aboutsummaryrefslogtreecommitdiff
path: root/id/server
diff options
context:
space:
mode:
Diffstat (limited to 'id/server')
-rw-r--r--id/server/auth/.settings/org.eclipse.wst.common.component36
-rw-r--r--id/server/auth/pom.xml4
-rw-r--r--id/server/auth/src/main/webapp/WEB-INF/web.xml22
-rw-r--r--id/server/data/deploy/conf/moa-id/SampleMOAIDConfiguration.xml8
-rw-r--r--id/server/data/deploy/conf/moa-id/SampleMOAIDConfigurationProxy.xml12
-rw-r--r--id/server/data/deploy/conf/moa-id/SampleMOAIDConfiguration_withTestBKs.xml12
-rw-r--r--id/server/data/deploy/conf/moa-id/SampleMOAIDConfiguration_withTestBKsProxy.xml12
-rw-r--r--id/server/data/deploy/conf/moa-id/SampleMOAWIDConfiguration.xml12
-rw-r--r--id/server/data/deploy/conf/moa-id/SampleMOAWIDConfigurationProxy.xml12
-rw-r--r--id/server/data/deploy/conf/moa-id/SampleMOAWIDConfiguration_withTestBKs.xml12
-rw-r--r--id/server/data/deploy/conf/moa-id/SampleMOAWIDConfiguration_withTestBKsProxy.xml12
-rw-r--r--id/server/data/deploy/conf/moa-id/transforms/TransformsInfoAuthBlockTable_DE.xml161
-rw-r--r--id/server/data/deploy/conf/moa-id/transforms/TransformsInfoAuthBlockTable_EN.xml161
-rw-r--r--id/server/data/deploy/conf/moa-spss/SampleMOASPSSConfiguration.xml8
-rw-r--r--id/server/data/deploy/conf/moa-spss/profiles/MOAIDTransformAuthBlockTable_DE.xml159
-rw-r--r--id/server/data/deploy/conf/moa-spss/profiles/MOAIDTransformAuthBlockTable_EN.xml159
-rw-r--r--id/server/data/deploy/demo/demoseite.zipbin0 -> 225100 bytes
-rw-r--r--id/server/doc/MOA-ID-Configuration-1.2.xsd350
-rw-r--r--id/server/doc/MOA-ID-Configuration-1.3.xsd424
-rw-r--r--id/server/doc/MOA-ID-Configuration-1.4.3.xsd612
-rw-r--r--id/server/doc/MOA-ID-Configuration-1.4.7.xsd (renamed from id/server/doc/MOA-ID-Configuration-1.4.2.xsd)32
-rw-r--r--id/server/doc/MOA-ID-Configuration-1.4.xsd505
-rw-r--r--id/server/doc/moa_id/id-admin.htm15
-rw-r--r--id/server/doc/moa_id/id-admin_1.htm8
-rw-r--r--id/server/doc/moa_id/id-admin_2.htm42
-rw-r--r--id/server/doc/moa_id/links.htm42
-rw-r--r--id/server/doc/moa_id/moa.htm2
-rw-r--r--id/server/idserverlib/.classpath22
-rw-r--r--id/server/idserverlib/.settings/org.eclipse.wst.common.component15
-rw-r--r--id/server/idserverlib/pom.xml8
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/AuthenticationServer.java417
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/MOAIDAuthConstants.java4
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/WrongParametersException.java8
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/AuthenticationBlockAssertionBuilder.java81
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/CreateXMLSignatureRequestBuilderForeign.java126
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/InfoboxReadRequestBuilderCertificate.java94
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/VerifyXMLSignatureRequestBuilder.java62
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/data/AuthenticationSession.java16
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/data/CreateXMLSignatureResponse.java32
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/parser/CreateXMLSignatureResponseParser.java26
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/parser/InfoboxReadResponseParser.java51
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/AuthServlet.java1
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/GetForeignIDServlet.java287
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/ProcessValidatorInputServlet.java9
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/SelectBKUServlet.java12
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/StartAuthenticationServlet.java25
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/VerifyAuthenticationBlockServlet.java13
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/VerifyCertificateServlet.java286
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/VerifyIdentityLinkServlet.java57
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/validator/CreateXMLSignatureResponseValidator.java116
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/validator/parep/client/szrgw/CreateIdentityLinkResponse.java27
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/validator/parep/client/szrgw/SZRGWClient.java133
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/ConfigurationBuilder.java50
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/ConnectionParameter.java9
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/OAParameter.java24
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/TargetToSectorNameMapper.java67
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/TargetsAndSectorNames.java194
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/auth/AuthConfigurationProvider.java19
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/auth/OAAuthParameter.java86
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/proxy/DefaultConnectionBuilder.java3
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/proxy/DefaultLoginParameterResolver.java5
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/proxy/ElakConnectionBuilder.java4
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/proxy/EnhancedConnectionBuilder.java7
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/proxy/servlet/ProxyServlet.java6
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/util/ParamValidatorUtils.java158
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/util/SSLUtils.java8
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/util/ServletUtils.java29
-rw-r--r--id/server/idserverlib/src/main/resources/resources/properties/id_messages_de.properties1
-rw-r--r--id/server/pom.xml4
-rw-r--r--id/server/proxy/.settings/org.eclipse.wst.common.component34
-rw-r--r--id/server/proxy/pom.xml4
71 files changed, 3230 insertions, 2244 deletions
diff --git a/id/server/auth/.settings/org.eclipse.wst.common.component b/id/server/auth/.settings/org.eclipse.wst.common.component
index b116cf610..6e8785869 100644
--- a/id/server/auth/.settings/org.eclipse.wst.common.component
+++ b/id/server/auth/.settings/org.eclipse.wst.common.component
@@ -1,18 +1,18 @@
-<?xml version="1.0" encoding="UTF-8"?>
-<project-modules id="moduleCoreId" project-version="1.5.0">
-<wb-module deploy-name="moa-id-auth">
-<wb-resource deploy-path="/WEB-INF/classes" source-path="/src/main/resources"/>
- <wb-resource deploy-path="/" source-path="/src/main/webapp"/>
- <dependent-module deploy-path="/WEB-INF/lib" handle="module:/resource/moa-spss-lib/moa-spss-lib">
- <dependency-type>uses</dependency-type>
- </dependent-module>
- <dependent-module deploy-path="/WEB-INF/lib" handle="module:/resource/moa-common/moa-common">
- <dependency-type>uses</dependency-type>
- </dependent-module>
- <dependent-module deploy-path="/WEB-INF/lib" handle="module:/resource/moa-id-lib/moa-id-lib">
- <dependency-type>uses</dependency-type>
- </dependent-module>
-<property name="java-output-path" value="target/classes"/>
- <property name="context-root" value="moa-id-auth"/>
-</wb-module>
-</project-modules>
+<?xml version="1.0" encoding="UTF-8"?>
+<project-modules id="moduleCoreId" project-version="1.5.0">
+<wb-module deploy-name="moa-id-auth">
+<wb-resource deploy-path="/WEB-INF/classes" source-path="/src/main/resources"/>
+ <wb-resource deploy-path="/" source-path="/src/main/webapp"/>
+ <dependent-module deploy-path="/WEB-INF/lib" handle="module:/resource/moa-spss-lib/moa-spss-lib">
+ <dependency-type>uses</dependency-type>
+ </dependent-module>
+ <dependent-module deploy-path="/WEB-INF/lib" handle="module:/resource/moa-common/moa-common">
+ <dependency-type>uses</dependency-type>
+ </dependent-module>
+ <dependent-module deploy-path="/WEB-INF/lib" handle="module:/resource/moa-id-lib/moa-id-lib">
+ <dependency-type>uses</dependency-type>
+ </dependent-module>
+<property name="java-output-path" value="target/classes"/>
+ <property name="context-root" value="moa-id-auth"/>
+</wb-module>
+</project-modules>
diff --git a/id/server/auth/pom.xml b/id/server/auth/pom.xml
index e24b3273b..ed9e68aa7 100644
--- a/id/server/auth/pom.xml
+++ b/id/server/auth/pom.xml
@@ -2,14 +2,14 @@
<parent>
<groupId>MOA.id</groupId>
<artifactId>moa-id</artifactId>
- <version>1.4.6</version>
+ <version>1.4.7</version>
</parent>
<modelVersion>4.0.0</modelVersion>
<groupId>MOA.id.server</groupId>
<artifactId>moa-id-auth</artifactId>
<packaging>war</packaging>
- <version>1.4.6</version>
+ <version>1.4.7</version>
<name>MOA ID-Auth WebService</name>
<properties>
diff --git a/id/server/auth/src/main/webapp/WEB-INF/web.xml b/id/server/auth/src/main/webapp/WEB-INF/web.xml
index 5c729ef19..e1261b819 100644
--- a/id/server/auth/src/main/webapp/WEB-INF/web.xml
+++ b/id/server/auth/src/main/webapp/WEB-INF/web.xml
@@ -22,6 +22,18 @@
<description>Verify identity link coming from security layer</description>
<servlet-class>at.gv.egovernment.moa.id.auth.servlet.VerifyIdentityLinkServlet</servlet-class>
</servlet>
+ <servlet>
+ <servlet-name>VerifyCertificate</servlet-name>
+ <display-name>VerifyCertificate</display-name>
+ <description>Verify the certificate coming from security layer</description>
+ <servlet-class>at.gv.egovernment.moa.id.auth.servlet.VerifyCertificateServlet</servlet-class>
+ </servlet>
+ <servlet>
+ <servlet-name>GetForeignID</servlet-name>
+ <display-name>GetForeignID</display-name>
+ <description>Gets the foreign eID from security layer</description>
+ <servlet-class>at.gv.egovernment.moa.id.auth.servlet.GetForeignIDServlet</servlet-class>
+ </servlet>
<servlet>
<servlet-name>ProcessInput</servlet-name>
<display-name>ProcessInput</display-name>
@@ -76,6 +88,16 @@
<servlet-name>VerifyIdentityLink</servlet-name>
<url-pattern>/VerifyIdentityLink</url-pattern>
</servlet-mapping>
+ <servlet-mapping>
+ <servlet-name>VerifyCertificate</servlet-name>
+ <url-pattern>/VerifyCertificate</url-pattern>
+ </servlet-mapping>
+
+ <servlet-mapping>
+ <servlet-name>GetForeignID</servlet-name>
+ <url-pattern>/GetForeignID</url-pattern>
+ </servlet-mapping>
+
<servlet-mapping>
<servlet-name>ProcessInput</servlet-name>
<url-pattern>/ProcessInput</url-pattern>
diff --git a/id/server/data/deploy/conf/moa-id/SampleMOAIDConfiguration.xml b/id/server/data/deploy/conf/moa-id/SampleMOAIDConfiguration.xml
index 4de75a2af..f8f6f2677 100644
--- a/id/server/data/deploy/conf/moa-id/SampleMOAIDConfiguration.xml
+++ b/id/server/data/deploy/conf/moa-id/SampleMOAIDConfiguration.xml
@@ -18,6 +18,9 @@
</Templates>
<!-- Transformationen fuer die Anzeige des AUTH-Block im Secure Viewer -->
<SecurityLayer>
+ <!-- TransformInfo in Tabellenform, bevorzugte Variante im xhtml-Format -->
+ <TransformsInfo filename="transforms/TransformsInfoAuthBlockTable_DE.xml"/>
+ <TransformsInfo filename="transforms/TransformsInfoAuthBlockTable_EN.xml"/>
<!-- TransformInfo in Textform, bevorzugte Variante im xhtml-Format -->
<TransformsInfo filename="transforms/TransformsInfoAuthBlockText.xml"/>
<!-- TransformInfo in Textform, alternative Variante fuer aeltere BKU -->
@@ -61,6 +64,9 @@
<!-- <VerifyTransformsInfoProfileID>MOAIDTransformAuthBlock_deprecated</VerifyTransformsInfoProfileID> -->
<!-->Auskommentieren, falls die in der Beispiel-Onlineapplikation definierte Transformationverwendet wird:<-->
<!--VerifyTransformsInfoProfileID>MOAIDTransformAuthBlock</VerifyTransformsInfoProfileID-->
+ <!-- Für TransformsInfoProfile in Tabellenform -->
+ <VerifyTransformsInfoProfileID>MOAIDTransformAuthBlockTable_DE</VerifyTransformsInfoProfileID>
+ <VerifyTransformsInfoProfileID>MOAIDTransformAuthBlockTable_EN</VerifyTransformsInfoProfileID>
</VerifyAuthBlock>
</MOA-SP>
@@ -123,7 +129,7 @@
<!-- Eintragung fuer jede Online-Applikation -->
<!-- publicURLPrefix referenziert hier keine richtige Online Applikation; muss angepasst werden -->
- <OnlineApplication publicURLPrefix="https://localhost:8443/">
+ <OnlineApplication publicURLPrefix="https://localhost:8443/" friendlyName="Online Applikation 1">
<!-- fuer MOA-ID-AUTH -->
<AuthComponent slVersion="1.2">
<!-->Lokale Templates zum Anpassen der Seiten &quot;Auswahl der B&uuml;rgerkartenumgebung&quot; und
diff --git a/id/server/data/deploy/conf/moa-id/SampleMOAIDConfigurationProxy.xml b/id/server/data/deploy/conf/moa-id/SampleMOAIDConfigurationProxy.xml
index 3e51b28fd..b6a0ed6a2 100644
--- a/id/server/data/deploy/conf/moa-id/SampleMOAIDConfigurationProxy.xml
+++ b/id/server/data/deploy/conf/moa-id/SampleMOAIDConfigurationProxy.xml
@@ -18,10 +18,13 @@
</Templates>
<!-- Transformationen fuer die Anzeige des AUTH-Block im Secure Viewer -->
<SecurityLayer>
+ <!-- TransformInfo in Tabellenform, bevorzugte Variante im xhtml-Format -->
+ <TransformsInfo filename="transforms/TransformsInfoAuthBlockTable_DE.xml"/>
+ <TransformsInfo filename="transforms/TransformsInfoAuthBlockTable_EN.xml"/>
<!-- TransformInfo in Textform, bevorzugte Variante im xhtml-Format -->
- <TransformsInfo filename="transforms/TransformsInfoAuthBlockText.xml"/>
+ <!-- TransformsInfo filename="transforms/TransformsInfoAuthBlockText.xml"/ -->
<!-- TransformInfo in Textform, alternative Variante fuer aeltere BKU -->
- <TransformsInfo filename="transforms/TransformsInfoAuthBlockText_deprecated.xml"/>
+ <!-- TransformsInfo filename="transforms/TransformsInfoAuthBlockText_deprecated.xml"/ -->
<!-- TransformInfo in Tabellenform, bevorzugte Variante im xhtml-Format -->
<!-- <TransformsInfo filename="transforms/TransformsInfoAuthBlock.xml"/> -->
<!-- TransformInfo in Tabellenform, alternative Variante fuer aeltere BKU -->
@@ -49,6 +52,9 @@
<!-- <VerifyTransformsInfoProfileID>MOAIDTransformAuthBlock_deprecated</VerifyTransformsInfoProfileID> -->
<!-->Auskommentieren, falls die in der Beispiel-Onlineapplikation definierte Transformationverwendet wird:<-->
<!--VerifyTransformsInfoProfileID>MOAIDTransformAuthBlock</VerifyTransformsInfoProfileID-->
+ <!-- Für TransformsInfoProfile in Tabellenform -->
+ <VerifyTransformsInfoProfileID>MOAIDTransformAuthBlockTable_DE</VerifyTransformsInfoProfileID>
+ <VerifyTransformsInfoProfileID>MOAIDTransformAuthBlockTable_EN</VerifyTransformsInfoProfileID>
</VerifyAuthBlock>
</MOA-SP>
@@ -122,7 +128,7 @@
<!-- Eintragung fuer jede Online-Applikation -->
<!-- Demo Online-Applikation: Zugriff auf www.digitales.oesterreich.gv.at ueber MOA-ID-PROXY -->
- <OnlineApplication publicURLPrefix="https://localhost:8443/">
+ <OnlineApplication publicURLPrefix="https://localhost:8443/" friendlyName="Online Applikation 1">
<!-- fuer MOA-ID-AUTH -->
<AuthComponent slVersion="1.2">
<!-->Lokale Templates zum Anpassen der Seiten &quot;Auswahl der B&uuml;rgerkartenumgebung&quot; und
diff --git a/id/server/data/deploy/conf/moa-id/SampleMOAIDConfiguration_withTestBKs.xml b/id/server/data/deploy/conf/moa-id/SampleMOAIDConfiguration_withTestBKs.xml
index 013487953..f25557ea2 100644
--- a/id/server/data/deploy/conf/moa-id/SampleMOAIDConfiguration_withTestBKs.xml
+++ b/id/server/data/deploy/conf/moa-id/SampleMOAIDConfiguration_withTestBKs.xml
@@ -20,10 +20,13 @@
</Templates>
<!-- Transformationen fuer die Anzeige des AUTH-Block im Secure Viewer -->
<SecurityLayer>
+ <!-- TransformInfo in Tabellenform, bevorzugte Variante im xhtml-Format -->
+ <TransformsInfo filename="transforms/TransformsInfoAuthBlockTable_DE.xml"/>
+ <TransformsInfo filename="transforms/TransformsInfoAuthBlockTable_EN.xml"/>
<!-- TransformInfo in Textform, bevorzugte Variante im xhtml-Format -->
- <TransformsInfo filename="transforms/TransformsInfoAuthBlockText.xml"/>
+ <!-- TransformsInfo filename="transforms/TransformsInfoAuthBlockText.xml"/ -->
<!-- TransformInfo in Textform, alternative Variante fuer aeltere BKU -->
- <TransformsInfo filename="transforms/TransformsInfoAuthBlockText_deprecated.xml"/>
+ <!-- TransformsInfo filename="transforms/TransformsInfoAuthBlockText_deprecated.xml"/ -->
<!-- TransformInfo in Tabellenform, bevorzugte Variante im xhtml-Format -->
<!-- <TransformsInfo filename="transforms/TransformsInfoAuthBlock.xml"/> -->
<!-- TransformInfo in Tabellenform, alternative Variante fuer aeltere BKU -->
@@ -52,6 +55,9 @@
<!-- <VerifyTransformsInfoProfileID>MOAIDTransformAuthBlock_deprecated</VerifyTransformsInfoProfileID> -->
<!-->Auskommentieren, falls die in der Beispiel-Onlineapplikation definierte Transformationverwendet wird:<-->
<!--VerifyTransformsInfoProfileID>MOAIDTransformAuthBlock</VerifyTransformsInfoProfileID-->
+ <!-- Für TransformsInfoProfile in Tabellenform -->
+ <VerifyTransformsInfoProfileID>MOAIDTransformAuthBlockTable_DE</VerifyTransformsInfoProfileID>
+ <VerifyTransformsInfoProfileID>MOAIDTransformAuthBlockTable_EN</VerifyTransformsInfoProfileID>
</VerifyAuthBlock>
</MOA-SP>
@@ -120,7 +126,7 @@
<!-- Eintragung fuer jede Online-Applikation -->
<!-- publicURLPrefix referenziert hier keine richtige Online Applikation; muss angepasst werden -->
- <OnlineApplication publicURLPrefix="https://localhost:8443/">
+ <OnlineApplication publicURLPrefix="https://localhost:8443/" friendlyName="Online Applikation 1">
<!-- fuer MOA-ID-AUTH -->
<AuthComponent slVersion="1.2">
<!-->Lokale Templates zum Anpassen der Seiten &quot;Auswahl der B&uuml;rgerkartenumgebung&quot; und
diff --git a/id/server/data/deploy/conf/moa-id/SampleMOAIDConfiguration_withTestBKsProxy.xml b/id/server/data/deploy/conf/moa-id/SampleMOAIDConfiguration_withTestBKsProxy.xml
index 33e812767..81a3d02ca 100644
--- a/id/server/data/deploy/conf/moa-id/SampleMOAIDConfiguration_withTestBKsProxy.xml
+++ b/id/server/data/deploy/conf/moa-id/SampleMOAIDConfiguration_withTestBKsProxy.xml
@@ -19,10 +19,13 @@
</Templates>
<!-- Transformationen fuer die Anzeige des AUTH-Block im Secure Viewer -->
<SecurityLayer>
+ <!-- TransformInfo in Tabellenform, bevorzugte Variante im xhtml-Format -->
+ <TransformsInfo filename="transforms/TransformsInfoAuthBlockTable_DE.xml"/>
+ <TransformsInfo filename="transforms/TransformsInfoAuthBlockTable_EN.xml"/>
<!-- TransformInfo in Textform, bevorzugte Variante im xhtml-Format -->
- <TransformsInfo filename="transforms/TransformsInfoAuthBlockText.xml"/>
+ <!-- TransformsInfo filename="transforms/TransformsInfoAuthBlockText.xml"/ -->
<!-- TransformInfo in Textform, alternative Variante fuer aeltere BKU -->
- <TransformsInfo filename="transforms/TransformsInfoAuthBlockText_deprecated.xml"/>
+ <!-- TransformsInfo filename="transforms/TransformsInfoAuthBlockText_deprecated.xml"/ -->
<!-- TransformInfo in Tabellenform, bevorzugte Variante im xhtml-Format -->
<!-- <TransformsInfo filename="transforms/TransformsInfoAuthBlock.xml"/> -->
<!-- TransformInfo in Tabellenform, alternative Variante fuer aeltere BKU -->
@@ -51,6 +54,9 @@
<!-- <VerifyTransformsInfoProfileID>MOAIDTransformAuthBlock_deprecated</VerifyTransformsInfoProfileID> -->
<!-->Auskommentieren, falls die in der Beispiel-Onlineapplikation definierte Transformationverwendet wird:<-->
<!--VerifyTransformsInfoProfileID>MOAIDTransformAuthBlock</VerifyTransformsInfoProfileID-->
+ <!-- Für TransformsInfoProfile in Tabellenform -->
+ <VerifyTransformsInfoProfileID>MOAIDTransformAuthBlockTable_DE</VerifyTransformsInfoProfileID>
+ <VerifyTransformsInfoProfileID>MOAIDTransformAuthBlockTable_EN</VerifyTransformsInfoProfileID>
</VerifyAuthBlock>
</MOA-SP>
@@ -130,7 +136,7 @@
<!-- Eintragung fuer jede Online-Applikation -->
<!-- Demo Online-Applikation: Zugriff auf www.digitales.oesterreich.gv.at ueber MOA-ID-PROXY -->
- <OnlineApplication publicURLPrefix="https://localhost:8443/">
+ <OnlineApplication publicURLPrefix="https://localhost:8443/" friendlyName="Online Applikation 1">
<!-- fuer MOA-ID-AUTH -->
<AuthComponent slVersion="1.2">
<!-->Lokale Templates zum Anpassen der Seiten &quot;Auswahl der B&uuml;rgerkartenumgebung&quot; und
diff --git a/id/server/data/deploy/conf/moa-id/SampleMOAWIDConfiguration.xml b/id/server/data/deploy/conf/moa-id/SampleMOAWIDConfiguration.xml
index 3d2ccec9f..d6755f14f 100644
--- a/id/server/data/deploy/conf/moa-id/SampleMOAWIDConfiguration.xml
+++ b/id/server/data/deploy/conf/moa-id/SampleMOAWIDConfiguration.xml
@@ -18,10 +18,13 @@
</Templates>
<!-- Transformationen fuer die Anzeige des AUTH-Block im Secure Viewer -->
<SecurityLayer>
+ <!-- TransformInfo in Tabellenform, bevorzugte Variante im xhtml-Format -->
+ <TransformsInfo filename="transforms/TransformsInfoAuthBlockTable_DE.xml"/>
+ <TransformsInfo filename="transforms/TransformsInfoAuthBlockTable_EN.xml"/>
<!-- TransformInfo in Textform, bevorzugte Variante im xhtml-Format -->
- <TransformsInfo filename="transforms/TransformsInfoAuthBlockText.xml"/>
+ <!-- TransformsInfo filename="transforms/TransformsInfoAuthBlockText.xml"/ -->
<!-- TransformInfo in Textform, alternative Variante fuer aeltere BKU -->
- <TransformsInfo filename="transforms/TransformsInfoAuthBlockText_deprecated.xml"/>
+ <!-- TransformsInfo filename="transforms/TransformsInfoAuthBlockText_deprecated.xml"/ -->
<!-- TransformInfo in Tabellenform, bevorzugte Variante im xhtml-Format -->
<!-- <TransformsInfo filename="transforms/TransformsInfoAuthBlock.xml"/> -->
<!-- TransformInfo in Tabellenform, alternative Variante fuer aeltere BKU -->
@@ -49,6 +52,9 @@
<!-- <VerifyTransformsInfoProfileID>MOAIDTransformAuthBlock_deprecated</VerifyTransformsInfoProfileID> -->
<!-->Auskommentieren, falls die in der Beispiel-Onlineapplikation definierte Transformationverwendet wird:<-->
<!--VerifyTransformsInfoProfileID>MOAIDTransformAuthBlock</VerifyTransformsInfoProfileID-->
+ <!-- Für TransformsInfoProfile in Tabellenform -->
+ <VerifyTransformsInfoProfileID>MOAIDTransformAuthBlockTable_DE</VerifyTransformsInfoProfileID>
+ <VerifyTransformsInfoProfileID>MOAIDTransformAuthBlockTable_EN</VerifyTransformsInfoProfileID>
</VerifyAuthBlock>
</MOA-SP>
@@ -109,7 +115,7 @@
<!-- Eintragung fuer jede Online-Applikation -->
<!-- publicURLPrefix referenziert hier keine richtige Online Applikation; muss angepasst werden -->
- <OnlineApplication type="businessService" publicURLPrefix="https://localhost:8443/">
+ <OnlineApplication type="businessService" publicURLPrefix="https://localhost:8443/" friendlyName="Online Applikation 1">
<!-- fuer MOA-ID-AUTH WID Modus -->
<AuthComponent slVersion="1.2" provideStammzahl="true" provideAUTHBlock="true" provideIdentityLink="false" provideCertificate="true">
<!-- Spezifikation der Stammzahl des Wirtschaftsunternehmens -->
diff --git a/id/server/data/deploy/conf/moa-id/SampleMOAWIDConfigurationProxy.xml b/id/server/data/deploy/conf/moa-id/SampleMOAWIDConfigurationProxy.xml
index 69f2e17e1..163de5cdb 100644
--- a/id/server/data/deploy/conf/moa-id/SampleMOAWIDConfigurationProxy.xml
+++ b/id/server/data/deploy/conf/moa-id/SampleMOAWIDConfigurationProxy.xml
@@ -18,10 +18,13 @@
</Templates>
<!-- Transformationen fuer die Anzeige des AUTH-Block im Secure Viewer -->
<SecurityLayer>
+ <!-- TransformInfo in Tabellenform, bevorzugte Variante im xhtml-Format -->
+ <TransformsInfo filename="transforms/TransformsInfoAuthBlockTable_DE.xml"/>
+ <TransformsInfo filename="transforms/TransformsInfoAuthBlockTable_EN.xml"/>
<!-- TransformInfo in Textform, bevorzugte Variante im xhtml-Format -->
- <TransformsInfo filename="transforms/TransformsInfoAuthBlockText.xml"/>
+ <!-- TransformsInfo filename="transforms/TransformsInfoAuthBlockText.xml"/ -->
<!-- TransformInfo in Textform, alternative Variante fuer aeltere BKU -->
- <TransformsInfo filename="transforms/TransformsInfoAuthBlockText_deprecated.xml"/>
+ <!-- TransformsInfo filename="transforms/TransformsInfoAuthBlockText_deprecated.xml"/ -->
<!-- TransformInfo in Tabellenform, bevorzugte Variante im xhtml-Format -->
<!-- <TransformsInfo filename="transforms/TransformsInfoAuthBlock.xml"/> -->
<!-- TransformInfo in Tabellenform, alternative Variante fuer aeltere BKU -->
@@ -49,6 +52,9 @@
<!-- <VerifyTransformsInfoProfileID>MOAIDTransformAuthBlock_deprecated</VerifyTransformsInfoProfileID> -->
<!-->Auskommentieren, falls die in der Beispiel-Onlineapplikation definierte Transformationverwendet wird:<-->
<!--VerifyTransformsInfoProfileID>MOAIDTransformAuthBlock</VerifyTransformsInfoProfileID-->
+ <!-- Für TransformsInfoProfile in Tabellenform -->
+ <VerifyTransformsInfoProfileID>MOAIDTransformAuthBlockTable_DE</VerifyTransformsInfoProfileID>
+ <VerifyTransformsInfoProfileID>MOAIDTransformAuthBlockTable_EN</VerifyTransformsInfoProfileID>
</VerifyAuthBlock>
</MOA-SP>
@@ -120,7 +126,7 @@
<!-- Eintragung fuer jede Online-Applikation -->
<!-- Demo Online-Applikation fuer MOA-WID: Zugriff auf www.digitales.oesterreich.gv.at ueber MOA-ID-PROXY -->
- <OnlineApplication type="businessService" publicURLPrefix="https://localhost:8443/">
+ <OnlineApplication type="businessService" publicURLPrefix="https://localhost:8443/" friendlyName="Online Applikation 1">
<!-- fuer MOA-ID-AUTH WID Modus -->
<AuthComponent slVersion="1.2" provideStammzahl="true" provideAUTHBlock="true" provideIdentityLink="false" provideCertificate="true">
<!-- Spezifikation der Stammzahl des Wirtschaftsunternehmens -->
diff --git a/id/server/data/deploy/conf/moa-id/SampleMOAWIDConfiguration_withTestBKs.xml b/id/server/data/deploy/conf/moa-id/SampleMOAWIDConfiguration_withTestBKs.xml
index 116485d33..965222fd0 100644
--- a/id/server/data/deploy/conf/moa-id/SampleMOAWIDConfiguration_withTestBKs.xml
+++ b/id/server/data/deploy/conf/moa-id/SampleMOAWIDConfiguration_withTestBKs.xml
@@ -19,10 +19,13 @@
</Templates>
<!-- Transformationen fuer die Anzeige des AUTH-Block im Secure Viewer -->
<SecurityLayer>
+ <!-- TransformInfo in Tabellenform, bevorzugte Variante im xhtml-Format -->
+ <TransformsInfo filename="transforms/TransformsInfoAuthBlockTable_DE.xml"/>
+ <TransformsInfo filename="transforms/TransformsInfoAuthBlockTable_EN.xml"/>
<!-- TransformInfo in Textform, bevorzugte Variante im xhtml-Format -->
- <TransformsInfo filename="transforms/TransformsInfoAuthBlockText.xml"/>
+ <!-- TransformsInfo filename="transforms/TransformsInfoAuthBlockText.xml"/ -->
<!-- TransformInfo in Textform, alternative Variante fuer aeltere BKU -->
- <TransformsInfo filename="transforms/TransformsInfoAuthBlockText_deprecated.xml"/>
+ <!-- TransformsInfo filename="transforms/TransformsInfoAuthBlockText_deprecated.xml"/ -->
<!-- TransformInfo in Tabellenform, bevorzugte Variante im xhtml-Format -->
<!-- <TransformsInfo filename="transforms/TransformsInfoAuthBlock.xml"/> -->
<!-- TransformInfo in Tabellenform, alternative Variante fuer aeltere BKU -->
@@ -51,6 +54,9 @@
<!-- <VerifyTransformsInfoProfileID>MOAIDTransformAuthBlock_deprecated</VerifyTransformsInfoProfileID> -->
<!-->Auskommentieren, falls die in der Beispiel-Onlineapplikation definierte Transformationverwendet wird:<-->
<!--VerifyTransformsInfoProfileID>MOAIDTransformAuthBlock</VerifyTransformsInfoProfileID-->
+ <!-- Für TransformsInfoProfile in Tabellenform -->
+ <VerifyTransformsInfoProfileID>MOAIDTransformAuthBlockTable_DE</VerifyTransformsInfoProfileID>
+ <VerifyTransformsInfoProfileID>MOAIDTransformAuthBlockTable_EN</VerifyTransformsInfoProfileID>
</VerifyAuthBlock>
</MOA-SP>
@@ -117,7 +123,7 @@
<!-- Eintragung fuer jede Online-Applikation -->
<!-- publicURLPrefix referenziert hier keine richtige Online Applikation; muss angepasst werden -->
- <OnlineApplication type="businessService" publicURLPrefix="https://localhost:8443/">
+ <OnlineApplication type="businessService" publicURLPrefix="https://localhost:8443/" friendlyName="Online Applikation 1">
<!-- fuer MOA-ID-AUTH WID Modus -->
<AuthComponent slVersion="1.2" provideStammzahl="true" provideAUTHBlock="true" provideIdentityLink="false" provideCertificate="true">
<!-- Spezifikation der Stammzahl des Wirtschaftsunternehmens -->
diff --git a/id/server/data/deploy/conf/moa-id/SampleMOAWIDConfiguration_withTestBKsProxy.xml b/id/server/data/deploy/conf/moa-id/SampleMOAWIDConfiguration_withTestBKsProxy.xml
index 5a158951d..545cc892b 100644
--- a/id/server/data/deploy/conf/moa-id/SampleMOAWIDConfiguration_withTestBKsProxy.xml
+++ b/id/server/data/deploy/conf/moa-id/SampleMOAWIDConfiguration_withTestBKsProxy.xml
@@ -19,10 +19,13 @@
</Templates>
<!-- Transformationen fuer die Anzeige des AUTH-Block im Secure Viewer -->
<SecurityLayer>
+ <!-- TransformInfo in Tabellenform, bevorzugte Variante im xhtml-Format -->
+ <TransformsInfo filename="transforms/TransformsInfoAuthBlockTable_DE.xml"/>
+ <TransformsInfo filename="transforms/TransformsInfoAuthBlockTable_EN.xml"/>
<!-- TransformInfo in Textform, bevorzugte Variante im xhtml-Format -->
- <TransformsInfo filename="transforms/TransformsInfoAuthBlockText.xml"/>
+ <!-- TransformsInfo filename="transforms/TransformsInfoAuthBlockText.xml"/ -->
<!-- TransformInfo in Textform, alternative Variante fuer aeltere BKU -->
- <TransformsInfo filename="transforms/TransformsInfoAuthBlockText_deprecated.xml"/>
+ <!-- TransformsInfo filename="transforms/TransformsInfoAuthBlockText_deprecated.xml"/ -->
<!-- TransformInfo in Tabellenform, bevorzugte Variante im xhtml-Format -->
<!-- <TransformsInfo filename="transforms/TransformsInfoAuthBlock.xml"/> -->
<!-- TransformInfo in Tabellenform, alternative Variante fuer aeltere BKU -->
@@ -51,6 +54,9 @@
<!-- <VerifyTransformsInfoProfileID>MOAIDTransformAuthBlock_deprecated</VerifyTransformsInfoProfileID> -->
<!-->Auskommentieren, falls die in der Beispiel-Onlineapplikation definierte Transformationverwendet wird:<-->
<!--VerifyTransformsInfoProfileID>MOAIDTransformAuthBlock</VerifyTransformsInfoProfileID-->
+ <!-- Für TransformsInfoProfile in Tabellenform -->
+ <VerifyTransformsInfoProfileID>MOAIDTransformAuthBlockTable_DE</VerifyTransformsInfoProfileID>
+ <VerifyTransformsInfoProfileID>MOAIDTransformAuthBlockTable_EN</VerifyTransformsInfoProfileID>
</VerifyAuthBlock>
</MOA-SP>
@@ -128,7 +134,7 @@
<!-- Eintragung fuer jede Online-Applikation -->
<!-- Demo Online-Applikation fuer MOA-WID: Zugriff auf www.digitales.oesterreich.gv.at ueber MOA-ID-PROXY -->
- <OnlineApplication type="businessService" publicURLPrefix="https://localhost:8443/">
+ <OnlineApplication type="businessService" publicURLPrefix="https://localhost:8443/" friendlyName="Online Applikation 1">
<!-- fuer MOA-ID-AUTH WID Modus -->
<AuthComponent slVersion="1.2" provideStammzahl="true" provideAUTHBlock="true" provideIdentityLink="false" provideCertificate="true">
<!-- Spezifikation der Stammzahl des Wirtschaftsunternehmens -->
diff --git a/id/server/data/deploy/conf/moa-id/transforms/TransformsInfoAuthBlockTable_DE.xml b/id/server/data/deploy/conf/moa-id/transforms/TransformsInfoAuthBlockTable_DE.xml
new file mode 100644
index 000000000..240126693
--- /dev/null
+++ b/id/server/data/deploy/conf/moa-id/transforms/TransformsInfoAuthBlockTable_DE.xml
@@ -0,0 +1,161 @@
+<sl10:TransformsInfo>
+ <dsig:Transforms xmlns:dsig="http://www.w3.org/2000/09/xmldsig#">
+ <dsig:Transform Algorithm="http://www.w3.org/TR/1999/REC-xslt-19991116"><xsl:stylesheet version="1.0" xmlns:xsl="http://www.w3.org/1999/XSL/Transform" xmlns:saml="urn:oasis:names:tc:SAML:1.0:assertion" xmlns:pr="http://reference.e-government.gv.at/namespace/persondata/20020228#" exclude-result-prefixes="pr saml">
+ <xsl:output method="xml" xml:space="default"/>
+ <xsl:template match="/" xmlns="http://www.w3.org/1999/xhtml">
+ <html>
+ <head>
+ <title>Signatur der Anmeldedaten</title>
+ <style type="text/css" media="screen">.boldstyle { font-weight: bold; } .italicstyle { font-style: italic; } .annotationstyle { font-size: small; } .graybground {background-color: #E0E0E0;}
+ .titlestyle{ text-decoration:underline; font-weight:bold; font-family: Verdana; font-size: x-small; }
+ .h4style{ font-family: Verdana; }
+ table.parameters { font-size: x-small; }
+ </style>
+ </head>
+ <body>
+ <h4 class="h4style">Anmeldedaten:</h4>
+
+ <p class="titlestyle">Daten zur Person</p>
+ <table class="parameters">
+ <xsl:if test="normalize-space(//@Issuer)">
+ <tr>
+ <td class="italicstyle">Name:</td>
+ <td>
+ <xsl:value-of select="//@Issuer"/>
+ </td>
+ </tr>
+ </xsl:if>
