aboutsummaryrefslogtreecommitdiff
path: root/id
diff options
context:
space:
mode:
Diffstat (limited to 'id')
-rw-r--r--id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/Constants.java4
-rw-r--r--id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/auth/pvp2/BuildMetadata.java8
-rw-r--r--id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/data/FormularCustomization.java42
-rw-r--r--id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/data/oa/OAGeneralConfig.java154
-rw-r--r--id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/data/oa/OAPVP2Config.java16
-rw-r--r--id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/struts/action/EditOAAction.java112
-rw-r--r--id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/struts/action/IndexAction.java17
-rw-r--r--id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/validation/FormularCustomizationValitator.java18
-rw-r--r--id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/validation/oa/OAFileUploadValidation.java90
-rw-r--r--id/ConfigWebTool/src/main/resources/applicationResources.properties28
-rw-r--r--id/ConfigWebTool/src/main/webapp/css/index.css11
-rw-r--r--id/ConfigWebTool/src/main/webapp/jsp/editMOAConfig.jsp1
-rw-r--r--id/ConfigWebTool/src/main/webapp/jsp/editOAGeneral.jsp74
-rw-r--r--id/oa/src/main/java/at/gv/egovernment/moa/id/demoOA/servlet/pvp2/BuildMetadata.java7
-rw-r--r--id/oa/src/main/java/at/gv/egovernment/moa/id/demoOA/servlet/pvp2/DemoApplication.java13
-rw-r--r--id/readme_2.0.0.txt114
-rw-r--r--id/server/data/deploy/conf/moa-id-configuration/moa-id-configtool.properties (renamed from id/server/data/deploy/conf/moa-id-configuration/moa-id.properties)0
-rw-r--r--id/server/data/deploy/conf/moa-id-proxy/errorpages/errorpage-auth_debug.jsp (renamed from id/server/data/deploy/errorpages/errorpage-auth_debug.jsp)0
-rw-r--r--id/server/data/deploy/conf/moa-id-proxy/errorpages/errorpage-auth_empty.jsp (renamed from id/server/data/deploy/errorpages/errorpage-auth_empty.jsp)0
-rw-r--r--id/server/data/deploy/conf/moa-id-proxy/errorpages/errorpage-proxy_debug.jsp (renamed from id/server/data/deploy/errorpages/errorpage-proxy_debug.jsp)0
-rw-r--r--id/server/data/deploy/conf/moa-id-proxy/errorpages/errorpage-proxy_empty.jsp (renamed from id/server/data/deploy/errorpages/errorpage-proxy_empty.jsp)0
-rw-r--r--id/server/data/deploy/tomcat/unix/tomcat-start.sh6
-rw-r--r--id/server/data/deploy/tomcat/win32/startTomcat.bat5
-rw-r--r--id/server/doc/MOA-ID PreRelease-1.9.98.pdfbin417730 -> 481774 bytes
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/AuthenticationServer.java4
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/GetIdentityLinkFormBuilder.java8
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/LoginFormBuilder.java18
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/SendAssertionFormBuilder.java79
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/GenerateIFrameTemplateServlet.java11
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/auth/AuthConfigurationProvider.java4
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/auth/OAAuthParameter.java27
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/proxy/ProxyConfigurationProvider.java2
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/entrypoints/DispatcherServlet.java8
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/MetadataAction.java28
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/PVPConstants.java9
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/config/MOADefaultBootstrap.java61
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/config/MOADefaultSecurityConfigurationBootstrap.java129
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/config/PVPConfiguration.java4
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/requestHandler/AuthnRequestHandler.java23
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/verification/EntityVerifier.java22
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/verification/MetadataSignatureFilter.java41
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/util/FormBuildUtils.java2
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/util/ParamValidatorUtils.java4
-rw-r--r--id/server/idserverlib/src/main/resources/resources/properties/id_messages_de.properties5
-rw-r--r--id/server/moa-id-commons/src/main/resources/config/moaid_config_2.0.xsd58
-rw-r--r--id/server/stork2-saml-engine/src/main/java/eu/stork/peps/auth/engine/SAMLEngine.java13
46 files changed, 1102 insertions, 178 deletions
diff --git a/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/Constants.java b/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/Constants.java
index e0c6a69b7..b963890af 100644
--- a/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/Constants.java
+++ b/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/Constants.java
@@ -51,7 +51,9 @@ public class Constants {
public static final String SESSION_PVP2REQUESTID = "pvp2requestid";
public static final String SESSION_RETURNAREA = "returnarea";
public static final String SESSION_BKUFORMPREVIEW = "bkuformpreview";
- public static final String SESSION_OAUTH20SECRET = "oauth20secret";
+ public static final String SESSION_OAUTH20SECRET = "oauth20secret";
+ public static final String SESSION_BKUSELECTIONTEMPLATE = "bkuSelectionTemplate";
+ public static final String SESSION_SENDASSERTIONTEMPLATE = "sendAssertionTemplate";
public static enum STRUTS_RETURNAREA_VALUES {adminRequestsInit, main, usermanagementInit};
diff --git a/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/auth/pvp2/BuildMetadata.java b/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/auth/pvp2/BuildMetadata.java
index 56f593ce7..9a0f73a1f 100644
--- a/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/auth/pvp2/BuildMetadata.java
+++ b/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/auth/pvp2/BuildMetadata.java
@@ -45,6 +45,7 @@ import javax.xml.transform.dom.DOMSource;
import javax.xml.transform.stream.StreamResult;
import org.apache.log4j.Logger;
+import org.joda.time.DateTime;
import org.opensaml.Configuration;
import org.opensaml.common.impl.SecureRandomIdentifierGenerator;
import org.opensaml.common.xml.SAMLConstants;
@@ -87,6 +88,8 @@ public class BuildMetadata extends HttpServlet {
private static final Logger log = Logger.getLogger(BuildMetadata.class);
+ private static final int VALIDUNTIL_IN_HOURS = 24;
+
/**
* @see HttpServlet#HttpServlet()
*/
@@ -118,6 +121,9 @@ public class BuildMetadata extends HttpServlet {
EntitiesDescriptor spEntitiesDescriptor = SAML2Utils.
createSAMLObject(EntitiesDescriptor.class);
+ DateTime date = new DateTime();
+ spEntitiesDescriptor.setValidUntil(date.plusHours(VALIDUNTIL_IN_HOURS));
+
String name = config.getPVP2MetadataEntitiesName();
if (MiscUtil.isEmpty(name)) {
log.info("NO Metadata EntitiesName configurated");
@@ -130,6 +136,8 @@ public class BuildMetadata extends HttpServlet {
EntityDescriptor spEntityDescriptor = SAML2Utils
.createSAMLObject(EntityDescriptor.class);
+ spEntityDescriptor.setValidUntil(date.plusDays(VALIDUNTIL_IN_HOURS));
+
spEntitiesDescriptor.getEntityDescriptors().add(spEntityDescriptor);
String serviceURL = config.getPublicUrlPreFix(request);
diff --git a/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/data/FormularCustomization.java b/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/data/FormularCustomization.java
index 49d556ba4..687925c18 100644
--- a/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/data/FormularCustomization.java
+++ b/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/data/FormularCustomization.java
@@ -49,7 +49,10 @@ public class FormularCustomization {
private String button_BackGroundColor = null;
private String button_BackGroundColorFocus = null;
private String button_FrontColor = null;
-
+ private String applet_height = null;
+ private String applet_width = null;
+
+
private String appletRedirectTarget = null;
public static List<String> appletRedirectTargetList = null;
@@ -79,6 +82,14 @@ public class FormularCustomization {
onlyMandateAllowed = formcustom.isOnlyMandateLoginAllowed();
}
+ if (formcustom.getAppletHeight() != null) {
+ applet_height = formcustom.getAppletHeight();
+ }
+
+ if (formcustom.getAppletHeight() != null) {
+ applet_width = formcustom.getAppletWidth();
+ }
+
if (MiscUtil.isNotEmpty(formcustom.getAppletRedirectTarget()))
appletRedirectTarget = formcustom.getAppletRedirectTarget();
@@ -351,6 +362,35 @@ public class FormularCustomization {
this.fontTypeListValue = fontTypeListValue;
}
+ /**
+ * @return the applet_height
+ */
+ public String getApplet_height() {
+ return applet_height;
+ }
+
+ /**
+ * @param applet_height the applet_height to set
+ */
+ public void setApplet_height(String applet_height) {
+ this.applet_height = applet_height;
+ }
+
+ /**
+ * @return the applet_width
+ */
+ public String getApplet_width() {
+ return applet_width;
+ }
+
+ /**
+ * @param applet_width the applet_width to set
+ */
+ public void setApplet_width(String applet_width) {
+ this.applet_width = applet_width;
+ }
+
+
diff --git a/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/data/oa/OAGeneralConfig.java b/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/data/oa/OAGeneralConfig.java
index 334124cfd..079e6807e 100644
--- a/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/data/oa/OAGeneralConfig.java
+++ b/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/data/oa/OAGeneralConfig.java
@@ -22,6 +22,7 @@
*******************************************************************************/
package at.gv.egovernment.moa.id.configuration.data.oa;
+import java.io.File;
import java.util.ArrayList;
import java.util.Arrays;
import java.util.HashMap;
@@ -87,6 +88,16 @@ public class OAGeneralConfig {
private Map<String, byte[]> transformations;
+ private List<File> bkuSelectionFileUpload = null;
+ private List<String> bkuSelectionFileUploadContentType = null;
+ private List<String> bkuSelectionFileUploadFileName = new ArrayList<String>();
+
+ private List<File> sendAssertionFileUpload = null;
+ private List<String> sendAssertionFileUploadContentType = null;
+ private List<String> sendAssertionFileUploadFileName = new ArrayList<String>();;
+
+ private boolean deleteBKUTemplate = false;
+ private boolean deleteSendAssertionTemplate = false;
public OAGeneralConfig() {
@@ -225,6 +236,16 @@ public class OAGeneralConfig {
SLTemplates.add(el.getURL());
}
}
+
+ TransformsInfoType bkuSelectTemplate = templates.getBKUSelectionTemplate();
+ if (bkuSelectTemplate != null && MiscUtil.isNotEmpty(bkuSelectTemplate.getFilename())) {
+ bkuSelectionFileUploadFileName.add(bkuSelectTemplate.getFilename());
+ }
+
+ TransformsInfoType sendAssertionTemplate = templates.getSendAssertionTemplate();
+ if (sendAssertionTemplate != null && MiscUtil.isNotEmpty(sendAssertionTemplate.getFilename())) {
+ sendAssertionFileUploadFileName.add(sendAssertionTemplate.getFilename());
+ }
}
if (SLTemplates != null && SLTemplates.size() > 0)
@@ -602,7 +623,140 @@ public class OAGeneralConfig {
*/
public void setUseMandates(boolean useMandates) {
this.useMandates = useMandates;
+ }
+
+
+ /**
+ * @return the bkuSelectionFileUpload
+ */
+ public List<File> getBkuSelectionFileUpload() {
+ return bkuSelectionFileUpload;
+ }
+
+
+ /**
+ * @param bkuSelectionFileUpload the bkuSelectionFileUpload to set
+ */
+ public void setBkuSelectionFileUpload(List<File> bkuSelectionFileUpload) {
+ this.bkuSelectionFileUpload = bkuSelectionFileUpload;
+ }
+
+
+ /**
+ * @return the bkuSelectionFileUploadContentType
+ */
+ public List<String> getBkuSelectionFileUploadContentType() {
+ return bkuSelectionFileUploadContentType;
+ }
+
+
+ /**
+ * @param bkuSelectionFileUploadContentType the bkuSelectionFileUploadContentType to set
+ */
+ public void setBkuSelectionFileUploadContentType(
+ List<String> bkuSelectionFileUploadContentType) {
+ this.bkuSelectionFileUploadContentType = bkuSelectionFileUploadContentType;
+ }
+
+
+ /**
+ * @return the bkuSelectionFileUploadFileName
+ */
+ public List<String> getBkuSelectionFileUploadFileName() {
+ return bkuSelectionFileUploadFileName;
+ }
+
+
+ /**
+ * @param bkuSelectionFileUploadFileName the bkuSelectionFileUploadFileName to set
+ */
+ public void setBkuSelectionFileUploadFileName(
+ List<String> bkuSelectionFileUploadFileName) {
+ this.bkuSelectionFileUploadFileName = bkuSelectionFileUploadFileName;
+ }
+
+
+ /**
+ * @return the sendAssertionFileUpload
+ */
+ public List<File> getSendAssertionFileUpload() {
+ return sendAssertionFileUpload;
+ }
+
+
+ /**
+ * @param sendAssertionFileUpload the sendAssertionFileUpload to set
+ */
+ public void setSendAssertionFileUpload(List<File> sendAssertionFileUpload) {
+ this.sendAssertionFileUpload = sendAssertionFileUpload;
+ }
+
+
+ /**
+ * @return the sendAssertionFileUploadContentType
+ */
+ public List<String> getSendAssertionFileUploadContentType() {
+ return sendAssertionFileUploadContentType;
+ }
+
+
+ /**
+ * @param sendAssertionFileUploadContentType the sendAssertionFileUploadContentType to set
+ */
+ public void setSendAssertionFileUploadContentType(
+ List<String> sendAssertionFileUploadContentType) {
+ this.sendAssertionFileUploadContentType = sendAssertionFileUploadContentType;
+ }
+
+
+ /**
+ * @return the sendAssertionFileUploadFileName
+ */
+ public List<String> getSendAssertionFileUploadFileName() {
+ return sendAssertionFileUploadFileName;
+ }
+
+
+ /**
+ * @param sendAssertionFileUploadFileName the sendAssertionFileUploadFileName to set
+ */
+ public void setSendAssertionFileUploadFileName(
+ List<String> sendAssertionFileUploadFileName) {
