aboutsummaryrefslogtreecommitdiff
path: root/id
diff options
context:
space:
mode:
Diffstat (limited to 'id')
-rw-r--r--id/ConfigWebTool/pom.xml6
-rw-r--r--id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/Constants.java6
-rw-r--r--id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/config/ConfigurationProvider.java8
-rw-r--r--id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/data/GeneralMOAIDConfig.java30
-rw-r--r--id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/data/GeneralStorkConfig.java15
-rw-r--r--id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/data/oa/OASTORKConfig.java20
-rw-r--r--id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/data/oa/OATargetConfiguration.java15
-rw-r--r--id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/struts/action/EditGeneralConfigAction.java6
-rw-r--r--id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/validation/moaconfig/MOAConfigValidator.java22
-rw-r--r--id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/validation/moaconfig/StorkConfigValidator.java7
-rw-r--r--id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/validation/oa/OAPVP2ConfigValidation.java3
-rw-r--r--id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/validation/oa/OASTORKConfigValidation.java7
-rw-r--r--id/ConfigWebTool/src/main/resources/applicationResources_de.properties2
-rw-r--r--id/ConfigWebTool/src/main/resources/applicationResources_en.properties2
-rw-r--r--id/ConfigWebTool/src/main/webapp/jsp/editMOAConfig.jsp13
-rw-r--r--id/ConfigWebTool/src/main/webapp/jsp/snippets/OA/stork.jsp10
-rw-r--r--id/history.txt32
-rw-r--r--id/moa-id-webgui/pom.xml4
-rw-r--r--id/moa-id-webgui/src/main/java/at/gv/egovernment/moa/id/config/webgui/validation/task/impl/GeneralMOAIDConfigurationTask.java37
-rw-r--r--id/moa-id-webgui/src/main/java/at/gv/egovernment/moa/id/config/webgui/validation/task/impl/GeneralSTORKConfigurationTask.java15
-rw-r--r--id/moa-id-webgui/src/main/java/at/gv/egovernment/moa/id/config/webgui/validation/task/impl/ServicesAuthenticationSTORKTask.java22
-rw-r--r--id/moa-id-webgui/src/main/java/at/gv/egovernment/moa/id/config/webgui/validation/task/impl/ServicesProtocolPVP2XTask.java5
-rw-r--r--id/moa-id-webgui/src/main/java/at/gv/egovernment/moa/id/config/webgui/validation/task/impl/ServicesProtocolSTORKTask.java3
-rw-r--r--id/moa-spss-container/pom.xml239
-rw-r--r--id/oa/pom.xml28
-rw-r--r--id/oa/src/main/java/at/gv/egovernment/moa/id/demoOA/Configuration.java12
-rw-r--r--id/oa/src/main/java/at/gv/egovernment/moa/id/demoOA/servlet/pvp2/Authenticate.java10
-rw-r--r--id/oa/src/main/java/at/gv/egovernment/moa/id/demoOA/servlet/pvp2/BuildMetadata.java3
-rw-r--r--id/oa/src/main/java/at/gv/egovernment/moa/id/demoOA/servlet/pvp2/Index.java10
-rw-r--r--id/oa/src/main/java/at/gv/egovernment/moa/id/demoOA/servlet/pvp2/SingleLogOut.java14
-rw-r--r--id/oa/src/main/webapp/WEB-INF/web.xml10
-rw-r--r--id/readme_3.2.0.txt679
-rw-r--r--id/server/auth-edu/pom.xml15
-rw-r--r--id/server/auth-final/pom.xml15
-rw-r--r--id/server/data/deploy/conf/moa-id/certs/certstore/01540E2704537AA810D671E1C4106FD8821EB52A/C2556DADDF68A9EEF7F5C14A24CA33BCA930B201bin1385 -> 0 bytes
-rw-r--r--id/server/data/deploy/conf/moa-id/certs/certstore/032F2123890A879585CE96674CA4C37B55986729/E1201A308CC10323C27D9084B048996E44B8F710bin806 -> 0 bytes
-rw-r--r--id/server/data/deploy/conf/moa-id/certs/certstore/04462EF01783744F9F4CDE3705FD86D488697C9F/D44EED7580C7792242D73E267A89C7DB25E4BD08bin1314 -> 0 bytes
-rw-r--r--id/server/data/deploy/conf/moa-id/certs/certstore/083E1A0528C48475951A6610360D813E2713DCC7/7E691392F741B7E4B4AA9A76D75851BDE18BE5A7bin864 -> 0 bytes
-rw-r--r--id/server/data/deploy/conf/moa-id/certs/certstore/0889EBEC55D9E34E782E6D3C250840EB932EEA2F/9CD9ADF04626E7E8C9A1C8DACE3B0B8A2979C726bin1383 -> 0 bytes
-rw-r--r--id/server/data/deploy/conf/moa-id/certs/certstore/0A5C2C9276B649D088A86BD9FD97E2B95658481D/08CAE18D8CFF86144CB8FFD671B916CAAB8BD4E9bin991 -> 0 bytes
-rw-r--r--id/server/data/deploy/conf/moa-id/certs/certstore/0AF04E7099C9829BD1F8437362BA0036E0705C4D/0F843FB1E0C626540BE638B79A2987E2611CE630bin1018 -> 0 bytes
-rw-r--r--id/server/data/deploy/conf/moa-id/certs/certstore/0AF04E7099C9829BD1F8437362BA0036E0705C4D/69F21C82DC9A7A940ACEC414593E59C9E61E522Fbin990 -> 0 bytes
-rw-r--r--id/server/data/deploy/conf/moa-id/certs/certstore/0AF04E7099C9829BD1F8437362BA0036E0705C4D/FC72939DC06EDDF8C51549ECF00AC92BF2B39F35bin1087 -> 0 bytes
-rw-r--r--id/server/data/deploy/conf/moa-id/certs/certstore/0BF5B0C4B029051D91A83EE9CCD0266A52D867A6/341F53B3B17518213B1856BFAB3CEFBE948AFC0Dbin1070 -> 0 bytes
-rw-r--r--id/server/data/deploy/conf/moa-id/certs/certstore/0BF5B0C4B029051D91A83EE9CCD0266A52D867A6/3A24040C01D5C9A4980575BFF99A25E534A056CBbin1070 -> 0 bytes
-rw-r--r--id/server/data/deploy/conf/moa-id/certs/certstore/0FE419AB943E7E5C6A7190CC6BBE8E3F914C658A/FB356CEF4406D1F135E3FC59026B338D3F518F9Abin886 -> 0 bytes
-rw-r--r--id/server/data/deploy/conf/moa-id/certs/certstore/10D143E18C03A4A29F783D26F2F67E3B64C35CB0/BE9D654B0DE0F3CC53CA36703DD9D9049A5F9330bin995 -> 0 bytes
-rw-r--r--id/server/data/deploy/conf/moa-id/certs/certstore/10F17BDACD8DEAA1E8F23FBEAE7B3EC3D9773D1D/E7340D1FB627D8917A9C0D23F21515C441BF1214bin1292 -> 0 bytes
-rw-r--r--id/server/data/deploy/conf/moa-id/certs/certstore/125E4AC6B38C1E0BF34BF7D927CBB947E35141E8/2CA36B76BC6CCDC29296111A4EFCAFC0553BBC7Dbin820 -> 0 bytes
-rw-r--r--id/server/data/deploy/conf/moa-id/certs/certstore/15A052B0DC4E0333656264E2FEEBE45B1BE449BF/386C1663C6390BC288DC171522439210AF361958bin1000 -> 0 bytes
-rw-r--r--id/server/data/deploy/conf/moa-id/certs/certstore/1607988A938D3D339F40AFB567384BC5B7540935/9FDCFE5A082FD69BF5D9E73C25FBE9EA1AC0ACF2bin1151 -> 0 bytes
-rw-r--r--id/server/data/deploy/conf/moa-id/certs/certstore/1A283D1183DB82A548427B4F19E99E7A8EA728D7/49969819654C230ECDF779ABB9629A211FCC43D6bin1353 -> 0 bytes
-rw-r--r--id/server/data/deploy/conf/moa-id/certs/certstore/1BF3C1D2767F5C333AD5531531FEE3A712935B73/D0AF386E182F00983637F97C0A5F4708F9F641A7bin1157 -> 0 bytes
-rw-r--r--id/server/data/deploy/conf/moa-id/certs/certstore/20DD04B052D2D364E5FF851A3FD314F0FD91253E/6814C7316CEA7191C9CB3BE58199B4A957210D9Cbin704 -> 0 bytes
-rw-r--r--id/server/data/deploy/conf/moa-id/certs/certstore/20EF2EC4E04DF4D51A8F10DFE4249C0024C7A28C/5F06F65C714047E3B282AEC427C35AB703E49D8Ebin1169 -> 0 bytes
-rw-r--r--id/server/data/deploy/conf/moa-id/certs/certstore/20EF2EC4E04DF4D51A8F10DFE4249C0024C7A28C/D45360060761812D33DE294EAC1573F6DE12A208bin1169 -> 0 bytes
-rw-r--r--id/server/data/deploy/conf/moa-id/certs/certstore/22973CFC20EA68162A0B2E837D45FB8266ACDBCF/C529469053D9F95810A8F7F2DB9A6596A7655732bin913 -> 0 bytes
-rw-r--r--id/server/data/deploy/conf/moa-id/certs/certstore/238ACC1D03DA5A2E7E580D760FB3EE218FDC5A97/D3C063F219ED073E34AD5D750B327629FFD59AF2bin979 -> 0 bytes
-rw-r--r--id/server/data/deploy/conf/moa-id/certs/certstore/23A16796B3D718035F1E0DB209A42938767631DA/1C43C0BA36CC8DE659180B2FAC9A6F54430D5941bin991 -> 0 bytes
-rw-r--r--id/server/data/deploy/conf/moa-id/certs/certstore/23A16796B3D718035F1E0DB209A42938767631DA/AC36A78C66FEC87CC0FD2C32B49214C65676E0C5bin919 -> 0 bytes
-rw-r--r--id/server/data/deploy/conf/moa-id/certs/certstore/23A16796B3D718035F1E0DB209A42938767631DA/C92238A7178A6C61F8BACA22D6CF7E50772BA9F0bin1018 -> 0 bytes
-rw-r--r--id/server/data/deploy/conf/moa-id/certs/certstore/23A16796B3D718035F1E0DB209A42938767631DA/DFAE695342AC81A521025904406884399822B233bin987 -> 0 bytes
-rw-r--r--id/server/data/deploy/conf/moa-id/certs/certstore/2962CDAADFA0BF8EE53B80870C53E551A43EA72A/12B06E039F1A36D8238AFC508009E1ADF88BF66Fbin1253 -> 0 bytes
-rw-r--r--id/server/data/deploy/conf/moa-id/certs/certstore/2C976220B378E08DF5E68CBC54C05CE41224FD29/0CC37CC35E18F9909E43E4E9894D0CDF06EE9A38bin704 -> 0 bytes
-rw-r--r--id/server/data/deploy/conf/moa-id/certs/certstore/2F5DA022AAFF668F34C35A80049D690F3CFE3040/D62327E6B19B7968A8BE6588DEAB0BC0DB684D8Dbin914 -> 0 bytes
-rw-r--r--id/server/data/deploy/conf/moa-id/certs/certstore/31B5BA02D476873C5220CDCFA0C095C4A31DEFDF/88D6151358A5E3C81D7AE1A536121DC03011BC03bin1205 -> 0 bytes
-rw-r--r--id/server/data/deploy/conf/moa-id/certs/certstore/328AA897B7E6270202B2FC0889FF88D66BB41122/35A40EF932B1F23980E2C672FC939E91EEBD0317bin1262 -> 0 bytes
-rw-r--r--id/server/data/deploy/conf/moa-id/certs/certstore/3314CE3E42175EACC28D57C35F192430BBADAC1A/B1D0BC027906A3B7E7518C93ACB26D978233ED27bin1171 -> 0 bytes
-rw-r--r--id/server/data/deploy/conf/moa-id/certs/certstore/337F895A0435AA7E2629C5282B5A0DBBE19EE1C7/75F792DE2CF544007F470F1B924961C2BD2EF517bin802 -> 0 bytes
-rw-r--r--id/server/data/deploy/conf/moa-id/certs/certstore/349CA7B279F4EF3C085B1E8D08AA5DE3EC586188/08BBE8E906397158FA4BF4058BBBDB5EA11BAE82bin979 -> 0 bytes
-rw-r--r--id/server/data/deploy/conf/moa-id/certs/certstore/3868959083AA986194E58E73798BCD724D785A0E/66AB66128A44574873E54E6584E450C4EB3B9A1Ebin1170 -> 0 bytes
-rw-r--r--id/server/data/deploy/conf/moa-id/certs/certstore/3A095C38EB5D5824FE61BE43F9CDF6515DC94805/65698A39E03FF00FD552D4AD99FB290C2B9D4BEAbin1018 -> 0 bytes
-rw-r--r--id/server/data/deploy/conf/moa-id/certs/certstore/3B2F8C424AA88CA305C519FDEFCF29DDB7E96AE2/04CF0318BA0B54DD76E1DE143445210BDD32E299bin865 -> 0 bytes
-rw-r--r--id/server/data/deploy/conf/moa-id/certs/certstore/3B2F8C424AA88CA305C519FDEFCF29DDB7E96AE2/0F5A0342F5CD448799C3C6D178607E3F2B5BCB8Fbin861 -> 0 bytes
-rw-r--r--id/server/data/deploy/conf/moa-id/certs/certstore/3B2F8C424AA88CA305C519FDEFCF29DDB7E96AE2/51A44C28F313E3F9CB5E7C0A1E0E0DD2843758AEbin865 -> 0 bytes
-rw-r--r--id/server/data/deploy/conf/moa-id/certs/certstore/3B2F8C424AA88CA305C519FDEFCF29DDB7E96AE2/9E0512DD61DA5949D1D8631C3F19D75F496C3733bin864 -> 0 bytes
-rw-r--r--id/server/data/deploy/conf/moa-id/certs/certstore/3B2F8C424AA88CA305C519FDEFCF29DDB7E96AE2/E6E6FC88719177C9B7421825757C5E47BCAC85F6bin860 -> 0 bytes
-rw-r--r--id/server/data/deploy/conf/moa-id/certs/certstore/3B76D7A5CE7EC6022D7990CFEA534C908717DF54/C0C699EFE6E837CB5E4CFC3A61077617A22C1A9Ebin1298 -> 0 bytes
-rw-r--r--id/server/data/deploy/conf/moa-id/certs/certstore/3C025917C3C938FEB856E5440D28E4A568C311DC/A2F138CD16AD04BC3F145E3780BFA169BFDA263Bbin1505 -> 0 bytes
-rw-r--r--id/server/data/deploy/conf/moa-id/certs/certstore/3C627C9D89A5BFB5E4E385982DF33B7E7F6E8D2D/C5AC86EC5B771BEBDF8B6E040F109A1186E229B9bin1234 -> 0 bytes
-rw-r--r--id/server/data/deploy/conf/moa-id/certs/certstore/3C7CE93947421CB66603DC7DBAB0F04C4788382F/23E594945195F2414803B4D564D2A3A3F5D88B8Cbin791 -> 0 bytes
-rw-r--r--id/server/data/deploy/conf/moa-id/certs/certstore/405D86C9D39B1061885678ED90780A0F04A76327/6F61A0C50B4E6ED821F032A4DF3DA7DDDFD2FE6Abin1256 -> 0 bytes
-rw-r--r--id/server/data/deploy/conf/moa-id/certs/certstore/4224231A54F64581FBA2AB6ED82ADE467F144BDC/65EF37033859C2F709A64086D3A5BD1B8F1A85A4bin1045 -> 0 bytes
-rw-r--r--id/server/data/deploy/conf/moa-id/certs/certstore/427765A998398EE1B138ABDBA20313DC4A3738A0/07298E24461954E4696D2ED9FFB7D52B57F325B3bin1279 -> 0 bytes
-rw-r--r--id/server/data/deploy/conf/moa-id/certs/certstore/427765A998398EE1B138ABDBA20313DC4A3738A0/B630DB0DB940BCE72B2E09868B4CA0A92BBC1D15bin1273 -> 0 bytes
-rw-r--r--id/server/data/deploy/conf/moa-id/certs/certstore/45E2F3F807C6EAB9EDC1B3250F7558CA12A063DE/3A77E9B577661D99F9BBA5A352B29C7FF58A3D26bin914 -> 0 bytes
-rw-r--r--id/server/data/deploy/conf/moa-id/certs/certstore/47ED4C584F9DCD54A6C2925252C5603ADAC93F49/84E4E75DBB2FD6397E6ABBD27FBE16D5BA71923Ebin1747 -> 0 bytes
-rw-r--r--id/server/data/deploy/conf/moa-id/certs/certstore/487F4DEE9E63DADEB4CAAB07E0E166ACC9F584B6/9891BBEA9FDA665EEEC31C403A00A5CA5628D0FAbin1391 -> 0 bytes
-rw-r--r--id/server/data/deploy/conf/moa-id/certs/certstore/4C7CAA9FE9C08078541DA31B76FF0951E73480FF/C23FC1895966021249B35412C0C8C56D107732DEbin1563 -> 0 bytes
-rw-r--r--id/server/data/deploy/conf/moa-id/certs/certstore/52B42552A440A54C21A39D46D7F176AF28BEB5AA/51AC8CFF36818AA25498A293DF48EBCFFFF6D0B4bin1130 -> 0 bytes
-rw-r--r--id/server/data/deploy/conf/moa-id/certs/certstore/53CF955B19387A437659158BC050B7BC4B238132/F5F2456D79490C268569970E900C68FD1C7DC8E5bin1264 -> 0 bytes
-rw-r--r--id/server/data/deploy/conf/moa-id/certs/certstore/550E9627E9094A2D1BB6385821334D02122BCF26/B7BCA7BC3C41FD0DC835175486FAB3FB4626EC0Fbin1188 -> 0 bytes
-rw-r--r--id/server/data/deploy/conf/moa-id/certs/certstore/562428A359B1CC3A820ABCC9C8F625CBB6A6A510/620127A8E5886A4805403977C3EF7D5EAF881526bin870 -> 0 bytes
-rw-r--r--id/server/data/deploy/conf/moa-id/certs/certstore/562428A359B1CC3A820ABCC9C8F625CBB6A6A510/FCD9E881BCCCB9352EEF337C8D4EAAD65C4EC830bin1141 -> 0 bytes
-rw-r--r--id/server/data/deploy/conf/moa-id/certs/certstore/5650A465FD3B5EF83639E11F324A2A0EA98AF935/4B5B0C2A0BF944CD467A6140F8C782E2BE9D15F9bin984 -> 0 bytes
-rw-r--r--id/server/data/deploy/conf/moa-id/certs/certstore/58090A698038FEDAD56B4B976F23C29950D1D5A5/6BDA1FF41EEBC5DA66912F3C69B60C2A41C6E25Bbin1159 -> 0 bytes
-rw-r--r--id/server/data/deploy/conf/moa-id/certs/certstore/59484253C7D4C5BEAB7D2BABFAC13DDD1CA53FCC/341EA32E448659125A67DD04177FD17468FCFCB1bin1366 -> 0 bytes
-rw-r--r--id/server/data/deploy/conf/moa-id/certs/certstore/5E043AA9A832C33C7065B7633F4C007E0394BA19/069519EC949AC6B91D4C33A3F3665441F0220D20bin1313 -> 0 bytes
-rw-r--r--id/server/data/deploy/conf/moa-id/certs/certstore/5E043AA9A832C33C7065B7633F4C007E0394BA19/2F5EBA5055E9F7444852ADCEEB769E5DE157A03Dbin1352 -> 0 bytes
-rw-r--r--id/server/data/deploy/conf/moa-id/certs/certstore/60EF765436B4F314F2285BE2D89A511073AC0D58/334710B9169BCD20687A6302EEB16AEB97F288CDbin825 -> 0 bytes
-rw-r--r--id/server/data/deploy/conf/moa-id/certs/certstore/6144BFC0CBE85C63DEFB6F208D80385B89F68046/D031945D982820B92FADBC7F71F6D1D9DFFDA2C9bin1213 -> 0 bytes
-rw-r--r--id/server/data/deploy/conf/moa-id/certs/certstore/68AF646E90A6FF370230F64ACD4E8A4F12C03916/CA80A13D41116E24CB1479E970CDC1C030C5907Cbin1272 -> 0 bytes
-rw-r--r--id/server/data/deploy/conf/moa-id/certs/certstore/6F5F08A3A5D59CA877CB146F00BB0264369B2304/7A2CFA69FCA284D4627012A7A55662594C803B2Abin901 -> 0 bytes
-rw-r--r--id/server/data/deploy/conf/moa-id/certs/certstore/6F5F08A3A5D59CA877CB146F00BB0264369B2304/ADEC5673B57A18F16EFAF75EEFBFAD4841E2CD2Bbin901 -> 0 bytes
-rw-r--r--id/server/data/deploy/conf/moa-id/certs/certstore/6F86F897C45679B45F03C67D44B6447EFF43B758/53CB69CF933C2D28FB9DF91F2852A99EC3352EA0bin1546 -> 0 bytes
-rw-r--r--id/server/data/deploy/conf/moa-id/certs/certstore/728C819D737EE42627F96F839C33BB6E68E85F68/00845B74CA13FE0A9056E6C0B5126FECF73B0D8Cbin740 -> 0 bytes
-rw-r--r--id/server/data/deploy/conf/moa-id/certs/certstore/738B34854780955AE8FAF12349F2C9C52105A52C/474BC41135FB88BF58B5A8D976A1D5583378D85Ebin1133 -> 0 bytes
-rw-r--r--id/server/data/deploy/conf/moa-id/certs/certstore/738B34854780955AE8FAF12349F2C9C52105A52C/6B618820CE6A5EC0B5E63A9170335E5EA9F3BA01bin1171 -> 0 bytes
-rw-r--r--id/server/data/deploy/conf/moa-id/certs/certstore/76011AE57123CC4E476C094C48C461DC37A0DEDD/FDC348410699803DE7D8276813BC2232EA99A878bin835 -> 0 bytes
-rw-r--r--id/server/data/deploy/conf/moa-id/certs/certstore/7A9DC855647136050A8D75D6571AC64739F36C6C/BF648929E7DAABD8D97B3202F48D6C4A19C78F6Cbin990 -> 0 bytes
-rw-r--r--id/server/data/deploy/conf/moa-id/certs/certstore/88BBA52A5AF119284F03A7D0D1DA61934EE57A79/FE4F09F5D1A4AADE9232D9E2D6B9A2552BC48A22bin1147 -> 0 bytes
-rw-r--r--id/server/data/deploy/conf/moa-id/certs/certstore/88D9F0C0EBB72C58516EC96AEED397FA86B40E39/6DCD5118D1542E6C205C580775C5420B7509506Bbin1076 -> 0 bytes
-rw-r--r--id/server/data/deploy/conf/moa-id/certs/certstore/8B23D64DBA1572885563DF070BE9C22A39A3BD26/3B8484BF1370941BF03F206B5C4958DA4E1559BBbin1065 -> 0 bytes
-rw-r--r--id/server/data/deploy/conf/moa-id/certs/certstore/8B23D64DBA1572885563DF070BE9C22A39A3BD26/6DD653FB8FE2614249924274043E834664EBE980bin1065 -> 0 bytes
-rw-r--r--id/server/data/deploy/conf/moa-id/certs/certstore/8B23D64DBA1572885563DF070BE9C22A39A3BD26/C0EF3E7A54B4C501295F77974B1995E36B25C92Bbin1066 -> 0 bytes
-rw-r--r--id/server/data/deploy/conf/moa-id/certs/certstore/8B23D64DBA1572885563DF070BE9C22A39A3BD26/D29172D3F501A2D7A47F702633044F519A3A5F0Bbin1066 -> 0 bytes
-rw-r--r--id/server/data/deploy/conf/moa-id/certs/certstore/8FDB1CB752D82C88C89F9E9DA7AD2F54C6FA6F3B/842B3870A64001CDD90978D0E554DAF94D9ABDFEbin947 -> 0 bytes
-rw-r--r--id/server/data/deploy/conf/moa-id/certs/certstore/9014D44A2072A5D74E12C7FE47F37D68371E1C42/679A4F81FC705DDEC419778DD2EBD875F4C242C6bin975 -> 0 bytes
-rw-r--r--id/server/data/deploy/conf/moa-id/certs/certstore/9014D44A2072A5D74E12C7FE47F37D68371E1C42/82096E6D9B1248321625323D52858642CB0B748Ebin975 -> 0 bytes
-rw-r--r--id/server/data/deploy/conf/moa-id/certs/certstore/91C4DD783D6D38F0325FE74930BF61F656364EA9/53A6B611F8CEE0315BCCE5D59898931ED390E400bin761 -> 0 bytes
-rw-r--r--id/server/data/deploy/conf/moa-id/certs/certstore/92E5C38466AECA677325C25C3C3011C97D24CCF6/A149EE01A250491C07D5A279D3B58A646288DA22bin1185 -> 0 bytes
-rw-r--r--id/server/data/deploy/conf/moa-id/certs/certstore/92E5C38466AECA677325C25C3C3011C97D24CCF6/AD8ECBB67B9DC59406F92A296A38192297A4F169bin1191 -> 0 bytes
-rw-r--r--id/server/data/deploy/conf/moa-id/certs/certstore/96107213A757FFB88DECEE469373162636D7146C/45B43346251FDF9E95DCB7F36928785D46D63913bin1136 -> 0 bytes
-rw-r--r--id/server/data/deploy/conf/moa-id/certs/certstore/96107213A757FFB88DECEE469373162636D7146C/E33619C88426E4FE956041E6751ADDEC9C10F0BCbin1136 -> 0 bytes
-rw-r--r--id/server/data/deploy/conf/moa-id/certs/certstore/975729FFAF7EB667BCF68E9B886EA876E44F46D0/35202B14F69409EAA51CD8AB547AC0CD5E993F3Fbin1053 -> 0 bytes
-rw-r--r--id/server/data/deploy/conf/moa-id/certs/certstore/9C5C7CD895AABBFF23E79907A97FB2D68423CA8E/41E3FCC9470F8634DBCB5CEA7FB688E04E7575BAbin1165 -> 0 bytes
-rw-r--r--id/server/data/deploy/conf/moa-id/certs/certstore/9C5C7CD895AABBFF23E79907A97FB2D68423CA8E/79B21E2743A879AFF5403ECEA09EAC2084EF4799bin1014 -> 0 bytes
-rw-r--r--id/server/data/deploy/conf/moa-id/certs/certstore/9D3E6FACCD6AF894CDD2B91D1B9E3C2E310EAB93/3F4E01DF7547CDD38DCCFCCD76170C299ECEB9F6bin1030 -> 0 bytes
-rw-r--r--id/server/data/deploy/conf/moa-id/certs/certstore/9D3E6FACCD6AF894CDD2B91D1B9E3C2E310EAB93/9D4CB7E3DBF24AE596972D59C375DD6384BB5E8Bbin932 -> 0 bytes
-rw-r--r--id/server/data/deploy/conf/moa-id/certs/certstore/9D3E6FACCD6AF894CDD2B91D1B9E3C2E310EAB93/A562C4B99E2847251CB4A1F05DA1FF43E7296F0Bbin999 -> 0 bytes
-rw-r--r--id/server/data/deploy/conf/moa-id/certs/certstore/9F5A9B8D0F919C96B9472442BFBBDD34232A627D/9039DBD29DB8AD0F8E2015F05FCD40582CCCBE8Cbin997 -> 0 bytes
-rw-r--r--id/server/data/deploy/conf/moa-id/certs/certstore/9F5A9B8D0F919C96B9472442BFBBDD34232A627D/9F0E0FBB25F66FF88C8E033EFF358923C84A2926bin930 -> 0 bytes
-rw-r--r--id/server/data/deploy/conf/moa-id/certs/certstore/9F5A9B8D0F919C96B9472442BFBBDD34232A627D/C87D1855227D995C332C4C9072A2E2053F2CC623bin1028 -> 0 bytes
-rw-r--r--id/server/data/deploy/conf/moa-id/certs/certstore/A07E912CAA2AB620034B05353E7D4B91807880ED/42AD1897A4643D2AA634D980F16349E6694F3B1Bbin1237 -> 0 bytes
-rw-r--r--id/server/data/deploy/conf/moa-id/certs/certstore/A07E912CAA2AB620034B05353E7D4B91807880ED/FE7891B6ED7B178F528A28B21478299F865889BDbin1333 -> 0 bytes
-rw-r--r--id/server/data/deploy/conf/moa-id/certs/certstore/A15B5DBE14A19CF859F48E2DA2A29A4C3DB4D680/3AC12E21FFF9ACAB2BCFF52BBD885FB7AAC9A02Bbin1201 -> 0 bytes
-rw-r--r--id/server/data/deploy/conf/moa-id/certs/certstore/A24C49B7F1B637E7F72C12CAB35910EC8EF1C6CF/8784ED81F5A22779EB0B081945FD151992557FBEbin1159 -> 0 bytes
-rw-r--r--id/server/data/deploy/conf/moa-id/certs/certstore/A24C49B7F1B637E7F72C12CAB35910EC8EF1C6CF/88583DB03975127CB488CA7DDE303A1646CEA97Bbin1159 -> 0 bytes
-rw-r--r--id/server/data/deploy/conf/moa-id/certs/certstore/A4B140FBD4D5EA2AC3A570299945D8FCBBAD2231/0C30A6F2950EFEFBAB5964DA9E0EED7C9DB115D8bin1058 -> 0 bytes
-rw-r--r--id/server/data/deploy/conf/moa-id/certs/certstore/A4B140FBD4D5EA2AC3A570299945D8FCBBAD2231/20CAECDCA766243AAD6FA1327618FC81BA65DC0Fbin1057 -> 0 bytes
-rw-r--r--id/server/data/deploy/conf/moa-id/certs/certstore/A4B140FBD4D5EA2AC3A570299945D8FCBBAD2231/96D5D179016A5A6546973BA63733617EE1F1540Dbin1058 -> 0 bytes
-rw-r--r--id/server/data/deploy/conf/moa-id/certs/certstore/A4B140FBD4D5EA2AC3A570299945D8FCBBAD2231/CF236CF66379EA506F967D21F0E25E87529D9687bin1058 -> 0 bytes
-rw-r--r--id/server/data/deploy/conf/moa-id/certs/certstore/A4B140FBD4D5EA2AC3A570299945D8FCBBAD2231/FDD40A10FB9BE9DEB5B8AE76CC0184930EF8BB76bin1057 -> 0 bytes
-rw-r--r--id/server/data/deploy/conf/moa-id/certs/certstore/A7437C35301BDB5349F320B62231615028F397F8/266FCA0265A576548425BDAE15448665EE8BB889bin1076 -> 0 bytes
-rw-r--r--id/server/data/deploy/conf/moa-id/certs/certstore/A95F0C3FA54CA93E3D5BA61AD23459300FA498D6/D4D1370FD1D9EAA46412008FF3E59E114BCF724Abin1111 -> 0 bytes
-rw-r--r--id/server/data/deploy/conf/moa-id/certs/certstore/A95F0C3FA54CA93E3D5BA61AD23459300FA498D6/DFA7DDEF5C212F0F0651E2A9DE1CE4A1AC63AF7Abin1110 -> 0 bytes
-rw-r--r--id/server/data/deploy/conf/moa-id/certs/certstore/A95F0C3FA54CA93E3D5BA61AD23459300FA498D6/E619D25B380B7B13FDA33E8A58CD82D8A88E0515bin1111 -> 0 bytes
-rw-r--r--id/server/data/deploy/conf/moa-id/certs/certstore/A95F0C3FA54CA93E3D5BA61AD23459300FA498D6/F825578F8F5484DFB40F81867C392D6CB0012B92bin1110 -> 0 bytes
-rw-r--r--id/server/data/deploy/conf/moa-id/certs/certstore/AAB27F0E98B28AF253454415F6490CB5F43A4B49/A9D28607928FA8615E2615CC9D71B535C5D0D419bin734 -> 0 bytes
-rw-r--r--id/server/data/deploy/conf/moa-id/certs/certstore/AC1B67D7D5A300767C0944ACE8458DD49960F1BD/4D523730501ADB80A76B0B473A4D21C7D86F8374bin1167 -> 0 bytes
-rw-r--r--id/server/data/deploy/conf/moa-id/certs/certstore/AF03510E8BCAE72BB7C4E9D1910B4E12057075A4/7AC3EFA52DE27A930EC8754DB5E061476948E914bin1028 -> 0 bytes
-rw-r--r--id/server/data/deploy/conf/moa-id/certs/certstore/B1A1ACC805C656EF257C5115509B977964591D7E/8944AF64790FA467C02424CB22523A068C3B72DBbin1073 -> 0 bytes
-rw-r--r--id/server/data/deploy/conf/moa-id/certs/certstore/B293710691F553804016FCEC3428ABA1CB11ADF7/36B41A8B411985ED1032DBD85A154207164A9B85bin1069 -> 0 bytes
-rw-r--r--id/server/data/deploy/conf/moa-id/certs/certstore/B310CEED301C503EDB15720F94D5D7E76BF423DA/AA94FD422AEB8F5B6E8508314CE0DC68BCD53305bin1339 -> 0 bytes
-rw-r--r--id/server/data/deploy/conf/moa-id/certs/certstore/B3EB7B59ECFF1E25E16C64BB24993D1B20DCFC28/07A6DEED70213CCF598F278789680DA4C04A0331bin1266 -> 0 bytes
-rw-r--r--id/server/data/deploy/conf/moa-id/certs/certstore/B749506C821467F7D6F4E8943D07DDED771A7B47/A5A00B223EF24AED92D03F652CFE367CA9D1B200bin958 -> 0 bytes
-rw-r--r--id/server/data/deploy/conf/moa-id/certs/certstore/B9041947DCD9B7E2B82D72D6A0FF1FBC4B213DC0/BD78039E45BA4E4B13ADECC58124520ACE83B6A7bin1614 -> 0 bytes
-rw-r--r--id/server/data/deploy/conf/moa-id/certs/certstore/BAA9ADD095E87E0B490B6DD933AA2F450C6B9492/7A430B6E3592BEEDFAA0DD5DD6262C27EB8D26D2bin920 -> 0 bytes
-rw-r--r--id/server/data/deploy/conf/moa-id/certs/certstore/BE47A5DA41A35F740D98305DA8FF4096B71492BE/D1474E7D99512D05B98DD37B3FE86496A03D088Dbin922 -> 0 bytes
-rw-r--r--id/server/data/deploy/conf/moa-id/certs/certstore/BE77EF0A6C18C4B70D3B516426B559A2C1969460/9766A5ED03482991DA91BB763ECDCD9417394100bin1169 -> 0 bytes
-rw-r--r--id/server/data/deploy/conf/moa-id/certs/certstore/BE77EF0A6C18C4B70D3B516426B559A2C1969460/BB97947C31BBF3364A2909F9876DBD3B87B5B62Abin1169 -> 0 bytes
-rw-r--r--id/server/data/deploy/conf/moa-id/certs/certstore/BEBA5B735BCC34BDB0D778DAA1E669AEF999FCAB/60B7181FD8BCA00B84961BF31DB08C50376CCF44bin1068 -> 0 bytes
-rw-r--r--id/server/data/deploy/conf/moa-id/certs/certstore/BEBA5B735BCC34BDB0D778DAA1E669AEF999FCAB/74801529B4E8E5764FFC4D8E6577E1F84E8101CEbin1067 -> 0 bytes
-rw-r--r--id/server/data/deploy/conf/moa-id/certs/certstore/BEBA5B735BCC34BDB0D778DAA1E669AEF999FCAB/7B7B60B748C82B34EE71A3CEA729C477083F0BDAbin1068 -> 0 bytes
-rw-r--r--id/server/data/deploy/conf/moa-id/certs/certstore/BEBA5B735BCC34BDB0D778DAA1E669AEF999FCAB/EBB80BE34C78814AE659BBA3A2394E4D9857123Dbin1068 -> 0 bytes
-rw-r--r--id/server/data/deploy/conf/moa-id/certs/certstore/BED4C70D83B5042F4254459064FDEACD43DD1EDF/7BE0C8E441786C69A3CB35BDBEF235F8B5310E04bin700 -> 0 bytes
-rw-r--r--id/server/data/deploy/conf/moa-id/certs/certstore/BF375B55D8D7CFC31FD8E3FBF7B1981A91A1A6CA/42EFDDE6BFF35ED0BAE6ACDD204C50AE86C4F4FAbin975 -> 0 bytes
-rw-r--r--id/server/data/deploy/conf/moa-id/certs/certstore/BF375B55D8D7CFC31FD8E3FBF7B1981A91A1A6CA/51C01567BCB22968EF5A297B7EA84E195594E0E8bin975 -> 0 bytes
-rw-r--r--id/server/data/deploy/conf/moa-id/certs/certstore/C15FFFE6EFAD484909C9EFC6CD5C20435E326685/DDBAE68B1FF60FFBB2854C78727B76C95EC83BBEbin823 -> 0 bytes
-rw-r--r--id/server/data/deploy/conf/moa-id/certs/certstore/C20C15B6163E675959D273D502F0D80718326C55/844FDEEE3C847F4BD5153E822803C1A2C1B6E7BAbin1159 -> 0 bytes
-rw-r--r--id/server/data/deploy/conf/moa-id/certs/certstore/C20C15B6163E675959D273D502F0D80718326C55/B38C775A18C1195D01658D75FBDA3258B6DF018Bbin1159 -> 0 bytes
-rw-r--r--id/server/data/deploy/conf/moa-id/certs/certstore/C2A7CAE9E68EB7945828D193CB22CDD246BC7F95/6955D95F6B0799F7D96F4FC28E6E6C64758C1240bin1224 -> 0 bytes
-rw-r--r--id/server/data/deploy/conf/moa-id/certs/certstore/C52E4A04A22D98C70E19F1969AD71C838E4371B3/F96FE4F59166EFA9000B21A16EF22CF14468890Cbin944 -> 0 bytes
-rw-r--r--id/server/data/deploy/conf/moa-id/certs/certstore/C6673943153C8BE9F977A89A00ED84B432074576/7D0C7B977ACEA63D51EE34B00BC3C1DBF318B92Ebin1159 -> 0 bytes
-rw-r--r--id/server/data/deploy/conf/moa-id/certs/certstore/C6673943153C8BE9F977A89A00ED84B432074576/A79681CBDD69EC741214136F128923A574E26F03bin1159 -> 0 bytes
-rw-r--r--id/server/data/deploy/conf/moa-id/certs/certstore/C7E1D3604D2A960201D70F29B8A80EDA11475EEB/C18ECC8FD712ACAFBEAEDC1FA13F5AB19930E3EDbin406 -> 0 bytes
-rw-r--r--id/server/data/deploy/conf/moa-id/certs/certstore/C976280EC7FECF169577E31D8CA0BB00967904B1/7666A8BD2C2513DE489C06D08D566F177ECE84AAbin1260 -> 0 bytes
-rw-r--r--id/server/data/deploy/conf/moa-id/certs/certstore/CABD2EA6CA438084840DCCAE875F341E2D3A2C43/02A0E6456442E35198532ACFFB6FEE3B606D9FA3bin1366 -> 0 bytes
-rw-r--r--id/server/data/deploy/conf/moa-id/certs/certstore/CC93161E57C3898635E1D086008BD053F542457F/7D60E314AA6AEF548A614A9354C5068192051A29bin2278 -> 0 bytes
-rw-r--r--id/server/data/deploy/conf/moa-id/certs/certstore/CD2D87A57D1568A515128BE9DA8B3CAE7AC007A4/C6658C25AFB8A9D738F2BC591775D167549FFD3Abin1264 -> 0 bytes
-rw-r--r--id/server/data/deploy/conf/moa-id/certs/certstore/CE91CC7CF2DDDEE6623A1A91B3298DCAD2375F2B/8AB0A3519AFA7F3C04074522678BAA1CB3DC734Fbin930 -> 0 bytes
-rw-r--r--id/server/data/deploy/conf/moa-id/certs/certstore/CE91CC7CF2DDDEE6623A1A91B3298DCAD2375F2B/DF47B3040E7632614464BD2EC4ECD1B8030F53E3bin933 -> 0 bytes
-rw-r--r--id/server/data/deploy/conf/moa-id/certs/certstore/CE91CC7CF2DDDEE6623A1A91B3298DCAD2375F2B/E117479B4A41D7F3223FCAE50560B0D57B22217Dbin997 -> 0 bytes
-rw-r--r--id/server/data/deploy/conf/moa-id/certs/certstore/D4D40BD33958CD9169A7AB6304AA2BBAD22DC595/07976A2A16EC182670161B46886B05E1FEAC16B1bin1209 -> 0 bytes
-rw-r--r--id/server/data/deploy/conf/moa-id/certs/certstore/D708C897515970D33EF7CD0C2474449D3AB6AA83/52ED0FAFBD38A868C678174D7EB03D266ADB221Cbin994 -> 0 bytes
-rw-r--r--id/server/data/deploy/conf/moa-id/certs/certstore/DD29E76659D18371B78E61E7DF4D4B8FEDCAF8E7/8BA5C0847597612C7E16970EAE55EF58D32E9CF3bin1202 -> 0 bytes
-rw-r--r--id/server/data/deploy/conf/moa-id/certs/certstore/DF5F53FDADAFC93F4789141B5A7627EB9F3BD29F/18585FC53A283488E4BA84867980E9B1F2B28ADAbin1313 -> 0 bytes
-rw-r--r--id/server/data/deploy/conf/moa-id/certs/certstore/DF5F53FDADAFC93F4789141B5A7627EB9F3BD29F/27337257493B86B9BFF78D569F938D692A430EAEbin1218 -> 0 bytes
-rw-r--r--id/server/data/deploy/conf/moa-id/certs/certstore/DF5F53FDADAFC93F4789141B5A7627EB9F3BD29F/4832F0A28C3724A92F6CB3314F747D0E74FC7344bin1217 -> 0 bytes
-rw-r--r--id/server/data/deploy/conf/moa-id/certs/certstore/DF5F53FDADAFC93F4789141B5A7627EB9F3BD29F/6352302A5072DBFB769D4FF4C70C86432C4C1683bin1218 -> 0 bytes
-rw-r--r--id/server/data/deploy/conf/moa-id/certs/certstore/DF5F53FDADAFC93F4789141B5A7627EB9F3BD29F/EE886B907E31667D622677F665F25C54AF9A7F65bin1218 -> 0 bytes
-rw-r--r--id/server/data/deploy/conf/moa-id/certs/certstore/E47BA33321A8A919414A123C91F5D253766AB078/698563ECEE29232C5304487D972310F86650C3A6bin1185 -> 0 bytes
-rw-r--r--id/server/data/deploy/conf/moa-id/certs/certstore/E6A4C843059A6043B4DC967F9EF892B695990777/B4B77C83465979E3679E3A33F972F48EE3730A18bin924 -> 0 bytes
-rw-r--r--id/server/data/deploy/conf/moa-id/certs/certstore/EA7E6D37E678C1BCA5060F97DAF09F559DFD04B7/3AAD23B00CA10E54E6368DF7952E3F4B5108B65Cbin606 -> 0 bytes
-rw-r--r--id/server/data/deploy/conf/moa-id/certs/certstore/EEE6351C5C6EBD8644AB88E7648D44FA07C72A80/14E59C02A6877B0EBD2C4203886BA25959C1D267bin1020 -> 0 bytes
-rw-r--r--id/server/data/deploy/conf/moa-id/certs/certstore/F1B84756A1EAB09C171B2783DD163B42A9BD0BBB/ED5608CE67EA5CB79AC024CEA7445F9BCBE48703bin1067 -> 0 bytes
-rw-r--r--id/server/data/deploy/conf/moa-id/certs/certstore/F3DA7C495789E656FA27E611CCAFA05F232ADEA0/F3AE9FEA4DECEE5330770A2520BD86909929E7BEbin758 -> 0 bytes
-rw-r--r--id/server/data/deploy/conf/moa-id/certs/certstore/F4834A83B4ED558A1E349821898B6DE4353516F1/16D8270DE51B034E77B7CDAF1DEE623916243DDCbin1068 -> 0 bytes
-rw-r--r--id/server/data/deploy/conf/moa-id/certs/certstore/F4834A83B4ED558A1E349821898B6DE4353516F1/3D3F25C5CD9F932037D91B7D102EDB58EC7C8239bin1068 -> 0 bytes
-rw-r--r--id/server/data/deploy/conf/moa-id/certs/certstore/F4834A83B4ED558A1E349821898B6DE4353516F1/40B51EEF4E709FBD47935DDD83A1F640D0CC378Abin1067 -> 0 bytes
-rw-r--r--id/server/data/deploy/conf/moa-id/certs/certstore/F4834A83B4ED558A1E349821898B6DE4353516F1/D4E1786D8B8B57B22C81D0F0FCE18EA818DA0537bin1068 -> 0 bytes
-rw-r--r--id/server/data/deploy/conf/moa-id/certs/certstore/F48B57F89BACD8687EBB12223A5B8E5EF3774583/CAF84A42305615AC2C582F6412BDA3E36DAC3D25bin786 -> 0 bytes
-rw-r--r--id/server/data/deploy/conf/moa-id/certs/certstore/F613568C1D7A1300B32609998288211959DBDFB0/D7EDAF7381F7FC93B4C28FA372190D7A59CFA696bin660 -> 0 bytes
-rw-r--r--id/server/data/deploy/conf/moa-id/certs/certstore/F7D331850EC13D22284909E0FC3493A65FFA7F30/EC988340526163D5B7AC80481B2AC76828EDDC6Cbin1157 -> 0 bytes
-rw-r--r--id/server/data/deploy/conf/moa-id/certs/certstore/toBeAdded/A-Trust-Qual-01-20140701-20240701.SerNo144ddd(SecureSignatureKeypair).cer26
-rw-r--r--id/server/data/deploy/conf/moa-id/certs/certstore/toBeAdded/A-Trust-Qual-02-20140701-20240701.SerNo144de4(SecureSignatureKeypair).cer23
-rw-r--r--id/server/data/deploy/conf/moa-id/certs/certstore/toBeAdded/A-Trust-Qual-03-20140701-20240701.SerNo144df5(SecureSignatureKeypair).cer23
-rw-r--r--id/server/data/deploy/conf/moa-id/certs/certstore/toBeAdded/A-Trust-Root-05.20130923-20230920.SerNoFCDB4.cerbin1485 -> 0 bytes
-rw-r--r--id/server/data/deploy/conf/moa-id/certs/certstore/toBeAdded/A-Trust-nQual-01-20140701-20240701.SerNo144dc3(CertifiedKeypair).cer21
-rw-r--r--id/server/data/deploy/conf/moa-id/certs/certstore/toBeAdded/A-Trust-nQual-03-20140723-20250723.SerNo14b4f9.cer23
-rw-r--r--id/server/data/deploy/conf/moa-id/certs/certstore/toBeAdded/DigiCert High Assurance EV Root CA.crt23
-rw-r--r--id/server/data/deploy/conf/moa-id/certs/certstore/toBeAdded/TERENA SSL High Assurance CA 3 (DigiCert High Assurance EV Root CA).crt29
-rw-r--r--id/server/data/deploy/conf/moa-id/certs/certstore/toBeAdded/a-sign-Premium-Enc-05.20130923-20230920.SerNoFCDEE.cerbin1580 -> 0 bytes
-rw-r--r--id/server/data/deploy/conf/moa-id/certs/certstore/toBeAdded/a-sign-Premium-Sig-05.20130923-20230920.SerNoFCDB8.cerbin1580 -> 0 bytes
-rw-r--r--id/server/data/deploy/conf/moa-id/certs/certstore/toBeAdded/a-sign-Premium-Test-Sig-02.20141124-20241118.SerNo3969edc1.cerbin1029 -> 0 bytes
-rw-r--r--id/server/data/deploy/conf/moa-id/certs/certstore/toBeAdded/a-sign-Premium-enc-02.20140701-20240701.SerNo144dfd.cerbin1159 -> 0 bytes
-rw-r--r--id/server/data/deploy/conf/moa-id/certs/certstore/toBeAdded/a-sign-SSL-03.20140723-20240723.SerNo14b4fd.cer26
-rw-r--r--id/server/data/deploy/conf/moa-id/certs/certstore/toBeAdded/a-sign-Test-Qual-01.20141117-20241111.SerNo16120f.cer23
-rw-r--r--id/server/data/deploy/conf/moa-id/certs/certstore/toBeAdded/a-sign-corporate-light-02.20140905-20240905.SerNo153B49.cerbin1167 -> 0 bytes
-rw-r--r--id/server/data/deploy/conf/moa-id/certs/certstore/toBeAdded/a-sign-premium-sig-02.20140701-20240701.SerNo144e10.cerbin1159 -> 0 bytes
-rw-r--r--id/server/data/deploy/conf/moa-id/certs/certstore/toBeAdded/a-sign-premium-sig-03.20140701-20240701.SerNo144e13.cerbin1159 -> 0 bytes
-rw-r--r--id/server/data/deploy/conf/moa-id/certs/certstore/toBeAdded/atrust_OCSP_Responder_03-1.crtbin1185 -> 0 bytes
-rw-r--r--id/server/data/deploy/conf/moa-id/moa-id.properties57
-rw-r--r--id/server/doc/handbook/config/config.html38
-rw-r--r--id/server/doc/handbook/protocol/protocol.html6
-rw-r--r--id/server/idserverlib/pom.xml58
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/advancedlogging/DummyStatisticLogger.java (renamed from id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas/utils/MOAOrderedAttributeIterator.java)76
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/advancedlogging/IStatisticLogger.java39
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/advancedlogging/MOAReversionLogger.java8
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/advancedlogging/StatisticLogger.java95
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/AuthenticationSessionCleaner.java29
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/BaseAuthenticationServer.java28
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/IDestroyableObject.java (renamed from id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas/engine/MOAeIDAsExtensionProcessor.java)22
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/IGarbageCollectorProcessing.java (renamed from id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/auth/IGarbageCollectorProcessing.java)2
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/MOAGarbageCollector.java93
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/MOAIDAuthInitializer.java80
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/AuthenticationDataBuilder.java47
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/SignatureVerificationUtils.java11
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/data/AuthenticationSession.java353
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/data/AuthenticationSessionWrapper.java492
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/data/ExtendedSAMLAttributeImpl.java24
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/data/IdentityLink.java220
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/data/InfoboxValidationResult.java9
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/data/InfoboxValidationResultImpl.java1
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/data/VerifyXMLSignatureResponse.java217
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/exception/MISSimpleClientException.java4
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/modules/AbstractAuthServletTask.java32
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/modules/internal/tasks/EvaluateSSOConsentsTaskImpl.java18
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/modules/internal/tasks/FinalizeAuthenticationTask.java7
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/parser/IdentityLinkAssertionParser.java5
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/parser/StartAuthentificationParameterParser.java22
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/parser/VerifyXMLSignatureResponseParser.java5
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/AbstractController.java9
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/IDPSingleLogOutServlet.java16
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/LogOutServlet.java5
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/ConfigurationProviderImpl.java108
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/auth/MOAGarbageCollector.java77
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/auth/OAAuthParameter.java29
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/auth/PropertyBasedAuthConfigurationProvider.java26
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/auth/data/DynamicOAAuthParameters.java2
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/data/AuthenticationData.java15
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/data/IAuthData.java7
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/data/MISMandate.java39
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/moduls/AuthenticationManager.java127
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/moduls/RequestImpl.java69
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/moduls/RequestStorage.java3
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/moduls/SSOManager.java54
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/process/dao/ProcessInstanceStoreDAOImpl.java2
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/AbstractAuthProtocolModulController.java51
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/ProtocolFinalizationController.java67
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/builder/attributes/MandateProfRepDescAttributeBuilder.java4
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/builder/attributes/MandateProfRepOIDAttributeBuilder.java4
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/AttributQueryAction.java57
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/AuthenticationAction.java5
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/PVP2XProtocol.java23
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/PVPAssertionStorage.java2
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/PVPTargetConfiguration.java9
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/SingleLogOutAction.java292
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/binding/SoapBinding.java3
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/PVPMetadataBuilder.java28
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/SingleLogOutBuilder.java7
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/assertion/PVP2AssertionBuilder.java7
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/messages/InboundMessage.java10
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/metadata/MOAMetadataProvider.java223
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/metadata/SimpleMOAMetadataProvider.java19
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/signer/AbstractCredentialProvider.java3
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/utils/MOASAMLSOAPClient.java6
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/verification/SAMLVerificationEngine.java6
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/verification/metadata/MOASPMetadataSignatureFilter.java8
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/storage/DBAuthenticationSessionStoreage.java967
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/storage/DBTransactionStorage.java104
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/storage/IAuthenticationSessionStoreage.java102
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/storage/ITransactionStorage.java20
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/storage/RedisTransactionStorage.java375
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/util/ECDSAKeyValueConverter.java122
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/util/SSLUtils.java17
-rw-r--r--id/server/idserverlib/src/main/resources/moaid.authentication.beans.xml42
-rw-r--r--id/server/idserverlib/src/main/resources/resources/properties/id_messages_de.properties11
-rw-r--r--id/server/idserverlib/src/main/resources/resources/properties/protocol_response_statuscodes_de.properties3
-rw-r--r--id/server/idserverlib/src/main/resources/session.common.beans.xml73
-rw-r--r--id/server/idserverlib/src/main/resources/session.db.beans.xml20
-rw-r--r--id/server/idserverlib/src/main/resources/session.redis.beans.xml37
-rw-r--r--id/server/idserverlib/src/test/java/at/gv/egovernment/moa/id/module/test/TestRequestImpl.java41
-rw-r--r--id/server/idserverlib/src/test/java/at/gv/egovernment/moa/id/process/spring/test/DummyTransactionStorage.java147
-rw-r--r--id/server/idserverlib/src/test/java/at/gv/egovernment/moa/id/process/spring/test/SpringExpressionAwareProcessEngineTest.java3
-rw-r--r--id/server/idserverlib/src/test/java/at/gv/egovernment/moa/id/process/test/ProcessEngineTest.java3
-rw-r--r--id/server/idserverlib/src/test/java/at/gv/egovernment/moa/id/storage/test/DBTransactionStorageTest.java122
-rw-r--r--id/server/idserverlib/src/test/java/at/gv/egovernment/moa/id/storage/test/RedisTransactionMultiThreadTest.java130
-rw-r--r--id/server/idserverlib/src/test/java/at/gv/egovernment/moa/id/storage/test/RedisTransactionStorageTest.java116
-rw-r--r--id/server/idserverlib/src/test/java/test/tlenz/simpletest.java197
-rw-r--r--id/server/idserverlib/src/test/java/testBeans.xml130
-rw-r--r--id/server/idserverlib/src/test/resources/at/gv/egovernment/moa/id/process/spring/test/SpringExpressionAwareProcessEngineTest-context.xml13
-rw-r--r--id/server/moa-id-commons/pom.xml37
-rw-r--r--id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/MOAIDConstants.java14
-rw-r--r--id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/api/AuthConfiguration.java10
-rw-r--r--id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/api/ConfigurationProvider.java9
-rw-r--r--id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/api/IOAAuthParameters.java7
-rw-r--r--id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/api/IRequest.java28
-rw-r--r--id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/api/data/AuthProzessDataConstants.java66
-rw-r--r--id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/api/data/ExtendedSAMLAttribute.java (renamed from id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/data/ExtendedSAMLAttribute.java)2
-rw-r--r--id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/api/data/IAuthenticationSession.java296
-rw-r--r--id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/api/data/IIdentityLink.java175
-rw-r--r--id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/api/data/IMISMandate.java65
-rw-r--r--id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/api/data/IVerifiyXMLSignatureResponse.java161
-rw-r--r--id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/api/exceptions/SessionDataStorageException.java9
-rw-r--r--id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/config/ConfigurationMigrationUtils.java30
-rw-r--r--id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/config/SpringProfileConstants.java8
-rw-r--r--id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/db/MOASessionDBUtils.java192
-rw-r--r--id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/db/NewConfigurationDBRead.java11
-rw-r--r--id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/db/StatisticLogDBUtils.java192
-rw-r--r--id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/db/dao/config/deprecated/OASTORK.java35
-rw-r--r--id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/db/dao/config/deprecated/STORK.java32
-rw-r--r--id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/db/dao/session/AssertionStore.java17
-rw-r--r--id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/db/dao/session/AuthenticatedSessionStore.java4
-rw-r--r--id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/db/dao/statistic/StatisticLog.java2
-rw-r--r--id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/utils/MOAHttpProtocolSocketFactory.java90
-rw-r--r--id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/utils/ssl/CertStoreConfigurationImpl.java18
-rw-r--r--id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/utils/ssl/MOAIDTrustManager.java44
-rw-r--r--id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/utils/ssl/PKIConfigurationImpl.java118
-rw-r--r--id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/utils/ssl/PKIProfileImpl.java59
-rw-r--r--id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/utils/ssl/RevocationConfigurationImpl.java44
-rw-r--r--id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/utils/ssl/SSLUtils.java124
-rw-r--r--id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/logging/LogMsg.java67
-rw-r--r--id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/logging/LoggingContext.java70
-rw-r--r--id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/logging/LoggingContextManager.java80
-rw-r--r--id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/util/Constants.java13
-rw-r--r--id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/util/MOAEntityResolver.java3
-rw-r--r--id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/util/MOAErrorHandler.java2
-rw-r--r--id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/util/SSLUtils.java244
-rw-r--r--id/server/moa-id-commons/src/main/resources/META-INF/persistence.xml16
-rw-r--r--id/server/moa-id-commons/src/main/resources/configuration.beans.xml1
-rw-r--r--id/server/moa-id-commons/src/main/resources/hibernate_moasession.cfg.xml15
-rw-r--r--id/server/moa-id-commons/src/main/resources/hibernate_statistic.cfg.xml11
-rw-r--r--id/server/moa-id-commons/src/main/resources/statistic.logging.beans.xml74
-rw-r--r--id/server/moa-id-commons/src/test/java/test/at/gv/egovernment/moa/AllTests.java112
-rw-r--r--id/server/moa-id-commons/src/test/java/test/at/gv/egovernment/moa/util/SSLUtilsTest.java181
-rw-r--r--id/server/moa-id-jaxb_classes/pom.xml55
-rw-r--r--id/server/moa-id-jaxb_classes/src/main/java/at/gv/e_government/reference/namespace/mandates/_20040701_/Issued.java (renamed from id/server/idserverlib/src/main/java/at/gv/e_government/reference/namespace/mandates/_20040701_/Issued.java)0
-rw-r--r--id/server/moa-id-jaxb_classes/src/main/java/at/gv/e_government/reference/namespace/mandates/_20040701_/Mandate.java (renamed from id/server/idserverlib/src/main/java/at/gv/e_government/reference/namespace/mandates/_20040701_/Mandate.java)0
-rw-r--r--id/server/moa-id-jaxb_classes/src/main/java/at/gv/e_government/reference/namespace/mandates/_20040701_/Mandator.java (renamed from id/server/idserverlib/src/main/java/at/gv/e_government/reference/namespace/mandates/_20040701_/Mandator.java)0
-rw-r--r--id/server/moa-id-jaxb_classes/src/main/java/at/gv/e_government/reference/namespace/mandates/_20040701_/ObjectFactory.java (renamed from id/server/idserverlib/src/main/java/at/gv/e_government/reference/namespace/mandates/_20040701_/ObjectFactory.java)0
-rw-r--r--id/server/moa-id-jaxb_classes/src/main/java/at/gv/e_government/reference/namespace/mandates/_20040701_/ParameterDefinition.java (renamed from id/server/idserverlib/src/main/java/at/gv/e_government/reference/namespace/mandates/_20040701_/ParameterDefinition.java)0
-rw-r--r--id/server/moa-id-jaxb_classes/src/main/java/at/gv/e_government/reference/namespace/mandates/_20040701_/ParameterisedDescriptionType.java (renamed from id/server/idserverlib/src/main/java/at/gv/e_government/reference/namespace/mandates/_20040701_/ParameterisedDescriptionType.java)0
-rw-r--r--id/server/moa-id-jaxb_classes/src/main/java/at/gv/e_government/reference/namespace/mandates/_20040701_/ParameterisedTextType.java (renamed from id/server/idserverlib/src/main/java/at/gv/e_government/reference/namespace/mandates/_20040701_/ParameterisedTextType.java)0
-rw-r--r--id/server/moa-id-jaxb_classes/src/main/java/at/gv/e_government/reference/namespace/mandates/_20040701_/PasteParameter.java (renamed from id/server/idserverlib/src/main/java/at/gv/e_government/reference/namespace/mandates/_20040701_/PasteParameter.java)0
-rw-r--r--id/server/moa-id-jaxb_classes/src/main/java/at/gv/e_government/reference/namespace/mandates/_20040701_/PropertiesType.java (renamed from id/server/idserverlib/src/main/java/at/gv/e_government/reference/namespace/mandates/_20040701_/PropertiesType.java)0
-rw-r--r--id/server/moa-id-jaxb_classes/src/main/java/at/gv/e_government/reference/namespace/mandates/_20040701_/Representative.java (renamed from id/server/idserverlib/src/main/java/at/gv/e_government/reference/namespace/mandates/_20040701_/Representative.java)0
-rw-r--r--id/server/moa-id-jaxb_classes/src/main/java/at/gv/e_government/reference/namespace/mandates/_20040701_/SetParameter.java (renamed from id/server/idserverlib/src/main/java/at/gv/e_government/reference/namespace/mandates/_20040701_/SetParameter.java)0
-rw-r--r--id/server/moa-id-jaxb_classes/src/main/java/at/gv/e_government/reference/namespace/mandates/_20040701_/SimpleMandateContentType.java (renamed from id/server/idserverlib/src/main/java/at/gv/e_government/reference/namespace/mandates/_20040701_/SimpleMandateContentType.java)0
-rw-r--r--id/server/moa-id-jaxb_classes/src/main/java/at/gv/e_government/reference/namespace/mandates/_20040701_/package-info.java (renamed from id/server/idserverlib/src/main/java/at/gv/e_government/reference/namespace/mandates/_20040701_/package-info.java)0
-rw-r--r--id/server/moa-id-jaxb_classes/src/main/java/at/gv/e_government/reference/namespace/persondata/_20020228_/AbstractAddressType.java (renamed from id/server/idserverlib/src/main/java/at/gv/e_government/reference/namespace/persondata/_20020228_/AbstractAddressType.java)0
-rw-r--r--id/server/moa-id-jaxb_classes/src/main/java/at/gv/e_government/reference/namespace/persondata/_20020228_/AbstractPersonType.java (renamed from id/server/idserverlib/src/main/java/at/gv/e_government/reference/namespace/persondata/_20020228_/AbstractPersonType.java)0
-rw-r--r--id/server/moa-id-jaxb_classes/src/main/java/at/gv/e_government/reference/namespace/persondata/_20020228_/CorporateBodyType.java (renamed from id/server/idserverlib/src/main/java/at/gv/e_government/reference/namespace/persondata/_20020228_/CorporateBodyType.java)0
-rw-r--r--id/server/moa-id-jaxb_classes/src/main/java/at/gv/e_government/reference/namespace/persondata/_20020228_/DefinedAlternativeNameTypeType.java (renamed from id/server/idserverlib/src/main/java/at/gv/e_government/reference/namespace/persondata/_20020228_/DefinedAlternativeNameTypeType.java)0
-rw-r--r--id/server/moa-id-jaxb_classes/src/main/java/at/gv/e_government/reference/namespace/persondata/_20020228_/DefinedRelationType.java (renamed from id/server/idserverlib/src/main/java/at/gv/e_government/reference/namespace/persondata/_20020228_/DefinedRelationType.java)0
-rw-r--r--id/server/moa-id-jaxb_classes/src/main/java/at/gv/e_government/reference/namespace/persondata/_20020228_/IdentificationType.java (renamed from id/server/idserverlib/src/main/java/at/gv/e_government/reference/namespace/persondata/_20020228_/IdentificationType.java)0
-rw-r--r--id/server/moa-id-jaxb_classes/src/main/java/at/gv/e_government/reference/namespace/persondata/_20020228_/InternetAddressType.java (renamed from id/server/idserverlib/src/main/java/at/gv/e_government/reference/namespace/persondata/_20020228_/InternetAddressType.java)0
-rw-r--r--id/server/moa-id-jaxb_classes/src/main/java/at/gv/e_government/reference/namespace/persondata/_20020228_/MaritalStatusType.java (renamed from id/server/idserverlib/src/main/java/at/gv/e_government/reference/namespace/persondata/_20020228_/MaritalStatusType.java)0
-rw-r--r--id/server/moa-id-jaxb_classes/src/main/java/at/gv/e_government/reference/namespace/persondata/_20020228_/MobileTelcomNumberType.java (renamed from id/server/idserverlib/src/main/java/at/gv/e_government/reference/namespace/persondata/_20020228_/MobileTelcomNumberType.java)0
-rw-r--r--id/server/moa-id-jaxb_classes/src/main/java/at/gv/e_government/reference/namespace/persondata/_20020228_/ObjectFactory.java (renamed from id/server/idserverlib/src/main/java/at/gv/e_government/reference/namespace/persondata/_20020228_/ObjectFactory.java)0
-rw-r--r--id/server/moa-id-jaxb_classes/src/main/java/at/gv/e_government/reference/namespace/persondata/_20020228_/PersonDataType.java (renamed from id/server/idserverlib/src/main/java/at/gv/e_government/reference/namespace/persondata/_20020228_/PersonDataType.java)0
-rw-r--r--id/server/moa-id-jaxb_classes/src/main/java/at/gv/e_government/reference/namespace/persondata/_20020228_/PersonNameType.java (renamed from id/server/idserverlib/src/main/java/at/gv/e_government/reference/namespace/persondata/_20020228_/PersonNameType.java)0
-rw-r--r--id/server/moa-id-jaxb_classes/src/main/java/at/gv/e_government/reference/namespace/persondata/_20020228_/PhysicalPersonType.java (renamed from id/server/idserverlib/src/main/java/at/gv/e_government/reference/namespace/persondata/_20020228_/PhysicalPersonType.java)0
-rw-r--r--id/server/moa-id-jaxb_classes/src/main/java/at/gv/e_government/reference/namespace/persondata/_20020228_/PostalAddressType.java (renamed from id/server/idserverlib/src/main/java/at/gv/e_government/reference/namespace/persondata/_20020228_/PostalAddressType.java)0
-rw-r--r--id/server/moa-id-jaxb_classes/src/main/java/at/gv/e_government/reference/namespace/persondata/_20020228_/SexType.java (renamed from id/server/idserverlib/src/main/java/at/gv/e_government/reference/namespace/persondata/_20020228_/SexType.java)0
-rw-r--r--id/server/moa-id-jaxb_classes/src/main/java/at/gv/e_government/reference/namespace/persondata/_20020228_/TelcomNumberListType.java (renamed from id/server/idserverlib/src/main/java/at/gv/e_government/reference/namespace/persondata/_20020228_/TelcomNumberListType.java)0
-rw-r--r--id/server/moa-id-jaxb_classes/src/main/java/at/gv/e_government/reference/namespace/persondata/_20020228_/TelcomNumberType.java (renamed from id/server/idserverlib/src/main/java/at/gv/e_government/reference/namespace/persondata/_20020228_/TelcomNumberType.java)0
-rw-r--r--id/server/moa-id-jaxb_classes/src/main/java/at/gv/e_government/reference/namespace/persondata/_20020228_/TelephoneAddressType.java (renamed from id/server/idserverlib/src/main/java/at/gv/e_government/reference/namespace/persondata/_20020228_/TelephoneAddressType.java)0
-rw-r--r--id/server/moa-id-jaxb_classes/src/main/java/at/gv/e_government/reference/namespace/persondata/_20020228_/TypedPostalAddressType.java (renamed from id/server/idserverlib/src/main/java/at/gv/e_government/reference/namespace/persondata/_20020228_/TypedPostalAddressType.java)0
-rw-r--r--id/server/moa-id-jaxb_classes/src/main/java/at/gv/e_government/reference/namespace/persondata/_20020228_/package-info.java (renamed from id/server/idserverlib/src/main/java/at/gv/e_government/reference/namespace/persondata/_20020228_/package-info.java)0
-rw-r--r--id/server/moa-id-jaxb_classes/src/main/java/org/w3/_2000/_09/xmldsig_/CanonicalizationMethodType.java (renamed from id/server/idserverlib/src/main/java/org/w3/_2000/_09/xmldsig_/CanonicalizationMethodType.java)0
-rw-r--r--id/server/moa-id-jaxb_classes/src/main/java/org/w3/_2000/_09/xmldsig_/DSAKeyValueType.java (renamed from id/server/idserverlib/src/main/java/org/w3/_2000/_09/xmldsig_/DSAKeyValueType.java)0
-rw-r--r--id/server/moa-id-jaxb_classes/src/main/java/org/w3/_2000/_09/xmldsig_/DigestMethodType.java (renamed from id/server/idserverlib/src/main/java/org/w3/_2000/_09/xmldsig_/DigestMethodType.java)0
-rw-r--r--id/server/moa-id-jaxb_classes/src/main/java/org/w3/_2000/_09/xmldsig_/KeyInfoType.java (renamed from id/server/idserverlib/src/main/java/org/w3/_2000/_09/xmldsig_/KeyInfoType.java)0
-rw-r--r--id/server/moa-id-jaxb_classes/src/main/java/org/w3/_2000/_09/xmldsig_/KeyValueType.java (renamed from id/server/idserverlib/src/main/java/org/w3/_2000/_09/xmldsig_/KeyValueType.java)0
-rw-r--r--id/server/moa-id-jaxb_classes/src/main/java/org/w3/_2000/_09/xmldsig_/ManifestType.java (renamed from id/server/idserverlib/src/main/java/org/w3/_2000/_09/xmldsig_/ManifestType.java)0
-rw-r--r--id/server/moa-id-jaxb_classes/src/main/java/org/w3/_2000/_09/xmldsig_/ObjectFactory.java (renamed from id/server/idserverlib/src/main/java/org/w3/_2000/_09/xmldsig_/ObjectFactory.java)0
-rw-r--r--id/server/moa-id-jaxb_classes/src/main/java/org/w3/_2000/_09/xmldsig_/ObjectType.java (renamed from id/server/idserverlib/src/main/java/org/w3/_2000/_09/xmldsig_/ObjectType.java)0
-rw-r--r--id/server/moa-id-jaxb_classes/src/main/java/org/w3/_2000/_09/xmldsig_/PGPDataType.java (renamed from id/server/idserverlib/src/main/java/org/w3/_2000/_09/xmldsig_/PGPDataType.java)0
-rw-r--r--id/server/moa-id-jaxb_classes/src/main/java/org/w3/_2000/_09/xmldsig_/RSAKeyValueType.java (renamed from id/server/idserverlib/src/main/java/org/w3/_2000/_09/xmldsig_/RSAKeyValueType.java)0
-rw-r--r--id/server/moa-id-jaxb_classes/src/main/java/org/w3/_2000/_09/xmldsig_/ReferenceType.java (renamed from id/server/idserverlib/src/main/java/org/w3/_2000/_09/xmldsig_/ReferenceType.java)0
-rw-r--r--id/server/moa-id-jaxb_classes/src/main/java/org/w3/_2000/_09/xmldsig_/RetrievalMethodType.java (renamed from id/server/idserverlib/src/main/java/org/w3/_2000/_09/xmldsig_/RetrievalMethodType.java)0
-rw-r--r--id/server/moa-id-jaxb_classes/src/main/java/org/w3/_2000/_09/xmldsig_/SPKIDataType.java (renamed from id/server/idserverlib/src/main/java/org/w3/_2000/_09/xmldsig_/SPKIDataType.java)0
-rw-r--r--id/server/moa-id-jaxb_classes/src/main/java/org/w3/_2000/_09/xmldsig_/SignatureMethodType.java (renamed from id/server/idserverlib/src/main/java/org/w3/_2000/_09/xmldsig_/SignatureMethodType.java)0
-rw-r--r--id/server/moa-id-jaxb_classes/src/main/java/org/w3/_2000/_09/xmldsig_/SignaturePropertiesType.java (renamed from id/server/idserverlib/src/main/java/org/w3/_2000/_09/xmldsig_/SignaturePropertiesType.java)0
-rw-r--r--id/server/moa-id-jaxb_classes/src/main/java/org/w3/_2000/_09/xmldsig_/SignaturePropertyType.java (renamed from id/server/idserverlib/src/main/java/org/w3/_2000/_09/xmldsig_/SignaturePropertyType.java)0
-rw-r--r--id/server/moa-id-jaxb_classes/src/main/java/org/w3/_2000/_09/xmldsig_/SignatureType.java (renamed from id/server/idserverlib/src/main/java/org/w3/_2000/_09/xmldsig_/SignatureType.java)0
-rw-r--r--id/server/moa-id-jaxb_classes/src/main/java/org/w3/_2000/_09/xmldsig_/SignatureValueType.java (renamed from id/server/idserverlib/src/main/java/org/w3/_2000/_09/xmldsig_/SignatureValueType.java)0
-rw-r--r--id/server/moa-id-jaxb_classes/src/main/java/org/w3/_2000/_09/xmldsig_/SignedInfoType.java (renamed from id/server/idserverlib/src/main/java/org/w3/_2000/_09/xmldsig_/SignedInfoType.java)0
-rw-r--r--id/server/moa-id-jaxb_classes/src/main/java/org/w3/_2000/_09/xmldsig_/TransformType.java (renamed from id/server/idserverlib/src/main/java/org/w3/_2000/_09/xmldsig_/TransformType.java)0
-rw-r--r--id/server/moa-id-jaxb_classes/src/main/java/org/w3/_2000/_09/xmldsig_/TransformsType.java (renamed from id/server/idserverlib/src/main/java/org/w3/_2000/_09/xmldsig_/TransformsType.java)0
-rw-r--r--id/server/moa-id-jaxb_classes/src/main/java/org/w3/_2000/_09/xmldsig_/X509DataType.java (renamed from id/server/idserverlib/src/main/java/org/w3/_2000/_09/xmldsig_/X509DataType.java)0
-rw-r--r--id/server/moa-id-jaxb_classes/src/main/java/org/w3/_2000/_09/xmldsig_/X509IssuerSerialType.java (renamed from id/server/idserverlib/src/main/java/org/w3/_2000/_09/xmldsig_/X509IssuerSerialType.java)0
-rw-r--r--id/server/moa-id-jaxb_classes/src/main/java/org/w3/_2000/_09/xmldsig_/package-info.java (renamed from id/server/idserverlib/src/main/java/org/w3/_2000/_09/xmldsig_/package-info.java)0
-rw-r--r--id/server/moa-id-spring-initializer/src/main/java/at/gv/egovernment/moa/id/auth/MOAContextCloseHandler.java166
-rw-r--r--id/server/moa-id-spring-initializer/src/main/java/at/gv/egovernment/moa/id/auth/MOAIDAuthSpringInitializer.java24
-rw-r--r--id/server/moa-id-spring-initializer/src/main/java/at/gv/egovernment/moa/id/auth/MOAIDAuthSpringResourceProvider.java11
-rw-r--r--id/server/moa-id-spring-initializer/src/main/resources/applicationContext.xml3
-rw-r--r--id/server/modules/moa-id-modul-citizencard_authentication/pom.xml7
-rw-r--r--id/server/modules/moa-id-modul-citizencard_authentication/src/main/java/at/gv/egovernment/moa/id/auth/AuthenticationServer.java78
-rw-r--r--id/server/modules/moa-id-modul-citizencard_authentication/src/main/java/at/gv/egovernment/moa/id/auth/builder/AuthenticationAssertionBuilder.java2
-rw-r--r--id/server/modules/moa-id-modul-citizencard_authentication/src/main/java/at/gv/egovernment/moa/id/auth/builder/AuthenticationBlockAssertionBuilder.java10
-rw-r--r--id/server/modules/moa-id-modul-citizencard_authentication/src/main/java/at/gv/egovernment/moa/id/auth/builder/PersonDataBuilder.java4
-rw-r--r--id/server/modules/moa-id-modul-citizencard_authentication/src/main/java/at/gv/egovernment/moa/id/auth/builder/VerifyXMLSignatureRequestBuilder.java4
-rw-r--r--id/server/modules/moa-id-modul-citizencard_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/internal/tasks/GetForeignIDTask.java15
-rw-r--r--id/server/modules/moa-id-modul-citizencard_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/internal/tasks/GetMISSessionIDTask.java7
-rw-r--r--id/server/modules/moa-id-modul-citizencard_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/internal/tasks/InitializeBKUAuthenticationTask.java16
-rw-r--r--id/server/modules/moa-id-modul-citizencard_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/internal/tasks/PrepareAuthBlockSignatureTask.java4
-rw-r--r--id/server/modules/moa-id-modul-citizencard_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/internal/tasks/PrepareGetMISMandateTask.java12
-rw-r--r--id/server/modules/moa-id-modul-citizencard_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/internal/tasks/VerifyAuthenticationBlockTask.java4
-rw-r--r--id/server/modules/moa-id-modul-citizencard_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/internal/tasks/VerifyCertificateTask.java9
-rw-r--r--id/server/modules/moa-id-modul-citizencard_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/internal/tasks/VerifyIdentityLinkTask.java4
-rw-r--r--id/server/modules/moa-id-modul-citizencard_authentication/src/main/java/at/gv/egovernment/moa/id/auth/parser/InfoboxReadResponseParser.java4
-rw-r--r--id/server/modules/moa-id-modul-citizencard_authentication/src/main/java/at/gv/egovernment/moa/id/auth/validator/CreateXMLSignatureResponseValidator.java14
-rw-r--r--id/server/modules/moa-id-modul-citizencard_authentication/src/main/java/at/gv/egovernment/moa/id/auth/validator/IdentityLinkValidator.java3
-rw-r--r--id/server/modules/moa-id-modul-citizencard_authentication/src/main/java/at/gv/egovernment/moa/id/auth/validator/VerifyXMLSignatureResponseValidator.java25
-rw-r--r--id/server/modules/moa-id-modul-citizencard_authentication/src/main/java/at/gv/egovernment/moa/id/util/CitizenCardServletUtils.java4
-rw-r--r--id/server/modules/moa-id-modul-citizencard_authentication/src/main/java/at/gv/egovernment/moa/id/util/client/mis/simple/MISSimpleClient.java22
-rw-r--r--id/server/modules/moa-id-modul-citizencard_authentication/src/test/java/test/at/gv/egovernment/moa/id/auth/builder/PersonDataBuilderTest.java6
-rw-r--r--id/server/modules/moa-id-modul-citizencard_authentication/src/test/java/test/at/gv/egovernment/moa/id/auth/parser/InfoboxReadResponseParserTest.java7
-rw-r--r--id/server/modules/moa-id-module-eIDAS/pom.xml22
-rw-r--r--id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas/Constants.java84
-rw-r--r--id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas/config/MOASWSigner.java56
-rw-r--r--id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas/config/MOAeIDASSAMLEngineConfigurationImpl.java34
-rw-r--r--id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas/config/MOAeIDASSAMLInstanceConfigurationImpl.java57
-rw-r--r--id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas/config/ModifiedEncryptionSW.java83
-rw-r--r--id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas/engine/MOAEidasProtocolProcesser.java57
-rw-r--r--id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas/engine/MOAeIDASChainingMetadataProvider.java90
-rw-r--r--id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas/engine/MOAeIDASMetadataProviderDecorator.java44
-rw-r--r--id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas/engine/validation/MoaEidasConditionsValidator.java83
-rw-r--r--id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas/exceptions/EIDASAuthnRequestProcessingException.java (renamed from id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas/exceptions/eIDASAuthnRequestProcessingException.java)10
-rw-r--r--id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas/exceptions/EIDASAuthnRequestValidationException.java (renamed from id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas/exceptions/eIDASAuthnRequestValidationException.java)4
-rw-r--r--id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas/exceptions/EIDASEngineException.java2
-rw-r--r--id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas/exceptions/EIDASException.java (renamed from id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas/exceptions/eIDASException.java)6
-rw-r--r--id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas/exceptions/EIDASResponseBuildException.java (renamed from id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas/exceptions/eIDASResponseBuildException.java)6
-rw-r--r--id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas/exceptions/EIDASResponseNotSuccessException.java (renamed from id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas/exceptions/eIDASResponseNotSuccessException.java)6
-rw-r--r--id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas/exceptions/eIDASAttributeException.java2
-rw-r--r--id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas/tasks/CreateIdentityLinkTask.java66
-rw-r--r--id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas/tasks/GenerateAuthnRequestTask.java189
-rw-r--r--id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas/tasks/ReceiveAuthnResponseTask.java70
-rw-r--r--id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas/utils/MOAPersonalAttributeList.java343
-rw-r--r--id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas/utils/MOAProtocolEngineFactory.java99
-rw-r--r--id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas/utils/MOAeIDASMetadataGenerator.java621
-rw-r--r--id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas/utils/SAMLEngineUtils.java107
-rw-r--r--id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas/utils/SimpleEidasAttributeGenerator.java68
-rw-r--r--id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/protocols/eidas/EIDASData.java25
-rw-r--r--id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/protocols/eidas/EIDASProtocol.java230
-rw-r--r--id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/protocols/eidas/EidasMetaDataRequest.java52
-rw-r--r--id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/protocols/eidas/eIDASAuthenticationRequest.java229
-rw-r--r--id/server/modules/moa-id-module-eIDAS/src/main/resources/moaid_eidas_auth.beans.xml3
-rw-r--r--id/server/modules/moa-id-module-eIDAS/src/main/resources/own-saml-eidasnode-config.xml42
-rw-r--r--id/server/modules/moa-id-module-elga_mandate_service/src/main/java/at/gv/egovernment/moa/id/auth/modules/elgamandates/tasks/ReceiveElgaMandateResponseTask.java2
-rw-r--r--id/server/modules/moa-id-module-elga_mandate_service/src/main/java/at/gv/egovernment/moa/id/auth/modules/elgamandates/utils/ELGAMandateServiceMetadataProvider.java27
-rw-r--r--id/server/modules/moa-id-module-openID/src/main/java/at/gv/egovernment/moa/id/protocols/oauth20/json/OAuth20SignatureUtil.java4
-rw-r--r--id/server/modules/moa-id-module-openID/src/main/java/at/gv/egovernment/moa/id/protocols/oauth20/protocol/OAuth20AuthAction.java2
-rw-r--r--id/server/modules/moa-id-module-openID/src/main/java/at/gv/egovernment/moa/id/protocols/oauth20/protocol/OAuth20AuthRequest.java3
-rw-r--r--id/server/modules/moa-id-module-openID/src/main/java/at/gv/egovernment/moa/id/protocols/oauth20/protocol/OAuth20TokenRequest.java3
-rw-r--r--id/server/modules/moa-id-module-openID/src/test/java/test/at/gv/egovernment/moa/id/auth/oauth/CertTest.java10
-rw-r--r--id/server/modules/moa-id-module-ssoTransfer/src/main/java/at/gv/egovernment/moa/id/auth/modules/ssotransfer/data/SSOTransferAuthenticationData.java16
-rw-r--r--id/server/modules/moa-id-module-ssoTransfer/src/main/java/at/gv/egovernment/moa/id/auth/modules/ssotransfer/data/SSOTransferOnlineApplication.java2
-rw-r--r--id/server/modules/moa-id-module-ssoTransfer/src/main/java/at/gv/egovernment/moa/id/auth/modules/ssotransfer/servlet/SSOTransferServlet.java26
-rw-r--r--id/server/modules/moa-id-module-ssoTransfer/src/main/java/at/gv/egovernment/moa/id/auth/modules/ssotransfer/task/RestoreSSOSessionTask.java9
-rw-r--r--id/server/modules/moa-id-module-ssoTransfer/src/main/java/at/gv/egovernment/moa/id/auth/modules/ssotransfer/utils/SSOContainerUtils.java11
-rw-r--r--id/server/modules/moa-id-modules-federated_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/federatedauth/tasks/CreateAuthnRequestTask.java4
-rw-r--r--id/server/modules/moa-id-modules-federated_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/federatedauth/tasks/ReceiveAuthnResponseTask.java17
-rw-r--r--id/server/modules/moa-id-modules-saml1/pom.xml7
-rw-r--r--id/server/modules/moa-id-modules-saml1/src/main/java/at/gv/egovernment/moa/id/auth/builder/AuthenticationDataAssertionBuilder.java2
-rw-r--r--id/server/modules/moa-id-modules-saml1/src/main/java/at/gv/egovernment/moa/id/protocols/saml1/GetArtifactAction.java18
-rw-r--r--id/server/modules/moa-id-modules-saml1/src/main/java/at/gv/egovernment/moa/id/protocols/saml1/SAML1AuthenticationData.java2
-rw-r--r--id/server/modules/moa-id-modules-saml1/src/main/java/at/gv/egovernment/moa/id/protocols/saml1/SAML1AuthenticationServer.java85
-rw-r--r--id/server/modules/moa-id-modules-saml1/src/main/java/at/gv/egovernment/moa/id/protocols/saml1/SAML1RequestImpl.java3
-rw-r--r--id/server/modules/module-monitoring/src/main/java/at/gv/egovernment/moa/id/auth/servlet/MonitoringController.java (renamed from id/server/modules/module-monitoring/src/main/java/at/gv/egovernment/moa/id/auth/servlet/MonitoringServlet.java)88
-rw-r--r--id/server/modules/module-monitoring/src/main/java/at/gv/egovernment/moa/id/monitoring/DatabaseTestModule.java51
-rw-r--r--id/server/modules/module-monitoring/src/main/java/at/gv/egovernment/moa/id/monitoring/IdentityLinkTestModule.java10
-rw-r--r--id/server/modules/module-monitoring/src/main/java/at/gv/egovernment/moa/id/monitoring/MonitoringSpringResourceProvider.java29
-rw-r--r--id/server/modules/module-monitoring/src/main/java/at/gv/egovernment/moa/id/monitoring/TestManager.java60
-rw-r--r--id/server/modules/module-monitoring/src/main/resources/META-INF/services/at.gv.egiz.components.spring.api.SpringResourceProvider1
-rw-r--r--id/server/modules/module-monitoring/src/main/resources/moaid_monitoring.beans.xml16
-rw-r--r--id/server/pom.xml5
499 files changed, 9196 insertions, 5272 deletions
diff --git a/id/ConfigWebTool/pom.xml b/id/ConfigWebTool/pom.xml
index c672d32a6..28c0a9fe4 100644
--- a/id/ConfigWebTool/pom.xml
+++ b/id/ConfigWebTool/pom.xml
@@ -64,12 +64,6 @@
<dependency>
<groupId>MOA.id.server</groupId>
<artifactId>moa-id-commons</artifactId>
- <exclusions>
- <exclusion>
- <artifactId>hibernate-c3p0</artifactId>
- <groupId>org.hibernate</groupId>
- </exclusion>
- </exclusions>
</dependency>
<dependency>
diff --git a/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/Constants.java b/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/Constants.java
index f549db9f3..3062a61e3 100644
--- a/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/Constants.java
+++ b/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/Constants.java
@@ -22,11 +22,10 @@
*******************************************************************************/
package at.gv.egovernment.moa.id.configuration;
+import java.util.Collections;
import java.util.Hashtable;
import java.util.Map;
-import java.util.Collections;
-
public class Constants {
public static final String DEFAULT_VERSION = "1.x";
@@ -96,6 +95,7 @@ public class Constants {
public static final String IDENIFICATIONTYPE_ERSB = "ERSB";
public static final String IDENIFICATIONTYPE_ZVR = "ZVR";
public static final String IDENIFICATIONTYPE_STORK = "STORK";
+ public static final String IDENIFICATIONTYPE_EIDAS = "eIDAS";
public static final String IDENIFICATIONTYPE_BASEID = "urn:publicid:gv.at:baseid+";
public static final String IDENIFICATIONTYPE_BASEID_FN = IDENIFICATIONTYPE_BASEID + "X" + IDENIFICATIONTYPE_FN;
@@ -103,6 +103,7 @@ public class Constants {
public static final String PREFIX_WPBK = "urn:publicid:gv.at:wbpk+";
public static final String PREFIX_STORK = "urn:publicid:gv.at:storkid+";
+ public static final String PREFIX_EIDAS = "urn:publicid:gv.at:eidasid+";
public static final Map<String, String> BUSINESSSERVICENAMES;
@@ -113,6 +114,7 @@ public class Constants {
tmp.put(IDENIFICATIONTYPE_ZVR, "Vereinsnummer");
tmp.put(IDENIFICATIONTYPE_ERSB, "ERsB Kennzahl");
tmp.put(IDENIFICATIONTYPE_STORK, "STORK");
+ tmp.put(IDENIFICATIONTYPE_EIDAS, "eIDAS");
BUSINESSSERVICENAMES = Collections.unmodifiableMap(tmp);
}
diff --git a/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/config/ConfigurationProvider.java b/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/config/ConfigurationProvider.java
index ab6c22858..c0cd971cf 100644
--- a/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/config/ConfigurationProvider.java
+++ b/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/config/ConfigurationProvider.java
@@ -22,8 +22,6 @@
*******************************************************************************/
package at.gv.egovernment.moa.id.configuration.config;
-import iaik.x509.X509Certificate;
-
import java.io.File;
import java.io.FileInputStream;
import java.io.FileNotFoundException;
@@ -65,6 +63,7 @@ import at.gv.egovernment.moa.id.configuration.config.usermanagement.FileBasedUse
import at.gv.egovernment.moa.id.configuration.utils.UserRequestCleaner;
import at.gv.egovernment.moa.util.FileUtils;
import at.gv.egovernment.moa.util.MiscUtil;
+import iaik.x509.X509Certificate;
public class ConfigurationProvider {
@@ -580,7 +579,8 @@ public class ConfigurationProvider {
ConfigurationProvider.getInstance().getTrustStoreDirectory(),
null,
"pkix",
- true);
+ true,
+ new String[]{"crl"});
httpClient.setCustomSSLTrustStore(metadataurl, protoSocketFactory);
@@ -590,7 +590,7 @@ public class ConfigurationProvider {
}
}
- idpMetadataProvider = new HTTPMetadataProvider(new Timer(), httpClient, metadataurl);
+ idpMetadataProvider = new HTTPMetadataProvider(new Timer(true), httpClient, metadataurl);
idpMetadataProvider.setRequireValidMetadata(true);
idpMetadataProvider.setParserPool(new BasicParserPool());
idpMetadataProvider.setMetadataFilter(new MetaDataVerificationFilter(idpCredential));
diff --git a/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/data/GeneralMOAIDConfig.java b/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/data/GeneralMOAIDConfig.java
index 86ac6f779..82eb5592a 100644
--- a/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/data/GeneralMOAIDConfig.java
+++ b/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/data/GeneralMOAIDConfig.java
@@ -69,7 +69,7 @@ public class GeneralMOAIDConfig {
public static final String LINE_DELIMITER = ";";
private String alternativeSourceID = null;
- private String certStoreDirectory = null;
+// private String certStoreDirectory = null;
private boolean trustmanagerrevocationcheck = true;
private String timeoutAssertion = String.valueOf(DEFAULTTIMEOUTASSERTION);
@@ -217,7 +217,7 @@ public class GeneralMOAIDConfig {
GeneralConfiguration authgen = auth.getGeneralConfiguration();
if (authgen != null) {
alternativeSourceID = authgen.getAlternativeSourceID();
- certStoreDirectory = authgen.getCertStoreDirectory();
+ //certStoreDirectory = authgen.getCertStoreDirectory();
if (authgen.isTrustManagerRevocationChecking() != null)
trustmanagerrevocationcheck = authgen.isTrustManagerRevocationChecking();
@@ -449,19 +449,19 @@ public class GeneralMOAIDConfig {
this.szrgwURL = szrgwURL;
}
- /**
- * @return the certStoreDirectory
- */
- public String getCertStoreDirectory() {
- return certStoreDirectory;
- }
-
- /**
- * @param certStoreDirectory the certStoreDirectory to set
- */
- public void setCertStoreDirectory(String certStoreDirectory) {
- this.certStoreDirectory = certStoreDirectory;
- }
+// /**
+// * @return the certStoreDirectory
+// */
+// public String getCertStoreDirectory() {
+// return certStoreDirectory;
+// }
+//
+// /**
+// * @param certStoreDirectory the certStoreDirectory to set
+// */
+// public void setCertStoreDirectory(String certStoreDirectory) {
+// this.certStoreDirectory = certStoreDirectory;
+// }
/**
* @return the timeoutAssertion
diff --git a/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/data/GeneralStorkConfig.java b/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/data/GeneralStorkConfig.java
index e71bad299..b5c996c72 100644
--- a/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/data/GeneralStorkConfig.java
+++ b/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/data/GeneralStorkConfig.java
@@ -27,6 +27,7 @@ import java.util.List;
import org.apache.log4j.Logger;
+import at.gv.egovernment.moa.id.commons.MOAIDConstants;
import at.gv.egovernment.moa.id.commons.db.dao.config.deprecated.AuthComponentGeneral;
import at.gv.egovernment.moa.id.commons.db.dao.config.deprecated.CPEPS;
import at.gv.egovernment.moa.id.commons.db.dao.config.deprecated.ForeignIdentities;
@@ -40,7 +41,7 @@ public class GeneralStorkConfig {
private List<CPEPS> cpepslist;
private List<StorkAttribute> attributes;
- private int qaa;
+ private String qaa;
private static final Logger log = Logger.getLogger(GeneralStorkConfig.class);
private MOAIDConfiguration dbconfig = null;
@@ -91,10 +92,10 @@ public class GeneralStorkConfig {
}
try {
- qaa = stork.getQualityAuthenticationAssuranceLevel();
+ qaa = stork.getGeneral_eIDAS_LOA();
} catch(NullPointerException e) {
- qaa = 4;
+ qaa = MOAIDConstants.eIDAS_LOA_HIGH;
}
}
@@ -114,6 +115,10 @@ public class GeneralStorkConfig {
attributes.add(new StorkAttribute());
}
+ public List<String> getAllowedLoALevels() {
+ return MOAIDConstants.ALLOWED_eIDAS_LOA;
+ }
+
public List<CPEPS> getRawCPEPSList() {
return cpepslist;
}
@@ -161,11 +166,11 @@ public class GeneralStorkConfig {
this.attributes = attributes;
}
- public int getDefaultQaa() {
+ public String getDefaultQaa() {
return qaa;
}
- public void setDefaultQaa(int qaa) {
+ public void setDefaultQaa(String qaa) {
this.qaa = qaa;
}
}
diff --git a/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/data/oa/OASTORKConfig.java b/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/data/oa/OASTORKConfig.java
index c0e1eaaf7..fb096a2a0 100644
--- a/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/data/oa/OASTORKConfig.java
+++ b/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/data/oa/OASTORKConfig.java
@@ -29,6 +29,7 @@ import javax.servlet.http.HttpServletRequest;
import org.apache.log4j.Logger;
+import at.gv.egovernment.moa.id.commons.MOAIDConstants;
import at.gv.egovernment.moa.id.commons.db.dao.config.deprecated.AttributeProviderPlugin;
import at.gv.egovernment.moa.id.commons.db.dao.config.deprecated.AuthComponentOA;
import at.gv.egovernment.moa.id.commons.db.dao.config.deprecated.CPEPS;
@@ -49,7 +50,7 @@ public class OASTORKConfig implements IOnlineApplicationData{
private static final Logger log = Logger.getLogger(OASTORKConfig.class);
private boolean isStorkLogonEnabled = false;
- private int qaa;
+ private String qaa;
private List<AttributeHelper> attributes = null;
@@ -107,14 +108,14 @@ public class OASTORKConfig implements IOnlineApplicationData{
setStorkLogonEnabled(config.isStorkLogonEnabled());
try {
- setQaa(config.getQaa());
+ setQaa(config.geteIDAS_LOA());
} catch(NullPointerException e) {
// if there is no configuration available for the OA, get the default qaa level
try {
- setQaa(dbconfig.getAuthComponentGeneral().getForeignIdentities().getSTORK().getQualityAuthenticationAssuranceLevel());
+ setQaa(dbconfig.getAuthComponentGeneral().getForeignIdentities().getSTORK().getGeneral_eIDAS_LOA());
} catch (NullPointerException e1) {
- setQaa(4);
+ setQaa(MOAIDConstants.eIDAS_LOA_HIGH);
}
}
@@ -208,7 +209,7 @@ public class OASTORKConfig implements IOnlineApplicationData{
}
// transfer the incoming data to the database model
stork.setStorkLogonEnabled(isStorkLogonEnabled());
- stork.setQaa(getQaa());
+ stork.seteIDAS_LOA(getQaa());
stork.setOAAttributes(getAttributes());
stork.setVidpEnabled(isVidpEnabled());
stork.setRequireConsent(isRequireConsent());
@@ -227,11 +228,11 @@ public class OASTORKConfig implements IOnlineApplicationData{
this.isStorkLogonEnabled = enabled;
}
- public int getQaa() {
+ public String getQaa() {
return qaa;
}
- public void setQaa(int qaa) {
+ public void setQaa(String qaa) {
this.qaa = qaa;
}
@@ -282,6 +283,11 @@ public class OASTORKConfig implements IOnlineApplicationData{
return citizenCountries;
}
+
+ public List<String> getAllowedLoALevels() {
+ return MOAIDConstants.ALLOWED_eIDAS_LOA;
+ }
+
public List<String> getEnabledCitizenCountries() {
return enabledCitizenCountries;
}
diff --git a/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/data/oa/OATargetConfiguration.java b/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/data/oa/OATargetConfiguration.java
index 19671e502..f660b5feb 100644
--- a/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/data/oa/OATargetConfiguration.java
+++ b/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/data/oa/OATargetConfiguration.java
@@ -65,7 +65,8 @@ public class OATargetConfiguration implements IOnlineApplicationData {
Constants.IDENIFICATIONTYPE_FN,
Constants.IDENIFICATIONTYPE_ZVR,
Constants.IDENIFICATIONTYPE_ERSB,
- Constants.IDENIFICATIONTYPE_STORK);
+ Constants.IDENIFICATIONTYPE_STORK,
+ Constants.IDENIFICATIONTYPE_EIDAS);
}
@@ -120,6 +121,12 @@ public class OATargetConfiguration implements IOnlineApplicationData {
if (Constants.PREFIX_WPBK.startsWith(split[0]) && split.length >= 2) {
identificationType = split[1];
identificationNumber = split[2];
+
+ } else if (Constants.PREFIX_EIDAS.startsWith(split[0]) && split.length >= 2) {
+ //identificationType = split[1]; // setting at as iden category ?
+ identificationType = Constants.IDENIFICATIONTYPE_EIDAS;
+ identificationNumber = split[1] + "+" + split[2]; // setting sp country as ident type -> sp ident
+
} else if (Constants.PREFIX_STORK.startsWith(split[0]) && split.length >= 2) {
//identificationType = split[1]; // setting at as iden category ?
identificationType = Constants.IDENIFICATIONTYPE_STORK;
@@ -185,7 +192,11 @@ public class OATargetConfiguration implements IOnlineApplicationData {
if (idnumber == null)
idnumber = new IdentificationNumber();
- if (getIdentificationType().equals(Constants.IDENIFICATIONTYPE_STORK)) {
+ if (getIdentificationType().equals(Constants.IDENIFICATIONTYPE_EIDAS)) {
+ idnumber.setValue(Constants.PREFIX_EIDAS + num);
+ idnumber.setType(Constants.BUSINESSSERVICENAMES.get(getIdentificationType()));
+
+ } else if (getIdentificationType().equals(Constants.IDENIFICATIONTYPE_STORK)) {
idnumber.setValue(Constants.PREFIX_STORK + "AT" + "+" + num);
idnumber.setType(Constants.BUSINESSSERVICENAMES.get(getIdentificationType()));
} else {
diff --git a/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/struts/action/EditGeneralConfigAction.java b/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/struts/action/EditGeneralConfigAction.java
index 27a3dcdf3..cf5911b3a 100644
--- a/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/struts/action/EditGeneralConfigAction.java
+++ b/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/struts/action/EditGeneralConfigAction.java
@@ -287,8 +287,8 @@ public class EditGeneralConfigAction extends BasicAction {
// dbauthgeneral.setAlternativeSourceID(oldauthgeneral.getAlternativeSourceID());
// }
- if (MiscUtil.isNotEmpty(moaconfig.getCertStoreDirectory()))
- dbauthgeneral.setCertStoreDirectory(moaconfig.getCertStoreDirectory());
+// if (MiscUtil.isNotEmpty(moaconfig.getCertStoreDirectory()))
+// dbauthgeneral.setCertStoreDirectory(moaconfig.getCertStoreDirectory());
TimeOuts dbtimeouts = dbauthgeneral.getTimeOuts();
if (dbtimeouts == null) {
@@ -568,7 +568,7 @@ public class EditGeneralConfigAction extends BasicAction {
try {
log.error("QAAAA " + storkconfig.getDefaultQaa());
- stork.setQualityAuthenticationAssuranceLevel(storkconfig.getDefaultQaa());
+ stork.setGeneral_eIDAS_LOA(storkconfig.getDefaultQaa());
if (storkconfig.getAttributes() != null) {
List<StorkAttribute> dbStorkAttr = new ArrayList<StorkAttribute>();
diff --git a/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/validation/moaconfig/MOAConfigValidator.java b/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/validation/moaconfig/MOAConfigValidator.java
index cb546c5a8..70c43d9b4 100644
--- a/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/validation/moaconfig/MOAConfigValidator.java
+++ b/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/validation/moaconfig/MOAConfigValidator.java
@@ -113,17 +113,17 @@ public class MOAConfigValidator {
}
}
- check = form.getCertStoreDirectory();
- if (MiscUtil.isNotEmpty(check)) {
- if (ValidationHelper.isValidOAIdentifier(check)) {
- log.warn("CertStoreDirectory contains potentail XSS characters: " + check);
- errors.add(LanguageHelper.getErrorString("validation.general.certStoreDirectory.valid",
- new Object[] {ValidationHelper.getNotValidOAIdentifierCharacters()}, request ));
- }
- } else {
- log.info("CertStoreDirectory is empty.");
- errors.add(LanguageHelper.getErrorString("validation.general.certStoreDirectory.empty", request));
- }
+// check = form.getCertStoreDirectory();
+// if (MiscUtil.isNotEmpty(check)) {
+// if (ValidationHelper.isValidOAIdentifier(check)) {
+// log.warn("CertStoreDirectory contains potentail XSS characters: " + check);
+// errors.add(LanguageHelper.getErrorString("validation.general.certStoreDirectory.valid",
+// new Object[] {ValidationHelper.getNotValidOAIdentifierCharacters()}, request ));
+// }
+// } else {
+// log.info("CertStoreDirectory is empty.");
+// errors.add(LanguageHelper.getErrorString("validation.general.certStoreDirectory.empty", request));
+// }
check = form.getDefaultBKUHandy();
if (MiscUtil.isNotEmpty(check)) {
diff --git a/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/validation/moaconfig/StorkConfigValidator.java b/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/validation/moaconfig/StorkConfigValidator.java
index 6b5c51e3f..ed2c2f903 100644
--- a/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/validation/moaconfig/StorkConfigValidator.java
+++ b/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/validation/moaconfig/StorkConfigValidator.java
@@ -7,6 +7,7 @@ import javax.servlet.http.HttpServletRequest;
import org.apache.log4j.Logger;
+import at.gv.egovernment.moa.id.commons.MOAIDConstants;
import at.gv.egovernment.moa.id.commons.db.dao.config.deprecated.CPEPS;
import at.gv.egovernment.moa.id.commons.db.dao.config.deprecated.StorkAttribute;
import at.gv.egovernment.moa.id.commons.validation.ValidationHelper;
@@ -82,9 +83,9 @@ public class StorkConfigValidator {
}
// check qaa
- int qaa = form.getDefaultQaa();
- if(1 > qaa && 4 < qaa) {
- log.warn("QAA is out of range : " + qaa);
+ String qaa = form.getDefaultQaa();
+ if (!MOAIDConstants.ALLOWED_eIDAS_LOA.contains(qaa)) {
+ log.warn("eIDAS LoA is not allowed : " + qaa);
errors.add(LanguageHelper.getErrorString("validation.stork.qaa.outofrange",
new Object[] {qaa}, request ));
}
diff --git a/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/validation/oa/OAPVP2ConfigValidation.java b/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/validation/oa/OAPVP2ConfigValidation.java
index cf02cd49c..970785bdb 100644
--- a/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/validation/oa/OAPVP2ConfigValidation.java
+++ b/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/validation/oa/OAPVP2ConfigValidation.java
@@ -134,7 +134,8 @@ public class OAPVP2ConfigValidation {
ConfigurationProvider.getInstance().getTrustStoreDirectory(),
null,
"pkix",
- true);
+ true,
+ new String[]{"crl"});
httpClient.setCustomSSLTrustStore(
form.getMetaDataURL(),
diff --git a/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/validation/oa/OASTORKConfigValidation.java b/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/validation/oa/OASTORKConfigValidation.java
index 5c451c06a..00ccdca8c 100644
--- a/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/validation/oa/OASTORKConfigValidation.java
+++ b/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/validation/oa/OASTORKConfigValidation.java
@@ -30,6 +30,7 @@ import javax.servlet.http.HttpServletRequest;
import org.apache.log4j.Logger;
+import at.gv.egovernment.moa.id.commons.MOAIDConstants;
import at.gv.egovernment.moa.id.commons.db.dao.config.deprecated.AttributeProviderPlugin;
import at.gv.egovernment.moa.id.commons.validation.ValidationHelper;
import at.gv.egovernment.moa.id.configuration.data.oa.OASTORKConfig;
@@ -45,9 +46,9 @@ public class OASTORKConfigValidation {
List<String> errors = new ArrayList<String>();
// check qaa
- int qaa = oageneral.getQaa();
- if(1 > qaa && 4 < qaa) {
- log.warn("QAA is out of range : " + qaa);
+ String qaa = oageneral.getQaa();
+ if (MiscUtil.isNotEmpty(qaa) && !MOAIDConstants.ALLOWED_eIDAS_LOA.contains(qaa)) {
+ log.warn("eIDAS LoA is not allowed : " + qaa);
errors.add(LanguageHelper.getErrorString("validation.stork.qaa.outofrange",
new Object[] {qaa}, request ));
}
diff --git a/id/ConfigWebTool/src/main/resources/applicationResources_de.properties b/id/ConfigWebTool/src/main/resources/applicationResources_de.properties
index b488acd63..fe1dac063 100644
--- a/id/ConfigWebTool/src/main/resources/applicationResources_de.properties
+++ b/id/ConfigWebTool/src/main/resources/applicationResources_de.properties
@@ -508,7 +508,7 @@ validation.stork.cpeps.empty=CPEPS Konfiguration ist unvollst\u00E4ndig
validation.stork.cpeps.url=CPEPS URL ist ung\u00FCltig
validation.stork.cpeps.duplicate=L\u00E4ndercodes sind nicht eindeutig
validation.stork.requestedattributes=STORK Attribute sind fehlerhaft. Bsp.: attr1, attr2
-validation.stork.qaa.outofrange=G\u00FCltige QAA Werte sind 1, 2, 3, und 4
+validation.stork.qaa.outofrange=Ung\u00FCltiger LoA Werte {0}
validation.stork.attributes.empty=Es muss mindestens ein Attribut definiert sein
validation.stork.ap.url.valid=Ung\u00FCltige AttributProvider Url
validation.stork.ap.name.empty=Ung\u00FCltiger AttributProvider Name
diff --git a/id/ConfigWebTool/src/main/resources/applicationResources_en.properties b/id/ConfigWebTool/src/main/resources/applicationResources_en.properties
index a3edd1b8c..126bba7c9 100644
--- a/id/ConfigWebTool/src/main/resources/applicationResources_en.properties
+++ b/id/ConfigWebTool/src/main/resources/applicationResources_en.properties
@@ -506,7 +506,7 @@ validation.stork.cpeps.empty=CPEPS configuration is incomplete
validation.stork.cpeps.url=CPEPS URL is invalid
validation.stork.cpeps.duplicate=Country codes are not unique
validation.stork.requestedattributes=STORK attributes are incorrect. Example: attr1, attr2
-validation.stork.qaa.outofrange=Valid QAA values are 1, 2, 3, and 4
+validation.stork.qaa.outofrange=Not valid LoA value {0}
validation.stork.attributes.empty=Only one attribute can be provided
validation.stork.ap.url.valid=Invalid URL of AttributeProvider
validation.stork.ap.name.empty=Invalid name of AttributeProvider
diff --git a/id/ConfigWebTool/src/main/webapp/jsp/editMOAConfig.jsp b/id/ConfigWebTool/src/main/webapp/jsp/editMOAConfig.jsp
index cf9fc19e1..6694a4273 100644
--- a/id/ConfigWebTool/src/main/webapp/jsp/editMOAConfig.jsp
+++ b/id/ConfigWebTool/src/main/webapp/jsp/editMOAConfig.jsp
@@ -123,12 +123,12 @@
<div class="oa_config_block">
<h3><%=LanguageHelper.getGUIString("webpages.moaconfig.certificates.header", request) %></h3>
- <s:textfield name="moaconfig.certStoreDirectory"
+<%-- <s:textfield name="moaconfig.certStoreDirectory"
value="%{moaconfig.certStoreDirectory}"
labelposition="left"
key="webpages.moaconfig.certificates.certstore"
cssClass="textfield_long">
- </s:textfield>
+ </s:textfield> --%>
<s:checkbox name="moaconfig.trustmanagerrevocationcheck"
value="%{moaconfig.trustmanagerrevocationcheck}"
@@ -283,14 +283,15 @@
<div class="oa_config_block">
<h3><%=LanguageHelper.getGUIString("webpages.oaconfig.stork.header", request) %></h3>
- <s:select list="#{1:'1', 2:'2', 3:'3', 4:'4'}"
- value="#{storkconfig.defaultQaa}"
+ <s:select list="storkconfig.allowedLoALevels"
+ value="%{storkconfig.defaultQaa}"
name="storkconfig.defaultQaa"
key="webpages.moaconfig.stork.qaa.default"
- labelposition="left" />
+ labelposition="left"
+ cssClass="textfield_long" />
<h4><%=LanguageHelper.getGUIString("webpages.moaconfig.stork.pepslist", request) %></h4>
<table id="stork_pepslist">
- <tr><td>Country Shortcode</td><td style="text-align:center;">PEPS URL</td><td>Supports XMLSignatures</td></tr>
+ <tr><td>Country Shortcode</td><td style="text-align:center;">PEPS URL</td><td>Supports XMLEncryption</td></tr>
<s:iterator value="storkconfig.cpepslist" status="stat">
<tr>
<td style="display:none;"><s:textfield name="storkconfig.cpepslist[%{#stat.index}].hjid" value="%{hjid}" cssStyle="display:none;"/></td>
diff --git a/id/ConfigWebTool/src/main/webapp/jsp/snippets/OA/stork.jsp b/id/ConfigWebTool/src/main/webapp/jsp/snippets/OA/stork.jsp
index 78fdf8921..76c8d069b 100644
--- a/id/ConfigWebTool/src/main/webapp/jsp/snippets/OA/stork.jsp
+++ b/id/ConfigWebTool/src/main/webapp/jsp/snippets/OA/stork.jsp
@@ -14,11 +14,15 @@
onclick="oaStork();"
id="OAuseSTORKLogon" />
<div id="stork_block">
- <s:select list="#{1:'1', 2:'2', 3:'3', 4:'4'}"
- value="#{storkOA.qaa}"
+
+ <s:select list="storkOA.allowedLoALevels"
+ value="%{storkOA.qaa}"
name="storkOA.qaa"
key="webpages.moaconfig.stork.qaa"
- labelposition="left" />
+ labelposition="left"
+ cssClass="textfield_long"/>
+
+
<h4><%=LanguageHelper.getGUIString("webpages.oaconfig.stork.enabledcpeps", request) %></h4>
<s:checkboxlist name="storkOA.enabledCitizenCountries" list="storkOA.availableCitizenCountries" value="storkOA.enabledCitizenCountries" />
<h4><%=LanguageHelper.getGUIString("webpages.oaconfig.stork.attributes.header", request) %></h4>
diff --git a/id/history.txt b/id/history.txt
index 61d232636..d82556651 100644
--- a/id/history.txt
+++ b/id/history.txt
@@ -1,18 +1,44 @@
Dieses Dokument zeigt die Veränderungen und Erweiterungen von MOA-ID auf.
+Version MOA-ID Release 3.2.0: Änderungen seit Version MOA-ID 3.1.5
+- Änderungen
+ - Integration MOA-SPSS 3.x
+ - Verheinheitlichung der Datenbankanbindung)
+ - Redis Datenbank Backend für Kurzzeitsessiondaten
+ - Bug-Fix
+ - Update von Libraries
+ > moa-spss 3.0.1
+ > iaik_eccelerate
+ > iaik_jce
+ > iaik_ixect
+ > iaik_pki_module
+ > iaik_moa
+ > org.hibernate:hibernate-core 5.2.3.Final
+ > mysql:mysql-connector-java 6.0.4
+ > xmlsec 2.0.7
+ > org.springframework 4.3.3.RELEASE
+ > apache:cxf 3.1.7
+ > commons-dbcp2 2.1.1
+ > org.slf4j:jcl-over-slf4j 1.7.21
+ > org.slf4j:jul-to-slf4j 1.7.21
+ > org.slf4j:slf4j-api 1.7.21
+ > org.slf4j:slf4j-log4j12 1.7.21
+
+
+------------------------------------------------------------------------------
Version MOA-ID Release 3.1.5: Änderungen seit Version MOA-ID 3.1.4
- Änderungen
- Untersttzung mehrerer backend Services je Online Applikation
(MIS, SZR-Gateway, ELGA Vertretungservice Service)
-
+
------------------------------------------------------------------------------
Version MOA-ID Release 3.1.4: Änderungen seit Version MOA-ID 3.1.3
- Änderungen
- Fix problem with OnlineBKU and 'chunked' transfer encoding in DataURL communication
- Add additional redirect in mandate-service selection process subprocess
-
-
+
+
------------------------------------------------------------------------------
Version MOA-ID Release 3.1.3: Änderungen seit Version MOA-ID 3.1.2
- Änderungen
diff --git a/id/moa-id-webgui/pom.xml b/id/moa-id-webgui/pom.xml
index 8d35abd20..31247efc1 100644
--- a/id/moa-id-webgui/pom.xml
+++ b/id/moa-id-webgui/pom.xml
@@ -58,10 +58,6 @@
<artifactId>hyperjaxb3-ejb-runtime</artifactId>
<groupId>org.jvnet.hyperjaxb3</groupId>
</exclusion>
- <exclusion>
- <artifactId>hibernate-c3p0</artifactId>
- <groupId>org.hibernate</groupId>
- </exclusion>
</exclusions>
</dependency>
diff --git a/id/moa-id-webgui/src/main/java/at/gv/egovernment/moa/id/config/webgui/validation/task/impl/GeneralMOAIDConfigurationTask.java b/id/moa-id-webgui/src/main/java/at/gv/egovernment/moa/id/config/webgui/validation/task/impl/GeneralMOAIDConfigurationTask.java
index 9b25f17e8..f66b4359f 100644
--- a/id/moa-id-webgui/src/main/java/at/gv/egovernment/moa/id/config/webgui/validation/task/impl/GeneralMOAIDConfigurationTask.java
+++ b/id/moa-id-webgui/src/main/java/at/gv/egovernment/moa/id/config/webgui/validation/task/impl/GeneralMOAIDConfigurationTask.java
@@ -184,24 +184,25 @@ public class GeneralMOAIDConfigurationTask extends AbstractTaskValidator impleme
new Object[] {ValidationHelper.getNotValidOAIdentifierCharacters()}) ));
}
}
-
- check = input.get(KeyValueUtils.removePrefixFromKey(MOAIDConfigurationConstants.GENERAL_AUTH_CERTSTORE_URL, getKeyPrefix()));
- if (MiscUtil.isNotEmpty(check)) {
- if (ValidationHelper.isValidOAIdentifier(check)) {
- log.warn("CertStoreDirectory contains potentail XSS characters: " + check);
- errors.add(new ValidationObjectIdentifier(
- MOAIDConfigurationConstants.GENERAL_AUTH_CERTSTORE_URL,
- "Certificate - CertStore Directory",
- LanguageHelper.getErrorString("validation.general.certStoreDirectory.valid",
- new Object[] {ValidationHelper.getNotValidOAIdentifierCharacters()}) ));
- }
- } else {
- log.info("CertStoreDirectory is empty.");
- errors.add(new ValidationObjectIdentifier(
- MOAIDConfigurationConstants.GENERAL_AUTH_CERTSTORE_URL,
- "Certificate - CertStore Directory",
- LanguageHelper.getErrorString("validation.general.certStoreDirectory.empty")));
- }
+
+ //INFO: CertStore directory is not required any more since version 3.2.0, because MOA-SPSS certstore is always used
+// check = input.get(KeyValueUtils.removePrefixFromKey(MOAIDConfigurationConstants.GENERAL_AUTH_CERTSTORE_URL, getKeyPrefix()));
+// if (MiscUtil.isNotEmpty(check)) {
+// if (ValidationHelper.isValidOAIdentifier(check)) {
+// log.warn("CertStoreDirectory contains potentail XSS characters: " + check);
+// errors.add(new ValidationObjectIdentifier(
+// MOAIDConfigurationConstants.GENERAL_AUTH_CERTSTORE_URL,
+// "Certificate - CertStore Directory",
+// LanguageHelper.getErrorString("validation.general.certStoreDirectory.valid",
+// new Object[] {ValidationHelper.getNotValidOAIdentifierCharacters()}) ));
+// }
+// } else {
+// log.info("CertStoreDirectory is empty.");
+// errors.add(new ValidationObjectIdentifier(
+// MOAIDConfigurationConstants.GENERAL_AUTH_CERTSTORE_URL,
+// "Certificate - CertStore Directory",
+// LanguageHelper.getErrorString("validation.general.certStoreDirectory.empty")));
+// }
check = input.get(KeyValueUtils.removePrefixFromKey(MOAIDConfigurationConstants.GENERAL_DEFAULTS_BKU_HANDY, getKeyPrefix()));
if (MiscUtil.isNotEmpty(check)) {
diff --git a/id/moa-id-webgui/src/main/java/at/gv/egovernment/moa/id/config/webgui/validation/task/impl/GeneralSTORKConfigurationTask.java b/id/moa-id-webgui/src/main/java/at/gv/egovernment/moa/id/config/webgui/validation/task/impl/GeneralSTORKConfigurationTask.java
index 8a1a2925b..6d1dafd6c 100644
--- a/id/moa-id-webgui/src/main/java/at/gv/egovernment/moa/id/config/webgui/validation/task/impl/GeneralSTORKConfigurationTask.java
+++ b/id/moa-id-webgui/src/main/java/at/gv/egovernment/moa/id/config/webgui/validation/task/impl/GeneralSTORKConfigurationTask.java
@@ -37,6 +37,7 @@ import org.slf4j.LoggerFactory;
import at.gv.egiz.components.configuration.api.Configuration;
import at.gv.egiz.components.configuration.api.ConfigurationException;
+import at.gv.egovernment.moa.id.commons.MOAIDConstants;
import at.gv.egovernment.moa.id.commons.config.MOAIDConfigurationConstants;
import at.gv.egovernment.moa.id.commons.utils.KeyValueUtils;
import at.gv.egovernment.moa.id.commons.validation.ValidationHelper;
@@ -185,20 +186,20 @@ public static final List<String> KEYWHITELIST;
// check qaa
try {
- int qaa = Integer.valueOf(input.get(KeyValueUtils.removePrefixFromKey(MOAIDConfigurationConstants.GENERAL_AUTH_STORK_QAA, MOAIDConfigurationConstants.PREFIX_MOAID_GENERAL)));
- if(1 > qaa && 4 < qaa) {
- log.warn("QAA is out of range : " + qaa);
+ String eIDAS_LOA = input.get(KeyValueUtils.removePrefixFromKey(MOAIDConfigurationConstants.GENERAL_AUTH_STORK_QAA, MOAIDConfigurationConstants.PREFIX_MOAID_GENERAL));
+ if (!MOAIDConstants.ALLOWED_eIDAS_LOA.contains(eIDAS_LOA)) {
+ log.warn("eIDAS LoA is not allowed : " + eIDAS_LOA);
errors.add(new ValidationObjectIdentifier(
MOAIDConfigurationConstants.GENERAL_AUTH_STORK_QAA,
- "STORK - QAA Level",
+ "eIDAS - LoA Level",
LanguageHelper.getErrorString("validation.stork.qaa.outofrange",
- new Object[] {qaa})));
+ new Object[] {eIDAS_LOA})));
}
} catch (Exception e) {
- log.warn("STORK QAA can not parsed : " + input.get(MOAIDConfigurationConstants.GENERAL_AUTH_STORK_QAA));
+ log.warn("eIDAS LoA can not parsed : " + input.get(MOAIDConfigurationConstants.GENERAL_AUTH_STORK_QAA));
errors.add(new ValidationObjectIdentifier(
MOAIDConfigurationConstants.GENERAL_AUTH_STORK_QAA,
- "STORK - QAA Level",
+ "eIDAS - LoA Level",
LanguageHelper.getErrorString("validation.stork.qaa.outofrange",
new Object[] {input.get(MOAIDConfigurationConstants.GENERAL_AUTH_STORK_QAA)})));
diff --git a/id/moa-id-webgui/src/main/java/at/gv/egovernment/moa/id/config/webgui/validation/task/impl/ServicesAuthenticationSTORKTask.java b/id/moa-id-webgui/src/main/java/at/gv/egovernment/moa/id/config/webgui/validation/task/impl/ServicesAuthenticationSTORKTask.java
index 087334c4b..7f5e93ff9 100644
--- a/id/moa-id-webgui/src/main/java/at/gv/egovernment/moa/id/config/webgui/validation/task/impl/ServicesAuthenticationSTORKTask.java
+++ b/id/moa-id-webgui/src/main/java/at/gv/egovernment/moa/id/config/webgui/validation/task/impl/ServicesAuthenticationSTORKTask.java
@@ -37,6 +37,7 @@ import org.slf4j.LoggerFactory;
import at.gv.egiz.components.configuration.api.Configuration;
import at.gv.egiz.components.configuration.api.ConfigurationException;
+import at.gv.egovernment.moa.id.commons.MOAIDConstants;
import at.gv.egovernment.moa.id.commons.config.MOAIDConfigurationConstants;
import at.gv.egovernment.moa.id.commons.utils.KeyValueUtils;
import at.gv.egovernment.moa.id.config.webgui.exception.ConfigurationTaskValidationException;
@@ -253,26 +254,15 @@ public class ServicesAuthenticationSTORKTask extends AbstractTaskValidator imple
// check qaa
String qaaString = input.get(MOAIDConfigurationConstants.SERVICE_AUTH_STORK_MINQAALEVEL);
- if (MiscUtil.isNotEmpty(qaaString)) {
- try {
- int qaa = Integer.parseInt(qaaString);
- if(1 > qaa && 4 < qaa) {
- log.warn("QAA is out of range : " + qaa);
- errors.add(new ValidationObjectIdentifier(
- MOAIDConfigurationConstants.SERVICE_AUTH_STORK_MINQAALEVEL,
- "STORK - minimal QAA level",
- LanguageHelper.getErrorString("validation.stork.qaa.outofrange",
- new Object[] {qaa})));
- }
-
- } catch (NumberFormatException e) {
- log.warn("QAA level is not a number: " + qaaString);
+ if (MiscUtil.isNotEmpty(qaaString)) {
+ if (!MOAIDConstants.ALLOWED_eIDAS_LOA.contains(qaaString)) {
+ log.warn("eIDAS-LoA is not allowed: " + qaaString);
errors.add(new ValidationObjectIdentifier(
MOAIDConfigurationConstants.SERVICE_AUTH_STORK_MINQAALEVEL,
- "STORK - minimal QAA level",
+ "eIDAS - LoA is not allowed",
LanguageHelper.getErrorString("validation.stork.qaa.outofrange",
new Object[] {qaaString})));
- }
+ }
}
if (!errors.isEmpty())
diff --git a/id/moa-id-webgui/src/main/java/at/gv/egovernment/moa/id/config/webgui/validation/task/impl/ServicesProtocolPVP2XTask.java b/id/moa-id-webgui/src/main/java/at/gv/egovernment/moa/id/config/webgui/validation/task/impl/ServicesProtocolPVP2XTask.java
index 3c358b85f..dac5ae1ee 100644
--- a/id/moa-id-webgui/src/main/java/at/gv/egovernment/moa/id/config/webgui/validation/task/impl/ServicesProtocolPVP2XTask.java
+++ b/id/moa-id-webgui/src/main/java/at/gv/egovernment/moa/id/config/webgui/validation/task/impl/ServicesProtocolPVP2XTask.java
@@ -185,7 +185,7 @@ public class ServicesProtocolPVP2XTask extends AbstractTaskValidator implements
BasicX509Credential credential = new BasicX509Credential();
credential.setEntityCertificate(cert);
- timer = new Timer();
+ timer = new Timer(true);
httpClient = new MOAHttpClient();
if (metadataURL.startsWith("https:"))
@@ -196,7 +196,8 @@ public class ServicesProtocolPVP2XTask extends AbstractTaskValidator implements
MOAIDWebGUIConfiguration.getInstance().getTrustStoreDirectory(),
null,
"pkix",
- true);
+ true,
+ new String[]{"crl"});
httpClient.setCustomSSLTrustStore(
metadataURL,
diff --git a/id/moa-id-webgui/src/main/java/at/gv/egovernment/moa/id/config/webgui/validation/task/impl/ServicesProtocolSTORKTask.java b/id/moa-id-webgui/src/main/java/at/gv/egovernment/moa/id/config/webgui/validation/task/impl/ServicesProtocolSTORKTask.java
index c7a74d1a1..eb881d465 100644
--- a/id/moa-id-webgui/src/main/java/at/gv/egovernment/moa/id/config/webgui/validation/task/impl/ServicesProtocolSTORKTask.java
+++ b/id/moa-id-webgui/src/main/java/at/gv/egovernment/moa/id/config/webgui/validation/task/impl/ServicesProtocolSTORKTask.java
@@ -190,7 +190,8 @@ public class ServicesProtocolSTORKTask extends AbstractTaskValidator implements
// if (MiscUtil.isEmpty(identificationType) ||
// !MOAIDConfigurationConstants.IDENIFICATIONTYPE_STORK.equals(identificationType)) {
if (MiscUtil.isNotEmpty(identificationType) &&
- !MOAIDConfigurationConstants.IDENIFICATIONTYPE_STORK.equals(identificationType)) {
+ !(MOAIDConfigurationConstants.IDENIFICATIONTYPE_STORK.equals(identificationType)
+ || MOAIDConfigurationConstants.IDENIFICATIONTYPE_EIDAS.equals(identificationType))) {
log.info("STORK V-IDP only allowes identification numbers with STORK prefix.");
errors.add(new ValidationObjectIdentifier(
MOAIDConfigurationConstants.SERVICE_AUTH_TARGET_BUSINESS_TYPE,
diff --git a/id/moa-spss-container/pom.xml b/id/moa-spss-container/pom.xml
index 49557d83e..61e72989f 100644
--- a/id/moa-spss-container/pom.xml
+++ b/id/moa-spss-container/pom.xml
@@ -8,7 +8,6 @@
<groupId>MOA.id</groupId>
<artifactId>moa-spss-container</artifactId>
<version>${moa-id-version}</version>
- <packaging>pom</packaging>
<name>MOA-SPSS-Container-for-MOA-ID</name>
<description>This module holds MOA-SPSS and all required library</description>
@@ -16,157 +15,150 @@
<repositoryPath>${basedir}/../../repository</repositoryPath>
</properties>
- <profiles>
- <profile>
- <id>default</id>
- <activation>
- <activeByDefault>true</activeByDefault>
- </activation>
- <repositories>
- <repository>
- <id>local</id>
- <name>local</name>
- <url>file:${basedir}/../../repository</url>
- </repository>
- <repository>
- <id>egiz-commons</id>
- <url>https://demo.egiz.gv.at/int-repo/</url>
- <releases>
- <enabled>true</enabled>
- </releases>
- </repository>
- </repositories>
- </profile>
- </profiles>
+ <repositories>
+ <repository>
+ <id>MOA</id>
+ <name>MOA Dependencies</name>
+ <releases>
+ <enabled>true</enabled>
+ <checksumPolicy>ignore</checksumPolicy>
+ </releases>
+ <layout>default</layout>
+ <url>file://${repositoryPath}</url>
+ </repository>
+ </repositories>
+
+ <build>
+ <plugins>
+ <plugin>
+ <groupId>org.apache.maven.plugins</groupId>
+ <artifactId>maven-compiler-plugin</artifactId>
+ <configuration>
+ <includes>
+ <include>${basedir}/../../repository/MOA/spss/ext_libs/*.jar</include>
+ </includes>
+ </configuration>
+ </plugin>
+ </plugins>
+
+ </build>
<dependencies>
- <!-- we need Axis 1.1 here, 1.0 is included in SPSS -->
<dependency>
<groupId>MOA.spss.server</groupId>
- <artifactId>moa-spss-lib</artifactId>
+ <artifactId>moa-sig-lib</artifactId>
+ <version>3.0.1</version>
<exclusions>
- <exclusion>
- <artifactId>iaik_pki_module</artifactId>
- <groupId>iaik</groupId>
- </exclusion>
- <exclusion>
+ <exclusion>
<groupId>commons-logging</groupId>
<artifactId>commons-logging</artifactId>
</exclusion>
<exclusion>
- <artifactId>axis-wsdl4j</artifactId>
+ <artifactId>*</artifactId>
<groupId>axis</groupId>
</exclusion>
</exclusions>
</dependency>
-
+
+
+<!-- MOA-SPSS 3.x -->
<dependency>
- <groupId>iaik.prod</groupId>
- <artifactId>iaik_ixsil</artifactId>
- </dependency>
+ <groupId>MOA.spss</groupId>
+ <artifactId>common</artifactId>
+ <version>3.0.0</version>
+ </dependency>
<dependency>
<groupId>iaik.prod</groupId>
- <artifactId>iaik_X509TrustManager</artifactId>
- </dependency>
-
-<!-- <dependency>
- <groupId>axis</groupId>
- <artifactId>axis</artifactId>
- </dependency> -->
-
-<!-- <dependency>
- <groupId>axis</groupId>
- <artifactId>axis</artifactId>
- </dependency>
- <dependency>
- <groupId>org.apache.axis</groupId>
- <artifactId>axis-jaxrpc</artifactId>
- </dependency>
- <dependency>
- <groupId>org.apache.axis</groupId>
- <artifactId>axis-saaj</artifactId>
- </dependency> -->
+ <artifactId>iaik_cms</artifactId>
+ <version>5.1</version>
+ </dependency>
<dependency>
- <groupId>commons-discovery</groupId>
- <artifactId>commons-discovery</artifactId>
- </dependency>
+ <groupId>iaik.prod</groupId>
+ <artifactId>iaik_cpades</artifactId>
+ <version>2.2b3_tmp</version>
+ </dependency>
<dependency>
- <groupId>commons-logging</groupId>
- <artifactId>commons-logging</artifactId>
- </dependency>
+ <groupId>iaik.prod</groupId>
+ <artifactId>iaik_eccelerate</artifactId>
+ <version>3.1_eval</version>
+ </dependency>
<dependency>
- <groupId>javax.activation</groupId>
- <artifactId>activation</artifactId>
- </dependency>
+ <groupId>iaik.prod</groupId>
+ <artifactId>iaik_eccelerate_addon</artifactId>
+ <version>3.01_eval</version>
+ </dependency>
<dependency>
- <groupId>javax.mail</groupId>
- <artifactId>mail</artifactId>
+ <groupId>iaik.prod</groupId>
+ <artifactId>iaik_eccelerate_cms</artifactId>
+ <version>3.01</version>
</dependency>
<dependency>
- <groupId>junit</groupId>
- <artifactId>junit</artifactId>
- </dependency>
-
-<!-- <dependency>
- <groupId>log4j</groupId>
- <artifactId>log4j</artifactId>
- </dependency> -->
-<!-- <dependency>
- <groupId>org.apache.logging.log4j</groupId>
- <artifactId>log4j-core</artifactId>
- </dependency> -->
-
+ <groupId>iaik.prod</groupId>
+ <artifactId>iaik_jce_full</artifactId>
+ <scope>provided</scope>
+ </dependency>
<dependency>
- <groupId>org.postgresql</groupId>
- <artifactId>postgresql</artifactId>
+ <groupId>iaik.prod</groupId>
+ <artifactId>iaik_jsse</artifactId>
+ <version>4.4</version>
</dependency>
<dependency>
- <groupId>javax.servlet</groupId>
- <artifactId>javax.servlet-api</artifactId>
- <scope>provided</scope>
- </dependency>
+ <groupId>iaik.prod</groupId>
+ <artifactId>iaik_moa</artifactId>
+ <version>2.01</version>
+ </dependency>
<dependency>
- <groupId>xalan-bin-dist</groupId>
- <artifactId>xalan</artifactId>
- <!-- <scope>provided</scope> -->
+ <groupId>iaik.prod</groupId>
+ <artifactId>iaik_pki_module</artifactId>
+ <version>1.1.1_moa</version>
</dependency>
<dependency>
- <groupId>xerces</groupId>
- <artifactId>xercesImpl</artifactId>
- <!-- <scope>provided</scope> -->
+ <groupId>iaik.prod</groupId>
+ <artifactId>iaik_sva</artifactId>
+ <version>1.0.1_moa</version>
</dependency>
<dependency>
- <groupId>xalan-bin-dist</groupId>
- <artifactId>xml-apis</artifactId>
+ <groupId>iaik.prod</groupId>
+ <artifactId>iaik_tsl</artifactId>
+ <version>1.1_moa</version>
</dependency>
<dependency>
- <groupId>xalan-bin-dist</groupId>
- <artifactId>serializer</artifactId>
- <!-- <scope>provided</scope> -->
+ <groupId>iaik.prod</groupId>
+ <artifactId>iaik_tsp</artifactId>
+ <version>2.31_eval</version>
</dependency>
<dependency>
<groupId>iaik.prod</groupId>
- <artifactId>iaik_moa</artifactId>
- </dependency>
+ <artifactId>iaik_util</artifactId>
+ <version>0.23</version>
+ </dependency>
<dependency>
<groupId>iaik.prod</groupId>
- <artifactId>iaik_ixsil</artifactId>
+ <artifactId>iaik_xades</artifactId>
+ <version>2.11_moa</version>
</dependency>
<dependency>
<groupId>iaik.prod</groupId>
- <artifactId>iaik_jce_full</artifactId>
- <scope>compile</scope>
+ <artifactId>iaik_xsect</artifactId>
+ <version>2.11_moa</version>
+ </dependency>
+
+
+
+
+ <dependency>
+ <groupId>javax.mail</groupId>
+ <artifactId>mail</artifactId>
</dependency>
<dependency>
- <groupId>iaik.prod</groupId>
- <artifactId>iaik_ecc</artifactId>
- <scope>compile</scope>
+ <groupId>junit</groupId>
+ <artifactId>junit</artifactId>
</dependency>
<dependency>
- <groupId>iaik.prod</groupId>
- <artifactId>iaik_cms</artifactId>
- <scope>runtime</scope>
+ <groupId>org.postgresql</groupId>
+ <artifactId>postgresql</artifactId>
</dependency>
+
<dependency>
<groupId>iaik.prod</groupId>
<artifactId>iaik_Pkcs11Provider</artifactId>
@@ -228,38 +220,7 @@
<!-- should be provided by the container or jre -->
<scope>provided</scope>
</dependency>
- <dependency>
- <groupId>iaik.prod</groupId>
- <artifactId>iaik_jce_full</artifactId>
- <!-- should be in the ext directory of the jre -->
- <scope>provided</scope>
- </dependency>
- <dependency>
- <groupId>iaik.prod</groupId>
- <artifactId>iaik_ecc</artifactId>
- <!-- should be in the ext directory of the jre -->
- <scope>provided</scope>
- </dependency>
-
- <dependency>
- <groupId>iaik</groupId>
- <artifactId>iaik_tsl</artifactId>
- <exclusions>
- <exclusion>
- <artifactId>iaik_pki_module</artifactId>
- <groupId>iaik</groupId>
- </exclusion>
- <exclusion>
- <artifactId>iaik_ecc_signed</artifactId>
- <groupId>iaik</groupId>
- </exclusion>
- <exclusion>
- <artifactId>iaik_jce_eval_signed</artifactId>
- <groupId>iaik</groupId>
- </exclusion>
- </exclusions>
- </dependency>
-
+
</dependencies>
</project> \ No newline at end of file
diff --git a/id/oa/pom.xml b/id/oa/pom.xml
index c2eb6238c..07b84ed1b 100644
--- a/id/oa/pom.xml
+++ b/id/oa/pom.xml
@@ -115,16 +115,28 @@
<groupId>org.slf4j</groupId>
<artifactId>slf4j-log4j12</artifactId>
</dependency>
-
- <dependency>
- <groupId>iaik</groupId>
- <artifactId>commons-iaik</artifactId>
- <version>0.7.1</version>
- </dependency>
-
+
<dependency>
<groupId>MOA.id.server</groupId>
- <artifactId>moa-id-commons</artifactId>
+ <artifactId>moa-id-commons</artifactId>
+ <exclusions>
+ <exclusion>
+ <groupId>org.springframework</groupId>
+ <artifactId>*</artifactId>
+ </exclusion>
+ <exclusion>
+ <groupId>mysql</groupId>
+ <artifactId>*</artifactId>
+ </exclusion>
+ <exclusion>
+ <groupId>org.hibernate</groupId>
+ <artifactId>*</artifactId>
+ </exclusion>
+ <exclusion>
+ <groupId>com.h2database</groupId>
+ <artifactId>*</artifactId>
+ </exclusion>
+ </exclusions>
</dependency>
</dependencies>
diff --git a/id/oa/src/main/java/at/gv/egovernment/moa/id/demoOA/Configuration.java b/id/oa/src/main/java/at/gv/egovernment/moa/id/demoOA/Configuration.java
index 85f16e11f..95347c265 100644
--- a/id/oa/src/main/java/at/gv/egovernment/moa/id/demoOA/Configuration.java
+++ b/id/oa/src/main/java/at/gv/egovernment/moa/id/demoOA/Configuration.java
@@ -23,17 +23,12 @@
package at.gv.egovernment.moa.id.demoOA;
-import iaik.x509.X509Certificate;
-
import java.io.File;
import java.io.FileInputStream;
import java.io.FileNotFoundException;
import java.io.IOException;
import java.io.InputStream;
import java.security.KeyStore;
-import java.security.KeyStoreException;
-import java.security.NoSuchAlgorithmException;
-import java.security.cert.CertificateException;
import java.util.Properties;
import java.util.Timer;
@@ -48,7 +43,8 @@ import org.opensaml.xml.security.x509.BasicX509Credential;
import at.gv.egovernment.moa.id.demoOA.exception.ConfigurationException;
import at.gv.egovernment.moa.id.demoOA.utils.MetaDataVerificationFilter;
-import at.iaik.commons.util.MiscUtil;
+import at.gv.egovernment.moa.util.MiscUtil;
+import iaik.x509.X509Certificate;
public class Configuration {
@@ -255,7 +251,9 @@ public class Configuration {
}
//load IDP metadata into metadataprovider
- idpMetadataProvider = new HTTPMetadataProvider(new Timer(), new HttpClient(), metadataurl);
+ idpMetadataProvider = new HTTPMetadataProvider(
+ new Timer("demoOA", true),
+ new HttpClient(), metadataurl);
idpMetadataProvider.setRequireValidMetadata(true);
idpMetadataProvider.setParserPool(new BasicParserPool());
idpMetadataProvider.setMetadataFilter(new MetaDataVerificationFilter(idpCredential));
diff --git a/id/oa/src/main/java/at/gv/egovernment/moa/id/demoOA/servlet/pvp2/Authenticate.java b/id/oa/src/main/java/at/gv/egovernment/moa/id/demoOA/servlet/pvp2/Authenticate.java
index 0b8251386..2641797ed 100644
--- a/id/oa/src/main/java/at/gv/egovernment/moa/id/demoOA/servlet/pvp2/Authenticate.java
+++ b/id/oa/src/main/java/at/gv/egovernment/moa/id/demoOA/servlet/pvp2/Authenticate.java
@@ -30,19 +30,15 @@ import javax.servlet.ServletException;
import javax.servlet.http.HttpServlet;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
-import javax.servlet.http.HttpSession;
import javax.xml.parsers.DocumentBuilder;
import javax.xml.parsers.DocumentBuilderFactory;
import javax.xml.parsers.ParserConfigurationException;
-import org.apache.velocity.app.VelocityEngine;
-import org.apache.velocity.runtime.RuntimeConstants;
import org.joda.time.DateTime;
import org.opensaml.common.SAMLObject;
import org.opensaml.common.binding.BasicSAMLMessageContext;
import org.opensaml.common.impl.SecureRandomIdentifierGenerator;
import org.opensaml.common.xml.SAMLConstants;
-import org.opensaml.saml2.binding.encoding.HTTPPostEncoder;
import org.opensaml.saml2.binding.encoding.HTTPRedirectDeflateEncoder;
import org.opensaml.saml2.core.AuthnContextClassRef;
import org.opensaml.saml2.core.AuthnContextComparisonTypeEnumeration;
@@ -52,7 +48,6 @@ import org.opensaml.saml2.core.NameID;
import org.opensaml.saml2.core.NameIDPolicy;
import org.opensaml.saml2.core.NameIDType;
import org.opensaml.saml2.core.RequestedAuthnContext;
-import org.opensaml.saml2.core.Subject;
import org.opensaml.saml2.metadata.EntityDescriptor;
import org.opensaml.saml2.metadata.SingleSignOnService;
import org.opensaml.saml2.metadata.impl.SingleSignOnServiceBuilder;
@@ -64,11 +59,12 @@ import org.opensaml.xml.signature.Signature;
import org.opensaml.xml.signature.SignatureConstants;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
+
import at.gv.egovernment.moa.id.demoOA.Configuration;
-import at.gv.egovernment.moa.id.demoOA.Constants;
import at.gv.egovernment.moa.id.demoOA.exception.ConfigurationException;
import at.gv.egovernment.moa.id.demoOA.utils.SAML2Utils;
-import at.iaik.commons.util.MiscUtil;
+import at.gv.egovernment.moa.util.MiscUtil;
+
/**
diff --git a/id/oa/src/main/java/at/gv/egovernment/moa/id/demoOA/servlet/pvp2/BuildMetadata.java b/id/oa/src/main/java/at/gv/egovernment/moa/id/demoOA/servlet/pvp2/BuildMetadata.java
index 67321ca7e..75b54cfc4 100644
--- a/id/oa/src/main/java/at/gv/egovernment/moa/id/demoOA/servlet/pvp2/BuildMetadata.java
+++ b/id/oa/src/main/java/at/gv/egovernment/moa/id/demoOA/servlet/pvp2/BuildMetadata.java
@@ -74,7 +74,8 @@ import at.gv.egovernment.moa.id.demoOA.Constants;
import at.gv.egovernment.moa.id.demoOA.exception.ConfigurationException;
import at.gv.egovernment.moa.id.demoOA.utils.AttributeListBuilder;
import at.gv.egovernment.moa.id.demoOA.utils.SAML2Utils;
-import at.iaik.commons.util.MiscUtil;
+import at.gv.egovernment.moa.util.MiscUtil;
+
public class BuildMetadata extends HttpServlet {
Logger log = Logger.getLogger(BuildMetadata.class);
diff --git a/id/oa/src/main/java/at/gv/egovernment/moa/id/demoOA/servlet/pvp2/Index.java b/id/oa/src/main/java/at/gv/egovernment/moa/id/demoOA/servlet/pvp2/Index.java
index 666ecaeee..28003528b 100644
--- a/id/oa/src/main/java/at/gv/egovernment/moa/id/demoOA/servlet/pvp2/Index.java
+++ b/id/oa/src/main/java/at/gv/egovernment/moa/id/demoOA/servlet/pvp2/Index.java
@@ -33,16 +33,12 @@ import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import javax.servlet.http.HttpSession;
-import org.apache.velocity.app.VelocityEngine;
-import org.apache.velocity.runtime.RuntimeConstants;
import org.joda.time.DateTime;
import org.opensaml.common.SAMLObject;
import org.opensaml.common.binding.BasicSAMLMessageContext;
import org.opensaml.common.impl.SecureRandomIdentifierGenerator;
import org.opensaml.common.xml.SAMLConstants;
-import org.opensaml.saml2.binding.decoding.HTTPPostDecoder;
import org.opensaml.saml2.binding.decoding.HTTPRedirectDeflateDecoder;
-import org.opensaml.saml2.binding.encoding.HTTPPostEncoder;
import org.opensaml.saml2.binding.encoding.HTTPRedirectDeflateEncoder;
import org.opensaml.saml2.binding.security.SAML2AuthnRequestsSignedRule;
import org.opensaml.saml2.binding.security.SAML2HTTPRedirectDeflateSignatureRule;
@@ -51,10 +47,8 @@ import org.opensaml.saml2.core.LogoutRequest;
import org.opensaml.saml2.core.LogoutResponse;
import org.opensaml.saml2.core.NameID;
import org.opensaml.saml2.core.NameIDType;
-import org.opensaml.saml2.core.Response;
import org.opensaml.saml2.core.Status;
import org.opensaml.saml2.core.StatusCode;
-import org.opensaml.saml2.core.StatusResponseType;
import org.opensaml.saml2.metadata.EntityDescriptor;
import org.opensaml.saml2.metadata.IDPSSODescriptor;
import org.opensaml.saml2.metadata.SingleLogoutService;
@@ -64,7 +58,6 @@ import org.opensaml.saml2.metadata.provider.HTTPMetadataProvider;
import org.opensaml.security.MetadataCredentialResolver;
import org.opensaml.security.MetadataCredentialResolverFactory;
import org.opensaml.security.MetadataCriteria;
-import org.opensaml.security.SAMLSignatureProfileValidator;
import org.opensaml.ws.security.SecurityPolicyResolver;
import org.opensaml.ws.security.provider.BasicSecurityPolicy;
import org.opensaml.ws.security.provider.StaticSecurityPolicyResolver;
@@ -95,7 +88,8 @@ import at.gv.egovernment.moa.id.demoOA.exception.ConfigurationException;
import at.gv.egovernment.moa.id.demoOA.utils.ApplicationBean;
import at.gv.egovernment.moa.id.demoOA.utils.SAML2Utils;
import at.gv.egovernment.moa.util.DOMUtils;
-import at.iaik.commons.util.MiscUtil;
+import at.gv.egovernment.moa.util.MiscUtil;
+
public class Index extends HttpServlet {
diff --git a/id/oa/src/main/java/at/gv/egovernment/moa/id/demoOA/servlet/pvp2/SingleLogOut.java b/id/oa/src/main/java/at/gv/egovernment/moa/id/demoOA/servlet/pvp2/SingleLogOut.java
index b87865989..9bd0ff2e3 100644
--- a/id/oa/src/main/java/at/gv/egovernment/moa/id/demoOA/servlet/pvp2/SingleLogOut.java
+++ b/id/oa/src/main/java/at/gv/egovernment/moa/id/demoOA/servlet/pvp2/SingleLogOut.java
@@ -24,36 +24,25 @@ package at.gv.egovernment.moa.id.demoOA.servlet.pvp2;
import java.io.IOException;
import java.security.KeyStore;
-import java.util.Map;
import javax.servlet.ServletException;
import javax.servlet.http.HttpServlet;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
-import javax.servlet.http.HttpSession;
import javax.xml.parsers.DocumentBuilder;
import javax.xml.parsers.DocumentBuilderFactory;
import javax.xml.parsers.ParserConfigurationException;
-import org.apache.velocity.app.VelocityEngine;
-import org.apache.velocity.runtime.RuntimeConstants;
import org.joda.time.DateTime;
import org.opensaml.common.SAMLObject;
import org.opensaml.common.binding.BasicSAMLMessageContext;
import org.opensaml.common.impl.SecureRandomIdentifierGenerator;
import org.opensaml.common.xml.SAMLConstants;
-import org.opensaml.saml2.binding.encoding.HTTPPostEncoder;
import org.opensaml.saml2.binding.encoding.HTTPRedirectDeflateEncoder;
-import org.opensaml.saml2.core.AuthnContextClassRef;
-import org.opensaml.saml2.core.AuthnContextComparisonTypeEnumeration;
-import org.opensaml.saml2.core.AuthnRequest;
import org.opensaml.saml2.core.Issuer;
import org.opensaml.saml2.core.LogoutRequest;
import org.opensaml.saml2.core.NameID;
-import org.opensaml.saml2.core.NameIDPolicy;
import org.opensaml.saml2.core.NameIDType;
-import org.opensaml.saml2.core.RequestedAuthnContext;
-import org.opensaml.saml2.core.Subject;
import org.opensaml.saml2.metadata.EntityDescriptor;
import org.opensaml.saml2.metadata.SingleLogoutService;
import org.opensaml.saml2.metadata.SingleSignOnService;
@@ -66,11 +55,12 @@ import org.opensaml.xml.signature.Signature;
import org.opensaml.xml.signature.SignatureConstants;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
+
import at.gv.egovernment.moa.id.demoOA.Configuration;
import at.gv.egovernment.moa.id.demoOA.Constants;
import at.gv.egovernment.moa.id.demoOA.exception.ConfigurationException;
import at.gv.egovernment.moa.id.demoOA.utils.SAML2Utils;
-import at.iaik.commons.util.MiscUtil;
+import at.gv.egovernment.moa.util.MiscUtil;
/**
diff --git a/id/oa/src/main/webapp/WEB-INF/web.xml b/id/oa/src/main/webapp/WEB-INF/web.xml
index a42985c95..89553915a 100644
--- a/id/oa/src/main/webapp/WEB-INF/web.xml
+++ b/id/oa/src/main/webapp/WEB-INF/web.xml
@@ -5,8 +5,8 @@
<description>MOA PVP2.1 Sample OA</description>
<servlet>
+ <display-name>PVP 2.1 Authentication request builder</display-name>
<servlet-name>pvp2login</servlet-name>
- <display-name>PVP 2.1 Authentication request builder</display-name>
<servlet-class>at.gv.egovernment.moa.id.demoOA.servlet.pvp2.Authenticate</servlet-class>
</servlet>
@@ -16,8 +16,8 @@
</servlet-mapping>
<servlet>
- <servlet-name>pvp2slo</servlet-name>
<display-name>PVP 2.1 Single Log-Out request builder</display-name>
+ <servlet-name>pvp2slo</servlet-name>
<servlet-class>at.gv.egovernment.moa.id.demoOA.servlet.pvp2.SingleLogOut</servlet-class>
</servlet>
@@ -27,8 +27,8 @@
</servlet-mapping>
<servlet>
+ <display-name>Metadata</display-name>
<servlet-name>pvp2metadata</servlet-name>
- <display-name>Metadata</display-name>
<servlet-class>at.gv.egovernment.moa.id.demoOA.servlet.pvp2.BuildMetadata</servlet-class>
</servlet>
@@ -38,8 +38,8 @@
</servlet-mapping>
<servlet>
+ <display-name>Secure area</display-name>
<servlet-name>pvp2demooa</servlet-name>
- <display-name>Secure area</display-name>
<servlet-class>at.gv.egovernment.moa.id.demoOA.servlet.pvp2.DemoApplication</servlet-class>
</servlet>
@@ -49,8 +49,8 @@
</servlet-mapping>
<servlet>
+ <display-name>Mainpage</display-name>
<servlet-name>index</servlet-name>
- <display-name>Mainpage</display-name>
<servlet-class>at.gv.egovernment.moa.id.demoOA.servlet.pvp2.Index</servlet-class>
</servlet>
diff --git a/id/readme_3.2.0.txt b/id/readme_3.2.0.txt
new file mode 100644
index 000000000..45d60766f
--- /dev/null
+++ b/id/readme_3.2.0.txt
@@ -0,0 +1,679 @@
+===============================================================================
+MOA ID Version Release 3.2.0 - Wichtige Informationen zur Installation
+===============================================================================
+
+-------------------------------------------------------------------------------
+A. Neuerungen/Änderungen
+-------------------------------------------------------------------------------
+
+Mit MOA ID Version 3.2.0 wurden folgende Neuerungen und Änderungen eingeführt,
+die jetzt erstmals in der Veröffentlichung enthalten sind (siehe auch
+history.txt im gleichen Verzeichnis).
+
+- Änderungen
+ - Integration MOA-SPSS 3.x
+ - Verheinheitlichung der Datenbankanbindung
+ - Unterstützung mehrerer Backend-Service URLs und Auswahl je Online Applikation
+ (MIS, SZR-Gateway, ELGA Vertretungservice Service)
+ - Redis Datenbank Backend für Kurzzeitsessiondaten
+
+-------------------------------------------------------------------------------
+B. Durchführung eines Updates
+-------------------------------------------------------------------------------
+
+Es wird generell eine Neuinstallation lt. Handbuch empfohlen! Dennoch ist auch
+eine Aktualisierung bestehender Installationen möglich. Je nachdem von welcher
+MOA-ID Version ausgegangen wird ergibt sich eine Kombination der nachfolgend
+angebebenen Updateschritte.
+
+Hinweis: Wenn Sie die bestehende Konfiguration von MOA-ID 2.x.x in MOA-ID 3.2.x
+reimportieren möchten, so muss diese vor dem Update mit Hilfe der import/export
+Funktion der grafischen Konfigurationsoberfläche in eine Datei exportiert werden.
+Diese Datei dient dann als Basis für den Import in MOA-ID 3.2.x.
+
+...............................................................................
+B.1 Durchführung eines Updates von Version 3.1.x auf Version 3.2.0
+...............................................................................
+1. Stoppen Sie den Tomcat, in dem Ihre bisherige Installation betrieben wird.
+ Fertigen Sie eine Sicherungskopie Ihrer kompletten Tomcat-Installation an.
+
+2. Entpacken Sie die Distribution von MOA-ID-Auth (moa-id-auth-3.2.0.zip) in
+ ein temporäres Verzeichnis, in weiterer Folge als MOA_ID_AUTH_INST
+ bezeichnet.
+
+3. Wechseln Sie in jenes Verzeichnis, das die Webapplikation von MOA ID Auth
+ beinhaltet (für gewöhnlich ist dieses Verzeichnis CATALINA_HOME_ID/webapps,
+ wobei CATALINA_HOME_ID für das Basisverzeichnis der Tomcat-Installation
+ für MOA ID steht). Löschen Sie darin sowohl die Dateien moa-id-auth.war
+ als auch das komplette Verzeichnis moa-id-auth.
+
+4. Kopieren Sie die Datei MOA_ID_AUTH_INST/moa-id-auth.war nach
+ CATALINA_HOME_ID/webapps.
+
+5. Kopieren Sie die Datei MOA_ID_AUTH_INST/moa-id-configuration.war nach
+ CATALINA_HOME_ID/webapps.
+
+7. Hinzufügen der zusätzlichen Konfigurationsparameter in der MOA-ID-Auth
+ Konfigurationsdatei CATALINA_HOME\conf\moa-id\moa-id.properties
+ a.) moasession.jpaVendorAdapter.generateDdl=true
+ moasession.dbcp.connectionProperties=
+ moasession.dbcp.initialSize=5
+ moasession.dbcp.maxActive=100
+ moasession.dbcp.maxIdle=8
+ moasession.dbcp.minIdle=5
+ moasession.dbcp.maxWaitMillis=-1
+ moasession.dbcp.testOnBorrow=true
+ moasession.dbcp.testOnReturn=false
+ moasession.dbcp.testWhileIdle=false
+ moasession.dbcp.validationQuery=select 1
+ b.) advancedlogging.jpaVendorAdapter.generateDdl=true
+ advancedlogging.dbcp.initialSize=0
+ advancedlogging.dbcp.maxActive=50
+ advancedlogging.dbcp.maxIdle=8
+ advancedlogging.dbcp.minIdle=0
+ advancedlogging.dbcp.maxWaitMillis=-1
+ advancedlogging.dbcp.testOnBorrow=true
+ advancedlogging.dbcp.testOnReturn=false
+ advancedlogging.dbcp.testWhileIdle=false
+ advancedlogging.dbcp.validationQuery=SELECT 1
+ c.) *.hibernate.connection.url=... um den GET Parameter '&serverTimezone=UTC' erweitern
+ d.) configuration.ssl.validation.revocation.method.order=crl,ocsp
+ e.) Zusätzliche neu, aber optionale Parameter finden Sie in der Beispielkonfiguration
+
+9. Starten Sie den Tomcat neu, achten Sie auf eventuelle Fehlermeldungen im
+ Logging von MOA ID beim Einlesen der Konfiguration.
+
+
+...............................................................................
+B.1 Durchführung eines Updates von Version 3.0.x auf Version 3.2.0
+...............................................................................
+1. Stoppen Sie den Tomcat, in dem Ihre bisherige Installation betrieben wird.
+ Fertigen Sie eine Sicherungskopie Ihrer kompletten Tomcat-Installation an.
+
+2. Entpacken Sie die Distribution von MOA-ID-Auth (moa-id-auth-3.2.0.zip) in
+ ein temporäres Verzeichnis, in weiterer Folge als MOA_ID_AUTH_INST
+ bezeichnet.
+
+3. Wechseln Sie in jenes Verzeichnis, das die Webapplikation von MOA ID Auth
+ beinhaltet (für gewöhnlich ist dieses Verzeichnis CATALINA_HOME_ID/webapps,
+ wobei CATALINA_HOME_ID für das Basisverzeichnis der Tomcat-Installation
+ für MOA ID steht). Löschen Sie darin sowohl die Dateien moa-id-auth.war
+ als auch das komplette Verzeichnis moa-id-auth.
+
+4. Kopieren Sie die Datei MOA_ID_AUTH_INST/moa-id-auth.war nach
+ CATALINA_HOME_ID/webapps.
+
+5. Kopieren Sie die Datei MOA_ID_AUTH_INST/moa-id-configuration.war nach
+ CATALINA_HOME_ID/webapps.
+
+6. Update der TrustStores für WebService Zugriffe.
+ a.) Kopieren Sie die Dateien aus dem Verzeichnis MOA_ID_INST_AUTH\conf\moa-id\certs\ca-certs
+ in das Verzeichnis CATALINA_HOME\conf\moa-id\certs\ca-certs.
+ b.) Kopieren Sie die Dateien aus dem Verzeichnis MOA_ID_INST_AUTH\conf\moa-id\certs\certstore\toBeAdded
+ in das Verzeichnis CATALINA_HOME\conf\moa-id\certs\certstore\toBeAdded.
