diff options
Diffstat (limited to 'id')
103 files changed, 9494 insertions, 1692 deletions
diff --git a/id/oa/.classpath b/id/oa/.classpath new file mode 100644 index 000000000..5d93de69c --- /dev/null +++ b/id/oa/.classpath @@ -0,0 +1,4 @@ +<classpath> + <classpathentry kind="output" path="target/classes"/> + <classpathentry kind="con" path="org.eclipse.jdt.launching.JRE_CONTAINER"/> +</classpath>
\ No newline at end of file diff --git a/id/oa/.project b/id/oa/.project new file mode 100644 index 000000000..cf4d83eff --- /dev/null +++ b/id/oa/.project @@ -0,0 +1,14 @@ +<projectDescription> + <name>moa-id-oa</name> + <comment/> + <projects/> + <buildSpec> + <buildCommand> + <name>org.eclipse.jdt.core.javabuilder</name> + <arguments/> + </buildCommand> + </buildSpec> + <natures> + <nature>org.eclipse.jdt.core.javanature</nature> + </natures> +</projectDescription> diff --git a/id/pom.xml b/id/pom.xml index ab3b59e7d..1d93d087c 100644 --- a/id/pom.xml +++ b/id/pom.xml @@ -3,14 +3,14 @@ <parent> <groupId>MOA</groupId> <artifactId>MOA</artifactId> - <version>1.4.2beta1</version> + <version>1.4.2beta2</version> </parent> <modelVersion>4.0.0</modelVersion> <groupId>MOA</groupId> <artifactId>id</artifactId> <packaging>pom</packaging> - <version>1.4.2beta1</version> + <version>1.4.2beta2</version> <name>MOA ID</name> <modules> diff --git a/id/server/auth/.classpath b/id/server/auth/.classpath new file mode 100644 index 000000000..46c5c5ab0 --- /dev/null +++ b/id/server/auth/.classpath @@ -0,0 +1,7 @@ +<?xml version="1.0" encoding="UTF-8"?>
+<classpath>
+ <classpathentry kind="con" path="org.eclipse.jdt.launching.JRE_CONTAINER"/>
+ <classpathentry kind="con" path="org.eclipse.jst.server.core.container/org.eclipse.jst.server.tomcat.runtimeTarget/Apache Tomcat v5.0"/>
+ <classpathentry kind="con" path="org.eclipse.jst.j2ee.internal.web.container"/>
+ <classpathentry kind="output" path="target/classes"/>
+</classpath>
diff --git a/id/server/auth/.project b/id/server/auth/.project new file mode 100644 index 000000000..a8a455ff2 --- /dev/null +++ b/id/server/auth/.project @@ -0,0 +1,44 @@ +<?xml version="1.0" encoding="UTF-8"?>
+<projectDescription>
+ <name>moa-id-auth</name>
+ <comment></comment>
+ <projects>
+ <project>moa-id-lib</project>
+ <project>moa-spss-lib</project>
+ </projects>
+ <buildSpec>
+ <buildCommand>
+ <name>org.eclipse.jdt.core.javabuilder</name>
+ <arguments>
+ </arguments>
+ </buildCommand>
+ <buildCommand>
+ <name>org.eclipse.wst.common.project.facet.core.builder</name>
+ <arguments>
+ </arguments>
+ </buildCommand>
+ <buildCommand>
+ <name>org.eclipse.wst.validation.validationbuilder</name>
+ <arguments>
+ </arguments>
+ </buildCommand>
+ <buildCommand>
+ <name>org.maven.ide.eclipse.maven2Builder</name>
+ <arguments>
+ </arguments>
+ </buildCommand>
+ <buildCommand>
+ <name>kr.javanese.devtools.m2wtp.wtpDepBuilder</name>
+ <arguments>
+ </arguments>
+ </buildCommand>
+ </buildSpec>
+ <natures>
+ <nature>org.eclipse.jdt.core.javanature</nature>
+ <nature>org.maven.ide.eclipse.maven2Nature</nature>
+ <nature>org.eclipse.wst.common.project.facet.core.nature</nature>
+ <nature>org.eclipse.wst.common.modulecore.ModuleCoreNature</nature>
+ <nature>org.eclipse.jem.workbench.JavaEMFNature</nature>
+ <nature>kr.javanese.devtools.m2wtp.m2wtpNature</nature>
+ </natures>
+</projectDescription>
diff --git a/id/server/auth/.settings/org.eclipse.jdt.core.prefs b/id/server/auth/.settings/org.eclipse.jdt.core.prefs new file mode 100644 index 000000000..1b042e027 --- /dev/null +++ b/id/server/auth/.settings/org.eclipse.jdt.core.prefs @@ -0,0 +1,7 @@ +#Fri Sep 14 14:27:19 CEST 2007
+eclipse.preferences.version=1
+org.eclipse.jdt.core.compiler.codegen.targetPlatform=1.4
+org.eclipse.jdt.core.compiler.compliance=1.4
+org.eclipse.jdt.core.compiler.problem.assertIdentifier=error
+org.eclipse.jdt.core.compiler.problem.enumIdentifier=warning
+org.eclipse.jdt.core.compiler.source=1.4
diff --git a/id/server/auth/.settings/org.eclipse.wst.common.component b/id/server/auth/.settings/org.eclipse.wst.common.component new file mode 100644 index 000000000..f256fdc92 --- /dev/null +++ b/id/server/auth/.settings/org.eclipse.wst.common.component @@ -0,0 +1,16 @@ +<?xml version="1.0" encoding="UTF-8"?>
+<project-modules id="moduleCoreId" project-version="1.5.0">
+<wb-module deploy-name="moa-id-auth">
+<wb-resource deploy-path="/" source-path="/src/main/webapp"/>
+<wb-resource deploy-path="/WEB-INF/classes" source-path="/src/main/resources"/>
+<dependent-module deploy-path="/WEB-INF/lib" handle="module:/resource/moa-id-lib/moa-id-lib">
+<dependency-type>uses</dependency-type>
+</dependent-module>
+<dependent-module deploy-path="/WEB-INF/lib" handle="module:/resource/moa-spss-lib/moa-spss-lib">
+<dependency-type>uses</dependency-type>
+<wb-resource deploy-path="/WEB-INF/LIB" source-path="org.maven.ide.eclipse.MAVEN2_CLASSPATH_CONTAINER"/>
+</dependent-module>
+<property name="java-output-path" value="target/classes"/>
+<property name="context-root" value="moa-id-auth"/>
+</wb-module>
+</project-modules>
diff --git a/id/server/auth/.settings/org.eclipse.wst.common.project.facet.core.xml b/id/server/auth/.settings/org.eclipse.wst.common.project.facet.core.xml new file mode 100644 index 000000000..d0145894a --- /dev/null +++ b/id/server/auth/.settings/org.eclipse.wst.common.project.facet.core.xml @@ -0,0 +1,5 @@ +<?xml version="1.0" encoding="UTF-8"?>
+<faceted-project>
+ <installed facet="jst.web" version="2.4"/>
+ <installed facet="jst.java" version="1.4"/>
+</faceted-project>
diff --git a/id/server/auth/pom.xml b/id/server/auth/pom.xml index 9870c7ef6..2c123a8ec 100644 --- a/id/server/auth/pom.xml +++ b/id/server/auth/pom.xml @@ -2,14 +2,14 @@ <parent> <groupId>MOA.id</groupId> <artifactId>moa-id</artifactId> - <version>1.4.2beta1</version> + <version>1.4.2beta2</version> </parent> <modelVersion>4.0.0</modelVersion> <groupId>MOA.id.server</groupId> <artifactId>moa-id-auth</artifactId> <packaging>war</packaging> - <version>1.4.2beta1</version> + <version>1.4.2beta2</version> <name>MOA ID-Auth WebService</name> <properties> @@ -35,14 +35,18 @@ <!-- extract moa-id classes for debugging --> <!--warSourceExcludes>WEB-INF/lib/moa-id-lib*.jar</warSourceExcludes--> - <!-- <webResources> <resource> + <directory>${basedir}/src/main/wsdl</directory> + <targetPath>WEB-INF/classes/resources/wsdl</targetPath> + </resource> + <!-- + <resource> <directory>${basedir}/../idserverlib/target/classes</directory> <targetPath>WEB-INF/classes</targetPath> </resource> - </webResources> --> + </webResources> </configuration> </plugin> </plugins> diff --git a/id/server/auth/src/main/webapp/META-INF/MANIFEST.MF b/id/server/auth/src/main/webapp/META-INF/MANIFEST.MF new file mode 100644 index 000000000..58630c02e --- /dev/null +++ b/id/server/auth/src/main/webapp/META-INF/MANIFEST.MF @@ -0,0 +1,2 @@ +Manifest-Version: 1.0
+
diff --git a/id/server/auth/src/main/webapp/WEB-INF/web.xml b/id/server/auth/src/main/webapp/WEB-INF/web.xml index 603758fb8..5c729ef19 100644 --- a/id/server/auth/src/main/webapp/WEB-INF/web.xml +++ b/id/server/auth/src/main/webapp/WEB-INF/web.xml @@ -22,6 +22,12 @@ <description>Verify identity link coming from security layer</description> <servlet-class>at.gv.egovernment.moa.id.auth.servlet.VerifyIdentityLinkServlet</servlet-class> </servlet> + <servlet> + <servlet-name>ProcessInput</servlet-name> + <display-name>ProcessInput</display-name> + <description>Process user input needed by infobox validators</description> + <servlet-class>at.gv.egovernment.moa.id.auth.servlet.ProcessValidatorInputServlet</servlet-class> + </servlet> <servlet> <servlet-name>VerifyAuthBlock</servlet-name> <display-name>VerifyAuthBlock</display-name> @@ -37,9 +43,7 @@ <servlet> <servlet-name>AxisServlet</servlet-name> <display-name>Apache-Axis Servlet</display-name> - <servlet-class> - org.apache.axis.transport.http.AxisServlet - </servlet-class> + <servlet-class>org.apache.axis.transport.http.AxisServlet</servlet-class> </servlet> <!-- JSP servlet --> @@ -73,9 +77,13 @@ <url-pattern>/VerifyIdentityLink</url-pattern> </servlet-mapping> <servlet-mapping> - <servlet-name>VerifyAuthBlock</servlet-name> - <url-pattern>/VerifyAuthBlock</url-pattern> + <servlet-name>ProcessInput</servlet-name> + <url-pattern>/ProcessInput</url-pattern> </servlet-mapping> + <servlet-mapping> + <servlet-name>VerifyAuthBlock</servlet-name> + <url-pattern>/VerifyAuthBlock</url-pattern> + </servlet-mapping> <servlet-mapping> <servlet-name>ConfigurationUpdate</servlet-name> <url-pattern>/ConfigurationUpdate</url-pattern> diff --git a/id/server/auth/src/main/webapp/css/mandates.css b/id/server/auth/src/main/webapp/css/mandates.css new file mode 100644 index 000000000..7b6e550f0 --- /dev/null +++ b/id/server/auth/src/main/webapp/css/mandates.css @@ -0,0 +1,57 @@ +/* CSS Document */
+
+.hleft {
+ float: left;
+ width: 50%;
+}
+
+.hright {
+ float: left;
+ width: 49%;
+}
+
+.htitle {
+ padding-top: 15px;
+ clear: both;
+}
+
+.leiste1 {
+ background-color: #FF0000;
+ color: #FFFFFF;
+ font-weight: bold;
+ width: 15%;
+ float: left;
+ clear: left;
+ height: 20px;
+ padding-top: 5px;
+ padding-bottom: 5px;
+ FONT-SIZE: 0.9em;
+}
+
+.leiste2 {
+ background-color: #CCCCCC;
+ color: #000000;
+ float: left;
+ height: 20px;
+ width: 33%;
+ padding-top: 5px;
+ padding-bottom: 5px;
+}
+
+a.info {
+ color: #000000;
+ text-decoration: underline;
+}
+
+
+.leiste3 {
+ background-color: #CCCCCC;
+ color: #000000;
+ height: 20px;
+ float: left;
+ width: 17%;
+ padding-top: 5px;
+ padding-bottom: 5px;
+ FONT-SIZE: 0.8em;
+
+}
diff --git a/id/server/auth/src/main/webapp/css/styles.css b/id/server/auth/src/main/webapp/css/styles.css new file mode 100644 index 000000000..d91b993d1 --- /dev/null +++ b/id/server/auth/src/main/webapp/css/styles.css @@ -0,0 +1,741 @@ +/*
+|| Groesse der Seite auf A4 setzen
+|| Rand auf jeweils 10% der Seite setzen
+*/
+
+@page {
+ size: 21cm 29.7cm;
+ margin: 10%;
+}
+
+/*
+|| Font und Farben, die fuer das gesamte Dokument gueltig sind.
+*/
+
+body {
+ font-family: arial, helvetica, sans-serif;
+ background-color: white;
+ color: black;
+}
+
+/*
+|| Eingabefelder verwenden eine Monospace-Font (s. Laenderstyleguide 5.1)
+*/
+
+input, textarea, select {
+ font-family: monospace;
+}
+
+/*
+|| Schriftgroesse fuer Formulartitel
+*/
+
+h1 {
+ font-size: 1.3em;
+}
+
+/*
+|| Definitionen fuer die Kategorien (faerbiger Balken)
+*/
+
+h2 {
+ width: 98%;
+ background-color: #A02D2D;
+ color: white;
+ font-weight: bold;
+ font-size: 1em;
+ padding: 0.3em;
+ border-width: thin;
+ margin-bottom: 1em;
+}
+
+/*
+|| Subkategorie (zB Adresse innerhalb von Stammgewerbeberechtigung)
+*/
+
+h3 {
+ padding: 5px;
+ margin-bottom: 1px;
+ font-size: 0.8em;
+}
+
+/*
+|| Informationstext zu einer Kategorie
+*/
+
+h4 {
+ margin-bottom: 0.5em;
+ font-size: 0.8em;
+}
+
+fieldset {
+ border: none;
+}
+
+}
+
+legend {
+ display: none;
+}
+
+
+/*
+|| Informationstext im Info-Kaestchen
+*/
+
+.infotext {
+ padding: 0.8em;
+ float: left;
+ background-color: #EEEEEE;
+ color: black;
+ font-size: 0.8em;
+}
+
+/*
+|| Info-Link im Info-Kaestchen
+*/
+
+.infobutton {
+ float: left;
+ width: 2em;
+ background-color: red;
+ text-align: center;
+ font-size: 1.5em;
+ color: white;
+ font-weight: bold;
+ padding: 0.4em;
+ border-width: 0.25em;
+ border-style: outset;
+ border-style: -moz-bg-outset;
+}
+
+/*
+|| Info-Link soll weiss sein
+*/
+
+.infobutton a:link {
+ background-color: red;
+ color: white;
+ text-decoration: none;
+
+}
+
+/*
+|| Info-Link soll weiss sein, auch wenn Link schon einmal angeklickt wurde
+*/
+
+.infobutton a:visited {
+ background-color: red;
+ color: white;
+}
+
+/*
+|| Info-Link-Text soll weiss sein, auch wenn man mit der Maus drueberfaehrt
+*/
+
+.infobutton a:hover {
+ background-color: red;
+ color: white;
+}
+
+/*
+|| Begrenzung fuer das Info-Kaestchen
+*/
+
+.boundinginfobox {
+ width: 99%;
+ background-color: #EEEEEE;
+ color: black;
+ border-width: thin;
+}
+
+/*
+|| Begrenzung fuer Eingabefeldbereiche
+*/
+
+.boundingbox {
+ width: 99%;
+ background-color: #EEEEEE;
+ color: black;
+ border-width: thin;
+ margin-bottom: 1em;
+}
+
+/*
+|| Begrenzung, die Leittexte und Formulardaten im statischen Formular
+|| zusammenhaelt, sodass es bei einem Seitenumbruch beim Ausdruck
+|| nicht zu Verschiebungen kommt
+*/
+.printboundingbox {
+ width: 99%;
+}
+
+/*
+|| Bereich fuer die Leittexte
+*/
+
+.labelarea {
+ text-align: right;
+ width: 17%;
+ float: left;
+ padding: 5px;
+ font-size: 0.8em;
+ vertical-align: middle;
+}
+
+/*
+|| Bereich fuer sehr lange Leittexte
+*/
+
+.labelareawidened {
+ text-align: right;
+ width: 50%;
+ float: left;
+ padding: 5px;
+ font-size: 0.8em;
+ vertical-align: middle;
+}
+
+/*
+|| Leittextbereich ohne Angabe einer Breite (z.B. bei Stiege und Tuer; sonst generell (.labelarea) 17% der Gesamtbreite)
+*/
+
+.labelareanowidth {
+ float: left;
+ padding: 5px;
+ font-size: 0.8em;
+ vertical-align: middle;
+}
+
+/*
+|| Legendenbereich (Icons)
+*/
+
+.legendarea {
+ width: 30px;
+ text-align: left;
+ float: left;
+ padding-left: 4px;
+ padding-top: 5px;
+ vertical-align: middle;
+}
+
+/*
+|| Legendenbereich fuer den Stern (in Kombination mit einem Rufzeichen)
+*/
+
+.legendareastar {
+ width: 13px;
+ float: left;
+ padding-left: 4px;
+ padding-top: 5px;
+ vertical-align: middle;
+}
+
+/*
+|| Legendenbereich fuer das Info-Icon
+*/
+
+.legendareainfo {
+ width: 17px;
+ float: left;
+ padding-top: 5px;
+ vertical-align: middle;
+}
+
+/*
+|| Bereich fuer ein einzelnes Eingabefeld
+*/
+
+.inputfieldarea {
+ float: left;
+ padding: 4px;
+}
+
+/*
+|| Bereich fuer das erste Eingabefeld, wenn zwei in einer Zeile
+|| = Eingabefeldbereich, dessen Breite auf 26% begrenzt ist (.inputfieldarea hat keine Begrenzung)
+*/
+
+.inputfieldareafortwo {
+ width: 26%;
+ float: left;
+ padding: 4px;
+}
+
+
+/*
+|| e-Goverment Schriftzug im Logo
+*/
+
+.egovlogo {
+ text-align: center;
+ background-color: white;
+ color: #008B8B;
+ font-weight: bold;
+ font-style: italic;
+ font-size: 1.7em;
+}
+
+/*
+|| help.gv.at-Schriftzug im Logo
+*/
+
+.egovtext {
+ text-align: center;
+ background-color: white;
+ color: black;
+ font-weight: bold;
+ font-size: 1.2em;
+}
+
+/*
+|| Bereich fuer den Titel des Formulars links vom Logo
+*/
+
+.titlebox {
+ float: left;
+ width: 65%;
+ margin-bottom: 1em;
+}
+
+/*
+|| Bereich fuer das Logo
+*/
+
+.logobox {
+ float: right;
+ margin-bottom: 1em;
+}
+
+/*
+|| Allgemeiner Informationstext zu einem Formular (zwischen Formulartitel
+|| und Info-Kaestchen
+*/
+
+.introtext {
+ font-weight: bold;
+ margin-bottom: 1em;
+}
+
+/*
+|| Link "Zum Formularanfang"
+*/
+
+.formtop {
+ float: right;
+}
+
+/*
+|| Bereich fuer die Steuerungs-Buttons (Senden, Abbrechen, etc.)
+*/
+
+.buttonarea {
+ margin-top: 0.5em;
+ text-align: center;
+}
+
+/*
+|| Aussehen der Steuerungs-Buttons
+*/
+
+.button {
+ font-family: arial, helvetica, sans-serif;
+ font-size: 1em;
+}
+
+/*
+|| Formularkennung/Fusszeile des Formulars
+*/
+
+.formid {
+ float: left;
+ font-style: italic;
+ font-size: 0.8em;
+ background-color: #008B8B;
+ color: white;
+ padding: 0.5em;
+}
+
+/*
+|| Behoerdenanschrift
+*/
+
+.organizationaddress {
+ font-style: italic;
+ margin-top: 1em;
+ margin-bottom: 1em;
+}
+
+/*
+|| Behoerdenanschrift mit Logo
+*/
+
+.organizationaddresslogo {
+ font-style: italic;
+ margin-top: 1em;
+ margin-bottom: 1em;
+ float: left;
+}
+
+/*
+|| Beilagen-Tabelle
+*/
+
+.attachmenttable {
+ width: 99%;
+ background-color: #EEEEEE;
+ color: black;
+ border-width: thin;
+ border-collapse: collapse;
+ margin-bottom: 1em;
+}
+
+/*
+|| Spaltenueberschrift "lfd Nr"
+*/
+
+.attachmenttitlenumber {
+ border-bottom: thin solid black;
+ border-right: thin solid black;
+ padding: 0.3em;
+ font-size: 0.8em;
+}
+
+/*
+|| Spaltenueberschrift "Beilage"
+*/
+
+.attachmenttitlename {
+ border-bottom: thin solid black;
+ border-right: thin solid black;
+ padding: 0.5em;
+ text-align: left;
+ font-size: 0.8em;
+}
+
+
+/*
+|| Spaltenueberschriften "nachgereicht" und "angefuegt"
+*/
+
+.attachmenttitleselection {
+ padding: 0.3em;
+ text-align: center;
+ border-left: thin solid black;
+ border-bottom: thin solid black;
+ font-size: 0.8em;
+}
+
+/*
+|| Spaltenueberschrift "Datei"
+*/
+
+.attachmenttitlefile {
+ padding: 0.3em;
+ text-align: left;
+ border-bottom: thin solid black;
+ font-size: 0.8em;
+}
+
+/*
+|| Zellen der Spalte "lfd Nr"
+*/
+
+.attachmentnumber {
+ text-align: center;
+ border-left: thin solid #EEEEEE;
+ border-right: thin solid black;
+ padding: 0.3em;
+ font-size: 0.8em;
+}
+
+/*
+|| Zellen der Spalte "Beilage"
+*/
+
+.attachmentname {
+ text-align: left;
+ border-left: thin solid black;
+ border-right: thin solid black;
+ padding: 0.5em;
+ font-size: 0.8em;
+}
+
+/*
+|| Zellen der Spalte "Datei"
+*/
+
+.attachmentfile {
+ text-align: left;
+ border-right: thin solid #EEEEEE;
+ padding: 0.3em;
+}
+
+/*
+|| Zellen der Spalte "angefuegt"
+*/
+
+.attachmentselectiononline {
+ text-align: center;
+ padding: 0.3em;
+ border-left: solid black thin;
+}
+
+/*
+|| Zellen der Spalte "nachgereicht"
+*/
+
+.attachmentselectionpost {
+ text-align: center;
+ border-left: solid black thin;
+ padding: 0.3em;
+}
+
+/*
+|| unsichtbarer Bereich
+*/
+
+.hide {
+ visibility: hidden;
+ display: none;
+}
+
+/*
+|| sichtbarer Bereich
+*/
+
+.show {
+ visibility: visible;
+ display: block;
+}
+
+/*
+|| readonly-Felder
+*/
+
+.deactive {
+ background-color: #D3D3D3;
+ color: gray;
+}
+
+/*
+|| Fehlertexte (bei fehlerhaften Eingaben)
+*/
+
+.errortext {
+ color: red;
+ background-color: white;
+ font-size: 1em;
+ border: solid red 2px;
+ padding: 0.5em;
+ width: 97%;
+}
+
+.errortext a:visited , .errortext a:link, .errortext a:hover {
+ color: red;
+}
+
+/*
+|| simuliertes Readonly-Eingabefeld, das in Wirklichkeit
+|| Text mit einem Rahmen ist
+*/
+
+.readonlybutton {
+ width: 20em;
+ background-color: #D3D3D3;
+ color: gray;
+ border-color: gray;
+ border-width: thin;
+ border-style: inset;
+ font-family: monospace;
+}
+
+/*
+|| Vertikale Ausrichtung des Info-Icons im Beilagenbereich
+*/
+
+.imagevertalign {
+ vertical-align: middle;
+}
+
+/*
+|| Unterbindet Rahmen bei Bildern mit hinterlegtem Link
+*/
+
+a img {
+ border: none;
+}
+
+/*
+|| MOA-Ergebnis-Tabelle
+*/
+
+.MOA-SP-ergebnis-tabelle {
+ width: 100%;
+ border: thin solid black;
+ border-collapse: collapse;
+ margin-bottom: 1em;
+}
+
+/*
+|| MOA-Ergebnis-Tabellenemelemente
+*/
+
+.MOA-SP-ergebnis-zelle, .MOA-SP-ergebnis-header {
+ border: thin solid black;
+ text-align: left;
+ padding: 0.3em;
+ background-color: #EEEEEE;
+}
+
+/*
+|| MOA-Ergebnis-Tabelle Fehlermeldungen
+*/
+
+.moa-sp-error {
+ color: red;
+ font-weight: bold;
+}
+
+/*
+|| Signaturblock-Tabelle
+*/
+
+.sigblock-tabelle {
+ width: 100%;
+ border: thin solid black;
+ border-collapse: collapse;
+ margin-bottom: 1em;
+}
+
+/*
+|| Signaturblock-Tabellenelemente
+*/
+
+.sigblock-zelle, .sigblock-header {
+ border: thin solid black;
+ text-align: left;
+ padding: 0.3em;
+ background-color: #EEEEEE;
+}
+
+/*
+|| Formular mit mehreren Seiten, Angabe der aktuellen Seite
+*/
+
+.steps {
+ text-align: right;
+ font-weight: bold;
+ padding: 0.3em;
+ margin-right: 0.3em;
+ font-style: italic;
+}
+
+/*
+|| Bereich fuer Formularliste
+*/
+
+.labelareaform {
+ text-align: left;
+ width: 50%;
+ float: left;
+ padding: 5px;
+ font-size: 0.8em;
+ font-weight: bold;
+ vertical-align: middle;
+}
+
+/*
+|| Bereich fuer Bestellung und Details bei Formularbestellungen
+*/
+
+.labelareaorderdetail {
+ text-align: center;
+ width: 17%;
+ float: left;
+ padding: 5px;
+ font-size: 0.8em;
+ vertical-align: middle;
+ font-weight: bold;
+}
+
+/*
+|| Farbe der Verfahrens-Tabellenzeilen mit geradem Index
+*/
+
+.evenformrow {
+ background-color: #EEEEEE;
+}
+
+/*
+|| Farbe der Verfahrens-Tabellenzeilen mit ungeradem Index
+*/
+
+.oddformrow {
+ background-color: lightgrey;
+}
+
+/*
+|| Sicherheitsabfrage in der Verfahrensverwaltung
+*/
+
+.checktext {
+ color: red;
+ padding: 0.5em;
+ border: solid 2px red;
+ margin: 1em;
+}
+
+/*
+|| Buttons der Eingangsstelle
+*/
+
+.eingang_button {
+ line-height: 2em;
+ border-width: 2px;
+ border-color: grey;
+ padding: 4px;
+ background-color: lightgrey;
+ border-style: outset;
+ border-style: -moz-bg-outset;
+}
+
+/*
+|| Buttonlinks der Eingangsstelle
+*/
+
+.eingang_button_link {
+ color: black;
+ text-decoration: none;
+}
+
+/*
+|| Für den Farbenwechsel bei den Beilagen-Tabellen
+*/
+
+table.attachmenttable tr.s
+{
+ background-color: lightgrey;
+}
+
+/*
+|| Farbe der Titelzeile bei den Beilagen-Tabellen
+*/
+
+table.attachmenttable thead
+{
+ background-color: #aaaaaa;
+}
+
+/*
+|| Aktuell fokussiertes Eingabefeld visuell hervorheben (Styleguide Anforderung)
+*/
+
+input:focus, input.field:focus, select:focus, textarea:focus {
+ border: 2px solid black;
+}
+
+select:focus {
+ background-color: #FFFFFE;
+}
\ No newline at end of file diff --git a/id/server/auth/src/main/webapp/css/styles_opera.css b/id/server/auth/src/main/webapp/css/styles_opera.css new file mode 100644 index 000000000..a2ea527bf --- /dev/null +++ b/id/server/auth/src/main/webapp/css/styles_opera.css @@ -0,0 +1,11 @@ +/*
+|| In Opera funktioniert das Aus- und Einblenden von HTML-Bloecken
+|| mittels JavaScript-Zugriff auf DOM-Objekte nicht, daher muss
+|| die Definition der Klasse .hide in diesem Browser durch eine
+|| "sichtbare" Definition ueberlagert werden
+*/
+
+.hide {
+ visibility: visible;
+ display: block;
+}
\ No newline at end of file diff --git a/id/server/auth/src/main/webapp/img/egov_schrift.gif b/id/server/auth/src/main/webapp/img/egov_schrift.gif Binary files differnew file mode 100644 index 000000000..aea64ef5e --- /dev/null +++ b/id/server/auth/src/main/webapp/img/egov_schrift.gif diff --git a/id/server/auth/src/main/webapp/img/info.gif b/id/server/auth/src/main/webapp/img/info.gif Binary files differnew file mode 100644 index 000000000..f9e1bb00f --- /dev/null +++ b/id/server/auth/src/main/webapp/img/info.gif diff --git a/id/server/auth/src/main/webapp/img/rufezeichen.gif b/id/server/auth/src/main/webapp/img/rufezeichen.gif Binary files differnew file mode 100644 index 000000000..fbad8d758 --- /dev/null +++ b/id/server/auth/src/main/webapp/img/rufezeichen.gif diff --git a/id/server/auth/src/main/webapp/img/stern.gif b/id/server/auth/src/main/webapp/img/stern.gif Binary files differnew file mode 100644 index 000000000..77c53d1c3 --- /dev/null +++ b/id/server/auth/src/main/webapp/img/stern.gif diff --git a/id/server/auth/src/main/webapp/javascript/fa.js b/id/server/auth/src/main/webapp/javascript/fa.js new file mode 100644 index 000000000..ffa4031b1 --- /dev/null +++ b/id/server/auth/src/main/webapp/javascript/fa.js @@ -0,0 +1,8 @@ +function deactivateApplicant( ) {
+ if ( document.formular.familienname.value != '' )
+ toggleActive( document.formular.familienname, 'deactive' );
+ if ( document.formular.vorname.value != '' )
+ toggleActive( document.formular.vorname, 'deactive' );
+ if ( document.formular.geburtsdatum.value != '' && document.formular.geburtsdatum.value != 'JJJJ-MM-TT' )
+ toggleActive( document.formular.geburtsdatum, 'deactive' );
+}
diff --git a/id/server/auth/src/main/webapp/javascript/formallg.js b/id/server/auth/src/main/webapp/javascript/formallg.js new file mode 100644 index 000000000..65d7bbedf --- /dev/null +++ b/id/server/auth/src/main/webapp/javascript/formallg.js @@ -0,0 +1,315 @@ +/*
+|| Die Funktion displayElement() macht ein verstecktes HTML-Element sichtbar.
+|| Das HTML-Element ist in aller Regel ein mit <div> ... </div> umspannter
+|| HTML-Abschnitt.
+||
+|| IN-Parameter: element_id ... ID des sichtbarzumachenden HTML-Elements
+||
+*/
+
+function displayElement( element_id ) {
+ if ( notNN4( ) )
+ {
+ var elementToDisplay = document.getElementById( element_id );
+ elementToDisplay.className = 'show';
+ }
+}
+
+
+
+/*
+|| Die Funktion hideElement() macht ein HTML-Element unsichtbar.
+|| Das HTML-Element ist in aller Regel ein mit <div> ... </div> umspannter
+|| HTML-Abschnitt.
+||
+|| IN-Parameter: element_id ... ID des zu versteckenden HTML-Elements
+||
+*/
+
+function hideElement( element_id ) {
+ if ( notNN4( ) )
+ {
+ var elementToHide = document.getElementById( element_id );
+ elementToHide.className = 'hide';
+ }
+}
+
+
+
+/*
+|| Die Funktion resetValue() setzt Radiobuttons, Dropdown-Menues und Checkboxes auf ihre
+|| Ausgangswerte (beim Laden des Formulars) zurueck.
+||
+|| IN-Parameter: element ... Radiobutton-, Dropdown- oder Checkbox-Element
+||
+*/
+
+function resetValue( element ) {
+ for ( var i = 0; i < element.length; i++ )
+ {
+ element[i].checked = element[i].defaultChecked;
+ element[i].selected = element[i].defaultSelected;
+ }
+}
+
+
+
+/*
+|| Die Funktion toggleDisplay() invertiert die Sichtbarkeit eines
+|| HTML-Elements.
+|| Das HTML-Element ist in aller Regel ein mit <div> ... </div> umspannter
+|| HTML-Abschnitt.
+||
+|| IN-Parameter: element_id ... ID des zu invertierenden HTML-Elements
+||
+*/
+
+function toggleDisplay( element_id ) {
+ if ( notNN4( ) )
+ {
+ var elementToToggle = document.getElementById( element_id );
+ var elementClass = elementToToggle.className;
+ if ( elementClass == 'hide' )
+ elementToToggle.className = "display";
+ else
+ elementToToggle.className = "hide";
+ }
+}
+
+/*
+|| Die Funktion toggleActive() setzt das Attribut 'readonly' eines
+|| HTML-Eingabeelements.
+||
+|| IN-Parameter: element ... HTML-Eingabeelement
+|| IN-Parameter: status ... entweder 'active' oder 'deactive'
+||
+*/
+
+function toggleActive( element, status ) {
+
+ if ( notNN4( ) )
+ {
+ var elementToToggle = document.getElementById( element.id );
+
+ if ( status == 'active' )
+ {
+ element.readOnly = false;
+ elementToToggle.className = "active";
+ }
+ else
+ {
+ element.readOnly = true;
+ elementToToggle.className = "deactive";
+ }
+ }
+}
+
+
+
+/*
+|| Die Funktion changeActivity() setzt das Attribut 'readonly' eines
+|| HTML-Eingabeelements in Abhaengigkeit des Uebergabeparameters 'value'.
+||
+|| IN-Parameter: value ... Wert eines HTML-Eingabelements
+|| IN-Parameter: element ... HTML-Eingabeelement
+||
+*/
+
+function changeActivity( value, element ) {
+ if ( value == null || value == '' )
+ toggleActive( element, 'active' );
+ else
+ toggleActive( element, 'deactive' );
+}
+
+
+
+/*
+|| Die Funktion pasteValueAndDeactivate() setzt den Wert eines HTML-Eingabeelements
+|| und setzt das Attribut 'readonly', je nachdem ob der uebergebene Wert ungleich
+|| dem Leerstring ist oder nicht.
+||
+|| IN-Parameter: value ... zu setzender Wert
+|| IN-Parameter: element ... HTML-Eingabeelement
+||
+*/
+
+function pasteValueAndDeactivate( value, element ) {
+ if ( notNN4( ) )
+ {
+ var elementToSet = document.getElementById( element.id );
+ elementToSet.value = value;
+ if ( value != null && value != '' )
+ {
+ element.readOnly = true;
+ elementToSet.className = "deactive";
+ }
+ else
+ {
+ element.readOnly = false;
+ elementToSet.className = "active";
+ }
+ }
+}
+
+
+
+/*
+|| Die Funktion popitup() oeffnet im Browser links oben ein Fenster
+|| mit bestimmten Eigenschaften (keine Statuszeile, kein Browsermenue, etc.).
+|| URL und Groesse des Fensters werden als Parameter uebergeben.
+||
+|| IN-Parameter: url ... in dem Fenster zu oeffnende URL
+|| IN-Parameter: win_width ... Breite des zu oeffnenden Fensters
+|| IN-Parameter: win_height ... Hoehe des zu oeffnenden Fensters
+||
+*/
+
+function popitup( url, win_width, win_height ) {
+ var features = "resizable, scrollbars=yes,status=no, menubar=no, toolbar=no, screenX=20, screenY=20, width=" + win_width + ", height=" + win_height;
+ newwindow=window.open( url, 'Info', features );
+ /* die folgende Anweisung verursacht im IE eine Zugriffsverletzung, daher auskommentiert! */
+ // newwindow.moveTo( 20, 20);
+ if ( window.focus )
+ newwindow.focus( );
+}
+
+
+
+/*
+|| Die Funktion initialize() deaktiviert das StyleSheet styles_opera.css (ausser fuer Opera).
+|| Ausserdem werden in Browsern, die JavaScript aktiviert haben, die Icon-Info-Links durch href-Werte ersetzt,
+|| die kein neues Browser-Fenster, sondern ein kleines Fenster oeffnen (s. Funktion javascriptWindows).
+|| Der Parameter url hat entweder den Wert http://www.help.gv.at/formulare/infotexte/ oder
+|| http://e-www.help.gv.at/linkdb/formulare/infotexte/, je nachdem in welcher Umgebung man sich befindet
+*/
+
+function initialize( url ) {
+ if ( notNN4( ) ) {
+ if (document.getElementsByTagName) {
+ if ( document.getElementsByTagName('link').length > 1 )
+ {
+ document.getElementsByTagName('link')[1].disabled = true;
+ javascriptWindows( url );
+ }
+ schattieren( );
+ }
+ }
+}
+
+
+/*
+|| Die Funktion javascriptWindows() ersetzt in den Formularen bei aktiviertem JavaScript
+|| die Links bei den Infobuttons durch window.open-Befehle, so dass diese Infotexte in
+|| einem kleinen Fenster im Browser links oben geoeffnet werden.
+|| Der Parameter url hat entweder den Wert http://www.help.gv.at/formulare/infotexte/ oder
+|| http://e-www.help.gv.at/linkdb/formulare/infotexte/, je nachdem in welcher Umgebung man sich befindet.
+*/
+
+function javascriptWindows( url ) {
+ var aElement,
+ href,
+ newHref,
+ lastIndex;
+ if ( notNN4( ) )
+ {
+ for ( var i = 0; i < document.getElementsByTagName( 'a' ).length; i++ )
+ {
+ aElement = document.getElementsByTagName( 'a' )[i];
+ href = aElement.href;
+ if ( href.indexOf( 'info_' ) != -1 )
+ {
+ lastIndex = href.lastIndexOf( '/' );
+ newHref = href.substring( lastIndex + 1 );
+ newHref = "javascript:popitup('" + url + newHref + "',660,500);";
+ aElement.setAttribute( 'href', newHref );
+ aElement.setAttribute( 'target', '_self' );
+ }
+ }
+ }
+}
+
+/*
+|| Die Funktion submitButton() erzeugt einen Submit-Button, der ein automatisches
+|| Abschicken verhindert, wenn der User in einem Eingabefeld die Return-Taste
+|| betaetigt.
+|| Wurde durch die Funktion generateButton() abgeloest.
+*/
+
+function submitButton( ) {
+ document.writeln('<input type="button" name="JavaScriptButton" value="Senden" class="button" ' +
+ 'onclick="document.formular.Senden.value=\'Senden\'; document.formular.submit()" ' +
+ 'onkeypress="document.formular.Senden.value=\'Senden\'; document.formular.submit()" />');
+}
+
+/*
+|| Die Funktion cancelButton() erzeugt einen Abbrechen-Button, der ein automatisches
+|| Abschicken verhindert, wenn der User in einem Eingabefeld die Return-Taste
+|| betaetigt.
+|| Wurde durch die Funktion generateButton() abgeloest.
+*/
+
+function cancelButton( ) {
+ document.writeln('<input type="button" name="JavaScriptButton" value="Abbrechen" class="button" ' +
+ 'onclick="document.formular.Senden.value=\'Abbrechen\'; document.formular.submit()" ' +
+ 'onkeypress="document.formular.Senden.value=\'Abbrechen\'; document.formular.submit()" />');
+}
+
+/*
+|| Die Funktion generateButton() erzeugt einen Button, der ein automatisches
+|| Abschicken verhindert, wenn der User in einem Eingabefeld die Return-Taste
+|| betaetigt. Die Art des Buttons wird durch den uebergebenen Wert bestimmt.
+|| Moegliche Werte: Senden, Abbrechen, Signieren, etc.
+*/
+
+function generateButton( kind ) {
+
+ document.write('<input type="button" name="JavaScriptButton" value="' + kind + '" class="button" ' +
+ 'onclick="' );
+ if ( kind == 'Druckversion' )
+ document.write( 'document.formular.target=\'_blank\' ;' );
+ else
+ document.write( 'document.formular.target=\'_self\' ; ' );
+ document.write( 'document.formular.Senden.value=\'' + kind + '\'; document.formular.submit()" ' +
+ 'onkeypress="' );
+ if ( kind == 'Druckversion' )
+ document.write( 'document.formular.target=\'_blank\'; ' );
+ else
+ document.write( 'document.formular.target=\'_self\';' );
+ document.writeln( 'document.formular.Senden.value=\'' + kind + '\'; document.formular.submit()" />');
+
+}
+
+/*
+|| Die Funktion NN4 testet, ob es sich bei dem Browser um einen Netscape
+|| Navigator der Version 4 handelt.
+*/
+
+function notNN4( ) {
+ return ( ! document.layers );
+}
+
+/*
+|| Die Funktion schattieren setzt in den Beilagen-Tabellen abwechselnd Farben
+|| Quelle: Andreas Borutta, http://borumat.de/html/tab-schattieren.php
+*/
+
+
+function schattieren () {
+var tabelle=document.getElementsByTagName("table");
+ for(i=0; i<=tabelle.length-1; i++) {
+ var klasse=tabelle[i].className;
+ var pos1=klasse.indexOf("attachmenttable");
+ if (pos1 > -1) {
+ pos1=klasse.indexOf("ab_");
+ if (pos1 > -1 ) var von=parseInt(klasse.substr(pos1+3,2));
+ else var von=3;
+ var pos2=klasse.indexOf("fuss_");
+ if (pos2 > -1 ) var fuss=parseInt(klasse.substr(pos2+5,2));
+ else var fuss=0;
+ var reihe=tabelle[i].getElementsByTagName("tr");
+ for (j=von -1; j<=reihe.length -fuss -1; j=j+2)
+ reihe[j].className="s";
+ } //endIf
+ } //endFor
+} //endFunc
diff --git a/id/server/auth/src/main/resources/resources/wsdl/MOA-ID-1.0.wsdl b/id/server/auth/src/main/wsdl/MOA-ID-1.0.wsdl index 5751b3e58..5751b3e58 100644 --- a/id/server/auth/src/main/resources/resources/wsdl/MOA-ID-1.0.wsdl +++ b/id/server/auth/src/main/wsdl/MOA-ID-1.0.wsdl diff --git a/id/server/auth/src/main/resources/resources/wsdl/MOA-ID-1.x.wsdl b/id/server/auth/src/main/wsdl/MOA-ID-1.x.wsdl index 45152cb38..5466a0b6f 100644 --- a/id/server/auth/src/main/resources/resources/wsdl/MOA-ID-1.x.wsdl +++ b/id/server/auth/src/main/wsdl/MOA-ID-1.x.wsdl @@ -1,6 +1,6 @@ <?xml version="1.0" encoding="UTF-8"?>
<definitions name="MOA" targetNamespace="http://reference.e-government.gv.at/namespace/moa/20020822#" xmlns="http://schemas.xmlsoap.org/wsdl/" xmlns:tns="http://reference.e-government.gv.at/namespace/moa/20020822#" xmlns:soap="http://schemas.xmlsoap.org/wsdl/soap/" xmlns:samlp="urn:oasis:names:tc:SAML:1.0:protocol" xmlns:moa="http://reference.e-government.gv.at/namespace/moa/20020822#" xmlns:xsd="http://www.w3.org/1999/XMLSchema" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:schemaLocation="http://schemas.xmlsoap.org/wsdl/ http://schemas.xmlsoap.org/wsdl/">
- <import namespace="http://reference.e-government.gv.at/namespace/moa/20020822#" location="../resources/schemas/MOA-SPSS-1.2.xsd"/>
+ <import namespace="http://reference.e-government.gv.at/namespace/moa/20020822#" location="MOA-SPSS-1.2.xsd"/>
<message name="GetAuthenticationDataInput">
<part name="body" element="samlp:Request"/>
</message>
diff --git a/id/server/auth/src/main/resources/resources/wsdl/MOA-SPSS-1.2.xsd b/id/server/auth/src/main/wsdl/MOA-SPSS-1.2.xsd index d7a06d6e7..d7a06d6e7 100644 --- a/id/server/auth/src/main/resources/resources/wsdl/MOA-SPSS-1.2.xsd +++ b/id/server/auth/src/main/wsdl/MOA-SPSS-1.2.xsd diff --git a/id/server/component-idlibs.xml b/id/server/component-idlibs.xml new file mode 100644 index 000000000..c967690d5 --- /dev/null +++ b/id/server/component-idlibs.xml @@ -0,0 +1,39 @@ +<component> + <dependencySets> + <dependencySet> + <includes> + <include>iaik.prod:iaik_Pkcs11Wrapper:dll:win32</include> + </includes> + <outputDirectory>/pkcs11/win32</outputDirectory> + <outputFileNameMapping>pkcs11wrapper.${extension}</outputFileNameMapping> + </dependencySet> + <dependencySet> + <includes> + <include>iaik.prod:iaik_Pkcs11Wrapper:so:linux</include> + </includes> + <outputDirectory>/pkcs11/linux</outputDirectory> + <outputFileNameMapping>libpkcs11wrapper.${extension}</outputFileNameMapping> + </dependencySet> + <dependencySet> + <includes> + <include>iaik.prod:iaik_Pkcs11Wrapper:so:solaris_sparc</include> + </includes> + <outputDirectory>/pkcs11/solaris_sparc</outputDirectory> + <outputFileNameMapping>libpkcs11wrapper.${extension}</outputFileNameMapping> + </dependencySet> + <dependencySet> + <includes> + <include>iaik.prod:iaik_Pkcs11Wrapper:so:solaris_sparcv9</include> + </includes> + <outputDirectory>/pkcs11/solaris_sparcv9</outputDirectory> + <outputFileNameMapping>libpkcs11wrapper.${extension}</outputFileNameMapping> + </dependencySet> + <dependencySet> + <includes> + <include>iaik.prod:iaik_Pkcs11Wrapper:dll:wince30arm</include> + </includes> + <outputDirectory>/pkcs11/wince30arm</outputDirectory> + <outputFileNameMapping>pkcs11wrapper.${extension}</outputFileNameMapping> + </dependencySet> + </dependencySets> +</component>
\ No newline at end of file diff --git a/id/server/data/deploy/conf/moa-id/SampleMOAIDConfiguration.xml b/id/server/data/deploy/conf/moa-id/SampleMOAIDConfiguration.xml index 7e22ee05f..0f3f9dbba 100644 --- a/id/server/data/deploy/conf/moa-id/SampleMOAIDConfiguration.xml +++ b/id/server/data/deploy/conf/moa-id/SampleMOAIDConfiguration.xml @@ -1,104 +1,153 @@ <?xml version="1.0" encoding="UTF-8"?> <!-- Beispielkonfiguration fuer MOA-ID ohne Proxy mit Unterstuetzung fuer A-Trust und A1-Signatur --> <MOA-IDConfiguration xmlns="http://www.buergerkarte.at/namespaces/moaconfig#" xmlns:dsig="http://www.w3.org/2000/09/xmldsig#" xmlns:sl10="http://www.buergerkarte.at/namespaces/securitylayer/20020225#" xmlns:sl11="http://www.buergerkarte.at/namespaces/securitylayer/20020831#"> - <!-- Konfiguration fuer MOA-ID-AUTH --> - <AuthComponent> - <!-- URL und akzeptierte TLS-Server-Zertifikate des verwendeten BKU-Auswahl Service --> - <BKUSelection BKUSelectionAlternative="HTMLSelect"> - <ConnectionParameter URL="http://auswahl.buergerkarte.at/htmlcode"> - <!-- <AcceptedServerCertificates>certs/server-certs</AcceptedServerCertificates> --> - </ConnectionParameter> - </BKUSelection> - <!-->Globale Templates zum Anpassen der Seiten "Auswahl der Bürgerkartenumgebung" und - "Anmeldung mit Bürgerkarte"<--> - <!--Templates> - <BKUSelectionTemplate URL="sampleTemplates/SampleBKUSelectionTemplate.html"/> - <Template URL="sampleTemplates/SampleTemplate.html"/> - </Templates--> - <!-- Transformationen fuer die Anzeige des AUTH-Block im Secure Viewer --> - <SecurityLayer> - <!-- TransformInfo in Textform, bevorzugte Variante im xhtml-Format --> - <TransformsInfo filename="transforms/TransformsInfoAuthBlockText.xml"/> - <!-- TransformInfo in Textform, alternative Variante fuer aeltere BKU --> - <TransformsInfo filename="transforms/TransformsInfoAuthBlockText_deprecated.xml"/> - - <!-- TransformInfo in Tabellenform, bevorzugte Variante im xhtml-Format --> - <!-- <TransformsInfo filename="transforms/TransformsInfoAuthBlock.xml"/> --> - <!-- TransformInfo in Tabellenform, alternative Variante fuer aeltere BKU --> - <!-- <TransformsInfo filename="transforms/TransformsInfoAuthBlock_deprecated.xml"/> --> - </SecurityLayer> - <MOA-SP> - <!-- URL und akzeptierte TLS-Server-Zertifikate des MOA-SP Web Service, falls MOA-SP ueber Web Service angesprochen wird. - Wenn MOA-SP direkt ueber API aufgerufen werden soll, so wird das Element auskommentiert --> - <!-- ConnectionParameter URL="http://moa.gv.at/moa-spss-test/services/SignatureVerification"/ --> - <!-- ConnectionParameter URL="http://localhost:8080/moa-spss/services/SignatureVerification"/ --> - <!-- <AcceptedServerCertificates>certs/server-certs</AcceptedServerCertificates> --> - <!-- <ClientKeyStore password="Keystore Pass">file_to_clientkeystore</ClientKeyStore> --> - <!-- </ConnectionParameter> --> - - <!-- TrustProfile fuer den IdentityLink der Buergerkarte (muss in MOA-SP konfiguriert sein) --> - <VerifyIdentityLink> - <TrustProfileID>MOAIDBuergerkartePersonenbindung</TrustProfileID> - </VerifyIdentityLink> - <!-- TrustProfile fuer die Signatur des Benutzers mit der Buergerkarte (muss in MOA-SP konfiguriert sein) --> - <VerifyAuthBlock> - <TrustProfileID>MOAIDBuergerkarteAuthentisierungsDaten</TrustProfileID> + <!-- Konfiguration fuer MOA-ID-AUTH --> + <AuthComponent> + <!-- URL und akzeptierte TLS-Server-Zertifikate des verwendeten BKU-Auswahl Service --> + <BKUSelection BKUSelectionAlternative="HTMLSelect"> + <ConnectionParameter URL="http://auswahl.buergerkarte.at/htmlcode"> + <!-- <AcceptedServerCertificates>certs/server-certs</AcceptedServerCertificates> --> + </ConnectionParameter> + </BKUSelection> + <!-->Globale Templates zum Anpassen der Seiten "Auswahl der Bürgerkartenumgebung" und + "Anmeldung mit Bürgerkarte" sowie des Signaturformulars nach der Abarbeitung der Infobox-Validatoren <--> + <Templates> + <!--BKUSelectionTemplate URL="sampleTemplates/SampleBKUSelectionTemplate.html"/--> + <!--Template URL="sampleTemplates/SampleTemplate.html"/--> + <!--InputProcessorSignTemplate URL="sampleTemplates/SampleInputProcessorSignTemplate.html"/--> + </Templates> + <!-- Transformationen fuer die Anzeige des AUTH-Block im Secure Viewer --> + <SecurityLayer> + <!-- TransformInfo in Textform, bevorzugte Variante im xhtml-Format --> + <TransformsInfo filename="transforms/TransformsInfoAuthBlockText.xml"/> + <!-- TransformInfo in Textform, alternative Variante fuer aeltere BKU --> + <TransformsInfo filename="transforms/TransformsInfoAuthBlockText_deprecated.xml"/> + <!-- TransformInfo in Tabellenform, bevorzugte Variante im xhtml-Format --> + <!-- <TransformsInfo filename="transforms/TransformsInfoAuthBlock.xml"/> --> + <!-- TransformInfo in Tabellenform, alternative Variante fuer aeltere BKU --> + <!-- <TransformsInfo filename="transforms/TransformsInfoAuthBlock_deprecated.xml"/> --> + </SecurityLayer> + <MOA-SP> + <!-- URL und akzeptierte TLS-Server-Zertifikate des MOA-SP Web Service, falls MOA-SP ueber Web Service angesprochen wird. + Wenn MOA-SP direkt ueber API aufgerufen werden soll, so wird das Element auskommentiert --> + <!-- ConnectionParameter URL="http://moa.gv.at/moa-spss-test/services/SignatureVerification"/ --> + <!-- ConnectionParameter URL="http://localhost:8080/moa-spss/services/SignatureVerification"/ --> + <!-- <AcceptedServerCertificates>certs/server-certs</AcceptedServerCertificates> --> + <!-- <ClientKeyStore password="Keystore Pass">file_to_clientkeystore</ClientKeyStore> --> + <!-- </ConnectionParameter> --> + <!-- TrustProfile fuer den IdentityLink der Buergerkarte (muss in MOA-SP konfiguriert sein) --> + <VerifyIdentityLink> + <TrustProfileID>MOAIDBuergerkartePersonenbindung</TrustProfileID> + </VerifyIdentityLink> + <!-- TrustProfile fuer die Signatur des Benutzers mit der Buergerkarte (muss in MOA-SP konfiguriert sein) --> + <VerifyAuthBlock> + <TrustProfileID>MOAIDBuergerkarteAuthentisierungsDaten</TrustProfileID> + <!-- VerifyTransformsInfoProfile mit den Transformationen fuer die Anzeige der Anmeldedaten im Secure Viewer (muss in MOA-SP konfiguriert sein) --> + <VerifyTransformsInfoProfileID>MOAIDTransformAuthBlockText</VerifyTransformsInfoProfileID> + <VerifyTransformsInfoProfileID>MOAIDTransformAuthBlockText_deprecated</VerifyTransformsInfoProfileID> + <!-- <VerifyTransformsInfoProfileID>MOAIDTransformAuthBlock</VerifyTransformsInfoProfileID> --> + <!-- <VerifyTransformsInfoProfileID>MOAIDTransformAuthBlock_deprecated</VerifyTransformsInfoProfileID> --> + <!-->Auskommentieren, falls die in der Beispiel-Onlineapplikation definierte Transformationverwendet wird:<--> + <!--VerifyTransformsInfoProfileID>MOAIDTransformAuthBlock</VerifyTransformsInfoProfileID--> + </VerifyAuthBlock> + </MOA-SP> + + <VerifyInfoboxes> + <Infobox Identifier="Mandates" required="false" provideStammzahl="true" provideIdentityLink="true"> + <FriendlyName>Vollmachten</FriendlyName> + <ApplicationSpecificParameters> + <!-- Kompatibilitaetsmodus: der Vertreter darf sich mit Vollmacht als der Vetretene anmelden --> + <CompatibilityMode>true</CompatibilityMode> + <!-- + <ConnectionParameter URL="http://demo.egiz.gv.at/moavv/services/moavvService"> + <AcceptedServerCertificates>certs/server-certs</AcceptedServerCertificates> + <!- - ClientKeyStore password="Keystore Pass">file_to_clientkeystore</ClientKeyStore - -> + </ConnectionParameter> + <mdp:MandateCheckProfileReference xmlns:mdp="http://reference.e-government.gv.at/namespace/mandateprofile/20041105#" ProfileName="Postvollmacht" ProfileVersion="1"/> + --> + <!-- In der folgenden Zeile kann der Vollmachten Validator deaktiviert werden (berufliche Parteienvertretung bleibt aktiviert, soferne Vertretungen konfiguriert sind)> --> + <EnableInfoboxValidator>false</EnableInfoboxValidator> + <PartyRepresentation> + <!-- Standardklasse, die Daten vervollstaendigt --> + <!-- InputProcessor template="/resources/templates/ParepTemplate.html">at.gv.egovernment.moa.id.auth.validator.parep.ParepInputProcessorImpl</InputProcessor--> + <!-- User-Inputformular immer anzeigen (auch wenn die notwendigen Daten bereits vollstaendig vorausgefuellt vorhanden sind) --> + <!--AlwaysShowForm>true</AlwaysShowForm--> + <!-- Standard-Stammzahlenregister-Gateway --> + <ConnectionParameter URL="https://pathToSZRGateway/szr-gateway/services/MandateCreation"> + <!-- AcceptedServerCertificates>certs/server-certs</AcceptedServerCertificates--> + <ClientKeyStore password="Keystore Pass">file_to_clientkeystore</ClientKeyStore> + </ConnectionParameter> + <!-- Notare --> + <PartyRepresentative oid="1.2.40.0.10.3.1" representPhysicalParty="true" representCorporateParty="true" representationText="berufliche(r) Parteienvertreter(in) mit Notariatseigenschaft"/> + <!-- Rechtsanwaelte --> + <PartyRepresentative oid="1.2.40.0.10.3.2" representPhysicalParty="true" representCorporateParty="true" representationText="berufliche(r) Parteienvertreter(in) mit Rechtsanwaltseigenschaft"/> + <!-- Ziviltechniker --> + <!-- + <PartyRepresentative oid="1.2.40.0.10.3.3" representPhysicalParty="true" representCorporateParty="true" representationText="berufliche(r) Parteienvertreter(in) mit Ziviltechnikerinneneigenschaft)" + <!- - Standardklasse, die Daten vervollstaendigt - -> + <!- - InputProcessor template="/resources/templates/ParepTemplate.html">at.gv.egovernment.moa.id.auth.validator.parep.ParepInputProcessorImpl</InputProcessor- -> + <!- - User-Inputformular immer anzeigen (auch wenn die notwendigen Daten bereits vollstaendig vorausgefuellt vorhanden sind) - -> + <!- - AlwaysShowForm>true</AlwaysShowForm- -> + <!- - Standard-Stammzahlenregister-Gateway - -> + <ConnectionParameter URL="https://129.27.142.5:8443/szr-gateway/services/MandateCreation"> + <!- - AcceptedServerCertificates>certs/server-certs</AcceptedServerCertificates- -> + <ClientKeyStore password="Keystore Pass">file_to_clientkeystore</ClientKeyStore> + </ConnectionParameter> + </PartyRepresentative> + --> + <!-- Organwalter --> + <PartyRepresentative oid="1.2.40.0.10.3.10" representPhysicalParty="true" representCorporateParty="false" representationText="Organwalter"/> + </PartyRepresentation> + </ApplicationSpecificParameters> + </Infobox> + </VerifyInfoboxes> + + </AuthComponent> - <!-- VerifyTransformsInfoProfile mit den Transformationen fuer die Anzeige der Anmeldedaten im Secure Viewer (muss in MOA-SP konfiguriert sein) --> - <VerifyTransformsInfoProfileID>MOAIDTransformAuthBlockText</VerifyTransformsInfoProfileID> - <VerifyTransformsInfoProfileID>MOAIDTransformAuthBlockText_deprecated</VerifyTransformsInfoProfileID> - <!-- <VerifyTransformsInfoProfileID>MOAIDTransformAuthBlock</VerifyTransformsInfoProfileID> --> - <!-- <VerifyTransformsInfoProfileID>MOAIDTransformAuthBlock_deprecated</VerifyTransformsInfoProfileID> --> - <!-->Auskommentieren, falls die in der Beispiel-Onlineapplikation definierte Transformationverwendet wird:<--> - <!--VerifyTransformsInfoProfileID>MOAIDTransformAuthBlock</VerifyTransformsInfoProfileID--> - </VerifyAuthBlock> - </MOA-SP> + <!-- Eintragung fuer jede Online-Applikation --> + <!-- publicURLPrefix referenziert hier keine richtige Online Applikation; muss angepasst werden --> + <OnlineApplication publicURLPrefix="https://localhost:8443/"> + <!-- fuer MOA-ID-AUTH --> + <AuthComponent> + <!-->Lokale Templates zum Anpassen der Seiten "Auswahl der Bürgerkartenumgebung" und + "Anmeldung mit Bürgerkarte" sowie des Signaturformulars nach der Abarbeitung der Infobox-Validatoren + nur für diese Online Applikation<--> + <Templates> + <!--BKUSelectionTemplate URL="sampleTemplates/SampleBKUSelectionTemplate.html"/--> + <!--Template URL="sampleTemplates/SampleTemplate.html"/--> + <!--InputProcessorSignTemplate URL="sampleTemplates/SampleInputProcessorSignTemplate.html"/--> + </Templates> + <!-- Falls aktiviert, werden diese Transformationen anstatt der Default-Transformationen verwendet --> + <!-- TransformInfo in Textform, bevorzugte Variante im xhtml-Format --> + <!-- <TransformsInfo filename="transforms/TransformsInfoAuthBlockText.xml"/> --> + <!-- TransformInfo in Textform, alternative Variante fuer aeltere BKU --> + <!-- <TransformsInfo filename="transforms/TransformsInfoAuthBlockText_deprecated.xml"/> --> + <!-- TransformInfo in Tabellenform, bevorzugte Variante im xhtml-Format --> + <!-- <TransformsInfo filename="transforms/TransformsInfoAuthBlock.xml"/> --> + <!-- TransformInfo in Tabellenform, alternative Variante fuer aeltere BKU --> + <!-- <TransformsInfo filename="transforms/TransformsInfoAuthBlock_deprecated.xml"/> --> + </AuthComponent> + </OnlineApplication> - </AuthComponent> - - <!-- Eintragung fuer jede Online-Applikation --> - <!-- publicURLPrefix referenziert hier keine richtige Online Applikation; muss angepasst werden --> - <OnlineApplication publicURLPrefix="https://localhost:8443/"> - <!-- fuer MOA-ID-AUTH --> - <AuthComponent> - <!-->Lokale Templates zum Anpassen der Seiten "Auswahl der Bürgerkartenumgebung" und - "Anmeldung mit Bürgerkarte" nur für diese Online Applikation<--> - <!--Templates> - <BKUSelectionTemplate URL="sampleTemplates/SampleBKUSelectionTemplate.html"/> - <Template URL="sampleTemplates/SampleTemplate.html"/> - </Templates--> - <!-- Falls aktiviert, werden diese Transformationen anstatt der Default-Transformationen verwendet --> - <!-- TransformInfo in Textform, bevorzugte Variante im xhtml-Format --> - <!-- <TransformsInfo filename="transforms/TransformsInfoAuthBlockText.xml"/> --> - <!-- TransformInfo in Textform, alternative Variante fuer aeltere BKU --> - <!-- <TransformsInfo filename="transforms/TransformsInfoAuthBlockText_deprecated.xml"/> --> - - <!-- TransformInfo in Tabellenform, bevorzugte Variante im xhtml-Format --> - <!-- <TransformsInfo filename="transforms/TransformsInfoAuthBlock.xml"/> --> - <!-- TransformInfo in Tabellenform, alternative Variante fuer aeltere BKU --> - <!-- <TransformsInfo filename="transforms/TransformsInfoAuthBlock_deprecated.xml"/> --> - </AuthComponent> - </OnlineApplication> - - <!-- ChainingModes fuer die Zertifikatspfadueberpruefung der TLS-Zertifikate --> - <ChainingModes systemDefaultMode="pkix"> - </ChainingModes> - - <!-- fuer MOA-ID-AUTH: CA-Zertifikat des Servers MOA-SP, falls dieses Service ueber HTTPS angesprochen wird + <!-- ChainingModes fuer die Zertifikatspfadueberpruefung der TLS-Zertifikate --> + <ChainingModes systemDefaultMode="pkix"> + </ChainingModes> + + <!-- fuer MOA-ID-AUTH: CA-Zertifikat des Servers MOA-SP, falls dieses Service ueber HTTPS angesprochen wird zusaeztlich: CA-Zertifikat aller Online-Applikationen, die ueber HTTPS angesprochen werden --> - <TrustedCACertificates>certs/ca-certs</TrustedCACertificates> - - <!-- Cache-Verzeichnis fuer-Zertifikate --> - <!-- Hinweis: wenn TC in linux oder unix betrieben wird vollstaendigen pfad fuer DirectoryCertStoreParameters.RootDir verwenden --> - <GenericConfiguration name="DirectoryCertStoreParameters.RootDir" value="certs/certstore"/> - <!-- Time-Out fuer die Anmeldung von Beginn bis zum Anlegen der Anmeldedaten, in Sekunden --> - <GenericConfiguration name="AuthenticationSession.TimeOut" value="600"/> - <!-- Time-Out fuer die Anmeldung vom Anlegen bis zum Abholen der Anmeldedaten, in Sekunden --> - <GenericConfiguration name="AuthenticationData.TimeOut" value="120"/> - - <!-- Alternatives Data URL prefix (falls Webserver vorgeschaltet wird) --> - <!--GenericConfiguration name="FrontendServlets.DataURLPrefix" value="https://<your_webserver>/moa-id-auth/"/ --> - <!-- HTTP Verbindung auf Frontend Servlets zulassen / verbieten (falls Webserver vorgeschaltet wird) --> - <!-- GenericConfiguration name="FrontendServlets.EnableHTTPConnection" value="true"/ --> + <TrustedCACertificates>certs/ca-certs</TrustedCACertificates> + + <!-- Cache-Verzeichnis fuer-Zertifikate --> + <!-- Hinweis: wenn TC in linux oder unix betrieben wird vollstaendigen pfad fuer DirectoryCertStoreParameters.RootDir verwenden --> + <GenericConfiguration name="DirectoryCertStoreParameters.RootDir" value="certs/certstore"/> + <!-- Time-Out fuer die Anmeldung von Beginn bis zum Anlegen der Anmeldedaten, in Sekunden --> + <GenericConfiguration name="AuthenticationSession.TimeOut" value="600"/> + <!-- Time-Out fuer die Anmeldung vom Anlegen bis zum Abholen der Anmeldedaten, in Sekunden --> + <GenericConfiguration name="AuthenticationData.TimeOut" value="120"/> + + <!-- Alternatives Data URL prefix (falls Webserver vorgeschaltet wird) --> + <!--GenericConfiguration name="FrontendServlets.DataURLPrefix" value="https://<your_webserver>/moa-id-auth/"/ --> + <!-- HTTP Verbindung auf Frontend Servlets zulassen / verbieten (falls Webserver vorgeschaltet wird) --> + <!-- GenericConfiguration name="FrontendServlets.EnableHTTPConnection" value="true"/ --> </MOA-IDConfiguration> diff --git a/id/server/data/deploy/conf/moa-id/SampleMOAIDConfigurationProxy.xml b/id/server/data/deploy/conf/moa-id/SampleMOAIDConfigurationProxy.xml index 6dab6911a..ab99176dd 100644 --- a/id/server/data/deploy/conf/moa-id/SampleMOAIDConfigurationProxy.xml +++ b/id/server/data/deploy/conf/moa-id/SampleMOAIDConfigurationProxy.xml @@ -1,126 +1,173 @@ <?xml version="1.0" encoding="UTF-8"?> -<!-- Beispielkonfiguration fuer MOA-ID mit Unterstuetzung fuer A-Trust und A1-Signatur - Rudolf Schamberger, Stabsstelle IKT-Strategie des Bundes, Bundeskanzleramt --> +<!-- Beispielkonfiguration fuer MOA-ID mit Unterstuetzung fuer A-Trust und A1-Signatur --> <MOA-IDConfiguration xmlns="http://www.buergerkarte.at/namespaces/moaconfig#" xmlns:dsig="http://www.w3.org/2000/09/xmldsig#" xmlns:sl10="http://www.buergerkarte.at/namespaces/securitylayer/20020225#" xmlns:sl11="http://www.buergerkarte.at/namespaces/securitylayer/20020831#"> - <!-- Konfiguration fuer MOA-ID-AUTH --> - <AuthComponent> - <!-- URL und akzeptierte TLS-Server-Zertifikate des verwendeten BKU-Auswahl Service --> - <BKUSelection BKUSelectionAlternative="HTMLSelect"> - <ConnectionParameter URL="http://auswahl.buergerkarte.at/htmlcode"> - <!-- <AcceptedServerCertificates>certs/server-certs</AcceptedServerCertificates> --> - </ConnectionParameter> - </BKUSelection> - <!-->Globale Templates zum Anpassen der Seiten "Auswahl der Bürgerkartenumgebung" und - "Anmeldung mit Bürgerkarte"<--> - <!--Templates> - <BKUSelectionTemplate URL="sampleTemplates/SampleBKUSelectionTemplate.html"/> - <Template URL="sampleTemplates/SampleTemplate.html"/> - </Templates--> - <!-- Transformationen fuer die Anzeige des AUTH-Block im Secure Viewer --> - <SecurityLayer> - <!-- TransformInfo in Textform, bevorzugte Variante im xhtml-Format --> - <TransformsInfo filename="transforms/TransformsInfoAuthBlockText.xml"/> - <!-- TransformInfo in Textform, alternative Variante fuer aeltere BKU --> - <TransformsInfo filename="transforms/TransformsInfoAuthBlockText_deprecated.xml"/> - - <!-- TransformInfo in Tabellenform, bevorzugte Variante im xhtml-Format --> - <!-- <TransformsInfo filename="transforms/TransformsInfoAuthBlock.xml"/> --> - <!-- TransformInfo in Tabellenform, alternative Variante fuer aeltere BKU --> - <!-- <TransformsInfo filename="transforms/TransformsInfoAuthBlock_deprecated.xml"/> --> - </SecurityLayer> - <MOA-SP> - <!-- URL und akzeptierte TLS-Server-Zertifikate des MOA-SP Web Service, falls MOA-SP ueber Web Service angesprochen wird. - Wenn MOA-SP direkt ueber API aufgerufen werden soll, so wird das Element auskommentiert --> - <!-- ConnectionParameter URL="http://moa.gv.at/moa-spss-test/services/SignatureVerification"/ --> - <!-- ConnectionParameter URL="http://localhost:8080/moa-spss/services/SignatureVerification"/ --> - <!-- <AcceptedServerCertificates>certs/server-certs</AcceptedServerCertificates> --> - <!-- <ClientKeyStore password="Keystore Pass">file_to_clientkeystore</ClientKeyStore> --> - <!-- </ConnectionParameter> --> - - <!-- TrustProfile fuer den IdentityLink der Buergerkarte (muss in MOA-SP konfiguriert sein) --> - <VerifyIdentityLink> - <TrustProfileID>MOAIDBuergerkartePersonenbindung</TrustProfileID> - </VerifyIdentityLink> - <!-- TrustProfile fuer die Signatur des Benutzers mit der Buergerkarte (muss in MOA-SP konfiguriert sein) --> - <VerifyAuthBlock> - <TrustProfileID>MOAIDBuergerkarteAuthentisierungsDaten</TrustProfileID> + <!-- Konfiguration fuer MOA-ID-AUTH --> + <AuthComponent> + <!-- URL und akzeptierte TLS-Server-Zertifikate des verwendeten BKU-Auswahl Service --> + <BKUSelection BKUSelectionAlternative="HTMLSelect"> + <ConnectionParameter URL="http://auswahl.buergerkarte.at/htmlcode"> + <!-- <AcceptedServerCertificates>certs/server-certs</AcceptedServerCertificates> --> + </ConnectionParameter> + </BKUSelection> + <!-->Globale Templates zum Anpassen der Seiten "Auswahl der Bürgerkartenumgebung" und + "Anmeldung mit Bürgerkarte" sowie des Signaturformulars nach der Abarbeitung der Infobox-Validatoren <--> + <Templates> + <!--BKUSelectionTemplate URL="sampleTemplates/SampleBKUSelectionTemplate.html"/--> + <!--Template URL="sampleTemplates/SampleTemplate.html"/--> + <!--InputProcessorSignTemplate URL="sampleTemplates/SampleInputProcessorSignTemplate.html"/--> + </Templates> + <!-- Transformationen fuer die Anzeige des AUTH-Block im Secure Viewer --> + <SecurityLayer> + <!-- TransformInfo in Textform, bevorzugte Variante im xhtml-Format --> + <TransformsInfo filename="transforms/TransformsInfoAuthBlockText.xml"/> + <!-- TransformInfo in Textform, alternative Variante fuer aeltere BKU --> + <TransformsInfo filename="transforms/TransformsInfoAuthBlockText_deprecated.xml"/> + <!-- TransformInfo in Tabellenform, bevorzugte Variante im xhtml-Format --> + <!-- <TransformsInfo filename="transforms/TransformsInfoAuthBlock.xml"/> --> + <!-- TransformInfo in Tabellenform, alternative Variante fuer aeltere BKU --> + <!-- <TransformsInfo filename="transforms/TransformsInfoAuthBlock_deprecated.xml"/> --> + </SecurityLayer> + <MOA-SP> + <!-- URL und akzeptierte TLS-Server-Zertifikate des MOA-SP Web Service, falls MOA-SP ueber Web Service angesprochen wird. + Wenn MOA-SP direkt ueber API aufgerufen werden soll, so wird das Element auskommentiert --> + <!-- ConnectionParameter URL="http://moa.gv.at/moa-spss-test/services/SignatureVerification"/ --> + <!-- ConnectionParameter URL="http://localhost:8080/moa-spss/services/SignatureVerification"/ --> + <!-- <AcceptedServerCertificates>certs/server-certs</AcceptedServerCertificates> --> + <!-- <ClientKeyStore password="Keystore Pass">file_to_clientkeystore</ClientKeyStore> --> + <!-- </ConnectionParameter> --> + <!-- TrustProfile fuer den IdentityLink der Buergerkarte (muss in MOA-SP konfiguriert sein) --> + <VerifyIdentityLink> + <TrustProfileID>MOAIDBuergerkartePersonenbindung</TrustProfileID> + </VerifyIdentityLink> + <!-- TrustProfile fuer die Signatur des Benutzers mit der Buergerkarte (muss in MOA-SP konfiguriert sein) --> + <VerifyAuthBlock> + <TrustProfileID>MOAIDBuergerkarteAuthentisierungsDaten</TrustProfileID> + <!-- VerifyTransformsInfoProfile mit den Transformationen fuer die Anzeige der Anmeldedaten im Secure Viewer (muss in MOA-SP konfiguriert sein) --> + <VerifyTransformsInfoProfileID>MOAIDTransformAuthBlockText</VerifyTransformsInfoProfileID> + <VerifyTransformsInfoProfileID>MOAIDTransformAuthBlockText_deprecated</VerifyTransformsInfoProfileID> + <!-- <VerifyTransformsInfoProfileID>MOAIDTransformAuthBlock</VerifyTransformsInfoProfileID> --> + <!-- <VerifyTransformsInfoProfileID>MOAIDTransformAuthBlock_deprecated</VerifyTransformsInfoProfileID> --> + <!-->Auskommentieren, falls die in der Beispiel-Onlineapplikation definierte Transformationverwendet wird:<--> + <!--VerifyTransformsInfoProfileID>MOAIDTransformAuthBlock</VerifyTransformsInfoProfileID--> + </VerifyAuthBlock> + </MOA-SP> + + <VerifyInfoboxes> + <Infobox Identifier="Mandates" required="false" provideStammzahl="true" provideIdentityLink="true"> + <FriendlyName>Vollmachten</FriendlyName> + <ApplicationSpecificParameters> + <!-- Kompatibilitaetsmodus: der Vertreter darf sich mit Vollmacht als der Vetretene anmelden --> + <CompatibilityMode>true</CompatibilityMode> + <!-- + <ConnectionParameter URL="http://demo.egiz.gv.at/moavv/services/moavvService"> + <AcceptedServerCertificates>certs/server-certs</AcceptedServerCertificates> + <!- - ClientKeyStore password="Keystore Pass">file_to_clientkeystore</ClientKeyStore - -> + </ConnectionParameter> + <mdp:MandateCheckProfileReference xmlns:mdp="http://reference.e-government.gv.at/namespace/mandateprofile/20041105#" ProfileName="Postvollmacht" ProfileVersion="1"/> + --> + <!-- In der folgenden Zeile kann der Vollmachten Validator deaktiviert werden (berufliche Parteienvertretung bleibt aktiviert, soferne Vertretungen konfiguriert sind)> --> + <EnableInfoboxValidator>false</EnableInfoboxValidator> + <PartyRepresentation> + <!-- Standardklasse, die Daten vervollstaendigt --> + <!-- InputProcessor template="/resources/templates/ParepTemplate.html">at.gv.egovernment.moa.id.auth.validator.parep.ParepInputProcessorImpl</InputProcessor--> + <!-- User-Inputformular immer anzeigen (auch wenn die notwendigen Daten bereits vollstaendig vorausgefuellt vorhanden sind) --> + <!--AlwaysShowForm>true</AlwaysShowForm--> + <!-- Standard-Stammzahlenregister-Gateway --> + <ConnectionParameter URL="https://pathToSZRGateway/szr-gateway/services/MandateCreation"> + <!-- AcceptedServerCertificates>certs/server-certs</AcceptedServerCertificates--> + <ClientKeyStore password="Keystore Pass">file_to_clientkeystore</ClientKeyStore> + </ConnectionParameter> + <!-- Notare --> + <PartyRepresentative oid="1.2.40.0.10.3.1" representPhysicalParty="true" representCorporateParty="true" representationText="berufliche(r) Parteienvertreter(in) mit Notariatseigenschaft"/> + <!-- Rechtsanwaelte --> + <PartyRepresentative oid="1.2.40.0.10.3.2" representPhysicalParty="true" representCorporateParty="true" representationText="berufliche(r) Parteienvertreter(in) mit Rechtsanwaltseigenschaft"/> + <!-- Ziviltechniker --> + <!-- + <PartyRepresentative oid="1.2.40.0.10.3.3" representPhysicalParty="true" representCorporateParty="true" representationText="berufliche(r) Parteienvertreter(in) mit Ziviltechnikerinneneigenschaft)" + <!- - Standardklasse, die Daten vervollstaendigt - -> + <!- - InputProcessor template="/resources/templates/ParepTemplate.html">at.gv.egovernment.moa.id.auth.validator.parep.ParepInputProcessorImpl</InputProcessor- -> + <!- - User-Inputformular immer anzeigen (auch wenn die notwendigen Daten bereits vollstaendig vorausgefuellt vorhanden sind) - -> + <!- - AlwaysShowForm>true</AlwaysShowForm- -> + <!- - Standard-Stammzahlenregister-Gateway - -> + <ConnectionParameter URL="https://129.27.142.5:8443/szr-gateway/services/MandateCreation"> + <!- - AcceptedServerCertificates>certs/server-certs</AcceptedServerCertificates- -> + <ClientKeyStore password="Keystore Pass">file_to_clientkeystore</ClientKeyStore> + </ConnectionParameter> + </PartyRepresentative> + --> + <!-- Organwalter --> + <PartyRepresentative oid="1.2.40.0.10.3.10" representPhysicalParty="true" representCorporateParty="false" representationText="Organwalter"/> + </PartyRepresentation> + </ApplicationSpecificParameters> + </Infobox> + </VerifyInfoboxes> + + </AuthComponent> - <!-- VerifyTransformsInfoProfile mit den Transformationen fuer die Anzeige der Anmeldedaten im Secure Viewer (muss in MOA-SP konfiguriert sein) --> - <VerifyTransformsInfoProfileID>MOAIDTransformAuthBlockText</VerifyTransformsInfoProfileID> - <VerifyTransformsInfoProfileID>MOAIDTransformAuthBlockText_deprecated</VerifyTransformsInfoProfileID> - <!-- <VerifyTransformsInfoProfileID>MOAIDTransformAuthBlock</VerifyTransformsInfoProfileID> --> - <!-- <VerifyTransformsInfoProfileID>MOAIDTransformAuthBlock_deprecated</VerifyTransformsInfoProfileID> --> + <!-- Konfiguration fuer MOA-ID-PROXY --> + <ProxyComponent> + <!-- URL und akzeptierte TLS-Server-Zertifikate des MOA-ID-AUTH Web Service --> + <AuthComponent> + <ConnectionParameter URL="http://localhost:8080/moa-id-auth/services/GetAuthenticationData"> + <!-- <AcceptedServerCertificates>certs/server-certs</AcceptedServerCertificates> --> + <!-- <ClientKeyStore password="Keystore Pass">file_to_clientkeystore</ClientKeyStore> --> + </ConnectionParameter> + </AuthComponent> + </ProxyComponent> + + + <!-- Eintragung fuer jede Online-Applikation --> + <!-- Demo Online-Applikation: Zugriff auf www.digitales.oesterreich.gv.at ueber MOA-ID-PROXY --> + <OnlineApplication publicURLPrefix="https://localhost:8443/"> + <!-- fuer MOA-ID-AUTH --> + <AuthComponent> + <!-->Lokale Templates zum Anpassen der Seiten "Auswahl der Bürgerkartenumgebung" und + "Anmeldung mit Bürgerkarte" sowie des Signaturformulars nach der Abarbeitung der Infobox-Validatoren + nur für diese Online Applikation<--> + <Templates> + <!--BKUSelectionTemplate URL="sampleTemplates/SampleBKUSelectionTemplate.html"/--> + <!--Template URL="sampleTemplates/SampleTemplate.html"/--> + <!--InputProcessorSignTemplate URL="sampleTemplates/SampleInputProcessorSignTemplate.html"/--> + </Templates> + <!-- Falls aktiviert, werden diese Transformationen anstatt der Default-Transformationen verwendet --> + <!-- TransformInfo in Textform, bevorzugte Variante im xhtml-Format --> + <!