+ this.sendAssertionFileUploadFileName = sendAssertionFileUploadFileName;
+ }
+
+
+ /**
+ * @return the deleteBKUTemplate
+ */
+ public boolean isDeleteBKUTemplate() {
+ return deleteBKUTemplate;
+ }
+
+
+ /**
+ * @param deleteBKUTemplate the deleteBKUTemplate to set
+ */
+ public void setDeleteBKUTemplate(boolean deleteBKUTemplate) {
+ this.deleteBKUTemplate = deleteBKUTemplate;
+ }
+
+
+ /**
+ * @return the deleteSendAssertionTemplate
+ */
+ public boolean isDeleteSendAssertionTemplate() {
+ return deleteSendAssertionTemplate;
+ }
+
+
+ /**
+ * @param deleteSendAssertionTemplate the deleteSendAssertionTemplate to set
+ */
+ public void setDeleteSendAssertionTemplate(boolean deleteSendAssertionTemplate) {
+ this.deleteSendAssertionTemplate = deleteSendAssertionTemplate;
}
+
}
diff --git a/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/data/oa/OAPVP2Config.java b/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/data/oa/OAPVP2Config.java
index 0a03ac77b..843844e22 100644
--- a/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/data/oa/OAPVP2Config.java
+++ b/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/data/oa/OAPVP2Config.java
@@ -42,6 +42,8 @@ public class OAPVP2Config {
private final Logger log = Logger.getLogger(OAPVP2Config.class);
+ private boolean reLoad = false;
+
private String metaDataURL = null;
private String certificateDN = null;
@@ -139,6 +141,20 @@ public class OAPVP2Config {
public void setFileUploadFileName(String fileUploadFileName) {
this.fileUploadFileName = fileUploadFileName;
}
+
+ /**
+ * @return the reLoad
+ */
+ public boolean isReLoad() {
+ return reLoad;
+ }
+
+ /**
+ * @param reLoad the reLoad to set
+ */
+ public void setReLoad(boolean reLoad) {
+ this.reLoad = reLoad;
+ }
}
diff --git a/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/struts/action/EditOAAction.java b/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/struts/action/EditOAAction.java
index 25c3f24b9..b0de196ca 100644
--- a/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/struts/action/EditOAAction.java
+++ b/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/struts/action/EditOAAction.java
@@ -34,6 +34,7 @@ import java.security.cert.CertificateException;
import java.util.ArrayList;
import java.util.Date;
import java.util.HashMap;
+import java.util.Iterator;
import java.util.List;
import java.util.Map;
@@ -63,7 +64,6 @@ import at.gv.egovernment.moa.id.commons.db.dao.config.OASSO;
import at.gv.egovernment.moa.id.commons.db.dao.config.OASTORK;
import at.gv.egovernment.moa.id.commons.db.dao.config.OnlineApplication;
import at.gv.egovernment.moa.id.commons.db.dao.config.OnlineApplicationType;
-import at.gv.egovernment.moa.id.commons.db.dao.config.STORK;
import at.gv.egovernment.moa.id.commons.db.dao.config.TemplateType;
import at.gv.egovernment.moa.id.commons.db.dao.config.TemplatesType;
import at.gv.egovernment.moa.id.commons.db.dao.config.TransformsInfoType;
@@ -85,6 +85,7 @@ import at.gv.egovernment.moa.id.configuration.helper.MailHelper;
import at.gv.egovernment.moa.id.configuration.validation.FormularCustomizationValitator;
import at.gv.egovernment.moa.id.configuration.validation.TargetValidator;
import at.gv.egovernment.moa.id.configuration.validation.ValidationHelper;
+import at.gv.egovernment.moa.id.configuration.validation.oa.OAFileUploadValidation;
import at.gv.egovernment.moa.id.configuration.validation.oa.OAGeneralConfigValidation;
import at.gv.egovernment.moa.id.configuration.validation.oa.OAOAUTH20ConfigValidation;
import at.gv.egovernment.moa.id.configuration.validation.oa.OAPVP2ConfigValidation;
@@ -126,9 +127,12 @@ public class EditOAAction extends ActionSupport implements ServletRequestAware,
private OAOAuth20Config oauth20OA = new OAOAuth20Config();
private OASTORKConfig storkOA = new OASTORKConfig();
private FormularCustomization formOA = new FormularCustomization();
-
+
private InputStream stream;
+ private Map<String, byte[]> sendAssertionForm = new HashMap<String, byte[]>();
+ private Map<String, byte[]> bkuSelectionForm = new HashMap<String, byte[]>();
+
// STRUTS actions
public String inital() {
HttpSession session = request.getSession();
@@ -365,6 +369,7 @@ public class EditOAAction extends ActionSupport implements ServletRequestAware,
OASTORKConfigValidation validator_stork = new OASTORKConfigValidation();
FormularCustomizationValitator validator_form = new FormularCustomizationValitator();
OAOAUTH20ConfigValidation validatior_oauth20 = new OAOAUTH20ConfigValidation();
+ OAFileUploadValidation valiator_fileUpload = new OAFileUploadValidation();
errors.addAll(validatior_general.validate(generalOA, authUser.isAdmin()));
errors.addAll(validatior_pvp2.validate(pvp2OA));
@@ -374,6 +379,37 @@ public class EditOAAction extends ActionSupport implements ServletRequestAware,
errors.addAll(validator_form.validate(formOA));
errors.addAll(validatior_oauth20.validate(oauth20OA));
+ //validate BKU-selection template
+ List<String> templateError = valiator_fileUpload.validate(generalOA.getBkuSelectionFileUploadFileName()
+ , generalOA.getBkuSelectionFileUpload(), "validation.general.bkuselection", bkuSelectionForm);
+ if (templateError != null && templateError.size() == 0) {
+ if (bkuSelectionForm != null && bkuSelectionForm.size() > 0)
+ session.setAttribute(Constants.SESSION_BKUSELECTIONTEMPLATE, bkuSelectionForm);
+
+ else
+ bkuSelectionForm = (Map<String, byte[]>) session.getAttribute(Constants.SESSION_BKUSELECTIONTEMPLATE);
+
+ } else {
+ errors.addAll(templateError);
+
+ }
+
+ //validate send-assertion template
+ templateError = valiator_fileUpload.validate(generalOA.getSendAssertionFileUploadFileName()
+ , generalOA.getSendAssertionFileUpload(), "validation.general.sendassertion", sendAssertionForm);
+ if (templateError != null && templateError.size() == 0) {
+ if (sendAssertionForm != null && sendAssertionForm.size() > 0)
+ session.setAttribute(Constants.SESSION_SENDASSERTIONTEMPLATE, sendAssertionForm);
+
+ else
+ sendAssertionForm = (Map<String, byte[]>) session.getAttribute(Constants.SESSION_SENDASSERTIONTEMPLATE);
+
+ } else {
+ errors.addAll(templateError);
+
+ }
+
+
// Do not allow SSO in combination with special BKUSelection features
if (ssoOA.isUseSSO() && (formOA.isOnlyMandateAllowed() || !formOA.isShowMandateLoginButton())) {
log.warn("Special BKUSelection features can not be used in combination with SSO");
@@ -432,12 +468,26 @@ public class EditOAAction extends ActionSupport implements ServletRequestAware,
}
}
}
+
+ //save OA configuration
+ String error = saveOAConfigToDatabase(onlineapplication, newentry);
+ if (MiscUtil.isNotEmpty(error)) {
+ log.warn("OA configuration can not be stored!");
+ addActionError(error);
+
+ formID = Random.nextRandom();
+ session.setAttribute(Constants.SESSION_FORMID, formID);
+ return Constants.STRUTS_ERROR_VALIDATION;
+ }
+ //set metadata reload flag if reload is required
if (pvp2OA.getMetaDataURL() != null) {
try {
if (isMetaDataRefreshRequired
- || !pvp2OA.getMetaDataURL().equals(onlineapplication.getAuthComponentOA().getOAPVP2().getMetadataURL())) {
+ || !pvp2OA.getMetaDataURL().equals(onlineapplication.getAuthComponentOA().getOAPVP2().getMetadataURL())
+ || pvp2OA.getFileUpload() != null
+ || pvp2OA.isReLoad()) {
log.debug("Set PVP2 Metadata refresh flag.");
MOAIDConfiguration moaconfig = ConfigurationDBRead.getMOAIDConfiguration();
@@ -451,16 +501,6 @@ public class EditOAAction extends ActionSupport implements ServletRequestAware,
}
}
-
- String error = saveOAConfigToDatabase(onlineapplication, newentry);
- if (MiscUtil.isNotEmpty(error)) {
- log.warn("OA configuration can not be stored!");
- addActionError(error);
-
- formID = Random.nextRandom();
- session.setAttribute(Constants.SESSION_FORMID, formID);
- return Constants.STRUTS_ERROR_VALIDATION;
- }
}
Object nextPageAttr = session.getAttribute(Constants.SESSION_RETURNAREA);
@@ -495,9 +535,12 @@ public class EditOAAction extends ActionSupport implements ServletRequestAware,
} else
addActionMessage(LanguageHelper.getGUIString("webpages.oaconfig.success", generalOA.getIdentifier(), request));
- request.getSession().setAttribute(Constants.SESSION_OAID, null);
- ConfigurationDBUtils.closeSession();
+ //remove session attributes
+ session.setAttribute(Constants.SESSION_OAID, null);
+ session.removeAttribute(Constants.SESSION_BKUSELECTIONTEMPLATE);
+ session.removeAttribute(Constants.SESSION_SENDASSERTIONTEMPLATE);
+ ConfigurationDBUtils.closeSession();
return Constants.STRUTS_SUCCESS;
}
@@ -808,6 +851,7 @@ public class EditOAAction extends ActionSupport implements ServletRequestAware,
}
}
+ //store BKU-URLs
BKUURLS bkuruls = new BKUURLS();
authoa.setBKUURLS(bkuruls);
if (authUser.isAdmin()) {
@@ -822,6 +866,41 @@ public class EditOAAction extends ActionSupport implements ServletRequestAware,
authoa.setTemplates(templates);
}
+ //store BKU-selection and send-assertion templates
+ if (authUser.isAdmin()) {
+
+ if(generalOA.isDeleteBKUTemplate())
+ templates.setBKUSelectionTemplate(null);
+
+ if (generalOA.isDeleteSendAssertionTemplate())
+ templates.setSendAssertionTemplate(null);
+
+
+ if (bkuSelectionForm != null && bkuSelectionForm.size() > 0) {
+ TransformsInfoType template = new TransformsInfoType();
+
+ Iterator<String> interator = bkuSelectionForm.keySet().iterator();
+ template.setFilename(interator.next());
+ template.setTransformation(bkuSelectionForm.get(
+ template.getFilename()));
+
+ templates.setBKUSelectionTemplate(template);
+ }
+
+ if (sendAssertionForm != null && sendAssertionForm.size() > 0) {
+ TransformsInfoType template = new TransformsInfoType();
+
+ Iterator<String> interator = sendAssertionForm.keySet().iterator();
+ template.setFilename(interator.next());
+ template.setTransformation(sendAssertionForm.get(
+ template.getFilename()));
+
+ templates.setSendAssertionTemplate(template);
+ }
+ }
+
+
+ //store BKU-selection customization
BKUSelectionCustomizationType bkuselectioncustom = templates.getBKUSelectionCustomization();
if (bkuselectioncustom == null) {
bkuselectioncustom = new BKUSelectionCustomizationType();
@@ -887,6 +966,9 @@ public class EditOAAction extends ActionSupport implements ServletRequestAware,
bkuselectioncustom.setFontType(formOA.getFontType());
+ bkuselectioncustom.setAppletHeight(formOA.getApplet_height());
+ bkuselectioncustom.setAppletWidth(formOA.getApplet_width());
+
}
// set default transformation if it is empty
diff --git a/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/struts/action/IndexAction.java b/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/struts/action/IndexAction.java
index a488d919d..ee9b38f74 100644
--- a/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/struts/action/IndexAction.java
+++ b/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/struts/action/IndexAction.java
@@ -138,7 +138,19 @@ public class IndexAction extends ActionSupport implements ServletRequestAware,
public String authenticate() {
- String key = null;
+ ConfigurationProvider config;
+ try {
+ config = ConfigurationProvider.getInstance();
+ pvp2LoginActiv = config.isPVP2LoginActive();
+
+ } catch (ConfigurationException e1) {
+ log.warn("An internal error occurs.", e1);
+ pvp2LoginActiv = false;
+ }
+
+
+
+ String key = null;
if (MiscUtil.isNotEmpty(username)) {
if (ValidationHelper.containsPotentialCSSCharacter(username, false)) {
@@ -247,7 +259,8 @@ public class IndexAction extends ActionSupport implements ServletRequestAware,
try {
ConfigurationProvider config = ConfigurationProvider.getInstance();
-
+ pvp2LoginActiv = config.isPVP2LoginActive();
+
//Decode with HttpPost Binding
HTTPPostDecoder decode = new HTTPPostDecoder(new BasicParserPool());
BasicSAMLMessageContext<Response, ?, ?> messageContext = new BasicSAMLMessageContext<Response, SAMLObject, SAMLObject>();
diff --git a/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/validation/FormularCustomizationValitator.java b/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/validation/FormularCustomizationValitator.java
index 6a1eddb14..758aa7dc7 100644
--- a/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/validation/FormularCustomizationValitator.java
+++ b/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/validation/FormularCustomizationValitator.java
@@ -148,6 +148,24 @@ public class FormularCustomizationValitator {
}
}
+ check = form.getApplet_height();
+ if (MiscUtil.isNotEmpty(check)) {
+ if (!ValidationHelper.validateNumber(check)) {
+ log.warn("Applet height "+ check + " is no valid number");
+ errors.add(LanguageHelper.getErrorString("validation.general.form.applet.height",
+ new Object[] {ValidationHelper.getPotentialCSSCharacter(true)} ));
+ }
+ }
+
+ check = form.getApplet_width();
+ if (MiscUtil.isNotEmpty(check)) {
+ if (!ValidationHelper.validateNumber(check)) {
+ log.warn("Applet width "+ check + " is no valid number");
+ errors.add(LanguageHelper.getErrorString("validation.general.form.applet.width",
+ new Object[] {ValidationHelper.getPotentialCSSCharacter(true)} ));
+ }
+ }
+
return errors;
}
diff --git a/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/validation/oa/OAFileUploadValidation.java b/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/validation/oa/OAFileUploadValidation.java
new file mode 100644
index 000000000..8887aeaad
--- /dev/null
+++ b/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/validation/oa/OAFileUploadValidation.java
@@ -0,0 +1,90 @@
+/*
+ * Copyright 2014 Federal Chancellery Austria
+ * MOA-ID has been developed in a cooperation between BRZ, the Federal
+ * Chancellery Austria - ICT staff unit, and Graz University of Technology.