+
+7. Hinzufügen der zusätzlichen Konfigurationsparameter in der
+ MOA-ID-Configuration Konfigurationsdatei
+ CATALINA_HOME\conf\moa-id-configuration\moa-id-configtool.properties
+ a.) dbcp.validationQuery=..... (SQL Query zum Validieren der
+ Datenbankverbindung
+ z.B: "SELECT 1" für mySQL
+ "select 1 from dual" für OracleDB)
+
+8. Hinzufügen der zusätzlichen Konfigurationsparameter in der MOA-ID-Auth
+ Konfigurationsdatei CATALINA_HOME\conf\moa-id\moa-id.properties
+ a.) configuration.dbcp.validationQuery=..... (SQL Query zum
+ Validieren der Datenbankverbindung
+ z.B: "SELECT 1" für mySQL
+ "select 1 from dual" für OracleDB)
+ b.) moasession.jpaVendorAdapter.generateDdl=true
+ moasession.dbcp.connectionProperties=
+ moasession.dbcp.initialSize=5
+ moasession.dbcp.maxActive=100
+ moasession.dbcp.maxIdle=8
+ moasession.dbcp.minIdle=5
+ moasession.dbcp.maxWaitMillis=-1
+ moasession.dbcp.testOnBorrow=true
+ moasession.dbcp.testOnReturn=false
+ moasession.dbcp.testWhileIdle=false
+ moasession.dbcp.validationQuery=select 1
+ c.) advancedlogging.jpaVendorAdapter.generateDdl=true
+ advancedlogging.dbcp.initialSize=0
+ advancedlogging.dbcp.maxActive=50
+ advancedlogging.dbcp.maxIdle=8
+ advancedlogging.dbcp.minIdle=0
+ advancedlogging.dbcp.maxWaitMillis=-1
+ advancedlogging.dbcp.testOnBorrow=true
+ advancedlogging.dbcp.testOnReturn=false
+ advancedlogging.dbcp.testWhileIdle=false
+ advancedlogging.dbcp.validationQuery=SELECT 1
+ d.) *.hibernate.connection.url=... um den GET Parameter '&serverTimezone=UTC' erweitern
+ e.) configuration.ssl.validation.revocation.method.order=crl,ocsp
+ f.) Zusätzliche neu, aber optionale Parameter finden Sie in der Beispielkonfigration
+
+9. Update der Default html-Templates für die Bürgerkartenauswahl.
+ a.) Kopieren Sie die Dateien aus dem Verzeichnis MOA_ID_INST_AUTH\conf\moa-id\htmlTemplates
+ in das Verzeichnis CATALINA_HOME\conf\moa-id\htmlTemplates.
+ b.) Kopieren Sie die Dateien aus dem Verzeichnis MOA_ID_INST_AUTH\conf\moa-id-configuration\htmlTemplates
+ in das Verzeichnis CATALINA_HOME\conf\moa-id-configuration\htmlTemplates.
+
+10. Starten Sie den Tomcat neu, achten Sie auf eventuelle Fehlermeldungen im
+ Logging von MOA ID beim Einlesen der Konfiguration.
+
+
+...............................................................................
+B.3 Durchführung eines Updates von Version 2.2.1 auf Version 3.2.0
+...............................................................................
+
+1. Stoppen Sie den Tomcat, in dem Ihre bisherige Installation betrieben wird.
+ Fertigen Sie eine Sicherungskopie Ihrer kompletten Tomcat-Installation an.
+
+2. Entpacken Sie die Distribution von MOA-ID-Auth (moa-id-auth-3.2.0.zip) in
+ ein temporäres Verzeichnis, in weiterer Folge als MOA_ID_AUTH_INST
+ bezeichnet.
+
+3. Wechseln Sie in jenes Verzeichnis, das die Webapplikation von MOA ID Auth
+ beinhaltet (für gewöhnlich ist dieses Verzeichnis CATALINA_HOME_ID/webapps,
+ wobei CATALINA_HOME_ID für das Basisverzeichnis der Tomcat-Installation
+ für MOA ID steht). Löschen Sie darin sowohl die Dateien moa-id-auth.war und
+ moa-id-configuration.war als auch das komplette Verzeichnis moa-id-auth
+ und das komplette Verzeichnis moa-id-configuration.
+
+4. Erstellen Sie eine Sicherungskopie aller "*.jar"-Dateien im Verzeichnis
+ CATALINA_HOME_ID\endorsed und loeschen Sie diese Dateien danach.
+
+5. Kopieren Sie die Datei MOA_ID_AUTH_INST/moa-id-auth.war nach
+ CATALINA_HOME_ID/webapps.
+
+6. Kopieren Sie die Datei MOA_ID_AUTH_INST/moa-id-configuration.war nach
+ CATALINA_HOME_ID/webapps.
+
+7. Update des Cert-Stores.
+ Kopieren Sie den Inhalt des Verzeichnisses
+ MOA_ID_INST_AUTH\conf\moa-spss\certstore in das Verzeichnis
+ CATALINA_HOME\conf\moa-spss\certstore. Wenn Sie gefragt werden, ob Sie
+ vorhandene Dateien oder Unterverzeichnisse überschreiben sollen, dann
+ bejahen sie das.
+
+8. Update der Trust-Profile. Wenn Sie Ihre alten Trust-Profile durch die Neuen ersetzen
+ wollen, dann gehen Sie vor, wie in Punkt a). Wenn Sie Ihre eigenen Trust-Profile
+ beibehalten wollen, dann gehen Sie vor, wie in Punkt b).
+
+ a. Gehen Sie wie folgt vor, um die Trust-Profile auszutauschen:
+
+ 1) Löschen Sie das Verzeichnis CATALINA_HOME\conf\moa-spss\trustprofiles.
+ 2) Kopieren Sie das Verzeichnis
+ MOA_ID_INST_AUTH\conf\moa-spss\trustProfiles in das Verzeichnis
+ CATALINA_HOME\conf\moa-spss.
+
+ b. Falls Sie Ihre alten Trust-Profile beibehalten wollen, gehen Sie wie
+ folgt vor, um die Profile auf den aktuellen Stand zu bringen:
+
+ 1) Ergänzen Sie ihre Trustprofile durch alle Zertifikate aus den
+ entsprechenden Profilen im Verzeichnis
+ MOA_ID_INST_AUTH\conf\moa-spss\trustProfiles, die nicht in Ihren
+ Profilen enthalten sind. Am einfachsten ist es, wenn Sie den Inhalt
+ der einzelnen Profile aus der Distribution
+ (MOA_ID_INST_AUTH\conf\moa-spss\trustProfiles) in die entsprechenden
+ Profile Ihrer Installation (CATALINA_HOME\conf\moa-spss\trustProfiles)
+ kopieren und dabei die vorhandenen gleichnamigen Zertifikate
+ überschreiben), also z.B: Kopieren des Inhalts von
+ MOA_ID_INST_AUTH\conf\moa-spss\trustProfiles\
+ MOAIDBuergerkarteAuthentisierungsDatenMitTestkarten nach
+ CATALINA_HOME\conf\moa-spss\trustProfiles\
+ MOAIDBuergerkarteAuthentisierungsDatenMitTestkarten usw.
+
+9. Update der Default html-Templates für die Bürgerkartenauswahl.
+
+ a.) Kopieren Sie die Dateien aus dem Verzeichnis MOA_ID_INST_AUTH\conf\moa-id\htmlTemplates
+ in das Verzeichnis CATALINA_HOME\conf\moa-id\htmlTemplates.
+ b.) Kopieren Sie die Dateien aus dem Verzeichnis MOA_ID_INST_AUTH\conf\moa-id-configuration\htmlTemplates
+ in das Verzeichnis CATALINA_HOME\conf\moa-id-configuration\htmlTemplates.
+
+10. Update der STORK Konfiguration
+ a.) Kopieren Sie die Dateien aus dem Verzeichnis MOA_ID_INST_AUTH\conf\moa-id\stork
+ in das Verzeichnis CATALINA_HOME\conf\moa-id\stork.
+ b.) Passen Sie die STORK Konfiguration laut Handbuch -> Konfiguration ->
+ 2.4 Konfiguration des SamlEngines an.
+
+11. Hinzufügen der zusätzlichen Konfigurationsparameter in der MOA-ID-Auth Konfigurationsdatei
+ CATALINA_HOME\conf\moa-id\moa-id.properties
+
+12. Hinzufügen der zusätzlichen Konfigurationsparameter in der MOA-ID-Configration Konfigurationsdatei
+ CATALINA_HOME\conf\moa-id-configuration\moa-id-configtool.properties
+
+13. Hinzufügen der zusätzlichen Konfigurationsdatei in der MOA-ID-Configuration
+ CATALINA_HOME\conf\moa-id-configuration\userdatabase.properties
+
+14. Update der Tomcat Start-Skripts:
+ - Die Konfigurationsdateien für MOA-ID-Auth und MOA-ID-Configuration müssen
+ nur als URI (file:/...) übergeben werden.
+
+15. Starten Sie den Tomcat neu, achten Sie auf eventuelle Fehlermeldungen im
+ Logging von MOA ID beim Einlesen der Konfiguration.
+
+
+...............................................................................
+B.4 Durchführung eines Updates von Version 2.2.0 auf Version 2.2.1
+...............................................................................
+1. Stoppen Sie den Tomcat, in dem Ihre bisherige Installation betrieben wird.
+ Fertigen Sie eine Sicherungskopie Ihrer kompletten Tomcat-Installation an.
+
+2. Entpacken Sie die Distribution von MOA-ID-Auth (moa-id-auth-2.2.1.zip) in
+ ein temporäres Verzeichnis, in weiterer Folge als MOA_ID_AUTH_INST
+ bezeichnet.
+
+3. Wechseln Sie in jenes Verzeichnis, das die Webapplikation von MOA ID Auth
+ beinhaltet (für gewöhnlich ist dieses Verzeichnis CATALINA_HOME_ID/webapps,
+ wobei CATALINA_HOME_ID für das Basisverzeichnis der Tomcat-Installation
+ für MOA ID steht). Löschen Sie darin sowohl die Dateien moa-id-auth.war und
+ moa-id-configuration.war als auch das komplette Verzeichnis moa-id-auth
+ und das komplette Verzeichnis moa-id-configuration.
+
+4. Kopieren Sie die Datei MOA_ID_AUTH_INST/moa-id-auth.war nach
+ CATALINA_HOME_ID/webapps.
+
+5. Kopieren Sie die Datei MOA_ID_AUTH_INST/moa-id-configuration.war nach
+ CATALINA_HOME_ID/webapps.
+
+6. Update des Cert-Stores.
+ Kopieren Sie den Inhalt des Verzeichnisses
+ MOA_ID_INST_AUTH\conf\moa-spss\certstore in das Verzeichnis
+ CATALINA_HOME\conf\moa-spss\certstore. Wenn Sie gefragt werden, ob Sie
+ vorhandene Dateien oder Unterverzeichnisse überschreiben sollen, dann
+ bejahen sie das.
+
+7. Update der Trust-Profile. Wenn Sie Ihre alten Trust-Profile durch die Neuen ersetzen
+ wollen, dann gehen Sie vor, wie in Punkt a). Wenn Sie Ihre eigenen Trust-Profile
+ beibehalten wollen, dann gehen Sie vor, wie in Punkt b).
+
+ a. Gehen Sie wie folgt vor, um die Trust-Profile auszutauschen:
+
+ 1) Löschen Sie das Verzeichnis CATALINA_HOME\conf\moa-spss\trustprofiles.
+ 2) Kopieren Sie das Verzeichnis
+ MOA_ID_INST_AUTH\conf\moa-spss\trustProfiles in das Verzeichnis
+ CATALINA_HOME\conf\moa-spss.
+
+ b. Falls Sie Ihre alten Trust-Profile beibehalten wollen, gehen Sie wie
+ folgt vor, um die Profile auf den aktuellen Stand zu bringen:
+
+ 1) Ergänzen Sie ihre Trustprofile durch alle Zertifikate aus den
+ entsprechenden Profilen im Verzeichnis
+ MOA_ID_INST_AUTH\conf\moa-spss\trustProfiles, die nicht in Ihren
+ Profilen enthalten sind. Am einfachsten ist es, wenn Sie den Inhalt
+ der einzelnen Profile aus der Distribution
+ (MOA_ID_INST_AUTH\conf\moa-spss\trustProfiles) in die entsprechenden
+ Profile Ihrer Installation (CATALINA_HOME\conf\moa-spss\trustProfiles)
+ kopieren und dabei die vorhandenen gleichnamigen Zertifikate
+ überschreiben), also z.B: Kopieren des Inhalts von
+ MOA_ID_INST_AUTH\conf\moa-spss\trustProfiles\
+ MOAIDBuergerkarteAuthentisierungsDatenMitTestkarten nach
+ CATALINA_HOME\conf\moa-spss\trustProfiles\
+ MOAIDBuergerkarteAuthentisierungsDatenMitTestkarten usw.
+
+8. Starten Sie den Tomcat neu, achten Sie auf eventuelle Fehlermeldungen im
+ Logging von MOA ID beim Einlesen der Konfiguration.
+
+...............................................................................
+B.1 Durchführung eines Updates von Version 2.1.2 auf Version 2.2.0
+...............................................................................
+ 1. Stoppen Sie den Tomcat, in dem Ihre bisherige Installation betrieben wird.
+ Fertigen Sie eine Sicherungskopie Ihrer kompletten Tomcat-Installation an.
+
+2. Entpacken Sie die Distribution von MOA-ID-Auth (moa-id-auth-2.2.0.zip) in
+ ein temporäres Verzeichnis, in weiterer Folge als MOA_ID_AUTH_INST
+ bezeichnet.
+
+3. Wechseln Sie in jenes Verzeichnis, das die Webapplikation von MOA ID Auth
+ beinhaltet (für gewöhnlich ist dieses Verzeichnis CATALINA_HOME_ID/webapps,
+ wobei CATALINA_HOME_ID für das Basisverzeichnis der Tomcat-Installation
+ für MOA ID steht). Löschen Sie darin sowohl die Dateien moa-id-auth.war und
+ moa-id-configuration.war als auch das komplette Verzeichnis moa-id-auth
+ und das komplette Verzeichnis moa-id-configuration.
+
+4. Erstellen Sie eine Sicherungskopie aller "*.jar"-Dateien im Verzeichnis
+ CATALINA_HOME_ID\endorsed und loeschen Sie diese Dateien danach.
+
+6. Kopieren Sie die Datei MOA_ID_AUTH_INST/moa-id-auth.war nach
+ CATALINA_HOME_ID/webapps.
+
+7. Kopieren Sie die Datei MOA_ID_AUTH_INST/moa-id-configuration.war nach
+ CATALINA_HOME_ID/webapps.
+
+8. Kopieren der folgenden Dateien:
+ Sollte die Datei bereits vorhanden sein erstellen Sie ein Backup der
+ Datei bevor Sie diese durch die neue Version ersetzen.
+ a.) MOA_ID_AUTH_INST/conf/moa-id/stork/StorkSamlEngine_VIDP.xml ->
+ CATALINA_HOME/conf/moa-id/stork/StorkSamlEngine_VIDP.xml
+ b.) MOA_ID_AUTH_INST/conf/moa-id/stork/StorkSamlEngine_outgoing.xml ->
+ CATALINA_HOME/conf/moa-id/stork/StorkSamlEngine_outgoing.xml
+
+9. Dem STORK KeyStores unter MOA_ID_AUTH_INST/conf/moa-id/keys/storkDemoKeys.jks
+ (Passwort=local-demo) wurden neue vertrauenswürdige Zertifikate hinzugefügt.
+ Gleichen Sie bei Bedarf die Zertifikate dieses KeyStores mit Ihrem aktuell
+ verwendeten KeyStore ab.
+
+10. Update des Cert-Stores.
+ Kopieren Sie den Inhalt des Verzeichnisses
+ MOA_ID_INST_AUTH\conf\moa-spss\certstore in das Verzeichnis
+ CATALINA_HOME\conf\moa-spss\certstore. Wenn Sie gefragt werden, ob Sie
+ vorhandene Dateien oder Unterverzeichnisse überschreiben sollen, dann
+ bejahen sie das.
+
+11. Update der Trust-Profile. Wenn Sie Ihre alten Trust-Profile durch die Neuen ersetzen
+ wollen, dann gehen Sie vor, wie in Punkt a). Wenn Sie Ihre eigenen Trust-Profile
+ beibehalten wollen, dann gehen Sie vor, wie in Punkt b).
+
+ a. Gehen Sie wie folgt vor, um die Trust-Profile auszutauschen:
+
+ 1) Löschen Sie das Verzeichnis CATALINA_HOME\conf\moa-spss\trustprofiles.
+ 2) Kopieren Sie das Verzeichnis
+ MOA_ID_INST_AUTH\conf\moa-spss\trustProfiles in das Verzeichnis
+ CATALINA_HOME\conf\moa-spss.
+
+ b. Falls Sie Ihre alten Trust-Profile beibehalten wollen, gehen Sie wie
+ folgt vor, um die Profile auf den aktuellen Stand zu bringen:
+
+ 1) Ergänzen Sie ihre Trustprofile durch alle Zertifikate aus den
+ entsprechenden Profilen im Verzeichnis
+ MOA_ID_INST_AUTH\conf\moa-spss\trustProfiles, die nicht in Ihren
+ Profilen enthalten sind. Am einfachsten ist es, wenn Sie den Inhalt
+ der einzelnen Profile aus der Distribution
+ (MOA_ID_INST_AUTH\conf\moa-spss\trustProfiles) in die entsprechenden
+ Profile Ihrer Installation (CATALINA_HOME\conf\moa-spss\trustProfiles)
+ kopieren und dabei die vorhandenen gleichnamigen Zertifikate
+ überschreiben), also z.B: Kopieren des Inhalts von
+ MOA_ID_INST_AUTH\conf\moa-spss\trustProfiles\
+ MOAIDBuergerkarteAuthentisierungsDatenMitTestkarten nach
+ CATALINA_HOME\conf\moa-spss\trustProfiles\
+ MOAIDBuergerkarteAuthentisierungsDatenMitTestkarten usw.
+
+
+12. Starten Sie den Tomcat neu, achten Sie auf eventuelle Fehlermeldungen im
+ Logging von MOA ID beim Einlesen der Konfiguration.
+
+...............................................................................
+B.2 Durchführung eines Updates von Version 2.1.1 auf Version 2.1.2
+...............................................................................
+ 1. Stoppen Sie den Tomcat, in dem Ihre bisherige Installation betrieben wird.
+ Fertigen Sie eine Sicherungskopie Ihrer kompletten Tomcat-Installation an.
+
+2. Entpacken Sie die Distribution von MOA-ID-Auth (moa-id-auth-2.1.2.zip) in
+ ein temporäres Verzeichnis, in weiterer Folge als MOA_ID_AUTH_INST
+ bezeichnet.
+
+3. Wechseln Sie in jenes Verzeichnis, das die Webapplikation von MOA ID Auth
+ beinhaltet (für gewöhnlich ist dieses Verzeichnis CATALINA_HOME_ID/webapps,
+ wobei CATALINA_HOME_ID für das Basisverzeichnis der Tomcat-Installation
+ für MOA ID steht). Löschen Sie darin sowohl die Dateien moa-id-auth.war und
+ moa-id-configuration.war als auch das komplette Verzeichnis moa-id-auth
+ und das komplette Verzeichnis moa-id-configuration.
+
+4. Erstellen Sie eine Sicherungskopie aller "*.jar"-Dateien im Verzeichnis
+ CATALINA_HOME_ID\endorsed und loeschen Sie diese Dateien danach.
+
+5. Kopieren Sie alle Dateien aus dem Verzeichnis MOA_ID_AUTH_INST\endorsed in das
+ Verzeichnis CATALINA_HOME_ID\endorsed
+
+6. Kopieren Sie die Datei MOA_ID_AUTH_INST/moa-id-auth.war nach
+ CATALINA_HOME_ID/webapps.
+
+7. Kopieren Sie die Datei MOA_ID_AUTH_INST/moa-id-configuration.war nach
+ CATALINA_HOME_ID/webapps.
+
+8. Kopieren der folgenden Dateien
+ a.) MOA_ID_AUTH_INST/conf/moa-id/stork/StorkSamlEngine_VIDP.xml ->
+ CATALINA_HOME/conf/moa-id/stork/StorkSamlEngine_VIDP.xml
+ Sollte die Datei bereits vorhanden sein erstellen Sie ein Backup der
+ Datei slo_template.html bevor Sie diese durch die neue Version ersetzen.
+
+9. Dem STORK KeyStores unter MOA_ID_AUTH_INST/conf/moa-id/keys/storkDemoKeys.jks
+ (Passwort=local-demo) wurden neue vertrauenswürdige Zertifikate hinzugefügt.
+ Gleichen Sie bei Bedarf die Zertifikate dieses KeyStores mit Ihrem aktuell
+ verwendeten KeyStore ab.
+
+10. Starten Sie den Tomcat neu, achten Sie auf eventuelle Fehlermeldungen im
+ Logging von MOA ID beim Einlesen der Konfiguration.
+
+
+...............................................................................
+B.3 Durchführung eines Updates von Version 2.1.0 auf Version 2.1.1
+...............................................................................
+ 1. Stoppen Sie den Tomcat, in dem Ihre bisherige Installation betrieben wird.
+ Fertigen Sie eine Sicherungskopie Ihrer kompletten Tomcat-Installation an.
+
+2. Entpacken Sie die Distribution von MOA-ID-Auth (moa-id-auth-2.1.0.zip) in
+ ein temporäres Verzeichnis, in weiterer Folge als MOA_ID_AUTH_INST
+ bezeichnet.
+
+3. Erstellen Sie eine Sicherungskopie aller "iaik*.jar"-Dateien im Verzeichnis
+ JAVA_HOME\jre\lib\ext und loeschen Sie diese Dateien danach.
+
+4. Kopieren Sie alle Dateien aus dem Verzeichnis MOA_ID_AUTH_INST\ext in das
+ Verzeichnis JAVA_HOME\jre\lib\ext (Achtung: Java 1.4.x wird nicht mehr
+ unterstuetzt).
+
+5. Wechseln Sie in jenes Verzeichnis, das die Webapplikation von MOA ID Auth
+ beinhaltet (für gewöhnlich ist dieses Verzeichnis CATALINA_HOME_ID/webapps,
+ wobei CATALINA_HOME_ID für das Basisverzeichnis der Tomcat-Installation
+ für MOA ID steht). Löschen Sie darin sowohl die Datei moa-id-auth.war als
+ auch das komplette Verzeichnis moa-id-auth.
+
+6. Kopieren Sie die Datei MOA_ID_AUTH_INST/moa-id-auth.war nach
+ CATALINA_HOME_ID/webapps.
+
+7. Kopieren Sie die Datei MOA_ID_AUTH_INST/moa-id-configuration.war nach
+ CATALINA_HOME_ID/webapps.
+
+8. Hinzufügen der zusätzlichen Konfigurationsparameter in der
+ MOA-ID-Configuration Konfigurationsdatei
+ CATALINA_HOME\conf\moa-id-configuration\moa-id-configtool.properties
+ a.) general.moaconfig.key=..... (Passwort zum Ver- und
+ Entschlüsseln von Konfigurationsparametern in der Datenbank)
+
+9. Hinzufügen der zusätzlichen Konfigurationsparameter in der MOA-ID-Auth
+ Konfigurationsdatei CATALINA_HOME\conf\moa-id\moa-id.properties
+ a.) configuration.moaconfig.key=..... (Passwort zum Ver- und
+ Entschlüsseln von Konfigurationsparametern in der Datenbank)
+
+10. Kopieren der folgenden Dateien
+ a.) MOA_ID_AUTH_INST/conf/moa-id/htmlTemplates/slo_template.html ->
+ CATALINA_HOME/conf/moa-id/htmlTemplates/slo_template.html
+ Sollte die Datei bereits vorhanden sein erstellen Sie ein Backup der
+ Datei slo_template.html bevor Sie diese durch die neue Version ersetzen.
+
+11. Update des Cert-Stores.
+ Kopieren Sie den Inhalt des Verzeichnisses
+ MOA_ID_INST_AUTH\conf\moa-spss\certstore in das Verzeichnis
+ CATALINA_HOME\conf\moa-spss\certstore. Wenn Sie gefragt werden, ob Sie
+ vorhandene Dateien oder Unterverzeichnisse überschreiben sollen, dann
+ bejahen sie das.
+
+12. Update der Trust-Profile. Wenn Sie Ihre alten Trust-Profile durch die Neuen ersetzen
+ wollen, dann gehen Sie vor, wie in Punkt a). Wenn Sie Ihre eigenen Trust-Profile
+ beibehalten wollen, dann gehen Sie vor, wie in Punkt b).
+
+ a. Gehen Sie wie folgt vor, um die Trust-Profile auszutauschen:
+
+ 1) Löschen Sie das Verzeichnis CATALINA_HOME\conf\moa-spss\trustprofiles.
+ 2) Kopieren Sie das Verzeichnis
+ MOA_ID_INST_AUTH\conf\moa-spss\trustProfiles in das Verzeichnis
+ CATALINA_HOME\conf\moa-spss.
+
+ b. Falls Sie Ihre alten Trust-Profile beibehalten wollen, gehen Sie wie
+ folgt vor, um die Profile auf den aktuellen Stand zu bringen:
+
+ 1) Ergänzen Sie ihre Trustprofile durch alle Zertifikate aus den
+ entsprechenden Profilen im Verzeichnis
+ MOA_ID_INST_AUTH\conf\moa-spss\trustProfiles, die nicht in Ihren
+ Profilen enthalten sind. Am einfachsten ist es, wenn Sie den Inhalt
+ der einzelnen Profile aus der Distribution
+ (MOA_ID_INST_AUTH\conf\moa-spss\trustProfiles) in die entsprechenden
+ Profile Ihrer Installation (CATALINA_HOME\conf\moa-spss\trustProfiles)
+ kopieren und dabei die vorhandenen gleichnamigen Zertifikate
+ überschreiben), also z.B: Kopieren des Inhalts von
+ MOA_ID_INST_AUTH\conf\moa-spss\trustProfiles\
+ MOAIDBuergerkarteAuthentisierungsDatenMitTestkarten nach
+ CATALINA_HOME\conf\moa-spss\trustProfiles\
+ MOAIDBuergerkarteAuthentisierungsDatenMitTestkarten usw.
+
+13. Starten Sie den Tomcat neu, achten Sie auf eventuelle Fehlermeldungen im
+ Logging von MOA ID beim Einlesen der Konfiguration.
+
+
+...............................................................................
+B.4 Durchführung eines Updates von Version 2.0.1 auf Version 2.1.0
+...............................................................................
+ 1. Stoppen Sie den Tomcat, in dem Ihre bisherige Installation betrieben wird.
+ Fertigen Sie eine Sicherungskopie Ihrer kompletten Tomcat-Installation an.
+
+2. Entpacken Sie die Distribution von MOA-ID-Auth (moa-id-auth-2.1.0.zip) in
+ ein temporäres Verzeichnis, in weiterer Folge als MOA_ID_AUTH_INST
+ bezeichnet.
+
+3. Wechseln Sie in jenes Verzeichnis, das die Webapplikation von MOA ID Auth
+ beinhaltet (für gewöhnlich ist dieses Verzeichnis CATALINA_HOME_ID/webapps,
+ wobei CATALINA_HOME_ID für das Basisverzeichnis der Tomcat-Installation
+ für MOA ID steht). Löschen Sie darin sowohl die Datei moa-id-auth.war als
+ auch das komplette Verzeichnis moa-id-auth.
+
+4. Kopieren Sie die Datei MOA_ID_AUTH_INST/moa-id-auth.war nach
+ CATALINA_HOME_ID/webapps.
+
+5. Kopieren Sie die Datei MOA_ID_AUTH_INST/moa-id-configuration.war nach
+ CATALINA_HOME_ID/webapps.
+
+6. Update der STORK Konfiguration
+ a.) Kopieren Sie die Dateien aus dem Verzeichnis MOA_ID_INST_AUTH\conf\moa-id\stork
+ in das Verzeichnis CATALINA_HOME\conf\moa-id\stork.
+ b.) Passen Sie die STORK Konfiguration laut Handbuch -> Konfiguration ->
+ 2.4 Konfiguration des SamlEngines an.
+
+7. Hinzufügen der zusätzlichen Konfigurationsparameter in der MOA-ID-Configuration Konfigurationsdatei
+ CATALINA_HOME\conf\moa-id-configuration\moa-id-configtool.properties
+ a.) general.ssl.certstore=certs/certstore
+ b.) general.ssl.truststore=certs/truststore
+
+8. Kopieren des folgenden zusätzlichen Ordners MOA_ID_AUTH_INST/conf/moa-id-configuration/certs
+ nach CATALINA_HOME\conf\moa-id-configuration\
+
+9. Hinzufügen der zusätzlichen Konfigurationsparameter in der MOA-ID-Auth Konfigurationsdatei
+ CATALINA_HOME\conf\moa-id\moa-id.properties und Anpassung an das zu verwendeten Schlüsselpaar.
+ a.) protocols.pvp2.idp.ks.assertion.encryption.alias=pvp_assertion
+ protocols.pvp2.idp.ks.assertion.encryption.keypassword=password
+
+10. Kopieren der folgenden zusätzlichen Ordner aus MOA_ID_AUTH_INST/conf/moa-id/
+ nach CATALINA_HOME\conf\moa-id\
+ a.) MOA_ID_AUTH_INST/conf/moa-id/SLTemplates -> CATALINA_HOME\conf\moa-id\
+ b.) MOA_ID_AUTH_INST/conf/moa-id/htmlTemplates/slo_template.html ->
+ CATALINA_HOME/conf/moa-id/htmlTemplates/slo_template.html
+
+11. Neuinitialisieren des Datenbank Schema für die MOA-Session. Hierfür stehen
+ zwei Varianten zur Verfügung.
+ a.) Ändern Sie in der Konfigurationsdatei für das Modul MOA-ID-Auth
+ CATALINA_HOME\conf\moa-id\moa-id.properties die Zeile
+ moasession.hibernate.hbm2ddl.auto=update
+ zu
+ moasession.hibernate.hbm2ddl.auto=create
+ Danach werden die Tabellen beim nächsten Startvorgang neu generiert.
+
+ b.) Löschen Sie alle Tabellen aus dem Datenbank Schema für die MOA-Sessixson
+ Informationen per Hand. Alle Tabellen werden beim nächsten Start autmatisch neu generiert.
+
+12 . Starten Sie den Tomcat neu, achten Sie auf eventuelle Fehlermeldungen im
+ Logging von MOA ID beim Einlesen der Konfiguration.
+
+
+...............................................................................
+B.5 Durchführung eines Updates von Version 2.0-RC1 auf Version 2.0.1
+...............................................................................
+
+1. Stoppen Sie den Tomcat, in dem Ihre bisherige Installation betrieben wird.
+ Fertigen Sie eine Sicherungskopie Ihrer kompletten Tomcat-Installation an.
+
+2. Entpacken Sie die Distribution von MOA-ID-Auth (moa-id-auth-2.0.1.zip) in
+ ein temporäres Verzeichnis, in weiterer Folge als MOA_ID_AUTH_INST
+ bezeichnet.
+ Für MOA ID Proxy:
+ Entpacken Sie die Distribution von MOA-ID-Proxy (moa-id-proxy-2.0.1.zip) in
+ ein temporäres Verzeichnis, in weiterer Folge als MOA_ID_PROXY_INST
+ bezeichnet.
+
+3. Wechseln Sie in jenes Verzeichnis, das die Webapplikation von MOA ID Auth
+ beinhaltet (für gewöhnlich ist dieses Verzeichnis CATALINA_HOME_ID/webapps,
+ wobei CATALINA_HOME_ID für das Basisverzeichnis der Tomcat-Installation
+ für MOA ID steht). Löschen Sie darin sowohl die Datei moa-id-auth.war als
+ auch das komplette Verzeichnis moa-id-auth.
+
+4. Kopieren Sie die Datei MOA_ID_AUTH_INST/moa-id-auth.war nach
+ CATALINA_HOME_ID/webapps.
+
+5. Kopieren Sie die Datei MOA_ID_AUTH_INST/moa-id-configuration.war nach
+ CATALINA_HOME_ID/webapps.
+
+6. Update des Cert-Stores.
+ Kopieren Sie den Inhalt des Verzeichnisses
+ MOA_ID_INST_AUTH\conf\moa-spss\certstore in das Verzeichnis
+ CATALINA_HOME\conf\moa-spss\certstore. Wenn Sie gefragt werden, ob Sie
+ vorhandene Dateien oder Unterverzeichnisse überschreiben sollen, dann
+ bejahen sie das.
+
+7. Update der Trust-Profile. Wenn Sie Ihre alten Trust-Profile durch die Neuen ersetzen
+ wollen, dann gehen Sie vor, wie in Punkt a). Wenn Sie Ihre eigenen Trust-Profile
+ beibehalten wollen, dann gehen Sie vor, wie in Punkt b).
+
+ a. Gehen Sie wie folgt vor, um die Trust-Profile auszutauschen:
+
+ 1) Löschen Sie das Verzeichnis CATALINA_HOME\conf\moa-spss\trustprofiles.
+ 2) Kopieren Sie das Verzeichnis
+ MOA_ID_INST_AUTH\conf\moa-spss\trustProfiles in das Verzeichnis
+ CATALINA_HOME\conf\moa-spss.
+
+ b. Falls Sie Ihre alten Trust-Profile beibehalten wollen, gehen Sie wie
+ folgt vor, um die Profile auf den aktuellen Stand zu bringen:
+
+ 1) Ergänzen Sie ihre Trustprofile durch alle Zertifikate aus den
+ entsprechenden Profilen im Verzeichnis
+ MOA_ID_INST_AUTH\conf\moa-spss\trustProfiles, die nicht in Ihren
+ Profilen enthalten sind. Am einfachsten ist es, wenn Sie den Inhalt
+ der einzelnen Profile aus der Distribution
+ (MOA_ID_INST_AUTH\conf\moa-spss\trustProfiles) in die entsprechenden
+ Profile Ihrer Installation (CATALINA_HOME\conf\moa-spss\trustProfiles)
+ kopieren und dabei die vorhandenen gleichnamigen Zertifikate
+ überschreiben), also z.B: Kopieren des Inhalts von
+ MOA_ID_INST_AUTH\conf\moa-spss\trustProfiles\
+ MOAIDBuergerkarteAuthentisierungsDatenMitTestkarten nach
+ CATALINA_HOME\conf\moa-spss\trustProfiles\
+ MOAIDBuergerkarteAuthentisierungsDatenMitTestkarten usw.
+
+8. Update der Default html-Templates für die Bürgerkartenauswahl.
+
+ a.) Kopieren Sie die Dateien aus dem Verzeichnis MOA_ID_INST_AUTH\conf\moa-id\htmlTemplates
+ in das Verzeichnis CATALINA_HOME\conf\moa-id\htmlTemplates.
+ b.) Kopieren Sie die Dateien aus dem Verzeichnis MOA_ID_INST_AUTH\conf\moa-id-configuration\htmlTemplates
+ in das Verzeichnis CATALINA_HOME\conf\moa-id-configuration\htmlTemplates.
+
+9. Update der STORK Konfiguration
+ a.) Kopieren Sie die Dateien aus dem Verzeichnis MOA_ID_INST_AUTH\conf\moa-id\stork
+ in das Verzeichnis CATALINA_HOME\conf\moa-id\stork.
+ b.) Passen Sie die STORK Konfiguration laut Handbuch -> Konfiguration ->
+ 2.4 Konfiguration des SamlEngines an.
+
+10. Hinzufügen der zusätzlichen Konfigurationsparameter in der MOA-ID-Auth Konfigurationsdatei
+ CATALINA_HOME\conf\moa-id\moa-id.properties
+
+ a.) configuration.validation.certificate.QC.ignore=false
+ b.) protocols.pvp2.assertion.encryption.active=false
+
+11. Starten Sie den Tomcat neu, achten Sie auf eventuelle Fehlermeldungen im
+ Logging von MOA ID beim Einlesen der Konfiguration.
+
+
+...............................................................................
+B.6 Durchführung eines Updates von Version <= 1.5.1
+...............................................................................
+
+Bitte führen Sie eine Neuinstallation von MOA ID laut Handbuch durch und passen
+Sie die mitgelieferte Musterkonfiguration entsprechend Ihren Bedürfnissen unter
+Zuhilfenahme Ihrer bisherigen Konfiguration an.
+
diff --git a/id/server/auth-edu/pom.xml b/id/server/auth-edu/pom.xml
index 43e87f2ab..4e01c6260 100644
--- a/id/server/auth-edu/pom.xml
+++ b/id/server/auth-edu/pom.xml
@@ -96,10 +96,6 @@
<type>pom</type>
<exclusions>
<exclusion>
- <artifactId>iaik_pki_module</artifactId>
- <groupId>iaik</groupId>
- </exclusion>
- <exclusion>
<groupId>commons-logging</groupId>
<artifactId>commons-logging</artifactId>
</exclusion>
@@ -219,12 +215,12 @@
<!-- should be in the ext directory of the jre -->
<scope>provided</scope>
</dependency>
- <dependency>
+<!-- <dependency>
<groupId>iaik.prod</groupId>
<artifactId>iaik_ecc</artifactId>
- <!-- should be in the ext directory of the jre -->
+ should be in the ext directory of the jre
<scope>provided</scope>
- </dependency>
+ </dependency> -->
<dependency>
<groupId>iaik.prod</groupId>
<artifactId>iaik_Pkcs11Provider</artifactId>
@@ -279,6 +275,11 @@
</exclusions>
</dependency>
<dependency>
+ <groupId>org.springframework</groupId>
+ <artifactId>spring-tx</artifactId>
+ <version>${org.springframework.version}</version>
+ </dependency>
+ <dependency>
<groupId>org.slf4j</groupId>
<artifactId>jcl-over-slf4j</artifactId>
</dependency>
diff --git a/id/server/auth-final/pom.xml b/id/server/auth-final/pom.xml
index 0c42c9deb..4f5f219a1 100644
--- a/id/server/auth-final/pom.xml
+++ b/id/server/auth-final/pom.xml
@@ -80,10 +80,6 @@
<type>pom</type>
<exclusions>
<exclusion>
- <artifactId>iaik_pki_module</artifactId>
- <groupId>iaik</groupId>
- </exclusion>
- <exclusion>
<groupId>commons-logging</groupId>
<artifactId>commons-logging</artifactId>
</exclusion>
@@ -187,12 +183,12 @@
<!-- should be in the ext directory of the jre -->
<scope>provided</scope>
</dependency>
- <dependency>
+<!-- <dependency>
<groupId>iaik.prod</groupId>
<artifactId>iaik_ecc</artifactId>
- <!-- should be in the ext directory of the jre -->
+ should be in the ext directory of the jre
<scope>provided</scope>
- </dependency>
+ </dependency> -->
<dependency>
<groupId>iaik.prod</groupId>
<artifactId>iaik_Pkcs11Provider</artifactId>
@@ -247,6 +243,11 @@
</exclusions>
</dependency>
<dependency>
+ <groupId>org.springframework</groupId>
+ <artifactId>spring-tx</artifactId>
+ <version>${org.springframework.version}</version>
+ </dependency>
+ <dependency>
<groupId>org.slf4j</groupId>
<artifactId>jcl-over-slf4j</artifactId>
</dependency>
diff --git a/id/server/data/deploy/conf/moa-id/certs/certstore/01540E2704537AA810D671E1C4106FD8821EB52A/C2556DADDF68A9EEF7F5C14A24CA33BCA930B201 b/id/server/data/deploy/conf/moa-id/certs/certstore/01540E2704537AA810D671E1C4106FD8821EB52A/C2556DADDF68A9EEF7F5C14A24CA33BCA930B201
deleted file mode 100644
index 592c96230..000000000
--- a/id/server/data/deploy/conf/moa-id/certs/certstore/01540E2704537AA810D671E1C4106FD8821EB52A/C2556DADDF68A9EEF7F5C14A24CA33BCA930B201
+++ /dev/null
Binary files differ
diff --git a/id/server/data/deploy/conf/moa-id/certs/certstore/032F2123890A879585CE96674CA4C37B55986729/E1201A308CC10323C27D9084B048996E44B8F710 b/id/server/data/deploy/conf/moa-id/certs/certstore/032F2123890A879585CE96674CA4C37B55986729/E1201A308CC10323C27D9084B048996E44B8F710
deleted file mode 100644
index a7948e488..000000000
--- a/id/server/data/deploy/conf/moa-id/certs/certstore/032F2123890A879585CE96674CA4C37B55986729/E1201A308CC10323C27D9084B048996E44B8F710
+++ /dev/null
Binary files differ
diff --git a/id/server/data/deploy/conf/moa-id/certs/certstore/04462EF01783744F9F4CDE3705FD86D488697C9F/D44EED7580C7792242D73E267A89C7DB25E4BD08 b/id/server/data/deploy/conf/moa-id/certs/certstore/04462EF01783744F9F4CDE3705FD86D488697C9F/D44EED7580C7792242D73E267A89C7DB25E4BD08
deleted file mode 100644
index 73434134e..000000000
--- a/id/server/data/deploy/conf/moa-id/certs/certstore/04462EF01783744F9F4CDE3705FD86D488697C9F/D44EED7580C7792242D73E267A89C7DB25E4BD08
+++ /dev/null
Binary files differ
diff --git a/id/server/data/deploy/conf/moa-id/certs/certstore/083E1A0528C48475951A6610360D813E2713DCC7/7E691392F741B7E4B4AA9A76D75851BDE18BE5A7 b/id/server/data/deploy/conf/moa-id/certs/certstore/083E1A0528C48475951A6610360D813E2713DCC7/7E691392F741B7E4B4AA9A76D75851BDE18BE5A7
deleted file mode 100644
index 8c434777e..000000000
--- a/id/server/data/deploy/conf/moa-id/certs/certstore/083E1A0528C48475951A6610360D813E2713DCC7/7E691392F741B7E4B4AA9A76D75851BDE18BE5A7
+++ /dev/null
Binary files differ
diff --git a/id/server/data/deploy/conf/moa-id/certs/certstore/0889EBEC55D9E34E782E6D3C250840EB932EEA2F/9CD9ADF04626E7E8C9A1C8DACE3B0B8A2979C726 b/id/server/data/deploy/conf/moa-id/certs/certstore/0889EBEC55D9E34E782E6D3C250840EB932EEA2F/9CD9ADF04626E7E8C9A1C8DACE3B0B8A2979C726
deleted file mode 100644
index 3af27c013..000000000
--- a/id/server/data/deploy/conf/moa-id/certs/certstore/0889EBEC55D9E34E782E6D3C250840EB932EEA2F/9CD9ADF04626E7E8C9A1C8DACE3B0B8A2979C726
+++ /dev/null
Binary files differ
diff --git a/id/server/data/deploy/conf/moa-id/certs/certstore/0A5C2C9276B649D088A86BD9FD97E2B95658481D/08CAE18D8CFF86144CB8FFD671B916CAAB8BD4E9 b/id/server/data/deploy/conf/moa-id/certs/certstore/0A5C2C9276B649D088A86BD9FD97E2B95658481D/08CAE18D8CFF86144CB8FFD671B916CAAB8BD4E9
deleted file mode 100644
index cac44093a..000000000
--- a/id/server/data/deploy/conf/moa-id/certs/certstore/0A5C2C9276B649D088A86BD9FD97E2B95658481D/08CAE18D8CFF86144CB8FFD671B916CAAB8BD4E9
+++ /dev/null
Binary files differ
diff --git a/id/server/data/deploy/conf/moa-id/certs/certstore/0AF04E7099C9829BD1F8437362BA0036E0705C4D/0F843FB1E0C626540BE638B79A2987E2611CE630 b/id/server/data/deploy/conf/moa-id/certs/certstore/0AF04E7099C9829BD1F8437362BA0036E0705C4D/0F843FB1E0C626540BE638B79A2987E2611CE630
deleted file mode 100644
index 29d93550e..000000000
--- a/id/server/data/deploy/conf/moa-id/certs/certstore/0AF04E7099C9829BD1F8437362BA0036E0705C4D/0F843FB1E0C626540BE638B79A2987E2611CE630
+++ /dev/null
Binary files differ
diff --git a/id/server/data/deploy/conf/moa-id/certs/certstore/0AF04E7099C9829BD1F8437362BA0036E0705C4D/69F21C82DC9A7A940ACEC414593E59C9E61E522F b/id/server/data/deploy/conf/moa-id/certs/certstore/0AF04E7099C9829BD1F8437362BA0036E0705C4D/69F21C82DC9A7A940ACEC414593E59C9E61E522F
deleted file mode 100644
index 2a88295a7..000000000
--- a/id/server/data/deploy/conf/moa-id/certs/certstore/0AF04E7099C9829BD1F8437362BA0036E0705C4D/69F21C82DC9A7A940ACEC414593E59C9E61E522F
+++ /dev/null
Binary files differ
diff --git a/id/server/data/deploy/conf/moa-id/certs/certstore/0AF04E7099C9829BD1F8437362BA0036E0705C4D/FC72939DC06EDDF8C51549ECF00AC92BF2B39F35 b/id/server/data/deploy/conf/moa-id/certs/certstore/0AF04E7099C9829BD1F8437362BA0036E0705C4D/FC72939DC06EDDF8C51549ECF00AC92BF2B39F35
deleted file mode 100644
index 84a1690d2..000000000
--- a/id/server/data/deploy/conf/moa-id/certs/certstore/0AF04E7099C9829BD1F8437362BA0036E0705C4D/FC72939DC06EDDF8C51549ECF00AC92BF2B39F35
+++ /dev/null
Binary files differ
diff --git a/id/server/data/deploy/conf/moa-id/certs/certstore/0BF5B0C4B029051D91A83EE9CCD0266A52D867A6/341F53B3B17518213B1856BFAB3CEFBE948AFC0D b/id/server/data/deploy/conf/moa-id/certs/certstore/0BF5B0C4B029051D91A83EE9CCD0266A52D867A6/341F53B3B17518213B1856BFAB3CEFBE948AFC0D
deleted file mode 100644
index 3250c6adc..000000000
--- a/id/server/data/deploy/conf/moa-id/certs/certstore/0BF5B0C4B029051D91A83EE9CCD0266A52D867A6/341F53B3B17518213B1856BFAB3CEFBE948AFC0D
+++ /dev/null
Binary files differ
diff --git a/id/server/data/deploy/conf/moa-id/certs/certstore/0BF5B0C4B029051D91A83EE9CCD0266A52D867A6/3A24040C01D5C9A4980575BFF99A25E534A056CB b/id/server/data/deploy/conf/moa-id/certs/certstore/0BF5B0C4B029051D91A83EE9CCD0266A52D867A6/3A24040C01D5C9A4980575BFF99A25E534A056CB
deleted file mode 100644
index 3848a2b82..000000000
--- a/id/server/data/deploy/conf/moa-id/certs/certstore/0BF5B0C4B029051D91A83EE9CCD0266A52D867A6/3A24040C01D5C9A4980575BFF99A25E534A056CB
+++ /dev/null
Binary files differ
diff --git a/id/server/data/deploy/conf/moa-id/certs/certstore/0FE419AB943E7E5C6A7190CC6BBE8E3F914C658A/FB356CEF4406D1F135E3FC59026B338D3F518F9A b/id/server/data/deploy/conf/moa-id/certs/certstore/0FE419AB943E7E5C6A7190CC6BBE8E3F914C658A/FB356CEF4406D1F135E3FC59026B338D3F518F9A
deleted file mode 100644
index 04c6ea363..000000000
--- a/id/server/data/deploy/conf/moa-id/certs/certstore/0FE419AB943E7E5C6A7190CC6BBE8E3F914C658A/FB356CEF4406D1F135E3FC59026B338D3F518F9A
+++ /dev/null
Binary files differ
diff --git a/id/server/data/deploy/conf/moa-id/certs/certstore/10D143E18C03A4A29F783D26F2F67E3B64C35CB0/BE9D654B0DE0F3CC53CA36703DD9D9049A5F9330 b/id/server/data/deploy/conf/moa-id/certs/certstore/10D143E18C03A4A29F783D26F2F67E3B64C35CB0/BE9D654B0DE0F3CC53CA36703DD9D9049A5F9330
deleted file mode 100644
index 32893db7f..000000000
--- a/id/server/data/deploy/conf/moa-id/certs/certstore/10D143E18C03A4A29F783D26F2F67E3B64C35CB0/BE9D654B0DE0F3CC53CA36703DD9D9049A5F9330
+++ /dev/null
Binary files differ
diff --git a/id/server/data/deploy/conf/moa-id/certs/certstore/10F17BDACD8DEAA1E8F23FBEAE7B3EC3D9773D1D/E7340D1FB627D8917A9C0D23F21515C441BF1214 b/id/server/data/deploy/conf/moa-id/certs/certstore/10F17BDACD8DEAA1E8F23FBEAE7B3EC3D9773D1D/E7340D1FB627D8917A9C0D23F21515C441BF1214
deleted file mode 100644
index fd23a38d6..000000000
--- a/id/server/data/deploy/conf/moa-id/certs/certstore/10F17BDACD8DEAA1E8F23FBEAE7B3EC3D9773D1D/E7340D1FB627D8917A9C0D23F21515C441BF1214
+++ /dev/null
Binary files differ
diff --git a/id/server/data/deploy/conf/moa-id/certs/certstore/125E4AC6B38C1E0BF34BF7D927CBB947E35141E8/2CA36B76BC6CCDC29296111A4EFCAFC0553BBC7D b/id/server/data/deploy/conf/moa-id/certs/certstore/125E4AC6B38C1E0BF34BF7D927CBB947E35141E8/2CA36B76BC6CCDC29296111A4EFCAFC0553BBC7D
deleted file mode 100644
index 1a3106742..000000000
--- a/id/server/data/deploy/conf/moa-id/certs/certstore/125E4AC6B38C1E0BF34BF7D927CBB947E35141E8/2CA36B76BC6CCDC29296111A4EFCAFC0553BBC7D
+++ /dev/null
Binary files differ
diff --git a/id/server/data/deploy/conf/moa-id/certs/certstore/15A052B0DC4E0333656264E2FEEBE45B1BE449BF/386C1663C6390BC288DC171522439210AF361958 b/id/server/data/deploy/conf/moa-id/certs/certstore/15A052B0DC4E0333656264E2FEEBE45B1BE449BF/386C1663C6390BC288DC171522439210AF361958
deleted file mode 100644
index a5e651f86..000000000
--- a/id/server/data/deploy/conf/moa-id/certs/certstore/15A052B0DC4E0333656264E2FEEBE45B1BE449BF/386C1663C6390BC288DC171522439210AF361958
+++ /dev/null
Binary files differ
diff --git a/id/server/data/deploy/conf/moa-id/certs/certstore/1607988A938D3D339F40AFB567384BC5B7540935/9FDCFE5A082FD69BF5D9E73C25FBE9EA1AC0ACF2 b/id/server/data/deploy/conf/moa-id/certs/certstore/1607988A938D3D339F40AFB567384BC5B7540935/9FDCFE5A082FD69BF5D9E73C25FBE9EA1AC0ACF2
deleted file mode 100644
index 28cb48bb0..000000000
--- a/id/server/data/deploy/conf/moa-id/certs/certstore/1607988A938D3D339F40AFB567384BC5B7540935/9FDCFE5A082FD69BF5D9E73C25FBE9EA1AC0ACF2
+++ /dev/null
Binary files differ
diff --git a/id/server/data/deploy/conf/moa-id/certs/certstore/1A283D1183DB82A548427B4F19E99E7A8EA728D7/49969819654C230ECDF779ABB9629A211FCC43D6 b/id/server/data/deploy/conf/moa-id/certs/certstore/1A283D1183DB82A548427B4F19E99E7A8EA728D7/49969819654C230ECDF779ABB9629A211FCC43D6
deleted file mode 100644
index bdfcb7ab1..000000000
--- a/id/server/data/deploy/conf/moa-id/certs/certstore/1A283D1183DB82A548427B4F19E99E7A8EA728D7/49969819654C230ECDF779ABB9629A211FCC43D6
+++ /dev/null
Binary files differ
diff --git a/id/server/data/deploy/conf/moa-id/certs/certstore/1BF3C1D2767F5C333AD5531531FEE3A712935B73/D0AF386E182F00983637F97C0A5F4708F9F641A7 b/id/server/data/deploy/conf/moa-id/certs/certstore/1BF3C1D2767F5C333AD5531531FEE3A712935B73/D0AF386E182F00983637F97C0A5F4708F9F641A7
deleted file mode 100644
index eaac3518b..000000000
--- a/id/server/data/deploy/conf/moa-id/certs/certstore/1BF3C1D2767F5C333AD5531531FEE3A712935B73/D0AF386E182F00983637F97C0A5F4708F9F641A7
+++ /dev/null
Binary files differ
diff --git a/id/server/data/deploy/conf/moa-id/certs/certstore/20DD04B052D2D364E5FF851A3FD314F0FD91253E/6814C7316CEA7191C9CB3BE58199B4A957210D9C b/id/server/data/deploy/conf/moa-id/certs/certstore/20DD04B052D2D364E5FF851A3FD314F0FD91253E/6814C7316CEA7191C9CB3BE58199B4A957210D9C
deleted file mode 100644
index 4dd2c49bf..000000000
--- a/id/server/data/deploy/conf/moa-id/certs/certstore/20DD04B052D2D364E5FF851A3FD314F0FD91253E/6814C7316CEA7191C9CB3BE58199B4A957210D9C
+++ /dev/null
Binary files differ
diff --git a/id/server/data/deploy/conf/moa-id/certs/certstore/20EF2EC4E04DF4D51A8F10DFE4249C0024C7A28C/5F06F65C714047E3B282AEC427C35AB703E49D8E b/id/server/data/deploy/conf/moa-id/certs/certstore/20EF2EC4E04DF4D51A8F10DFE4249C0024C7A28C/5F06F65C714047E3B282AEC427C35AB703E49D8E
deleted file mode 100644
index 39e377edf..000000000
--- a/id/server/data/deploy/conf/moa-id/certs/certstore/20EF2EC4E04DF4D51A8F10DFE4249C0024C7A28C/5F06F65C714047E3B282AEC427C35AB703E49D8E
+++ /dev/null
Binary files differ
diff --git a/id/server/data/deploy/conf/moa-id/certs/certstore/20EF2EC4E04DF4D51A8F10DFE4249C0024C7A28C/D45360060761812D33DE294EAC1573F6DE12A208 b/id/server/data/deploy/conf/moa-id/certs/certstore/20EF2EC4E04DF4D51A8F10DFE4249C0024C7A28C/D45360060761812D33DE294EAC1573F6DE12A208
deleted file mode 100644
index 0a1fcff85..000000000
--- a/id/server/data/deploy/conf/moa-id/certs/certstore/20EF2EC4E04DF4D51A8F10DFE4249C0024C7A28C/D45360060761812D33DE294EAC1573F6DE12A208
+++ /dev/null
Binary files differ
diff --git a/id/server/data/deploy/conf/moa-id/certs/certstore/22973CFC20EA68162A0B2E837D45FB8266ACDBCF/C529469053D9F95810A8F7F2DB9A6596A7655732 b/id/server/data/deploy/conf/moa-id/certs/certstore/22973CFC20EA68162A0B2E837D45FB8266ACDBCF/C529469053D9F95810A8F7F2DB9A6596A7655732
deleted file mode 100644
index 13abede5c..000000000
--- a/id/server/data/deploy/conf/moa-id/certs/certstore/22973CFC20EA68162A0B2E837D45FB8266ACDBCF/C529469053D9F95810A8F7F2DB9A6596A7655732
+++ /dev/null
Binary files differ
diff --git a/id/server/data/deploy/conf/moa-id/certs/certstore/238ACC1D03DA5A2E7E580D760FB3EE218FDC5A97/D3C063F219ED073E34AD5D750B327629FFD59AF2 b/id/server/data/deploy/conf/moa-id/certs/certstore/238ACC1D03DA5A2E7E580D760FB3EE218FDC5A97/D3C063F219ED073E34AD5D750B327629FFD59AF2
deleted file mode 100644
index 33e776369..000000000
--- a/id/server/data/deploy/conf/moa-id/certs/certstore/238ACC1D03DA5A2E7E580D760FB3EE218FDC5A97/D3C063F219ED073E34AD5D750B327629FFD59AF2
+++ /dev/null
Binary files differ
diff --git a/id/server/data/deploy/conf/moa-id/certs/certstore/23A16796B3D718035F1E0DB209A42938767631DA/1C43C0BA36CC8DE659180B2FAC9A6F54430D5941 b/id/server/data/deploy/conf/moa-id/certs/certstore/23A16796B3D718035F1E0DB209A42938767631DA/1C43C0BA36CC8DE659180B2FAC9A6F54430D5941
deleted file mode 100644
index d2e7db667..000000000
--- a/id/server/data/deploy/conf/moa-id/certs/certstore/23A16796B3D718035F1E0DB209A42938767631DA/1C43C0BA36CC8DE659180B2FAC9A6F54430D5941
+++ /dev/null
Binary files differ
diff --git a/id/server/data/deploy/conf/moa-id/certs/certstore/23A16796B3D718035F1E0DB209A42938767631DA/AC36A78C66FEC87CC0FD2C32B49214C65676E0C5 b/id/server/data/deploy/conf/moa-id/certs/certstore/23A16796B3D718035F1E0DB209A42938767631DA/AC36A78C66FEC87CC0FD2C32B49214C65676E0C5
deleted file mode 100644
index f2f1c6562..000000000
--- a/id/server/data/deploy/conf/moa-id/certs/certstore/23A16796B3D718035F1E0DB209A42938767631DA/AC36A78C66FEC87CC0FD2C32B49214C65676E0C5
+++ /dev/null
Binary files differ
diff --git a/id/server/data/deploy/conf/moa-id/certs/certstore/23A16796B3D718035F1E0DB209A42938767631DA/C92238A7178A6C61F8BACA22D6CF7E50772BA9F0 b/id/server/data/deploy/conf/moa-id/certs/certstore/23A16796B3D718035F1E0DB209A42938767631DA/C92238A7178A6C61F8BACA22D6CF7E50772BA9F0
deleted file mode 100644
index 476a3efb2..000000000
--- a/id/server/data/deploy/conf/moa-id/certs/certstore/23A16796B3D718035F1E0DB209A42938767631DA/C92238A7178A6C61F8BACA22D6CF7E50772BA9F0
+++ /dev/null
Binary files differ
diff --git a/id/server/data/deploy/conf/moa-id/certs/certstore/23A16796B3D718035F1E0DB209A42938767631DA/DFAE695342AC81A521025904406884399822B233 b/id/server/data/deploy/conf/moa-id/certs/certstore/23A16796B3D718035F1E0DB209A42938767631DA/DFAE695342AC81A521025904406884399822B233
deleted file mode 100644
index 5c88b668a..000000000
--- a/id/server/data/deploy/conf/moa-id/certs/certstore/23A16796B3D718035F1E0DB209A42938767631DA/DFAE695342AC81A521025904406884399822B233
+++ /dev/null
Binary files differ
diff --git a/id/server/data/deploy/conf/moa-id/certs/certstore/2962CDAADFA0BF8EE53B80870C53E551A43EA72A/12B06E039F1A36D8238AFC508009E1ADF88BF66F b/id/server/data/deploy/conf/moa-id/certs/certstore/2962CDAADFA0BF8EE53B80870C53E551A43EA72A/12B06E039F1A36D8238AFC508009E1ADF88BF66F
deleted file mode 100644
index 4d1852203..000000000
--- a/id/server/data/deploy/conf/moa-id/certs/certstore/2962CDAADFA0BF8EE53B80870C53E551A43EA72A/12B06E039F1A36D8238AFC508009E1ADF88BF66F
+++ /dev/null
Binary files differ
diff --git a/id/server/data/deploy/conf/moa-id/certs/certstore/2C976220B378E08DF5E68CBC54C05CE41224FD29/0CC37CC35E18F9909E43E4E9894D0CDF06EE9A38 b/id/server/data/deploy/conf/moa-id/certs/certstore/2C976220B378E08DF5E68CBC54C05CE41224FD29/0CC37CC35E18F9909E43E4E9894D0CDF06EE9A38
deleted file mode 100644
index 69a8e4872..000000000
--- a/id/server/data/deploy/conf/moa-id/certs/certstore/2C976220B378E08DF5E68CBC54C05CE41224FD29/0CC37CC35E18F9909E43E4E9894D0CDF06EE9A38
+++ /dev/null
Binary files differ
diff --git a/id/server/data/deploy/conf/moa-id/certs/certstore/2F5DA022AAFF668F34C35A80049D690F3CFE3040/D62327E6B19B7968A8BE6588DEAB0BC0DB684D8D b/id/server/data/deploy/conf/moa-id/certs/certstore/2F5DA022AAFF668F34C35A80049D690F3CFE3040/D62327E6B19B7968A8BE6588DEAB0BC0DB684D8D
deleted file mode 100644
index 807fa786c..000000000
--- a/id/server/data/deploy/conf/moa-id/certs/certstore/2F5DA022AAFF668F34C35A80049D690F3CFE3040/D62327E6B19B7968A8BE6588DEAB0BC0DB684D8D
+++ /dev/null
Binary files differ
diff --git a/id/server/data/deploy/conf/moa-id/certs/certstore/31B5BA02D476873C5220CDCFA0C095C4A31DEFDF/88D6151358A5E3C81D7AE1A536121DC03011BC03 b/id/server/data/deploy/conf/moa-id/certs/certstore/31B5BA02D476873C5220CDCFA0C095C4A31DEFDF/88D6151358A5E3C81D7AE1A536121DC03011BC03
deleted file mode 100644
index 376d0753f..000000000
--- a/id/server/data/deploy/conf/moa-id/certs/certstore/31B5BA02D476873C5220CDCFA0C095C4A31DEFDF/88D6151358A5E3C81D7AE1A536121DC03011BC03
+++ /dev/null
Binary files differ
diff --git a/id/server/data/deploy/conf/moa-id/certs/certstore/328AA897B7E6270202B2FC0889FF88D66BB41122/35A40EF932B1F23980E2C672FC939E91EEBD0317 b/id/server/data/deploy/conf/moa-id/certs/certstore/328AA897B7E6270202B2FC0889FF88D66BB41122/35A40EF932B1F23980E2C672FC939E91EEBD0317
deleted file mode 100644
index 73553b996..000000000
--- a/id/server/data/deploy/conf/moa-id/certs/certstore/328AA897B7E6270202B2FC0889FF88D66BB41122/35A40EF932B1F23980E2C672FC939E91EEBD0317
+++ /dev/null
Binary files differ
diff --git a/id/server/data/deploy/conf/moa-id/certs/certstore/3314CE3E42175EACC28D57C35F192430BBADAC1A/B1D0BC027906A3B7E7518C93ACB26D978233ED27 b/id/server/data/deploy/conf/moa-id/certs/certstore/3314CE3E42175EACC28D57C35F192430BBADAC1A/B1D0BC027906A3B7E7518C93ACB26D978233ED27
deleted file mode 100644
index 5171276f4..000000000
--- a/id/server/data/deploy/conf/moa-id/certs/certstore/3314CE3E42175EACC28D57C35F192430BBADAC1A/B1D0BC027906A3B7E7518C93ACB26D978233ED27
+++ /dev/null
Binary files differ
diff --git a/id/server/data/deploy/conf/moa-id/certs/certstore/337F895A0435AA7E2629C5282B5A0DBBE19EE1C7/75F792DE2CF544007F470F1B924961C2BD2EF517 b/id/server/data/deploy/conf/moa-id/certs/certstore/337F895A0435AA7E2629C5282B5A0DBBE19EE1C7/75F792DE2CF544007F470F1B924961C2BD2EF517
deleted file mode 100644
index f8a8957ac..000000000
--- a/id/server/data/deploy/conf/moa-id/certs/certstore/337F895A0435AA7E2629C5282B5A0DBBE19EE1C7/75F792DE2CF544007F470F1B924961C2BD2EF517
+++ /dev/null
Binary files differ
diff --git a/id/server/data/deploy/conf/moa-id/certs/certstore/349CA7B279F4EF3C085B1E8D08AA5DE3EC586188/08BBE8E906397158FA4BF4058BBBDB5EA11BAE82 b/id/server/data/deploy/conf/moa-id/certs/certstore/349CA7B279F4EF3C085B1E8D08AA5DE3EC586188/08BBE8E906397158FA4BF4058BBBDB5EA11BAE82
deleted file mode 100644
index 167c36411..000000000
--- a/id/server/data/deploy/conf/moa-id/certs/certstore/349CA7B279F4EF3C085B1E8D08AA5DE3EC586188/08BBE8E906397158FA4BF4058BBBDB5EA11BAE82
+++ /dev/null
Binary files differ
diff --git a/id/server/data/deploy/conf/moa-id/certs/certstore/3868959083AA986194E58E73798BCD724D785A0E/66AB66128A44574873E54E6584E450C4EB3B9A1E b/id/server/data/deploy/conf/moa-id/certs/certstore/3868959083AA986194E58E73798BCD724D785A0E/66AB66128A44574873E54E6584E450C4EB3B9A1E
deleted file mode 100644
index ed5ba194c..000000000
--- a/id/server/data/deploy/conf/moa-id/certs/certstore/3868959083AA986194E58E73798BCD724D785A0E/66AB66128A44574873E54E6584E450C4EB3B9A1E
+++ /dev/null
Binary files differ
diff --git a/id/server/data/deploy/conf/moa-id/certs/certstore/3A095C38EB5D5824FE61BE43F9CDF6515DC94805/65698A39E03FF00FD552D4AD99FB290C2B9D4BEA b/id/server/data/deploy/conf/moa-id/certs/certstore/3A095C38EB5D5824FE61BE43F9CDF6515DC94805/65698A39E03FF00FD552D4AD99FB290C2B9D4BEA
deleted file mode 100644
index 836ba3767..000000000
--- a/id/server/data/deploy/conf/moa-id/certs/certstore/3A095C38EB5D5824FE61BE43F9CDF6515DC94805/65698A39E03FF00FD552D4AD99FB290C2B9D4BEA
+++ /dev/null
Binary files differ
diff --git a/id/server/data/deploy/conf/moa-id/certs/certstore/3B2F8C424AA88CA305C519FDEFCF29DDB7E96AE2/04CF0318BA0B54DD76E1DE143445210BDD32E299 b/id/server/data/deploy/conf/moa-id/certs/certstore/3B2F8C424AA88CA305C519FDEFCF29DDB7E96AE2/04CF0318BA0B54DD76E1DE143445210BDD32E299
deleted file mode 100644
index 8d33015f9..000000000
--- a/id/server/data/deploy/conf/moa-id/certs/certstore/3B2F8C424AA88CA305C519FDEFCF29DDB7E96AE2/04CF0318BA0B54DD76E1DE143445210BDD32E299
+++ /dev/null
Binary files differ
diff --git a/id/server/data/deploy/conf/moa-id/certs/certstore/3B2F8C424AA88CA305C519FDEFCF29DDB7E96AE2/0F5A0342F5CD448799C3C6D178607E3F2B5BCB8F b/id/server/data/deploy/conf/moa-id/certs/certstore/3B2F8C424AA88CA305C519FDEFCF29DDB7E96AE2/0F5A0342F5CD448799C3C6D178607E3F2B5BCB8F
deleted file mode 100644
index 69de75609..000000000
--- a/id/server/data/deploy/conf/moa-id/certs/certstore/3B2F8C424AA88CA305C519FDEFCF29DDB7E96AE2/0F5A0342F5CD448799C3C6D178607E3F2B5BCB8F
+++ /dev/null
Binary files differ
diff --git a/id/server/data/deploy/conf/moa-id/certs/certstore/3B2F8C424AA88CA305C519FDEFCF29DDB7E96AE2/51A44C28F313E3F9CB5E7C0A1E0E0DD2843758AE b/id/server/data/deploy/conf/moa-id/certs/certstore/3B2F8C424AA88CA305C519FDEFCF29DDB7E96AE2/51A44C28F313E3F9CB5E7C0A1E0E0DD2843758AE
deleted file mode 100644
index efa28178e..000000000
--- a/id/server/data/deploy/conf/moa-id/certs/certstore/3B2F8C424AA88CA305C519FDEFCF29DDB7E96AE2/51A44C28F313E3F9CB5E7C0A1E0E0DD2843758AE
+++ /dev/null
Binary files differ
diff --git a/id/server/data/deploy/conf/moa-id/certs/certstore/3B2F8C424AA88CA305C519FDEFCF29DDB7E96AE2/9E0512DD61DA5949D1D8631C3F19D75F496C3733 b/id/server/data/deploy/conf/moa-id/certs/certstore/3B2F8C424AA88CA305C519FDEFCF29DDB7E96AE2/9E0512DD61DA5949D1D8631C3F19D75F496C3733
deleted file mode 100644
index 289fc2198..000000000
--- a/id/server/data/deploy/conf/moa-id/certs/certstore/3B2F8C424AA88CA305C519FDEFCF29DDB7E96AE2/9E0512DD61DA5949D1D8631C3F19D75F496C3733
+++ /dev/null
Binary files differ
diff --git a/id/server/data/deploy/conf/moa-id/certs/certstore/3B2F8C424AA88CA305C519FDEFCF29DDB7E96AE2/E6E6FC88719177C9B7421825757C5E47BCAC85F6 b/id/server/data/deploy/conf/moa-id/certs/certstore/3B2F8C424AA88CA305C519FDEFCF29DDB7E96AE2/E6E6FC88719177C9B7421825757C5E47BCAC85F6
deleted file mode 100644
index b7d4b08a6..000000000
--- a/id/server/data/deploy/conf/moa-id/certs/certstore/3B2F8C424AA88CA305C519FDEFCF29DDB7E96AE2/E6E6FC88719177C9B7421825757C5E47BCAC85F6
+++ /dev/null
Binary files differ
diff --git a/id/server/data/deploy/conf/moa-id/certs/certstore/3B76D7A5CE7EC6022D7990CFEA534C908717DF54/C0C699EFE6E837CB5E4CFC3A61077617A22C1A9E b/id/server/data/deploy/conf/moa-id/certs/certstore/3B76D7A5CE7EC6022D7990CFEA534C908717DF54/C0C699EFE6E837CB5E4CFC3A61077617A22C1A9E
deleted file mode 100644
index b2beddaa5..000000000
--- a/id/server/data/deploy/conf/moa-id/certs/certstore/3B76D7A5CE7EC6022D7990CFEA534C908717DF54/C0C699EFE6E837CB5E4CFC3A61077617A22C1A9E
+++ /dev/null
Binary files differ
diff --git a/id/server/data/deploy/conf/moa-id/certs/certstore/3C025917C3C938FEB856E5440D28E4A568C311DC/A2F138CD16AD04BC3F145E3780BFA169BFDA263B b/id/server/data/deploy/conf/moa-id/certs/certstore/3C025917C3C938FEB856E5440D28E4A568C311DC/A2F138CD16AD04BC3F145E3780BFA169BFDA263B
deleted file mode 100644
index 414123ece..000000000
--- a/id/server/data/deploy/conf/moa-id/certs/certstore/3C025917C3C938FEB856E5440D28E4A568C311DC/A2F138CD16AD04BC3F145E3780BFA169BFDA263B
+++ /dev/null
Binary files differ
diff --git a/id/server/data/deploy/conf/moa-id/certs/certstore/3C627C9D89A5BFB5E4E385982DF33B7E7F6E8D2D/C5AC86EC5B771BEBDF8B6E040F109A1186E229B9 b/id/server/data/deploy/conf/moa-id/certs/certstore/3C627C9D89A5BFB5E4E385982DF33B7E7F6E8D2D/C5AC86EC5B771BEBDF8B6E040F109A1186E229B9
deleted file mode 100644
index 54893c9d6..000000000
--- a/id/server/data/deploy/conf/moa-id/certs/certstore/3C627C9D89A5BFB5E4E385982DF33B7E7F6E8D2D/C5AC86EC5B771BEBDF8B6E040F109A1186E229B9
+++ /dev/null
Binary files differ
diff --git a/id/server/data/deploy/conf/moa-id/certs/certstore/3C7CE93947421CB66603DC7DBAB0F04C4788382F/23E594945195F2414803B4D564D2A3A3F5D88B8C b/id/server/data/deploy/conf/moa-id/certs/certstore/3C7CE93947421CB66603DC7DBAB0F04C4788382F/23E594945195F2414803B4D564D2A3A3F5D88B8C
deleted file mode 100644
index 8588ce58a..000000000
--- a/id/server/data/deploy/conf/moa-id/certs/certstore/3C7CE93947421CB66603DC7DBAB0F04C4788382F/23E594945195F2414803B4D564D2A3A3F5D88B8C
+++ /dev/null
Binary files differ
diff --git a/id/server/data/deploy/conf/moa-id/certs/certstore/405D86C9D39B1061885678ED90780A0F04A76327/6F61A0C50B4E6ED821F032A4DF3DA7DDDFD2FE6A b/id/server/data/deploy/conf/moa-id/certs/certstore/405D86C9D39B1061885678ED90780A0F04A76327/6F61A0C50B4E6ED821F032A4DF3DA7DDDFD2FE6A
deleted file mode 100644
index 141b05ef4..000000000
--- a/id/server/data/deploy/conf/moa-id/certs/certstore/405D86C9D39B1061885678ED90780A0F04A76327/6F61A0C50B4E6ED821F032A4DF3DA7DDDFD2FE6A
+++ /dev/null
Binary files differ
diff --git a/id/server/data/deploy/conf/moa-id/certs/certstore/4224231A54F64581FBA2AB6ED82ADE467F144BDC/65EF37033859C2F709A64086D3A5BD1B8F1A85A4 b/id/server/data/deploy/conf/moa-id/certs/certstore/4224231A54F64581FBA2AB6ED82ADE467F144BDC/65EF37033859C2F709A64086D3A5BD1B8F1A85A4
deleted file mode 100644
index 6e17b9db5..000000000
--- a/id/server/data/deploy/conf/moa-id/certs/certstore/4224231A54F64581FBA2AB6ED82ADE467F144BDC/65EF37033859C2F709A64086D3A5BD1B8F1A85A4
+++ /dev/null
Binary files differ
diff --git a/id/server/data/deploy/conf/moa-id/certs/certstore/427765A998398EE1B138ABDBA20313DC4A3738A0/07298E24461954E4696D2ED9FFB7D52B57F325B3 b/id/server/data/deploy/conf/moa-id/certs/certstore/427765A998398EE1B138ABDBA20313DC4A3738A0/07298E24461954E4696D2ED9FFB7D52B57F325B3
deleted file mode 100644
index 33e1ee94b..000000000
--- a/id/server/data/deploy/conf/moa-id/certs/certstore/427765A998398EE1B138ABDBA20313DC4A3738A0/07298E24461954E4696D2ED9FFB7D52B57F325B3
+++ /dev/null
Binary files differ
diff --git a/id/server/data/deploy/conf/moa-id/certs/certstore/427765A998398EE1B138ABDBA20313DC4A3738A0/B630DB0DB940BCE72B2E09868B4CA0A92BBC1D15 b/id/server/data/deploy/conf/moa-id/certs/certstore/427765A998398EE1B138ABDBA20313DC4A3738A0/B630DB0DB940BCE72B2E09868B4CA0A92BBC1D15
deleted file mode 100644
index 694e6828b..000000000
--- a/id/server/data/deploy/conf/moa-id/certs/certstore/427765A998398EE1B138ABDBA20313DC4A3738A0/B630DB0DB940BCE72B2E09868B4CA0A92BBC1D15
+++ /dev/null
Binary files differ
diff --git a/id/server/data/deploy/conf/moa-id/certs/certstore/45E2F3F807C6EAB9EDC1B3250F7558CA12A063DE/3A77E9B577661D99F9BBA5A352B29C7FF58A3D26 b/id/server/data/deploy/conf/moa-id/certs/certstore/45E2F3F807C6EAB9EDC1B3250F7558CA12A063DE/3A77E9B577661D99F9BBA5A352B29C7FF58A3D26
deleted file mode 100644
index 55707d69f..000000000
--- a/id/server/data/deploy/conf/moa-id/certs/certstore/45E2F3F807C6EAB9EDC1B3250F7558CA12A063DE/3A77E9B577661D99F9BBA5A352B29C7FF58A3D26
+++ /dev/null
Binary files differ
diff --git a/id/server/data/deploy/conf/moa-id/certs/certstore/47ED4C584F9DCD54A6C2925252C5603ADAC93F49/84E4E75DBB2FD6397E6ABBD27FBE16D5BA71923E b/id/server/data/deploy/conf/moa-id/certs/certstore/47ED4C584F9DCD54A6C2925252C5603ADAC93F49/84E4E75DBB2FD6397E6ABBD27FBE16D5BA71923E
deleted file mode 100644
index 3be7b6a06..000000000
--- a/id/server/data/deploy/conf/moa-id/certs/certstore/47ED4C584F9DCD54A6C2925252C5603ADAC93F49/84E4E75DBB2FD6397E6ABBD27FBE16D5BA71923E
+++ /dev/null
Binary files differ
diff --git a/id/server/data/deploy/conf/moa-id/certs/certstore/487F4DEE9E63DADEB4CAAB07E0E166ACC9F584B6/9891BBEA9FDA665EEEC31C403A00A5CA5628D0FA b/id/server/data/deploy/conf/moa-id/certs/certstore/487F4DEE9E63DADEB4CAAB07E0E166ACC9F584B6/9891BBEA9FDA665EEEC31C403A00A5CA5628D0FA
deleted file mode 100644
index 4e18de8d7..000000000
--- a/id/server/data/deploy/conf/moa-id/certs/certstore/487F4DEE9E63DADEB4CAAB07E0E166ACC9F584B6/9891BBEA9FDA665EEEC31C403A00A5CA5628D0FA
+++ /dev/null
Binary files differ
diff --git a/id/server/data/deploy/conf/moa-id/certs/certstore/4C7CAA9FE9C08078541DA31B76FF0951E73480FF/C23FC1895966021249B35412C0C8C56D107732DE b/id/server/data/deploy/conf/moa-id/certs/certstore/4C7CAA9FE9C08078541DA31B76FF0951E73480FF/C23FC1895966021249B35412C0C8C56D107732DE
deleted file mode 100644
index c4d97cda3..000000000
--- a/id/server/data/deploy/conf/moa-id/certs/certstore/4C7CAA9FE9C08078541DA31B76FF0951E73480FF/C23FC1895966021249B35412C0C8C56D107732DE
+++ /dev/null
Binary files differ
diff --git a/id/server/data/deploy/conf/moa-id/certs/certstore/52B42552A440A54C21A39D46D7F176AF28BEB5AA/51AC8CFF36818AA25498A293DF48EBCFFFF6D0B4 b/id/server/data/deploy/conf/moa-id/certs/certstore/52B42552A440A54C21A39D46D7F176AF28BEB5AA/51AC8CFF36818AA25498A293DF48EBCFFFF6D0B4
deleted file mode 100644
index 9b2ee0fc6..000000000
--- a/id/server/data/deploy/conf/moa-id/certs/certstore/52B42552A440A54C21A39D46D7F176AF28BEB5AA/51AC8CFF36818AA25498A293DF48EBCFFFF6D0B4
+++ /dev/null
Binary files differ
diff --git a/id/server/data/deploy/conf/moa-id/certs/certstore/53CF955B19387A437659158BC050B7BC4B238132/F5F2456D79490C268569970E900C68FD1C7DC8E5 b/id/server/data/deploy/conf/moa-id/certs/certstore/53CF955B19387A437659158BC050B7BC4B238132/F5F2456D79490C268569970E900C68FD1C7DC8E5
deleted file mode 100644
index b2a1e145f..000000000
--- a/id/server/data/deploy/conf/moa-id/certs/certstore/53CF955B19387A437659158BC050B7BC4B238132/F5F2456D79490C268569970E900C68FD1C7DC8E5
+++ /dev/null
Binary files differ
diff --git a/id/server/data/deploy/conf/moa-id/certs/certstore/550E9627E9094A2D1BB6385821334D02122BCF26/B7BCA7BC3C41FD0DC835175486FAB3FB4626EC0F b/id/server/data/deploy/conf/moa-id/certs/certstore/550E9627E9094A2D1BB6385821334D02122BCF26/B7BCA7BC3C41FD0DC835175486FAB3FB4626EC0F
deleted file mode 100644
index 5dd9558d0..000000000
--- a/id/server/data/deploy/conf/moa-id/certs/certstore/550E9627E9094A2D1BB6385821334D02122BCF26/B7BCA7BC3C41FD0DC835175486FAB3FB4626EC0F
+++ /dev/null
Binary files differ
diff --git a/id/server/data/deploy/conf/moa-id/certs/certstore/562428A359B1CC3A820ABCC9C8F625CBB6A6A510/620127A8E5886A4805403977C3EF7D5EAF881526 b/id/server/data/deploy/conf/moa-id/certs/certstore/562428A359B1CC3A820ABCC9C8F625CBB6A6A510/620127A8E5886A4805403977C3EF7D5EAF881526
deleted file mode 100644
index da38ce028..000000000
--- a/id/server/data/deploy/conf/moa-id/certs/certstore/562428A359B1CC3A820ABCC9C8F625CBB6A6A510/620127A8E5886A4805403977C3EF7D5EAF881526
+++ /dev/null
Binary files differ
diff --git a/id/server/data/deploy/conf/moa-id/certs/certstore/562428A359B1CC3A820ABCC9C8F625CBB6A6A510/FCD9E881BCCCB9352EEF337C8D4EAAD65C4EC830 b/id/server/data/deploy/conf/moa-id/certs/certstore/562428A359B1CC3A820ABCC9C8F625CBB6A6A510/FCD9E881BCCCB9352EEF337C8D4EAAD65C4EC830
deleted file mode 100644
index 7e9fd5b0b..000000000
--- a/id/server/data/deploy/conf/moa-id/certs/certstore/562428A359B1CC3A820ABCC9C8F625CBB6A6A510/FCD9E881BCCCB9352EEF337C8D4EAAD65C4EC830
+++ /dev/null
Binary files differ
diff --git a/id/server/data/deploy/conf/moa-id/certs/certstore/5650A465FD3B5EF83639E11F324A2A0EA98AF935/4B5B0C2A0BF944CD467A6140F8C782E2BE9D15F9 b/id/server/data/deploy/conf/moa-id/certs/certstore/5650A465FD3B5EF83639E11F324A2A0EA98AF935/4B5B0C2A0BF944CD467A6140F8C782E2BE9D15F9
deleted file mode 100644
index 640918641..000000000
--- a/id/server/data/deploy/conf/moa-id/certs/certstore/5650A465FD3B5EF83639E11F324A2A0EA98AF935/4B5B0C2A0BF944CD467A6140F8C782E2BE9D15F9
+++ /dev/null
Binary files differ
diff --git a/id/server/data/deploy/conf/moa-id/certs/certstore/58090A698038FEDAD56B4B976F23C29950D1D5A5/6BDA1FF41EEBC5DA66912F3C69B60C2A41C6E25B b/id/server/data/deploy/conf/moa-id/certs/certstore/58090A698038FEDAD56B4B976F23C29950D1D5A5/6BDA1FF41EEBC5DA66912F3C69B60C2A41C6E25B
deleted file mode 100644
index b15880c29..000000000
--- a/id/server/data/deploy/conf/moa-id/certs/certstore/58090A698038FEDAD56B4B976F23C29950D1D5A5/6BDA1FF41EEBC5DA66912F3C69B60C2A41C6E25B
+++ /dev/null
Binary files differ
diff --git a/id/server/data/deploy/conf/moa-id/certs/certstore/59484253C7D4C5BEAB7D2BABFAC13DDD1CA53FCC/341EA32E448659125A67DD04177FD17468FCFCB1 b/id/server/data/deploy/conf/moa-id/certs/certstore/59484253C7D4C5BEAB7D2BABFAC13DDD1CA53FCC/341EA32E448659125A67DD04177FD17468FCFCB1
deleted file mode 100644
index 6da18c620..000000000
--- a/id/server/data/deploy/conf/moa-id/certs/certstore/59484253C7D4C5BEAB7D2BABFAC13DDD1CA53FCC/341EA32E448659125A67DD04177FD17468FCFCB1
+++ /dev/null
Binary files differ
diff --git a/id/server/data/deploy/conf/moa-id/certs/certstore/5E043AA9A832C33C7065B7633F4C007E0394BA19/069519EC949AC6B91D4C33A3F3665441F0220D20 b/id/server/data/deploy/conf/moa-id/certs/certstore/5E043AA9A832C33C7065B7633F4C007E0394BA19/069519EC949AC6B91D4C33A3F3665441F0220D20
deleted file mode 100644
index 8b501d747..000000000
--- a/id/server/data/deploy/conf/moa-id/certs/certstore/5E043AA9A832C33C7065B7633F4C007E0394BA19/069519EC949AC6B91D4C33A3F3665441F0220D20
+++ /dev/null
Binary files differ
diff --git a/id/server/data/deploy/conf/moa-id/certs/certstore/5E043AA9A832C33C7065B7633F4C007E0394BA19/2F5EBA5055E9F7444852ADCEEB769E5DE157A03D b/id/server/data/deploy/conf/moa-id/certs/certstore/5E043AA9A832C33C7065B7633F4C007E0394BA19/2F5EBA5055E9F7444852ADCEEB769E5DE157A03D
deleted file mode 100644
index b4b128903..000000000
--- a/id/server/data/deploy/conf/moa-id/certs/certstore/5E043AA9A832C33C7065B7633F4C007E0394BA19/2F5EBA5055E9F7444852ADCEEB769E5DE157A03D
+++ /dev/null
Binary files differ
diff --git a/id/server/data/deploy/conf/moa-id/certs/certstore/60EF765436B4F314F2285BE2D89A511073AC0D58/334710B9169BCD20687A6302EEB16AEB97F288CD b/id/server/data/deploy/conf/moa-id/certs/certstore/60EF765436B4F314F2285BE2D89A511073AC0D58/334710B9169BCD20687A6302EEB16AEB97F288CD
deleted file mode 100644
index c19647ad8..000000000
--- a/id/server/data/deploy/conf/moa-id/certs/certstore/60EF765436B4F314F2285BE2D89A511073AC0D58/334710B9169BCD20687A6302EEB16AEB97F288CD
+++ /dev/null
Binary files differ
diff --git a/id/server/data/deploy/conf/moa-id/certs/certstore/6144BFC0CBE85C63DEFB6F208D80385B89F68046/D031945D982820B92FADBC7F71F6D1D9DFFDA2C9 b/id/server/data/deploy/conf/moa-id/certs/certstore/6144BFC0CBE85C63DEFB6F208D80385B89F68046/D031945D982820B92FADBC7F71F6D1D9DFFDA2C9
deleted file mode 100644
index 39f88d881..000000000
--- a/id/server/data/deploy/conf/moa-id/certs/certstore/6144BFC0CBE85C63DEFB6F208D80385B89F68046/D031945D982820B92FADBC7F71F6D1D9DFFDA2C9
+++ /dev/null
Binary files differ
diff --git a/id/server/data/deploy/conf/moa-id/certs/certstore/68AF646E90A6FF370230F64ACD4E8A4F12C03916/CA80A13D41116E24CB1479E970CDC1C030C5907C b/id/server/data/deploy/conf/moa-id/certs/certstore/68AF646E90A6FF370230F64ACD4E8A4F12C03916/CA80A13D41116E24CB1479E970CDC1C030C5907C
deleted file mode 100644
index 277b6083a..000000000
--- a/id/server/data/deploy/conf/moa-id/certs/certstore/68AF646E90A6FF370230F64ACD4E8A4F12C03916/CA80A13D41116E24CB1479E970CDC1C030C5907C
+++ /dev/null
Binary files differ
diff --git a/id/server/data/deploy/conf/moa-id/certs/certstore/6F5F08A3A5D59CA877CB146F00BB0264369B2304/7A2CFA69FCA284D4627012A7A55662594C803B2A b/id/server/data/deploy/conf/moa-id/certs/certstore/6F5F08A3A5D59CA877CB146F00BB0264369B2304/7A2CFA69FCA284D4627012A7A55662594C803B2A
deleted file mode 100644
index ad13d7b28..000000000
--- a/id/server/data/deploy/conf/moa-id/certs/certstore/6F5F08A3A5D59CA877CB146F00BB0264369B2304/7A2CFA69FCA284D4627012A7A55662594C803B2A
+++ /dev/null
Binary files differ
diff --git a/id/server/data/deploy/conf/moa-id/certs/certstore/6F5F08A3A5D59CA877CB146F00BB0264369B2304/ADEC5673B57A18F16EFAF75EEFBFAD4841E2CD2B b/id/server/data/deploy/conf/moa-id/certs/certstore/6F5F08A3A5D59CA877CB146F00BB0264369B2304/ADEC5673B57A18F16EFAF75EEFBFAD4841E2CD2B
deleted file mode 100644
index d361d919f..000000000
--- a/id/server/data/deploy/conf/moa-id/certs/certstore/6F5F08A3A5D59CA877CB146F00BB0264369B2304/ADEC5673B57A18F16EFAF75EEFBFAD4841E2CD2B
+++ /dev/null
Binary files differ
diff --git a/id/server/data/deploy/conf/moa-id/certs/certstore/6F86F897C45679B45F03C67D44B6447EFF43B758/53CB69CF933C2D28FB9DF91F2852A99EC3352EA0 b/id/server/data/deploy/conf/moa-id/certs/certstore/6F86F897C45679B45F03C67D44B6447EFF43B758/53CB69CF933C2D28FB9DF91F2852A99EC3352EA0
deleted file mode 100644
index 89cfe44fd..000000000
--- a/id/server/data/deploy/conf/moa-id/certs/certstore/6F86F897C45679B45F03C67D44B6447EFF43B758/53CB69CF933C2D28FB9DF91F2852A99EC3352EA0
+++ /dev/null
Binary files differ
diff --git a/id/server/data/deploy/conf/moa-id/certs/certstore/728C819D737EE42627F96F839C33BB6E68E85F68/00845B74CA13FE0A9056E6C0B5126FECF73B0D8C b/id/server/data/deploy/conf/moa-id/certs/certstore/728C819D737EE42627F96F839C33BB6E68E85F68/00845B74CA13FE0A9056E6C0B5126FECF73B0D8C
deleted file mode 100644
index cc8b505ec..000000000
--- a/id/server/data/deploy/conf/moa-id/certs/certstore/728C819D737EE42627F96F839C33BB6E68E85F68/00845B74CA13FE0A9056E6C0B5126FECF73B0D8C
+++ /dev/null
Binary files differ
diff --git a/id/server/data/deploy/conf/moa-id/certs/certstore/738B34854780955AE8FAF12349F2C9C52105A52C/474BC41135FB88BF58B5A8D976A1D5583378D85E b/id/server/data/deploy/conf/moa-id/certs/certstore/738B34854780955AE8FAF12349F2C9C52105A52C/474BC41135FB88BF58B5A8D976A1D5583378D85E
deleted file mode 100644
index c9da41583..000000000
--- a/id/server/data/deploy/conf/moa-id/certs/certstore/738B34854780955AE8FAF12349F2C9C52105A52C/474BC41135FB88BF58B5A8D976A1D5583378D85E
+++ /dev/null
Binary files differ
diff --git a/id/server/data/deploy/conf/moa-id/certs/certstore/738B34854780955AE8FAF12349F2C9C52105A52C/6B618820CE6A5EC0B5E63A9170335E5EA9F3BA01 b/id/server/data/deploy/conf/moa-id/certs/certstore/738B34854780955AE8FAF12349F2C9C52105A52C/6B618820CE6A5EC0B5E63A9170335E5EA9F3BA01
deleted file mode 100644
index 28fbdf42f..000000000
--- a/id/server/data/deploy/conf/moa-id/certs/certstore/738B34854780955AE8FAF12349F2C9C52105A52C/6B618820CE6A5EC0B5E63A9170335E5EA9F3BA01
+++ /dev/null
Binary files differ
diff --git a/id/server/data/deploy/conf/moa-id/certs/certstore/76011AE57123CC4E476C094C48C461DC37A0DEDD/FDC348410699803DE7D8276813BC2232EA99A878 b/id/server/data/deploy/conf/moa-id/certs/certstore/76011AE57123CC4E476C094C48C461DC37A0DEDD/FDC348410699803DE7D8276813BC2232EA99A878
deleted file mode 100644
index 424f849a1..000000000
--- a/id/server/data/deploy/conf/moa-id/certs/certstore/76011AE57123CC4E476C094C48C461DC37A0DEDD/FDC348410699803DE7D8276813BC2232EA99A878
+++ /dev/null
Binary files differ
diff --git a/id/server/data/deploy/conf/moa-id/certs/certstore/7A9DC855647136050A8D75D6571AC64739F36C6C/BF648929E7DAABD8D97B3202F48D6C4A19C78F6C b/id/server/data/deploy/conf/moa-id/certs/certstore/7A9DC855647136050A8D75D6571AC64739F36C6C/BF648929E7DAABD8D97B3202F48D6C4A19C78F6C
deleted file mode 100644
index 4989f3e73..000000000
--- a/id/server/data/deploy/conf/moa-id/certs/certstore/7A9DC855647136050A8D75D6571AC64739F36C6C/BF648929E7DAABD8D97B3202F48D6C4A19C78F6C
+++ /dev/null
Binary files differ
diff --git a/id/server/data/deploy/conf/moa-id/certs/certstore/88BBA52A5AF119284F03A7D0D1DA61934EE57A79/FE4F09F5D1A4AADE9232D9E2D6B9A2552BC48A22 b/id/server/data/deploy/conf/moa-id/certs/certstore/88BBA52A5AF119284F03A7D0D1DA61934EE57A79/FE4F09F5D1A4AADE9232D9E2D6B9A2552BC48A22
deleted file mode 100644
index a699436ca..000000000
--- a/id/server/data/deploy/conf/moa-id/certs/certstore/88BBA52A5AF119284F03A7D0D1DA61934EE57A79/FE4F09F5D1A4AADE9232D9E2D6B9A2552BC48A22
+++ /dev/null
Binary files differ
diff --git a/id/server/data/deploy/conf/moa-id/certs/certstore/88D9F0C0EBB72C58516EC96AEED397FA86B40E39/6DCD5118D1542E6C205C580775C5420B7509506B b/id/server/data/deploy/conf/moa-id/certs/certstore/88D9F0C0EBB72C58516EC96AEED397FA86B40E39/6DCD5118D1542E6C205C580775C5420B7509506B
deleted file mode 100644
index 06b40aa67..000000000
--- a/id/server/data/deploy/conf/moa-id/certs/certstore/88D9F0C0EBB72C58516EC96AEED397FA86B40E39/6DCD5118D1542E6C205C580775C5420B7509506B
+++ /dev/null
Binary files differ
diff --git a/id/server/data/deploy/conf/moa-id/certs/certstore/8B23D64DBA1572885563DF070BE9C22A39A3BD26/3B8484BF1370941BF03F206B5C4958DA4E1559BB b/id/server/data/deploy/conf/moa-id/certs/certstore/8B23D64DBA1572885563DF070BE9C22A39A3BD26/3B8484BF1370941BF03F206B5C4958DA4E1559BB
deleted file mode 100644
index 6f97837a2..000000000
--- a/id/server/data/deploy/conf/moa-id/certs/certstore/8B23D64DBA1572885563DF070BE9C22A39A3BD26/3B8484BF1370941BF03F206B5C4958DA4E1559BB
+++ /dev/null
Binary files differ
diff --git a/id/server/data/deploy/conf/moa-id/certs/certstore/8B23D64DBA1572885563DF070BE9C22A39A3BD26/6DD653FB8FE2614249924274043E834664EBE980 b/id/server/data/deploy/conf/moa-id/certs/certstore/8B23D64DBA1572885563DF070BE9C22A39A3BD26/6DD653FB8FE2614249924274043E834664EBE980
deleted file mode 100644
index d7799119f..000000000
--- a/id/server/data/deploy/conf/moa-id/certs/certstore/8B23D64DBA1572885563DF070BE9C22A39A3BD26/6DD653FB8FE2614249924274043E834664EBE980
+++ /dev/null
Binary files differ
diff --git a/id/server/data/deploy/conf/moa-id/certs/certstore/8B23D64DBA1572885563DF070BE9C22A39A3BD26/C0EF3E7A54B4C501295F77974B1995E36B25C92B b/id/server/data/deploy/conf/moa-id/certs/certstore/8B23D64DBA1572885563DF070BE9C22A39A3BD26/C0EF3E7A54B4C501295F77974B1995E36B25C92B
deleted file mode 100644
index 508f7f076..000000000
--- a/id/server/data/deploy/conf/moa-id/certs/certstore/8B23D64DBA1572885563DF070BE9C22A39A3BD26/C0EF3E7A54B4C501295F77974B1995E36B25C92B
+++ /dev/null
Binary files differ
diff --git a/id/server/data/deploy/conf/moa-id/certs/certstore/8B23D64DBA1572885563DF070BE9C22A39A3BD26/D29172D3F501A2D7A47F702633044F519A3A5F0B b/id/server/data/deploy/conf/moa-id/certs/certstore/8B23D64DBA1572885563DF070BE9C22A39A3BD26/D29172D3F501A2D7A47F702633044F519A3A5F0B
deleted file mode 100644
index c0feb0d0e..000000000
--- a/id/server/data/deploy/conf/moa-id/certs/certstore/8B23D64DBA1572885563DF070BE9C22A39A3BD26/D29172D3F501A2D7A47F702633044F519A3A5F0B
+++ /dev/null
Binary files differ
diff --git a/id/server/data/deploy/conf/moa-id/certs/certstore/8FDB1CB752D82C88C89F9E9DA7AD2F54C6FA6F3B/842B3870A64001CDD90978D0E554DAF94D9ABDFE b/id/server/data/deploy/conf/moa-id/certs/certstore/8FDB1CB752D82C88C89F9E9DA7AD2F54C6FA6F3B/842B3870A64001CDD90978D0E554DAF94D9ABDFE
deleted file mode 100644
index a0e3fdda1..000000000
--- a/id/server/data/deploy/conf/moa-id/certs/certstore/8FDB1CB752D82C88C89F9E9DA7AD2F54C6FA6F3B/842B3870A64001CDD90978D0E554DAF94D9ABDFE
+++ /dev/null
Binary files differ
diff --git a/id/server/data/deploy/conf/moa-id/certs/certstore/9014D44A2072A5D74E12C7FE47F37D68371E1C42/679A4F81FC705DDEC419778DD2EBD875F4C242C6 b/id/server/data/deploy/conf/moa-id/certs/certstore/9014D44A2072A5D74E12C7FE47F37D68371E1C42/679A4F81FC705DDEC419778DD2EBD875F4C242C6
deleted file mode 100644
index 36a442b89..000000000
--- a/id/server/data/deploy/conf/moa-id/certs/certstore/9014D44A2072A5D74E12C7FE47F37D68371E1C42/679A4F81FC705DDEC419778DD2EBD875F4C242C6
+++ /dev/null
Binary files differ
diff --git a/id/server/data/deploy/conf/moa-id/certs/certstore/9014D44A2072A5D74E12C7FE47F37D68371E1C42/82096E6D9B1248321625323D52858642CB0B748E b/id/server/data/deploy/conf/moa-id/certs/certstore/9014D44A2072A5D74E12C7FE47F37D68371E1C42/82096E6D9B1248321625323D52858642CB0B748E
deleted file mode 100644
index 54f809962..000000000
--- a/id/server/data/deploy/conf/moa-id/certs/certstore/9014D44A2072A5D74E12C7FE47F37D68371E1C42/82096E6D9B1248321625323D52858642CB0B748E
+++ /dev/null
Binary files differ
diff --git a/id/server/data/deploy/conf/moa-id/certs/certstore/91C4DD783D6D38F0325FE74930BF61F656364EA9/53A6B611F8CEE0315BCCE5D59898931ED390E400 b/id/server/data/deploy/conf/moa-id/certs/certstore/91C4DD783D6D38F0325FE74930BF61F656364EA9/53A6B611F8CEE0315BCCE5D59898931ED390E400
deleted file mode 100644
index 6c0216239..000000000
--- a/id/server/data/deploy/conf/moa-id/certs/certstore/91C4DD783D6D38F0325FE74930BF61F656364EA9/53A6B611F8CEE0315BCCE5D59898931ED390E400
+++ /dev/null
Binary files differ
diff --git a/id/server/data/deploy/conf/moa-id/certs/certstore/92E5C38466AECA677325C25C3C3011C97D24CCF6/A149EE01A250491C07D5A279D3B58A646288DA22 b/id/server/data/deploy/conf/moa-id/certs/certstore/92E5C38466AECA677325C25C3C3011C97D24CCF6/A149EE01A250491C07D5A279D3B58A646288DA22
deleted file mode 100644
index 7c6adedf5..000000000
--- a/id/server/data/deploy/conf/moa-id/certs/certstore/92E5C38466AECA677325C25C3C3011C97D24CCF6/A149EE01A250491C07D5A279D3B58A646288DA22
+++ /dev/null
Binary files differ
diff --git a/id/server/data/deploy/conf/moa-id/certs/certstore/92E5C38466AECA677325C25C3C3011C97D24CCF6/AD8ECBB67B9DC59406F92A296A38192297A4F169 b/id/server/data/deploy/conf/moa-id/certs/certstore/92E5C38466AECA677325C25C3C3011C97D24CCF6/AD8ECBB67B9DC59406F92A296A38192297A4F169
deleted file mode 100644
index 70f5b7c91..000000000
--- a/id/server/data/deploy/conf/moa-id/certs/certstore/92E5C38466AECA677325C25C3C3011C97D24CCF6/AD8ECBB67B9DC59406F92A296A38192297A4F169
+++ /dev/null
Binary files differ
diff --git a/id/server/data/deploy/conf/moa-id/certs/certstore/96107213A757FFB88DECEE469373162636D7146C/45B43346251FDF9E95DCB7F36928785D46D63913 b/id/server/data/deploy/conf/moa-id/certs/certstore/96107213A757FFB88DECEE469373162636D7146C/45B43346251FDF9E95DCB7F36928785D46D63913
deleted file mode 100644
index f3cf5e676..000000000
--- a/id/server/data/deploy/conf/moa-id/certs/certstore/96107213A757FFB88DECEE469373162636D7146C/45B43346251FDF9E95DCB7F36928785D46D63913
+++ /dev/null
Binary files differ
diff --git a/id/server/data/deploy/conf/moa-id/certs/certstore/96107213A757FFB88DECEE469373162636D7146C/E33619C88426E4FE956041E6751ADDEC9C10F0BC b/id/server/data/deploy/conf/moa-id/certs/certstore/96107213A757FFB88DECEE469373162636D7146C/E33619C88426E4FE956041E6751ADDEC9C10F0BC
deleted file mode 100644
index fc5bd433b..000000000
--- a/id/server/data/deploy/conf/moa-id/certs/certstore/96107213A757FFB88DECEE469373162636D7146C/E33619C88426E4FE956041E6751ADDEC9C10F0BC
+++ /dev/null
Binary files differ
diff --git a/id/server/data/deploy/conf/moa-id/certs/certstore/975729FFAF7EB667BCF68E9B886EA876E44F46D0/35202B14F69409EAA51CD8AB547AC0CD5E993F3F b/id/server/data/deploy/conf/moa-id/certs/certstore/975729FFAF7EB667BCF68E9B886EA876E44F46D0/35202B14F69409EAA51CD8AB547AC0CD5E993F3F
deleted file mode 100644
index 3beb4529a..000000000
--- a/id/server/data/deploy/conf/moa-id/certs/certstore/975729FFAF7EB667BCF68E9B886EA876E44F46D0/35202B14F69409EAA51CD8AB547AC0CD5E993F3F
+++ /dev/null
Binary files differ
diff --git a/id/server/data/deploy/conf/moa-id/certs/certstore/9C5C7CD895AABBFF23E79907A97FB2D68423CA8E/41E3FCC9470F8634DBCB5CEA7FB688E04E7575BA b/id/server/data/deploy/conf/moa-id/certs/certstore/9C5C7CD895AABBFF23E79907A97FB2D68423CA8E/41E3FCC9470F8634DBCB5CEA7FB688E04E7575BA
deleted file mode 100644
index 8ddc7d79b..000000000
--- a/id/server/data/deploy/conf/moa-id/certs/certstore/9C5C7CD895AABBFF23E79907A97FB2D68423CA8E/41E3FCC9470F8634DBCB5CEA7FB688E04E7575BA
+++ /dev/null
Binary files differ
diff --git a/id/server/data/deploy/conf/moa-id/certs/certstore/9C5C7CD895AABBFF23E79907A97FB2D68423CA8E/79B21E2743A879AFF5403ECEA09EAC2084EF4799 b/id/server/data/deploy/conf/moa-id/certs/certstore/9C5C7CD895AABBFF23E79907A97FB2D68423CA8E/79B21E2743A879AFF5403ECEA09EAC2084EF4799
deleted file mode 100644
index c9fd41f7f..000000000
--- a/id/server/data/deploy/conf/moa-id/certs/certstore/9C5C7CD895AABBFF23E79907A97FB2D68423CA8E/79B21E2743A879AFF5403ECEA09EAC2084EF4799
+++ /dev/null
Binary files differ
diff --git a/id/server/data/deploy/conf/moa-id/certs/certstore/9D3E6FACCD6AF894CDD2B91D1B9E3C2E310EAB93/3F4E01DF7547CDD38DCCFCCD76170C299ECEB9F6 b/id/server/data/deploy/conf/moa-id/certs/certstore/9D3E6FACCD6AF894CDD2B91D1B9E3C2E310EAB93/3F4E01DF7547CDD38DCCFCCD76170C299ECEB9F6
deleted file mode 100644
index 781d1e4f2..000000000
--- a/id/server/data/deploy/conf/moa-id/certs/certstore/9D3E6FACCD6AF894CDD2B91D1B9E3C2E310EAB93/3F4E01DF7547CDD38DCCFCCD76170C299ECEB9F6
+++ /dev/null
Binary files differ
diff --git a/id/server/data/deploy/conf/moa-id/certs/certstore/9D3E6FACCD6AF894CDD2B91D1B9E3C2E310EAB93/9D4CB7E3DBF24AE596972D59C375DD6384BB5E8B b/id/server/data/deploy/conf/moa-id/certs/certstore/9D3E6FACCD6AF894CDD2B91D1B9E3C2E310EAB93/9D4CB7E3DBF24AE596972D59C375DD6384BB5E8B
deleted file mode 100644
index 8286cabbc..000000000
--- a/id/server/data/deploy/conf/moa-id/certs/certstore/9D3E6FACCD6AF894CDD2B91D1B9E3C2E310EAB93/9D4CB7E3DBF24AE596972D59C375DD6384BB5E8B
+++ /dev/null
Binary files differ
diff --git a/id/server/data/deploy/conf/moa-id/certs/certstore/9D3E6FACCD6AF894CDD2B91D1B9E3C2E310EAB93/A562C4B99E2847251CB4A1F05DA1FF43E7296F0B b/id/server/data/deploy/conf/moa-id/certs/certstore/9D3E6FACCD6AF894CDD2B91D1B9E3C2E310EAB93/A562C4B99E2847251CB4A1F05DA1FF43E7296F0B
deleted file mode 100644
index a0148f63b..000000000
--- a/id/server/data/deploy/conf/moa-id/certs/certstore/9D3E6FACCD6AF894CDD2B91D1B9E3C2E310EAB93/A562C4B99E2847251CB4A1F05DA1FF43E7296F0B
+++ /dev/null
Binary files differ
diff --git a/id/server/data/deploy/conf/moa-id/certs/certstore/9F5A9B8D0F919C96B9472442BFBBDD34232A627D/9039DBD29DB8AD0F8E2015F05FCD40582CCCBE8C b/id/server/data/deploy/conf/moa-id/certs/certstore/9F5A9B8D0F919C96B9472442BFBBDD34232A627D/9039DBD29DB8AD0F8E2015F05FCD40582CCCBE8C
deleted file mode 100644
index 61d346a8f..000000000
--- a/id/server/data/deploy/conf/moa-id/certs/certstore/9F5A9B8D0F919C96B9472442BFBBDD34232A627D/9039DBD29DB8AD0F8E2015F05FCD40582CCCBE8C
+++ /dev/null
Binary files differ
diff --git a/id/server/data/deploy/conf/moa-id/certs/certstore/9F5A9B8D0F919C96B9472442BFBBDD34232A627D/9F0E0FBB25F66FF88C8E033EFF358923C84A2926 b/id/server/data/deploy/conf/moa-id/certs/certstore/9F5A9B8D0F919C96B9472442BFBBDD34232A627D/9F0E0FBB25F66FF88C8E033EFF358923C84A2926
deleted file mode 100644
index 9ae7ffa0c..000000000
--- a/id/server/data/deploy/conf/moa-id/certs/certstore/9F5A9B8D0F919C96B9472442BFBBDD34232A627D/9F0E0FBB25F66FF88C8E033EFF358923C84A2926
+++ /dev/null
Binary files differ
diff --git a/id/server/data/deploy/conf/moa-id/certs/certstore/9F5A9B8D0F919C96B9472442BFBBDD34232A627D/C87D1855227D995C332C4C9072A2E2053F2CC623 b/id/server/data/deploy/conf/moa-id/certs/certstore/9F5A9B8D0F919C96B9472442BFBBDD34232A627D/C87D1855227D995C332C4C9072A2E2053F2CC623
deleted file mode 100644
index a68ae2db7..000000000
--- a/id/server/data/deploy/conf/moa-id/certs/certstore/9F5A9B8D0F919C96B9472442BFBBDD34232A627D/C87D1855227D995C332C4C9072A2E2053F2CC623
+++ /dev/null
Binary files differ
diff --git a/id/server/data/deploy/conf/moa-id/certs/certstore/A07E912CAA2AB620034B05353E7D4B91807880ED/42AD1897A4643D2AA634D980F16349E6694F3B1B b/id/server/data/deploy/conf/moa-id/certs/certstore/A07E912CAA2AB620034B05353E7D4B91807880ED/42AD1897A4643D2AA634D980F16349E6694F3B1B
deleted file mode 100644
index f1d7b6a28..000000000
--- a/id/server/data/deploy/conf/moa-id/certs/certstore/A07E912CAA2AB620034B05353E7D4B91807880ED/42AD1897A4643D2AA634D980F16349E6694F3B1B
+++ /dev/null
Binary files differ
diff --git a/id/server/data/deploy/conf/moa-id/certs/certstore/A07E912CAA2AB620034B05353E7D4B91807880ED/FE7891B6ED7B178F528A28B21478299F865889BD b/id/server/data/deploy/conf/moa-id/certs/certstore/A07E912CAA2AB620034B05353E7D4B91807880ED/FE7891B6ED7B178F528A28B21478299F865889BD
deleted file mode 100644
index c1b90c0f4..000000000
--- a/id/server/data/deploy/conf/moa-id/certs/certstore/A07E912CAA2AB620034B05353E7D4B91807880ED/FE7891B6ED7B178F528A28B21478299F865889BD
+++ /dev/null
Binary files differ
diff --git a/id/server/data/deploy/conf/moa-id/certs/certstore/A15B5DBE14A19CF859F48E2DA2A29A4C3DB4D680/3AC12E21FFF9ACAB2BCFF52BBD885FB7AAC9A02B b/id/server/data/deploy/conf/moa-id/certs/certstore/A15B5DBE14A19CF859F48E2DA2A29A4C3DB4D680/3AC12E21FFF9ACAB2BCFF52BBD885FB7AAC9A02B
deleted file mode 100644
index e27a87038..000000000
--- a/id/server/data/deploy/conf/moa-id/certs/certstore/A15B5DBE14A19CF859F48E2DA2A29A4C3DB4D680/3AC12E21FFF9ACAB2BCFF52BBD885FB7AAC9A02B
+++ /dev/null
Binary files differ
diff --git a/id/server/data/deploy/conf/moa-id/certs/certstore/A24C49B7F1B637E7F72C12CAB35910EC8EF1C6CF/8784ED81F5A22779EB0B081945FD151992557FBE b/id/server/data/deploy/conf/moa-id/certs/certstore/A24C49B7F1B637E7F72C12CAB35910EC8EF1C6CF/8784ED81F5A22779EB0B081945FD151992557FBE
deleted file mode 100644
index cc35ba691..000000000
--- a/id/server/data/deploy/conf/moa-id/certs/certstore/A24C49B7F1B637E7F72C12CAB35910EC8EF1C6CF/8784ED81F5A22779EB0B081945FD151992557FBE
+++ /dev/null
Binary files differ
diff --git a/id/server/data/deploy/conf/moa-id/certs/certstore/A24C49B7F1B637E7F72C12CAB35910EC8EF1C6CF/88583DB03975127CB488CA7DDE303A1646CEA97B b/id/server/data/deploy/conf/moa-id/certs/certstore/A24C49B7F1B637E7F72C12CAB35910EC8EF1C6CF/88583DB03975127CB488CA7DDE303A1646CEA97B
deleted file mode 100644
index 783dd271a..000000000
--- a/id/server/data/deploy/conf/moa-id/certs/certstore/A24C49B7F1B637E7F72C12CAB35910EC8EF1C6CF/88583DB03975127CB488CA7DDE303A1646CEA97B
+++ /dev/null
Binary files differ
diff --git a/id/server/data/deploy/conf/moa-id/certs/certstore/A4B140FBD4D5EA2AC3A570299945D8FCBBAD2231/0C30A6F2950EFEFBAB5964DA9E0EED7C9DB115D8 b/id/server/data/deploy/conf/moa-id/certs/certstore/A4B140FBD4D5EA2AC3A570299945D8FCBBAD2231/0C30A6F2950EFEFBAB5964DA9E0EED7C9DB115D8
deleted file mode 100644
index 41dc7c553..000000000
--- a/id/server/data/deploy/conf/moa-id/certs/certstore/A4B140FBD4D5EA2AC3A570299945D8FCBBAD2231/0C30A6F2950EFEFBAB5964DA9E0EED7C9DB115D8
+++ /dev/null
Binary files differ
diff --git a/id/server/data/deploy/conf/moa-id/certs/certstore/A4B140FBD4D5EA2AC3A570299945D8FCBBAD2231/20CAECDCA766243AAD6FA1327618FC81BA65DC0F b/id/server/data/deploy/conf/moa-id/certs/certstore/A4B140FBD4D5EA2AC3A570299945D8FCBBAD2231/20CAECDCA766243AAD6FA1327618FC81BA65DC0F
deleted file mode 100644
index b596d82e3..000000000
--- a/id/server/data/deploy/conf/moa-id/certs/certstore/A4B140FBD4D5EA2AC3A570299945D8FCBBAD2231/20CAECDCA766243AAD6FA1327618FC81BA65DC0F
+++ /dev/null
Binary files differ
diff --git a/id/server/data/deploy/conf/moa-id/certs/certstore/A4B140FBD4D5EA2AC3A570299945D8FCBBAD2231/96D5D179016A5A6546973BA63733617EE1F1540D b/id/server/data/deploy/conf/moa-id/certs/certstore/A4B140FBD4D5EA2AC3A570299945D8FCBBAD2231/96D5D179016A5A6546973BA63733617EE1F1540D
deleted file mode 100644
index 4adc3b7ec..000000000
--- a/id/server/data/deploy/conf/moa-id/certs/certstore/A4B140FBD4D5EA2AC3A570299945D8FCBBAD2231/96D5D179016A5A6546973BA63733617EE1F1540D
+++ /dev/null
Binary files differ
diff --git a/id/server/data/deploy/conf/moa-id/certs/certstore/A4B140FBD4D5EA2AC3A570299945D8FCBBAD2231/CF236CF66379EA506F967D21F0E25E87529D9687 b/id/server/data/deploy/conf/moa-id/certs/certstore/A4B140FBD4D5EA2AC3A570299945D8FCBBAD2231/CF236CF66379EA506F967D21F0E25E87529D9687
deleted file mode 100644
index 1e4f22777..000000000
--- a/id/server/data/deploy/conf/moa-id/certs/certstore/A4B140FBD4D5EA2AC3A570299945D8FCBBAD2231/CF236CF66379EA506F967D21F0E25E87529D9687
+++ /dev/null
Binary files differ
diff --git a/id/server/data/deploy/conf/moa-id/certs/certstore/A4B140FBD4D5EA2AC3A570299945D8FCBBAD2231/FDD40A10FB9BE9DEB5B8AE76CC0184930EF8BB76 b/id/server/data/deploy/conf/moa-id/certs/certstore/A4B140FBD4D5EA2AC3A570299945D8FCBBAD2231/FDD40A10FB9BE9DEB5B8AE76CC0184930EF8BB76
deleted file mode 100644
index fe561ad6a..000000000
--- a/id/server/data/deploy/conf/moa-id/certs/certstore/A4B140FBD4D5EA2AC3A570299945D8FCBBAD2231/FDD40A10FB9BE9DEB5B8AE76CC0184930EF8BB76
+++ /dev/null
Binary files differ
diff --git a/id/server/data/deploy/conf/moa-id/certs/certstore/A7437C35301BDB5349F320B62231615028F397F8/266FCA0265A576548425BDAE15448665EE8BB889 b/id/server/data/deploy/conf/moa-id/certs/certstore/A7437C35301BDB5349F320B62231615028F397F8/266FCA0265A576548425BDAE15448665EE8BB889
deleted file mode 100644
index 3754de603..000000000
--- a/id/server/data/deploy/conf/moa-id/certs/certstore/A7437C35301BDB5349F320B62231615028F397F8/266FCA0265A576548425BDAE15448665EE8BB889
+++ /dev/null
Binary files differ
diff --git a/id/server/data/deploy/conf/moa-id/certs/certstore/A95F0C3FA54CA93E3D5BA61AD23459300FA498D6/D4D1370FD1D9EAA46412008FF3E59E114BCF724A b/id/server/data/deploy/conf/moa-id/certs/certstore/A95F0C3FA54CA93E3D5BA61AD23459300FA498D6/D4D1370FD1D9EAA46412008FF3E59E114BCF724A
deleted file mode 100644
index 3c7775b6e..000000000
--- a/id/server/data/deploy/conf/moa-id/certs/certstore/A95F0C3FA54CA93E3D5BA61AD23459300FA498D6/D4D1370FD1D9EAA46412008FF3E59E114BCF724A
+++ /dev/null
Binary files differ
diff --git a/id/server/data/deploy/conf/moa-id/certs/certstore/A95F0C3FA54CA93E3D5BA61AD23459300FA498D6/DFA7DDEF5C212F0F0651E2A9DE1CE4A1AC63AF7A b/id/server/data/deploy/conf/moa-id/certs/certstore/A95F0C3FA54CA93E3D5BA61AD23459300FA498D6/DFA7DDEF5C212F0F0651E2A9DE1CE4A1AC63AF7A
deleted file mode 100644
index b6f39e354..000000000
--- a/id/server/data/deploy/conf/moa-id/certs/certstore/A95F0C3FA54CA93E3D5BA61AD23459300FA498D6/DFA7DDEF5C212F0F0651E2A9DE1CE4A1AC63AF7A
+++ /dev/null
Binary files differ
diff --git a/id/server/data/deploy/conf/moa-id/certs/certstore/A95F0C3FA54CA93E3D5BA61AD23459300FA498D6/E619D25B380B7B13FDA33E8A58CD82D8A88E0515 b/id/server/data/deploy/conf/moa-id/certs/certstore/A95F0C3FA54CA93E3D5BA61AD23459300FA498D6/E619D25B380B7B13FDA33E8A58CD82D8A88E0515
deleted file mode 100644
index f9fef65fc..000000000
--- a/id/server/data/deploy/conf/moa-id/certs/certstore/A95F0C3FA54CA93E3D5BA61AD23459300FA498D6/E619D25B380B7B13FDA33E8A58CD82D8A88E0515
+++ /dev/null
Binary files differ
diff --git a/id/server/data/deploy/conf/moa-id/certs/certstore/A95F0C3FA54CA93E3D5BA61AD23459300FA498D6/F825578F8F5484DFB40F81867C392D6CB0012B92 b/id/server/data/deploy/conf/moa-id/certs/certstore/A95F0C3FA54CA93E3D5BA61AD23459300FA498D6/F825578F8F5484DFB40F81867C392D6CB0012B92
deleted file mode 100644
index f9f27442b..000000000
--- a/id/server/data/deploy/conf/moa-id/certs/certstore/A95F0C3FA54CA93E3D5BA61AD23459300FA498D6/F825578F8F5484DFB40F81867C392D6CB0012B92
+++ /dev/null
Binary files differ
diff --git a/id/server/data/deploy/conf/moa-id/certs/certstore/AAB27F0E98B28AF253454415F6490CB5F43A4B49/A9D28607928FA8615E2615CC9D71B535C5D0D419 b/id/server/data/deploy/conf/moa-id/certs/certstore/AAB27F0E98B28AF253454415F6490CB5F43A4B49/A9D28607928FA8615E2615CC9D71B535C5D0D419
deleted file mode 100644
index 10a1f7141..000000000
--- a/id/server/data/deploy/conf/moa-id/certs/certstore/AAB27F0E98B28AF253454415F6490CB5F43A4B49/A9D28607928FA8615E2615CC9D71B535C5D0D419
+++ /dev/null
Binary files differ
diff --git a/id/server/data/deploy/conf/moa-id/certs/certstore/AC1B67D7D5A300767C0944ACE8458DD49960F1BD/4D523730501ADB80A76B0B473A4D21C7D86F8374 b/id/server/data/deploy/conf/moa-id/certs/certstore/AC1B67D7D5A300767C0944ACE8458DD49960F1BD/4D523730501ADB80A76B0B473A4D21C7D86F8374
deleted file mode 100644
index 61a7ccb15..000000000
--- a/id/server/data/deploy/conf/moa-id/certs/certstore/AC1B67D7D5A300767C0944ACE8458DD49960F1BD/4D523730501ADB80A76B0B473A4D21C7D86F8374
+++ /dev/null
Binary files differ
diff --git a/id/server/data/deploy/conf/moa-id/certs/certstore/AF03510E8BCAE72BB7C4E9D1910B4E12057075A4/7AC3EFA52DE27A930EC8754DB5E061476948E914 b/id/server/data/deploy/conf/moa-id/certs/certstore/AF03510E8BCAE72BB7C4E9D1910B4E12057075A4/7AC3EFA52DE27A930EC8754DB5E061476948E914
deleted file mode 100644
index 911640d0e..000000000
--- a/id/server/data/deploy/conf/moa-id/certs/certstore/AF03510E8BCAE72BB7C4E9D1910B4E12057075A4/7AC3EFA52DE27A930EC8754DB5E061476948E914
+++ /dev/null
Binary files differ
diff --git a/id/server/data/deploy/conf/moa-id/certs/certstore/B1A1ACC805C656EF257C5115509B977964591D7E/8944AF64790FA467C02424CB22523A068C3B72DB b/id/server/data/deploy/conf/moa-id/certs/certstore/B1A1ACC805C656EF257C5115509B977964591D7E/8944AF64790FA467C02424CB22523A068C3B72DB
deleted file mode 100644
index a95605e5a..000000000
--- a/id/server/data/deploy/conf/moa-id/certs/certstore/B1A1ACC805C656EF257C5115509B977964591D7E/8944AF64790FA467C02424CB22523A068C3B72DB
+++ /dev/null
Binary files differ
diff --git a/id/server/data/deploy/conf/moa-id/certs/certstore/B293710691F553804016FCEC3428ABA1CB11ADF7/36B41A8B411985ED1032DBD85A154207164A9B85 b/id/server/data/deploy/conf/moa-id/certs/certstore/B293710691F553804016FCEC3428ABA1CB11ADF7/36B41A8B411985ED1032DBD85A154207164A9B85
deleted file mode 100644
index a365a465b..000000000
--- a/id/server/data/deploy/conf/moa-id/certs/certstore/B293710691F553804016FCEC3428ABA1CB11ADF7/36B41A8B411985ED1032DBD85A154207164A9B85
+++ /dev/null
Binary files differ
diff --git a/id/server/data/deploy/conf/moa-id/certs/certstore/B310CEED301C503EDB15720F94D5D7E76BF423DA/AA94FD422AEB8F5B6E8508314CE0DC68BCD53305 b/id/server/data/deploy/conf/moa-id/certs/certstore/B310CEED301C503EDB15720F94D5D7E76BF423DA/AA94FD422AEB8F5B6E8508314CE0DC68BCD53305
deleted file mode 100644
index ea3512e3d..000000000
--- a/id/server/data/deploy/conf/moa-id/certs/certstore/B310CEED301C503EDB15720F94D5D7E76BF423DA/AA94FD422AEB8F5B6E8508314CE0DC68BCD53305
+++ /dev/null
Binary files differ
diff --git a/id/server/data/deploy/conf/moa-id/certs/certstore/B3EB7B59ECFF1E25E16C64BB24993D1B20DCFC28/07A6DEED70213CCF598F278789680DA4C04A0331 b/id/server/data/deploy/conf/moa-id/certs/certstore/B3EB7B59ECFF1E25E16C64BB24993D1B20DCFC28/07A6DEED70213CCF598F278789680DA4C04A0331
deleted file mode 100644
index 46dd968f0..000000000
--- a/id/server/data/deploy/conf/moa-id/certs/certstore/B3EB7B59ECFF1E25E16C64BB24993D1B20DCFC28/07A6DEED70213CCF598F278789680DA4C04A0331
+++ /dev/null
Binary files differ
diff --git a/id/server/data/deploy/conf/moa-id/certs/certstore/B749506C821467F7D6F4E8943D07DDED771A7B47/A5A00B223EF24AED92D03F652CFE367CA9D1B200 b/id/server/data/deploy/conf/moa-id/certs/certstore/B749506C821467F7D6F4E8943D07DDED771A7B47/A5A00B223EF24AED92D03F652CFE367CA9D1B200
deleted file mode 100644
index 05a8b86f9..000000000
--- a/id/server/data/deploy/conf/moa-id/certs/certstore/B749506C821467F7D6F4E8943D07DDED771A7B47/A5A00B223EF24AED92D03F652CFE367CA9D1B200
+++ /dev/null
Binary files differ
diff --git a/id/server/data/deploy/conf/moa-id/certs/certstore/B9041947DCD9B7E2B82D72D6A0FF1FBC4B213DC0/BD78039E45BA4E4B13ADECC58124520ACE83B6A7 b/id/server/data/deploy/conf/moa-id/certs/certstore/B9041947DCD9B7E2B82D72D6A0FF1FBC4B213DC0/BD78039E45BA4E4B13ADECC58124520ACE83B6A7
deleted file mode 100644
index 815f53d95..000000000
--- a/id/server/data/deploy/conf/moa-id/certs/certstore/B9041947DCD9B7E2B82D72D6A0FF1FBC4B213DC0/BD78039E45BA4E4B13ADECC58124520ACE83B6A7
+++ /dev/null
Binary files differ
diff --git a/id/server/data/deploy/conf/moa-id/certs/certstore/BAA9ADD095E87E0B490B6DD933AA2F450C6B9492/7A430B6E3592BEEDFAA0DD5DD6262C27EB8D26D2 b/id/server/data/deploy/conf/moa-id/certs/certstore/BAA9ADD095E87E0B490B6DD933AA2F450C6B9492/7A430B6E3592BEEDFAA0DD5DD6262C27EB8D26D2
deleted file mode 100644
index 63ba5cce5..000000000
--- a/id/server/data/deploy/conf/moa-id/certs/certstore/BAA9ADD095E87E0B490B6DD933AA2F450C6B9492/7A430B6E3592BEEDFAA0DD5DD6262C27EB8D26D2
+++ /dev/null
Binary files differ
diff --git a/id/server/data/deploy/conf/moa-id/certs/certstore/BE47A5DA41A35F740D98305DA8FF4096B71492BE/D1474E7D99512D05B98DD37B3FE86496A03D088D b/id/server/data/deploy/conf/moa-id/certs/certstore/BE47A5DA41A35F740D98305DA8FF4096B71492BE/D1474E7D99512D05B98DD37B3FE86496A03D088D
deleted file mode 100644
index 0bab77032..000000000
--- a/id/server/data/deploy/conf/moa-id/certs/certstore/BE47A5DA41A35F740D98305DA8FF4096B71492BE/D1474E7D99512D05B98DD37B3FE86496A03D088D
+++ /dev/null
Binary files differ
diff --git a/id/server/data/deploy/conf/moa-id/certs/certstore/BE77EF0A6C18C4B70D3B516426B559A2C1969460/9766A5ED03482991DA91BB763ECDCD9417394100 b/id/server/data/deploy/conf/moa-id/certs/certstore/BE77EF0A6C18C4B70D3B516426B559A2C1969460/9766A5ED03482991DA91BB763ECDCD9417394100
deleted file mode 100644
index 882753986..000000000
--- a/id/server/data/deploy/conf/moa-id/certs/certstore/BE77EF0A6C18C4B70D3B516426B559A2C1969460/9766A5ED03482991DA91BB763ECDCD9417394100
+++ /dev/null
Binary files differ
diff --git a/id/server/data/deploy/conf/moa-id/certs/certstore/BE77EF0A6C18C4B70D3B516426B559A2C1969460/BB97947C31BBF3364A2909F9876DBD3B87B5B62A b/id/server/data/deploy/conf/moa-id/certs/certstore/BE77EF0A6C18C4B70D3B516426B559A2C1969460/BB97947C31BBF3364A2909F9876DBD3B87B5B62A
deleted file mode 100644
index f28aa4b8e..000000000
--- a/id/server/data/deploy/conf/moa-id/certs/certstore/BE77EF0A6C18C4B70D3B516426B559A2C1969460/BB97947C31BBF3364A2909F9876DBD3B87B5B62A
+++ /dev/null
Binary files differ
diff --git a/id/server/data/deploy/conf/moa-id/certs/certstore/BEBA5B735BCC34BDB0D778DAA1E669AEF999FCAB/60B7181FD8BCA00B84961BF31DB08C50376CCF44 b/id/server/data/deploy/conf/moa-id/certs/certstore/BEBA5B735BCC34BDB0D778DAA1E669AEF999FCAB/60B7181FD8BCA00B84961BF31DB08C50376CCF44
deleted file mode 100644
index 08d7b28e2..000000000
--- a/id/server/data/deploy/conf/moa-id/certs/certstore/BEBA5B735BCC34BDB0D778DAA1E669AEF999FCAB/60B7181FD8BCA00B84961BF31DB08C50376CCF44
+++ /dev/null
Binary files differ
diff --git a/id/server/data/deploy/conf/moa-id/certs/certstore/BEBA5B735BCC34BDB0D778DAA1E669AEF999FCAB/74801529B4E8E5764FFC4D8E6577E1F84E8101CE b/id/server/data/deploy/conf/moa-id/certs/certstore/BEBA5B735BCC34BDB0D778DAA1E669AEF999FCAB/74801529B4E8E5764FFC4D8E6577E1F84E8101CE
deleted file mode 100644
index e47d2b8ba..000000000
--- a/id/server/data/deploy/conf/moa-id/certs/certstore/BEBA5B735BCC34BDB0D778DAA1E669AEF999FCAB/74801529B4E8E5764FFC4D8E6577E1F84E8101CE
+++ /dev/null
Binary files differ
diff --git a/id/server/data/deploy/conf/moa-id/certs/certstore/BEBA5B735BCC34BDB0D778DAA1E669AEF999FCAB/7B7B60B748C82B34EE71A3CEA729C477083F0BDA b/id/server/data/deploy/conf/moa-id/certs/certstore/BEBA5B735BCC34BDB0D778DAA1E669AEF999FCAB/7B7B60B748C82B34EE71A3CEA729C477083F0BDA
deleted file mode 100644
index 5168e1af0..000000000
--- a/id/server/data/deploy/conf/moa-id/certs/certstore/BEBA5B735BCC34BDB0D778DAA1E669AEF999FCAB/7B7B60B748C82B34EE71A3CEA729C477083F0BDA
+++ /dev/null
Binary files differ
diff --git a/id/server/data/deploy/conf/moa-id/certs/certstore/BEBA5B735BCC34BDB0D778DAA1E669AEF999FCAB/EBB80BE34C78814AE659BBA3A2394E4D9857123D b/id/server/data/deploy/conf/moa-id/certs/certstore/BEBA5B735BCC34BDB0D778DAA1E669AEF999FCAB/EBB80BE34C78814AE659BBA3A2394E4D9857123D
deleted file mode 100644
index c5bcc42e2..000000000
--- a/id/server/data/deploy/conf/moa-id/certs/certstore/BEBA5B735BCC34BDB0D778DAA1E669AEF999FCAB/EBB80BE34C78814AE659BBA3A2394E4D9857123D
+++ /dev/null
Binary files differ
diff --git a/id/server/data/deploy/conf/moa-id/certs/certstore/BED4C70D83B5042F4254459064FDEACD43DD1EDF/7BE0C8E441786C69A3CB35BDBEF235F8B5310E04 b/id/server/data/deploy/conf/moa-id/certs/certstore/BED4C70D83B5042F4254459064FDEACD43DD1EDF/7BE0C8E441786C69A3CB35BDBEF235F8B5310E04
deleted file mode 100644
index 0a8de4bb9..000000000
--- a/id/server/data/deploy/conf/moa-id/certs/certstore/BED4C70D83B5042F4254459064FDEACD43DD1EDF/7BE0C8E441786C69A3CB35BDBEF235F8B5310E04
+++ /dev/null
Binary files differ
diff --git a/id/server/data/deploy/conf/moa-id/certs/certstore/BF375B55D8D7CFC31FD8E3FBF7B1981A91A1A6CA/42EFDDE6BFF35ED0BAE6ACDD204C50AE86C4F4FA b/id/server/data/deploy/conf/moa-id/certs/certstore/BF375B55D8D7CFC31FD8E3FBF7B1981A91A1A6CA/42EFDDE6BFF35ED0BAE6ACDD204C50AE86C4F4FA
deleted file mode 100644
index ab9e0cd7d..000000000
--- a/id/server/data/deploy/conf/moa-id/certs/certstore/BF375B55D8D7CFC31FD8E3FBF7B1981A91A1A6CA/42EFDDE6BFF35ED0BAE6ACDD204C50AE86C4F4FA
+++ /dev/null
Binary files differ
diff --git a/id/server/data/deploy/conf/moa-id/certs/certstore/BF375B55D8D7CFC31FD8E3FBF7B1981A91A1A6CA/51C01567BCB22968EF5A297B7EA84E195594E0E8 b/id/server/data/deploy/conf/moa-id/certs/certstore/BF375B55D8D7CFC31FD8E3FBF7B1981A91A1A6CA/51C01567BCB22968EF5A297B7EA84E195594E0E8
deleted file mode 100644
index 01965769d..000000000
--- a/id/server/data/deploy/conf/moa-id/certs/certstore/BF375B55D8D7CFC31FD8E3FBF7B1981A91A1A6CA/51C01567BCB22968EF5A297B7EA84E195594E0E8
+++ /dev/null
Binary files differ
diff --git a/id/server/data/deploy/conf/moa-id/certs/certstore/C15FFFE6EFAD484909C9EFC6CD5C20435E326685/DDBAE68B1FF60FFBB2854C78727B76C95EC83BBE b/id/server/data/deploy/conf/moa-id/certs/certstore/C15FFFE6EFAD484909C9EFC6CD5C20435E326685/DDBAE68B1FF60FFBB2854C78727B76C95EC83BBE
deleted file mode 100644
index 6428b8256..000000000
--- a/id/server/data/deploy/conf/moa-id/certs/certstore/C15FFFE6EFAD484909C9EFC6CD5C20435E326685/DDBAE68B1FF60FFBB2854C78727B76C95EC83BBE
+++ /dev/null
Binary files differ
diff --git a/id/server/data/deploy/conf/moa-id/certs/certstore/C20C15B6163E675959D273D502F0D80718326C55/844FDEEE3C847F4BD5153E822803C1A2C1B6E7BA b/id/server/data/deploy/conf/moa-id/certs/certstore/C20C15B6163E675959D273D502F0D80718326C55/844FDEEE3C847F4BD5153E822803C1A2C1B6E7BA
deleted file mode 100644
index bc5ed1e62..000000000
--- a/id/server/data/deploy/conf/moa-id/certs/certstore/C20C15B6163E675959D273D502F0D80718326C55/844FDEEE3C847F4BD5153E822803C1A2C1B6E7BA
+++ /dev/null
Binary files differ
diff --git a/id/server/data/deploy/conf/moa-id/certs/certstore/C20C15B6163E675959D273D502F0D80718326C55/B38C775A18C1195D01658D75FBDA3258B6DF018B b/id/server/data/deploy/conf/moa-id/certs/certstore/C20C15B6163E675959D273D502F0D80718326C55/B38C775A18C1195D01658D75FBDA3258B6DF018B
deleted file mode 100644
index cb519b7eb..000000000
--- a/id/server/data/deploy/conf/moa-id/certs/certstore/C20C15B6163E675959D273D502F0D80718326C55/B38C775A18C1195D01658D75FBDA3258B6DF018B
+++ /dev/null
Binary files differ
diff --git a/id/server/data/deploy/conf/moa-id/certs/certstore/C2A7CAE9E68EB7945828D193CB22CDD246BC7F95/6955D95F6B0799F7D96F4FC28E6E6C64758C1240 b/id/server/data/deploy/conf/moa-id/certs/certstore/C2A7CAE9E68EB7945828D193CB22CDD246BC7F95/6955D95F6B0799F7D96F4FC28E6E6C64758C1240
deleted file mode 100644
index f11bd6247..000000000
--- a/id/server/data/deploy/conf/moa-id/certs/certstore/C2A7CAE9E68EB7945828D193CB22CDD246BC7F95/6955D95F6B0799F7D96F4FC28E6E6C64758C1240
+++ /dev/null
Binary files differ
diff --git a/id/server/data/deploy/conf/moa-id/certs/certstore/C52E4A04A22D98C70E19F1969AD71C838E4371B3/F96FE4F59166EFA9000B21A16EF22CF14468890C b/id/server/data/deploy/conf/moa-id/certs/certstore/C52E4A04A22D98C70E19F1969AD71C838E4371B3/F96FE4F59166EFA9000B21A16EF22CF14468890C
deleted file mode 100644
index 348257122..000000000
--- a/id/server/data/deploy/conf/moa-id/certs/certstore/C52E4A04A22D98C70E19F1969AD71C838E4371B3/F96FE4F59166EFA9000B21A16EF22CF14468890C
+++ /dev/null
Binary files differ
diff --git a/id/server/data/deploy/conf/moa-id/certs/certstore/C6673943153C8BE9F977A89A00ED84B432074576/7D0C7B977ACEA63D51EE34B00BC3C1DBF318B92E b/id/server/data/deploy/conf/moa-id/certs/certstore/C6673943153C8BE9F977A89A00ED84B432074576/7D0C7B977ACEA63D51EE34B00BC3C1DBF318B92E
deleted file mode 100644
index b9fe1280c..000000000
--- a/id/server/data/deploy/conf/moa-id/certs/certstore/C6673943153C8BE9F977A89A00ED84B432074576/7D0C7B977ACEA63D51EE34B00BC3C1DBF318B92E
+++ /dev/null
Binary files differ
diff --git a/id/server/data/deploy/conf/moa-id/certs/certstore/C6673943153C8BE9F977A89A00ED84B432074576/A79681CBDD69EC741214136F128923A574E26F03 b/id/server/data/deploy/conf/moa-id/certs/certstore/C6673943153C8BE9F977A89A00ED84B432074576/A79681CBDD69EC741214136F128923A574E26F03
deleted file mode 100644
index ea1585a6e..000000000
--- a/id/server/data/deploy/conf/moa-id/certs/certstore/C6673943153C8BE9F977A89A00ED84B432074576/A79681CBDD69EC741214136F128923A574E26F03
+++ /dev/null
Binary files differ
diff --git a/id/server/data/deploy/conf/moa-id/certs/certstore/C7E1D3604D2A960201D70F29B8A80EDA11475EEB/C18ECC8FD712ACAFBEAEDC1FA13F5AB19930E3ED b/id/server/data/deploy/conf/moa-id/certs/certstore/C7E1D3604D2A960201D70F29B8A80EDA11475EEB/C18ECC8FD712ACAFBEAEDC1FA13F5AB19930E3ED
deleted file mode 100644
index a3f8a7409..000000000
--- a/id/server/data/deploy/conf/moa-id/certs/certstore/C7E1D3604D2A960201D70F29B8A80EDA11475EEB/C18ECC8FD712ACAFBEAEDC1FA13F5AB19930E3ED
+++ /dev/null
Binary files differ
diff --git a/id/server/data/deploy/conf/moa-id/certs/certstore/C976280EC7FECF169577E31D8CA0BB00967904B1/7666A8BD2C2513DE489C06D08D566F177ECE84AA b/id/server/data/deploy/conf/moa-id/certs/certstore/C976280EC7FECF169577E31D8CA0BB00967904B1/7666A8BD2C2513DE489C06D08D566F177ECE84AA
deleted file mode 100644
index 3c1f2f8a2..000000000
--- a/id/server/data/deploy/conf/moa-id/certs/certstore/C976280EC7FECF169577E31D8CA0BB00967904B1/7666A8BD2C2513DE489C06D08D566F177ECE84AA
+++ /dev/null
Binary files differ
diff --git a/id/server/data/deploy/conf/moa-id/certs/certstore/CABD2EA6CA438084840DCCAE875F341E2D3A2C43/02A0E6456442E35198532ACFFB6FEE3B606D9FA3 b/id/server/data/deploy/conf/moa-id/certs/certstore/CABD2EA6CA438084840DCCAE875F341E2D3A2C43/02A0E6456442E35198532ACFFB6FEE3B606D9FA3
deleted file mode 100644
index 5026d395f..000000000
--- a/id/server/data/deploy/conf/moa-id/certs/certstore/CABD2EA6CA438084840DCCAE875F341E2D3A2C43/02A0E6456442E35198532ACFFB6FEE3B606D9FA3
+++ /dev/null
Binary files differ
diff --git a/id/server/data/deploy/conf/moa-id/certs/certstore/CC93161E57C3898635E1D086008BD053F542457F/7D60E314AA6AEF548A614A9354C5068192051A29 b/id/server/data/deploy/conf/moa-id/certs/certstore/CC93161E57C3898635E1D086008BD053F542457F/7D60E314AA6AEF548A614A9354C5068192051A29
deleted file mode 100644
index afe6fdf09..000000000
--- a/id/server/data/deploy/conf/moa-id/certs/certstore/CC93161E57C3898635E1D086008BD053F542457F/7D60E314AA6AEF548A614A9354C5068192051A29
+++ /dev/null
Binary files differ
diff --git a/id/server/data/deploy/conf/moa-id/certs/certstore/CD2D87A57D1568A515128BE9DA8B3CAE7AC007A4/C6658C25AFB8A9D738F2BC591775D167549FFD3A b/id/server/data/deploy/conf/moa-id/certs/certstore/CD2D87A57D1568A515128BE9DA8B3CAE7AC007A4/C6658C25AFB8A9D738F2BC591775D167549FFD3A
deleted file mode 100644
index f6df0f4fd..000000000
--- a/id/server/data/deploy/conf/moa-id/certs/certstore/CD2D87A57D1568A515128BE9DA8B3CAE7AC007A4/C6658C25AFB8A9D738F2BC591775D167549FFD3A
+++ /dev/null
Binary files differ
diff --git a/id/server/data/deploy/conf/moa-id/certs/certstore/CE91CC7CF2DDDEE6623A1A91B3298DCAD2375F2B/8AB0A3519AFA7F3C04074522678BAA1CB3DC734F b/id/server/data/deploy/conf/moa-id/certs/certstore/CE91CC7CF2DDDEE6623A1A91B3298DCAD2375F2B/8AB0A3519AFA7F3C04074522678BAA1CB3DC734F
deleted file mode 100644
index c34d0f380..000000000
--- a/id/server/data/deploy/conf/moa-id/certs/certstore/CE91CC7CF2DDDEE6623A1A91B3298DCAD2375F2B/8AB0A3519AFA7F3C04074522678BAA1CB3DC734F
+++ /dev/null
Binary files differ
diff --git a/id/server/data/deploy/conf/moa-id/certs/certstore/CE91CC7CF2DDDEE6623A1A91B3298DCAD2375F2B/DF47B3040E7632614464BD2EC4ECD1B8030F53E3 b/id/server/data/deploy/conf/moa-id/certs/certstore/CE91CC7CF2DDDEE6623A1A91B3298DCAD2375F2B/DF47B3040E7632614464BD2EC4ECD1B8030F53E3
deleted file mode 100644
index d894e92ca..000000000
--- a/id/server/data/deploy/conf/moa-id/certs/certstore/CE91CC7CF2DDDEE6623A1A91B3298DCAD2375F2B/DF47B3040E7632614464BD2EC4ECD1B8030F53E3
+++ /dev/null
Binary files differ
diff --git a/id/server/data/deploy/conf/moa-id/certs/certstore/CE91CC7CF2DDDEE6623A1A91B3298DCAD2375F2B/E117479B4A41D7F3223FCAE50560B0D57B22217D b/id/server/data/deploy/conf/moa-id/certs/certstore/CE91CC7CF2DDDEE6623A1A91B3298DCAD2375F2B/E117479B4A41D7F3223FCAE50560B0D57B22217D
deleted file mode 100644
index 380486f65..000000000
--- a/id/server/data/deploy/conf/moa-id/certs/certstore/CE91CC7CF2DDDEE6623A1A91B3298DCAD2375F2B/E117479B4A41D7F3223FCAE50560B0D57B22217D
+++ /dev/null
Binary files differ
diff --git a/id/server/data/deploy/conf/moa-id/certs/certstore/D4D40BD33958CD9169A7AB6304AA2BBAD22DC595/07976A2A16EC182670161B46886B05E1FEAC16B1 b/id/server/data/deploy/conf/moa-id/certs/certstore/D4D40BD33958CD9169A7AB6304AA2BBAD22DC595/07976A2A16EC182670161B46886B05E1FEAC16B1
deleted file mode 100644
index 22d64fb5f..000000000
--- a/id/server/data/deploy/conf/moa-id/certs/certstore/D4D40BD33958CD9169A7AB6304AA2BBAD22DC595/07976A2A16EC182670161B46886B05E1FEAC16B1
+++ /dev/null
Binary files differ
diff --git a/id/server/data/deploy/conf/moa-id/certs/certstore/D708C897515970D33EF7CD0C2474449D3AB6AA83/52ED0FAFBD38A868C678174D7EB03D266ADB221C b/id/server/data/deploy/conf/moa-id/certs/certstore/D708C897515970D33EF7CD0C2474449D3AB6AA83/52ED0FAFBD38A868C678174D7EB03D266ADB221C
deleted file mode 100644
index 42a64da07..000000000
--- a/id/server/data/deploy/conf/moa-id/certs/certstore/D708C897515970D33EF7CD0C2474449D3AB6AA83/52ED0FAFBD38A868C678174D7EB03D266ADB221C
+++ /dev/null
Binary files differ
diff --git a/id/server/data/deploy/conf/moa-id/certs/certstore/DD29E76659D18371B78E61E7DF4D4B8FEDCAF8E7/8BA5C0847597612C7E16970EAE55EF58D32E9CF3 b/id/server/data/deploy/conf/moa-id/certs/certstore/DD29E76659D18371B78E61E7DF4D4B8FEDCAF8E7/8BA5C0847597612C7E16970EAE55EF58D32E9CF3
deleted file mode 100644
index 010c5d5b6..000000000
--- a/id/server/data/deploy/conf/moa-id/certs/certstore/DD29E76659D18371B78E61E7DF4D4B8FEDCAF8E7/8BA5C0847597612C7E16970EAE55EF58D32E9CF3
+++ /dev/null
Binary files differ
diff --git a/id/server/data/deploy/conf/moa-id/certs/certstore/DF5F53FDADAFC93F4789141B5A7627EB9F3BD29F/18585FC53A283488E4BA84867980E9B1F2B28ADA b/id/server/data/deploy/conf/moa-id/certs/certstore/DF5F53FDADAFC93F4789141B5A7627EB9F3BD29F/18585FC53A283488E4BA84867980E9B1F2B28ADA
deleted file mode 100644
index d53dce92b..000000000
--- a/id/server/data/deploy/conf/moa-id/certs/certstore/DF5F53FDADAFC93F4789141B5A7627EB9F3BD29F/18585FC53A283488E4BA84867980E9B1F2B28ADA
+++ /dev/null
Binary files differ
diff --git a/id/server/data/deploy/conf/moa-id/certs/certstore/DF5F53FDADAFC93F4789141B5A7627EB9F3BD29F/27337257493B86B9BFF78D569F938D692A430EAE b/id/server/data/deploy/conf/moa-id/certs/certstore/DF5F53FDADAFC93F4789141B5A7627EB9F3BD29F/27337257493B86B9BFF78D569F938D692A430EAE
deleted file mode 100644
index 5375c57c3..000000000
--- a/id/server/data/deploy/conf/moa-id/certs/certstore/DF5F53FDADAFC93F4789141B5A7627EB9F3BD29F/27337257493B86B9BFF78D569F938D692A430EAE
+++ /dev/null
Binary files differ
diff --git a/id/server/data/deploy/conf/moa-id/certs/certstore/DF5F53FDADAFC93F4789141B5A7627EB9F3BD29F/4832F0A28C3724A92F6CB3314F747D0E74FC7344 b/id/server/data/deploy/conf/moa-id/certs/certstore/DF5F53FDADAFC93F4789141B5A7627EB9F3BD29F/4832F0A28C3724A92F6CB3314F747D0E74FC7344
deleted file mode 100644
index 7085c5ac9..000000000
--- a/id/server/data/deploy/conf/moa-id/certs/certstore/DF5F53FDADAFC93F4789141B5A7627EB9F3BD29F/4832F0A28C3724A92F6CB3314F747D0E74FC7344
+++ /dev/null
Binary files differ
diff --git a/id/server/data/deploy/conf/moa-id/certs/certstore/DF5F53FDADAFC93F4789141B5A7627EB9F3BD29F/6352302A5072DBFB769D4FF4C70C86432C4C1683 b/id/server/data/deploy/conf/moa-id/certs/certstore/DF5F53FDADAFC93F4789141B5A7627EB9F3BD29F/6352302A5072DBFB769D4FF4C70C86432C4C1683
deleted file mode 100644
index 97dc187db..000000000
--- a/id/server/data/deploy/conf/moa-id/certs/certstore/DF5F53FDADAFC93F4789141B5A7627EB9F3BD29F/6352302A5072DBFB769D4FF4C70C86432C4C1683
+++ /dev/null
Binary files differ
diff --git a/id/server/data/deploy/conf/moa-id/certs/certstore/DF5F53FDADAFC93F4789141B5A7627EB9F3BD29F/EE886B907E31667D622677F665F25C54AF9A7F65 b/id/server/data/deploy/conf/moa-id/certs/certstore/DF5F53FDADAFC93F4789141B5A7627EB9F3BD29F/EE886B907E31667D622677F665F25C54AF9A7F65
deleted file mode 100644
index ad5d7dea1..000000000
--- a/id/server/data/deploy/conf/moa-id/certs/certstore/DF5F53FDADAFC93F4789141B5A7627EB9F3BD29F/EE886B907E31667D622677F665F25C54AF9A7F65
+++ /dev/null
Binary files differ
diff --git a/id/server/data/deploy/conf/moa-id/certs/certstore/E47BA33321A8A919414A123C91F5D253766AB078/698563ECEE29232C5304487D972310F86650C3A6 b/id/server/data/deploy/conf/moa-id/certs/certstore/E47BA33321A8A919414A123C91F5D253766AB078/698563ECEE29232C5304487D972310F86650C3A6
deleted file mode 100644
index ebfbce9a0..000000000
--- a/id/server/data/deploy/conf/moa-id/certs/certstore/E47BA33321A8A919414A123C91F5D253766AB078/698563ECEE29232C5304487D972310F86650C3A6
+++ /dev/null
Binary files differ
diff --git a/id/server/data/deploy/conf/moa-id/certs/certstore/E6A4C843059A6043B4DC967F9EF892B695990777/B4B77C83465979E3679E3A33F972F48EE3730A18 b/id/server/data/deploy/conf/moa-id/certs/certstore/E6A4C843059A6043B4DC967F9EF892B695990777/B4B77C83465979E3679E3A33F972F48EE3730A18
deleted file mode 100644
index 6225c0ca7..000000000
--- a/id/server/data/deploy/conf/moa-id/certs/certstore/E6A4C843059A6043B4DC967F9EF892B695990777/B4B77C83465979E3679E3A33F972F48EE3730A18
+++ /dev/null
Binary files differ
diff --git a/id/server/data/deploy/conf/moa-id/certs/certstore/EA7E6D37E678C1BCA5060F97DAF09F559DFD04B7/3AAD23B00CA10E54E6368DF7952E3F4B5108B65C b/id/server/data/deploy/conf/moa-id/certs/certstore/EA7E6D37E678C1BCA5060F97DAF09F559DFD04B7/3AAD23B00CA10E54E6368DF7952E3F4B5108B65C
deleted file mode 100644
index a3aa0000d..000000000
--- a/id/server/data/deploy/conf/moa-id/certs/certstore/EA7E6D37E678C1BCA5060F97DAF09F559DFD04B7/3AAD23B00CA10E54E6368DF7952E3F4B5108B65C
+++ /dev/null
Binary files differ
diff --git a/id/server/data/deploy/conf/moa-id/certs/certstore/EEE6351C5C6EBD8644AB88E7648D44FA07C72A80/14E59C02A6877B0EBD2C4203886BA25959C1D267 b/id/server/data/deploy/conf/moa-id/certs/certstore/EEE6351C5C6EBD8644AB88E7648D44FA07C72A80/14E59C02A6877B0EBD2C4203886BA25959C1D267
deleted file mode 100644
index 332aa817a..000000000
--- a/id/server/data/deploy/conf/moa-id/certs/certstore/EEE6351C5C6EBD8644AB88E7648D44FA07C72A80/14E59C02A6877B0EBD2C4203886BA25959C1D267
+++ /dev/null
Binary files differ
diff --git a/id/server/data/deploy/conf/moa-id/certs/certstore/F1B84756A1EAB09C171B2783DD163B42A9BD0BBB/ED5608CE67EA5CB79AC024CEA7445F9BCBE48703 b/id/server/data/deploy/conf/moa-id/certs/certstore/F1B84756A1EAB09C171B2783DD163B42A9BD0BBB/ED5608CE67EA5CB79AC024CEA7445F9BCBE48703
deleted file mode 100644
index 069640ffc..000000000
--- a/id/server/data/deploy/conf/moa-id/certs/certstore/F1B84756A1EAB09C171B2783DD163B42A9BD0BBB/ED5608CE67EA5CB79AC024CEA7445F9BCBE48703
+++ /dev/null
Binary files differ
diff --git a/id/server/data/deploy/conf/moa-id/certs/certstore/F3DA7C495789E656FA27E611CCAFA05F232ADEA0/F3AE9FEA4DECEE5330770A2520BD86909929E7BE b/id/server/data/deploy/conf/moa-id/certs/certstore/F3DA7C495789E656FA27E611CCAFA05F232ADEA0/F3AE9FEA4DECEE5330770A2520BD86909929E7BE
deleted file mode 100644
index c3fc91352..000000000
--- a/id/server/data/deploy/conf/moa-id/certs/certstore/F3DA7C495789E656FA27E611CCAFA05F232ADEA0/F3AE9FEA4DECEE5330770A2520BD86909929E7BE
+++ /dev/null
Binary files differ
diff --git a/id/server/data/deploy/conf/moa-id/certs/certstore/F4834A83B4ED558A1E349821898B6DE4353516F1/16D8270DE51B034E77B7CDAF1DEE623916243DDC b/id/server/data/deploy/conf/moa-id/certs/certstore/F4834A83B4ED558A1E349821898B6DE4353516F1/16D8270DE51B034E77B7CDAF1DEE623916243DDC
deleted file mode 100644
index 87d8b52d4..000000000
--- a/id/server/data/deploy/conf/moa-id/certs/certstore/F4834A83B4ED558A1E349821898B6DE4353516F1/16D8270DE51B034E77B7CDAF1DEE623916243DDC
+++ /dev/null
Binary files differ
diff --git a/id/server/data/deploy/conf/moa-id/certs/certstore/F4834A83B4ED558A1E349821898B6DE4353516F1/3D3F25C5CD9F932037D91B7D102EDB58EC7C8239 b/id/server/data/deploy/conf/moa-id/certs/certstore/F4834A83B4ED558A1E349821898B6DE4353516F1/3D3F25C5CD9F932037D91B7D102EDB58EC7C8239
deleted file mode 100644
index 91acd396a..000000000
--- a/id/server/data/deploy/conf/moa-id/certs/certstore/F4834A83B4ED558A1E349821898B6DE4353516F1/3D3F25C5CD9F932037D91B7D102EDB58EC7C8239
+++ /dev/null
Binary files differ
diff --git a/id/server/data/deploy/conf/moa-id/certs/certstore/F4834A83B4ED558A1E349821898B6DE4353516F1/40B51EEF4E709FBD47935DDD83A1F640D0CC378A b/id/server/data/deploy/conf/moa-id/certs/certstore/F4834A83B4ED558A1E349821898B6DE4353516F1/40B51EEF4E709FBD47935DDD83A1F640D0CC378A
deleted file mode 100644
index b5f5fa6ca..000000000
--- a/id/server/data/deploy/conf/moa-id/certs/certstore/F4834A83B4ED558A1E349821898B6DE4353516F1/40B51EEF4E709FBD47935DDD83A1F640D0CC378A
+++ /dev/null
Binary files differ
diff --git a/id/server/data/deploy/conf/moa-id/certs/certstore/F4834A83B4ED558A1E349821898B6DE4353516F1/D4E1786D8B8B57B22C81D0F0FCE18EA818DA0537 b/id/server/data/deploy/conf/moa-id/certs/certstore/F4834A83B4ED558A1E349821898B6DE4353516F1/D4E1786D8B8B57B22C81D0F0FCE18EA818DA0537
deleted file mode 100644
index abeb964dd..000000000
--- a/id/server/data/deploy/conf/moa-id/certs/certstore/F4834A83B4ED558A1E349821898B6DE4353516F1/D4E1786D8B8B57B22C81D0F0FCE18EA818DA0537
+++ /dev/null
Binary files differ
diff --git a/id/server/data/deploy/conf/moa-id/certs/certstore/F48B57F89BACD8687EBB12223A5B8E5EF3774583/CAF84A42305615AC2C582F6412BDA3E36DAC3D25 b/id/server/data/deploy/conf/moa-id/certs/certstore/F48B57F89BACD8687EBB12223A5B8E5EF3774583/CAF84A42305615AC2C582F6412BDA3E36DAC3D25
deleted file mode 100644
index 83aeb1fce..000000000
--- a/id/server/data/deploy/conf/moa-id/certs/certstore/F48B57F89BACD8687EBB12223A5B8E5EF3774583/CAF84A42305615AC2C582F6412BDA3E36DAC3D25
+++ /dev/null
Binary files differ
diff --git a/id/server/data/deploy/conf/moa-id/certs/certstore/F613568C1D7A1300B32609998288211959DBDFB0/D7EDAF7381F7FC93B4C28FA372190D7A59CFA696 b/id/server/data/deploy/conf/moa-id/certs/certstore/F613568C1D7A1300B32609998288211959DBDFB0/D7EDAF7381F7FC93B4C28FA372190D7A59CFA696
deleted file mode 100644
index 5631441a9..000000000
--- a/id/server/data/deploy/conf/moa-id/certs/certstore/F613568C1D7A1300B32609998288211959DBDFB0/D7EDAF7381F7FC93B4C28FA372190D7A59CFA696
+++ /dev/null
Binary files differ
diff --git a/id/server/data/deploy/conf/moa-id/certs/certstore/F7D331850EC13D22284909E0FC3493A65FFA7F30/EC988340526163D5B7AC80481B2AC76828EDDC6C b/id/server/data/deploy/conf/moa-id/certs/certstore/F7D331850EC13D22284909E0FC3493A65FFA7F30/EC988340526163D5B7AC80481B2AC76828EDDC6C
deleted file mode 100644
index 585047fa2..000000000
--- a/id/server/data/deploy/conf/moa-id/certs/certstore/F7D331850EC13D22284909E0FC3493A65FFA7F30/EC988340526163D5B7AC80481B2AC76828EDDC6C
+++ /dev/null
Binary files differ
diff --git a/id/server/data/deploy/conf/moa-id/certs/certstore/toBeAdded/A-Trust-Qual-01-20140701-20240701.SerNo144ddd(SecureSignatureKeypair).cer b/id/server/data/deploy/conf/moa-id/certs/certstore/toBeAdded/A-Trust-Qual-01-20140701-20240701.SerNo144ddd(SecureSignatureKeypair).cer
deleted file mode 100644
index eb051dc4d..000000000
--- a/id/server/data/deploy/conf/moa-id/certs/certstore/toBeAdded/A-Trust-Qual-01-20140701-20240701.SerNo144ddd(SecureSignatureKeypair).cer
+++ /dev/null
@@ -1,26 +0,0 @@
------BEGIN CERTIFICATE-----
-MIIEUzCCAzugAwIBAgIDFE3dMA0GCSqGSIb3DQEBBQUAMIHPMQswCQYDVQQGEwJB
-VDGBizCBiAYDVQQKHoGAAEEALQBUAHIAdQBzAHQAIABHAGUAcwAuACAAZgD8AHIA
-IABTAGkAYwBoAGUAcgBoAGUAaQB0AHMAcwB5AHMAdABlAG0AZQAgAGkAbQAgAGUA
-bABlAGsAdAByAC4AIABEAGEAdABlAG4AdgBlAHIAawBlAGgAcgAgAEcAbQBiAEgx
-GDAWBgNVBAsTD0EtVHJ1c3QtUXVhbC0wMTEYMBYGA1UEAxMPQS1UcnVzdC1RdWFs
-LTAxMB4XDTE0MDcwMTExMjExNVoXDTI0MDcwMTA5MjExNVowgc8xCzAJBgNVBAYT
-AkFUMYGLMIGIBgNVBAoegYAAQQAtAFQAcgB1AHMAdAAgAEcAZQBzAC4AIABmAPwA
-cgAgAFMAaQBjAGgAZQByAGgAZQBpAHQAcwBzAHkAcwB0AGUAbQBlACAAaQBtACAA
-ZQBsAGUAawB0AHIALgAgAEQAYQB0AGUAbgB2AGUAcgBrAGUAaAByACAARwBtAGIA
-SDEYMBYGA1UECxMPQS1UcnVzdC1RdWFsLTAxMRgwFgYDVQQDEw9BLVRydXN0LVF1
-YWwtMDEwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCmhgdxIbxTGEOH
-fXGiewI3NFldAWKFWfLofO+5I1UbvA5avt7IgsGXz/tI/f5HGUbascI0i7xG0tqV
-lA5ctQgLRqxgxHtgTkMcqsAEYdsz3LZsCdXO1QrvEBGLTSABdxiL/gSWJ6z77CSw
-x7Xg02HwxPV82cjGkSF3ENGJntuIAAnRDWn/ORHjFatNRymoMbHaOEZXSGhf7Y5F
-rrHEqGyi9E6sv784De/T1aTvskn8cWeUmDzv//omiG/a/V9KQex/61XN8OthUQVn
-X+u/liL2NKx74I2C/GgHX5B0WkPNqsSOgmlvJ/cKuT0PveUgVFDAA0oYBgcE1KDM
-lBbN0kmPAgMBAAGjNjA0MA8GA1UdEwEB/wQFMAMBAf8wEQYDVR0OBAoECEs8jB2F
-6W+tMA4GA1UdDwEB/wQEAwIBBjANBgkqhkiG9w0BAQUFAAOCAQEAQIN9LZbMivO9
-kWLDlDI9cTEIPpRXmgNdaBQRUpZc2ML0vDW6OVI90r8GxFQTE/I7HjrvuqQDTEL1
-qd8tthiazsLYI5eDX1CtJEFFtg25Y9t3tK2HsShb8sCj798hoXsOMFR9qhp5Fjb8
-TX4CVuQ3sK1TKeNlDmpAx6SqkYYT0CCMccsxt2j89ED8Z+B/yW19OZQk3BFDigYL
-46YsLKAC96ItFpUOs8ZbAUfUlpVA6G+09EMcDxOcuD/ebLx6I/ynwYAtqYXaizsY
-KTE35A3M2ghfGFJ+DlQoh3Bn/RG01LKXXgaVTHHMvvpxBp55wz2SocD/PpFe+D6Q
-C016YgTrrQ==
------END CERTIFICATE-----
diff --git a/id/server/data/deploy/conf/moa-id/certs/certstore/toBeAdded/A-Trust-Qual-02-20140701-20240701.SerNo144de4(SecureSignatureKeypair).cer b/id/server/data/deploy/conf/moa-id/certs/certstore/toBeAdded/A-Trust-Qual-02-20140701-20240701.SerNo144de4(SecureSignatureKeypair).cer
deleted file mode 100644
index be29fb6ac..000000000
--- a/id/server/data/deploy/conf/moa-id/certs/certstore/toBeAdded/A-Trust-Qual-02-20140701-20240701.SerNo144de4(SecureSignatureKeypair).cer
+++ /dev/null
@@ -1,23 +0,0 @@
------BEGIN CERTIFICATE-----
-MIIDyzCCArOgAwIBAgIDFE3kMA0GCSqGSIb3DQEBBQUAMIGLMQswCQYDVQQGEwJB
-VDFIMEYGA1UECgw/QS1UcnVzdCBHZXMuIGYuIFNpY2hlcmhlaXRzc3lzdGVtZSBp
-bSBlbGVrdHIuIERhdGVudmVya2VociBHbWJIMRgwFgYDVQQLDA9BLVRydXN0LVF1
-YWwtMDIxGDAWBgNVBAMMD0EtVHJ1c3QtUXVhbC0wMjAeFw0xNDA3MDExMTIzMzNa
-Fw0yNDA3MDEwOTIzMzNaMIGLMQswCQYDVQQGEwJBVDFIMEYGA1UECgw/QS1UcnVz
-dCBHZXMuIGYuIFNpY2hlcmhlaXRzc3lzdGVtZSBpbSBlbGVrdHIuIERhdGVudmVy
-a2VociBHbWJIMRgwFgYDVQQLDA9BLVRydXN0LVF1YWwtMDIxGDAWBgNVBAMMD0Et
-VHJ1c3QtUXVhbC0wMjCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAJaR
-q9eOsFm4Ab20Hq2Z/aH86gyWa48uSUjY6eQkguHYuszr3gdcSMYZggFHQgnhfLmf
-ro/27l5rqKhWiDhWs+b+yZ1PNDhRPJy+86ycHMg9XJqErveULBSyZDdgjhSwOyrN
-ibUir/fkf+4sKzP5jjytTKJXD/uCxY4fAd9TjMEVpN3umpIS0ijpYhclYDHvzzGU
-833z5Dwhq5D8bc9jp8YSAHFJ1xzIoO1jmn3jjyjdYPnY5harJtHQL73nDQnfbtTs
-5ThT9GQLulrMgLU4WeyAWWWEMWpfVZFMJOUkmoOEer6A8e5fIAeqdxdsC+JVqpZ4
-CAKel/Arrlj1gFA//jsCAwEAAaM2MDQwDwYDVR0TAQH/BAUwAwEB/zARBgNVHQ4E
-CgQIQj0rJKbBRc4wDgYDVR0PAQH/BAQDAgEGMA0GCSqGSIb3DQEBBQUAA4IBAQBh
-MfOINQm4XpzF6DmkOmb/ArSXHf5LObqFmIMooNr2TkyzrUTK/NE+mdrm15Rfdts7
-kZVq/ICfQSFeaPvWaAVq4plH/26OjvMTVv7DfgfPBUxDWqlCuDnDnPAVQ+yo/o5i
-BA5uUlMbp5znbDtlxwF/5gWqcn/hKxSUCP1uiOPIlKfeVvsRmBcJAdoixTM/Ic10
-pavJMGOI20onArvQZAUEbXQLA8cs8naxfF6Bo36U9nk6wn7q8VPXhViekByd17F6
-9A+ah0Iqw4SPf9BqNRIe1YxxjDhCmjWt3aoyE3ZFBuGjW+r2ipb/vGU1+2oyy2Fd
-2dMmiMQ7gGhWX9X6gWLd
------END CERTIFICATE-----
diff --git a/id/server/data/deploy/conf/moa-id/certs/certstore/toBeAdded/A-Trust-Qual-03-20140701-20240701.SerNo144df5(SecureSignatureKeypair).cer b/id/server/data/deploy/conf/moa-id/certs/certstore/toBeAdded/A-Trust-Qual-03-20140701-20240701.SerNo144df5(SecureSignatureKeypair).cer
deleted file mode 100644
index e1100c7fc..000000000
--- a/id/server/data/deploy/conf/moa-id/certs/certstore/toBeAdded/A-Trust-Qual-03-20140701-20240701.SerNo144df5(SecureSignatureKeypair).cer
+++ /dev/null
@@ -1,23 +0,0 @@
------BEGIN CERTIFICATE-----
-MIIDyzCCArOgAwIBAgIDFE31MA0GCSqGSIb3DQEBBQUAMIGLMQswCQYDVQQGEwJB
-VDFIMEYGA1UECgw/QS1UcnVzdCBHZXMuIGYuIFNpY2hlcmhlaXRzc3lzdGVtZSBp
-bSBlbGVrdHIuIERhdGVudmVya2VociBHbWJIMRgwFgYDVQQLDA9BLVRydXN0LVF1
-YWwtMDMxGDAWBgNVBAMMD0EtVHJ1c3QtUXVhbC0wMzAeFw0xNDA3MDExMTMwNTZa
-Fw0yNDA3MDEwOTMwNTZaMIGLMQswCQYDVQQGEwJBVDFIMEYGA1UECgw/QS1UcnVz
-dCBHZXMuIGYuIFNpY2hlcmhlaXRzc3lzdGVtZSBpbSBlbGVrdHIuIERhdGVudmVy
-a2VociBHbWJIMRgwFgYDVQQLDA9BLVRydXN0LVF1YWwtMDMxGDAWBgNVBAMMD0Et
-VHJ1c3QtUXVhbC0wMzCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBALOe
-JIgc0s9AA0hqqqWgK72W9XwKn5+rUJDbQc5WgHkqwP2TU3qcW/NZYSSIY6PVGO6b
-hHSEnOyMPdrBhnpvNi4m6349yT6t565LdHcoKyQg/youwpVkEPZ+e8O32hF9nqvt
-L4wZohydjMwzcHUJB/5e+0CkJYwv/bVRZzqoK0yf1midYJukxWOw7nDNKD9KdOpZ
-+XXFAAZuH7BjwSqqE138y9JlGzkxIlrCeSJdGfFLwr7OHIgBdPEmQXcyOcaMUGjP
-U4VDig+gj+6OC5KjAEC+wKJZXiyhRLj+HyLTDLrQ6O8p5HI3Sov4FuwiMgcqIyzz
-o9fNyqmnT3K/vBGOqBsCAwEAAaM2MDQwDwYDVR0TAQH/BAUwAwEB/zARBgNVHQ4E
-CgQIRgbfN/LCNxAwDgYDVR0PAQH/BAQDAgEGMA0GCSqGSIb3DQEBBQUAA4IBAQBy
-jA/CmId9oz8sy4rwEklti+8TLS/aLHkiMqUmKjuHyT/6mz4Qh4fLfAAEv8iGSZiW
-+7+Gv7HTcuEEdyNNhUmMGJLSQA/3KBjlttHXLiG943wnvcZf3LtkFc+8Ia5N3bNS
-BM6q7/OFKHSS+iHcAJ8XS6SnLITYRyfo0thsXBaHpkTUkEP0uJY+yoE/EcBkvsGX
-drLIawu8YOrNZvs3S6Ag0ex5brIdqiNtlUGwRxpLwssfBho5K0NqpXAloHT9kHBd
-rGb2GrVdLIesuVivSP9zq09M8bcm3jDPCHv5bcudPZVX7rkr79VphgLfKlINA4Fw
-VxCuPLXx/4sCfANQtvuY
------END CERTIFICATE-----
diff --git a/id/server/data/deploy/conf/moa-id/certs/certstore/toBeAdded/A-Trust-Root-05.20130923-20230920.SerNoFCDB4.cer b/id/server/data/deploy/conf/moa-id/certs/certstore/toBeAdded/A-Trust-Root-05.20130923-20230920.SerNoFCDB4.cer
deleted file mode 100644
index b9a0e5a61..000000000
--- a/id/server/data/deploy/conf/moa-id/certs/certstore/toBeAdded/A-Trust-Root-05.20130923-20230920.SerNoFCDB4.cer
+++ /dev/null
Binary files differ
diff --git a/id/server/data/deploy/conf/moa-id/certs/certstore/toBeAdded/A-Trust-nQual-01-20140701-20240701.SerNo144dc3(CertifiedKeypair).cer b/id/server/data/deploy/conf/moa-id/certs/certstore/toBeAdded/A-Trust-nQual-01-20140701-20240701.SerNo144dc3(CertifiedKeypair).cer
deleted file mode 100644
index e90f5f2a6..000000000
--- a/id/server/data/deploy/conf/moa-id/certs/certstore/toBeAdded/A-Trust-nQual-01-20140701-20240701.SerNo144dc3(CertifiedKeypair).cer
+++ /dev/null
@@ -1,21 +0,0 @@
------BEGIN CERTIFICATE-----
-MIIDXTCCAkWgAwIBAgIDFE3DMA0GCSqGSIb3DQEBBQUAMFUxCzAJBgNVBAYTAkFU
-MRAwDgYDVQQKEwdBLVRydXN0MRkwFwYDVQQLExBBLVRydXN0LW5RdWFsLTAxMRkw
-FwYDVQQDExBBLVRydXN0LW5RdWFsLTAxMB4XDTE0MDcwMTExMDk1NFoXDTI0MDcw
-MTA5MDk1NFowVTELMAkGA1UEBhMCQVQxEDAOBgNVBAoTB0EtVHJ1c3QxGTAXBgNV
-BAsTEEEtVHJ1c3QtblF1YWwtMDExGTAXBgNVBAMTEEEtVHJ1c3QtblF1YWwtMDEw
-ggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQD/9RyAEZ6eHmhYzNJ328f0
-jmdSUFi6EqRqOxb3jHNPTIpK82CR6z5lmSnZQNUuCPD+htbNZffd2DKVB06NOyZ1
-2zcOMCgj4GtkZoqE0zPpPT3bpoE55nkZZe/qWEX/64wz/L/4EdkvKDSKG/UsP75M
-tmCVY5m2Eg73RVFRz4ccBIMpHel4lzEqSkdDtZOY5fnkrE333hx67nxq21vY8Eyf
-8O4fPQ5RtN8eohQCcPQ1z6ypU1R7N9jPRpnI+yzMOiwd3+QcKhHi1miCzo0pkOaB
-1CwmfsTyNl8qU0NJUL9Ta6cea7WThwTiWol2yD88cd2cy388xpbNkfrCPmZNGLoV
-AgMBAAGjNjA0MA8GA1UdEwEB/wQFMAMBAf8wEQYDVR0OBAoECE5ZzscCMocwMA4G
-A1UdDwEB/wQEAwIBBjANBgkqhkiG9w0BAQUFAAOCAQEAO3hBdwsNQOtYOAlC2PKT
-sdNexKqMefFGrGDYIEAflaudwpcqUgv7fLLhMNRMT+BcXtqXtfNHGsll2GwseuMq
-C02bPUmbfNV4P9djIz/s6qqvNQaQneFzhuXn+i0YQ10sFFVeIL3qrBMl1lwBeQ64
-/GyvrbGiHuuagEUc25CDrUqni+b+azaPUsRG6IXkIWG0H6WIMqtxIdHzAV/1raKh
-PKot1VhG2rivf1cBBGXU/0VSYBitXrLNwXwlX2ad0WiFHUF8RS9F3j2vVSYMfxer
-NPNaRLtCkHNSqCIDkMmmHJKbJbKJzMaZYmX2i2nc16HCpE/gbQc3etQCl3GvzO88
-xw==
------END CERTIFICATE-----
diff --git a/id/server/data/deploy/conf/moa-id/certs/certstore/toBeAdded/A-Trust-nQual-03-20140723-20250723.SerNo14b4f9.cer b/id/server/data/deploy/conf/moa-id/certs/certstore/toBeAdded/A-Trust-nQual-03-20140723-20250723.SerNo14b4f9.cer
deleted file mode 100644
index 2284687bb..000000000
--- a/id/server/data/deploy/conf/moa-id/certs/certstore/toBeAdded/A-Trust-nQual-03-20140723-20250723.SerNo14b4f9.cer
+++ /dev/null
@@ -1,23 +0,0 @@
------BEGIN CERTIFICATE-----
-MIIDzzCCAregAwIBAgIDFLT5MA0GCSqGSIb3DQEBBQUAMIGNMQswCQYDVQQGEwJB
-VDFIMEYGA1UECgw/QS1UcnVzdCBHZXMuIGYuIFNpY2hlcmhlaXRzc3lzdGVtZSBp
-bSBlbGVrdHIuIERhdGVudmVya2VociBHbWJIMRkwFwYDVQQLDBBBLVRydXN0LW5R
-dWFsLTAzMRkwFwYDVQQDDBBBLVRydXN0LW5RdWFsLTAzMB4XDTE0MDcyMzEwMzgy
-OVoXDTI1MDcyMzA4MzgyOVowgY0xCzAJBgNVBAYTAkFUMUgwRgYDVQQKDD9BLVRy
-dXN0IEdlcy4gZi4gU2ljaGVyaGVpdHNzeXN0ZW1lIGltIGVsZWt0ci4gRGF0ZW52
-ZXJrZWhyIEdtYkgxGTAXBgNVBAsMEEEtVHJ1c3QtblF1YWwtMDMxGTAXBgNVBAMM
-EEEtVHJ1c3QtblF1YWwtMDMwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIB
-AQCtPWFuA/OQO8BBC4SAzewqo51ru27CQoT3URThoKgtUaNR8t4j8DRE/5TrzAUj
-lUC5B3ilJfYKvUWG6Nm9wASOhURh73+nyfrBJcyFLGM/BWBzSQXgYHiVEEvc+RFZ
-znF/QJuKqiTfC0Li21a8StKlDJu3Qz7dg9MmEALP6iPESU7l0+m0iKsMrmKS1GWH
-2WrX9IWf5DMiJaXlyDO6w8dB3F/GaswADm0yqLaHNgBid5seHzTLkDx4iHQF63n1
-k3Flyp3HaxgtPVxO59X4PzF9j4fsCiIvI+n+u33J4PTs63zEsMMtYrWacdaxaujs
-2e3Vcuy+VwHOBVWf3tFgiBCzAgMBAAGjNjA0MA8GA1UdEwEB/wQFMAMBAf8wEQYD
-VR0OBAoECERqlWdVeRFPMA4GA1UdDwEB/wQEAwIBBjANBgkqhkiG9w0BAQUFAAOC
-AQEAEoykPeAA/6iKm6YnfxsSHFe+Dtian2yAH8L2TqMdcHeSB/7L1x73uuDeYku1
-hbKQAXnfXntf8R+VgjQBTww0aDb5164netYcFbK0g8uVWVCqOl8wf3JbAUxHS9br
-cFKks+CJKPr6qQ6H+sb1o9127c9IQSZYP3S/gMAaGw0cSTlsnosE0P5Ur5vHsapm
-FV3V+VOjYNs2GLSu4XQCYvSIpsfDJp8VsJ/BMYS9GqGvQ/9qGa0fwEbEMadb5mcJ
-tw/EKg4gJthMgxOfO5eVuCQ3PAEWOe5lrOrTdvTIlhphUuns5hoIdlyLuNqewK3s
-FJ6N46sU7LjJLqSKYEB8usoIiw==
------END CERTIFICATE-----
diff --git a/id/server/data/deploy/conf/moa-id/certs/certstore/toBeAdded/DigiCert High Assurance EV Root CA.crt b/id/server/data/deploy/conf/moa-id/certs/certstore/toBeAdded/DigiCert High Assurance EV Root CA.crt
deleted file mode 100644
index 4b1bc66be..000000000
--- a/id/server/data/deploy/conf/moa-id/certs/certstore/toBeAdded/DigiCert High Assurance EV Root CA.crt
+++ /dev/null
@@ -1,23 +0,0 @@
------BEGIN CERTIFICATE-----
-MIIDxTCCAq2gAwIBAgIQAqxcJmoLQJuPC3nyrkYldzANBgkqhkiG9w0BAQUFADBs
-MQswCQYDVQQGEwJVUzEVMBMGA1UEChMMRGlnaUNlcnQgSW5jMRkwFwYDVQQLExB3
-d3cuZGlnaWNlcnQuY29tMSswKQYDVQQDEyJEaWdpQ2VydCBIaWdoIEFzc3VyYW5j
-ZSBFViBSb290IENBMB4XDTA2MTExMDAwMDAwMFoXDTMxMTExMDAwMDAwMFowbDEL
-MAkGA1UEBhMCVVMxFTATBgNVBAoTDERpZ2lDZXJ0IEluYzEZMBcGA1UECxMQd3d3
-LmRpZ2ljZXJ0LmNvbTErMCkGA1UEAxMiRGlnaUNlcnQgSGlnaCBBc3N1cmFuY2Ug
-RVYgUm9vdCBDQTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAMbM5XPm
-+9S75S0tMqbf5YE/yc0lSbZxKsPVlDRnogocsF9ppkCxxLeyj9CYpKlBWTrT3JTW
-PNt0OKRKzE0lgvdKpVMSOO7zSW1xkX5jtqumX8OkhPhPYlG++MXs2ziS4wblCJEM
-xChBVfvLWokVfnHoNb9Ncgk9vjo4UFt3MRuNs8ckRZqnrG0AFFoEt7oT61EKmEFB
-Ik5lYYeBQVCmeVyJ3hlKV9Uu5l0cUyx+mM0aBhakaHPQNAQTXKFx01p8VdteZOE3
-hzBWBOURtCmAEvF5OYiiAhF8J2a3iLd48soKqDirCmTCv2ZdlYTBoSUeh10aUAsg
-EsxBu24LUTi4S8sCAwEAAaNjMGEwDgYDVR0PAQH/BAQDAgGGMA8GA1UdEwEB/wQF
-MAMBAf8wHQYDVR0OBBYEFLE+w2kD+L9HAdSYJhoIAu9jZCvDMB8GA1UdIwQYMBaA
-FLE+w2kD+L9HAdSYJhoIAu9jZCvDMA0GCSqGSIb3DQEBBQUAA4IBAQAcGgaX3Nec
-nzyIZgYIVyHbIUf4KmeqvxgydkAQV8GK83rZEWWONfqe/EW1ntlMMUu4kehDLI6z
-eM7b41N5cdblIZQB2lWHmiRk9opmzN6cN82oNLFpmyPInngiK3BD41VHMWEZ71jF
-hS9OMPagMRYjyOfiZRYzy78aG6A9+MpeizGLYAiJLQwGXFK3xPkKmNEVX58Svnw2
-Yzi9RKR/5CYrCsSXaQ3pjOLAEFe4yHYSkVXySGnYvCoCWw9E1CAx2/S6cCZdkGCe
-vEsXCS+0yx5DaMkHJ8HSXPfqIbloEpw8nL+e/IBcm2PN7EeqJSdnoDfzAIJ9VNep
-+OkuE6N36B9K
------END CERTIFICATE-----
diff --git a/id/server/data/deploy/conf/moa-id/certs/certstore/toBeAdded/TERENA SSL High Assurance CA 3 (DigiCert High Assurance EV Root CA).crt b/id/server/data/deploy/conf/moa-id/certs/certstore/toBeAdded/TERENA SSL High Assurance CA 3 (DigiCert High Assurance EV Root CA).crt
deleted file mode 100644
index ebdf72d7f..000000000
--- a/id/server/data/deploy/conf/moa-id/certs/certstore/toBeAdded/TERENA SSL High Assurance CA 3 (DigiCert High Assurance EV Root CA).crt
+++ /dev/null
@@ -1,29 +0,0 @@
------BEGIN CERTIFICATE-----
-MIIE4DCCA8igAwIBAgIQC1w0NWdbJGfA1zI3+Q1flDANBgkqhkiG9w0BAQsFADBs
-MQswCQYDVQQGEwJVUzEVMBMGA1UEChMMRGlnaUNlcnQgSW5jMRkwFwYDVQQLExB3
-d3cuZGlnaWNlcnQuY29tMSswKQYDVQQDEyJEaWdpQ2VydCBIaWdoIEFzc3VyYW5j
-ZSBFViBSb290IENBMB4XDTE0MTExODEyMDAwMFoXDTI0MTExODEyMDAwMFowczEL
-MAkGA1UEBhMCTkwxFjAUBgNVBAgTDU5vb3JkLUhvbGxhbmQxEjAQBgNVBAcTCUFt
-c3RlcmRhbTEPMA0GA1UEChMGVEVSRU5BMScwJQYDVQQDEx5URVJFTkEgU1NMIEhp
-Z2ggQXNzdXJhbmNlIENBIDMwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIB
-AQChNsmK4gfxr6c9j2OMBRo3gOA7z5keoaPHiX4rUX+1fF1Brmvf7Uo83sRiXRYQ
-RJrD79hzJrulDtdihxgS5HgvIQHqGrp3NRRDUlq/4bItLTp9QCHzLhRQSrSYaFkI
-zztYezwb3ABzNiVciqQFk7WR9ebh9ZaCxaXfebcg7LodgQQ4XDvkW2Aknkb1J8NV
-nlbKen6PLlNSL4+MLV+uF1e87aTgOxbM9sxZ1/1LRqrOu28z9WA8qUZn2Av+hcP2
-TQIBoMPMQ8dT+6Yx/0Y+2J702OU//dS0pi8gMe7FtYVcZrlcSy/C40I7EFYHEjTm
-zH4EGvG6t9wZua2atFKvP/7HAgMBAAGjggF1MIIBcTASBgNVHRMBAf8ECDAGAQH/
-AgEAMA4GA1UdDwEB/wQEAwIBhjB/BggrBgEFBQcBAQRzMHEwJAYIKwYBBQUHMAGG
-GGh0dHA6Ly9vY3NwLmRpZ2ljZXJ0LmNvbTBJBggrBgEFBQcwAoY9aHR0cDovL2Nh
-Y2VydHMuZGlnaWNlcnQuY29tL0RpZ2lDZXJ0SGlnaEFzc3VyYW5jZUVWUm9vdENB
-LmNydDBLBgNVHR8ERDBCMECgPqA8hjpodHRwOi8vY3JsNC5kaWdpY2VydC5jb20v
-RGlnaUNlcnRIaWdoQXNzdXJhbmNlRVZSb290Q0EuY3JsMD0GA1UdIAQ2MDQwMgYE
-VR0gADAqMCgGCCsGAQUFBwIBFhxodHRwczovL3d3dy5kaWdpY2VydC5jb20vQ1BT
-MB0GA1UdDgQWBBTCuIXX4bkTvdFIvP1e3H2QQnqKqTAfBgNVHSMEGDAWgBSxPsNp
-A/i/RwHUmCYaCALvY2QrwzANBgkqhkiG9w0BAQsFAAOCAQEAsCq7NTey6NjZHqT4
-kjZBNU3sItnD+RYAMWx4ZyaELcy7XhndQzX88TYSCYxl/YWB6lCjxx0dL3wTZUbX
-r+WRDzz5xX+98kdYrwNCT7fmT4eenv6cCS1sC9hc4sIl5dkb1pguY3ViV5D8/yEB
-hadOpw3TwI8xkqe2j/H5fp4Oaf9cFdpf9C85mQgZJwsvtvmmDTQTPcGPRFTgdGtY
-2xbWxDah6HjKpX6iI4BTBQhhpX6TJl6/GEaYK07s2Kr8BFPhrgmep9vrepWv61x7
-dnnqz5SeAs6cbSm551qG7Dj8+6f/8e33oqLC5Ldnbt0Ou6PjtZ4O02dN9cnicemR
-1B0/YQ==
------END CERTIFICATE-----
diff --git a/id/server/data/deploy/conf/moa-id/certs/certstore/toBeAdded/a-sign-Premium-Enc-05.20130923-20230920.SerNoFCDEE.cer b/id/server/data/deploy/conf/moa-id/certs/certstore/toBeAdded/a-sign-Premium-Enc-05.20130923-20230920.SerNoFCDEE.cer
deleted file mode 100644
index d17d07619..000000000
--- a/id/server/data/deploy/conf/moa-id/certs/certstore/toBeAdded/a-sign-Premium-Enc-05.20130923-20230920.SerNoFCDEE.cer
+++ /dev/null
Binary files differ
diff --git a/id/server/data/deploy/conf/moa-id/certs/certstore/toBeAdded/a-sign-Premium-Sig-05.20130923-20230920.SerNoFCDB8.cer b/id/server/data/deploy/conf/moa-id/certs/certstore/toBeAdded/a-sign-Premium-Sig-05.20130923-20230920.SerNoFCDB8.cer
deleted file mode 100644
index a6a9acdc3..000000000
--- a/id/server/data/deploy/conf/moa-id/certs/certstore/toBeAdded/a-sign-Premium-Sig-05.20130923-20230920.SerNoFCDB8.cer
+++ /dev/null
Binary files differ
diff --git a/id/server/data/deploy/conf/moa-id/certs/certstore/toBeAdded/a-sign-Premium-Test-Sig-02.20141124-20241118.SerNo3969edc1.cer b/id/server/data/deploy/conf/moa-id/certs/certstore/toBeAdded/a-sign-Premium-Test-Sig-02.20141124-20241118.SerNo3969edc1.cer
deleted file mode 100644
index 1bb449441..000000000
--- a/id/server/data/deploy/conf/moa-id/certs/certstore/toBeAdded/a-sign-Premium-Test-Sig-02.20141124-20241118.SerNo3969edc1.cer
+++ /dev/null
Binary files differ
diff --git a/id/server/data/deploy/conf/moa-id/certs/certstore/toBeAdded/a-sign-Premium-enc-02.20140701-20240701.SerNo144dfd.cer b/id/server/data/deploy/conf/moa-id/certs/certstore/toBeAdded/a-sign-Premium-enc-02.20140701-20240701.SerNo144dfd.cer
deleted file mode 100644
index 6c0c042b4..000000000
--- a/id/server/data/deploy/conf/moa-id/certs/certstore/toBeAdded/a-sign-Premium-enc-02.20140701-20240701.SerNo144dfd.cer
+++ /dev/null
Binary files differ
diff --git a/id/server/data/deploy/conf/moa-id/certs/certstore/toBeAdded/a-sign-SSL-03.20140723-20240723.SerNo14b4fd.cer b/id/server/data/deploy/conf/moa-id/certs/certstore/toBeAdded/a-sign-SSL-03.20140723-20240723.SerNo14b4fd.cer
deleted file mode 100644
index 04627da98..000000000
--- a/id/server/data/deploy/conf/moa-id/certs/certstore/toBeAdded/a-sign-SSL-03.20140723-20240723.SerNo14b4fd.cer
+++ /dev/null
@@ -1,26 +0,0 @@
------BEGIN CERTIFICATE-----
-MIIEdzCCA1+gAwIBAgIDFLT9MA0GCSqGSIb3DQEBBQUAMIGNMQswCQYDVQQGEwJB
-VDFIMEYGA1UECgw/QS1UcnVzdCBHZXMuIGYuIFNpY2hlcmhlaXRzc3lzdGVtZSBp
-bSBlbGVrdHIuIERhdGVudmVya2VociBHbWJIMRkwFwYDVQQLDBBBLVRydXN0LW5R
-dWFsLTAzMRkwFwYDVQQDDBBBLVRydXN0LW5RdWFsLTAzMB4XDTE0MDcyMzEwNDIw
-NVoXDTI0MDcyMzA4NDIwNVowgYcxCzAJBgNVBAYTAkFUMUgwRgYDVQQKDD9BLVRy
-dXN0IEdlcy4gZi4gU2ljaGVyaGVpdHNzeXN0ZW1lIGltIGVsZWt0ci4gRGF0ZW52
-ZXJrZWhyIEdtYkgxFjAUBgNVBAsMDWEtc2lnbi1TU0wtMDMxFjAUBgNVBAMMDWEt
-c2lnbi1TU0wtMDMwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDMjPM6
-PqgdPBPV4Efudpytt2Y4GZJfjeRdZo5SCuULDvvL+23xxBWnR3scFvfE1ekHN/YK
-k+2/qhU2B2ntoSNJSyDchNM8YPc9Lx67zZyhQTZgbBzh3IZAVb/hwuRRRV68JCBj
-r3r6v7IbwjH5XcVISdB4szx0z93aAQyKW9QkV+tD5a1vWFETvdHsZeVmDzfqcdsG
-AznPJw+9HrImCsswCWYUgPcFRkPNjj2r2NoyckVN781aWmNTAqJPf/Ckj9l9pUIt
-Vjhy8XNJW4iVDBkkykBXcGSkIau0ypJrRjsD1jKqUTIRZ/y2HlyltmwWi8OuyBLd
-LaHDbjc0b6JmqoivAgMBAAGjgeMwgeAwDwYDVR0TAQH/BAUwAwEB/zARBgNVHQ4E
-CgQIQD6h02K0A90wEwYDVR0jBAwwCoAIRGqVZ1V5EU8wDgYDVR0PAQH/BAQDAgEG
-MIGUBgNVHR8EgYwwgYkwgYaggYOggYCGfmxkYXA6Ly9sZGFwLmEtdHJ1c3QuYXQv
-b3U9QS1UcnVzdC1uUXVhbC0wMyxvPUEtVHJ1c3QsYz1BVD9jZXJ0aWZpY2F0ZXJl
-dm9jYXRpb25saXN0P2Jhc2U/b2JqZWN0Y2xhc3M9ZWlkQ2VydGlmaWNhdGlvbkF1
-dGhvcml0eTANBgkqhkiG9w0BAQUFAAOCAQEAbHQvTl94ommGFln3s6wmd/tr6r5R
-3FR3A7O/uiGEAqm/7B84KGkTmKHhChGMiCiMcBSGtMx1IaO+t7gimLtRL57wgeIf
-k6nsgcbBioh0nO12XDagdtj75Dr7buEFyQvFdfydi5cAwScLW+YYxtwDni9/debd
-ypFKeCRxdCX12n0oFQDPJf8YvE4CaDitBJCQrZdJBDpB6muF8mpNq8CIuyTPIBZX
-RPKJNfIraKq/Xi7tuLkvWVGVsSqJeTvP++05Tvv/44+XBpCp3sUrjsb0G0Mj90PG
-SnAapsrgzDzLO/LQ8vrB9H2oRM4iYfUxu/dKSOBVXa3WQzsLBL0/9zZ30g==
------END CERTIFICATE-----
diff --git a/id/server/data/deploy/conf/moa-id/certs/certstore/toBeAdded/a-sign-Test-Qual-01.20141117-20241111.SerNo16120f.cer b/id/server/data/deploy/conf/moa-id/certs/certstore/toBeAdded/a-sign-Test-Qual-01.20141117-20241111.SerNo16120f.cer
deleted file mode 100644
index 60bc9a557..000000000
--- a/id/server/data/deploy/conf/moa-id/certs/certstore/toBeAdded/a-sign-Test-Qual-01.20141117-20241111.SerNo16120f.cer
+++ /dev/null
@@ -1,23 +0,0 @@
------BEGIN CERTIFICATE-----
-MIID2zCCAsOgAwIBAgIDFhIPMA0GCSqGSIb3DQEBBQUAMIGTMQswCQYDVQQGEwJB
-VDFIMEYGA1UECgw/QS1UcnVzdCBHZXMuIGYuIFNpY2hlcmhlaXRzc3lzdGVtZSBp
-bSBlbGVrdHIuIERhdGVudmVya2VociBHbWJIMRwwGgYDVQQLDBNhLXNpZ24tVEVT
-VC1RdWFsLTAxMRwwGgYDVQQDDBNhLXNpZ24tVEVTVC1RdWFsLTAxMB4XDTE0MTEx
-NzA3NDAzNloXDTI0MTExMTA2NDAzNlowgZMxCzAJBgNVBAYTAkFUMUgwRgYDVQQK
-DD9BLVRydXN0IEdlcy4gZi4gU2ljaGVyaGVpdHNzeXN0ZW1lIGltIGVsZWt0ci4g
-RGF0ZW52ZXJrZWhyIEdtYkgxHDAaBgNVBAsME2Etc2lnbi1URVNULVF1YWwtMDEx
-HDAaBgNVBAMME2Etc2lnbi1URVNULVF1YWwtMDEwggEiMA0GCSqGSIb3DQEBAQUA
-A4IBDwAwggEKAoIBAQD4TRgyXzhxJ2AkndX0RPY771f64dsJrReEeuShLRK5io0B
-kJWc4t7wuD1B98cJ0MUPlMmOJ2Ckc/vuLhQUyY3qEUmhMhixCUIcdHQ5yH3H0yMV
-HxyJxAG83fE8M25kpKA4TzzMW8KPd2S63wbpPElyEy7vrllrLxvdQRSDpMZMvRg8
-fvoDGAehxsnKKwlXZuMq1aSBzfMz3cMBDKxvqzDIz7yC1iWNkdiwog3a5a5PbViK
-shhZ0h+bx9WFDpiN6ooPQgcGhjD+NqIDoiOr7CUFHp+HiC6xIsEFJaBHTf3dRZ61
-0r1FDABx0Yj8+wlXSQLYq/1nR/QMwsvH0Cz1qYTPAgMBAAGjNjA0MA8GA1UdEwEB
-/wQFMAMBAf8wEQYDVR0OBAoECE8h1CulBqTdMA4GA1UdDwEB/wQEAwIBBjANBgkq
-hkiG9w0BAQUFAAOCAQEAimFu+xTm3UdyU+fO+2hz4DS20OGSC9NBDkorjzhRPWoZ
-IVhUi6yH5drqSBm4/2ZYS1Ba5npzfyJwm+cLO28ljxAApfRHlbN0y83hKv7c0I7g
-zWTMRs8X8ar5Gd7d4O5jpC4PAaZ1ozSDoE06U5im6YMLaJy/0QYvf5EQBMvLdeoc
-d1vl17JYKYqYzcX2dvayikrfiglFqDaZZ66yJPBSuiyNhXpPkbXsOoyyTPtV/0Bh
-eKIQiQyJID5aZtR7D4fBAzKdp5wB9KLQXBZ80hrwqrIuy+ME0tFaBWYBi8dzQ1iq
-/E3Qz0USfGmxPMm8y/zRqsDvxZCRiSuvzBkOXbGMdA==
------END CERTIFICATE-----
diff --git a/id/server/data/deploy/conf/moa-id/certs/certstore/toBeAdded/a-sign-corporate-light-02.20140905-20240905.SerNo153B49.cer b/id/server/data/deploy/conf/moa-id/certs/certstore/toBeAdded/a-sign-corporate-light-02.20140905-20240905.SerNo153B49.cer
deleted file mode 100644
index e4bd48dac..000000000
--- a/id/server/data/deploy/conf/moa-id/certs/certstore/toBeAdded/a-sign-corporate-light-02.20140905-20240905.SerNo153B49.cer
+++ /dev/null
Binary files differ
diff --git a/id/server/data/deploy/conf/moa-id/certs/certstore/toBeAdded/a-sign-premium-sig-02.20140701-20240701.SerNo144e10.cer b/id/server/data/deploy/conf/moa-id/certs/certstore/toBeAdded/a-sign-premium-sig-02.20140701-20240701.SerNo144e10.cer
deleted file mode 100644
index 74c4ce3b8..000000000
--- a/id/server/data/deploy/conf/moa-id/certs/certstore/toBeAdded/a-sign-premium-sig-02.20140701-20240701.SerNo144e10.cer
+++ /dev/null
Binary files differ
diff --git a/id/server/data/deploy/conf/moa-id/certs/certstore/toBeAdded/a-sign-premium-sig-03.20140701-20240701.SerNo144e13.cer b/id/server/data/deploy/conf/moa-id/certs/certstore/toBeAdded/a-sign-premium-sig-03.20140701-20240701.SerNo144e13.cer
deleted file mode 100644
index 6c50ec079..000000000
--- a/id/server/data/deploy/conf/moa-id/certs/certstore/toBeAdded/a-sign-premium-sig-03.20140701-20240701.SerNo144e13.cer
+++ /dev/null
Binary files differ
diff --git a/id/server/data/deploy/conf/moa-id/certs/certstore/toBeAdded/atrust_OCSP_Responder_03-1.crt b/id/server/data/deploy/conf/moa-id/certs/certstore/toBeAdded/atrust_OCSP_Responder_03-1.crt
deleted file mode 100644
index ebfbce9a0..000000000
--- a/id/server/data/deploy/conf/moa-id/certs/certstore/toBeAdded/atrust_OCSP_Responder_03-1.crt
+++ /dev/null
Binary files differ
diff --git a/id/server/data/deploy/conf/moa-id/moa-id.properties b/id/server/data/deploy/conf/moa-id/moa-id.properties
index b9e2f6c8d..41ca6c008 100644
--- a/id/server/data/deploy/conf/moa-id/moa-id.properties
+++ b/id/server/data/deploy/conf/moa-id/moa-id.properties
@@ -68,7 +68,7 @@ protocols.oauth20.jwt.ks.key.password=password
##Database configuration##
#Hibnerate configuration for MOA-ID 3.x session store
moasession.hibernate.dialect=org.hibernate.dialect.MySQLDialect
-moasession.hibernate.connection.url=jdbc:mysql://localhost/moa-id-session?charSet=utf-8
+moasession.hibernate.connection.url=jdbc:mysql://localhost/moa-id-session?charSet=utf-8&serverTimezone=UTC
moasession.hibernate.connection.charSet=utf-8
moasession.hibernate.connection.driver_class=com.mysql.jdbc.Driver
moasession.hibernate.connection.username=
@@ -80,19 +80,27 @@ moasession.hibernate.transaction.flush_before_completion=true
moasession.hibernate.transaction.auto_close_session=true
moasession.hibernate.show_sql=false
moasession.hibernate.format_sql=true
-moasession.hibernate.c3p0.acquire_increment=3
-moasession.hibernate.c3p0.idle_test_period=60
-moasession.hibernate.c3p0.timeout=60
-moasession.hibernate.c3p0.max_size=20
-moasession.hibernate.c3p0.max_statements=0
-moasession.hibernate.c3p0.min_size=3
+
+moasession.jpaVendorAdapter.generateDdl=true
+moasession.dbcp.connectionProperties=
+moasession.dbcp.initialSize=5
+moasession.dbcp.maxActive=100
+moasession.dbcp.maxIdle=8
+moasession.dbcp.minIdle=5
+moasession.dbcp.maxWaitMillis=-1
+moasession.dbcp.testOnBorrow=true
+moasession.dbcp.testOnReturn=false
+moasession.dbcp.testWhileIdle=false
+moasession.dbcp.validationQuery=select 1
+
+
#Hibnerate configuration for MOA-ID 3.x configuration
configuration.hibernate.dialect=org.hibernate.dialect.MySQLDialect
configuration.jpaVendorAdapter.generateDdl=true
configuration.hibernate.show_sql=false
-configuration.hibernate.connection.url=jdbc:mysql://localhost/moa-id-config?charSet=utf-8&autoReconnect=true
+configuration.hibernate.connection.url=jdbc:mysql://localhost/moa-id-config?charSet=utf-8&autoReconnect=true&serverTimezone=UTC
configuration.hibernate.connection.charSet=utf-8
configuration.hibernate.connection.driver_class=com.mysql.jdbc.Driver
configuration.hibernate.connection.username=
@@ -100,7 +108,7 @@ configuration.hibernate.connection.password=
configuration.dbcp.connectionProperties=
configuration.dbcp.initialSize=0
-configuration.dbcp.maxActive=8
+configuration.dbcp.maxActive=100
configuration.dbcp.maxIdle=8
configuration.dbcp.minIdle=0
configuration.dbcp.maxWaitMillis=-1
@@ -112,7 +120,7 @@ configuration.dbcp.validationQuery=SELECT 1
#
#Hibnerate configuration for MOA-ID 3.x advanced statistic logging
advancedlogging.hibernate.dialect=org.hibernate.dialect.MySQLDialect
-advancedlogging.hibernate.connection.url=jdbc:mysql://localhost/moa-id-statistic?charSet=utf-8&autoReconnect=true
+advancedlogging.hibernate.connection.url=jdbc:mysql://localhost/moa-id-statistic?charSet=utf-8&autoReconnect=true&serverTimezone=UTC
advancedlogging.hibernate.connection.charSet=utf-8
advancedlogging.hibernate.connection.driver_class=com.mysql.jdbc.Driver
advancedlogging.hibernate.connection.username=
@@ -123,13 +131,19 @@ advancedlogging.hibernate.current_session_context_class=thread
advancedlogging.hibernate.transaction.auto_close_session=true
advancedlogging.hibernate.show_sql=false
advancedlogging.hibernate.format_sql=true
-advancedlogging.hibernate.connection.provider_class=org.hibernate.service.jdbc.connections.internal.C3P0ConnectionProvider
-advancedlogging.hibernate.c3p0.acquire_increment=3
-advancedlogging.hibernate.c3p0.idle_test_period=60
-advancedlogging.hibernate.c3p0.timeout=300
-advancedlogging.hibernate.c3p0.max_size=20
-advancedlogging.hibernate.c3p0.max_statements=0
-advancedlogging.hibernate.c3p0.min_size=3
+advancedlogging.hibernate.transaction.flush_before_completion=true
+
+advancedlogging.jpaVendorAdapter.generateDdl=true
+advancedlogging.dbcp.connectionProperties=
+advancedlogging.dbcp.initialSize=3
+advancedlogging.dbcp.maxActive=50
+advancedlogging.dbcp.maxIdle=8
+advancedlogging.dbcp.minIdle=3
+advancedlogging.dbcp.maxWaitMillis=-1
+advancedlogging.dbcp.testOnBorrow=true
+advancedlogging.dbcp.testOnReturn=false
+advancedlogging.dbcp.testWhileIdle=false
+advancedlogging.dbcp.validationQuery=select 1
################ Additonal eID-modul configuration ####################################
@@ -141,6 +155,9 @@ moa.id.protocols.eIDAS.samlengine.config.file=eIDAS/SamlEngine_basics.xml
moa.id.protocols.eIDAS.samlengine.sign.config.file=eIDAS/SignModule.xml
moa.id.protocols.eIDAS.samlengine.enc.config.file=eIDAS/EncryptModule.xml
moa.id.protocols.eIDAS.metadata.validation.truststore=eIDAS_metadata
+moa.id.protocols.eIDAS.node.country=Austria
+moa.id.protocols.eIDAS.node.countrycode=AT
+moa.id.protocols.eIDAS.node.LoA=http://eidas.europa.eu/LoA/high
### HBV Mandate-Service client module ###
modules.elga_mandate.nameID.target=urn:publicid:gv.at:cdid+GH
@@ -165,6 +182,12 @@ modules.federatedAuth.request.sign.password=password
modules.federatedAuth.response.encryption.alias=pvp_assertion
modules.federatedAuth.response.encryption.password=password
+#Redis Settings, if Redis is used as a backend for session data.