+ <xsl:if test="string(//saml:Attribute[@AttributeName='Geburtsdatum']/saml:AttributeValue)">
+ <tr>
+ <td class="italicstyle">Geburtsdatum:</td>
+ <td>
+ <xsl:value-of select="substring(//saml:Attribute[@AttributeName='Geburtsdatum']/saml:AttributeValue,9,2)"/>
+ <xsl:text>.</xsl:text>
+ <xsl:value-of select="substring(//saml:Attribute[@AttributeName='Geburtsdatum']/saml:AttributeValue,6,2)"/>
+ <xsl:text>.</xsl:text>
+ <xsl:value-of select="substring(//saml:Attribute[@AttributeName='Geburtsdatum']/saml:AttributeValue,1,4)"/>
+ </td>
+ </tr>
+ </xsl:if>
+ <xsl:if test="//saml:Attribute[@AttributeName='OIDTextualDescription']">
+ <tr>
+ <td class="italicstyle">Rolle:</td>
+ <td><xsl:value-of select="//saml:Attribute[@AttributeName='OIDTextualDescription']/saml:AttributeValue"/></td>
+ </tr>
+ </xsl:if>
+ </table>
+
+ <xsl:if test="//saml:Attribute[@AttributeName='MandatorName']">
+ <hr/>
+ <xsl:text>Ich bin weiters ermächtigt als </xsl:text>
+ <xsl:value-of select="//saml:Attribute[@AttributeName='RepresentationType']/saml:AttributeValue/text()"/>
+ <xsl:text> von </xsl:text>
+ <xsl:value-of select="//saml:Attribute[@AttributeName='MandatorName']/saml:AttributeValue/text()"/>
+ <xsl:if test="//saml:Attribute[@AttributeName='MandatorDateOfBirth']">
+ <xsl:text>, geboren am </xsl:text>
+ <xsl:value-of select="substring(//saml:Attribute[@AttributeName='MandatorDateOfBirth']/saml:AttributeValue,9,2)"/>
+ <xsl:text>.</xsl:text>
+ <xsl:value-of select="substring(//saml:Attribute[@AttributeName='MandatorDateOfBirth']/saml:AttributeValue,6,2)"/>
+ <xsl:text>.</xsl:text>
+ <xsl:value-of select="substring(//saml:Attribute[@AttributeName='MandatorDateOfBirth']/saml:AttributeValue,1,4)"/>
+ </xsl:if>
+ <xsl:if test="//saml:Attribute[@AttributeName='MandatorDomainIdentifier']">
+ <xsl:text>, </xsl:text>
+ <xsl:value-of select="//saml:Attribute[@AttributeName='MandatorDomainIdentifier']/saml:AttributeValue/text()"/>
+ </xsl:if>
+ <xsl:text>, in deren Auftrag zu handeln.</xsl:text>
+ <p/>
+ </xsl:if>
+
+ <p class="titlestyle">Daten zur Anwendung</p>
+ <table class="parameters">
+ <tr>
+ <td class="italicstyle">Name:</td>
+ <td><xsl:value-of select="//saml:Attribute[@AttributeName='oaFriendlyName']/saml:AttributeValue"/></td>
+ </tr>
+ <tr>
+ <td class="italicstyle">Staat:</td>
+ <td>Österreich</td>
+ </tr>
+ </table>
+
+ <p class="titlestyle">Technische Parameter</p>
+ <table class="parameters">
+ <tr>
+ <td class="italicstyle">URL:</td>
+ <td><xsl:value-of select="//saml:Attribute[@AttributeName='OA']/saml:AttributeValue"/></td>
+ </tr>
+ <xsl:if test="//saml:Attribute[@AttributeName='Geschaeftsbereich']">
+ <tr>
+ <td class="italicstyle">Bereich:</td>
+ <td><xsl:value-of select="//saml:Attribute[@AttributeName='Geschaeftsbereich']/saml:AttributeValue"/></td>
+ </tr>
+ </xsl:if>
+ <xsl:if test="//saml:Attribute[@AttributeName='IdentityLinkDomainIdentifierType']">
+ <tr>
+ <td class="italicstyle"><xsl:value-of select="//saml:Attribute[@AttributeName='IdentityLinkDomainIdentifierType']"/>:</td>
+ <td><xsl:value-of select="//saml:Attribute[@AttributeName='wbPK']/saml:AttributeValue/pr:Identification/pr:Type"/></td>
+ </tr>
+ </xsl:if>
+ <xsl:if test="//saml:Attribute[@AttributeName='bPK'] or //saml:Attribute[@AttributeName='wbPK']">
+ <tr>
+ <td class="italicstyle">Identifikator:</td>
+ <td><xsl:value-of select="//saml:Attribute[@AttributeName='bPK']/saml:AttributeValue/pr:Identification/pr:Value"/>
+ <xsl:value-of select="//saml:Attribute[@AttributeName='wbPK']/saml:AttributeValue/pr:Identification/pr:Value"/>
+ </td>
+ </tr>
+ </xsl:if>
+ <xsl:if test="//saml:Attribute[@AttributeName='MandatorWbpk']">
+ <tr>
+ <td class="italicstyle">Identifikator des Vollmachtgebers:</td>
+ <td><xsl:value-of select="//saml:Attribute[@AttributeName='MandatorWbpk']/saml:AttributeValue/text()"/>
+ </td>
+ </tr>
+ </xsl:if>
+ <xsl:if test="//saml:Attribute[@AttributeName='OIDTextualDescription']">
+ <tr>
+ <td class="italicstyle">OID:</td>
+ <td>
+ <xsl:value-of
+ select="//saml:Attribute[@AttributeName='OID']/saml:AttributeValue"/>
+ </td>
+ </tr>
+ </xsl:if>
+ <xsl:if test="//saml:Attribute[@AttributeName='HPI']">
+ <tr>
+ <td class="italicstyle">HPI:</td>
+ <td><xsl:value-of select="//saml:Attribute[@AttributeName='HPI']/saml:AttributeValue"/></td>
+ </tr>
+ </xsl:if>
+ <tr>
+ <td class="italicstyle">Datum:</td>
+ <td>
+ <xsl:value-of select="substring(//@IssueInstant,9,2)"/>
+ <xsl:text>.</xsl:text>
+ <xsl:value-of select="substring(//@IssueInstant,6,2)"/>
+ <xsl:text>.</xsl:text>
+ <xsl:value-of select="substring(//@IssueInstant,1,4)"/>
+ </td>
+ </tr>
+ <tr>
+ <td class="italicstyle">Uhrzeit:</td>
+ <td>
+ <xsl:value-of select="substring(//@IssueInstant,12,2)"/>
+ <xsl:text>:</xsl:text>
+ <xsl:value-of select="substring(//@IssueInstant,15,2)"/>
+ <xsl:text>:</xsl:text>
+ <xsl:value-of select="substring(//@IssueInstant,18,2)"/>
+ </td>
+ </tr>
+ </table>
+ </body>
+ </html>
+ </xsl:template>
+ </xsl:stylesheet>
+ </dsig:Transform>
+ <dsig:Transform Algorithm="http://www.w3.org/TR/2001/REC-xml-c14n-20010315#WithComments"/>
+ </dsig:Transforms>
+ <sl10:FinalDataMetaInfo>
+ <sl10:MimeType>application/xhtml+xml</sl10:MimeType>
+ </sl10:FinalDataMetaInfo>
+</sl10:TransformsInfo>
diff --git a/id/server/data/deploy/conf/moa-id/transforms/TransformsInfoAuthBlockTable_EN.xml b/id/server/data/deploy/conf/moa-id/transforms/TransformsInfoAuthBlockTable_EN.xml
new file mode 100644
index 000000000..d30dbb42f
--- /dev/null
+++ b/id/server/data/deploy/conf/moa-id/transforms/TransformsInfoAuthBlockTable_EN.xml
@@ -0,0 +1,161 @@
+<sl10:TransformsInfo>
+ <dsig:Transforms xmlns:dsig="http://www.w3.org/2000/09/xmldsig#">
+ <dsig:Transform Algorithm="http://www.w3.org/TR/1999/REC-xslt-19991116"><xsl:stylesheet version="1.0" xmlns:xsl="http://www.w3.org/1999/XSL/Transform" xmlns:saml="urn:oasis:names:tc:SAML:1.0:assertion" xmlns:pr="http://reference.e-government.gv.at/namespace/persondata/20020228#" exclude-result-prefixes="pr saml">
+ <xsl:output method="xml" xml:space="default"/>
+ <xsl:template match="/" xmlns="http://www.w3.org/1999/xhtml">
+ <html>
+ <head>
+ <title>Signatur der Anmeldedaten</title>
+ <style type="text/css" media="screen">.boldstyle { font-weight: bold; } .italicstyle { font-style: italic; } .annotationstyle { font-size: small; } .graybground {background-color: #E0E0E0;}
+ .titlestyle{ text-decoration:underline; font-weight:bold; font-family: Verdana; font-size: x-small; }
+ .h4style{ font-family: Verdana; }
+ table.parameters { font-size: x-small; }
+ </style>
+ </head>
+ <body>
+ <h4 class="h4style">Authentication Data:</h4>
+
+ <p class="titlestyle">Personal Data</p>
+ <table class="parameters">
+ <xsl:if test="normalize-space(//@Issuer)">
+ <tr>
+ <td class="italicstyle">Name:</td>
+ <td>
+ <xsl:value-of select="//@Issuer"/>
+ </td>
+ </tr>
+ </xsl:if>
+ <xsl:if test="string(//saml:Attribute[@AttributeName='Geburtsdatum']/saml:AttributeValue)">
+ <tr>
+ <td class="italicstyle">Date of Birth:</td>
+ <td>
+ <xsl:value-of select="substring(//saml:Attribute[@AttributeName='Geburtsdatum']/saml:AttributeValue,9,2)"/>
+ <xsl:text>.</xsl:text>
+ <xsl:value-of select="substring(//saml:Attribute[@AttributeName='Geburtsdatum']/saml:AttributeValue,6,2)"/>
+ <xsl:text>.</xsl:text>
+ <xsl:value-of select="substring(//saml:Attribute[@AttributeName='Geburtsdatum']/saml:AttributeValue,1,4)"/>
+ </td>
+ </tr>
+ </xsl:if>
+ <xsl:if test="//saml:Attribute[@AttributeName='OIDTextualDescription']">
+ <tr>
+ <td class="italicstyle">Role:</td>
+ <td><xsl:value-of select="//saml:Attribute[@AttributeName='OIDTextualDescription']/saml:AttributeValue"/></td>
+ </tr>
+ </xsl:if>
+ </table>
+
+ <xsl:if test="//saml:Attribute[@AttributeName='MandatorName']">
+ <hr/>
+ <xsl:text>I am also authorized as </xsl:text>
+ <xsl:value-of select="//saml:Attribute[@AttributeName='RepresentationType']/saml:AttributeValue/text()"/>
+ <xsl:text> of </xsl:text>
+ <xsl:value-of select="//saml:Attribute[@AttributeName='MandatorName']/saml:AttributeValue/text()"/>
+ <xsl:if test="//saml:Attribute[@AttributeName='MandatorDateOfBirth']">
+ <xsl:text>, born on </xsl:text>
+ <xsl:value-of select="substring(//saml:Attribute[@AttributeName='MandatorDateOfBirth']/saml:AttributeValue,9,2)"/>
+ <xsl:text>.</xsl:text>
+ <xsl:value-of select="substring(//saml:Attribute[@AttributeName='MandatorDateOfBirth']/saml:AttributeValue,6,2)"/>
+ <xsl:text>.</xsl:text>
+ <xsl:value-of select="substring(//saml:Attribute[@AttributeName='MandatorDateOfBirth']/saml:AttributeValue,1,4)"/>
+ </xsl:if>
+ <xsl:if test="//saml:Attribute[@AttributeName='MandatorDomainIdentifier']">
+ <xsl:text>, </xsl:text>
+ <xsl:value-of select="//saml:Attribute[@AttributeName='MandatorDomainIdentifier']/saml:AttributeValue/text()"/>
+ </xsl:if>
+ <xsl:text>, to act on their behalf.</xsl:text>
+ <p/>
+ </xsl:if>
+
+ <p class="titlestyle">Application Data</p>
+ <table class="parameters">
+ <tr>
+ <td class="italicstyle">Name:</td>
+ <td><xsl:value-of select="//saml:Attribute[@AttributeName='oaFriendlyName']/saml:AttributeValue"/></td>
+ </tr>
+ <tr>
+ <td class="italicstyle">Country:</td>
+ <td>Austria</td>
+ </tr>
+ </table>
+
+ <p class="titlestyle">Technical Parameters</p>
+ <table class="parameters">
+ <tr>
+ <td class="italicstyle">URL:</td>
+ <td><xsl:value-of select="//saml:Attribute[@AttributeName='OA']/saml:AttributeValue"/></td>
+ </tr>
+ <xsl:if test="//saml:Attribute[@AttributeName='Geschaeftsbereich']">
+ <tr>
+ <td class="italicstyle">Sector:</td>
+ <td><xsl:value-of select="//saml:Attribute[@AttributeName='Geschaeftsbereich']/saml:AttributeValue"/></td>
+ </tr>
+ </xsl:if>
+ <xsl:if test="//saml:Attribute[@AttributeName='IdentityLinkDomainIdentifierType']">
+ <tr>
+ <td class="italicstyle"><xsl:value-of select="//saml:Attribute[@AttributeName='IdentityLinkDomainIdentifierType']"/>:</td>
+ <td><xsl:value-of select="//saml:Attribute[@AttributeName='wbPK']/saml:AttributeValue/pr:Identification/pr:Type"/></td>
+ </tr>
+ </xsl:if>
+ <xsl:if test="//saml:Attribute[@AttributeName='bPK'] or //saml:Attribute[@AttributeName='wbPK']">
+ <tr>
+ <td class="italicstyle">Identifier:</td>
+ <td><xsl:value-of select="//saml:Attribute[@AttributeName='bPK']/saml:AttributeValue/pr:Identification/pr:Value"/>
+ <xsl:value-of select="//saml:Attribute[@AttributeName='wbPK']/saml:AttributeValue/pr:Identification/pr:Value"/>
+ </td>
+ </tr>
+ </xsl:if>
+ <xsl:if test="//saml:Attribute[@AttributeName='MandatorWbpk']">
+ <tr>
+ <td class="italicstyle">Identifier of the principal:</td>
+ <td><xsl:value-of select="//saml:Attribute[@AttributeName='MandatorWbpk']/saml:AttributeValue/text()"/>
+ </td>
+ </tr>
+ </xsl:if>
+ <xsl:if test="//saml:Attribute[@AttributeName='OIDTextualDescription']">
+ <tr>
+ <td class="italicstyle">OID:</td>
+ <td>
+ <xsl:value-of
+ select="//saml:Attribute[@AttributeName='OID']/saml:AttributeValue"/>
+ </td>
+ </tr>
+ </xsl:if>
+ <xsl:if test="//saml:Attribute[@AttributeName='HPI']">
+ <tr>
+ <td class="italicstyle">HPI:</td>
+ <td><xsl:value-of select="//saml:Attribute[@AttributeName='HPI']/saml:AttributeValue"/></td>
+ </tr>
+ </xsl:if>
+ <tr>
+ <td class="italicstyle">Date:</td>
+ <td>
+ <xsl:value-of select="substring(//@IssueInstant,9,2)"/>
+ <xsl:text>.</xsl:text>
+ <xsl:value-of select="substring(//@IssueInstant,6,2)"/>
+ <xsl:text>.</xsl:text>
+ <xsl:value-of select="substring(//@IssueInstant,1,4)"/>
+ </td>
+ </tr>
+ <tr>
+ <td class="italicstyle">Time:</td>
+ <td>
+ <xsl:value-of select="substring(//@IssueInstant,12,2)"/>
+ <xsl:text>:</xsl:text>
+ <xsl:value-of select="substring(//@IssueInstant,15,2)"/>
+ <xsl:text>:</xsl:text>
+ <xsl:value-of select="substring(//@IssueInstant,18,2)"/>
+ </td>
+ </tr>
+ </table>
+ </body>
+ </html>
+ </xsl:template>
+ </xsl:stylesheet>
+ </dsig:Transform>
+ <dsig:Transform Algorithm="http://www.w3.org/TR/2001/REC-xml-c14n-20010315#WithComments"/>
+ </dsig:Transforms>
+ <sl10:FinalDataMetaInfo>
+ <sl10:MimeType>application/xhtml+xml</sl10:MimeType>
+ </sl10:FinalDataMetaInfo>
+</sl10:TransformsInfo>
diff --git a/id/server/data/deploy/conf/moa-spss/SampleMOASPSSConfiguration.xml b/id/server/data/deploy/conf/moa-spss/SampleMOASPSSConfiguration.xml
index 62337d0fb..22525e2e4 100644
--- a/id/server/data/deploy/conf/moa-spss/SampleMOASPSSConfiguration.xml
+++ b/id/server/data/deploy/conf/moa-spss/SampleMOASPSSConfiguration.xml
@@ -79,5 +79,13 @@
<cfg:Id>MOAIDTransformAuthBlockTextPlain</cfg:Id>
<cfg:Location>profiles/MOAIDTransformAuthBlockTextPlain.xml</cfg:Location>
</cfg:VerifyTransformsInfoProfile>
+ <cfg:VerifyTransformsInfoProfile>
+ <cfg:Id>MOAIDTransformAuthBlockTable_DE</cfg:Id>
+ <cfg:Location>profiles/MOAIDTransformAuthBlockTable_DE.xml</cfg:Location>
+ </cfg:VerifyTransformsInfoProfile>
+ <cfg:VerifyTransformsInfoProfile>
+ <cfg:Id>MOAIDTransformAuthBlockTable_EN</cfg:Id>
+ <cfg:Location>profiles/MOAIDTransformAuthBlockTable_EN.xml</cfg:Location>
+ </cfg:VerifyTransformsInfoProfile>
</cfg:SignatureVerification>
</cfg:MOAConfiguration>
diff --git a/id/server/data/deploy/conf/moa-spss/profiles/MOAIDTransformAuthBlockTable_DE.xml b/id/server/data/deploy/conf/moa-spss/profiles/MOAIDTransformAuthBlockTable_DE.xml
new file mode 100644
index 000000000..5640412da
--- /dev/null
+++ b/id/server/data/deploy/conf/moa-spss/profiles/MOAIDTransformAuthBlockTable_DE.xml
@@ -0,0 +1,159 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<VerifyTransformsInfoProfile xmlns="http://reference.e-government.gv.at/namespace/moa/20020822#">
+ <dsig:Transforms xmlns:dsig="http://www.w3.org/2000/09/xmldsig#">
+ <dsig:Transform Algorithm="http://www.w3.org/TR/1999/REC-xslt-19991116"><xsl:stylesheet version="1.0" xmlns:xsl="http://www.w3.org/1999/XSL/Transform" xmlns:saml="urn:oasis:names:tc:SAML:1.0:assertion" xmlns:pr="http://reference.e-government.gv.at/namespace/persondata/20020228#" exclude-result-prefixes="pr saml">
+ <xsl:output method="xml" xml:space="default"/>
+ <xsl:template match="/" xmlns="http://www.w3.org/1999/xhtml">
+ <html>
+ <head>
+ <title>Signatur der Anmeldedaten</title>
+ <style type="text/css" media="screen">.boldstyle { font-weight: bold; } .italicstyle { font-style: italic; } .annotationstyle { font-size: small; } .graybground {background-color: #E0E0E0;}
+ .titlestyle{ text-decoration:underline; font-weight:bold; font-family: Verdana; font-size: x-small; }
+ .h4style{ font-family: Verdana; }
+ table.parameters { font-size: x-small; }
+ </style>
+ </head>
+ <body>
+ <h4 class="h4style">Anmeldedaten:</h4>
+
+ <p class="titlestyle">Daten zur Person</p>
+ <table class="parameters">
+ <xsl:if test="normalize-space(//@Issuer)">
+ <tr>
+ <td class="italicstyle">Name:</td>
+ <td>
+ <xsl:value-of select="//@Issuer"/>
+ </td>
+ </tr>
+ </xsl:if>
+ <xsl:if test="string(//saml:Attribute[@AttributeName='Geburtsdatum']/saml:AttributeValue)">
+ <tr>
+ <td class="italicstyle">Geburtsdatum:</td>
+ <td>
+ <xsl:value-of select="substring(//saml:Attribute[@AttributeName='Geburtsdatum']/saml:AttributeValue,9,2)"/>
+ <xsl:text>.</xsl:text>
+ <xsl:value-of select="substring(//saml:Attribute[@AttributeName='Geburtsdatum']/saml:AttributeValue,6,2)"/>
+ <xsl:text>.</xsl:text>
+ <xsl:value-of select="substring(//saml:Attribute[@AttributeName='Geburtsdatum']/saml:AttributeValue,1,4)"/>
+ </td>
+ </tr>
+ </xsl:if>
+ <xsl:if test="//saml:Attribute[@AttributeName='OIDTextualDescription']">
+ <tr>
+ <td class="italicstyle">Rolle:</td>
+ <td><xsl:value-of select="//saml:Attribute[@AttributeName='OIDTextualDescription']/saml:AttributeValue"/></td>
+ </tr>
+ </xsl:if>
+ </table>
+
+ <xsl:if test="//saml:Attribute[@AttributeName='MandatorName']">
+ <hr/>
+ <xsl:text>Ich bin weiters ermächtigt als </xsl:text>
+ <xsl:value-of select="//saml:Attribute[@AttributeName='RepresentationType']/saml:AttributeValue/text()"/>
+ <xsl:text> von </xsl:text>
+ <xsl:value-of select="//saml:Attribute[@AttributeName='MandatorName']/saml:AttributeValue/text()"/>
+ <xsl:if test="//saml:Attribute[@AttributeName='MandatorDateOfBirth']">
+ <xsl:text>, geboren am </xsl:text>
+ <xsl:value-of select="substring(//saml:Attribute[@AttributeName='MandatorDateOfBirth']/saml:AttributeValue,9,2)"/>
+ <xsl:text>.</xsl:text>
+ <xsl:value-of select="substring(//saml:Attribute[@AttributeName='MandatorDateOfBirth']/saml:AttributeValue,6,2)"/>
+ <xsl:text>.</xsl:text>
+ <xsl:value-of select="substring(//saml:Attribute[@AttributeName='MandatorDateOfBirth']/saml:AttributeValue,1,4)"/>
+ </xsl:if>
+ <xsl:if test="//saml:Attribute[@AttributeName='MandatorDomainIdentifier']">
+ <xsl:text>, </xsl:text>
+ <xsl:value-of select="//saml:Attribute[@AttributeName='MandatorDomainIdentifier']/saml:AttributeValue/text()"/>
+ </xsl:if>
+ <xsl:text>, in deren Auftrag zu handeln.</xsl:text>
+ <p/>
+ </xsl:if>
+
+ <p class="titlestyle">Daten zur Anwendung</p>
+ <table class="parameters">
+ <tr>
+ <td class="italicstyle">Name:</td>
+ <td><xsl:value-of select="//saml:Attribute[@AttributeName='oaFriendlyName']/saml:AttributeValue"/></td>
+ </tr>
+ <tr>
+ <td class="italicstyle">Staat:</td>
+ <td>Österreich</td>
+ </tr>
+ </table>
+
+ <p class="titlestyle">Technische Parameter</p>
+ <table class="parameters">
+ <tr>
+ <td class="italicstyle">URL:</td>
+ <td><xsl:value-of select="//saml:Attribute[@AttributeName='OA']/saml:AttributeValue"/></td>
+ </tr>
+ <xsl:if test="//saml:Attribute[@AttributeName='Geschaeftsbereich']">
+ <tr>
+ <td class="italicstyle">Bereich:</td>
+ <td><xsl:value-of select="//saml:Attribute[@AttributeName='Geschaeftsbereich']/saml:AttributeValue"/></td>
+ </tr>
+ </xsl:if>
+ <xsl:if test="//saml:Attribute[@AttributeName='IdentityLinkDomainIdentifierType']">
+ <tr>
+ <td class="italicstyle"><xsl:value-of select="//saml:Attribute[@AttributeName='IdentityLinkDomainIdentifierType']"/>:</td>
+ <td><xsl:value-of select="//saml:Attribute[@AttributeName='wbPK']/saml:AttributeValue/pr:Identification/pr:Type"/></td>
+ </tr>
+ </xsl:if>
+ <xsl:if test="//saml:Attribute[@AttributeName='bPK'] or //saml:Attribute[@AttributeName='wbPK']">
+ <tr>
+ <td class="italicstyle">Identifikator:</td>
+ <td><xsl:value-of select="//saml:Attribute[@AttributeName='bPK']/saml:AttributeValue/pr:Identification/pr:Value"/>
+ <xsl:value-of select="//saml:Attribute[@AttributeName='wbPK']/saml:AttributeValue/pr:Identification/pr:Value"/>
+ </td>
+ </tr>
+ </xsl:if>
+ <xsl:if test="//saml:Attribute[@AttributeName='MandatorWbpk']">
+ <tr>
+ <td class="italicstyle">Identifikator des Vollmachtgebers:</td>
+ <td><xsl:value-of select="//saml:Attribute[@AttributeName='MandatorWbpk']/saml:AttributeValue/text()"/>
+ </td>
+ </tr>
+ </xsl:if>
+ <xsl:if test="//saml:Attribute[@AttributeName='OIDTextualDescription']">
+ <tr>
+ <td class="italicstyle">OID:</td>
+ <td>
+ <xsl:value-of
+ select="//saml:Attribute[@AttributeName='OID']/saml:AttributeValue"/>
+ </td>
+ </tr>
+ </xsl:if>
+ <xsl:if test="//saml:Attribute[@AttributeName='HPI']">
+ <tr>
+ <td class="italicstyle">HPI:</td>
+ <td><xsl:value-of select="//saml:Attribute[@AttributeName='HPI']/saml:AttributeValue"/></td>
+ </tr>
+ </xsl:if>
+ <tr>
+ <td class="italicstyle">Datum:</td>
+ <td>
+ <xsl:value-of select="substring(//@IssueInstant,9,2)"/>
+ <xsl:text>.</xsl:text>
+ <xsl:value-of select="substring(//@IssueInstant,6,2)"/>
+ <xsl:text>.</xsl:text>
+ <xsl:value-of select="substring(//@IssueInstant,1,4)"/>
+ </td>
+ </tr>
+ <tr>
+ <td class="italicstyle">Uhrzeit:</td>
+ <td>
+ <xsl:value-of select="substring(//@IssueInstant,12,2)"/>
+ <xsl:text>:</xsl:text>
+ <xsl:value-of select="substring(//@IssueInstant,15,2)"/>
+ <xsl:text>:</xsl:text>
+ <xsl:value-of select="substring(//@IssueInstant,18,2)"/>
+ </td>
+ </tr>
+ </table>
+ </body>
+ </html>
+ </xsl:template>
+ </xsl:stylesheet>
+ </dsig:Transform>
+ <dsig:Transform Algorithm="http://www.w3.org/TR/2001/REC-xml-c14n-20010315#WithComments"/>
+ </dsig:Transforms>
+</VerifyTransformsInfoProfile>
diff --git a/id/server/data/deploy/conf/moa-spss/profiles/MOAIDTransformAuthBlockTable_EN.xml b/id/server/data/deploy/conf/moa-spss/profiles/MOAIDTransformAuthBlockTable_EN.xml
new file mode 100644
index 000000000..b9c613e2d
--- /dev/null
+++ b/id/server/data/deploy/conf/moa-spss/profiles/MOAIDTransformAuthBlockTable_EN.xml
@@ -0,0 +1,159 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<VerifyTransformsInfoProfile xmlns="http://reference.e-government.gv.at/namespace/moa/20020822#">
+ <dsig:Transforms xmlns:dsig="http://www.w3.org/2000/09/xmldsig#">
+ <dsig:Transform Algorithm="http://www.w3.org/TR/1999/REC-xslt-19991116"><xsl:stylesheet version="1.0" xmlns:xsl="http://www.w3.org/1999/XSL/Transform" xmlns:saml="urn:oasis:names:tc:SAML:1.0:assertion" xmlns:pr="http://reference.e-government.gv.at/namespace/persondata/20020228#" exclude-result-prefixes="pr saml">
+ <xsl:output method="xml" xml:space="default"/>
+ <xsl:template match="/" xmlns="http://www.w3.org/1999/xhtml">
+ <html>
+ <head>
+ <title>Signatur der Anmeldedaten</title>
+ <style type="text/css" media="screen">.boldstyle { font-weight: bold; } .italicstyle { font-style: italic; } .annotationstyle { font-size: small; } .graybground {background-color: #E0E0E0;}
+ .titlestyle{ text-decoration:underline; font-weight:bold; font-family: Verdana; font-size: x-small; }
+ .h4style{ font-family: Verdana; }
+ table.parameters { font-size: x-small; }
+ </style>
+ </head>
+ <body>
+ <h4 class="h4style">Authentication Data:</h4>
+
+ <p class="titlestyle">Personal Data</p>
+ <table class="parameters">
+ <xsl:if test="normalize-space(//@Issuer)">
+ <tr>
+ <td class="italicstyle">Name:</td>
+ <td>
+ <xsl:value-of select="//@Issuer"/>
+ </td>
+ </tr>
+ </xsl:if>
+ <xsl:if test="string(//saml:Attribute[@AttributeName='Geburtsdatum']/saml:AttributeValue)">
+ <tr>
+ <td class="italicstyle">Date of Birth:</td>
+ <td>
+ <xsl:value-of select="substring(//saml:Attribute[@AttributeName='Geburtsdatum']/saml:AttributeValue,9,2)"/>
+ <xsl:text>.</xsl:text>
+ <xsl:value-of select="substring(//saml:Attribute[@AttributeName='Geburtsdatum']/saml:AttributeValue,6,2)"/>
+ <xsl:text>.</xsl:text>
+ <xsl:value-of select="substring(//saml:Attribute[@AttributeName='Geburtsdatum']/saml:AttributeValue,1,4)"/>
+ </td>
+ </tr>
+ </xsl:if>
+ <xsl:if test="//saml:Attribute[@AttributeName='OIDTextualDescription']">
+ <tr>
+ <td class="italicstyle">Role:</td>
+ <td><xsl:value-of select="//saml:Attribute[@AttributeName='OIDTextualDescription']/saml:AttributeValue"/></td>
+ </tr>
+ </xsl:if>
+ </table>
+
+ <xsl:if test="//saml:Attribute[@AttributeName='MandatorName']">
+ <hr/>
+ <xsl:text>I am also authorized as </xsl:text>
+ <xsl:value-of select="//saml:Attribute[@AttributeName='RepresentationType']/saml:AttributeValue/text()"/>
+ <xsl:text> of </xsl:text>
+ <xsl:value-of select="//saml:Attribute[@AttributeName='MandatorName']/saml:AttributeValue/text()"/>
+ <xsl:if test="//saml:Attribute[@AttributeName='MandatorDateOfBirth']">
+ <xsl:text>, born on </xsl:text>
+ <xsl:value-of select="substring(//saml:Attribute[@AttributeName='MandatorDateOfBirth']/saml:AttributeValue,9,2)"/>
+ <xsl:text>.</xsl:text>
+ <xsl:value-of select="substring(//saml:Attribute[@AttributeName='MandatorDateOfBirth']/saml:AttributeValue,6,2)"/>
+ <xsl:text>.</xsl:text>
+ <xsl:value-of select="substring(//saml:Attribute[@AttributeName='MandatorDateOfBirth']/saml:AttributeValue,1,4)"/>
+ </xsl:if>
+ <xsl:if test="//saml:Attribute[@AttributeName='MandatorDomainIdentifier']">
+ <xsl:text>, </xsl:text>
+ <xsl:value-of select="//saml:Attribute[@AttributeName='MandatorDomainIdentifier']/saml:AttributeValue/text()"/>
+ </xsl:if>
+ <xsl:text>, to act on their behalf.</xsl:text>
+ <p/>
+ </xsl:if>
+
+ <p class="titlestyle">Application Data</p>
+ <table class="parameters">
+ <tr>
+ <td class="italicstyle">Name:</td>
+ <td><xsl:value-of select="//saml:Attribute[@AttributeName='oaFriendlyName']/saml:AttributeValue"/></td>
+ </tr>
+ <tr>
+ <td class="italicstyle">Country:</td>
+ <td>Austria</td>
+ </tr>
+ </table>
+
+ <p class="titlestyle">Technical Parameters</p>
+ <table class="parameters">
+ <tr>
+ <td class="italicstyle">URL:</td>
+ <td><xsl:value-of select="//saml:Attribute[@AttributeName='OA']/saml:AttributeValue"/></td>
+ </tr>
+ <xsl:if test="//saml:Attribute[@AttributeName='Geschaeftsbereich']">
+ <tr>
+ <td class="italicstyle">Sector:</td>
+ <td><xsl:value-of select="//saml:Attribute[@AttributeName='Geschaeftsbereich']/saml:AttributeValue"/></td>
+ </tr>
+ </xsl:if>
+ <xsl:if test="//saml:Attribute[@AttributeName='IdentityLinkDomainIdentifierType']">
+ <tr>
+ <td class="italicstyle"><xsl:value-of select="//saml:Attribute[@AttributeName='IdentityLinkDomainIdentifierType']"/>:</td>
+ <td><xsl:value-of select="//saml:Attribute[@AttributeName='wbPK']/saml:AttributeValue/pr:Identification/pr:Type"/></td>
+ </tr>
+ </xsl:if>
+ <xsl:if test="//saml:Attribute[@AttributeName='bPK'] or //saml:Attribute[@AttributeName='wbPK']">
+ <tr>
+ <td class="italicstyle">Identifier:</td>
+ <td><xsl:value-of select="//saml:Attribute[@AttributeName='bPK']/saml:AttributeValue/pr:Identification/pr:Value"/>
+ <xsl:value-of select="//saml:Attribute[@AttributeName='wbPK']/saml:AttributeValue/pr:Identification/pr:Value"/>
+ </td>
+ </tr>
+ </xsl:if>
+ <xsl:if test="//saml:Attribute[@AttributeName='MandatorWbpk']">
+ <tr>
+ <td class="italicstyle">Identifier of the principal:</td>
+ <td><xsl:value-of select="//saml:Attribute[@AttributeName='MandatorWbpk']/saml:AttributeValue/text()"/>
+ </td>
+ </tr>
+ </xsl:if>
+ <xsl:if test="//saml:Attribute[@AttributeName='OIDTextualDescription']">
+ <tr>
+ <td class="italicstyle">OID:</td>
+ <td>
+ <xsl:value-of
+ select="//saml:Attribute[@AttributeName='OID']/saml:AttributeValue"/>
+ </td>
+ </tr>
+ </xsl:if>
+ <xsl:if test="//saml:Attribute[@AttributeName='HPI']">
+ <tr>
+ <td class="italicstyle">HPI:</td>
+ <td><xsl:value-of select="//saml:Attribute[@AttributeName='HPI']/saml:AttributeValue"/></td>
+ </tr>
+ </xsl:if>
+ <tr>
+ <td class="italicstyle">Date:</td>
+ <td>
+ <xsl:value-of select="substring(//@IssueInstant,9,2)"/>
+ <xsl:text>.</xsl:text>
+ <xsl:value-of select="substring(//@IssueInstant,6,2)"/>
+ <xsl:text>.</xsl:text>
+ <xsl:value-of select="substring(//@IssueInstant,1,4)"/>
+ </td>
+ </tr>
+ <tr>
+ <td class="italicstyle">Time:</td>
+ <td>
+ <xsl:value-of select="substring(//@IssueInstant,12,2)"/>
+ <xsl:text>:</xsl:text>
+ <xsl:value-of select="substring(//@IssueInstant,15,2)"/>
+ <xsl:text>:</xsl:text>
+ <xsl:value-of select="substring(//@IssueInstant,18,2)"/>
+ </td>
+ </tr>
+ </table>
+ </body>
+ </html>
+ </xsl:template>
+ </xsl:stylesheet>
+ </dsig:Transform>
+ <dsig:Transform Algorithm="http://www.w3.org/TR/2001/REC-xml-c14n-20010315#WithComments"/>
+ </dsig:Transforms>
+</VerifyTransformsInfoProfile>
diff --git a/id/server/data/deploy/demo/demoseite.zip b/id/server/data/deploy/demo/demoseite.zip
new file mode 100644
index 000000000..1bf3ce84a
--- /dev/null
+++ b/id/server/data/deploy/demo/demoseite.zip
Binary files differ
diff --git a/id/server/doc/MOA-ID-Configuration-1.2.xsd b/id/server/doc/MOA-ID-Configuration-1.2.xsd
deleted file mode 100644
index 4b018db64..000000000
--- a/id/server/doc/MOA-ID-Configuration-1.2.xsd
+++ /dev/null
@@ -1,350 +0,0 @@
-<?xml version="1.0" encoding="UTF-8"?>
-<!-- edited with XMLSPY v5 rel. 4 U (http://www.xmlspy.com) by Rudolf Schamberger (Stabsstelle IKT-Strategie) (Bundesrechenzentrum GmbH) -->
-<xsd:schema targetNamespace="http://www.buergerkarte.at/namespaces/moaconfig#" xmlns:sl10="http://www.buergerkarte.at/namespaces/securitylayer/20020225#" xmlns:dsig="http://www.w3.org/2000/09/xmldsig#" xmlns:xsd="http://www.w3.org/2001/XMLSchema" xmlns="http://www.buergerkarte.at/namespaces/moaconfig#" elementFormDefault="qualified" attributeFormDefault="unqualified" version="1.1.1">
- <xsd:import namespace="http://www.w3.org/2000/09/xmldsig#" schemaLocation="http://www.w3.org/TR/xmldsig-core/xmldsig-core-schema.xsd"/>
- <xsd:import namespace="http://www.buergerkarte.at/namespaces/securitylayer/20020225#" schemaLocation="http://www.buergerkarte.at/konzept/securitylayer/spezifikation/20020831/core/Core.20020225.xsd"/>
- <xsd:element name="Configuration">
- <xsd:complexType>
- <xsd:sequence>
- <xsd:element name="LoginType" type="LoginType" default="stateful"/>
- <xsd:element name="Binding" minOccurs="0" maxOccurs="1">
- <xsd:simpleType>
- <xsd:restriction base="xsd:string">
- <xsd:enumeration value="full"/>
- <xsd:enumeration value="userName"/>
- <xsd:enumeration value="none"/>
- </xsd:restriction>
- </xsd:simpleType>
- </xsd:element>
- <xsd:choice>
- <xsd:element ref="ParamAuth"/>
- <xsd:element ref="BasicAuth"/>
- <xsd:element ref="HeaderAuth"/>
- </xsd:choice>
- </xsd:sequence>
- </xsd:complexType>
- </xsd:element>
- <xsd:simpleType name="LoginType">
- <xsd:restriction base="xsd:token">
- <xsd:enumeration value="stateless"/>
- <xsd:enumeration value="stateful"/>
- </xsd:restriction>
- </xsd:simpleType>
- <xsd:element name="ParamAuth">
- <xsd:complexType>
- <xsd:sequence>
- <xsd:element ref="Parameter" maxOccurs="unbounded"/>
- </xsd:sequence>
- </xsd:complexType>
- </xsd:element>
- <xsd:element name="Parameter">
- <xsd:complexType>
- <xsd:attribute name="Name" type="xsd:token" use="required"/>
- <xsd:attribute name="Value" type="MOAAuthDataType" use="required"/>
- </xsd:complexType>
- </xsd:element>
- <xsd:element name="BasicAuth">
- <xsd:complexType>
- <xsd:sequence>
- <xsd:element name="UserID" type="MOAAuthDataType"/>
- <xsd:element name="Password" type="MOAAuthDataType"/>
- </xsd:sequence>
- </xsd:complexType>
- </xsd:element>
- <xsd:element name="HeaderAuth">
- <xsd:complexType>
- <xsd:sequence>
- <xsd:element ref="Header" maxOccurs="unbounded"/>
- </xsd:sequence>
- </xsd:complexType>
- </xsd:element>
- <xsd:element name="Header">
- <xsd:complexType>
- <xsd:attribute name="Name" type="xsd:token" use="required"/>
- <xsd:attribute name="Value" type="MOAAuthDataType" use="required"/>
- </xsd:complexType>
- </xsd:element>
- <xsd:simpleType name="MOAAuthDataType">
- <xsd:restriction base="xsd:token">
- <xsd:enumeration value="MOAGivenName"/>
- <xsd:enumeration value="MOAFamilyName"/>
- <xsd:enumeration value="MOADateOfBirth"/>
- <xsd:enumeration value="MOABPK"/>
- <xsd:enumeration value="MOAPublicAuthority"/>
- <xsd:enumeration value="MOABKZ"/>
- <xsd:enumeration value="MOAQualifiedCertificate"/>
- <xsd:enumeration value="MOAStammzahl"/>
- <xsd:enumeration value="MOAIdentificationValueType"/>
- <xsd:enumeration value="MOAIPAddress"/>
- </xsd:restriction>
- </xsd:simpleType>
- <xsd:simpleType name="MOAKeyBoxSelector">
- <xsd:restriction base="xsd:token">
- <xsd:enumeration value="SecureSignatureKeypair"/>
- <xsd:enumeration value="CertifiedKeypair"/>
- </xsd:restriction>
- </xsd:simpleType>
- <!--Konfiguration für Authentisierungs- und Proxy-Komponente und Online-Applikation-->
- <xsd:element name="MOA-IDConfiguration">
- <xsd:complexType>
- <xsd:sequence>
- <xsd:element name="AuthComponent" type="AuthComponentType" minOccurs="0">
- <xsd:annotation>
- <xsd:documentation>enthält Parameter der
- Authentisierungs-Komponente</xsd:documentation>
- </xsd:annotation>
- </xsd:element>
- <xsd:element name="ProxyComponent" minOccurs="0">
- <xsd:annotation>
- <xsd:documentation>enthält Konfigurationsparameter der
- Proxy-Komponente</xsd:documentation>
- </xsd:annotation>
- <xsd:complexType>
- <xsd:sequence>
- <xsd:element name="AuthComponent">
- <xsd:annotation>
- <xsd:documentation>enthält Parameter für die Kommunikation zw.
- Proxykomponente und Authenttisierungskomponente</xsd:documentation>
- </xsd:annotation>
- <xsd:complexType>
- <xsd:sequence>
- <xsd:element name="ConnectionParameter" type="ConnectionParameterClientAuthType" minOccurs="0">
- <xsd:annotation>
- <xsd:documentation>enthält Parameter für die SOAP-Verbindung von der
- Proxy-Komponente zur Auth-Komponente (vgl.