+ *
+ * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by
+ * the European Commission - subsequent versions of the EUPL (the "Licence");
+ * You may not use this work except in compliance with the Licence.
+ * You may obtain a copy of the Licence at:
+ * http://www.osor.eu/eupl/
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the Licence is distributed on an "AS IS" basis,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the Licence for the specific language governing permissions and
+ * limitations under the Licence.
+ *
+ * This product combines work with different licenses. See the "NOTICE" text
+ * file for details on the various modules and licenses.
+ * The "NOTICE" text file is part of the distribution. Any derivative works
+ * that you distribute must include a readable copy of the "NOTICE" text file.
+ */
+package at.gv.egovernment.moa.id.configuration.validation.oa;
+
+import java.io.File;
+import java.io.FileInputStream;
+import java.io.IOException;
+import java.io.InputStream;
+import java.util.ArrayList;
+import java.util.HashMap;
+import java.util.List;
+import java.util.Map;
+
+import org.apache.commons.io.IOUtils;
+import org.apache.log4j.Logger;
+
+import at.gv.egovernment.moa.id.configuration.data.oa.OAGeneralConfig;
+import at.gv.egovernment.moa.id.configuration.helper.LanguageHelper;
+import at.gv.egovernment.moa.id.configuration.validation.ValidationHelper;
+import at.gv.egovernment.moa.util.Base64Utils;
+import at.gv.egovernment.moa.util.MiscUtil;
+
+/**
+ * @author tlenz
+ *
+ */
+public class OAFileUploadValidation {
+
+ private static final Logger log = Logger.getLogger(OASSOConfigValidation.class);
+
+ public List<String> validate(List<String> fileName, List<File> files, String errorMsgPreFix, Map<String, byte[]> output) {
+
+ List<String> errors = new ArrayList<String>();
+
+ if (fileName != null) {
+
+ if (fileName.size() > 1) {
+ log.info("Only one BKU-selecten template file can be stored");
+ errors.add(LanguageHelper.getErrorString(errorMsgPreFix + ".file.selected"));
+ }
+
+ for (int i=0; i<fileName.size(); i++) {
+ String filename = fileName.get(i);
+
+ if (MiscUtil.isNotEmpty(filename)) {
+ if (ValidationHelper.containsPotentialCSSCharacter(filename, false)) {
+ log.info("Filename is not valid");
+ errors.add(LanguageHelper.getErrorString(errorMsgPreFix + ".filename.valid"));
+
+ } else {
+ try {
+ File file = files.get(i);
+ InputStream stream = new FileInputStream(file);
+ output.put(filename, IOUtils.toByteArray(stream));
+ stream.close();
+
+ } catch (IOException e) {
+ log.info("File with FileName "
+ + filename +" can not be loaded." , e);
+ errors.add(LanguageHelper.getErrorString(errorMsgPreFix + ".file.valid",
+ new Object[] {filename} ));
+ }
+ }
+ }
+ }
+ }
+
+ return errors;
+ }
+}
diff --git a/id/ConfigWebTool/src/main/resources/applicationResources.properties b/id/ConfigWebTool/src/main/resources/applicationResources.properties
index 50fa8168e..ab61b8d0d 100644
--- a/id/ConfigWebTool/src/main/resources/applicationResources.properties
+++ b/id/ConfigWebTool/src/main/resources/applicationResources.properties
@@ -166,9 +166,18 @@ webpages.oaconfig.general.bku.handy=Handy BKU
webpages.oaconfig.general.bku.slversion=SecurityLayer Version
webpages.oaconfig.general.bku.keyboxidentifier=KeyBoxIdentifier
webpages.oaconfig.general.bku.legacy=SecurityLayerTemplates (Legacy Request)
-webpages.oaconfig.general.bku.sltemplate.first=1. SecurityLayer Template
-webpages.oaconfig.general.bku.sltemplate.second=2. SecurityLayer Template
-webpages.oaconfig.general.bku.sltemplate.third=3. SecurityLayer Template
+webpages.oaconfig.general.bku.sltemplate.first=SecurityLayer Template
+webpages.oaconfig.general.bku.sltemplate.second=SecurityLayer Template (WhiteList)
+webpages.oaconfig.general.bku.sltemplate.third=SecurityLayer Template (WhiteList)
+
+webpages.oaconfig.general.bku.delete=L\u00F6schen
+webpages.oaconfig.general.bku.bkuselection.header=BKU-Selection Template
+webpages.oaconfig.general.bku.bkuselection.filename=Dateiname
+webpages.oaconfig.general.bku.bkuselection.upload=Neues Template hochladen
+webpages.oaconfig.general.bku.sendassertion.header=Send-Assertion Template
+webpages.oaconfig.general.bku.sendassertion.filename=Dateiname
+webpages.oaconfig.general.bku.sendassertion.upload=Neues Template hochladen
+
webpages.oaconfig.general.identification=Eindeutiger Identifikatior (PublicURLPrefix)
webpages.oaconfig.general.mandate.header=Vollmachten
webpages.oaconfig.general.mandate.profiles=Profile
@@ -221,6 +230,8 @@ webpages.oaconfig.general.BKUSelection.header.button.front=Vordergrundfarbe der
webpages.oaconfig.general.BKUSelection.redirectTarget=Targetparameter
webpages.oaconfig.general.BKUSelection.fonttype=Formularschrifttyp
webpages.oaconfig.general.BKUSelection.fonttype.list=Formularschrifttypen
+webpages.oaconfig.general.BKUSelection.header.applet.height=Appleth\u00F6he
+webpages.oaconfig.general.BKUSelection.header.applet.width=Appletbreite
webpages.oaconfig.sso.header=Single Sign-On
webpages.oaconfig.sso.singlelogouturl=Single Log-Out URL
@@ -251,6 +262,7 @@ webpages.oaconfig.saml1.useCondition=Usecondition
webpages.oaconfig.saml1.conditionLength=ConditionLength
webpages.oaconfig.protocols.pvp2.header=PVP2.x Konfiguration
+webpages.oaconfig.pvp2.reload=PVP2.x konfiguration neu laden
webpages.oaconfig.pvp2.metaDataURL=URL zu den Metadaten
webpages.oaconfig.pvp2.certifcate=Zertifikat hochladen
webpages.oaconfig.pvp2.certifcate.info=Infos zum Zertifikat
@@ -382,6 +394,14 @@ validation.general.oaidentifier.empty=Es wurde kein eindeutiger Identifier f\u00
validation.general.oaidentifier.valid=Der eindeutige Identifier f\u00FCr die Online-Applikation ist keine g\u00FCltige URL.
validation.general.oaidentifier.notunique=Der gew\u00E4hlte eindeutige Identifier ist bereits vorhanden. Eine Eintragung der Online-Applikation ist nicht m\u00F6glich.
+validation.general.bkuselection.filename.valid=Der Dateiname des BKU-Selektion Templates enth\u00E4lt nicht erlaubte Zeichen. Folgende Zeichen sind nicht erlaubt\: {0}
+validation.general.bkuselection.file.valid=Das BKU-Selektion Templates konnte nicht geladen werden.
+validation.general.bkuselection.file.selected=Es kann nur EIN BKU-Selektion Template angegeben werden.
+validation.general.sendassertion.filename.valid=Der Dateiname des Send-Assertion Templates enth\u00E4lt nicht erlaubte Zeichen. Folgende Zeichen sind nicht erlaubt\: {0}
+validation.general.sendassertion.file.valid=Das Send-Assertion Templates konnte nicht geladen werden.
+validation.general.sendassertion.file.selected=Es kann nur EIN Send-Assertion Template angegeben werden.
+
+
validation.stork.cpeps.cc=CPEPS L\u00E4ndercode folgt nicht ISO 3166-2
validation.stork.cpeps.empty=CPEPS Konfiguration ist unvollst\u00E4ndig
validation.stork.cpeps.url=CPEPS URL ist ung\u00FCltig
@@ -413,3 +433,5 @@ validation.general.form.button.color.back=Die Hintergrundfarbe der BKU-Auswahlbu
validation.general.form.button.color.front=Die Vordergrundfarbe der BKU-Auswahlbuttons enth\\u00E4lt keinen g\\u00FCltigen Hexadezimalwert. (z.B. \\\#FFFFFF)
validation.general.form.appletredirecttarget=Der RedirectTarget beinhaltet einen ung\\u00FCltiten Wert.
validation.general.form.fonttype=Der BKU-Auswahl Schrifttyp enth\u00E4lt nicht erlaubte Zeichen. Folgende Zeichen sind nicht erlaubt\: {0}
+validation.general.form.applet.width=Die Appleth\u00F6he ist keine g\\u00FCltige Zahl.
+validation.general.form.applet.height=Die Appletbreite ist keine g\\u00FCltige Zahl.
diff --git a/id/ConfigWebTool/src/main/webapp/css/index.css b/id/ConfigWebTool/src/main/webapp/css/index.css
index 79f8b4e72..e3d2763c2 100644
--- a/id/ConfigWebTool/src/main/webapp/css/index.css
+++ b/id/ConfigWebTool/src/main/webapp/css/index.css
@@ -168,8 +168,15 @@ body {
.oa_protocol_area {
clear: both;
margin-left: 25px;
- padding-top: 20px;
- display: none;
+ padding-top: 20px;
+}
+
+.hidden {
+ display: none;
+}
+
+.floatClass > .wwgrp {
+ clear: none;
}
.oa_protocol_area >h4 {
diff --git a/id/ConfigWebTool/src/main/webapp/jsp/editMOAConfig.jsp b/id/ConfigWebTool/src/main/webapp/jsp/editMOAConfig.jsp
index 2e0e5ea2a..1bb429afa 100644
--- a/id/ConfigWebTool/src/main/webapp/jsp/editMOAConfig.jsp
+++ b/id/ConfigWebTool/src/main/webapp/jsp/editMOAConfig.jsp
@@ -399,6 +399,7 @@
<s:file name="moaconfig.fileUpload" key="webpages.moaconfig.sl.transormations.upload" cssClass="textfield_long"></s:file>
</div>
</s:iterator>
+
<s:if test="moaconfig.fileUploadFileName.size() == 0">
<div id="pvp2_certificate_upload">
<s:file name="moaconfig.fileUpload" key="webpages.moaconfig.sl.transormations.upload" cssClass="textfield_long"></s:file>
diff --git a/id/ConfigWebTool/src/main/webapp/jsp/editOAGeneral.jsp b/id/ConfigWebTool/src/main/webapp/jsp/editOAGeneral.jsp
index 4e8dfc259..fadf528d1 100644
--- a/id/ConfigWebTool/src/main/webapp/jsp/editOAGeneral.jsp
+++ b/id/ConfigWebTool/src/main/webapp/jsp/editOAGeneral.jsp
@@ -240,6 +240,49 @@
cssClass="textfield_long">
</s:textfield>
</div>
+
+ <div class="oa_protocol_area">
+ <h4><%=LanguageHelper.getGUIString("webpages.oaconfig.general.bku.bkuselection.header", request) %></h4>
+ <s:iterator value="%{generalOA.bkuSelectionFileUploadFileName}" var="fileNameBKU">
+ <div class="floatClass">
+ <s:label key="webpages.oaconfig.general.bku.bkuselection.filename" value="%{fileNameBKU}"/>
+ <s:checkbox key="webpages.oaconfig.general.bku.delete"
+ labelposition="left"
+ cssClass="checkbox"
+ name="generalOA.deleteBKUTemplate"></s:checkbox>
+ </div>
+ <div id="pvp2_certificate_upload">
+ <s:file name="generalOA.bkuSelectionFileUpload" key="webpages.oaconfig.general.bku.bkuselection.upload" cssClass="textfield_long"></s:file>
+ </div>
+ </s:iterator>
+ <s:if test="generalOA.bkuSelectionFileUploadFileName.size() == 0">
+ <div id="pvp2_certificate_upload">
+ <s:file name="generalOA.bkuSelectionFileUpload" key="webpages.oaconfig.general.bku.bkuselection.upload" cssClass="textfield_long"></s:file>
+ </div>
+ </s:if>
+ </div>
+ <div class="oa_protocol_area">
+ <h4><%=LanguageHelper.getGUIString("webpages.oaconfig.general.bku.sendassertion.header", request) %></h4>
+ <s:iterator value="%{generalOA.sendAssertionFileUploadFileName}" var="fileNameBKU">
+ <div class="floatClass">
+ <s:label key="webpages.oaconfig.general.bku.sendassertion.filename"
+ value="%{fileNameBKU}"/>
+ <s:checkbox key="webpages.oaconfig.general.bku.delete"
+ labelposition="left"
+ cssClass="checkbox"
+ name="generalOA.deleteSendAssertionTemplate"></s:checkbox>
+ </div>
+ <div id="pvp2_certificate_upload">
+ <s:file name="generalOA.sendAssertionFileUpload" key="webpages.oaconfig.general.bku.sendassertion.upload" cssClass="textfield_long"></s:file>
+ </div>
+ </s:iterator>
+ <s:if test="generalOA.sendAssertionFileUploadFileName.size() == 0">