+#has to be enabled with the following parameter
+#redis.active=true
+redis.use-pool=true
+redis.host-name=localhost
+redis.port=6379
################SZR Client configuration####################################
## The SZR client is only required if MOA-ID-Auth should be
diff --git a/id/server/doc/handbook/config/config.html b/id/server/doc/handbook/config/config.html
index 6fb5aad80..1e1a7d398 100644
--- a/id/server/doc/handbook/config/config.html
+++ b/id/server/doc/handbook/config/config.html
@@ -673,6 +673,37 @@ https://&lt;host&gt;:&lt;port&gt;/moa-id-auth/MonitoringServlet</pre>
<td>Passwort f&uuml;r den Zugriff auf das Datenbank Schema</td>
</tr>
</table>
+<p>&nbsp;</p>
+<p><strong>Hinweis:</strong> Zus&auml;tzlich zum SQL based Datenbank Backend f&uuml;r Sessiondaten gibt es aber der Version 3.2.0 die M&ouml;glichkeit einen Redis Datenserver als Datenbank Backend f&uuml;r Kurzzeitsessiondaten zu verwenden. Wird dieser aktiviert werden nur mehr Single Sign-On Sessioninformationen in der Sessiondatenbank abgelegt. Alle anderen Prozessdaten werden ausschlie&szlig;lich &uuml;ber das Redis Backend abgewickelt.</p>
+<table class="configtable">
+ <tr>
+ <th>Name</th>
+ <th>Beispielwert</th>
+ <th>Beschreibung</th>
+ </tr>
+ <tr>
+ <td>redis.active</td>
+ <td><p>true / false</p></td>
+ <td>Aktiviert das Redis Backend f&uuml;r Kurzzeitsessiondaten</td>
+ </tr>
+ <tr>
+ <td>redis.use-pool</td>
+ <td>true / false</td>
+ <td>Aktiviert / Deaktiviert den Connectionpool f&uuml;r Redis</td>
+ </tr>
+ <tr>
+ <td><p>redis.host-name</p></td>
+ <td>localhost</td>
+ <td>URL unter der der Redis Server erreichbar ist</td>
+ </tr>
+ <tr>
+ <td><p>redis.port</p></td>
+ <td>6379</td>
+ <td>Port unter dem der Redis Server erreichbar ist</td>
+ </tr>
+</table>
+<p>&nbsp;</p>
+<p>&nbsp;</p>
<h6><a name="basisconfig_moa_id_auth_param_database_info" id="uebersicht_bekanntmachung14"></a>2.2.2.4.3 Statistikdaten</h6>
<p>Alle Parameter aus der Basiskonfiguration welche als Prefix <em>advancedlogging.hibernate</em>. im Parameternamen aufweisen konfigurieren den Zugriff auf das Datenbank Schema welches die Konfiguration von MOA-ID-Auth beinhaltet. Eine Konfiguration dieser Parameter ist nur erforderlich wenn <em>configuration.advancedlogging.active</em> auf <em>true</em> gesetzt wird. (siehe <a href="#basisconfig_moa_id_auth_param_general">Kapitel 2.2.2.1</a>)</p>
<table class="configtable">
@@ -1082,13 +1113,8 @@ https://&lt;host&gt;:&lt;port&gt;/moa-id-auth/MonitoringServlet</pre>
<th>Beschreibung</th>
</tr>
<tr>
- <td>CertStoreDirecorty</td>
- <td>certs/certstore</td>
- <td>Gibt den Pfadnamen zu einem Verzeichnis an, das als Zertifikatsspeicher im Zuge der TLS-Server-Zertifikats&uuml;berpr&uuml;fung verwendet wird.</td>
- </tr>
- <tr>
<td><p>TrustManagerRevocation</p>
-Checking</td>
+ Checking</td>
<td>&nbsp;</td>
<td>F&uuml;r die TLS-Server-Authentisierung d&uuml;rfen nur Server-Zertifikate verwendet werden, die eine CRLDP-Extension enthalten (andernfalls kann von MOA-ID-Auth keine CRL-&uuml;berpr&uuml;fung durchgef&uuml;hrt werden). Soll das RevocationChecking generell ausgeschaltet werden, ist dieses Attribut anzugeben und auf &quot;false&quot; zu setzen</td>
</tr>
diff --git a/id/server/doc/handbook/protocol/protocol.html b/id/server/doc/handbook/protocol/protocol.html
index 58474b635..5a578a5aa 100644
--- a/id/server/doc/handbook/protocol/protocol.html
+++ b/id/server/doc/handbook/protocol/protocol.html
@@ -685,7 +685,11 @@ Redirect Binding</td>
</tr>
<tr>
<td>1306</td>
- <td>Generierung dereIDAS Metadaten fehlgeschlagen</td>
+ <td>Generierung der eIDAS Metadaten fehlgeschlagen</td>
+ </tr>
+ <tr>
+ <td>1307</td>
+ <td>Generierung der eIDAS Response fehlgeschlagen</td>
</tr>
<tr>
<td>1399</td>
diff --git a/id/server/idserverlib/pom.xml b/id/server/idserverlib/pom.xml
index 3e982d94a..7652af302 100644
--- a/id/server/idserverlib/pom.xml
+++ b/id/server/idserverlib/pom.xml
@@ -74,7 +74,7 @@
<scope>test</scope>
</dependency>
- <dependency>
+<!-- <dependency>
<groupId>org.hibernate</groupId>
<artifactId>hibernate-core</artifactId>
<version>${hibernate.version}</version>
@@ -85,16 +85,16 @@
</exclusion>
</exclusions>
</dependency>
- <dependency>
+ dependency>
<groupId>org.hibernate</groupId>
<artifactId>hibernate-c3p0</artifactId>
<version>${hibernate.version}</version>
- </dependency>
+ </dependency
<dependency>
<groupId>org.hibernate</groupId>
<artifactId>hibernate-entitymanager</artifactId>
<version>${hibernate.version}</version>
- </dependency>
+ </dependency> -->
<dependency>
<groupId>MOA.id</groupId>
@@ -205,6 +205,12 @@
<artifactId>unitils-core</artifactId>
<scope>test</scope>
</dependency>
+ <dependency>
+ <groupId>junit</groupId>
+ <artifactId>junit</artifactId>
+ <scope>test</scope>
+ </dependency>
+
<!-- <dependency>
<groupId>MOA</groupId>
<artifactId>moa-common</artifactId>
@@ -282,7 +288,6 @@
<dependency>
<groupId>org.apache.santuario</groupId>
<artifactId>xmlsec</artifactId>
- <version>2.0.5</version>
</dependency>
<!-- the core, which includes Streaming API, shared low-level abstractions (but NOT data-binding) -->
@@ -315,6 +320,13 @@
<scope>test</scope>
</dependency>
+ <dependency>
+ <groupId>iaik.prod</groupId>
+ <artifactId>iaik_ixsil</artifactId>
+ <version>1.2.2.5</version>
+ <scope>test</scope>
+ </dependency>
+
<dependency>
<groupId>com.h2database</groupId>
<artifactId>h2</artifactId>
@@ -386,7 +398,41 @@
<artifactId>spring-test</artifactId>
<scope>test</scope>
</dependency>
-
+ <dependency>
+ <groupId>org.springframework</groupId>
+ <artifactId>spring-tx</artifactId>
+ <version>${org.springframework.version}</version>
+ </dependency>
+
+
+ <!-- Redis -->
+ <dependency>
+ <groupId>org.springframework.data</groupId>
+ <artifactId>spring-data-redis</artifactId>
+ <version>1.7.4.RELEASE</version>
+ </dependency>
+
+ <dependency>
+ <groupId>org.apache.commons</groupId>
+ <artifactId>commons-pool2</artifactId>
+ <version>2.4.2</version>
+ </dependency>
+ <dependency>
+ <groupId>redis.clients</groupId>
+ <artifactId>jedis</artifactId>
+ <version>2.9.0</version>
+ </dependency>
+
+ <dependency>
+ <groupId>org.codehaus.jackson</groupId>
+ <artifactId>jackson-core-asl</artifactId>
+ <version>1.9.13</version>
+ </dependency>
+ <dependency>
+ <groupId>org.codehaus.jackson</groupId>
+ <artifactId>jackson-mapper-asl</artifactId>
+ <version>1.9.13</version>
+ </dependency>
</dependencies>
<build>
diff --git a/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas/utils/MOAOrderedAttributeIterator.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/advancedlogging/DummyStatisticLogger.java
index 573163af0..8fff6b20b 100644
--- a/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas/utils/MOAOrderedAttributeIterator.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/advancedlogging/DummyStatisticLogger.java
@@ -1,4 +1,4 @@
-/*
+/*******************************************************************************
* Copyright 2014 Federal Chancellery Austria
* MOA-ID has been developed in a cooperation between BRZ, the Federal
* Chancellery Austria - ICT staff unit, and Graz University of Technology.
@@ -19,48 +19,40 @@
* file for details on the various modules and licenses.
* The "NOTICE" text file is part of the distribution. Any derivative works
* that you distribute must include a readable copy of the "NOTICE" text file.
- */
-package at.gv.egovernment.moa.id.auth.modules.eidas.utils;
+ *******************************************************************************/
+package at.gv.egovernment.moa.id.advancedlogging;
-import java.util.Iterator;
-import java.util.NoSuchElementException;
-import at.gv.egovernment.moa.logging.Logger;
-
-import eu.eidas.auth.commons.PersonalAttribute;
-import eu.eidas.auth.commons.PersonalAttributeList;
-
-
-/**
- * @author tlenz
- *
- */
-public class MOAOrderedAttributeIterator implements Iterator<PersonalAttribute> {
-
- private MOAPersonalAttributeList pal;
- private Iterator<String> keyIterator;
+import org.springframework.stereotype.Service;
- public MOAOrderedAttributeIterator(MOAPersonalAttributeList palArg) {
- this.pal = palArg;
- keyIterator = palArg.getInsertOrder().iterator();
- }
-
- @Override
- public boolean hasNext() {
- return keyIterator.hasNext();
- }
-
- @Override
- public PersonalAttribute next() {
- if (!hasNext()) {
- throw new NoSuchElementException();
- }
- return pal.get(keyIterator.next());
- }
-
- @Override
- public void remove() {
- Logger.error("Not implemented");
- }
+import at.gv.egovernment.moa.id.commons.api.IRequest;
+import at.gv.egovernment.moa.id.data.IAuthData;
+import at.gv.egovernment.moa.logging.Logger;
-}
+@Service("StatisticLogger")
+public class DummyStatisticLogger implements IStatisticLogger{
+
+ @Override
+ public void logSuccessOperation(IRequest protocolRequest,
+ IAuthData authData, boolean isSSOSession) {
+ Logger.trace("Dummy-logSuccessOperation");
+ }
+
+ @Override
+ public void logErrorOperation(Throwable throwable) {
+ Logger.trace("Dummy-logErrorOperation");
+ }
+
+ @Override
+ public void logErrorOperation(Throwable throwable, IRequest errorRequest) {
+ Logger.trace("Dummy-logErrorOperation");
+ }
+
+ /* (non-Javadoc)
+ * @see at.gv.egovernment.moa.id.advancedlogging.IStatisticLogger#testConnection()
+ */
+ @Override
+ public void testConnection() throws Exception {
+ Logger.trace("Dummy-logErrorOperation");
+
+ }}
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/advancedlogging/IStatisticLogger.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/advancedlogging/IStatisticLogger.java
new file mode 100644
index 000000000..e0f21c012
--- /dev/null
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/advancedlogging/IStatisticLogger.java
@@ -0,0 +1,39 @@
+/*******************************************************************************
+ * Copyright 2014 Federal Chancellery Austria
+ * MOA-ID has been developed in a cooperation between BRZ, the Federal
+ * Chancellery Austria - ICT staff unit, and Graz University of Technology.
+ *
+ * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by
+ * the European Commission - subsequent versions of the EUPL (the "Licence");
+ * You may not use this work except in compliance with the Licence.
+ * You may obtain a copy of the Licence at:
+ * http://www.osor.eu/eupl/
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the Licence is distributed on an "AS IS" basis,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the Licence for the specific language governing permissions and
+ * limitations under the Licence.
+ *
+ * This product combines work with different licenses. See the "NOTICE" text
+ * file for details on the various modules and licenses.
+ * The "NOTICE" text file is part of the distribution. Any derivative works
+ * that you distribute must include a readable copy of the "NOTICE" text file.
+ *******************************************************************************/
+package at.gv.egovernment.moa.id.advancedlogging;
+
+import at.gv.egovernment.moa.id.commons.api.IRequest;
+import at.gv.egovernment.moa.id.data.IAuthData;
+
+
+public interface IStatisticLogger {
+
+ public void logSuccessOperation(IRequest protocolRequest, IAuthData authData, boolean isSSOSession);
+
+ public void logErrorOperation(Throwable throwable);
+
+ public void logErrorOperation(Throwable throwable, IRequest errorRequest);
+
+ public void testConnection() throws Exception;
+
+}
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/advancedlogging/MOAReversionLogger.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/advancedlogging/MOAReversionLogger.java
index 4a5cbd55f..b26c9c1a9 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/advancedlogging/MOAReversionLogger.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/advancedlogging/MOAReversionLogger.java
@@ -31,11 +31,11 @@ import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.stereotype.Service;
import at.gv.e_government.reference.namespace.mandates._20040701_.Mandate;
-import at.gv.egovernment.moa.id.auth.data.IdentityLink;
import at.gv.egovernment.moa.id.commons.api.AuthConfiguration;
import at.gv.egovernment.moa.id.commons.api.IOAAuthParameters;
import at.gv.egovernment.moa.id.commons.api.IRequest;
-import at.gv.egovernment.moa.id.data.MISMandate;
+import at.gv.egovernment.moa.id.commons.api.data.IIdentityLink;
+import at.gv.egovernment.moa.id.commons.api.data.IMISMandate;
import at.gv.egovernment.moa.logging.Logger;
import at.gv.egovernment.moa.util.Base64Utils;
import at.gv.egovernment.moa.util.MiscUtil;
@@ -177,7 +177,7 @@ public class MOAReversionLogger {
}
- public void logMandateEventSet(IRequest pendingReq, MISMandate mandate) {
+ public void logMandateEventSet(IRequest pendingReq, IMISMandate mandate) {
if (MiscUtil.isNotEmpty(mandate.getOWbPK()))
logEvent(pendingReq, MOAIDEventConstants.PERSONAL_INFORMATION_PROF_REPRESENTATIVE_BPK,
mandate.getOWbPK());
@@ -222,7 +222,7 @@ public class MOAReversionLogger {
* @param identityLink
*/
public void logPersonalInformationEvent(IRequest pendingReq,
- IdentityLink identityLink) {
+ IIdentityLink identityLink) {
logEvent(pendingReq, MOAIDEventConstants.PERSONAL_INFORMATION_USERNAME_HASH,
buildPersonInformationHash(
identityLink.getGivenName(),
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/advancedlogging/StatisticLogger.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/advancedlogging/StatisticLogger.java
index 0171f9d90..5b0f5115d 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/advancedlogging/StatisticLogger.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/advancedlogging/StatisticLogger.java
@@ -26,19 +26,23 @@ import java.io.ByteArrayInputStream;
import java.io.IOException;
import java.io.InputStream;
import java.util.Date;
+import java.util.List;
+import javax.persistence.EntityManager;
+import javax.persistence.PersistenceContext;
+import javax.persistence.Query;
import javax.xml.bind.JAXBContext;
import javax.xml.bind.JAXBException;
import javax.xml.bind.Unmarshaller;
import org.apache.commons.lang3.StringEscapeUtils;
import org.springframework.beans.factory.annotation.Autowired;
-import org.springframework.stereotype.Service;
+import org.springframework.stereotype.Repository;
+import org.springframework.transaction.annotation.Transactional;
import at.gv.e_government.reference.namespace.mandates._20040701_.Mandate;
import at.gv.e_government.reference.namespace.mandates._20040701_.Mandator;
import at.gv.e_government.reference.namespace.persondata._20020228_.CorporateBodyType;
-import at.gv.egovernment.moa.id.auth.data.AuthenticationSession;
import at.gv.egovernment.moa.id.auth.exception.BKUException;
import at.gv.egovernment.moa.id.auth.exception.MISSimpleClientException;
import at.gv.egovernment.moa.id.auth.exception.ServiceException;
@@ -46,21 +50,22 @@ import at.gv.egovernment.moa.id.client.SZRGWClientException;
import at.gv.egovernment.moa.id.commons.api.AuthConfiguration;
import at.gv.egovernment.moa.id.commons.api.IOAAuthParameters;
import at.gv.egovernment.moa.id.commons.api.IRequest;
+import at.gv.egovernment.moa.id.commons.api.data.IAuthenticationSession;
+import at.gv.egovernment.moa.id.commons.api.data.IMISMandate;
import at.gv.egovernment.moa.id.commons.api.exceptions.ConfigurationException;
import at.gv.egovernment.moa.id.commons.api.exceptions.MOAIDException;
-import at.gv.egovernment.moa.id.commons.db.StatisticLogDBUtils;
import at.gv.egovernment.moa.id.commons.db.dao.statistic.StatisticLog;
import at.gv.egovernment.moa.id.commons.db.ex.MOADatabaseException;
import at.gv.egovernment.moa.id.config.auth.OAAuthParameter;
import at.gv.egovernment.moa.id.data.IAuthData;
-import at.gv.egovernment.moa.id.data.MISMandate;
import at.gv.egovernment.moa.id.moduls.RequestImpl;
import at.gv.egovernment.moa.id.storage.IAuthenticationSessionStoreage;
import at.gv.egovernment.moa.logging.Logger;
import at.gv.egovernment.moa.util.MiscUtil;
-@Service("StatisticLogger")
-public class StatisticLogger {
+@Repository("StatisticLogger")
+@Transactional("statisticLogTransactionManager")
+public class StatisticLogger implements IStatisticLogger{
private static final String GENERIC_LOCALBKU = ":3496/https-security-layer-request";
private static final String GENERIC_HANDYBKU = "https://www.handy-signatur.at/";
@@ -79,7 +84,20 @@ public class StatisticLogger {
@Autowired AuthConfiguration authConfig;
@Autowired IAuthenticationSessionStoreage authenticatedSessionStorage;
+
+ @PersistenceContext(unitName="statistic")
+ private EntityManager entityManager;
+
+
+ public void testConnection() throws Exception {
+ Date expioredate = new Date(new Date().getTime() - 120);
+ Query query = entityManager.createNamedQuery("getAllEntriesNotBeforeTimeStamp");
+ query.setParameter("timeout", expioredate);
+ List<StatisticLog> result = query.getResultList();
+ }
+
+
public void logSuccessOperation(IRequest protocolRequest, IAuthData authData, boolean isSSOSession) {
if ( authConfig.isAdvancedLoggingActive() && protocolRequest != null && authData != null) {
@@ -131,7 +149,7 @@ public class StatisticLogger {
if (authData.isUseMandate()) {
dblog.setMandatelogin(authData.isUseMandate());
- MISMandate mandate = authData.getMISMandate();
+ IMISMandate mandate = authData.getMISMandate();
if (mandate != null) {
if (MiscUtil.isNotEmpty(mandate.getProfRep())) {
@@ -187,15 +205,9 @@ public class StatisticLogger {
}
}
}
+
+ entityManager.persist(dblog);
-
-
- try {
- StatisticLogDBUtils.saveOrUpdate(dblog);
-
- } catch (MOADatabaseException e) {
- Logger.warn("Statistic Log can not be stored into Database", e);
- }
}
}
@@ -216,12 +228,8 @@ public class StatisticLogger {
- try {
- StatisticLogDBUtils.saveOrUpdate(dblog);
-
- } catch (MOADatabaseException e) {
- Logger.warn("Statistic Log can not be stored into Database", e);
- }
+ entityManager.persist(dblog);
+
}
}
@@ -246,33 +254,36 @@ public class StatisticLogger {
//dblog.setOaID(dbOA.getHjid());
dblog.setBusinessservice(isBusinessService(dbOA));
- try {
- AuthenticationSession moasession = authenticatedSessionStorage.
- getSession(errorRequest.getMOASessionIdentifier());
- if (moasession != null) {
- if (MiscUtil.isNotEmpty(moasession.getBkuURL())) {
- dblog.setBkuurl(moasession.getBkuURL());
- dblog.setBkutype(findBKUType(moasession.getBkuURL(), dbOA));
- }
-
- dblog.setMandatelogin(moasession.isMandateUsed());
+ IAuthenticationSession moasession = null;
+ if (MiscUtil.isNotEmpty(errorRequest.getInternalSSOSessionIdentifier())) {
+ Logger.debug("Use MOA session information from SSO session for ErrorLogging");
+ try {
+ moasession = authenticatedSessionStorage.getInternalSSOSession(errorRequest.getInternalSSOSessionIdentifier());
+
+ } catch (MOADatabaseException e) {
+ Logger.error("Error during database communication", e);
+
}
-
- } catch (MOADatabaseException e) {
- Logger.debug(e.getMessage() + " --> StatistikLog will not include MOASession information.");
+
+ } else {
+ Logger.debug("Use MOA session information from pending-req for ErrorLogging");
+ moasession = errorRequest.getMOASession();
}
-
- generateErrorLogFormThrowable(throwable, dblog);
+ if (moasession != null) {
+ if (MiscUtil.isNotEmpty(moasession.getBkuURL())) {
+ dblog.setBkuurl(moasession.getBkuURL());
+ dblog.setBkutype(findBKUType(moasession.getBkuURL(), dbOA));
+ }
+
+ dblog.setMandatelogin(moasession.isMandateUsed());
+ }
+ generateErrorLogFormThrowable(throwable, dblog);
+
+ entityManager.persist(dblog);
- try {
- StatisticLogDBUtils.saveOrUpdate(dblog);
-
- } catch (MOADatabaseException e) {
- Logger.warn("Statistic Log can not be stored into Database", e);
- }
}
}
}
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/AuthenticationSessionCleaner.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/AuthenticationSessionCleaner.java
index e0552c337..bbb322a4f 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/AuthenticationSessionCleaner.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/AuthenticationSessionCleaner.java
@@ -8,6 +8,8 @@ import java.util.List;
import org.hibernate.HibernateException;
import org.springframework.beans.factory.annotation.Autowired;
+import org.springframework.scheduling.annotation.EnableScheduling;
+import org.springframework.scheduling.annotation.Scheduled;
import org.springframework.stereotype.Service;
import at.gv.egovernment.moa.id.advancedlogging.TransactionIDUtils;
@@ -29,6 +31,7 @@ import at.gv.egovernment.moa.util.MiscUtil;
* @version $Id$
*/
@Service("AuthenticationSessionCleaner")
+@EnableScheduling
public class AuthenticationSessionCleaner implements Runnable {
@Autowired private IAuthenticationSessionStoreage authenticationSessionStorage;
@@ -36,7 +39,7 @@ public class AuthenticationSessionCleaner implements Runnable {
@Autowired protected AuthConfiguration authConfig;
/** interval the <code>AuthenticationSessionCleaner</code> is run in */
- private static final long SESSION_CLEANUP_INTERVAL = 5 * 60; // 5 min
+ private static final long SESSION_CLEANUP_INTERVAL = 5 * 60 *1000 ; // 5 min
/**
* Runs the thread. Cleans the <code>AuthenticationServer</code> session store
@@ -45,8 +48,8 @@ public class AuthenticationSessionCleaner implements Runnable {
* Cleans up expired session and authentication data stores.
*
*/
+ @Scheduled(fixedRate = SESSION_CLEANUP_INTERVAL)
public void run() {
- while (true) {
try {
Logger.debug("AuthenticationSessionCleaner run");
Date now = new Date();
@@ -66,7 +69,7 @@ public class AuthenticationSessionCleaner implements Runnable {
try {
try {
Object entry = transactionStorage.get(entryKey);
- //if entry is an exception --> log it because is could be unhandled
+ //if entry is an exception --> log it because it could be unhandled
if (entry != null && entry instanceof ExceptionContainer) {
ExceptionContainer exContainer = (ExceptionContainer) entry;
@@ -115,12 +118,6 @@ public class AuthenticationSessionCleaner implements Runnable {
} catch (Exception e) {
Logger.error(MOAIDMessageProvider.getInstance().getMessage("cleaner.01", null), e);
}
- try {
- Thread.sleep(SESSION_CLEANUP_INTERVAL * 1000);
- }
- catch (InterruptedException e) {
- }
- }
}
/**
@@ -143,18 +140,4 @@ public class AuthenticationSessionCleaner implements Runnable {
}
}
}
-
- /**
- * start the sessionCleaner
- */
- public static void start(Runnable clazz) {
- // start the session cleanup thread
- Thread sessionCleaner =
- new Thread(clazz, "AuthenticationSessionCleaner");
- sessionCleaner.setName("SessionCleaner");
- sessionCleaner.setDaemon(true);
- sessionCleaner.setPriority(Thread.MIN_PRIORITY);
- sessionCleaner.start();
- }
-
}
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/BaseAuthenticationServer.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/BaseAuthenticationServer.java
index 20f2029cb..f0d9741d4 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/BaseAuthenticationServer.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/BaseAuthenticationServer.java
@@ -4,11 +4,8 @@ package at.gv.egovernment.moa.id.auth;
import org.springframework.beans.factory.annotation.Autowired;
import at.gv.egovernment.moa.id.auth.data.AuthenticationSession;
-import at.gv.egovernment.moa.id.auth.exception.AuthenticationException;
import at.gv.egovernment.moa.id.commons.MOAIDAuthConstants;
import at.gv.egovernment.moa.id.commons.api.AuthConfiguration;
-import at.gv.egovernment.moa.id.commons.db.ex.MOADatabaseException;
-import at.gv.egovernment.moa.id.storage.IAuthenticationSessionStoreage;
/**
* API for MOA ID Authentication Service.<br> {@link AuthenticationSession} is
@@ -20,32 +17,7 @@ import at.gv.egovernment.moa.id.storage.IAuthenticationSessionStoreage;
*/
public abstract class BaseAuthenticationServer extends MOAIDAuthConstants {
- @Autowired private IAuthenticationSessionStoreage authenticationSessionStorage;
@Autowired protected AuthConfiguration authConfig;
- /**
- * Retrieves a session from the session store.
- *
- * @param id session ID
- * @return <code>AuthenticationSession</code> stored with given session ID (never {@code null}).
- * @throws AuthenticationException in case the session id does not reflect a valic, active session.
- */
- public AuthenticationSession getSession(String id)
- throws AuthenticationException {
- AuthenticationSession session;
- try {
- session = authenticationSessionStorage.getSession(id);
-
- if (session == null)
- throw new AuthenticationException("auth.02", new Object[]{id});
- return session;
-
- } catch (MOADatabaseException e) {
- throw new AuthenticationException("auth.02", new Object[]{id});
-
- } catch (Exception e) {
- throw new AuthenticationException("parser.04", new Object[]{id});
- }
- }
}
diff --git a/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas/engine/MOAeIDAsExtensionProcessor.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/IDestroyableObject.java
index 5837d7dbf..6f98357e2 100644
--- a/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas/engine/MOAeIDAsExtensionProcessor.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/IDestroyableObject.java
@@ -20,29 +20,17 @@
* The "NOTICE" text file is part of the distribution. Any derivative works
* that you distribute must include a readable copy of the "NOTICE" text file.
*/
-package at.gv.egovernment.moa.id.auth.modules.eidas.engine;
-
-import java.util.HashSet;
-import java.util.Set;
-
-import at.gv.egovernment.moa.id.auth.modules.eidas.Constants;
-import eu.eidas.auth.engine.core.ExtensionProcessorI;
-import eu.eidas.auth.engine.core.eidas.EidasExtensionProcessor;
+package at.gv.egovernment.moa.id.auth;
/**
* @author tlenz
*
*/
-public class MOAeIDAsExtensionProcessor extends EidasExtensionProcessor implements ExtensionProcessorI {
-
+public interface IDestroyableObject {
/**
- * Add only eIDAS attributes which are supported by Austrian eIDAS node
+ * Manually deep destroy a Java object with all child objects like timers and threads
*
*/
- @Override
- public Set<String> getSupportedAttributes(){
- Set<String> supportedAttributes=new HashSet<String>( Constants.METADATA_POSSIBLE_ATTRIBUTES.keySet());
-
- return supportedAttributes;
- }
+ public void fullyDestroy();
+
}
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/auth/IGarbageCollectorProcessing.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/IGarbageCollectorProcessing.java
index a1008e883..27d142f2c 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/auth/IGarbageCollectorProcessing.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/IGarbageCollectorProcessing.java
@@ -20,7 +20,7 @@
* The "NOTICE" text file is part of the distribution. Any derivative works
* that you distribute must include a readable copy of the "NOTICE" text file.
*/
-package at.gv.egovernment.moa.id.config.auth;
+package at.gv.egovernment.moa.id.auth;
/**
* @author tlenz
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/MOAGarbageCollector.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/MOAGarbageCollector.java
new file mode 100644
index 000000000..52e30a2f0
--- /dev/null
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/MOAGarbageCollector.java
@@ -0,0 +1,93 @@
+/*******************************************************************************
+ * Copyright 2014 Federal Chancellery Austria
+ * MOA-ID has been developed in a cooperation between BRZ, the Federal
+ * Chancellery Austria - ICT staff unit, and Graz University of Technology.
+ *
+ * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by
+ * the European Commission - subsequent versions of the EUPL (the "Licence");
+ * You may not use this work except in compliance with the Licence.
+ * You may obtain a copy of the Licence at:
+ * http://www.osor.eu/eupl/
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the Licence is distributed on an "AS IS" basis,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the Licence for the specific language governing permissions and
+ * limitations under the Licence.
+ *
+ * This product combines work with different licenses. See the "NOTICE" text
+ * file for details on the various modules and licenses.
+ * The "NOTICE" text file is part of the distribution. Any derivative works
+ * that you distribute must include a readable copy of the "NOTICE" text file.
+ *******************************************************************************/
+package at.gv.egovernment.moa.id.auth;
+
+
+import java.util.Iterator;
+import java.util.Map;
+import java.util.Map.Entry;
+
+import org.springframework.beans.factory.annotation.Autowired;
+import org.springframework.context.ApplicationContext;
+import org.springframework.scheduling.annotation.EnableScheduling;
+import org.springframework.scheduling.annotation.Scheduled;
+import org.springframework.stereotype.Service;
+
+import at.gv.egovernment.moa.logging.Logger;
+
+@Service("MOAGarbageCollector")
+@EnableScheduling
+public class MOAGarbageCollector implements Runnable {
+
+ @Autowired ApplicationContext context;
+
+ private static final long INTERVAL = 24 * 60 * 60 * 1000; // 24 hours
+ //private static final long INITAL_DELAY = 12 * 60 * 60 * 1000; // 12 hours
+
+ private static final long INITAL_DELAY = 2 * 60 * 1000; // 12 hours
+
+// private static final List<IGarbageCollectorProcessing> processModules =
+// new ArrayList<IGarbageCollectorProcessing>();
+
+
+ @Scheduled(fixedRate = INTERVAL, initialDelay = INITAL_DELAY)
+ public void run() {
+
+ Map<String, IGarbageCollectorProcessing> processModules =
+ context.getBeansOfType(IGarbageCollectorProcessing.class);
+
+ if (processModules != null) {
+ Iterator<Entry<String, IGarbageCollectorProcessing>> interator = processModules.entrySet().iterator();
+ while (interator.hasNext()) {
+ try {
+ interator.next().getValue().runGarbageCollector();
+
+ } catch (Throwable e1) {
+ Logger.warn("Garbage collection FAILED in some module.", e1);
+
+ }
+
+ }
+ }
+ }
+
+// /**
+// * Add a module to MOA internal garbage collector. Every module is executed once a day
+// *
+// * @param modul Module which should be executed by the garbage collector.
+// */
+// public static void addModulForGarbageCollection(IGarbageCollectorProcessing modul) {
+// processModules.add(modul);
+//
+// }
+
+// public static void start() {
+// // start the session cleanup thread
+// Thread configLoader = new Thread(new MOAGarbageCollector(), "MOAGarbageCollector");
+// configLoader.setName("MOAGarbageCollectorr");
+// configLoader.setDaemon(true);
+// configLoader.setPriority(Thread.MIN_PRIORITY);
+// configLoader.start();
+// }
+
+}
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/MOAIDAuthInitializer.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/MOAIDAuthInitializer.java
index d1cf3338a..5769d99df 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/MOAIDAuthInitializer.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/MOAIDAuthInitializer.java
@@ -36,18 +36,16 @@ import at.gv.egovernment.moa.id.commons.api.AuthConfiguration;
import at.gv.egovernment.moa.id.commons.api.exceptions.ConfigurationException;
import at.gv.egovernment.moa.id.commons.utils.MOAIDMessageProvider;
import at.gv.egovernment.moa.id.config.auth.AuthConfigurationProviderFactory;
-import at.gv.egovernment.moa.id.config.auth.MOAGarbageCollector;
import at.gv.egovernment.moa.id.util.Random;
import at.gv.egovernment.moa.id.util.SSLUtils;
import at.gv.egovernment.moa.logging.Logger;
-import at.gv.egovernment.moa.logging.LoggingContext;
-import at.gv.egovernment.moa.logging.LoggingContextManager;
-import at.gv.egovernment.moa.spss.server.config.ConfigurationProvider;
-import at.gv.egovernment.moa.spss.server.iaik.config.IaikConfigurator;
-import at.gv.egovernment.moa.util.Constants;
+import at.gv.egovernment.moa.spss.MOAException;
+import at.gv.egovernment.moa.spss.api.Configurator;
import at.gv.egovernment.moa.util.MiscUtil;
+import at.gv.egovernment.moaspss.logging.LoggingContext;
+import at.gv.egovernment.moaspss.logging.LoggingContextManager;
import iaik.pki.PKIException;
-import iaik.security.ecc.provider.ECCProvider;
+import iaik.security.ec.provider.ECCelerate;
import iaik.security.provider.IAIK;
/**
@@ -74,16 +72,31 @@ public class MOAIDAuthInitializer {
MailcapCommandMap mc = new MailcapCommandMap();
CommandMap.setDefaultCommandMap(mc);
+ //allowed SSL ciphers regarding to PVP SMA 1.3 document
if (MiscUtil.isEmpty(System.getProperty("https.cipherSuites")))
System.setProperty(
"https.cipherSuites",
- "TLS_DH_anon_WITH_AES_128_CBC_SHA" +
+ //high secure RSA bases ciphers
+ ",TLS_DHE_RSA_WITH_AES_256_GCM_SHA384" +
+ ",TLS_DHE_RSA_WITH_AES_128_GCM_SHA256" +
+ ",TLS_DHE_RSA_WITH_AES_256_CBC_SHA256" +
+ ",TLS_DHE_RSA_WITH_AES_128_CBC_SHA256" +
+
+ //high secure ECC bases ciphers
+ ",TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384" +
+ ",TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384" +
+ ",TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256" +
+ ",TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256" +
+ ",TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384" +
+ ",TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384" +
+ ",TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256" +
+ ",TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256" +
+
+ //secure backup chipers
+ ",TLS_DHE_RSA_WITH_AES_256_CBC_SHA" +
",TLS_DHE_RSA_WITH_AES_128_CBC_SHA" +
- ",TLS_DHE_DSS_WITH_AES_128_CBC_SHA" +
",TLS_RSA_WITH_AES_128_CBC_SHA" +
- ",TLS_RSA_WITH_AES_256_CBC_SHA" +
- ",SSL_DH_anon_WITH_3DES_EDE_CBC_SHA" +
- ",SSL_RSA_WITH_3DES_EDE_CBC_SHA"
+ ",TLS_RSA_WITH_AES_256_CBC_SHA"
);
@@ -104,17 +117,11 @@ public class MOAIDAuthInitializer {
Logger.info("Loading Java security providers.");
IAIK.addAsProvider();
- ECCProvider.addAsProvider();
+ ECCelerate.addAsProvider();
// Initializes SSLSocketFactory store
SSLUtils.initialize();
- // Initializes Namespace Map
- Constants.nSMap.put(Constants.SAML_PREFIX, Constants.SAML_NS_URI);
- Constants.nSMap.put(Constants.ECDSA_PREFIX,
- "http://www.w3.org/2001/04/xmldsig-more#");
- Constants.nSMap.put(Constants.DSIG_PREFIX, Constants.DSIG_NS_URI);
-
//seed the random number generator
Random.seedRandom();
Logger.debug("Random-number generator is seeded.");
@@ -130,24 +137,28 @@ public class MOAIDAuthInitializer {
//MOA-SP is only use by API calls since MOA-ID 3.0.0
try {
LoggingContextManager.getInstance().setLoggingContext(
- new LoggingContext("startup"));
- ConfigurationProvider config = ConfigurationProvider
- .getInstance();
- new IaikConfigurator().configure(config);
-
- } catch (at.gv.egovernment.moa.spss.server.config.ConfigurationException ex) {
- Logger.error("MOA-SP initialization FAILED!", ex.getWrapped());
- throw new ConfigurationException("config.10", new Object[] { ex
- .toString() }, ex);
-
- }
+ new LoggingContext("startup"));
+ Logger.debug("Starting MOA-SPSS initialization process ... ");
+ Configurator.getInstance().init();
+ Logger.info("MOA-SPSS initialization complete ");
+
+ } catch (MOAException e) {
+ Logger.error("MOA-SP initialization FAILED!", e.getWrapped());
+ throw new ConfigurationException("config.10", new Object[] { e
+ .toString() }, e);
+ }
//IAIK.addAsProvider();
//ECCProvider.addAsProvider();
Security.insertProviderAt(IAIK.getInstance(), 0);
- Security.addProvider(new ECCProvider());
+
+ ECCelerate eccProvider = ECCelerate.getInstance();
+ if (Security.getProvider(eccProvider.getName()) != null)
+ Security.removeProvider(eccProvider.getName());
+
+ Security.addProvider(new ECCelerate());
if (Logger.isDebugEnabled()) {
Logger.debug("Loaded Security Provider:");
@@ -156,12 +167,5 @@ public class MOAIDAuthInitializer {
Logger.debug(i + ": " + providerList[i].getName() + " Version " + providerList[i].getVersion());
}
-
-
- // Starts the session cleaner thread to remove unpicked authentication data
- AuthenticationSessionCleaner sessioncleaner = rootContext.getBean("AuthenticationSessionCleaner", AuthenticationSessionCleaner.class);
- AuthenticationSessionCleaner.start(sessioncleaner);
-
- MOAGarbageCollector.start();
}
}
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/AuthenticationDataBuilder.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/AuthenticationDataBuilder.java
index 908c7e7b6..3264fc3bd 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/AuthenticationDataBuilder.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/AuthenticationDataBuilder.java
@@ -47,11 +47,7 @@ import org.w3c.dom.Element;
import org.w3c.dom.Node;
import org.w3c.dom.NodeList;
-import at.gv.egovernment.moa.id.auth.data.AuthenticationSession;
import at.gv.egovernment.moa.id.auth.data.AuthenticationSessionStorageConstants;
-import at.gv.egovernment.moa.id.auth.data.ExtendedSAMLAttribute;
-import at.gv.egovernment.moa.id.auth.data.IdentityLink;
-import at.gv.egovernment.moa.id.auth.data.VerifyXMLSignatureResponse;
import at.gv.egovernment.moa.id.auth.exception.BuildException;
import at.gv.egovernment.moa.id.auth.exception.DynamicOABuildException;
import at.gv.egovernment.moa.id.auth.exception.ParseException;
@@ -61,6 +57,11 @@ import at.gv.egovernment.moa.id.commons.MOAIDAuthConstants;
import at.gv.egovernment.moa.id.commons.api.AuthConfiguration;
import at.gv.egovernment.moa.id.commons.api.IOAAuthParameters;
import at.gv.egovernment.moa.id.commons.api.IRequest;
+import at.gv.egovernment.moa.id.commons.api.data.ExtendedSAMLAttribute;
+import at.gv.egovernment.moa.id.commons.api.data.IAuthenticationSession;
+import at.gv.egovernment.moa.id.commons.api.data.IIdentityLink;
+import at.gv.egovernment.moa.id.commons.api.data.IMISMandate;
+import at.gv.egovernment.moa.id.commons.api.data.IVerifiyXMLSignatureResponse;
import at.gv.egovernment.moa.id.commons.api.exceptions.ConfigurationException;
import at.gv.egovernment.moa.id.commons.api.exceptions.MOAIDException;
import at.gv.egovernment.moa.id.commons.api.exceptions.SessionDataStorageException;
@@ -106,16 +107,17 @@ public class AuthenticationDataBuilder extends MOAIDAuthConstants {
@Autowired protected AuthConfiguration authConfig;
@Autowired private AttributQueryBuilder attributQueryBuilder;
@Autowired private SAMLVerificationEngineSP samlVerificationEngine;
+ @Autowired(required=true) private MOAMetadataProvider metadataProvider;
public IAuthData buildAuthenticationData(IRequest pendingReq,
- AuthenticationSession session) throws ConfigurationException, BuildException, WrongParametersException, DynamicOABuildException {
+ IAuthenticationSession session) throws ConfigurationException, BuildException, WrongParametersException, DynamicOABuildException {
return buildAuthenticationData(pendingReq, session, pendingReq.getOnlineApplicationConfiguration());
}
public IAuthData buildAuthenticationData(IRequest pendingReq,
- AuthenticationSession session, IOAAuthParameters oaParam) throws ConfigurationException, BuildException, WrongParametersException, DynamicOABuildException {
+ IAuthenticationSession session, IOAAuthParameters oaParam) throws ConfigurationException, BuildException, WrongParametersException, DynamicOABuildException {
AuthenticationData authdata = null;
//only needed for SAML1 legacy support
@@ -222,7 +224,7 @@ public class AuthenticationDataBuilder extends MOAIDAuthConstants {
try {
samlVerificationEngine.verifyIDPResponse(intfResp,
TrustEngineFactory.getSignatureKnownKeysTrustEngine(
- MOAMetadataProvider.getInstance()));
+ metadataProvider));
//create assertion attribute extractor from AttributeQuery response
return new AssertionAttributeExtractor(intfResp);
@@ -252,7 +254,7 @@ public class AuthenticationDataBuilder extends MOAIDAuthConstants {
}
}
- private void buildAuthDataFormMOASession(AuthenticationData authData, AuthenticationSession session,
+ private void buildAuthDataFormMOASession(AuthenticationData authData, IAuthenticationSession session,
IOAAuthParameters oaParam, IRequest protocolRequest) throws BuildException, ConfigurationException {
Collection<String> includedToGenericAuthData = null;
@@ -272,8 +274,8 @@ public class AuthenticationDataBuilder extends MOAIDAuthConstants {
//####################################################
//parse user info's from identityLink
- IdentityLink idlFromPVPAttr = null;
- IdentityLink identityLink = session.getIdentityLink();
+ IIdentityLink idlFromPVPAttr = null;
+ IIdentityLink identityLink = session.getIdentityLink();
if (identityLink != null) {
parseBasicUserInfosFromIDL(authData, identityLink, includedToGenericAuthData);
@@ -514,7 +516,7 @@ public class AuthenticationDataBuilder extends MOAIDAuthConstants {
}
//mandate functionality
- MISMandate misMandate = null;
+ IMISMandate misMandate = null;
if (session.isMandateUsed()) {
//####################################################
//set Mandate reference value
@@ -765,7 +767,7 @@ public class AuthenticationDataBuilder extends MOAIDAuthConstants {
//####################################################################
//parse AuthBlock signature-verification response
//INFO: this parameters are only required for SAML1 auth. protocol
- VerifyXMLSignatureResponse verifyXMLSigResp = session.getXMLVerifySignatureResponse();
+ IVerifiyXMLSignatureResponse verifyXMLSigResp = session.getXMLVerifySignatureResponse();
if (verifyXMLSigResp != null) {
authData.setQualifiedCertificate(verifyXMLSigResp
.isQualifiedCertificate());
@@ -832,7 +834,7 @@ public class AuthenticationDataBuilder extends MOAIDAuthConstants {
return false;
}
- private void parseBasicUserInfosFromIDL(AuthenticationData authData, IdentityLink identityLink, Collection<String> includedGenericSessionData) {
+ private void parseBasicUserInfosFromIDL(AuthenticationData authData, IIdentityLink identityLink, Collection<String> includedGenericSessionData) {
//baseID or wbpk in case of BusinessService without SSO or BusinessService SSO
authData.setIdentificationValue(identityLink.getIdentificationValue());
authData.setIdentificationType(identityLink.getIdentificationType());
@@ -918,7 +920,7 @@ public class AuthenticationDataBuilder extends MOAIDAuthConstants {
* @return Pair<bPK, bPKType> which was received by PVP-Attribute and could be decrypted for this Service Provider,
* or <code>null</code> if no attribute exists or can not decrypted
*/
- private Pair<String, String> getEncryptedbPKFromPVPAttribute(AuthenticationSession session,
+ private Pair<String, String> getEncryptedbPKFromPVPAttribute(IAuthenticationSession session,
AuthenticationData authData, IOAAuthParameters spConfig) {
//set List of encrypted bPKs to authData DAO
String pvpEncbPKListAttr = session.getGenericDataFromSession(PVPConstants.ENC_BPK_LIST_NAME, String.class);
@@ -980,7 +982,7 @@ public class AuthenticationDataBuilder extends MOAIDAuthConstants {
* @param session MOASession, but never null
* @return bPK, which was received by PVP-Attribute, or <code>null</code> if no attribute exists
*/
- private String getbPKValueFromPVPAttribute(AuthenticationSession session) {
+ private String getbPKValueFromPVPAttribute(IAuthenticationSession session) {
String pvpbPKValueAttr = session.getGenericDataFromSession(PVPConstants.BPK_NAME, String.class);
if (MiscUtil.isNotEmpty(pvpbPKValueAttr)) {
@@ -1014,7 +1016,7 @@ public class AuthenticationDataBuilder extends MOAIDAuthConstants {
* @param session MOASession, but never null
* @return bPKType, which was received by PVP-Attribute, or <code>null</code> if no attribute exists
*/
- private String getbPKTypeFromPVPAttribute(AuthenticationSession session) {
+ private String getbPKTypeFromPVPAttribute(IAuthenticationSession session) {
String pvpbPKTypeAttr = session.getGenericDataFromSession(PVPConstants.EID_SECTOR_FOR_IDENTIFIER_NAME, String.class);
if (MiscUtil.isNotEmpty(pvpbPKTypeAttr)) {
@@ -1064,7 +1066,7 @@ public class AuthenticationDataBuilder extends MOAIDAuthConstants {
}
- private IdentityLink buildOAspecificIdentityLink(IOAAuthParameters oaParam, IdentityLink idl, String bPK, String bPKType) throws MOAIDException {
+ private IIdentityLink buildOAspecificIdentityLink(IOAAuthParameters oaParam, IIdentityLink idl, String bPK, String bPKType) throws MOAIDException {
if (oaParam.getBusinessService()) {
Element idlassertion = idl.getSamlAssertion();
//set bpk/wpbk;
@@ -1075,7 +1077,7 @@ public class AuthenticationDataBuilder extends MOAIDAuthConstants {
prIdentificationType.getFirstChild().setNodeValue(bPKType);
IdentityLinkAssertionParser idlparser = new IdentityLinkAssertionParser(idlassertion);
- IdentityLink businessServiceIdl = idlparser.parseIdentityLink();
+ IIdentityLink businessServiceIdl = idlparser.parseIdentityLink();
//resign IDL
IdentityLinkReSigner identitylinkresigner = IdentityLinkReSigner.getInstance();
@@ -1106,10 +1108,15 @@ public class AuthenticationDataBuilder extends MOAIDAuthConstants {
String eIDASOutboundCountry = pendingReq.getGenericData(RequestImpl.eIDAS_GENERIC_REQ_DATA_COUNTRY, String.class);
+ //TODO: maybe find a better solution
+ String cititzenCountryCode =
+ authConfig.getBasicMOAIDConfiguration("moa.id.protocols.eIDAS.node.countrycode",
+ MOAIDAuthConstants.COUNTRYCODE_AUSTRIA);
+
if (Constants.URN_PREFIX_BASEID.equals(baseIDType)) {
- if (MiscUtil.isNotEmpty(eIDASOutboundCountry) && !COUNTRYCODE_AUSTRIA.equals(eIDASOutboundCountry)) {
+ if (MiscUtil.isNotEmpty(eIDASOutboundCountry) && !cititzenCountryCode.equals(eIDASOutboundCountry)) {
Pair<String, String> eIDASID = new BPKBuilder().buildeIDASIdentifer(baseIDType, baseID,
- COUNTRYCODE_AUSTRIA, eIDASOutboundCountry);
+ cititzenCountryCode, eIDASOutboundCountry);
Logger.debug("Authenticate user with bPK:" + eIDASID.getFirst() + " Type:" + eIDASID.getSecond());
return eIDASID;
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/SignatureVerificationUtils.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/SignatureVerificationUtils.java
index ec94101d1..9ca15c76f 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/SignatureVerificationUtils.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/SignatureVerificationUtils.java
@@ -29,14 +29,13 @@ import org.w3c.dom.Document;
import org.w3c.dom.Element;
import org.w3c.dom.Node;
-import at.gv.egovernment.moa.id.auth.data.VerifyXMLSignatureResponse;
import at.gv.egovernment.moa.id.auth.exception.BuildException;
import at.gv.egovernment.moa.id.auth.exception.ParseException;
import at.gv.egovernment.moa.id.auth.exception.ServiceException;
import at.gv.egovernment.moa.id.auth.invoke.SignatureVerificationInvoker;
import at.gv.egovernment.moa.id.auth.parser.VerifyXMLSignatureResponseParser;
+import at.gv.egovernment.moa.id.commons.api.data.IVerifiyXMLSignatureResponse;
import at.gv.egovernment.moa.id.commons.api.exceptions.MOAIDException;
-import at.gv.egovernment.moa.logging.Logger;
import at.gv.egovernment.moa.util.Base64Utils;
import at.gv.egovernment.moa.util.Constants;
@@ -75,7 +74,7 @@ public class SignatureVerificationUtils {
}
}
- public VerifyXMLSignatureResponse verify(byte[] signature, String trustProfileID) throws MOAIDException {
+ public IVerifiyXMLSignatureResponse verify(byte[] signature, String trustProfileID) throws MOAIDException {
try {
//build signature-verification request
Element domVerifyXMLSignatureRequest = build(signature, trustProfileID);
@@ -85,17 +84,17 @@ public class SignatureVerificationUtils {
.verifyXMLSignature(domVerifyXMLSignatureRequest);
// parses the <VerifyXMLSignatureResponse>
- VerifyXMLSignatureResponse verifyXMLSignatureResponse = new VerifyXMLSignatureResponseParser(
+ IVerifiyXMLSignatureResponse verifyXMLSignatureResponse = new VerifyXMLSignatureResponseParser(
domVerifyXMLSignatureResponse).parseData();
return verifyXMLSignatureResponse;
} catch (ParseException e) {
- Logger.error("Build signature-verification request FAILED." ,e);
+ //Logger.error("Build signature-verification request FAILED." ,e);
throw e;
} catch (ServiceException e) {
- Logger.error("MOA-SP signature verification FAILED." ,e);
+ //Logger.error("MOA-SP signature verification FAILED." ,e);
throw e;
}
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/data/AuthenticationSession.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/data/AuthenticationSession.java
index a72f6c2ea..94651915e 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/data/AuthenticationSession.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/data/AuthenticationSession.java
@@ -46,20 +46,26 @@ import java.util.Map;
import org.apache.commons.collections4.map.HashedMap;
+import at.gv.egovernment.moa.id.commons.api.data.ExtendedSAMLAttribute;
+import at.gv.egovernment.moa.id.commons.api.data.IAuthenticationSession;
+import at.gv.egovernment.moa.id.commons.api.data.IIdentityLink;
+import at.gv.egovernment.moa.id.commons.api.data.IMISMandate;
+import at.gv.egovernment.moa.id.commons.api.data.IVerifiyXMLSignatureResponse;
import at.gv.egovernment.moa.id.commons.api.exceptions.SessionDataStorageException;
-import at.gv.egovernment.moa.id.data.MISMandate;
import at.gv.egovernment.moa.logging.Logger;
import at.gv.egovernment.moa.util.Constants;
import at.gv.egovernment.moa.util.MiscUtil;
import iaik.x509.X509Certificate;
/**
- * Session data to be stored between <code>AuthenticationServer</code> API calls.
*
- * @author Paul Ivancsics
- * @version $Id$
+ * Serializable implementation of the {@link IAuthenticationSession} interface, which could be stored into a
+ * AuthenticationSession database
+ *
+ * @author Thomas Lenz
+ *
*/
-public class AuthenticationSession implements Serializable {
+public class AuthenticationSession implements Serializable, IAuthenticationSession {
/**
*
@@ -94,7 +100,7 @@ public class AuthenticationSession implements Serializable {
*
* Mandate element
*/
- private MISMandate mandate;
+ private IMISMandate mandate;
/**
* Reference value for mandate bussiness service for the assertion
@@ -110,7 +116,7 @@ public class AuthenticationSession implements Serializable {
/**
* identity link read from smartcard
*/
- private IdentityLink identityLink;
+ private IIdentityLink identityLink;
/**
* authentication block to be signed by the user
@@ -151,7 +157,7 @@ public class AuthenticationSession implements Serializable {
private String QAALevel = null;
- private VerifyXMLSignatureResponse XMLVerifySignatureResponse;
+ private IVerifiyXMLSignatureResponse XMLVerifySignatureResponse;
private boolean isForeigner;
@@ -170,14 +176,61 @@ public class AuthenticationSession implements Serializable {
}
+ /**
+ * @param id
+ * @param now
+ * @param moaSession
+ */
+ public AuthenticationSession(String id, Date now, IAuthenticationSession moaSession) {
+ sessionID = id;
+ sessionCreated = now;
+
+ authBlock = moaSession.getAuthBlock();
+ authBlockTokken = moaSession.getAuthBlockTokken();
+ authenticated = moaSession.isAuthenticated();
+ bkuURL = moaSession.getBkuURL();
+ extendedSAMLAttributesAUTH = moaSession.getExtendedSAMLAttributesAUTH();
+ extendedSAMLAttributesOA = moaSession.getExtendedSAMLAttributesOA();
+
+ genericSessionDataStorate = moaSession.getGenericSessionDataStorage();
+
+ identityLink = moaSession.getIdentityLink();
+ isForeigner = moaSession.isForeigner();
+ isOW = moaSession.isOW();
+ issueInstant = moaSession.getIssueInstant();
+ mandate = moaSession.getMISMandate();
+ mandateReferenceValue = moaSession.getMandateReferenceValue();
+ misSessionID = moaSession.getMISSessionID();
+ QAALevel = moaSession.getQAALevel();
+ samlAttributeGebeORwbpk = moaSession.getSAMLAttributeGebeORwbpk();
+ sessionCreated = moaSession.getSessionCreated();
+ signerCertificate = moaSession.getEncodedSignerCertificate();
+ useMandates = moaSession.isMandateUsed();
+ XMLVerifySignatureResponse = moaSession.getXMLVerifySignatureResponse();
+
+ //TODO: implement session construction from existing eID information
+ }
+
+ /* (non-Javadoc)
+ * @see at.gv.egovernment.moa.id.auth.data.IAuthenticationSession#isAuthenticated()
+ */
+ @Override
public boolean isAuthenticated() {
return authenticated;
}
+ /* (non-Javadoc)
+ * @see at.gv.egovernment.moa.id.auth.data.IAuthenticationSession#setAuthenticated(boolean)
+ */
+ @Override
public void setAuthenticated(boolean authenticated) {
this.authenticated = authenticated;
}
+ /* (non-Javadoc)
+ * @see at.gv.egovernment.moa.id.auth.data.IAuthenticationSession#getSignerCertificate()
+ */
+ @Override
public X509Certificate getSignerCertificate() {
try {
return new X509Certificate(signerCertificate);
@@ -188,10 +241,18 @@ public class AuthenticationSession implements Serializable {
}
}
+ /* (non-Javadoc)
+ * @see at.gv.egovernment.moa.id.auth.data.IAuthenticationSession#getEncodedSignerCertificate()
+ */
+ @Override
public byte[] getEncodedSignerCertificate() {
return this.signerCertificate;
}
+ /* (non-Javadoc)
+ * @see at.gv.egovernment.moa.id.auth.data.IAuthenticationSession#setSignerCertificate(iaik.x509.X509Certificate)
+ */
+ @Override
public void setSignerCertificate(X509Certificate signerCertificate) {
try {
this.signerCertificate = signerCertificate.getEncoded();
@@ -201,174 +262,141 @@ public class AuthenticationSession implements Serializable {
}
}
- /**
- * Returns the identityLink.
- *
- * @return IdentityLink
+ /* (non-Javadoc)
+ * @see at.gv.egovernment.moa.id.auth.data.IAuthenticationSession#getIdentityLink()
*/
- public IdentityLink getIdentityLink() {
+ @Override
+ public IIdentityLink getIdentityLink() {
return identityLink;
}
- /**
- * Returns the sessionID.
- *
- * @return String
+ /* (non-Javadoc)
+ * @see at.gv.egovernment.moa.id.auth.data.IAuthenticationSession#getSessionID()
*/
+ @Override
public String getSessionID() {
return sessionID;
}
- /**
- * Sets the identityLink.
- *
- * @param identityLink
- * The identityLink to set
+ /* (non-Javadoc)
+ * @see at.gv.egovernment.moa.id.auth.data.IAuthenticationSession#setIdentityLink(at.gv.egovernment.moa.id.auth.data.IdentityLink)
*/
- public void setIdentityLink(IdentityLink identityLink) {
+ @Override
+ public void setIdentityLink(IIdentityLink identityLink) {
this.identityLink = identityLink;
}
- /**
- * Sets the sessionID.
- *
- * @param sessionId
- * The sessionID to set
+ /* (non-Javadoc)
+ * @see at.gv.egovernment.moa.id.auth.data.IAuthenticationSession#setSessionID(java.lang.String)
*/
+ @Override
public void setSessionID(String sessionId) {
this.sessionID = sessionId;
}
- /**
- * Returns the BKU URL.
- *
- * @return String
+ /* (non-Javadoc)
+ * @see at.gv.egovernment.moa.id.auth.data.IAuthenticationSession#getBkuURL()
*/
+ @Override
public String getBkuURL() {
return bkuURL;
}
- /**
- * Sets the bkuURL
- *
- * @param bkuURL
- * The BKU URL to set
+ /* (non-Javadoc)
+ * @see at.gv.egovernment.moa.id.auth.data.IAuthenticationSession#setBkuURL(java.lang.String)
*/
+ @Override
public void setBkuURL(String bkuURL) {
this.bkuURL = bkuURL;
}
- /**
- * Returns the authBlock.
- *
- * @return String
+ /* (non-Javadoc)
+ * @see at.gv.egovernment.moa.id.auth.data.IAuthenticationSession#getAuthBlock()
*/
+ @Override
public String getAuthBlock() {
return authBlock;
}
- /**
- * Sets the authBlock.
- *
- * @param authBlock
- * The authBlock to set
+ /* (non-Javadoc)
+ * @see at.gv.egovernment.moa.id.auth.data.IAuthenticationSession#setAuthBlock(java.lang.String)
*/
+ @Override
public void setAuthBlock(String authBlock) {
this.authBlock = authBlock;
}
- /**
- * Returns the SAML Attributes to be appended to the AUTHBlock. Maybe <code>null</code>.
- *
- * @return The SAML Attributes to be appended to the AUTHBlock. Maybe <code>null</code>.
+ /* (non-Javadoc)
+ * @see at.gv.egovernment.moa.id.auth.data.IAuthenticationSession#getExtendedSAMLAttributesAUTH()
*/
+ @Override
public List<ExtendedSAMLAttribute> getExtendedSAMLAttributesAUTH() {
if (extendedSAMLAttributesAUTH == null) extendedSAMLAttributesAUTH = new ArrayList<ExtendedSAMLAttribute>();
return extendedSAMLAttributesAUTH;
}
- /**
- * Sets the SAML Attributes to be appended to the AUTHBlock.
- *
- * @param extendedSAMLAttributesAUTH
- * The SAML Attributes to be appended to the AUTHBlock.
+ /* (non-Javadoc)
+ * @see at.gv.egovernment.moa.id.auth.data.IAuthenticationSession#setExtendedSAMLAttributesAUTH(java.util.List)
*/
+ @Override
public void setExtendedSAMLAttributesAUTH(List<ExtendedSAMLAttribute> extendedSAMLAttributesAUTH) {
this.extendedSAMLAttributesAUTH = extendedSAMLAttributesAUTH;
}
- /**
- * Returns the SAML Attributes to be appended to the SAML assertion delivered to the online
- * application. Maybe <code>null</code>.
- *
- * @return The SAML Attributes to be appended to the SAML assertion delivered to the online
- * application
+ /* (non-Javadoc)
+ * @see at.gv.egovernment.moa.id.auth.data.IAuthenticationSession#getExtendedSAMLAttributesOA()
*/
+ @Override
public List<ExtendedSAMLAttribute> getExtendedSAMLAttributesOA() {
return extendedSAMLAttributesOA;
}
- /**
- * Sets the SAML Attributes to be appended to the SAML assertion delivered to the online
- * application.
- *
- * @param extendedSAMLAttributesOA
- * The SAML Attributes to be appended to the SAML assertion delivered to the online
- * application.
+ /* (non-Javadoc)
+ * @see at.gv.egovernment.moa.id.auth.data.IAuthenticationSession#setExtendedSAMLAttributesOA(java.util.List)
*/
+ @Override
public void setExtendedSAMLAttributesOA(List<ExtendedSAMLAttribute> extendedSAMLAttributesOA) {
this.extendedSAMLAttributesOA = extendedSAMLAttributesOA;
}
- /**
- * Returns the boolean value for either a target or a wbPK is provided as SAML Attribute in the
- * SAML Assertion or not.
- *
- * @return true either a target or a wbPK is provided as SAML Attribute in the SAML Assertion or
- * false if not.
+ /* (non-Javadoc)
+ * @see at.gv.egovernment.moa.id.auth.data.IAuthenticationSession#getSAMLAttributeGebeORwbpk()
*/
+ @Override
public boolean getSAMLAttributeGebeORwbpk() {
return this.samlAttributeGebeORwbpk;
}
- /**
- * Sets the boolean value for either a target or a wbPK is provided as SAML Attribute in the
- * SAML Assertion or not.
- *
- * @param samlAttributeGebeORwbpk
- * The boolean for value either a target or wbPK is provided as SAML Attribute in the
- * SAML Assertion or not.
+ /* (non-Javadoc)
+ * @see at.gv.egovernment.moa.id.auth.data.IAuthenticationSession#setSAMLAttributeGebeORwbpk(boolean)
*/
+ @Override
public void setSAMLAttributeGebeORwbpk(boolean samlAttributeGebeORwbpk) {
this.samlAttributeGebeORwbpk = samlAttributeGebeORwbpk;
}
- /**
- * Returns the issuing time of the AUTH-Block SAML assertion.
- *
- * @return The issuing time of the AUTH-Block SAML assertion.
+ /* (non-Javadoc)
+ * @see at.gv.egovernment.moa.id.auth.data.IAuthenticationSession#getIssueInstant()
*/
+ @Override
public String getIssueInstant() {
return issueInstant;
}
- /**
- * Sets the issuing time of the AUTH-Block SAML assertion.
- *
- * @param issueInstant
- * The issueInstant to set.
+ /* (non-Javadoc)
+ * @see at.gv.egovernment.moa.id.auth.data.IAuthenticationSession#setIssueInstant(java.lang.String)
*/
+ @Override
public void setIssueInstant(String issueInstant) {
this.issueInstant = issueInstant;
}
- /**
- *
- * @param useMandate
- * indicates if mandate is used or not
+ /* (non-Javadoc)
+ * @see at.gv.egovernment.moa.id.auth.data.IAuthenticationSession#setUseMandate(java.lang.String)
*/
+ @Override
public void setUseMandate(String useMandate) {
if (useMandate.compareToIgnoreCase("true") == 0)
this.useMandates = true;
@@ -377,141 +405,172 @@ public class AuthenticationSession implements Serializable {
}
+ /* (non-Javadoc)
+ * @see at.gv.egovernment.moa.id.auth.data.IAuthenticationSession#setUseMandates(boolean)
+ */
+ @Override
public void setUseMandates(boolean useMandates) {
this.useMandates = useMandates;
}
- /**
- * @return
+ /* (non-Javadoc)
+ * @see at.gv.egovernment.moa.id.auth.data.IAuthenticationSession#isMandateUsed()
*/
+ @Override
public boolean isMandateUsed() {
return this.useMandates;
}
- /**
- *
- * @param misSessionID
- * indicates the MIS session ID
+ /* (non-Javadoc)
+ * @see at.gv.egovernment.moa.id.auth.data.IAuthenticationSession#setMISSessionID(java.lang.String)
*/
+ @Override
public void setMISSessionID(String misSessionID) {
this.misSessionID = misSessionID;
}
- /**
- * Returns the MIS session ID
- *
- * @return
+ /* (non-Javadoc)
+ * @see at.gv.egovernment.moa.id.auth.data.IAuthenticationSession#getMISSessionID()
*/
+ @Override
public String getMISSessionID() {
return this.misSessionID;
}
- /**
- * @return the mandateReferenceValue
+ /* (non-Javadoc)
+ * @see at.gv.egovernment.moa.id.auth.data.IAuthenticationSession#getMandateReferenceValue()
*/
+ @Override
public String getMandateReferenceValue() {
return mandateReferenceValue;
}
- /**
- * @param mandateReferenceValue
- * the mandateReferenceValue to set
+ /* (non-Javadoc)
+ * @see at.gv.egovernment.moa.id.auth.data.IAuthenticationSession#setMandateReferenceValue(java.lang.String)
*/
+ @Override
public void setMandateReferenceValue(String mandateReferenceValue) {
this.mandateReferenceValue = mandateReferenceValue;
}
+ /* (non-Javadoc)
+ * @see at.gv.egovernment.moa.id.auth.data.IAuthenticationSession#isForeigner()
+ */
+ @Override
public boolean isForeigner() {
return isForeigner;
}
+ /* (non-Javadoc)
+ * @see at.gv.egovernment.moa.id.auth.data.IAuthenticationSession#setForeigner(boolean)
+ */
+ @Override
public void setForeigner(boolean isForeigner) {
this.isForeigner = isForeigner;
}
- public VerifyXMLSignatureResponse getXMLVerifySignatureResponse() {
+ /* (non-Javadoc)
+ * @see at.gv.egovernment.moa.id.auth.data.IAuthenticationSession#getXMLVerifySignatureResponse()
+ */
+ @Override
+ public IVerifiyXMLSignatureResponse getXMLVerifySignatureResponse() {
return XMLVerifySignatureResponse;
}
- public void setXMLVerifySignatureResponse(VerifyXMLSignatureResponse xMLVerifySignatureResponse) {
+ /* (non-Javadoc)
+ * @see at.gv.egovernment.moa.id.auth.data.IAuthenticationSession#setXMLVerifySignatureResponse(at.gv.egovernment.moa.id.auth.data.VerifyXMLSignatureResponse)
+ */
+ @Override
+ public void setXMLVerifySignatureResponse(IVerifiyXMLSignatureResponse xMLVerifySignatureResponse) {
XMLVerifySignatureResponse = xMLVerifySignatureResponse;
}
- public MISMandate getMISMandate() {
+ /* (non-Javadoc)
+ * @see at.gv.egovernment.moa.id.auth.data.IAuthenticationSession#getMISMandate()
+ */
+ @Override
+ public IMISMandate getMISMandate() {
return mandate;
}
- public void setMISMandate(MISMandate mandate) {
+ /* (non-Javadoc)
+ * @see at.gv.egovernment.moa.id.auth.data.IAuthenticationSession#setMISMandate(at.gv.egovernment.moa.id.data.MISMandate)
+ */
+ @Override
+ public void setMISMandate(IMISMandate mandate) {
this.mandate = mandate;
}
- /**
- * @return the isOW
+ /* (non-Javadoc)
+ * @see at.gv.egovernment.moa.id.auth.data.IAuthenticationSession#isOW()
*/
+ @Override
public boolean isOW() {
return isOW;
}
- /**
- * @param isOW
- * the isOW to set
+ /* (non-Javadoc)
+ * @see at.gv.egovernment.moa.id.auth.data.IAuthenticationSession#setOW(boolean)
*/
+ @Override
public void setOW(boolean isOW) {
this.isOW = isOW;
}
- /**
- * @return the authBlockTokken
+ /* (non-Javadoc)
+ * @see at.gv.egovernment.moa.id.auth.data.IAuthenticationSession#getAuthBlockTokken()
*/
+ @Override
public String getAuthBlockTokken() {
return authBlockTokken;
}
- /**
- * @param authBlockTokken
- * the authBlockTokken to set
+ /* (non-Javadoc)
+ * @see at.gv.egovernment.moa.id.auth.data.IAuthenticationSession#setAuthBlockTokken(java.lang.String)
*/
+ @Override
public void setAuthBlockTokken(String authBlockTokken) {
this.authBlockTokken = authBlockTokken;
}
- /**
- * eIDAS QAA level
- *
- * @return the qAALevel
+ /* (non-Javadoc)
+ * @see at.gv.egovernment.moa.id.auth.data.IAuthenticationSession#getQAALevel()
*/
+ @Override
public String getQAALevel() {
return QAALevel;
}
- /**
- * set QAA level in eIDAS form
- *
- * @param qAALevel the qAALevel to set
+ /* (non-Javadoc)
+ * @see at.gv.egovernment.moa.id.auth.data.IAuthenticationSession#setQAALevel(java.lang.String)
*/
+ @Override
public void setQAALevel(String qAALevel) {
QAALevel = qAALevel;
}
- /**
- * @return the sessionCreated
+ /* (non-Javadoc)
+ * @see at.gv.egovernment.moa.id.auth.data.IAuthenticationSession#getSessionCreated()
*/
+ @Override
public Date getSessionCreated() {
return sessionCreated;
}
+ /* (non-Javadoc)
+ * @see at.gv.egovernment.moa.id.auth.data.IAuthenticationSession#getGenericSessionDataStorage()
+ */
+ @Override
public Map<String, Object> getGenericSessionDataStorage() {
return genericSessionDataStorate;
}
- /**
- * Returns a generic session-data object with is stored with a specific identifier
- *
- * @param key The specific identifier of the session-data object
- * @return The session-data object or null if no data is found with this key
+ /* (non-Javadoc)
+ * @see at.gv.egovernment.moa.id.auth.data.IAuthenticationSession#getGenericDataFromSession(java.lang.String)
*/
+ @Override
public Object getGenericDataFromSession(String key) {
if (MiscUtil.isNotEmpty(key)) {
return genericSessionDataStorate.get(key);
@@ -523,13 +582,10 @@ public class AuthenticationSession implements Serializable {
}
- /**
- * Returns a generic session-data object with is stored with a specific identifier
- *
- * @param key The specific identifier of the session-data object
- * @param clazz The class type which is stored with this key
- * @return The session-data object or null if no data is found with this key
+ /* (non-Javadoc)
+ * @see at.gv.egovernment.moa.id.auth.data.IAuthenticationSession#getGenericDataFromSession(java.lang.String, java.lang.Class)
*/
+ @Override
public <T> T getGenericDataFromSession(String key, final Class<T> clazz) {
if (MiscUtil.isNotEmpty(key)) {
Object data = genericSessionDataStorate.get(key);
@@ -555,13 +611,10 @@ public class AuthenticationSession implements Serializable {
}
- /**
- * Store a generic data-object to session with a specific identifier
- *
- * @param key Identifier for this data-object
- * @param object Generic data-object which should be stored. This data-object had to be implement the 'java.io.Serializable' interface
- * @throws SessionDataStorageException Error message if the data-object can not stored to generic session-data storage
+ /* (non-Javadoc)
+ * @see at.gv.egovernment.moa.id.auth.data.IAuthenticationSession#setGenericDataToSession(java.lang.String, java.lang.Object)
*/
+ @Override
public void setGenericDataToSession(String key, Object object) throws SessionDataStorageException {
if (MiscUtil.isEmpty(key)) {
Logger.warn("Generic session-data can not be stored with a 'null' key");
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/data/AuthenticationSessionWrapper.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/data/AuthenticationSessionWrapper.java
new file mode 100644
index 000000000..5419e8ae0
--- /dev/null
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/data/AuthenticationSessionWrapper.java
@@ -0,0 +1,492 @@
+/*
+ * Copyright 2014 Federal Chancellery Austria
+ * MOA-ID has been developed in a cooperation between BRZ, the Federal
+ * Chancellery Austria - ICT staff unit, and Graz University of Technology.
+ *
+ * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by
+ * the European Commission - subsequent versions of the EUPL (the "Licence");
+ * You may not use this work except in compliance with the Licence.
+ * You may obtain a copy of the Licence at:
+ * http://www.osor.eu/eupl/
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the Licence is distributed on an "AS IS" basis,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the Licence for the specific language governing permissions and
+ * limitations under the Licence.
+ *
+ * This product combines work with different licenses. See the "NOTICE" text
+ * file for details on the various modules and licenses.
+ * The "NOTICE" text file is part of the distribution. Any derivative works
+ * that you distribute must include a readable copy of the "NOTICE" text file.
+ */
+package at.gv.egovernment.moa.id.auth.data;
+
+import java.security.cert.CertificateEncodingException;
+import java.security.cert.CertificateException;
+import java.util.ArrayList;
+import java.util.Date;
+import java.util.HashMap;
+import java.util.List;
+import java.util.Map;
+
+import at.gv.egovernment.moa.id.commons.api.data.AuthProzessDataConstants;
+import at.gv.egovernment.moa.id.commons.api.data.ExtendedSAMLAttribute;
+import at.gv.egovernment.moa.id.commons.api.data.IAuthenticationSession;
+import at.gv.egovernment.moa.id.commons.api.data.IIdentityLink;
+import at.gv.egovernment.moa.id.commons.api.data.IMISMandate;
+import at.gv.egovernment.moa.id.commons.api.data.IVerifiyXMLSignatureResponse;
+import at.gv.egovernment.moa.id.commons.api.exceptions.SessionDataStorageException;
+import at.gv.egovernment.moa.logging.Logger;
+import at.gv.egovernment.moa.util.MiscUtil;
+import iaik.x509.X509Certificate;
+
+/**
+ * @author tlenz
+ *
+ */
+public class AuthenticationSessionWrapper implements IAuthenticationSession, AuthProzessDataConstants {
+
+
+ private Map<String, Object> sessionData;
+
+ /**
+ * @param genericDataStorage
+ */
+ public AuthenticationSessionWrapper(Map<String, Object> genericDataStorage) {
+ this.sessionData = genericDataStorage;
+ }
+
+ private <T> T wrapStringObject(String key, Object defaultValue, Class<T> clazz) {
+ if (MiscUtil.isNotEmpty(key)) {
+ Object obj = sessionData.get(key);
+ if (obj != null && clazz.isInstance(obj))
+ return (T) obj;
+ }
+
+ if (defaultValue == null)
+ return null;
+
+ else if (clazz.isInstance(defaultValue))
+ return (T)defaultValue;
+
+ else {
+ Logger.error("DefaultValue: " + defaultValue.getClass().getName() + " is not of Type:" + clazz.getName());
+ throw new IllegalStateException("DefaultValue: " + defaultValue.getClass().getName() + " is not of Type:" + clazz.getName());
+
+ }
+ }
+
+
+ /* (non-Javadoc)
+ * @see at.gv.egovernment.moa.id.auth.data.IAuthenticationSession#isAuthenticated()
+ */
+ @Override
+ public boolean isAuthenticated() {
+ return wrapStringObject(FLAG_IS_AUTHENTICATED, false, Boolean.class);
+
+ }
+
+ /* (non-Javadoc)
+ * @see at.gv.egovernment.moa.id.auth.data.IAuthenticationSession#setAuthenticated(boolean)
+ */
+ @Override
+ public void setAuthenticated(boolean authenticated) {
+ sessionData.put(FLAG_IS_AUTHENTICATED, authenticated);
+
+ }
+
+ /* (non-Javadoc)
+ * @see at.gv.egovernment.moa.id.auth.data.IAuthenticationSession#getSignerCertificate()
+ */
+ @Override
+ public X509Certificate getSignerCertificate() {
+ byte[] encCert = getEncodedSignerCertificate();
+
+ if (encCert != null) {
+ try {
+ return new X509Certificate(encCert);
+ }
+ catch (CertificateException e) {
+ Logger.warn("Signer certificate can not be loaded from session database!", e);
+
+ }
+ }
+ return null;
+ }
+
+ /* (non-Javadoc)
+ * @see at.gv.egovernment.moa.id.auth.data.IAuthenticationSession#getEncodedSignerCertificate()
+ */
+ @Override
+ public byte[] getEncodedSignerCertificate() {
+ return wrapStringObject(VALUE_SIGNER_CERT, null, byte[].class);
+
+ }
+
+ /* (non-Javadoc)
+ * @see at.gv.egovernment.moa.id.auth.data.IAuthenticationSession#setSignerCertificate(iaik.x509.X509Certificate)
+ */
+ @Override
+ public void setSignerCertificate(X509Certificate signerCertificate) {
+ try {
+ sessionData.put(VALUE_SIGNER_CERT, signerCertificate.getEncoded());
+
+ }catch (CertificateEncodingException e) {
+ Logger.warn("Signer certificate can not be stored to session database!", e);
+ }
+
+ }
+
+ /* (non-Javadoc)
+ * @see at.gv.egovernment.moa.id.auth.data.IAuthenticationSession#getIdentityLink()
+ */
+ @Override
+ public IIdentityLink getIdentityLink() {
+ return wrapStringObject(VALUE_IDENTITYLINK, null, IIdentityLink.class);
+
+ }
+
+ /* (non-Javadoc)
+ * @see at.gv.egovernment.moa.id.auth.data.IAuthenticationSession#getSessionID()
+ */
+ @Override
+ public String getSessionID() {
+ return wrapStringObject(VALUE_SESSIONID, null, String.class);
+
+ }
+
+ /* (non-Javadoc)
+ * @see at.gv.egovernment.moa.id.auth.data.IAuthenticationSession#setIdentityLink(at.gv.egovernment.moa.id.auth.data.IdentityLink)
+ */
+ @Override
+ public void setIdentityLink(IIdentityLink identityLink) {
+ sessionData.put(VALUE_IDENTITYLINK, identityLink);
+
+ }
+
+ /* (non-Javadoc)
+ * @see at.gv.egovernment.moa.id.auth.data.IAuthenticationSession#setSessionID(java.lang.String)
+ */
+ @Override
+ public void setSessionID(String sessionId) {
+ sessionData.put(VALUE_SESSIONID, sessionId);
+
+ }
+
+ /* (non-Javadoc)
+ * @see at.gv.egovernment.moa.id.auth.data.IAuthenticationSession#getBkuURL()
+ */
+ @Override
+ public String getBkuURL() {
+ return wrapStringObject(VALUE_BKUURL, null, String.class);
+ }
+
+ /* (non-Javadoc)
+ * @see at.gv.egovernment.moa.id.auth.data.IAuthenticationSession#setBkuURL(java.lang.String)
+ */
+ @Override
+ public void setBkuURL(String bkuURL) {
+ sessionData.put(VALUE_BKUURL, bkuURL);
+
+ }
+
+ /* (non-Javadoc)
+ * @see at.gv.egovernment.moa.id.auth.data.IAuthenticationSession#getAuthBlock()
+ */
+ @Override
+ public String getAuthBlock() {
+ return wrapStringObject(VALUE_AUTHBLOCK, null, String.class);
+ }
+
+ /* (non-Javadoc)
+ * @see at.gv.egovernment.moa.id.auth.data.IAuthenticationSession#setAuthBlock(java.lang.String)
+ */
+ @Override
+ public void setAuthBlock(String authBlock) {
+ sessionData.put(VALUE_AUTHBLOCK, authBlock);
+
+ }
+
+ /* (non-Javadoc)
+ * @see at.gv.egovernment.moa.id.auth.data.IAuthenticationSession#getExtendedSAMLAttributesAUTH()
+ */
+ @Override
+ public List<ExtendedSAMLAttribute> getExtendedSAMLAttributesAUTH() {
+ return wrapStringObject(VALUE_EXTENTEDSAMLATTRAUTH, new ArrayList<ExtendedSAMLAttribute>(), List.class);
+ }
+
+ /* (non-Javadoc)
+ * @see at.gv.egovernment.moa.id.auth.data.IAuthenticationSession#setExtendedSAMLAttributesAUTH(java.util.List)
+ */
+ @Override
+ public void setExtendedSAMLAttributesAUTH(List<ExtendedSAMLAttribute> extendedSAMLAttributesAUTH) {
+ sessionData.put(VALUE_EXTENTEDSAMLATTRAUTH, extendedSAMLAttributesAUTH);
+
+ }
+
+ /* (non-Javadoc)
+ * @see at.gv.egovernment.moa.id.auth.data.IAuthenticationSession#getExtendedSAMLAttributesOA()
+ */
+ @Override
+ public List<ExtendedSAMLAttribute> getExtendedSAMLAttributesOA() {
+ return wrapStringObject(VALUE_EXTENTEDSAMLATTROA, null, List.class);
+ }
+
+ /* (non-Javadoc)
+ * @see at.gv.egovernment.moa.id.auth.data.IAuthenticationSession#setExtendedSAMLAttributesOA(java.util.List)
+ */
+ @Override
+ public void setExtendedSAMLAttributesOA(List<ExtendedSAMLAttribute> extendedSAMLAttributesOA) {
+ sessionData.put(VALUE_EXTENTEDSAMLATTROA, extendedSAMLAttributesOA);
+
+ }
+
+ /* (non-Javadoc)
+ * @see at.gv.egovernment.moa.id.auth.data.IAuthenticationSession#getSAMLAttributeGebeORwbpk()
+ */
+ @Override
+ public boolean getSAMLAttributeGebeORwbpk() {
+ return wrapStringObject(FLAG_SAMLATTRIBUTEGEBEORWBPK, false, Boolean.class);
+ }
+
+ /* (non-Javadoc)
+ * @see at.gv.egovernment.moa.id.auth.data.IAuthenticationSession#setSAMLAttributeGebeORwbpk(boolean)
+ */
+ @Override
+ public void setSAMLAttributeGebeORwbpk(boolean samlAttributeGebeORwbpk) {
+ sessionData.put(FLAG_SAMLATTRIBUTEGEBEORWBPK, samlAttributeGebeORwbpk);
+
+ }
+
+ /* (non-Javadoc)
+ * @see at.gv.egovernment.moa.id.auth.data.IAuthenticationSession#getIssueInstant()
+ */
+ @Override
+ public String getIssueInstant() {
+ return wrapStringObject(VALUE_ISSUEINSTANT, null, String.class);
+ }
+
+ /* (non-Javadoc)
+ * @see at.gv.egovernment.moa.id.auth.data.IAuthenticationSession#setIssueInstant(java.lang.String)
+ */
+ @Override
+ public void setIssueInstant(String issueInstant) {
+ sessionData.put(VALUE_ISSUEINSTANT, issueInstant);
+
+ }
+
+ /* (non-Javadoc)
+ * @see at.gv.egovernment.moa.id.auth.data.IAuthenticationSession#setUseMandate(java.lang.String)
+ */
+ @Override
+ public void setUseMandate(String useMandate) {
+ if (useMandate.compareToIgnoreCase("true") == 0)
+ setUseMandates(true);
+ else
+ setUseMandates(false);
+
+ }
+
+ /* (non-Javadoc)
+ * @see at.gv.egovernment.moa.id.auth.data.IAuthenticationSession#setUseMandates(boolean)
+ */
+ @Override
+ public void setUseMandates(boolean useMandates) {
+ sessionData.put(FLAG_USE_MANDATE, useMandates);
+
+ }
+
+ /* (non-Javadoc)
+ * @see at.gv.egovernment.moa.id.auth.data.IAuthenticationSession#isMandateUsed()
+ */
+ @Override
+ public boolean isMandateUsed() {
+ return wrapStringObject(FLAG_USE_MANDATE, false, Boolean.class);
+ }
+
+ /* (non-Javadoc)
+ * @see at.gv.egovernment.moa.id.auth.data.IAuthenticationSession#setMISSessionID(java.lang.String)
+ */
+ @Override
+ public void setMISSessionID(String misSessionID) {
+ sessionData.put(VALUE_MISSESSIONID, misSessionID);
+
+ }
+
+ /* (non-Javadoc)
+ * @see at.gv.egovernment.moa.id.auth.data.IAuthenticationSession#getMISSessionID()
+ */
+ @Override
+ public String getMISSessionID() {
+ return wrapStringObject(VALUE_MISSESSIONID, null, String.class);
+ }
+
+ /* (non-Javadoc)
+ * @see at.gv.egovernment.moa.id.auth.data.IAuthenticationSession#getMandateReferenceValue()
+ */
+ @Override
+ public String getMandateReferenceValue() {
+ return wrapStringObject(VALUE_MISREFVALUE, null, String.class);
+ }
+
+ /* (non-Javadoc)
+ * @see at.gv.egovernment.moa.id.auth.data.IAuthenticationSession#setMandateReferenceValue(java.lang.String)
+ */
+ @Override
+ public void setMandateReferenceValue(String mandateReferenceValue) {
+ sessionData.put(VALUE_MISREFVALUE, mandateReferenceValue);
+
+ }
+
+ /* (non-Javadoc)
+ * @see at.gv.egovernment.moa.id.auth.data.IAuthenticationSession#isForeigner()
+ */
+ @Override
+ public boolean isForeigner() {
+ return wrapStringObject(FLAG_IS_FOREIGNER, false, Boolean.class);
+ }
+
+ /* (non-Javadoc)
+ * @see at.gv.egovernment.moa.id.auth.data.IAuthenticationSession#setForeigner(boolean)
+ */
+ @Override
+ public void setForeigner(boolean isForeigner) {
+ sessionData.put(FLAG_IS_FOREIGNER, isForeigner);
+
+ }
+
+ /* (non-Javadoc)
+ * @see at.gv.egovernment.moa.id.auth.data.IAuthenticationSession#getXMLVerifySignatureResponse()
+ */
+ @Override
+ public IVerifiyXMLSignatureResponse getXMLVerifySignatureResponse() {
+ return wrapStringObject(VALUE_VERIFYSIGRESP, null, IVerifiyXMLSignatureResponse.class);
+ }
+
+ /* (non-Javadoc)
+ * @see at.gv.egovernment.moa.id.auth.data.IAuthenticationSession#setXMLVerifySignatureResponse(at.gv.egovernment.moa.id.auth.data.VerifyXMLSignatureResponse)
+ */
+ @Override
+ public void setXMLVerifySignatureResponse(IVerifiyXMLSignatureResponse xMLVerifySignatureResponse) {
+ sessionData.put(VALUE_VERIFYSIGRESP, xMLVerifySignatureResponse);
+
+ }
+
+ /* (non-Javadoc)
+ * @see at.gv.egovernment.moa.id.auth.data.IAuthenticationSession#getMISMandate()
+ */
+ @Override
+ public IMISMandate getMISMandate() {
+ return wrapStringObject(VALUE_MISMANDATE, null, IMISMandate.class);
+ }
+
+ /* (non-Javadoc)
+ * @see at.gv.egovernment.moa.id.auth.data.IAuthenticationSession#setMISMandate(at.gv.egovernment.moa.id.data.MISMandate)
+ */
+ @Override
+ public void setMISMandate(IMISMandate mandate) {
+ sessionData.put(VALUE_MISMANDATE, mandate);
+
+ }
+
+ /* (non-Javadoc)
+ * @see at.gv.egovernment.moa.id.auth.data.IAuthenticationSession#isOW()
+ */
+ @Override
+ public boolean isOW() {
+ return wrapStringObject(FLAG_IS_ORGANWALTER, false, Boolean.class);
+ }
+
+ /* (non-Javadoc)
+ * @see at.gv.egovernment.moa.id.auth.data.IAuthenticationSession#setOW(boolean)
+ */
+ @Override
+ public void setOW(boolean isOW) {
+ sessionData.put(FLAG_IS_ORGANWALTER, isOW);
+
+ }
+
+ /* (non-Javadoc)
+ * @see at.gv.egovernment.moa.id.auth.data.IAuthenticationSession#getAuthBlockTokken()
+ */
+ @Override
+ public String getAuthBlockTokken() {
+ return wrapStringObject(VALUE_AUTNBLOCKTOKKEN, null, String.class);
+ }
+
+ /* (non-Javadoc)
+ * @see at.gv.egovernment.moa.id.auth.data.IAuthenticationSession#setAuthBlockTokken(java.lang.String)
+ */
+ @Override
+ public void setAuthBlockTokken(String authBlockTokken) {
+ sessionData.put(VALUE_AUTNBLOCKTOKKEN, authBlockTokken);
+
+ }
+
+ /* (non-Javadoc)
+ * @see at.gv.egovernment.moa.id.auth.data.IAuthenticationSession#getQAALevel()
+ */
+ @Override
+ public String getQAALevel() {
+ return wrapStringObject(VALUE_QAALEVEL, null, String.class);
+ }
+
+ /* (non-Javadoc)
+ * @see at.gv.egovernment.moa.id.auth.data.IAuthenticationSession#setQAALevel(java.lang.String)
+ */
+ @Override
+ public void setQAALevel(String qAALevel) {
+ sessionData.put(VALUE_QAALEVEL, qAALevel);
+
+ }
+
+ /* (non-Javadoc)
+ * @see at.gv.egovernment.moa.id.auth.data.IAuthenticationSession#getSessionCreated()
+ */
+ @Override
+ public Date getSessionCreated() {
+ return wrapStringObject(VALUE_CREATED, null, Date.class);
+ }
+
+ /* (non-Javadoc)
+ * @see at.gv.egovernment.moa.id.auth.data.IAuthenticationSession#getGenericSessionDataStorage()
+ */
+ @Override
+ public Map<String, Object> getGenericSessionDataStorage() {
+ Map<String, Object> result = new HashMap<String, Object>();
+ for (String el : sessionData.keySet()) {
+ if (el.startsWith(GENERIC_PREFIX))
+ result.put(el.substring(GENERIC_PREFIX.length()), sessionData.get(el));
+
+ }
+
+ return result;
+ }
+
+ /* (non-Javadoc)
+ * @see at.gv.egovernment.moa.id.auth.data.IAuthenticationSession#getGenericDataFromSession(java.lang.String)
+ */
+ @Override
+ public Object getGenericDataFromSession(String key) {
+ return sessionData.get(GENERIC_PREFIX + key);
+ }
+
+ /* (non-Javadoc)
+ * @see at.gv.egovernment.moa.id.auth.data.IAuthenticationSession#getGenericDataFromSession(java.lang.String, java.lang.Class)
+ */
+ @Override
+ public <T> T getGenericDataFromSession(String key, Class<T> clazz) {
+ return wrapStringObject(GENERIC_PREFIX + key, null, clazz);
+ }
+
+ /* (non-Javadoc)
+ * @see at.gv.egovernment.moa.id.auth.data.IAuthenticationSession#setGenericDataToSession(java.lang.String, java.lang.Object)
+ */
+ @Override
+ public void setGenericDataToSession(String key, Object object) throws SessionDataStorageException {
+ sessionData.put(GENERIC_PREFIX + key, object);
+
+ }
+
+}
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/data/ExtendedSAMLAttributeImpl.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/data/ExtendedSAMLAttributeImpl.java
index c7fa58eaf..f1d48935f 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/data/ExtendedSAMLAttributeImpl.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/data/ExtendedSAMLAttributeImpl.java
@@ -48,6 +48,8 @@ package at.gv.egovernment.moa.id.auth.data;
import java.io.Serializable;
+import at.gv.egovernment.moa.id.commons.api.data.ExtendedSAMLAttribute;
+
/**
* This class contains SAML attributes to be appended to the SAML assertion delivered to
* the Online application.
@@ -92,13 +94,13 @@ public class ExtendedSAMLAttributeImpl implements ExtendedSAMLAttribute, Seriali
* The following values are allowed:
* <ul>
* <li>
- * {@link at.gv.egovernment.moa.id.auth.data.ExtendedSAMLAttribute#ADD_TO_AUTHBLOCK}
+ * {@link at.gv.egovernment.moa.id.commons.api.data.ExtendedSAMLAttribute#ADD_TO_AUTHBLOCK}
* </li>
* <li>
- * {@link at.gv.egovernment.moa.id.auth.data.ExtendedSAMLAttribute#NOT_ADD_TO_AUTHBLOCK}
+ * {@link at.gv.egovernment.moa.id.commons.api.data.ExtendedSAMLAttribute#NOT_ADD_TO_AUTHBLOCK}
* </li>
* <li>
- * {@link at.gv.egovernment.moa.id.auth.data.ExtendedSAMLAttribute#ADD_TO_AUTHBLOCK_ONLY}
+ * {@link at.gv.egovernment.moa.id.commons.api.data.ExtendedSAMLAttribute#ADD_TO_AUTHBLOCK_ONLY}
* </li>
* </ul>
*
@@ -111,28 +113,28 @@ public class ExtendedSAMLAttributeImpl implements ExtendedSAMLAttribute, Seriali
}
/**
- * @see at.gv.egovernment.moa.id.auth.data.ExtendedSAMLAttribute#getValue()
+ * @see at.gv.egovernment.moa.id.commons.api.data.ExtendedSAMLAttribute#getValue()
*/
public Object getValue() {
return value_;
}
/**
- * @see at.gv.egovernment.moa.id.auth.data.ExtendedSAMLAttribute#getName()
+ * @see at.gv.egovernment.moa.id.commons.api.data.ExtendedSAMLAttribute#getName()
*/
public String getName() {
return name_;
}
/**
- * @see at.gv.egovernment.moa.id.auth.data.ExtendedSAMLAttribute#getNameSpace()
+ * @see at.gv.egovernment.moa.id.commons.api.data.ExtendedSAMLAttribute#getNameSpace()
*/
public String getNameSpace() {
return namespace_;
}
/**
- * @see at.gv.egovernment.moa.id.auth.data.ExtendedSAMLAttribute#getAddToAUTHBlock()
+ * @see at.gv.egovernment.moa.id.commons.api.data.ExtendedSAMLAttribute#getAddToAUTHBlock()
*/
public int getAddToAUTHBlock() {
return addToAUTHBlock_;
@@ -144,16 +146,16 @@ public class ExtendedSAMLAttributeImpl implements ExtendedSAMLAttribute, Seriali
* @param addToAUTHBlock One of the following values:
* <ul>
* <li>
- * {@link at.gv.egovernment.moa.id.auth.data.ExtendedSAMLAttribute#ADD_TO_AUTHBLOCK}
+ * {@link at.gv.egovernment.moa.id.commons.api.data.ExtendedSAMLAttribute#ADD_TO_AUTHBLOCK}
* </li>
* <li>
- * {@link at.gv.egovernment.moa.id.auth.data.ExtendedSAMLAttribute#NOT_ADD_TO_AUTHBLOCK}
+ * {@link at.gv.egovernment.moa.id.commons.api.data.ExtendedSAMLAttribute#NOT_ADD_TO_AUTHBLOCK}
* </li>
* <li>
- * {@link at.gv.egovernment.moa.id.auth.data.ExtendedSAMLAttribute#ADD_TO_AUTHBLOCK_ONLY}
+ * {@link at.gv.egovernment.moa.id.commons.api.data.ExtendedSAMLAttribute#ADD_TO_AUTHBLOCK_ONLY}
* </li>
* </ul>
- * {@link at.gv.egovernment.moa.id.auth.data.ExtendedSAMLAttribute#ADD_TO_AUTHBLOCK}
+ * {@link at.gv.egovernment.moa.id.commons.api.data.ExtendedSAMLAttribute#ADD_TO_AUTHBLOCK}
*/
public void setAddToAUTHBlock(int addToAUTHBlock) {
addToAUTHBlock_ = addToAUTHBlock;
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/data/IdentityLink.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/data/IdentityLink.java
index 78f1e14f0..2690bc2cc 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/data/IdentityLink.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/data/IdentityLink.java
@@ -54,6 +54,7 @@ import javax.xml.transform.TransformerException;
import org.w3c.dom.Element;
+import at.gv.egovernment.moa.id.commons.api.data.IIdentityLink;
import at.gv.egovernment.moa.util.DOMUtils;
@@ -64,7 +65,7 @@ import at.gv.egovernment.moa.util.DOMUtils;
* @author Paul Ivancsics
* @version $Id$
*/
-public class IdentityLink implements Serializable{
+public class IdentityLink implements Serializable, IIdentityLink{
private static final long serialVersionUID = 1L;
@@ -128,188 +129,183 @@ public class IdentityLink implements Serializable{
public IdentityLink() {
}
- /**
- * Returns the dateOfBirth.
- * @return Calendar
- */
- public String getDateOfBirth() {
+ /* (non-Javadoc)
+ * @see at.gv.egovernment.moa.id.auth.data.IIdentityLink#getDateOfBirth()
+ */
+ @Override
+public String getDateOfBirth() {
return dateOfBirth;
}
- /**
- * Returns the familyName.
- * @return String
- */
- public String getFamilyName() {
+ /* (non-Javadoc)
+ * @see at.gv.egovernment.moa.id.auth.data.IIdentityLink#getFamilyName()
+ */
+ @Override
+public String getFamilyName() {
return familyName;
}
- /**
- * Returns the givenName.
- * @return String
- */
- public String getGivenName() {
+ /* (non-Javadoc)
+ * @see at.gv.egovernment.moa.id.auth.data.IIdentityLink#getGivenName()
+ */
+ @Override
+public String getGivenName() {
return givenName;
}
- /**
- * Returns the name.
- * @return The name.
- */
- public String getName() {
+ /* (non-Javadoc)
+ * @see at.gv.egovernment.moa.id.auth.data.IIdentityLink#getName()
+ */
+ @Override
+public String getName() {
if (name == null) {
name = givenName + " " + familyName;
}
return name;
}
- /**
- * Returns the identificationValue.
- * <code>"identificationValue"</code> is the translation of <code>"Stammzahl"</code>.
- * @return String
- */
- public String getIdentificationValue() {
+ /* (non-Javadoc)
+ * @see at.gv.egovernment.moa.id.auth.data.IIdentityLink#getIdentificationValue()
+ */
+ @Override
+public String getIdentificationValue() {
return identificationValue;
}
- /**
- * Returns the identificationType.
- * <code>"identificationType"</code> type of the identificationValue in the IdentityLink.
- * @return String
+ /* (non-Javadoc)
+ * @see at.gv.egovernment.moa.id.auth.data.IIdentityLink#getIdentificationType()
*/
+ @Override
public String getIdentificationType() {
return identificationType;
}
- /**
- * Sets the dateOfBirth.
- * @param dateOfBirth The dateOfBirth to set
- */
- public void setDateOfBirth(String dateOfBirth) {
+ /* (non-Javadoc)
+ * @see at.gv.egovernment.moa.id.auth.data.IIdentityLink#setDateOfBirth(java.lang.String)
+ */
+ @Override
+public void setDateOfBirth(String dateOfBirth) {
this.dateOfBirth = dateOfBirth;
}
- /**
- * Sets the familyName.
- * @param familyName The familyName to set
- */
- public void setFamilyName(String familyName) {
+ /* (non-Javadoc)
+ * @see at.gv.egovernment.moa.id.auth.data.IIdentityLink#setFamilyName(java.lang.String)
+ */
+ @Override
+public void setFamilyName(String familyName) {
this.familyName = familyName;
}
- /**
- * Sets the givenName.
- * @param givenName The givenName to set
- */
- public void setGivenName(String givenName) {
+ /* (non-Javadoc)
+ * @see at.gv.egovernment.moa.id.auth.data.IIdentityLink#setGivenName(java.lang.String)
+ */
+ @Override
+public void setGivenName(String givenName) {
this.givenName = givenName;
}
- /**
- * Sets the identificationValue.
- * <code>"identificationValue"</code> is the translation of <code>"Stammzahl"</code>.
- * @param identificationValue The identificationValue to set
- */
- public void setIdentificationValue(String identificationValue) {
+ /* (non-Javadoc)
+ * @see at.gv.egovernment.moa.id.auth.data.IIdentityLink#setIdentificationValue(java.lang.String)
+ */
+ @Override
+public void setIdentificationValue(String identificationValue) {
this.identificationValue = identificationValue;
}
- /**
- * Sets the Type of the identificationValue.
- * @param identificationType The type of identificationValue to set
+ /* (non-Javadoc)
+ * @see at.gv.egovernment.moa.id.auth.data.IIdentityLink#setIdentificationType(java.lang.String)
*/
+ @Override
public void setIdentificationType(String identificationType) {
this.identificationType = identificationType;
}
- /**
- * Returns the samlAssertion.
- * @return Element
- */
- public Element getSamlAssertion() {
+ /* (non-Javadoc)
+ * @see at.gv.egovernment.moa.id.auth.data.IIdentityLink#getSamlAssertion()
+ */
+ @Override
+public Element getSamlAssertion() {
return samlAssertion;
}
- /**
- * Returns the samlAssertion.
- * @return Element
- */
- public String getSerializedSamlAssertion() {
+ /* (non-Javadoc)
+ * @see at.gv.egovernment.moa.id.auth.data.IIdentityLink#getSerializedSamlAssertion()
+ */
+ @Override
+public String getSerializedSamlAssertion() {
return serializedSamlAssertion;
}
- /**
- * Sets the samlAssertion and the serializedSamlAssertion.
- * @param samlAssertion The samlAssertion to set
- */
- public void setSamlAssertion(Element samlAssertion) throws TransformerException, IOException {
+ /* (non-Javadoc)
+ * @see at.gv.egovernment.moa.id.auth.data.IIdentityLink#setSamlAssertion(org.w3c.dom.Element)
+ */
+ @Override
+public void setSamlAssertion(Element samlAssertion) throws TransformerException, IOException {
this.samlAssertion = samlAssertion;
this.serializedSamlAssertion = DOMUtils.serializeNode(samlAssertion);
}
- /**
- * Returns the dsigReferenceTransforms.
- * @return Element[]
- */
- public Element[] getDsigReferenceTransforms() {
+ /* (non-Javadoc)
+ * @see at.gv.egovernment.moa.id.auth.data.IIdentityLink#getDsigReferenceTransforms()
+ */
+ @Override
+public Element[] getDsigReferenceTransforms() {
return dsigReferenceTransforms;
}
- /**
- * Sets the dsigReferenceTransforms.
- * @param dsigReferenceTransforms The dsigReferenceTransforms to set
- */
- public void setDsigReferenceTransforms(Element[] dsigReferenceTransforms) {
+ /* (non-Javadoc)
+ * @see at.gv.egovernment.moa.id.auth.data.IIdentityLink#setDsigReferenceTransforms(org.w3c.dom.Element[])
+ */
+ @Override
+public void setDsigReferenceTransforms(Element[] dsigReferenceTransforms) {
this.dsigReferenceTransforms = dsigReferenceTransforms;
}
- /**
- * Returns the publicKey.
- * @return PublicKey[]
- */
- public PublicKey[] getPublicKey() {
+ /* (non-Javadoc)
+ * @see at.gv.egovernment.moa.id.auth.data.IIdentityLink#getPublicKey()
+ */
+ @Override
+public PublicKey[] getPublicKey() {
return publicKey;
}
- /**
- * Sets the publicKey.
- * @param publicKey The publicKey to set
- */
- public void setPublicKey(PublicKey[] publicKey) {
+ /* (non-Javadoc)
+ * @see at.gv.egovernment.moa.id.auth.data.IIdentityLink#setPublicKey(java.security.PublicKey[])
+ */
+ @Override
+public void setPublicKey(PublicKey[] publicKey) {
this.publicKey = publicKey;
}
- /**
- * Returns the prPerson.
- * @return Element
- */
- public Element getPrPerson() {
+ /* (non-Javadoc)
+ * @see at.gv.egovernment.moa.id.auth.data.IIdentityLink#getPrPerson()
+ */
+ @Override
+public Element getPrPerson() {
return prPerson;
}
- /**
- * Sets the prPerson.
- * @param prPerson The prPerson to set
- */
- public void setPrPerson(Element prPerson) {
+ /* (non-Javadoc)
+ * @see at.gv.egovernment.moa.id.auth.data.IIdentityLink#setPrPerson(org.w3c.dom.Element)
+ */
+ @Override
+public void setPrPerson(Element prPerson) {
this.prPerson = prPerson;
}
- /**
- * Returns the issuing time of the identity link SAML assertion.
- *
- * @return The issuing time of the identity link SAML assertion.
- */
- public String getIssueInstant() {
+ /* (non-Javadoc)
+ * @see at.gv.egovernment.moa.id.auth.data.IIdentityLink#getIssueInstant()
+ */
+ @Override
+public String getIssueInstant() {
return issueInstant;
}
- /**
- * Sets the issuing time of the identity link SAML assertion.
- *
- * @param issueInstant The issueInstant to set.
- */
- public void setIssueInstant(String issueInstant) {
+ /* (non-Javadoc)
+ * @see at.gv.egovernment.moa.id.auth.data.IIdentityLink#setIssueInstant(java.lang.String)
+ */
+ @Override
+public void setIssueInstant(String issueInstant) {
this.issueInstant = issueInstant;
}
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/data/InfoboxValidationResult.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/data/InfoboxValidationResult.java
index e9a278d0f..82263f7a1 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/data/InfoboxValidationResult.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/data/InfoboxValidationResult.java
@@ -46,12 +46,13 @@
package at.gv.egovernment.moa.id.auth.data;
+import at.gv.egovernment.moa.id.commons.api.data.ExtendedSAMLAttribute;
/**
* Includes the result of an extended infobox validation.
*
* If validation succeeds, an array of
- * {@link at.gv.egovernment.moa.id.auth.data.ExtendedSAMLAttribute ExtendedSAMLAttributes}
+ * {@link at.gv.egovernment.moa.id.commons.api.data.ExtendedSAMLAttribute ExtendedSAMLAttributes}
* maybe provided. Each of these SAML-Attributes will be either appended to the
* final SAML-Assertion passed to the online application or to the AUTH-Block,
* or to both.
@@ -65,7 +66,7 @@ public interface InfoboxValidationResult {
/**
* The method returns <code>true</code> if validation succeeds. In that case
* method {@link #getExtendedSamlAttributes()} may provide an array of
- * {@link at.gv.egovernment.moa.id.auth.data.ExtendedSAMLAttribute
+ * {@link at.gv.egovernment.moa.id.commons.api.data.ExtendedSAMLAttribute
* ExtendedSAMLAttributes} that should be appended to the final SAML-Assertion or the
* AUTH-Block or to both.
* <br>
@@ -78,14 +79,14 @@ public interface InfoboxValidationResult {
public boolean isValid();
/**
- * Returns an array of {@link at.gv.egovernment.moa.id.auth.data.ExtendedSAMLAttribute
+ * Returns an array of {@link at.gv.egovernment.moa.id.commons.api.data.ExtendedSAMLAttribute
* ExtendedSAMLAttributes} that should be added to the SAML-Assertion
* provided to the online application.
* The SAML-Attributes in that array will be added to the final
* SAML-Assertion, the AUTH-Block, or both, exactly in the order as they are arranged
* in the array this method returns.
*
- * @return An array of {@link at.gv.egovernment.moa.id.auth.data.ExtendedSAMLAttribute
+ * @return An array of {@link at.gv.egovernment.moa.id.commons.api.data.ExtendedSAMLAttribute
* ExtendedSAMLAttributes} that should be added to the SAML-Assertion
* provided to the online application, the AUTH-Block, or both. If no attributes should
* be added this array maybe <code>null</code> or empty.
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/data/InfoboxValidationResultImpl.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/data/InfoboxValidationResultImpl.java
index 0ba17eb2f..c5183d29c 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/data/InfoboxValidationResultImpl.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/data/InfoboxValidationResultImpl.java
@@ -46,6 +46,7 @@
package at.gv.egovernment.moa.id.auth.data;
+import at.gv.egovernment.moa.id.commons.api.data.ExtendedSAMLAttribute;
/**
* Default implementation of the {@link InfoboxValidationResult} interface.
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/data/VerifyXMLSignatureResponse.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/data/VerifyXMLSignatureResponse.java
index 6cf1de319..c054976ec 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/data/VerifyXMLSignatureResponse.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/data/VerifyXMLSignatureResponse.java
@@ -49,6 +49,7 @@ package at.gv.egovernment.moa.id.auth.data;
import java.io.Serializable;
import java.util.Date;
+import at.gv.egovernment.moa.id.commons.api.data.IVerifiyXMLSignatureResponse;
import iaik.x509.X509Certificate;
/**
@@ -59,7 +60,7 @@ import iaik.x509.X509Certificate;
* @version $Id$
*
*/
-public class VerifyXMLSignatureResponse implements Serializable{
+public class VerifyXMLSignatureResponse implements Serializable, IVerifiyXMLSignatureResponse{
private static final long serialVersionUID = 1L;
@@ -89,173 +90,179 @@ public class VerifyXMLSignatureResponse implements Serializable{
private Date signingDateTime;
- /**
- * Returns the certificateCheckCode.
- * @return int
- */
- public int getCertificateCheckCode() {
+ /* (non-Javadoc)
+ * @see at.gv.egovernment.moa.id.auth.data.IVerifiyXMLSignatureResponse#getCertificateCheckCode()
+ */
+ @Override
+public int getCertificateCheckCode() {
return certificateCheckCode;
}
- /**
- * Returns the signatureCheckCode.
- * @return int
- */
- public int getSignatureCheckCode() {
+ /* (non-Javadoc)
+ * @see at.gv.egovernment.moa.id.auth.data.IVerifiyXMLSignatureResponse#getSignatureCheckCode()
+ */
+ @Override
+public int getSignatureCheckCode() {
return signatureCheckCode;
}
- /**
- * Returns the xmlDSIGManifestCheckCode.
- * @return int
- */
- public int getXmlDSIGManifestCheckCode() {
+ /* (non-Javadoc)
+ * @see at.gv.egovernment.moa.id.auth.data.IVerifiyXMLSignatureResponse#getXmlDSIGManifestCheckCode()
+ */
+ @Override
+public int getXmlDSIGManifestCheckCode() {
return xmlDSIGManifestCheckCode;
}
- /**
- * Returns the xmlDsigSubjectName.
- * @return String
- */
- public String getXmlDsigSubjectName() {
+ /* (non-Javadoc)
+ * @see at.gv.egovernment.moa.id.auth.data.IVerifiyXMLSignatureResponse#getXmlDsigSubjectName()
+ */
+ @Override
+public String getXmlDsigSubjectName() {
return xmlDsigSubjectName;
}
- /**
- * Sets the certificateCheckCode.
- * @param certificateCheckCode The certificateCheckCode to set
- */
- public void setCertificateCheckCode(int certificateCheckCode) {
+ /* (non-Javadoc)
+ * @see at.gv.egovernment.moa.id.auth.data.IVerifiyXMLSignatureResponse#setCertificateCheckCode(int)
+ */
+ @Override
+public void setCertificateCheckCode(int certificateCheckCode) {
this.certificateCheckCode = certificateCheckCode;
}
- /**
- * Sets the signatureCheckCode.
- * @param signatureCheckCode The signatureCheckCode to set
- */
- public void setSignatureCheckCode(int signatureCheckCode) {
+ /* (non-Javadoc)
+ * @see at.gv.egovernment.moa.id.auth.data.IVerifiyXMLSignatureResponse#setSignatureCheckCode(int)
+ */
+ @Override
+public void setSignatureCheckCode(int signatureCheckCode) {
this.signatureCheckCode = signatureCheckCode;
}
- /**
- * Sets the xmlDSIGManifestCheckCode.
- * @param xmlDSIGManifestCheckCode The xmlDSIGManifestCheckCode to set
- */
- public void setXmlDSIGManifestCheckCode(int xmlDSIGManifestCheckCode) {
+ /* (non-Javadoc)
+ * @see at.gv.egovernment.moa.id.auth.data.IVerifiyXMLSignatureResponse#setXmlDSIGManifestCheckCode(int)
+ */
+ @Override
+public void setXmlDSIGManifestCheckCode(int xmlDSIGManifestCheckCode) {
this.xmlDSIGManifestCheckCode = xmlDSIGManifestCheckCode;
}
- /**
- * Sets the xmlDsigSubjectName.
- * @param xmlDsigSubjectName The xmlDsigSubjectName to set
- */
- public void setXmlDsigSubjectName(String xmlDsigSubjectName) {
+ /* (non-Javadoc)
+ * @see at.gv.egovernment.moa.id.auth.data.IVerifiyXMLSignatureResponse#setXmlDsigSubjectName(java.lang.String)
+ */
+ @Override
+public void setXmlDsigSubjectName(String xmlDsigSubjectName) {
this.xmlDsigSubjectName = xmlDsigSubjectName;
}
- /**
- * Returns the publicAuthorityCode.