-- <TransformsInfo filename="transforms/TransformsInfoAuthBlockText.xml"/> --> + <!-- TransformInfo in Textform, alternative Variante fuer aeltere BKU --> + <!-- <TransformsInfo filename="transforms/TransformsInfoAuthBlockText_deprecated.xml"/> --> + <!-- TransformInfo in Tabellenform, bevorzugte Variante im xhtml-Format --> + <!-- <TransformsInfo filename="transforms/TransformsInfoAuthBlock.xml"/> --> + <!-- TransformInfo in Tabellenform, alternative Variante fuer aeltere BKU --> + <!-- <TransformsInfo filename="transforms/TransformsInfoAuthBlock_deprecated.xml"/> --> + </AuthComponent> + <!-- fuer MOA-ID-PROXY --> + <ProxyComponent configFileURL="oa/SampleOAConfiguration.xml" sessionTimeOut="600"> + <!-- <ProxyComponent configFileURL="oa/SampleOAConfiguration.xml" sessionTimeOut="600" loginParameterResolverImpl="at.gv.egovernment.moa.id.proxy.DefaultLoginParameterResolver" loginParameterResolverConfiguration="" connectionBuilderImpl="at.gv.egovernment.moa.id.proxy.DefaultConnectionBuilder"> --> + <!-- URL und akzeptierte TLS-Server-Zertifikate der Online-Applikation --> + <ConnectionParameter URL="http://www.digitales.oesterreich.gv.at/"> + <!-- <AcceptedServerCertificates>certs/server-certs</AcceptedServerCertificates> --> + <!-- <ClientKeyStore password="Keystore Pass">file_to_clientkeystore</ClientKeyStore> --> + </ConnectionParameter> + </ProxyComponent> + </OnlineApplication> - <!-->Auskommentieren, falls die in der Beispiel-Onlineapplikation definierte Transformationverwendet wird:<--> - <!--VerifyTransformsInfoProfileID>MOAIDTransformAuthBlock</VerifyTransformsInfoProfileID--> - </VerifyAuthBlock> - </MOA-SP> + <!-- ChainingModes fuer die Zertifikatspfadueberpruefung der TLS-Zertifikate --> + <ChainingModes systemDefaultMode="pkix"> + </ChainingModes> - </AuthComponent> - - <!-- Konfiguration fuer MOA-ID-PROXY --> - <ProxyComponent> - <!-- URL und akzeptierte TLS-Server-Zertifikate des MOA-ID-AUTH Web Service --> - <AuthComponent> - <ConnectionParameter URL="http://localhost:8080/moa-id-auth/services/GetAuthenticationData"> - <!-- <AcceptedServerCertificates>certs/server-certs</AcceptedServerCertificates> --> - <!-- <ClientKeyStore password="Keystore Pass">file_to_clientkeystore</ClientKeyStore> --> - </ConnectionParameter> - </AuthComponent> - </ProxyComponent> - - <!-- Eintragung fuer jede Online-Applikation --> - <!-- Demo Online-Applikation: Zugriff auf www.digitales.oesterreich.gv.at ueber MOA-ID-PROXY --> - <OnlineApplication publicURLPrefix="https://localhost:8443/"> - <!-- fuer MOA-ID-AUTH --> - <AuthComponent> - <!-->Lokale Templates zum Anpassen der Seiten "Auswahl der Bürgerkartenumgebung" und - "Anmeldung mit Bürgerkarte" nur für diese Online Applikation<--> - <!--Templates> - <BKUSelectionTemplate URL="sampleTemplates/SampleBKUSelectionTemplate.html"/> - <Template URL="sampleTemplates/SampleTemplate.html"/> - </Templates--> - <!-- Falls aktiviert, werden diese Transformationen anstatt der Default-Transformationen verwendet --> - <!-- TransformInfo in Textform, bevorzugte Variante im xhtml-Format --> - <!-- <TransformsInfo filename="transforms/TransformsInfoAuthBlockText.xml"/> --> - <!-- TransformInfo in Textform, alternative Variante fuer aeltere BKU --> - <!-- <TransformsInfo filename="transforms/TransformsInfoAuthBlockText_deprecated.xml"/> --> - - <!-- TransformInfo in Tabellenform, bevorzugte Variante im xhtml-Format --> - <!-- <TransformsInfo filename="transforms/TransformsInfoAuthBlock.xml"/> --> - <!-- TransformInfo in Tabellenform, alternative Variante fuer aeltere BKU --> - <!-- <TransformsInfo filename="transforms/TransformsInfoAuthBlock_deprecated.xml"/> --> - </AuthComponent> - <!-- fuer MOA-ID-PROXY --> - <ProxyComponent configFileURL="oa/SampleOAConfiguration.xml" sessionTimeOut="600"> - <!-- <ProxyComponent configFileURL="oa/SampleOAConfiguration.xml" sessionTimeOut="600" loginParameterResolverImpl="at.gv.egovernment.moa.id.proxy.DefaultLoginParameterResolver" loginParameterResolverConfiguration="" connectionBuilderImpl="at.gv.egovernment.moa.id.proxy.DefaultConnectionBuilder"> --> - <!-- URL und akzeptierte TLS-Server-Zertifikate der Online-Applikation --> - <ConnectionParameter URL="http://www.digitales.oesterreich.gv.at/"> - <!-- <AcceptedServerCertificates>certs/server-certs</AcceptedServerCertificates> --> - <!-- <ClientKeyStore password="Keystore Pass">file_to_clientkeystore</ClientKeyStore> --> - </ConnectionParameter> - </ProxyComponent> - </OnlineApplication> - - <!-- ChainingModes fuer die Zertifikatspfadueberpruefung der TLS-Zertifikate --> - <ChainingModes systemDefaultMode="pkix"> - </ChainingModes> - - <!-- fuer MOA-ID-AUTH: CA-Zertifikat des Servers MOA-SP, falls dieses Service ueber HTTPS angesprochen wird - fuer MOA-ID-PROXY: CA-Zertifikat des Servers MOA-ID-AUTH, falls dieses Service ueber HTTPS angesprochen wird + <!-- fuer MOA-ID-AUTH: CA-Zertifikat des Servers MOA-SP, falls dieses Service ueber HTTPS angesprochen wird + fuer MOA-ID-PROXY: CA-Zertifikat des Servers MOA-ID-AUTH, falls dieses Service ueber HTTPS angesprochen wird zusaeztlich: CA-Zertifikat aller Online-Applikationen, die ueber HTTPS angesprochen werden --> - <TrustedCACertificates>certs/ca-certs</TrustedCACertificates> + <TrustedCACertificates>certs/ca-certs</TrustedCACertificates> - <!-- Cache-Verzeichnis fuer-Zertifikate --> - <!-- Hinweis: wenn TC in linux oder unix betrieben wird vollstaendigen pfad fuer DirectoryCertStoreParameters.RootDir verwenden --> - <GenericConfiguration name="DirectoryCertStoreParameters.RootDir" value="certs/certstore"/> - <!-- Time-Out fuer die Anmeldung von Beginn bis zum Anlegen der Anmeldedaten, in Sekunden --> - <GenericConfiguration name="AuthenticationSession.TimeOut" value="600"/> - <!-- Time-Out fuer die Anmeldung vom Anlegen bis zum Abholen der Anmeldedaten, in Sekunden --> - <GenericConfiguration name="AuthenticationData.TimeOut" value="120"/> - - <!-- Alternatives Data URL prefix (falls Webserver vorgeschaltet wird) --> - <!--GenericConfiguration name="FrontendServlets.DataURLPrefix" value="https://<your_webserver>/moa-id-auth/"/ --> - <!-- HTTP Verbindung auf Frontend Servlets zulassen / verbieten (falls Webserver vorgeschaltet wird) --> - <!-- GenericConfiguration name="FrontendServlets.EnableHTTPConnection" value="true"/ --> + <!-- Cache-Verzeichnis fuer-Zertifikate --> + <!-- Hinweis: wenn TC in linux oder unix betrieben wird vollstaendigen pfad fuer DirectoryCertStoreParameters.RootDir verwenden --> + <GenericConfiguration name="DirectoryCertStoreParameters.RootDir" value="certs/certstore"/> + <!-- Time-Out fuer die Anmeldung von Beginn bis zum Anlegen der Anmeldedaten, in Sekunden --> + <GenericConfiguration name="AuthenticationSession.TimeOut" value="600"/> + <!-- Time-Out fuer die Anmeldung vom Anlegen bis zum Abholen der Anmeldedaten, in Sekunden --> + <GenericConfiguration name="AuthenticationData.TimeOut" value="120"/> + <!-- Alternatives Data URL prefix (falls Webserver vorgeschaltet wird) --> + <!--GenericConfiguration name="FrontendServlets.DataURLPrefix" value="https://<your_webserver>/moa-id-auth/"/ --> + <!-- HTTP Verbindung auf Frontend Servlets zulassen / verbieten (falls Webserver vorgeschaltet wird) --> + <!-- GenericConfiguration name="FrontendServlets.EnableHTTPConnection" value="true"/ --> </MOA-IDConfiguration> diff --git a/id/server/data/deploy/conf/moa-id/SampleMOAIDConfiguration_withTestBKs.xml b/id/server/data/deploy/conf/moa-id/SampleMOAIDConfiguration_withTestBKs.xml index f8dd375d1..25485432d 100644 --- a/id/server/data/deploy/conf/moa-id/SampleMOAIDConfiguration_withTestBKs.xml +++ b/id/server/data/deploy/conf/moa-id/SampleMOAIDConfiguration_withTestBKs.xml @@ -1,113 +1,162 @@ <?xml version="1.0" encoding="UTF-8"?> <!-- Beispielkonfiguration fuer MOA-ID ohne Proxy mit Unterstuetzung fuer - A-Trust und A1-Signatur, sowie die Testbuergerkarten a.sign test government und SeLaNext - --> + A-Trust und A1-Signatur, sowie die Testbuergerkarten a.sign test government und SeLaNext +--> <MOA-IDConfiguration xmlns="http://www.buergerkarte.at/namespaces/moaconfig#" xmlns:dsig="http://www.w3.org/2000/09/xmldsig#" xmlns:sl10="http://www.buergerkarte.at/namespaces/securitylayer/20020225#" xmlns:sl11="http://www.buergerkarte.at/namespaces/securitylayer/20020831#"> - <!-- Konfiguration fuer MOA-ID-AUTH --> - <AuthComponent> - <!-- URL und akzeptierte TLS-Server-Zertifikate des verwendeten BKU-Auswahl Service --> - <BKUSelection BKUSelectionAlternative="HTMLSelect"> - <ConnectionParameter URL="http://auswahl.buergerkarte.at/htmlcode"> - <!-- <AcceptedServerCertificates>certs/server-certs</AcceptedServerCertificates> --> - </ConnectionParameter> - </BKUSelection> - <!-->Globale Templates zum Anpassen der Seiten "Auswahl der Bürgerkartenumgebung" und - "Anmeldung mit Bürgerkarte"<--> - <!--Templates> - <BKUSelectionTemplate URL="sampleTemplates/SampleBKUSelectionTemplate.html"/> - <Template URL="sampleTemplates/SampleTemplate.html"/> - </Templates--> - <!-- Transformationen fuer die Anzeige des AUTH-Block im Secure Viewer --> - <SecurityLayer> - <!-- TransformInfo in Textform, bevorzugte Variante im xhtml-Format --> - <TransformsInfo filename="transforms/TransformsInfoAuthBlockText.xml"/> - <!-- TransformInfo in Textform, alternative Variante fuer aeltere BKU --> - <TransformsInfo filename="transforms/TransformsInfoAuthBlockText_deprecated.xml"/> - - <!-- TransformInfo in Tabellenform, bevorzugte Variante im xhtml-Format --> - <!-- <TransformsInfo filename="transforms/TransformsInfoAuthBlock.xml"/> --> - <!-- TransformInfo in Tabellenform, alternative Variante fuer aeltere BKU --> - <!-- <TransformsInfo filename="transforms/TransformsInfoAuthBlock_deprecated.xml"/> --> - </SecurityLayer> - <MOA-SP> - <!-- URL und akzeptierte TLS-Server-Zertifikate des MOA-SP Web Service, falls MOA-SP ueber Web Service angesprochen wird. - Wenn MOA-SP direkt ueber API aufgerufen werden soll, so wird das Element auskommentiert --> - <!-- <ConnectionParameter URL="http://localhost:8080/moa-spss/services/SignatureVerification"> --> - <!-- <AcceptedServerCertificates>certs/server-certs</AcceptedServerCertificates> --> - <!-- <ClientKeyStore password="Keystore Pass">file_to_clientkeystore</ClientKeyStore> --> - <!-- </ConnectionParameter> --> - - <!-- TrustProfile fuer den IdentityLink der Buergerkarte (muss in MOA-SP konfiguriert sein) --> - <VerifyIdentityLink> - <!-- Testkarten (a.sign test government sowie Security Kapsel Neu/SeLaNext ab Version 1.0.3 wird unterstuezt) --> - <TrustProfileID>MOAIDBuergerkartePersonenbindungMitTestkarten</TrustProfileID> - </VerifyIdentityLink> - <!-- TrustProfile fuer die Signatur des Benutzers mit der Buergerkarte (muss in MOA-SP konfiguriert sein) --> - <VerifyAuthBlock> - <!-- Testkarten (a.sign test government sowie Security Kapsel Neu/SeLaNext ab Version 1.0.3 wird unterstuetzt) --> - <TrustProfileID>MOAIDBuergerkarteAuthentisierungsDatenMitTestkarten</TrustProfileID> + <!-- Konfiguration fuer MOA-ID-AUTH --> + <AuthComponent> + <!-- URL und akzeptierte TLS-Server-Zertifikate des verwendeten BKU-Auswahl Service --> + <BKUSelection BKUSelectionAlternative="HTMLSelect"> + <ConnectionParameter URL="http://auswahl.buergerkarte.at/htmlcode"> + <!-- <AcceptedServerCertificates>certs/server-certs</AcceptedServerCertificates> --> + </ConnectionParameter> + </BKUSelection> + <!-->Globale Templates zum Anpassen der Seiten "Auswahl der Bürgerkartenumgebung" und + "Anmeldung mit Bürgerkarte" sowie des Signaturformulars nach der Abarbeitung der Infobox-Validatoren <--> + <Templates> + <!--BKUSelectionTemplate URL="sampleTemplates/SampleBKUSelectionTemplate.html"/--> + <!--Template URL="sampleTemplates/SampleTemplate.html"/--> + <!--InputProcessorSignTemplate URL="sampleTemplates/SampleInputProcessorSignTemplate.html"/--> + </Templates> + <!-- Transformationen fuer die Anzeige des AUTH-Block im Secure Viewer --> + <SecurityLayer> + <!-- TransformInfo in Textform, bevorzugte Variante im xhtml-Format --> + <TransformsInfo filename="transforms/TransformsInfoAuthBlockText.xml"/> + <!-- TransformInfo in Textform, alternative Variante fuer aeltere BKU --> + <TransformsInfo filename="transforms/TransformsInfoAuthBlockText_deprecated.xml"/> + <!-- TransformInfo in Tabellenform, bevorzugte Variante im xhtml-Format --> + <!-- <TransformsInfo filename="transforms/TransformsInfoAuthBlock.xml"/> --> + <!-- TransformInfo in Tabellenform, alternative Variante fuer aeltere BKU --> + <!-- <TransformsInfo filename="transforms/TransformsInfoAuthBlock_deprecated.xml"/> --> + </SecurityLayer> + <MOA-SP> + <!-- URL und akzeptierte TLS-Server-Zertifikate des MOA-SP Web Service, falls MOA-SP ueber Web Service angesprochen wird. + Wenn MOA-SP direkt ueber API aufgerufen werden soll, so wird das Element auskommentiert --> + <!-- <ConnectionParameter URL="http://localhost:8080/moa-spss/services/SignatureVerification"> --> + <!-- <AcceptedServerCertificates>certs/server-certs</AcceptedServerCertificates> --> + <!-- <ClientKeyStore password="Keystore Pass">file_to_clientkeystore</ClientKeyStore> --> + <!-- </ConnectionParameter> --> + <!-- TrustProfile fuer den IdentityLink der Buergerkarte (muss in MOA-SP konfiguriert sein) --> + <VerifyIdentityLink> + <!-- Testkarten (a.sign test government sowie Security Kapsel Neu/SeLaNext ab Version 1.0.3 wird unterstuezt) --> + <TrustProfileID>MOAIDBuergerkartePersonenbindungMitTestkarten</TrustProfileID> + </VerifyIdentityLink> + <!-- TrustProfile fuer die Signatur des Benutzers mit der Buergerkarte (muss in MOA-SP konfiguriert sein) --> + <VerifyAuthBlock> + <!-- Testkarten (a.sign test government sowie Security Kapsel Neu/SeLaNext ab Version 1.0.3 wird unterstuetzt) --> + <TrustProfileID>MOAIDBuergerkarteAuthentisierungsDatenMitTestkarten</TrustProfileID> + <!-- VerifyTransformsInfoProfile mit den Transformationen fuer die Anzeige der Anmeldedaten im Secure Viewer (muss in MOA-SP konfiguriert sein) --> + <VerifyTransformsInfoProfileID>MOAIDTransformAuthBlockText</VerifyTransformsInfoProfileID> + <VerifyTransformsInfoProfileID>MOAIDTransformAuthBlockText_deprecated</VerifyTransformsInfoProfileID> + <!-- <VerifyTransformsInfoProfileID>MOAIDTransformAuthBlock</VerifyTransformsInfoProfileID> --> + <!-- <VerifyTransformsInfoProfileID>MOAIDTransformAuthBlock_deprecated</VerifyTransformsInfoProfileID> --> + <!-->Auskommentieren, falls die in der Beispiel-Onlineapplikation definierte Transformationverwendet wird:<--> + <!--VerifyTransformsInfoProfileID>MOAIDTransformAuthBlock</VerifyTransformsInfoProfileID--> + </VerifyAuthBlock> + </MOA-SP> - <!-- VerifyTransformsInfoProfile mit den Transformationen fuer die Anzeige der Anmeldedaten im Secure Viewer (muss in MOA-SP konfiguriert sein) --> - <VerifyTransformsInfoProfileID>MOAIDTransformAuthBlockText</VerifyTransformsInfoProfileID> - <VerifyTransformsInfoProfileID>MOAIDTransformAuthBlockText_deprecated</VerifyTransformsInfoProfileID> - <!-- <VerifyTransformsInfoProfileID>MOAIDTransformAuthBlock</VerifyTransformsInfoProfileID> --> - <!-- <VerifyTransformsInfoProfileID>MOAIDTransformAuthBlock_deprecated</VerifyTransformsInfoProfileID> --> + <!-- Gueltige Signatoren des IdentityLinks, der von der Buergerkarte gelesen wird --> + <!-- IdentityLinkSigners--> + <!-- Testkarten (a.sign test government sowie Security Kapsel Neu/SeLaNext ab Version 1.0.3 wird unterstuetzt) --> + <!--X509SubjectName>CN=Test Signaturdienst Personenbindung,OU=IKT-Stabsstelle des Bundes,O=Bundeskanzleramt,C=AT</X509SubjectName--> + <!--/IdentityLinkSigners--> - <!-->Auskommentieren, falls die in der Beispiel-Onlineapplikation definierte Transformationverwendet wird:<--> - <!--VerifyTransformsInfoProfileID>MOAIDTransformAuthBlock</VerifyTransformsInfoProfileID--> - </VerifyAuthBlock> - </MOA-SP> + <VerifyInfoboxes> + <Infobox Identifier="Mandates" required="false" provideStammzahl="true" provideIdentityLink="true"> + <FriendlyName>Vollmachten</FriendlyName> + <ApplicationSpecificParameters> + <!-- Kompatibilitaetsmodus: der Vertreter darf sich mit Vollmacht als der Vetretene anmelden --> + <CompatibilityMode>true</CompatibilityMode> + <!-- + <ConnectionParameter URL="http://demo.egiz.gv.at/moavv/services/moavvService"> + <AcceptedServerCertificates>certs/server-certs</AcceptedServerCertificates> + <!- - ClientKeyStore password="Keystore Pass">file_to_clientkeystore</ClientKeyStore - -> + </ConnectionParameter> + <mdp:MandateCheckProfileReference xmlns:mdp="http://reference.e-government.gv.at/namespace/mandateprofile/20041105#" ProfileName="Postvollmacht" ProfileVersion="1"/> + --> + <!-- In der folgenden Zeile kann der Vollmachten Validator deaktiviert werden (berufliche Parteienvertretung bleibt aktiviert, soferne Vertretungen konfiguriert sind)> --> + <EnableInfoboxValidator>false</EnableInfoboxValidator> + <PartyRepresentation> + <!-- Standardklasse, die Daten vervollstaendigt --> + <!-- InputProcessor template="/resources/templates/ParepTemplate.html">at.gv.egovernment.moa.id.auth.validator.parep.ParepInputProcessorImpl</InputProcessor--> + <!-- User-Inputformular immer anzeigen (auch wenn die notwendigen Daten bereits vollstaendig vorausgefuellt vorhanden sind) --> + <!--AlwaysShowForm>true</AlwaysShowForm--> + <!-- Standard-Stammzahlenregister-Gateway --> + <ConnectionParameter URL="https://pathToSZRGateway/szr-gateway/services/MandateCreation"> + <!-- AcceptedServerCertificates>certs/server-certs</AcceptedServerCertificates--> + <ClientKeyStore password="Keystore Pass">file_to_clientkeystore</ClientKeyStore> + </ConnectionParameter> + <!-- Notare --> + <PartyRepresentative oid="1.2.40.0.10.3.1" representPhysicalParty="true" representCorporateParty="true" representationText="berufliche(r) Parteienvertreter(in) mit Notariatseigenschaft"/> + <!-- Rechtsanwaelte --> + <PartyRepresentative oid="1.2.40.0.10.3.2" representPhysicalParty="true" representCorporateParty="true" representationText="berufliche(r) Parteienvertreter(in) mit Rechtsanwaltseigenschaft"/> + <!-- Ziviltechniker --> + <!-- + <PartyRepresentative oid="1.2.40.0.10.3.3" representPhysicalParty="true" representCorporateParty="true" representationText="berufliche(r) Parteienvertreter(in) mit Ziviltechnikerinneneigenschaft)" + <!- - Standardklasse, die Daten vervollstaendigt - -> + <!- - InputProcessor template="/resources/templates/ParepTemplate.html">at.gv.egovernment.moa.id.auth.validator.parep.ParepInputProcessorImpl</InputProcessor- -> + <!- - User-Inputformular immer anzeigen (auch wenn die notwendigen Daten bereits vollstaendig vorausgefuellt vorhanden sind) - -> + <!- - AlwaysShowForm>true</AlwaysShowForm- -> + <!- - Standard-Stammzahlenregister-Gateway - -> + <ConnectionParameter URL="https://129.27.142.5:8443/szr-gateway/services/MandateCreation"> + <!- - AcceptedServerCertificates>certs/server-certs</AcceptedServerCertificates- -> + <ClientKeyStore password="Keystore Pass">file_to_clientkeystore</ClientKeyStore> + </ConnectionParameter> + </PartyRepresentative> + --> + <!-- Organwalter --> + <PartyRepresentative oid="1.2.40.0.10.3.10" representPhysicalParty="true" representCorporateParty="false" representationText="Organwalter"/> + </PartyRepresentation> + </ApplicationSpecificParameters> + </Infobox> + </VerifyInfoboxes> - <!-- Gueltige Signatoren des IdentityLinks, der von der Buergerkarte gelesen wird --> - <!-- IdentityLinkSigners--> - <!-- Testkarten (a.sign test government sowie Security Kapsel Neu/SeLaNext ab Version 1.0.3 wird unterstuetzt) --> - <!--X509SubjectName>CN=Test Signaturdienst Personenbindung,OU=IKT-Stabsstelle des Bundes,O=Bundeskanzleramt,C=AT</X509SubjectName--> - <!--/IdentityLinkSigners--> - </AuthComponent> + </AuthComponent> - <!-- Eintragung fuer jede Online-Applikation --> - <!-- publicURLPrefix referenziert hier keine richtige Online Applikation; muss angepasst werden --> - <OnlineApplication publicURLPrefix="https://localhost:8443/"> - <!-- fuer MOA-ID-AUTH --> - <AuthComponent> - <!-->Lokale Templates zum Anpassen der Seiten "Auswahl der Bürgerkartenumgebung" und - "Anmeldung mit Bürgerkarte" nur für diese Online Applikation<--> - <!--Templates> - <BKUSelectionTemplate URL="sampleTemplates/SampleBKUSelectionTemplate.html"/> - <Template URL="sampleTemplates/SampleTemplate.html"/> - </Templates--> - <!-- Falls aktiviert, werden diese Transformationen anstatt der Default-Transformationen verwendet --> - <!-- TransformInfo in Textform, bevorzugte Variante im xhtml-Format --> - <!-- <TransformsInfo filename="transforms/TransformsInfoAuthBlockText.xml"/> --> - <!-- TransformInfo in Textform, alternative Variante fuer aeltere BKU --> - <!-- <TransformsInfo filename="transforms/TransformsInfoAuthBlockText_deprecated.xml"/> --> - <!-- TransformInfo in Tabellenform, bevorzugte Variante im xhtml-Format --> - <!-- <TransformsInfo filename="transforms/TransformsInfoAuthBlock.xml"/> --> - <!-- TransformInfo in Tabellenform, alternative Variante fuer aeltere BKU --> - <!-- <TransformsInfo filename="transforms/TransformsInfoAuthBlock_deprecated.xml"/> --> - </AuthComponent> - - </OnlineApplication> - - <!-- ChainingModes fuer die Zertifikatspfadueberpruefung der TLS-Zertifikate --> - <ChainingModes systemDefaultMode="pkix"> + <!-- Eintragung fuer jede Online-Applikation --> + <!-- publicURLPrefix referenziert hier keine richtige Online Applikation; muss angepasst werden --> + <OnlineApplication publicURLPrefix="https://localhost:8443/"> + <!-- fuer MOA-ID-AUTH --> + <AuthComponent> + <!-->Lokale Templates zum Anpassen der Seiten "Auswahl der Bürgerkartenumgebung" und + "Anmeldung mit Bürgerkarte" sowie des Signaturformulars nach der Abarbeitung der Infobox-Validatoren + nur für diese Online Applikation<--> + <Templates> + <!--BKUSelectionTemplate URL="sampleTemplates/SampleBKUSelectionTemplate.html"/--> + <!--Template URL="sampleTemplates/SampleTemplate.html"/--> + <!--InputProcessorSignTemplate URL="sampleTemplates/SampleInputProcessorSignTemplate.html"/--> + </Templates> + <!-- Falls aktiviert, werden diese Transformationen anstatt der Default-Transformationen verwendet --> + <!-- TransformInfo in Textform, bevorzugte Variante im xhtml-Format --> + <!-- <TransformsInfo filename="transforms/TransformsInfoAuthBlockText.xml"/> --> + <!-- TransformInfo in Textform, alternative Variante fuer aeltere BKU --> + <!-- <TransformsInfo filename="transforms/TransformsInfoAuthBlockText_deprecated.xml"/> --> + <!-- TransformInfo in Tabellenform, bevorzugte Variante im xhtml-Format --> + <!-- <TransformsInfo filename="transforms/TransformsInfoAuthBlock.xml"/> --> + <!-- TransformInfo in Tabellenform, alternative Variante fuer aeltere BKU --> + <!-- <TransformsInfo filename="transforms/TransformsInfoAuthBlock_deprecated.xml"/> --> + </AuthComponent> + </OnlineApplication> + + <!-- ChainingModes fuer die Zertifikatspfadueberpruefung der TLS-Zertifikate --> + <ChainingModes systemDefaultMode="pkix"> </ChainingModes> - - <!-- fuer MOA-ID-AUTH: CA-Zertifikat des Servers MOA-SP, falls dieses Service ueber HTTPS angesprochen wird + + <!-- fuer MOA-ID-AUTH: CA-Zertifikat des Servers MOA-SP, falls dieses Service ueber HTTPS angesprochen wird zusaeztlich: CA-Zertifikat aller Online-Applikationen, die ueber HTTPS angesprochen werden --> - <TrustedCACertificates>certs/ca-certs</TrustedCACertificates> + <TrustedCACertificates>certs/ca-certs</TrustedCACertificates> + + <!-- Cache-Verzeichnis fuer-Zertifikate --> + <!-- Hinweis: wenn TC in linux oder unix betrieben wird vollstaendigen pfad fuer DirectoryCertStoreParameters.RootDir verwenden --> + <GenericConfiguration name="DirectoryCertStoreParameters.RootDir" value="certs/certstore"/> + <!-- Time-Out fuer die Anmeldung von Beginn bis zum Anlegen der Anmeldedaten, in Sekunden --> + <GenericConfiguration name="AuthenticationSession.TimeOut" value="600"/> + <!-- Time-Out fuer die Anmeldung vom Anlegen bis zum Abholen der Anmeldedaten, in Sekunden --> + <GenericConfiguration name="AuthenticationData.TimeOut" value="120"/> - <!-- Cache-Verzeichnis fuer-Zertifikate --> - <!-- Hinweis: wenn TC in linux oder unix betrieben wird vollstaendigen pfad fuer DirectoryCertStoreParameters.RootDir verwenden --> - <GenericConfiguration name="DirectoryCertStoreParameters.RootDir" value="certs/certstore"/> - <!-- Time-Out fuer die Anmeldung von Beginn bis zum Anlegen der Anmeldedaten, in Sekunden --> - <GenericConfiguration name="AuthenticationSession.TimeOut" value="600"/> - <!-- Time-Out fuer die Anmeldung vom Anlegen bis zum Abholen der Anmeldedaten, in Sekunden --> - <GenericConfiguration name="AuthenticationData.TimeOut" value="120"/> - - <!-- Alternatives Data URL prefix (falls Webserver vorgeschaltet wird) --> - <!--GenericConfiguration name="FrontendServlets.DataURLPrefix" value="https://<your_webserver>/moa-id-auth/"/ --> - <!-- HTTP Verbindung auf Frontend Servlets zulassen / verbieten (falls Webserver vorgeschaltet wird) --> - <!-- GenericConfiguration name="FrontendServlets.EnableHTTPConnection" value="true"/ --> + <!-- Alternatives Data URL prefix (falls Webserver vorgeschaltet wird) --> + <!--GenericConfiguration name="FrontendServlets.DataURLPrefix" value="https://<your_webserver>/moa-id-auth/"/ --> + <!-- HTTP Verbindung auf Frontend Servlets zulassen / verbieten (falls Webserver vorgeschaltet wird) --> + <!-- GenericConfiguration name="FrontendServlets.EnableHTTPConnection" value="true"/ --> </MOA-IDConfiguration> diff --git a/id/server/data/deploy/conf/moa-id/SampleMOAIDConfiguration_withTestBKsProxy.xml b/id/server/data/deploy/conf/moa-id/SampleMOAIDConfiguration_withTestBKsProxy.xml index c60101e8d..05db0b923 100644 --- a/id/server/data/deploy/conf/moa-id/SampleMOAIDConfiguration_withTestBKsProxy.xml +++ b/id/server/data/deploy/conf/moa-id/SampleMOAIDConfiguration_withTestBKsProxy.xml @@ -1,133 +1,182 @@ <?xml version="1.0" encoding="UTF-8"?> <!-- Beispielkonfiguration fuer MOA-ID mit Unterstuetzung fuer - A-Trust und A1-Signatur, sowie die Testbuergerkarten a.sign test government und SeLaNext - Rudolf Schamberger, Stabsstelle IKT-Strategie des Bundes, Bundeskanzleramt --> + A-Trust und A1-Signatur, sowie die Testbuergerkarten a.sign test government und SeLaNext --> <MOA-IDConfiguration xmlns="http://www.buergerkarte.at/namespaces/moaconfig#" xmlns:dsig="http://www.w3.org/2000/09/xmldsig#" xmlns:sl10="http://www.buergerkarte.at/namespaces/securitylayer/20020225#" xmlns:sl11="http://www.buergerkarte.at/namespaces/securitylayer/20020831#"> - <!-- Konfiguration fuer MOA-ID-AUTH --> - <AuthComponent> - <!-- URL und akzeptierte TLS-Server-Zertifikate des verwendeten BKU-Auswahl Service --> - <BKUSelection BKUSelectionAlternative="HTMLSelect"> - <ConnectionParameter URL="http://auswahl.buergerkarte.at/htmlcode"> - <!-- <AcceptedServerCertificates>certs/server-certs</AcceptedServerCertificates> --> - </ConnectionParameter> - </BKUSelection> - <!-->Globale Templates zum Anpassen der Seiten "Auswahl der Bürgerkartenumgebung" und - "Anmeldung mit Bürgerkarte"<--> - <!--Templates> - <BKUSelectionTemplate URL="sampleTemplates/SampleBKUSelectionTemplate.html"/> - <Template URL="sampleTemplates/SampleTemplate.html"/> - </Templates--> - <!-- Transformationen fuer die Anzeige des AUTH-Block im Secure Viewer --> - <SecurityLayer> - <!-- TransformInfo in Textform, bevorzugte Variante im xhtml-Format --> - <TransformsInfo filename="transforms/TransformsInfoAuthBlockText.xml"/> - <!-- TransformInfo in Textform, alternative Variante fuer aeltere BKU --> - <TransformsInfo filename="transforms/TransformsInfoAuthBlockText_deprecated.xml"/> - - <!-- TransformInfo in Tabellenform, bevorzugte Variante im xhtml-Format --> - <!-- <TransformsInfo filename="transforms/TransformsInfoAuthBlock.xml"/> --> - <!-- TransformInfo in Tabellenform, alternative Variante fuer aeltere BKU --> - <!-- <TransformsInfo filename="transforms/TransformsInfoAuthBlock_deprecated.xml"/> --> - </SecurityLayer> - <MOA-SP> - <!-- URL und akzeptierte TLS-Server-Zertifikate des MOA-SP Web Service, falls MOA-SP ueber Web Service angesprochen wird. - Wenn MOA-SP direkt ueber API aufgerufen werden soll, so wird das Element auskommentiert --> - <!-- <ConnectionParameter URL="http://localhost:8080/moa-spss/services/SignatureVerification"> --> - <!-- <AcceptedServerCertificates>certs/server-certs</AcceptedServerCertificates> --> - <!-- <ClientKeyStore password="Keystore Pass">file_to_clientkeystore</ClientKeyStore> --> - <!-- </ConnectionParameter> --> - - <!-- TrustProfile fuer den IdentityLink der Buergerkarte (muss in MOA-SP konfiguriert sein) --> - <VerifyIdentityLink> - <!-- Testkarten (a.sign test government sowie Security Kapsel Neu/SeLaNext ab Version 1.0.3 wird unterstuezt) --> - <TrustProfileID>MOAIDBuergerkartePersonenbindungMitTestkarten</TrustProfileID> - </VerifyIdentityLink> - <!-- TrustProfile fuer die Signatur des Benutzers mit der Buergerkarte (muss in MOA-SP konfiguriert sein) --> - <VerifyAuthBlock> - <!-- Testkarten (a.sign test government sowie Security Kapsel Neu/SeLaNext ab Version 1.0.3 wird unterstuetzt) --> - <TrustProfileID>MOAIDBuergerkarteAuthentisierungsDatenMitTestkarten</TrustProfileID> + <!-- Konfiguration fuer MOA-ID-AUTH --> + <AuthComponent> + <!-- URL und akzeptierte TLS-Server-Zertifikate des verwendeten BKU-Auswahl Service --> + <BKUSelection BKUSelectionAlternative="HTMLSelect"> + <ConnectionParameter URL="http://auswahl.buergerkarte.at/htmlcode"> + <!-- <AcceptedServerCertificates>certs/server-certs</AcceptedServerCertificates> --> + </ConnectionParameter> + </BKUSelection> + <!-->Globale Templates zum Anpassen der Seiten "Auswahl der Bürgerkartenumgebung" und + "Anmeldung mit Bürgerkarte" sowie des Signaturformulars nach der Abarbeitung der Infobox-Validatoren <--> + <Templates> + <!--BKUSelectionTemplate URL="sampleTemplates/SampleBKUSelectionTemplate.html"/--> + <!--Template URL="sampleTemplates/SampleTemplate.html"/--> + <!--InputProcessorSignTemplate URL="sampleTemplates/SampleInputProcessorSignTemplate.html"/--> + </Templates> + <!-- Transformationen fuer die Anzeige des AUTH-Block im Secure Viewer --> + <SecurityLayer> + <!-- TransformInfo in Textform, bevorzugte Variante im xhtml-Format --> + <TransformsInfo filename="transforms/TransformsInfoAuthBlockText.xml"/> + <!-- TransformInfo in Textform, alternative Variante fuer aeltere BKU --> + <TransformsInfo filename="transforms/TransformsInfoAuthBlockText_deprecated.xml"/> + <!-- TransformInfo in Tabellenform, bevorzugte Variante im xhtml-Format --> + <!-- <TransformsInfo filename="transforms/TransformsInfoAuthBlock.xml"/> --> + <!-- TransformInfo in Tabellenform, alternative Variante fuer aeltere BKU --> + <!-- <TransformsInfo filename="transforms/TransformsInfoAuthBlock_deprecated.xml"/> --> + </SecurityLayer> + <MOA-SP> + <!-- URL und akzeptierte TLS-Server-Zertifikate des MOA-SP Web Service, falls MOA-SP ueber Web Service angesprochen wird. + Wenn MOA-SP direkt ueber API aufgerufen werden soll, so wird das Element auskommentiert --> + <!-- <ConnectionParameter URL="http://localhost:8080/moa-spss/services/SignatureVerification"> --> + <!-- <AcceptedServerCertificates>certs/server-certs</AcceptedServerCertificates> --> + <!-- <ClientKeyStore password="Keystore Pass">file_to_clientkeystore</ClientKeyStore> --> + <!-- </ConnectionParameter> --> + <!-- TrustProfile fuer den IdentityLink der Buergerkarte (muss in MOA-SP konfiguriert sein) --> + <VerifyIdentityLink> + <!-- Testkarten (a.sign test government sowie Security Kapsel Neu/SeLaNext ab Version 1.0.3 wird unterstuezt) --> + <TrustProfileID>MOAIDBuergerkartePersonenbindungMitTestkarten</TrustProfileID> + </VerifyIdentityLink> + <!-- TrustProfile fuer die Signatur des Benutzers mit der Buergerkarte (muss in MOA-SP konfiguriert sein) --> + <VerifyAuthBlock> + <!-- Testkarten (a.sign test government sowie Security Kapsel Neu/SeLaNext ab Version 1.0.3 wird unterstuetzt) --> + <TrustProfileID>MOAIDBuergerkarteAuthentisierungsDatenMitTestkarten</TrustProfileID> + <!-- VerifyTransformsInfoProfile mit den Transformationen fuer die Anzeige der Anmeldedaten im Secure Viewer (muss in MOA-SP konfiguriert sein) --> + <VerifyTransformsInfoProfileID>MOAIDTransformAuthBlockText</VerifyTransformsInfoProfileID> + <VerifyTransformsInfoProfileID>MOAIDTransformAuthBlockText_deprecated</VerifyTransformsInfoProfileID> + <!-- <VerifyTransformsInfoProfileID>MOAIDTransformAuthBlock</VerifyTransformsInfoProfileID> --> + <!-- <VerifyTransformsInfoProfileID>MOAIDTransformAuthBlock_deprecated</VerifyTransformsInfoProfileID> --> + <!-->Auskommentieren, falls die in der Beispiel-Onlineapplikation definierte Transformationverwendet wird:<--> + <!--VerifyTransformsInfoProfileID>MOAIDTransformAuthBlock</VerifyTransformsInfoProfileID--> + </VerifyAuthBlock> + </MOA-SP> - <!-- VerifyTransformsInfoProfile mit den Transformationen fuer die Anzeige der Anmeldedaten im Secure Viewer (muss in MOA-SP konfiguriert sein) --> - <VerifyTransformsInfoProfileID>MOAIDTransformAuthBlockText</VerifyTransformsInfoProfileID> - <VerifyTransformsInfoProfileID>MOAIDTransformAuthBlockText_deprecated</VerifyTransformsInfoProfileID> - <!-- <VerifyTransformsInfoProfileID>MOAIDTransformAuthBlock</VerifyTransformsInfoProfileID> --> - <!-- <VerifyTransformsInfoProfileID>MOAIDTransformAuthBlock_deprecated</VerifyTransformsInfoProfileID> --> + <!-- Gueltige Signatoren des IdentityLinks, der von der Buergerkarte gelesen wird --> + <!-- IdentityLinkSigners--> + <!-- Testkarten (a.sign test government sowie Security Kapsel Neu/SeLaNext ab Version 1.0.3 wird unterstuetzt) --> + <!--X509SubjectName>CN=Test Signaturdienst Personenbindung,OU=IKT-Stabsstelle des Bundes,O=Bundeskanzleramt,C=AT</X509SubjectName--> + <!--/IdentityLinkSigners--> - <!-->Auskommentieren, falls die in der Beispiel-Onlineapplikation definierte Transformationverwendet wird:<--> - <!--VerifyTransformsInfoProfileID>MOAIDTransformAuthBlock</VerifyTransformsInfoProfileID--> - </VerifyAuthBlock> - </MOA-SP> + <VerifyInfoboxes> + <Infobox Identifier="Mandates" required="false" provideStammzahl="true" provideIdentityLink="true"> + <FriendlyName>Vollmachten</FriendlyName> + <ApplicationSpecificParameters> + <!-- Kompatibilitaetsmodus: der Vertreter darf sich mit Vollmacht als der Vetretene anmelden --> + <CompatibilityMode>true</CompatibilityMode> + <!-- + <ConnectionParameter URL="http://demo.egiz.gv.at/moavv/services/moavvService"> + <AcceptedServerCertificates>certs/server-certs</AcceptedServerCertificates> + <!- - ClientKeyStore password="Keystore Pass">file_to_clientkeystore</ClientKeyStore - -> + </ConnectionParameter> + <mdp:MandateCheckProfileReference xmlns:mdp="http://reference.e-government.gv.at/namespace/mandateprofile/20041105#" ProfileName="Postvollmacht" ProfileVersion="1"/> + --> + <!-- In der folgenden Zeile kann der Vollmachten Validator deaktiviert werden (berufliche Parteienvertretung bleibt aktiviert, soferne Vertretungen konfiguriert sind)> --> + <EnableInfoboxValidator>false</EnableInfoboxValidator> + <PartyRepresentation> + <!-- Standardklasse, die Daten vervollstaendigt --> + <!-- InputProcessor template="/resources/templates/ParepTemplate.html">at.gv.egovernment.moa.id.auth.validator.parep.ParepInputProcessorImpl</InputProcessor--> + <!-- User-Inputformular immer anzeigen (auch wenn die notwendigen Daten bereits vollstaendig vorausgefuellt vorhanden sind) --> + <!--AlwaysShowForm>true</AlwaysShowForm--> + <!-- Standard-Stammzahlenregister-Gateway --> + <ConnectionParameter URL="https://pathToSZRGateway/szr-gateway/services/MandateCreation"> + <!-- AcceptedServerCertificates>certs/server-certs</AcceptedServerCertificates--> + <ClientKeyStore password="Keystore Pass">file_to_clientkeystore</ClientKeyStore> + </ConnectionParameter> + <!-- Notare --> + <PartyRepresentative oid="1.2.40.0.10.3.1" representPhysicalParty="true" representCorporateParty="true" representationText="berufliche(r) Parteienvertreter(in) mit Notariatseigenschaft"/> + <!-- Rechtsanwaelte --> + <PartyRepresentative oid="1.2.40.0.10.3.2" representPhysicalParty="true" representCorporateParty="true" representationText="berufliche(r) Parteienvertreter(in) mit Rechtsanwaltseigenschaft"/> + <!-- Ziviltechniker --> + <!-- + <PartyRepresentative oid="1.2.40.0.10.3.3" representPhysicalParty="true" representCorporateParty="true" representationText="berufliche(r) Parteienvertreter(in) mit Ziviltechnikerinneneigenschaft)" + <!- - Standardklasse, die Daten vervollstaendigt - -> + <!- - InputProcessor template="/resources/templates/ParepTemplate.html">at.gv.egovernment.moa.id.auth.validator.parep.ParepInputProcessorImpl</InputProcessor- -> + <!- - User-Inputformular immer anzeigen (auch wenn die notwendigen Daten bereits vollstaendig vorausgefuellt vorhanden sind) - -> + <!- - AlwaysShowForm>true</AlwaysShowForm- -> + <!- - Standard-Stammzahlenregister-Gateway - -> + <ConnectionParameter URL="https://129.27.142.5:8443/szr-gateway/services/MandateCreation"> + <!- - AcceptedServerCertificates>certs/server-certs</AcceptedServerCertificates- -> + <ClientKeyStore password="Keystore Pass">file_to_clientkeystore</ClientKeyStore> + </ConnectionParameter> + </PartyRepresentative> + --> + <!-- Organwalter --> + <PartyRepresentative oid="1.2.40.0.10.3.10" representPhysicalParty="true" representCorporateParty="false" representationText="Organwalter"/> + </PartyRepresentation> + </ApplicationSpecificParameters> + </Infobox> + </VerifyInfoboxes> - <!-- Gueltige Signatoren des IdentityLinks, der von der Buergerkarte gelesen wird --> - <!-- IdentityLinkSigners--> - <!-- Testkarten (a.sign test government sowie Security Kapsel Neu/SeLaNext ab Version 1.0.3 wird unterstuetzt) --> - <!--X509SubjectName>CN=Test Signaturdienst Personenbindung,OU=IKT-Stabsstelle des Bundes,O=Bundeskanzleramt,C=AT</X509SubjectName--> - <!--/IdentityLinkSigners--> - </AuthComponent> - - <!-- Konfiguration fuer MOA-ID-PROXY --> - <ProxyComponent> - <!-- URL und akzeptierte TLS-Server-Zertifikate des MOA-ID-AUTH Web Service --> - <AuthComponent> - <ConnectionParameter URL="http://localhost:8080/moa-id-auth/services/GetAuthenticationData"> - <!-- <AcceptedServerCertificates>certs/server-certs</AcceptedServerCertificates> --> - <!-- <ClientKeyStore password="Keystore Pass">file_to_clientkeystore</ClientKeyStore> --> - </ConnectionParameter> - </AuthComponent> - </ProxyComponent> + </AuthComponent> - <!-- Eintragung fuer jede Online-Applikation --> - <!-- Demo Online-Applikation: Zugriff auf www.digitales.oesterreich.gv.at ueber MOA-ID-PROXY --> - <OnlineApplication publicURLPrefix="https://localhost:8443/"> - <!-- fuer MOA-ID-AUTH --> - <AuthComponent> - <!-->Lokale Templates zum Anpassen der Seiten "Auswahl der Bürgerkartenumgebung" und - "Anmeldung mit Bürgerkarte" nur für diese Online Applikation<--> - <!--Templates> - <BKUSelectionTemplate URL="sampleTemplates/SampleBKUSelectionTemplate.html"/> - <Template URL="sampleTemplates/SampleTemplate.html"/> - </Templates--> - <!-- Falls aktiviert, werden diese Transformationen anstatt der Default-Transformationen verwendet --> - <!-- TransformInfo in Textform, bevorzugte Variante im xhtml-Format --> - <!-- <TransformsInfo filename="transforms/TransformsInfoAuthBlockText.xml"/> --> - <!-- TransformInfo in Textform, alternative Variante fuer aeltere BKU --> - <!-- <TransformsInfo filename="transforms/TransformsInfoAuthBlockText_deprecated.xml"/> --> + <!-- Konfiguration fuer MOA-ID-PROXY --> + <ProxyComponent> + <!-- URL und akzeptierte TLS-Server-Zertifikate des MOA-ID-AUTH Web Service --> + <AuthComponent> + <ConnectionParameter URL="http://localhost:8080/moa-id-auth/services/GetAuthenticationData"> + <!-- <AcceptedServerCertificates>certs/server-certs</AcceptedServerCertificates> --> + <!-- <ClientKeyStore password="Keystore Pass">file_to_clientkeystore</ClientKeyStore> --> + </ConnectionParameter> + </AuthComponent> + </ProxyComponent> - <!-- TransformInfo in Tabellenform, bevorzugte Variante im xhtml-Format --> - <!-- <TransformsInfo filename="transforms/TransformsInfoAuthBlock.xml"/> --> - <!-- TransformInfo in Tabellenform, alternative Variante fuer aeltere BKU --> - <!-- <TransformsInfo filename="transforms/TransformsInfoAuthBlock_deprecated.xml"/> --> - </AuthComponent> - <!-- fuer MOA-ID-PROXY --> - <ProxyComponent configFileURL="oa/SampleOAConfiguration.xml" sessionTimeOut="600"> - <!-- <ProxyComponent configFileURL="oa/SampleOAConfiguration.xml" sessionTimeOut="600" loginParameterResolverImpl="at.gv.egovernment.moa.id.proxy.DefaultLoginParameterResolver" loginParameterResolverConfiguration="" connectionBuilderImpl="at.gv.egovernment.moa.id.proxy.DefaultConnectionBuilder"> --> - <!-- URL und akzeptierte TLS-Server-Zertifikate der Online-Applikation --> - <ConnectionParameter URL="http://www.digitales.oesterreich.gv.at/"> - <!-- <AcceptedServerCertificates>certs/server-certs</AcceptedServerCertificates> --> - <!-- <ClientKeyStore password="Keystore Pass">file_to_clientkeystore</ClientKeyStore> --> - </ConnectionParameter> - </ProxyComponent> - </OnlineApplication> - - <!-- ChainingModes fuer die Zertifikatspfadueberpruefung der TLS-Zertifikate --> - <ChainingModes systemDefaultMode="pkix"> - </ChainingModes> - - <!-- fuer MOA-ID-AUTH: CA-Zertifikat des Servers MOA-SP, falls dieses Service ueber HTTPS angesprochen wird - fuer MOA-ID-PROXY: CA-Zertifikat des Servers MOA-ID-AUTH, falls dieses Service ueber HTTPS angesprochen wird + + <!-- Eintragung fuer jede Online-Applikation --> + <!-- Demo Online-Applikation: Zugriff auf www.digitales.oesterreich.gv.at ueber MOA-ID-PROXY --> + <OnlineApplication publicURLPrefix="https://localhost:8443/"> + <!-- fuer MOA-ID-AUTH --> + <AuthComponent> + <!-->Lokale Templates zum Anpassen der Seiten "Auswahl der Bürgerkartenumgebung" und + "Anmeldung mit Bürgerkarte" sowie des Signaturformulars nach der Abarbeitung der Infobox-Validatoren + nur für diese Online Applikation<--> + <Templates> + <!--BKUSelectionTemplate URL="sampleTemplates/SampleBKUSelectionTemplate.html"/--> + <!--Template URL="sampleTemplates/SampleTemplate.html"/--> + <!--InputProcessorSignTemplate URL="sampleTemplates/SampleInputProcessorSignTemplate.html"/--> + </Templates> + <!-- Falls aktiviert, werden diese Transformationen anstatt der Default-Transformationen verwendet --> + <!-- TransformInfo in Textform, bevorzugte Variante im xhtml-Format --> + <!-- <TransformsInfo filename="transforms/TransformsInfoAuthBlockText.xml"/> --> + <!-- TransformInfo in Textform, alternative Variante fuer aeltere BKU --> + <!-- <TransformsInfo filename="transforms/TransformsInfoAuthBlockText_deprecated.xml"/> --> + <!-- TransformInfo in Tabellenform, bevorzugte Variante im xhtml-Format --> + <!-- <TransformsInfo filename="transforms/TransformsInfoAuthBlock.xml"/> --> + <!-- TransformInfo in Tabellenform, alternative Variante fuer aeltere BKU --> + <!-- <TransformsInfo filename="transforms/TransformsInfoAuthBlock_deprecated.xml"/> --> + </AuthComponent> + <!-- fuer MOA-ID-PROXY --> + <ProxyComponent configFileURL="oa/SampleOAConfiguration.xml" sessionTimeOut="600"> + <!-- <ProxyComponent configFileURL="oa/SampleOAConfiguration.xml" sessionTimeOut="600" loginParameterResolverImpl="at.gv.egovernment.moa.id.proxy.DefaultLoginParameterResolver" loginParameterResolverConfiguration="" connectionBuilderImpl="at.gv.egovernment.moa.id.proxy.DefaultConnectionBuilder"> --> + <!-- URL und akzeptierte TLS-Server-Zertifikate der Online-Applikation --> + <ConnectionParameter URL="http://www.digitales.oesterreich.gv.at/"> + <!-- <AcceptedServerCertificates>certs/server-certs</AcceptedServerCertificates> --> + <!-- <ClientKeyStore password="Keystore Pass">file_to_clientkeystore</ClientKeyStore> --> + </ConnectionParameter> + </ProxyComponent> + </OnlineApplication> + + <!-- ChainingModes fuer die Zertifikatspfadueberpruefung der TLS-Zertifikate --> + <ChainingModes systemDefaultMode="pkix"> + </ChainingModes> + + <!-- fuer MOA-ID-AUTH: CA-Zertifikat des Servers MOA-SP, falls dieses Service ueber HTTPS angesprochen wird + fuer MOA-ID-PROXY: CA-Zertifikat des Servers MOA-ID-AUTH, falls dieses Service ueber HTTPS angesprochen wird zusaeztlich: CA-Zertifikat aller Online-Applikationen, die ueber HTTPS angesprochen werden --> - <TrustedCACertificates>certs/ca-certs</TrustedCACertificates> + <TrustedCACertificates>certs/ca-certs</TrustedCACertificates> + + <!-- Cache-Verzeichnis fuer-Zertifikate --> + <!-- Hinweis: wenn TC in linux oder unix betrieben wird vollstaendigen pfad fuer DirectoryCertStoreParameters.RootDir verwenden --> + <GenericConfiguration name="DirectoryCertStoreParameters.RootDir" value="certs/certstore"/> + <!-- Time-Out fuer die Anmeldung von Beginn bis zum Anlegen der Anmeldedaten, in Sekunden --> + <GenericConfiguration name="AuthenticationSession.TimeOut" value="600"/> + <!-- Time-Out fuer die Anmeldung vom Anlegen bis zum Abholen der Anmeldedaten, in Sekunden --> + <GenericConfiguration name="AuthenticationData.TimeOut" value="120"/> - <!-- Cache-Verzeichnis fuer-Zertifikate --> - <!-- Hinweis: wenn TC in linux oder unix betrieben wird vollstaendigen pfad fuer DirectoryCertStoreParameters.RootDir verwenden --> - <GenericConfiguration name="DirectoryCertStoreParameters.RootDir" value="certs/certstore"/> - <!-- Time-Out fuer die Anmeldung von Beginn bis zum Anlegen der Anmeldedaten, in Sekunden --> - <GenericConfiguration name="AuthenticationSession.TimeOut" value="600"/> - <!-- Time-Out fuer die Anmeldung vom Anlegen bis zum Abholen der Anmeldedaten, in Sekunden --> - <GenericConfiguration name="AuthenticationData.TimeOut" value="120"/> - - <!-- Alternatives Data URL prefix (falls Webserver vorgeschaltet wird) --> - <!--GenericConfiguration name="FrontendServlets.DataURLPrefix" value="https://<your_webserver>/moa-id-auth/"/ --> - <!-- HTTP Verbindung auf Frontend Servlets zulassen / verbieten (falls Webserver vorgeschaltet wird) --> - <!-- GenericConfiguration name="FrontendServlets.EnableHTTPConnection" value="true"/ --> + <!-- Alternatives Data URL prefix (falls Webserver vorgeschaltet wird) --> + <!--GenericConfiguration name="FrontendServlets.DataURLPrefix" value="https://<your_webserver>/moa-id-auth/"/ --> + <!-- HTTP Verbindung auf Frontend Servlets zulassen / verbieten (falls Webserver vorgeschaltet wird) --> + <!-- GenericConfiguration name="FrontendServlets.EnableHTTPConnection" value="true"/ --> </MOA-IDConfiguration> diff --git a/id/server/data/deploy/conf/moa-id/SampleMOAWIDConfiguration.xml b/id/server/data/deploy/conf/moa-id/SampleMOAWIDConfiguration.xml index 9dc42ee2e..0b2fc2189 100644 --- a/id/server/data/deploy/conf/moa-id/SampleMOAWIDConfiguration.xml +++ b/id/server/data/deploy/conf/moa-id/SampleMOAWIDConfiguration.xml @@ -1,112 +1,158 @@ <?xml version="1.0" encoding="UTF-8"?> -<!-- Beispielkonfiguration fuer MOA-WID ohne Proxy mit Unterstuetzung fuer A-Trust und A1-Signatur - Rudolf Schamberger, Stabsstelle IKT-Strategie des Bundes, Bundeskanzleramt; - Harald Bratko, IAIK --> +<!-- Beispielkonfiguration fuer MOA-WID ohne Proxy mit Unterstuetzung fuer A-Trust und A1-Signatur --> <MOA-IDConfiguration xmlns="http://www.buergerkarte.at/namespaces/moaconfig#" xmlns:dsig="http://www.w3.org/2000/09/xmldsig#"> - <!-- Konfiguration fuer MOA-ID-AUTH --> - <AuthComponent> - <!-- URL und akzeptierte TLS-Server-Zertifikate des verwendeten BKU-Auswahl Service --> - <BKUSelection BKUSelectionAlternative="HTMLSelect"> - <ConnectionParameter URL="http://auswahl.buergerkarte.at/htmlcode"> - <!-- <AcceptedServerCertificates>certs/server-certs</AcceptedServerCertificates> --> - </ConnectionParameter> - </BKUSelection> - <!-->Globale Templates zum Anpassen der Seiten "Auswahl der Bürgerkartenumgebung" und - "Anmeldung mit Bürgerkarte"<--> - <!--Templates> - <BKUSelectionTemplate URL="sampleTemplates/SampleBKUSelectionTemplate.html"/> - <Template URL="sampleTemplates/SampleTemplate.html"/> - </Templates--> - <!-- Transformationen fuer die Anzeige des AUTH-Block im Secure Viewer --> - <SecurityLayer> - <!-- TransformInfo in Textform, bevorzugte Variante im xhtml-Format --> - <TransformsInfo filename="transforms/TransformsInfoAuthBlockText.xml"/> - <!-- TransformInfo in Textform, alternative Variante fuer aeltere BKU --> - <TransformsInfo filename="transforms/TransformsInfoAuthBlockText_deprecated.xml"/> - - <!-- TransformInfo in Tabellenform, bevorzugte Variante im xhtml-Format --> - <!-- <TransformsInfo filename="transforms/TransformsInfoAuthBlock.xml"/> --> - <!-- TransformInfo in Tabellenform, alternative Variante fuer aeltere BKU --> - <!-- <TransformsInfo filename="transforms/TransformsInfoAuthBlock_deprecated.xml"/> --> - </SecurityLayer> - <MOA-SP> - <!-- URL und akzeptierte TLS-Server-Zertifikate des MOA-SP Web Service, falls MOA-SP ueber Web Service angesprochen wird. - Wenn MOA-SP direkt ueber API aufgerufen werden soll, so wird das Element auskommentiert --> - <!-- ConnectionParameter URL="http://moa.gv.at/moa-spss-test/services/SignatureVerification"/ --> - <!-- ConnectionParameter URL="http://localhost:8080/moa-spss/services/SignatureVerification"/ --> - <!-- <AcceptedServerCertificates>certs/server-certs</AcceptedServerCertificates> --> - <!-- <ClientKeyStore password="Keystore Pass">file_to_clientkeystore</ClientKeyStore> --> - <!-- </ConnectionParameter> --> - - <!-- TrustProfile fuer den IdentityLink der Buergerkarte (muss in MOA-SP konfiguriert sein) --> - <VerifyIdentityLink> - <TrustProfileID>MOAIDBuergerkartePersonenbindung</TrustProfileID> - </VerifyIdentityLink> - <!-- TrustProfile fuer die Signatur des Benutzers mit der Buergerkarte (muss in MOA-SP konfiguriert sein) --> - <VerifyAuthBlock> - <TrustProfileID>MOAIDBuergerkarteAuthentisierungsDaten</TrustProfileID> - - <!-- VerifyTransformsInfoProfile mit den Transformationen fuer die Anzeige der Anmeldedaten im Secure Viewer (muss in MOA-SP konfiguriert sein) --> - <VerifyTransformsInfoProfileID>MOAIDTransformAuthBlockText</VerifyTransformsInfoProfileID> - <VerifyTransformsInfoProfileID>MOAIDTransformAuthBlockText_deprecated</VerifyTransformsInfoProfileID> - <!-- <VerifyTransformsInfoProfileID>MOAIDTransformAuthBlock</VerifyTransformsInfoProfileID> --> - <!-- <VerifyTransformsInfoProfileID>MOAIDTransformAuthBlock_deprecated</VerifyTransformsInfoProfileID> --> - - <!-->Auskommentieren, falls die in der Beispiel-Onlineapplikation definierte Transformationverwendet wird:<--> - <!--VerifyTransformsInfoProfileID>MOAIDTransformAuthBlock</VerifyTransformsInfoProfileID--> - </VerifyAuthBlock> - </MOA-SP> - - </AuthComponent> - - <!-- Eintragung fuer jede Online-Applikation --> - <!-- publicURLPrefix referenziert hier keine richtige Online Applikation; muss angepasst werden --> - <OnlineApplication type="businessService" publicURLPrefix="https://localhost:8443/"> - <!-- fuer MOA-ID-AUTH WID Modus --> - <AuthComponent slVersion="1.2" provideStammzahl="true" provideAUTHBlock="true" provideIdentityLink="false" provideCertificate="true"> - <!-- Spezifikation der Stammzahl des Wirtschaftsunternehmens --> - <IdentificationNumber> - <!-- Beispiel Firmenbuchnummer --> - <pr:Firmenbuchnummer xmlns:pr="http://reference.e-government.gv.at/namespace/persondata/20020228#">468924i</pr:Firmenbuchnummer> - </IdentificationNumber> - <!-->Lokale Templates zum Anpassen der Seiten "Auswahl der Bürgerkartenumgebung" und - "Anmeldung mit Bürgerkarte" nur für diese Online Applikation<--> - <!--Templates> - <BKUSelectionTemplate URL="sampleTemplates/SampleBKUSelectionTemplate.html"/> - <Template URL="sampleTemplates/SampleTemplate.html"/> - </Templates--> - <!-- Falls aktiviert, werden diese Transformationen anstatt der Default-Transformationen verwendet --> - <!-- TransformInfo in Textform, bevorzugte Variante im xhtml-Format --> - <!-- <TransformsInfo filename="transforms/TransformsInfoAuthBlockText.xml"/> --> - <!-- TransformInfo in Textform, alternative Variante fuer aeltere BKU --> - <!-- <TransformsInfo filename="transforms/TransformsInfoAuthBlockText_deprecated.xml"/> --> - - <!-- TransformInfo in Tabellenform, bevorzugte Variante im xhtml-Format --> - <!-- <TransformsInfo filename="transforms/TransformsInfoAuthBlock.xml"/> --> - <!-- TransformInfo in Tabellenform, alternative Variante fuer aeltere BKU --> - <!-- <TransformsInfo filename="transforms/TransformsInfoAuthBlock_deprecated.xml"/> --> - </AuthComponent> - - </OnlineApplication> - - <!-- ChainingModes fuer die Zertifikatspfadueberpruefung der TLS-Zertifikate --> - <ChainingModes systemDefaultMode="pkix"> - </ChainingModes> - - <!-- fuer MOA-ID-AUTH: CA-Zertifikat des Servers MOA-SP, falls dieses Service ueber HTTPS angesprochen wird + <!-- Konfiguration fuer MOA-ID-AUTH --> + <AuthComponent> + <!-- URL und akzeptierte TLS-Server-Zertifikate des verwendeten BKU-Auswahl Service --> + <BKUSelection BKUSelectionAlternative="HTMLSelect"> + <ConnectionParameter URL="http://auswahl.buergerkarte.at/htmlcode"> + <!-- <AcceptedServerCertificates>certs/server-certs</AcceptedServerCertificates> --> + </ConnectionParameter> + </BKUSelection> + <!-->Globale Templates zum Anpassen der Seiten "Auswahl der Bürgerkartenumgebung" und + "Anmeldung mit Bürgerkarte" sowie des Signaturformulars nach der Abarbeitung der Infobox-Validatoren <--> + <Templates> + <!--BKUSelectionTemplate URL="sampleTemplates/SampleBKUSelectionTemplate.html"/--> + <!--Template URL="sampleTemplates/SampleTemplate.html"/--> + <!--InputProcessorSignTemplate URL="sampleTemplates/SampleInputProcessorSignTemplate.html"/--> + </Templates> + <!-- Transformationen fuer die Anzeige des AUTH-Block im Secure Viewer --> + <SecurityLayer> + <!-- TransformInfo in Textform, bevorzugte Variante im xhtml-Format --> + <TransformsInfo filename="transforms/TransformsInfoAuthBlockText.xml"/> + <!-- TransformInfo in Textform, alternative Variante fuer aeltere BKU --> + <TransformsInfo filename="transforms/TransformsInfoAuthBlockText_deprecated.xml"/> + <!-- TransformInfo in Tabellenform, bevorzugte Variante im xhtml-Format --> + <!-- <TransformsInfo filename="transforms/TransformsInfoAuthBlock.xml"/> --> + <!-- TransformInfo in Tabellenform, alternative Variante fuer aeltere BKU --> + <!-- <TransformsInfo filename="transforms/TransformsInfoAuthBlock_deprecated.xml"/> --> + </SecurityLayer> + <MOA-SP> + <!-- URL und akzeptierte TLS-Server-Zertifikate des MOA-SP Web Service, falls MOA-SP ueber Web Service angesprochen wird. + Wenn MOA-SP direkt ueber API aufgerufen werden soll, so wird das Element auskommentiert --> + <!-- ConnectionParameter URL="http://moa.gv.at/moa-spss-test/services/SignatureVerification"/ --> + <!-- ConnectionParameter URL="http://localhost:8080/moa-spss/services/SignatureVerification"/ --> + <!-- <AcceptedServerCertificates>certs/server-certs</AcceptedServerCertificates> --> + <!-- <ClientKeyStore password="Keystore Pass">file_to_clientkeystore</ClientKeyStore> --> + <!-- </ConnectionParameter> --> + <!-- TrustProfile fuer den IdentityLink der Buergerkarte (muss in MOA-SP konfiguriert sein) --> + <VerifyIdentityLink> + <TrustProfileID>MOAIDBuergerkartePersonenbindung</TrustProfileID> + </VerifyIdentityLink> + <!-- TrustProfile fuer die Signatur des Benutzers mit der Buergerkarte (muss in MOA-SP konfiguriert sein) --> + <VerifyAuthBlock> + <TrustProfileID>MOAIDBuergerkarteAuthentisierungsDaten</TrustProfileID> + <!-- VerifyTransformsInfoProfile mit den Transformationen fuer die Anzeige der Anmeldedaten im Secure Viewer (muss in MOA-SP konfiguriert sein) --> + <VerifyTransformsInfoProfileID>MOAIDTransformAuthBlockText</VerifyTransformsInfoProfileID> + <VerifyTransformsInfoProfileID>MOAIDTransformAuthBlockText_deprecated</VerifyTransformsInfoProfileID> + <!-- <VerifyTransformsInfoProfileID>MOAIDTransformAuthBlock</VerifyTransformsInfoProfileID> --> + <!-- <VerifyTransformsInfoProfileID>MOAIDTransformAuthBlock_deprecated</VerifyTransformsInfoProfileID> --> + <!-->Auskommentieren, falls die in der Beispiel-Onlineapplikation definierte Transformationverwendet wird:<--> + <!--VerifyTransformsInfoProfileID>MOAIDTransformAuthBlock</VerifyTransformsInfoProfileID--> + </VerifyAuthBlock> + </MOA-SP> + + <VerifyInfoboxes> + <Infobox Identifier="Mandates" required="false" provideStammzahl="true" provideIdentityLink="true"> + <FriendlyName>Vollmachten</FriendlyName> + <ApplicationSpecificParameters> + <!-- Kompatibilitaetsmodus: der Vertreter darf sich mit Vollmacht als der Vetretene anmelden --> + <CompatibilityMode>true</CompatibilityMode> + <!-- + <ConnectionParameter URL="http://demo.egiz.gv.at/moavv/services/moavvService"> + <AcceptedServerCertificates>certs/server-certs</AcceptedServerCertificates> + <!- - ClientKeyStore password="Keystore Pass">file_to_clientkeystore</ClientKeyStore - -> + </ConnectionParameter> + <mdp:MandateCheckProfileReference xmlns:mdp="http://reference.e-government.gv.at/namespace/mandateprofile/20041105#" ProfileName="Postvollmacht" ProfileVersion="1"/> + --> + <!-- In der folgenden Zeile kann der Vollmachten Validator deaktiviert werden (berufliche Parteienvertretung bleibt aktiviert, soferne Vertretungen konfiguriert sind)> --> + <EnableInfoboxValidator>false</EnableInfoboxValidator> + <PartyRepresentation> + <!-- Standardklasse, die Daten vervollstaendigt --> + <!-- InputProcessor template="/resources/templates/ParepTemplate.html">at.gv.egovernment.moa.id.auth.validator.parep.ParepInputProcessorImpl</InputProcessor--> + <!-- User-Inputformular immer anzeigen (auch wenn die notwendigen Daten bereits vollstaendig vorausgefuellt vorhanden sind) --> + <!--AlwaysShowForm>true</AlwaysShowForm--> + <!-- Standard-Stammzahlenregister-Gateway --> + <ConnectionParameter URL="https://pathToSZRGateway/szr-gateway/services/MandateCreation"> + <!-- AcceptedServerCertificates>certs/server-certs</AcceptedServerCertificates--> + <ClientKeyStore password="Keystore Pass">file_to_clientkeystore</ClientKeyStore> + </ConnectionParameter> + <!-- Notare --> + <PartyRepresentative oid="1.2.40.0.10.3.1" representPhysicalParty="true" representCorporateParty="true" representationText="berufliche(r) Parteienvertreter(in) mit Notariatseigenschaft"/> + <!-- Rechtsanwaelte --> + <PartyRepresentative oid="1.2.40.0.10.3.2" representPhysicalParty="true" representCorporateParty="true" representationText="berufliche(r) Parteienvertreter(in) mit Rechtsanwaltseigenschaft"/> + <!-- Ziviltechniker --> + <!-- + <PartyRepresentative oid="1.2.40.0.10.3.3" representPhysicalParty="true" representCorporateParty="true" representationText="berufliche(r) Parteienvertreter(in) mit Ziviltechnikerinneneigenschaft)" + <!- - Standardklasse, die Daten vervollstaendigt - -> + <!- - InputProcessor template="/resources/templates/ParepTemplate.html">at.gv.egovernment.moa.id.auth.validator.parep.ParepInputProcessorImpl</InputProcessor- -> + <!- - User-Inputformular immer anzeigen (auch wenn die notwendigen Daten bereits vollstaendig vorausgefuellt vorhanden sind) - -> + <!- - AlwaysShowForm>true</AlwaysShowForm- -> + <!- - Standard-Stammzahlenregister-Gateway - -> + <ConnectionParameter URL="https://129.27.142.5:8443/szr-gateway/services/MandateCreation"> + <!- - AcceptedServerCertificates>certs/server-certs</AcceptedServerCertificates- -> + <ClientKeyStore password="Keystore Pass">file_to_clientkeystore</ClientKeyStore> + </ConnectionParameter> + </PartyRepresentative> + --> + <!-- Organwalter --> + <PartyRepresentative oid="1.2.40.0.10.3.10" representPhysicalParty="true" representCorporateParty="false" representationText="Organwalter"/> + </PartyRepresentation> + </ApplicationSpecificParameters> + </Infobox> + </VerifyInfoboxes> + + </AuthComponent> + + + <!-- Eintragung fuer jede Online-Applikation --> + <!-- publicURLPrefix referenziert hier keine richtige Online Applikation; muss angepasst werden --> + <OnlineApplication type="businessService" publicURLPrefix="https://localhost:8443/"> + <!-- fuer MOA-ID-AUTH WID Modus --> + <AuthComponent slVersion="1.2" provideStammzahl="true" provideAUTHBlock="true" provideIdentityLink="false" provideCertificate="true"> + <!-- Spezifikation der Stammzahl des Wirtschaftsunternehmens --> + <IdentificationNumber> + <!-- Beispiel Firmenbuchnummer --> + <pr:Firmenbuchnummer xmlns:pr="http://reference.e-government.gv.at/namespace/persondata/20020228#">468924i</pr:Firmenbuchnummer> + </IdentificationNumber> + <!-->Lokale Templates zum Anpassen der Seiten "Auswahl der Bürgerkartenumgebung" und + "Anmeldung mit Bürgerkarte" sowie des Signaturformulars nach der Abarbeitung der Infobox-Validatoren + nur für diese Online Applikation<--> + <Templates> + <!--BKUSelectionTemplate URL="sampleTemplates/SampleBKUSelectionTemplate.html"/--> + <!--Template URL="sampleTemplates/SampleTemplate.html"/--> + <!--InputProcessorSignTemplate URL="sampleTemplates/SampleInputProcessorSignTemplate.html"/--> + </Templates> + <!-- Falls aktiviert, werden diese Transformationen anstatt der Default-Transformationen verwendet --> + <!-- TransformInfo in Textform, bevorzugte Variante im xhtml-Format --> + <!-- <TransformsInfo filename="transforms/TransformsInfoAuthBlockText.xml"/> --> + <!-- TransformInfo in Textform, alternative Variante fuer aeltere BKU --> + <!-- <TransformsInfo filename="transforms/TransformsInfoAuthBlockText_deprecated.xml"/> --> + <!-- TransformInfo in Tabellenform, bevorzugte Variante im xhtml-Format --> + <!-- <TransformsInfo filename="transforms/TransformsInfoAuthBlock.xml"/> --> + <!-- TransformInfo in Tabellenform, alternative Variante fuer aeltere BKU --> + <!-- <TransformsInfo filename="transforms/TransformsInfoAuthBlock_deprecated.xml"/> --> + </AuthComponent> + </OnlineApplication> + + <!-- ChainingModes fuer die Zertifikatspfadueberpruefung der TLS-Zertifikate --> + <ChainingModes systemDefaultMode="pkix"> + </ChainingModes> + + <!-- fuer MOA-ID-AUTH: CA-Zertifikat des Servers MOA-SP, falls dieses Service ueber HTTPS angesprochen wird zusaeztlich: CA-Zertifikat aller Online-Applikationen, die ueber HTTPS angesprochen werden --> - <TrustedCACertificates>certs/ca-certs</TrustedCACertificates> - - <!-- Cache-Verzeichnis fuer-Zertifikate --> - <!-- Hinweis: wenn TC in linux oder unix betrieben wird vollstaendigen pfad fuer DirectoryCertStoreParameters.RootDir verwenden --> - <GenericConfiguration name="DirectoryCertStoreParameters.RootDir" value="certs/certstore"/> - <!-- Time-Out fuer die Anmeldung von Beginn bis zum Anlegen der Anmeldedaten, in Sekunden --> - <GenericConfiguration name="AuthenticationSession.TimeOut" value="600"/> - <!-- Time-Out fuer die Anmeldung vom Anlegen bis zum Abholen der Anmeldedaten, in Sekunden --> - <GenericConfiguration name="AuthenticationData.TimeOut" value="120"/> - - <!-- Alternatives Data URL prefix (falls Webserver vorgeschaltet wird) --> - <!--GenericConfiguration name="FrontendServlets.DataURLPrefix" value="https://<your_webserver>/moa-id-auth/"/ --> - <!-- HTTP Verbindung auf Frontend Servlets zulassen / verbieten (falls Webserver vorgeschaltet wird) --> - <!-- GenericConfiguration name="FrontendServlets.EnableHTTPConnection" value="true"/ --> + <TrustedCACertificates>certs/ca-certs</TrustedCACertificates> + + <!-- Cache-Verzeichnis fuer-Zertifikate --> + <!-- Hinweis: wenn TC in linux oder unix betrieben wird vollstaendigen pfad fuer DirectoryCertStoreParameters.RootDir verwenden --> + <GenericConfiguration name="DirectoryCertStoreParameters.RootDir" value="certs/certstore"/> + <!-- Time-Out fuer die Anmeldung von Beginn bis zum Anlegen der Anmeldedaten, in Sekunden --> + <GenericConfiguration name="AuthenticationSession.TimeOut" value="600"/> + <!-- Time-Out fuer die Anmeldung vom Anlegen bis zum Abholen der Anmeldedaten, in Sekunden --> + <GenericConfiguration name="AuthenticationData.TimeOut" value="120"/> + + <!-- Alternatives Data URL prefix (falls Webserver vorgeschaltet wird) --> + <!--GenericConfiguration name="FrontendServlets.DataURLPrefix" value="https://<your_webserver>/moa-id-auth/"/ --> + <!-- HTTP Verbindung auf Frontend Servlets zulassen / verbieten (falls Webserver vorgeschaltet wird) --> + <!-- GenericConfiguration name="FrontendServlets.EnableHTTPConnection" value="true"/ --> </MOA-IDConfiguration> diff --git a/id/server/data/deploy/conf/moa-id/SampleMOAWIDConfigurationProxy.xml b/id/server/data/deploy/conf/moa-id/SampleMOAWIDConfigurationProxy.xml index e92678b27..8643998d5 100644 --- a/id/server/data/deploy/conf/moa-id/SampleMOAWIDConfigurationProxy.xml +++ b/id/server/data/deploy/conf/moa-id/SampleMOAWIDConfigurationProxy.xml @@ -1,134 +1,179 @@ <?xml version="1.0" encoding="UTF-8"?> -<!-- Beispielkonfiguration fuer MOA-WID mit Unterstuetzung fuer A-Trust und A1-Signatur - Rudolf Schamberger, Stabsstelle IKT-Strategie des Bundes, Bundeskanzleramt; - Harald Bratko, IAIK --> +<!-- Beispielkonfiguration fuer MOA-WID mit Unterstuetzung fuer A-Trust und A1-Signatur --> <MOA-IDConfiguration xmlns="http://www.buergerkarte.at/namespaces/moaconfig#" xmlns:dsig="http://www.w3.org/2000/09/xmldsig#"> - <!-- Konfiguration fuer MOA-ID-AUTH --> - <AuthComponent> - <!-- URL und akzeptierte TLS-Server-Zertifikate des verwendeten BKU-Auswahl Service --> - <BKUSelection BKUSelectionAlternative="HTMLSelect"> - <ConnectionParameter URL="http://auswahl.buergerkarte.at/htmlcode"> - <!-- <AcceptedServerCertificates>certs/server-certs</AcceptedServerCertificates> --> - </ConnectionParameter> - </BKUSelection> - <!