+ <div id="pvp2_certificate_upload">
+ <s:file name="generalOA.sendAssertionFileUpload" key="webpages.oaconfig.general.bku.sendassertion.upload" cssClass="textfield_long"></s:file>
+ </div>
+ </s:if>
+ </div>
+
</div>
</s:if>
@@ -271,7 +314,7 @@
</div>
<div class="oa_config_block">
- <p><strong><%=LanguageHelper.getGUIString("webpages.oaconfig.sso.header", request) %></strong></p>
+ <h3><%=LanguageHelper.getGUIString("webpages.oaconfig.sso.header", request) %></h3>
<s:checkbox name="ssoOA.useSSO"
value="%{ssoOA.useSSO}"
@@ -356,7 +399,7 @@
<%=LanguageHelper.getGUIString("webpages.oaconfig.menu.oauth20.hidden", request) %>
</button>
- <div id="oa_saml1_area" class="oa_protocol_area">
+ <div id="oa_saml1_area" class="oa_protocol_area hidden">
<h4><%=LanguageHelper.getGUIString("webpages.oaconfig.protocols.saml1.header", request) %></h4>
<s:if test="authUser.isAdmin()">
@@ -416,9 +459,14 @@
</div>
- <div id="oa_pvp2_area" class="oa_protocol_area">
+ <div id="oa_pvp2_area" class="oa_protocol_area hidden">
<h4><%=LanguageHelper.getGUIString("webpages.oaconfig.protocols.pvp2.header", request) %></h4>
+ <s:checkbox key="webpages.oaconfig.pvp2.reload"
+ labelposition="left"
+ cssClass="checkbox"
+ name="pvp2OA.reLoad"></s:checkbox>
+
<s:textfield name="pvp2OA.metaDataURL"
value="%{pvp2OA.metaDataURL}"
labelposition="left"
@@ -433,7 +481,7 @@
</div>
</div>
- <div id="oa_oauth20_area" class="oa_protocol_area">
+ <div id="oa_oauth20_area" class="oa_protocol_area hidden">
<h4><%=LanguageHelper.getGUIString("webpages.oaconfig.protocols.oauth20.header", request) %></h4>
<s:label key="webpages.oaconfig.oauth20.clientId" value="%{oauth20OA.clientId}"/>
@@ -483,7 +531,7 @@
<%=LanguageHelper.getGUIString("webpages.oaconfig.general.BKUSelection.button.hidden", request) %>
</button>
- <div id="formcustom_area" class="oa_protocol_area">
+ <div id="formcustom_area" class="oa_protocol_area hidden">
<h4><%=LanguageHelper.getGUIString("webpages.oaconfig.general.BKUSelection.header", request) %></h4>
<div id="formCustomValues">
@@ -562,6 +610,22 @@
name="formOA.appletRedirectTarget">
</s:select>
+ <s:textfield name="formOA.applet_height"
+ value="%{formOA.applet_height}"
+ labelposition="left"
+ key="webpages.oaconfig.general.BKUSelection.header.applet.height"
+ cssClass="textfield_middle"
+ id="HEADER_HEIGHT">
+ </s:textfield>
+
+ <s:textfield name="formOA.applet_width"
+ value="%{formOA.applet_width}"
+ labelposition="left"
+ key="webpages.oaconfig.general.BKUSelection.header.applet.width"
+ cssClass="textfield_middle"
+ id="HEADER_WIDTH">
+ </s:textfield>
+
<s:select list="formOA.fontTypeList"
key="webpages.oaconfig.general.BKUSelection.fonttype.list"
labelposition="left"
diff --git a/id/oa/src/main/java/at/gv/egovernment/moa/id/demoOA/servlet/pvp2/BuildMetadata.java b/id/oa/src/main/java/at/gv/egovernment/moa/id/demoOA/servlet/pvp2/BuildMetadata.java
index 652960bbc..4c9bc6d76 100644
--- a/id/oa/src/main/java/at/gv/egovernment/moa/id/demoOA/servlet/pvp2/BuildMetadata.java
+++ b/id/oa/src/main/java/at/gv/egovernment/moa/id/demoOA/servlet/pvp2/BuildMetadata.java
@@ -82,6 +82,8 @@ import at.iaik.commons.util.MiscUtil;
public class BuildMetadata extends HttpServlet {
private static final long serialVersionUID = 1L;
+ private static final int VALIDUNTIL_IN_HOURS = 24;
+
/**
* @see HttpServlet#HttpServlet()
*/
@@ -111,6 +113,9 @@ public class BuildMetadata extends HttpServlet {
EntitiesDescriptor spEntitiesDescriptor = SAML2Utils.
createSAMLObject(EntitiesDescriptor.class);
+ DateTime date = new DateTime();
+ spEntitiesDescriptor.setValidUntil(date.plusHours(VALIDUNTIL_IN_HOURS));
+
String name = config.getPVP2MetadataEntitiesName();
if (MiscUtil.isEmpty(name)) {
Logger.info("NO Metadata EntitiesName configurated");
@@ -128,6 +133,8 @@ public class BuildMetadata extends HttpServlet {
EntityDescriptor spEntityDescriptor = SAML2Utils
.createSAMLObject(EntityDescriptor.class);
+ spEntityDescriptor.setValidUntil(date.plusDays(VALIDUNTIL_IN_HOURS));
+
spEntitiesDescriptor.getEntityDescriptors().add(spEntityDescriptor);
//set OA-ID (PublicURL Prefix) as identifier
diff --git a/id/oa/src/main/java/at/gv/egovernment/moa/id/demoOA/servlet/pvp2/DemoApplication.java b/id/oa/src/main/java/at/gv/egovernment/moa/id/demoOA/servlet/pvp2/DemoApplication.java
index 0b30d7d86..dcd478864 100644
--- a/id/oa/src/main/java/at/gv/egovernment/moa/id/demoOA/servlet/pvp2/DemoApplication.java
+++ b/id/oa/src/main/java/at/gv/egovernment/moa/id/demoOA/servlet/pvp2/DemoApplication.java
@@ -23,6 +23,7 @@
package at.gv.egovernment.moa.id.demoOA.servlet.pvp2;
import java.io.IOException;
+import java.security.Key;
import java.security.KeyStore;
import java.util.ArrayList;
import java.util.List;
@@ -55,6 +56,7 @@ import org.opensaml.xml.encryption.InlineEncryptedKeyResolver;
import org.opensaml.xml.encryption.SimpleRetrievalMethodEncryptedKeyResolver;
import org.opensaml.xml.parse.BasicParserPool;
import org.opensaml.xml.security.CriteriaSet;
+import org.opensaml.xml.security.SecurityHelper;
import org.opensaml.xml.security.credential.UsageType;
import org.opensaml.xml.security.criteria.EntityIDCriteria;
import org.opensaml.xml.security.criteria.UsageCriteria;
@@ -149,6 +151,11 @@ public class DemoApplication extends HttpServlet {
Logger.info("PVP2 Assertion is valid");
+ //set assertion
+ org.w3c.dom.Document doc = SAML2Utils.asDOMDocument(samlResponse);
+ String assertion = DOMUtils.serializeNode(doc);
+ bean.setAssertion(assertion);
+
if (samlResponse.getStatus().getStatusCode().getValue().equals(StatusCode.SUCCESS_URI)) {
List<org.opensaml.saml2.core.Assertion> saml2assertions = new ArrayList<org.opensaml.saml2.core.Assertion>();
@@ -177,7 +184,7 @@ public class DemoApplication extends HttpServlet {
encryptedKeyResolver.getResolverChain().add( new SimpleRetrievalMethodEncryptedKeyResolver() );
Decrypter samlDecrypter =
- new Decrypter(null, skicr, encryptedKeyResolver);
+ new Decrypter(null, skicr, encryptedKeyResolver);
for (EncryptedAssertion encAssertion : encryAssertionList) {
saml2assertions.add(samlDecrypter.decrypt(encAssertion));
@@ -219,10 +226,6 @@ public class DemoApplication extends HttpServlet {
}
}
- org.w3c.dom.Document doc = SAML2Utils.asDOMDocument(samlResponse);
- String assertion = DOMUtils.serializeNode(doc);
-
- bean.setAssertion(assertion);
bean.setDateOfBirth(birthday);
bean.setFamilyName(familyName);
bean.setGivenName(givenName);
diff --git a/id/readme_2.0.0.txt b/id/readme_2.0.0.txt
new file mode 100644
index 000000000..7078cabf7
--- /dev/null
+++ b/id/readme_2.0.0.txt
@@ -0,0 +1,114 @@
+===============================================================================
+MOA ID Version Pre-Release 2.0.0 - Wichtige Informationen zur Installation
+===============================================================================
+
+-------------------------------------------------------------------------------
+A. Neuerungen/Änderungen
+-------------------------------------------------------------------------------
+
+Mit MOA ID Version Pre-Release 2.0.0 wurden folgende Neuerungen eingeführt, die jetzt
+erstmals in der Veröffentlichung enthalten sind (siehe auch history.txt im
+gleichen Verzeichnis):
+
+- Fixed Bug #556 (https://egovlabs.gv.at/tracker/index.php?func=detail&aid=556&group_id=6&atid=105)
+- Fixed Bug #557 (https://egovlabs.gv.at/tracker/index.php?func=detail&aid=557&group_id=6&atid=105)
+- Update Einbindung Online-Vollmachten (Vor Auswahl der Vollmacht werden die Signaturdaten signiert)
+- Update Transformationen (für Online-Vollmachten)
+- Änderung der Konfiguration
+ - für Online-Vollmachten
+ - Fixer Target-Parameter für Online-Applikation konfigurierbar
+ - Optionaler Parameter zur Angabe der IssueInstant im UTC Format in der SAML-Assertion
+- Update der Standard Trustprofile
+- Zusätzlicher optionaler Parameter sourceID beim MOA-ID Aufruf
+- Libraries aktualisiert:
+ iaik-moa: Version 1.32
+ iaik-ixsil: Version 1.2.2.5
+ Axis: Version 1.0_IAIK
+
+-------------------------------------------------------------------------------
+B. Durchführung eines Updates
+-------------------------------------------------------------------------------
+
+Es wird generell eine Neuinstallation lt. Handbuch empfohlen! Dennoch ist auch
+eine Aktualisierung bestehender Installationen möglich.
+
+
+...............................................................................
+B.1 Durchführung eines Updates von Version 1.5.1
+...............................................................................
+
+1. Stoppen Sie den Tomcat, in dem Ihre bisherige Installation betrieben wird.
+ Fertigen Sie eine Sicherungskopie Ihrer kompletten Tomcat-Installation an.
+
+2. Entpacken Sie die Distribution von MOA ID Auth (moa-id-auth-1.5.1.zip) in
+ ein temporäres Verzeichnis, in weiterer Folge als MOA_ID_AUTH_INST
+ bezeichnet.
+ Für MOA ID Proxy:
+ Entpacken Sie die Distribution von MOA ID Proxy (moa-id-proxy-1.5.1.zip) in
+ ein temporäres Verzeichnis, in weiterer Folge als MOA_ID_PROXY_INST
+ bezeichnet.
+
+3. Wechseln Sie in jenes Verzeichnis, das die Webapplikation von MOA ID Auth
+ beinhaltet (für gewöhnlich ist dieses Verzeichnis CATALINA_HOME_ID/webapps,
+ wobei CATALINA_HOME_ID für das Basisverzeichnis der Tomcat-Installation
+ für MOA ID steht). Löschen Sie darin sowohl die Datei moa-id-auth.war als
+ auch das komplette Verzeichnis moa-id-auth.
+ Für MOA ID Proxy:
+ Wechseln Sie in jenes Verzeichnis, das die Webapplikation von MOA ID Proxy
+ beinhaltet (für gewöhnlich ist dieses Verzeichnis CATALINA_HOME_ID/
+ webappsProxy, wobei CATALINA_HOME_ID für das Basisverzeichnis der Tomcat-Installation
+ für MOA ID steht). Löschen Sie darin sowohl die Datei moa-id-proxy.war als
+ auch das komplette Verzeichnis moa-id-proxy.
+
+4. Kopieren Sie die Datei MOA_ID_AUTH_INST/moa-id-auth.war nach
+ CATALINA_HOME_ID/webapps.
+ Für MOA ID Proxy:
+ Kopieren Sie die Datei MOA_ID_PROXY_INST/moa-id-proxy.war nach
+ CATALINA_HOME_ID/webappsProxy.
+
+5. Update des Cert-Stores.
+ Kopieren Sie den Inhalt des Verzeichnisses
+ MOA_ID_INST_AUTH\conf\moa-spss\certstore in das Verzeichnis
+ CATALINA_HOME\conf\moa-spss\certstore. Wenn Sie gefragt werden, ob Sie
+ vorhandene Dateien oder Unterverzeichnisse überschreiben sollen, dann
+ bejahen sie das.
+
+6. Update der Trust-Profile. Wenn Sie Ihre alten Trust-Profile durch die Neuen ersetzen
+ wollen, dann gehen Sie vor, wie in Punkt a). Wenn Sie Ihre eigenen Trust-Profile
+ beibehalten wollen, dann gehen Sie vor, wie in Punkt b).
+
+ a. Gehen Sie wie folgt vor, um die Trust-Profile auszutauschen:
+
+ 1) Löschen Sie das Verzeichnis CATALINA_HOME\conf\moa-spss\trustprofiles.
+ 2) Kopieren Sie das Verzeichnis
+ MOA_ID_INST_AUTH\conf\moa-spss\trustProfiles in das Verzeichnis
+ CATALINA_HOME\conf\moa-spss.