- * @return int
- */
- public String getPublicAuthorityCode() {
+ /* (non-Javadoc)
+ * @see at.gv.egovernment.moa.id.auth.data.IVerifiyXMLSignatureResponse#getPublicAuthorityCode()
+ */
+ @Override
+public String getPublicAuthorityCode() {
return publicAuthorityCode;
}
- /**
- * Sets the publicAuthorityCode.
- * @param publicAuthorityCode The publicAuthorityCode to set
- */
- public void setPublicAuthorityCode(String publicAuthorityCode) {
+ /* (non-Javadoc)
+ * @see at.gv.egovernment.moa.id.auth.data.IVerifiyXMLSignatureResponse#setPublicAuthorityCode(java.lang.String)
+ */
+ @Override
+public void setPublicAuthorityCode(String publicAuthorityCode) {
this.publicAuthorityCode = publicAuthorityCode;
}
- /**
- * Returns the qualifiedCertificate.
- * @return boolean
- */
- public boolean isQualifiedCertificate() {
+ /* (non-Javadoc)
+ * @see at.gv.egovernment.moa.id.auth.data.IVerifiyXMLSignatureResponse#isQualifiedCertificate()
+ */
+ @Override
+public boolean isQualifiedCertificate() {
return qualifiedCertificate;
}
- /**
- * Returns the x509certificate.
- * @return X509Certificate
- */
- public X509Certificate getX509certificate() {
+ /* (non-Javadoc)
+ * @see at.gv.egovernment.moa.id.auth.data.IVerifiyXMLSignatureResponse#getX509certificate()
+ */
+ @Override
+public X509Certificate getX509certificate() {
return x509certificate;
}
- /**
- * Sets the qualifiedCertificate.
- * @param qualifiedCertificate The qualifiedCertificate to set
- */
- public void setQualifiedCertificate(boolean qualifiedCertificate) {
+ /* (non-Javadoc)
+ * @see at.gv.egovernment.moa.id.auth.data.IVerifiyXMLSignatureResponse#setQualifiedCertificate(boolean)
+ */
+ @Override
+public void setQualifiedCertificate(boolean qualifiedCertificate) {
this.qualifiedCertificate = qualifiedCertificate;
}
- /**
- * Sets the x509certificate.
- * @param x509certificate The x509certificate to set
- */
- public void setX509certificate(X509Certificate x509certificate) {
+ /* (non-Javadoc)
+ * @see at.gv.egovernment.moa.id.auth.data.IVerifiyXMLSignatureResponse#setX509certificate(iaik.x509.X509Certificate)
+ */
+ @Override
+public void setX509certificate(X509Certificate x509certificate) {
this.x509certificate = x509certificate;
}
- /**
- * Returns the xmlDSIGManigest.
- * @return boolean
- */
- public boolean isXmlDSIGManigest() {
+ /* (non-Javadoc)
+ * @see at.gv.egovernment.moa.id.auth.data.IVerifiyXMLSignatureResponse#isXmlDSIGManigest()
+ */
+ @Override
+public boolean isXmlDSIGManigest() {
return xmlDSIGManigest;
}
- /**
- * Sets the xmlDSIGManigest.
- * @param xmlDSIGManigest The xmlDSIGManigest to set
- */
- public void setXmlDSIGManigest(boolean xmlDSIGManigest) {
+ /* (non-Javadoc)
+ * @see at.gv.egovernment.moa.id.auth.data.IVerifiyXMLSignatureResponse#setXmlDSIGManigest(boolean)
+ */
+ @Override
+public void setXmlDSIGManigest(boolean xmlDSIGManigest) {
this.xmlDSIGManigest = xmlDSIGManigest;
}
- /**
- * Returns the publicAuthority.
- * @return boolean
- */
- public boolean isPublicAuthority() {
+ /* (non-Javadoc)
+ * @see at.gv.egovernment.moa.id.auth.data.IVerifiyXMLSignatureResponse#isPublicAuthority()
+ */
+ @Override
+public boolean isPublicAuthority() {
return publicAuthority;
}
- /**
- * Sets the publicAuthority.
- * @param publicAuthority The publicAuthority to set
- */
- public void setPublicAuthority(boolean publicAuthority) {
+ /* (non-Javadoc)
+ * @see at.gv.egovernment.moa.id.auth.data.IVerifiyXMLSignatureResponse#setPublicAuthority(boolean)
+ */
+ @Override
+public void setPublicAuthority(boolean publicAuthority) {
this.publicAuthority = publicAuthority;
}
- /**
- * Returns the the resulting code of the signature manifest check.
- *
- * @return The code of the sigature manifest check.
- */
- public int getSignatureManifestCheckCode() {
+ /* (non-Javadoc)
+ * @see at.gv.egovernment.moa.id.auth.data.IVerifiyXMLSignatureResponse#getSignatureManifestCheckCode()
+ */
+ @Override
+public int getSignatureManifestCheckCode() {
return signatureManifestCheckCode;
}
- /**
- * Sets the signatureManifestCode.
- *
- * @param signatureManifestCheckCode The signatureManifestCode to set.
- */
- public void setSignatureManifestCheckCode(int signatureManifestCheckCode) {
+ /* (non-Javadoc)
+ * @see at.gv.egovernment.moa.id.auth.data.IVerifiyXMLSignatureResponse#setSignatureManifestCheckCode(int)
+ */
+ @Override
+public void setSignatureManifestCheckCode(int signatureManifestCheckCode) {
this.signatureManifestCheckCode = signatureManifestCheckCode;
}
- public Date getSigningDateTime() {
+ /* (non-Javadoc)
+ * @see at.gv.egovernment.moa.id.auth.data.IVerifiyXMLSignatureResponse#getSigningDateTime()
+ */
+@Override
+public Date getSigningDateTime() {
return signingDateTime;
}
- public void setSigningDateTime(Date signingDateTime) {
+ /* (non-Javadoc)
+ * @see at.gv.egovernment.moa.id.auth.data.IVerifiyXMLSignatureResponse#setSigningDateTime(java.util.Date)
+ */
+@Override
+public void setSigningDateTime(Date signingDateTime) {
this.signingDateTime = signingDateTime;
}
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/exception/MISSimpleClientException.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/exception/MISSimpleClientException.java
index 718c35df3..ab3d2cae2 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/exception/MISSimpleClientException.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/exception/MISSimpleClientException.java
@@ -73,6 +73,10 @@ public class MISSimpleClientException extends MOAIDException {
super(message, null, cause);
}
+ public MISSimpleClientException(String message, Object[] params, Throwable cause) {
+ super(message, params, cause);
+ }
+
/**
* @return the bkuErrorCode
*/
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/modules/AbstractAuthServletTask.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/modules/AbstractAuthServletTask.java
index 1b78ff677..ec6dbc951 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/modules/AbstractAuthServletTask.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/modules/AbstractAuthServletTask.java
@@ -22,18 +22,16 @@ import org.springframework.beans.factory.annotation.Autowired;
import at.gv.egovernment.moa.id.advancedlogging.MOAReversionLogger;
import at.gv.egovernment.moa.id.auth.builder.DataURLBuilder;
-import at.gv.egovernment.moa.id.auth.data.AuthenticationSession;
import at.gv.egovernment.moa.id.commons.api.AuthConfiguration;
import at.gv.egovernment.moa.id.commons.api.IRequest;
+import at.gv.egovernment.moa.id.commons.api.data.IAuthenticationSession;
import at.gv.egovernment.moa.id.commons.api.exceptions.MOAIDException;
import at.gv.egovernment.moa.id.commons.db.ex.MOADatabaseException;
import at.gv.egovernment.moa.id.moduls.IRequestStorage;
import at.gv.egovernment.moa.id.process.api.ExecutionContext;
import at.gv.egovernment.moa.id.process.springweb.MoaIdTask;
import at.gv.egovernment.moa.id.protocols.AbstractAuthProtocolModulController;
-import at.gv.egovernment.moa.id.storage.IAuthenticationSessionStoreage;
import at.gv.egovernment.moa.logging.Logger;
-import at.gv.egovernment.moa.util.MiscUtil;
/**
* Task based counterpart to {@link AuthServlet}, providing the same utility methods (error handling, parameter parsing
@@ -42,14 +40,14 @@ import at.gv.egovernment.moa.util.MiscUtil;
public abstract class AbstractAuthServletTask extends MoaIdTask {
@Autowired protected IRequestStorage requestStoreage;
- @Autowired protected IAuthenticationSessionStoreage authenticatedSessionStorage;
+ //@Autowired protected IAuthenticationSessionStoreage authenticatedSessionStorage;
@Autowired protected MOAReversionLogger revisionsLogger;
@Autowired protected AuthConfiguration authConfig;
protected static final String ERROR_CODE_PARAM = "errorid";
protected IRequest pendingReq = null;
- protected AuthenticationSession moasession = null;
+ protected IAuthenticationSession moasession = null;
public abstract void execute(ExecutionContext executionContext, HttpServletRequest request,
HttpServletResponse response) throws TaskExecutionException;
@@ -77,28 +75,8 @@ public abstract class AbstractAuthServletTask extends MoaIdTask {
* @throws MOADatabaseException
*/
protected void defaultTaskInitialization(HttpServletRequest req, ExecutionContext executionContext) throws MOAIDException, MOADatabaseException {
- String moasessionid = pendingReq.getMOASessionIdentifier();
- if (MiscUtil.isEmpty(moasessionid)) {
- Logger.warn("MOASessionID is empty.");
- throw new MOAIDException("auth.18", new Object[] {});
- }
-
- try {
- moasession = authenticatedSessionStorage.getSession(moasessionid);
-
- if (moasession == null) {
- Logger.warn("MOASessionID is empty.");
- throw new MOAIDException("auth.18", new Object[] {});
- }
-
- } catch (MOADatabaseException e) {
- Logger.info("MOASession with SessionID=" + moasessionid + " is not found in Database");
- throw new MOAIDException("init.04", new Object[] { moasessionid });
-
- } catch (Throwable e) {
- Logger.info("No HTTP Session found!");
- throw new MOAIDException("auth.18", new Object[] {});
- }
+ Logger.trace("Get MOASessionData object from pendingReq:" + pendingReq.getRequestID());
+ moasession = pendingReq.getMOASession();
}
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/modules/internal/tasks/EvaluateSSOConsentsTaskImpl.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/modules/internal/tasks/EvaluateSSOConsentsTaskImpl.java
index dfb90da3a..1c26ff5ec 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/modules/internal/tasks/EvaluateSSOConsentsTaskImpl.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/modules/internal/tasks/EvaluateSSOConsentsTaskImpl.java
@@ -30,6 +30,7 @@ import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.stereotype.Component;
import at.gv.egovernment.moa.id.advancedlogging.MOAIDEventConstants;
+import at.gv.egovernment.moa.id.auth.data.AuthenticationSession;
import at.gv.egovernment.moa.id.auth.exception.AuthenticationException;
import at.gv.egovernment.moa.id.auth.exception.WrongParametersException;
import at.gv.egovernment.moa.id.auth.modules.AbstractAuthServletTask;
@@ -37,6 +38,7 @@ import at.gv.egovernment.moa.id.auth.modules.TaskExecutionException;
import at.gv.egovernment.moa.id.commons.api.exceptions.MOAIDException;
import at.gv.egovernment.moa.id.moduls.SSOManager;
import at.gv.egovernment.moa.id.process.api.ExecutionContext;
+import at.gv.egovernment.moa.id.storage.IAuthenticationSessionStoreage;
import at.gv.egovernment.moa.id.util.ParamValidatorUtils;
import at.gv.egovernment.moa.logging.Logger;
import at.gv.egovernment.moa.util.MiscUtil;
@@ -53,6 +55,7 @@ public class EvaluateSSOConsentsTaskImpl extends AbstractAuthServletTask {
private static final String PARAM_SSO_CONSENTS = "value";
@Autowired private SSOManager ssoManager;
+ @Autowired protected IAuthenticationSessionStoreage authenticatedSessionStorage;
/* (non-Javadoc)
* @see at.gv.egovernment.moa.id.process.springweb.MoaIdTask#execute(at.gv.egovernment.moa.id.process.api.ExecutionContext, javax.servlet.http.HttpServletRequest, javax.servlet.http.HttpServletResponse)
@@ -72,12 +75,16 @@ public class EvaluateSSOConsentsTaskImpl extends AbstractAuthServletTask {
ssoConsents = Boolean.parseBoolean(ssoConsentsString);
//perform default task initialization
- defaultTaskInitialization(request, executionContext);
+ //defaultTaskInitialization(request, executionContext);
//check SSO session cookie and MOASession object
String ssoId = ssoManager.getSSOSessionID(request);
- boolean isValidSSOSession = ssoManager.isValidSSOSession(ssoId, pendingReq);
- if (!(isValidSSOSession && moasession.isAuthenticated() )) {
+ boolean isValidSSOSession = ssoManager.isValidSSOSession(ssoId, pendingReq);
+
+ //load MOA SSO-session from database
+ AuthenticationSession ssoMOSSession = authenticatedSessionStorage.getInternalSSOSession(pendingReq.getInternalSSOSessionIdentifier());
+
+ if (!(isValidSSOSession && ssoMOSSession.isAuthenticated() )) {
Logger.info("Single Sign-On consents evaluator found NO valid SSO session. Stopping authentication process ...");
throw new AuthenticationException("auth.30", null);
@@ -86,8 +93,13 @@ public class EvaluateSSOConsentsTaskImpl extends AbstractAuthServletTask {
//Log consents evaluator event to revisionslog
revisionsLogger.logEvent(pendingReq, MOAIDEventConstants.AUTHPROCESS_SSO_ASK_USER_FINISHED, String.valueOf(ssoConsents));
+ //Populate this pending request with SSO session information
+ pendingReq.populateMOASessionWithSSOInformation(ssoMOSSession);
+
+
//user allow single sign-on authentication
if (ssoConsents) {
+
//authenticate pending-request
pendingReq.setAuthenticated(true);
pendingReq.setAbortedByUser(false);
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/modules/internal/tasks/FinalizeAuthenticationTask.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/modules/internal/tasks/FinalizeAuthenticationTask.java
index 6a1ed7203..4eff0fcf5 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/modules/internal/tasks/FinalizeAuthenticationTask.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/modules/internal/tasks/FinalizeAuthenticationTask.java
@@ -31,7 +31,6 @@ import at.gv.egovernment.moa.id.auth.modules.AbstractAuthServletTask;
import at.gv.egovernment.moa.id.auth.modules.TaskExecutionException;
import at.gv.egovernment.moa.id.commons.MOAIDAuthConstants;
import at.gv.egovernment.moa.id.commons.api.exceptions.MOAIDException;
-import at.gv.egovernment.moa.id.moduls.RequestImpl;
import at.gv.egovernment.moa.id.process.api.ExecutionContext;
import at.gv.egovernment.moa.logging.Logger;
@@ -53,12 +52,10 @@ public class FinalizeAuthenticationTask extends AbstractAuthServletTask {
try {
defaultTaskInitialization(request, executionContext);
- //set MOASession to authenticated and store MOASession
+ //set MOASession to authenticated
moasession.setAuthenticated(true);
- String newMOASessionID = authenticatedSessionStorage.changeSessionID(moasession);
- //set pendingRequest to authenticated and set new MOASessionID
- ((RequestImpl)pendingReq).setMOASessionIdentifier(newMOASessionID);
+ //set pending request to authenticated
pendingReq.setAuthenticated(true);
requestStoreage.storePendingRequest(pendingReq);
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/parser/IdentityLinkAssertionParser.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/parser/IdentityLinkAssertionParser.java
index a5783bfb7..8f7364f62 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/parser/IdentityLinkAssertionParser.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/parser/IdentityLinkAssertionParser.java
@@ -61,6 +61,7 @@ import org.w3c.dom.traversal.NodeIterator;
import at.gv.egovernment.moa.id.auth.data.IdentityLink;
import at.gv.egovernment.moa.id.auth.exception.ECDSAConverterException;
import at.gv.egovernment.moa.id.auth.exception.ParseException;
+import at.gv.egovernment.moa.id.commons.api.data.IIdentityLink;
import at.gv.egovernment.moa.id.util.ECDSAKeyValueConverter;
import at.gv.egovernment.moa.util.Base64Utils;
import at.gv.egovernment.moa.util.Constants;
@@ -256,8 +257,8 @@ public class IdentityLinkAssertionParser {
* @throws ParseException on any parsing error
*/
- public IdentityLink parseIdentityLink() throws ParseException {
- IdentityLink identityLink;
+ public IIdentityLink parseIdentityLink() throws ParseException {
+ IIdentityLink identityLink;
try {
identityLink = new IdentityLink();
identityLink.setSamlAssertion(assertionElem);
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/parser/StartAuthentificationParameterParser.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/parser/StartAuthentificationParameterParser.java
index 140c7aebc..92d76751f 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/parser/StartAuthentificationParameterParser.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/parser/StartAuthentificationParameterParser.java
@@ -30,13 +30,13 @@ import org.apache.commons.lang.StringEscapeUtils;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.stereotype.Service;
-import at.gv.egovernment.moa.id.auth.data.AuthenticationSession;
import at.gv.egovernment.moa.id.auth.exception.AuthenticationException;
import at.gv.egovernment.moa.id.auth.exception.WrongParametersException;
import at.gv.egovernment.moa.id.commons.MOAIDAuthConstants;
import at.gv.egovernment.moa.id.commons.api.AuthConfiguration;
import at.gv.egovernment.moa.id.commons.api.IOAAuthParameters;
import at.gv.egovernment.moa.id.commons.api.IRequest;
+import at.gv.egovernment.moa.id.commons.api.data.IAuthenticationSession;
import at.gv.egovernment.moa.id.commons.api.exceptions.MOAIDException;
import at.gv.egovernment.moa.id.config.TargetToSectorNameMapper;
import at.gv.egovernment.moa.id.process.api.ExecutionContext;
@@ -51,7 +51,7 @@ public class StartAuthentificationParameterParser extends MOAIDAuthConstants{
@Autowired AuthConfiguration authConfig;
- public void parse(AuthenticationSession moasession,
+ public void parse(IAuthenticationSession moasession,
String target,
String oaURL,
String bkuURL,
@@ -221,8 +221,8 @@ public class StartAuthentificationParameterParser extends MOAIDAuthConstants{
}
- public void parse(ExecutionContext ec, HttpServletRequest req,
- AuthenticationSession moasession, IRequest request) throws WrongParametersException, MOAIDException {
+ public void parse(ExecutionContext ec, IAuthenticationSession moasession, HttpServletRequest req, IRequest pendingReq)
+ throws WrongParametersException, MOAIDException {
//get Parameters from request
String oaURL = (String) ec.get(PARAM_OA);
@@ -231,20 +231,20 @@ public class StartAuthentificationParameterParser extends MOAIDAuthConstants{
String useMandate = (String) ec.get(PARAM_USEMANDATE);
String ccc = (String) ec.get(PARAM_CCC);
- if (request.getOnlineApplicationConfiguration() != null &&
- request.getOnlineApplicationConfiguration().isOnlyMandateAllowed()) {
- Logger.debug("Service " + request.getOnlineApplicationConfiguration().getPublicURLPrefix()
+ if (pendingReq.getOnlineApplicationConfiguration() != null &&
+ pendingReq.getOnlineApplicationConfiguration().isOnlyMandateAllowed()) {
+ Logger.debug("Service " + pendingReq.getOnlineApplicationConfiguration().getPublicURLPrefix()
+ " only allows authentication with mandates. --> Set useMandate to TRUE.");
- useMandate = String.valueOf(request.getOnlineApplicationConfiguration().isOnlyMandateAllowed());
+ useMandate = String.valueOf(pendingReq.getOnlineApplicationConfiguration().isOnlyMandateAllowed());
}
- oaURL = request.getOAURL();
+ oaURL = pendingReq.getOAURL();
//only needed for SAML1
- String target = request.getGenericData("saml1_target", String.class);
+ String target = pendingReq.getGenericData("saml1_target", String.class);
- parse(moasession, target, oaURL, bkuURL, templateURL, useMandate, ccc, req, request);
+ parse(moasession, target, oaURL, bkuURL, templateURL, useMandate, ccc, req, pendingReq);
}
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/parser/VerifyXMLSignatureResponseParser.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/parser/VerifyXMLSignatureResponseParser.java
index 7bce406e0..b54a43fff 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/parser/VerifyXMLSignatureResponseParser.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/parser/VerifyXMLSignatureResponseParser.java
@@ -56,6 +56,7 @@ import org.w3c.dom.Element;
import at.gv.egovernment.moa.id.auth.data.VerifyXMLSignatureResponse;
import at.gv.egovernment.moa.id.auth.exception.ParseException;
+import at.gv.egovernment.moa.id.commons.api.data.IVerifiyXMLSignatureResponse;
import at.gv.egovernment.moa.util.Constants;
import at.gv.egovernment.moa.util.DOMUtils;
import at.gv.egovernment.moa.util.XPathUtils;
@@ -168,9 +169,9 @@ public class VerifyXMLSignatureResponseParser {
* @throws ParseException on any parsing error
*/
- public VerifyXMLSignatureResponse parseData() throws ParseException {
+ public IVerifiyXMLSignatureResponse parseData() throws ParseException {
- VerifyXMLSignatureResponse respData=new VerifyXMLSignatureResponse();
+ IVerifiyXMLSignatureResponse respData=new VerifyXMLSignatureResponse();
try {
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/AbstractController.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/AbstractController.java
index e3efdeac0..1431911a3 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/AbstractController.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/AbstractController.java
@@ -33,10 +33,9 @@ import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.web.bind.annotation.ExceptionHandler;
import com.google.common.net.MediaType;
-
+import at.gv.egovernment.moa.id.advancedlogging.IStatisticLogger;
import at.gv.egovernment.moa.id.advancedlogging.MOAIDEventConstants;
import at.gv.egovernment.moa.id.advancedlogging.MOAReversionLogger;
-import at.gv.egovernment.moa.id.advancedlogging.StatisticLogger;
import at.gv.egovernment.moa.id.auth.exception.InvalidProtocolRequestException;
import at.gv.egovernment.moa.id.auth.exception.ProtocolNotActiveException;
import at.gv.egovernment.moa.id.auth.frontend.builder.DefaultGUIFormBuilderConfiguration;
@@ -71,7 +70,7 @@ public abstract class AbstractController extends MOAIDAuthConstants {
public static final String ERROR_CODE_PARAM = "errorid";
- @Autowired protected StatisticLogger statisticLogger;
+ @Autowired protected IStatisticLogger statisticLogger;
@Autowired protected IRequestStorage requestStorage;
@Autowired protected ITransactionStorage transactionStorage;
@Autowired protected MOAReversionLogger revisionsLogger;
@@ -141,12 +140,12 @@ public abstract class AbstractController extends MOAIDAuthConstants {
revisionsLogger.logEvent(pendingReq, MOAIDEventConstants.TRANSACTION_ERROR);
transactionStorage.put(key,
new ExceptionContainer(pendingReq.getUniqueSessionIdentifier(),
- pendingReq.getUniqueTransactionIdentifier(), loggedException));
+ pendingReq.getUniqueTransactionIdentifier(), loggedException),-1);
} else {
transactionStorage.put(key,
new ExceptionContainer(null,
- null, loggedException));
+ null, loggedException),-1);
}
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/IDPSingleLogOutServlet.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/IDPSingleLogOutServlet.java
index 66e8757ad..a146f778e 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/IDPSingleLogOutServlet.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/IDPSingleLogOutServlet.java
@@ -134,16 +134,14 @@ public class IDPSingleLogOutServlet extends AbstractController {
try {
if (ssoManager.isValidSSOSession(ssoid, null)) {
- String moaSessionID = authenicationStorage.getMOASessionSSOID(ssoid);
-
- if (MiscUtil.isNotEmpty(moaSessionID)) {
- AuthenticationSession authSession = authenicationStorage.getSession(moaSessionID);
- if(authSession != null) {
- authManager.performSingleLogOut(req, resp, authSession, authURL);
- return;
+ AuthenticationSession authSession = authenicationStorage.getInternalMOASessionWithSSOID(ssoid);
+
+ if(authSession != null) {
+ authManager.performSingleLogOut(req, resp, authSession, authURL);
+ return;
- }
}
+
}
} catch (Exception e) {
handleErrorNoRedirect(e, req, resp, false);
@@ -179,7 +177,7 @@ public class IDPSingleLogOutServlet extends AbstractController {
else
statusCode = MOAIDAuthConstants.SLOSTATUS_ERROR;
- transactionStorage.put(artifact, statusCode);
+ transactionStorage.put(artifact, statusCode, -1);
redirectURL = HTTPUtils.addURLParameter(redirectURL, MOAIDAuthConstants.PARAM_SLOSTATUS, artifact);
}
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/LogOutServlet.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/LogOutServlet.java
index 15333a933..8ef047300 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/LogOutServlet.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/LogOutServlet.java
@@ -56,6 +56,7 @@ import org.springframework.stereotype.Controller;
import org.springframework.web.bind.annotation.RequestMapping;
import org.springframework.web.bind.annotation.RequestMethod;
+import at.gv.egovernment.moa.id.auth.data.AuthenticationSession;
import at.gv.egovernment.moa.id.commons.api.IOAAuthParameters;
import at.gv.egovernment.moa.id.config.auth.AuthConfigurationProviderFactory;
import at.gv.egovernment.moa.id.moduls.AuthenticationManager;
@@ -105,8 +106,8 @@ public class LogOutServlet {
//TODO: Single LogOut Implementation
//delete SSO session and MOA session
- String moasessionid = authenticatedSessionStorage.getMOASessionSSOID(ssoid);
- authmanager.performOnlyIDPLogOut(req, resp, moasessionid);
+ AuthenticationSession moasessionid = authenticatedSessionStorage.getInternalMOASessionWithSSOID(ssoid);
+ authmanager.performOnlyIDPLogOut(moasessionid);
Logger.info("User with SSO Id " + ssoid + " is logged out and get redirect to "+ redirectUrl);
} else {
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/ConfigurationProviderImpl.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/ConfigurationProviderImpl.java
index 5c2f86732..2b5459208 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/ConfigurationProviderImpl.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/ConfigurationProviderImpl.java
@@ -46,22 +46,13 @@
package at.gv.egovernment.moa.id.config;
+import java.util.ArrayList;
import java.util.Map;
import java.util.Properties;
-import org.hibernate.cfg.Configuration;
-
import at.gv.egovernment.moa.id.commons.api.ConfigurationProvider;
import at.gv.egovernment.moa.id.commons.api.exceptions.ConfigurationException;
-import at.gv.egovernment.moa.id.commons.db.MOASessionDBUtils;
-import at.gv.egovernment.moa.id.commons.db.StatisticLogDBUtils;
-import at.gv.egovernment.moa.id.commons.db.dao.session.AssertionStore;
-import at.gv.egovernment.moa.id.commons.db.dao.session.AuthenticatedSessionStore;
-import at.gv.egovernment.moa.id.commons.db.dao.session.InterfederationSessionStore;
-import at.gv.egovernment.moa.id.commons.db.dao.session.OASessionStore;
-import at.gv.egovernment.moa.id.commons.db.dao.session.OldSSOSessionIDStore;
-import at.gv.egovernment.moa.id.commons.db.dao.statistic.StatisticLog;
-import at.gv.egovernment.moa.id.data.IssuerAndSerial;
+import at.gv.egovernment.moa.id.commons.config.SpringProfileConstants;
import at.gv.egovernment.moa.id.protocols.pvp2x.config.MOADefaultBootstrap;
import at.gv.egovernment.moa.logging.Logger;
import at.gv.util.config.EgovUtilPropertiesConfiguration;
@@ -123,25 +114,12 @@ public abstract class ConfigurationProviderImpl implements ConfigurationProvider
/** The default chaining mode. */
protected String defaultChainingMode = "pkix";
- /**
- * A <code>Map</code> which contains the <code>IssuerAndSerial</code> to
- * chaining mode (a <code>String</code>) mapping.
- */
- protected Map<IssuerAndSerial, String> chainingModes;
-
- /**
- * the URL for the trusted CA Certificates
- */
- protected String trustedCACertificates;
-
/**
* main configuration file directory name used to configure MOA-ID
*/
protected String rootConfigFileDir;
- protected String certstoreDirectory;
- protected boolean trustmanagerrevoationchecking = true;
protected Properties configProp = null;
@@ -185,6 +163,10 @@ public abstract class ConfigurationProviderImpl implements ConfigurationProvider
String propertyName = key.toString().substring(propPrefix.length());
moaSessionProp.put(propertyName, props.get(key.toString()));
}
+ if (key.toString().startsWith(propPrefix+"dbcp")) {
+ String propertyName = "hibernate."+(key.toString().substring(propPrefix.length()));
+ moaSessionProp.put(propertyName, props.get(key.toString()));
+ }
}
// read Config Hibernate properties
@@ -207,35 +189,35 @@ public abstract class ConfigurationProviderImpl implements ConfigurationProvider
}
}
- // initialize hibernate
- synchronized (ConfigurationProviderImpl.class) {
-
- //Initial config Database
- // ConfigurationDBUtils.initHibernate(configProp);
-
- //initial MOAID Session Database
- Configuration config = new Configuration();
- config.addAnnotatedClass(AssertionStore.class);
- config.addAnnotatedClass(AuthenticatedSessionStore.class);
- config.addAnnotatedClass(OASessionStore.class);
- config.addAnnotatedClass(OldSSOSessionIDStore.class);
- config.addAnnotatedClass(InterfederationSessionStore.class);
- //config.addAnnotatedClass(ProcessInstanceStore.class);
- config.addProperties(moaSessionProp);
- MOASessionDBUtils.initHibernate(config, moaSessionProp);
-
- //initial advanced logging
- if (Boolean.valueOf(props.getProperty("configuration.advancedlogging.active", "false"))) {
- Logger.info("Advanced statistic log is activated, starting initialization process ...");
- Configuration statisticconfig = new Configuration();
- statisticconfig.addAnnotatedClass(StatisticLog.class);
- statisticconfig.addProperties(statisticProps);
- StatisticLogDBUtils.initHibernate(statisticconfig, statisticProps);
- Logger.info("Advanced statistic log is initialized.");
- }
-
- }
- Logger.trace("Hibernate initialization finished.");
+// // initialize hibernate
+// synchronized (ConfigurationProviderImpl.class) {
+//
+// //Initial config Database
+// // ConfigurationDBUtils.initHibernate(configProp);
+//
+// //initial MOAID Session Database
+// Configuration config = new Configuration();
+// config.addAnnotatedClass(AssertionStore.class);
+// config.addAnnotatedClass(AuthenticatedSessionStore.class);
+// config.addAnnotatedClass(OASessionStore.class);
+// config.addAnnotatedClass(OldSSOSessionIDStore.class);
+// config.addAnnotatedClass(InterfederationSessionStore.class);
+// //config.addAnnotatedClass(ProcessInstanceStore.class);
+// config.addProperties(moaSessionProp);
+// //MOASessionDBUtils.initHibernate(config, moaSessionProp);
+//
+// //initial advanced logging
+//// if (Boolean.valueOf(props.getProperty("configuration.advancedlogging.active", "false"))) {
+//// Logger.info("Advanced statistic log is activated, starting initialization process ...");
+//// Configuration statisticconfig = new Configuration();
+//// statisticconfig.addAnnotatedClass(StatisticLog.class);
+//// statisticconfig.addProperties(statisticProps);
+//// StatisticLogDBUtils.initHibernate(statisticconfig, statisticProps);
+//// Logger.info("Advanced statistic log is initialized.");
+//// }
+//
+// }
+// Logger.trace("Hibernate initialization finished.");
} catch (ExceptionInInitializerError e) {
throw new ConfigurationException("config.17", null, e);
@@ -267,6 +249,7 @@ public abstract class ConfigurationProviderImpl implements ConfigurationProvider
eGovUtilsConfig =
new EgovUtilPropertiesConfiguration(eGovUtilsConfigProp, rootConfigFileDir);
}
+ this.generateActiveProfiles(props);
}
@@ -277,5 +260,24 @@ public abstract class ConfigurationProviderImpl implements ConfigurationProvider
public EgovUtilPropertiesConfiguration geteGovUtilsConfig() {
return eGovUtilsConfig;
}
+
+ private ArrayList<String> activeProfiles = new ArrayList<String>();
+
+ public void generateActiveProfiles(Properties props){
+ if (Boolean.valueOf(props.getProperty("configuration.advancedlogging.active", "false"))) {
+ activeProfiles.add(SpringProfileConstants.ADVANCED_LOG);
+ }else{
+ activeProfiles.add("advancedLogOff");
+ }
+ if (Boolean.valueOf(props.getProperty("redis.active", "false"))) {
+ activeProfiles.add(SpringProfileConstants.REDIS_BACKEND);
+ }else{
+ activeProfiles.add(SpringProfileConstants.DB_BACKEND);
+ }
+ }
+
+ public String[] getActiveProfiles(){
+ return activeProfiles.toArray(new String[0]);
+ }
}
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/auth/MOAGarbageCollector.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/auth/MOAGarbageCollector.java
deleted file mode 100644
index 1072bec5c..000000000
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/auth/MOAGarbageCollector.java
+++ /dev/null
@@ -1,77 +0,0 @@
-/*******************************************************************************
- * Copyright 2014 Federal Chancellery Austria
- * MOA-ID has been developed in a cooperation between BRZ, the Federal
- * Chancellery Austria - ICT staff unit, and Graz University of Technology.
- *
- * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by
- * the European Commission - subsequent versions of the EUPL (the "Licence");
- * You may not use this work except in compliance with the Licence.
- * You may obtain a copy of the Licence at:
- * http://www.osor.eu/eupl/
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the Licence is distributed on an "AS IS" basis,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the Licence for the specific language governing permissions and
- * limitations under the Licence.
- *
- * This product combines work with different licenses. See the "NOTICE" text
- * file for details on the various modules and licenses.
- * The "NOTICE" text file is part of the distribution. Any derivative works
- * that you distribute must include a readable copy of the "NOTICE" text file.
- *******************************************************************************/
-package at.gv.egovernment.moa.id.config.auth;
-
-
-import java.util.ArrayList;
-import java.util.List;
-
-import at.gv.egovernment.moa.logging.Logger;
-
-public class MOAGarbageCollector implements Runnable {
-
- private static final long INTERVAL = 24 * 60 * 60; // 24 hours
- private static final List<IGarbageCollectorProcessing> processModules =
- new ArrayList<IGarbageCollectorProcessing>();
-
- public void run() {
- while (true) {
- try {
- Thread.sleep(INTERVAL * 1000);
-
- try {
- for (IGarbageCollectorProcessing element : processModules)
- element.runGarbageCollector();
-
- } catch (Throwable e1) {
- Logger.warn("Garbage collection FAILED in some module.", e1);
- }
-
- } catch (Throwable e) {
- Logger.warn("MOA-ID garbage collection is not possible, actually.", e);
-
- } finally {
-
- }
- }
- }
-
- /**
- * Add a module to MOA internal garbage collector. Every module is executed once a day
- *
- * @param modul Module which should be executed by the garbage collector.
- */
- public static void addModulForGarbageCollection(IGarbageCollectorProcessing modul) {
- processModules.add(modul);
-
- }
-
- public static void start() {
- // start the session cleanup thread
- Thread configLoader = new Thread(new MOAGarbageCollector(), "MOAGarbageCollector");
- configLoader.setName("MOAGarbageCollectorr");
- configLoader.setDaemon(true);
- configLoader.setPriority(Thread.MIN_PRIORITY);
- configLoader.start();
- }
-}
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/auth/OAAuthParameter.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/auth/OAAuthParameter.java
index b1bba6c17..6a6359058 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/auth/OAAuthParameter.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/auth/OAAuthParameter.java
@@ -122,7 +122,10 @@ public String getIdentityLinkDomainIdentifier() {
if (MiscUtil.isNotEmpty(type) && MiscUtil.isNotEmpty(value)) {
if (MOAIDConstants.IDENIFICATIONTYPE_STORK.equals(type)) {
return MOAIDConstants.PREFIX_STORK + "AT" + "+" + value;
-
+
+ } else if (MOAIDConstants.IDENIFICATIONTYPE_EIDAS.equals(type)) {
+ return MOAIDConstants.PREFIX_EIDAS + value;
+
} else {
return MOAIDConstants.PREFIX_WPBK + type + "+" + value;
@@ -395,25 +398,13 @@ public boolean isOnlyMandateAllowed() {
* @see at.gv.egovernment.moa.id.config.auth.IOAAuthParameters#getQaaLevel()
*/
@Override
-public Integer getQaaLevel() {
- try {
- Integer storkQAALevel = Integer.parseInt(oaConfiguration.get(MOAIDConfigurationConstants.SERVICE_AUTH_STORK_MINQAALEVEL));
-
- if (storkQAALevel >= 1 &&
- storkQAALevel <= 4)
- return storkQAALevel;
-
- else {
- Logger.info("STORK minimal QAA level is not in a valid range. Use minimal QAA 4");
- return 4;
+public String getQaaLevel() {
+ String eidasLoALevel = oaConfiguration.get(MOAIDConfigurationConstants.SERVICE_AUTH_STORK_MINQAALEVEL);
+ if (MiscUtil.isEmpty(eidasLoALevel))
+ return MOAIDConstants.eIDAS_LOA_HIGH;
+ else
+ return eidasLoALevel;
- }
-
- } catch (NumberFormatException e) {
- Logger.warn("STORK minimal QAA level is not a number.", e);
- return 4;
-
- }
}
/* (non-Javadoc)
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/auth/PropertyBasedAuthConfigurationProvider.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/auth/PropertyBasedAuthConfigurationProvider.java
index 94353fb6b..8e98c5129 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/auth/PropertyBasedAuthConfigurationProvider.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/auth/PropertyBasedAuthConfigurationProvider.java
@@ -1078,32 +1078,6 @@ public class PropertyBasedAuthConfigurationProvider extends ConfigurationProvide
}
}
- /**
- * Returns the path to the certificate-store directory or {@code null} if there is no certificate-store directory defined.
- *
- * @return the path to the certstore directory or {@code null}
- */
- @Override
- @Transactional
- public String getCertstoreDirectory() {
- try {
- String path = rootConfigFileDir + configuration.getStringValue(
- MOAIDConfigurationConstants.GENERAL_AUTH_CERTSTORE_URL);
- if (MiscUtil.isNotEmpty(path))
- return path;
-
- else {
- Logger.warn("Error in MOA-ID Configuration. No CertStoreDirectory defined.");
- return null;
-
- }
-
- } catch (at.gv.egiz.components.configuration.api.ConfigurationException e) {
- Logger.warn("Error in MOA-ID Configuration. No CertStoreDirectory defined.", e);
- return null;
- }
- }
-
@Override
@Transactional
public String getTrustedCACertificates() {
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/auth/data/DynamicOAAuthParameters.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/auth/data/DynamicOAAuthParameters.java
index 8d70b1444..9fd58b5c7 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/auth/data/DynamicOAAuthParameters.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/auth/data/DynamicOAAuthParameters.java
@@ -201,7 +201,7 @@ public class DynamicOAAuthParameters implements IOAAuthParameters, Serializable{
* @see at.gv.egovernment.moa.id.config.auth.IOAAuthParameters#getQaaLevel()
*/
@Override
- public Integer getQaaLevel() {
+ public String getQaaLevel() {
// TODO Auto-generated method stub
return null;
}
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/data/AuthenticationData.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/data/AuthenticationData.java
index d306ec005..f5f056ccc 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/data/AuthenticationData.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/data/AuthenticationData.java
@@ -34,7 +34,8 @@ import java.util.Map;
import org.apache.commons.collections4.map.HashedMap;
import org.w3c.dom.Element;
-import at.gv.egovernment.moa.id.auth.data.IdentityLink;
+import at.gv.egovernment.moa.id.commons.api.data.IIdentityLink;
+import at.gv.egovernment.moa.id.commons.api.data.IMISMandate;
import at.gv.egovernment.moa.id.commons.api.exceptions.SessionDataStorageException;
import at.gv.egovernment.moa.id.protocols.pvp2x.PVPConstants;
import at.gv.egovernment.moa.id.protocols.pvp2x.exceptions.AssertionAttributeExtractorExeption;
@@ -74,7 +75,7 @@ public class AuthenticationData implements IAuthData, Serializable {
/**
* user identityLink specialized to OAParamter
*/
- private IdentityLink identityLink;
+ private IIdentityLink identityLink;
/**
* application specific user identifier (bPK/wbPK)
@@ -138,7 +139,7 @@ public class AuthenticationData implements IAuthData, Serializable {
private String pvpAttribute_OU = null;
private boolean useMandate = false;
- private MISMandate mandate = null;
+ private IMISMandate mandate = null;
private String mandateReferenceValue = null;
private boolean foreigner =false;
@@ -390,14 +391,14 @@ public class AuthenticationData implements IAuthData, Serializable {
/**
* @return the identityLink
*/
- public IdentityLink getIdentityLink() {
+ public IIdentityLink getIdentityLink() {
return identityLink;
}
/**
* @param identityLink the identityLink to set
*/
- public void setIdentityLink(IdentityLink identityLink) {
+ public void setIdentityLink(IIdentityLink identityLink) {
this.identityLink = identityLink;
}
@@ -436,7 +437,7 @@ public class AuthenticationData implements IAuthData, Serializable {
/**
* @return the mandate
*/
- public MISMandate getMISMandate() {
+ public IMISMandate getMISMandate() {
return mandate;
}
@@ -461,7 +462,7 @@ public class AuthenticationData implements IAuthData, Serializable {
/**
* @param mandate the mandate to set
*/
- public void setMISMandate(MISMandate mandate) {
+ public void setMISMandate(IMISMandate mandate) {
this.mandate = mandate;
}
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/data/IAuthData.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/data/IAuthData.java
index c32564679..4c15cd3d1 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/data/IAuthData.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/data/IAuthData.java
@@ -27,7 +27,8 @@ import java.util.List;
import org.w3c.dom.Element;
-import at.gv.egovernment.moa.id.auth.data.IdentityLink;
+import at.gv.egovernment.moa.id.commons.api.data.IIdentityLink;
+import at.gv.egovernment.moa.id.commons.api.data.IMISMandate;
/**
* @author tlenz
@@ -62,7 +63,7 @@ public interface IAuthData {
List<String> getEncbPKList();
- IdentityLink getIdentityLink();
+ IIdentityLink getIdentityLink();
byte[] getSignerCertificate();
String getAuthBlock();
@@ -74,7 +75,7 @@ public interface IAuthData {
String getPublicAuthorityCode();
boolean isQualifiedCertificate();
- MISMandate getMISMandate();
+ IMISMandate getMISMandate();
Element getMandate();
String getMandateReferenceValue();
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/data/MISMandate.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/data/MISMandate.java
index 81157994e..25d50f57a 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/data/MISMandate.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/data/MISMandate.java
@@ -51,12 +51,13 @@ import java.io.Serializable;
import org.w3c.dom.Element;
import at.gv.e_government.reference.namespace.mandates._20040701_.Mandate;
+import at.gv.egovernment.moa.id.commons.api.data.IMISMandate;
import at.gv.egovernment.moa.id.util.MandateBuilder;
import at.gv.egovernment.moa.logging.Logger;
import at.gv.egovernment.moa.util.DOMUtils;
import at.gv.egovernment.moa.util.MiscUtil;
-public class MISMandate implements Serializable{
+public class MISMandate implements Serializable, IMISMandate{
private static final long serialVersionUID = 1L;
@@ -81,23 +82,47 @@ public class MISMandate implements Serializable{
private String owBPK = null;
// private boolean isFullMandateIncluded = false;
+ /* (non-Javadoc)
+ * @see at.gv.egovernment.moa.id.data.IMISMandate#getProfRep()
+ */
+ @Override
public String getProfRep() {
return oid;
}
+ /* (non-Javadoc)
+ * @see at.gv.egovernment.moa.id.data.IMISMandate#setProfRep(java.lang.String)
+ */
+ @Override
public void setProfRep(String oid) {
this.oid = oid;
}
+ /* (non-Javadoc)
+ * @see at.gv.egovernment.moa.id.data.IMISMandate#setOWbPK(java.lang.String)
+ */
+ @Override
public void setOWbPK(String oWbPK) {
this.owBPK = oWbPK;
}
+ /* (non-Javadoc)
+ * @see at.gv.egovernment.moa.id.data.IMISMandate#getOWbPK()
+ */
+ @Override
public String getOWbPK() {
return owBPK;
}
+ /* (non-Javadoc)
+ * @see at.gv.egovernment.moa.id.data.IMISMandate#getMandate()
+ */
+ @Override
public byte[] getMandate() {
return mandate;
}
+ /* (non-Javadoc)
+ * @see at.gv.egovernment.moa.id.data.IMISMandate#getMandateDOM()
+ */
+ @Override
public Element getMandateDOM() {
try {
byte[] byteMandate = mandate;
@@ -111,6 +136,10 @@ public class MISMandate implements Serializable{
}
}
+ /* (non-Javadoc)
+ * @see at.gv.egovernment.moa.id.data.IMISMandate#getMandateJaxB()
+ */
+ @Override
public Mandate getMandateJaxB() {
Element domMandate = getMandateDOM();
if (domMandate != null)
@@ -119,10 +148,18 @@ public class MISMandate implements Serializable{
return null;
}
+ /* (non-Javadoc)
+ * @see at.gv.egovernment.moa.id.data.IMISMandate#setMandate(byte[])
+ */
+ @Override
public void setMandate(byte[] mandate) {
this.mandate = mandate;
}
+ /* (non-Javadoc)
+ * @see at.gv.egovernment.moa.id.data.IMISMandate#getTextualDescriptionOfOID()
+ */
+ @Override
public String getTextualDescriptionOfOID() {
if (MiscUtil.isNotEmpty(this.oid)) {
if (this.oid.equalsIgnoreCase(OID_NOTAR))
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/moduls/AuthenticationManager.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/moduls/AuthenticationManager.java
index a1f2c6558..f718777b0 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/moduls/AuthenticationManager.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/moduls/AuthenticationManager.java
@@ -59,6 +59,7 @@ import at.gv.egovernment.moa.id.auth.modules.registration.ModuleRegistration;
import at.gv.egovernment.moa.id.commons.MOAIDAuthConstants;
import at.gv.egovernment.moa.id.commons.api.AuthConfiguration;
import at.gv.egovernment.moa.id.commons.api.IOAAuthParameters;
+import at.gv.egovernment.moa.id.commons.api.data.IAuthenticationSession;
import at.gv.egovernment.moa.id.commons.api.exceptions.MOAIDException;
import at.gv.egovernment.moa.id.commons.db.dao.session.InterfederationSessionStore;
import at.gv.egovernment.moa.id.commons.db.dao.session.OASessionStore;
@@ -104,54 +105,80 @@ public class AuthenticationManager extends MOAIDAuthConstants {
@Autowired private SingleLogOutBuilder sloBuilder;
@Autowired private SAMLVerificationEngineSP samlVerificationEngine;
@Autowired private IGUIFormBuilder guiBuilder;
-
+ @Autowired(required=true) private MOAMetadataProvider metadataProvider;
+
public void performSingleLogOut(HttpServletRequest httpReq,
- HttpServletResponse httpResp, AuthenticationSession session, PVPTargetConfiguration pvpReq) throws MOAIDException {
+ HttpServletResponse httpResp, IAuthenticationSession session, PVPTargetConfiguration pvpReq) throws MOAIDException {
performSingleLogOut(httpReq, httpResp, session, pvpReq, null);
}
public void performSingleLogOut(HttpServletRequest httpReq,
- HttpServletResponse httpResp, AuthenticationSession session, String authURL) throws MOAIDException {
+ HttpServletResponse httpResp, IAuthenticationSession session, String authURL) throws MOAIDException {
performSingleLogOut(httpReq, httpResp, session, null, authURL);
}
+ /**
+ * @param req
+ * @param resp
+ * @param moasessionid
+ */
+ public void performOnlyIDPLogOut(AuthenticationSession authSession) {
+
+ if (authSession == null) {
+ Logger.info("No internal MOA SSO-Session found. Nothing to destroy");
+ return;
+
+ }
+
+ try {
+
+ authSession.setAuthenticated(false);
+ //HTTPSessionUtils.setHTTPSessionString(session, MOA_SESSION, null); // remove moa session from HTTP Session
+
+ //log Session_Destroy to reversionslog
+ AuthenticationSessionExtensions sessionExtensions = authenticatedSessionStore.getAuthenticationSessionExtensions(authSession.getSessionID());
+ revisionsLogger.logEvent(MOAIDEventConstants.SESSION_DESTROYED, sessionExtensions.getUniqueSessionId());
+
+ authenticatedSessionStore.destroyInternalSSOSession(authSession.getSessionID());
+
+ //session.invalidate();
+
+ } catch (MOADatabaseException e) {
+ Logger.info("NO MOA Authentication data for ID " + authSession.getSessionID());
+ return;
+ }
+
+ }
+
+
public void performOnlyIDPLogOut(HttpServletRequest request,
- HttpServletResponse response, String moaSessionID) {
+ HttpServletResponse response, String internalMOASsoSessionID) {
Logger.info("Remove active user-session");
- if(moaSessionID == null) {
- moaSessionID = (String) request.getParameter(PARAM_SESSIONID);
+ if(internalMOASsoSessionID == null) {
+ internalMOASsoSessionID = (String) request.getParameter(PARAM_SESSIONID);
}
- if(moaSessionID == null) {
+ if(internalMOASsoSessionID == null) {
Logger.info("NO MOA Session to logout");
return;
}
AuthenticationSession authSession;
try {
- authSession = authenticatedSessionStore.getSession(moaSessionID);
+ authSession = authenticatedSessionStore.getInternalSSOSession(internalMOASsoSessionID);
if(authSession == null) {
- Logger.info("NO MOA Authentication data for ID " + moaSessionID);
+ Logger.info("NO MOA Authentication data for ID " + internalMOASsoSessionID);
return;
}
-
- authSession.setAuthenticated(false);
- //HTTPSessionUtils.setHTTPSessionString(session, MOA_SESSION, null); // remove moa session from HTTP Session
-
- //log Session_Destroy to reversionslog
- AuthenticationSessionExtensions sessionExtensions = authenticatedSessionStore.getAuthenticationSessionExtensions(moaSessionID);
- revisionsLogger.logEvent(MOAIDEventConstants.SESSION_DESTROYED, sessionExtensions.getUniqueSessionId());
-
- authenticatedSessionStore.destroySession(moaSessionID);
-
- //session.invalidate();
-
+
+ performOnlyIDPLogOut(authSession);
+
} catch (MOADatabaseException e) {
- Logger.info("NO MOA Authentication data for ID " + moaSessionID);
+ Logger.info("NO MOA Authentication data for ID " + internalMOASsoSessionID);
return;
}
@@ -199,7 +226,8 @@ public class AuthenticationManager extends MOAIDAuthConstants {
revisionsLogger.logEvent(pendingReq.getOnlineApplicationConfiguration(),
pendingReq, MOAIDEventConstants.AUTHPROCESS_SSO_INVALID);
- authenticatedSessionStore.destroySession(correspondingMOASession);
+ //destroy internal SSO-session object and SSO-session cooky
+ authenticatedSessionStore.destroyInternalSSOSession(correspondingMOASession);
ssoManager.deleteSSOSessionID(httpReq, httpResp);
}
}
@@ -223,12 +251,11 @@ public class AuthenticationManager extends MOAIDAuthConstants {
pendingReq.setNeedSingleSignOnFunctionality(isSSOAllowed);
//get MOASession from SSO-Cookie if SSO is allowed
- AuthenticationSession moaSession = null;
+ AuthenticationSession ssoMOASession = null;
if (isValidSSOSession && isSSOAllowed) {
- String moasessionID = ssoManager.getMOASession(ssoId);
- moaSession = authenticatedSessionStore.getSession(moasessionID);
+ ssoMOASession = ssoManager.getInternalMOASession(ssoId);
- if (moaSession == null)
+ if (ssoMOASession == null)
Logger.info("No MOASession FOUND with provided SSO-Cookie.");
else {
@@ -239,8 +266,8 @@ public class AuthenticationManager extends MOAIDAuthConstants {
}
//check if session is already authenticated
- boolean isSessionAuthenticated = tryPerformAuthentication((RequestImpl) pendingReq, moaSession);
-
+ boolean isSessionAuthenticated = tryPerformAuthentication((RequestImpl) pendingReq, ssoMOASession);
+
//force new authentication authentication process
if (pendingReq.forceAuth()) {
startAuthenticationProcess(httpReq, httpResp, pendingReq);
@@ -255,7 +282,7 @@ public class AuthenticationManager extends MOAIDAuthConstants {
if (isSessionAuthenticated) {
// Passive authentication ok!
revisionsLogger.logEvent(oaParam, pendingReq, MOAIDEventConstants.AUTHPROCESS_FINISHED);
- return moaSession;
+ return ssoMOASession;
} else {
throw new NoPassivAuthenticationException();
@@ -266,7 +293,7 @@ public class AuthenticationManager extends MOAIDAuthConstants {
// Is authenticated .. proceed
revisionsLogger.logEvent(oaParam,
pendingReq, MOAIDEventConstants.AUTHPROCESS_FINISHED);
- return moaSession;
+ return ssoMOASession;
} else {
// Start authentication!
@@ -285,29 +312,30 @@ public class AuthenticationManager extends MOAIDAuthConstants {
* @return true if session is already authenticated, otherwise false
* @throws MOAIDException
*/
- private boolean tryPerformAuthentication(RequestImpl protocolRequest, AuthenticationSession moaSession) {
+ private boolean tryPerformAuthentication(RequestImpl protocolRequest, AuthenticationSession ssoMOASession) {
//if no MOASession exist -> authentication is required
- if (moaSession == null) {
+ if (ssoMOASession == null) {
return false;
} else {
- //if MOASession is Found but not authenticated --> authentication is required
- if (!moaSession.isAuthenticated()) {
+ //if MOA SSO-Session is found but not authenticated --> authentication is required
+ if (!ssoMOASession.isAuthenticated()) {
return false;
}
//if MOASession is already authenticated and protocol-request is authenticated
// --> no authentication is required any more
- else if (moaSession.isAuthenticated() && protocolRequest.isAuthenticated()) {
+ else if (ssoMOASession.isAuthenticated() && protocolRequest.isAuthenticated()) {
+ protocolRequest.setInternalSSOSessionIdentifier(ssoMOASession.getSessionID());
return true;
// if MOASession is authenticated and SSO is allowed --> authenticate pendingRequest
} else if (!protocolRequest.isAuthenticated()
- && moaSession.isAuthenticated() && protocolRequest.needSingleSignOnFunctionality()) {
+ && ssoMOASession.isAuthenticated() && protocolRequest.needSingleSignOnFunctionality()) {
Logger.debug("Found active MOASession and SSO is allowed --> pendingRequest is authenticted");
protocolRequest.setAuthenticated(true);
- protocolRequest.setMOASessionIdentifier(moaSession.getSessionID());
+ protocolRequest.setInternalSSOSessionIdentifier(ssoMOASession.getSessionID());
return true;
}
@@ -335,19 +363,7 @@ public class AuthenticationManager extends MOAIDAuthConstants {
//check legacy request parameter
boolean legacyparamavail = ParamValidatorUtils.areAllLegacyParametersAvailable(httpReq);
-
- //create MOASession object
- AuthenticationSession moasession;
- try {
- moasession = authenticatedSessionStore.createSession(pendingReq);
- pendingReq.setMOASessionIdentifier(moasession.getSessionID());
-
- } catch (MOADatabaseException e1) {
- Logger.error("Database Error! MOASession can not be created!");
- throw new MOAIDException("init.04", new Object[] {});
-
- }
-
+
//create authentication process execution context
ExecutionContext executionContext = new ExecutionContextImpl();
@@ -440,7 +456,7 @@ public class AuthenticationManager extends MOAIDAuthConstants {
}
private void performSingleLogOut(HttpServletRequest httpReq,
- HttpServletResponse httpResp, AuthenticationSession session, PVPTargetConfiguration pvpReq, String authURL) throws MOAIDException {
+ HttpServletResponse httpResp, IAuthenticationSession session, PVPTargetConfiguration pvpReq, String authURL) throws MOAIDException {
String pvpSLOIssuer = null;
String inboundRelayState = null;
String uniqueSessionIdentifier = "notSet";
@@ -490,7 +506,7 @@ public class AuthenticationManager extends MOAIDAuthConstants {
//terminate MOASession
try {
- authenticatedSessionStore.destroySession(session.getSessionID());
+ authenticatedSessionStore.destroyInternalSSOSession(session.getSessionID());
ssoManager.deleteSSOSessionID(httpReq, httpResp);
revisionsLogger.logEvent(MOAIDEventConstants.SESSION_DESTROYED, uniqueSessionIdentifier);
@@ -527,7 +543,7 @@ public class AuthenticationManager extends MOAIDAuthConstants {
} else {
samlVerificationEngine.verifySLOResponse(sloResp,
- TrustEngineFactory.getSignatureKnownKeysTrustEngine(MOAMetadataProvider.getInstance()));
+ TrustEngineFactory.getSignatureKnownKeysTrustEngine(metadataProvider));
}
@@ -569,7 +585,7 @@ public class AuthenticationManager extends MOAIDAuthConstants {
}
//put SLO process-information into transaction storage
- transactionStorage.put(relayState, sloContainer);
+ transactionStorage.put(relayState, sloContainer, -1);
if (MiscUtil.isEmpty(authURL))
authURL = pvpReq.getAuthURL();
@@ -662,4 +678,5 @@ public class AuthenticationManager extends MOAIDAuthConstants {
e.printStackTrace();
}
}
+
}
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/moduls/RequestImpl.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/moduls/RequestImpl.java
index 85e4dc99b..b612352c6 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/moduls/RequestImpl.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/moduls/RequestImpl.java
@@ -26,17 +26,24 @@ import java.io.Serializable;
import java.net.MalformedURLException;
import java.net.URL;
import java.util.Collection;
+import java.util.Date;
import java.util.HashMap;
import java.util.List;
import java.util.Map;
import javax.servlet.http.HttpServletRequest;
+import org.opensaml.saml2.metadata.provider.MetadataProvider;
+
import at.gv.egovernment.moa.id.advancedlogging.TransactionIDUtils;
+import at.gv.egovernment.moa.id.auth.data.AuthenticationSession;
+import at.gv.egovernment.moa.id.auth.data.AuthenticationSessionWrapper;
import at.gv.egovernment.moa.id.commons.MOAIDConstants;
import at.gv.egovernment.moa.id.commons.api.AuthConfiguration;
import at.gv.egovernment.moa.id.commons.api.IOAAuthParameters;
import at.gv.egovernment.moa.id.commons.api.IRequest;
+import at.gv.egovernment.moa.id.commons.api.data.AuthProzessDataConstants;
+import at.gv.egovernment.moa.id.commons.api.data.IAuthenticationSession;
import at.gv.egovernment.moa.id.commons.api.exceptions.ConfigurationException;
import at.gv.egovernment.moa.id.commons.api.exceptions.SessionDataStorageException;
import at.gv.egovernment.moa.id.config.auth.AuthConfigurationProviderFactory;
@@ -52,7 +59,12 @@ public abstract class RequestImpl implements IRequest, Serializable{
public static final String DATAID_REQUESTED_ATTRIBUTES = "requestedAttributes";
public static final String DATAID_INTERFEDERATIOIDP_ENTITYID = "interIDPEntityID";
+ public static final String DATAID_REQUESTER_IP_ADDRESS = "requesterIP";
+
public static final String eIDAS_GENERIC_REQ_DATA_COUNTRY = "country";
+ public static final String eIDAS_GENERIC_REQ_DATA_LEVELOFASSURENCE = "eIDAS_LoA";
+
+
private static final long serialVersionUID = 1L;
@@ -60,8 +72,8 @@ public abstract class RequestImpl implements IRequest, Serializable{
private String action = null;
private String requestID;
- private String moaSessionIdentifier;
private String processInstanceId;
+ private String ssoMoaSessionId;
private String uniqueTransactionIdentifer;
private String uniqueSessionIdentifer;
@@ -84,6 +96,8 @@ public abstract class RequestImpl implements IRequest, Serializable{
private Map<String, Object> genericDataStorage = new HashMap<String, Object>();
+ private IAuthenticationSession moaSSOSessionContainer = null;
+
/**
* @throws ConfigurationException
@@ -91,12 +105,15 @@ public abstract class RequestImpl implements IRequest, Serializable{
*/
public final void initialize(HttpServletRequest req) throws ConfigurationException {
//set requestID
- requestID = Random.nextRandom();
-
+ requestID = Random.nextLongRandom();
+
//set unique transaction identifier for logging
- uniqueTransactionIdentifer = Random.nextRandom();
+ uniqueTransactionIdentifer = Random.nextLongRandom();
TransactionIDUtils.setTransactionId(uniqueTransactionIdentifer);
+ //initialize session object
+ genericDataStorage.put(AuthProzessDataConstants.VALUE_CREATED, new Date());
+ genericDataStorage.put(AuthProzessDataConstants.VALUE_SESSIONID, Random.nextLongRandom());
//check if End-Point is valid
String authURLString = HTTPUtils.extractAuthURLFromRequest(req);
@@ -167,6 +184,15 @@ public abstract class RequestImpl implements IRequest, Serializable{
else
Logger.warn("No unique session-identifier FOUND, but it should be allready set into request!?!");
+ //set requester's IP address
+ try {
+ setGenericDataToSession(DATAID_REQUESTER_IP_ADDRESS, req.getRemoteAddr());
+
+ } catch (SessionDataStorageException e) {
+ Logger.warn("Can not store remote IP address to 'pendingRequest' during an exception." , e);
+
+ }
+
}
/**
@@ -174,7 +200,7 @@ public abstract class RequestImpl implements IRequest, Serializable{
*
* @return List of PVP 2.1 attribute names with maps all protocol specific attributes
*/
- public abstract Collection<String> getRequestedAttributes();
+ public abstract Collection<String> getRequestedAttributes(MetadataProvider metadataProvider);
public void setOAURL(String value) {
oaURL = value;
@@ -231,16 +257,41 @@ public abstract class RequestImpl implements IRequest, Serializable{
return requestID;
}
- public String getMOASessionIdentifier() {
- return this.moaSessionIdentifier;
+ public String getInternalSSOSessionIdentifier() {
+ return this.ssoMoaSessionId;
+ }
+
+ /**
+ * Set the internal SSO session identifier, which associated with this pending request
+ *
+ * @param internalSSOSessionId
+ */
+ public void setInternalSSOSessionIdentifier(String internalSSOSessionId) {
+ this.ssoMoaSessionId = internalSSOSessionId;
+
+ }
+
+ public IAuthenticationSession getMOASession() {
+ //if SSO session information are set, use this
+ if (moaSSOSessionContainer != null)
+ return moaSSOSessionContainer;
+ else
+ return new AuthenticationSessionWrapper(genericDataStorage);
+
}
- public void setMOASessionIdentifier(String moaSessionIdentifier) {
- this.moaSessionIdentifier = moaSessionIdentifier;
+ public void populateMOASessionWithSSOInformation(IAuthenticationSession ssoSession) {
+ if (ssoSession instanceof AuthenticationSession) {
+ moaSSOSessionContainer = ssoSession;
+
+ } else
+ throw new IllegalStateException("Session information can only be populated with SSO information from database");
+
}
+
public IOAAuthParameters getOnlineApplicationConfiguration() {
return this.OAConfiguration;
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/moduls/RequestStorage.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/moduls/RequestStorage.java
index 1b550881e..eec48e0f3 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/moduls/RequestStorage.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/moduls/RequestStorage.java
@@ -68,7 +68,7 @@ public class RequestStorage implements IRequestStorage{
public void storePendingRequest(IRequest pendingRequest) throws MOAIDException {
try {
if (pendingRequest instanceof IRequest) {
- transactionStorage.put(((IRequest)pendingRequest).getRequestID(), pendingRequest);
+ transactionStorage.put(((IRequest)pendingRequest).getRequestID(), pendingRequest, -1);
} else {
throw new MOAIDException("auth.20", null);
@@ -123,6 +123,7 @@ public class RequestStorage implements IRequestStorage{
((RequestImpl)pendingRequest).setRequestID(newRequestID);
transactionStorage.changeKey(oldRequestID, newRequestID, pendingRequest);
+ //only delete oldRequestID, no change.
return newRequestID;
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/moduls/SSOManager.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/moduls/SSOManager.java
index bc7dd272b..557d9af48 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/moduls/SSOManager.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/moduls/SSOManager.java
@@ -23,24 +23,21 @@
package at.gv.egovernment.moa.id.moduls;
import java.util.Date;
-import java.util.List;
import javax.servlet.http.Cookie;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
-import org.hibernate.Query;
-import org.hibernate.Session;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.stereotype.Service;
+import at.gv.egovernment.moa.id.auth.data.AuthenticationSession;
import at.gv.egovernment.moa.id.auth.data.AuthenticationSessionExtensions;
import at.gv.egovernment.moa.id.commons.MOAIDAuthConstants;
import at.gv.egovernment.moa.id.commons.api.AuthConfiguration;
import at.gv.egovernment.moa.id.commons.api.IRequest;
import at.gv.egovernment.moa.id.commons.api.exceptions.ConfigurationException;
import at.gv.egovernment.moa.id.commons.api.exceptions.SessionDataStorageException;
-import at.gv.egovernment.moa.id.commons.db.MOASessionDBUtils;
import at.gv.egovernment.moa.id.commons.db.dao.session.AuthenticatedSessionStore;
import at.gv.egovernment.moa.id.commons.db.dao.session.InterfederationSessionStore;
import at.gv.egovernment.moa.id.commons.db.dao.session.OldSSOSessionIDStore;
@@ -63,6 +60,7 @@ public class SSOManager {
@Autowired private IAuthenticationSessionStoreage authenticatedSessionStore;
@Autowired protected AuthConfiguration authConfig;
+ //@Autowired private MOASessionDBUtils moaSessionDBUtils;
/**
* Check if interfederation IDP is requested via HTTP GET parameter or if interfederation cookie exists.
@@ -159,7 +157,12 @@ public class SSOManager {
} else {
Logger.warn("MOASession is marked as interfederated SSO session but no interfederated IDP is found. Switch to local authentication ...");
- MOASessionDBUtils.delete(storedSession);
+ try {
+ authenticatedSessionStore.destroyInternalSSOSession(storedSession.getSessionid());
+
+ } catch (MOADatabaseException e) {
+ Logger.error("Delete MOASession with ID:" + storedSession.getSessionid() + " FAILED!" , e);
+ }
}
}
@@ -173,8 +176,8 @@ public class SSOManager {
}
- public String getMOASession(String ssoSessionID) {
- return authenticatedSessionStore.getMOASessionSSOID(ssoSessionID);
+ public AuthenticationSession getInternalMOASession(String ssoSessionID) throws MOADatabaseException {
+ return authenticatedSessionStore.getInternalMOASessionWithSSOID(ssoSessionID);
}
@@ -182,9 +185,9 @@ public class SSOManager {
public String getUniqueSessionIdentifier(String ssoSessionID) {
try {
if (MiscUtil.isNotEmpty(ssoSessionID)) {
- String moaSessionID = authenticatedSessionStore.getMOASessionSSOID(ssoSessionID);
- if (MiscUtil.isNotEmpty(moaSessionID)) {
- AuthenticationSessionExtensions extSessionInformation = authenticatedSessionStore.getAuthenticationSessionExtensions(moaSessionID);
+ AuthenticationSession moaSession = authenticatedSessionStore.getInternalMOASessionWithSSOID(ssoSessionID);
+ if (moaSession != null) {
+ AuthenticationSessionExtensions extSessionInformation = authenticatedSessionStore.getAuthenticationSessionExtensions(moaSession.getSessionID());
return extSessionInformation.getUniqueSessionId();
}
@@ -200,31 +203,14 @@ public class SSOManager {
public String existsOldSSOSession(String ssoId) {
Logger.trace("Check that the SSOID has already been used");
- Session session = MOASessionDBUtils.getCurrentSession();
- List<OldSSOSessionIDStore> result;
+ OldSSOSessionIDStore oldSSOSession = authenticatedSessionStore.checkSSOTokenAlreadyUsed(ssoId);
- synchronized (session) {
-
- session.beginTransaction();
- Query query = session.getNamedQuery("getSSOSessionWithOldSessionID");
- query.setParameter("sessionid", ssoId);
- result = query.list();
-
- // send transaction
-
- }
-
- Logger.trace("Found entries: " + result.size());
-
- // Assertion requires an unique artifact
- if (result.size() == 0) {
- session.getTransaction().commit();
+ if (oldSSOSession == null) {
+ Logger.debug("SSO session-cookie was not used in parst");
return null;
}
- OldSSOSessionIDStore oldSSOSession = result.get(0);
-
AuthenticatedSessionStore correspondingMoaSession = oldSSOSession.getMoasession();
if (correspondingMoaSession == null) {
@@ -232,11 +218,7 @@ public class SSOManager {
return null;
}
- String moasessionid = correspondingMoaSession.getSessionid();
-
- session.getTransaction().commit();
-
- return moasessionid;
+ return correspondingMoaSession.getSessionid();
}
@@ -289,7 +271,7 @@ public class SSOManager {
//no local SSO session exist -> request interfederated IDP
Logger.info("Delete interfederated IDP " + selectedIDP.getIdpurlprefix()
+ " from MOASession " + storedSession.getSessionid());
- MOASessionDBUtils.delete(selectedIDP);
+ authenticatedSessionStore.deleteIdpInformation(selectedIDP);
} else {
Logger.warn("MOASession is marked as interfederated SSO session but no interfederated IDP is found. Switch to local authentication ...");
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/process/dao/ProcessInstanceStoreDAOImpl.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/process/dao/ProcessInstanceStoreDAOImpl.java
index a9a9322ad..428931b5e 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/process/dao/ProcessInstanceStoreDAOImpl.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/process/dao/ProcessInstanceStoreDAOImpl.java
@@ -22,7 +22,7 @@ public class ProcessInstanceStoreDAOImpl implements ProcessInstanceStoreDAO {
@Override
public void saveOrUpdate(ProcessInstanceStore pIStore) throws MOADatabaseException {
try {
- transactionStorage.put(pIStore.getProcessInstanceId(), pIStore);
+ transactionStorage.put(pIStore.getProcessInstanceId(), pIStore, -1);
// MOASessionDBUtils.saveOrUpdate(pIStore);
log.debug("Store process instance with='{}' in the database.", pIStore.getProcessInstanceId());
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/AbstractAuthProtocolModulController.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/AbstractAuthProtocolModulController.java
index 79afba412..95a7660d1 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/AbstractAuthProtocolModulController.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/AbstractAuthProtocolModulController.java
@@ -37,7 +37,7 @@ import at.gv.egovernment.moa.id.auth.exception.AuthenticationException;
import at.gv.egovernment.moa.id.auth.servlet.AbstractController;
import at.gv.egovernment.moa.id.commons.api.IOAAuthParameters;
import at.gv.egovernment.moa.id.commons.api.IRequest;
-import at.gv.egovernment.moa.id.commons.db.ex.MOADatabaseException;
+import at.gv.egovernment.moa.id.commons.api.data.IAuthenticationSession;
import at.gv.egovernment.moa.id.data.IAuthData;
import at.gv.egovernment.moa.id.data.SLOInformationInterface;
import at.gv.egovernment.moa.id.moduls.AuthenticationManager;
@@ -86,10 +86,10 @@ public abstract class AbstractAuthProtocolModulController extends AbstractContro
}
- AuthenticationSession moaSession = authmanager.doAuthentication(req, resp, pendingReq);
- if (moaSession != null) {
+ AuthenticationSession ssoMoaSession = authmanager.doAuthentication(req, resp, pendingReq);
+ if (ssoMoaSession != null) {
//authenticated MOASession already exists --> protocol-specific postProcessing can start directly
- finalizeAuthenticationProcess(req, resp, pendingReq, moaSession);
+ finalizeAuthenticationProcess(req, resp, pendingReq, ssoMoaSession);
//transaction is finished, log transaction finished event
revisionsLogger.logEvent(MOAIDEventConstants.TRANSACTION_DESTROYED, pendingReq.getUniqueTransactionIdentifier());
@@ -111,7 +111,7 @@ public abstract class AbstractAuthProtocolModulController extends AbstractContro
protected String createNewSSOSessionCookie(HttpServletRequest req, HttpServletResponse resp,
- IRequest pendingReq, AuthenticationSession moaSession) {
+ IRequest pendingReq, IAuthenticationSession moaSession) {
Logger.debug("Add SSO information to MOASession.");
//Store SSO information into database
@@ -140,7 +140,7 @@ public abstract class AbstractAuthProtocolModulController extends AbstractContro
* @throws Exception
*/
protected void finalizeAuthenticationProcess(HttpServletRequest req, HttpServletResponse resp,
- IRequest pendingReq, AuthenticationSession moaSession) throws Exception {
+ IRequest pendingReq, IAuthenticationSession moaSession) throws Exception {
String newSSOSessionId = null;
@@ -161,9 +161,27 @@ public abstract class AbstractAuthProtocolModulController extends AbstractContro
//Store OA specific SSO session information if an SSO cookie is set
if (isSSOCookieSetted) {
- try {
- authenticatedSessionStorage.addSSOInformation(moaSession.getSessionID(),
- newSSOSessionId, sloInformation, pendingReq);
+ try {
+ AuthenticationSession internalDBSSOSession = null;
+
+ //create new SSO session, if actually no SSO session exists
+ if (MiscUtil.isEmpty(pendingReq.getInternalSSOSessionIdentifier())) {
+ internalDBSSOSession = authenticatedSessionStorage.createInternalSSOSession(pendingReq);
+ authenticatedSessionStorage.addSSOInformation(internalDBSSOSession.getSessionID(),
+ newSSOSessionId, sloInformation, pendingReq);
+
+ //MOA SSO-session already exists only update is required
+ } else if (MiscUtil.isNotEmpty(pendingReq.getInternalSSOSessionIdentifier()) &&
+ moaSession instanceof AuthenticationSession) {
+ authenticatedSessionStorage.addSSOInformation(moaSession.getSessionID(),
+ newSSOSessionId, sloInformation, pendingReq);
+
+ } else {
+ Logger.fatal("MOA-Session data object has a suspect or unsupported type:" + moaSession.getClass().getName()
+ + " pendingReq_internalSsoId:" + pendingReq.getInternalSSOSessionIdentifier());
+ throw new AuthenticationException("1299", null);
+
+ }
} catch (AuthenticationException e) {
Logger.warn("SSO Session information can not be stored -> SSO is not enabled!");
@@ -218,19 +236,8 @@ public abstract class AbstractAuthProtocolModulController extends AbstractContro
protected void removeUserSession(IRequest pendingReq, HttpServletRequest req,
HttpServletResponse resp) {
- try {
- AuthenticationSession moaSession = authenticatedSessionStorage.getSession(
- pendingReq.getMOASessionIdentifier());
-
- if (moaSession != null)
- authmanager.performOnlyIDPLogOut(req, resp, moaSession.getSessionID());
-
- } catch (MOADatabaseException e) {
- Logger.error("Remove user-session FAILED." , e);
-
- }
-
-
+ authmanager.performOnlyIDPLogOut(req, resp, pendingReq.getInternalSSOSessionIdentifier());
+
}
protected void buildProtocolSpecificErrorResponse(Throwable throwable, HttpServletRequest req,
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/ProtocolFinalizationController.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/ProtocolFinalizationController.java
index 0da43d818..0f9b615a4 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/ProtocolFinalizationController.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/ProtocolFinalizationController.java
@@ -32,14 +32,12 @@ import org.springframework.web.bind.annotation.RequestMapping;
import org.springframework.web.bind.annotation.RequestMethod;
import at.gv.egovernment.moa.id.advancedlogging.MOAIDEventConstants;
-import at.gv.egovernment.moa.id.auth.data.AuthenticationSession;
import at.gv.egovernment.moa.id.auth.exception.AuthenticationException;
-import at.gv.egovernment.moa.id.auth.exception.WrongParametersException;
import at.gv.egovernment.moa.id.commons.api.IRequest;
+import at.gv.egovernment.moa.id.commons.api.data.IAuthenticationSession;
import at.gv.egovernment.moa.id.commons.api.exceptions.MOAIDException;
import at.gv.egovernment.moa.id.commons.utils.MOAIDMessageProvider;
import at.gv.egovernment.moa.id.data.ExceptionContainer;
-import at.gv.egovernment.moa.id.util.ParamValidatorUtils;
import at.gv.egovernment.moa.logging.Logger;
/**
@@ -112,48 +110,33 @@ public class ProtocolFinalizationController extends AbstractAuthProtocolModulCon
try {
Logger.debug("Finalize PendingRequest with ID " + pendingRequestID);
- //get MOASession from database
- String sessionID = pendingReq.getMOASessionIdentifier();
-
- // check parameter
- if (!ParamValidatorUtils.isValidSessionID(sessionID)) {
- throw new WrongParametersException("FinalizeAuthProtocol", PARAM_SESSIONID, "auth.12");
-
- }
+ //get MOA session data object from pending request
+ IAuthenticationSession pendingMoaSession = pendingReq.getMOASession();
- //load MOASession from database
- AuthenticationSession moaSession = authenticatedSessionStorage.getSession(sessionID);
- if (moaSession == null) {
- Logger.error("No MOASession with ID " + sessionID + " found.!");
- handleErrorNoRedirect(new MOAIDException("auth.02", new Object[]{sessionID}), req, resp, true);
-
- } else {
+ //check if pending-request has 'abortedByUser' flag set
+ if (pendingReq.isAbortedByUser()) {
+ //send authentication aborted error to Service Provider
+ buildProtocolSpecificErrorResponse(
+ new AuthenticationException("auth.21", new Object[] {}),
+ req, resp, pendingReq);
- //check if pending-request has 'abortedByUser' flag set
- if (pendingReq.isAbortedByUser()) {
- //send authentication aborted error to Service Provider
- buildProtocolSpecificErrorResponse(
- new AuthenticationException("auth.21", new Object[] {}),
- req, resp, pendingReq);
+ //do not remove the full active SSO-Session
+ // in case of only one Service-Provider authentication request is aborted
+ if ( !(pendingMoaSession.isAuthenticated()
+ && pendingReq.needSingleSignOnFunctionality()) ) {
+ removeUserSession(pendingReq, req, resp);
- //do not remove the full active SSO-Session
- // in case of only one Service-Provider authentication request is aborted
- if ( !(moaSession.isAuthenticated()
- && pendingReq.needSingleSignOnFunctionality()) ) {
- removeUserSession(pendingReq, req, resp);
-
- }
-
- //check if MOASession and pending-request are authenticated
- } else if (moaSession.isAuthenticated() && pendingReq.isAuthenticated()) {
- finalizeAuthenticationProcess(req, resp, pendingReq, moaSession);
-
- } else {
- //suspect state: pending-request is not aborted but also are not authenticated
- Logger.error("MOASession oder Pending-Request are not authenticated --> Abort authentication process!");
- handleErrorNoRedirect(new MOAIDException("auth.20", null), req, resp, true);
-
- }
+ }
+
+ //check if MOASession and pending-request are authenticated
+ } else if (pendingMoaSession.isAuthenticated() && pendingReq.isAuthenticated()) {
+ finalizeAuthenticationProcess(req, resp, pendingReq, pendingMoaSession);
+
+ } else {
+ //suspect state: pending-request is not aborted but also are not authenticated
+ Logger.error("MOASession oder Pending-Request are not authenticated --> Abort authentication process!");
+ handleErrorNoRedirect(new MOAIDException("auth.20", null), req, resp, true);
+
}
} catch (Exception e) {
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/builder/attributes/MandateProfRepDescAttributeBuilder.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/builder/attributes/MandateProfRepDescAttributeBuilder.java
index a611c72b9..b7d21f903 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/builder/attributes/MandateProfRepDescAttributeBuilder.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/builder/attributes/MandateProfRepDescAttributeBuilder.java
@@ -26,8 +26,8 @@ import org.w3c.dom.Element;
import at.gv.e_government.reference.namespace.mandates._20040701_.Mandate;
import at.gv.egovernment.moa.id.commons.api.IOAAuthParameters;
+import at.gv.egovernment.moa.id.commons.api.data.IMISMandate;
import at.gv.egovernment.moa.id.data.IAuthData;
-import at.gv.egovernment.moa.id.data.MISMandate;
import at.gv.egovernment.moa.id.protocols.pvp2x.builder.attributes.exceptions.AttributeException;
import at.gv.egovernment.moa.id.protocols.pvp2x.builder.attributes.exceptions.NoMandateDataAttributeException;
import at.gv.egovernment.moa.id.util.MandateBuilder;
@@ -45,7 +45,7 @@ public class MandateProfRepDescAttributeBuilder implements IPVPAttributeBuilder
String profRepName = authData.getGenericData(MANDATE_PROF_REP_DESC_NAME, String.class);
if (MiscUtil.isEmpty(profRepName)) {
- MISMandate misMandate = authData.getMISMandate();
+ IMISMandate misMandate = authData.getMISMandate();
if(misMandate == null) {
throw new NoMandateDataAttributeException();
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/builder/attributes/MandateProfRepOIDAttributeBuilder.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/builder/attributes/MandateProfRepOIDAttributeBuilder.java
index bef9afd8f..04de3288a 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/builder/attributes/MandateProfRepOIDAttributeBuilder.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/builder/attributes/MandateProfRepOIDAttributeBuilder.java
@@ -23,8 +23,8 @@
package at.gv.egovernment.moa.id.protocols.builder.attributes;
import at.gv.egovernment.moa.id.commons.api.IOAAuthParameters;
+import at.gv.egovernment.moa.id.commons.api.data.IMISMandate;
import at.gv.egovernment.moa.id.data.IAuthData;
-import at.gv.egovernment.moa.id.data.MISMandate;
import at.gv.egovernment.moa.id.protocols.pvp2x.builder.attributes.exceptions.AttributeException;
import at.gv.egovernment.moa.id.protocols.pvp2x.builder.attributes.exceptions.NoMandateDataAttributeException;
import at.gv.egovernment.moa.util.MiscUtil;
@@ -41,7 +41,7 @@ public class MandateProfRepOIDAttributeBuilder implements IPVPAttributeBuilder {
String profRepOID = authData.getGenericData(MANDATE_PROF_REP_OID_NAME, String.class);
if (MiscUtil.isEmpty(profRepOID)) {
- MISMandate mandate = authData.getMISMandate();
+ IMISMandate mandate = authData.getMISMandate();
if (mandate == null) {
throw new NoMandateDataAttributeException();
}
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/AttributQueryAction.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/AttributQueryAction.java
index 2168316ab..365a31fe1 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/AttributQueryAction.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/AttributQueryAction.java
@@ -48,9 +48,7 @@ import at.gv.egovernment.moa.id.commons.api.AuthConfiguration;
import at.gv.egovernment.moa.id.commons.api.IOAAuthParameters;
import at.gv.egovernment.moa.id.commons.api.IRequest;
import at.gv.egovernment.moa.id.commons.api.exceptions.MOAIDException;
-import at.gv.egovernment.moa.id.commons.db.MOASessionDBUtils;
import at.gv.egovernment.moa.id.commons.db.dao.session.InterfederationSessionStore;
-import at.gv.egovernment.moa.id.commons.db.dao.session.OASessionStore;
import at.gv.egovernment.moa.id.commons.db.ex.MOADatabaseException;
import at.gv.egovernment.moa.id.config.auth.OAAuthParameter;
import at.gv.egovernment.moa.id.data.IAuthData;
@@ -80,6 +78,7 @@ public class AttributQueryAction implements IAction {
@Autowired private AuthenticationDataBuilder authDataBuilder;
@Autowired private IDPCredentialProvider pvpCredentials;
@Autowired private AuthConfiguration authConfig;
+ @Autowired(required=true) private MOAMetadataProvider metadataProvider;
private final static List<String> DEFAULTSTORKATTRIBUTES = Arrays.asList(
new String[]{PVPConstants.EID_STORK_TOKEN_NAME});
@@ -108,10 +107,10 @@ public class AttributQueryAction implements IAction {
try {
//get Single Sign-On information for the Service-Provider
// which sends the Attribute-Query request
- AuthenticationSession moaSession = authenticationSessionStorage.getSession(pendingReq.getMOASessionIdentifier());
+ AuthenticationSession moaSession = authenticationSessionStorage.getInternalSSOSession(pendingReq.getInternalSSOSessionIdentifier());
if (moaSession == null) {
- Logger.warn("No MOASession with ID:" + pendingReq.getMOASessionIdentifier() + " FOUND.");
- throw new MOAIDException("auth.02", new Object[]{pendingReq.getMOASessionIdentifier()});
+ Logger.warn("No MOASession with ID:" + pendingReq.getInternalSSOSessionIdentifier() + " FOUND.");
+ throw new MOAIDException("auth.02", new Object[]{pendingReq.getInternalSSOSessionIdentifier()});
}
InterfederationSessionStore nextIDPInformation =
@@ -139,7 +138,7 @@ public class AttributQueryAction implements IAction {
//build PVP 2.1 response
Response authResponse = AuthResponseBuilder.buildResponse(
- MOAMetadataProvider.getInstance(), issuerEntityID, attrQuery, date,
+ metadataProvider, issuerEntityID, attrQuery, date,
assertion, authConfig.isPVP2AssertionEncryptionActive());
SoapBinding decoder = new SoapBinding();
@@ -156,9 +155,9 @@ public class AttributQueryAction implements IAction {
throw new MOAIDException("pvp2.01", null, e);
} catch (MOADatabaseException e) {
- Logger.error("MOASession with SessionID=" + pendingReq.getMOASessionIdentifier()
+ Logger.error("MOASession with SessionID=" + pendingReq.getInternalSSOSessionIdentifier()
+ " is not found in Database", e);
- throw new MOAIDException("init.04", new Object[] { pendingReq.getMOASessionIdentifier() });
+ throw new MOAIDException("init.04", new Object[] { pendingReq.getInternalSSOSessionIdentifier() });
}
@@ -190,21 +189,11 @@ public class AttributQueryAction implements IAction {
AuthenticationSession session, List<Attribute> reqAttributes, InterfederationSessionStore nextIDPInformation) throws MOAIDException {
try {
//mark AttributeQuery as used if it exists
- OASessionStore activeOA = authenticationSessionStorage.searchActiveOASSOSession(session, pendingReq.getOAURL(), pendingReq.requestedModule());
- if (activeOA != null) {
- //mark
- if ( pendingReq instanceof PVPTargetConfiguration &&
- ((PVPTargetConfiguration) pendingReq).getRequest() instanceof MOARequest &&
- ((PVPTargetConfiguration) pendingReq).getRequest().getInboundMessage() instanceof AttributeQuery) {
- try {
- activeOA.setAttributeQueryUsed(true);
- MOASessionDBUtils.saveOrUpdate(activeOA);
-
- } catch (MOADatabaseException e) {
- Logger.error("MOASession interfederation information can not stored to database.", e);
-
- }
- }
+ if ( pendingReq instanceof PVPTargetConfiguration &&
+ ((PVPTargetConfiguration) pendingReq).getRequest() instanceof MOARequest &&
+ ((PVPTargetConfiguration) pendingReq).getRequest().getInboundMessage() instanceof AttributeQuery) {
+
+ authenticationSessionStorage.markOAWithAttributeQueryUsedFlag(session, pendingReq.getOAURL(), pendingReq.requestedModule());
}
//build OnlineApplication dynamic from requested attributes (AttributeQuerry Request) and configuration
@@ -247,20 +236,16 @@ public class AttributQueryAction implements IAction {
AssertionAttributeExtractor extractor = authDataBuilder.getAuthDataFromAttributeQuery(reqAttributes,
nextIDPInformation.getUserNameID(), idp);
- try {
- //mark attribute request as used
- if (nextIDPInformation.isStoreSSOInformation()) {
- nextIDPInformation.setAttributesRequested(true);
- MOASessionDBUtils.saveOrUpdate(nextIDPInformation);
+ //mark attribute request as used
+ if (nextIDPInformation.isStoreSSOInformation()) {
+ nextIDPInformation.setAttributesRequested(true);
+ authenticationSessionStorage.persistIdpInformation(nextIDPInformation);
+ //moaSessionDBUtils.saveOrUpdate(nextIDPInformation);
- //delete federated IDP from Session
- } else {
- MOASessionDBUtils.delete(nextIDPInformation);
-
- }
-
- } catch (MOADatabaseException e) {
- Logger.error("MOASession interfederation information can not stored to database.", e);
+ //delete federated IDP from Session
+ } else {
+ authenticationSessionStorage.deleteIdpInformation(nextIDPInformation);
+ //moaSessionDBUtils.delete(nextIDPInformation);
}
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/AuthenticationAction.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/AuthenticationAction.java
index 8de44a2e8..aac49844e 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/AuthenticationAction.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/AuthenticationAction.java
@@ -61,6 +61,7 @@ import at.gv.egovernment.moa.logging.Logger;
public class AuthenticationAction implements IAction {
@Autowired IDPCredentialProvider pvpCredentials;
@Autowired AuthConfiguration authConfig;
+ @Autowired(required=true) private MOAMetadataProvider metadataProvider;
public SLOInformationInterface processRequest(IRequest req, HttpServletRequest httpReq,
HttpServletResponse httpResp, IAuthData authData) throws MOAIDException {
@@ -70,7 +71,7 @@ public class AuthenticationAction implements IAction {
//get basic information
MOARequest moaRequest = (MOARequest) pvpRequest.getRequest();
AuthnRequest authnRequest = (AuthnRequest) moaRequest.getSamlRequest();
- EntityDescriptor peerEntity = moaRequest.getEntityMetadata();
+ EntityDescriptor peerEntity = moaRequest.getEntityMetadata(metadataProvider);
AssertionConsumerService consumerService =
SAML2Utils.createSAMLObject(AssertionConsumerService.class);
@@ -94,7 +95,7 @@ public class AuthenticationAction implements IAction {
peerEntity, date, consumerService, sloInformation);
Response authResponse = AuthResponseBuilder.buildResponse(
- MOAMetadataProvider.getInstance(), issuerEntityID, authnRequest,
+ metadataProvider, issuerEntityID, authnRequest,
date, assertion, authConfig.isPVP2AssertionEncryptionActive());
IEncoder binding = null;
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/PVP2XProtocol.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/PVP2XProtocol.java
index 350690f82..a7a249eed 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/PVP2XProtocol.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/PVP2XProtocol.java
@@ -56,7 +56,6 @@ import org.springframework.web.bind.annotation.RequestMapping;
import org.springframework.web.bind.annotation.RequestMethod;
import at.gv.egovernment.moa.id.advancedlogging.MOAIDEventConstants;
-import at.gv.egovernment.moa.id.auth.data.AuthenticationSession;
import at.gv.egovernment.moa.id.auth.exception.InvalidProtocolRequestException;
import at.gv.egovernment.moa.id.auth.exception.ProtocolNotActiveException;
import at.gv.egovernment.moa.id.auth.exception.WrongParametersException;
@@ -64,6 +63,7 @@ import at.gv.egovernment.moa.id.auth.frontend.velocity.VelocityLogAdapter;
import at.gv.egovernment.moa.id.commons.MOAIDAuthConstants;
import at.gv.egovernment.moa.id.commons.api.IOAAuthParameters;
import at.gv.egovernment.moa.id.commons.api.IRequest;
+import at.gv.egovernment.moa.id.commons.api.data.IAuthenticationSession;
import at.gv.egovernment.moa.id.commons.api.exceptions.MOAIDException;
import at.gv.egovernment.moa.id.config.auth.AuthConfigurationProviderFactory;
import at.gv.egovernment.moa.id.moduls.NoPassivAuthenticationException;
@@ -104,6 +104,7 @@ public class PVP2XProtocol extends AbstractAuthProtocolModulController {
@Autowired IDPCredentialProvider pvpCredentials;
@Autowired SAMLVerificationEngineSP samlVerificationEngine;
+ @Autowired(required=true) private MOAMetadataProvider metadataProvider;
public static final String NAME = PVP2XProtocol.class.getName();
public static final String PATH = "id_pvp2x";
@@ -187,7 +188,7 @@ public class PVP2XProtocol extends AbstractAuthProtocolModulController {
//get POST-Binding decoder implementation
InboundMessage msg = (InboundMessage) new PostBinding().decode(
- req, resp, MOAMetadataProvider.getInstance(), false,
+ req, resp, metadataProvider, false,
new MOAURICompare(PVPConfiguration.getInstance().getIDPSSOPostService(pendingReq.getAuthURL())));
pendingReq.setRequest(msg);
@@ -240,7 +241,7 @@ public class PVP2XProtocol extends AbstractAuthProtocolModulController {
//get POST-Binding decoder implementation
InboundMessage msg = (InboundMessage) new RedirectBinding().decode(
- req, resp, MOAMetadataProvider.getInstance(), false,
+ req, resp, metadataProvider, false,
new MOAURICompare(PVPConfiguration.getInstance().getIDPSSORedirectService(pendingReq.getAuthURL())));
pendingReq.setRequest(msg);
@@ -294,7 +295,7 @@ public class PVP2XProtocol extends AbstractAuthProtocolModulController {
//get POST-Binding decoder implementation
InboundMessage msg = (InboundMessage) new SoapBinding().decode(
- req, resp, MOAMetadataProvider.getInstance(), false,
+ req, resp, metadataProvider, false,
new MOAURICompare(PVPConfiguration.getInstance().getIDPSSOPostService(pendingReq.getAuthURL())));
pendingReq.setRequest(msg);
@@ -336,7 +337,7 @@ public class PVP2XProtocol extends AbstractAuthProtocolModulController {
if(!msg.isVerified()) {
samlVerificationEngine.verify(msg,
- TrustEngineFactory.getSignatureKnownKeysTrustEngine(MOAMetadataProvider.getInstance()));
+ TrustEngineFactory.getSignatureKnownKeysTrustEngine(metadataProvider));
msg.setVerified(true);
}
@@ -494,7 +495,7 @@ public class PVP2XProtocol extends AbstractAuthProtocolModulController {
msg = (MOARequest) inMsg;
- EntityDescriptor metadata = msg.getEntityMetadata();
+ EntityDescriptor metadata = msg.getEntityMetadata(metadataProvider);
if(metadata == null) {
throw new NoMetadataInformationException();
}
@@ -526,7 +527,7 @@ public class PVP2XProtocol extends AbstractAuthProtocolModulController {
boolean isAllowedDestination = false;
for (String prefix : allowedPublicURLPrefix) {
- if (!resp.getDestination().startsWith(
+ if (resp.getDestination().startsWith(
prefix)) {
isAllowedDestination = true;
break;
@@ -599,7 +600,7 @@ public class PVP2XProtocol extends AbstractAuthProtocolModulController {
//check active MOASession
String nameID = attrQuery.getSubject().getNameID().getValue();
- AuthenticationSession session = authenticatedSessionStorage.getSessionWithUserNameID(nameID);
+ IAuthenticationSession session = authenticatedSessionStorage.getSessionWithUserNameID(nameID);
if (session == null) {
Logger.warn("AttributeQuery nameID does not match to an active single sign-on session.");
throw new AttributQueryException("auth.31", null);
@@ -619,7 +620,7 @@ public class PVP2XProtocol extends AbstractAuthProtocolModulController {
pendingReq.setAction(AttributQueryAction.class.getName());
//add moasession
- pendingReq.setMOASessionIdentifier(session.getSessionID());
+ pendingReq.setInternalSSOSessionIdentifier(session.getSessionID());
//write revisionslog entry
revisionsLogger.logEvent(pendingReq, MOAIDEventConstants.AUTHPROTOCOL_PVP_REQUEST_ATTRIBUTQUERY);
@@ -644,7 +645,7 @@ public class PVP2XProtocol extends AbstractAuthProtocolModulController {
throw new MOAIDException("Unsupported request", new Object[] {});
}
- EntityDescriptor metadata = moaRequest.getEntityMetadata();
+ EntityDescriptor metadata = moaRequest.getEntityMetadata(metadataProvider);
if(metadata == null) {
throw new NoMetadataInformationException();
}
@@ -736,7 +737,7 @@ public class PVP2XProtocol extends AbstractAuthProtocolModulController {
}
}
- String oaURL = moaRequest.getEntityMetadata().getEntityID();
+ String oaURL = moaRequest.getEntityMetadata(metadataProvider).getEntityID();
oaURL = StringEscapeUtils.escapeHtml(oaURL);
IOAAuthParameters oa = authConfig.getOnlineApplicationParameter(oaURL);
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/PVPAssertionStorage.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/PVPAssertionStorage.java
index 0dd309154..62105abda 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/PVPAssertionStorage.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/PVPAssertionStorage.java
@@ -49,7 +49,7 @@ public class PVPAssertionStorage implements SAMLArtifactMap {
samlMessage);
try {
- transactionStorage.put(artifact, assertion);
+ transactionStorage.put(artifact, assertion, -1);
} catch (MOADatabaseException e) {
// TODO Insert Error Handling, if Assertion could not be stored
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/PVPTargetConfiguration.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/PVPTargetConfiguration.java
index e7f2a7d4b..caf66942e 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/PVPTargetConfiguration.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/PVPTargetConfiguration.java
@@ -32,6 +32,7 @@ import org.opensaml.saml2.core.impl.AuthnRequestImpl;
import org.opensaml.saml2.metadata.AttributeConsumingService;
import org.opensaml.saml2.metadata.RequestedAttribute;
import org.opensaml.saml2.metadata.SPSSODescriptor;
+import org.opensaml.saml2.metadata.provider.MetadataProvider;
import org.springframework.beans.factory.config.BeanDefinition;
import org.springframework.context.annotation.Scope;
import org.springframework.stereotype.Component;
@@ -54,7 +55,6 @@ public class PVPTargetConfiguration extends RequestImpl {
private static final long serialVersionUID = 4889919265919638188L;
-
InboundMessage request;
String binding;
String consumerURL;
@@ -88,14 +88,14 @@ public class PVPTargetConfiguration extends RequestImpl {
* @see at.gv.egovernment.moa.id.moduls.RequestImpl#getRequestedAttributes()
*/
@Override
- public Collection<String> getRequestedAttributes() {
+ public Collection<String> getRequestedAttributes(MetadataProvider metadataProvider) {
Map<String, String> reqAttr = new HashMap<String, String>();
for (String el : PVP2XProtocol.DEFAULTREQUESTEDATTRFORINTERFEDERATION)
reqAttr.put(el, "");
try {
- SPSSODescriptor spSSODescriptor = getRequest().getEntityMetadata().getSPSSODescriptor(SAMLConstants.SAML20P_NS);
+ SPSSODescriptor spSSODescriptor = getRequest().getEntityMetadata(metadataProvider).getSPSSODescriptor(SAMLConstants.SAML20P_NS);
if (spSSODescriptor.getAttributeConsumingServices() != null &&
spSSODescriptor.getAttributeConsumingServices().size() > 0) {
@@ -139,5 +139,6 @@ public class PVPTargetConfiguration extends RequestImpl {
}
- }
+ }
+
}
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/SingleLogOutAction.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/SingleLogOutAction.java
index 52bf16247..ff703d585 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/SingleLogOutAction.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/SingleLogOutAction.java
@@ -24,17 +24,11 @@ package at.gv.egovernment.moa.id.protocols.pvp2x;
import java.io.Serializable;
import java.io.UnsupportedEncodingException;
-import java.util.List;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import org.apache.commons.lang.SerializationUtils;
-import org.hibernate.HibernateException;
-import org.hibernate.Query;
-import org.hibernate.Session;
-import org.hibernate.Transaction;
-import org.hibernate.resource.transaction.spi.TransactionStatus;
import org.opensaml.saml2.core.LogoutRequest;
import org.opensaml.saml2.core.LogoutResponse;
import org.opensaml.saml2.metadata.SingleLogoutService;
@@ -43,13 +37,12 @@ import org.springframework.stereotype.Service;
import at.gv.egovernment.moa.id.advancedlogging.MOAIDEventConstants;
import at.gv.egovernment.moa.id.advancedlogging.MOAReversionLogger;
-import at.gv.egovernment.moa.id.auth.data.AuthenticationSession;
import at.gv.egovernment.moa.id.auth.exception.AuthenticationException;
import at.gv.egovernment.moa.id.auth.servlet.RedirectServlet;
import at.gv.egovernment.moa.id.commons.MOAIDAuthConstants;
import at.gv.egovernment.moa.id.commons.api.IRequest;
+import at.gv.egovernment.moa.id.commons.api.data.IAuthenticationSession;
import at.gv.egovernment.moa.id.commons.api.exceptions.MOAIDException;
-import at.gv.egovernment.moa.id.commons.db.MOASessionDBUtils;
import at.gv.egovernment.moa.id.commons.db.dao.session.AssertionStore;
import at.gv.egovernment.moa.id.commons.db.ex.MOADatabaseException;
import at.gv.egovernment.moa.id.data.IAuthData;
@@ -83,8 +76,8 @@ public class SingleLogOutAction implements IAction {
@Autowired private ITransactionStorage transactionStorage;
@Autowired private SingleLogOutBuilder sloBuilder;
@Autowired private MOAReversionLogger revisionsLogger;
-
-
+
+
/* (non-Javadoc)
* @see at.gv.egovernment.moa.id.moduls.IAction#processRequest(at.gv.egovernment.moa.id.moduls.IRequest, javax.servlet.http.HttpServletRequest, javax.servlet.http.HttpServletResponse, at.gv.egovernment.moa.id.data.IAuthData)
*/
@@ -94,142 +87,147 @@ public class SingleLogOutAction implements IAction {
IAuthData authData) throws MOAIDException {
PVPTargetConfiguration pvpReq = (PVPTargetConfiguration) req;
-
+
if (pvpReq.getRequest() instanceof MOARequest &&
((MOARequest)pvpReq.getRequest()).getSamlRequest() instanceof LogoutRequest) {
Logger.debug("Process Single LogOut request");
MOARequest samlReq = (MOARequest) pvpReq.getRequest();
LogoutRequest logOutReq = (LogoutRequest) samlReq.getSamlRequest();
-
- AuthenticationSession session =
+
+ IAuthenticationSession session =
authenticationSessionStorage.searchMOASessionWithNameIDandOAID(
logOutReq.getIssuer().getValue(),
logOutReq.getNameID().getValue());
-
- if (session == null) {
- Logger.warn("Can not find active SSO session with nameID "
- + logOutReq.getNameID().getValue() + " and OA "
- + logOutReq.getIssuer().getValue());
- Logger.info("Search active SSO session with SSO session cookie");
- String ssoID = ssomanager.getSSOSessionID(httpReq);
- if (MiscUtil.isEmpty(ssoID)) {
+
+ if (session == null) {
+ Logger.warn("Can not find active SSO session with nameID "
+ + logOutReq.getNameID().getValue() + " and OA "
+ + logOutReq.getIssuer().getValue());
+ Logger.info("Search active SSO session with SSO session cookie");
+ String ssoID = ssomanager.getSSOSessionID(httpReq);
+ if (MiscUtil.isEmpty(ssoID)) {
+ Logger.info("Can not find active Session. Single LogOut not possible!");
+ SingleLogoutService sloService = sloBuilder.getResponseSLODescriptor(pvpReq);
+ //LogoutResponse message = sloBuilder.buildSLOErrorResponse(sloService, pvpReq, StatusCode.RESPONDER_URI);
+ LogoutResponse message = sloBuilder.buildSLOResponseMessage(sloService, pvpReq, null);
+ Logger.info("Sending SLO success message to requester ...");
+ sloBuilder.sendFrontChannelSLOMessage(sloService, message, httpReq, httpResp, samlReq.getRelayState());
+ return null;
+
+ } else {
+ try {
+ session = ssomanager.getInternalMOASession(ssoID);
+
+ if (session == null)
+ throw new MOADatabaseException();
+
+ } catch (MOADatabaseException e) {
Logger.info("Can not find active Session. Single LogOut not possible!");
SingleLogoutService sloService = sloBuilder.getResponseSLODescriptor(pvpReq);
//LogoutResponse message = sloBuilder.buildSLOErrorResponse(sloService, pvpReq, StatusCode.RESPONDER_URI);
LogoutResponse message = sloBuilder.buildSLOResponseMessage(sloService, pvpReq, null);
Logger.info("Sending SLO success message to requester ...");
- sloBuilder.sendFrontChannelSLOMessage(sloService, message, httpReq, httpResp, samlReq.getRelayState());
+ sloBuilder.sendFrontChannelSLOMessage(sloService, message, httpReq, httpResp, samlReq.getRelayState());
return null;
-
- } else {
- String moasession = ssomanager.getMOASession(ssoID);
- try {
- session = authenticationSessionStorage.getSession(moasession);
-
- if (session == null)
- throw new MOADatabaseException();
-
- } catch (MOADatabaseException e) {
- Logger.info("Can not find active Session. Single LogOut not possible!");
- SingleLogoutService sloService = sloBuilder.getResponseSLODescriptor(pvpReq);
- //LogoutResponse message = sloBuilder.buildSLOErrorResponse(sloService, pvpReq, StatusCode.RESPONDER_URI);
- LogoutResponse message = sloBuilder.buildSLOResponseMessage(sloService, pvpReq, null);
- Logger.info("Sending SLO success message to requester ...");
- sloBuilder.sendFrontChannelSLOMessage(sloService, message, httpReq, httpResp, samlReq.getRelayState());
- return null;
-
- }
- }
+
+ }
+ }
+ }
+
+ authManager.performSingleLogOut(httpReq, httpResp, session, pvpReq);
+
+ } else if (pvpReq.getRequest() instanceof MOAResponse &&
+ ((MOAResponse)pvpReq.getRequest()).getResponse() instanceof LogoutResponse) {
+ Logger.debug("Process Single LogOut response");
+ LogoutResponse logOutResp = (LogoutResponse) ((MOAResponse)pvpReq.getRequest()).getResponse();
+
+ //Transaction tx = null;
+
+ try {
+ String relayState = pvpReq.getRequest().getRelayState();
+ if (MiscUtil.isEmpty(relayState)) {
+ Logger.warn("SLO Response from " + logOutResp.getIssuer().getValue()
+ + " has no SAML2 RelayState.");
+ throw new SLOException("pvp2.19", null);
+
}
-
- authManager.performSingleLogOut(httpReq, httpResp, session, pvpReq);
-
- } else if (pvpReq.getRequest() instanceof MOAResponse &&
- ((MOAResponse)pvpReq.getRequest()).getResponse() instanceof LogoutResponse) {
- Logger.debug("Process Single LogOut response");
- LogoutResponse logOutResp = (LogoutResponse) ((MOAResponse)pvpReq.getRequest()).getResponse();
-
- Transaction tx = null;
-
- try {
- String relayState = pvpReq.getRequest().getRelayState();
- if (MiscUtil.isEmpty(relayState)) {
- Logger.warn("SLO Response from " + logOutResp.getIssuer().getValue()
- + " has no SAML2 RelayState.");
- throw new SLOException("pvp2.19", null);
-
- }
-
- Session session = MOASessionDBUtils.getCurrentSession();
- boolean storageSuccess = false;
- int counter = 0;
-
- //TODO: add counter to prevent deadlock
-
+
+ //Session session = MOASessionDBUtils.getCurrentSession();
+ boolean storageSuccess = false;
+ int counter = 0;
+
+ //TODO: add counter to prevent deadlock
+ synchronized(this){
while (!storageSuccess) {
- tx = session.beginTransaction();
-
- List result;
- Query query = session.getNamedQuery("getAssertionWithArtifact");
- query.setParameter("artifact", relayState);
- result = query.list();
- Logger.trace("Found entries: " + result.size());
-
- //Assertion requires an unique artifact
- if (result.size() != 1) {
+ // tx = session.beginTransaction();
+ //
+ // List result;
+ // Query query = session.getNamedQuery("getAssertionWithArtifact");
+ // query.setParameter("artifact", relayState);
+ // result = query.list();
+ //
+ //
+ // Logger.trace("Found entries: " + result.size());
+ //
+ // //Assertion requires an unique artifact
+ // if (result.size() != 1) {
+ // Logger.trace("No entries found.");
+ // throw new MOADatabaseException("No sessioninformation found with this ID");
+ // }
+ //
+ // AssertionStore element = (AssertionStore) result.get(0);
+ // Object data = SerializationUtils.deserialize(element.getAssertion());
+ Logger.debug("Current Thread getAssertionStore: "+Thread.currentThread().getId());
+ Object o = transactionStorage.getAssertionStore(relayState);
+ if(o==null){
Logger.trace("No entries found.");
- throw new MOADatabaseException("No sessioninformation found with this ID");
+ throw new MOADatabaseException("No sessioninformation found with this ID");
}
-
- AssertionStore element = (AssertionStore) result.get(0);
- Object data = SerializationUtils.deserialize(element.getAssertion());
-
+ AssertionStore element = (AssertionStore) o;
+ Object data = SerializationUtils.deserialize(element.getAssertion());
+
if (data instanceof SLOInformationContainer) {
ISLOInformationContainer sloContainer = (ISLOInformationContainer) data;
-
+
//check status
sloBuilder.checkStatusCode(sloContainer, logOutResp);
-
+
if (sloContainer.hasFrontChannelOA()) {
try {
//some response are open
byte[] serializedSLOContainer = SerializationUtils.serialize((Serializable) sloContainer);
element.setAssertion(serializedSLOContainer);
element.setType(sloContainer.getClass().getName());
-
- session.saveOrUpdate(element);
- tx.commit();
-
+
+ // session.saveOrUpdate(element);
+ // tx.commit();
+ Logger.debug("Current Thread putAssertionStore: "+Thread.currentThread().getId());
+ transactionStorage.putAssertionStore(element);
+
//sloContainer could be stored to database
storageSuccess = true;
-
- } catch(HibernateException e) {
- tx.rollback();
+
+ } catch(MOADatabaseException e) {
+ //tx.rollback();
counter++;
Logger.debug("SLOContainter could not stored to database. Wait some time and restart storage process ... ");
java.util.Random rand = new java.util.Random();
-
+
try {
Thread.sleep(rand.nextInt(20)*10);
-
+
} catch (InterruptedException e1) {
Logger.warn("Thread could not stopped. ReStart storage process immediately", e1);
}
}
-
+
} else {
- //last response received.
- try {
- session.delete(element);
- tx.commit();
-
- } catch(HibernateException e) {
- tx.rollback();
- Logger.error("SLOContainter could not deleted from database. ");
-
- }
-
+ Logger.debug("Current Thread removeElement by Artifact: "+Thread.currentThread().getId());
+ transactionStorage.remove(element.getArtifact());
+ // session.delete(element);
+ // tx.commit();
+
storageSuccess = true;
String redirectURL = null;
if (sloContainer.getSloRequest() != null) {
@@ -237,70 +235,72 @@ public class SingleLogOutAction implements IAction {
SingleLogoutService sloService = sloBuilder.getResponseSLODescriptor(sloContainer.getSloRequest());
LogoutResponse message = sloBuilder.buildSLOResponseMessage(sloService, sloContainer.getSloRequest(), sloContainer.getSloFailedOAs());
redirectURL = sloBuilder.getFrontChannelSLOMessageURL(sloService, message, httpReq, httpResp, sloContainer.getSloRequest().getRequest().getRelayState());
-
+
} else {
//print SLO information directly
redirectURL = req.getAuthURL() + "/idpSingleLogout";
-
+
String artifact = Random.nextRandom();
-
- String statusCode = null;
+
+ String statusCode = null;
if (sloContainer.getSloFailedOAs() == null ||
- sloContainer.getSloFailedOAs().size() == 0) {
- statusCode = MOAIDAuthConstants.SLOSTATUS_SUCCESS;
- revisionsLogger.logEvent(sloContainer.getSessionID(), sloContainer.getTransactionID(),
- MOAIDEventConstants.AUTHPROCESS_SLO_ALL_VALID);
-
+ sloContainer.getSloFailedOAs().size() == 0) {
+ statusCode = MOAIDAuthConstants.SLOSTATUS_SUCCESS;
+ revisionsLogger.logEvent(sloContainer.getSessionID(), sloContainer.getTransactionID(),
+ MOAIDEventConstants.AUTHPROCESS_SLO_ALL_VALID);
+
} else {
revisionsLogger.logEvent(sloContainer.getSessionID(), sloContainer.getTransactionID(),
MOAIDEventConstants.AUTHPROCESS_SLO_NOT_ALL_VALID);
- statusCode = MOAIDAuthConstants.SLOSTATUS_ERROR;
-
+ statusCode = MOAIDAuthConstants.SLOSTATUS_ERROR;
+
}
- transactionStorage.put(artifact, statusCode);
- redirectURL = addURLParameter(redirectURL, MOAIDAuthConstants.PARAM_SLOSTATUS, artifact);
-
+ transactionStorage.put(artifact, statusCode, -1);
+ redirectURL = addURLParameter(redirectURL, MOAIDAuthConstants.PARAM_SLOSTATUS, artifact);
+
}
//redirect to Redirect Servlet
String url = req.getAuthURL() + "/RedirectServlet";
url = addURLParameter(url, RedirectServlet.REDIRCT_PARAM_URL, URLEncoder.encode(redirectURL, "UTF-8"));
url = httpResp.encodeRedirectURL(url);
-
+
httpResp.setContentType("text/html");
httpResp.setStatus(302);
httpResp.addHeader("Location", url);
-
+
}
} else {
Logger.warn("Sessioninformation Cast-Exception by using Artifact=" + relayState);
throw new MOADatabaseException("Sessioninformation Cast-Exception");
-
+
}
}
-
- } catch (MOADatabaseException e) {
- Logger.error("MOA AssertionDatabase ERROR", e);
- throw new SLOException("pvp2.19", null);
-
- } catch (UnsupportedEncodingException e) {
- Logger.error("Finale SLO redirct not possible.", e);
- throw new AuthenticationException("pvp2.13", new Object[]{});
-
- } finally {
- if (tx != null && !tx.getStatus().equals(TransactionStatus.COMMITTED)) {
- tx.commit();
-
- }
}
-
-
-
- } else {
- Logger.error("Process SingleLogOutAction but request is NOT of type LogoutRequest or LogoutResponse.");
- throw new MOAIDException("pvp2.13", null);
-
- }
-
+ } catch (MOADatabaseException e) {
+ Logger.error("MOA AssertionDatabase ERROR", e);
+ throw new SLOException("pvp2.19", null);
+
+ } catch (UnsupportedEncodingException e) {
+ Logger.error("Finale SLO redirct not possible.", e);
+ throw new AuthenticationException("pvp2.13", new Object[]{});
+
+ }
+
+ // finally {
+ // if (tx != null && !tx.getStatus().equals(TransactionStatus.COMMITTED)) {
+ // tx.commit();
+ //
+ // }
+ // }
+
+
+
+ } else {
+ Logger.error("Process SingleLogOutAction but request is NOT of type LogoutRequest or LogoutResponse.");
+ throw new MOAIDException("pvp2.13", null);
+
+ }
+
return null;
}
@@ -320,7 +320,7 @@ public class SingleLogOutAction implements IAction {
public String getDefaultActionName() {
return PVP2XProtocol.SINGLELOGOUT;
}
-
+
protected static String addURLParameter(String url, String paramname,
String paramvalue) {
String param = paramname + "=" + paramvalue;
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/binding/SoapBinding.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/binding/SoapBinding.java
index 25b22f0ad..94d91694a 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/binding/SoapBinding.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/binding/SoapBinding.java
@@ -62,6 +62,7 @@ import at.gv.egovernment.moa.util.MiscUtil;
public class SoapBinding implements IDecoder, IEncoder {
+ @Autowired(required=true) private MOAMetadataProvider metadataProvider;
@Autowired private IDPCredentialProvider credentialProvider;
public InboundMessageInterface decode(HttpServletRequest req,
@@ -109,7 +110,7 @@ public class SoapBinding implements IDecoder, IEncoder {
RequestAbstractType attributeRequest = (RequestAbstractType) attrReq;
try {
if (MiscUtil.isNotEmpty(attributeRequest.getIssuer().getValue()) &&
- MOAMetadataProvider.getInstance().getRole(
+ metadataProvider.getRole(
attributeRequest.getIssuer().getValue(),
SPSSODescriptor.DEFAULT_ELEMENT_NAME) != null)
request.setEntityID(attributeRequest.getIssuer().getValue());
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/PVPMetadataBuilder.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/PVPMetadataBuilder.java
index 855925272..e2f8664d8 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/PVPMetadataBuilder.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/PVPMetadataBuilder.java
@@ -24,8 +24,6 @@ package at.gv.egovernment.moa.id.protocols.pvp2x.builder;
import java.io.IOException;
import java.io.StringWriter;
-import java.security.PrivateKey;
-import java.security.interfaces.RSAPrivateKey;
import java.util.List;
import javax.xml.parsers.DocumentBuilder;
@@ -66,7 +64,6 @@ import org.opensaml.xml.security.credential.UsageType;
import org.opensaml.xml.security.keyinfo.KeyInfoGenerator;
import org.opensaml.xml.security.x509.X509KeyInfoGeneratorFactory;
import org.opensaml.xml.signature.Signature;
-import org.opensaml.xml.signature.SignatureConstants;
import org.opensaml.xml.signature.SignatureException;
import org.opensaml.xml.signature.Signer;
import org.springframework.stereotype.Service;
@@ -74,6 +71,7 @@ import org.w3c.dom.Document;
import at.gv.egovernment.moa.id.commons.api.exceptions.ConfigurationException;
import at.gv.egovernment.moa.id.protocols.pvp2x.config.IPVPMetadataBuilderConfiguration;
+import at.gv.egovernment.moa.id.protocols.pvp2x.signer.AbstractCredentialProvider;
import at.gv.egovernment.moa.id.protocols.pvp2x.signer.CredentialsNotAvailableException;
import at.gv.egovernment.moa.id.protocols.pvp2x.utils.SAML2Utils;
import at.gv.egovernment.moa.logging.Logger;
@@ -153,7 +151,7 @@ public class PVPMetadataBuilder {
//set metadata signature parameters
Credential metadataSignCred = config.getMetadataSigningCredentials();
- Signature signature = getIDPSignature(metadataSignCred);
+ Signature signature = AbstractCredentialProvider.getIDPSignature(metadataSignCred);
SecurityHelper.prepareSignatureParams(signature, metadataSignCred, null, null);
@@ -437,27 +435,5 @@ public class PVPMetadataBuilder {
return idpSSODescriptor;
}
-
- private Signature getIDPSignature(Credential credentials) {
- PrivateKey privatekey = credentials.getPrivateKey();
- Signature signer = SAML2Utils.createSAMLObject(Signature.class);
- if (privatekey instanceof RSAPrivateKey) {
- signer.setSignatureAlgorithm(SignatureConstants.ALGO_ID_SIGNATURE_RSA_SHA256);
-
- } else if (privatekey instanceof iaik.security.ecc.ecdsa.ECPrivateKey) {
- signer.setSignatureAlgorithm(SignatureConstants.ALGO_ID_SIGNATURE_ECDSA_SHA1);
-
- } else {
- Logger.warn("Could NOT evaluate the Private-Key type from " + credentials.getEntityId() + " credential.");
-
-
- }
-
- signer.setCanonicalizationAlgorithm(SignatureConstants.ALGO_ID_C14N_EXCL_OMIT_COMMENTS);
- signer.setSigningCredential(credentials);
- return signer;
-
- }
-
}
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/SingleLogOutBuilder.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/SingleLogOutBuilder.java
index e5c897aa6..de59e6055 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/SingleLogOutBuilder.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/SingleLogOutBuilder.java
@@ -94,8 +94,9 @@ import at.gv.egovernment.moa.logging.Logger;
@Service("PVP_SingleLogOutBuilder")
public class SingleLogOutBuilder {
+ @Autowired(required=true) private MOAMetadataProvider metadataProvider;
@Autowired private IDPCredentialProvider credentialProvider;
-
+
public void checkStatusCode(ISLOInformationContainer sloContainer, LogoutResponse logOutResp) {
Status status = logOutResp.getStatus();
if (!status.getStatusCode().getValue().equals(StatusCode.SUCCESS_URI)) {
@@ -353,7 +354,7 @@ public class SingleLogOutBuilder {
public SingleLogoutService getRequestSLODescriptor(String entityID) throws NOSLOServiceDescriptorException {
try {
- EntityDescriptor entity = MOAMetadataProvider.getInstance().getEntityDescriptor(entityID);
+ EntityDescriptor entity = metadataProvider.getEntityDescriptor(entityID);
SSODescriptor spsso = entity.getSPSSODescriptor(SAMLConstants.SAML20P_NS);
SingleLogoutService sloService = null;
@@ -394,7 +395,7 @@ public class SingleLogOutBuilder {
public SingleLogoutService getResponseSLODescriptor(PVPTargetConfiguration spRequest) throws NoMetadataInformationException, NOSLOServiceDescriptorException {
MOARequest moaReq = (MOARequest) spRequest.getRequest();
- EntityDescriptor metadata = moaReq.getEntityMetadata();
+ EntityDescriptor metadata = moaReq.getEntityMetadata(metadataProvider);
SSODescriptor ssodesc = metadata.getSPSSODescriptor(SAMLConstants.SAML20P_NS);
if (ssodesc == null) {
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/assertion/PVP2AssertionBuilder.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/assertion/PVP2AssertionBuilder.java
index 200429093..55d8fa1ff 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/assertion/PVP2AssertionBuilder.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/assertion/PVP2AssertionBuilder.java
@@ -459,8 +459,15 @@ public class PVP2AssertionBuilder implements PVPConstants {
subjectConfirmationData.setNotOnOrAfter(new DateTime(authData.getSsoSessionValidTo().getTime()));
// subjectConfirmationData.setNotBefore(date);
+ //set 'recipient' attribute in subjectConformationData
subjectConfirmationData.setRecipient(assertionConsumerService.getLocation());
+ //set IP address of the user machine as 'Address' attribute in subjectConformationData
+ String usersIPAddress = pendingReq.getGenericData(
+ PVPTargetConfiguration.DATAID_REQUESTER_IP_ADDRESS, String.class);
+ if (MiscUtil.isNotEmpty(usersIPAddress))
+ subjectConfirmationData.setAddress(usersIPAddress);
+
//set SLO information
sloInformation.setUserNameIdentifier(subjectNameID.getValue());
sloInformation.setNameIDFormat(subjectNameID.getFormat());
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/messages/InboundMessage.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/messages/InboundMessage.java
index 332caf967..8c8345bbf 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/messages/InboundMessage.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/messages/InboundMessage.java
@@ -25,11 +25,11 @@ package at.gv.egovernment.moa.id.protocols.pvp2x.messages;
import java.io.Serializable;
import org.opensaml.saml2.metadata.EntityDescriptor;
+import org.opensaml.saml2.metadata.provider.MetadataProvider;
import org.opensaml.saml2.metadata.provider.MetadataProviderException;
import org.w3c.dom.Element;
import at.gv.egovernment.moa.id.protocols.pvp2x.exceptions.NoMetadataInformationException;
-import at.gv.egovernment.moa.id.protocols.pvp2x.metadata.MOAMetadataProvider;
import at.gv.egovernment.moa.logging.Logger;
/**
@@ -46,10 +46,12 @@ public class InboundMessage implements InboundMessageInterface, Serializable{
private String relayState = null;
- public EntityDescriptor getEntityMetadata() throws NoMetadataInformationException {
-
+ public EntityDescriptor getEntityMetadata(MetadataProvider metadataProvider) throws NoMetadataInformationException {
try {
- return MOAMetadataProvider.getInstance().getEntityDescriptor(this.entityID);
+ if (metadataProvider == null)
+ throw new NullPointerException("No PVP MetadataProvider found.");
+
+ return metadataProvider.getEntityDescriptor(this.entityID);
} catch (MetadataProviderException e) {
Logger.warn("No Metadata for EntitiyID " + entityID);
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/metadata/MOAMetadataProvider.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/metadata/MOAMetadataProvider.java
index 3002ca179..b2597c3cb 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/metadata/MOAMetadataProvider.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/metadata/MOAMetadataProvider.java
@@ -31,6 +31,7 @@ import java.util.Iterator;
import java.util.List;
import java.util.Map;
import java.util.Map.Entry;
+import java.util.Timer;
import javax.xml.namespace.QName;
@@ -44,13 +45,14 @@ import org.opensaml.saml2.metadata.provider.MetadataProvider;
import org.opensaml.saml2.metadata.provider.MetadataProviderException;
import org.opensaml.saml2.metadata.provider.ObservableMetadataProvider;
import org.opensaml.xml.XMLObject;
+import org.springframework.stereotype.Service;
+import at.gv.egovernment.moa.id.auth.IDestroyableObject;
+import at.gv.egovernment.moa.id.auth.IGarbageCollectorProcessing;
import at.gv.egovernment.moa.id.commons.api.IOAAuthParameters;
import at.gv.egovernment.moa.id.commons.api.exceptions.ConfigurationException;
import at.gv.egovernment.moa.id.commons.config.MOAIDConfigurationConstants;
import at.gv.egovernment.moa.id.config.auth.AuthConfigurationProviderFactory;
-import at.gv.egovernment.moa.id.config.auth.IGarbageCollectorProcessing;
-import at.gv.egovernment.moa.id.config.auth.MOAGarbageCollector;
import at.gv.egovernment.moa.id.protocols.pvp2x.verification.metadata.InterfederatedIDPPublicServiceFilter;
import at.gv.egovernment.moa.id.protocols.pvp2x.verification.metadata.PVPMetadataFilterChain;
import at.gv.egovernment.moa.id.protocols.pvp2x.verification.metadata.SchemaValidationFilter;
@@ -58,69 +60,99 @@ import at.gv.egovernment.moa.logging.Logger;
import at.gv.egovernment.moa.util.Base64Utils;
import at.gv.egovernment.moa.util.MiscUtil;
+@Service("PVPMetadataProvider")
public class MOAMetadataProvider extends SimpleMOAMetadataProvider
- implements ObservableMetadataProvider, IGarbageCollectorProcessing, IMOARefreshableMetadataProvider {
+ implements ObservableMetadataProvider, IGarbageCollectorProcessing,
+ IMOARefreshableMetadataProvider, IDestroyableObject {
- private static MOAMetadataProvider instance = null;
+ //private static final int METADATA_GARBAGE_TIMEOUT_SEC = 604800; //7 days
+
+// private static MOAMetadataProvider instance = null;
+ MetadataProvider internalProvider = null;
+ private Timer timer = null;
private static Object mutex = new Object();
+ //private Map<String, Date> lastAccess = null;
- public static MOAMetadataProvider getInstance() {
- if (instance == null) {
- synchronized (mutex) {
- if (instance == null) {
- instance = new MOAMetadataProvider();
-
- //add this to MOA garbage collector
- MOAGarbageCollector.addModulForGarbageCollection(instance);
-
- }
- }
- }
- return instance;
+ public MOAMetadataProvider() {
+ internalProvider = new ChainingMetadataProvider();
+ //lastAccess = new HashMap<String, Date>();
+
}
+// public static MOAMetadataProvider getInstance() {
+// if (instance == null) {
+// synchronized (mutex) {
+// if (instance == null) {
+// instance = new MOAMetadataProvider();
+//
+// //add this to MOA garbage collector
+// MOAGarbageCollector.addModulForGarbageCollection(instance);
+//
+// }
+// }
+// }
+// return instance;
+// }
+
/* (non-Javadoc)
* @see at.gv.egovernment.moa.id.config.auth.IGarbageCollectorProcessing#runGarbageCollector()
*/
@Override
public void runGarbageCollector() {
- reInitialize();
-
- }
-
- private static void reInitialize() {
synchronized (mutex) {
/**add new Metadataprovider or remove Metadataprovider which are not in use any more.**/
- if (instance != null)
- try {
- Logger.trace("Check consistence of PVP2X metadata");
- instance.addAndRemoveMetadataProvider();
+ try {
+ Logger.trace("Check consistence of PVP2X metadata");
+ addAndRemoveMetadataProvider();
- } catch (ConfigurationException e) {
- Logger.error("Access to MOA-ID configuration FAILED.", e);
+ } catch (ConfigurationException e) {
+ Logger.error("Access to MOA-ID configuration FAILED.", e);
- }
- else
- Logger.info("MOAMetadataProvider is not loaded.");
+ }
}
+
}
- public static void destroy() {
- if (instance != null) {
- instance.internalDestroy();
+
+// private static void reInitialize() {
+// synchronized (mutex) {
+//
+// /**add new Metadataprovider or remove Metadataprovider which are not in use any more.**/
+// if (instance != null)
+// try {
+// Logger.trace("Check consistence of PVP2X metadata");
+// instance.addAndRemoveMetadataProvider();
+//
+// } catch (ConfigurationException e) {
+// Logger.error("Access to MOA-ID configuration FAILED.", e);
+//
+// }
+// else
+// Logger.info("MOAMetadataProvider is not loaded.");
+// }
+// }
+
+ public void fullyDestroy() {
+ internalDestroy();
- } else {
- Logger.info("MOAMetadataProvider is not loaded. Accordingly it can not be destroyed");
- }
}
- MetadataProvider internalProvider;
+
@Override
- public boolean refreshMetadataProvider(String entityID) {
- try {
+ public synchronized boolean refreshMetadataProvider(String entityID) {
+ try {
+ //check if metadata provider is already loaded
+ try {
+ if (internalProvider.getEntityDescriptor(entityID) != null)
+ return true;
+
+ } catch (MetadataProviderException e) {}
+
+
+ //reload metadata provider
IOAAuthParameters oaParam =
AuthConfigurationProviderFactory.getInstance().getOnlineApplicationParameter(entityID);
if (oaParam != null) {
@@ -142,10 +174,14 @@ public class MOAMetadataProvider extends SimpleMOAMetadataProvider
byte[] cert = Base64Utils.decode(certBase64, false);
String oaFriendlyName = oaParam.getFriendlyName();
+ if (timer == null)
+ timer = new Timer(true);
+
ChainingMetadataProvider chainProvider = (ChainingMetadataProvider) internalProvider;
HTTPMetadataProvider newMetadataProvider = createNewHTTPMetaDataProvider(metadataURL,
buildMetadataFilterChain(oaParam, metadataURL, cert),
- oaFriendlyName);
+ oaFriendlyName,
+ timer);
chainProvider.addMetadataProvider(newMetadataProvider);
@@ -208,7 +244,7 @@ public class MOAMetadataProvider extends SimpleMOAMetadataProvider
private void addAndRemoveMetadataProvider() throws ConfigurationException {
if (internalProvider != null && internalProvider instanceof ChainingMetadataProvider) {
- Logger.info("Relaod MOAMetaDataProvider.");
+ Logger.info("Reload MOAMetaDataProvider.");
/*OpenSAML ChainingMetadataProvider can not remove a MetadataProvider (UnsupportedOperationException)
*The ChainingMetadataProvider use internal a unmodifiableList to hold all registrated MetadataProviders.*/
@@ -217,7 +253,19 @@ public class MOAMetadataProvider extends SimpleMOAMetadataProvider
//get all actually loaded metadata providers
Map<String, HTTPMetadataProvider> loadedproviders = getAllActuallyLoadedProviders();
-
+
+ /* TODO: maybe add metadata provider destroy after timeout.
+ * But could be a problem if one Metadataprovider load an EntitiesDescriptor
+ * with more the multiple EntityDescriptors. If one of this EntityDesciptors
+ * are expired the full EntitiesDescriptor is removed.
+ *
+ * Timeout requires a better solution in this case!
+ */
+// Date now = new Date();
+// Date expioredate = new Date(now.getTime() - (METADATA_GARBAGE_TIMEOUT_SEC * 1000));
+// Logger.debug("Starting PVP Metadata garbag collection (Expioredate:"
+// + expioredate + ")");
+
//load all PVP2 OAs form ConfigurationDatabase and
//compare actually loaded Providers with configured PVP2 OAs
Map<String, String> allOAs = AuthConfigurationProviderFactory.getInstance().getConfigurationWithWildCard(
@@ -238,30 +286,31 @@ public class MOAMetadataProvider extends SimpleMOAMetadataProvider
HTTPMetadataProvider httpProvider = null;
try {
if (MiscUtil.isNotEmpty(metadataurl)) {
- if (loadedproviders.containsKey(metadataurl)) {
+ if (loadedproviders.containsKey(metadataurl)) {
// PVP2 OA is actually loaded, to nothing
providersinuse.put(metadataurl, loadedproviders.get(metadataurl));
loadedproviders.remove(metadataurl);
- } else if ( MiscUtil.isNotEmpty(metadataurl) &&
- !providersinuse.containsKey(metadataurl) ) {
- //PVP2 OA is new, add it to MOAMetadataProvider
- String certBase64 = oaParam.getConfigurationValue(MOAIDConfigurationConstants.SERVICE_PROTOCOLS_PVP2X_CERTIFICATE);
- if (MiscUtil.isNotEmpty(certBase64)) {
- byte[] cert = Base64Utils.decode(certBase64, false);
- String oaFriendlyName = oaParam.getFriendlyName();
-
-
- Logger.info("Loading metadata for: " + oaFriendlyName);
- httpProvider = createNewHTTPMetaDataProvider(
- metadataurl,
- buildMetadataFilterChain(oaParam, metadataurl, cert),
- oaFriendlyName);
-
- if (httpProvider != null)
- providersinuse.put(metadataurl, httpProvider);
- }
+ //INFO: load metadata dynamically if they are requested
+// } else if ( MiscUtil.isNotEmpty(metadataurl) &&
+// !providersinuse.containsKey(metadataurl) ) {
+// //PVP2 OA is new, add it to MOAMetadataProvider
+// String certBase64 = oaParam.getConfigurationValue(MOAIDConfigurationConstants.SERVICE_PROTOCOLS_PVP2X_CERTIFICATE);
+// if (MiscUtil.isNotEmpty(certBase64)) {
+// byte[] cert = Base64Utils.decode(certBase64, false);
+// String oaFriendlyName = oaParam.getFriendlyName();
+//
+//
+// Logger.info("Loading metadata for: " + oaFriendlyName);
+// httpProvider = createNewHTTPMetaDataProvider(
+// metadataurl,
+// buildMetadataFilterChain(oaParam, metadataurl, cert),
+// oaFriendlyName);
+//
+// if (httpProvider != null)
+// providersinuse.put(metadataurl, httpProvider);
+// }
}
}
@@ -324,7 +373,7 @@ public class MOAMetadataProvider extends SimpleMOAMetadataProvider
public void internalDestroy() {
if (internalProvider != null && internalProvider instanceof ChainingMetadataProvider) {
- Logger.info("Destrorying MOAMetaDataProvider.");
+ Logger.info("Destrorying PVP-Authentication MetaDataProvider.");
ChainingMetadataProvider chainProvider = (ChainingMetadataProvider) internalProvider;
List<MetadataProvider> providers = chainProvider.getProviders();
@@ -339,15 +388,25 @@ public class MOAMetadataProvider extends SimpleMOAMetadataProvider
}
}
- instance = null;
+ internalProvider = new ChainingMetadataProvider();
+
+ if (timer != null)
+ timer.cancel();
+
} else {
Logger.warn("ReInitalize MOAMetaDataProvider is not possible! MOA-ID Instance has to be restarted manualy");
}
}
- private MOAMetadataProvider() {
+ @Deprecated
+ /**
+ * Load all PVP metadata from OA configuration
+ *
+ * This method is deprecated because OA metadata should be loaded dynamically
+ * if the corresponding OA is requested.
+ */
+ private void loadAllPVPMetadataFromKonfiguration() {
ChainingMetadataProvider chainProvider = new ChainingMetadataProvider();
-
Logger.info("Loading metadata");
Map<String, MetadataProvider> providersinuse = new HashMap<String, MetadataProvider>();
try {
@@ -374,12 +433,16 @@ public class MOAMetadataProvider extends SimpleMOAMetadataProvider
byte[] cert = Base64Utils.decode(certBase64, false);
+ if (timer == null)
+ timer = new Timer(true);
+
Logger.info("Loading metadata for: " + oaFriendlyName);
if (!providersinuse.containsKey(metadataurl)) {
httpProvider = createNewHTTPMetaDataProvider(
metadataurl,
buildMetadataFilterChain(oaParam, metadataurl, cert),
- oaFriendlyName);
+ oaFriendlyName,
+ timer);
if (httpProvider != null)
providersinuse.put(metadataurl, httpProvider);
@@ -417,14 +480,15 @@ public class MOAMetadataProvider extends SimpleMOAMetadataProvider
+ e.getMessage(), e);
}
+ internalProvider = chainProvider;
+
} catch (ConfigurationException e) {
Logger.error("Access MOA-ID configuration FAILED.", e);
}
-
- internalProvider = chainProvider;
+
}
-
+
private PVPMetadataFilterChain buildMetadataFilterChain(IOAAuthParameters oaParam, String metadataURL, byte[] certificate) throws CertificateException {
PVPMetadataFilterChain filterChain = new PVPMetadataFilterChain(metadataURL, certificate);
filterChain.getFilters().add(new SchemaValidationFilter());
@@ -505,17 +569,30 @@ public class MOAMetadataProvider extends SimpleMOAMetadataProvider
}
+// if (entityDesc != null)
+// lastAccess.put(entityID, new Date());
+
return entityDesc;
}
public List<RoleDescriptor> getRole(String entityID, QName roleName)
- throws MetadataProviderException {
- return internalProvider.getRole(entityID, roleName);
+ throws MetadataProviderException {
+ List<RoleDescriptor> result = internalProvider.getRole(entityID, roleName);
+
+// if (result != null)
+// lastAccess.put(entityID, new Date());
+
+ return result;
}
public RoleDescriptor getRole(String entityID, QName roleName,
String supportedProtocol) throws MetadataProviderException {
- return internalProvider.getRole(entityID, roleName, supportedProtocol);
+ RoleDescriptor result = internalProvider.getRole(entityID, roleName, supportedProtocol);
+
+// if (result != null)
+// lastAccess.put(entityID, new Date());
+
+ return result;
}
/* (non-Javadoc)
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/metadata/SimpleMOAMetadataProvider.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/metadata/SimpleMOAMetadataProvider.java
index 442455d4b..c0ba1d96d 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/metadata/SimpleMOAMetadataProvider.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/metadata/SimpleMOAMetadataProvider.java
@@ -53,12 +53,13 @@ public abstract class SimpleMOAMetadataProvider implements MetadataProvider{
* @param metadataURL URL, where the metadata should be loaded
* @param filter Filters, which should be used to validate the metadata
* @param IdForLogging Id, which is used for Logging
+ * @param timer {@link Timer} which is used to schedule metadata refresh operations
*
* @return SAML2 Metadata Provider
*/
- protected HTTPMetadataProvider createNewHTTPMetaDataProvider(String metadataURL, MetadataFilter filter, String IdForLogging ) {
+ protected HTTPMetadataProvider createNewHTTPMetaDataProvider(String metadataURL, MetadataFilter filter, String IdForLogging, Timer timer) {
HTTPMetadataProvider httpProvider = null;
- Timer timer= null;
+ //Timer timer= null;
MOAHttpClient httpClient = null;
try {
httpClient = new MOAHttpClient();
@@ -67,11 +68,11 @@ public abstract class SimpleMOAMetadataProvider implements MetadataProvider{
try {
MOAHttpProtocolSocketFactory protoSocketFactory = new MOAHttpProtocolSocketFactory(
PVPConstants.SSLSOCKETFACTORYNAME,
- AuthConfigurationProviderFactory.getInstance().getCertstoreDirectory(),
AuthConfigurationProviderFactory.getInstance().getTrustedCACertificates(),
null,
AuthConfiguration.DEFAULT_X509_CHAININGMODE,
- AuthConfigurationProviderFactory.getInstance().isTrustmanagerrevoationchecking());
+ AuthConfigurationProviderFactory.getInstance().isTrustmanagerrevoationchecking(),
+ AuthConfigurationProviderFactory.getInstance().getRevocationMethodOrder());
httpClient.setCustomSSLTrustStore(metadataURL, protoSocketFactory);
@@ -81,7 +82,7 @@ public abstract class SimpleMOAMetadataProvider implements MetadataProvider{
}
}
- timer = new Timer();
+// timer = new Timer(true);
httpProvider = new HTTPMetadataProvider(timer, httpClient,
metadataURL);
httpProvider.setParserPool(new BasicParserPool());
@@ -121,10 +122,10 @@ public abstract class SimpleMOAMetadataProvider implements MetadataProvider{
httpProvider.destroy();
}
- if (timer != null) {
- Logger.debug("Destroy Timer.");
- timer.cancel();
- }
+// if (timer != null) {
+// Logger.debug("Destroy Timer.");
+// timer.cancel();
+// }
}
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/signer/AbstractCredentialProvider.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/signer/AbstractCredentialProvider.java
index bf4cfd480..77cc7228b 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/signer/AbstractCredentialProvider.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/signer/AbstractCredentialProvider.java
@@ -24,6 +24,7 @@ package at.gv.egovernment.moa.id.protocols.pvp2x.signer;
import java.security.KeyStore;
import java.security.PrivateKey;
+import java.security.interfaces.ECPrivateKey;
import java.security.interfaces.RSAPrivateKey;
import org.opensaml.xml.security.credential.Credential;
@@ -198,7 +199,7 @@ public abstract class AbstractCredentialProvider {
if (privatekey instanceof RSAPrivateKey) {
signer.setSignatureAlgorithm(SignatureConstants.ALGO_ID_SIGNATURE_RSA_SHA256);
- } else if (privatekey instanceof iaik.security.ecc.ecdsa.ECPrivateKey) {
+ } else if (privatekey instanceof ECPrivateKey) {
signer.setSignatureAlgorithm(SignatureConstants.ALGO_ID_SIGNATURE_ECDSA_SHA1);
} else {
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/utils/MOASAMLSOAPClient.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/utils/MOASAMLSOAPClient.java
index 0426c2a6a..0d1f54249 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/utils/MOASAMLSOAPClient.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/utils/MOASAMLSOAPClient.java
@@ -72,12 +72,12 @@ public class MOASAMLSOAPClient {
try {
SecureProtocolSocketFactory sslprotocolsocketfactory =
new MOAHttpProtocolSocketFactory(
- PVPConstants.SSLSOCKETFACTORYNAME,
- AuthConfigurationProviderFactory.getInstance().getCertstoreDirectory(),
+ PVPConstants.SSLSOCKETFACTORYNAME,
AuthConfigurationProviderFactory.getInstance().getTrustedCACertificates(),
null,
AuthConfigurationProviderFactory.getInstance().getDefaultChainingMode(),
- AuthConfigurationProviderFactory.getInstance().isTrustmanagerrevoationchecking());
+ AuthConfigurationProviderFactory.getInstance().isTrustmanagerrevoationchecking(),
+ AuthConfigurationProviderFactory.getInstance().getRevocationMethodOrder());
clientBuilder.setHttpsProtocolSocketFactory(sslprotocolsocketfactory );
} catch (MOAHttpProtocolSocketFactoryException e) {
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/verification/SAMLVerificationEngine.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/verification/SAMLVerificationEngine.java
index f384dd511..f6104bdeb 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/verification/SAMLVerificationEngine.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/verification/SAMLVerificationEngine.java
@@ -41,6 +41,7 @@ import org.opensaml.xml.security.criteria.EntityIDCriteria;
import org.opensaml.xml.security.criteria.UsageCriteria;
import org.opensaml.xml.signature.SignatureTrustEngine;
import org.opensaml.xml.validation.ValidationException;
+import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.stereotype.Service;
import org.w3c.dom.Element;
import org.xml.sax.SAXException;
@@ -56,6 +57,8 @@ import at.gv.egovernment.moa.util.MiscUtil;
@Service("SAMLVerificationEngine")
public class SAMLVerificationEngine {
+
+ @Autowired(required=true) MOAMetadataProvider metadataProvider;
public void verify(InboundMessage msg, SignatureTrustEngine sigTrustEngine ) throws org.opensaml.xml.security.SecurityException, Exception {
try {
@@ -72,7 +75,8 @@ public class SAMLVerificationEngine {
}
Logger.debug("PVP2X message validation FAILED. Relead metadata for entityID: " + msg.getEntityID());
- if (!MOAMetadataProvider.getInstance().refreshMetadataProvider(msg.getEntityID()))
+
+ if (metadataProvider == null || !metadataProvider.refreshMetadataProvider(msg.getEntityID()))
throw e;
else {
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/verification/metadata/MOASPMetadataSignatureFilter.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/verification/metadata/MOASPMetadataSignatureFilter.java
index 3d69b0380..b6fed5934 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/verification/metadata/MOASPMetadataSignatureFilter.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/verification/metadata/MOASPMetadataSignatureFilter.java
@@ -33,7 +33,7 @@ import org.opensaml.saml2.metadata.provider.MetadataFilter;
import org.opensaml.xml.XMLObject;
import at.gv.egovernment.moa.id.auth.builder.SignatureVerificationUtils;
-import at.gv.egovernment.moa.id.auth.data.VerifyXMLSignatureResponse;
+import at.gv.egovernment.moa.id.commons.api.data.IVerifiyXMLSignatureResponse;
import at.gv.egovernment.moa.id.commons.api.exceptions.MOAIDException;
import at.gv.egovernment.moa.logging.Logger;
import at.gv.egovernment.moa.util.DOMUtils;
@@ -78,7 +78,7 @@ public class MOASPMetadataSignatureFilter implements MetadataFilter {
SignatureVerificationUtils sigVerify =
new SignatureVerificationUtils();
- VerifyXMLSignatureResponse result = sigVerify.verify(
+ IVerifiyXMLSignatureResponse result = sigVerify.verify(
serialized, trustProfileID);
//check signature-verification result
@@ -102,9 +102,11 @@ public class MOASPMetadataSignatureFilter implements MetadataFilter {
}
+ Logger.debug("SAML metadata for entityID:" + entityDes.getEntityID() + " is valid");
} catch (MOAIDException | TransformerFactoryConfigurationError | TransformerException | IOException e) {
- Logger.error("Metadata verification has an interal error.", e);
+ Logger.error("Metadata verification for Entity:" + entityDes.getEntityID()
+ + " has an interal error.", e);
throw new FilterException("Metadata verification has an interal error."
+ " Message:" + e.getMessage());
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/storage/DBAuthenticationSessionStoreage.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/storage/DBAuthenticationSessionStoreage.java
index 094e25040..ad200e400 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/storage/DBAuthenticationSessionStoreage.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/storage/DBAuthenticationSessionStoreage.java
@@ -26,15 +26,16 @@ import java.util.ArrayList;
import java.util.Date;
import java.util.List;
+import javax.persistence.EntityManager;
+import javax.persistence.PersistenceContext;
+import javax.persistence.Query;
+
import org.apache.commons.lang.SerializationUtils;
import org.apache.commons.lang.StringEscapeUtils;
import org.hibernate.HibernateException;
-import org.hibernate.Query;
-import org.hibernate.Session;
-import org.hibernate.Transaction;
-import org.hibernate.resource.transaction.spi.TransactionStatus;
import org.springframework.beans.factory.annotation.Autowired;
-import org.springframework.stereotype.Service;
+import org.springframework.stereotype.Repository;
+import org.springframework.transaction.annotation.Transactional;
import com.fasterxml.jackson.core.JsonProcessingException;
@@ -45,7 +46,7 @@ import at.gv.egovernment.moa.id.auth.exception.BuildException;
import at.gv.egovernment.moa.id.commons.api.AuthConfiguration;
import at.gv.egovernment.moa.id.commons.api.IOAAuthParameters;
import at.gv.egovernment.moa.id.commons.api.IRequest;
-import at.gv.egovernment.moa.id.commons.db.MOASessionDBUtils;
+import at.gv.egovernment.moa.id.commons.api.data.IAuthenticationSession;
import at.gv.egovernment.moa.id.commons.db.dao.session.AuthenticatedSessionStore;
import at.gv.egovernment.moa.id.commons.db.dao.session.InterfederationSessionStore;
import at.gv.egovernment.moa.id.commons.db.dao.session.OASessionStore;
@@ -61,20 +62,26 @@ import at.gv.egovernment.moa.id.util.SessionEncrytionUtil;
import at.gv.egovernment.moa.logging.Logger;
import at.gv.egovernment.moa.util.MiscUtil;
-@Service("AuthenticationSessionStoreage")
+@Repository("AuthenticationSessionStoreage")
+@Transactional("sessionTransactionManager")
public class DBAuthenticationSessionStoreage implements IAuthenticationSessionStoreage{
+ @PersistenceContext(unitName="session")
+ private EntityManager entityManager;
+
@Autowired AuthConfiguration authConfig;
private static JsonMapper mapper = new JsonMapper();
+ //@Autowired MOASessionDBUtils moaSessionDBUtils;
+
@Override
- public boolean isAuthenticated(String moaSessionID) {
+ public boolean isAuthenticated(String internalSsoSessionID) {
AuthenticatedSessionStore session;
try {
- session = searchInDatabase(moaSessionID, true);
+ session = searchInDatabase(internalSsoSessionID);
return session.isAuthenticated();
} catch (MOADatabaseException e) {
@@ -83,8 +90,8 @@ public class DBAuthenticationSessionStoreage implements IAuthenticationSessionSt
}
@Override
- public AuthenticationSession createSession(IRequest target) throws MOADatabaseException, BuildException {
- String id = Random.nextRandom();
+ public AuthenticationSession createInternalSSOSession(IRequest target) throws MOADatabaseException, BuildException {
+ String id = Random.nextLongRandom();
try {
AuthenticatedSessionStore dbsession = new AuthenticatedSessionStore();
dbsession.setSessionid(id);
@@ -100,18 +107,18 @@ public class DBAuthenticationSessionStoreage implements IAuthenticationSessionSt
sessionExt.setUniqueSessionId(target.getUniqueSessionIdentifier());
dbsession.setAdditionalInformation(mapper.serialize(sessionExt));
- AuthenticationSession session = new AuthenticationSession(id, now);
+ AuthenticationSession session = new AuthenticationSession(id, now, target.getMOASession());
encryptSession(session, dbsession);
- //store AssertionStore element to Database
- MOASessionDBUtils.saveOrUpdate(dbsession);
- Logger.info("Create MOASession with sessionID: " + id);
+ //store AssertionStore element to Database
+ entityManager.persist(dbsession);
+ Logger.info("Create MOA SSO-Session with internal sessionID: " + id);
return session;
- } catch (MOADatabaseException e) {
- Logger.warn("MOASession could not be created.");
- throw new MOADatabaseException(e);
+// } catch (MOADatabaseException e) {
+// Logger.warn("MOASession could not be created.");
+// throw new MOADatabaseException(e);
} catch (JsonProcessingException e) {
Logger.warn("Extended session information can not be stored.", e);
@@ -122,13 +129,13 @@ public class DBAuthenticationSessionStoreage implements IAuthenticationSessionSt
}
@Override
- public AuthenticationSession getSession(String sessionID) throws MOADatabaseException {
+ public AuthenticationSession getInternalSSOSession(String sessionID) throws MOADatabaseException {
if (MiscUtil.isEmpty(sessionID))
return null;
try {
- AuthenticatedSessionStore dbsession = searchInDatabase(sessionID, true);
+ AuthenticatedSessionStore dbsession = searchInDatabase(sessionID);
return decryptSession(dbsession);
} catch (MOADatabaseException e) {
@@ -143,7 +150,7 @@ public class DBAuthenticationSessionStoreage implements IAuthenticationSessionSt
@Override
public AuthenticationSessionExtensions getAuthenticationSessionExtensions(String sessionID) throws MOADatabaseException {
- AuthenticatedSessionStore dbsession = searchInDatabase(sessionID, true);
+ AuthenticatedSessionStore dbsession = searchInDatabase(sessionID);
if (MiscUtil.isNotEmpty(dbsession.getAdditionalInformation())) {
try {
@@ -161,12 +168,12 @@ public class DBAuthenticationSessionStoreage implements IAuthenticationSessionSt
@Override
public void setAuthenticationSessionExtensions(String sessionID, AuthenticationSessionExtensions sessionExtensions) throws MOADatabaseException {
try {
- AuthenticatedSessionStore dbsession = searchInDatabase(sessionID, true);
+ AuthenticatedSessionStore dbsession = searchInDatabase(sessionID);
dbsession.setAdditionalInformation(
mapper.serialize(sessionExtensions));
- MOASessionDBUtils.saveOrUpdate(dbsession);
+ entityManager.merge(dbsession);
Logger.debug("MOASession with sessionID=" + sessionID + " is stored in Database");
@@ -183,105 +190,35 @@ public class DBAuthenticationSessionStoreage implements IAuthenticationSessionSt
}
@Override
- public void storeSession(AuthenticationSession session) throws MOADatabaseException, BuildException {
- try {
- AuthenticatedSessionStore dbsession = searchInDatabase(session.getSessionID(), true);
-
- encryptSession(session, dbsession);
-
- //set Timestamp in this state, because automated timestamp generation is buggy in Hibernate 4.2.1
- dbsession.setAuthenticated(session.isAuthenticated());
- dbsession.setUpdated(new Date());
-
- MOASessionDBUtils.saveOrUpdate(dbsession);
- Logger.debug("MOASession with sessionID=" + session.getSessionID() + " is stored in Database");
-
- } catch (MOADatabaseException e) {
- Logger.warn("MOASession could not be stored.");
- throw new MOADatabaseException(e);
- }
- }
-
- @Override
- public void destroySession(String moaSessionID) throws MOADatabaseException {
+ public void destroyInternalSSOSession(String internalSsoSessionID) throws MOADatabaseException {
- Session session = MOASessionDBUtils.getCurrentSession();
-
- List<AuthenticatedSessionStore> result;
- Transaction tx = null;
- try {
- synchronized (session) {
-
- tx = session.beginTransaction();
- Query query = session.getNamedQuery("getSessionWithID");
- query.setParameter("sessionid", moaSessionID);
- result = query.list();
-
-
- Logger.trace("Found entries: " + result.size());
-
- //Assertion requires an unique artifact
- if (result.size() != 1) {
- Logger.trace("No entries found.");
- throw new MOADatabaseException("No session found with this sessionID");
- }
+ Query query = entityManager.createNamedQuery("getSessionWithID");
+ query.setParameter("sessionid", internalSsoSessionID);
+ List<AuthenticatedSessionStore> results = query.getResultList();
+
+ Logger.trace("Found entries: " + results.size());
- AuthenticatedSessionStore dbsession = (AuthenticatedSessionStore) result.get(0);
- tx.commit();
- cleanDelete(dbsession);
- }
-
- } catch (Exception e) {
- if (tx != null && !tx.getStatus().equals(TransactionStatus.COMMITTED))
- tx.rollback();
- throw e;
-
- }
-
- }
-
- @Override
- public String changeSessionID(AuthenticationSession session, String newSessionID) throws BuildException, MOADatabaseException {
+ //Assertion requires an unique artifact
+ if (results.size() != 1) {
+ Logger.trace("No entries found.");
+ throw new MOADatabaseException("No session found with this sessionID");
- AuthenticatedSessionStore dbsession = searchInDatabase(session.getSessionID(), true);
-
- Logger.debug("Change SessionID from " + session.getSessionID()
- + "to " + newSessionID);
-
- session.setSessionID(newSessionID);
- encryptSession(session, dbsession);
-
- dbsession.setSessionid(newSessionID);
- dbsession.setAuthenticated(session.isAuthenticated());
-
- //set Timestamp in this state, because automated timestamp generation is buggy in Hibernate 4.2.1
- dbsession.setUpdated(new Date());
-
- MOASessionDBUtils.saveOrUpdate(dbsession);
-
- Logger.trace("Change SessionID complete.");
-
- return newSessionID;
+ }
+
+ AuthenticatedSessionStore dbsession = (AuthenticatedSessionStore) results.get(0);
+ cleanDelete(dbsession);
}
@Override
- public String changeSessionID(AuthenticationSession session)
- throws BuildException, MOADatabaseException {
- String id = Random.nextRandom();
- return changeSessionID(session, id);
-
- }
-
- @Override
public void setAuthenticated(String moaSessionID, boolean isAuthenticated) {
AuthenticatedSessionStore session;
try {
- session = searchInDatabase(moaSessionID, true);
+ session = searchInDatabase(moaSessionID);
session.setAuthenticated(isAuthenticated);
- MOASessionDBUtils.saveOrUpdate(session);
+ entityManager.merge(session);
} catch (MOADatabaseException e) {
@@ -290,48 +227,36 @@ public class DBAuthenticationSessionStoreage implements IAuthenticationSessionSt
}
@Override
- public String getMOASessionSSOID(String SSOSessionID) {
- MiscUtil.assertNotNull(SSOSessionID, "SSOsessionID");
- Logger.trace("Get authenticated session with SSOID " + SSOSessionID + " from database.");
- Session session = MOASessionDBUtils.getCurrentSession();
-
- List<AuthenticatedSessionStore> result;
- Transaction tx = null;
- try {
- synchronized (session) {
-
- tx = session.beginTransaction();
- Query query = session.getNamedQuery("getSessionWithSSOID");
- query.setParameter("sessionid", SSOSessionID);
- result = query.list();
-
- //send transaction
- tx.commit();
-
- }
+ public AuthenticationSession getInternalMOASessionWithSSOID(String SSOSessionID) throws MOADatabaseException {
+ MiscUtil.assertNotNull(SSOSessionID, "SSOsessionID");
+ Logger.trace("Get authenticated session with SSOID " + SSOSessionID + " from database.");
+
+ Query query = entityManager.createNamedQuery("getSessionWithSSOID");
+ query.setParameter("sessionid", SSOSessionID);
+ List<AuthenticatedSessionStore> results = query.getResultList();
+
+ Logger.trace("Found entries: " + results.size());
- Logger.trace("Found entries: " + result.size());
-
- //Assertion requires an unique artifact
- if (result.size() != 1) {
- Logger.trace("No entries found.");
- return null;
+ //Assertion requires an unique artifact
+ if (results.size() != 1) {
+ Logger.trace("No entries found.");
+ return null;
- } else {
- return result.get(0).getSessionid();
+ } else
+ try {
+ return decryptSession(results.get(0));
+
+ } catch (Throwable e) {
+ Logger.warn("MOASession deserialization-exception by using internal MOASessionID=" + results.get(0).getSessionid(), e);
+ throw new MOADatabaseException("MOASession deserialization-exception");
+ }
- }
- } catch (Exception e) {
- if (tx != null && !tx.getStatus().equals(TransactionStatus.COMMITTED))
- tx.rollback();
- throw e;
- }
}
@Override
public boolean isSSOSession(String sessionID) throws MOADatabaseException {
try {
- AuthenticatedSessionStore dbsession = searchInDatabase(sessionID, true);
+ AuthenticatedSessionStore dbsession = searchInDatabase(sessionID);
return dbsession.isSSOSession();
} catch (MOADatabaseException e) {
@@ -344,330 +269,230 @@ public class DBAuthenticationSessionStoreage implements IAuthenticationSessionSt
public AuthenticatedSessionStore isValidSessionWithSSOID(String SSOId) {
//TODO: is this method really needed??
