aboutsummaryrefslogtreecommitdiff
path: root/id
diff options
context:
space:
mode:
Diffstat (limited to 'id')
-rw-r--r--id/server/auth/.settings/org.eclipse.jdt.core.prefs2
-rw-r--r--id/server/auth/.settings/org.eclipse.wst.common.component161
-rw-r--r--id/server/auth/.settings/org.eclipse.wst.common.project.facet.core.xml6
-rw-r--r--id/server/auth/src/main/webapp/WEB-INF/web.xml13
-rw-r--r--id/server/auth/src/main/webapp/css/index.css6
-rw-r--r--id/server/auth/src/main/webapp/iframeHandyBKU.html7
-rw-r--r--id/server/auth/src/main/webapp/iframeOnlineBKU.html11
-rw-r--r--id/server/auth/src/main/webapp/img/stork-logo.pngbin0 -> 9160 bytes
-rw-r--r--id/server/auth/src/main/webapp/index.html124
-rw-r--r--id/server/auth/src/main/webapp/info_stork.html44
-rw-r--r--id/server/auth/src/main/webapp/template_handyBKU.html1
-rw-r--r--id/server/auth/src/main/webapp/template_localBKU.html3
-rw-r--r--id/server/auth/src/main/webapp/template_onlineBKU.html3
-rw-r--r--id/server/data/deploy/conf/moa-id/SampleMOAIDConfiguration.xml64
-rw-r--r--id/server/data/deploy/conf/moa-id/SampleMOAIDConfigurationProxy.xml64
-rw-r--r--id/server/data/deploy/conf/moa-id/SampleMOAIDConfiguration_withTestBKs.xml64
-rw-r--r--id/server/data/deploy/conf/moa-id/SampleMOAIDConfiguration_withTestBKsProxy.xml64
-rw-r--r--id/server/data/deploy/conf/moa-id/SampleMOAWIDConfiguration.xml18
-rw-r--r--id/server/data/deploy/conf/moa-id/SampleMOAWIDConfigurationProxy.xml18
-rw-r--r--id/server/data/deploy/conf/moa-id/SampleMOAWIDConfiguration_withTestBKs.xml18
-rw-r--r--id/server/data/deploy/conf/moa-id/SampleMOAWIDConfiguration_withTestBKsProxy.xml18
-rw-r--r--id/server/data/deploy/conf/moa-id/log4j.properties1
-rw-r--r--id/server/data/deploy/conf/moa-spss/SampleMOASPSSConfiguration.xml8
-rw-r--r--id/server/data/deploy/conf/moa-spss/trustProfiles/C-PEPS-Test/ES_C-PEPS_Test.cer16
-rw-r--r--id/server/data/deploy/conf/moa-spss/trustProfiles/C-PEPS-Test/IT_C-PEPS_Test.cer21
-rw-r--r--id/server/data/deploy/conf/moa-spss/trustProfiles/C-PEPS-Test/PT_C-PEPS_Test.cer32
-rw-r--r--id/server/data/deploy/conf/moa-spss/trustProfiles/C-PEPS-Test/SI_C-PEPS_Test.cer31
-rw-r--r--id/server/data/deploy/conf/moa-spss/trustProfiles/C-PEPS/ES_C-PEPS.cer43
-rw-r--r--id/server/data/deploy/conf/moa-spss/trustProfiles/C-PEPS/IT_C-PEPS.cer21
-rw-r--r--id/server/data/deploy/conf/moa-spss/trustProfiles/C-PEPS/PT_C-PEPS.cer33
-rw-r--r--id/server/data/deploy/conf/moa-spss/trustProfiles/C-PEPS/SI_C-PEPS.cer31
-rw-r--r--id/server/doc/moa_id/id-admin_2.htm154
-rw-r--r--id/server/doc/moa_id/moa.htm1
-rw-r--r--id/server/idserverlib/.settings/org.eclipse.jdt.core.prefs8
-rw-r--r--id/server/idserverlib/.settings/org.eclipse.wst.common.component14
-rw-r--r--id/server/idserverlib/.settings/org.eclipse.wst.common.project.facet.core.xml4
-rw-r--r--id/server/idserverlib/pom.xml15
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/AuthenticationServer.java394
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/MOAIDAuthConstants.java2
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/BPKBuilder.java4
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/CreateXMLSignatureRequestBuilder.java49
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/data/AuthenticationSession.java25
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/AuthServlet.java64
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/GetForeignIDServlet.java143
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/GetMISSessionIDServlet.java16
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/PEPSConnectorServlet.java227
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/StartAuthenticationServlet.java80
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/VerifyAuthenticationBlockServlet.java15
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/stork/AssertionVerifier.java56
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/stork/CredentialProvider.java50
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/stork/KeyStoreCredentialProvider.java126
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/stork/PEPSConnectorAssertionVerifier.java241
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/stork/PEPSConnectorResponseVerifier.java153
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/stork/ResponseVerifier.java44
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/stork/STORKAuthnRequestProcessor.java170
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/stork/STORKException.java42
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/stork/STORKResponseProcessor.java405
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/stork/VelocityProvider.java88
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/ConfigurationBuilder.java322
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/auth/AuthConfigurationProvider.java28
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/auth/OAAuthParameter.java60
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/stork/CPEPS.java98
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/stork/STORKConfig.java90
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/stork/SignatureCreationParameter.java112
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/stork/SignatureVerificationParameter.java35
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/util/HTTPUtils.java46
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/util/ParamValidatorUtils.java141
-rw-r--r--id/server/idserverlib/src/main/resources/resources/properties/id_messages_de.properties11
-rw-r--r--id/server/pom.xml1
-rw-r--r--id/server/proxy/.settings/org.eclipse.jdt.core.prefs2
-rw-r--r--id/server/proxy/.settings/org.eclipse.wst.common.component158
-rw-r--r--id/server/proxy/.settings/org.eclipse.wst.common.project.facet.core.xml6
-rw-r--r--id/server/stork-saml-engine/pom.xml93
-rw-r--r--id/server/stork-saml-engine/src/main/java/eu/stork/mw/messages/saml/STORKAuthnRequest.java139
-rw-r--r--id/server/stork-saml-engine/src/main/java/eu/stork/mw/messages/saml/STORKResponse.java52
-rw-r--r--id/server/stork-saml-engine/src/main/java/eu/stork/vidp/messages/builder/STORKMessagesBuilder.java1367
-rw-r--r--id/server/stork-saml-engine/src/main/java/eu/stork/vidp/messages/common/STORKBootstrap.java73
-rw-r--r--id/server/stork-saml-engine/src/main/java/eu/stork/vidp/messages/common/STORKConstants.java176
-rw-r--r--id/server/stork-saml-engine/src/main/java/eu/stork/vidp/messages/exception/SAMLException.java60
-rw-r--r--id/server/stork-saml-engine/src/main/java/eu/stork/vidp/messages/exception/SAMLValidationException.java60
-rw-r--r--id/server/stork-saml-engine/src/main/java/eu/stork/vidp/messages/saml/STORKAttribute.java65
-rw-r--r--id/server/stork-saml-engine/src/main/java/eu/stork/vidp/messages/saml/STORKAttributeValue.java51
-rw-r--r--id/server/stork-saml-engine/src/main/java/eu/stork/vidp/messages/saml/STORKExtensions.java78
-rw-r--r--id/server/stork-saml-engine/src/main/java/eu/stork/vidp/messages/saml/STORKRequestedAttribute.java53
-rw-r--r--id/server/stork-saml-engine/src/main/java/eu/stork/vidp/messages/saml/impl/STORKAttributeBuilder.java60
-rw-r--r--id/server/stork-saml-engine/src/main/java/eu/stork/vidp/messages/saml/impl/STORKAttributeImpl.java63
-rw-r--r--id/server/stork-saml-engine/src/main/java/eu/stork/vidp/messages/saml/impl/STORKAttributeMarshaller.java56