-->Globale Templates zum Anpassen der Seiten "Auswahl der Bürgerkartenumgebung" und - "Anmeldung mit Bürgerkarte"<--> - <!--Templates> - <BKUSelectionTemplate URL="sampleTemplates/SampleBKUSelectionTemplate.html"/> - <Template URL="sampleTemplates/SampleTemplate.html"/> - </Templates--> - <!-- Transformationen fuer die Anzeige des AUTH-Block im Secure Viewer --> - <SecurityLayer> - <!-- TransformInfo in Textform, bevorzugte Variante im xhtml-Format --> - <TransformsInfo filename="transforms/TransformsInfoAuthBlockText.xml"/> - <!-- TransformInfo in Textform, alternative Variante fuer aeltere BKU --> - <TransformsInfo filename="transforms/TransformsInfoAuthBlockText_deprecated.xml"/> - - <!-- TransformInfo in Tabellenform, bevorzugte Variante im xhtml-Format --> - <!-- <TransformsInfo filename="transforms/TransformsInfoAuthBlock.xml"/> --> - <!-- TransformInfo in Tabellenform, alternative Variante fuer aeltere BKU --> - <!-- <TransformsInfo filename="transforms/TransformsInfoAuthBlock_deprecated.xml"/> --> - </SecurityLayer> - <MOA-SP> - <!-- URL und akzeptierte TLS-Server-Zertifikate des MOA-SP Web Service, falls MOA-SP ueber Web Service angesprochen wird. - Wenn MOA-SP direkt ueber API aufgerufen werden soll, so wird das Element auskommentiert --> - <!-- ConnectionParameter URL="http://moa.gv.at/moa-spss-test/services/SignatureVerification"/ --> - <!-- ConnectionParameter URL="http://localhost:8080/moa-spss/services/SignatureVerification"/ --> - <!-- <AcceptedServerCertificates>certs/server-certs</AcceptedServerCertificates> --> - <!-- <ClientKeyStore password="Keystore Pass">file_to_clientkeystore</ClientKeyStore> --> - <!-- </ConnectionParameter> --> - - <!-- TrustProfile fuer den IdentityLink der Buergerkarte (muss in MOA-SP konfiguriert sein) --> - <VerifyIdentityLink> - <TrustProfileID>MOAIDBuergerkartePersonenbindung</TrustProfileID> - </VerifyIdentityLink> - <!-- TrustProfile fuer die Signatur des Benutzers mit der Buergerkarte (muss in MOA-SP konfiguriert sein) --> - <VerifyAuthBlock> - <TrustProfileID>MOAIDBuergerkarteAuthentisierungsDaten</TrustProfileID> - - <!-- VerifyTransformsInfoProfile mit den Transformationen fuer die Anzeige der Anmeldedaten im Secure Viewer (muss in MOA-SP konfiguriert sein) --> - <VerifyTransformsInfoProfileID>MOAIDTransformAuthBlockText</VerifyTransformsInfoProfileID> - <VerifyTransformsInfoProfileID>MOAIDTransformAuthBlockText_deprecated</VerifyTransformsInfoProfileID> - <!-- <VerifyTransformsInfoProfileID>MOAIDTransformAuthBlock</VerifyTransformsInfoProfileID> --> - <!-- <VerifyTransformsInfoProfileID>MOAIDTransformAuthBlock_deprecated</VerifyTransformsInfoProfileID> --> - - <!-->Auskommentieren, falls die in der Beispiel-Onlineapplikation definierte Transformationverwendet wird:<--> - <!--VerifyTransformsInfoProfileID>MOAIDTransformAuthBlock</VerifyTransformsInfoProfileID--> - </VerifyAuthBlock> - </MOA-SP> - - </AuthComponent> - - <!-- Konfiguration fuer MOA-ID-PROXY --> - <ProxyComponent> - <!-- URL und akzeptierte TLS-Server-Zertifikate des MOA-ID-AUTH Web Service --> - <AuthComponent> - <ConnectionParameter URL="http://localhost:8080/moa-id-auth/services/GetAuthenticationData"> - <!-- <AcceptedServerCertificates>certs/server-certs</AcceptedServerCertificates> --> - <!-- <ClientKeyStore password="Keystore Pass">file_to_clientkeystore</ClientKeyStore> --> - </ConnectionParameter> - </AuthComponent> - </ProxyComponent> - - - <!-- Eintragung fuer jede Online-Applikation --> - <!-- Demo Online-Applikation fuer MOA-WID: Zugriff auf www.digitales.oesterreich.gv.at ueber MOA-ID-PROXY --> - <OnlineApplication type="businessService" publicURLPrefix="https://localhost:8443/"> - <!-- fuer MOA-ID-AUTH WID Modus --> - <AuthComponent slVersion="1.2" provideStammzahl="true" provideAUTHBlock="true" provideIdentityLink="false" provideCertificate="true"> - <!-- Spezifikation der Stammzahl des Wirtschaftsunternehmens --> - <IdentificationNumber> - <!-- Beispiel Firmenbuchnummer --> - <pr:Firmenbuchnummer xmlns:pr="http://reference.e-government.gv.at/namespace/persondata/20020228#">468924i</pr:Firmenbuchnummer> - </IdentificationNumber> - <!-->Lokale Templates zum Anpassen der Seiten "Auswahl der Bürgerkartenumgebung" und - "Anmeldung mit Bürgerkarte" nur für diese Online Applikation<--> - <!--Templates> - <BKUSelectionTemplate URL="sampleTemplates/SampleBKUSelectionTemplate.html"/> - <Template URL="sampleTemplates/SampleTemplate.html"/> - </Templates--> - <!-- Falls aktiviert, werden diese Transformationen anstatt der Default-Transformationen verwendet --> - <!-- TransformInfo in Textform, bevorzugte Variante im xhtml-Format --> - <!-- <TransformsInfo filename="transforms/TransformsInfoAuthBlockText.xml"/> --> - <!-- TransformInfo in Textform, alternative Variante fuer aeltere BKU --> - <!-- <TransformsInfo filename="transforms/TransformsInfoAuthBlockText_deprecated.xml"/> --> - - <!-- TransformInfo in Tabellenform, bevorzugte Variante im xhtml-Format --> - <!-- <TransformsInfo filename="transforms/TransformsInfoAuthBlock.xml"/> --> - <!-- TransformInfo in Tabellenform, alternative Variante fuer aeltere BKU --> - <!-- <TransformsInfo filename="transforms/TransformsInfoAuthBlock_deprecated.xml"/> --> - </AuthComponent> - - <!-- fuer MOA-ID-PROXY --> - <ProxyComponent configFileURL="oa/SampleOAConfiguration.xml" sessionTimeOut="600"> - <!-- <ProxyComponent configFileURL="oa/SampleOAConfiguration.xml" sessionTimeOut="600" loginParameterResolverImpl="at.gv.egovernment.moa.id.proxy.DefaultLoginParameterResolver" loginParameterResolverConfiguration="" connectionBuilderImpl="at.gv.egovernment.moa.id.proxy.DefaultConnectionBuilder"> --> - <!-- URL und akzeptierte TLS-Server-Zertifikate der Online-Applikation --> - <ConnectionParameter URL="http://www.digitales.oesterreich.gv.at/"> - <!-- <AcceptedServerCertificates>certs/server-certs</AcceptedServerCertificates> --> - <!-- <ClientKeyStore password="Keystore Pass">file_to_clientkeystore</ClientKeyStore> --> - </ConnectionParameter> - </ProxyComponent> - </OnlineApplication> - - <!-- ChainingModes fuer die Zertifikatspfadueberpruefung der TLS-Zertifikate --> - <ChainingModes systemDefaultMode="pkix"> - </ChainingModes> - - <!-- fuer MOA-ID-AUTH: CA-Zertifikat des Servers MOA-SP, falls dieses Service ueber HTTPS angesprochen wird - fuer MOA-ID-PROXY: CA-Zertifikat des Servers MOA-ID-AUTH, falls dieses Service ueber HTTPS angesprochen wird + <!-- Konfiguration fuer MOA-ID-AUTH --> + <AuthComponent> + <!-- URL und akzeptierte TLS-Server-Zertifikate des verwendeten BKU-Auswahl Service --> + <BKUSelection BKUSelectionAlternative="HTMLSelect"> + <ConnectionParameter URL="http://auswahl.buergerkarte.at/htmlcode"> + <!-- <AcceptedServerCertificates>certs/server-certs</AcceptedServerCertificates> --> + </ConnectionParameter> + </BKUSelection> + <!-->Globale Templates zum Anpassen der Seiten "Auswahl der Bürgerkartenumgebung" und + "Anmeldung mit Bürgerkarte" sowie des Signaturformulars nach der Abarbeitung der Infobox-Validatoren <--> + <Templates> + <!--BKUSelectionTemplate URL="sampleTemplates/SampleBKUSelectionTemplate.html"/--> + <!--Template URL="sampleTemplates/SampleTemplate.html"/--> + <!--InputProcessorSignTemplate URL="sampleTemplates/SampleInputProcessorSignTemplate.html"/--> + </Templates> + <!-- Transformationen fuer die Anzeige des AUTH-Block im Secure Viewer --> + <SecurityLayer> + <!-- TransformInfo in Textform, bevorzugte Variante im xhtml-Format --> + <TransformsInfo filename="transforms/TransformsInfoAuthBlockText.xml"/> + <!-- TransformInfo in Textform, alternative Variante fuer aeltere BKU --> + <TransformsInfo filename="transforms/TransformsInfoAuthBlockText_deprecated.xml"/> + <!-- TransformInfo in Tabellenform, bevorzugte Variante im xhtml-Format --> + <!-- <TransformsInfo filename="transforms/TransformsInfoAuthBlock.xml"/> --> + <!-- TransformInfo in Tabellenform, alternative Variante fuer aeltere BKU --> + <!-- <TransformsInfo filename="transforms/TransformsInfoAuthBlock_deprecated.xml"/> --> + </SecurityLayer> + <MOA-SP> + <!-- URL und akzeptierte TLS-Server-Zertifikate des MOA-SP Web Service, falls MOA-SP ueber Web Service angesprochen wird. + Wenn MOA-SP direkt ueber API aufgerufen werden soll, so wird das Element auskommentiert --> + <!-- ConnectionParameter URL="http://moa.gv.at/moa-spss-test/services/SignatureVerification"/ --> + <!-- ConnectionParameter URL="http://localhost:8080/moa-spss/services/SignatureVerification"/ --> + <!-- <AcceptedServerCertificates>certs/server-certs</AcceptedServerCertificates> --> + <!-- <ClientKeyStore password="Keystore Pass">file_to_clientkeystore</ClientKeyStore> --> + <!-- </ConnectionParameter> --> + <!-- TrustProfile fuer den IdentityLink der Buergerkarte (muss in MOA-SP konfiguriert sein) --> + <VerifyIdentityLink> + <TrustProfileID>MOAIDBuergerkartePersonenbindung</TrustProfileID> + </VerifyIdentityLink> + <!-- TrustProfile fuer die Signatur des Benutzers mit der Buergerkarte (muss in MOA-SP konfiguriert sein) --> + <VerifyAuthBlock> + <TrustProfileID>MOAIDBuergerkarteAuthentisierungsDaten</TrustProfileID> + <!-- VerifyTransformsInfoProfile mit den Transformationen fuer die Anzeige der Anmeldedaten im Secure Viewer (muss in MOA-SP konfiguriert sein) --> + <VerifyTransformsInfoProfileID>MOAIDTransformAuthBlockText</VerifyTransformsInfoProfileID> + <VerifyTransformsInfoProfileID>MOAIDTransformAuthBlockText_deprecated</VerifyTransformsInfoProfileID> + <!-- <VerifyTransformsInfoProfileID>MOAIDTransformAuthBlock</VerifyTransformsInfoProfileID> --> + <!-- <VerifyTransformsInfoProfileID>MOAIDTransformAuthBlock_deprecated</VerifyTransformsInfoProfileID> --> + <!-->Auskommentieren, falls die in der Beispiel-Onlineapplikation definierte Transformationverwendet wird:<--> + <!--VerifyTransformsInfoProfileID>MOAIDTransformAuthBlock</VerifyTransformsInfoProfileID--> + </VerifyAuthBlock> + </MOA-SP> + + <VerifyInfoboxes> + <Infobox Identifier="Mandates" required="false" provideStammzahl="true" provideIdentityLink="true"> + <FriendlyName>Vollmachten</FriendlyName> + <ApplicationSpecificParameters> + <!-- Kompatibilitaetsmodus: der Vertreter darf sich mit Vollmacht als der Vetretene anmelden --> + <CompatibilityMode>true</CompatibilityMode> + <!-- + <ConnectionParameter URL="http://demo.egiz.gv.at/moavv/services/moavvService"> + <AcceptedServerCertificates>certs/server-certs</AcceptedServerCertificates> + <!- - ClientKeyStore password="Keystore Pass">file_to_clientkeystore</ClientKeyStore - -> + </ConnectionParameter> + <mdp:MandateCheckProfileReference xmlns:mdp="http://reference.e-government.gv.at/namespace/mandateprofile/20041105#" ProfileName="Postvollmacht" ProfileVersion="1"/> + --> + <!-- In der folgenden Zeile kann der Vollmachten Validator deaktiviert werden (berufliche Parteienvertretung bleibt aktiviert, soferne Vertretungen konfiguriert sind)> --> + <EnableInfoboxValidator>false</EnableInfoboxValidator> + <PartyRepresentation> + <!-- Standardklasse, die Daten vervollstaendigt --> + <!-- InputProcessor template="/resources/templates/ParepTemplate.html">at.gv.egovernment.moa.id.auth.validator.parep.ParepInputProcessorImpl</InputProcessor--> + <!-- User-Inputformular immer anzeigen (auch wenn die notwendigen Daten bereits vollstaendig vorausgefuellt vorhanden sind) --> + <!--AlwaysShowForm>true</AlwaysShowForm--> + <!-- Standard-Stammzahlenregister-Gateway --> + <ConnectionParameter URL="https://pathToSZRGateway/szr-gateway/services/MandateCreation"> + <!-- AcceptedServerCertificates>certs/server-certs</AcceptedServerCertificates--> + <ClientKeyStore password="Keystore Pass">file_to_clientkeystore</ClientKeyStore> + </ConnectionParameter> + <!-- Notare --> + <PartyRepresentative oid="1.2.40.0.10.3.1" representPhysicalParty="true" representCorporateParty="true" representationText="berufliche(r) Parteienvertreter(in) mit Notariatseigenschaft"/> + <!-- Rechtsanwaelte --> + <PartyRepresentative oid="1.2.40.0.10.3.2" representPhysicalParty="true" representCorporateParty="true" representationText="berufliche(r) Parteienvertreter(in) mit Rechtsanwaltseigenschaft"/> + <!-- Ziviltechniker --> + <!-- + <PartyRepresentative oid="1.2.40.0.10.3.3" representPhysicalParty="true" representCorporateParty="true" representationText="berufliche(r) Parteienvertreter(in) mit Ziviltechnikerinneneigenschaft)" + <!- - Standardklasse, die Daten vervollstaendigt - -> + <!- - InputProcessor template="/resources/templates/ParepTemplate.html">at.gv.egovernment.moa.id.auth.validator.parep.ParepInputProcessorImpl</InputProcessor- -> + <!- - User-Inputformular immer anzeigen (auch wenn die notwendigen Daten bereits vollstaendig vorausgefuellt vorhanden sind) - -> + <!- - AlwaysShowForm>true</AlwaysShowForm- -> + <!- - Standard-Stammzahlenregister-Gateway - -> + <ConnectionParameter URL="https://129.27.142.5:8443/szr-gateway/services/MandateCreation"> + <!- - AcceptedServerCertificates>certs/server-certs</AcceptedServerCertificates- -> + <ClientKeyStore password="Keystore Pass">file_to_clientkeystore</ClientKeyStore> + </ConnectionParameter> + </PartyRepresentative> + --> + <!-- Organwalter --> + <PartyRepresentative oid="1.2.40.0.10.3.10" representPhysicalParty="true" representCorporateParty="false" representationText="Organwalter"/> + </PartyRepresentation> + </ApplicationSpecificParameters> + </Infobox> + </VerifyInfoboxes> + + </AuthComponent> + + <!-- Konfiguration fuer MOA-ID-PROXY --> + <ProxyComponent> + <!-- URL und akzeptierte TLS-Server-Zertifikate des MOA-ID-AUTH Web Service --> + <AuthComponent> + <ConnectionParameter URL="http://localhost:8080/moa-id-auth/services/GetAuthenticationData"> + <!-- <AcceptedServerCertificates>certs/server-certs</AcceptedServerCertificates> --> + <!-- <ClientKeyStore password="Keystore Pass">file_to_clientkeystore</ClientKeyStore> --> + </ConnectionParameter> + </AuthComponent> + </ProxyComponent> + + + <!-- Eintragung fuer jede Online-Applikation --> + <!-- Demo Online-Applikation fuer MOA-WID: Zugriff auf www.digitales.oesterreich.gv.at ueber MOA-ID-PROXY --> + <OnlineApplication type="businessService" publicURLPrefix="https://localhost:8443/"> + <!-- fuer MOA-ID-AUTH WID Modus --> + <AuthComponent slVersion="1.2" provideStammzahl="true" provideAUTHBlock="true" provideIdentityLink="false" provideCertificate="true"> + <!-- Spezifikation der Stammzahl des Wirtschaftsunternehmens --> + <IdentificationNumber> + <!-- Beispiel Firmenbuchnummer --> + <pr:Firmenbuchnummer xmlns:pr="http://reference.e-government.gv.at/namespace/persondata/20020228#">468924i</pr:Firmenbuchnummer> + </IdentificationNumber> + <!-->Lokale Templates zum Anpassen der Seiten "Auswahl der Bürgerkartenumgebung" und + "Anmeldung mit Bürgerkarte" sowie des Signaturformulars nach der Abarbeitung der Infobox-Validatoren + nur für diese Online Applikation<--> + <Templates> + <!--BKUSelectionTemplate URL="sampleTemplates/SampleBKUSelectionTemplate.html"/--> + <!--Template URL="sampleTemplates/SampleTemplate.html"/--> + <!--InputProcessorSignTemplate URL="sampleTemplates/SampleInputProcessorSignTemplate.html"/--> + </Templates> + <!-- Falls aktiviert, werden diese Transformationen anstatt der Default-Transformationen verwendet --> + <!-- TransformInfo in Textform, bevorzugte Variante im xhtml-Format --> + <!-- <TransformsInfo filename="transforms/TransformsInfoAuthBlockText.xml"/> --> + <!-- TransformInfo in Textform, alternative Variante fuer aeltere BKU --> + <!-- <TransformsInfo filename="transforms/TransformsInfoAuthBlockText_deprecated.xml"/> --> + <!-- TransformInfo in Tabellenform, bevorzugte Variante im xhtml-Format --> + <!-- <TransformsInfo filename="transforms/TransformsInfoAuthBlock.xml"/> --> + <!-- TransformInfo in Tabellenform, alternative Variante fuer aeltere BKU --> + <!-- <TransformsInfo filename="transforms/TransformsInfoAuthBlock_deprecated.xml"/> --> + </AuthComponent> + <!-- fuer MOA-ID-PROXY --> + <ProxyComponent configFileURL="oa/SampleOAConfiguration.xml" sessionTimeOut="600"> + <!-- <ProxyComponent configFileURL="oa/SampleOAConfiguration.xml" sessionTimeOut="600" loginParameterResolverImpl="at.gv.egovernment.moa.id.proxy.DefaultLoginParameterResolver" loginParameterResolverConfiguration="" connectionBuilderImpl="at.gv.egovernment.moa.id.proxy.DefaultConnectionBuilder"> --> + <!-- URL und akzeptierte TLS-Server-Zertifikate der Online-Applikation --> + <ConnectionParameter URL="http://www.digitales.oesterreich.gv.at/"> + <!-- <AcceptedServerCertificates>certs/server-certs</AcceptedServerCertificates> --> + <!-- <ClientKeyStore password="Keystore Pass">file_to_clientkeystore</ClientKeyStore> --> + </ConnectionParameter> + </ProxyComponent> + </OnlineApplication> + + <!-- ChainingModes fuer die Zertifikatspfadueberpruefung der TLS-Zertifikate --> + <ChainingModes systemDefaultMode="pkix"> + </ChainingModes> + + <!-- fuer MOA-ID-AUTH: CA-Zertifikat des Servers MOA-SP, falls dieses Service ueber HTTPS angesprochen wird + fuer MOA-ID-PROXY: CA-Zertifikat des Servers MOA-ID-AUTH, falls dieses Service ueber HTTPS angesprochen wird zusaeztlich: CA-Zertifikat aller Online-Applikationen, die ueber HTTPS angesprochen werden --> - <TrustedCACertificates>certs/ca-certs</TrustedCACertificates> - - <!-- Cache-Verzeichnis fuer-Zertifikate --> - <!-- Hinweis: wenn TC in linux oder unix betrieben wird vollstaendigen pfad fuer DirectoryCertStoreParameters.RootDir verwenden --> - <GenericConfiguration name="DirectoryCertStoreParameters.RootDir" value="certs/certstore"/> - <!-- Time-Out fuer die Anmeldung von Beginn bis zum Anlegen der Anmeldedaten, in Sekunden --> - <GenericConfiguration name="AuthenticationSession.TimeOut" value="600"/> - <!-- Time-Out fuer die Anmeldung vom Anlegen bis zum Abholen der Anmeldedaten, in Sekunden --> - <GenericConfiguration name="AuthenticationData.TimeOut" value="120"/> - - <!-- Alternatives Data URL prefix (falls Webserver vorgeschaltet wird) --> - <!--GenericConfiguration name="FrontendServlets.DataURLPrefix" value="https://<your_webserver>/moa-id-auth/"/ --> - <!-- HTTP Verbindung auf Frontend Servlets zulassen / verbieten (falls Webserver vorgeschaltet wird) --> - <!-- GenericConfiguration name="FrontendServlets.EnableHTTPConnection" value="true"/ --> + <TrustedCACertificates>certs/ca-certs</TrustedCACertificates> + + <!-- Cache-Verzeichnis fuer-Zertifikate --> + <!-- Hinweis: wenn TC in linux oder unix betrieben wird vollstaendigen pfad fuer DirectoryCertStoreParameters.RootDir verwenden --> + <GenericConfiguration name="DirectoryCertStoreParameters.RootDir" value="certs/certstore"/> + <!-- Time-Out fuer die Anmeldung von Beginn bis zum Anlegen der Anmeldedaten, in Sekunden --> + <GenericConfiguration name="AuthenticationSession.TimeOut" value="600"/> + <!-- Time-Out fuer die Anmeldung vom Anlegen bis zum Abholen der Anmeldedaten, in Sekunden --> + <GenericConfiguration name="AuthenticationData.TimeOut" value="120"/> + + <!-- Alternatives Data URL prefix (falls Webserver vorgeschaltet wird) --> + <!--GenericConfiguration name="FrontendServlets.DataURLPrefix" value="https://<your_webserver>/moa-id-auth/"/ --> + <!-- HTTP Verbindung auf Frontend Servlets zulassen / verbieten (falls Webserver vorgeschaltet wird) --> + <!-- GenericConfiguration name="FrontendServlets.EnableHTTPConnection" value="true"/ --> </MOA-IDConfiguration> diff --git a/id/server/data/deploy/conf/moa-id/SampleMOAWIDConfiguration_withTestBKs.xml b/id/server/data/deploy/conf/moa-id/SampleMOAWIDConfiguration_withTestBKs.xml index 7617737dd..1b21fa767 100644 --- a/id/server/data/deploy/conf/moa-id/SampleMOAWIDConfiguration_withTestBKs.xml +++ b/id/server/data/deploy/conf/moa-id/SampleMOAWIDConfiguration_withTestBKs.xml @@ -1,118 +1,166 @@ <?xml version="1.0" encoding="UTF-8"?> <!-- Beispielkonfiguration fuer MOA-WID ohne Proxy mit Unterstuetzung fuer - A-Trust und A1-Signatur, sowie die Testbuergerkarten a.sign test government und SeLaNext - Rudolf Schamberger, Stabsstelle IKT-Strategie des Bundes, Bundeskanzleramt, - Harald Bratko, IAIK --> + A-Trust und A1-Signatur, sowie die Testbuergerkarten a.sign test government und SeLaNext --> <MOA-IDConfiguration xmlns="http://www.buergerkarte.at/namespaces/moaconfig#" xmlns:dsig="http://www.w3.org/2000/09/xmldsig#" xmlns:sl10="http://www.buergerkarte.at/namespaces/securitylayer/20020225#" xmlns:sl11="http://www.buergerkarte.at/namespaces/securitylayer/20020831#"> - <!-- Konfiguration fuer MOA-ID-AUTH --> - <AuthComponent> - <!-- URL und akzeptierte TLS-Server-Zertifikate des verwendeten BKU-Auswahl Service --> - <BKUSelection BKUSelectionAlternative="HTMLSelect"> - <ConnectionParameter URL="http://auswahl.buergerkarte.at/htmlcode"> - <!-- <AcceptedServerCertificates>certs/server-certs</AcceptedServerCertificates> --> - </ConnectionParameter> - </BKUSelection> - <!-->Globale Templates zum Anpassen der Seiten "Auswahl der Bürgerkartenumgebung" und - "Anmeldung mit Bürgerkarte"<--> - <!--Templates> - <BKUSelectionTemplate URL="sampleTemplates/SampleBKUSelectionTemplate.html"/> - <Template URL="sampleTemplates/SampleTemplate.html"/> - </Templates--> - <!-- Transformationen fuer die Anzeige des AUTH-Block im Secure Viewer --> - <SecurityLayer> - <!-- TransformInfo in Textform, bevorzugte Variante im xhtml-Format --> - <TransformsInfo filename="transforms/TransformsInfoAuthBlockText.xml"/> - <!-- TransformInfo in Textform, alternative Variante fuer aeltere BKU --> - <TransformsInfo filename="transforms/TransformsInfoAuthBlockText_deprecated.xml"/> - - <!-- TransformInfo in Tabellenform, bevorzugte Variante im xhtml-Format --> - <!-- <TransformsInfo filename="transforms/TransformsInfoAuthBlock.xml"/> --> - <!-- TransformInfo in Tabellenform, alternative Variante fuer aeltere BKU --> - <!-- <TransformsInfo filename="transforms/TransformsInfoAuthBlock_deprecated.xml"/> --> - </SecurityLayer> - <MOA-SP> - <!-- URL und akzeptierte TLS-Server-Zertifikate des MOA-SP Web Service, falls MOA-SP ueber Web Service angesprochen wird. - Wenn MOA-SP direkt ueber API aufgerufen werden soll, so wird das Element auskommentiert --> - <!-- <ConnectionParameter URL="http://localhost:8080/moa-spss/services/SignatureVerification"> --> - <!-- <AcceptedServerCertificates>certs/server-certs</AcceptedServerCertificates> --> - <!-- <ClientKeyStore password="Keystore Pass">file_to_clientkeystore</ClientKeyStore> --> - <!-- </ConnectionParameter> --> - - <!-- TrustProfile fuer den IdentityLink der Buergerkarte (muss in MOA-SP konfiguriert sein) --> - <VerifyIdentityLink> - <!-- Testkarten (a.sign test government sowie Security Kapsel Neu/SeLaNext ab Version 1.0.3 wird unterstuezt) --> - <TrustProfileID>MOAIDBuergerkartePersonenbindungMitTestkarten</TrustProfileID> - </VerifyIdentityLink> - <!-- TrustProfile fuer die Signatur des Benutzers mit der Buergerkarte (muss in MOA-SP konfiguriert sein) --> - <VerifyAuthBlock> - <!-- Testkarten (a.sign test government sowie Security Kapsel Neu/SeLaNext ab Version 1.0.3 wird unterstuetzt) --> - <TrustProfileID>MOAIDBuergerkarteAuthentisierungsDatenMitTestkarten</TrustProfileID> + <!-- Konfiguration fuer MOA-ID-AUTH --> + <AuthComponent> + <!-- URL und akzeptierte TLS-Server-Zertifikate des verwendeten BKU-Auswahl Service --> + <BKUSelection BKUSelectionAlternative="HTMLSelect"> + <ConnectionParameter URL="http://auswahl.buergerkarte.at/htmlcode"> + <!-- <AcceptedServerCertificates>certs/server-certs</AcceptedServerCertificates> --> + </ConnectionParameter> + </BKUSelection> + <!-->Globale Templates zum Anpassen der Seiten "Auswahl der Bürgerkartenumgebung" und + "Anmeldung mit Bürgerkarte" sowie des Signaturformulars nach der Abarbeitung der Infobox-Validatoren <--> + <Templates> + <!--BKUSelectionTemplate URL="sampleTemplates/SampleBKUSelectionTemplate.html"/--> + <!--Template URL="sampleTemplates/SampleTemplate.html"/--> + <!--InputProcessorSignTemplate URL="sampleTemplates/SampleInputProcessorSignTemplate.html"/--> + </Templates> + <!-- Transformationen fuer die Anzeige des AUTH-Block im Secure Viewer --> + <SecurityLayer> + <!-- TransformInfo in Textform, bevorzugte Variante im xhtml-Format --> + <TransformsInfo filename="transforms/TransformsInfoAuthBlockText.xml"/> + <!-- TransformInfo in Textform, alternative Variante fuer aeltere BKU --> + <TransformsInfo filename="transforms/TransformsInfoAuthBlockText_deprecated.xml"/> + <!-- TransformInfo in Tabellenform, bevorzugte Variante im xhtml-Format --> + <!-- <TransformsInfo filename="transforms/TransformsInfoAuthBlock.xml"/> --> + <!-- TransformInfo in Tabellenform, alternative Variante fuer aeltere BKU --> + <!-- <TransformsInfo filename="transforms/TransformsInfoAuthBlock_deprecated.xml"/> --> + </SecurityLayer> + <MOA-SP> + <!-- URL und akzeptierte TLS-Server-Zertifikate des MOA-SP Web Service, falls MOA-SP ueber Web Service angesprochen wird. + Wenn MOA-SP direkt ueber API aufgerufen werden soll, so wird das Element auskommentiert --> + <!-- <ConnectionParameter URL="http://localhost:8080/moa-spss/services/SignatureVerification"> --> + <!-- <AcceptedServerCertificates>certs/server-certs</AcceptedServerCertificates> --> + <!-- <ClientKeyStore password="Keystore Pass">file_to_clientkeystore</ClientKeyStore> --> + <!-- </ConnectionParameter> --> + <!-- TrustProfile fuer den IdentityLink der Buergerkarte (muss in MOA-SP konfiguriert sein) --> + <VerifyIdentityLink> + <!-- Testkarten (a.sign test government sowie Security Kapsel Neu/SeLaNext ab Version 1.0.3 wird unterstuezt) --> + <TrustProfileID>MOAIDBuergerkartePersonenbindungMitTestkarten</TrustProfileID> + </VerifyIdentityLink> + <!-- TrustProfile fuer die Signatur des Benutzers mit der Buergerkarte (muss in MOA-SP konfiguriert sein) --> + <VerifyAuthBlock> + <!-- Testkarten (a.sign test government sowie Security Kapsel Neu/SeLaNext ab Version 1.0.3 wird unterstuetzt) --> + <TrustProfileID>MOAIDBuergerkarteAuthentisierungsDatenMitTestkarten</TrustProfileID> + <!-- VerifyTransformsInfoProfile mit den Transformationen fuer die Anzeige der Anmeldedaten im Secure Viewer (muss in MOA-SP konfiguriert sein) --> + <VerifyTransformsInfoProfileID>MOAIDTransformAuthBlockText</VerifyTransformsInfoProfileID> + <VerifyTransformsInfoProfileID>MOAIDTransformAuthBlockText_deprecated</VerifyTransformsInfoProfileID> + <!-- <VerifyTransformsInfoProfileID>MOAIDTransformAuthBlock</VerifyTransformsInfoProfileID> --> + <!-- <VerifyTransformsInfoProfileID>MOAIDTransformAuthBlock_deprecated</VerifyTransformsInfoProfileID> --> + <!-->Auskommentieren, falls die in der Beispiel-Onlineapplikation definierte Transformationverwendet wird:<--> + <!--VerifyTransformsInfoProfileID>MOAIDTransformAuthBlock</VerifyTransformsInfoProfileID--> + </VerifyAuthBlock> + </MOA-SP> - <!-- VerifyTransformsInfoProfile mit den Transformationen fuer die Anzeige der Anmeldedaten im Secure Viewer (muss in MOA-SP konfiguriert sein) --> - <VerifyTransformsInfoProfileID>MOAIDTransformAuthBlockText</VerifyTransformsInfoProfileID> - <VerifyTransformsInfoProfileID>MOAIDTransformAuthBlockText_deprecated</VerifyTransformsInfoProfileID> - <!-- <VerifyTransformsInfoProfileID>MOAIDTransformAuthBlock</VerifyTransformsInfoProfileID> --> - <!-- <VerifyTransformsInfoProfileID>MOAIDTransformAuthBlock_deprecated</VerifyTransformsInfoProfileID> --> + <!-- Gueltige Signatoren des IdentityLinks, der von der Buergerkarte gelesen wird --> + <!-- IdentityLinkSigners--> + <!-- Testkarten (a.sign test government sowie Security Kapsel Neu/SeLaNext ab Version 1.0.3 wird unterstuetzt) --> + <!--X509SubjectName>CN=Test Signaturdienst Personenbindung,OU=IKT-Stabsstelle des Bundes,O=Bundeskanzleramt,C=AT</X509SubjectName--> + <!--/IdentityLinkSigners--> - <!-->Auskommentieren, falls die in der Beispiel-Onlineapplikation definierte Transformationverwendet wird:<--> - <!--VerifyTransformsInfoProfileID>MOAIDTransformAuthBlock</VerifyTransformsInfoProfileID--> - </VerifyAuthBlock> - </MOA-SP> + <VerifyInfoboxes> + <Infobox Identifier="Mandates" required="false" provideStammzahl="true" provideIdentityLink="true"> + <FriendlyName>Vollmachten</FriendlyName> + <ApplicationSpecificParameters> + <!-- Kompatibilitaetsmodus: der Vertreter darf sich mit Vollmacht als der Vetretene anmelden --> + <CompatibilityMode>true</CompatibilityMode> + <!-- + <ConnectionParameter URL="http://demo.egiz.gv.at/moavv/services/moavvService"> + <AcceptedServerCertificates>certs/server-certs</AcceptedServerCertificates> + <!- - ClientKeyStore password="Keystore Pass">file_to_clientkeystore</ClientKeyStore - -> + </ConnectionParameter> + <mdp:MandateCheckProfileReference xmlns:mdp="http://reference.e-government.gv.at/namespace/mandateprofile/20041105#" ProfileName="Postvollmacht" ProfileVersion="1"/> + --> + <!-- In der folgenden Zeile kann der Vollmachten Validator deaktiviert werden (berufliche Parteienvertretung bleibt aktiviert, soferne Vertretungen konfiguriert sind)> --> + <EnableInfoboxValidator>false</EnableInfoboxValidator> + <PartyRepresentation> + <!-- Standardklasse, die Daten vervollstaendigt --> + <!-- InputProcessor template="/resources/templates/ParepTemplate.html">at.gv.egovernment.moa.id.auth.validator.parep.ParepInputProcessorImpl</InputProcessor--> + <!-- User-Inputformular immer anzeigen (auch wenn die notwendigen Daten bereits vollstaendig vorausgefuellt vorhanden sind) --> + <!--AlwaysShowForm>true</AlwaysShowForm--> + <!-- Standard-Stammzahlenregister-Gateway --> + <ConnectionParameter URL="https://pathToSZRGateway/szr-gateway/services/MandateCreation"> + <!-- AcceptedServerCertificates>certs/server-certs</AcceptedServerCertificates--> + <ClientKeyStore password="Keystore Pass">file_to_clientkeystore</ClientKeyStore> + </ConnectionParameter> + <!-- Notare --> + <PartyRepresentative oid="1.2.40.0.10.3.1" representPhysicalParty="true" representCorporateParty="true" representationText="berufliche(r) Parteienvertreter(in) mit Notariatseigenschaft"/> + <!-- Rechtsanwaelte --> + <PartyRepresentative oid="1.2.40.0.10.3.2" representPhysicalParty="true" representCorporateParty="true" representationText="berufliche(r) Parteienvertreter(in) mit Rechtsanwaltseigenschaft"/> + <!-- Ziviltechniker --> + <!-- + <PartyRepresentative oid="1.2.40.0.10.3.3" representPhysicalParty="true" representCorporateParty="true" representationText="berufliche(r) Parteienvertreter(in) mit Ziviltechnikerinneneigenschaft)" + <!- - Standardklasse, die Daten vervollstaendigt - -> + <!- - InputProcessor template="/resources/templates/ParepTemplate.html">at.gv.egovernment.moa.id.auth.validator.parep.ParepInputProcessorImpl</InputProcessor- -> + <!- - User-Inputformular immer anzeigen (auch wenn die notwendigen Daten bereits vollstaendig vorausgefuellt vorhanden sind) - -> + <!- - AlwaysShowForm>true</AlwaysShowForm- -> + <!- - Standard-Stammzahlenregister-Gateway - -> + <ConnectionParameter URL="https://129.27.142.5:8443/szr-gateway/services/MandateCreation"> + <!- - AcceptedServerCertificates>certs/server-certs</AcceptedServerCertificates- -> + <ClientKeyStore password="Keystore Pass">file_to_clientkeystore</ClientKeyStore> + </ConnectionParameter> + </PartyRepresentative> + --> + <!-- Organwalter --> + <PartyRepresentative oid="1.2.40.0.10.3.10" representPhysicalParty="true" representCorporateParty="false" representationText="Organwalter"/> + </PartyRepresentation> + </ApplicationSpecificParameters> + </Infobox> + </VerifyInfoboxes> + + </AuthComponent> + + + <!-- Eintragung fuer jede Online-Applikation --> + <!-- publicURLPrefix referenziert hier keine richtige Online Applikation; muss angepasst werden --> + <OnlineApplication type="businessService" publicURLPrefix="https://localhost:8443/"> + <!-- fuer MOA-ID-AUTH WID Modus --> + <AuthComponent slVersion="1.2" provideStammzahl="true" provideAUTHBlock="true" provideIdentityLink="false" provideCertificate="true"> + <!-- Spezifikation der Stammzahl des Wirtschaftsunternehmens --> + <IdentificationNumber> + <!-- Beispiel Firmenbuchnummer --> + <pr:Firmenbuchnummer xmlns:pr="http://reference.e-government.gv.at/namespace/persondata/20020228#">468924i</pr:Firmenbuchnummer> + </IdentificationNumber> + <!-->Lokale Templates zum Anpassen der Seiten "Auswahl der Bürgerkartenumgebung" und + "Anmeldung mit Bürgerkarte" sowie des Signaturformulars nach der Abarbeitung der Infobox-Validatoren + nur für diese Online Applikation<--> + <Templates> + <!--BKUSelectionTemplate URL="sampleTemplates/SampleBKUSelectionTemplate.html"/--> + <!--Template URL="sampleTemplates/SampleTemplate.html"/--> + <!--InputProcessorSignTemplate URL="sampleTemplates/SampleInputProcessorSignTemplate.html"/--> + </Templates> + <!-- Falls aktiviert, werden diese Transformationen anstatt der Default-Transformationen verwendet --> + <!-- TransformInfo in Textform, bevorzugte Variante im xhtml-Format --> + <!-- <TransformsInfo filename="transforms/TransformsInfoAuthBlockText.xml"/> --> + <!-- TransformInfo in Textform, alternative Variante fuer aeltere BKU --> + <!-- <TransformsInfo filename="transforms/TransformsInfoAuthBlockText_deprecated.xml"/> --> + <!-- TransformInfo in Tabellenform, bevorzugte Variante im xhtml-Format --> + <!-- <TransformsInfo filename="transforms/TransformsInfoAuthBlock.xml"/> --> + <!-- TransformInfo in Tabellenform, alternative Variante fuer aeltere BKU --> + <!-- <TransformsInfo filename="transforms/TransformsInfoAuthBlock_deprecated.xml"/> --> + </AuthComponent> + </OnlineApplication> - <!-- Gueltige Signatoren des IdentityLinks, der von der Buergerkarte gelesen wird --> - <!-- IdentityLinkSigners--> - <!-- Testkarten (a.sign test government sowie Security Kapsel Neu/SeLaNext ab Version 1.0.3 wird unterstuetzt) --> - <!--X509SubjectName>CN=Test Signaturdienst Personenbindung,OU=IKT-Stabsstelle des Bundes,O=Bundeskanzleramt,C=AT</X509SubjectName--> - <!--/IdentityLinkSigners--> - </AuthComponent> + <!-- ChainingModes fuer die Zertifikatspfadueberpruefung der TLS-Zertifikate --> + <ChainingModes systemDefaultMode="pkix"> + </ChainingModes> - <!-- Eintragung fuer jede Online-Applikation --> - <!-- publicURLPrefix referenziert hier keine richtige Online Applikation; muss angepasst werden --> - <OnlineApplication type="businessService" publicURLPrefix="https://localhost:8443/"> - <!-- fuer MOA-ID-AUTH WID Modus --> - <AuthComponent slVersion="1.2" provideStammzahl="true" provideAUTHBlock="true" provideIdentityLink="false" provideCertificate="true"> - <!-- Spezifikation der Stammzahl des Wirtschaftsunternehmens --> - <IdentificationNumber> - <!-- Beispiel Firmenbuchnummer --> - <pr:Firmenbuchnummer xmlns:pr="http://reference.e-government.gv.at/namespace/persondata/20020228#">468924i</pr:Firmenbuchnummer> - </IdentificationNumber> - <!-->Lokale Templates zum Anpassen der Seiten "Auswahl der Bürgerkartenumgebung" und - "Anmeldung mit Bürgerkarte" nur für diese Online Applikation<--> - <!--Templates> - <BKUSelectionTemplate URL="sampleTemplates/SampleBKUSelectionTemplate.html"/> - <Template URL="sampleTemplates/SampleTemplate.html"/> - </Templates--> - <!-- Falls aktiviert, werden diese Transformationen anstatt der Default-Transformationen verwendet --> - <!-- TransformInfo in Textform, bevorzugte Variante im xhtml-Format --> - <!-- <TransformsInfo filename="transforms/TransformsInfoAuthBlockText.xml"/> --> - <!-- TransformInfo in Textform, alternative Variante fuer aeltere BKU --> - <!-- <TransformsInfo filename="transforms/TransformsInfoAuthBlockText_deprecated.xml"/> --> - - <!-- TransformInfo in Tabellenform, bevorzugte Variante im xhtml-Format --> - <!-- <TransformsInfo filename="transforms/TransformsInfoAuthBlock.xml"/> --> - <!-- TransformInfo in Tabellenform, alternative Variante fuer aeltere BKU --> - <!-- <TransformsInfo filename="transforms/TransformsInfoAuthBlock_deprecated.xml"/> --> - </AuthComponent> - </OnlineApplication> - - <!-- ChainingModes fuer die Zertifikatspfadueberpruefung der TLS-Zertifikate --> - <ChainingModes systemDefaultMode="pkix"> - </ChainingModes> - - <!-- fuer MOA-ID-AUTH: CA-Zertifikat des Servers MOA-SP, falls dieses Service ueber HTTPS angesprochen wird + <!-- fuer MOA-ID-AUTH: CA-Zertifikat des Servers MOA-SP, falls dieses Service ueber HTTPS angesprochen wird zusaeztlich: CA-Zertifikat aller Online-Applikationen, die ueber HTTPS angesprochen werden --> - <TrustedCACertificates>certs/ca-certs</TrustedCACertificates> + <TrustedCACertificates>certs/ca-certs</TrustedCACertificates> + + <!-- Cache-Verzeichnis fuer-Zertifikate --> + <!-- Hinweis: wenn TC in linux oder unix betrieben wird vollstaendigen pfad fuer DirectoryCertStoreParameters.RootDir verwenden --> + <GenericConfiguration name="DirectoryCertStoreParameters.RootDir" value="certs/certstore"/> + <!-- Time-Out fuer die Anmeldung von Beginn bis zum Anlegen der Anmeldedaten, in Sekunden --> + <GenericConfiguration name="AuthenticationSession.TimeOut" value="600"/> + <!-- Time-Out fuer die Anmeldung vom Anlegen bis zum Abholen der Anmeldedaten, in Sekunden --> + <GenericConfiguration name="AuthenticationData.TimeOut" value="120"/> - <!-- Cache-Verzeichnis fuer-Zertifikate --> - <!-- Hinweis: wenn TC in linux oder unix betrieben wird vollstaendigen pfad fuer DirectoryCertStoreParameters.RootDir verwenden --> - <GenericConfiguration name="DirectoryCertStoreParameters.RootDir" value="certs/certstore"/> - <!-- Time-Out fuer die Anmeldung von Beginn bis zum Anlegen der Anmeldedaten, in Sekunden --> - <GenericConfiguration name="AuthenticationSession.TimeOut" value="600"/> - <!-- Time-Out fuer die Anmeldung vom Anlegen bis zum Abholen der Anmeldedaten, in Sekunden --> - <GenericConfiguration name="AuthenticationData.TimeOut" value="120"/> - - <!-- Alternatives Data URL prefix (falls Webserver vorgeschaltet wird) --> - <!--GenericConfiguration name="FrontendServlets.DataURLPrefix" value="https://<your_webserver>/moa-id-auth/"/ --> - <!-- HTTP Verbindung auf Frontend Servlets zulassen / verbieten (falls Webserver vorgeschaltet wird) --> - <!-- GenericConfiguration name="FrontendServlets.EnableHTTPConnection" value="true"/ --> + <!-- Alternatives Data URL prefix (falls Webserver vorgeschaltet wird) --> + <!--GenericConfiguration name="FrontendServlets.DataURLPrefix" value="https://<your_webserver>/moa-id-auth/"/ --> + <!-- HTTP Verbindung auf Frontend Servlets zulassen / verbieten (falls Webserver vorgeschaltet wird) --> + <!-- GenericConfiguration name="FrontendServlets.EnableHTTPConnection" value="true"/ --> </MOA-IDConfiguration> diff --git a/id/server/data/deploy/conf/moa-id/SampleMOAWIDConfiguration_withTestBKsProxy.xml b/id/server/data/deploy/conf/moa-id/SampleMOAWIDConfiguration_withTestBKsProxy.xml index 264f6f6e3..55d1654fe 100644 --- a/id/server/data/deploy/conf/moa-id/SampleMOAWIDConfiguration_withTestBKsProxy.xml +++ b/id/server/data/deploy/conf/moa-id/SampleMOAWIDConfiguration_withTestBKsProxy.xml @@ -1,140 +1,187 @@ <?xml version="1.0" encoding="UTF-8"?> <!-- Beispielkonfiguration fuer MOA-WID mit Unterstuetzung fuer - A-Trust und A1-Signatur, sowie die Testbuergerkarten a.sign test government und SeLaNext - Rudolf Schamberger, Stabsstelle IKT-Strategie des Bundes, Bundeskanzleramt, - Harald Bratko, IAIK --> + A-Trust und A1-Signatur, sowie die Testbuergerkarten a.sign test government und SeLaNext --> <MOA-IDConfiguration xmlns="http://www.buergerkarte.at/namespaces/moaconfig#" xmlns:dsig="http://www.w3.org/2000/09/xmldsig#" xmlns:sl10="http://www.buergerkarte.at/namespaces/securitylayer/20020225#" xmlns:sl11="http://www.buergerkarte.at/namespaces/securitylayer/20020831#"> - <!-- Konfiguration fuer MOA-ID-AUTH --> - <AuthComponent> - <!-- URL und akzeptierte TLS-Server-Zertifikate des verwendeten BKU-Auswahl Service --> - <BKUSelection BKUSelectionAlternative="HTMLSelect"> - <ConnectionParameter URL="http://auswahl.buergerkarte.at/htmlcode"> - <!-- <AcceptedServerCertificates>certs/server-certs</AcceptedServerCertificates> --> - </ConnectionParameter> - </BKUSelection> - <!-->Globale Templates zum Anpassen der Seiten "Auswahl der Bürgerkartenumgebung" und - "Anmeldung mit Bürgerkarte"<--> - <!--Templates> - <BKUSelectionTemplate URL="sampleTemplates/SampleBKUSelectionTemplate.html"/> - <Template URL="sampleTemplates/SampleTemplate.html"/> - </Templates--> - <!-- Transformationen fuer die Anzeige des AUTH-Block im Secure Viewer --> - <SecurityLayer> - <!-- TransformInfo in Textform, bevorzugte Variante im xhtml-Format --> - <TransformsInfo filename="transforms/TransformsInfoAuthBlockText.xml"/> - <!-- TransformInfo in Textform, alternative Variante fuer aeltere BKU --> - <TransformsInfo filename="transforms/TransformsInfoAuthBlockText_deprecated.xml"/> - - <!-- TransformInfo in Tabellenform, bevorzugte Variante im xhtml-Format --> - <!-- <TransformsInfo filename="transforms/TransformsInfoAuthBlock.xml"/> --> - <!-- TransformInfo in Tabellenform, alternative Variante fuer aeltere BKU --> - <!-- <TransformsInfo filename="transforms/TransformsInfoAuthBlock_deprecated.xml"/> --> - </SecurityLayer> - <MOA-SP> - <!-- URL und akzeptierte TLS-Server-Zertifikate des MOA-SP Web Service, falls MOA-SP ueber Web Service angesprochen wird. - Wenn MOA-SP direkt ueber API aufgerufen werden soll, so wird das Element auskommentiert --> - <!-- <ConnectionParameter URL="http://localhost:8080/moa-spss/services/SignatureVerification"> --> - <!-- <AcceptedServerCertificates>certs/server-certs</AcceptedServerCertificates> --> - <!-- <ClientKeyStore password="Keystore Pass">file_to_clientkeystore</ClientKeyStore> --> - <!-- </ConnectionParameter> --> - - <!-- TrustProfile fuer den IdentityLink der Buergerkarte (muss in MOA-SP konfiguriert sein) --> - <VerifyIdentityLink> - <!-- Testkarten (a.sign test government sowie Security Kapsel Neu/SeLaNext ab Version 1.0.3 wird unterstuezt) --> - <TrustProfileID>MOAIDBuergerkartePersonenbindungMitTestkarten</TrustProfileID> - </VerifyIdentityLink> - <!-- TrustProfile fuer die Signatur des Benutzers mit der Buergerkarte (muss in MOA-SP konfiguriert sein) --> - <VerifyAuthBlock> - <!-- Testkarten (a.sign test government sowie Security Kapsel Neu/SeLaNext ab Version 1.0.3 wird unterstuetzt) --> - <TrustProfileID>MOAIDBuergerkarteAuthentisierungsDatenMitTestkarten</TrustProfileID> + <!-- Konfiguration fuer MOA-ID-AUTH --> + <AuthComponent> + <!-- URL und akzeptierte TLS-Server-Zertifikate des verwendeten BKU-Auswahl Service --> + <BKUSelection BKUSelectionAlternative="HTMLSelect"> + <ConnectionParameter URL="http://auswahl.buergerkarte.at/htmlcode"> + <!-- <AcceptedServerCertificates>certs/server-certs</AcceptedServerCertificates> --> + </ConnectionParameter> + </BKUSelection> + <!-->Globale Templates zum Anpassen der Seiten "Auswahl der Bürgerkartenumgebung" und + "Anmeldung mit Bürgerkarte" sowie des Signaturformulars nach der Abarbeitung der Infobox-Validatoren <--> + <Templates> + <!--BKUSelectionTemplate URL="sampleTemplates/SampleBKUSelectionTemplate.html"/--> + <!--Template URL="sampleTemplates/SampleTemplate.html"/--> + <!--InputProcessorSignTemplate URL="sampleTemplates/SampleInputProcessorSignTemplate.html"/--> + </Templates> + <!-- Transformationen fuer die Anzeige des AUTH-Block im Secure Viewer --> + <SecurityLayer> + <!-- TransformInfo in Textform, bevorzugte Variante im xhtml-Format --> + <TransformsInfo filename="transforms/TransformsInfoAuthBlockText.xml"/> + <!-- TransformInfo in Textform, alternative Variante fuer aeltere BKU --> + <TransformsInfo filename="transforms/TransformsInfoAuthBlockText_deprecated.xml"/> + <!-- TransformInfo in Tabellenform, bevorzugte Variante im xhtml-Format --> + <!-- <TransformsInfo filename="transforms/TransformsInfoAuthBlock.xml"/> --> + <!-- TransformInfo in Tabellenform, alternative Variante fuer aeltere BKU --> + <!-- <TransformsInfo filename="transforms/TransformsInfoAuthBlock_deprecated.xml"/> --> + </SecurityLayer> + <MOA-SP> + <!-- URL und akzeptierte TLS-Server-Zertifikate des MOA-SP Web Service, falls MOA-SP ueber Web Service angesprochen wird. + Wenn MOA-SP direkt ueber API aufgerufen werden soll, so wird das Element auskommentiert --> + <!-- <ConnectionParameter URL="http://localhost:8080/moa-spss/services/SignatureVerification"> --> + <!-- <AcceptedServerCertificates>certs/server-certs</AcceptedServerCertificates> --> + <!-- <ClientKeyStore password="Keystore Pass">file_to_clientkeystore</ClientKeyStore> --> + <!-- </ConnectionParameter> --> + <!-- TrustProfile fuer den IdentityLink der Buergerkarte (muss in MOA-SP konfiguriert sein) --> + <VerifyIdentityLink> + <!-- Testkarten (a.sign test government sowie Security Kapsel Neu/SeLaNext ab Version 1.0.3 wird unterstuezt) --> + <TrustProfileID>MOAIDBuergerkartePersonenbindungMitTestkarten</TrustProfileID> + </VerifyIdentityLink> + <!-- TrustProfile fuer die Signatur des Benutzers mit der Buergerkarte (muss in MOA-SP konfiguriert sein) --> + <VerifyAuthBlock> + <!-- Testkarten (a.sign test government sowie Security Kapsel Neu/SeLaNext ab Version 1.0.3 wird unterstuetzt) --> + <TrustProfileID>MOAIDBuergerkarteAuthentisierungsDatenMitTestkarten</TrustProfileID> + <!-- VerifyTransformsInfoProfile mit den Transformationen fuer die Anzeige der Anmeldedaten im Secure Viewer (muss in MOA-SP konfiguriert sein) --> + <VerifyTransformsInfoProfileID>MOAIDTransformAuthBlockText</VerifyTransformsInfoProfileID> + <VerifyTransformsInfoProfileID>MOAIDTransformAuthBlockText_deprecated</VerifyTransformsInfoProfileID> + <!-- <VerifyTransformsInfoProfileID>MOAIDTransformAuthBlock</VerifyTransformsInfoProfileID> --> + <!-- <VerifyTransformsInfoProfileID>MOAIDTransformAuthBlock_deprecated</VerifyTransformsInfoProfileID> --> + <!-->Auskommentieren, falls die in der Beispiel-Onlineapplikation definierte Transformationverwendet wird:<--> + <!--VerifyTransformsInfoProfileID>MOAIDTransformAuthBlock</VerifyTransformsInfoProfileID--> + </VerifyAuthBlock> + </MOA-SP> - <!-- VerifyTransformsInfoProfile mit den Transformationen fuer die Anzeige der Anmeldedaten im Secure Viewer (muss in MOA-SP konfiguriert sein) --> - <VerifyTransformsInfoProfileID>MOAIDTransformAuthBlockText</VerifyTransformsInfoProfileID> - <VerifyTransformsInfoProfileID>MOAIDTransformAuthBlockText_deprecated</VerifyTransformsInfoProfileID> - <!-- <VerifyTransformsInfoProfileID>MOAIDTransformAuthBlock</VerifyTransformsInfoProfileID> --> - <!-- <VerifyTransformsInfoProfileID>MOAIDTransformAuthBlock_deprecated</VerifyTransformsInfoProfileID> --> + <!-- Gueltige Signatoren des IdentityLinks, der von der Buergerkarte gelesen wird --> + <!-- IdentityLinkSigners--> + <!-- Testkarten (a.sign test government sowie Security Kapsel Neu/SeLaNext ab Version 1.0.3 wird unterstuetzt) --> + <!--X509SubjectName>CN=Test Signaturdienst Personenbindung,OU=IKT-Stabsstelle des Bundes,O=Bundeskanzleramt,C=AT</X509SubjectName--> + <!--/IdentityLinkSigners--> - <!-->Auskommentieren, falls die in der Beispiel-Onlineapplikation definierte Transformationverwendet wird:<--> - <!--VerifyTransformsInfoProfileID>MOAIDTransformAuthBlock</VerifyTransformsInfoProfileID--> - </VerifyAuthBlock> - </MOA-SP> + <VerifyInfoboxes> + <Infobox Identifier="Mandates" required="false" provideStammzahl="true" provideIdentityLink="true"> + <FriendlyName>Vollmachten</FriendlyName> + <ApplicationSpecificParameters> + <!-- Kompatibilitaetsmodus: der Vertreter darf sich mit Vollmacht als der Vetretene anmelden --> + <CompatibilityMode>true</CompatibilityMode> + <!-- + <ConnectionParameter URL="http://demo.egiz.gv.at/moavv/services/moavvService"> + <AcceptedServerCertificates>certs/server-certs</AcceptedServerCertificates> + <!- - ClientKeyStore password="Keystore Pass">file_to_clientkeystore</ClientKeyStore - -> + </ConnectionParameter> + <mdp:MandateCheckProfileReference xmlns:mdp="http://reference.e-government.gv.at/namespace/mandateprofile/20041105#" ProfileName="Postvollmacht" ProfileVersion="1"/> + --> + <!-- In der folgenden Zeile kann der Vollmachten Validator deaktiviert werden (berufliche Parteienvertretung bleibt aktiviert, soferne Vertretungen konfiguriert sind)> --> + <EnableInfoboxValidator>false</EnableInfoboxValidator> + <PartyRepresentation> + <!-- Standardklasse, die Daten vervollstaendigt --> + <!-- InputProcessor template="/resources/templates/ParepTemplate.html">at.gv.egovernment.moa.id.auth.validator.parep.ParepInputProcessorImpl</InputProcessor--> + <!-- User-Inputformular immer anzeigen (auch wenn die notwendigen Daten bereits vollstaendig vorausgefuellt vorhanden sind) --> + <!--AlwaysShowForm>true</AlwaysShowForm--> + <!-- Standard-Stammzahlenregister-Gateway --> + <ConnectionParameter URL="https://pathToSZRGateway/szr-gateway/services/MandateCreation"> + <!-- AcceptedServerCertificates>certs/server-certs</AcceptedServerCertificates--> + <ClientKeyStore password="Keystore Pass">file_to_clientkeystore</ClientKeyStore> + </ConnectionParameter> + <!-- Notare --> + <PartyRepresentative oid="1.2.40.0.10.3.1" representPhysicalParty="true" representCorporateParty="true" representationText="berufliche(r) Parteienvertreter(in) mit Notariatseigenschaft"/> + <!-- Rechtsanwaelte --> + <PartyRepresentative oid="1.2.40.0.10.3.2" representPhysicalParty="true" representCorporateParty="true" representationText="berufliche(r) Parteienvertreter(in) mit Rechtsanwaltseigenschaft"/> + <!-- Ziviltechniker --> + <!-- + <PartyRepresentative oid="1.2.40.0.10.3.3" representPhysicalParty="true" representCorporateParty="true" representationText="berufliche(r) Parteienvertreter(in) mit Ziviltechnikerinneneigenschaft)" + <!- - Standardklasse, die Daten vervollstaendigt - -> + <!- - InputProcessor template="/resources/templates/ParepTemplate.html">at.gv.egovernment.moa.id.auth.validator.parep.ParepInputProcessorImpl</InputProcessor- -> + <!- - User-Inputformular immer anzeigen (auch wenn die notwendigen Daten bereits vollstaendig vorausgefuellt vorhanden sind) - -> + <!- - AlwaysShowForm>true</AlwaysShowForm- -> + <!- - Standard-Stammzahlenregister-Gateway - -> + <ConnectionParameter URL="https://129.27.142.5:8443/szr-gateway/services/MandateCreation"> + <!- - AcceptedServerCertificates>certs/server-certs</AcceptedServerCertificates- -> + <ClientKeyStore password="Keystore Pass">file_to_clientkeystore</ClientKeyStore> + </ConnectionParameter> + </PartyRepresentative> + --> + <!-- Organwalter --> + <PartyRepresentative oid="1.2.40.0.10.3.10" representPhysicalParty="true" representCorporateParty="false" representationText="Organwalter"/> + </PartyRepresentation> + </ApplicationSpecificParameters> + </Infobox> + </VerifyInfoboxes> - <!-- Gueltige Signatoren des IdentityLinks, der von der Buergerkarte gelesen wird --> - <!-- IdentityLinkSigners--> - <!-- Testkarten (a.sign test government sowie Security Kapsel Neu/SeLaNext ab Version 1.0.3 wird unterstuetzt) --> - <!--X509SubjectName>CN=Test Signaturdienst Personenbindung,OU=IKT-Stabsstelle des Bundes,O=Bundeskanzleramt,C=AT</X509SubjectName--> - <!--/IdentityLinkSigners--> - </AuthComponent> - - <!-- Konfiguration fuer MOA-ID-PROXY --> - <ProxyComponent> - <!-- URL und akzeptierte TLS-Server-Zertifikate des MOA-ID-AUTH Web Service --> - <AuthComponent> - <ConnectionParameter URL="http://localhost:8080/moa-id-auth/services/GetAuthenticationData"> - <!-- <AcceptedServerCertificates>certs/server-certs</AcceptedServerCertificates> --> - <!-- <ClientKeyStore password="Keystore Pass">file_to_clientkeystore</ClientKeyStore> --> - </ConnectionParameter> - </AuthComponent> - </ProxyComponent> + </AuthComponent> + <!-- Konfiguration fuer MOA-ID-PROXY --> + <ProxyComponent> + <!-- URL und akzeptierte TLS-Server-Zertifikate des MOA-ID-AUTH Web Service --> + <AuthComponent> + <ConnectionParameter URL="http://localhost:8080/moa-id-auth/services/GetAuthenticationData"> + <!-- <AcceptedServerCertificates>certs/server-certs</AcceptedServerCertificates> --> + <!-- <ClientKeyStore password="Keystore Pass">file_to_clientkeystore</ClientKeyStore> --> + </ConnectionParameter> + </AuthComponent> + </ProxyComponent> - <!-- Eintragung fuer jede Online-Applikation --> - <!-- Demo Online-Applikation fuer MOA-WID: Zugriff auf www.digitales.oesterreich.gv.at ueber MOA-ID-PROXY --> - <OnlineApplication type="businessService" publicURLPrefix="https://localhost:8443/"> - <!-- fuer MOA-ID-AUTH WID Modus --> - <AuthComponent slVersion="1.2" provideStammzahl="true" provideAUTHBlock="true" provideIdentityLink="false" provideCertificate="true"> - <!-- Spezifikation der Stammzahl des Wirtschaftsunternehmens --> - <IdentificationNumber> - <!-- Beispiel Firmenbuchnummer --> - <pr:Firmenbuchnummer xmlns:pr="http://reference.e-government.gv.at/namespace/persondata/20020228#">468924i</pr:Firmenbuchnummer> - </IdentificationNumber> - <!-->Lokale Templates zum Anpassen der Seiten "Auswahl der Bürgerkartenumgebung" und - "Anmeldung mit Bürgerkarte" nur für diese Online Applikation<--> - <!--Templates> - <BKUSelectionTemplate URL="sampleTemplates/SampleBKUSelectionTemplate.html"/> - <Template URL="sampleTemplates/SampleTemplate.html"/> - </Templates--> - <!-- Falls aktiviert, werden diese Transformationen anstatt der Default-Transformationen verwendet --> - <!-- TransformInfo in Textform, bevorzugte Variante im xhtml-Format --> - <!-- <TransformsInfo filename="transforms/TransformsInfoAuthBlockText.xml"/> --> - <!-- TransformInfo in Textform, alternative Variante fuer aeltere BKU --> - <!-- <TransformsInfo filename="transforms/TransformsInfoAuthBlockText_deprecated.xml"/> --> - <!-- TransformInfo in Tabellenform, bevorzugte Variante im xhtml-Format --> - <!-- <TransformsInfo filename="transforms/TransformsInfoAuthBlock.xml"/> --> - <!-- TransformInfo in Tabellenform, alternative Variante fuer aeltere BKU --> - <!-- <TransformsInfo filename="transforms/TransformsInfoAuthBlock_deprecated.xml"/> --> - </AuthComponent> - <!-- fuer MOA-ID-PROXY --> - <ProxyComponent configFileURL="oa/SampleOAConfiguration.xml" sessionTimeOut="600"> - <!-- <ProxyComponent configFileURL="oa/SampleOAConfiguration.xml" sessionTimeOut="600" loginParameterResolverImpl="at.gv.egovernment.moa.id.proxy.DefaultLoginParameterResolver" loginParameterResolverConfiguration="" connectionBuilderImpl="at.gv.egovernment.moa.id.proxy.DefaultConnectionBuilder"> --> - <!-- URL und akzeptierte TLS-Server-Zertifikate der Online-Applikation --> - <ConnectionParameter URL="http://www.digitales.oesterreich.gv.at/"> - <!-- <AcceptedServerCertificates>certs/server-certs</AcceptedServerCertificates> --> - <!-- <ClientKeyStore password="Keystore Pass">file_to_clientkeystore</ClientKeyStore> --> - </ConnectionParameter> - </ProxyComponent> - </OnlineApplication> - - <!-- ChainingModes fuer die Zertifikatspfadueberpruefung der TLS-Zertifikate --> - <ChainingModes systemDefaultMode="pkix"> - </ChainingModes> - - <!-- fuer MOA-ID-AUTH: CA-Zertifikat des Servers MOA-SP, falls dieses Service ueber HTTPS angesprochen wird - fuer MOA-ID-PROXY: CA-Zertifikat des Servers MOA-ID-AUTH, falls dieses Service ueber HTTPS angesprochen wird + <!-- Eintragung fuer jede Online-Applikation --> + <!-- Demo Online-Applikation fuer MOA-WID: Zugriff auf www.digitales.oesterreich.gv.at ueber MOA-ID-PROXY --> + <OnlineApplication type="businessService" publicURLPrefix="https://localhost:8443/"> + <!-- fuer MOA-ID-AUTH WID Modus --> + <AuthComponent slVersion="1.2" provideStammzahl="true" provideAUTHBlock="true" provideIdentityLink="false" provideCertificate="true"> + <!-- Spezifikation der Stammzahl des Wirtschaftsunternehmens --> + <IdentificationNumber> + <!-- Beispiel Firmenbuchnummer --> + <pr:Firmenbuchnummer xmlns:pr="http://reference.e-government.gv.at/namespace/persondata/20020228#">468924i</pr:Firmenbuchnummer> + </IdentificationNumber> + <!-->Lokale Templates zum Anpassen der Seiten "Auswahl der Bürgerkartenumgebung" und + "Anmeldung mit Bürgerkarte" sowie des Signaturformulars nach der Abarbeitung der Infobox-Validatoren + nur für diese Online Applikation<--> + <Templates> + <!--BKUSelectionTemplate URL="sampleTemplates/SampleBKUSelectionTemplate.html"/--> + <!--Template URL="sampleTemplates/SampleTemplate.html"/--> + <!--InputProcessorSignTemplate URL="sampleTemplates/SampleInputProcessorSignTemplate.html"/--> + </Templates> + <!-- Falls aktiviert, werden diese Transformationen anstatt der Default-Transformationen verwendet --> + <!-- TransformInfo in Textform, bevorzugte Variante im xhtml-Format --> + <!-- <TransformsInfo filename="transforms/TransformsInfoAuthBlockText.xml"/> --> + <!-- TransformInfo in Textform, alternative Variante fuer aeltere BKU --> + <!-- <TransformsInfo filename="transforms/TransformsInfoAuthBlockText_deprecated.xml"/> --> + <!-- TransformInfo in Tabellenform, bevorzugte Variante im xhtml-Format --> + <!-- <TransformsInfo filename="transforms/TransformsInfoAuthBlock.xml"/> --> + <!-- TransformInfo in Tabellenform, alternative Variante fuer aeltere BKU --> + <!-- <TransformsInfo filename="transforms/TransformsInfoAuthBlock_deprecated.xml"/> --> + </AuthComponent> + <!-- fuer MOA-ID-PROXY --> + <ProxyComponent configFileURL="oa/SampleOAConfiguration.xml" sessionTimeOut="600"> + <!-- <ProxyComponent configFileURL="oa/SampleOAConfiguration.xml" sessionTimeOut="600" loginParameterResolverImpl="at.gv.egovernment.moa.id.proxy.DefaultLoginParameterResolver" loginParameterResolverConfiguration="" connectionBuilderImpl="at.gv.egovernment.moa.id.proxy.DefaultConnectionBuilder"> --> + <!-- URL und akzeptierte TLS-Server-Zertifikate der Online-Applikation --> + <ConnectionParameter URL="http://www.digitales.oesterreich.gv.at/"> + <!-- <AcceptedServerCertificates>certs/server-certs</AcceptedServerCertificates> --> + <!-- <ClientKeyStore password="Keystore Pass">file_to_clientkeystore</ClientKeyStore> --> + </ConnectionParameter> + </ProxyComponent> + </OnlineApplication> + + <!-- ChainingModes fuer die Zertifikatspfadueberpruefung der TLS-Zertifikate --> + <ChainingModes systemDefaultMode="pkix"> + </ChainingModes> + + <!-- fuer MOA-ID-AUTH: CA-Zertifikat des Servers MOA-SP, falls dieses Service ueber HTTPS angesprochen wird + fuer MOA-ID-PROXY: CA-Zertifikat des Servers MOA-ID-AUTH, falls dieses Service ueber HTTPS angesprochen wird zusaeztlich: CA-Zertifikat aller Online-Applikationen, die ueber HTTPS angesprochen werden --> - <TrustedCACertificates>certs/ca-certs</TrustedCACertificates> + <TrustedCACertificates>certs/ca-certs</TrustedCACertificates> + + <!-- Cache-Verzeichnis fuer-Zertifikate --> + <!-- Hinweis: wenn TC in linux oder unix betrieben wird vollstaendigen pfad fuer DirectoryCertStoreParameters.RootDir verwenden --> + <GenericConfiguration name="DirectoryCertStoreParameters.RootDir" value="certs/certstore"/> + <!-- Time-Out fuer die Anmeldung von Beginn bis zum Anlegen der Anmeldedaten, in Sekunden --> + <GenericConfiguration name="AuthenticationSession.TimeOut" value="600"/> + <!-- Time-Out fuer die Anmeldung vom Anlegen bis zum Abholen der Anmeldedaten, in Sekunden --> + <GenericConfiguration name="AuthenticationData.TimeOut" value="120"/> - <!-- Cache-Verzeichnis fuer-Zertifikate --> - <!-- Hinweis: wenn TC in linux oder unix betrieben wird vollstaendigen pfad fuer DirectoryCertStoreParameters.RootDir verwenden --> - <GenericConfiguration name="DirectoryCertStoreParameters.RootDir" value="certs/certstore"/> - <!-- Time-Out fuer die Anmeldung von Beginn bis zum Anlegen der Anmeldedaten, in Sekunden --> - <GenericConfiguration name="AuthenticationSession.TimeOut" value="600"/> - <!-- Time-Out fuer die Anmeldung vom Anlegen bis zum Abholen der Anmeldedaten, in Sekunden --> - <GenericConfiguration name="AuthenticationData.TimeOut" value="120"/> - - <!-- Alternatives Data URL prefix (falls Webserver vorgeschaltet wird) --> - <!--GenericConfiguration name="FrontendServlets.DataURLPrefix" value="https://<your_webserver>/moa-id-auth/"/ --> - <!-- HTTP Verbindung auf Frontend Servlets zulassen / verbieten (falls Webserver vorgeschaltet wird) --> - <!-- GenericConfiguration name="FrontendServlets.EnableHTTPConnection" value="true"/ --> + <!-- Alternatives Data URL prefix (falls Webserver vorgeschaltet wird) --> + <!--GenericConfiguration name="FrontendServlets.DataURLPrefix" value="https://<your_webserver>/moa-id-auth/"/ --> + <!-- HTTP Verbindung auf Frontend Servlets zulassen / verbieten (falls Webserver vorgeschaltet wird) --> + <!-- GenericConfiguration name="FrontendServlets.EnableHTTPConnection" value="true"/ --> </MOA-IDConfiguration> diff --git a/id/server/data/deploy/conf/moa-id/sampleTemplates/LIESMICH_TEMPLATES.txt b/id/server/data/deploy/conf/moa-id/sampleTemplates/LIESMICH_TEMPLATES.txt index 01f724cc4..04029dc80 100644 --- a/id/server/data/deploy/conf/moa-id/sampleTemplates/LIESMICH_TEMPLATES.txt +++ b/id/server/data/deploy/conf/moa-id/sampleTemplates/LIESMICH_TEMPLATES.txt @@ -2,7 +2,7 @@ TEMPLATES: ========== Zweck: ------ -Mithilfe von Templates können Sie das Aussehen der Seiten +Mithilfe von Templates können Sie beispielsweise das Aussehen der Seiten "Auswahl der Bürgerkartenumgebung" sowie "Anmeldung mit Bürgerkarte" anpassen. Damit können Sie zusätzliche Hintergrundinformationen (Wozu dient die Anmeldung, etc.) zu diesen Seiten hinzufügen und das Layout an @@ -17,5 +17,10 @@ die Konfigurationsdatei steht erst ab Version 1.3.1 zur Verfügung). Etwas aufwendigere Templates (mit CSS) finden Sie als eigene Webapplikation im Verzeichnis "/auth/templates" der entpackten Distribution. +Die Datei ParepInputProcessorSignTemplate.html dient als Template für die +Formulare der beruflichen Parteienvertretung, welche bereits die Styleguide für +das österreichische E-Government erfüllen sollen. + Nähere Informationen zu den Templates finden Sie im MOA-ID-Konfigurationshandbuch. + diff --git a/id/server/data/deploy/conf/moa-id/sampleTemplates/ParepInputProcessorSignTemplate.html b/id/server/data/deploy/conf/moa-id/sampleTemplates/ParepInputProcessorSignTemplate.html new file mode 100644 index 000000000..99bc057ad --- /dev/null +++ b/id/server/data/deploy/conf/moa-id/sampleTemplates/ParepInputProcessorSignTemplate.html @@ -0,0 +1,61 @@ +<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "DTD/xhtml1-transitional.dtd">
+
+<html>
+<head>
+<BASE href="<BASE_href>">
+<meta http-equiv="Content-Type" content="text/html; charset=UTF-8">
+<title>Berufliche Parteieinvertretung</title>
+<link href="css/styles.css" type="text/css" rel="stylesheet">
+<link href="css/styles_opera.css" type="text/css" rel="stylesheet">
+<link href="css/mandates.css" type="text/css" rel="stylesheet">
+ <script language="javascript" type="text/javascript">
+ //<!--
+ function autoSubmit() {
+ document.VerifyAuthBlockForm.submitButton.disabled=true;
+ document.VerifyAuthBlockForm.submit();
+ } //-->
+ </script>
+<script src="formallg.js" type="text/javascript"></script>
+<script src="fa.js" type="text/javascript"></script>
+</head>
+<body onLoad="autoSubmit()">
+
+
+<div class="hleft">
+<!--Stammzahlenregisterbehörde--><br />
+<!--Ballhausplatz 2--><br />
+<!--1014 Wien-->
+</div>
+<div class="hright" align="right"><!--img src="img/szr-logo.jpg" width="400" height="56" /--></div>
+<div class="htitle" align="left">
+ <h1>Berufliche Parteienvertretung</h1>
+</div>
+<div class="leiste1" align="center">
+Bitte beachten Sie
+</div>
+<div class="leiste2" align="center">
+</div>
+<div class="leiste3">
+<img alt=" Dieses Feld muss ausgefüllt sein!" src="img/stern.gif" width="10" height="16" /> Feld muss ausgefüllt sein
+</div>
+<div class="leiste3">
+<img alt=" Hilfe zum Ausfüllen " src="img/info.gif" width="10" height="16" /> Ausfüllhilfe
+</div>
+<div class="leiste3">
+<img alt=" Angabe bitte ergänzen oder richtig stellen! " src="img/rufezeichen.gif" width="10" height="16" /> Fehlerhinweis</div>
+<div style="clear: both"> </div>
+
+<h2>Berufliche Parteienvertretung einer natürlichen/juristischen Person
+</h2>
+<div class="boundingbox">
+ <br/><br/>
+ <form name="VerifyAuthBlockForm" action="<BKU>" method="post" enctype="application/x-www-form-urlencoded">
+ <input type="hidden" name="XMLRequest" value="<XMLRequest>"/>
+ <input type="hidden" name="DataURL" value="<DataURL>"/>
+ <input type="hidden" name="PushInfobox" value="<PushInfobox>"/>
+ <input type="submit" value="Signieren der Anmeldedaten" id="submitButton"/>
+ </form>
+ <br/>
+</div>
+</body>
+</html>
diff --git a/id/server/data/deploy/conf/moa-id/sampleTemplates/SampleInputProcessorSignTemplate.html b/id/server/data/deploy/conf/moa-id/sampleTemplates/SampleInputProcessorSignTemplate.html new file mode 100644 index 000000000..9c8e67a20 --- /dev/null +++ b/id/server/data/deploy/conf/moa-id/sampleTemplates/SampleInputProcessorSignTemplate.html @@ -0,0 +1,39 @@ +<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">
+<html>
+<head>
+<title>MOA ID - Identifizierter Zugang mit Bürgerkarte</title>
+ <meta http-equiv="Content-Type" content="text/html; charset=utf-8">
+ <meta name="Author" content="Max Mustermann">
+ <meta name="keywords" content="MOA-ID">
+ <script language="javascript" type="text/javascript">
+ //<!--
+ function autoSubmit() {
+ document.VerifyAuthBlockForm.submitButton.disabled=true;
+ document.VerifyAuthBlockForm.submit();
+ } //-->
+ </script>
+</head>
+
+<body onLoad="autoSubmit()">
+<h1 align="center">Sicherer Zugang zur Online-Anwendung mit Bürgerkarte</h1>
+<p></p>
+
+Der identifizierte Zugang erfolgt über die Module für Online Applikationen (MOA) unter Verwendung einer Bürgerkarte und deren Signaturfunktion.
