diff options
Diffstat (limited to 'id')
15 files changed, 838 insertions, 27 deletions
diff --git a/id/server/auth/pom.xml b/id/server/auth/pom.xml index b43a0e736..dd75ee6aa 100644 --- a/id/server/auth/pom.xml +++ b/id/server/auth/pom.xml @@ -108,6 +108,10 @@ <artifactId>iaik_pki_module</artifactId> <groupId>iaik</groupId> </exclusion> + <exclusion> + <artifactId>axis-wsdl4j</artifactId> + <groupId>axis</groupId> + </exclusion> </exclusions> </dependency> <dependency> diff --git a/id/server/idserverlib/pom.xml b/id/server/idserverlib/pom.xml index 833f869e5..32c8f5705 100644 --- a/id/server/idserverlib/pom.xml +++ b/id/server/idserverlib/pom.xml @@ -71,6 +71,10 @@ <groupId>javax.servlet</groupId>
<artifactId>servlet-api</artifactId>
</exclusion>
+ <exclusion>
+ <artifactId>axis-wsdl4j</artifactId>
+ <groupId>axis</groupId>
+ </exclusion>
</exclusions>
</dependency>
<dependency>
@@ -92,7 +96,8 @@ <dependency>
<groupId>at.gv.util</groupId>
<artifactId>egovutils</artifactId>
- <version>1.0.7</version>
+ <!-- <version>1.0.7</version> -->
+ <version>2.0.0</version>
<exclusions>
<exclusion>
<groupId>com.sun</groupId>
@@ -102,6 +107,14 @@ <groupId>org.slf4j</groupId>
<artifactId>*</artifactId>
</exclusion>
+ <exclusion>
+ <groupId>xalan</groupId>
+ <artifactId>*</artifactId>
+ </exclusion>
+ <exclusion>
+ <artifactId>bcprov-jdk16</artifactId>
+ <groupId>bouncycastle</groupId>
+ </exclusion>
</exclusions>
</dependency>
@@ -247,6 +260,14 @@ <groupId>org.slf4j</groupId>
<artifactId>log4j-over-slf4j</artifactId>
</exclusion>
+ <exclusion>
+ <groupId>org.apache.xerces</groupId>
+ <artifactId>*</artifactId>
+ </exclusion>
+ <exclusion>
+ <groupId>xalan</groupId>
+ <artifactId>*</artifactId>
+ </exclusion>
</exclusions>
</dependency>
<dependency>
@@ -257,6 +278,22 @@ <groupId>org.slf4j</groupId>
<artifactId>log4j-over-slf4j</artifactId>
</exclusion>
+ <exclusion>
+ <groupId>org.slf4j</groupId>
+ <artifactId>log4j-over-slf4j</artifactId>
+ </exclusion>
+ <exclusion>
+ <groupId>org.apache.xerces</groupId>
+ <artifactId>*</artifactId>
+ </exclusion>
+ <exclusion>
+ <groupId>xalan</groupId>
+ <artifactId>*</artifactId>
+ </exclusion>
+ <exclusion>
+ <artifactId>bcprov-jdk15on</artifactId>
+ <groupId>org.bouncycastle</groupId>
+ </exclusion>
</exclusions>
</dependency>
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/client/SZRGWClient.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/client/SZRGWClient.java index c675885c9..9e4f3fa36 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/client/SZRGWClient.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/client/SZRGWClient.java @@ -38,9 +38,14 @@ import at.gv.util.wsdl.szrgw.SZRGWType; import at.gv.util.xsd.srzgw.CreateIdentityLinkRequest; import at.gv.util.xsd.srzgw.CreateIdentityLinkResponse; -import com.sun.xml.ws.developer.JAXWSProperties; import javax.xml.ws.BindingProvider; +import org.apache.cxf.configuration.jsse.TLSClientParameters; +import org.apache.cxf.endpoint.Client; +import org.apache.cxf.frontend.ClientProxy; +import org.apache.cxf.transport.http.HTTPConduit; +import org.apache.cxf.transports.http.configuration.HTTPClientPolicy; + public class SZRGWClient { private SSLSocketFactory sslContext = null; @@ -57,9 +62,6 @@ public class SZRGWClient { SZRGWService service = new SZRGWService(url, new QName("http://reference.e-government.gv.at/namespace/szrgw/20070807/wsdl", "SZRGWService")); SZRGWType port = service.getSZRGWPort(); - - - BindingProvider bindingProvider = (BindingProvider) port; Map<String, Object> requestContext = bindingProvider.getRequestContext(); requestContext.put(BindingProvider.ENDPOINT_ADDRESS_PROPERTY, serviceUrl); @@ -72,12 +74,24 @@ public class SZRGWClient { throw new SZRGWClientException(); } - requestContext.put(JAXWSProperties.SSL_SOCKET_FACTORY, sslContext); + Client client = ClientProxy.getClient(port); + HTTPConduit http = (HTTPConduit) client.getConduit(); + HTTPClientPolicy httpClientPolicy = new HTTPClientPolicy(); + + httpClientPolicy.setConnectionTimeout(36000); + httpClientPolicy.setReceiveTimeout(32000); + + http.setClient(httpClientPolicy); + TLSClientParameters tlsParams = new TLSClientParameters(); + tlsParams.setSSLSocketFactory(sslContext); + + http.setTlsClientParameters(tlsParams ); + // check for lax hostname if (true) { Logger.trace("LaxHostnameVerifier enabled. This setting is not recommended to use."); - requestContext.put(JAXWSProperties.HOSTNAME_VERIFIER, new LaxHostNameVerifier()); + tlsParams.setHostnameVerifier(new LaxHostNameVerifier()); } } diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/CorporateBodyMandateContainer.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/CorporateBodyMandateContainer.java index b358436ae..3e16db7d2 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/CorporateBodyMandateContainer.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/CorporateBodyMandateContainer.java @@ -24,17 +24,10 @@ package at.gv.egovernment.moa.id.protocols.stork2; import at.gv.egovernment.moa.id.auth.exception.MOAIDException; import at.gv.egovernment.moa.logging.Logger; -import javanet.staxutils.SimpleNamespaceContext; import org.xml.sax.InputSource; -import javax.xml.xpath.XPath; import javax.xml.xpath.XPathExpressionException; -import javax.xml.xpath.XPathFactory; import java.io.StringReader; -import java.lang.reflect.InvocationTargetException; -import java.lang.reflect.Method; -import java.util.HashMap; - /** * Physical person representing corporate body * diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/MandateContainer.