at.gv.egovernment.moa.id.auth.validator.parep.ParepInputProcessorImpl</InputProcessor- ->
- <!- - User-Inputformular immer anzeigen (auch wenn die notwendigen Daten bereits vollstaendig vorausgefuellt vorhanden sind) - ->
- <!- - AlwaysShowForm>true</AlwaysShowForm- ->
- <!- - Spezifisches-Stammzahlenregister-Gateway - ->
- <ConnectionParameter URL="https://gateway.stammzahlenregister.gv.at/services/MandateCreation">
- <!- - AcceptedServerCertificates>certs/server-certs</AcceptedServerCertificates- ->
- <ClientKeyStore password="Keystore Pass">file_to_clientkeystore</ClientKeyStore>
- </ConnectionParameter>
- </PartyRepresentative>
- -->
- </PartyRepresentation>
- </ParepSpecificParameters>
- </Infobox?>
- </VerifyInfoboxes>
- <!-- Einstellungen für den Zugriff auf das Stammzahlenregister-Gateway - für ausländische Personen -->
+<!-- Einstellungen für den Zugriff auf das Stammzahlenregister-Gateway - für ausländische Personen -->
<ForeignIdentities>
<!-- Echtsystem (Eintragung ins ERnP nur mit Echtkarten gemäß E-Government Gleichwertigkeits Verordnung) -->
<ConnectionParameter URL="https://gateway.stammzahlenregister.gv.at/services/IdentityLinkCreation">
<!-- Testsystem (Eintragung ins ERnP - auch für Testkarten) -->
<!--<ConnectionParameter URL="https://gateway.stammzahlenregister.gv.at:8443/services/IdentityLinkCreation">-->
-
+
<!-- Geben Sie hier ihren Client Keystore für den Zugriff auf das Stammzahlenregister-Gateway an -->
- <!-- Voraussetzung: A-Trust Zertifikat mit Verwaltungseigenschaft. Wenn ihr MOA-ID Zertifikat -->
- <!-- diese Voraussetzung erfüllt, können Sie dieses hier angeben. -->
+ <!-- Voraussetzung: A-Trust oder A-CERT Zertifikat mit Verwaltungseigenschaft oder Dienstleistereigenschaft. -->
+ <!-- Wenn ihr MOA-ID Zertifikat diese Voraussetzung erfüllt, können Sie dieses hier angeben. -->
<ClientKeyStore password="password">cert/clientcert.p12</ClientKeyStore>
</ConnectionParameter>
</ForeignIdentities>
+
</AuthComponent>
<!-- Eintragung fuer jede Online-Applikation -->
<!-- publicURLPrefix referenziert hier keine richtige Online Applikation; muss angepasst werden -->
@@ -154,7 +104,10 @@
<!--GenericConfiguration name="FrontendServlets.DataURLPrefix" value="https://<your_webserver>/moa-id-auth/"/ -->
<!-- HTTP Verbindung auf Frontend Servlets zulassen / verbieten (falls Webserver vorgeschaltet wird) -->
<!-- GenericConfiguration name="FrontendServlets.EnableHTTPConnection" value="true"/ -->
+ <!-- URL Liste der vertrauenwürdigen Bürgekartenumgebungen -->
<TrustedBKUs>
+ <BKUURL>https://www.handy-signatur.at/mobile/https-security-layer-request/default.aspx</BKUURL>
<BKUURL>https://www.a-trust.at/mobile/https-security-layer-request/default.aspx</BKUURL>
</TrustedBKUs>
+
</MOA-IDConfiguration>
diff --git a/id/server/data/deploy/conf/moa-id/SampleMOAWIDConfigurationProxy.xml b/id/server/data/deploy/conf/moa-id/SampleMOAWIDConfigurationProxy.xml
index e381d9bda..c8c88c22d 100644
--- a/id/server/data/deploy/conf/moa-id/SampleMOAWIDConfigurationProxy.xml
+++ b/id/server/data/deploy/conf/moa-id/SampleMOAWIDConfigurationProxy.xml
@@ -43,57 +43,6 @@
<!-- <VerifyTransformsInfoProfileID>MOAIDTransformAuthBlockTable_EN</VerifyTransformsInfoProfileID>-->
</VerifyAuthBlock>
</MOA-SP>
- <VerifyInfoboxes>
- <!-- Zur Aktivierung der Vollmachten-Infobox Ueberpruefung ist das ? (Processing Instruction) im Element Infobox zu entfernen -->
- <?Infobox Identifier="Mandates" required="false" provideStammzahl="true" provideIdentityLink="true">
- <FriendlyName>Vollmachten</FriendlyName>
- <!--
- <ApplicationSpecificParameters>
- <ConnectionParameter URL="http://demo.egiz.gv.at/moavv/services/moavvService">
- <AcceptedServerCertificates>certs/server-certs</AcceptedServerCertificates>
- <!- - ClientKeyStore password="Keystore Pass">file_to_clientkeystore</ClientKeyStore - ->
- </ConnectionParameter>
- <mdp:MandateCheckProfileReference xmlns:mdp="http://reference.e-government.gv.at/namespace/mandateprofile/20041105#" ProfileName="Postvollmacht" ProfileVersion="1"/>
- <!-- Kompatibilitaetsmodus: der Vertreter darf sich mit Vollmacht als der Vertretene anmelden -->
- <CompatibilityMode>false</CompatibilityMode>
- </ApplicationSpecificParameters>
- -->
- <!-- Konfigurationsteil fuer berufliche Parteienvertretung -->
- <ParepSpecificParameters>
- <!-- In der folgenden Zeile kann der Vollmachten Validator deaktiviert werden (berufliche Parteienvertretung bleibt aktiviert, soferne Vertretungen konfiguriert sind)> -->
- <EnableInfoboxValidator>false</EnableInfoboxValidator>
- <PartyRepresentation>
- <!-- Standardklasse, die Daten vervollstaendigt -->
- <!-- InputProcessor template="/resources/templates/ParepTemplate.html">at.gv.egovernment.moa.id.auth.validator.parep.ParepInputProcessorImpl</InputProcessor-->
- <!-- User-Inputformular immer anzeigen (auch wenn die notwendigen Daten bereits vollstaendig vorausgefuellt vorhanden sind) -->
- <!--AlwaysShowForm>true</AlwaysShowForm-->
- <!-- Standard-Stammzahlenregister-Gateway -->
- <ConnectionParameter URL="https://gateway.stammzahlenregister.gv.at/services/MandateCreation">
- <!-- AcceptedServerCertificates>certs/server-certs</AcceptedServerCertificates-->
- <ClientKeyStore password="Keystore Pass">file_to_clientkeystore</ClientKeyStore>
- </ConnectionParameter>
- <!-- Notare -->
- <PartyRepresentative oid="1.2.40.0.10.3.1" representPhysicalParty="true" representCorporateParty="true" representationText="berufsmäßige(r) Parteienvertreter(in) mit Notariatseigenschaft"/>
- <!-- Rechtsanwaelte -->
- <PartyRepresentative oid="1.2.40.0.10.3.2" representPhysicalParty="true" representCorporateParty="true" representationText="berufsmäßige(r) Parteienvertreter(in) mit Rechtsanwaltseigenschaft"/>
- <!-- Ziviltechniker -->
- <!--
- <PartyRepresentative oid="1.2.40.0.10.3.3" representPhysicalParty="true" representCorporateParty="true" representationText="berufsmäßige(r) Parteienvertreter(in) mit Ziviltechnikerinneneigenschaft)">
- <!- - Standardklasse, die Daten vervollstaendigt - ->
- <!- - InputProcessor template="/resources/templates/ParepTemplate.html">at.gv.egovernment.moa.id.auth.validator.parep.ParepInputProcessorImpl</InputProcessor- ->
- <!- - User-Inputformular immer anzeigen (auch wenn die notwendigen Daten bereits vollstaendig vorausgefuellt vorhanden sind) - ->
- <!- - AlwaysShowForm>true</AlwaysShowForm- ->
- <!- - Spezifisches-Stammzahlenregister-Gateway - ->
- <ConnectionParameter URL="https://gateway.stammzahlenregister.gv.at/services/MandateCreation">
- <!- - AcceptedServerCertificates>certs/server-certs</AcceptedServerCertificates- ->
- <ClientKeyStore password="Keystore Pass">file_to_clientkeystore</ClientKeyStore>
- </ConnectionParameter>
- </PartyRepresentative>
- -->
- </PartyRepresentation>
- </ParepSpecificParameters>
- </Infobox?>
- </VerifyInfoboxes>
<!-- Einstellungen für den Zugriff auf das Stammzahlenregister-Gateway - für ausländische Personen -->
<ForeignIdentities>
<!-- Echtsystem (Eintragung ins ERnP nur mit Echtkarten gemäß E-Government Gleichwertigkeits Verordnung) -->
@@ -174,7 +123,9 @@
<!--GenericConfiguration name="FrontendServlets.DataURLPrefix" value="https://<your_webserver>/moa-id-auth/"/ -->
<!-- HTTP Verbindung auf Frontend Servlets zulassen / verbieten (falls Webserver vorgeschaltet wird) -->
<!-- GenericConfiguration name="FrontendServlets.EnableHTTPConnection" value="true"/ -->
+ <!-- URL Liste der vertrauenwürdigen Bürgekartenumgebungen -->
<TrustedBKUs>
+ <BKUURL>https://www.handy-signatur.at/mobile/https-security-layer-request/default.aspx</BKUURL>
<BKUURL>https://www.a-trust.at/mobile/https-security-layer-request/default.aspx</BKUURL>
</TrustedBKUs>
</MOA-IDConfiguration>
diff --git a/id/server/data/deploy/conf/moa-id/SampleMOAWIDConfiguration_withTestBKs.xml b/id/server/data/deploy/conf/moa-id/SampleMOAWIDConfiguration_withTestBKs.xml
index f1202a542..225270f5b 100644
--- a/id/server/data/deploy/conf/moa-id/SampleMOAWIDConfiguration_withTestBKs.xml
+++ b/id/server/data/deploy/conf/moa-id/SampleMOAWIDConfiguration_withTestBKs.xml
@@ -49,57 +49,6 @@
<!-- Testkarten (a.sign test government sowie Security Kapsel Neu/SeLaNext ab Version 1.0.3 wird unterstuetzt) -->
<!--X509SubjectName>CN=Test Signaturdienst Personenbindung,OU=IKT-Stabsstelle des Bundes,O=Bundeskanzleramt,C=AT</X509SubjectName-->
<!--/IdentityLinkSigners-->
- <VerifyInfoboxes>
- <!-- Zur Aktivierung der Vollmachten-Infobox Ueberpruefung ist das ? (Processing Instruction) im Element Infobox zu entfernen -->
- <?Infobox Identifier="Mandates" required="false" provideStammzahl="true" provideIdentityLink="true">
- <FriendlyName>Vollmachten</FriendlyName>
- <!--
- <ApplicationSpecificParameters>
- <ConnectionParameter URL="http://demo.egiz.gv.at/moavv/services/moavvService">
- <AcceptedServerCertificates>certs/server-certs</AcceptedServerCertificates>
- <!- - ClientKeyStore password="Keystore Pass">file_to_clientkeystore</ClientKeyStore - ->
- </ConnectionParameter>
- <mdp:MandateCheckProfileReference xmlns:mdp="http://reference.e-government.gv.at/namespace/mandateprofile/20041105#" ProfileName="Postvollmacht" ProfileVersion="1"/>
- <!-- Kompatibilitaetsmodus: der Vertreter darf sich mit Vollmacht als der Vertretene anmelden -->
- <CompatibilityMode>false</CompatibilityMode>
- </ApplicationSpecificParameters>
- -->
- <!-- Konfigurationsteil fuer berufliche Parteienvertretung -->
- <ParepSpecificParameters>
- <!-- In der folgenden Zeile kann der Vollmachten Validator deaktiviert werden (berufliche Parteienvertretung bleibt aktiviert, soferne Vertretungen konfiguriert sind)> -->
- <EnableInfoboxValidator>false</EnableInfoboxValidator>
- <PartyRepresentation>
- <!-- Standardklasse, die Daten vervollstaendigt -->
- <!-- InputProcessor template="/resources/templates/ParepTemplate.html">at.gv.egovernment.moa.id.auth.validator.parep.ParepInputProcessorImpl</InputProcessor-->
- <!-- User-Inputformular immer anzeigen (auch wenn die notwendigen Daten bereits vollstaendig vorausgefuellt vorhanden sind) -->
- <!--AlwaysShowForm>true</AlwaysShowForm-->
- <!-- Standard-Stammzahlenregister-Gateway -->
- <ConnectionParameter URL="https://gateway.stammzahlenregister.gv.at/services/MandateCreation">
- <!-- AcceptedServerCertificates>certs/server-certs</AcceptedServerCertificates-->
- <ClientKeyStore password="Keystore Pass">file_to_clientkeystore</ClientKeyStore>
- </ConnectionParameter>
- <!-- Notare -->
- <PartyRepresentative oid="1.2.40.0.10.3.1" representPhysicalParty="true" representCorporateParty="true" representationText="berufsmäßige(r) Parteienvertreter(in) mit Notariatseigenschaft"/>
- <!-- Rechtsanwaelte -->
- <PartyRepresentative oid="1.2.40.0.10.3.2" representPhysicalParty="true" representCorporateParty="true" representationText="berufsmäßige(r) Parteienvertreter(in) mit Rechtsanwaltseigenschaft"/>
- <!-- Ziviltechniker -->
- <!--
- <PartyRepresentative oid="1.2.40.0.10.3.3" representPhysicalParty="true" representCorporateParty="true" representationText="berufsmäßige(r) Parteienvertreter(in) mit Ziviltechnikerinneneigenschaft)">
- <!- - Standardklasse, die Daten vervollstaendigt - ->
- <!- - InputProcessor template="/resources/templates/ParepTemplate.html">at.gv.egovernment.moa.id.auth.validator.parep.ParepInputProcessorImpl</InputProcessor- ->
- <!- - User-Inputformular immer anzeigen (auch wenn die notwendigen Daten bereits vollstaendig vorausgefuellt vorhanden sind) - ->
- <!- - AlwaysShowForm>true</AlwaysShowForm- ->
- <!- - Spezifisches-Stammzahlenregister-Gateway - ->
- <ConnectionParameter URL="https://gateway.stammzahlenregister.gv.at/services/MandateCreation">
- <!- - AcceptedServerCertificates>certs/server-certs</AcceptedServerCertificates- ->
- <ClientKeyStore password="Keystore Pass">file_to_clientkeystore</ClientKeyStore>
- </ConnectionParameter>
- </PartyRepresentative>
- -->
- </PartyRepresentation>
- </ParepSpecificParameters>
- </Infobox?>
- </VerifyInfoboxes>
<!-- Einstellungen für den Zugriff auf das Stammzahlenregister-Gateway - für ausländische Personen -->
<ForeignIdentities>
<!-- Echtsystem (Eintragung ins ERnP nur mit Echtkarten gemäß E-Government Gleichwertigkeits Verordnung) -->
@@ -160,7 +109,9 @@
<!--GenericConfiguration name="FrontendServlets.DataURLPrefix" value="https://<your_webserver>/moa-id-auth/"/ -->
<!-- HTTP Verbindung auf Frontend Servlets zulassen / verbieten (falls Webserver vorgeschaltet wird) -->
<!-- GenericConfiguration name="FrontendServlets.EnableHTTPConnection" value="true"/ -->
+ <!-- URL Liste der vertrauenwürdigen Bürgekartenumgebungen -->
<TrustedBKUs>
+ <BKUURL>https://www.handy-signatur.at/mobile/https-security-layer-request/default.aspx</BKUURL>
<BKUURL>https://www.a-trust.at/mobile/https-security-layer-request/default.aspx</BKUURL>
</TrustedBKUs>
</MOA-IDConfiguration>
diff --git a/id/server/data/deploy/conf/moa-id/SampleMOAWIDConfiguration_withTestBKsProxy.xml b/id/server/data/deploy/conf/moa-id/SampleMOAWIDConfiguration_withTestBKsProxy.xml
index 068ab90b1..4f2a5977c 100644
--- a/id/server/data/deploy/conf/moa-id/SampleMOAWIDConfiguration_withTestBKsProxy.xml
+++ b/id/server/data/deploy/conf/moa-id/SampleMOAWIDConfiguration_withTestBKsProxy.xml
@@ -44,62 +44,6 @@
<!-- <VerifyTransformsInfoProfileID>MOAIDTransformAuthBlockTable_EN</VerifyTransformsInfoProfileID>-->
</VerifyAuthBlock>
</MOA-SP>
- <!-- Gueltige Signatoren des IdentityLinks, der von der Buergerkarte gelesen wird -->
- <!-- IdentityLinkSigners-->
- <!-- Testkarten (a.sign test government sowie Security Kapsel Neu/SeLaNext ab Version 1.0.3 wird unterstuetzt) -->
- <!--X509SubjectName>CN=Test Signaturdienst Personenbindung,OU=IKT-Stabsstelle des Bundes,O=Bundeskanzleramt,C=AT</X509SubjectName-->
- <!--/IdentityLinkSigners-->
- <VerifyInfoboxes>
- <!-- Zur Aktivierung der Vollmachten-Infobox Ueberpruefung ist das ? (Processing Instruction) im Element Infobox zu entfernen -->
- <?Infobox Identifier="Mandates" required="false" provideStammzahl="true" provideIdentityLink="true">
- <FriendlyName>Vollmachten</FriendlyName>
- <!--
- <ApplicationSpecificParameters>
- <ConnectionParameter URL="http://demo.egiz.gv.at/moavv/services/moavvService">
- <AcceptedServerCertificates>certs/server-certs</AcceptedServerCertificates>
- <!- - ClientKeyStore password="Keystore Pass">file_to_clientkeystore</ClientKeyStore - ->
- </ConnectionParameter>
- <mdp:MandateCheckProfileReference xmlns:mdp="http://reference.e-government.gv.at/namespace/mandateprofile/20041105#" ProfileName="Postvollmacht" ProfileVersion="1"/>
- <!-- Kompatibilitaetsmodus: der Vertreter darf sich mit Vollmacht als der Vertretene anmelden -->
- <CompatibilityMode>false</CompatibilityMode>
- </ApplicationSpecificParameters>
- -->
- <!-- Konfigurationsteil fuer berufliche Parteienvertretung -->
- <ParepSpecificParameters>
- <!-- In der folgenden Zeile kann der Vollmachten Validator deaktiviert werden (berufliche Parteienvertretung bleibt aktiviert, soferne Vertretungen konfiguriert sind)> -->
- <EnableInfoboxValidator>false</EnableInfoboxValidator>
- <PartyRepresentation>
- <!-- Standardklasse, die Daten vervollstaendigt -->
- <!-- InputProcessor template="/resources/templates/ParepTemplate.html">at.gv.egovernment.moa.id.auth.validator.parep.ParepInputProcessorImpl</InputProcessor-->
- <!-- User-Inputformular immer anzeigen (auch wenn die notwendigen Daten bereits vollstaendig vorausgefuellt vorhanden sind) -->
- <!--AlwaysShowForm>true</AlwaysShowForm-->
- <!-- Standard-Stammzahlenregister-Gateway -->
- <ConnectionParameter URL="https://gateway.stammzahlenregister.gv.at/services/MandateCreation">
- <!-- AcceptedServerCertificates>certs/server-certs</AcceptedServerCertificates-->
- <ClientKeyStore password="Keystore Pass">file_to_clientkeystore</ClientKeyStore>
- </ConnectionParameter>
- <!-- Notare -->
- <PartyRepresentative oid="1.2.40.0.10.3.1" representPhysicalParty="true" representCorporateParty="true" representationText="berufsmäßige(r) Parteienvertreter(in) mit Notariatseigenschaft"/>
- <!-- Rechtsanwaelte -->
- <PartyRepresentative oid="1.2.40.0.10.3.2" representPhysicalParty="true" representCorporateParty="true" representationText="berufsmäßige(r) Parteienvertreter(in) mit Rechtsanwaltseigenschaft"/>
- <!-- Ziviltechniker -->
- <!--
- <PartyRepresentative oid="1.2.40.0.10.3.3" representPhysicalParty="true" representCorporateParty="true" representationText="berufsmäßige(r) Parteienvertreter(in) mit Ziviltechnikerinneneigenschaft)">
- <!- - Standardklasse, die Daten vervollstaendigt - ->
- <!- - InputProcessor template="/resources/templates/ParepTemplate.html">at.gv.egovernment.moa.id.auth.validator.parep.ParepInputProcessorImpl</InputProcessor- ->
- <!- - User-Inputformular immer anzeigen (auch wenn die notwendigen Daten bereits vollstaendig vorausgefuellt vorhanden sind) - ->
- <!- - AlwaysShowForm>true</AlwaysShowForm- ->
- <!- - Spezifisches-Stammzahlenregister-Gateway - ->
- <ConnectionParameter URL="https://gateway.stammzahlenregister.gv.at/services/MandateCreation">
- <!- - AcceptedServerCertificates>certs/server-certs</AcceptedServerCertificates- ->
- <ClientKeyStore password="Keystore Pass">file_to_clientkeystore</ClientKeyStore>
- </ConnectionParameter>
- </PartyRepresentative>
- -->
- </PartyRepresentation>
- </ParepSpecificParameters>
- </Infobox?>
- </VerifyInfoboxes>
<!-- Einstellungen für den Zugriff auf das Stammzahlenregister-Gateway - für ausländische Personen -->
<ForeignIdentities>
<!-- Echtsystem (Eintragung ins ERnP nur mit Echtkarten gemäß E-Government Gleichwertigkeits Verordnung) -->
@@ -180,7 +124,9 @@
<!--GenericConfiguration name="FrontendServlets.DataURLPrefix" value="https://<your_webserver>/moa-id-auth/"/ -->
<!-- HTTP Verbindung auf Frontend Servlets zulassen / verbieten (falls Webserver vorgeschaltet wird) -->
<!-- GenericConfiguration name="FrontendServlets.EnableHTTPConnection" value="true"/ -->
+ <!-- URL Liste der vertrauenwürdigen Bürgekartenumgebungen -->
<TrustedBKUs>
+ <BKUURL>https://www.handy-signatur.at/mobile/https-security-layer-request/default.aspx</BKUURL>
<BKUURL>https://www.a-trust.at/mobile/https-security-layer-request/default.aspx</BKUURL>
</TrustedBKUs>
</MOA-IDConfiguration>
diff --git a/id/server/data/deploy/conf/moa-id/transforms/TransformsInfoAuthBlockTable_DE.xml b/id/server/data/deploy/conf/moa-id/transforms/TransformsInfoAuthBlockTable_DE.xml
index fd6004811..7fae15b7c 100644
--- a/id/server/data/deploy/conf/moa-id/transforms/TransformsInfoAuthBlockTable_DE.xml
+++ b/id/server/data/deploy/conf/moa-id/transforms/TransformsInfoAuthBlockTable_DE.xml
@@ -1,6 +1,7 @@
<sl10:TransformsInfo>
<dsig:Transforms xmlns:dsig="http://www.w3.org/2000/09/xmldsig#">
- <dsig:Transform Algorithm="http://www.w3.org/TR/1999/REC-xslt-19991116"><xsl:stylesheet version="1.0" xmlns:xsl="http://www.w3.org/1999/XSL/Transform" xmlns:saml="urn:oasis:names:tc:SAML:1.0:assertion" xmlns:pr="http://reference.e-government.gv.at/namespace/persondata/20020228#" exclude-result-prefixes="pr saml">
+ <dsig:Transform Algorithm="http://www.w3.org/TR/1999/REC-xslt-19991116">
+ <xsl:stylesheet version="1.0" xmlns:xsl="http://www.w3.org/1999/XSL/Transform" xmlns:saml="urn:oasis:names:tc:SAML:1.0:assertion" xmlns:pr="http://reference.e-government.gv.at/namespace/persondata/20020228#" exclude-result-prefixes="pr saml">
<xsl:output method="xml" xml:space="default"/>
<xsl:template match="/" xmlns="http://www.w3.org/1999/xhtml">
<html>
@@ -12,139 +13,156 @@
.titlestyle{ text-decoration:underline; font-weight:bold; font-family: Verdana; font-size: medium; }