- AuthComponent/MOA-SP/ConnectionParameter)</xsd:documentation>
- </xsd:annotation>
- </xsd:element>
- </xsd:sequence>
- </xsd:complexType>
- </xsd:element>
- </xsd:sequence>
- </xsd:complexType>
- </xsd:element>
- <xsd:element name="OnlineApplication" maxOccurs="unbounded">
- <xsd:annotation>
- <xsd:documentation>enthält Parameter für die OA</xsd:documentation>
- </xsd:annotation>
- <xsd:complexType>
- <xsd:complexContent>
- <xsd:extension base="OnlineApplicationType">
- <xsd:attribute name="publicURLPrefix" type="xsd:anyURI" use="required"/>
- <xsd:attribute name="keyBoxIdentifier" type="MOAKeyBoxSelector" use="optional" default="SecureSignatureKeypair"/>
- </xsd:extension>
- </xsd:complexContent>
- </xsd:complexType>
- </xsd:element>
- <xsd:element name="ChainingModes" minOccurs="0">
- <xsd:annotation>
- <xsd:documentation>spezifiziert den Algorithmus ("pkix" oder "chaining") für die
- Zertifikatspfadvalidierung</xsd:documentation>
- </xsd:annotation>
- <xsd:complexType>
- <xsd:sequence minOccurs="0" maxOccurs="unbounded">
- <xsd:element name="TrustAnchor">
- <xsd:annotation>
- <xsd:documentation>ein vom SystemDefaultMode abweichender ChiningMode kann
- für jeden TrustAnchor gesetzt werden</xsd:documentation>
- </xsd:annotation>
- <xsd:complexType>
- <xsd:complexContent>
- <xsd:extension base="dsig:X509IssuerSerialType">
- <xsd:attribute name="mode" type="ChainingModeType" use="required"/>
- </xsd:extension>
- </xsd:complexContent>
- </xsd:complexType>
- </xsd:element>
- </xsd:sequence>
- <xsd:attribute name="systemDefaultMode" type="ChainingModeType" use="optional" default="pkix"/>
- </xsd:complexType>
- </xsd:element>
- <xsd:element name="TrustedCACertificates" type="xsd:anyURI" minOccurs="0">
- <xsd:annotation>
- <xsd:documentation>verweist auf ein Verzeichnis, das vertrauenswürdige CA
- (Zwischen-CA, Wurzel-CA) Zertifikate enthält.</xsd:documentation>
- </xsd:annotation>
- </xsd:element>
- <xsd:element name="GenericConfiguration" minOccurs="0" maxOccurs="unbounded">
- <xsd:complexType>
- <xsd:attribute name="name" type="xsd:string" use="required"/>
- <xsd:attribute name="value" type="xsd:string" use="required"/>
- </xsd:complexType>
- </xsd:element>
- </xsd:sequence>
- </xsd:complexType>
- </xsd:element>
- <xsd:complexType name="AuthComponentType">
- <xsd:sequence>
- <xsd:element name="BKUSelection" minOccurs="0">
- <xsd:complexType>
- <xsd:sequence>
- <xsd:element name="ConnectionParameter" type="ConnectionParameterServerAuthType"/>
- </xsd:sequence>
- <xsd:attribute name="BKUSelectionAlternative" type="BKUSelectionType" use="optional" default="HTMLComplete"/>
- </xsd:complexType>
- </xsd:element>
- <xsd:element name="SecurityLayer">
- <xsd:annotation>
- <xsd:documentation>enthält Parameter für die Kommunikation mit dem
- Security-Layer</xsd:documentation>
- </xsd:annotation>
- <xsd:complexType>
- <xsd:sequence>
- <xsd:element name="TransformsInfo" maxOccurs="unbounded">
- <xsd:annotation>
- <xsd:documentation>das Attribut filename verweist auf eine Datei mit globalem
- Element TransformsInfo vom Typ sl10:TransformsInfo; diese TransformsInfo
- werden in den CreateXMLSignatureRequest für die Signatur des AUTH-Blocks
- inkludiert</xsd:documentation>
- </xsd:annotation>
- <xsd:complexType>
- <xsd:attribute name="filename" type="xsd:anyURI" use="required"/>
- </xsd:complexType>
- </xsd:element>
- </xsd:sequence>
- </xsd:complexType>
- </xsd:element>
- <xsd:element name="MOA-SP">
- <xsd:annotation>
- <xsd:documentation>enthält Konfiguratiosnparameter für die Kommunikation mit dem MOA
- SP Modul</xsd:documentation>
- </xsd:annotation>
- <xsd:complexType>
- <xsd:sequence>
- <xsd:element name="ConnectionParameter" type="ConnectionParameterClientAuthType" minOccurs="0">
- <xsd:annotation>
- <xsd:documentation>enthält Parameter für die SOAP-Verbindung von der
- AUTH-Komponente zu MOA-SP; das Attribut URL enthält den Endpunkt des Server;
- wird das Schema "https" verwendet müssen die Kind-Elemente angegeben werden;
- wird das Schema "http" verwendet dürfen keine Kind-Elemente angegeben
- werden; wird das Element nicht verwendet dann wird MOA-SP über das API
- aufgerufen</xsd:documentation>
- </xsd:annotation>
- </xsd:element>
- <xsd:element name="VerifyIdentityLink">
- <xsd:annotation>
- <xsd:documentation>enthält Parameter für die Überprüfung der
- Personenbindung</xsd:documentation>
- </xsd:annotation>
- <xsd:complexType>
- <xsd:sequence>
- <xsd:element ref="TrustProfileID"/>
- </xsd:sequence>
- </xsd:complexType>
- </xsd:element>
- <xsd:element name="VerifyAuthBlock">
- <xsd:annotation>
- <xsd:documentation>enthält Parameter für die Überprüfung des
- AUTH-Blocks</xsd:documentation>
- </xsd:annotation>
- <xsd:complexType>
- <xsd:sequence>
- <xsd:element ref="TrustProfileID"/>
- <xsd:element name="VerifyTransformsInfoProfileID" type="xsd:string" maxOccurs="unbounded"/>
- </xsd:sequence>
- </xsd:complexType>
- </xsd:element>
- </xsd:sequence>
- </xsd:complexType>
- </xsd:element>
- <xsd:element name="IdentityLinkSigners">
- <xsd:annotation>
- <xsd:documentation>enthält Informationen über akzeptierte Signers des
- IdentityLinks</xsd:documentation>
- </xsd:annotation>
- <xsd:complexType>
- <xsd:sequence>
- <xsd:element name="X509SubjectName" type="xsd:string" maxOccurs="unbounded">
- <xsd:annotation>
- <xsd:documentation>akzeptierte Signer des IdentityLinks werden per
- X509SubjectName (Kodierung nach RFC 2253) identifiziert</xsd:documentation>
- </xsd:annotation>
- </xsd:element>
- </xsd:sequence>
- </xsd:complexType>
- </xsd:element>
- </xsd:sequence>
- </xsd:complexType>
- <xsd:complexType name="ProxyComponentType"/>
- <xsd:complexType name="OnlineApplicationType">
- <xsd:sequence>
- <xsd:element name="AuthComponent" minOccurs="0">
- <xsd:annotation>
- <xsd:documentation>enthält Parameter über die OA, die die
- Authentisierungs-Komponente betreffen</xsd:documentation>
- </xsd:annotation>
- <xsd:complexType>
- <xsd:attribute name="provideStammzahl" type="xsd:boolean" use="optional" default="false"/>
- <xsd:attribute name="provideAUTHBlock" type="xsd:boolean" use="optional" default="false"/>
- <xsd:attribute name="provideIdentityLink" type="xsd:boolean" use="optional" default="false"/>
- </xsd:complexType>
- </xsd:element>
- <xsd:element name="ProxyComponent" minOccurs="0">
- <xsd:annotation>
- <xsd:documentation>enthält Parameter über die OA, die die Proxy-Komponente
- betreffen</xsd:documentation>
- </xsd:annotation>
- <xsd:complexType>
- <xsd:sequence>
- <xsd:element name="ConnectionParameter" type="ConnectionParameterClientAuthType">
- <xsd:annotation>
- <xsd:documentation>enthält Parameter über die OA, die die Proxy-Komponente
- betreffen</xsd:documentation>
- </xsd:annotation>
- </xsd:element>
- </xsd:sequence>
- <xsd:attribute name="configFileURL" type="xsd:anyURI" use="optional"/>
- <xsd:attribute name="sessionTimeOut" type="xsd:int" use="optional"/>
- <xsd:attribute name="loginParameterResolverImpl" type="xsd:string" use="optional"/>
- <xsd:attribute name="loginParameterResolverConfiguration" type="xsd:string" use="optional"/>
- <xsd:attribute name="connectionBuilderImpl" type="xsd:string" use="optional"/>
- </xsd:complexType>
- </xsd:element>
- </xsd:sequence>
- </xsd:complexType>
- <xsd:complexType name="ConnectionParameterServerAuthType">
- <xsd:sequence>
- <xsd:element name="AcceptedServerCertificates" type="xsd:anyURI" minOccurs="0">
- <xsd:annotation>
- <xsd:documentation>URL zu einem Verzeichnis, das akzeptierte Server-Zertifikate der
- TLS-Verbindung enthält (keine CA-Zertifikate)</xsd:documentation>
- </xsd:annotation>
- </xsd:element>
- </xsd:sequence>
- <xsd:attribute name="URL" type="xsd:anyURI" use="required"/>
- </xsd:complexType>
- <xsd:complexType name="ConnectionParameterClientAuthType">
- <xsd:complexContent>
- <xsd:extension base="ConnectionParameterServerAuthType">
- <xsd:sequence>
- <xsd:element name="ClientKeyStore" minOccurs="0">
- <xsd:annotation>
- <xsd:documentation>URL zu einem KeyStore, der den privaten Schlüssel, der für
- die TLS-Client-Authentisierung verwendetwird, enthält</xsd:documentation>
- </xsd:annotation>
- <xsd:complexType>
- <xsd:simpleContent>
- <xsd:extension base="xsd:anyURI">
- <xsd:attribute name="password" type="xsd:string" use="optional"/>
- </xsd:extension>
- </xsd:simpleContent>
- </xsd:complexType>
- </xsd:element>
- </xsd:sequence>
- </xsd:extension>
- </xsd:complexContent>
- </xsd:complexType>
- <xsd:element name="TrustProfileID" type="xsd:string"/>
- <xsd:simpleType name="ChainingModeType">
- <xsd:restriction base="xsd:string">
- <xsd:enumeration value="chaining"/>
- <xsd:enumeration value="pkix"/>
- </xsd:restriction>
- </xsd:simpleType>
- <xsd:simpleType name="BKUSelectionType">
- <xsd:restriction base="xsd:token">
- <xsd:enumeration value="HTMLComplete"/>
- <xsd:enumeration value="HTMLSelect"/>
- </xsd:restriction>
- </xsd:simpleType>
-</xsd:schema>
diff --git a/id/server/doc/MOA-ID-Configuration-1.3.xsd b/id/server/doc/MOA-ID-Configuration-1.3.xsd
deleted file mode 100644
index 66c6e1832..000000000
--- a/id/server/doc/MOA-ID-Configuration-1.3.xsd
+++ /dev/null
@@ -1,424 +0,0 @@
-<?xml version="1.0" encoding="UTF-8"?>
-<!-- edited with XMLSPY v5 rel. 4 U (http://www.xmlspy.com) by Rudolf Schamberger (Stabsstelle IKT-Strategie) (Bundesrechenzentrum GmbH) -->
-<xsd:schema targetNamespace="http://www.buergerkarte.at/namespaces/moaconfig#" xmlns="http://www.buergerkarte.at/namespaces/moaconfig#" xmlns:pr="http://reference.e-government.gv.at/namespace/persondata/20020228#" xmlns:xsd="http://www.w3.org/2001/XMLSchema" xmlns:dsig="http://www.w3.org/2000/09/xmldsig#" xmlns:sl10="http://www.buergerkarte.at/namespaces/securitylayer/20020225#" elementFormDefault="qualified" attributeFormDefault="unqualified" version="1.1.1">
- <xsd:import namespace="http://www.w3.org/2000/09/xmldsig#" schemaLocation="http://www.w3.org/TR/xmldsig-core/xmldsig-core-schema.xsd"/>
- <xsd:import namespace="http://www.buergerkarte.at/namespaces/securitylayer/20020225#" schemaLocation="http://www.buergerkarte.at/konzept/securitylayer/spezifikation/20020831/core/Core.20020225.xsd"/>
- <xsd:import namespace="http://reference.e-government.gv.at/namespace/persondata/20020228#" schemaLocation="PersonData_20_en_moaWID.xsd"/>
- <xsd:element name="Configuration">
- <xsd:complexType>
- <xsd:sequence>
- <xsd:element name="LoginType" type="LoginType" default="stateful"/>
- <xsd:element name="Binding" minOccurs="0">
- <xsd:simpleType>
- <xsd:restriction base="xsd:string">
- <xsd:enumeration value="full"/>
- <xsd:enumeration value="userName"/>
- <xsd:enumeration value="none"/>
- </xsd:restriction>
- </xsd:simpleType>
- </xsd:element>
- <xsd:choice>
- <xsd:element ref="ParamAuth"/>
- <xsd:element ref="BasicAuth"/>
- <xsd:element ref="HeaderAuth"/>
- </xsd:choice>
- </xsd:sequence>
- </xsd:complexType>
- </xsd:element>
- <xsd:simpleType name="LoginType">
- <xsd:restriction base="xsd:token">
- <xsd:enumeration value="stateless"/>
- <xsd:enumeration value="stateful"/>
- </xsd:restriction>
- </xsd:simpleType>
- <xsd:element name="ParamAuth">
- <xsd:complexType>
- <xsd:sequence>
- <xsd:element ref="Parameter" maxOccurs="unbounded"/>
- </xsd:sequence>
- </xsd:complexType>
- </xsd:element>
- <xsd:element name="Parameter">
- <xsd:complexType>
- <xsd:attribute name="Name" type="xsd:token" use="required"/>
- <xsd:attribute name="Value" type="MOAAuthDataType" use="required"/>
- </xsd:complexType>
- </xsd:element>
- <xsd:element name="BasicAuth">
- <xsd:complexType>
- <xsd:sequence>
- <xsd:element name="UserID" type="MOAAuthDataType"/>
- <xsd:element name="Password" type="MOAAuthDataType"/>
- </xsd:sequence>
- </xsd:complexType>
- </xsd:element>
- <xsd:element name="HeaderAuth">
- <xsd:complexType>
- <xsd:sequence>
- <xsd:element ref="Header" maxOccurs="unbounded"/>
- </xsd:sequence>
- </xsd:complexType>
- </xsd:element>
- <xsd:element name="Header">
- <xsd:complexType>
- <xsd:attribute name="Name" type="xsd:token" use="required"/>
- <xsd:attribute name="Value" type="MOAAuthDataType" use="required"/>
- </xsd:complexType>
- </xsd:element>
- <xsd:simpleType name="MOAAuthDataType">
- <xsd:restriction base="xsd:token">
- <xsd:enumeration value="MOAGivenName"/>
- <xsd:enumeration value="MOAFamilyName"/>
- <xsd:enumeration value="MOADateOfBirth"/>
- <xsd:enumeration value="MOABPK"/>
- <xsd:enumeration value="MOAWBPK"/>
- <xsd:enumeration value="MOAPublicAuthority"/>
- <xsd:enumeration value="MOABKZ"/>
- <xsd:enumeration value="MOAQualifiedCertificate"/>
- <xsd:enumeration value="MOAStammzahl"/>
- <xsd:enumeration value="MOAIdentificationValueType"/>
- <xsd:enumeration value="MOAIPAddress"/>
- </xsd:restriction>
- </xsd:simpleType>
- <xsd:simpleType name="MOAKeyBoxSelector">
- <xsd:restriction base="xsd:token">
- <xsd:enumeration value="SecureSignatureKeypair"/>
- <xsd:enumeration value="CertifiedKeypair"/>
- </xsd:restriction>
- </xsd:simpleType>
- <!--Konfiguration für Authentisierungs- und Proxy-Komponente und Online-Applikation-->
- <xsd:element name="MOA-IDConfiguration">
- <xsd:complexType>
- <xsd:sequence>
- <xsd:element name="AuthComponent" type="AuthComponentType" minOccurs="0">
- <xsd:annotation>
- <xsd:documentation>enthält Parameter der
- Authentisierungs-Komponente</xsd:documentation>
- </xsd:annotation>
- </xsd:element>
- <xsd:element name="ProxyComponent" minOccurs="0">
- <xsd:annotation>
- <xsd:documentation>enthält Konfigurationsparameter der
- Proxy-Komponente</xsd:documentation>
- </xsd:annotation>
- <xsd:complexType>
- <xsd:sequence>
- <xsd:element name="AuthComponent">
- <xsd:annotation>
- <xsd:documentation>enthält Parameter für die Kommunikation zw.
- Proxykomponente und Authenttisierungskomponente</xsd:documentation>
- </xsd:annotation>
- <xsd:complexType>
- <xsd:sequence>
- <xsd:element name="ConnectionParameter" type="ConnectionParameterClientAuthType" minOccurs="0">
- <xsd:annotation>
- <xsd:documentation>enthält Parameter für die SOAP-Verbindung von der
- Proxy-Komponente zur Auth-Komponente (vgl.
- AuthComponent/MOA-SP/ConnectionParameter)</xsd:documentation>
- </xsd:annotation>
- </xsd:element>
- </xsd:sequence>
- </xsd:complexType>
- </xsd:element>
- </xsd:sequence>
- </xsd:complexType>
- </xsd:element>
- <xsd:element name="OnlineApplication" maxOccurs="unbounded">
- <xsd:annotation>
- <xsd:documentation>enthält Parameter für die OA</xsd:documentation>
- </xsd:annotation>
- <xsd:complexType>
- <xsd:complexContent>
- <xsd:extension base="OnlineApplicationType">
- <xsd:attribute name="publicURLPrefix" type="xsd:anyURI" use="required"/>
- <xsd:attribute name="keyBoxIdentifier" type="MOAKeyBoxSelector" use="optional" default="SecureSignatureKeypair"/>
- <xsd:attribute name="type" use="optional" default="publicService">
- <xsd:simpleType>
- <xsd:restriction base="xsd:NMTOKEN">
- <xsd:enumeration value="businessService"/>
- <xsd:enumeration value="publicService"/>
- </xsd:restriction>
- </xsd:simpleType>
- </xsd:attribute>
- </xsd:extension>
- </xsd:complexContent>
- </xsd:complexType>
- </xsd:element>
- <xsd:element name="ChainingModes" minOccurs="0">
- <xsd:annotation>
- <xsd:documentation>spezifiziert den Algorithmus ("pkix" oder "chaining") für die
- Zertifikatspfadvalidierung</xsd:documentation>
- </xsd:annotation>
- <xsd:complexType>
- <xsd:sequence minOccurs="0" maxOccurs="unbounded">
- <xsd:element name="TrustAnchor">
- <xsd:annotation>
- <xsd:documentation>ein vom SystemDefaultMode abweichender ChiningMode kann
- für jeden TrustAnchor gesetzt werden</xsd:documentation>
- </xsd:annotation>
- <xsd:complexType>
- <xsd:complexContent>
- <xsd:extension base="dsig:X509IssuerSerialType">
- <xsd:attribute name="mode" type="ChainingModeType" use="required"/>
- </xsd:extension>
- </xsd:complexContent>
- </xsd:complexType>
- </xsd:element>
- </xsd:sequence>
- <xsd:attribute name="systemDefaultMode" type="ChainingModeType" use="optional" default="pkix"/>
- </xsd:complexType>
- </xsd:element>
- <xsd:element name="TrustedCACertificates" type="xsd:anyURI" minOccurs="0">
- <xsd:annotation>
- <xsd:documentation>verweist auf ein Verzeichnis, das vertrauenswürdige CA
- (Zwischen-CA, Wurzel-CA) Zertifikate enthält.</xsd:documentation>
- </xsd:annotation>
- </xsd:element>
- <xsd:element name="GenericConfiguration" minOccurs="0" maxOccurs="unbounded">
- <xsd:complexType>
- <xsd:attribute name="name" use="required">
- <xsd:simpleType>
- <xsd:restriction base="xsd:string">
- <xsd:enumeration value="DirectoryCertStoreParameters.RootDir"/>
- <xsd:enumeration value="AuthenticationSession.TimeOut"/>
- <xsd:enumeration value="AuthenticationData.TimeOut"/>
- <xsd:enumeration value="TrustManager.RevocationChecking"/>
- <xsd:enumeration value="FrontendServlets.EnableHTTPConnection"/>
- <xsd:enumeration value="FrontendServlets.DataURLPrefix"/>
- </xsd:restriction>
- </xsd:simpleType>
- </xsd:attribute>
- <xsd:attribute name="value" type="xsd:string" use="required"/>
- </xsd:complexType>
- </xsd:element>
- </xsd:sequence>
- </xsd:complexType>
- </xsd:element>
- <xsd:complexType name="AuthComponentType">
- <xsd:sequence>
- <xsd:element name="BKUSelection" minOccurs="0">
- <xsd:complexType>
- <xsd:sequence>
- <xsd:element name="ConnectionParameter" type="ConnectionParameterServerAuthType"/>
- </xsd:sequence>
- <xsd:attribute name="BKUSelectionAlternative" type="BKUSelectionType" use="optional" default="HTMLComplete"/>
- </xsd:complexType>
- </xsd:element>
- <xsd:element name="Templates" type="TemplatesType" minOccurs="0" maxOccurs="1" />
- <xsd:element name="SecurityLayer">
- <xsd:annotation>
- <xsd:documentation>enthält Parameter für die Kommunikation mit dem
- Security-Layer</xsd:documentation>
- </xsd:annotation>
- <xsd:complexType>
- <xsd:sequence>
- <xsd:element name="TransformsInfo" type="TransformsInfoType" maxOccurs="unbounded"/>
- </xsd:sequence>
- </xsd:complexType>
- </xsd:element>
- <xsd:element name="MOA-SP">
- <xsd:annotation>
- <xsd:documentation>enthält Konfiguratiosnparameter für die Kommunikation mit dem MOA
- SP Modul</xsd:documentation>
- </xsd:annotation>
- <xsd:complexType>
- <xsd:sequence>
- <xsd:element name="ConnectionParameter" type="ConnectionParameterClientAuthType" minOccurs="0">
- <xsd:annotation>
- <xsd:documentation>enthält Parameter für die SOAP-Verbindung von der
- AUTH-Komponente zu MOA-SP; das Attribut URL enthält den Endpunkt des Server;
- wird das Schema "https" verwendet müssen die Kind-Elemente angegeben werden;
- wird das Schema "http" verwendet dürfen keine Kind-Elemente angegeben
- werden; wird das Element nicht verwendet dann wird MOA-SP über das API
- aufgerufen</xsd:documentation>
- </xsd:annotation>
- </xsd:element>
- <xsd:element name="VerifyIdentityLink">
- <xsd:annotation>
- <xsd:documentation>enthält Parameter für die Überprüfung der
- Personenbindung</xsd:documentation>
- </xsd:annotation>
- <xsd:complexType>
- <xsd:sequence>
- <xsd:element ref="TrustProfileID"/>
- </xsd:sequence>
- </xsd:complexType>
- </xsd:element>
- <xsd:element name="VerifyAuthBlock">
- <xsd:annotation>
- <xsd:documentation>enthält Parameter für die Überprüfung des
- AUTH-Blocks</xsd:documentation>
- </xsd:annotation>
- <xsd:complexType>
- <xsd:sequence>
- <xsd:element ref="TrustProfileID"/>
- <xsd:element name="VerifyTransformsInfoProfileID" type="xsd:string" minOccurs="0" maxOccurs="unbounded"/>
- </xsd:sequence>
- </xsd:complexType>
- </xsd:element>
- </xsd:sequence>
- </xsd:complexType>
- </xsd:element>
- <xsd:element name="IdentityLinkSigners">
- <xsd:annotation>
- <xsd:documentation>enthält Informationen über akzeptierte Signers des
- IdentityLinks</xsd:documentation>
- </xsd:annotation>
- <xsd:complexType>
- <xsd:sequence>
- <xsd:element name="X509SubjectName" type="xsd:string" maxOccurs="unbounded">
- <xsd:annotation>
- <xsd:documentation>akzeptierte Signer des IdentityLinks werden per
- X509SubjectName (Kodierung nach RFC 2253) identifiziert</xsd:documentation>
- </xsd:annotation>
- </xsd:element>
- </xsd:sequence>
- </xsd:complexType>
- </xsd:element>
- </xsd:sequence>
- </xsd:complexType>
- <xsd:complexType name="TransformsInfoType">
- <xsd:annotation>
- <xsd:documentation>das Attribut filename verweist auf eine Datei mit globalem
- Element TransformsInfo vom Typ sl10:TransformsInfo; diese TransformsInfo
- werden in den CreateXMLSignatureRequest für die Signatur des AUTH-Blocks
- inkludiert</xsd:documentation>
- </xsd:annotation>
- <xsd:attribute name="filename" type="xsd:anyURI" use="required"/>
- </xsd:complexType>
- <xsd:complexType name="TemplatesType">
- <xsd:sequence>
- <xsd:element name="BKUSelectionTemplate" type="TemplateType" minOccurs="0" maxOccurs="1"/>
- <xsd:element name="Template" type="TemplateType" minOccurs="0" maxOccurs="1"/>
- </xsd:sequence>
- </xsd:complexType>
- <xsd:complexType name="TemplateType">
- <xsd:annotation>
- <xsd:documentation>das Attribut URL spezifiziert die Lage des Templates</xsd:documentation>
- </xsd:annotation>
- <xsd:attribute name="URL" type="xsd:anyURI" use="required"/>
- </xsd:complexType>
- <xsd:complexType name="ProxyComponentType"/>
- <xsd:complexType name="OnlineApplicationType">
- <xsd:sequence>
- <xsd:element name="AuthComponent" minOccurs="0">
- <xsd:annotation>
- <xsd:documentation>enthält Parameter über die OA, die die
- Authentisierungs-Komponente betreffen</xsd:documentation>
- </xsd:annotation>
- <xsd:complexType>
- <xsd:sequence>
- <!--xsd:element name="IdentificationNumber" minOccurs="0">
- <xsd:complexType>
- <xsd:sequence>
- <xsd:element ref="pr:AbstractSimpleIdentification"/>
- </xsd:sequence>
- </xsd:complexType>
- </xsd:element-->
- <xsd:element name="IdentificationNumber" minOccurs="0">
- <xsd:complexType>
- <xsd:choice>
- <xsd:element ref="pr:Firmenbuchnummer"/>
- <xsd:element ref="pr:ZMRzahl"/>
- <xsd:element ref="pr:Vereinsnummer"/>
- <xsd:element ref="pr:ERJPZahl"/>
- <xsd:element name="AnyNumber">
- <xsd:complexType>
- <xsd:simpleContent>
- <xsd:extension base="xsd:string">
- <xsd:attribute name="Identifier" type="xsd:string" use="required"/>
- </xsd:extension>
- </xsd:simpleContent>
- </xsd:complexType>
- </xsd:element>
- </xsd:choice>
- </xsd:complexType>
- </xsd:element>
- <xsd:element name="Templates" type="TemplatesType" minOccurs="0" maxOccurs="1" />
- <xsd:element name="TransformsInfo" type="TransformsInfoType" minOccurs="0" maxOccurs="unbounded"/>
- </xsd:sequence>
- <xsd:attribute name="slVersion" use="optional" default="1.1">
- <xsd:simpleType>
- <xsd:restriction base="xsd:string">
- <xsd:enumeration value="1.1"/>
- <xsd:enumeration value="1.2"/>
- </xsd:restriction>
- </xsd:simpleType>
- </xsd:attribute>
- <xsd:attribute name="provideStammzahl" type="xsd:boolean" use="optional" default="false"/>
- <xsd:attribute name="provideAUTHBlock" type="xsd:boolean" use="optional" default="false"/>
- <xsd:attribute name="provideIdentityLink" type="xsd:boolean" use="optional" default="false"/>
- <xsd:attribute name="provideCertificate" type="xsd:boolean" use="optional" default="false"/>
- <!--xsd:element ref="pr:AbstractSimpleIdentification" minOccurs="0" maxOccurs="1"/-->
- </xsd:complexType>
- </xsd:element>
- <xsd:element name="ProxyComponent" minOccurs="0">
- <xsd:annotation>
- <xsd:documentation>enthält Parameter über die OA, die die Proxy-Komponente
- betreffen</xsd:documentation>
- </xsd:annotation>
- <xsd:complexType>
- <xsd:sequence>
- <xsd:element name="ConnectionParameter" type="ConnectionParameterClientAuthType">
- <xsd:annotation>
- <xsd:documentation>enthält Parameter über die OA, die die Proxy-Komponente
- betreffen</xsd:documentation>
- </xsd:annotation>
- </xsd:element>
- </xsd:sequence>
- <xsd:attribute name="configFileURL" type="xsd:anyURI" use="optional"/>
- <xsd:attribute name="sessionTimeOut" type="xsd:int" use="optional"/>
- <xsd:attribute name="loginParameterResolverImpl" type="xsd:string" use="optional"/>
- <xsd:attribute name="loginParameterResolverConfiguration" type="xsd:string" use="optional"/>
- <xsd:attribute name="connectionBuilderImpl" type="xsd:string" use="optional"/>
- </xsd:complexType>
- </xsd:element>
- <!--xsd:element ref="pr:CorporateBody" minOccurs="0" maxOccurs="1"/-->
- </xsd:sequence>
- </xsd:complexType>
- <xsd:complexType name="ConnectionParameterServerAuthType">
- <xsd:sequence>
- <xsd:element name="AcceptedServerCertificates" type="xsd:anyURI" minOccurs="0">
- <xsd:annotation>
- <xsd:documentation>URL zu einem Verzeichnis, das akzeptierte Server-Zertifikate der
- TLS-Verbindung enthält (keine CA-Zertifikate)</xsd:documentation>
- </xsd:annotation>
- </xsd:element>
- </xsd:sequence>
- <xsd:attribute name="URL" type="xsd:anyURI" use="required"/>
- </xsd:complexType>
- <xsd:complexType name="ConnectionParameterClientAuthType">
- <xsd:complexContent>
- <xsd:extension base="ConnectionParameterServerAuthType">
- <xsd:sequence>
- <xsd:element name="ClientKeyStore" minOccurs="0">
- <xsd:annotation>
- <xsd:documentation>URL zu einem KeyStore, der den privaten Schlüssel, der für
- die TLS-Client-Authentisierung verwendetwird, enthält</xsd:documentation>
- </xsd:annotation>
- <xsd:complexType>
- <xsd:simpleContent>
- <xsd:extension base="xsd:anyURI">
- <xsd:attribute name="password" type="xsd:string" use="optional"/>
- </xsd:extension>
- </xsd:simpleContent>
- </xsd:complexType>
- </xsd:element>
- </xsd:sequence>
- </xsd:extension>
- </xsd:complexContent>
- </xsd:complexType>
- <xsd:element name="TrustProfileID" type="xsd:string"/>
- <xsd:simpleType name="ChainingModeType">
- <xsd:restriction base="xsd:string">
- <xsd:enumeration value="chaining"/>
- <xsd:enumeration value="pkix"/>
- </xsd:restriction>
- </xsd:simpleType>
- <xsd:simpleType name="BKUSelectionType">
- <xsd:restriction base="xsd:token">
- <xsd:enumeration value="HTMLComplete"/>
- <xsd:enumeration value="HTMLSelect"/>
- </xsd:restriction>
- </xsd:simpleType>
-</xsd:schema>
diff --git a/id/server/doc/MOA-ID-Configuration-1.4.3.xsd b/id/server/doc/MOA-ID-Configuration-1.4.3.xsd
deleted file mode 100644
index 570bebd37..000000000
--- a/id/server/doc/MOA-ID-Configuration-1.4.3.xsd
+++ /dev/null
@@ -1,612 +0,0 @@
-<?xml version="1.0" encoding="UTF-8"?>
-<xsd:schema xmlns="http://www.buergerkarte.at/namespaces/moaconfig#" xmlns:pr="http://reference.e-government.gv.at/namespace/persondata/20020228#" xmlns:xsd="http://www.w3.org/2001/XMLSchema" xmlns:dsig="http://www.w3.org/2000/09/xmldsig#" targetNamespace="http://www.buergerkarte.at/namespaces/moaconfig#" elementFormDefault="qualified" attributeFormDefault="unqualified" version="1.4.3">
- <!-- es werden lokale Schemas referenziert für real aufgelöste Schemas bitte ersetzen: http://www.w3.org/TR/xmldsig-core/xmldsig-core-schema.xsd -->
- <xsd:import namespace="http://www.w3.org/2000/09/xmldsig#" schemaLocation="xmldsig-core-schema.xsd"/>
- <xsd:import namespace="http://reference.e-government.gv.at/namespace/persondata/20020228#" schemaLocation="PersonData_20_en_moaWID.xsd"/>
- <xsd:element name="Configuration">
- <xsd:complexType>
- <xsd:sequence>
- <xsd:element name="LoginType" type="LoginType" default="stateful"/>
- <xsd:element name="Binding" minOccurs="0">
- <xsd:simpleType>
- <xsd:restriction base="xsd:string">
- <xsd:enumeration value="full"/>
- <xsd:enumeration value="userName"/>
- <xsd:enumeration value="none"/>
- </xsd:restriction>
- </xsd:simpleType>
- </xsd:element>
- <xsd:choice>
- <xsd:element ref="ParamAuth"/>
- <xsd:element ref="BasicAuth"/>
- <xsd:element ref="HeaderAuth"/>
- </xsd:choice>
- </xsd:sequence>
- </xsd:complexType>
- </xsd:element>
- <xsd:simpleType name="LoginType">
- <xsd:restriction base="xsd:token">
- <xsd:enumeration value="stateless"/>
- <xsd:enumeration value="stateful"/>
- </xsd:restriction>
- </xsd:simpleType>
- <xsd:element name="ParamAuth">
- <xsd:complexType>
- <xsd:sequence>
- <xsd:element ref="Parameter" maxOccurs="unbounded"/>
- </xsd:sequence>
- </xsd:complexType>
- </xsd:element>
- <xsd:element name="Parameter">
- <xsd:complexType>
- <xsd:attribute name="Name" type="xsd:token" use="required"/>
- <xsd:attribute name="Value" type="MOAAuthDataType" use="required"/>
- </xsd:complexType>
- </xsd:element>
- <xsd:element name="BasicAuth">
- <xsd:complexType>
- <xsd:sequence>
- <xsd:element name="UserID" type="MOAAuthDataType"/>
- <xsd:element name="Password" type="MOAAuthDataType"/>
- </xsd:sequence>
- </xsd:complexType>
- </xsd:element>
- <xsd:element name="HeaderAuth">
- <xsd:complexType>
- <xsd:sequence>
- <xsd:element ref="Header" maxOccurs="unbounded"/>
- </xsd:sequence>
- </xsd:complexType>
- </xsd:element>
- <xsd:element name="Header">
- <xsd:complexType>
- <xsd:attribute name="Name" type="xsd:token" use="required"/>
- <xsd:attribute name="Value" type="MOAAuthDataType" use="required"/>
- </xsd:complexType>
- </xsd:element>
- <xsd:simpleType name="MOAAuthDataType">
- <xsd:restriction base="xsd:token">
- <xsd:enumeration value="MOAGivenName"/>
- <xsd:enumeration value="MOAFamilyName"/>
- <xsd:enumeration value="MOADateOfBirth"/>
- <xsd:enumeration value="MOABPK"/>
- <xsd:enumeration value="MOAWBPK"/>
- <xsd:enumeration value="MOAPublicAuthority"/>
- <xsd:enumeration value="MOABKZ"/>
- <xsd:enumeration value="MOAQualifiedCertificate"/>
- <xsd:enumeration value="MOAStammzahl"/>
- <xsd:enumeration value="MOAIdentificationValueType"/>
- <xsd:enumeration value="MOAIPAddress"/>
- </xsd:restriction>
- </xsd:simpleType>
- <xsd:simpleType name="MOAKeyBoxSelector">
- <xsd:restriction base="xsd:token">
- <xsd:enumeration value="SecureSignatureKeypair"/>
- <xsd:enumeration value="CertifiedKeypair"/>
- </xsd:restriction>
- </xsd:simpleType>
- <!--Konfiguration für Authentisierungs- und Proxy-Komponente und Online-Applikation-->
- <xsd:element name="MOA-IDConfiguration">
- <xsd:complexType>
- <xsd:sequence>
- <xsd:element name="AuthComponent" type="AuthComponentType" minOccurs="0">
- <xsd:annotation>
- <xsd:documentation>enthält Parameter der Authentisierungs-Komponente</xsd:documentation>
- </xsd:annotation>
- </xsd:element>
- <xsd:element name="ProxyComponent" minOccurs="0">
- <xsd:annotation>
- <xsd:documentation>enthält Konfigurationsparameter der Proxy-Komponente</xsd:documentation>
- </xsd:annotation>
- <xsd:complexType>
- <xsd:sequence>
- <xsd:element name="AuthComponent">
- <xsd:annotation>
- <xsd:documentation>enthält Parameter für die Kommunikation zw. Proxykomponente und Authenttisierungskomponente</xsd:documentation>
- </xsd:annotation>
- <xsd:complexType>
- <xsd:sequence>
- <xsd:element name="ConnectionParameter" type="ConnectionParameterClientAuthType" minOccurs="0">
- <xsd:annotation>
- <xsd:documentation>enthält Parameter für die SOAP-Verbindung von der Proxy-Komponente zur Auth-Komponente (vgl. AuthComponent/MOA-SP/ConnectionParameter)</xsd:documentation>
- </xsd:annotation>
- </xsd:element>
- </xsd:sequence>
- </xsd:complexType>
- </xsd:element>
- </xsd:sequence>
- </xsd:complexType>
- </xsd:element>
- <xsd:element name="OnlineApplication" maxOccurs="unbounded">
- <xsd:annotation>
- <xsd:documentation>enthält Parameter für die OA</xsd:documentation>
- </xsd:annotation>
- <xsd:complexType>
- <xsd:complexContent>
- <xsd:extension base="OnlineApplicationType">
- <xsd:attribute name="publicURLPrefix" type="xsd:anyURI" use="required"/>
- <xsd:attribute name="keyBoxIdentifier" type="MOAKeyBoxSelector" use="optional" default="SecureSignatureKeypair"/>
- <xsd:attribute name="type" use="optional" default="publicService">
- <xsd:simpleType>
- <xsd:restriction base="xsd:NMTOKEN">
- <xsd:enumeration value="businessService"/>
- <xsd:enumeration value="publicService"/>
- </xsd:restriction>
- </xsd:simpleType>
- </xsd:attribute>
- <xsd:attribute name="calculateHPI" type="xsd:boolean" use="optional" default="false"/>
- </xsd:extension>
- </xsd:complexContent>
- </xsd:complexType>
- </xsd:element>
- <xsd:element name="ChainingModes" minOccurs="0">
- <xsd:annotation>
- <xsd:documentation>spezifiziert den Algorithmus ("pkix" oder "chaining") für die Zertifikatspfadvalidierung</xsd:documentation>
- </xsd:annotation>
- <xsd:complexType>
- <xsd:sequence minOccurs="0" maxOccurs="unbounded">
- <xsd:element name="TrustAnchor">
- <xsd:annotation>
- <xsd:documentation>ein vom SystemDefaultMode abweichender ChiningMode kann für jeden TrustAnchor gesetzt werden</xsd:documentation>
- </xsd:annotation>
- <xsd:complexType>
- <xsd:complexContent>
- <xsd:extension base="dsig:X509IssuerSerialType">
- <xsd:attribute name="mode" type="ChainingModeType" use="required"/>
- </xsd:extension>
- </xsd:complexContent>
- </xsd:complexType>
- </xsd:element>
- </xsd:sequence>
- <xsd:attribute name="systemDefaultMode" type="ChainingModeType" use="optional" default="pkix"/>
- </xsd:complexType>
- </xsd:element>
- <xsd:element name="TrustedCACertificates" type="xsd:anyURI" minOccurs="0">
- <xsd:annotation>
- <xsd:documentation>verweist auf ein Verzeichnis, das vertrauenswürdige CA (Zwischen-CA, Wurzel-CA) Zertifikate enthält.</xsd:documentation>
- </xsd:annotation>
- </xsd:element>
- <xsd:element name="GenericConfiguration" minOccurs="0" maxOccurs="unbounded">
- <xsd:complexType>
- <xsd:attribute name="name" use="required">
- <xsd:simpleType>
- <xsd:restriction base="xsd:string">
- <xsd:enumeration value="DirectoryCertStoreParameters.RootDir"/>
- <xsd:enumeration value="AuthenticationSession.TimeOut"/>
- <xsd:enumeration value="AuthenticationData.TimeOut"/>
- <xsd:enumeration value="TrustManager.RevocationChecking"/>
- <xsd:enumeration value="FrontendServlets.EnableHTTPConnection"/>
- <xsd:enumeration value="FrontendServlets.DataURLPrefix"/>
- <xsd:enumeration value="AuthenticationServer.KeepAssertion"/>
- <xsd:enumeration value="AuthenticationServer.WriteAssertionToFile"/>
- <xsd:enumeration value="AuthenticationServer.SourceID"/>
- </xsd:restriction>
- </xsd:simpleType>
- </xsd:attribute>
- <xsd:attribute name="value" type="xsd:string" use="required"/>
- </xsd:complexType>
- </xsd:element>
- </xsd:sequence>
- </xsd:complexType>
- </xsd:element>
- <xsd:complexType name="AuthComponentType">
- <xsd:sequence>
- <xsd:element name="BKUSelection" minOccurs="0">
- <xsd:complexType>
- <xsd:sequence>
- <xsd:element name="ConnectionParameter" type="ConnectionParameterServerAuthType"/>
- </xsd:sequence>
- <xsd:attribute name="BKUSelectionAlternative" type="BKUSelectionType" use="optional" default="HTMLComplete"/>
- </xsd:complexType>
- </xsd:element>
- <xsd:element name="Templates" type="TemplatesType" minOccurs="0"/>
- <xsd:element name="SecurityLayer">
- <xsd:annotation>
- <xsd:documentation>enthält Parameter für die Kommunikation mit dem Security-Layer</xsd:documentation>
- </xsd:annotation>
- <xsd:complexType>
- <xsd:sequence>
- <xsd:element name="TransformsInfo" type="TransformsInfoType" maxOccurs="unbounded"/>
- </xsd:sequence>
- </xsd:complexType>
- </xsd:element>
- <xsd:element name="MOA-SP">
- <xsd:annotation>
- <xsd:documentation>enthält Konfiguratiosnparameter für die Kommunikation mit dem MOA SP Modul</xsd:documentation>
- </xsd:annotation>
- <xsd:complexType>
- <xsd:sequence>
- <xsd:element name="ConnectionParameter" type="ConnectionParameterClientAuthType" minOccurs="0">
- <xsd:annotation>
- <xsd:documentation>enthält Parameter für die SOAP-Verbindung von der AUTH-Komponente zu MOA-SP; das Attribut URL enthält den Endpunkt des Server; wird das Schema "https" verwendet müssen die Kind-Elemente angegeben werden; wird das Schema "http" verwendet dürfen keine Kind-Elemente angegeben werden; wird das Element nicht verwendet dann wird MOA-SP über das API aufgerufen</xsd:documentation>
- </xsd:annotation>
- </xsd:element>
- <xsd:element name="VerifyIdentityLink">
- <xsd:annotation>
- <xsd:documentation>enthält Parameter für die Überprüfung der Personenbindung</xsd:documentation>
- </xsd:annotation>
- <xsd:complexType>
- <xsd:sequence>
- <xsd:element ref="TrustProfileID"/>
- </xsd:sequence>
- </xsd:complexType>
- </xsd:element>
- <xsd:element name="VerifyAuthBlock">
- <xsd:annotation>
- <xsd:documentation>enthält Parameter für die Überprüfung des AUTH-Blocks</xsd:documentation>
- </xsd:annotation>
- <xsd:complexType>
- <xsd:sequence>
- <xsd:element ref="TrustProfileID"/>
- <xsd:element name="VerifyTransformsInfoProfileID" type="xsd:string" minOccurs="0" maxOccurs="unbounded"/>
- </xsd:sequence>
- </xsd:complexType>
- </xsd:element>
- </xsd:sequence>
- </xsd:complexType>
- </xsd:element>
- <xsd:element name="IdentityLinkSigners" minOccurs="0">
- <xsd:annotation>
- <xsd:documentation>enthält Informationen über akzeptierte Signers des IdentityLinks</xsd:documentation>
- </xsd:annotation>
- <xsd:complexType>
- <xsd:sequence>
- <xsd:element name="X509SubjectName" type="xsd:string" maxOccurs="unbounded">
- <xsd:annotation>
- <xsd:documentation>akzeptierte Signer des IdentityLinks werden per X509SubjectName (Kodierung nach RFC 2253) identifiziert</xsd:documentation>
- </xsd:annotation>
- </xsd:element>
- </xsd:sequence>
- </xsd:complexType>
- </xsd:element>
- <xsd:element name="VerifyInfoboxes" type="VerifyInfoboxesType" minOccurs="0">
- <xsd:annotation>
- <xsd:documentation>enthält Defaultparameter für die Überprüfung weiterer Infoboxen</xsd:documentation>
- </xsd:annotation>
- </xsd:element>
- </xsd:sequence>
- </xsd:complexType>
- <xsd:complexType name="TransformsInfoType">
- <xsd:annotation>
- <xsd:documentation>das Attribut filename verweist auf eine Datei mit globalem Element TransformsInfo vom Typ sl10:TransformsInfo; diese TransformsInfo werden in den CreateXMLSignatureRequest für die Signatur des AUTH-Blocks inkludiert</xsd:documentation>
- </xsd:annotation>
- <xsd:attribute name="filename" type="xsd:anyURI" use="required"/>
- </xsd:complexType>
- <xsd:complexType name="TemplatesType">
- <xsd:sequence>
- <xsd:element name="BKUSelectionTemplate" type="TemplateType" minOccurs="0"/>
- <xsd:element name="Template" type="TemplateType" minOccurs="0"/>
- <xsd:element name="InputProcessorSignTemplate" type="TemplateType" minOccurs="0"/>
- </xsd:sequence>
- </xsd:complexType>
- <xsd:complexType name="TemplateType">
- <xsd:annotation>
- <xsd:documentation>das Attribut URL spezifiziert die Lage des Templates</xsd:documentation>
- </xsd:annotation>
- <xsd:attribute name="URL" type="xsd:anyURI" use="required"/>
- </xsd:complexType>
- <xsd:complexType name="VerifyInfoboxesType">
- <xsd:annotation>
- <xsd:documentation>Verifikation zusätzlicher Infoboxen</xsd:documentation>
- </xsd:annotation>
- <xsd:sequence>
- <xsd:element name="DefaultTrustProfile" minOccurs="0">
- <xsd:annotation>
- <xsd:documentation>Optionales DefaultTrustprofil für die Überprüfung aller weiteren Infoboxen</xsd:documentation>
- </xsd:annotation>
- <xsd:complexType>
- <xsd:sequence>
- <xsd:element ref="TrustProfileID"/>
- </xsd:sequence>
- </xsd:complexType>
- </xsd:element>
- <xsd:element name="Infobox" type="InfoboxType" minOccurs="0" maxOccurs="unbounded">
- <xsd:annotation>
- <xsd:documentation>Parameter für Überprüfung weiterer Infoboxen</xsd:documentation>
- </xsd:annotation>
- </xsd:element>
- </xsd:sequence>
- </xsd:complexType>
- <xsd:complexType name="InfoboxType">
- <xsd:annotation>
- <xsd:documentation>Parameter zur Überprüfung einzelner Infoboxen</xsd:documentation>
- </xsd:annotation>
- <xsd:sequence>
- <xsd:element name="FriendlyName" type="xsd:string" minOccurs="0">
- <xsd:annotation>
- <xsd:documentation>optionalervName, der für Fehlermeldungen verwendet werden soll; z.B.: "Stellvertretungen" für "Mandates"; fehlt dieser Parameter, dann wird das Identifier-Attribut verwendet</xsd:documentation>
- </xsd:annotation>
- </xsd:element>
- <xsd:element name="TrustProfileID" type="xsd:string" minOccurs="0">
- <xsd:annotation>
- <xsd:documentation>TrustProfil, das für die Überprüfung der Infobox verwendet werden soll</xsd:documentation>
- </xsd:annotation>
- </xsd:element>
- <xsd:element name="ValidatorClass" type="xsd:string" minOccurs="0">
- <xsd:annotation>
- <xsd:documentation>Validatorklasse, die für die Prüfung der Infobox verwendet werden soll; muss gesetzt werden, wenn Package- und Klassenname vom Default Package- und Klassennamen abweichen</xsd:documentation>
- </xsd:annotation>
- </xsd:element>
- <xsd:element name="SchemaLocations" type="SchemaLocationType" minOccurs="0"/>
- <xsd:element name="ApplicationSpecificParameters" minOccurs="0">
- <xsd:annotation>
- <xsd:documentation>Infobox spezifische Parameter, die der jeweiligen Prüfapplikation übergeben werden</xsd:documentation>
- </xsd:annotation>
- <xsd:complexType>
- <xsd:sequence>
- <xsd:any namespace="##any" processContents="skip" maxOccurs="unbounded"/>
- </xsd:sequence>
- </xsd:complexType>
- </xsd:element>
- <xsd:element name="ParepSpecificParameters" minOccurs="0">
- <xsd:annotation>
- <xsd:documentation>Infobox spezifische Parameter, die der Prüfapplikation für berufliche Parteienvertretung übergeben werden. Dies ist logisch Teil der ApplicationSpecificParameters, kann jedoch aufgrund der Strukturierung validierend geparst werden und dadurch wird eine funktionierende Konfiguration bei Programmstart garantiert.</xsd:documentation>
- </xsd:annotation>
- <xsd:complexType>
- <xsd:sequence>
- <xsd:element ref="EnableInfoboxValidator" minOccurs="0">
- <xsd:annotation>
- <xsd:documentation>Falls Infoboxinhalte für die berufliche Parteienvertretung in der Vollmachten Infobox "mandates" abgelegt werden und Vertretung für berufliche Parteienvertreter aktiviert ist, so kann mit diesem Schalter die Vollmachtsprüfung für normale Vollmachten deaktiviert werden. Damit wird erreicht, dass mittels der Vollmachten Infobox ausschließlich berufliche Parteienvertretung aktiviert ist. Dieser Schalter ist nur für die Vollmachten Infobox "mandates" relevant.</xsd:documentation>