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/MandateContainer.java index 25350e686..e6c58b503 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/MandateContainer.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/MandateContainer.java @@ -24,11 +24,11 @@ package at.gv.egovernment.moa.id.protocols.stork2; import at.gv.egovernment.moa.id.auth.exception.MOAIDException; import at.gv.egovernment.moa.logging.Logger; -import javanet.staxutils.SimpleNamespaceContext; import javax.xml.xpath.XPath; import javax.xml.xpath.XPathExpressionException; import javax.xml.xpath.XPathFactory; + import java.lang.reflect.InvocationTargetException; import java.lang.reflect.Method; import java.util.HashMap; diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/PhyPersonMandateContainer.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/PhyPersonMandateContainer.java index 853d17318..ba89663ab 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/PhyPersonMandateContainer.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/PhyPersonMandateContainer.java @@ -24,14 +24,10 @@ package at.gv.egovernment.moa.id.protocols.stork2; import at.gv.egovernment.moa.id.auth.exception.MOAIDException; import at.gv.egovernment.moa.logging.Logger; -import javanet.staxutils.SimpleNamespaceContext; import org.xml.sax.InputSource; -import javax.xml.xpath.XPath; import javax.xml.xpath.XPathExpressionException; -import javax.xml.xpath.XPathFactory; import java.io.StringReader; -import java.util.HashMap; /** * Physical person representing physical person diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/SimpleNamespaceContext.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/SimpleNamespaceContext.java new file mode 100644 index 000000000..2c2df3e54 --- /dev/null +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/SimpleNamespaceContext.java @@ -0,0 +1,83 @@ +/* + * Copyright 2014 Federal Chancellery Austria + * MOA-ID has been developed in a cooperation between BRZ, the Federal + * Chancellery Austria - ICT staff unit, and Graz University of Technology. + * + * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by + * the European Commission - subsequent versions of the EUPL (the "Licence"); + * You may not use this work except in compliance with the Licence. + * You may obtain a copy of the Licence at: + * http://www.osor.eu/eupl/ + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the Licence is distributed on an "AS IS" basis, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the Licence for the specific language governing permissions and + * limitations under the Licence. + * + * This product combines work with different licenses. See the "NOTICE" text + * file for details on the various modules and licenses. + * The "NOTICE" text file is part of the distribution. Any derivative works + * that you distribute must include a readable copy of the "NOTICE" text file. + */ +package at.gv.egovernment.moa.id.protocols.stork2; + +import java.util.HashMap; +import java.util.Iterator; +import java.util.Map.Entry; +import java.util.Set; + +import javax.xml.namespace.NamespaceContext; + +/** + * @author tlenz + * + */ +public class SimpleNamespaceContext implements NamespaceContext { + + HashMap<String, String> prefMap = null; + /** + * @param prefMap + */ + SimpleNamespaceContext(HashMap<String, String> prefMap) { + this.prefMap = prefMap; + } + + /* (non-Javadoc) + * @see javax.xml.namespace.NamespaceContext#getNamespaceURI(java.lang.String) + */ + @Override + public String getNamespaceURI(String prefix) { + if (prefMap.containsKey(prefix)) + return prefMap.get(prefix); + else + return null; + } + + /* (non-Javadoc) + * @see javax.xml.namespace.NamespaceContext#getPrefix(java.lang.String) + */ + @Override + public String getPrefix(String namespaceURI) { + if (prefMap.containsValue(namespaceURI)) { + Set<Entry<String, String>> set = prefMap.entrySet(); + for (Entry<String, String> el : set) { + if (el.getValue().equals(namespaceURI)) + return el.getKey(); + + } + } + + return null; + } + + /* (non-Javadoc) + * @see javax.xml.namespace.NamespaceContext#getPrefixes(java.lang.String) + */ + @Override + public Iterator getPrefixes(String namespaceURI) { + // TODO Auto-generated method stub + return null; + } + +} diff --git a/id/server/idserverlib/src/main/resources/resources/properties/pvp-stork_role_mapping.properties b/id/server/idserverlib/src/main/resources/resources/properties/pvp-stork_role_mapping.properties new file mode 100644 index 000000000..5bcfc7bd2 --- /dev/null +++ b/id/server/idserverlib/src/main/resources/resources/properties/pvp-stork_role_mapping.properties @@ -0,0 +1,2 @@ +xxpvprole=CIRCABC/viewer +yypvprole=CIRCABC/admin