-rw-r--r--id/server/stork-saml-engine/src/main/java/eu/stork/vidp/messages/saml/impl/STORKAttributeUnmarshaller.java58
-rw-r--r--id/server/stork-saml-engine/src/main/java/eu/stork/vidp/messages/saml/impl/STORKAuthnRequestBuilder.java48
-rw-r--r--id/server/stork-saml-engine/src/main/java/eu/stork/vidp/messages/saml/impl/STORKAuthnRequestImpl.java170
-rw-r--r--id/server/stork-saml-engine/src/main/java/eu/stork/vidp/messages/saml/impl/STORKAuthnRequestMarshaller.java44
-rw-r--r--id/server/stork-saml-engine/src/main/java/eu/stork/vidp/messages/saml/impl/STORKAuthnRequestUnmarshaller.java137
-rw-r--r--id/server/stork-saml-engine/src/main/java/eu/stork/vidp/messages/saml/impl/STORKExtensionsBuilder.java45
-rw-r--r--id/server/stork-saml-engine/src/main/java/eu/stork/vidp/messages/saml/impl/STORKExtensionsImpl.java74
-rw-r--r--id/server/stork-saml-engine/src/main/java/eu/stork/vidp/messages/saml/impl/STORKExtensionsMarshaller.java32
-rw-r--r--id/server/stork-saml-engine/src/main/java/eu/stork/vidp/messages/saml/impl/STORKExtensionsUnmarshaller.java58
-rw-r--r--id/server/stork-saml-engine/src/main/java/eu/stork/vidp/messages/saml/impl/STORKRequestedAttributeBuilder.java57
-rw-r--r--id/server/stork-saml-engine/src/main/java/eu/stork/vidp/messages/saml/impl/STORKRequestedAttributeImpl.java66
-rw-r--r--id/server/stork-saml-engine/src/main/java/eu/stork/vidp/messages/saml/impl/STORKRequestedAttributeUnmarshaller.java64
-rw-r--r--id/server/stork-saml-engine/src/main/java/eu/stork/vidp/messages/saml/impl/STORKResponseBuilder.java48
-rw-r--r--id/server/stork-saml-engine/src/main/java/eu/stork/vidp/messages/saml/impl/STORKResponseImpl.java59
-rw-r--r--id/server/stork-saml-engine/src/main/java/eu/stork/vidp/messages/saml/impl/STORKResponseMarshaller.java44
-rw-r--r--id/server/stork-saml-engine/src/main/java/eu/stork/vidp/messages/saml/impl/STORKResponseUnmarshaller.java51
-rw-r--r--id/server/stork-saml-engine/src/main/java/eu/stork/vidp/messages/stork/AuthenticationAttributes.java55
-rw-r--r--id/server/stork-saml-engine/src/main/java/eu/stork/vidp/messages/stork/CitizenCountryCode.java48
-rw-r--r--id/server/stork-saml-engine/src/main/java/eu/stork/vidp/messages/stork/EIDCrossBorderShare.java54
-rw-r--r--id/server/stork-saml-engine/src/main/java/eu/stork/vidp/messages/stork/EIDCrossSectorShare.java54
-rw-r--r--id/server/stork-saml-engine/src/main/java/eu/stork/vidp/messages/stork/EIDSectorShare.java54
-rw-r--r--id/server/stork-saml-engine/src/main/java/eu/stork/vidp/messages/stork/QualityAuthenticationAssuranceLevel.java48
-rw-r--r--id/server/stork-saml-engine/src/main/java/eu/stork/vidp/messages/stork/RequestedAttributes.java58
-rw-r--r--id/server/stork-saml-engine/src/main/java/eu/stork/vidp/messages/stork/SPAuthRequest.java46
-rw-r--r--id/server/stork-saml-engine/src/main/java/eu/stork/vidp/messages/stork/SPCertEnc.java44
-rw-r--r--id/server/stork-saml-engine/src/main/java/eu/stork/vidp/messages/stork/SPCertSig.java44
-rw-r--r--id/server/stork-saml-engine/src/main/java/eu/stork/vidp/messages/stork/SPCertType.java49
-rw-r--r--id/server/stork-saml-engine/src/main/java/eu/stork/vidp/messages/stork/SPID.java48
-rw-r--r--id/server/stork-saml-engine/src/main/java/eu/stork/vidp/messages/stork/SPInformation.java67
-rw-r--r--id/server/stork-saml-engine/src/main/java/eu/stork/vidp/messages/stork/SpApplication.java48
-rw-r--r--id/server/stork-saml-engine/src/main/java/eu/stork/vidp/messages/stork/SpCountry.java48
-rw-r--r--id/server/stork-saml-engine/src/main/java/eu/stork/vidp/messages/stork/SpInstitution.java48
-rw-r--r--id/server/stork-saml-engine/src/main/java/eu/stork/vidp/messages/stork/SpSector.java48
-rw-r--r--id/server/stork-saml-engine/src/main/java/eu/stork/vidp/messages/stork/VIDPAuthenticationAttributes.java60
-rw-r--r--id/server/stork-saml-engine/src/main/java/eu/stork/vidp/messages/stork/impl/AuthenticationAttributesBuilder.java46
-rw-r--r--id/server/stork-saml-engine/src/main/java/eu/stork/vidp/messages/stork/impl/AuthenticationAttributesImpl.java74
-rw-r--r--id/server/stork-saml-engine/src/main/java/eu/stork/vidp/messages/stork/impl/AuthenticationAttributesMarshaller.java35
-rw-r--r--id/server/stork-saml-engine/src/main/java/eu/stork/vidp/messages/stork/impl/AuthenticationAttributesUnmarshaller.java52
-rw-r--r--id/server/stork-saml-engine/src/main/java/eu/stork/vidp/messages/stork/impl/CitizenCountryCodeBuilder.java46
-rw-r--r--id/server/stork-saml-engine/src/main/java/eu/stork/vidp/messages/stork/impl/CitizenCountryCodeImpl.java60
-rw-r--r--id/server/stork-saml-engine/src/main/java/eu/stork/vidp/messages/stork/impl/CitizenCountryCodeMarshaller.java45
-rw-r--r--id/server/stork-saml-engine/src/main/java/eu/stork/vidp/messages/stork/impl/CitizenCountryCodeUnmarshaller.java45
-rw-r--r--id/server/stork-saml-engine/src/main/java/eu/stork/vidp/messages/stork/impl/EIDCrossBorderShareBuilder.java46
-rw-r--r--id/server/stork-saml-engine/src/main/java/eu/stork/vidp/messages/stork/impl/EIDCrossBorderShareImpl.java80
-rw-r--r--id/server/stork-saml-engine/src/main/java/eu/stork/vidp/messages/stork/impl/EIDCrossBorderShareMarshaller.java45
-rw-r--r--id/server/stork-saml-engine/src/main/java/eu/stork/vidp/messages/stork/impl/EIDCrossBorderShareUnmarshaller.java45
-rw-r--r--id/server/stork-saml-engine/src/main/java/eu/stork/vidp/messages/stork/impl/EIDCrossSectorShareBuilder.java46
-rw-r--r--id/server/stork-saml-engine/src/main/java/eu/stork/vidp/messages/stork/impl/EIDCrossSectorShareImpl.java80
-rw-r--r--id/server/stork-saml-engine/src/main/java/eu/stork/vidp/messages/stork/impl/EIDCrossSectorShareMarshaller.java45
-rw-r--r--id/server/stork-saml-engine/src/main/java/eu/stork/vidp/messages/stork/impl/EIDCrossSectorShareUnmarshaller.java45
-rw-r--r--id/server/stork-saml-engine/src/main/java/eu/stork/vidp/messages/stork/impl/EIDSectorShareBuilder.java46
-rw-r--r--id/server/stork-saml-engine/src/main/java/eu/stork/vidp/messages/stork/impl/EIDSectorShareImpl.java80
-rw-r--r--id/server/stork-saml-engine/src/main/java/eu/stork/vidp/messages/stork/impl/EIDSectorShareMarshaller.java45
-rw-r--r--id/server/stork-saml-engine/src/main/java/eu/stork/vidp/messages/stork/impl/EIDSectorShareUnmarshaller.java45
-rw-r--r--id/server/stork-saml-engine/src/main/java/eu/stork/vidp/messages/stork/impl/QualityAuthenticationAssuranceLevelBuilder.java46
-rw-r--r--id/server/stork-saml-engine/src/main/java/eu/stork/vidp/messages/stork/impl/QualityAuthenticationAssuranceLevelImpl.java60
-rw-r--r--id/server/stork-saml-engine/src/main/java/eu/stork/vidp/messages/stork/impl/QualityAuthenticationAssuranceLevelMarshaller.java45
-rw-r--r--id/server/stork-saml-engine/src/main/java/eu/stork/vidp/messages/stork/impl/QualityAuthenticationAssuranceLevelUnmarshaller.java45
-rw-r--r--id/server/stork-saml-engine/src/main/java/eu/stork/vidp/messages/stork/impl/RequestedAttributesBuilder.java58
-rw-r--r--id/server/stork-saml-engine/src/main/java/eu/stork/vidp/messages/stork/impl/RequestedAttributesImpl.java88
-rw-r--r--id/server/stork-saml-engine/src/main/java/eu/stork/vidp/messages/stork/impl/RequestedAttributesMarshaller.java40
-rw-r--r--id/server/stork-saml-engine/src/main/java/eu/stork/vidp/messages/stork/impl/RequestedAttributesUnmarshaller.java55
-rw-r--r--id/server/stork-saml-engine/src/main/java/eu/stork/vidp/messages/stork/impl/SPAuthRequestBuilder.java50