+
+<p></p>
+<p>Sie werden in kuürze zur Signatur der Anmeldedaten aufgefordert. Wenn sie diese
+signieren, so werden sie zur Online-Anwendung weitergeleitet und angemeldet.</p>
+
+<form name="VerifyAuthBlockForm" action="<BKU>" method="post" enctype="application/x-www-form-urlencoded">
+ <div align="center">
+ <input type="hidden" name="XMLRequest" value="<XMLRequest>"/>
+ <input type="hidden" name="DataURL" value="<DataURL>"/>
+ <input type="hidden" name="PushInfobox" value="<PushInfobox>"/>
+ <input type="submit" value="Signieren der Anmeldedaten" id="submitButton"/>
+ </div>
+</form>
+
+<p align="right"> </p>
+
+</body>
+</html>
diff --git a/id/server/data/deploy/conf/moa-id/transforms/TransformsInfoAuthBlock.xml b/id/server/data/deploy/conf/moa-id/transforms/TransformsInfoAuthBlock.xml index 915a6bf2f..2ee27aae1 100644 --- a/id/server/data/deploy/conf/moa-id/transforms/TransformsInfoAuthBlock.xml +++ b/id/server/data/deploy/conf/moa-id/transforms/TransformsInfoAuthBlock.xml @@ -16,7 +16,7 @@ </style> </head> <body> -<p>Bitte bestätigen Sie mit Ihrer Unterschrift folgende Angaben:</p> + <p>Bitte bestätigen Sie mit Ihrer Unterschrift folgende Angaben:</p> <table> <tr> <td class="boldstyle"> @@ -31,9 +31,22 @@ Geburtsdatum: </td> <td> - <xsl:value-of select="substring(//saml:Attribute[@AttributeName='Geburtsdatum']/saml:AttributeValue,9,2)"/>.<xsl:value-of select="substring(//saml:Attribute[@AttributeName='Geburtsdatum']/saml:AttributeValue,6,2)"/>.<xsl:value-of select="substring(//saml:Attribute[@AttributeName='Geburtsdatum']/saml:AttributeValue,1,4)"/> + <xsl:value-of select="substring(//saml:Attribute[@AttributeName='Geburtsdatum']/saml:AttributeValue,9,2)"/>. + <xsl:value-of select="substring(//saml:Attribute[@AttributeName='Geburtsdatum']/saml:AttributeValue,6,2)"/>. + <xsl:value-of select="substring(//saml:Attribute[@AttributeName='Geburtsdatum']/saml:AttributeValue,1,4)"/> </td> </tr> + <xsl:if test="//saml:Attribute[@AttributeName='OIDTextualDescription']"> + <tr> + <td class="boldstyle"> + Rolle im Gesundheitsbereich: + </td> + <td> + <xsl:value-of select="//saml:Attribute[@AttributeName='OIDTextualDescription']/saml:AttributeValue"/> + (OID***= <xsl:value-of select="//saml:Attribute[@AttributeName='OID']/saml:AttributeValue"/>), + </td> + </tr> + </xsl:if> <tr> <td class="boldstyle"> Applikation: @@ -65,7 +78,9 @@ Datum: </td> <td> - <xsl:value-of select="substring(//@IssueInstant,9,2)"/>.<xsl:value-of select="substring(//@IssueInstant,6,2)"/>.<xsl:value-of select="substring(//@IssueInstant,1,4)"/> + <xsl:value-of select="substring(//@IssueInstant,9,2)"/>. + <xsl:value-of select="substring(//@IssueInstant,6,2)"/>. + <xsl:value-of select="substring(//@IssueInstant,1,4)"/> </td> </tr> <tr> @@ -73,9 +88,21 @@ Uhrzeit: </td> <td> - <xsl:value-of select="substring(//@IssueInstant,12,2)"/>:<xsl:value-of select="substring(//@IssueInstant,15,2)"/>:<xsl:value-of select="substring(//@IssueInstant,18,2)"/> + <xsl:value-of select="substring(//@IssueInstant,12,2)"/>: + <xsl:value-of select="substring(//@IssueInstant,15,2)"/>: + <xsl:value-of select="substring(//@IssueInstant,18,2)"/> </td> </tr> + <xsl:if test="//saml:Attribute[@AttributeName='HPI']"> + <tr> + <td class="boldstyle"> + HPI(**): + </td> + <td> + <xsl:value-of select="//saml:Attribute[@AttributeName='HPI']/saml:AttributeValue"/> + </td> + </tr> + </xsl:if> <xsl:if test="//saml:Attribute[@AttributeName='wbPK']"> <tr> <td class="boldstyle"> @@ -87,10 +114,67 @@ </tr> </xsl:if> </table> + <xsl:if test="//saml:Attribute[@AttributeName='MachtgeberName']"> + <p>Sie bestätigen weiters, dass sie als <xsl:value-of select="//saml:Attribute[@AttributeName='VertretungsArt']/saml:AttributeValue/text()"/> ermächtigt sind im Auftrag von</p> + <table> + <tr> + <td class="boldstyle"> + Name: + </td> + <td> + <xsl:value-of select="//saml:Attribute[@AttributeName='MachtgeberName']/saml:AttributeValue/text()"/> + </td> + </tr> + <xsl:if test="//saml:Attribute[@AttributeName='MachtgeberGeburtsdatum']"> + <tr> + <td class="boldstyle"> + Geburtsdatum: + </td> + <td> + <xsl:value-of select="substring(//saml:Attribute[@AttributeName='MachtgeberGeburtsdatum']/saml:AttributeValue,9,2)"/>. + <xsl:value-of select="substring(//saml:Attribute[@AttributeName='MachtgeberGeburtsdatum']/saml:AttributeValue,6,2)"/>. + <xsl:value-of select="substring(//saml:Attribute[@AttributeName='MachtgeberGeburtsdatum']/saml:AttributeValue,1,4)"/> + </td> + </tr> + </xsl:if> + <xsl:if test="//saml:Attribute[@AttributeName='MachtgeberRegisternummer']"> + <tr> + <td colspan="2"> + <xsl:value-of select="//saml:Attribute[@AttributeName='MachtgeberRegisternummer']/saml:AttributeValue/text()"/> + </td> + </tr> + </xsl:if> + <xsl:if test="//saml:Attribute[@AttributeName='MachtgeberWbpk']"> + <tr> + <td class="boldstyle"> + wbPK (*): + </td> + <td> + <xsl:value-of select="//saml:Attribute[@AttributeName='MachtgeberWbpk']/saml:AttributeValue/text()"/> + </td> + </tr> + </xsl:if> + </table> + <p>zu handeln.</p> + </xsl:if> + <xsl:choose> + <xsl:when test="//saml:Attribute[@AttributeName='OID']"><p/><hr/></xsl:when> + <xsl:when test="//saml:Attribute[@AttributeName='HPI']"><p/><hr/></xsl:when> + <xsl:when test="//saml:Attribute[@AttributeName='wbPK']"><p/><hr/></xsl:when> + </xsl:choose> <xsl:if test="//saml:Attribute[@AttributeName='wbPK']"> - <p/> - <hr/> - <div class="annotationstyle">(*): Das <span class="italicstyle">wirtschaftsbereichsspezifische Personenkennzeichen (wbPK)</span> wird aus den jeweiligen Stammzahlen des Bürgers und des Wirtschaftsunternehmens berechnet und ermöglicht eine eindeutige Zuordnung des Bürgers zum Wirtschaftsunternehmen.</div> + <div class="annotationstyle">(*): Das <span class="italicstyle">wirtschaftsbereichsspezifische Personenkennzeichen (wbPK)</span> wird aus den + jeweiligen Stammzahlen des Bürgers und des Wirtschaftsunternehmens berechnet und ermöglicht eine eindeutige Zuordnung des Bürgers zum + Wirtschaftsunternehmen.</div> + </xsl:if> + <xsl:if test="//saml:Attribute[@AttributeName='HPI']"> + <div class="annotationstyle">(**): Der <span class="italicstyle">eHealth Professional Identifier (HPI)</span> wird aus den jeweiligen + Stammzahlen der Gesundheitsdiensteanbieterinnen / Gesundheitsdiensteanbieter berechnet und ermöglicht eine eindeutige Zuordnung der + Gesundheitsdiensteanbieterin / des Gesundheitsdiensteanbieters im Gesundheitsbereich.</div> + </xsl:if> + <xsl:if test="//saml:Attribute[@AttributeName='OID']"> + <div class="annotationstyle">(***): <span class="italicstyle">Object Identifier (OID)</span> sind standardisierte Objekt-Bezeichner und + beschreiben eindeutig die Rollen des GDA-Token Inhabers.</div> </xsl:if> </body> </html> diff --git a/id/server/data/deploy/conf/moa-id/transforms/TransformsInfoAuthBlockText.xml b/id/server/data/deploy/conf/moa-id/transforms/TransformsInfoAuthBlockText.xml index 5089140b4..ecc60a481 100644 --- a/id/server/data/deploy/conf/moa-id/transforms/TransformsInfoAuthBlockText.xml +++ b/id/server/data/deploy/conf/moa-id/transforms/TransformsInfoAuthBlockText.xml @@ -16,20 +16,68 @@ <body> <h1>Signatur der Anmeldedaten</h1> <p/> - <h4>Mit meiner elektronischen Signatur beantrage ich, <span class="boldstyle"> - <xsl:value-of select="//@Issuer"/> - </span>, -geboren am -<xsl:value-of select="substring(//saml:Attribute[@AttributeName='Geburtsdatum']/saml:AttributeValue,9,2)"/>.<xsl:value-of select="substring(//saml:Attribute[@AttributeName='Geburtsdatum']/saml:AttributeValue,6,2)"/>.<xsl:value-of select="substring(//saml:Attribute[@AttributeName='Geburtsdatum']/saml:AttributeValue,1,4)"/>, den Zugang zur gesicherten Anwendung.</h4> + <h4>Mit meiner elektronischen Signatur beantrage ich, + <span class="boldstyle"><xsl:value-of select="//@Issuer"/></span>, geboren am + <xsl:value-of select="substring(//saml:Attribute[@AttributeName='Geburtsdatum']/saml:AttributeValue,9,2)"/>. + <xsl:value-of select="substring(//saml:Attribute[@AttributeName='Geburtsdatum']/saml:AttributeValue,6,2)"/>. + <xsl:value-of select="substring(//saml:Attribute[@AttributeName='Geburtsdatum']/saml:AttributeValue,1,4)"/>, + <xsl:if test="//saml:Attribute[@AttributeName='OIDTextualDescription']"> + in der Rolle als <xsl:value-of select="//saml:Attribute[@AttributeName='OIDTextualDescription']/saml:AttributeValue"/> + (OID***= <xsl:value-of select="//saml:Attribute[@AttributeName='OID']/saml:AttributeValue"/>), + </xsl:if> + den Zugang zur gesicherten Anwendung. + </h4> <p/> - <h4>Datum und Uhrzeit: <xsl:value-of select="substring(//@IssueInstant,9,2)"/>.<xsl:value-of select="substring(//@IssueInstant,6,2)"/>.<xsl:value-of select="substring(//@IssueInstant,1,4)"/>, <xsl:value-of select="substring(//@IssueInstant,12,2)"/>:<xsl:value-of select="substring(//@IssueInstant,15,2)"/>:<xsl:value-of select="substring(//@IssueInstant,18,2)"/> + <h4>Datum und Uhrzeit: + <xsl:value-of select="substring(//@IssueInstant,9,2)"/>. + <xsl:value-of select="substring(//@IssueInstant,6,2)"/>. + <xsl:value-of select="substring(//@IssueInstant,1,4)"/>, + <xsl:value-of select="substring(//@IssueInstant,12,2)"/>: + <xsl:value-of select="substring(//@IssueInstant,15,2)"/>: + <xsl:value-of select="substring(//@IssueInstant,18,2)"/> </h4> + <xsl:if test="//saml:Attribute[@AttributeName='HPI']"> + <h4>HPI(**): <xsl:value-of select="//saml:Attribute[@AttributeName='HPI']/saml:AttributeValue"/></h4> + </xsl:if> <xsl:if test="//saml:Attribute[@AttributeName='wbPK']"> - <h4>wbPK(*): <xsl:value-of select="//saml:Attribute[@AttributeName='wbPK']/saml:AttributeValue/pr:Identification/pr:Value"/> + <h4>wbPK(*): <xsl:value-of select="//saml:Attribute[@AttributeName='wbPK']/saml:AttributeValue/pr:Identification/pr:Value"/></h4> + </xsl:if> + <xsl:if test="//saml:Attribute[@AttributeName='MachtgeberName']"> + <hr/> + <h4>Ich bin weiters ermächtigt als <xsl:value-of select="//saml:Attribute[@AttributeName='VertretungsArt']/saml:AttributeValue/text()"/> + von <xsl:value-of select="//saml:Attribute[@AttributeName='MachtgeberName']/saml:AttributeValue/text()"/> + <xsl:if test="//saml:Attribute[@AttributeName='MachtgeberGeburtsdatum']">, geboren am + <xsl:value-of select="substring(//saml:Attribute[@AttributeName='MachtgeberGeburtsdatum']/saml:AttributeValue,9,2)"/>. + <xsl:value-of select="substring(//saml:Attribute[@AttributeName='MachtgeberGeburtsdatum']/saml:AttributeValue,6,2)"/>. + <xsl:value-of select="substring(//saml:Attribute[@AttributeName='MachtgeberGeburtsdatum']/saml:AttributeValue,1,4)"/> + </xsl:if> + <xsl:if test="//saml:Attribute[@AttributeName='MachtgeberRegisternummer']">, + <xsl:value-of select="//saml:Attribute[@AttributeName='MachtgeberRegisternummer']/saml:AttributeValue/text()"/> + </xsl:if>, in dessen Auftrag zu handeln. + <xsl:if test="//saml:Attribute[@AttributeName='MachtgeberWbpk']"> + <h4>wbPK(*) des Vollmachtgebers: <xsl:value-of select="//saml:Attribute[@AttributeName='MachtgeberWbpk']/saml:AttributeValue/text()"/></h4> + </xsl:if> </h4> <p/> - <hr/> - <div class="annotationstyle">(*) wbPK: Das <span class="italicstyle">wirtschaftsbereichsspezifische Personenkennzeichen</span> wird aus den jeweiligen Stammzahlen des Bürgers und des Wirtschaftsunternehmens berechnet und ermöglicht eine eindeutige Zuordnung des Bürgers zum Wirtschaftsunternehmen.</div> + </xsl:if> + <xsl:choose> + <xsl:when test="//saml:Attribute[@AttributeName='OID']"><p/><hr/></xsl:when> + <xsl:when test="//saml:Attribute[@AttributeName='HPI']"><p/><hr/></xsl:when> + <xsl:when test="//saml:Attribute[@AttributeName='wbPK']"><p/><hr/></xsl:when> + </xsl:choose> + <xsl:if test="//saml:Attribute[@AttributeName='wbPK']"> + <div class="annotationstyle">(*) wbPK: Das <span class="italicstyle">wirtschaftsbereichsspezifische Personenkennzeichen</span> wird aus den + jeweiligen Stammzahlen des Bürgers und des Wirtschaftsunternehmens berechnet und ermöglicht eine eindeutige Zuordnung des Bürgers zum + Wirtschaftsunternehmen.</div> + </xsl:if> + <xsl:if test="//saml:Attribute[@AttributeName='HPI']"> + <div class="annotationstyle">(**) HPI: Der <span class="italicstyle">eHealth Professional Identifier</span> wird aus den jeweiligen + Stammzahlen der Gesundheitsdiensteanbieterinnen / Gesundheitsdiensteanbieter berechnet und ermöglicht eine eindeutige Zuordnung der + Gesundheitsdiensteanbieterin / des Gesundheitsdiensteanbieters im Gesundheitsbereich.</div> + </xsl:if> + <xsl:if test="//saml:Attribute[@AttributeName='OID']"> + <div class="annotationstyle">(***) OID: <span class="italicstyle">Object Identifier</span> sind standardisierte Objekt-Bezeichner und + beschreiben eindeutig die Rollen des GDA-Token Inhabers.</div> </xsl:if> </body> </html> diff --git a/id/server/data/deploy/conf/moa-id/transforms/TransformsInfoAuthBlockText_deprecated.xml b/id/server/data/deploy/conf/moa-id/transforms/TransformsInfoAuthBlockText_deprecated.xml index 07d926d14..894e82ff8 100644 --- a/id/server/data/deploy/conf/moa-id/transforms/TransformsInfoAuthBlockText_deprecated.xml +++ b/id/server/data/deploy/conf/moa-id/transforms/TransformsInfoAuthBlockText_deprecated.xml @@ -12,12 +12,17 @@ <body> <h1>Signatur der Anmeldedaten</h1> <p/> - <h4>Mit meiner elektronischen Signatur beantrage ich, <b><xsl:value-of select="//@Issuer"/></b>, - geboren am - <xsl:value-of select="substring(//saml:Attribute[@AttributeName='Geburtsdatum']/saml:AttributeValue,9,2)"/>. - <xsl:value-of select="substring(//saml:Attribute[@AttributeName='Geburtsdatum']/saml:AttributeValue,6,2)"/>. - <xsl:value-of select="substring(//saml:Attribute[@AttributeName='Geburtsdatum']/saml:AttributeValue,1,4)"/>, - den Zugang zur gesicherten Anwendung.</h4> + <h4>Mit meiner elektronischen Signatur beantrage ich, + <b><xsl:value-of select="//@Issuer"/></b>, geboren am + <xsl:value-of select="substring(//saml:Attribute[@AttributeName='Geburtsdatum']/saml:AttributeValue,9,2)"/>. + <xsl:value-of select="substring(//saml:Attribute[@AttributeName='Geburtsdatum']/saml:AttributeValue,6,2)"/>. + <xsl:value-of select="substring(//saml:Attribute[@AttributeName='Geburtsdatum']/saml:AttributeValue,1,4)"/>, + <xsl:if test="//saml:Attribute[@AttributeName='OIDTextualDescription']"> + in der Rolle als <xsl:value-of select="//saml:Attribute[@AttributeName='OIDTextualDescription']/saml:AttributeValue"/> + (OID***= <xsl:value-of select="//saml:Attribute[@AttributeName='OID']/saml:AttributeValue"/>), + </xsl:if> + den Zugang zur gesicherten Anwendung. + </h4> <p/> <h4>Datum und Uhrzeit: <xsl:value-of select="substring(//@IssueInstant,9,2)"/>. @@ -27,14 +32,48 @@ <xsl:value-of select="substring(//@IssueInstant,15,2)"/>: <xsl:value-of select="substring(//@IssueInstant,18,2)"/> </h4> + <xsl:if test="//saml:Attribute[@AttributeName='HPI']"> + <h4>HPI(**): <xsl:value-of select="//saml:Attribute[@AttributeName='HPI']/saml:AttributeValue"/></h4> + </xsl:if> <xsl:if test="//saml:Attribute[@AttributeName='wbPK']"> - <h4>wbPK(*): <xsl:value-of select="//saml:Attribute[@AttributeName='wbPK']/saml:AttributeValue/pr:Identification/pr:Value"/> + <h4>wbPK(*): <xsl:value-of select="//saml:Attribute[@AttributeName='wbPK']/saml:AttributeValue/pr:Identification/pr:Value"/></h4> + </xsl:if> + <xsl:if test="//saml:Attribute[@AttributeName='MachtgeberName']"> + <hr/> + <h4>Ich bin weiters ermächtigt als <xsl:value-of select="//saml:Attribute[@AttributeName='VertretungsArt']/saml:AttributeValue/text()"/> + von <xsl:value-of select="//saml:Attribute[@AttributeName='MachtgeberName']/saml:AttributeValue/text()"/> + <xsl:if test="//saml:Attribute[@AttributeName='MachtgeberGeburtsdatum']">, geboren am + <xsl:value-of select="substring(//saml:Attribute[@AttributeName='MachtgeberGeburtsdatum']/saml:AttributeValue,9,2)"/>. + <xsl:value-of select="substring(//saml:Attribute[@AttributeName='MachtgeberGeburtsdatum']/saml:AttributeValue,6,2)"/>. + <xsl:value-of select="substring(//saml:Attribute[@AttributeName='MachtgeberGeburtsdatum']/saml:AttributeValue,1,4)"/> + </xsl:if> + <xsl:if test="//saml:Attribute[@AttributeName='MachtgeberRegisternummer']">, + <xsl:value-of select="//saml:Attribute[@AttributeName='MachtgeberRegisternummer']/saml:AttributeValue/text()"/> + </xsl:if>, in dessen Auftrag zu handeln. + <xsl:if test="//saml:Attribute[@AttributeName='MachtgeberWbpk']"> + <h4>wbPK(*) des Vollmachtgebers: <xsl:value-of select="//saml:Attribute[@AttributeName='MachtgeberWbpk']/saml:AttributeValue/text()"/></h4> + </xsl:if> </h4> <p/> - <hr/> - <h6>(*) wbPK: Das <i>wirtschaftsbereichsspezifische - Personenkennzeichen</i> wird aus den jeweiligen Stammzahlen des Bürgers und des Wirtschaftsunternehmens - berechnet und ermöglicht eine eindeutige Zuordnung des Bürgers zum Wirtschaftsunternehmen.</h6> + </xsl:if> + <xsl:choose> + <xsl:when test="//saml:Attribute[@AttributeName='OID']"><p/><hr/></xsl:when> + <xsl:when test="//saml:Attribute[@AttributeName='HPI']"><p/><hr/></xsl:when> + <xsl:when test="//saml:Attribute[@AttributeName='wbPK']"><p/><hr/></xsl:when> + </xsl:choose> + <xsl:if test="//saml:Attribute[@AttributeName='wbPK']"> + <h6>(*) wbPK: Das <i>wirtschaftsbereichsspezifische Personenkennzeichen</i> wird aus den + jeweiligen Stammzahlen des Bürgers und des Wirtschaftsunternehmens berechnet und ermöglicht eine eindeutige Zuordnung des Bürgers zum + Wirtschaftsunternehmen.</h6> + </xsl:if> + <xsl:if test="//saml:Attribute[@AttributeName='HPI']"> + <h6>(**) HPI: Der <i>eHealth Professional Identifier</i> wird aus den jeweiligen + Stammzahlen der Gesundheitsdiensteanbieterinnen / Gesundheitsdiensteanbieter berechnet und ermöglicht eine eindeutige Zuordnung der + Gesundheitsdiensteanbieterin / des Gesundheitsdiensteanbieters im Gesundheitsbereich.</h6> + </xsl:if> + <xsl:if test="//saml:Attribute[@AttributeName='OID']"> + <h6>(***) OID: <i>Object Identifier</i> sind standardisierte Objekt-Bezeichner und + beschreiben eindeutig die Rollen des GDA-Token Inhabers.</h6> </xsl:if> </body> </html> diff --git a/id/server/data/deploy/conf/moa-id/transforms/TransformsInfoAuthBlock_deprecated.xml b/id/server/data/deploy/conf/moa-id/transforms/TransformsInfoAuthBlock_deprecated.xml index 05f91750c..348546f8d 100644 --- a/id/server/data/deploy/conf/moa-id/transforms/TransformsInfoAuthBlock_deprecated.xml +++ b/id/server/data/deploy/conf/moa-id/transforms/TransformsInfoAuthBlock_deprecated.xml @@ -10,7 +10,7 @@ <title>Signatur der Anmeldedaten</title> </head> <body> - <p>Bitte bestätigen Sie mit Ihrer Unterschrift folgende Angaben:</p> + <p>Bitte bestätigen Sie mit Ihrer Unterschrift folgende Angaben:</p> <table> <tr> <td> @@ -30,6 +30,17 @@ <xsl:value-of select="substring(//saml:Attribute[@AttributeName='Geburtsdatum']/saml:AttributeValue,1,4)"/> </td> </tr> + <xsl:if test="//saml:Attribute[@AttributeName='OIDTextualDescription']"> + <tr> + <td> + <b>Rolle im Gesundheitsbereich:<b> + </td> + <td> + <xsl:value-of select="//saml:Attribute[@AttributeName='OIDTextualDescription']/saml:AttributeValue"/> + (OID***= <xsl:value-of select="//saml:Attribute[@AttributeName='OID']/saml:AttributeValue"/>), + </td> + </tr> + </xsl:if> <tr> <td> <b>Applikation:</b> @@ -76,6 +87,16 @@ <xsl:value-of select="substring(//@IssueInstant,18,2)"/> </td> </tr> + <xsl:if test="//saml:Attribute[@AttributeName='HPI']"> + <tr> + <td> + <b>HPI(**):</b> + </td> + <td> + <xsl:value-of select="//saml:Attribute[@AttributeName='HPI']/saml:AttributeValue"/> + </td> + </tr> + </xsl:if> <xsl:if test="//saml:Attribute[@AttributeName='wbPK']"> <tr> <td> @@ -87,12 +108,67 @@ </tr> </xsl:if> </table> + <xsl:if test="//saml:Attribute[@AttributeName='MachtgeberName']"> + <p>Sie bestätigen weiters, dass sie als <xsl:value-of select="//saml:Attribute[@AttributeName='VertretungsArt']/saml:AttributeValue/text()"/> ermächtigt sind im Auftrag von</p> + <table> + <tr> + <td> + <b>Name:</b> + </td> + <td> + <xsl:value-of select="//saml:Attribute[@AttributeName='MachtgeberName']/saml:AttributeValue/text()"/> + </td> + </tr> + <xsl:if test="//saml:Attribute[@AttributeName='MachtgeberGeburtsdatum']"> + <tr> + <td> + <b>Geburtsdatum:</b> + </td> + <td> + <xsl:value-of select="substring(//saml:Attribute[@AttributeName='MachtgeberGeburtsdatum']/saml:AttributeValue,9,2)"/>. + <xsl:value-of select="substring(//saml:Attribute[@AttributeName='MachtgeberGeburtsdatum']/saml:AttributeValue,6,2)"/>. + <xsl:value-of select="substring(//saml:Attribute[@AttributeName='MachtgeberGeburtsdatum']/saml:AttributeValue,1,4)"/> + </td> + </tr> + </xsl:if> + <xsl:if test="//saml:Attribute[@AttributeName='MachtgeberRegisternummer']"> + <tr> + <td colspan="2"> + <xsl:value-of select="//saml:Attribute[@AttributeName='MachtgeberRegisternummer']/saml:AttributeValue/text()"/> + </td> + </tr> + </xsl:if> + <xsl:if test="//saml:Attribute[@AttributeName='MachtgeberWbpk']"> + <tr> + <td> + <b>wbPK (*):</b> + </td> + <td> + <xsl:value-of select="//saml:Attribute[@AttributeName='MachtgeberWbpk']/saml:AttributeValue/text()"/> + </td> + </tr> + </xsl:if> + </table> + <p>zu handeln.</p> + </xsl:if> + <xsl:choose> + <xsl:when test="//saml:Attribute[@AttributeName='OID']"><p/><hr/></xsl:when> + <xsl:when test="//saml:Attribute[@AttributeName='HPI']"><p/><hr/></xsl:when> + <xsl:when test="//saml:Attribute[@AttributeName='wbPK']"><p/><hr/></xsl:when> + </xsl:choose> <xsl:if test="//saml:Attribute[@AttributeName='wbPK']"> - <p/> - <hr/> - <h6>(*): Das <i>wirtschaftsbereichsspezifische Personenkennzeichen (wbPK)</i> wird aus den jeweiligen - Stammzahlen des Bürgers und des Wirtschaftsunternehmens berechnet und ermöglicht eine eindeutige - Zuordnung des Bürgers zum Wirtschaftsunternehmen.</h6> + <h6>(*): Das <i>wirtschaftsbereichsspezifische Personenkennzeichen (wbPK)</i> wird aus den + jeweiligen Stammzahlen des Bürgers und des Wirtschaftsunternehmens berechnet und ermöglicht eine eindeutige Zuordnung des Bürgers zum + Wirtschaftsunternehmen.</h6> + </xsl:if> + <xsl:if test="//saml:Attribute[@AttributeName='HPI']"> + <h6>(**): Der <i>eHealth Professional Identifier (HPI)</i> wird aus den jeweiligen + Stammzahlen der Gesundheitsdiensteanbieterinnen / Gesundheitsdiensteanbieter berechnet und ermöglicht eine eindeutige Zuordnung der + Gesundheitsdiensteanbieterin / des Gesundheitsdiensteanbieters im Gesundheitsbereich.</h6> + </xsl:if> + <xsl:if test="//saml:Attribute[@AttributeName='OID']"> + <h6>(***): <i>Object Identifier (OID)</i> sind standardisierte Objekt-Bezeichner und + beschreiben eindeutig die Rollen des GDA-Token Inhabers.</h6> </xsl:if> </body> </html> diff --git a/id/server/data/deploy/conf/moa-spss/profiles/MOAIDTransformAuthBlock.xml b/id/server/data/deploy/conf/moa-spss/profiles/MOAIDTransformAuthBlock.xml index 6ed91ddc3..b84093ed1 100644 --- a/id/server/data/deploy/conf/moa-spss/profiles/MOAIDTransformAuthBlock.xml +++ b/id/server/data/deploy/conf/moa-spss/profiles/MOAIDTransformAuthBlock.xml @@ -17,7 +17,7 @@ </style> </head> <body> -<p>Bitte bestätigen Sie mit Ihrer Unterschrift folgende Angaben:</p> + <p>Bitte bestätigen Sie mit Ihrer Unterschrift folgende Angaben:</p> <table> <tr> <td class="boldstyle"> @@ -32,9 +32,22 @@ Geburtsdatum: </td> <td> - <xsl:value-of select="substring(//saml:Attribute[@AttributeName='Geburtsdatum']/saml:AttributeValue,9,2)"/>.<xsl:value-of select="substring(//saml:Attribute[@AttributeName='Geburtsdatum']/saml:AttributeValue,6,2)"/>.<xsl:value-of select="substring(//saml:Attribute[@AttributeName='Geburtsdatum']/saml:AttributeValue,1,4)"/> + <xsl:value-of select="substring(//saml:Attribute[@AttributeName='Geburtsdatum']/saml:AttributeValue,9,2)"/>. + <xsl:value-of select="substring(//saml:Attribute[@AttributeName='Geburtsdatum']/saml:AttributeValue,6,2)"/>. + <xsl:value-of select="substring(//saml:Attribute[@AttributeName='Geburtsdatum']/saml:AttributeValue,1,4)"/> </td> </tr> + <xsl:if test="//saml:Attribute[@AttributeName='OIDTextualDescription']"> + <tr> + <td class="boldstyle"> + Rolle im Gesundheitsbereich: + </td> + <td> + <xsl:value-of select="//saml:Attribute[@AttributeName='OIDTextualDescription']/saml:AttributeValue"/> + (OID***= <xsl:value-of select="//saml:Attribute[@AttributeName='OID']/saml:AttributeValue"/>), + </td> + </tr> + </xsl:if> <tr> <td class="boldstyle"> Applikation: @@ -66,7 +79,9 @@ Datum: </td> <td> - <xsl:value-of select="substring(//@IssueInstant,9,2)"/>.<xsl:value-of select="substring(//@IssueInstant,6,2)"/>.<xsl:value-of select="substring(//@IssueInstant,1,4)"/> + <xsl:value-of select="substring(//@IssueInstant,9,2)"/>. + <xsl:value-of select="substring(//@IssueInstant,6,2)"/>. + <xsl:value-of select="substring(//@IssueInstant,1,4)"/> </td> </tr> <tr> @@ -74,9 +89,21 @@ Uhrzeit: </td> <td> - <xsl:value-of select="substring(//@IssueInstant,12,2)"/>:<xsl:value-of select="substring(//@IssueInstant,15,2)"/>:<xsl:value-of select="substring(//@IssueInstant,18,2)"/> + <xsl:value-of select="substring(//@IssueInstant,12,2)"/>: + <xsl:value-of select="substring(//@IssueInstant,15,2)"/>: + <xsl:value-of select="substring(//@IssueInstant,18,2)"/> </td> </tr> + <xsl:if test="//saml:Attribute[@AttributeName='HPI']"> + <tr> + <td class="boldstyle"> + HPI(**): + </td> + <td> + <xsl:value-of select="//saml:Attribute[@AttributeName='HPI']/saml:AttributeValue"/> + </td> + </tr> + </xsl:if> <xsl:if test="//saml:Attribute[@AttributeName='wbPK']"> <tr> <td class="boldstyle"> @@ -88,10 +115,67 @@ </tr> </xsl:if> </table> + <xsl:if test="//saml:Attribute[@AttributeName='MachtgeberName']"> + <p>Sie bestätigen weiters, dass sie als <xsl:value-of select="//saml:Attribute[@AttributeName='VertretungsArt']/saml:AttributeValue/text()"/> ermächtigt sind im Auftrag von</p> + <table> + <tr> + <td class="boldstyle"> + Name: + </td> + <td> + <xsl:value-of select="//saml:Attribute[@AttributeName='MachtgeberName']/saml:AttributeValue/text()"/> + </td> + </tr> + <xsl:if test="//saml:Attribute[@AttributeName='MachtgeberGeburtsdatum']"> + <tr> + <td class="boldstyle"> + Geburtsdatum: + </td> + <td> + <xsl:value-of select="substring(//saml:Attribute[@AttributeName='MachtgeberGeburtsdatum']/saml:AttributeValue,9,2)"/>. + <xsl:value-of select="substring(//saml:Attribute[@AttributeName='MachtgeberGeburtsdatum']/saml:AttributeValue,6,2)"/>. + <xsl:value-of select="substring(//saml:Attribute[@AttributeName='MachtgeberGeburtsdatum']/saml:AttributeValue,1,4)"/> + </td> + </tr> + </xsl:if> + <xsl:if test="//saml:Attribute[@AttributeName='MachtgeberRegisternummer']"> + <tr> + <td colspan="2"> + <xsl:value-of select="//saml:Attribute[@AttributeName='MachtgeberRegisternummer']/saml:AttributeValue/text()"/> + </td> + </tr> + </xsl:if> + <xsl:if test="//saml:Attribute[@AttributeName='MachtgeberWbpk']"> + <tr> + <td class="boldstyle"> + wbPK (*): + </td> + <td> + <xsl:value-of select="//saml:Attribute[@AttributeName='MachtgeberWbpk']/saml:AttributeValue/text()"/> + </td> + </tr> + </xsl:if> + </table> + <p>zu handeln.</p> + </xsl:if> + <xsl:choose> + <xsl:when test="//saml:Attribute[@AttributeName='OID']"><p/><hr/></xsl:when> + <xsl:when test="//saml:Attribute[@AttributeName='HPI']"><p/><hr/></xsl:when> + <xsl:when test="//saml:Attribute[@AttributeName='wbPK']"><p/><hr/></xsl:when> + </xsl:choose> <xsl:if test="//saml:Attribute[@AttributeName='wbPK']"> - <p/> - <hr/> - <div class="annotationstyle">(*): Das <span class="italicstyle">wirtschaftsbereichsspezifische Personenkennzeichen (wbPK)</span> wird aus den jeweiligen Stammzahlen des Bürgers und des Wirtschaftsunternehmens berechnet und ermöglicht eine eindeutige Zuordnung des Bürgers zum Wirtschaftsunternehmen.</div> + <div class="annotationstyle">(*): Das <span class="italicstyle">wirtschaftsbereichsspezifische Personenkennzeichen (wbPK)</span> wird aus den + jeweiligen Stammzahlen des Bürgers und des Wirtschaftsunternehmens berechnet und ermöglicht eine eindeutige Zuordnung des Bürgers zum + Wirtschaftsunternehmen.</div> + </xsl:if> + <xsl:if test="//saml:Attribute[@AttributeName='HPI']"> + <div class="annotationstyle">(**): Der <span class="italicstyle">eHealth Professional Identifier (HPI)</span> wird aus den jeweiligen + Stammzahlen der Gesundheitsdiensteanbieterinnen / Gesundheitsdiensteanbieter berechnet und ermöglicht eine eindeutige Zuordnung der + Gesundheitsdiensteanbieterin / des Gesundheitsdiensteanbieters im Gesundheitsbereich.</div> + </xsl:if> + <xsl:if test="//saml:Attribute[@AttributeName='OID']"> + <div class="annotationstyle">(***): <span class="italicstyle">Object Identifier (OID)</span> sind standardisierte Objekt-Bezeichner und + beschreiben eindeutig die Rollen des GDA-Token Inhabers.</div> </xsl:if> </body> </html> diff --git a/id/server/data/deploy/conf/moa-spss/profiles/MOAIDTransformAuthBlockText.xml b/id/server/data/deploy/conf/moa-spss/profiles/MOAIDTransformAuthBlockText.xml index b116152c8..cd207e04c 100644 --- a/id/server/data/deploy/conf/moa-spss/profiles/MOAIDTransformAuthBlockText.xml +++ b/id/server/data/deploy/conf/moa-spss/profiles/MOAIDTransformAuthBlockText.xml @@ -17,20 +17,68 @@ <body> <h1>Signatur der Anmeldedaten</h1> <p/> - <h4>Mit meiner elektronischen Signatur beantrage ich, <span class="boldstyle"> - <xsl:value-of select="//@Issuer"/> - </span>, -geboren am -<xsl:value-of select="substring(//saml:Attribute[@AttributeName='Geburtsdatum']/saml:AttributeValue,9,2)"/>.<xsl:value-of select="substring(//saml:Attribute[@AttributeName='Geburtsdatum']/saml:AttributeValue,6,2)"/>.<xsl:value-of select="substring(//saml:Attribute[@AttributeName='Geburtsdatum']/saml:AttributeValue,1,4)"/>, den Zugang zur gesicherten Anwendung.</h4> + <h4>Mit meiner elektronischen Signatur beantrage ich, + <span class="boldstyle"><xsl:value-of select="//@Issuer"/></span>, geboren am + <xsl:value-of select="substring(//saml:Attribute[@AttributeName='Geburtsdatum']/saml:AttributeValue,9,2)"/>. + <xsl:value-of select="substring(//saml:Attribute[@AttributeName='Geburtsdatum']/saml:AttributeValue,6,2)"/>. + <xsl:value-of select="substring(//saml:Attribute[@AttributeName='Geburtsdatum']/saml:AttributeValue,1,4)"/>, + <xsl:if test="//saml:Attribute[@AttributeName='OIDTextualDescription']"> + in der Rolle als <xsl:value-of select="//saml:Attribute[@AttributeName='OIDTextualDescription']/saml:AttributeValue"/> + (OID***= <xsl:value-of select="//saml:Attribute[@AttributeName='OID']/saml:AttributeValue"/>), + </xsl:if> + den Zugang zur gesicherten Anwendung. + </h4> <p/> - <h4>Datum und Uhrzeit: <xsl:value-of select="substring(//@IssueInstant,9,2)"/>.<xsl:value-of select="substring(//@IssueInstant,6,2)"/>.<xsl:value-of select="substring(//@IssueInstant,1,4)"/>, <xsl:value-of select="substring(//@IssueInstant,12,2)"/>:<xsl:value-of select="substring(//@IssueInstant,15,2)"/>:<xsl:value-of select="substring(//@IssueInstant,18,2)"/> + <h4>Datum und Uhrzeit: + <xsl:value-of select="substring(//@IssueInstant,9,2)"/>. + <xsl:value-of select="substring(//@IssueInstant,6,2)"/>. + <xsl:value-of select="substring(//@IssueInstant,1,4)"/>, + <xsl:value-of select="substring(//@IssueInstant,12,2)"/>: + <xsl:value-of select="substring(//@IssueInstant,15,2)"/>: + <xsl:value-of select="substring(//@IssueInstant,18,2)"/> </h4> + <xsl:if test="//saml:Attribute[@AttributeName='HPI']"> + <h4>HPI(**): <xsl:value-of select="//saml:Attribute[@AttributeName='HPI']/saml:AttributeValue"/></h4> + </xsl:if> <xsl:if test="//saml:Attribute[@AttributeName='wbPK']"> - <h4>wbPK(*): <xsl:value-of select="//saml:Attribute[@AttributeName='wbPK']/saml:AttributeValue/pr:Identification/pr:Value"/> + <h4>wbPK(*): <xsl:value-of select="//saml:Attribute[@AttributeName='wbPK']/saml:AttributeValue/pr:Identification/pr:Value"/></h4> + </xsl:if> + <xsl:if test="//saml:Attribute[@AttributeName='MachtgeberName']"> + <hr/> + <h4>Ich bin weiters ermächtigt als <xsl:value-of select="//saml:Attribute[@AttributeName='VertretungsArt']/saml:AttributeValue/text()"/> + von <xsl:value-of select="//saml:Attribute[@AttributeName='MachtgeberName']/saml:AttributeValue/text()"/> + <xsl:if test="//saml:Attribute[@AttributeName='MachtgeberGeburtsdatum']">, geboren am + <xsl:value-of select="substring(//saml:Attribute[@AttributeName='MachtgeberGeburtsdatum']/saml:AttributeValue,9,2)"/>. + <xsl:value-of select="substring(//saml:Attribute[@AttributeName='MachtgeberGeburtsdatum']/saml:AttributeValue,6,2)"/>. + <xsl:value-of select="substring(//saml:Attribute[@AttributeName='MachtgeberGeburtsdatum']/saml:AttributeValue,1,4)"/> + </xsl:if> + <xsl:if test="//saml:Attribute[@AttributeName='MachtgeberRegisternummer']">, + <xsl:value-of select="//saml:Attribute[@AttributeName='MachtgeberRegisternummer']/saml:AttributeValue/text()"/> + </xsl:if>, in dessen Auftrag zu handeln. + <xsl:if test="//saml:Attribute[@AttributeName='MachtgeberWbpk']"> + <h4>wbPK(*) des Vollmachtgebers: <xsl:value-of select="//saml:Attribute[@AttributeName='MachtgeberWbpk']/saml:AttributeValue/text()"/></h4> + </xsl:if> </h4> <p/> - <hr/> - <div class="annotationstyle">(*) wbPK: Das <span class="italicstyle">wirtschaftsbereichsspezifische Personenkennzeichen</span> wird aus den jeweiligen Stammzahlen des Bürgers und des Wirtschaftsunternehmens berechnet und ermöglicht eine eindeutige Zuordnung des Bürgers zum Wirtschaftsunternehmen.</div> + </xsl:if> + <xsl:choose> + <xsl:when test="//saml:Attribute[@AttributeName='OID']"><p/><hr/></xsl:when> + <xsl:when test="//saml:Attribute[@AttributeName='HPI']"><p/><hr/></xsl:when> + <xsl:when test="//saml:Attribute[@AttributeName='wbPK']"><p/><hr/></xsl:when> + </xsl:choose> + <xsl:if test="//saml:Attribute[@AttributeName='wbPK']"> + <div class="annotationstyle">(*) wbPK: Das <span class="italicstyle">wirtschaftsbereichsspezifische Personenkennzeichen</span> wird aus den + jeweiligen Stammzahlen des Bürgers und des Wirtschaftsunternehmens berechnet und ermöglicht eine eindeutige Zuordnung des Bürgers zum + Wirtschaftsunternehmen.</div> + </xsl:if> + <xsl:if test="//saml:Attribute[@AttributeName='HPI']"> + <div class="annotationstyle">(**) HPI: Der <span class="italicstyle">eHealth Professional Identifier</span> wird aus den jeweiligen + Stammzahlen der Gesundheitsdiensteanbieterinnen / Gesundheitsdiensteanbieter berechnet und ermöglicht eine eindeutige Zuordnung der + Gesundheitsdiensteanbieterin / des Gesundheitsdiensteanbieters im Gesundheitsbereich.</div> + </xsl:if> + <xsl:if test="//saml:Attribute[@AttributeName='OID']"> + <div class="annotationstyle">(***) OID: <span class="italicstyle">Object Identifier</span> sind standardisierte Objekt-Bezeichner und + beschreiben eindeutig die Rollen des GDA-Token Inhabers.</div> </xsl:if> </body> </html> diff --git a/id/server/data/deploy/conf/moa-spss/profiles/MOAIDTransformAuthBlockText_deprecated.xml b/id/server/data/deploy/conf/moa-spss/profiles/MOAIDTransformAuthBlockText_deprecated.xml index 10854242e..31e00ec9f 100644 --- a/id/server/data/deploy/conf/moa-spss/profiles/MOAIDTransformAuthBlockText_deprecated.xml +++ b/id/server/data/deploy/conf/moa-spss/profiles/MOAIDTransformAuthBlockText_deprecated.xml @@ -13,12 +13,17 @@ <body> <h1>Signatur der Anmeldedaten</h1> <p/> - <h4>Mit meiner elektronischen Signatur beantrage ich, <b><xsl:value-of select="//@Issuer"/></b>, - geboren am - <xsl:value-of select="substring(//saml:Attribute[@AttributeName='Geburtsdatum']/saml:AttributeValue,9,2)"/>. - <xsl:value-of select="substring(//saml:Attribute[@AttributeName='Geburtsdatum']/saml:AttributeValue,6,2)"/>. - <xsl:value-of select="substring(//saml:Attribute[@AttributeName='Geburtsdatum']/saml:AttributeValue,1,4)"/>, - den Zugang zur gesicherten Anwendung.</h4> + <h4>Mit meiner elektronischen Signatur beantrage ich, + <b><xsl:value-of select="//@Issuer"/></b>, geboren am + <xsl:value-of select="substring(//saml:Attribute[@AttributeName='Geburtsdatum']/saml:AttributeValue,9,2)"/>. + <xsl:value-of select="substring(//saml:Attribute[@AttributeName='Geburtsdatum']/saml:AttributeValue,6,2)"/>. + <xsl:value-of select="substring(//saml:Attribute[@AttributeName='Geburtsdatum']/saml:AttributeValue,1,4)"/>, + <xsl:if test="//saml:Attribute[@AttributeName='OIDTextualDescription']"> + in der Rolle als <xsl:value-of select="//saml:Attribute[@AttributeName='OIDTextualDescription']/saml:AttributeValue"/> + (OID***= <xsl:value-of select="//saml:Attribute[@AttributeName='OID']/saml:AttributeValue"/>), + </xsl:if> + den Zugang zur gesicherten Anwendung. + </h4> <p/> <h4>Datum und Uhrzeit: <xsl:value-of select="substring(//@IssueInstant,9,2)"/>. @@ -28,14 +33,48 @@ <xsl:value-of select="substring(//@IssueInstant,15,2)"/>: <xsl:value-of select="substring(//@IssueInstant,18,2)"/> </h4> + <xsl:if test="//saml:Attribute[@AttributeName='HPI']"> + <h4>HPI(**): <xsl:value-of select="//saml:Attribute[@AttributeName='HPI']/saml:AttributeValue"/></h4> + </xsl:if> <xsl:if test="//saml:Attribute[@AttributeName='wbPK']"> - <h4>wbPK(*): <xsl:value-of select="//saml:Attribute[@AttributeName='wbPK']/saml:AttributeValue/pr:Identification/pr:Value"/> + <h4>wbPK(*): <xsl:value-of select="//saml:Attribute[@AttributeName='wbPK']/saml:AttributeValue/pr:Identification/pr:Value"/></h4> + </xsl:if> + <xsl:if test="//saml:Attribute[@AttributeName='MachtgeberName']"> + <hr/> + <h4>Ich bin weiters ermächtigt als <xsl:value-of select="//saml:Attribute[@AttributeName='VertretungsArt']/saml:AttributeValue/text()"/> + von <xsl:value-of select="//saml:Attribute[@AttributeName='MachtgeberName']/saml:AttributeValue/text()"/> + <xsl:if test="//saml:Attribute[@AttributeName='MachtgeberGeburtsdatum']">, geboren am + <xsl:value-of select="substring(//saml:Attribute[@AttributeName='MachtgeberGeburtsdatum']/saml:AttributeValue,9,2)"/>. + <xsl:value-of select="substring(//saml:Attribute[@AttributeName='MachtgeberGeburtsdatum']/saml:AttributeValue,6,2)"/>. + <xsl:value-of select="substring(//saml:Attribute[@AttributeName='MachtgeberGeburtsdatum']/saml:AttributeValue,1,4)"/> + </xsl:if> + <xsl:if test="//saml:Attribute[@AttributeName='MachtgeberRegisternummer']">, + <xsl:value-of select="//saml:Attribute[@AttributeName='MachtgeberRegisternummer']/saml:AttributeValue/text()"/> + </xsl:if>, in dessen Auftrag zu handeln. + <xsl:if test="//saml:Attribute[@AttributeName='MachtgeberWbpk']"> + <h4>wbPK(*) des Vollmachtgebers: <xsl:value-of select="//saml:Attribute[@AttributeName='MachtgeberWbpk']/saml:AttributeValue/text()"/></h4> + </xsl:if> </h4> <p/> - <hr/> - <h6>(*) wbPK: Das <i>wirtschaftsbereichsspezifische - Personenkennzeichen</i> wird aus den jeweiligen Stammzahlen des Bürgers und des Wirtschaftsunternehmens - berechnet und ermöglicht eine eindeutige Zuordnung des Bürgers zum Wirtschaftsunternehmen.</h6> + </xsl:if> + <xsl:choose> + <xsl:when test="//saml:Attribute[@AttributeName='OID']"><p/><hr/></xsl:when> + <xsl:when test="//saml:Attribute[@AttributeName='HPI']"><p/><hr/></xsl:when> + <xsl:when test="//saml:Attribute[@AttributeName='wbPK']"><p/><hr/></xsl:when> + </xsl:choose> + <xsl:if test="//saml:Attribute[@AttributeName='wbPK']"> + <h6>(*) wbPK: Das <i>wirtschaftsbereichsspezifische Personenkennzeichen</i> wird aus den + jeweiligen Stammzahlen des Bürgers und des Wirtschaftsunternehmens berechnet und ermöglicht eine eindeutige Zuordnung des Bürgers zum + Wirtschaftsunternehmen.</h6> + </xsl:if> + <xsl:if test="//saml:Attribute[@AttributeName='HPI']"> + <h6>(**) HPI: Der <i>eHealth Professional Identifier</i> wird aus den jeweiligen + Stammzahlen der Gesundheitsdiensteanbieterinnen / Gesundheitsdiensteanbieter berechnet und ermöglicht eine eindeutige Zuordnung der + Gesundheitsdiensteanbieterin / des Gesundheitsdiensteanbieters im Gesundheitsbereich.</h6> + </xsl:if> + <xsl:if test="//saml:Attribute[@AttributeName='OID']"> + <h6>(***) OID: <i>Object Identifier</i> sind standardisierte Objekt-Bezeichner und + beschreiben eindeutig die Rollen des GDA-Token Inhabers.</h6> </xsl:if> </body> </html> diff --git a/id/server/data/deploy/conf/moa-spss/profiles/MOAIDTransformAuthBlock_deprecated.xml b/id/server/data/deploy/conf/moa-spss/profiles/MOAIDTransformAuthBlock_deprecated.xml index 0c079da71..bcf0cd7ce 100644 --- a/id/server/data/deploy/conf/moa-spss/profiles/MOAIDTransformAuthBlock_deprecated.xml +++ b/id/server/data/deploy/conf/moa-spss/profiles/MOAIDTransformAuthBlock_deprecated.xml @@ -11,7 +11,7 @@ <title>Signatur der Anmeldedaten</title> </head> <body> - <p>Bitte bestätigen Sie mit Ihrer Unterschrift folgende Angaben:</p> + <p>Bitte bestätigen Sie mit Ihrer Unterschrift folgende Angaben:</p> <table> <tr> <td> @@ -31,6 +31,17 @@ <xsl:value-of select="substring(//saml:Attribute[@AttributeName='Geburtsdatum']/saml:AttributeValue,1,4)"/> </td> </tr> + <xsl:if test="//saml:Attribute[@AttributeName='OIDTextualDescription']"> + <tr> + <td> + <b>Rolle im Gesundheitsbereich:</b> + </td> + <td> + <xsl:value-of select="//saml:Attribute[@AttributeName='OIDTextualDescription']/saml:AttributeValue"/> + (OID***= <xsl:value-of select="//saml:Attribute[@AttributeName='OID']/saml:AttributeValue"/>), + </td> + </tr> + </xsl:if> <tr> <td> <b>Applikation:</b> @@ -77,6 +88,16 @@ <xsl:value-of select="substring(//@IssueInstant,18,2)"/> </td> </tr> + <xsl:if test="//saml:Attribute[@AttributeName='HPI']"> + <tr> + <td> + <b>HPI(**):</b> + </td> + <td> + <xsl:value-of select="//saml:Attribute[@AttributeName='HPI']/saml:AttributeValue"/> + </td> + </tr> + </xsl:if> <xsl:if test="//saml:Attribute[@AttributeName='wbPK']"> <tr> <td> @@ -88,12 +109,67 @@ </tr> </xsl:if> </table> + <xsl:if test="//saml:Attribute[@AttributeName='MachtgeberName']"> + <p>Sie bestätigen weiters, dass sie als <xsl:value-of select="//saml:Attribute[@AttributeName='VertretungsArt']/saml:AttributeValue/text()"/> ermächtigt sind im Auftrag von</p> + <table> + <tr> + <td> + <b>Name:</b> + </td> + <td> + <xsl:value-of select="//saml:Attribute[@AttributeName='MachtgeberName']/saml:AttributeValue/text()"/> + </td> + </tr> + <xsl:if test="//saml:Attribute[@AttributeName='MachtgeberGeburtsdatum']"> + <tr> + <td> + <b>Geburtsdatum:</b> + </td> + <td> + <xsl:value-of select="substring(//saml:Attribute[@AttributeName='MachtgeberGeburtsdatum']/saml:AttributeValue,9,2)"/>. + <xsl:value-of select="substring(//saml:Attribute[@AttributeName='MachtgeberGeburtsdatum']/saml:AttributeValue,6,2)"/>. + <xsl:value-of select="substring(//saml:Attribute[@AttributeName='MachtgeberGeburtsdatum']/saml:AttributeValue,1,4)"/> + </td> + </tr> + </xsl:if> + <xsl:if test="//saml:Attribute[@AttributeName='MachtgeberRegisternummer']"> + <tr> + <td colspan="2"> + <xsl:value-of select="//saml:Attribute[@AttributeName='MachtgeberRegisternummer']/saml:AttributeValue/text()"/> + </td> + </tr> + </xsl:if> + <xsl:if test="//saml:Attribute[@AttributeName='MachtgeberWbpk']"> + <tr> + <td> + <b>wbPK (*):</b> + </td> + <td> + <xsl:value-of select="//saml:Attribute[@AttributeName='MachtgeberWbpk']/saml:AttributeValue/text()"/> + </td> + </tr> + </xsl:if> + </table> + <p>zu handeln.</p> + </xsl:if> + <xsl:choose> + <xsl:when test="//saml:Attribute[@AttributeName='OID']"><p/><hr/></xsl:when> + <xsl:when test="//saml:Attribute[@AttributeName='HPI']"><p/><hr/></xsl:when> + <xsl:when test="//saml:Attribute[@AttributeName='wbPK']"><p/><hr/></xsl:when> + </xsl:choose> <xsl:if test="//saml:Attribute[@AttributeName='wbPK']"> - <p/> - <hr/> - <h6>(*): Das <i>wirtschaftsbereichsspezifische Personenkennzeichen (wbPK)</i> wird aus den jeweiligen - Stammzahlen des Bürgers und des Wirtschaftsunternehmens berechnet und ermöglicht eine eindeutige - Zuordnung des Bürgers zum Wirtschaftsunternehmen.</h6> + <h6>(*): Das <i>wirtschaftsbereichsspezifische Personenkennzeichen (wbPK)</i> wird aus den + jeweiligen Stammzahlen des Bürgers und des Wirtschaftsunternehmens berechnet und ermöglicht eine eindeutige Zuordnung des Bürgers zum + Wirtschaftsunternehmen.</h6> + </xsl:if> + <xsl:if test="//saml:Attribute[@AttributeName='HPI']"> + <h6>(**): Der <i>eHealth Professional Identifier (HPI)</i> wird aus den jeweiligen + Stammzahlen der Gesundheitsdiensteanbieterinnen / Gesundheitsdiensteanbieter berechnet und ermöglicht eine eindeutige Zuordnung der + Gesundheitsdiensteanbieterin / des Gesundheitsdiensteanbieters im Gesundheitsbereich.</h6> + </xsl:if> + <xsl:if test="//saml:Attribute[@AttributeName='OID']"> + <h6>(***): <i>Object Identifier (OID)</i> sind standardisierte Objekt-Bezeichner und + beschreiben eindeutig die Rollen des GDA-Token Inhabers.</h6> </xsl:if> </body> </html> diff --git a/id/server/data/deploy/conf/moa-spss/trustProfiles/MOAIDBuergerkarteAuthentisierungsDatenMitTestkarten/a-sign-Premium-Test-Sig-02.20041227-20141201.SerNo00b5ac.cer b/id/server/data/deploy/conf/moa-spss/trustProfiles/MOAIDBuergerkarteAuthentisierungsDatenMitTestkarten/a-sign-Premium-Test-Sig-02.20041227-20141201.SerNo00b5ac.cer Binary files differnew file mode 100644 index 000000000..911640d0e --- /dev/null +++ b/id/server/data/deploy/conf/moa-spss/trustProfiles/MOAIDBuergerkarteAuthentisierungsDatenMitTestkarten/a-sign-Premium-Test-Sig-02.20041227-20141201.SerNo00b5ac.cer diff --git a/id/server/data/deploy/conf/moa-spss/trustProfiles/MOAIDBuergerkarteAuthentisierungsDatenMitTestkarten/a-sign-TEST-Qual-01a.20041117-20141117.SerNo00da88.cer b/id/server/data/deploy/conf/moa-spss/trustProfiles/MOAIDBuergerkarteAuthentisierungsDatenMitTestkarten/a-sign-TEST-Qual-01a.20041117-20141117.SerNo00da88.cer Binary files differnew file mode 100644 index 000000000..cac44093a --- /dev/null +++ b/id/server/data/deploy/conf/moa-spss/trustProfiles/MOAIDBuergerkarteAuthentisierungsDatenMitTestkarten/a-sign-TEST-Qual-01a.20041117-20141117.SerNo00da88.cer diff --git a/id/server/data/deploy/conf/moa-spss/trustProfiles/MOAIDBuergerkarteAuthentisierungsDatenMitTestkarten/a-sign-TEST-nQual-01a.20041117-20080630.SerNo00da8b.cer b/id/server/data/deploy/conf/moa-spss/trustProfiles/MOAIDBuergerkarteAuthentisierungsDatenMitTestkarten/a-sign-TEST-nQual-01a.20041117-20080630.SerNo00da8b.cer Binary files differnew file mode 100644 index 000000000..32893db7f --- /dev/null +++ b/id/server/data/deploy/conf/moa-spss/trustProfiles/MOAIDBuergerkarteAuthentisierungsDatenMitTestkarten/a-sign-TEST-nQual-01a.20041117-20080630.SerNo00da8b.cer diff --git a/id/server/data/deploy/tomcat/server.mod_jk.xml b/id/server/data/deploy/tomcat/tomcat-4.1.x/server.mod_jk.xml index b32cf7844..30770b5bf 100644 --- a/id/server/data/deploy/tomcat/server.mod_jk.xml +++ b/id/server/data/deploy/tomcat/tomcat-4.1.x/server.mod_jk.xml @@ -1,162 +1,162 @@ -<!-- Alternate Example-less Configuration File --> -<!-- Note that component elements are nested corresponding to their - parent-child relationships with each other --> -<!-- A "Server" is a singleton element that represents the entire JVM, - which may contain one or more "Service" instances. The Server - listens for a shutdown command on the indicated port. - - Note: A "Server" is not itself a "Container", so you may not - define subcomponents such as "Valves" or "Loggers" at this level. - --> -<Server port="8005" shutdown="SHUTDOWN" debug="0"> - <!-- Uncomment this entry to enable JMX MBeans support --> - <!-- - <Listener className="org.apache.catalina.mbeans.ServerLifecycleListener" - debug="0" port="-1" login="admin" password="admin"/> ---> - <!-- A "Service" is a collection of one or more "Connectors" that share - a single "Container" (and therefore the web applications visible - within that Container). Normally, that Container is an "Engine", - but this is not required. - - Note: A "Service" is not itself a "Container", so you may not - define subcomponents such as "Valves" or "Loggers" at this level. - --> - <!-- Define the Tomcat Stand-Alone Service --> - <Service name="Tomcat-Standalone"> - <!-- A "Connector" represents an endpoint by which requests are received - and responses are returned. Each Connector passes requests on to the - associated "Container" (normally an Engine) for processing. - - By default, a non-SSL HTTP/1.1 Connector is established on port 8080. - You can also enable an SSL HTTP/1.1 Connector on port 8443 by - following the instructions below and uncommenting the second Connector - entry. SSL support requires the following steps (see the SSL Config - HOWTO in the Tomcat 4.0 documentation bundle for more detailed - instructions): - * Download and install JSSE 1.0.2 or later, and put the JAR files - into "$JAVA_HOME/jre/lib/ext". - * Execute: - %JAVA_HOME%\bin\keytool -genkey -alias tomcat -keyalg RSA (Windows) - $JAVA_HOME/bin/keytool -genkey -alias tomcat -keyalg RSA (Unix) - with a password value of "changeit" for both the certificate and - the keystore itself. - - By default, DNS lookups are enabled when a web application calls - request.getRemoteHost(). This can have an adverse impact on - performance, so you can disable it by setting the - "enableLookups" attribute to "false". When DNS lookups are disabled, - request.getRemoteHost() will return the String version of the - IP address of the remote client. - --> - <!-- Define a Coyote/JK2 AJP 1.3 Connector on port 8009 --> - <Connector className="org.apache.coyote.tomcat4.CoyoteConnector" - port="8009" minProcessors="5" maxProcessors="75" - enableLookups="true" redirectPort="8443" acceptCount="10" debug="0" - connectionTimeout="0" useURIValidationHack="false" - protocolHandlerClassName="org.apache.jk.server.JkCoyoteHandler"/> - <!-- An Engine represents the entry point (within Catalina) that processes - every request. The Engine implementation for Tomcat stand alone - analyzes the HTTP headers included with the request, and passes them - on to the appropriate Host (virtual host). --> - <!-- Define the top level container in our container hierarchy --> - <Engine name="Standalone" defaultHost="localhost" debug="0"> - <!-- The request dumper valve dumps useful debugging information about - the request headers and cookies that were received, and the response - headers and cookies that were sent, for all requests received by - this instance of Tomcat. If you care only about requests to a - particular virtual host, or a particular application, nest this - element inside the corresponding <Host> or <Context> entry instead. - - For a similar mechanism that is portable to all Servlet 2.3 - containers, check out the "RequestDumperFilter" Filter in the - example application (the source for this filter may be found in - "$CATALINA_HOME/webapps/examples/WEB-INF/classes/filters"). - - Request dumping is disabled by default. Uncomment the following - element to enable it. --> - <!-- - <Valve className="org.apache.catalina.valves.RequestDumperValve"/> - --> - <!-- Global logger unless overridden at lower levels --> - <Logger className="org.apache.catalina.logger.FileLogger" - prefix="catalina_log." suffix=".txt" timestamp="true"/> - <!-- Because this Realm is here, an instance will be shared globally --> - <Realm className="org.apache.catalina.realm.MemoryRealm" /> - <!-- Replace the above Realm with one of the following to get a Realm - stored in a database and accessed via JDBC --> - <!-- Define the default virtual host --> - <Host name="localhost" debug="0" appBase="webapps" - unpackWARs="true" autoDeploy="true"> - <!-- Normally, users must authenticate themselves to each web app - individually. Uncomment the following entry if you would like - a user to be authenticated the first time they encounter a - resource protected by a security constraint, and then have that - user identity maintained across *all* web applications contained - in this virtual host. --> - <!-- - <Valve className="org.apache.catalina.authenticator.SingleSignOn" - debug="0"/> - --> - <!-- Access log processes all requests for this virtual host. By - default, log files are created in the "logs" directory relative to - $CATALINA_HOME. If you wish, you can specify a different - directory with the "directory" attribute. Specify either a relative - (to $CATALINA_HOME) or absolute path to the desired directory. - --> - <Valve className="org.apache.catalina.valves.AccessLogValve" - directory="logs" prefix="localhost_access_log." - suffix=".txt" pattern="common"/> - <!-- Logger shared by all Contexts related to this virtual host. By - default (when using FileLogger), log files are created in the "logs" - directory relative to $CATALINA_HOME. If you wish, you can specify - a different directory with the "directory" attribute. Specify either a - relative (to $CATALINA_HOME) or absolute path to the desired - directory.--> - <Logger className="org.apache.catalina.logger.FileLogger" - directory="logs" prefix="localhost_log." suffix=".txt" - timestamp="true"/> - <!-- Define properties for each web application. This is only needed - if you want to set non-default properties, or have web application - document roots in places other than the virtual host's appBase - directory. --> - <!-- Tomcat Root Context --> - <!-- - <Context path="" docBase="ROOT" debug="0"/> - --> - </Host> - </Engine> - </Service> - <!-- The MOD_WEBAPP connector is used to connect Apache 1.3 with Tomcat 4.0 - as its servlet container. Please read the README.txt file coming with - the WebApp Module distribution on how to build it. - (Or check out the "jakarta-tomcat-connectors/webapp" CVS repository) - - To configure the Apache side, you must ensure that you have the - "ServerName" and "Port" directives defined in "httpd.conf". Then, - lines like these to the bottom of your "httpd.conf" file: - - LoadModule webapp_module libexec/mod_webapp.so - WebAppConnection warpConnection warp localhost:8008 - WebAppDeploy examples warpConnection /examples/ - - The next time you restart Apache (after restarting Tomcat, if needed) - the connection will be established, and all applications you make - visible via "WebAppDeploy" directives can be accessed through Apache. - --> - <!-- Define an Apache-Connector Service --> - <Service name="Tomcat-Apache"> - <Connector className="org.apache.catalina.connector.warp.WarpConnector" - port="8008" minProcessors="5" maxProcessors="75" - enableLookups="true" acceptCount="10" debug="0"/> - <!-- Replace "localhost" with what your Apache "ServerName" is set to --> - <Engine className="org.apache.catalina.connector.warp.WarpEngine" - name="Apache" debug="0" appBase="webapps"> - <!-- Global logger unless overridden at lower levels --> - <Logger className="org.apache.catalina.logger.FileLogger" - prefix="apache_log." suffix=".txt" timestamp="true"/> - <!-- Because this Realm is here, an instance will be shared globally --> - <Realm className="org.apache.catalina.realm.MemoryRealm" /> - </Engine> - </Service> +<!-- Alternate Example-less Configuration File -->
+<!-- Note that component elements are nested corresponding to their
+ parent-child relationships with each other -->
+<!-- A "Server" is a singleton element that represents the entire JVM,
+ which may contain one or more "Service" instances. The Server
+ listens for a shutdown command on the indicated port.
+
+ Note: A "Server" is not itself a "Container", so you may not
+ define subcomponents such as "Valves" or "Loggers" at this level.
+ -->
+<Server port="8005" shutdown="SHUTDOWN" debug="0">
+ <!-- Uncomment this entry to enable JMX MBeans support -->
+ <!--
+ <Listener className="org.apache.catalina.mbeans.ServerLifecycleListener"
+ debug="0" port="-1" login="admin" password="admin"/>
+-->
+ <!-- A "Service" is a collection of one or more "Connectors" that share
+ a single "Container" (and therefore the web applications visible
+ within that Container). Normally, that Container is an "Engine",
+ but this is not required.
+
+ Note: A "Service" is not itself a "Container", so you may not
+ define subcomponents such as "Valves" or "Loggers" at this level.
+ -->
+ <!-- Define the Tomcat Stand-Alone Service -->
+ <Service name="Tomcat-Standalone">
+ <!-- A "Connector" represents an endpoint by which requests are received
+ and responses are returned. Each Connector passes requests on to the
+ associated "Container" (normally an Engine) for processing.
+
+ By default, a non-SSL HTTP/1.1 Connector is established on port 8080.
+ You can also enable an SSL HTTP/1.1 Connector on port 8443 by
+ following the instructions below and uncommenting the second Connector
+ entry. SSL support requires the following steps (see the SSL Config
+ HOWTO in the Tomcat 4.0 documentation bundle for more detailed
+ instructions):
+ * Download and install JSSE 1.0.2 or later, and put the JAR files
+ into "$JAVA_HOME/jre/lib/ext".
+ * Execute:
+ %JAVA_HOME%\bin\keytool -genkey -alias tomcat -keyalg RSA (Windows)
+ $JAVA_HOME/bin/keytool -genkey -alias tomcat -keyalg RSA (Unix)
+ with a password value of "changeit" for both the certificate and
+ the keystore itself.
+
+ By default, DNS lookups are enabled when a web application calls
+ request.getRemoteHost(). This can have an adverse impact on
+ performance, so you can disable it by setting the
+ "enableLookups" attribute to "false". When DNS lookups are disabled,
+ request.getRemoteHost() will return the String version of the
+ IP address of the remote client.
+ -->
+ <!-- Define a Coyote/JK2 AJP 1.3 Connector on port 8009 -->
+ <Connector className="org.apache.coyote.tomcat4.CoyoteConnector"
+ port="8009" minProcessors="5" maxProcessors="75"
+ enableLookups="true" redirectPort="8443" acceptCount="10" debug="0"
+ connectionTimeout="0" useURIValidationHack="false"
+ protocolHandlerClassName="org.apache.jk.server.JkCoyoteHandler"/>
+ <!-- An Engine represents the entry point (within Catalina) that processes
+ every request. The Engine implementation for Tomcat stand alone
+ analyzes the HTTP headers included with the request, and passes them
+ on to the appropriate Host (virtual host). -->
+ <!-- Define the top level container in our container hierarchy -->
+ <Engine name="Standalone" defaultHost="localhost" debug="0">
+ <!-- The request dumper valve dumps useful debugging information about
+ the request headers and cookies that were received, and the response
+ headers and cookies that were sent, for all requests received by
+ this instance of Tomcat. If you care only about requests to a
+ particular virtual host, or a particular application, nest this
+ element inside the corresponding <Host> or <Context> entry instead.
+
+ For a similar mechanism that is portable to all Servlet 2.3
+ containers, check out the "RequestDumperFilter" Filter in the
+ example application (the source for this filter may be found in
+ "$CATALINA_HOME/webapps/examples/WEB-INF/classes/filters").
+
+ Request dumping is disabled by default. Uncomment the following
+ element to enable it. -->
+ <!--
+ <Valve className="org.apache.catalina.valves.RequestDumperValve"/>
+ -->
+ <!-- Global logger unless overridden at lower levels -->
+ <Logger className="org.apache.catalina.logger.FileLogger"
+ prefix="catalina_log." suffix=".txt" timestamp="true"/>
+ <!-- Because this Realm is here, an instance will be shared globally -->
+ <Realm className="org.apache.catalina.realm.MemoryRealm" />
+ <!-- Replace the above Realm with one of the following to get a Realm
+ stored in a database and accessed via JDBC -->
+ <!-- Define the default virtual host -->
+ <Host name="localhost" debug="0" appBase="webapps"
+ unpackWARs="true" autoDeploy="true">
+ <!-- Normally, users must authenticate themselves to each web app
+ individually. Uncomment the following entry if you would like
+ a user to be authenticated the first time they encounter a
+ resource protected by a security constraint, and then have that
+ user identity maintained across *all* web applications contained
+ in this virtual host. -->
+ <!--
+ <Valve className="org.apache.catalina.authenticator.SingleSignOn"
+ debug="0"/>
+ -->
+ <!-- Access log processes all requests for this virtual host. By
+ default, log files are created in the "logs" directory relative to
+ $CATALINA_HOME. If you wish, you can specify a different
+ directory with the "directory" attribute. Specify either a relative
+ (to $CATALINA_HOME) or absolute path to the desired directory.
+ -->
+ <Valve className="org.apache.catalina.valves.AccessLogValve"
+ directory="logs" prefix="localhost_access_log."
+ suffix=".txt" pattern="common"/>
+ <!-- Logger shared by all Contexts related to this virtual host. By
+ default (when using FileLogger), log files are created in the "logs"
+ directory relative to $CATALINA_HOME. If you wish, you can specify
+ a different directory with the "directory" attribute. Specify either a
+ relative (to $CATALINA_HOME) or absolute path to the desired
+ directory.-->
+ <Logger className="org.apache.catalina.logger.FileLogger"
+ directory="logs" prefix="localhost_log." suffix=".txt"
+ timestamp="true"/>
+ <!-- Define properties for each web application. This is only needed
+ if you want to set non-default properties, or have web application
+ document roots in places other than the virtual host's appBase
+ directory. -->
+ <!-- Tomcat Root Context -->
+ <!--
+ <Context path="" docBase="ROOT" debug="0"/>
+ -->
+ </Host>
+ </Engine>
+ </Service>
+ <!-- The MOD_WEBAPP connector is used to connect Apache 1.3 with Tomcat 4.0
+ as its servlet container. Please read the README.txt file coming with
+ the WebApp Module distribution on how to build it.
+ (Or check out the "jakarta-tomcat-connectors/webapp" CVS repository)
+
+ To configure the Apache side, you must ensure that you have the
+ "ServerName" and "Port" directives defined in "httpd.conf". Then,
+ lines like these to the bottom of your "httpd.conf" file:
+
+ LoadModule webapp_module libexec/mod_webapp.so
+ WebAppConnection warpConnection warp localhost:8008
+ WebAppDeploy examples warpConnection /examples/
+
+ The next time you restart Apache (after restarting Tomcat, if needed)
+ the connection will be established, and all applications you make
+ visible via "WebAppDeploy" directives can be accessed through Apache.
+ -->
+ <!-- Define an Apache-Connector Service -->
+ <Service name="Tomcat-Apache">
+ <Connector className="org.apache.catalina.connector.warp.WarpConnector"
+ port="8008" minProcessors="5" maxProcessors="75"
+ enableLookups="true" acceptCount="10" debug="0"/>
+ <!-- Replace "localhost" with what your Apache "ServerName" is set to -->
+ <Engine className="org.apache.catalina.connector.warp.WarpEngine"
+ name="Apache" debug="0" appBase="webapps">
+ <!-- Global logger unless overridden at lower levels -->
+ <Logger className="org.apache.catalina.logger.FileLogger"
+ prefix="apache_log." suffix=".txt" timestamp="true"/>
+ <!-- Because this Realm is here, an instance will be shared globally -->
+ <Realm className="org.apache.catalina.realm.MemoryRealm" />
+ </Engine>
+ </Service>
</Server>
\ No newline at end of file diff --git a/id/server/data/deploy/tomcat/server.xml b/id/server/data/deploy/tomcat/tomcat-4.1.x/server.xml index 2fd7b6439..b259d2dec 100644 --- a/id/server/data/deploy/tomcat/server.xml +++ b/id/server/data/deploy/tomcat/tomcat-4.1.x/server.xml @@ -1,171 +1,171 @@ -<!-- Alternate Example-less Configuration File --> -<!-- Note that component elements are nested corresponding to their - parent-child relationships with each other --> -<!-- A "Server" is a singleton element that represents the entire JVM, - which may contain one or more "Service" instances. The Server - listens for a shutdown command on the indicated port. - - Note: A "Server" is not itself a "Container", so you may not - define subcomponents such as "Valves" or "Loggers" at this level. - --> -<Server port="8005" shutdown="SHUTDOWN" debug="0"> - <!-- Uncomment this entry to enable JMX MBeans support --> - <!-- - <Listener className="org.apache.catalina.mbeans.ServerLifecycleListener" - debug="0" port="-1" login="admin" password="admin"/> ---> - <!-- A "Service" is a collection of one or more "Connectors" that share - a single "Container" (and therefore the web applications visible - within that Container). Normally, that Container is an "Engine", - but this is not required. - - Note: A "Service" is not itself a "Container", so you may not - define subcomponents such as "Valves" or "Loggers" at this level. - --> - <!-- Define the Tomcat Stand-Alone Service --> - <Service name="Tomcat-Standalone"> - <!-- A "Connector" represents an endpoint by which requests are received - and responses are returned. Each Connector passes requests on to the - associated "Container" (normally an Engine) for processing. - - By default, a non-SSL HTTP/1.1 Connector is established on port 8080. - You can also enable an SSL HTTP/1.1 Connector on port 8443 by - following the instructions below and uncommenting the second Connector - entry. SSL support requires the following steps (see the SSL Config - HOWTO in the Tomcat 4.0 documentation bundle for more detailed - instructions): - * Download and install JSSE 1.0.2 or later, and put the JAR files - into "$JAVA_HOME/jre/lib/ext". - * Execute: - %JAVA_HOME%\bin\keytool -genkey -alias tomcat -keyalg RSA (Windows) - $JAVA_HOME/bin/keytool -genkey -alias tomcat -keyalg RSA (Unix) - with a password value of "changeit" for both the certificate and - the keystore itself. - - By default, DNS lookups are enabled when a web application calls - request.getRemoteHost(). This can have an adverse impact on - performance, so you can disable it by setting the - "enableLookups" attribute to "false". When DNS lookups are disabled, - request.getRemoteHost() will return the String version of the - IP address of the remote client. - --> - <!-- Define a non-SSL Coyote HTTP/1.1 Connector on port 8080 --> - <Connector className="org.apache.coyote.tomcat4.CoyoteConnector" - port="8080" minProcessors="5" maxProcessors="75" - enableLookups="true" redirectPort="8443" acceptCount="100" - debug="0" connectionTimeout="20000" useURIValidationHack="false" - disableUploadTimeout="true"/> - <!-- Note : To disable connection timeouts, set connectionTimeout value to -1 --> - <!-- Define a SSL Coyote HTTP/1.1 Connector on port 8443 --> - <Connector className="org.apache.coyote.tomcat4.CoyoteConnector" - port="8443" minProcessors="5" maxProcessors="75" - enableLookups="uri" acceptCount="100" debug="0" scheme="https" - secure="true" useURIValidationHack="false" - disableUploadTimeout="true"> - <Factory - className="org.apache.coyote.tomcat4.CoyoteServerSocketFactory" - clientAuth="false" protocol="TLS"/> - </Connector> - <!-- An Engine represents the entry point (within Catalina) that processes - every request. The Engine implementation for Tomcat stand alone - analyzes the HTTP headers included with the request, and passes them - on to the appropriate Host (virtual host). --> - <!-- Define the top level container in our container hierarchy --> - <Engine name="Standalone" defaultHost="localhost" debug="0"> - <!-- The request dumper valve dumps useful debugging information about - the request headers and cookies that were received, and the response - headers and cookies that were sent, for all requests received by - this instance of Tomcat. If you care only about requests to a - particular virtual host, or a particular application, nest this - element inside the corresponding <Host> or <Context> entry instead. - - For a similar mechanism that is portable to all Servlet 2.3 - containers, check out the "RequestDumperFilter" Filter in the - example application (the source for this filter may be found in - "$CATALINA_HOME/webapps/examples/WEB-INF/classes/filters"). - - Request dumping is disabled by default. Uncomment the following - element to enable it. --> - <!-- - <Valve className="org.apache.catalina.valves.RequestDumperValve"/> - --> - <!-- Global logger unless overridden at lower levels --> - <Logger className="org.apache.catalina.logger.FileLogger" - prefix="catalina_log." suffix=".txt" timestamp="true"/> - <!-- Because this Realm is here, an instance will be shared globally --> - <Realm className="org.apache.catalina.realm.MemoryRealm"/> - <!-- Define the default virtual host --> - <Host name="localhost" debug="0" appBase="webapps" - unpackWARs="true" autoDeploy="true"> - <!-- Normally, users must authenticate themselves to each web app - individually. Uncomment the following entry if you would like - a user to be authenticated the first time they encounter a - resource protected by a security constraint, and then have that - user identity maintained across *all* web applications contained - in this virtual host. --> - <!-- - <Valve className="org.apache.catalina.authenticator.SingleSignOn" - debug="0"/> - --> - <!-- Access log processes all requests for this virtual host. By - default, log files are created in the "logs" directory relative to - $CATALINA_HOME. If you wish, you can specify a different - directory with the "directory" attribute. Specify either a relative - (to $CATALINA_HOME) or absolute path to the desired directory. - --> - <Valve className="org.apache.catalina.valves.AccessLogValve" - directory="logs" prefix="localhost_access_log." - suffix=".txt" pattern="common"/> - <!-- Logger shared by all Contexts related to this virtual host. By - default (when using FileLogger), log files are created in the "logs" - directory relative to $CATALINA_HOME. If you wish, you can specify - a different directory with the "directory" attribute. Specify either a - relative (to $CATALINA_HOME) or absolute path to the desired - directory.--> - <Logger className="org.apache.catalina.logger.FileLogger" - directory="logs" prefix="localhost_log." suffix=".txt" - timestamp="true"/> - <!-- Define properties for each web application. This is only needed - if you want to set non-default properties, or have web application - document roots in places other than the virtual host's appBase - directory. --> - <!-- Tomcat Root Context --> - <!-- - <Context path="" docBase="../moa-id-proxy.war" debug="0"/> - --> - </Host> - </Engine> - </Service> - <!-- The MOD_WEBAPP connector is used to connect Apache 1.3 with Tomcat 4.0 - as its servlet container. Please read the README.txt file coming with - the WebApp Module distribution on how to build it. - (Or check out the "jakarta-tomcat-connectors/webapp" CVS repository) - - To configure the Apache side, you must ensure that you have the - "ServerName" and "Port" directives defined in "httpd.conf". Then, - lines like these to the bottom of your "httpd.conf" file: - - LoadModule webapp_module libexec/mod_webapp.so - WebAppConnection warpConnection warp localhost:8008 - WebAppDeploy examples warpConnection /examples/ - - The next time you restart Apache (after restarting Tomcat, if needed) - the connection will be established, and all applications you make - visible via "WebAppDeploy" directives can be accessed through Apache. - --> - <!-- Define an Apache-Connector Service --> - <Service name="Tomcat-Apache"> - <Connector className="org.apache.catalina.connector.warp.WarpConnector" - port="8008" minProcessors="5" maxProcessors="75" - enableLookups="true" acceptCount="10" debug="0"/> - <!-- Replace "localhost" with what your Apache "ServerName" is set to --> - <Engine className="org.apache.catalina.connector.warp.WarpEngine" - name="Apache" debug="0" appBase="webapps"> - <!-- Global logger unless overridden at lower levels --> - <Logger className="org.apache.catalina.logger.FileLogger" - prefix="apache_log." suffix=".txt" timestamp="true"/> - <!-- Because this Realm is here, an instance will be shared globally --> - <Realm className="org.apache.catalina.realm.MemoryRealm"/> - </Engine> - </Service> +<!-- Alternate Example-less Configuration File -->
+<!-- Note that component elements are nested corresponding to their
+ parent-child relationships with each other -->
+<!-- A "Server" is a singleton element that represents the entire JVM,
+ which may contain one or more "Service" instances. The Server
+ listens for a shutdown command on the indicated port.