\ No newline at end of file diff --git a/id/server/idserverlib/src/main/resources/resources/wsdl/szrgw/W3C-XMLDSig.xsd b/id/server/idserverlib/src/main/resources/resources/wsdl/szrgw/W3C-XMLDSig.xsd new file mode 100644 index 000000000..522cae082 --- /dev/null +++ b/id/server/idserverlib/src/main/resources/resources/wsdl/szrgw/W3C-XMLDSig.xsd @@ -0,0 +1,265 @@ +<?xml version="1.0" encoding="utf-8"?> +<!-- PUBLIC "-//W3C//DTD XMLSchema 200102//EN" "http://www.w3.org/2001/XMLSchema.dtd" + --> +<!-- Schema for XML Signatures + http://www.w3.org/2000/09/xmldsig# + $Revision: 1.1 $ on $Date: 2002/11/11 16:24:27 $ by $Author: Linauer $ + + Copyright 2001 The Internet Society and W3C (Massachusetts Institute + of Technology, Institut National de Recherche en Informatique et en + Automatique, Keio University). All Rights Reserved. + http://www.w3.org/Consortium/Legal/ + + This document is governed by the W3C Software License [1] as described + in the FAQ [2]. + + [1] http://www.w3.org/Consortium/Legal/copyright-software-19980720 + [2] http://www.w3.org/Consortium/Legal/IPR-FAQ-20000620.html#DTD +--> +<schema targetNamespace="http://www.w3.org/2000/09/xmldsig#" xmlns:ds="http://www.w3.org/2000/09/xmldsig#" xmlns="http://www.w3.org/2001/XMLSchema" elementFormDefault="qualified" version="0.1"> + <!-- Basic Types Defined for Signatures --> + <!-- modified to ensure that whiteSpace is preserved +<simpleType name="CryptoBinary"> + <restriction base="base64Binary"> + </restriction> +</simpleType> + --> + <simpleType name="CryptoBinary"> + <restriction base="string"> + <whiteSpace value="preserve"/> + <pattern value="[A-Za-z0-9\+/=\n\r\t ]*"/> + </restriction> + </simpleType> + <!-- Start Signature --> + <element name="Signature" type="ds:SignatureType"/> + <complexType name="SignatureType"> + <sequence> + <element ref="ds:SignedInfo"/> + <element ref="ds:SignatureValue"/> + <element ref="ds:KeyInfo" minOccurs="0"/> + <element ref="ds:Object" minOccurs="0" maxOccurs="unbounded"/> + </sequence> + <attribute name="Id" type="ID" use="optional"/> + </complexType> + <element name="SignatureValue" type="ds:SignatureValueType"/> + <complexType name="SignatureValueType"> + <simpleContent> + <extension base="ds:CryptoBinary"> + <attribute name="Id" type="ID" use="optional"/> + </extension> + </simpleContent> + </complexType> + <!-- Start SignedInfo --> + <element name="SignedInfo" type="ds:SignedInfoType"/> + <complexType name="SignedInfoType"> + <sequence> + <element ref="ds:CanonicalizationMethod"/> + <element ref="ds:SignatureMethod"/> + <element ref="ds:Reference" maxOccurs="unbounded"/> + </sequence> + <attribute name="Id" type="ID" use="optional"/> + </complexType> + <element name="CanonicalizationMethod" type="ds:CanonicalizationMethodType"/> + <complexType name="CanonicalizationMethodType" mixed="true"> + <sequence> + <any namespace="##any" minOccurs="0" maxOccurs="unbounded"/> + <!-- (0,unbounded) elements from (1,1) namespace --> + </sequence> + <attribute name="Algorithm" type="anyURI" use="required"/> + </complexType> + <element name="SignatureMethod" type="ds:SignatureMethodType"/> + <complexType name="SignatureMethodType" mixed="true"> + <sequence> + <element name="HMACOutputLength" type="ds:HMACOutputLengthType" minOccurs="0"/> + <any namespace="##other" minOccurs="0" maxOccurs="unbounded"/> + <!-- (0,unbounded) elements from (1,1) external namespace --> + </sequence> + <attribute name="Algorithm" type="anyURI" use="required"/> + </complexType> + <!-- Start Reference --> + <element name="Reference" type="ds:ReferenceType"/> + <complexType name="ReferenceType"> + <sequence> + <element ref="ds:Transforms" minOccurs="0"/> + <element ref="ds:DigestMethod"/> + <element ref="ds:DigestValue"/> + </sequence> + <attribute name="Id" type="ID" use="optional"/> + <attribute name="URI" type="anyURI" use="optional"/> + <attribute name="Type" type="anyURI" use="optional"/> + </complexType> + <element name="Transforms" type="ds:TransformsType"/> + <complexType name="TransformsType"> + <sequence> + <element ref="ds:Transform" maxOccurs="unbounded"/> + </sequence> + </complexType> + <element name="Transform" type="ds:TransformType"/> + <complexType name="TransformType" mixed="true"> + <choice minOccurs="0" maxOccurs="unbounded"> + <any namespace="##other" processContents="lax"/> + <element name="XPath" type="string"/> + <!-- (1,1) elements from (0,unbounded) namespaces --> + </choice> + <attribute name="Algorithm" type="anyURI" use="required"/> + </complexType> + <!-- End Reference --> + <element name="DigestMethod" type="ds:DigestMethodType"/> + <complexType name="DigestMethodType" mixed="true"> + <sequence> + <any namespace="##other" processContents="lax" minOccurs="0" maxOccurs="unbounded"/> + </sequence> + <attribute name="Algorithm" type="anyURI" use="required"/> + </complexType> + <element name="DigestValue" type="ds:DigestValueType"/> + <simpleType name="DigestValueType"> + <restriction base="ds:CryptoBinary"/> + </simpleType> + <!-- End SignedInfo --> + <!-- Start KeyInfo --> + <element name="KeyInfo" type="ds:KeyInfoType"/> + <complexType name="KeyInfoType" mixed="true"> + <choice maxOccurs="unbounded"> + <element ref="ds:KeyName"/> + <element ref="ds:KeyValue"/> + <element ref="ds:RetrievalMethod"/> + <element ref="ds:X509Data"/> + <element ref="ds:PGPData"/> + <element ref="ds:SPKIData"/> + <element ref="ds:MgmtData"/> + <any namespace="##other" processContents="lax"/> + <!