-rw-r--r--id/server/stork-saml-engine/src/main/java/eu/stork/vidp/messages/stork/impl/SPAuthRequestImpl.java76
-rw-r--r--id/server/stork-saml-engine/src/main/java/eu/stork/vidp/messages/stork/impl/SPAuthRequestMarshaller.java57
-rw-r--r--id/server/stork-saml-engine/src/main/java/eu/stork/vidp/messages/stork/impl/SPAuthRequestUnmarshaller.java70
-rw-r--r--id/server/stork-saml-engine/src/main/java/eu/stork/vidp/messages/stork/impl/SPCertEncBuilder.java46
-rw-r--r--id/server/stork-saml-engine/src/main/java/eu/stork/vidp/messages/stork/impl/SPCertEncImpl.java39
-rw-r--r--id/server/stork-saml-engine/src/main/java/eu/stork/vidp/messages/stork/impl/SPCertEncMarshaller.java34
-rw-r--r--id/server/stork-saml-engine/src/main/java/eu/stork/vidp/messages/stork/impl/SPCertEncUnmarshaller.java33
-rw-r--r--id/server/stork-saml-engine/src/main/java/eu/stork/vidp/messages/stork/impl/SPCertSigBuilder.java46
-rw-r--r--id/server/stork-saml-engine/src/main/java/eu/stork/vidp/messages/stork/impl/SPCertSigImpl.java39
-rw-r--r--id/server/stork-saml-engine/src/main/java/eu/stork/vidp/messages/stork/impl/SPCertSigMarshaller.java34
-rw-r--r--id/server/stork-saml-engine/src/main/java/eu/stork/vidp/messages/stork/impl/SPCertSigUnmarshaller.java33
-rw-r--r--id/server/stork-saml-engine/src/main/java/eu/stork/vidp/messages/stork/impl/SPCertTypeImpl.java72
-rw-r--r--id/server/stork-saml-engine/src/main/java/eu/stork/vidp/messages/stork/impl/SPCertTypeMarshaller.java34
-rw-r--r--id/server/stork-saml-engine/src/main/java/eu/stork/vidp/messages/stork/impl/SPCertTypeUnmarshaller.java53
-rw-r--r--id/server/stork-saml-engine/src/main/java/eu/stork/vidp/messages/stork/impl/SPIDBuilder.java46
-rw-r--r--id/server/stork-saml-engine/src/main/java/eu/stork/vidp/messages/stork/impl/SPIDImpl.java60
-rw-r--r--id/server/stork-saml-engine/src/main/java/eu/stork/vidp/messages/stork/impl/SPIDMarshaller.java45
-rw-r--r--id/server/stork-saml-engine/src/main/java/eu/stork/vidp/messages/stork/impl/SPIDUnmarshaller.java45
-rw-r--r--id/server/stork-saml-engine/src/main/java/eu/stork/vidp/messages/stork/impl/SPInformationBuilder.java46
-rw-r--r--id/server/stork-saml-engine/src/main/java/eu/stork/vidp/messages/stork/impl/SPInformationImpl.java121
-rw-r--r--id/server/stork-saml-engine/src/main/java/eu/stork/vidp/messages/stork/impl/SPInformationMarshaller.java35
-rw-r--r--id/server/stork-saml-engine/src/main/java/eu/stork/vidp/messages/stork/impl/SPInformationUnmarshaller.java61
-rw-r--r--id/server/stork-saml-engine/src/main/java/eu/stork/vidp/messages/stork/impl/SpApplicationBuilder.java46
-rw-r--r--id/server/stork-saml-engine/src/main/java/eu/stork/vidp/messages/stork/impl/SpApplicationImpl.java60
-rw-r--r--id/server/stork-saml-engine/src/main/java/eu/stork/vidp/messages/stork/impl/SpApplicationMarshaller.java45
-rw-r--r--id/server/stork-saml-engine/src/main/java/eu/stork/vidp/messages/stork/impl/SpApplicationUnmarshaller.java45
-rw-r--r--id/server/stork-saml-engine/src/main/java/eu/stork/vidp/messages/stork/impl/SpCountryBuilder.java46
-rw-r--r--id/server/stork-saml-engine/src/main/java/eu/stork/vidp/messages/stork/impl/SpCountryImpl.java60
-rw-r--r--id/server/stork-saml-engine/src/main/java/eu/stork/vidp/messages/stork/impl/SpCountryMarshaller.java45
-rw-r--r--id/server/stork-saml-engine/src/main/java/eu/stork/vidp/messages/stork/impl/SpCountryUnmarshaller.java45
-rw-r--r--id/server/stork-saml-engine/src/main/java/eu/stork/vidp/messages/stork/impl/SpInstitutionBuilder.java46
-rw-r--r--id/server/stork-saml-engine/src/main/java/eu/stork/vidp/messages/stork/impl/SpInstitutionImpl.java60
-rw-r--r--id/server/stork-saml-engine/src/main/java/eu/stork/vidp/messages/stork/impl/SpInstitutionMarshaller.java45
-rw-r--r--id/server/stork-saml-engine/src/main/java/eu/stork/vidp/messages/stork/impl/SpInstitutionUnmarshaller.java45
-rw-r--r--id/server/stork-saml-engine/src/main/java/eu/stork/vidp/messages/stork/impl/SpSectorBuilder.java47
-rw-r--r--id/server/stork-saml-engine/src/main/java/eu/stork/vidp/messages/stork/impl/SpSectorImpl.java60
-rw-r--r--id/server/stork-saml-engine/src/main/java/eu/stork/vidp/messages/stork/impl/SpSectorMarshaller.java45
-rw-r--r--id/server/stork-saml-engine/src/main/java/eu/stork/vidp/messages/stork/impl/SpSectorUnmarshaller.java45
-rw-r--r--id/server/stork-saml-engine/src/main/java/eu/stork/vidp/messages/stork/impl/VIDPAuthenticationAttributesBuilder.java46
-rw-r--r--id/server/stork-saml-engine/src/main/java/eu/stork/vidp/messages/stork/impl/VIDPAuthenticationAttributesImpl.java91
-rw-r--r--id/server/stork-saml-engine/src/main/java/eu/stork/vidp/messages/stork/impl/VIDPAuthenticationAttributesMarshaller.java35
-rw-r--r--id/server/stork-saml-engine/src/main/java/eu/stork/vidp/messages/stork/impl/VIDPAuthenticationAttributesUnmarshaller.java55
-rw-r--r--id/server/stork-saml-engine/src/main/java/eu/stork/vidp/messages/util/SAMLUtil.java405
-rw-r--r--id/server/stork-saml-engine/src/main/java/eu/stork/vidp/messages/util/XMLUtil.java143
-rw-r--r--id/server/stork-saml-engine/src/main/java/eu/stork/vidp/messages/validation/StorkAssertionValidator.java91
-rw-r--r--id/server/stork-saml-engine/src/main/java/eu/stork/vidp/messages/validation/StorkAttributeValidator.java204
-rw-r--r--id/server/stork-saml-engine/src/main/java/eu/stork/vidp/messages/validation/StorkAudienceRestrictionValidator.java56
-rw-r--r--id/server/stork-saml-engine/src/main/java/eu/stork/vidp/messages/validation/StorkAuthenticationAttributesValidator.java57
-rw-r--r--id/server/stork-saml-engine/src/main/java/eu/stork/vidp/messages/validation/StorkAuthnRequestValidator.java137
-rw-r--r--id/server/stork-saml-engine/src/main/java/eu/stork/vidp/messages/validation/StorkAuthnStatementValidator.java62
-rw-r--r--id/server/stork-saml-engine/src/main/java/eu/stork/vidp/messages/validation/StorkCitizenCountryCodeValidator.java63
-rw-r--r--id/server/stork-saml-engine/src/main/java/eu/stork/vidp/messages/validation/StorkConditionsValidator.java70
-rw-r--r--id/server/stork-saml-engine/src/main/java/eu/stork/vidp/messages/validation/StorkEIDSectorShareValidator.java51
-rw-r--r--id/server/stork-saml-engine/src/main/java/eu/stork/vidp/messages/validation/StorkEncryptedAttributeValidator.java50
-rw-r--r--id/server/stork-saml-engine/src/main/java/eu/stork/vidp/messages/validation/StorkEncryptedIdValidator.java51
-rw-r--r--id/server/stork-saml-engine/src/main/java/eu/stork/vidp/messages/validation/StorkExtensionsValidator.java66
-rw-r--r--id/server/stork-saml-engine/src/main/java/eu/stork/vidp/messages/validation/StorkIssuerValidator.java61
-rw-r--r--id/server/stork-saml-engine/src/main/java/eu/stork/vidp/messages/validation/StorkNameIDValidator.java67
-rw-r--r--id/server/stork-saml-engine/src/main/java/eu/stork/vidp/messages/validation/StorkNameIdPolicyValidator.java52
-rw-r--r--id/server/stork-saml-engine/src/main/java/eu/stork/vidp/messages/validation/StorkQualityAuthenticationAssuranceLevelValidator.java54
-rw-r--r--id/server/stork-saml-engine/src/main/java/eu/stork/vidp/messages/validation/StorkRequestedAttributeValidator.java92
-rw-r--r--id/server/stork-saml-engine/src/main/java/eu/stork/vidp/messages/validation/StorkRequestedAttributesValidator.java45
-rw-r--r--id/server/stork-saml-engine/src/main/java/eu/stork/vidp/messages/validation/StorkResponseValidator.java137
-rw-r--r--id/server/stork-saml-engine/src/main/java/eu/stork/vidp/messages/validation/StorkSPIDValidator.java64