- </xsd:annotation>
- </xsd:element>
- <xsd:element name="PartyRepresentation" type="PartyRepresentationType">
- <xsd:annotation>
- <xsd:documentation>Eigentlicher Konfigurationsteil für berufliche Parteienvertretung</xsd:documentation>
- </xsd:annotation>
- </xsd:element>
- </xsd:sequence>
- </xsd:complexType>
- </xsd:element>
- </xsd:sequence>
- <xsd:attribute name="Identifier" type="xsd:string" use="required"/>
- <xsd:attribute name="required" type="xsd:boolean" use="optional" default="false"/>
- <xsd:attribute name="provideStammzahl" type="xsd:boolean" use="optional" default="false"/>
- <xsd:attribute name="provideIdentityLink" type="xsd:boolean" use="optional" default="false"/>
- </xsd:complexType>
- <xsd:complexType name="SchemaLocationType">
- <xsd:annotation>
- <xsd:documentation>Spezifiziert die Lage von XML Schemas</xsd:documentation>
- </xsd:annotation>
- <xsd:sequence>
- <xsd:element name="Schema" maxOccurs="unbounded">
- <xsd:complexType>
- <xsd:attribute name="namespace" type="xsd:anyURI" use="required"/>
- <xsd:attribute name="schemaLocation" type="xsd:anyURI" use="required"/>
- </xsd:complexType>
- </xsd:element>
- </xsd:sequence>
- </xsd:complexType>
- <xsd:complexType name="ProxyComponentType"/>
- <xsd:complexType name="OnlineApplicationType">
- <xsd:sequence>
- <xsd:element name="AuthComponent" minOccurs="0">
- <xsd:annotation>
- <xsd:documentation>enthält Parameter über die OA, die die Authentisierungs-Komponente betreffen</xsd:documentation>
- </xsd:annotation>
- <xsd:complexType>
- <xsd:sequence>
- <!--xsd:element name="IdentificationNumber" minOccurs="0">
- <xsd:complexType>
- <xsd:sequence>
- <xsd:element ref="pr:AbstractSimpleIdentification"/>
- </xsd:sequence>
- </xsd:complexType>
- </xsd:element-->
- <xsd:element name="IdentificationNumber" minOccurs="0">
- <xsd:complexType>
- <xsd:choice>
- <xsd:element ref="pr:Firmenbuchnummer"/>
- <xsd:element ref="pr:ZMRzahl"/>
- <xsd:element ref="pr:Vereinsnummer"/>
- <xsd:element ref="pr:ERJPZahl"/>
- <xsd:element name="AnyNumber">
- <xsd:complexType>
- <xsd:simpleContent>
- <xsd:extension base="xsd:string">
- <xsd:attribute name="Identifier" type="xsd:string" use="required"/>
- </xsd:extension>
- </xsd:simpleContent>
- </xsd:complexType>
- </xsd:element>
- </xsd:choice>
- </xsd:complexType>
- </xsd:element>
- <xsd:element name="Templates" type="TemplatesType" minOccurs="0"/>
- <xsd:element name="TransformsInfo" type="TransformsInfoType" minOccurs="0" maxOccurs="unbounded"/>
- <xsd:element name="VerifyInfoboxes" type="VerifyInfoboxesType" minOccurs="0"/>
- </xsd:sequence>
- <xsd:attribute name="slVersion" use="optional" default="1.1">
- <xsd:simpleType>
- <xsd:restriction base="xsd:string">
- <xsd:enumeration value="1.1"/>
- <xsd:enumeration value="1.2"/>
- </xsd:restriction>
- </xsd:simpleType>
- </xsd:attribute>
- <xsd:attribute name="provideStammzahl" type="xsd:boolean" use="optional" default="false"/>
- <xsd:attribute name="provideAUTHBlock" type="xsd:boolean" use="optional" default="false"/>
- <xsd:attribute name="provideIdentityLink" type="xsd:boolean" use="optional" default="false"/>
- <xsd:attribute name="provideCertificate" type="xsd:boolean" use="optional" default="false"/>
- <!--xsd:element ref="pr:AbstractSimpleIdentification" minOccurs="0" maxOccurs="1"/-->
- </xsd:complexType>
- </xsd:element>
- <xsd:element name="ProxyComponent" minOccurs="0">
- <xsd:annotation>
- <xsd:documentation>enthält Parameter über die OA, die die Proxy-Komponente betreffen</xsd:documentation>
- </xsd:annotation>
- <xsd:complexType>
- <xsd:sequence>
- <xsd:element name="ConnectionParameter" type="ConnectionParameterClientAuthType">
- <xsd:annotation>
- <xsd:documentation>enthält Parameter über die OA, die die Proxy-Komponente betreffen</xsd:documentation>
- </xsd:annotation>
- </xsd:element>
- </xsd:sequence>
- <xsd:attribute name="configFileURL" type="xsd:anyURI" use="optional"/>
- <xsd:attribute name="sessionTimeOut" type="xsd:int" use="optional"/>
- <xsd:attribute name="loginParameterResolverImpl" type="xsd:string" use="optional"/>
- <xsd:attribute name="loginParameterResolverConfiguration" type="xsd:string" use="optional"/>
- <xsd:attribute name="connectionBuilderImpl" type="xsd:string" use="optional"/>
- </xsd:complexType>
- </xsd:element>
- <!--xsd:element ref="pr:CorporateBody" minOccurs="0" maxOccurs="1"/-->
- </xsd:sequence>
- </xsd:complexType>
- <xsd:complexType name="ConnectionParameterServerAuthType">
- <xsd:sequence>
- <xsd:element name="AcceptedServerCertificates" type="xsd:anyURI" minOccurs="0">
- <xsd:annotation>
- <xsd:documentation>URL zu einem Verzeichnis, das akzeptierte Server-Zertifikate der TLS-Verbindung enthält (keine CA-Zertifikate)</xsd:documentation>
- </xsd:annotation>
- </xsd:element>
- </xsd:sequence>
- <xsd:attribute name="URL" type="xsd:anyURI" use="required"/>
- </xsd:complexType>
- <xsd:complexType name="ConnectionParameterClientAuthType">
- <xsd:complexContent>
- <xsd:extension base="ConnectionParameterServerAuthType">
- <xsd:sequence>
- <xsd:element name="ClientKeyStore" minOccurs="0">
- <xsd:annotation>
- <xsd:documentation>URL zu einem KeyStore, der den privaten Schlüssel, der für die TLS-Client-Authentisierung verwendet wird, enthält</xsd:documentation>
- </xsd:annotation>
- <xsd:complexType>
- <xsd:simpleContent>
- <xsd:extension base="xsd:anyURI">
- <xsd:attribute name="password" type="xsd:string" use="optional"/>
- </xsd:extension>
- </xsd:simpleContent>
- </xsd:complexType>
- </xsd:element>
- </xsd:sequence>
- </xsd:extension>
- </xsd:complexContent>
- </xsd:complexType>
- <xsd:element name="TrustProfileID" type="xsd:string"/>
- <xsd:simpleType name="ChainingModeType">
- <xsd:restriction base="xsd:string">
- <xsd:enumeration value="chaining"/>
- <xsd:enumeration value="pkix"/>
- </xsd:restriction>
- </xsd:simpleType>
- <xsd:simpleType name="BKUSelectionType">
- <xsd:restriction base="xsd:token">
- <xsd:enumeration value="HTMLComplete"/>
- <xsd:enumeration value="HTMLSelect"/>
- </xsd:restriction>
- </xsd:simpleType>
- <xsd:element name="CompatibilityMode" default="false">
- <xsd:simpleType>
- <xsd:restriction base="xsd:boolean"/>
- </xsd:simpleType>
- </xsd:element>
- <xsd:element name="EnableInfoboxValidator" default="true">
- <xsd:simpleType>
- <xsd:restriction base="xsd:boolean"/>
- </xsd:simpleType>
- </xsd:element>
- <xsd:element name="AlwaysShowForm" default="false">
- <xsd:annotation>
- <xsd:documentation>Soll nicht nur bei leerer oder standardisierter Vollmacht mit unvollständigen Daten, sondern beispielsweise zu Kontrollzwecken das Eingabeformular immer angezeigt werden, wenn ein Einschreiten durch berufliche Parteienvertretung geschieht so kann dies mittels dieses Schalters veranlasst werden</xsd:documentation>
- </xsd:annotation>
- <xsd:simpleType>
- <xsd:restriction base="xsd:boolean"/>
- </xsd:simpleType>
- </xsd:element>
- <xsd:complexType name="InputProcessorType">
- <xsd:simpleContent>
- <xsd:extension base="xsd:string">
- <xsd:attribute name="template" type="xsd:anyURI" use="optional">
- <xsd:annotation>
- <xsd:documentation>Das Attribut spezifiziert die Lage des Templates, welches der InputProcessor zur Darstellung des Eingabeformulars nutzen soll</xsd:documentation>
- </xsd:annotation>
- </xsd:attribute>
- </xsd:extension>
- </xsd:simpleContent>
- </xsd:complexType>
- <xsd:complexType name="PartyRepresentationType">
- <xsd:sequence>
- <xsd:element name="InputProcessor" type="InputProcessorType" minOccurs="0">
- <xsd:annotation>
- <xsd:documentation>Default InputProcessor. Konfiguration eines vom Standardprozess abweichenden Verarbeitungsvorgangs bei der beruflichen Parteienvertretung. Der Wert dieses Elements ist der vollständige Klassenname des InputProzessors</xsd:documentation>
- </xsd:annotation>
- </xsd:element>
- <xsd:element ref="AlwaysShowForm" minOccurs="0">
- <xsd:annotation>
- <xsd:documentation>Default Wert für Formularanzeige. Soll nicht nur bei leerer oder standardisierter Vollmacht mit unvollständigen Daten, sondern beispielsweise zu Kontrollzwecken das Eingabeformular zur vervollständigung der Vertretenendaten immer angezeigt werden, wenn ein Einschreiten durch berufliche Parteienvertretung geschieht so kann dies mittels dieses Schalters veranlasst werden</xsd:documentation>
- </xsd:annotation>
- </xsd:element>
- <xsd:element name="ConnectionParameter" type="ConnectionParameterClientAuthType" minOccurs="0">
- <xsd:annotation>
- <xsd:documentation>Default Verbindungsparameter zum SZR-Gateway (für den EGIZ-Demonstrator im internen Netzwerk: https://129.27.142.5:8443/szr-gateway/services/MandateCreation)</xsd:documentation>
- </xsd:annotation>
- </xsd:element>
- <xsd:element name="PartyRepresentative" type="PartyRepresentativeType" minOccurs="0" maxOccurs="unbounded">
- <xsd:annotation>
- <xsd:documentation>Falls keine speziellen beruflichen ParteienvertreterInnen definiert sind (Element kommt nicht vor), werden ausschließlich standardisierte Vollmachten mit einer MandateID="*" akzeptiert</xsd:documentation>
- </xsd:annotation>
- </xsd:element>
- </xsd:sequence>
- </xsd:complexType>
- <xsd:complexType name="PartyRepresentativeType">
- <xsd:sequence>
- <xsd:element name="InputProcessor" type="InputProcessorType" minOccurs="0">
- <xsd:annotation>
- <xsd:documentation>Konfiguration eines vom Standardprozess abweichenden Verarbeitungsvorgangs bei der beruflichen Parteienvertretung. Der Wert dieses Elements ist der vollständige Klassenname des InputProzessors</xsd:documentation>
- </xsd:annotation>
- </xsd:element>
- <xsd:element ref="AlwaysShowForm" minOccurs="0"/>
- <xsd:element name="ConnectionParameter" type="ConnectionParameterClientAuthType" minOccurs="0">
- <xsd:annotation>
- <xsd:documentation>Optionale Verbindungsparameter zu speziellem (SZR-)Gateway</xsd:documentation>
- </xsd:annotation>
- </xsd:element>
- </xsd:sequence>
- <xsd:attribute name="oid" use="required">
- <xsd:annotation>
- <xsd:documentation>OID der Parteienvertretung lt. "Object Identifier der öffentlichen Verwaltung" - Konvention, Empfehlung. Diese ID muss mit der MandateID der übermittelten standardisierten Vollmacht übereinstimmen. Eine Parteienvertretung für standardisierte Vollmachten mit der MandateID "*" muss nicht definiert werden und erlaubt eine allgemeine berufliche Parteienvertretung mit Standardtexten. In anderen Fällen ist eine erlaubte OID mitttels dieses Attributs zu definieren</xsd:documentation>
- </xsd:annotation>
- <!--xsd:simpleType>
- <xsd:restriction/>
- <xsd:restriction base="xsd:string">
- <xsd:enumeration value="1.2.40.0.10.3.1"/>
- <xsd:enumeration value="1.2.40.0.10.3.2"/>
- <xsd:enumeration value="1.2.40.0.10.3.3"/>
- <xsd:enumeration value="1.2.40.0.10.3.10"/>
- <xsd:enumeration value="1.2.40.0.10.3.10.IdentifiedVoiceChannel"/>
- </xsd:restriction>
- </xsd:simpleType-->
- </xsd:attribute>
- <xsd:attribute name="representPhysicalParty" use="optional" default="false">
- <xsd:annotation>
- <xsd:documentation>Legt fest, ob berufliche Parteienvertretung für natürliche Personen erlaubt ist</xsd:documentation>
- </xsd:annotation>
- <xsd:simpleType>
- <xsd:restriction base="xsd:boolean"/>
- </xsd:simpleType>
- </xsd:attribute>
- <xsd:attribute name="representCorporateParty" use="optional" default="false">
- <xsd:annotation>
- <xsd:documentation>Legt fest, ob berufliche Parteienvertretung für juristische Personen erlaubt ist (welche z.B. ein Organwalter nicht vertreten darf und dieser Wert aus diesem Grund dort false sein muss)</xsd:documentation>
- </xsd:annotation>
- <xsd:simpleType>
- <xsd:restriction base="xsd:boolean"/>
- </xsd:simpleType>
- </xsd:attribute>
- <xsd:attribute name="representationText" use="optional">
- <xsd:annotation>
- <xsd:documentation>Beschreibender Text, der an Stelle des Standardtexts bei der Signatur der Anmeldedaten im Falle einer vorliegenden beruflichen Parteienvertretung zur Signatur vorgelegt wird</xsd:documentation>
- </xsd:annotation>
- <!--xsd:simpleType>
- <xsd:restriction/>
- <xsd:restriction base="xsd:string">
- <xsd:enumeration value="berufsmäßige(r) Parteienvertreter(in) mit Notariatseigenschaft"/>
- <xsd:enumeration value="berufsmäßige(r) Parteienvertreter(in) mit Rechtsanwaltseigenschaft"/>
- <xsd:enumeration value="berufsmäßige(r) Parteienvertreter(in) mit Ziviltechnikerinneneigenschaft)"/>
- <xsd:enumeration value="Organwalter"/>
- <xsd:enumeration value="Parteienvertreter(in) über einen identifizierten Sprachkanal"/>
- </xsd:restriction>
- </xsd:simpleType-->
- </xsd:attribute>
- </xsd:complexType>
-</xsd:schema>
diff --git a/id/server/doc/MOA-ID-Configuration-1.4.2.xsd b/id/server/doc/MOA-ID-Configuration-1.4.7.xsd
index 360789834..28e0b947d 100644
--- a/id/server/doc/MOA-ID-Configuration-1.4.2.xsd
+++ b/id/server/doc/MOA-ID-Configuration-1.4.7.xsd
@@ -1,5 +1,6 @@
<?xml version="1.0" encoding="UTF-8"?>
-<xsd:schema xmlns="http://www.buergerkarte.at/namespaces/moaconfig#" xmlns:pr="http://reference.e-government.gv.at/namespace/persondata/20020228#" xmlns:xsd="http://www.w3.org/2001/XMLSchema" xmlns:dsig="http://www.w3.org/2000/09/xmldsig#" targetNamespace="http://www.buergerkarte.at/namespaces/moaconfig#" elementFormDefault="qualified" attributeFormDefault="unqualified" version="1.4.2">
+<!-- edited with XMLSpy v2010 (http://www.altova.com) by ks (ks) -->
+<xsd:schema xmlns="http://www.buergerkarte.at/namespaces/moaconfig#" xmlns:dsig="http://www.w3.org/2000/09/xmldsig#" xmlns:pr="http://reference.e-government.gv.at/namespace/persondata/20020228#" xmlns:xsd="http://www.w3.org/2001/XMLSchema" targetNamespace="http://www.buergerkarte.at/namespaces/moaconfig#" elementFormDefault="qualified" attributeFormDefault="unqualified" version="1.4.3">
<!-- es werden lokale Schemas referenziert für real aufgelöste Schemas bitte ersetzen: http://www.w3.org/TR/xmldsig-core/xmldsig-core-schema.xsd -->
<xsd:import namespace="http://www.w3.org/2000/09/xmldsig#" schemaLocation="xmldsig-core-schema.xsd"/>
<xsd:import namespace="http://reference.e-government.gv.at/namespace/persondata/20020228#" schemaLocation="PersonData_20_en_moaWID.xsd"/>
@@ -141,7 +142,7 @@
</xsd:element>
<xsd:element name="ChainingModes" minOccurs="0">
<xsd:annotation>
- <xsd:documentation>spezifiziert den Algorithmus ("pkix" oder "chaining") für die Zertifikatspfadvalidierung</xsd:documentation>
+ <xsd:documentation>spezifiziert den Algorithmus (&quot;pkix&quot; oder &quot;chaining&quot;) für die Zertifikatspfadvalidierung</xsd:documentation>
</xsd:annotation>
<xsd:complexType>
<xsd:sequence minOccurs="0" maxOccurs="unbounded">
@@ -179,6 +180,7 @@
<xsd:enumeration value="FrontendServlets.DataURLPrefix"/>
<xsd:enumeration value="AuthenticationServer.KeepAssertion"/>
<xsd:enumeration value="AuthenticationServer.WriteAssertionToFile"/>
+ <xsd:enumeration value="AuthenticationServer.SourceID"/>
</xsd:restriction>
</xsd:simpleType>
</xsd:attribute>
@@ -217,7 +219,7 @@
<xsd:sequence>
<xsd:element name="ConnectionParameter" type="ConnectionParameterClientAuthType" minOccurs="0">
<xsd:annotation>
- <xsd:documentation>enthält Parameter für die SOAP-Verbindung von der AUTH-Komponente zu MOA-SP; das Attribut URL enthält den Endpunkt des Server; wird das Schema "https" verwendet müssen die Kind-Elemente angegeben werden; wird das Schema "http" verwendet dürfen keine Kind-Elemente angegeben werden; wird das Element nicht verwendet dann wird MOA-SP über das API aufgerufen</xsd:documentation>
+ <xsd:documentation>enthält Parameter für die SOAP-Verbindung von der AUTH-Komponente zu MOA-SP; das Attribut URL enthält den Endpunkt des Server; wird das Schema &quot;https&quot; verwendet müssen die Kind-Elemente angegeben werden; wird das Schema &quot;http&quot; verwendet dürfen keine Kind-Elemente angegeben werden; wird das Element nicht verwendet dann wird MOA-SP über das API aufgerufen</xsd:documentation>
</xsd:annotation>
</xsd:element>
<xsd:element name="VerifyIdentityLink">
@@ -263,6 +265,17 @@
<xsd:documentation>enthält Defaultparameter für die Überprüfung weiterer Infoboxen</xsd:documentation>
</xsd:annotation>
</xsd:element>
+ <xsd:element name="ForeignIdentities" minOccurs="0">
+ <xsd:complexType>
+ <xsd:sequence>
+ <xsd:element name="ConnectionParameter" type="ConnectionParameterClientAuthType">
+ <xsd:annotation>
+ <xsd:documentation>Default Verbindungsparameter zum SZR-Gateway (GetIdentityLink)</xsd:documentation>
+ </xsd:annotation>
+ </xsd:element>
+ </xsd:sequence>
+ </xsd:complexType>
+ </xsd:element>
</xsd:sequence>
</xsd:complexType>
<xsd:complexType name="TransformsInfoType">
@@ -313,7 +326,7 @@
<xsd:sequence>
<xsd:element name="FriendlyName" type="xsd:string" minOccurs="0">
<xsd:annotation>
- <xsd:documentation>optionalervName, der für Fehlermeldungen verwendet werden soll; z.B.: "Stellvertretungen" für "Mandates"; fehlt dieser Parameter, dann wird das Identifier-Attribut verwendet</xsd:documentation>
+ <xsd:documentation>optionalervName, der für Fehlermeldungen verwendet werden soll; z.B.: &quot;Stellvertretungen&quot; für &quot;Mandates&quot;; fehlt dieser Parameter, dann wird das Identifier-Attribut verwendet</xsd:documentation>
</xsd:annotation>
</xsd:element>
<xsd:element name="TrustProfileID" type="xsd:string" minOccurs="0">
@@ -343,14 +356,9 @@
</xsd:annotation>
<xsd:complexType>
<xsd:sequence>
- <xsd:element ref="CompatibilityMode" minOccurs="0">
- <xsd:annotation>
- <xsd:documentation>Legt fest ob Machtgeber und Machtnehmer in den Anmeldedaten ausgetauscht werden sollen. Lediglich die übermittelte Vollmacht gibt dann Aufschluss darüber, dass eine Vertretung vorliegt. Ziel dieses Schalters ist, dass bisherige Applikationen mit Vollmachten und beruflicher Parteienvertretung nachgerüstet werden können, ohne der Erfordernis Änderungen durchführen zu müssen.</xsd:documentation>
- </xsd:annotation>
- </xsd:element>
<xsd:element ref="EnableInfoboxValidator" minOccurs="0">
<xsd:annotation>
- <xsd:documentation>Falls Infoboxinhalte für die berufliche Parteienvertretung in der Vollmachten Infobox "mandates" abgelegt werden und Vertretung für berufliche Parteienvertreter aktiviert ist, so kann mit diesem Schalter die Vollmachtsprüfung für normale Vollmachten deaktiviert werden. Damit wird erreicht, dass mittels der Vollmachten Infobox ausschließlich berufliche Parteienvertretung aktiviert ist. Dieser Schalter ist nur für die Vollmachten Infobox "mandates" relevant.</xsd:documentation>
+ <xsd:documentation>Falls Infoboxinhalte für die berufliche Parteienvertretung in der Vollmachten Infobox &quot;mandates&quot; abgelegt werden und Vertretung für berufliche Parteienvertreter aktiviert ist, so kann mit diesem Schalter die Vollmachtsprüfung für normale Vollmachten deaktiviert werden. Damit wird erreicht, dass mittels der Vollmachten Infobox ausschließlich berufliche Parteienvertretung aktiviert ist. Dieser Schalter ist nur für die Vollmachten Infobox &quot;mandates&quot; relevant.</xsd:documentation>
</xsd:annotation>
</xsd:element>
<xsd:element name="PartyRepresentation" type="PartyRepresentationType">
@@ -547,7 +555,7 @@
</xsd:element>
<xsd:element name="PartyRepresentative" type="PartyRepresentativeType" minOccurs="0" maxOccurs="unbounded">
<xsd:annotation>
- <xsd:documentation>Falls keine speziellen beruflichen ParteienvertreterInnen definiert sind (Element kommt nicht vor), werden ausschließlich standardisierte Vollmachten mit einer MandateID="*" akzeptiert</xsd:documentation>
+ <xsd:documentation>Falls keine speziellen beruflichen ParteienvertreterInnen definiert sind (Element kommt nicht vor), werden ausschließlich standardisierte Vollmachten mit einer MandateID=&quot;*&quot; akzeptiert</xsd:documentation>
</xsd:annotation>
</xsd:element>
</xsd:sequence>
@@ -568,7 +576,7 @@
</xsd:sequence>
<xsd:attribute name="oid" use="required">
<xsd:annotation>
- <xsd:documentation>OID der Parteienvertretung lt. "Object Identifier der öffentlichen Verwaltung" - Konvention, Empfehlung. Diese ID muss mit der MandateID der übermittelten standardisierten Vollmacht übereinstimmen. Eine Parteienvertretung für standardisierte Vollmachten mit der MandateID "*" muss nicht definiert werden und erlaubt eine allgemeine berufliche Parteienvertretung mit Standardtexten. In anderen Fällen ist eine erlaubte OID mitttels dieses Attributs zu definieren</xsd:documentation>
+ <xsd:documentation>OID der Parteienvertretung lt. &quot;Object Identifier der öffentlichen Verwaltung&quot; - Konvention, Empfehlung. Diese ID muss mit der MandateID der übermittelten standardisierten Vollmacht übereinstimmen. Eine Parteienvertretung für standardisierte Vollmachten mit der MandateID &quot;*&quot; muss nicht definiert werden und erlaubt eine allgemeine berufliche Parteienvertretung mit Standardtexten. In anderen Fällen ist eine erlaubte OID mitttels dieses Attributs zu definieren</xsd:documentation>
</xsd:annotation>
<!--xsd:simpleType>
<xsd:restriction/>
diff --git a/id/server/doc/MOA-ID-Configuration-1.4.xsd b/id/server/doc/MOA-ID-Configuration-1.4.xsd
deleted file mode 100644
index 66a9c0ed4..000000000
--- a/id/server/doc/MOA-ID-Configuration-1.4.xsd
+++ /dev/null
@@ -1,505 +0,0 @@
-<?xml version="1.0" encoding="UTF-8"?>
-<!-- edited with XMLSPY v5 rel. 4 U (http://www.xmlspy.com) by Rudolf Schamberger (Stabsstelle IKT-Strategie) (Bundesrechenzentrum GmbH) -->
-<xsd:schema xmlns="http://www.buergerkarte.at/namespaces/moaconfig#" xmlns:pr="http://reference.e-government.gv.at/namespace/persondata/20020228#" xmlns:xsd="http://www.w3.org/2001/XMLSchema" xmlns:dsig="http://www.w3.org/2000/09/xmldsig#" targetNamespace="http://www.buergerkarte.at/namespaces/moaconfig#" elementFormDefault="qualified" attributeFormDefault="unqualified" version="1.1.1">
- <xsd:import namespace="http://www.w3.org/2000/09/xmldsig#" schemaLocation="http://www.w3.org/TR/xmldsig-core/xmldsig-core-schema.xsd"/>
- <xsd:import namespace="http://reference.e-government.gv.at/namespace/persondata/20020228#" schemaLocation="PersonData_20_en_moaWID.xsd"/>
- <xsd:element name="Configuration">
- <xsd:complexType>
- <xsd:sequence>
- <xsd:element name="LoginType" type="LoginType" default="stateful"/>
- <xsd:element name="Binding" minOccurs="0">
- <xsd:simpleType>
- <xsd:restriction base="xsd:string">
- <xsd:enumeration value="full"/>
- <xsd:enumeration value="userName"/>
- <xsd:enumeration value="none"/>
- </xsd:restriction>
- </xsd:simpleType>
- </xsd:element>
- <xsd:choice>
- <xsd:element ref="ParamAuth"/>
- <xsd:element ref="BasicAuth"/>
- <xsd:element ref="HeaderAuth"/>
- </xsd:choice>
- </xsd:sequence>
- </xsd:complexType>
- </xsd:element>
- <xsd:simpleType name="LoginType">
- <xsd:restriction base="xsd:token">
- <xsd:enumeration value="stateless"/>
- <xsd:enumeration value="stateful"/>
- </xsd:restriction>
- </xsd:simpleType>
- <xsd:element name="ParamAuth">
- <xsd:complexType>
- <xsd:sequence>
- <xsd:element ref="Parameter" maxOccurs="unbounded"/>
- </xsd:sequence>
- </xsd:complexType>
- </xsd:element>
- <xsd:element name="Parameter">
- <xsd:complexType>
- <xsd:attribute name="Name" type="xsd:token" use="required"/>
- <xsd:attribute name="Value" type="MOAAuthDataType" use="required"/>
- </xsd:complexType>
- </xsd:element>
- <xsd:element name="BasicAuth">
- <xsd:complexType>
- <xsd:sequence>
- <xsd:element name="UserID" type="MOAAuthDataType"/>
- <xsd:element name="Password" type="MOAAuthDataType"/>
- </xsd:sequence>
- </xsd:complexType>
- </xsd:element>
- <xsd:element name="HeaderAuth">
- <xsd:complexType>
- <xsd:sequence>
- <xsd:element ref="Header" maxOccurs="unbounded"/>
- </xsd:sequence>
- </xsd:complexType>
- </xsd:element>
- <xsd:element name="Header">
- <xsd:complexType>
- <xsd:attribute name="Name" type="xsd:token" use="required"/>
- <xsd:attribute name="Value" type="MOAAuthDataType" use="required"/>
- </xsd:complexType>
- </xsd:element>
- <xsd:simpleType name="MOAAuthDataType">
- <xsd:restriction base="xsd:token">
- <xsd:enumeration value="MOAGivenName"/>
- <xsd:enumeration value="MOAFamilyName"/>
- <xsd:enumeration value="MOADateOfBirth"/>
- <xsd:enumeration value="MOABPK"/>
- <xsd:enumeration value="MOAWBPK"/>
- <xsd:enumeration value="MOAPublicAuthority"/>
- <xsd:enumeration value="MOABKZ"/>
- <xsd:enumeration value="MOAQualifiedCertificate"/>
- <xsd:enumeration value="MOAStammzahl"/>
- <xsd:enumeration value="MOAIdentificationValueType"/>
- <xsd:enumeration value="MOAIPAddress"/>
- </xsd:restriction>
- </xsd:simpleType>
- <xsd:simpleType name="MOAKeyBoxSelector">
- <xsd:restriction base="xsd:token">
- <xsd:enumeration value="SecureSignatureKeypair"/>
- <xsd:enumeration value="CertifiedKeypair"/>
- </xsd:restriction>
- </xsd:simpleType>
- <!--Konfiguration für Authentisierungs- und Proxy-Komponente und Online-Applikation-->
- <xsd:element name="MOA-IDConfiguration">
- <xsd:complexType>
- <xsd:sequence>
- <xsd:element name="AuthComponent" type="AuthComponentType" minOccurs="0">
- <xsd:annotation>
- <xsd:documentation>enthält Parameter der
- Authentisierungs-Komponente</xsd:documentation>
- </xsd:annotation>
- </xsd:element>
- <xsd:element name="ProxyComponent" minOccurs="0">
- <xsd:annotation>
- <xsd:documentation>enthält Konfigurationsparameter der
- Proxy-Komponente</xsd:documentation>
- </xsd:annotation>
- <xsd:complexType>
- <xsd:sequence>
- <xsd:element name="AuthComponent">
- <xsd:annotation>
- <xsd:documentation>enthält Parameter für die Kommunikation zw.
- Proxykomponente und Authenttisierungskomponente</xsd:documentation>
- </xsd:annotation>
- <xsd:complexType>
- <xsd:sequence>
- <xsd:element name="ConnectionParameter" type="ConnectionParameterClientAuthType" minOccurs="0">
- <xsd:annotation>
- <xsd:documentation>enthält Parameter für die SOAP-Verbindung von der
- Proxy-Komponente zur Auth-Komponente (vgl.
- AuthComponent/MOA-SP/ConnectionParameter)</xsd:documentation>
- </xsd:annotation>
- </xsd:element>
- </xsd:sequence>
- </xsd:complexType>
- </xsd:element>
- </xsd:sequence>
- </xsd:complexType>
- </xsd:element>
- <xsd:element name="OnlineApplication" maxOccurs="unbounded">
- <xsd:annotation>
- <xsd:documentation>enthält Parameter für die OA</xsd:documentation>
- </xsd:annotation>
- <xsd:complexType>
- <xsd:complexContent>
- <xsd:extension base="OnlineApplicationType">
- <xsd:attribute name="publicURLPrefix" type="xsd:anyURI" use="required"/>
- <xsd:attribute name="keyBoxIdentifier" type="MOAKeyBoxSelector" use="optional" default="SecureSignatureKeypair"/>
- <xsd:attribute name="type" use="optional" default="publicService">
- <xsd:simpleType>
- <xsd:restriction base="xsd:NMTOKEN">
- <xsd:enumeration value="businessService"/>
- <xsd:enumeration value="publicService"/>
- </xsd:restriction>
- </xsd:simpleType>
- </xsd:attribute>
- <xsd:attribute name="calculateHPI" type="xsd:boolean" use="optional" default="false"/>
- </xsd:extension>
- </xsd:complexContent>
- </xsd:complexType>
- </xsd:element>
- <xsd:element name="ChainingModes" minOccurs="0">
- <xsd:annotation>
- <xsd:documentation>spezifiziert den Algorithmus ("pkix" oder "chaining") für die
- Zertifikatspfadvalidierung</xsd:documentation>
- </xsd:annotation>
- <xsd:complexType>
- <xsd:sequence minOccurs="0" maxOccurs="unbounded">
- <xsd:element name="TrustAnchor">
- <xsd:annotation>
- <xsd:documentation>ein vom SystemDefaultMode abweichender ChiningMode kann
- für jeden TrustAnchor gesetzt werden</xsd:documentation>
- </xsd:annotation>
- <xsd:complexType>
- <xsd:complexContent>
- <xsd:extension base="dsig:X509IssuerSerialType">
- <xsd:attribute name="mode" type="ChainingModeType" use="required"/>
- </xsd:extension>
- </xsd:complexContent>
- </xsd:complexType>
- </xsd:element>
- </xsd:sequence>
- <xsd:attribute name="systemDefaultMode" type="ChainingModeType" use="optional" default="pkix"/>
- </xsd:complexType>
- </xsd:element>
- <xsd:element name="TrustedCACertificates" type="xsd:anyURI" minOccurs="0">
- <xsd:annotation>
- <xsd:documentation>verweist auf ein Verzeichnis, das vertrauenswürdige CA
- (Zwischen-CA, Wurzel-CA) Zertifikate enthält.</xsd:documentation>
- </xsd:annotation>
- </xsd:element>
- <xsd:element name="GenericConfiguration" minOccurs="0" maxOccurs="unbounded">
- <xsd:complexType>
- <xsd:attribute name="name" use="required">
- <xsd:simpleType>
- <xsd:restriction base="xsd:string">
- <xsd:enumeration value="DirectoryCertStoreParameters.RootDir"/>
- <xsd:enumeration value="AuthenticationSession.TimeOut"/>
- <xsd:enumeration value="AuthenticationData.TimeOut"/>
- <xsd:enumeration value="TrustManager.RevocationChecking"/>
- <xsd:enumeration value="FrontendServlets.EnableHTTPConnection"/>
- <xsd:enumeration value="FrontendServlets.DataURLPrefix"/>
- </xsd:restriction>
- </xsd:simpleType>
- </xsd:attribute>
- <xsd:attribute name="value" type="xsd:string" use="required"/>
- </xsd:complexType>
- </xsd:element>
- </xsd:sequence>
- </xsd:complexType>
- </xsd:element>
- <xsd:complexType name="AuthComponentType">
- <xsd:sequence>
- <xsd:element name="BKUSelection" minOccurs="0">
- <xsd:complexType>
- <xsd:sequence>
- <xsd:element name="ConnectionParameter" type="ConnectionParameterServerAuthType"/>
- </xsd:sequence>
- <xsd:attribute name="BKUSelectionAlternative" type="BKUSelectionType" use="optional" default="HTMLComplete"/>
- </xsd:complexType>
- </xsd:element>
- <xsd:element name="Templates" type="TemplatesType" minOccurs="0"/>
- <xsd:element name="SecurityLayer">
- <xsd:annotation>
- <xsd:documentation>enthält Parameter für die Kommunikation mit dem
- Security-Layer</xsd:documentation>
- </xsd:annotation>
- <xsd:complexType>
- <xsd:sequence>
- <xsd:element name="TransformsInfo" type="TransformsInfoType" maxOccurs="unbounded"/>
- </xsd:sequence>
- </xsd:complexType>
- </xsd:element>
- <xsd:element name="MOA-SP">
- <xsd:annotation>
- <xsd:documentation>enthält Konfiguratiosnparameter für die Kommunikation mit dem MOA
- SP Modul</xsd:documentation>
- </xsd:annotation>
- <xsd:complexType>
- <xsd:sequence>
- <xsd:element name="ConnectionParameter" type="ConnectionParameterClientAuthType" minOccurs="0">
- <xsd:annotation>
- <xsd:documentation>enthält Parameter für die SOAP-Verbindung von der
- AUTH-Komponente zu MOA-SP; das Attribut URL enthält den Endpunkt des Server;
- wird das Schema "https" verwendet müssen die Kind-Elemente angegeben werden;
- wird das Schema "http" verwendet dürfen keine Kind-Elemente angegeben
- werden; wird das Element nicht verwendet dann wird MOA-SP über das API
- aufgerufen</xsd:documentation>
- </xsd:annotation>
- </xsd:element>
- <xsd:element name="VerifyIdentityLink">
- <xsd:annotation>
- <xsd:documentation>enthält Parameter für die Überprüfung der
- Personenbindung</xsd:documentation>
- </xsd:annotation>
- <xsd:complexType>
- <xsd:sequence>
- <xsd:element ref="TrustProfileID"/>
- </xsd:sequence>
- </xsd:complexType>
- </xsd:element>
- <xsd:element name="VerifyAuthBlock">
- <xsd:annotation>
- <xsd:documentation>enthält Parameter für die Überprüfung des
- AUTH-Blocks</xsd:documentation>
- </xsd:annotation>
- <xsd:complexType>
- <xsd:sequence>
- <xsd:element ref="TrustProfileID"/>
- <xsd:element name="VerifyTransformsInfoProfileID" type="xsd:string" minOccurs="0" maxOccurs="unbounded"/>
- </xsd:sequence>
- </xsd:complexType>
- </xsd:element>
- </xsd:sequence>
- </xsd:complexType>
- </xsd:element>
- <xsd:element name="IdentityLinkSigners" minOccurs="0">
- <xsd:annotation>
- <xsd:documentation>enthält Informationen über akzeptierte Signers des
- IdentityLinks</xsd:documentation>
- </xsd:annotation>
- <xsd:complexType>
- <xsd:sequence>
- <xsd:element name="X509SubjectName" type="xsd:string" maxOccurs="unbounded">
- <xsd:annotation>
- <xsd:documentation>akzeptierte Signer des IdentityLinks werden per
- X509SubjectName (Kodierung nach RFC 2253) identifiziert</xsd:documentation>
- </xsd:annotation>
- </xsd:element>
- </xsd:sequence>
- </xsd:complexType>
- </xsd:element>
- <xsd:element name="VerifyInfoboxes" type="VerifyInfoboxesType" minOccurs="0">
- <xsd:annotation>
- <xsd:documentation>enthält Defaultparameter für die Überprüfung weiterer Infoboxen</xsd:documentation>
- </xsd:annotation>
- </xsd:element>
- </xsd:sequence>
- </xsd:complexType>
- <xsd:complexType name="TransformsInfoType">
- <xsd:annotation>
- <xsd:documentation>das Attribut filename verweist auf eine Datei mit globalem
- Element TransformsInfo vom Typ sl10:TransformsInfo; diese TransformsInfo
- werden in den CreateXMLSignatureRequest für die Signatur des AUTH-Blocks
- inkludiert</xsd:documentation>
- </xsd:annotation>
- <xsd:attribute name="filename" type="xsd:anyURI" use="required"/>
- </xsd:complexType>
- <xsd:complexType name="TemplatesType">
- <xsd:sequence>
- <xsd:element name="BKUSelectionTemplate" type="TemplateType" minOccurs="0"/>
- <xsd:element name="Template" type="TemplateType" minOccurs="0"/>
- </xsd:sequence>
- </xsd:complexType>
- <xsd:complexType name="TemplateType">
- <xsd:annotation>
- <xsd:documentation>das Attribut URL spezifiziert die Lage des Templates</xsd:documentation>
- </xsd:annotation>
- <xsd:attribute name="URL" type="xsd:anyURI" use="required"/>
- </xsd:complexType>
- <xsd:complexType name="VerifyInfoboxesType">
- <xsd:annotation>
- <xsd:documentation>Verifikation zusätzlicher Infoboxen</xsd:documentation>
- </xsd:annotation>
- <xsd:sequence>
- <xsd:element name="DefaultTrustProfile" minOccurs="0">
- <xsd:annotation>
- <xsd:documentation>Optionales DefaultTrustprofil für die Überprüfung aller weiteren Infoboxen</xsd:documentation>
- </xsd:annotation>
- <xsd:complexType>
- <xsd:sequence>
- <xsd:element ref="TrustProfileID"/>
- </xsd:sequence>
- </xsd:complexType>
- </xsd:element>
- <xsd:element name="Infobox" maxOccurs="unbounded">
- <xsd:annotation>
- <xsd:documentation>Parameter für Überprüfung weiterer Infoboxen</xsd:documentation>
- </xsd:annotation>
- <xsd:complexType>
- <xsd:sequence>
- <xsd:element name="FriendlyName" type="xsd:string" minOccurs="0">
- <xsd:annotation>
- <xsd:documentation>optionalervName, der für Fehlermeldungen verwendet werden soll;
- z.B.: "Stellvertretungen" für "Mandates"; fehlt dieser Parameter, dann wird
- das Identifier-Attribut verwendet</xsd:documentation>
- </xsd:annotation>
- </xsd:element>
- <xsd:element name="TrustProfileID" type="xsd:string" minOccurs="0">
- <xsd:annotation>
- <xsd:documentation>TrustProfil, das für die Überprüfung der Infobox
- verwendet werden soll</xsd:documentation>
- </xsd:annotation>
- </xsd:element>
- <xsd:element name="ValidatorClass" type="xsd:string" minOccurs="0">
- <xsd:annotation>
- <xsd:documentation>Validatorklasse, die für die Prüfung der Infobox
- verwendet werden soll; muss gesetzt werden, wenn Package- und Klassenname
- vom Default Package- und Klassennamen abweichen</xsd:documentation>
- </xsd:annotation>
- </xsd:element>
- <xsd:element name="SchemaLocations" type="SchemaLocationType" minOccurs="0"/>
- <xsd:element name="ApplicationSpecificParameters" minOccurs="0">
- <xsd:annotation>
- <xsd:documentation>Infobox spezifische Parameter, die der jeweiligen Prüfapplikation
- übergeben werden</xsd:documentation>
- </xsd:annotation>
- <xsd:complexType>
- <xsd:sequence>
- <xsd:any namespace="##any" processContents="skip" maxOccurs="unbounded"/>
- </xsd:sequence>
- </xsd:complexType>
- </xsd:element>
- </xsd:sequence>
- <xsd:attribute name="Identifier" type="xsd:string" use="required"/>
- <xsd:attribute name="required" type="xsd:boolean" use="optional" default="false"/>
- <xsd:attribute name="provideStammzahl" type="xsd:boolean" use="optional" default="false"/>
- <xsd:attribute name="provideIdentityLink" type="xsd:boolean" use="optional" default="false"/>
- </xsd:complexType>
- </xsd:element>
- </xsd:sequence>
- </xsd:complexType>
- <xsd:complexType name="SchemaLocationType">
- <xsd:annotation>
- <xsd:documentation>Spezifiziert die Lage von XML Schemas</xsd:documentation>
- </xsd:annotation>
- <xsd:sequence>
- <xsd:element name="Schema" maxOccurs="unbounded">
- <xsd:complexType>
- <xsd:attribute name="namespace" type="xsd:anyURI" use="required"/>
- <xsd:attribute name="schemaLocation" type="xsd:anyURI" use="required"/>
- </xsd:complexType>
- </xsd:element>
- </xsd:sequence>
- </xsd:complexType>
- <xsd:complexType name="ProxyComponentType"/>
- <xsd:complexType name="OnlineApplicationType">
- <xsd:sequence>
- <xsd:element name="AuthComponent" minOccurs="0">
- <xsd:annotation>
- <xsd:documentation>enthält Parameter über die OA, die die
- Authentisierungs-Komponente betreffen</xsd:documentation>
- </xsd:annotation>
- <xsd:complexType>
- <xsd:sequence>
- <!--xsd:element name="IdentificationNumber" minOccurs="0">
- <xsd:complexType>
- <xsd:sequence>
- <xsd:element ref="pr:AbstractSimpleIdentification"/>
- </xsd:sequence>
- </xsd:complexType>
- </xsd:element-->
- <xsd:element name="IdentificationNumber" minOccurs="0">
- <xsd:complexType>
- <xsd:choice>
- <xsd:element ref="pr:Firmenbuchnummer"/>
- <xsd:element ref="pr:ZMRzahl"/>
- <xsd:element ref="pr:Vereinsnummer"/>
- <xsd:element ref="pr:ERJPZahl"/>
- <xsd:element name="AnyNumber">
- <xsd:complexType>
- <xsd:simpleContent>
- <xsd:extension base="xsd:string">
- <xsd:attribute name="Identifier" type="xsd:string" use="required"/>
- </xsd:extension>
- </xsd:simpleContent>
- </xsd:complexType>
- </xsd:element>
- </xsd:choice>
- </xsd:complexType>
- </xsd:element>
- <xsd:element name="Templates" type="TemplatesType" minOccurs="0"/>
- <xsd:element name="TransformsInfo" type="TransformsInfoType" minOccurs="0" maxOccurs="unbounded"/>
- <xsd:element name="VerifyInfoboxes" type="VerifyInfoboxesType" minOccurs="0"/>
- </xsd:sequence>
- <xsd:attribute name="slVersion" use="optional" default="1.1">
- <xsd:simpleType>
- <xsd:restriction base="xsd:string">
- <xsd:enumeration value="1.1"/>
- <xsd:enumeration value="1.2"/>
- </xsd:restriction>
- </xsd:simpleType>
- </xsd:attribute>
- <xsd:attribute name="provideStammzahl" type="xsd:boolean" use="optional" default="false"/>
- <xsd:attribute name="provideAUTHBlock" type="xsd:boolean" use="optional" default="false"/>
- <xsd:attribute name="provideIdentityLink" type="xsd:boolean" use="optional" default="false"/>
- <xsd:attribute name="provideCertificate" type="xsd:boolean" use="optional" default="false"/>
- <!--xsd:element ref="pr:AbstractSimpleIdentification" minOccurs="0" maxOccurs="1"/-->
- </xsd:complexType>
- </xsd:element>
- <xsd:element name="ProxyComponent" minOccurs="0">
- <xsd:annotation>
- <xsd:documentation>enthält Parameter über die OA, die die Proxy-Komponente
- betreffen</xsd:documentation>
- </xsd:annotation>
- <xsd:complexType>
- <xsd:sequence>
- <xsd:element name="ConnectionParameter" type="ConnectionParameterClientAuthType">
- <xsd:annotation>
- <xsd:documentation>enthält Parameter über die OA, die die Proxy-Komponente
- betreffen</xsd:documentation>
- </xsd:annotation>
- </xsd:element>
- </xsd:sequence>
- <xsd:attribute name="configFileURL" type="xsd:anyURI" use="optional"/>
- <xsd:attribute name="sessionTimeOut" type="xsd:int" use="optional"/>
- <xsd:attribute name="loginParameterResolverImpl" type="xsd:string" use="optional"/>
- <xsd:attribute name="loginParameterResolverConfiguration" type="xsd:string" use="optional"/>
- <xsd:attribute name="connectionBuilderImpl" type="xsd:string" use="optional"/>
- </xsd:complexType>
- </xsd:element>
- <!--xsd:element ref="pr:CorporateBody" minOccurs="0" maxOccurs="1"/-->
- </xsd:sequence>
- </xsd:complexType>
- <xsd:complexType name="ConnectionParameterServerAuthType">
- <xsd:sequence>
- <xsd:element name="AcceptedServerCertificates" type="xsd:anyURI" minOccurs="0">
- <xsd:annotation>
- <xsd:documentation>URL zu einem Verzeichnis, das akzeptierte Server-Zertifikate der
- TLS-Verbindung enthält (keine CA-Zertifikate)</xsd:documentation>
- </xsd:annotation>
- </xsd:element>
- </xsd:sequence>
- <xsd:attribute name="URL" type="xsd:anyURI" use="required"/>
- </xsd:complexType>
- <xsd:complexType name="ConnectionParameterClientAuthType">
- <xsd:complexContent>
- <xsd:extension base="ConnectionParameterServerAuthType">
- <xsd:sequence>
- <xsd:element name="ClientKeyStore" minOccurs="0">
- <xsd:annotation>
- <xsd:documentation>URL zu einem KeyStore, der den privaten Schlüssel, der für
- die TLS-Client-Authentisierung verwendetwird, enthält</xsd:documentation>
- </xsd:annotation>
- <xsd:complexType>
- <xsd:simpleContent>
- <xsd:extension base="xsd:anyURI">
- <xsd:attribute name="password" type="xsd:string" use="optional"/>
- </xsd:extension>
- </xsd:simpleContent>
- </xsd:complexType>
- </xsd:element>
- </xsd:sequence>
- </xsd:extension>
- </xsd:complexContent>
- </xsd:complexType>
- <xsd:element name="TrustProfileID" type="xsd:string"/>
- <xsd:simpleType name="ChainingModeType">
- <xsd:restriction base="xsd:string">
- <xsd:enumeration value="chaining"/>
- <xsd:enumeration value="pkix"/>
- </xsd:restriction>
- </xsd:simpleType>
- <xsd:simpleType name="BKUSelectionType">
- <xsd:restriction base="xsd:token">
- <xsd:enumeration value="HTMLComplete"/>
- <xsd:enumeration value="HTMLSelect"/>
- </xsd:restriction>
- </xsd:simpleType>
-</xsd:schema>
diff --git a/id/server/doc/moa_id/id-admin.htm b/id/server/doc/moa_id/id-admin.htm
index 4c5a29b26..8238c7c2d 100644
--- a/id/server/doc/moa_id/id-admin.htm
+++ b/id/server/doc/moa_id/id-admin.htm
@@ -105,17 +105,18 @@ F&uuml;r den Betrieb von MOA-ID-AUTH sind unterschiedliche Szenarien m&ouml;glic
</td>
<td valign="top">
<div id="subtitel">Basis-Installation von MOA-ID-AUTH</div>
-<p id="block">
+<div id="block">
Die Basis-Installation stellt einerseits die minimalen Anforderungen f&uuml;r den Betrieb von MOA-ID-AUTH dar, andererseits dient sie als Ausgangspunkt f&uuml;r weitere (optionale) Konfigurations-M&ouml;glichkeiten.