-- (1,1) elements from (0,unbounded) namespaces --> + </choice> + <attribute name="Id" type="ID" use="optional"/> + </complexType> + <element name="KeyName" type="string"/> + <element name="MgmtData" type="string"/> + <element name="KeyValue" type="ds:KeyValueType"/> + <complexType name="KeyValueType" mixed="true"> + <choice> + <element ref="ds:DSAKeyValue"/> + <element ref="ds:RSAKeyValue"/> + <any namespace="##other" processContents="lax"/> + </choice> + </complexType> + <element name="RetrievalMethod" type="ds:RetrievalMethodType"/> + <complexType name="RetrievalMethodType"> + <sequence> + <element name="Transforms" type="ds:TransformsType" minOccurs="0"/> + </sequence> + <attribute name="URI" type="anyURI"/> + <attribute name="Type" type="anyURI" use="optional"/> + </complexType> + <!-- Start X509Data --> + <element name="X509Data" type="ds:X509DataType"/> + <complexType name="X509DataType"> + <sequence maxOccurs="unbounded"> + <choice> + <element name="X509IssuerSerial" type="ds:X509IssuerSerialType"/> + <element name="X509SKI" type="ds:CryptoBinary"/> + <element name="X509SubjectName" type="string"/> + <element name="X509Certificate" type="ds:CryptoBinary"/> + <element name="X509CRL" type="ds:CryptoBinary"/> + <any namespace="##other" processContents="lax"/> + </choice> + </sequence> + </complexType> + <complexType name="X509IssuerSerialType"> + <sequence> + <element name="X509IssuerName" type="string"/> + <element name="X509SerialNumber" type="integer"/> + </sequence> + </complexType> + <!-- End X509Data --> + <!-- Begin PGPData --> + <element name="PGPData" type="ds:PGPDataType"/> + <complexType name="PGPDataType"> + <choice> + <sequence> + <element name="PGPKeyID" type="ds:CryptoBinary"/> + <element name="PGPKeyPacket" type="ds:CryptoBinary" minOccurs="0"/> + <any namespace="##other" processContents="lax" minOccurs="0" maxOccurs="unbounded"/> + </sequence> + <sequence> + <element name="PGPKeyPacket" type="ds:CryptoBinary"/> + <any namespace="##other" processContents="lax" minOccurs="0" maxOccurs="unbounded"/> + </sequence> + </choice> + </complexType> + <!-- End PGPData --> + <!-- Begin SPKIData --> + <element name="SPKIData" type="ds:SPKIDataType"/> + <complexType name="SPKIDataType"> + <sequence maxOccurs="unbounded"> + <element name="SPKISexp" type="ds:CryptoBinary"/> + <any namespace="##other" processContents="lax" minOccurs="0"/> + </sequence> + </complexType> + <!-- End SPKIData --> + <!-- End KeyInfo --> + <!-- Start Object (Manifest, SignatureProperty) --> + <element name="Object" type="ds:ObjectType"/> + <complexType name="ObjectType" mixed="true"> + <sequence minOccurs="0" maxOccurs="unbounded"> + <any namespace="##any" processContents="lax"/> + </sequence> + <attribute name="Id" type="ID" use="optional"/> + <attribute name="MimeType" type="string" use="optional"/> + <attribute name="Encoding" type="anyURI" use="optional"/> + <!-- add a grep facet --> + </complexType> + <element name="Manifest" type="ds:ManifestType"/> + <complexType name="ManifestType"> + <sequence> + <element ref="ds:Reference" maxOccurs="unbounded"/> + </sequence> + <attribute name="Id" type="ID" use="optional"/> + </complexType> + <element name="SignatureProperties" type="ds:SignaturePropertiesType"/> + <complexType name="SignaturePropertiesType"> + <sequence> + <element ref="ds:SignatureProperty" maxOccurs="unbounded"/> + </sequence> + <attribute name="Id" type="ID" use="optional"/> + </complexType> + <element name="SignatureProperty" type="ds:SignaturePropertyType"/> + <complexType name="SignaturePropertyType" mixed="true"> + <choice maxOccurs="unbounded"> + <any namespace="##other" processContents="lax"/> + <!-- (1,1) elements from (1,unbounded) namespaces --> + </choice> + <attribute name="Target" type="anyURI" use="required"/> + <attribute name="Id" type="ID" use="optional"/> + </complexType> + <!-- End Object (Manifest, SignatureProperty) --> + <!-- Start Algorithm Parameters --> + <simpleType name="HMACOutputLengthType"> + <restriction base="integer"/> + </simpleType> + <!-- Start KeyValue Element-types --> + <element name="DSAKeyValue" type="ds:DSAKeyValueType"/> + <complexType name="DSAKeyValueType"> + <sequence> + <sequence minOccurs="0"> + <element name="P" type="ds:CryptoBinary"/> + <element name="Q" type="ds:CryptoBinary"/> + </sequence> + <element name="J" type="ds:CryptoBinary" minOccurs="0"/> + <element name="G" type="ds:CryptoBinary" minOccurs="0"/> + <element name="Y" type="ds:CryptoBinary"/> + <sequence minOccurs="0"> + <element name="Seed" type="ds:CryptoBinary"/> + <element name="PgenCounter" type="ds:CryptoBinary"/> + </sequence> + </sequence> + </complexType> + <element name="RSAKeyValue" type="ds:RSAKeyValueType"/> + <complexType name="RSAKeyValueType"> + <sequence> + <element name="Modulus" type="ds:CryptoBinary"/> + <element name="Exponent" type="ds:CryptoBinary"/> + </sequence> + </complexType> + <!-- End KeyValue Element-types --> + <!-- End Signature --> +</schema> diff --git a/id/server/idserverlib/src/main/resources/resources/wsdl/szrgw/cs-sstc-schema-assertion-01.xsd b/id/server/idserverlib/src/main/resources/resources/wsdl/szrgw/cs-sstc-schema-assertion-01.xsd new file mode 100644 index 000000000..8ef08727d --- /dev/null +++ b/id/server/idserverlib/src/main/resources/resources/wsdl/szrgw/cs-sstc-schema-assertion-01.xsd @@ -0,0 +1,194 @@ +<?xml version="1.0" encoding="UTF-8"?