-rw-r--r--id/server/stork-saml-engine/src/main/java/eu/stork/vidp/messages/validation/StorkSPInformationValidator.java49
-rw-r--r--id/server/stork-saml-engine/src/main/java/eu/stork/vidp/messages/validation/StorkSpApplicationValidator.java63
-rw-r--r--id/server/stork-saml-engine/src/main/java/eu/stork/vidp/messages/validation/StorkSpCountryValidator.java58
-rw-r--r--id/server/stork-saml-engine/src/main/java/eu/stork/vidp/messages/validation/StorkSpInstitutionValidator.java62
-rw-r--r--id/server/stork-saml-engine/src/main/java/eu/stork/vidp/messages/validation/StorkSpSectorValidator.java65
-rw-r--r--id/server/stork-saml-engine/src/main/java/eu/stork/vidp/messages/validation/StorkStatusCodeValidator.java139
-rw-r--r--id/server/stork-saml-engine/src/main/java/eu/stork/vidp/messages/validation/StorkStatusValidator.java55
-rw-r--r--id/server/stork-saml-engine/src/main/java/eu/stork/vidp/messages/validation/StorkSubjectConfirmationValidator.java128
-rw-r--r--id/server/stork-saml-engine/src/main/java/eu/stork/vidp/messages/validation/StorkSubjectLocalityValidator.java47
-rw-r--r--id/server/stork-saml-engine/src/main/java/eu/stork/vidp/messages/validation/StorkSubjectValidator.java60
-rw-r--r--id/server/stork-saml-engine/src/main/java/eu/stork/vidp/messages/validation/StorkVIDPAuthenticationAttributesValidator.java57
-rw-r--r--id/server/stork-saml-engine/src/main/resources/saml2-post-binding-moa.vm38
-rw-r--r--id/server/stork-saml-engine/src/main/resources/saml2-stork-config.xml242
227 files changed, 15461 insertions, 423 deletions
diff --git a/id/server/auth/.settings/org.eclipse.jdt.core.prefs b/id/server/auth/.settings/org.eclipse.jdt.core.prefs
index 63fe7cb8a..7ba572a76 100644
--- a/id/server/auth/.settings/org.eclipse.jdt.core.prefs
+++ b/id/server/auth/.settings/org.eclipse.jdt.core.prefs
@@ -1,4 +1,3 @@
-#Fri Nov 16 13:12:23 CET 2007
eclipse.preferences.version=1
org.eclipse.jdt.core.compiler.codegen.inlineJsrBytecode=enabled
org.eclipse.jdt.core.compiler.codegen.targetPlatform=1.4
@@ -9,4 +8,5 @@ org.eclipse.jdt.core.compiler.debug.localVariable=generate
org.eclipse.jdt.core.compiler.debug.sourceFile=generate
org.eclipse.jdt.core.compiler.problem.assertIdentifier=error
org.eclipse.jdt.core.compiler.problem.enumIdentifier=warning
+org.eclipse.jdt.core.compiler.problem.forbiddenReference=warning
org.eclipse.jdt.core.compiler.source=1.4
diff --git a/id/server/auth/.settings/org.eclipse.wst.common.component b/id/server/auth/.settings/org.eclipse.wst.common.component
index b116cf610..ddba575d7 100644
--- a/id/server/auth/.settings/org.eclipse.wst.common.component
+++ b/id/server/auth/.settings/org.eclipse.wst.common.component
@@ -1,18 +1,145 @@
<?xml version="1.0" encoding="UTF-8"?>
-<project-modules id="moduleCoreId" project-version="1.5.0">
-<wb-module deploy-name="moa-id-auth">
-<wb-resource deploy-path="/WEB-INF/classes" source-path="/src/main/resources"/>
- <wb-resource deploy-path="/" source-path="/src/main/webapp"/>
- <dependent-module deploy-path="/WEB-INF/lib" handle="module:/resource/moa-spss-lib/moa-spss-lib">
- <dependency-type>uses</dependency-type>
- </dependent-module>
- <dependent-module deploy-path="/WEB-INF/lib" handle="module:/resource/moa-common/moa-common">
- <dependency-type>uses</dependency-type>
- </dependent-module>
- <dependent-module deploy-path="/WEB-INF/lib" handle="module:/resource/moa-id-lib/moa-id-lib">
- <dependency-type>uses</dependency-type>
- </dependent-module>
-<property name="java-output-path" value="target/classes"/>
- <property name="context-root" value="moa-id-auth"/>
-</wb-module>
-</project-modules>
+<project-modules id="moduleCoreId" project-version="2.0">
+ <wb-module deploy-name="moa-id-auth">
+ <property name="context-root" value="moa-id-auth"/>
+ <wb-resource deploy-path="/" source-path="src/main/webapp"/>
+ <wb-resource deploy-path="/" source-path="src/main/wsdl"/>
+ <property name="java-output-path" value="/target/classes"/>
+ <dependent-module archiveName="axis-1.1.jar" deploy-path="/WEB-INF/lib" handle="module:/classpath/var/M2_REPO/axis/axis/1.1/axis-1.1.jar">
+ <dependency-type>uses</dependency-type>
+ </dependent-module>
+ <dependent-module archiveName="moa-spss-lib.jar" deploy-path="/WEB-INF/lib" handle="module:/resource/moa-spss-lib/moa-spss-lib">
+ <dependency-type>uses</dependency-type>
+ </dependent-module>
+ <dependent-module archiveName="axis-jaxrpc-1.4.jar" deploy-path="/WEB-INF/lib" handle="module:/classpath/var/M2_REPO/org/apache/axis/axis-jaxrpc/1.4/axis-jaxrpc-1.4.jar">
+ <dependency-type>uses</dependency-type>
+ </dependent-module>
+ <dependent-module archiveName="axis-saaj-1.4.jar" deploy-path="/WEB-INF/lib" handle="module:/classpath/var/M2_REPO/org/apache/axis/axis-saaj/1.4/axis-saaj-1.4.jar">
+ <dependency-type>uses</dependency-type>
+ </dependent-module>
+ <dependent-module archiveName="axis-wsdl4j-1.5.1.jar" deploy-path="/WEB-INF/lib" handle="module:/classpath/var/M2_REPO/axis/axis-wsdl4j/1.5.1/axis-wsdl4j-1.5.1.jar">
+ <dependency-type>uses</dependency-type>
+ </dependent-module>
+ <dependent-module archiveName="commons-discovery-0.2.jar" deploy-path="/WEB-INF/lib" handle="module:/classpath/var/M2_REPO/commons-discovery/commons-discovery/0.2/commons-discovery-0.2.jar">
+ <dependency-type>uses</dependency-type>
+ </dependent-module>
+ <dependent-module archiveName="commons-logging-1.0.4.jar" deploy-path="/WEB-INF/lib" handle="module:/classpath/var/M2_REPO/commons-logging/commons-logging/1.0.4/commons-logging-1.0.4.jar">
+ <dependency-type>uses</dependency-type>
+ </dependent-module>
+ <dependent-module archiveName="activation-1.1.jar" deploy-path="/WEB-INF/lib" handle="module:/classpath/var/M2_REPO/javax/activation/activation/1.1/activation-1.1.jar">
+ <dependency-type>uses</dependency-type>
+ </dependent-module>
+ <dependent-module archiveName="mail-1.4.jar" deploy-path="/WEB-INF/lib" handle="module:/classpath/var/M2_REPO/javax/mail/mail/1.4/mail-1.4.jar">
+ <dependency-type>uses</dependency-type>
+ </dependent-module>
+ <dependent-module archiveName="log4j-1.2.14.jar" deploy-path="/WEB-INF/lib" handle="module:/classpath/var/M2_REPO/log4j/log4j/1.2.14/log4j-1.2.14.jar">
+ <dependency-type>uses</dependency-type>
+ </dependent-module>
+ <dependent-module archiveName="postgresql-7.2.jar" deploy-path="/WEB-INF/lib" handle="module:/classpath/var/M2_REPO/postgresql/postgresql/7.2/postgresql-7.2.jar">
+ <dependency-type>uses</dependency-type>
+ </dependent-module>
+ <dependent-module archiveName="iaik_moa-1.32.jar" deploy-path="/WEB-INF/lib" handle="module:/classpath/var/M2_REPO/iaik/prod/iaik_moa/1.32/iaik_moa-1.32.jar">
+ <dependency-type>uses</dependency-type>
+ </dependent-module>
+ <dependent-module archiveName="iaik_ixsil-1.2.2.5.jar" deploy-path="/WEB-INF/lib" handle="module:/classpath/var/M2_REPO/iaik/prod/iaik_ixsil/1.2.2.5/iaik_ixsil-1.2.2.5.jar">
+ <dependency-type>uses</dependency-type>
+ </dependent-module>
+ <dependent-module archiveName="iaik_cms-4.1_MOA.jar" deploy-path="/WEB-INF/lib" handle="module:/classpath/var/M2_REPO/iaik/prod/iaik_cms/4.1_MOA/iaik_cms-4.1_MOA.jar">
+ <dependency-type>uses</dependency-type>
+ </dependent-module>
+ <dependent-module archiveName="moa-common.jar" deploy-path="/WEB-INF/lib" handle="module:/resource/moa-common/moa-common">
+ <dependency-type>uses</dependency-type>
+ </dependent-module>