.h4style{ font-size: large; font-family: Verdana; }
</style>
- </head>
- <body>
- <h4 class="h4style">Anmeldedaten:</h4>
-
- <p class="titlestyle">Daten zur Person</p>
- <table class="parameters">
+ </head>
+ <body>
+ <h4 class="h4style">Anmeldedaten:</h4>
+ <p class="titlestyle">Daten zur Person</p>
+ <table class="parameters">
<xsl:if test="normalize-space(//@Issuer)">
- <tr>
- <td class="italicstyle">Name:</td>
- <td class="normalstyle">
- <xsl:value-of select="//@Issuer"/>
- </td>
- </tr>
- </xsl:if>
- <xsl:if test="string(//saml:Attribute[@AttributeName='Geburtsdatum']/saml:AttributeValue)">
- <tr>
- <td class="italicstyle">Geburtsdatum:</td>
- <td class="normalstyle">
- <xsl:value-of select="substring(//saml:Attribute[@AttributeName='Geburtsdatum']/saml:AttributeValue,9,2)"/>
- <xsl:text>.</xsl:text>
- <xsl:value-of select="substring(//saml:Attribute[@AttributeName='Geburtsdatum']/saml:AttributeValue,6,2)"/>
- <xsl:text>.</xsl:text>
- <xsl:value-of select="substring(//saml:Attribute[@AttributeName='Geburtsdatum']/saml:AttributeValue,1,4)"/>
- </td>
- </tr>
- </xsl:if>
- <xsl:if test="//saml:Attribute[@AttributeName='OIDTextualDescription']">
- <tr>
- <td class="italicstyle">Rolle:</td>
- <td class="normalstyle"><xsl:value-of select="//saml:Attribute[@AttributeName='OIDTextualDescription']/saml:AttributeValue"/></td>
- </tr>
- </xsl:if>
+ <tr>
+ <td class="italicstyle">Name:</td>
+ <td class="normalstyle">
+ <xsl:value-of select="//@Issuer"/>
+ </td>
+ </tr>
+ </xsl:if>
+ <xsl:if test="string(//saml:Attribute[@AttributeName='Geburtsdatum']/saml:AttributeValue)">
+ <tr>
+ <td class="italicstyle">Geburtsdatum:</td>
+ <td class="normalstyle">
+ <xsl:value-of select="substring(//saml:Attribute[@AttributeName='Geburtsdatum']/saml:AttributeValue,9,2)"/>
+ <xsl:text>.</xsl:text>
+ <xsl:value-of select="substring(//saml:Attribute[@AttributeName='Geburtsdatum']/saml:AttributeValue,6,2)"/>
+ <xsl:text>.</xsl:text>
+ <xsl:value-of select="substring(//saml:Attribute[@AttributeName='Geburtsdatum']/saml:AttributeValue,1,4)"/>
+ </td>
+ </tr>
+ </xsl:if>
+ <xsl:if test="//saml:Attribute[@AttributeName='OIDTextualDescription']">
+ <tr>
+ <td class="italicstyle">Rolle:</td>
+ <td class="normalstyle">
+ <xsl:value-of select="//saml:Attribute[@AttributeName='OIDTextualDescription']/saml:AttributeValue"/>
+ </td>
+ </tr>
+ </xsl:if>
+ <xsl:if test="//saml:Attribute[@AttributeName='MandatorName']">
+ <tr>
+ <td class="italicstyle">Vollmacht:</td>
+ <td class="normalstyle">
+ <xsl:text>Ich bin weiters ermächtigt als </xsl:text>
+ <xsl:value-of select="//saml:Attribute[@AttributeName='RepresentationType']/saml:AttributeValue/text()"/>
+ <xsl:text> von </xsl:text>
+ <xsl:value-of select="//saml:Attribute[@AttributeName='MandatorName']/saml:AttributeValue/text()"/>
+ <xsl:if test="//saml:Attribute[@AttributeName='MandatorDateOfBirth']">
+ <xsl:text>, geboren am </xsl:text>
+ <xsl:value-of select="substring(//saml:Attribute[@AttributeName='MandatorDateOfBirth']/saml:AttributeValue,9,2)"/>
+ <xsl:text>.</xsl:text>
+ <xsl:value-of select="substring(//saml:Attribute[@AttributeName='MandatorDateOfBirth']/saml:AttributeValue,6,2)"/>
+ <xsl:text>.</xsl:text>
+ <xsl:value-of select="substring(//saml:Attribute[@AttributeName='MandatorDateOfBirth']/saml:AttributeValue,1,4)"/>
+ </xsl:if>
+ <xsl:if test="//saml:Attribute[@AttributeName='MandatorDomainIdentifier']">
+ <xsl:text>, </xsl:text>
+ <xsl:value-of select="//saml:Attribute[@AttributeName='MandatorDomainIdentifier']/saml:AttributeValue/text()"/>
+ </xsl:if>
+ <xsl:text>, in deren Auftrag zu handeln.</xsl:text>
+ </td>
+ </tr>
+ </xsl:if>
</table>
-
- <xsl:if test="//saml:Attribute[@AttributeName='MandatorName']">
- <hr/>
- <xsl:text>Ich bin weiters ermächtigt als </xsl:text>
- <xsl:value-of select="//saml:Attribute[@AttributeName='RepresentationType']/saml:AttributeValue/text()"/>
- <xsl:text> von </xsl:text>
- <xsl:value-of select="//saml:Attribute[@AttributeName='MandatorName']/saml:AttributeValue/text()"/>
- <xsl:if test="//saml:Attribute[@AttributeName='MandatorDateOfBirth']">
- <xsl:text>, geboren am </xsl:text>
- <xsl:value-of select="substring(//saml:Attribute[@AttributeName='MandatorDateOfBirth']/saml:AttributeValue,9,2)"/>
- <xsl:text>.</xsl:text>
- <xsl:value-of select="substring(//saml:Attribute[@AttributeName='MandatorDateOfBirth']/saml:AttributeValue,6,2)"/>
- <xsl:text>.</xsl:text>
- <xsl:value-of select="substring(//saml:Attribute[@AttributeName='MandatorDateOfBirth']/saml:AttributeValue,1,4)"/>
- </xsl:if>
- <xsl:if test="//saml:Attribute[@AttributeName='MandatorDomainIdentifier']">
- <xsl:text>, </xsl:text>
- <xsl:value-of select="//saml:Attribute[@AttributeName='MandatorDomainIdentifier']/saml:AttributeValue/text()"/>
- </xsl:if>
- <xsl:text>, in deren Auftrag zu handeln.</xsl:text>
- <p/>
- </xsl:if>
-
- <p class="titlestyle">Daten zur Anwendung</p>
- <table class="parameters">
- <tr>
- <td class="italicstyle">Name:</td>
- <td class="normalstyle"><xsl:value-of select="//saml:Attribute[@AttributeName='oaFriendlyName']/saml:AttributeValue"/></td>
- </tr>
- <tr>
- <td class="italicstyle">Staat:</td>
- <td class="normalstyle">Österreich</td>
- </tr>
- </table>
-
- <p class="titlestyle">Technische Parameter</p>
- <table class="parameters">
+ <p class="titlestyle">Daten zur Anwendung</p>
+ <table class="parameters">
+ <tr>
+ <td class="italicstyle">Name:</td>
+ <td class="normalstyle">
+ <xsl:value-of select="//saml:Attribute[@AttributeName='oaFriendlyName']/saml:AttributeValue"/>
+ </td>
+ </tr>
+ <tr>
+ <td class="italicstyle">Staat:</td>
+ <td class="normalstyle">Österreich</td>
+ </tr>
+ </table>
+ <p class="titlestyle">Technische Parameter</p>
+ <table class="parameters">
<tr>
- <td class="italicstyle">URL:</td>
- <td class="normalstyle"><xsl:value-of select="//saml:Attribute[@AttributeName='OA']/saml:AttributeValue"/></td>
+ <td class="italicstyle">URL:</td>
+ <td class="normalstyle">
+ <xsl:value-of select="//saml:Attribute[@AttributeName='OA']/saml:AttributeValue"/>
+ </td>
</tr>
<xsl:if test="//saml:Attribute[@AttributeName='Geschaeftsbereich']">
- <tr>
- <td class="italicstyle">Bereich:</td>
- <td class="normalstyle"><xsl:value-of select="//saml:Attribute[@AttributeName='Geschaeftsbereich']/saml:AttributeValue"/></td>
- </tr>
- </xsl:if>
- <xsl:if test="//saml:Attribute[@AttributeName='IdentityLinkDomainIdentifierType']">
- <tr>
- <td class="italicstyle"><xsl:value-of select="//saml:Attribute[@AttributeName='IdentityLinkDomainIdentifierType']"/>:</td>
- <td class="normalstyle"><xsl:value-of select="//saml:Attribute[@AttributeName='wbPK']/saml:AttributeValue/pr:Identification/pr:Type"/></td>
- </tr>
- </xsl:if>
- <xsl:if test="//saml:Attribute[@AttributeName='bPK'] or //saml:Attribute[@AttributeName='wbPK']">
- <tr>
- <td class="italicstyle">Identifikator:</td>
- <td class="normalstyle"><xsl:value-of select="//saml:Attribute[@AttributeName='bPK']/saml:AttributeValue/pr:Identification/pr:Value"/>
- <xsl:value-of select="//saml:Attribute[@AttributeName='wbPK']/saml:AttributeValue/pr:Identification/pr:Value"/>
- </td>
- </tr>
- </xsl:if>
- <xsl:if test="//saml:Attribute[@AttributeName='MandatorWbpk']">
- <tr>
- <td class="italicstyle">Identifikator des Vollmachtgebers:</td>
- <td class="normalstyle"><xsl:value-of select="//saml:Attribute[@AttributeName='MandatorWbpk']/saml:AttributeValue/text()"/></td>
- </tr>
- </xsl:if>
- <xsl:if test="//saml:Attribute[@AttributeName='OIDTextualDescription']">
- <tr>
- <td class="italicstyle">OID:</td>
- <td class="normalstyle"><xsl:value-of select="//saml:Attribute[@AttributeName='OID']/saml:AttributeValue"/></td>
- </tr>
- </xsl:if>
+ <tr>
+ <td class="italicstyle">Bereich:</td>
+ <td class="normalstyle">
+ <xsl:value-of select="//saml:Attribute[@AttributeName='Geschaeftsbereich']/saml:AttributeValue"/>
+ </td>
+ </tr>
+ </xsl:if>
+ <xsl:if test="//saml:Attribute[@AttributeName='IdentityLinkDomainIdentifierType']">
+ <tr>
+ <td class="italicstyle">
+ <xsl:value-of select="//saml:Attribute[@AttributeName='IdentityLinkDomainIdentifierType']"/>:</td>
+ <td class="normalstyle">
+ <xsl:value-of select="//saml:Attribute[@AttributeName='wbPK']/saml:AttributeValue/pr:Identification/pr:Type"/>
+ </td>
+ </tr>
+ </xsl:if>
+ <xsl:if test="//saml:Attribute[@AttributeName='bPK'] or //saml:Attribute[@AttributeName='wbPK']">
+ <tr>
+ <td class="italicstyle">Identifikator:</td>
+ <td class="normalstyle">
+ <xsl:value-of select="//saml:Attribute[@AttributeName='bPK']/saml:AttributeValue/pr:Identification/pr:Value"/>
+ <xsl:value-of select="//saml:Attribute[@AttributeName='wbPK']/saml:AttributeValue/pr:Identification/pr:Value"/>
+ </td>
+ </tr>
+ </xsl:if>
+ <xsl:if test="//saml:Attribute[@AttributeName='MandatorWbpk']">
+ <tr>
+ <td class="italicstyle">Identifikator des Vollmachtgebers:</td>
+ <td class="normalstyle">
+ <xsl:value-of select="//saml:Attribute[@AttributeName='MandatorWbpk']/saml:AttributeValue/text()"/>
+ </td>
+ </tr>
+ </xsl:if>
+ <xsl:if test="//saml:Attribute[@AttributeName='OIDTextualDescription']">
+ <tr>
+ <td class="italicstyle">OID:</td>
+ <td class="normalstyle">
+ <xsl:value-of select="//saml:Attribute[@AttributeName='OID']/saml:AttributeValue"/>
+ </td>
+ </tr>
+ </xsl:if>
<xsl:if test="//saml:Attribute[@AttributeName='HPI']">
- <tr>
- <td class="italicstyle">HPI:</td>
- <td class="normalstyle"><xsl:value-of select="//saml:Attribute[@AttributeName='HPI']/saml:AttributeValue"/></td>
- </tr>
- </xsl:if>
+ <tr>
+ <td class="italicstyle">HPI:</td>
+ <td class="normalstyle">
+ <xsl:value-of select="//saml:Attribute[@AttributeName='HPI']/saml:AttributeValue"/>
+ </td>
+ </tr>
+ </xsl:if>
<tr>
- <td class="italicstyle">Datum:</td>
- <td class="normalstyle">
- <xsl:value-of select="substring(//@IssueInstant,9,2)"/>
- <xsl:text>.</xsl:text>
- <xsl:value-of select="substring(//@IssueInstant,6,2)"/>
- <xsl:text>.</xsl:text>
- <xsl:value-of select="substring(//@IssueInstant,1,4)"/>
- </td>
- </tr>
- <tr>
- <td class="italicstyle">Uhrzeit:</td>
- <td class="normalstyle">
- <xsl:value-of select="substring(//@IssueInstant,12,2)"/>
- <xsl:text>:</xsl:text>
- <xsl:value-of select="substring(//@IssueInstant,15,2)"/>
- <xsl:text>:</xsl:text>
- <xsl:value-of select="substring(//@IssueInstant,18,2)"/>
- </td>
- </tr>
- </table>
+ <td class="italicstyle">Datum:</td>
+ <td class="normalstyle">
+ <xsl:value-of select="substring(//@IssueInstant,9,2)"/>
+ <xsl:text>.</xsl:text>
+ <xsl:value-of select="substring(//@IssueInstant,6,2)"/>
+ <xsl:text>.</xsl:text>
+ <xsl:value-of select="substring(//@IssueInstant,1,4)"/>
+ </td>
+ </tr>
+ <tr>
+ <td class="italicstyle">Uhrzeit:</td>
+ <td class="normalstyle">
+ <xsl:value-of select="substring(//@IssueInstant,12,2)"/>
+ <xsl:text>:</xsl:text>
+ <xsl:value-of select="substring(//@IssueInstant,15,2)"/>
+ <xsl:text>:</xsl:text>
+ <xsl:value-of select="substring(//@IssueInstant,18,2)"/>
+ </td>
+ </tr>
+ </table>
</body>
</html>
</xsl:template>
diff --git a/id/server/data/deploy/conf/moa-id/transforms/TransformsInfoAuthBlockTable_EN.xml b/id/server/data/deploy/conf/moa-id/transforms/TransformsInfoAuthBlockTable_EN.xml
index 4e2b9444c..17691ca8d 100644
--- a/id/server/data/deploy/conf/moa-id/transforms/TransformsInfoAuthBlockTable_EN.xml
+++ b/id/server/data/deploy/conf/moa-id/transforms/TransformsInfoAuthBlockTable_EN.xml
@@ -1,6 +1,7 @@
<sl10:TransformsInfo>
<dsig:Transforms xmlns:dsig="http://www.w3.org/2000/09/xmldsig#">
- <dsig:Transform Algorithm="http://www.w3.org/TR/1999/REC-xslt-19991116"><xsl:stylesheet version="1.0" xmlns:xsl="http://www.w3.org/1999/XSL/Transform" xmlns:saml="urn:oasis:names:tc:SAML:1.0:assertion" xmlns:pr="http://reference.e-government.gv.at/namespace/persondata/20020228#" exclude-result-prefixes="pr saml">
+ <dsig:Transform Algorithm="http://www.w3.org/TR/1999/REC-xslt-19991116">
+ <xsl:stylesheet version="1.0" xmlns:xsl="http://www.w3.org/1999/XSL/Transform" xmlns:saml="urn:oasis:names:tc:SAML:1.0:assertion" xmlns:pr="http://reference.e-government.gv.at/namespace/persondata/20020228#" exclude-result-prefixes="pr saml">
<xsl:output method="xml" xml:space="default"/>
<xsl:template match="/" xmlns="http://www.w3.org/1999/xhtml">
<html>
@@ -13,138 +14,155 @@
.h4style{ font-size: large; font-family: Verdana; }
</style>
</head>
- <body>
- <h4 class="h4style">Authentication Data:</h4>
-
- <p class="titlestyle">Personal Data</p>
- <table class="parameters">
+ <body>
+ <h4 class="h4style">Authentication Data:</h4>
+ <p class="titlestyle">Personal Data</p>
+ <table class="parameters">
<xsl:if test="normalize-space(//@Issuer)">
- <tr>
- <td class="italicstyle">Name:</td>
- <td class="normalstyle">
- <xsl:value-of select="//@Issuer"/>
- </td>
- </tr>
- </xsl:if>
- <xsl:if test="string(//saml:Attribute[@AttributeName='Geburtsdatum']/saml:AttributeValue)">
- <tr>
- <td class="italicstyle">Date of Birth:</td>
- <td class="normalstyle">
- <xsl:value-of select="substring(//saml:Attribute[@AttributeName='Geburtsdatum']/saml:AttributeValue,9,2)"/>
- <xsl:text>.</xsl:text>
- <xsl:value-of select="substring(//saml:Attribute[@AttributeName='Geburtsdatum']/saml:AttributeValue,6,2)"/>
- <xsl:text>.</xsl:text>
- <xsl:value-of select="substring(//saml:Attribute[@AttributeName='Geburtsdatum']/saml:AttributeValue,1,4)"/>
- </td>
- </tr>
- </xsl:if>
- <xsl:if test="//saml:Attribute[@AttributeName='OIDTextualDescription']">
- <tr>
- <td class="italicstyle">Role:</td>
- <td class="normalstyle"><xsl:value-of select="//saml:Attribute[@AttributeName='OIDTextualDescription']/saml:AttributeValue"/></td>
- </tr>
- </xsl:if>
+ <tr>
+ <td class="italicstyle">Name:</td>
+ <td class="normalstyle">
+ <xsl:value-of select="//@Issuer"/>
+ </td>
+ </tr>
+ </xsl:if>
+ <xsl:if test="string(//saml:Attribute[@AttributeName='Geburtsdatum']/saml:AttributeValue)">
+ <tr>
+ <td class="italicstyle">Date of Birth:</td>
+ <td class="normalstyle">
+ <xsl:value-of select="substring(//saml:Attribute[@AttributeName='Geburtsdatum']/saml:AttributeValue,9,2)"/>
+ <xsl:text>.</xsl:text>
+ <xsl:value-of select="substring(//saml:Attribute[@AttributeName='Geburtsdatum']/saml:AttributeValue,6,2)"/>
+ <xsl:text>.</xsl:text>
+ <xsl:value-of select="substring(//saml:Attribute[@AttributeName='Geburtsdatum']/saml:AttributeValue,1,4)"/>
+ </td>
+ </tr>
+ </xsl:if>
+ <xsl:if test="//saml:Attribute[@AttributeName='OIDTextualDescription']">
+ <tr>
+ <td class="italicstyle">Role:</td>
+ <td class="normalstyle">
+ <xsl:value-of select="//saml:Attribute[@AttributeName='OIDTextualDescription']/saml:AttributeValue"/>
+ </td>
+ </tr>
+ </xsl:if>
+ <xsl:if test="//saml:Attribute[@AttributeName='MandatorName']">
+ <tr>
+ <td class="italicstyle">Mandate:</td>
+ <td class="normalstyle">
+ <xsl:text>I am also authorized as </xsl:text>
+ <xsl:value-of select="//saml:Attribute[@AttributeName='RepresentationType']/saml:AttributeValue/text()"/>
+ <xsl:text> of </xsl:text>
+ <xsl:value-of select="//saml:Attribute[@AttributeName='MandatorName']/saml:AttributeValue/text()"/>
+ <xsl:if test="//saml:Attribute[@AttributeName='MandatorDateOfBirth']">
+ <xsl:text>, born on </xsl:text>
+ <xsl:value-of select="substring(//saml:Attribute[@AttributeName='MandatorDateOfBirth']/saml:AttributeValue,9,2)"/>
+ <xsl:text>.</xsl:text>
+ <xsl:value-of select="substring(//saml:Attribute[@AttributeName='MandatorDateOfBirth']/saml:AttributeValue,6,2)"/>
+ <xsl:text>.</xsl:text>
+ <xsl:value-of select="substring(//saml:Attribute[@AttributeName='MandatorDateOfBirth']/saml:AttributeValue,1,4)"/>
+ </xsl:if>
+ <xsl:if test="//saml:Attribute[@AttributeName='MandatorDomainIdentifier']">
+ <xsl:text>, </xsl:text>
+ <xsl:value-of select="//saml:Attribute[@AttributeName='MandatorDomainIdentifier']/saml:AttributeValue/text()"/>
+ </xsl:if>
+ <xsl:text>, to act on their behalf.</xsl:text>
+ </td>
+ </tr>
+ </xsl:if>
</table>
-
- <xsl:if test="//saml:Attribute[@AttributeName='MandatorName']">
- <hr/>
- <xsl:text>I am also authorized as </xsl:text>
- <xsl:value-of select="//saml:Attribute[@AttributeName='RepresentationType']/saml:AttributeValue/text()"/>
- <xsl:text> of </xsl:text>
- <xsl:value-of select="//saml:Attribute[@AttributeName='MandatorName']/saml:AttributeValue/text()"/>
- <xsl:if test="//saml:Attribute[@AttributeName='MandatorDateOfBirth']">
- <xsl:text>, born on </xsl:text>
- <xsl:value-of select="substring(//saml:Attribute[@AttributeName='MandatorDateOfBirth']/saml:AttributeValue,9,2)"/>
- <xsl:text>.</xsl:text>
- <xsl:value-of select="substring(//saml:Attribute[@AttributeName='MandatorDateOfBirth']/saml:AttributeValue,6,2)"/>
- <xsl:text>.</xsl:text>
- <xsl:value-of select="substring(//saml:Attribute[@AttributeName='MandatorDateOfBirth']/saml:AttributeValue,1,4)"/>
- </xsl:if>
- <xsl:if test="//saml:Attribute[@AttributeName='MandatorDomainIdentifier']">
- <xsl:text>, </xsl:text>
- <xsl:value-of select="//saml:Attribute[@AttributeName='MandatorDomainIdentifier']/saml:AttributeValue/text()"/>
- </xsl:if>
- <xsl:text>, to act on their behalf.</xsl:text>
- <p/>
- </xsl:if>
-
- <p class="titlestyle">Application Data</p>
- <table class="parameters">
- <tr>
- <td class="italicstyle">Name:</td>
- <td class="normalstyle"><xsl:value-of select="//saml:Attribute[@AttributeName='oaFriendlyName']/saml:AttributeValue"/></td>
- </tr>
- <tr>
- <td class="italicstyle">Country:</td>
- <td class="normalstyle">Austria</td>
- </tr>
- </table>
-
- <p class="titlestyle">Technical Parameters</p>
- <table class="parameters">
+ <p class="titlestyle">Application Data</p>
+ <table class="parameters">
+ <tr>
+ <td class="italicstyle">Name:</td>
+ <td class="normalstyle">
+ <xsl:value-of select="//saml:Attribute[@AttributeName='oaFriendlyName']/saml:AttributeValue"/>
+ </td>
+ </tr>
+ <tr>
+ <td class="italicstyle">Country:</td>
+ <td class="normalstyle">Austria</td>
+ </tr>
+ </table>
+ <p class="titlestyle">Technical Parameters</p>
+ <table class="parameters">
<tr>
- <td class="italicstyle">URL:</td>
- <td class="normalstyle"><xsl:value-of select="//saml:Attribute[@AttributeName='OA']/saml:AttributeValue"/></td>
+ <td class="italicstyle">URL:</td>
+ <td class="normalstyle">
+ <xsl:value-of select="//saml:Attribute[@AttributeName='OA']/saml:AttributeValue"/>
+ </td>
</tr>
<xsl:if test="//saml:Attribute[@AttributeName='Geschaeftsbereich']">
- <tr>
- <td class="italicstyle">Sector:</td>
- <td class="normalstyle"><xsl:value-of select="//saml:Attribute[@AttributeName='Geschaeftsbereich']/saml:AttributeValue"/></td>
- </tr>
- </xsl:if>
- <xsl:if test="//saml:Attribute[@AttributeName='IdentityLinkDomainIdentifierType']">
- <tr>
- <td class="italicstyle"><xsl:value-of select="//saml:Attribute[@AttributeName='IdentityLinkDomainIdentifierType']"/>:</td>
- <td class="normalstyle"><xsl:value-of select="//saml:Attribute[@AttributeName='wbPK']/saml:AttributeValue/pr:Identification/pr:Type"/></td>
- </tr>
- </xsl:if>
- <xsl:if test="//saml:Attribute[@AttributeName='bPK'] or //saml:Attribute[@AttributeName='wbPK']">
- <tr>
- <td class="italicstyle">Identifier:</td>
- <td class="normalstyle"><xsl:value-of select="//saml:Attribute[@AttributeName='bPK']/saml:AttributeValue/pr:Identification/pr:Value"/>
- <xsl:value-of select="//saml:Attribute[@AttributeName='wbPK']/saml:AttributeValue/pr:Identification/pr:Value"/>
- </td>
- </tr>
- </xsl:if>
- <xsl:if test="//saml:Attribute[@AttributeName='MandatorWbpk']">
- <tr>
- <td class="italicstyle">Identifier of the principal:</td>
- <td class="normalstyle"><xsl:value-of select="//saml:Attribute[@AttributeName='MandatorWbpk']/saml:AttributeValue/text()"/></td>