+
+ Note: A "Server" is not itself a "Container", so you may not
+ define subcomponents such as "Valves" or "Loggers" at this level.
+ -->
+<Server port="8005" shutdown="SHUTDOWN" debug="0">
+ <!-- Uncomment this entry to enable JMX MBeans support -->
+ <!--
+ <Listener className="org.apache.catalina.mbeans.ServerLifecycleListener"
+ debug="0" port="-1" login="admin" password="admin"/>
+-->
+ <!-- A "Service" is a collection of one or more "Connectors" that share
+ a single "Container" (and therefore the web applications visible
+ within that Container). Normally, that Container is an "Engine",
+ but this is not required.
+
+ Note: A "Service" is not itself a "Container", so you may not
+ define subcomponents such as "Valves" or "Loggers" at this level.
+ -->
+ <!-- Define the Tomcat Stand-Alone Service -->
+ <Service name="Tomcat-Standalone">
+ <!-- A "Connector" represents an endpoint by which requests are received
+ and responses are returned. Each Connector passes requests on to the
+ associated "Container" (normally an Engine) for processing.
+
+ By default, a non-SSL HTTP/1.1 Connector is established on port 8080.
+ You can also enable an SSL HTTP/1.1 Connector on port 8443 by
+ following the instructions below and uncommenting the second Connector
+ entry. SSL support requires the following steps (see the SSL Config
+ HOWTO in the Tomcat 4.0 documentation bundle for more detailed
+ instructions):
+ * Download and install JSSE 1.0.2 or later, and put the JAR files
+ into "$JAVA_HOME/jre/lib/ext".
+ * Execute:
+ %JAVA_HOME%\bin\keytool -genkey -alias tomcat -keyalg RSA (Windows)
+ $JAVA_HOME/bin/keytool -genkey -alias tomcat -keyalg RSA (Unix)
+ with a password value of "changeit" for both the certificate and
+ the keystore itself.
+
+ By default, DNS lookups are enabled when a web application calls
+ request.getRemoteHost(). This can have an adverse impact on
+ performance, so you can disable it by setting the
+ "enableLookups" attribute to "false". When DNS lookups are disabled,
+ request.getRemoteHost() will return the String version of the
+ IP address of the remote client.
+ -->
+ <!-- Define a non-SSL Coyote HTTP/1.1 Connector on port 8080 -->
+ <Connector className="org.apache.coyote.tomcat4.CoyoteConnector"
+ port="8080" minProcessors="5" maxProcessors="75"
+ enableLookups="true" redirectPort="8443" acceptCount="100"
+ debug="0" connectionTimeout="20000" useURIValidationHack="false"
+ disableUploadTimeout="true"/>
+ <!-- Note : To disable connection timeouts, set connectionTimeout value to -1 -->
+ <!-- Define a SSL Coyote HTTP/1.1 Connector on port 8443 -->
+ <Connector className="org.apache.coyote.tomcat4.CoyoteConnector"
+ port="8443" minProcessors="5" maxProcessors="75"
+ enableLookups="uri" acceptCount="100" debug="0" scheme="https"
+ secure="true" useURIValidationHack="false"
+ disableUploadTimeout="true">
+ <Factory
+ className="org.apache.coyote.tomcat4.CoyoteServerSocketFactory"
+ clientAuth="false" protocol="TLS"/>
+ </Connector>
+ <!-- An Engine represents the entry point (within Catalina) that processes
+ every request. The Engine implementation for Tomcat stand alone
+ analyzes the HTTP headers included with the request, and passes them
+ on to the appropriate Host (virtual host). -->
+ <!-- Define the top level container in our container hierarchy -->
+ <Engine name="Standalone" defaultHost="localhost" debug="0">
+ <!-- The request dumper valve dumps useful debugging information about
+ the request headers and cookies that were received, and the response
+ headers and cookies that were sent, for all requests received by
+ this instance of Tomcat. If you care only about requests to a
+ particular virtual host, or a particular application, nest this
+ element inside the corresponding <Host> or <Context> entry instead.
+
+ For a similar mechanism that is portable to all Servlet 2.3
+ containers, check out the "RequestDumperFilter" Filter in the
+ example application (the source for this filter may be found in
+ "$CATALINA_HOME/webapps/examples/WEB-INF/classes/filters").
+
+ Request dumping is disabled by default. Uncomment the following
+ element to enable it. -->
+ <!--
+ <Valve className="org.apache.catalina.valves.RequestDumperValve"/>
+ -->
+ <!-- Global logger unless overridden at lower levels -->
+ <Logger className="org.apache.catalina.logger.FileLogger"
+ prefix="catalina_log." suffix=".txt" timestamp="true"/>
+ <!-- Because this Realm is here, an instance will be shared globally -->
+ <Realm className="org.apache.catalina.realm.MemoryRealm"/>
+ <!-- Define the default virtual host -->
+ <Host name="localhost" debug="0" appBase="webapps"
+ unpackWARs="true" autoDeploy="true">
+ <!-- Normally, users must authenticate themselves to each web app
+ individually. Uncomment the following entry if you would like
+ a user to be authenticated the first time they encounter a
+ resource protected by a security constraint, and then have that
+ user identity maintained across *all* web applications contained
+ in this virtual host. -->
+ <!--
+ <Valve className="org.apache.catalina.authenticator.SingleSignOn"
+ debug="0"/>
+ -->
+ <!-- Access log processes all requests for this virtual host. By
+ default, log files are created in the "logs" directory relative to
+ $CATALINA_HOME. If you wish, you can specify a different
+ directory with the "directory" attribute. Specify either a relative
+ (to $CATALINA_HOME) or absolute path to the desired directory.
+ -->
+ <Valve className="org.apache.catalina.valves.AccessLogValve"
+ directory="logs" prefix="localhost_access_log."
+ suffix=".txt" pattern="common"/>
+ <!-- Logger shared by all Contexts related to this virtual host. By
+ default (when using FileLogger), log files are created in the "logs"
+ directory relative to $CATALINA_HOME. If you wish, you can specify
+ a different directory with the "directory" attribute. Specify either a
+ relative (to $CATALINA_HOME) or absolute path to the desired
+ directory.-->
+ <Logger className="org.apache.catalina.logger.FileLogger"
+ directory="logs" prefix="localhost_log." suffix=".txt"
+ timestamp="true"/>
+ <!-- Define properties for each web application. This is only needed
+ if you want to set non-default properties, or have web application
+ document roots in places other than the virtual host's appBase
+ directory. -->
+ <!-- Tomcat Root Context -->
+ <!--
+ <Context path="" docBase="../moa-id-proxy.war" debug="0"/>
+ -->
+ </Host>
+ </Engine>
+ </Service>
+ <!-- The MOD_WEBAPP connector is used to connect Apache 1.3 with Tomcat 4.0
+ as its servlet container. Please read the README.txt file coming with
+ the WebApp Module distribution on how to build it.
+ (Or check out the "jakarta-tomcat-connectors/webapp" CVS repository)
+
+ To configure the Apache side, you must ensure that you have the
+ "ServerName" and "Port" directives defined in "httpd.conf". Then,
+ lines like these to the bottom of your "httpd.conf" file:
+
+ LoadModule webapp_module libexec/mod_webapp.so
+ WebAppConnection warpConnection warp localhost:8008
+ WebAppDeploy examples warpConnection /examples/
+
+ The next time you restart Apache (after restarting Tomcat, if needed)
+ the connection will be established, and all applications you make
+ visible via "WebAppDeploy" directives can be accessed through Apache.
+ -->
+ <!-- Define an Apache-Connector Service -->
+ <Service name="Tomcat-Apache">
+ <Connector className="org.apache.catalina.connector.warp.WarpConnector"
+ port="8008" minProcessors="5" maxProcessors="75"
+ enableLookups="true" acceptCount="10" debug="0"/>
+ <!-- Replace "localhost" with what your Apache "ServerName" is set to -->
+ <Engine className="org.apache.catalina.connector.warp.WarpEngine"
+ name="Apache" debug="0" appBase="webapps">
+ <!-- Global logger unless overridden at lower levels -->
+ <Logger className="org.apache.catalina.logger.FileLogger"
+ prefix="apache_log." suffix=".txt" timestamp="true"/>
+ <!-- Because this Realm is here, an instance will be shared globally -->
+ <Realm className="org.apache.catalina.realm.MemoryRealm"/>
+ </Engine>
+ </Service>
</Server>
\ No newline at end of file diff --git a/id/server/data/deploy/tomcat/tomcat-5.0.x/server.mod_jk.xml b/id/server/data/deploy/tomcat/tomcat-5.0.x/server.mod_jk.xml new file mode 100644 index 000000000..bbc375984 --- /dev/null +++ b/id/server/data/deploy/tomcat/tomcat-5.0.x/server.mod_jk.xml @@ -0,0 +1,386 @@ +<!-- Example Server Configuration File -->
+<!-- Note that component elements are nested corresponding to their
+ parent-child relationships with each other -->
+
+<!-- A "Server" is a singleton element that represents the entire JVM,
+ which may contain one or more "Service" instances. The Server
+ listens for a shutdown command on the indicated port.
+
+ Note: A "Server" is not itself a "Container", so you may not
+ define subcomponents such as "Valves" or "Loggers" at this level.
+ -->
+
+<Server port="8005" shutdown="SHUTDOWN" debug="0">
+
+
+ <!-- Comment these entries out to disable JMX MBeans support -->
+ <!-- You may also configure custom components (e.g. Valves/Realms) by
+ including your own mbean-descriptor file(s), and setting the
+ "descriptors" attribute to point to a ';' seperated list of paths
+ (in the ClassLoader sense) of files to add to the default list.
+ e.g. descriptors="/com/myfirm/mypackage/mbean-descriptor.xml"
+ -->
+ <Listener className="org.apache.catalina.mbeans.ServerLifecycleListener"
+ debug="0"/>
+ <Listener className="org.apache.catalina.mbeans.GlobalResourcesLifecycleListener"
+ debug="0"/>
+
+ <!-- Global JNDI resources -->
+ <GlobalNamingResources>
+
+ <!-- Test entry for demonstration purposes -->
+ <Environment name="simpleValue" type="java.lang.Integer" value="30"/>
+
+ <!-- Editable user database that can also be used by
+ UserDatabaseRealm to authenticate users -->
+ <Resource name="UserDatabase" auth="Container"
+ type="org.apache.catalina.UserDatabase"
+ description="User database that can be updated and saved">
+ </Resource>
+ <ResourceParams name="UserDatabase">
+ <parameter>
+ <name>factory</name>
+ <value>org.apache.catalina.users.MemoryUserDatabaseFactory</value>
+ </parameter>
+ <parameter>
+ <name>pathname</name>
+ <value>conf/tomcat-users.xml</value>
+ </parameter>
+ </ResourceParams>
+
+ </GlobalNamingResources>
+
+ <!-- A "Service" is a collection of one or more "Connectors" that share
+ a single "Container" (and therefore the web applications visible
+ within that Container). Normally, that Container is an "Engine",
+ but this is not required.
+
+ Note: A "Service" is not itself a "Container", so you may not
+ define subcomponents such as "Valves" or "Loggers" at this level.
+ -->
+
+ <!-- Define the Tomcat Stand-Alone Service -->
+ <Service name="Catalina">
+
+ <!-- A "Connector" represents an endpoint by which requests are received
+ and responses are returned. Each Connector passes requests on to the
+ associated "Container" (normally an Engine) for processing.
+
+ By default, a non-SSL HTTP/1.1 Connector is established on port 8080.
+ You can also enable an SSL HTTP/1.1 Connector on port 8443 by
+ following the instructions below and uncommenting the second Connector
+ entry. SSL support requires the following steps (see the SSL Config
+ HOWTO in the Tomcat 5 documentation bundle for more detailed
+ instructions):
+ * If your JDK version 1.3 or prior, download and install JSSE 1.0.2 or
+ later, and put the JAR files into "$JAVA_HOME/jre/lib/ext".
+ * Execute:
+ %JAVA_HOME%\bin\keytool -genkey -alias tomcat -keyalg RSA (Windows)
+ $JAVA_HOME/bin/keytool -genkey -alias tomcat -keyalg RSA (Unix)
+ with a password value of "changeit" for both the certificate and
+ the keystore itself.
+
+ By default, DNS lookups are enabled when a web application calls
+ request.getRemoteHost(). This can have an adverse impact on
+ performance, so you can disable it by setting the
+ "enableLookups" attribute to "false". When DNS lookups are disabled,
+ request.getRemoteHost() will return the String version of the
+ IP address of the remote client.
+ -->
+
+ <!-- Define a non-SSL Coyote HTTP/1.1 Connector on port 8080 -->
+ <Connector port="8080"
+ maxThreads="150" minSpareThreads="25" maxSpareThreads="75"
+ enableLookups="false" redirectPort="8443" acceptCount="100"
+ debug="0" connectionTimeout="20000"
+ disableUploadTimeout="true" />
+ <!-- Note : To disable connection timeouts, set connectionTimeout value
+ to 0 -->
+
+ <!-- Note : To use gzip compression you could set the following properties :
+
+ compression="on"
+ compressionMinSize="2048"
+ noCompressionUserAgents="gozilla, traviata"
+ compressableMimeType="text/html,text/xml"
+ -->
+
+ <!-- Define a SSL Coyote HTTP/1.1 Connector on port 8443 -->
+ <Connector port="8443"
+ maxThreads="150" minSpareThreads="25" maxSpareThreads="75"
+ enableLookups="false" disableUploadTimeout="true"
+ acceptCount="100" debug="0" scheme="https" secure="true"
+ clientAuth="false" sslProtocol="TLS" />
+
+ <!-- Define a Coyote/JK2 AJP 1.3 Connector on port 8009 -->
+ <Connector port="8009"
+ enableLookups="false" redirectPort="8443" debug="0"
+ protocol="AJP/1.3" />
+
+ <!-- Define a Proxied HTTP/1.1 Connector on port 8082 -->
+ <!-- See proxy documentation for more information about using this. -->
+ <!--
+ <Connector port="8082"
+ maxThreads="150" minSpareThreads="25" maxSpareThreads="75"
+ enableLookups="false"
+ acceptCount="100" debug="0" connectionTimeout="20000"
+ proxyPort="80" disableUploadTimeout="true" />
+ -->
+
+ <!-- An Engine represents the entry point (within Catalina) that processes
+ every request. The Engine implementation for Tomcat stand alone
+ analyzes the HTTP headers included with the request, and passes them
+ on to the appropriate Host (virtual host). -->
+
+ <!-- You should set jvmRoute to support load-balancing via JK/JK2 ie :
+ <Engine name="Standalone" defaultHost="localhost" debug="0" jvmRoute="jvm1">
+ -->
+
+ <!-- Define the top level container in our container hierarchy -->
+ <Engine name="Catalina" defaultHost="localhost" debug="0">
+
+ <!-- The request dumper valve dumps useful debugging information about
+ the request headers and cookies that were received, and the response
+ headers and cookies that were sent, for all requests received by
+ this instance of Tomcat. If you care only about requests to a
+ particular virtual host, or a particular application, nest this
+ element inside the corresponding <Host> or <Context> entry instead.
+
+ For a similar mechanism that is portable to all Servlet 2.4
+ containers, check out the "RequestDumperFilter" Filter in the
+ example application (the source for this filter may be found in
+ "$CATALINA_HOME/webapps/examples/WEB-INF/classes/filters").
+
+ Request dumping is disabled by default. Uncomment the following
+ element to enable it. -->
+ <!--
+ <Valve className="org.apache.catalina.valves.RequestDumperValve"/>
+ -->
+
+ <!-- Global logger unless overridden at lower levels -->
+ <Logger className="org.apache.catalina.logger.FileLogger"
+ prefix="catalina_log." suffix=".txt"
+ timestamp="true"/>
+
+ <!-- Because this Realm is here, an instance will be shared globally -->
+
+ <!-- This Realm uses the UserDatabase configured in the global JNDI
+ resources under the key "UserDatabase". Any edits
+ that are performed against this UserDatabase are immediately
+ available for use by the Realm. -->
+ <Realm className="org.apache.catalina.realm.UserDatabaseRealm"
+ debug="0" resourceName="UserDatabase"/>
+
+ <!-- Comment out the old realm but leave here for now in case we
+ need to go back quickly -->
+ <!--
+ <Realm className="org.apache.catalina.realm.MemoryRealm" />
+ -->
+
+ <!-- Replace the above Realm with one of the following to get a Realm
+ stored in a database and accessed via JDBC -->
+
+ <!--
+ <Realm className="org.apache.catalina.realm.JDBCRealm" debug="99"
+ driverName="org.gjt.mm.mysql.Driver"
+ connectionURL="jdbc:mysql://localhost/authority"
+ connectionName="test" connectionPassword="test"
+ userTable="users" userNameCol="user_name" userCredCol="user_pass"
+ userRoleTable="user_roles" roleNameCol="role_name" />
+ -->
+
+ <!--
+ <Realm className="org.apache.catalina.realm.JDBCRealm" debug="99"
+ driverName="oracle.jdbc.driver.OracleDriver"
+ connectionURL="jdbc:oracle:thin:@ntserver:1521:ORCL"
+ connectionName="scott" connectionPassword="tiger"
+ userTable="users" userNameCol="user_name" userCredCol="user_pass"
+ userRoleTable="user_roles" roleNameCol="role_name" />
+ -->
+
+ <!--
+ <Realm className="org.apache.catalina.realm.JDBCRealm" debug="99"
+ driverName="sun.jdbc.odbc.JdbcOdbcDriver"
+ connectionURL="jdbc:odbc:CATALINA"
+ userTable="users" userNameCol="user_name" userCredCol="user_pass"
+ userRoleTable="user_roles" roleNameCol="role_name" />
+ -->
+
+ <!-- Define the default virtual host
+ Note: XML Schema validation will not work with Xerces 2.2.
+ -->
+ <Host name="localhost" debug="0" appBase="webapps"
+ unpackWARs="true" autoDeploy="true"
+ xmlValidation="false" xmlNamespaceAware="false">
+
+ <!-- Defines a cluster for this node,
+ By defining this element, means that every manager will be changed.
+ So when running a cluster, only make sure that you have webapps in there
+ that need to be clustered and remove the other ones.
+ A cluster has the following parameters:
+
+ className = the fully qualified name of the cluster class
+
+ name = a descriptive name for your cluster, can be anything
+
+ debug = the debug level, higher means more output
+
+ mcastAddr = the multicast address, has to be the same for all the nodes
+
+ mcastPort = the multicast port, has to be the same for all the nodes
+
+ mcastBindAddr = bind the multicast socket to a specific address
+
+ mcastTTL = the multicast TTL if you want to limit your broadcast
+
+ mcastSoTimeout = the multicast readtimeout
+
+ mcastFrequency = the number of milliseconds in between sending a "I'm alive" heartbeat
+
+ mcastDropTime = the number a milliseconds before a node is considered "dead" if no heartbeat is received
+
+ tcpThreadCount = the number of threads to handle incoming replication requests, optimal would be the same amount of threads as nodes
+
+ tcpListenAddress = the listen address (bind address) for TCP cluster request on this host,
+ in case of multiple ethernet cards.
+ auto means that address becomes
+ InetAddress.getLocalHost().getHostAddress()
+
+ tcpListenPort = the tcp listen port
+
+ tcpSelectorTimeout = the timeout (ms) for the Selector.select() method in case the OS
+ has a wakup bug in java.nio. Set to 0 for no timeout
+
+ printToScreen = true means that managers will also print to std.out
+
+ expireSessionsOnShutdown = true means that
+
+ useDirtyFlag = true means that we only replicate a session after setAttribute,removeAttribute has been called.
+ false means to replicate the session after each request.
+ false means that replication would work for the following piece of code:
+ <%
+ HashMap map = (HashMap)session.getAttribute("map");
+ map.put("key","value");
+ %>
+ replicationMode = can be either 'pooled', 'synchronous' or 'asynchronous'.
+ * Pooled means that the replication happens using several sockets in a synchronous way. Ie, the data gets replicated, then the request return. This is the same as the 'synchronous' setting except it uses a pool of sockets, hence it is multithreaded. This is the fastest and safest configuration. To use this, also increase the nr of tcp threads that you have dealing with replication.
+ * Synchronous means that the thread that executes the request, is also the
+ thread the replicates the data to the other nodes, and will not return until all
+ nodes have received the information.
+ * Asynchronous means that there is a specific 'sender' thread for each cluster node,
+ so the request thread will queue the replication request into a "smart" queue,
+ and then return to the client.
+ The "smart" queue is a queue where when a session is added to the queue, and the same session
+ already exists in the queue from a previous request, that session will be replaced
+ in the queue instead of replicating two requests. This almost never happens, unless there is a
+ large network delay.
+ -->
+ <!--
+ When configuring for clustering, you also add in a valve to catch all the requests
+ coming in, at the end of the request, the session may or may not be replicated.
+ A session is replicated if and only if all the conditions are met:
+ 1. useDirtyFlag is true or setAttribute or removeAttribute has been called AND
+ 2. a session exists (has been created)
+ 3. the request is not trapped by the "filter" attribute
+
+ The filter attribute is to filter out requests that could not modify the session,
+ hence we don't replicate the session after the end of this request.
+ The filter is negative, ie, anything you put in the filter, you mean to filter out,
+ ie, no replication will be done on requests that match one of the filters.
+ The filter attribute is delimited by ;, so you can't escape out ; even if you wanted to.
+
+ filter=".*\.gif;.*\.js;" means that we will not replicate the session after requests with the URI
+ ending with .gif and .js are intercepted.
+
+ The deployer element can be used to deploy apps cluster wide.
+ Currently the deployment only deploys/undeploys to working members in the cluster
+ so no WARs are copied upons startup of a broken node.
+ The deployer watches a directory (watchDir) for WAR files when watchEnabled="true"
+ When a new war file is added the war gets deployed to the local instance,
+ and then deployed to the other instances in the cluster.
+ When a war file is deleted from the watchDir the war is undeployed locally
+ and cluster wide
+ -->
+
+ <!--
+ <Cluster className="org.apache.catalina.cluster.tcp.SimpleTcpCluster"
+ managerClassName="org.apache.catalina.cluster.session.DeltaManager"
+ expireSessionsOnShutdown="false"
+ useDirtyFlag="true">
+
+ <Membership
+ className="org.apache.catalina.cluster.mcast.McastService"
+ mcastAddr="228.0.0.4"
+ mcastPort="45564"
+ mcastFrequency="500"
+ mcastDropTime="3000"/>
+
+ <Receiver
+ className="org.apache.catalina.cluster.tcp.ReplicationListener"
+ tcpListenAddress="auto"
+ tcpListenPort="4001"
+ tcpSelectorTimeout="100"
+ tcpThreadCount="6"/>
+
+ <Sender
+ className="org.apache.catalina.cluster.tcp.ReplicationTransmitter"
+ replicationMode="pooled"/>
+
+ <Valve className="org.apache.catalina.cluster.tcp.ReplicationValve"
+ filter=".*\.gif;.*\.js;.*\.jpg;.*\.htm;.*\.html;.*\.txt;"/>
+
+ <Deployer className="org.apache.catalina.cluster.deploy.FarmWarDeployer"
+ tempDir="/tmp/war-temp/"
+ deployDir="/tmp/war-deploy/"
+ watchDir="/tmp/war-listen/"
+ watchEnabled="false"/>
+ </Cluster>
+ -->
+
+
+
+ <!-- Normally, users must authenticate themselves to each web app
+ individually. Uncomment the following entry if you would like
+ a user to be authenticated the first time they encounter a
+ resource protected by a security constraint, and then have that
+ user identity maintained across *all* web applications contained
+ in this virtual host. -->
+ <!--
+ <Valve className="org.apache.catalina.authenticator.SingleSignOn"
+ debug="0"/>
+ -->
+
+ <!-- Access log processes all requests for this virtual host. By
+ default, log files are created in the "logs" directory relative to
+ $CATALINA_HOME. If you wish, you can specify a different
+ directory with the "directory" attribute. Specify either a relative
+ (to $CATALINA_HOME) or absolute path to the desired directory.
+ -->
+ <!--
+ <Valve className="org.apache.catalina.valves.AccessLogValve"
+ directory="logs" prefix="localhost_access_log." suffix=".txt"
+ pattern="common" resolveHosts="false"/>
+ -->
+
+ <!-- Logger shared by all Contexts related to this virtual host. By
+ default (when using FileLogger), log files are created in the "logs"
+ directory relative to $CATALINA_HOME. If you wish, you can specify
+ a different directory with the "directory" attribute. Specify either a
+ relative (to $CATALINA_HOME) or absolute path to the desired
+ directory.-->
+ <Logger className="org.apache.catalina.logger.FileLogger"
+ directory="logs" prefix="localhost_log." suffix=".txt"
+ timestamp="true"/>
+
+ <!-- Tomcat Root Context -->
+ <!--
+ <Context path="" docBase="../webappsProxy" debug="0"/>
+ -->
+
+ </Host>
+
+ </Engine>
+
+ </Service>
+
+</Server>
diff --git a/id/server/data/deploy/tomcat/tomcat-5.0.x/server.xml b/id/server/data/deploy/tomcat/tomcat-5.0.x/server.xml new file mode 100644 index 000000000..9b86b38ca --- /dev/null +++ b/id/server/data/deploy/tomcat/tomcat-5.0.x/server.xml @@ -0,0 +1,388 @@ +<!-- Example Server Configuration File -->
+<!-- Note that component elements are nested corresponding to their
+ parent-child relationships with each other -->
+
+<!-- A "Server" is a singleton element that represents the entire JVM,
+ which may contain one or more "Service" instances. The Server
+ listens for a shutdown command on the indicated port.
+
+ Note: A "Server" is not itself a "Container", so you may not
+ define subcomponents such as "Valves" or "Loggers" at this level.
+ -->
+
+<Server port="8005" shutdown="SHUTDOWN" debug="0">
+
+
+ <!-- Comment these entries out to disable JMX MBeans support -->
+ <!-- You may also configure custom components (e.g. Valves/Realms) by
+ including your own mbean-descriptor file(s), and setting the
+ "descriptors" attribute to point to a ';' seperated list of paths
+ (in the ClassLoader sense) of files to add to the default list.
+ e.g. descriptors="/com/myfirm/mypackage/mbean-descriptor.xml"
+ -->
+ <Listener className="org.apache.catalina.mbeans.ServerLifecycleListener"
+ debug="0"/>
+ <Listener className="org.apache.catalina.mbeans.GlobalResourcesLifecycleListener"
+ debug="0"/>
+
+ <!-- Global JNDI resources -->
+ <GlobalNamingResources>
+
+ <!-- Test entry for demonstration purposes -->
+ <Environment name="simpleValue" type="java.lang.Integer" value="30"/>
+
+ <!-- Editable user database that can also be used by
+ UserDatabaseRealm to authenticate users -->
+ <Resource name="UserDatabase" auth="Container"
+ type="org.apache.catalina.UserDatabase"
+ description="User database that can be updated and saved">
+ </Resource>
+ <ResourceParams name="UserDatabase">
+ <parameter>
+ <name>factory</name>
+ <value>org.apache.catalina.users.MemoryUserDatabaseFactory</value>
+ </parameter>
+ <parameter>
+ <name>pathname</name>
+ <value>conf/tomcat-users.xml</value>
+ </parameter>
+ </ResourceParams>
+
+ </GlobalNamingResources>
+
+ <!-- A "Service" is a collection of one or more "Connectors" that share
+ a single "Container" (and therefore the web applications visible
+ within that Container). Normally, that Container is an "Engine",
+ but this is not required.
+
+ Note: A "Service" is not itself a "Container", so you may not
+ define subcomponents such as "Valves" or "Loggers" at this level.
+ -->
+
+ <!-- Define the Tomcat Stand-Alone Service -->
+ <Service name="Catalina">
+
+ <!-- A "Connector" represents an endpoint by which requests are received
+ and responses are returned. Each Connector passes requests on to the
+ associated "Container" (normally an Engine) for processing.
+
+ By default, a non-SSL HTTP/1.1 Connector is established on port 8080.
+ You can also enable an SSL HTTP/1.1 Connector on port 8443 by
+ following the instructions below and uncommenting the second Connector
+ entry. SSL support requires the following steps (see the SSL Config
+ HOWTO in the Tomcat 5 documentation bundle for more detailed
+ instructions):
+ * If your JDK version 1.3 or prior, download and install JSSE 1.0.2 or
+ later, and put the JAR files into "$JAVA_HOME/jre/lib/ext".
+ * Execute:
+ %JAVA_HOME%\bin\keytool -genkey -alias tomcat -keyalg RSA (Windows)
+ $JAVA_HOME/bin/keytool -genkey -alias tomcat -keyalg RSA (Unix)
+ with a password value of "changeit" for both the certificate and
+ the keystore itself.
+
+ By default, DNS lookups are enabled when a web application calls
+ request.getRemoteHost(). This can have an adverse impact on
+ performance, so you can disable it by setting the
+ "enableLookups" attribute to "false". When DNS lookups are disabled,
+ request.getRemoteHost() will return the String version of the
+ IP address of the remote client.
+ -->
+
+ <!-- Define a non-SSL Coyote HTTP/1.1 Connector on port 8080 -->
+ <Connector port="8080"
+ maxThreads="150" minSpareThreads="25" maxSpareThreads="75"
+ enableLookups="false" redirectPort="8443" acceptCount="100"
+ debug="0" connectionTimeout="20000"
+ disableUploadTimeout="true" />
+ <!-- Note : To disable connection timeouts, set connectionTimeout value
+ to 0 -->
+
+ <!-- Note : To use gzip compression you could set the following properties :
+
+ compression="on"
+ compressionMinSize="2048"
+ noCompressionUserAgents="gozilla, traviata"
+ compressableMimeType="text/html,text/xml"
+ -->
+
+ <!-- Define a SSL Coyote HTTP/1.1 Connector on port 8443 -->
+ <Connector port="8443"
+ maxThreads="150" minSpareThreads="25" maxSpareThreads="75"
+ enableLookups="false" disableUploadTimeout="true"
+ acceptCount="100" debug="0" scheme="https" secure="true"
+ clientAuth="false" sslProtocol="TLS" />
+
+ <!-- Define a Coyote/JK2 AJP 1.3 Connector on port 8009 -->
+ <!--
+ <Connector port="8009"
+ enableLookups="false" redirectPort="8443" debug="0"
+ protocol="AJP/1.3" />
+ -->
+
+ <!-- Define a Proxied HTTP/1.1 Connector on port 8082 -->
+ <!-- See proxy documentation for more information about using this. -->
+ <!--
+ <Connector port="8082"
+ maxThreads="150" minSpareThreads="25" maxSpareThreads="75"
+ enableLookups="false"
+ acceptCount="100" debug="0" connectionTimeout="20000"
+ proxyPort="80" disableUploadTimeout="true" />
+ -->
+
+ <!-- An Engine represents the entry point (within Catalina) that processes
+ every request. The Engine implementation for Tomcat stand alone
+ analyzes the HTTP headers included with the request, and passes them
+ on to the appropriate Host (virtual host). -->
+
+ <!-- You should set jvmRoute to support load-balancing via JK/JK2 ie :
+ <Engine name="Standalone" defaultHost="localhost" debug="0" jvmRoute="jvm1">
+ -->
+
+ <!-- Define the top level container in our container hierarchy -->
+ <Engine name="Catalina" defaultHost="localhost" debug="0">
+
+ <!-- The request dumper valve dumps useful debugging information about
+ the request headers and cookies that were received, and the response
+ headers and cookies that were sent, for all requests received by
+ this instance of Tomcat. If you care only about requests to a
+ particular virtual host, or a particular application, nest this
+ element inside the corresponding <Host> or <Context> entry instead.
+
+ For a similar mechanism that is portable to all Servlet 2.4
+ containers, check out the "RequestDumperFilter" Filter in the
+ example application (the source for this filter may be found in
+ "$CATALINA_HOME/webapps/examples/WEB-INF/classes/filters").
+
+ Request dumping is disabled by default. Uncomment the following
+ element to enable it. -->
+ <!--
+ <Valve className="org.apache.catalina.valves.RequestDumperValve"/>
+ -->
+
+ <!-- Global logger unless overridden at lower levels -->
+ <Logger className="org.apache.catalina.logger.FileLogger"
+ prefix="catalina_log." suffix=".txt"
+ timestamp="true"/>
+
+ <!-- Because this Realm is here, an instance will be shared globally -->
+
+ <!-- This Realm uses the UserDatabase configured in the global JNDI
+ resources under the key "UserDatabase". Any edits
+ that are performed against this UserDatabase are immediately
+ available for use by the Realm. -->
+ <Realm className="org.apache.catalina.realm.UserDatabaseRealm"
+ debug="0" resourceName="UserDatabase"/>
+
+ <!-- Comment out the old realm but leave here for now in case we
+ need to go back quickly -->
+ <!--
+ <Realm className="org.apache.catalina.realm.MemoryRealm" />
+ -->
+
+ <!-- Replace the above Realm with one of the following to get a Realm
+ stored in a database and accessed via JDBC -->
+
+ <!--
+ <Realm className="org.apache.catalina.realm.JDBCRealm" debug="99"
+ driverName="org.gjt.mm.mysql.Driver"
+ connectionURL="jdbc:mysql://localhost/authority"
+ connectionName="test" connectionPassword="test"
+ userTable="users" userNameCol="user_name" userCredCol="user_pass"
+ userRoleTable="user_roles" roleNameCol="role_name" />
+ -->
+
+ <!--
+ <Realm className="org.apache.catalina.realm.JDBCRealm" debug="99"
+ driverName="oracle.jdbc.driver.OracleDriver"
+ connectionURL="jdbc:oracle:thin:@ntserver:1521:ORCL"
+ connectionName="scott" connectionPassword="tiger"
+ userTable="users" userNameCol="user_name" userCredCol="user_pass"
+ userRoleTable="user_roles" roleNameCol="role_name" />
+ -->
+
+ <!--
+ <Realm className="org.apache.catalina.realm.JDBCRealm" debug="99"
+ driverName="sun.jdbc.odbc.JdbcOdbcDriver"
+ connectionURL="jdbc:odbc:CATALINA"
+ userTable="users" userNameCol="user_name" userCredCol="user_pass"
+ userRoleTable="user_roles" roleNameCol="role_name" />
+ -->
+
+ <!-- Define the default virtual host
+ Note: XML Schema validation will not work with Xerces 2.2.
+ -->
+ <Host name="localhost" debug="0" appBase="webapps"
+ unpackWARs="true" autoDeploy="true"
+ xmlValidation="false" xmlNamespaceAware="false">
+
+ <!-- Defines a cluster for this node,
+ By defining this element, means that every manager will be changed.
+ So when running a cluster, only make sure that you have webapps in there
+ that need to be clustered and remove the other ones.
+ A cluster has the following parameters:
+
+ className = the fully qualified name of the cluster class
+
+ name = a descriptive name for your cluster, can be anything
+
+ debug = the debug level, higher means more output
+
+ mcastAddr = the multicast address, has to be the same for all the nodes
+
+ mcastPort = the multicast port, has to be the same for all the nodes
+
+ mcastBindAddr = bind the multicast socket to a specific address
+
+ mcastTTL = the multicast TTL if you want to limit your broadcast
+
+ mcastSoTimeout = the multicast readtimeout
+
+ mcastFrequency = the number of milliseconds in between sending a "I'm alive" heartbeat
+
+ mcastDropTime = the number a milliseconds before a node is considered "dead" if no heartbeat is received
+
+ tcpThreadCount = the number of threads to handle incoming replication requests, optimal would be the same amount of threads as nodes
+
+ tcpListenAddress = the listen address (bind address) for TCP cluster request on this host,
+ in case of multiple ethernet cards.
+ auto means that address becomes
+ InetAddress.getLocalHost().getHostAddress()
+
+ tcpListenPort = the tcp listen port
+
+ tcpSelectorTimeout = the timeout (ms) for the Selector.select() method in case the OS
+ has a wakup bug in java.nio. Set to 0 for no timeout
+
+ printToScreen = true means that managers will also print to std.out
+
+ expireSessionsOnShutdown = true means that
+
+ useDirtyFlag = true means that we only replicate a session after setAttribute,removeAttribute has been called.
+ false means to replicate the session after each request.
+ false means that replication would work for the following piece of code:
+ <%
+ HashMap map = (HashMap)session.getAttribute("map");
+ map.put("key","value");
+ %>
+ replicationMode = can be either 'pooled', 'synchronous' or 'asynchronous'.
+ * Pooled means that the replication happens using several sockets in a synchronous way. Ie, the data gets replicated, then the request return. This is the same as the 'synchronous' setting except it uses a pool of sockets, hence it is multithreaded. This is the fastest and safest configuration. To use this, also increase the nr of tcp threads that you have dealing with replication.
+ * Synchronous means that the thread that executes the request, is also the
+ thread the replicates the data to the other nodes, and will not return until all
+ nodes have received the information.
+ * Asynchronous means that there is a specific 'sender' thread for each cluster node,
+ so the request thread will queue the replication request into a "smart" queue,
+ and then return to the client.
+ The "smart" queue is a queue where when a session is added to the queue, and the same session
+ already exists in the queue from a previous request, that session will be replaced
+ in the queue instead of replicating two requests. This almost never happens, unless there is a
+ large network delay.
+ -->
+ <!--
+ When configuring for clustering, you also add in a valve to catch all the requests
+ coming in, at the end of the request, the session may or may not be replicated.
+ A session is replicated if and only if all the conditions are met:
+ 1. useDirtyFlag is true or setAttribute or removeAttribute has been called AND
+ 2. a session exists (has been created)
+ 3. the request is not trapped by the "filter" attribute
+
+ The filter attribute is to filter out requests that could not modify the session,
+ hence we don't replicate the session after the end of this request.
+ The filter is negative, ie, anything you put in the filter, you mean to filter out,
+ ie, no replication will be done on requests that match one of the filters.
+ The filter attribute is delimited by ;, so you can't escape out ; even if you wanted to.
+
+ filter=".*\.gif;.*\.js;" means that we will not replicate the session after requests with the URI
+ ending with .gif and .js are intercepted.
+
+ The deployer element can be used to deploy apps cluster wide.
+ Currently the deployment only deploys/undeploys to working members in the cluster
+ so no WARs are copied upons startup of a broken node.
+ The deployer watches a directory (watchDir) for WAR files when watchEnabled="true"
+ When a new war file is added the war gets deployed to the local instance,
+ and then deployed to the other instances in the cluster.
+ When a war file is deleted from the watchDir the war is undeployed locally
+ and cluster wide
+ -->
+
+ <!--
+ <Cluster className="org.apache.catalina.cluster.tcp.SimpleTcpCluster"
+ managerClassName="org.apache.catalina.cluster.session.DeltaManager"
+ expireSessionsOnShutdown="false"
+ useDirtyFlag="true">
+
+ <Membership
+ className="org.apache.catalina.cluster.mcast.McastService"
+ mcastAddr="228.0.0.4"
+ mcastPort="45564"
+ mcastFrequency="500"
+ mcastDropTime="3000"/>
+
+ <Receiver
+ className="org.apache.catalina.cluster.tcp.ReplicationListener"
+ tcpListenAddress="auto"
+ tcpListenPort="4001"
+ tcpSelectorTimeout="100"
+ tcpThreadCount="6"/>
+
+ <Sender
+ className="org.apache.catalina.cluster.tcp.ReplicationTransmitter"
+ replicationMode="pooled"/>
+
+ <Valve className="org.apache.catalina.cluster.tcp.ReplicationValve"
+ filter=".*\.gif;.*\.js;.*\.jpg;.*\.htm;.*\.html;.*\.txt;"/>
+
+ <Deployer className="org.apache.catalina.cluster.deploy.FarmWarDeployer"
+ tempDir="/tmp/war-temp/"
+ deployDir="/tmp/war-deploy/"
+ watchDir="/tmp/war-listen/"
+ watchEnabled="false"/>
+ </Cluster>
+ -->
+
+
+
+ <!-- Normally, users must authenticate themselves to each web app
+ individually. Uncomment the following entry if you would like
+ a user to be authenticated the first time they encounter a
+ resource protected by a security constraint, and then have that
+ user identity maintained across *all* web applications contained
+ in this virtual host. -->
+ <!--
+ <Valve className="org.apache.catalina.authenticator.SingleSignOn"
+ debug="0"/>
+ -->
+
+ <!-- Access log processes all requests for this virtual host. By
+ default, log files are created in the "logs" directory relative to
+ $CATALINA_HOME. If you wish, you can specify a different
+ directory with the "directory" attribute. Specify either a relative
+ (to $CATALINA_HOME) or absolute path to the desired directory.
+ -->
+ <!--
+ <Valve className="org.apache.catalina.valves.AccessLogValve"
+ directory="logs" prefix="localhost_access_log." suffix=".txt"
+ pattern="common" resolveHosts="false"/>
+ -->
+
+ <!-- Logger shared by all Contexts related to this virtual host. By
+ default (when using FileLogger), log files are created in the "logs"
+ directory relative to $CATALINA_HOME. If you wish, you can specify
+ a different directory with the "directory" attribute. Specify either a
+ relative (to $CATALINA_HOME) or absolute path to the desired
+ directory.-->
+ <Logger className="org.apache.catalina.logger.FileLogger"
+ directory="logs" prefix="localhost_log." suffix=".txt"
+ timestamp="true"/>
+
+ <!-- Tomcat Root Context -->
+ <!--
+ <Context path="" docBase="../webappsProxy" debug="0"/>
+ -->
+
+ </Host>
+
+ </Engine>
+
+ </Service>
+
+</Server>
diff --git a/id/server/doc/MOA-ID-Configuration-1.4.2.xsd b/id/server/doc/MOA-ID-Configuration-1.4.2.xsd new file mode 100644 index 000000000..5a87e3fde --- /dev/null +++ b/id/server/doc/MOA-ID-Configuration-1.4.2.xsd @@ -0,0 +1,506 @@ +<?xml version="1.0" encoding="UTF-8"?>
+<!-- edited with XMLSPY v5 rel. 4 U (http://www.xmlspy.com) by Rudolf Schamberger (Stabsstelle IKT-Strategie) (Bundesrechenzentrum GmbH) -->
+<xsd:schema xmlns="http://www.buergerkarte.at/namespaces/moaconfig#" xmlns:pr="http://reference.e-government.gv.at/namespace/persondata/20020228#" xmlns:xsd="http://www.w3.org/2001/XMLSchema" xmlns:dsig="http://www.w3.org/2000/09/xmldsig#" targetNamespace="http://www.buergerkarte.at/namespaces/moaconfig#" elementFormDefault="qualified" attributeFormDefault="unqualified" version="1.1.1">
+ <xsd:import namespace="http://www.w3.org/2000/09/xmldsig#" schemaLocation="http://www.w3.org/TR/xmldsig-core/xmldsig-core-schema.xsd"/>
+ <xsd:import namespace="http://reference.e-government.gv.at/namespace/persondata/20020228#" schemaLocation="PersonData_20_en_moaWID.xsd"/>
+ <xsd:element name="Configuration">
+ <xsd:complexType>
+ <xsd:sequence>
+ <xsd:element name="LoginType" type="LoginType" default="stateful"/>
+ <xsd:element name="Binding" minOccurs="0">
+ <xsd:simpleType>
+ <xsd:restriction base="xsd:string">
+ <xsd:enumeration value="full"/>
+ <xsd:enumeration value="userName"/>
+ <xsd:enumeration value="none"/>
+ </xsd:restriction>
+ </xsd:simpleType>
+ </xsd:element>
+ <xsd:choice>
+ <xsd:element ref="ParamAuth"/>
+ <xsd:element ref="BasicAuth"/>
+ <xsd:element ref="HeaderAuth"/>
+ </xsd:choice>
+ </xsd:sequence>
+ </xsd:complexType>
+ </xsd:element>
+ <xsd:simpleType name="LoginType">
+ <xsd:restriction base="xsd:token">
+ <xsd:enumeration value="stateless"/>
+ <xsd:enumeration value="stateful"/>
+ </xsd:restriction>
+ </xsd:simpleType>
+ <xsd:element name="ParamAuth">
+ <xsd:complexType>
+ <xsd:sequence>
+ <xsd:element ref="Parameter" maxOccurs="unbounded"/>
+ </xsd:sequence>
+ </xsd:complexType>
+ </xsd:element>
+ <xsd:element name="Parameter">
+ <xsd:complexType>
+ <xsd:attribute name="Name" type="xsd:token" use="required"/>
+ <xsd:attribute name="Value" type="MOAAuthDataType" use="required"/>
+ </xsd:complexType>
+ </xsd:element>
+ <xsd:element name="BasicAuth">
+ <xsd:complexType>
+ <xsd:sequence>
+ <xsd:element name="UserID" type="MOAAuthDataType"/>
+ <xsd:element name="Password" type="MOAAuthDataType"/>
+ </xsd:sequence>
+ </xsd:complexType>
+ </xsd:element>
+ <xsd:element name="HeaderAuth">
+ <xsd:complexType>
+ <xsd:sequence>
+ <xsd:element ref="Header" maxOccurs="unbounded"/>
+ </xsd:sequence>
+ </xsd:complexType>
+ </xsd:element>
+ <xsd:element name="Header">
+ <xsd:complexType>
+ <xsd:attribute name="Name" type="xsd:token" use="required"/>
+ <xsd:attribute name="Value" type="MOAAuthDataType" use="required"/>
+ </xsd:complexType>
+ </xsd:element>
+ <xsd:simpleType name="MOAAuthDataType">
+ <xsd:restriction base="xsd:token">
+ <xsd:enumeration value="MOAGivenName"/>
+ <xsd:enumeration value="MOAFamilyName"/>
+ <xsd:enumeration value="MOADateOfBirth"/>
+ <xsd:enumeration value="MOABPK"/>
+ <xsd:enumeration value="MOAWBPK"/>
+ <xsd:enumeration value="MOAPublicAuthority"/>
+ <xsd:enumeration value="MOABKZ"/>
+ <xsd:enumeration value="MOAQualifiedCertificate"/>
+ <xsd:enumeration value="MOAStammzahl"/>
+ <xsd:enumeration value="MOAIdentificationValueType"/>
+ <xsd:enumeration value="MOAIPAddress"/>
+ </xsd:restriction>
+ </xsd:simpleType>
+ <xsd:simpleType name="MOAKeyBoxSelector">
+ <xsd:restriction base="xsd:token">
+ <xsd:enumeration value="SecureSignatureKeypair"/>
+ <xsd:enumeration value="CertifiedKeypair"/>
+ </xsd:restriction>
+ </xsd:simpleType>
+ <!--Konfiguration für Authentisierungs- und Proxy-Komponente und Online-Applikation-->
+ <xsd:element name="MOA-IDConfiguration">
+ <xsd:complexType>
+ <xsd:sequence>
+ <xsd:element name="AuthComponent" type="AuthComponentType" minOccurs="0">
+ <xsd:annotation>
+ <xsd:documentation>enthält Parameter der
+ Authentisierungs-Komponente</xsd:documentation>
+ </xsd:annotation>
+ </xsd:element>
+ <xsd:element name="ProxyComponent" minOccurs="0">
+ <xsd:annotation>
+ <xsd:documentation>enthält Konfigurationsparameter der
+ Proxy-Komponente</xsd:documentation>
+ </xsd:annotation>
+ <xsd:complexType>
+ <xsd:sequence>
+ <xsd:element name="AuthComponent">
+ <xsd:annotation>
+ <xsd:documentation>enthält Parameter für die Kommunikation zw.
+ Proxykomponente und Authenttisierungskomponente</xsd:documentation>
+ </xsd:annotation>
+ <xsd:complexType>
+ <xsd:sequence>
+ <xsd:element name="ConnectionParameter" type="ConnectionParameterClientAuthType" minOccurs="0">
+ <xsd:annotation>
+ <xsd:documentation>enthält Parameter für die SOAP-Verbindung von der
+ Proxy-Komponente zur Auth-Komponente (vgl.
+ AuthComponent/MOA-SP/ConnectionParameter)</xsd:documentation>
+ </xsd:annotation>
+ </xsd:element>
+ </xsd:sequence>
+ </xsd:complexType>
+ </xsd:element>
+ </xsd:sequence>
+ </xsd:complexType>
+ </xsd:element>
+ <xsd:element name="OnlineApplication" maxOccurs="unbounded">
+ <xsd:annotation>
+ <xsd:documentation>enthält Parameter für die OA</xsd:documentation>
+ </xsd:annotation>
+ <xsd:complexType>
+ <xsd:complexContent>
+ <xsd:extension base="OnlineApplicationType">
+ <xsd:attribute name="publicURLPrefix" type="xsd:anyURI" use="required"/>
+ <xsd:attribute name="keyBoxIdentifier" type="MOAKeyBoxSelector" use="optional" default="SecureSignatureKeypair"/>
+ <xsd:attribute name="type" use="optional" default="publicService">
+ <xsd:simpleType>
+ <xsd:restriction base="xsd:NMTOKEN">
+ <xsd:enumeration value="businessService"/>
+ <xsd:enumeration value="publicService"/>
+ </xsd:restriction>
+ </xsd:simpleType>
+ </xsd:attribute>
+ <xsd:attribute name="calculateHPI" type="xsd:boolean" use="optional" default="false"/>
+ </xsd:extension>
+ </xsd:complexContent>
+ </xsd:complexType>
+ </xsd:element>
+ <xsd:element name="ChainingModes" minOccurs="0">
+ <xsd:annotation>
+ <xsd:documentation>spezifiziert den Algorithmus ("pkix" oder "chaining") für die
+ Zertifikatspfadvalidierung</xsd:documentation>
+ </xsd:annotation>
+ <xsd:complexType>
+ <xsd:sequence minOccurs="0" maxOccurs="unbounded">
+ <xsd:element name="TrustAnchor">
+ <xsd:annotation>
+ <xsd:documentation>ein vom SystemDefaultMode abweichender ChiningMode kann
+ für jeden TrustAnchor gesetzt werden</xsd:documentation>
+ </xsd:annotation>
+ <xsd:complexType>
+ <xsd:complexContent>
+ <xsd:extension base="dsig:X509IssuerSerialType">
+ <xsd:attribute name="mode" type="ChainingModeType" use="required"/>
+ </xsd:extension>
+ </xsd:complexContent>
+ </xsd:complexType>
+ </xsd:element>
+ </xsd:sequence>
+ <xsd:attribute name="systemDefaultMode" type="ChainingModeType" use="optional" default="pkix"/>
+ </xsd:complexType>
+ </xsd:element>
+ <xsd:element name="TrustedCACertificates" type="xsd:anyURI" minOccurs="0">
+ <xsd:annotation>
+ <xsd:documentation>verweist auf ein Verzeichnis, das vertrauenswürdige CA
+ (Zwischen-CA, Wurzel-CA) Zertifikate enthält.</xsd:documentation>
+ </xsd:annotation>
+ </xsd:element>
+ <xsd:element name="GenericConfiguration" minOccurs="0" maxOccurs="unbounded">
+ <xsd:complexType>
+ <xsd:attribute name="name" use="required">
+ <xsd:simpleType>
+ <xsd:restriction base="xsd:string">
+ <xsd:enumeration value="DirectoryCertStoreParameters.RootDir"/>
+ <xsd:enumeration value="AuthenticationSession.TimeOut"/>
+ <xsd:enumeration value="AuthenticationData.TimeOut"/>
+ <xsd:enumeration value="TrustManager.RevocationChecking"/>
+ <xsd:enumeration value="FrontendServlets.EnableHTTPConnection"/>
+ <xsd:enumeration value="FrontendServlets.DataURLPrefix"/>
+ </xsd:restriction>
+ </xsd:simpleType>
+ </xsd:attribute>
+ <xsd:attribute name="value" type="xsd:string" use="required"/>
+ </xsd:complexType>
+ </xsd:element>
+ </xsd:sequence>
+ </xsd:complexType>
+ </xsd:element>
+ <xsd:complexType name="AuthComponentType">
+ <xsd:sequence>
+ <xsd:element name="BKUSelection" minOccurs="0">
+ <xsd:complexType>
+ <xsd:sequence>
+ <xsd:element name="ConnectionParameter" type="ConnectionParameterServerAuthType"/>
+ </xsd:sequence>
+ <xsd:attribute name="BKUSelectionAlternative" type="BKUSelectionType" use="optional" default="HTMLComplete"/>
+ </xsd:complexType>
+ </xsd:element>
+ <xsd:element name="Templates" type="TemplatesType" minOccurs="0"/>
+ <xsd:element name="SecurityLayer">
+ <xsd:annotation>
+ <xsd:documentation>enthält Parameter für die Kommunikation mit dem
+ Security-Layer</xsd:documentation>
+ </xsd:annotation>
+ <xsd:complexType>
+ <xsd:sequence>
+ <xsd:element name="TransformsInfo" type="TransformsInfoType" maxOccurs="unbounded"/>
+ </xsd:sequence>
+ </xsd:complexType>
+ </xsd:element>
+ <xsd:element name="MOA-SP">
+ <xsd:annotation>
+ <xsd:documentation>enthält Konfiguratiosnparameter für die Kommunikation mit dem MOA
+ SP Modul</xsd:documentation>
+ </xsd:annotation>
+ <xsd:complexType>
+ <xsd:sequence>
+ <xsd:element name="ConnectionParameter" type="ConnectionParameterClientAuthType" minOccurs="0">
+ <xsd:annotation>
+ <xsd:documentation>enthält Parameter für die SOAP-Verbindung von der
+ AUTH-Komponente zu MOA-SP; das Attribut URL enthält den Endpunkt des Server;
+ wird das Schema "https" verwendet müssen die Kind-Elemente angegeben werden;
+ wird das Schema "http" verwendet dürfen keine Kind-Elemente angegeben
+ werden; wird das Element nicht verwendet dann wird MOA-SP über das API
+ aufgerufen</xsd:documentation>
+ </xsd:annotation>
+ </xsd:element>
+ <xsd:element name="VerifyIdentityLink">
+ <xsd:annotation>
+ <xsd:documentation>enthält Parameter für die Überprüfung der
+ Personenbindung</xsd:documentation>
+ </xsd:annotation>
+ <xsd:complexType>
+ <xsd:sequence>
+ <xsd:element ref="TrustProfileID"/>
+ </xsd:sequence>
+ </xsd:complexType>
+ </xsd:element>
+ <xsd:element name="VerifyAuthBlock">
+ <xsd:annotation>
+ <xsd:documentation>enthält Parameter für die Überprüfung des
+ AUTH-Blocks</xsd:documentation>
+ </xsd:annotation>
+ <xsd:complexType>
+ <xsd:sequence>
+ <xsd:element ref="TrustProfileID"/>
+ <xsd:element name="VerifyTransformsInfoProfileID" type="xsd:string" minOccurs="0" maxOccurs="unbounded"/>
+ </xsd:sequence>
+ </xsd:complexType>
+ </xsd:element>
+ </xsd:sequence>
+ </xsd:complexType>
+ </xsd:element>
+ <xsd:element name="IdentityLinkSigners" minOccurs="0">
+ <xsd:annotation>
+ <xsd:documentation>enthält Informationen über akzeptierte Signers des
+ IdentityLinks</xsd:documentation>
+ </xsd:annotation>
+ <xsd:complexType>
+ <xsd:sequence>
+ <xsd:element name="X509SubjectName" type="xsd:string" maxOccurs="unbounded">
+ <xsd:annotation>
+ <xsd:documentation>akzeptierte Signer des IdentityLinks werden per
+ X509SubjectName (Kodierung nach RFC 2253) identifiziert</xsd:documentation>
+ </xsd:annotation>
+ </xsd:element>
+ </xsd:sequence>
+ </xsd:complexType>
+ </xsd:element>
+ <xsd:element name="VerifyInfoboxes" type="VerifyInfoboxesType" minOccurs="0">
+ <xsd:annotation>
+ <xsd:documentation>enthält Defaultparameter für die Überprüfung weiterer Infoboxen</xsd:documentation>
+ </xsd:annotation>
+ </xsd:element>
+ </xsd:sequence>
+ </xsd:complexType>
+ <xsd:complexType name="TransformsInfoType">
+ <xsd:annotation>
+ <xsd:documentation>das Attribut filename verweist auf eine Datei mit globalem
+ Element TransformsInfo vom Typ sl10:TransformsInfo; diese TransformsInfo
+ werden in den CreateXMLSignatureRequest für die Signatur des AUTH-Blocks
+ inkludiert</xsd:documentation>
+ </xsd:annotation>
+ <xsd:attribute name="filename" type="xsd:anyURI" use="required"/>
+ </xsd:complexType>
+ <xsd:complexType name="TemplatesType">
+ <xsd:sequence>
+ <xsd:element name="BKUSelectionTemplate" type="TemplateType" minOccurs="0"/>
+ <xsd:element name="Template" type="TemplateType" minOccurs="0"/>
+ <xsd:element name="InputProcessorSignTemplate" type="TemplateType" minOccurs="0"/>
+ </xsd:sequence>
+ </xsd:complexType>
+ <xsd:complexType name="TemplateType">
+ <xsd:annotation>
+ <xsd:documentation>das Attribut URL spezifiziert die Lage des Templates</xsd:documentation>
+ </xsd:annotation>
+ <xsd:attribute name="URL" type="xsd:anyURI" use="required"/>
+ </xsd:complexType>
+ <xsd:complexType name="VerifyInfoboxesType">
+ <xsd:annotation>
+ <xsd:documentation>Verifikation zusätzlicher Infoboxen</xsd:documentation>
+ </xsd:annotation>
+ <xsd:sequence>
+ <xsd:element name="DefaultTrustProfile" minOccurs="0">
+ <xsd:annotation>
+ <xsd:documentation>Optionales DefaultTrustprofil für die Überprüfung aller weiteren Infoboxen</xsd:documentation>
+ </xsd:annotation>
+ <xsd:complexType>
+ <xsd:sequence>
+ <xsd:element ref="TrustProfileID"/>
+ </xsd:sequence>
+ </xsd:complexType>
+ </xsd:element>
+ <xsd:element name="Infobox" maxOccurs="unbounded">
+ <xsd:annotation>
+ <xsd:documentation>Parameter für Überprüfung weiterer Infoboxen</xsd:documentation>
+ </xsd:annotation>
+ <xsd:complexType>
+ <xsd:sequence>
+ <xsd:element name="FriendlyName" type="xsd:string" minOccurs="0">
+ <xsd:annotation>
+ <xsd:documentation>optionalervName, der für Fehlermeldungen verwendet werden soll;
+ z.B.: "Stellvertretungen" für "Mandates"; fehlt dieser Parameter, dann wird
+ das Identifier-Attribut verwendet</xsd:documentation>
+ </xsd:annotation>
+ </xsd:element>
+ <xsd:element name="TrustProfileID" type="xsd:string" minOccurs="0">
+ <xsd:annotation>
+ <xsd:documentation>TrustProfil, das für die Überprüfung der Infobox
+ verwendet werden soll</xsd:documentation>
+ </xsd:annotation>
+ </xsd:element>
+ <xsd:element name="ValidatorClass" type="xsd:string" minOccurs="0">
+ <xsd:annotation>
+ <xsd:documentation>Validatorklasse, die für die Prüfung der Infobox
+ verwendet werden soll; muss gesetzt werden, wenn Package- und Klassenname
+ vom Default Package- und Klassennamen abweichen</xsd:documentation>
+ </xsd:annotation>
+ </xsd:element>
+ <xsd:element name="SchemaLocations" type="SchemaLocationType" minOccurs="0"/>
+ <xsd:element name="ApplicationSpecificParameters" minOccurs="0">
+ <xsd:annotation>
+ <xsd:documentation>Infobox spezifische Parameter, die der jeweiligen Prüfapplikation
+ übergeben werden</xsd:documentation>
+ </xsd:annotation>
+ <xsd:complexType>
+ <xsd:sequence>
+ <xsd:any namespace="##any" processContents="skip" maxOccurs="unbounded"/>
+ </xsd:sequence>
+ </xsd:complexType>
+ </xsd:element>
+ </xsd:sequence>
+ <xsd:attribute name="Identifier" type="xsd:string" use="required"/>
+ <xsd:attribute name="required" type="xsd:boolean" use="optional" default="false"/>
+ <xsd:attribute name="provideStammzahl" type="xsd:boolean" use="optional" default="false"/>
+ <xsd:attribute name="provideIdentityLink" type="xsd:boolean" use="optional" default="false"/>
+ </xsd:complexType>
+ </xsd:element>
+ </xsd:sequence>
+ </xsd:complexType>
+ <xsd:complexType name="SchemaLocationType">
+ <xsd:annotation>
+ <xsd:documentation>Spezifiziert die Lage von XML Schemas</xsd:documentation>
+ </xsd:annotation>
+ <xsd:sequence>
+ <xsd:element name="Schema" maxOccurs="unbounded">
+ <xsd:complexType>
+ <xsd:attribute name="namespace" type="xsd:anyURI" use="required"/>
+ <xsd:attribute name="schemaLocation" type="xsd:anyURI" use="required"/>
+ </xsd:complexType>
+ </xsd:element>
+ </xsd:sequence>
+ </xsd:complexType>
+ <xsd:complexType name="ProxyComponentType"/>
+ <xsd:complexType name="OnlineApplicationType">
+ <xsd:sequence>
+ <xsd:element name="AuthComponent" minOccurs="0">
+ <xsd:annotation>
+ <xsd:documentation>enthält Parameter über die OA, die die
+ Authentisierungs-Komponente betreffen</xsd:documentation>
+ </xsd:annotation>
+ <xsd:complexType>
+ <xsd:sequence>
+ <!--xsd:element name="IdentificationNumber" minOccurs="0">
+ <xsd:complexType>
+ <xsd:sequence>
+ <xsd:element ref="pr:AbstractSimpleIdentification"/>
+ </xsd:sequence>
+ </xsd:complexType>
+ </xsd:element-->
+ <xsd:element name="IdentificationNumber" minOccurs="0">
+ <xsd:complexType>
+ <xsd:choice>
+ <xsd:element ref="pr:Firmenbuchnummer"/>
+ <xsd:element ref="pr:ZMRzahl"/>
+ <xsd:element ref="pr:Vereinsnummer"/>
+ <xsd:element ref="pr:ERJPZahl"/>
+ <xsd:element name="AnyNumber">
+ <xsd:complexType>
+ <xsd:simpleContent>
+ <xsd:extension base="xsd:string">
+ <xsd:attribute name="Identifier" type="xsd:string" use="required"/>
+ </xsd:extension>
+ </xsd:simpleContent>
+ </xsd:complexType>
+ </xsd:element>
+ </xsd:choice>
+ </xsd:complexType>
+ </xsd:element>
+ <xsd:element name="Templates" type="TemplatesType" minOccurs="0"/>
+ <xsd:element name="TransformsInfo" type="TransformsInfoType" minOccurs="0" maxOccurs="unbounded"/>
+ <xsd:element name="VerifyInfoboxes" type="VerifyInfoboxesType" minOccurs="0"/>
+ </xsd:sequence>
+ <xsd:attribute name="slVersion" use="optional" default="1.1">
+ <xsd:simpleType>
+ <xsd:restriction base="xsd:string">
+ <xsd:enumeration value="1.1"/>
+ <xsd:enumeration value="1.2"/>
+ </xsd:restriction>
+ </xsd:simpleType>
+ </xsd:attribute>
+ <xsd:attribute name="provideStammzahl" type="xsd:boolean" use="optional" default="false"/>
+ <xsd:attribute name="provideAUTHBlock" type="xsd:boolean" use="optional" default="false"/>
+ <xsd:attribute name="provideIdentityLink" type="xsd:boolean" use="optional" default="false"/>
+ <xsd:attribute name="provideCertificate" type="xsd:boolean" use="optional" default="false"/>
+ <!--xsd:element ref="pr:AbstractSimpleIdentification" minOccurs="0" maxOccurs="1"/-->
+ </xsd:complexType>
+ </xsd:element>
+ <xsd:element name="ProxyComponent" minOccurs="0">
+ <xsd:annotation>
+ <xsd:documentation>enthält Parameter über die OA, die die Proxy-Komponente
+ betreffen</xsd:documentation>
+ </xsd:annotation>
+ <xsd:complexType>
+ <xsd:sequence>
+ <xsd:element name="ConnectionParameter" type="ConnectionParameterClientAuthType">
+ <xsd:annotation>
+ <xsd:documentation>enthält Parameter über die OA, die die Proxy-Komponente
+ betreffen</xsd:documentation>
+ </xsd:annotation>
+ </xsd:element>
+ </xsd:sequence>
+ <xsd:attribute name="configFileURL" type="xsd:anyURI" use="optional"/>
+ <xsd:attribute name="sessionTimeOut" type="xsd:int" use="optional"/>
+ <xsd:attribute name="loginParameterResolverImpl" type="xsd:string" use="optional"/>
+ <xsd:attribute name="loginParameterResolverConfiguration" type="xsd:string" use="optional"/>
+ <xsd:attribute name="connectionBuilderImpl" type="xsd:string" use="optional"/>
+ </xsd:complexType>
+ </xsd:element>
+ <!--xsd:element ref="pr:CorporateBody" minOccurs="0" maxOccurs="1"/-->
+ </xsd:sequence>
+ </xsd:complexType>
+ <xsd:complexType name="ConnectionParameterServerAuthType">
+ <xsd:sequence>
+ <xsd:element name="AcceptedServerCertificates" type="xsd:anyURI" minOccurs="0">
+ <xsd:annotation>
+ <xsd:documentation>URL zu einem Verzeichnis, das akzeptierte Server-Zertifikate der
+ TLS-Verbindung enthält (keine CA-Zertifikate)</xsd:documentation>
+ </xsd:annotation>
+ </xsd:element>
+ </xsd:sequence>
+ <xsd:attribute name="URL" type="xsd:anyURI" use="required"/>
+ </xsd:complexType>
+ <xsd:complexType name="ConnectionParameterClientAuthType">
+ <xsd:complexContent>
+ <xsd:extension base="ConnectionParameterServerAuthType">
+ <xsd:sequence>
+ <xsd:element name="ClientKeyStore" minOccurs="0">
+ <xsd:annotation>
+ <xsd:documentation>URL zu einem KeyStore, der den privaten Schlüssel, der für
+ die TLS-Client-Authentisierung verwendetwird, enthält</xsd:documentation>
+ </xsd:annotation>
+ <xsd:complexType>
+ <xsd:simpleContent>
+ <xsd:extension base="xsd:anyURI">
+ <xsd:attribute name="password" type="xsd:string" use="optional"/>
+ </xsd:extension>
+ </xsd:simpleContent>
+ </xsd:complexType>
+ </xsd:element>
+ </xsd:sequence>
+ </xsd:extension>
+ </xsd:complexContent>
+ </xsd:complexType>
+ <xsd:element name="TrustProfileID" type="xsd:string"/>
+ <xsd:simpleType name="ChainingModeType">
+ <xsd:restriction base="xsd:string">
+ <xsd:enumeration value="chaining"/>
+ <xsd:enumeration value="pkix"/>
+ </xsd:restriction>
+ </xsd:simpleType>
+ <xsd:simpleType name="BKUSelectionType">
+ <xsd:restriction base="xsd:token">
+ <xsd:enumeration value="HTMLComplete"/>
+ <xsd:enumeration value="HTMLSelect"/>
+ </xsd:restriction>
+ </xsd:simpleType>
+</xsd:schema>
diff --git a/id/server/doc/MOA-Testzertifikate.vsd b/id/server/doc/MOA-Testzertifikate.vsd Binary files differnew file mode 100644 index 000000000..c36051c04 --- /dev/null +++ b/id/server/doc/MOA-Testzertifikate.vsd diff --git a/id/server/doc/moa_id/id-admin_1.htm b/id/server/doc/moa_id/id-admin_1.htm index d289f7929..173e3012a 100644 --- a/id/server/doc/moa_id/id-admin_1.htm +++ b/id/server/doc/moa_id/id-admin_1.htm @@ -140,8 +140,8 @@ Unterschiede sind in der Installationsanweisung angeführt. <b>Minimale Konfiguration</b> <br /> Die zentrale Konfigurations-Datei von Tomcat ist $CATALINA_HOME/conf/server.xml. Tomcat wird grundsätzlich mit einer funktionierenden Default-Konfiguration ausgeliefert, die jedoch einiges an Ballast enthält und viele Ports -offen lässt. Die Datei $MOA_ID_INST_AUTH/tomcat/server.xml (bzw. $MOA_ID_INST_PROXY/tomcat/server.xml) enthält eine minimale -Tomcat-Konfiguration, die je einen Connector für HTTP und für HTTPS freischaltet.<br /><br /> +offen lässt. Die Datei server.xml im Verzeichnis mit der Versionsnummer des verwendeten Tomcats unter $MOA_ID_INST_AUTH/tomcat (bzw. $MOA_ID_INST_PROXY/tomcat) enthält eine minimale +Tomcat-Konfiguration, die je einen Connector für HTTP und für HTTPS freischaltet. Die jeweilige Datei server.mod_jk.xml schaltet zusätzlich den AJP Connector Port für den Apache Webserver frei (falls diese Datei verwendet werden soll ist sie zuvor noch auf server.xml umzubenennen).<br /><br /> <b>SSL</b><br /> Für den sicheren Betrieb von MOA-ID-AUTH ist die Verwendung von SSL Voraussetzung, sofern nicht ein vorgelagerter WebServer (Apache oder IIS) das SSL-Handling übernimmt. Ebenso kann SSL auch für MOA-ID-PROXY verwendet werden. diff --git a/id/server/idserverlib/.classpath b/id/server/idserverlib/.classpath new file mode 100644 index 000000000..01edb156d --- /dev/null +++ b/id/server/idserverlib/.classpath @@ -0,0 +1,9 @@ +<?xml version="1.0" encoding="UTF-8"?>
+<classpath>
+ <classpathentry kind="src" path="src/main/java"/>
+ <classpathentry kind="src" path="src/test/java"/>
+ <classpathentry excluding="**" kind="src" output="src/main/resources" path="src/main/resources"/>
+ <classpathentry kind="con" path="org.eclipse.jdt.launching.JRE_CONTAINER"/>
+ <classpathentry kind="con" path="org.maven.ide.eclipse.MAVEN2_CLASSPATH_CONTAINER"/>
+ <classpathentry kind="output" path="target/classes"/>
+</classpath>
diff --git a/id/server/idserverlib/.project b/id/server/idserverlib/.project new file mode 100644 index 000000000..b2e34e738 --- /dev/null +++ b/id/server/idserverlib/.project @@ -0,0 +1,36 @@ +<?xml version="1.0" encoding="UTF-8"?>
+<projectDescription>
+ <name>moa-id-lib</name>
+ <comment></comment>
+ <projects>
+ </projects>
+ <buildSpec>
+ <buildCommand>
+ <name>org.eclipse.wst.common.project.facet.core.builder</name>
+ <arguments>
+ </arguments>
+ </buildCommand>
+ <buildCommand>
+ <name>org.eclipse.jdt.core.javabuilder</name>
+ <arguments>
+ </arguments>
+ </buildCommand>
+ <buildCommand>
+ <name>org.eclipse.wst.validation.validationbuilder</name>
+ <arguments>
+ </arguments>
+ </buildCommand>
+ <buildCommand>
+ <name>org.maven.ide.eclipse.maven2Builder</name>
+ <arguments>
+ </arguments>
+ </buildCommand>
+ </buildSpec>
+ <natures>
+ <nature>org.eclipse.jdt.core.javanature</nature>
+ <nature>org.maven.ide.eclipse.maven2Nature</nature>
+ <nature>org.eclipse.wst.common.project.facet.core.nature</nature>
+ <nature>org.eclipse.wst.common.modulecore.ModuleCoreNature</nature>
+ <nature>org.eclipse.jem.workbench.JavaEMFNature</nature>
+ </natures>
+</projectDescription>
diff --git a/id/server/idserverlib/pom.xml b/id/server/idserverlib/pom.xml index d313e1eb0..93d61588c 100644 --- a/id/server/idserverlib/pom.xml +++ b/id/server/idserverlib/pom.xml @@ -1,175 +1,189 @@ -<project xmlns="http://maven.apache.org/POM/4.0.0" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 http://maven.apache.org/maven-v4_0_0.xsd"> - <parent> - <groupId>MOA.id</groupId> - <artifactId>moa-id</artifactId> - <version>1.4.2beta1</version> - </parent> - - <modelVersion>4.0.0</modelVersion> - <groupId>MOA.id.server</groupId> - <artifactId>moa-id-lib</artifactId> - <packaging>jar</packaging> - <version>1.4.2beta1</version> - <name>MOA ID API</name> - - <properties> - <repositoryPath>${basedir}/../../../repository</repositoryPath> - </properties> - - <dependencies> - <dependency> - <groupId>MOA</groupId> - <artifactId>moa-common</artifactId> - <type>jar</type> - </dependency> - <dependency> - <groupId>MOA</groupId> - <artifactId>moa-common</artifactId> - <type>test-jar</type> - <scope>test</scope> - </dependency> - <dependency> - <groupId>MOA.spss.server</groupId> - <artifactId>moa-spss-lib</artifactId> - <!--version>${project.version}</version--> - </dependency> - <dependency> - <groupId>axis</groupId> - <artifactId>axis</artifactId> - <version>1.4</version> - </dependency> - <dependency> - <groupId>javax.mail</groupId> - <artifactId>mail</artifactId> - </dependency> - <dependency> - <groupId>javax.servlet</groupId> - <artifactId>servlet-api</artifactId> - <scope>provided</scope> - </dependency> - <dependency> - <groupId>xerces</groupId> - <artifactId>xercesImpl</artifactId> - </dependency> - <dependency> - <groupId>xalan-bin-dist</groupId> - <artifactId>xml-apis</artifactId> - </dependency> - <dependency> - <groupId>xalan-bin-dist</groupId> - <artifactId>xalan</artifactId> - </dependency> - <dependency> - <groupId>xalan-bin-dist</groupId> - <artifactId>serializer</artifactId> - </dependency> - <dependency> - <groupId>junit</groupId> - <artifactId>junit</artifactId> - <scope>test</scope> - </dependency> - <dependency> - <groupId>commons-logging</groupId> - <artifactId>commons-logging</artifactId> - </dependency> - <dependency> - <groupId>commons-discovery</groupId> - <artifactId>commons-discovery</artifactId> - </dependency> - <dependency> - <groupId>commons-fileupload</groupId> - <artifactId>commons-fileupload</artifactId> - </dependency> - <dependency> - <groupId>dav4j</groupId> - <artifactId>dav4j</artifactId> - </dependency> - <dependency> - <groupId>httpsclient</groupId> - <artifactId>httpsclient</artifactId> - </dependency> - <dependency> - <groupId>iaik.prod</groupId> - <artifactId>iaik_moa</artifactId> - </dependency> - <dependency> - <groupId>iaik.prod</groupId> - <artifactId>iaik_ecc</artifactId> - </dependency> - <dependency> - <groupId>iaik.prod</groupId> - <artifactId>iaik_jce_full</artifactId> - <scope>provided</scope> - </dependency> - <dependency> - <groupId>iaik.prod</groupId> - <artifactId>iaik_ixsil</artifactId> - </dependency> - <dependency> - <groupId>iaik.prod</groupId> - <artifactId>iaik_X509TrustManager</artifactId> - </dependency> - <dependency> - <groupId>regexp</groupId> - <artifactId>regexp</artifactId> - </dependency> - </dependencies> - - <build> - <plugins> - <plugin> - <groupId>org.apache.maven.plugins</groupId> - <artifactId>maven-jar-plugin</artifactId> - <configuration> - <archive> - <addMavenDescriptor>false</addMavenDescriptor> - </archive> - </configuration> - <executions> - <execution> - <goals> - <goal>test-jar</goal> - </goals> - </execution> - </executions> - </plugin> - <plugin> - <groupId>org.apache.maven.plugins</groupId> - <artifactId>maven-javadoc-plugin</artifactId> - <version>2.2</version> - <configuration> - <quiet>true</quiet> - <author>false</author> - <version>false</version> - <use>true</use> - <excludePackageNames> - at.gv.egovernment.moa.spss.server.*;at.gv.egovernment.moa.spss.api.impl.*;at.gv.egovernment.moa.spss.impl.* - </excludePackageNames> - <tags> - <tag> - <name>pre</name> - <placement>a</placement> - <head>Preconditions:</head> - </tag> - <tag> - <name>post</name> - <placement>a</placement> - <head>Postconditions:</head> - </tag> - </tags> - <link>http://java.sun.com/j2se/1.4/docs/api/</link> - </configuration> - <executions> - <execution> - <id>generate-javadoc</id> - <phase>package</phase> - <goals> - <goal>jar</goal> - </goals> - </execution> - </executions> - </plugin> - </plugins> - </build> - -</project> +<project xmlns="http://maven.apache.org/POM/4.0.0" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 http://maven.apache.org/maven-v4_0_0.xsd">
+ <parent>
+ <groupId>MOA.id</groupId>
+ <artifactId>moa-id</artifactId>
+ <version>1.4.2beta2</version>
+ </parent>
+
+ <modelVersion>4.0.0</modelVersion>
+ <groupId>MOA.id.server</groupId>
+ <artifactId>moa-id-lib</artifactId>
+ <packaging>jar</packaging>
+ <version>1.4.2beta2</version>
+ <name>MOA ID API</name>
+
+ <properties>
+ <repositoryPath>${basedir}/../../../repository</repositoryPath>
+ </properties>
+
+ <dependencies>
+ <dependency>
+ <groupId>MOA</groupId>
+ <artifactId>moa-common</artifactId>
+ <type>jar</type>
+ </dependency>
+ <dependency>
+ <groupId>MOA</groupId>
+ <artifactId>moa-common</artifactId>
+ <type>test-jar</type>
+ <scope>test</scope>
+ </dependency>
+ <dependency>
+ <groupId>MOA.spss.server</groupId>
+ <artifactId>moa-spss-lib</artifactId>
+ <!--version>${project.version}</version-->
+ </dependency>
+ <dependency>
+ <groupId>axis</groupId>
+ <artifactId>axis</artifactId>
+ <version>1.4</version>
+ </dependency>
+ <dependency>
+ <groupId>javax.mail</groupId>
+ <artifactId>mail</artifactId>
+ </dependency>
+ <dependency>
+ <groupId>javax.servlet</groupId>
+ <artifactId>servlet-api</artifactId>
+ <scope>provided</scope>
+ </dependency>
+ <dependency>
+ <groupId>xerces</groupId>
+ <artifactId>xercesImpl</artifactId>
+ </dependency>
+ <dependency>
+ <groupId>xalan-bin-dist</groupId>
+ <artifactId>xml-apis</artifactId>
+ </dependency>
+ <dependency>
+ <groupId>xalan-bin-dist</groupId>
+ <artifactId>xalan</artifactId>
+ </dependency>
+ <dependency>
+ <groupId>xalan-bin-dist</groupId>
+ <artifactId>serializer</artifactId>
+ </dependency>
+ <dependency>
+ <groupId>junit</groupId>
+ <artifactId>junit</artifactId>
+ <scope>test</scope>
+ </dependency>
+ <dependency>
+ <groupId>commons-logging</groupId>
+ <artifactId>commons-logging</artifactId>
+ </dependency>
+ <dependency>
+ <groupId>commons-discovery</groupId>
+ <artifactId>commons-discovery</artifactId>
+ </dependency>
+ <dependency>
+ <groupId>commons-fileupload</groupId>
+ <artifactId>commons-fileupload</artifactId>
+ </dependency>
+ <dependency>
+ <groupId>commons-httpclient</groupId>
+ <artifactId>commons-httpclient</artifactId>
+ </dependency>
+ <dependency>
+ <groupId>dav4j</groupId>
+ <artifactId>dav4j</artifactId>
+ </dependency>
+ <dependency>
+ <groupId>httpsclient</groupId>
+ <artifactId>httpsclient</artifactId>
+ </dependency>
+ <dependency>
+ <groupId>iaik.prod</groupId>
+ <artifactId>iaik_moa</artifactId>
+ </dependency>
+ <dependency>
+ <groupId>iaik.prod</groupId>
+ <artifactId>iaik_ecc</artifactId>
+ </dependency>
+ <dependency>
+ <groupId>iaik.prod</groupId>
+ <artifactId>iaik_jce_full</artifactId>
+ <scope>provided</scope>
+ </dependency>
+ <dependency>
+ <groupId>iaik.prod</groupId>
+ <artifactId>iaik_ixsil</artifactId>
+ </dependency>
+ <dependency>
+ <groupId>iaik.prod</groupId>
+ <artifactId>iaik_X509TrustManager</artifactId>
+ </dependency>
+ <dependency>
+ <groupId>regexp</groupId>
+ <artifactId>regexp</artifactId>