+
+ b. Falls Sie Ihre alten Trust-Profile beibehalten wollen, gehen Sie wie
+ folgt vor, um die Profile auf den aktuellen Stand zu bringen:
+
+ 1) Ergänzen Sie ihre Trustprofile durch alle Zertifikate aus den
+ entsprechenden Profilen im Verzeichnis
+ MOA_ID_INST_AUTH\conf\moa-spss\trustProfiles, die nicht in Ihren
+ Profilen enthalten sind. Am einfachsten ist es, wenn Sie den Inhalt
+ der einzelnen Profile aus der Distribution
+ (MOA_ID_INST_AUTH\conf\moa-spss\trustProfiles) in die entsprechenden
+ Profile Ihrer Installation (CATALINA_HOME\conf\moa-spss\trustProfiles)
+ kopieren und dabei die vorhandenen gleichnamigen Zertifikate
+ überschreiben), also z.B: Kopieren des Inhalts von
+ MOA_ID_INST_AUTH\conf\moa-spss\trustProfiles\
+ MOAIDBuergerkarteAuthentisierungsDatenMitTestkarten nach
+ CATALINA_HOME\conf\moa-spss\trustProfiles\
+ MOAIDBuergerkarteAuthentisierungsDatenMitTestkarten usw.
+
+7. Starten Sie den Tomcat neu, achten Sie auf eventuelle Fehlermeldungen im
+ Logging von MOA ID beim Einlesen der Konfiguration.
+
+...............................................................................
+B.2 Durchführung eines Updates von Version <= 1.5.0
+...............................................................................
+
+Bitte führen Sie eine Neuinstallation von MOA ID laut Handbuch durch und passen
+Sie die mitgelieferte Musterkonfiguration entsprechend Ihren Bedürfnissen unter
+Zuhilfenahme Ihrer bisherigen Konfiguration an.
+
diff --git a/id/server/data/deploy/conf/moa-id-configuration/moa-id.properties b/id/server/data/deploy/conf/moa-id-configuration/moa-id-configtool.properties
index 2bb9cb005..2bb9cb005 100644
--- a/id/server/data/deploy/conf/moa-id-configuration/moa-id.properties
+++ b/id/server/data/deploy/conf/moa-id-configuration/moa-id-configtool.properties
diff --git a/id/server/data/deploy/errorpages/errorpage-auth_debug.jsp b/id/server/data/deploy/conf/moa-id-proxy/errorpages/errorpage-auth_debug.jsp
index 8e1e331d6..8e1e331d6 100644
--- a/id/server/data/deploy/errorpages/errorpage-auth_debug.jsp
+++ b/id/server/data/deploy/conf/moa-id-proxy/errorpages/errorpage-auth_debug.jsp
diff --git a/id/server/data/deploy/errorpages/errorpage-auth_empty.jsp b/id/server/data/deploy/conf/moa-id-proxy/errorpages/errorpage-auth_empty.jsp
index 40739efea..40739efea 100644
--- a/id/server/data/deploy/errorpages/errorpage-auth_empty.jsp
+++ b/id/server/data/deploy/conf/moa-id-proxy/errorpages/errorpage-auth_empty.jsp
diff --git a/id/server/data/deploy/errorpages/errorpage-proxy_debug.jsp b/id/server/data/deploy/conf/moa-id-proxy/errorpages/errorpage-proxy_debug.jsp
index 8e1e331d6..8e1e331d6 100644
--- a/id/server/data/deploy/errorpages/errorpage-proxy_debug.jsp
+++ b/id/server/data/deploy/conf/moa-id-proxy/errorpages/errorpage-proxy_debug.jsp
diff --git a/id/server/data/deploy/errorpages/errorpage-proxy_empty.jsp b/id/server/data/deploy/conf/moa-id-proxy/errorpages/errorpage-proxy_empty.jsp
index 40739efea..40739efea 100644
--- a/id/server/data/deploy/errorpages/errorpage-proxy_empty.jsp
+++ b/id/server/data/deploy/conf/moa-id-proxy/errorpages/errorpage-proxy_empty.jsp
diff --git a/id/server/data/deploy/tomcat/unix/tomcat-start.sh b/id/server/data/deploy/tomcat/unix/tomcat-start.sh
index 6310b1070..10bade1bd 100644
--- a/id/server/data/deploy/tomcat/unix/tomcat-start.sh
+++ b/id/server/data/deploy/tomcat/unix/tomcat-start.sh
@@ -8,15 +8,17 @@ LOGGING_OPT=-Dlog4j.configuration=file:$CATALINA_BASE/conf/moa-id/log4j.properti
CONFIG_OPT=-Dmoa.id.configuration=$CATALINA_BASE/conf/moa-id/moa-id.properties
SPSS_OPT=-Dmoa.spss.server.configuration=$CATALINA_BASE/conf/moa-spss/SampleMOASPSSConfiguration.xml
-CONFIGTOOL_OPT=-Dmoa.id.webconfig=$CATALINA_BASE/conf/moa-id-configuration/moa-id.properties
+CONFIGTOOL_OPT=-Dmoa.id.webconfig=$CATALINA_BASE/conf/moa-id-configuration/moa-id-configtool.properties
DEMOOA_OPT=-Dmoa.id.demoOA=$CATALINA_BASE/conf/moa-id-oa/oa.properties
STORK_OPT=-Deu.stork.samlengine.config.location=$CATALINA_BASE/conf/moa-id/stork/
+PROXY_OPT=-Dmoa.id.proxy.configuration=$CATALINA_BASE/conf/moa-id-proxy/MOAIDConfiguration.xml
+
#TRUST_STORE_OPT=-Djavax.net.ssl.trustStore=$CATALINA_BASE/conf/moa-spss/keys/clients/trustedMOAClients-password=changeit.keystore
#TRUST_STORE_PASS_OPT=-Djavax.net.ssl.trustStorePassword=changeit
#TRUST_STORE_TYPE_OPT=-Djavax.net.ssl.trustStoreType=jks
-export CATALINA_OPTS="$CONFIG_OPT $LOGGING_OPT $SPSS_OPT $TRUST_STORE_OPT $TRUST_STORE_PASS_OPT $TRUST_STORE_TYPE_OPT $CONFIGTOOL_OPT $DEMOOA_OPT $STORK_OPT"
+export CATALINA_OPTS="$CONFIG_OPT $LOGGING_OPT $SPSS_OPT $TRUST_STORE_OPT $TRUST_STORE_PASS_OPT $TRUST_STORE_TYPE_OPT $CONFIGTOOL_OPT $DEMOOA_OPT $STORK_OPT $PROXY_OPT"
echo CATALINA_HOME: $CATALINA_HOME
echo CATALINA_BASE: $CATALINA_BASE
diff --git a/id/server/data/deploy/tomcat/win32/startTomcat.bat b/id/server/data/deploy/tomcat/win32/startTomcat.bat
index 65b2bef23..7730137c5 100644
--- a/id/server/data/deploy/tomcat/win32/startTomcat.bat
+++ b/id/server/data/deploy/tomcat/win32/startTomcat.bat
@@ -13,11 +13,12 @@ set LOGGING_OPT=-Dlog4j.configuration=file:%CATALINA_HOME%/conf/moa-id/log4j.pro
set CONFIG_OPT_SPSS=-Dmoa.spss.server.configuration=%CATALINA_HOME%/conf/moa-spss/SampleMOASPSSConfiguration.xml
set CONFIG_OPT_ID=-Dmoa.id.configuration=%CATALINA_HOME%/conf/moa-id/moa-id.properties
-set CONFIGTOOL_OPT=-Dmoa.id.webconfig=%CATALINA_HOME%/conf/moa-id-configuration/moa-id.properties
+set CONFIGTOOL_OPT=-Dmoa.id.webconfig=%CATALINA_HOME%/conf/moa-id-configuration/moa-id-configtool.properties
set DEMOOA_OPT=-Dmoa.id.demoOA=%CATALINA_HOME%/conf/moa-id-oa/oa.properties
set STORK_OPT=-Deu.stork.samlengine.config.location=%CATALINA_HOME%/conf/moa-id/stork/
+set PROXY_OPT=-Dmoa.id.proxy.configuration=%CATALINA_HOME%/conf/moa-id-proxy/MOAIDConfiguration.xml
-set PARAMS_MOA=%CONFIG_OPT_SPSS% %CONFIG_OPT_ID% %LOGGING_OPT% %CONFIGTOOL_OPT% %DEMOOA_OPT% %STORK_OPT%
+set PARAMS_MOA=%CONFIG_OPT_SPSS% %CONFIG_OPT_ID% %LOGGING_OPT% %CONFIGTOOL_OPT% %DEMOOA_OPT% %STORK_OPT% %PROXY_OPT%
rem set PARAM_TRUST_STORE=-Djavax.net.ssl.trustStore=truststore.jks
rem set PARAM_TRUST_STORE_PASS=-Djavax.net.ssl.trustStorePassword=changeit
diff --git a/id/server/doc/MOA-ID PreRelease-1.9.98.pdf b/id/server/doc/MOA-ID PreRelease-1.9.98.pdf
index 527251961..4ee41f513 100644
--- a/id/server/doc/MOA-ID PreRelease-1.9.98.pdf
+++ b/id/server/doc/MOA-ID PreRelease-1.9.98.pdf
Binary files differ
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/AuthenticationServer.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/AuthenticationServer.java
index 3d38efa9f..003fdfbe9 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/AuthenticationServer.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/AuthenticationServer.java
@@ -265,10 +265,10 @@ public class AuthenticationServer implements MOAIDAuthConstants {
if (domainIdentifier.startsWith(PREFIX_WPBK)) {
- isbuisness = false;
+ isbuisness = true;
} else {
- isbuisness = true;
+ isbuisness = false;
}
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/GetIdentityLinkFormBuilder.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/GetIdentityLinkFormBuilder.java
index 70aa1a160..2e08fad6b 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/GetIdentityLinkFormBuilder.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/GetIdentityLinkFormBuilder.java
@@ -167,8 +167,10 @@ public class GetIdentityLinkFormBuilder extends Builder {
htmlForm = replaceTag(htmlForm, CERTINFO_XMLREQUEST_TAG, encodeParameter(certInfoXMLRequest), true, ALL);
htmlForm = replaceTag(htmlForm, CERTINFO_DATAURL_TAG, certInfoDataURL, true, ALL);
+ Map<String, String> map = null;
+
if (oaParam != null) {
- Map<String, String> map = oaParam.getFormCustomizaten();
+ map = oaParam.getFormCustomizaten();
htmlForm = replaceTag(htmlForm, COLOR_TAG, map.get(FormBuildUtils.MAIN_BACKGROUNDCOLOR), false, ALL);
htmlForm = replaceTag(htmlForm, REDIRECTTARGETTAG, map.get(FormBuildUtils.REDIRECTTARGET), false, ALL);
@@ -179,11 +181,15 @@ public class GetIdentityLinkFormBuilder extends Builder {
if (MiscUtil.isNotEmpty(appletheigth))
htmlForm = replaceTag(htmlForm, APPLETHEIGHT_TAG, appletheigth, false, ALL);
+ else if (map != null && MiscUtil.isNotEmpty(map.get(FormBuildUtils.APPLET_HEIGHT)))
+ htmlForm = replaceTag(htmlForm, APPLETHEIGHT_TAG, map.get(FormBuildUtils.APPLET_HEIGHT), false, ALL);
else
htmlForm = replaceTag(htmlForm, APPLETHEIGHT_TAG, "160", false, ALL);
if (MiscUtil.isNotEmpty(appletwidth))
htmlForm = replaceTag(htmlForm, APPLETWIDTH_TAG, appletwidth, false, ALL);
+ else if (map != null && MiscUtil.isNotEmpty(map.get(FormBuildUtils.APPLET_WIDTH)))
+ htmlForm = replaceTag(htmlForm, APPLETWIDTH_TAG, map.get(FormBuildUtils.APPLET_WIDTH), false, ALL);
else
htmlForm = replaceTag(htmlForm, APPLETWIDTH_TAG, "250", false, ALL);
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/LoginFormBuilder.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/LoginFormBuilder.java
index 90ad3cf42..ff3b7b170 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/LoginFormBuilder.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/LoginFormBuilder.java
@@ -22,6 +22,7 @@
******************************************************************************/
package at.gv.egovernment.moa.id.auth.builder;
+import java.io.ByteArrayInputStream;
import java.io.File;
import java.io.FileInputStream;
import java.io.FileNotFoundException;
@@ -58,7 +59,7 @@ public class LoginFormBuilder {
private static String SERVLET = CONTEXTPATH+"/GenerateIframeTemplate";
- public static String getTemplate() {
+ private static String getTemplate() {
String pathLocation ="";
InputStream input = null;
@@ -118,8 +119,21 @@ public class LoginFormBuilder {
}
public static String buildLoginForm(String modul, String action, OAAuthParameter oaParam, String contextpath, String moaSessionID) {
- String value = getTemplate();
+ String value = null;
+
+ byte[] oatemplate = oaParam.getBKUSelectionTemplate();
+ // OA specific template requires a size of 8 bits minimum
+ if (oatemplate != null && oatemplate.length > 7) {
+ InputStream is = new ByteArrayInputStream(oatemplate);
+ value = getTemplate(is);
+
+ } else {
+ //load default BKU-selection template
+ value = getTemplate();
+
+ }
+
if(value != null) {
if(modul == null) {
modul = SAML1Protocol.PATH;
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/SendAssertionFormBuilder.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/SendAssertionFormBuilder.java
index f65a3c011..24b848176 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/SendAssertionFormBuilder.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/SendAssertionFormBuilder.java
@@ -22,6 +22,7 @@
******************************************************************************/
package at.gv.egovernment.moa.id.auth.builder;
+import java.io.ByteArrayInputStream;
import java.io.File;
import java.io.FileInputStream;
import java.io.FileNotFoundException;
@@ -58,32 +59,50 @@ public class SendAssertionFormBuilder {
private static String SERVLET = CONTEXTPATH+"/SSOSendAssertionServlet";
private static String getTemplate() {
-
- String template = null;
- InputStream input = null;
- try {
- String pathLocation;
-
- String rootconfigdir = AuthConfigurationProvider.getInstance().getRootConfigFileDir();
- pathLocation = rootconfigdir + HTMLTEMPLATESDIR + HTMLTEMPLATEFULL;
+ String pathLocation;
+ InputStream input = null;
+ try {
+ String rootconfigdir = AuthConfigurationProvider.getInstance().getRootConfigFileDir();
+ pathLocation = rootconfigdir + HTMLTEMPLATESDIR + HTMLTEMPLATEFULL;
+
+ try {
+ File file = new File(new URI(pathLocation));
+ input = new FileInputStream(file);
+
+ } catch (FileNotFoundException e) {
- try {
- File file = new File(new URI(pathLocation));
- input = new FileInputStream(file);
-
- } catch (FileNotFoundException e) {
-
- Logger.warn("No LoginFormTempaltes found. Use Generic Templates from package.");
-
- pathLocation = "resources/templates/" + HTMLTEMPLATEFULL;
-
- input = Thread.currentThread()
- .getContextClassLoader()
- .getResourceAsStream(pathLocation);
-
- }
+ Logger.warn("No LoginFormTempaltes found. Use Generic Templates from package.");