- </tr>
- </xsl:if>
- <xsl:if test="//saml:Attribute[@AttributeName='OIDTextualDescription']">
- <tr>
- <td class="italicstyle">OID:</td>
- <td class="normalstyle"><xsl:value-of select="//saml:Attribute[@AttributeName='OID']/saml:AttributeValue"/></td>
- </tr>
- </xsl:if>
+ <tr>
+ <td class="italicstyle">Sector:</td>
+ <td class="normalstyle">
+ <xsl:value-of select="//saml:Attribute[@AttributeName='Geschaeftsbereich']/saml:AttributeValue"/>
+ </td>
+ </tr>
+ </xsl:if>
+ <xsl:if test="//saml:Attribute[@AttributeName='IdentityLinkDomainIdentifierType']">
+ <tr>
+ <td class="italicstyle">
+ <xsl:value-of select="//saml:Attribute[@AttributeName='IdentityLinkDomainIdentifierType']"/>:</td>
+ <td class="normalstyle">
+ <xsl:value-of select="//saml:Attribute[@AttributeName='wbPK']/saml:AttributeValue/pr:Identification/pr:Type"/>
+ </td>
+ </tr>
+ </xsl:if>
+ <xsl:if test="//saml:Attribute[@AttributeName='bPK'] or //saml:Attribute[@AttributeName='wbPK']">
+ <tr>
+ <td class="italicstyle">Identifier:</td>
+ <td class="normalstyle">
+ <xsl:value-of select="//saml:Attribute[@AttributeName='bPK']/saml:AttributeValue/pr:Identification/pr:Value"/>
+ <xsl:value-of select="//saml:Attribute[@AttributeName='wbPK']/saml:AttributeValue/pr:Identification/pr:Value"/>
+ </td>
+ </tr>
+ </xsl:if>
+ <xsl:if test="//saml:Attribute[@AttributeName='MandatorWbpk']">
+ <tr>
+ <td class="italicstyle">Identifier of the principal:</td>
+ <td class="normalstyle">
+ <xsl:value-of select="//saml:Attribute[@AttributeName='MandatorWbpk']/saml:AttributeValue/text()"/>
+ </td>
+ </tr>
+ </xsl:if>
+ <xsl:if test="//saml:Attribute[@AttributeName='OIDTextualDescription']">
+ <tr>
+ <td class="italicstyle">OID:</td>
+ <td class="normalstyle">
+ <xsl:value-of select="//saml:Attribute[@AttributeName='OID']/saml:AttributeValue"/>
+ </td>
+ </tr>
+ </xsl:if>
<xsl:if test="//saml:Attribute[@AttributeName='HPI']">
- <tr>
- <td class="italicstyle">HPI:</td>
- <td class="normalstyle"><xsl:value-of select="//saml:Attribute[@AttributeName='HPI']/saml:AttributeValue"/></td>
- </tr>
- </xsl:if>
+ <tr>
+ <td class="italicstyle">HPI:</td>
+ <td class="normalstyle">
+ <xsl:value-of select="//saml:Attribute[@AttributeName='HPI']/saml:AttributeValue"/>
+ </td>
+ </tr>
+ </xsl:if>
<tr>
- <td class="italicstyle">Date:</td>
- <td class="normalstyle">
- <xsl:value-of select="substring(//@IssueInstant,9,2)"/>
- <xsl:text>.</xsl:text>
- <xsl:value-of select="substring(//@IssueInstant,6,2)"/>
- <xsl:text>.</xsl:text>
- <xsl:value-of select="substring(//@IssueInstant,1,4)"/>
- </td>
- </tr>
- <tr>
- <td class="italicstyle">Time:</td>
- <td class="normalstyle">
- <xsl:value-of select="substring(//@IssueInstant,12,2)"/>
- <xsl:text>:</xsl:text>
- <xsl:value-of select="substring(//@IssueInstant,15,2)"/>
- <xsl:text>:</xsl:text>
- <xsl:value-of select="substring(//@IssueInstant,18,2)"/>
- </td>
- </tr>
- </table>
+ <td class="italicstyle">Date:</td>
+ <td class="normalstyle">
+ <xsl:value-of select="substring(//@IssueInstant,9,2)"/>
+ <xsl:text>.</xsl:text>
+ <xsl:value-of select="substring(//@IssueInstant,6,2)"/>
+ <xsl:text>.</xsl:text>
+ <xsl:value-of select="substring(//@IssueInstant,1,4)"/>
+ </td>
+ </tr>
+ <tr>
+ <td class="italicstyle">Time:</td>
+ <td class="normalstyle">
+ <xsl:value-of select="substring(//@IssueInstant,12,2)"/>
+ <xsl:text>:</xsl:text>
+ <xsl:value-of select="substring(//@IssueInstant,15,2)"/>
+ <xsl:text>:</xsl:text>
+ <xsl:value-of select="substring(//@IssueInstant,18,2)"/>
+ </td>
+ </tr>
+ </table>
</body>
</html>
</xsl:template>
diff --git a/id/server/data/deploy/conf/moa-spss/profiles/MOAIDTransformAuthBlockTable_DE.xml b/id/server/data/deploy/conf/moa-spss/profiles/MOAIDTransformAuthBlockTable_DE.xml
index db638d545..24b0bfc38 100644
--- a/id/server/data/deploy/conf/moa-spss/profiles/MOAIDTransformAuthBlockTable_DE.xml
+++ b/id/server/data/deploy/conf/moa-spss/profiles/MOAIDTransformAuthBlockTable_DE.xml
@@ -1,7 +1,8 @@
<?xml version="1.0" encoding="UTF-8"?>
<VerifyTransformsInfoProfile xmlns="http://reference.e-government.gv.at/namespace/moa/20020822#">
<dsig:Transforms xmlns:dsig="http://www.w3.org/2000/09/xmldsig#">
- <dsig:Transform Algorithm="http://www.w3.org/TR/1999/REC-xslt-19991116"><xsl:stylesheet version="1.0" xmlns:xsl="http://www.w3.org/1999/XSL/Transform" xmlns:saml="urn:oasis:names:tc:SAML:1.0:assertion" xmlns:pr="http://reference.e-government.gv.at/namespace/persondata/20020228#" exclude-result-prefixes="pr saml">
+ <dsig:Transform Algorithm="http://www.w3.org/TR/1999/REC-xslt-19991116">
+ <xsl:stylesheet version="1.0" xmlns:xsl="http://www.w3.org/1999/XSL/Transform" xmlns:saml="urn:oasis:names:tc:SAML:1.0:assertion" xmlns:pr="http://reference.e-government.gv.at/namespace/persondata/20020228#" exclude-result-prefixes="pr saml">
<xsl:output method="xml" xml:space="default"/>
<xsl:template match="/" xmlns="http://www.w3.org/1999/xhtml">
<html>
@@ -13,139 +14,156 @@
.titlestyle{ text-decoration:underline; font-weight:bold; font-family: Verdana; font-size: medium; }
.h4style{ font-size: large; font-family: Verdana; }
</style>
- </head>
- <body>
- <h4 class="h4style">Anmeldedaten:</h4>
-
- <p class="titlestyle">Daten zur Person</p>
- <table class="parameters">
+ </head>
+ <body>
+ <h4 class="h4style">Anmeldedaten:</h4>
+ <p class="titlestyle">Daten zur Person</p>
+ <table class="parameters">
<xsl:if test="normalize-space(//@Issuer)">
- <tr>
- <td class="italicstyle">Name:</td>
- <td class="normalstyle">
- <xsl:value-of select="//@Issuer"/>
- </td>
- </tr>
- </xsl:if>
- <xsl:if test="string(//saml:Attribute[@AttributeName='Geburtsdatum']/saml:AttributeValue)">
- <tr>
- <td class="italicstyle">Geburtsdatum:</td>
- <td class="normalstyle">
- <xsl:value-of select="substring(//saml:Attribute[@AttributeName='Geburtsdatum']/saml:AttributeValue,9,2)"/>
- <xsl:text>.</xsl:text>
- <xsl:value-of select="substring(//saml:Attribute[@AttributeName='Geburtsdatum']/saml:AttributeValue,6,2)"/>
- <xsl:text>.</xsl:text>
- <xsl:value-of select="substring(//saml:Attribute[@AttributeName='Geburtsdatum']/saml:AttributeValue,1,4)"/>
- </td>
- </tr>
- </xsl:if>
- <xsl:if test="//saml:Attribute[@AttributeName='OIDTextualDescription']">
- <tr>
- <td class="italicstyle">Rolle:</td>
- <td class="normalstyle"><xsl:value-of select="//saml:Attribute[@AttributeName='OIDTextualDescription']/saml:AttributeValue"/></td>
- </tr>
- </xsl:if>
+ <tr>
+ <td class="italicstyle">Name:</td>
+ <td class="normalstyle">
+ <xsl:value-of select="//@Issuer"/>
+ </td>
+ </tr>
+ </xsl:if>
+ <xsl:if test="string(//saml:Attribute[@AttributeName='Geburtsdatum']/saml:AttributeValue)">
+ <tr>
+ <td class="italicstyle">Geburtsdatum:</td>
+ <td class="normalstyle">
+ <xsl:value-of select="substring(//saml:Attribute[@AttributeName='Geburtsdatum']/saml:AttributeValue,9,2)"/>
+ <xsl:text>.</xsl:text>
+ <xsl:value-of select="substring(//saml:Attribute[@AttributeName='Geburtsdatum']/saml:AttributeValue,6,2)"/>
+ <xsl:text>.</xsl:text>
+ <xsl:value-of select="substring(//saml:Attribute[@AttributeName='Geburtsdatum']/saml:AttributeValue,1,4)"/>
+ </td>
+ </tr>
+ </xsl:if>
+ <xsl:if test="//saml:Attribute[@AttributeName='OIDTextualDescription']">
+ <tr>
+ <td class="italicstyle">Rolle:</td>
+ <td class="normalstyle">
+ <xsl:value-of select="//saml:Attribute[@AttributeName='OIDTextualDescription']/saml:AttributeValue"/>
+ </td>
+ </tr>
+ </xsl:if>
+ <xsl:if test="//saml:Attribute[@AttributeName='MandatorName']">
+ <tr>
+ <td class="italicstyle">Vollmacht:</td>
+ <td class="normalstyle">
+ <xsl:text>Ich bin weiters ermächtigt als </xsl:text>
+ <xsl:value-of select="//saml:Attribute[@AttributeName='RepresentationType']/saml:AttributeValue/text()"/>
+ <xsl:text> von </xsl:text>
+ <xsl:value-of select="//saml:Attribute[@AttributeName='MandatorName']/saml:AttributeValue/text()"/>
+ <xsl:if test="//saml:Attribute[@AttributeName='MandatorDateOfBirth']">
+ <xsl:text>, geboren am </xsl:text>
+ <xsl:value-of select="substring(//saml:Attribute[@AttributeName='MandatorDateOfBirth']/saml:AttributeValue,9,2)"/>
+ <xsl:text>.</xsl:text>
+ <xsl:value-of select="substring(//saml:Attribute[@AttributeName='MandatorDateOfBirth']/saml:AttributeValue,6,2)"/>
+ <xsl:text>.</xsl:text>
+ <xsl:value-of select="substring(//saml:Attribute[@AttributeName='MandatorDateOfBirth']/saml:AttributeValue,1,4)"/>
+ </xsl:if>
+ <xsl:if test="//saml:Attribute[@AttributeName='MandatorDomainIdentifier']">
+ <xsl:text>, </xsl:text>
+ <xsl:value-of select="//saml:Attribute[@AttributeName='MandatorDomainIdentifier']/saml:AttributeValue/text()"/>
+ </xsl:if>
+ <xsl:text>, in deren Auftrag zu handeln.</xsl:text>
+ </td>
+ </tr>
+ </xsl:if>
</table>
-
- <xsl:if test="//saml:Attribute[@AttributeName='MandatorName']">
- <hr/>
- <xsl:text>Ich bin weiters ermächtigt als </xsl:text>
- <xsl:value-of select="//saml:Attribute[@AttributeName='RepresentationType']/saml:AttributeValue/text()"/>
- <xsl:text> von </xsl:text>
- <xsl:value-of select="//saml:Attribute[@AttributeName='MandatorName']/saml:AttributeValue/text()"/>
- <xsl:if test="//saml:Attribute[@AttributeName='MandatorDateOfBirth']">
- <xsl:text>, geboren am </xsl:text>
- <xsl:value-of select="substring(//saml:Attribute[@AttributeName='MandatorDateOfBirth']/saml:AttributeValue,9,2)"/>
- <xsl:text>.</xsl:text>
- <xsl:value-of select="substring(//saml:Attribute[@AttributeName='MandatorDateOfBirth']/saml:AttributeValue,6,2)"/>
- <xsl:text>.</xsl:text>
- <xsl:value-of select="substring(//saml:Attribute[@AttributeName='MandatorDateOfBirth']/saml:AttributeValue,1,4)"/>
- </xsl:if>
- <xsl:if test="//saml:Attribute[@AttributeName='MandatorDomainIdentifier']">
- <xsl:text>, </xsl:text>
- <xsl:value-of select="//saml:Attribute[@AttributeName='MandatorDomainIdentifier']/saml:AttributeValue/text()"/>
- </xsl:if>
- <xsl:text>, in deren Auftrag zu handeln.</xsl:text>
- <p/>
- </xsl:if>
-
- <p class="titlestyle">Daten zur Anwendung</p>
- <table class="parameters">
- <tr>
- <td class="italicstyle">Name:</td>
- <td class="normalstyle"><xsl:value-of select="//saml:Attribute[@AttributeName='oaFriendlyName']/saml:AttributeValue"/></td>
- </tr>
- <tr>
- <td class="italicstyle">Staat:</td>
- <td class="normalstyle">Österreich</td>
- </tr>
- </table>
-
- <p class="titlestyle">Technische Parameter</p>
- <table class="parameters">
+ <p class="titlestyle">Daten zur Anwendung</p>
+ <table class="parameters">
+ <tr>
+ <td class="italicstyle">Name:</td>
+ <td class="normalstyle">
+ <xsl:value-of select="//saml:Attribute[@AttributeName='oaFriendlyName']/saml:AttributeValue"/>
+ </td>
+ </tr>
+ <tr>
+ <td class="italicstyle">Staat:</td>
+ <td class="normalstyle">Österreich</td>
+ </tr>
+ </table>
+ <p class="titlestyle">Technische Parameter</p>
+ <table class="parameters">
<tr>
- <td class="italicstyle">URL:</td>
- <td class="normalstyle"><xsl:value-of select="//saml:Attribute[@AttributeName='OA']/saml:AttributeValue"/></td>
+ <td class="italicstyle">URL:</td>
+ <td class="normalstyle">
+ <xsl:value-of select="//saml:Attribute[@AttributeName='OA']/saml:AttributeValue"/>
+ </td>
</tr>
<xsl:if test="//saml:Attribute[@AttributeName='Geschaeftsbereich']">
- <tr>
- <td class="italicstyle">Bereich:</td>
- <td class="normalstyle"><xsl:value-of select="//saml:Attribute[@AttributeName='Geschaeftsbereich']/saml:AttributeValue"/></td>
- </tr>
- </xsl:if>
- <xsl:if test="//saml:Attribute[@AttributeName='IdentityLinkDomainIdentifierType']">
- <tr>
- <td class="italicstyle"><xsl:value-of select="//saml:Attribute[@AttributeName='IdentityLinkDomainIdentifierType']"/>:</td>
- <td class="normalstyle"><xsl:value-of select="//saml:Attribute[@AttributeName='wbPK']/saml:AttributeValue/pr:Identification/pr:Type"/></td>
- </tr>
- </xsl:if>
- <xsl:if test="//saml:Attribute[@AttributeName='bPK'] or //saml:Attribute[@AttributeName='wbPK']">
- <tr>
- <td class="italicstyle">Identifikator:</td>
- <td class="normalstyle"><xsl:value-of select="//saml:Attribute[@AttributeName='bPK']/saml:AttributeValue/pr:Identification/pr:Value"/>
- <xsl:value-of select="//saml:Attribute[@AttributeName='wbPK']/saml:AttributeValue/pr:Identification/pr:Value"/>
- </td>
- </tr>
- </xsl:if>
- <xsl:if test="//saml:Attribute[@AttributeName='MandatorWbpk']">
- <tr>
- <td class="italicstyle">Identifikator des Vollmachtgebers:</td>
- <td class="normalstyle"><xsl:value-of select="//saml:Attribute[@AttributeName='MandatorWbpk']/saml:AttributeValue/text()"/></td>
- </tr>
- </xsl:if>
- <xsl:if test="//saml:Attribute[@AttributeName='OIDTextualDescription']">
- <tr>
- <td class="italicstyle">OID:</td>
- <td class="normalstyle"><xsl:value-of select="//saml:Attribute[@AttributeName='OID']/saml:AttributeValue"/></td>
- </tr>
- </xsl:if>
+ <tr>
+ <td class="italicstyle">Bereich:</td>
+ <td class="normalstyle">
+ <xsl:value-of select="//saml:Attribute[@AttributeName='Geschaeftsbereich']/saml:AttributeValue"/>
+ </td>
+ </tr>
+ </xsl:if>
+ <xsl:if test="//saml:Attribute[@AttributeName='IdentityLinkDomainIdentifierType']">
+ <tr>
+ <td class="italicstyle">
+ <xsl:value-of select="//saml:Attribute[@AttributeName='IdentityLinkDomainIdentifierType']"/>:</td>
+ <td class="normalstyle">
+ <xsl:value-of select="//saml:Attribute[@AttributeName='wbPK']/saml:AttributeValue/pr:Identification/pr:Type"/>
+ </td>
+ </tr>
+ </xsl:if>
+ <xsl:if test="//saml:Attribute[@AttributeName='bPK'] or //saml:Attribute[@AttributeName='wbPK']">
+ <tr>
+ <td class="italicstyle">Identifikator:</td>
+ <td class="normalstyle">
+ <xsl:value-of select="//saml:Attribute[@AttributeName='bPK']/saml:AttributeValue/pr:Identification/pr:Value"/>
+ <xsl:value-of select="//saml:Attribute[@AttributeName='wbPK']/saml:AttributeValue/pr:Identification/pr:Value"/>
+ </td>
+ </tr>
+ </xsl:if>
+ <xsl:if test="//saml:Attribute[@AttributeName='MandatorWbpk']">
+ <tr>
+ <td class="italicstyle">Identifikator des Vollmachtgebers:</td>
+ <td class="normalstyle">
+ <xsl:value-of select="//saml:Attribute[@AttributeName='MandatorWbpk']/saml:AttributeValue/text()"/>
+ </td>
+ </tr>
+ </xsl:if>
+ <xsl:if test="//saml:Attribute[@AttributeName='OIDTextualDescription']">
+ <tr>
+ <td class="italicstyle">OID:</td>
+ <td class="normalstyle">
+ <xsl:value-of select="//saml:Attribute[@AttributeName='OID']/saml:AttributeValue"/>
+ </td>
+ </tr>
+ </xsl:if>
<xsl:if test="//saml:Attribute[@AttributeName='HPI']">
- <tr>
- <td class="italicstyle">HPI:</td>
- <td class="normalstyle"><xsl:value-of select="//saml:Attribute[@AttributeName='HPI']/saml:AttributeValue"/></td>
- </tr>
- </xsl:if>
+ <tr>
+ <td class="italicstyle">HPI:</td>
+ <td class="normalstyle">
+ <xsl:value-of select="//saml:Attribute[@AttributeName='HPI']/saml:AttributeValue"/>
+ </td>
+ </tr>
+ </xsl:if>
<tr>
- <td class="italicstyle">Datum:</td>
- <td class="normalstyle">
- <xsl:value-of select="substring(//@IssueInstant,9,2)"/>
- <xsl:text>.</xsl:text>
- <xsl:value-of select="substring(//@IssueInstant,6,2)"/>
- <xsl:text>.</xsl:text>
- <xsl:value-of select="substring(//@IssueInstant,1,4)"/>
- </td>
- </tr>
- <tr>
- <td class="italicstyle">Uhrzeit:</td>
- <td class="normalstyle">
- <xsl:value-of select="substring(//@IssueInstant,12,2)"/>
- <xsl:text>:</xsl:text>
- <xsl:value-of select="substring(//@IssueInstant,15,2)"/>
- <xsl:text>:</xsl:text>
- <xsl:value-of select="substring(//@IssueInstant,18,2)"/>
- </td>
- </tr>
- </table>
+ <td class="italicstyle">Datum:</td>
+ <td class="normalstyle">
+ <xsl:value-of select="substring(//@IssueInstant,9,2)"/>
+ <xsl:text>.</xsl:text>
+ <xsl:value-of select="substring(//@IssueInstant,6,2)"/>
+ <xsl:text>.</xsl:text>
+ <xsl:value-of select="substring(//@IssueInstant,1,4)"/>
+ </td>
+ </tr>
+ <tr>
+ <td class="italicstyle">Uhrzeit:</td>
+ <td class="normalstyle">
+ <xsl:value-of select="substring(//@IssueInstant,12,2)"/>
+ <xsl:text>:</xsl:text>
+ <xsl:value-of select="substring(//@IssueInstant,15,2)"/>
+ <xsl:text>:</xsl:text>
+ <xsl:value-of select="substring(//@IssueInstant,18,2)"/>
+ </td>
+ </tr>
+ </table>
</body>
</html>
</xsl:template>
@@ -153,4 +171,4 @@
</dsig:Transform>
<dsig:Transform Algorithm="http://www.w3.org/TR/2001/REC-xml-c14n-20010315#WithComments"/>
</dsig:Transforms>
- </VerifyTransformsInfoProfile>
+</VerifyTransformsInfoProfile>
diff --git a/id/server/data/deploy/conf/moa-spss/profiles/MOAIDTransformAuthBlockTable_EN.xml b/id/server/data/deploy/conf/moa-spss/profiles/MOAIDTransformAuthBlockTable_EN.xml
index 6db367871..207296d52 100644
--- a/id/server/data/deploy/conf/moa-spss/profiles/MOAIDTransformAuthBlockTable_EN.xml
+++ b/id/server/data/deploy/conf/moa-spss/profiles/MOAIDTransformAuthBlockTable_EN.xml
@@ -1,7 +1,8 @@
<?xml version="1.0" encoding="UTF-8"?>
<VerifyTransformsInfoProfile xmlns="http://reference.e-government.gv.at/namespace/moa/20020822#">
<dsig:Transforms xmlns:dsig="http://www.w3.org/2000/09/xmldsig#">
- <dsig:Transform Algorithm="http://www.w3.org/TR/1999/REC-xslt-19991116"><xsl:stylesheet version="1.0" xmlns:xsl="http://www.w3.org/1999/XSL/Transform" xmlns:saml="urn:oasis:names:tc:SAML:1.0:assertion" xmlns:pr="http://reference.e-government.gv.at/namespace/persondata/20020228#" exclude-result-prefixes="pr saml">
+ <dsig:Transform Algorithm="http://www.w3.org/TR/1999/REC-xslt-19991116">
+ <xsl:stylesheet version="1.0" xmlns:xsl="http://www.w3.org/1999/XSL/Transform" xmlns:saml="urn:oasis:names:tc:SAML:1.0:assertion" xmlns:pr="http://reference.e-government.gv.at/namespace/persondata/20020228#" exclude-result-prefixes="pr saml">
<xsl:output method="xml" xml:space="default"/>
<xsl:template match="/" xmlns="http://www.w3.org/1999/xhtml">
<html>
@@ -14,138 +15,155 @@
.h4style{ font-size: large; font-family: Verdana; }
</style>
</head>
- <body>
- <h4 class="h4style">Authentication Data:</h4>
-
- <p class="titlestyle">Personal Data</p>
- <table class="parameters">
+ <body>
+ <h4 class="h4style">Authentication Data:</h4>
+ <p class="titlestyle">Personal Data</p>
+ <table class="parameters">
<xsl:if test="normalize-space(//@Issuer)">
- <tr>
- <td class="italicstyle">Name:</td>
- <td class="normalstyle">
- <xsl:value-of select="//@Issuer"/>
- </td>
- </tr>
- </xsl:if>
- <xsl:if test="string(//saml:Attribute[@AttributeName='Geburtsdatum']/saml:AttributeValue)">
- <tr>
- <td class="italicstyle">Date of Birth:</td>
- <td class="normalstyle">
- <xsl:value-of select="substring(//saml:Attribute[@AttributeName='Geburtsdatum']/saml:AttributeValue,9,2)"/>
- <xsl:text>.</xsl:text>
- <xsl:value-of select="substring(//saml:Attribute[@AttributeName='Geburtsdatum']/saml:AttributeValue,6,2)"/>
- <xsl:text>.</xsl:text>
- <xsl:value-of select="substring(//saml:Attribute[@AttributeName='Geburtsdatum']/saml:AttributeValue,1,4)"/>
- </td>
- </tr>
- </xsl:if>
- <xsl:if test="//saml:Attribute[@AttributeName='OIDTextualDescription']">
- <tr>
- <td class="italicstyle">Role:</td>
- <td class="normalstyle"><xsl:value-of select="//saml:Attribute[@AttributeName='OIDTextualDescription']/saml:AttributeValue"/></td>
- </tr>
- </xsl:if>
+ <tr>
+ <td class="italicstyle">Name:</td>
+ <td class="normalstyle">
+ <xsl:value-of select="//@Issuer"/>
+ </td>
+ </tr>
+ </xsl:if>
+ <xsl:if test="string(//saml:Attribute[@AttributeName='Geburtsdatum']/saml:AttributeValue)">
+ <tr>
+ <td class="italicstyle">Date of Birth:</td>
+ <td class="normalstyle">
+ <xsl:value-of select="substring(//saml:Attribute[@AttributeName='Geburtsdatum']/saml:AttributeValue,9,2)"/>
+ <xsl:text>.</xsl:text>
+ <xsl:value-of select="substring(//saml:Attribute[@AttributeName='Geburtsdatum']/saml:AttributeValue,6,2)"/>
+ <xsl:text>.</xsl:text>