+ </dependency>
+ <dependency>
+ <groupId>commons-httpclient</groupId>
+ <artifactId>commons-httpclient</artifactId>
+ <version>2.0.2</version>
+ </dependency>
+ <dependency>
+ <groupId>at.gv.egovernment.moa.id</groupId>
+ <artifactId>mandate-validate</artifactId>
+ <version>1.0</version>
+ </dependency>
+ </dependencies>
+
+ <build>
+ <plugins>
+ <plugin>
+ <groupId>org.apache.maven.plugins</groupId>
+ <artifactId>maven-jar-plugin</artifactId>
+ <configuration>
+ <archive>
+ <addMavenDescriptor>false</addMavenDescriptor>
+ </archive>
+ </configuration>
+ <executions>
+ <execution>
+ <goals>
+ <goal>test-jar</goal>
+ </goals>
+ </execution>
+ </executions>
+ </plugin>
+ <plugin>
+ <groupId>org.apache.maven.plugins</groupId>
+ <artifactId>maven-javadoc-plugin</artifactId>
+ <version>2.2</version>
+ <configuration>
+ <quiet>true</quiet>
+ <author>false</author>
+ <version>false</version>
+ <use>true</use>
+ <excludePackageNames>
+ at.gv.egovernment.moa.spss.server.*;at.gv.egovernment.moa.spss.api.impl.*;at.gv.egovernment.moa.spss.impl.*
+ </excludePackageNames>
+ <tags>
+ <tag>
+ <name>pre</name>
+ <placement>a</placement>
+ <head>Preconditions:</head>
+ </tag>
+ <tag>
+ <name>post</name>
+ <placement>a</placement>
+ <head>Postconditions:</head>
+ </tag>
+ </tags>
+ <link>http://java.sun.com/j2se/1.4/docs/api/</link>
+ </configuration>
+ <executions>
+ <execution>
+ <id>generate-javadoc</id>
+ <phase>package</phase>
+ <goals>
+ <goal>jar</goal>
+ </goals>
+ </execution>
+ </executions>
+ </plugin>
+ </plugins>
+ </build>
+
+</project>
diff --git a/id/server/idserverlib/src/main/java/META-INF/MANIFEST.MF b/id/server/idserverlib/src/main/java/META-INF/MANIFEST.MF new file mode 100644 index 000000000..5e9495128 --- /dev/null +++ b/id/server/idserverlib/src/main/java/META-INF/MANIFEST.MF @@ -0,0 +1,3 @@ +Manifest-Version: 1.0
+Class-Path:
+
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/AuthenticationServer.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/AuthenticationServer.java index 5f4ec2d29..75197943f 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/AuthenticationServer.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/AuthenticationServer.java @@ -3,6 +3,8 @@ package at.gv.egovernment.moa.id.auth; import iaik.pki.PKIException; import iaik.x509.X509Certificate; +import java.io.File; +import java.io.FileOutputStream; import java.io.IOException; import java.security.GeneralSecurityException; import java.util.Calendar; @@ -55,6 +57,9 @@ import at.gv.egovernment.moa.id.auth.validator.IdentityLinkValidator; import at.gv.egovernment.moa.id.auth.validator.InfoboxValidator; import at.gv.egovernment.moa.id.auth.validator.ValidateException; import at.gv.egovernment.moa.id.auth.validator.VerifyXMLSignatureResponseValidator; +import at.gv.egovernment.moa.id.auth.validator.parep.ParepUtils; +import at.gv.egovernment.moa.id.auth.validator.parep.ParepValidator; +import at.gv.egovernment.moa.id.auth.validator.parep.config.ParepConfiguration; import at.gv.egovernment.moa.id.config.ConfigurationException; import at.gv.egovernment.moa.id.config.ConfigurationProvider; import at.gv.egovernment.moa.id.config.ConnectionParameter; @@ -312,7 +317,7 @@ public class AuthenticationServer implements MOAIDAuthConstants { session.setOAURLRequested(oaURL); session.setPublicOAURLPrefix(oaParam.getPublicURLPrefix()); session.setAuthURL(authURL); - session.setTemplateURL(templateURL); + session.setTemplateURL(templateURL); session.setBusinessService(oaParam.getBusinessService()); } // BKU URL has not been set yet, even if session already exists @@ -320,6 +325,7 @@ public class AuthenticationServer implements MOAIDAuthConstants { bkuURL = DEFAULT_BKU; } session.setBkuURL(bkuURL); + session.setDomainIdentifier(oaParam.getIdentityLinkDomainIdentifier()); String infoboxReadRequest = new InfoboxReadRequestBuilder().build(oaParam.getSlVersion12(), oaParam.getBusinessService(), @@ -350,6 +356,7 @@ public class AuthenticationServer implements MOAIDAuthConstants { VerifyInfoboxParameters verifyInfoboxParameters = oaParam.getVerifyInfoboxParameters(); if (verifyInfoboxParameters != null) { pushInfobox = verifyInfoboxParameters.getPushInfobox(); + session.setPushInfobox(pushInfobox); } String certInfoRequest = new CertInfoVerifyXMLSignatureRequestBuilder().build(oaParam.getSlVersion12()); String certInfoDataURL = @@ -448,6 +455,23 @@ public class AuthenticationServer implements MOAIDAuthConstants { session.setIdentityLink(identityLink); // now validate the extended infoboxes verifyInfoboxes(session, infoboxReadResponseParameters, !oaParam.getProvideStammzahl()); + + return getCreateXMLSignatureRequestAuthBlockOrRedirect(session, authConf, oaParam); + } + + public String getCreateXMLSignatureRequestAuthBlockOrRedirect(AuthenticationSession session, AuthConfigurationProvider authConf, OAAuthParameter oaParam) + throws + ConfigurationException, + BuildException, + ValidateException { + + // check for intermediate processing of the infoboxes + if (session.isValidatorInputPending()) return "Redirect to Input Processor"; + + if (authConf==null) authConf = AuthConfigurationProvider.getInstance(); + if (oaParam==null) oaParam = AuthConfigurationProvider.getInstance(). + getOnlineApplicationParameter(session.getPublicOAURLPrefix()); + // builds the AUTH-block String authBlock = buildAuthenticationBlock(session); // session.setAuthBlock(authBlock); @@ -456,7 +480,7 @@ public class AuthenticationServer implements MOAIDAuthConstants { if ((transformsInfos == null) || (transformsInfos.length == 0)) { // no OA specific transforms specified, use default ones transformsInfos = authConf.getTransformsInfos(); - } + } String createXMLSignatureRequest = new CreateXMLSignatureRequestBuilder().build(authBlock, oaParam.getKeyBoxIdentifier(), @@ -464,6 +488,7 @@ public class AuthenticationServer implements MOAIDAuthConstants { oaParam.getSlVersion12()); return createXMLSignatureRequest; } + /** * Builds an authentication block <code><saml:Assertion></code> from given session data. * @param session authentication session @@ -534,8 +559,8 @@ public class AuthenticationServer implements MOAIDAuthConstants { authConfigurationProvider.getOnlineApplicationParameter(session.getPublicOAURLPrefix()); VerifyInfoboxParameters verifyInfoboxParameters = oaParam.getVerifyInfoboxParameters(); if (verifyInfoboxParameters != null) { - Vector authAttributes = new Vector(); - Vector oaAttributes = new Vector(); + session.setExtendedSAMLAttributesAUTH(new Vector()); // Initialize SAML Attributes + session.setExtendedSAMLAttributesOA(new Vector()); infoboxParameters = verifyInfoboxParameters.getInfoboxParameters(); // get the list of infobox identifiers List identifiers = verifyInfoboxParameters.getIdentifiers(); @@ -563,10 +588,46 @@ public class AuthenticationServer implements MOAIDAuthConstants { throw new ValidateException("validator.41", new Object[] {identifier}); } else { String friendlyName = verifyInfoboxParameter.getFriendlyName(); + boolean isParepRequest = false; + + // parse the infobox read reponse + List infoboxTokenList = null; + try { + infoboxTokenList = + ExtendedInfoboxReadResponseParser.parseInfoboxReadResponse(infoboxReadResponse, friendlyName); + } catch (ParseException e) { + Logger.error("InfoboxReadResponse for \"" + identifier + + "\"-infobox could not be parsed successfully: " + e.getMessage()); + throw new ValidateException("validator.43", new Object[] {friendlyName}); + } + // check for party representation in mandates infobox + if (Constants.INFOBOXIDENTIFIER_MANDATES.equalsIgnoreCase(identifier) && !((infoboxTokenList == null || infoboxTokenList.size() == 0))){ + session.setMandateCompatibilityMode(ParepConfiguration.isMandateCompatibilityMode(verifyInfoboxParameter.getApplicationSpecificParams())); + Element mandate = ParepValidator.extractPrimaryToken(infoboxTokenList); + //ParepUtils.serializeElement(mandate, System.out); + String mandateID = ParepUtils.extractRepresentativeID(mandate); + if (!isEmpty(mandateID) && + ("*".equals(mandateID) || mandateID.startsWith(MOAIDAuthConstants.PARTY_REPRESENTATION_OID_NUMBER))) { + isParepRequest = true; + } + if (!isParepRequest) { + //if mandates validator is disabled we must throw an error in this case + if (!ParepUtils.isValidatorEnabled(verifyInfoboxParameter.getApplicationSpecificParams())) { + throw new ValidateException("validator.60", new Object[] {friendlyName}); + } + } + } + // get the class for validating the infobox InfoboxValidator infoboxValidator = null; try { - Class validatorClass = Class.forName(verifyInfoboxParameter.getValidatorClassName()); + Class validatorClass = null; + if (isParepRequest) { + // Mandates infobox in party representation mode + validatorClass = Class.forName("at.gv.egovernment.moa.id.auth.validator.parep.ParepValidator"); + } else { + validatorClass = Class.forName(verifyInfoboxParameter.getValidatorClassName()); + } infoboxValidator = (InfoboxValidator) validatorClass.newInstance(); } catch (Exception e) { Logger.error("Could not load validator class \"" + verifyInfoboxParameter.getValidatorClassName() + @@ -575,20 +636,11 @@ public class AuthenticationServer implements MOAIDAuthConstants { } Logger.debug("Successfully loaded validator class \"" + verifyInfoboxParameter.getValidatorClassName() + "\" for \"" + identifier + "\"-infobox."); - // parse the infobox read reponse - List infoboxTokenList = null; - try { - infoboxTokenList = - ExtendedInfoboxReadResponseParser.parseInfoboxReadResponse(infoboxReadResponse, friendlyName); - } catch (ParseException e) { - Logger.error("InfoboxReadResponse for \"" + identifier + - "\"-infobox could not be parsed successfully: " + e.getMessage()); - throw new ValidateException("validator.43", new Object[] {friendlyName}); - } // build the parameters for validating the infobox InfoboxValidatorParams infoboxValidatorParams = InfoboxValidatorParamsBuilder.buildInfoboxValidatorParams( - session, verifyInfoboxParameter, infoboxTokenList, hideStammzahl); + session, verifyInfoboxParameter, infoboxTokenList, oaParam); + // now validate the infobox InfoboxValidationResult infoboxValidationResult = null; try { @@ -605,89 +657,138 @@ public class AuthenticationServer implements MOAIDAuthConstants { } Logger.info(identifier + " infobox successfully validated."); + // store the validator for post processing + session.addInfoboxValidator(identifier, friendlyName, infoboxValidator); // get the SAML attributes to be appended to the AUTHBlock or to the final // SAML Assertion - ExtendedSAMLAttribute[] extendedSAMLAttributes = infoboxValidationResult.getExtendedSamlAttributes(); - if (extendedSAMLAttributes != null) { - int length = extendedSAMLAttributes.length; - for (int i=0; i<length; i++) { - ExtendedSAMLAttribute samlAttribute = extendedSAMLAttributes[i]; - String name = samlAttribute.getName(); - if (name == null) { - Logger.info("The name of SAML-Attribute number " + (i+1) + " returned from " + - identifier + "-infobox validator is null."); - throw new ValidateException( - "validator.45", new Object[] {friendlyName, "Name", String.valueOf((i+1)), "null"}); - } - if (name == "") { - Logger.info("The name of SAML-Attribute number " + (i+1) + " returned from " + - identifier + "-infobox validator is empty."); - throw new ValidateException( - "validator.45", new Object[] {friendlyName, "Name", String.valueOf((i+1)), "leer"}); - } - if (samlAttribute.getNameSpace() == null) { - Logger.info("The namespace of SAML-Attribute number " + (i+1) + " returned from " + - identifier + "-infobox validator is null."); - throw new ValidateException( - "validator.45", new Object[] {friendlyName, "Namespace", String.valueOf((i+1)), "null"}); - } - Object value = samlAttribute.getValue(); - if (value == null) { - Logger.info("The value of SAML-Attribute number " + (i+1) + " returned from " + - identifier + "-infobox validator is null."); - throw new ValidateException( - "validator.45", new Object[] {friendlyName ,"Wert", String.valueOf((i+1)), "null"}); - } - if ((value instanceof String) || (value instanceof Element)) { - - switch (samlAttribute.getAddToAUTHBlock()) { - case ExtendedSAMLAttribute.ADD_TO_AUTHBLOCK: - authAttributes.add(samlAttribute); - oaAttributes.add(samlAttribute); - break; - case ExtendedSAMLAttribute.ADD_TO_AUTHBLOCK_ONLY: - authAttributes.add(samlAttribute); - break; - case ExtendedSAMLAttribute.NOT_ADD_TO_AUTHBLOCK: - oaAttributes.add(samlAttribute); - break; - default: - Logger.info("Invalid return value from method \"getAddToAUTHBlock()\" (" - + samlAttribute.getAddToAUTHBlock() + ") in SAML attribute number " - + (i+1) + " for infobox " + identifier); - throw new ValidateException( - "validator.47", new Object[] {friendlyName, String.valueOf((i+1))}); - } - } else { - Logger.info("The type of SAML-Attribute number " + (i+1) + " returned from " + - identifier + "-infobox validator is not valid. Must be either \"java.Lang.String\"" + - " or \"org.w3c.dom.Element\""); - throw new ValidateException( - "validator.46", new Object[] {identifier, String.valueOf((i+1))}); - - } - } - - } + AddAdditionalSAMLAttributes(session, infoboxValidationResult.getExtendedSamlAttributes(), identifier, friendlyName); } } else { if ((verifyInfoboxParameter !=null) && (verifyInfoboxParameter.isRequired())) { Logger.info("Infobox \"" + identifier + "\" is required, but not returned from the BKU"); throw new ValidateException( "validator.48", new Object[] {verifyInfoboxParameter.getFriendlyName()}); - } Logger.debug("Infobox \"" + identifier + "\" not returned from BKU."); - } + } } - session.setExtendedSAMLAttributesAUTH(authAttributes); - session.setExtendedSAMLAttributesOA(oaAttributes); } - } + } } /** + * Intermediate processing of the infoboxes. The first pending infobox + * validator may validate the provided input + * + * @param session The current authentication session + * @param parameters The parameters got returned by the user input fields + */ + public static void processInput(AuthenticationSession session, Map parameters) throws ValidateException + { + + // post processing of the infoboxes + Iterator iter = session.getInfoboxValidatorIterator(); + if (iter != null) { + while (iter.hasNext()) { + Vector infoboxValidatorVector = (Vector) iter.next(); + InfoboxValidator infoboxvalidator = (InfoboxValidator) infoboxValidatorVector.get(2); + if (!ParepUtils.isEmpty(infoboxvalidator.getForm())) { + String identifier = (String) infoboxValidatorVector.get(0); + String friendlyName = (String) infoboxValidatorVector.get(1); + InfoboxValidationResult infoboxValidationResult = null; + try { + infoboxValidationResult = infoboxvalidator.validate(parameters); + } catch (ValidateException e) { + Logger.error("Error validating " + identifier + " infobox:" + e.getMessage()); + throw new ValidateException( + "validator.44", new Object[] {friendlyName}); + } + if (!infoboxValidationResult.isValid()) { + Logger.info("Validation of " + identifier + " infobox failed."); + throw new ValidateException( + "validator.40", new Object[] {friendlyName, infoboxValidationResult.getErrorMessage()}); + } + AddAdditionalSAMLAttributes(session, infoboxValidationResult.getExtendedSamlAttributes(), identifier, friendlyName); + } + } + } + } + + /** + * Adds given SAML Attributes to the current session. They will be appended + * to the final SAML Assertion or the AUTH block. If the attributes are + * already in the list, they will be replaced. + * + * @param session The current session + * @param extendedSAMLAttributes The SAML attributes to add + * @param identifier The infobox identifier for debug purposes + * @param friendlyNam The friendly name of the infobox for debug purposes + */ + private static void AddAdditionalSAMLAttributes(AuthenticationSession session, ExtendedSAMLAttribute[] extendedSAMLAttributes, + String identifier, String friendlyName) throws ValidateException + { + if (extendedSAMLAttributes == null) return; + List oaAttributes = session.getExtendedSAMLAttributesOA(); + if (oaAttributes==null) oaAttributes = new Vector(); + List authAttributes = session.getExtendedSAMLAttributesAUTH(); + if (authAttributes==null) authAttributes = new Vector(); + int length = extendedSAMLAttributes.length; + for (int i=0; i<length; i++) { + ExtendedSAMLAttribute samlAttribute = extendedSAMLAttributes[i]; + Object value = verifySAMLAttribute(samlAttribute, i, identifier, friendlyName); + if ((value instanceof String) || (value instanceof Element)) { + switch (samlAttribute.getAddToAUTHBlock()) { + case ExtendedSAMLAttribute.ADD_TO_AUTHBLOCK_ONLY: + replaceExtendedSAMLAttribute(authAttributes, samlAttribute); + break; + case ExtendedSAMLAttribute.ADD_TO_AUTHBLOCK: + replaceExtendedSAMLAttribute(authAttributes, samlAttribute); + replaceExtendedSAMLAttribute(oaAttributes, samlAttribute); + break; + case ExtendedSAMLAttribute.NOT_ADD_TO_AUTHBLOCK: + replaceExtendedSAMLAttribute(oaAttributes, samlAttribute); + break; + default: + Logger.info("Invalid return value from method \"getAddToAUTHBlock()\" (" + + samlAttribute.getAddToAUTHBlock() + ") in SAML attribute number " + + (i+1) + " for infobox " + identifier); + throw new ValidateException( + "validator.47", new Object[] {friendlyName, String.valueOf((i+1))}); + } + } else { + Logger.info("The type of SAML-Attribute number " + (i+1) + " returned from " + + identifier + "-infobox validator is not valid. Must be either \"java.Lang.String\"" + + " or \"org.w3c.dom.Element\""); + throw new ValidateException( + "validator.46", new Object[] {identifier, String.valueOf((i+1))}); + } + } + session.setExtendedSAMLAttributesAUTH(authAttributes); + session.setExtendedSAMLAttributesOA(oaAttributes); + } + + private static void replaceExtendedSAMLAttribute(List attributes, ExtendedSAMLAttribute samlAttribute) { + if (null==attributes) { + attributes = new Vector(); + } else { + String id = samlAttribute.getName(); + int length = attributes.size(); + for (int i=0; i<length; i++) { + ExtendedSAMLAttribute att = (ExtendedSAMLAttribute) attributes.get(i); + if (id.equals(att.getName())) { + // replace attribute + attributes.set(i, samlAttribute); + return; + } + } + attributes.add(samlAttribute); + } + } + + + + /** * Processes a <code><CreateXMLSignatureResponse></code> sent by the * security layer implementation.<br> * <ul> @@ -728,7 +829,7 @@ public class AuthenticationServer implements MOAIDAuthConstants { AuthConfigurationProvider authConf = AuthConfigurationProvider.getInstance(); // parses <CreateXMLSignatureResponse> CreateXMLSignatureResponse csresp = - new CreateXMLSignatureResponseParser(xmlCreateXMLSignatureReadResponse).parseResponse(); + new CreateXMLSignatureResponseParser(xmlCreateXMLSignatureReadResponse).parseResponse(); try { String serializedAssertion = DOMUtils.serializeNode(csresp.getSamlAssertion()); session.setAuthBlock(serializedAssertion); @@ -768,11 +869,103 @@ public class AuthenticationServer implements MOAIDAuthConstants { vsresp, session.getIdentityLink()); + // post processing of the infoboxes + Iterator iter = session.getInfoboxValidatorIterator(); + boolean formpending = false; + if (iter != null) { + while (!formpending && iter.hasNext()) { + Vector infoboxValidatorVector = (Vector) iter.next(); + String identifier = (String) infoboxValidatorVector.get(0); + String friendlyName = (String) infoboxValidatorVector.get(1); + InfoboxValidator infoboxvalidator = (InfoboxValidator) infoboxValidatorVector.get(2); + InfoboxValidationResult infoboxValidationResult = null; + try { + infoboxValidationResult = infoboxvalidator.validate(csresp.getSamlAssertion()); + } catch (ValidateException e) { + Logger.error("Error validating " + identifier + " infobox:" + e.getMessage()); + throw new ValidateException( + "validator.44", new Object[] {friendlyName}); + } + if (!infoboxValidationResult.isValid()) { + Logger.info("Validation of " + identifier + " infobox failed."); + throw new ValidateException( + "validator.40", new Object[] {friendlyName, infoboxValidationResult.getErrorMessage()}); + } + String form = infoboxvalidator.getForm(); + if (ParepUtils.isEmpty(form)) { + AddAdditionalSAMLAttributes(session, infoboxValidationResult.getExtendedSamlAttributes(), identifier, friendlyName); + } else { + return "Redirect to Input Processor"; + } + } + } + + // Exchange person data information by a mandate if needed + List oaAttributes = session.getExtendedSAMLAttributesOA(); + IdentityLink replacementIdentityLink = null; + if (session.isMandateCompatibilityMode() && oaAttributes != null && oaAttributes.size()>0) { + // look if we have a mandate + boolean foundMandate = false; + Iterator it = oaAttributes.iterator(); + while (!foundMandate && it.hasNext()) { + ExtendedSAMLAttribute samlAttribute = (ExtendedSAMLAttribute)it.next(); + if (ParepValidator.EXT_SAML_MANDATE_RAW.equals(samlAttribute.getName())) { + Object value = samlAttribute.getValue(); + if (value instanceof Element) { + Element mandate = (Element) value; + replacementIdentityLink = new IdentityLink(); + Element mandator = ParepUtils.extractMandator(mandate); + String dateOfBirth = ""; + Element prPerson = null; + String familyName = ""; + String givenName = ""; + String identificationType = ""; + String identificationValue = ""; + if (mandator != null) { + boolean physical = ParepUtils.isPhysicalPerson(mandator); + if (physical) { + familyName = ParepUtils.extractText(mandator, "descendant-or-self::pr:Name/pr:FamilyName/text()"); + givenName = ParepUtils.extractText(mandator, "descendant-or-self::pr:Name/pr:GivenName/text()"); + dateOfBirth = ParepUtils.extractMandatorDateOfBirth(mandator); + } else { + familyName = ParepUtils.extractMandatorFullName(mandator); + } + identificationType = ParepUtils.getIdentification(mandator, "Type"); + identificationValue = ParepUtils.extractMandatorWbpk(mandator); + prPerson = ParepUtils.extractPrPersonOfMandate(mandate); + if (physical && session.getBusinessService() && identificationType!=null && Constants.URN_PREFIX_BASEID.equals(identificationType)) { + // now we calculate the wbPK and do so if we got it from the BKU + identificationType = Constants.URN_PREFIX_WBPK + "+" + session.getDomainIdentifier(); + identificationValue = new BPKBuilder().buildWBPK(identificationValue, session.getDomainIdentifier()); + ParepUtils.HideStammZahlen(prPerson, true, null, null, true); + } + + } + replacementIdentityLink.setDateOfBirth(dateOfBirth); + replacementIdentityLink.setFamilyName(familyName); + replacementIdentityLink.setGivenName(givenName); + replacementIdentityLink.setIdentificationType(identificationType); + replacementIdentityLink.setIdentificationValue(identificationValue); + replacementIdentityLink.setPrPerson(prPerson); + try { + replacementIdentityLink.setSamlAssertion(session.getIdentityLink().getSamlAssertion()); + } catch (Exception e) { + throw new ValidateException("validator.64", null); + } + } else { + Logger.info("The type of Mandate SAML-Attribute is not \"org.w3c.dom.Element\""); + throw new ValidateException("validator.64", null); + } + } + } + } + // builds authentication data and stores it together with a SAML artifact - AuthenticationData authData = buildAuthenticationData(session, vsresp); + AuthenticationData authData = buildAuthenticationData(session, vsresp, replacementIdentityLink); String samlArtifact = new SAMLArtifactBuilder().build(session.getAuthURL(), session.getSessionID()); storeAuthenticationData(samlArtifact, authData); + // invalidates the authentication session sessionStore.remove(sessionID); Logger.info( @@ -790,10 +983,18 @@ public class AuthenticationServer implements MOAIDAuthConstants { */ private AuthenticationData buildAuthenticationData( AuthenticationSession session, - VerifyXMLSignatureResponse verifyXMLSigResp) + VerifyXMLSignatureResponse verifyXMLSigResp, + IdentityLink replacementIdentityLink) throws ConfigurationException, BuildException { - IdentityLink identityLink = session.getIdentityLink(); + IdentityLink identityLink; + if (replacementIdentityLink == null) { + identityLink = session.getIdentityLink(); + } else { + // We have got data form a mandate we need now to use to stay compatible with applications + identityLink = replacementIdentityLink; + } + AuthenticationData authData = new AuthenticationData(); OAAuthParameter oaParam = AuthConfigurationProvider.getInstance().getOnlineApplicationParameter( @@ -804,7 +1005,6 @@ public class AuthenticationServer implements MOAIDAuthConstants { authData.setAssertionID(Random.nextRandom()); authData.setIssuer(session.getAuthURL()); authData.setIssueInstant(DateTimeUtils.buildDateTime(Calendar.getInstance())); - authData.setIdentificationType(identityLink.getIdentificationType()); authData.setGivenName(identityLink.getGivenName()); authData.setFamilyName(identityLink.getFamilyName()); @@ -817,7 +1017,7 @@ public class AuthenticationServer implements MOAIDAuthConstants { if (provideStammzahl) { authData.setIdentificationValue(identityLink.getIdentificationValue()); } - String prPerson = new PersonDataBuilder().build(identityLink, provideStammzahl); + String prPerson = new PersonDataBuilder().build(identityLink, provideStammzahl); try { String signerCertificateBase64 = ""; if (oaParam.getProvideCertifcate()) { @@ -832,12 +1032,14 @@ public class AuthenticationServer implements MOAIDAuthConstants { if (businessService) { authData.setWBPK(identityLink.getIdentificationValue()); } else { - // only compute bPK if online applcation is a public service - String bpkBase64 = - new BPKBuilder().buildBPK( - identityLink.getIdentificationValue(), - session.getTarget()); - authData.setBPK(bpkBase64); + authData.setBPK(identityLink.getIdentificationValue()); + if (identityLink.getIdentificationType().equals(Constants.URN_PREFIX_BASEID)) { + // only compute bPK if online applcation is a public service and we have the Stammzahl + String bpkBase64 = new BPKBuilder().buildBPK( + identityLink.getIdentificationValue(), + session.getTarget()); + authData.setBPK(bpkBase64); + } } String ilAssertion = oaParam.getProvideIdentityLink() @@ -858,6 +1060,10 @@ public class AuthenticationServer implements MOAIDAuthConstants { businessService, session.getExtendedSAMLAttributesOA()); authData.setSamlAssertion(samlAssertion); + + + //ParepUtils.saveStringToFile(samlAssertion, new File("c:/saml_assertion.xml")); + return authData; } catch (Throwable ex) { throw new BuildException( @@ -1015,5 +1221,42 @@ public class AuthenticationServer implements MOAIDAuthConstants { return param == null || param.length() == 0; } - + /** + * Checks the correctness of SAML attributes and returns its value. + * @param param samlAttribute + * @param i the number of the verified attribute for messages + * @param identifier the infobox identifier for messages + * @param friendlyname the friendly name of the infobox for messages + * @return the SAML attribute value (Element or String) + */ + private static Object verifySAMLAttribute(ExtendedSAMLAttribute samlAttribute, int i, String identifier, String friendlyName) + throws ValidateException{ + String name = samlAttribute.getName(); + if (name == null) { + Logger.info("The name of SAML-Attribute number " + (i+1) + " returned from " + + identifier + "-infobox validator is null."); + throw new ValidateException( + "validator.45", new Object[] {friendlyName, "Name", String.valueOf((i+1)), "null"}); + } + if (name == "") { + Logger.info("The name of SAML-Attribute number " + (i+1) + " returned from " + + identifier + "-infobox validator is empty."); + throw new ValidateException( + "validator.45", new Object[] {friendlyName, "Name", String.valueOf((i+1)), "leer"}); + } + if (samlAttribute.getNameSpace() == null) { + Logger.info("The namespace of SAML-Attribute number " + (i+1) + " returned from " + + identifier + "-infobox validator is null."); + throw new ValidateException( + "validator.45", new Object[] {friendlyName, "Namespace", String.valueOf((i+1)), "null"}); + } + Object value = samlAttribute.getValue(); + if (value == null) { + Logger.info("The value of SAML-Attribute number " + (i+1) + " returned from " + + identifier + "-infobox validator is null."); + throw new ValidateException( + "validator.45", new Object[] {friendlyName ,"Wert", String.valueOf((i+1)), "null"}); + } + return value; + } } diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/MOAIDAuthConstants.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/MOAIDAuthConstants.java index 43e88e7b5..4f9235949 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/MOAIDAuthConstants.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/MOAIDAuthConstants.java @@ -19,6 +19,8 @@ public interface MOAIDAuthConstants { public static final String PARAM_BKU = "bkuURI"; /** servlet parameter "BKUSelectionTemplate" */ public static final String PARAM_BKUTEMPLATE = "BKUSelectionTemplate"; + /** servlet parameter "BKUSelectionTemplate" */ + public static final String PARAM_INPUT_PROCESSOR_SIGN_TEMPLATE = "InputProcessorSignTemplate"; /** default BKU URL */ public static final String DEFAULT_BKU = "http://localhost:3495/http-security-layer-request"; /** servlet parameter "returnURI" */ @@ -35,6 +37,8 @@ public interface MOAIDAuthConstants { public static final String REQ_START_AUTHENTICATION = "StartAuthentication"; /** Request name {@link at.gv.egovernment.moa.id.auth.servlet.VerifyIdentityLinkServlet} is mapped to */ public static final String REQ_VERIFY_IDENTITY_LINK = "VerifyIdentityLink"; + /** Request name {@link at.gv.egovernment.moa.id.auth.servlet.ProcessValidatorInputServlet} is mapped to */ + public static final String REQ_PROCESS_VALIDATOR_INPUT = "ProcessInput"; /** Request name {@link at.gv.egovernment.moa.id.auth.servlet.VerifyAuthenticationBlockServlet} is mapped to */ public static final String REQ_VERIFY_AUTH_BLOCK = "VerifyAuthBlock"; /** Logging hierarchy used for controlling debug output of XML structures to files */ @@ -62,14 +66,16 @@ public interface MOAIDAuthConstants { public static final String[] IDENTITY_LINK_SIGNERS_WITHOUT_OID = new String[] {"T=Dr.,CN=Nikolaus Schwab,O=BM f. Inneres i.A. des gf. Mitgieds der Datenschutzkommission", "T=Dr.,CN=Nikolaus Schwab,O=BM f. Inneres i.A. des gf. Mitglieds der Datenschutzkommission"}; - /** - * the number of the certifcate extension "Eigenschaft zur Ausstellung von Personenbindungen" - */ + /** the number of the certifcate extension "Eigenschaft zur Ausstellung von Personenbindungen" */ public static final String IDENTITY_LINK_SIGNER_OID_NUMBER = "1.2.40.0.10.1.7.1"; /** * the OID of the identity link signer certificate (Eigenschaft zur Ausstellung von Personenbindungen); * used for checking the authorisation for signing the identity link for identity links signed after february 19th 2007 */ public static final ObjectID IDENTITY_LINK_SIGNER_OID = new ObjectID(IDENTITY_LINK_SIGNER_OID_NUMBER); + /** the number of the certifcate extension for party representatives */ + public static final String PARTY_REPRESENTATION_OID_NUMBER = "1.2.40.0.10.3"; + /** the number of the certifcate extension for party organ representatives */ + public static final String PARTY_ORGAN_REPRESENTATION_OID_NUMBER = PARTY_REPRESENTATION_OID_NUMBER + ".10"; } diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/AuthenticationDataAssertionBuilder.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/AuthenticationDataAssertionBuilder.java index 53520c846..11628517e 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/AuthenticationDataAssertionBuilder.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/AuthenticationDataAssertionBuilder.java @@ -126,6 +126,7 @@ public class AuthenticationDataAssertionBuilder extends AuthenticationAssertionB pkValue = authData.getWBPK(); } else { + // <saml:NameIdentifier NameQualifier> always has the bPK as type/value pkType = URN_PREFIX_BPK; pkValue = authData.getBPK(); } diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/BPKBuilder.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/BPKBuilder.java index 6cc8c1be8..cc228298b 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/BPKBuilder.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/BPKBuilder.java @@ -42,7 +42,37 @@ public class BPKBuilder { String hashBase64 = Base64Utils.encode(hash); return hashBase64; } catch (Exception ex) { - throw new BuildException("builder.00", new Object[] {"BPK", ex.toString()}, ex); + throw new BuildException("builder.00", new Object[] {"bPK", ex.toString()}, ex); + } + } + + /** + * Builds the wbPK from the given parameters. + * @param identificationValue Base64 encoded "Stammzahl" + * @param registerAndOrdNr type of register + "+" + number in register. + * @return wbPK in a BASE64 encoding + * @throws BuildException if an error occurs on building the wbPK + */ + public String buildWBPK(String identificationValue, String registerAndOrdNr) + throws BuildException { + + if ((identificationValue == null || + identificationValue.length() == 0 || + registerAndOrdNr == null || + registerAndOrdNr.length() == 0)) + { + throw new BuildException("builder.00", + new Object[] {"wbPK", "Unvollständige Parameterangaben: identificationValue=" + + identificationValue + ",Register+Registernummer=" + registerAndOrdNr}); + } + String basisbegriff = identificationValue + "+" + Constants.URN_PREFIX_WBPK + "+" + registerAndOrdNr; + try { + MessageDigest md = MessageDigest.getInstance("SHA-1"); + byte[] hash = md.digest(basisbegriff.getBytes("ISO-8859-1")); + String hashBase64 = Base64Utils.encode(hash); + return hashBase64; + } catch (Exception ex) { + throw new BuildException("builder.00", new Object[] {"wbPK", ex.toString()}, ex); } } diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/GetVerifyAuthBlockFormBuilder.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/GetVerifyAuthBlockFormBuilder.java new file mode 100644 index 000000000..c053ee896 --- /dev/null +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/GetVerifyAuthBlockFormBuilder.java @@ -0,0 +1,86 @@ +package at.gv.egovernment.moa.id.auth.builder;
+
+import java.io.IOException;
+import java.io.StringReader;
+import java.io.StringWriter;
+
+import at.gv.egovernment.moa.id.BuildException;
+
+/**
+ * Builder for HTML form requesting a security layer request
+ *
+ * @author Peter Danner
+ * @version $Id: GetIdentityLinkFormBuilder.java 769 2007-01-10 15:37:52Z peter.danner $
+ */
+public class GetVerifyAuthBlockFormBuilder extends Builder {
+ /** private static String NL contains the NewLine representation in Java*/
+ private static final String nl = "\n";
+ /** special tag in the HTML template to be substituted for the BKU URL */
+ private static final String BKU_TAG = "<BKU>";
+ /** special tag in the HTML template to be substituted for the XML request */
+ private static final String XMLREQUEST_TAG = "<XMLRequest>";
+ /** special tag in the HTML template to be substituted for the data URL */
+ private static final String DATAURL_TAG = "<DataURL>";
+ /** special tag in the HTML template to be substituted for the infoboxes to be pushed from the BKU */
+ private static final String PUSHINFOBOX_TAG = "<PushInfobox>";
+ /** private static int all contains the representation to replace all tags*/
+ private static final int ALL = -1;
+
+ /** default HTML template */
+ private static final String DEFAULT_HTML_TEMPLATE =
+ "<html>" + nl +
+ " <head>" + nl +
+ " <meta http-equiv=\"content-type\" content=\"text/html; charset=UTF-8\"/>" + nl +
+ " <title>Signatur der Anmeldedaten</title>" + nl +
+ " </head>" + nl +
+ " <body onLoad=\"autoSubmit()\">" + nl +
+ " <script type=\"text/javascript\">" + nl +
+ " //<!-- " + nl +
+ " function autoSubmit() { " + nl +
+ " document.VerifyAuthBlockForm.submitButton.disabled=true;" + nl +
+ " document.VerifyAuthBlockForm.submit(); " + nl +
+ " } //-->" + nl +
+ " </script>" + nl +
+ " <form name=\"VerifyAuthBlockForm\" action=\"" + BKU_TAG + "\" method=\"post\" enctype=\"application/x-www-form-urlencoded\">" + nl +
+ " <input type=\"hidden\" name=\"XMLRequest\" value=\"" + XMLREQUEST_TAG + "\"/>" + nl +
+ " <input type=\"hidden\" name=\"DataURL\" value=\"" + DATAURL_TAG + "\"/>" + nl +
+ " <input type=\"hidden\" name=\"PushInfobox\" value=\"" + PUSHINFOBOX_TAG + "\"/>" + nl +
+ " <input type=\"submit\" value=\"Signieren der Anmeldedaten\" id=\"submitButton\"/>" + nl +
+ " </form>" + nl +
+ " </body>" + nl +
+ "</html>";
+
+ /**
+ * Constructor for GetVerifyAuthBlockFormBuilder.
+ */
+ public GetVerifyAuthBlockFormBuilder() {
+ super();
+ }
+ /**
+ * Builds the HTML form, including XML Request and data URL as parameters.
+ *
+ * @param htmlTemplate template to be used for the HTML form;
+ * may be <code>null</code>, in this case a default layout will be produced
+ * @param xmlRequest XML Request to be sent as a parameter in the form
+ * @param bkuURL URL of the "Bürgerkartenumgebung" the form will be submitted to;
+ * may be <code>null</code>, in this case the default URL will be used
+ * @param dataURL DataURL to be sent as a parameter in the form
+ */
+ public String build(
+ String htmlTemplate,
+ String bkuURL,
+ String xmlRequest,
+ String dataURL,
+ String pushInfobox)
+ throws BuildException
+ {
+ String htmlForm = htmlTemplate == null ? DEFAULT_HTML_TEMPLATE : htmlTemplate;
+ htmlForm = replaceTag(htmlForm, BKU_TAG, bkuURL, true, ALL);
+ htmlForm = replaceTag(htmlForm, XMLREQUEST_TAG, GetIdentityLinkFormBuilder.encodeParameter(xmlRequest), true, ALL);
+ htmlForm = replaceTag(htmlForm, DATAURL_TAG, dataURL, true, ALL);
+ if (null==pushInfobox) pushInfobox="";
+ htmlForm = replaceTag(htmlForm, PUSHINFOBOX_TAG, pushInfobox, false, ALL);
+ return htmlForm;
+ }
+
+}
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/InfoboxValidatorParamsBuilder.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/InfoboxValidatorParamsBuilder.java index 038e549be..e70b64a6a 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/InfoboxValidatorParamsBuilder.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/InfoboxValidatorParamsBuilder.java @@ -9,6 +9,7 @@ import at.gv.egovernment.moa.id.auth.data.IdentityLink; import at.gv.egovernment.moa.id.auth.data.InfoboxValidatorParams; import at.gv.egovernment.moa.id.auth.data.InfoboxValidatorParamsImpl; import at.gv.egovernment.moa.id.auth.parser.IdentityLinkAssertionParser; +import at.gv.egovernment.moa.id.config.auth.OAAuthParameter; import at.gv.egovernment.moa.id.config.auth.VerifyInfoboxParameter; import at.gv.egovernment.moa.util.XPathUtils; @@ -30,9 +31,7 @@ public class InfoboxValidatorParamsBuilder { * @param session The actual Authentication session. * @param verifyInfoboxParameter The configuration parameters for the infobox. * @param infoboxTokenList Contains the infobox token to be validated. - * @param hideStammzahl Indicates whether source pins (<code>Stammzahl</code>en) - * should be hidden in any SAML attributes returned by - * an infobox validator. + * @param oaParam The configuration parameters of the online application * * @return Parameters for validating an infobox token. */ @@ -40,7 +39,7 @@ public class InfoboxValidatorParamsBuilder { AuthenticationSession session, VerifyInfoboxParameter verifyInfoboxParameter, List infoboxTokenList, - boolean hideStammzahl) + OAAuthParameter oaParam) { InfoboxValidatorParamsImpl infoboxValidatorParams = new InfoboxValidatorParamsImpl(); IdentityLink identityLink = session.getIdentityLink(); @@ -54,6 +53,7 @@ public class InfoboxValidatorParamsBuilder { // authentication session parameters infoboxValidatorParams.setBkuURL(session.getBkuURL()); infoboxValidatorParams.setTarget(session.getTarget()); + infoboxValidatorParams.setDomainIdentifier(oaParam.getIdentityLinkDomainIdentifier()); infoboxValidatorParams.setBusinessApplication(session.getBusinessService()); // parameters from the identity link infoboxValidatorParams.setFamilyName(identityLink.getFamilyName()); @@ -75,7 +75,7 @@ public class InfoboxValidatorParamsBuilder { } infoboxValidatorParams.setIdentityLink(identityLinkElem); } - infoboxValidatorParams.setHideStammzahl(hideStammzahl); + infoboxValidatorParams.setHideStammzahl(!oaParam.getProvideStammzahl()); return infoboxValidatorParams; } diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/data/AuthenticationSession.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/data/AuthenticationSession.java index 90d79a46d..946f0a9c4 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/data/AuthenticationSession.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/data/AuthenticationSession.java @@ -1,8 +1,13 @@ package at.gv.egovernment.moa.id.auth.data; +import java.util.ArrayList; import java.util.Date; +import java.util.Iterator; import java.util.List; +import java.util.Vector; +import at.gv.egovernment.moa.id.auth.validator.InfoboxValidator; +import at.gv.egovernment.moa.id.auth.validator.parep.ParepUtils; import at.gv.egovernment.moa.logging.Logger; import at.gv.egovernment.moa.util.Constants; @@ -15,6 +20,7 @@ import at.gv.egovernment.moa.util.Constants; public class AuthenticationSession { private static String TARGET_PREFIX_ = Constants.URN_PREFIX_CDID + "+"; + private static String REGISTERANDORDNR_PREFIX_ = Constants.URN_PREFIX_WBPK + "+"; /** * session ID @@ -37,14 +43,14 @@ public class AuthenticationSession { * URL of MOA ID authentication component */ private String authURL; - /** - * HTML template URL - */ - private String templateURL; - /** - * URL of the BKU - */ - private String bkuURL; + /** + * HTML template URL + */ + private String templateURL; + /** + * URL of the BKU + */ + private String bkuURL; /** * identity link read from smartcard */ @@ -61,11 +67,11 @@ public class AuthenticationSession { * timestamp logging when identity link has been received */ private Date timestampIdentityLink; - /** - * Indicates whether the corresponding online application is a business - * service or not - */ - private boolean businessService; + /** + * Indicates whether the corresponding online application is a business + * service or not + */ + private boolean businessService; /** * SAML attributes from an extended infobox validation to be appended @@ -91,6 +97,33 @@ public class AuthenticationSession { private String issueInstant; /** + * If infobox validators are needed after signing, they can be stored in + * this list. + */ + private List infoboxValidators; + + /** + * The register and number in the register parameter in case of a business + * service application. + */ + private String domainIdentifier; + + /** + * This string contains all identifiers of infoboxes, the online application + * is configured to accept. The infobox identifiers are comma separated. + */ + private String pushInfobox; + + /** + * AppSpecificConfiguration entry of then mandates infobox-validator. Tells + * whether person data from the representative have to be exchanged by data + * from the mandate + */ + private boolean mandateCompatibilityMode = false; + + + + /** * Constructor for AuthenticationSession. * * @param id Session ID @@ -98,6 +131,7 @@ public class AuthenticationSession { public AuthenticationSession(String id) { sessionID = id; setTimestampStart(); + infoboxValidators = new ArrayList(); } /** @@ -380,4 +414,143 @@ public class AuthenticationSession { this.issueInstant = issueInstant; } + /** + * Returns the iterator to the stored infobox validators. + * @return Iterator + */ + public Iterator getInfoboxValidatorIterator() { + if (infoboxValidators==null) return null; + return infoboxValidators.iterator(); + } + + /** + * Adds an infobox validator class to the stored infobox validators. + * @param infoboxIdentifier the identifier of the infobox the validator belongs to + * @param infoboxFriendlyName the friendly name of the infobox + * @param infoboxValidator the infobox validator to add + */ + public Iterator addInfoboxValidator(String infoboxIdentifier, String infoboxFriendlyName, InfoboxValidator infoboxValidator) { + if (infoboxValidators==null) infoboxValidators = new ArrayList(); + Vector v = new Vector(3); + v.add(infoboxIdentifier); + v.add(infoboxFriendlyName); + v.add(infoboxValidator); + infoboxValidators.add(v); + return infoboxValidators.iterator(); + } + + /** + * Tests for pending input events of the infobox validators. + * @return true if a validator has a form to show + */ + public boolean isValidatorInputPending() { + boolean result = false; + Iterator iter = getInfoboxValidatorIterator(); + if (iter != null) { + while (!result && iter.hasNext()) { + Vector infoboxValidatorVector = (Vector) iter.next(); + InfoboxValidator infoboxvalidator = (InfoboxValidator) infoboxValidatorVector.get(2); + if (!ParepUtils.isEmpty(infoboxvalidator.getForm())) result=true; + } + } + return result; + } + + /** + * Returns the first pending infobox validator. + * @return the infobox validator class + */ + public InfoboxValidator getFirstPendingValidator() { + Iterator iter = getInfoboxValidatorIterator(); + if (iter != null) { + while (iter.hasNext()) { + Vector infoboxValidatorVector = (Vector) iter.next(); + InfoboxValidator infoboxvalidator = (InfoboxValidator) infoboxValidatorVector.get(2); + String form = infoboxvalidator.getForm(); + if (!ParepUtils.isEmpty(form)) return infoboxvalidator; + } + } + return null; + } + + /** + * Returns the input form of the first pending infobox validator input processor. + * @return the form to show + */ + public String getFirstValidatorInputForm() { + Iterator iter = getInfoboxValidatorIterator(); + if (iter != null) { + while (iter.hasNext()) { + Vector infoboxValidatorVector = (Vector) iter.next(); + InfoboxValidator infoboxvalidator = (InfoboxValidator) infoboxValidatorVector.get(2); + String form = infoboxvalidator.getForm(); + if (!ParepUtils.isEmpty(form)) return form; + } + } + return null; + } + + /** + * @return the mandateCompatibilityMode + */ + public boolean isMandateCompatibilityMode() { + return mandateCompatibilityMode; + } + + /** + * @param mandateCompatibilityMode the mandateCompatibilityMode to set + */ + public void setMandateCompatibilityMode(boolean mandateCompatibilityMode) { + this.mandateCompatibilityMode = mandateCompatibilityMode; + } + + /** + * Returns domain identifier (the register and number in the register parameter). + * <code>null</code> in the case of not a business service. + * + * @return the domainIdentifier + */ + public String getDomainIdentifier() { + return domainIdentifier; + } + + /** + * Sets the register and number in the register parameter if the application + * is a business service. + * If the domain identifier includes the registerAndOrdNr prefix, the prefix + * will be stripped off. + * + * @param domainIdentifier the domain identifier to set + */ + public void setDomainIdentifier(String domainIdentifier) { + if (domainIdentifier != null && domainIdentifier.startsWith(REGISTERANDORDNR_PREFIX_)) + { + // If domainIdentifier starts with prefix "urn:publicid:gv.at:wbpk+"; remove this prefix + this.domainIdentifier = domainIdentifier.substring(REGISTERANDORDNR_PREFIX_.length()); + Logger.debug("Register and ordernumber prefix stripped off; resulting register string: " + this.domainIdentifier); + } + else + { + this.domainIdentifier = domainIdentifier; + } + } + + /** + * Gets all identifiers of infoboxes, the online application + * is configured to accept. The infobox identifiers are comma separated. + * + * @return the string containing infobox identifiers + */ + public String getPushInfobox() { + if (pushInfobox==null) return ""; + return pushInfobox; + } + + /** + * @param pushInfobox the infobox identifiers to set (comma separated) + */ + public void setPushInfobox(String pushInfobox) { + this.pushInfobox = pushInfobox; + } + } diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/data/InfoboxValidatorParams.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/data/InfoboxValidatorParams.java index c7a557290..01b9d9359 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/data/InfoboxValidatorParams.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/data/InfoboxValidatorParams.java @@ -63,6 +63,14 @@ public interface InfoboxValidatorParams { public String getTarget(); /** + * Returns the register and number in the register parameter. + * <code>null</code> in the case of not a business service. + * + * @return The register and number in the register parameter. + */ + public String getDomainIdentifier(); + + /** * Returns <code>true</code> if the application is a business * service, otherwise <code>false</code>. This may be useful * for the validating application. diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/data/InfoboxValidatorParamsImpl.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/data/InfoboxValidatorParamsImpl.java index 80ba5995f..3747fa93b 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/data/InfoboxValidatorParamsImpl.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/data/InfoboxValidatorParamsImpl.java @@ -49,6 +49,11 @@ public class InfoboxValidatorParamsImpl implements InfoboxValidatorParams { protected String target_; /** + * The domain identifier (register and number in the register parameter). + */ + protected String domainIdentifier_; + + /** * The family name from the identity link. */ protected String familyName_; @@ -135,6 +140,13 @@ public class InfoboxValidatorParamsImpl implements InfoboxValidatorParams { } /** + * @see at.gv.egovernment.moa.id.auth.data.InfoboxValidatorParams#getDomainIdentifier() + */ + public String getDomainIdentifier() { + return domainIdentifier_; + } + + /** * @see at.gv.egovernment.moa.id.auth.data.InfoboxValidatorParams#getBusinessApplication() */ public boolean getBusinessApplication() { @@ -324,6 +336,15 @@ public class InfoboxValidatorParamsImpl implements InfoboxValidatorParams { public void setTarget(String target) { target_ = target; } + + /** + * Sets the domain identifier (register and number in the register parameter) + * + * @param domainIdentifier the domainIdentifier to set + */ + public void setDomainIdentifier(String domainIdentifier) { + this.domainIdentifier_ = domainIdentifier; + } /** * Sets the ID of the trust profile used for validating certificates. diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/ProcessValidatorInputServlet.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/ProcessValidatorInputServlet.java new file mode 100644 index 000000000..df480b624 --- /dev/null +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/ProcessValidatorInputServlet.java @@ -0,0 +1,175 @@ +package at.gv.egovernment.moa.id.auth.servlet;
+
+import java.io.IOException;
+import java.io.OutputStream;
+import java.util.Map;
+
+import javax.servlet.ServletException;
+import javax.servlet.http.HttpServletRequest;
+import javax.servlet.http.HttpServletResponse;
+
+import org.apache.commons.fileupload.FileUploadException;
+
+import at.gv.egovernment.moa.id.AuthenticationException;
+import at.gv.egovernment.moa.id.MOAIDException;
+import at.gv.egovernment.moa.id.auth.AuthenticationServer;
+import at.gv.egovernment.moa.id.auth.builder.DataURLBuilder;
+import at.gv.egovernment.moa.id.auth.builder.GetVerifyAuthBlockFormBuilder;
+import at.gv.egovernment.moa.id.auth.data.AuthenticationSession;
+import at.gv.egovernment.moa.id.auth.validator.InfoboxValidator;
+import at.gv.egovernment.moa.id.auth.validator.ValidateException;
+import at.gv.egovernment.moa.id.auth.validator.parep.ParepUtils;
+import at.gv.egovernment.moa.id.config.auth.AuthConfigurationProvider;
+import at.gv.egovernment.moa.id.config.auth.OAAuthParameter;
+import at.gv.egovernment.moa.logging.Logger;
+import at.gv.egovernment.moa.util.FileUtils;
+
+/**
+ * Servlet requested for processing user input forms of infobox validators
+ *
+ * Utilizes the {@link AuthenticationServer}.
+ *
+ * @author <a href="mailto:peter.danner@egiz.gv.at">Peter Danner
+ * @version $Id: ProcessValidatorInputServlet.java 769 2007-01-10 15:37:52Z peter.danner $
+ */
+public class ProcessValidatorInputServlet extends AuthServlet {
+
+ public static final long serialVersionUID = 1;
+
+ /**
+ * Constructor for VerifyIdentityLinkServlet.
+ */
+ public ProcessValidatorInputServlet() {
+ super();
+ }
+
+ /**
+ * Shows the user input forms of infobox validators
+ *
+ * @see javax.servlet.http.HttpServlet#doGet(HttpServletRequest, HttpServletResponse)
+ */
+ protected void doGet(HttpServletRequest req, HttpServletResponse resp)
+ throws ServletException, IOException {
+
+ Logger.debug("GET ProcessInput");
+ Map parameters;
+ try {
+ parameters = getParameters(req);
+ } catch (FileUploadException e) {
+ Logger.error("Parsing mulitpart/form-data request parameters failed: " + e.getMessage());
+ throw new IOException(e.getMessage());
+ }
+ String sessionID = req.getParameter(PARAM_SESSIONID);
+ if (sessionID==null) sessionID = (String) req.getAttribute(PARAM_SESSIONID);
+ if (sessionID==null) sessionID = (String) parameters.get(PARAM_SESSIONID);
+
+ try {
+ AuthenticationSession session = AuthenticationServer.getSession(sessionID);
+ InfoboxValidator infoboxvalidator = session.getFirstPendingValidator();
+ String outputStream;
+ String dataURL = new DataURLBuilder().buildDataURL(
+ session.getAuthURL(), AuthenticationServer.REQ_VERIFY_AUTH_BLOCK, sessionID);
+ if (infoboxvalidator!=null) {
+ outputStream = infoboxvalidator.getForm();
+ // replace strings the validators can not know
+ outputStream = ParepUtils.replaceAll(outputStream, "<BASE_href>", session.getAuthURL());
+ outputStream = ParepUtils.replaceAll(outputStream, "<MOASessionID>", sessionID);
+ outputStream = ParepUtils.replaceAll(outputStream, "<BKU>", session.getBkuURL());
+ outputStream = ParepUtils.replaceAll(outputStream, "<DataURL>", dataURL);
+ outputStream = ParepUtils.replaceAll(outputStream, "<PushInfobox>", session.getPushInfobox());
+ } else {
+ throw new ValidateException("validator.65", null);
+ }
+ //resp.setStatus(200);
+ resp.setContentType("text/html;charset=UTF-8");
+ OutputStream out = resp.getOutputStream();
+ out.write(outputStream.getBytes("UTF-8"));
+ out.flush();
+ out.close();
+ Logger.debug("Finished GET ProcessInput");
+ }
+ catch (MOAIDException ex) {
+ handleError(null, ex, req, resp);
+ }
+ }
+
+ /**
+ * Verifies the user input forms of infobox validators
+ *
+ * @see javax.servlet.http.HttpServlet#doPost(HttpServletRequest, HttpServletResponse)
+ */
+ protected void doPost(HttpServletRequest req, HttpServletResponse resp)
+ throws ServletException, IOException {
+
+ Logger.debug("POST ProcessInput");
+ Map parameters;
+ try {
+ parameters = getParameters(req);
+ } catch (FileUploadException e) {
+ Logger.error("Parsing mulitpart/form-data request parameters failed: " + e.getMessage());
+ throw new IOException(e.getMessage());
+ }
+ String sessionID = req.getParameter(PARAM_SESSIONID);
+ if (sessionID==null) sessionID = (String) req.getAttribute(PARAM_SESSIONID);
+ if (sessionID==null) sessionID = (String) parameters.get(PARAM_SESSIONID);
+
+ try {
+ AuthenticationSession session = AuthenticationServer.getSession(sessionID);
+ AuthenticationServer.processInput(session, parameters);
+ String createXMLSignatureRequestOrRedirect = AuthenticationServer.getInstance().getCreateXMLSignatureRequestAuthBlockOrRedirect(session, null, null);
+ if (!createXMLSignatureRequestOrRedirect.startsWith("Redirect")) {
+ // Now sign the AUTH Block
+ String dataURL = new DataURLBuilder().buildDataURL(
+ session.getAuthURL(), AuthenticationServer.REQ_VERIFY_AUTH_BLOCK, sessionID);
+
+ // Test if we have a user input form sign template
+ String inputProcessorSignTemplateURL = req.getParameter(PARAM_INPUT_PROCESSOR_SIGN_TEMPLATE);
+ String inputProcessorSignTemplate = null;
+ OAAuthParameter oaParam =
+ AuthConfigurationProvider.getInstance().getOnlineApplicationParameter(session.getOAURLRequested());
+ // override template url by url from configuration file
+ if (oaParam.getInputProcessorSignTemplateURL() != null) {
+ inputProcessorSignTemplateURL = oaParam.getInputProcessorSignTemplateURL();
+ }
+ if (inputProcessorSignTemplateURL != null) {
+ try {
+ inputProcessorSignTemplate = new String(FileUtils.readURL(inputProcessorSignTemplateURL));
+ } catch (IOException ex) {
+ throw new AuthenticationException(
+ "auth.03",
+ new Object[] { inputProcessorSignTemplateURL, ex.toString()},
+ ex);
+ }
+ }
+
+
+
+ String htmlForm = new GetVerifyAuthBlockFormBuilder().build(
+ inputProcessorSignTemplate, session.getBkuURL(), createXMLSignatureRequestOrRedirect, dataURL, session.getPushInfobox());
+ htmlForm = ParepUtils.replaceAll(htmlForm, "<BASE_href>", session.getAuthURL());
+ htmlForm = ParepUtils.replaceAll(htmlForm, "<MOASessionID>", sessionID);
+ htmlForm = ParepUtils.replaceAll(htmlForm, "<BKU>", session.getBkuURL());
+ htmlForm = ParepUtils.replaceAll(htmlForm, "<DataURL>", dataURL);
+ htmlForm = ParepUtils.replaceAll(htmlForm, "<PushInfobox>", session.getPushInfobox());
+
+ resp.setContentType("text/html;charset=UTF-8");
+
+ OutputStream out = resp.getOutputStream();
+ out.write(htmlForm.getBytes("UTF-8"));
+ out.flush();
+ out.close();
+ Logger.debug("Finished POST ProcessInput");
+ } else {
+ String redirectURL = new DataURLBuilder().buildDataURL(session.getAuthURL(), AuthenticationServer.REQ_PROCESS_VALIDATOR_INPUT, session.getSessionID());
+ resp.setContentType("text/html");
+ resp.setStatus(302);
+ resp.addHeader("Location", redirectURL);
+ Logger.debug("REDIRECT TO: " + redirectURL);
+ }
+ }
+ catch (MOAIDException ex) {
+ handleError(null, ex, req, resp);
+ }
+ }
+
+}
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/SelectBKUServlet.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/SelectBKUServlet.java index 4dc69c70b..6e2a932d8 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/SelectBKUServlet.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/SelectBKUServlet.java @@ -54,11 +54,11 @@ public class SelectBKUServlet extends AuthServlet { throws ServletException, IOException { Logger.debug("GET SelectBKU"); - String authURL = - req.getScheme() + "://" + - req.getServerName() + ":" + - req.getServerPort() + - req.getContextPath() + "/"; + String authURL = req.getScheme() + "://" + req.getServerName(); + if ((req.getScheme().equalsIgnoreCase("https") && req.getServerPort()!=443) || (req.getScheme().equalsIgnoreCase("http") && req.getServerPort()!=80)) { + authURL = authURL.concat(":" + req.getServerPort()); + } + authURL = authURL.concat(req.getContextPath() + "/"); String target = req.getParameter(PARAM_TARGET); String oaURL = req.getParameter(PARAM_OA); String bkuSelectionTemplateURL = req.getParameter(PARAM_BKUTEMPLATE); diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/StartAuthenticationServlet.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/StartAuthenticationServlet.java index 6098f5138..9f0cf6606 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/StartAuthenticationServlet.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/StartAuthenticationServlet.java @@ -41,11 +41,11 @@ public class StartAuthenticationServlet extends AuthServlet { throws ServletException, IOException { Logger.debug("GET StartAuthentication"); - String authURL = - req.getScheme() + "://" + - req.getServerName() + ":" + - req.getServerPort() + - req.getContextPath() + "/"; + String authURL = req.getScheme() + "://" + req.getServerName(); + if ((req.getScheme().equalsIgnoreCase("https") && req.getServerPort()!=443) || (req.getScheme().equalsIgnoreCase("http") && req.getServerPort()!=80)) { + authURL = authURL.concat(":" + req.getServerPort()); + } + authURL = authURL.concat(req.getContextPath() + "/"); String target = req.getParameter(PARAM_TARGET); String oaURL = req.getParameter(PARAM_OA); String bkuURL = req.getParameter(PARAM_BKU); diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/VerifyAuthenticationBlockServlet.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/VerifyAuthenticationBlockServlet.java index 6ec4a247d..b81107ff2 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/VerifyAuthenticationBlockServlet.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/VerifyAuthenticationBlockServlet.java @@ -1,8 +1,9 @@ package at.gv.egovernment.moa.id.auth.servlet; import java.io.IOException; -import at.gv.egovernment.moa.util.URLEncoder; //java.net.URLEncoder; +import java.util.Iterator; import java.util.Map; +import java.util.Vector; import javax.servlet.ServletException; import javax.servlet.http.HttpServletRequest; @@ -12,8 +13,13 @@ import org.apache.commons.fileupload.FileUploadException; import at.gv.egovernment.moa.id.MOAIDException; import at.gv.egovernment.moa.id.auth.AuthenticationServer; +import at.gv.egovernment.moa.id.auth.builder.DataURLBuilder; import at.gv.egovernment.moa.id.auth.data.AuthenticationSession; +import at.gv.egovernment.moa.id.auth.data.InfoboxValidationResult; +import at.gv.egovernment.moa.id.auth.validator.InfoboxValidator; +import at.gv.egovernment.moa.id.auth.validator.ValidateException; import at.gv.egovernment.moa.logging.Logger; +import at.gv.egovernment.moa.util.URLEncoder; /** * Servlet requested for verifying the signed authentication block @@ -80,17 +86,21 @@ public class VerifyAuthenticationBlockServlet extends AuthServlet { } String sessionID = req.getParameter(PARAM_SESSIONID); String createXMLSignatureResponse = (String)parameters.get(PARAM_XMLRESPONSE); - + String redirectURL = null; try { AuthenticationSession session = AuthenticationServer.getSession(sessionID); String samlArtifactBase64 = AuthenticationServer.getInstance().verifyAuthenticationBlock(sessionID, createXMLSignatureResponse); - String redirectURL = session.getOAURLRequested(); - if (!session.getBusinessService()) { - redirectURL = addURLParameter(redirectURL, PARAM_TARGET, URLEncoder.encode(session.getTarget(), "UTF-8")); - } - redirectURL = addURLParameter(redirectURL, PARAM_SAMLARTIFACT, URLEncoder.encode(samlArtifactBase64, "UTF-8")); - redirectURL = resp.encodeRedirectURL(redirectURL); + if (!samlArtifactBase64.equals("Redirect to Input Processor")) { + redirectURL = session.getOAURLRequested(); + if (!session.getBusinessService()) { + redirectURL = addURLParameter(redirectURL, PARAM_TARGET, URLEncoder.encode(session.getTarget(), "UTF-8")); + } + redirectURL = addURLParameter(redirectURL, PARAM_SAMLARTIFACT, URLEncoder.encode(samlArtifactBase64, "UTF-8")); + redirectURL = resp.encodeRedirectURL(redirectURL); + } else { + redirectURL = new DataURLBuilder().buildDataURL(session.getAuthURL(), AuthenticationServer.REQ_PROCESS_VALIDATOR_INPUT, session.getSessionID()); + } resp.setContentType("text/html"); resp.setStatus(302); resp.addHeader("Location", redirectURL); diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/VerifyIdentityLinkServlet.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/VerifyIdentityLinkServlet.java index 2134c1444..b9d8f8c75 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/VerifyIdentityLinkServlet.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/VerifyIdentityLinkServlet.java @@ -1,22 +1,18 @@ package at.gv.egovernment.moa.id.auth.servlet; import java.io.IOException; -import java.io.OutputStream; -import java.util.Enumeration; import java.util.Map; -import javax.servlet.ServletContext; import javax.servlet.ServletException; import javax.servlet.http.HttpServletRequest; import javax.servlet.http.HttpServletResponse; -import javax.servlet.http.HttpSession; import org.apache.commons.fileupload.FileUploadException; import at.gv.egovernment.moa.id.MOAIDException; import at.gv.egovernment.moa.id.auth.AuthenticationServer; -import at.gv.egovernment.moa.id.auth.builder.DataURLBuilder; import at.gv.egovernment.moa.id.auth.data.AuthenticationSession; +import at.gv.egovernment.moa.id.util.ServletUtils; import at.gv.egovernment.moa.logging.Logger; /** @@ -79,25 +75,10 @@ public class VerifyIdentityLinkServlet extends AuthServlet { } String sessionID = req.getParameter(PARAM_SESSIONID); - try { AuthenticationSession session = AuthenticationServer.getSession(sessionID); - - String createXMLSignatureRequest = - AuthenticationServer.getInstance().verifyIdentityLink(sessionID, parameters); - resp.setStatus(307); - String dataURL = new DataURLBuilder().buildDataURL( - session.getAuthURL(), AuthenticationServer.REQ_VERIFY_AUTH_BLOCK, sessionID); - resp.addHeader("Location", dataURL); - - //TODO test impact of explicit setting charset with older versions of BKUs (HotSign) - resp.setContentType("text/xml;charset=UTF-8"); - - OutputStream out = resp.getOutputStream(); - out.write(createXMLSignatureRequest.getBytes("UTF-8")); - out.flush(); - out.close(); - Logger.debug("Finished POST VerifyIdentityLink"); + String createXMLSignatureRequestOrRedirect = AuthenticationServer.getInstance().verifyIdentityLink(sessionID, parameters); + ServletUtils.writeCreateXMLSignatureRequestOrRedirect(resp, session, createXMLSignatureRequestOrRedirect, AuthenticationServer.REQ_PROCESS_VALIDATOR_INPUT, "VerifyIdentityLink"); } catch (MOAIDException ex) { handleError(null, ex, req, resp); diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/validator/CreateXMLSignatureResponseValidator.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/validator/CreateXMLSignatureResponseValidator.java index e6c9f4bee..e0fd67d64 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/validator/CreateXMLSignatureResponseValidator.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/validator/CreateXMLSignatureResponseValidator.java @@ -66,7 +66,7 @@ public class CreateXMLSignatureResponseValidator { IdentityLink identityLink = session.getIdentityLink(); Element samlAssertion = createXMLSignatureResponse.getSamlAssertion(); - String issuer = samlAssertion.getAttribute("Issuer"); + String issuer = samlAssertion.getAttribute("Issuer"); if (issuer == null) { // should not happen, because parser would dedect this throw new ValidateException("validator.32", null); diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/validator/InfoboxValidator.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/validator/InfoboxValidator.java index 95cd65608..74e61e076 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/validator/InfoboxValidator.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/validator/InfoboxValidator.java @@ -1,5 +1,9 @@ package at.gv.egovernment.moa.id.auth.validator; +import java.util.Map; + +import org.w3c.dom.Element; + import at.gv.egovernment.moa.id.auth.data.InfoboxValidationResult; import at.gv.egovernment.moa.id.auth.data.InfoboxValidatorParams; @@ -18,7 +22,7 @@ public interface InfoboxValidator { * application. * * @param params {@link at.gv.egovernment.moa.id.auth.data.InfoboxValidatorParams - * Parameters} needed by the validator. + * Parameters} needed by the validator. * * @return InfoboxValidationResult structure (@link at.gv.egovernment.moa.id.auth.data.InfoboxValidationResult} * @@ -28,4 +32,50 @@ public interface InfoboxValidator { public InfoboxValidationResult validate (InfoboxValidatorParams params) throws ValidateException; + /** + * This method is used to do intermediate processing before signing the auth block. + * If a infobox validator threw a form to gather user input, this method is used + * to validate this input. In no further input is needed the form must be empty to + * proceed, and also a valid <code>InfoboxValidationResult</code> is necessary. + * If more input is needed, the validator can build a new form and it is then shown + * to the citizen. + * The implementation of <code>InfoboxValidator</code> must hold its necessary + * data and configuration internally, if this method is called - the class is + * reused at this call + * + * @param parameters the parameters got returned by the input fields + * + * @return InfoboxValidationResult structure (@link at.gv.egovernment.moa.id.auth.data.InfoboxValidationResult} + * + * @throws ValidateException If an error occurs on validating the + * InfoboxReadResponse. + */ + public InfoboxValidationResult validate (Map parameters) + throws ValidateException; + + /** + * This method is used to do post processing after signing the auth block. + * The method validates the content of the <code>infoboxReadResponse</code + * against the passed <code>samlAssertion</code> if needed. + * The implementation of <code>InfoboxValidator</code> must hold its necessary + * data and configuration internally, if this method is called - the class is + * reused at this call + * + * @param samlAssertion the SAML assertion needed by the validator + * + * @return InfoboxValidationResult structure (@link at.gv.egovernment.moa.id.auth.data.InfoboxValidationResult} + * + * @throws ValidateException If an error occurs on validating the + * InfoboxReadResponse. + */ + public InfoboxValidationResult validate (Element samlAssertion) + throws ValidateException; + + /** + * form for user interaction for intermediate processing of infobox validation + * + * @return answer form of the servlet request. + */ + public String getForm(); + } diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/validator/parep/ParepInputProcessor.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/validator/parep/ParepInputProcessor.java new file mode 100644 index 000000000..58c28161f --- /dev/null +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/validator/parep/ParepInputProcessor.java @@ -0,0 +1,68 @@ +package at.gv.egovernment.moa.id.auth.validator.parep;
+
+import java.util.Map;
+
+import org.w3c.dom.Element;
+
+import at.gv.egovernment.moa.id.auth.data.InfoboxValidationResult;
+import at.gv.egovernment.moa.id.auth.data.InfoboxValidatorParams;
+import at.gv.egovernment.moa.id.auth.validator.ValidateException;
+import at.gv.egovernment.moa.id.auth.validator.parep.client.szrgw.CreateMandateRequest;
+import at.gv.egovernment.moa.id.auth.validator.parep.config.ParepConfiguration;
+
+/**
+ * Input processor for infobox validators.
+ */
+public interface ParepInputProcessor {
+
+ /**
+ * Initialize user input processing. This function must initialize the
+ * processor to remember its state. Fixed values for the current authentication
+ * session are set here.
+ *
+ * @param representationID The id of the provided standardized mandate
+ * @param parepConfiguration The configuration of the party representation validator
+ * @param rpFamilyName The family name of the representative
+ * @param rpGivenName
+ * @param rpDateOfBirth
+ * @param request CreateMandateRequest containing the representative and the mandator
+ */
+
+ public void initialize(
+ String representationID, ParepConfiguration parepConfiguration,
+ String rpFamilyName, String rpGivenName, String rpDateOfBirth,
+ CreateMandateRequest request);
+
+ /**
+ * Starting point of user input processing. This function must initialize the
+ * processor and remember its state.
+ *
+ * @param physical Is person a physical person selected
+ * @param familyName The family name of the mandator
+ * @param givenName
+ * @param dateOfBirth
+ * @param streetName The address of the physical person
+ * @param buildingNumber
+ * @param unit
+ * @param postalCode
+ * @param municipality
+ * @param cbFullName
+ * @param cbIdentificationType
+ * @param cbIdentificationValue
+ * @return The initial user input form
+ */
+ public String start(
+ boolean physical, String familyName, String givenName, String dateOfBirth,
+ String streetName, String buildingNumber, String unit, String postalCode, String municipality,
+ String cbFullName, String cbIdentificationType, String cbIdentificationValue);
+
+ /**
+ * Validation after the user submitted form
+ *
+ * @param parameters Returned input field values
+ * @param extErrortext Error text from SZR-gateway to throw error page or form to correct user input data
+ * @return User input form if needed, or empty form if everything is ok with the user input. Returns null on error.