> +<!-- edited with XML Spy v3.5 NT (http://www.xmlspy.com) by Phill Hallam-Baker (VeriSign Inc.) --> +<schema xmlns:ds="http://www.w3.org/2000/09/xmldsig#" xmlns:saml="urn:oasis:names:tc:SAML:1.0:assertion" xmlns="http://www.w3.org/2001/XMLSchema" targetNamespace="urn:oasis:names:tc:SAML:1.0:assertion" elementFormDefault="unqualified"> + <import namespace="http://www.w3.org/2000/09/xmldsig#" schemaLocation="W3C-XMLDSig.xsd"/> + <annotation> + <documentation> + Document identifier: cs-sstc-schema-assertion-01 + Location: http://www.oasis-open.org/committees/security/docs/ + </documentation> + </annotation> + <simpleType name="IDType"> + <restriction base="string"/> + </simpleType> + <simpleType name="IDReferenceType"> + <restriction base="string"/> + </simpleType> + <simpleType name="DecisionType"> + <restriction base="string"> + <enumeration value="Permit"/> + <enumeration value="Deny"/> + <enumeration value="Indeterminate"/> + </restriction> + </simpleType> + <element name="AssertionIDReference" type="saml:IDReferenceType"/> + <element name="Assertion" type="saml:AssertionType"/> + <complexType name="AssertionType"> + <sequence> + <element ref="saml:Conditions" minOccurs="0"/> + <element ref="saml:Advice" minOccurs="0"/> + <choice maxOccurs="unbounded"> + <element ref="saml:Statement"/> + <element ref="saml:SubjectStatement"/> + <element ref="saml:AuthenticationStatement"/> + <element ref="saml:AuthorizationDecisionStatement"/> + <element ref="saml:AttributeStatement"/> + </choice> + <element ref="ds:Signature" minOccurs="0"/> + </sequence> + <attribute name="MajorVersion" type="integer" use="required"/> + <attribute name="MinorVersion" type="integer" use="required"/> + <attribute name="AssertionID" type="saml:IDType" use="required"/> + <attribute name="Issuer" type="string" use="required"/> + <attribute name="IssueInstant" type="dateTime" use="required"/> + </complexType> + <element name="Conditions" type="saml:ConditionsType"/> + <complexType name="ConditionsType"> + <choice minOccurs="0" maxOccurs="unbounded"> + <element ref="saml:AudienceRestrictionCondition"/> + <element ref="saml:Condition"/> + </choice> + <attribute name="NotBefore" type="dateTime" use="optional"/> + <attribute name="NotOnOrAfter" type="dateTime" use="optional"/> + </complexType> + <element name="Condition" type="saml:ConditionAbstractType"/> + <complexType name="ConditionAbstractType" abstract="true"/> + <element name="AudienceRestrictionCondition" type="saml:AudienceRestrictionConditionType"/> + <complexType name="AudienceRestrictionConditionType"> + <complexContent> + <extension base="saml:ConditionAbstractType"> + <sequence> + <element ref="saml:Audience" maxOccurs="unbounded"/> + </sequence> + </extension> + </complexContent> + </complexType> + <element name="Audience" type="anyURI"/> + <element name="Advice" type="saml:AdviceType"/> + <complexType name="AdviceType"> + <choice minOccurs="0" maxOccurs="unbounded"> + <element ref="saml:AssertionIDReference"/> + <element ref="saml:Assertion"/> + <any namespace="##other" processContents="lax"/> + </choice> + </complexType> + <element name="Statement" type="saml:StatementAbstractType"/> + <complexType name="StatementAbstractType" abstract="true"/> + <element name="SubjectStatement" type="saml:SubjectStatementAbstractType"/> + <complexType name="SubjectStatementAbstractType" abstract="true"> + <complexContent> + <extension base="saml:StatementAbstractType"> + <sequence> + <element ref="saml:Subject"/> + </sequence> + </extension> + </complexContent> + </complexType> + <element name="Subject" type="saml:SubjectType"/> + <complexType name="SubjectType"> + <choice> + <sequence> + <element ref="saml:NameIdentifier"/> + <element ref="saml:SubjectConfirmation" minOccurs="0"/> + </sequence> + <element ref="saml:SubjectConfirmation"/> + </choice> + </complexType> + <element name="NameIdentifier" type="saml:NameIdentifierType"/> + <complexType name="NameIdentifierType"> + <simpleContent> + <extension base="string"> + <attribute name="NameQualifier" type="string" use="optional"/> + <attribute name="Format" type="anyURI" use="optional"/> + </extension> + </simpleContent> + </complexType> + <element name="SubjectConfirmation" type="saml:SubjectConfirmationType"/> + <complexType name="SubjectConfirmationType"> + <sequence> + <element ref="saml:ConfirmationMethod" maxOccurs="unbounded"/> + <element ref="saml:SubjectConfirmationData" minOccurs="0"/> + <element ref="ds:KeyInfo" minOccurs="0"/> + </sequence> + </complexType> + <element name="SubjectConfirmationData" type="anyType"/> + <element name="ConfirmationMethod" type="anyURI"/> + <element name="AuthenticationStatement" type="saml:AuthenticationStatementType"/> + <complexType name="AuthenticationStatementType"> + <complexContent> + <extension base="saml:SubjectStatementAbstractType"> + <sequence> + <element ref="saml:SubjectLocality" minOccurs="0"/> + <element ref="saml:AuthorityBinding" minOccurs="0" maxOccurs="unbounded"/> + </sequence> + <attribute