+ <dependent-module archiveName="jaxen-1.0-FCS.jar" deploy-path="/WEB-INF/lib" handle="module:/classpath/var/M2_REPO/jaxen/jaxen/1.0-FCS/jaxen-1.0-FCS.jar">
+ <dependency-type>uses</dependency-type>
+ </dependent-module>
+ <dependent-module archiveName="saxpath-1.0-FCS.jar" deploy-path="/WEB-INF/lib" handle="module:/classpath/var/M2_REPO/saxpath/saxpath/1.0-FCS/saxpath-1.0-FCS.jar">
+ <dependency-type>uses</dependency-type>
+ </dependent-module>
+ <dependent-module archiveName="joda-time-1.6.2.jar" deploy-path="/WEB-INF/lib" handle="module:/classpath/var/M2_REPO/joda-time/joda-time/1.6.2/joda-time-1.6.2.jar">
+ <dependency-type>uses</dependency-type>
+ </dependent-module>
+ <dependent-module archiveName="moa-id-lib.jar" deploy-path="/WEB-INF/lib" handle="module:/resource/moa-id-lib/moa-id-lib">
+ <dependency-type>uses</dependency-type>
+ </dependent-module>
+ <dependent-module archiveName="commons-fileupload-1.1.1.jar" deploy-path="/WEB-INF/lib" handle="module:/classpath/var/M2_REPO/commons-fileupload/commons-fileupload/1.1.1/commons-fileupload-1.1.1.jar">
+ <dependency-type>uses</dependency-type>
+ </dependent-module>
+ <dependent-module archiveName="commons-io-1.1.jar" deploy-path="/WEB-INF/lib" handle="module:/classpath/var/M2_REPO/commons-io/commons-io/1.1/commons-io-1.1.jar">
+ <dependency-type>uses</dependency-type>
+ </dependent-module>
+ <dependent-module archiveName="commons-httpclient-3.1.jar" deploy-path="/WEB-INF/lib" handle="module:/classpath/var/M2_REPO/commons-httpclient/commons-httpclient/3.1/commons-httpclient-3.1.jar">
+ <dependency-type>uses</dependency-type>
+ </dependent-module>
+ <dependent-module archiveName="commons-codec-1.2.jar" deploy-path="/WEB-INF/lib" handle="module:/classpath/var/M2_REPO/commons-codec/commons-codec/1.2/commons-codec-1.2.jar">
+ <dependency-type>uses</dependency-type>
+ </dependent-module>
+ <dependent-module archiveName="dav4j-0.1.jar" deploy-path="/WEB-INF/lib" handle="module:/classpath/var/M2_REPO/dav4j/dav4j/0.1/dav4j-0.1.jar">
+ <dependency-type>uses</dependency-type>
+ </dependent-module>
+ <dependent-module archiveName="httpsclient-JSSE-1.0.jar" deploy-path="/WEB-INF/lib" handle="module:/classpath/var/M2_REPO/httpsclient/httpsclient/JSSE-1.0/httpsclient-JSSE-1.0.jar">
+ <dependency-type>uses</dependency-type>
+ </dependent-module>
+ <dependent-module archiveName="iaik_X509TrustManager-0.2.jar" deploy-path="/WEB-INF/lib" handle="module:/classpath/var/M2_REPO/iaik/prod/iaik_X509TrustManager/0.2/iaik_X509TrustManager-0.2.jar">
+ <dependency-type>uses</dependency-type>
+ </dependent-module>
+ <dependent-module archiveName="regexp-1.3.jar" deploy-path="/WEB-INF/lib" handle="module:/classpath/var/M2_REPO/regexp/regexp/1.3/regexp-1.3.jar">
+ <dependency-type>uses</dependency-type>
+ </dependent-module>
+ <dependent-module archiveName="commons-lang-2.6.jar" deploy-path="/WEB-INF/lib" handle="module:/classpath/var/M2_REPO/commons-lang/commons-lang/2.6/commons-lang-2.6.jar">
+ <dependency-type>uses</dependency-type>
+ </dependent-module>
+ <dependent-module archiveName="stork-saml-engine.jar" deploy-path="/WEB-INF/lib" handle="module:/resource/stork-saml-engine/stork-saml-engine">
+ <dependency-type>uses</dependency-type>
+ </dependent-module>
+ <dependent-module archiveName="opensaml-2.5.3.jar" deploy-path="/WEB-INF/lib" handle="module:/classpath/var/M2_REPO/org/opensaml/opensaml/2.5.3/opensaml-2.5.3.jar">
+ <dependency-type>uses</dependency-type>
+ </dependent-module>
+ <dependent-module archiveName="openws-1.4.4.jar" deploy-path="/WEB-INF/lib" handle="module:/classpath/var/M2_REPO/org/opensaml/openws/1.4.4/openws-1.4.4.jar">
+ <dependency-type>uses</dependency-type>
+ </dependent-module>
+ <dependent-module archiveName="xmltooling-1.3.4.jar" deploy-path="/WEB-INF/lib" handle="module:/classpath/var/M2_REPO/org/opensaml/xmltooling/1.3.4/xmltooling-1.3.4.jar">
+ <dependency-type>uses</dependency-type>
+ </dependent-module>
+ <dependent-module archiveName="bcprov-jdk15-1.46.jar" deploy-path="/WEB-INF/lib" handle="module:/classpath/var/M2_REPO/org/bouncycastle/bcprov-jdk15/1.46/bcprov-jdk15-1.46.jar">
+ <dependency-type>uses</dependency-type>
+ </dependent-module>
+ <dependent-module archiveName="not-yet-commons-ssl-0.3.9.jar" deploy-path="/WEB-INF/lib" handle="module:/classpath/var/M2_REPO/ca/juliusdavies/not-yet-commons-ssl/0.3.9/not-yet-commons-ssl-0.3.9.jar">
+ <dependency-type>uses</dependency-type>
+ </dependent-module>
+ <dependent-module archiveName="xmlsec-1.4.5.jar" deploy-path="/WEB-INF/lib" handle="module:/classpath/var/M2_REPO/org/apache/santuario/xmlsec/1.4.5/xmlsec-1.4.5.jar">
+ <dependency-type>uses</dependency-type>
+ </dependent-module>
+ <dependent-module archiveName="xml-apis-2.10.0.jar" deploy-path="/WEB-INF/lib" handle="module:/classpath/var/M2_REPO/org/apache/xerces/xml-apis/2.10.0/xml-apis-2.10.0.jar">
+ <dependency-type>uses</dependency-type>
+ </dependent-module>
+ <dependent-module archiveName="xercesImpl-2.10.0.jar" deploy-path="/WEB-INF/lib" handle="module:/classpath/var/M2_REPO/org/apache/xerces/xercesImpl/2.10.0/xercesImpl-2.10.0.jar">
+ <dependency-type>uses</dependency-type>
+ </dependent-module>
+ <dependent-module archiveName="serializer-2.10.0.jar" deploy-path="/WEB-INF/lib" handle="module:/classpath/var/M2_REPO/org/apache/xerces/serializer/2.10.0/serializer-2.10.0.jar">
+ <dependency-type>uses</dependency-type>
+ </dependent-module>
+ <dependent-module archiveName="xml-resolver-1.2.jar" deploy-path="/WEB-INF/lib" handle="module:/classpath/var/M2_REPO/xml-resolver/xml-resolver/1.2/xml-resolver-1.2.jar">
+ <dependency-type>uses</dependency-type>
+ </dependent-module>
+ <dependent-module archiveName="xalan-2.7.1.jar" deploy-path="/WEB-INF/lib" handle="module:/classpath/var/M2_REPO/xalan/xalan/2.7.1/xalan-2.7.1.jar">
+ <dependency-type>uses</dependency-type>
+ </dependent-module>
+ <dependent-module archiveName="slf4j-api-1.6.4.jar" deploy-path="/WEB-INF/lib" handle="module:/classpath/var/M2_REPO/org/slf4j/slf4j-api/1.6.4/slf4j-api-1.6.4.jar">
+ <dependency-type>uses</dependency-type>
+ </dependent-module>
+ <dependent-module archiveName="commons-collections-3.2.1.jar" deploy-path="/WEB-INF/lib" handle="module:/classpath/var/M2_REPO/commons-collections/commons-collections/3.2.1/commons-collections-3.2.1.jar">
+ <dependency-type>uses</dependency-type>
+ </dependent-module>
+ <dependent-module archiveName="velocity-1.5.jar" deploy-path="/WEB-INF/lib" handle="module:/classpath/var/M2_REPO/velocity/velocity/1.5/velocity-1.5.jar">
+ <dependency-type>uses</dependency-type>
+ </dependent-module>
+ <dependent-module archiveName="esapi-2.0.1.jar" deploy-path="/WEB-INF/lib" handle="module:/classpath/var/M2_REPO/org/owasp/esapi/esapi/2.0.1/esapi-2.0.1.jar">
+ <dependency-type>uses</dependency-type>
+ </dependent-module>
+ <dependent-module archiveName="slf4j-log4j12-1.6.4.jar" deploy-path="/WEB-INF/lib" handle="module:/classpath/var/M2_REPO/org/slf4j/slf4j-log4j12/1.6.4/slf4j-log4j12-1.6.4.jar">
+ <dependency-type>uses</dependency-type>
+ </dependent-module>
+ <wb-resource deploy-path="/WEB-INF/classes" source-path="src/main/resources"/>
+ </wb-module>
+</project-modules> \ No newline at end of file
diff --git a/id/server/auth/.settings/org.eclipse.wst.common.project.facet.core.xml b/id/server/auth/.settings/org.eclipse.wst.common.project.facet.core.xml