<br /><br />
Folgende Software ist Voraussetzung f&uuml;r die Basis-Installation:
-</div>
+
<ul>
-<li>JDK 1.4.0, JDK 1.4.2 oder JDK 1.5.0</li>
-<li>Tomcat 4.1.31 oder Tomcat 5.0.28</li>
+<li>JDK 1.4.0, JDK 1.4.2, JDK 1.5.0 oder JDK 1.6</li>
+<li>Tomcat 4.1.31, Tomcat 5.0.28, Tomcat 5.5 oder Tomcat 6</li>
<li>MOA-ID-AUTH 1.4 </li>
<li>MOA SP/SS 1.4 oder neuer (entweder als WebService oder direkt als interne Bibliothek)</li>
</ul>
+</div>
<div id="block">
Um m&ouml;glichen Versionskonflikten aus dem Weg zu gehen sollten stets die neuesten Versionen von MOA-ID als auch von MOA-SP/SS verwendet werden. <br/>
In diesem Betriebs-Szenario wird MOA-ID-AUTH in Tomcat deployt. Tomcat fungiert gleichzeitig als HTTP- und HTTPS-Endpunkt f&uuml;r MOA-ID-AUTH. Beide Protokolle werden direkt in Tomcat konfiguriert.
@@ -236,10 +237,10 @@ Die Versionsangaben beziehen sich auf die Versionen, mit denen die MOA ID Webapp
</tr>
<tr>
<td width="59%"><b>JDK (SDK)</b> </td>
- <td width="41%">min. <a href="http://java.sun.com/j2se/1.4.0/download.html">1.4.0</a> bzw. <a href="http://java.sun.com/j2se/1.4.2/download.html"><br>
+ <td width="41%"><p>min. <a href="http://java.sun.com/j2se/1.4.0/download.html">1.4.0</a> bzw. <a href="http://java.sun.com/j2se/1.4.2/download.html"><br>
1.4.2</a><br/>
- <a href="http://java.sun.com/j2se/1.5.0/download.html">1.5.0</a>
- </td>
+ <a href="http://java.sun.com/j2se/1.5.0/download.html">1.5.0</a></p>
+ </td>
</tr>
<tr>
<td width="59%" height="21"><b>Tomcat</b></td>
diff --git a/id/server/doc/moa_id/id-admin_1.htm b/id/server/doc/moa_id/id-admin_1.htm
index 7b9ea9c1d..3e320d850 100644
--- a/id/server/doc/moa_id/id-admin_1.htm
+++ b/id/server/doc/moa_id/id-admin_1.htm
@@ -124,7 +124,7 @@ Unterschiede sind in der Installationsanweisung angef&uuml;hrt.
f&uuml;r 1.5.0</a>.</p>
</div>
-</div></td></tr></table>
+</td></tr></table>
<div id="Tomcat" />
<table width="650" border="0" cellpadding="10" cellspacing="0">
@@ -425,7 +425,7 @@ FATAL | 03 13:19:06,924 | main | Fehler
</pre>
In diesem Fall geben die WARN bzw. ERROR Log-Meldungen unmittelbar davor Aufschluss &uuml;ber den genaueren Grund. <br />
</div>
-</div></td></tr></table>
+</td></tr></table>
<div id="Logging" />
@@ -519,7 +519,7 @@ Wenn nun versucht wird, eine Transaktion mit einer ung&uumlltigen SessionID fort
<p>
</div>
</p>
- </div>
+
</td></tr></table>
<br /><br />
@@ -530,7 +530,7 @@ Wenn nun versucht wird, eine Transaktion mit einer ung&uumlltigen SessionID fort
<td width="170" valign="top"><br /></td>
<td valign="top">
<hr />
-<div style="font-size:8pt; color:#909090">&copy; 2004 </div>
+<div style="font-size:8pt; color:#909090">&copy; 2010</div>
</td></tr></table>
<br />
diff --git a/id/server/doc/moa_id/id-admin_2.htm b/id/server/doc/moa_id/id-admin_2.htm
index e934dc6cc..76df09e54 100644
--- a/id/server/doc/moa_id/id-admin_2.htm
+++ b/id/server/doc/moa_id/id-admin_2.htm
@@ -115,14 +115,14 @@ Projekt <span style="font-size:48pt; ">moa</span>&#160;
</td>
- <td valign="top">
+ <td valign="top">
<div id="titel">Konfiguration von MOA ID v.1.4</div>
<div id="moaid-konfiguration" />
<p id="subtitel">Konfiguration von MOA ID v.1.4</p>
<p id="block"> Die Konfiguration von MOA ID wird mittels einer XML-basierten
Konfigurationsdatei, die dem Schema
- <a href="../MOA-ID-Configuration-1.4.3.xsd" target="_new">MOA-ID-Configuration-1.4.3.xsd</a> entspricht, durchgef&uuml;hrt.
- <p /> Der Ort der Konfigurationsdatei wird im Abschnitt <a href="id-admin_1.htm#deployment">Deployment
+ <a href="../MOA-ID-Configuration-1.4.7.xsd" target="_new">MOA-ID-Configuration-1.4.7.xsd</a> entspricht, durchgef&uuml;hrt.
+ <p /> Der Ort der Konfigurationsdatei wird im Abschnitt <a href="id-admin_1.htm#deployment">Deployment
der Web-Applikation in Tomcat</a> beschrieben.
<p /> Die folgenden Abschnitte erl&auml;utern das Format der Konfigurationsdatei.
<a href="examples/conf/MOA-ID-Configuration.xml" target="_new">MOA-ID-Configuration.xml</a>
@@ -251,8 +251,8 @@ Projekt <span style="font-size:48pt; ">moa</span>&#160;
dieses Handbuches entnommen werden.
</p>
- </div>
- <div id="SecurityLayer" />
+
+ <div id="SecurityLayer" />
<p id="block"> <b>AuthComponent/SecurityLayer</b> <br />
Das Element <tt>SecurityLayer</tt> enth&auml;lt Parameter
zur Nutzung des Security-Layers. <br />
@@ -289,12 +289,7 @@ Projekt <span style="font-size:48pt; ">moa</span>&#160;
von MOA-SP gesetzt werden. Eine beispielhafte MOA-SP Konfigurationsdatei
ist in <tt>$MOA_ID_INST_AUTH/conf/moa-spss/SampleMOASPSSConfiguration.xml</tt>
enthalten. </p>
- </div>
- </div>
- </div>
- </div>
- </div>
- </div>
+
<div id="moaid-konfiguration" />
<div id="ConnectionParameter" />
<div id="AuthComponent" />
@@ -321,14 +316,8 @@ Projekt <span style="font-size:48pt; ">moa</span>&#160;
zur &uuml;berpr&uuml;fung der Signatur des Auth-Blocks
verwendet werden m&uuml;ssen. Diese TrustProfileID muss
beim verwendeten MOA-SP Modul konfiguriert sein.</p>
- </div>
- </div>
- </div>
- </div>
- </div>
- </div>
- </div>
- <div id="moaid-konfiguration" />
+
+ <div id="moaid-konfiguration" />
<div id="AuthComponent" />
<div id="IdentityLinkSigners" />
<p id="block"> <b>AuthComponent/IdentityLinkSigners</b>
@@ -533,13 +522,16 @@ Projekt <span style="font-size:48pt; ">moa</span>&#160;
</ul>
</li>
</ul>
- <br />
+ <p><br />
Eine Beispielkonfiguration finden sie am Ende das Abschnitts
- <a href="#VerifyInfoboxesOA">OnlineApplication/AuthComponent/VerifyInfoboxes</a>.
- <br />
- <br />
+ <a href="#VerifyInfoboxesOA">OnlineApplication/AuthComponent/VerifyInfoboxes</a>.
+ <br />
</p>
- </div>
+ <p><b>AuthComponent/ForeignIdentities</b> <br />
+Ab Version 1.4.7 bietet MOA-ID die M&ouml;glichkeit der Nutzung von ausl&auml;ndischen Karten. Hierf&uuml;r ist ein Stammzahlenregister-Gateway n&ouml;tig, dass einen entsprechenden Zugang zum Stammzahlenregister bereitstellt. Es ist hierzu ein ensprechenden <a href="#ConnectionParameter"><tt>ConnectionParameter</tt></a> zu definieren, der die Zugangsdaten zum Gateway bereith&auml;lt (siehe <a href="#ConnectionParameter"><tt>ConnectionParameter</tt></a>).<br />
+ </p>
+ </p>
+
<div id="ProxyComponent" />
<p id="block"> <b>ProxyComponent</b> <br />
@@ -1457,7 +1449,7 @@ Im Falle einer fehlerhaften neuen Konfiguration wird die urspr&uuml;ngliche Konf
<td width="170" valign="top"><br /></td>
<td valign="top">
<hr />
-<div style="font-size:8pt; color:#909090">&copy; 2004</div>
+<div style="font-size:8pt; color:#909090">&copy; 2010</div>
</td></tr></table>
<br />
diff --git a/id/server/doc/moa_id/links.htm b/id/server/doc/moa_id/links.htm
index 06aa7afcc..ef6c09083 100644
--- a/id/server/doc/moa_id/links.htm
+++ b/id/server/doc/moa_id/links.htm
@@ -66,8 +66,7 @@ Projekt <span style="font-size:48pt; ">moa</span>&#160;
<br />
<!-- div id="slogan">
MOA ist eine Entwicklung des Bundesrechenzentrums BRZ in Zusammenarbeit mit A-Trust und dem Institut f&uuml;r angewandte Informations- und Kom-munikationstechnik (IAIK) der Universit&auml;t Graz
-</div -->
-</td>
+</div --></td>
<td valign="top">
<div id="titel">MOA Links </div>
@@ -76,28 +75,28 @@ MOA ist eine Entwicklung des Bundesrechenzentrums BRZ in Zusammenarbeit mit A-Tr
<p id="subtitel">Externe Komponenten</p>
<div id="klein">Apache <br />
-<a href="http://httpd.apache.org/docs-2.0/">http://httpd.apache.org/docs-2.0</a></div>
+<a href="http://httpd.apache.org/">http://httpd.apache.org/</a></div>
<div id="klein">Internet Information Server <br />
-<a href="http://www.microsoft.com/windows2000/en/server/iis/default.asp">http://www.microsoft.com/windows2000/en/server/iis/default.asp</a></div>
+<a href="http://www.iis.net/">http://www.iis.net/</a></div>
<div id="klein">Tomcat <br />
-<a href="http://jakarta.apache.org/tomcat/tomcat-4.1-doc/">http://jakarta.apache.org/tomcat/tomcat-4.1-doc</a> </div>
+<a href="http://tomcat.apache.org/">http://tomcat.apache.org/</a></div>
<div id="klein">Tomcat mod_SSL <br />
-<a href="http://httpd.apache.org/docs-2.0/ssl/">http://httpd.apache.org/docs-2.0/ssl</a></div>
+<a href="http://httpd.apache.org/docs/2.2/ssl/">http://httpd.apache.org/docs/2.2/ssl/</a></div>
<div id="klein">Tomcat mod_jk <br />
-<a href="http://jakarta.apache.org/tomcat/tomcat-4.1-doc/jk2/">http://jakarta.apache.org/tomcat/tomcat-4.1-doc/jk2</a></div>
+<a href="http://tomcat.apache.org/connectors-doc/">http://tomcat.apache.org/connectors-doc/</a></div>
<div id="klein">Logging Toolkit <br />
-<a href="http://jakarta.apache.org/log4j/docs/index.html">http://jakarta.apache.org/log4j/docs/ </a></div>
+<a href="http://jakarta.apache.org/log4j/">http://jakarta.apache.org/log4j/</a></div>
<div id="klein">IAIK JCE <br />
<a href="http://jce.iaik.tugraz.at/products/index.php">http://jce.iaik.tugraz.at/products/index.php </a></div>
<div id="klein">PostgreSQL <br />
-<a href="http://techdocs.postgresql.org/installguides.php">http://techdocs.postgresql.org </a></div>
+<a href="http://www.postgresql.org/">http://www.postgresql.org/</a></div>
<div id="Spezifikationen" />
<p id="subtitel">Spezifikationen</p>
@@ -108,20 +107,24 @@ MOA ist eine Entwicklung des Bundesrechenzentrums BRZ in Zusammenarbeit mit A-Tr
<div id="klein">E-Government <br />
<a href="http://reference.e-government.gv.at/">http://reference.e-government.gv.at</a></div>
-<div id="klein">Security Layer Version 1.1<br />
-<a href="http://www.buergerkarte.at/konzept/securitylayer/spezifikation/20020831">http://www.buergerkarte.at/konzept/securitylayer/spezifikation/2002083</a></div>
+<div id="klein">B&uuml;rgerkarte<br />
+<a href="http://www.buergerkarte.at">http://www.buergerkarte.at</a></div>
-<div id="klein">Personenbindung Version 1.1<br />
-<a href="http://www.buergerkarte.at/konzept/personenbindung/spezifikation/20020506">http://www.buergerkarte.at/konzept/personenbindung/spezifikation/20020506</a></div>
+<div id="klein">Security Layer Version 1.2<br />
+<a href="http://www.buergerkarte.at/konzept/securitylayer/spezifikation/aktuell/">http://www.buergerkarte.at/konzept/securitylayer/spezifikation/aktuell/</a></div>
+
+<div id="klein">Personenbindung Version 1.2.2<br />
+<a href="http://www.buergerkarte.at/konzept/personenbindung/spezifikation/aktuell/">http://www.buergerkarte.at/konzept/personenbindung/spezifikation/aktuell/</a></div>
<div id="klein">Security Assertion Markup Language <br />
<a href="http://www.oasis-open.org/committees/tc_home.php?wg_abbrev=security">http://www.oasis-open.org/committees/tc_home.php?wg_abbrev=security</a></div>
-<div id="klein">Auswahl von B&uuml;rgerkartenumgebungen Version 1.0.0<br />
-<a href="../bku-auswahl.20030408.pdf">bku-auswahl.20030408.pdf</a></div>
-</p>
-
-</td></tr></table>
+</td></tr>
+<tr>
+ <td valign="top">&nbsp;</td>
+ <td valign="top">&nbsp;</td>
+</tr>
+</table>
@@ -131,7 +134,8 @@ MOA ist eine Entwicklung des Bundesrechenzentrums BRZ in Zusammenarbeit mit A-Tr
<td width="170" valign="top"><br /></td>
<td valign="top">
<hr />
-<div style="font-size:8pt; color:#909090">&copy; 2003 <!-- Development Center, BRZ GmbH --></div>
+<div style="font-size:8pt; color:#909090">&copy; 2010
+ <!-- Development Center, BRZ GmbH --></div>
</td></tr></table>
<br />
diff --git a/id/server/doc/moa_id/moa.htm b/id/server/doc/moa_id/moa.htm
index 05a2d3007..d899dd94c 100644
--- a/id/server/doc/moa_id/moa.htm
+++ b/id/server/doc/moa_id/moa.htm
@@ -238,7 +238,7 @@ an den Benutzer weitergeleitet und die Anfragen des Benutzers an die OA weiterge
<td width="170" valign="top"><br /></td>
<td valign="top">
<hr />
-<div style="font-size:8pt; color:#909090">&copy; 2004</div>
+<div style="font-size:8pt; color:#909090">&copy; 2010</div>
</td></tr></table>
<br />
diff --git a/id/server/idserverlib/.classpath b/id/server/idserverlib/.classpath
index 1c79cc393..f0e483a4a 100644
--- a/id/server/idserverlib/.classpath
+++ b/id/server/idserverlib/.classpath
@@ -1,9 +1,13 @@
-<?xml version="1.0" encoding="UTF-8"?>
-<classpath>
- <classpathentry kind="src" output="target/classes" path="src/main/java"/>
- <classpathentry excluding="**" kind="src" output="target/classes" path="src/main/resources"/>
- <classpathentry kind="src" output="target/test-classes" path="src/test/java"/>
- <classpathentry kind="con" path="org.eclipse.jdt.launching.JRE_CONTAINER/org.eclipse.jdt.internal.debug.ui.launcher.StandardVMType/J2SE-1.4"/>
- <classpathentry kind="con" path="org.maven.ide.eclipse.MAVEN2_CLASSPATH_CONTAINER"/>
- <classpathentry kind="output" path="target/classes"/>
-</classpath>
+<?xml version="1.0" encoding="UTF-8"?>
+<classpath>
+ <classpathentry kind="src" output="target/classes" path="src/main/java"/>
+ <classpathentry excluding="**" kind="src" output="target/classes" path="src/main/resources"/>
+ <classpathentry kind="src" output="target/test-classes" path="src/test/java"/>
+ <classpathentry kind="con" path="org.eclipse.jdt.launching.JRE_CONTAINER/org.eclipse.jdt.internal.debug.ui.launcher.StandardVMType/J2SE-1.4"/>
+ <classpathentry kind="con" path="org.maven.ide.eclipse.MAVEN2_CLASSPATH_CONTAINER">
+ <attributes>
+ <attribute name="org.eclipse.jst.component.nondependency" value=""/>
+ </attributes>
+ </classpathentry>
+ <classpathentry kind="output" path="target/classes"/>
+</classpath>
diff --git a/id/server/idserverlib/.settings/org.eclipse.wst.common.component b/id/server/idserverlib/.settings/org.eclipse.wst.common.component
index 554e24c0b..87b873d7b 100644
--- a/id/server/idserverlib/.settings/org.eclipse.wst.common.component
+++ b/id/server/idserverlib/.settings/org.eclipse.wst.common.component
@@ -1,8 +1,7 @@
-<?xml version="1.0" encoding="UTF-8"?>
-<project-modules id="moduleCoreId" project-version="1.5.0">
-<wb-module deploy-name="moa-id-lib">
-<wb-resource deploy-path="/" source-path="/src/main/java"/>
-<wb-resource deploy-path="/" source-path="/src/test/java"/>
-<wb-resource deploy-path="/" source-path="/src/main/resources"/>
-</wb-module>
-</project-modules>
+<?xml version="1.0" encoding="UTF-8"?>
+<project-modules id="moduleCoreId" project-version="1.5.0">
+<wb-module deploy-name="moa-id-lib">
+<wb-resource deploy-path="/" source-path="/src/main/java"/>
+<wb-resource deploy-path="/" source-path="/src/main/resources"/>
+</wb-module>
+</project-modules>
diff --git a/id/server/idserverlib/pom.xml b/id/server/idserverlib/pom.xml
index c0f704522..45b46242e 100644
--- a/id/server/idserverlib/pom.xml
+++ b/id/server/idserverlib/pom.xml
@@ -2,14 +2,14 @@
<parent>
<groupId>MOA.id</groupId>
<artifactId>moa-id</artifactId>
- <version>1.4.6</version>
+ <version>1.4.7</version>
</parent>
<modelVersion>4.0.0</modelVersion>
<groupId>MOA.id.server</groupId>
<artifactId>moa-id-lib</artifactId>
<packaging>jar</packaging>
- <version>1.4.6</version>
+ <version>1.4.7</version>
<name>MOA ID API</name>
<properties>
@@ -117,10 +117,10 @@
<groupId>regexp</groupId>
<artifactId>regexp</artifactId>
</dependency>
- <dependency>
+ <!-- <dependency>
<groupId>commons-httpclient</groupId>
<artifactId>commons-httpclient</artifactId>
- </dependency>
+ </dependency>-->
<dependency>
<groupId>at.gv.egovernment.moa.id</groupId>
<artifactId>mandate-validate</artifactId>
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/AuthenticationServer.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/AuthenticationServer.java
index 971fbcef2..fcaa4f053 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/AuthenticationServer.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/AuthenticationServer.java
@@ -19,7 +19,6 @@ import iaik.pki.PKIException;
import iaik.x509.X509Certificate;
import java.io.File;
-import java.io.FileOutputStream;
import java.io.IOException;
import java.security.GeneralSecurityException;
import java.util.Calendar;
@@ -34,7 +33,6 @@ import java.util.Vector;
import javax.xml.transform.TransformerException;
-import org.apache.axis.AxisFault;
import org.w3c.dom.Element;
import at.gv.egovernment.moa.id.AuthenticationException;
@@ -90,7 +88,6 @@ import at.gv.egovernment.moa.id.util.Random;
import at.gv.egovernment.moa.id.util.SSLUtils;
import at.gv.egovernment.moa.logging.LogMsg;
import at.gv.egovernment.moa.logging.Logger;
-import at.gv.egovernment.moa.spss.MOASystemException;
import at.gv.egovernment.moa.util.Base64Utils;
import at.gv.egovernment.moa.util.BoolUtils;
import at.gv.egovernment.moa.util.Constants;
@@ -176,9 +173,9 @@ public class AuthenticationServer implements MOAIDAuthConstants {
if ((!authURL.startsWith("https:")) && (false == BoolUtils.valueOf(boolStr)))
throw new AuthenticationException("auth.07", new Object[] { authURL + "*" });
if (isEmpty(authURL))
- throw new WrongParametersException("StartAuthentication", "AuthURL");
+ throw new WrongParametersException("StartAuthentication", "AuthURL", "auth.5");
if (isEmpty(oaURL))
- throw new WrongParametersException("StartAuthentication", PARAM_OA);
+ throw new WrongParametersException("StartAuthentication", PARAM_OA, "auth.5");
ConnectionParameter bkuConnParam =
AuthConfigurationProvider.getInstance().getBKUConnectionParameter();
@@ -193,7 +190,7 @@ public class AuthenticationServer implements MOAIDAuthConstants {
if (!oaParam.getBusinessService()) {
if (isEmpty(target))
- throw new WrongParametersException("StartAuthentication", PARAM_TARGET);
+ throw new WrongParametersException("StartAuthentication", PARAM_TARGET, "auth.5");
} else {
if (!isEmpty(target)) {
Logger.info("Ignoring target parameter thus application type is \"businessService\"");
@@ -220,7 +217,7 @@ public class AuthenticationServer implements MOAIDAuthConstants {
// bkuSelectionType==HTMLSelect
String bkuSelectTag;
try {
- bkuSelectTag = readBKUSelectTag(AuthConfigurationProvider.getInstance(), bkuConnParam);
+ bkuSelectTag = readBKUSelectTag(AuthConfigurationProvider.getInstance(), bkuConnParam);
} catch (Throwable ex) {
throw new AuthenticationException(
"auth.11",
@@ -273,9 +270,9 @@ public class AuthenticationServer implements MOAIDAuthConstants {
* <li>Creates an HTML form for querying the identity link from the
* security layer implementation.
* <br>Form parameters include
- * <ul>
+ * <ul>
* <li>the <code>&lt;InfoboxReadRequest&gt;</code></li>
- * <li>the data URL where the security layer implementation sends it response to</li>
+ * <li>the data URL where the security layer implementation sends it response to</li>
* </ul>
* </ul>
* @param authURL URL of the servlet to be used as data URL
@@ -302,7 +299,7 @@ public class AuthenticationServer implements MOAIDAuthConstants {
if (isEmpty(sessionID)) {
if (isEmpty(authURL))
- throw new WrongParametersException("StartAuthentication", "AuthURL");
+ throw new WrongParametersException("StartAuthentication", "AuthURL", "auth.5");
//check if HTTP Connection may be allowed (through FRONTEND_SERVLETS_ENABLE_HTTP_CONNECTION_PROPERTY)
String boolStr =
@@ -311,7 +308,7 @@ public class AuthenticationServer implements MOAIDAuthConstants {
if ((!authURL.startsWith("https:")) && (false == BoolUtils.valueOf(boolStr)))
throw new AuthenticationException("auth.07", new Object[] { authURL + "*" });
if (isEmpty(oaURL))
- throw new WrongParametersException("StartAuthentication", PARAM_OA);
+ throw new WrongParametersException("StartAuthentication", PARAM_OA, "auth.5");
}
AuthenticationSession session;
OAAuthParameter oaParam;
@@ -327,7 +324,7 @@ public class AuthenticationServer implements MOAIDAuthConstants {
throw new AuthenticationException("auth.00", new Object[] { oaURL });
if (!oaParam.getBusinessService()) {
if (isEmpty(target))
- throw new WrongParametersException("StartAuthentication", PARAM_TARGET);
+ throw new WrongParametersException("StartAuthentication", PARAM_TARGET, "auth.5");
} else {
target = null;
}
@@ -411,8 +408,8 @@ public class AuthenticationServer implements MOAIDAuthConstants {
* <li>Verifies all additional infoboxes returned from the BKU</li>
* <li>Creates an authentication block to be signed by the user</li>
* <li>Creates and returns a <code>&lt;CreateXMLSignatureRequest&gt;</code>
- * containg the authentication block, meant to be returned to the
- * security layer implementation</li>
+ * containg the authentication block, meant to be returned to the
+ * security layer implementation</li>
* </ul>
*
* @param sessionID ID of associated authentication session data
@@ -441,6 +438,23 @@ public class AuthenticationServer implements MOAIDAuthConstants {
throw new AuthenticationException("auth.01", new Object[] { sessionID });
session.setTimestampIdentityLink();
AuthConfigurationProvider authConf = AuthConfigurationProvider.getInstance();
+
+ // check if an identity link was found
+ // Errorcode 2911 von Trustdesk BKU (nicht spezifikationskonform (SL1.2))
+ CharSequence se = "ErrorCode>2911".substring(0);
+ boolean b = xmlInfoboxReadResponse.contains(se);
+ if (b) { // no identity link found
+ Logger.info("Es konnte keine Personenbindung auf der Karte gefunden werden. Versuche Anmeldung als ausländische eID.");
+ return null;
+ }
+ // spezifikationsgemäßer (SL1.2) Errorcode
+ se = "ErrorCode>4002";
+ b = xmlInfoboxReadResponse.contains(se);
+ if (b) { // Unbekannter Infoboxbezeichner
+ Logger.info("Unbekannter Infoboxbezeichner. Versuche Anmeldung als ausländische eID.");
+ return null;
+ }
+
// parses the <InfoboxReadResponse>
IdentityLink identityLink =
new InfoboxReadResponseParser(xmlInfoboxReadResponse).parseIdentityLink();
@@ -495,6 +509,18 @@ public class AuthenticationServer implements MOAIDAuthConstants {
if (authConf==null) authConf = AuthConfigurationProvider.getInstance();
if (oaParam==null) oaParam = AuthConfigurationProvider.getInstance().
getOnlineApplicationParameter(session.getPublicOAURLPrefix());
+
+ //BZ.., calculate bPK for signing to be already present in AuthBlock
+ IdentityLink identityLink = session.getIdentityLink();
+ if (identityLink.getIdentificationType().equals(Constants.URN_PREFIX_BASEID)) {
+ // only compute bPK if online application is a public service and we have the Stammzahl
+ String bpkBase64 = new BPKBuilder().buildBPK(
+ identityLink.getIdentificationValue(),
+ session.getTarget());
+ identityLink.setIdentificationValue(bpkBase64);
+ }
+ //..BZ
+
// builds the AUTH-block
String authBlock = buildAuthenticationBlock(session);
@@ -514,6 +540,186 @@ public class AuthenticationServer implements MOAIDAuthConstants {
}
/**
+ * Returns a CreateXMLSignatureRequest for the foreign ID.<br>
+ *
+ * @param sessionID ID of associated authentication session data
+ * @param infoboxReadResponseParameters The parameters from the response returned from
+ * the BKU
+ * @param cert The certificate of the foreign ID
+ * @return String representation of the <code>&lt;CreateXMLSignatureRequest&gt;</code>
+ */
+ public String getCreateXMLSignatureRequestForeignID(String sessionID, Map infoboxReadResponseParameters, X509Certificate cert)
+ throws
+ AuthenticationException,
+ BuildException,
+ ParseException,
+ ConfigurationException,
+ ValidateException,
+ ServiceException {
+
+ if (isEmpty(sessionID))
+ throw new AuthenticationException("auth.10", new Object[] { REQ_VERIFY_IDENTITY_LINK, PARAM_SESSIONID});
+
+
+ AuthenticationSession session = getSession(sessionID);
+ AuthConfigurationProvider authConf = AuthConfigurationProvider.getInstance();
+
+ OAAuthParameter oaParam =
+ AuthConfigurationProvider.getInstance().getOnlineApplicationParameter(
+ session.getPublicOAURLPrefix());
+
+
+ return getCreateXMLSignatureRequestForeignID(session, authConf, oaParam);
+ }
+
+ public String getCreateXMLSignatureRequestForeignID(AuthenticationSession session, AuthConfigurationProvider authConf, OAAuthParameter oaParam)
+ throws
+ ConfigurationException,
+ BuildException,
+ ValidateException {
+
+
+ if (authConf==null) authConf = AuthConfigurationProvider.getInstance();
+ if (oaParam==null) oaParam = AuthConfigurationProvider.getInstance().
+ getOnlineApplicationParameter(session.getPublicOAURLPrefix());
+
+ //BZ.., calculate bPK for signing to be already present in AuthBlock
+// IdentityLink identityLink = session.getIdentityLink();
+// if (identityLink.getIdentificationType().equals(Constants.URN_PREFIX_BASEID)) {
+// // only compute bPK if online application is a public service and we have the Stammzahl
+// String bpkBase64 = new BPKBuilder().buildBPK(
+// identityLink.getIdentificationValue(),
+// session.getTarget());
+// identityLink.setIdentificationValue(bpkBase64);
+// }
+ //..BZ
+
+
+ // builds the AUTH-block
+ String authBlock = buildAuthenticationBlock(session);
+// session.setAuthBlock(authBlock);
+ // builds the <CreateXMLSignatureRequest>
+ String[] transformsInfos = oaParam.getTransformsInfos();
+ if ((transformsInfos == null) || (transformsInfos.length == 0)) {
+ // no OA specific transforms specified, use default ones
+ transformsInfos = authConf.getTransformsInfos();
+ }
+ String createXMLSignatureRequest =
+ new CreateXMLSignatureRequestBuilder().build(authBlock,
+ oaParam.getKeyBoxIdentifier(),
+ transformsInfos,
+ oaParam.getSlVersion12());
+ return createXMLSignatureRequest;
+}
+
+ /**
+ * Processes an <code>&lt;CreateXMLSignatureResponse&gt;</code> sent by the
+ * security layer implementation.<br>
+ * <ul>
+ * <li>Validates given <code>&lt;CreateXMLSignatureResponse&gt;</code></li>
+ * <li>Parses response enclosed in <code>&lt;CreateXMLSignatureResponse&gt;</code></li>
+ * <li>Verifies signature by calling the MOA SP component</li>
+ * <li>Returns the signer certificate</li>
+ * </ul>
+ *
+ * @param sessionID ID of associated authentication session data
+ * @param createXMLSignatureResponseParameters The parameters from the response returned from
+ * the BKU including the <code>&lt;CreateXMLSignatureResponse&gt;</code>
+ */
+ public X509Certificate verifyXMLSignature(String sessionID, Map createXMLSignatureResponseParameters)
+ throws
+ AuthenticationException,
+ BuildException,
+ ParseException,
+ ConfigurationException,
+ ValidateException,
+ ServiceException {
+
+
+ if (isEmpty(sessionID))
+ throw new AuthenticationException("auth.10", new Object[] { REQ_GET_FOREIGN_ID, PARAM_SESSIONID});
+
+
+ String xmlCreateXMLSignatureResponse = (String)createXMLSignatureResponseParameters.get(PARAM_XMLRESPONSE);
+
+ System.out.println(xmlCreateXMLSignatureResponse);
+
+ if (isEmpty(xmlCreateXMLSignatureResponse))
+ throw new AuthenticationException("auth.10", new Object[] { REQ_GET_FOREIGN_ID, PARAM_XMLRESPONSE});
+
+ AuthenticationSession session = getSession(sessionID);
+ /*if (session.getTimestampIdentityLink() != null)
+ throw new AuthenticationException("auth.01", new Object[] { sessionID });*/
+ //session.setTimestampIdentityLink();
+ AuthConfigurationProvider authConf = AuthConfigurationProvider.getInstance();
+
+
+ // parses the <CreateXMLSignatureResponse>
+ CreateXMLSignatureResponseParser p = new CreateXMLSignatureResponseParser(xmlCreateXMLSignatureResponse);
+ CreateXMLSignatureResponse createXMLSignatureResponse = p.parseResponseDsig();
+
+ // builds a <VerifyXMLSignatureRequest> for a call of MOA-SP
+ Element domVerifyXMLSignatureRequest =
+ new VerifyXMLSignatureRequestBuilder().buildDsig(
+ createXMLSignatureResponse, authConf.getMoaSpAuthBlockTrustProfileID());
+
+ // invokes the call
+ Element domVerifyXMLSignatureResponse =
+ new SignatureVerificationInvoker().verifyXMLSignature(domVerifyXMLSignatureRequest);
+
+ // parses the <VerifyXMLSignatureResponse>
+ VerifyXMLSignatureResponse verifyXMLSignatureResponse =
+ new VerifyXMLSignatureResponseParser(domVerifyXMLSignatureResponse).parseData();
+
+
+ //int code = verifyXMLSignatureResponse.getSignatureCheckCode();
+
+ return verifyXMLSignatureResponse.getX509certificate();
+
+ }
+
+ /**
+ * Processes an <code>&lt;CreateXMLSignatureResponse&gt;</code> sent by the
+ * security layer implementation.<br>
+ * <ul>
+ * <li>Validates given <code>&lt;CreateXMLSignatureResponse&gt;</code></li>
+ * <li>Parses response enclosed in <code>&lt;CreateXMLSignatureResponse&gt;</code></li>
+ * <li>Verifies signature by calling the MOA SP component</li>
+ * <li>Returns the signer certificate</li>
+ * </ul>
+ *
+ * @param sessionID ID of associated authentication session data
+ * @param readInfoboxResponseParameters The parameters from the response returned from
+ * the BKU including the <code>&lt;ReadInfoboxResponse&gt;</code>
+ */
+ public X509Certificate getCertificate(String sessionID, Map readInfoboxResponseParameters)
+ throws
+ AuthenticationException,
+ BuildException,
+ ParseException,
+ ConfigurationException,
+ ValidateException,
+ ServiceException {
+
+
+ if (isEmpty(sessionID))
+ throw new AuthenticationException("auth.10", new Object[] { REQ_VERIFY_CERTIFICATE, PARAM_SESSIONID});
+
+
+ String xmlReadInfoboxResponse = (String)readInfoboxResponseParameters.get(PARAM_XMLRESPONSE);
+
+ if (isEmpty(xmlReadInfoboxResponse))
+ throw new AuthenticationException("auth.10", new Object[] { REQ_VERIFY_CERTIFICATE, PARAM_XMLRESPONSE});
+
+ // parses the <CreateXMLSignatureResponse>
+ InfoboxReadResponseParser p = new InfoboxReadResponseParser(xmlReadInfoboxResponse);
+ X509Certificate cert = p.parseCertificate();
+
+ return cert;
+
+ }
+
+ /**
* Builds an authentication block <code>&lt;saml:Assertion&gt;</code> from given session data.
* @param session authentication session
*
@@ -523,16 +729,19 @@ public class AuthenticationServer implements MOAIDAuthConstants {
* to be appended to the AUTH-Block.