name="AuthenticationMethod" type="anyURI" use="required"/> + <attribute name="AuthenticationInstant" type="dateTime" use="required"/> + </extension> + </complexContent> + </complexType> + <element name="SubjectLocality" type="saml:SubjectLocalityType"/> + <complexType name="SubjectLocalityType"> + <attribute name="IPAddress" type="string" use="optional"/> + <attribute name="DNSAddress" type="string" use="optional"/> + </complexType> + <element name="AuthorityBinding" type="saml:AuthorityBindingType"/> + <complexType name="AuthorityBindingType"> + <attribute name="AuthorityKind" type="QName" use="required"/> + <attribute name="Location" type="anyURI" use="required"/> + <attribute name="Binding" type="anyURI" use="required"/> + </complexType> + <element name="AuthorizationDecisionStatement" type="saml:AuthorizationDecisionStatementType"/> + <complexType name="AuthorizationDecisionStatementType"> + <complexContent> + <extension base="saml:SubjectStatementAbstractType"> + <sequence> + <element ref="saml:Action" maxOccurs="unbounded"/> + <element ref="saml:Evidence" minOccurs="0"/> + </sequence> + <attribute name="Resource" type="anyURI" use="required"/> + <attribute name="Decision" type="saml:DecisionType" use="required"/> + </extension> + </complexContent> + </complexType> + <element name="Action" type="saml:ActionType"/> + <complexType name="ActionType"> + <simpleContent> + <extension base="string"> + <attribute name="Namespace" type="anyURI"/> + </extension> + </simpleContent> + </complexType> + <element name="Evidence" type="saml:EvidenceType"/> + <complexType name="EvidenceType"> + <choice maxOccurs="unbounded"> + <element ref="saml:AssertionIDReference"/> + <element ref="saml:Assertion"/> + </choice> + </complexType> + <element name="AttributeStatement" type="saml:AttributeStatementType"/> + <complexType name="AttributeStatementType"> + <complexContent> + <extension base="saml:SubjectStatementAbstractType"> + <sequence> + <element ref="saml:Attribute" maxOccurs="unbounded"/> + </sequence> + </extension> + </complexContent> + </complexType> + <element name="AttributeDesignator" type="saml:AttributeDesignatorType"/> + <complexType name="AttributeDesignatorType"> + <attribute name="AttributeName" type="string" use="required"/> + <attribute name="AttributeNamespace" type="anyURI" use="required"/> + </complexType> + <element name="Attribute" type="saml:AttributeType"/> + <complexType name="AttributeType"> + <complexContent> + <extension base="saml:AttributeDesignatorType"> + <sequence> + <element ref="saml:AttributeValue" maxOccurs="unbounded"/> + </sequence> + </extension> + </complexContent> + </complexType> + <element name="AttributeValue" type="anyType"/> +</schema> diff --git a/id/server/idserverlib/src/main/resources/resources/wsdl/szrgw/cs-sstc-schema-protocol-01.xsd b/id/server/idserverlib/src/main/resources/resources/wsdl/szrgw/cs-sstc-schema-protocol-01.xsd new file mode 100644 index 000000000..eeb9bef9f --- /dev/null +++ b/id/server/idserverlib/src/main/resources/resources/wsdl/szrgw/cs-sstc-schema-protocol-01.xsd @@ -0,0 +1,127 @@ +<?xml version="1.0" encoding="UTF-8"?> +<!-- edited with XML Spy v4.2 U (http://www.xmlspy.com) by Phillip Hallam-Baker (Phillip Hallam-Baker) --> +<schema xmlns:ds="http://www.w3.org/2000/09/xmldsig#" xmlns:saml="urn:oasis:names:tc:SAML:1.0:assertion" xmlns:samlp="urn:oasis:names:tc:SAML:1.0:protocol" xmlns="http://www.w3.org/2001/XMLSchema" targetNamespace="urn:oasis:names:tc:SAML:1.0:protocol" elementFormDefault="unqualified"> + <import namespace="urn:oasis:names:tc:SAML:1.0:assertion" schemaLocation="cs-sstc-schema-assertion-01.xsd"/> + <import namespace="http://www.w3.org/2000/09/xmldsig#" schemaLocation="W3C-XMLDSig.xsd"/> + <annotation> + <documentation> + Document identifier: cs-sstc-schema-protocol-01 + Location: http://www.oasis-open.org/committees/security/docs/ + </documentation> + </annotation> + <complexType name="RequestAbstractType" abstract="true"> + <sequence> + <element ref="samlp:RespondWith" minOccurs="0" maxOccurs="unbounded"/> + <element ref="ds:Signature" minOccurs="0"/> + </sequence> + <attribute name="RequestID" type="saml:IDType" use="required"/> + <attribute name="MajorVersion" type="integer" use="required"/> + <attribute name="MinorVersion" type="integer" use="required"/> + <attribute name="IssueInstant" type="dateTime" use="required"/> + </complexType> + <element name="RespondWith" type="QName"/> + <element name="Request" type="samlp:RequestType"/> + <complexType name="RequestType"> + <complexContent> + <extension base="samlp:RequestAbstractType"> + <choice> + <element ref="samlp:Query"/> + <element ref="samlp:SubjectQuery"/> + <element ref="samlp:AuthenticationQuery"/> + <element ref="samlp:AttributeQuery"/> + <element ref="samlp:AuthorizationDecisionQuery"/> + <element ref="saml:AssertionIDReference" maxOccurs="unbounded"/> + <element ref="samlp:AssertionArtifact" maxOccurs="unbounded"/> + </choice> + </extension> + </complexContent> + </complexType> + <element name="AssertionArtifact" type="string"/> + <element name="Query" type="samlp:QueryAbstractType"/> + <complexType name="QueryAbstractType" abstract="true"/> + <element name="SubjectQuery" type="samlp:SubjectQueryAbstractType"/> + <complexType