+ */
+ public String validate(Map parameters, String extErrortext);
+
+}
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/validator/parep/ParepInputProcessorImpl.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/validator/parep/ParepInputProcessorImpl.java new file mode 100644 index 000000000..aff5d8a7a --- /dev/null +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/validator/parep/ParepInputProcessorImpl.java @@ -0,0 +1,298 @@ +/**
+ *
+ */
+package at.gv.egovernment.moa.id.auth.validator.parep;
+
+import java.io.ByteArrayOutputStream;
+import java.io.File;
+import java.io.FileInputStream;
+import java.io.InputStream;
+import java.text.ParseException;
+import java.text.SimpleDateFormat;
+import java.util.Map;
+
+import at.gv.egovernment.moa.id.auth.validator.parep.client.szrgw.CreateMandateRequest;
+import at.gv.egovernment.moa.id.auth.validator.parep.client.szrgw.SZRGWClientException;
+import at.gv.egovernment.moa.id.auth.validator.parep.config.ParepConfiguration;
+import at.gv.egovernment.moa.logging.Logger;
+
+/**
+ * Implements the standard party representation infobox validator input processor
+ *
+ * @author <a href="mailto:peter.danner@egiz.gv.at">Peter Danner</a>
+ *
+ */
+public class ParepInputProcessorImpl implements ParepInputProcessor{
+
+ /** the requested representation ID (currently * or OID) */
+ private String representationID;
+
+ /** contains the configuration of the owning validator */
+ private ParepConfiguration parepConfiguration;
+
+ /** Family name of the representative */
+ private String rpFamilyName;
+
+ /** Given name of the representative */
+ private String rpGivenName;
+
+ /** The representatives date of birth */
+ private String rpDateOfBirth;
+
+ /** The current CreateMandateRequest to the SZR-gateway */
+ private CreateMandateRequest request;
+
+ /*
+ * (non-Javadoc)
+ *
+ * @see at.gv.egovernment.moa.id.auth.validator.parep.ParepInputProcessor#initialize(String, ParepConfiguration, String, String, String, CreateMandateRequest)
+ */
+ public void initialize(
+ String representationID, ParepConfiguration parepConfiguration,
+ String rpFamilyName, String rpGivenName, String rpDateOfBirth,
+ CreateMandateRequest request)
+ {
+ // Initialization
+ this.representationID = representationID;
+ this.parepConfiguration = parepConfiguration;
+ this.rpFamilyName = rpFamilyName;
+ this.rpGivenName = rpGivenName;
+ this.rpDateOfBirth = rpDateOfBirth;
+ this.request = request;
+ }
+
+ /*
+ * (non-Javadoc)
+ *
+ * @see at.gv.egovernment.moa.id.auth.validator.parep.ParepInputProcessor#start(boolean, String, String, String, String, String, String, String, String, String, String, String)
+ */
+ public String start(
+ boolean physical, String familyName, String givenName, String dateOfBirth,
+ String streetName, String buildingNumber, String unit, String postalCode, String municipality,
+ String cbFullName, String cbIdentificationType, String cbIdentificationValue)
+ {
+ // Load the form
+ String form = loadForm(
+ physical, familyName, givenName, dateOfBirth,
+ streetName, buildingNumber, unit, postalCode, municipality,
+ cbFullName, cbIdentificationType, cbIdentificationValue, "");
+ try {
+ request.setMandator(familyName, givenName, dateOfBirth, postalCode, municipality, streetName, buildingNumber, unit, physical, cbFullName,
+ cbIdentificationType, cbIdentificationValue);
+ } catch (SZRGWClientException e) {
+ //e.printStackTrace();
+ Logger.info(e);
+ return null;
+ }
+ return form;
+ }
+
+ /*
+ * (non-Javadoc)
+ *
+ * @see at.gv.egovernment.moa.id.auth.validator.parep.ParepInputProcessor#validate(Map, String)
+ */
+ public String validate(Map parameters, String extErrortext)
+ {
+
+ // Process the gotten parameters
+ String form = null;
+ boolean formNecessary = false;
+ if (!ParepUtils.isEmpty(extErrortext)) formNecessary = true;
+ String locErrortext = "Folgende Parameter fehlen: ";
+
+ String familyName = (String) parameters.get("familyname");
+ if (null == familyName) familyName ="";
+ String givenName = (String) parameters.get("givenname");
+ if (null == givenName) givenName ="";
+ boolean physical = "true".equals(parameters.get("physical"));
+ String dobday = (String) parameters.get("dobday");
+ if (null!=dobday && dobday.equalsIgnoreCase("TT")) dobday="";
+ String dobmonth = (String) parameters.get("dobmonth");
+ if (null!=dobmonth && dobmonth.equalsIgnoreCase("MM")) dobmonth="";
+ String dobyear = (String) parameters.get("dobyear");
+ if (null!=dobyear && dobyear.equalsIgnoreCase("JJJJ")) dobyear="";
+ String dateOfBirth = "";
+ dobyear = (" ".substring(0, 4-dobyear.length()) + dobyear);
+ dobmonth = (" ".substring(0, 2-dobmonth.length()) + dobmonth);
+ dobday = (" ".substring(0, 2-dobday.length()) + dobday);
+ dateOfBirth = dobyear + "-" + dobmonth + "-" + dobday;
+ String cbFullName = (String) parameters.get("fullname");
+ if (null == cbFullName) cbFullName ="";
+ String cbIdentificationType = (String) parameters.get("cbidentificationtype");
+ if (null == cbIdentificationType) cbIdentificationType ="";
+ String cbIdentificationValue = (String) parameters.get("cbidentificationvalue");
+ if (null == cbIdentificationValue) cbIdentificationValue ="";
+ String postalCode = (String) parameters.get("postalcode");
+ if (null == postalCode) postalCode ="";
+ String municipality = (String) parameters.get("municipality");
+ if (null == municipality) municipality ="";
+ String streetName = (String) parameters.get("streetname");
+ if (null == streetName) streetName ="";
+ String buildingNumber = (String) parameters.get("buildingnumber");
+ if (null == buildingNumber) buildingNumber ="";
+ String unit = (String) parameters.get("unit");
+ if (null == unit) unit ="";
+
+ if (physical) {
+ if (ParepUtils.isEmpty(familyName)) {
+ formNecessary = true;
+ locErrortext = locErrortext + "Familienname";
+ }
+ if (ParepUtils.isEmpty(givenName)) {
+ formNecessary = true;
+ if (!locErrortext.endsWith(": ")) locErrortext = locErrortext + ", ";
+ locErrortext = locErrortext + "Vorname";
+ }
+ // Auf existierendes Datum prüfen
+ SimpleDateFormat format = new SimpleDateFormat("yyyy-MM-dd");
+ format.setLenient(false); // Wir wollen keine künstliche Pareserintelligenz, nur Datum prüfen
+ try {
+ format.parse(dateOfBirth);
+ }
+ catch(ParseException pe)
+ {
+ formNecessary = true;
+ if (!locErrortext.endsWith("fehlen: ")) locErrortext = locErrortext + ", ";
+ locErrortext = locErrortext + "korrektes Geburtsdatum";
+ }
+ } else {
+ if (ParepUtils.isEmpty(cbFullName) || ParepUtils.isEmpty(cbIdentificationType) || ParepUtils.isEmpty(cbIdentificationValue)) {
+ formNecessary = true;
+ if (ParepUtils.isEmpty(cbFullName)) {
+ locErrortext = locErrortext + "Name der Organisation";
+ }
+ if (ParepUtils.isEmpty(cbIdentificationType)) {
+ if (!locErrortext.endsWith("fehlen: ")) locErrortext = locErrortext + ", ";
+ locErrortext = locErrortext + "Auswahl des Registers";
+ }
+ if (ParepUtils.isEmpty(cbIdentificationValue)) {
+ if (!locErrortext.endsWith("fehlen: ")) locErrortext = locErrortext + ", ";
+ locErrortext = locErrortext + "Ordnungsnummer im ausgewählten Register";
+ }
+ }
+ }
+ try {
+ request.setMandator(familyName, givenName, dateOfBirth, postalCode, municipality, streetName, buildingNumber, unit, physical, cbFullName,
+ cbIdentificationType, cbIdentificationValue);
+ if (formNecessary) {
+ // Daten noch nicht vollständig oder anderer Fehler
+ if (locErrortext.endsWith("fehlen: ")) locErrortext ="";
+ String error = "";
+ if (!ParepUtils.isEmpty(extErrortext)) {
+ error = extErrortext;
+ if (!ParepUtils.isEmpty(locErrortext)) error = error + "; ";
+ }
+ if (!ParepUtils.isEmpty(locErrortext)) error = error + locErrortext;
+ if (!ParepUtils.isEmpty(error)) {
+ error = "<div class=\"errortext\"> <img alt=\" Angabe bitte ergänzen oder richtig stellen! \" src=\"img/rufezeichen.gif\" width=\"10\" height=\"16\" /> " + error + "</div>";
+ }
+ form = loadForm(physical, familyName, givenName, dateOfBirth, streetName, buildingNumber, unit, postalCode, municipality, cbFullName, cbIdentificationType, cbIdentificationValue, error);
+ if (form == null) {
+ return null;
+ }
+ } else {
+ return ""; // everything is ok
+ }
+ } catch (Exception e) {
+ //e.printStackTrace();
+ Logger.info(e);
+ return null;
+ }
+ return form;
+ }
+
+ /**
+ * Loads the empty user input form and replaces tag occurences with given variables
+ *
+ * @param physical
+ * @param familyName
+ * @param givenName
+ * @param dateOfBirth
+ * @param streetName
+ * @param buildingNumber
+ * @param unit
+ * @param postalCode
+ * @param municipality
+ * @param cbFullName
+ * @param cbIdentificationType
+ * @param cbIdentificationValue
+ * @param errorText
+ * @return
+ */
+ private String loadForm(
+ boolean physical, String familyName, String givenName, String dateOfBirth,
+ String streetName, String buildingNumber, String unit, String postalCode, String municipality,
+ String cbFullName, String cbIdentificationType, String cbIdentificationValue, String errorText)
+ {
+ String form = "";
+ try {
+ String fileName = parepConfiguration.getInputProcessorTemplate(representationID);
+ InputStream instream = null;
+ File file = new File(fileName);
+ if (file.exists()) {
+ //if this resolves to a file, load it
+ instream = new FileInputStream(fileName);
+ } else {
+ fileName = parepConfiguration.getFullDirectoryName(fileName);
+ file = new File(fileName);
+ if (file.exists()) {
+ //if this resolves to a file, load it
+ instream = new FileInputStream(fileName);
+ } else {
+ //else load a named resource in our classloader.
+ instream = this.getClass().getResourceAsStream(parepConfiguration.getInputProcessorTemplate(representationID));
+ if (instream == null) {
+ Logger.error("Form Prozessor Input Template \"" + fileName + "\" fehlt");
+ return null;
+ }
+ }
+ }
+ ByteArrayOutputStream bos = new ByteArrayOutputStream();
+ ParepUtils.dumpInputOutputStream(instream, bos);
+ form = bos.toString("UTF-8");
+ } catch(Exception e) {
+ Logger.error("Fehler beim Einlesen des Input-Templates.", e);
+ }
+
+ if (!ParepUtils.isEmpty(form)) {
+ boolean cbEnabled = parepConfiguration.isRepresentingCorporateParty(representationID);
+ boolean physEnabled = parepConfiguration.isRepresentingPhysicalParty(representationID);
+ boolean reducedSelection = (!physEnabled || !cbEnabled);
+ if (reducedSelection) {
+ physical = !cbEnabled;//wird somit umgesetzt falls jur. Person nicht vetretbar
+ }
+ if (ParepUtils.isEmpty(dateOfBirth)) dateOfBirth = "JJJJ-MM-TT";
+ form = ParepUtils.replaceAll(form, "<rpgivenname>", rpGivenName);
+ form = ParepUtils.replaceAll(form, "<rpfamilyname>", rpFamilyName);
+ form = ParepUtils.replaceAll(form, "<rpdobyear>", rpDateOfBirth.substring(0,4));
+ form = ParepUtils.replaceAll(form, "<rpdobmonth>", rpDateOfBirth.substring(5,7));
+ form = ParepUtils.replaceAll(form, "<rpdobday>", rpDateOfBirth.substring(8,10));
+ //darf zw. phys. und jur. Person gewählt werden:
+ //form = replaceAll(form, "seldisabled=\"\"", reducedSelection ? "disabled=\"true\"" : "");
+ form = ParepUtils.replaceAll(form, "physdisabled=\"\"", physEnabled ? "" : "disabled=\"true\"");
+ form = ParepUtils.replaceAll(form, "physselected=\"\"", physical ? "checked=\"checked\"" : "");
+ form = ParepUtils.replaceAll(form, "<givenname>", givenName);
+ form = ParepUtils.replaceAll(form, "<familyname>", familyName);
+ form = ParepUtils.replaceAll(form, "<dobyear>", dateOfBirth.substring(0,4).trim());
+ form = ParepUtils.replaceAll(form, "<dobmonth>", dateOfBirth.substring(5,7).trim());
+ form = ParepUtils.replaceAll(form, "<dobday>", dateOfBirth.substring(8,10).trim());
+ form = ParepUtils.replaceAll(form, "<streetname>", streetName);
+ form = ParepUtils.replaceAll(form, "<buildingnumber>", buildingNumber);
+ form = ParepUtils.replaceAll(form, "<unit>", unit);
+ form = ParepUtils.replaceAll(form, "<postalcode>", postalCode);
+ form = ParepUtils.replaceAll(form, "<municipality>", municipality);
+ form = ParepUtils.replaceAll(form, "cbdisabled=\"\"", cbEnabled ? "" : "disabled=\"true\"");
+ form = ParepUtils.replaceAll(form, "<fullname>", cbFullName);
+ form = ParepUtils.replaceAll(form, "cbseldisabled=\"\"", cbEnabled ? "" : "disabled=\"disabled\"");
+ form = ParepUtils.replaceAll(form, "cbselected=\"\"", physical ? "" : "checked=\"checked\"");
+ form = ParepUtils.replaceAll(form, "fnselected=\"\"", cbIdentificationType.equals("urn:publicid:gv.at:baseid+XFN") ? "selected=\"selected\"" : "");
+ form = ParepUtils.replaceAll(form, "vrselected=\"\"", cbIdentificationType.equals("urn:publicid:gv.at:baseid+XVR") ? "selected=\"selected\"" : "");
+ form = ParepUtils.replaceAll(form, "ersbselected=\"\"", cbIdentificationType.equals("urn:publicid:gv.at:baseid+XERSB") ? "selected=\"selected\"" : "");
+ form = ParepUtils.replaceAll(form, "<cbidentificationvalue>", cbIdentificationValue);
+ form = ParepUtils.replaceAll(form, "<errortext>", errorText);
+ }
+ return form;
+ }
+
+}
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/validator/parep/ParepUtils.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/validator/parep/ParepUtils.java new file mode 100644 index 000000000..aed635502 --- /dev/null +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/validator/parep/ParepUtils.java @@ -0,0 +1,708 @@ +package at.gv.egovernment.moa.id.auth.validator.parep;
+
+import java.io.File;
+import java.io.FileInputStream;
+import java.io.FileOutputStream;
+import java.io.IOException;
+import java.io.InputStream;
+import java.io.OutputStream;
+import java.io.OutputStreamWriter;
+
+import javax.xml.parsers.DocumentBuilderFactory;
+
+import org.apache.xml.serialize.OutputFormat;
+import org.apache.xml.serialize.XMLSerializer;
+import org.apache.xpath.XPathAPI;
+import org.w3c.dom.Document;
+import org.w3c.dom.Element;
+import org.w3c.dom.Node;
+import org.w3c.dom.NodeList;
+
+import at.gv.egovernment.moa.id.BuildException;
+import at.gv.egovernment.moa.id.ParseException;
+import at.gv.egovernment.moa.id.auth.builder.BPKBuilder;
+import at.gv.egovernment.moa.id.auth.validator.ValidateException;
+import at.gv.egovernment.moa.id.auth.validator.parep.client.szrgw.SZRGWClientException;
+import at.gv.egovernment.moa.id.auth.validator.parep.client.szrgw.SZRGWConstants;
+import at.gv.egovernment.moa.id.config.ConfigurationException;
+import at.gv.egovernment.moa.logging.Logger;
+import at.gv.egovernment.moa.util.BoolUtils;
+import at.gv.egovernment.moa.util.Constants;
+import at.gv.egovernment.moa.util.StringUtils;
+
+/**
+ * This class implements a set of utility methods.
+ *
+ * @author <a href="mailto:peter.danner@egiz.gv.at">Peter Danner</a>
+ */
+public class ParepUtils {
+
+ /**
+ * Determines whether a string is null or empty
+ *
+ * @param str the string to check.
+ * @return <code>true</code> if the string is null or empty,
+ * <code>false</code> otherwise.
+ */
+ public static boolean isEmpty(String str) {
+ return str == null || "".equals(str);
+ }
+
+ /**
+ * Reads a XML document from an input stream (namespace-aware).
+ *
+ * @param is
+ * the input stream to read from.
+ * @return the read XML document.
+ * @throws SZRGWClientException
+ * if an error occurs reading the document from the input stream.
+ */
+ public static Document readDocFromIs(InputStream is) throws SZRGWClientException {
+ try {
+ DocumentBuilderFactory f = DocumentBuilderFactory.newInstance();
+ f.setNamespaceAware(true);
+ return f.newDocumentBuilder().parse(is);
+ } catch (Exception e) {
+ throw new SZRGWClientException(e);
+ }
+ }
+
+ /*
+ *
+ */
+ public static String extractRepresentativeID(Element mandate) throws ValidateException {
+ try {
+ Element nameSpaceNode = mandate.getOwnerDocument().createElement("NameSpaceNode");
+ nameSpaceNode.setAttribute("xmlns:md", SZRGWConstants.MANDATE_NS);
+ Node resultNode = XPathAPI.selectSingleNode(mandate, "//md:Mandate/attribute::MandateID", nameSpaceNode);
+ if (resultNode != null) {
+ return resultNode.getTextContent();
+ }
+ return null;
+ } catch (Exception e) {
+ throw new ValidateException("validator.62", null);
+ }
+ }
+
+ // TODO: remove unreferenced
+
+ /**
+ * Dumps all bytes from an input stream to the given output stream.
+ *
+ * @param is
+ * the input stream to dump from.
+ * @param os
+ * the output stream to dump to.
+ * @throws IOException
+ * if an error occurs while dumping.
+ */
+ public static void dumpInputOutputStream(InputStream is, OutputStream os) throws IOException {
+ if (is == null) {
+ return;
+ }
+ int ch;
+ while ((ch = is.read()) != -1) {
+ os.write(ch);
+ }
+ }
+
+ /**
+ * Gets a string that represents the date a mandate was issued.
+ *
+ * @param mandate
+ * the mandate to extract the issuing date from.
+ * @return the issuing date of the given mandate.
+ * @throws SZRGWClientException
+ * if an exception occurs extracting the issuing date of the
+ * mandate.
+ */
+ public static String getMandateIssuedDate(Element mandate) throws SZRGWClientException {
+ try {
+ Element nameSpaceNode = mandate.getOwnerDocument().createElement("NameSpaceNode");
+ nameSpaceNode.setAttribute("xmlns:md", SZRGWConstants.MANDATE_NS);
+
+ Node dateNode = XPathAPI.selectSingleNode(mandate, "//md:Issued/md:Date/text()", nameSpaceNode);
+
+ if (dateNode == null) {
+ throw new Exception("Date in Mandate-Issued not found.");
+ }
+ return dateNode.getNodeValue();
+ } catch (Exception e) {
+ throw new SZRGWClientException(e);
+ }
+ }
+
+ /**
+ * Gets a string that represents the place a mandate was issued.
+ *
+ * @param mandate
+ * the mandate to extract the issuing place from.
+ * @return the issuing place of the given mandate.
+ * @throws SZRGWClientException
+ * if an exception occurs extracting the issuing place of the
+ * mandate.
+ */
+ public static String getMandateIssuedPlace(Element mandate) throws SZRGWClientException {
+ try {
+ Element nameSpaceNode = mandate.getOwnerDocument().createElement("NameSpaceNode");
+ nameSpaceNode.setAttribute("xmlns:md", SZRGWConstants.MANDATE_NS);
+
+ Node placeNode = XPathAPI.selectSingleNode(mandate, "//md:Issued/md:Place/text()", nameSpaceNode);
+
+ if (placeNode == null) {
+ throw new Exception("Place in Mandate-Issued not found.");
+ }
+ return placeNode.getNodeValue();
+ } catch (Exception e) {
+ throw new SZRGWClientException(e);
+ }
+ }
+
+ /**
+ * Extracts the textual description of the mandate.
+ *
+ * @param mandate
+ * the mandate to extract the textual description from.
+ * @return the textual description of the mandate.
+ * @throws SZRGWClientException
+ * if an exception occurs extracting the textual description.
+ */
+ public static String getMandateContent(Element mandate) throws SZRGWClientException {
+ try {
+ Element nameSpaceNode = mandate.getOwnerDocument().createElement("NameSpaceNode");
+ nameSpaceNode.setAttribute("xmlns:md", SZRGWConstants.MANDATE_NS);
+
+ Node contentNode = XPathAPI.selectSingleNode(mandate, "//md:SimpleMandateContent/md:TextualDescription/text()", nameSpaceNode);
+
+ if (contentNode == null) {
+ throw new Exception("Content in Mandate not found.");
+ }
+ return contentNode.getNodeValue();
+ } catch (Exception e) {
+ throw new SZRGWClientException(e);
+ }
+ }
+
+ /**
+ * Extracts the md:Mandator element from a XML mandate element.
+ *
+ * @param mandate
+ * the md:Mandate element to extract the md:Mandator from.
+ * @return the md:Mandator element.
+ * @throws SZRGWClientException
+ * if an error occurs extracting the md:Mandator element.
+ */
+ public static Element extractMandator(Element mandate) throws ParseException {
+ try {
+
+ Element nameSpaceNode = mandate.getOwnerDocument().createElement("NameSpaceNode");
+ nameSpaceNode.setAttribute("xmlns" + SZRGWConstants.MANDATE_POSTFIX, SZRGWConstants.MANDATE_NS);
+ Element mandator = (Element) XPathAPI.selectSingleNode(mandate, "//" + SZRGWConstants.MANDATE_PREFIX + SZRGWConstants.MANDATOR, nameSpaceNode);
+ if (mandator == null) {
+ // if we got the Mandator itself
+ if (mandate.getLocalName().equals(SZRGWConstants.MANDATOR)) return mandate;
+ }
+ if (mandator == null)
+ return null;
+ String nsPrefix = mandator.getPrefix();
+ String nsUri = mandator.getNamespaceURI();
+ Element mandatorClone = (Element) mandator.cloneNode(true);
+ mandatorClone.setAttribute("xmlns:" + nsPrefix, nsUri);
+ return mandatorClone;
+ } catch (Exception e) {
+ throw new ParseException(e.toString(), null);
+ }
+ }
+
+ /**
+ * Tells wether a mandator is a physical person or not.
+ *
+ * @param mandator
+ * the XML md:Mandator element to extract from.
+ * @return <code>true<code> if the mandator is a physical person, <code>false</code> otherwise.
+ */
+ public static boolean isPhysicalPerson(Element mandator) {
+ try {
+ Element nameSpaceNode = mandator.getOwnerDocument().createElement("NameSpaceNode");
+ nameSpaceNode.setAttribute("xmlns" + SZRGWConstants.PD_POSTFIX, Constants.PD_NS_URI);
+
+ // check if physical person
+ Element physicalPerson = (Element) XPathAPI.selectSingleNode(mandator, "descendant-or-self::pr:PhysicalPerson", nameSpaceNode);
+ // Element physicalPerson = (Element)XPathAPI.selectSingleNode(mandator,
+ // "descendant-or-self::pr:CorporateBody", nameSpaceNode);
+ return physicalPerson != null;
+ } catch (Exception e) {
+ e.printStackTrace();
+ return false;
+ }
+ }
+
+ /**
+ * Extracts the <code>pr:PhysicalPerson</code> or <code>pr:CorporateBody</code>
+ * element from a XML mandate element.
+ *
+ * @param mandate
+ * the md:Mandate element to extract the person from.
+ * @return the <code>pr:PhysicalPerson</code> or <code>pr:CorporateBody</code> element.
+ * @throws ParseException
+ * if an error occurs extracting the element.
+ */
+ public static Element extractPersonOfMandate(Element mandate) throws ParseException {
+ try {
+
+ Element nameSpaceNode = mandate.getOwnerDocument().createElement("NameSpaceNode");
+ nameSpaceNode.setAttribute("xmlns" + SZRGWConstants.MANDATE_POSTFIX, SZRGWConstants.MANDATE_NS);
+ nameSpaceNode.setAttribute("xmlns" + SZRGWConstants.PD_POSTFIX, Constants.PD_NS_URI);
+ Element person = (Element) XPathAPI.selectSingleNode(mandate, "//" + SZRGWConstants.MANDATE_PREFIX + SZRGWConstants.MANDATOR + "/pr:PhysicalPerson", nameSpaceNode);
+ if (person == null) {
+ person = (Element) XPathAPI.selectSingleNode(mandate, "//" + SZRGWConstants.MANDATE_PREFIX + SZRGWConstants.MANDATOR + "/pr:CorporateBody", nameSpaceNode);
+ }
+ if (person == null) return null;
+ String nsPrefix = person.getPrefix();
+ String nsUri = person.getNamespaceURI();
+ Element personClone = (Element) person.cloneNode(true);
+ personClone.setAttribute("xmlns:" + nsPrefix, nsUri);
+ return personClone;
+ } catch (Exception e) {
+ //e.printStackTrace();
+ throw new ParseException(e.toString(), null);
+ }
+ }
+
+ /**
+ * Benerates the </code>pr:Person</code> element form a
+ * <code>pr:PhysicalPerson</code> or <code>pr:CorporateBody</code>
+ * element of a XML mandate element.
+ *
+ * @param mandate
+ * the md:Mandate element to extract the person from.
+ * @return the <code>pr:Person</code> element.
+ * @throws ParseException
+ * if an error occurs extracting the element.
+ */
+ public static Element extractPrPersonOfMandate(Element mandate) throws ParseException {
+
+ try {
+ Document document = ParepUtils.createEmptyDocument();
+ Element root = document.createElement(SZRGWConstants.PD_PREFIX + SZRGWConstants.PERSON);
+ root.setAttribute("xmlns" + SZRGWConstants.PD_POSTFIX, Constants.PD_NS_URI);
+ root.setAttribute("xmlns:" + Constants.XSI_PREFIX, Constants.XSI_NS_URI);
+
+ Element nameSpaceNode = mandate.getOwnerDocument().createElement("NameSpaceNode");
+ nameSpaceNode.setAttribute("xmlns" + SZRGWConstants.MANDATE_POSTFIX, SZRGWConstants.MANDATE_NS);
+ nameSpaceNode.setAttribute("xmlns" + SZRGWConstants.PD_POSTFIX, Constants.PD_NS_URI);
+ Element person = (Element) XPathAPI.selectSingleNode(mandate, "//"
+ + SZRGWConstants.MANDATE_PREFIX + SZRGWConstants.MANDATOR + "/" + SZRGWConstants.PD_PREFIX + SZRGWConstants.PHYSICALPERSON, nameSpaceNode);
+ if (person == null) {
+ person = (Element) XPathAPI.selectSingleNode(mandate, "//"
+ + SZRGWConstants.MANDATE_PREFIX + SZRGWConstants.MANDATOR + "/" + SZRGWConstants.PD_PREFIX + SZRGWConstants.CORPORATEBODY, nameSpaceNode);
+ }
+ if (person != null) {
+ root.setAttribute(Constants.XSI_PREFIX + ":type", SZRGWConstants.PD_PREFIX + person.getLocalName());
+ if (person != null) {
+ NodeList nl = person.getChildNodes();
+ for (int i = 0; i < nl.getLength(); i++) {
+ Node testNode = nl.item(i);
+ if (Node.ELEMENT_NODE == testNode.getNodeType()) {
+ root.appendChild(document.importNode(testNode, true));
+ }
+ }
+ }
+ }
+
+ return root;
+ } catch (Exception e) {
+ //e.printStackTrace();
+ throw new ParseException(e.toString(), null);
+ }
+ }
+
+ /**
+ * Extracts the name of the mandator as a string representation.
+ *
+ * @param mandator
+ * the XML md:Mandator element to extract from.
+ * @return the mandator name as a string.
+ */
+ public static String extractMandatorName(Element mandator) {
+ try {
+ Element nameSpaceNode = mandator.getOwnerDocument().createElement("NameSpaceNode");
+ nameSpaceNode.setAttribute("xmlns" + SZRGWConstants.PD_POSTFIX, Constants.PD_NS_URI);
+
+ // first check if physical person
+ Element name = (Element) XPathAPI.selectSingleNode(mandator, "descendant-or-self::pr:Name/pr:GivenName", nameSpaceNode);
+ if (name != null) {
+ String givenName = XPathAPI.selectSingleNode(mandator, "descendant-or-self::pr:Name/pr:GivenName/text()", nameSpaceNode).getNodeValue();
+ String familyName = XPathAPI.selectSingleNode(mandator, "descendant-or-self::pr:Name/pr:FamilyName/text()", nameSpaceNode).getNodeValue();
+
+ return givenName + " " + familyName;
+ }
+
+ // check if corporate body
+ Node fullName = XPathAPI.selectSingleNode(mandator, "descendant-or-self::pr:FullName/text()", nameSpaceNode);
+ if (fullName != null) {
+ return fullName.getNodeValue();
+ }
+ return "";
+ } catch (Exception e) {
+ //e.printStackTrace();
+ return "";
+ }
+ }
+
+ /**
+ * Extracts specific text of an element of a given md:Mandator element.
+ *
+ * @param mandator
+ * the XML md:Mandator to extract from.
+ * @return the resulting text of the mandator element.
+ */
+ public static String extractText(Element mandator, String xpath) {
+ try {
+ Element nameSpaceNode = mandator.getOwnerDocument().createElement("NameSpaceNode");
+ nameSpaceNode.setAttribute("xmlns" + SZRGWConstants.PD_POSTFIX, Constants.PD_NS_URI);
+
+ Node textNode = XPathAPI.selectSingleNode(mandator, xpath, nameSpaceNode);
+ if (textNode == null)
+ return null;
+ return textNode.getNodeValue();
+ } catch (Exception e) {
+ e.printStackTrace();
+ return null;
+ }
+ }
+
+ /**
+ * Extracts the date of birth of the mandator of a given md:Mandator element.
+ *
+ * @param mandator
+ * the XML md:Mandator to extract from.
+ * @return the dob of the mandator.
+ */
+ public static String extractMandatorDateOfBirth(Element mandator) {
+ try {
+ Element nameSpaceNode = mandator.getOwnerDocument().createElement("NameSpaceNode");
+ nameSpaceNode.setAttribute("xmlns" + SZRGWConstants.PD_POSTFIX, Constants.PD_NS_URI);
+
+ Node dobName = XPathAPI.selectSingleNode(mandator, "descendant-or-self::pr:DateOfBirth/text()", nameSpaceNode);
+ if (dobName == null)
+ return null;
+ return dobName.getNodeValue();
+ } catch (Exception e) {
+ e.printStackTrace();
+ return null;
+ }
+ }
+
+ /**
+ * Extracts the full name of the mandators corporate body of a given
+ * md:Mandator element.
+ *
+ * @param mandator
+ * the XML md:Mandator to extract from.
+ * @return the full name of the mandator.
+ */
+ public static String extractMandatorFullName(Element mandator) {
+ try {
+ Element nameSpaceNode = mandator.getOwnerDocument().createElement("NameSpaceNode");
+ nameSpaceNode.setAttribute("xmlns" + SZRGWConstants.PD_POSTFIX, Constants.PD_NS_URI);
+
+ Node fullName = XPathAPI.selectSingleNode(mandator, "descendant-or-self::pr:CorporateBody/pr:FullName/text()", nameSpaceNode);
+ if (fullName == null)
+ return null;
+ return fullName.getNodeValue();
+ } catch (Exception e) {
+ e.printStackTrace();
+ return null;
+ }
+ }
+
+ /**
+ * Extracts the identification value of the mandator of a given mandate.
+ *
+ * @param mandator
+ * the XML md:Mandator element.
+ * @return the identification value.
+ */
+ public static String extractMandatorWbpk(Element mandator) {
+ try {
+ Element nameSpaceNode = mandator.getOwnerDocument().createElement("NameSpaceNode");
+ nameSpaceNode.setAttribute("xmlns" + SZRGWConstants.PD_POSTFIX, Constants.PD_NS_URI);
+
+ Node idValue = XPathAPI.selectSingleNode(mandator, "descendant-or-self::pr:Identification/pr:Value/text()", nameSpaceNode);
+ if (idValue != null) {
+ return idValue.getNodeValue();
+ }
+ return "";
+ } catch (Exception e) {
+ e.printStackTrace();
+ return "";
+ }
+ }
+
+ /**
+ * Extracts the identification type of the mandator of a given mandate.
+ *
+ * @param mandator
+ * the XML md:Mandator element.
+ * @return the identification type.
+ */
+ public static String extractMandatorIdentificationType(Element mandator) {
+ try {
+ Element nameSpaceNode = mandator.getOwnerDocument().createElement("NameSpaceNode");
+ nameSpaceNode.setAttribute("xmlns" + SZRGWConstants.PD_POSTFIX, Constants.PD_NS_URI);
+
+ Node idType = XPathAPI.selectSingleNode(mandator, "descendant-or-self::pr:Identification/pr:Type/text()", nameSpaceNode);
+ if (idType != null) {
+ return idType.getNodeValue();
+ }
+ return "";
+ } catch (Exception e) {
+ e.printStackTrace();
+ return "";
+ }
+ }
+
+ /*
+ *
+ */
+ public static String getIdentification(Element personElement, String element) throws ParseException {
+ try {
+
+ Element nameSpaceNode = personElement.getOwnerDocument().createElement("NameSpaceNode");
+ nameSpaceNode.setAttribute("xmlns" + SZRGWConstants.PD_POSTFIX, Constants.PD_NS_URI);
+
+ return XPathAPI.selectSingleNode(personElement, "descendant-or-self::pr:Identification/pr:" + element + "/text()", nameSpaceNode)
+ .getNodeValue();
+ } catch (Exception e) {
+ throw new ParseException(e.toString(), null);
+ }
+ }
+
+ /*
+ *
+ */
+ private static Element extractRepresentative(Element mandate) throws SZRGWClientException {
+ try {
+ Element nameSpaceNode = mandate.getOwnerDocument().createElement("NameSpaceNode");
+ nameSpaceNode.setAttribute("xmlns:md", SZRGWConstants.MANDATE_NS);
+ Element mandator = (Element) XPathAPI.selectSingleNode(mandate, "//md:Representative/child::*[1]", nameSpaceNode);
+ String nsPrefix = mandator.getPrefix();
+ String nsUri = mandator.getNamespaceURI();
+
+ Element mandatorClone = (Element) mandator.cloneNode(true);
+ mandatorClone.setAttribute("xmlns:" + nsPrefix, nsUri);
+
+ return mandatorClone;
+ } catch (Exception e) {
+ throw new SZRGWClientException(e);
+ }
+ }
+
+ /**
+ * Serializes a XML element to a given output stream.
+ *
+ * @param element
+ * the XML element to serialize.
+ * @param out
+ * the output streamt o serialize to.
+ * @throws IOException
+ * if an I/O error occurs during serialization.
+ */
+ public static void serializeElement(Element element, OutputStream out) throws IOException {
+ OutputFormat format = new OutputFormat();
+ format.setOmitXMLDeclaration(true);
+ format.setEncoding("UTF-8");
+ format.setPreserveSpace(true);
+ XMLSerializer serializer = new XMLSerializer(new OutputStreamWriter(out, "UTF-8"), format);
+ serializer.serialize(element);
+ }
+
+ public static void serializeElementAsDocument(Element element, OutputStream out) throws IOException {
+ OutputFormat format = new OutputFormat();
+ format.setOmitXMLDeclaration(false);
+ format.setEncoding("UTF-8");
+ format.setPreserveSpace(true);
+ XMLSerializer serializer = new XMLSerializer(new OutputStreamWriter(out, "UTF-8"), format);
+ serializer.serialize(element);
+ }
+
+ public static void serializeElementWithoutEncoding(Element element, OutputStream out) throws IOException {
+ OutputFormat format = new OutputFormat();
+ format.setOmitXMLDeclaration(true);
+ format.setEncoding("UTF-8");
+ format.setPreserveSpace(true);
+ XMLSerializer serializer = new XMLSerializer(new OutputStreamWriter(out), format);
+ serializer.serialize(element);
+ }
+
+ public static void saveStringToFile(String str, File file) throws IOException {
+ FileOutputStream fos = new FileOutputStream(file);
+ fos.write(str.getBytes());
+ fos.flush();
+ fos.close();
+ }
+
+ public static void saveBytesToFile(byte[] str, File file) throws IOException {
+ FileOutputStream fos = new FileOutputStream(file);
+ fos.write(str);
+ fos.flush();
+ fos.close();
+ }
+
+ public static void saveElementToFile(Element elem, File file) throws IOException {
+ FileOutputStream fos = new FileOutputStream(file);
+ serializeElementWithoutEncoding(elem, fos);
+ fos.flush();
+ fos.close();
+ }
+
+ /**
+ * Creates an empty XML document.
+ *
+ * @return a newly created empty XML document.
+ * @throws SZRGWClientException
+ * if an error occurs creating the empty document.
+ */
+ public static Document createEmptyDocument() throws SZRGWClientException {
+ try {
+ DocumentBuilderFactory factory = DocumentBuilderFactory.newInstance();
+ factory.setNamespaceAware(true);
+ return factory.newDocumentBuilder().newDocument();
+ } catch (Exception e) {
+ throw new SZRGWClientException(e);
+ }
+ }
+
+
+ /**
+ * Tells if the Validator of an Infobox is enabled. If the corresponding application
+ * specific configuration element <code>EnableInfoboxValidator</code> is missing, a default value <code>true</code> is assumed
+ *
+ * @param applicationSpecificParams
+ * the XML element of the infobox configuration.
+ * @return the boolean value of the determination.
+ * @throws ConfigurationException
+ * if an error occurs reading the configuration.
+ */
+ public static boolean isValidatorEnabled(Element applicationSpecificParams) throws ConfigurationException {
+ try {
+ Element nameSpaceNode = applicationSpecificParams.getOwnerDocument().createElement("NameSpaceNode");
+ nameSpaceNode.setAttribute("xmlns:" + Constants.MOA_ID_CONFIG_PREFIX, Constants.MOA_ID_CONFIG_NS_URI);
+
+ //ParepUtils.serializeElement(applicationSpecificParams, System.out);
+ Node validatorEnabledNode = XPathAPI.selectSingleNode(applicationSpecificParams, Constants.MOA_ID_CONFIG_PREFIX
+ + ":EnableInfoboxValidator/text()", nameSpaceNode);
+ if (validatorEnabledNode != null) {
+ return BoolUtils.valueOf(validatorEnabledNode.getNodeValue());
+ }
+ return true;
+ } catch (Exception e) {
+ // e.printStackTrace();
+ throw new ConfigurationException("config.02", null);
+ }
+ }
+
+ /**
+ * Delivers a String with the description of the register which is described
+ * through the identification Type of a corporate body of the persondata schema
+ *
+ * @param identificationType
+ * the identification type.
+ * @return the register description.
+ */
+ public static String getRegisterString(String identificationType) {
+ String corporateBase = Constants.URN_PREFIX_BASEID + "+";
+ if (ParepUtils.isEmpty(identificationType) || !identificationType.startsWith(corporateBase)) return null;
+ String register = identificationType.substring(corporateBase.length());
+ if (ParepUtils.isEmpty(register)) return null;
+ if (register.equals("FN") || register.equals("XFN")) return "Firmenbuchnummer";
+ if (register.equals("VR") || register.equals("XZVR") || register.equals("XVR") || register.equals("ZVR")) return "Nummer im Vereinsregister";
+ if (register.equals("ERSB") || register.equals("XERSB")) return "Nummer im Ergänzungsregister für sonstige Betroffene";
+ return null;
+ }
+
+ /**
+ * Hides Stammzahlen in the given element
+ *
+ * @param hideElement The element where Stammzahlen should be replaced.
+ * @param businessApplication For decision whether to calc a bPK or wbPK.
+ * @param target Target for calculating a bPK.
+ * @param registerID Necessary string for calculating a wbPK (example <code>FN+4096i</code>).
+ * @param blank Switch for behaviour.
+ * <code>true</code> if Stammzahlen are blinded. All occurences will be replaced by empty strings.
+ * <code>false</code> calculates (w)bPKs and changes also the <code>pr:Identifivation/pr:Type</code> elements.
+ * @return The element where Stammzahlen are hidden.
+ */
+ public static Element HideStammZahlen(Element hideElement, boolean businessApplication, String target, String registerID, boolean blank)
+ throws BuildException {
+ try {
+ if (hideElement != null) {
+ Element nameSpaceNode = hideElement.getOwnerDocument().createElement("NameSpaceNode");
+ nameSpaceNode.setAttribute("xmlns" + SZRGWConstants.PD_POSTFIX, Constants.PD_NS_URI);
+ NodeList identifications = XPathAPI.selectNodeList(hideElement, "descendant-or-self::pr:Identification", nameSpaceNode);
+ for (int i = 0; i < identifications.getLength(); i++) {
+ Element identificationElement = (Element) identifications.item(i);
+ Node idTypeNode = XPathAPI.selectSingleNode(identificationElement, "descendant-or-self::pr:Identification/pr:Type/text()", nameSpaceNode);
+ if (idTypeNode != null && Constants.URN_PREFIX_BASEID.equals(idTypeNode.getNodeValue())) {
+ Node idValueNode = XPathAPI.selectSingleNode(identificationElement, "descendant-or-self::pr:Identification/pr:Value/text()", nameSpaceNode);
+ if (idValueNode == null || ParepUtils.isEmpty(idValueNode.getNodeValue())) {
+ Logger.error("HideStammZahlen: Problem beim Parsen des erhaltenen Elements - Value Element(-Inhalt) von pr:Identification nicht vorhanden.");
+ throw new BuildException("builder.02", null);
+ }
+ if (blank) {
+ idValueNode.setNodeValue("");
+ } else {
+ String idValue = idValueNode.getNodeValue();
+ if (businessApplication) {
+ // wbPK berechnen
+ idTypeNode.setNodeValue(Constants.URN_PREFIX_WBPK + "+" + registerID);
+ String bpkBase64 = new BPKBuilder().buildWBPK(idValueNode.getNodeValue(), registerID);
+ idValueNode.setNodeValue(bpkBase64);
+
+ } else {
+ // bPK berechnen
+ idTypeNode.setNodeValue(Constants.URN_PREFIX_BPK);
+ String bpkBase64 = new BPKBuilder().buildBPK(idValueNode.getNodeValue(), target);
+ idValueNode.setNodeValue(bpkBase64);
+ }
+ }
+ }
+ }
+ }
+ } catch (Exception e) {
+ throw new BuildException("builder.02", null);
+ }
+ return hideElement;
+ }
+
+ /**
+ * Replaces each substring of string <code>s</code> that matches the given
+ * <code>search</code> string by the given <code>replace</code> string.
+ *
+ * @param s The string where the replacement should take place.
+ * @param search The pattern that should be replaced.
+ * @param replace The string that should replace all each <code>search</code>
+ * string within <code>s</code>.
+ * @return A string where all occurrence of <code>search</code> are
+ * replaced with <code>replace</code>.
+ */
+ public static String replaceAll (String s, String search, String replace) {
+ if (replace==null) replace = "";
+ return StringUtils.replaceAll(s, search, replace);
+ }
+
+
+// public static void main(String[] args) throws Exception {
+// Document mandate = readDocFromIs(new FileInputStream("c:/Doku/work/Organwalter/schemas/Vertretung_OW_Max_Mustermann.xml"));
+// Document mandate = readDocFromIs(new FileInputStream("c:/mandator.xml"));
+// Document mandate = readDocFromIs(new FileInputStream("c:/vertetervollmacht_1.2.40.0.10.3.1.xml"));
+// Element mandatorElement = extractMandator(mandate.getDocumentElement());
+// System.out.println(extractMandatorName(mandatorElement));
+// System.out.println(extractMandatorDateOfBirth(mandatorElement));
+// System.out.println(extractMandatorWbpk(mandatorElement));
+// //serializeElement(mandatorElement, System.out);
+// serializeElement((extractPrPersonOfMandate(mandate.getDocumentElement())), System.out);
+// }
+
+}
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/validator/parep/ParepValidator.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/validator/parep/ParepValidator.java new file mode 100644 index 000000000..acd193a68 --- /dev/null +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/validator/parep/ParepValidator.java @@ -0,0 +1,576 @@ +package at.gv.egovernment.moa.id.auth.validator.parep;
+
+import java.io.File;
+import java.util.HashMap;
+import java.util.List;
+import java.util.Map;
+import java.util.Vector;
+
+import org.w3c.dom.Element;
+
+import at.gv.egovernment.moa.id.auth.MOAIDAuthConstants;
+import at.gv.egovernment.moa.id.auth.builder.BPKBuilder;
+import at.gv.egovernment.moa.id.auth.data.ExtendedSAMLAttribute;
+import at.gv.egovernment.moa.id.auth.data.ExtendedSAMLAttributeImpl;
+import at.gv.egovernment.moa.id.auth.data.InfoboxToken;
+import at.gv.egovernment.moa.id.auth.data.InfoboxValidationResult;
+import at.gv.egovernment.moa.id.auth.data.InfoboxValidationResultImpl;
+import at.gv.egovernment.moa.id.auth.data.InfoboxValidatorParams;
+import at.gv.egovernment.moa.id.auth.validator.InfoboxValidator;
+import at.gv.egovernment.moa.id.auth.validator.ValidateException;
+import at.gv.egovernment.moa.id.auth.validator.parep.client.szrgw.CreateMandateRequest;
+import at.gv.egovernment.moa.id.auth.validator.parep.client.szrgw.CreateMandateResponse;
+import at.gv.egovernment.moa.id.auth.validator.parep.client.szrgw.SZRGWClient;
+import at.gv.egovernment.moa.id.auth.validator.parep.client.szrgw.SZRGWClientException;
+import at.gv.egovernment.moa.id.auth.validator.parep.client.szrgw.SZRGWConstants;
+import at.gv.egovernment.moa.id.auth.validator.parep.config.ParepConfiguration;
+import at.gv.egovernment.moa.id.config.ConfigurationException;
+import at.gv.egovernment.moa.id.config.ConnectionParameter;
+import at.gv.egovernment.moa.id.config.auth.AuthConfigurationProvider;
+import at.gv.egovernment.moa.id.util.SSLUtils;
+import at.gv.egovernment.moa.logging.Logger;
+import at.gv.egovernment.moa.util.Constants;
+
+/**
+ * This class implements a MOA-ID Infobox Validator for validating
+ * a standardized XML mandate using the SZR-gateway.
+ *
+ * @author <a href="mailto:peter.danner@egiz.gv.at">Peter Danner
+ */
+public class ParepValidator implements InfoboxValidator {
+
+ /** activates debug settings */
+ private boolean PAREP_DEBUG = false;
+
+ /** contains the parameters the validator initially was called with */
+ private InfoboxValidatorParams params = null;
+
+ /** contains the configuration of the validator */
+ private ParepConfiguration parepConfiguration = null;
+
+ /** the requested representation ID (currently * or OID) */
+ private String representationID = null;
+
+ /** holds the information of the SZR-request */
+ private CreateMandateRequest request = null;
+
+ /** List of extended SAML attributes. */
+ private Vector extendedSamlAttributes = new Vector();
+
+ /** the class which processes the user input */
+ private ParepInputProcessor inputProcessor = null;
+
+ /** The form if user input is necessary */
+ private String form = null;
+
+ /** unspecified error of parep-validator (must not know more about)*/
+ private final static String COMMON_ERROR = "Es ist ein Fehler bei der Überprüfung für berufliche Parteienvetretung aufgetreten";
+
+ /** Default class to gather remaining mandator data. */
+ public final static String PAREP_INPUT_PROCESSOR = "at.gv.egovernment.moa.id.auth.validator.parep.ParepInputProcessorImpl";
+
+ /** Default template to gather remaining mandator data. */
+ public final static String PAREP_INPUT_TEMPLATE = "/resources/templates/ParepMinTemplate.html";
+
+ /** kind of representation text in AUTH block*/
+ public final static String STANDARD_REPRESENTATION_TEXT = "beruflicher Parteienvertreter";
+
+ /** Names of the produced SAML-attributes. */
+ public final static String EXT_SAML_MANDATE_RAW = "Vollmacht";
+ public final static String EXT_SAML_MANDATE_NAME = "MachtgeberName";
+ public final static String EXT_SAML_MANDATE_DOB = "MachtgeberGeburtsdatum";
+ public final static String EXT_SAML_MANDATE_WBPK = "MachtgeberWbpk";
+ public final static String EXT_SAML_MANDATE_REPRESENTATIONTYPE = "VertretungsArt";
+
+ /** register and register number for non physical persons - the domain identifier for business applications*/
+ public final static String EXT_SAML_MANDATE_CB_BASE_ID = "MachtgeberRegisternummer";
+
+ /**
+ * Parses the XML configuration element and creates the validators configuration
+ * Use this function if you want to preconfigure the validator.
+ *
+ * @param configElem
+ * the XML configuration element to parse.
+ * @throws ConfigurationException
+ * if an error occurs during the configuration process
+ */
+ public void Configure(Element configElem) throws ConfigurationException {
+ if (this.parepConfiguration == null) {
+ Logger.debug("Lade Konfiguration.");
+ parepConfiguration = new ParepConfiguration(configElem);
+ Logger.debug("Konfiguration erfolgreich geladen.");
+ }
+ }
+
+ /*
+ * (non-Javadoc)
+ *
+ * @see at.gv.egovernment.moa.id.auth.validator.InfoboxValidator#validate(at.gv.egovernment.moa.id.auth.data.InfoboxValidatorParams)
+ */
+ public InfoboxValidationResult validate(InfoboxValidatorParams params) throws ValidateException {
+
+ InfoboxValidationResultImpl validationResult = new InfoboxValidationResultImpl(false, null, null);
+
+ try {
+ Logger.debug("Starte Organwalter-/berufliche Parteienvertreterprüfung.");
+ this.params = params;
+
+ Element mandate = extractPrimaryToken(this.params.getInfoboxTokenList());
+ // ParepUtils.serializeElement(mandate, System.out);
+ this.representationID = ParepUtils.extractRepresentativeID(mandate);
+ if (ParepUtils.isEmpty(representationID)) {
+ validationResult.setErrorMessage("Fehlende oder falsche MandateID in standardisierter Vollmacht");
+ return validationResult;
+ }
+
+ // Überprüfen der Identifikation (Type/Value).
+ String identificationType = this.params.getIdentificationType();
+ String identificationValue = this.params.getIdentificationValue();
+ if (this.params.getBusinessApplication()) {
+ if (representationID.startsWith(MOAIDAuthConstants.PARTY_ORGAN_REPRESENTATION_OID_NUMBER)) {
+ validationResult.setErrorMessage("Eine Vertretung durch Organwalter im privatwirtschaftlichen Bereich ist nicht vorgesehen.");
+ return validationResult;
+
+ } else {
+ Logger.debug("Parteienvertreter wird mit wbPK identifiziert");
+ }
+ } else {
+ if (representationID.startsWith(MOAIDAuthConstants.PARTY_ORGAN_REPRESENTATION_OID_NUMBER)) {
+ //Für Organwalter wird die Stammzahl zur Berechnung der Organwalter-bPK benötigt
+ if (!Constants.URN_PREFIX_BASEID.equals(this.params.getIdentificationType())) {
+ Logger.error("Für eine Vertretung durch Organwalter ist es notwendig dessen Stammzahl an das Stammzahlenregister-Gateway zu übermitteln. In der MOA-ID Konfiguration muss die Übermittlung Stammzahl aktiviert sein.");
+ validationResult.setErrorMessage("Die standardisierte Vollmacht wird von diesem Server nicht akzeptiert.");
+ return validationResult;
+ } else {
+ Logger.debug("Organwalter wird mit Stammzahl identifiziert");
+ }
+ } else {
+ if (Constants.URN_PREFIX_BASEID.equals(this.params.getIdentificationType())) {
+ // bPK berechnen, da dem SZR-Gateway das Target nicht bekannt ist
+ identificationType = Constants.URN_PREFIX_CDID;
+ String bpkBase64 = new BPKBuilder().buildBPK(this.params.getIdentificationValue(), this.params.getTarget());
+ identificationValue = bpkBase64;
+ Logger.debug("bPK für Parteienvertreter wurde berechnet. Parteienvertreter wird mit bPK identifiziert");
+ } else {
+ Logger.debug("Parteienvertreter wird mit bPK identifiziert");
+ }
+ }
+ }
+
+ Configure(this.params.getApplicationSpecificParams());
+ // check if we have a configured party representative for that
+ if (!parepConfiguration.isPartyRepresentative(representationID)) {
+ Logger.info("Kein beruflicher Parteienvertreter für MandateID \"" + representationID + "\" konfiguriert.");
+ validationResult.setErrorMessage("Die standardisierte Vollmacht wird von diesem Server nicht akzeptiert.");
+ return validationResult;
+ }
+
+ // Vertreter
+ this.request = new CreateMandateRequest();
+ request.setRepresentative(this.params, identificationType, identificationValue);
+ // ParepUtils.serializeElement(request.getRepresentative(), System.out);
+ //ParepUtils.saveElementToFile(request.getRepresentative(), new File("c:/representative.xml"));
+
+ Logger.debug("Prüfe vorausgefüllte Daten...");
+ boolean physical = true;
+ String familyName = "";
+ String givenName = "";
+ String dateOfBirth = "";
+ String cbFullName = "";
+ String cbIdentificationType = "";
+ String cbIdentificationValue = "";
+ String postalCode = "";
+ String municipality = "";
+ String streetName = "";
+ String buildingNumber = "";
+ String unit = "";
+
+ boolean formNecessary = false;
+ // Vertretener (erstes Vorkommen)
+ Element mandator = ParepUtils.extractMandator(mandate);
+ if (mandator != null) {
+ // ParepUtils.serializeElement(mandator, System.out);
+ // ParepUtils.saveElementToFile(mandator, new File("c:/mandator.xml"));
+ if (ParepUtils.isPhysicalPerson(mandator)) {
+ familyName = ParepUtils.extractText(mandator, "descendant-or-self::pr:Name/pr:FamilyName/text()");
+ givenName = ParepUtils.extractText(mandator, "descendant-or-self::pr:Name/pr:GivenName/text()");
+ dateOfBirth = ParepUtils.extractMandatorDateOfBirth(mandator);
+ } else {
+ physical = false;
+ cbFullName = ParepUtils.extractMandatorFullName(mandator);
+ cbIdentificationType = ParepUtils.getIdentification(mandator, "Type");
+ cbIdentificationValue = ParepUtils.extractMandatorWbpk(mandator);
+ }
+ postalCode = ParepUtils.extractText(mandator, "descendant-or-self::pr:PostalAddress/pr:PostalCode/text()");
+ municipality = ParepUtils.extractText(mandator, "descendant-or-self::pr:PostalAddress/pr:Municipality/text()");
+ streetName = ParepUtils.extractText(mandator, "descendant-or-self::pr:PostalAddress/pr:DeliveryAddress/pr:StreetName/text()");
+ buildingNumber = ParepUtils.extractText(mandator, "descendant-or-self::pr:PostalAddress/pr:DeliveryAddress/pr:BuildingNumber/text()");
+ unit = ParepUtils.extractText(mandator, "descendant-or-self::pr:PostalAddress/pr:DeliveryAddress/pr:Unit/text()");
+
+ }
+ if (physical) {
+ if (!parepConfiguration.isRepresentingPhysicalParty(representationID)) {
+ validationResult.setErrorMessage("Vertretung von natürlichen Personen für diese standardisierte Vollmacht nicht erlaubt.");
+ return validationResult;
+ }
+ if (ParepUtils.isEmpty(familyName) || ParepUtils.isEmpty(givenName) || ParepUtils.isEmpty(dateOfBirth)) {
+ formNecessary = true;
+ }
+ } else {
+ if (!parepConfiguration.isRepresentingCorporateParty(representationID)) {
+ validationResult.setErrorMessage("Vertretung von juristischen Personen für diese standardisierte Vollmacht nicht erlaubt.");
+ return validationResult;
+ }
+ if (ParepUtils.isEmpty(cbFullName) || ParepUtils.isEmpty(cbIdentificationType) || ParepUtils.isEmpty(cbIdentificationValue)) {
+ formNecessary = true;
+ }
+ }
+
+ //Zeigen wir, dass die Daten übernommen wurden:
+ if (parepConfiguration.isAlwaysShowForm()) formNecessary=true;
+
+ // Input processor
+ this.form = "";
+ if (formNecessary) {
+ ParepInputProcessor inputProcessor= getInputProcessor();
+ this.form = inputProcessor.start(
+ physical, familyName, givenName, dateOfBirth, streetName, buildingNumber, unit, postalCode, municipality,
+ cbFullName, cbIdentificationType, cbIdentificationValue);
+ if (this.form == null) {
+ validationResult.setErrorMessage(ParepValidator.COMMON_ERROR);
+ return validationResult;
+ }
+ } else {
+ // Request vorbereiten mit vorgegebenen Daten
+ request.setMandator(familyName, givenName, dateOfBirth, postalCode, municipality, streetName, buildingNumber, unit, physical, cbFullName,
+ cbIdentificationType, cbIdentificationValue);
+ }
+
+
+ // ParepUtils.serializeElement(request.getMandator(), System.out);
+ // ParepUtils.saveElementToFile(request.getMandator(), new File("c:/mandator.xml"));
+
+ addAuthBlockExtendedSamlAttributes();
+ validationResult.setExtendedSamlAttributes(getExtendedSamlAttributes());
+ Logger.debug("Überprüfung der vertretenen Partei erfolgreich beendet");
+ validationResult.setValid(true);
+ return validationResult;
+ } catch (Exception e) {
+ e.printStackTrace();
+ Logger.info(e);
+ validationResult.setErrorMessage(ParepValidator.COMMON_ERROR);
+ return validationResult;
+ }
+ }
+
+ /*
+ * (non-Javadoc)
+ *
+ * @see at.gv.egovernment.moa.id.auth.validator.InfoboxValidator#validate(java.util.Map)
+ */
+ public InfoboxValidationResult validate(Map parameters) throws ValidateException {
+
+ InfoboxValidationResultImpl validationResult = new InfoboxValidationResultImpl(false, null, null);
+ Logger.debug("Intermediate processing von Organwalter-/beruflicher Parteienvertreterprüfung");
+ Logger.debug("Prüfe im Formular ausgefüllte Daten...");
+ if (PAREP_DEBUG) Logger.debug("Got parameters from user input form: " + parameters.toString());
+
+ // Input processor
+ ParepInputProcessor inputProcessor= getInputProcessor();
+ this.form = inputProcessor.validate(parameters, null);
+ if (this.form == null) {
+ validationResult.setErrorMessage(ParepValidator.COMMON_ERROR);
+ return validationResult;
+ }
+ extendedSamlAttributes.clear();
+ addAuthBlockExtendedSamlAttributes();
+ validationResult.setExtendedSamlAttributes(getExtendedSamlAttributes());
+ validationResult.setValid(true);
+ Logger.debug("Intermediate processing von Organwalter-/beruflicher Parteienvertreterprüfung erfolgreich beendet");
+ return validationResult;
+ }
+
+ /*
+ * (non-Javadoc)
+ *
+ * @see at.gv.egovernment.moa.id.auth.validator.InfoboxValidator#validate(org.w3c.dom.Element)
+ */
+ public InfoboxValidationResult validate(Element samlAssertion) throws ValidateException {
+
+ InfoboxValidationResultImpl validationResult = new InfoboxValidationResultImpl(false, null, null);
+ Logger.debug("Post processing von Organwalter-/beruflicher Parteienvertreterprüfung");
+ this.form = "";
+ try {
+
+ // TODO: Frage ob OID im Zertifikat zu prüfen ist (macht derzeit das SZR-gateway). Dies würde aber zu eine Performanceeinbuße führen.
+
+ request.setSignature(samlAssertion);
+
+//DPO debug
+// Element mandate = (ParepUtils.readDocFromIs(new FileInputStream("c:/vertetervollmacht_1.2.40.0.10.3.1_origin-fixed.xml"))).getDocumentElement();
+// String id = representationID;
+// CreateMandateResponse response;
+// if (true) {
+// if (this.params.getHideStammzahl()) {
+// if (PAREP_DEBUG) ParepUtils.saveElementToFile(mandate, new File("c:/vertetervollmacht_"+ id +"_origin.xml"));
+// // Achtung: Es wird hier nicht spezifikationskonform vorgegangen, damit im Kompatibilitätsmodus Personendaten ersetzt werden können.
+// // Würden die Stammzahlen gelöscht (geblindet) werden, würde der Identifikationswert des Vertretenen gänzlich fehlen.
+// // Im Falle einen business Anwendung berechnet MOA-ID nach Rückkehr das wbPK
+// ParepUtils.HideStammZahlen(mandate, this.params.getBusinessApplication(), this.params.getTarget(), this.params.getDomainIdentifier(), false);
+// }
+// if (PAREP_DEBUG) ParepUtils.saveElementToFile(mandate, new File("c:/vertetervollmacht_"+ id +".xml"));
+
+ //ParepUtils.serializeElement(request.toElement(), System.out);
+ if (PAREP_DEBUG) ParepUtils.saveElementToFile(request.toElement(), new File("c:/gwrequest.xml"));
+
+ // configure szrgw client
+ Logger.debug("Lade SZR-GW Client.");
+ SZRGWClient client = new SZRGWClient();
+ // System.out.println("Parameters: " + cfg.getConnectionParameters());
+ Logger.debug("Initialisiere Verbindung...");
+ ConnectionParameter connectionParameters = parepConfiguration.getConnectionParameters(representationID);
+ // Logger.debug("Connection Parameters: " + connectionParameters);
+ Logger.debug("SZR-GW URL: " + connectionParameters.getUrl());
+ client.setAddress(connectionParameters.getUrl());
+ if (connectionParameters.getUrl().toLowerCase().startsWith("https:")) {
+ Logger.debug("Initialisiere SSL Verbindung");
+ client.setSSLSocketFactory(SSLUtils.getSSLSocketFactory(AuthConfigurationProvider.getInstance(), connectionParameters));
+ }
+
+ Logger.debug("Starte Kommunikation mit dem Stammzahlenregister Gateway...");
+ CreateMandateResponse response;
+ Element requ = request.toElement();
+ try {
+ response = client.createMandateResponse(requ);
+ } catch (SZRGWClientException e) {
+ // give him a second try - Nach dem Starten des Tomcat wird beim ersten Mal das Client-Zertifikat offenbar vom HTTPClient nicht mitgeschickt.
+ Logger.debug("2. Versuch - Kommunikation mit dem Stammzahlenregister Gateway...");
+ client = new SZRGWClient(connectionParameters.getUrl());
+ if (connectionParameters.getUrl().toLowerCase().startsWith("https:")) client.setSSLSocketFactory(SSLUtils.getSSLSocketFactory(AuthConfigurationProvider.getInstance(), connectionParameters));
+ response = client.createMandateResponse(requ);
+ }
+ if (response.getResultCode()==2000) {
+ if(response.getMandate()==null) {
+ Logger.error("Keine Vollmacht vom SZR-Gateway erhalten");
+ validationResult.setErrorMessage(ParepValidator.COMMON_ERROR);
+ return validationResult;
+ }
+
+
+ //DPO debug output (2lines)
+ String id = representationID;
+ if (id.equals("*")) id="standardisiert";
+
+ Element mandate = response.getMandate();
+ // Replace Stammzahlen
+ if (PAREP_DEBUG) ParepUtils.saveElementToFile(response.getMandate(), new File("c:/vertetervollmacht_"+ id +"_origin.xml"));
+ if (this.params.getHideStammzahl()) {
+ ParepUtils.HideStammZahlen(mandate, this.params.getBusinessApplication(), this.params.getTarget(), this.params.getDomainIdentifier(), false);
+ if (PAREP_DEBUG) ParepUtils.saveElementToFile(mandate, new File("c:/vertetervollmacht_"+ id +"_hideStammzahl.xml"));
+ }
+
+ extendedSamlAttributes.clear();
+ // Vollmacht
+ extendedSamlAttributes.add(new ExtendedSAMLAttributeImpl(ParepValidator.EXT_SAML_MANDATE_RAW, mandate, SZRGWConstants.MANDATE_NS, ExtendedSAMLAttribute.NOT_ADD_TO_AUTHBLOCK));
+
+ validationResult.setExtendedSamlAttributes(getExtendedSamlAttributes());
+ validationResult.setValid(true);
+ Logger.debug("Post processing von Organwalter-/beruflicher Parteienvertreterprüfung erfolgreich beendet");
+ } else {
+ String errorMsg = "Fehler " + response.getResultCode() + " bei Stammzahlenregister-Gateway Anfrage";
+ String responseInfo = response.getInfo();
+ if (response.getResultCode()>4000 && response.getResultCode()<4999) {
+ if (!ParepUtils.isEmpty(responseInfo)) errorMsg = errorMsg + ": " + responseInfo;
+ validationResult.setErrorMessage(errorMsg);
+ } else if (response.getResultCode()>=3000 && response.getResultCode()<=3000) {
+ // Person not found
+ ParepInputProcessor inputProcessor= getInputProcessor();
+ if (response.getResultCode()==3000) { //TODO: verify code
+ errorMsg = "Die Person konnte nicht eindeutig identifiziert werden. Bitte ergänzen/ändern Sie ihre Angaben.";
+ } else {
+ if (!ParepUtils.isEmpty(responseInfo)) errorMsg = errorMsg + ": " + responseInfo;
+ }
+
+ this.form = inputProcessor.validate(generateParameters(), errorMsg);
+ if (this.form == null) {
+ validationResult.setErrorMessage(ParepValidator.COMMON_ERROR);
+ return validationResult;
+ }
+ validationResult.setValid(true);
+ } else {
+ // Do not inform the user too much
+ Logger.error(errorMsg);
+ validationResult.setErrorMessage(ParepValidator.COMMON_ERROR);
+ }
+
+ }
+ return validationResult;
+ } catch (Exception e) {
+ e.printStackTrace();
+ Logger.info(e);
+ validationResult.setErrorMessage(ParepValidator.COMMON_ERROR);
+ return validationResult;
+ }
+ }
+
+ /**
+ * provides the primary infobox token of the given list.
+ *
+ * @param infoBoxTokens
+ * the list of infobox tokens.
+ * @return
+ * the XML element of the primary token.
+ * @throws ValidateException
+ * if an error occurs or list is not suitable.
+ */
+ public static Element extractPrimaryToken(List infoBoxTokens) throws ValidateException {
+ if (infoBoxTokens == null || infoBoxTokens.size() == 0) {
+ throw new ValidateException("validator.62", null);
+ }
+ for (int i = 0; i < infoBoxTokens.size(); i++) {
+ InfoboxToken token = (InfoboxToken) infoBoxTokens.get(i);
+ if (token.isPrimary()) {
+ return token.getXMLToken();
+ }
+ }
+ throw new ValidateException("validator.62", null);
+ }
+
+ /*
+ * @see at.gv.egovernment.moa.id.auth.validator.InfoboxValidator#getExtendedSamlAttributes()
+ */
+ public ExtendedSAMLAttribute[] getExtendedSamlAttributes() {
+ ExtendedSAMLAttribute[] ret = new ExtendedSAMLAttribute[extendedSamlAttributes.size()];
+ extendedSamlAttributes.copyInto(ret);
+ Logger.debug("ParepValidator ExtendedSAML Attributes: " + ret.length);
+ return ret;
+ }
+
+
+ /**
+ * @return The next pending user input form, which is "" if no form is to be shown, and null on errors.
+ */
+ public String getForm() {
+ return this.form;
+ }
+
+ /**
+ * Gets the user form input processor (class) assigned to the current party representative
+ * If the method is called for the first time it initializes the input processor.
+ *
+ * @return The user form input processor
+ */
+ private ParepInputProcessor getInputProcessor() {
+
+ if (this.inputProcessor!=null) return inputProcessor;
+ String inputProcessorName = parepConfiguration.getInputProcessorClass(representationID);
+ ParepInputProcessor inputProcessor = null;
+ try {
+ Class inputProcessorClass = Class.forName(inputProcessorName);
+ inputProcessor= (ParepInputProcessor) inputProcessorClass.newInstance();
+ inputProcessor.initialize(representationID, parepConfiguration, this.params.getFamilyName(), this.params.getGivenName(), this.params.getDateOfBirth(), request);
+ } catch (Exception e) {
+ Logger.error("Could not load input processor class \"" + inputProcessorName + "\": " + e.getMessage());
+ }
+ this.inputProcessor = inputProcessor;
+ return inputProcessor;
+ }
+
+ /**
+ * Generates the parameter list, which is needed to simulate a return from
+ * an user form.
+ *
+ * @return the form parameters
+ */
+ private Map generateParameters() {
+ Map parameters = new HashMap();
+ boolean physical = true;
+ String familyName = "";
+ String givenName = "";
+ String dateOfBirth = "";
+ String cbFullName = "";
+ String cbIdentificationType = "";
+ String cbIdentificationValue = "";
+ String postalCode = "";
+ String municipality = "";
+ String streetName = "";
+ String buildingNumber = "";
+ String unit = "";
+
+ try {
+ // Vertretener (erstes Vorkommen)
+ Element mandator = request.getMandator();
+ ParepUtils.saveElementToFile(mandator, new File("c:/mandator_test.xml"));
+ if (mandator != null) {
+ if (ParepUtils.isPhysicalPerson(mandator)) {
+ familyName = ParepUtils.extractText(mandator, "descendant-or-self::pr:Name/pr:FamilyName/text()");
+ givenName = ParepUtils.extractText(mandator, "descendant-or-self::pr:Name/pr:GivenName/text()");
+ dateOfBirth = ParepUtils.extractMandatorDateOfBirth(mandator);
+ } else {
+ physical = false;
+ cbFullName = ParepUtils.extractMandatorFullName(mandator);
+ cbIdentificationType = ParepUtils.getIdentification(mandator, "Type");
+ cbIdentificationValue = ParepUtils.extractMandatorWbpk(mandator);
+ }
+ postalCode = ParepUtils.extractText(mandator, "descendant-or-self::pr:PostalAddress/pr:PostalCode/text()");
+ municipality = ParepUtils.extractText(mandator, "descendant-or-self::pr:PostalAddress/pr:Municipality/text()");
+ streetName = ParepUtils.extractText(mandator, "descendant-or-self::pr:PostalAddress/pr:DeliveryAddress/pr:StreetName/text()");
+ buildingNumber = ParepUtils.extractText(mandator, "descendant-or-self::pr:PostalAddress/pr:DeliveryAddress/pr:BuildingNumber/text()");
+ unit = ParepUtils.extractText(mandator, "descendant-or-self::pr:PostalAddress/pr:DeliveryAddress/pr:Unit/text()");
+ }
+ } catch (Exception e) {
+ Logger.error("Could not extract Mandator form SZR-gateway request");
+ }
+ parameters.put("familyname", familyName);
+ parameters.put("givenname", givenName);
+ parameters.put("dateofbirth", dateOfBirth);
+ parameters.put("dobyear", dateOfBirth.substring(0,4));
+ parameters.put("dobmonth", dateOfBirth.substring(5,7));
+ parameters.put("dobday", dateOfBirth.substring(8,10));
+ parameters.put("physical", physical ? "true" : "false");
+ parameters.put("fullname", cbFullName);
+ parameters.put("cbidentificationtype", cbIdentificationType);
+ parameters.put("cbidentificationvalue", cbIdentificationValue);
+ parameters.put("postalcode", postalCode);
+ parameters.put("municipality", municipality);
+ parameters.put("streetname", streetName);
+ parameters.put("buildingnumber", buildingNumber);
+ parameters.put("unit", unit);
+ return parameters;
+ }
+
+ /**
+ * Adds the AUTH block related SAML attributes to the validation result.
+ * This is needed always before the AUTH block is to be signed, because the
+ * name of the mandator has to be set
+ */
+ private void addAuthBlockExtendedSamlAttributes() {
+ extendedSamlAttributes.add(new ExtendedSAMLAttributeImpl(ParepValidator.EXT_SAML_MANDATE_REPRESENTATIONTYPE, parepConfiguration.getRepresentationText(representationID), SZRGWConstants.MANDATE_NS, ExtendedSAMLAttribute.ADD_TO_AUTHBLOCK_ONLY));
+ Element mandator = request.getMandator();
+ extendedSamlAttributes.clear();
+ // Name
+ String name = ParepUtils.extractMandatorName(mandator);
+ extendedSamlAttributes.add(new ExtendedSAMLAttributeImpl(ParepValidator.EXT_SAML_MANDATE_NAME, name, SZRGWConstants.MANDATE_NS, ExtendedSAMLAttribute.ADD_TO_AUTHBLOCK_ONLY));
+ // Geburtsdatum
+ String dob = ParepUtils.extractMandatorDateOfBirth(mandator);
+ if (dob != null && !"".equals(dob)) {
+ extendedSamlAttributes.add(new ExtendedSAMLAttributeImpl(ParepValidator.EXT_SAML_MANDATE_DOB, dob, SZRGWConstants.MANDATE_NS, ExtendedSAMLAttribute.ADD_TO_AUTHBLOCK_ONLY));
+ }
+ // (w)bpk
+ String wbpk = ParepUtils.extractMandatorWbpk(mandator);
+ if (!ParepUtils.isEmpty(wbpk)) {
+ if (!ParepUtils.isPhysicalPerson(mandator)){
+ String idType = ParepUtils.extractMandatorIdentificationType(mandator);
+ if (!ParepUtils.isEmpty(idType) && idType.startsWith(Constants.URN_PREFIX_BASEID + "+X")) {
+ extendedSamlAttributes.add(new ExtendedSAMLAttributeImpl(ParepValidator.EXT_SAML_MANDATE_CB_BASE_ID, ParepUtils.getRegisterString(idType) + ": " + wbpk, SZRGWConstants.MANDATE_NS, ExtendedSAMLAttribute.ADD_TO_AUTHBLOCK_ONLY));
+ }
+ } else if (this.params.getBusinessApplication()) {
+ extendedSamlAttributes.add(new ExtendedSAMLAttributeImpl(ParepValidator.EXT_SAML_MANDATE_WBPK, wbpk, SZRGWConstants.MANDATE_NS, ExtendedSAMLAttribute.ADD_TO_AUTHBLOCK_ONLY));
+ }
+ }
+ }
+
+// public static void main(String[] args) throws Exception {
+// }
+
+}
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/validator/parep/PartyRepresentative.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/validator/parep/PartyRepresentative.java new file mode 100644 index 000000000..d6b71ad83 --- /dev/null +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/validator/parep/PartyRepresentative.java @@ -0,0 +1,159 @@ +/**
+ *
+ */
+package at.gv.egovernment.moa.id.auth.validator.parep;
+
+import at.gv.egovernment.moa.id.config.ConnectionParameter;
+
+/**
+ * @author <a href="mailto:peter.danner@egiz.gv.at">Peter Danner</a>
+ *
+ */
+public class PartyRepresentative {
+
+ /** Object Identifier **/
+ private String oid;
+
+ private boolean representPhysicalParty;
+
+ private boolean representCorporateParty;
+
+ /**
+ * Text for representation description in SAML Assertion (Auth-Block)
+ * */
+ private String representationText;
+
+ /**
+ * SZR-GW connection parameters.
+ */
+ private ConnectionParameter connectionParameters = null;
+
+ private String inputProcessorClass = null;
+ private String inputProcessorTemplate = null;
+
+ /**
+ * Constructor
+ */
+public PartyRepresentative() {
+ this.oid = null;
+ this.representPhysicalParty = false;
+ this.representCorporateParty = false;
+ this.connectionParameters = null;
+ this.representationText = null;
+}
+
+/**
+ * Constructor
+ */
+ public PartyRepresentative(boolean representPhysicalParty, boolean representCorporateParty) {
+ this.oid = null;
+ this.representPhysicalParty = representPhysicalParty;
+ this.representCorporateParty = representCorporateParty;
+ this.connectionParameters = null;
+ this.representationText = null;
+ this.inputProcessorClass = null;
+ this.inputProcessorTemplate = null;
+ }
+
+ /**
+ * @return the oid
+ */
+ public String getOid() {
+ return oid;
+ }
+
+ /**
+ * @param oid the oid to set
+ */
+ public void setOid(String oid) {
+ this.oid = oid;
+ }
+
+ /**
+ * @return the representPhysicalParty
+ */
+ public boolean isRepresentingPhysicalParty() {
+ return representPhysicalParty;
+ }
+
+ /**
+ * @param representPhysicalParty the representPhysicalParty to set
+ */
+ public void setRepresentingPhysicalParty(boolean representPhysicalParty) {
+ this.representPhysicalParty = representPhysicalParty;
+ }
+
+ /**
+ * @return the representCorporateParty
+ */
+ public boolean isRepresentingCorporateParty() {
+ return representCorporateParty;
+ }
+
+ /**
+ * @param representCorporateParty the representCorporateParty to set
+ */
+ public void setRepresentingCorporateParty(boolean representCorporateParty) {
+ this.representCorporateParty = representCorporateParty;
+ }
+
+ /**
+ * @return the connectionParameters
+ */
+ public ConnectionParameter getConnectionParameters() {
+ return connectionParameters;
+ }
+
+ /**
+ * @param connectionParameters the connectionParameters to set
+ */
+ public void setConnectionParameters(ConnectionParameter connectionParameters) {
+ this.connectionParameters = connectionParameters;
+ }
+
+
+ /**
+ * @return the representationText
+ */
+ public String getRepresentationText() {
+ return representationText;
+ }
+
+
+ /**
+ * @param representationText the representationText to set
+ */
+ public void setRepresentationText(String representationText) {
+ this.representationText = representationText;
+ }
+
+ /**
+ * @return the inputProcessorClass
+ */
+ public String getInputProcessorClass() {
+ return inputProcessorClass;
+ }
+
+ /**
+ * @param inputProcessorClass the inputProcessorClass to set
+ */
+ public void setInputProcessorClass(String inputProcessorClass) {
+ this.inputProcessorClass = inputProcessorClass;
+ }
+
+ /**
+ * @return the inputProcessorTemplate
+ */
+ public String getInputProcessorTemplate() {
+ return inputProcessorTemplate;
+ }
+
+ /**
+ * @param inputProcessorTemplate the inputProcessorTemplate to set
+ */
+ public void setInputProcessorTemplate(String inputProcessorTemplate) {
+ this.inputProcessorTemplate = inputProcessorTemplate;
+ }
+
+
+}
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/validator/parep/client/szrgw/CreateMandateRequest.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/validator/parep/client/szrgw/CreateMandateRequest.java new file mode 100644 index 000000000..fe8e263ff --- /dev/null +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/validator/parep/client/szrgw/CreateMandateRequest.java @@ -0,0 +1,235 @@ +package at.gv.egovernment.moa.id.auth.validator.parep.client.szrgw;
+
+import java.util.ArrayList;
+import java.util.List;
+
+import javax.xml.parsers.DocumentBuilder;
+import javax.xml.parsers.DocumentBuilderFactory;
+
+import org.w3c.dom.Document;
+import org.w3c.dom.Element;
+import org.w3c.dom.Node;
+
+import at.gv.egovernment.moa.id.auth.data.InfoboxValidatorParams;
+import at.gv.egovernment.moa.id.auth.validator.parep.ParepUtils;
+import at.gv.egovernment.moa.util.Constants;
+
+/**
+ * This class implements a detailed CreateMandateRequest that
+ * will be sent to SZR-gateway.
+ *
+ * @author <a href="mailto:peter.danner@egiz.gv.at">Peter Danner</a>
+ */
+public class CreateMandateRequest {
+
+ /**
+ * The Request.
+ */
+ private Document document;
+
+ /**
+ * List of mandate representatives as XML element.
+ */
+ private List representatives;
+
+ /**
+ * The mandator.
+ */
+ private Element mandator;
+
+ /**
+ * The representative.
+ */
+ private Element representative;
+
+ /**
+ * The signature to verify by the SZR-gateway
+ */
+ private Element signature;
+
+
+
+ /**
+ * Creates the CreateMandateRequest element that will
+ * be sent to SZR-gateway
+ *
+ * @return the CreateMandateRequest element.
+ */
+ public Element toElement() throws SZRGWClientException{
+
+ this.document = ParepUtils.createEmptyDocument();
+ Element root = this.document.createElement(SZRGWConstants.SZRGW_PREFIX + SZRGWConstants.CREATE_MANDATE_REQUEST);
+ root.setAttribute("xmlns" + SZRGWConstants.SZRGW_POSTFIX, SZRGWConstants.SZRGW_REQUEST_NS);
+ root.setAttribute("xmlns" + SZRGWConstants.PD_POSTFIX, Constants.PD_NS_URI);
+ if (this.representative!=null) root.appendChild(this.document.importNode(this.representative, true));
+ if (this.mandator!=null) root.appendChild(this.document.importNode(this.mandator, true));
+ if (this.signature!=null) root.appendChild(this.document.importNode(this.signature, true));
+
+ return root;
+ }
+
+ /**
+ * Adds a representative.
+ *
+ * @param representative an XML representative to add.
+ */
+ public void addRepresentative(Element representative) {
+ if (representatives == null) {
+ representatives = new ArrayList();
+ }
+ representatives.add(representative);
+ }
+
+ /**
+ * Gets the representative.
+ *
+ * @return the representative.
+ */
+ public Element getRepresentative() {
+ return representative;
+ }
+
+ /**
+ * Gets the mandator.
+ *
+ * @return the mandator.
+ */
+ public Element getMandator() {
+ return mandator;
+ }
+
+ /**
+ * Sets the mandator.
+ *
+ * @param mandator the mandator.
+ */
+ public void setMandator(Element mandator) {
+ this.mandator = mandator;
+ }
+
+ /**
+ * Sets the Mandator.
+ *
+ * @param familyName the family name of the mandator.