index f30a1de6e..a801c94a0 100644
--- a/id/server/auth/.settings/org.eclipse.wst.common.project.facet.core.xml
+++ b/id/server/auth/.settings/org.eclipse.wst.common.project.facet.core.xml
@@ -1,5 +1,7 @@
<?xml version="1.0" encoding="UTF-8"?>
<faceted-project>
+ <fixed facet="jst.java"/>
+ <fixed facet="jst.web"/>
+ <installed facet="jst.web" version="2.4"/>
<installed facet="jst.java" version="1.4"/>
- <installed facet="jst.web" version="2.3"/>
-</faceted-project>
+</faceted-project> \ No newline at end of file
diff --git a/id/server/auth/src/main/webapp/WEB-INF/web.xml b/id/server/auth/src/main/webapp/WEB-INF/web.xml
index ef75dff24..2a1d093d9 100644
--- a/id/server/auth/src/main/webapp/WEB-INF/web.xml
+++ b/id/server/auth/src/main/webapp/WEB-INF/web.xml
@@ -70,6 +70,13 @@
<servlet-name>jspservlet</servlet-name>
<servlet-class>org.apache.jasper.servlet.JspServlet</servlet-class>
</servlet>
+ <servlet>
+ <servlet-name>PEPSConnectorServlet</servlet-name>
+ <display-name>PEPSConnectorServlet</display-name>
+ <description>Servlet receiving STORK SAML Response Messages from different C-PEPS</description>
+ <servlet-class>
+ at.gv.egovernment.moa.id.auth.servlet.PEPSConnectorServlet</servlet-class>
+ </servlet>
<!-- servlet mapping for jsp pages -->
<!-- errorpage.jsp (customizeable) -->
@@ -124,8 +131,12 @@
<servlet-name>AxisServlet</servlet-name>
<url-pattern>/services/*</url-pattern>
</servlet-mapping>
+ <servlet-mapping>
+ <servlet-name>PEPSConnectorServlet</servlet-name>
+ <url-pattern>/PEPSConnector</url-pattern>
+ </servlet-mapping>
<session-config>
- <session-timeout>30</session-timeout>
+ <session-timeout>5</session-timeout>
</session-config>
<error-page>
<error-code>500</error-code>
diff --git a/id/server/auth/src/main/webapp/css/index.css b/id/server/auth/src/main/webapp/css/index.css
index 18a0dccde..3dd974813 100644
--- a/id/server/auth/src/main/webapp/css/index.css
+++ b/id/server/auth/src/main/webapp/css/index.css
@@ -124,6 +124,12 @@ button {
cursor: pointer;
}
+input {
+ background: #efefef;
+ border:1px solid #000;
+ cursor: pointer;
+}
+
#installJava, #BrowserNOK {
clear:both;
font-size:0.8em;
diff --git a/id/server/auth/src/main/webapp/iframeHandyBKU.html b/id/server/auth/src/main/webapp/iframeHandyBKU.html
index 0f6e1e282..b5936679f 100644
--- a/id/server/auth/src/main/webapp/iframeHandyBKU.html
+++ b/id/server/auth/src/main/webapp/iframeHandyBKU.html
@@ -8,11 +8,11 @@
<script type="text/javascript">
// [MUSS] Geben Sie hier die URL zum Aufruf von MOA-ID an
// z.B.: https://yoururl.at/moa-id-auth/StartAuthentication?Target=IT&OA=https://youronlineapplication.at
- var MOA_ID_STARTAUTHENTICATION = "[MOA_ID_STARTAUTHENTICATION]";
+ var MOA_ID_STARTAUTHENTICATION = "https://localhost:8443/moa-id-auth/StartAuthentication?Target=ZU&OA=https://localhost:8443/TestMOAID_OA/LoginServletExample";
// [MUSS] Geben Sie hier die URL zum MOA-ID Template fuer die Handy Signatur an -->
<!-- z.B.: value="https://yoururl.at/moa-id-auth/template_handyBKU.html"-->
- var URL_TO_HANDYSIGNATUR_TEMPLATE = "[URL_TO_HANDYSIGNATUR_TEMPLATE]";
+ var URL_TO_HANDYSIGNATUR_TEMPLATE = "https://localhost:8443/moa-id-auth/template_handyBKU.html";
window.onload=function() {
@@ -49,7 +49,8 @@
Bitte warten...
<form name="moaidform" method="post" id="moaidform">
<input type="hidden" name="Template" id="Template">
- <input type="hidden" name="bkuURI" value="https://www.handy-signatur.at/mobile/https-security-layer-request/default.aspx">
+ <!-- <input type="hidden" name="bkuURI" value="https://www.handy-signatur.at/mobile/https-security-layer-request/default.aspx"> -->
+ <input type="hidden" name="bkuURI" value="https://test1.a-trust.at/https-security-layer-request/default.aspx">
<input type="hidden" name="useMandate" id="useMandate">
</form>
<hr>
diff --git a/id/server/auth/src/main/webapp/iframeOnlineBKU.html b/id/server/auth/src/main/webapp/iframeOnlineBKU.html
index a039005e0..7f6efb241 100644
--- a/id/server/auth/src/main/webapp/iframeOnlineBKU.html
+++ b/id/server/auth/src/main/webapp/iframeOnlineBKU.html
@@ -8,16 +8,16 @@
<script type="text/javascript">
// [MUSS] Geben Sie hier die URL zum Aufruf von MOA-ID an
// z.B.: https://yoururl.at/moa-id-auth/StartAuthentication?Target=IT&OA=https://youronlineapplication.at
- var MOA_ID_STARTAUTHENTICATION = "[MOA_ID_STARTAUTHENTICATION]";
+ var MOA_ID_STARTAUTHENTICATION = "https://localhost:8443/moa-id-auth/StartAuthentication?Target=ZU&OA=https://localhost:8443/TestMOAID_OA/LoginServletExample&sourceID=ABC123-_ABC123";
// [MUSS] Geben Sie hier die URL zum MOA-ID Template fuer die Online BKU an
// z.B.: "https://yoururl.at/moa-id-auth/template_onlineBKU.html"
- var URL_TO_ONLINEBKU_TEMPLATE = "[URL_TO_ONLINEBKU_TEMPLATE]";
+ var URL_TO_ONLINEBKU_TEMPLATE = "https://localhost:8443/moa-id-auth/template_onlineBKU.html";
// [MUSS] Geben Sie hier die URL zur Online BKU an
// z.B.: value="https://yoururl.at/bkuonline/https-security-layer-request"
// Hinweis: Diese URL muss auch bei den vertrauenswürdigen BKUs in der MOA-ID Konfiguration angegeben werden (siehe Element MOA-IDConfiguration/TrustedBKUs/BKUURL)
- var URL_TO_ONLINEBKU = "[URL_TO_ONLINEBKU]";
+ var URL_TO_ONLINEBKU = "https://localhost:8444/bkuonline/https-security-layer-request";
window.onload=function() {
document.getElementById('moaidform').action = MOA_ID_STARTAUTHENTICATION;
@@ -30,6 +30,10 @@
document.getElementById('useMandate').value = "true";
else
document.getElementById('useMandate').value = "false";
+
+ var ccc = gup("ccc");
+ if (ccc != null)
+ document.getElementById('ccc').value = ccc;
document.moaidform.submit();
return;
@@ -53,6 +57,7 @@
<input type="hidden" name="Template" id="Template">
<input type="hidden" name="bkuURI" id="bkuURI">
<input type="hidden" name="useMandate" id="useMandate">
+ <input type="hidden" name="CCC" id="ccc">
</form>
<hr>
</body>
diff --git a/id/server/auth/src/main/webapp/img/stork-logo.png b/id/server/auth/src/main/webapp/img/stork-logo.png
new file mode 100644
index 000000000..70355a084
--- /dev/null
+++ b/id/server/auth/src/main/webapp/img/stork-logo.png
Binary files differ
diff --git a/id/server/auth/src/main/webapp/index.html b/id/server/auth/src/main/webapp/index.html
index 533f2830a..03123c2a7 100644
--- a/id/server/auth/src/main/webapp/index.html
+++ b/id/server/auth/src/main/webapp/index.html
@@ -11,11 +11,11 @@
<script type="text/javascript">
// [MUSS] Geben Sie hier die URL zum Aufruf von MOA-ID an
// z.B.: https://yoururl.at/moa-id-auth/StartAuthentication?Target=IT&OA=https://youronlineapplication.at
- var MOA_ID_STARTAUTHENTICATION = "[MOA_ID_STARTAUTHENTICATION]";
+ var MOA_ID_STARTAUTHENTICATION = "https://localhost:8443/moa-id-auth/StartAuthentication?Target=ZU&OA=https://localhost:8443/TestMOAID_OA/LoginServletExample";
// [MUSS] Geben Sie hier die URL zum MOA-ID Template fuer die lokale BKU an
// z.B.: https://yoururl.at/moa-id-auth/template_localBKU.html
- var URL_TO_LOKALBKU_TEMPLATE = "[URL_TO_LOKALBKU_TEMPLATE]";
+ var URL_TO_LOKALBKU_TEMPLATE = "https://localhost:8443/moa-id-auth/template_localBKU.html";
window.onload=function() {
@@ -38,12 +38,12 @@
document.getElementById("useMandate").value = "true";
}
}
-
+
var el = document.getElementById("bkulogin");
var parent = el.parentNode;
var iFrameURL = "iframeOnlineBKU.html" + "?";