name="SubjectQueryAbstractType" abstract="true"> + <complexContent> + <extension base="samlp:QueryAbstractType"> + <sequence> + <element ref="saml:Subject"/> + </sequence> + </extension> + </complexContent> + </complexType> + <element name="AuthenticationQuery" type="samlp:AuthenticationQueryType"/> + <complexType name="AuthenticationQueryType"> + <complexContent> + <extension base="samlp:SubjectQueryAbstractType"> + <attribute name="AuthenticationMethod" type="anyURI"/> + </extension> + </complexContent> + </complexType> + <element name="AttributeQuery" type="samlp:AttributeQueryType"/> + <complexType name="AttributeQueryType"> + <complexContent> + <extension base="samlp:SubjectQueryAbstractType"> + <sequence> + <element ref="saml:AttributeDesignator" minOccurs="0" maxOccurs="unbounded"/> + </sequence> + <attribute name="Resource" type="anyURI" use="optional"/> + </extension> + </complexContent> + </complexType> + <element name="AuthorizationDecisionQuery" type="samlp:AuthorizationDecisionQueryType"/> + <complexType name="AuthorizationDecisionQueryType"> + <complexContent> + <extension base="samlp:SubjectQueryAbstractType"> + <sequence> + <element ref="saml:Action" maxOccurs="unbounded"/> + <element ref="saml:Evidence" minOccurs="0"/> + </sequence> + <attribute name="Resource" type="anyURI" use="required"/> + </extension> + </complexContent> + </complexType> + <complexType name="ResponseAbstractType" abstract="true"> + <sequence> + <element ref="ds:Signature" minOccurs="0"/> + </sequence> + <attribute name="ResponseID" type="saml:IDType" use="required"/> + <attribute name="InResponseTo" type="saml:IDReferenceType" use="optional"/> + <attribute name="MajorVersion" type="integer" use="required"/> + <attribute name="MinorVersion" type="integer" use="required"/> + <attribute name="IssueInstant" type="dateTime" use="required"/> + <attribute name="Recipient" type="anyURI" use="optional"/> + </complexType> + <element name="Response" type="samlp:ResponseType"/> + <complexType name="ResponseType"> + <complexContent> + <extension base="samlp:ResponseAbstractType"> + <sequence> + <element ref="samlp:Status"/> + <element ref="saml:Assertion" minOccurs="0" maxOccurs="unbounded"/> + </sequence> + </extension> + </complexContent> + </complexType> + <element name="Status" type="samlp:StatusType"/> + <complexType name="StatusType"> + <sequence> + <element ref="samlp:StatusCode"/> + <element ref="samlp:StatusMessage" minOccurs="0"/> + <element ref="samlp:StatusDetail" minOccurs="0"/> + </sequence> + </complexType> + <element name="StatusCode" type="samlp:StatusCodeType"/> + <complexType name="StatusCodeType"> + <sequence> + <element ref="samlp:StatusCode" minOccurs="0"/> + </sequence> + <attribute name="Value" type="QName" use="required"/> + </complexType> + <element name="StatusMessage" type="string"/> + <element name="StatusDetail" type="samlp:StatusDetailType"/> + <complexType name="StatusDetailType"> + <sequence> + <any namespace="##any" processContents="lax" minOccurs="0" maxOccurs="unbounded"/> + </sequence> + </complexType> +</schema> diff --git a/id/server/idserverlib/src/main/resources/resources/wsdl/szrgw/mis/mis-1.0.3.xsd b/id/server/idserverlib/src/main/resources/resources/wsdl/szrgw/mis/mis-1.0.3.xsd new file mode 100644 index 000000000..48ef60187 --- /dev/null +++ b/id/server/idserverlib/src/main/resources/resources/wsdl/szrgw/mis/mis-1.0.3.xsd @@ -0,0 +1,98 @@ +<?xml version="1.0" encoding="UTF-8"?> +<!-- Mit XMLSpy v2013 sp1 (http://www.altova.com) von Thomas Lenz (Graz University of Technology IAIK) bearbeitet --> +<!-- edited with XMLSpy v2006 sp2 U (http://www.altova.com) by Arne Tauber (Technische Universität Graz) --> +<xs:schema xmlns:xs="http://www.w3.org/2001/XMLSchema" xmlns="http://reference.e-government.gv.at/namespace/mandates/mis/1.0/xsd" targetNamespace="http://reference.e-government.gv.at/namespace/mandates/mis/1.0/xsd" elementFormDefault="qualified" attributeFormDefault="unqualified"> + <xs:element name="MandateIssueRequest" type="MandateIssueRequestType"> + <xs:annotation> + <xs:documentation>Request to MIS</xs:documentation> + </xs:annotation> + </xs:element> + <xs:complexType name="MandateIssueRequestType"> + <xs:choice> + <xs:sequence> + <xs:element name="IdentityLink" type="xs:base64Binary"/> + <xs:element name="X509SignatureCertificate" type="xs:base64Binary" minOccurs="0"/> + <xs:element name="OAFriendlyName" type="xs:string" minOccurs="0"/> + <xs:element name="RedirectURL" type="xs:anyURI"/> + <xs:element name="ReferenceValue"> + <xs:simpleType> + <xs:restriction base="xs:token"> + <xs:minLength value="10"/> + <xs:maxLength value="100"/> + </xs:restriction> + </xs:simpleType> + </xs:element> + <xs:element name="Filters" minOccurs="0"> + <xs:complexType> + <xs:sequence> + <xs:element ref="MandateIdentifiers" minOccurs="0"/> + </xs:sequence> + </xs:complexType> + </xs:element> + <xs:element ref="Target" minOccurs="0" maxOccurs="1"/> + <xs:element name="authBlock" type="xs:base64Binary" minOccurs="0" maxOccurs="1"/> + </xs:sequence> + <xs:element name="SessionID" type="xs:string"/> + </xs:choice> + </xs:complexType> + <xs:element name="MandateIdentifiers"> + <xs:complexType> + <xs:sequence