*/
private String buildAuthenticationBlock(AuthenticationSession session) throws BuildException {
- IdentityLink identityLink = session.getIdentityLink();
- String issuer = identityLink.getName();
- String gebDat = identityLink.getDateOfBirth();
- String identificationValue = identityLink.getIdentificationValue();
- String identificationType = identityLink.getIdentificationType();
- String issueInstant = DateTimeUtils.buildDateTime(Calendar.getInstance());
+ IdentityLink identityLink = session.getIdentityLink();
+ String issuer = identityLink.getName();
+ String gebDat = identityLink.getDateOfBirth();
+ String identificationValue = identityLink.getIdentificationValue();
+ String identificationType = identityLink.getIdentificationType();
+
+ String issueInstant = DateTimeUtils.buildDateTime(Calendar.getInstance());
session.setIssueInstant(issueInstant);
String authURL = session.getAuthURL();
String target = session.getTarget();
- String oaURL = session.getPublicOAURLPrefix();
+ //Bug #485 (https://egovlabs.gv.at/tracker/index.php?func=detail&aid=485&group_id=6&atid=105)
+ //String oaURL = session.getPublicOAURLPrefix();
+ String oaURL = session.getPublicOAURLPrefix().replaceAll("&", "&amp;");
List extendedSAMLAttributes = session.getExtendedSAMLAttributesAUTH();
String authBlock = new AuthenticationBlockAssertionBuilder().buildAuthBlock(
issuer,
@@ -824,19 +1033,19 @@ public class AuthenticationServer implements MOAIDAuthConstants {
* <li>Validates given <code>&lt;CreateXMLSignatureResponse&gt;</code></li>
* <li>Parses <code>&lt;CreateXMLSignatureResponse&gt;</code> for error codes</li>
* <li>Parses authentication block enclosed in
- * <code>&lt;CreateXMLSignatureResponse&gt;</code></li>
+ * <code>&lt;CreateXMLSignatureResponse&gt;</code></li>
* <li>Verifies authentication block by calling the MOA SP component</li>
* <li>Creates authentication data</li>
* <li>Creates a corresponding SAML artifact</li>
* <li>Stores authentication data in the authentication data store
- * indexed by the SAML artifact</li>
+ * indexed by the SAML artifact</li>
* <li>Deletes authentication session</li>
* <li>Returns the SAML artifact, encoded BASE64</li>
* </ul>
*
* @param sessionID session ID of the running authentication session
* @param xmlCreateXMLSignatureReadResponse String representation of the
- * <code>&lt;CreateXMLSignatureResponse&gt;</code>
+ * <code>&lt;CreateXMLSignatureResponse&gt;</code>
* @return SAML artifact needed for retrieving authentication data, encoded BASE64
*/
public String verifyAuthenticationBlock(
@@ -851,9 +1060,9 @@ public class AuthenticationServer implements MOAIDAuthConstants {
ValidateException {
if (isEmpty(sessionID))
- throw new AuthenticationException("auth.10", new Object[] { REQ_VERIFY_AUTH_BLOCK, PARAM_SESSIONID});
+ throw new AuthenticationException("auth.10", new Object[] { REQ_VERIFY_AUTH_BLOCK, PARAM_SESSIONID});
if (isEmpty(xmlCreateXMLSignatureReadResponse))
- throw new AuthenticationException("auth.10", new Object[] { REQ_VERIFY_AUTH_BLOCK, PARAM_XMLRESPONSE});
+ throw new AuthenticationException("auth.10", new Object[] { REQ_VERIFY_AUTH_BLOCK, PARAM_XMLRESPONSE});
AuthenticationSession session = getSession(sessionID);
AuthConfigurationProvider authConf = AuthConfigurationProvider.getInstance();
// parses <CreateXMLSignatureResponse>
@@ -874,11 +1083,11 @@ public class AuthenticationServer implements MOAIDAuthConstants {
String tpid = authConf.getMoaSpAuthBlockTrustProfileID();
Element domVsreq = new VerifyXMLSignatureRequestBuilder().build(csresp, vtids, tpid);
// debug output
-
+
// invokes the call
Element domVsresp = new SignatureVerificationInvoker().verifyXMLSignature(domVsreq);
// debug output
-
+
// parses the <VerifyXMLSignatureResponse>
VerifyXMLSignatureResponse vsresp = new VerifyXMLSignatureResponseParser(domVsresp).parseData();
@@ -1015,6 +1224,150 @@ public class AuthenticationServer implements MOAIDAuthConstants {
"Anmeldedaten zu MOASession " + sessionID + " angelegt, SAML Artifakt " + samlArtifact);
return samlArtifact;
}
+
+ /**
+ * Gets the foreign authentication data.<br>
+ * <ul>
+ * <li>Creates authentication data</li>
+ * <li>Creates a corresponding SAML artifact</li>
+ * <li>Stores authentication data in the authentication data store
+ * indexed by the SAML artifact</li>
+ * <li>Deletes authentication session</li>
+ * <li>Returns the SAML artifact, encoded BASE64</li>
+ * </ul>
+ *
+ * @param sessionID session ID of the running authentication session
+ * @return SAML artifact needed for retrieving authentication data, encoded BASE64
+ */
+ public String getForeignAuthenticationData(
+ String sessionID)
+ throws
+ AuthenticationException,
+ BuildException,
+ ParseException,
+ ConfigurationException,
+ ServiceException,
+ ValidateException {
+
+ if (isEmpty(sessionID))
+ throw new AuthenticationException("auth.10", new Object[] { REQ_VERIFY_AUTH_BLOCK, PARAM_SESSIONID});
+
+ AuthenticationSession session = getSession(sessionID);
+ //AuthConfigurationProvider authConf = AuthConfigurationProvider.getInstance();
+ try {
+ String serializedAssertion = DOMUtils.serializeNode(session.getIdentityLink().getSamlAssertion());
+ session.setAuthBlock(serializedAssertion);
+ } catch (TransformerException e) {
+ throw new ParseException("parser.04", new Object[] { REQ_VERIFY_AUTH_BLOCK, PARAM_XMLRESPONSE});
+ } catch (IOException e) {
+ throw new ParseException("parser.04", new Object[] { REQ_VERIFY_AUTH_BLOCK, PARAM_XMLRESPONSE});
+ }
+ // post processing of the infoboxes
+ Iterator iter = session.getInfoboxValidatorIterator();
+ boolean formpending = false;
+ if (iter != null) {
+ while (!formpending && iter.hasNext()) {
+ Vector infoboxValidatorVector = (Vector) iter.next();
+ String identifier = (String) infoboxValidatorVector.get(0);
+ String friendlyName = (String) infoboxValidatorVector.get(1);
+ InfoboxValidator infoboxvalidator = (InfoboxValidator) infoboxValidatorVector.get(2);
+ InfoboxValidationResult infoboxValidationResult = null;
+ try {
+ infoboxValidationResult = infoboxvalidator.validate(session.getIdentityLink().getSamlAssertion());
+ } catch (ValidateException e) {
+ Logger.error("Error validating " + identifier + " infobox:" + e.getMessage());
+ throw new ValidateException(
+ "validator.44", new Object[] {friendlyName});
+ }
+ if (!infoboxValidationResult.isValid()) {
+ Logger.info("Validation of " + identifier + " infobox failed.");
+ throw new ValidateException(
+ "validator.40", new Object[] {friendlyName, infoboxValidationResult.getErrorMessage()});
+ }
+ String form = infoboxvalidator.getForm();
+ if (ParepUtils.isEmpty(form)) {
+ AddAdditionalSAMLAttributes(session, infoboxValidationResult.getExtendedSamlAttributes(), identifier, friendlyName);
+ } else {
+ return "Redirect to Input Processor";
+ }
+ }
+ }
+
+ // Exchange person data information by a mandate if needed
+ List oaAttributes = session.getExtendedSAMLAttributesOA();
+ IdentityLink replacementIdentityLink = null;
+ if (session.isMandateCompatibilityMode() && oaAttributes != null && oaAttributes.size()>0) {
+ // look if we have a mandate
+ boolean foundMandate = false;
+ Iterator it = oaAttributes.iterator();
+ while (!foundMandate && it.hasNext()) {
+ ExtendedSAMLAttribute samlAttribute = (ExtendedSAMLAttribute)it.next();
+ if (ParepValidator.EXT_SAML_MANDATE_RAW.equals(samlAttribute.getName())) {
+ Object value = samlAttribute.getValue();
+ if (value instanceof Element) {
+ Element mandate = (Element) value;
+ replacementIdentityLink = new IdentityLink();
+ Element mandator = ParepUtils.extractMandator(mandate);
+ String dateOfBirth = "";
+ Element prPerson = null;
+ String familyName = "";
+ String givenName = "";
+ String identificationType = "";
+ String identificationValue = "";
+ if (mandator != null) {
+ boolean physical = ParepUtils.isPhysicalPerson(mandator);
+ if (physical) {
+ familyName = ParepUtils.extractText(mandator, "descendant-or-self::pr:Name/pr:FamilyName/text()");
+ givenName = ParepUtils.extractText(mandator, "descendant-or-self::pr:Name/pr:GivenName/text()");
+ dateOfBirth = ParepUtils.extractMandatorDateOfBirth(mandator);
+ } else {
+ familyName = ParepUtils.extractMandatorFullName(mandator);
+ }
+ identificationType = ParepUtils.getIdentification(mandator, "Type");
+ identificationValue = ParepUtils.extractMandatorWbpk(mandator);
+ prPerson = ParepUtils.extractPrPersonOfMandate(mandate);
+ if (physical && session.getBusinessService() && identificationType!=null && Constants.URN_PREFIX_BASEID.equals(identificationType)) {
+ // now we calculate the wbPK and do so if we got it from the BKU
+ identificationType = Constants.URN_PREFIX_WBPK + "+" + session.getDomainIdentifier();
+ identificationValue = new BPKBuilder().buildWBPK(identificationValue, session.getDomainIdentifier());
+ ParepUtils.HideStammZahlen(prPerson, true, null, null, true);
+ }
+
+ }
+ replacementIdentityLink.setDateOfBirth(dateOfBirth);
+ replacementIdentityLink.setFamilyName(familyName);
+ replacementIdentityLink.setGivenName(givenName);
+ replacementIdentityLink.setIdentificationType(identificationType);
+ replacementIdentityLink.setIdentificationValue(identificationValue);
+ replacementIdentityLink.setPrPerson(prPerson);
+ try {
+ replacementIdentityLink.setSamlAssertion(session.getIdentityLink().getSamlAssertion());
+ } catch (Exception e) {
+ throw new ValidateException("validator.64", null);
+ }
+ } else {
+ Logger.info("The type of Mandate SAML-Attribute is not \"org.w3c.dom.Element\"");
+ throw new ValidateException("validator.64", null);
+ }
+ }
+ }
+ }
+
+ VerifyXMLSignatureResponse vsresp = new VerifyXMLSignatureResponse();
+ X509Certificate cert = session.getForeignSignerCertificate();
+ vsresp.setX509certificate(cert);
+ AuthenticationData authData = buildAuthenticationData(session, vsresp, replacementIdentityLink);
+ String samlArtifact =
+ new SAMLArtifactBuilder().build(session.getAuthURL(), session.getSessionID());
+ storeAuthenticationData(samlArtifact, authData);
+
+ // invalidates the authentication session
+ sessionStore.remove(sessionID);
+ Logger.info(
+ "Anmeldedaten zu MOASession " + sessionID + " angelegt, SAML Artifakt " + samlArtifact);
+ return samlArtifact;
+ }
+
/**
* Builds the AuthenticationData object together with the
* corresponding <code>&lt;saml:Assertion&gt;</code>
@@ -1076,13 +1429,17 @@ public class AuthenticationServer implements MOAIDAuthConstants {
authData.setWBPK(identityLink.getIdentificationValue());
} else {
authData.setBPK(identityLink.getIdentificationValue());
+
+ //BZ.., calculation of bPK already before sending AUTHBlock
+ /*
if (identityLink.getIdentificationType().equals(Constants.URN_PREFIX_BASEID)) {
// only compute bPK if online application is a public service and we have the Stammzahl
String bpkBase64 = new BPKBuilder().buildBPK(
identityLink.getIdentificationValue(),
session.getTarget());
authData.setBPK(bpkBase64);
- }
+ }*/
+
}
String ilAssertion =
oaParam.getProvideIdentityLink()
@@ -1186,7 +1543,7 @@ public class AuthenticationServer implements MOAIDAuthConstants {
* @param id Session ID
* @return AuthenticationSession created
* @exception AuthenticationException
- * thrown when an <code>AuthenticationSession</code> is running
+ * thrown when an <code>AuthenticationSession</code> is running
* already for the given session ID
*/
private static AuthenticationSession newSession() throws AuthenticationException {
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/MOAIDAuthConstants.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/MOAIDAuthConstants.java
index 5aa1bf45e..88859dc3f 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/MOAIDAuthConstants.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/MOAIDAuthConstants.java
@@ -54,6 +54,10 @@ public interface MOAIDAuthConstants {
public static final String REQ_START_AUTHENTICATION = "StartAuthentication";
/** Request name {@link at.gv.egovernment.moa.id.auth.servlet.VerifyIdentityLinkServlet} is mapped to */
public static final String REQ_VERIFY_IDENTITY_LINK = "VerifyIdentityLink";
+ /** Request name {@link at.gv.egovernment.moa.id.auth.servlet.GetForeignIDServlet} is mapped to */
+ public static final String REQ_GET_FOREIGN_ID = "GetForeignID";
+ /** Request name {@link at.gv.egovernment.moa.id.auth.servlet.VerifyCertificateServlet} is mapped to */
+ public static final String REQ_VERIFY_CERTIFICATE = "VerifyCertificate";
/** Request name {@link at.gv.egovernment.moa.id.auth.servlet.ProcessValidatorInputServlet} is mapped to */
public static final String REQ_PROCESS_VALIDATOR_INPUT = "ProcessInput";
/** Request name {@link at.gv.egovernment.moa.id.auth.servlet.VerifyAuthenticationBlockServlet} is mapped to */
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/WrongParametersException.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/WrongParametersException.java
index 398a6731d..f4827c189 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/WrongParametersException.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/WrongParametersException.java
@@ -29,8 +29,10 @@ public class WrongParametersException extends MOAIDException {
/**
* Constructor
*/
- public WrongParametersException(String call, String parameter) {
- super("auth.05", new Object[] {call, parameter});
+ public WrongParametersException(String call, String parameter, String errorID) {
+ super(errorID, new Object[] {call, parameter});
+ //super("auth.5", new Object[] {call, parameter});
+ //super("auth.12", new Object[] {call, parameter});
}
-
+
}
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/AuthenticationBlockAssertionBuilder.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/AuthenticationBlockAssertionBuilder.java
index f9d8e7091..d684c16c9 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/AuthenticationBlockAssertionBuilder.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/AuthenticationBlockAssertionBuilder.java
@@ -18,11 +18,21 @@ package at.gv.egovernment.moa.id.auth.builder;
import java.text.MessageFormat;
import java.util.List;
+import org.w3c.dom.Element;
+
import at.gv.egovernment.moa.id.BuildException;
import at.gv.egovernment.moa.id.ParseException;
import at.gv.egovernment.moa.id.auth.data.AuthenticationSession;
+import at.gv.egovernment.moa.id.auth.data.ExtendedSAMLAttribute;
+import at.gv.egovernment.moa.id.auth.data.ExtendedSAMLAttributeImpl;
+import at.gv.egovernment.moa.id.config.ConfigurationException;
+import at.gv.egovernment.moa.id.config.TargetToSectorNameMapper;
+import at.gv.egovernment.moa.id.config.auth.AuthConfigurationProvider;
+import at.gv.egovernment.moa.id.config.auth.OAAuthParameter;
import at.gv.egovernment.moa.logging.Logger;
import at.gv.egovernment.moa.util.Constants;
+import at.gv.egovernment.moa.util.DOMUtils;
+import at.gv.egovernment.moa.util.StringUtils;
/**
* Builder for the authentication block <code>&lt;saml:Assertion&gt;</code>
@@ -66,6 +76,13 @@ public class AuthenticationBlockAssertionBuilder extends AuthenticationAssertion
" </saml:AttributeValue>" + NL +
" </saml:Attribute>" + NL;
+
+ private static String PR_IDENTIFICATION_ATTRIBUTE =
+ " <pr:Identification xmlns:pr=\"" + PD_NS_URI + "\">" + NL +
+ " <pr:Value>{0}</pr:Value>" + NL +
+ " <pr:Type>{1}</pr:Type>" + NL +
+ " </pr:Identification>" + NL;
+
/**
* The number of SAML attributes included in this AUTH-Block (without the extended SAML attributes).
*/
@@ -123,20 +140,72 @@ public class AuthenticationBlockAssertionBuilder extends AuthenticationAssertion
session.setSAMLAttributeGebeORwbpk(true);
String gebeORwbpk = "";
String wbpkNSDeclaration = "";
+
+ //BZ.., reading OA parameters
+ OAAuthParameter oaParam;
+ try {
+ oaParam = AuthConfigurationProvider.getInstance().getOnlineApplicationParameter(
+ session.getPublicOAURLPrefix());
+ } catch (ConfigurationException e) {
+ Logger.error("Error on building AUTH-Block: " + e.getMessage());
+ throw new BuildException("builder.00", new Object[] { "AUTH-Block", e.toString()});
+ }
+ //..BZ
+
+
if (target == null) {
// OA is a business application
if (!Constants.URN_PREFIX_HPI.equals(identityLinkType)) {
- // Only add wbPKs to AUTH-Block. HPIs can be added to the AUTH-Block by the corresponding Validator
- gebeORwbpk = MessageFormat.format(WBPK_ATTRIBUTE, new Object[] { identityLinkValue, identityLinkType });
- wbpkNSDeclaration = " xmlns:pr=\"" + PD_NS_URI + "\"";
+ // Only add wbPKs to AUTH-Block. HPIs can be added to the AUTH-Block by the corresponding Validator
+ gebeORwbpk = MessageFormat.format(WBPK_ATTRIBUTE, new Object[] { identityLinkValue, identityLinkType });
+ wbpkNSDeclaration = " xmlns:pr=\"" + PD_NS_URI + "\"";
+
+ //BZ.., adding type of wbPK domain identifier
+ ExtendedSAMLAttribute idLinkDomainIdentifierTypeAttribute =
+ new ExtendedSAMLAttributeImpl("IdentityLinkDomainIdentifierType", oaParam.getIdentityLinkDomainIdentifierType(), Constants.MOA_NS_URI, ExtendedSAMLAttribute.ADD_TO_AUTHBLOCK_ONLY);
+
+ extendedSAMLAttributes.add(idLinkDomainIdentifierTypeAttribute);
+ //..BZ
+
} else {
- // We do not have a wbPK, therefore no SAML-Attribute is provided
- session.setSAMLAttributeGebeORwbpk(false);
+ // We do not have a wbPK, therefore no SAML-Attribute is provided
+ session.setSAMLAttributeGebeORwbpk(false);
}
} else {
- gebeORwbpk = MessageFormat.format(GESCHAEFTS_BEREICH_ATTRIBUTE, new Object[] { target });
+ // OA is a govermental application
+ //BZ..
+ String sectorName = TargetToSectorNameMapper.getSectorNameViaTarget(target);
+ //gebeORwbpk = MessageFormat.format(GESCHAEFTS_BEREICH_ATTRIBUTE, new Object[] { target });
+ gebeORwbpk = MessageFormat.format(GESCHAEFTS_BEREICH_ATTRIBUTE, new Object[] { target + " (" + sectorName + ")" });
+ //..BZ
+
+ //BZ.., no business service, adding bPK
+
+ Element bpkSamlValueElement;
+ try {
+ bpkSamlValueElement = DOMUtils.parseDocument(MessageFormat.format(PR_IDENTIFICATION_ATTRIBUTE, new Object[] { identityLinkValue, Constants.URN_PREFIX_BPK }), false, null, null).getDocumentElement();
+ } catch (Exception e) {
+ Logger.error("Error on building AUTH-Block: " + e.getMessage());
+ throw new BuildException("builder.00", new Object[] { "AUTH-Block", e.toString()});
+ }
+ ExtendedSAMLAttribute bpkAttribute =
+ new ExtendedSAMLAttributeImpl("bPK", bpkSamlValueElement, Constants.MOA_NS_URI, ExtendedSAMLAttribute.ADD_TO_AUTHBLOCK_ONLY);
+
+ extendedSAMLAttributes.add(bpkAttribute);
+ //gebeORwbpk = gebeORwbpk + MessageFormat.format(BPK_ATTRIBUTE, new Object[] { identityLinkValue, identityLinkType });
+ wbpkNSDeclaration = " xmlns:pr=\"" + PD_NS_URI + "\"";
+ //..BZ
}
+ //BZ.., adding friendly name of OA
+ String oaFriendlyName = StringUtils.isEmpty(oaParam.getFriendlyName()) ? "" : oaParam.getFriendlyName();
+
+ ExtendedSAMLAttribute oaFriendlyNameAttribute =
+ new ExtendedSAMLAttributeImpl("oaFriendlyName", oaFriendlyName, Constants.MOA_NS_URI, ExtendedSAMLAttribute.ADD_TO_AUTHBLOCK_ONLY);
+
+ extendedSAMLAttributes.add(oaFriendlyNameAttribute);
+ //..BZ
+
String assertion;
try {
assertion = MessageFormat.format(
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/CreateXMLSignatureRequestBuilderForeign.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/CreateXMLSignatureRequestBuilderForeign.java
new file mode 100644
index 000000000..9227d5303
--- /dev/null
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/CreateXMLSignatureRequestBuilderForeign.java
@@ -0,0 +1,126 @@
+package at.gv.egovernment.moa.id.auth.builder;
+
+import java.io.IOException;
+import java.io.StringReader;
+import java.io.StringWriter;
+
+import at.gv.egovernment.moa.id.BuildException;
+
+
+/**
+ * Builder for CreateXMLSignatureRequest to sign data from a foreign
+ * eID card.
+ *
+ */
+
+public class CreateXMLSignatureRequestBuilderForeign extends Builder {
+
+ /** special tag in the XML template to be substituted for the KeyboxIdentifier */
+ private static final String KEYBOXID_TAG = "<KEYBOXID>";
+ /** special tag in the XML template to be substituted for the content */
+ private static final String XMLCONTENT_TAG = "<XMLContent>";
+ /** private static int all contains the representation to replace all tags*/
+ private static final int ALL = -1;
+
+ /** default HTML template */
+ private static final String DEFAULT_XML_TEMPLATE =
+ "<?xml version=\"1.0\" encoding=\"UTF-8\"?>" +
+ "<sl:CreateXMLSignatureRequest xmlns:sl=\"http://www.buergerkarte.at/namespaces/securitylayer/1.2#\">" +
+ "<sl:KeyboxIdentifier>" + KEYBOXID_TAG + "</sl:KeyboxIdentifier>" +
+ "<sl:DataObjectInfo Structure=\"enveloping\">" +
+ "<sl:DataObject>" +
+ "<sl:XMLContent>" + XMLCONTENT_TAG + "</sl:XMLContent>" +
+ "</sl:DataObject>" +
+ "<sl:TransformsInfo>" +
+ "<sl:FinalDataMetaInfo>" +
+ "<sl:MimeType>text/plain</sl:MimeType>" +
+ "</sl:FinalDataMetaInfo>" +
+ "</sl:TransformsInfo>" +
+ "</sl:DataObjectInfo>" +
+ "</sl:CreateXMLSignatureRequest>";
+
+ /** default HTML template */
+ private static final String DEFAULT_XHTML_TEMPLATE =
+ "<?xml version=\"1.0\" encoding=\"UTF-8\"?>" +
+ "<sl:CreateXMLSignatureRequest xmlns:sl=\"http://www.buergerkarte.at/namespaces/securitylayer/1.2#\">" +
+ "<sl:KeyboxIdentifier>" + KEYBOXID_TAG + "</sl:KeyboxIdentifier>" +
+ "<sl:DataObjectInfo Structure=\"enveloping\">" +
+ "<sl:DataObject>" +
+ "<sl:XMLContent>" + XMLCONTENT_TAG + "</sl:XMLContent>" +
+ "</sl:DataObject>" +
+ "<sl:TransformsInfo>" +
+ "<sl:FinalDataMetaInfo>" +
+ "<sl:MimeType>application/xhtml+xml</sl:MimeType>" +
+ "</sl:FinalDataMetaInfo>" +
+ "</sl:TransformsInfo>" +
+ "</sl:DataObjectInfo>" +
+ "</sl:CreateXMLSignatureRequest>";
+
+ /**
+ * Constructor for CreateXMLSignatureRequestBuilderForeign.
+ */
+ public CreateXMLSignatureRequestBuilderForeign() {
+ super();
+ }
+ /**
+ * Builds the XML request.
+ *
+ * @param xmlRequest XML Request to be sent as a parameter in the form
+ * @param bkuURL URL of the "B&uuml;rgerkartenumgebung" the form will be submitted to;
+ * may be <code>null</code>, in this case the default URL will be used
+ * @param dataURL DataURL to be sent as a parameter in the form
+ */
+ public String build(
+ String keyboxIdentifier,
+ String xmlContent)
+ throws BuildException
+ {
+ String xmlRequest = DEFAULT_XHTML_TEMPLATE;
+ xmlRequest = replaceTag(xmlRequest, KEYBOXID_TAG, keyboxIdentifier, true, ALL);
+ //htmlForm = replaceTag(htmlForm, XMLREQUEST_TAG, encodeParameter(xmlRequest), true, ALL);
+ xmlRequest = replaceTag(xmlRequest, XMLCONTENT_TAG, xmlContent, true, ALL);
+ return xmlRequest;
+ }
+ /**
+ * Encodes a string for inclusion as a parameter in the form.
+ * Double quotes are substituted by <code>"&amp;quot;"</code>.
+ * @param s the string to be encoded
+ * @return the string encoded
+ * @throws BuildException on any exception encountered
+ */
+ public static String encodeParameter(String s) throws BuildException {
+ StringReader in = new StringReader(s);
+ StringWriter out = new StringWriter();
+ try {
+ for (int ch = in.read(); ch >= 0; ch = in.read()) {
+ if (ch == '"')
+ out.write("&quot;");
+ else if (ch == '<')
+ out.write("&lt;");
+ else if (ch == '>')
+ out.write("&gt;");
+ else if (ch == 'ä')
+ out.write("&auml;");
+ else if (ch == 'ö')
+ out.write("&ouml;");
+ else if (ch == 'ü')
+ out.write("&uuml;");
+ else if (ch == 'Ä')
+ out.write("&Auml;");
+ else if (ch == 'Ö')
+ out.write("&Ouml;");
+ else if (ch == 'Ü')
+ out.write("&Uuml;");
+ else if (ch == 'ß')
+ out.write("&szlig;");
+ else
+ out.write(ch);
+ }
+ }
+ catch (IOException ex) {
+ throw new BuildException("builder.00", new Object[] {"GetIdentityLinkForm", ex.toString()});
+ }
+ return out.toString();
+ }
+
+}
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/InfoboxReadRequestBuilderCertificate.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/InfoboxReadRequestBuilderCertificate.java
new file mode 100644
index 000000000..60feb7d2f
--- /dev/null
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/InfoboxReadRequestBuilderCertificate.java
@@ -0,0 +1,94 @@
+/*
+* Copyright 2003 Federal Chancellery Austria
+*
+* Licensed under the Apache License, Version 2.0 (the "License");
+* you may not use this file except in compliance with the License.
+* You may obtain a copy of the License at
+*
+* http://www.apache.org/licenses/LICENSE-2.0
+*
+* Unless required by applicable law or agreed to in writing, software
+* distributed under the License is distributed on an "AS IS" BASIS,
+* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+* See the License for the specific language governing permissions and
+* limitations under the License.
+*/
+package at.gv.egovernment.moa.id.auth.builder;
+
+import at.gv.egovernment.moa.util.Constants;
+
+/**
+ * Builder for the <code>&lt;InfoboxReadRequest&gt;</code> structure
+ * used for requesting the identity link from the security layer implementation.
+ *
+ * @author Paul Ivancsics
+ * @version $Id: InfoboxReadRequestBuilder.java 1087 2008-08-28 07:55:59Z mcentner $
+ */
+public class InfoboxReadRequestBuilderCertificate implements Constants {
+
+
+ /**
+ * Constructor for InfoboxReadRequestBuilder.
+ */
+ public InfoboxReadRequestBuilderCertificate() {
+ }
+
+
+ /**
+ * Builds an <code>&lt;InfoboxReadRequest&gt;</code>.
+ *
+ * @param slVersion12 specifies whether the Security Layer version is
+ * version 1.2 or not
+ * @param businessService specifies whether the online application is a
+ * business service or not
+ * @param identityLinkDomainIdentifier the identification number of the business
+ * company; maybe <code>null</code> if the OA
+ * is a public service; must not be <code>null</code>
+ * if the OA is a business service
+ *
+ * @return <code>&lt;InfoboxReadRequest&gt;</code> as String
+ */
+ public String build(boolean slVersion12) {
+
+ String slPrefix;
+ String slNsDeclaration;
+
+ if (slVersion12) {
+ slPrefix = SL12_PREFIX;
+ slNsDeclaration = SL12_NS_URI;
+ } else {
+ slPrefix = SL10_PREFIX;
+ slNsDeclaration = SL10_NS_URI;
+ }
+
+ StringBuffer sb = new StringBuffer("<?xml version=\"1.0\" encoding=\"UTF-8\" ?>");
+ sb.append("<");
+ sb.append(slPrefix);
+ sb.append(":InfoboxReadRequest xmlns:");
+ sb.append(slPrefix);
+ sb.append("=\"");
+ sb.append(slNsDeclaration);
+ sb.append("\">");
+ sb.append("<");
+ sb.append(slPrefix);
+ sb.append(":InfoboxIdentifier>Certificates</");
+ sb.append(slPrefix);
+ sb.append(":InfoboxIdentifier>");
+ sb.append("<");
+ sb.append(slPrefix);
+ sb.append(":AssocArrayParameters>");
+ sb.append("<");
+ sb.append(slPrefix);
+ sb.append(":ReadValue Key=\"SecureSignatureKeypair\"/>");
+ sb.append("</");
+ sb.append(slPrefix);
+ sb.append(":AssocArrayParameters>");
+ sb.append("</");
+ sb.append(slPrefix);
+ sb.append(":InfoboxReadRequest>");
+
+ return sb.toString();
+
+ }
+
+}
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/VerifyXMLSignatureRequestBuilder.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/VerifyXMLSignatureRequestBuilder.java
index ffe4ad9b6..a14d0325f 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/VerifyXMLSignatureRequestBuilder.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/VerifyXMLSignatureRequestBuilder.java
@@ -217,5 +217,67 @@ public class VerifyXMLSignatureRequestBuilder {
return requestElem_;
}
+
+ /**
+ * Builds a <code>&lt;VerifyXMLSignatureRequest&gt;</code>
+ * from the signed data with a known trustProfileID which
+ * has to exist in MOA-SP
+ * @param csr - signed AUTH-Block
+ * @param trustProfileID - a preconfigured TrustProfile at MOA-SP
+ * @return Element - The complete request as Dom-Element
+ * @throws ParseException
+ */
+ public Element buildDsig(
+ CreateXMLSignatureResponse csr,
+ String trustProfileID)
+ throws BuildException { //samlAssertionObject
+
+ try {
+ // build the request
+// requestElem_.setAttributeNS(Constants.XMLNS_NS_URI, "xmlns:"
+// + Constants.XML_PREFIX, Constants.XMLNS_NS_URI);
+
+ Element verifiySignatureInfoElem =
+ requestDoc_.createElementNS(MOA_NS_URI, "VerifySignatureInfo");
+ requestElem_.appendChild(verifiySignatureInfoElem);
+ Element verifySignatureEnvironmentElem =
+ requestDoc_.createElementNS(MOA_NS_URI, "VerifySignatureEnvironment");
+ verifiySignatureInfoElem.appendChild(verifySignatureEnvironmentElem);
+
+ Element xmlContentElem = requestDoc_.createElementNS(MOA_NS_URI, "XMLContent");
+ verifySignatureEnvironmentElem.appendChild(xmlContentElem);
+ xmlContentElem.setAttribute(Constants.XML_PREFIX + ":space", "preserve");
+
+ // insert the dsig:Signature
+ xmlContentElem.appendChild(requestDoc_.importNode(csr.getDsigSignature(), true));
+ // specify the signature location
+ Element verifySignatureLocationElem =
+ requestDoc_.createElementNS(MOA_NS_URI, "VerifySignatureLocation");
+ verifiySignatureInfoElem.appendChild(verifySignatureLocationElem);
+ Node signatureLocation = requestDoc_.createTextNode("/"+ DSIG + "Signature");
+ verifySignatureLocationElem.appendChild(signatureLocation);
+ // signature manifest params
+ Element signatureManifestCheckParamsElem =
+ requestDoc_.createElementNS(MOA_NS_URI, "SignatureManifestCheckParams");
+ requestElem_.appendChild(signatureManifestCheckParamsElem);
+ signatureManifestCheckParamsElem.setAttribute("ReturnReferenceInputData", "true");
+ // add the transform profile IDs
+ Element referenceInfoElem = requestDoc_.createElementNS(MOA_NS_URI, "ReferenceInfo");
+ signatureManifestCheckParamsElem.appendChild(referenceInfoElem);
+
+ Element returnHashInputDataElem =
+ requestDoc_.createElementNS(MOA_NS_URI, "ReturnHashInputData");
+ requestElem_.appendChild(returnHashInputDataElem);
+ Element trustProfileIDElem = requestDoc_.createElementNS(MOA_NS_URI, "TrustProfileID");
+
+ trustProfileIDElem.appendChild(requestDoc_.createTextNode(trustProfileID));
+ requestElem_.appendChild(trustProfileIDElem);
+
+ } catch (Throwable t) {
+ throw new BuildException("builder.00", new Object[] { "VerifyXMLSignatureRequest" }, t);
+ }
+
+ return requestElem_;
+ }
}
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/data/AuthenticationSession.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/data/AuthenticationSession.java
index 969e628f4..eca02a77b 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/data/AuthenticationSession.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/data/AuthenticationSession.java
@@ -15,6 +15,8 @@
*/
package at.gv.egovernment.moa.id.auth.data;
+import iaik.x509.X509Certificate;
+
import java.util.ArrayList;
import java.util.Date;
import java.util.Iterator;
@@ -87,7 +89,11 @@ public class AuthenticationSession {
* service or not
*/
private boolean businessService;
-
+
+ /**
+ * Signer certificate of the foreign citizen
+ */
+ private X509Certificate signerCertificate;
/**
* SAML attributes from an extended infobox validation to be appended
* to the SAML assertion delivered to the final online application.
@@ -149,6 +155,14 @@ public class AuthenticationSession {
infoboxValidators = new ArrayList();
}
+ public X509Certificate getForeignSignerCertificate() {
+ return signerCertificate;
+ }
+
+ public void setForeignSignerCertificate(X509Certificate signerCertificate) {
+ this.signerCertificate = signerCertificate;
+ }
+
/**
* Returns the identityLink.
* @return IdentityLink
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/data/CreateXMLSignatureResponse.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/data/CreateXMLSignatureResponse.java
index 81dc2f736..fc3831161 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/data/CreateXMLSignatureResponse.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/data/CreateXMLSignatureResponse.java
@@ -1,18 +1,3 @@
-/*
-* Copyright 2003 Federal Chancellery Austria
-*
-* Licensed under the Apache License, Version 2.0 (the "License");
-* you may not use this file except in compliance with the License.
-* You may obtain a copy of the License at
-*
-* http://www.apache.org/licenses/LICENSE-2.0
-*
-* Unless required by applicable law or agreed to in writing, software
-* distributed under the License is distributed on an "AS IS" BASIS,
-* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-* See the License for the specific language governing permissions and
-* limitations under the License.
-*/
package at.gv.egovernment.moa.id.auth.data;
import org.w3c.dom.Element;
@@ -35,6 +20,11 @@ private SAMLAttribute[] samlAttributes;
* the original saml:Assertion-Element
*/
private Element samlAssertion;
+
+ /**
+ * the original dsig:Signature-Element
+ */
+ private Element dsigSignature;
/**
* Returns the samlAssertion.
* @return Element
@@ -44,6 +34,14 @@ public Element getSamlAssertion() {
}
/**
+ * Returns the dsig:Signature
+ * @return Element
+ */
+public Element getDsigSignature() {
+ return dsigSignature;
+}
+
+/**
* Returns the samlAttribute.
* @return SAMLAttribute[]
*/
@@ -67,6 +65,10 @@ public void setSamlAssertion(Element samlAssertion) {
this.samlAssertion = samlAssertion;
}
+public void setDsigSignature(Element dsigSignature) {
+ this.dsigSignature = dsigSignature;
+}
+
/**
* Sets the samlAttribute.
* @param samlAttributes The samlAttributes to set
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/parser/CreateXMLSignatureResponseParser.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/parser/CreateXMLSignatureResponseParser.java
index 74bad617c..d5b6f9aa9 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/parser/CreateXMLSignatureResponseParser.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/parser/CreateXMLSignatureResponseParser.java
@@ -21,6 +21,7 @@ import java.util.ArrayList;
import java.util.List;
import org.w3c.dom.Element;
+import org.w3c.dom.NodeList;
import org.w3c.dom.traversal.NodeIterator;
import at.gv.egovernment.moa.id.AuthenticationException;
@@ -129,6 +130,31 @@ public class CreateXMLSignatureResponseParser {
throw new ParseException("parser.01", new Object[] { t.toString()}, t);
}
}
+
+ /**
+ * Unmarshalls the <@link sigResponse> to an
+ * <code>&lt;CreateXMLSignatureResponse&gt;</code> object.
+ *
+ * @return a <code>&lt;CreateXMLSignatureResponse&gt;</code> object
+ * @throws ParseException
+ */
+
+ public CreateXMLSignatureResponse parseResponseDsig() throws ParseException {
+ CreateXMLSignatureResponse cResp;
+ try {
+ cResp = new CreateXMLSignatureResponse();
+
+ NodeList list = sigResponse_.getElementsByTagNameNS(Constants.DSIG_NS_URI, "Signature");
+ Element dsigSignatureNode = (Element) list.item(0);
+
+ Element dsigSignatureElement = (Element) dsigSignatureNode;
+ cResp.setDsigSignature(dsigSignatureElement);
+ }
+ catch (Throwable t) {
+ throw new ParseException("parser.01", new Object[] { t.toString()}, t);
+ }
+ return cResp;
+ }
/**
* Unmarshalls the <@link sigResponse> to an
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/parser/InfoboxReadResponseParser.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/parser/InfoboxReadResponseParser.java
index 954488173..b53a1a2dc 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/parser/InfoboxReadResponseParser.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/parser/InfoboxReadResponseParser.java
@@ -15,17 +15,31 @@
*/
package at.gv.egovernment.moa.id.auth.parser;
+import iaik.x509.X509Certificate;
+
import java.io.ByteArrayInputStream;
import java.io.InputStream;
+import java.security.cert.CertificateException;
+
+import javax.xml.parsers.DocumentBuilder;
+import javax.xml.parsers.DocumentBuilderFactory;
+import javax.xml.parsers.ParserConfigurationException;
+import javax.xml.transform.TransformerException;
+
+import org.apache.axis.encoding.Base64;
+import org.w3c.dom.Document;
import org.w3c.dom.Element;
import at.gv.egovernment.moa.id.AuthenticationException;
import at.gv.egovernment.moa.id.ParseException;
import at.gv.egovernment.moa.id.auth.data.IdentityLink;
+import at.gv.egovernment.moa.id.auth.validator.parep.client.szrgw.SZRGWConstants;
import at.gv.egovernment.moa.util.Constants;
import at.gv.egovernment.moa.util.DOMUtils;
import at.gv.egovernment.moa.util.XPathUtils;
+import com.sun.org.apache.xpath.internal.XPathAPI;
+
/**
* Parses an <code>&lt;InfoboxReadResponse&gt;</code>.
*
@@ -175,6 +189,43 @@ public class InfoboxReadResponseParser {
IdentityLinkAssertionParser ilParser = new IdentityLinkAssertionParser(samlAssertion);
return ilParser.parseIdentityLink();
}
+
+ /**
+ * Returns the certificate given in the InfoboxReadResponse
+ * @return
+ * @throws ParseException
+ */
+ public X509Certificate parseCertificate() throws ParseException {
+ try {
+ DocumentBuilder builder = DocumentBuilderFactory.newInstance().newDocumentBuilder();
+ Document doc = builder.newDocument();
+
+ Element nameSpaceNode = doc.createElement("NameSpaceNode");
+ nameSpaceNode.setAttribute("xmlns:" + Constants.PD_PREFIX, Constants.PD_NS_URI);
+ nameSpaceNode.setAttribute("xmlns:" + Constants.DSIG_PREFIX, Constants.DSIG_NS_URI);
+ nameSpaceNode.setAttribute("xmlns:" + Constants.SL12_PREFIX, Constants.SL12_NS_URI);
+
+ Element base64ContentElement = (Element)XPathAPI.selectSingleNode(infoBoxElem_.getParentNode(), "//sl:Base64Content[1]", nameSpaceNode);
+
+ if (base64ContentElement == null) {
+ throw new ParseException("parser.01", new Object[] { "Could not find Base64Content for X509Certificate."});
+ }
+
+ String base64Content = DOMUtils.getText(base64ContentElement);
+
+ // Decode Base64 value to X509Certificate
+ byte[] content = Base64.decode(base64Content);
+ return new X509Certificate(content);
+
+ } catch (ParserConfigurationException e) {
+ throw new ParseException("parser.01", new Object[] { "Could not parse X509Certificate from InfoboxReadRequest."}, e);
+ } catch (TransformerException e) {
+ throw new ParseException("parser.01", new Object[] { "Could not parse X509Certificate from InfoboxReadRequest."}, e);
+ } catch (CertificateException e) {
+ throw new ParseException("parser.01", new Object[] { "Could not parse X509Certificate from InfoboxReadRequest."}, e);
+ }
+
+ }
}
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/AuthServlet.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/AuthServlet.java
index 0656d37d3..bff0a3fca 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/AuthServlet.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/AuthServlet.java
@@ -123,6 +123,7 @@ public class AuthServlet extends HttpServlet implements MOAIDAuthConstants {
* Logs all servlet parameters for debugging purposes.
*/
protected void logParameters(HttpServletRequest req) {
+ //@TODO Parameter?
for (Enumeration params = req.getParameterNames(); params.hasMoreElements(); ) {
String parname = (String)params.nextElement();
Logger.debug("Parameter " + parname + req.getParameter(parname));
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/GetForeignIDServlet.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/GetForeignIDServlet.java
new file mode 100644
index 000000000..0599c79bd
--- /dev/null
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/GetForeignIDServlet.java
@@ -0,0 +1,287 @@
+package at.gv.egovernment.moa.id.auth.servlet;
+
+import iaik.pki.PKIException;
+import iaik.x509.X509Certificate;
+
+import java.io.IOException;
+import java.security.GeneralSecurityException;
+import java.security.cert.CertificateEncodingException;
+import java.util.Map;
+
+import javax.servlet.ServletException;
+import javax.servlet.http.HttpServletRequest;
+import javax.servlet.http.HttpServletResponse;
+import javax.xml.parsers.DocumentBuilder;
+import javax.xml.parsers.DocumentBuilderFactory;
+import javax.xml.parsers.ParserConfigurationException;
+
+import org.apache.axis.encoding.Base64;
+import org.apache.commons.fileupload.FileUploadException;
+import org.w3c.dom.Document;
+import org.w3c.dom.Element;
+import org.w3c.dom.Text;
+
+import at.gv.egovernment.moa.id.MOAIDException;
+import at.gv.egovernment.moa.id.ParseException;
+import at.gv.egovernment.moa.id.auth.AuthenticationServer;
+import at.gv.egovernment.moa.id.auth.WrongParametersException;
+import at.gv.egovernment.moa.id.auth.builder.DataURLBuilder;
+import at.gv.egovernment.moa.id.auth.data.AuthenticationSession;
+import at.gv.egovernment.moa.id.auth.data.IdentityLink;
+import at.gv.egovernment.moa.id.auth.parser.IdentityLinkAssertionParser;
+import at.gv.egovernment.moa.id.auth.validator.parep.client.szrgw.CreateIdentityLinkResponse;
+import at.gv.egovernment.moa.id.auth.validator.parep.client.szrgw.SZRGWClient;
+import at.gv.egovernment.moa.id.auth.validator.parep.client.szrgw.SZRGWClientException;
+import at.gv.egovernment.moa.id.auth.validator.parep.client.szrgw.SZRGWConstants;
+import at.gv.egovernment.moa.id.config.ConfigurationException;
+import at.gv.egovernment.moa.id.config.ConnectionParameter;
+import at.gv.egovernment.moa.id.config.auth.AuthConfigurationProvider;
+import at.gv.egovernment.moa.id.util.MOAIDMessageProvider;
+import at.gv.egovernment.moa.id.util.ParamValidatorUtils;
+import at.gv.egovernment.moa.id.util.SSLUtils;
+import at.gv.egovernment.moa.logging.Logger;
+import at.gv.egovernment.moa.util.URLEncoder;
+
+/**
+ * Servlet requested for getting the foreign eID
+ * provided by the security layer implementation.
+ * Utilizes the {@link AuthenticationServer}.
+ *
+ */
+public class GetForeignIDServlet extends AuthServlet {
+
+ /**
+ * Constructor for GetForeignIDServlet.
+ */
+ public GetForeignIDServlet() {
+ super();
+ }
+
+ /**
+ * GET requested by security layer implementation to verify
+ * that data URL resource is available.
+ * @see javax.servlet.http.HttpServlet#doGet(HttpServletRequest, HttpServletResponse)
+ */
+ protected void doGet(HttpServletRequest req, HttpServletResponse resp)
+ throws ServletException, IOException {
+
+ Logger.debug("GET GetForeignIDServlet");
+
+
+ }
+
+ /**
+ * Verifies the identity link and responds with a new
+ * <code>CreateXMLSignatureRequest</code>.
+ * <br>
+ * Request parameters:
+ * <ul>
+ * <li>MOASessionID: ID of associated authentication session</li>
+ * <li>XMLResponse: <code>&lt;InfoboxReadResponse&gt;</code></li>
+ * </ul>
+ * Response:
+ * <ul>
+ * <li>Content type: <code>"text/xml"</code></li>
+ * <li>Content: see return value of {@link AuthenticationServer#verifyIdentityLink}</li>
+ * <li>Error status: <code>500</code>
+ * </ul>
+ * @see javax.servlet.http.HttpServlet#doPost(HttpServletRequest, HttpServletResponse)
+ */
+ protected void doPost(HttpServletRequest req, HttpServletResponse resp)
+ throws ServletException, IOException {
+
+ Logger.debug("POST GetForeignIDServlet");
+
+ Map parameters;
+ try
+ {
+ parameters = getParameters(req);
+ } catch (FileUploadException e)
+ {
+ Logger.error("Parsing mulitpart/form-data request parameters failed: " + e.getMessage());
+ throw new IOException(e.getMessage());
+ }
+ String sessionID = req.getParameter(PARAM_SESSIONID);
+ String redirectURL = null;
+ X509Certificate cert = null;
+ AuthenticationSession session = null;
+ try {
+ // check parameter
+ if (!ParamValidatorUtils.isValidSessionID(sessionID))
+ throw new WrongParametersException("GetForeignID", PARAM_SESSIONID, "auth.12");
+
+ session = AuthenticationServer.getSession(sessionID);
+
+ cert = AuthenticationServer.getInstance().verifyXMLSignature(sessionID, parameters);
+
+// Element signature = AuthenticationServer.getInstance().getDsigElement
+// (sessionID, parameters);
+
+// if (signature == null) {
+ if (cert == null) {
+ handleError("Error retrieving signature from foreign eID card.", null, req, resp);
+ }
+ else {
+
+ // make SZR request
+ //Element samlAssertion = getIdentityLink(signature);
+ Element samlAssertion = getIdentityLink(cert);
+
+ IdentityLinkAssertionParser ilParser = new IdentityLinkAssertionParser(samlAssertion);
+ IdentityLink identitylink = ilParser.parseIdentityLink();
+ session.setIdentityLink(identitylink);
+
+ String samlArtifactBase64 =
+ AuthenticationServer.getInstance().getForeignAuthenticationData(sessionID);
+ if (!samlArtifactBase64.equals("Redirect to Input Processor")) {
+ redirectURL = session.getOAURLRequested();
+ if (!session.getBusinessService()) {
+ redirectURL = addURLParameter(redirectURL, PARAM_TARGET, URLEncoder.encode(session.getTarget(), "UTF-8"));
+ }
+ redirectURL = addURLParameter(redirectURL, PARAM_SAMLARTIFACT, URLEncoder.encode(samlArtifactBase64, "UTF-8"));
+ redirectURL = resp.encodeRedirectURL(redirectURL);
+ } else {
+ redirectURL = new DataURLBuilder().buildDataURL(session.getAuthURL(), AuthenticationServer.REQ_PROCESS_VALIDATOR_INPUT, session.getSessionID());
+ }
+ resp.setContentType("text/html");
+ resp.setStatus(302);
+ resp.addHeader("Location", redirectURL);
+ Logger.debug("REDIRECT TO: " + redirectURL);
+ }
+
+ }
+ catch (ParseException ex) {
+ handleError(null, ex, req, resp);
+ }
+ catch (MOAIDException ex) {
+ handleError(null, ex, req, resp);
+ }
+ catch (SZRGWClientException ex) {
+ handleError(null, ex, req, resp);
+ }
+ }
+
+ /**
+ * Adds a parameter to a URL.