- iFrameURL += "useMandate=" + document.getElementById("useMandate").value;
+ iFrameURL += "useMandate=" + document.getElementById("useMandate").value;
var iframe = document.createElement("iframe");
iframe.setAttribute("src", iFrameURL);
@@ -55,8 +55,7 @@
parent.replaceChild(iframe, el);
}
-
-
+
function bkuHandyClicked() {
document.getElementById("localBKU").style.display="none";
@@ -84,6 +83,46 @@
parent.replaceChild(iframe, el);
}
+
+ function storkClicked() {
+ document.getElementById("localBKU").style.display="block";
+
+ document.getElementById("moaidform").action = MOA_ID_STARTAUTHENTICATION;
+ document.getElementById("Template").value = URL_TO_LOKALBKU_TEMPLATE;
+
+ document.getElementById("useMandate").value = "false";
+ var checkbox = document.getElementById("mandateCheckBox")
+ if (checkbox != null) {
+ if (document.getElementById("mandateCheckBox").checked) {
+ document.getElementById("useMandate").value = "true";
+ }
+ }
+
+ var ccc = "AT";
+ var countrySelection = document.getElementById("cccSelection");
+
+ if (countrySelection != null) {
+ ccc = document.getElementById("cccSelection").value;
+ }
+
+ var el = document.getElementById("bkulogin");
+ var parent = el.parentNode;
+
+ var iFrameURL = "iframeOnlineBKU.html" + "?";
+ iFrameURL += "useMandate=" + document.getElementById("useMandate").value + "&";
+ iFrameURL += "ccc=" + ccc;
+
+ var iframe = document.createElement("iframe");
+ iframe.setAttribute("src", iFrameURL);
+ iframe.setAttribute("width", "220");
+ iframe.setAttribute("height", "165");
+ iframe.setAttribute("frameborder", "0");
+ iframe.setAttribute("scrolling", "no");
+ iframe.setAttribute("title", "Login");
+
+ parent.replaceChild(iframe, el);
+ }
+
</script>
</head>
<body>
@@ -117,16 +156,17 @@
<!-- Block "KARTE": Anmeldung mit lokaler BKU *ohne* Vollmacht (No-Script Variante) -->
<!-- [MUSS] Geben Sie hier die URL zum Aufruf von MOA-ID an (inkl. Template-URL, bkuURI und useMandate Parameter!) -->
<!-- z.B.: https://yoururl.at/moa-id-auth/StartAuthentication?Target=IT&OA=https://youronlineapplication.at&Template=https://yoururl.at/moa-id-auth/template_localBKU.html&bkuURI=https://127.0.0.1:3496/https-security-layer-request&useMandate=false -->
- <a href="[MOA_ID_STARTAUTHENTICATION]&Template=[URL_TO_LOKALBKU_TEMPLATE]&bkuURI=https://127.0.0.1:3496/https-security-layer-request&useMandate=false">
+ <a href="https://localhost:8443/moa-id-auth/StartAuthentication?Target=ZU&OA=https://localhost:8443/TestMOAID_OA/LoginServletExample&Template=https://localhost:8443/moa-id-auth/template_localBKU.html&bkuURI=https://127.0.0.1:3496/https-security-layer-request&useMandate=false">
<div id="bkukarte" class="hell">
<button name="bkuButton" type="button">KARTE</button>
</div>
- </a>
+ </a>
+
<!-- Block "KARTE+Vollmacht": Anmeldung mit lokaler BKU *mit* Vollmacht (No-Script Variante) -->
<!-- [MUSS] Geben Sie hier die URL zum Aufruf von MOA-ID an (inkl. Template-URL, bkuURI und useMandate Parameter!) -->
<!-- z.B.: https://yoururl.at/moa-id-auth/StartAuthentication?Target=IT&OA=https://youronlineapplication.at&Template=https://yoururl.at/moa-id-auth/template_localBKU.html&bkuURI=https://127.0.0.1:3496/https-security-layer-request&useMandate=true -->
- <!-- <a href="[MOA_ID_STARTAUTHENTICATION]&Template=[URL_TO_LOKALBKU_TEMPLATE]&bkuURI=https://127.0.0.1:3496/https-security-layer-request&useMandate=true">
+ <!-- <a href="https://localhost:8443/moa-id-auth/StartAuthentication?Target=ZU&OA=https://localhost:8443/TestMOAID_OA/LoginServletExample&Template=https://localhost:8443/moa-id-auth/template_localBKU.html&bkuURI=https://127.0.0.1:3496/https-security-layer-request&useMandate=true">
<div id="bkukarte" class="hell">
<button name="bkuButton" type="button">KARTE+<br>Vollmacht</button>
</div>
@@ -136,7 +176,7 @@
<!-- Block "HANDY": Anmeldung mit Handysignatur *ohne* Vollmacht (No-Script Variante) -->
<!-- [MUSS] Geben Sie hier die URL zum Aufruf von MOA-ID an (inkl. Template-URL, bkuURI und useMandate Parameter!) -->
<!-- z.B.: https://yoururl.at/moa-id-auth/StartAuthentication?Target=IT&OA=https://youronlineapplication.at&Template=https://yoururl.at/moa-id-auth/template_handyBKU.html&bkuURI=https://www.handy-signatur.at/mobile/https-security-layer-request/default.aspx&useMandate=false -->
- <a href="[MOA_ID_STARTAUTHENTICATION]&Template=[URL_TO_HANDYSIGNATUR_TEMPLATE]&bkuURI=https://www.handy-signatur.at/mobile/https-security-layer-request/default.aspx&useMandate=false">
+ <a href="https://localhost:8443/moa-id-auth/StartAuthentication?Target=ZU&OA=https://localhost:8443/TestMOAID_OA/LoginServletExample&Template=https://localhost:8443/moa-id-auth/template_localBKU.html&bkuURI=https://www.handy-signatur.at/mobile/https-security-layer-request/default.aspx&useMandate=false">
<div id="bkuhandy" class="hell">
<button name="bkuButton" type="button">HANDY</button>
</div>
@@ -145,14 +185,44 @@
<!-- Block "HANDY+Vollnacht": Anmeldung mit Handysignatur *mit* Vollmacht (No-Script Variante) -->
<!-- [MUSS] Geben Sie hier die URL zum Aufruf von MOA-ID an (inkl. Template-URL, bkuURI und useMandate Parameter!) -->
<!-- z.B.: https://yoururl.at/moa-id-auth/StartAuthentication?Target=IT&OA=https://youronlineapplication.at&Template=https://yoururl.at/moa-id-auth/template_handyBKU.html&bkuURI=https://www.handy-signatur.at/mobile/https-security-layer-request/default.aspx&useMandate=true -->
- <!-- <a href="[MOA_ID_STARTAUTHENTICATION]&Template=[URL_TO_HANDYSIGNATUR_TEMPLATE]&bkuURI=https://www.handy-signatur.at/mobile/https-security-layer-request/default.aspx&useMandate=true">
+ <!-- <a href="https://localhost:8443/moa-id-auth/StartAuthentication?Target=ZU&OA=https://localhost:8443/TestMOAID_OA/LoginServletExample&Template=https://localhost:8443/moa-id-auth/template_localBKU.html&bkuURI=https://www.handy-signatur.at/mobile/https-security-layer-request/default.aspx&useMandate=true">
<div id="bkuhandy" class="hell">
<button name="bkuButton" type="button">HANDY</button>
</div>
</a> -->
- </noscript>
+ <!-- Block "Ausländische Identitäten bzw. STORK": Länderauswahl für Anmeldung ausländischer Identitäten über STORK oder lokale BKU(No-Script Variante) -->
+ <!-- [MUSS] Geben Sie im Feld "action" die URL zum Aufruf von MOA-ID an (inkl. Template-URL und bkuURI) -->
+ <!-- z.B.: https://yoururl.at/moa-id-auth/StartAuthentication?Target=IT&OA=https://youronlineapplication.at&Template=https://yoururl.at/moa-id-auth/template_localBKU.html&bkuURI=https://127.0.0.1:3496/https-security-layer-request -->
+ <div id="leftcontent" style="margin-bottom:10px">
+ <h2 id="tabheader" class="dunkel">
+ Home Country Selection
+ </h2>
+ </div>
+ <div id="stork" class="hell" align="center">
+ <p>
+ <form name="storkForm" method="POST" action="https://localhost:8443/moa-id-auth/StartAuthentication?Target=ZU&OA=https://localhost:8443/TestMOAID_OA/LoginServletExample&Template=https://localhost:8443/moa-id-auth/template_localBKU.html&bkuURI=https://127.0.0.1:3496/https-security-layer-request">
+ <select name="CCC" size="1" style="width:120px">
+ <option value="BE">België/Belgique</option>
+ <option value="EE">Eesti</option>
+ <option value="ES">España</option>
+ <option value="IS">Ãsland</option>
+ <option value="IT">Italia</option>
+ <option value="LI">Liechtenstein</option>
+ <option value="LT">Lithuania</option>
+ <option value="PT">Portugal</option>
+ <option value="SI">Slovenija</option>