- MiscUtil.assertNotNull(SSOId, "SSOSessionID");
- Logger.trace("Get authenticated session with SSOID " + SSOId + " from database.");
- Session session = MOASessionDBUtils.getCurrentSession();
+ MiscUtil.assertNotNull(SSOId, "SSOSessionID");
+ Logger.trace("Get authenticated session with SSOID " + SSOId + " from database.");
- List<AuthenticatedSessionStore> result;
- Transaction tx = null;
- try {
- synchronized (session) {
- tx = session.beginTransaction();
- Query query = session.getNamedQuery("getSessionWithSSOID");
- query.setParameter("sessionid", SSOId);
- result = query.list();
-
- //send transaction
- tx.commit();
- }
+ Query query = entityManager.createNamedQuery("getSessionWithSSOID");
+ query.setParameter("sessionid", SSOId);
+ List<AuthenticatedSessionStore> results = query.getResultList();
- Logger.trace("Found entries: " + result.size());
+ Logger.trace("Found entries: " + results.size());
- //Assertion requires an unique artifact
- if (result.size() != 1) {
- Logger.trace("No entries found.");
- return null;
+ //Assertion requires an unique artifact
+ if (results.size() != 1) {
+ Logger.trace("No entries found.");
+ return null;
- } else {
- return result.get(0);
- }
- } catch (Exception e) {
- if (tx != null && !tx.getStatus().equals(TransactionStatus.COMMITTED))
- tx.rollback();
- throw e;
- }
+ } else
+ return results.get(0);
+
}
@Override
public void addSSOInformation(String moaSessionID, String SSOSessionID,
SLOInformationInterface SLOInfo, IRequest protocolRequest) throws AuthenticationException {
- AuthenticatedSessionStore dbsession;
- Transaction tx = null;
-
- try {
-
- Session session = MOASessionDBUtils.getCurrentSession();
- List<AuthenticatedSessionStore> result;
-
- Logger.trace("Add SSO information to session " + moaSessionID);
-
- synchronized (session) {
-
- tx = session.beginTransaction();
- Query query = session.getNamedQuery("getSessionWithID");
- query.setParameter("sessionid", moaSessionID);
- result = query.list();
-
-
- Logger.trace("Found entries: " + result.size());
+ Query query = entityManager.createNamedQuery("getSessionWithID");
+ query.setParameter("sessionid", moaSessionID);
+ List<AuthenticatedSessionStore> results = query.getResultList();
+
+ Logger.trace("Found entries: " + results.size());
- //Assertion requires an unique artifact
- if (result.size() != 1) {
- Logger.trace("No entries found.");
- tx.rollback();
- throw new MOADatabaseException("No session found with this sessionID");
- }
+ //Assertion requires an unique artifact
+ if (results.size() != 1) {
+ Logger.trace("No entries found.");
+ throw new AuthenticationException("No session found with this sessionID", null);
+
+ }
- dbsession = (AuthenticatedSessionStore) result.get(0);
+ AuthenticatedSessionStore dbsession = results.get(0);
- OASessionStore activeOA = null;
- //check if OA already has an active OA session
- if (dbsession.getActiveOAsessions() != null) {
- for (OASessionStore el : dbsession.getActiveOAsessions()) {
- if (el.getOaurlprefix().equals(protocolRequest.getOAURL()))
- activeOA = el;
- }
- }
-
- if (activeOA == null)
- activeOA = new OASessionStore();
-
- //set active OA applications
- activeOA.setOaurlprefix(protocolRequest.getOAURL());
- activeOA.setMoasession(dbsession);
- activeOA.setCreated(new Date());
+ OASessionStore activeOA = null;
+ //check if OA already has an active OA session
+ if (dbsession.getActiveOAsessions() != null) {
+ for (OASessionStore el : dbsession.getActiveOAsessions()) {
+ if (el.getOaurlprefix().equals(protocolRequest.getOAURL()))
+ activeOA = el;
+ }
+ }
- //set additional information for SLO
- if (SLOInfo != null) {
- activeOA.setAssertionSessionID(SLOInfo.getSessionIndex());
- activeOA.setUserNameID(SLOInfo.getUserNameIdentifier());
- activeOA.setUserNameIDFormat(SLOInfo.getUserNameIDFormat());
- activeOA.setProtocolType(SLOInfo.getProtocolType());
- activeOA.setAttributeQueryUsed(false);
- activeOA.setAuthURL(protocolRequest.getAuthURL());
-
-
- }
+ if (activeOA == null)
+ activeOA = new OASessionStore();
- List<OASessionStore> activeOAs = dbsession.getActiveOAsessions();
- activeOAs.add(activeOA);
- dbsession.setActiveOAsessions(activeOAs);
+ //set active OA applications
+ activeOA.setOaurlprefix(protocolRequest.getOAURL());
+ activeOA.setMoasession(dbsession);
+ activeOA.setCreated(new Date());
+
+ //set additional information for SLO
+ if (SLOInfo != null) {
+ activeOA.setAssertionSessionID(SLOInfo.getSessionIndex());
+ activeOA.setUserNameID(SLOInfo.getUserNameIdentifier());
+ activeOA.setUserNameIDFormat(SLOInfo.getUserNameIDFormat());
+ activeOA.setProtocolType(SLOInfo.getProtocolType());
+ activeOA.setAttributeQueryUsed(false);
+ activeOA.setAuthURL(protocolRequest.getAuthURL());
+
+
+ }
+
+ List<OASessionStore> activeOAs = dbsession.getActiveOAsessions();
+ activeOAs.add(activeOA);
+ dbsession.setActiveOAsessions(activeOAs);
+
+ //Store used SSOId
+ if (dbsession.getSSOsessionid() != null) {
+ OldSSOSessionIDStore oldSSOId = new OldSSOSessionIDStore();
+ oldSSOId.setOldsessionid(dbsession.getSSOsessionid());
+ oldSSOId.setMoasession(dbsession);
+
+ List<OldSSOSessionIDStore> oldSSOIds = dbsession.getOldssosessionids();
+ oldSSOIds.add(oldSSOId);
+ }
- //Store used SSOId
- if (dbsession.getSSOsessionid() != null) {
- OldSSOSessionIDStore oldSSOId = new OldSSOSessionIDStore();
- oldSSOId.setOldsessionid(dbsession.getSSOsessionid());
- oldSSOId.setMoasession(dbsession);
-
- List<OldSSOSessionIDStore> oldSSOIds = dbsession.getOldssosessionids();
- oldSSOIds.add(oldSSOId);
- }
-
- dbsession.setSSOSession(true);
- dbsession.setSSOsessionid(SSOSessionID);
- dbsession.setAuthenticated(false);
+ dbsession.setSSOSession(true);
+ dbsession.setSSOsessionid(SSOSessionID);
+ dbsession.setAuthenticated(false);
- //Store MOASession
- session.saveOrUpdate(dbsession);
-
- //send transaction
- tx.commit();
+ //Store MOASession
+ entityManager.merge(dbsession);
- if (SLOInfo != null)
- Logger.info("Add SSO-Session login information for OA: " + protocolRequest.getOAURL()
- + " and AssertionID: " + SLOInfo.getSessionIndex());
- else
- Logger.info("Add SSO-Session login information for OA: " + protocolRequest.getOAURL());
+ if (SLOInfo != null)
+ Logger.info("Add SSO-Session login information for OA: " + protocolRequest.getOAURL()
+ + " and AssertionID: " + SLOInfo.getSessionIndex());
+ else
+ Logger.info("Add SSO-Session login information for OA: " + protocolRequest.getOAURL());
- }
-
- } catch (MOADatabaseException e) {
- throw new AuthenticationException("No MOASession found with Id="+moaSessionID, null);
-
- } catch(HibernateException e) {
- Logger.warn("Error during database saveOrUpdate. Rollback.", e);
- if (tx != null && !tx.getStatus().equals(TransactionStatus.COMMITTED))
- tx.rollback();
- throw new AuthenticationException("SSO Session information can not be stored! --> SSO is deactivated", null);
- }
}
@Override
- public List<OASessionStore> getAllActiveOAFromMOASession(AuthenticationSession moaSession) {
+ public List<OASessionStore> getAllActiveOAFromMOASession(IAuthenticationSession moaSession) {
MiscUtil.assertNotNull(moaSession, "MOASession");
- Session session = null;
-
- try {
- List<OASessionStore> oas = new ArrayList<OASessionStore>();
-
- AuthenticatedSessionStore dbsession = searchInDatabase(moaSession.getSessionID(), false);
- oas.addAll(dbsession.getActiveOAsessions());
-
- session = MOASessionDBUtils.getCurrentSession();
- session.getTransaction().commit();
-
- return oas;
-
- } catch (MOADatabaseException e) {
- Logger.warn("NO session information found for sessionID " + moaSession.getSessionID(), e);
-
- } catch (Exception e) {
- if (session != null && session.getTransaction() != null
- && !session.getTransaction().getStatus().equals(TransactionStatus.COMMITTED)) {
- session.getTransaction().rollback();
- throw e;
-
- }
-
- }
-
- return null;
+
+ Logger.trace("Get OAs for moaSession " + moaSession.getSessionID() + " from database.");
+
+ Query query = entityManager.createNamedQuery("getAllActiveOAsForSessionID");
+ query.setParameter("sessionID", moaSession.getSessionID());
+ List<OASessionStore> results = query.getResultList();
+
+ Logger.trace("Found entries: " + results.size());
+
+ return results;
+
}
@Override
- public List<InterfederationSessionStore> getAllActiveIDPsFromMOASession(AuthenticationSession moaSession) {
+ public List<InterfederationSessionStore> getAllActiveIDPsFromMOASession(IAuthenticationSession moaSession) {
MiscUtil.assertNotNull(moaSession, "MOASession");
- Session session = null;
- try {
- List<InterfederationSessionStore> idps = new ArrayList<InterfederationSessionStore>();
- AuthenticatedSessionStore dbsession = searchInDatabase(moaSession.getSessionID(), false);
- idps.addAll(dbsession.getInderfederation());
-
- session = MOASessionDBUtils.getCurrentSession();
- session.getTransaction().commit();
-
- return idps;
-
- } catch (MOADatabaseException e) {
- Logger.warn("NO session information found for sessionID " + moaSession.getSessionID(), e);
-
- } catch (Exception e) {
- if (session != null && session.getTransaction() != null
- && !session.getTransaction().getStatus().equals(TransactionStatus.COMMITTED)) {
- session.getTransaction().rollback();
- throw e;
-
- }
-
- }
-
- return null;
+
+ Logger.trace("Get active IDPs for moaSession " + moaSession.getSessionID() + " from database.");
+
+ Query query = entityManager.createNamedQuery("getAllActiveIDPsForSessionID");
+ query.setParameter("sessionID", moaSession.getSessionID());
+ List<InterfederationSessionStore> results = query.getResultList();
+
+ Logger.trace("Found entries: " + results.size());
+
+ return results;
}
@Override
- public AuthenticationSession searchMOASessionWithNameIDandOAID(String oaID, String userNameID) {
+ public IAuthenticationSession searchMOASessionWithNameIDandOAID(String oaID, String userNameID) {
MiscUtil.assertNotNull(oaID, "OnlineApplicationIdentifier");
MiscUtil.assertNotNull(userNameID, "userNameID");
Logger.trace("Get moaSession for userNameID " + userNameID + " and OA "
+ oaID + " from database.");
- Session session = MOASessionDBUtils.getCurrentSession();
- Transaction tx = null;
- List<AuthenticatedSessionStore> result = null;;
- try {
- synchronized (session) {
- tx = session.beginTransaction();
- Query query = session.getNamedQuery("getMOASessionWithNameIDandOAID");
- query.setParameter("oaID", oaID);
- query.setParameter("nameID", userNameID);
- result = query.list();
-
- //send transaction
- tx.commit();
- }
-
- Logger.trace("Found entries: " + result.size());
-
- //Assertion requires an unique artifact
- if (result.size() != 1) {
- Logger.trace("No unique entry found.");
- return null;
-
- }
-
- return decryptSession(result.get(0));
-
- } catch (BuildException e) {
- Logger.warn("MOASession deserialization-exception by using MOASessionID=" + result.get(0).getSessionid(), e);
- return null;
+ Query query = entityManager.createNamedQuery("getMOASessionWithNameIDandOAID");
+ query.setParameter("oaID", oaID);
+ query.setParameter("nameID", userNameID);
+ List<AuthenticatedSessionStore> results = query.getResultList();
+
+ Logger.trace("Found entries: " + results.size());
+
+ //Assertion requires an unique artifact
+ if (results.size() != 1) {
+ Logger.trace("No unique entry found.");
+ return null;
+
+ }
+
+ try {
+ return decryptSession(results.get(0));
- } catch (Exception e) {
- if (tx != null && !tx.getStatus().equals(TransactionStatus.COMMITTED))
- tx.rollback();
- throw e;
- }
-
+ } catch (BuildException e) {
+ Logger.warn("MOASession deserialization-exception by using MOASessionID=" + results.get(0).getSessionid(), e);
+ return null;
+
+ }
}
@Override
- public OASessionStore searchActiveOASSOSession(AuthenticationSession moaSession, String oaID, String protocolType) {
+ public OASessionStore searchActiveOASSOSession(IAuthenticationSession moaSession, String oaID, String protocolType) {
MiscUtil.assertNotNull(moaSession, "MOASession");
MiscUtil.assertNotNull(oaID, "OnlineApplicationIdentifier");
MiscUtil.assertNotNull(protocolType, "usedProtocol");
Logger.trace("Get active OnlineApplication for sessionID " + moaSession.getSessionID() + " with OAID "
+ oaID + " from database.");
- Session session = MOASessionDBUtils.getCurrentSession();
- List<AuthenticatedSessionStore> result;
- Transaction tx = null;
- try {
- synchronized (session) {
- tx = session.beginTransaction();
- Query query = session.getNamedQuery("getActiveOAWithSessionIDandOAIDandProtocol");
- query.setParameter("sessionID", moaSession.getSessionID());
- query.setParameter("oaID", oaID);
- query.setParameter("protocol", protocolType);
- result = query.list();
-
- //send transaction
- tx.commit();
- }
-
- Logger.trace("Found entries: " + result.size());
+ Query query = entityManager.createNamedQuery("getActiveOAWithSessionIDandOAIDandProtocol");
+ query.setParameter("sessionID", moaSession.getSessionID());
+ query.setParameter("oaID", oaID);
+ query.setParameter("protocol", protocolType);
+ List<AuthenticatedSessionStore> results = query.getResultList();
+
+ Logger.trace("Found entries: " + results.size());
- //Assertion requires an unique artifact
- if (result.size() == 0) {
- Logger.trace("No entries found.");
- return null;
+ //Assertion requires an unique artifact
+ if (results.size() == 0) {
+ Logger.trace("No entries found.");
+ return null;
- }
-
- return result.get(0).getActiveOAsessions().get(0);
+ }
- } catch (Exception e) {
- if (tx != null && !tx.getStatus().equals(TransactionStatus.COMMITTED))
- tx.rollback();
- throw e;
- }
+ return results.get(0).getActiveOAsessions().get(0);
+
}
+ /* (non-Javadoc)
+ * @see at.gv.egovernment.moa.id.storage.IAuthenticationSessionStoreage#markOAWithAttributeQueryUsedFlag(at.gv.egovernment.moa.id.auth.data.AuthenticationSession, java.lang.String, java.lang.String)
+ */
@Override
- public AuthenticationSession getSessionWithUserNameID(String nameID) {
+ public void markOAWithAttributeQueryUsedFlag(IAuthenticationSession session, String oaurl, String requestedModule) {
+ OASessionStore activeOA = searchActiveOASSOSession(session, oaurl, requestedModule);
+ if (activeOA != null) {
+ activeOA.setAttributeQueryUsed(true);
+ entityManager.merge(activeOA);
+
+ }
- Transaction tx = null;
- try {
- MiscUtil.assertNotNull(nameID, "nameID");
- Logger.trace("Get authenticated session with pedingRequestID " + nameID + " from database.");
- Session session = MOASessionDBUtils.getCurrentSession();
-
- List<AuthenticatedSessionStore> result;
-
- synchronized (session) {
- tx = session.beginTransaction();
- Query query = session.getNamedQuery("getMOAISessionWithUserNameID");
- query.setParameter("usernameid", StringEscapeUtils.escapeHtml(nameID));
- result = query.list();
-
- //send transaction
- tx.commit();
- }
+ }
+
+ @Override
+ public IAuthenticationSession getSessionWithUserNameID(String nameID) {
+
+ MiscUtil.assertNotNull(nameID, "nameID");
+ Logger.trace("Get authenticated session with pedingRequestID " + nameID + " from database.");
- Logger.trace("Found entries: " + result.size());
+ Query query = entityManager.createNamedQuery("getMOAISessionWithUserNameID");
+ query.setParameter("usernameid", StringEscapeUtils.escapeHtml(nameID));
+ List<AuthenticatedSessionStore> results = query.getResultList();
+
+ Logger.trace("Found entries: " + results.size());
- //Assertion requires an unique artifact
- if (result.size() == 0) {
- Logger.trace("No entries found.");
- return null;
- }
+ //Assertion requires an unique artifact
+ if (results.size() == 0) {
+ Logger.trace("No entries found.");
+ return null;
+
+ }
- return decryptSession(result.get(0));
+ try {
+ return decryptSession(results.get(0));
} catch (Throwable e) {
Logger.warn("MOASession deserialization-exception by using MOASessionID=" + nameID);
- if (tx != null && !tx.getStatus().equals(TransactionStatus.COMMITTED))
- tx.rollback();
return null;
}
@@ -677,36 +502,21 @@ public class DBAuthenticationSessionStoreage implements IAuthenticationSessionSt
public InterfederationSessionStore searchInterfederatedIDPFORSSOWithMOASession(String sessionID) {
MiscUtil.assertNotNull(sessionID, "MOASession");
Logger.trace("Get interfederated IDP for SSO with sessionID " + sessionID + " from database.");
- Session session = MOASessionDBUtils.getCurrentSession();
- List<AuthenticatedSessionStore> result;
- Transaction tx = null;
- try {
- synchronized (session) {
- tx = session.beginTransaction();
- Query query = session.getNamedQuery("getInterfederatedIDPForSSOWithSessionID");
- query.setParameter("sessionID", sessionID);
- result = query.list();
-
- //send transaction
- tx.commit();
- }
-
- Logger.trace("Found entries: " + result.size());
+ Query query = entityManager.createNamedQuery("getInterfederatedIDPForSSOWithSessionID");
+ query.setParameter("sessionID", sessionID);
+ List<AuthenticatedSessionStore> results = query.getResultList();
+
+ Logger.trace("Found entries: " + results.size());
- //Assertion requires an unique artifact
- if (result.size() == 0) {
- Logger.trace("No entries found.");
- return null;
-
- }
+ //Assertion requires an unique artifact
+ if (results.size() == 0) {
+ Logger.trace("No entries found.");
+ return null;
+
+ }
- return result.get(0).getInderfederation().get(0);
- } catch (Exception e) {
- if (tx != null && !tx.getStatus().equals(TransactionStatus.COMMITTED))
- tx.rollback();
- throw e;
- }
+ return results.get(0).getInderfederation().get(0);
}
@Override
@@ -714,56 +524,57 @@ public class DBAuthenticationSessionStoreage implements IAuthenticationSessionSt
MiscUtil.assertNotNull(sessionID, "MOASession");
MiscUtil.assertNotNull(idpID, "Interfederated IDP ID");
Logger.trace("Get interfederated IDP "+ idpID + " for SSO with sessionID " + sessionID + " from database.");
- Session session = MOASessionDBUtils.getCurrentSession();
- List<AuthenticatedSessionStore> result;
- Transaction tx = null;
- try {
- synchronized (session) {
- tx = session.beginTransaction();
- Query query = session.getNamedQuery("getInterfederatedIDPForSSOWithSessionIDIDPID");
- query.setParameter("sessionID", sessionID);
- query.setParameter("idpID", idpID);
- result = query.list();
-
- //send transaction
- tx.commit();
- }
-
- Logger.trace("Found entries: " + result.size());
+ Query query = entityManager.createNamedQuery("getInterfederatedIDPForSSOWithSessionIDIDPID");
+ query.setParameter("sessionID", sessionID);
+ query.setParameter("idpID", idpID);
+ List<AuthenticatedSessionStore> results = query.getResultList();
+
+ Logger.trace("Found entries: " + results.size());
- //Assertion requires an unique artifact
- if (result.size() == 0) {
- Logger.trace("No entries found.");
- return null;
-
- }
+ //Assertion requires an unique artifact
+ if (results.size() == 0) {
+ Logger.trace("No entries found.");
+ return null;
+
+ }
- return result.get(0).getInderfederation().get(0);
- } catch (Exception e) {
- if (tx != null && !tx.getStatus().equals(TransactionStatus.COMMITTED))
- tx.rollback();
- throw e;
- }
+ return results.get(0).getInderfederation().get(0);
+
}
@Override
public void addFederatedSessionInformation(IRequest req, String idpEntityID, AssertionAttributeExtractor extractor) throws MOADatabaseException, AssertionAttributeExtractorExeption, BuildException {
AuthenticatedSessionStore dbsession = null;
+ AuthenticationSession moaSession = null;
Date now = new Date();
//search for active session
- String moaSession = getMOASessionSSOID(req.getMOASessionIdentifier());
- if (MiscUtil.isNotEmpty(moaSession)) {
+ if (MiscUtil.isNotEmpty(req.getInternalSSOSessionIdentifier())) {
+ Logger.debug("Internal SSO-Session object: " + req.getInternalSSOSessionIdentifier() + " used for federated SSO");
+ moaSession = getInternalMOASessionWithSSOID(req.getInternalSSOSessionIdentifier());
+
+ } else {
+ Logger.debug("No internal SSO-Session object exists for federated SSO --> create new session object");
+ moaSession = createInternalSSOSession(req);
+
+ }
+
+ if (moaSession != null) {
try {
- dbsession = searchInDatabase(moaSession, true);
+ dbsession = searchInDatabase(moaSession.getSessionID());
}catch (MOADatabaseException e) {
Logger.error("NO MOASession found but MOASession MUST already exist!");
throw e;
- }
- }
-
+ }
+
+ } else {
+ Logger.error("NO MOASession found but MOASession MUST already exist!");
+ throw new MOADatabaseException("NO MOASession found but MOASession MUST already exist!");
+
+ }
+
dbsession.setUpdated(now);
//decrypt MOASession
@@ -816,14 +627,7 @@ public class DBAuthenticationSessionStoreage implements IAuthenticationSessionSt
idp.setAttributesRequested(false);
idp.setQAALevel(extractor.getQAALevel());
- //store AssertionStore element to Database
- try {
- MOASessionDBUtils.saveOrUpdate(dbsession);
-
- } catch (MOADatabaseException e) {
- Logger.warn("MOASession could not be created.");
- throw new MOADatabaseException(e);
- }
+ entityManager.merge(dbsession);
}
@@ -831,36 +635,22 @@ public class DBAuthenticationSessionStoreage implements IAuthenticationSessionSt
public InterfederationSessionStore searchInterfederatedIDPFORAttributeQueryWithSessionID(String moaSessionID) {
MiscUtil.assertNotNull(moaSessionID, "MOASessionID");
Logger.trace("Get interfederated IDP for AttributeQuery with sessionID " + moaSessionID + " from database.");
- Session session = MOASessionDBUtils.getCurrentSession();
- List<AuthenticatedSessionStore> result;
- Transaction tx = null;
- try {
- synchronized (session) {
- tx = session.beginTransaction();
- Query query = session.getNamedQuery("getInterfederatedIDPForAttributeQueryWithSessionID");
- query.setParameter("sessionID", moaSessionID);
- result = query.list();
-
- //send transaction
- tx.commit();
- }
-
- Logger.trace("Found entries: " + result.size());
-
- //Assertion requires an unique artifact
- if (result.size() == 0) {
- Logger.trace("No entries found.");
- return null;
-
- }
+ Query query = entityManager.createNamedQuery("getInterfederatedIDPForAttributeQueryWithSessionID");
+ query.setParameter("sessionID", moaSessionID);
+ List<AuthenticatedSessionStore> results = query.getResultList();
+
+ Logger.trace("Found entries: " + results.size());
+
+ //Assertion requires an unique artifact
+ if (results.size() == 0) {
+ Logger.trace("No entries found.");
+ return null;
+
+ }
- return result.get(0).getInderfederation().get(0);
- } catch (Exception e) {
- if (tx != null && !tx.getStatus().equals(TransactionStatus.COMMITTED))
- tx.rollback();
- throw e;
- }
+ return results.get(0).getInderfederation().get(0);
+
}
@Override
@@ -872,31 +662,20 @@ public class DBAuthenticationSessionStoreage implements IAuthenticationSessionSt
MiscUtil.assertNotNull(pedingRequestID, "pedingRequestID");
Logger.trace("Get authenticated session with pedingRequestID " + pedingRequestID + " from database.");
- Session session = MOASessionDBUtils.getCurrentSession();
-
- List<AuthenticatedSessionStore> result;
-
- //TODO: !!!!!!!!!!! PendingRequestID does not work
- synchronized (session) {
- session.beginTransaction();
- Query query = session.getNamedQuery("getSessionWithPendingRequestID");
- query.setParameter("sessionid", pedingRequestID);
- result = query.list();
-
- //send transaction
- session.getTransaction().commit();
- }
-
- Logger.trace("Found entries: " + result.size());
+ Query query = entityManager.createNamedQuery("getSessionWithPendingRequestID");
+ query.setParameter("sessionid", pedingRequestID);
+ List<AuthenticatedSessionStore> results = query.getResultList();
+
+ Logger.trace("Found entries: " + results.size());
//Assertion requires an unique artifact
- if (result.size() != 1) {
+ if (results.size() != 1) {
Logger.trace("No entries found.");
return false;
}
- AuthenticatedSessionStore authsession = result.get(0);
+ AuthenticatedSessionStore authsession = results.get(0);
List<InterfederationSessionStore> idpSessions = authsession.getInderfederation();
if (idpSessions != null) {
@@ -906,8 +685,7 @@ public class DBAuthenticationSessionStoreage implements IAuthenticationSessionSt
}
}
-
- MOASessionDBUtils.saveOrUpdate(authsession);
+ entityManager.merge(authsession);
return true;
} catch (Throwable e) {
@@ -921,38 +699,25 @@ public class DBAuthenticationSessionStoreage implements IAuthenticationSessionSt
Date expioredatecreate = new Date(now.getTime() - authDataTimeOutCreated);
Date expioredateupdate = new Date(now.getTime() - authDataTimeOutUpdated);
- List<AuthenticatedSessionStore> results;
- Session session = MOASessionDBUtils.getCurrentSession();
- Transaction tx = null;
- try {
- synchronized (session) {
- tx = session.beginTransaction();
- Query query = session.getNamedQuery("getMOAISessionsWithTimeOut");
- query.setTimestamp("timeoutcreate", expioredatecreate);
- query.setTimestamp("timeoutupdate", expioredateupdate);
- results = query.list();
- tx.commit();
+ Query query = entityManager.createNamedQuery("getMOAISessionsWithTimeOut");
+ query.setParameter("timeoutcreate", expioredatecreate);
+ query.setParameter("timeoutupdate", expioredateupdate);
+ List<AuthenticatedSessionStore> results = query.getResultList();
- if (results.size() != 0) {
- for(AuthenticatedSessionStore result : results) {
- try {
- cleanDelete(result);
- Logger.info("Authenticated session with sessionID=" + result.getSessionid()
- + " after session timeout.");
+ if (results.size() != 0) {
+ for(AuthenticatedSessionStore result : results) {
+ try {
+ cleanDelete(result);
+ Logger.info("Authenticated session with sessionID=" + result.getSessionid()
+ + " after session timeout.");
- } catch (HibernateException e){
- Logger.warn("Authenticated session with sessionID=" + result.getSessionid()
- + " not removed after timeout! (Error during Database communication)", e);
- }
- }
+ } catch (HibernateException e){
+ Logger.warn("Authenticated session with sessionID=" + result.getSessionid()
+ + " not removed after timeout! (Error during Database communication)", e);
}
}
-
- } catch (Exception e) {
- if (tx != null && !tx.getStatus().equals(TransactionStatus.COMMITTED))
- tx.rollback();
- throw e;
- }
+ }
+
}
private static void encryptSession(AuthenticationSession session, AuthenticatedSessionStore dbsession) throws BuildException {
@@ -972,57 +737,69 @@ public class DBAuthenticationSessionStoreage implements IAuthenticationSessionSt
}
- private static void cleanDelete(AuthenticatedSessionStore result) {
-
- try {
+ private void cleanDelete(AuthenticatedSessionStore result) {
result.setSession("blank".getBytes());
- MOASessionDBUtils.saveOrUpdate(result);
-
- } catch (MOADatabaseException e) {
- Logger.warn("Blank authenticated session with sessionID=" + result.getSessionid() + " FAILED.", e);
-
- } finally {
- if (!MOASessionDBUtils.delete(result))
- Logger.error("Authenticated session with sessionID=" + result.getSessionid() + " not removed! (Error during Database communication)");
- }
+ entityManager.merge(result);
+ entityManager.remove(result);
+
}
@SuppressWarnings("rawtypes")
- private static AuthenticatedSessionStore searchInDatabase(String sessionID, boolean commit) throws MOADatabaseException {
+ private AuthenticatedSessionStore searchInDatabase(String sessionID) throws MOADatabaseException {
MiscUtil.assertNotNull(sessionID, "moasessionID");
Logger.trace("Get authenticated session with sessionID " + sessionID + " from database.");
- Session session = MOASessionDBUtils.getCurrentSession();
- List result;
- Transaction tx = null;
- try {
- synchronized (session) {
- tx = session.beginTransaction();
- Query query = session.getNamedQuery("getSessionWithID");
- query.setParameter("sessionid", sessionID);
- result = query.list();
-
- //send transaction
- if (commit)
- tx.commit();
- }
-
- Logger.trace("Found entries: " + result.size());
-
- //Assertion requires an unique artifact
- if (result.size() != 1) {
- Logger.trace("No entries found.");
- throw new MOADatabaseException("No session found with this sessionID");
+ Query query = entityManager.createNamedQuery("getSessionWithID");
+ query.setParameter("sessionid", sessionID);
+ List<AuthenticatedSessionStore> results = query.getResultList();
+
+ Logger.trace("Found entries: " + results.size());
+
+ //Assertion requires an unique artifact
+ if (results.size() != 1) {
+ Logger.trace("No entries found.");
+ throw new MOADatabaseException("No session found with this sessionID");
- }
-
- return (AuthenticatedSessionStore) result.get(0);
+ }
- } catch (Exception e) {
- if (tx != null && !tx.getStatus().equals(TransactionStatus.COMMITTED) && commit)
- tx.rollback();
- throw e;
- }
+ return (AuthenticatedSessionStore) results.get(0);
}
+ /* (non-Javadoc)
+ * @see at.gv.egovernment.moa.id.storage.IAuthenticationSessionStoreage#deleteIdpInformation(at.gv.egovernment.moa.id.commons.db.dao.session.InterfederationSessionStore)
+ */
+ @Override
+ public void deleteIdpInformation(InterfederationSessionStore nextIDPInformation) {
+ entityManager.remove(nextIDPInformation);
+
+ }
+
+ /* (non-Javadoc)
+ * @see at.gv.egovernment.moa.id.storage.IAuthenticationSessionStoreage#persistIdpInformation(at.gv.egovernment.moa.id.commons.db.dao.session.InterfederationSessionStore)
+ */
+ @Override
+ public void persistIdpInformation(InterfederationSessionStore nextIDPInformation) {
+ entityManager.merge(nextIDPInformation);
+
+ }
+
+ /* (non-Javadoc)
+ * @see at.gv.egovernment.moa.id.storage.IAuthenticationSessionStoreage#checkSSOTokenAlreadyUsed(java.lang.String)
+ */
+ @Override
+ public OldSSOSessionIDStore checkSSOTokenAlreadyUsed(String ssoId) {
+
+ Query query = entityManager.createNamedQuery("getSSOSessionWithOldSessionID");
+ query.setParameter("sessionid", ssoId);
+ List<OldSSOSessionIDStore> results = query.getResultList();
+
+ Logger.trace("Found entries: " + results.size());
+
+ // Assertion requires an unique artifact
+ if (results.size() == 0) {
+ return null;
+ }
+
+ return results.get(0);
+ }
}
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/storage/DBTransactionStorage.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/storage/DBTransactionStorage.java
index c2b3b0fc5..f17e4a99a 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/storage/DBTransactionStorage.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/storage/DBTransactionStorage.java
@@ -27,24 +27,31 @@ import java.util.ArrayList;
import java.util.Date;
import java.util.List;
+import javax.persistence.EntityManager;
+import javax.persistence.PersistenceContext;
+import javax.persistence.PersistenceException;
+import javax.persistence.Query;
+
import org.apache.commons.lang.SerializationUtils;
import org.hibernate.HibernateException;
-import org.hibernate.Query;
-import org.hibernate.Session;
-import org.springframework.stereotype.Service;
+import org.springframework.stereotype.Repository;
+import org.springframework.transaction.annotation.Transactional;
import at.gv.egovernment.moa.id.auth.exception.AuthenticationException;
-import at.gv.egovernment.moa.id.commons.db.MOASessionDBUtils;
import at.gv.egovernment.moa.id.commons.db.dao.session.AssertionStore;
import at.gv.egovernment.moa.id.commons.db.ex.MOADatabaseException;
import at.gv.egovernment.moa.logging.Logger;
import at.gv.egovernment.moa.util.MiscUtil;
-@Service("TransactionStorage")
+@Repository
+@Transactional("sessionTransactionManager")
public class DBTransactionStorage implements ITransactionStorage {
-
+
+ @PersistenceContext(unitName="session")
+ private EntityManager entityManager;
+
public boolean containsKey(String key) {
- try {
+ try {
searchInDatabase(key);
return true;
@@ -73,7 +80,7 @@ public class DBTransactionStorage implements ITransactionStorage {
}
- public void put(String key, Object value) throws MOADatabaseException {
+ public void put(String key, Object value, int timeout_ms) throws MOADatabaseException {
//search if key already exists
AssertionStore element = searchInDatabase(key);
@@ -97,7 +104,11 @@ public class DBTransactionStorage implements ITransactionStorage {
Logger.error("This exeption should not occur!!!!", e);
return null;
- }
+ }
+ }
+
+ public Object getAssertionStore(String key) throws MOADatabaseException{
+ return searchInDatabase(key);
}
public Object get(String key) throws MOADatabaseException {
@@ -151,16 +162,12 @@ public class DBTransactionStorage implements ITransactionStorage {
List<AssertionStore> results;
List<String> returnValues = new ArrayList<String>();;
- Session session = MOASessionDBUtils.getCurrentSession();
- synchronized (session) {
- session.beginTransaction();
- Query query = session.getNamedQuery("getAssertionWithTimeOut");
- query.setTimestamp("timeout", expioredate);
- results = query.list();
- session.getTransaction().commit();
- }
+ Query query = entityManager.createNamedQuery("getAssertionWithTimeOut");
+ query.setParameter("timeout", expioredate);
+ results = query.getResultList();
+
if (results != null) {
for (AssertionStore el : results)
returnValues.add(el.getArtifact());
@@ -187,24 +194,21 @@ public class DBTransactionStorage implements ITransactionStorage {
Logger.info("Sessioninformation not removed! (Message:"+ e.getMessage() + ")");
} catch (HibernateException e) {
- Logger.warn("Sessioninformation not removed! (Error during Database communication)", e);
+ Logger.warn("Sessioninformation not removed! (Erreor during Database communication)", e);
}
}
private void cleanDelete(AssertionStore element) {
- try {
- element.setAssertion("blank".getBytes());
- MOASessionDBUtils.saveOrUpdate(element);
-
- } catch (MOADatabaseException e) {
- Logger.warn("Blank shortTime session with artifact=" + element.getArtifact() + " FAILED.", e);
+
- } finally {
- if (!MOASessionDBUtils.delete(element))
+ try{
+ element.setAssertion("blank".getBytes());
+ entityManager.merge(element);
+ entityManager.remove(element);
+ }catch(PersistenceException e){
Logger.error("ShortTime session with artifact=" + element.getArtifact()
+ " not removed! (Error during Database communication)");
-
- }
+ }
}
@@ -212,29 +216,23 @@ public class DBTransactionStorage implements ITransactionStorage {
private AssertionStore searchInDatabase(String artifact) throws MOADatabaseException {
MiscUtil.assertNotNull(artifact, "artifact");
Logger.trace("Getting sessioninformation with ID " + artifact + " from database.");
- Session session = MOASessionDBUtils.getCurrentSession();
- List result;
+ List<AssertionStore> results;
- synchronized (session) {
- session.beginTransaction();
- Query query = session.getNamedQuery("getAssertionWithArtifact");
- query.setParameter("artifact", artifact);
- result = query.list();
+ Query query = entityManager.createNamedQuery("getAssertionWithArtifact");
+ query.setParameter("artifact", artifact);
- //send transaction
- session.getTransaction().commit();
- }
+ results = query.getResultList();
- Logger.trace("Found entries: " + result.size());
+ Logger.trace("Found entries: " + results.size());
//Assertion requires an unique artifact
- if (result.size() != 1) {
+ if (results.size() != 1) {
Logger.debug("No transaction information with ID:" + artifact + " found.");
return null;
}
- return (AssertionStore) result.get(0);
+ return results.get(0);
}
private void put(AssertionStore element, String key, Object value) throws MOADatabaseException {
@@ -253,15 +251,23 @@ public class DBTransactionStorage implements ITransactionStorage {
element.setAssertion(data);
//store AssertionStore element to Database
- try {
- MOASessionDBUtils.saveOrUpdate(element);
+ //try {
+ entityManager.persist(element);
+ //MOASessionDBUtils.saveOrUpdate(element);
Logger.debug(value.getClass().getName() + " with ID: " + key + " is stored in Database");
-
- } catch (MOADatabaseException e) {
- Logger.warn("Sessioninformation could not be stored.");
- throw new MOADatabaseException(e);
-
- }
+//
+// } catch (MOADatabaseException e) {
+// Logger.warn("Sessioninformation could not be stored.");
+// throw new MOADatabaseException(e);
+//
+// }
+
+ }
+
+ @Override
+ public void putAssertionStore(Object element) throws MOADatabaseException{
+ // TODO Auto-generated method stub
+ entityManager.merge(element);
}
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/storage/IAuthenticationSessionStoreage.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/storage/IAuthenticationSessionStoreage.java
index b5d816eaf..c8d09e17e 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/storage/IAuthenticationSessionStoreage.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/storage/IAuthenticationSessionStoreage.java
@@ -30,9 +30,11 @@ import at.gv.egovernment.moa.id.auth.data.AuthenticationSessionExtensions;
import at.gv.egovernment.moa.id.auth.exception.AuthenticationException;
import at.gv.egovernment.moa.id.auth.exception.BuildException;
import at.gv.egovernment.moa.id.commons.api.IRequest;
+import at.gv.egovernment.moa.id.commons.api.data.IAuthenticationSession;
import at.gv.egovernment.moa.id.commons.db.dao.session.AuthenticatedSessionStore;
import at.gv.egovernment.moa.id.commons.db.dao.session.InterfederationSessionStore;
import at.gv.egovernment.moa.id.commons.db.dao.session.OASessionStore;
+import at.gv.egovernment.moa.id.commons.db.dao.session.OldSSOSessionIDStore;
import at.gv.egovernment.moa.id.commons.db.ex.MOADatabaseException;
import at.gv.egovernment.moa.id.data.SLOInformationInterface;
import at.gv.egovernment.moa.id.protocols.pvp2x.exceptions.AssertionAttributeExtractorExeption;
@@ -47,103 +49,74 @@ public interface IAuthenticationSessionStoreage {
/**
* Check if the stored MOASession is already authenticated
*
- * @param moaSessionID MOASession identifier
+ * @param internalSsoSessionID Internal MOA SSO-Session identifier
* @return true if the MOASession is authenticated, otherwise false
*/
- public boolean isAuthenticated(String moaSessionID);
+ public boolean isAuthenticated(String internalSsoSessionID);
/**
- * Create a new MOASession
+ * Create a new MOA SSO-Session object in database
+ * The SSO session object get populated with eID information from pending request
*
* @param target Pending Request which is associated with this MOASession
* @return MOASession object
* @throws MOADatabaseException MOASession storage operation FAILED
* @throws BuildException MOASession encryption FAILED
*/
- public AuthenticationSession createSession(IRequest target) throws MOADatabaseException, BuildException;
+ public AuthenticationSession createInternalSSOSession(IRequest target) throws MOADatabaseException, BuildException;
/**
* Get a MOASession with sessionID
*
- * @param sessionID SessionID which corresponds to a MOASession
+ * @param internalSsoSessionID Internal MOA SSO-Session identifier
* @return MOASession, or null if no session exists with this ID
* @throws MOADatabaseException MOASession load operation FAILED
*/
- public AuthenticationSession getSession(String sessionID) throws MOADatabaseException;
+ public AuthenticationSession getInternalSSOSession(String internalSsoSessionID) throws MOADatabaseException;
/**
* Get the session-data extension-object for a MOASession
*
- * @param sessionID SessionID which corresponds to a MOASession
+ * @param internalSsoSessionID Internal MOA SSO-Session identifier
* @return AuthenticationSessionExtensions, or null if no session exists with this ID or extensionobject is null
* @throws MOADatabaseException MOASession load operation FAILED
*/
- public AuthenticationSessionExtensions getAuthenticationSessionExtensions(String sessionID) throws MOADatabaseException;
+ public AuthenticationSessionExtensions getAuthenticationSessionExtensions(String internalSsoSessionID) throws MOADatabaseException;
/**
* Store a session-data extension-object to MOASession
*
- * @param sessionID SessionID which corresponds to a MOASession
+ * @param internalSsoSessionID Internal MOA SSO-Session identifier
* @param sessionExtensions AuthenticationSessionExtensions object
* @throws MOADatabaseException MOASession storage operation FAILED
*/
- public void setAuthenticationSessionExtensions(String sessionID, AuthenticationSessionExtensions sessionExtensions) throws MOADatabaseException;
+ public void setAuthenticationSessionExtensions(String internalSsoSessionID, AuthenticationSessionExtensions sessionExtensions) throws MOADatabaseException;
/**
- * Store a MOASession
- *
- * @param session MOASession which should be stored
- * @throws MOADatabaseException MOASession storage operation FAILED
- * @throws BuildException MOASession encryption FAILED
- */
- public void storeSession(AuthenticationSession session) throws MOADatabaseException, BuildException;
-
- /**
* Delete a MOASession
*
- * @param moaSessionID SessionID which corresponds to a MOASession
+ * @param internalSsoSessionID Internal MOA SSO-Session identifier
* @throws MOADatabaseException MOASession delete operation FAILED
*/
- public void destroySession(String moaSessionID) throws MOADatabaseException;
-
-
- /**
- * Change the sessionID of a MOASession
- *
- * @param session MOASession for which the sessionID should be changed
- * @param newSessionID new MOASessionID which should be used
- * @return new MOASessionID
- * @throws MOADatabaseException MOASession storage operation FAILED
- * @throws BuildException MOASession encryption/decryption FAILED
- */
- public String changeSessionID(AuthenticationSession session, String newSessionID) throws BuildException, MOADatabaseException;
-
- /**
- * Change the sessionID of a MOASession
- *
- * @param session MOASession for which the sessionID should be changed
- * @return new MOASessionID
- * @throws MOADatabaseException MOASession storage operation FAILED
- * @throws BuildException MOASession encryption/decryption FAILED
- */
- public String changeSessionID(AuthenticationSession session) throws BuildException, MOADatabaseException;
-
+ public void destroyInternalSSOSession(String internalSsoSessionID) throws MOADatabaseException;
+
/**
* Set the isAuthenticated flag to MOASession
*
- * @param moaSessionID SessionID which corresponds to a MOASession
+ * @param internalSsoSessionID Internal MOA SSO-Session identifier
* @param isAuthenticated Is authenticated flag (true/false)
*/
- public void setAuthenticated(String moaSessionID, boolean isAuthenticated);
+ public void setAuthenticated(String internalSsoSessionID, boolean isAuthenticated);
/**
* Find the MOASessionId of an active Single Sign-On session
*
* @param SSOSessionID Single Sign-On sessionID
- * @return MOASessionID of the associated MOASession
+ * @return internal MOA SSO-Session of the associated SSO-Session Id
+ * @throws MOADatabaseException
*/
- public String getMOASessionSSOID(String SSOSessionID);
+ public AuthenticationSession getInternalMOASessionWithSSOID(String SSOSessionID) throws MOADatabaseException;
/**
* Check if a MOASession is an active Single Sign-On session
@@ -181,7 +154,7 @@ public interface IAuthenticationSessionStoreage {
* @param moaSession MOASession data object
* @return List of Service-Provider information
*/
- public List<OASessionStore> getAllActiveOAFromMOASession(AuthenticationSession moaSession);
+ public List<OASessionStore> getAllActiveOAFromMOASession(IAuthenticationSession moaSession);
/**
@@ -190,7 +163,7 @@ public interface IAuthenticationSessionStoreage {
* @param moaSession MOASession data object
* @return List of Interfederation-IDP information
*/
- public List<InterfederationSessionStore> getAllActiveIDPsFromMOASession(AuthenticationSession moaSession);
+ public List<InterfederationSessionStore> getAllActiveIDPsFromMOASession(IAuthenticationSession moaSession);
/**
* Search a MOASession by using already transfered authentication information
@@ -199,7 +172,7 @@ public interface IAuthenticationSessionStoreage {
* @param userNameID UserId (bPK), which was send to this Service-Provider
* @return MOASession, or null if no corresponding MOASession is found
*/
- public AuthenticationSession searchMOASessionWithNameIDandOAID(String oaID, String userNameID);
+ public IAuthenticationSession searchMOASessionWithNameIDandOAID(String oaID, String userNameID);
/**
* Search a active Single Sign-On session for a specific Service-Provider
@@ -209,7 +182,7 @@ public interface IAuthenticationSessionStoreage {
* @param protocolType Authentication protocol, which was used for SSO from this Service-Provider
* @return Internal Single Sign-On information for this Service-Provider
*/
- public OASessionStore searchActiveOASSOSession(AuthenticationSession moaSession, String oaID, String protocolType);
+ public OASessionStore searchActiveOASSOSession(IAuthenticationSession moaSession, String oaID, String protocolType);
/**
@@ -218,7 +191,7 @@ public interface IAuthenticationSessionStoreage {
* @param nameID UserID (bPK)
* @return MOASession, or null if no corresponding MOASession is found
*/
- public AuthenticationSession getSessionWithUserNameID(String nameID);
+ public IAuthenticationSession getSessionWithUserNameID(String nameID);
/**
* Search an active federation IDP which could be used for federated Single Sign-On
@@ -276,5 +249,28 @@ public interface IAuthenticationSessionStoreage {
* @param authDataTimeOutUpdated timeOut after MOASession is updated last time [ms]
*/
public void clean(Date now, long authDataTimeOutCreated, long authDataTimeOutUpdated);
+
+ /**
+ * @param session
+ * @param oaurl
+ * @param requestedModule
+ */
+ public void markOAWithAttributeQueryUsedFlag(IAuthenticationSession session, String oaurl, String requestedModule);
+
+ /**
+ * @param nextIDPInformation
+ */
+ public void deleteIdpInformation(InterfederationSessionStore nextIDPInformation);
+
+ /**
+ * @param nextIDPInformation
+ */
+ public void persistIdpInformation(InterfederationSessionStore nextIDPInformation);
+
+ /**
+ * @param ssoId
+ * @return
+ */
+ public OldSSOSessionIDStore checkSSOTokenAlreadyUsed(String ssoId);
}
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/storage/ITransactionStorage.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/storage/ITransactionStorage.java
index 493f24ee8..53a7f4f5e 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/storage/ITransactionStorage.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/storage/ITransactionStorage.java
@@ -48,9 +48,10 @@ public interface ITransactionStorage {
* @param key Id which identifiers the data object
* @param value Data object which should be stored.
* This data must implement the <code>java.io.Serializable</code> interface
+ * @param timeout_ms Defines the period of time a data object is kept within the storage
* @throws MOADatabaseException In case of store operation failed
*/
- public void put(String key, Object value) throws MOADatabaseException;
+ public void put(String key, Object value, int timeout_ms) throws MOADatabaseException;
/**
* Get a data object from transaction storage
@@ -110,4 +111,21 @@ public interface ITransactionStorage {
*/
public List<String> clean(Date now, long dataTimeOut);
+
+ /**
+ * Get whole AssertionStoreObject, required for SLO
+ *
+ * @param key key Id which identifiers the data object
+ * @return The transaction-data object, or null
+ * @throws MOADatabaseException In case of load operation failed
+ */
+ public Object getAssertionStore(String key) throws MOADatabaseException;
+
+ /**
+ * Put whole AssertionStoreObject to db, required for SLO
+ *
+ * @param element assertion store object
+ */
+ public void putAssertionStore(Object element) throws MOADatabaseException;
+
}
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/storage/RedisTransactionStorage.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/storage/RedisTransactionStorage.java
new file mode 100644
index 000000000..2b9a6656b
--- /dev/null
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/storage/RedisTransactionStorage.java
@@ -0,0 +1,375 @@
+/*******************************************************************************
+ * Copyright 2014 Federal Chancellery Austria
+ * MOA-ID has been developed in a cooperation between BRZ, the Federal
+ * Chancellery Austria - ICT staff unit, and Graz University of Technology.
+ *
+ * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by
+ * the European Commission - subsequent versions of the EUPL (the "Licence");
+ * You may not use this work except in compliance with the Licence.
+ * You may obtain a copy of the Licence at:
+ * http://www.osor.eu/eupl/
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the Licence is distributed on an "AS IS" basis,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the Licence for the specific language governing permissions and
+ * limitations under the Licence.
+ *
+ * This product combines work with different licenses. See the "NOTICE" text
+ * file for details on the various modules and licenses.
+ * The "NOTICE" text file is part of the distribution. Any derivative works
+ * that you distribute must include a readable copy of the "NOTICE" text file.
+ *******************************************************************************/
+package at.gv.egovernment.moa.id.storage;
+
+import java.io.Serializable;
+import java.util.ArrayList;
+import java.util.Date;
+import java.util.List;
+import java.util.Random;
+import java.util.concurrent.TimeUnit;
+
+import org.apache.commons.lang.SerializationUtils;
+import org.hibernate.HibernateException;
+import org.springframework.beans.factory.annotation.Autowired;
+import org.springframework.dao.DataAccessException;
+import org.springframework.data.redis.core.RedisOperations;
+import org.springframework.data.redis.core.RedisTemplate;
+import org.springframework.data.redis.core.SessionCallback;
+import org.springframework.data.redis.serializer.JacksonJsonRedisSerializer;
+import org.springframework.stereotype.Service;
+
+import at.gv.egovernment.moa.id.auth.exception.AuthenticationException;
+import at.gv.egovernment.moa.id.commons.api.AuthConfiguration;
+import at.gv.egovernment.moa.id.commons.db.dao.session.AssertionStore;
+import at.gv.egovernment.moa.id.commons.db.ex.MOADatabaseException;
+import at.gv.egovernment.moa.logging.Logger;
+import at.gv.egovernment.moa.util.MiscUtil;
+
+@Service("TransactionStorage")
+public class RedisTransactionStorage implements ITransactionStorage {
+
+ @Autowired
+ private RedisTemplate<String, Object> redisTemplate;
+
+ @Autowired
+ protected AuthConfiguration authConfig;
+
+ @Autowired
+ private JacksonJsonRedisSerializer assertionStoreSerializer;
+
+ public RedisTemplate<String, Object> getTemplate(){
+ return this.redisTemplate;
+ }
+
+ public void setTemplate(RedisTemplate<String, Object> t){
+ this.redisTemplate = t;
+ }
+
+ public boolean containsKey(String key) {
+ try {
+ searchInDatabase(key);
+ return true;
+
+ } catch (MOADatabaseException e) {
+ return false;
+ }
+
+ }
+
+ /* (non-Javadoc)
+ * @see at.gv.egovernment.moa.id.storage.ITransactionStorage#changeKey(java.lang.String, java.lang.String, java.lang.Object)
+ */
+ @Override
+ public void changeKey(String oldKey, String newKey, Object value) throws MOADatabaseException {
+
+ //search if key already exists
+ final int expTime = redisTemplate.getExpire(oldKey, TimeUnit.MILLISECONDS).intValue();
+ //AssertionStore element = searchInDatabase(oldKey);
+ if (expTime < 0) {
+ Logger.info("No transaction-data with oldKey:" + oldKey
+ + " found. Process gets stopped.");
+ throw new MOADatabaseException("No transaction-data with oldKey:" + oldKey
+ + " found. Process gets stopped.");
+
+ }
+
+ //Important: Rename not working here, because the new ID also has to be put into the
+ //value object.
+ //redisTemplate.rename(oldKey, newKey);
+
+ final String old_key = oldKey;
+
+ //redisTemplate.delete(oldKey);
+ //put(null, newKey, value, expTime);
+ final AssertionStore assertion = prepareAssertion(null, newKey, value);
+ List<Object> txResults = redisTemplate.execute(new SessionCallback<List<Object>>() {
+ public List<Object> execute(RedisOperations operations) throws DataAccessException {
+ operations.multi();
+ operations.delete(old_key);
+ operations.opsForValue().set(assertion.getArtifact(), new String(assertionStoreSerializer.serialize(assertion)),expTime,TimeUnit.MILLISECONDS);
+ // This will contain the results of all ops in the transaction
+ return operations.exec();
+ }
+ });
+
+ int a= txResults.size();
+ }
+
+ public void put(String key, Object value, int timeoutms) throws MOADatabaseException {
+
+ //search if key already exists
+ AssertionStore element = searchInDatabase(key);
+
+ //create a new entry if key does not exists already
+ if (element == null) {
+ element = new AssertionStore();
+
+ }
+
+ put(element, key, value, timeoutms);
+ }
+
+ public <T> T get(String key,
+ final Class<T> clazz) throws MOADatabaseException {
+
+ try {
+ return get(key, clazz, -1);
+
+ } catch (AuthenticationException e) {
+ //this execption only occurs if an additional timeOut is used
+ Logger.error("This exeption should not occur!!!!", e);
+ return null;
+
+ }
+ }
+
+ public Object get(String key) throws MOADatabaseException {
+ AssertionStore element = searchInDatabase(key);
+
+ if (element == null)
+ return null;
+
+ return SerializationUtils.deserialize(element.getAssertion());
+
+
+ }
+
+ public <T> T get(String key, final Class<T> clazz, long dataTimeOut) throws MOADatabaseException, AuthenticationException {
+
+ AssertionStore element = searchInDatabase(key);
+
+ if (element == null)
+ return null;
+
+// dataTimeOut = -1;
+// if (dataTimeOut > -1) {
+// //check timeout
+// long now = new Date().getTime();
+//
+// if (now - element.getDatatime().getTime() > dataTimeOut) {
+// Logger.info("Transaction-Data with key: " + key + " is out of time.");
+// throw new AuthenticationException("1207", new Object[] { key });
+//
+// }
+// }
+
+
+ //Deserialize Assertion
+ Object data = SerializationUtils.deserialize(element.getAssertion());
+
+ //check if assertion has the correct class type
+ try {
+ @SuppressWarnings("unchecked")
+ T test = (T) Class.forName(element.getType()).cast(data);
+ return test;
+
+ } catch (Exception e) {
+ Logger.warn("Sessioninformation Cast-Exception by using Artifact=" + key);
+ throw new MOADatabaseException("Sessioninformation Cast-Exception");
+
+ }
+ }
+
+ //NOT USED with REDIS
+ public List<String> clean(Date now, long dataTimeOut) {
+
+ //redis enables to set TTL when creating new values, so we don't need this function anymore
+
+// Date expioredate = new Date(now.getTime() - dataTimeOut);
+//
+// List<AssertionStore> results;
+ List<String> returnValues = new ArrayList<String>();
+// Session session = MOASessionDBUtils.getCurrentSession();
+//
+// synchronized (session) {
+// session.beginTransaction();
+// Query query = session.getNamedQuery("getAssertionWithTimeOut");
+// query.setTimestamp("timeout", expioredate);
+// results = query.list();
+// session.getTransaction().commit();
+// }
+//
+// if (results != null) {
+// for (AssertionStore el : results)
+// returnValues.add(el.getArtifact());
+//
+// }
+ return returnValues;
+ }
+
+ public void remove(String key) {
+
+ try {
+
+ AssertionStore element = searchInDatabase(key);
+ if (element == null) {
+ Logger.debug("Sessioninformation not removed! (Sessioninformation with ID=" + key
+ + "not found)");
+ return;
+ }
+
+ redisTemplate.delete(key);
+ //cleanDelete(element);
+ Logger.debug("Removed stored information with ID: " + key);
+
+
+ } catch (MOADatabaseException e) {
+ Logger.info("Sessioninformation not removed! (Message:"+ e.getMessage() + ")");
+
+ } catch (HibernateException e) {
+ Logger.warn("Sessioninformation not removed! (Error during Database communication)", e);
+ }
+ }
+
+ //Not used within REDIS store
+ private void cleanDelete(AssertionStore element) {
+// try {
+// element.setAssertion("blank".getBytes());
+// MOASessionDBUtils.saveOrUpdate(element);
+//
+// } catch (MOADatabaseException e) {
+// Logger.warn("Blank shortTime session with artifact=" + element.getArtifact() + " FAILED.", e);
+//
+// } finally {
+// if (!MOASessionDBUtils.delete(element))
+// Logger.error("ShortTime session with artifact=" + element.getArtifact()
+// + " not removed! (Error during Database communication)");
+//
+// }
+
+ }
+
+ //name="getAssertionWithArtifact", query = "select assertionstore from AssertionStore assertionstore where assertionstore.artifact = :artifact"),
+ //@NamedQuery(name="getAssertionWithTimeOut", query = "select assertionstore from AssertionStore assertionstore where assertionstore.timestamp < :timeout")
+
+ @SuppressWarnings("rawtypes")
+ private AssertionStore searchInDatabase(String artifact) throws MOADatabaseException {
+ MiscUtil.assertNotNull(artifact, "artifact");
+ Logger.trace("Getting sessioninformation with ID " + artifact + " from database.");
+
+
+// Session session = MOASessionDBUtils.getCurrentSession();
+// List result;
+//
+// synchronized (session) {
+// session.beginTransaction();
+// Query query = session.getNamedQuery("getAssertionWithArtifact");
+// query.setParameter("artifact", artifact);
+// result = query.list();
+//
+// //send transaction
+// session.getTransaction().commit();
+// }
+ //String id = (String) redisTemplate.opsForSet().pop(artifact);
+ String assertion = (String) redisTemplate.opsForValue().get(artifact);
+ //String id = (String) redisTemplate.opsForValue().get(artifact);
+ if(assertion == null){
+ Logger.debug("No transaction information with ID:" + artifact + " found.");
+ return null;
+ }
+
+ AssertionStore as = (AssertionStore) assertionStoreSerializer.deserialize(assertion.getBytes());
+ //delete the timestamp entry
+// String ts = as.getDatatime().toString();
+// redisTemplate.opsForSet().pop(ts);
+
+ if(as == null){
+ Logger.debug("No transaction information with ID:" + artifact + " found.");
+ return null;
+ }
+ return as;
+
+ //Assertion requires an unique artifact
+// if (result.size() != 1) {
+// Logger.debug("No transaction information with ID:" + artifact + " found.");
+//
+//
+// }
+//
+// return (AssertionStore) result.get(0);
+ }
+
+ private void put(AssertionStore element, String key, Object value, int timeoutms) throws MOADatabaseException {
+
+ element = prepareAssertion(element, key, value);
+
+ int authDataTimeOut = authConfig.getTransactionTimeOut() * 1000;
+
+ if(timeoutms != -1){
+ authDataTimeOut = timeoutms;
+ }
+ redisTemplate.opsForValue().set(element.getArtifact(), new String(assertionStoreSerializer.serialize(element)),authDataTimeOut,TimeUnit.MILLISECONDS);
+ //MOASessionDBUtils.saveOrUpdate(element);
+ Logger.debug(value.getClass().getName() + " with ID: " + key + " is stored in Database");
+
+ }
+
+private AssertionStore prepareAssertion(AssertionStore element, String key, Object value) throws MOADatabaseException {
+
+ if(element == null)
+ element = new AssertionStore();
+
+ element.setArtifact(key);
+ element.setType(value.getClass().getName());
+ element.setDatatime(new Date());
+
+ if (!Serializable.class.isInstance(value)) {
+ Logger.warn("Transaction-Storage can only store objects which implements the 'Seralizable' interface");
+ throw new MOADatabaseException("Transaction-Storage can only store objects which implements the 'Seralizable' interface", null);
+ }
+
+ //serialize the Assertion for Database storage
+ byte[] data = SerializationUtils.serialize((Serializable) value);
+ element.setAssertion(data);
+
+ long id = new Random().nextLong();
+ element.setId(id);
+
+ return element;
+
+ }
+
+@Override
+public Object getAssertionStore(String key) throws MOADatabaseException {
+ return searchInDatabase(key);
+}
+
+@Override
+public void putAssertionStore(Object element) throws MOADatabaseException {
+ // TODO Auto-generated method stub
+ AssertionStore as = (AssertionStore)element;
+ final int expTime = redisTemplate.getExpire(as.getArtifact(), TimeUnit.MILLISECONDS).intValue();
+ //AssertionStore element = searchInDatabase(oldKey);
+ if (expTime < 0) {
+ Logger.info("No transaction-data with oldKey:" + as.getArtifact()
+ + " found. Process gets stopped.");
+ throw new MOADatabaseException("No transaction-data with oldKey:" + as.getArtifact()
+ + " found. Process gets stopped.");
+
+ }
+ redisTemplate.opsForValue().set(as.getArtifact(), new String(assertionStoreSerializer.serialize(element)),expTime,TimeUnit.MILLISECONDS);
+
+}
+
+}
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/util/ECDSAKeyValueConverter.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/util/ECDSAKeyValueConverter.java
index 2c0a82708..f37ae0b0b 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/util/ECDSAKeyValueConverter.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/util/ECDSAKeyValueConverter.java
@@ -20,48 +20,15 @@
* The "NOTICE" text file is part of the distribution. Any derivative works
* that you distribute must include a readable copy of the "NOTICE" text file.
******************************************************************************/
-/*
- * Copyright 2003 Federal Chancellery Austria
- * MOA-ID has been developed in a cooperation between BRZ, the Federal
- * Chancellery Austria - ICT staff unit, and Graz University of Technology.
- *
- * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by
- * the European Commission - subsequent versions of the EUPL (the "Licence");
- * You may not use this work except in compliance with the Licence.
- * You may obtain a copy of the Licence at:
- * http://www.osor.eu/eupl/
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the Licence is distributed on an "AS IS" basis,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the Licence for the specific language governing permissions and
- * limitations under the Licence.
- *
- * This product combines work with different licenses. See the "NOTICE" text
- * file for details on the various modules and licenses.
- * The "NOTICE" text file is part of the distribution. Any derivative works
- * that you distribute must include a readable copy of the "NOTICE" text file.
- */
-
package at.gv.egovernment.moa.id.util;
-import iaik.security.ecc.ecdsa.ECDSAParameter;
-import iaik.security.ecc.ecdsa.ECPublicKey;
-import iaik.security.ecc.math.ecgroup.AffineCoordinate;
-import iaik.security.ecc.math.ecgroup.Coordinate;
-import iaik.security.ecc.math.ecgroup.CoordinateTypes;
-import iaik.security.ecc.math.ecgroup.ECGroupFactory;
-import iaik.security.ecc.math.ecgroup.ECPoint;
-import iaik.security.ecc.math.ecgroup.EllipticCurve;
-import iaik.security.ecc.math.field.Field;
-import iaik.security.ecc.math.field.FieldElement;
-import iaik.security.ecc.math.field.PrimeField;
-import iaik.security.ecc.parameter.ECCParameterFactory;
-import iaik.security.ecc.spec.ECCParameterSpec;
-
import java.math.BigInteger;
import java.security.PublicKey;
+import java.security.spec.ECField;
+import java.security.spec.ECFieldF2m;
+import java.security.spec.ECFieldFp;
+import java.security.spec.ECPoint;
import java.util.HashMap;
import java.util.Iterator;
import java.util.Vector;
@@ -72,6 +39,15 @@ import org.w3c.dom.NamedNodeMap;
import org.w3c.dom.Node;
import org.w3c.dom.NodeList;
+import at.gv.egovernment.moa.logging.Logger;
+import iaik.security.ec.common.ECParameterSpec;
+import iaik.security.ec.common.ECPublicKey;
+import iaik.security.ec.common.ECStandardizedParameterFactory;
+import iaik.security.ec.common.EllipticCurve;
+import iaik.security.ec.math.field.Field;
+import iaik.security.ec.math.field.FieldElement;
+import iaik.security.ec.math.field.PrimeField;
+
public class ECDSAKeyValueConverter
{
@@ -94,15 +70,13 @@ public class ECDSAKeyValueConverter
if (domainParams == null) throw new Exception("Domain parameters must not be implicit.");
Element namedCurve = getChildElement(domainParams, ecdsaNS, "NamedCurve", 1);
- ECCParameterSpec eccParameterSpec;
+ ECParameterSpec eccParameterSpec;
if (namedCurve != null)
{
// URL curveNameURN = new URL(namedCurve.getAttributeNS(null, "URN"));
String curveNameOID = namedCurve.getAttributeNS(null, "URN").substring(8);
- ECCParameterFactory eccParamFactory = ECCParameterFactory.getInstance();
- // eccParameterSpec = eccParamFactory.getParameterByOID(curveNameURN.getPath().substring(4));
- eccParameterSpec = eccParamFactory.getParameterByOID(curveNameOID);
+ eccParameterSpec = ECStandardizedParameterFactory.getParametersByOID(curveNameOID);
}
else
{
@@ -167,14 +141,21 @@ public class ECDSAKeyValueConverter
String cofactorStr = getChildElementText(basePointParams, ecdsaNS, "Cofactor", 1);
BigInteger cofactor = (cofactorStr != null) ? new BigInteger(cofactorStr, 10) : null;
+ BigInteger a = new BigInteger(aStr, 10);
+ BigInteger b = new BigInteger(bStr, 10);
+ BigInteger basePointX = new BigInteger(basePointXStr, 10);
+ BigInteger basePointY = new BigInteger(basePointYStr, 10);
+
if (fieldParamsType == FIELD_TYPE_PRIME)
- {
- BigInteger a = new BigInteger(aStr, 10);
- BigInteger b = new BigInteger(bStr, 10);
- BigInteger basePointX = new BigInteger(basePointXStr, 10);
- BigInteger basePointY = new BigInteger(basePointYStr, 10);
- eccParameterSpec = new ECCParameterSpec(p, cofactor, order, seed, null, a, b, basePointX,
- basePointY, null);
+ {
+ ECField javaECField = new ECFieldFp(p);
+ java.security.spec.EllipticCurve curve =
+ new java.security.spec.EllipticCurve(javaECField, a, b, seed.toByteArray());
+ java.security.spec.ECPoint javaECbasePoint =
+ new java.security.spec.ECPoint(basePointX, basePointY);
+ java.security.spec.ECParameterSpec javaECSpec =
+ new java.security.spec.ECParameterSpec(curve, javaECbasePoint, order, cofactor.intValue());
+ eccParameterSpec = ECParameterSpec.getParameterSpec(javaECSpec);
}
else
{
@@ -193,9 +174,19 @@ public class ECDSAKeyValueConverter
irreducible[k1/32] += 1 << k1 % 32;
irreducible[0] += 1;
}
- eccParameterSpec = new ECCParameterSpec(irreducible, cofactor, order, octetString2IntArray(aStr),
- octetString2IntArray(bStr), octetString2IntArray(basePointXStr),
- octetString2IntArray(basePointYStr), null);
+
+ ECField javaECField = new ECFieldF2m(m, irreducible);
+ java.security.spec.EllipticCurve curve =
+ new java.security.spec.EllipticCurve(javaECField, a, b, seed.toByteArray());
+ java.security.spec.ECPoint javaECbasePoint =
+ new java.security.spec.ECPoint(basePointX, basePointY);
+ java.security.spec.ECParameterSpec javaECSpec =
+ new java.security.spec.ECParameterSpec(curve, javaECbasePoint, order, cofactor.intValue());
+ eccParameterSpec = ECParameterSpec.getParameterSpec(javaECSpec);
+
+// eccParameterSpec = new ECCParameterSpec(irreducible, cofactor, order, octetString2IntArray(aStr),
+// octetString2IntArray(bStr), octetString2IntArray(basePointXStr),
+// octetString2IntArray(basePointYStr), null);
}
}
@@ -206,10 +197,14 @@ public class ECDSAKeyValueConverter
Element publicKeyYElem = getChildElement(publicKeyElem, ecdsaNS, "Y", 1);
String publicKeyYStr = publicKeyYElem.getAttributeNS(null, "Value");
- ECDSAParameter ecdsaParams = new ECDSAParameter(eccParameterSpec, CoordinateTypes.PROJECTIVE_COORDINATES);
- ECGroupFactory ecGroupFactory = ECGroupFactory.getInstance();
- EllipticCurve eCurve = ecGroupFactory.getCurve(eccParameterSpec.getA(),
- eccParameterSpec.getB(), eccParameterSpec.getR(), CoordinateTypes.PROJECTIVE_COORDINATES);
+ //ECParameterSpec ecdsaParams = new ECParameterSpec(eccParameterSpec, CoordinateTypes.PROJECTIVE_COORDINATES);
+ //ECGroupFactory ecGroupFactory = ECGroupFactory.getInstance();
+
+ EllipticCurve eCurve = eccParameterSpec.getCurve();
+
+// EllipticCurve eCurve = ecGroupFactory.getCurve(eccParameterSpec.getA(),
+// eccParameterSpec.getB(), eccParameterSpec.getR(), CoordinateTypes.PROJECTIVE_COORDINATES);
+
Field field = eCurve.getField();
// Detect type of public key field elements
@@ -239,10 +234,19 @@ public class ECDSAKeyValueConverter
}
// ProjectiveCoordinate publicKeyPointCoordinate = new ProjectiveCoordinate(publicKeyPointX,
// publicKeyPointY, field.getONEelement());
- Coordinate publicKeyPointCoordinate = new AffineCoordinate(publicKeyPointX,
- publicKeyPointY).toProjective();
- ECPoint publicKeyPoint = eCurve.newPoint(publicKeyPointCoordinate);
- ECPublicKey publicKey = new ECPublicKey(ecdsaParams, publicKeyPoint);
+// Coordinate publicKeyPointCoordinate = new AffineCoordinate(publicKeyPointX,
+// publicKeyPointY).toProjective();
+
+ ECPoint publicKeyPointECPoint = new ECPoint(publicKeyPointX.toBigInteger(),
+ publicKeyPointY.toBigInteger());
+
+ if (!eCurve.containsPoint(publicKeyPointECPoint)) {
+ Logger.error("IDL ECC parameter extraction FAILED! Public-Key ECPoint is not on the curve!");
+ throw new Exception("IDL ECC parameter extraction FAILED! Public-Key ECPoint is not on the curve!");
+
+ }
+
+ ECPublicKey publicKey = new ECPublicKey(eccParameterSpec, publicKeyPointECPoint);
return publicKey;
}
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/util/SSLUtils.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/util/SSLUtils.java
index f0cec1d61..cd700c74a 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/util/SSLUtils.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/util/SSLUtils.java
@@ -46,9 +46,6 @@
package at.gv.egovernment.moa.id.util;
-import iaik.pki.PKIException;
-import iaik.security.provider.IAIK;
-
import java.io.BufferedInputStream;
import java.io.BufferedReader;
import java.io.IOException;
@@ -57,7 +54,6 @@ import java.io.InputStreamReader;
import java.io.Reader;
import java.net.URL;
import java.security.GeneralSecurityException;
-import java.security.Security;
import javax.net.ssl.HttpsURLConnection;
import javax.net.ssl.SSLSocketFactory;
@@ -71,6 +67,7 @@ import at.gv.egovernment.moa.id.commons.api.exceptions.ConfigurationException;
import at.gv.egovernment.moa.id.commons.utils.ssl.SSLConfigurationException;
import at.gv.egovernment.moa.id.config.ConnectionParameter;
import at.gv.egovernment.moa.id.config.auth.AuthConfigurationProviderFactory;
+import iaik.pki.PKIException;
/**
@@ -86,7 +83,7 @@ public class SSLUtils {
public static void initialize() {
// JSSE Abhängigkeit
//Security.addProvider(new com.sun.net.ssl.internal.ssl.Provider());
- Security.addProvider(new IAIK());
+ //Security.addProvider(new IAIK());
//System.setProperty("java.protocol.handler.pkgs", "com.sun.net.ssl.internal.www.protocol");
@@ -126,14 +123,14 @@ public class SSLUtils {
//INFO: MOA-ID 2.x always use defaultChainingMode
try {
- SSLSocketFactory ssf =
- at.gv.egovernment.moa.id.commons.utils.ssl.SSLUtils.getSSLSocketFactory(
- connParam.getUrl(),
- conf.getCertstoreDirectory(),
+ SSLSocketFactory ssf = at.gv.egovernment.moa.id.commons.utils.ssl.SSLUtils.getSSLSocketFactory(
+ connParam.getUrl(),
+ null,
trustStoreURL,
acceptedServerCertURL,
AuthConfigurationProviderFactory.getInstance().getDefaultChainingMode(),
- AuthConfigurationProviderFactory.getInstance().isTrustmanagerrevoationchecking(),
+ AuthConfigurationProviderFactory.getInstance().isTrustmanagerrevoationchecking(),
+ AuthConfigurationProviderFactory.getInstance().getRevocationMethodOrder(),
connParam.getClientKeyStore(),
connParam.getClientKeyStorePassword(),
"pkcs12");
diff --git a/id/server/idserverlib/src/main/resources/moaid.authentication.beans.xml b/id/server/idserverlib/src/main/resources/moaid.authentication.beans.xml
index 11d92cea3..ba8c47304 100644
--- a/id/server/idserverlib/src/main/resources/moaid.authentication.beans.xml
+++ b/id/server/idserverlib/src/main/resources/moaid.authentication.beans.xml
@@ -4,10 +4,17 @@
xmlns:context="http://www.springframework.org/schema/context"
xmlns:tx="http://www.springframework.org/schema/tx"
xmlns:aop="http://www.springframework.org/schema/aop"
+ xmlns:p="http://www.springframework.org/schema/p"
+ xmlns:task="http://www.springframework.org/schema/task"
xsi:schemaLocation="http://www.springframework.org/schema/aop http://www.springframework.org/schema/aop/spring-aop-3.1.xsd
http://www.springframework.org/schema/beans http://www.springframework.org/schema/beans/spring-beans.xsd
http://www.springframework.org/schema/context http://www.springframework.org/schema/context/spring-context-3.1.xsd
- http://www.springframework.org/schema/tx http://www.springframework.org/schema/tx/spring-tx-3.0.xsd">
+ http://www.springframework.org/schema/tx http://www.springframework.org/schema/tx/spring-tx-3.0.xsd
+ http://www.springframework.org/schema/task http://www.springframework.org/schema/task/spring-task-3.0.xsd">
+
+ <task:annotation-driven executor="MOA-ID-Auth_TaskExecutor" scheduler="MOA-ID-Auth_Scheduler"/>
+ <task:executor id="MOA-ID-Auth_TaskExecutor" pool-size="5"/>
+ <task:scheduler id="MOA-ID-Auth_Scheduler" pool-size="10"/>
<bean id="processEngine" class="at.gv.egovernment.moa.id.process.ProcessEngineImpl">
<property name="transitionConditionExpressionEvaluator">
@@ -35,8 +42,7 @@
<bean id="MOAID_SSOManager"
class="at.gv.egovernment.moa.id.moduls.SSOManager"/>
- <bean id="TransactionStorage"
- class="at.gv.egovernment.moa.id.storage.DBTransactionStorage"/>
+
<bean id="AuthenticationSessionStoreage"
class="at.gv.egovernment.moa.id.storage.DBAuthenticationSessionStoreage"/>
@@ -47,14 +53,20 @@
<bean id="ProcessInstanceStoreage"
class="at.gv.egovernment.moa.id.process.dao.ProcessInstanceStoreDAOImpl"/>
- <bean id="StatisticLogger"
- class="at.gv.egovernment.moa.id.advancedlogging.StatisticLogger"/>
-
<bean id="MOAReversionLogger"
class="at.gv.egovernment.moa.id.advancedlogging.MOAReversionLogger"/>
<bean id="AuthenticationSessionCleaner"
- class="at.gv.egovernment.moa.id.auth.AuthenticationSessionCleaner"/>
+ class="at.gv.egovernment.moa.id.auth.AuthenticationSessionCleaner"/>
+
+ <bean id="MOAGarbageCollector"
+ class="at.gv.egovernment.moa.id.auth.MOAGarbageCollector"/>
+
+<!-- <bean id="taskExecutor" class="org.springframework.scheduling.concurrent.ThreadPoolTaskExecutor">
+ <property name="corePoolSize" value="5" />
+ <property name="maxPoolSize" value="10" />
+ <property name="queueCapacity" value="25" />
+ </bean> -->
<!-- Authentication Process Tasks -->
<bean id="GenerateBKUSelectionFrameTask"
@@ -79,6 +91,18 @@
<bean id="EvaluateSSOConsentsTaskImpl"
class="at.gv.egovernment.moa.id.auth.modules.internal.tasks.EvaluateSSOConsentsTaskImpl"
- scope="prototype"/>
+ scope="prototype"/>
-</beans> \ No newline at end of file
+ <beans profile="advancedLogOn">
+ <bean id="StatisticLogger"
+ class="at.gv.egovernment.moa.id.advancedlogging.StatisticLogger"/>
+ </beans>
+
+ <beans profile="advancedLogOff">
+ <bean id="StatisticLogger"
+ class="at.gv.egovernment.moa.id.advancedlogging.DummyStatisticLogger"/>
+ </beans>
+
+</beans>
+
+
diff --git a/id/server/idserverlib/src/main/resources/resources/properties/id_messages_de.properties b/id/server/idserverlib/src/main/resources/resources/properties/id_messages_de.properties
index 89f54d008..b88df0b9d 100644
--- a/id/server/idserverlib/src/main/resources/resources/properties/id_messages_de.properties
+++ b/id/server/idserverlib/src/main/resources/resources/properties/id_messages_de.properties
@@ -113,9 +113,9 @@ service.00=Fehler beim Aufruf des Web Service: {0}
service.01=Fehler beim Aufruf des Web Service: kein Endpoint
service.02=Fehler beim Aufruf des Web Service, Status {0}: {1}
service.03=Fehler beim Aufruf des SPSS-API: {0}
-service.04=Das Online-Vollmachten Service ist unter {0} nicht erreichbar.
+service.04=Das Online-Vollmachten Service ist unter {0} nicht erreichbar. Ursache:{1}
service.05=Fehler beim Anfragen des Online-Vollmachen Service: {0} / {1}
-service.06=Allgemeiner Fehler beim Anfragen des Online-Vollmachten Service
+service.06=Allgemeiner Fehler beim Anfragen des Online-Vollmachten Service. Ursache:{0}
service.07=Der SZR-Gateway ist unter {0} nicht erreichbar.
service.08=Die Eintragung der ausländischen Person am SZR-Gateway ist fehlgeschlagen.
service.09=Der SZR-Gateway Client konnte nicht initialisiert werden. Ursache:{0}
@@ -258,7 +258,7 @@ stork.29=Fehler bei der Generierung von STORK-Attribut (eIdentifier/eLPIdentifie
eIDAS.00=eIDAS Engine initialization FAILED. Reason:{0}
eIDAS.01=Received eIDAS AuthnRequest is not valid. Reason:{0}
-eIDAS.02=Generate eIDAS AuthnRequest FAILED. Reason:{0}
+eIDAS.02=Generation of eIDAS AuthnRequest FAILED. Reason:{0}
eIDAS.03=Can not connect to eIDAS Node. Reason:No CitizenCountry selected.
eIDAS.04=Can not connect to eIDAS Node. Reason:{0} is not a valid CitizenCountry.
eIDAS.05=Can not generate eIDAS metadata. Reason:{0}
@@ -267,7 +267,10 @@ eIDAS.07=Missing eIDAS-Attribute:{0}
eIDAS.08=No valid eIDAs-Node configuration for enityID:{0}
eIDAS.09=Received eIDAS Response is not valid. Reason:{0}
eIDAS.10=Internal server error. Reason:{0}
-eIDAS.11=Received eIDAS Error-Response. Reason:{0}
+eIDAS.11=Received eIDAS Error-Response. Reason:{0}
+eIDAS.12=Received eIDAS AuthnRequest is not valid. Reason:{0}
+eIDAS.13=Generation of eIDAS Response FAILED. Reason:{0}
+eIDAS.14=eIDAS Response validation FAILED: LevelOfAssurance {0} is to low.
pvp2.01=Fehler beim kodieren der PVP2 Antwort
pvp2.02=Ungueltiges Datumsformat
diff --git a/id/server/idserverlib/src/main/resources/resources/properties/protocol_response_statuscodes_de.properties b/id/server/idserverlib/src/main/resources/resources/properties/protocol_response_statuscodes_de.properties
index bfaf5ffb1..e72a28046 100644
--- a/id/server/idserverlib/src/main/resources/resources/properties/protocol_response_statuscodes_de.properties
+++ b/id/server/idserverlib/src/main/resources/resources/properties/protocol_response_statuscodes_de.properties
@@ -225,6 +225,9 @@ eIDAS.08=1304
eIDAS.09=1301
eIDAS.10=9199
eIDAS.11=1302
+eIDAS.12=1305
+eIDAS.13=1307
+eIDAS.14=1301
pvp2.01=6100
pvp2.06=6100
diff --git a/id/server/idserverlib/src/main/resources/session.common.beans.xml b/id/server/idserverlib/src/main/resources/session.common.beans.xml
new file mode 100644
index 000000000..bd3db0a5e
--- /dev/null
+++ b/id/server/idserverlib/src/main/resources/session.common.beans.xml
@@ -0,0 +1,73 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<beans
+ xmlns="http://www.springframework.org/schema/beans"
+ xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
+ xmlns:context="http://www.springframework.org/schema/context"
+ xmlns:tx="http://www.springframework.org/schema/tx"
+ xmlns:aop="http://www.springframework.org/schema/aop"
+ xmlns:p="http://www.springframework.org/schema/p"
+ xsi:schemaLocation="http://www.springframework.org/schema/aop http://www.springframework.org/schema/aop/spring-aop-3.1.xsd
+ http://www.springframework.org/schema/beans http://www.springframework.org/schema/beans/spring-beans.xsd
+ http://www.springframework.org/schema/context http://www.springframework.org/schema/context/spring-context-3.1.xsd
+ http://www.springframework.org/schema/tx http://www.springframework.org/schema/tx/spring-tx-3.0.xsd">
+
+ <context:property-placeholder location="${moa.id.configuration}"/>
+ <context:annotation-config/>
+
+ <bean id="sessionDataSource" class="org.apache.commons.dbcp2.BasicDataSource" lazy-init="true" destroy-method="close">
+ <aop:scoped-proxy/>
+ <property name="driverClassName" value="${moasession.hibernate.connection.driver_class}" />
+ <property name="url" value="${moasession.hibernate.connection.url}"/>
+ <property name="username" value="${moasession.hibernate.connection.username}" />
+ <property name="password" value="${moasession.hibernate.connection.password}" />
+
+ <property name="connectionProperties" value="${moasession.dbcp.connectionProperties}" />
+ <property name="initialSize" value="${moasession.dbcp.initialSize}" />
+ <property name="maxTotal" value="${moasession.dbcp.maxActive}" />
+ <property name="maxIdle" value="${moasession.dbcp.maxIdle}" />
+ <property name="minIdle" value="${moasession.dbcp.minIdle}" />
+ <!-- property name="maxWait" value="${moasession.dbcp.maxWaitMillis}" / -->
+ <property name="testOnBorrow" value="${moasession.dbcp.testOnBorrow}" />
+ <property name="testOnReturn" value="${moasession.dbcp.testOnReturn}" />
+ <property name="testWhileIdle" value="${moasession.dbcp.testWhileIdle}" />
+ <property name="validationQuery" value="${moasession.dbcp.validationQuery}" />
+ </bean>
+
+<!-- <bean id="sessionSessionFactory" class="org.springframework.orm.hibernate5.LocalSessionFactoryBean">
+ <property name="dataSource" ref="sessionDataSource"/>
+ <property name="packagesToScan" value="at.gv.egovernment.moa.id.commons.db.dao.session" />
+ <property name="hibernateProperties">
+ <props>
+ <prop key="hibernate.dialect">${moasession.hibernate.dialect}</prop>
+ <prop key="hibernate.show_sql">${moasession.hibernate.show_sql}</prop>
+ <prop key="hibernate.hbm2ddl.auto">${moasession.hibernate.hbm2ddl.auto}</prop>
+ <prop key="current_session_context_class">${moasession.hibernate.current_session_context_class}</prop>
+ <prop key="hibernate.transaction.flush_before_completion">${moasession.hibernate.transaction.flush_before_completion}</prop>
+ <prop key="hibernate.transaction.auto_close_session">${moasession.hibernate.transaction.auto_close_session}</prop>
+ </props>
+ </property>
+ </bean> -->
+
+ <!-- MYSQL Conector -->
+ <tx:annotation-driven transaction-manager="sessionTransactionManager"/>
+
+ <bean id="sessionJpaVendorAdapter" class="org.springframework.orm.jpa.vendor.HibernateJpaVendorAdapter">
+ <property name="showSql" value="${moasession.hibernate.show_sql}" />
+ <property name="generateDdl" value="${moasession.jpaVendorAdapter.generateDdl}" />
+ <property name="databasePlatform" value="${moasession.hibernate.dialect}" />
+ </bean>
+
+ <bean name="session" id="session" class="org.springframework.orm.jpa.LocalContainerEntityManagerFactoryBean" depends-on="sessionDataSource">
+ <property name="dataSource" ref="sessionDataSource" />
+ <property name="jpaVendorAdapter" ref="sessionJpaVendorAdapter" />
+ <property name="packagesToScan" value="at.gv.egovernment.moa.id.commons.db.dao.session" />
+ <property name="persistenceUnitName" value="session" />
+ </bean>
+
+ <bean name="sessionTransactionManager" id="sessionTransactionManager" class="org.springframework.orm.jpa.JpaTransactionManager">
+ <property name="entityManagerFactory" ref="session" />
+ </bean>
+
+ <!-- bean id="moaSessionDBUtils" class="at.gv.egovernment.moa.id.commons.db.MOASessionDBUtils"/-->
+
+</beans> \ No newline at end of file
diff --git a/id/server/idserverlib/src/main/resources/session.db.beans.xml b/id/server/idserverlib/src/main/resources/session.db.beans.xml
new file mode 100644
index 000000000..5ed390ffe
--- /dev/null
+++ b/id/server/idserverlib/src/main/resources/session.db.beans.xml
@@ -0,0 +1,20 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<beans profile="dbBackend"
+ xmlns="http://www.springframework.org/schema/beans"
+ xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
+ xmlns:context="http://www.springframework.org/schema/context"
+ xmlns:tx="http://www.springframework.org/schema/tx"
+ xmlns:aop="http://www.springframework.org/schema/aop"
+ xmlns:p="http://www.springframework.org/schema/p"
+ xsi:schemaLocation="http://www.springframework.org/schema/aop http://www.springframework.org/schema/aop/spring-aop-3.1.xsd
+ http://www.springframework.org/schema/beans http://www.springframework.org/schema/beans/spring-beans.xsd
+ http://www.springframework.org/schema/context http://www.springframework.org/schema/context/spring-context-3.1.xsd
+ http://www.springframework.org/schema/tx http://www.springframework.org/schema/tx/spring-tx-3.0.xsd">
+
+ <context:property-placeholder location="${moa.id.configuration}"/>
+
+ <bean id="TransactionStorage"
+ class="at.gv.egovernment.moa.id.storage.DBTransactionStorage"
+ />
+
+</beans> \ No newline at end of file
diff --git a/id/server/idserverlib/src/main/resources/session.redis.beans.xml b/id/server/idserverlib/src/main/resources/session.redis.beans.xml
new file mode 100644
index 000000000..feda9b273
--- /dev/null
+++ b/id/server/idserverlib/src/main/resources/session.redis.beans.xml
@@ -0,0 +1,37 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<beans profile="redisBackend"
+ xmlns="http://www.springframework.org/schema/beans"
+ xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
+ xmlns:context="http://www.springframework.org/schema/context"
+ xmlns:tx="http://www.springframework.org/schema/tx"
+ xmlns:aop="http://www.springframework.org/schema/aop"
+ xmlns:p="http://www.springframework.org/schema/p"
+ xsi:schemaLocation="http://www.springframework.org/schema/aop http://www.springframework.org/schema/aop/spring-aop-3.1.xsd
+ http://www.springframework.org/schema/beans http://www.springframework.org/schema/beans/spring-beans.xsd
+ http://www.springframework.org/schema/context http://www.springframework.org/schema/context/spring-context-3.1.xsd
+ http://www.springframework.org/schema/tx http://www.springframework.org/schema/tx/spring-tx-3.0.xsd">
+
+ <context:property-placeholder location="${moa.id.configuration}"/>
+
+ <bean id="TransactionStorage"
+ class="at.gv.egovernment.moa.id.storage.RedisTransactionStorage"/>
+
+ <!-- Redis Beans -->
+ <bean id="jedisConnFactory"
+ class="org.springframework.data.redis.connection.jedis.JedisConnectionFactory"
+ p:use-pool="${redis.use-pool}"
+ p:host-name="${redis.host-name}"
+ p:port="${redis.port}"/>
+
+ <bean id="RedisStringSerializer" class="org.springframework.data.redis.serializer.StringRedisSerializer" />
+ <bean id="assertionStoreSerializer" class="org.springframework.data.redis.serializer.JacksonJsonRedisSerializer">
+ <constructor-arg type="java.lang.Class" value="at.gv.egovernment.moa.id.commons.db.dao.session.AssertionStore"/>
+ </bean>
+
+ <bean id="redisTemplate"
+ class="org.springframework.data.redis.core.RedisTemplate"
+ p:connection-factory-ref="jedisConnFactory"
+ p:value-serializer-ref="RedisStringSerializer"
+ p:key-serializer-ref="RedisStringSerializer"/>
+
+</beans> \ No newline at end of file
diff --git a/id/server/idserverlib/src/test/java/at/gv/egovernment/moa/id/module/test/TestRequestImpl.java b/id/server/idserverlib/src/test/java/at/gv/egovernment/moa/id/module/test/TestRequestImpl.java
index 66dffe311..3ecbb84a2 100644
--- a/id/server/idserverlib/src/test/java/at/gv/egovernment/moa/id/module/test/TestRequestImpl.java
+++ b/id/server/idserverlib/src/test/java/at/gv/egovernment/moa/id/module/test/TestRequestImpl.java
@@ -24,8 +24,11 @@ package at.gv.egovernment.moa.id.module.test;
import java.util.Collection;
+import org.opensaml.saml2.metadata.provider.MetadataProvider;
+
import at.gv.egovernment.moa.id.commons.api.IOAAuthParameters;
import at.gv.egovernment.moa.id.commons.api.IRequest;
+import at.gv.egovernment.moa.id.commons.api.data.IAuthenticationSession;
import at.gv.egovernment.moa.id.commons.api.exceptions.SessionDataStorageException;
/**
@@ -118,15 +121,6 @@ public class TestRequestImpl implements IRequest {
}
/* (non-Javadoc)
- * @see at.gv.egovernment.moa.id.moduls.IRequest#getMOASessionIdentifier()
- */
- @Override
- public String getMOASessionIdentifier() {
- // TODO Auto-generated method stub
- return null;
- }
-
- /* (non-Javadoc)
* @see at.gv.egovernment.moa.id.moduls.IRequest#getUniqueTransactionIdentifier()
*/
@Override
@@ -254,10 +248,37 @@ public class TestRequestImpl implements IRequest {
* @see at.gv.egovernment.moa.id.moduls.IRequest#getRequestedAttributes()
*/
@Override
- public Collection<String> getRequestedAttributes() {
+ public Collection<String> getRequestedAttributes(MetadataProvider metadataProvider) {
+ // TODO Auto-generated method stub
+ return null;
+ }
+
+ /* (non-Javadoc)
+ * @see at.gv.egovernment.moa.id.commons.api.IRequest#getInternalSSOSessionIdentifier()
+ */
+ @Override
+ public String getInternalSSOSessionIdentifier() {
// TODO Auto-generated method stub
return null;
}
+
+ /* (non-Javadoc)
+ * @see at.gv.egovernment.moa.id.commons.api.IRequest#getMOASession()
+ */
+ @Override
+ public IAuthenticationSession getMOASession() {
+ // TODO Auto-generated method stub
+ return null;
+ }
+
+ /* (non-Javadoc)
+ * @see at.gv.egovernment.moa.id.commons.api.IRequest#populateMOASessionWithSSOInformation(at.gv.egovernment.moa.id.commons.api.data.IAuthenticationSession)
+ */
+ @Override
+ public void populateMOASessionWithSSOInformation(IAuthenticationSession ssoSession) {
+ // TODO Auto-generated method stub
+
+ }
diff --git a/id/server/idserverlib/src/test/java/at/gv/egovernment/moa/id/process/spring/test/DummyTransactionStorage.java b/id/server/idserverlib/src/test/java/at/gv/egovernment/moa/id/process/spring/test/DummyTransactionStorage.java
new file mode 100644
index 000000000..ab08c0f5c
--- /dev/null
+++ b/id/server/idserverlib/src/test/java/at/gv/egovernment/moa/id/process/spring/test/DummyTransactionStorage.java
@@ -0,0 +1,147 @@
+package at.gv.egovernment.moa.id.process.spring.test;
+
+import java.util.ArrayList;
+import java.util.Date;
+import java.util.Iterator;
+import java.util.List;
+
+import javax.sql.DataSource;
+
+import at.gv.egovernment.moa.id.auth.exception.AuthenticationException;
+import at.gv.egovernment.moa.id.commons.db.ex.MOADatabaseException;
+import at.gv.egovernment.moa.id.storage.ITransactionStorage;
+import at.gv.egovernment.moa.logging.Logger;
+
+/**
+ * Dummy DataSource implementation for convenience in test cases where a
+ * database connection will never actually be acquired.
+ *
+ * @see DataSource
+ * @author Chris Beams
+ */
+public class DummyTransactionStorage implements ITransactionStorage {
+
+ public class DummyDBEntry{
+ public DummyDBEntry(String key, Object value){
+ this.obj =value;
+ this.key = key;
+ }
+ public String getKey() {
+ return key;
+ }
+ public void setKey(String key) {
+ this.key = key;
+ }
+ public Object getObj() {
+ return obj;
+ }
+ public void setObj(Object obj) {
+ this.obj = obj;
+ }
+ private String key;
+ private Object obj;
+ }
+
+ private ArrayList<DummyDBEntry> ds = new ArrayList<DummyDBEntry>();
+
+
+
+ @Override
+ public boolean containsKey(String key) {
+ // TODO Auto-generated method stub
+ Iterator<DummyDBEntry> it = ds.iterator();
+ while(it.hasNext()){
+ DummyDBEntry t = it.next();
+ if(t.getKey().equals(key))
+ return true;
+ }
+ return false;
+ }
+
+ @Override
+ public void put(String key, Object value, int timeout_ms)
+ throws MOADatabaseException {
+ // TODO Auto-generated method stub
+ this.remove(key);
+ this.ds.add(new DummyDBEntry(key, value));
+
+ }
+
+ @Override
+ public Object get(String key) throws MOADatabaseException {
+ // TODO Auto-generated method stub
+ Iterator<DummyDBEntry> it = ds.iterator();
+ while(it.hasNext()){
+ DummyDBEntry t = it.next();
+ if(t.getKey().equals(key))
+ return t;
+ }
+ return null;
+ }
+
+ @Override
+ public <T> T get(String key, Class<T> clazz) throws MOADatabaseException {
+
+ DummyDBEntry o = (DummyDBEntry) get(key);
+ if(o == null)
+ return null;
+ try {
+ @SuppressWarnings("unchecked")
+ T test = (T) (clazz.cast(o.getObj()));
+ return test;
+
+ } catch (Exception e) {
+ Logger.warn("Sessioninformation Cast-Exception by using Artifact=" + key);
+ throw new MOADatabaseException("Sessioninformation Cast-Exception");
+
+ }
+ }
+
+ @Override
+ public <T> T get(String key, Class<T> clazz, long dataTimeOut)
+ throws MOADatabaseException, AuthenticationException {
+ // TODO Auto-generated method stub
+ return get(key,clazz);
+ }
+
+ @Override
+ public void changeKey(String oldKey, String newKey, Object value)
+ throws MOADatabaseException {
+ this.remove(oldKey);
+ this.put(newKey, value, -1);
+
+ }
+
+ @Override
+ public void remove(String key) {
+ Iterator<DummyDBEntry> it = ds.iterator();
+ while(it.hasNext()){
+ DummyDBEntry t = it.next();
+ if(t.getKey().equals(key)){
+ this.ds.remove(t);
+ return;
+ }
+ }
+
+ }
+
+ @Override
+ public List<String> clean(Date now, long dataTimeOut) {
+ // TODO Auto-generated method stub
+ return null;
+ }
+
+ @Override
+ public Object getAssertionStore(String key) throws MOADatabaseException {
+ // TODO Auto-generated method stub
+ return null;
+ }
+
+ @Override
+ public void putAssertionStore(Object element) throws MOADatabaseException {
+ // TODO Auto-generated method stub
+
+ }
+
+
+} \ No newline at end of file
diff --git a/id/server/idserverlib/src/test/java/at/gv/egovernment/moa/id/process/spring/test/SpringExpressionAwareProcessEngineTest.java b/id/server/idserverlib/src/test/java/at/gv/egovernment/moa/id/process/spring/test/SpringExpressionAwareProcessEngineTest.java
index 2cb2a3278..c06735f9e 100644
--- a/id/server/idserverlib/src/test/java/at/gv/egovernment/moa/id/process/spring/test/SpringExpressionAwareProcessEngineTest.java
+++ b/id/server/idserverlib/src/test/java/at/gv/egovernment/moa/id/process/spring/test/SpringExpressionAwareProcessEngineTest.java
@@ -18,7 +18,6 @@ import org.springframework.context.ApplicationContext;
import org.springframework.test.context.ContextConfiguration;
import org.springframework.test.context.junit4.SpringJUnit4ClassRunner;
-import at.gv.egovernment.moa.id.commons.db.MOASessionDBUtils;
import at.gv.egovernment.moa.id.commons.db.dao.session.AssertionStore;
import at.gv.egovernment.moa.id.module.test.TestRequestImpl;
import at.gv.egovernment.moa.id.process.ProcessDefinitionParserException;
@@ -78,7 +77,7 @@ public class SpringExpressionAwareProcessEngineTest {
config.addProperties(props);
//config.addAnnotatedClass(ProcessInstanceStore.class);
config.addAnnotatedClass(AssertionStore.class);
- MOASessionDBUtils.initHibernate(config, props);
+ //MOASessionDBUtils.initHibernate(config, props);
} catch (Exception e) {
e.printStackTrace();
}
diff --git a/id/server/idserverlib/src/test/java/at/gv/egovernment/moa/id/process/test/ProcessEngineTest.java b/id/server/idserverlib/src/test/java/at/gv/egovernment/moa/id/process/test/ProcessEngineTest.java
index a7e351e25..6744c0403 100644
--- a/id/server/idserverlib/src/test/java/at/gv/egovernment/moa/id/process/test/ProcessEngineTest.java
+++ b/id/server/idserverlib/src/test/java/at/gv/egovernment/moa/id/process/test/ProcessEngineTest.java
@@ -17,7 +17,6 @@ import org.springframework.context.ApplicationContext;
import org.springframework.test.context.ContextConfiguration;
import org.springframework.test.context.junit4.SpringJUnit4ClassRunner;
-import at.gv.egovernment.moa.id.commons.db.MOASessionDBUtils;
import at.gv.egovernment.moa.id.commons.db.dao.session.AssertionStore;
import at.gv.egovernment.moa.id.module.test.TestRequestImpl;
import at.gv.egovernment.moa.id.process.ProcessDefinitionParser;
@@ -73,7 +72,7 @@ public class ProcessEngineTest {
config.addProperties(props);
//config.addAnnotatedClass(ProcessInstanceStore.class);
config.addAnnotatedClass(AssertionStore.class);
- MOASessionDBUtils.initHibernate(config, props);
+ //MOASessionDBUtils.initHibernate(config, props);
} catch (Exception e) {
e.printStackTrace();
}
diff --git a/id/server/idserverlib/src/test/java/at/gv/egovernment/moa/id/storage/test/DBTransactionStorageTest.java b/id/server/idserverlib/src/test/java/at/gv/egovernment/moa/id/storage/test/DBTransactionStorageTest.java
new file mode 100644
index 000000000..4b7f61ef5
--- /dev/null
+++ b/id/server/idserverlib/src/test/java/at/gv/egovernment/moa/id/storage/test/DBTransactionStorageTest.java
@@ -0,0 +1,122 @@
+package at.gv.egovernment.moa.id.storage.test;
+
+import java.io.IOException;
+
+import javax.xml.parsers.ParserConfigurationException;
+
+import org.springframework.beans.factory.annotation.Autowired;
+import org.springframework.context.ApplicationContext;
+import org.springframework.context.ConfigurableApplicationContext;
+import org.springframework.context.support.FileSystemXmlApplicationContext;
+import org.w3c.dom.Element;
+import org.xml.sax.SAXException;
+
+import at.gv.egovernment.moa.id.commons.db.ex.MOADatabaseException;
+import at.gv.egovernment.moa.id.storage.DBTransactionStorage;
+import at.gv.egovernment.moa.id.storage.ITransactionStorage;
+import at.gv.egovernment.moa.util.Constants;
+import at.gv.util.DOMUtils;
+
+public class DBTransactionStorageTest {
+
+ public static void main (String[] args) throws SAXException, IOException, ParserConfigurationException, MOADatabaseException{
+ DBTransactionStorageTest t = new DBTransactionStorageTest();
+ t.test();
+ }
+
+ @Autowired
+ DBTransactionStorage rts;
+
+ public DBTransactionStorageTest(){
+
+ }
+
+
+ public void test() throws SAXException, IOException, ParserConfigurationException, MOADatabaseException{
+
+
+ ApplicationContext context = new FileSystemXmlApplicationContext("src/test/java/testBeans.xml");
+
+
+ String requestString =
+ "<?xml version=\"1.0\" encoding=\"UTF-8\" ?>" +
+ "<samlp:Request xmlns:samlp=\"urn:oasis:names:tc:SAML:1.0:protocol\" xmlns:saml=\"urn:oasis:names:tc:SAML:1.0:assertion\" RequestID=\"123456\" MajorVersion=\"1\" MinorVersion=\"0\" IssueInstant=\"2003-02-13T13:59:00\">" +
+ "<samlp:AssertionArtifact>WRONGARTIFACT</samlp:AssertionArtifact>" +
+ "</samlp:Request>";
+ Element request = DOMUtils.parseDocument(requestString, false, Constants.ALL_SCHEMA_LOCATIONS, null).getDocumentElement();
+
+ ITransactionStorage rts = (ITransactionStorage) context.getBean("DBTransactionStorage");
+ //GenericToStringSerializer redisStringSerializer = (GenericToStringSerializer) context.getBean("valueObjectSerializer");
+
+ // rts.getTemplate().setValueSerializer(new GenericToStringSerializer<Object>(Object.class));
+ // rts.getTemplate().setHashValueSerializer(new GenericToStringSerializer<Object>(Object.class));
+
+ int cnt = 10;
+ int averageCnt = 10;
+ long putTime = 0, getTime = 0, changeTime = 0, removeTime = 0;
+ long total = 0;
+ for(int a=0;a<averageCnt;a++){
+ long totalPerRound = 0;
+
+ System.out.println("Starting MySql store operation.");
+ long start = System.currentTimeMillis();
+ for(int i=0; i<cnt;i++)
+ rts.put("test"+i, request,-1);
+ long end = System.currentTimeMillis();
+ putTime += end-start;
+ System.out.println("MySql store operation done in "+(end-start)+" ms.");
+ totalPerRound+=(end-start);
+
+ Element test;
+ System.out.println("Starting MySql get operation.");
+ start = System.currentTimeMillis();
+ for(int i=0; i<cnt;i++)
+ test = (Element)rts.get("test"+i);
+ end = System.currentTimeMillis();
+ getTime += end-start;
+ System.out.println("MySql get operation done in "+(end-start)+" ms.");
+ totalPerRound+=(end-start);
+ //Element test = (Element)rts.get("test0");
+ //System.out.println("Read Element from Redis Store: "+test.getTextContent());
+
+ String requestString2 =
+ "<?xml version=\"1.0\" encoding=\"UTF-8\" ?>" +
+ "<samlp:Request xmlns:samlp=\"urn:oasis:names:tc:SAML:1.0:protocol\" xmlns:saml=\"urn:oasis:names:tc:SAML:1.0:assertion\" RequestID=\"test_new\" MajorVersion=\"1\" MinorVersion=\"0\" IssueInstant=\"2003-02-13T13:59:00\">" +
+ "<samlp:AssertionArtifact>WRONGARTIFACT</samlp:AssertionArtifact>" +
+ "</samlp:Request>";
+ Element request2 = DOMUtils.parseDocument(requestString2, false, Constants.ALL_SCHEMA_LOCATIONS, null).getDocumentElement();
+
+ System.out.println("Starting MySql change operation.");
+ start = System.currentTimeMillis();
+ for(int i=0; i<cnt;i++)
+ rts.changeKey("test"+i, "test_new"+i, request2);
+ end = System.currentTimeMillis();
+ changeTime += end-start;
+ System.out.println("MySql change operation done in "+(end-start)+" ms.");
+ totalPerRound+=(end-start);
+
+
+
+ System.out.println("Starting MySql remove operation.");
+ start = System.currentTimeMillis();
+ for(int i=0; i<cnt;i++)
+ rts.remove("test_new"+i);
+ end = System.currentTimeMillis();
+ removeTime += end-start;
+ System.out.println("MySql remove operation done in "+(end-start)+" ms.");
+ totalPerRound+=(end-start);
+ total+=totalPerRound;
+
+ System.out.println("Redis Total Time in this round: "+totalPerRound+" ms.");
+ System.out.println("______________________________________________________");
+ }
+ System.out.println("______________________________________________________");
+ System.out.println("Redis average get time over " + averageCnt +" rounds: "+getTime/averageCnt+" ms.");
+ System.out.println("Redis average put time over " + averageCnt +" rounds: "+putTime/averageCnt+" ms.");
+ System.out.println("Redis average change time over " + averageCnt +" rounds: "+changeTime/averageCnt+" ms.");
+ System.out.println("Redis average remove time over " + averageCnt +" rounds: "+removeTime/averageCnt+" ms.");
+ System.out.println("Redis average total time over " + averageCnt +" rounds: "+total/averageCnt+" ms.");
+ ((ConfigurableApplicationContext)context).close();
+ }
+
+}
diff --git a/id/server/idserverlib/src/test/java/at/gv/egovernment/moa/id/storage/test/RedisTransactionMultiThreadTest.java b/id/server/idserverlib/src/test/java/at/gv/egovernment/moa/id/storage/test/RedisTransactionMultiThreadTest.java
new file mode 100644
index 000000000..60b55f497
--- /dev/null
+++ b/id/server/idserverlib/src/test/java/at/gv/egovernment/moa/id/storage/test/RedisTransactionMultiThreadTest.java
@@ -0,0 +1,130 @@
+package at.gv.egovernment.moa.id.storage.test;
+
+import java.io.IOException;
+
+import javax.xml.parsers.ParserConfigurationException;
+
+import org.springframework.beans.factory.annotation.Autowired;
+import org.springframework.context.ApplicationContext;
+import org.springframework.context.ConfigurableApplicationContext;
+import org.springframework.context.support.FileSystemXmlApplicationContext;
+import org.springframework.core.task.TaskExecutor;
+import org.w3c.dom.Element;
+import org.xml.sax.SAXException;
+
+import at.gv.egovernment.moa.id.commons.db.ex.MOADatabaseException;
+import at.gv.egovernment.moa.id.storage.RedisTransactionStorage;
+import at.gv.egovernment.moa.util.Constants;
+import at.gv.util.DOMUtils;
+
+public class RedisTransactionMultiThreadTest {
+
+ private ApplicationContext context;
+
+ public RedisTransactionMultiThreadTest() throws SAXException, IOException, ParserConfigurationException, MOADatabaseException{
+ this.context = new FileSystemXmlApplicationContext("src/test/java/testBeans.xml");
+ TaskExecutor te = (TaskExecutor) context.getBean("taskExecutor");
+
+ for(int i=0;i<50;i++){
+ te.execute(new RedisTask("Task"+i));
+ }
+
+
+ }
+
+ public static void main(String[] args) throws SAXException, IOException, ParserConfigurationException, MOADatabaseException{
+
+ RedisTransactionMultiThreadTest t = new RedisTransactionMultiThreadTest();
+ System.out.println("End");
+
+// String requestString =
+// "<?xml version=\"1.0\" encoding=\"UTF-8\" ?>" +
+// "<samlp:Request xmlns:samlp=\"urn:oasis:names:tc:SAML:1.0:protocol\" xmlns:saml=\"urn:oasis:names:tc:SAML:1.0:assertion\" RequestID=\"123456\" MajorVersion=\"1\" MinorVersion=\"0\" IssueInstant=\"2003-02-13T13:59:00\">" +
+// "<samlp:AssertionArtifact>WRONGARTIFACT</samlp:AssertionArtifact>" +
+// "</samlp:Request>";
+// Element request = DOMUtils.parseDocument(requestString, false, Constants.ALL_SCHEMA_LOCATIONS, null).getDocumentElement();
+//
+//
+//
+//
+// RedisTransactionStorage rts = (RedisTransactionStorage) context.getBean("TransactionStorage");
+// //GenericToStringSerializer redisStringSerializer = (GenericToStringSerializer) context.getBean("valueObjectSerializer");
+//
+//// rts.getTemplate().setValueSerializer(new GenericToStringSerializer<Object>(Object.class));
+//// rts.getTemplate().setHashValueSerializer(new GenericToStringSerializer<Object>(Object.class));
+//
+//
+// rts.put("test", request,-1);
+// System.out.println("Redis store operation done!");
+//
+// Element test = (Element)rts.get("test");
+// System.out.println("Read Element from Redis Store: "+test.getTextContent());
+//
+// String requestString2 =
+// "<?xml version=\"1.0\" encoding=\"UTF-8\" ?>" +
+// "<samlp:Request xmlns:samlp=\"urn:oasis:names:tc:SAML:1.0:protocol\" xmlns:saml=\"urn:oasis:names:tc:SAML:1.0:assertion\" RequestID=\"test_new\" MajorVersion=\"1\" MinorVersion=\"0\" IssueInstant=\"2003-02-13T13:59:00\">" +
+// "<samlp:AssertionArtifact>WRONGARTIFACT</samlp:AssertionArtifact>" +
+// "</samlp:Request>";
+// Element request2 = DOMUtils.parseDocument(requestString2, false, Constants.ALL_SCHEMA_LOCATIONS, null).getDocumentElement();
+//
+//
+// rts.changeKey("test", "test_new", request2);
+//
+// rts.remove("test");
+// rts.remove("test_new");
+//
+// ((ConfigurableApplicationContext)context).close();
+ }
+
+ private class RedisTask implements Runnable {
+
+ private String message;
+
+ public RedisTask(String message) throws SAXException, IOException, ParserConfigurationException, MOADatabaseException {
+
+ this.message = message;
+
+
+
+ }
+
+ public void run() {
+ String requestString =
+ "<?xml version=\"1.0\" encoding=\"UTF-8\" ?>" +
+ "<samlp:Request xmlns:samlp=\"urn:oasis:names:tc:SAML:1.0:protocol\" xmlns:saml=\"urn:oasis:names:tc:SAML:1.0:assertion\" RequestID=\"123456\" MajorVersion=\"1\" MinorVersion=\"0\" IssueInstant=\"2003-02-13T13:59:00\">" +
+ "<samlp:AssertionArtifact>WRONGARTIFACT</samlp:AssertionArtifact>" +
+ "</samlp:Request>";
+
+ Element request = null;
+ try {
+ request = DOMUtils.parseDocument(requestString, false, Constants.ALL_SCHEMA_LOCATIONS, null).getDocumentElement();
+ } catch (SAXException e) {
+ // TODO Auto-generated catch block
+ e.printStackTrace();
+ return;
+ } catch (IOException e) {
+ // TODO Auto-generated catch block
+ e.printStackTrace();
+ return;
+ } catch (ParserConfigurationException e) {
+ // TODO Auto-generated catch block
+ e.printStackTrace();
+ return;
+ }
+
+ RedisTransactionStorage rts = (RedisTransactionStorage) context.getBean("RedisTransactionStorage");
+
+ try {
+ rts.put(message, request,-1);
+ rts.changeKey(message, message+"n", request);
+ } catch (MOADatabaseException e) {
+ // TODO Auto-generated catch block
+ e.printStackTrace();
+ return;
+ }
+ System.out.println("Done with task "+message);
+ }
+
+ }
+
+}
diff --git a/id/server/idserverlib/src/test/java/at/gv/egovernment/moa/id/storage/test/RedisTransactionStorageTest.java b/id/server/idserverlib/src/test/java/at/gv/egovernment/moa/id/storage/test/RedisTransactionStorageTest.java
new file mode 100644
index 000000000..e957ffe05
--- /dev/null
+++ b/id/server/idserverlib/src/test/java/at/gv/egovernment/moa/id/storage/test/RedisTransactionStorageTest.java
@@ -0,0 +1,116 @@
+package at.gv.egovernment.moa.id.storage.test;
+
+import java.io.IOException;
+
+import javax.xml.parsers.ParserConfigurationException;
+
+import org.springframework.context.ApplicationContext;
+import org.springframework.context.ConfigurableApplicationContext;
+import org.springframework.context.support.FileSystemXmlApplicationContext;
+import org.w3c.dom.Element;
+import org.xml.sax.SAXException;
+
+import at.gv.egovernment.moa.id.commons.db.ex.MOADatabaseException;
+import at.gv.egovernment.moa.id.storage.DBTransactionStorage;
+import at.gv.egovernment.moa.id.storage.RedisTransactionStorage;
+import at.gv.egovernment.moa.util.Constants;
+import at.gv.util.DOMUtils;
+
+public class RedisTransactionStorageTest {
+
+
+ public RedisTransactionStorageTest(){
+
+ }
+
+ public static void main(String[] args) throws SAXException, IOException, ParserConfigurationException, MOADatabaseException{
+
+
+ ApplicationContext context = new FileSystemXmlApplicationContext("src/test/java/testBeans.xml");
+
+
+ String requestString =
+ "<?xml version=\"1.0\" encoding=\"UTF-8\" ?>" +
+ "<samlp:Request xmlns:samlp=\"urn:oasis:names:tc:SAML:1.0:protocol\" xmlns:saml=\"urn:oasis:names:tc:SAML:1.0:assertion\" RequestID=\"123456\" MajorVersion=\"1\" MinorVersion=\"0\" IssueInstant=\"2003-02-13T13:59:00\">" +
+ "<samlp:AssertionArtifact>WRONGARTIFACT</samlp:AssertionArtifact>" +
+ "</samlp:Request>";
+ Element request = DOMUtils.parseDocument(requestString, false, Constants.ALL_SCHEMA_LOCATIONS, null).getDocumentElement();
+
+ RedisTransactionStorage rts = (RedisTransactionStorage) context.getBean("RedisTransactionStorage");
+ //GenericToStringSerializer redisStringSerializer = (GenericToStringSerializer) context.getBean("valueObjectSerializer");
+
+ // rts.getTemplate().setValueSerializer(new GenericToStringSerializer<Object>(Object.class));
+ // rts.getTemplate().setHashValueSerializer(new GenericToStringSerializer<Object>(Object.class));
+
+ int cnt = 100;
+ int averageCnt = 10;
+ long putTime = 0, getTime = 0, changeTime = 0, removeTime = 0;
+ long total = 0;
+ for(int a=0;a<averageCnt;a++){
+ long totalPerRound = 0;
+
+ System.out.println("Starting Redis store operation.");
+ long start = System.currentTimeMillis();
+ for(int i=0; i<cnt;i++)
+ rts.put("test"+i, request,-1);
+ long end = System.currentTimeMillis();
+ putTime += end-start;
+ System.out.println("Redis store operation done in "+(end-start)+" ms.");
+ totalPerRound+=(end-start);
+
+ Element test;
+ System.out.println("Starting Redis get operation.");
+ start = System.currentTimeMillis();
+ for(int i=0; i<cnt;i++)
+ test = (Element)rts.get("test"+i);
+ end = System.currentTimeMillis();
+ getTime += end-start;
+ System.out.println("Redis get operation done in "+(end-start)+" ms.");
+ totalPerRound+=(end-start);
+ //Element test = (Element)rts.get("test0");
+ //System.out.println("Read Element from Redis Store: "+test.getTextContent());
+
+ String requestString2 =
+ "<?xml version=\"1.0\" encoding=\"UTF-8\" ?>" +
+ "<samlp:Request xmlns:samlp=\"urn:oasis:names:tc:SAML:1.0:protocol\" xmlns:saml=\"urn:oasis:names:tc:SAML:1.0:assertion\" RequestID=\"test_new\" MajorVersion=\"1\" MinorVersion=\"0\" IssueInstant=\"2003-02-13T13:59:00\">" +
+ "<samlp:AssertionArtifact>WRONGARTIFACT</samlp:AssertionArtifact>" +
+ "</samlp:Request>";
+ Element request2 = DOMUtils.parseDocument(requestString2, false, Constants.ALL_SCHEMA_LOCATIONS, null).getDocumentElement();
+
+ System.out.println("Starting Redis change operation.");
+ start = System.currentTimeMillis();
+ for(int i=0; i<cnt;i++)
+ rts.changeKey("test"+i, "test_new"+i, request2);
+ end = System.currentTimeMillis();
+ changeTime += end-start;
+ System.out.println("Redis change operation done in "+(end-start)+" ms.");
+ totalPerRound+=(end-start);
+
+
+
+ System.out.println("Starting Redis remove operation.");
+ start = System.currentTimeMillis();
+ for(int i=0; i<cnt;i++)
+ rts.remove("test_new"+i);
+ end = System.currentTimeMillis();
+ removeTime += end-start;
+ System.out.println("Redis remove operation done in "+(end-start)+" ms.");
+ totalPerRound+=(end-start);
+ total+=totalPerRound;
+
+ System.out.println("Redis Total Time in this round: "+totalPerRound+" ms.");
+ System.out.println("______________________________________________________");
+ }
+ System.out.println("______________________________________________________");
+ System.out.println("Redis average get time over " + averageCnt +" rounds: "+getTime/averageCnt+" ms.");
+ System.out.println("Redis average put time over " + averageCnt +" rounds: "+putTime/averageCnt+" ms.");
+ System.out.println("Redis average change time over " + averageCnt +" rounds: "+changeTime/averageCnt+" ms.");
+ System.out.println("Redis average remove time over " + averageCnt +" rounds: "+removeTime/averageCnt+" ms.");
+ System.out.println("Redis average total time over " + averageCnt +" rounds: "+total/averageCnt+" ms.");
+
+ ((ConfigurableApplicationContext)context).close();
+
+
+ }
+
+}
diff --git a/id/server/idserverlib/src/test/java/test/tlenz/simpletest.java b/id/server/idserverlib/src/test/java/test/tlenz/simpletest.java
index 2c80b7ffd..05cd74ed2 100644
--- a/id/server/idserverlib/src/test/java/test/tlenz/simpletest.java
+++ b/id/server/idserverlib/src/test/java/test/tlenz/simpletest.java
@@ -1,23 +1,23 @@
package test.tlenz;
-import java.io.File;
import java.io.FileInputStream;
-import java.io.InputStream;
-import java.io.ObjectInputStream;
-import java.net.URI;
-import java.net.URISyntaxException;
+import java.util.HashMap;
+import java.util.List;
-import org.w3c.dom.Element;
+import org.apache.commons.io.IOUtils;
+import org.w3c.dom.NodeList;
-import iaik.asn1.structures.Name;
-import iaik.utils.RFC2253NameParser;
-import iaik.utils.RFC2253NameParserException;
-import at.gv.egovernment.moa.id.auth.data.IdentityLink;
-import at.gv.egovernment.moa.id.auth.parser.IdentityLinkAssertionParser;
-import at.gv.egovernment.moa.id.data.AuthenticationRole;
-import at.gv.egovernment.moa.id.data.AuthenticationRoleFactory;
-import at.gv.egovernment.moa.id.util.IdentityLinkReSigner;
-import at.gv.egovernment.moa.util.DOMUtils;
+import at.gv.egovernment.moa.spss.api.SPSSFactory;
+import at.gv.egovernment.moa.spss.api.SignatureVerificationService;
+import at.gv.egovernment.moa.spss.api.common.Content;
+import at.gv.egovernment.moa.spss.api.common.ContentBinary;
+import at.gv.egovernment.moa.spss.api.common.ContentXML;
+import at.gv.egovernment.moa.spss.api.common.InputData;
+import at.gv.egovernment.moa.spss.api.common.SignerInfo;
+import at.gv.egovernment.moa.spss.api.xmlverify.VerifySignatureInfo;
+import at.gv.egovernment.moa.spss.api.xmlverify.VerifySignatureLocation;
+import at.gv.egovernment.moa.spss.api.xmlverify.VerifyXMLSignatureRequest;
+import at.gv.egovernment.moa.spss.api.xmlverify.VerifyXMLSignatureResponse;
/*******************************************************************************
* Copyright 2014 Federal Chancellery Austria
@@ -62,71 +62,130 @@ import at.gv.egovernment.moa.util.DOMUtils;
public class simpletest {
//
public static void main(String[] args) {
-
- URI fileURI = null;
- try {
- fileURI = new URI("file:c:/moa3/tomcat8/conf/moa-id/moa-id.properties");
- File propertiesFile = new File(fileURI);
+ try {
+ FileInputStream sigDocFIS = null;
+ sigDocFIS = new FileInputStream("D:/idl_test/identity_link.xml");
- InputStream in = new FileInputStream(propertiesFile);
- ObjectInputStream testOIS = new ObjectInputStream(in);
+ SPSSFactory spssFac = SPSSFactory.getInstance();
+ SignatureVerificationService sigVerifyService = SignatureVerificationService.getInstance();
+ Content sigDocContent = spssFac.createContent(sigDocFIS, null);
+
+
+ // Position der zu pruefenden Signatur
+ HashMap nSMap = new HashMap();
+ nSMap.put("dsig", "http://www.w3.org/2000/09/xmldsig#");
+ VerifySignatureLocation sigLocation = spssFac.createVerifySignatureLocation("//dsig:Signature", nSMap);
+
+ // Pruefrequest zusammenstellen
+ VerifySignatureInfo sigInfo = spssFac.createVerifySignatureInfo(sigDocContent, sigLocation);
+ VerifyXMLSignatureRequest verifyRequest = spssFac.createVerifyXMLSignatureRequest(
+ null, // Verwende aktuelle Zeit als Pruefzeit
+ sigInfo,
+ null, // Keine Ergaenzungsobjekte
+ null, // Signaturmanifest-Pruefung soll nicht durchgefuehrt werden
+ true, // Hash-Inputdaten, d.h. tatsaechlich signierte Daten werden nicht zurueckgeliefert
+ "MOAIDBuergerkarteAuthentisierungsDaten");
+
+
+ VerifyXMLSignatureResponse verifyResponse = null;
+ verifyResponse = sigVerifyService.verifyXMLSignature(verifyRequest);
+
+ SignerInfo signerInfo = verifyResponse.getSignerInfo();
+ String signerCertificateEncoded = null;
+
+ List hashInputDatas = verifyResponse.getHashInputDatas();
+ if (hashInputDatas != null && !hashInputDatas.isEmpty()) {
+ for (Object el : hashInputDatas) {
+ InputData inputData = (InputData) el;
+ switch (inputData.getContentType()) {
+ case Content.XML_CONTENT :
+ ContentXML contentXml = (ContentXML) inputData;
+ NodeList input_XML = contentXml.getXMLContent();
+
+ break;
+ case Content.BINARY_CONTENT :
+ ContentBinary contentBinary = (ContentBinary) inputData;
+ String input_Binary = IOUtils.toString(contentBinary.getBinaryContent());
+
+ }
+ }
+ }
+
+
- Object test = testOIS.readObject();
+ } catch (Exception e) {
- } catch (Exception e1) {
- e1.printStackTrace();
- }
-
- try {
- fileURI = new URI("file:/c:/moa3/tomcat8/conf/moa-id/moa-id.properties");
- File propertiesFile = new File(fileURI);
- } catch (Exception e1) {
- e1.printStackTrace();
- }
-
- try {
- fileURI = new URI("file://c:/moa3/tomcat8/conf/moa-id/moa-id.properties");
- File propertiesFile = new File(fileURI);
- } catch (Exception e1) {
- e1.printStackTrace();
- }
-
- try {
- fileURI = new URI("file:///c:/moa3/tomcat8/conf/moa-id/moa-id.properties");
- File propertiesFile = new File(fileURI);
- } catch (Exception e1) {
- e1.printStackTrace();
}
- try {
- InputStream s = new FileInputStream("D:/idl_test/identity_link.xml");
- Element idlTemplate = DOMUtils.parseXmlValidating(s);
-
- //resign IDL
- IdentityLinkReSigner identitylinkresigner = IdentityLinkReSigner.getInstance();
- Element resignedilAssertion = identitylinkresigner.resignIdentityLink(idlTemplate, "IDLSigning");
- IdentityLink identityLink = new IdentityLinkAssertionParser(resignedilAssertion).parseIdentityLink();
-
- } catch (Exception e) {
- System.out.println(e.getMessage());
-
- }
- String subjectName = "serialNumber=896929130327, givenName=OCSP, SN=Responder 03-1, CN=OCSP Responder 03-1, C=AT";
- try {
- Name test = new RFC2253NameParser(subjectName).parse();
-
- System.out.println(test.getRFC2253String());
-
- } catch (RFC2253NameParserException e) {
- // TODO Auto-generated catch block
- e.printStackTrace();
- }
+// URI fileURI = null;
+// try {
+// fileURI = new URI("file:c:/moa3/tomcat8/conf/moa-id/moa-id.properties");
+// File propertiesFile = new File(fileURI);
+//
+// InputStream in = new FileInputStream(propertiesFile);
+// ObjectInputStream testOIS = new ObjectInputStream(in);
+//
+// Object test = testOIS.readObject();
+//
+//
+// } catch (Exception e1) {
+// e1.printStackTrace();
+// }
+//
+// try {
+// fileURI = new URI("file:/c:/moa3/tomcat8/conf/moa-id/moa-id.properties");
+// File propertiesFile = new File(fileURI);
+// } catch (Exception e1) {
+// e1.printStackTrace();
+// }
+//
+// try {
+// fileURI = new URI("file://c:/moa3/tomcat8/conf/moa-id/moa-id.properties");
+// File propertiesFile = new File(fileURI);
+// } catch (Exception e1) {
+// e1.printStackTrace();
+// }
+//
+// try {
+// fileURI = new URI("file:///c:/moa3/tomcat8/conf/moa-id/moa-id.properties");
+// File propertiesFile = new File(fileURI);
+// } catch (Exception e1) {
+// e1.printStackTrace();
+// }
+//
+//
+//
+// try {
+// InputStream s = new FileInputStream("D:/idl_test/identity_link.xml");
+// Element idlTemplate = DOMUtils.parseXmlValidating(s);
+//
+// //resign IDL
+// IdentityLinkReSigner identitylinkresigner = IdentityLinkReSigner.getInstance();
+// Element resignedilAssertion = identitylinkresigner.resignIdentityLink(idlTemplate, "IDLSigning");
+// IdentityLink identityLink = new IdentityLinkAssertionParser(resignedilAssertion).parseIdentityLink();
+//
+// } catch (Exception e) {
+// System.out.println(e.getMessage());
+//
+// }
+//
+// String subjectName = "serialNumber=896929130327, givenName=OCSP, SN=Responder 03-1, CN=OCSP Responder 03-1, C=AT";
+//
+// try {
+// Name test = new RFC2253NameParser(subjectName).parse();
+//
+// System.out.println(test.getRFC2253String());
+//
+// } catch (RFC2253NameParserException e) {
+// // TODO Auto-generated catch block
+// e.printStackTrace();
+// }
// AuthenticationRole test = AuthenticationRoleFactory.buildFormPVPole("ecas-demo-EUROPEAN_COMMISSION(key=A\\,B)");
diff --git a/id/server/idserverlib/src/test/java/testBeans.xml b/id/server/idserverlib/src/test/java/testBeans.xml
new file mode 100644
index 000000000..238a571cb
--- /dev/null
+++ b/id/server/idserverlib/src/test/java/testBeans.xml
@@ -0,0 +1,130 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<beans xmlns="http://www.springframework.org/schema/beans"
+ xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
+ xmlns:context="http://www.springframework.org/schema/context"
+ xmlns:tx="http://www.springframework.org/schema/tx"
+ xmlns:aop="http://www.springframework.org/schema/aop"
+ xmlns:p="http://www.springframework.org/schema/p"
+ xsi:schemaLocation="http://www.springframework.org/schema/aop http://www.springframework.org/schema/aop/spring-aop-3.1.xsd
+ http://www.springframework.org/schema/beans http://www.springframework.org/schema/beans/spring-beans.xsd
+ http://www.springframework.org/schema/context http://www.springframework.org/schema/context/spring-context-3.1.xsd
+ http://www.springframework.org/schema/tx http://www.springframework.org/schema/tx/spring-tx-3.0.xsd">
+
+<context:annotation-config />
+ <bean id="configPropertyDao"
+ class="at.gv.egovernment.moa.id.commons.db.dao.config.DatabaseConfigPropertyImpl"/>
+
+ <bean id="moaidconfig" class="at.gv.egovernment.moa.id.commons.config.persistence.MOAIDConfigurationImpl" />
+
+ <bean name="config" id="entityManagerFactory" class="org.springframework.orm.jpa.LocalContainerEntityManagerFactoryBean">
+ <property name="dataSource" ref="dataSource" />
+ <property name="jpaVendorAdapter" ref="jpaVendorAdapter" />
+ <property name="persistenceUnitName" value="config" />
+ </bean>
+
+ <bean name="transactionManager" id="transactionManager" class="org.springframework.orm.jpa.JpaTransactionManager">
+ <property name="entityManagerFactory" ref="entityManagerFactory" />
+ </bean>
+ <tx:annotation-driven transaction-manager="transactionManager"/>
+
+ <bean id="RedisTransactionStorage"
+ class="at.gv.egovernment.moa.id.storage.RedisTransactionStorage"/>
+
+ <bean id="DBTransactionStorage"
+ class="at.gv.egovernment.moa.id.storage.DBTransactionStorage"/>
+
+ <!-- Redis Beans -->
+ <bean id="jedisConnFactory"
+ class="org.springframework.data.redis.connection.jedis.JedisConnectionFactory"
+ p:use-pool="true"
+ p:poolConfig-ref="jedisPoolConfig"/>
+
+ <bean id="jedisPoolConfig"
+ class="redis.clients.jedis.JedisPoolConfig"
+ p:maxTotal="100"
+ p:maxIdle="10"/>
+
+ <bean id="RedisStringSerializer" class="org.springframework.data.redis.serializer.StringRedisSerializer" />
+ <bean id="assertionStoreSerializer" class="org.springframework.data.redis.serializer.JacksonJsonRedisSerializer">
+ <constructor-arg type="java.lang.Class" value="at.gv.egovernment.moa.id.commons.db.dao.session.AssertionStore"/>
+ </bean>
+
+ <bean id="redisTemplate"
+ class="org.springframework.data.redis.core.RedisTemplate"
+ p:connection-factory-ref="jedisConnFactory"
+ p:value-serializer-ref="RedisStringSerializer"
+ p:key-serializer-ref="RedisStringSerializer"
+ p:enableTransactionSupport="true"/>
+
+ <context:property-placeholder location="${moa.id.configuration}"/>
+
+ <bean id="moaidauthconfig" class="at.gv.egovernment.moa.id.config.auth.PropertyBasedAuthConfigurationProvider">
+ <constructor-arg value="#{systemProperties['moa.id.configuration']}"/>
+ </bean>
+
+ <bean id="dataSource" class="org.apache.commons.dbcp2.BasicDataSource" lazy-init="true" destroy-method="close">
+ <aop:scoped-proxy/>
+ <property name="driverClassName" value="${configuration.hibernate.connection.driver_class}" />
+ <property name="url" value="${configuration.hibernate.connection.url}"/>
+ <property name="username" value="${configuration.hibernate.connection.username}" />
+ <property name="password" value="${configuration.hibernate.connection.password}" />
+
+ <property name="connectionProperties" value="${configuration.dbcp.connectionProperties}" />
+ <property name="initialSize" value="${configuration.dbcp.initialSize}" />
+ <property name="maxTotal" value="${configuration.dbcp.maxActive}" />
+ <property name="maxIdle" value="${configuration.dbcp.maxIdle}" />
+ <property name="minIdle" value="${configuration.dbcp.minIdle}" />
+ <!-- property name="maxWait" value="${configuration.dbcp.maxWaitMillis}" / -->
+ <property name="testOnBorrow" value="${configuration.dbcp.testOnBorrow}" />
+ <property name="testOnReturn" value="${configuration.dbcp.testOnReturn}" />
+ <property name="testWhileIdle" value="${configuration.dbcp.testWhileIdle}" />
+ <property name="validationQuery" value="${configuration.dbcp.validationQuery}" />
+ </bean>
+
+ <bean id="jpaVendorAdapter" class="org.springframework.orm.jpa.vendor.HibernateJpaVendorAdapter">
+ <property name="showSql" value="${configuration.hibernate.show_sql}" />
+ <property name="generateDdl" value="${configuration.jpaVendorAdapter.generateDdl}" />
+ <property name="databasePlatform" value="${configuration.hibernate.dialect}" />
+ </bean>
+
+ <bean id="taskExecutor" class="org.springframework.scheduling.concurrent.ThreadPoolTaskExecutor">
+ <property name="corePoolSize" value="1" />
+ <property name="maxPoolSize" value="50" />
+ <property name="queueCapacity" value="50" />
+ </bean>
+
+ <bean id="sessionDataSource" class="org.apache.commons.dbcp2.BasicDataSource" lazy-init="true" destroy-method="close">
+ <aop:scoped-proxy/>
+ <property name="driverClassName" value="${moasession.hibernate.connection.driver_class}" />
+ <property name="url" value="${moasession.hibernate.connection.url}"/>
+ <property name="username" value="${moasession.hibernate.connection.username}" />
+ <property name="password" value="${moasession.hibernate.connection.password}" />
+
+ <property name="connectionProperties" value="${moasession.dbcp.connectionProperties}" />
+ <property name="initialSize" value="${moasession.dbcp.initialSize}" />
+ <property name="maxTotal" value="${moasession.dbcp.maxActive}" />
+ <property name="maxIdle" value="${moasession.dbcp.maxIdle}" />
+ <property name="minIdle" value="${moasession.dbcp.minIdle}" />
+ <!-- property name="maxWait" value="${moasession.dbcp.maxWaitMillis}" / -->
+ <property name="testOnBorrow" value="${moasession.dbcp.testOnBorrow}" />
+ <property name="testOnReturn" value="${moasession.dbcp.testOnReturn}" />
+ <property name="testWhileIdle" value="${moasession.dbcp.testWhileIdle}" />
+ <property name="validationQuery" value="${moasession.dbcp.validationQuery}" />
+ </bean>
+
+ <bean id="sessionJpaVendorAdapter" class="org.springframework.orm.jpa.vendor.HibernateJpaVendorAdapter">
+ <property name="showSql" value="${moasession.hibernate.show_sql}" />
+ <property name="generateDdl" value="${moasession.jpaVendorAdapter.generateDdl}" />
+ <property name="databasePlatform" value="${moasession.hibernate.dialect}" />
+ </bean>
+
+ <bean name="sessionEntityManagerFactory" id="sessionEntityManagerFactory" class="org.springframework.orm.jpa.LocalContainerEntityManagerFactoryBean">
+ <property name="dataSource" ref="sessionDataSource" />
+ <property name="jpaVendorAdapter" ref="sessionJpaVendorAdapter" />
+ <property name="persistenceUnitName" value="session" />
+ </bean>
+
+ <bean name="sessionTransactionManager" id="sessionTransactionManager" class="org.springframework.orm.jpa.JpaTransactionManager">
+ <property name="entityManagerFactory" ref="sessionEntityManagerFactory" />
+ </bean>
+</beans> \ No newline at end of file
diff --git a/id/server/idserverlib/src/test/resources/at/gv/egovernment/moa/id/process/spring/test/SpringExpressionAwareProcessEngineTest-context.xml b/id/server/idserverlib/src/test/resources/at/gv/egovernment/moa/id/process/spring/test/SpringExpressionAwareProcessEngineTest-context.xml
index bf47c0445..7d9db0ab7 100644
--- a/id/server/idserverlib/src/test/resources/at/gv/egovernment/moa/id/process/spring/test/SpringExpressionAwareProcessEngineTest-context.xml
+++ b/id/server/idserverlib/src/test/resources/at/gv/egovernment/moa/id/process/spring/test/SpringExpressionAwareProcessEngineTest-context.xml
@@ -1,9 +1,13 @@
<?xml version="1.0" encoding="UTF-8"?>
<beans xmlns="http://www.springframework.org/schema/beans"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
- xmlns:task="http://www.springframework.org/schema/task"
- xsi:schemaLocation="http://www.springframework.org/schema/task http://www.springframework.org/schema/task/spring-task.xsd
- http://www.springframework.org/schema/beans http://www.springframework.org/schema/beans/spring-beans.xsd">
+ xmlns:context="http://www.springframework.org/schema/context"
+ xmlns:tx="http://www.springframework.org/schema/tx"
+ xmlns:aop="http://www.springframework.org/schema/aop"
+ xsi:schemaLocation="http://www.springframework.org/schema/aop http://www.springframework.org/schema/aop/spring-aop-3.1.xsd
+ http://www.springframework.org/schema/beans http://www.springframework.org/schema/beans/spring-beans.xsd
+ http://www.springframework.org/schema/context http://www.springframework.org/schema/context/spring-context-3.1.xsd
+ http://www.springframework.org/schema/tx http://www.springframework.org/schema/tx/spring-tx-3.0.xsd">
<bean id="springElAwareExpressionEvaluator" class="at.gv.egovernment.moa.id.process.spring.SpringExpressionEvaluator" />
@@ -12,7 +16,7 @@
</bean>
<bean id="TransactionStorage"
- class="at.gv.egovernment.moa.id.storage.DBTransactionStorage"/>
+ class="at.gv.egovernment.moa.id.process.spring.test.DummyTransactionStorage"/>
<bean id="ProcessInstanceStoreage"
class="at.gv.egovernment.moa.id.process.dao.ProcessInstanceStoreDAOImpl"/>
@@ -40,4 +44,5 @@
<bean id="ValidateSignedAuthBlockTask"
class="at.gv.egovernment.moa.id.process.spring.test.task.ValidateSignedAuthBlockTask"/>
+
</beans>
diff --git a/id/server/moa-id-commons/pom.xml b/id/server/moa-id-commons/pom.xml
index ea9e06fd6..a3d902262 100644
--- a/id/server/moa-id-commons/pom.xml
+++ b/id/server/moa-id-commons/pom.xml
@@ -56,6 +56,10 @@
<dependencies>
<dependency>
+ <groupId>MOA.id.server</groupId>
+ <artifactId>moa-id-jaxb_classes</artifactId>
+ </dependency>
+ <dependency>
<groupId>at.gv.util</groupId>
<artifactId>egovutils</artifactId>
<exclusions>
@@ -97,16 +101,18 @@
<groupId>iaik.prod</groupId>
<artifactId>iaik_jce_full</artifactId>
</dependency>
- <dependency>
- <groupId>iaik.prod</groupId>
- <artifactId>iaik_moa</artifactId>
- </dependency>
+ <dependency>
+ <groupId>MOA.id</groupId>
+ <artifactId>moa-spss-container</artifactId>
+ <version>${moa-id-version}</version>
+ </dependency>
+
<dependency>
<groupId>iaik.prod</groupId>
<artifactId>iaik_X509TrustManager</artifactId>
</dependency>
-
+
<dependency>
<groupId>joda-time</groupId>
<artifactId>joda-time</artifactId>
@@ -142,17 +148,17 @@
<groupId>org.hibernate</groupId>
<artifactId>hibernate-core</artifactId>
<version>${hibernate.version}</version>
- </dependency>
- <dependency>
+ </dependency>
+ <!-- dependency>
<groupId>org.hibernate</groupId>
<artifactId>hibernate-c3p0</artifactId>
<version>${hibernate.version}</version>
- </dependency>
- <dependency>
+ </dependency-->
+<!-- <dependency>
<groupId>org.hibernate</groupId>
<artifactId>hibernate-entitymanager</artifactId>
<version>${hibernate.version}</version>
- </dependency>
+ </dependency> -->
<dependency>
<groupId>jaxen</groupId>
@@ -232,6 +238,17 @@
<groupId>org.springframework</groupId>
<artifactId>spring-orm</artifactId>
</dependency>
+ <dependency>
+ <groupId>org.springframework</groupId>
+ <artifactId>spring-tx</artifactId>
+ <version>${org.springframework.version}</version>
+ </dependency>
+ <dependency>
+ <groupId>org.springframework.data</groupId>
+ <artifactId>spring-data-jpa</artifactId>
+ <version>1.10.4.RELEASE</version>
+ </dependency>
+
<dependency>
<groupId>com.fasterxml.jackson.core</groupId>
diff --git a/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/MOAIDConstants.java b/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/MOAIDConstants.java
index 6726aacb5..6d573efe8 100644
--- a/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/MOAIDConstants.java
+++ b/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/MOAIDConstants.java
@@ -40,11 +40,13 @@ public class MOAIDConstants {
public static final String PREFIX_WPBK = "urn:publicid:gv.at:wbpk+";
public static final String PREFIX_STORK = "urn:publicid:gv.at:storkid+";
+ public static final String PREFIX_EIDAS = "urn:publicid:gv.at:eidasid+";
public static final String IDENIFICATIONTYPE_FN = "FN";
public static final String IDENIFICATIONTYPE_ERSB = "ERSB";
public static final String IDENIFICATIONTYPE_ZVR = "ZVR";
public static final String IDENIFICATIONTYPE_STORK = "STORK";
+ public static final String IDENIFICATIONTYPE_EIDAS = "eIDAS";
public static final String KEYBOXIDENTIFIER_SECURE = "SecureSignatureKeypair";
public static final String KEYBOXIDENTIFIER_CERTIFIED = "CertifiedKeypair";
@@ -61,16 +63,22 @@ public class MOAIDConstants {
public static final List<String> ALLOWED_KEYBOXIDENTIFIER;
public static final List<String> ALLOWED_REDIRECTTARGETNAMES;
public static final List<String> ALLOWED_STORKATTRIBUTEPROVIDERS;
+ public static final List<String> ALLOWED_eIDAS_LOA;
public static final List<String> JDBC_DRIVER_NEEDS_WORKAROUND;
public static final String UNIQUESESSIONIDENTIFIER = "uniqueSessionIdentifier";
+ public static final String eIDAS_LOA_LOW = "http://eidas.europa.eu/LoA/low";
+ public static final String eIDAS_LOA_SUBSTANTIAL = "http://eidas.europa.eu/LoA/substantial";
+ public static final String eIDAS_LOA_HIGH = "http://eidas.europa.eu/LoA/high";
+
static {
Hashtable<String, String> tmp = new Hashtable<String, String>();
tmp.put(IDENIFICATIONTYPE_FN, "Firmenbuchnummer");
tmp.put(IDENIFICATIONTYPE_ZVR, "Vereinsnummer");
tmp.put(IDENIFICATIONTYPE_ERSB, "ERsB Kennzahl");
tmp.put(IDENIFICATIONTYPE_STORK, "STORK");
+ tmp.put(IDENIFICATIONTYPE_EIDAS, "eIDAS");
BUSINESSSERVICENAMES = Collections.unmodifiableMap(tmp);
List<String> awbpk = new ArrayList<String>();
@@ -87,6 +95,12 @@ public class MOAIDConstants {
keyboxIDs.add(KEYBOXIDENTIFIER_CERTIFIED);
ALLOWED_KEYBOXIDENTIFIER = Collections.unmodifiableList(keyboxIDs);
+ List<String> eIDASLOA = new ArrayList<String>();
+ eIDASLOA.add(eIDAS_LOA_LOW);
+ eIDASLOA.add(eIDAS_LOA_SUBSTANTIAL);
+ eIDASLOA.add(eIDAS_LOA_HIGH);
+ ALLOWED_eIDAS_LOA = Collections.unmodifiableList(eIDASLOA);
+
List<String> redirectTargets = new ArrayList<String>();
redirectTargets.add(REDIRECTTARGET_BLANK);
redirectTargets.add(REDIRECTTARGET_PARENT);
diff --git a/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/api/AuthConfiguration.java b/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/api/AuthConfiguration.java
index 6b51c8683..2a8f8727a 100644
--- a/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/api/AuthConfiguration.java
+++ b/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/api/AuthConfiguration.java
@@ -31,6 +31,16 @@ public interface AuthConfiguration extends ConfigurationProvider{
*/
public String getBasicMOAIDConfiguration(final String key);
+
+ /**
+ * Get a configuration value from basic file based MOA-ID configuration
+ *
+ * @param key configuration key
+ * @param defaultValue Default value if no value with this key is found
+ * @return configuration value
+ */
+ public String getBasicMOAIDConfiguration(final String key, final String defaultValue);
+
public int getTransactionTimeOut();
public int getSSOCreatedTimeOut();
public int getSSOUpdatedTimeOut();
diff --git a/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/api/ConfigurationProvider.java b/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/api/ConfigurationProvider.java
index ca0a56049..e14f9c9ce 100644
--- a/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/api/ConfigurationProvider.java
+++ b/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/api/ConfigurationProvider.java
@@ -60,7 +60,12 @@ public interface ConfigurationProvider {
public String getTrustedCACertificates();
- public String getCertstoreDirectory();
-
public boolean isTrustmanagerrevoationchecking();
+
+ /**
+ * Get active Spring profiles from file based configuration
+ *
+ * @return Array of currently configurated Spring profiles
+ */
+ public String[] getActiveProfiles();
}
diff --git a/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/api/IOAAuthParameters.java b/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/api/IOAAuthParameters.java
index be6d34275..1aea8d7b6 100644
--- a/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/api/IOAAuthParameters.java
+++ b/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/api/IOAAuthParameters.java
@@ -152,7 +152,12 @@ public interface IOAAuthParameters {
*/
public boolean isShowStorkLogin();
- public Integer getQaaLevel();
+ /**
+ * Return the eIDAS LoA which is minimum required
+ *
+ * @return eIDAS LoA as URL identifier
+ */
+ public String getQaaLevel();
public boolean isRequireConsentForStorkAttributes();
diff --git a/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/api/IRequest.java b/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/api/IRequest.java
index b23b4474b..88cd89319 100644
--- a/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/api/IRequest.java
+++ b/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/api/IRequest.java
@@ -24,6 +24,9 @@ package at.gv.egovernment.moa.id.commons.api;
import java.util.Collection;
+import org.opensaml.saml2.metadata.provider.MetadataProvider;
+
+import at.gv.egovernment.moa.id.commons.api.data.IAuthenticationSession;
import at.gv.egovernment.moa.id.commons.api.exceptions.SessionDataStorageException;
public interface IRequest {
@@ -107,14 +110,30 @@ public interface IRequest {
/**
- * Hold the identifier of the MOASession which is associated with this request
+ * Hold the identifier of the SSO MOASession which is associated with this request
*
- * @return MOASession identifier if a associated session exists, otherwise null
+ * @return SSO MOASession identifier if a associated session exists, otherwise null
*/
- public String getMOASessionIdentifier();
+ public String getInternalSSOSessionIdentifier();
/**
+ * Hold the MOASession object of a pending request
+ * This MOASession object is NOT stored to AuthenticationSession database, because it is only part of the pending request
+ *
+ * @return {@link IAuthenticationSession} AuthenticationSession data object of this pending request
+ */
+ public IAuthenticationSession getMOASession();
+
+
+ /**
+ * Populate the MOASession object of a pending request with information from an SSO session database
+ *
+ * @param ssoSession
+ */
+ public void populateMOASessionWithSSOInformation(IAuthenticationSession ssoSession);
+
+ /**
* Holds a unique transaction identifier, which could be used for looging
* This transaction identifier is unique for a single identification and authentication process
*
@@ -193,9 +212,10 @@ public interface IRequest {
/**
* This method get a Set of PVP 2.1 attribute, which are request by this pending-request.
+ * @param metadataProvider SAML2 Metadata Provider, or null if no metadata provider is required
*
* @return A set of PVP attribute names or null if no attributes are requested
* or the Service Provider, which sends this request needs no attributes
*/
- public Collection<String> getRequestedAttributes();
+ public Collection<String> getRequestedAttributes(MetadataProvider metadataProvider);
}
diff --git a/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/api/data/AuthProzessDataConstants.java b/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/api/data/AuthProzessDataConstants.java
new file mode 100644
index 000000000..db413b0f5
--- /dev/null
+++ b/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/api/data/AuthProzessDataConstants.java
@@ -0,0 +1,66 @@
+/*
+ * Copyright 2014 Federal Chancellery Austria
+ * MOA-ID has been developed in a cooperation between BRZ, the Federal
+ * Chancellery Austria - ICT staff unit, and Graz University of Technology.
+ *
+ * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by
+ * the European Commission - subsequent versions of the EUPL (the "Licence");
+ * You may not use this work except in compliance with the Licence.
+ * You may obtain a copy of the Licence at:
+ * http://www.osor.eu/eupl/
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the Licence is distributed on an "AS IS" basis,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the Licence for the specific language governing permissions and
+ * limitations under the Licence.
+ *
+ * This product combines work with different licenses. See the "NOTICE" text
+ * file for details on the various modules and licenses.
+ * The "NOTICE" text file is part of the distribution. Any derivative works
+ * that you distribute must include a readable copy of the "NOTICE" text file.
+ */
+package at.gv.egovernment.moa.id.commons.api.data;
+
+/**
+ * @author tlenz
+ *
+ */
+public interface AuthProzessDataConstants {
+
+ public static final String GENERIC_PREFIX = "generic_";
+
+
+ public static final String FLAG_IS_FOREIGNER = "direct_flagIsForeigner";
+ public static final String FLAG_USE_MANDATE = "direct_flagUseMandate";
+ public static final String FLAG_IS_ORGANWALTER = "direct_flagOrganwalter";
+ public static final String FLAG_IS_AUTHENTICATED = "direct_flagIsAuth";
+ public static final String FLAG_SAMLATTRIBUTEGEBEORWBPK = "direct_SAMLAttributeGebeORwbpk";
+
+
+ public static final String VALUE_CREATED = "direct_created";
+ public static final String VALUE_ISSUEINSTANT = "direct_issueInstant";
+ public static final String VALUE_SESSIONID = "direct_sessionId";
+ public static final String VALUE_SIGNER_CERT = "direct_signerCert";
+ public static final String VALUE_IDENTITYLINK = "direct_idl";
+ public static final String VALUE_BKUURL = "direct_bkuUrl";
+ public static final String VALUE_AUTHBLOCK = "direct_authBlock";
+
+ public static final String VALUE_AUTNBLOCKTOKKEN = "direct_authblocktokken";
+ public static final String VALUE_QAALEVEL = "direct_qaaLevel";
+ public static final String VALUE_VERIFYSIGRESP = "direct_verifySigResp";
+
+ public static final String VALUE_MISSESSIONID = "direct_MIS_SessionId";
+ public static final String VALUE_MISREFVALUE = "direct_MIS_RefValue";
+ public static final String VALUE_MISMANDATE = "direct_MIS_Mandate";
+
+
+
+
+ @Deprecated
+ public static final String VALUE_EXTENTEDSAMLATTRAUTH = "direct_extSamlAttrAuth";
+
+ @Deprecated
+ public static final String VALUE_EXTENTEDSAMLATTROA = "direct_extSamlAttrOA";
+
+}
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/data/ExtendedSAMLAttribute.java b/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/api/data/ExtendedSAMLAttribute.java
index e1755615b..e9045e727 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/data/ExtendedSAMLAttribute.java
+++ b/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/api/data/ExtendedSAMLAttribute.java
@@ -44,7 +44,7 @@
*/
-package at.gv.egovernment.moa.id.auth.data;
+package at.gv.egovernment.moa.id.commons.api.data;
/**
* A SAML-Attribute to be appended to the final SAML-Assertion
diff --git a/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/api/data/IAuthenticationSession.java b/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/api/data/IAuthenticationSession.java
new file mode 100644
index 000000000..8bffceaed
--- /dev/null
+++ b/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/api/data/IAuthenticationSession.java
@@ -0,0 +1,296 @@
+/*
+ * Copyright 2014 Federal Chancellery Austria
+ * MOA-ID has been developed in a cooperation between BRZ, the Federal
+ * Chancellery Austria - ICT staff unit, and Graz University of Technology.
+ *
+ * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by
+ * the European Commission - subsequent versions of the EUPL (the "Licence");
+ * You may not use this work except in compliance with the Licence.
+ * You may obtain a copy of the Licence at:
+ * http://www.osor.eu/eupl/
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the Licence is distributed on an "AS IS" basis,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the Licence for the specific language governing permissions and
+ * limitations under the Licence.
+ *
+ * This product combines work with different licenses. See the "NOTICE" text
+ * file for details on the various modules and licenses.
+ * The "NOTICE" text file is part of the distribution. Any derivative works
+ * that you distribute must include a readable copy of the "NOTICE" text file.
+ */
+package at.gv.egovernment.moa.id.commons.api.data;
+
+import java.util.Date;
+import java.util.List;
+import java.util.Map;
+
+import at.gv.egovernment.moa.id.commons.api.exceptions.SessionDataStorageException;
+import iaik.x509.X509Certificate;
+
+/**
+ * @author tlenz
+ *
+ */
+public interface IAuthenticationSession {
+
+ boolean isAuthenticated();
+
+ void setAuthenticated(boolean authenticated);
+
+ X509Certificate getSignerCertificate();
+
+ byte[] getEncodedSignerCertificate();
+
+ void setSignerCertificate(X509Certificate signerCertificate);
+
+ /**
+ * Returns the identityLink.
+ *
+ * @return IdentityLink
+ */
+ IIdentityLink getIdentityLink();
+
+ /**
+ * Returns the sessionID.
+ *
+ * @return String
+ */
+ String getSessionID();
+
+ /**
+ * Sets the identityLink.
+ *
+ * @param identityLink
+ * The identityLink to set
+ */
+ void setIdentityLink(IIdentityLink identityLink);
+
+ /**
+ * Sets the sessionID.
+ *
+ * @param sessionId
+ * The sessionID to set
+ */
+ void setSessionID(String sessionId);
+
+ /**
+ * Returns the BKU URL.
+ *
+ * @return String
+ */
+ String getBkuURL();
+
+ /**
+ * Sets the bkuURL
+ *
+ * @param bkuURL
+ * The BKU URL to set
+ */
+ void setBkuURL(String bkuURL);
+
+ /**
+ * Returns the authBlock.
+ *
+ * @return String
+ */
+ String getAuthBlock();
+
+ /**
+ * Sets the authBlock.
+ *
+ * @param authBlock
+ * The authBlock to set
+ */
+ void setAuthBlock(String authBlock);
+
+ /**
+ * Returns the SAML Attributes to be appended to the AUTHBlock. Maybe <code>null</code>.
+ *
+ * @return The SAML Attributes to be appended to the AUTHBlock. Maybe <code>null</code>.
+ */
+ List<ExtendedSAMLAttribute> getExtendedSAMLAttributesAUTH();
+
+ /**
+ * Sets the SAML Attributes to be appended to the AUTHBlock.
+ *
+ * @param extendedSAMLAttributesAUTH
+ * The SAML Attributes to be appended to the AUTHBlock.
+ */
+ void setExtendedSAMLAttributesAUTH(List<ExtendedSAMLAttribute> extendedSAMLAttributesAUTH);
+
+ /**
+ * Returns the SAML Attributes to be appended to the SAML assertion delivered to the online
+ * application. Maybe <code>null</code>.
+ *
+ * @return The SAML Attributes to be appended to the SAML assertion delivered to the online
+ * application
+ */
+ List<ExtendedSAMLAttribute> getExtendedSAMLAttributesOA();
+
+ /**
+ * Sets the SAML Attributes to be appended to the SAML assertion delivered to the online
+ * application.
+ *
+ * @param extendedSAMLAttributesOA
+ * The SAML Attributes to be appended to the SAML assertion delivered to the online
+ * application.
+ */
+ void setExtendedSAMLAttributesOA(List<ExtendedSAMLAttribute> extendedSAMLAttributesOA);
+
+ /**
+ * Returns the boolean value for either a target or a wbPK is provided as SAML Attribute in the
+ * SAML Assertion or not.
+ *
+ * @return true either a target or a wbPK is provided as SAML Attribute in the SAML Assertion or
+ * false if not.
+ */
+ boolean getSAMLAttributeGebeORwbpk();
+
+ /**
+ * Sets the boolean value for either a target or a wbPK is provided as SAML Attribute in the
+ * SAML Assertion or not.
+ *
+ * @param samlAttributeGebeORwbpk
+ * The boolean for value either a target or wbPK is provided as SAML Attribute in the
+ * SAML Assertion or not.
+ */
+ void setSAMLAttributeGebeORwbpk(boolean samlAttributeGebeORwbpk);
+
+ /**
+ * Returns the issuing time of the AUTH-Block SAML assertion.
+ *
+ * @return The issuing time of the AUTH-Block SAML assertion.
+ */
+ String getIssueInstant();
+
+ /**
+ * Sets the issuing time of the AUTH-Block SAML assertion.
+ *
+ * @param issueInstant
+ * The issueInstant to set.
+ */
+ void setIssueInstant(String issueInstant);
+
+ /**
+ *
+ * @param useMandate
+ * indicates if mandate is used or not
+ */
+ void setUseMandate(String useMandate);
+
+ void setUseMandates(boolean useMandates);
+
+ /**
+ * @return
+ */
+ boolean isMandateUsed();
+
+ /**
+ *
+ * @param misSessionID
+ * indicates the MIS session ID
+ */
+ void setMISSessionID(String misSessionID);
+
+ /**
+ * Returns the MIS session ID
+ *
+ * @return
+ */
+ String getMISSessionID();
+
+ /**
+ * @return the mandateReferenceValue
+ */
+ String getMandateReferenceValue();
+
+ /**
+ * @param mandateReferenceValue
+ * the mandateReferenceValue to set
+ */
+ void setMandateReferenceValue(String mandateReferenceValue);
+
+ boolean isForeigner();
+
+ void setForeigner(boolean isForeigner);
+
+ IVerifiyXMLSignatureResponse getXMLVerifySignatureResponse();
+
+ void setXMLVerifySignatureResponse(IVerifiyXMLSignatureResponse xMLVerifySignatureResponse);
+
+ IMISMandate getMISMandate();
+
+ void setMISMandate(IMISMandate mandate);
+
+ /**
+ * @return the isOW
+ */
+ boolean isOW();
+
+ /**
+ * @param isOW
+ * the isOW to set
+ */
+ void setOW(boolean isOW);
+
+ /**
+ * @return the authBlockTokken
+ */
+ String getAuthBlockTokken();
+
+ /**
+ * @param authBlockTokken
+ * the authBlockTokken to set
+ */
+ void setAuthBlockTokken(String authBlockTokken);
+
+ /**
+ * eIDAS QAA level
+ *
+ * @return the qAALevel
+ */
+ String getQAALevel();
+
+ /**
+ * set QAA level in eIDAS form
+ *
+ * @param qAALevel the qAALevel to set
+ */
+ void setQAALevel(String qAALevel);
+
+ /**
+ * @return the sessionCreated
+ */
+ Date getSessionCreated();
+
+ Map<String, Object> getGenericSessionDataStorage();
+
+ /**
+ * Returns a generic session-data object with is stored with a specific identifier
+ *
+ * @param key The specific identifier of the session-data object
+ * @return The session-data object or null if no data is found with this key
+ */
+ Object getGenericDataFromSession(String key);
+
+ /**
+ * Returns a generic session-data object with is stored with a specific identifier
+ *
+ * @param key The specific identifier of the session-data object
+ * @param clazz The class type which is stored with this key
+ * @return The session-data object or null if no data is found with this key
+ */
+ <T> T getGenericDataFromSession(String key, Class<T> clazz);
+
+ /**
+ * Store a generic data-object to session with a specific identifier
+ *
+ * @param key Identifier for this data-object
+ * @param object Generic data-object which should be stored. This data-object had to be implement the 'java.io.Serializable' interface
+ * @throws SessionDataStorageException Error message if the data-object can not stored to generic session-data storage
+ */
+ void setGenericDataToSession(String key, Object object) throws SessionDataStorageException;
+
+} \ No newline at end of file
diff --git a/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/api/data/IIdentityLink.java b/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/api/data/IIdentityLink.java
new file mode 100644
index 000000000..3a0ccd7c9
--- /dev/null
+++ b/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/api/data/IIdentityLink.java
@@ -0,0 +1,175 @@
+/*
+ * Copyright 2014 Federal Chancellery Austria
+ * MOA-ID has been developed in a cooperation between BRZ, the Federal
+ * Chancellery Austria - ICT staff unit, and Graz University of Technology.