+ * @param url the URL
+ * @param paramname parameter name
+ * @param paramvalue parameter value
+ * @return the URL with parameter added
+ */
+ private static String addURLParameter(String url, String paramname, String paramvalue) {
+ String param = paramname + "=" + paramvalue;
+ if (url.indexOf("?") < 0)
+ return url + "?" + param;
+ else
+ return url + "&" + param;
+ }
+
+ /**
+ * Does the request to the SZR-GW
+ * @param givenname
+ * @param familyname
+ * @param dateofbirth
+ * @return Identity link assertion
+ * @throws SZRGWClientException
+ */
+ /*private Element getIdentityLink(Element signature) throws SZRGWClientException {*/
+ private Element getIdentityLink(X509Certificate cert) throws SZRGWClientException {
+
+ SZRGWClient client = new SZRGWClient();
+
+ try {
+ AuthConfigurationProvider authConf = AuthConfigurationProvider.getInstance();
+ ConnectionParameter connectionParameters = authConf.getForeignIDConnectionParameter();
+ //url = "http://localhost:8081/szr-gateway/services/IdentityLinkCreation";
+ Logger.debug("Connection Parameters: " + connectionParameters);
+ client.setAddress(connectionParameters.getUrl());
+ if (connectionParameters.getUrl().toLowerCase().startsWith("https:")) {
+ Logger.debug("Initialisiere SSL Verbindung");
+ try {
+ client.setSSLSocketFactory(SSLUtils.getSSLSocketFactory(AuthConfigurationProvider.getInstance(), connectionParameters));
+ } catch (IOException e) {
+ // TODO Auto-generated catch block
+ e.printStackTrace();
+ } catch (GeneralSecurityException e) {
+ // TODO Auto-generated catch block
+ e.printStackTrace();
+ } catch (PKIException e) {
+ // TODO Auto-generated catch block
+ e.printStackTrace();
+ }
+ }
+
+ Logger.info("Starte Kommunikation mit dem Stammzahlenregister Gateway(" + connectionParameters.getUrl() + ")...");
+
+
+ }
+ catch (ConfigurationException e) {
+ Logger.warn(e);
+ Logger.warn(MOAIDMessageProvider.getInstance().getMessage("config.12", null ));
+
+ }
+ // create request
+ Document doc = buildGetIdentityLinkRequest(cert);
+ Element request = doc.getDocumentElement();
+ CreateIdentityLinkResponse response = null;
+
+ //try {
+ response = client.createIdentityLinkResponse(request);
+ //} catch (SZRGWClientException e) {
+ // give him a second try - Nach dem Starten des Tomcat wird beim ersten Mal das Client-Zertifikat offenbar vom HTTPClient nicht mitgeschickt.
+ // client = new SZRGWClient(url);
+ // response = client.createIdentityLinkResponse(request);
+ // }
+
+
+ return response.getAssertion();
+
+ }
+
+ /**
+ * Builds the szrgw:GetIdentityLinkRequest für the SZR-GW
+ * @param givenname
+ * @param familyname
+ * @param birthday
+ * @return
+ */
+ private static Document buildGetIdentityLinkRequest(X509Certificate cert) {
+
+ try {
+ byte[] certbyte = cert.getEncoded();
+ String certstring = Base64.encode(certbyte);
+
+ DocumentBuilderFactory factory =DocumentBuilderFactory.newInstance();
+ factory.setNamespaceAware(true);
+ DocumentBuilder builder = factory.newDocumentBuilder();
+ Document doc = builder.newDocument();
+
+ Element getIdentityLink = doc.createElementNS(SZRGWConstants.SZRGW_REQUEST_NS, "szrgw:GetIdentityLinkRequest");
+ getIdentityLink.setAttributeNS("http://www.w3.org/2000/xmlns/", "xmlns:szrgw", SZRGWConstants.SZRGW_REQUEST_NS);
+ doc.appendChild(getIdentityLink);
+
+ Element x509certificate = doc.createElementNS(SZRGWConstants.SZRGW_REQUEST_NS, "szrgw:X509Certificate");
+ getIdentityLink.appendChild(x509certificate);
+ Text certbase64 = doc.createTextNode(certstring);
+ x509certificate.appendChild(certbase64);
+
+ return doc;
+ } catch (ParserConfigurationException e) {
+ e.printStackTrace();
+ } catch (CertificateEncodingException e) {
+ e.printStackTrace();
+ }
+ return null;
+
+ }
+
+ /**
+ * Checks a parameter.
+ * @param param parameter
+ * @return true if the parameter is null or empty
+ */
+ private boolean isEmpty(String param) {
+ return param == null || param.length() == 0;
+ }
+
+}
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/ProcessValidatorInputServlet.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/ProcessValidatorInputServlet.java
index 894b05428..317af3e06 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/ProcessValidatorInputServlet.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/ProcessValidatorInputServlet.java
@@ -73,7 +73,7 @@ public class ProcessValidatorInputServlet extends AuthServlet {
} catch (FileUploadException e) {
Logger.error("Parsing mulitpart/form-data request parameters failed: " + e.getMessage());
throw new IOException(e.getMessage());
- }
+ }
String sessionID = req.getParameter(PARAM_SESSIONID);
if (sessionID==null) sessionID = (String) req.getAttribute(PARAM_SESSIONID);
if (sessionID==null) sessionID = (String) parameters.get(PARAM_SESSIONID);
@@ -124,7 +124,8 @@ public class ProcessValidatorInputServlet extends AuthServlet {
} catch (FileUploadException e) {
Logger.error("Parsing mulitpart/form-data request parameters failed: " + e.getMessage());
throw new IOException(e.getMessage());
- }
+ }
+ //@TODO Parameter
String sessionID = req.getParameter(PARAM_SESSIONID);
if (sessionID==null) sessionID = (String) req.getAttribute(PARAM_SESSIONID);
if (sessionID==null) sessionID = (String) parameters.get(PARAM_SESSIONID);
@@ -142,13 +143,15 @@ public class ProcessValidatorInputServlet extends AuthServlet {
String htmlForm = null;
boolean doInputProcessorSign = false; // If sign process should be within an extra form, provide a parameter. Otherwise transport through security layer is assumed
+ //@TODO Parameter
String inputProcessorSignForm = req.getParameter("Sign_Form");
if (inputProcessorSignForm==null) inputProcessorSignForm = (String) req.getAttribute("Sign_Form");
if (inputProcessorSignForm==null) inputProcessorSignForm = (String) parameters.get("Sign_Form");
if (inputProcessorSignForm==null) inputProcessorSignForm = (String) parameters.get("Sign_Form_");
if (!ParepUtils.isEmpty(inputProcessorSignForm)) doInputProcessorSign = inputProcessorSignForm.equalsIgnoreCase("true");
if (doInputProcessorSign) {
- // Test if we have a user input form sign template
+ // Test if we have a user input form sign template
+ //@TODO Parameter
String inputProcessorSignTemplateURL = req.getParameter(PARAM_INPUT_PROCESSOR_SIGN_TEMPLATE);
String inputProcessorSignTemplate = null;
OAAuthParameter oaParam =
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/SelectBKUServlet.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/SelectBKUServlet.java
index 78c028767..09b3ae15f 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/SelectBKUServlet.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/SelectBKUServlet.java
@@ -29,6 +29,7 @@ import at.gv.egovernment.moa.id.auth.MOAIDAuthInitializer;
import at.gv.egovernment.moa.id.auth.WrongParametersException;
import at.gv.egovernment.moa.id.config.auth.AuthConfigurationProvider;
import at.gv.egovernment.moa.id.util.MOAIDMessageProvider;
+import at.gv.egovernment.moa.id.util.ParamValidatorUtils;
import at.gv.egovernment.moa.logging.Logger;
/**
@@ -74,6 +75,7 @@ public class SelectBKUServlet extends AuthServlet {
authURL = authURL.concat(":" + req.getServerPort());
}
authURL = authURL.concat(req.getContextPath() + "/");
+
String target = req.getParameter(PARAM_TARGET);
String oaURL = req.getParameter(PARAM_OA);
String bkuSelectionTemplateURL = req.getParameter(PARAM_BKUTEMPLATE);
@@ -84,6 +86,16 @@ public class SelectBKUServlet extends AuthServlet {
resp.addHeader(HEADER_CACHE_CONTROL,HEADER_VALUE_CACHE_CONTROL_IE);
try {
+
+ // check parameter
+ if (!ParamValidatorUtils.isValidTarget(target))
+ throw new WrongParametersException("StartAuthentication", PARAM_TARGET, "auth.12");
+ if (!ParamValidatorUtils.isValidOA(oaURL))
+ throw new WrongParametersException("StartAuthentication", PARAM_OA, "auth.12");
+ if (!ParamValidatorUtils.isValidTemplate(templateURL))
+ throw new WrongParametersException("StartAuthentication", PARAM_TEMPLATE, "auth.12");
+
+
String returnValue = AuthenticationServer.getInstance().selectBKU(
authURL, target, oaURL, bkuSelectionTemplateURL, templateURL);
String bkuSelectionType = AuthConfigurationProvider.getInstance().getBKUSelectionType();
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/StartAuthenticationServlet.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/StartAuthenticationServlet.java
index 961511ee7..8165f90f8 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/StartAuthenticationServlet.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/StartAuthenticationServlet.java
@@ -28,6 +28,7 @@ import at.gv.egovernment.moa.id.auth.AuthenticationServer;
import at.gv.egovernment.moa.id.auth.MOAIDAuthInitializer;
import at.gv.egovernment.moa.id.auth.WrongParametersException;
import at.gv.egovernment.moa.id.util.MOAIDMessageProvider;
+import at.gv.egovernment.moa.id.util.ParamValidatorUtils;
import at.gv.egovernment.moa.logging.Logger;
/**
@@ -61,18 +62,36 @@ public class StartAuthenticationServlet extends AuthServlet {
authURL = authURL.concat(":" + req.getServerPort());
}
authURL = authURL.concat(req.getContextPath() + "/");
- String target = req.getParameter(PARAM_TARGET);
- String oaURL = req.getParameter(PARAM_OA);
+
+ String target = req.getParameter(PARAM_TARGET);
+ String oaURL = req.getParameter(PARAM_OA);
String bkuURL = req.getParameter(PARAM_BKU);
String templateURL = req.getParameter(PARAM_TEMPLATE);
String sessionID = req.getParameter(PARAM_SESSIONID);
+
resp.setHeader(HEADER_EXPIRES,HEADER_VALUE_EXPIRES);
resp.setHeader(HEADER_PRAGMA,HEADER_VALUE_PRAGMA);
resp.setHeader(HEADER_CACHE_CONTROL,HEADER_VALUE_CACHE_CONTROL);
resp.addHeader(HEADER_CACHE_CONTROL,HEADER_VALUE_CACHE_CONTROL_IE);
- try {
+
+
+ try {
+ // check parameter
+ if (!ParamValidatorUtils.isValidTarget(target))
+ throw new WrongParametersException("StartAuthentication", PARAM_TARGET, "auth.12");
+ if (!ParamValidatorUtils.isValidOA(oaURL))
+ throw new WrongParametersException("StartAuthentication", PARAM_OA, "auth.12");
+ if (!ParamValidatorUtils.isValidBKUURI(bkuURL))
+ throw new WrongParametersException("StartAuthentication", PARAM_BKU, "auth.12");
+ if (!ParamValidatorUtils.isValidTemplate(templateURL))
+ throw new WrongParametersException("StartAuthentication", PARAM_TEMPLATE, "auth.12");
+ if (!ParamValidatorUtils.isValidSessionID(sessionID))
+ throw new WrongParametersException("StartAuthentication", PARAM_SESSIONID, "auth.12");
+
+
String getIdentityLinkForm =
AuthenticationServer.getInstance().startAuthentication(authURL, target, oaURL, templateURL, bkuURL, sessionID, req.getScheme());
+
resp.setContentType("text/html;charset=UTF-8");
PrintWriter out = new PrintWriter(resp.getOutputStream());
out.print(getIdentityLinkForm);
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/VerifyAuthenticationBlockServlet.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/VerifyAuthenticationBlockServlet.java
index 43947f6f0..824df9ca8 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/VerifyAuthenticationBlockServlet.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/VerifyAuthenticationBlockServlet.java
@@ -16,9 +16,7 @@
package at.gv.egovernment.moa.id.auth.servlet;
import java.io.IOException;
-import java.util.Iterator;
import java.util.Map;
-import java.util.Vector;
import javax.servlet.ServletException;
import javax.servlet.http.HttpServletRequest;
@@ -28,11 +26,10 @@ import org.apache.commons.fileupload.FileUploadException;
import at.gv.egovernment.moa.id.MOAIDException;
import at.gv.egovernment.moa.id.auth.AuthenticationServer;
+import at.gv.egovernment.moa.id.auth.WrongParametersException;
import at.gv.egovernment.moa.id.auth.builder.DataURLBuilder;
import at.gv.egovernment.moa.id.auth.data.AuthenticationSession;
-import at.gv.egovernment.moa.id.auth.data.InfoboxValidationResult;
-import at.gv.egovernment.moa.id.auth.validator.InfoboxValidator;
-import at.gv.egovernment.moa.id.auth.validator.ValidateException;
+import at.gv.egovernment.moa.id.util.ParamValidatorUtils;
import at.gv.egovernment.moa.logging.Logger;
import at.gv.egovernment.moa.util.URLEncoder;
@@ -99,10 +96,16 @@ public class VerifyAuthenticationBlockServlet extends AuthServlet {
Logger.error("Parsing mulitpart/form-data request parameters failed: " + e.getMessage());
throw new IOException(e.getMessage());
}
+ //@TODO Parameter
String sessionID = req.getParameter(PARAM_SESSIONID);
String createXMLSignatureResponse = (String)parameters.get(PARAM_XMLRESPONSE);
String redirectURL = null;
try {
+ // check parameter
+ if (!ParamValidatorUtils.isValidSessionID(sessionID))
+ throw new WrongParametersException("VerifyAuthenticationBlock", PARAM_SESSIONID, "auth.12");
+
+
AuthenticationSession session = AuthenticationServer.getSession(sessionID);
String samlArtifactBase64 =
AuthenticationServer.getInstance().verifyAuthenticationBlock(sessionID, createXMLSignatureResponse);
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/VerifyCertificateServlet.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/VerifyCertificateServlet.java
new file mode 100644
index 000000000..c9c1e794d
--- /dev/null
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/VerifyCertificateServlet.java
@@ -0,0 +1,286 @@
+package at.gv.egovernment.moa.id.auth.servlet;
+
+import iaik.pki.PKIException;
+import iaik.x509.X509Certificate;
+
+import java.io.IOException;
+import java.security.GeneralSecurityException;
+import java.security.cert.CertificateEncodingException;
+import java.util.Map;
+
+import javax.servlet.ServletException;
+import javax.servlet.http.HttpServletRequest;
+import javax.servlet.http.HttpServletResponse;
+import javax.xml.parsers.DocumentBuilder;
+import javax.xml.parsers.DocumentBuilderFactory;
+import javax.xml.parsers.ParserConfigurationException;
+
+import org.apache.axis.encoding.Base64;
+import org.apache.commons.fileupload.FileUploadException;
+import org.w3c.dom.Document;
+import org.w3c.dom.Element;
+import org.w3c.dom.Text;
+
+import at.gv.egovernment.moa.id.MOAIDException;
+import at.gv.egovernment.moa.id.auth.AuthenticationServer;
+import at.gv.egovernment.moa.id.auth.WrongParametersException;
+import at.gv.egovernment.moa.id.auth.builder.DataURLBuilder;
+import at.gv.egovernment.moa.id.auth.data.AuthenticationSession;
+import at.gv.egovernment.moa.id.auth.validator.parep.client.szrgw.CreateIdentityLinkResponse;
+import at.gv.egovernment.moa.id.auth.validator.parep.client.szrgw.SZRGWClient;
+import at.gv.egovernment.moa.id.auth.validator.parep.client.szrgw.SZRGWClientException;
+import at.gv.egovernment.moa.id.auth.validator.parep.client.szrgw.SZRGWConstants;
+import at.gv.egovernment.moa.id.config.ConfigurationException;
+import at.gv.egovernment.moa.id.config.ConnectionParameter;
+import at.gv.egovernment.moa.id.config.auth.AuthConfigurationProvider;
+import at.gv.egovernment.moa.id.util.MOAIDMessageProvider;
+import at.gv.egovernment.moa.id.util.ParamValidatorUtils;
+import at.gv.egovernment.moa.id.util.SSLUtils;
+import at.gv.egovernment.moa.id.util.ServletUtils;
+import at.gv.egovernment.moa.logging.Logger;
+
+/**
+ * Servlet requested for getting the foreign eID
+ * provided by the security layer implementation.
+ * Utilizes the {@link AuthenticationServer}.
+ *
+ */
+public class VerifyCertificateServlet extends AuthServlet {
+
+ /**
+ * Constructor for VerifyCertificateServlet.
+ */
+ public VerifyCertificateServlet() {
+ super();
+ }
+
+ /**
+ * GET requested by security layer implementation to verify
+ * that data URL resource is available.
+ * @see javax.servlet.http.HttpServlet#doGet(HttpServletRequest, HttpServletResponse)
+ */
+ protected void doGet(HttpServletRequest req, HttpServletResponse resp)
+ throws ServletException, IOException {
+
+ Logger.debug("GET VerifyCertificateServlet");
+
+
+ }
+
+ /**
+ * Gets the signer certificate from the InfoboxReadRequest and
+ * responds with a new
+ * <code>CreateXMLSignatureRequest</code>.
+ * <br>
+ * Request parameters:
+ * <ul>
+ * <li>MOASessionID: ID of associated authentication session</li>
+ * <li>XMLResponse: <code>&lt;InfoboxReadResponse&gt;</code></li>
+ * </ul>
+ * @see javax.servlet.http.HttpServlet#doPost(HttpServletRequest, HttpServletResponse)
+ */
+ protected void doPost(HttpServletRequest req, HttpServletResponse resp)
+ throws ServletException, IOException {
+
+ Logger.debug("POST VerifyCertificateServlet");
+
+ Map parameters;
+ try
+ {
+ parameters = getParameters(req);
+ } catch (FileUploadException e)
+ {
+ Logger.error("Parsing mulitpart/form-data request parameters failed: " + e.getMessage());
+ throw new IOException(e.getMessage());
+ }
+ //@TODO Parameter
+ String sessionID = req.getParameter(PARAM_SESSIONID);
+ AuthenticationSession session = null;
+ try {
+ // check parameter
+ if (!ParamValidatorUtils.isValidSessionID(sessionID))
+ throw new WrongParametersException("VerifyCertificate", PARAM_SESSIONID, "auth.12");
+
+ session = AuthenticationServer.getSession(sessionID);
+
+ X509Certificate cert = AuthenticationServer.getInstance().getCertificate(sessionID, parameters);
+
+ System.out.println(cert);
+
+ String createXMLSignatureRequest = AuthenticationServer.getInstance().getCreateXMLSignatureRequestForeignID(sessionID, parameters, cert);
+
+ System.out.println(createXMLSignatureRequest);
+
+ // build dataurl (to the GetForeignIDSerlvet)
+ String dataurl =
+ new DataURLBuilder().buildDataURL(
+ session.getAuthURL(),
+ REQ_GET_FOREIGN_ID,
+ session.getSessionID());
+
+ ServletUtils.writeCreateXMLSignatureRequest(resp, session, createXMLSignatureRequest, AuthenticationServer.REQ_PROCESS_VALIDATOR_INPUT, "VerifyIdentityLink", dataurl);
+
+
+// Logger.debug("Send CreateXMLSignatureRequest to BKU");
+// String keyboxIdentifier = "SecureSignatureKeypair";
+// //String keyboxIdentifier = "CertifiedKeypair";
+// String xmlContent = "<html xmlns=\"http://www.w3.org/1999/xhtml\"> " +
+// "<head><title>CreateXMLSignatureRequest</title>" +
+// "<style type=\"text/css\"/></head>" +
+// "<body>" +
+// "<p>I hereby request to access this e-government application by using my " +
+// "domestic electronic identity. </p>" +
+// "<p>I further affirm that I am not yet registered with the Austrian Central " +
+// "Residents Registry and that I am not obliged to register with the Austrian " +
+// "Central Residents Registry according to Austrian law.</p>" +
+// "<p>In the event I am not yet registered with the Supplementary Register, I " +
+// "explicitly grant to do so according to §6 (5) E-Government Act (EGovG, idF: " +
+// "BGBl. I Nr. 7/2008 und BGBl. I Nr. 59/2008).</p>" +
+// "</body></html>";
+//
+// // create the CreateXMLSignatureRequest
+// String createXMLSignatureRequest = new CreateXMLSignatureRequestBuilderForeign().build(
+// keyboxIdentifier,
+// xmlContent);
+//
+// // build dataurl (to the GetForeignIDSerlvet)
+// String dataurl =
+// new DataURLBuilder().buildDataURL(
+// session.getAuthURL(),
+// REQ_GET_FOREIGN_ID,
+// session.getSessionID());
+//
+// ServletUtils.writeCreateXMLSignatureRequest(resp, session, createXMLSignatureRequest, AuthenticationServer.REQ_PROCESS_VALIDATOR_INPUT, "VerifyIdentityLink", dataurl);
+//
+
+
+ }
+ catch (MOAIDException ex) {
+ handleError(null, ex, req, resp);
+ }
+ }
+
+ /**
+ * Adds a parameter to a URL.
+ * @param url the URL
+ * @param paramname parameter name
+ * @param paramvalue parameter value
+ * @return the URL with parameter added
+ */
+ private static String addURLParameter(String url, String paramname, String paramvalue) {
+ String param = paramname + "=" + paramvalue;
+ if (url.indexOf("?") < 0)
+ return url + "?" + param;
+ else
+ return url + "&" + param;
+ }
+
+ /**
+ * Does the request to the SZR-GW
+ * @param givenname
+ * @param familyname
+ * @param dateofbirth
+ * @return Identity link assertion
+ * @throws SZRGWClientException
+ */
+ /*private Element getIdentityLink(Element signature) throws SZRGWClientException {*/
+ private Element getIdentityLink(X509Certificate cert) throws SZRGWClientException {
+
+ SZRGWClient client = new SZRGWClient();
+
+ try {
+ AuthConfigurationProvider authConf = AuthConfigurationProvider.getInstance();
+ ConnectionParameter connectionParameters = authConf.getForeignIDConnectionParameter();
+ //url = "http://localhost:8081/szr-gateway/services/IdentityLinkCreation";
+ Logger.debug("Connection Parameters: " + connectionParameters);
+ client.setAddress(connectionParameters.getUrl());
+ if (connectionParameters.getUrl().toLowerCase().startsWith("https:")) {
+ Logger.debug("Initialisiere SSL Verbindung");
+ try {
+ client.setSSLSocketFactory(SSLUtils.getSSLSocketFactory(AuthConfigurationProvider.getInstance(), connectionParameters));
+ } catch (IOException e) {
+ // TODO Auto-generated catch block
+ e.printStackTrace();
+ } catch (GeneralSecurityException e) {
+ // TODO Auto-generated catch block
+ e.printStackTrace();
+ } catch (PKIException e) {
+ // TODO Auto-generated catch block
+ e.printStackTrace();
+ }
+ }
+
+ Logger.info("Starte Kommunikation mit dem Stammzahlenregister Gateway(" + connectionParameters.getUrl() + ")...");
+
+
+ }
+ catch (ConfigurationException e) {
+ Logger.warn(e);
+ Logger.warn(MOAIDMessageProvider.getInstance().getMessage("config.12", null ));
+
+ }
+ // create request
+ Document doc = buildGetIdentityLinkRequest(cert);
+ Element request = doc.getDocumentElement();
+ CreateIdentityLinkResponse response = null;
+
+ //try {
+ response = client.createIdentityLinkResponse(request);
+ //} catch (SZRGWClientException e) {
+ // give him a second try - Nach dem Starten des Tomcat wird beim ersten Mal das Client-Zertifikat offenbar vom HTTPClient nicht mitgeschickt.
+ // client = new SZRGWClient(url);
+ // response = client.createIdentityLinkResponse(request);
+ // }
+
+
+ return response.getAssertion();
+
+ }
+
+ /**
+ * Builds the szrgw:GetIdentityLinkRequest für the SZR-GW
+ * @param givenname
+ * @param familyname
+ * @param birthday
+ * @return
+ */
+ private static Document buildGetIdentityLinkRequest(X509Certificate cert) {
+
+ try {
+ byte[] certbyte = cert.getEncoded();
+ String certstring = Base64.encode(certbyte);
+
+ DocumentBuilderFactory factory =DocumentBuilderFactory.newInstance();
+ factory.setNamespaceAware(true);
+ DocumentBuilder builder = factory.newDocumentBuilder();
+ Document doc = builder.newDocument();
+
+ Element getIdentityLink = doc.createElementNS(SZRGWConstants.SZRGW_REQUEST_NS, "szrgw:GetIdentityLinkRequest");
+ getIdentityLink.setAttributeNS("http://www.w3.org/2000/xmlns/", "xmlns:szrgw", SZRGWConstants.SZRGW_REQUEST_NS);
+ doc.appendChild(getIdentityLink);
+
+ Element x509certificate = doc.createElementNS(SZRGWConstants.SZRGW_REQUEST_NS, "szrgw:X509Certificate");
+ getIdentityLink.appendChild(x509certificate);
+ Text certbase64 = doc.createTextNode(certstring);
+ x509certificate.appendChild(certbase64);
+
+ return doc;
+ } catch (ParserConfigurationException e) {
+ e.printStackTrace();
+ } catch (CertificateEncodingException e) {
+ e.printStackTrace();
+ }
+ return null;
+
+ }
+
+ /**
+ * Checks a parameter.
+ * @param param parameter
+ * @return true if the parameter is null or empty
+ */
+ private boolean isEmpty(String param) {
+ return param == null || param.length() == 0;
+ }
+
+}
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/VerifyIdentityLinkServlet.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/VerifyIdentityLinkServlet.java
index 329749e96..4f98e85e2 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/VerifyIdentityLinkServlet.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/VerifyIdentityLinkServlet.java
@@ -25,8 +25,13 @@ import javax.servlet.http.HttpServletResponse;
import org.apache.commons.fileupload.FileUploadException;
import at.gv.egovernment.moa.id.MOAIDException;
+import at.gv.egovernment.moa.id.ParseException;
import at.gv.egovernment.moa.id.auth.AuthenticationServer;
+import at.gv.egovernment.moa.id.auth.WrongParametersException;
+import at.gv.egovernment.moa.id.auth.builder.DataURLBuilder;
+import at.gv.egovernment.moa.id.auth.builder.InfoboxReadRequestBuilderCertificate;
import at.gv.egovernment.moa.id.auth.data.AuthenticationSession;
+import at.gv.egovernment.moa.id.util.ParamValidatorUtils;
import at.gv.egovernment.moa.id.util.ServletUtils;
import at.gv.egovernment.moa.logging.Logger;
@@ -60,7 +65,8 @@ public class VerifyIdentityLinkServlet extends AuthServlet {
/**
* Verifies the identity link and responds with a new
- * <code>CreateXMLSignatureRequest</code>.
+ * <code>CreateXMLSignatureRequest</code> or a new <code>
+ * InfoboxReadRequest</code> (in case of a foreign eID card).
* <br>
* Request parameters:
* <ul>
@@ -88,13 +94,56 @@ public class VerifyIdentityLinkServlet extends AuthServlet {
Logger.error("Parsing mulitpart/form-data request parameters failed: " + e.getMessage());
throw new IOException(e.getMessage());
}
+ //@TODO Parameter
String sessionID = req.getParameter(PARAM_SESSIONID);
+
+
+
try {
- AuthenticationSession session = AuthenticationServer.getSession(sessionID);
- String createXMLSignatureRequestOrRedirect = AuthenticationServer.getInstance().verifyIdentityLink(sessionID, parameters);
- ServletUtils.writeCreateXMLSignatureRequestOrRedirect(resp, session, createXMLSignatureRequestOrRedirect, AuthenticationServer.REQ_PROCESS_VALIDATOR_INPUT, "VerifyIdentityLink");
+ // check parameter
+ if (!ParamValidatorUtils.isValidSessionID(sessionID))
+ throw new WrongParametersException("VerifyIdentityLink", PARAM_SESSIONID, "auth.12");
+
+ AuthenticationSession session = AuthenticationServer.getSession(sessionID);
+ String createXMLSignatureRequestOrRedirect = AuthenticationServer.getInstance().verifyIdentityLink(sessionID, parameters);
+
+ if (createXMLSignatureRequestOrRedirect == null) {
+
+ System.out.println("Send InfoboxReadRequest to BKU to get signer certificate.");
+ // no identity link found
+ try {
+
+ Logger.debug("Send InfoboxReadRequest to BKU to get signer certificate.");
+
+ // create the InfoboxReadRequest to get the certificate
+ String infoboxReadRequest = new InfoboxReadRequestBuilderCertificate().build(true);
+
+ // build dataurl (to the GetForeignIDSerlvet)
+ String dataurl =
+ new DataURLBuilder().buildDataURL(
+ session.getAuthURL(),
+ REQ_VERIFY_CERTIFICATE,
+ session.getSessionID());
+
+
+ ServletUtils.writeCreateXMLSignatureRequest(resp, session, infoboxReadRequest, AuthenticationServer.REQ_PROCESS_VALIDATOR_INPUT, "VerifyCertificate", dataurl);
+
+ }
+ catch(Exception e) {
+ handleError(null, e, req, resp);
+ }
+
+ }
+ else {
+ ServletUtils.writeCreateXMLSignatureRequestOrRedirect(resp, session, createXMLSignatureRequestOrRedirect, AuthenticationServer.REQ_PROCESS_VALIDATOR_INPUT, "VerifyIdentityLink");
+ }
+
+ }
+ catch (ParseException ex) {
+ handleError(null, ex, req, resp);
}
+
catch (MOAIDException ex) {
handleError(null, ex, req, resp);
}
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/validator/CreateXMLSignatureResponseValidator.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/validator/CreateXMLSignatureResponseValidator.java
index 99c49ca09..072b6c48f 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/validator/CreateXMLSignatureResponseValidator.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/validator/CreateXMLSignatureResponseValidator.java
@@ -26,6 +26,7 @@ import at.gv.egovernment.moa.id.auth.data.CreateXMLSignatureResponse;
import at.gv.egovernment.moa.id.auth.data.ExtendedSAMLAttribute;
import at.gv.egovernment.moa.id.auth.data.IdentityLink;
import at.gv.egovernment.moa.id.auth.data.SAMLAttribute;
+import at.gv.egovernment.moa.id.config.TargetToSectorNameMapper;
import at.gv.egovernment.moa.logging.Logger;
import at.gv.egovernment.moa.util.Constants;
import at.gv.egovernment.moa.util.StringUtils;
@@ -70,7 +71,7 @@ public class CreateXMLSignatureResponseValidator {
* @throws ValidateException
*/
public void validate(CreateXMLSignatureResponse createXMLSignatureResponse, AuthenticationSession session)
- throws ValidateException {
+ throws ValidateException {
// A3.056: more then one /saml:Assertion/saml:AttributeStatement/saml:Subject/saml:NameIdentifier
@@ -123,57 +124,60 @@ public class CreateXMLSignatureResponseValidator {
SAMLAttribute samlAttribute;
if (session.getSAMLAttributeGebeORwbpk()) {
- // check the first attribute ("Geschaeftsbereich" or "wbPK")
- samlAttribute = samlAttributes[0];
- if (businessService) {
- if (!samlAttribute.getName().equals("wbPK")) {
- if (samlAttribute.getName().equals("Geschaeftsbereich")) {
- throw new ValidateException("validator.26", null);
- } else {
- throw new ValidateException(
- "validator.37",
- new Object[] {samlAttribute.getName(), "wbPK", String.valueOf(1)});
- }
- }
- if (samlAttribute.getNamespace().equals("http://reference.e-government.gv.at/namespace/moa/20020822#")) {
- foundWBPK = true;
- try {
- Element attrValue = (Element)samlAttribute.getValue();
- String value = ((Element)attrValue.getElementsByTagNameNS(Constants.PD_NS_URI, "Value").item(0)).getFirstChild().getNodeValue();
- String type = ((Element)attrValue.getElementsByTagNameNS(Constants.PD_NS_URI, "Type").item(0)).getFirstChild().getNodeValue();
- if (!value.equals(identityLink.getIdentificationValue())) {
- throw new ValidateException("validator.28", null);
- }
- if (!type.equals(identityLink.getIdentificationType())) {
- throw new ValidateException("validator.28", null);
- }
- } catch (Exception ex) {
- throw new ValidateException("validator.29", null);
- }
- } else {
- throw new ValidateException("validator.30", null);
- }
- } else {
- if (!samlAttribute.getName().equals("Geschaeftsbereich")) {
- if (samlAttribute.getName().equals("wbPK")) {
- throw new ValidateException("validator.26", null);
- } else {
- throw new ValidateException(
- "validator.37",
- new Object[] {samlAttribute.getName(), "Geschaeftsbereich", String.valueOf(1)});
- }
- }
- if (samlAttribute.getNamespace().equals("http://reference.e-government.gv.at/namespace/moa/20020822#")) {
- foundGB = true;
- if (!gbTarget.equals((String)samlAttribute.getValue())) {
- throw new ValidateException("validator.13", null);
- }
- } else {
- throw new ValidateException("validator.12", null);
- }
- }
+ // check the first attribute ("Geschaeftsbereich" or "wbPK")
+ samlAttribute = samlAttributes[0];
+ if (businessService) {
+ if (!samlAttribute.getName().equals("wbPK")) {
+ if (samlAttribute.getName().equals("Geschaeftsbereich")) {
+ throw new ValidateException("validator.26", null);
+ } else {
+ throw new ValidateException(
+ "validator.37",
+ new Object[] {samlAttribute.getName(), "wbPK", String.valueOf(1)});
+ }
+ }
+ if (samlAttribute.getNamespace().equals("http://reference.e-government.gv.at/namespace/moa/20020822#")) {
+ foundWBPK = true;
+ try {
+ Element attrValue = (Element)samlAttribute.getValue();
+ String value = ((Element)attrValue.getElementsByTagNameNS(Constants.PD_NS_URI, "Value").item(0)).getFirstChild().getNodeValue();
+ String type = ((Element)attrValue.getElementsByTagNameNS(Constants.PD_NS_URI, "Type").item(0)).getFirstChild().getNodeValue();
+ if (!value.equals(identityLink.getIdentificationValue())) {
+ throw new ValidateException("validator.28", null);
+ }
+ if (!type.equals(identityLink.getIdentificationType())) {
+ throw new ValidateException("validator.28", null);
+ }
+ } catch (Exception ex) {
+ throw new ValidateException("validator.29", null);
+ }
+ } else {
+ throw new ValidateException("validator.30", null);
+ }
+ } else {
+ if (!samlAttribute.getName().equals("Geschaeftsbereich")) {
+ if (samlAttribute.getName().equals("wbPK")) {
+ throw new ValidateException("validator.26", null);
+ } else {
+ throw new ValidateException(
+ "validator.37",
+ new Object[] {samlAttribute.getName(), "Geschaeftsbereich", String.valueOf(1)});
+ }
+ }
+ if (samlAttribute.getNamespace().equals("http://reference.e-government.gv.at/namespace/moa/20020822#")) {
+ foundGB = true;
+ //BZ..
+ gbTarget = gbTarget + " (" + TargetToSectorNameMapper.getSectorNameViaTarget(gbTarget) + ")";
+ //..BZ
+ if (!gbTarget.equals((String)samlAttribute.getValue())) {
+ throw new ValidateException("validator.13", null);
+ }
+ } else {
+ throw new ValidateException("validator.12", null);
+ }
+ }
} else {
- offset--;
+ offset--;
}
// check the second attribute (must be "OA")
@@ -234,11 +238,11 @@ public class CreateXMLSignatureResponseValidator {
Object actualValue = samlAttribute.getValue();
try {
if (expectedValue instanceof String) {
- // replace \r\n because text might be base64-encoded
- String expValue = StringUtils.replaceAll((String)expectedValue,"\r","");
- expValue = StringUtils.replaceAll(expValue,"\n","");
- String actValue = StringUtils.replaceAll((String)actualValue,"\r","");
- actValue = StringUtils.replaceAll(actValue,"\n","");
+ // replace \r\n because text might be base64-encoded
+ String expValue = StringUtils.replaceAll((String)expectedValue,"\r","");
+ expValue = StringUtils.replaceAll(expValue,"\n","");
+ String actValue = StringUtils.replaceAll((String)actualValue,"\r","");
+ actValue = StringUtils.replaceAll(actValue,"\n","");
if (!expValue.equals(actValue)) {
throw new ValidateException(
"validator.38",
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/validator/parep/client/szrgw/CreateIdentityLinkResponse.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/validator/parep/client/szrgw/CreateIdentityLinkResponse.java
new file mode 100644
index 000000000..6448f9392
--- /dev/null
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/validator/parep/client/szrgw/CreateIdentityLinkResponse.java
@@ -0,0 +1,27 @@
+package at.gv.egovernment.moa.id.auth.validator.parep.client.szrgw;
+
+
+import org.apache.xpath.XPathAPI;
+import org.w3c.dom.Element;
+import org.w3c.dom.Node;
+import org.w3c.dom.NodeList;
+
+
+/**
+ * This class implements a SZR-gateway GetIdentityLink Response.
+ *
+ */
+public class CreateIdentityLinkResponse {
+
+ private Element assertion;
+
+ public Element getAssertion() {
+ return assertion;
+ }
+
+ public void setAssertion(Element assertion) {
+ this.assertion = assertion;
+ }
+
+
+}
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/validator/parep/client/szrgw/SZRGWClient.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/validator/parep/client/szrgw/SZRGWClient.java
index 6c367594b..0c84a9b18 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/validator/parep/client/szrgw/SZRGWClient.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/validator/parep/client/szrgw/SZRGWClient.java
@@ -16,20 +16,20 @@
package at.gv.egovernment.moa.id.auth.validator.parep.client.szrgw;
-import java.io.ByteArrayInputStream;
-import java.io.ByteArrayOutputStream;
-import java.io.File;
-
-import javax.net.ssl.SSLSocketFactory;
-
-import org.apache.commons.httpclient.HttpClient;
-import org.apache.commons.httpclient.methods.PostMethod;
-import org.apache.commons.httpclient.protocol.Protocol;
-import org.w3c.dom.Document;
-import org.w3c.dom.Element;
-
-import at.gv.egovernment.moa.id.auth.validator.parep.ParepUtils;
-import at.gv.egovernment.moa.logging.Logger;
+import java.io.ByteArrayInputStream;
+import java.io.ByteArrayOutputStream;
+
+import javax.net.ssl.SSLSocketFactory;
+
+import org.apache.commons.httpclient.HttpClient;
+import org.apache.commons.httpclient.methods.PostMethod;
+import org.apache.commons.httpclient.protocol.Protocol;
+import org.w3c.dom.Document;
+import org.w3c.dom.Element;
+import org.w3c.dom.NodeList;
+
+import at.gv.egovernment.moa.id.auth.validator.parep.ParepUtils;
+import at.gv.egovernment.moa.logging.Logger;
/**
@@ -41,7 +41,6 @@ import at.gv.egovernment.moa.logging.Logger;
* <li>Detailed Request</li>
* </ol>
*
- * @author <a href="mailto:peter.danner@egiz.gv.at">Peter Danner</a>
*/
public class SZRGWClient {
/**
@@ -136,6 +135,110 @@ public class SZRGWClient {
//e.printStackTrace();
throw new SZRGWClientException(e);
}
+ }
+
+ /**
+ * Gets a identity link.
+ *
+ * @param reqElem the request.
+ * @return a SZR-gateway response containing the result
+ * @throws SZRGWException when an error occurs creating the mandate.