maxOccurs="unbounded"> + <xs:element name="MandateIdentifier" type="xs:string"/> + </xs:sequence> + </xs:complexType> + </xs:element> + <xs:element name="Target"> + <xs:complexType> + <xs:sequence> + <xs:element name="Type" type="xs:anyURI" minOccurs="1"/> + <xs:element name="Value" type="xs:string" minOccurs="0"/> + </xs:sequence> + </xs:complexType> + </xs:element> + <xs:element name="MandateIssueResponse" type="MandateIssueResponseType"> + <xs:annotation> + <xs:documentation>Response from MIS</xs:documentation> + </xs:annotation> + </xs:element> + <xs:complexType name="MandateIssueResponseType"> + <xs:choice> + <xs:sequence> + <xs:element name="SessionID" type="xs:string"/> + <xs:element name="GuiRedirectURL" type="xs:anyURI"/> + </xs:sequence> + <xs:element name="Mandates"> + <xs:complexType> + <xs:sequence> + <xs:element name="Mandate" maxOccurs="unbounded"> + <xs:complexType> + <xs:simpleContent> + <xs:extension base="xs:base64Binary"> + <xs:attribute name="ProfessionalRepresentative" type="xs:string"> + <xs:annotation> + <xs:documentation>Organwalter oder berufsm. Parteienvertreter</xs:documentation> + </xs:annotation> + </xs:attribute> + <xs:attribute name="OWbPK" type="xs:string"> + <xs:annotation> + <xs:documentation>bPK des Organwalters</xs:documentation> + </xs:annotation> + </xs:attribute> + </xs:extension> + </xs:simpleContent> + </xs:complexType> + </xs:element> + </xs:sequence> + </xs:complexType> + </xs:element> + <xs:element name="Error"> + <xs:complexType> + <xs:sequence> + <xs:element name="Code" type="xs:positiveInteger"/> + <xs:element name="Text" type="xs:string"/> + </xs:sequence> + </xs:complexType> + </xs:element> + </xs:choice> + </xs:complexType> +</xs:schema> diff --git a/id/server/idserverlib/src/main/resources/resources/wsdl/szrgw/szr-gw-0.0.3.xsd b/id/server/idserverlib/src/main/resources/resources/wsdl/szrgw/szr-gw-0.0.3.xsd index c97822427..211e59d53 100644 --- a/id/server/idserverlib/src/main/resources/resources/wsdl/szrgw/szr-gw-0.0.3.xsd +++ b/id/server/idserverlib/src/main/resources/resources/wsdl/szrgw/szr-gw-0.0.3.xsd @@ -1,9 +1,5 @@ <?xml version="1.0" encoding="UTF-8"?> <xs:schema xmlns:xs="http://www.w3.org/2001/XMLSchema" xmlns:sgw="http://reference.e-government.gv.at/namespace/szrgw/20070807/xsd" xmlns:pr="http://reference.e-government.gv.at/namespace/persondata/20020228#" xmlns:dsig="http://www.w3.org/2000/09/xmldsig#" xmlns:saml="urn:oasis:names:tc:SAML:1.0:assertion" xmlns:stork="urn:eu:stork:names:tc:PEPS:1.0:assertion" xmlns:mis="http://reference.e-government.gv.at/namespace/mandates/mis/1.0/xsd" targetNamespace="http://reference.e-government.gv.at/namespace/szrgw/20070807/xsd" elementFormDefault="qualified" attributeFormDefault="unqualified" version="0.0.1"> - <xs:import namespace="urn:oasis:names:tc:SAML:1.0:assertion" schemaLocation="../cs-sstc-schema-assertion-01.xsd"/> - <xs:import namespace="http://reference.e-government.gv.at/namespace/persondata/20020228#" schemaLocation="../PersonData_20_en_moaWID.xsd"/> - <xs:import namespace="http://www.w3.org/2000/09/xmldsig#" schemaLocation="../W3C-XMLDSig.xsd"/> - <xs:import namespace="http://reference.e-government.gv.at/namespace/mandates/mis/1.0/xsd" schemaLocation="../mis/mis-1.0.3.xsd"/> <xs:element name="CreateIdentityLinkRequest"> <xs:complexType> <xs:sequence> diff --git a/id/server/moa-id-commons/pom.xml b/id/server/moa-id-commons/pom.xml index e6d708eca..ebda03801 100644 --- a/id/server/moa-id-commons/pom.xml +++ b/id/server/moa-id-commons/pom.xml @@ -82,7 +82,7 @@ <dependency> <groupId>com.sun.xml.bind</groupId> <artifactId>jaxb-xjc</artifactId> - <version>2.2.7</version> + <version>2.2.11</version> </dependency> <dependency> @@ -118,7 +118,7 @@ <dependency> <groupId>mysql</groupId> <artifactId>mysql-connector-java</artifactId> - <version>5.1.32</version> + <version>5.1.33</version> </dependency> </dependencies> diff --git a/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/db/ConfigurationDBRead.java b/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/db/ConfigurationDBRead.java index 46d3ca558..a3f445fcf 100644 --- a/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/db/ConfigurationDBRead.java +++ b/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/db/ConfigurationDBRead.java @@ -27,11 +27,13 @@ import at.gv.egovernment.moa.id.commons.db.dao.config.OnlineApplication; import at.gv.egovernment.moa.id.commons.db.dao.config.UserDatabase; import at.gv.egovernment.moa.logging.Logger; import at.gv.egovernment.moa.util.MiscUtil; -import org.apache.commons.lang.StringEscapeUtils; +//import org.apache.commons.lang.StringEscapeUtils; import javax.persistence.EntityManager; import javax.persistence.PersistenceException; +import org.apache.commons.lang3.StringEscapeUtils; + import java.util.ArrayList; import java.util.HashMap; import java.util.List; @@ -70,7 +72,7 @@ public class ConfigurationDBRead { javax.persistence.Query query = session.createQuery(QUERIES.get("getActiveOnlineApplicationWithID")); //query.setParameter("id", id+"%"); - query.setParameter("id", StringEscapeUtils.escapeHtml(id)); + query.setParameter("id", StringEscapeUtils.escapeHtml4(id)); result = query.getResultList(); Logger.trace("Found entries: " + result.size()); |