+
+ pathLocation = "resources/templates/" + HTMLTEMPLATEFULL;
+
+ input = Thread.currentThread()
+ .getContextClassLoader()
+ .getResourceAsStream(pathLocation);
+
+ }
+
+ return getTemplate(input);
+
+ } catch (Exception e) {
+ try {
+ input.close();
+ } catch (IOException e1) {
+ Logger.warn("SendAssertionTemplate inputstream can not be closed.", e);
+ }
+
+ return null;
+ }
+
+ }
+
+ private static String getTemplate(InputStream input) {
+
+ String template = null;
+
+ try {
+
StringWriter writer = new StringWriter();
IOUtils.copy(input, writer);
template = writer.toString();
@@ -105,7 +124,19 @@ public class SendAssertionFormBuilder {
}
public static String buildForm(String modul, String action, String id, OAAuthParameter oaParam, String contextpath) {
- String value = getTemplate();
+ String value = null;
+
+ byte[] oatemplate = oaParam.getSendAssertionTemplate();
+ // OA specific template requires a size of 8 bits minimum
+ if (oatemplate != null && oatemplate.length > 7) {
+ InputStream is = new ByteArrayInputStream(oatemplate);
+ value = getTemplate(is);
+
+ } else {
+ //load default BKU-selection template
+ value = getTemplate();
+
+ }
if(value != null) {
if(modul == null) {
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/GenerateIFrameTemplateServlet.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/GenerateIFrameTemplateServlet.java
index c66e19eb0..d2d458e74 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/GenerateIFrameTemplateServlet.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/GenerateIFrameTemplateServlet.java
@@ -82,9 +82,12 @@ public class GenerateIFrameTemplateServlet extends AuthServlet {
AuthenticationSession moasession = null;
- try {
- //moasessionid = (String) req.getSession().getAttribute(AuthenticationManager.MOA_SESSION);
-
+ if (MiscUtil.isEmpty(bkuid) || MiscUtil.isEmpty(moasessionid)) {
+ Logger.warn("MOASessionID or BKU-type is empty. Maybe an old BKU-selection template is in use.");
+ throw new MOAIDException("auth.23", new Object[] {});
+ }
+
+ try {
pendingRequestID = AuthenticationSessionStoreage.getPendingRequestID(moasessionid);
moasession = AuthenticationSessionStoreage.getSession(moasessionid);
@@ -112,7 +115,7 @@ public class GenerateIFrameTemplateServlet extends AuthServlet {
//load Parameters from config
String target = oaParam.getTarget();
-
+
String bkuURL = oaParam.getBKUURL(bkuid);
if (MiscUtil.isEmpty(bkuURL)) {
Logger.info("No OA specific BKU defined. Use BKU from default configuration");
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/auth/AuthConfigurationProvider.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/auth/AuthConfigurationProvider.java
index 304b63de0..c0f47d781 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/auth/AuthConfigurationProvider.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/auth/AuthConfigurationProvider.java
@@ -110,6 +110,7 @@ import at.gv.egovernment.moa.id.config.auth.data.ProtocolAllowed;
import at.gv.egovernment.moa.id.config.legacy.BuildFromLegacyConfig;
import at.gv.egovernment.moa.id.config.stork.STORKConfig;
import at.gv.egovernment.moa.id.data.IssuerAndSerial;
+import at.gv.egovernment.moa.id.protocols.pvp2x.config.MOADefaultBootstrap;
import at.gv.egovernment.moa.logging.Logger;
import at.gv.egovernment.moa.util.MiscUtil;
@@ -365,7 +366,8 @@ public class AuthConfigurationProvider extends ConfigurationProvider {
//Initialize OpenSAML for STORK
Logger.info("Starting initialization of OpenSAML...");
- DefaultBootstrap.bootstrap();
+ MOADefaultBootstrap.bootstrap();
+ //DefaultBootstrap.bootstrap();
Logger.debug("OpenSAML successfully initialized");
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/auth/OAAuthParameter.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/auth/OAAuthParameter.java
index 7a38e2afd..8e7ca0779 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/auth/OAAuthParameter.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/auth/OAAuthParameter.java
@@ -320,6 +320,12 @@ public Map<String, String> getFormCustomizaten() {
if (MiscUtil.isNotEmpty(bkuselection.getAppletRedirectTarget()))
map.put(FormBuildUtils.REDIRECTTARGET, bkuselection.getAppletRedirectTarget());
+ if (MiscUtil.isNotEmpty(bkuselection.getAppletHeight()))
+ map.put(FormBuildUtils.APPLET_HEIGHT, bkuselection.getAppletHeight());
+
+ if (MiscUtil.isNotEmpty(bkuselection.getAppletWidth()))
+ map.put(FormBuildUtils.APPLET_WIDTH, bkuselection.getAppletWidth());
+
}
}
@@ -343,6 +349,27 @@ public List<OAStorkAttribute> getRequestedAttributes() {
}
+public byte[] getBKUSelectionTemplate() {
+
+ TemplatesType templates = oa_auth.getTemplates();
+ if (templates != null && templates.getBKUSelectionTemplate() != null) {
+ return templates.getBKUSelectionTemplate().getTransformation();
+
+ }
+
+ return null;
+}
+
+public byte[] getSendAssertionTemplate() {
+
+ TemplatesType templates = oa_auth.getTemplates();
+ if (templates != null && templates.getSendAssertionTemplate() != null) {
+ return templates.getSendAssertionTemplate().getTransformation();
+
+ }
+
+ return null;
+}
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/proxy/ProxyConfigurationProvider.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/proxy/ProxyConfigurationProvider.java
index 93de902ef..66d330d20 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/proxy/ProxyConfigurationProvider.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/proxy/ProxyConfigurationProvider.java
@@ -118,7 +118,7 @@ public class ProxyConfigurationProvider extends ConfigurationProvider {
throws ConfigurationException {
String fileName = System.getProperty(PROXY_CONFIG_PROPERTY_NAME);
if (fileName == null) {
- throw new ConfigurationException("config.01", null);
+ throw new ConfigurationException("config.20", null);
}
Logger.info("Loading MOA-ID-PROXY configuration " + fileName);
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/entrypoints/DispatcherServlet.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/entrypoints/DispatcherServlet.java
index 01b80a93f..6cc17231c 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/entrypoints/DispatcherServlet.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/entrypoints/DispatcherServlet.java
@@ -22,14 +22,8 @@
*******************************************************************************/
package at.gv.egovernment.moa.id.entrypoints;
-
-
-import iaik.security.ecc.provider.ECCProvider;
-import iaik.security.provider.IAIK;
-
import java.io.IOException;
-import java.io.PrintWriter;
-import java.security.Security;
+
import java.util.Iterator;
import java.util.Map;
import java.util.Set;
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/MetadataAction.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/MetadataAction.java
index 78fe43daa..1668c31ce 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/MetadataAction.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/MetadataAction.java
@@ -66,7 +66,7 @@ import at.gv.egovernment.moa.logging.Logger;
public class MetadataAction implements IAction {
- private static final int VALIDUNTIL_IN_DAYES = 30;
+ private static final int VALIDUNTIL_IN_HOURS = 24;
public String processRequest(IRequest req, HttpServletRequest httpReq,
HttpServletResponse httpResp, AuthenticationSession moasession) throws MOAIDException {
@@ -81,7 +81,7 @@ public class MetadataAction implements IAction {
DateTime date = new DateTime();
- idpEntitiesDescriptor.setValidUntil(date.plusDays(VALIDUNTIL_IN_DAYES));
+ idpEntitiesDescriptor.setValidUntil(date.plusHours(VALIDUNTIL_IN_HOURS));
EntityDescriptor idpEntityDescriptor = SAML2Utils
.createSAMLObject(EntityDescriptor.class);
@@ -95,7 +95,7 @@ public class MetadataAction implements IAction {
idpEntityDescriptor
.setEntityID(PVPConfiguration.getInstance().getIDPPublicPath());
- idpEntityDescriptor.setValidUntil(date.plusDays(VALIDUNTIL_IN_DAYES));
+ idpEntityDescriptor.setValidUntil(date.plusDays(VALIDUNTIL_IN_HOURS));
List<ContactPerson> persons = PVPConfiguration.getInstance()
.getIDPContacts();
@@ -114,13 +114,31 @@ public class MetadataAction implements IAction {
Credential metadataSigningCredential = CredentialProvider.getIDPMetaDataSigningCredential();
Signature signature = CredentialProvider
.getIDPSignature(metadataSigningCredential);
+
+ idpEntitiesDescriptor.setSignature(signature);
+
+// //set SignatureMethode
+// signature.setSignatureAlgorithm(PVPConstants.DEFAULT_SIGNING_METHODE);
+//
+// //set DigestMethode
+// List<ContentReference> contentList = signature.getContentReferences();
+// for (ContentReference content : contentList) {
+//
+// if (content instanceof SAMLObjectContentReference) {
+//
+// SAMLObjectContentReference el = (SAMLObjectContentReference) content;
+// el.setDigestAlgorithm(PVPConstants.DEFAULT_DIGESTMETHODE);
+//
+// }
+// }
+
// KeyInfoBuilder metadataKeyInfoBuilder = new KeyInfoBuilder();
// KeyInfo metadataKeyInfo = metadataKeyInfoBuilder.buildObject();
// //KeyInfoHelper.addCertificate(metadataKeyInfo, metadataSigningCredential.);
// signature.setKeyInfo(metadataKeyInfo );
- idpEntitiesDescriptor.setSignature(signature);
+
IDPSSODescriptor idpSSODescriptor = SAML2Utils
.createSAMLObject(IDPSSODescriptor.class);
@@ -222,7 +240,7 @@ public class MetadataAction implements IAction {
String metadataXML = sw.toString();
- //System.out.println("METADATA: " + metadataXML);
+ System.out.println("METADATA: " + metadataXML);
httpResp.setContentType("text/xml");
httpResp.getOutputStream().write(metadataXML.getBytes());
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/PVPConstants.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/PVPConstants.java
index 0172cce2d..7946c7596 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/PVPConstants.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/PVPConstants.java
@@ -22,8 +22,17 @@
*******************************************************************************/
package at.gv.egovernment.moa.id.protocols.pvp2x;
+import org.opensaml.xml.encryption.EncryptionConstants;
+import org.opensaml.xml.signature.SignatureConstants;
+
public interface PVPConstants {
+ public static final String DEFAULT_SIGNING_METHODE = SignatureConstants.ALGO_ID_SIGNATURE_RSA_SHA256;
+ public static final String DEFAULT_DIGESTMETHODE = SignatureConstants.ALGO_ID_DIGEST_SHA256;
+ public static final String DEFAULT_SYM_ENCRYPTION_METHODE = EncryptionConstants.ALGO_ID_BLOCKCIPHER_AES128;
+ public static final String DEFAULT_ASYM_ENCRYPTION_METHODE = EncryptionConstants.ALGO_ID_KEYTRANSPORT_RSAOAEP;
+
+
public static final String STORK_QAA_PREFIX = "http://www.stork.gov.eu/1.0/citizenQAALevel/";
public static final String STORK_QAA_1_1 = "http://www.stork.gov.eu/1.0/citizenQAALevel/1";
public static final String STORK_QAA_1_2 = "http://www.stork.gov.eu/1.0/citizenQAALevel/2";
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/config/MOADefaultBootstrap.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/config/MOADefaultBootstrap.java
new file mode 100644
index 000000000..80789cd12
--- /dev/null
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/config/MOADefaultBootstrap.java
@@ -0,0 +1,61 @@
+/*
+ * Copyright 2014 Federal Chancellery Austria
+ * MOA-ID has been developed in a cooperation between BRZ, the Federal
+ * Chancellery Austria - ICT staff unit, and Graz University of Technology.
+ *
+ * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by
+ * the European Commission - subsequent versions of the EUPL (the "Licence");
+ * You may not use this work except in compliance with the Licence.
+ * You may obtain a copy of the Licence at:
+ * http://www.osor.eu/eupl/
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the Licence is distributed on an "AS IS" basis,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the Licence for the specific language governing permissions and
+ * limitations under the Licence.
+ *
+ * This product combines work with different licenses. See the "NOTICE" text
+ * file for details on the various modules and licenses.
+ * The "NOTICE" text file is part of the distribution. Any derivative works
+ * that you distribute must include a readable copy of the "NOTICE" text file.