+ *
+ * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by
+ * the European Commission - subsequent versions of the EUPL (the "Licence");
+ * You may not use this work except in compliance with the Licence.
+ * You may obtain a copy of the Licence at:
+ * http://www.osor.eu/eupl/
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the Licence is distributed on an "AS IS" basis,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the Licence for the specific language governing permissions and
+ * limitations under the Licence.
+ *
+ * This product combines work with different licenses. See the "NOTICE" text
+ * file for details on the various modules and licenses.
+ * The "NOTICE" text file is part of the distribution. Any derivative works
+ * that you distribute must include a readable copy of the "NOTICE" text file.
+ */
+package at.gv.egovernment.moa.id.commons.api.data;
+
+import java.io.IOException;
+import java.security.PublicKey;
+
+import javax.xml.transform.TransformerException;
+
+import org.w3c.dom.Element;
+
+/**
+ * @author tlenz
+ *
+ */
+public interface IIdentityLink {
+
+ /**
+ * Returns the dateOfBirth.
+ * @return Calendar
+ */
+ String getDateOfBirth();
+
+ /**
+ * Returns the familyName.
+ * @return String
+ */
+ String getFamilyName();
+
+ /**
+ * Returns the givenName.
+ * @return String
+ */
+ String getGivenName();
+
+ /**
+ * Returns the name.
+ * @return The name.
+ */
+ String getName();
+
+ /**
+ * Returns the identificationValue.
+ * <code>"identificationValue"</code> is the translation of <code>"Stammzahl"</code>.
+ * @return String
+ */
+ String getIdentificationValue();
+
+ /**
+ * Returns the identificationType.
+ * <code>"identificationType"</code> type of the identificationValue in the IdentityLink.
+ * @return String
+ */
+ String getIdentificationType();
+
+ /**
+ * Sets the dateOfBirth.
+ * @param dateOfBirth The dateOfBirth to set
+ */
+ void setDateOfBirth(String dateOfBirth);
+
+ /**
+ * Sets the familyName.
+ * @param familyName The familyName to set
+ */
+ void setFamilyName(String familyName);
+
+ /**
+ * Sets the givenName.
+ * @param givenName The givenName to set
+ */
+ void setGivenName(String givenName);
+
+ /**
+ * Sets the identificationValue.
+ * <code>"identificationValue"</code> is the translation of <code>"Stammzahl"</code>.
+ * @param identificationValue The identificationValue to set
+ */
+ void setIdentificationValue(String identificationValue);
+
+ /**
+ * Sets the Type of the identificationValue.
+ * @param identificationType The type of identificationValue to set
+ */
+ void setIdentificationType(String identificationType);
+
+ /**
+ * Returns the samlAssertion.
+ * @return Element
+ */
+ Element getSamlAssertion();
+
+ /**
+ * Returns the samlAssertion.
+ * @return Element
+ */
+ String getSerializedSamlAssertion();
+
+ /**
+ * Sets the samlAssertion and the serializedSamlAssertion.
+ * @param samlAssertion The samlAssertion to set
+ */
+ void setSamlAssertion(Element samlAssertion) throws TransformerException, IOException;
+
+ /**
+ * Returns the dsigReferenceTransforms.
+ * @return Element[]
+ */
+ Element[] getDsigReferenceTransforms();
+
+ /**
+ * Sets the dsigReferenceTransforms.
+ * @param dsigReferenceTransforms The dsigReferenceTransforms to set
+ */
+ void setDsigReferenceTransforms(Element[] dsigReferenceTransforms);
+
+ /**
+ * Returns the publicKey.
+ * @return PublicKey[]
+ */
+ PublicKey[] getPublicKey();
+
+ /**
+ * Sets the publicKey.
+ * @param publicKey The publicKey to set
+ */
+ void setPublicKey(PublicKey[] publicKey);
+
+ /**
+ * Returns the prPerson.
+ * @return Element
+ */
+ Element getPrPerson();
+
+ /**
+ * Sets the prPerson.
+ * @param prPerson The prPerson to set
+ */
+ void setPrPerson(Element prPerson);
+
+ /**
+ * Returns the issuing time of the identity link SAML assertion.
+ *
+ * @return The issuing time of the identity link SAML assertion.
+ */
+ String getIssueInstant();
+
+ /**
+ * Sets the issuing time of the identity link SAML assertion.
+ *
+ * @param issueInstant The issueInstant to set.
+ */
+ void setIssueInstant(String issueInstant);
+
+} \ No newline at end of file
diff --git a/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/api/data/IMISMandate.java b/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/api/data/IMISMandate.java
new file mode 100644
index 000000000..5bf8b9779
--- /dev/null
+++ b/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/api/data/IMISMandate.java
@@ -0,0 +1,65 @@
+/*
+ * Copyright 2014 Federal Chancellery Austria
+ * MOA-ID has been developed in a cooperation between BRZ, the Federal
+ * Chancellery Austria - ICT staff unit, and Graz University of Technology.
+ *
+ * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by
+ * the European Commission - subsequent versions of the EUPL (the "Licence");
+ * You may not use this work except in compliance with the Licence.
+ * You may obtain a copy of the Licence at:
+ * http://www.osor.eu/eupl/
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the Licence is distributed on an "AS IS" basis,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the Licence for the specific language governing permissions and
+ * limitations under the Licence.
+ *
+ * This product combines work with different licenses. See the "NOTICE" text
+ * file for details on the various modules and licenses.
+ * The "NOTICE" text file is part of the distribution. Any derivative works
+ * that you distribute must include a readable copy of the "NOTICE" text file.
+ */
+package at.gv.egovernment.moa.id.commons.api.data;
+
+import org.w3c.dom.Element;
+
+import at.gv.e_government.reference.namespace.mandates._20040701_.Mandate;
+
+/**
+ * @author tlenz
+ *
+ */
+public interface IMISMandate {
+
+ String getProfRep();
+
+ void setProfRep(String oid);
+
+ void setOWbPK(String oWbPK);
+
+ String getOWbPK();
+
+ byte[] getMandate();
+
+ Element getMandateDOM();
+
+ Mandate getMandateJaxB();
+
+ void setMandate(byte[] mandate);
+
+ String getTextualDescriptionOfOID();
+ // /**
+ // * @return the isFullMandateIncluded
+ // */
+ // public boolean isFullMandateIncluded() {
+ // return isFullMandateIncluded;
+ // }
+ // /**
+ // * @param isFullMandateIncluded the isFullMandateIncluded to set
+ // */
+ // public void setFullMandateIncluded(boolean isFullMandateIncluded) {
+ // this.isFullMandateIncluded = isFullMandateIncluded;
+ // }
+
+} \ No newline at end of file
diff --git a/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/api/data/IVerifiyXMLSignatureResponse.java b/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/api/data/IVerifiyXMLSignatureResponse.java
new file mode 100644
index 000000000..08dfcae71
--- /dev/null
+++ b/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/api/data/IVerifiyXMLSignatureResponse.java
@@ -0,0 +1,161 @@
+/*
+ * Copyright 2014 Federal Chancellery Austria
+ * MOA-ID has been developed in a cooperation between BRZ, the Federal
+ * Chancellery Austria - ICT staff unit, and Graz University of Technology.
+ *
+ * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by
+ * the European Commission - subsequent versions of the EUPL (the "Licence");
+ * You may not use this work except in compliance with the Licence.
+ * You may obtain a copy of the Licence at:
+ * http://www.osor.eu/eupl/
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the Licence is distributed on an "AS IS" basis,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the Licence for the specific language governing permissions and
+ * limitations under the Licence.
+ *
+ * This product combines work with different licenses. See the "NOTICE" text
+ * file for details on the various modules and licenses.
+ * The "NOTICE" text file is part of the distribution. Any derivative works
+ * that you distribute must include a readable copy of the "NOTICE" text file.
+ */
+package at.gv.egovernment.moa.id.commons.api.data;
+
+import java.util.Date;
+
+import iaik.x509.X509Certificate;
+
+/**
+ * @author tlenz
+ *
+ */
+public interface IVerifiyXMLSignatureResponse {
+
+ /**
+ * Returns the certificateCheckCode.
+ * @return int
+ */
+ int getCertificateCheckCode();
+
+ /**
+ * Returns the signatureCheckCode.
+ * @return int
+ */
+ int getSignatureCheckCode();
+
+ /**
+ * Returns the xmlDSIGManifestCheckCode.
+ * @return int
+ */
+ int getXmlDSIGManifestCheckCode();
+
+ /**
+ * Returns the xmlDsigSubjectName.
+ * @return String
+ */
+ String getXmlDsigSubjectName();
+
+ /**
+ * Sets the certificateCheckCode.
+ * @param certificateCheckCode The certificateCheckCode to set
+ */
+ void setCertificateCheckCode(int certificateCheckCode);
+
+ /**
+ * Sets the signatureCheckCode.
+ * @param signatureCheckCode The signatureCheckCode to set
+ */
+ void setSignatureCheckCode(int signatureCheckCode);
+
+ /**
+ * Sets the xmlDSIGManifestCheckCode.
+ * @param xmlDSIGManifestCheckCode The xmlDSIGManifestCheckCode to set
+ */
+ void setXmlDSIGManifestCheckCode(int xmlDSIGManifestCheckCode);
+
+ /**
+ * Sets the xmlDsigSubjectName.
+ * @param xmlDsigSubjectName The xmlDsigSubjectName to set
+ */
+ void setXmlDsigSubjectName(String xmlDsigSubjectName);
+
+ /**
+ * Returns the publicAuthorityCode.
+ * @return int
+ */
+ String getPublicAuthorityCode();
+
+ /**
+ * Sets the publicAuthorityCode.
+ * @param publicAuthorityCode The publicAuthorityCode to set
+ */
+ void setPublicAuthorityCode(String publicAuthorityCode);
+
+ /**
+ * Returns the qualifiedCertificate.
+ * @return boolean
+ */
+ boolean isQualifiedCertificate();
+
+ /**
+ * Returns the x509certificate.
+ * @return X509Certificate
+ */
+ X509Certificate getX509certificate();
+
+ /**
+ * Sets the qualifiedCertificate.
+ * @param qualifiedCertificate The qualifiedCertificate to set
+ */
+ void setQualifiedCertificate(boolean qualifiedCertificate);
+
+ /**
+ * Sets the x509certificate.
+ * @param x509certificate The x509certificate to set
+ */
+ void setX509certificate(X509Certificate x509certificate);
+
+ /**
+ * Returns the xmlDSIGManigest.
+ * @return boolean
+ */
+ boolean isXmlDSIGManigest();
+
+ /**
+ * Sets the xmlDSIGManigest.
+ * @param xmlDSIGManigest The xmlDSIGManigest to set
+ */
+ void setXmlDSIGManigest(boolean xmlDSIGManigest);
+
+ /**
+ * Returns the publicAuthority.
+ * @return boolean
+ */
+ boolean isPublicAuthority();
+
+ /**
+ * Sets the publicAuthority.
+ * @param publicAuthority The publicAuthority to set
+ */
+ void setPublicAuthority(boolean publicAuthority);
+
+ /**
+ * Returns the the resulting code of the signature manifest check.
+ *
+ * @return The code of the sigature manifest check.
+ */
+ int getSignatureManifestCheckCode();
+
+ /**
+ * Sets the signatureManifestCode.
+ *
+ * @param signatureManifestCheckCode The signatureManifestCode to set.
+ */
+ void setSignatureManifestCheckCode(int signatureManifestCheckCode);
+
+ Date getSigningDateTime();
+
+ void setSigningDateTime(Date signingDateTime);
+
+} \ No newline at end of file
diff --git a/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/api/exceptions/SessionDataStorageException.java b/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/api/exceptions/SessionDataStorageException.java
index 9414556a2..caff67985 100644
--- a/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/api/exceptions/SessionDataStorageException.java
+++ b/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/api/exceptions/SessionDataStorageException.java
@@ -42,4 +42,13 @@ public class SessionDataStorageException extends MOAIDException {
}
+ /**
+ * @param string
+ * @param object
+ * @param e
+ */
+ public SessionDataStorageException(String string, Object[] object, Throwable e) {
+ super(string, object, e);
+ }
+
}
diff --git a/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/config/ConfigurationMigrationUtils.java b/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/config/ConfigurationMigrationUtils.java
index d80856c1c..b1abcdd06 100644
--- a/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/config/ConfigurationMigrationUtils.java
+++ b/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/config/ConfigurationMigrationUtils.java
@@ -32,6 +32,7 @@ import java.util.Iterator;
import java.util.List;
import java.util.Map;
+import at.gv.egovernment.moa.id.commons.MOAIDConstants;
import at.gv.egovernment.moa.id.commons.db.dao.config.deprecated.AttributeProviderPlugin;
import at.gv.egovernment.moa.id.commons.db.dao.config.deprecated.AuthComponentGeneral;
import at.gv.egovernment.moa.id.commons.db.dao.config.deprecated.AuthComponentOA;
@@ -188,6 +189,10 @@ public class ConfigurationMigrationUtils {
if (MOAIDConfigurationConstants.PREFIX_WPBK.startsWith(split[0]) && split.length >= 2) {
result.put(MOAIDConfigurationConstants.SERVICE_AUTH_TARGET_BUSINESS_TYPE, split[1]);
result.put(MOAIDConfigurationConstants.SERVICE_AUTH_TARGET_BUSINESS_VALUE, split[2]);
+
+ } else if (MOAIDConfigurationConstants.PREFIX_EIDAS.startsWith(split[0]) && split.length >= 2) {
+ result.put(MOAIDConfigurationConstants.SERVICE_AUTH_TARGET_BUSINESS_TYPE, MOAIDConfigurationConstants.IDENIFICATIONTYPE_EIDAS);
+ result.put(MOAIDConfigurationConstants.SERVICE_AUTH_TARGET_BUSINESS_VALUE, split[1] + "+" + split[2]);
} else if (MOAIDConfigurationConstants.PREFIX_STORK.startsWith(split[0]) && split.length >= 2) {
result.put(MOAIDConfigurationConstants.SERVICE_AUTH_TARGET_BUSINESS_TYPE, MOAIDConfigurationConstants.IDENIFICATIONTYPE_STORK);
@@ -362,10 +367,11 @@ public class ConfigurationMigrationUtils {
else
result.put(MOAIDConfigurationConstants.SERVICE_AUTH_STORK_ENABLED, Boolean.FALSE.toString());
- if (config.getQaa() != null)
- result.put(MOAIDConfigurationConstants.SERVICE_AUTH_STORK_MINQAALEVEL, config.getQaa().toString());
+ if (config.geteIDAS_LOA() != null)
+ result.put(MOAIDConfigurationConstants.SERVICE_AUTH_STORK_MINQAALEVEL, config.geteIDAS_LOA());
else
- result.put(MOAIDConfigurationConstants.SERVICE_AUTH_STORK_MINQAALEVEL, "4");
+ result.put(MOAIDConfigurationConstants.SERVICE_AUTH_STORK_MINQAALEVEL,
+ MOAIDConstants.eIDAS_LOA_HIGH);
// fetch vidp config
@@ -773,9 +779,15 @@ public class ConfigurationMigrationUtils {
if (oa.get(MOAIDConfigurationConstants.SERVICE_AUTH_TARGET_BUSINESS_TYPE) != null &&
oa.get(MOAIDConfigurationConstants.SERVICE_AUTH_TARGET_BUSINESS_VALUE) != null) {
- if (oa.get(MOAIDConfigurationConstants.SERVICE_AUTH_TARGET_BUSINESS_TYPE).equals(MOAIDConfigurationConstants.IDENIFICATIONTYPE_STORK)) {
+
+ if (oa.get(MOAIDConfigurationConstants.SERVICE_AUTH_TARGET_BUSINESS_TYPE).equals(MOAIDConfigurationConstants.IDENIFICATIONTYPE_EIDAS)) {
+ idnumber.setValue(MOAIDConfigurationConstants.PREFIX_EIDAS + oa.get(MOAIDConfigurationConstants.SERVICE_AUTH_TARGET_BUSINESS_VALUE));
+ idnumber.setType(MOAIDConfigurationConstants.BUSINESSSERVICENAMES.get(oa.get(MOAIDConfigurationConstants.SERVICE_AUTH_TARGET_BUSINESS_TYPE)));
+
+ } else if (oa.get(MOAIDConfigurationConstants.SERVICE_AUTH_TARGET_BUSINESS_TYPE).equals(MOAIDConfigurationConstants.IDENIFICATIONTYPE_STORK)) {
idnumber.setValue(MOAIDConfigurationConstants.PREFIX_STORK + "AT" + "+" + oa.get(MOAIDConfigurationConstants.SERVICE_AUTH_TARGET_BUSINESS_VALUE));
idnumber.setType(MOAIDConfigurationConstants.BUSINESSSERVICENAMES.get(oa.get(MOAIDConfigurationConstants.SERVICE_AUTH_TARGET_BUSINESS_TYPE)));
+
} else {
idnumber.setValue(MOAIDConfigurationConstants.PREFIX_WPBK + oa.get(MOAIDConfigurationConstants.SERVICE_AUTH_TARGET_BUSINESS_TYPE) + "+" + oa.get(MOAIDConfigurationConstants.SERVICE_AUTH_TARGET_BUSINESS_VALUE));
idnumber.setType(MOAIDConfigurationConstants.BUSINESSSERVICENAMES.get(oa.get(MOAIDConfigurationConstants.SERVICE_AUTH_TARGET_BUSINESS_TYPE)));
@@ -1487,11 +1499,11 @@ public class ConfigurationMigrationUtils {
try {
result.put(MOAIDConfigurationConstants.GENERAL_AUTH_STORK_QAA,
- String.valueOf(stork.getQualityAuthenticationAssuranceLevel()));
+ stork.getGeneral_eIDAS_LOA());
} catch(NullPointerException e) {
result.put(MOAIDConfigurationConstants.GENERAL_AUTH_STORK_QAA,
- String.valueOf(4));
+ MOAIDConstants.eIDAS_LOA_HIGH);
}
}
@@ -1735,6 +1747,12 @@ public class ConfigurationMigrationUtils {
}
+ //set eIDAS default LoA from general configuration
+ String eIDASDefaultLOA = moaconfig.get(MOAIDConfigurationConstants.GENERAL_AUTH_STORK_QAA);
+ if (MiscUtil.isNotEmpty(eIDASDefaultLOA))
+ stork.setGeneral_eIDAS_LOA(eIDASDefaultLOA);
+
+
Map<String, StorkAttribute> attrMap = new HashMap<String, StorkAttribute>();
Map<String, CPEPS> cpepsMap = new HashMap<String, CPEPS>();
diff --git a/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/config/SpringProfileConstants.java b/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/config/SpringProfileConstants.java
new file mode 100644
index 000000000..14824b1f8
--- /dev/null
+++ b/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/config/SpringProfileConstants.java
@@ -0,0 +1,8 @@
+package at.gv.egovernment.moa.id.commons.config;
+
+public final class SpringProfileConstants {
+
+ public static final String ADVANCED_LOG = "advancedLogOn";
+ public static final String REDIS_BACKEND = "redisBackend";
+ public static final String DB_BACKEND = "dbBackend";
+}
diff --git a/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/db/MOASessionDBUtils.java b/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/db/MOASessionDBUtils.java
deleted file mode 100644
index ecb13ef34..000000000
--- a/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/db/MOASessionDBUtils.java
+++ /dev/null
@@ -1,192 +0,0 @@
-/*******************************************************************************
- * Copyright 2014 Federal Chancellery Austria
- * MOA-ID has been developed in a cooperation between BRZ, the Federal
- * Chancellery Austria - ICT staff unit, and Graz University of Technology.
- *
- * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by
- * the European Commission - subsequent versions of the EUPL (the "Licence");
- * You may not use this work except in compliance with the Licence.
- * You may obtain a copy of the Licence at:
- * http://www.osor.eu/eupl/
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the Licence is distributed on an "AS IS" basis,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the Licence for the specific language governing permissions and
- * limitations under the Licence.
- *
- * This product combines work with different licenses. See the "NOTICE" text
- * file for details on the various modules and licenses.
- * The "NOTICE" text file is part of the distribution. Any derivative works
- * that you distribute must include a readable copy of the "NOTICE" text file.
- *******************************************************************************/
-package at.gv.egovernment.moa.id.commons.db;
-
-import java.util.Properties;
-
-import org.apache.commons.lang3.StringUtils;
-import org.hibernate.HibernateException;
-import org.hibernate.Session;
-import org.hibernate.SessionFactory;
-import org.hibernate.Transaction;
-import org.hibernate.boot.registry.StandardServiceRegistryBuilder;
-import org.hibernate.cfg.Configuration;
-import org.hibernate.service.ServiceRegistry;
-
-import at.gv.egovernment.moa.id.commons.db.ex.MOADatabaseException;
-import at.gv.egovernment.moa.logging.Logger;
-
-public final class MOASessionDBUtils {
-
- private static SessionFactory sessionFactory;
- private static ServiceRegistry serviceRegistry;
-
- @SuppressWarnings("rawtypes")
- private static final ThreadLocal THREAD_LOCAL = new ThreadLocal();
- private static boolean automaticSessionHandling = false;
-
- private static final String[] AUTOMATIC_SESSION_HANDLING_VALUES = new String[] { "jta", "thread" };
- private static final String SESSION_HANDLING_KEY = "hibernate.current_session_context_class";
-
- protected MOASessionDBUtils() { }
-
- public static void initHibernate(Configuration config, Properties hibernateProperties) {
-
- String scm = StringUtils.trimToNull(hibernateProperties.getProperty(SESSION_HANDLING_KEY));
- if (scm != null) {
- automaticSessionHandling = scm.indexOf(AUTOMATIC_SESSION_HANDLING_VALUES[0]) != -1 || scm.indexOf(AUTOMATIC_SESSION_HANDLING_VALUES[1]) != -1;
- }
- Logger.debug("Evaluating hibernate property \"" + SESSION_HANDLING_KEY + "\".");
- if (automaticSessionHandling) {
- Logger.info("Hibernate is automatically handling session context management.");
- } else {
- Logger.info("Hibernate is NOT automatically handling session context management. Using build-in ThreadLocal session handling.");
- }
- try {
- //Create the SessionFactory
- Logger.debug("Creating initial MOASession session factory...");
-
- config.configure("hibernate_moasession.cfg.xml");
- //serviceRegistry = new ServiceRegistryBuilder().applySettings(config.getProperties()).buildServiceRegistry();
-
- serviceRegistry = new StandardServiceRegistryBuilder().
- applySettings(config.getProperties()).build();
-
- sessionFactory = config.buildSessionFactory(serviceRegistry);
- Logger.debug("Initial MOASession session factory successfully created.");
-
- } catch (Throwable ex) {
- Logger.error("Initial MOASession session factory creation failed: " + ex.getMessage());
- throw new ExceptionInInitializerError(ex);
- }
- }
-
- /**
- * Checks if a session factory is currently available. If necessary a new
- * session factory is created.
- *
- * @return current (or new) session factory
- * @throws HibernateException
- * thrown if a hibernate error occurs
- */
- public static Session getCurrentSession() {
- if (automaticSessionHandling) {
- return sessionFactory.getCurrentSession();
- }
- Session session = (Session) THREAD_LOCAL.get();
- // Open a new Session, if this Thread has none yet
- if (session == null || !session.isConnected()) {
- session = getNewSession();
- }
- return session;
- }
-
- @SuppressWarnings("unchecked")
- public static Session getNewSession() {
- if (automaticSessionHandling) {
- Logger.warn("Session is being automatically handled by hibernate. Therefore this session maybe not being newly created. Use HibernateUtil.getCurrentSession() instead.");
- return sessionFactory.getCurrentSession();
- }
- Session session = (Session) THREAD_LOCAL.get();
- if (session != null) {
- Logger.warn("Previous MOASession session has not been closed; closing session now.");
- closeSession();
- }
- Logger.debug("Opening new MOASession hibernate session...");
- try {
- session = sessionFactory.openSession();
- THREAD_LOCAL.set(session);
- } catch (HibernateException hex) {
- Logger.error(hex.getMessage());
- }
- return session;
- }
-
- /**
- * Closes the current session.
- *
- * @throws HibernateException
- * thrown if session is already closed or a hibernate error
- * occurs.
- */
- @SuppressWarnings("unchecked")
- public static void closeSession() {
- if (automaticSessionHandling) {
- Logger.warn("Session is being automatically handled by hibernate. Therefore the current session cannot be closed on demand.");
- return;
- }
- Logger.debug("Closing current MOASession hibernate session...");
- Session session = (Session) THREAD_LOCAL.get();
- THREAD_LOCAL.set(null);
- if (session != null) {
- try {
- session.close();
-
- } catch (HibernateException hex) {
- Logger.error(hex.getMessage());
- }
- }
- }
-
- public static boolean saveOrUpdate(Object dbo) throws MOADatabaseException {
- Transaction tx = null;
- try {
- Session session = MOASessionDBUtils.getCurrentSession();
-
- synchronized (session) {
- tx = session.beginTransaction();
- session.saveOrUpdate(dbo);
- tx.commit();
- }
- return true;
-
- } catch(HibernateException e) {
- Logger.warn("Error during MOASession database saveOrUpdate. Rollback.", e);
- if (tx != null)
- tx.rollback();
- throw new MOADatabaseException(e);
- }
- }
-
- public static boolean delete(Object dbo) {
- Transaction tx = null;
- try {
- Session session = MOASessionDBUtils.getCurrentSession();
-
- synchronized (session) {
- tx = session.beginTransaction();
- session.delete(dbo);
- tx.commit();
- }
-
- return true;
-
- } catch(HibernateException e) {
- Logger.warn("Error during MOASession database delete. Rollback.", e);
- if (tx != null)
- tx.rollback();
- return false;
- }
- }
-
-}
diff --git a/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/db/NewConfigurationDBRead.java b/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/db/NewConfigurationDBRead.java
index e2f793edf..3928cf8c0 100644
--- a/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/db/NewConfigurationDBRead.java
+++ b/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/db/NewConfigurationDBRead.java
@@ -6,6 +6,7 @@ import java.util.List;
import java.util.Map;
import org.springframework.beans.factory.annotation.Autowired;
+import org.springframework.transaction.annotation.Transactional;
import at.gv.egiz.components.configuration.api.ConfigurationException;
import at.gv.egovernment.moa.id.commons.config.ConfigurationMigrationUtils;
@@ -39,6 +40,7 @@ public class NewConfigurationDBRead {
}
+ @Transactional
public Map<String, String> getOnlineApplicationKeyValueWithId(String id, boolean backupVersion) {
try {
if (backupVersion)
@@ -57,6 +59,7 @@ public class NewConfigurationDBRead {
*
* @return
*/
+ @Transactional
public List<OnlineApplication> getAllOnlineApplications() {
Logger.trace("Get All OnlineApplications from database.");
@@ -113,6 +116,7 @@ public class NewConfigurationDBRead {
*
* @return
*/
+ @Transactional
public List<OnlineApplication> getAllNewOnlineApplications() {
Logger.trace("Get All New OnlineApplications from database.");
@@ -139,6 +143,7 @@ public class NewConfigurationDBRead {
*
* @return
*/
+ @Transactional
public at.gv.egovernment.moa.id.commons.db.dao.config.deprecated.MOAIDConfiguration getMOAIDConfiguration() {
Logger.trace("Load MOAID Configuration from database.");
Map<String, String> generalConfig;
@@ -168,6 +173,7 @@ public class NewConfigurationDBRead {
*
* @return
*/
+ @Transactional
public List<OnlineApplication> getAllActiveOnlineApplications() {
Logger.trace("Get All New OnlineApplications from database.");
@@ -195,6 +201,7 @@ public class NewConfigurationDBRead {
* @param id
* @return
*/
+ @Transactional
public OnlineApplication getActiveOnlineApplication(String id) {
Logger.trace("Getting Active OnlineApplication with ID " + id + " from database.");
@@ -226,6 +233,7 @@ public class NewConfigurationDBRead {
* @param dbid
* @return
*/
+ @Transactional
public OnlineApplication getOnlineApplication(long dbid) {
Logger.trace("Getting OnlineApplication with DBID " + dbid + " from database.");
@@ -248,6 +256,7 @@ public class NewConfigurationDBRead {
* @param id
* @return
*/
+ @Transactional
public List<OnlineApplication> getOnlineApplications(String id) {
Logger.trace("Getting OnlineApplication with ID " + id + " from database.");
@@ -273,6 +282,7 @@ public class NewConfigurationDBRead {
* @param id
* @return
*/
+ @Transactional
public OnlineApplication getOnlineApplication(String id) {
Logger.trace("Getting OnlineApplication with ID " + id + " from database.");
@@ -297,6 +307,7 @@ public class NewConfigurationDBRead {
* @param id
* @return
*/
+ @Transactional
public List<OnlineApplication> searchOnlineApplications(String id) {
Logger.trace("Getting OnlineApplication with ID " + id + " from database.");
diff --git a/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/db/StatisticLogDBUtils.java b/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/db/StatisticLogDBUtils.java
deleted file mode 100644
index 7e031cc76..000000000
--- a/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/db/StatisticLogDBUtils.java
+++ /dev/null
@@ -1,192 +0,0 @@
-/*******************************************************************************
- * Copyright 2014 Federal Chancellery Austria
- * MOA-ID has been developed in a cooperation between BRZ, the Federal
- * Chancellery Austria - ICT staff unit, and Graz University of Technology.
- *
- * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by
- * the European Commission - subsequent versions of the EUPL (the "Licence");
- * You may not use this work except in compliance with the Licence.
- * You may obtain a copy of the Licence at:
- * http://www.osor.eu/eupl/
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the Licence is distributed on an "AS IS" basis,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the Licence for the specific language governing permissions and
- * limitations under the Licence.
- *
- * This product combines work with different licenses. See the "NOTICE" text
- * file for details on the various modules and licenses.
- * The "NOTICE" text file is part of the distribution. Any derivative works
- * that you distribute must include a readable copy of the "NOTICE" text file.
- *******************************************************************************/
-package at.gv.egovernment.moa.id.commons.db;
-
-import java.util.Properties;
-
-import org.apache.commons.lang3.StringUtils;
-import org.hibernate.HibernateException;
-import org.hibernate.Session;
-import org.hibernate.SessionFactory;
-import org.hibernate.Transaction;
-import org.hibernate.boot.registry.StandardServiceRegistryBuilder;
-import org.hibernate.cfg.Configuration;
-import org.hibernate.service.ServiceRegistry;
-
-import at.gv.egovernment.moa.id.commons.db.ex.MOADatabaseException;
-import at.gv.egovernment.moa.logging.Logger;
-
-public final class StatisticLogDBUtils {
-
- private static SessionFactory sessionFactory;
- private static ServiceRegistry serviceRegistry;
-
- @SuppressWarnings("rawtypes")
- private static final ThreadLocal THREAD_LOCAL_STATISTIC = new ThreadLocal();
- private static boolean automaticSessionHandling = false;
-
- private static final String[] AUTOMATIC_SESSION_HANDLING_VALUES = new String[] { "jta", "thread" };
- private static final String SESSION_HANDLING_KEY = "hibernate.current_session_context_class";
-
- protected StatisticLogDBUtils() { }
-
- public static void initHibernate(Configuration config, Properties hibernateProperties) {
-
- String scm = StringUtils.trimToNull(hibernateProperties.getProperty(SESSION_HANDLING_KEY));
- if (scm != null) {
- automaticSessionHandling = scm.indexOf(AUTOMATIC_SESSION_HANDLING_VALUES[0]) != -1 || scm.indexOf(AUTOMATIC_SESSION_HANDLING_VALUES[1]) != -1;
- }
- Logger.debug("Evaluating hibernate property \"" + SESSION_HANDLING_KEY + "\".");
- if (automaticSessionHandling) {
- Logger.info("Hibernate is automatically handling session context management.");
- } else {
- Logger.info("Hibernate is NOT automatically handling session context management. Using build-in ThreadLocal session handling.");
- }
- try {
- //Create the SessionFactory
- Logger.debug("Creating initial StatisicLogger session factory...");
-
- config.configure("hibernate_statistic.cfg.xml");
- //serviceRegistry = new ServiceRegistryBuilder().applySettings(config.getProperties()).buildServiceRegistry();
-
- serviceRegistry = new StandardServiceRegistryBuilder().
- applySettings(config.getProperties()).build();
-
- sessionFactory = config.buildSessionFactory(serviceRegistry);
- Logger.debug("Initial StatisicLogger session factory successfully created.");
-
- } catch (Throwable ex) {
- Logger.error("Initial StatisicLogger session factory creation failed: " + ex.getMessage());
- throw new ExceptionInInitializerError(ex);
- }
- }
-
- /**
- * Checks if a session factory is currently available. If necessary a new
- * session factory is created.
- *
- * @return current (or new) session factory
- * @throws HibernateException
- * thrown if a hibernate error occurs
- */
- public static Session getCurrentSession() {
- if (automaticSessionHandling) {
- return sessionFactory.getCurrentSession();
- }
- Session session = (Session) THREAD_LOCAL_STATISTIC.get();
- // Open a new Session, if this Thread has none yet
- if (session == null || !session.isConnected()) {
- session = getNewSession();
- }
- return session;
- }
-
- @SuppressWarnings("unchecked")
- public static Session getNewSession() {
- if (automaticSessionHandling) {
- Logger.warn("Session is being automatically handled by hibernate. Therefore this session maybe not being newly created. Use HibernateUtil.getCurrentSession() instead.");
- return sessionFactory.getCurrentSession();
- }
- Session session = (Session) THREAD_LOCAL_STATISTIC.get();
- if (session != null) {
- Logger.warn("Previous StatisicLogger session has not been closed; closing session now.");
- closeSession();
- }
- Logger.debug("Opening new StatisicLogger hibernate session...");
- try {
- session = sessionFactory.openSession();
- THREAD_LOCAL_STATISTIC.set(session);
- } catch (HibernateException hex) {
- Logger.error(hex.getMessage());
- }
- return session;
- }
-
- /**
- * Closes the current session.
- *
- * @throws HibernateException
- * thrown if session is already closed or a hibernate error
- * occurs.
- */
- @SuppressWarnings("unchecked")
- public static void closeSession() {
- if (automaticSessionHandling) {
- Logger.warn("Session is being automatically handled by hibernate. Therefore the current session cannot be closed on demand.");
- return;
- }
- Logger.debug("Closing current StatisicLogger hibernate session...");
- Session session = (Session) THREAD_LOCAL_STATISTIC.get();
- THREAD_LOCAL_STATISTIC.set(null);
- if (session != null) {
- try {
- session.close();
-
- } catch (HibernateException hex) {
- Logger.error(hex.getMessage());
- }
- }
- }
-
- public static boolean saveOrUpdate(Object dbo) throws MOADatabaseException {
- Transaction tx = null;
- try {
- Session session = StatisticLogDBUtils.getCurrentSession();
-
- synchronized (session) {
- tx = session.beginTransaction();
- session.saveOrUpdate(dbo);
- tx.commit();
- }
-
- Logger.info("Insert advanced statistic log entry into database");
- return true;
-
- } catch(HibernateException e) {
- Logger.warn("Error during StatisicLogger database saveOrUpdate. Rollback.", e);
- tx.rollback();
- throw new MOADatabaseException(e);
- }
- }
-
- public static boolean delete(Object dbo) {
- Transaction tx = null;
- try {
- Session session = StatisticLogDBUtils.getCurrentSession();
-
- synchronized (session) {
- tx = session.beginTransaction();
- session.delete(dbo);
- tx.commit();
- }
-
- return true;
-
- } catch(HibernateException e) {
- Logger.warn("Error during StatisicLogger database delete. Rollback.", e);
- tx.rollback();
- return false;
- }
- }
-
-}
diff --git a/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/db/dao/config/deprecated/OASTORK.java b/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/db/dao/config/deprecated/OASTORK.java
index 397fd828b..0f76c4e63 100644
--- a/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/db/dao/config/deprecated/OASTORK.java
+++ b/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/db/dao/config/deprecated/OASTORK.java
@@ -11,29 +11,21 @@ package at.gv.egovernment.moa.id.commons.db.dao.config.deprecated;
import java.io.Serializable;
import java.util.ArrayList;
import java.util.List;
-import javax.persistence.Basic;
+
import javax.persistence.CascadeType;
-import javax.persistence.Column;
-import javax.persistence.Entity;
-import javax.persistence.GeneratedValue;
-import javax.persistence.GenerationType;
-import javax.persistence.Id;
-import javax.persistence.Inheritance;
-import javax.persistence.InheritanceType;
-import javax.persistence.JoinColumn;
import javax.persistence.JoinTable;
import javax.persistence.ManyToMany;
import javax.persistence.OneToMany;
-import javax.persistence.Table;
import javax.xml.bind.annotation.XmlAccessType;
import javax.xml.bind.annotation.XmlAccessorType;
import javax.xml.bind.annotation.XmlAttribute;
import javax.xml.bind.annotation.XmlElement;
import javax.xml.bind.annotation.XmlRootElement;
import javax.xml.bind.annotation.XmlSchemaType;
+import javax.xml.bind.annotation.XmlTransient;
import javax.xml.bind.annotation.XmlType;
import javax.xml.bind.annotation.adapters.XmlJavaTypeAdapter;
-import com.sun.tools.xjc.runtime.ZeroOneBooleanAdapter;
+
import org.jvnet.jaxb2_commons.lang.Equals;
import org.jvnet.jaxb2_commons.lang.EqualsStrategy;
import org.jvnet.jaxb2_commons.lang.HashCode;
@@ -43,6 +35,8 @@ import org.jvnet.jaxb2_commons.lang.JAXBHashCodeStrategy;
import org.jvnet.jaxb2_commons.locator.ObjectLocator;
import org.jvnet.jaxb2_commons.locator.util.LocatorUtils;
+import com.sun.tools.xjc.runtime.ZeroOneBooleanAdapter;
+
/**
* <p>Java class for anonymous complex type.
@@ -110,6 +104,9 @@ public class OASTORK
@XmlAttribute(name = "Hjid")
protected Long hjid;
+ @XmlTransient
+ protected String eIDAS_LOA = null;
+
/**
* Gets the value of the storkLogonEnabled property.
*
@@ -162,7 +159,23 @@ public class OASTORK
this.qaa = value;
}
+
+
/**
+ * @return the eIDAS_LOA
+ */
+ public String geteIDAS_LOA() {
+ return eIDAS_LOA;
+ }
+
+ /**
+ * @param eIDAS_LOA the eIDAS_LOA to set
+ */
+ public void seteIDAS_LOA(String eIDAS_LOA) {
+ this.eIDAS_LOA = eIDAS_LOA;
+ }
+
+ /**
* Gets the value of the oaAttributes property.
*
* <p>
diff --git a/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/db/dao/config/deprecated/STORK.java b/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/db/dao/config/deprecated/STORK.java
index 59b300e95..bcd159702 100644
--- a/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/db/dao/config/deprecated/STORK.java
+++ b/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/db/dao/config/deprecated/STORK.java
@@ -11,25 +11,18 @@ package at.gv.egovernment.moa.id.commons.db.dao.config.deprecated;
import java.io.Serializable;
import java.util.ArrayList;
import java.util.List;
-import javax.persistence.Basic;
+
import javax.persistence.CascadeType;
-import javax.persistence.Column;
-import javax.persistence.Entity;
-import javax.persistence.GeneratedValue;
-import javax.persistence.GenerationType;
-import javax.persistence.Id;
-import javax.persistence.Inheritance;
-import javax.persistence.InheritanceType;
-import javax.persistence.JoinColumn;
import javax.persistence.ManyToOne;
import javax.persistence.OneToMany;
-import javax.persistence.Table;
import javax.xml.bind.annotation.XmlAccessType;
import javax.xml.bind.annotation.XmlAccessorType;
import javax.xml.bind.annotation.XmlAttribute;
import javax.xml.bind.annotation.XmlElement;
import javax.xml.bind.annotation.XmlRootElement;
+import javax.xml.bind.annotation.XmlTransient;
import javax.xml.bind.annotation.XmlType;
+
import org.jvnet.jaxb2_commons.lang.Equals;
import org.jvnet.jaxb2_commons.lang.EqualsStrategy;
import org.jvnet.jaxb2_commons.lang.HashCode;
@@ -94,6 +87,9 @@ public class STORK
@XmlAttribute(name = "Hjid")
protected Long hjid;
+ @XmlTransient
+ protected String general_eIDAS_LOA = null;
+
/**
* Gets the value of the cpeps property.
*
@@ -257,7 +253,21 @@ public class STORK
this.hjid = value;
}
- public boolean equals(ObjectLocator thisLocator, ObjectLocator thatLocator, Object object, EqualsStrategy strategy) {
+ /**
+ * @return the general_eIDAS_LOA
+ */
+ public String getGeneral_eIDAS_LOA() {
+ return general_eIDAS_LOA;
+ }
+
+ /**
+ * @param general_eIDAS_LOA the general_eIDAS_LOA to set
+ */
+ public void setGeneral_eIDAS_LOA(String general_eIDAS_LOA) {
+ this.general_eIDAS_LOA = general_eIDAS_LOA;
+ }
+
+ public boolean equals(ObjectLocator thisLocator, ObjectLocator thatLocator, Object object, EqualsStrategy strategy) {
if (!(object instanceof STORK)) {
return false;
}
diff --git a/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/db/dao/session/AssertionStore.java b/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/db/dao/session/AssertionStore.java
index 46683a928..4c6cd16c0 100644
--- a/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/db/dao/session/AssertionStore.java
+++ b/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/db/dao/session/AssertionStore.java
@@ -37,6 +37,8 @@ import javax.persistence.Table;
import org.hibernate.annotations.DynamicUpdate;
+import com.fasterxml.jackson.annotation.JsonCreator;
+
@Entity
@@ -48,11 +50,22 @@ import org.hibernate.annotations.DynamicUpdate;
})
public class AssertionStore implements Serializable{
+ /**
+ *
+ */
+ private static final long serialVersionUID = 2804964892915004185L;
+
+
+
+ @JsonCreator
+ public AssertionStore(){
+
+ }
+
- private static final long serialVersionUID = 1L;
@Id
- @GeneratedValue(strategy = GenerationType.AUTO)
+ @GeneratedValue(strategy = GenerationType.AUTO)
@Column(name = "id", unique=true, nullable=false)
private long id;
diff --git a/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/db/dao/session/AuthenticatedSessionStore.java b/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/db/dao/session/AuthenticatedSessionStore.java
index 128dd79df..eeaf03544 100644
--- a/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/db/dao/session/AuthenticatedSessionStore.java
+++ b/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/db/dao/session/AuthenticatedSessionStore.java
@@ -59,7 +59,9 @@ import org.hibernate.annotations.DynamicUpdate;
@NamedQuery(name="getMOASessionWithNameIDandOAID", query = "select authenticatedsessionstore from AuthenticatedSessionStore authenticatedsessionstore join fetch authenticatedsessionstore.activeOAsessions activeOAsessions where activeOAsessions.oaurlprefix = :oaID and activeOAsessions.userNameID = :nameID"),
@NamedQuery(name="getInterfederatedIDPForAttributeQueryWithSessionID", query = "select authenticatedsessionstore from AuthenticatedSessionStore authenticatedsessionstore join fetch authenticatedsessionstore.inderfederation inderfederations where inderfederations.attributesRequested is false and authenticatedsessionstore.sessionid = :sessionID"),
@NamedQuery(name="getInterfederatedIDPForSSOWithSessionID", query = "select authenticatedsessionstore from AuthenticatedSessionStore authenticatedsessionstore join fetch authenticatedsessionstore.inderfederation inderfederations where inderfederations.attributesRequested is true and inderfederations.storeSSOInformation is true and authenticatedsessionstore.sessionid = :sessionID order by inderfederations.QAALevel DESC"),
- @NamedQuery(name="getInterfederatedIDPForSSOWithSessionIDIDPID", query = "select authenticatedsessionstore from AuthenticatedSessionStore authenticatedsessionstore join fetch authenticatedsessionstore.inderfederation inderfederations where inderfederations.attributesRequested is true and authenticatedsessionstore.sessionid = :sessionID and inderfederations.idpurlprefix = :idpID")
+ @NamedQuery(name="getInterfederatedIDPForSSOWithSessionIDIDPID", query = "select authenticatedsessionstore from AuthenticatedSessionStore authenticatedsessionstore join fetch authenticatedsessionstore.inderfederation inderfederations where inderfederations.attributesRequested is true and authenticatedsessionstore.sessionid = :sessionID and inderfederations.idpurlprefix = :idpID"),
+ @NamedQuery(name="getAllActiveOAsForSessionID", query = "select activeOAsessions from AuthenticatedSessionStore authenticatedsessionstore join authenticatedsessionstore.activeOAsessions activeOAsessions where authenticatedsessionstore.sessionid = :sessionID "),
+ @NamedQuery(name="getAllActiveIDPsForSessionID", query = "select inderfederation from AuthenticatedSessionStore authenticatedsessionstore join authenticatedsessionstore.inderfederation inderfederation where authenticatedsessionstore.sessionid = :sessionID ")
})
public class AuthenticatedSessionStore implements Serializable{
diff --git a/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/db/dao/statistic/StatisticLog.java b/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/db/dao/statistic/StatisticLog.java
index 97f26812f..ba48f8caf 100644
--- a/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/db/dao/statistic/StatisticLog.java
+++ b/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/db/dao/statistic/StatisticLog.java
@@ -39,7 +39,7 @@ import org.hibernate.annotations.DynamicUpdate;
@Entity
-@DynamicUpdate(value=true)
+//@DynamicUpdate(value=true)
@Table(name = "statisticlog")
@NamedQueries({
@NamedQuery(name="getAllEntriesNotBeforeTimeStamp", query = "select statisiclog from StatisticLog statisiclog where statisiclog.timestamp > :timeout")
diff --git a/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/utils/MOAHttpProtocolSocketFactory.java b/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/utils/MOAHttpProtocolSocketFactory.java
index 2ade63c1c..84743b8c7 100644
--- a/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/utils/MOAHttpProtocolSocketFactory.java
+++ b/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/utils/MOAHttpProtocolSocketFactory.java
@@ -22,24 +22,25 @@
*/
package at.gv.egovernment.moa.id.commons.utils;
-import iaik.pki.PKIException;
-
import java.io.IOException;
import java.net.InetAddress;
import java.net.Socket;
import java.net.UnknownHostException;
import java.security.GeneralSecurityException;
-import javax.net.ssl.SSLContext;
+import javax.net.ssl.SSLSocket;
import javax.net.ssl.SSLSocketFactory;
import org.apache.commons.httpclient.ConnectTimeoutException;
import org.apache.commons.httpclient.params.HttpConnectionParams;
import org.apache.commons.httpclient.protocol.SecureProtocolSocketFactory;
+import org.apache.commons.lang3.StringUtils;
import at.gv.egovernment.moa.id.commons.ex.MOAHttpProtocolSocketFactoryException;
import at.gv.egovernment.moa.id.commons.utils.ssl.SSLConfigurationException;
-import at.gv.egovernment.moa.id.commons.utils.ssl.SSLUtils;
+import at.gv.egovernment.moa.util.MiscUtil;
+import at.gv.egovernment.moaspss.logging.Logger;
+import iaik.pki.PKIException;
/**
* @author tlenz
@@ -53,22 +54,47 @@ public class MOAHttpProtocolSocketFactory implements SecureProtocolSocketFactory
public MOAHttpProtocolSocketFactory (
String url,
- String certStoreRootDirParam,
String trustStoreURL,
String acceptedServerCertURL,
String chainingMode,
- boolean checkRevocation
- ) throws MOAHttpProtocolSocketFactoryException {
- super();
+ boolean checkRevocation,
+ String[] revocationMethodOrder) throws MOAHttpProtocolSocketFactoryException {
+ internalInitialize(url, null, trustStoreURL, acceptedServerCertURL, chainingMode, checkRevocation, revocationMethodOrder);
+ }
+
+ /**
+ * @param string
+ * @param certStoreDirectory
+ * @param trustStoreDirectory
+ * @param object
+ * @param string2
+ * @param b
+ * @param strings
+ */
+ public MOAHttpProtocolSocketFactory(String url, String certStoreDirectory, String trustStoreURL,
+ String acceptedServerCertURL,
+ String chainingMode,
+ boolean checkRevocation,
+ String[] revocationMethodOrder) throws MOAHttpProtocolSocketFactoryException {
+ internalInitialize(url, certStoreDirectory, trustStoreURL, acceptedServerCertURL, chainingMode, checkRevocation, revocationMethodOrder);
+
+ }
+
+ private void internalInitialize(String url, String certStoreDirectory, String trustStoreURL,
+ String acceptedServerCertURL,
+ String chainingMode,
+ boolean checkRevocation,
+ String[] revocationMethodOrder) throws MOAHttpProtocolSocketFactoryException {
try {
- this.sslfactory = SSLUtils.getSSLSocketFactory(
+ this.sslfactory = at.gv.egovernment.moa.id.commons.utils.ssl.SSLUtils.getSSLSocketFactory(
url,
- certStoreRootDirParam,
+ certStoreDirectory,
trustStoreURL,
acceptedServerCertURL,
chainingMode,
- checkRevocation,
+ checkRevocation,
+ revocationMethodOrder,
null,
null,
null);
@@ -86,7 +112,7 @@ public class MOAHttpProtocolSocketFactory implements SecureProtocolSocketFactory
throw new MOAHttpProtocolSocketFactoryException("Initialize SSL Context FAILED", e);
}
-
+
}
/* (non-Javadoc)
@@ -94,8 +120,8 @@ public class MOAHttpProtocolSocketFactory implements SecureProtocolSocketFactory
*/
public Socket createSocket(String host, int port, InetAddress localAddress,
int localPort) throws IOException, UnknownHostException {
- return this.sslfactory.createSocket(host, port,
- localAddress, localPort);
+ return setEnabledSslCiphers(this.sslfactory.createSocket(host, port,
+ localAddress, localPort));
}
/* (non-Javadoc)
@@ -104,8 +130,8 @@ public class MOAHttpProtocolSocketFactory implements SecureProtocolSocketFactory
public Socket createSocket(String host, int port, InetAddress localAddress,
int localPort, HttpConnectionParams params) throws IOException,
UnknownHostException, ConnectTimeoutException {
- return this.sslfactory.createSocket(host, port,
- localAddress, localPort);
+ return setEnabledSslCiphers(this.sslfactory.createSocket(host, port,
+ localAddress, localPort));
}
/* (non-Javadoc)
@@ -113,16 +139,40 @@ public class MOAHttpProtocolSocketFactory implements SecureProtocolSocketFactory
*/
public Socket createSocket(String host, int port) throws IOException,
UnknownHostException {
- return this.sslfactory.createSocket(host, port);
+ return setEnabledSslCiphers(this.sslfactory.createSocket(host, port));
}
-
+
/* (non-Javadoc)
* @see org.apache.commons.httpclient.protocol.SecureProtocolSocketFactory#createSocket(java.net.Socket, java.lang.String, int, boolean)
*/
public Socket createSocket(Socket socket, String host, int port,
boolean autoClose) throws IOException, UnknownHostException {
- return this.sslfactory.createSocket(socket, host,
- port, autoClose);
+ return setEnabledSslCiphers(this.sslfactory.createSocket(socket, host,
+ port, autoClose));
}
+ /**
+ * Enable only a specific subset of TLS cipher suites
+ * This subset can be set by 'https.cipherSuites' SystemProperty (z.B. -Dhttps.cipherSuites=...)
+ *
+ * @param sslSocket {@link SSLSocket}
+ * @return {@link SSLSocket} with Ciphersuites
+ */
+ private Socket setEnabledSslCiphers(Socket sslSocket) {
+ if (sslSocket instanceof SSLSocket) {
+ String systemProp = System.getProperty("https.cipherSuites");
+ if (MiscUtil.isNotEmpty(systemProp)) {
+ ((SSLSocket) sslSocket).setEnabledCipherSuites(systemProp.split(","));
+
+ }
+
+ try {
+ Logger.trace("Enabled SSL-Cipher: " + StringUtils.join(((SSLSocket) sslSocket).getEnabledCipherSuites(), ","));
+ } catch (Exception e) {
+ Logger.error(e);
+ }
+ }
+
+ return sslSocket;
+ }
}
diff --git a/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/utils/ssl/CertStoreConfigurationImpl.java b/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/utils/ssl/CertStoreConfigurationImpl.java
index 00e750f58..d65cea08c 100644
--- a/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/utils/ssl/CertStoreConfigurationImpl.java
+++ b/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/utils/ssl/CertStoreConfigurationImpl.java
@@ -46,14 +46,16 @@
package at.gv.egovernment.moa.id.commons.utils.ssl;
+import java.io.File;
+import java.util.Collections;
+import java.util.Set;
+
import at.gv.egovernment.moa.logging.Logger;
import iaik.pki.store.certstore.CertStoreConfiguration;
import iaik.pki.store.certstore.CertStoreParameters;
import iaik.pki.store.certstore.CertStoreTypes;
import iaik.pki.store.certstore.directory.DirectoryCertStoreParameters;
-import java.io.File;
-
/**
* Implementation of interface needed to initialize an IAIK JSSE <code>TrustManager</code>
*
@@ -128,7 +130,7 @@ public class CertStoreConfigurationImpl extends ObservableImpl
* @see iaik.pki.store.certstore.directory.DirectoryCertStoreParameters#createNew()
*/
public boolean createNew() {
- return false;
+ return true;
}
/**
@@ -153,4 +155,14 @@ public class CertStoreConfigurationImpl extends ObservableImpl
return CertStoreTypes.DIRECTORY;
}
+ /* (non-Javadoc)
+ * @see iaik.pki.store.certstore.directory.DirectoryCertStoreParameters#getVirtualStores()
+ */
+ @Override
+ public Set getVirtualStores() {
+ //TODO: only for Testing and not complete !!!Ask Harald !!!!
+ return Collections.EMPTY_SET;
+
+ }
+
}
diff --git a/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/utils/ssl/MOAIDTrustManager.java b/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/utils/ssl/MOAIDTrustManager.java
index eaef3f1d4..9fc6f799d 100644
--- a/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/utils/ssl/MOAIDTrustManager.java
+++ b/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/utils/ssl/MOAIDTrustManager.java
@@ -57,11 +57,11 @@ import java.util.ArrayList;
import java.util.List;
import at.gv.egovernment.moa.logging.Logger;
-import at.gv.egovernment.moa.logging.LoggingContext;
-import at.gv.egovernment.moa.logging.LoggingContextManager;
-
+import at.gv.egovernment.moaspss.logging.LoggingContext;
+import at.gv.egovernment.moaspss.logging.LoggingContextManager;
import iaik.pki.jsse.IAIKX509TrustManager;
+
/**
* <code>TrustManager</code> implementation featuring CRL checking (inherited from
* <code>IAIKX509TrustManager</code>), plus server-end-SSL-certificate checking.
@@ -95,14 +95,14 @@ public class MOAIDTrustManager extends IAIKX509TrustManager {
* Fixes a bug occuring in the case MOA-SP is called by API.
* In this case, IAIKX509TrustManager uses the LogginConfig of MOA-SP.
* This method must be called before a MOAIDTrustManager is constructed,
- * from every thread.
- */
+ * from every thread.
+ */
public static void initializeLoggingContext() {
if (LoggingContextManager.getInstance().getLoggingContext() == null)
LoggingContextManager.getInstance().setLoggingContext(
new LoggingContext(Thread.currentThread().getName()));
}
-
+
/**
* Builds an Array of accepted server certificates from an URL,
@@ -161,4 +161,36 @@ public class MOAIDTrustManager extends IAIKX509TrustManager {
{
return true;
}
+
+// public void init(PKIConfiguration pkiConfig, PKIProfile pkiProfile) throws PKIException {
+// if (pkiProfile == null) {
+// throw new NullPointerException("pkiConfig parameter must not be null");
+//
+// }
+//
+// TransactionId tid = new TransactionIdImpl("Init");
+// log_.info(tid, "Setting up IAIKX509TrustManager", null);
+// if (pkiConfig != null) {
+// PKIFactory.getInstance().configure(pkiConfig, tid);
+//// log_.info(tid, "Registering LDAP protocol handler", null);
+//// String protocolHandlers =
+//// System.getProperty("java.protocol.handler.pkgs");
+//// if (protocolHandlers == null) {
+//// protocolHandlers = "iaik.pki";
+////
+//// } else {
+//// protocolHandlers = protocolHandlers + "|iaik.pki";
+////
+//// }
+////
+//// System.setProperty("java.protocol.handler.pkgs", protocolHandlers);
+//// log_.info(tid, "Registered protocol handlers: " + protocolHandlers, null);
+//
+// }
+//
+// pkiProfile_ = pkiProfile;
+// pkiFactory_ = PKIFactory.getInstance();
+// initialized_ = true;
+// }
+
}
diff --git a/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/utils/ssl/PKIConfigurationImpl.java b/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/utils/ssl/PKIConfigurationImpl.java
deleted file mode 100644
index 5d8c7a54e..000000000
--- a/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/utils/ssl/PKIConfigurationImpl.java
+++ /dev/null
@@ -1,118 +0,0 @@
-/*******************************************************************************
- * Copyright 2014 Federal Chancellery Austria
- * MOA-ID has been developed in a cooperation between BRZ, the Federal
- * Chancellery Austria - ICT staff unit, and Graz University of Technology.
- *
- * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by
- * the European Commission - subsequent versions of the EUPL (the "Licence");
- * You may not use this work except in compliance with the Licence.
- * You may obtain a copy of the Licence at:
- * http://www.osor.eu/eupl/
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the Licence is distributed on an "AS IS" basis,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the Licence for the specific language governing permissions and
- * limitations under the Licence.
- *
- * This product combines work with different licenses. See the "NOTICE" text
- * file for details on the various modules and licenses.
- * The "NOTICE" text file is part of the distribution. Any derivative works
- * that you distribute must include a readable copy of the "NOTICE" text file.
- ******************************************************************************/
-/*
- * Copyright 2003 Federal Chancellery Austria
- * MOA-ID has been developed in a cooperation between BRZ, the Federal
- * Chancellery Austria - ICT staff unit, and Graz University of Technology.
- *
- * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by
- * the European Commission - subsequent versions of the EUPL (the "Licence");
- * You may not use this work except in compliance with the Licence.
- * You may obtain a copy of the Licence at:
- * http://www.osor.eu/eupl/
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the Licence is distributed on an "AS IS" basis,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the Licence for the specific language governing permissions and
- * limitations under the Licence.
- *
- * This product combines work with different licenses. See the "NOTICE" text
- * file for details on the various modules and licenses.
- * The "NOTICE" text file is part of the distribution. Any derivative works
- * that you distribute must include a readable copy of the "NOTICE" text file.
- */
-
-
-package at.gv.egovernment.moa.id.commons.utils.ssl;
-
-import iaik.pki.PKIConfiguration;
-import iaik.pki.pathvalidation.ValidationConfiguration;
-import iaik.pki.revocation.RevocationConfiguration;
-import iaik.pki.store.certstore.CertStoreConfiguration;
-import iaik.pki.store.revocation.archive.ArchiveConfiguration;
-
-/**
- * Implementation of interface <code>PKIConfiguration</code> needed to
- * initialize an IAIK JSSE <code>TrustManager</code>
- *
- * @author Paul Ivancsics
- * @version $Id$
- */
-public class PKIConfigurationImpl implements PKIConfiguration {
- /** The configuration for the CertStore */
- private CertStoreConfiguration certStoreConfiguration;
- /** The configuration for the RevocationChecks */
- private RevocationConfiguration revocationConfiguration;
- /** The configuration for the Validation */
- private ValidationConfiguration validationConfiguration;
-
- /**
- * Constructor
- * @param conf the Configuration for the PKIConfig
- * @throws ConfigurationException for any config error
- */
- public PKIConfigurationImpl(String certStoreRootDirParam, String chainingMode) throws SSLConfigurationException {
-
- certStoreConfiguration = new CertStoreConfigurationImpl(certStoreRootDirParam);
- revocationConfiguration = new RevocationConfigurationImpl();
- validationConfiguration = new ValidationConfigurationImpl(chainingMode);
- }
-
- /**
- * @see iaik.pki.PKIConfiguration#getCertStoreConfiguration()
- */
- public CertStoreConfiguration getCertStoreConfiguration() {
- return certStoreConfiguration;
- }
-
- /**
- * @see iaik.pki.PKIConfiguration#getRevocationConfiguration()
- */
- public RevocationConfiguration getRevocationConfiguration() {
- return revocationConfiguration;
- }
-
- /**
- * @see iaik.pki.PKIConfiguration#getArchiveConfiguration()
- */
- public ArchiveConfiguration getArchiveConfiguration() {
- return null;
- }
-
- /**
- * @see iaik.pki.PKIConfiguration#getValidationConfiguration()
- */
- public ValidationConfiguration getValidationConfiguration() {
- return validationConfiguration;
- }
-
-/* (non-Javadoc)
- * @see iaik.pki.PKIConfiguration#getTimeout()
- */
- public int getTimeout() {
- // TODO Auto-generated method stub
- return 0;
-}
-
-}
diff --git a/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/utils/ssl/PKIProfileImpl.java b/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/utils/ssl/PKIProfileImpl.java
index 59994a257..1c8b6e18d 100644
--- a/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/utils/ssl/PKIProfileImpl.java
+++ b/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/utils/ssl/PKIProfileImpl.java
@@ -46,10 +46,12 @@
package at.gv.egovernment.moa.id.commons.utils.ssl;
+import java.security.NoSuchAlgorithmException;
import java.security.cert.X509Certificate;
import java.util.Collections;
import java.util.Set;
+import iaik.asn1.structures.AlgorithmID;
import iaik.pki.PKIProfile;
import iaik.pki.pathvalidation.ValidationProfile;
import iaik.pki.revocation.RevocationProfile;
@@ -66,7 +68,7 @@ import iaik.pki.store.truststore.TrustStoreTypes;
*/
public class PKIProfileImpl extends ObservableImpl
implements PKIProfile, RevocationProfile, TrustStoreProfile, ValidationProfile {
-
+
/**
* URI to the truststore
*/
@@ -77,6 +79,10 @@ public class PKIProfileImpl extends ObservableImpl
*/
private boolean revocationChecking;
+
+ private String[] revocationCheckMethode = new String[] {RevocationSourceTypes.CRL};
+ protected String ocspRequestHashAlgorithm_ = null;
+
/**
* The trust profile identifier.
*/
@@ -96,13 +102,6 @@ public class PKIProfileImpl extends ObservableImpl
}
/**
- * @see iaik.pki.PKIProfile#autoAddCertificates()
- */
- public boolean autoAddCertificates() {
- return true;
- }
-
- /**
* @see iaik.pki.PKIProfile#getRevocationProfile()
*/
public RevocationProfile getRevocationProfile() {
@@ -134,23 +133,43 @@ public class PKIProfileImpl extends ObservableImpl
* @see iaik.pki.revocation.RevocationProfile#getMaxRevocationAge(java.lang.String)
*/
public long getMaxRevocationAge(String arg0) {
- return 0;
+ return 0L;
}
/**
* @see iaik.pki.revocation.RevocationProfile#getOCSPRequestHashAlgorithm()
*/
public String getOCSPRequestHashAlgorithm() {
- return null;
+ if (ocspRequestHashAlgorithm_ == null) {
+ try
+ {
+ ocspRequestHashAlgorithm_ = AlgorithmID.sha1.getImplementationName();
+ }
+ catch (NoSuchAlgorithmException localNoSuchAlgorithmException) {}
+ }
+ return ocspRequestHashAlgorithm_;
}
+ public void setOCSPRequestHashAlgorithm(AlgorithmID paramAlgorithmID)
+ throws NoSuchAlgorithmException
+ {
+ if (paramAlgorithmID == null) {
+ throw new NullPointerException("Algorithm must not be null.");
+ }
+ ocspRequestHashAlgorithm_ = paramAlgorithmID.getImplementationName();
+ }
+
/**
* @see iaik.pki.revocation.RevocationProfile#getPreferredServiceOrder(java.security.cert.X509Certificate)
*/
public String[] getPreferredServiceOrder(X509Certificate arg0) {
- return new String[] {RevocationSourceTypes.CRL};
+ return revocationCheckMethode;
}
+ public void setPreferredServiceOrder(String[] order) {
+ this.revocationCheckMethode = order;
+ }
+
/**
* @see iaik.pki.store.truststore.TrustStoreProfile#getType()
*/
@@ -227,4 +246,22 @@ public class PKIProfileImpl extends ObservableImpl
public void setId(String id) {
this.id = id;
}
+
+/* (non-Javadoc)
+ * @see iaik.pki.PKIProfile#autoAddCertificates()
+ */
+@Override
+public int autoAddCertificates() {
+ return 1;
+
+}
+
+/* (non-Javadoc)
+ * @see iaik.pki.PKIProfile#getIndirectRevocationTrustStoreProfile()
+ */
+@Override
+public TrustStoreProfile getIndirectRevocationTrustStoreProfile() {
+ return null;
+
+}
}
diff --git a/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/utils/ssl/RevocationConfigurationImpl.java b/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/utils/ssl/RevocationConfigurationImpl.java
index b5e0543db..449f77209 100644
--- a/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/utils/ssl/RevocationConfigurationImpl.java
+++ b/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/utils/ssl/RevocationConfigurationImpl.java
@@ -46,13 +46,14 @@
package at.gv.egovernment.moa.id.commons.utils.ssl;
-import iaik.pki.revocation.RevocationConfiguration;
-
import java.security.cert.X509Certificate;
import java.util.Collections;
import java.util.Date;
import java.util.Set;
+import iaik.pki.revocation.RevocationConfiguration;
+import iaik.pki.revocation.dbcrl.config.DBCrlConfig;
+
/**
* Implementation of interface needed to initialize an IAIK JSSE <code>TrustManager</code>
* @author Paul Ivancsics
@@ -81,4 +82,43 @@ public class RevocationConfigurationImpl extends ObservableImpl implements Revoc
return null;
}
+/* (non-Javadoc)
+ * @see iaik.pki.revocation.RevocationConfiguration#getKeepRevocationInfo()
+ */
+@Override
+public boolean getKeepRevocationInfo() {
+ return false;
+}
+
+/* (non-Javadoc)
+ * @see iaik.pki.revocation.RevocationConfiguration#getPositiveOCSPResponders()
+ */
+@Override
+public Set getPositiveOCSPResponders() {
+
+// //TODO: !!!!! ASK Harald !!!!!
+// Map<String, String> test = new HashMap<String, String>();
+// test.put("ALL", "ALL");
+// return test.keySet();
+
+ return Collections.EMPTY_SET;
+}
+
+/* (non-Javadoc)
+ * @see iaik.pki.revocation.RevocationConfiguration#skipIndirectCRLCheckForAlternativeDistributionPoints()
+ */
+@Override
+public boolean skipIndirectCRLCheckForAlternativeDistributionPoints() {
+ //TODO: !!!!! ASK Harald !!!!!
+ return false;
+}
+
+/* (non-Javadoc)
+ * @see iaik.pki.revocation.RevocationConfiguration#getDataBaseCRLConfig()
+ */
+@Override
+public DBCrlConfig getDataBaseCRLConfig() {
+ return null;
+}
+
}
diff --git a/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/utils/ssl/SSLUtils.java b/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/utils/ssl/SSLUtils.java
index 68437a04d..4ecda435d 100644
--- a/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/utils/ssl/SSLUtils.java
+++ b/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/utils/ssl/SSLUtils.java
@@ -46,25 +46,26 @@
package at.gv.egovernment.moa.id.commons.utils.ssl;
-import iaik.pki.PKIConfiguration;
-import iaik.pki.PKIException;
-import iaik.pki.PKIFactory;
-import iaik.pki.PKIProfile;
-import iaik.pki.jsse.IAIKX509TrustManager;
-import iaik.security.provider.IAIK;
-
import java.io.IOException;
import java.security.GeneralSecurityException;
+import java.security.KeyStore;
import java.security.Security;
import java.util.HashMap;
import java.util.Map;
import javax.net.ssl.KeyManager;
+import javax.net.ssl.KeyManagerFactory;
import javax.net.ssl.SSLContext;
import javax.net.ssl.SSLSocketFactory;
import javax.net.ssl.TrustManager;
import at.gv.egovernment.moa.logging.Logger;
+import at.gv.egovernment.moa.util.KeyStoreUtils;
+import iaik.pki.DefaultPKIConfiguration;
+import iaik.pki.PKIException;
+import iaik.pki.PKIFactory;
+//import iaik.pki.jsse.IAIKX509TrustManager;
+import iaik.security.provider.IAIK;
/**
@@ -92,24 +93,7 @@ public class SSLUtils {
}
-
- /**
- * Creates an <code>SSLSocketFactory</code> which utilizes an
- * <code>IAIKX509TrustManager</code> for the given trust store,
- * and the given key store.
- *
- * @param conf configuration provider providing a generic properties pointing
- * to trusted CA store and certificate store root
- * @param connParam connection parameter containing the client key store settings
- * to be used in case of client authentication;
- * if <code>connParam.getClientKeyStore() == null</code>, client authentication
- * is assumed to be disabled
- * @return <code>SSLSocketFactory</code> to be used by an <code>HttpsURLConnection</code>
- * @throws IOException thrown while reading key store file
- * @throws GeneralSecurityException thrown while creating the socket factory
- * @throws ConfigurationException on invalid configuration data
- * @throws PKIException while initializing the <code>IAIKX509TrustManager</code>
- */
+
public static SSLSocketFactory getSSLSocketFactory(
String url,
String certStoreRootDirParam,
@@ -117,9 +101,10 @@ public class SSLUtils {
String acceptedServerCertURL,
String chainingMode,
boolean checkRevocation,
+ String[] revocationMethodOrder,
String clientKeyStoreURL,
String clientKeyStorePassword,
- String clientKeyStoreType
+ String clientKeyStoreType
)
throws IOException, GeneralSecurityException, SSLConfigurationException, PKIException {
@@ -134,9 +119,10 @@ public class SSLUtils {
chainingMode,
trustStoreURL,
acceptedServerCertURL,
- checkRevocation);
+ checkRevocation,
+ revocationMethodOrder);
- KeyManager[] kms = at.gv.egovernment.moa.util.SSLUtils.getKeyManagers(
+ KeyManager[] kms = getKeyManagers(
clientKeyStoreType, clientKeyStoreURL, clientKeyStorePassword);
SSLContext ctx = SSLContext.getInstance("TLS");
ctx.init(kms, tms, null);
@@ -154,6 +140,68 @@ public class SSLUtils {
}
/**
+ * Loads the client key store from file and gets the
+ * <code>KeyManager</code>s from a default <code>KeyManagerFactory</code>,
+ * initialized from the given client key store.
+ * @param clientKeyStoreType key store type of <code>clientKeyStore</code>
+ * @param clientKeyStoreURL URL of key store containing keys to be used for
+ * client authentication; if <code>null</code>, the default key store will be utilized
+ * @param clientKeyStorePassword password used to check the integrity of the client key store;
+ * if <code>null</code>, it will not be checked
+ * @return <code>KeyManager</code>s to be used for creating an
+ * <code>SSLSocketFactory</code> utilizing the given client key store
+ * @throws IOException thrown while reading from the key store file
+ * @throws GeneralSecurityException thrown while initializing the
+ * default <code>KeyManagerFactory</code>
+ */
+ public static KeyManager[] getKeyManagers (
+ String clientKeyStoreType,
+ String clientKeyStoreURL,
+ String clientKeyStorePassword)
+ throws IOException, GeneralSecurityException {
+
+ if (clientKeyStoreURL == null)
+ return null;
+
+ // Set up the KeyStore to use. We need to load the file into
+ // a KeyStore instance.
+ KeyStore clientKeyStore = KeyStoreUtils.loadKeyStore(
+ clientKeyStoreType, clientKeyStoreURL, clientKeyStorePassword);
+ return getKeyManagers(clientKeyStore, clientKeyStorePassword);
+ }
+ /**
+ * Gets the <code>KeyManager</code>s from a default <code>KeyManagerFactory</code>,
+ * initialized from the given client key store.
+ * @param clientKeyStore client key store
+ * @param clientKeyStorePassword if provided, it will be used to check
+ * the integrity of the client key store; if omitted, it will not be checked
+ * @return <code>KeyManager</code>s to be used for creating an
+ * <code>SSLSocketFactory</code> utilizing the given client key store
+ * @throws GeneralSecurityException thrown while initializing the
+ * default <code>KeyManagerFactory</code>
+ */
+ public static KeyManager[] getKeyManagers (
+ KeyStore clientKeyStore,
+ String clientKeyStorePassword)
+ throws GeneralSecurityException {
+
+ if (clientKeyStore == null)
+ return null;
+
+ // Now we initialize the default KeyManagerFactory with this KeyStore
+ String alg=KeyManagerFactory.getDefaultAlgorithm();
+ KeyManagerFactory kmFact=KeyManagerFactory.getInstance(alg);
+ char[] password = null;
+ if (clientKeyStorePassword != null)
+ password = clientKeyStorePassword.toCharArray();
+ kmFact.init(clientKeyStore, password);
+
+ // And now get the KeyManagers
+ KeyManager[] kms=kmFact.getKeyManagers();
+ return kms;
+ }
+
+ /**
* Initializes an <code>IAIKX509TrustManager</code> for a given trust store,
* using configuration data.
*
@@ -167,18 +215,26 @@ public class SSLUtils {
*/
private static TrustManager[] getTrustManagers(String certStoreRootDirParam,
String chainingMode, String trustStoreURL, String acceptedServerCertURL,
- boolean checkRevocation)
+ boolean checkRevocation, String[] revocationMethodOrder)
throws SSLConfigurationException, PKIException, IOException, GeneralSecurityException {
- PKIConfiguration cfg = null;
- if (! PKIFactory.getInstance().isAlreadyConfigured())
- cfg = new PKIConfigurationImpl(certStoreRootDirParam, chainingMode);
- PKIProfile profile = new PKIProfileImpl(trustStoreURL, checkRevocation);
+ DefaultPKIConfiguration cfg = null;
+ if (! PKIFactory.getInstance().isAlreadyConfigured()) {
+ CertStoreConfigurationImpl certStoreConf = new CertStoreConfigurationImpl(certStoreRootDirParam);
+ cfg = new DefaultPKIConfiguration(certStoreConf.getParameters());
+ cfg.setChainingMode(chainingMode);
+ Logger.info("Set-up PKI module configuration ... ");
+
+ }
+
+ PKIProfileImpl profile = new PKIProfileImpl(trustStoreURL, checkRevocation);
+ profile.setPreferredServiceOrder(revocationMethodOrder);
+
// This call fixes a bug occuring when PKIConfiguration is
// initialized by the MOA-SP initialization code, in case
// MOA-SP is called by API
MOAIDTrustManager.initializeLoggingContext();
- IAIKX509TrustManager tm = new MOAIDTrustManager(acceptedServerCertURL);
+ MOAIDTrustManager tm = new MOAIDTrustManager(acceptedServerCertURL);
tm.init(cfg, profile);
return new TrustManager[] {tm};
}
diff --git a/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/logging/LogMsg.java b/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/logging/LogMsg.java
deleted file mode 100644
index 51667f010..000000000
--- a/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/logging/LogMsg.java
+++ /dev/null
@@ -1,67 +0,0 @@
-/*
- * Copyright 2003 Federal Chancellery Austria
- * MOA-ID has been developed in a cooperation between BRZ, the Federal
- * Chancellery Austria - ICT staff unit, and Graz University of Technology.
- *
- * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by
- * the European Commission - subsequent versions of the EUPL (the "Licence");
- * You may not use this work except in compliance with the Licence.
- * You may obtain a copy of the Licence at:
- * http://www.osor.eu/eupl/
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the Licence is distributed on an "AS IS" basis,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the Licence for the specific language governing permissions and
- * limitations under the Licence.
- *
- * This product combines work with different licenses. See the "NOTICE" text
- * file for details on the various modules and licenses.
- * The "NOTICE" text file is part of the distribution. Any derivative works
- * that you distribute must include a readable copy of the "NOTICE" text file.
- */
-
-
-package at.gv.egovernment.moa.logging;
-
-/**
- * A unified message type to log messages from inside the MOA subsystem.
- *
- * @author Patrick Peck
- * @version $Id$
- */
-public class LogMsg {
- /** The message to log. */
- private Object message;
-
- /**
- * Create a <code>LogMsg</code> object.
- *
- * @param message The actual message to log. May be <code>null</code>.
- */
- public LogMsg(Object message) {
- this.message = message;
- }
-
- /**
- * Convert this log message to a <code>String</code>.
- *
- * @return The <code>String</code> representation of this log message.
- */
- public String toString() {
- StringBuffer msg = new StringBuffer();
- LoggingContext ctx =
- LoggingContextManager.getInstance().getLoggingContext();
- String tid = ctx != null ? ctx.getTransactionID() : null;
- String nodeId = ctx != null ? ctx.getNodeID() : null;
-
- msg.append("TID=");
- msg.append(tid != null ? tid : "<null>");
- msg.append(" NID=");
- msg.append(nodeId != null ? nodeId : "<null>");
- msg.append(" MSG=");
- msg.append(message != null ? message.toString() : "<null>");
-
- return msg.toString();
- }
-}
diff --git a/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/logging/LoggingContext.java b/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/logging/LoggingContext.java
deleted file mode 100644
index db4b93a0b..000000000
--- a/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/logging/LoggingContext.java
+++ /dev/null
@@ -1,70 +0,0 @@
-/*
- * Copyright 2003 Federal Chancellery Austria
- * MOA-ID has been developed in a cooperation between BRZ, the Federal
- * Chancellery Austria - ICT staff unit, and Graz University of Technology.
- *
- * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by
- * the European Commission - subsequent versions of the EUPL (the "Licence");
- * You may not use this work except in compliance with the Licence.
- * You may obtain a copy of the Licence at:
- * http://www.osor.eu/eupl/
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the Licence is distributed on an "AS IS" basis,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the Licence for the specific language governing permissions and
- * limitations under the Licence.
- *
- * This product combines work with different licenses. See the "NOTICE" text
- * file for details on the various modules and licenses.
- * The "NOTICE" text file is part of the distribution. Any derivative works
- * that you distribute must include a readable copy of the "NOTICE" text file.
- */
-
-
-package at.gv.egovernment.moa.logging;
-
-/**
- * Encapsulates contextual information (i.e. per request information) for
- * logging purposes.
- *
- * @author Patrick Peck
- * @version $Id$
- */
-public class LoggingContext {
- /** The name of the node ID system property. */
- public static final String NODE_ID_PROPERTY = "moa.node-id";
-
- /** The current transaction ID. */
- private String transactionID;
- /** The node ID. */
- private String nodeID;
-
- /**
- * Create a new <code>LoggingContext</code>.
- *
- * @param transactionID The transaction ID. May be <code>null</code>.
- */
- public LoggingContext(String transactionID) {
- this.transactionID = transactionID;
- this.nodeID = System.getProperty(NODE_ID_PROPERTY);
- }
-
- /**
- * Return the transaction ID.
- *
- * @return The transaction ID.
- */
- public String getTransactionID() {
- return transactionID;
- }
-
- /**
- * Return the node ID.
- *
- * @return The node ID.
- */
- public String getNodeID() {
- return nodeID;
- }
-}
diff --git a/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/logging/LoggingContextManager.java b/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/logging/LoggingContextManager.java
deleted file mode 100644
index f0d7b4c07..000000000
--- a/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/logging/LoggingContextManager.java
+++ /dev/null
@@ -1,80 +0,0 @@
-/*
- * Copyright 2003 Federal Chancellery Austria
- * MOA-ID has been developed in a cooperation between BRZ, the Federal
- * Chancellery Austria - ICT staff unit, and Graz University of Technology.
- *
- * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by
- * the European Commission - subsequent versions of the EUPL (the "Licence");
- * You may not use this work except in compliance with the Licence.
- * You may obtain a copy of the Licence at:
- * http://www.osor.eu/eupl/
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the Licence is distributed on an "AS IS" basis,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the Licence for the specific language governing permissions and
- * limitations under the Licence.
- *
- * This product combines work with different licenses. See the "NOTICE" text
- * file for details on the various modules and licenses.
- * The "NOTICE" text file is part of the distribution. Any derivative works
- * that you distribute must include a readable copy of the "NOTICE" text file.
- */
-
-
-package at.gv.egovernment.moa.logging;
-
-/**
- * Provides each thread with a single instance of <code>LoggingContext</code>.
- *
- * @author Patrick Peck
- * @version $Id$
- */
-public class LoggingContextManager {
- /** The single instance of this class. */
- private static LoggingContextManager instance = null;
-
- /** The <code>LoggingContext</code> for each thread. */
- private ThreadLocal context;
-
- /**
- * Get the single instance of the <code>LoggingContextManager</code> class.
- *
- * @return LoggingContextManager The single instance.
- */
- public static synchronized LoggingContextManager getInstance() {
- if (instance == null) {
- instance = new LoggingContextManager();
- }
- return instance;
- }
-
- /**
- * Creates a new <code>LoggingContextManager</code>.
- *
- * Protected to disallow direct instantiation.
- */
- protected LoggingContextManager() {
- context = new ThreadLocal();
- }
-
- /**
- * Set the <code>LoggingContext</code> context for the current thread.
- *
- * @param ctx The <code>LoggingContext</code> for the current thread.
- */
- public void setLoggingContext(LoggingContext ctx) {
- context.set(ctx);
- }
-
- /**
- * Return the <code>LoggingContext</code> for the current thread.
- *
- * @return LoggingContext The <code>LoggingContext</code> for the current
- * thread, or <code>null</code> if none has been set.
- */
- public LoggingContext getLoggingContext() {
- return (LoggingContext) context.get();
- }
-
-}
diff --git a/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/util/Constants.java b/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/util/Constants.java
index 5a5f4edac..260b2ecb1 100644
--- a/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/util/Constants.java
+++ b/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/util/Constants.java
@@ -24,7 +24,10 @@
package at.gv.egovernment.moa.util;
+import java.util.Collections;
import java.util.HashMap;
+import java.util.Map;
+
/**
* Contains various constants used throughout the system.
@@ -509,6 +512,14 @@ public interface Constants {
/**
* A map used to map namespace prefixes to namespace URIs
*/
- public static HashMap<String, String> nSMap = new HashMap<String, String>(5);
+ public static final Map<String, String> nSMap = Collections.unmodifiableMap(new HashMap<String, String>(){
+ private static final long serialVersionUID = 3845384324295136490L;
+ {
+ put(Constants.SAML_PREFIX, Constants.SAML_NS_URI);
+ put(Constants.ECDSA_PREFIX, "http://www.w3.org/2001/04/xmldsig-more#");
+ put(Constants.DSIG_PREFIX, Constants.DSIG_NS_URI);
+ }
+ });
+
}
diff --git a/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/util/MOAEntityResolver.java b/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/util/MOAEntityResolver.java
index 8f3ffd4c6..b1a3f8446 100644
--- a/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/util/MOAEntityResolver.java
+++ b/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/util/MOAEntityResolver.java
@@ -31,7 +31,6 @@ import org.apache.xerces.util.URI.MalformedURIException;
import org.xml.sax.EntityResolver;
import org.xml.sax.InputSource;
-import at.gv.egovernment.moa.logging.LogMsg;
import at.gv.egovernment.moa.logging.Logger;
/**
@@ -72,7 +71,7 @@ public class MOAEntityResolver implements EntityResolver {
if (Logger.isDebugEnabled()) {
Logger.debug(
- new LogMsg("resolveEntity: p=" + publicId + " s=" + systemId));
+ new at.gv.egovernment.moaspss.logging.LogMsg("resolveEntity: p=" + publicId + " s=" + systemId));
}
if (publicId != null) {
diff --git a/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/util/MOAErrorHandler.java b/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/util/MOAErrorHandler.java
index 3769b264d..ea71a677f 100644
--- a/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/util/MOAErrorHandler.java
+++ b/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/util/MOAErrorHandler.java
@@ -28,8 +28,8 @@ import org.apache.xml.utils.DefaultErrorHandler;
import org.xml.sax.SAXException;
import org.xml.sax.SAXParseException;
-import at.gv.egovernment.moa.logging.LogMsg;
import at.gv.egovernment.moa.logging.Logger;
+import at.gv.egovernment.moaspss.logging.LogMsg;
/**
* An <code>ErrorHandler</code> that logs a message and throws a
diff --git a/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/util/SSLUtils.java b/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/util/SSLUtils.java
deleted file mode 100644
index c2c67ec58..000000000
--- a/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/util/SSLUtils.java
+++ /dev/null
@@ -1,244 +0,0 @@
-/*
- * Copyright 2003 Federal Chancellery Austria
- * MOA-ID has been developed in a cooperation between BRZ, the Federal
- * Chancellery Austria - ICT staff unit, and Graz University of Technology.
- *
- * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by
- * the European Commission - subsequent versions of the EUPL (the "Licence");
- * You may not use this work except in compliance with the Licence.
- * You may obtain a copy of the Licence at:
- * http://www.osor.eu/eupl/
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the Licence is distributed on an "AS IS" basis,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the Licence for the specific language governing permissions and
- * limitations under the Licence.
- *
- * This product combines work with different licenses. See the "NOTICE" text
- * file for details on the various modules and licenses.
- * The "NOTICE" text file is part of the distribution. Any derivative works
- * that you distribute must include a readable copy of the "NOTICE" text file.
- */
-
-
-package at.gv.egovernment.moa.util;
-
-import java.io.IOException;
-import java.io.InputStream;
-import java.security.GeneralSecurityException;
-import java.security.KeyStore;
-
-import javax.net.ssl.KeyManager;
-import javax.net.ssl.KeyManagerFactory;
-import javax.net.ssl.SSLContext;
-import javax.net.ssl.SSLSocketFactory;
-import javax.net.ssl.TrustManager;
-import javax.net.ssl.TrustManagerFactory;
-
-/**
- * Utility for connecting to server applications via SSL.
- *
- * @author Paul Ivancsics
- * @version $Id$
- */
-public class SSLUtils {
-
- /**
- * Creates an <code>SSLSocketFactory</code> which utilizes the given trust store.
- *
- * @param trustStoreType key store type of trust store
- * @param trustStoreInputStream input stream for reading JKS trust store containing
- * trusted server certificates; if <code>null</code>, the default
- * trust store will be utilized
- * @param trustStorePassword if provided, it will be used to check
- * the integrity of the trust store; if omitted, it will not be checked
- * @return <code>SSLSocketFactory</code> to be used by an <code>HttpsURLConnection</code>
- * @throws IOException thrown while reading from the input stream
- * @throws GeneralSecurityException thrown while creating the socket factory
- */
- public static SSLSocketFactory getSSLSocketFactory(
- String trustStoreType,
- InputStream trustStoreInputStream,
- String trustStorePassword)
- throws IOException, GeneralSecurityException {
-
- TrustManager[] tms = getTrustManagers(trustStoreType, trustStoreInputStream, trustStorePassword);
- SSLContext ctx = SSLContext.getInstance("TLS");
- ctx.init(null, tms, null);
-
- SSLSocketFactory sf = ctx.getSocketFactory();
- return sf;
- }
- /**
- * Creates an <code>SSLSocketFactory</code> which utilizes the
- * given trust store and keystore.
- *
- * @param trustStore trust store containing trusted server certificates;
- * if <code>null</code>, the default trust store will be utilized
- * @param clientKeyStoreType key store type of <code>clientKeyStore</code>
- * @param clientKeyStoreURL URL of key store containing keys to be used for
- * client authentication; if <code>null</code>, the default key store will be utilized
- * @param clientKeyStorePassword if provided, it will be used to check
- * the integrity of the client key store; if omitted, it will not be checked
- * @return <code>SSLSocketFactory</code> to be used by an <code>HttpsURLConnection</code>
- * @throws IOException thrown while reading key store file
- * @throws GeneralSecurityException thrown while creating the socket factory
- */
- public static SSLSocketFactory getSSLSocketFactory(
- KeyStore trustStore,
- String clientKeyStoreType,
- String clientKeyStoreURL,
- String clientKeyStorePassword)
- throws IOException, GeneralSecurityException {
-
- SSLContext ctx = getSSLContext(
- trustStore, clientKeyStoreType, clientKeyStoreURL, clientKeyStorePassword);
- SSLSocketFactory sf = ctx.getSocketFactory();
- return sf;
- }
- /**
- * Creates an <code>SSLContext</code> initialized for the
- * given trust store and keystore.
- *
- * @param trustStore trust store containing trusted server certificates;
- * if <code>null</code>, the default trust store will be utilized
- * @param clientKeyStoreType key store type of <code>clientKeyStore</code>
- * @param clientKeyStoreURL URL of key store containing keys to be used for
- * client authentication; if <code>null</code>, the default key store will be utilized
- * @param clientKeyStorePassword if provided, it will be used to check
- * the integrity of the client key store; if omitted, it will not be checked
- * @return <code>SSLContext</code> to be used for creating an <code>SSLSocketFactory</code>
- * @throws IOException thrown while reading key store file
- * @throws GeneralSecurityException thrown while creating the SSL context
- */
- public static SSLContext getSSLContext(
- KeyStore trustStore,
- String clientKeyStoreType,
- String clientKeyStoreURL,
- String clientKeyStorePassword)
- throws IOException, GeneralSecurityException {
-
- TrustManager[] tms = getTrustManagers(trustStore);
- KeyManager[] kms = getKeyManagers(clientKeyStoreType, clientKeyStoreURL, clientKeyStorePassword);
- SSLContext ctx = SSLContext.getInstance("TLS");
- ctx.init(kms, tms, null);
- return ctx;
- }
- /**
- * Loads the trust store from an input stream and gets the
- * <code>TrustManager</code>s from a default <code>TrustManagerFactory</code>,
- * initialized from the given trust store.
- * @param trustStoreType key store type of trust store
- * @param trustStoreInputStream input stream for reading JKS trust store containing
- * trusted server certificates; if <code>null</code>, the default
- * trust store will be utilized
- * @param trustStorePassword if provided, it will be used to check
- * the integrity of the trust store; if omitted, it will not be checked
- * @return <code>TrustManager</code>s to be used for creating an
- * <code>SSLSocketFactory</code> utilizing the given trust store
- * @throws IOException thrown while reading from the input stream
- * @throws GeneralSecurityException thrown while initializing the
- * default <code>TrustManagerFactory</code>
- */
- protected static TrustManager[] getTrustManagers(
- String trustStoreType,
- InputStream trustStoreInputStream,
- String trustStorePassword)
- throws IOException, GeneralSecurityException {
-
- if (trustStoreInputStream == null)
- return null;
-
- // Set up the TrustStore to use. We need to load the file into
- // a KeyStore instance.
- KeyStore trustStore = KeyStoreUtils.loadKeyStore(trustStoreType, trustStoreInputStream, trustStorePassword);
- return getTrustManagers(trustStore);
- }
- /**
- * Gets the <code>TrustManager</code>s from a default <code>TrustManagerFactory</code>,
- * initialized from the given trust store.
- *
- * @param trustStore the trust store to use
- * @return <code>TrustManager</code>s to be used for creating an
- * <code>SSLSocketFactory</code> utilizing the given trust store
- * @throws GeneralSecurityException thrown while initializing the
- * default <code>TrustManagerFactory</code>
- */
- protected static TrustManager[] getTrustManagers(KeyStore trustStore)
- throws GeneralSecurityException {
-
- if (trustStore == null)
- return null;
-
- // Initialize the default TrustManagerFactory with this KeyStore
- String alg=TrustManagerFactory.getDefaultAlgorithm();
- TrustManagerFactory tmFact=TrustManagerFactory.getInstance(alg);
- tmFact.init(trustStore);
-
- // And now get the TrustManagers
- TrustManager[] tms=tmFact.getTrustManagers();
- return tms;
- }
- /**
- * Loads the client key store from file and gets the
- * <code>KeyManager</code>s from a default <code>KeyManagerFactory</code>,
- * initialized from the given client key store.
- * @param clientKeyStoreType key store type of <code>clientKeyStore</code>
- * @param clientKeyStoreURL URL of key store containing keys to be used for
- * client authentication; if <code>null</code>, the default key store will be utilized
- * @param clientKeyStorePassword password used to check the integrity of the client key store;
- * if <code>null</code>, it will not be checked
- * @return <code>KeyManager</code>s to be used for creating an
- * <code>SSLSocketFactory</code> utilizing the given client key store
- * @throws IOException thrown while reading from the key store file
- * @throws GeneralSecurityException thrown while initializing the
- * default <code>KeyManagerFactory</code>
- */
- public static KeyManager[] getKeyManagers (
- String clientKeyStoreType,
- String clientKeyStoreURL,
- String clientKeyStorePassword)
- throws IOException, GeneralSecurityException {
-
- if (clientKeyStoreURL == null)
- return null;
-
- // Set up the KeyStore to use. We need to load the file into
- // a KeyStore instance.
- KeyStore clientKeyStore = KeyStoreUtils.loadKeyStore(
- clientKeyStoreType, clientKeyStoreURL, clientKeyStorePassword);
- return getKeyManagers(clientKeyStore, clientKeyStorePassword);
- }
- /**
- * Gets the <code>KeyManager</code>s from a default <code>KeyManagerFactory</code>,
- * initialized from the given client key store.
- * @param clientKeyStore client key store
- * @param clientKeyStorePassword if provided, it will be used to check
- * the integrity of the client key store; if omitted, it will not be checked
- * @return <code>KeyManager</code>s to be used for creating an
- * <code>SSLSocketFactory</code> utilizing the given client key store
- * @throws GeneralSecurityException thrown while initializing the
- * default <code>KeyManagerFactory</code>
- */
- public static KeyManager[] getKeyManagers (
- KeyStore clientKeyStore,
- String clientKeyStorePassword)
- throws GeneralSecurityException {
-
- if (clientKeyStore == null)
- return null;
-
- // Now we initialize the default KeyManagerFactory with this KeyStore
- String alg=KeyManagerFactory.getDefaultAlgorithm();
- KeyManagerFactory kmFact=KeyManagerFactory.getInstance(alg);
- char[] password = null;
- if (clientKeyStorePassword != null)
- password = clientKeyStorePassword.toCharArray();
- kmFact.init(clientKeyStore, password);
-
- // And now get the KeyManagers
- KeyManager[] kms=kmFact.getKeyManagers();
- return kms;
- }
-}
diff --git a/id/server/moa-id-commons/src/main/resources/META-INF/persistence.xml b/id/server/moa-id-commons/src/main/resources/META-INF/persistence.xml
deleted file mode 100644
index 9bebfa66f..000000000
--- a/id/server/moa-id-commons/src/main/resources/META-INF/persistence.xml
+++ /dev/null
@@ -1,16 +0,0 @@
-<?xml version="1.0" encoding="UTF-8"?>
-<persistence xmlns="http://java.sun.com/xml/ns/persistence"
- xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
- xsi:schemaLocation="http://java.sun.com/xml/ns/persistence
-http://java.sun.com/xml/ns/persistence/persistence_2_0.xsd"
- version="2.0">
-
- <persistence-unit name="config" transaction-type="RESOURCE_LOCAL">
- <provider>org.hibernate.ejb.HibernatePersistence</provider>
- <class>at.gv.egovernment.moa.id.commons.db.dao.config.ConfigProperty</class>
- <!-- <class>at.gv.egovernment.moa.id.commons.db.dao.config.UserDatabase</class> -->
- <properties>
- </properties>
- </persistence-unit>
-
-</persistence> \ No newline at end of file
diff --git a/id/server/moa-id-commons/src/main/resources/configuration.beans.xml b/id/server/moa-id-commons/src/main/resources/configuration.beans.xml
index 4d3caea8c..b97b1c88b 100644
--- a/id/server/moa-id-commons/src/main/resources/configuration.beans.xml
+++ b/id/server/moa-id-commons/src/main/resources/configuration.beans.xml
@@ -17,6 +17,7 @@
<bean id="moaidconfig" class="at.gv.egovernment.moa.id.commons.config.persistence.MOAIDConfigurationImpl" />
<bean name="config" id="entityManagerFactory" class="org.springframework.orm.jpa.LocalContainerEntityManagerFactoryBean">
+ <property name="packagesToScan" value="at.gv.egovernment.moa.id.commons.db.dao.config" />
<property name="dataSource" ref="dataSource" />
<property name="jpaVendorAdapter" ref="jpaVendorAdapter" />
<property name="persistenceUnitName" value="config" />
diff --git a/id/server/moa-id-commons/src/main/resources/hibernate_moasession.cfg.xml b/id/server/moa-id-commons/src/main/resources/hibernate_moasession.cfg.xml
deleted file mode 100644
index e40c8b8a9..000000000
--- a/id/server/moa-id-commons/src/main/resources/hibernate_moasession.cfg.xml
+++ /dev/null
@@ -1,15 +0,0 @@
-<?xml version='1.0' encoding='utf-8'?>
-<!DOCTYPE hibernate-configuration PUBLIC
-"-//Hibernate/Hibernate Configuration DTD 3.0//EN"
-"http://www.hibernate.org/dtd/hibernate-configuration-3.0.dtd">
-
-<hibernate-configuration>
- <session-factory>
- <!-- MOA Session handling mapping files -->
- <mapping class="at.gv.egovernment.moa.id.commons.db.dao.session.AssertionStore"/>
- <mapping class="at.gv.egovernment.moa.id.commons.db.dao.session.AuthenticatedSessionStore"/>
- <mapping class="at.gv.egovernment.moa.id.commons.db.dao.session.OASessionStore"/>
- <mapping class="at.gv.egovernment.moa.id.commons.db.dao.session.OldSSOSessionIDStore"/>
- <mapping class="at.gv.egovernment.moa.id.commons.db.dao.session.ExceptionStore"/>
- </session-factory>
-</hibernate-configuration> \ No newline at end of file
diff --git a/id/server/moa-id-commons/src/main/resources/hibernate_statistic.cfg.xml b/id/server/moa-id-commons/src/main/resources/hibernate_statistic.cfg.xml
deleted file mode 100644
index aa77a9c67..000000000
--- a/id/server/moa-id-commons/src/main/resources/hibernate_statistic.cfg.xml
+++ /dev/null
@@ -1,11 +0,0 @@
-<?xml version='1.0' encoding='utf-8'?>
-<!DOCTYPE hibernate-configuration PUBLIC
-"-//Hibernate/Hibernate Configuration DTD 3.0//EN"
-"http://www.hibernate.org/dtd/hibernate-configuration-3.0.dtd">
-
-<hibernate-configuration>
- <session-factory>
- <!-- MOA advanced statistic handling mapping files -->
- <mapping class="at.gv.egovernment.moa.id.commons.db.dao.statistic.StatisticLog"/>
- </session-factory>
-</hibernate-configuration> \ No newline at end of file
diff --git a/id/server/moa-id-commons/src/main/resources/statistic.logging.beans.xml b/id/server/moa-id-commons/src/main/resources/statistic.logging.beans.xml
new file mode 100644
index 000000000..9b00ff3cd
--- /dev/null
+++ b/id/server/moa-id-commons/src/main/resources/statistic.logging.beans.xml
@@ -0,0 +1,74 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<beans profile="advancedLogOn"
+ xmlns="http://www.springframework.org/schema/beans"
+ xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
+ xmlns:context="http://www.springframework.org/schema/context"
+ xmlns:tx="http://www.springframework.org/schema/tx"
+ xmlns:aop="http://www.springframework.org/schema/aop"
+ xmlns:p="http://www.springframework.org/schema/p"
+ xsi:schemaLocation="http://www.springframework.org/schema/aop http://www.springframework.org/schema/aop/spring-aop-3.1.xsd
+ http://www.springframework.org/schema/beans http://www.springframework.org/schema/beans/spring-beans.xsd
+ http://www.springframework.org/schema/context http://www.springframework.org/schema/context/spring-context-3.1.xsd
+ http://www.springframework.org/schema/tx http://www.springframework.org/schema/tx/spring-tx-3.0.xsd">
+
+ <context:annotation-config></context:annotation-config>
+ <tx:annotation-driven transaction-manager="statisticLogTransactionManager"/>
+
+ <bean id="statisticLogDataSource" class="org.apache.commons.dbcp2.BasicDataSource" lazy-init="true" destroy-method="close">
+ <aop:scoped-proxy/>
+ <property name="driverClassName" value="${advancedlogging.hibernate.connection.driver_class}" />
+ <property name="url" value="${advancedlogging.hibernate.connection.url}"/>
+ <property name="username" value="${advancedlogging.hibernate.connection.username}" />
+ <property name="password" value="${advancedlogging.hibernate.connection.password}" />
+
+ <property name="connectionProperties" value="${advancedlogging.dbcp.connectionProperties}" />
+ <property name="initialSize" value="${advancedlogging.dbcp.initialSize}" />
+ <property name="maxTotal" value="${advancedlogging.dbcp.maxActive}" />
+ <property name="maxIdle" value="${advancedlogging.dbcp.maxIdle}" />
+ <property name="minIdle" value="${advancedlogging.dbcp.minIdle}" />
+ <!-- property name="maxWait" value="${moasession.dbcp.maxWaitMillis}" / -->
+ <property name="testOnBorrow" value="${advancedlogging.dbcp.testOnBorrow}" />
+ <property name="testOnReturn" value="${advancedlogging.dbcp.testOnReturn}" />
+ <property name="testWhileIdle" value="${advancedlogging.dbcp.testWhileIdle}" />
+ <property name="validationQuery" value="${advancedlogging.dbcp.validationQuery}" />
+ </bean>
+
+<!-- <bean id="statisticLogSessionFactory" class="org.springframework.orm.hibernate5.LocalSessionFactoryBean">
+ <property name="dataSource" ref="statisticLogDataSource"/>
+ <property name="packagesToScan" value="at.gv.egovernment.moa.id.commons.db.dao.statistic" />
+ <property name="hibernateProperties">
+
+ <props>
+ <prop key="hibernate.dialect">${advancedlogging.hibernate.dialect}</prop>
+ <prop key="hibernate.show_sql">${advancedlogging.hibernate.show_sql}</prop>
+ <prop key="hibernate.hbm2ddl.auto">${advancedlogging.hibernate.hbm2ddl.auto}</prop>
+ <prop key="current_session_context_class">${advancedlogging.hibernate.current_session_context_class}</prop>
+ <prop key="hibernate.transaction.flush_before_completion">${advancedlogging.hibernate.transaction.flush_before_completion}</prop>
+ <prop key="hibernate.transaction.auto_close_session">${advancedlogging.hibernate.transaction.auto_close_session}</prop>
+ </props>
+ </property>
+ </bean> -->
+
+
+ <!-- bean id="statisticLogDBUtils" class="at.gv.egovernment.moa.id.commons.db.StatisticLogDBUtils"/-->
+
+ <bean name="statisticLogTransactionManager" id="statisticLogTransactionManager" class="org.springframework.orm.jpa.JpaTransactionManager">
+ <property name="entityManagerFactory" ref="statistic" />
+ </bean>
+
+ <bean id="statisticJpaVendorAdapter" class="org.springframework.orm.jpa.vendor.HibernateJpaVendorAdapter">
+ <property name="showSql" value="${advancedlogging.hibernate.show_sql}" />
+ <property name="generateDdl" value="${advancedlogging.jpaVendorAdapter.generateDdl}" />
+ <property name="databasePlatform" value="${advancedlogging.hibernate.dialect}" />
+ </bean>
+
+ <bean name="statistic" id="statistic" class="org.springframework.orm.jpa.LocalContainerEntityManagerFactoryBean">
+ <property name="dataSource" ref="statisticLogDataSource" />
+ <property name="jpaVendorAdapter" ref="statisticJpaVendorAdapter" />
+ <property name="packagesToScan" value="at.gv.egovernment.moa.id.commons.db.dao.statistic" />
+ <property name="persistenceUnitName" value="statistic" />
+ </bean>
+
+
+
+</beans> \ No newline at end of file
diff --git a/id/server/moa-id-commons/src/test/java/test/at/gv/egovernment/moa/AllTests.java b/id/server/moa-id-commons/src/test/java/test/at/gv/egovernment/moa/AllTests.java
index c0a93bf03..16d1e5adc 100644
--- a/id/server/moa-id-commons/src/test/java/test/at/gv/egovernment/moa/AllTests.java
+++ b/id/server/moa-id-commons/src/test/java/test/at/gv/egovernment/moa/AllTests.java
@@ -1,56 +1,56 @@
-/*
- * Copyright 2003 Federal Chancellery Austria
- * MOA-ID has been developed in a cooperation between BRZ, the Federal
- * Chancellery Austria - ICT staff unit, and Graz University of Technology.
- *
- * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by
- * the European Commission - subsequent versions of the EUPL (the "Licence");
- * You may not use this work except in compliance with the Licence.
- * You may obtain a copy of the Licence at:
- * http://www.osor.eu/eupl/
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the Licence is distributed on an "AS IS" basis,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the Licence for the specific language governing permissions and
- * limitations under the Licence.
- *
- * This product combines work with different licenses. See the "NOTICE" text
- * file for details on the various modules and licenses.
- * The "NOTICE" text file is part of the distribution. Any derivative works
- * that you distribute must include a readable copy of the "NOTICE" text file.
- */
-
-
-package test.at.gv.egovernment.moa;
-
-import junit.awtui.TestRunner;
-import junit.framework.Test;
-import junit.framework.TestSuite;
-
-/**
- * @author patrick
- * @version $Id$
- */
-public class AllTests {
-
- public static Test suite() {
- TestSuite suite = new TestSuite();
-
-// suite.addTestSuite(DOMUtilsTest.class);
-// suite.addTestSuite(DateTimeUtilsTest.class);
-// suite.addTestSuite(XPathUtilsTest.class);
-// suite.addTestSuite(KeyStoreUtilsTest.class);
-// suite.addTestSuite(SSLUtilsTest.class);
-
- return suite;
- }
-
- public static void main(String[] args) {
- try {
- TestRunner.run(AllTests.class);
- } catch (Exception e) {
- e.printStackTrace();
- }
- }
-}
+///*
+// * Copyright 2003 Federal Chancellery Austria
+// * MOA-ID has been developed in a cooperation between BRZ, the Federal
+// * Chancellery Austria - ICT staff unit, and Graz University of Technology.
+// *
+// * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by
+// * the European Commission - subsequent versions of the EUPL (the "Licence");
+// * You may not use this work except in compliance with the Licence.
+// * You may obtain a copy of the Licence at:
+// * http://www.osor.eu/eupl/
+// *
+// * Unless required by applicable law or agreed to in writing, software
+// * distributed under the Licence is distributed on an "AS IS" basis,
+// * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+// * See the Licence for the specific language governing permissions and
+// * limitations under the Licence.
+// *
+// * This product combines work with different licenses. See the "NOTICE" text
+// * file for details on the various modules and licenses.
+// * The "NOTICE" text file is part of the distribution. Any derivative works
+// * that you distribute must include a readable copy of the "NOTICE" text file.
+// */
+//
+//
+//package test.at.gv.egovernment.moa;
+//
+//import junit.awtui.TestRunner;
+//import junit.framework.Test;
+//import junit.framework.TestSuite;
+//
+///**
+// * @author patrick
+// * @version $Id$
+// */
+//public class AllTests {
+//
+// public static Test suite() {
+// TestSuite suite = new TestSuite();
+//
+//// suite.addTestSuite(DOMUtilsTest.class);
+//// suite.addTestSuite(DateTimeUtilsTest.class);
+//// suite.addTestSuite(XPathUtilsTest.class);
+//// suite.addTestSuite(KeyStoreUtilsTest.class);
+//// suite.addTestSuite(SSLUtilsTest.class);
+//
+// return suite;
+// }
+//
+// public static void main(String[] args) {
+// try {
+// TestRunner.run(AllTests.class);
+// } catch (Exception e) {
+// e.printStackTrace();
+// }
+// }
+//}
diff --git a/id/server/moa-id-commons/src/test/java/test/at/gv/egovernment/moa/util/SSLUtilsTest.java b/id/server/moa-id-commons/src/test/java/test/at/gv/egovernment/moa/util/SSLUtilsTest.java
deleted file mode 100644
index 2b5094fb8..000000000
--- a/id/server/moa-id-commons/src/test/java/test/at/gv/egovernment/moa/util/SSLUtilsTest.java
+++ /dev/null
@@ -1,181 +0,0 @@
-/*
- * Copyright 2003 Federal Chancellery Austria
- * MOA-ID has been developed in a cooperation between BRZ, the Federal
- * Chancellery Austria - ICT staff unit, and Graz University of Technology.
- *
- * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by
- * the European Commission - subsequent versions of the EUPL (the "Licence");
- * You may not use this work except in compliance with the Licence.
- * You may obtain a copy of the Licence at:
- * http://www.osor.eu/eupl/
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the Licence is distributed on an "AS IS" basis,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the Licence for the specific language governing permissions and
- * limitations under the Licence.
- *
- * This product combines work with different licenses. See the "NOTICE" text
- * file for details on the various modules and licenses.
- * The "NOTICE" text file is part of the distribution. Any derivative works
- * that you distribute must include a readable copy of the "NOTICE" text file.
- */
-
-
-package test.at.gv.egovernment.moa.util;
-
-import java.net.URL;
-import java.security.KeyStore;
-import java.security.Security;
-
-import javax.net.ssl.SSLException;
-import javax.net.ssl.SSLSocketFactory;
-
-import junit.framework.TestCase;
-import at.gv.egovernment.moa.util.KeyStoreUtils;
-import at.gv.egovernment.moa.util.SSLUtils;
-
-import com.sun.net.ssl.HostnameVerifier;
-import com.sun.net.ssl.HttpsURLConnection;
-
-/**
- * @author Paul Ivancsics
- * @version $Id$
- */
-public class SSLUtilsTest extends TestCase {
-
- public SSLUtilsTest(String arg0) {
- super(arg0);
- }
-
-
- protected void setUp() throws Exception {
- //System.setProperty("javax.net.debug", "all");
- Security.addProvider(new com.sun.net.ssl.internal.ssl.Provider());
- System.setProperty("java.protocol.handler.pkgs", "com.sun.net.ssl.internal.www.protocol");
- System.setProperty("https.cipherSuites", "SSL_DHE_DSS_WITH_DES_CBC_SHA,SSL_DHE_DSS_WITH_3DES_EDE_CBC_SHA,SSL_DHE_DSS_EXPORT_WITH_DES40_CBC_SHA,SSL_RSA_WITH_DES_CBC_SHA,SSL_RSA_WITH_3DES_EDE_CBC_SHA,SSL_RSA_EXPORT_WITH_RC4_40_MD5");
- }
-
- public void testGetSSLSocketFactoryBaltimoreOK() throws Exception {
- doTestGetSSLSocketFactory(
- "GET",
- "https://www.baltimore.com/",
- false,
- "file:data/test/security/cacerts+gt_cybertrust_root",
- "changeit",
- true);
- }
- public void testGetSSLSocketFactoryBaltimoreNOK() throws Exception {
- doTestGetSSLSocketFactory(
- "GET",
- "https://www.baltimore.com/",
- false,
- "file:data/test/security/cacerts",
- "changeit",
- false);
- }
- public void testGetSSLSocketFactoryVerisignOK() throws Exception {
- doTestGetSSLSocketFactory(
- "GET",
- "https://www.verisign.com/",
- false,
- "file:data/test/security/cacerts",
- "changeit",
- true);
- }
- public void testGetSSLSocketFactoryVerisignNoTruststoreOK() throws Exception {
- doTestGetSSLSocketFactory(
- "GET",
- "https://www.verisign.com/",
- false,
- null,
- null,
- true);
- }
- public void testGetSSLSocketFactoryLocalhostOK() throws Exception {
- String urlString = "https://localhost:8443/moa-id-auth/index.jsp";
- doTestGetSSLSocketFactory(
- "GET",
- urlString,
- true,
- "file:data/test/security/server.keystore.tomcat",
- "changeit",
- true);
- }
- public void testGetSSLSocketFactoryLocalhostNOK() throws Exception {
- String urlString = "https://localhost:8443/moa-id-auth/index.jsp";
- doTestGetSSLSocketFactory(
- "GET",
- urlString,
- true,
- null,
- null,
- false);
- }
-
- public void doTestGetSSLSocketFactory(
- String requestMethod,
- String urlString,
- boolean useHostnameVerifierHack,
- String truststoreurl,
- String trustpassword,
- boolean shouldOk
- ) throws Exception {
-
- doTestGetSSLSocketFactory(
- requestMethod, urlString, useHostnameVerifierHack, truststoreurl, trustpassword, null, null, null, shouldOk);
- }
- public void doTestGetSSLSocketFactory(
- String requestMethod,
- String urlString,
- boolean useHostnameVerifierHack,
- String truststoreurl,
- String trustpassword,
- String keystoretype,
- String keystoreurl,
- String keypassword,
- boolean shouldOk
- ) throws Exception {
-
- KeyStore truststore = null;
- if (truststoreurl != null)
- truststore = KeyStoreUtils.loadKeyStore("jks", truststoreurl, trustpassword);
- SSLSocketFactory sf = SSLUtils.getSSLSocketFactory(
- truststore, keystoretype, keystoreurl, keypassword);
- System.out.println(requestMethod + " " + urlString);
-
- URL url = new URL(urlString);
- HttpsURLConnection conn = (HttpsURLConnection)url.openConnection();
- conn.setRequestMethod(requestMethod);
- conn.setDoInput(true);
- conn.setDoOutput(true);
- conn.setUseCaches(false);
- conn.setAllowUserInteraction(false);
- conn.setSSLSocketFactory(sf);
- if (useHostnameVerifierHack)
- conn.setHostnameVerifier(new HostnameVerifierHack());
- try {
- conn.connect();
- assertTrue(shouldOk);
- assertEquals(200, conn.getResponseCode());
- conn.disconnect();
- }
- catch (SSLException ex) {
- assertFalse(shouldOk);
- }
- }
-// private byte[] readTruststore(String filename) throws IOException {
-// if (filename == null)
-// return null;
-// FileInputStream in = new FileInputStream(filename);
-// byte[] buffer = new byte[in.available()];
-// in.read(buffer);
-// in.close();
-// return buffer;
-// }
- private class HostnameVerifierHack implements HostnameVerifier {
- public boolean verify(String arg0, String arg1) {
- return true;
- }
- }
-}
diff --git a/id/server/moa-id-jaxb_classes/pom.xml b/id/server/moa-id-jaxb_classes/pom.xml
new file mode 100644
index 000000000..9dbb28dfe
--- /dev/null
+++ b/id/server/moa-id-jaxb_classes/pom.xml
@@ -0,0 +1,55 @@
+<project xmlns="http://maven.apache.org/POM/4.0.0" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 http://maven.apache.org/xsd/maven-4.0.0.xsd">
+ <modelVersion>4.0.0</modelVersion>
+ <parent>
+ <groupId>MOA.id</groupId>
+ <artifactId>moa-id</artifactId>
+ <version>3.x</version>
+ </parent>
+ <groupId>MOA.id.server</groupId>
+ <artifactId>moa-id-jaxb_classes</artifactId>
+
+
+ <profiles>
+ <profile>
+ <id>default</id>
+ <activation>
+ <activeByDefault>true</activeByDefault>
+ </activation>
+ <repositories>
+ <repository>
+ <id>local</id>
+ <name>local</name>
+ <url>file:${basedir}/../../../repository</url>
+ </repository>
+ <repository>
+ <id>shibboleth.internet2.edu</id>
+ <name>Internet2</name>
+ <url>https://build.shibboleth.net/nexus/content/groups/public/</url>
+ </repository>
+ <repository>
+ <id>hyberjaxb</id>
+ <url>http://repository.highsource.org/maven2/releases/</url>
+ <releases>
+ <enabled>false</enabled>
+ </releases>
+ </repository>
+ <repository>
+ <id>jboss</id>
+ <url>https://repository.jboss.org/nexus/content/repositories/central/</url>
+ <releases>
+ <enabled>true</enabled>
+ </releases>
+ </repository>
+ <repository>
+ <id>egiz-commons</id>
+ <url>https://demo.egiz.gv.at/int-repo/</url>
+ <releases>
+ <enabled>true</enabled>
+ </releases>
+ </repository>
+ </repositories>
+ </profile>
+ </profiles>
+
+ <version>${moa-id-version}</version>
+</project> \ No newline at end of file
diff --git a/id/server/idserverlib/src/main/java/at/gv/e_government/reference/namespace/mandates/_20040701_/Issued.java b/id/server/moa-id-jaxb_classes/src/main/java/at/gv/e_government/reference/namespace/mandates/_20040701_/Issued.java
index c2d950ee3..c2d950ee3 100644
--- a/id/server/idserverlib/src/main/java/at/gv/e_government/reference/namespace/mandates/_20040701_/Issued.java
+++ b/id/server/moa-id-jaxb_classes/src/main/java/at/gv/e_government/reference/namespace/mandates/_20040701_/Issued.java
diff --git a/id/server/idserverlib/src/main/java/at/gv/e_government/reference/namespace/mandates/_20040701_/Mandate.java b/id/server/moa-id-jaxb_classes/src/main/java/at/gv/e_government/reference/namespace/mandates/_20040701_/Mandate.java
index e16ad89c5..e16ad89c5 100644
--- a/id/server/idserverlib/src/main/java/at/gv/e_government/reference/namespace/mandates/_20040701_/Mandate.java
+++ b/id/server/moa-id-jaxb_classes/src/main/java/at/gv/e_government/reference/namespace/mandates/_20040701_/Mandate.java
diff --git a/id/server/idserverlib/src/main/java/at/gv/e_government/reference/namespace/mandates/_20040701_/Mandator.java b/id/server/moa-id-jaxb_classes/src/main/java/at/gv/e_government/reference/namespace/mandates/_20040701_/Mandator.java
index de7ded5f0..de7ded5f0 100644
--- a/id/server/idserverlib/src/main/java/at/gv/e_government/reference/namespace/mandates/_20040701_/Mandator.java
+++ b/id/server/moa-id-jaxb_classes/src/main/java/at/gv/e_government/reference/namespace/mandates/_20040701_/Mandator.java
diff --git a/id/server/idserverlib/src/main/java/at/gv/e_government/reference/namespace/mandates/_20040701_/ObjectFactory.java b/id/server/moa-id-jaxb_classes/src/main/java/at/gv/e_government/reference/namespace/mandates/_20040701_/ObjectFactory.java
index 4c5993d09..4c5993d09 100644
--- a/id/server/idserverlib/src/main/java/at/gv/e_government/reference/namespace/mandates/_20040701_/ObjectFactory.java
+++ b/id/server/moa-id-jaxb_classes/src/main/java/at/gv/e_government/reference/namespace/mandates/_20040701_/ObjectFactory.java
diff --git a/id/server/idserverlib/src/main/java/at/gv/e_government/reference/namespace/mandates/_20040701_/ParameterDefinition.java b/id/server/moa-id-jaxb_classes/src/main/java/at/gv/e_government/reference/namespace/mandates/_20040701_/ParameterDefinition.java
index 4ea066295..4ea066295 100644
--- a/id/server/idserverlib/src/main/java/at/gv/e_government/reference/namespace/mandates/_20040701_/ParameterDefinition.java
+++ b/id/server/moa-id-jaxb_classes/src/main/java/at/gv/e_government/reference/namespace/mandates/_20040701_/ParameterDefinition.java
diff --git a/id/server/idserverlib/src/main/java/at/gv/e_government/reference/namespace/mandates/_20040701_/ParameterisedDescriptionType.java b/id/server/moa-id-jaxb_classes/src/main/java/at/gv/e_government/reference/namespace/mandates/_20040701_/ParameterisedDescriptionType.java
index a7f1410be..a7f1410be 100644
--- a/id/server/idserverlib/src/main/java/at/gv/e_government/reference/namespace/mandates/_20040701_/ParameterisedDescriptionType.java
+++ b/id/server/moa-id-jaxb_classes/src/main/java/at/gv/e_government/reference/namespace/mandates/_20040701_/ParameterisedDescriptionType.java
diff --git a/id/server/idserverlib/src/main/java/at/gv/e_government/reference/namespace/mandates/_20040701_/ParameterisedTextType.java b/id/server/moa-id-jaxb_classes/src/main/java/at/gv/e_government/reference/namespace/mandates/_20040701_/ParameterisedTextType.java
index ec90a9ffb..ec90a9ffb 100644
--- a/id/server/idserverlib/src/main/java/at/gv/e_government/reference/namespace/mandates/_20040701_/ParameterisedTextType.java
+++ b/id/server/moa-id-jaxb_classes/src/main/java/at/gv/e_government/reference/namespace/mandates/_20040701_/ParameterisedTextType.java
diff --git a/id/server/idserverlib/src/main/java/at/gv/e_government/reference/namespace/mandates/_20040701_/PasteParameter.java b/id/server/moa-id-jaxb_classes/src/main/java/at/gv/e_government/reference/namespace/mandates/_20040701_/PasteParameter.java
index d130a97ab..d130a97ab 100644
--- a/id/server/idserverlib/src/main/java/at/gv/e_government/reference/namespace/mandates/_20040701_/PasteParameter.java
+++ b/id/server/moa-id-jaxb_classes/src/main/java/at/gv/e_government/reference/namespace/mandates/_20040701_/PasteParameter.java
diff --git a/id/server/idserverlib/src/main/java/at/gv/e_government/reference/namespace/mandates/_20040701_/PropertiesType.java b/id/server/moa-id-jaxb_classes/src/main/java/at/gv/e_government/reference/namespace/mandates/_20040701_/PropertiesType.java
index 43de36cdd..43de36cdd 100644
--- a/id/server/idserverlib/src/main/java/at/gv/e_government/reference/namespace/mandates/_20040701_/PropertiesType.java
+++ b/id/server/moa-id-jaxb_classes/src/main/java/at/gv/e_government/reference/namespace/mandates/_20040701_/PropertiesType.java
diff --git a/id/server/idserverlib/src/main/java/at/gv/e_government/reference/namespace/mandates/_20040701_/Representative.java b/id/server/moa-id-jaxb_classes/src/main/java/at/gv/e_government/reference/namespace/mandates/_20040701_/Representative.java
index 3d2e7935a..3d2e7935a 100644
--- a/id/server/idserverlib/src/main/java/at/gv/e_government/reference/namespace/mandates/_20040701_/Representative.java
+++ b/id/server/moa-id-jaxb_classes/src/main/java/at/gv/e_government/reference/namespace/mandates/_20040701_/Representative.java
diff --git a/id/server/idserverlib/src/main/java/at/gv/e_government/reference/namespace/mandates/_20040701_/SetParameter.java b/id/server/moa-id-jaxb_classes/src/main/java/at/gv/e_government/reference/namespace/mandates/_20040701_/SetParameter.java
index 3fc572dc4..3fc572dc4 100644
--- a/id/server/idserverlib/src/main/java/at/gv/e_government/reference/namespace/mandates/_20040701_/SetParameter.java
+++ b/id/server/moa-id-jaxb_classes/src/main/java/at/gv/e_government/reference/namespace/mandates/_20040701_/SetParameter.java
diff --git a/id/server/idserverlib/src/main/java/at/gv/e_government/reference/namespace/mandates/_20040701_/SimpleMandateContentType.java b/id/server/moa-id-jaxb_classes/src/main/java/at/gv/e_government/reference/namespace/mandates/_20040701_/SimpleMandateContentType.java
index efb341189..efb341189 100644
--- a/id/server/idserverlib/src/main/java/at/gv/e_government/reference/namespace/mandates/_20040701_/SimpleMandateContentType.java
+++ b/id/server/moa-id-jaxb_classes/src/main/java/at/gv/e_government/reference/namespace/mandates/_20040701_/SimpleMandateContentType.java
diff --git a/id/server/idserverlib/src/main/java/at/gv/e_government/reference/namespace/mandates/_20040701_/package-info.java b/id/server/moa-id-jaxb_classes/src/main/java/at/gv/e_government/reference/namespace/mandates/_20040701_/package-info.java
index 061074c1a..061074c1a 100644
--- a/id/server/idserverlib/src/main/java/at/gv/e_government/reference/namespace/mandates/_20040701_/package-info.java
+++ b/id/server/moa-id-jaxb_classes/src/main/java/at/gv/e_government/reference/namespace/mandates/_20040701_/package-info.java
diff --git a/id/server/idserverlib/src/main/java/at/gv/e_government/reference/namespace/persondata/_20020228_/AbstractAddressType.java b/id/server/moa-id-jaxb_classes/src/main/java/at/gv/e_government/reference/namespace/persondata/_20020228_/AbstractAddressType.java
index de1027a1b..de1027a1b 100644
--- a/id/server/idserverlib/src/main/java/at/gv/e_government/reference/namespace/persondata/_20020228_/AbstractAddressType.java
+++ b/id/server/moa-id-jaxb_classes/src/main/java/at/gv/e_government/reference/namespace/persondata/_20020228_/AbstractAddressType.java
diff --git a/id/server/idserverlib/src/main/java/at/gv/e_government/reference/namespace/persondata/_20020228_/AbstractPersonType.java b/id/server/moa-id-jaxb_classes/src/main/java/at/gv/e_government/reference/namespace/persondata/_20020228_/AbstractPersonType.java
index 38bc0c680..38bc0c680 100644
--- a/id/server/idserverlib/src/main/java/at/gv/e_government/reference/namespace/persondata/_20020228_/AbstractPersonType.java
+++ b/id/server/moa-id-jaxb_classes/src/main/java/at/gv/e_government/reference/namespace/persondata/_20020228_/AbstractPersonType.java
diff --git a/id/server/idserverlib/src/main/java/at/gv/e_government/reference/namespace/persondata/_20020228_/CorporateBodyType.java b/id/server/moa-id-jaxb_classes/src/main/java/at/gv/e_government/reference/namespace/persondata/_20020228_/CorporateBodyType.java
index 7bbe7ac53..7bbe7ac53 100644
--- a/id/server/idserverlib/src/main/java/at/gv/e_government/reference/namespace/persondata/_20020228_/CorporateBodyType.java
+++ b/id/server/moa-id-jaxb_classes/src/main/java/at/gv/e_government/reference/namespace/persondata/_20020228_/CorporateBodyType.java
diff --git a/id/server/idserverlib/src/main/java/at/gv/e_government/reference/namespace/persondata/_20020228_/DefinedAlternativeNameTypeType.java b/id/server/moa-id-jaxb_classes/src/main/java/at/gv/e_government/reference/namespace/persondata/_20020228_/DefinedAlternativeNameTypeType.java
index 45e786a23..45e786a23 100644
--- a/id/server/idserverlib/src/main/java/at/gv/e_government/reference/namespace/persondata/_20020228_/DefinedAlternativeNameTypeType.java
+++ b/id/server/moa-id-jaxb_classes/src/main/java/at/gv/e_government/reference/namespace/persondata/_20020228_/DefinedAlternativeNameTypeType.java
diff --git a/id/server/idserverlib/src/main/java/at/gv/e_government/reference/namespace/persondata/_20020228_/DefinedRelationType.java b/id/server/moa-id-jaxb_classes/src/main/java/at/gv/e_government/reference/namespace/persondata/_20020228_/DefinedRelationType.java
index 7eda59b00..7eda59b00 100644
--- a/id/server/idserverlib/src/main/java/at/gv/e_government/reference/namespace/persondata/_20020228_/DefinedRelationType.java
+++ b/id/server/moa-id-jaxb_classes/src/main/java/at/gv/e_government/reference/namespace/persondata/_20020228_/DefinedRelationType.java
diff --git a/id/server/idserverlib/src/main/java/at/gv/e_government/reference/namespace/persondata/_20020228_/IdentificationType.java b/id/server/moa-id-jaxb_classes/src/main/java/at/gv/e_government/reference/namespace/persondata/_20020228_/IdentificationType.java
index 39cdda9cb..39cdda9cb 100644
--- a/id/server/idserverlib/src/main/java/at/gv/e_government/reference/namespace/persondata/_20020228_/IdentificationType.java
+++ b/id/server/moa-id-jaxb_classes/src/main/java/at/gv/e_government/reference/namespace/persondata/_20020228_/IdentificationType.java
diff --git a/id/server/idserverlib/src/main/java/at/gv/e_government/reference/namespace/persondata/_20020228_/InternetAddressType.java b/id/server/moa-id-jaxb_classes/src/main/java/at/gv/e_government/reference/namespace/persondata/_20020228_/InternetAddressType.java
index 77a0d6d9b..77a0d6d9b 100644
--- a/id/server/idserverlib/src/main/java/at/gv/e_government/reference/namespace/persondata/_20020228_/InternetAddressType.java
+++ b/id/server/moa-id-jaxb_classes/src/main/java/at/gv/e_government/reference/namespace/persondata/_20020228_/InternetAddressType.java
diff --git a/id/server/idserverlib/src/main/java/at/gv/e_government/reference/namespace/persondata/_20020228_/MaritalStatusType.java b/id/server/moa-id-jaxb_classes/src/main/java/at/gv/e_government/reference/namespace/persondata/_20020228_/MaritalStatusType.java
index 6dfbe424d..6dfbe424d 100644
--- a/id/server/idserverlib/src/main/java/at/gv/e_government/reference/namespace/persondata/_20020228_/MaritalStatusType.java
+++ b/id/server/moa-id-jaxb_classes/src/main/java/at/gv/e_government/reference/namespace/persondata/_20020228_/MaritalStatusType.java
diff --git a/id/server/idserverlib/src/main/java/at/gv/e_government/reference/namespace/persondata/_20020228_/MobileTelcomNumberType.java b/id/server/moa-id-jaxb_classes/src/main/java/at/gv/e_government/reference/namespace/persondata/_20020228_/MobileTelcomNumberType.java
index 828128e4c..828128e4c 100644
--- a/id/server/idserverlib/src/main/java/at/gv/e_government/reference/namespace/persondata/_20020228_/MobileTelcomNumberType.java
+++ b/id/server/moa-id-jaxb_classes/src/main/java/at/gv/e_government/reference/namespace/persondata/_20020228_/MobileTelcomNumberType.java
diff --git a/id/server/idserverlib/src/main/java/at/gv/e_government/reference/namespace/persondata/_20020228_/ObjectFactory.java b/id/server/moa-id-jaxb_classes/src/main/java/at/gv/e_government/reference/namespace/persondata/_20020228_/ObjectFactory.java
index 77450bb79..77450bb79 100644
--- a/id/server/idserverlib/src/main/java/at/gv/e_government/reference/namespace/persondata/_20020228_/ObjectFactory.java
+++ b/id/server/moa-id-jaxb_classes/src/main/java/at/gv/e_government/reference/namespace/persondata/_20020228_/ObjectFactory.java
diff --git a/id/server/idserverlib/src/main/java/at/gv/e_government/reference/namespace/persondata/_20020228_/PersonDataType.java b/id/server/moa-id-jaxb_classes/src/main/java/at/gv/e_government/reference/namespace/persondata/_20020228_/PersonDataType.java
index 2611f1d34..2611f1d34 100644
--- a/id/server/idserverlib/src/main/java/at/gv/e_government/reference/namespace/persondata/_20020228_/PersonDataType.java
+++ b/id/server/moa-id-jaxb_classes/src/main/java/at/gv/e_government/reference/namespace/persondata/_20020228_/PersonDataType.java
diff --git a/id/server/idserverlib/src/main/java/at/gv/e_government/reference/namespace/persondata/_20020228_/PersonNameType.java b/id/server/moa-id-jaxb_classes/src/main/java/at/gv/e_government/reference/namespace/persondata/_20020228_/PersonNameType.java
index f272ae433..f272ae433 100644
--- a/id/server/idserverlib/src/main/java/at/gv/e_government/reference/namespace/persondata/_20020228_/PersonNameType.java
+++ b/id/server/moa-id-jaxb_classes/src/main/java/at/gv/e_government/reference/namespace/persondata/_20020228_/PersonNameType.java
diff --git a/id/server/idserverlib/src/main/java/at/gv/e_government/reference/namespace/persondata/_20020228_/PhysicalPersonType.java b/id/server/moa-id-jaxb_classes/src/main/java/at/gv/e_government/reference/namespace/persondata/_20020228_/PhysicalPersonType.java
index 7555dcb53..7555dcb53 100644
--- a/id/server/idserverlib/src/main/java/at/gv/e_government/reference/namespace/persondata/_20020228_/PhysicalPersonType.java
+++ b/id/server/moa-id-jaxb_classes/src/main/java/at/gv/e_government/reference/namespace/persondata/_20020228_/PhysicalPersonType.java
diff --git a/id/server/idserverlib/src/main/java/at/gv/e_government/reference/namespace/persondata/_20020228_/PostalAddressType.java b/id/server/moa-id-jaxb_classes/src/main/java/at/gv/e_government/reference/namespace/persondata/_20020228_/PostalAddressType.java
index dacaa1340..dacaa1340 100644
--- a/id/server/idserverlib/src/main/java/at/gv/e_government/reference/namespace/persondata/_20020228_/PostalAddressType.java
+++ b/id/server/moa-id-jaxb_classes/src/main/java/at/gv/e_government/reference/namespace/persondata/_20020228_/PostalAddressType.java
diff --git a/id/server/idserverlib/src/main/java/at/gv/e_government/reference/namespace/persondata/_20020228_/SexType.java b/id/server/moa-id-jaxb_classes/src/main/java/at/gv/e_government/reference/namespace/persondata/_20020228_/SexType.java
index 669a99164..669a99164 100644
--- a/id/server/idserverlib/src/main/java/at/gv/e_government/reference/namespace/persondata/_20020228_/SexType.java
+++ b/id/server/moa-id-jaxb_classes/src/main/java/at/gv/e_government/reference/namespace/persondata/_20020228_/SexType.java
diff --git a/id/server/idserverlib/src/main/java/at/gv/e_government/reference/namespace/persondata/_20020228_/TelcomNumberListType.java b/id/server/moa-id-jaxb_classes/src/main/java/at/gv/e_government/reference/namespace/persondata/_20020228_/TelcomNumberListType.java
index 8f220eec4..8f220eec4 100644
--- a/id/server/idserverlib/src/main/java/at/gv/e_government/reference/namespace/persondata/_20020228_/TelcomNumberListType.java
+++ b/id/server/moa-id-jaxb_classes/src/main/java/at/gv/e_government/reference/namespace/persondata/_20020228_/TelcomNumberListType.java
diff --git a/id/server/idserverlib/src/main/java/at/gv/e_government/reference/namespace/persondata/_20020228_/TelcomNumberType.java b/id/server/moa-id-jaxb_classes/src/main/java/at/gv/e_government/reference/namespace/persondata/_20020228_/TelcomNumberType.java
index 838ae5a45..838ae5a45 100644
--- a/id/server/idserverlib/src/main/java/at/gv/e_government/reference/namespace/persondata/_20020228_/TelcomNumberType.java
+++ b/id/server/moa-id-jaxb_classes/src/main/java/at/gv/e_government/reference/namespace/persondata/_20020228_/TelcomNumberType.java
diff --git a/id/server/idserverlib/src/main/java/at/gv/e_government/reference/namespace/persondata/_20020228_/TelephoneAddressType.java b/id/server/moa-id-jaxb_classes/src/main/java/at/gv/e_government/reference/namespace/persondata/_20020228_/TelephoneAddressType.java
index 350e5090a..350e5090a 100644
--- a/id/server/idserverlib/src/main/java/at/gv/e_government/reference/namespace/persondata/_20020228_/TelephoneAddressType.java
+++ b/id/server/moa-id-jaxb_classes/src/main/java/at/gv/e_government/reference/namespace/persondata/_20020228_/TelephoneAddressType.java
diff --git a/id/server/idserverlib/src/main/java/at/gv/e_government/reference/namespace/persondata/_20020228_/TypedPostalAddressType.java b/id/server/moa-id-jaxb_classes/src/main/java/at/gv/e_government/reference/namespace/persondata/_20020228_/TypedPostalAddressType.java
index 15b294cc5..15b294cc5 100644
--- a/id/server/idserverlib/src/main/java/at/gv/e_government/reference/namespace/persondata/_20020228_/TypedPostalAddressType.java
+++ b/id/server/moa-id-jaxb_classes/src/main/java/at/gv/e_government/reference/namespace/persondata/_20020228_/TypedPostalAddressType.java
diff --git a/id/server/idserverlib/src/main/java/at/gv/e_government/reference/namespace/persondata/_20020228_/package-info.java b/id/server/moa-id-jaxb_classes/src/main/java/at/gv/e_government/reference/namespace/persondata/_20020228_/package-info.java
index ac6e42243..ac6e42243 100644
--- a/id/server/idserverlib/src/main/java/at/gv/e_government/reference/namespace/persondata/_20020228_/package-info.java
+++ b/id/server/moa-id-jaxb_classes/src/main/java/at/gv/e_government/reference/namespace/persondata/_20020228_/package-info.java
diff --git a/id/server/idserverlib/src/main/java/org/w3/_2000/_09/xmldsig_/CanonicalizationMethodType.java b/id/server/moa-id-jaxb_classes/src/main/java/org/w3/_2000/_09/xmldsig_/CanonicalizationMethodType.java
index dcb81c09c..dcb81c09c 100644
--- a/id/server/idserverlib/src/main/java/org/w3/_2000/_09/xmldsig_/CanonicalizationMethodType.java
+++ b/id/server/moa-id-jaxb_classes/src/main/java/org/w3/_2000/_09/xmldsig_/CanonicalizationMethodType.java
diff --git a/id/server/idserverlib/src/main/java/org/w3/_2000/_09/xmldsig_/DSAKeyValueType.java b/id/server/moa-id-jaxb_classes/src/main/java/org/w3/_2000/_09/xmldsig_/DSAKeyValueType.java
index f45c89656..f45c89656 100644
--- a/id/server/idserverlib/src/main/java/org/w3/_2000/_09/xmldsig_/DSAKeyValueType.java
+++ b/id/server/moa-id-jaxb_classes/src/main/java/org/w3/_2000/_09/xmldsig_/DSAKeyValueType.java
diff --git a/id/server/idserverlib/src/main/java/org/w3/_2000/_09/xmldsig_/DigestMethodType.java b/id/server/moa-id-jaxb_classes/src/main/java/org/w3/_2000/_09/xmldsig_/DigestMethodType.java
index 99f5f9c4c..99f5f9c4c 100644
--- a/id/server/idserverlib/src/main/java/org/w3/_2000/_09/xmldsig_/DigestMethodType.java
+++ b/id/server/moa-id-jaxb_classes/src/main/java/org/w3/_2000/_09/xmldsig_/DigestMethodType.java
diff --git a/id/server/idserverlib/src/main/java/org/w3/_2000/_09/xmldsig_/KeyInfoType.java b/id/server/moa-id-jaxb_classes/src/main/java/org/w3/_2000/_09/xmldsig_/KeyInfoType.java
index 9bedc2b80..9bedc2b80 100644
--- a/id/server/idserverlib/src/main/java/org/w3/_2000/_09/xmldsig_/KeyInfoType.java
+++ b/id/server/moa-id-jaxb_classes/src/main/java/org/w3/_2000/_09/xmldsig_/KeyInfoType.java
diff --git a/id/server/idserverlib/src/main/java/org/w3/_2000/_09/xmldsig_/KeyValueType.java b/id/server/moa-id-jaxb_classes/src/main/java/org/w3/_2000/_09/xmldsig_/KeyValueType.java
index cf12d02bf..cf12d02bf 100644
--- a/id/server/idserverlib/src/main/java/org/w3/_2000/_09/xmldsig_/KeyValueType.java
+++ b/id/server/moa-id-jaxb_classes/src/main/java/org/w3/_2000/_09/xmldsig_/KeyValueType.java
diff --git a/id/server/idserverlib/src/main/java/org/w3/_2000/_09/xmldsig_/ManifestType.java b/id/server/moa-id-jaxb_classes/src/main/java/org/w3/_2000/_09/xmldsig_/ManifestType.java
index a7fce9128..a7fce9128 100644
--- a/id/server/idserverlib/src/main/java/org/w3/_2000/_09/xmldsig_/ManifestType.java
+++ b/id/server/moa-id-jaxb_classes/src/main/java/org/w3/_2000/_09/xmldsig_/ManifestType.java
diff --git a/id/server/idserverlib/src/main/java/org/w3/_2000/_09/xmldsig_/ObjectFactory.java b/id/server/moa-id-jaxb_classes/src/main/java/org/w3/_2000/_09/xmldsig_/ObjectFactory.java
index 02a0cdfa9..02a0cdfa9 100644
--- a/id/server/idserverlib/src/main/java/org/w3/_2000/_09/xmldsig_/ObjectFactory.java
+++ b/id/server/moa-id-jaxb_classes/src/main/java/org/w3/_2000/_09/xmldsig_/ObjectFactory.java
diff --git a/id/server/idserverlib/src/main/java/org/w3/_2000/_09/xmldsig_/ObjectType.java b/id/server/moa-id-jaxb_classes/src/main/java/org/w3/_2000/_09/xmldsig_/ObjectType.java
index e91ef1247..e91ef1247 100644
--- a/id/server/idserverlib/src/main/java/org/w3/_2000/_09/xmldsig_/ObjectType.java
+++ b/id/server/moa-id-jaxb_classes/src/main/java/org/w3/_2000/_09/xmldsig_/ObjectType.java
diff --git a/id/server/idserverlib/src/main/java/org/w3/_2000/_09/xmldsig_/PGPDataType.java b/id/server/moa-id-jaxb_classes/src/main/java/org/w3/_2000/_09/xmldsig_/PGPDataType.java
index 586969889..586969889 100644
--- a/id/server/idserverlib/src/main/java/org/w3/_2000/_09/xmldsig_/PGPDataType.java
+++ b/id/server/moa-id-jaxb_classes/src/main/java/org/w3/_2000/_09/xmldsig_/PGPDataType.java
diff --git a/id/server/idserverlib/src/main/java/org/w3/_2000/_09/xmldsig_/RSAKeyValueType.java b/id/server/moa-id-jaxb_classes/src/main/java/org/w3/_2000/_09/xmldsig_/RSAKeyValueType.java
index 8f5fc2d7f..8f5fc2d7f 100644
--- a/id/server/idserverlib/src/main/java/org/w3/_2000/_09/xmldsig_/RSAKeyValueType.java
+++ b/id/server/moa-id-jaxb_classes/src/main/java/org/w3/_2000/_09/xmldsig_/RSAKeyValueType.java
diff --git a/id/server/idserverlib/src/main/java/org/w3/_2000/_09/xmldsig_/ReferenceType.java b/id/server/moa-id-jaxb_classes/src/main/java/org/w3/_2000/_09/xmldsig_/ReferenceType.java
index 2789fb0d4..2789fb0d4 100644
--- a/id/server/idserverlib/src/main/java/org/w3/_2000/_09/xmldsig_/ReferenceType.java
+++ b/id/server/moa-id-jaxb_classes/src/main/java/org/w3/_2000/_09/xmldsig_/ReferenceType.java
diff --git a/id/server/idserverlib/src/main/java/org/w3/_2000/_09/xmldsig_/RetrievalMethodType.java b/id/server/moa-id-jaxb_classes/src/main/java/org/w3/_2000/_09/xmldsig_/RetrievalMethodType.java
index 5eabf665a..5eabf665a 100644
--- a/id/server/idserverlib/src/main/java/org/w3/_2000/_09/xmldsig_/RetrievalMethodType.java
+++ b/id/server/moa-id-jaxb_classes/src/main/java/org/w3/_2000/_09/xmldsig_/RetrievalMethodType.java
diff --git a/id/server/idserverlib/src/main/java/org/w3/_2000/_09/xmldsig_/SPKIDataType.java b/id/server/moa-id-jaxb_classes/src/main/java/org/w3/_2000/_09/xmldsig_/SPKIDataType.java
index 385f0fa1a..385f0fa1a 100644
--- a/id/server/idserverlib/src/main/java/org/w3/_2000/_09/xmldsig_/SPKIDataType.java
+++ b/id/server/moa-id-jaxb_classes/src/main/java/org/w3/_2000/_09/xmldsig_/SPKIDataType.java
diff --git a/id/server/idserverlib/src/main/java/org/w3/_2000/_09/xmldsig_/SignatureMethodType.java b/id/server/moa-id-jaxb_classes/src/main/java/org/w3/_2000/_09/xmldsig_/SignatureMethodType.java
index 50bc849df..50bc849df 100644
--- a/id/server/idserverlib/src/main/java/org/w3/_2000/_09/xmldsig_/SignatureMethodType.java
+++ b/id/server/moa-id-jaxb_classes/src/main/java/org/w3/_2000/_09/xmldsig_/SignatureMethodType.java
diff --git a/id/server/idserverlib/src/main/java/org/w3/_2000/_09/xmldsig_/SignaturePropertiesType.java b/id/server/moa-id-jaxb_classes/src/main/java/org/w3/_2000/_09/xmldsig_/SignaturePropertiesType.java
index 6903605c2..6903605c2 100644
--- a/id/server/idserverlib/src/main/java/org/w3/_2000/_09/xmldsig_/SignaturePropertiesType.java
+++ b/id/server/moa-id-jaxb_classes/src/main/java/org/w3/_2000/_09/xmldsig_/SignaturePropertiesType.java
diff --git a/id/server/idserverlib/src/main/java/org/w3/_2000/_09/xmldsig_/SignaturePropertyType.java b/id/server/moa-id-jaxb_classes/src/main/java/org/w3/_2000/_09/xmldsig_/SignaturePropertyType.java
index 0c17a4ae0..0c17a4ae0 100644
--- a/id/server/idserverlib/src/main/java/org/w3/_2000/_09/xmldsig_/SignaturePropertyType.java
+++ b/id/server/moa-id-jaxb_classes/src/main/java/org/w3/_2000/_09/xmldsig_/SignaturePropertyType.java
diff --git a/id/server/idserverlib/src/main/java/org/w3/_2000/_09/xmldsig_/SignatureType.java b/id/server/moa-id-jaxb_classes/src/main/java/org/w3/_2000/_09/xmldsig_/SignatureType.java
index 86c249910..86c249910 100644
--- a/id/server/idserverlib/src/main/java/org/w3/_2000/_09/xmldsig_/SignatureType.java
+++ b/id/server/moa-id-jaxb_classes/src/main/java/org/w3/_2000/_09/xmldsig_/SignatureType.java
diff --git a/id/server/idserverlib/src/main/java/org/w3/_2000/_09/xmldsig_/SignatureValueType.java b/id/server/moa-id-jaxb_classes/src/main/java/org/w3/_2000/_09/xmldsig_/SignatureValueType.java
index dbeb621d5..dbeb621d5 100644
--- a/id/server/idserverlib/src/main/java/org/w3/_2000/_09/xmldsig_/SignatureValueType.java
+++ b/id/server/moa-id-jaxb_classes/src/main/java/org/w3/_2000/_09/xmldsig_/SignatureValueType.java
diff --git a/id/server/idserverlib/src/main/java/org/w3/_2000/_09/xmldsig_/SignedInfoType.java b/id/server/moa-id-jaxb_classes/src/main/java/org/w3/_2000/_09/xmldsig_/SignedInfoType.java
index 88ff5ed1a..88ff5ed1a 100644
--- a/id/server/idserverlib/src/main/java/org/w3/_2000/_09/xmldsig_/SignedInfoType.java
+++ b/id/server/moa-id-jaxb_classes/src/main/java/org/w3/_2000/_09/xmldsig_/SignedInfoType.java
diff --git a/id/server/idserverlib/src/main/java/org/w3/_2000/_09/xmldsig_/TransformType.java b/id/server/moa-id-jaxb_classes/src/main/java/org/w3/_2000/_09/xmldsig_/TransformType.java
index 865377939..865377939 100644
--- a/id/server/idserverlib/src/main/java/org/w3/_2000/_09/xmldsig_/TransformType.java
+++ b/id/server/moa-id-jaxb_classes/src/main/java/org/w3/_2000/_09/xmldsig_/TransformType.java
diff --git a/id/server/idserverlib/src/main/java/org/w3/_2000/_09/xmldsig_/TransformsType.java b/id/server/moa-id-jaxb_classes/src/main/java/org/w3/_2000/_09/xmldsig_/TransformsType.java
index 9e055f696..9e055f696 100644
--- a/id/server/idserverlib/src/main/java/org/w3/_2000/_09/xmldsig_/TransformsType.java
+++ b/id/server/moa-id-jaxb_classes/src/main/java/org/w3/_2000/_09/xmldsig_/TransformsType.java
diff --git a/id/server/idserverlib/src/main/java/org/w3/_2000/_09/xmldsig_/X509DataType.java b/id/server/moa-id-jaxb_classes/src/main/java/org/w3/_2000/_09/xmldsig_/X509DataType.java
index 1e665277a..1e665277a 100644
--- a/id/server/idserverlib/src/main/java/org/w3/_2000/_09/xmldsig_/X509DataType.java
+++ b/id/server/moa-id-jaxb_classes/src/main/java/org/w3/_2000/_09/xmldsig_/X509DataType.java
diff --git a/id/server/idserverlib/src/main/java/org/w3/_2000/_09/xmldsig_/X509IssuerSerialType.java b/id/server/moa-id-jaxb_classes/src/main/java/org/w3/_2000/_09/xmldsig_/X509IssuerSerialType.java
index 951840456..951840456 100644
--- a/id/server/idserverlib/src/main/java/org/w3/_2000/_09/xmldsig_/X509IssuerSerialType.java
+++ b/id/server/moa-id-jaxb_classes/src/main/java/org/w3/_2000/_09/xmldsig_/X509IssuerSerialType.java
diff --git a/id/server/idserverlib/src/main/java/org/w3/_2000/_09/xmldsig_/package-info.java b/id/server/moa-id-jaxb_classes/src/main/java/org/w3/_2000/_09/xmldsig_/package-info.java
index 43fe7bcc9..43fe7bcc9 100644
--- a/id/server/idserverlib/src/main/java/org/w3/_2000/_09/xmldsig_/package-info.java
+++ b/id/server/moa-id-jaxb_classes/src/main/java/org/w3/_2000/_09/xmldsig_/package-info.java
diff --git a/id/server/moa-id-spring-initializer/src/main/java/at/gv/egovernment/moa/id/auth/MOAContextCloseHandler.java b/id/server/moa-id-spring-initializer/src/main/java/at/gv/egovernment/moa/id/auth/MOAContextCloseHandler.java
new file mode 100644
index 000000000..f99013082
--- /dev/null
+++ b/id/server/moa-id-spring-initializer/src/main/java/at/gv/egovernment/moa/id/auth/MOAContextCloseHandler.java
@@ -0,0 +1,166 @@
+/*
+ * Copyright 2014 Federal Chancellery Austria
+ * MOA-ID has been developed in a cooperation between BRZ, the Federal
+ * Chancellery Austria - ICT staff unit, and Graz University of Technology.
+ *
+ * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by
+ * the European Commission - subsequent versions of the EUPL (the "Licence");
+ * You may not use this work except in compliance with the Licence.
+ * You may obtain a copy of the Licence at:
+ * http://www.osor.eu/eupl/
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the Licence is distributed on an "AS IS" basis,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the Licence for the specific language governing permissions and
+ * limitations under the Licence.
+ *
+ * This product combines work with different licenses. See the "NOTICE" text
+ * file for details on the various modules and licenses.
+ * The "NOTICE" text file is part of the distribution. Any derivative works
+ * that you distribute must include a readable copy of the "NOTICE" text file.