+ */
+ public CreateIdentityLinkResponse createIdentityLinkResponse(Element reqElem) throws SZRGWClientException {
+
+ Logger.info("Connecting to SZR-gateway.");
+ try {
+ if (address == null) {
+ throw new NullPointerException("Address (SZR-gateway ServiceURL) must not be null.");
+ }
+ HttpClient client = new HttpClient();
+ PostMethod method = new PostMethod(address);
+ method.setRequestHeader("SOAPAction", "");
+
+
+ // ssl settings
+ if (sSLSocketFactory != null) {
+ SZRGWSecureSocketFactory fac = new SZRGWSecureSocketFactory(sSLSocketFactory);
+ Protocol.registerProtocol("https", new Protocol("https", fac, 443));
+ }
+
+ // create soap body
+ Element soapBody = getSOAPBody();
+ Document doc = soapBody.getOwnerDocument();
+ soapBody.appendChild(doc.importNode(reqElem, true));
+ Element requestElement = soapBody.getOwnerDocument().getDocumentElement();
+
+ //ParepUtils.saveElementToFile(requestElement, new File("c:/temp/szrRequest.xml"));
+ ByteArrayOutputStream bos = new ByteArrayOutputStream();
+ ParepUtils.serializeElementAsDocument(requestElement, bos);
+
+ method.setRequestBody(new ByteArrayInputStream(bos.toByteArray()));
+ client.executeMethod(method);
+ CreateIdentityLinkResponse response = new CreateIdentityLinkResponse();
+
+ bos = new ByteArrayOutputStream();
+ doc = ParepUtils.readDocFromIs(method.getResponseBodyAsStream());
+
+ //ParepUtils.saveElementToFile(doc.getDocumentElement(), new File("c:/temp/szrResponse.xml"));
+
+ //check if errorresponse
+ boolean isError = checkErrorResponse(doc.getDocumentElement());
+
+ if (isError) {
+ String error = getErrorCodeandMessage(doc.getDocumentElement());
+ throw new SZRGWClientException(error);
+ }
+ else {
+ response.setAssertion(doc.getDocumentElement());
+ }
+
+ return response;
+ } catch(Exception e) {
+ e.printStackTrace();
+ throw new SZRGWClientException(e);
+ }
+
+ }
+
+ /**
+ * Returns an errorstring containing errorcode and info from SZR-GW error response
+ * @param element
+ * @return
+ */
+ private String getErrorCodeandMessage(Element element) {
+ String error = "Fehler im SZR-Gateway: ";
+
+ String code = "";
+ NodeList list = element.getElementsByTagNameNS(SZRGWConstants.SZRGW_REQUEST_NS, "ErrorCode");
+ for (int i = 0; i < list.getLength(); i++) {
+ Element elem = (Element)list.item(i);
+ code += elem.getTextContent() + "/";
+ }
+
+ String info = "";
+ list = element.getElementsByTagNameNS(SZRGWConstants.SZRGW_REQUEST_NS, "Info");
+ for (int i = 0; i < list.getLength(); i++) {
+ Element elem = (Element)list.item(i);
+ info += elem.getTextContent() + "/";
+ }
+
+ error += code + " " + info;
+ return error;
+ }
+
+ /**
+ * Checks if response from SZR-GW is errorresponse or not
+ * @param element
+ * @return
+ */
+ private boolean checkErrorResponse(Element element) {
+
+ NodeList list = element.getElementsByTagNameNS(SZRGWConstants.SZRGW_REQUEST_NS, "ErrorResponse");
+
+ if (list.getLength() == 0)
+ return false;
+ else
+ return true;
}
/*
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/ConfigurationBuilder.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/ConfigurationBuilder.java
index d22fef5e7..7cc33ca52 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/ConfigurationBuilder.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/ConfigurationBuilder.java
@@ -98,7 +98,7 @@ public class ConfigurationBuilder {
protected static final String INPUT_PROCESSOR_TEMPLATE_XPATH =
ROOT + CONF + "AuthComponent/" + CONF + "Templates/" + CONF + "InputProcessorSignTemplate/@URL";
/** an XPATH-Expression */
- public static final String AUTH_SECLAYER_TRANSFORMS_INFO_FILENAME_XPATH =
+ public static final String AUTH_SECLAYER_TRANSFORMS_INFO_FILENAME_XPATH =
ROOT + CONF + "AuthComponent/" + CONF + "SecurityLayer/" + CONF + "TransformsInfo/@filename";
/** an XPATH-Expression */
protected static final String AUTH_MOA_SP_XPATH =
@@ -122,6 +122,12 @@ public class ConfigurationBuilder {
ROOT + CONF + "AuthComponent/" + CONF + "VerifyInfoboxes";
/** an XPATH-Expression */
+ public static final String AUTH_FOREIGN_IDENTITIES_XPATH =
+ ROOT + CONF + "AuthComponent/" + CONF + "ForeignIdentities";
+
+
+
+ /** an XPATH-Expression */
protected static final String OA_XPATH = ROOT + CONF + "OnlineApplication";
/** an XPATH-Expression */
protected static final String OA_LOGIN_XPATH = ROOT + CONF + "OnlineApplication/@loginURL";
@@ -182,10 +188,10 @@ public class ConfigurationBuilder {
- /**
- * main configuration file directory name used to configure MOA-ID
- */
- protected String rootConfigFileDir_;
+ /**
+ * main configuration file directory name used to configure MOA-ID
+ */
+ protected String rootConfigFileDir_;
/** The root element of the MOA-ID configuration */
protected Element configElem_;
@@ -220,6 +226,18 @@ public class ConfigurationBuilder {
if (authBKU==null) return null;
return buildConnectionParameter(authBKU);
}
+
+ /**
+ * Build a ConnectionParameter containing all information
+ * of the foreignid element in the authentication component
+ * @return ConnectionParameter of the authentication component foreignid element
+ */
+ public ConnectionParameter buildForeignIDConnectionParameter() {
+ Element foreignid = (Element)XPathUtils.selectSingleNode(configElem_, AUTH_FOREIGN_IDENTITIES_XPATH);
+ if (foreignid==null) return null;
+ return buildConnectionParameter(foreignid);
+
+ }
/**
* Method buildAuthBKUSelectionType.
@@ -407,7 +425,7 @@ public class ConfigurationBuilder {
{
String bkuSelectionTemplateURL =
- XPathUtils.getAttributeValue(configElem_, AUTH_BKUSELECT_TEMPLATE_XPATH, null);
+ XPathUtils.getAttributeValue(configElem_, AUTH_BKUSELECT_TEMPLATE_XPATH, null);
String templateURL =
XPathUtils.getAttributeValue(configElem_, AUTH_TEMPLATE_XPATH, null);
String inputProcessorSignTemplateURL =
@@ -425,6 +443,7 @@ public class ConfigurationBuilder {
String publicURLPrefix = oAElem.getAttribute("publicURLPrefix");
oap.setPublicURLPrefix(publicURLPrefix);
oap.setKeyBoxIdentier(oAElem.getAttribute("keyBoxIdentifier"));
+ oap.setFriendlyName(oAElem.getAttribute("friendlyName"));
// get the type of the online application
String oaType = oAElem.getAttribute("type");
@@ -447,12 +466,15 @@ public class ConfigurationBuilder {
throw new ConfigurationException("config.02", null);
}
if ("false".equalsIgnoreCase(oAElem.getAttribute("calculateHPI"))) {
- oap.setIdentityLinkDomainIdentifier(buildIdentityLinkDomainIdentifier(identificationNumberChild));
+ oap.setIdentityLinkDomainIdentifier(buildIdentityLinkDomainIdentifier(identificationNumberChild));
+ //BZ.., setting type of IdLinkDomainIdentifier
+ oap.setIdentityLinkDomainIdentifierType(identificationNumberChild.getLocalName());
+ //..BZ
} else {
- // If we have business service and want to dealt with GDA, the security layer can be advised to calulate
- // the Health Professional Identifier HPI instead of the wbPK
+ // If we have business service and want to dealt with GDA, the security layer can be advised to calulate
+ // the Health Professional Identifier HPI instead of the wbPK
Logger.info("OA uses HPI for Identification");
- oap.setIdentityLinkDomainIdentifier(Constants.URN_PREFIX_HPI);
+ oap.setIdentityLinkDomainIdentifier(Constants.URN_PREFIX_HPI);
}
// if OA type is "businessSErvice" set slVersion to 1.2 and ignore parameter in config file
@@ -514,7 +536,7 @@ public class ConfigurationBuilder {
protected String buildTemplateURL(Element oaAuthComponent, String xpathExpr, String defaultURL) {
String templateURL = XPathUtils.getAttributeValue(oaAuthComponent, xpathExpr, defaultURL);
if (templateURL != null) {
- templateURL = FileUtils.makeAbsoluteURL(templateURL, rootConfigFileDir_);
+ templateURL = FileUtils.makeAbsoluteURL(templateURL, rootConfigFileDir_);
}
return templateURL;
}
@@ -533,7 +555,7 @@ public class ConfigurationBuilder {
XPathUtils.getElementValue(root,CONNECTION_PARAMETER_ACCEPTED_CERTS_XPATH,null));
result.setAcceptedServerCertificates(FileUtils.makeAbsoluteURL(
- result.getAcceptedServerCertificates(), rootConfigFileDir_));
+ result.getAcceptedServerCertificates(), rootConfigFileDir_));
result.setUrl(
XPathUtils.getAttributeValue(root, CONNECTION_PARAMETER_URL_XPATH, ""));
@@ -541,10 +563,10 @@ public class ConfigurationBuilder {
XPathUtils.getElementValue(root,CONNECTION_PARAMETERN_KEYSTORE_XPATH,null));
result.setClientKeyStore(FileUtils.makeAbsoluteURL(
- result.getClientKeyStore(), rootConfigFileDir_));
+ result.getClientKeyStore(), rootConfigFileDir_));
result.setClientKeyStorePassword(
- XPathUtils.getAttributeValue(root,CONNECTION_PARAMETER_KEYSTORE_PASS_XPATH,""));
+ XPathUtils.getAttributeValue(root,CONNECTION_PARAMETER_KEYSTORE_PASS_XPATH,""));
if ((result.getAcceptedServerCertificates()==null)
&& (result.getUrl()=="")
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/ConnectionParameter.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/ConnectionParameter.java
index 9193a591e..a61a3de97 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/ConnectionParameter.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/ConnectionParameter.java
@@ -118,4 +118,13 @@ public class ConnectionParameter {
this.clientKeyStorePassword = clientKeyStorePassword;
}
+ public String toString() {
+ String s = "* ConnectionParameter *\n";
+ s += "URL: " + url + "\n";
+ s += "acceptedServerCertificates: " + acceptedServerCertificates + "\n";
+ s += "clientKeyStore: " + clientKeyStore + "\n";
+ s += "clientKeyStorePassword: " + clientKeyStorePassword;
+
+ return s;
+ }
}
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/OAParameter.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/OAParameter.java
index b55164eed..f5aa9225a 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/OAParameter.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/OAParameter.java
@@ -41,6 +41,11 @@ public class OAParameter {
private String publicURLPrefix;
/**
+ * specifies a human readable name of the Online Application
+ */
+ private String friendlyName;
+
+ /**
* Returns the type of the online application.
* @return the type of the online application.
*/
@@ -87,5 +92,24 @@ public class OAParameter {
public void setPublicURLPrefix(String publicURLPrefix) {
this.publicURLPrefix = publicURLPrefix;
}
+
+
+ /**
+ * Gets the friendly name of the OA
+ * @return Friendly Name of the OA
+ */
+ public String getFriendlyName() {
+ return friendlyName;
+ }
+
+ /**
+ * Sets the friendly name of the OA
+ * @param friendlyName
+ */
+ public void setFriendlyName(String friendlyName) {
+ this.friendlyName = friendlyName;
+ }
+
+
}
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/TargetToSectorNameMapper.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/TargetToSectorNameMapper.java
new file mode 100644
index 000000000..af28be56a
--- /dev/null
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/TargetToSectorNameMapper.java
@@ -0,0 +1,67 @@
+/**
+ *
+ */
+package at.gv.egovernment.moa.id.config;
+
+import java.util.HashMap;
+import java.util.Map;
+
+/**
+ * @author bzwattendorfer
+ *
+ */
+public class TargetToSectorNameMapper implements TargetsAndSectorNames {
+
+ private static Map targetMap = new HashMap(41);
+
+ static {
+ targetMap.put(TARGET_AR, TARGET_AR_SECTOR);
+ targetMap.put(TARGET_AS, TARGET_AS_SECTOR);
+ targetMap.put(TARGET_BF, TARGET_BF_SECTOR);
+ targetMap.put(TARGET_BR, TARGET_BR_SECTOR);
+ targetMap.put(TARGET_BW, TARGET_BW_SECTOR);
+ targetMap.put(TARGET_EA, TARGET_EA_SECTOR);
+ targetMap.put(TARGET_EF, TARGET_EF_SECTOR);
+ targetMap.put(TARGET_GH, TARGET_GH_SECTOR);
+ targetMap.put(TARGET_GS, TARGET_GS_SECTOR);
+ targetMap.put(TARGET_GS_RE, TARGET_GS_RE_SECTOR);
+ targetMap.put(TARGET_HR, TARGET_HR_SECTOR);
+ targetMap.put(TARGET_JR, TARGET_JR_SECTOR);
+ targetMap.put(TARGET_KI, TARGET_KI_SECTOR);
+ targetMap.put(TARGET_KL, TARGET_KL_SECTOR);
+ targetMap.put(TARGET_KU, TARGET_KU_SECTOR);
+ targetMap.put(TARGET_LF, TARGET_LF_SECTOR);
+ targetMap.put(TARGET_LV, TARGET_LV_SECTOR);
+ targetMap.put(TARGET_OI, TARGET_OI_SECTOR);
+ targetMap.put(TARGET_PV, TARGET_PV_SECTOR);
+ targetMap.put(TARGET_RD, TARGET_RD_SECTOR);
+ targetMap.put(TARGET_RT, TARGET_RT_SECTOR);
+ targetMap.put(TARGET_SA, TARGET_SA_SECTOR);
+ targetMap.put(TARGET_SF, TARGET_SF_SECTOR);
+ targetMap.put(TARGET_SO, TARGET_SO_SECTOR);
+ targetMap.put(TARGET_SO_VR, TARGET_SO_VR_SECTOR);
+ targetMap.put(TARGET_SR_RG, TARGET_SR_RG_SECTOR);
+ targetMap.put(TARGET_SV, TARGET_SV_SECTOR);
+ targetMap.put(TARGET_UW, TARGET_UW_SECTOR);
+ targetMap.put(TARGET_VT, TARGET_VT_SECTOR);
+ targetMap.put(TARGET_VV, TARGET_VV_SECTOR);
+ targetMap.put(TARGET_WT, TARGET_WT_SECTOR);
+ targetMap.put(TARGET_ZP, TARGET_ZP_SECTOR);
+ targetMap.put(TARGET_BR, TARGET_BR_SECTOR);
+ targetMap.put(TARGET_HR, TARGET_HR_SECTOR);
+ targetMap.put(TARGET_KI, TARGET_KI_SECTOR);
+ targetMap.put(TARGET_OI, TARGET_OI_SECTOR);
+ targetMap.put(TARGET_PV, TARGET_PV_SECTOR);
+ targetMap.put(TARGET_RD, TARGET_RD_SECTOR);
+ targetMap.put(TARGET_VS, TARGET_VS_SECTOR);
+ targetMap.put(TARGET_VS_RG, TARGET_VS_RG_SECTOR);
+ targetMap.put(TARGET_ZU, TARGET_ZU_SECTOR);
+
+ }
+
+ public static String getSectorNameViaTarget(String target) {
+
+ return targetMap.get(target) != null ? (String) targetMap.get(target) : "";
+ }
+
+}
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/TargetsAndSectorNames.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/TargetsAndSectorNames.java
new file mode 100644
index 000000000..c30e7b2b6
--- /dev/null
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/TargetsAndSectorNames.java
@@ -0,0 +1,194 @@
+/**
+ *
+ */
+package at.gv.egovernment.moa.id.config;
+
+import java.util.HashMap;
+import java.util.Map;
+
+/**
+ * This interface contains all actual possible targets in Austria (shortcuts and friendly names)
+ * Bereichskennung and Tätigkeitsbereich
+ * @author bzwattendorfer
+ *
+ */
+public interface TargetsAndSectorNames {
+
+ /** Bereichskennung AR */
+ public static String TARGET_AR = "AR";
+ /** Tätigkeitsbereich AR */
+ public static String TARGET_AR_SECTOR = "Arbeit";
+
+ /** Bereichskennung AS */
+ public static String TARGET_AS = "AS";
+ /** Tätigkeitsbereich AS */
+ public static String TARGET_AS_SECTOR = "Amtliche Statistik";
+
+ /** Bereichskennung BF */
+ public static String TARGET_BF = "BF";
+ /** Tätigkeitsbereich BF */
+ public static String TARGET_BF_SECTOR = "Bildung und Forschung";
+
+ /** Bereichskennung BW */
+ public static String TARGET_BW = "BW";
+ /** Tätigkeitsbereich BW */
+ public static String TARGET_BW_SECTOR = "Bauen und Wohnen";
+
+ /** Bereichskennung EA */
+ public static String TARGET_EA = "EA";
+ /** Tätigkeitsbereich EA */
+ public static String TARGET_EA_SECTOR = "EU und Auswärtige Angelegenheiten";
+
+ /** Bereichskennung EF */
+ public static String TARGET_EF = "EF";
+ /** Tätigkeitsbereich EF */
+ public static String TARGET_EF_SECTOR = "Ein- und Ausfuhr";
+
+ /** Bereichskennung GH */
+ public static String TARGET_GH = "GH";
+ /** Tätigkeitsbereich GH */
+ public static String TARGET_GH_SECTOR = "Gesundheit";
+
+ /** Bereichskennung GS */
+ public static String TARGET_GS = "GS";
+ /** Tätigkeitsbereich GS */
+ public static String TARGET_GS_SECTOR = "Gesellschaft und Soziales";
+
+ /** Bereichskennung GS-RE */
+ public static String TARGET_GS_RE = "GS-RE";
+ /** Tätigkeitsbereich GS-RE */
+ public static String TARGET_GS_RE_SECTOR = "Restitution";
+
+ /** Bereichskennung JR */
+ public static String TARGET_JR = "JR";
+ /** Tätigkeitsbereich JR */
+ public static String TARGET_JR_SECTOR = "Justiz/Zivilrechtswesen";
+
+ /** Bereichskennung KL */
+ public static String TARGET_KL = "KL";
+ /** Tätigkeitsbereich KL */
+ public static String TARGET_KL_SECTOR = "Kultus";
+
+ /** Bereichskennung KU */
+ public static String TARGET_KU = "KU";
+ /** Tätigkeitsbereich KU */
+ public static String TARGET_KU_SECTOR = "Kunst und Kultur";
+
+ /** Bereichskennung LF */
+ public static String TARGET_LF = "LF";
+ /** Tätigkeitsbereich LF */
+ public static String TARGET_LF_SECTOR = "Land- und Forstwirtschaft";
+
+ /** Bereichskennung LV */
+ public static String TARGET_LV = "LV";
+ /** Tätigkeitsbereich LV */
+ public static String TARGET_LV_SECTOR = "Landesverteidigung";
+
+ /** Bereichskennung RT */
+ public static String TARGET_RT = "RT";
+ /** Tätigkeitsbereich RT */
+ public static String TARGET_RT_SECTOR = "Rundfunk und sonstige " +
+ "Medien sowie Telekommunikation";
+
+ /** Bereichskennung SA */
+ public static String TARGET_SA = "SA";
+ /** Tätigkeitsbereich SA */
+ public static String TARGET_SA_SECTOR = "Steuern und Abgaben";
+
+ /** Bereichskennung SF */
+ public static String TARGET_SF = "SF";
+ /** Tätigkeitsbereich SF */
+ public static String TARGET_SF_SECTOR = "Sport und Freizeit";
+
+ /** Bereichskennung SO */
+ public static String TARGET_SO = "SO";
+ /** Tätigkeitsbereich SO */
+ public static String TARGET_SO_SECTOR = "Sicherheit und Ordnung";
+
+ /** Bereichskennung SO-VR */
+ public static String TARGET_SO_VR = "SO-VR";
+ /** Tätigkeitsbereich SO-VR */
+ public static String TARGET_SO_VR_SECTOR = "Vereinsregister";
+
+ /** Bereichskennung SR-RG */
+ public static String TARGET_SR_RG = "SR-RG";
+ /** Tätigkeitsbereich SR-RG */
+ public static String TARGET_SR_RG_SECTOR = "Strafregister";
+
+ /** Bereichskennung SV */
+ public static String TARGET_SV = "SV";
+ /** Tätigkeitsbereich SV */
+ public static String TARGET_SV_SECTOR = "Sozialversicherung";
+
+ /** Bereichskennung UW */
+ public static String TARGET_UW = "UW";
+ /** Tätigkeitsbereich UW */
+ public static String TARGET_UW_SECTOR = "Umwelt";
+
+ /** Bereichskennung VT */
+ public static String TARGET_VT = "VT";
+ /** Tätigkeitsbereich VT */
+ public static String TARGET_VT_SECTOR = "Verkehr und Technik";
+
+ /** Bereichskennung VV */
+ public static String TARGET_VV = "VV";
+ /** Tätigkeitsbereich VV */
+ public static String TARGET_VV_SECTOR = "Vermögensverwaltung";
+
+ /** Bereichskennung WT */
+ public static String TARGET_WT = "WT";
+ /** Tätigkeitsbereich WT */
+ public static String TARGET_WT_SECTOR = "Wirtschaft";
+
+ /** Bereichskennung ZP */
+ public static String TARGET_ZP = "ZP";
+ /** Tätigkeitsbereich ZP */
+ public static String TARGET_ZP_SECTOR = "Personenidentität und Bürgerrechte (zur Person)";
+
+ /** Bereichskennung BR */
+ public static String TARGET_BR = "BR";
+ /** Tätigkeitsbereich BR */
+ public static String TARGET_BR_SECTOR = "Bereichsübergreifender Rechtsschutz";
+
+ /** Bereichskennung HR */
+ public static String TARGET_HR = "HR";
+ /** Tätigkeitsbereich HR */
+ public static String TARGET_HR_SECTOR = "Zentrales Rechnungswesen";
+
+ /** Bereichskennung KI */
+ public static String TARGET_KI = "KI";
+ /** Tätigkeitsbereich KI */
+ public static String TARGET_KI_SECTOR = "Auftraggeberinterne allgemeine Kanzleiindizes";
+
+ /** Bereichskennung OI */
+ public static String TARGET_OI = "OI";
+ /** Tätigkeitsbereich OI */
+ public static String TARGET_OI_SECTOR = "Öffentlichkeitsarbeit";
+
+ /** Bereichskennung PV */
+ public static String TARGET_PV = "PV";
+ /** Tätigkeitsbereich PV */
+ public static String TARGET_PV_SECTOR = "Personalverwaltung";
+
+ /** Bereichskennung RD */
+ public static String TARGET_RD = "RD";
+ /** Tätigkeitsbereich RD */
+ public static String TARGET_RD_SECTOR = "Zentraler Rechtsdienst";
+
+ /** Bereichskennung VS */
+ public static String TARGET_VS = "VS";
+ /** Tätigkeitsbereich VS */
+ public static String TARGET_VS_SECTOR = "Zentrale Durchführung von Verwaltungsstrafverfahren";
+
+ /** Bereichskennung VS-RG */
+ public static String TARGET_VS_RG = "VS-RG";
+ /** Tätigkeitsbereich VS-RG */
+ public static String TARGET_VS_RG_SECTOR = "Zentrales Verwaltungsstrafregister";
+
+ /** Bereichskennung ZU */
+ public static String TARGET_ZU = "ZU";
+ /** Tätigkeitsbereich ZU */
+ public static String TARGET_ZU_SECTOR = "Zustellungen";
+
+
+}
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/auth/AuthConfigurationProvider.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/auth/AuthConfigurationProvider.java
index fc988f161..a25bc1af5 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/auth/AuthConfigurationProvider.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/auth/AuthConfigurationProvider.java
@@ -119,6 +119,8 @@ public class AuthConfigurationProvider extends ConfigurationProvider {
* parameters for connection to MOA SP component
*/
private ConnectionParameter moaSpConnectionParameter;
+
+
/**
* trust profile ID to be used for verifying the identity link signature via MOA ID SP
*/
@@ -157,6 +159,11 @@ public class AuthConfigurationProvider extends ConfigurationProvider {
*/
private ConnectionParameter bKUConnectionParameter;
+ /**
+ * parameter for connection to SZR-GW GetIdentityLink
+ */
+ private ConnectionParameter foreignIDConnectionParameter;
+
/**
* Return the single instance of configuration data.
*
@@ -256,6 +263,9 @@ public class AuthConfigurationProvider extends ConfigurationProvider {
defaultVerifyInfoboxParameters =
builder.buildVerifyInfoboxParameters((Element)defaultVerifyInfoboxParamtersElem, null, moaSpIdentityLinkTrustProfileID);
}
+
+
+ foreignIDConnectionParameter = builder.buildForeignIDConnectionParameter();
onlineApplicationAuthParameters = builder.buildOnlineApplicationAuthParameters(defaultVerifyInfoboxParameters, moaSpIdentityLinkTrustProfileID);
identityLinkX509SubjectNames = builder.getIdentityLink_X509SubjectNames();
defaultChainingMode = builder.getDefaultChainingMode();
@@ -368,6 +378,15 @@ public class AuthConfigurationProvider extends ConfigurationProvider {
public ConnectionParameter getMoaSpConnectionParameter() {
return moaSpConnectionParameter;
}
+
+ /**
+ * Return a ConnectionParameter bean containing all information
+ * of the authentication component foreigid element
+ * @return ConnectionParameter of the authentication component foreignid element
+ */
+ public ConnectionParameter getForeignIDConnectionParameter() {
+ return foreignIDConnectionParameter;
+ }
/**
* Return a string with a url-reference to the VerifyIdentityLink trust
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/auth/OAAuthParameter.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/auth/OAAuthParameter.java
index c095d9fc1..c352fae6c 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/auth/OAAuthParameter.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/auth/OAAuthParameter.java
@@ -46,26 +46,26 @@ public class OAAuthParameter extends OAParameter {
* security layer as input for wbPK computation
*/
private String identityLinkDomainIdentifier;
- /**
- * key box Identifier (e.g. CertifiedKeypair, SecureSignatureKeypair)
- */
+ /**
+ * key box Identifier (e.g. CertifiedKeypair, SecureSignatureKeypair)
+ */
private String keyBoxIdentifier;
/**
* transformations for rendering in the secure viewer of the security layer
* implementation; multiple transformation can be given for different mime types
*/
private String[] transformsInfos;
- /**
- * determines whether "Stammzahl" is to be included in the authentication data
- */
+ /**
+ * determines whether "Stammzahl" is to be included in the authentication data
+ */
private boolean provideStammzahl;
- /**
- * determines whether AUTH block is to be included in the authentication data
- */
+ /**
+ * determines whether AUTH block is to be included in the authentication data
+ */
private boolean provideAuthBlock;
- /**
- * determines whether identity link is to be included in the authentication data
- */
+ /**
+ * determines whether identity link is to be included in the authentication data
+ */
private boolean provideIdentityLink;
/**
* determines whether the certificate is to be included in the authentication data
@@ -89,6 +89,12 @@ public class OAAuthParameter extends OAParameter {
private VerifyInfoboxParameters verifyInfoboxParameters;
/**
+ * BZ
+ * Type for authentication number (e.g. Firmenbuchnummer)
+ */
+ private String identityLinkDomainIdentifierType;
+
+ /**
* Returns <code>true</code> if the Security Layer version is version 1.2,
* otherwise <code>false</code>.
* @return <code>true</code> if the Security Layer version is version 1.2,
@@ -156,13 +162,13 @@ public class OAAuthParameter extends OAParameter {
return provideCertificate;
}
- /**
- * Returns the key box identifier.
- * @return String
- */
- public String getKeyBoxIdentifier() {
- return keyBoxIdentifier;
- }
+ /**
+ * Returns the key box identifier.
+ * @return String
+ */
+ public String getKeyBoxIdentifier() {
+ return keyBoxIdentifier;
+ }
/**
* Returns the BkuSelectionTemplate url.
@@ -259,31 +265,31 @@ public class OAAuthParameter extends OAParameter {
this.provideCertificate = provideCertificate;
}
- /**
- * Sets the key box identifier.
- * @param keyBoxIdentifier to set
- */
- public void setKeyBoxIdentier(String keyBoxIdentifier) {
- this.keyBoxIdentifier = keyBoxIdentifier;
- }
+ /**
+ * Sets the key box identifier.
+ * @param keyBoxIdentifier to set
+ */
+ public void setKeyBoxIdentier(String keyBoxIdentifier) {
+ this.keyBoxIdentifier = keyBoxIdentifier;
+ }
/**
* Sets the BkuSelectionTemplate url.
* @param bkuSelectionTemplateURL The url string specifying the location
* of a BkuSelectionTemplate.
*/
- public void setBkuSelectionTemplateURL(String bkuSelectionTemplateURL) {
- this.bkuSelectionTemplateURL = bkuSelectionTemplateURL;
- }
+ public void setBkuSelectionTemplateURL(String bkuSelectionTemplateURL) {
+ this.bkuSelectionTemplateURL = bkuSelectionTemplateURL;
+ }
/**
* Sets the Template url.
* @param templateURL The url string specifying the location
* of a Template.
*/
- public void setTemplateURL(String templateURL) {
- this.templateURL = templateURL;
- }
+ public void setTemplateURL(String templateURL) {
+ this.templateURL = templateURL;
+ }
/**
* Sets the input processor sign form template url.
@@ -303,5 +309,21 @@ public class OAAuthParameter extends OAParameter {
public void setVerifyInfoboxParameters(VerifyInfoboxParameters verifyInfoboxParameters) {
this.verifyInfoboxParameters = verifyInfoboxParameters;
}
+
+ /**
+ * Gets the IdentityLinkDomainIdentifier (e.g. Firmenbuchnummer)
+ * @return IdentityLinkDomainIdentifier (e.g. Firmenbuchnummer)
+ */
+ public String getIdentityLinkDomainIdentifierType() {
+ return identityLinkDomainIdentifierType;
+ }
+
+ /**
+ * Sets the IdentityLinkDomainIdentifier (e.g. Firmenbuchnummer)
+ * @param identityLinkDomainIdentifierType The IdentityLinkDomainIdentifier to set (e.g. Firmenbuchnummer)
+ */
+ public void setIdentityLinkDomainIdentifierType(String identityLinkDomainIdentifierType) {
+ this.identityLinkDomainIdentifierType = identityLinkDomainIdentifierType;
+ }
}
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/proxy/DefaultConnectionBuilder.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/proxy/DefaultConnectionBuilder.java
index 7f0dfe509..b8b53e7f3 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/proxy/DefaultConnectionBuilder.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/proxy/DefaultConnectionBuilder.java
@@ -103,7 +103,7 @@ public class DefaultConnectionBuilder implements ConnectionBuilder {
HttpsURLConnection httpsConn = (HttpsURLConnection) conn;
httpsConn.setSSLSocketFactory(sslSocketFactory);
if (cbDisableHostnameVerification)
- httpsConn.setHostnameVerifier(new HostnameNonVerifier());
+ httpsConn.setHostnameVerifier(new HostnameNonVerifier());
}
return conn;
@@ -163,7 +163,6 @@ public class DefaultConnectionBuilder implements ConnectionBuilder {
return true;
}
-
/**
* @see com.sun.net.ssl.HostnameVerifier#verify(String, String)
*/
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/proxy/DefaultLoginParameterResolver.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/proxy/DefaultLoginParameterResolver.java
index d13a6829c..badee38ac 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/proxy/DefaultLoginParameterResolver.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/proxy/DefaultLoginParameterResolver.java
@@ -36,8 +36,9 @@ public class DefaultLoginParameterResolver implements LoginParameterResolver {
/**
* Constructor
*/
- public DefaultLoginParameterResolver() {
- }
+ //public DefaultLoginParameterResolver() {
+ //}
+ //@TODO: Änderung von 1.4.4
/**
* Configuration mehtod (not used)
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/proxy/ElakConnectionBuilder.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/proxy/ElakConnectionBuilder.java
index 6810c9223..f3527055d 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/proxy/ElakConnectionBuilder.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/proxy/ElakConnectionBuilder.java
@@ -119,7 +119,8 @@ public class ElakConnectionBuilder implements ConnectionBuilder {
String parameter[] = new String[2];
for (Iterator iter = parameters.iterator(); iter.hasNext();) {
- parameter = (String[]) iter.next();
+ parameter = (String[]) iter.next();
+
if(query.indexOf(parameter[0]) >= 0) iter.remove();
}
}
@@ -253,6 +254,7 @@ public class ElakConnectionBuilder implements ConnectionBuilder {
*/
//JSSE Abhängigkeit
private class HostnameNonVerifier implements HostnameVerifier {
+
public boolean verify(String hostname, SSLSession session) {
// TODO Auto-generated method stub
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/proxy/EnhancedConnectionBuilder.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/proxy/EnhancedConnectionBuilder.java
index 4af2561b2..7e27082a0 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/proxy/EnhancedConnectionBuilder.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/proxy/EnhancedConnectionBuilder.java
@@ -162,13 +162,14 @@ public class EnhancedConnectionBuilder implements ConnectionBuilder {
// JSSE Abhängigkeit
private class HostnameNonVerifier implements HostnameVerifier {
- /**
- * @see com.sun.net.ssl.HostnameVerifier#verify(String, String)
- */
+
public boolean verify(String hostname, SSLSession session) {
return true;
}
+ /**
+ * @see com.sun.net.ssl.HostnameVerifier#verify(String, String)
+ */
// public boolean verify(String arg0, String arg1) {
// return true;
// }
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/proxy/servlet/ProxyServlet.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/proxy/servlet/ProxyServlet.java
index b986d7c2c..0cd0a0b7a 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/proxy/servlet/ProxyServlet.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/proxy/servlet/ProxyServlet.java
@@ -117,6 +117,7 @@ public class ProxyServlet extends HttpServlet {
protected void service(HttpServletRequest req, HttpServletResponse resp) throws ServletException, IOException {
Logger.debug("getRequestURL:" + req.getRequestURL().toString());
+ //@TODO Parameter
try {
if (req.getParameter(PARAM_SAMLARTIFACT) != null) {
// check if SAML Artifact was already used in this session (in case of page reload)
@@ -175,7 +176,8 @@ public class ProxyServlet extends HttpServlet {
String binding = "";
if (session.getAttribute(ATT_BROWSERREQU)==null) {
-
+
+ //@TODO Parameter
samlArtifact = req.getParameter(PARAM_SAMLARTIFACT);
Logger.debug("moa-id-proxy login " + PARAM_SAMLARTIFACT + ": " + samlArtifact);
// String target = req.getParameter(PARAM_TARGET); parameter given but not processed
@@ -496,7 +498,7 @@ private int tunnelRequest(HttpServletRequest req, HttpServletResponse resp, Map
Vector parameters = new Vector();
-
+//@TODO Parameter
for (Enumeration enu = req.getParameterNames(); enu.hasMoreElements();) {
String paramName = (String) enu.nextElement();
if (!(paramName.equals(PARAM_SAMLARTIFACT) || paramName.equals(PARAM_TARGET))) {
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/util/ParamValidatorUtils.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/util/ParamValidatorUtils.java
new file mode 100644
index 000000000..684291c59
--- /dev/null
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/util/ParamValidatorUtils.java
@@ -0,0 +1,158 @@
+package at.gv.egovernment.moa.id.util;
+
+import java.io.BufferedReader;
+import java.io.IOException;
+import java.io.InputStream;
+import java.io.InputStreamReader;
+import java.net.MalformedURLException;
+import java.net.URL;
+import java.util.regex.Matcher;
+import java.util.regex.Pattern;
+
+
+public class ParamValidatorUtils {
+
+ /**
+ * Checks if the given target is valid
+ * @param target HTTP parameter from request
+ * @return
+ */
+ public static boolean isValidTarget(String target) {
+
+ // if non parameter is given return true
+ if (target == null)
+ return true;
+
+ Pattern pattern = Pattern.compile("[a-zA-Z-]{1,5}");
+ Matcher matcher = pattern.matcher(target);
+ return matcher.matches();
+ }
+
+ /**
+ * Checks if the given bkuURI is valid
+ * @param target HTTP parameter from request
+ * @return
+ */
+ public static boolean isValidBKUURI(String bkuURI) {
+
+ // if non parameter is given return true
+ if (bkuURI == null)
+ return true;
+
+ // check if bkuURI is a valid URL
+ try {
+ new URL(bkuURI);
+ return true;
+ } catch (MalformedURLException e) {
+ return false;
+ }
+ }
+
+ /**
+ * Checks if the given template is valid
+ * @param target HTTP parameter from request
+ * @return
+ */
+ public static boolean isValidTemplate(String template) {
+
+ // if non parameter is given return true
+ if (template == null)
+ return true;
+
+ // check if template is a valid URL
+ try {
+ new URL(template);
+ return true;
+ } catch (MalformedURLException e) {
+ e.printStackTrace();
+ return false;
+ }
+ }
+
+ /**
+ * Checks if the given template is valid
+ * @param target HTTP parameter from request
+ * @return
+ */
+ public static boolean isValidSessionID(String sessionID) {
+
+ // if non parameter is given return true
+ if (sessionID == null)
+ return true;
+
+ Pattern pattern = Pattern.compile("[0-9-]*");
+ Matcher matcher = pattern.matcher(sessionID);
+ return matcher.matches();
+
+
+ }
+
+ /**
+ * Checks if the given oa is valid
+ * @param target HTTP parameter from request
+ * @return
+ */
+ public static boolean isValidOA(String oa) {
+
+ // if non parameter is given return true
+ if (oa == null)
+ return true;
+
+ // check if oa is a valid URL
+ try {
+ new URL(oa);
+ return true;
+ } catch (MalformedURLException e) {
+ return false;
+ }
+ }
+
+ /**
+ * Checks if <BKU>, <XMLRequest>, <DataURL>, <CertInfoXMLRequest>,
+ * <CertInfoDataURL> placeholders are contained in the given string.
+ * The placeholder <PushInfobox> is not checked, as it is only required,
+ * if other infoboxes as identity link will be treated.
+ * @param data
+ * @return
+ */
+ private static boolean checkPlaceHolders(String data) {
+
+ boolean bku = data.contains("<BKU>");
+ boolean xmlrequest = data.contains("<XMLRequest>");
+ boolean dataurl = data.contains("<DataURL>");
+ boolean certinfoxmlrequest = data.contains("<CertInfoXMLRequest>");
+ boolean certinfodataurl = data.contains("<CertInfoDataURL>");
+
+ System.out.println("Check Data: ");
+ System.out.println("bku: " + bku);
+ System.out.println("xmlrequest: " + xmlrequest);
+ System.out.println("dataurl: " + dataurl);
+ System.out.println("certinfoxmlrequest: " + certinfoxmlrequest);
+ System.out.println("certinfodataurl: " + certinfodataurl);
+
+
+ //return bku && xmlrequest && dataurl && certinfoxmlrequest && certinfodataurl;
+ return true;
+
+ }
+
+
+ /**
+ * Converts an input stream to a string
+ * @param is
+ * @return
+ * @throws Exception
+ */
+ private static String convertStreamToString(InputStream is) throws Exception {
+ BufferedReader reader = new BufferedReader(new InputStreamReader(is));
+ StringBuilder sb = new StringBuilder();
+ String line = null;
+ while ((line = reader.readLine()) != null) {
+ sb.append(line);
+ }
+ is.close();
+ return sb.toString();
+ }
+
+}
+
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/util/SSLUtils.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/util/SSLUtils.java
index e287e7118..8799082b3 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/util/SSLUtils.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/util/SSLUtils.java
@@ -69,10 +69,10 @@ public class SSLUtils {
*/
public static void initialize() {
sslSocketFactories = new HashMap();
- // JSSE Abhängigkeit
- //Security.addProvider(new com.sun.net.ssl.internal.ssl.Provider());
- Security.addProvider(new IAIK());
- //System.setProperty("java.protocol.handler.pkgs", "com.sun.net.ssl.internal.www.protocol");
+ // JSSE Abhängigkeit
+ Security.addProvider(new com.sun.net.ssl.internal.ssl.Provider());
+ //Security.addProvider(new IAIK());
+ System.setProperty("java.protocol.handler.pkgs", "com.sun.net.ssl.internal.www.protocol");
}
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/util/ServletUtils.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/util/ServletUtils.java
index 7fa3fe8f0..1915ce40a 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/util/ServletUtils.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/util/ServletUtils.java
@@ -73,6 +73,35 @@ public class ServletUtils {
Logger.debug("REDIRECT TO: " + redirectURL);
}
+ }
+ /**
+ * Writes out whether the CreateXMLSignatureRequest or a Redirect for form input processing
+ * depending on the requests starting text.
+ *
+ * @param resp The httpServletResponse
+ * @param session The current AuthenticationSession
+ * @param createXMLSignatureRequestOrRedirect The request
+ * @param servletGoal The servlet to which the redirect should happen
+ * @param servletName The servlet name for debug purposes
+ * @throws MOAIDException
+ * @throws IOException
+ */
+ public static void writeCreateXMLSignatureRequest(HttpServletResponse resp, AuthenticationSession session, String createXMLSignatureRequestOrRedirect, String servletGoal, String servletName, String dataURL)
+ throws MOAIDException,
+ IOException
+ {
+ resp.setStatus(307);
+ resp.addHeader("Location", dataURL);
+
+ //TODO test impact of explicit setting charset with older versions of BKUs (HotSign)
+ resp.setContentType("text/xml;charset=UTF-8");
+
+ OutputStream out = resp.getOutputStream();
+ out.write(createXMLSignatureRequestOrRedirect.getBytes("UTF-8"));
+ out.flush();
+ out.close();
+ Logger.debug("Finished POST " + servletName);
+
}
}
diff --git a/id/server/idserverlib/src/main/resources/resources/properties/id_messages_de.properties b/id/server/idserverlib/src/main/resources/resources/properties/id_messages_de.properties
index 552619e45..14e4d5347 100644
--- a/id/server/idserverlib/src/main/resources/resources/properties/id_messages_de.properties
+++ b/id/server/idserverlib/src/main/resources/resources/properties/id_messages_de.properties
@@ -29,6 +29,7 @@ auth.08=In der Bürgerkartenumgebung ist ein Fehler aufgetreten: <br>Fehlercode <
auth.09=Zur Auswahlseite der Bürgertenumgebung (URL={0}) konnte keine Verbindung hergestellt werden. : <br>HTTP-Statuscode <i>{1}</i>
auth.10=Fehler beim Aufruf von "{0}": Parameter "{1}" fehlt
auth.11=Die zentral gespeicherte Auswahlseite für Bürgerkartenumgebungen konnte nicht geladen werden. Bitte informieren Sie den Adminstrator des Servers und versuchen Sie die Anmeldung in einiger Zeit abermals. <br>URL "{0}" Interne Fehlermeldung: {1}
+auth.12=Fehlerhafter Parameter "{1}" beim Aufruf von "{0}"
init.00=MOA ID Authentisierung wurde erfolgreich gestartet
init.01=Fehler beim Aktivieren des IAIK-JCE/JSSE/JDK1.3 Workaround: SSL ist möglicherweise nicht verfügbar
diff --git a/id/server/pom.xml b/id/server/pom.xml
index 32c345d6a..01432ce11 100644
--- a/id/server/pom.xml
+++ b/id/server/pom.xml
@@ -4,14 +4,14 @@
<parent>
<groupId>MOA</groupId>
<artifactId>id</artifactId>
- <version>1.4.6</version>
+ <version>1.4.7</version>
</parent>
<modelVersion>4.0.0</modelVersion>
<groupId>MOA.id</groupId>
<artifactId>moa-id</artifactId>
<packaging>pom</packaging>
- <version>1.4.6</version>
+ <version>1.4.7</version>
<name>MOA ID Server</name>
<modules>
diff --git a/id/server/proxy/.settings/org.eclipse.wst.common.component b/id/server/proxy/.settings/org.eclipse.wst.common.component
index fad3275dd..a934dee5b 100644
--- a/id/server/proxy/.settings/org.eclipse.wst.common.component
+++ b/id/server/proxy/.settings/org.eclipse.wst.common.component
@@ -1,17 +1,17 @@
-<?xml version="1.0" encoding="UTF-8"?>
-<project-modules id="moduleCoreId" project-version="1.5.0">
- <wb-module deploy-name="moa-id-proxy">
- <wb-resource deploy-path="/" source-path="/src/main/webapp"/>
- <dependent-module deploy-path="/WEB-INF/lib" handle="module:/resource/moa-spss-lib/moa-spss-lib">
- <dependency-type>uses</dependency-type>
- </dependent-module>
- <dependent-module deploy-path="/WEB-INF/lib" handle="module:/resource/moa-common/moa-common">
- <dependency-type>uses</dependency-type>
- </dependent-module>
- <dependent-module deploy-path="/WEB-INF/lib" handle="module:/resource/moa-id-lib/moa-id-lib">
- <dependency-type>uses</dependency-type>
- </dependent-module>
- <property name="context-root" value="moa-id-proxy"/>
- <property name="java-output-path"/>
- </wb-module>
-</project-modules>
+<?xml version="1.0" encoding="UTF-8"?>
+<project-modules id="moduleCoreId" project-version="1.5.0">
+ <wb-module deploy-name="moa-id-proxy">
+ <wb-resource deploy-path="/" source-path="/src/main/webapp"/>
+ <dependent-module deploy-path="/WEB-INF/lib" handle="module:/resource/moa-spss-lib/moa-spss-lib">
+ <dependency-type>uses</dependency-type>
+ </dependent-module>
+ <dependent-module deploy-path="/WEB-INF/lib" handle="module:/resource/moa-common/moa-common">
+ <dependency-type>uses</dependency-type>
+ </dependent-module>
+ <dependent-module deploy-path="/WEB-INF/lib" handle="module:/resource/moa-id-lib/moa-id-lib">
+ <dependency-type>uses</dependency-type>
+ </dependent-module>
+ <property name="context-root" value="moa-id-proxy"/>
+ <property name="java-output-path"/>
+ </wb-module>
+</project-modules>
diff --git a/id/server/proxy/pom.xml b/id/server/proxy/pom.xml
index 5bc7f77ae..754381607 100644
--- a/id/server/proxy/pom.xml
+++ b/id/server/proxy/pom.xml
@@ -2,7 +2,7 @@
<parent>
<groupId>MOA.id</groupId>
<artifactId>moa-id</artifactId>
- <version>1.4.6</version>
+ <version>1.4.7</version>
</parent>
<properties>
@@ -13,7 +13,7 @@
<groupId>MOA.id.server</groupId>
<artifactId>moa-id-proxy</artifactId>
<packaging>war</packaging>
- <version>1.4.6</version>
+ <version>1.4.7</version>
<name>MOA ID-Proxy WebService</name>
<build>