+ <xsl:value-of select="substring(//saml:Attribute[@AttributeName='Geburtsdatum']/saml:AttributeValue,1,4)"/>
+ </td>
+ </tr>
+ </xsl:if>
+ <xsl:if test="//saml:Attribute[@AttributeName='OIDTextualDescription']">
+ <tr>
+ <td class="italicstyle">Role:</td>
+ <td class="normalstyle">
+ <xsl:value-of select="//saml:Attribute[@AttributeName='OIDTextualDescription']/saml:AttributeValue"/>
+ </td>
+ </tr>
+ </xsl:if>
+ <xsl:if test="//saml:Attribute[@AttributeName='MandatorName']">
+ <tr>
+ <td class="italicstyle">Mandate:</td>
+ <td class="normalstyle">
+ <xsl:text>I am also authorized as </xsl:text>
+ <xsl:value-of select="//saml:Attribute[@AttributeName='RepresentationType']/saml:AttributeValue/text()"/>
+ <xsl:text> of </xsl:text>
+ <xsl:value-of select="//saml:Attribute[@AttributeName='MandatorName']/saml:AttributeValue/text()"/>
+ <xsl:if test="//saml:Attribute[@AttributeName='MandatorDateOfBirth']">
+ <xsl:text>, born on </xsl:text>
+ <xsl:value-of select="substring(//saml:Attribute[@AttributeName='MandatorDateOfBirth']/saml:AttributeValue,9,2)"/>
+ <xsl:text>.</xsl:text>
+ <xsl:value-of select="substring(//saml:Attribute[@AttributeName='MandatorDateOfBirth']/saml:AttributeValue,6,2)"/>
+ <xsl:text>.</xsl:text>
+ <xsl:value-of select="substring(//saml:Attribute[@AttributeName='MandatorDateOfBirth']/saml:AttributeValue,1,4)"/>
+ </xsl:if>
+ <xsl:if test="//saml:Attribute[@AttributeName='MandatorDomainIdentifier']">
+ <xsl:text>, </xsl:text>
+ <xsl:value-of select="//saml:Attribute[@AttributeName='MandatorDomainIdentifier']/saml:AttributeValue/text()"/>
+ </xsl:if>
+ <xsl:text>, to act on their behalf.</xsl:text>
+ </td>
+ </tr>
+ </xsl:if>
</table>
-
- <xsl:if test="//saml:Attribute[@AttributeName='MandatorName']">
- <hr/>
- <xsl:text>I am also authorized as </xsl:text>
- <xsl:value-of select="//saml:Attribute[@AttributeName='RepresentationType']/saml:AttributeValue/text()"/>
- <xsl:text> of </xsl:text>
- <xsl:value-of select="//saml:Attribute[@AttributeName='MandatorName']/saml:AttributeValue/text()"/>
- <xsl:if test="//saml:Attribute[@AttributeName='MandatorDateOfBirth']">
- <xsl:text>, born on </xsl:text>
- <xsl:value-of select="substring(//saml:Attribute[@AttributeName='MandatorDateOfBirth']/saml:AttributeValue,9,2)"/>
- <xsl:text>.</xsl:text>
- <xsl:value-of select="substring(//saml:Attribute[@AttributeName='MandatorDateOfBirth']/saml:AttributeValue,6,2)"/>
- <xsl:text>.</xsl:text>
- <xsl:value-of select="substring(//saml:Attribute[@AttributeName='MandatorDateOfBirth']/saml:AttributeValue,1,4)"/>
- </xsl:if>
- <xsl:if test="//saml:Attribute[@AttributeName='MandatorDomainIdentifier']">
- <xsl:text>, </xsl:text>
- <xsl:value-of select="//saml:Attribute[@AttributeName='MandatorDomainIdentifier']/saml:AttributeValue/text()"/>
- </xsl:if>
- <xsl:text>, to act on their behalf.</xsl:text>
- <p/>
- </xsl:if>
-
- <p class="titlestyle">Application Data</p>
- <table class="parameters">
- <tr>
- <td class="italicstyle">Name:</td>
- <td class="normalstyle"><xsl:value-of select="//saml:Attribute[@AttributeName='oaFriendlyName']/saml:AttributeValue"/></td>
- </tr>
- <tr>
- <td class="italicstyle">Country:</td>
- <td class="normalstyle">Austria</td>
- </tr>
- </table>
-
- <p class="titlestyle">Technical Parameters</p>
- <table class="parameters">
+ <p class="titlestyle">Application Data</p>
+ <table class="parameters">
+ <tr>
+ <td class="italicstyle">Name:</td>
+ <td class="normalstyle">
+ <xsl:value-of select="//saml:Attribute[@AttributeName='oaFriendlyName']/saml:AttributeValue"/>
+ </td>
+ </tr>
+ <tr>
+ <td class="italicstyle">Country:</td>
+ <td class="normalstyle">Austria</td>
+ </tr>
+ </table>
+ <p class="titlestyle">Technical Parameters</p>
+ <table class="parameters">
<tr>
- <td class="italicstyle">URL:</td>
- <td class="normalstyle"><xsl:value-of select="//saml:Attribute[@AttributeName='OA']/saml:AttributeValue"/></td>
+ <td class="italicstyle">URL:</td>
+ <td class="normalstyle">
+ <xsl:value-of select="//saml:Attribute[@AttributeName='OA']/saml:AttributeValue"/>
+ </td>
</tr>
<xsl:if test="//saml:Attribute[@AttributeName='Geschaeftsbereich']">
- <tr>
- <td class="italicstyle">Sector:</td>
- <td class="normalstyle"><xsl:value-of select="//saml:Attribute[@AttributeName='Geschaeftsbereich']/saml:AttributeValue"/></td>
- </tr>
- </xsl:if>
- <xsl:if test="//saml:Attribute[@AttributeName='IdentityLinkDomainIdentifierType']">
- <tr>
- <td class="italicstyle"><xsl:value-of select="//saml:Attribute[@AttributeName='IdentityLinkDomainIdentifierType']"/>:</td>
- <td class="normalstyle"><xsl:value-of select="//saml:Attribute[@AttributeName='wbPK']/saml:AttributeValue/pr:Identification/pr:Type"/></td>
- </tr>
- </xsl:if>
- <xsl:if test="//saml:Attribute[@AttributeName='bPK'] or //saml:Attribute[@AttributeName='wbPK']">
- <tr>
- <td class="italicstyle">Identifier:</td>
- <td class="normalstyle"><xsl:value-of select="//saml:Attribute[@AttributeName='bPK']/saml:AttributeValue/pr:Identification/pr:Value"/>
- <xsl:value-of select="//saml:Attribute[@AttributeName='wbPK']/saml:AttributeValue/pr:Identification/pr:Value"/>
- </td>
- </tr>
- </xsl:if>
- <xsl:if test="//saml:Attribute[@AttributeName='MandatorWbpk']">
- <tr>
- <td class="italicstyle">Identifier of the principal:</td>
- <td class="normalstyle"><xsl:value-of select="//saml:Attribute[@AttributeName='MandatorWbpk']/saml:AttributeValue/text()"/></td>
- </tr>
- </xsl:if>
- <xsl:if test="//saml:Attribute[@AttributeName='OIDTextualDescription']">
- <tr>
- <td class="italicstyle">OID:</td>
- <td class="normalstyle"><xsl:value-of select="//saml:Attribute[@AttributeName='OID']/saml:AttributeValue"/></td>
- </tr>
- </xsl:if>
+ <tr>
+ <td class="italicstyle">Sector:</td>
+ <td class="normalstyle">
+ <xsl:value-of select="//saml:Attribute[@AttributeName='Geschaeftsbereich']/saml:AttributeValue"/>
+ </td>
+ </tr>
+ </xsl:if>
+ <xsl:if test="//saml:Attribute[@AttributeName='IdentityLinkDomainIdentifierType']">
+ <tr>
+ <td class="italicstyle">
+ <xsl:value-of select="//saml:Attribute[@AttributeName='IdentityLinkDomainIdentifierType']"/>:</td>
+ <td class="normalstyle">
+ <xsl:value-of select="//saml:Attribute[@AttributeName='wbPK']/saml:AttributeValue/pr:Identification/pr:Type"/>
+ </td>
+ </tr>
+ </xsl:if>
+ <xsl:if test="//saml:Attribute[@AttributeName='bPK'] or //saml:Attribute[@AttributeName='wbPK']">
+ <tr>
+ <td class="italicstyle">Identifier:</td>
+ <td class="normalstyle">
+ <xsl:value-of select="//saml:Attribute[@AttributeName='bPK']/saml:AttributeValue/pr:Identification/pr:Value"/>
+ <xsl:value-of select="//saml:Attribute[@AttributeName='wbPK']/saml:AttributeValue/pr:Identification/pr:Value"/>
+ </td>
+ </tr>
+ </xsl:if>
+ <xsl:if test="//saml:Attribute[@AttributeName='MandatorWbpk']">
+ <tr>
+ <td class="italicstyle">Identifier of the principal:</td>
+ <td class="normalstyle">
+ <xsl:value-of select="//saml:Attribute[@AttributeName='MandatorWbpk']/saml:AttributeValue/text()"/>
+ </td>
+ </tr>
+ </xsl:if>
+ <xsl:if test="//saml:Attribute[@AttributeName='OIDTextualDescription']">
+ <tr>
+ <td class="italicstyle">OID:</td>
+ <td class="normalstyle">
+ <xsl:value-of select="//saml:Attribute[@AttributeName='OID']/saml:AttributeValue"/>
+ </td>
+ </tr>
+ </xsl:if>
<xsl:if test="//saml:Attribute[@AttributeName='HPI']">
- <tr>
- <td class="italicstyle">HPI:</td>
- <td class="normalstyle"><xsl:value-of select="//saml:Attribute[@AttributeName='HPI']/saml:AttributeValue"/></td>
- </tr>
- </xsl:if>
+ <tr>
+ <td class="italicstyle">HPI:</td>
+ <td class="normalstyle">
+ <xsl:value-of select="//saml:Attribute[@AttributeName='HPI']/saml:AttributeValue"/>
+ </td>
+ </tr>
+ </xsl:if>
<tr>
- <td class="italicstyle">Date:</td>
- <td class="normalstyle">
- <xsl:value-of select="substring(//@IssueInstant,9,2)"/>
- <xsl:text>.</xsl:text>
- <xsl:value-of select="substring(//@IssueInstant,6,2)"/>
- <xsl:text>.</xsl:text>
- <xsl:value-of select="substring(//@IssueInstant,1,4)"/>
- </td>
- </tr>
- <tr>
- <td class="italicstyle">Time:</td>
- <td class="normalstyle">
- <xsl:value-of select="substring(//@IssueInstant,12,2)"/>
- <xsl:text>:</xsl:text>
- <xsl:value-of select="substring(//@IssueInstant,15,2)"/>
- <xsl:text>:</xsl:text>
- <xsl:value-of select="substring(//@IssueInstant,18,2)"/>
- </td>
- </tr>
- </table>
+ <td class="italicstyle">Date:</td>
+ <td class="normalstyle">
+ <xsl:value-of select="substring(//@IssueInstant,9,2)"/>
+ <xsl:text>.</xsl:text>
+ <xsl:value-of select="substring(//@IssueInstant,6,2)"/>
+ <xsl:text>.</xsl:text>
+ <xsl:value-of select="substring(//@IssueInstant,1,4)"/>
+ </td>
+ </tr>
+ <tr>
+ <td class="italicstyle">Time:</td>
+ <td class="normalstyle">
+ <xsl:value-of select="substring(//@IssueInstant,12,2)"/>
+ <xsl:text>:</xsl:text>
+ <xsl:value-of select="substring(//@IssueInstant,15,2)"/>
+ <xsl:text>:</xsl:text>
+ <xsl:value-of select="substring(//@IssueInstant,18,2)"/>
+ </td>
+ </tr>
+ </table>
</body>
</html>
</xsl:template>
@@ -153,4 +171,4 @@
</dsig:Transform>
<dsig:Transform Algorithm="http://www.w3.org/TR/2001/REC-xml-c14n-20010315#WithComments"/>
</dsig:Transforms>
- </VerifyTransformsInfoProfile>
+</VerifyTransformsInfoProfile>
diff --git a/id/server/doc/MOA-ID-Configuration-1.5.0.xsd b/id/server/doc/MOA-ID-Configuration-1.5.0.xsd
index 9078bab98..c5d6f0b07 100644
--- a/id/server/doc/MOA-ID-Configuration-1.5.0.xsd
+++ b/id/server/doc/MOA-ID-Configuration-1.5.0.xsd
@@ -190,7 +190,7 @@
<xsd:element name="TrustedBKUs" minOccurs="0">
<xsd:complexType>
<xsd:sequence>
- <xsd:element name="BKUURL" maxOccurs="unbounded" type="xsd:anyURI"/>
+ <xsd:element name="BKUURL" type="xsd:anyURI" maxOccurs="unbounded"/>
</xsd:sequence>
</xsd:complexType>
</xsd:element>
@@ -277,7 +277,18 @@
<xsd:sequence>
<xsd:element name="ConnectionParameter" type="ConnectionParameterClientAuthType">
<xsd:annotation>
- <xsd:documentation>Default Verbindungsparameter zum SZR-Gateway (GetIdentityLink)</xsd:documentation>
+ <xsd:documentation>Verbindungsparameter zum SZR-Gateway (GetIdentityLink)</xsd:documentation>
+ </xsd:annotation>
+ </xsd:element>
+ </xsd:sequence>
+ </xsd:complexType>
+ </xsd:element>
+ <xsd:element name="OnlineMandates" minOccurs="0">
+ <xsd:complexType>
+ <xsd:sequence>
+ <xsd:element name="ConnectionParameter" type="ConnectionParameterClientAuthType">
+ <xsd:annotation>
+ <xsd:documentation>Verbindungsparameter zum Online-Vollmachten-Service</xsd:documentation>
</xsd:annotation>
</xsd:element>
</xsd:sequence>
diff --git a/id/server/doc/moa_id/id-admin.htm b/id/server/doc/moa_id/id-admin.htm
index 31500f6f0..7192f02e2 100644
--- a/id/server/doc/moa_id/id-admin.htm
+++ b/id/server/doc/moa_id/id-admin.htm
@@ -239,14 +239,17 @@ Die Versionsangaben beziehen sich auf die Versionen, mit denen die MOA ID Webapp
<td width="59%"><b>JDK (SDK)</b> </td>
<td width="41%"><p>min. <a href="http://java.sun.com/j2se/1.4.0/download.html">1.4.0</a> bzw. <a href="http://java.sun.com/j2se/1.4.2/download.html"><br>
1.4.2</a><br/>
- <a href="http://java.sun.com/j2se/1.5.0/download.html">1.5.0</a></p>
+ <a href="http://java.sun.com/j2se/1.5.0/download.html">1.5.0</a><br/>
+ <a href="http://www.oracle.com/technetwork/java/javase/downloads/index.html">1.6.0</a>
+ </p>
</td>
</tr>
<tr>
<td width="59%" height="21"><b>Tomcat</b></td>
<td width="41%" height="21">
<p><a href="http://archive.apache.org/dist/tomcat/tomcat-4/v4.1.31/bin/jakarta-tomcat-4.1.31.zip">4.1.31</a><br/>
- <a href="http://gd.tuwien.ac.at/infosys/servers/http/apache/dist/tomcat/tomcat-5/v5.0.28/bin/jakarta-tomcat-5.0.28.zip">5.0.28</a></p>
+ <a href="http://tomcat.apache.org/download-55.cgi">5.5.x</a><br/>
+ <a href="http://tomcat.apache.org/download-60.cgi">6.0.x</a></p>
</td>
</tr>
<tr>
diff --git a/id/server/doc/moa_id/id-admin_1.htm b/id/server/doc/moa_id/id-admin_1.htm
index 12e445fe2..2b3ade1ed 100644
--- a/id/server/doc/moa_id/id-admin_1.htm
+++ b/id/server/doc/moa_id/id-admin_1.htm
@@ -120,8 +120,9 @@ Unterschiede sind in der Installationsanweisung angef&uuml;hrt.
der Download-Seite des jeweiligen JDK in der Sektion "Other
Downloads". D.h. JDK <a href="http://java.sun.com/j2se/1.4.0/download.html">
hier f&uuml;r 1.4.0</a>, das JDK <a href="http://java.sun.com/j2se/1.4.2/download.html">hier
- f&uuml;r 1.4.2</a> bzw. das JDK <a href="http://java.sun.com/j2se/1.5.0/download.html">hier
- f&uuml;r 1.5.0</a>.</p>
+ f&uuml;r 1.4.2</a>, das JDK <a href="http://java.sun.com/j2se/1.5.0/download.html">hier
+ f&uuml;r 1.5.0</a> bzw. das JDK <a href="http://www.oracle.com/technetwork/java/javase/downloads/index.html">hier
+ f&uuml;r 1.6.0</a></p>
</div>
</td></tr></table>
diff --git a/id/server/doc/moa_id/id-admin_2.htm b/id/server/doc/moa_id/id-admin_2.htm
index 4268565c0..bc4709f02 100644
--- a/id/server/doc/moa_id/id-admin_2.htm
+++ b/id/server/doc/moa_id/id-admin_2.htm
@@ -80,6 +80,8 @@ Projekt <span style="font-size:48pt; ">moa</span>&#160;
<a href="#MOA-SP">&nbsp;&nbsp;MOA-SP</a><br />
<a href="#IdentityLinkSigners">&nbsp;&nbsp;IdentityLinkSigners</a><br />
<a href="#VerifyInfoboxesAuth">&nbsp;&nbsp;VerifyInfoboxes</a><br />
+<a href="#ForeignIdentitiesAuth">&nbsp;&nbsp;ForeignIdentities</a><br />
+<a href="#AuthComponent_OnlineMandates">&nbsp;&nbsp;OnlineMandates</a><br />
<a href="#ProxyComponent">ProxyComponent</a><br />
<a href="#OnlineApplication">OnlineApplication</a><br />
<a href="#OnlineApplication/AuthComponent">&nbsp;&nbsp;AuthComponent</a><br />
@@ -125,9 +127,6 @@ Projekt <span style="font-size:48pt; ">moa</span>&#160;
<a href="../MOA-ID-Configuration-1.5.0.xsd" target="_new">MOA-ID-Configuration-1.5.0.xsd</a> entspricht, durchgef&uuml;hrt.
<p /> Der Ort der Konfigurationsdatei wird im Abschnitt <a href="id-admin_1.htm#deployment">Deployment
der Web-Applikation in Tomcat</a> beschrieben.
- <p /> @TODO Die folgenden Abschnitte erl&auml;utern das Format der Konfigurationsdatei.
- <a href="examples/conf/MOA-ID-Configuration.xml" target="_new">MOA-ID-Configuration.xml</a>
- zeigt ein Beispiel f&uuml;r eine umfassende Konfigurationsdatei. </p>
<p>Enth&auml;lt die Konfigurationsdatei relative Pfadangaben, werden
diese relativ zum Verzeichnis, in dem sich die MOA-ID Konfigurationsdatei
befindet, interpretiert.<br>
@@ -187,8 +186,9 @@ Projekt <span style="font-size:48pt; ">moa</span>&#160;
<li><tt>IdentityLinkSigners</tt></li>
<li><tt>VerifyInfoboxes</tt> (optional ab Version 1.4)</li>
<li><tt>ForeignIdentities</tt></li>
+ <li><tt>OnlineMandates</tt></li>
</ul>
- <p></p>
+<p></p>
<div id="BKUSelection" />
<p id="block"> <b>AuthComponent/BKUSelection</b> <br />
Das optionale Element <tt>BKUSelection</tt> enth&auml;lt Parameter
@@ -529,9 +529,15 @@ Projekt <span style="font-size:48pt; ">moa</span>&#160;
<a href="#VerifyInfoboxesOA">OnlineApplication/AuthComponent/VerifyInfoboxes</a>.
<br />
</p>
+ <div id="ForeignIdentitiesAuth" />
<p><b>AuthComponent/ForeignIdentities</b> <br />
-Ab Version 1.4.7 bietet MOA-ID die M&ouml;glichkeit der Nutzung von ausl&auml;ndischen Karten. Hierf&uuml;r ist ein Stammzahlenregister-Gateway n&ouml;tig, dass einen entsprechenden Zugang zum Stammzahlenregister bereitstellt. Es ist hierzu ein ensprechenden <a href="#ConnectionParameter"><tt>ConnectionParameter</tt></a> zu definieren, der die Zugangsdaten zum Gateway bereith&auml;lt (siehe <a href="#ConnectionParameter"><tt>ConnectionParameter</tt></a>). In der Default-Konfiguration ist der Zugang zum Stammzahlenregister-Gateway bereits aktiviert. Es muss nur noch das Client-Zertifikat f&uuml;r die SSL-Verbinung zum Gateway angegeben werden. Voraussetzung daf&uuml;r ist ein Zertifikat von A-Trust bzw. A-CERT mit Verwaltungseigenschaft. Wenn ihr MOA-ID Zertifikat diese Voraussetzung erf&uuml;llt, k&ouml;nnen Sie dieses hier angeben.<br />
+Ab Version 1.4.7 bietet MOA-ID die M&ouml;glichkeit der Nutzung von ausl&auml;ndischen Karten. Hierf&uuml;r ist ein Stammzahlenregister-Gateway n&ouml;tig, dass einen entsprechenden Zugang zum Stammzahlenregister bereitstellt. Es ist hierzu ein ensprechender <a href="#ConnectionParameter"><tt>ConnectionParameter</tt></a> zu definieren, der die Zugangsdaten zum Gateway bereith&auml;lt (siehe <a href="#ConnectionParameter"><tt>ConnectionParameter</tt></a>). In der Default-Konfiguration ist der Zugang zum Stammzahlenregister-Gateway bereits aktiviert. Es muss nur noch das Client-Zertifikat f&uuml;r die SSL-Verbinung zum Gateway angegeben werden. Voraussetzung daf&uuml;r ist ein Zertifikat von A-Trust bzw. A-CERT mit Verwaltungseigenschaft oder Dienstleistereigenschaft. Wenn ihr MOA-ID Zertifikat diese Voraussetzung erf&uuml;llt, k&ouml;nnen Sie dieses hier angeben.<br />
</p>
+ <p><b><div id="AuthComponent_OnlineMandates">AuthComponent/OnlineMandates</div></b> <br />
+Ab Version 1.5.0 bietet MOA-ID die M&ouml;glichkeit der Nutzung von Online-Vollmachten f&uuml;r Anwendungen aus dem &ouml;ffentlichen Bereich. Hierf&uuml;r ist ein Online-Vollmachten-Service n&ouml;tig. Es ist hierzu ein ensprechender <a href="#ConnectionParameter"><tt>ConnectionParameter</tt></a> zu definieren, der die Zugangsdaten zum Online-Vollmachten-Service bereith&auml;lt (siehe <a href="#ConnectionParameter"><tt>ConnectionParameter</tt></a>). In der Default-Konfiguration ist der Zugang zum Online-Vollmachten-Service bereits aktiviert. Es muss nur noch das Client-Zertifikat f&uuml;r die SSL-Verbinung zum Service angegeben werden. Voraussetzung daf&uuml;r ist ein Zertifikat von A-Trust bzw. A-CERT mit Verwaltungseigenschaft oder Dienstleistereigenschaft. Wenn ihr MOA-ID Zertifikat diese Voraussetzung erf&uuml;llt, k&ouml;nnen Sie dieses hier angeben.<br />
+Hinweis: Um den Online-Vollmachten Modus f&uuml;r eine Online Applikation zu aktivieren, m&uuml;ssen Sie das Vollmachten Profil angeben - siehe <a href="#OnlineApplication/AuthComponent/Mandates">hier</a>.
+
+ </p>
<p id="block"> <b>ProxyComponent</b> <br />
<tt>ProxyComponent</tt> enth&auml;lt Parameter, die
nur die MOA-ID Proxykomponente betreffen. Das Element
@@ -923,7 +929,16 @@ Ab Version 1.4.7 bietet MOA-ID die M&ouml;glichkeit der Nutzung von ausl&auml;nd
<br />
</p>
</div>
- </p>
+
+ <div id="OnlineApplication/AuthComponent/Mandates" />
+ <p id="block"> <b>OnlineApplication/AuthComponent/Mandates</b>
+ <br />
+ Mit Hilfe diese Elements werden die Online-Vollmachten f&uuml;r die Online-Applikation aktiviert.
+ Als Kindelement muss <tt>Profiles</tt> angegeben werden. Diese Element beinhaltet eine (Komma-separierte)
+ Liste von Vollmachten-Identifikatoren, die festlegen mit welchen Vollmachtstyp man sich bei der Online-Applikation anmelden kann.<br/>
+ Hinweis: Hierzu muss auch die Verbindung zum Online-Vollmachten Service konfigurieren - siehe <a href="#AuthComponent_OnlineMandates">hier</a>
+</p>
+
</div>
<div id="OnlineApplication/ProxyComponent" />
<p id="block"> <b>OnlineApplication/ProxyComponent</b>
@@ -1159,7 +1174,7 @@ Ab Version 1.4.7 bietet MOA-ID die M&ouml;glichkeit der Nutzung von ausl&auml;nd
<p id="block"> <b>TrustedBKUs</b><br />
Das Element <tt>TrustedBKUs</tt>
erm&ouml;glicht das Setzen von vertrauensw&uuml;rdigen B&uuml;rgerkartenumgebungen.
- In den <tt>BKUURL</tt> Unterelement werden die vertrauensw&uuml;rdigen URLs eingetragen. Diese Liste an URL wird mit dem Parameter bkuURI abgeglichen. Lokale B&uuml;rgerkartenumgebungn m&uuml;ssen nicht eingetragen werden - diesen wird automatisch vertraut.
+ In <tt>BKUURL</tt> Unterelementen werden die vertrauensw&uuml;rdigen URLs eingetragen. Diese Liste an URL wird mit dem Parameter bkuURI abgeglichen. Lokale B&uuml;rgerkartenumgebungn m&uuml;ssen nicht eingetragen werden - diesen wird automatisch vertraut.