+ */
+package at.gv.egovernment.moa.id.protocols.pvp2x.config;
+
+import org.opensaml.Configuration;
+import org.opensaml.DefaultBootstrap;
+import org.opensaml.common.binding.BasicSAMLMessageContext;
+import org.opensaml.saml2.binding.encoding.BaseSAML2MessageEncoder;
+import org.opensaml.xml.ConfigurationException;
+
+/**
+ * @author tlenz
+ *
+ */
+public class MOADefaultBootstrap extends DefaultBootstrap {
+
+ public static synchronized void bootstrap() throws ConfigurationException {
+
+ initializeXMLSecurity();
+
+ initializeXMLTooling();
+
+ initializeArtifactBuilderFactories();
+
+ initializeGlobalSecurityConfiguration();
+
+ initializeParserPool();
+
+ initializeESAPI();
+
+ }
+
+
+
+ /**
+ * Initializes the default global security configuration.
+ */
+ protected static void initializeGlobalSecurityConfiguration() {
+ Configuration.setGlobalSecurityConfiguration(MOADefaultSecurityConfigurationBootstrap.buildDefaultConfig());
+ }
+}
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/config/MOADefaultSecurityConfigurationBootstrap.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/config/MOADefaultSecurityConfigurationBootstrap.java
new file mode 100644
index 000000000..1563ba9be
--- /dev/null
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/config/MOADefaultSecurityConfigurationBootstrap.java
@@ -0,0 +1,129 @@
+/*
+ * Copyright 2014 Federal Chancellery Austria
+ * MOA-ID has been developed in a cooperation between BRZ, the Federal
+ * Chancellery Austria - ICT staff unit, and Graz University of Technology.
+ *
+ * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by
+ * the European Commission - subsequent versions of the EUPL (the "Licence");
+ * You may not use this work except in compliance with the Licence.
+ * You may obtain a copy of the Licence at:
+ * http://www.osor.eu/eupl/
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the Licence is distributed on an "AS IS" basis,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the Licence for the specific language governing permissions and
+ * limitations under the Licence.
+ *
+ * This product combines work with different licenses. See the "NOTICE" text
+ * file for details on the various modules and licenses.
+ * The "NOTICE" text file is part of the distribution. Any derivative works
+ * that you distribute must include a readable copy of the "NOTICE" text file.
+ */
+package at.gv.egovernment.moa.id.protocols.pvp2x.config;
+
+import org.opensaml.xml.encryption.EncryptionConstants;
+import org.opensaml.xml.security.BasicSecurityConfiguration;
+import org.opensaml.xml.security.DefaultSecurityConfigurationBootstrap;
+import org.opensaml.xml.signature.SignatureConstants;
+
+/**
+ * @author tlenz
+ *
+ */
+public class MOADefaultSecurityConfigurationBootstrap extends
+ DefaultSecurityConfigurationBootstrap {
+
+ public static BasicSecurityConfiguration buildDefaultConfig() {
+ BasicSecurityConfiguration config = new BasicSecurityConfiguration();
+
+ populateSignatureParams(config);
+ populateEncryptionParams(config);
+ populateKeyInfoCredentialResolverParams(config);
+ populateKeyInfoGeneratorManager(config);
+ populateKeyParams(config);
+
+ return config;
+ }
+
+ protected static void populateSignatureParams(
+ BasicSecurityConfiguration config) {
+
+ //use SHA256 instead of SHA1
+ config.registerSignatureAlgorithmURI("RSA",
+ SignatureConstants.ALGO_ID_SIGNATURE_RSA_SHA256);
+
+ config.registerSignatureAlgorithmURI("DSA",
+ "http://www.w3.org/2000/09/xmldsig#dsa-sha1");
+
+ //use SHA256 instead of SHA1
+ config.registerSignatureAlgorithmURI("EC",
+ SignatureConstants.ALGO_ID_SIGNATURE_ECDSA_SHA256);
+
+ //use SHA256 instead of SHA1
+ config.registerSignatureAlgorithmURI("AES",
+ SignatureConstants.ALGO_ID_MAC_HMAC_SHA256);
+
+
+ config.registerSignatureAlgorithmURI("DESede",
+ SignatureConstants.ALGO_ID_MAC_HMAC_SHA256);
+
+ config.setSignatureCanonicalizationAlgorithm("http://www.w3.org/2001/10/xml-exc-c14n#");
+ config.setSignatureHMACOutputLength(null);
+
+ //use SHA256 instead of SHA1
+ config.setSignatureReferenceDigestMethod(SignatureConstants.ALGO_ID_DIGEST_SHA256);
+ }
+
+ protected static void populateEncryptionParams(
+ BasicSecurityConfiguration config) {
+ config.registerDataEncryptionAlgorithmURI("AES", Integer.valueOf(128),
+ "http://www.w3.org/2001/04/xmlenc#aes128-cbc");
+ config.registerDataEncryptionAlgorithmURI("AES", Integer.valueOf(192),
+ "http://www.w3.org/2001/04/xmlenc#aes192-cbc");
+ config.registerDataEncryptionAlgorithmURI("AES", Integer.valueOf(256),
+ "http://www.w3.org/2001/04/xmlenc#aes256-cbc");
+
+ //support GCM mode
+ config.registerDataEncryptionAlgorithmURI("AES", Integer.valueOf(128),
+ EncryptionConstants.ALGO_ID_BLOCKCIPHER_AES128_GCM);
+
+ config.registerDataEncryptionAlgorithmURI("AES", Integer.valueOf(192),
+ EncryptionConstants.ALGO_ID_BLOCKCIPHER_AES192_GCM);
+
+ config.registerDataEncryptionAlgorithmURI("AES", Integer.valueOf(256),
+ EncryptionConstants.ALGO_ID_BLOCKCIPHER_AES256_GCM);
+
+
+ config.registerDataEncryptionAlgorithmURI("DESede",
+ Integer.valueOf(168),
+ "http://www.w3.org/2001/04/xmlenc#tripledes-cbc");
+ config.registerDataEncryptionAlgorithmURI("DESede",
+ Integer.valueOf(192),
+ "http://www.w3.org/2001/04/xmlenc#tripledes-cbc");
+
+ config.registerKeyTransportEncryptionAlgorithmURI("RSA", null, "AES",
+ "http://www.w3.org/2001/04/xmlenc#rsa-oaep-mgf1p");
+
+ config.registerKeyTransportEncryptionAlgorithmURI("RSA", null,
+ "DESede", "http://www.w3.org/2001/04/xmlenc#rsa-oaep-mgf1p");
+
+ config.registerKeyTransportEncryptionAlgorithmURI("AES",
+ Integer.valueOf(128), null,
+ "http://www.w3.org/2001/04/xmlenc#kw-aes128");
+ config.registerKeyTransportEncryptionAlgorithmURI("AES",
+ Integer.valueOf(192), null,
+ "http://www.w3.org/2001/04/xmlenc#kw-aes192");
+ config.registerKeyTransportEncryptionAlgorithmURI("AES",
+ Integer.valueOf(256), null,
+ "http://www.w3.org/2001/04/xmlenc#kw-aes256");
+ config.registerKeyTransportEncryptionAlgorithmURI("DESede",
+ Integer.valueOf(168), null,
+ "http://www.w3.org/2001/04/xmlenc#kw-tripledes");
+ config.registerKeyTransportEncryptionAlgorithmURI("DESede",
+ Integer.valueOf(192), null,
+ "http://www.w3.org/2001/04/xmlenc#kw-tripledes");
+
+ config.setAutoGeneratedDataEncryptionKeyAlgorithmURI("http://www.w3.org/2001/04/xmlenc#aes128-cbc");
+ }
+}
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/config/PVPConfiguration.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/config/PVPConfiguration.java
index 5d71b915f..bf82efb79 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/config/PVPConfiguration.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/config/PVPConfiguration.java
@@ -33,6 +33,7 @@ import java.util.Properties;
import java.util.jar.Attributes;
import java.util.jar.Manifest;
+import org.opensaml.Configuration;
import org.opensaml.saml2.metadata.Company;
import org.opensaml.saml2.metadata.ContactPerson;
import org.opensaml.saml2.metadata.ContactPersonTypeEnumeration;
@@ -45,6 +46,7 @@ import org.opensaml.saml2.metadata.OrganizationName;
import org.opensaml.saml2.metadata.OrganizationURL;
import org.opensaml.saml2.metadata.SurName;
import org.opensaml.saml2.metadata.TelephoneNumber;
+import org.opensaml.xml.security.SecurityConfiguration;
import at.gv.egovernment.moa.id.commons.db.dao.config.Contact;
import at.gv.egovernment.moa.id.commons.db.dao.config.OAPVP2;
@@ -115,7 +117,7 @@ public class PVPConfiguration {
try {
//generalpvpconfigdb = AuthConfigurationProvider.getInstance().getGeneralPVP2DBConfig();
props = AuthConfigurationProvider.getInstance().getGeneralPVP2ProperiesConfig();
-
+
} catch (ConfigurationException e) {
e.printStackTrace();
}
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/requestHandler/AuthnRequestHandler.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/requestHandler/AuthnRequestHandler.java
index 21c0d85a1..229158778 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/requestHandler/AuthnRequestHandler.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/requestHandler/AuthnRequestHandler.java
@@ -24,7 +24,6 @@ package at.gv.egovernment.moa.id.protocols.pvp2x.requestHandler;
import java.util.ArrayList;
import java.util.List;
-
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
@@ -45,7 +44,6 @@ import org.opensaml.saml2.metadata.SPSSODescriptor;
import org.opensaml.security.MetadataCredentialResolver;
import org.opensaml.security.MetadataCriteria;
import org.opensaml.ws.message.encoder.MessageEncodingException;
-import org.opensaml.xml.encryption.EncryptionConstants;
import org.opensaml.xml.encryption.EncryptionException;
import org.opensaml.xml.encryption.EncryptionParameters;
import org.opensaml.xml.encryption.KeyEncryptionParameters;
@@ -57,6 +55,7 @@ import org.opensaml.xml.security.criteria.UsageCriteria;
import org.opensaml.xml.security.keyinfo.KeyInfoGeneratorFactory;
import org.opensaml.xml.security.x509.X509Credential;
+
import at.gv.egovernment.moa.id.auth.data.AuthenticationSession;
import at.gv.egovernment.moa.id.auth.exception.MOAIDException;
import at.gv.egovernment.moa.id.protocols.pvp2x.PVPConstants;
@@ -125,12 +124,11 @@ public class AuthnRequestHandler implements IRequestHandler, PVPConstants {
AssertionConsumerService consumerService = spSSODescriptor
.getAssertionConsumerServices().get(idx);
- if (consumerService == null) {
- //TODO: maybe use default ConsumerService
-
+ if (consumerService == null) {
throw new InvalidAssertionConsumerServiceException(idx);
}
+
String oaURL = consumerService.getLocation();
//check, if metadata includes an encryption key
@@ -158,19 +156,19 @@ public class AuthnRequestHandler implements IRequestHandler, PVPConstants {
try {
EncryptionParameters dataEncParams = new EncryptionParameters();
- dataEncParams.setAlgorithm(EncryptionConstants.ALGO_ID_BLOCKCIPHER_AES128);
-
+ dataEncParams.setAlgorithm(PVPConstants.DEFAULT_SYM_ENCRYPTION_METHODE);
+
List<KeyEncryptionParameters> keyEncParamList = new ArrayList<KeyEncryptionParameters>();
KeyEncryptionParameters keyEncParam = new KeyEncryptionParameters();
keyEncParam.setEncryptionCredential(encryptionCredentials);
- keyEncParam.setAlgorithm(EncryptionConstants.ALGO_ID_KEYTRANSPORT_RSAOAEP);
+ keyEncParam.setAlgorithm(PVPConstants.DEFAULT_ASYM_ENCRYPTION_METHODE);
KeyInfoGeneratorFactory kigf = Configuration.getGlobalSecurityConfiguration()
.getKeyInfoGeneratorManager().getDefaultManager()
.getFactory(encryptionCredentials);
keyEncParam.setKeyInfoGenerator(kigf.newInstance());
keyEncParamList.add(keyEncParam);
-
+
Encrypter samlEncrypter = new Encrypter(dataEncParams, keyEncParamList);
//samlEncrypter.setKeyPlacement(KeyPlacement.INLINE);
samlEncrypter.setKeyPlacement(KeyPlacement.PEER);
@@ -178,7 +176,7 @@ public class AuthnRequestHandler implements IRequestHandler, PVPConstants {
EncryptedAssertion encryptAssertion = null;
encryptAssertion = samlEncrypter.encrypt(assertion);
-
+
authResponse.getEncryptedAssertions().add(encryptAssertion);
} catch (EncryptionException e1) {
@@ -191,10 +189,7 @@ public class AuthnRequestHandler implements IRequestHandler, PVPConstants {
authResponse.getAssertions().add(assertion);
}
-
-
-
-
+
IEncoder binding = null;
if (consumerService.getBinding().equals(
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/verification/EntityVerifier.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/verification/EntityVerifier.java
index 4ef9919ca..550643da1 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/verification/EntityVerifier.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/verification/EntityVerifier.java
@@ -22,7 +22,6 @@
*******************************************************************************/
package at.gv.egovernment.moa.id.protocols.pvp2x.verification;
-import java.util.Iterator;
import java.util.List;
import org.opensaml.saml2.metadata.EntitiesDescriptor;
@@ -44,18 +43,25 @@ import at.gv.egovernment.moa.logging.Logger;
public class EntityVerifier {
public static byte[] fetchSavedCredential(String entityID) {
- List<OnlineApplication> oaList = ConfigurationDBRead
- .getAllActiveOnlineApplications();
- Iterator<OnlineApplication> oaIt = oaList.iterator();
- while (oaIt.hasNext()) {
- OnlineApplication oa = oaIt.next();
- if (oa.getPublicURLPrefix().equals(entityID)) {
+// List<OnlineApplication> oaList = ConfigurationDBRead
+// .getAllActiveOnlineApplications();
+
+ OnlineApplication oa = ConfigurationDBRead
+ .getActiveOnlineApplication(entityID);
+
+// Iterator<OnlineApplication> oaIt = oaList.iterator();
+// while (oaIt.hasNext()) {
+// OnlineApplication oa = oaIt.next();
+// if (oa.getPublicURLPrefix().equals(entityID)) {
+
+ if (oa != null && oa.getAuthComponentOA() != null) {
+
OAPVP2 pvp2Config = oa.getAuthComponentOA().getOAPVP2();
if (pvp2Config != null) {
return pvp2Config.getCertificate();
}
}
- }
+// }
return null;
}
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/verification/MetadataSignatureFilter.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/verification/MetadataSignatureFilter.java
index f0ae6f446..ed0cf9c62 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/verification/MetadataSignatureFilter.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/verification/MetadataSignatureFilter.java
@@ -25,7 +25,9 @@ package at.gv.egovernment.moa.id.protocols.pvp2x.verification;
import iaik.x509.X509Certificate;
import java.security.cert.CertificateException;
+import java.util.ArrayList;
import java.util.Iterator;
+import java.util.List;
import org.opensaml.saml2.metadata.EntitiesDescriptor;
import org.opensaml.saml2.metadata.EntityDescriptor;
@@ -69,13 +71,17 @@ public class MetadataSignatureFilter implements MetadataFilter {
while(entID.hasNext()) {
processEntitiesDescriptor(entID.next());
}
-
+
Iterator<EntityDescriptor> entIT = desc.getEntityDescriptors().iterator();
-
- //check every Entity
+
+ List<EntityDescriptor> verifiedEntIT = new ArrayList<EntityDescriptor>();
+
+ //check every Entity
+
while(entIT.hasNext()) {
EntityDescriptor entity = entIT.next();
+
String entityID = entity.getEntityID();
//CHECK if Entity also match MetaData signature.