+ */
+package at.gv.egovernment.moa.id.auth;
+
+import java.util.Iterator;
+import java.util.Map;
+import java.util.Map.Entry;
+import java.util.concurrent.TimeUnit;
+
+import org.springframework.beans.BeansException;
+import org.springframework.beans.factory.config.BeanPostProcessor;
+import org.springframework.context.ApplicationContext;
+import org.springframework.context.ApplicationContextAware;
+import org.springframework.context.ApplicationListener;
+import org.springframework.context.event.ContextClosedEvent;
+import org.springframework.scheduling.concurrent.ThreadPoolTaskExecutor;
+import org.springframework.scheduling.concurrent.ThreadPoolTaskScheduler;
+import org.springframework.stereotype.Component;
+
+import at.gv.egovernment.moa.logging.Logger;
+
+/**
+ * @author tlenz
+ *
+ */
+@Component
+public class MOAContextCloseHandler implements ApplicationListener<ContextClosedEvent>, ApplicationContextAware, BeanPostProcessor {
+
+ private ApplicationContext context;
+
+ /* (non-Javadoc)
+ * @see org.springframework.context.ApplicationListener#onApplicationEvent(org.springframework.context.ApplicationEvent)
+ */
+ @Override
+ public void onApplicationEvent(ContextClosedEvent arg0) {
+ Logger.info("MOA-ID-Auth shutdown process started ...");
+
+ try {
+ Logger.debug("CleanUp objects with implements the IDestroyable interface ... ");
+ Map<String, IDestroyableObject> objectsToDestroy = context.getBeansOfType(IDestroyableObject.class);
+ if (objectsToDestroy != null) {
+ Iterator<Entry<String, IDestroyableObject>> interator =
+ objectsToDestroy.entrySet().iterator();
+ while (interator.hasNext()) {
+ Entry<String, IDestroyableObject> object = interator.next();
+ try {
+ object.getValue().fullyDestroy();
+ Logger.debug("Object with ID:" + object.getKey() + " is destroyed");
+
+ } catch (Exception e) {
+ Logger.warn("Destroing object with ID:" + object.getKey() + " FAILED!", e);
+
+ }
+ }
+ }
+ Logger.info("Object cleanUp complete");
+
+ Logger.debug("Stopping Spring Thread-Pools ... ");
+ //shut-down task schedulers
+ Map<String, ThreadPoolTaskScheduler> schedulers = context.getBeansOfType(ThreadPoolTaskScheduler.class);
+ for (ThreadPoolTaskScheduler scheduler : schedulers.values()) {
+ scheduler.getScheduledExecutor().shutdown();
+ try {
+ scheduler.getScheduledExecutor().awaitTermination(20000, TimeUnit.MILLISECONDS);
+ if(scheduler.getScheduledExecutor().isTerminated() || scheduler.getScheduledExecutor().isShutdown())
+ Logger.debug("Scheduler "+scheduler.getThreadNamePrefix() + " has stoped");
+ else{
+ Logger.debug("Scheduler "+scheduler.getThreadNamePrefix() + " has not stoped normally and will be shut down immediately");
+ scheduler.getScheduledExecutor().shutdownNow();
+ Logger.info("Scheduler "+scheduler.getThreadNamePrefix() + " has shut down immediately");
+ }
+ } catch (IllegalStateException e) {
+ e.printStackTrace();
+ } catch (InterruptedException e) {
+ e.printStackTrace();
+
+ } finally {
+ scheduler.shutdown();
+
+ }
+ }
+
+ //shut-down task executors
+ Map<String, ThreadPoolTaskExecutor> executers = context.getBeansOfType(ThreadPoolTaskExecutor.class);
+ for (ThreadPoolTaskExecutor executor: executers.values()) {
+ int retryCount = 0;
+ while(executor.getActiveCount()>0 && ++retryCount<51){
+ try {
+ Logger.debug("Executer "+executor.getThreadNamePrefix()+" is still working with active " + executor.getActiveCount()+" work. Retry count is "+retryCount);
+ Thread.sleep(1000);
+ } catch (InterruptedException e) {
+ e.printStackTrace();
+ }
+ }
+ if(!(retryCount<51))
+ Logger.debug("Executer "+executor.getThreadNamePrefix()+" is still working.Since Retry count exceeded max value "+retryCount+", will be killed immediately");
+ executor.shutdown();
+ Logger.debug("Executer "+executor.getThreadNamePrefix()+" with active " + executor.getActiveCount()+" work has killed");
+ }
+
+ Logger.debug("Spring Thread-Pools stopped");
+
+ Logger.info("MOA-ID-Auth shutdown process finished");
+
+ } catch (Exception e) {
+ Logger.warn("MOA-ID-Auth shutdown process has an error.", e);
+
+ }
+
+ //System.exit(0);
+ //Thread.currentThread().interrupt();
+
+ }
+
+ /* (non-Javadoc)
+ * @see org.springframework.beans.factory.config.BeanPostProcessor#postProcessAfterInitialization(java.lang.Object, java.lang.String)
+ */
+ @Override
+ public Object postProcessAfterInitialization(Object arg0, String arg1) throws BeansException {
+ if(arg0 instanceof ThreadPoolTaskScheduler)
+ ((ThreadPoolTaskScheduler)arg0).setWaitForTasksToCompleteOnShutdown(true);
+ if(arg0 instanceof ThreadPoolTaskExecutor)
+ ((ThreadPoolTaskExecutor)arg0).setWaitForTasksToCompleteOnShutdown(true);
+ return arg0;
+
+ }
+
+ /* (non-Javadoc)
+ * @see org.springframework.beans.factory.config.BeanPostProcessor#postProcessBeforeInitialization(java.lang.Object, java.lang.String)
+ */
+ @Override
+ public Object postProcessBeforeInitialization(Object arg0, String arg1) throws BeansException {
+ return arg0;
+
+ }
+
+ /* (non-Javadoc)
+ * @see org.springframework.context.ApplicationContextAware#setApplicationContext(org.springframework.context.ApplicationContext)
+ */
+ @Override
+ public void setApplicationContext(ApplicationContext arg0) throws BeansException {
+ this.context = arg0;
+
+ }
+
+}
diff --git a/id/server/moa-id-spring-initializer/src/main/java/at/gv/egovernment/moa/id/auth/MOAIDAuthSpringInitializer.java b/id/server/moa-id-spring-initializer/src/main/java/at/gv/egovernment/moa/id/auth/MOAIDAuthSpringInitializer.java
index 327d659ec..07ba6a89e 100644
--- a/id/server/moa-id-spring-initializer/src/main/java/at/gv/egovernment/moa/id/auth/MOAIDAuthSpringInitializer.java
+++ b/id/server/moa-id-spring-initializer/src/main/java/at/gv/egovernment/moa/id/auth/MOAIDAuthSpringInitializer.java
@@ -7,6 +7,8 @@ import javax.servlet.ServletRegistration;
import org.springframework.beans.factory.config.BeanDefinition;
import org.springframework.beans.factory.support.BeanDefinitionRegistry;
import org.springframework.beans.factory.xml.XmlBeanDefinitionReader;
+import org.springframework.context.ApplicationContext;
+import org.springframework.context.support.ClassPathXmlApplicationContext;
import org.springframework.context.support.GenericApplicationContext;
import org.springframework.core.io.ClassPathResource;
import org.springframework.web.WebApplicationInitializer;
@@ -17,6 +19,7 @@ import org.springframework.web.context.support.ServletContextResource;
import org.springframework.web.servlet.DispatcherServlet;
import at.gv.egiz.components.spring.api.SpringLoader;
+import at.gv.egovernment.moa.id.commons.api.ConfigurationProvider;
import at.gv.egovernment.moa.id.commons.utils.MOAIDMessageProvider;
import at.gv.egovernment.moa.logging.Logger;
@@ -50,16 +53,35 @@ public class MOAIDAuthSpringInitializer implements WebApplicationInitializer {
@Override
public void onStartup(ServletContext servletContext) throws ServletException {
try {
+ Logger.info("=============== Loading Config Root Context! ===============");
+ ApplicationContext cfgRootContext =
+ new ClassPathXmlApplicationContext(new String[] {
+ "/moaid.configuration.beans.xml",
+ "/configuration.beans.xml"});
+
+
Logger.info("=============== Loading Root Context! ===============");
GenericWebApplicationContext rootContext = new GenericWebApplicationContext();
rootContext.setServletContext(servletContext);
+ rootContext.setParent(cfgRootContext);
+ ConfigurationProvider moaidconfig = (ConfigurationProvider) cfgRootContext.getBean("moaidauthconfig");
+ String[] springProfiles = moaidconfig.getActiveProfiles();
+
+
+
Logger.info("=============== Setting active profiles! ===============");
if (this.activeProfiles != null) {
for (String profile : this.activeProfiles) {
rootContext.getEnvironment().addActiveProfile(profile);
}
}
+
+ if (springProfiles != null) {
+ for (String profile : springProfiles) {
+ rootContext.getEnvironment().addActiveProfile(profile);
+ }
+ }
Logger.info("=============== Loading Local Contexts! ===============");
XmlBeanDefinitionReader xmlReader = new XmlBeanDefinitionReader(
@@ -76,7 +98,7 @@ public class MOAIDAuthSpringInitializer implements WebApplicationInitializer {
// logger.debug("Beans after logAMQP in {}", rootContext);
// dumpBeanDefinitions(rootContext);
-
+
Logger.info("=============== Loading SPI Context! ===============");
// logger.debug("Startup with context {}", rootContext);
if (rootContext instanceof BeanDefinitionRegistry) {
diff --git a/id/server/moa-id-spring-initializer/src/main/java/at/gv/egovernment/moa/id/auth/MOAIDAuthSpringResourceProvider.java b/id/server/moa-id-spring-initializer/src/main/java/at/gv/egovernment/moa/id/auth/MOAIDAuthSpringResourceProvider.java
index def32e144..565e1cccd 100644
--- a/id/server/moa-id-spring-initializer/src/main/java/at/gv/egovernment/moa/id/auth/MOAIDAuthSpringResourceProvider.java
+++ b/id/server/moa-id-spring-initializer/src/main/java/at/gv/egovernment/moa/id/auth/MOAIDAuthSpringResourceProvider.java
@@ -38,11 +38,12 @@ public class MOAIDAuthSpringResourceProvider implements SpringResourceProvider {
*/
@Override
public Resource[] getResourcesToLoad() {
- ClassPathResource moaidauthConfig = new ClassPathResource("/moaid.configuration.beans.xml", MOAIDAuthInitializer.class);
- ClassPathResource configurationDBConfig = new ClassPathResource("/configuration.beans.xml", MOAIDAuthInitializer.class);
- ClassPathResource moaIdAuthBeans = new ClassPathResource("/moaid.authentication.beans.xml", MOAIDAuthInitializer.class);
-
- return new Resource[] {configurationDBConfig, moaidauthConfig, moaIdAuthBeans};
+ ClassPathResource moaIdAuthBeans = new ClassPathResource("/moaid.authentication.beans.xml", MOAIDAuthInitializer.class);
+ ClassPathResource moaSessionCommonBeans = new ClassPathResource("/session.common.beans.xml", MOAIDAuthInitializer.class);
+ ClassPathResource moaSessionDBBeans = new ClassPathResource("/session.db.beans.xml", MOAIDAuthInitializer.class);
+ ClassPathResource moaSessionRedisBeans = new ClassPathResource("/session.redis.beans.xml", MOAIDAuthInitializer.class);
+ ClassPathResource configurationStatisticLog = new ClassPathResource("/statistic.logging.beans.xml", MOAIDAuthInitializer.class);
+ return new Resource[] {configurationStatisticLog, moaIdAuthBeans, moaSessionDBBeans, moaSessionRedisBeans, moaSessionCommonBeans};
}
diff --git a/id/server/moa-id-spring-initializer/src/main/resources/applicationContext.xml b/id/server/moa-id-spring-initializer/src/main/resources/applicationContext.xml
index ae38c836e..2c53d55b9 100644
--- a/id/server/moa-id-spring-initializer/src/main/resources/applicationContext.xml
+++ b/id/server/moa-id-spring-initializer/src/main/resources/applicationContext.xml
@@ -27,5 +27,8 @@
<bean class="at.gv.egovernment.moa.id.auth.servlet.interceptor.UniqueSessionIdentifierInterceptor" />
</mvc:interceptors>
+ <bean id="MOAIDContextCloseHandler"
+ class="at.gv.egovernment.moa.id.auth.MOAContextCloseHandler"/>
+
</beans>
diff --git a/id/server/modules/moa-id-modul-citizencard_authentication/pom.xml b/id/server/modules/moa-id-modul-citizencard_authentication/pom.xml
index f2403a62e..e5b38f9b6 100644
--- a/id/server/modules/moa-id-modul-citizencard_authentication/pom.xml
+++ b/id/server/modules/moa-id-modul-citizencard_authentication/pom.xml
@@ -23,6 +23,13 @@
</dependency>
<dependency>
+ <groupId>iaik.prod</groupId>
+ <artifactId>iaik_ixsil</artifactId>
+ <version>1.2.2.5</version>
+ <scope>test</scope>
+ </dependency>
+
+ <dependency>
<groupId>MOA.id.server</groupId>
<artifactId>moa-id-commons</artifactId>
<type>test-jar</type>
diff --git a/id/server/modules/moa-id-modul-citizencard_authentication/src/main/java/at/gv/egovernment/moa/id/auth/AuthenticationServer.java b/id/server/modules/moa-id-modul-citizencard_authentication/src/main/java/at/gv/egovernment/moa/id/auth/AuthenticationServer.java
index f5000581c..66161e508 100644
--- a/id/server/modules/moa-id-modul-citizencard_authentication/src/main/java/at/gv/egovernment/moa/id/auth/AuthenticationServer.java
+++ b/id/server/modules/moa-id-modul-citizencard_authentication/src/main/java/at/gv/egovernment/moa/id/auth/AuthenticationServer.java
@@ -36,9 +36,7 @@ import at.gv.egovernment.moa.id.auth.builder.InfoboxReadRequestBuilder;
import at.gv.egovernment.moa.id.auth.builder.VerifyXMLSignatureRequestBuilder;
import at.gv.egovernment.moa.id.auth.data.AuthenticationSession;
import at.gv.egovernment.moa.id.auth.data.CreateXMLSignatureResponse;
-import at.gv.egovernment.moa.id.auth.data.ExtendedSAMLAttribute;
import at.gv.egovernment.moa.id.auth.data.ExtendedSAMLAttributeImpl;
-import at.gv.egovernment.moa.id.auth.data.IdentityLink;
import at.gv.egovernment.moa.id.auth.data.VerifyXMLSignatureResponse;
import at.gv.egovernment.moa.id.auth.exception.AuthenticationException;
import at.gv.egovernment.moa.id.auth.exception.BKUException;
@@ -60,12 +58,15 @@ import at.gv.egovernment.moa.id.commons.MOAIDAuthConstants;
import at.gv.egovernment.moa.id.commons.api.AuthConfiguration;
import at.gv.egovernment.moa.id.commons.api.IOAAuthParameters;
import at.gv.egovernment.moa.id.commons.api.IRequest;
+import at.gv.egovernment.moa.id.commons.api.data.ExtendedSAMLAttribute;
+import at.gv.egovernment.moa.id.commons.api.data.IAuthenticationSession;
+import at.gv.egovernment.moa.id.commons.api.data.IIdentityLink;
+import at.gv.egovernment.moa.id.commons.api.data.IMISMandate;
+import at.gv.egovernment.moa.id.commons.api.data.IVerifiyXMLSignatureResponse;
import at.gv.egovernment.moa.id.commons.api.exceptions.ConfigurationException;
import at.gv.egovernment.moa.id.commons.api.exceptions.MOAIDException;
-import at.gv.egovernment.moa.id.data.MISMandate;
import at.gv.egovernment.moa.id.protocols.pvp2x.PVPConstants;
import at.gv.egovernment.moa.id.util.XMLUtil;
-import at.gv.egovernment.moa.logging.LogMsg;
import at.gv.egovernment.moa.logging.Logger;
import at.gv.egovernment.moa.util.Constants;
import at.gv.egovernment.moa.util.DOMUtils;
@@ -73,6 +74,7 @@ import at.gv.egovernment.moa.util.DateTimeUtils;
import at.gv.egovernment.moa.util.FileUtils;
import at.gv.egovernment.moa.util.MiscUtil;
import at.gv.egovernment.moa.util.StringUtils;
+import at.gv.egovernment.moaspss.logging.LogMsg;
import iaik.asn1.ObjectID;
import iaik.x509.X509Certificate;
import iaik.x509.X509ExtensionInitException;
@@ -134,7 +136,7 @@ public class AuthenticationServer extends BaseAuthenticationServer {
* @see GetIdentityLinkFormBuilder
* @see InfoboxReadRequestBuilder
*/
- public String startAuthentication(AuthenticationSession session, HttpServletRequest req, IRequest pendingReq) throws WrongParametersException,
+ public String startAuthentication(IAuthenticationSession session, HttpServletRequest req, IRequest pendingReq) throws WrongParametersException,
AuthenticationException, ConfigurationException, BuildException {
if (session == null) {
@@ -246,7 +248,7 @@ public class AuthenticationServer extends BaseAuthenticationServer {
* link results in an Exception being thrown.
* @throws BKUException
*/
- public String verifyIdentityLink(IRequest pendingReq, AuthenticationSession session,
+ public String verifyIdentityLink(IRequest pendingReq, IAuthenticationSession session,
Map<String, String> infoboxReadResponseParameters) throws AuthenticationException,
BuildException, ParseException, ConfigurationException,
ValidateException, ServiceException, BKUException {
@@ -285,7 +287,7 @@ public class AuthenticationServer extends BaseAuthenticationServer {
}
// parses the <InfoboxReadResponse>
- IdentityLink identityLink = new InfoboxReadResponseParser(
+ IIdentityLink identityLink = new InfoboxReadResponseParser(
xmlInfoboxReadResponse).parseIdentityLink();
// validates the identity link
IdentityLinkValidator.getInstance().validate(identityLink);
@@ -298,7 +300,7 @@ public class AuthenticationServer extends BaseAuthenticationServer {
Element domVerifyXMLSignatureResponse = SignatureVerificationInvoker.getInstance()
.verifyXMLSignature(domVerifyXMLSignatureRequest);
// parses the <VerifyXMLSignatureResponse>
- VerifyXMLSignatureResponse verifyXMLSignatureResponse = new VerifyXMLSignatureResponseParser(
+ IVerifiyXMLSignatureResponse verifyXMLSignatureResponse = new VerifyXMLSignatureResponseParser(
domVerifyXMLSignatureResponse).parseData();
IOAAuthParameters oaParam = pendingReq.getOnlineApplicationConfiguration();
@@ -346,7 +348,7 @@ public class AuthenticationServer extends BaseAuthenticationServer {
* @return String representation of the
* <code>&lt;CreateXMLSignatureRequest&gt;</code>
*/
- public void verifyCertificate(AuthenticationSession session,
+ public void verifyCertificate(IAuthenticationSession session,
X509Certificate certificate, IRequest pendingReq) throws AuthenticationException,
BuildException, ParseException, ConfigurationException,
ValidateException, ServiceException, MOAIDException {
@@ -387,7 +389,7 @@ public class AuthenticationServer extends BaseAuthenticationServer {
* @return String representation of the
* <code>&lt;CreateXMLSignatureRequest&gt;</code>
*/
- public void verifyMandate(IRequest pendingReq, AuthenticationSession session, MISMandate mandate)
+ public void verifyMandate(IRequest pendingReq, IAuthenticationSession session, IMISMandate mandate)
throws AuthenticationException, BuildException, ParseException,
ConfigurationException, ValidateException, ServiceException {
@@ -429,7 +431,7 @@ public class AuthenticationServer extends BaseAuthenticationServer {
* @throws ValidateException
*/
public String getCreateXMLSignatureRequestAuthBlockOrRedirect(
- AuthenticationSession session, IRequest pendingReq) throws ConfigurationException,
+ IAuthenticationSession session, IRequest pendingReq) throws ConfigurationException,
BuildException, ValidateException {
IOAAuthParameters oaParam = pendingReq.getOnlineApplicationConfiguration();
@@ -522,10 +524,10 @@ public class AuthenticationServer extends BaseAuthenticationServer {
* @throws BuildException If an error occurs on serializing an extended SAML attribute
* to be appended to the AUTH-Block.
*/
- private String buildAuthenticationBlock(AuthenticationSession session,
+ private String buildAuthenticationBlock(IAuthenticationSession session,
IOAAuthParameters oaParam, IRequest pendingReq) throws BuildException {
- IdentityLink identityLink = session.getIdentityLink();
+ IIdentityLink identityLink = session.getIdentityLink();
String issuer = identityLink.getName();
String gebDat = identityLink.getDateOfBirth();
@@ -583,28 +585,32 @@ public class AuthenticationServer extends BaseAuthenticationServer {
List<ExtendedSAMLAttribute> extendedSAMLAttributes = session.getExtendedSAMLAttributesAUTH();
-
+ String authBlock = null;
if (pendingReq.needSingleSignOnFunctionality()) {
String oaURL = pendingReq.getAuthURL();
if (MiscUtil.isNotEmpty(oaURL))
oaURL = oaURL.replaceAll("&", "&amp;");
- String authBlock = new AuthenticationBlockAssertionBuilder()
- .buildAuthBlockSSO(issuer, issueInstant, authURL, requestedTarget,
- targetFriendlyName, identificationValue,
- identificationType, oaURL, gebDat,
- extendedSAMLAttributes, session, oaParam);
- return authBlock;
+ authBlock = new AuthenticationBlockAssertionBuilder()
+ .buildAuthBlockSSO(issuer, issueInstant, authURL, requestedTarget,
+ targetFriendlyName, identificationValue,
+ identificationType, oaURL, gebDat,
+ extendedSAMLAttributes, session, oaParam);
+
} else {
String oaURL = oaParam.getPublicURLPrefix().replaceAll("&", "&amp;");
- String authBlock = new AuthenticationBlockAssertionBuilder()
- .buildAuthBlock(issuer, issueInstant, authURL, requestedTarget,
- targetFriendlyName, identificationValue,
- identificationType, oaURL, gebDat,
- extendedSAMLAttributes, session, oaParam);
- return authBlock;
+ authBlock = new AuthenticationBlockAssertionBuilder()
+ .buildAuthBlock(issuer, issueInstant, authURL, requestedTarget,
+ targetFriendlyName, identificationValue,
+ identificationType, oaURL, gebDat,
+ extendedSAMLAttributes, session, oaParam);
+
}
+
+ session.setExtendedSAMLAttributesAUTH(extendedSAMLAttributes);
+ return authBlock;
+
}
@@ -622,7 +628,7 @@ public class AuthenticationServer extends BaseAuthenticationServer {
* @throws SAXException
*/
private void validateExtendedSAMLAttributeForMandates(
- AuthenticationSession session, MISMandate mandate,
+ IAuthenticationSession session, IMISMandate mandate,
boolean business)
throws ValidateException, ConfigurationException, SAXException,
IOException, ParserConfigurationException, TransformerException {
@@ -654,7 +660,7 @@ public class AuthenticationServer extends BaseAuthenticationServer {
* @throws SAXException
*/
private void setExtendedSAMLAttributeForMandatesOID(
- AuthenticationSession session, MISMandate mandate, boolean business)
+ IAuthenticationSession session, IMISMandate mandate, boolean business)
throws ValidateException, ConfigurationException, SAXException,
IOException, ParserConfigurationException, TransformerException {
@@ -677,7 +683,7 @@ public class AuthenticationServer extends BaseAuthenticationServer {
* @param friendlyNam The friendly name of the infobox for debug purposes
*/
private static void AddAdditionalSAMLAttributes(
- AuthenticationSession session,
+ IAuthenticationSession session,
ExtendedSAMLAttribute[] extendedSAMLAttributes, String identifier,
String friendlyName) throws ValidateException {
if (extendedSAMLAttributes == null)
@@ -745,7 +751,7 @@ public class AuthenticationServer extends BaseAuthenticationServer {
*/
protected static ExtendedSAMLAttribute[] addExtendedSamlAttributes(
- MISMandate mandate, boolean business, boolean provideStammzahl)
+ IMISMandate mandate, boolean business, boolean provideStammzahl)
throws SAXException, IOException, ParserConfigurationException,
TransformerException {
Vector<ExtendedSAMLAttribute> extendedSamlAttributes = new Vector<ExtendedSAMLAttribute>();
@@ -811,7 +817,7 @@ public class AuthenticationServer extends BaseAuthenticationServer {
* @throws TransformerException
*/
private static ExtendedSAMLAttribute[] addExtendedSamlAttributesOID(
- MISMandate mandate, boolean business) throws SAXException,
+ IMISMandate mandate, boolean business) throws SAXException,
IOException, ParserConfigurationException, TransformerException {
Vector<ExtendedSAMLAttribute> extendedSamlAttributes = new Vector<ExtendedSAMLAttribute>();
@@ -855,7 +861,7 @@ public class AuthenticationServer extends BaseAuthenticationServer {
* @throws IOException
* @throws SAXException
*/
- private static Element mandateToElement(MISMandate mandate)
+ private static Element mandateToElement(IMISMandate mandate)
throws SAXException, IOException, ParserConfigurationException {
ByteArrayInputStream bais = new ByteArrayInputStream(mandate
.getMandate());
@@ -910,7 +916,7 @@ public class AuthenticationServer extends BaseAuthenticationServer {
* BASE64</strike><br/>New id of the authenticated MOA session or {@code null} in case of mandate mode (???)
* @throws BKUException
*/
- public void verifyAuthenticationBlock(IRequest pendingReq, AuthenticationSession session,
+ public void verifyAuthenticationBlock(IRequest pendingReq, IAuthenticationSession session,
String xmlCreateXMLSignatureReadResponse)
throws AuthenticationException, BuildException, ParseException,
ConfigurationException, ServiceException, ValidateException, BKUException {
@@ -958,7 +964,7 @@ public class AuthenticationServer extends BaseAuthenticationServer {
domVsresp = SignatureVerificationInvoker.getInstance().verifyXMLSignature(domVsreq);
// parses the <VerifyXMLSignatureResponse>
- VerifyXMLSignatureResponse vsresp = new VerifyXMLSignatureResponseParser(
+ IVerifiyXMLSignatureResponse vsresp = new VerifyXMLSignatureResponseParser(
domVsresp).parseData();
if (Logger.isTraceEnabled()) {
@@ -1103,14 +1109,14 @@ public class AuthenticationServer extends BaseAuthenticationServer {
* @param sessionID session ID of the running authentication session
* @return String "new Session"
*/
- public void getForeignAuthenticationData(AuthenticationSession session)
+ public void getForeignAuthenticationData(IAuthenticationSession session)
throws AuthenticationException, BuildException, ParseException,
ConfigurationException, ServiceException, ValidateException {
if (session == null)
throw new AuthenticationException("auth.10", new Object[]{
REQ_VERIFY_AUTH_BLOCK, PARAM_SESSIONID});
- VerifyXMLSignatureResponse vsresp = new VerifyXMLSignatureResponse();
+ IVerifiyXMLSignatureResponse vsresp = new VerifyXMLSignatureResponse();
X509Certificate cert = session.getSignerCertificate();
vsresp.setX509certificate(cert);
diff --git a/id/server/modules/moa-id-modul-citizencard_authentication/src/main/java/at/gv/egovernment/moa/id/auth/builder/AuthenticationAssertionBuilder.java b/id/server/modules/moa-id-modul-citizencard_authentication/src/main/java/at/gv/egovernment/moa/id/auth/builder/AuthenticationAssertionBuilder.java
index 89f42ab7d..9a807ca00 100644
--- a/id/server/modules/moa-id-modul-citizencard_authentication/src/main/java/at/gv/egovernment/moa/id/auth/builder/AuthenticationAssertionBuilder.java
+++ b/id/server/modules/moa-id-modul-citizencard_authentication/src/main/java/at/gv/egovernment/moa/id/auth/builder/AuthenticationAssertionBuilder.java
@@ -31,8 +31,8 @@ import javax.xml.transform.TransformerException;
import org.w3c.dom.Element;
-import at.gv.egovernment.moa.id.auth.data.ExtendedSAMLAttribute;
import at.gv.egovernment.moa.id.auth.exception.ParseException;
+import at.gv.egovernment.moa.id.commons.api.data.ExtendedSAMLAttribute;
import at.gv.egovernment.moa.logging.Logger;
import at.gv.egovernment.moa.util.DOMUtils;
import at.gv.egovernment.moa.util.StringUtils;
diff --git a/id/server/modules/moa-id-modul-citizencard_authentication/src/main/java/at/gv/egovernment/moa/id/auth/builder/AuthenticationBlockAssertionBuilder.java b/id/server/modules/moa-id-modul-citizencard_authentication/src/main/java/at/gv/egovernment/moa/id/auth/builder/AuthenticationBlockAssertionBuilder.java
index e51700111..ecc91991e 100644
--- a/id/server/modules/moa-id-modul-citizencard_authentication/src/main/java/at/gv/egovernment/moa/id/auth/builder/AuthenticationBlockAssertionBuilder.java
+++ b/id/server/modules/moa-id-modul-citizencard_authentication/src/main/java/at/gv/egovernment/moa/id/auth/builder/AuthenticationBlockAssertionBuilder.java
@@ -43,12 +43,12 @@ import javax.xml.transform.stream.StreamResult;
import org.w3c.dom.Element;
import org.w3c.dom.Node;
-import at.gv.egovernment.moa.id.auth.data.AuthenticationSession;
-import at.gv.egovernment.moa.id.auth.data.ExtendedSAMLAttribute;
import at.gv.egovernment.moa.id.auth.data.ExtendedSAMLAttributeImpl;
import at.gv.egovernment.moa.id.auth.exception.BuildException;
import at.gv.egovernment.moa.id.auth.exception.ParseException;
import at.gv.egovernment.moa.id.commons.api.IOAAuthParameters;
+import at.gv.egovernment.moa.id.commons.api.data.ExtendedSAMLAttribute;
+import at.gv.egovernment.moa.id.commons.api.data.IAuthenticationSession;
import at.gv.egovernment.moa.id.commons.api.exceptions.ConfigurationException;
import at.gv.egovernment.moa.id.config.TargetToSectorNameMapper;
import at.gv.egovernment.moa.id.config.auth.AuthConfigurationProviderFactory;
@@ -173,7 +173,7 @@ public class AuthenticationBlockAssertionBuilder extends AuthenticationAssertion
String oaURL,
String gebDat,
List<ExtendedSAMLAttribute> extendedSAMLAttributes,
- AuthenticationSession session,
+ IAuthenticationSession session,
IOAAuthParameters oaParam)
throws BuildException
@@ -339,7 +339,7 @@ public class AuthenticationBlockAssertionBuilder extends AuthenticationAssertion
String oaURL,
String gebDat,
List<ExtendedSAMLAttribute> extendedSAMLAttributes,
- AuthenticationSession session,
+ IAuthenticationSession session,
IOAAuthParameters oaParam)
throws BuildException
{
@@ -479,7 +479,7 @@ public class AuthenticationBlockAssertionBuilder extends AuthenticationAssertion
String oaURL,
String gebDat,
List<ExtendedSAMLAttribute> extendedSAMLAttributes,
- AuthenticationSession session,
+ IAuthenticationSession session,
IOAAuthParameters oaParam)
throws BuildException
{
diff --git a/id/server/modules/moa-id-modul-citizencard_authentication/src/main/java/at/gv/egovernment/moa/id/auth/builder/PersonDataBuilder.java b/id/server/modules/moa-id-modul-citizencard_authentication/src/main/java/at/gv/egovernment/moa/id/auth/builder/PersonDataBuilder.java
index 333d8680c..9dcc93e9f 100644
--- a/id/server/modules/moa-id-modul-citizencard_authentication/src/main/java/at/gv/egovernment/moa/id/auth/builder/PersonDataBuilder.java
+++ b/id/server/modules/moa-id-modul-citizencard_authentication/src/main/java/at/gv/egovernment/moa/id/auth/builder/PersonDataBuilder.java
@@ -49,8 +49,8 @@ package at.gv.egovernment.moa.id.auth.builder;
import org.w3c.dom.Element;
import org.w3c.dom.Node;
-import at.gv.egovernment.moa.id.auth.data.IdentityLink;
import at.gv.egovernment.moa.id.auth.exception.BuildException;
+import at.gv.egovernment.moa.id.commons.api.data.IIdentityLink;
import at.gv.egovernment.moa.util.DOMUtils;
import at.gv.egovernment.moa.util.XPathUtils;
@@ -82,7 +82,7 @@ public class PersonDataBuilder {
* @return the <code>&lt;pr:Person&gt;</code> element as a String
* @throws BuildException on any error
*/
- public String build(IdentityLink identityLink, boolean provideStammzahl)
+ public String build(IIdentityLink identityLink, boolean provideStammzahl)
throws BuildException {
try {
diff --git a/id/server/modules/moa-id-modul-citizencard_authentication/src/main/java/at/gv/egovernment/moa/id/auth/builder/VerifyXMLSignatureRequestBuilder.java b/id/server/modules/moa-id-modul-citizencard_authentication/src/main/java/at/gv/egovernment/moa/id/auth/builder/VerifyXMLSignatureRequestBuilder.java
index d2ea53011..e6adcf159 100644
--- a/id/server/modules/moa-id-modul-citizencard_authentication/src/main/java/at/gv/egovernment/moa/id/auth/builder/VerifyXMLSignatureRequestBuilder.java
+++ b/id/server/modules/moa-id-modul-citizencard_authentication/src/main/java/at/gv/egovernment/moa/id/auth/builder/VerifyXMLSignatureRequestBuilder.java
@@ -56,9 +56,9 @@ import org.w3c.dom.Element;
import org.w3c.dom.Node;
import at.gv.egovernment.moa.id.auth.data.CreateXMLSignatureResponse;
-import at.gv.egovernment.moa.id.auth.data.IdentityLink;
import at.gv.egovernment.moa.id.auth.exception.BuildException;
import at.gv.egovernment.moa.id.auth.exception.ParseException;
+import at.gv.egovernment.moa.id.commons.api.data.IIdentityLink;
import at.gv.egovernment.moa.util.Base64Utils;
import at.gv.egovernment.moa.util.Constants;
@@ -118,7 +118,7 @@ public class VerifyXMLSignatureRequestBuilder {
*
* @throws ParseException
*/
- public Element build(IdentityLink identityLink, String trustProfileID)
+ public Element build(IIdentityLink identityLink, String trustProfileID)
throws ParseException
{
try {
diff --git a/id/server/modules/moa-id-modul-citizencard_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/internal/tasks/GetForeignIDTask.java b/id/server/modules/moa-id-modul-citizencard_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/internal/tasks/GetForeignIDTask.java
index 4a28658ff..ba778002d 100644
--- a/id/server/modules/moa-id-modul-citizencard_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/internal/tasks/GetForeignIDTask.java
+++ b/id/server/modules/moa-id-modul-citizencard_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/internal/tasks/GetForeignIDTask.java
@@ -21,7 +21,6 @@ import org.w3c.dom.Element;
import at.gv.egovernment.moa.id.advancedlogging.MOAIDEventConstants;
import at.gv.egovernment.moa.id.auth.AuthenticationServer;
import at.gv.egovernment.moa.id.auth.data.CreateXMLSignatureResponse;
-import at.gv.egovernment.moa.id.auth.data.IdentityLink;
import at.gv.egovernment.moa.id.auth.exception.ParseException;
import at.gv.egovernment.moa.id.auth.exception.WrongParametersException;
import at.gv.egovernment.moa.id.auth.modules.AbstractAuthServletTask;
@@ -30,8 +29,8 @@ import at.gv.egovernment.moa.id.auth.parser.CreateXMLSignatureResponseParser;
import at.gv.egovernment.moa.id.auth.parser.IdentityLinkAssertionParser;
import at.gv.egovernment.moa.id.client.SZRGWClientException;
import at.gv.egovernment.moa.id.client.utils.SZRGWClientUtils;
+import at.gv.egovernment.moa.id.commons.api.data.IIdentityLink;
import at.gv.egovernment.moa.id.commons.api.exceptions.MOAIDException;
-import at.gv.egovernment.moa.id.commons.db.ex.MOADatabaseException;
import at.gv.egovernment.moa.id.process.api.ExecutionContext;
import at.gv.egovernment.moa.id.protocols.pvp2x.PVPConstants;
import at.gv.egovernment.moa.id.util.ParamValidatorUtils;
@@ -136,7 +135,7 @@ public class GetForeignIDTask extends AbstractAuthServletTask {
} else {
IdentityLinkAssertionParser ilParser = new IdentityLinkAssertionParser(new ByteArrayInputStream(
response.getIdentityLink()));
- IdentityLink identitylink = ilParser.parseIdentityLink();
+ IIdentityLink identitylink = ilParser.parseIdentityLink();
moasession.setIdentityLink(identitylink);
// set QAA Level four in case of card authentifcation
@@ -146,13 +145,9 @@ public class GetForeignIDTask extends AbstractAuthServletTask {
revisionsLogger.logEvent(pendingReq.getOnlineApplicationConfiguration(),
pendingReq, MOAIDEventConstants.AUTHPROCESS_FOREIGN_SZRGW_RECEIVED);
-
- try {
- authenticatedSessionStorage.storeSession(moasession);
-
- } catch (MOADatabaseException e) {
- throw new MOAIDException("Session store error", null);
- }
+
+ //store pending request
+ requestStoreage.storePendingRequest(pendingReq);
}
diff --git a/id/server/modules/moa-id-modul-citizencard_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/internal/tasks/GetMISSessionIDTask.java b/id/server/modules/moa-id-modul-citizencard_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/internal/tasks/GetMISSessionIDTask.java
index 3f63c207e..a24cc9a43 100644
--- a/id/server/modules/moa-id-modul-citizencard_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/internal/tasks/GetMISSessionIDTask.java
+++ b/id/server/modules/moa-id-modul-citizencard_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/internal/tasks/GetMISSessionIDTask.java
@@ -21,6 +21,7 @@ import at.gv.egovernment.moa.id.auth.exception.AuthenticationException;
import at.gv.egovernment.moa.id.auth.modules.AbstractAuthServletTask;
import at.gv.egovernment.moa.id.auth.modules.TaskExecutionException;
import at.gv.egovernment.moa.id.commons.api.ConnectionParameterInterface;
+import at.gv.egovernment.moa.id.commons.api.data.IMISMandate;
import at.gv.egovernment.moa.id.commons.api.exceptions.MOAIDException;
import at.gv.egovernment.moa.id.data.MISMandate;
import at.gv.egovernment.moa.id.process.api.ExecutionContext;
@@ -91,7 +92,7 @@ public class GetMISSessionIDTask extends AbstractAuthServletTask {
// for now: list contains only one element
- MISMandate mandate = (MISMandate) list.get(0);
+ IMISMandate mandate = (IMISMandate) list.get(0);
String sMandate = new String(mandate.getMandate(), "UTF-8");
if (sMandate == null || sMandate.compareToIgnoreCase("") == 0) {
@@ -115,8 +116,8 @@ public class GetMISSessionIDTask extends AbstractAuthServletTask {
//log mandate specific set of events
revisionsLogger.logMandateEventSet(pendingReq, mandate);
- //Stor MOAsession
- authenticatedSessionStorage.storeSession(moasession);
+ //store pending request with new MOASession data information
+ requestStoreage.storePendingRequest(pendingReq);
} catch (MOAIDException ex) {
diff --git a/id/server/modules/moa-id-modul-citizencard_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/internal/tasks/InitializeBKUAuthenticationTask.java b/id/server/modules/moa-id-modul-citizencard_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/internal/tasks/InitializeBKUAuthenticationTask.java
index c1fae1f1e..608f50200 100644
--- a/id/server/modules/moa-id-modul-citizencard_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/internal/tasks/InitializeBKUAuthenticationTask.java
+++ b/id/server/modules/moa-id-modul-citizencard_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/internal/tasks/InitializeBKUAuthenticationTask.java
@@ -64,18 +64,8 @@ public class InitializeBKUAuthenticationTask extends AbstractAuthServletTask {
try {
//
- internalInitializeWithoutPersist(executionContext, request, response);
-
- // make sure MOASession and Pending-Request has been persisted before running the process
- try {
- authenticatedSessionStorage.storeSession(moasession);
- requestStoreage.storePendingRequest(pendingReq);
-
- } catch (MOADatabaseException e) {
- Logger.error("Database Error! MOASession is not stored!");
- throw new MOAIDException("init.04", new Object[] {
- moasession.getSessionID()});
- }
+ internalInitializeWithoutPersist(executionContext, request, response);
+ requestStoreage.storePendingRequest(pendingReq);
} catch (MOADatabaseException | MOAIDException e) {
@@ -106,7 +96,7 @@ public class InitializeBKUAuthenticationTask extends AbstractAuthServletTask {
Logger.info("Start Authentication Module: " + pendingReq.requestedModule()
+ " Action: " + pendingReq.requestedAction());
- authInitialisationParser.parse(executionContext, request, moasession, pendingReq);
+ authInitialisationParser.parse(executionContext, moasession, request, pendingReq);
} else {
String bkuid = (String) executionContext.get(MOAIDAuthConstants.PARAM_BKU);
diff --git a/id/server/modules/moa-id-modul-citizencard_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/internal/tasks/PrepareAuthBlockSignatureTask.java b/id/server/modules/moa-id-modul-citizencard_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/internal/tasks/PrepareAuthBlockSignatureTask.java
index ed49201b8..f7a816c74 100644
--- a/id/server/modules/moa-id-modul-citizencard_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/internal/tasks/PrepareAuthBlockSignatureTask.java
+++ b/id/server/modules/moa-id-modul-citizencard_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/internal/tasks/PrepareAuthBlockSignatureTask.java
@@ -55,8 +55,8 @@ public class PrepareAuthBlockSignatureTask extends AbstractAuthServletTask {
String createXMLSignatureRequest = authServer
.getCreateXMLSignatureRequestAuthBlockOrRedirect(moasession, pendingReq);
- //store MOASession
- authenticatedSessionStorage.storeSession(moasession);
+ //store pending request with new MOASession data information
+ requestStoreage.storePendingRequest(pendingReq);
//write response
CitizenCardServletUtils.writeCreateXMLSignatureRequestOrRedirect(resp, pendingReq,
diff --git a/id/server/modules/moa-id-modul-citizencard_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/internal/tasks/PrepareGetMISMandateTask.java b/id/server/modules/moa-id-modul-citizencard_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/internal/tasks/PrepareGetMISMandateTask.java
index 88560eacf..8acfd255b 100644
--- a/id/server/modules/moa-id-modul-citizencard_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/internal/tasks/PrepareGetMISMandateTask.java
+++ b/id/server/modules/moa-id-modul-citizencard_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/internal/tasks/PrepareGetMISMandateTask.java
@@ -37,14 +37,11 @@ import at.gv.egovernment.moa.id.advancedlogging.MOAIDEventConstants;
import at.gv.egovernment.moa.id.auth.builder.DataURLBuilder;
import at.gv.egovernment.moa.id.auth.data.AuthenticationSession;
import at.gv.egovernment.moa.id.auth.exception.AuthenticationException;
-import at.gv.egovernment.moa.id.auth.exception.BuildException;
import at.gv.egovernment.moa.id.auth.exception.MISSimpleClientException;
import at.gv.egovernment.moa.id.auth.modules.AbstractAuthServletTask;
import at.gv.egovernment.moa.id.auth.modules.TaskExecutionException;
import at.gv.egovernment.moa.id.commons.api.ConnectionParameterInterface;
import at.gv.egovernment.moa.id.commons.api.IOAAuthParameters;
-import at.gv.egovernment.moa.id.commons.api.exceptions.MOAIDException;
-import at.gv.egovernment.moa.id.commons.db.ex.MOADatabaseException;
import at.gv.egovernment.moa.id.process.api.ExecutionContext;
import at.gv.egovernment.moa.id.util.SSLUtils;
import at.gv.egovernment.moa.id.util.client.mis.simple.MISSessionId;
@@ -136,13 +133,8 @@ public class PrepareGetMISMandateTask extends AbstractAuthServletTask {
String redirectMISGUI = misSessionID.getRedirectURL();
moasession.setMISSessionID(misSessionID.getSessiondId());
- try {
- authenticatedSessionStorage.storeSession(moasession);
-
- } catch (MOADatabaseException | BuildException e) {
- throw new MOAIDException("Session store error", null);
-
- }
+ //store pending request with new MOASession data information
+ requestStoreage.storePendingRequest(pendingReq);
revisionsLogger.logEvent(pendingReq.getOnlineApplicationConfiguration(),
pendingReq, MOAIDEventConstants.AUTHPROCESS_MANDATE_REDIRECT);
diff --git a/id/server/modules/moa-id-modul-citizencard_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/internal/tasks/VerifyAuthenticationBlockTask.java b/id/server/modules/moa-id-modul-citizencard_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/internal/tasks/VerifyAuthenticationBlockTask.java
index 516e9501b..ddd52c337 100644
--- a/id/server/modules/moa-id-modul-citizencard_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/internal/tasks/VerifyAuthenticationBlockTask.java
+++ b/id/server/modules/moa-id-modul-citizencard_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/internal/tasks/VerifyAuthenticationBlockTask.java
@@ -94,8 +94,8 @@ public class VerifyAuthenticationBlockTask extends AbstractAuthServletTask {
//verify authBlock
authServer.verifyAuthenticationBlock(pendingReq, moasession, createXMLSignatureResponse);
- //store all changes in session DAO
- authenticatedSessionStorage.storeSession(moasession);
+ //store pending request with new MOASession data information
+ requestStoreage.storePendingRequest(pendingReq);
}
diff --git a/id/server/modules/moa-id-modul-citizencard_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/internal/tasks/VerifyCertificateTask.java b/id/server/modules/moa-id-modul-citizencard_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/internal/tasks/VerifyCertificateTask.java
index df158a7ec..6aefb75a1 100644
--- a/id/server/modules/moa-id-modul-citizencard_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/internal/tasks/VerifyCertificateTask.java
+++ b/id/server/modules/moa-id-modul-citizencard_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/internal/tasks/VerifyCertificateTask.java
@@ -20,7 +20,6 @@ import at.gv.egovernment.moa.id.auth.exception.AuthenticationException;
import at.gv.egovernment.moa.id.auth.modules.AbstractAuthServletTask;
import at.gv.egovernment.moa.id.auth.modules.TaskExecutionException;
import at.gv.egovernment.moa.id.commons.api.exceptions.MOAIDException;
-import at.gv.egovernment.moa.id.commons.db.ex.MOADatabaseException;
import at.gv.egovernment.moa.id.process.api.ExecutionContext;
import at.gv.egovernment.moa.id.util.CitizenCardServletUtils;
import at.gv.egovernment.moa.logging.Logger;
@@ -98,12 +97,8 @@ public class VerifyCertificateTask extends AbstractAuthServletTask {
String createXMLSignatureRequestOrRedirect =
authServer.getCreateXMLSignatureRequestAuthBlockOrRedirect(moasession, pendingReq);
- try {
- authenticatedSessionStorage.storeSession(moasession);
-
- } catch (MOADatabaseException e) {
- throw new MOAIDException("session store error", null);
- }
+ //store pending request with new MOASession data information
+ requestStoreage.storePendingRequest(pendingReq);
CitizenCardServletUtils.writeCreateXMLSignatureRequestOrRedirect(resp, pendingReq, createXMLSignatureRequestOrRedirect, AuthenticationServer.REQ_PROCESS_VALIDATOR_INPUT, "VerifyCertificate");
diff --git a/id/server/modules/moa-id-modul-citizencard_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/internal/tasks/VerifyIdentityLinkTask.java b/id/server/modules/moa-id-modul-citizencard_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/internal/tasks/VerifyIdentityLinkTask.java
index 0deda4d43..4408f3852 100644
--- a/id/server/modules/moa-id-modul-citizencard_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/internal/tasks/VerifyIdentityLinkTask.java
+++ b/id/server/modules/moa-id-modul-citizencard_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/internal/tasks/VerifyIdentityLinkTask.java
@@ -73,8 +73,8 @@ public class VerifyIdentityLinkTask extends AbstractAuthServletTask {
//verify identityLink
boolean identityLinkAvailable = authServer.verifyIdentityLink(pendingReq, moasession, parameters) != null;
- //store session
- authenticatedSessionStorage.storeSession(moasession);
+ //store pending request with new MOASession data information
+ requestStoreage.storePendingRequest(pendingReq);
//set 'identityLink exists' flag to context
executionContext.put("identityLinkAvailable", identityLinkAvailable);
diff --git a/id/server/modules/moa-id-modul-citizencard_authentication/src/main/java/at/gv/egovernment/moa/id/auth/parser/InfoboxReadResponseParser.java b/id/server/modules/moa-id-modul-citizencard_authentication/src/main/java/at/gv/egovernment/moa/id/auth/parser/InfoboxReadResponseParser.java
index 90fd7e1c7..275a85129 100644
--- a/id/server/modules/moa-id-modul-citizencard_authentication/src/main/java/at/gv/egovernment/moa/id/auth/parser/InfoboxReadResponseParser.java
+++ b/id/server/modules/moa-id-modul-citizencard_authentication/src/main/java/at/gv/egovernment/moa/id/auth/parser/InfoboxReadResponseParser.java
@@ -63,10 +63,10 @@ import org.apache.xpath.XPathAPI;
import org.w3c.dom.Document;
import org.w3c.dom.Element;
-import at.gv.egovernment.moa.id.auth.data.IdentityLink;
import at.gv.egovernment.moa.id.auth.exception.AuthenticationException;
import at.gv.egovernment.moa.id.auth.exception.BKUException;
import at.gv.egovernment.moa.id.auth.exception.ParseException;
+import at.gv.egovernment.moa.id.commons.api.data.IIdentityLink;
import at.gv.egovernment.moa.util.Base64Utils;
import at.gv.egovernment.moa.util.Constants;
import at.gv.egovernment.moa.util.DOMUtils;
@@ -241,7 +241,7 @@ public class InfoboxReadResponseParser {
* @return Identity link
* @throws ParseException on any parsing error
*/
- public IdentityLink parseIdentityLink() throws ParseException {
+ public IIdentityLink parseIdentityLink() throws ParseException {
Element samlAssertion = parseSAMLAssertion();
IdentityLinkAssertionParser ilParser = new IdentityLinkAssertionParser(samlAssertion);
return ilParser.parseIdentityLink();
diff --git a/id/server/modules/moa-id-modul-citizencard_authentication/src/main/java/at/gv/egovernment/moa/id/auth/validator/CreateXMLSignatureResponseValidator.java b/id/server/modules/moa-id-modul-citizencard_authentication/src/main/java/at/gv/egovernment/moa/id/auth/validator/CreateXMLSignatureResponseValidator.java
index 4b0e7b869..a227ab5be 100644
--- a/id/server/modules/moa-id-modul-citizencard_authentication/src/main/java/at/gv/egovernment/moa/id/auth/validator/CreateXMLSignatureResponseValidator.java
+++ b/id/server/modules/moa-id-modul-citizencard_authentication/src/main/java/at/gv/egovernment/moa/id/auth/validator/CreateXMLSignatureResponseValidator.java
@@ -57,15 +57,15 @@ import org.jaxen.SimpleNamespaceContext;
import org.w3c.dom.Element;
import at.gv.egovernment.moa.id.auth.builder.AuthenticationBlockAssertionBuilder;
-import at.gv.egovernment.moa.id.auth.data.AuthenticationSession;
import at.gv.egovernment.moa.id.auth.data.CreateXMLSignatureResponse;
-import at.gv.egovernment.moa.id.auth.data.ExtendedSAMLAttribute;
-import at.gv.egovernment.moa.id.auth.data.IdentityLink;
import at.gv.egovernment.moa.id.auth.data.SAMLAttribute;
import at.gv.egovernment.moa.id.auth.exception.ValidateException;
import at.gv.egovernment.moa.id.commons.MOAIDAuthConstants;
import at.gv.egovernment.moa.id.commons.api.IOAAuthParameters;
import at.gv.egovernment.moa.id.commons.api.IRequest;
+import at.gv.egovernment.moa.id.commons.api.data.ExtendedSAMLAttribute;
+import at.gv.egovernment.moa.id.commons.api.data.IAuthenticationSession;
+import at.gv.egovernment.moa.id.commons.api.data.IIdentityLink;
import at.gv.egovernment.moa.id.commons.api.exceptions.ConfigurationException;
import at.gv.egovernment.moa.id.config.TargetToSectorNameMapper;
import at.gv.egovernment.moa.id.config.auth.AuthConfigurationProviderFactory;
@@ -129,7 +129,7 @@ public class CreateXMLSignatureResponseValidator {
* @param pendingReq
* @throws ValidateException
*/
- public void validate(CreateXMLSignatureResponse createXMLSignatureResponse, AuthenticationSession session, IRequest pendingReq)
+ public void validate(CreateXMLSignatureResponse createXMLSignatureResponse, IAuthenticationSession session, IRequest pendingReq)
throws ValidateException {
// A3.056: more then one /saml:Assertion/saml:AttributeStatement/saml:Subject/saml:NameIdentifier
@@ -142,7 +142,7 @@ public class CreateXMLSignatureResponseValidator {
String oaURL = oaParam.getPublicURLPrefix();
boolean businessService = oaParam.getBusinessService();
- IdentityLink identityLink = session.getIdentityLink();
+ IIdentityLink identityLink = session.getIdentityLink();
Element samlAssertion = createXMLSignatureResponse.getSamlAssertion();
String issuer = samlAssertion.getAttribute("Issuer");
@@ -415,13 +415,13 @@ public class CreateXMLSignatureResponseValidator {
* @param pendingReq
* @throws ValidateException
*/
- public void validateSSO(CreateXMLSignatureResponse createXMLSignatureResponse, AuthenticationSession session, IRequest pendingReq)
+ public void validateSSO(CreateXMLSignatureResponse createXMLSignatureResponse, IAuthenticationSession session, IRequest pendingReq)
throws ValidateException {
// A3.056: more then one /saml:Assertion/saml:AttributeStatement/saml:Subject/saml:NameIdentifier
String oaURL = pendingReq.getAuthURL();
- IdentityLink identityLink = session.getIdentityLink();
+ IIdentityLink identityLink = session.getIdentityLink();
Element samlAssertion = createXMLSignatureResponse.getSamlAssertion();
String issuer = samlAssertion.getAttribute("Issuer");
diff --git a/id/server/modules/moa-id-modul-citizencard_authentication/src/main/java/at/gv/egovernment/moa/id/auth/validator/IdentityLinkValidator.java b/id/server/modules/moa-id-modul-citizencard_authentication/src/main/java/at/gv/egovernment/moa/id/auth/validator/IdentityLinkValidator.java
index fa6486afe..f3ce6888b 100644
--- a/id/server/modules/moa-id-modul-citizencard_authentication/src/main/java/at/gv/egovernment/moa/id/auth/validator/IdentityLinkValidator.java
+++ b/id/server/modules/moa-id-modul-citizencard_authentication/src/main/java/at/gv/egovernment/moa/id/auth/validator/IdentityLinkValidator.java
@@ -51,6 +51,7 @@ import org.w3c.dom.NodeList;
import at.gv.egovernment.moa.id.auth.data.IdentityLink;
import at.gv.egovernment.moa.id.auth.exception.ValidateException;
+import at.gv.egovernment.moa.id.commons.api.data.IIdentityLink;
import at.gv.egovernment.moa.util.Constants;
import at.gv.egovernment.moa.util.XPathUtils;
@@ -134,7 +135,7 @@ public class IdentityLinkValidator implements Constants {
* @param identityLink The identityLink to validate
* @throws ValidateException on any validation error
*/
- public void validate(IdentityLink identityLink) throws ValidateException {
+ public void validate(IIdentityLink identityLink) throws ValidateException {
Element samlAssertion = identityLink.getSamlAssertion();
//Search the SAML:ASSERTION Object (A2.054)
diff --git a/id/server/modules/moa-id-modul-citizencard_authentication/src/main/java/at/gv/egovernment/moa/id/auth/validator/VerifyXMLSignatureResponseValidator.java b/id/server/modules/moa-id-modul-citizencard_authentication/src/main/java/at/gv/egovernment/moa/id/auth/validator/VerifyXMLSignatureResponseValidator.java
index df101f5b7..4953dad02 100644
--- a/id/server/modules/moa-id-modul-citizencard_authentication/src/main/java/at/gv/egovernment/moa/id/auth/validator/VerifyXMLSignatureResponseValidator.java
+++ b/id/server/modules/moa-id-modul-citizencard_authentication/src/main/java/at/gv/egovernment/moa/id/auth/validator/VerifyXMLSignatureResponseValidator.java
@@ -46,13 +46,6 @@
package at.gv.egovernment.moa.id.auth.validator;
-import iaik.asn1.ObjectID;
-import iaik.asn1.structures.Name;
-import iaik.security.ecc.ecdsa.ECPublicKey;
-import iaik.utils.RFC2253NameParserException;
-import iaik.x509.X509Certificate;
-import iaik.x509.X509ExtensionInitException;
-
import java.security.InvalidKeyException;
import java.security.PublicKey;
import java.security.interfaces.RSAPublicKey;
@@ -61,15 +54,21 @@ import java.util.Iterator;
import java.util.List;
import java.util.Set;
-import at.gv.egovernment.moa.id.auth.data.IdentityLink;
import at.gv.egovernment.moa.id.auth.data.VerifyXMLSignatureResponse;
import at.gv.egovernment.moa.id.auth.exception.ValidateException;
import at.gv.egovernment.moa.id.commons.MOAIDAuthConstants;
import at.gv.egovernment.moa.id.commons.api.IOAAuthParameters;
+import at.gv.egovernment.moa.id.commons.api.data.IIdentityLink;
+import at.gv.egovernment.moa.id.commons.api.data.IVerifiyXMLSignatureResponse;
import at.gv.egovernment.moa.id.commons.api.exceptions.ConfigurationException;
import at.gv.egovernment.moa.id.commons.utils.MOAIDMessageProvider;
import at.gv.egovernment.moa.id.config.auth.AuthConfigurationProviderFactory;
import at.gv.egovernment.moa.logging.Logger;
+import iaik.asn1.structures.Name;
+import iaik.security.ec.common.ECPublicKey;
+import iaik.utils.RFC2253NameParserException;
+import iaik.x509.X509Certificate;
+import iaik.x509.X509ExtensionInitException;
/**
* This class is used to validate an {@link VerifyXMLSignatureResponse}
@@ -111,7 +110,7 @@ public class VerifyXMLSignatureResponseValidator {
* @throws ValidateException on any validation error
* @throws ConfigurationException
*/
- public void validate(VerifyXMLSignatureResponse verifyXMLSignatureResponse,
+ public void validate(IVerifiyXMLSignatureResponse verifyXMLSignatureResponse,
List<String> identityLinkSignersSubjectDNNames,
String whatToCheck,
IOAAuthParameters oaParam)
@@ -242,8 +241,8 @@ public class VerifyXMLSignatureResponseValidator {
* @throws ValidateException
*/
public void validateCertificate(
- VerifyXMLSignatureResponse verifyXMLSignatureResponse,
- IdentityLink idl)
+ IVerifiyXMLSignatureResponse verifyXMLSignatureResponse,
+ IIdentityLink idl)
throws ValidateException {
X509Certificate x509Response = verifyXMLSignatureResponse.getX509certificate();
@@ -268,9 +267,9 @@ public class VerifyXMLSignatureResponseValidator {
//compare ECDSAPublicKeys
if( ( (idl.getPublicKey()[i] instanceof java.security.interfaces.ECPublicKey) ||
- (idl.getPublicKey()[i] instanceof iaik.security.ecc.ecdsa.ECPublicKey)) &&
+ (idl.getPublicKey()[i] instanceof ECPublicKey)) &&
( (pubKeySignature instanceof java.security.interfaces.ECPublicKey) ||
- (pubKeySignature instanceof iaik.security.ecc.ecdsa.ECPublicKey) ) ) {
+ (pubKeySignature instanceof ECPublicKey) ) ) {
try {
ECPublicKey ecdsaPubKeySignature = new ECPublicKey(pubKeySignature.getEncoded());
diff --git a/id/server/modules/moa-id-modul-citizencard_authentication/src/main/java/at/gv/egovernment/moa/id/util/CitizenCardServletUtils.java b/id/server/modules/moa-id-modul-citizencard_authentication/src/main/java/at/gv/egovernment/moa/id/util/CitizenCardServletUtils.java
index 1f2cda680..d093cc7f0 100644
--- a/id/server/modules/moa-id-modul-citizencard_authentication/src/main/java/at/gv/egovernment/moa/id/util/CitizenCardServletUtils.java
+++ b/id/server/modules/moa-id-modul-citizencard_authentication/src/main/java/at/gv/egovernment/moa/id/util/CitizenCardServletUtils.java
@@ -57,9 +57,9 @@ import javax.servlet.http.HttpServletResponse;
import com.google.common.net.MediaType;
import at.gv.egovernment.moa.id.auth.builder.DataURLBuilder;
-import at.gv.egovernment.moa.id.auth.data.AuthenticationSession;
import at.gv.egovernment.moa.id.commons.MOAIDAuthConstants;
import at.gv.egovernment.moa.id.commons.api.IRequest;
+import at.gv.egovernment.moa.id.commons.api.data.IAuthenticationSession;
import at.gv.egovernment.moa.id.commons.api.exceptions.MOAIDException;
import at.gv.egovernment.moa.logging.Logger;
@@ -148,7 +148,7 @@ public class CitizenCardServletUtils extends ServletUtils{
* @throws MOAIDException
* @throws IOException
*/
- public static void writeCreateXMLSignatureRequestURLEncoded(HttpServletResponse resp, AuthenticationSession session, String createXMLSignatureRequestOrRedirect, String servletGoal, String servletName, String dataURL)
+ public static void writeCreateXMLSignatureRequestURLEncoded(HttpServletResponse resp, IAuthenticationSession session, String createXMLSignatureRequestOrRedirect, String servletGoal, String servletName, String dataURL)
throws MOAIDException,
IOException {
resp.setStatus(200);
diff --git a/id/server/modules/moa-id-modul-citizencard_authentication/src/main/java/at/gv/egovernment/moa/id/util/client/mis/simple/MISSimpleClient.java b/id/server/modules/moa-id-modul-citizencard_authentication/src/main/java/at/gv/egovernment/moa/id/util/client/mis/simple/MISSimpleClient.java
index 7b5a7b9c0..12e58342a 100644
--- a/id/server/modules/moa-id-modul-citizencard_authentication/src/main/java/at/gv/egovernment/moa/id/util/client/mis/simple/MISSimpleClient.java
+++ b/id/server/modules/moa-id-modul-citizencard_authentication/src/main/java/at/gv/egovernment/moa/id/util/client/mis/simple/MISSimpleClient.java
@@ -152,11 +152,11 @@ public class MISSimpleClient {
}
return foundMandates;
} catch (ParserConfigurationException e) {
- throw new MISSimpleClientException("service.06", e);
+ throw new MISSimpleClientException("service.06", new Object[]{e.getMessage()}, e);
} catch (DOMException e) {
- throw new MISSimpleClientException("service.06", e);
+ throw new MISSimpleClientException("service.06", new Object[]{e.getMessage()}, e);
} catch (TransformerException e) {
- throw new MISSimpleClientException("service.06", e);
+ throw new MISSimpleClientException("service.06", new Object[]{e.getMessage()}, e);
}
}
@@ -259,11 +259,11 @@ public class MISSimpleClient {
return msid;
} catch (ParserConfigurationException e) {
- throw new MISSimpleClientException("service.06", e);
+ throw new MISSimpleClientException("service.06", new Object[]{e.getMessage()}, e);
} catch (DOMException e) {
- throw new MISSimpleClientException("service.06", e);
+ throw new MISSimpleClientException("service.06", new Object[]{e.getMessage()}, e);
} catch (TransformerException e) {
- throw new MISSimpleClientException("service.06", e);
+ throw new MISSimpleClientException("service.06", new Object[]{e.getMessage()}, e);
}
}
@@ -315,19 +315,19 @@ public class MISSimpleClient {
return unpackFromSOAP(doc.getDocumentElement());
} catch(IOException e) {
- throw new MISSimpleClientException("service.04", e);
+ throw new MISSimpleClientException("service.04", new Object[]{webServiceURL, e.getMessage()}, e);
} catch (TransformerException e) {
- throw new MISSimpleClientException("service.06", e);
+ throw new MISSimpleClientException("service.06", new Object[]{e.getMessage()}, e);
} catch (SAXException e) {
- throw new MISSimpleClientException("service.06", e);
+ throw new MISSimpleClientException("service.06", new Object[]{e.getMessage()}, e);
} catch (ParserConfigurationException e) {
- throw new MISSimpleClientException("service.06", e);
+ throw new MISSimpleClientException("service.06", new Object[]{e.getMessage()}, e);
} catch (Exception e) {
- throw new MISSimpleClientException("service.06", e);
+ throw new MISSimpleClientException("service.06", new Object[]{e.getMessage()}, e);
}
diff --git a/id/server/modules/moa-id-modul-citizencard_authentication/src/test/java/test/at/gv/egovernment/moa/id/auth/builder/PersonDataBuilderTest.java b/id/server/modules/moa-id-modul-citizencard_authentication/src/test/java/test/at/gv/egovernment/moa/id/auth/builder/PersonDataBuilderTest.java
index b26fd4738..f2fde6322 100644
--- a/id/server/modules/moa-id-modul-citizencard_authentication/src/test/java/test/at/gv/egovernment/moa/id/auth/builder/PersonDataBuilderTest.java
+++ b/id/server/modules/moa-id-modul-citizencard_authentication/src/test/java/test/at/gv/egovernment/moa/id/auth/builder/PersonDataBuilderTest.java
@@ -47,8 +47,8 @@
package test.at.gv.egovernment.moa.id.auth.builder;
import at.gv.egovernment.moa.id.auth.builder.PersonDataBuilder;
-import at.gv.egovernment.moa.id.auth.data.IdentityLink;
import at.gv.egovernment.moa.id.auth.parser.InfoboxReadResponseParser;
+import at.gv.egovernment.moa.id.commons.api.data.IIdentityLink;
import at.gv.egovernment.moa.util.Constants;
import test.at.gv.egovernment.moa.id.UnitTestCase;
@@ -67,14 +67,14 @@ public class PersonDataBuilderTest extends UnitTestCase implements Constants {
}
public void testBuild() throws Exception {
String xmlInfoboxReadResponse = readFile("data/test/xmldata/testperson1/InfoboxReadResponse.xml");
- IdentityLink il = new InfoboxReadResponseParser(xmlInfoboxReadResponse).parseIdentityLink();
+ IIdentityLink il = new InfoboxReadResponseParser(xmlInfoboxReadResponse).parseIdentityLink();
String xmlPersonData = new PersonDataBuilder().build(il, true);
String xmlPersonDataShould = "<pr:Person xsi:type=\"pr:PhysicalPersonType\"><pr:Identification><pr:Value>123456789012</pr:Value><pr:Type>http://reference.e-government.gv.at/names/persondata/20020228#zmr-zahl</pr:Type></pr:Identification><pr:Name><pr:GivenName>Hermann</pr:GivenName><pr:FamilyName primary=\"undefined\">Muster</pr:FamilyName></pr:Name><pr:DateOfBirth>1968-10-22</pr:DateOfBirth></pr:Person>";
assertPersonDataEquals(xmlPersonDataShould, xmlPersonData);
}
public void testBuildNoZMRZahl() throws Exception {
String xmlInfoboxReadResponse = readFile("data/test/xmldata/testperson1/InfoboxReadResponse.xml");
- IdentityLink il = new InfoboxReadResponseParser(xmlInfoboxReadResponse).parseIdentityLink();
+ IIdentityLink il = new InfoboxReadResponseParser(xmlInfoboxReadResponse).parseIdentityLink();
String xmlPersonData = new PersonDataBuilder().build(il, false);
String xmlPersonDataShould = XML_DECL + "<pr:Person xsi:type=\"pr:PhysicalPersonType\"><pr:Name><pr:GivenName>Hermann</pr:GivenName><pr:FamilyName primary=\"undefined\">Muster</pr:FamilyName></pr:Name><pr:DateOfBirth>1968-10-22</pr:DateOfBirth></pr:Person>";
assertPersonDataEquals(xmlPersonDataShould, xmlPersonData);
diff --git a/id/server/modules/moa-id-modul-citizencard_authentication/src/test/java/test/at/gv/egovernment/moa/id/auth/parser/InfoboxReadResponseParserTest.java b/id/server/modules/moa-id-modul-citizencard_authentication/src/test/java/test/at/gv/egovernment/moa/id/auth/parser/InfoboxReadResponseParserTest.java
index 8d7dee597..38bf1cab6 100644
--- a/id/server/modules/moa-id-modul-citizencard_authentication/src/test/java/test/at/gv/egovernment/moa/id/auth/parser/InfoboxReadResponseParserTest.java
+++ b/id/server/modules/moa-id-modul-citizencard_authentication/src/test/java/test/at/gv/egovernment/moa/id/auth/parser/InfoboxReadResponseParserTest.java
@@ -49,10 +49,9 @@ package test.at.gv.egovernment.moa.id.auth.parser;
import java.io.RandomAccessFile;
import test.at.gv.egovernment.moa.id.UnitTestCase;
-
-import at.gv.egovernment.moa.id.auth.data.IdentityLink;
import at.gv.egovernment.moa.id.auth.parser.IdentityLinkAssertionParser;
import at.gv.egovernment.moa.id.auth.parser.InfoboxReadResponseParser;
+import at.gv.egovernment.moa.id.commons.api.data.IIdentityLink;
/**
* @author Paul Ivancsics
@@ -81,7 +80,7 @@ public class InfoboxReadResponseParserTest extends UnitTestCase {
InfoboxReadResponseParser irrp = new InfoboxReadResponseParser(xmlInfoboxReadResponse);
ilap = new IdentityLinkAssertionParser(irrp.parseSAMLAssertion());
- IdentityLink idl = ilap.parseIdentityLink();
+ IIdentityLink idl = ilap.parseIdentityLink();
System.out.println(idl.getGivenName());
System.out.println(idl.getFamilyName());
System.out.println(idl.getDateOfBirth());
@@ -101,7 +100,7 @@ public class InfoboxReadResponseParserTest extends UnitTestCase {
InfoboxReadResponseParser irrp = new InfoboxReadResponseParser(xmlInfoboxReadResponse);
ilap = new IdentityLinkAssertionParser(irrp.parseSAMLAssertion());
- IdentityLink idl = ilap.parseIdentityLink();
+ IIdentityLink idl = ilap.parseIdentityLink();
System.out.println(idl.getGivenName());
System.out.println(idl.getFamilyName());
System.out.println(idl.getDateOfBirth());
diff --git a/id/server/modules/moa-id-module-eIDAS/pom.xml b/id/server/modules/moa-id-module-eIDAS/pom.xml
index addf086d8..174ce40cb 100644
--- a/id/server/modules/moa-id-module-eIDAS/pom.xml
+++ b/id/server/modules/moa-id-module-eIDAS/pom.xml
@@ -12,10 +12,11 @@
<properties>
<repositoryPath>${basedir}/../../../../repository</repositoryPath>
- <eidas-commons.version>eidas.1.0</eidas-commons.version>
- <eidas-saml-engine.version>eidas.1.0</eidas-saml-engine.version>
- <eidas-encryption.version>eidas.1.0</eidas-encryption.version>
- <eidas-configmodule.version>eidas.1.0</eidas-configmodule.version>
+ <eidas-commons.version>1.1.0</eidas-commons.version>
+ <eidas-light-commons.version>1.1.0</eidas-light-commons.version>
+ <eidas-saml-engine.version>1.1.0</eidas-saml-engine.version>
+ <eidas-encryption.version>1.1.0</eidas-encryption.version>
+ <eidas-configmodule.version>1.1.0</eidas-configmodule.version>
</properties>
@@ -44,6 +45,11 @@
<dependencies>
<dependency>
+ <groupId>MOA.id.server</groupId>
+ <artifactId>moa-id-lib</artifactId>
+ </dependency>
+
+ <dependency>
<groupId>org.springframework</groupId>
<artifactId>spring-test</artifactId>
<scope>test</scope>
@@ -75,6 +81,12 @@
<dependency>
<groupId>eu.eidas</groupId>
+ <artifactId>eidas-light-commons</artifactId>
+ <version>${eidas-light-commons.version}</version>
+ </dependency>
+
+ <dependency>
+ <groupId>eu.eidas</groupId>
<artifactId>eidas-configmodule</artifactId>
<version>${eidas-configmodule.version}</version>
<exclusions>
@@ -100,7 +112,7 @@
<!-- eidas SAML Engine -->
<dependency>
<groupId>eu.eidas</groupId>
- <artifactId>saml-engine</artifactId>
+ <artifactId>eidas-saml-engine</artifactId>
<version>${eidas-saml-engine.version}</version>
<scope>compile</scope>
<exclusions>
diff --git a/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas/Constants.java b/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas/Constants.java
index d93d739b1..f45b6ffa5 100644
--- a/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas/Constants.java
+++ b/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas/Constants.java
@@ -22,15 +22,12 @@
*/
package at.gv.egovernment.moa.id.auth.modules.eidas;
-import java.util.Collections;
-import java.util.HashMap;
-import java.util.Map;
-
import org.opensaml.xml.encryption.EncryptionConstants;
import org.opensaml.xml.signature.SignatureConstants;
+//import eu.eidas.auth.engine.core.validator.eidas.EIDASAttributes;
-import eu.eidas.auth.engine.core.eidas.EidasAttributesTypes;
-import eu.eidas.auth.engine.core.validator.eidas.EIDASAttributes;
+import eu.eidas.auth.commons.attribute.AttributeRegistries;
+import eu.eidas.auth.commons.attribute.AttributeRegistry;
/**
* @author tlenz
@@ -54,6 +51,7 @@ public class Constants {
//configuration property keys
public static final String CONIG_PROPS_EIDAS_PREFIX="moa.id.protocols.eIDAS";
public static final String CONIG_PROPS_EIDAS_SAMLENGINE="samlengine";
+ public static final String CONIG_PROPS_EIDAS_NODE= CONIG_PROPS_EIDAS_PREFIX + ".node";
public static final String CONIG_PROPS_EIDAS_SAMLENGINE_PREFIX=CONIG_PROPS_EIDAS_PREFIX + "." + CONIG_PROPS_EIDAS_SAMLENGINE;
public static final String CONIG_PROPS_EIDAS_SAMLENGINE_BASIC_CONFIGFILE = CONIG_PROPS_EIDAS_SAMLENGINE_PREFIX + ".config.file";
public static final String CONIG_PROPS_EIDAS_SAMLENGINE_SIGN="sign";
@@ -64,23 +62,33 @@ public class Constants {
+ CONIG_PROPS_EIDAS_SAMLENGINE_ENCRYPT + ".config.file";
public static final String CONIG_PROPS_EIDAS_METADATA_VALIDATION_TRUSTSTORE = CONIG_PROPS_EIDAS_PREFIX + ".metadata.validation.truststore";
+ public static final String CONIG_PROPS_EIDAS_NODE_COUNTRYCODE = CONIG_PROPS_EIDAS_NODE + ".countrycode";
+ public static final String CONIG_PROPS_EIDAS_NODE_COUNTRY = CONIG_PROPS_EIDAS_NODE + ".country";
+ public static final String CONIG_PROPS_EIDAS_NODE_LoA = CONIG_PROPS_EIDAS_NODE + ".LoA";
+
+
//timeouts and clock skews
- public static final long CONFIG_PROPS_SKEWTIME = 2 * 60 * 1000; //2 minutes skew time for response validation
+ public static final int CONFIG_PROPS_SKEWTIME = 2 * 60 * 1000; //2 minutes skew time for response validation
public static final int CONFIG_PROPS_METADATA_SOCKED_TIMEOUT = 20 * 1000; //20 seconds metadata socked timeout
public static final long CONFIG_PROPS_METADATA_GARBAGE_TIMEOUT = 7 * 24 * 60 * 60 * 1000; //remove unused eIDAS metadata after 7 days
-
- //eIDAS attribute names
- public static final String eIDAS_ATTR_PERSONALIDENTIFIER = EIDASAttributes.ATTRIBUTE_NAME_SUFFIX_PERSONIDENTIFIER;
- public static final String eIDAS_ATTR_DATEOFBIRTH = EIDASAttributes.ATTRIBUTE_NAME_SUFFIX_DATEOFBIRTH;
- public static final String eIDAS_ATTR_CURRENTGIVENNAME = EIDASAttributes.ATTRIBUTE_NAME_SUFFIX_FIRSTNAME;
- public static final String eIDAS_ATTR_CURRENTFAMILYNAME = EIDASAttributes.ATTRIBUTE_NAME_SUFFIX_GIVENNAME;
+
+ //eIDAS request parameters
+ public static final String eIDAS_REQ_NAMEID_FORMAT = "urn:oasis:names:tc:SAML:2.0:nameid-format:persistent";
+
+ //eIDAS attribute names
+ public static final String eIDAS_ATTR_PERSONALIDENTIFIER = "PersonIdentifier";
+ public static final String eIDAS_ATTR_DATEOFBIRTH = "DateOfBirth";
+ public static final String eIDAS_ATTR_CURRENTGIVENNAME = "FirstName";
+ public static final String eIDAS_ATTR_CURRENTFAMILYNAME = "FamilyName";
+ public static final String eIDAS_ATTR_LEGALPERSONIDENTIFIER = "LegalPersonIdentifier";
+ public static final String eIDAS_ATTR_LEGALNAME = "LegalName";
//http endpoint descriptions
public static final String eIDAS_HTTP_ENDPOINT_SP_POST = "/eidas/sp/post";
public static final String eIDAS_HTTP_ENDPOINT_SP_REDIRECT = "/eidas/sp/redirect";
- public static final String eIDAS_HTTP_ENDPOINT_IDP_POST = "/eidas/idp/post";
+ //public static final String eIDAS_HTTP_ENDPOINT_IDP_POST = "/eidas/idp/post";
+ //public static final String eIDAS_HTTP_ENDPOINT_IDP_REDIRECT = "/eidas/idp/redirect";
public static final String eIDAS_HTTP_ENDPOINT_IDP_COLLEAGUEREQUEST = "/eidas/ColleagueRequest";
- public static final String eIDAS_HTTP_ENDPOINT_IDP_REDIRECT = "/eidas/idp/redirect";
public static final String eIDAS_HTTP_ENDPOINT_METADATA = "/eidas/metadata";
@@ -92,22 +100,38 @@ public class Constants {
public static final int eIDAS_REVERSIONSLOG_SP_AUTHRESPONSE= 3404;
//metadata constants
- public final static Map<String, EidasAttributesTypes> METADATA_POSSIBLE_ATTRIBUTES = Collections.unmodifiableMap(
- new HashMap<String, EidasAttributesTypes>(){
- private static final long serialVersionUID = 1L;
- {
- put(EIDASAttributes.ATTRIBUTE_GIVENNAME, EidasAttributesTypes.NATURAL_PERSON_MANDATORY);
- put(EIDASAttributes.ATTRIBUTE_FIRSTNAME, EidasAttributesTypes.NATURAL_PERSON_MANDATORY);
- put(EIDASAttributes.ATTRIBUTE_DATEOFBIRTH, EidasAttributesTypes.NATURAL_PERSON_MANDATORY);
- put(EIDASAttributes.ATTRIBUTE_PERSONIDENTIFIER, EidasAttributesTypes.NATURAL_PERSON_MANDATORY);
-
- //TODO: add additional attributes for eIDAS with mandates
- //put(EIDASAttributes.ATTRIBUTE_LEGALIDENTIFIER, EidasAttributesTypes.LEGAL_PERSON_MANDATORY);
- //put(EIDASAttributes.ATTRIBUTE_LEGALNAME, EidasAttributesTypes.LEGAL_PERSON_MANDATORY);
- }
- }
- );
+// public final static Map<String, EidasAttributesTypes> METADATA_POSSIBLE_ATTRIBUTES = Collections.unmodifiableMap(
+// new HashMap<String, EidasAttributesTypes>(){
+// private static final long serialVersionUID = 1L;
+// {
+// put(EIDASAttributes.ATTRIBUTE_GIVENNAME, EidasAttributesTypes.NATURAL_PERSON_MANDATORY);
+// put(EIDASAttributes.ATTRIBUTE_FIRSTNAME, EidasAttributesTypes.NATURAL_PERSON_MANDATORY);
+// put(EIDASAttributes.ATTRIBUTE_DATEOFBIRTH, EidasAttributesTypes.NATURAL_PERSON_MANDATORY);
+// put(EIDASAttributes.ATTRIBUTE_PERSONIDENTIFIER, EidasAttributesTypes.NATURAL_PERSON_MANDATORY);
+//
+// //TODO: add additional attributes for eIDAS with mandates
+// //put(EIDASAttributes.ATTRIBUTE_LEGALIDENTIFIER, EidasAttributesTypes.LEGAL_PERSON_MANDATORY);
+// //put(EIDASAttributes.ATTRIBUTE_LEGALNAME, EidasAttributesTypes.LEGAL_PERSON_MANDATORY);
+// }
+// }
+// );
+ public static final AttributeRegistry NAT_ATTR =
+ AttributeRegistries.of( eu.eidas.auth.engine.core.eidas.spec.NaturalPersonSpec.Definitions.PERSON_IDENTIFIER,
+ eu.eidas.auth.engine.core.eidas.spec.NaturalPersonSpec.Definitions.CURRENT_FAMILY_NAME,
+ eu.eidas.auth.engine.core.eidas.spec.NaturalPersonSpec.Definitions.CURRENT_GIVEN_NAME,
+ eu.eidas.auth.engine.core.eidas.spec.NaturalPersonSpec.Definitions.DATE_OF_BIRTH
+ );
+
+ public static final AttributeRegistry LEGAL_ATTR =
+ AttributeRegistries.of( eu.eidas.auth.engine.core.eidas.spec.LegalPersonSpec.Definitions.LEGAL_PERSON_IDENTIFIER,
+ eu.eidas.auth.engine.core.eidas.spec.LegalPersonSpec.Definitions.LEGAL_NAME
+ );
+
+ public static final AttributeRegistry MOA_IDP_ATTR_REGISTRY =
+ AttributeRegistries.copyOf(NAT_ATTR, LEGAL_ATTR);
+
+
public static final String METADATA_ALLOWED_ALG_DIGIST =
SignatureConstants.ALGO_ID_SIGNATURE_RSA_SHA256 + ";" +
SignatureConstants.ALGO_ID_SIGNATURE_RSA_SHA512 ;
diff --git a/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas/config/MOASWSigner.java b/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas/config/MOASWSigner.java
new file mode 100644
index 000000000..302c12aaa
--- /dev/null
+++ b/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas/config/MOASWSigner.java
@@ -0,0 +1,56 @@
+/*
+ * Copyright 2014 Federal Chancellery Austria
+ * MOA-ID has been developed in a cooperation between BRZ, the Federal
+ * Chancellery Austria - ICT staff unit, and Graz University of Technology.
+ *
+ * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by
+ * the European Commission - subsequent versions of the EUPL (the "Licence");
+ * You may not use this work except in compliance with the Licence.
+ * You may obtain a copy of the Licence at:
+ * http://www.osor.eu/eupl/
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the Licence is distributed on an "AS IS" basis,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the Licence for the specific language governing permissions and
+ * limitations under the Licence.
+ *
+ * This product combines work with different licenses. See the "NOTICE" text
+ * file for details on the various modules and licenses.
+ * The "NOTICE" text file is part of the distribution. Any derivative works
+ * that you distribute must include a readable copy of the "NOTICE" text file.
+ */
+package at.gv.egovernment.moa.id.auth.modules.eidas.config;
+
+import java.util.Map;
+
+import at.gv.egovernment.moa.id.auth.modules.eidas.Constants;
+import eu.eidas.auth.engine.configuration.SamlEngineConfigurationException;
+import eu.eidas.auth.engine.configuration.dom.ConfigurationAdapter;
+import eu.eidas.auth.engine.configuration.dom.ConfigurationKey;
+import eu.eidas.auth.engine.core.impl.KeyStoreProtocolSigner;
+import eu.eidas.samlengineconfig.CertificateConfigurationManager;
+
+/**
+ * @author tlenz
+ *
+ */
+public class MOASWSigner extends KeyStoreProtocolSigner {
+
+ public MOASWSigner(Map<String, String> properties) throws SamlEngineConfigurationException {
+ super(properties);
+
+ }
+
+ /**
+ * @param configManager
+ * @throws SamlEngineConfigurationException
+ */
+ public MOASWSigner(CertificateConfigurationManager configManager) throws SamlEngineConfigurationException {
+ super(ConfigurationAdapter.adapt(configManager).getInstances().get(Constants.eIDAS_SAML_ENGINE_NAME).getConfigurationEntries().get(ConfigurationKey.SIGNATURE_CONFIGURATION.getKey()).getParameters());
+
+ }
+
+
+
+}
diff --git a/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas/config/MOAeIDASSAMLEngineConfigurationImpl.java b/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas/config/MOAeIDASSAMLEngineConfigurationImpl.java
index 5d1874157..78793d3fc 100644
--- a/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas/config/MOAeIDASSAMLEngineConfigurationImpl.java
+++ b/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas/config/MOAeIDASSAMLEngineConfigurationImpl.java
@@ -42,9 +42,7 @@ import at.gv.egovernment.moa.id.config.auth.AuthConfigurationProviderFactory;
import at.gv.egovernment.moa.logging.Logger;
import at.gv.egovernment.moa.util.FileUtils;
import at.gv.egovernment.moa.util.MiscUtil;
-
import eu.eidas.samlengineconfig.BinaryParameter;
-import eu.eidas.samlengineconfig.ConfigurationParameter;
import eu.eidas.samlengineconfig.EngineInstance;
import eu.eidas.samlengineconfig.InstanceConfiguration;
import eu.eidas.samlengineconfig.PropsParameter;
@@ -57,10 +55,10 @@ import eu.eidas.samlengineconfig.SamlEngineConfiguration;
public class MOAeIDASSAMLEngineConfigurationImpl extends
SamlEngineConfiguration {
- private static final String KEYSTORE_PATH="keystorePath";
- private static final String METADATA_KEYSTORE_PATH="metadata.keystorePath";
+ private static final String KEYSTORE_PATH="keyStorePath";
+ private static final String METADATA_KEYSTORE_PATH="metadata.keyStorePath";
private static final String ENCRYPTION_ACTIVATION="encryptionActivation";
- private static final String[] BINARY_PARAMETERS={KEYSTORE_PATH, ENCRYPTION_ACTIVATION,METADATA_KEYSTORE_PATH};
+ public static final String[] BINARY_PARAMETERS={KEYSTORE_PATH, ENCRYPTION_ACTIVATION,METADATA_KEYSTORE_PATH};
public List<EngineInstance> getInstances(){
return super.getInstances();
@@ -95,7 +93,7 @@ public class MOAeIDASSAMLEngineConfigurationImpl extends
//add basic eIDAS SAML-engine configuration
MOAeIDASSAMLInstanceConfigurationImpl samlBaseConfig = new MOAeIDASSAMLInstanceConfigurationImpl();
samlBaseConfig.setName(Constants.eIDAS_SAML_ENGINE_NAME_ID_BASICCONFIG);
- samlBaseConfig.addParameter(loadConfigurationFromExternalFile(Constants.CONIG_PROPS_EIDAS_SAMLENGINE_BASIC_CONFIGFILE));
+ samlBaseConfig.addParameter(buildPropsParameter(Constants.CONIG_PROPS_EIDAS_SAMLENGINE_BASIC_CONFIGFILE));
engineConfigs.add(samlBaseConfig);
//add signing eIDAS SAML-engine configuration
@@ -103,7 +101,7 @@ public class MOAeIDASSAMLEngineConfigurationImpl extends
samlSignConfig.setName(Constants.eIDAS_SAML_ENGINE_NAME_ID_SIGNATURECONFIG);
samlSignConfig.addParameter(Constants.eIDAS_SAML_ENGINE_NAME_ID_CLASS,
Constants.SAML_SIGNING_IMPLENTATION);
-
+
//TODO: load signing keys directly from MOA-ID configuration in finale version
samlSignConfig.addParameter(loadConfigurationFromExternalFile(Constants.CONIG_PROPS_EIDAS_SAMLENGINE_SIGN_CONFIGFILE));
engineConfigs.add(samlSignConfig);
@@ -122,16 +120,16 @@ public class MOAeIDASSAMLEngineConfigurationImpl extends
super.addInstance(engineInst);
}
-
+
/**
* Load an external eIDAS SAML-engine configuration file, which is referenced from MOA-ID configuration
*
* @param key Configuration key, which is used in property based MOA-ID configuration file
- * @return eIDAS SAML-engine configuration object
+ * @return eIDAS SAML-engine configuration Properties
* @throws ConfigurationException
*/
- private ConfigurationParameter loadConfigurationFromExternalFile(String key) throws ConfigurationException {
+ private Properties loadConfigurationFromExternalFile(String key) throws ConfigurationException {
String configFile =
AuthConfigurationProviderFactory.getInstance().getBasicMOAIDConfiguration(key);
if (MiscUtil.isEmpty(configFile)) {
@@ -141,15 +139,21 @@ public class MOAeIDASSAMLEngineConfigurationImpl extends
return null;
}
- Properties inputProps = loadPropsFromXml(configFile);
- return buildPropsParameter(inputProps, configFile);
+ Properties inputProps = loadPropsFromXml(configFile);
+ return inputProps;
+ //return buildPropsParameter(inputProps, configFile);
}
- private PropsParameter buildPropsParameter(Properties inputProps, String fileName) throws EIDASEngineConfigurationException {
+ private PropsParameter buildPropsParameter(String configKey) throws ConfigurationException {
+ Properties inputProps = loadConfigurationFromExternalFile(configKey);
+
+ String configFile =
+ AuthConfigurationProviderFactory.getInstance().getBasicMOAIDConfiguration(configKey);
+
PropsParameter outputProps = new PropsParameter();
- outputProps.setFileName(fileName);
+ outputProps.setFileName(configFile);
//original eIDAS SAML-engine use this identifier
outputProps.setName("fileConfiguration");
@@ -241,6 +245,8 @@ public class MOAeIDASSAMLEngineConfigurationImpl extends
configFile,
AuthConfigurationProviderFactory.getInstance().getRootConfigFileDir());
+ Logger.debug("Load eIDAS configuration from file:" + absoluteConfigFile);
+
File file = new File(new URL(absoluteConfigFile).toURI());
is = new FileInputStream(file);
props.loadFromXML(is);
diff --git a/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas/config/MOAeIDASSAMLInstanceConfigurationImpl.java b/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas/config/MOAeIDASSAMLInstanceConfigurationImpl.java
index dccd39905..384d6be0b 100644
--- a/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas/config/MOAeIDASSAMLInstanceConfigurationImpl.java
+++ b/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas/config/MOAeIDASSAMLInstanceConfigurationImpl.java
@@ -22,9 +22,22 @@
*/
package at.gv.egovernment.moa.id.auth.modules.eidas.config;
+import java.io.File;
+import java.io.IOException;
+import java.net.URI;
+import java.net.URISyntaxException;
+import java.net.URL;
import java.util.ArrayList;
+import java.util.Arrays;
+import java.util.Iterator;
import java.util.List;
+import java.util.Map.Entry;
+import java.util.Properties;
+import at.gv.egovernment.moa.id.commons.api.exceptions.ConfigurationException;
+import at.gv.egovernment.moa.id.config.auth.AuthConfigurationProviderFactory;
+import at.gv.egovernment.moa.logging.Logger;
+import at.gv.egovernment.moa.util.FileUtils;
import eu.eidas.samlengineconfig.ConfigurationParameter;
import eu.eidas.samlengineconfig.InstanceConfiguration;
import eu.eidas.samlengineconfig.StringParameter;
@@ -56,5 +69,49 @@ public class MOAeIDASSAMLInstanceConfigurationImpl extends
addParameter(param);
}
+
+ public void addParameter(Properties parameters) {
+ Iterator<Entry<Object, Object>> paramInterator = parameters.entrySet().iterator();
+ while (paramInterator.hasNext()) {
+ Entry<Object, Object> next = paramInterator.next();
+
+ StringParameter param = new StringParameter();
+ String keyName = (String) next.getKey();
+ param.setName(keyName);
+
+ //make path to binary files absolute
+ if (Arrays.asList(MOAeIDASSAMLEngineConfigurationImpl.BINARY_PARAMETERS).contains(keyName))
+ try {
+ String absoluteConfigFile = FileUtils.makeAbsoluteURL(
+ (String)next.getValue(),
+ AuthConfigurationProviderFactory.getInstance().getRootConfigFileDir());
+
+ URI uri = new URL(absoluteConfigFile).toURI();
+
+ File file = new File(uri);
+ if (file.exists())
+ param.setValue(file.getCanonicalPath());
+
+ else {
+ Logger.error("eIDAS-configuration fileparameter with key:" + param.getName() + " and path:" + uri.toString() + " NOT exist!");
+ param.setValue(null);
+
+ }
+
+
+ } catch (ConfigurationException | URISyntaxException | IOException e) {
+ //TODO: make final!!!!
+ e.printStackTrace();
+ param.setValue(next.getValue());
+
+ }
+ else
+ param.setValue(next.getValue());
+
+ addParameter(param);
+
+ }
+
+ }
}
diff --git a/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas/config/ModifiedEncryptionSW.java b/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas/config/ModifiedEncryptionSW.java
index 1ba344fd1..9ad5f0db3 100644
--- a/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas/config/ModifiedEncryptionSW.java
+++ b/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas/config/ModifiedEncryptionSW.java
@@ -1,18 +1,95 @@
package at.gv.egovernment.moa.id.auth.modules.eidas.config;
+import java.security.cert.X509Certificate;
+import java.util.Map;
+
+import org.apache.commons.lang.StringUtils;
+
+import com.google.common.collect.ImmutableMap;
+import com.sun.istack.Nullable;
+
import at.gv.egovernment.moa.id.commons.api.AuthConfiguration;
import at.gv.egovernment.moa.id.commons.api.exceptions.ConfigurationException;
import at.gv.egovernment.moa.id.config.auth.AuthConfigurationProviderFactory;
import at.gv.egovernment.moa.logging.Logger;
-import eu.eidas.auth.engine.core.impl.EncryptionSW;
+import eu.eidas.auth.commons.EidasErrorKey;
+import eu.eidas.auth.commons.io.ReloadableProperties;
+import eu.eidas.auth.engine.configuration.SamlEngineConfigurationException;
+import eu.eidas.auth.engine.configuration.dom.EncryptionKey;
+import eu.eidas.auth.engine.core.impl.CertificateValidator;
+import eu.eidas.auth.engine.core.impl.KeyStoreSamlEngineEncryption;
+import eu.eidas.auth.engine.xml.opensaml.CertificateUtil;
+import eu.eidas.engine.exceptions.EIDASSAMLEngineException;
/**
* This encryption module asks the moa configuration on whether to encrypt the response or not. In doubt, encryption is enforced.
*/
-public class ModifiedEncryptionSW extends EncryptionSW {
+public class ModifiedEncryptionSW extends KeyStoreSamlEngineEncryption {
+
+ private final ImmutableMap<String, String> properties;
+
+ private final ReloadableProperties encryptionActivationProperties;
+
+ private static ReloadableProperties initActivationConf(Map<String, String> properties) {
+ String activationConfigurationFile = EncryptionKey.ENCRYPTION_ACTIVATION.getAsString(properties);
+ Logger.debug("File containing encryption configuration: \"" + activationConfigurationFile + "\"");
+ return new ReloadableProperties(activationConfigurationFile);
+ }
+
+ /**
+ * @param properties
+ * @throws SamlEngineConfigurationException
+ */
+ public ModifiedEncryptionSW(Map<String, String> properties) throws SamlEngineConfigurationException {
+ super(properties);
+ this.properties = ImmutableMap.copyOf(properties);
+ encryptionActivationProperties = initActivationConf(properties);
+ }
+
+ /* (non-Javadoc)
+ * @see eu.eidas.auth.engine.core.ProtocolEncrypterI#getEncryptionCertificate(java.lang.String)
+ */
+ @Override
+ @Nullable
+ public X509Certificate getEncryptionCertificate(@Nullable String destinationCountryCode)
+ throws EIDASSAMLEngineException {
+ if (isEncryptionEnabled(destinationCountryCode)) {
+ String issuerKey = new StringBuilder(EncryptionKey.RESPONSE_TO_POINT_ISSUER_PREFIX.getKey()).append(
+ destinationCountryCode).toString();
+ String serialNumberKey =
+ new StringBuilder(EncryptionKey.RESPONSE_TO_POINT_SERIAL_NUMBER_PREFIX.getKey()).append(
+ destinationCountryCode).toString();
+ String serialNumber = properties.get(serialNumberKey);
+ String responseToPointIssuer = properties.get(issuerKey);
+ if (StringUtils.isNotBlank(responseToPointIssuer)) {
+ for (final X509Certificate certificate : getEncryptionCertificates()) {
+ if (CertificateUtil.matchesCertificate(serialNumber, responseToPointIssuer, certificate)) {
+
+ if (isDisallowedSelfSignedCertificate()) {
+ CertificateValidator.checkCertificateIssuer(certificate);
+ }
+ if (isCheckedValidityPeriod()) {
+ CertificateValidator.checkCertificateValidityPeriod(certificate);
+ }
+
+ return certificate;
+ }
+ }
+ throw new EIDASSAMLEngineException(EidasErrorKey.SAML_ENGINE_INVALID_CERTIFICATE.errorCode(),
+ EidasErrorKey.SAML_ENGINE_INVALID_CERTIFICATE.errorMessage());
+ } else {
+ Logger.error("Encryption of SAML Response NOT done, because no \"" + issuerKey +
+ "\" configured!");
+ }
+ }
+ return null;
+ }
+ /* (non-Javadoc)
+ * @see eu.eidas.auth.engine.core.ProtocolEncrypterI#isEncryptionEnabled(java.lang.String)
+ */
@Override
- public boolean isEncryptionEnable(String countryCode) {
+ public boolean isEncryptionEnabled(String countryCode) {
// - encrypt if so configured
try {
AuthConfiguration moaconfig = AuthConfigurationProviderFactory.getInstance();
diff --git a/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas/engine/MOAEidasProtocolProcesser.java b/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas/engine/MOAEidasProtocolProcesser.java
new file mode 100644
index 000000000..c24c5efca
--- /dev/null
+++ b/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas/engine/MOAEidasProtocolProcesser.java
@@ -0,0 +1,57 @@
+/*
+ * Copyright 2014 Federal Chancellery Austria
+ * MOA-ID has been developed in a cooperation between BRZ, the Federal
+ * Chancellery Austria - ICT staff unit, and Graz University of Technology.
+ *
+ * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by
+ * the European Commission - subsequent versions of the EUPL (the "Licence");
+ * You may not use this work except in compliance with the Licence.
+ * You may obtain a copy of the Licence at:
+ * http://www.osor.eu/eupl/
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the Licence is distributed on an "AS IS" basis,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the Licence for the specific language governing permissions and
+ * limitations under the Licence.
+ *
+ * This product combines work with different licenses. See the "NOTICE" text
+ * file for details on the various modules and licenses.
+ * The "NOTICE" text file is part of the distribution. Any derivative works
+ * that you distribute must include a readable copy of the "NOTICE" text file.
+ */
+package at.gv.egovernment.moa.id.auth.modules.eidas.engine;
+
+import eu.eidas.auth.engine.core.eidas.EidasProtocolProcessor;
+import eu.eidas.auth.engine.metadata.MetadataFetcherI;
+import eu.eidas.auth.engine.metadata.MetadataSignerI;
+
+/**
+ * @author tlenz
+ *
+ */
+public class MOAEidasProtocolProcesser extends EidasProtocolProcessor {
+
+ private static final String OWN_EIDAS_RESPONSE_VALIDATOR_SUITE_ID = "moaEidasResponseValidatorSuiteId";
+
+ private final MetadataFetcherI metadataFetcher;
+ private final MetadataSignerI metadataSigner;
+
+ /**
+ * @param metadataFetcher
+ * @param metadataSigner
+ */
+ public MOAEidasProtocolProcesser(MetadataFetcherI metadataFetcher, MetadataSignerI metadataSigner) {
+ super(metadataFetcher, metadataSigner);
+
+ this.metadataFetcher = metadataFetcher;
+ this.metadataSigner = metadataSigner;
+
+ }
+
+ @Override
+ public String getResponseValidatorId() {
+ return OWN_EIDAS_RESPONSE_VALIDATOR_SUITE_ID;
+ }
+
+}
diff --git a/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas/engine/MOAeIDASChainingMetadataProvider.java b/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas/engine/MOAeIDASChainingMetadataProvider.java
index 80a2734f2..0cb6228a7 100644
--- a/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas/engine/MOAeIDASChainingMetadataProvider.java
+++ b/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas/engine/MOAeIDASChainingMetadataProvider.java
@@ -18,58 +18,80 @@ import org.opensaml.saml2.metadata.EntitiesDescriptor;
import org.opensaml.saml2.metadata.EntityDescriptor;
import org.opensaml.saml2.metadata.RoleDescriptor;
import org.opensaml.saml2.metadata.provider.ChainingMetadataProvider;
-import org.opensaml.saml2.metadata.provider.FilterException;
import org.opensaml.saml2.metadata.provider.HTTPMetadataProvider;
import org.opensaml.saml2.metadata.provider.MetadataFilter;
import org.opensaml.saml2.metadata.provider.MetadataProvider;
import org.opensaml.saml2.metadata.provider.MetadataProviderException;
import org.opensaml.saml2.metadata.provider.ObservableMetadataProvider;
import org.opensaml.xml.XMLObject;
+import org.springframework.stereotype.Service;
+import at.gv.egovernment.moa.id.auth.IDestroyableObject;
+import at.gv.egovernment.moa.id.auth.IGarbageCollectorProcessing;
import at.gv.egovernment.moa.id.auth.modules.eidas.Constants;
import at.gv.egovernment.moa.id.commons.api.AuthConfiguration;
import at.gv.egovernment.moa.id.commons.ex.MOAHttpProtocolSocketFactoryException;
import at.gv.egovernment.moa.id.commons.utils.MOAHttpProtocolSocketFactory;
import at.gv.egovernment.moa.id.config.auth.AuthConfigurationProviderFactory;
-import at.gv.egovernment.moa.id.config.auth.IGarbageCollectorProcessing;
-import at.gv.egovernment.moa.id.config.auth.MOAGarbageCollector;
import at.gv.egovernment.moa.id.protocols.pvp2x.exceptions.filter.SchemaValidationException;
import at.gv.egovernment.moa.id.protocols.pvp2x.exceptions.filter.SignatureValidationException;
import at.gv.egovernment.moa.id.protocols.pvp2x.verification.metadata.MOASPMetadataSignatureFilter;
import at.gv.egovernment.moa.id.saml2.MetadataFilterChain;
import at.gv.egovernment.moa.logging.Logger;
import at.gv.egovernment.moa.util.MiscUtil;
-import eu.eidas.auth.engine.AbstractSAMLEngine;
+import eu.eidas.auth.engine.AbstractProtocolEngine;
-public class MOAeIDASChainingMetadataProvider implements ObservableMetadataProvider, IGarbageCollectorProcessing {
+@Service("eIDASMetadataProvider")
+public class MOAeIDASChainingMetadataProvider implements ObservableMetadataProvider,
+ IGarbageCollectorProcessing, IDestroyableObject {
- private static MOAeIDASChainingMetadataProvider instance = null;
+// private static MOAeIDASChainingMetadataProvider instance = null;
private static Object mutex = new Object();
private MetadataProvider internalProvider;
private Map<String, Date> lastAccess = null;
- public static MOAeIDASChainingMetadataProvider getInstance() {
- if (instance == null) {
- synchronized (mutex) {
- if (instance == null) {
- instance = new MOAeIDASChainingMetadataProvider();
- MOAGarbageCollector.addModulForGarbageCollection(instance);
- }
- }
- }
- return instance;
- }
+// public static MOAeIDASChainingMetadataProvider getInstance() {
+// if (instance == null) {
+// synchronized (mutex) {
+// if (instance == null) {
+// instance = new MOAeIDASChainingMetadataProvider();
+// MOAGarbageCollector.addModulForGarbageCollection(instance);
+// }
+// }
+// }
+// return instance;
+// }
- private MOAeIDASChainingMetadataProvider() {
+ public MOAeIDASChainingMetadataProvider() {
internalProvider = new ChainingMetadataProvider();
lastAccess = new HashMap<String, Date>();
}
/* (non-Javadoc)
+ * @see at.gv.egovernment.moa.id.auth.IDestroyableObject#fullyDestroy()
+ */
+ @Override
+ public void fullyDestroy() {
+ Map<String, HTTPMetadataProvider> loadedproviders = getAllActuallyLoadedProviders();
+ if (loadedproviders != null) {
+ for (Entry<String, HTTPMetadataProvider> el : loadedproviders.entrySet()) {
+ try {
+ el.getValue().destroy();
+ Logger.debug("Destroy eIDAS Matadataprovider: " + el.getKey() + " finished");
+
+ } catch (Exception e) {
+ Logger.warn("Destroy eIDAS Matadataprovider: " + el.getKey() + " FAILED");
+
+ }
+ }
+ }
+ }
+
+ /* (non-Javadoc)
* @see at.gv.egovernment.moa.id.config.auth.IGarbageCollectorProcessing#runGarbageCollector()
*/
@Override
@@ -128,9 +150,11 @@ public class MOAeIDASChainingMetadataProvider implements ObservableMetadataProvi
List<String> nonValidMetadataProvider = new ArrayList<String>();
for (HTTPMetadataProvider provider : loadedproviders.values()) {
try {
- provider.getMetadataFilter().doFilter(provider.getMetadata());
+ provider.refresh();
- } catch (FilterException | MetadataProviderException e) {
+ //provider.getMetadataFilter().doFilter(provider.getMetadata());
+
+ } catch (MetadataProviderException e) {
Logger.info("eIDAS MetadataProvider: " + provider.getMetadataURI()
+ " is not valid any more. Reason:" + e.getMessage());
if (Logger.isDebugEnabled())
@@ -182,11 +206,11 @@ public class MOAeIDASChainingMetadataProvider implements ObservableMetadataProvi
try {
MOAHttpProtocolSocketFactory protoSocketFactory = new MOAHttpProtocolSocketFactory(
Constants.SSLSOCKETFACTORYNAME,
- authConfig.getCertstoreDirectory(),
authConfig.getTrustedCACertificates(),
null,
AuthConfiguration.DEFAULT_X509_CHAININGMODE,
- authConfig.isTrustmanagerrevoationchecking());
+ authConfig.isTrustmanagerrevoationchecking(),
+ authConfig.getRevocationMethodOrder());
httpClient.setCustomSSLTrustStore(metadataURL, protoSocketFactory);
@@ -196,10 +220,10 @@ public class MOAeIDASChainingMetadataProvider implements ObservableMetadataProvi
}
}
- timer = new Timer();
+ timer = new Timer(true);
httpProvider = new HTTPMetadataProvider(timer, httpClient,
metadataURL);
- httpProvider.setParserPool(AbstractSAMLEngine.getNewBasicSecuredParserPool());
+ httpProvider.setParserPool(AbstractProtocolEngine.getSecuredParserPool());
httpProvider.setRequireValidMetadata(true);
httpProvider.setMinRefreshDelay(1000*60*15); //15 minutes
httpProvider.setMaxRefreshDelay(1000*60*60*24); //24 hours
@@ -282,14 +306,17 @@ public class MOAeIDASChainingMetadataProvider implements ObservableMetadataProvi
} else {
//load new Metadata Provider
ChainingMetadataProvider chainProvider = (ChainingMetadataProvider) internalProvider;
- HTTPMetadataProvider newMetadataProvider = createNewHTTPMetaDataProvider(metadataURL);
- chainProvider.addMetadataProvider(newMetadataProvider);
+ HTTPMetadataProvider newMetadataProvider = createNewHTTPMetaDataProvider(metadataURL);
- emitChangeEvent();
- Logger.info("eIDAS metadata for "
- + metadataURL + " is added.");
- return true;
-
+ if (newMetadataProvider != null) {
+ chainProvider.addMetadataProvider(newMetadataProvider);
+
+ emitChangeEvent();
+ Logger.info("eIDAS metadata for "
+ + metadataURL + " is added.");
+ return true;
+
+ }
}
} else
@@ -405,5 +432,4 @@ public class MOAeIDASChainingMetadataProvider implements ObservableMetadataProvi
if (observer != null)
observer.onEvent(this);
}
-
}
diff --git a/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas/engine/MOAeIDASMetadataProviderDecorator.java b/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas/engine/MOAeIDASMetadataProviderDecorator.java
index 7537c4d84..c5e56502b 100644
--- a/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas/engine/MOAeIDASMetadataProviderDecorator.java
+++ b/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas/engine/MOAeIDASMetadataProviderDecorator.java
@@ -31,15 +31,17 @@ import org.opensaml.saml2.metadata.SPSSODescriptor;
import org.opensaml.saml2.metadata.provider.MetadataProvider;
import org.opensaml.saml2.metadata.provider.MetadataProviderException;
-import eu.eidas.auth.engine.EIDASSAMLEngine;
-import eu.eidas.auth.engine.metadata.MetadataProcessorI;
+import eu.eidas.auth.engine.ProtocolEngineI;
+import eu.eidas.auth.engine.metadata.MetadataFetcherI;
+import eu.eidas.auth.engine.metadata.MetadataSignerI;
+import eu.eidas.engine.exceptions.EIDASSAMLEngineException;
import eu.eidas.engine.exceptions.SAMLEngineException;
/**
* @author tlenz
*
*/
-public class MOAeIDASMetadataProviderDecorator implements MetadataProcessorI {
+public class MOAeIDASMetadataProviderDecorator implements MetadataFetcherI {
private MetadataProvider metadataprovider = null;
@@ -51,10 +53,31 @@ public class MOAeIDASMetadataProviderDecorator implements MetadataProcessorI {
}
+
/* (non-Javadoc)
- * @see eu.eidas.auth.engine.metadata.MetadataProcessorI#getEntityDescriptor(java.lang.String)
+ * @see eu.eidas.auth.engine.metadata.MetadataFetcherI#getEntityDescriptor(java.lang.String, eu.eidas.auth.engine.metadata.MetadataSignerI)
*/
@Override
+ public EntityDescriptor getEntityDescriptor(String url, MetadataSignerI paramMetadataSignerI)
+ throws EIDASSAMLEngineException {
+ try {
+ /*TODO: maybe implement metadata signature validation on every request,
+ * but it is not needed in case of cached metadata provider,
+ * because signature must be only validated in case of cache reload operation
+ */
+ return this.metadataprovider.getEntityDescriptor(url);
+
+ } catch (MetadataProviderException e) {
+ throw new EIDASSAMLEngineException("eIDAS Metadata processing FAILED.", e);
+
+ }
+ }
+
+
+ /* (non-Javadoc)
+ * @see eu.eidas.auth.engine.metadata.MetadataProcessorI#getEntityDescriptor(java.lang.String)
+ */
+ @Deprecated
public EntityDescriptor getEntityDescriptor(String url)
throws SAMLEngineException {
try {
@@ -69,7 +92,7 @@ public class MOAeIDASMetadataProviderDecorator implements MetadataProcessorI {
/* (non-Javadoc)
* @see eu.eidas.auth.engine.metadata.MetadataProcessorI#getSPSSODescriptor(java.lang.String)
*/
- @Override
+ @Deprecated
public SPSSODescriptor getSPSSODescriptor(String url)
throws SAMLEngineException {
return getFirstRoleDescriptor(getEntityDescriptor(url), SPSSODescriptor.class);
@@ -79,7 +102,7 @@ public class MOAeIDASMetadataProviderDecorator implements MetadataProcessorI {
/* (non-Javadoc)
* @see eu.eidas.auth.engine.metadata.MetadataProcessorI#getIDPSSODescriptor(java.lang.String)
*/
- @Override
+ @Deprecated
public IDPSSODescriptor getIDPSSODescriptor(String url)
throws SAMLEngineException {
return getFirstRoleDescriptor(getEntityDescriptor(url), IDPSSODescriptor.class);
@@ -89,8 +112,8 @@ public class MOAeIDASMetadataProviderDecorator implements MetadataProcessorI {
/* (non-Javadoc)
* @see eu.eidas.auth.engine.metadata.MetadataProcessorI#checkValidMetadataSignature(java.lang.String, eu.eidas.auth.engine.EIDASSAMLEngine)
*/
- @Override
- public void checkValidMetadataSignature(String url, EIDASSAMLEngine engine)
+ @Deprecated
+ public void checkValidMetadataSignature(String url, ProtocolEngineI engine)
throws SAMLEngineException {
//Do nothing, because metadata signature is already validated during
//metadata provider initialization
@@ -102,7 +125,7 @@ public class MOAeIDASMetadataProviderDecorator implements MetadataProcessorI {
/* (non-Javadoc)
* @see eu.eidas.auth.engine.metadata.MetadataProcessorI#checkValidMetadataSignature(java.lang.String, java.security.KeyStore)
*/
- @Override
+ @Deprecated
public void checkValidMetadataSignature(String url, KeyStore trustStore)
throws SAMLEngineException {
//Do nothing, because metadata signature is already validated during
@@ -110,6 +133,7 @@ public class MOAeIDASMetadataProviderDecorator implements MetadataProcessorI {
}
+ @Deprecated
protected <T extends RoleDescriptor> T getFirstRoleDescriptor(EntityDescriptor entityDescriptor, final Class<T> clazz){
for(RoleDescriptor rd:entityDescriptor.getRoleDescriptors()){
if(clazz.isInstance(rd)){
@@ -119,4 +143,6 @@ public class MOAeIDASMetadataProviderDecorator implements MetadataProcessorI {
return null;
}
+
+
}
diff --git a/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas/engine/validation/MoaEidasConditionsValidator.java b/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas/engine/validation/MoaEidasConditionsValidator.java
new file mode 100644
index 000000000..d9453322f
--- /dev/null
+++ b/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas/engine/validation/MoaEidasConditionsValidator.java
@@ -0,0 +1,83 @@
+/*
+ * Copyright 2014 Federal Chancellery Austria
+ * MOA-ID has been developed in a cooperation between BRZ, the Federal
+ * Chancellery Austria - ICT staff unit, and Graz University of Technology.
+ *
+ * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by
+ * the European Commission - subsequent versions of the EUPL (the "Licence");
+ * You may not use this work except in compliance with the Licence.
+ * You may obtain a copy of the Licence at:
+ * http://www.osor.eu/eupl/
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the Licence is distributed on an "AS IS" basis,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the Licence for the specific language governing permissions and
+ * limitations under the Licence.
+ *
+ * This product combines work with different licenses. See the "NOTICE" text
+ * file for details on the various modules and licenses.
+ * The "NOTICE" text file is part of the distribution. Any derivative works
+ * that you distribute must include a readable copy of the "NOTICE" text file.
+ */
+package at.gv.egovernment.moa.id.auth.modules.eidas.engine.validation;
+
+import org.joda.time.DateTime;
+import org.opensaml.saml2.core.Conditions;
+import org.opensaml.saml2.core.validator.ConditionsSpecValidator;
+import org.opensaml.xml.validation.ValidationException;
+
+import at.gv.egovernment.moa.id.auth.modules.eidas.Constants;
+import at.gv.egovernment.moa.logging.Logger;
+
+/**
+ * @author tlenz
+ *
+ * MOA-ID specific eIDAS Response Condition validator
+ *
+ * This validator allows time jitter in 'notBefore' validation
+ *
+ */
+
+public class MoaEidasConditionsValidator extends ConditionsSpecValidator {
+
+
+
+ @Override
+ public void validate(Conditions conditions) throws ValidationException {
+ Logger.debug("conditions.getNotBefore() "+ conditions.getNotBefore());
+ Logger.debug("conditions.getNotOnOrAfter() "+ conditions.getNotOnOrAfter());
+ Logger.debug("dateTime.now() "+ DateTime.now());
+
+ super.validate(conditions);
+
+ if (conditions.getNotBefore() == null) {
+
+ throw new ValidationException("NotBefore is required.");
+ }
+
+ if (conditions.getNotBefore().minusMillis(Constants.CONFIG_PROPS_SKEWTIME).isAfterNow()) {
+ throw new ValidationException("Current time is before NotBefore condition");
+ }
+
+ if (conditions.getNotOnOrAfter() == null) {
+
+ throw new ValidationException("NotOnOrAfter is required.");
+ }
+ if (conditions.getNotOnOrAfter().isBeforeNow()) {
+
+ throw new ValidationException("Current time is after NotOnOrAfter condition");
+ }
+
+ if (conditions.getAudienceRestrictions() == null || conditions.getAudienceRestrictions().isEmpty()) {
+
+ throw new ValidationException("AudienceRestriction is required.");
+ }
+
+ if (conditions.getOneTimeUse() == null) {
+
+ throw new ValidationException("OneTimeUse is required.");
+ }
+
+ }
+}
diff --git a/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas/exceptions/eIDASAuthnRequestProcessingException.java b/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas/exceptions/EIDASAuthnRequestProcessingException.java
index c96af37ef..d51629d9e 100644
--- a/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas/exceptions/eIDASAuthnRequestProcessingException.java
+++ b/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas/exceptions/EIDASAuthnRequestProcessingException.java
@@ -30,7 +30,7 @@ import at.gv.egovernment.moa.util.MiscUtil;
* @author tlenz
*
*/
-public class eIDASAuthnRequestProcessingException extends eIDASException {
+public class EIDASAuthnRequestProcessingException extends EIDASException {
private String subStatusCode = null;
@@ -43,20 +43,20 @@ public class eIDASAuthnRequestProcessingException extends eIDASException {
* @param messageId
* @param parameters
*/
- public eIDASAuthnRequestProcessingException(String messageId, Object[] parameters) {
+ public EIDASAuthnRequestProcessingException(String messageId, Object[] parameters) {
super(messageId, parameters);
}
- public eIDASAuthnRequestProcessingException(String subStatusCode, String messageId, Object[] parameters) {
+ public EIDASAuthnRequestProcessingException(String subStatusCode, String messageId, Object[] parameters) {
super(messageId, parameters);
this.subStatusCode = subStatusCode;
}
- public eIDASAuthnRequestProcessingException(String messageId, Object[] parameters, Throwable e) {
+ public EIDASAuthnRequestProcessingException(String messageId, Object[] parameters, Throwable e) {
super(messageId, parameters, e );
}
- public eIDASAuthnRequestProcessingException(String subStatusCode, String messageId, Object[] parameters, Throwable e) {
+ public EIDASAuthnRequestProcessingException(String subStatusCode, String messageId, Object[] parameters, Throwable e) {
super(messageId, parameters, e );
this.subStatusCode = subStatusCode;
}
diff --git a/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas/exceptions/eIDASAuthnRequestValidationException.java b/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas/exceptions/EIDASAuthnRequestValidationException.java
index 2a15ee18a..a6da769b7 100644
--- a/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas/exceptions/eIDASAuthnRequestValidationException.java
+++ b/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas/exceptions/EIDASAuthnRequestValidationException.java
@@ -28,7 +28,7 @@ import org.opensaml.saml2.core.StatusCode;
* @author tlenz
*
*/
-public class eIDASAuthnRequestValidationException extends eIDASException {
+public class EIDASAuthnRequestValidationException extends EIDASException {
/**
*
@@ -39,7 +39,7 @@ public class eIDASAuthnRequestValidationException extends eIDASException {
* @param messageId
* @param parameters
*/
- public eIDASAuthnRequestValidationException(String messageId, Object[] parameters) {
+ public EIDASAuthnRequestValidationException(String messageId, Object[] parameters) {
super(messageId, parameters);
}
diff --git a/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas/exceptions/EIDASEngineException.java b/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas/exceptions/EIDASEngineException.java
index 234c4e038..8bf7f7452 100644
--- a/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas/exceptions/EIDASEngineException.java
+++ b/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas/exceptions/EIDASEngineException.java
@@ -28,7 +28,7 @@ import org.opensaml.saml2.core.StatusCode;
* @author tlenz
*
*/
-public class EIDASEngineException extends eIDASException {
+public class EIDASEngineException extends EIDASException {
/**
* @param objects
diff --git a/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas/exceptions/eIDASException.java b/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas/exceptions/EIDASException.java
index f42004abc..e3d6c5a2e 100644
--- a/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas/exceptions/eIDASException.java
+++ b/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas/exceptions/EIDASException.java
@@ -28,7 +28,7 @@ import at.gv.egovernment.moa.id.commons.api.exceptions.MOAIDException;
* @author tlenz
*
*/
-public abstract class eIDASException extends MOAIDException {
+public abstract class EIDASException extends MOAIDException {
/**
*
@@ -44,7 +44,7 @@ public abstract class eIDASException extends MOAIDException {
* @param messageId
* @param parameters
*/
- public eIDASException(String messageId, Object[] parameters) {
+ public EIDASException(String messageId, Object[] parameters) {
super(messageId, parameters);
}
@@ -52,7 +52,7 @@ public abstract class eIDASException extends MOAIDException {
* @param messageId
* @param parameters
*/
- public eIDASException(String messageId, Object[] parameters, Throwable e) {
+ public EIDASException(String messageId, Object[] parameters, Throwable e) {
super(messageId, parameters, e);
}
diff --git a/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas/exceptions/eIDASResponseBuildException.java b/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas/exceptions/EIDASResponseBuildException.java
index 0ffcf11ef..5e6b87b39 100644
--- a/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas/exceptions/eIDASResponseBuildException.java
+++ b/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas/exceptions/EIDASResponseBuildException.java
@@ -28,7 +28,7 @@ import org.opensaml.saml2.core.StatusCode;
* @author tlenz
*
*/
-public class eIDASResponseBuildException extends eIDASException {
+public class EIDASResponseBuildException extends EIDASException {
/**
*
@@ -39,11 +39,11 @@ public class eIDASResponseBuildException extends eIDASException {
* @param messageId
* @param parameters
*/
- public eIDASResponseBuildException(String messageId, Object[] parameters) {
+ public EIDASResponseBuildException(String messageId, Object[] parameters) {
super(messageId, parameters);
}
- public eIDASResponseBuildException(String messageId, Object[] parameters, Throwable e) {
+ public EIDASResponseBuildException(String messageId, Object[] parameters, Throwable e) {
super(messageId, parameters, e);
}
diff --git a/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas/exceptions/eIDASResponseNotSuccessException.java b/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas/exceptions/EIDASResponseNotSuccessException.java
index d10ca1c88..460561eb3 100644
--- a/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas/exceptions/eIDASResponseNotSuccessException.java
+++ b/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas/exceptions/EIDASResponseNotSuccessException.java
@@ -28,14 +28,14 @@ import org.opensaml.saml2.core.StatusCode;
* @author tlenz
*
*/
-public class eIDASResponseNotSuccessException extends eIDASException {
+public class EIDASResponseNotSuccessException extends EIDASException {
/**
*
*/
private static final long serialVersionUID = 6145402939313568907L;
- public eIDASResponseNotSuccessException(String messageId, Object[] parameters) {
+ public EIDASResponseNotSuccessException(String messageId, Object[] parameters) {
super(messageId, parameters);
}
@@ -44,7 +44,7 @@ public class eIDASResponseNotSuccessException extends eIDASException {
* @param parameters
* @param e
*/
- public eIDASResponseNotSuccessException(String messageId, Object[] parameters, Throwable e) {
+ public EIDASResponseNotSuccessException(String messageId, Object[] parameters, Throwable e) {
super(messageId, parameters, e);
}
diff --git a/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas/exceptions/eIDASAttributeException.java b/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas/exceptions/eIDASAttributeException.java
index b25895eca..17f0a9b72 100644
--- a/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas/exceptions/eIDASAttributeException.java
+++ b/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas/exceptions/eIDASAttributeException.java
@@ -28,7 +28,7 @@ import org.opensaml.saml2.core.StatusCode;
* @author tlenz
*
*/
-public class eIDASAttributeException extends eIDASException {
+public class eIDASAttributeException extends EIDASException {
private static final long serialVersionUID = 1L;
diff --git a/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas/tasks/CreateIdentityLinkTask.java b/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas/tasks/CreateIdentityLinkTask.java
index 5d7430dd7..cf3a13e32 100644
--- a/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas/tasks/CreateIdentityLinkTask.java
+++ b/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas/tasks/CreateIdentityLinkTask.java
@@ -28,18 +28,20 @@ import java.text.SimpleDateFormat;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
+import org.joda.time.DateTime;
import org.springframework.stereotype.Component;
import org.w3c.dom.Element;
import org.w3c.dom.Node;
import at.gv.egovernment.moa.id.advancedlogging.MOAIDEventConstants;
import at.gv.egovernment.moa.id.auth.data.AuthenticationSessionStorageConstants;
-import at.gv.egovernment.moa.id.auth.data.IdentityLink;
import at.gv.egovernment.moa.id.auth.modules.AbstractAuthServletTask;
import at.gv.egovernment.moa.id.auth.modules.TaskExecutionException;
import at.gv.egovernment.moa.id.auth.modules.eidas.Constants;
import at.gv.egovernment.moa.id.auth.modules.eidas.exceptions.eIDASAttributeException;
+import at.gv.egovernment.moa.id.auth.modules.eidas.utils.SAMLEngineUtils;
import at.gv.egovernment.moa.id.auth.parser.IdentityLinkAssertionParser;
+import at.gv.egovernment.moa.id.commons.api.data.IIdentityLink;
import at.gv.egovernment.moa.id.commons.api.exceptions.MOAIDException;
import at.gv.egovernment.moa.id.commons.db.ex.MOADatabaseException;
import at.gv.egovernment.moa.id.process.api.ExecutionContext;
@@ -47,7 +49,7 @@ import at.gv.egovernment.moa.id.util.IdentityLinkReSigner;
import at.gv.egovernment.moa.logging.Logger;
import at.gv.egovernment.moa.util.DOMUtils;
import at.gv.egovernment.moa.util.XPathUtils;
-import eu.eidas.auth.commons.IPersonalAttributeList;
+import eu.eidas.auth.commons.attribute.ImmutableAttributeMap;
/**
* @author tlenz
@@ -67,11 +69,11 @@ public class CreateIdentityLinkTask extends AbstractAuthServletTask {
defaultTaskInitialization(request, executionContext);
//get eIDAS attributes from MOA-Session
- IPersonalAttributeList eIDASAttributes = moasession.getGenericDataFromSession(
+ ImmutableAttributeMap eIDASAttributes = moasession.getGenericDataFromSession(
AuthenticationSessionStorageConstants.eIDAS_ATTRIBUTELIST,
- IPersonalAttributeList.class);
+ ImmutableAttributeMap.class);
- IdentityLink identityLink = null;
+ IIdentityLink identityLink = null;
//connect SZR-Gateway
//TODO: implement SZR-Gateway communication!!!!
@@ -86,35 +88,51 @@ public class CreateIdentityLinkTask extends AbstractAuthServletTask {
// replace data
Element idlassertion = identityLink.getSamlAssertion();
-
- // - set bpk/wpbk;
+
+ // - set fake baseID;
Node prIdentification = XPathUtils.selectSingleNode(idlassertion, IdentityLinkAssertionParser.PERSON_IDENT_VALUE_XPATH);
- if(!eIDASAttributes.containsKey(Constants.eIDAS_ATTR_PERSONALIDENTIFIER))
- throw new eIDASAttributeException(Constants.eIDAS_ATTR_PERSONALIDENTIFIER);
- String eIdentifier = eIDASAttributes.get(Constants.eIDAS_ATTR_PERSONALIDENTIFIER).getValue().get(0);
- prIdentification.getFirstChild().setNodeValue(eIdentifier);
+
+
+ Object eIdentifier = eIDASAttributes.getFirstValue(
+ SAMLEngineUtils.getMapOfAllAvailableAttributes().get(
+ Constants.eIDAS_ATTR_PERSONALIDENTIFIER));
+ if (eIdentifier == null || !(eIdentifier instanceof String))
+ throw new eIDASAttributeException(Constants.eIDAS_ATTR_PERSONALIDENTIFIER);
+ prIdentification.getFirstChild().setNodeValue((String) eIdentifier);
+
+ //build personal identifier which looks like a baseID
+// String fakeBaseID = new BPKBuilder().buildBPK(eIdentifier, "baseID");
+// Logger.info("Map eIDAS eIdentifier:" + eIdentifier + " to fake baseID:" + fakeBaseID);
+// prIdentification.getFirstChild().setNodeValue(fakeBaseID);
// - set last name
- Node prFamilyName = XPathUtils.selectSingleNode(idlassertion, IdentityLinkAssertionParser.PERSON_FAMILY_NAME_XPATH);
- if(!eIDASAttributes.containsKey(Constants.eIDAS_ATTR_CURRENTFAMILYNAME))
+ Node prFamilyName = XPathUtils.selectSingleNode(idlassertion, IdentityLinkAssertionParser.PERSON_FAMILY_NAME_XPATH);
+ Object familyName = eIDASAttributes.getFirstValue(
+ SAMLEngineUtils.getMapOfAllAvailableAttributes().get(
+ Constants.eIDAS_ATTR_CURRENTFAMILYNAME));
+ if (familyName == null || !(familyName instanceof String))
throw new eIDASAttributeException(Constants.eIDAS_ATTR_CURRENTFAMILYNAME);
- String familyName = eIDASAttributes.get(Constants.eIDAS_ATTR_CURRENTFAMILYNAME).getValue().get(0);
- prFamilyName.getFirstChild().setNodeValue(familyName);
+ prFamilyName.getFirstChild().setNodeValue((String) familyName);
// - set first name
Node prGivenName = XPathUtils.selectSingleNode(idlassertion, IdentityLinkAssertionParser.PERSON_GIVEN_NAME_XPATH);
- if(!eIDASAttributes.containsKey(Constants.eIDAS_ATTR_CURRENTGIVENNAME))
+ Object givenName = eIDASAttributes.getFirstValue(
+ SAMLEngineUtils.getMapOfAllAvailableAttributes().get(
+ Constants.eIDAS_ATTR_CURRENTGIVENNAME));
+ if (givenName == null || !(givenName instanceof String))
throw new eIDASAttributeException(Constants.eIDAS_ATTR_CURRENTGIVENNAME);
- String givenName = eIDASAttributes.get(Constants.eIDAS_ATTR_CURRENTGIVENNAME).getValue().get(0);
- prGivenName.getFirstChild().setNodeValue(givenName);
+ prGivenName.getFirstChild().setNodeValue((String) givenName);
// - set date of birth
- Node prDateOfBirth = XPathUtils.selectSingleNode(idlassertion, IdentityLinkAssertionParser.PERSON_DATE_OF_BIRTH_XPATH);
- if(!eIDASAttributes.containsKey(Constants.eIDAS_ATTR_DATEOFBIRTH))
+ Node prDateOfBirth = XPathUtils.selectSingleNode(idlassertion, IdentityLinkAssertionParser.PERSON_DATE_OF_BIRTH_XPATH);
+ Object dateOfBirth = eIDASAttributes.getFirstValue(
+ SAMLEngineUtils.getMapOfAllAvailableAttributes().get(
+ Constants.eIDAS_ATTR_DATEOFBIRTH));
+ if (dateOfBirth == null || !(dateOfBirth instanceof DateTime))
throw new eIDASAttributeException(Constants.eIDAS_ATTR_DATEOFBIRTH);
- String dateOfBirth = eIDASAttributes.get(Constants.eIDAS_ATTR_DATEOFBIRTH).getValue().get(0);
- dateOfBirth = new SimpleDateFormat("yyyy-MM-dd").format(new SimpleDateFormat("yyyyMMdd").parse(dateOfBirth));
- prDateOfBirth.getFirstChild().setNodeValue(dateOfBirth);
+
+ String formatedDateOfBirth = new SimpleDateFormat("yyyy-MM-dd").format(((DateTime)dateOfBirth).toDate());
+ prDateOfBirth.getFirstChild().setNodeValue(formatedDateOfBirth);
identityLink = new IdentityLinkAssertionParser(idlassertion).parseIdentityLink();
@@ -144,7 +162,7 @@ public class CreateIdentityLinkTask extends AbstractAuthServletTask {
moasession.setBkuURL("Not applicable (eIDASAuthentication)");
//store MOA-session to database
- authenticatedSessionStorage.storeSession(moasession);
+ requestStoreage.storePendingRequest(pendingReq);
} catch (eIDASAttributeException e) {
throw new TaskExecutionException(pendingReq, "Minimum required eIDAS attributeset not found.", e);
diff --git a/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas/tasks/GenerateAuthnRequestTask.java b/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas/tasks/GenerateAuthnRequestTask.java
index 84b0078b3..3522a16fd 100644
--- a/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas/tasks/GenerateAuthnRequestTask.java
+++ b/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas/tasks/GenerateAuthnRequestTask.java
@@ -23,7 +23,9 @@
package at.gv.egovernment.moa.id.auth.modules.eidas.tasks;
import java.io.StringWriter;
+import java.util.ArrayList;
import java.util.Collection;
+import java.util.List;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
@@ -33,6 +35,11 @@ import org.apache.commons.lang3.StringUtils;
import org.apache.velocity.Template;
import org.apache.velocity.VelocityContext;
import org.apache.velocity.app.VelocityEngine;
+import org.opensaml.common.xml.SAMLConstants;
+import org.opensaml.saml2.metadata.EntityDescriptor;
+import org.opensaml.saml2.metadata.SingleSignOnService;
+import org.opensaml.saml2.metadata.provider.MetadataProviderException;
+import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.stereotype.Component;
import com.google.common.net.MediaType;
@@ -43,6 +50,7 @@ import at.gv.egovernment.moa.id.auth.frontend.velocity.VelocityProvider;
import at.gv.egovernment.moa.id.auth.modules.AbstractAuthServletTask;
import at.gv.egovernment.moa.id.auth.modules.TaskExecutionException;
import at.gv.egovernment.moa.id.auth.modules.eidas.Constants;
+import at.gv.egovernment.moa.id.auth.modules.eidas.engine.MOAeIDASChainingMetadataProvider;
import at.gv.egovernment.moa.id.auth.modules.eidas.exceptions.EIDASEngineException;
import at.gv.egovernment.moa.id.auth.modules.eidas.utils.SAMLEngineUtils;
import at.gv.egovernment.moa.id.commons.MOAIDAuthConstants;
@@ -52,15 +60,17 @@ import at.gv.egovernment.moa.id.commons.api.data.StorkAttribute;
import at.gv.egovernment.moa.id.commons.api.exceptions.MOAIDException;
import at.gv.egovernment.moa.id.process.api.ExecutionContext;
import at.gv.egovernment.moa.logging.Logger;
-import eu.eidas.auth.commons.EIDASAuthnRequest;
-import eu.eidas.auth.commons.EIDASUtil;
-import eu.eidas.auth.commons.EidasLoaCompareType;
-import eu.eidas.auth.commons.EidasLoaLevels;
-import eu.eidas.auth.commons.IPersonalAttributeList;
-import eu.eidas.auth.commons.PersonalAttribute;
-import eu.eidas.auth.commons.PersonalAttributeList;
-import eu.eidas.auth.engine.EIDASSAMLEngine;
-import eu.eidas.auth.engine.core.eidas.SPType;
+import at.gv.egovernment.moa.util.MiscUtil;
+import eu.eidas.auth.commons.EidasStringUtil;
+import eu.eidas.auth.commons.attribute.AttributeDefinition;
+import eu.eidas.auth.commons.attribute.AttributeDefinition.Builder;
+import eu.eidas.auth.commons.attribute.ImmutableAttributeMap;
+import eu.eidas.auth.commons.protocol.IRequestMessage;
+import eu.eidas.auth.commons.protocol.eidas.LevelOfAssurance;
+import eu.eidas.auth.commons.protocol.eidas.LevelOfAssuranceComparison;
+import eu.eidas.auth.commons.protocol.eidas.SpType;
+import eu.eidas.auth.commons.protocol.eidas.impl.EidasAuthenticationRequest;
+import eu.eidas.auth.engine.ProtocolEngineI;
import eu.eidas.engine.exceptions.EIDASSAMLEngineException;
/**
@@ -70,6 +80,8 @@ import eu.eidas.engine.exceptions.EIDASSAMLEngineException;
@Component("GenerateAuthnRequestTask")
public class GenerateAuthnRequestTask extends AbstractAuthServletTask {
+ @Autowired(required=true) MOAeIDASChainingMetadataProvider eIDASMetadataProvider;
+
/* (non-Javadoc)
* @see at.gv.egovernment.moa.id.process.springweb.MoaIdTask#execute(at.gv.egovernment.moa.id.process.api.ExecutionContext, javax.servlet.http.HttpServletRequest, javax.servlet.http.HttpServletResponse)
*/
@@ -82,23 +94,61 @@ public class GenerateAuthnRequestTask extends AbstractAuthServletTask {
//get service-provider configuration
IOAAuthParameters oaConfig = pendingReq.getOnlineApplicationConfiguration();
- // get target country
+ // get target and validate citizen countryCode
String citizenCountryCode = (String) executionContext.get(MOAIDAuthConstants.PARAM_CCC);
if (StringUtils.isEmpty(citizenCountryCode)) {
// illegal state; task should not have been executed without a selected country
throw new AuthenticationException("eIDAS.03", new Object[] { "" });
+
}
-
CPEPS cpeps = authConfig.getStorkConfig().getCPEPS(citizenCountryCode);
if(null == cpeps) {
Logger.error("PEPS unknown for country", new Object[] {citizenCountryCode});
throw new AuthenticationException("eIDAS.04", new Object[] {citizenCountryCode});
}
Logger.debug("Found eIDaS Node/C-PEPS configuration for citizen of country: " + citizenCountryCode);
- String destination = cpeps.getPepsURL().toString().split(";")[1].trim(); // FIXME convenience for metadata url and assertion destination
+
+
+ // select SingleSignOnService Endpoint from eIDAS-node metadata
+ String destination = null;
String metadataUrl = cpeps.getPepsURL().toString().split(";")[0].trim();
+ try {
+ EntityDescriptor eIDASNodeMetadata = eIDASMetadataProvider.getEntityDescriptor(metadataUrl);
+ if (eIDASNodeMetadata != null) {
+ SingleSignOnService ssoDescr = selectSingleSignOnServiceFromMetadata(eIDASNodeMetadata);
+ if (ssoDescr != null) {
+ destination = ssoDescr.getLocation();
+ Logger.debug("Use destination URL:" + destination + " from eIDAS metadata:" + metadataUrl);
+
+ } else
+ Logger.warn("eIDAS metadata for node:" + metadataUrl + " has no IDPSSODescriptor or no SingleSignOnService information.");
+
+ } else
+ Logger.warn("No eIDAS metadata for node:" + metadataUrl + " ");
+
+ } catch (MetadataProviderException e) {
+ Logger.warn("Load eIDAS metadata from node:" + metadataUrl + " FAILED with an error.", e);
+
+ }
+ // load SingleSignOnService Endpoint from configuration, if Metadata contains no information
+ // FIXME convenience function for not standard conform metadata
+ if (MiscUtil.isEmpty(destination)) {
+ String[] splitString = cpeps.getPepsURL().toString().split(";");
+ if (splitString.length > 1)
+ destination = cpeps.getPepsURL().toString().split(";")[1].trim();
+
+ if (MiscUtil.isNotEmpty(destination))
+ Logger.debug("Use eIDAS node destination URL:" + destination + " from configuration");
+
+ else {
+ Logger.error("No eIDAS-node destination URL FOUND. Request eIDAS node not possible.");
+ throw new MOAIDException("eIDAS.02", new Object[]{"No eIDAS-node Destination-URL FOUND"});
+
+ }
+
+ }
//TODO: switch to entityID
revisionsLogger.logEvent(oaConfig, pendingReq,
@@ -109,50 +159,71 @@ public class GenerateAuthnRequestTask extends AbstractAuthServletTask {
Collection<StorkAttribute> attributesFromConfig = oaConfig.getRequestedSTORKAttributes();
// - prepare attribute list
- IPersonalAttributeList pAttList = new PersonalAttributeList();
-
+ ProtocolEngineI engine = SAMLEngineUtils.createSAMLEngine(eIDASMetadataProvider);
+
// - fill container
- for (StorkAttribute current : attributesFromConfig) {
- PersonalAttribute newAttribute = new PersonalAttribute();
- newAttribute.setName(current.getName());
-
- boolean globallyMandatory = false;
- for (StorkAttribute currentGlobalAttribute : authConfig.getStorkConfig().getStorkAttributes())
- if (current.getName().equals(currentGlobalAttribute.getName())) {
- globallyMandatory = BooleanUtils.isTrue(currentGlobalAttribute.getMandatory());
- break;
- }
-
- newAttribute.setIsRequired(current.getMandatory() || globallyMandatory);
- pAttList.add(newAttribute);
+ List<AttributeDefinition<?>> reqAttrList = new ArrayList<AttributeDefinition<?>>();
+ for (StorkAttribute current : attributesFromConfig) {
+ AttributeDefinition<?> newAttribute = SAMLEngineUtils.getMapOfAllAvailableAttributes().get(current.getName());
+
+ if (newAttribute == null) {
+ Logger.warn("eIDAS attribute with friendlyName:" + current.getName() + " is not supported.");
+
+ } else {
+ boolean globallyMandatory = false;
+ for (StorkAttribute currentGlobalAttribute : authConfig.getStorkConfig().getStorkAttributes())
+ if (current.getName().equals(currentGlobalAttribute.getName())) {
+ globallyMandatory = BooleanUtils.isTrue(currentGlobalAttribute.getMandatory());
+ break;
+ }
+
+ Builder<?> attrBuilder = AttributeDefinition.builder(newAttribute).required(current.getMandatory() || globallyMandatory);
+ reqAttrList.add(attrBuilder.build());
+
+ }
}
-
- EIDASSAMLEngine engine = SAMLEngineUtils.createSAMLEngine();
-
- //build eIDAS AuthnRequest
- EIDASAuthnRequest authnRequest = new EIDASAuthnRequest();
- authnRequest.setProviderName(pendingReq.getAuthURL());
- authnRequest.setPersonalAttributeList(pAttList);
- authnRequest.setIssuer(pendingReq.getAuthURL() + Constants.eIDAS_HTTP_ENDPOINT_METADATA);
+ //build requested attribute set
+ ImmutableAttributeMap reqAttrMap = new ImmutableAttributeMap.Builder().putAll(reqAttrList).build();
+
+ //build eIDAS AuthnRequest
+ EidasAuthenticationRequest.Builder authnRequestBuilder = new EidasAuthenticationRequest.Builder();
+
+ authnRequestBuilder.id(eu.eidas.auth.engine.xml.opensaml.SAMLEngineUtils.generateNCName());
+ authnRequestBuilder.providerName(pendingReq.getAuthURL());
+ String issur = pendingReq.getAuthURL() + Constants.eIDAS_HTTP_ENDPOINT_METADATA;
+ authnRequestBuilder.issuer(issur);
+ authnRequestBuilder.destination(destination);
+
+ authnRequestBuilder.nameIdFormat(Constants.eIDAS_REQ_NAMEID_FORMAT);
- authnRequest.setDestination(destination);
- authnRequest.setEidasNameidFormat(EIDASAuthnRequest.NAMEID_FORMAT_UNSPECIFIED);
- authnRequest.setEidasLoA(EidasLoaLevels.LOW.stringValue());
- authnRequest.setEidasLoACompareType(EidasLoaCompareType.MINIMUM.stringValue());
+ //set minimum required eIDAS LoA from OA config
+ authnRequestBuilder.levelOfAssurance(LevelOfAssurance.fromString(oaConfig.getQaaLevel()));
+ authnRequestBuilder.levelOfAssuranceComparison(LevelOfAssuranceComparison.MINIMUM);
//set correct SPType for this online application
if (oaConfig.getBusinessService())
- authnRequest.setSPType("private");
+ authnRequestBuilder.spType(SpType.PRIVATE);
else
- authnRequest.setSPType(SPType.DEFAULT_VALUE);
-
- engine.initRequestedAttributes(pAttList);
- authnRequest = engine.generateEIDASAuthnRequest(authnRequest);
+ authnRequestBuilder.spType(SpType.PUBLIC);
+
+
+ //set service provider (eIDAS node) countryCode
+ authnRequestBuilder.serviceProviderCountryCode(
+ authConfig.getBasicMOAIDConfiguration(Constants.CONIG_PROPS_EIDAS_NODE_COUNTRYCODE, "AT"));
+
+ //set citizen country code for foreign uses
+ authnRequestBuilder.citizenCountryCode(cpeps.getCountryCode());
+
+ //add requested attributes
+ authnRequestBuilder.requestedAttributes(reqAttrMap);
+
+
+ IRequestMessage authnRequest = engine.generateRequestMessage(authnRequestBuilder.build(), issur);
//encode AuthnRequest
- byte[] token = authnRequest.getTokenSaml();
- String SAMLRequest = EIDASUtil.encodeSAMLToken(token);
+ byte[] token = authnRequest.getMessageBytes();
+ String SAMLRequest = EidasStringUtil.encodeToBase64(token);
//send
@@ -187,7 +258,7 @@ public class GenerateAuthnRequestTask extends AbstractAuthServletTask {
revisionsLogger.logEvent(oaConfig, pendingReq,
MOAIDEventConstants.AUTHPROCESS_PEPS_REQUESTED,
- authnRequest.getSamlId());
+ authnRequest.getRequest().getId());
} catch (Exception e) {
Logger.error("Velocity general error: " + e.getMessage());
@@ -209,4 +280,28 @@ public class GenerateAuthnRequestTask extends AbstractAuthServletTask {
}
}
+ private SingleSignOnService selectSingleSignOnServiceFromMetadata(EntityDescriptor idpEntity) {
+ //select SingleSignOn Service endpoint from IDP metadata
+ SingleSignOnService endpoint = null;
+ if (idpEntity.getIDPSSODescriptor(SAMLConstants.SAML20P_NS) == null) {
+ return null;
+
+ }
+
+ for (SingleSignOnService sss :
+ idpEntity.getIDPSSODescriptor(SAMLConstants.SAML20P_NS).getSingleSignOnServices()) {
+
+ // use POST binding as default if it exists
+ if (sss.getBinding().equals(SAMLConstants.SAML2_POST_BINDING_URI))
+ endpoint = sss;
+
+// else if ( sss.getBinding().equals(SAMLConstants.SAML2_REDIRECT_BINDING_URI)
+// && endpoint == null )
+// endpoint = sss;
+
+ }
+
+ return endpoint;
+ }
+
}
diff --git a/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas/tasks/ReceiveAuthnResponseTask.java b/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas/tasks/ReceiveAuthnResponseTask.java
index fae06031a..c4b2bfeae 100644
--- a/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas/tasks/ReceiveAuthnResponseTask.java
+++ b/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas/tasks/ReceiveAuthnResponseTask.java
@@ -4,6 +4,7 @@ import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import org.opensaml.saml2.core.StatusCode;
+import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.stereotype.Component;
import at.gv.egovernment.moa.id.advancedlogging.MOAIDEventConstants;
@@ -11,9 +12,9 @@ import at.gv.egovernment.moa.id.auth.data.AuthenticationSessionStorageConstants;
import at.gv.egovernment.moa.id.auth.modules.AbstractAuthServletTask;
import at.gv.egovernment.moa.id.auth.modules.TaskExecutionException;
import at.gv.egovernment.moa.id.auth.modules.eidas.Constants;
+import at.gv.egovernment.moa.id.auth.modules.eidas.engine.MOAeIDASChainingMetadataProvider;
import at.gv.egovernment.moa.id.auth.modules.eidas.exceptions.EIDASEngineException;
-import at.gv.egovernment.moa.id.auth.modules.eidas.exceptions.eIDASResponseNotSuccessException;
-import at.gv.egovernment.moa.id.auth.modules.eidas.utils.MOAPersonalAttributeList;
+import at.gv.egovernment.moa.id.auth.modules.eidas.exceptions.EIDASResponseNotSuccessException;
import at.gv.egovernment.moa.id.auth.modules.eidas.utils.SAMLEngineUtils;
import at.gv.egovernment.moa.id.commons.api.exceptions.MOAIDException;
import at.gv.egovernment.moa.id.commons.db.ex.MOADatabaseException;
@@ -21,14 +22,17 @@ import at.gv.egovernment.moa.id.process.api.ExecutionContext;
import at.gv.egovernment.moa.id.protocols.pvp2x.PVPConstants;
import at.gv.egovernment.moa.logging.Logger;
import at.gv.egovernment.moa.util.MiscUtil;
-import eu.eidas.auth.commons.EIDASAuthnResponse;
-import eu.eidas.auth.commons.EIDASUtil;
-import eu.eidas.auth.engine.EIDASSAMLEngine;
+import eu.eidas.auth.commons.EidasStringUtil;
+import eu.eidas.auth.commons.protocol.IAuthenticationResponse;
+import eu.eidas.auth.commons.protocol.eidas.LevelOfAssurance;
+import eu.eidas.auth.engine.ProtocolEngineI;
import eu.eidas.engine.exceptions.EIDASSAMLEngineException;
@Component("ReceiveAuthnResponseTask")
public class ReceiveAuthnResponseTask extends AbstractAuthServletTask {
+ @Autowired(required=true) MOAeIDASChainingMetadataProvider eIDASMetadataProvider;
+
@Override
public void execute(ExecutionContext executionContext, HttpServletRequest request, HttpServletResponse response) throws TaskExecutionException {
@@ -45,40 +49,59 @@ public class ReceiveAuthnResponseTask extends AbstractAuthServletTask {
defaultTaskInitialization(request, executionContext);
//decode SAML response
- byte[] decSamlToken = EIDASUtil.decodeSAMLToken(base64SamlToken);
+ byte[] decSamlToken = EidasStringUtil.decodeBytesFromBase64(base64SamlToken);
//get eIDAS SAML-engine
- EIDASSAMLEngine engine = SAMLEngineUtils.createSAMLEngine();
-
+ ProtocolEngineI engine = SAMLEngineUtils.createSAMLEngine(eIDASMetadataProvider);
+
//validate SAML token
- EIDASAuthnResponse samlResp = engine.validateEIDASAuthnResponse(decSamlToken,
- request.getRemoteHost(), Constants.CONFIG_PROPS_SKEWTIME);
-
- boolean encryptedResponse=engine.isEncryptedSamlResponse(decSamlToken);
- if (encryptedResponse) {
+ IAuthenticationResponse samlResp = engine.unmarshallResponseAndValidate(decSamlToken,
+ request.getRemoteHost(),
+ Constants.CONFIG_PROPS_SKEWTIME,
+ pendingReq.getAuthURL() + Constants.eIDAS_HTTP_ENDPOINT_METADATA);
+
+ if (samlResp.isEncrypted()) {
Logger.info("Received encrypted eIDAS SAML-Response.");
//TODO: check if additional decryption operation is required
}
+
//check response StatusCode
if (!samlResp.getStatusCode().equals(StatusCode.SUCCESS_URI)) {
Logger.info("Receice eIDAS Response with StatusCode:" + samlResp.getStatusCode()
- + " Subcode:" + samlResp.getSubStatusCode() + " Msg:" + samlResp.getMessage());
- throw new eIDASResponseNotSuccessException("eIDAS.11", new Object[]{samlResp.getMessage()});
+ + " Subcode:" + samlResp.getSubStatusCode() + " Msg:" + samlResp.getStatusMessage());
+ throw new EIDASResponseNotSuccessException("eIDAS.11", new Object[]{samlResp.getStatusMessage()});
+
+ }
+
+ // **********************************************************
+ // ******* MOA-ID specific response validation **********
+ // **********************************************************
+
+ //validate received LoA against minimum required LoA
+ LevelOfAssurance reqLoA = LevelOfAssurance.fromString(pendingReq.getOnlineApplicationConfiguration().getQaaLevel());
+ LevelOfAssurance respLoA = LevelOfAssurance.fromString(samlResp.getLevelOfAssurance());
+ if (respLoA.numericValue() < reqLoA.numericValue()) {
+ Logger.error("eIDAS Response LevelOfAssurance is lower than the required! "
+ + "(Resp-LoA:" + respLoA.getValue() + " Req-LoA:" + reqLoA.getValue() + ")");
+ throw new MOAIDException("eIDAS.14", new Object[]{respLoA.getValue()});
}
+
- //MOA-ID specific response validation
- //TODO: implement MOA-ID specific response validation
+ // **********************************************************
+ // ******* Store resonse infos into session object **********
+ // **********************************************************
//update MOA-Session data with received information
Logger.debug("Store eIDAS response information into MOA-session.");
- moasession.setQAALevel(samlResp.getAssuranceLevel());
+
+ moasession.setQAALevel(samlResp.getLevelOfAssurance());
moasession.setGenericDataToSession(
AuthenticationSessionStorageConstants.eIDAS_ATTRIBUTELIST,
- new MOAPersonalAttributeList(samlResp.getPersonalAttributeList()));
+ samlResp.getAttributes());
moasession.setGenericDataToSession(
AuthenticationSessionStorageConstants.eIDAS_RESPONSE,
@@ -88,17 +111,20 @@ public class ReceiveAuthnResponseTask extends AbstractAuthServletTask {
moasession.setGenericDataToSession(PVPConstants.EID_ISSUING_NATION_NAME, samlResp.getCountry());
//store MOA-session to database
- authenticatedSessionStorage.storeSession(moasession);
+ requestStoreage.storePendingRequest(pendingReq);
revisionsLogger.logEvent(pendingReq.getOnlineApplicationConfiguration(), pendingReq,
MOAIDEventConstants.AUTHPROCESS_PEPS_RECEIVED,
- samlResp.getSamlId());
+ samlResp.getId());
+
+ } catch (MOAIDException e) {
+ throw new TaskExecutionException(pendingReq, "eIDAS Response processing FAILED.", e);
}catch (EIDASSAMLEngineException e) {
Logger.error("eIDAS AuthnRequest generation FAILED.", e);
revisionsLogger.logEvent(pendingReq.getOnlineApplicationConfiguration(), pendingReq,
MOAIDEventConstants.AUTHPROCESS_PEPS_RECEIVED_ERROR);
- throw new TaskExecutionException(pendingReq, "eIDAS AuthnRequest generation FAILED.",
+ throw new TaskExecutionException(pendingReq, "eIDAS Response processing FAILED.",
new EIDASEngineException("eIDAS.09", new Object[]{e.getMessage()}, e));
} catch (MOADatabaseException e) {
diff --git a/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas/utils/MOAPersonalAttributeList.java b/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas/utils/MOAPersonalAttributeList.java
deleted file mode 100644
index 5cc100b70..000000000
--- a/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas/utils/MOAPersonalAttributeList.java
+++ /dev/null
@@ -1,343 +0,0 @@
-/*
- * Copyright 2014 Federal Chancellery Austria
- * MOA-ID has been developed in a cooperation between BRZ, the Federal
- * Chancellery Austria - ICT staff unit, and Graz University of Technology.
- *
- * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by
- * the European Commission - subsequent versions of the EUPL (the "Licence");
- * You may not use this work except in compliance with the Licence.
- * You may obtain a copy of the Licence at:
- * http://www.osor.eu/eupl/
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the Licence is distributed on an "AS IS" basis,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the Licence for the specific language governing permissions and
- * limitations under the Licence.
- *
- * This product combines work with different licenses. See the "NOTICE" text
- * file for details on the various modules and licenses.
- * The "NOTICE" text file is part of the distribution. Any derivative works
- * that you distribute must include a readable copy of the "NOTICE" text file.
- */
-package at.gv.egovernment.moa.id.auth.modules.eidas.utils;
-
-import java.io.IOException;
-import java.io.ObjectInputStream;
-import java.util.ArrayList;
-import java.util.Collections;
-import java.util.HashMap;
-import java.util.Iterator;
-import java.util.List;
-import java.util.Map;
-import java.util.StringTokenizer;
-import java.util.concurrent.ConcurrentHashMap;
-
-import org.apache.commons.lang.StringUtils;
-
-import at.gv.egovernment.moa.logging.Logger;
-
-import eu.eidas.auth.commons.AttributeConstants;
-import eu.eidas.auth.commons.AttributeUtil;
-import eu.eidas.auth.commons.EIDASErrors;
-import eu.eidas.auth.commons.EIDASParameters;
-import eu.eidas.auth.commons.EIDASUtil;
-import eu.eidas.auth.commons.EIDASValues;
-import eu.eidas.auth.commons.IPersonalAttributeList;
-import eu.eidas.auth.commons.PersonalAttribute;
-import eu.eidas.auth.commons.exceptions.InternalErrorEIDASException;
-
-/**
- * @author tlenz
- *
- */
-public final class MOAPersonalAttributeList extends
- ConcurrentHashMap<String, PersonalAttribute> implements IPersonalAttributeList {
-
- /**
- *
- */
- private static final long serialVersionUID = -4488124133022713089L;
-
- public MOAPersonalAttributeList(IPersonalAttributeList eIDASAttributeList) {
- super();
- Iterator<PersonalAttribute> element = eIDASAttributeList.iterator();
- while(element.hasNext())
- add(element.next());
-
- }
-
- /**
- * Hash with the latest fetched attribute name alias.
- */
- private Map<String, Integer> latestAttrAlias =
- new HashMap<String, Integer>();
-
- /**
- * Hash with mapping number of alias or the attribute name.
- */
- private Map<String, Integer> attrAliasNumber =
- new HashMap<String, Integer>();
- private List<String> insertOrder = new ArrayList<String>();
-
- /**
- * Obtain the insertOrder Collection
- *
- * @return defensive copy of the collection
- */
- List<String> getInsertOrder() {
- return Collections.unmodifiableList(this.insertOrder);
- }
-
- /**
- * Default constructor.
- */
- public MOAPersonalAttributeList() {
- super();
-
- }
-
- /**
- * Constructor with initial capacity for the PersonalAttributeList size.
- *
- * @param capacity The initial capacity for the PersonalAttributeList.
- */
- public MOAPersonalAttributeList(final int capacity) {
- super(capacity);
- }
-
- /**
- * {@inheritDoc}
- */
- public Iterator<PersonalAttribute> iterator() {
- return new MOAOrderedAttributeIterator(this);
- }
-
- /**
- * {@inheritDoc}
- */
- public PersonalAttribute get(final Object key) {
- String attrName = (String) key;
-
- if (this.latestAttrAlias == null)
- this.latestAttrAlias = new HashMap<String, Integer>();
-
- if (this.attrAliasNumber == null)
- this.attrAliasNumber = new HashMap<String, Integer>();
-
- if (this.latestAttrAlias.containsKey(key)) {
- attrName = attrName + this.latestAttrAlias.get(key);
- } else {
- if (this.attrAliasNumber.containsKey(key)) {
- this.latestAttrAlias.put(attrName, this.attrAliasNumber.get(key));
- }
- }
- return super.get(attrName);
- }
-
- /**
- * {@inheritDoc}
- */
- public void add(final PersonalAttribute value) {
- if (value != null) {
- this.put(value.getName(), value);
- }
- }
-
- /**
- * {@inheritDoc}
- */
- public PersonalAttribute put(final String key, final PersonalAttribute val) {
- if (StringUtils.isNotEmpty(key) && val != null) {
- // Validate if attribute name already exists!
- String attrAlias = key;
- if (this.containsKey(attrAlias)) {
- if (this.attrAliasNumber == null)
- this.attrAliasNumber = new HashMap<String, Integer>();
- if (!val.isEmptyValue() && StringUtils.isNumeric(val.getValue().get(0))) {
- final String attrValue = val.getValue().get(0);
- attrAlias = key + attrValue;
- this.attrAliasNumber.put(key, Integer.valueOf(attrValue));
- } else {
- final PersonalAttribute attr = super.get(key);
- if (!attr.isEmptyValue()
- && StringUtils.isNumeric(attr.getValue().get(0))) {
- attrAlias = key + attr.getValue().get(0);
- super.put(key, (PersonalAttribute) attr);
- this.attrAliasNumber.put(key, null);
- }
- }
- } else {
- if (insertOrder == null)
- insertOrder = new ArrayList<String>();
-
- insertOrder.add(key);
- }
- return super.put(attrAlias, val);
- } else {
- return null;
- }
- }
-
- @Override
- public PersonalAttribute remove(Object key) {
- insertOrder.remove(key);
- return super.remove(key);
- }
-
- /**
- * {@inheritDoc}
- */
- public void populate(final String attrList) {
- final StringTokenizer strToken =
- new StringTokenizer(attrList, EIDASValues.ATTRIBUTE_SEP.toString());
-
- while (strToken.hasMoreTokens()) {
- final PersonalAttribute persAttr = new PersonalAttribute();
- String[] tuples =
- strToken.nextToken().split(EIDASValues.ATTRIBUTE_TUPLE_SEP.toString(),
- AttributeConstants.NUMBER_TUPLES.intValue());
-
- // Convert to the new format if needed!
- tuples = convertFormat(tuples);
-
- if (AttributeUtil.hasValidTuples(tuples)) {
- final int attrValueIndex =
- AttributeConstants.ATTR_VALUE_INDEX.intValue();
- final String tmpAttrValue =
- tuples[attrValueIndex].substring(1,
- tuples[attrValueIndex].length() - 1);
- final String[] vals =
- tmpAttrValue.split(EIDASValues.ATTRIBUTE_VALUE_SEP.toString());
-
- persAttr.setName(tuples[AttributeConstants.ATTR_NAME_INDEX.intValue()]);
- persAttr.setIsRequired(Boolean
- .valueOf(tuples[AttributeConstants.ATTR_TYPE_INDEX.intValue()]));
- // check if it is a complex value
- if (tuples[AttributeConstants.ATTR_NAME_INDEX.intValue()]
- .equals(EIDASParameters.COMPLEX_ADDRESS_VALUE.toString())) {
- persAttr.setComplexValue(createComplexValue(vals));
- } else {
- persAttr.setValue(createValues(vals));
- }
-
- if (tuples.length == AttributeConstants.NUMBER_TUPLES.intValue()) {
- persAttr.setStatus(tuples[AttributeConstants.ATTR_STATUS_INDEX
- .intValue()]);
- }
- this.put(tuples[AttributeConstants.ATTR_NAME_INDEX.intValue()],
- persAttr);
-
- } else {
- Logger.info("BUSINESS EXCEPTION : Invalid personal attribute list tuples");
- }
-
- }
- }
-
- /**
- * Returns a copy of this <tt>IPersonalAttributeList</tt> instance.
- *
- * @return The copy of this IPersonalAttributeList.
- */
- public Object clone() {
- try {
- MOAPersonalAttributeList theClone= (MOAPersonalAttributeList)super.clone();
- theClone.insertOrder=new ArrayList<String>(insertOrder);
- return theClone;
-
- } catch (CloneNotSupportedException e) {
- throw new InternalErrorEIDASException(
- EIDASUtil.getConfig(EIDASErrors.INTERNAL_ERROR.errorCode()),
- EIDASUtil.getConfig(EIDASErrors.INTERNAL_ERROR.errorMessage()), e);
- }
- }
-
- /**
- * Creates a string in the following format.
- *
- * attrName:attrType:[attrValue1,attrValue2=attrComplexValue]:attrStatus;
- *
- * @return {@inheritDoc}
- */
- @Override
- public String toString() {
- final StringBuilder strBuilder = new StringBuilder();
- final Iterator<String> iteratorInsertOrder = insertOrder.iterator();
- while (iteratorInsertOrder.hasNext()) {
- String key = iteratorInsertOrder.next();
- final PersonalAttribute attr = get(key);
- strBuilder.append(attr.toString());
- if (isNumberAlias(key)) {
- strBuilder.append(get(key).toString());
- }
- }
- return strBuilder.toString();
- }
-
- /**
- * Validates and creates the attribute's complex values.
- *
- * @param values The complex values.
- * @return The {@link Map} with the complex values.
- * @see Map
- */
- private Map<String, String> createComplexValue(final String[] values) {
- final Map<String, String> complexValue = new HashMap<String, String>();
- for (final String val : values) {
- final String[] tVal = val.split("=");
- if (StringUtils.isNotEmpty(val) && tVal.length == 2) {
- complexValue.put(tVal[0], AttributeUtil.unescape(tVal[1]));
- }
- }
- return complexValue;
- }
-
- /**
- * Validates and creates the attribute values.
- *
- * @param vals The attribute values.
- * @return The {@link List} with the attribute values.
- * @see List
- */
- private List<String> createValues(final String[] vals) {
- final List<String> values = new ArrayList<String>();
- for (final String val : vals) {
- if (StringUtils.isNotEmpty(val)) {
- values.add(AttributeUtil.unescape(val));
- }
- }
- return values;
- }
-
- //////////////////
- /**
- * Converts the attribute tuple (attrName:attrType...) to the new format.
- *
- * @param tuples The attribute tuples to convert.
- * @return The attribute tuples in the new format.
- */
- private String[] convertFormat(final String[] tuples) {
- final String[] newFormatTuples =
- new String[AttributeConstants.NUMBER_TUPLES.intValue()];
- if (tuples != null) {
- System.arraycopy(tuples, 0, newFormatTuples, 0, tuples.length);
-
- for (int i = tuples.length; i < newFormatTuples.length; i++) {
- if (i == AttributeConstants.ATTR_VALUE_INDEX.intValue()) {
- newFormatTuples[i] = "[]";
- } else {
- newFormatTuples[i] = "";
- }
- }
- }
- return newFormatTuples;
- }
-
- public boolean isNumberAlias(String key) {
- return this.attrAliasNumber.containsKey(key);
- }
-
-
-
-}
diff --git a/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas/utils/MOAProtocolEngineFactory.java b/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas/utils/MOAProtocolEngineFactory.java
new file mode 100644
index 000000000..f29d2bb65
--- /dev/null
+++ b/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas/utils/MOAProtocolEngineFactory.java
@@ -0,0 +1,99 @@
+/*
+ * Copyright 2014 Federal Chancellery Austria
+ * MOA-ID has been developed in a cooperation between BRZ, the Federal
+ * Chancellery Austria - ICT staff unit, and Graz University of Technology.
+ *
+ * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by
+ * the European Commission - subsequent versions of the EUPL (the "Licence");
+ * You may not use this work except in compliance with the Licence.
+ * You may obtain a copy of the Licence at:
+ * http://www.osor.eu/eupl/
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the Licence is distributed on an "AS IS" basis,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the Licence for the specific language governing permissions and
+ * limitations under the Licence.
+ *
+ * This product combines work with different licenses. See the "NOTICE" text
+ * file for details on the various modules and licenses.