</p>
</div>
</div>
diff --git a/id/server/doc/moa_id/id-anwendung_1.htm b/id/server/doc/moa_id/id-anwendung_1.htm
index 637d28253..041cd437a 100644
--- a/id/server/doc/moa_id/id-anwendung_1.htm
+++ b/id/server/doc/moa_id/id-anwendung_1.htm
@@ -73,13 +73,14 @@ Projekt <span style="font-size:48pt; ">moa</span>&#160;
Der Aufruf erfolgt durch einen Verweis der Form: </div>
<pre>&lt;a href=&quot;https://&lt;moa-id-server-und-pfad&gt;/
StartAuthentication?Target=&lt;gesch&auml;ftsbereich&gt;
-&OA=&lt;oa-url&gt;&Template=&lt;template-url&gt;&quot;&gt;</pre>
+&OA=&lt;oa-url&gt;&Template=&lt;template-url&gt;&amp;useMandate=false&quot;&gt;</pre>
<table border="1"><tbody valign="baseline">
<tr>
<td id="klein">&lt;moa-id-server-und-pfad&gt;</td><td id="klein">Server und Pfad, wo MOA-ID-AUTH installiert ist</td>
</tr>
<tr>
-<td id="klein">Target=&lt;gesch&auml;ftsbereich&gt;</td><td id="klein">Angabe, f&uuml;r welches Verfahren der Benutzer authentisiert werden soll (siehe TODO: Link auf Verzeichnis der Gesch&auml;ftsbereich)</td>
+<td id="klein">Target=&lt;gesch&auml;ftsbereich&gt;</td>
+<td id="klein">Angabe, f&uuml;r welches Verfahren der Benutzer authentisiert werden soll</td>
</tr>
<tr>
<td id="klein">OA=&lt;oa-url&gt;</td><td id="klein">Webseite, auf die der Browser nach erfolgter Authentisierung weitergeleitet werden soll</td>
@@ -87,7 +88,12 @@ StartAuthentication?Target=&lt;gesch&auml;ftsbereich&gt;
<tr>
<td id="klein">Template=&lt;template-url&gt;</td><td id="klein">optional; HTML-Vorlage f&uuml;r der Anmeldeseite von MOA-ID-AUTH, &uuml;ber die der B&uuml;rger den Authentisierungsvorgang startet. &Uuml;ber diesen Parameter kann das Aussehen der Anmeldeseite an das Aussehen der Online-Applikation angepasst werden.</td>
</tr>
-</tbody></table>
+<tr>
+ <td id="klein">useMandate=&lt;true/false&gt;</td>
+ <td id="klein">optional; Gibt an ob eine Anmeldung im Online-Vollmachten-Modus durchgef&uuml;hrt werden soll (=true) oder nicht (=false);</td>
+</tr>
+</tbody>
+</table>
<br/><br/>
<div id="block">
diff --git a/id/server/doc/moa_id/moa.htm b/id/server/doc/moa_id/moa.htm
index 3694bb0f3..e0da90e98 100644
--- a/id/server/doc/moa_id/moa.htm
+++ b/id/server/doc/moa_id/moa.htm
@@ -230,8 +230,14 @@ an den Benutzer weitergeleitet und die Anfragen des Benutzers an die OA weiterge
<div id="subtitel">Erg&auml;nzung f&uuml;r ausl&auml;ndische B&uuml;rger</div>
<div id="block">
<p>Ab der MOA Release 1.4.7 ist es m&ouml;glich, dass sich auch ausl&auml;ndische B&uuml;rger mittels MOA-ID einloggen k&ouml;nnen. Hierzu wird eine Verbindung zu einem sogenannten Stammzahlenregister-Gateway aufgebaut, dass basierend auf den Zertifikatsdaten des ausl&auml;ndischen B&uuml;rgers eine Eintragung im Erg&auml;nzungsregister f&uuml;r nat&uuml;rliche Personen gem&auml;&szlig; E-Government Gesetz &sect;6(5) vornimmt. Somit ist es m&ouml;glich, dass eine Personenbindung ausgestellt werden kann, die in weitere Folge an MOA-ID weitergeleitet wird. </p>
- <p>Der Zugang zu diesem Stammzahlenregister-Gateways ist &uuml;ber eine Client-Server Authentifizierung abgesichert. Als Client-Zertifikate werden Zertifikate der Firmen A-Trust bzw. A-CERT, die mit der Verwaltungseigenschaft versehen sind, akzeptiert. </p>
+ <p>Der Zugang zu diesem Stammzahlenregister-Gateways ist &uuml;ber eine Client-Server Authentifizierung abgesichert. Als Client-Zertifikate werden Zertifikate der Firmen A-Trust bzw. A-CERT, die mit der Verwaltungs- oder Dienstleistereigenschaft versehen sind, akzeptiert. </p>
</div>
+
+ <div id="subtitel">Online-Vollmachten</div>
+<div id="block">
+ <p>Ab der MOA Release 1.5.0 werden Online-Vollmachten (f&uuml;r Anwendungen aus dem &ouml;ffentlichen Bereich) unterst&uuml;tzt. Hierzu werden diese Vollmachten &uuml;ber eine Online-Vollmachten-Service ausgew&auml;hlt. Der Zugang zu diesem Online-Vollmachten Service ist &uuml;ber eine Client-Server Authentifizierung abgesichert. Als Client-Zertifikate werden Zertifikate der Firmen A-Trust bzw. A-CERT, die mit der Verwaltungs- oder Dienstleistereigenschaft versehen sind, akzeptiert. </p>
+</div>
+
</td></tr></table>
<br /><br />
diff --git a/id/server/idserverlib/pom.xml b/id/server/idserverlib/pom.xml
index 6553182b4..eb21c2fd3 100644
--- a/id/server/idserverlib/pom.xml
+++ b/id/server/idserverlib/pom.xml
@@ -121,11 +121,11 @@
<groupId>commons-httpclient</groupId>
<artifactId>commons-httpclient</artifactId>
</dependency>-->
- <dependency>
+ <!-- <dependency>
<groupId>at.gv.egovernment.moa.id</groupId>
<artifactId>mandate-validate</artifactId>
<version>1.1</version>
- </dependency>
+ </dependency>-->
<dependency>
<groupId>commons-lang</groupId>
<artifactId>commons-lang</artifactId>
@@ -135,10 +135,11 @@
<build>
<plugins>
- <plugin>
+ <plugin>
<groupId>org.apache.maven.plugins</groupId>
<artifactId>maven-jar-plugin</artifactId>
<configuration>
+ <skipTests>true</skipTests>
<archive>
<addMavenDescriptor>false</addMavenDescriptor>
</archive>
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/AuthenticationServer.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/AuthenticationServer.java
index 64eaf30cd..a772e0457 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/AuthenticationServer.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/AuthenticationServer.java
@@ -15,14 +15,11 @@
*/
package at.gv.egovernment.moa.id.auth;
-import iaik.ixsil.exceptions.UtilsException;
-import iaik.ixsil.util.Utils;
import iaik.pki.PKIException;
import iaik.x509.X509Certificate;
+import java.io.ByteArrayInputStream;
import java.io.File;
-import java.io.FileInputStream;
-import java.io.FileNotFoundException;
import java.io.IOException;
import java.security.GeneralSecurityException;
import java.security.Principal;
@@ -39,10 +36,11 @@ import java.util.Vector;
import javax.xml.parsers.ParserConfigurationException;
import javax.xml.transform.TransformerException;
+import org.apache.xpath.XPathAPI;
+import org.w3c.dom.Document;
import org.w3c.dom.Element;
import org.xml.sax.SAXException;
-import HTTPClient.Util;
import at.gv.egovernment.moa.id.AuthenticationException;
import at.gv.egovernment.moa.id.BuildException;
import at.gv.egovernment.moa.id.ParseException;
@@ -63,6 +61,7 @@ import at.gv.egovernment.moa.id.auth.builder.VerifyXMLSignatureRequestBuilder;
import at.gv.egovernment.moa.id.auth.data.AuthenticationSession;
import at.gv.egovernment.moa.id.auth.data.CreateXMLSignatureResponse;
import at.gv.egovernment.moa.id.auth.data.ExtendedSAMLAttribute;
+import at.gv.egovernment.moa.id.auth.data.ExtendedSAMLAttributeImpl;
import at.gv.egovernment.moa.id.auth.data.IdentityLink;
import at.gv.egovernment.moa.id.auth.data.InfoboxValidationResult;
import at.gv.egovernment.moa.id.auth.data.InfoboxValidatorParams;
@@ -81,6 +80,7 @@ import at.gv.egovernment.moa.id.auth.validator.ValidateException;
import at.gv.egovernment.moa.id.auth.validator.VerifyXMLSignatureResponseValidator;
import at.gv.egovernment.moa.id.auth.validator.parep.ParepUtils;
import at.gv.egovernment.moa.id.auth.validator.parep.ParepValidator;
+import at.gv.egovernment.moa.id.auth.validator.parep.client.szrgw.SZRGWConstants;
import at.gv.egovernment.moa.id.auth.validator.parep.config.ParepConfiguration;
import at.gv.egovernment.moa.id.config.ConfigurationException;
import at.gv.egovernment.moa.id.config.ConfigurationProvider;
@@ -94,6 +94,7 @@ import at.gv.egovernment.moa.id.util.HTTPUtils;
import at.gv.egovernment.moa.id.util.MOAIDMessageProvider;
import at.gv.egovernment.moa.id.util.Random;
import at.gv.egovernment.moa.id.util.SSLUtils;
+import at.gv.egovernment.moa.id.util.client.mis.simple.MISMandate;
import at.gv.egovernment.moa.logging.LogMsg;
import at.gv.egovernment.moa.logging.Logger;
import at.gv.egovernment.moa.util.Base64Utils;
@@ -288,6 +289,7 @@ public class AuthenticationServer implements MOAIDAuthConstants {
* @param oaURL online application URL requested
* @param bkuURL URL of the "B&uuml;rgerkartenumgebung" to be used;
* may be <code>null</code>; in this case, the default location will be used
+ * @param useMandate Indicates if mandate is used or not
* @param templateURL URL providing an HTML template for the HTML form generated
* @param scheme determines the protocol used
* @return HTML form
@@ -301,6 +303,7 @@ public class AuthenticationServer implements MOAIDAuthConstants {
String oaURL,
String templateURL,
String bkuURL,
+ String useMandate,
String sessionID,
String scheme)
throws WrongParametersException, AuthenticationException, ConfigurationException, BuildException {
@@ -343,7 +346,7 @@ public class AuthenticationServer implements MOAIDAuthConstants {
session.setPublicOAURLPrefix(oaParam.getPublicURLPrefix());
session.setAuthURL(authURL);
session.setTemplateURL(templateURL);
- session.setBusinessService(oaParam.getBusinessService());
+ session.setBusinessService(oaParam.getBusinessService());
}
// BKU URL has not been set yet, even if session already exists
if (bkuURL == null) {
@@ -357,8 +360,15 @@ public class AuthenticationServer implements MOAIDAuthConstants {
session.setDomainIdentifier(oaParam.getIdentityLinkDomainIdentifier());
String infoboxReadRequest =
new InfoboxReadRequestBuilder().build(oaParam.getSlVersion12(),
- oaParam.getBusinessService(),
+ oaParam.getBusinessService(),
oaParam.getIdentityLinkDomainIdentifier());
+
+ if ((useMandate != null) && (useMandate.compareTo("") != 0)) {
+ session.setUseMandate(useMandate);
+ }
+ else {
+ session.setUseMandate("false");
+ }
String dataURL =
new DataURLBuilder().buildDataURL(
session.getAuthURL(),
@@ -529,6 +539,78 @@ public class AuthenticationServer implements MOAIDAuthConstants {
return getCreateXMLSignatureRequestAuthBlockOrRedirect(session, authConf, oaParam);
}
+
+ /**
+ * Processes an <code>Mandate</code> sent by the
+ * MIS.<br>
+ * <ul>
+ * <li>Validates given <code>Mandate</code></li>
+ * <li>Verifies Mandate by calling the MOA SP component</li>
+ * <li>Creates an authentication block to be signed by the user</li>
+ * <li>Creates and returns a <code>&lt;CreateXMLSignatureRequest&gt;</code>
+ * containg the authentication block, meant to be returned to the
+ * security layer implementation</li>
+ * </ul>
+ *
+ * @param sessionID ID of associated authentication session data
+ * @param infoboxReadResponseParameters The parameters from the response returned from
+ * the BKU including the <code>&lt;InfoboxReadResponse&gt;</code>
+ * @return String representation of the <code>&lt;CreateXMLSignatureRequest&gt;</code>
+ */
+ public String verifyMandate(String sessionID, MISMandate mandate)
+ throws
+ AuthenticationException,
+ BuildException,
+ ParseException,
+ ConfigurationException,
+ ValidateException,
+ ServiceException {
+
+ if (isEmpty(sessionID))
+ throw new AuthenticationException("auth.10", new Object[] { GET_MIS_SESSIONID, PARAM_SESSIONID});
+
+ String sMandate = new String(mandate.getMandate());
+ if (sMandate == null | sMandate.compareToIgnoreCase("") == 0) {
+ Logger.error("Mandate is empty.");
+ throw new AuthenticationException("auth.16", new Object[] { GET_MIS_SESSIONID});
+ }
+
+
+ AuthenticationSession session = getSession(sessionID);
+ AuthConfigurationProvider authConf = AuthConfigurationProvider.getInstance();
+
+
+ OAAuthParameter oaParam =
+ AuthConfigurationProvider.getInstance().getOnlineApplicationParameter(
+ session.getPublicOAURLPrefix());
+
+ try {
+ // set extended SAML attributes
+ setExtendedSAMLAttributeForMandates(session, mandate, oaParam.getBusinessService());
+ } catch (SAXException e) {
+ throw new AuthenticationException("auth.16", new Object[] { GET_MIS_SESSIONID}, e);
+ } catch (IOException e) {
+ throw new AuthenticationException("auth.16", new Object[] { GET_MIS_SESSIONID}, e);
+ } catch (ParserConfigurationException e) {
+ throw new AuthenticationException("auth.16", new Object[] { GET_MIS_SESSIONID}, e);
+ } catch (TransformerException e) {
+ throw new AuthenticationException("auth.16", new Object[] { GET_MIS_SESSIONID}, e);
+ }
+
+
+ return getCreateXMLSignatureRequestAuthBlockOrRedirect(session, authConf, oaParam);
+ }
+
+ /**
+ *
+ * @param session
+ * @param authConf
+ * @param oaParam
+ * @return
+ * @throws ConfigurationException
+ * @throws BuildException
+ * @throws ValidateException
+ */
public String getCreateXMLSignatureRequestAuthBlockOrRedirect(AuthenticationSession session, AuthConfigurationProvider authConf, OAAuthParameter oaParam)
throws
ConfigurationException,
@@ -571,6 +653,8 @@ public class AuthenticationServer implements MOAIDAuthConstants {
return createXMLSignatureRequest;
}
+
+
/**
* Returns an CreateXMLSignatureRequest for signing the ERnP statement.<br>
* <ul>
@@ -927,6 +1011,32 @@ public class AuthenticationServer implements MOAIDAuthConstants {
}
/**
+ * Verifies the infoboxes (except of the identity link infobox) returned by the BKU by
+ * calling appropriate validator classes.
+ *
+ * @param session The actual authentication session.
+ * @param mandate The Mandate from the MIS
+ *
+ * @throws AuthenticationException
+ * @throws ConfigurationException
+ * @throws TransformerException
+ * @throws ParserConfigurationException
+ * @throws IOException
+ * @throws SAXException
+ */
+ private void setExtendedSAMLAttributeForMandates(
+ AuthenticationSession session, MISMandate mandate, boolean business)
+ throws ValidateException, ConfigurationException, SAXException, IOException, ParserConfigurationException, TransformerException
+ {
+
+ ExtendedSAMLAttribute[] extendedSamlAttributes = addExtendedSamlAttributes(mandate, business);
+
+
+ AddAdditionalSAMLAttributes(session, extendedSamlAttributes, "MISService", "MISService");
+
+ }
+
+ /**
* Intermediate processing of the infoboxes. The first pending infobox
* validator may validate the provided input
*
@@ -985,7 +1095,9 @@ public class AuthenticationServer implements MOAIDAuthConstants {
int length = extendedSAMLAttributes.length;
for (int i=0; i<length; i++) {
ExtendedSAMLAttribute samlAttribute = extendedSAMLAttributes[i];
+
Object value = verifySAMLAttribute(samlAttribute, i, identifier, friendlyName);
+
if ((value instanceof String) || (value instanceof Element)) {
switch (samlAttribute.getAddToAUTHBlock()) {
case ExtendedSAMLAttribute.ADD_TO_AUTHBLOCK_ONLY:
@@ -1017,6 +1129,115 @@ public class AuthenticationServer implements MOAIDAuthConstants {
session.setExtendedSAMLAttributesOA(oaAttributes);
}
+// /**
+// * Adds given SAML Attributes to the current session. They will be appended
+// * to the final SAML Assertion or the AUTH block. If the attributes are
+// * already in the list, they will be replaced.
+// *
+// * @param session The current session
+// * @param extendedSAMLAttributes The SAML attributes to add
+// * @param identifier The infobox identifier for debug purposes
+// * @param friendlyNam The friendly name of the infobox for debug purposes
+// */
+// private static void AddAdditionalSAMLAttributes(AuthenticationSession session, MISMandate mandate) throws ValidateException
+// {
+//
+// List oaAttributes = session.getExtendedSAMLAttributesOA();
+// if (oaAttributes==null) oaAttributes = new Vector();
+// List authAttributes = session.getExtendedSAMLAttributesAUTH();
+// if (authAttributes==null) authAttributes = new Vector();
+//
+//
+// addExtendedSamlAttributes(authAttributes, mandate);
+//
+// session.setExtendedSAMLAttributesAUTH(authAttributes);
+// session.setExtendedSAMLAttributesOA(oaAttributes);
+// }
+
+ /**
+ * Adds the AUTH block related SAML attributes to the validation result.
+ * This is needed always before the AUTH block is to be signed, because the
+ * name of the mandator has to be set
+ * @throws ParserConfigurationException
+ * @throws IOException
+ * @throws SAXException
+ * @throws TransformerException
+ */
+ private static ExtendedSAMLAttribute[] addExtendedSamlAttributes(MISMandate mandate, boolean business) throws SAXException, IOException, ParserConfigurationException, TransformerException {
+
+ Vector extendedSamlAttributes = new Vector();
+
+ extendedSamlAttributes.clear();
+
+ //extendedSamlAttributes.add(new ExtendedSAMLAttributeImpl(ParepValidator.EXT_SAML_MANDATE_RAW, mandate, SZRGWConstants.MANDATE_NS, ExtendedSAMLAttribute.NOT_ADD_TO_AUTHBLOCK));
+ // RepresentationType
+ extendedSamlAttributes.add(new ExtendedSAMLAttributeImpl(ParepValidator.EXT_SAML_MANDATE_REPRESENTATIONTYPE, ParepValidator.EXT_SAML_MANDATE_REPRESENTATIONTEXT, SZRGWConstants.MANDATE_NS, ExtendedSAMLAttribute.ADD_TO_AUTHBLOCK_ONLY));
+
+ // Name
+ Element domMandate = mandateToElement(mandate);
+ Element nameSpaceNode = domMandate.getOwnerDocument().createElement("NameSpaceNode");
+ nameSpaceNode.setAttribute("xmlns" + SZRGWConstants.PD_POSTFIX, Constants.PD_NS_URI);
+ nameSpaceNode.setAttribute("xmlns" + SZRGWConstants.MANDATE_POSTFIX, SZRGWConstants.MANDATE_NS);
+
+ Element mandator = (Element) XPathAPI.selectSingleNode(domMandate, "//md:Mandate/md:Mandator", nameSpaceNode);
+
+ // first check if physical person
+ Element name = (Element) XPathAPI.selectSingleNode(mandator, "descendant-or-self::pr:Name/pr:GivenName", nameSpaceNode);
+ String mandatorname = ParepUtils.extractMandatorName(mandator);
+
+ extendedSamlAttributes.add(new ExtendedSAMLAttributeImpl(ParepValidator.EXT_SAML_MANDATE_NAME, mandatorname, SZRGWConstants.MANDATE_NS, ExtendedSAMLAttribute.ADD_TO_AUTHBLOCK_ONLY));
+ // Geburtsdatum
+ String dob = ParepUtils.extractMandatorDateOfBirth(mandator);
+ if (dob != null && !"".equals(dob)) {
+ extendedSamlAttributes.add(new ExtendedSAMLAttributeImpl(ParepValidator.EXT_SAML_MANDATE_DOB, dob, SZRGWConstants.MANDATE_NS, ExtendedSAMLAttribute.ADD_TO_AUTHBLOCK_ONLY));
+
+ }
+
+ // Mandate
+ extendedSamlAttributes.add(new ExtendedSAMLAttributeImpl(ParepValidator.EXT_SAML_MANDATE_RAW, domMandate, SZRGWConstants.MANDATE_NS, ExtendedSAMLAttribute.NOT_ADD_TO_AUTHBLOCK));
+
+ // (w)bpk
+ String wbpk = ParepUtils.extractMandatorWbpk(mandator);
+ if (!ParepUtils.isEmpty(wbpk)) {
+ if (!ParepUtils.isPhysicalPerson(mandator)){
+ String idType = ParepUtils.extractMandatorIdentificationType(mandator);
+ if (!ParepUtils.isEmpty(idType) && idType.startsWith(Constants.URN_PREFIX_BASEID)) {
+ extendedSamlAttributes.add(new ExtendedSAMLAttributeImpl(ParepValidator.EXT_SAML_MANDATE_CB_BASE_ID, ParepUtils.getRegisterString(idType) + ": " + wbpk, SZRGWConstants.MANDATE_NS, ExtendedSAMLAttribute.ADD_TO_AUTHBLOCK_ONLY));
+ }
+ } else
+ if (business) {
+ extendedSamlAttributes.add(new ExtendedSAMLAttributeImpl(ParepValidator.EXT_SAML_MANDATE_WBPK, wbpk, SZRGWConstants.MANDATE_NS, ExtendedSAMLAttribute.ADD_TO_AUTHBLOCK_ONLY));
+ }
+ }
+
+ String oid = mandate.getProfRep();
+ if (oid != null) {
+ String oidDescription = mandate.getTextualDescriptionOfOID();
+ extendedSamlAttributes.add(new ExtendedSAMLAttributeImpl(ParepValidator.EXT_SAML_MANDATE_OIDTEXTUALDESCRIPTION, oidDescription, SZRGWConstants.MANDATE_NS, ExtendedSAMLAttribute.ADD_TO_AUTHBLOCK_ONLY));
+ }
+
+ ExtendedSAMLAttribute[] ret = new ExtendedSAMLAttribute[extendedSamlAttributes.size()];
+ extendedSamlAttributes.copyInto(ret);
+ Logger.debug("ExtendedSAML Attributes: " + ret.length);
+ return ret;
+
+
+
+ }
+
+ /**
+ *
+ * @param mandate
+ * @return
+ * @throws ParserConfigurationException
+ * @throws IOException
+ * @throws SAXException
+ */
+ private static Element mandateToElement(MISMandate mandate) throws SAXException, IOException, ParserConfigurationException {
+ ByteArrayInputStream bais = new ByteArrayInputStream(mandate.getMandate());
+ Document doc = DOMUtils.parseDocumentSimple(bais);
+ return doc.getDocumentElement();
+ }
private static void replaceExtendedSAMLAttribute(List attributes, ExtendedSAMLAttribute samlAttribute) {
if (null==attributes) {
attributes = new Vector();
@@ -1651,6 +1872,8 @@ public class AuthenticationServer implements MOAIDAuthConstants {
private static Object verifySAMLAttribute(ExtendedSAMLAttribute samlAttribute, int i, String identifier, String friendlyName)
throws ValidateException{
String name = samlAttribute.getName();
+
+
if (name == null) {
Logger.info("The name of SAML-Attribute number " + (i+1) + " returned from " +
identifier + "-infobox validator is null.");
@@ -1676,6 +1899,7 @@ public class AuthenticationServer implements MOAIDAuthConstants {
throw new ValidateException(
"validator.45", new Object[] {friendlyName ,"Wert", String.valueOf((i+1)), "null"});
}
- return value;
+
+ return value;
}
}
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/MOAIDAuthConstants.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/MOAIDAuthConstants.java
index 259b21db7..35dddb476 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/MOAIDAuthConstants.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/MOAIDAuthConstants.java
@@ -60,6 +60,8 @@ public interface MOAIDAuthConstants {
public static final String REQ_GET_FOREIGN_ID = "GetForeignID";
/** Request name {@link at.gv.egovernment.moa.id.auth.servlet.VerifyCertificateServlet} is mapped to */
public static final String REQ_VERIFY_CERTIFICATE = "VerifyCertificate";
+ /** Request name {@link at.gv.egovernment.moa.id.auth.servlet.GetMISSessionIDServlet} is mapped to */
+ public static final String GET_MIS_SESSIONID = "GetMISSessionID";
/** Request name {@link at.gv.egovernment.moa.id.auth.servlet.ProcessValidatorInputServlet} is mapped to */
public static final String REQ_PROCESS_VALIDATOR_INPUT = "ProcessInput";
/** Request name {@link at.gv.egovernment.moa.id.auth.servlet.VerifyAuthenticationBlockServlet} is mapped to */
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/GetIdentityLinkFormBuilder.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/GetIdentityLinkFormBuilder.java
index 2e1132d32..9bab8643f 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/GetIdentityLinkFormBuilder.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/GetIdentityLinkFormBuilder.java
@@ -82,6 +82,50 @@ public class GetIdentityLinkFormBuilder extends Builder {
"</form>" + nl +
"</body>" + nl +
"</html>";
+
+ /** default HTML template */
+ private static final String DEFAULT_HTML_TEMPLATE_FOR_MANDATES =
+ "<html>" + nl +
+ "<head>" + nl +
+ "<meta http-equiv=\"content-type\" content=\"text/html; charset=UTF-8\">" + nl +
+ "<title>Vollmachten-Anmeldung</title>" + nl +
+ "<script type=\"text/javascript\">" + nl +
+ "window.onload=function() {" + nl +
+ "document.VollmachtenForm.submit();" + nl +
+ "document.VollmachtenForm.Senden.disabled=true;" + nl +
+ "return;" + nl +
+ "}" + nl +
+ "</script>" + nl +
+ "</head>" + nl +
+ "<body>" + nl +
+ "<form name=\"VollmachtenForm\"" + nl +
+ " action=\"" + BKU_TAG + "\"" + nl +
+ " method=\"post\">" + nl +
+ " <input type=\"hidden\" " + nl +
+ " name=\"XMLRequest\"" + nl +
+ " value=\"" + XMLREQUEST_TAG + "\"/>" + nl +
+ " <input type=\"hidden\" " + nl +
+ " name=\"DataURL\"" + nl +
+ " value=\"" + DATAURL_TAG + "\"/>" + nl +
+ " <input type=\"hidden\" " + nl +
+ " name=\"PushInfobox\"" + nl +
+ " value=\"" + PUSHINFOBOX_TAG + "\"/>" + nl +
+ " <input type=\"submit\" value=\"Starte Signatur\" name=\"Senden\"/>" + nl +
+ "</form>" + nl +
+ "<form name=\"CertificateInfoForm\"" + nl +
+ " action=\"" + BKU_TAG + "\"" + nl +
+ " method=\"post\">" + nl +
+ " <input type=\"hidden\" " + nl +
+ " name=\"XMLRequest\"" + nl +
+ " value=\"" + CERTINFO_XMLREQUEST_TAG + "\"/>" + nl +
+ " <input type=\"hidden\" " + nl +
+ " name=\"DataURL\"" + nl +
+ " value=\"" + CERTINFO_DATAURL_TAG + "\"/>" + nl +
+// " <input type=\"submit\" value=\"Information zu Wurzelzertifikaten\"/>" + nl +
+ " <input type=\"hidden\" value=\"Information zu Wurzelzertifikaten\"/>" + nl +
+ "</form>" + nl +
+ "</body>" + nl +
+ "</html>";
/**
* Constructor for GetIdentityLinkFormBuilder.
@@ -119,6 +163,29 @@ public class GetIdentityLinkFormBuilder extends Builder {
htmlForm = replaceTag(htmlForm, CERTINFO_DATAURL_TAG, certInfoDataURL, true, ALL);
return htmlForm;
}
+
+ /**
+ * Builds the HTML form, including XML Request and data URL as parameters.
+ *
+ * @param htmlTemplate template to be used for the HTML form;
+ * may be <code>null</code>, in this case a default layout will be produced
+ * @param xmlRequest XML Request to be sent as a parameter in the form
+ * @param bkuURL URL of the "B&uuml;rgerkartenumgebung" the form will be submitted to;
+ * may be <code>null</code>, in this case the default URL will be used
+ * @param dataURL DataURL to be sent as a parameter in the form
+ */
+ public String buildCreateSignature(
+ String bkuURL,
+ String xmlRequest,
+ String dataURL)
+ throws BuildException
+ {
+ String htmlForm = DEFAULT_HTML_TEMPLATE_FOR_MANDATES;
+ htmlForm = replaceTag(htmlForm, BKU_TAG, bkuURL, true, ALL);
+ htmlForm = replaceTag(htmlForm, XMLREQUEST_TAG, encodeParameter(xmlRequest), true, ALL);
+ htmlForm = replaceTag(htmlForm, DATAURL_TAG, dataURL, true, ALL);
+ return htmlForm;
+ }
/**
* Encodes a string for inclusion as a parameter in the form.
* Double quotes are substituted by <code>"&amp;quot;"</code>.
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/VerifyXMLSignatureRequestBuilder.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/VerifyXMLSignatureRequestBuilder.java
index 2c97f01ae..a6b61e747 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/VerifyXMLSignatureRequestBuilder.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/VerifyXMLSignatureRequestBuilder.java
@@ -152,6 +152,85 @@ public class VerifyXMLSignatureRequestBuilder {
return requestElem_;
}
+ /**
+ * Builds a <code>&lt;VerifyXMLSignatureRequest&gt;</code>
+ * from an IdentityLink with a known trustProfileID which
+ * has to exist in MOA-SP
+ * @param identityLink - The IdentityLink
+ * @param trustProfileID - a preconfigured TrustProfile at MOA-SP
+ *
+ * @return Element - The complete request as Dom-Element
+ *
+ * @throws ParseException
+ */
+ public Element build(byte[]mandate, String trustProfileID)
+ throws ParseException
+ {
+ try {
+ // build the request
+// Element dateTimeElem = requestDoc_.createElementNS(MOA_NS_URI, "DateTime");
+// requestElem_.appendChild(dateTimeElem);
+// Node dateTime = requestDoc_.createTextNode(identityLink.getIssueInstant());
+// dateTimeElem.appendChild(dateTime);
+ Element verifiySignatureInfoElem =
+ requestDoc_.createElementNS(MOA_NS_URI, "VerifySignatureInfo");
+ requestElem_.appendChild(verifiySignatureInfoElem);
+ Element verifySignatureEnvironmentElem =
+ requestDoc_.createElementNS(MOA_NS_URI, "VerifySignatureEnvironment");
+ verifiySignatureInfoElem.appendChild(verifySignatureEnvironmentElem);
+ Element base64ContentElem = requestDoc_.createElementNS(MOA_NS_URI, "Base64Content");
+ verifySignatureEnvironmentElem.appendChild(base64ContentElem);
+ // insert the base64 encoded identity link SAML assertion
+ //String serializedAssertion = identityLink.getSerializedSamlAssertion();
+ //String base64EncodedAssertion = Base64Utils.encode(mandate.getBytes("UTF-8"));
+ String base64EncodedAssertion = Base64Utils.encode(mandate);
+ //replace all '\r' characters by no char.