@@ -92,17 +98,31 @@ public class MetadataSignatureFilter implements MetadataFilter {
EntityVerifier.verify(desc, entityCrendential);
+ //add entity to verified entity-list
+ verifiedEntIT.add(entity);
+
} catch (Exception e) {
- throw new MOAIDException("The App", null, e);
+
+ //remove entity of signature can not be verified.
+ Logger.info("Entity " + entityID + " is removed from metadata "
+ + desc.getName() + ". Entity verification error: " + e.getMessage());
+// throw new MOAIDException("The App", null, e);
}
} else {
- throw new NoCredentialsException("NO Certificate found for OA " + entityID);
+ //remove entity if it is not registrated as OA
+ Logger.info("Entity " + entityID + " is removed from metadata "
+ + desc.getName() + ". Entity is not registrated or no certificate is found!");
+// throw new NoCredentialsException("NO Certificate found for OA " + entityID);
}
-
+
//TODO: insert to support signed Entity-Elements
//processEntityDescriptorr(entIT.next());
- }
+ }
+
+ //set only verified entity elements
+ desc.getEntityDescriptors().clear();
+ desc.getEntityDescriptors().addAll(verifiedEntIT);
}
public void doFilter(XMLObject metadata) throws FilterException {
@@ -114,6 +134,13 @@ public class MetadataSignatureFilter implements MetadataFilter {
}
processEntitiesDescriptor(entitiesDescriptor);
+
+ if (entitiesDescriptor.getEntityDescriptors().size() == 0) {
+ throw new MOAIDException("No valid entity in metadata "
+ + entitiesDescriptor.getName() + ". Metadata is not loaded.", null);
+ }
+
+
} else if (metadata instanceof EntityDescriptor) {
EntityDescriptor entityDescriptor = (EntityDescriptor) metadata;
processEntityDescriptorr(entityDescriptor);
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/util/FormBuildUtils.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/util/FormBuildUtils.java
index 37ead5cff..d3ac574f8 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/util/FormBuildUtils.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/util/FormBuildUtils.java
@@ -43,6 +43,8 @@ public class FormBuildUtils {
public static String FONTFAMILY = "#FONTTYPE#";
public static String HEADER_TEXT = "#HEADER_TEXT#";
public static String REDIRECTTARGET = "#REDIRECTTARGET#";
+ public static String APPLET_HEIGHT = "#APPLETHEIGHT#";
+ public static String APPLET_WIDTH = "#APPLETWIDTH#";
private static String MANDATEVISIBLE = "#MANDATEVISIBLE#";
private static String MANDATECHECKED = "#MANDATECHECKED#";
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/util/ParamValidatorUtils.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/util/ParamValidatorUtils.java
index 327170054..bd6514c5c 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/util/ParamValidatorUtils.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/util/ParamValidatorUtils.java
@@ -513,8 +513,8 @@ public class ParamValidatorUtils implements MOAIDAuthConstants{
throw new WrongParametersException("StartAuthentication", PARAM_OA, "auth.12");
if (MiscUtil.isEmpty(bkuURL))
throw new WrongParametersException("StartAuthentication", PARAM_BKU, "auth.12");
- if (MiscUtil.isEmpty(templateURL))
- throw new WrongParametersException("StartAuthentication", PARAM_TEMPLATE, "auth.12");
+// if (MiscUtil.isEmpty(templateURL))
+// throw new WrongParametersException("StartAuthentication", PARAM_TEMPLATE, "auth.12");
if (!ParamValidatorUtils.isValidUseMandate(useMandate))
throw new WrongParametersException("StartAuthentication", PARAM_USEMANDATE, "auth.12");
if (!ParamValidatorUtils.isValidCCC(ccc))
diff --git a/id/server/idserverlib/src/main/resources/resources/properties/id_messages_de.properties b/id/server/idserverlib/src/main/resources/resources/properties/id_messages_de.properties
index a6c0601e4..93e8cdb99 100644
--- a/id/server/idserverlib/src/main/resources/resources/properties/id_messages_de.properties
+++ b/id/server/idserverlib/src/main/resources/resources/properties/id_messages_de.properties
@@ -41,6 +41,8 @@ auth.19=Die Authentifizierung kann nicht passiv durchgef\u00FChrt werden.
auth.20=No valid MOA session found. Authentification process is abourted.
auth.21=Der Anmeldevorgang wurde durch den Benutzer abgebrochen.
auth.22=Das Protokoll {0} ist deaktiviert.
+auth.23=Das BKU-Selektion Template entspricht nicht der Spezifikation von MOA-ID 2.x.
+auth.24=Das Send-Assertion Template entspricht nicht der Spezifikation von MOA-ID 2.x.
init.00=MOA ID Authentisierung wurde erfolgreich gestartet
init.01=Fehler beim Aktivieren des IAIK-JCE/JSSE/JDK1.3 Workaround\: SSL ist m\u00F6glicherweise nicht verf\u00FCgbar
@@ -67,7 +69,8 @@ config.15=Das Personenbindungs-Trust-Profil (TrustProfileID \= {0}) darf nicht f
config.16=MOA ID Proxy konnte nicht gestartet werden. Das Element ConnnectionParameter im allgemeinen Konfigurationsteil der MOA-ID-PROXY Konfigurationsdatei fehlt.
config.17=Fehler beim initialisieren von Hibernate
config.18=Keine MOA-ID 2.x Konfiguration gefunden.
-config.19=Kein Schl?ssel f\u00FCr die Resignierung der Personenbindung gefunden.
+config.19=Kein Schl?ssel f\u00FCr die Resignierung der Personenbindung gefunden.
+config.20=Umgebungsvariable "moa.id.proxy.configuration" nicht gesetzt
parser.00=Leichter Fehler beim Parsen: {0}
parser.01=Fehler beim Parsen: {0}
diff --git a/id/server/moa-id-commons/src/main/resources/config/moaid_config_2.0.xsd b/id/server/moa-id-commons/src/main/resources/config/moaid_config_2.0.xsd
index 7944a7321..2461e1274 100644
--- a/id/server/moa-id-commons/src/main/resources/config/moaid_config_2.0.xsd
+++ b/id/server/moa-id-commons/src/main/resources/config/moaid_config_2.0.xsd
@@ -160,36 +160,6 @@
</xsd:complexContent>
</xsd:complexType>
</xsd:element>
- <xsd:element name="ProxyComponent_General" minOccurs="0">
- <xsd:annotation>
- <xsd:documentation>enthält Konfigurationsparameter der
- Proxy-Komponente
- </xsd:documentation>
- </xsd:annotation>
- <xsd:complexType>
- <xsd:sequence>
- <xsd:element name="AuthComponent">
- <xsd:annotation>
- <xsd:documentation>enthält Parameter für die Kommunikation zw.
- Proxykomponente und Authenttisierungskomponente
- </xsd:documentation>
- </xsd:annotation>
- <xsd:complexType>
- <xsd:sequence>
- <xsd:element name="ConnectionParameter_Proxy" type="ConnectionParameterClientAuthType" minOccurs="0">
- <xsd:annotation>
- <xsd:documentation>enthält Parameter für die SOAP-Verbindung
- von der Proxy-Komponente zur Auth-Komponente (vgl.
- AuthComponent/MOA-SP/ConnectionParameter)
- </xsd:documentation>
- </xsd:annotation>
- </xsd:element>
- </xsd:sequence>
- </xsd:complexType>
- </xsd:element>
- </xsd:sequence>
- </xsd:complexType>
- </xsd:element>
<xsd:element name="OnlineApplication" type="OnlineApplication" maxOccurs="unbounded">
<xsd:annotation>
<xsd:documentation>enthält Parameter für die OA
@@ -463,6 +433,8 @@
<xsd:element name="Template" type="TemplateType" minOccurs="0" maxOccurs="3"/>
<xsd:element name="AditionalAuthBlockText" type="xsd:string" minOccurs="0"/>
<xsd:element name="BKUSelectionCustomization" type="BKUSelectionCustomizationType" minOccurs="0" maxOccurs="1"/>
+ <xsd:element name="BKUSelectionTemplate" type="TransformsInfoType" minOccurs="0" maxOccurs="1"/>
+ <xsd:element name="SendAssertionTemplate" type="TransformsInfoType" minOccurs="0" maxOccurs="1"/>
</xsd:sequence>
</xsd:complexType>
<xsd:complexType name="TemplateType">
@@ -507,7 +479,6 @@
</xsd:element>
</xsd:sequence>
</xsd:complexType>
- <xsd:complexType name="ProxyComponentType"/>
<xsd:complexType name="OnlineApplicationType">
<xsd:sequence>
<xsd:element name="isActive" type="xsd:boolean" default="false" minOccurs="1" maxOccurs="1"/>
@@ -557,29 +528,6 @@
maxOccurs="1"/ -->
</xsd:complexType>
</xsd:element>
- <xsd:element name="ProxyComponent_OA" minOccurs="0">
- <xsd:annotation>
- <xsd:documentation>enthält Parameter über die OA, die die
- Proxy-Komponente betreffen
- </xsd:documentation>
- </xsd:annotation>
- <xsd:complexType>
- <xsd:sequence>
- <xsd:element name="ConnectionParameter" type="ConnectionParameterClientAuthType">
- <xsd:annotation>
- <xsd:documentation>enthält Parameter über die OA, die die
- Proxy-Komponente betreffen
- </xsd:documentation>
- </xsd:annotation>
- </xsd:element>
- </xsd:sequence>
- <xsd:attribute name="configFileURL" type="xsd:anyURI" use="optional"/>
- <xsd:attribute name="sessionTimeOut" type="xsd:int" use="optional"/>
- <xsd:attribute name="loginParameterResolverImpl" type="xsd:string" use="optional"/>
- <xsd:attribute name="loginParameterResolverConfiguration" type="xsd:string" use="optional"/>
- <xsd:attribute name="connectionBuilderImpl" type="xsd:string" use="optional"/>
- </xsd:complexType>
- </xsd:element>
</xsd:sequence>
</xsd:complexType>
<xsd:complexType name="ConnectionParameterServerAuthType">
@@ -995,6 +943,8 @@
<xsd:element name="ButtonBackGroundColorFocus" type="xsd:string" minOccurs="0" maxOccurs="1"/>
<xsd:element name="ButtonFontColor" type="xsd:string" minOccurs="0" maxOccurs="1"/>
<xsd:element name="AppletRedirectTarget" type="xsd:string" minOccurs="0" maxOccurs="1"/>
+ <xsd:element name="AppletHeight" type="xsd:string" minOccurs="0" maxOccurs="1"/>
+ <xsd:element name="AppletWidth" type="xsd:string" minOccurs="0" maxOccurs="1"/>
<xsd:element name="MandateLoginButton" type="xsd:boolean" default="true" minOccurs="0" maxOccurs="1"/>
<xsd:element name="OnlyMandateLoginAllowed" type="xsd:boolean" default="false" minOccurs="0" maxOccurs="1"/>
</xsd:sequence>
diff --git a/id/server/stork2-saml-engine/src/main/java/eu/stork/peps/auth/engine/SAMLEngine.java b/id/server/stork2-saml-engine/src/main/java/eu/stork/peps/auth/engine/SAMLEngine.java
index 48718242b..e993c0e46 100644
--- a/id/server/stork2-saml-engine/src/main/java/eu/stork/peps/auth/engine/SAMLEngine.java
+++ b/id/server/stork2-saml-engine/src/main/java/eu/stork/peps/auth/engine/SAMLEngine.java
@@ -143,12 +143,13 @@ public class SAMLEngine {
LOG.info("SAMLEngine: Initialize OpenSAML");
- try {
- DefaultBootstrap.bootstrap();
- } catch (ConfigurationException e) {
- LOG.error("Problem initializing the OpenSAML library.");
- throw new STORKSAMLEngineRuntimeException(e);
- }
+ //TLenz: MOA-ID uses an own Bootstrap
+// try {
+// DefaultBootstrap.bootstrap();
+// } catch (ConfigurationException e) {
+// LOG.error("Problem initializing the OpenSAML library.");
+// throw new STORKSAMLEngineRuntimeException(e);
+// }
LOG.debug("Read all file configurations. (instances of SAMLEngine)");
try {