+ * The "NOTICE" text file is part of the distribution. Any derivative works
+ * that you distribute must include a readable copy of the "NOTICE" text file.
+ */
+package at.gv.egovernment.moa.id.auth.modules.eidas.utils;
+
+import at.gv.egovernment.moa.id.auth.modules.eidas.config.MOAIDCertificateManagerConfigurationImpl;
+import at.gv.egovernment.moa.logging.Logger;
+import eu.eidas.auth.engine.ProtocolEngineFactory;
+import eu.eidas.auth.engine.configuration.SamlEngineConfigurationException;
+import eu.eidas.auth.engine.configuration.dom.ProtocolEngineConfigurationFactory;
+import eu.eidas.samlengineconfig.CertificateConfigurationManager;
+
+/**
+ * @author tlenz
+ *
+ */
+public class MOAProtocolEngineFactory extends ProtocolEngineFactory {
+
+ /**
+ * Initialization-on-demand holder idiom.
+ * <p/>
+ * See item 71 of Effective Java 2nd Edition.
+ * <p/>
+ * See http://en.wikipedia.org/wiki/Initialization-on-demand_holder_idiom.
+ */
+ private static final class LazyHolder {
+
+ private static final MOAProtocolEngineFactory DEFAULT_SAML_ENGINE_FACTORY;
+
+ private static final Exception INITIALIZATION_EXCEPTION;
+
+ static {
+ Exception initializationException = null;
+ MOAProtocolEngineFactory defaultProtocolEngineFactory = null;
+ try {
+ //get eIDAS SAMLengine configuration from MOA-ID configuration
+ CertificateConfigurationManager configManager = new MOAIDCertificateManagerConfigurationImpl();
+
+ ProtocolEngineConfigurationFactory engineConfigurationFactory = new ProtocolEngineConfigurationFactory(configManager);
+ defaultProtocolEngineFactory = new MOAProtocolEngineFactory(engineConfigurationFactory);
+
+ } catch (Exception ex) {
+ initializationException = ex;
+ Logger.error("Unable to instantiate default SAML engines: " + ex, ex);
+
+ }
+
+ DEFAULT_SAML_ENGINE_FACTORY = defaultProtocolEngineFactory;
+ INITIALIZATION_EXCEPTION = initializationException;
+ }
+
+ static MOAProtocolEngineFactory getDefaultSamlEngineFactory() {
+ if (null == INITIALIZATION_EXCEPTION) {
+ return DEFAULT_SAML_ENGINE_FACTORY;
+
+ } else {
+ throw new IllegalStateException(INITIALIZATION_EXCEPTION);
+
+ }
+ }
+ }
+
+
+ public static MOAProtocolEngineFactory getInstance() {
+ return LazyHolder.getDefaultSamlEngineFactory();
+
+ }
+
+ /**
+ * @param configurationFactory
+ * @throws SamlEngineConfigurationException
+ */
+ private MOAProtocolEngineFactory(ProtocolEngineConfigurationFactory configurationFactory)
+ throws SamlEngineConfigurationException {
+ super(configurationFactory);
+
+ }
+
+
+}
diff --git a/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas/utils/MOAeIDASMetadataGenerator.java b/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas/utils/MOAeIDASMetadataGenerator.java
new file mode 100644
index 000000000..09c3dff38
--- /dev/null
+++ b/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas/utils/MOAeIDASMetadataGenerator.java
@@ -0,0 +1,621 @@
+/*
+ * Copyright 2014 Federal Chancellery Austria
+ * MOA-ID has been developed in a cooperation between BRZ, the Federal
+ * Chancellery Austria - ICT staff unit, and Graz University of Technology.
+ *
+ * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by
+ * the European Commission - subsequent versions of the EUPL (the "Licence");
+ * You may not use this work except in compliance with the Licence.
+ * You may obtain a copy of the Licence at:
+ * http://www.osor.eu/eupl/
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the Licence is distributed on an "AS IS" basis,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the Licence for the specific language governing permissions and
+ * limitations under the Licence.
+ *
+ * This product combines work with different licenses. See the "NOTICE" text
+ * file for details on the various modules and licenses.
+ * The "NOTICE" text file is part of the distribution. Any derivative works
+ * that you distribute must include a readable copy of the "NOTICE" text file.
+ */
+package at.gv.egovernment.moa.id.auth.modules.eidas.utils;
+
+import java.security.cert.X509Certificate;
+import java.util.ArrayList;
+import java.util.HashMap;
+import java.util.HashSet;
+import java.util.List;
+import java.util.Set;
+
+import org.apache.commons.lang.StringUtils;
+import org.joda.time.DateTime;
+import org.joda.time.DurationFieldType;
+import org.opensaml.Configuration;
+import org.opensaml.common.xml.SAMLConstants;
+import org.opensaml.saml2.common.Extensions;
+import org.opensaml.saml2.core.Attribute;
+import org.opensaml.saml2.core.AttributeValue;
+import org.opensaml.saml2.metadata.AssertionConsumerService;
+import org.opensaml.saml2.metadata.Company;
+import org.opensaml.saml2.metadata.ContactPerson;
+import org.opensaml.saml2.metadata.ContactPersonTypeEnumeration;
+import org.opensaml.saml2.metadata.EmailAddress;
+import org.opensaml.saml2.metadata.EncryptionMethod;
+import org.opensaml.saml2.metadata.EntitiesDescriptor;
+import org.opensaml.saml2.metadata.EntityDescriptor;
+import org.opensaml.saml2.metadata.GivenName;
+import org.opensaml.saml2.metadata.IDPSSODescriptor;
+import org.opensaml.saml2.metadata.KeyDescriptor;
+import org.opensaml.saml2.metadata.LocalizedString;
+import org.opensaml.saml2.metadata.NameIDFormat;
+import org.opensaml.saml2.metadata.Organization;
+import org.opensaml.saml2.metadata.OrganizationDisplayName;
+import org.opensaml.saml2.metadata.OrganizationURL;
+import org.opensaml.saml2.metadata.SPSSODescriptor;
+import org.opensaml.saml2.metadata.SSODescriptor;
+import org.opensaml.saml2.metadata.SingleSignOnService;
+import org.opensaml.saml2.metadata.SurName;
+import org.opensaml.saml2.metadata.TelephoneNumber;
+import org.opensaml.samlext.saml2mdattr.EntityAttributes;
+import org.opensaml.xml.XMLObject;
+import org.opensaml.xml.XMLObjectBuilderFactory;
+import org.opensaml.xml.schema.XSString;
+import org.opensaml.xml.schema.impl.XSStringBuilder;
+import org.opensaml.xml.security.SecurityException;
+import org.opensaml.xml.security.credential.Credential;
+import org.opensaml.xml.security.credential.UsageType;
+import org.opensaml.xml.security.keyinfo.KeyInfoGenerator;
+import org.opensaml.xml.security.x509.X509KeyInfoGeneratorFactory;
+import org.opensaml.xml.signature.KeyInfo;
+import org.slf4j.Logger;
+import org.slf4j.LoggerFactory;
+
+import com.google.common.collect.ImmutableSortedSet;
+import com.google.common.collect.Ordering;
+
+import at.gv.egovernment.moa.id.auth.modules.eidas.Constants;
+import eu.eidas.auth.commons.EIDASUtil;
+import eu.eidas.auth.commons.EidasStringUtil;
+import eu.eidas.auth.commons.attribute.AttributeDefinition;
+import eu.eidas.auth.commons.protocol.impl.SamlNameIdFormat;
+import eu.eidas.auth.commons.xml.opensaml.OpenSamlHelper;
+import eu.eidas.auth.engine.ProtocolEngineI;
+import eu.eidas.auth.engine.core.SAMLExtensionFormat;
+import eu.eidas.auth.engine.core.eidas.DigestMethod;
+import eu.eidas.auth.engine.core.eidas.EidasConstants;
+import eu.eidas.auth.engine.core.eidas.SPType;
+import eu.eidas.auth.engine.core.eidas.SigningMethod;
+import eu.eidas.auth.engine.metadata.Contact;
+import eu.eidas.auth.engine.metadata.EntityDescriptorContainer;
+import eu.eidas.auth.engine.metadata.MetadataConfigParams;
+import eu.eidas.auth.engine.metadata.MetadataGenerator;
+import eu.eidas.auth.engine.metadata.MetadataSignerI;
+import eu.eidas.auth.engine.xml.opensaml.BuilderFactoryUtil;
+import eu.eidas.auth.engine.xml.opensaml.CertificateUtil;
+import eu.eidas.encryption.exception.UnmarshallException;
+import eu.eidas.engine.exceptions.EIDASSAMLEngineException;
+import eu.eidas.engine.exceptions.SAMLEngineException;
+
+/**
+ * @author tlenz
+ *
+ */
+public class MOAeIDASMetadataGenerator extends MetadataGenerator {
+ private static final Logger LOGGER = LoggerFactory.getLogger(MetadataGenerator.class.getName());
+
+ MetadataConfigParams params;
+
+ XMLObjectBuilderFactory builderFactory = Configuration.getBuilderFactory();
+
+ SPSSODescriptor spSSODescriptor = null;
+
+ IDPSSODescriptor idpSSODescriptor = null;
+
+ private String ssoLocation;
+
+ /**
+ * @return a String representation of the entityDescriptr built based on the attributes previously set
+ */
+ public String generateMetadata() throws EIDASSAMLEngineException {
+ EntityDescriptor entityDescriptor;
+ try {
+ entityDescriptor = (EntityDescriptor) builderFactory.getBuilder(EntityDescriptor.DEFAULT_ELEMENT_NAME)
+ .buildObject(EntityDescriptor.DEFAULT_ELEMENT_NAME);
+
+ entityDescriptor.setEntityID(params.getEntityID());
+ entityDescriptor.setOrganization(buildOrganization());
+ entityDescriptor.getContactPersons().add(buildContact(ContactPersonTypeEnumeration.SUPPORT));
+ entityDescriptor.getContactPersons().add(buildContact(ContactPersonTypeEnumeration.TECHNICAL));
+ entityDescriptor.setValidUntil(getExpireDate());
+
+ X509KeyInfoGeneratorFactory keyInfoGeneratorFactory = new X509KeyInfoGeneratorFactory();
+ keyInfoGeneratorFactory.setEmitEntityCertificate(true);
+ Extensions e = generateExtensions();
+ if (!e.getUnknownXMLObjects().isEmpty()) {
+ entityDescriptor.setExtensions(e);
+ }
+ if (spSSODescriptor != null) {
+ generateSPSSODescriptor(entityDescriptor, keyInfoGeneratorFactory);
+ }
+ if (idpSSODescriptor != null) {
+ generateIDPSSODescriptor(entityDescriptor, keyInfoGeneratorFactory);
+ }
+ if (params.getSpEngine() != null) {
+ ProtocolEngineI spEngine = params.getSpEngine();
+ ((MetadataSignerI) spEngine.getSigner()).signMetadata(entityDescriptor);
+ } else if (params.getIdpEngine() != null) {
+ ProtocolEngineI idpEngine = params.getIdpEngine();
+ ((MetadataSignerI) idpEngine.getSigner()).signMetadata(entityDescriptor);
+ }
+ return EidasStringUtil.toString(OpenSamlHelper.marshall(entityDescriptor, false));
+ } catch (Exception ex) {
+ LOGGER.info("ERROR : SAMLException ", ex.getMessage());
+ LOGGER.debug("ERROR : SAMLException ", ex);
+ throw new IllegalStateException(ex);
+ }
+ }
+
+ private void generateSPSSODescriptor(final EntityDescriptor entityDescriptor,
+ final X509KeyInfoGeneratorFactory keyInfoGeneratorFactory)
+ throws org.opensaml.xml.security.SecurityException, IllegalAccessException, NoSuchFieldException,
+ SAMLEngineException, EIDASSAMLEngineException {
+ //the node has SP role
+ spSSODescriptor.setWantAssertionsSigned(params.isWantAssertionsSigned());
+ spSSODescriptor.setAuthnRequestsSigned(true);
+ spSSODescriptor.setID(idpSSODescriptor == null ? params.getEntityID()
+ : ("SP" + params.getEntityID()));
+ if (params.getSPSignature() != null) {
+ spSSODescriptor.setSignature(params.getSPSignature());
+ }
+ if (params.getSpSigningCredential() != null) {
+ spSSODescriptor.getKeyDescriptors()
+ .add(getKeyDescriptor(keyInfoGeneratorFactory, params.getSpSigningCredential(), UsageType.SIGNING));
+
+ } else if (params.getSigningCredential() != null) {
+ spSSODescriptor.getKeyDescriptors()
+ .add(getKeyDescriptor(keyInfoGeneratorFactory, params.getSigningCredential(), UsageType.SIGNING));
+ }
+
+ if (params.getSpEncryptionCredential() != null) {
+ spSSODescriptor.getKeyDescriptors()
+ .add(getKeyDescriptor(keyInfoGeneratorFactory, params.getSpEncryptionCredential(),
+ UsageType.ENCRYPTION));
+ } else if (params.getEncryptionCredential() != null) {
+ spSSODescriptor.getKeyDescriptors()
+ .add(getKeyDescriptor(keyInfoGeneratorFactory, params.getEncryptionCredential(), UsageType.ENCRYPTION));
+ }
+ spSSODescriptor.addSupportedProtocol(params.getSpSamlProtocol());
+ if (!StringUtils.isEmpty(params.getAssertionConsumerUrl())) {
+ addAssertionConsumerService();
+ }
+ fillNameIDFormat(spSSODescriptor);
+ if (params.getSpEngine() != null) {
+ ProtocolEngineI spEngine = params.getSpEngine();
+ ((MetadataSignerI) spEngine.getSigner()).signMetadata(spSSODescriptor);
+ }
+ entityDescriptor.getRoleDescriptors().add(spSSODescriptor);
+
+ }
+
+ private void fillNameIDFormat(SSODescriptor ssoDescriptor) throws EIDASSAMLEngineException {
+ NameIDFormat persistentFormat =
+ (NameIDFormat) BuilderFactoryUtil.buildXmlObject(NameIDFormat.DEFAULT_ELEMENT_NAME);
+ persistentFormat.setFormat(SamlNameIdFormat.PERSISTENT.getNameIdFormat());
+ ssoDescriptor.getNameIDFormats().add(persistentFormat);
+ NameIDFormat transientFormat =
+ (NameIDFormat) BuilderFactoryUtil.buildXmlObject(NameIDFormat.DEFAULT_ELEMENT_NAME);
+ transientFormat.setFormat(SamlNameIdFormat.TRANSIENT.getNameIdFormat());
+ ssoDescriptor.getNameIDFormats().add(transientFormat);
+ NameIDFormat unspecifiedFormat =
+ (NameIDFormat) BuilderFactoryUtil.buildXmlObject(NameIDFormat.DEFAULT_ELEMENT_NAME);
+ unspecifiedFormat.setFormat(SamlNameIdFormat.UNSPECIFIED.getNameIdFormat());
+ ssoDescriptor.getNameIDFormats().add(unspecifiedFormat);
+ }
+
+ private void generateIDPSSODescriptor(final EntityDescriptor entityDescriptor,
+ final X509KeyInfoGeneratorFactory keyInfoGeneratorFactory)
+ throws org.opensaml.xml.security.SecurityException, IllegalAccessException, NoSuchFieldException,
+ SAMLEngineException, EIDASSAMLEngineException {
+ //the node has IDP role
+ idpSSODescriptor.setWantAuthnRequestsSigned(true);
+ idpSSODescriptor.setID(spSSODescriptor == null ? params.getEntityID()
+ : ("IDP" + params.getEntityID()));
+ if (params.getIDPSignature() != null) {
+ idpSSODescriptor.setSignature(params.getIDPSignature());
+ }
+ if (params.getIdpSigningCredential() != null) {
+ idpSSODescriptor.getKeyDescriptors()
+ .add(getKeyDescriptor(keyInfoGeneratorFactory, params.getIdpSigningCredential(), UsageType.SIGNING));
+ } else if (params.getSigningCredential() != null) {
+ idpSSODescriptor.getKeyDescriptors()
+ .add(getKeyDescriptor(keyInfoGeneratorFactory, params.getSigningCredential(), UsageType.SIGNING));
+ }
+ if (params.getIdpEncryptionCredential() != null) {
+ idpSSODescriptor.getKeyDescriptors()
+ .add(getKeyDescriptor(keyInfoGeneratorFactory, params.getIdpEncryptionCredential(),
+ UsageType.ENCRYPTION));
+ } else if (params.getEncryptionCredential() != null) {
+ idpSSODescriptor.getKeyDescriptors()
+ .add(getKeyDescriptor(keyInfoGeneratorFactory, params.getEncryptionCredential(), UsageType.ENCRYPTION));
+ }
+ idpSSODescriptor.addSupportedProtocol(params.getIdpSamlProtocol());
+ fillNameIDFormat(idpSSODescriptor);
+ if (params.getIdpEngine() != null) {
+ if (params.getIdpEngine().getProtocolProcessor() != null
+ && params.getIdpEngine().getProtocolProcessor().getFormat() == SAMLExtensionFormat.EIDAS10) {
+
+ /*TODO: Only a work-around to add eIDAS attributes, which could be provided from MOA-ID, to IDP metadata
+ * If we restrict the eIDAS Engine attribute definitions then also additional incoming attributes can not processed any more.
+ *
+ * INFO: Maybe, this code can be removed in a future version of the eIDAS engine
+ */
+ generateSupportedAttributes(idpSSODescriptor, getAllSupportedAttributes());
+ }
+ ProtocolEngineI idpEngine = params.getIdpEngine();
+ ((MetadataSignerI) idpEngine.getSigner()).signMetadata(idpSSODescriptor);
+ }
+
+ idpSSODescriptor.getSingleSignOnServices().addAll(buildSingleSignOnServicesBindingLocations());
+
+ entityDescriptor.getRoleDescriptors().add(idpSSODescriptor);
+
+ }
+
+ /*TODO: Only a work-around to add eIDAS attributes, which could be provided from MOA-ID, to IDP metadata
+ * If we restrict the eIDAS Engine attribute definitions then also additional incoming attributes can not processed any more.
+ */
+ public ImmutableSortedSet<AttributeDefinition<?>> getAllSupportedAttributes() {
+ ImmutableSortedSet.Builder<AttributeDefinition<?>> builder =
+ new ImmutableSortedSet.Builder<>(Ordering.<AttributeDefinition<?>>natural());
+ builder.addAll(Constants.MOA_IDP_ATTR_REGISTRY.getAttributes());
+ return builder.build();
+ }
+
+ private ArrayList<SingleSignOnService> buildSingleSignOnServicesBindingLocations()
+ throws NoSuchFieldException, IllegalAccessException {
+ ArrayList<SingleSignOnService> singleSignOnServices = new ArrayList<SingleSignOnService>();
+
+ HashMap<String, String> bindingLocations = params.getProtocolBindingLocation();
+ for (String binding : bindingLocations.keySet()) {
+ SingleSignOnService ssos = BuilderFactoryUtil.buildXmlObject(SingleSignOnService.class);
+ ssos.setBinding(binding);
+ ssos.setLocation(bindingLocations.get(binding));
+ singleSignOnServices.add(ssos);
+ }
+
+ return singleSignOnServices;
+ }
+
+ /**
+ * @param metadata
+ * @return an EntityDescriptor parsed from the given String or null
+ */
+ // TODO (commented by donydgr) Move to a eu.eidas.auth.engine.metadata.MetadataUtil ? Throw an exception if the metadata is invalid instead of returning null ?
+ public static EntityDescriptorContainer deserializeEntityDescriptor(String metadata) {
+ EntityDescriptorContainer result = new EntityDescriptorContainer();
+ try {
+ byte[] metaDataBytes = EidasStringUtil.getBytes(metadata);
+ XMLObject obj = OpenSamlHelper.unmarshall(metaDataBytes);
+ if (obj instanceof EntityDescriptor) {
+ result.addEntityDescriptor((EntityDescriptor) obj, metaDataBytes);
+ } else if (obj instanceof EntitiesDescriptor) {
+ EntitiesDescriptor ed = (EntitiesDescriptor) obj;
+ result.setEntitiesDescriptor(ed);
+ result.getEntityDescriptors().addAll(((EntitiesDescriptor) obj).getEntityDescriptors());
+ result.setSerializedEntitesDescriptor(metaDataBytes);
+ }
+ } catch (UnmarshallException ue) {
+ LOGGER.info("ERROR : unmarshalling error", ue.getMessage());
+ LOGGER.debug("ERROR : unmarshalling error", ue);
+ }
+ return result;
+ }
+
+ private KeyDescriptor getKeyDescriptor(X509KeyInfoGeneratorFactory keyInfoGeneratorFactory,
+ Credential credential,
+ UsageType usage)
+ throws NoSuchFieldException, IllegalAccessException, SecurityException, EIDASSAMLEngineException {
+ KeyDescriptor keyDescriptor = null;
+ if (credential != null) {
+ keyDescriptor = BuilderFactoryUtil.buildXmlObject(KeyDescriptor.class);
+ KeyInfoGenerator keyInfoGenerator = keyInfoGeneratorFactory.newInstance();
+
+ KeyInfo keyInfo = keyInfoGenerator.generate(credential);
+ keyDescriptor.setUse(usage);
+ keyDescriptor.setKeyInfo(keyInfo);
+ if (usage == UsageType.ENCRYPTION && params.getEncryptionAlgorithms() != null) {
+ Set<String> encryptionAlgos = EIDASUtil.parseSemicolonSeparatedList(params.getEncryptionAlgorithms());
+ for (String encryptionAlgo : encryptionAlgos) {
+ EncryptionMethod em =
+ (EncryptionMethod) BuilderFactoryUtil.buildXmlObject(EncryptionMethod.DEFAULT_ELEMENT_NAME);
+ em.setAlgorithm(encryptionAlgo);
+ keyDescriptor.getEncryptionMethods().add(em);
+ }
+ }
+
+ }
+ return keyDescriptor;
+ }
+
+ private Organization buildOrganization() {
+ Organization organization = null;
+ try {
+ organization = BuilderFactoryUtil.buildXmlObject(Organization.class);
+ OrganizationDisplayName odn = BuilderFactoryUtil.buildXmlObject(OrganizationDisplayName.class);
+ odn.setName(new LocalizedString(params.getCountryName(), "en"));
+ organization.getDisplayNames().add(odn);
+ OrganizationURL url = BuilderFactoryUtil.buildXmlObject(OrganizationURL.class);
+ url.setURL(new LocalizedString(params.getNodeUrl(), "en"));
+ organization.getURLs().add(url);
+ } catch (IllegalAccessException iae) {
+ LOGGER.info("ERROR : error generating the Organization: {}", iae.getMessage());
+ LOGGER.debug("ERROR : error generating the Organization: {}", iae);
+ } catch (NoSuchFieldException nfe) {
+ LOGGER.info("ERROR : error generating the Organization: {}", nfe.getMessage());
+ LOGGER.debug("ERROR : error generating the Organization: {}", nfe);
+ }
+ return organization;
+ }
+
+ private ContactPerson buildContact(ContactPersonTypeEnumeration contactType) {
+ ContactPerson contact = null;
+ try {
+ Contact currentContact = null;
+ if (contactType == ContactPersonTypeEnumeration.SUPPORT) {
+ currentContact = params.getSupportContact();
+ } else if (contactType == ContactPersonTypeEnumeration.TECHNICAL) {
+ currentContact = params.getTechnicalContact();
+ } else {
+ LOGGER.error("ERROR: unsupported contact type");
+ }
+ contact = BuilderFactoryUtil.buildXmlObject(ContactPerson.class);
+ if (currentContact == null) {
+ LOGGER.error("ERROR: cannot retrieve contact from the configuration");
+ return contact;
+ }
+
+ EmailAddress emailAddressObj = BuilderFactoryUtil.buildXmlObject(EmailAddress.class);
+ Company company = BuilderFactoryUtil.buildXmlObject(Company.class);
+ GivenName givenName = BuilderFactoryUtil.buildXmlObject(GivenName.class);
+ SurName surName = BuilderFactoryUtil.buildXmlObject(SurName.class);
+ TelephoneNumber phoneNumber = BuilderFactoryUtil.buildXmlObject(TelephoneNumber.class);
+ contact.setType(contactType);
+ emailAddressObj.setAddress(currentContact.getEmail());
+ company.setName(currentContact.getCompany());
+ givenName.setName(currentContact.getGivenName());
+ surName.setName(currentContact.getSurName());
+ phoneNumber.setNumber(currentContact.getPhone());
+
+ populateContact(contact, currentContact, emailAddressObj, company, givenName, surName, phoneNumber);
+
+ } catch (IllegalAccessException iae) {
+ LOGGER.info("ERROR : error generating the Organization: {}", iae.getMessage());
+ LOGGER.debug("ERROR : error generating the Organization: {}", iae);
+ } catch (NoSuchFieldException nfe) {
+ LOGGER.info("ERROR : error generating the Organization: {}", nfe.getMessage());
+ LOGGER.debug("ERROR : error generating the Organization: {}", nfe);
+ }
+ return contact;
+ }
+
+ private void populateContact(ContactPerson contact,
+ Contact currentContact,
+ EmailAddress emailAddressObj,
+ Company company,
+ GivenName givenName,
+ SurName surName,
+ TelephoneNumber phoneNumber) {
+ if (!StringUtils.isEmpty(currentContact.getEmail())) {
+ contact.getEmailAddresses().add(emailAddressObj);
+ }
+ if (!StringUtils.isEmpty(currentContact.getCompany())) {
+ contact.setCompany(company);
+ }
+ if (!StringUtils.isEmpty(currentContact.getGivenName())) {
+ contact.setGivenName(givenName);
+ }
+ if (!StringUtils.isEmpty(currentContact.getSurName())) {
+ contact.setSurName(surName);
+ }
+ if (!StringUtils.isEmpty(currentContact.getPhone())) {
+ contact.getTelephoneNumbers().add(phoneNumber);
+ }
+
+ }
+
+ /**
+ * @param engine a EIDASSamlEngine from which signing and encryption information is extracted
+ */
+
+ public void initialize(ProtocolEngineI engine) throws EIDASSAMLEngineException {
+
+ X509Certificate decryptionCertificate = engine.getDecryptionCertificate();
+ if (null != decryptionCertificate) {
+ params.setEncryptionCredential(CertificateUtil.toCredential(decryptionCertificate));
+ }
+ params.setSigningCredential(CertificateUtil.toCredential(engine.getSigningCertificate()));
+ params.setIdpEngine(engine);
+ params.setSpEngine(engine);
+ }
+
+ /**
+ * @param spEngine a EIDASSamlEngine for the
+ */
+
+ public void initialize(ProtocolEngineI spEngine, ProtocolEngineI idpEngine) throws EIDASSAMLEngineException {
+ if (idpEngine != null) {
+ idpEngine.getProtocolProcessor().configure();
+ params.setIdpSigningCredential(CertificateUtil.toCredential(idpEngine.getSigningCertificate()));
+
+ final X509Certificate idpEngineDecryptionCertificate = idpEngine.getDecryptionCertificate();
+ if (idpEngineDecryptionCertificate != null) {
+ params.setIdpEncryptionCredential(CertificateUtil.toCredential(idpEngineDecryptionCertificate));
+ }
+
+ }
+ if (spEngine != null) {
+ spEngine.getProtocolProcessor().configure();
+ params.setSpSigningCredential(CertificateUtil.toCredential(spEngine.getSigningCertificate()));
+
+ final X509Certificate spEngineDecryptionCertificate = spEngine.getDecryptionCertificate();
+ if (spEngineDecryptionCertificate != null) {
+ params.setSpEncryptionCredential(CertificateUtil.toCredential(spEngineDecryptionCertificate));
+ }
+ }
+
+ params.setIdpEngine(idpEngine);
+ params.setSpEngine(spEngine);
+ }
+
+ public void addSPRole() throws EIDASSAMLEngineException {
+ try {
+ if (spSSODescriptor == null) {
+ spSSODescriptor = BuilderFactoryUtil.buildXmlObject(SPSSODescriptor.class);
+ }
+ } catch (IllegalAccessException iae) {
+ throw new EIDASSAMLEngineException(iae);
+ } catch (NoSuchFieldException nsfe) {
+ throw new EIDASSAMLEngineException(nsfe);
+ }
+ }
+
+ public void addIDPRole() throws EIDASSAMLEngineException {
+ try {
+ if (idpSSODescriptor == null) {
+ idpSSODescriptor = BuilderFactoryUtil.buildXmlObject(IDPSSODescriptor.class);
+ }
+ } catch (IllegalAccessException iae) {
+ throw new EIDASSAMLEngineException(iae);
+ } catch (NoSuchFieldException nsfe) {
+ throw new EIDASSAMLEngineException(nsfe);
+ }
+ }
+
+ private void generateDigest(Extensions eidasExtensions) throws EIDASSAMLEngineException {
+ if (!StringUtils.isEmpty(params.getDigestMethods())) {
+ Set<String> signatureMethods = EIDASUtil.parseSemicolonSeparatedList(params.getDigestMethods());
+ Set<String> digestMethods = new HashSet<String>();
+ for (String signatureMethod : signatureMethods) {
+ digestMethods.add(CertificateUtil.validateDigestAlgorithm(signatureMethod));
+ }
+ for (String digestMethod : digestMethods) {
+ final DigestMethod dm = (DigestMethod) BuilderFactoryUtil.buildXmlObject(DigestMethod.DEF_ELEMENT_NAME);
+ if (dm != null) {
+ dm.setAlgorithm(digestMethod);
+ eidasExtensions.getUnknownXMLObjects().add(dm);
+ } else {
+ LOGGER.info("BUSINESS EXCEPTION error adding DigestMethod extension");
+ }
+ }
+ }
+
+ }
+
+ private Extensions generateExtensions() throws EIDASSAMLEngineException {
+ Extensions eidasExtensions = BuilderFactoryUtil.generateExtension();
+ if (params.getAssuranceLevel() != null) {
+ generateLoA(eidasExtensions);
+ }
+ if (!StringUtils.isEmpty(params.getSpType())) {
+ final SPType spTypeObj = (SPType) BuilderFactoryUtil.buildXmlObject(SPType.DEF_ELEMENT_NAME);
+ if (spTypeObj != null) {
+ spTypeObj.setSPType(params.getSpType());
+ eidasExtensions.getUnknownXMLObjects().add(spTypeObj);
+ } else {
+ LOGGER.info("BUSINESS EXCEPTION error adding SPType extension");
+ }
+ }
+ generateDigest(eidasExtensions);
+
+ if (!StringUtils.isEmpty(params.getSigningMethods())) {
+ Set<String> signMethods = EIDASUtil.parseSemicolonSeparatedList(params.getDigestMethods());
+ for (String signMethod : signMethods) {
+ final SigningMethod sm =
+ (SigningMethod) BuilderFactoryUtil.buildXmlObject(SigningMethod.DEF_ELEMENT_NAME);
+ if (sm != null) {
+ sm.setAlgorithm(signMethod);
+ eidasExtensions.getUnknownXMLObjects().add(sm);
+ } else {
+ LOGGER.info("BUSINESS EXCEPTION error adding SigningMethod extension");
+ }
+ }
+ }
+ return eidasExtensions;
+ }
+
+ private void generateLoA(Extensions eidasExtensions) throws EIDASSAMLEngineException {
+ EntityAttributes loa =
+ (EntityAttributes) BuilderFactoryUtil.buildXmlObject(EntityAttributes.DEFAULT_ELEMENT_NAME);
+ Attribute loaAttrib = (Attribute) BuilderFactoryUtil.buildXmlObject(Attribute.DEFAULT_ELEMENT_NAME);
+ loaAttrib.setName(EidasConstants.LEVEL_OF_ASSURANCE_NAME);
+ loaAttrib.setNameFormat(Attribute.URI_REFERENCE);
+ XSStringBuilder stringBuilder =
+ (XSStringBuilder) Configuration.getBuilderFactory().getBuilder(XSString.TYPE_NAME);
+ XSString stringValue = stringBuilder.buildObject(AttributeValue.DEFAULT_ELEMENT_NAME, XSString.TYPE_NAME);
+ stringValue.setValue(params.getAssuranceLevel());
+ loaAttrib.getAttributeValues().add(stringValue);
+ loa.getAttributes().add(loaAttrib);
+ eidasExtensions.getUnknownXMLObjects().add(loa);
+
+ }
+
+ private static final Set<String> DEFAULT_BINDING = new HashSet<String>() {{
+ this.add(SAMLConstants.SAML2_POST_BINDING_URI);
+ }};
+
+ private void addAssertionConsumerService() throws EIDASSAMLEngineException {
+ int index = 0;
+ Set<String> bindings = params.getProtocolBinding().isEmpty() ? DEFAULT_BINDING : params.getProtocolBinding();
+ for (String binding : bindings) {
+ AssertionConsumerService asc = (AssertionConsumerService) BuilderFactoryUtil.buildXmlObject(
+ AssertionConsumerService.DEFAULT_ELEMENT_NAME);
+ asc.setLocation(params.getAssertionConsumerUrl());
+ asc.setBinding(checkBinding(binding));
+ asc.setIndex(index);
+ if (index == 0) {
+ asc.setIsDefault(true);
+ }
+ index++;
+ spSSODescriptor.getAssertionConsumerServices().add(asc);
+ }
+ }
+
+ private String checkBinding(String binding) {
+ if (binding != null && (binding.equals(SAMLConstants.SAML2_REDIRECT_BINDING_URI) || binding.equals(
+ SAMLConstants.SAML2_POST_BINDING_URI))) {
+ return binding;
+ }
+ return SAMLConstants.SAML2_POST_BINDING_URI;
+ }
+
+ private DateTime getExpireDate() {
+ DateTime expiryDate = DateTime.now();
+ expiryDate =
+ expiryDate.withFieldAdded(DurationFieldType.seconds(), (int) (getConfigParams().getValidityDuration()));
+ return expiryDate;
+ }
+
+ private void generateSupportedAttributes(IDPSSODescriptor idpssoDescriptor,
+ ImmutableSortedSet<AttributeDefinition<?>> attributeDefinitions)
+ throws EIDASSAMLEngineException {
+ List<Attribute> attributes = idpssoDescriptor.getAttributes();
+ for (AttributeDefinition<?> attributeDefinition : attributeDefinitions) {
+ Attribute a = (Attribute) BuilderFactoryUtil.buildXmlObject(Attribute.DEFAULT_ELEMENT_NAME);
+ a.setName(attributeDefinition.getNameUri().toASCIIString());
+ a.setFriendlyName(attributeDefinition.getFriendlyName());
+ a.setNameFormat(Attribute.URI_REFERENCE);
+ attributes.add(a);
+ }
+ }
+
+ public MetadataConfigParams getConfigParams() {
+ return params;
+ }
+
+ public void setConfigParams(MetadataConfigParams params) {
+ this.params = params;
+ }
+
+}
diff --git a/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas/utils/SAMLEngineUtils.java b/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas/utils/SAMLEngineUtils.java
index eeb8305cf..eb50c113f 100644
--- a/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas/utils/SAMLEngineUtils.java
+++ b/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas/utils/SAMLEngineUtils.java
@@ -22,15 +22,27 @@
*/
package at.gv.egovernment.moa.id.auth.modules.eidas.utils;
+import java.io.InputStream;
+import java.util.HashMap;
+import java.util.Map;
+
+import org.opensaml.xml.ConfigurationException;
+import org.opensaml.xml.XMLConfigurator;
+
import at.gv.egovernment.moa.id.auth.modules.eidas.Constants;
import at.gv.egovernment.moa.id.auth.modules.eidas.config.MOAIDCertificateManagerConfigurationImpl;
+import at.gv.egovernment.moa.id.auth.modules.eidas.config.MOASWSigner;
+import at.gv.egovernment.moa.id.auth.modules.eidas.engine.MOAEidasProtocolProcesser;
import at.gv.egovernment.moa.id.auth.modules.eidas.engine.MOAeIDASChainingMetadataProvider;
import at.gv.egovernment.moa.id.auth.modules.eidas.engine.MOAeIDASMetadataProviderDecorator;
-import at.gv.egovernment.moa.id.auth.modules.eidas.engine.MOAeIDAsExtensionProcessor;
import at.gv.egovernment.moa.id.auth.modules.eidas.exceptions.EIDASEngineException;
import at.gv.egovernment.moa.logging.Logger;
-import eu.eidas.auth.engine.EIDASSAMLEngine;
-import eu.eidas.auth.engine.core.ExtensionProcessorI;
+import eu.eidas.auth.commons.attribute.AttributeDefinition;
+import eu.eidas.auth.engine.ProtocolEngineI;
+import eu.eidas.auth.engine.SamlEngineSystemClock;
+import eu.eidas.auth.engine.metadata.MetadataFetcherI;
+import eu.eidas.auth.engine.metadata.MetadataSignerI;
+import eu.eidas.auth.engine.xml.opensaml.SAMLBootstrap;
import eu.eidas.engine.exceptions.EIDASSAMLEngineException;
import eu.eidas.samlengineconfig.CertificateConfigurationManager;
@@ -40,31 +52,44 @@ import eu.eidas.samlengineconfig.CertificateConfigurationManager;
*/
public class SAMLEngineUtils {
- private static EIDASSAMLEngine eIDASEngine = null;
+ private static ProtocolEngineI eIDASEngine = null;
+ private static MetadataSignerI metadataSigner = null;
+ private static MetadataFetcherI metadataFetcher = null;
+ private static Map<String, AttributeDefinition<?>> allSupportedAttributeMap =
+ new HashMap<String, AttributeDefinition<?>>();
- public static synchronized EIDASSAMLEngine createSAMLEngine() throws EIDASEngineException{
+ public static synchronized ProtocolEngineI createSAMLEngine(MOAeIDASChainingMetadataProvider moaeIDASMetadataProvider) throws EIDASEngineException{
if (eIDASEngine == null) {
try {
//get eIDAS SAMLengine configuration from MOA-ID configuration
CertificateConfigurationManager configManager = new MOAIDCertificateManagerConfigurationImpl();
+
+ //set metadata management to eIDAS SAMLengine
+ metadataFetcher = new MOAeIDASMetadataProviderDecorator(moaeIDASMetadataProvider);
+
+ //set metadata signer
+ metadataSigner = new MOASWSigner(configManager);
+
+ //build eIDAS SAML eninge
+ ProtocolEngineI engine = MOAProtocolEngineFactory.createProtocolEngine(
+ Constants.eIDAS_SAML_ENGINE_NAME,
+ configManager,
+ new MOAEidasProtocolProcesser(metadataFetcher, metadataSigner),
+ new SamlEngineSystemClock());
+
+ //build a map with all actually supported attributes
+ for (AttributeDefinition<?> el : engine.getProtocolProcessor().getAllSupportedAttributes())
+ allSupportedAttributeMap.put(el.getFriendlyName(), el);
+
+ //TODO: check if bug is fixed in next eIDAS SAML-engine version
+ //overwrite eIDAS response validator suite because Condition-Valitator has not time jitter
+ initOpenSAMLConfig("own-saml-eidasnode-config.xml");
- //initial eIDAS SAMLengine
- EIDASSAMLEngine engine = EIDASSAMLEngine.createSAMLEngine(Constants.eIDAS_SAML_ENGINE_NAME,
- configManager);
-
- //set metadata management to eIDAS SAMLengine
- engine.setMetadataProcessor(
- new MOAeIDASMetadataProviderDecorator(
- MOAeIDASChainingMetadataProvider.getInstance()));
-
- //set MOA specific extension processor
- ExtensionProcessorI extensionProcessor = new MOAeIDAsExtensionProcessor();
- engine.setExtensionProcessor(extensionProcessor);
eIDASEngine = engine;
- } catch (EIDASSAMLEngineException e) {
+ } catch (EIDASSAMLEngineException | ConfigurationException e) {
Logger.error("eIDAS SAMLengine initialization FAILED!", e);
throw new EIDASEngineException("eIDAS.00", new Object[]{e.getMessage()}, e);
@@ -73,5 +98,51 @@ public class SAMLEngineUtils {
return eIDASEngine;
}
+
+ /**
+ * Get a map of all eIDAS attributes, which are actually supported by eIDAS engine
+ *
+ * @return Map<Attr. FriendlyName, AttributeDefinition>
+ */
+ public static Map<String, AttributeDefinition<?>> getMapOfAllAvailableAttributes() {
+ return allSupportedAttributeMap;
+
+ }
+
+ /**
+ * @return the metadataSigner
+ */
+ public static MetadataSignerI getMetadataSigner() {
+ if (eIDASEngine != null)
+ return metadataSigner;
+
+ else {
+ Logger.error("eIDAS SAMLEngine is not initialized.");
+ return null;
+
+ }
+ }
+
+ /**
+ * @return the metadataFetcher
+ */
+ public static MetadataFetcherI getMetadataFetcher() {
+ if (eIDASEngine != null)
+ return metadataFetcher;
+
+ else {
+ Logger.error("eIDAS SAMLEngine is not initialized.");
+ return null;
+
+ }
+ }
+
+ private static void initOpenSAMLConfig(String xmlConfig) throws ConfigurationException {
+ XMLConfigurator configurator = new XMLConfigurator();
+ InputStream is = SAMLBootstrap.class.getClassLoader().getResourceAsStream(xmlConfig);
+ configurator.load(is);
+
+ }
+
}
diff --git a/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas/utils/SimpleEidasAttributeGenerator.java b/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas/utils/SimpleEidasAttributeGenerator.java
new file mode 100644
index 000000000..d43fa1622
--- /dev/null
+++ b/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas/utils/SimpleEidasAttributeGenerator.java
@@ -0,0 +1,68 @@
+/*
+ * Copyright 2014 Federal Chancellery Austria
+ * MOA-ID has been developed in a cooperation between BRZ, the Federal
+ * Chancellery Austria - ICT staff unit, and Graz University of Technology.
+ *
+ * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by
+ * the European Commission - subsequent versions of the EUPL (the "Licence");
+ * You may not use this work except in compliance with the Licence.
+ * You may obtain a copy of the Licence at:
+ * http://www.osor.eu/eupl/
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the Licence is distributed on an "AS IS" basis,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the Licence for the specific language governing permissions and
+ * limitations under the Licence.
+ *
+ * This product combines work with different licenses. See the "NOTICE" text
+ * file for details on the various modules and licenses.
+ * The "NOTICE" text file is part of the distribution. Any derivative works
+ * that you distribute must include a readable copy of the "NOTICE" text file.
+ */
+package at.gv.egovernment.moa.id.auth.modules.eidas.utils;
+
+import at.gv.egovernment.moa.id.protocols.builder.attributes.IAttributeGenerator;
+
+/**
+ * @author tlenz
+ *
+ */
+public class SimpleEidasAttributeGenerator implements IAttributeGenerator<String> {
+
+ /* (non-Javadoc)
+ * @see at.gv.egovernment.moa.id.protocols.builder.attributes.IAttributeGenerator#buildStringAttribute(java.lang.String, java.lang.String, java.lang.String)
+ */
+ @Override
+ public String buildStringAttribute(String friendlyName, String name, String value) {
+ return value;
+
+ }
+
+ /* (non-Javadoc)
+ * @see at.gv.egovernment.moa.id.protocols.builder.attributes.IAttributeGenerator#buildIntegerAttribute(java.lang.String, java.lang.String, int)
+ */
+ @Override
+ public String buildIntegerAttribute(String friendlyName, String name, int value) {
+ return String.valueOf(value);
+
+ }
+
+ /* (non-Javadoc)
+ * @see at.gv.egovernment.moa.id.protocols.builder.attributes.IAttributeGenerator#buildLongAttribute(java.lang.String, java.lang.String, long)
+ */
+ @Override
+ public String buildLongAttribute(String friendlyName, String name, long value) {
+ return String.valueOf(value);
+
+ }
+
+ /* (non-Javadoc)
+ * @see at.gv.egovernment.moa.id.protocols.builder.attributes.IAttributeGenerator#buildEmptyAttribute(java.lang.String, java.lang.String)
+ */
+ @Override
+ public String buildEmptyAttribute(String friendlyName, String name) {
+ return null;
+ }
+
+}
diff --git a/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/protocols/eidas/EIDASData.java b/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/protocols/eidas/EIDASData.java
index 563c3a18c..7647b4cab 100644
--- a/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/protocols/eidas/EIDASData.java
+++ b/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/protocols/eidas/EIDASData.java
@@ -2,13 +2,14 @@ package at.gv.egovernment.moa.id.protocols.eidas;
import java.util.Collection;
+import org.opensaml.saml2.metadata.provider.MetadataProvider;
import org.springframework.beans.factory.config.BeanDefinition;
import org.springframework.context.annotation.Scope;
import org.springframework.stereotype.Component;
-import at.gv.egovernment.moa.id.auth.modules.eidas.utils.MOAPersonalAttributeList;
import at.gv.egovernment.moa.id.moduls.RequestImpl;
-import eu.eidas.auth.commons.EIDASAuthnRequest;
+import eu.eidas.auth.commons.attribute.ImmutableAttributeMap;
+import eu.eidas.auth.commons.protocol.IAuthenticationRequest;
@Component("EIDASData")
@Scope(value = BeanDefinition.SCOPE_PROTOTYPE)
@@ -18,10 +19,10 @@ public class EIDASData extends RequestImpl {
private static final long serialVersionUID = 8765755670214923910L;
/** The attributes requested by the eIDaS. */
- private MOAPersonalAttributeList attributes;
+ private ImmutableAttributeMap attributes;
/** The incoming eIDaS SAML2 AuthnRequest. */
- private EIDASAuthnRequest authnRequest;
+ private IAuthenticationRequest authnRequest;
/** The ip address of the requester. */
private String remoteIPAddress;
@@ -29,7 +30,7 @@ public class EIDASData extends RequestImpl {
private String remoteRelayState;
@Override
- public Collection<String> getRequestedAttributes() {
+ public Collection<String> getRequestedAttributes(MetadataProvider metadataProvider) {
// TODO Auto-generated method stub
return null;
}
@@ -39,17 +40,17 @@ public class EIDASData extends RequestImpl {
*
* @return the requested attributes
*/
- public MOAPersonalAttributeList getEidasRequestedAttributes() {
- return (MOAPersonalAttributeList) attributes.clone();
+ public ImmutableAttributeMap getEidasRequestedAttributes() {
+ return attributes;
}
/**
* Sets the eidas requested attributes.
*
- * @param personalAttributeList the requested attributes
+ * @param immutableAttributeMap the requested attributes
*/
- public void setEidasRequestedAttributes(MOAPersonalAttributeList personalAttributeList) {
- attributes = personalAttributeList;
+ public void setEidasRequestedAttributes(ImmutableAttributeMap immutableAttributeMap) {
+ attributes = immutableAttributeMap;
}
/**
@@ -57,7 +58,7 @@ public class EIDASData extends RequestImpl {
*
* @return the eidas request
*/
- public EIDASAuthnRequest getEidasRequest() {
+ public IAuthenticationRequest getEidasRequest() {
return authnRequest;
}
@@ -66,7 +67,7 @@ public class EIDASData extends RequestImpl {
*
* @param request the new eidas request
*/
- public void setEidasRequest(EIDASAuthnRequest request) {
+ public void setEidasRequest(IAuthenticationRequest request) {
authnRequest = request;
}
diff --git a/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/protocols/eidas/EIDASProtocol.java b/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/protocols/eidas/EIDASProtocol.java
index 779d898be..13e64cdd0 100644
--- a/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/protocols/eidas/EIDASProtocol.java
+++ b/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/protocols/eidas/EIDASProtocol.java
@@ -34,6 +34,8 @@ import org.apache.velocity.VelocityContext;
import org.apache.velocity.app.VelocityEngine;
import org.opensaml.saml2.core.StatusCode;
import org.opensaml.saml2.metadata.AssertionConsumerService;
+import org.opensaml.saml2.metadata.EntityDescriptor;
+import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.http.MediaType;
import org.springframework.stereotype.Controller;
import org.springframework.web.bind.annotation.RequestMapping;
@@ -44,11 +46,11 @@ import at.gv.egovernment.moa.id.auth.frontend.velocity.VelocityProvider;
import at.gv.egovernment.moa.id.auth.modules.eidas.Constants;
import at.gv.egovernment.moa.id.auth.modules.eidas.engine.MOAeIDASChainingMetadataProvider;
import at.gv.egovernment.moa.id.auth.modules.eidas.engine.MOAeIDASMetadataProviderDecorator;
-import at.gv.egovernment.moa.id.auth.modules.eidas.exceptions.eIDASAuthnRequestProcessingException;
-import at.gv.egovernment.moa.id.auth.modules.eidas.exceptions.eIDASAuthnRequestValidationException;
-import at.gv.egovernment.moa.id.auth.modules.eidas.exceptions.eIDASException;
-import at.gv.egovernment.moa.id.auth.modules.eidas.utils.MOAPersonalAttributeList;
+import at.gv.egovernment.moa.id.auth.modules.eidas.exceptions.EIDASAuthnRequestProcessingException;
+import at.gv.egovernment.moa.id.auth.modules.eidas.exceptions.EIDASAuthnRequestValidationException;
+import at.gv.egovernment.moa.id.auth.modules.eidas.exceptions.EIDASException;
import at.gv.egovernment.moa.id.auth.modules.eidas.utils.SAMLEngineUtils;
+import at.gv.egovernment.moa.id.commons.MOAIDAuthConstants;
import at.gv.egovernment.moa.id.commons.api.IOAAuthParameters;
import at.gv.egovernment.moa.id.commons.api.IRequest;
import at.gv.egovernment.moa.id.commons.api.exceptions.MOAIDException;
@@ -56,10 +58,14 @@ import at.gv.egovernment.moa.id.moduls.RequestImpl;
import at.gv.egovernment.moa.id.protocols.AbstractAuthProtocolModulController;
import at.gv.egovernment.moa.logging.Logger;
import at.gv.egovernment.moa.util.MiscUtil;
-import eu.eidas.auth.commons.EIDASAuthnRequest;
-import eu.eidas.auth.commons.EIDASAuthnResponse;
-import eu.eidas.auth.commons.EIDASUtil;
-import eu.eidas.auth.engine.EIDASSAMLEngine;
+import eu.eidas.auth.commons.EidasStringUtil;
+import eu.eidas.auth.commons.protocol.IAuthenticationRequest;
+import eu.eidas.auth.commons.protocol.IResponseMessage;
+import eu.eidas.auth.commons.protocol.eidas.IEidasAuthenticationRequest;
+import eu.eidas.auth.commons.protocol.eidas.impl.EidasAuthenticationRequest;
+import eu.eidas.auth.commons.protocol.impl.AuthenticationResponse;
+import eu.eidas.auth.commons.protocol.impl.AuthenticationResponse.Builder;
+import eu.eidas.auth.engine.ProtocolEngineI;
import eu.eidas.auth.engine.metadata.MetadataUtil;
import eu.eidas.engine.exceptions.EIDASSAMLEngineException;
@@ -72,14 +78,17 @@ import eu.eidas.engine.exceptions.EIDASSAMLEngineException;
public class EIDASProtocol extends AbstractAuthProtocolModulController {
public static final String NAME = EIDASProtocol.class.getName();
- public static final String PATH = "eidas";
+ public static final String PATH = "eidas";
+ @Autowired(required=true) MOAeIDASChainingMetadataProvider eIDASMetadataProvider;
+
public EIDASProtocol() {
super();
Logger.debug("Registering servlet " + getClass().getName() +
" with mappings '" + Constants.eIDAS_HTTP_ENDPOINT_METADATA +
"' and '" + Constants.eIDAS_HTTP_ENDPOINT_IDP_COLLEAGUEREQUEST +
- "' and '" + Constants.eIDAS_HTTP_ENDPOINT_IDP_POST +"'.");
+ //"' and '" + Constants.eIDAS_HTTP_ENDPOINT_IDP_POST +
+ "'.");
}
@@ -164,75 +173,139 @@ public class EIDASProtocol extends AbstractAuthProtocolModulController {
String base64SamlToken = request.getParameter("SAMLRequest");
if (MiscUtil.isEmpty(base64SamlToken)) {
Logger.warn("No eIDAS SAMLRequest found in http request.");
- throw new MOAIDException("HTTP request includes no eIDAS SAML-Request element.", null);
+ throw new MOAIDException("eIDAS.06", new Object[]{"HTTP request includes no eIDAS SAML-Request element."});
}
- byte[] decSamlToken = EIDASUtil.decodeSAMLToken(base64SamlToken);
-
+
try {
+ //decode SAML2 token
+ byte[] decSamlToken = EidasStringUtil.decodeBytesFromBase64(base64SamlToken);
+
//get eIDAS SAML-engine
- EIDASSAMLEngine engine = SAMLEngineUtils.createSAMLEngine();
-
- //validate SAML token
- EIDASAuthnRequest samlReq = engine.validateEIDASAuthnRequest(decSamlToken);
-
- // - memorize remote ip
- pendingReq.setRemoteAddress(request.getRemoteAddr());
+ ProtocolEngineI engine = SAMLEngineUtils.createSAMLEngine(eIDASMetadataProvider);
- // - memorize relaystate
- String relayState = request.getParameter("RelayState");
- pendingReq.setRemoteRelayState(relayState);
-
- // - memorize country code of target country
- pendingReq.setGenericDataToSession(
- RequestImpl.eIDAS_GENERIC_REQ_DATA_COUNTRY, samlReq.getCountry());
+ String cititzenCountryCode =
+ authConfig.getBasicMOAIDConfiguration(Constants.CONIG_PROPS_EIDAS_NODE_COUNTRYCODE,
+ MOAIDAuthConstants.COUNTRYCODE_AUSTRIA);
- // - memorize requested attributes
- pendingReq.setEidasRequestedAttributes(new MOAPersonalAttributeList(samlReq.getPersonalAttributeList()));
+
+ //****************************************
+ //***** validate eIDAS request *********
+ //****************************************
+ //validate SAML token
+ IAuthenticationRequest samlReq = engine.unmarshallRequestAndValidate(decSamlToken, cititzenCountryCode );
- // - memorize whole request
- samlReq.setPersonalAttributeList(pendingReq.getEidasRequestedAttributes()); // circumvent non-serializable eidas personal attribute list
- pendingReq.setEidasRequest(samlReq);
+ //validate internal JAVA class type
+ if (!(samlReq instanceof IEidasAuthenticationRequest)) {
+ Logger.error("eIDAS AuthnRequst from node:" + samlReq.getIssuer()
+ + " is NOT from Type:" + IEidasAuthenticationRequest.class.getName());
+ throw new MOAIDException("eIDAS.06", new Object[]{"eIDAS AuthnRequest maps to an wrong internal Type."});
+
+ }
+ IEidasAuthenticationRequest eIDASSamlReq = (IEidasAuthenticationRequest) samlReq;
+
+ //validate Destination against MOA-ID-Auth configuration
+ String reqDestination = eIDASSamlReq.getDestination();
+ if (MiscUtil.isEmpty(reqDestination) ||
+ !reqDestination.startsWith(pendingReq.getAuthURL())) {
+ Logger.info("eIDAS AuthnRequest contains a not valid 'Destination' attribute");
+ throw new EIDASAuthnRequestValidationException("stork.01",
+ new Object[]{"eIDAS AuthnRequest contains a not valid 'Destination' attribute"});
+
+ }
+
+ //validate AssertionConsumerServiceURL against metadata
+ EntityDescriptor eIDASNodeEntityDesc = new MOAeIDASMetadataProviderDecorator(eIDASMetadataProvider)
+ .getEntityDescriptor(eIDASSamlReq.getIssuer(), SAMLEngineUtils.getMetadataSigner());
- //validate destination against metadata
- String reqDestination = samlReq.getDestination();
- if (MiscUtil.isNotEmpty(reqDestination)) {
- boolean isValid = false;
- List<AssertionConsumerService> allowedAssertionConsumerUrl = new MOAeIDASMetadataProviderDecorator(MOAeIDASChainingMetadataProvider.getInstance())
- .getSPSSODescriptor(samlReq.getIssuer()).getAssertionConsumerServices();
+ String reqAssertionConsumerServiceURL = eIDASSamlReq.getAssertionConsumerServiceURL();
+ if (MiscUtil.isNotEmpty(reqAssertionConsumerServiceURL)) {
+ boolean isValid = false;
+ List<AssertionConsumerService> allowedAssertionConsumerUrl =
+ MetadataUtil.getSPSSODescriptor(eIDASNodeEntityDesc).getAssertionConsumerServices();
for (AssertionConsumerService el : allowedAssertionConsumerUrl) {
- if (reqDestination.equals(el.getLocation()))
+ if (reqAssertionConsumerServiceURL.equals(el.getLocation()))
isValid = true;
}
if (!isValid) {
- Logger.info("eIDAS AuthnRequest contains a not valid 'Destination' attribute");
- throw new eIDASAuthnRequestValidationException("stork.01",
- new Object[]{"eIDAS AuthnRequest contains a not valid 'Destination' attribute"});
+ Logger.info("eIDAS AuthnRequest contains a not valid 'AssertionConsumerServiceURL' attribute");
+ throw new EIDASAuthnRequestValidationException("eIDAS.12",
+ new Object[]{"eIDAS AuthnRequest contains a not valid 'AssertionConsumerServiceURL' attribute"});
}
- }
+ } else {
+ /*TODO: eIDAS SAMLEngine 1.1.0 does not validate and set AssertionConsumerServiceURL in a correct form
+ *
+ * Actually, this step is required because EidasProtocolProcesser.class only use the AssertionConsumerServiceURL
+ * from AuthnRequest to set the 'Destination' attribute in eIDAS Response. However, the AssertionConsumerServiceURL
+ * could be empty in Request, which break the Response building process.
+ */
+ String assertionConsumerServiceURL = MetadataUtil.getAssertionConsumerUrlFromMetadata(
+ SAMLEngineUtils.getMetadataFetcher(), SAMLEngineUtils.getMetadataSigner(), eIDASSamlReq);
+ if (MiscUtil.isEmpty(assertionConsumerServiceURL)) {
+ Logger.error("eIDAS metadata for node:" + eIDASSamlReq.getIssuer()
+ + " contains NO 'AssertionConsumerServiceURL' element!");
+ throw new EIDASSAMLEngineException("eIDAS metadata for node:" + eIDASSamlReq.getIssuer()
+ + " contains NO 'AssertionConsumerServiceURL' element!");
+
+ }
+
+ EidasAuthenticationRequest.Builder test = EidasAuthenticationRequest.builder(eIDASSamlReq);
+ test.assertionConsumerServiceURL(assertionConsumerServiceURL);
+ eIDASSamlReq = test.build();
+
+ }
+
+ //*************************************************
+ //***** store eIDAS request information *********
+ //*************************************************
+ // - memorize remote ip
+ pendingReq.setRemoteAddress(request.getRemoteAddr());
+
+ // - memorize relaystate
+ String relayState = request.getParameter("RelayState");
+ pendingReq.setRemoteRelayState(relayState);
+
+ // - memorize country code of target country
+ pendingReq.setGenericDataToSession(
+ RequestImpl.eIDAS_GENERIC_REQ_DATA_COUNTRY, samlReq.getOriginCountryCode());
+
+ //store level of assurance
+ pendingReq.setGenericDataToSession(RequestImpl.eIDAS_GENERIC_REQ_DATA_LEVELOFASSURENCE,
+ eIDASSamlReq.getEidasLevelOfAssurance().stringValue());
+
+ // - memorize requested attributes
+ pendingReq.setEidasRequestedAttributes(eIDASSamlReq.getRequestedAttributes());
+
+ // - memorize whole request
+ pendingReq.setEidasRequest(eIDASSamlReq);
+
// - memorize OA url
pendingReq.setOAURL(samlReq.getIssuer());
// - memorize OA config
IOAAuthParameters oaConfig = authConfig.getOnlineApplicationParameter(pendingReq.getOAURL());
if (oaConfig == null)
- throw new eIDASAuthnRequestProcessingException("eIDAS.08", new Object[]{pendingReq.getOAURL()});
+ throw new EIDASAuthnRequestProcessingException("eIDAS.08", new Object[]{pendingReq.getOAURL()});
pendingReq.setOnlineApplicationConfiguration(oaConfig);
-
- String spType = samlReq.getSPType();
- if (MiscUtil.isEmpty(spType)) {
- Logger.info("Load SPType from metadata ... IS NOT IMPLEMENTED YET!!!");
- //TODO: maybe implement this if required
+
+ // - memorize service-provider type from eIDAS request
+ String spType = null;
+ if (eIDASSamlReq.getSpType() != null)
+ spType = eIDASSamlReq.getSpType().getValue();
+
+ if (MiscUtil.isEmpty(spType))
+ spType = MetadataUtil.getSPTypeFromMetadata(eIDASNodeEntityDesc);
- }
-
- Logger.debug("eIDAS request has SPType:" + spType);
+ if (MiscUtil.isEmpty(spType))
+ Logger.debug("eIDAS request has SPType:" + spType);
+ else
+ Logger.info("eIDAS request and eIDAS metadata contains NO 'SPType' element.");
} catch (MOAIDException e) {
Logger.info("eIDAS AuthnRequest preProcessing FAILED. Msg:" + e.getMessage());
@@ -240,11 +313,11 @@ public class EIDASProtocol extends AbstractAuthProtocolModulController {
} catch (EIDASSAMLEngineException e) {
Logger.info("eIDAS AuthnRequest preProcessing FAILED. Msg:" + e.getMessage());
- throw new eIDASAuthnRequestProcessingException("eIDAS.06", new Object[]{e.getMessage()}, e);
+ throw new EIDASAuthnRequestProcessingException("eIDAS.06", new Object[]{e.getMessage()}, e);
} catch(Exception e) {
Logger.warn("eIDAS AuthnRequest preProcessing FAILED. Msg:" + e.getMessage(), e);
- throw new eIDASAuthnRequestProcessingException("eIDAS.06", new Object[]{e.getMessage()}, e);
+ throw new EIDASAuthnRequestProcessingException("eIDAS.06", new Object[]{e.getMessage()}, e);
}
}
@@ -258,43 +331,40 @@ public class EIDASProtocol extends AbstractAuthProtocolModulController {
}
try {
- EIDASAuthnResponse eIDASResp = new EIDASAuthnResponse();
- eIDASResp.setIssuer(pendingReq.getAuthURL() + Constants.eIDAS_HTTP_ENDPOINT_METADATA);
-
- if (e instanceof eIDASException) {
- eIDASResp.setStatusCode(((eIDASException) e).getStatusCodeFirstLevel());
- eIDASResp.setSubStatusCode(((eIDASException) e).getStatusCodeSecondLevel());
- eIDASResp.setMessage(e.getMessage());
+ Builder eIDASRespBuilder = new AuthenticationResponse.Builder();
+ eIDASRespBuilder.issuer(pendingReq.getAuthURL() + Constants.eIDAS_HTTP_ENDPOINT_METADATA);
+
+ if (e instanceof EIDASException) {
+ eIDASRespBuilder.statusCode(((EIDASException) e).getStatusCodeFirstLevel());
+ eIDASRespBuilder.subStatusCode(((EIDASException) e).getStatusCodeSecondLevel());
+ eIDASRespBuilder.statusMessage(e.getMessage());
} else if (e instanceof MOAIDException ) {
- eIDASResp.setStatusCode(StatusCode.RESPONDER_URI);
- eIDASResp.setSubStatusCode(StatusCode.AUTHN_FAILED_URI);
- eIDASResp.setMessage(e.getMessage());
+ eIDASRespBuilder.statusCode(StatusCode.RESPONDER_URI);
+ eIDASRespBuilder.subStatusCode(StatusCode.AUTHN_FAILED_URI);
+ eIDASRespBuilder.statusMessage(e.getMessage());
} else {
- eIDASResp.setStatusCode(StatusCode.RESPONDER_URI);
- eIDASResp.setSubStatusCode(StatusCode.AUTHN_FAILED_URI);
- eIDASResp.setMessage(e.getMessage());
+ eIDASRespBuilder.statusCode(StatusCode.RESPONDER_URI);
+ eIDASRespBuilder.subStatusCode(StatusCode.AUTHN_FAILED_URI);
+ eIDASRespBuilder.statusMessage(e.getMessage());
}
-
+
+ eIDASRespBuilder.id(eu.eidas.auth.engine.xml.opensaml.SAMLEngineUtils.generateNCName());
+ eIDASRespBuilder.inResponseTo(eidasReq.getEidasRequest().getId());
- EIDASSAMLEngine engine = SAMLEngineUtils.createSAMLEngine();
+ //build response
+ AuthenticationResponse eIDASResp = eIDASRespBuilder.build();
- if(null == eidasReq.getEidasRequest().getAssertionConsumerServiceURL()) {
- String assertionConsumerUrl = MetadataUtil.getAssertionUrlFromMetadata(
- new MOAeIDASMetadataProviderDecorator(MOAeIDASChainingMetadataProvider.getInstance()),
- engine,
- eidasReq.getEidasRequest());
- eidasReq.getEidasRequest().setAssertionConsumerServiceURL(assertionConsumerUrl);
-
- }
//get eIDAS SAML-engine
+ ProtocolEngineI engine = SAMLEngineUtils.createSAMLEngine(eIDASMetadataProvider);
+
+ //build response message
+ IResponseMessage eIDASRespMsg = engine.generateResponseErrorMessage(eidasReq.getEidasRequest(),eIDASResp, eidasReq.getRemoteAddress());
- eIDASResp = engine.generateEIDASAuthnResponseFail(eidasReq.getEidasRequest(), eIDASResp,
- eidasReq.getRemoteAddress(), true);
- String token = EIDASUtil.encodeSAMLToken(eIDASResp.getTokenSaml());
+ String token = EidasStringUtil.encodeToBase64(eIDASRespMsg.getMessageBytes());
VelocityEngine velocityEngine = VelocityProvider.getClassPathVelocityEngine();
Template template = velocityEngine.getTemplate("/resources/templates/stork2_postbinding_template.html");
diff --git a/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/protocols/eidas/EidasMetaDataRequest.java b/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/protocols/eidas/EidasMetaDataRequest.java
index b4db5c83d..174fa2c17 100644
--- a/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/protocols/eidas/EidasMetaDataRequest.java
+++ b/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/protocols/eidas/EidasMetaDataRequest.java
@@ -21,14 +21,20 @@ import java.util.List;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
+import org.opensaml.common.xml.SAMLConstants;
import org.opensaml.saml2.metadata.ContactPerson;
import org.opensaml.saml2.metadata.Organization;
+import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.http.MediaType;
import org.springframework.stereotype.Service;
import at.gv.egovernment.moa.id.auth.modules.eidas.Constants;
+import at.gv.egovernment.moa.id.auth.modules.eidas.engine.MOAeIDASChainingMetadataProvider;
import at.gv.egovernment.moa.id.auth.modules.eidas.exceptions.EIDASEngineException;
+import at.gv.egovernment.moa.id.auth.modules.eidas.utils.MOAeIDASMetadataGenerator;
import at.gv.egovernment.moa.id.auth.modules.eidas.utils.SAMLEngineUtils;
+import at.gv.egovernment.moa.id.commons.MOAIDAuthConstants;
+import at.gv.egovernment.moa.id.commons.api.AuthConfiguration;
import at.gv.egovernment.moa.id.commons.api.IRequest;
import at.gv.egovernment.moa.id.commons.api.exceptions.ConfigurationException;
import at.gv.egovernment.moa.id.commons.api.exceptions.MOAIDException;
@@ -37,11 +43,10 @@ import at.gv.egovernment.moa.id.data.SLOInformationInterface;
import at.gv.egovernment.moa.id.moduls.IAction;
import at.gv.egovernment.moa.id.protocols.pvp2x.config.PVPConfiguration;
import at.gv.egovernment.moa.logging.Logger;
-import eu.eidas.auth.engine.EIDASSAMLEngine;
+import eu.eidas.auth.engine.ProtocolEngineI;
import eu.eidas.auth.engine.metadata.Contact;
import eu.eidas.auth.engine.metadata.MetadataConfigParams;
-import eu.eidas.auth.engine.metadata.MetadataGenerator;
-import eu.eidas.engine.exceptions.SAMLEngineException;
+import eu.eidas.engine.exceptions.EIDASSAMLEngineException;
/**
@@ -50,6 +55,9 @@ import eu.eidas.engine.exceptions.SAMLEngineException;
@Service("EidasMetaDataRequest")
public class EidasMetaDataRequest implements IAction {
+ @Autowired(required=true) MOAeIDASChainingMetadataProvider eIDASMetadataProvider;
+ @Autowired(required=true) AuthConfiguration authConfig;
+
/* (non-Javadoc)
* @see at.gv.egovernment.moa.id.moduls.IAction#processRequest(at.gv.egovernment.moa.id.moduls.IRequest, javax.servlet.http.HttpServletRequest, javax.servlet.http.HttpServletResponse, at.gv.egovernment.moa.id.data.IAuthData)
*/
@@ -61,10 +69,10 @@ public class EidasMetaDataRequest implements IAction {
try {
String pubURLPrefix = req.getAuthURL();
- String metadata_url = pubURLPrefix + Constants.eIDAS_HTTP_ENDPOINT_METADATA;
+ String metadata_url = pubURLPrefix + Constants.eIDAS_HTTP_ENDPOINT_METADATA;
+ String sp_return_url = pubURLPrefix + Constants.eIDAS_HTTP_ENDPOINT_SP_POST;
- String sp_return_url = pubURLPrefix + Constants.eIDAS_HTTP_ENDPOINT_SP_POST;
- String metaData = generateMetadata(metadata_url, sp_return_url);
+ String metaData = generateMetadata(req, metadata_url, sp_return_url);
Logger.trace(metaData);
@@ -100,24 +108,30 @@ public class EidasMetaDataRequest implements IAction {
}
- public String generateMetadata(String metadata_url, String sp_return_url) throws SAMLEngineException, EIDASEngineException{
+ public String generateMetadata(IRequest pendingReq, String metadata_url, String sp_return_url) throws EIDASSAMLEngineException, EIDASEngineException{
String metadata="invalid metadata";
- EIDASSAMLEngine engine = SAMLEngineUtils.createSAMLEngine();
+ ProtocolEngineI engine = SAMLEngineUtils.createSAMLEngine(eIDASMetadataProvider);
- MetadataGenerator generator = new MetadataGenerator();
+ MOAeIDASMetadataGenerator generator = new MOAeIDASMetadataGenerator();
MetadataConfigParams mcp=new MetadataConfigParams();
generator.setConfigParams(mcp);
generator.initialize(engine);
mcp.setEntityID(metadata_url);
mcp.setAssertionConsumerUrl(sp_return_url);
+ mcp.getProtocolBindingLocation().put(
+ SAMLConstants.SAML2_POST_BINDING_URI,
+ pendingReq.getAuthURL() + Constants.eIDAS_HTTP_ENDPOINT_IDP_COLLEAGUEREQUEST);
//TODO: make it configurable
mcp.setAuthnRequestsSigned(true);
mcp.setWantAssertionsSigned(true);
- mcp.setAssuranceLevel("http://eidas.europa.eu/LoA/substantial");
+ mcp.setAssuranceLevel(
+ authConfig.getBasicMOAIDConfiguration(
+ Constants.CONIG_PROPS_EIDAS_NODE_LoA,
+ MOAIDAuthConstants.eIDAS_LOA_HIGH));
//must be set in request, because it could be different for every online-application
//mcp.setSpType(SPType.DEFAULT_VALUE);
@@ -133,18 +147,24 @@ public class EidasMetaDataRequest implements IAction {
Contact technicalContact = new Contact();
List<ContactPerson> contacts = PVPConfiguration.getInstance().getIDPContacts();
- if (contacts != null && contacts.size() >= 1) {
- technicalContact.setEmail(contacts.get(0).getEmailAddresses().get(0).getAddress());
- technicalContact.setGivenName(contacts.get(0).getGivenName().getName());
- technicalContact.setSurName(contacts.get(0).getSurName().getName());
- technicalContact.setPhone(contacts.get(0).getTelephoneNumbers().get(0).getNumber());
+ if (contacts != null && contacts.size() >= 1) {
+ ContactPerson contact = contacts.get(0);
+ technicalContact.setGivenName(contact.getGivenName().getName());
+ technicalContact.setSurName(contact.getSurName().getName());
+
+ if (!contact.getEmailAddresses().isEmpty())
+ technicalContact.setEmail(contact.getEmailAddresses().get(0).getAddress());
+
+ if (!contact.getTelephoneNumbers().isEmpty())
+ technicalContact.setPhone(contact.getTelephoneNumbers().get(0).getNumber());
+
mcp.setTechnicalContact(technicalContact );
}
if (pvpOrganisation != null) {
mcp.setNodeUrl(pvpOrganisation.getURLs().get(0).getURL().getLocalString());
- mcp.setCountryName("Austria");
+ mcp.setCountryName(authConfig.getBasicMOAIDConfiguration(Constants.CONIG_PROPS_EIDAS_NODE_COUNTRY, "Austria"));
technicalContact.setCompany(pvpOrganisation.getDisplayNames().get(0).getName().getLocalString());
}
diff --git a/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/protocols/eidas/eIDASAuthenticationRequest.java b/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/protocols/eidas/eIDASAuthenticationRequest.java
index ebd4e1e6d..22ac37604 100644
--- a/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/protocols/eidas/eIDASAuthenticationRequest.java
+++ b/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/protocols/eidas/eIDASAuthenticationRequest.java
@@ -23,8 +23,8 @@
package at.gv.egovernment.moa.id.protocols.eidas;
import java.io.StringWriter;
+import java.security.MessageDigest;
import java.text.SimpleDateFormat;
-import java.util.Map.Entry;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
@@ -32,29 +32,44 @@ import javax.servlet.http.HttpServletResponse;
import org.apache.velocity.Template;
import org.apache.velocity.VelocityContext;
import org.apache.velocity.app.VelocityEngine;
+import org.opensaml.saml2.core.StatusCode;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.http.MediaType;
import org.springframework.stereotype.Service;
+import com.google.common.collect.ImmutableSet;
+
import at.gv.egovernment.moa.id.advancedlogging.MOAReversionLogger;
import at.gv.egovernment.moa.id.auth.frontend.velocity.VelocityProvider;
import at.gv.egovernment.moa.id.auth.modules.eidas.Constants;
import at.gv.egovernment.moa.id.auth.modules.eidas.engine.MOAeIDASChainingMetadataProvider;
-import at.gv.egovernment.moa.id.auth.modules.eidas.engine.MOAeIDASMetadataProviderDecorator;
-import at.gv.egovernment.moa.id.auth.modules.eidas.utils.MOAPersonalAttributeList;
-import at.gv.egovernment.moa.id.auth.modules.eidas.utils.SAMLEngineUtils;
+import at.gv.egovernment.moa.id.auth.modules.eidas.utils.SimpleEidasAttributeGenerator;
import at.gv.egovernment.moa.id.commons.api.IRequest;
import at.gv.egovernment.moa.id.commons.api.exceptions.MOAIDException;
import at.gv.egovernment.moa.id.data.IAuthData;
+import at.gv.egovernment.moa.id.data.SLOInformationImpl;
import at.gv.egovernment.moa.id.data.SLOInformationInterface;
import at.gv.egovernment.moa.id.moduls.IAction;
+import at.gv.egovernment.moa.id.protocols.builder.attributes.IAttributeGenerator;
+import at.gv.egovernment.moa.id.protocols.builder.attributes.MandateLegalPersonFullNameAttributeBuilder;
+import at.gv.egovernment.moa.id.protocols.builder.attributes.MandateLegalPersonSourcePinAttributeBuilder;
+import at.gv.egovernment.moa.id.protocols.pvp2x.builder.attributes.exceptions.AttributeException;
+import at.gv.egovernment.moa.id.util.Random;
import at.gv.egovernment.moa.logging.Logger;
-import eu.eidas.auth.commons.EIDASAuthnResponse;
-import eu.eidas.auth.commons.EIDASStatusCode;
-import eu.eidas.auth.commons.EIDASUtil;
-import eu.eidas.auth.commons.PersonalAttribute;
-import eu.eidas.auth.engine.EIDASSAMLEngine;
-import eu.eidas.auth.engine.metadata.MetadataUtil;
+import at.gv.egovernment.moa.util.Base64Utils;
+import at.gv.egovernment.moa.util.MiscUtil;
+import eu.eidas.auth.commons.EidasStringUtil;
+import eu.eidas.auth.commons.attribute.AttributeDefinition;
+import eu.eidas.auth.commons.attribute.AttributeDefinition.Builder;
+import eu.eidas.auth.commons.attribute.AttributeValue;
+import eu.eidas.auth.commons.attribute.AttributeValueMarshaller;
+import eu.eidas.auth.commons.attribute.AttributeValueMarshallingException;
+import eu.eidas.auth.commons.attribute.ImmutableAttributeMap;
+import eu.eidas.auth.commons.protocol.IResponseMessage;
+import eu.eidas.auth.commons.protocol.impl.AuthenticationResponse;
+import eu.eidas.auth.commons.protocol.impl.SamlNameIdFormat;
+import eu.eidas.auth.engine.ProtocolEngineI;
+import eu.eidas.auth.engine.xml.opensaml.SAMLEngineUtils;
/**
@@ -67,7 +82,10 @@ import eu.eidas.auth.engine.metadata.MetadataUtil;
@Service("eIDASAuthenticationRequest")
public class eIDASAuthenticationRequest implements IAction {
+ private static IAttributeGenerator<String> generator = new SimpleEidasAttributeGenerator();
+
@Autowired protected MOAReversionLogger revisionsLogger;
+ @Autowired(required=true) MOAeIDASChainingMetadataProvider eIDASMetadataProvider;
@Override
public SLOInformationInterface processRequest(IRequest req, HttpServletRequest httpReq, HttpServletResponse httpResp, IAuthData authData) throws MOAIDException {
@@ -78,67 +96,136 @@ public class eIDASAuthenticationRequest implements IAction {
throw new MOAIDException("got wrong IRequest type. is: {}, should be: {}", new String[] {req.getClass().toString(), EIDASData.class.toString()});
- // gather attributes
- MOAPersonalAttributeList resultingAttributeList = (MOAPersonalAttributeList) eidasRequest.getEidasRequestedAttributes().clone();
+ String subjectNameID = null;
- for(Entry<String, PersonalAttribute> current : resultingAttributeList.entrySet()) {
+ //gather attributes
+ ImmutableAttributeMap reqAttributeList = (ImmutableAttributeMap) eidasRequest.getEidasRequestedAttributes();
+ ImmutableAttributeMap.Builder attrMapBuilder = ImmutableAttributeMap.builder();
+
+ //TODO: if we support more then this minimum required attributes -> redesign to a smoother attribute builder selector
+ for(AttributeDefinition<?> attr : reqAttributeList.getDefinitions()) {
String newValue = "";
-
- // TODO make use of proper builder
- switch(current.getKey()) {
- case Constants.eIDAS_ATTR_DATEOFBIRTH: newValue = new SimpleDateFormat("YYYY-MM-dd").format(authData.getDateOfBirth()); break;
- case Constants.eIDAS_ATTR_CURRENTFAMILYNAME: newValue = authData.getFamilyName();break;
- case Constants.eIDAS_ATTR_CURRENTGIVENNAME: newValue = authData.getGivenName();break;
-
- //TODO: change bPK builder !!!!!!
- case Constants.eIDAS_ATTR_PERSONALIDENTIFIER: newValue = authData.getBPK(); break;
+ boolean isUniqueID = false;
+ try {
+ switch(attr.getFriendlyName()) {
+ case Constants.eIDAS_ATTR_DATEOFBIRTH:
+ newValue = new SimpleDateFormat("YYYY-MM-dd").format(authData.getDateOfBirth());
+ break;
+ case Constants.eIDAS_ATTR_CURRENTFAMILYNAME:
+ newValue = authData.getFamilyName();
+ break;
+ case Constants.eIDAS_ATTR_CURRENTGIVENNAME:
+ newValue = authData.getGivenName();
+ break;
+ case Constants.eIDAS_ATTR_PERSONALIDENTIFIER:
+ newValue = authData.getBPK();
+ isUniqueID = true;
+
+ //generate a transient unique identifier if it is requested
+ String reqNameIDFormat = eidasRequest.getEidasRequest().getNameIdFormat();
+ if (MiscUtil.isNotEmpty(reqNameIDFormat)
+ && reqNameIDFormat.equals(SamlNameIdFormat.TRANSIENT.getNameIdFormat()))
+ newValue = generateTransientNameID(newValue);
+
+ subjectNameID = newValue;
+ break;
+ case Constants.eIDAS_ATTR_LEGALPERSONIDENTIFIER:
+ newValue = new MandateLegalPersonSourcePinAttributeBuilder().build(
+ req.getOnlineApplicationConfiguration(), authData, generator);
+ break;
+ case Constants.eIDAS_ATTR_LEGALNAME:
+ newValue = new MandateLegalPersonFullNameAttributeBuilder().build(
+ req.getOnlineApplicationConfiguration(), authData, generator);
+ break;
+
+ }
+
+ } catch (AttributeException e) {
+ Logger.debug("Attribute can not generate requested attribute:" + attr.getFriendlyName() + " Reason:" + e.getMessage());
+
}
-
- if("".equals(newValue))
- current.getValue().setStatus(EIDASStatusCode.STATUS_NOT_AVAILABLE.toString());
- else {
- current.getValue().getValue().clear();
- current.getValue().getValue().add(newValue);
- current.getValue().setStatus(EIDASStatusCode.STATUS_AVAILABLE.toString());
+
+ if(MiscUtil.isEmpty(newValue)) {
+ Logger.info("eIDAS Attr:" + attr.getNameUri() + " is not available.");
+
+ } else {
+ //set uniqueIdentifier attribute, because eIDAS SAMLEngine use this flag to select the
+ // Subject->NameID value from this attribute
+ Builder<?> attrBuilder = AttributeDefinition.builder(attr);
+ attrBuilder.uniqueIdentifier(isUniqueID);
+ AttributeDefinition<?> returnAttr = attrBuilder.build();
+
+ //unmarshal attribute value into eIDAS attribute
+ AttributeValueMarshaller<?> attributeValueMarshaller = returnAttr.getAttributeValueMarshaller();
+ ImmutableSet.Builder<AttributeValue<?>> builder = ImmutableSet.builder();
+
+ AttributeValue<?> attributeValue = null;
+ try {
+ attributeValue = attributeValueMarshaller.unmarshal(newValue, false);
+ builder.add(attributeValue);
+
+ } catch (AttributeValueMarshallingException e) {
+ throw new IllegalStateException(e);
+
+ }
+
+ //add attribute to Map
+ attrMapBuilder.put((AttributeDefinition)returnAttr, (ImmutableSet) builder.build());
+
}
}
// construct eIDaS response
- EIDASAuthnResponse response = new EIDASAuthnResponse();
- response.setPersonalAttributeList(resultingAttributeList);
+ AuthenticationResponse.Builder responseBuilder = new AuthenticationResponse.Builder();
+
+ responseBuilder.id(SAMLEngineUtils.generateNCName());
+ responseBuilder.inResponseTo(eidasRequest.getEidasRequest().getId());
- // - create metadata url
- String pubURLPrefix = req.getAuthURL();
+ String pubURLPrefix = req.getAuthURL();
String metadata_url = pubURLPrefix + Constants.eIDAS_HTTP_ENDPOINT_METADATA;
- response.setIssuer(metadata_url);
-
- response.setAssuranceLevel(authData.getEIDASQAALevel());
+ responseBuilder.issuer(metadata_url);
+
+ responseBuilder.levelOfAssurance(authData.getEIDASQAALevel());
+
+ //add attributes
+ responseBuilder.attributes(attrMapBuilder.build());
+
+ //set success statuscode
+ responseBuilder.statusCode(StatusCode.SUCCESS_URI);
+
+ //build response
+ AuthenticationResponse response = responseBuilder.build();
String token = null;
+ IResponseMessage eIDASRespMsg = null;
try {
- EIDASSAMLEngine engine = SAMLEngineUtils.createSAMLEngine();
+ ProtocolEngineI engine = at.gv.egovernment.moa.id.auth.modules.eidas.utils.SAMLEngineUtils.createSAMLEngine(eIDASMetadataProvider);
// encryption is done by the SamlEngine, i.e. by the module we provide in the config
// but we need to set the appropriate request issuer
- engine.setRequestIssuer(eidasRequest.getEidasRequest().getIssuer());
-
+ //engine.setRequestIssuer(eidasRequest.getEidasRequest().getIssuer());
- if(null == eidasRequest.getEidasRequest().getAssertionConsumerServiceURL()) {
- String assertionConsumerUrl = MetadataUtil.getAssertionUrlFromMetadata(
- new MOAeIDASMetadataProviderDecorator(MOAeIDASChainingMetadataProvider.getInstance()),
- engine,
- eidasRequest.getEidasRequest());
- eidasRequest.getEidasRequest().setAssertionConsumerServiceURL(assertionConsumerUrl);
-
- }
+ eIDASRespMsg = engine.generateResponseMessage(eidasRequest.getEidasRequest(),
+ response, true, eidasRequest.getRemoteAddress());
+
+// if(null == eidasRequest.getEidasRequest().getAssertionConsumerServiceURL()) {
+// String assertionConsumerUrl = MetadataUtil.getAssertionUrlFromMetadata(
+// new MOAeIDASMetadataProviderDecorator(eIDASMetadataProvider),
+// engine,
+// eidasRequest.getEidasRequest());
+// eidasRequest.getEidasRequest().setAssertionConsumerServiceURL(assertionConsumerUrl);
+//
+// }
- response = engine.generateEIDASAuthnResponse(eidasRequest.getEidasRequest(), response, eidasRequest.getRemoteAddress(), true);
+// response = engine.generateEIDASAuthnResponse(eidasRequest.getEidasRequest(), response, eidasRequest.getRemoteAddress(), true);
- token = EIDASUtil.encodeSAMLToken(response.getTokenSaml());
+ token = EidasStringUtil.encodeToBase64(eIDASRespMsg.getMessageBytes());
+
+ } catch(Exception e) {
+ Logger.error("eIDAS Response encoding error." , e);
+ throw new MOAIDException("eIDAS.13", new Object[]{e.getMessage()}, e);
- } catch(Exception e) {
- e.printStackTrace();
}
revisionsLogger.logEvent(req, Constants.eIDAS_REVERSIONSLOG_IDP_AUTHREQUEST);
@@ -172,10 +259,28 @@ public class eIDASAuthenticationRequest implements IAction {
} catch (Exception e) {
- Logger.error("Velocity error: " + e.getMessage());
+ Logger.error("Velocity error: " + e.getMessage());
+ throw new MOAIDException("eIDAS.13", new Object[]{e.getMessage()}, e);
+
}
-
- return null;
+
+ SLOInformationInterface ssoContainer = null;
+ try {
+ ssoContainer = new SLOInformationImpl(
+ req.getAuthURL(),
+ eidasRequest.getEidasRequest().getIssuer(),
+ null,
+ subjectNameID,
+ eidasRequest.getEidasRequest().getNameIdFormat(),
+ EIDASProtocol.NAME);
+
+ } catch (Exception e) {
+ Logger.error("Can not generate container with SSO information!", e);
+
+ }
+
+ return ssoContainer;
+
}
@Override
@@ -189,4 +294,20 @@ public class eIDASAuthenticationRequest implements IAction {
}
+ private String generateTransientNameID(String nameID) {
+ String random = Random.nextLongRandom();
+
+ try {
+ MessageDigest md = MessageDigest.getInstance("SHA-1");
+ byte[] hash = md.digest((nameID + random).getBytes("ISO-8859-1"));
+ return Base64Utils.encode(hash);
+
+ } catch (Exception e) {
+ Logger.error("Can not generate transient personal identifier!", e);
+ return null;
+
+ }
+
+ }
+
}
diff --git a/id/server/modules/moa-id-module-eIDAS/src/main/resources/moaid_eidas_auth.beans.xml b/id/server/modules/moa-id-module-eIDAS/src/main/resources/moaid_eidas_auth.beans.xml
index 5d79d082a..20395f210 100644
--- a/id/server/modules/moa-id-module-eIDAS/src/main/resources/moaid_eidas_auth.beans.xml
+++ b/id/server/modules/moa-id-module-eIDAS/src/main/resources/moaid_eidas_auth.beans.xml
@@ -14,6 +14,9 @@
<bean id="EIDASProtocol"
class="at.gv.egovernment.moa.id.protocols.eidas.EIDASProtocol"/>
+
+ <bean id="eIDASMetadataProvider"
+ class="at.gv.egovernment.moa.id.auth.modules.eidas.engine.MOAeIDASChainingMetadataProvider"/>
<!-- Authentication Process Tasks -->
<bean id="GenerateAuthnRequestTask"
diff --git a/id/server/modules/moa-id-module-eIDAS/src/main/resources/own-saml-eidasnode-config.xml b/id/server/modules/moa-id-module-eIDAS/src/main/resources/own-saml-eidasnode-config.xml
new file mode 100644
index 000000000..856ebd96a
--- /dev/null
+++ b/id/server/modules/moa-id-module-eIDAS/src/main/resources/own-saml-eidasnode-config.xml
@@ -0,0 +1,42 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<XMLTooling xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
+ xsi:schemaLocation="http://www.opensaml.org/xmltooling-config ../../src/schema/xmltooling-config.xsd"
+ xmlns:saml2p="urn:oasis:names:tc:SAML:2.0:protocol"
+ xmlns:saml2="urn:oasis:names:tc:SAML:2.0:assertion"
+ xmlns:stork="urn:eu:stork:names:tc:STORK:1.0:assertion"
+ xmlns:storkp="urn:eu:stork:names:tc:STORK:1.0:protocol"
+ xmlns:eidas="http://eidas.europa.eu/saml-extensions"
+ xmlns="http://www.opensaml.org/xmltooling-config">
+
+<!-- SAML 2.0 Protocol Object providers -->
+ <ValidatorSuites>
+ <!-- SAML 2.0 Schema Validation Rules -->
+
+ <ValidatorSuite id="moaEidasResponseValidatorSuiteId">
+
+ <Validator qualifiedName="saml2p:Response"
+ className="eu.eidas.auth.engine.core.validator.eidas.EidasResponseOneAssertionValidator"/>
+
+ <Validator qualifiedName="saml2p:Response"
+ className="eu.eidas.auth.engine.core.validator.eidas.EidasResponseValidator"/>
+
+ <Validator qualifiedName="saml2:Assertion"
+ className="eu.eidas.auth.engine.core.validator.eidas.EidasAssertionValidator"/>
+
+
+ <Validator qualifiedName="saml2:Conditions"
+ className="at.gv.egovernment.moa.id.auth.modules.eidas.engine.validation.MoaEidasConditionsValidator"/>
+
+ <Validator qualifiedName="saml2:AuthnStatement"
+ className="eu.eidas.auth.engine.core.validator.eidas.EidasAuthnStatementValidator"/>
+
+ <Validator qualifiedName="saml2:Attribute"
+ className="eu.eidas.auth.engine.core.validator.eidas.EidasAttributeValidator"/>
+
+ </ValidatorSuite>
+
+
+ </ValidatorSuites>
+
+
+</XMLTooling> \ No newline at end of file
diff --git a/id/server/modules/moa-id-module-elga_mandate_service/src/main/java/at/gv/egovernment/moa/id/auth/modules/elgamandates/tasks/ReceiveElgaMandateResponseTask.java b/id/server/modules/moa-id-module-elga_mandate_service/src/main/java/at/gv/egovernment/moa/id/auth/modules/elgamandates/tasks/ReceiveElgaMandateResponseTask.java
index 07bde7762..81c3322c9 100644
--- a/id/server/modules/moa-id-module-elga_mandate_service/src/main/java/at/gv/egovernment/moa/id/auth/modules/elgamandates/tasks/ReceiveElgaMandateResponseTask.java
+++ b/id/server/modules/moa-id-module-elga_mandate_service/src/main/java/at/gv/egovernment/moa/id/auth/modules/elgamandates/tasks/ReceiveElgaMandateResponseTask.java
@@ -175,7 +175,7 @@ public class ReceiveElgaMandateResponseTask extends AbstractAuthServletTask {
}
//store MOASession
- authenticatedSessionStorage.storeSession(moasession);
+ requestStoreage.storePendingRequest(pendingReq);
//write revisions log entry
revisionsLogger.logEvent(pendingReq, MOAIDEventConstants.AUTHPROCESS_ELGA_MANDATE_RECEIVED,
diff --git a/id/server/modules/moa-id-module-elga_mandate_service/src/main/java/at/gv/egovernment/moa/id/auth/modules/elgamandates/utils/ELGAMandateServiceMetadataProvider.java b/id/server/modules/moa-id-module-elga_mandate_service/src/main/java/at/gv/egovernment/moa/id/auth/modules/elgamandates/utils/ELGAMandateServiceMetadataProvider.java
index b538ba3e9..b35ffdf62 100644
--- a/id/server/modules/moa-id-module-elga_mandate_service/src/main/java/at/gv/egovernment/moa/id/auth/modules/elgamandates/utils/ELGAMandateServiceMetadataProvider.java
+++ b/id/server/modules/moa-id-module-elga_mandate_service/src/main/java/at/gv/egovernment/moa/id/auth/modules/elgamandates/utils/ELGAMandateServiceMetadataProvider.java
@@ -23,6 +23,7 @@
package at.gv.egovernment.moa.id.auth.modules.elgamandates.utils;
import java.util.List;
+import java.util.Timer;
import javax.xml.namespace.QName;
@@ -38,6 +39,7 @@ import org.opensaml.xml.XMLObject;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.stereotype.Service;
+import at.gv.egovernment.moa.id.auth.IDestroyableObject;
import at.gv.egovernment.moa.id.auth.modules.elgamandates.ELGAMandatesAuthConstants;
import at.gv.egovernment.moa.id.commons.api.AuthConfiguration;
import at.gv.egovernment.moa.id.protocols.pvp2x.metadata.SimpleMOAMetadataProvider;
@@ -53,11 +55,13 @@ import at.gv.egovernment.moa.util.MiscUtil;
*/
@Service("ELGAMandate_MetadataProvider")
-public class ELGAMandateServiceMetadataProvider extends SimpleMOAMetadataProvider {
+public class ELGAMandateServiceMetadataProvider extends SimpleMOAMetadataProvider
+ implements IDestroyableObject {
@Autowired AuthConfiguration authConfig;
private ChainingMetadataProvider metadataProvider = new ChainingMetadataProvider();
+ private Timer timer = null;
public ELGAMandateServiceMetadataProvider() {
@@ -74,6 +78,8 @@ public class ELGAMandateServiceMetadataProvider extends SimpleMOAMetadataProvide
fullyDestroy();
}
+
+
/* (non-Javadoc)
* @see org.opensaml.saml2.metadata.provider.MetadataProvider#requireValidMetadata()
@@ -240,7 +246,11 @@ public class ELGAMandateServiceMetadataProvider extends SimpleMOAMetadataProvide
Logger.error("Create ELGA Mandate-Service Client FAILED: No trustProfileID to verify PVP metadata." );
throw new MetadataProviderException("No trustProfileID to verify PVP metadata.");
}
-
+
+ //initialize Timer if it is null
+ if (timer == null)
+ timer = new Timer(true);
+
//create metadata validation filter chain
MetadataFilterChain filter = new MetadataFilterChain();
filter.addFilter(new SchemaValidationFilter(true));
@@ -248,7 +258,8 @@ public class ELGAMandateServiceMetadataProvider extends SimpleMOAMetadataProvide
HTTPMetadataProvider idpMetadataProvider = createNewHTTPMetaDataProvider(metdataURL,
filter,
- ELGAMandatesAuthConstants.MODULE_NAME_FOR_LOGGING);
+ ELGAMandatesAuthConstants.MODULE_NAME_FOR_LOGGING,
+ timer);
if (idpMetadataProvider == null) {
Logger.error("Create ELGA Mandate-Service Client FAILED.");
@@ -275,12 +286,20 @@ public class ELGAMandateServiceMetadataProvider extends SimpleMOAMetadataProvide
}
}
- private void fullyDestroy() {
+ /* (non-Javadoc)
+ * @see at.gv.egovernment.moa.id.auth.IDestroyableObject#fullyDestroy()
+ */
+ @Override
+ public void fullyDestroy() {
+ Logger.info("Destroy ELGA Mandate-Service PVP metadata pool ... ");
+
if (metadataProvider != null) {
metadataProvider.destroy();
}
+ if (timer != null)
+ timer.cancel();
}
}
diff --git a/id/server/modules/moa-id-module-openID/src/main/java/at/gv/egovernment/moa/id/protocols/oauth20/json/OAuth20SignatureUtil.java b/id/server/modules/moa-id-module-openID/src/main/java/at/gv/egovernment/moa/id/protocols/oauth20/json/OAuth20SignatureUtil.java
index 9f20ee956..cd7b8312d 100644
--- a/id/server/modules/moa-id-module-openID/src/main/java/at/gv/egovernment/moa/id/protocols/oauth20/json/OAuth20SignatureUtil.java
+++ b/id/server/modules/moa-id-module-openID/src/main/java/at/gv/egovernment/moa/id/protocols/oauth20/json/OAuth20SignatureUtil.java
@@ -54,7 +54,7 @@ public final class OAuth20SignatureUtil {
} else if (key instanceof ECPrivateKey) {
Logger.debug("OAuth - going to uses SHA256withECDSA signature");
return OAuthSignatureAlgorithm.ECDSA256;
- } else if (key instanceof iaik.security.ecc.ecdsa.ECPrivateKey) {
+ } else if (key instanceof iaik.security.ec.common.ECPrivateKey) {
Logger.debug("OAuth - going to uses SHA256withECDSA signature with iaik");
return OAuthSignatureAlgorithm.ECDSA256_IAKIK;
} else {
@@ -69,7 +69,7 @@ public final class OAuth20SignatureUtil {
} else if (key instanceof ECPublicKey) {
Logger.debug("OAuth - going to uses SHA256withECDSA signature");
return OAuthSignatureAlgorithm.ECDSA256;
- } else if (key instanceof iaik.security.ecc.ecdsa.ECPublicKey) {
+ } else if (key instanceof iaik.security.ec.common.ECPublicKey) {
Logger.debug("OAuth - going to uses SHA256withECDSA signature with iaik");
return OAuthSignatureAlgorithm.ECDSA256_IAKIK;
} else {
diff --git a/id/server/modules/moa-id-module-openID/src/main/java/at/gv/egovernment/moa/id/protocols/oauth20/protocol/OAuth20AuthAction.java b/id/server/modules/moa-id-module-openID/src/main/java/at/gv/egovernment/moa/id/protocols/oauth20/protocol/OAuth20AuthAction.java
index 803ae388f..b9bed7a22 100644
--- a/id/server/modules/moa-id-module-openID/src/main/java/at/gv/egovernment/moa/id/protocols/oauth20/protocol/OAuth20AuthAction.java
+++ b/id/server/modules/moa-id-module-openID/src/main/java/at/gv/egovernment/moa/id/protocols/oauth20/protocol/OAuth20AuthAction.java
@@ -93,7 +93,7 @@ class OAuth20AuthAction implements IAction {
// store data in oath session
- transactionStorage.put(code, o);
+ transactionStorage.put(code, o, -1);
Logger.debug("Saved OAuth20SessionObject in session with id: " + code);
diff --git a/id/server/modules/moa-id-module-openID/src/main/java/at/gv/egovernment/moa/id/protocols/oauth20/protocol/OAuth20AuthRequest.java b/id/server/modules/moa-id-module-openID/src/main/java/at/gv/egovernment/moa/id/protocols/oauth20/protocol/OAuth20AuthRequest.java
index 98fcdc8dc..258b77b98 100644
--- a/id/server/modules/moa-id-module-openID/src/main/java/at/gv/egovernment/moa/id/protocols/oauth20/protocol/OAuth20AuthRequest.java
+++ b/id/server/modules/moa-id-module-openID/src/main/java/at/gv/egovernment/moa/id/protocols/oauth20/protocol/OAuth20AuthRequest.java
@@ -28,6 +28,7 @@ import java.util.Map;
import javax.servlet.http.HttpServletRequest;
+import org.opensaml.saml2.metadata.provider.MetadataProvider;
import org.springframework.beans.factory.config.BeanDefinition;
import org.springframework.context.annotation.Scope;
import org.springframework.stereotype.Component;
@@ -209,7 +210,7 @@ public class OAuth20AuthRequest extends OAuth20BaseRequest {
* @see at.gv.egovernment.moa.id.moduls.RequestImpl#getRequestedAttributes()
*/
@Override
- public Collection<String> getRequestedAttributes() {
+ public Collection<String> getRequestedAttributes(MetadataProvider metadataProvider) {
Map<String, String> reqAttr = new HashMap<String, String>();
for (String el : PVP2XProtocol.DEFAULTREQUESTEDATTRFORINTERFEDERATION)
reqAttr.put(el, "");
diff --git a/id/server/modules/moa-id-module-openID/src/main/java/at/gv/egovernment/moa/id/protocols/oauth20/protocol/OAuth20TokenRequest.java b/id/server/modules/moa-id-module-openID/src/main/java/at/gv/egovernment/moa/id/protocols/oauth20/protocol/OAuth20TokenRequest.java
index f35de9c58..50638ebf8 100644
--- a/id/server/modules/moa-id-module-openID/src/main/java/at/gv/egovernment/moa/id/protocols/oauth20/protocol/OAuth20TokenRequest.java
+++ b/id/server/modules/moa-id-module-openID/src/main/java/at/gv/egovernment/moa/id/protocols/oauth20/protocol/OAuth20TokenRequest.java
@@ -26,6 +26,7 @@ import java.util.Collection;
import javax.servlet.http.HttpServletRequest;
+import org.opensaml.saml2.metadata.provider.MetadataProvider;
import org.springframework.beans.factory.config.BeanDefinition;
import org.springframework.context.annotation.Scope;
import org.springframework.stereotype.Component;
@@ -168,7 +169,7 @@ class OAuth20TokenRequest extends OAuth20BaseRequest {
* @see at.gv.egovernment.moa.id.moduls.RequestImpl#getRequestedAttributes()
*/
@Override
- public Collection<String> getRequestedAttributes() {
+ public Collection<String> getRequestedAttributes(MetadataProvider metadataProvider) {
return null;
}
}
diff --git a/id/server/modules/moa-id-module-openID/src/test/java/test/at/gv/egovernment/moa/id/auth/oauth/CertTest.java b/id/server/modules/moa-id-module-openID/src/test/java/test/at/gv/egovernment/moa/id/auth/oauth/CertTest.java
index 6cf1e8280..35bbac6e7 100644
--- a/id/server/modules/moa-id-module-openID/src/test/java/test/at/gv/egovernment/moa/id/auth/oauth/CertTest.java
+++ b/id/server/modules/moa-id-module-openID/src/test/java/test/at/gv/egovernment/moa/id/auth/oauth/CertTest.java
@@ -22,15 +22,10 @@
*******************************************************************************/
package test.at.gv.egovernment.moa.id.auth.oauth;
-import iaik.security.ecc.provider.ECCProvider;
-
import java.security.KeyStore;
import java.security.PrivateKey;
import java.security.cert.X509Certificate;
-import net.oauth.jsontoken.crypto.Signer;
-import net.oauth.jsontoken.crypto.Verifier;
-
import org.opensaml.xml.security.x509.BasicX509Credential;
import org.testng.Assert;
import org.testng.annotations.Test;
@@ -39,6 +34,9 @@ import at.gv.egovernment.moa.id.protocols.oauth20.json.OAuth20SHA256Signer;
import at.gv.egovernment.moa.id.protocols.oauth20.json.OAuth20SHA256Verifier;
import at.gv.egovernment.moa.util.KeyStoreUtils;
+import net.oauth.jsontoken.crypto.Signer;
+import net.oauth.jsontoken.crypto.Verifier;
+
public class CertTest {
/** KeyStore Path */
@@ -122,7 +120,7 @@ public class CertTest {
@Test
public void testECDSA() throws Exception {
- ECCProvider.addAsProvider();
+ //ECCProvider.addAsProvider();
// Security.addProvider(new ECCProvider());
BasicX509Credential credential = this.getCredentials(this.ecdsaKeyStorePath);
diff --git a/id/server/modules/moa-id-module-ssoTransfer/src/main/java/at/gv/egovernment/moa/id/auth/modules/ssotransfer/data/SSOTransferAuthenticationData.java b/id/server/modules/moa-id-module-ssoTransfer/src/main/java/at/gv/egovernment/moa/id/auth/modules/ssotransfer/data/SSOTransferAuthenticationData.java
index 78cbd788d..2f6a54027 100644
--- a/id/server/modules/moa-id-module-ssoTransfer/src/main/java/at/gv/egovernment/moa/id/auth/modules/ssotransfer/data/SSOTransferAuthenticationData.java
+++ b/id/server/modules/moa-id-module-ssoTransfer/src/main/java/at/gv/egovernment/moa/id/auth/modules/ssotransfer/data/SSOTransferAuthenticationData.java
@@ -28,14 +28,14 @@ import java.util.List;
import org.w3c.dom.Element;
-import at.gv.egovernment.moa.id.auth.data.AuthenticationSession;
-import at.gv.egovernment.moa.id.auth.data.IdentityLink;
import at.gv.egovernment.moa.id.commons.MOAIDAuthConstants;
import at.gv.egovernment.moa.id.commons.api.AuthConfiguration;
+import at.gv.egovernment.moa.id.commons.api.data.IAuthenticationSession;
+import at.gv.egovernment.moa.id.commons.api.data.IIdentityLink;
+import at.gv.egovernment.moa.id.commons.api.data.IMISMandate;
import at.gv.egovernment.moa.id.commons.api.exceptions.ConfigurationException;
import at.gv.egovernment.moa.id.data.AuthenticationRole;
import at.gv.egovernment.moa.id.data.IAuthData;
-import at.gv.egovernment.moa.id.data.MISMandate;
import at.gv.egovernment.moa.logging.Logger;
/**
@@ -44,10 +44,10 @@ import at.gv.egovernment.moa.logging.Logger;
*/
public class SSOTransferAuthenticationData implements IAuthData {
- private AuthenticationSession authSession = null;
+ private IAuthenticationSession authSession = null;
boolean isIDPPrivateService = true;
- public SSOTransferAuthenticationData(AuthConfiguration authConfig, AuthenticationSession authSession) throws ConfigurationException {
+ public SSOTransferAuthenticationData(AuthConfiguration authConfig, IAuthenticationSession authSession) throws ConfigurationException {
this.authSession = authSession;
String domainIdentifier = authConfig.getSSOTagetIdentifier();
if (domainIdentifier != null)
@@ -197,9 +197,9 @@ public class SSOTransferAuthenticationData implements IAuthData {
* @see at.gv.egovernment.moa.id.data.IAuthData#getIdentityLink()
*/
@Override
- public IdentityLink getIdentityLink() {
+ public IIdentityLink getIdentityLink() {
return this.authSession.getIdentityLink();
- }
+ }
/* (non-Javadoc)
* @see at.gv.egovernment.moa.id.data.IAuthData#getSignerCertificate()
@@ -272,7 +272,7 @@ public class SSOTransferAuthenticationData implements IAuthData {
* @see at.gv.egovernment.moa.id.data.IAuthData#getMISMandate()
*/
@Override
- public MISMandate getMISMandate() {
+ public IMISMandate getMISMandate() {
return this.authSession.getMISMandate();
}
diff --git a/id/server/modules/moa-id-module-ssoTransfer/src/main/java/at/gv/egovernment/moa/id/auth/modules/ssotransfer/data/SSOTransferOnlineApplication.java b/id/server/modules/moa-id-module-ssoTransfer/src/main/java/at/gv/egovernment/moa/id/auth/modules/ssotransfer/data/SSOTransferOnlineApplication.java
index af180ff10..3affa17b3 100644
--- a/id/server/modules/moa-id-module-ssoTransfer/src/main/java/at/gv/egovernment/moa/id/auth/modules/ssotransfer/data/SSOTransferOnlineApplication.java
+++ b/id/server/modules/moa-id-module-ssoTransfer/src/main/java/at/gv/egovernment/moa/id/auth/modules/ssotransfer/data/SSOTransferOnlineApplication.java
@@ -265,7 +265,7 @@ public class SSOTransferOnlineApplication implements IOAAuthParameters {
* @see at.gv.egovernment.moa.id.config.auth.IOAAuthParameters#getQaaLevel()
*/
@Override
- public Integer getQaaLevel() {
+ public String getQaaLevel() {
// TODO Auto-generated method stub
return null;
}
diff --git a/id/server/modules/moa-id-module-ssoTransfer/src/main/java/at/gv/egovernment/moa/id/auth/modules/ssotransfer/servlet/SSOTransferServlet.java b/id/server/modules/moa-id-module-ssoTransfer/src/main/java/at/gv/egovernment/moa/id/auth/modules/ssotransfer/servlet/SSOTransferServlet.java
index b18425839..7d1bfd7b9 100644
--- a/id/server/modules/moa-id-module-ssoTransfer/src/main/java/at/gv/egovernment/moa/id/auth/modules/ssotransfer/servlet/SSOTransferServlet.java
+++ b/id/server/modules/moa-id-module-ssoTransfer/src/main/java/at/gv/egovernment/moa/id/auth/modules/ssotransfer/servlet/SSOTransferServlet.java
@@ -82,6 +82,7 @@ import at.gv.egovernment.moa.id.auth.modules.ssotransfer.data.SSOTransferContain
import at.gv.egovernment.moa.id.auth.modules.ssotransfer.utils.SSOContainerUtils;
import at.gv.egovernment.moa.id.auth.parser.IdentityLinkAssertionParser;
import at.gv.egovernment.moa.id.commons.api.AuthConfiguration;
+import at.gv.egovernment.moa.id.commons.api.data.IAuthenticationSession;
import at.gv.egovernment.moa.id.commons.api.exceptions.MOAIDException;
import at.gv.egovernment.moa.id.commons.api.exceptions.SessionDataStorageException;
import at.gv.egovernment.moa.id.commons.db.ex.MOADatabaseException;
@@ -190,7 +191,7 @@ public class SSOTransferServlet{
Logger.debug("Load token:" + token + " from storage.");
SSOTransferContainer container = transactionStorage.get(token, SSOTransferContainer.class, transmisionTimeOut * 1000);
if (container != null) {
- AuthenticationSession moaSession = new AuthenticationSession("123456", new Date());
+ IAuthenticationSession moaSession = new AuthenticationSession("123456", new Date());
URL idlURL = new URL(FileUtils.makeAbsoluteURL(
authConfig.getMonitoringTestIdentityLinkURL(),
@@ -288,7 +289,7 @@ public class SSOTransferServlet{
try {
SSOTransferContainer container = transactionStorage.get(token, SSOTransferContainer.class, transmisionTimeOut);
if (container != null) {
- AuthenticationSession moaSession = authenticationSessionStorage.getSession(container.getMoaSessionID());
+ IAuthenticationSession moaSession = authenticationSessionStorage.getInternalSSOSession(container.getMoaSessionID());
if (moaSession != null) {
internalTransferPersonalInformation(req, resp, container, moaSession, false);
@@ -405,19 +406,16 @@ public class SSOTransferServlet{
//create first step of SSO Transfer GUI
- String moaSessionID = authenticationSessionStorage.getMOASessionSSOID(ssoid);
- if (MiscUtil.isNotEmpty(moaSessionID)) {
- AuthenticationSession authSession = authenticationSessionStorage.getSession(moaSessionID);
- if(authSession != null) {
- internalCreateQRCodeForTransfer(resp, authURL,
- authSession.getSessionID(),
- SSOTransferConstants.SERVLET_SSOTRANSFER_TO_SMARTPHONE, config);
+ IAuthenticationSession authSession = authenticationSessionStorage.getInternalMOASessionWithSSOID(ssoid);
+ if(authSession != null) {
+ internalCreateQRCodeForTransfer(resp, authURL,
+ authSession.getSessionID(),
+ SSOTransferConstants.SERVLET_SSOTRANSFER_TO_SMARTPHONE, config);
- return;
- }
+ return;
}
-
}
+
config.putCustomParameter("errorMsg",
"No active Single Sign-On session found! SSO Session transfer is not possible.");
@@ -439,7 +437,7 @@ public class SSOTransferServlet{
}
private void internalTransferPersonalInformation(HttpServletRequest req, HttpServletResponse resp,
- SSOTransferContainer container, AuthenticationSession moaSession, boolean developmentMode) throws IOException, InvalidKeyException, NoSuchAlgorithmException, InvalidKeySpecException, OperatorCreationException, CredentialsNotAvailableException, PKCSException, CertificateException, SessionDataStorageException, IllegalBlockSizeException, BadPaddingException, NoSuchPaddingException {
+ SSOTransferContainer container, IAuthenticationSession moaSession, boolean developmentMode) throws IOException, InvalidKeyException, NoSuchAlgorithmException, InvalidKeySpecException, OperatorCreationException, CredentialsNotAvailableException, PKCSException, CertificateException, SessionDataStorageException, IllegalBlockSizeException, BadPaddingException, NoSuchPaddingException {
Logger.debug("");
JsonObject receivedData = getJSONObjectFromPostMessage(req, developmentMode);
@@ -535,7 +533,7 @@ public class SSOTransferServlet{
container.setDhParams(dhKeyIDP);
//store container
- transactionStorage.put(token, container);
+ transactionStorage.put(token, container,(int)transmisionTimeOut);
//build QR code
String containerURL = authURL
diff --git a/id/server/modules/moa-id-module-ssoTransfer/src/main/java/at/gv/egovernment/moa/id/auth/modules/ssotransfer/task/RestoreSSOSessionTask.java b/id/server/modules/moa-id-module-ssoTransfer/src/main/java/at/gv/egovernment/moa/id/auth/modules/ssotransfer/task/RestoreSSOSessionTask.java
index 003ce8c21..cf4590fc1 100644
--- a/id/server/modules/moa-id-module-ssoTransfer/src/main/java/at/gv/egovernment/moa/id/auth/modules/ssotransfer/task/RestoreSSOSessionTask.java
+++ b/id/server/modules/moa-id-module-ssoTransfer/src/main/java/at/gv/egovernment/moa/id/auth/modules/ssotransfer/task/RestoreSSOSessionTask.java
@@ -200,14 +200,7 @@ public class RestoreSSOSessionTask extends AbstractAuthServletTask {
ssoTransferUtils.parseSSOContainerToMOASessionDataObject(pendingReq, moasession, attributeExtractor);
// store MOASession into database
- try {
- authenticatedSessionStorage.storeSession(moasession);
-
- } catch (MOADatabaseException e) {
- Logger.error("Database Error! MOASession is not stored!");
- throw new MOAIDException("init.04", new Object[] {
- moasession.getSessionID()});
- }
+ requestStoreage.storePendingRequest(pendingReq);
executionContext.put(SSOTransferConstants.FLAG_SSO_SESSION_RESTORED, true);
executionContext.put("sessionRestoreFinished", false);
diff --git a/id/server/modules/moa-id-module-ssoTransfer/src/main/java/at/gv/egovernment/moa/id/auth/modules/ssotransfer/utils/SSOContainerUtils.java b/id/server/modules/moa-id-module-ssoTransfer/src/main/java/at/gv/egovernment/moa/id/auth/modules/ssotransfer/utils/SSOContainerUtils.java
index 0785f767b..568ffb330 100644
--- a/id/server/modules/moa-id-module-ssoTransfer/src/main/java/at/gv/egovernment/moa/id/auth/modules/ssotransfer/utils/SSOContainerUtils.java
+++ b/id/server/modules/moa-id-module-ssoTransfer/src/main/java/at/gv/egovernment/moa/id/auth/modules/ssotransfer/utils/SSOContainerUtils.java
@@ -97,7 +97,6 @@ import org.w3c.dom.NodeList;
import com.google.gson.JsonObject;
-import at.gv.egovernment.moa.id.auth.data.AuthenticationSession;
import at.gv.egovernment.moa.id.auth.exception.ParseException;
import at.gv.egovernment.moa.id.auth.modules.ssotransfer.SSOTransferConstants;
import at.gv.egovernment.moa.id.auth.modules.ssotransfer.data.Pair;
@@ -107,6 +106,8 @@ import at.gv.egovernment.moa.id.auth.parser.IdentityLinkAssertionParser;
import at.gv.egovernment.moa.id.commons.api.AuthConfiguration;
import at.gv.egovernment.moa.id.commons.api.IOAAuthParameters;
import at.gv.egovernment.moa.id.commons.api.IRequest;
+import at.gv.egovernment.moa.id.commons.api.data.IAuthenticationSession;
+import at.gv.egovernment.moa.id.commons.api.data.IMISMandate;
import at.gv.egovernment.moa.id.commons.api.exceptions.ConfigurationException;
import at.gv.egovernment.moa.id.commons.api.exceptions.MOAIDException;
import at.gv.egovernment.moa.id.config.auth.AuthConfigurationProviderFactory;
@@ -168,7 +169,7 @@ public class SSOContainerUtils {
@Autowired SAMLVerificationEngineSP samlVerificationEngine;
@Autowired AuthConfiguration authConfig;
- public void parseSSOContainerToMOASessionDataObject(IRequest pendingReq, AuthenticationSession moasession, AssertionAttributeExtractor attributeExtractor) throws AssertionAttributeExtractorExeption, ConfigurationException {
+ public void parseSSOContainerToMOASessionDataObject(IRequest pendingReq, IAuthenticationSession moasession, AssertionAttributeExtractor attributeExtractor) throws AssertionAttributeExtractorExeption, ConfigurationException {
// AssertionAttributeExtractor attributeExtractor = new AssertionAttributeExtractor(ssoInformation);
//TODO: maybe change to correct URL
@@ -233,7 +234,7 @@ public class SSOContainerUtils {
Logger.info("Found mandate information in SSO session-container.");
try {
- MISMandate mandate = new MISMandate();
+ IMISMandate mandate = new MISMandate();
String mandateFull = attributeExtractor.getSingleAttributeValue(PVPConstants.MANDATE_FULL_MANDATE_NAME);
if (MiscUtil.isNotEmpty(mandateFull)) {
@@ -336,7 +337,7 @@ public class SSOContainerUtils {
public String generateSignedAndEncryptedSSOContainer(String authURL,
- AuthenticationSession authSession, Date date, byte[] hashedSecret) {
+ IAuthenticationSession authSession, Date date, byte[] hashedSecret) {
try {
String entityID = PVPConfiguration.getInstance().getIDPSSOMetadataService(authURL);
AuthnContextClassRef authnContextClassRef = SAML2Utils
@@ -527,7 +528,7 @@ public class SSOContainerUtils {
}
- private static List<Attribute> buildSSOAttributeForTransfer(AuthenticationSession authSession, IAuthData authData) {
+ private static List<Attribute> buildSSOAttributeForTransfer(IAuthenticationSession authSession, IAuthData authData) {
List<Attribute> attrList = new ArrayList<Attribute>();
IOAAuthParameters oaParam = new SSOTransferOnlineApplication();
diff --git a/id/server/modules/moa-id-modules-federated_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/federatedauth/tasks/CreateAuthnRequestTask.java b/id/server/modules/moa-id-modules-federated_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/federatedauth/tasks/CreateAuthnRequestTask.java
index d581e7e75..f5896bc25 100644
--- a/id/server/modules/moa-id-modules-federated_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/federatedauth/tasks/CreateAuthnRequestTask.java
+++ b/id/server/modules/moa-id-modules-federated_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/federatedauth/tasks/CreateAuthnRequestTask.java
@@ -62,7 +62,7 @@ public class CreateAuthnRequestTask extends AbstractAuthServletTask {
@Autowired PVPAuthnRequestBuilder authnReqBuilder;
@Autowired FederatedAuthCredentialProvider credential;
-
+ @Autowired(required=true) MOAMetadataProvider metadataProvider;
/* (non-Javadoc)
* @see at.gv.egovernment.moa.id.auth.modules.AbstractAuthServletTask#execute(at.gv.egovernment.moa.id.process.api.ExecutionContext, javax.servlet.http.HttpServletRequest, javax.servlet.http.HttpServletResponse)
@@ -95,7 +95,7 @@ public class CreateAuthnRequestTask extends AbstractAuthServletTask {
}
//load IDP SAML2 entitydescriptor
- EntityDescriptor idpEntity = MOAMetadataProvider.getInstance().
+ EntityDescriptor idpEntity = metadataProvider.
getEntityDescriptor(idpEntityID);
if (idpEntity == null) {
Logger.warn("Requested IDP " + idpEntityID
diff --git a/id/server/modules/moa-id-modules-federated_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/federatedauth/tasks/ReceiveAuthnResponseTask.java b/id/server/modules/moa-id-modules-federated_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/federatedauth/tasks/ReceiveAuthnResponseTask.java
index 1c3134b77..8f5a231ee 100644
--- a/id/server/modules/moa-id-modules-federated_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/federatedauth/tasks/ReceiveAuthnResponseTask.java
+++ b/id/server/modules/moa-id-modules-federated_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/federatedauth/tasks/ReceiveAuthnResponseTask.java
@@ -75,6 +75,7 @@ import at.gv.egovernment.moa.id.protocols.pvp2x.utils.AssertionAttributeExtracto
import at.gv.egovernment.moa.id.protocols.pvp2x.utils.SAML2Utils;
import at.gv.egovernment.moa.id.protocols.pvp2x.verification.SAMLVerificationEngineSP;
import at.gv.egovernment.moa.id.protocols.pvp2x.verification.TrustEngineFactory;
+import at.gv.egovernment.moa.id.storage.IAuthenticationSessionStoreage;
import at.gv.egovernment.moa.logging.Logger;
import at.gv.egovernment.moa.util.MiscUtil;
@@ -90,7 +91,8 @@ public class ReceiveAuthnResponseTask extends AbstractAuthServletTask {
@Autowired private SSOManager ssoManager;
@Autowired private AttributQueryBuilder attributQueryBuilder;
@Autowired private AuthenticationDataBuilder authDataBuilder;
-
+ @Autowired(required=true) MOAMetadataProvider metadataProvider;
+ @Autowired(required=true) protected IAuthenticationSessionStoreage authenticatedSessionStorage;
/* (non-Javadoc)
@@ -125,7 +127,7 @@ public class ReceiveAuthnResponseTask extends AbstractAuthServletTask {
//decode PVP response object
msg = (InboundMessage) decoder.decode(
- request, response, MOAMetadataProvider.getInstance(), true,
+ request, response, metadataProvider, true,
comperator);
if (MiscUtil.isEmpty(msg.getEntityID())) {
@@ -135,7 +137,7 @@ public class ReceiveAuthnResponseTask extends AbstractAuthServletTask {
//validate response signature
if(!msg.isVerified()) {
- samlVerificationEngine.verify(msg, TrustEngineFactory.getSignatureKnownKeysTrustEngine(MOAMetadataProvider.getInstance()));
+ samlVerificationEngine.verify(msg, TrustEngineFactory.getSignatureKnownKeysTrustEngine(metadataProvider));
msg.setVerified(true);
}
@@ -176,7 +178,7 @@ public class ReceiveAuthnResponseTask extends AbstractAuthServletTask {
PVPTargetConfiguration.DATAID_INTERFEDERATION_QAALEVEL, extractor.getQAALevel());
authenticatedSessionStorage.
- addFederatedSessionInformation(pendingReq,
+ addFederatedSessionInformation(pendingReq,
idpConfig.getPublicURLPrefix(), extractor);
} else {
@@ -192,9 +194,6 @@ public class ReceiveAuthnResponseTask extends AbstractAuthServletTask {
addFederatedSessionInformation(pendingReq,
idpConfig.getPublicURLPrefix(), extractor);
- //update MOASession
- authenticatedSessionStorage.storeSession(moasession);
-
}
//store valid assertion into pending-request
@@ -247,7 +246,7 @@ public class ReceiveAuthnResponseTask extends AbstractAuthServletTask {
try {
Logger.debug("Service Provider is no federated IDP --> start Attribute validation or requesting ... ");
- Collection<String> requestedAttr = pendingReq.getRequestedAttributes();
+ Collection<String> requestedAttr = pendingReq.getRequestedAttributes(metadataProvider);
//check if SAML2 Assertion contains a minimal set of attributes
if (!extractor.containsAllRequiredAttributes()) {
@@ -267,7 +266,7 @@ public class ReceiveAuthnResponseTask extends AbstractAuthServletTask {
//check if all attributes are include
if (!extractor.containsAllRequiredAttributes(
- pendingReq.getRequestedAttributes())) {
+ pendingReq.getRequestedAttributes(metadataProvider))) {
Logger.warn("PVP Response from federated IDP contains not all requested attributes.");
throw new AssertionValidationExeption("sp.pvp2.06", new Object[]{FederatedAuthConstants.MODULE_NAME_FOR_LOGGING});
diff --git a/id/server/modules/moa-id-modules-saml1/pom.xml b/id/server/modules/moa-id-modules-saml1/pom.xml
index 323edee8d..0463bf8d9 100644
--- a/id/server/modules/moa-id-modules-saml1/pom.xml
+++ b/id/server/modules/moa-id-modules-saml1/pom.xml
@@ -26,6 +26,13 @@
</dependency>
<dependency>
+ <groupId>MOA.id.server</groupId>
+ <artifactId>moa-id-commons</artifactId>
+ <type>test-jar</type>
+ <scope>test</scope>
+ </dependency>
+
+ <dependency>
<groupId>MOA.id.server</groupId>
<artifactId>moa-id-lib</artifactId>
</dependency>
diff --git a/id/server/modules/moa-id-modules-saml1/src/main/java/at/gv/egovernment/moa/id/auth/builder/AuthenticationDataAssertionBuilder.java b/id/server/modules/moa-id-modules-saml1/src/main/java/at/gv/egovernment/moa/id/auth/builder/AuthenticationDataAssertionBuilder.java
index fc04fa9a7..f6c8cb6e3 100644
--- a/id/server/modules/moa-id-modules-saml1/src/main/java/at/gv/egovernment/moa/id/auth/builder/AuthenticationDataAssertionBuilder.java
+++ b/id/server/modules/moa-id-modules-saml1/src/main/java/at/gv/egovernment/moa/id/auth/builder/AuthenticationDataAssertionBuilder.java
@@ -29,9 +29,9 @@ import java.text.MessageFormat;
import java.util.Calendar;
import java.util.List;
-import at.gv.egovernment.moa.id.auth.data.ExtendedSAMLAttribute;
import at.gv.egovernment.moa.id.auth.exception.BuildException;
import at.gv.egovernment.moa.id.auth.exception.ParseException;
+import at.gv.egovernment.moa.id.commons.api.data.ExtendedSAMLAttribute;
import at.gv.egovernment.moa.id.data.AuthenticationData;
import at.gv.egovernment.moa.id.protocols.saml1.SAML1AuthenticationData;
import at.gv.egovernment.moa.logging.Logger;
diff --git a/id/server/modules/moa-id-modules-saml1/src/main/java/at/gv/egovernment/moa/id/protocols/saml1/GetArtifactAction.java b/id/server/modules/moa-id-modules-saml1/src/main/java/at/gv/egovernment/moa/id/protocols/saml1/GetArtifactAction.java
index c421bf8cc..d3ebffdfd 100644
--- a/id/server/modules/moa-id-modules-saml1/src/main/java/at/gv/egovernment/moa/id/protocols/saml1/GetArtifactAction.java
+++ b/id/server/modules/moa-id-modules-saml1/src/main/java/at/gv/egovernment/moa/id/protocols/saml1/GetArtifactAction.java
@@ -22,16 +22,12 @@
*******************************************************************************/
package at.gv.egovernment.moa.id.protocols.saml1;
-import java.util.List;
-
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.stereotype.Service;
-import at.gv.egovernment.moa.id.auth.data.AuthenticationSessionStorageConstants;
-import at.gv.egovernment.moa.id.auth.data.ExtendedSAMLAttribute;
import at.gv.egovernment.moa.id.auth.exception.AuthenticationException;
import at.gv.egovernment.moa.id.auth.servlet.RedirectServlet;
import at.gv.egovernment.moa.id.commons.MOAIDAuthConstants;
@@ -43,7 +39,6 @@ import at.gv.egovernment.moa.id.data.SLOInformationInterface;
import at.gv.egovernment.moa.id.moduls.IAction;
import at.gv.egovernment.moa.logging.Logger;
import at.gv.egovernment.moa.util.URLEncoder;
-import eu.eidas.auth.commons.IPersonalAttributeList;
@Service("SAML1_GetArtifactAction")
public class GetArtifactAction implements IAction {
@@ -74,13 +69,16 @@ public class GetArtifactAction implements IAction {
try {
IOAAuthParameters oaParam = req.getOnlineApplicationConfiguration();
+ //TODO: add eIDAS to SAML1 protocol if it is really necessary
+
// add other stork attributes to MOA assertion if available
- IPersonalAttributeList storkAttributes = authData.getGenericData(
- AuthenticationSessionStorageConstants.STORK_ATTRIBUTELIST,
- IPersonalAttributeList.class);
+// IPersonalAttributeList storkAttributes = authData.getGenericData(
+// AuthenticationSessionStorageConstants.STORK_ATTRIBUTELIST,
+// IPersonalAttributeList.class);
+ Object storkAttributes = null;
if(null != storkAttributes) {
- List<ExtendedSAMLAttribute> moaExtendedSAMLAttibutes = saml1server.addAdditionalSTORKAttributes(storkAttributes);
- authData.getExtendedSAMLAttributesOA().addAll(moaExtendedSAMLAttibutes);
+// List<ExtendedSAMLAttribute> moaExtendedSAMLAttibutes = saml1server.addAdditionalSTORKAttributes(storkAttributes);
+// authData.getExtendedSAMLAttributesOA().addAll(moaExtendedSAMLAttibutes);
Logger.info("MOA assertion assembled and SAML Artifact generated.");
}
diff --git a/id/server/modules/moa-id-modules-saml1/src/main/java/at/gv/egovernment/moa/id/protocols/saml1/SAML1AuthenticationData.java b/id/server/modules/moa-id-modules-saml1/src/main/java/at/gv/egovernment/moa/id/protocols/saml1/SAML1AuthenticationData.java
index d48c0a9bb..2a7cce89e 100644
--- a/id/server/modules/moa-id-modules-saml1/src/main/java/at/gv/egovernment/moa/id/protocols/saml1/SAML1AuthenticationData.java
+++ b/id/server/modules/moa-id-modules-saml1/src/main/java/at/gv/egovernment/moa/id/protocols/saml1/SAML1AuthenticationData.java
@@ -49,7 +49,7 @@ package at.gv.egovernment.moa.id.protocols.saml1;
import java.text.ParseException;
import java.util.List;
-import at.gv.egovernment.moa.id.auth.data.ExtendedSAMLAttribute;
+import at.gv.egovernment.moa.id.commons.api.data.ExtendedSAMLAttribute;
import at.gv.egovernment.moa.id.data.AuthenticationData;
import at.gv.egovernment.moa.id.util.Random;
import at.gv.egovernment.moa.logging.Logger;
diff --git a/id/server/modules/moa-id-modules-saml1/src/main/java/at/gv/egovernment/moa/id/protocols/saml1/SAML1AuthenticationServer.java b/id/server/modules/moa-id-modules-saml1/src/main/java/at/gv/egovernment/moa/id/protocols/saml1/SAML1AuthenticationServer.java
index 0ec0d95a2..df8f13544 100644
--- a/id/server/modules/moa-id-modules-saml1/src/main/java/at/gv/egovernment/moa/id/protocols/saml1/SAML1AuthenticationServer.java
+++ b/id/server/modules/moa-id-modules-saml1/src/main/java/at/gv/egovernment/moa/id/protocols/saml1/SAML1AuthenticationServer.java
@@ -25,7 +25,6 @@ package at.gv.egovernment.moa.id.protocols.saml1;
import java.io.ByteArrayOutputStream;
import java.io.IOException;
import java.util.List;
-import java.util.Vector;
import java.util.regex.Matcher;
import java.util.regex.Pattern;
@@ -37,7 +36,6 @@ import javax.xml.namespace.QName;
import javax.xml.parsers.ParserConfigurationException;
import javax.xml.transform.TransformerException;
-import org.apache.commons.lang3.StringEscapeUtils;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.stereotype.Service;
import org.w3c.dom.Element;
@@ -51,8 +49,6 @@ import at.gv.egovernment.moa.id.auth.builder.BPKBuilder;
import at.gv.egovernment.moa.id.auth.builder.PersonDataBuilder;
import at.gv.egovernment.moa.id.auth.builder.SAMLArtifactBuilder;
import at.gv.egovernment.moa.id.auth.data.AuthenticationSession;
-import at.gv.egovernment.moa.id.auth.data.ExtendedSAMLAttribute;
-import at.gv.egovernment.moa.id.auth.data.ExtendedSAMLAttributeImpl;
import at.gv.egovernment.moa.id.auth.exception.AuthenticationException;
import at.gv.egovernment.moa.id.auth.exception.BuildException;
import at.gv.egovernment.moa.id.auth.exception.ParseException;
@@ -63,6 +59,7 @@ import at.gv.egovernment.moa.id.auth.validator.parep.ParepUtils;
import at.gv.egovernment.moa.id.commons.MOAIDAuthConstants;
import at.gv.egovernment.moa.id.commons.api.IOAAuthParameters;
import at.gv.egovernment.moa.id.commons.api.IRequest;
+import at.gv.egovernment.moa.id.commons.api.data.ExtendedSAMLAttribute;
import at.gv.egovernment.moa.id.commons.api.data.SAML1ConfigurationParameters;
import at.gv.egovernment.moa.id.commons.api.exceptions.ConfigurationException;
import at.gv.egovernment.moa.id.commons.db.ex.MOADatabaseException;
@@ -82,8 +79,6 @@ import at.gv.util.xsd.persondata.IdentificationType.Value;
import at.gv.util.xsd.persondata.PersonNameType;
import at.gv.util.xsd.persondata.PersonNameType.FamilyName;
import at.gv.util.xsd.persondata.PhysicalPersonType;
-import eu.eidas.auth.commons.IPersonalAttributeList;
-import eu.eidas.auth.commons.PersonalAttribute;
//import at.gv.egovernment.moa.id.util.IdentityLinkReSigner;
@Service("SAML1AuthenticationServer")
@@ -95,7 +90,7 @@ public class SAML1AuthenticationServer extends AuthenticationServer {
* time out in milliseconds used by {@link cleanup} for authentication data
* store
*/
- private static final long authDataTimeOut = 2 * 60 * 1000; // default 2 minutes
+ private static final int authDataTimeOut = 2 * 60 * 1000; // default 2 minutes
public Throwable getErrorResponse(String samlArtifact) throws AuthenticationException {
@@ -127,41 +122,43 @@ public class SAML1AuthenticationServer extends AuthenticationServer {
return error;
}
- /**
- * Transforms additional STORK attributes to MOA Extended attributes
- * @param iPersonalAttributeList STORK attribute list
- * @return
- */
- public List<ExtendedSAMLAttribute> addAdditionalSTORKAttributes(IPersonalAttributeList iPersonalAttributeList) {
- List<ExtendedSAMLAttribute> moaExtendedSAMLAttributeList = new Vector<ExtendedSAMLAttribute>();
-
- if(null == iPersonalAttributeList)
- return moaExtendedSAMLAttributeList;
-
- Logger.trace("Adding the following attributes to MOA assertion: ");
- int count = 0;
-
- for (PersonalAttribute attribute : iPersonalAttributeList) {
- Object attributeValue = attribute.getValue();
- if (null == attributeValue)
- attributeValue = attribute.getComplexValue();
-
- // escape attributeValue
- attributeValue = StringEscapeUtils.escapeXml10(attributeValue.toString());
- // and remove trailing and tailing brackets. Might break something but we never saw an array with more than one entry!
- attributeValue = ((String) attributeValue).substring(1, ((String) attributeValue).length() - 1);
-
- ExtendedSAMLAttribute extendedSAMLAttribute =
- new ExtendedSAMLAttributeImpl(attribute.getName(), attributeValue, Constants.STORK_NS_URI, 0);
- moaExtendedSAMLAttributeList.add(extendedSAMLAttribute);
- count++;
- Logger.trace("Additional attribute: " + attribute.getName());
- }
-
- Logger.debug("Added " + count + " STORK attribute(s) to the MOA assertion.");
-
- return moaExtendedSAMLAttributeList;
- }
+
+ //TODO: add eIDAS to SAML1 protocol if it is really necessary
+// /**
+// * Transforms additional STORK attributes to MOA Extended attributes
+// * @param iPersonalAttributeList STORK attribute list
+// * @return
+// */
+// public List<ExtendedSAMLAttribute> addAdditionalSTORKAttributes(IPersonalAttributeList iPersonalAttributeList) {
+// List<ExtendedSAMLAttribute> moaExtendedSAMLAttributeList = new Vector<ExtendedSAMLAttribute>();
+//
+// if(null == iPersonalAttributeList)
+// return moaExtendedSAMLAttributeList;
+//
+// Logger.trace("Adding the following attributes to MOA assertion: ");
+// int count = 0;
+//
+// for (PersonalAttribute attribute : iPersonalAttributeList) {
+// Object attributeValue = attribute.getValue();
+// if (null == attributeValue)
+// attributeValue = attribute.getComplexValue();
+//
+// // escape attributeValue
+// attributeValue = StringEscapeUtils.escapeXml10(attributeValue.toString());
+// // and remove trailing and tailing brackets. Might break something but we never saw an array with more than one entry!
+// attributeValue = ((String) attributeValue).substring(1, ((String) attributeValue).length() - 1);
+//
+// ExtendedSAMLAttribute extendedSAMLAttribute =
+// new ExtendedSAMLAttributeImpl(attribute.getName(), attributeValue, Constants.STORK_NS_URI, 0);
+// moaExtendedSAMLAttributeList.add(extendedSAMLAttribute);
+// count++;
+// Logger.trace("Additional attribute: " + attribute.getName());
+// }
+//
+// Logger.debug("Added " + count + " STORK attribute(s) to the MOA assertion.");
+//
+// return moaExtendedSAMLAttributeList;
+// }
/**
@@ -210,7 +207,7 @@ public class SAML1AuthenticationServer extends AuthenticationServer {
protocolRequest.getOAURL(), protocolRequest.getRequestID(),
null);
- authenticationDataStore.put(samlArtifact, error);
+ authenticationDataStore.put(samlArtifact, error, authDataTimeOut);
return samlArtifact;
}
@@ -721,7 +718,7 @@ public class SAML1AuthenticationServer extends AuthenticationServer {
//synchronized (authenticationDataStore) {
Logger.debug("Assertion stored for SAML Artifact: "
+ samlArtifact);
- authenticationDataStore.put(samlArtifact, samlAssertion);
+ authenticationDataStore.put(samlArtifact, samlAssertion,authDataTimeOut);
//}
} catch (AuthenticationException ex) {
diff --git a/id/server/modules/moa-id-modules-saml1/src/main/java/at/gv/egovernment/moa/id/protocols/saml1/SAML1RequestImpl.java b/id/server/modules/moa-id-modules-saml1/src/main/java/at/gv/egovernment/moa/id/protocols/saml1/SAML1RequestImpl.java
index 42fafc01e..1d3525626 100644
--- a/id/server/modules/moa-id-modules-saml1/src/main/java/at/gv/egovernment/moa/id/protocols/saml1/SAML1RequestImpl.java
+++ b/id/server/modules/moa-id-modules-saml1/src/main/java/at/gv/egovernment/moa/id/protocols/saml1/SAML1RequestImpl.java
@@ -26,6 +26,7 @@ import java.util.ArrayList;
import java.util.Collection;
import java.util.List;
+import org.opensaml.saml2.metadata.provider.MetadataProvider;
import org.springframework.beans.factory.config.BeanDefinition;
import org.springframework.context.annotation.Scope;
import org.springframework.stereotype.Component;
@@ -81,7 +82,7 @@ public class SAML1RequestImpl extends RequestImpl {
* @see at.gv.egovernment.moa.id.moduls.RequestImpl#getRequestedAttributes()
*/
@Override
- public Collection<String> getRequestedAttributes() {
+ public Collection<String> getRequestedAttributes(MetadataProvider metadataProvider) {
List<String> reqAttr = new ArrayList<String>();
reqAttr.addAll(SAML1Protocol.DEFAULTREQUESTEDATTRFORINTERFEDERATION);
diff --git a/id/server/modules/module-monitoring/src/main/java/at/gv/egovernment/moa/id/auth/servlet/MonitoringServlet.java b/id/server/modules/module-monitoring/src/main/java/at/gv/egovernment/moa/id/auth/servlet/MonitoringController.java
index 9adf2edc3..b232b9512 100644
--- a/id/server/modules/module-monitoring/src/main/java/at/gv/egovernment/moa/id/auth/servlet/MonitoringServlet.java
+++ b/id/server/modules/module-monitoring/src/main/java/at/gv/egovernment/moa/id/auth/servlet/MonitoringController.java
@@ -24,7 +24,6 @@ package at.gv.egovernment.moa.id.auth.servlet;
import java.io.IOException;
import java.io.PrintWriter;
-import java.util.Arrays;
import java.util.List;
import javax.servlet.ServletException;
@@ -37,39 +36,51 @@ import org.springframework.web.bind.annotation.RequestMapping;
import org.springframework.web.bind.annotation.RequestMethod;
import at.gv.egovernment.moa.id.commons.api.AuthConfiguration;
-import at.gv.egovernment.moa.id.commons.api.exceptions.ConfigurationException;
import at.gv.egovernment.moa.id.monitoring.TestManager;
import at.gv.egovernment.moa.logging.Logger;
import at.gv.egovernment.moa.util.MiscUtil;
@Controller
-public class MonitoringServlet {
+public class MonitoringController {
private static final String REQUEST_ATTR_MODULE = "module";
@Autowired private AuthConfiguration authConfig;
+ @Autowired private TestManager tests;
- public MonitoringServlet() {
+ public MonitoringController() {
super();
Logger.debug("Registering servlet " + getClass().getName() + " with mapping '/MonitoringServlet'.");
}
@RequestMapping(value = "/MonitoringServlet", method = RequestMethod.GET)
public void getStatusInformation(HttpServletRequest req, HttpServletResponse resp)
- throws ServletException, IOException {
+ throws ServletException, IOException{
- try {
- if (authConfig.isMonitoringActive()) {
- Logger.debug("Monitoring Servlet received request");
+ if (authConfig.isMonitoringActive()) {
+ Logger.debug("Monitoring Servlet received request");
- TestManager tests = TestManager.getInstance();
-
- String modulename = req.getParameter(REQUEST_ATTR_MODULE);
- if (MiscUtil.isEmpty(modulename)) {
+
+
+ String modulename = req.getParameter(REQUEST_ATTR_MODULE);
+ if (MiscUtil.isEmpty(modulename)) {
+
+ List<String> error = tests.executeTests();
+ if (error != null && error.size() > 0) {
+ createErrorMessage(req, resp, error);
+
+ } else {
+ resp.setStatus(HttpServletResponse.SC_OK);
+ resp.setContentType("text/html;charset=UTF-8");
+ resp.getWriter().write(getHtml(authConfig.getMonitoringMessageSuccess()));
+ Logger.info("Monitoring Servlet finished without errors");
+ }
- List<String> error = tests.executeTests();
- if (error != null && error.size() > 0) {
- createErrorMessage(req, resp, error);
+ } else {
+ if (tests.existsModule(modulename)) {
+ List<String> errors = tests.executeTest(modulename);
+ if (errors != null && errors.size() > 0) {
+ createErrorMessage(req, resp, errors);
} else {
resp.setStatus(HttpServletResponse.SC_OK);
@@ -79,38 +90,21 @@ public class MonitoringServlet {
}
} else {
- if (tests.existsModule(modulename)) {
- List<String> errors = tests.executeTest(modulename);
- if (errors != null && errors.size() > 0) {
- createErrorMessage(req, resp, errors);
-
- } else {
- resp.setStatus(HttpServletResponse.SC_OK);
- resp.setContentType("text/html;charset=UTF-8");
- resp.getWriter().write(getHtml(authConfig.getMonitoringMessageSuccess()));
- Logger.info("Monitoring Servlet finished without errors");
- }
-
- } else {
- Logger.warn("NO Testmodule exists with modulename " + modulename);
- resp.setStatus(HttpServletResponse.SC_NOT_FOUND);
- resp.setContentType("text/html;charset=UTF-8");
- PrintWriter out;
- try {
- out = new PrintWriter(resp.getOutputStream());
- out.write("NO Testmodule exists with modulename " + modulename);
- out.flush();
-
- } catch (IOException e) {
- Logger.warn("Internal Monitoring Servlet Error. ", e);
- }
- }
-
- }
- }
-
- } catch (ConfigurationException e) {
- createErrorMessage(req, resp, Arrays.asList(e.getMessage()));
+ Logger.warn("NO Testmodule exists with modulename " + modulename);
+ resp.setStatus(HttpServletResponse.SC_NOT_FOUND);
+ resp.setContentType("text/html;charset=UTF-8");
+ PrintWriter out;
+ try {
+ out = new PrintWriter(resp.getOutputStream());
+ out.write("NO Testmodule exists with modulename " + modulename);
+ out.flush();
+
+ } catch (IOException e) {
+ Logger.warn("Internal Monitoring Servlet Error. ", e);
+ }
+ }
+
+ }
}
}
diff --git a/id/server/modules/module-monitoring/src/main/java/at/gv/egovernment/moa/id/monitoring/DatabaseTestModule.java b/id/server/modules/module-monitoring/src/main/java/at/gv/egovernment/moa/id/monitoring/DatabaseTestModule.java
index 5e4183146..b21c5e93f 100644
--- a/id/server/modules/module-monitoring/src/main/java/at/gv/egovernment/moa/id/monitoring/DatabaseTestModule.java
+++ b/id/server/modules/module-monitoring/src/main/java/at/gv/egovernment/moa/id/monitoring/DatabaseTestModule.java
@@ -23,23 +23,25 @@
package at.gv.egovernment.moa.id.monitoring;
import java.util.ArrayList;
-import java.util.Date;
import java.util.List;
-import org.hibernate.Query;
-import org.hibernate.Session;
-
+import at.gv.egovernment.moa.id.advancedlogging.IStatisticLogger;
import at.gv.egovernment.moa.id.commons.api.AuthConfiguration;
-import at.gv.egovernment.moa.id.commons.db.MOASessionDBUtils;
-import at.gv.egovernment.moa.id.commons.db.StatisticLogDBUtils;
-import at.gv.egovernment.moa.id.commons.db.dao.session.AssertionStore;
-import at.gv.egovernment.moa.id.commons.db.dao.statistic.StatisticLog;
import at.gv.egovernment.moa.id.config.auth.AuthConfigurationProviderFactory;
+import at.gv.egovernment.moa.id.storage.ITransactionStorage;
import at.gv.egovernment.moa.logging.Logger;
import at.gv.egovernment.moa.util.MiscUtil;
public class DatabaseTestModule implements TestModuleInterface{
+ private ITransactionStorage transactionStorage;
+ private IStatisticLogger statLogUtils;
+
+ public DatabaseTestModule(ITransactionStorage transactionStorage, IStatisticLogger statLogUtils){
+ this.statLogUtils = statLogUtils;
+ this.transactionStorage = transactionStorage;
+ }
+
public List<String> performTests() throws Exception {
Logger.trace("Start MOA-ID Database Test.");
@@ -67,20 +69,9 @@ public class DatabaseTestModule implements TestModuleInterface{
private String testMOASessionDatabase() throws Exception{
Logger.trace("Start Test: MOASessionDatabase");
-
- Date expioredate = new Date(new Date().getTime() - 120);
-
- try {
- List<AssertionStore> results;
- Session session = MOASessionDBUtils.getCurrentSession();
-
- synchronized (session) {
- session.beginTransaction();
- Query query = session.getNamedQuery("getAssertionWithTimeOut");
- query.setTimestamp("timeout", expioredate);
- results = query.list();
- session.getTransaction().commit();
- }
+
+ try {
+ transactionStorage.get("testKey");
Logger.trace("Finish Test: MOASessionDatabase");
return null;
@@ -101,21 +92,9 @@ public class DatabaseTestModule implements TestModuleInterface{
return null;
}
- private String testMOAAdvancedLoggingDatabase() {
-
- Date expioredate = new Date(new Date().getTime() - 120);
+ private String testMOAAdvancedLoggingDatabase() {
try {
- Session session = StatisticLogDBUtils.getCurrentSession();
-
- List<StatisticLog> results;
-
- synchronized (session) {
- session.beginTransaction();
- Query query = session.getNamedQuery("getAllEntriesNotBeforeTimeStamp");
- query.setTimestamp("timeout", expioredate);
- results = query.list();
- session.getTransaction().commit();
- }
+ statLogUtils.testConnection();
Logger.trace("Finish Test: AdvancedLoggingDataBase");
return null;
diff --git a/id/server/modules/module-monitoring/src/main/java/at/gv/egovernment/moa/id/monitoring/IdentityLinkTestModule.java b/id/server/modules/module-monitoring/src/main/java/at/gv/egovernment/moa/id/monitoring/IdentityLinkTestModule.java
index 7994e7a06..6372fefa8 100644
--- a/id/server/modules/module-monitoring/src/main/java/at/gv/egovernment/moa/id/monitoring/IdentityLinkTestModule.java
+++ b/id/server/modules/module-monitoring/src/main/java/at/gv/egovernment/moa/id/monitoring/IdentityLinkTestModule.java
@@ -29,8 +29,6 @@ import java.util.List;
import org.w3c.dom.Element;
import at.gv.egovernment.moa.id.auth.builder.VerifyXMLSignatureRequestBuilder;
-import at.gv.egovernment.moa.id.auth.data.IdentityLink;
-import at.gv.egovernment.moa.id.auth.data.VerifyXMLSignatureResponse;
import at.gv.egovernment.moa.id.auth.exception.ValidateException;
import at.gv.egovernment.moa.id.auth.invoke.SignatureVerificationInvoker;
import at.gv.egovernment.moa.id.auth.parser.IdentityLinkAssertionParser;
@@ -38,6 +36,8 @@ import at.gv.egovernment.moa.id.auth.parser.VerifyXMLSignatureResponseParser;
import at.gv.egovernment.moa.id.auth.validator.IdentityLinkValidator;
import at.gv.egovernment.moa.id.auth.validator.VerifyXMLSignatureResponseValidator;
import at.gv.egovernment.moa.id.commons.api.AuthConfiguration;
+import at.gv.egovernment.moa.id.commons.api.data.IIdentityLink;
+import at.gv.egovernment.moa.id.commons.api.data.IVerifiyXMLSignatureResponse;
import at.gv.egovernment.moa.id.config.auth.AuthConfigurationProviderFactory;
import at.gv.egovernment.moa.id.config.auth.data.DynamicOAAuthParameters;
import at.gv.egovernment.moa.logging.Logger;
@@ -45,7 +45,7 @@ import at.gv.egovernment.moa.util.MiscUtil;
public class IdentityLinkTestModule implements TestModuleInterface {
- private static IdentityLink identityLink = null;
+ private static IIdentityLink identityLink = null;
public void initializeTest(long delayParam, String url) throws Exception{
@@ -56,7 +56,7 @@ public class IdentityLinkTestModule implements TestModuleInterface {
identityLink = new IdentityLinkAssertionParser(idlstream).parseIdentityLink();
}
- }
+ }
public List<String> performTests() throws Exception{
Logger.trace("Start MOA-ID IdentityLink Test");
@@ -74,7 +74,7 @@ public class IdentityLinkTestModule implements TestModuleInterface {
.verifyXMLSignature(domVerifyXMLSignatureRequest);
// parses the <VerifyXMLSignatureResponse>
try {
- VerifyXMLSignatureResponse verifyXMLSignatureResponse = new VerifyXMLSignatureResponseParser(
+ IVerifiyXMLSignatureResponse verifyXMLSignatureResponse = new VerifyXMLSignatureResponseParser(
domVerifyXMLSignatureResponse).parseData();
DynamicOAAuthParameters oaParam = new DynamicOAAuthParameters();
diff --git a/id/server/modules/module-monitoring/src/main/java/at/gv/egovernment/moa/id/monitoring/MonitoringSpringResourceProvider.java b/id/server/modules/module-monitoring/src/main/java/at/gv/egovernment/moa/id/monitoring/MonitoringSpringResourceProvider.java
new file mode 100644
index 000000000..0f7dfc7fe
--- /dev/null
+++ b/id/server/modules/module-monitoring/src/main/java/at/gv/egovernment/moa/id/monitoring/MonitoringSpringResourceProvider.java
@@ -0,0 +1,29 @@
+package at.gv.egovernment.moa.id.monitoring;
+
+import org.springframework.core.io.ClassPathResource;
+import org.springframework.core.io.Resource;
+
+import at.gv.egiz.components.spring.api.SpringResourceProvider;
+
+public class MonitoringSpringResourceProvider implements SpringResourceProvider{
+
+ @Override
+ public String getName() {
+ // TODO Auto-generated method stub
+ return "MOA-ID Monitoring Module";
+ }
+
+ @Override
+ public String[] getPackagesToScan() {
+ // TODO Auto-generated method stub
+ return null;
+ }
+
+ @Override
+ public Resource[] getResourcesToLoad() {
+ ClassPathResource monitoringResource = new ClassPathResource("/moaid_monitoring.beans.xml", MonitoringSpringResourceProvider.class);
+
+ return new Resource[] {monitoringResource};
+ }
+
+}
diff --git a/id/server/modules/module-monitoring/src/main/java/at/gv/egovernment/moa/id/monitoring/TestManager.java b/id/server/modules/module-monitoring/src/main/java/at/gv/egovernment/moa/id/monitoring/TestManager.java
index b25eed520..9f0083fb8 100644
--- a/id/server/modules/module-monitoring/src/main/java/at/gv/egovernment/moa/id/monitoring/TestManager.java
+++ b/id/server/modules/module-monitoring/src/main/java/at/gv/egovernment/moa/id/monitoring/TestManager.java
@@ -27,49 +27,29 @@ import java.util.HashMap;
import java.util.List;
import java.util.Map;
+import org.springframework.beans.factory.annotation.Autowired;
+
+import at.gv.egovernment.moa.id.advancedlogging.IStatisticLogger;
import at.gv.egovernment.moa.id.commons.api.AuthConfiguration;
import at.gv.egovernment.moa.id.commons.api.exceptions.ConfigurationException;
-import at.gv.egovernment.moa.id.config.auth.AuthConfigurationProviderFactory;
+import at.gv.egovernment.moa.id.storage.ITransactionStorage;
import at.gv.egovernment.moa.logging.Logger;
import at.gv.egovernment.moa.util.FileUtils;
-public class TestManager {
-
- private static TestManager instance;
+public class TestManager{
+ @Autowired private ITransactionStorage transactionStorage;
+ @Autowired(required=false) private IStatisticLogger statisticLogDBUtils = null;
+ @Autowired private AuthConfiguration authConfig;
private Map<String, TestModuleInterface> tests = new HashMap<String, TestModuleInterface>();
- public static TestManager getInstance() throws ConfigurationException {
- if (instance == null)
- instance = new TestManager();
-
- return instance;
- }
-
- private TestManager() throws ConfigurationException {
-
- AuthConfiguration config = AuthConfigurationProviderFactory.getInstance();
-
- //add Database test
- DatabaseTestModule test1 = new DatabaseTestModule();
- tests.put(test1.getName(), test1);
-
- //add IdentityLink verification test
- IdentityLinkTestModule test2 = new IdentityLinkTestModule();
- String idlurl = FileUtils.makeAbsoluteURL(config.getMonitoringTestIdentityLinkURL(), config.getRootConfigFileDir());
- try {
- test2.initializeTest(0, idlurl);
- tests.put(test2.getName(), test2);;
-
- } catch (Exception e) {
- Logger.warn("MOA-ID IdentityLink Test can not performed without IdentityLink. Insert IdentityLink file to MOA-ID configuration", e);
- }
+ public TestManager(){
+
}
public List<String> executeTests() {
Logger.debug("Start MOA-ID-Auth testing");
-
List<String> errors;
for (TestModuleInterface test : tests.values()) {
@@ -109,4 +89,24 @@ public class TestManager {
public boolean existsModule(String modulename) {
return tests.containsKey(modulename);
}
+
+ public void init() throws ConfigurationException{
+ Logger.debug("Start initializing MOA-ID-Auth TestManager");
+
+ //add Database test
+ DatabaseTestModule test1 = new DatabaseTestModule(this.transactionStorage, this.statisticLogDBUtils);
+ tests.put(test1.getName(), test1);
+
+ //add IdentityLink verification test
+ IdentityLinkTestModule test2 = new IdentityLinkTestModule();
+ String idlurl = FileUtils.makeAbsoluteURL(authConfig.getMonitoringTestIdentityLinkURL(), authConfig.getRootConfigFileDir());
+ try {
+ test2.initializeTest(0, idlurl);
+ tests.put(test2.getName(), test2);;
+
+ } catch (Exception e) {
+ Logger.warn("MOA-ID IdentityLink Test can not performed without IdentityLink. Insert IdentityLink file to MOA-ID configuration", e);
+ }
+ }
+
}
diff --git a/id/server/modules/module-monitoring/src/main/resources/META-INF/services/at.gv.egiz.components.spring.api.SpringResourceProvider b/id/server/modules/module-monitoring/src/main/resources/META-INF/services/at.gv.egiz.components.spring.api.SpringResourceProvider
new file mode 100644
index 000000000..b696bcdd7
--- /dev/null
+++ b/id/server/modules/module-monitoring/src/main/resources/META-INF/services/at.gv.egiz.components.spring.api.SpringResourceProvider
@@ -0,0 +1 @@
+at.gv.egovernment.moa.id.monitoring.MonitoringSpringResourceProvider \ No newline at end of file
diff --git a/id/server/modules/module-monitoring/src/main/resources/moaid_monitoring.beans.xml b/id/server/modules/module-monitoring/src/main/resources/moaid_monitoring.beans.xml
new file mode 100644
index 000000000..6c195e7d7
--- /dev/null
+++ b/id/server/modules/module-monitoring/src/main/resources/moaid_monitoring.beans.xml
@@ -0,0 +1,16 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<beans
+ xmlns="http://www.springframework.org/schema/beans"
+ xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
+ xmlns:context="http://www.springframework.org/schema/context"
+ xmlns:tx="http://www.springframework.org/schema/tx"
+ xmlns:aop="http://www.springframework.org/schema/aop"
+ xsi:schemaLocation="http://www.springframework.org/schema/aop http://www.springframework.org/schema/aop/spring-aop-3.1.xsd
+ http://www.springframework.org/schema/beans http://www.springframework.org/schema/beans/spring-beans.xsd
+ http://www.springframework.org/schema/context http://www.springframework.org/schema/context/spring-context-3.1.xsd
+ http://www.springframework.org/schema/tx http://www.springframework.org/schema/tx/spring-tx-3.0.xsd">
+
+ <bean id="testManager"
+ class="at.gv.egovernment.moa.id.monitoring.TestManager"
+ init-method="init"/>
+</beans> \ No newline at end of file
diff --git a/id/server/pom.xml b/id/server/pom.xml
index 56d317cf5..55bff295a 100644
--- a/id/server/pom.xml
+++ b/id/server/pom.xml
@@ -20,11 +20,12 @@
<modules>
<module>moa-id-spring-initializer</module>
<module>moa-id-frontend-resources</module>
+ <module>moa-id-jaxb_classes</module>
<module>idserverlib</module>
<module>moa-id-commons</module>
<module>modules</module>
<module>auth-final</module>
- <module>auth-edu</module>
+ <module>auth-edu</module>
</modules>
<dependencyManagement>
@@ -104,7 +105,7 @@
<dependency>
<groupId>junit</groupId>
<artifactId>junit</artifactId>
- <version>4.11</version>
+ <version>4.12</version>
<scope>test</scope>
</dependency>
<dependency>