+ StringBuffer replaced = new StringBuffer();
+ for (int i = 0; i < base64EncodedAssertion.length(); i ++) {
+ char c = base64EncodedAssertion.charAt(i);
+ if (c != '\r') {
+ replaced.append(c);
+ }
+ }
+ base64EncodedAssertion = replaced.toString();
+ Node base64Content = requestDoc_.createTextNode(base64EncodedAssertion);
+ base64ContentElem.appendChild(base64Content);
+ // specify the signature location
+ Element verifySignatureLocationElem =
+ requestDoc_.createElementNS(MOA_NS_URI, "VerifySignatureLocation");
+ verifiySignatureInfoElem.appendChild(verifySignatureLocationElem);
+ Node signatureLocation = requestDoc_.createTextNode(DSIG + "Signature");
+ verifySignatureLocationElem.appendChild(signatureLocation);
+ // signature manifest params
+ Element signatureManifestCheckParamsElem =
+ requestDoc_.createElementNS(MOA_NS_URI, "SignatureManifestCheckParams");
+ requestElem_.appendChild(signatureManifestCheckParamsElem);
+ signatureManifestCheckParamsElem.setAttribute("ReturnReferenceInputData", "false");
+// // add the transforms
+// Element referenceInfoElem = requestDoc_.createElementNS(MOA_NS_URI, "ReferenceInfo");
+// signatureManifestCheckParamsElem.appendChild(referenceInfoElem);
+// Element[] dsigTransforms = identityLink.getDsigReferenceTransforms();
+//
+// for (int i = 0; i < dsigTransforms.length; i++) {
+// Element verifyTransformsInfoProfileElem =
+// requestDoc_.createElementNS(MOA_NS_URI, "VerifyTransformsInfoProfile");
+// referenceInfoElem.appendChild(verifyTransformsInfoProfileElem);
+// verifyTransformsInfoProfileElem.appendChild(requestDoc_.importNode(dsigTransforms[i], true));
+// }
+ Element returnHashInputDataElem =
+ requestDoc_.createElementNS(MOA_NS_URI, "ReturnHashInputData");
+ requestElem_.appendChild(returnHashInputDataElem);
+ Element trustProfileIDElem = requestDoc_.createElementNS(MOA_NS_URI, "TrustProfileID");
+ trustProfileIDElem.appendChild(requestDoc_.createTextNode(trustProfileID));
+ requestElem_.appendChild(trustProfileIDElem);
+ } catch (Throwable t) {
+ throw new ParseException("builder.00",
+ new Object[] { "VerifyXMLSignatureRequest (IdentityLink)" }, t);
+ }
+
+ return requestElem_;
+ }
+
/**
* Builds a <code>&lt;VerifyXMLSignatureRequest&gt;</code>
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/data/AuthenticationSession.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/data/AuthenticationSession.java
index eca02a77b..554b5012e 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/data/AuthenticationSession.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/data/AuthenticationSession.java
@@ -68,6 +68,16 @@ public class AuthenticationSession {
* URL of the BKU
*/
private String bkuURL;
+
+ /**
+ * Use mandate
+ */
+ private boolean useMandate;
+
+ /**
+ * SessionID for MIS
+ */
+ private String misSessionID;
/**
* identity link read from smartcard
*/
@@ -582,4 +592,39 @@ public class AuthenticationSession {
this.pushInfobox = pushInfobox;
}
+ /**
+ *
+ * @param useMandate indicates if mandate is used or not
+ */
+ public void setUseMandate(String useMandate) {
+ if (useMandate.compareToIgnoreCase("true") == 0)
+ this.useMandate = true;
+ else
+ this.useMandate = false;
+
+ }
+
+ /**
+ * Returns if mandate is used or not
+ * @return
+ */
+ public boolean getUseMandate() {
+ return this.useMandate;
+ }
+
+ /**
+ *
+ * @param misSessionID indicates the MIS session ID
+ */
+ public void setMISSessionID(String misSessionID) {
+ this.misSessionID = misSessionID;
+ }
+
+ /**
+ * Returns the MIS session ID
+ * @return
+ */
+ public String getMISSessionID() {
+ return this.misSessionID;
+ }
}
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/GetForeignIDServlet.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/GetForeignIDServlet.java
index c83650587..9a6670617 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/GetForeignIDServlet.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/GetForeignIDServlet.java
@@ -219,11 +219,14 @@ public class GetForeignIDServlet extends AuthServlet {
try {
client.setSSLSocketFactory(SSLUtils.getSSLSocketFactory(AuthConfigurationProvider.getInstance(), connectionParameters));
} catch (IOException e) {
- throw new SZRGWClientException(e);
+ Logger.error("Could not initialize SSL Factory", e);
+ throw new SZRGWClientException("Could not initialize SSL Factory");
} catch (GeneralSecurityException e) {
- throw new SZRGWClientException(e);
+ Logger.error("Could not initialize SSL Factory", e);
+ throw new SZRGWClientException("Could not initialize SSL Factory");
} catch (PKIException e) {
- throw new SZRGWClientException(e);
+ Logger.error("Could not initialize SSL Factory", e);
+ throw new SZRGWClientException("Could not initialize SSL Factory");
}
}
Logger.info("Starte Kommunikation mit dem Stammzahlenregister Gateway(" + connectionParameters.getUrl() + ")...");
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/GetMISSessionIDServlet.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/GetMISSessionIDServlet.java
new file mode 100644
index 000000000..4c0abdb0f
--- /dev/null
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/GetMISSessionIDServlet.java
@@ -0,0 +1,174 @@
+package at.gv.egovernment.moa.id.auth.servlet;
+
+import iaik.pki.PKIException;
+
+import java.io.IOException;
+import java.io.PrintWriter;
+import java.security.GeneralSecurityException;
+import java.util.List;
+import java.util.Map;
+
+import javax.net.ssl.SSLSocketFactory;
+import javax.servlet.ServletException;
+import javax.servlet.http.HttpServletRequest;
+import javax.servlet.http.HttpServletResponse;
+
+import org.apache.commons.fileupload.FileUploadException;
+import org.apache.commons.lang.StringEscapeUtils;
+
+import at.gv.egovernment.moa.id.BuildException;
+import at.gv.egovernment.moa.id.MOAIDException;
+import at.gv.egovernment.moa.id.auth.AuthenticationServer;
+import at.gv.egovernment.moa.id.auth.MOAIDAuthConstants;
+import at.gv.egovernment.moa.id.auth.WrongParametersException;
+import at.gv.egovernment.moa.id.auth.builder.DataURLBuilder;
+import at.gv.egovernment.moa.id.auth.builder.GetIdentityLinkFormBuilder;
+import at.gv.egovernment.moa.id.auth.data.AuthenticationSession;
+import at.gv.egovernment.moa.id.config.ConnectionParameter;
+import at.gv.egovernment.moa.id.config.auth.AuthConfigurationProvider;
+import at.gv.egovernment.moa.id.util.ParamValidatorUtils;
+import at.gv.egovernment.moa.id.util.SSLUtils;
+import at.gv.egovernment.moa.id.util.client.mis.simple.MISMandate;
+import at.gv.egovernment.moa.id.util.client.mis.simple.MISSimpleClient;
+import at.gv.egovernment.moa.id.util.client.mis.simple.MISSimpleClientException;
+import at.gv.egovernment.moa.logging.Logger;
+
+/**
+ * Servlet requested for getting the foreign eID
+ * provided by the security layer implementation.
+ * Utilizes the {@link AuthenticationServer}.
+ *
+ */
+public class GetMISSessionIDServlet extends AuthServlet {
+
+ /**
+ * Constructor for GetMISSessionIDServlet.
+ */
+ public GetMISSessionIDServlet() {
+ super();
+ }
+
+ /**
+ * GET requested by security layer implementation to verify
+ * that data URL resource is available.
+ * @see javax.servlet.http.HttpServlet#doGet(HttpServletRequest, HttpServletResponse)
+ */
+ protected void doGet(HttpServletRequest req, HttpServletResponse resp)
+ throws ServletException, IOException {
+
+ doPost(req, resp);
+
+// Logger.debug("GET GetMISSessionIDServlet");
+//
+// resp.setHeader(MOAIDAuthConstants.HEADER_EXPIRES,MOAIDAuthConstants.HEADER_VALUE_EXPIRES);
+// resp.setHeader(MOAIDAuthConstants.HEADER_PRAGMA,MOAIDAuthConstants.HEADER_VALUE_PRAGMA);
+// resp.setHeader(MOAIDAuthConstants.HEADER_CACHE_CONTROL,MOAIDAuthConstants.HEADER_VALUE_CACHE_CONTROL);
+// resp.addHeader(MOAIDAuthConstants.HEADER_CACHE_CONTROL,MOAIDAuthConstants.HEADER_VALUE_CACHE_CONTROL_IE);
+ }
+
+ /**
+ * Gets the signer certificate from the InfoboxReadRequest and
+ * responds with a new
+ * <code>CreateXMLSignatureRequest</code>.
+ * <br>
+ * Request parameters:
+ * <ul>
+ * <li>MOASessionID: ID of associated authentication session</li>
+ * <li>XMLResponse: <code>&lt;InfoboxReadResponse&gt;</code></li>
+ * </ul>
+ * @see javax.servlet.http.HttpServlet#doPost(HttpServletRequest, HttpServletResponse)
+ */
+ protected void doPost(HttpServletRequest req, HttpServletResponse resp)
+ throws ServletException, IOException {
+
+ Logger.debug("POST GetMISSessionIDServlet");
+
+ resp.setHeader(MOAIDAuthConstants.HEADER_EXPIRES,MOAIDAuthConstants.HEADER_VALUE_EXPIRES);
+ resp.setHeader(MOAIDAuthConstants.HEADER_PRAGMA,MOAIDAuthConstants.HEADER_VALUE_PRAGMA);
+ resp.setHeader(MOAIDAuthConstants.HEADER_CACHE_CONTROL,MOAIDAuthConstants.HEADER_VALUE_CACHE_CONTROL);
+ resp.addHeader(MOAIDAuthConstants.HEADER_CACHE_CONTROL,MOAIDAuthConstants.HEADER_VALUE_CACHE_CONTROL_IE);
+
+// Map parameters;
+// try
+// {
+// parameters = getParameters(req);
+// } catch (FileUploadException e)
+// {
+// Logger.error("Parsing mulitpart/form-data request parameters failed: " + e.getMessage());
+// throw new IOException(e.getMessage());
+// }
+
+ String sessionID = req.getParameter(PARAM_SESSIONID);
+
+ // escape parameter strings
+ sessionID = StringEscapeUtils.escapeHtml(sessionID);
+
+ AuthenticationSession session = null;
+ try {
+ // check parameter
+ if (!ParamValidatorUtils.isValidSessionID(sessionID))
+ throw new WrongParametersException("VerifyCertificate", PARAM_SESSIONID, "auth.12");
+
+ session = AuthenticationServer.getSession(sessionID);
+
+ String misSessionID = session.getMISSessionID();
+
+ //System.out.println("MIS Session ID (GetMISServlet): " + misSessionID);
+
+ AuthConfigurationProvider authConf= AuthConfigurationProvider.getInstance();
+ ConnectionParameter connectionParameters = authConf.getOnlineMandatesConnectionParameter();
+ SSLSocketFactory sslFactory = SSLUtils.getSSLSocketFactory(AuthConfigurationProvider.getInstance(), connectionParameters);
+
+ List list = MISSimpleClient.sendGetMandatesRequest(connectionParameters.getUrl(), misSessionID, sslFactory);
+
+ if (list == null) {
+ Logger.error("Keine Vollmacht gefunden.");
+ throw new MISSimpleClientException("Keine Vollmacht gefunden");
+ }
+ if (list.size() == 0) {
+ Logger.error("Keine Vollmacht gefunden.");
+ throw new MISSimpleClientException("Keine Vollmacht gefunden");
+ }
+
+ // for now: list contains only one element
+ MISMandate mandate = (MISMandate)list.get(0);
+
+ // verify mandate signature
+ String createXMLSignatureRequestOrRedirect = AuthenticationServer.getInstance().verifyMandate(sessionID, mandate);
+
+ String dataurl =
+ new DataURLBuilder().buildDataURL(
+ session.getAuthURL(),
+ REQ_VERIFY_AUTH_BLOCK,
+ session.getSessionID());
+
+ Logger.debug(createXMLSignatureRequestOrRedirect);
+
+ String request = getHTMLForm(createXMLSignatureRequestOrRedirect, session.getBkuURL(), dataurl);
+
+ resp.setContentType("text/html;charset=UTF-8");
+ PrintWriter out = new PrintWriter(resp.getOutputStream());
+ out.print(request);
+ out.flush();
+
+
+ }
+ catch (MOAIDException ex) {
+ handleError(null, ex, req, resp);
+ } catch (GeneralSecurityException ex) {
+ handleError(null, ex, req, resp);
+ } catch (PKIException e) {
+ handleError(null, e, req, resp);
+ } catch (MISSimpleClientException e) {
+ handleError(null, e, req, resp);
+ }
+ }
+
+ private static String getHTMLForm(String request, String bkuURI, String dataURL) throws BuildException {
+ return new GetIdentityLinkFormBuilder().buildCreateSignature(bkuURI, request, dataURL);
+
+ }
+
+
+
+ }
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/ProcessValidatorInputServlet.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/ProcessValidatorInputServlet.java
index 54d08c59e..b50a1edde 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/ProcessValidatorInputServlet.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/ProcessValidatorInputServlet.java
@@ -68,8 +68,8 @@ public class ProcessValidatorInputServlet extends AuthServlet {
* @see javax.servlet.http.HttpServlet#doGet(HttpServletRequest, HttpServletResponse)
*/
protected void doGet(HttpServletRequest req, HttpServletResponse resp)
- throws ServletException, IOException {
-
+ throws ServletException, IOException {
+
Logger.debug("GET ProcessInput");
resp.setHeader(MOAIDAuthConstants.HEADER_EXPIRES,MOAIDAuthConstants.HEADER_VALUE_EXPIRES);
resp.setHeader(MOAIDAuthConstants.HEADER_PRAGMA,MOAIDAuthConstants.HEADER_VALUE_PRAGMA);
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/StartAuthenticationServlet.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/StartAuthenticationServlet.java
index 10b4041df..2e7d59fde 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/StartAuthenticationServlet.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/StartAuthenticationServlet.java
@@ -15,11 +15,14 @@
*/
package at.gv.egovernment.moa.id.auth.servlet;
+import iaik.pki.PKIException;
+
import java.io.IOException;
import java.io.PrintWriter;
-import java.io.Reader;
-import java.io.StringReader;
+import java.security.GeneralSecurityException;
+import java.util.List;
+import javax.net.ssl.SSLSocketFactory;
import javax.servlet.ServletConfig;
import javax.servlet.ServletException;
import javax.servlet.http.HttpServletRequest;
@@ -31,8 +34,14 @@ import at.gv.egovernment.moa.id.MOAIDException;
import at.gv.egovernment.moa.id.auth.AuthenticationServer;
import at.gv.egovernment.moa.id.auth.MOAIDAuthInitializer;
import at.gv.egovernment.moa.id.auth.WrongParametersException;
+import at.gv.egovernment.moa.id.config.ConfigurationException;
+import at.gv.egovernment.moa.id.config.ConnectionParameter;
+import at.gv.egovernment.moa.id.config.auth.AuthConfigurationProvider;
import at.gv.egovernment.moa.id.util.MOAIDMessageProvider;
import at.gv.egovernment.moa.id.util.ParamValidatorUtils;
+import at.gv.egovernment.moa.id.util.SSLUtils;
+import at.gv.egovernment.moa.id.util.client.mis.simple.MISSimpleClient;
+import at.gv.egovernment.moa.id.util.client.mis.simple.MISSimpleClientException;
import at.gv.egovernment.moa.logging.Logger;
/**
@@ -88,8 +97,7 @@ public class StartAuthenticationServlet extends AuthServlet {
resp.setHeader(HEADER_CACHE_CONTROL,HEADER_VALUE_CACHE_CONTROL);
resp.addHeader(HEADER_CACHE_CONTROL,HEADER_VALUE_CACHE_CONTROL_IE);
- //System.out.println("useMandate: " + useMandate);
-
+
try {
// check parameter
if (!ParamValidatorUtils.isValidTarget(target))
@@ -109,7 +117,7 @@ public class StartAuthenticationServlet extends AuthServlet {
String getIdentityLinkForm =
- AuthenticationServer.getInstance().startAuthentication(authURL, target, oaURL, templateURL, bkuURL, sessionID, req.getScheme());
+ AuthenticationServer.getInstance().startAuthentication(authURL, target, oaURL, templateURL, bkuURL, useMandate, sessionID, req.getScheme());
resp.setContentType("text/html;charset=UTF-8");
PrintWriter out = new PrintWriter(resp.getOutputStream());
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/VerifyAuthenticationBlockServlet.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/VerifyAuthenticationBlockServlet.java
index ad01de6c8..f1fb15be0 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/VerifyAuthenticationBlockServlet.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/VerifyAuthenticationBlockServlet.java
@@ -61,6 +61,8 @@ public class VerifyAuthenticationBlockServlet extends AuthServlet {
protected void doGet(HttpServletRequest req, HttpServletResponse resp)
throws ServletException, IOException {
+ //doPost(req, resp);
+
Logger.debug("GET VerifyAuthenticationBlock");
resp.setHeader(MOAIDAuthConstants.HEADER_EXPIRES,MOAIDAuthConstants.HEADER_VALUE_EXPIRES);
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/VerifyCertificateServlet.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/VerifyCertificateServlet.java
index 76c5476ae..d101df1fa 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/VerifyCertificateServlet.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/VerifyCertificateServlet.java
@@ -8,12 +8,14 @@ import java.security.GeneralSecurityException;
import java.security.cert.CertificateEncodingException;
import java.util.Map;
+import javax.net.ssl.SSLSocketFactory;
import javax.servlet.ServletException;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import javax.xml.parsers.DocumentBuilder;
import javax.xml.parsers.DocumentBuilderFactory;
import javax.xml.parsers.ParserConfigurationException;
+import javax.xml.transform.TransformerException;
import org.apache.axis.encoding.Base64;
import org.apache.commons.fileupload.FileUploadException;
@@ -22,24 +24,25 @@ import org.w3c.dom.Document;
import org.w3c.dom.Element;
import org.w3c.dom.Text;
+import at.gv.egovernment.moa.id.AuthenticationException;
import at.gv.egovernment.moa.id.MOAIDException;
import at.gv.egovernment.moa.id.auth.AuthenticationServer;
import at.gv.egovernment.moa.id.auth.MOAIDAuthConstants;
import at.gv.egovernment.moa.id.auth.WrongParametersException;
import at.gv.egovernment.moa.id.auth.builder.DataURLBuilder;
import at.gv.egovernment.moa.id.auth.data.AuthenticationSession;
-import at.gv.egovernment.moa.id.auth.validator.parep.client.szrgw.CreateIdentityLinkResponse;
-import at.gv.egovernment.moa.id.auth.validator.parep.client.szrgw.SZRGWClient;
-import at.gv.egovernment.moa.id.auth.validator.parep.client.szrgw.SZRGWClientException;
import at.gv.egovernment.moa.id.auth.validator.parep.client.szrgw.SZRGWConstants;
-import at.gv.egovernment.moa.id.config.ConfigurationException;
import at.gv.egovernment.moa.id.config.ConnectionParameter;
import at.gv.egovernment.moa.id.config.auth.AuthConfigurationProvider;
-import at.gv.egovernment.moa.id.util.MOAIDMessageProvider;
+import at.gv.egovernment.moa.id.config.auth.OAAuthParameter;
import at.gv.egovernment.moa.id.util.ParamValidatorUtils;
import at.gv.egovernment.moa.id.util.SSLUtils;
import at.gv.egovernment.moa.id.util.ServletUtils;
+import at.gv.egovernment.moa.id.util.client.mis.simple.MISSessionId;
+import at.gv.egovernment.moa.id.util.client.mis.simple.MISSimpleClient;
+import at.gv.egovernment.moa.id.util.client.mis.simple.MISSimpleClientException;
import at.gv.egovernment.moa.logging.Logger;
+import at.gv.egovernment.moa.util.DOMUtils;
/**
* Servlet requested for getting the foreign eID
@@ -116,25 +119,96 @@ public class VerifyCertificateServlet extends AuthServlet {
session = AuthenticationServer.getSession(sessionID);
- X509Certificate cert = AuthenticationServer.getInstance().getCertificate(sessionID, parameters);
-
- String createXMLSignatureRequest = AuthenticationServer.getInstance().createXMLSignatureRequestForeignID(sessionID, cert);
- // build dataurl (to the GetForeignIDSerlvet)
- String dataurl =
- new DataURLBuilder().buildDataURL(
- session.getAuthURL(),
- REQ_GET_FOREIGN_ID,
- session.getSessionID());
-
- ServletUtils.writeCreateXMLSignatureRequest(resp, session, createXMLSignatureRequest, AuthenticationServer.REQ_PROCESS_VALIDATOR_INPUT, "GetForeignID", dataurl);
+ X509Certificate cert = AuthenticationServer.getInstance().getCertificate(sessionID, parameters);
+ if (cert == null) {
+ Logger.error("Certificate could not be read.");
+ throw new AuthenticationException("auth.14", null);
+ }
+
+ boolean useMandate = session.getUseMandate();
+ if (useMandate) {
+ // Mandate Modus
+ // make request to MIS
+
+ AuthConfigurationProvider authConf= AuthConfigurationProvider.getInstance();
+ ConnectionParameter connectionParameters = authConf.getOnlineMandatesConnectionParameter();
+ SSLSocketFactory sslFactory = SSLUtils.getSSLSocketFactory(AuthConfigurationProvider.getInstance(), connectionParameters);
+
+ // get identitity link as byte[]
+ Element elem = session.getIdentityLink().getSamlAssertion();
+ String s = DOMUtils.serializeNode(elem);
+// byte[] idl = DOMUtils.nodeToByteArray(elem);
+// String s = new String(idl);
+ byte[] idl = s.getBytes();
+
+ // redirect url
+ // build redirect(to the GetMISSessionIdSerlvet)
+ String redirectURL =
+ new DataURLBuilder().buildDataURL(
+ session.getAuthURL(),
+ GET_MIS_SESSIONID,
+ session.getSessionID());
+
+ String oaURL = session.getOAURLRequested();
+ OAAuthParameter oaParam = authConf.getOnlineApplicationParameter(oaURL);
+ String profiles = oaParam.getMandateProfiles();
+
+ if (profiles == null) {
+ Logger.error("No Mandate/Profile for OA configured.");
+ throw new AuthenticationException("auth.16", new Object[] { GET_MIS_SESSIONID});
+ }
+
+ String profilesArray[] = profiles.split(",");
+ for(int i = 0; i < profilesArray.length; i++) {
+ profilesArray[i] = profilesArray[i].trim();
+ }
+
+ MISSessionId misSessionID = MISSimpleClient.sendSessionIdRequest(connectionParameters.getUrl(), idl, cert.getEncoded(), redirectURL, profilesArray, sslFactory);
+ String redirectMISGUI = misSessionID.getRedirectURL();
+
+ if (misSessionID == null) {
+ Logger.error("Fehler bei Anfrage an Vollmachten Service. MIS Session ID ist null.");
+ throw new MISSimpleClientException("Fehler bei Anfrage an Vollmachten Service.");
+ }
+
+ session.setMISSessionID(misSessionID.getSessiondId());
+
+ resp.setStatus(302);
+ resp.addHeader("Location", redirectMISGUI);
+ Logger.debug("REDIRECT TO: " + redirectURL);
+
+ }
+ else {
+ // Foreign Identities Modus
+
+ String createXMLSignatureRequest = AuthenticationServer.getInstance().createXMLSignatureRequestForeignID(sessionID, cert);
+ // build dataurl (to the GetForeignIDSerlvet)
+ String dataurl =
+ new DataURLBuilder().buildDataURL(
+ session.getAuthURL(),
+ REQ_GET_FOREIGN_ID,
+ session.getSessionID());
+
+ ServletUtils.writeCreateXMLSignatureRequest(resp, session, createXMLSignatureRequest, AuthenticationServer.REQ_PROCESS_VALIDATOR_INPUT, "GetForeignID", dataurl);
+
+
+ Logger.debug("Send CreateXMLSignatureRequest to BKU");
+ }
- Logger.debug("Send CreateXMLSignatureRequest to BKU");
}
catch (MOAIDException ex) {
handleError(null, ex, req, resp);
- }
+ } catch (GeneralSecurityException ex) {
+ handleError(null, ex, req, resp);
+ } catch (PKIException e) {
+ handleError(null, e, req, resp);
+ } catch (MISSimpleClientException e) {
+ handleError(null, e, req, resp);
+ } catch (TransformerException e) {
+ handleError(null, e, req, resp);
+ }
}
/**
@@ -161,58 +235,58 @@ public class VerifyCertificateServlet extends AuthServlet {
* @throws SZRGWClientException
*/
/*private Element getIdentityLink(Element signature) throws SZRGWClientException {*/
- private Element getIdentityLink(X509Certificate cert) throws SZRGWClientException {
-
- SZRGWClient client = new SZRGWClient();
-
- try {
- AuthConfigurationProvider authConf = AuthConfigurationProvider.getInstance();
- ConnectionParameter connectionParameters = authConf.getForeignIDConnectionParameter();
- //url = "http://localhost:8081/szr-gateway/services/IdentityLinkCreation";
- Logger.debug("Connection Parameters: " + connectionParameters);
- client.setAddress(connectionParameters.getUrl());
- if (connectionParameters.getUrl().toLowerCase().startsWith("https:")) {
- Logger.debug("Initialisiere SSL Verbindung");
- try {
- client.setSSLSocketFactory(SSLUtils.getSSLSocketFactory(AuthConfigurationProvider.getInstance(), connectionParameters));
- } catch (IOException e) {
- // TODO Auto-generated catch block
- e.printStackTrace();
- } catch (GeneralSecurityException e) {
- // TODO Auto-generated catch block
- e.printStackTrace();
- } catch (PKIException e) {
- // TODO Auto-generated catch block
- e.printStackTrace();
- }
- }
-
- Logger.info("Starte Kommunikation mit dem Stammzahlenregister Gateway(" + connectionParameters.getUrl() + ")...");
-
-
- }
- catch (ConfigurationException e) {
- Logger.warn(e);
- Logger.warn(MOAIDMessageProvider.getInstance().getMessage("config.12", null ));
-
- }
- // create request
- Document doc = buildGetIdentityLinkRequest(cert);
- Element request = doc.getDocumentElement();
- CreateIdentityLinkResponse response = null;
-
- //try {
- response = client.createIdentityLinkResponse(request);
- //} catch (SZRGWClientException e) {
- // give him a second try - Nach dem Starten des Tomcat wird beim ersten Mal das Client-Zertifikat offenbar vom HTTPClient nicht mitgeschickt.
- // client = new SZRGWClient(url);
- // response = client.createIdentityLinkResponse(request);
- // }
-
-
- return response.getAssertion();
-
- }
+// private Element getIdentityLink(X509Certificate cert) throws SZRGWClientException {
+//
+// SZRGWClient client = new SZRGWClient();
+//
+// try {
+// AuthConfigurationProvider authConf = AuthConfigurationProvider.getInstance();
+// ConnectionParameter connectionParameters = authConf.getForeignIDConnectionParameter();
+// //url = "http://localhost:8081/szr-gateway/services/IdentityLinkCreation";
+// Logger.debug("Connection Parameters: " + connectionParameters);
+// client.setAddress(connectionParameters.getUrl());
+// if (connectionParameters.getUrl().toLowerCase().startsWith("https:")) {
+// Logger.debug("Initialisiere SSL Verbindung");
+// try {
+// client.setSSLSocketFactory(SSLUtils.getSSLSocketFactory(AuthConfigurationProvider.getInstance(), connectionParameters));
+// } catch (IOException e) {
+// // TODO Auto-generated catch block
+// e.printStackTrace();
+// } catch (GeneralSecurityException e) {
+// // TODO Auto-generated catch block
+// e.printStackTrace();
+// } catch (PKIException e) {
+// // TODO Auto-generated catch block
+// e.printStackTrace();
+// }
+// }
+//
+// Logger.info("Starte Kommunikation mit dem Stammzahlenregister Gateway(" + connectionParameters.getUrl() + ")...");
+//
+//
+// }
+// catch (ConfigurationException e) {
+// Logger.warn(e);
+// Logger.warn(MOAIDMessageProvider.getInstance().getMessage("config.12", null ));
+//
+// }
+// // create request
+// Document doc = buildGetIdentityLinkRequest(cert);
+// Element request = doc.getDocumentElement();
+// CreateIdentityLinkResponse response = null;
+//
+// //try {
+// response = client.createIdentityLinkResponse(request);
+// //} catch (SZRGWClientException e) {
+// // give him a second try - Nach dem Starten des Tomcat wird beim ersten Mal das Client-Zertifikat offenbar vom HTTPClient nicht mitgeschickt.