+ */
+ public void setMandator(String familyName, String givenName, String dateOfBirth,
+ String postalCode, String municipality, String streetName, String buildingNumber, String unit,
+ boolean physical, String cbFullName, String cbIdentificationType, String cbIdentificationValue) throws SZRGWClientException {
+
+ Document mandatorDocument = ParepUtils.createEmptyDocument();
+
+ Element mandatorElem = mandatorDocument.createElementNS(SZRGWConstants.SZRGW_REQUEST_NS, SZRGWConstants.SZRGW_PREFIX + SZRGWConstants.MANDATOR);
+// mandatorElem.setAttribute("xmlns" + SZRGWConstants.PD_POSTFIX, Constants.PD_NS_URI);
+/// mandatorElem.setAttribute("xmlns" + SZRGWConstants.SZRGW_POSTFIX, SZRGWConstants.SZRGW_REQUEST_NS);
+
+ if (physical) {
+ Element physicalPersonElem = mandatorDocument.createElementNS(Constants.PD_NS_URI, SZRGWConstants.PD_PREFIX + SZRGWConstants.PHYSICALPERSON);
+ physicalPersonElem.appendChild(createNameElem(mandatorDocument, givenName, familyName));
+ physicalPersonElem.appendChild(createPersonDataElem(mandatorDocument, SZRGWConstants.DATEOFBIRTH, dateOfBirth));
+ mandatorElem.appendChild(physicalPersonElem);
+ Element postalAddressElement = createPostalAddressElem(mandatorDocument, postalCode, municipality, streetName, buildingNumber, unit);
+ if (null!=postalAddressElement) mandatorElem.appendChild(postalAddressElement);
+ } else {
+ Element corporateBodyElem = mandatorDocument.createElementNS(Constants.PD_NS_URI, SZRGWConstants.PD_PREFIX + SZRGWConstants.CORPORATEBODY);
+ corporateBodyElem.appendChild(createIdentificationElem(mandatorDocument, cbIdentificationType, cbIdentificationValue));
+ corporateBodyElem.appendChild(createPersonDataElem(mandatorDocument, SZRGWConstants.FULLNAME, cbFullName));
+ mandatorElem.appendChild(corporateBodyElem);
+ }
+
+
+ this.mandator = mandatorElem;
+ }
+
+ private Element createPersonDataElem(Document document, String elementName, String elementValue) {
+ Element elem = document.createElementNS(Constants.PD_NS_URI, SZRGWConstants.PD_PREFIX + elementName);
+ Node value = document.createTextNode(elementValue);
+ elem.appendChild(value);
+ return elem;
+ }
+
+ private Element createIdentificationElem(Document document, String identificationType, String identificationValue) {
+ Element identificationElem = document.createElementNS(Constants.PD_NS_URI, SZRGWConstants.PD_PREFIX + SZRGWConstants.IDENTIFICATION);
+ identificationElem.appendChild(createPersonDataElem(document, SZRGWConstants.VALUE, identificationValue));
+ identificationElem.appendChild(createPersonDataElem(document, SZRGWConstants.TYPE, identificationType));
+ return identificationElem;
+ }
+ private Element createNameElem(Document document, String givenName, String familyName) {
+ Element nameElem = document.createElementNS(Constants.PD_NS_URI, SZRGWConstants.PD_PREFIX + SZRGWConstants.NAME);
+ nameElem.appendChild(createPersonDataElem(document, SZRGWConstants.GIVENNAME, givenName));
+ nameElem.appendChild(createPersonDataElem(document, SZRGWConstants.FAMILYNAME, familyName));
+ return nameElem;
+ }
+ private Element createPostalAddressElem(Document document, String postalCode, String municipality, String streetName, String buildingNumber, String unit) {
+
+ if (ParepUtils.isEmpty(postalCode) && ParepUtils.isEmpty(municipality) && ParepUtils.isEmpty(streetName)
+ && ParepUtils.isEmpty(buildingNumber) && ParepUtils.isEmpty(unit)) return null;
+ Element postalAddressElem = document.createElementNS(Constants.PD_NS_URI, SZRGWConstants.PD_PREFIX + SZRGWConstants.POSTALADDRESS);
+
+ if (!ParepUtils.isEmpty(postalCode)) {
+ postalAddressElem.appendChild(createPersonDataElem(document, SZRGWConstants.POSTALCODE, postalCode));
+ }
+ if (!ParepUtils.isEmpty(municipality)) {
+ postalAddressElem.appendChild(createPersonDataElem(document, SZRGWConstants.MUNICIPALITY, municipality));
+ }
+ if (!ParepUtils.isEmpty(streetName) || !ParepUtils.isEmpty(buildingNumber) || !ParepUtils.isEmpty(unit)) {
+ Element deliveryAddressElem = document.createElementNS(Constants.PD_NS_URI, SZRGWConstants.PD_PREFIX + SZRGWConstants.DELIVERYADDRESS);
+
+ if (!ParepUtils.isEmpty(streetName)) {
+ deliveryAddressElem.appendChild(createPersonDataElem(document, SZRGWConstants.STREETNAME, streetName));
+ }
+ if (!ParepUtils.isEmpty(buildingNumber)) {
+ deliveryAddressElem.appendChild(createPersonDataElem(document, SZRGWConstants.BUILDINGNUMBER, buildingNumber));
+ }
+ if (!ParepUtils.isEmpty(unit)) {
+ deliveryAddressElem.appendChild(createPersonDataElem(document, SZRGWConstants.UNIT, unit));
+ }
+ postalAddressElem.appendChild(deliveryAddressElem);
+ }
+ return postalAddressElem;
+ }
+
+
+
+ /**
+ * Sets the Representative.
+ *
+ * @param params InfoboxValidatorParams contain the data of the representative.
+ * @param identificationType the type of the identification of the representative (has to be urn:publicid:gv.at:cdid).
+ * @param identificationValue the identification value (bPK).
+ */
+ public void setRepresentative(InfoboxValidatorParams params, String identificationType, String identificationValue) throws SZRGWClientException {
+
+ Document representativeDocument = ParepUtils.createEmptyDocument();
+
+ Element representativeElem = representativeDocument.createElementNS(SZRGWConstants.SZRGW_REQUEST_NS, SZRGWConstants.SZRGW_PREFIX + SZRGWConstants.REPRESENTATIVE);
+// representativeElem.setAttribute("xmlns" + SZRGWConstants.PD_POSTFIX, Constants.PD_NS_URI);
+// representativeElem.setAttribute("xmlns" + SZRGWConstants.SZRGW_POSTFIX, SZRGWConstants.SZRGW_REQUEST_NS);
+
+ representativeElem.appendChild(createIdentificationElem(representativeDocument, identificationType, identificationValue));
+ representativeElem.appendChild(createNameElem(representativeDocument, params.getGivenName(), params.getFamilyName()));
+ representativeElem.appendChild(createPersonDataElem(representativeDocument, SZRGWConstants.DATEOFBIRTH, params.getDateOfBirth()));
+
+ this.representative = representativeElem;
+ }
+
+ /**
+ * @return the signature
+ */
+ public Element getSignature() {
+ return signature;
+ }
+
+ /**
+ * @param signature the signature to set
+ */
+ public void setSignature(Element signature) throws SZRGWClientException{
+ Document signatureDocument = ParepUtils.createEmptyDocument();
+ Element signatureElem = signatureDocument.createElementNS(SZRGWConstants.SZRGW_REQUEST_NS, SZRGWConstants.SZRGW_PREFIX + "Signature");
+ //SZR-gateway takes the first Signature
+ //signatureElem.setAttribute("SignatureLocation", "//saml:Assertion/dsig:Signature");
+ signatureElem.appendChild(signatureDocument.importNode(signature, true));
+ this.signature = signatureElem;
+ }
+
+
+}
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/validator/parep/client/szrgw/CreateMandateResponse.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/validator/parep/client/szrgw/CreateMandateResponse.java new file mode 100644 index 000000000..0f6ed8abf --- /dev/null +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/validator/parep/client/szrgw/CreateMandateResponse.java @@ -0,0 +1,130 @@ +package at.gv.egovernment.moa.id.auth.validator.parep.client.szrgw;
+
+import java.io.FileInputStream;
+import java.util.Hashtable;
+import org.apache.xpath.XPathAPI;
+import org.w3c.dom.Document;
+import org.w3c.dom.Element;
+import org.w3c.dom.Node;
+import org.w3c.dom.NodeList;
+
+
+/**
+ * This class implements a SZR-gateway CreateMandate Response.
+ *
+ * @author <a href="mailto:peter.danner@egiz.gv.at">Peter Danner</a>
+ */
+public class CreateMandateResponse {
+
+ /**
+ * Result code of the request.
+ */
+ private int resultCode;
+
+ /**
+ * Description of the result.
+ */
+ private String resultInfo;
+
+ /**
+ * The returned mandate.
+ */
+ private Element mandate;
+
+ /**
+ * @return the resultCode
+ */
+ public int getResultCode() {
+ return resultCode;
+ }
+
+ /**
+ * @param resultCode the resultCode to set
+ */
+ public void setResultCode(String resultCode) {
+ if (resultCode!=null) {
+ this.resultCode = Integer.parseInt(resultCode);
+ } else {
+ this.resultCode = 0;
+ }
+ }
+
+ /**
+ * @return the resultInfo
+ */
+ public String getInfo() {
+ return resultInfo;
+ }
+
+ /**
+ * @param resultInfo the resultInfo to set
+ */
+ public void setInfo(String resultInfo) {
+ this.resultInfo = resultInfo;
+ }
+
+ /**
+ * @return the mandate
+ */
+ public Element getMandate() {
+ return mandate;
+ }
+
+ /**
+ * @param mandate the mandate to set
+ */
+ public void setMandate(Element mandate) {
+ this.mandate = mandate;
+ }
+
+
+ /**
+ * Parses the SZR-gateway response.
+ *
+ * @param response the SZR-gateway response.
+ * @throws SZRGWClientException if an error occurs.
+ */
+ public void parse(Element response) throws SZRGWClientException {
+ try {
+
+ // first check if response is a soap error
+ NodeList list = response.getElementsByTagName("faultstring");
+ if (list.getLength() > 0) {
+ throw new SZRGWClientException("Fehler bei SZR-Gateway: "+list.item(0).getChildNodes().item(0).getNodeValue());
+ }
+
+ this.mandate = null;
+ this.resultCode = 2000;
+ this.resultInfo = null;
+ // parse single SZR-gateway results
+ Element nameSpaceNode = response.getOwnerDocument().createElement("NameSpaceNode");
+ nameSpaceNode.setAttribute("xmlns" + SZRGWConstants.SZRGW_POSTFIX, SZRGWConstants.SZRGW_REQUEST_NS);
+ nameSpaceNode.setAttribute("xmlns" + SZRGWConstants.MANDATE_POSTFIX, SZRGWConstants.MANDATE_NS);
+
+ Node mandateNode = XPathAPI.selectSingleNode(response, "//" + SZRGWConstants.SZRGW_PREFIX + SZRGWConstants.CREATE_MANDATE_RESPONSE + "/" + SZRGWConstants.MANDATE_PREFIX + SZRGWConstants.MANDATE, nameSpaceNode);
+ if (mandateNode!=null) {
+ this.mandate = (Element) mandateNode;
+ } else {
+ String errorResponse = "//" + SZRGWConstants.SZRGW_PREFIX + SZRGWConstants.CREATE_MANDATE_RESPONSE + "/" + SZRGWConstants.SZRGW_PREFIX + SZRGWConstants.ERROR_RESPONSE + "/";
+ Node errorCode = XPathAPI.selectSingleNode(response, errorResponse + SZRGWConstants.SZRGW_PREFIX + "ErrorCode/text()", nameSpaceNode);
+ if (errorCode!=null) setResultCode(errorCode.getNodeValue());
+ Node errorInfo = XPathAPI.selectSingleNode(response, errorResponse + SZRGWConstants.SZRGW_PREFIX + "Info/text()", nameSpaceNode);
+ this.setInfo(errorInfo.getNodeValue());
+ }
+ } catch(Exception e) {
+ e.printStackTrace();
+ throw new SZRGWClientException(e);
+ }
+ }
+
+ public static void main(String[] args) throws Exception {
+// CreateMandateResponse resp = new CreateMandateResponse();
+// Document doc = ParepUtils.readDocFromIs(new FileInputStream("c:/response2.xml"));
+// Element response = doc.getDocumentElement();
+// resp.parse(response);
+// System.out.println(resp.getResultCode());
+// System.out.println(resp.getInfo());
+// if (resp.getMandate()!=null) ParepUtils.serializeElement(resp.getMandate(), System.out);
+ }
+
+}
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/validator/parep/client/szrgw/SOAPConstants.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/validator/parep/client/szrgw/SOAPConstants.java new file mode 100644 index 000000000..d9d248c81 --- /dev/null +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/validator/parep/client/szrgw/SOAPConstants.java @@ -0,0 +1,23 @@ +package at.gv.egovernment.moa.id.auth.validator.parep.client.szrgw;
+
+/**
+ * SOAP Envelope Constants.
+ *
+ * @author <a href="mailto:arne.tauber@egiz.gv.at">Arne Tauber</a>
+ * @version $ $
+ **/
+public interface SOAPConstants {
+
+ /*
+ * Namespaces and namespace prefixes for SOAP message handling
+ */
+ String SOAP_ENV_NS = "http://schemas.xmlsoap.org/soap/envelope/";
+ String SOAP_ENV_ENCODING_STYLE = "http://schemas.xmlsoap.org/soap/encoding/";
+ String SOAP_ENV_PREFIX = "soapenv:";
+ String SOAP_ENV_POSTFIX = ":soapenv";
+
+ String ENVELOPE = "Envelope";
+ String BODY = "Body";
+ String ENCODING_STYLE = "encodingStyle";
+
+}
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/validator/parep/client/szrgw/SZRGWClient.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/validator/parep/client/szrgw/SZRGWClient.java new file mode 100644 index 000000000..1e6dc1039 --- /dev/null +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/validator/parep/client/szrgw/SZRGWClient.java @@ -0,0 +1,144 @@ +
+package at.gv.egovernment.moa.id.auth.validator.parep.client.szrgw;
+
+import java.io.ByteArrayInputStream;
+import java.io.ByteArrayOutputStream;
+import java.security.Security;
+
+import javax.net.ssl.SSLSocketFactory;
+import org.apache.commons.httpclient.HttpClient;
+import org.apache.commons.httpclient.methods.PostMethod;
+import org.apache.commons.httpclient.protocol.Protocol;
+import org.w3c.dom.Document;
+import org.w3c.dom.Element;
+
+import at.gv.egovernment.moa.id.auth.validator.parep.ParepUtils;
+import at.gv.egovernment.moa.id.config.ConfigurationException;
+import at.gv.egovernment.moa.logging.Logger;
+
+
+/**
+ * This class implements a client for communication with the SZR-gateway
+ * <p>
+ * Two types of requests are supported
+ * <ol>
+ * <li>Basic Request</li>
+ * <li>Detailed Request</li>
+ * </ol>
+ *
+ * @author <a href="mailto:peter.danner@egiz.gv.at">Peter Danner</a>
+ */
+public class SZRGWClient {
+ /**
+ * The URL of the SZR-gateway webservice.
+ */
+ private String address;
+
+ /**
+ * The SSL socket factory when using a secure connection.
+ */
+ private SSLSocketFactory sSLSocketFactory;
+
+ /**
+ * Constructor
+ */
+ public SZRGWClient() {
+ }
+
+ /**
+ * Constructor
+ *
+ * @param address the URL of the SZR-gateway webservice.
+ */
+ public SZRGWClient(String address) {
+ this.address = address;
+ }
+ /**
+ * Sets the SSL socket factory.
+ *
+ * @param factory the SSL socket factory.
+ */
+ public void setSSLSocketFactory(SSLSocketFactory factory) {
+ this.sSLSocketFactory = factory;
+ }
+
+ /**
+ * Sets the SZR webservice URL
+ *
+ * @param address the URL of the SZR-gateway webservice.
+ */
+ public void setAddress(String address) {
+ this.address = address;
+ }
+
+ /**
+ * Creates a mandate.
+ *
+ * @param reqElem the request.
+ * @return a SZR-gateway response containing the result
+ * @throws SZRGWException when an error occurs creating the mandate.
+ */
+ public CreateMandateResponse createMandateResponse(Element reqElem) throws SZRGWClientException {
+ Logger.info("Connecting to SZR-gateway.");
+ try {
+ if (address == null) {
+ throw new NullPointerException("Address (SZR-gateway ServiceURL) must not be null.");
+ }
+ HttpClient client = new HttpClient();
+ PostMethod method = new PostMethod(address);
+ method.setRequestHeader("SOAPAction", "");
+
+
+ // ssl settings
+ if (sSLSocketFactory != null) {
+ SZRGWSecureSocketFactory fac = new SZRGWSecureSocketFactory(sSLSocketFactory);
+ Protocol.registerProtocol("https", new Protocol("https", fac, 443));
+ }
+
+ // create soap body
+ Element soapBody = getSOAPBody();
+ Document doc = soapBody.getOwnerDocument();
+ soapBody.appendChild(doc.importNode(reqElem, true));
+ Element requestElement = soapBody.getOwnerDocument().getDocumentElement();
+
+ ByteArrayOutputStream bos = new ByteArrayOutputStream();
+ ParepUtils.serializeElementAsDocument(requestElement, bos);
+
+ method.setRequestBody(new ByteArrayInputStream(bos.toByteArray()));
+
+ client.executeMethod(method);
+ CreateMandateResponse response = new CreateMandateResponse();
+
+ bos = new ByteArrayOutputStream();
+ doc = ParepUtils.readDocFromIs(method.getResponseBodyAsStream());
+
+ response.parse(doc.getDocumentElement());
+
+
+ return response;
+ } catch(Exception e) {
+ //e.printStackTrace();
+ throw new SZRGWClientException(e);
+ }
+ }
+
+ /*
+ * builds an XML soap envelope
+ */
+ private Element getSOAPBody() throws SZRGWClientException {
+ Document doc_ = ParepUtils.createEmptyDocument();
+ Element root = doc_.createElementNS(SOAPConstants.SOAP_ENV_NS, SOAPConstants.SOAP_ENV_PREFIX + SOAPConstants.ENVELOPE);
+ doc_.appendChild(root);
+
+ root.setAttribute("xmlns" + SOAPConstants.SOAP_ENV_POSTFIX, SOAPConstants.SOAP_ENV_NS);
+ //root.setAttribute(SOAPConstants.SOAP_ENV_PREFIX + SOAPConstants.ENCODING_STYLE, SOAPConstants.SOAP_ENV_ENCODING_STYLE);
+ root.setAttribute("xmlns:xsd", "http://www.w3.org/2001/XMLSchema");
+ root.setAttribute("xmlns:xsi", "http://www.w3.org/2001/XMLSchema-instance");
+
+ Element body = doc_.createElementNS(SOAPConstants.SOAP_ENV_NS, SOAPConstants.SOAP_ENV_PREFIX + SOAPConstants.BODY);
+ root.appendChild(body);
+
+ return body;
+ }
+
+}
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/validator/parep/client/szrgw/SZRGWClientException.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/validator/parep/client/szrgw/SZRGWClientException.java new file mode 100644 index 000000000..11aaf289b --- /dev/null +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/validator/parep/client/szrgw/SZRGWClientException.java @@ -0,0 +1,37 @@ +package at.gv.egovernment.moa.id.auth.validator.parep.client.szrgw;
+
+/**
+ * This class implements the basic exception type for the SZR-gateway client
+ *
+ * @author <a href="mailto:peter.danner@egiz.gv.at">Peter Danner</a>
+ */
+public class SZRGWClientException extends Exception {
+
+ /*
+ * see super constructor.
+ */
+ public SZRGWClientException() {
+ super();
+ }
+
+ /*
+ * see super constructor.
+ */
+ public SZRGWClientException(String arg0) {
+ super(arg0);
+ }
+
+ /*
+ * see super construction.
+ */
+ public SZRGWClientException(Throwable arg0) {
+ super(arg0);
+ }
+
+ /*
+ * see super constructor
+ */
+ public SZRGWClientException(String arg0, Throwable arg1) {
+ super(arg0, arg1);
+ }
+}
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/validator/parep/client/szrgw/SZRGWConstants.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/validator/parep/client/szrgw/SZRGWConstants.java new file mode 100644 index 000000000..4f815f1e7 --- /dev/null +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/validator/parep/client/szrgw/SZRGWConstants.java @@ -0,0 +1,51 @@ +package at.gv.egovernment.moa.id.auth.validator.parep.client.szrgw;
+
+/**
+ * This interface specifies all the constants needed for the communication with the SZR-gateway.
+ *
+ * @author <a href="mailto:peter.danner@egiz.gv.at">Peter Danner</a>
+ */
+public interface SZRGWConstants {
+
+ //PersonData
+ String PD_PREFIX = "pr:";
+ String PD_POSTFIX = ":pr";
+ String PERSON = "Person";
+ String PHYSICALPERSON = "PhysicalPerson";
+ String CORPORATEBODY = "CorporateBody";
+ String IDENTIFICATION = "Identification";
+ String VALUE = "Value";
+ String TYPE = "Type";
+ String NAME = "Name";
+ String GIVENNAME = "GivenName";
+ String FAMILYNAME = "FamilyName";
+ String DATEOFBIRTH = "DateOfBirth";
+ String FULLNAME = "FullName";
+ String ORGANIZATION = "Organization";
+
+ String POSTALADDRESS = "PostalAddress";
+ String DELIVERYADDRESS = "DeliveryAddress";
+ String MUNICIPALITY = "Municipality";
+ String POSTALCODE = "PostalCode";
+ String STREETNAME = "StreetName";
+ String BUILDINGNUMBER = "BuildingNumber";
+ String UNIT = "Unit";
+ //String ADDRESS = "Address";
+ //String COUNTRYCODE = "CountryCode";
+ //String DOORNUMBER = "DoorNumber";
+
+ // SZR-gateway constants
+ String SZRGW_REQUEST_NS = "http://reference.e-government.gv.at/namespace/szrgw/20070807#";
+ String MANDATE_NS = "http://reference.e-government.gv.at/namespace/mandates/20040701#";
+ String SZRGW_PREFIX = "sgw:";
+ String SZRGW_POSTFIX = ":sgw";
+ String CREATE_MANDATE_REQUEST = "CreateMandateRequest";
+ String CREATE_MANDATE_RESPONSE = "CreateMandateResponse";
+ String ERROR_RESPONSE = "ErrorResponse";
+ String MANDATOR = "Mandator";
+ String REPRESENTATIVE = "Representative";
+ String MANDATE = "Mandate";
+ String MANDATE_PREFIX = "md:";
+ String MANDATE_POSTFIX = ":md";
+
+}
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/validator/parep/client/szrgw/SZRGWSecureSocketFactory.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/validator/parep/client/szrgw/SZRGWSecureSocketFactory.java new file mode 100644 index 000000000..41a07d146 --- /dev/null +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/validator/parep/client/szrgw/SZRGWSecureSocketFactory.java @@ -0,0 +1,94 @@ +package at.gv.egovernment.moa.id.auth.validator.parep.client.szrgw;
+
+import java.io.IOException;
+import java.net.InetAddress;
+import java.net.Socket;
+import java.net.UnknownHostException;
+import javax.net.ssl.SSLSocketFactory;
+import org.apache.commons.httpclient.protocol.SecureProtocolSocketFactory;
+
+
+/**
+ * This class implements a secure protocol socket factory
+ * for the Apache HTTP client.
+ *
+ * @author <a href="mailto:peter.danner@egiz.gv.at">Peter Danner</a>
+ */
+public class SZRGWSecureSocketFactory implements SecureProtocolSocketFactory {
+
+ /**
+ * The SSL socket factory.
+ */
+ private SSLSocketFactory factory;
+
+ /**
+ * Creates a new Secure socket factory for the
+ * Apache HTTP client.
+ *
+ * @param factory the SSL socket factory to use.
+ */
+ public SZRGWSecureSocketFactory(SSLSocketFactory factory) {
+ this.factory = factory;
+ }
+
+
+ /**
+ * @see SecureProtocolSocketFactory#createSocket(java.lang.String,int,java.net.InetAddress,int)
+ */
+ public Socket createSocket(
+ String host,
+ int port,
+ InetAddress clientHost,
+ int clientPort)
+ throws IOException, UnknownHostException {
+
+ return this.factory.createSocket(
+ host,
+ port,
+ clientHost,
+ clientPort
+ );
+ }
+
+ /**
+ * @see SecureProtocolSocketFactory#createSocket(java.lang.String,int)
+ */
+ public Socket createSocket(String host, int port)
+ throws IOException, UnknownHostException {
+ return this.factory.createSocket(
+ host,
+ port
+ );
+ }
+
+ /**
+ * @see SecureProtocolSocketFactory#createSocket(java.net.Socket,java.lang.String,int,boolean)
+ */
+ public Socket createSocket(
+ Socket socket,
+ String host,
+ int port,
+ boolean autoClose)
+ throws IOException, UnknownHostException {
+ return this.factory.createSocket(
+ socket,
+ host,
+ port,
+ autoClose
+ );
+ }
+
+ /**
+ * @see java.lang.Object#equals(java.lang.Object)
+ */
+ public boolean equals(Object obj) {
+ return ((obj != null) && obj.getClass().equals(SZRGWSecureSocketFactory.class));
+ }
+
+ /**
+ * @see java.lang.Object#hashCode()
+ */
+ public int hashCode() {
+ return SZRGWSecureSocketFactory.class.hashCode();
+ }
+}
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/validator/parep/config/ParepConfiguration.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/validator/parep/config/ParepConfiguration.java new file mode 100644 index 000000000..c56555b2e --- /dev/null +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/validator/parep/config/ParepConfiguration.java @@ -0,0 +1,411 @@ +package at.gv.egovernment.moa.id.auth.validator.parep.config;
+
+import java.io.File;
+import java.io.FileInputStream;
+import java.util.HashMap;
+
+import org.apache.xpath.XPathAPI;
+import org.w3c.dom.Document;
+import org.w3c.dom.Element;
+import org.w3c.dom.Node;
+import org.w3c.dom.NodeList;
+
+import at.gv.egovernment.moa.id.auth.validator.parep.ParepUtils;
+import at.gv.egovernment.moa.id.auth.validator.parep.ParepValidator;
+import at.gv.egovernment.moa.id.auth.validator.parep.PartyRepresentative;
+import at.gv.egovernment.moa.id.auth.validator.parep.client.szrgw.SZRGWConstants;
+import at.gv.egovernment.moa.id.config.ConfigurationException;
+import at.gv.egovernment.moa.id.config.ConfigurationProvider;
+import at.gv.egovernment.moa.id.config.ConnectionParameter;
+import at.gv.egovernment.moa.logging.Logger;
+import at.gv.egovernment.moa.util.BoolUtils;
+import at.gv.egovernment.moa.util.Constants;
+
+/**
+ * This class implements the Configuration.
+ *
+ * @author <a href="mailto:peter.danner@egiz.gv.at">Peter Danner</a>
+ */
+public class ParepConfiguration {
+
+ /**
+ * System property for config file.
+ */
+ public final static String PAREP_VALIDATOR_CONFIG = "parep.validator.config";
+
+ /**
+ * SZR-GW connection parameters.
+ */
+ private ConnectionParameter standardConnectionParameters;
+
+ /**
+ * Input field processor.
+ */
+ private String standardInputProcessorClass;
+
+ /**
+ * Input field processor template.
+ */
+ private String standardInputProcessorTemplate;
+
+ /**
+ * Configured party representatives.
+ */
+ private HashMap partyRepresentatives;
+
+ /**
+ * The configuration element.
+ */
+ private Element configElement = null;
+
+ /**
+ * Defines whether the user input form must be shown on each
+ * request or not (also predefined mandates)
+ */
+ private boolean alwaysShowForm = false;
+
+ /**
+ * The configuration base directory.
+ */
+ private String baseDir_;
+
+ /**
+ * Gets the SZR-GW connection parameters.
+ *
+ * @return the connection parameters.
+ */
+ public ConnectionParameter getConnectionParameters(String representationID) {
+ if (partyRepresentatives == null || "*".equals(representationID))
+ return standardConnectionParameters;
+ PartyRepresentative pr = (PartyRepresentative) partyRepresentatives.get(representationID);
+ ConnectionParameter connectionParameters = pr.getConnectionParameters();
+ if (connectionParameters==null) connectionParameters = standardConnectionParameters;
+ return connectionParameters;
+ }
+
+ /**
+ * Sets the SZR-GW connection parameters for standard connection.
+ *
+ * @param connectionParameters
+ * the connection parameters.
+ */
+ public void setStandardConnectionParameters(ConnectionParameter connectionParameters) {
+ this.standardConnectionParameters = connectionParameters;
+ }
+
+ /*
+ *
+ */
+ public String getFullDirectoryName(String fileString) {
+ return makeAbsoluteURL(fileString, baseDir_);
+ }
+
+ /*
+ *
+ */
+ private static String makeAbsoluteURL(String url, String root) {
+ // if url is relative to rootConfigFileDirName make it absolute
+
+ File keyFile;
+ String newURL = url;
+
+ if (null == url)
+ return null;
+
+ if (url.startsWith("http:/") || url.startsWith("https:/") || url.startsWith("ftp:/") || url.startsWith("file:/") || url.startsWith("file:\\")) {
+ return url;
+ } else {
+ // check if absolute - if not make it absolute
+ keyFile = new File(url);
+ if (!keyFile.isAbsolute()) {
+ keyFile = new File(root, url);
+ newURL = keyFile.getPath();
+ }
+ return newURL;
+ }
+ }
+
+ /**
+ * Initializes the configuration with a given XML configuration element found
+ * in the MOA-ID configuration.
+ *
+ * @param configElem
+ * the configuration element.
+ * @throws ConfigurationException
+ * if an error occurs initializing the configuration.
+ */
+ public ParepConfiguration(Element configElem) throws ConfigurationException {
+
+ partyRepresentatives = new HashMap();
+ partyRepresentatives.put("*", new PartyRepresentative(true, true));
+
+ String fileName = System.getProperty(ConfigurationProvider.CONFIG_PROPERTY_NAME);
+
+ try {
+
+ baseDir_ = (new File(fileName)).getParentFile().toURL().toString();
+ Logger.trace("Config base directory: " + baseDir_);
+ // check for configuration in system properties
+ if (System.getProperty(PAREP_VALIDATOR_CONFIG) != null) {
+ Document doc = ParepUtils.readDocFromIs(new FileInputStream(System.getProperty(PAREP_VALIDATOR_CONFIG)));
+ this.configElement = doc.getDocumentElement();
+ } else {
+ this.configElement = configElem;
+ }
+ } catch (Exception e) {
+ throw new ConfigurationException("Allgemeiner Fehler beim Einlesen der ParepValidatorConfiguration", null, e);
+ }
+ load();
+ }
+
+ /*
+ *
+ */
+ private void load() throws ConfigurationException {
+ Logger.debug("Parse ParepValidator Konfiguration");
+ try {
+ Element nameSpaceNode = configElement.getOwnerDocument().createElement("NameSpaceNode");
+ nameSpaceNode.setAttribute("xmlns:" + Constants.MOA_ID_CONFIG_PREFIX, Constants.MOA_ID_CONFIG_NS_URI);
+ // nameSpaceNode.setAttribute("xmlns:sgw",
+ // SZRGWConstants.SZRGW_PROFILE_NS);
+
+ Node inputProcessorNode = XPathAPI.selectSingleNode(configElement, Constants.MOA_ID_CONFIG_PREFIX + ":PartyRepresentation/"
+ + Constants.MOA_ID_CONFIG_PREFIX + ":InputProcessor", nameSpaceNode);
+ if (inputProcessorNode != null) {
+ this.standardInputProcessorTemplate = ((Element) inputProcessorNode).getAttribute("template");
+ Node inputProcessorClassNode = XPathAPI.selectSingleNode(configElement, Constants.MOA_ID_CONFIG_PREFIX + ":PartyRepresentation/"
+ + Constants.MOA_ID_CONFIG_PREFIX + ":InputProcessor/text()", nameSpaceNode);
+ if (inputProcessorClassNode != null) {
+ this.standardInputProcessorClass = inputProcessorClassNode.getNodeValue();
+ }
+ }
+ Node alwaysShowFormNode = XPathAPI.selectSingleNode(configElement, Constants.MOA_ID_CONFIG_PREFIX + ":PartyRepresentation/"
+ + Constants.MOA_ID_CONFIG_PREFIX + ":AlwaysShowForm/text()", nameSpaceNode);
+ if (alwaysShowFormNode != null) {
+ this.setAlwaysShowForm(alwaysShowFormNode.getNodeValue());
+ }
+
+ // load connection parameters
+ Logger.debug("Lade SZR-Gateway Standard Verbindungsparameter");
+ Element connectionParamElement = (Element) XPathAPI.selectSingleNode(configElement, Constants.MOA_ID_CONFIG_PREFIX + ":PartyRepresentation/"
+ + Constants.MOA_ID_CONFIG_PREFIX + ":ConnectionParameter", nameSpaceNode);
+ if (connectionParamElement != null) {
+ // parse connection parameters
+ // ParepUtils.serializeElement(connectionParamElement, System.out);
+ this.standardConnectionParameters = buildConnectionParameter(connectionParamElement, nameSpaceNode);
+ }
+
+ Logger.debug("Lade Konfiguration der Parteienvertreter");
+ NodeList partyRepresentativeNodeList = XPathAPI.selectNodeList(configElement, Constants.MOA_ID_CONFIG_PREFIX + ":PartyRepresentation/"
+ + Constants.MOA_ID_CONFIG_PREFIX + ":PartyRepresentative", nameSpaceNode);
+ for (int i = 0; i < partyRepresentativeNodeList.getLength(); i++) {
+
+ PartyRepresentative partyRepresentative = new PartyRepresentative();
+
+ Element partyRepresentativeElement = (Element) partyRepresentativeNodeList.item(i);
+ boolean representPhysicalParty = partyRepresentativeElement.getAttribute("representPhysicalParty").equalsIgnoreCase("true") ? true : false;
+ boolean representCorporateParty = partyRepresentativeElement.getAttribute("representCorporateParty").equalsIgnoreCase("true") ? true : false;
+ partyRepresentative.setOid(partyRepresentativeElement.getAttribute("oid"));
+ partyRepresentative.setRepresentingPhysicalParty(representPhysicalParty);
+ partyRepresentative.setRepresentingCorporateParty(representCorporateParty);
+ partyRepresentative.setRepresentationText(partyRepresentativeElement.getAttribute("representationText"));
+
+ Node inputProcessorSubNode = XPathAPI.selectSingleNode(partyRepresentativeElement, Constants.MOA_ID_CONFIG_PREFIX + ":InputProcessor", nameSpaceNode);
+ if (inputProcessorSubNode != null) {
+ partyRepresentative.setInputProcessorTemplate(((Element) inputProcessorSubNode).getAttribute("template"));
+ Node inputProcessorClassSubNode = XPathAPI.selectSingleNode(partyRepresentativeElement, Constants.MOA_ID_CONFIG_PREFIX
+ + ":InputProcessor/text()", nameSpaceNode);
+ if (inputProcessorClassSubNode != null) {
+ partyRepresentative.setInputProcessorClass(inputProcessorClassSubNode.getNodeValue());
+ }
+ }
+
+ Element connectionParamSubElement = (Element) XPathAPI.selectSingleNode(partyRepresentativeElement, Constants.MOA_ID_CONFIG_PREFIX
+ + ":ConnectionParameter", nameSpaceNode);
+ if (connectionParamSubElement == null) {
+ if (this.standardConnectionParameters == null) {
+ throw new ConfigurationException("Fehler beim Parsen der ParepValidatorConfiguration: SZR-GW Verbindungsparameter zu Parteienvetreter "
+ + partyRepresentative.getOid() + " fehlen.", null, null);
+ }
+ } else {
+ // parse connection parameters
+ // ParepUtils.serializeElement(connectionParamSubElement, System.out);
+ partyRepresentative.setConnectionParameters(buildConnectionParameter(connectionParamSubElement, nameSpaceNode));
+ }
+ partyRepresentatives.put(partyRepresentative.getOid(), partyRepresentative);
+ Logger.info("Parteienvertreter: " + partyRepresentative.getOid() + " erfolgreich konfiguriert (representPhysicalParty="
+ + partyRepresentative.isRepresentingPhysicalParty() + ", representCorporateParty=" + partyRepresentative.isRepresentingCorporateParty()
+ + ", representationText=" + partyRepresentative.getRepresentationText()
+ + ")");
+ }
+
+ Logger.debug("ParepValidator Konfiguration erfolgreich geparst.");
+ } catch (Exception e) {
+ throw new ConfigurationException("Allgemeiner Fehler beim Parsen der MandateValidatorConfiguration", null, e);
+ }
+ }
+
+ /*
+ *
+ */
+ private ConnectionParameter buildConnectionParameter(Element connParamElement, Element nameSpaceNode) throws ConfigurationException {
+ try {
+ ConnectionParameter connectionParameter = new ConnectionParameter();
+
+ // parse connection url
+ String URL = connParamElement.getAttribute("URL");
+ connectionParameter.setUrl(URL);
+
+ // accepted server certificates
+ Node accServerCertsNode = XPathAPI.selectSingleNode(connParamElement, Constants.MOA_ID_CONFIG_PREFIX + ":AcceptedServerCertificates/text()",
+ nameSpaceNode);
+ if (accServerCertsNode != null) {
+
+ String serverCertsDir = getFullDirectoryName(accServerCertsNode.getNodeValue());
+ Logger.debug("Full directory name of accepted server certificates: " + serverCertsDir);
+ connectionParameter.setAcceptedServerCertificates(serverCertsDir);
+ }
+
+ // client key store
+ Node clientKeyStoreNode = XPathAPI.selectSingleNode(connParamElement, Constants.MOA_ID_CONFIG_PREFIX + ":ClientKeyStore/text()", nameSpaceNode);
+ if (clientKeyStoreNode != null) {
+ String clientKeystore = getFullDirectoryName(clientKeyStoreNode.getNodeValue());
+ connectionParameter.setClientKeyStore(clientKeystore);
+ }
+
+ // client key store password
+ Node clientKeyStorePasswordNode = XPathAPI.selectSingleNode(connParamElement, Constants.MOA_ID_CONFIG_PREFIX + ":ClientKeyStore/@password",
+ nameSpaceNode);
+ if (clientKeyStorePasswordNode != null) {
+ connectionParameter.setClientKeyStorePassword(clientKeyStorePasswordNode.getNodeValue());
+ }
+
+ return connectionParameter;
+ } catch (Exception e) {
+ throw new ConfigurationException("Allgemeiner Fehler beim Parsen der ParepValidator ConnectionParameter.", null, e);
+ }
+ }
+
+ public boolean isPartyRepresentative(String representationID) {
+ if (partyRepresentatives == null)
+ return false;
+ PartyRepresentative pr = (PartyRepresentative) partyRepresentatives.get(representationID);
+ return pr != null;
+ }
+
+ public boolean isRepresentingCorporateParty(String representationID) {
+ if (partyRepresentatives == null) return false;
+ PartyRepresentative pr = (PartyRepresentative) partyRepresentatives.get(representationID);
+ if (pr == null) return false;
+ return pr.isRepresentingCorporateParty();
+ }
+
+ public boolean isRepresentingPhysicalParty(String representationID) {
+ if (partyRepresentatives == null) return false;
+ PartyRepresentative pr = (PartyRepresentative) partyRepresentatives.get(representationID);
+ if (pr == null) return false;
+ return pr.isRepresentingPhysicalParty();
+ }
+
+ public String getRepresentationText(String representationID) {
+ String result = ParepValidator.STANDARD_REPRESENTATION_TEXT;
+ if (partyRepresentatives != null) {
+ PartyRepresentative pr = (PartyRepresentative) partyRepresentatives.get(representationID);
+ if (pr != null) {
+ if (!ParepUtils.isEmpty(pr.getRepresentationText())) result = pr.getRepresentationText();
+ }
+ }
+ return result;
+ }
+
+ /**
+ * @return the input processor classname corresponding to <code>representationID</code>
+ * @param representationID
+ * the representation ID.
+ */
+ public String getInputProcessorClass(String representationID) {
+ String inputProcessorClass = standardInputProcessorClass;
+ if (ParepUtils.isEmpty(inputProcessorClass)) inputProcessorClass = ParepValidator.PAREP_INPUT_PROCESSOR;
+ if (!(partyRepresentatives == null || "*".equals(representationID))) {
+ PartyRepresentative pr = (PartyRepresentative) partyRepresentatives.get(representationID);
+ if (pr!=null) {
+ String prInputProcessorClass = pr.getInputProcessorClass();
+ if (!ParepUtils.isEmpty(prInputProcessorClass)) inputProcessorClass = prInputProcessorClass;
+ }
+ }
+ return inputProcessorClass;
+ }
+
+ /**
+ * @param standardInputProcessorClass the standardInputProcessorClass to set
+ */
+ public void setStandardInputProcessorClass(String standardInputProcessorClass) {
+ this.standardInputProcessorClass = standardInputProcessorClass;
+ }
+
+ /**
+ * @return the InputProcessorTemplate
+ */
+ public String getInputProcessorTemplate(String representationID) {
+ String inputProcessorTemplate = standardInputProcessorTemplate;
+ if (ParepUtils.isEmpty(inputProcessorTemplate)) inputProcessorTemplate = ParepValidator.PAREP_INPUT_TEMPLATE;
+ if (!(partyRepresentatives == null || "*".equals(representationID))) {
+ PartyRepresentative pr = (PartyRepresentative) partyRepresentatives.get(representationID);
+ if (pr!=null) {
+ String prInputProcessorTemplate = pr.getInputProcessorTemplate();
+ if (!ParepUtils.isEmpty(prInputProcessorTemplate)) inputProcessorTemplate = prInputProcessorTemplate;
+ }
+ }
+ return inputProcessorTemplate;
+ }
+
+ /**
+ * @param standardInputProcessorTemplate the standardInputProcessorTemplate to set
+ */
+ public void setStandardInputProcessorTemplate(String standardInputProcessorTemplate) {
+ this.standardInputProcessorTemplate = standardInputProcessorTemplate;
+ }
+
+ /**
+ * @return the alwaysShowForm
+ */
+ public boolean isAlwaysShowForm() {
+ return alwaysShowForm;
+ }
+
+ /**
+ * @param alwaysShowForm the alwaysShowForm to set
+ */
+ public void setAlwaysShowForm(String alwaysShowForm) {
+ if (ParepUtils.isEmpty(alwaysShowForm)) {
+ this.alwaysShowForm = false;
+ } else {
+ this.alwaysShowForm = alwaysShowForm.equalsIgnoreCase("true");
+ }
+ }
+
+ public static boolean isMandateCompatibilityMode(Element configElement) throws ConfigurationException {
+ try {
+ Element nameSpaceNode = configElement.getOwnerDocument().createElement("NameSpaceNode");
+ nameSpaceNode.setAttribute("xmlns:" + Constants.MOA_ID_CONFIG_PREFIX, Constants.MOA_ID_CONFIG_NS_URI);
+ Node mandateCompatibilityNode = XPathAPI.selectSingleNode(configElement, Constants.MOA_ID_CONFIG_PREFIX + ":CompatibilityMode/text()", nameSpaceNode);
+ if (mandateCompatibilityNode != null && !ParepUtils.isEmpty(mandateCompatibilityNode.getNodeValue())) {
+ return mandateCompatibilityNode.getNodeValue().equalsIgnoreCase("true");
+ }
+ return false;
+ } catch (Exception e) {
+ throw new ConfigurationException("Allgemeiner Fehler beim Parsen der ParepValidator ConnectionParameter.", null, e);
+ }
+
+ }
+
+
+// public static void main(String[] args) throws Exception {
+// System.setProperty(PAREP_VALIDATOR_CONFIG, "c:/Doku/work/Organwalter/ConfigurationSnippetAppSpecific.xml");
+// System.setProperty("moa.id.configuration", "c:/workspace33moa/.metadata/.plugins/org.eclipse.wst.server.core/tmp0/conf/moa-id/SampleMOAWIDConfiguration_withTestBKsProxy.xml");
+// System.setProperty("log4j.configuration", "file:c:/workspace33moa/.metadata/.plugins/org.eclipse.wst.server.core/tmp0/conf/moa-id/log4j.properties");
+// Configuration cfg = new Configuration(null);
+// System.out.println(cfg.getInputProcessorClass("1.2.40.0.10.3.110"));
+//}
+
+}
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/ConfigurationBuilder.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/ConfigurationBuilder.java index 90b780526..27955602f 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/ConfigurationBuilder.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/ConfigurationBuilder.java @@ -80,6 +80,9 @@ public class ConfigurationBuilder { protected static final String AUTH_TEMPLATE_XPATH = ROOT + CONF + "AuthComponent/" + CONF + "Templates/" + CONF + "Template/@URL"; /** an XPATH-Expression */ + protected static final String INPUT_PROCESSOR_TEMPLATE_XPATH = + ROOT + CONF + "AuthComponent/" + CONF + "Templates/" + CONF + "InputProcessorSignTemplate/@URL"; + /** an XPATH-Expression */ public static final String AUTH_SECLAYER_TRANSFORMS_INFO_FILENAME_XPATH = ROOT + CONF + "AuthComponent/" + CONF + "SecurityLayer/" + CONF + "TransformsInfo/@filename"; /** an XPATH-Expression */ @@ -392,6 +395,8 @@ public class ConfigurationBuilder { XPathUtils.getAttributeValue(configElem_, AUTH_BKUSELECT_TEMPLATE_XPATH, null); String templateURL = XPathUtils.getAttributeValue(configElem_, AUTH_TEMPLATE_XPATH, null); + String inputProcessorSignTemplateURL = + XPathUtils.getAttributeValue(configElem_, INPUT_PROCESSOR_TEMPLATE_XPATH, null); List OA_set = new ArrayList(); NodeList OAIter = XPathUtils.selectNodeList(configElem_, OA_XPATH); @@ -457,6 +462,7 @@ public class ConfigurationBuilder { oap.setProvideCertificate(BoolUtils.valueOf(authComponent.getAttribute("provideCertificate"))); oap.setBkuSelectionTemplateURL(buildTemplateURL(authComponent, OA_AUTH_COMPONENT_BKUSELECT_TEMPLATE_XPATH, bkuSelectionTemplateURL)); oap.setTemplateURL(buildTemplateURL(authComponent, OA_AUTH_COMPONENT_TEMPLATE_XPATH, templateURL)); + oap.setInputProcessorSignTemplateURL(buildTemplateURL(authComponent, INPUT_PROCESSOR_TEMPLATE_XPATH, inputProcessorSignTemplateURL)); // load OA specific transforms if present String[] transformsInfoFileNames = buildTransformsInfoFileNames(authComponent, OA_AUTH_COMPONENT_TRANSFORMS_INFO_FILENAME_XPATH); try { @@ -669,7 +675,7 @@ public class ConfigurationBuilder { String identifier = number.getAttribute("Identifier"); // remove all blanks identificationNumber = StringUtils.removeBlanks(identificationNumber); - if (number.getLocalName().equals("Firmenbuchnummer") || identifier.equalsIgnoreCase("fn")) { + if (number.getLocalName().equals("Firmenbuchnummer") || identifier.equalsIgnoreCase("fn") || identifier.equalsIgnoreCase("xfn")) { // delete zeros from the beginning of the number identificationNumber = StringUtils.deleteLeadingZeros(identificationNumber); // remove hyphens diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/auth/OAAuthParameter.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/auth/OAAuthParameter.java index ba3b61f9d..132bebce3 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/auth/OAAuthParameter.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/auth/OAAuthParameter.java @@ -65,6 +65,10 @@ public class OAAuthParameter extends OAParameter { */ private String templateURL; /** + * template for web page "Signatur der Anmeldedaten" + */ + private String inputProcessorSignTemplateURL; + /** * Parameters for verifying infoboxes. */ private VerifyInfoboxParameters verifyInfoboxParameters; @@ -164,6 +168,15 @@ public class OAAuthParameter extends OAParameter { } /** + * Returns the inputProcessorSignTemplateURL url. + * @return The inputProcessorSignTemplateURL url or <code>null</code> if no url for + * a input processor sign template is set. + */ + public String getInputProcessorSignTemplateURL() { + return inputProcessorSignTemplateURL; + } + + /** * Returns the parameters for verifying additional infoboxes. * * @return The parameters for verifying additional infoboxes. @@ -258,6 +271,16 @@ public class OAAuthParameter extends OAParameter { } /** + * Sets the input processor sign form template url. + * + * @param inputProcessorSignTemplateURL The url string specifying the + * location of the input processor sign form + */ + public void setInputProcessorSignTemplateURL(String inputProcessorSignTemplateURL) { + this.inputProcessorSignTemplateURL = inputProcessorSignTemplateURL; + } + + /** * Sets the parameters for verifying additonal (to the identitylink infobox) infoboxes. * * @param verifyInfoboxParameters The verifyInfoboxParameters to set. @@ -265,4 +288,5 @@ public class OAAuthParameter extends OAParameter { public void setVerifyInfoboxParameters(VerifyInfoboxParameters verifyInfoboxParameters) { this.verifyInfoboxParameters = verifyInfoboxParameters; } + } diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/util/ServletUtils.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/util/ServletUtils.java new file mode 100644 index 000000000..a4a89e183 --- /dev/null +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/util/ServletUtils.java @@ -0,0 +1,63 @@ +/**
+ *
+ */
+package at.gv.egovernment.moa.id.util;
+
+import java.io.IOException;
+import java.io.OutputStream;
+
+import javax.servlet.http.HttpServletResponse;
+
+import at.gv.egovernment.moa.id.MOAIDException;
+import at.gv.egovernment.moa.id.auth.AuthenticationServer;
+import at.gv.egovernment.moa.id.auth.builder.DataURLBuilder;
+import at.gv.egovernment.moa.id.auth.data.AuthenticationSession;
+import at.gv.egovernment.moa.logging.Logger;
+
+/**
+ * @author <a href="mailto:peter.danner@egiz.gv.at">Peter Danner</a>
+ *
+ */
+public class ServletUtils {
+
+ /**
+ * Writes out whether the CreateXMLSignatureRequest or a Redirect for form input processing
+ * depending on the requests starting text.
+ *
+ * @param resp The httpServletResponse
+ * @param session The current AuthenticationSession
+ * @param createXMLSignatureRequestOrRedirect The request
+ * @param servletGoal The servlet to which the redirect should happen
+ * @param servletName The servlet name for debug purposes
+ * @throws MOAIDException
+ * @throws IOException
+ */
+ public static void writeCreateXMLSignatureRequestOrRedirect(HttpServletResponse resp, AuthenticationSession session, String createXMLSignatureRequestOrRedirect, String servletGoal, String servletName)
+ throws MOAIDException,
+ IOException
+ {
+ if (!createXMLSignatureRequestOrRedirect.startsWith("Redirect")) {
+ resp.setStatus(307);
+ String dataURL = new DataURLBuilder().buildDataURL(
+ session.getAuthURL(), AuthenticationServer.REQ_VERIFY_AUTH_BLOCK, session.getSessionID());
+ resp.addHeader("Location", dataURL);
+
+ //TODO test impact of explicit setting charset with older versions of BKUs (HotSign)
+ resp.setContentType("text/xml;charset=UTF-8");
+
+ OutputStream out = resp.getOutputStream();
+ out.write(createXMLSignatureRequestOrRedirect.getBytes("UTF-8"));
+ out.flush();
+ out.close();
+ Logger.debug("Finished POST " + servletName);
+ } else {
+ String redirectURL = new DataURLBuilder().buildDataURL(session.getAuthURL(), servletGoal, session.getSessionID());
+ resp.setContentType("text/html");
+ resp.setStatus(302);
+ resp.addHeader("Location", redirectURL);
+ Logger.debug("REDIRECT TO: " + redirectURL);
+
+ }
+ }
+
+}
diff --git a/id/server/idserverlib/src/main/resources/resources/properties/id_messages_de.properties b/id/server/idserverlib/src/main/resources/resources/properties/id_messages_de.properties index 4cfa6f765..8e8f9583b 100644 --- a/id/server/idserverlib/src/main/resources/resources/properties/id_messages_de.properties +++ b/id/server/idserverlib/src/main/resources/resources/properties/id_messages_de.properties @@ -64,6 +64,7 @@ parser.07=Fehler beim Parsen: Assoziatives Array im {0}-InfoboxResponse enthält builder.00=Fehler beim Aufbau der Struktur "{0}": {1}
builder.01=Fehlerhaftes Template: Kennung "{0}" fehlt
+builder.02=Fehler beim Ausblenden von Stammzahlen
service.00=Fehler beim Aufruf des Web Service: {0}
service.01=Fehler beim Aufruf des Web Service: kein Endpoint
@@ -156,5 +157,11 @@ validator.49=Beim Ermitteln der Personenbindungs-OID im Zertifikat, mit dem die validator.50=Transformationskette in der Signatur stimmt mit keiner Transformationskette aus dem Prüfprofil überein.
+validator.60=Überprüfung der {0}-Infobox fehlgeschlagen: Vollmachtenprüfung ist für diesen Typ von Vollmachten nicht aktiviert. Die übermittelte Vollmacht kann nicht für eine Anmeldung verwendet werden.
+validator.61=Überprüfung der {0}-Infobox fehlgeschlagen: Vollmachtenprüfung ist für diesen Typ von Vollmachten für berufliche Parteienvertreter nicht aktiviert. Die übermittelte Vollmacht kann nicht für eine Anmeldung verwendet werden.
+validator.62=Fehler in der Übermittlung: keine primäre Vollmacht übergeben.
+validator.63=Es ist ein Fehler bei der Formulargenerierung für berufliche Parteienvetretung aufgetreten.
+validator.64=Fehler beim Austausch von Vollmachtsdaten
+validator.65=Es ist ein Fehler bei der Formulargenerierung für berufliche Parteienvetretung aufgetreten - kein Formular zur Anzeige vorhanden.
ssl.01=Validierung des SSL-Server-Endzertifikates hat fehlgeschlagen
diff --git a/id/server/idserverlib/src/main/resources/resources/templates/ParepMinTemplate.html b/id/server/idserverlib/src/main/resources/resources/templates/ParepMinTemplate.html new file mode 100644 index 000000000..a7608b9b4 --- /dev/null +++ b/id/server/idserverlib/src/main/resources/resources/templates/ParepMinTemplate.html @@ -0,0 +1,134 @@ +<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "DTD/xhtml1-transitional.dtd">
+<html>
+<head>
+<BASE href="<BASE_href>">
+<meta http-equiv="Content-Type" content="text/html; charset=UTF-8">
+<title>Berufliche Parteieinvertretung</title>
+</head>
+<body>
+Berufliche Parteienvertretung einer natürlichen/juristischen Person
+<form name="ProcessInputForm" method="post" accept-charset="UTF-8" enctype="application/x-www-form-urlencoded" action="<BASE_href>ProcessInput">
+ <table width="80%" border="0">
+ <tr/>
+ <tr/>
+ <tr>
+ <td colspan="3">
+ <em>Vertreter:</em></td>
+ </tr>
+ <tr>
+ <td align="right" width="20%">Vorname <img alt=" Dieses Feld muss ausgefüllt sein!" src="img/stern.gif" width="10" height="16" /></td>
+ <td ><input name="rpgivenname" type="text" disabled="true" id="rpgivenname" value="<rpgivenname>" size="50" readonly="true" />
+ </td>
+ <td></td>
+ </tr>
+ <tr>
+ <td align="right">Name <img alt=" Dieses Feld muss ausgefüllt sein!" src="img/stern.gif" width="10" height="16" /></td>
+ <td><input name="rpfamilyname" type="text" disabled="true" id="rpfamilyname" value="<rpfamilyname>" size="50" readonly="true" />
+ </td>
+ <td></td>
+ </tr>
+ <tr>
+ <td align="right">Geburtsdatum <img alt=" Dieses Feld muss ausgefüllt sein!" src="img/stern.gif" width="10" height="16" /></td>
+ <td><input name="rpdobyear" type="text" disabled="true" id="rpdobyear" value="<rpdobyear>" size="4" maxlength="4" readonly="true" />
+ - <input name="rpdobmonth" type="text" disabled="true" id="rpdobmonth" value="<rpdobmonth>" size="2" maxlength="2" readonly="true" />
+ - <input name="rpdobday" type="text" disabled="true" id="rpdobday" value="<rpdobday>" size="2" maxlength="2" readonly="true" />
+ </td>
+ <td></td>
+ </tr>
+ <tr>
+ <td colspan="2"><br/>
+ <em>Ich bin berufsmäßig berechtigt für die nachfolgend genannte Person in dessen Namen mit der Bürgerkarte einzuschreiten.</em></td>
+ <td> </td>
+ </tr>
+ <tr>
+ <td colspan="3"><br/>
+ <em>Vetretene Person:</em></td>
+ </tr>
+ <tr>
+ <td colspan="3"><input name="physical" type="radio" physdisabled="" value="true" physselected="" /> natürliche Person: </td>
+ </tr>
+ <tr>
+ <td align="right">Vorname <img alt=" Dieses Feld muss ausgefüllt sein!" src="img/stern.gif" width="10" height="16" /></td>
+ <td><input name="givenname" type="text" id="givenname" value="<givenname>" physdisabled="" size="50" /> <img src="img/info.gif" alt="Vorname laut ZMR Schreibweise" border="0"/>
+ </td>
+ <td></td>
+ </tr>
+ <tr>
+ <td align="right">Name <img alt=" Dieses Feld muss ausgefüllt sein!" src="img/stern.gif" width="10" height="16" /></td>
+ <td><input name="familyname" type="text" id="familyname" value="<familyname>" physdisabled="" size="50" /> <img src="img/info.gif" alt="Familienname laut ZMR Schreibweise" border="0"/>
+ </td>
+ <td></td>
+ </tr>
+ <tr>
+ <td align="right">Geburtsdatum <img alt=" Dieses Feld muss ausgefüllt sein!" src="img/stern.gif" width="10" height="16" /></td>
+ <td><input name="dobyear" type="text" id="dobyear" size="4" maxlength="4" value="<dobyear>" physdisabled="" />
+ - <input name="dobmonth" type="text" id="dobmonth" size="2" maxlength="2" value="<dobmonth>" physdisabled="" />
+ - <input name="dobday" type="text" id="dobday" size="2" maxlength="2" value="<dobday>" physdisabled="" /> <img src="img/info.gif" alt="Format: JJJJ-MM-TT" border="0"/>
+ </td>
+ <td></td>
+ </tr>
+ <tr>
+ <!--td align="right"><em>otional:</em> </td-->
+ <td align="center"><em>otional:</em></td>
+ <td colspan="2"/>
+ </tr>
+ <tr>
+ <td align="right">Straße </td>
+ <td><input name="streetname" type="text" id="streetname" value="<streetname>" physdisabled="" size="50" /> <img src="img/info.gif" alt="Straüe laut ZMR Schreibweise" border="0"/>
+ </td>
+ <td></td>
+ </tr>
+ <tr>
+ <td align="right">Hausnmummer </td>
+ <td><input name="buildingnumber" type="text" id="buildingnumber" value="<buildingnumber>" physdisabled="" size="50" /> <img src="img/info.gif" alt="Hausnummer laut ZMR Schreibweise" border="0"/>
+ </td>
+ <td></td>
+ </tr>
+ <tr>
+ <td align="right">Einh. Nr. </td>
+ <td><input name="unit" type="text" id="unit" value="<unit>" size="50" physdisabled="" /> <img src="img/info.gif" alt="Nutzungseinheitsnummer laut ZMR Schreibweise" border="0"/>
+ </td>
+ <td></td>
+ </tr>
+ <tr>
+ <td align="right">Postleitzahl </td>
+ <td><input name="postalcode" type="text" id="postalcode" value="<postalcode>" size="50" physdisabled="" /> <img src="img/info.gif" alt="Postleitzahl laut ZMR Schreibweise" border="0"/>
+ </td>
+ <td></td>
+ </tr>
+ <tr>
+ <td align="right">Gemeinde </td>
+ <td><input name="municipality" type="text" id="municipality" value="<municipality>" size="50" physdisabled="" /> <img src="img/info.gif" alt="Gemeinde laut ZMR Schreibweise" border="0"/>
+ </td>
+ <td></td>
+ </tr>
+ <tr>
+ <td colspan="3"> </td>
+ </tr>
+ <tr>
+ <td colspan="3"><input name="physical" type="radio" cbdisabled="" value="false" cbselected=""/ > juristische Person: </td>
+ </tr>
+ <tr>
+ <td align="right">Name <img alt=" Dieses Feld muss ausgefüllt sein!" src="img/stern.gif" width="10" height="16" /></td>
+ <td><input name="fullname" type="text" cbdisabled="" id="fullname" value="<fullname>" size="50" /> <img src="img/info.gif" alt="Name der Organisation laut ZMR Schreibweise" border="0"/>
+ </td>
+ <td></td>
+ </tr>
+ <tr>
+ <td align="right"><select name="cbidentificationtype" size="1" cbseldisabled="">
+ <option value="urn:publicid:gv.at:baseid+XFN" fnselected="">Firmenbuchnummer</option>
+ <option value="urn:publicid:gv.at:baseid+XZVR" vrselected="">Vereinsnummer</option>
+ <option value="urn:publicid:gv.at:baseid+XERSB" ersbselected="">Ord.Nr.im Ergänzungsreg.</option>
+ </select> <img alt=" Dieses Feld muss ausgefüllt sein!" src="img/stern.gif" width="10" height="16" /></td>
+ <td><input name="cbidentificationvalue" type="text" cbdisabled="" id="cbidentificationvalue" value="<cbidentificationvalue>" size="50" /> <img src="img/info.gif" alt="Ordnungsbegriff laut ZMR Schreibweise" border="0" />
+ </td>
+ <td></td>
+ </tr>
+ </table>
+ <br/><errortext>
+ <p><em>Bitte halten Sie Ihre Bürgerkartenumgebung bereit.</em></p> <p>
+ <input name="MOASessionID" type="hidden" id="MOASessionID" value="<MOASessionID>"/>
+ <input type="submit" name="Submit" value=" Weiter "/>
+ <input name="Clear" type="reset" id="Clear" value="Formular zurücksetzen"/> </p></form>
+</body>
+</html>
diff --git a/id/server/idserverlib/src/main/resources/resources/templates/ParepTemplate.html b/id/server/idserverlib/src/main/resources/resources/templates/ParepTemplate.html new file mode 100644 index 000000000..acfd9ead6 --- /dev/null +++ b/id/server/idserverlib/src/main/resources/resources/templates/ParepTemplate.html @@ -0,0 +1,171 @@ +<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "DTD/xhtml1-transitional.dtd">
+
+<html>
+<head>
+<BASE href="<BASE_href>">
+<meta http-equiv="Content-Type" content="text/html; charset=UTF-8">
+<title>Berufliche Parteieinvertretung</title>
+<link href="css/styles.css" type="text/css" rel="stylesheet">
+<link href="css/styles_opera.css" type="text/css" rel="stylesheet">
+<link href="css/mandates.css" type="text/css" rel="stylesheet">
+
+<script src="formallg.js" type="text/javascript"></script>
+<script src="fa.js" type="text/javascript"></script>
+</head>
+<body>
+
+
+<div class="hleft">
+<!--Stammzahlenregisterbehörde<br/>-->
+<!--Ballhausplatz 2<br/>-->
+<!--1014 Wien-->
+</div>
+<div class="hright" align="right"><img src="img/egov_schrift.gif" alt="E-Gov Logo"/></div>
+<div class="htitle" align="left">
+ <h1>Berufliche Parteienvertretung</h1>
+</div>
+<div class="leiste1" align="center">
+Bitte beachten Sie
+</div>
+<div class="leiste2" align="center">
+</div>
+<div class="leiste3">
+<img alt=" Dieses Feld muss ausgefüllt sein!" src="img/stern.gif" width="10" height="16" /> Feld muss ausgefüllt sein
+</div>
+<div class="leiste3">
+<img alt=" Hilfe zum Ausfüllen " src="img/info.gif" width="10" height="16" /> Ausfüllhilfe
+</div>
+<div class="leiste3">
+<img alt=" Angabe bitte ergänzen oder richtig stellen! " src="img/rufezeichen.gif" width="10" height="16" /> Fehlerhinweis</div>
+<div style="clear: both"> </div>
+
+<h2>Berufliche Parteienvertretung einer natürlichen/juristischen Person
+</h2>
+<div class="boundingbox">
+<form name="ProcessInputForm" method="post" accept-charset="UTF-8" enctype="application/x-www-form-urlencoded" action="<BASE_href>ProcessInput">
+ <table width="80%" border="0">
+ <tr/>
+ <tr/>
+ <tr>
+ <td colspan="3">
+ <em>Vertreter:</em></td>
+ </tr>
+ <tr>
+ <td align="right" width="20%">Vorname <img alt=" Dieses Feld muss ausgefüllt sein!" src="img/stern.gif" width="10" height="16" /></td>
+ <td ><input name="rpgivenname" type="text" disabled="true" id="rpgivenname" value="<rpgivenname>" size="50" readonly="true" />
+ </td>
+ <td></td>
+ </tr>
+ <tr>
+ <td align="right">Name <img alt=" Dieses Feld muss ausgefüllt sein!" src="img/stern.gif" width="10" height="16" /></td>
+ <td><input name="rpfamilyname" type="text" disabled="true" id="rpfamilyname" value="<rpfamilyname>" size="50" readonly="true" />
+ </td>
+ <td></td>
+ </tr>
+ <tr>
+ <td align="right">Geburtsdatum <img alt=" Dieses Feld muss ausgefüllt sein!" src="img/stern.gif" width="10" height="16" /></td>
+ <td><input name="rpdobyear" type="text" disabled="true" id="rpdobyear" value="<rpdobyear>" size="4" maxlength="4" readonly="true" />
+ - <input name="rpdobmonth" type="text" disabled="true" id="rpdobmonth" value="<rpdobmonth>" size="2" maxlength="2" readonly="true" />
+ - <input name="rpdobday" type="text" disabled="true" id="rpdobday" value="<rpdobday>" size="2" maxlength="2" readonly="true" />
+ </td>
+ <td></td>
+ </tr>
+ <tr>
+ <td colspan="2"><br/>
+ <em>Ich bin berufsmäßig berechtigt für die nachfolgend genannte Person in dessen Namen mit der Bürgerkarte einzuschreiten.</em></td>
+ <td> </td>
+ </tr>
+ <tr>
+ <td colspan="3"><br/>
+ <em>Vetretene Person:</em></td>
+ </tr>
+ <tr>
+ <td colspan="3"><input name="physical" type="radio" physdisabled="" value="true" physselected="" /> natürliche Person: </td>
+ </tr>
+ <tr>
+ <td align="right">Vorname <img alt=" Dieses Feld muss ausgefüllt sein!" src="img/stern.gif" width="10" height="16" /></td>
+ <td><input name="givenname" type="text" id="givenname" value="<givenname>" physdisabled="" size="50" /> <img src="img/info.gif" alt="Vorname laut ZMR Schreibweise" border="0"/>
+ </td>
+ <td></td>
+ </tr>
+ <tr>
+ <td align="right">Name <img alt=" Dieses Feld muss ausgefüllt sein!" src="img/stern.gif" width="10" height="16" /></td>
+ <td><input name="familyname" type="text" id="familyname" value="<familyname>" physdisabled="" size="50" /> <img src="img/info.gif" alt="Familienname laut ZMR Schreibweise" border="0"/>
+ </td>
+ <td></td>
+ </tr>
+ <tr>
+ <td align="right">Geburtsdatum <img alt=" Dieses Feld muss ausgefüllt sein!" src="img/stern.gif" width="10" height="16" /></td>
+ <td><input name="dobyear" type="text" id="dobyear" size="4" maxlength="4" value="<dobyear>" physdisabled="" />
+ - <input name="dobmonth" type="text" id="dobmonth" size="2" maxlength="2" value="<dobmonth>" physdisabled="" />
+ - <input name="dobday" type="text" id="dobday" size="2" maxlength="2" value="<dobday>" physdisabled="" /> <img src="img/info.gif" alt="Format: JJJJ-MM-TT" border="0"/>
+ </td>
+ <td></td>
+ </tr>
+ <tr>
+ <!--td align="right"><em>otional:</em> </td-->
+ <td align="center"><em>otional:</em></td>
+ <td colspan="2"/>
+ </tr>
+ <tr>
+ <td align="right">Straße </td>
+ <td><input name="streetname" type="text" id="streetname" value="<streetname>" physdisabled="" size="50" /> <img src="img/info.gif" alt="Straüe laut ZMR Schreibweise" border="0"/>
+ </td>
+ <td></td>
+ </tr>
+ <tr>
+ <td align="right">Hausnmummer </td>
+ <td><input name="buildingnumber" type="text" id="buildingnumber" value="<buildingnumber>" physdisabled="" size="50" /> <img src="img/info.gif" alt="Hausnummer laut ZMR Schreibweise" border="0"/>
+ </td>
+ <td></td>
+ </tr>
+ <tr>
+ <td align="right">Einh. Nr. </td>
+ <td><input name="unit" type="text" id="unit" value="<unit>" size="50" physdisabled="" /> <img src="img/info.gif" alt="Nutzungseinheitsnummer laut ZMR Schreibweise" border="0"/>
+ </td>
+ <td></td>
+ </tr>
+ <tr>
+ <td align="right">Postleitzahl </td>
+ <td><input name="postalcode" type="text" id="postalcode" value="<postalcode>" size="50" physdisabled="" /> <img src="img/info.gif" alt="Postleitzahl laut ZMR Schreibweise" border="0"/>
+ </td>
+ <td></td>
+ </tr>
+ <tr>
+ <td align="right">Gemeinde </td>
+ <td><input name="municipality" type="text" id="municipality" value="<municipality>" size="50" physdisabled="" /> <img src="img/info.gif" alt="Gemeinde laut ZMR Schreibweise" border="0"/>
+ </td>
+ <td></td>
+ </tr>
+ <tr>
+ <td colspan="3"> </td>
+ </tr>
+ <tr>
+ <td colspan="3"><input name="physical" type="radio" cbdisabled="" value="false" cbselected=""/ > juristische Person: </td>
+ </tr>
+ <tr>
+ <td align="right">Name <img alt=" Dieses Feld muss ausgefüllt sein!" src="img/stern.gif" width="10" height="16" /></td>
+ <td><input name="fullname" type="text" cbdisabled="" id="fullname" value="<fullname>" size="50" /> <img src="img/info.gif" alt="Name der Organisation laut ZMR Schreibweise" border="0"/>
+ </td>
+ <td></td>
+ </tr>
+ <tr>
+ <td align="right"><select name="cbidentificationtype" size="1" cbseldisabled="">
+ <option value="urn:publicid:gv.at:baseid+XFN" fnselected="">Firmenbuchnummer</option>
+ <option value="urn:publicid:gv.at:baseid+XZVR" vrselected="">Vereinsnummer</option>
+ <option value="urn:publicid:gv.at:baseid+XERSB" ersbselected="">Ord.Nr.im Ergänzungsreg.</option>
+ </select> <img alt=" Dieses Feld muss ausgefüllt sein!" src="img/stern.gif" width="10" height="16" /></td>
+ <td><input name="cbidentificationvalue" type="text" cbdisabled="" id="cbidentificationvalue" value="<cbidentificationvalue>" size="50" /> <img src="img/info.gif" alt="Ordnungsbegriff laut ZMR Schreibweise" border="0" />
+ </td>
+ <td></td>
+ </tr>
+ </table>
+ <br/><errortext>
+ <p><em>Bitte halten Sie Ihre Bürgerkartenumgebung bereit.</em></p> <p>
+ <input name="MOASessionID" type="hidden" id="MOASessionID" value="<MOASessionID>"/>
+ <input type="submit" name="Submit" value=" Weiter "/>
+ <input name="Clear" type="reset" id="Clear" value="Formular zurücksetzen"/> </p></form>
+
+</div>
+</body>
+</html>
diff --git a/id/server/pom.xml b/id/server/pom.xml index 246aec38d..c7c938666 100644 --- a/id/server/pom.xml +++ b/id/server/pom.xml @@ -4,14 +4,14 @@ <parent>
<groupId>MOA</groupId>
<artifactId>id</artifactId>
- <version>1.4.2beta1</version>
+ <version>1.4.2beta2</version>
</parent>
<modelVersion>4.0.0</modelVersion>
<groupId>MOA.id</groupId>
<artifactId>moa-id</artifactId>
<packaging>pom</packaging>
- <version>1.4.2beta1</version>
+ <version>1.4.2beta2</version>
<name>MOA ID Server</name>
<modules>
diff --git a/id/server/proxy/.classpath b/id/server/proxy/.classpath new file mode 100644 index 000000000..5d93de69c --- /dev/null +++ b/id/server/proxy/.classpath @@ -0,0 +1,4 @@ +<classpath> + <classpathentry kind="output" path="target/classes"/> + <classpathentry kind="con" path="org.eclipse.jdt.launching.JRE_CONTAINER"/> +</classpath>
\ No newline at end of file diff --git a/id/server/proxy/.project b/id/server/proxy/.project new file mode 100644 index 000000000..4e175804c --- /dev/null +++ b/id/server/proxy/.project @@ -0,0 +1,14 @@ +<projectDescription> + <name>moa-id-proxy</name> + <comment/> + <projects/> + <buildSpec> + <buildCommand> + <name>org.eclipse.jdt.core.javabuilder</name> + <arguments/> + </buildCommand> + </buildSpec> + <natures> + <nature>org.eclipse.jdt.core.javanature</nature> + </natures> +</projectDescription>
\ No newline at end of file diff --git a/id/server/proxy/.settings/org.eclipse.jdt.core.prefs b/id/server/proxy/.settings/org.eclipse.jdt.core.prefs new file mode 100644 index 000000000..5ffa1b7e5 --- /dev/null +++ b/id/server/proxy/.settings/org.eclipse.jdt.core.prefs @@ -0,0 +1,5 @@ +#Wed Aug 22 09:50:03 CEST 2007
+org.eclipse.jdt.core.compiler.codegen.targetPlatform=1.3
+eclipse.preferences.version=1
+org.eclipse.jdt.core.compiler.source=1.3
+org.eclipse.jdt.core.compiler.compliance=1.3
diff --git a/id/server/proxy/pom.xml b/id/server/proxy/pom.xml index 218ee02f9..172bb99b5 100644 --- a/id/server/proxy/pom.xml +++ b/id/server/proxy/pom.xml @@ -2,7 +2,7 @@ <parent>
<groupId>MOA.id</groupId>
<artifactId>moa-id</artifactId>
- <version>1.4.2beta1</version>
+ <version>1.4.2beta2</version>
</parent>
<properties>
@@ -13,7 +13,7 @@ <groupId>MOA.id.server</groupId>
<artifactId>moa-id-proxy</artifactId>
<packaging>war</packaging>
- <version>1.4.2beta1</version>
+ <version>1.4.2beta2</version>
<name>MOA ID-Proxy WebService</name>
<build>
diff --git a/id/templates/.classpath b/id/templates/.classpath new file mode 100644 index 000000000..5d93de69c --- /dev/null +++ b/id/templates/.classpath @@ -0,0 +1,4 @@ +<classpath> + <classpathentry kind="output" path="target/classes"/> + <classpathentry kind="con" path="org.eclipse.jdt.launching.JRE_CONTAINER"/> +</classpath>
\ No newline at end of file diff --git a/id/templates/.project b/id/templates/.project new file mode 100644 index 000000000..f0a8631ce --- /dev/null +++ b/id/templates/.project @@ -0,0 +1,14 @@ +<projectDescription> + <name>moa-id-templates</name> + <comment/> + <projects/> + <buildSpec> + <buildCommand> + <name>org.eclipse.jdt.core.javabuilder</name> + <arguments/> + </buildCommand> + </buildSpec> + <natures> + <nature>org.eclipse.jdt.core.javanature</nature> + </natures> +</projectDescription>
\ No newline at end of file diff --git a/id/templates/.settings/org.eclipse.jdt.core.prefs b/id/templates/.settings/org.eclipse.jdt.core.prefs new file mode 100644 index 000000000..c959c9def --- /dev/null +++ b/id/templates/.settings/org.eclipse.jdt.core.prefs @@ -0,0 +1,5 @@ +#Wed Aug 22 09:50:02 CEST 2007
+org.eclipse.jdt.core.compiler.codegen.targetPlatform=1.3
+eclipse.preferences.version=1
+org.eclipse.jdt.core.compiler.source=1.3
+org.eclipse.jdt.core.compiler.compliance=1.3
diff --git a/id/templates/pom.xml b/id/templates/pom.xml index bbcd53262..ea6ac7c4f 100644 --- a/id/templates/pom.xml +++ b/id/templates/pom.xml @@ -4,14 +4,14 @@ <parent> <groupId>MOA</groupId> <artifactId>id</artifactId> - <version>1.4.2beta1</version> + <version>1.4.2beta2</version> </parent> <modelVersion>4.0.0</modelVersion> <groupId>MOA.id</groupId> <artifactId>moa-id-templates</artifactId> <packaging>war</packaging> - <version>1.4.2beta1</version> + <version>1.4.2beta2</version> <name>MOA ID Sample Templates</name> <properties> diff --git a/id/templates/src/main/webapp/SampleInputProcessorSignTemplate.html b/id/templates/src/main/webapp/SampleInputProcessorSignTemplate.html new file mode 100644 index 000000000..c9b0a37b3 --- /dev/null +++ b/id/templates/src/main/webapp/SampleInputProcessorSignTemplate.html @@ -0,0 +1,45 @@ +<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">
+<html>
+<head>
+<title>MOA ID - Identifizierter Zugang mit Bürgerkarte</title>
+ <meta http-equiv="Content-Type" content="text/html; charset=utf-8">
+ <meta name="Author" content="Max Mustermann">
+ <meta name="keywords" content="MOA-ID">
+ <link rel="stylesheet" type="text/css" href="/moaid-templates/css/main.css">
+ <link rel="stylesheet" type="text/css" href="/moaid-templates/css/display.css" media="screen,projection,tv,handheld">
+ <script language="javascript" type="text/javascript">
+ //<!--
+ function autoSubmit() {
+ document.VerifyAuthBlockForm.submitButton.disabled=true;
+ document.VerifyAuthBlockForm.submit();
+ } //-->
+ </script>
+</head>
+
+<body onLoad="autoSubmit()">
+<img src="/moaid-templates/SampleLogo.gif" alt='Organisation XY'>
+<h1 align="center">Sicherer Zugang zur Online-Anwendung mit Bürgerkarte</h1>
+<p></p>
+
+Der identifizierte Zugang erfolgt über die Module für Online Applikationen (MOA) unter Verwendung einer Bürgerkarte und deren Signaturfunktion.
+
+<p></p>
+<p>Sie werden in kuürze zur Signatur der Anmeldedaten aufgefordert. Wenn sie diese
+signieren, so werden sie zur Online-Anwendung weitergeleitet und angemeldet.</p>
+
+<form name="VerifyAuthBlockForm" action="<BKU>" method="post" enctype="application/x-www-form-urlencoded">
+ <div align="center">
+ <input type="hidden" name="XMLRequest" value="<XMLRequest>"/>
+ <input type="hidden" name="DataURL" value="<DataURL>"/>
+ <input type="hidden" name="PushInfobox" value="<PushInfobox>"/>
+ <input type="submit" value="Signieren der Anmeldedaten" id="submitButton"/>
+ </div>
+</form>
+
+<div align="right"><a href="http://validator.w3.org/check?uri=http://localhost:8080/moaid-templates/SampleTemplate.html"><img border="0"
+ src="/moaid-templates/valid-html401.gif"
+ alt="Valid HTML 4.01!" height="31" width="88"></a> </div>
+<p align="right"> </p>
+
+</body>
+</html>
diff --git a/id/templates/src/main/webapp/SampleTemplate.html b/id/templates/src/main/webapp/SampleTemplate.html index e9756a036..824c7153c 100644 --- a/id/templates/src/main/webapp/SampleTemplate.html +++ b/id/templates/src/main/webapp/SampleTemplate.html @@ -2,11 +2,11 @@ <html> <head> <title>MOA ID - Identifizierter Zugang mit Bürgerkarte</title> - <meta http-equiv="Content-Type" content="text/html; charset=utf-8"> - <meta name="Author" content="Max Mustermann"> - <meta name="keywords" content="MOA-ID"> - <link rel="stylesheet" type="text/css" href="/moaid-templates/css/main.css"> - <link rel="stylesheet" type="text/css" href="/moaid-templates/css/display.css" media="screen,projection,tv,handheld"> + <meta http-equiv="Content-Type" content="text/html; charset=utf-8"> + <meta name="Author" content="Max Mustermann"> + <meta name="keywords" content="MOA-ID"> + <link rel="stylesheet" type="text/css" href="/moaid-templates/css/main.css"> + <link rel="stylesheet" type="text/css" href="/moaid-templates/css/display.css" media="screen,projection,tv,handheld"> </head> <body> @@ -24,33 +24,18 @@ signieren, so werden sie zur Online-Anwendung weitergeleitet und angemeldet.</p> <form name="CustomizedForm" action="<BKU>" method="post"> <div align="center"> - <input type="hidden" - name="XMLRequest" - value="<XMLRequest>"/> - <input type="hidden" - name="DataURL" - value="<DataURL>"/> - <input type="hidden" - name="PushInfobox" - value="<PushInfobox>"/> + <input type="hidden" name="XMLRequest" value="<XMLRequest>"/> + <input type="hidden" name="DataURL" value="<DataURL>"/> + <input type="hidden" name="PushInfobox" value="<PushInfobox>"/> <input type="submit" value="Anmeldung mit Bürgerkarte" name="submit"/> </div> </form> -<form name="CustomizedInfoForm" - action="<BKU>" - method="post"> - <input type="hidden" - name="XMLRequest" - value="<CertInfoXMLRequest>"/> - <input type="hidden" - name="DataURL" - value="<CertInfoDataURL>"/> - - +<form name="CustomizedInfoForm" action="<BKU>" method="post"> + <input type="hidden" name="XMLRequest" value="<CertInfoXMLRequest>"/> + <input type="hidden" name="DataURL" value="<CertInfoDataURL>"/> <br/> <p></p> - - <input type="hidden" value="Weitere Info"/> + <input type="hidden" value="Weitere Info"/> </form> <div align="right"><a href="http://validator.w3.org/check?uri=http://localhost:8080/moaid-templates/SampleTemplate.html"><img border="0" |