+// // client = new SZRGWClient(url);
+// // response = client.createIdentityLinkResponse(request);
+// // }
+//
+//
+// return response.getAssertion();
+//
+// }
/**
* Builds the szrgw:GetIdentityLinkRequest für the SZR-GW
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/VerifyIdentityLinkServlet.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/VerifyIdentityLinkServlet.java
index dff366829..23861d290 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/VerifyIdentityLinkServlet.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/VerifyIdentityLinkServlet.java
@@ -18,6 +18,7 @@ package at.gv.egovernment.moa.id.auth.servlet;
import java.io.IOException;
import java.util.Map;
+import javax.net.ssl.SSLSocketFactory;
import javax.servlet.ServletException;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
@@ -25,6 +26,7 @@ import javax.servlet.http.HttpServletResponse;
import org.apache.commons.fileupload.FileUploadException;
import org.apache.commons.lang.StringEscapeUtils;
+import at.gv.egovernment.moa.id.AuthenticationException;
import at.gv.egovernment.moa.id.MOAIDException;
import at.gv.egovernment.moa.id.ParseException;
import at.gv.egovernment.moa.id.auth.AuthenticationServer;
@@ -33,7 +35,10 @@ import at.gv.egovernment.moa.id.auth.WrongParametersException;
import at.gv.egovernment.moa.id.auth.builder.DataURLBuilder;
import at.gv.egovernment.moa.id.auth.builder.InfoboxReadRequestBuilderCertificate;
import at.gv.egovernment.moa.id.auth.data.AuthenticationSession;
+import at.gv.egovernment.moa.id.config.ConnectionParameter;
+import at.gv.egovernment.moa.id.config.auth.AuthConfigurationProvider;
import at.gv.egovernment.moa.id.util.ParamValidatorUtils;
+import at.gv.egovernment.moa.id.util.SSLUtils;
import at.gv.egovernment.moa.id.util.ServletUtils;
import at.gv.egovernment.moa.logging.Logger;
@@ -126,11 +131,17 @@ public class VerifyIdentityLinkServlet extends AuthServlet {
if (createXMLSignatureRequestOrRedirect == null) {
// no identity link found
+ boolean useMandate = session.getUseMandate();
+ if (useMandate) {
+ Logger.error("Online-Mandate Mode for foreign citizencs not supported.");
+ throw new AuthenticationException("auth.13", null);
+ }
+
try {
Logger.debug("Send InfoboxReadRequest to BKU to get signer certificate.");
- // create the InfoboxReadRequest to get the certificate
+ // create the InfoboxReadRequest to get the certificate
String infoboxReadRequest = new InfoboxReadRequestBuilderCertificate().build(true);
// build dataurl (to the GetForeignIDSerlvet)
@@ -142,6 +153,7 @@ public class VerifyIdentityLinkServlet extends AuthServlet {
ServletUtils.writeCreateXMLSignatureRequest(resp, session, infoboxReadRequest, AuthenticationServer.REQ_PROCESS_VALIDATOR_INPUT, "VerifyIdentityLink", dataurl);
+
}
catch(Exception e) {
@@ -150,7 +162,28 @@ public class VerifyIdentityLinkServlet extends AuthServlet {
}
else {
- ServletUtils.writeCreateXMLSignatureRequestOrRedirect(resp, session, createXMLSignatureRequestOrRedirect, AuthenticationServer.REQ_PROCESS_VALIDATOR_INPUT, "VerifyIdentityLink");
+ boolean useMandate = session.getUseMandate();
+ if (useMandate) { // Mandate modus
+ // read certificate and set dataurl to VerifyCertificateForMandatesServlet
+
+ Logger.debug("Send InfoboxReadRequest to BKU to get signer certificate.");
+
+ String infoboxReadRequest = new InfoboxReadRequestBuilderCertificate().build(true);
+
+ // build dataurl (to the GetForeignIDSerlvet)
+ String dataurl =
+ new DataURLBuilder().buildDataURL(
+ session.getAuthURL(),
+ REQ_VERIFY_CERTIFICATE,
+ session.getSessionID());
+
+
+ ServletUtils.writeCreateXMLSignatureRequest(resp, session, infoboxReadRequest, AuthenticationServer.REQ_PROCESS_VALIDATOR_INPUT, "VerifyIdentityLink", dataurl);
+
+ }
+ else {
+ ServletUtils.writeCreateXMLSignatureRequestOrRedirect(resp, session, createXMLSignatureRequestOrRedirect, AuthenticationServer.REQ_PROCESS_VALIDATOR_INPUT, "VerifyIdentityLink");
+ }
}
}
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/validator/parep/ParepUtils.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/validator/parep/ParepUtils.java
index a8e22562a..51551834e 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/validator/parep/ParepUtils.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/validator/parep/ParepUtils.java
@@ -43,6 +43,7 @@ import at.gv.egovernment.moa.id.config.ConfigurationException;
import at.gv.egovernment.moa.logging.Logger;
import at.gv.egovernment.moa.util.BoolUtils;
import at.gv.egovernment.moa.util.Constants;
+import at.gv.egovernment.moa.util.DOMUtils;
import at.gv.egovernment.moa.util.StringUtils;
/**
@@ -245,9 +246,13 @@ public class ParepUtils {
try {
Element nameSpaceNode = mandator.getOwnerDocument().createElement("NameSpaceNode");
nameSpaceNode.setAttribute("xmlns" + SZRGWConstants.PD_POSTFIX, Constants.PD_NS_URI);
-
+
+ String s = DOMUtils.serializeNode(mandator);
+
// check if physical person
- Element physicalPerson = (Element) XPathAPI.selectSingleNode(mandator, "descendant-or-self::pr:PhysicalPerson", nameSpaceNode);
+ Element physicalPerson = (Element) XPathAPI.selectSingleNode(mandator, "descendant-or-self::pr:PhysicalPerson", nameSpaceNode);
+
+
// Element physicalPerson = (Element)XPathAPI.selectSingleNode(mandator,
// "descendant-or-self::pr:CorporateBody", nameSpaceNode);
return physicalPerson != null;
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/validator/parep/ParepValidator.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/validator/parep/ParepValidator.java
index 2a0126b82..9d5c0f7cf 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/validator/parep/ParepValidator.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/validator/parep/ParepValidator.java
@@ -95,7 +95,11 @@ public class ParepValidator implements InfoboxValidator {
public final static String EXT_SAML_MANDATE_NAME = "MandatorName";
public final static String EXT_SAML_MANDATE_DOB = "MandatorDateOfBirth";
public final static String EXT_SAML_MANDATE_WBPK = "MandatorWbpk";
- public final static String EXT_SAML_MANDATE_REPRESENTATIONTYPE = "RepresentationType";
+ public final static String EXT_SAML_MANDATE_REPRESENTATIONTYPE = "RepresentationType";
+ public final static String EXT_SAML_MANDATE_OIDTEXTUALDESCRIPTION = "OIDTextualDescription";
+
+ /** */
+ public final static String EXT_SAML_MANDATE_REPRESENTATIONTEXT = "Vollmachtsvertreter";
/** register and register number for non physical persons - the domain identifier for business applications*/
public final static String EXT_SAML_MANDATE_CB_BASE_ID = "MandatorDomainIdentifier";
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/ConfigurationBuilder.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/ConfigurationBuilder.java
index dbfbda535..b5275cdd5 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/ConfigurationBuilder.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/ConfigurationBuilder.java
@@ -125,6 +125,10 @@ public class ConfigurationBuilder {
public static final String AUTH_FOREIGN_IDENTITIES_XPATH =
ROOT + CONF + "AuthComponent/" + CONF + "ForeignIdentities";
+ /** an XPATH-Expression */
+ public static final String AUTH_ONLINEMANDATES_XPATH =
+ ROOT + CONF + "AuthComponent/" + CONF + "OnlineMandates";
+
/** an XPATH-Expression */
@@ -146,6 +150,8 @@ public class ConfigurationBuilder {
/** an XPATH-Expression */
protected static final String OA_AUTH_COMPONENT_VERIFY_INFOBOXES_XPATH = CONF + "VerifyInfoboxes";
/** an XPATH-Expression */
+ protected static final String OA_AUTH_COMPONENT_MANDATES_PROFILES_XPATH = CONF + "Mandates" + "/" + CONF + "Profiles";
+ /** an XPATH-Expression */
protected static final String CONNECTION_PARAMETER_URL_XPATH =
CONF + "ConnectionParameter/@URL";
/** an XPATH-Expression */
@@ -242,6 +248,18 @@ public class ConfigurationBuilder {
return buildConnectionParameter(foreignid);
}
+
+ /**
+ * Build a ConnectionParameter containing all information
+ * of the OnlineMandates element in the authentication component
+ * @return ConnectionParameter of the authentication component OnlineMandates element
+ */
+ public ConnectionParameter buildOnlineMandatesConnectionParameter() {
+ Element onlinemandates = (Element)XPathUtils.selectSingleNode(configElem_, AUTH_ONLINEMANDATES_XPATH);
+ if (onlinemandates==null) return null;
+ return buildConnectionParameter(onlinemandates);
+
+ }
/**
* Method buildAuthBKUSelectionType.
@@ -529,7 +547,19 @@ public class ConfigurationBuilder {
}
Node verifyInfoboxParamtersNode = XPathUtils.selectSingleNode(authComponent, OA_AUTH_COMPONENT_VERIFY_INFOBOXES_XPATH);
oap.setVerifyInfoboxParameters(buildVerifyInfoboxParameters(
- verifyInfoboxParamtersNode, defaultVerifyInfoboxParameters, moaSpIdentityLinkTrustProfileID));
+ verifyInfoboxParamtersNode, defaultVerifyInfoboxParameters, moaSpIdentityLinkTrustProfileID));
+
+ Node mandateProfilesNode = XPathUtils.selectSingleNode(authComponent, OA_AUTH_COMPONENT_MANDATES_PROFILES_XPATH);
+ if (mandateProfilesNode != null) {
+ if ("businessService".equalsIgnoreCase(oaType)) {
+ Logger.error("No Online Mandate Modus for OA of type \"businessService\" allowed.");
+ throw new ConfigurationException("config.02", null);
+ }
+ else {
+ String profiles = DOMUtils.getText(mandateProfilesNode);
+ oap.setMandateProfiles(profiles);
+ }
+ }
}
OA_set.add(oap);
}
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/auth/AuthConfigurationProvider.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/auth/AuthConfigurationProvider.java
index 6e296b4f4..ceb047280 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/auth/AuthConfigurationProvider.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/auth/AuthConfigurationProvider.java
@@ -165,6 +165,11 @@ public class AuthConfigurationProvider extends ConfigurationProvider {
private ConnectionParameter foreignIDConnectionParameter;
/**
+ * parameter for connection to OnlineMandates Service
+ */
+ private ConnectionParameter onlineMandatesConnectionParameter;
+
+ /**
* Parameter for trusted BKUs
*/
private List trustedBKUs;
@@ -271,6 +276,7 @@ public class AuthConfigurationProvider extends ConfigurationProvider {
foreignIDConnectionParameter = builder.buildForeignIDConnectionParameter();
+ onlineMandatesConnectionParameter = builder.buildOnlineMandatesConnectionParameter();
onlineApplicationAuthParameters = builder.buildOnlineApplicationAuthParameters(defaultVerifyInfoboxParameters, moaSpIdentityLinkTrustProfileID);
identityLinkX509SubjectNames = builder.getIdentityLink_X509SubjectNames();
defaultChainingMode = builder.getDefaultChainingMode();
@@ -393,6 +399,15 @@ public class AuthConfigurationProvider extends ConfigurationProvider {
public ConnectionParameter getForeignIDConnectionParameter() {
return foreignIDConnectionParameter;
}
+
+ /**
+ * Return a ConnectionParameter bean containing all information
+ * of the authentication component OnlineMandates element
+ * @return ConnectionParameter of the authentication component OnlineMandates element
+ */
+ public ConnectionParameter getOnlineMandatesConnectionParameter() {
+ return onlineMandatesConnectionParameter;
+ }
/**
* Return a string with a url-reference to the VerifyIdentityLink trust
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/auth/OAAuthParameter.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/auth/OAAuthParameter.java
index c352fae6c..aa5aa21a3 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/auth/OAAuthParameter.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/auth/OAAuthParameter.java
@@ -89,6 +89,11 @@ public class OAAuthParameter extends OAParameter {
private VerifyInfoboxParameters verifyInfoboxParameters;
/**
+ * Parameter for Mandate profiles
+ */
+ private String mandateProfiles;
+
+ /**
* BZ
* Type for authentication number (e.g. Firmenbuchnummer)
*/
@@ -325,5 +330,21 @@ public class OAAuthParameter extends OAParameter {
public void setIdentityLinkDomainIdentifierType(String identityLinkDomainIdentifierType) {
this.identityLinkDomainIdentifierType = identityLinkDomainIdentifierType;
}
+
+ /**
+ * Sets the Mandate/Profiles
+ * @param profiles
+ */
+ public void setMandateProfiles(String profiles) {
+ this.mandateProfiles = profiles;
+ }
+
+ /**
+ * Returns the Mandates/Profiles
+ * @return
+ */
+ public String getMandateProfiles() {
+ return this.mandateProfiles;
+ }
}
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/proxy/servlet/ProxyServlet.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/proxy/servlet/ProxyServlet.java
index ce15b75bd..6802005f1 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/proxy/servlet/ProxyServlet.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/proxy/servlet/ProxyServlet.java
@@ -41,6 +41,8 @@ import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import javax.servlet.http.HttpSession;
+import org.apache.commons.lang.StringEscapeUtils;
+
import at.gv.egovernment.moa.id.AuthenticationException;
import at.gv.egovernment.moa.id.BuildException;
import at.gv.egovernment.moa.id.MOAIDException;
@@ -117,12 +119,15 @@ public class ProxyServlet extends HttpServlet {
protected void service(HttpServletRequest req, HttpServletResponse resp) throws ServletException, IOException {
Logger.debug("getRequestURL:" + req.getRequestURL().toString());
- //@TODO Parameter
+
+ String artifact = req.getParameter(PARAM_SAMLARTIFACT);
+ artifact = StringEscapeUtils.escapeHtml(artifact);
+
try {
- if (req.getParameter(PARAM_SAMLARTIFACT) != null) {
+ if (artifact != null) {
// check if SAML Artifact was already used in this session (in case of page reload)
HttpSession session = req.getSession();
- if (null != session && req.getParameter(PARAM_SAMLARTIFACT).equals(session.getAttribute(ATT_SAML_ARTIFACT))) {
+ if (null != session && artifact.equals(session.getAttribute(ATT_SAML_ARTIFACT))) {
if (session.getAttribute(ATT_BROWSERREQU)==null) {
tunnelRequest(req, resp);
}else{
@@ -498,7 +503,6 @@ private int tunnelRequest(HttpServletRequest req, HttpServletResponse resp, Map
Vector parameters = new Vector();
-//@TODO Parameter
for (Enumeration enu = req.getParameterNames(); enu.hasMoreElements();) {
String paramName = (String) enu.nextElement();
if (!(paramName.equals(PARAM_SAMLARTIFACT) || paramName.equals(PARAM_TARGET))) {
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/util/ParamValidatorUtils.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/util/ParamValidatorUtils.java
index 79db9907b..d35fc875d 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/util/ParamValidatorUtils.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/util/ParamValidatorUtils.java
@@ -446,6 +446,9 @@ public class ParamValidatorUtils {
public static boolean isValidXMLDocument(String document) {
+ if (document == null)
+ return false;
+
Logger.debug("Überprüfe Parameter XMLDocument");
try {
DocumentBuilderFactory factory = DocumentBuilderFactory.newInstance();
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/util/ServletUtils.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/util/ServletUtils.java
index 1915ce40a..24e5ff3d0 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/util/ServletUtils.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/util/ServletUtils.java
@@ -64,7 +64,8 @@ public class ServletUtils {
out.write(createXMLSignatureRequestOrRedirect.getBytes("UTF-8"));
out.flush();
out.close();
- Logger.debug("Finished POST " + servletName);
+ Logger.debug("Finished POST " + servletName);
+
} else {
String redirectURL = new DataURLBuilder().buildDataURL(session.getAuthURL(), servletGoal, session.getSessionID());
resp.setContentType("text/html");
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/util/client/mis/simple/MISMandate.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/util/client/mis/simple/MISMandate.java
new file mode 100644
index 000000000..59ca0d5ca
--- /dev/null
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/util/client/mis/simple/MISMandate.java
@@ -0,0 +1,48 @@
+package at.gv.egovernment.moa.id.util.client.mis.simple;
+
+public class MISMandate {
+
+ final static private String OID_NOTAR = "1.2.40.0.10.3.1";
+ final static private String TEXT_NOTAR = "berufsmäßige(r) Parteienvertreter(in) mit Notariatseigenschaft";
+
+ final static private String OID_RECHTSANWALT = "1.2.40.0.10.3.2";
+ final static private String TEXT_RECHTSANWALT = "berufsmäßige(r) Parteienvertreter(in) mit Rechtsanwaltseigenschaft";
+
+ final static private String OID_ZIVILTECHNIKER = "1.2.40.0.10.3.3";
+ final static private String TEXT_ZIVILTECHNIKER = "berufsmäßige(r) Parteienvertreter(in) mit Ziviltechnikerinneneigenschaft";
+
+ final static private String OID_ORGANWALTER = "1.2.40.0.10.3.4";
+ final static private String TEXT_ORGANWALTER = "Organwalter";
+
+
+ private String oid = null;
+ private byte[] mandate = null;
+
+ public String getProfRep() {
+ return oid;
+ }
+ public void setProfRep(String oid) {
+ this.oid = oid;
+ }
+ public byte[] getMandate() {
+ return mandate;
+ }
+ public void setMandate(byte[] mandate) {
+ this.mandate = mandate;
+ }
+
+ public String getTextualDescriptionOfOID() {
+ if (this.oid.equalsIgnoreCase(OID_NOTAR))
+ return TEXT_NOTAR;
+ if (this.oid.equalsIgnoreCase(OID_RECHTSANWALT))
+ return TEXT_RECHTSANWALT;
+ if (this.oid.equalsIgnoreCase(OID_ZIVILTECHNIKER))
+ return TEXT_ZIVILTECHNIKER;
+ if (this.oid.equalsIgnoreCase(OID_ORGANWALTER))
+ return TEXT_ORGANWALTER;
+
+ return "Keine textuelle Beschreibung für OID " + oid;
+
+ }
+
+}
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/util/client/mis/simple/MISSessionId.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/util/client/mis/simple/MISSessionId.java
new file mode 100644
index 000000000..d8bec4900
--- /dev/null
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/util/client/mis/simple/MISSessionId.java
@@ -0,0 +1,22 @@
+package at.gv.egovernment.moa.id.util.client.mis.simple;
+
+public class MISSessionId {
+
+ private String sessiondId = null;
+ private String redirectURL = null;
+
+ public String getSessiondId() {
+ return sessiondId;
+ }
+ public void setSessiondId(String sessiondId) {
+ this.sessiondId = sessiondId;
+ }
+ public String getRedirectURL() {
+ return redirectURL;
+ }
+ public void setRedirectURL(String redirectURL) {
+ this.redirectURL = redirectURL;
+ }
+
+
+}
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/util/client/mis/simple/MISSimpleClient.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/util/client/mis/simple/MISSimpleClient.java
new file mode 100644
index 000000000..25c341584
--- /dev/null
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/util/client/mis/simple/MISSimpleClient.java
@@ -0,0 +1,261 @@
+package at.gv.egovernment.moa.id.util.client.mis.simple;
+
+import java.io.BufferedReader;
+import java.io.IOException;
+import java.io.InputStream;
+import java.io.InputStreamReader;
+import java.util.ArrayList;
+import java.util.List;
+
+import javax.net.ssl.SSLSocketFactory;
+import javax.xml.parsers.DocumentBuilderFactory;
+import javax.xml.parsers.ParserConfigurationException;
+import javax.xml.transform.TransformerException;
+
+import org.apache.commons.codec.binary.Base64;
+import org.apache.commons.httpclient.HttpClient;
+import org.apache.commons.httpclient.methods.PostMethod;
+import org.apache.commons.httpclient.methods.StringRequestEntity;
+import org.apache.commons.httpclient.protocol.Protocol;
+import org.apache.xerces.parsers.DOMParser;
+import org.apache.xpath.XPathAPI;
+import org.w3c.dom.DOMException;
+import org.w3c.dom.Document;
+import org.w3c.dom.Element;
+import org.w3c.dom.Node;
+import org.w3c.dom.NodeList;
+import org.xml.sax.InputSource;
+import org.xml.sax.SAXException;
+import org.xml.sax.SAXNotRecognizedException;
+import org.xml.sax.SAXNotSupportedException;
+
+import at.gv.egovernment.moa.id.auth.validator.parep.client.szrgw.SZRGWSecureSocketFactory;
+import at.gv.egovernment.moa.logging.Logger;
+import at.gv.egovernment.moa.util.DOMUtils;
+
+
+public class MISSimpleClient {
+
+
+ private final static String SOAP_NS = "http://schemas.xmlsoap.org/soap/envelope/";
+ private final static String MIS_NS = "http://reference.e-government.gv.at/namespace/mandates/mis/1.0/xsd";
+
+ private static Element NS_NODE = null;
+
+
+ static {
+ try {
+ NS_NODE = DocumentBuilderFactory.newInstance().newDocumentBuilder().newDocument().createElement("test");
+ NS_NODE.setAttribute("xmlns:soap", SOAP_NS);
+ NS_NODE.setAttribute("xmlns:mis", MIS_NS);
+ } catch (Exception e) {
+ Logger.warn("Error initializing namespace node.", e);
+ }
+ }
+
+ public static List sendGetMandatesRequest(String webServiceURL, String sessionId, SSLSocketFactory sSLSocketFactory) throws MISSimpleClientException {
+ if (webServiceURL == null) {
+ throw new NullPointerException("Argument webServiceURL must not be null.");
+ }
+ if (sessionId == null) {
+ throw new NullPointerException("Argument sessionId must not be null.");
+ }
+
+ // ssl settings
+ if (sSLSocketFactory != null) {
+ SZRGWSecureSocketFactory fac = new SZRGWSecureSocketFactory(sSLSocketFactory);
+ Protocol.registerProtocol("https", new Protocol("https", fac, 443));
+ }
+
+
+ try {
+ Document doc = DocumentBuilderFactory.newInstance().newDocumentBuilder().newDocument();
+ Element mirElement = doc.createElementNS(MIS_NS, "MandateIssueRequest");
+ Element sessionIdElement = doc.createElementNS(MIS_NS, "SessionID");
+ sessionIdElement.appendChild(doc.createTextNode(sessionId));
+ mirElement.appendChild(sessionIdElement);
+
+ // send soap request
+ Element mandateIssueResponseElement = sendSOAPRequest(webServiceURL, mirElement);
+
+ // check for error
+ checkForError(mandateIssueResponseElement);
+
+ // check for session id
+ NodeList mandateElements = XPathAPI.selectNodeList(mandateIssueResponseElement, "//mis:MandateIssueResponse/mis:Mandates/mis:Mandate", NS_NODE);
+
+ if (mandateElements == null || mandateElements.getLength() == 0) {
+ throw new MISSimpleClientException("No mandates found in response.");
+ }
+
+ ArrayList foundMandates = new ArrayList();
+ for (int i=0; i<mandateElements.getLength(); i++) {
+ Element mandate = (Element) mandateElements.item(i);
+ MISMandate misMandate = new MISMandate();
+ if (mandate.hasAttribute("ProfessionalRepresentative")) {
+ misMandate.setProfRep(mandate.getAttribute("ProfessionalRepresentative"));
+ }
+
+ //misMandate.setMandate(Base64.decodeBase64(DOMUtils.getText(mandate)));
+ misMandate.setMandate(Base64.decodeBase64(DOMUtils.getText(mandate).getBytes()));
+ foundMandates.add(misMandate);
+ }
+ return foundMandates;
+ } catch (ParserConfigurationException e) {
+ throw new MISSimpleClientException(e);
+ } catch (DOMException e) {
+ throw new MISSimpleClientException(e);
+ } catch (TransformerException e) {
+ throw new MISSimpleClientException(e);
+ }
+ }
+
+ public static MISSessionId sendSessionIdRequest(String webServiceURL, byte[] idl, byte[] cert, String redirectURL, String mandateIdentifier[], SSLSocketFactory sSLSocketFactory) throws MISSimpleClientException {
+ if (webServiceURL == null) {
+ throw new NullPointerException("Argument webServiceURL must not be null.");
+ }
+ if (idl == null) {
+ throw new NullPointerException("Argument idl must not be null.");
+ }
+ if (redirectURL == null) {
+ throw new NullPointerException("Argument redirectURL must not be null.");
+ }
+
+ // ssl settings
+ if (sSLSocketFactory != null) {
+ SZRGWSecureSocketFactory fac = new SZRGWSecureSocketFactory(sSLSocketFactory);
+ Protocol.registerProtocol("https", new Protocol("https", fac, 443));
+ }
+
+ try {
+ Document doc = DocumentBuilderFactory.newInstance().newDocumentBuilder().newDocument();
+ Element mirElement = doc.createElementNS(MIS_NS, "MandateIssueRequest");
+ Element idlElement = doc.createElementNS(MIS_NS, "IdentityLink");
+
+ idlElement.appendChild(doc.createTextNode(new String(Base64.encodeBase64(idl))));
+ mirElement.appendChild(idlElement);
+
+ if (cert != null && cert.length > 0) {
+ Element certElement = doc.createElementNS(MIS_NS, "X509SignatureCertificate");
+ certElement.appendChild(doc.createTextNode(new String(Base64.encodeBase64(cert))));
+ //certElement.appendChild(doc.createTextNode(Base64.encodeBase64(cert)));
+ // certElement.appendChild(doc.createTextNode(new String(Base64.encodeBase64(cert))));
+ mirElement.appendChild(certElement);
+ }
+ Element redirectElement = doc.createElementNS(MIS_NS, "RedirectURL");
+ redirectElement.appendChild(doc.createTextNode(redirectURL));
+ mirElement.appendChild(redirectElement);
+ if (mandateIdentifier != null && mandateIdentifier.length > 0) {
+ Element filtersElement = doc.createElementNS(MIS_NS, "Filters");
+ Element mandateIdentifiersElement = doc.createElementNS(MIS_NS, "MandateIdentifiers");
+ for (int i=0; i<mandateIdentifier.length; i++) {
+ Element mandateIdentifierElement = doc.createElementNS(MIS_NS, "MandateIdentifier");
+ mandateIdentifierElement.appendChild(doc.createTextNode(mandateIdentifier[i]));
+ mandateIdentifiersElement.appendChild(mandateIdentifierElement);
+ }
+ filtersElement.appendChild(mandateIdentifiersElement);
+ mirElement.appendChild(filtersElement);
+ }
+ // send soap request
+ Element mandateIssueResponseElement = sendSOAPRequest(webServiceURL, mirElement);
+
+ // check for error
+ checkForError(mandateIssueResponseElement);
+
+ // check for session id
+ //String sessionId = ((Node) XPathAPI.selectSingleNode(mandateIssueResponseElement, "/mis:MandateIssueResponse/mis:SessionID/text()", NS_NODE)).getNodeValue();
+ Node sessionIdNode = ((Node) XPathAPI.selectSingleNode(mandateIssueResponseElement, "//mis:MandateIssueResponse/mis:SessionID/text()", NS_NODE));
+ if (sessionIdNode == null) {
+ throw new MISSimpleClientException("SessionId not found in response.");
+ }
+ String sessionId = sessionIdNode.getNodeValue();
+
+ Node guiRedirectURLNode = ((Node) XPathAPI.selectSingleNode(mandateIssueResponseElement, "//mis:MandateIssueResponse/mis:GuiRedirectURL/text()", NS_NODE));
+ if (guiRedirectURLNode == null) {
+ throw new MISSimpleClientException("GuiRedirectURL not found in response.");
+ }
+ String guiRedirectURL = guiRedirectURLNode.getNodeValue();
+
+ // create return object
+ MISSessionId msid = new MISSessionId();
+ msid.setSessiondId(sessionId);
+ msid.setRedirectURL(guiRedirectURL);
+
+ return msid;
+ } catch (ParserConfigurationException e) {
+ throw new MISSimpleClientException(e);
+ } catch (DOMException e) {
+ throw new MISSimpleClientException(e);
+ } catch (TransformerException e) {
+ throw new MISSimpleClientException(e);
+ }
+
+ }
+
+ private static void checkForError(Element mandateIssueResponseElement) throws MISSimpleClientException {
+ if (mandateIssueResponseElement == null) {
+ throw new NullPointerException("Argument mandateIssueResponseElement must not be null.");
+ }
+ try {
+ Element errorElement = (Element) XPathAPI.selectSingleNode(mandateIssueResponseElement, "//mis:MandateIssueResponse/mis:Error", NS_NODE);
+ if (errorElement != null) {
+ String code = ((Node) XPathAPI.selectSingleNode(mandateIssueResponseElement, "//mis:MandateIssueResponse/mis:Error/mis:Code/text()", NS_NODE)).getNodeValue();
+ String text = ((Node) XPathAPI.selectSingleNode(mandateIssueResponseElement, "//mis:MandateIssueResponse/mis:Error/mis:Text/text()", NS_NODE)).getNodeValue();
+ throw new MISSimpleClientException("Fehler beim Abfragen des Online-Vollmachten Services: " + code + " / " + text); }
+ } catch (TransformerException e) {
+ throw new MISSimpleClientException(e);
+ }
+ }
+
+ private static Element sendSOAPRequest(String webServiceURL, Element request) throws MISSimpleClientException {
+ if (webServiceURL == null) {
+ throw new NullPointerException("Argument webServiceURL must not be null.");
+ }
+ if (request == null) {
+ throw new NullPointerException("Argument request must not be null.");
+ }
+ try {
+ HttpClient httpclient = new HttpClient();
+ PostMethod post = new PostMethod(webServiceURL);
+ StringRequestEntity re = new StringRequestEntity(DOMUtils.serializeNode(packIntoSOAP(request)),"text/xml", "UTF-8");
+ post.setRequestEntity(re);
+ int responseCode = httpclient.executeMethod(post);
+ if (responseCode != 200) {
+ throw new MISSimpleClientException("Invalid HTTP response code " + responseCode);
+ }
+ //Element elem = parse(post.getResponseBodyAsStream());
+ Document doc = DOMUtils.parseDocumentSimple(post.getResponseBodyAsStream());
+ return unpackFromSOAP(doc.getDocumentElement());
+ } catch(IOException e) {
+ throw new MISSimpleClientException(e);
+ } catch (TransformerException e) {
+ throw new MISSimpleClientException(e);
+ } catch (SAXException e) {
+ throw new MISSimpleClientException(e);
+ } catch (ParserConfigurationException e) {
+ throw new MISSimpleClientException(e);
+ }
+ }
+
+ private static Element packIntoSOAP(Element element) throws MISSimpleClientException {
+ try {
+ Document doc = DocumentBuilderFactory.newInstance().newDocumentBuilder().newDocument();
+ Element soapEnvelope = doc.createElement("Envelope");
+ soapEnvelope.setAttribute("xmlns", SOAP_NS);
+ Element soapBody = doc.createElement("Body");
+ soapEnvelope.appendChild(soapBody);
+ soapBody.appendChild(doc.importNode(element, true));
+ return soapEnvelope;
+ } catch(ParserConfigurationException e) {
+ throw new MISSimpleClientException(e);
+ }
+ }
+
+ private static Element unpackFromSOAP(Element element) throws MISSimpleClientException {
+ try {
+ return (Element) XPathAPI.selectSingleNode(element, "/soap:Envelope/soap:Body/child::*[position()=1]", NS_NODE);
+ } catch(TransformerException e) {
+ throw new MISSimpleClientException(e);
+ }
+ }
+} \ No newline at end of file
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/util/client/mis/simple/MISSimpleClientException.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/util/client/mis/simple/MISSimpleClientException.java
new file mode 100644
index 000000000..6f2627e1d
--- /dev/null
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/util/client/mis/simple/MISSimpleClientException.java
@@ -0,0 +1,22 @@
+package at.gv.egovernment.moa.id.util.client.mis.simple;
+
+public class MISSimpleClientException extends Exception {
+
+ private static final long serialVersionUID = 1L;
+
+ public MISSimpleClientException() {
+ }
+
+ public MISSimpleClientException(String message) {
+ super(message);
+ }
+
+ public MISSimpleClientException(Throwable cause) {
+ super(cause);
+ }
+
+ public MISSimpleClientException(String message, Throwable cause) {
+ super(message, cause);
+ }
+
+} \ No newline at end of file
diff --git a/id/server/idserverlib/src/main/resources/resources/properties/id_messages_de.properties b/id/server/idserverlib/src/main/resources/resources/properties/id_messages_de.properties
index 14e4d5347..f206f6bbb 100644
--- a/id/server/idserverlib/src/main/resources/resources/properties/id_messages_de.properties
+++ b/id/server/idserverlib/src/main/resources/resources/properties/id_messages_de.properties
@@ -30,6 +30,10 @@ auth.09=Zur Auswahlseite der Bürgertenumgebung (URL={0}) konnte keine Verbindung
auth.10=Fehler beim Aufruf von "{0}": Parameter "{1}" fehlt
auth.11=Die zentral gespeicherte Auswahlseite für Bürgerkartenumgebungen konnte nicht geladen werden. Bitte informieren Sie den Adminstrator des Servers und versuchen Sie die Anmeldung in einiger Zeit abermals. <br>URL "{0}" Interne Fehlermeldung: {1}
auth.12=Fehlerhafter Parameter "{1}" beim Aufruf von "{0}"
+auth.13=Vollmachtenmodus für ausländische Bürger wird nicht unterstützt.
+auth.14=Zertifikat konnte nicht ausgelesen werden.
+auth.15=Fehler bei Anfrage an Vollmachten Service.
+auth.16=Fehler bei Abarbeitung der Vollmacht in "{0}"
init.00=MOA ID Authentisierung wurde erfolgreich gestartet
init.01=Fehler beim Aktivieren des IAIK-JCE/JSSE/JDK1.3 Workaround: SSL ist möglicherweise nicht verfügbar
diff --git a/id/server/idserverlib/src/test/java/test/abnahme/A/Test100StartAuthentication.java b/id/server/idserverlib/src/test/java/test/abnahme/A/Test100StartAuthentication.java
index 6ab9c9679..4293fc477 100644
--- a/id/server/idserverlib/src/test/java/test/abnahme/A/Test100StartAuthentication.java
+++ b/id/server/idserverlib/src/test/java/test/abnahme/A/Test100StartAuthentication.java
@@ -37,7 +37,7 @@ public class Test100StartAuthentication extends AbnahmeTestCase {
"http://localhost:9080/", //oaURL
"file:" + findXmldata("AuthTemplate.html"),
"http://localhost:3495/http-security-layer-request",
- null, null);
+ null, null, null);
htmlForm = killExclusive(htmlForm, "MOASessionID=","\"","DELETED");
//writeXmldata("htmlForm_out.html",htmlForm.getBytes("UTF-8"));
assertEquals(readXmldata("htmlForm.html"),htmlForm);
@@ -55,7 +55,7 @@ public class Test100StartAuthentication extends AbnahmeTestCase {
"gb", //target
"http://localhost:9080/", //oaURL
null,
- "http://localhost:3495/http-security-layer-request", null, null);
+ "http://localhost:3495/http-security-layer-request", null, null, null);
htmlForm = killExclusive(htmlForm, "MOASessionID=","\"","DELETED");
//writeXmldata("htmlForm_out.html",htmlForm.getBytes("UTF-8"));
assertEquals(readXmldata("htmlForm.html"),htmlForm);
@@ -75,7 +75,7 @@ public class Test100StartAuthentication extends AbnahmeTestCase {
"file:" + findXmldata("AuthTemplate.html"),
null,
null,
- null);
+ null, null);
htmlForm = killExclusive(htmlForm, "MOASessionID=","\"","DELETED");
//writeXmldata("htmlForm_out.html",htmlForm.getBytes("UTF-8"));
assertEquals(readXmldata("htmlForm.html"),htmlForm);
@@ -93,7 +93,7 @@ public class Test100StartAuthentication extends AbnahmeTestCase {
server.startAuthentication(null, //authURL
"gb", //target
"http://localhost:9080/", //oaURL
- null, null, null, null);
+ null, null, null, null, null);
//assertEquals("",htmlForm);
System.err.println(this.getName() + " hat KEINE FEHLER geworfen");
fail(this.getName() + " hat KEINE FEHLER geworfen");
@@ -113,7 +113,7 @@ public class Test100StartAuthentication extends AbnahmeTestCase {
try {
server.startAuthentication("http://localhost:8080/auth", //authURL
"gb", "http://localhost:9080/", //oaURL
- null, null, null, null);
+ null, null, null, null, null);
System.err.println(this.getName() + " hat KEINE FEHLER geworfen");
fail(this.getName() + " hat KEINE FEHLER geworfen");
}
@@ -131,7 +131,7 @@ public class Test100StartAuthentication extends AbnahmeTestCase {
try {
server.startAuthentication("https://localhost:8443/auth", //authURL
"gb", "http://host_not_in_config/", //oaURL
- null, null, null, null);
+ null, null, null, null, null);
System.err.println(this.getName() + " hat KEINE FEHLER geworfen");
fail(this.getName() + " hat KEINE FEHLER geworfen");
}
@@ -150,7 +150,7 @@ public class Test100StartAuthentication extends AbnahmeTestCase {
try {
server.startAuthentication("https://localhost:8443/auth", //authURL
"gb", null, //oaURL
- null, null, null, null);
+ null, null, null, null, null);
System.err.println(this.getName() + " hat KEINE FEHLER geworfen");
fail(this.getName() + " hat KEINE FEHLER geworfen");
}
@@ -169,7 +169,7 @@ public class Test100StartAuthentication extends AbnahmeTestCase {
try {
server.startAuthentication("https://localhost:8443/auth", //authURL
null, "http://localhost:9080/", //oaURL
- null, null, null, null);
+ null, null, null, null, null);
System.err.println(this.getName() + " hat KEINE FEHLER geworfen");
fail(this.getName() + " hat KEINE FEHLER geworfen");
}
diff --git a/id/server/idserverlib/src/test/java/test/abnahme/AbnahmeTestCase.java b/id/server/idserverlib/src/test/java/test/abnahme/AbnahmeTestCase.java
index 23130f4c8..4ef3ad92f 100644
--- a/id/server/idserverlib/src/test/java/test/abnahme/AbnahmeTestCase.java
+++ b/id/server/idserverlib/src/test/java/test/abnahme/AbnahmeTestCase.java
@@ -131,6 +131,7 @@ public class AbnahmeTestCase extends MOAIDTestCase {
null,
null,
null,
+ null,
null);
String sessionID = parseSessionIDFromForm(htmlForm);
return sessionID;
diff --git a/id/server/idserverlib/src/test/java/test/abnahme/P/Test100LoginParameterResolver.java b/id/server/idserverlib/src/test/java/test/abnahme/P/Test100LoginParameterResolver.java
index ab2781590..248e5cc33 100644
--- a/id/server/idserverlib/src/test/java/test/abnahme/P/Test100LoginParameterResolver.java
+++ b/id/server/idserverlib/src/test/java/test/abnahme/P/Test100LoginParameterResolver.java
@@ -14,19 +14,8 @@
* limitations under the License.
*/
package test.abnahme.P;
-import java.util.Map;
-
-import sun.misc.BASE64Decoder;
import test.abnahme.AbnahmeTestCase;
-import at.gv.egovernment.moa.id.config.proxy.OAConfiguration;
-import at.gv.egovernment.moa.id.config.proxy.OAProxyParameter;
-import at.gv.egovernment.moa.id.config.proxy.ProxyConfigurationProvider;
-import at.gv.egovernment.moa.id.data.AuthenticationData;
-import at.gv.egovernment.moa.id.proxy.LoginParameterResolver;
-import at.gv.egovernment.moa.id.proxy.LoginParameterResolverFactory;
-import at.gv.egovernment.moa.util.Base64Utils;
-
/**
* @author Stefan Knirsch
* @version $Id$
@@ -35,127 +24,127 @@ import at.gv.egovernment.moa.util.Base64Utils;
public class Test100LoginParameterResolver extends AbnahmeTestCase {
- private static final String CLIENT_IP_ADDRESS = "56.246.75.11";
- private OAConfiguration oaConf;
- private LoginParameterResolver lpr;
-
+// private static final String CLIENT_IP_ADDRESS = "56.246.75.11";
+// private OAConfiguration oaConf;
+// private LoginParameterResolver lpr;
+//
public Test100LoginParameterResolver(String name) {
super(name);
}
-
- private void setUp(String publicURLPrefix)
- throws Exception {
-
- // get configuration data
- ProxyConfigurationProvider proxyConf = ProxyConfigurationProvider.getInstance();
- OAProxyParameter oaParam = proxyConf.getOnlineApplicationParameter(publicURLPrefix);
- oaConf = oaParam.getOaConfiguration();
- System.out.println("Parameterübergabe: " + oaConf.getAuthType());
-
- // get login parameter resolver
- LoginParameterResolverFactory.initialize();
- lpr = LoginParameterResolverFactory.getLoginParameterResolver(publicURLPrefix);
- }
- public void testP101() throws Exception {
- try {
- // read configuration and set up LoginParameterResolver
- setUp("https://testP101:9443/");
- if (! oaConf.getAuthType().equals(OAConfiguration.BASIC_AUTH))
- fail();
-
- // assemble authentication data
- AuthenticationData authData = new AuthenticationData();
- authData.setFamilyName("Huber");
- authData.setGivenName("Hugo");
-
- // resolve login headers
- Map loginHeaders = lpr.getAuthenticationHeaders(oaConf, authData, CLIENT_IP_ADDRESS, false, "");
-
- // validate login headers
- assertEquals(1, loginHeaders.keySet().size());
- System.out.println("Header Authorization: " + loginHeaders.get("Authorization"));
- System.out.println("Decoded UserID:Password " +
- new String(new BASE64Decoder().decodeBuffer(((String)loginHeaders.get("Authorization")).substring(6))));
- String userIDPassword = "Hugo:Huber";
- String credentials = Base64Utils.encode(userIDPassword.getBytes());
- assertEquals("Basic " + credentials, loginHeaders.get("Authorization"));
- System.out.println("-----------------------Testfall " + this.getName() + " erfolgreich abgearbeitet! -----------------------");
- }
- catch (Exception e) {
- System.err.println("------ FEHLER IN " + this.getName() + ":" + e.getLocalizedMessage());
- throw e;
- }
-
- }
- public void testP102() throws Exception {
- try {
- // read configuration and set up LoginParameterResolver
- setUp("https://testP102:9443/");
- if (! oaConf.getAuthType().equals(OAConfiguration.PARAM_AUTH))
- fail();
-
- // assemble authentication data
- AuthenticationData authData = new AuthenticationData();
- String DATE_OF_BIRTH = "1963-12-29";
- String VPK = "kp6hOq6LRAkLtrqm6EvDm6bMwJw=";
- authData.setDateOfBirth(DATE_OF_BIRTH);
- authData.setBPK(VPK);
-
- // resolve login parameters
- Map loginParameters = lpr.getAuthenticationParameters(oaConf, authData, CLIENT_IP_ADDRESS, false, "");
-
- // validate login headers
- assertEquals(2, loginParameters.keySet().size());
- System.out.println("Param1: " + loginParameters.get("Param1"));
- System.out.println("Param2: " + loginParameters.get("Param2"));
- assertEquals(DATE_OF_BIRTH, loginParameters.get("Param1"));
- assertEquals(VPK, loginParameters.get("Param2"));
- System.out.println("-----------------------Testfall " + this.getName() + " erfolgreich abgearbeitet! -----------------------");
- }
- catch (Exception e) {
- System.err.println("------ FEHLER IN " + this.getName() + ":" + e.getLocalizedMessage());
- throw e;
- }
- }
-
- public void testP103() throws Exception {
- try {
- // read configuration and set up LoginParameterResolver
- setUp("https://localhost:9443/");
- if (! oaConf.getAuthType().equals(OAConfiguration.HEADER_AUTH))
- fail();
-
- // assemble authentication data
- AuthenticationData authData = new AuthenticationData();
- boolean PUBLIC_AUTH = true;
- String BKZ = "FinanzamtWien23Leitstelle";
- boolean QUAL_CERT = false;
- String STAMMZAHL = "3456789012";
- authData.setPublicAuthority(PUBLIC_AUTH);
- authData.setPublicAuthorityCode(BKZ);
- authData.setQualifiedCertificate(QUAL_CERT);
- authData.setIdentificationValue(STAMMZAHL);
-
- // resolve login headers
- Map loginHeaders = lpr.getAuthenticationHeaders(oaConf, authData, CLIENT_IP_ADDRESS, false, "");
-
- // validate login headers
- assertEquals(5, loginHeaders.keySet().size());
- System.out.println("Header Param1: " + loginHeaders.get("Param1"));
- System.out.println("Header Param2: " + loginHeaders.get("Param2"));
- System.out.println("Header Param3: " + loginHeaders.get("Param3"));
- System.out.println("Header Param4: " + loginHeaders.get("Param4"));
- System.out.println("Header Param5: " + loginHeaders.get("Param5"));
- assertEquals(String.valueOf(PUBLIC_AUTH), loginHeaders.get("Param1"));
- assertEquals(BKZ, loginHeaders.get("Param2"));
- assertEquals(String.valueOf(QUAL_CERT), loginHeaders.get("Param3"));
- assertEquals(STAMMZAHL, loginHeaders.get("Param4"));
- assertEquals(CLIENT_IP_ADDRESS, loginHeaders.get("Param5"));
- System.out.println("-----------------------Testfall " + this.getName() + " erfolgreich abgearbeitet! -----------------------");
- }
- catch (Exception e) {
- System.err.println("------ FEHLER IN " + this.getName() + ":" + e.getLocalizedMessage());
- throw e;
- }
- }
+//
+// private void setUp(String publicURLPrefix)
+// throws Exception {
+//
+// // get configuration data
+// ProxyConfigurationProvider proxyConf = ProxyConfigurationProvider.getInstance();
+// OAProxyParameter oaParam = proxyConf.getOnlineApplicationParameter(publicURLPrefix);
+// oaConf = oaParam.getOaConfiguration();
+// System.out.println("Parameterübergabe: " + oaConf.getAuthType());
+//
+// // get login parameter resolver
+// LoginParameterResolverFactory.initialize();
+// lpr = LoginParameterResolverFactory.getLoginParameterResolver(publicURLPrefix);
+// }
+// public void testP101() throws Exception {
+// try {
+// // read configuration and set up LoginParameterResolver
+// setUp("https://testP101:9443/");
+// if (! oaConf.getAuthType().equals(OAConfiguration.BASIC_AUTH))
+// fail();
+//
+// // assemble authentication data
+// AuthenticationData authData = new AuthenticationData();
+// authData.setFamilyName("Huber");
+// authData.setGivenName("Hugo");
+//
+// // resolve login headers
+// Map loginHeaders = lpr.getAuthenticationHeaders(oaConf, authData, CLIENT_IP_ADDRESS, false, "");
+//
+// // validate login headers
+// assertEquals(1, loginHeaders.keySet().size());
+// System.out.println("Header Authorization: " + loginHeaders.get("Authorization"));
+// System.out.println("Decoded UserID:Password " +
+// new String(new BASE64Decoder().decodeBuffer(((String)loginHeaders.get("Authorization")).substring(6))));
+// String userIDPassword = "Hugo:Huber";
+// String credentials = Base64Utils.encode(userIDPassword.getBytes());
+// assertEquals("Basic " + credentials, loginHeaders.get("Authorization"));
+// System.out.println("-----------------------Testfall " + this.getName() + " erfolgreich abgearbeitet! -----------------------");
+// }
+// catch (Exception e) {
+// System.err.println("------ FEHLER IN " + this.getName() + ":" + e.getLocalizedMessage());
+// throw e;
+// }
+//
+// }
+// public void testP102() throws Exception {
+// try {
+// // read configuration and set up LoginParameterResolver
+// setUp("https://testP102:9443/");
+// if (! oaConf.getAuthType().equals(OAConfiguration.PARAM_AUTH))
+// fail();
+//
+// // assemble authentication data
+// AuthenticationData authData = new AuthenticationData();
+// String DATE_OF_BIRTH = "1963-12-29";
+// String VPK = "kp6hOq6LRAkLtrqm6EvDm6bMwJw=";
+// authData.setDateOfBirth(DATE_OF_BIRTH);
+// authData.setBPK(VPK);
+//
+// // resolve login parameters
+// Map loginParameters = lpr.getAuthenticationParameters(oaConf, authData, CLIENT_IP_ADDRESS, false, "");
+//
+// // validate login headers
+// assertEquals(2, loginParameters.keySet().size());
+// System.out.println("Param1: " + loginParameters.get("Param1"));
+// System.out.println("Param2: " + loginParameters.get("Param2"));
+// assertEquals(DATE_OF_BIRTH, loginParameters.get("Param1"));
+// assertEquals(VPK, loginParameters.get("Param2"));
+// System.out.println("-----------------------Testfall " + this.getName() + " erfolgreich abgearbeitet! -----------------------");
+// }
+// catch (Exception e) {
+// System.err.println("------ FEHLER IN " + this.getName() + ":" + e.getLocalizedMessage());
+// throw e;
+// }
+// }
+//
+// public void testP103() throws Exception {
+// try {
+// // read configuration and set up LoginParameterResolver
+// setUp("https://localhost:9443/");
+// if (! oaConf.getAuthType().equals(OAConfiguration.HEADER_AUTH))
+// fail();
+//
+// // assemble authentication data
+// AuthenticationData authData = new AuthenticationData();
+// boolean PUBLIC_AUTH = true;
+// String BKZ = "FinanzamtWien23Leitstelle";
+// boolean QUAL_CERT = false;
+// String STAMMZAHL = "3456789012";
+// authData.setPublicAuthority(PUBLIC_AUTH);
+// authData.setPublicAuthorityCode(BKZ);
+// authData.setQualifiedCertificate(QUAL_CERT);
+// authData.setIdentificationValue(STAMMZAHL);
+//
+// // resolve login headers
+// Map loginHeaders = lpr.getAuthenticationHeaders(oaConf, authData, CLIENT_IP_ADDRESS, false, "");
+//
+// // validate login headers
+// assertEquals(5, loginHeaders.keySet().size());
+// System.out.println("Header Param1: " + loginHeaders.get("Param1"));
+// System.out.println("Header Param2: " + loginHeaders.get("Param2"));
+// System.out.println("Header Param3: " + loginHeaders.get("Param3"));
+// System.out.println("Header Param4: " + loginHeaders.get("Param4"));
+// System.out.println("Header Param5: " + loginHeaders.get("Param5"));
+// assertEquals(String.valueOf(PUBLIC_AUTH), loginHeaders.get("Param1"));
+// assertEquals(BKZ, loginHeaders.get("Param2"));
+// assertEquals(String.valueOf(QUAL_CERT), loginHeaders.get("Param3"));
+// assertEquals(STAMMZAHL, loginHeaders.get("Param4"));
+// assertEquals(CLIENT_IP_ADDRESS, loginHeaders.get("Param5"));
+// System.out.println("-----------------------Testfall " + this.getName() + " erfolgreich abgearbeitet! -----------------------");
+// }
+// catch (Exception e) {
+// System.err.println("------ FEHLER IN " + this.getName() + ":" + e.getLocalizedMessage());
+// throw e;
+// }
+// }
}
diff --git a/id/server/idserverlib/src/test/java/test/at/gv/egovernment/moa/id/auth/AuthenticationServerTest.java b/id/server/idserverlib/src/test/java/test/at/gv/egovernment/moa/id/auth/AuthenticationServerTest.java
index f873f2c3f..db7aa9719 100644
--- a/id/server/idserverlib/src/test/java/test/at/gv/egovernment/moa/id/auth/AuthenticationServerTest.java
+++ b/id/server/idserverlib/src/test/java/test/at/gv/egovernment/moa/id/auth/AuthenticationServerTest.java
@@ -45,7 +45,7 @@ public class AuthenticationServerTest extends UnitTestCase {
public void doTest(String testdataDirectory, String authURL, String target, String oaURL, String bkuURL, String templateURL) throws Exception {
String testdataRoot = TESTDATA_ROOT + "xmldata/" + testdataDirectory + "/";
AuthenticationServer server = AuthenticationServer.getInstance();
- String htmlForm = server.startAuthentication(authURL, target, oaURL, templateURL, bkuURL, null, null);
+ String htmlForm = server.startAuthentication(authURL, target, oaURL, templateURL, bkuURL, null, null, null);
String sessionID = parseSessionIDFromForm(htmlForm);
String infoboxReadResponse = readFile(TESTDATA_ROOT + "xmldata/testperson1/" + "InfoboxReadResponse.xml");
HashMap parameters = new HashMap(1);
generated by cgit v1.2.3 (git 2.39.1) at 2025-10-31 02:22:51 +0000