+ <option value="FI">Suomi</option>
+ <option value="SE">Sverige</option>
+ </select>
+ <input type="submit" name="storkButton" value="Send" alt="Send" class="button"/>
+ <a href="info_stork.html" target="_blank" class="infobutton" style="color:#FFF">i</a>
+ </form>
+ </p>
+ </div>
+
+ </noscript>
<script>
<!-- [OPTIONAL] Um die Online BKU auszublenden, kommentieren sie folgende drei Zeilen aus aus -->
document.write("<div id=\"bkukarte\" class=\"hell\">");
@@ -170,6 +240,33 @@
document.write("<label>in Vertretung anmelden</label>");
document.write(" <a href=\"info_mandates.html\" target=\"_blank\" class=\"infobutton\" style=\"color:#FFF\">i</a>");
document.write("</div> ");
+
+ <!-- [OPTIONAL] Um die Anmeldung von ausländischen Identitäten auszublenden, kommentieren Sie folgende Zeilen aus -->
+ document.write("<div id=\"leftcontent\" style=\"margin-bottom:10px\">");
+ document.write("<h2 id=\"tabheader\" class=\"dunkel\">");
+ document.write("Home Country Selection");
+ document.write("</h2>");
+ document.write("</div>");
+ document.write("<div id=\"stork\" class=\"hell\" align=\"center\">");
+ document.write("<p>");
+ document.write("<select name=\"cccSelection\" id=\"cccSelection\" size=\"1\" style=\"width: 120px; margin-right: 5px;\" >");
+ document.write("<option value=\"BE\">België/Belgique</option>");
+ document.write("<option value=\"EE\">Eesti</option>");
+ document.write("<option value=\"ES\">España</option>");
+ document.write("<option value=\"IS\">Ãsland</option>");
+ document.write("<option value=\"IT\">Italia</option>");
+ document.write("<option value=\"LI\">Liechtenstein</option>");
+ document.write("<option value=\"LT\">Lithuania</option>");
+ document.write("<option value=\"PT\">Portugal</option>");
+ document.write("<option value=\"SI\">Slovenija</option>");
+ document.write("<option value=\"FI\">Suomi</option>");
+ document.write("<option value=\"SE\">Sverige</option>");
+ document.write("</select>");
+ document.write("<button name=\"bkuButton\" type=\"button\" onClick=\"storkClicked();\">Send</button>");
+ document.write(" <a href=\"info_stork.html\" target=\"_blank\" class=\"infobutton\" style=\"color:#FFF\">i</a>");
+ document.write("</p>");
+ document.write("</div>");
+
</script>
</div>
@@ -182,7 +279,8 @@
<input type="hidden" name="show" value="false">
<input type="hidden" name="Template" id="Template">
<input type="hidden" name="bkuURI" value="https://127.0.0.1:3496/https-security-layer-request">
- <input type="hidden" name="useMandate" id="useMandate">
+ <input type="hidden" name="useMandate" id="useMandate">
+ <input type="hidden" name="CCC" id="ccc">
<input type="submit" size="400" value="Lokale BKU" class="sendButton">
</form>
<p>
diff --git a/id/server/auth/src/main/webapp/info_stork.html b/id/server/auth/src/main/webapp/info_stork.html
new file mode 100644
index 000000000..3bd88300c
--- /dev/null
+++ b/id/server/auth/src/main/webapp/info_stork.html
@@ -0,0 +1,44 @@
+<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">
+<html lang="de">
+ <head>
+ <title>Information (STORK)</title>
+ <meta http-equiv="Content-Type" content="text/html; charset=utf-8">
+ <meta http-equiv="Content-Style-Type" content="text/css">
+ <link rel="stylesheet" type="text/css" href="css/index.css">
+ </head>
+ <body>
+ <div id="wrapper">
+ <p id="skiplinks">
+ <a href="#content">Go to contents</a>
+ </p>
+ <div id="banner">
+ <!-- [OPTIONAL] Aendern Sie hier die Titelueberschrift der Seite) -->
+ <div id="bannerleft">
+ <h1>Information using STORK for secure authentication</h1>
+ <!-- Meldung im Browser, wenn JavaScript nicht aktiviert -->
+ <noscript>
+ <p>
+ Please activate JavaScript.
+ </p>
+ </noscript>
+ </div>
+ <!-- [OPTIONAL] Aendern Sie hier das Logo der Seite (und Alternativtext fuer das Bild) -->
+ <div id="bannerright">
+ <img src="img/stork-logo.png" alt="STORK-Logo">
+ </div>
+ </div>
+ <div id="main">
+ <div id="centercontent">
+ <h2 id="contentheader" class="dunkel">
+ Information using STORK for secure authentication
+ </h2>
+ <div id="content" class="hell">
+
+ <p>The STORK project makes it easier for citizens to access online public services across borders by implementing Europe-wide interoperable cross border platforms for the mutual recognition of national electronic identity (eID) between participating countries.</p>
+ <p>For more information, please consult the STORK website:</p><a href="https://www.eid-stork.eu/">https://www.eid-stork.eu/</a>
+ </div>
+ </div>
+ </div>
+ </div>
+ </body>
+</html> \ No newline at end of file
diff --git a/id/server/auth/src/main/webapp/template_handyBKU.html b/id/server/auth/src/main/webapp/template_handyBKU.html
index 0ad73a6f3..27834cd91 100644
--- a/id/server/auth/src/main/webapp/template_handyBKU.html
+++ b/id/server/auth/src/main/webapp/template_handyBKU.html
@@ -12,7 +12,6 @@
</head>
<body onLoad="onAnmeldeSubmit()">
<form name="CustomizedForm" action="<BKU>" method="post" enctype="multipart/form-data<>">
- Falls Sie nicht automatisch weitergeleitet werden klicken Sie bitte hier:
<input class="button" type="submit" value="Starte Anmeldung" name="Senden">
<input type="hidden" name="XMLRequest" value="<XMLRequest>">
<input type="hidden" name="DataURL" value="<DataURL>">
diff --git a/id/server/auth/src/main/webapp/template_localBKU.html b/id/server/auth/src/main/webapp/template_localBKU.html
index f197d2c5c..64275391a 100644
--- a/id/server/auth/src/main/webapp/template_localBKU.html
+++ b/id/server/auth/src/main/webapp/template_localBKU.html
@@ -11,8 +11,7 @@
</script>
</head>
<body onLoad="onAnmeldeSubmit()">
- <form name="CustomizedForm" action="<BKU>" method="post" enctype="multipart/form-data<>">
- Falls Sie nicht automatisch weitergeleitet werden klicken Sie bitte hier:
+ <form name="CustomizedForm" action="<BKU>" method="post" enctype="multipart/form-data<>">
<input class="button" type="submit" value="Starte Anmeldung" name="Senden">
<input type="hidden" name="XMLRequest" value="<XMLRequest>">
<input type="hidden" name="DataURL" value="<DataURL>">
diff --git a/id/server/auth/src/main/webapp/template_onlineBKU.html b/id/server/auth/src/main/webapp/template_onlineBKU.html
index 565955538..b8cd19866 100644
--- a/id/server/auth/src/main/webapp/template_onlineBKU.html
+++ b/id/server/auth/src/main/webapp/template_onlineBKU.html
@@ -11,8 +11,7 @@
</script>
</head>
<body onLoad="onAnmeldeSubmit()">
- <form name="CustomizedForm" action="<BKU>" method="post" enctype="multipart/form-data<>">
- Falls Sie nicht automatisch weitergeleitet werden klicken Sie bitte hier:
+ <form name="CustomizedForm" action="<BKU>" method="post" enctype="multipart/form-data<>">
<input class="button" type="hidden" value="Starte Anmeldung" name="Senden">
<input type="hidden" name="XMLRequest" value="<XMLRequest>">
<input type="hidden" name="DataURL" value="<DataURL>">
diff --git a/id/server/data/deploy/conf/moa-id/SampleMOAIDConfiguration.xml b/id/server/data/deploy/conf/moa-id/SampleMOAIDConfiguration.xml
index 6525642f1..109a59d6b 100644
--- a/id/server/data/deploy/conf/moa-id/SampleMOAIDConfiguration.xml
+++ b/id/server/data/deploy/conf/moa-id/SampleMOAIDConfiguration.xml
@@ -1,6 +1,6 @@
<?xml version="1.0" encoding="UTF-8"?>
<!-- Beispielkonfiguration fuer MOA-ID ohne Proxy -->
-<MOA-IDConfiguration xmlns="http://www.buergerkarte.at/namespaces/moaconfig#" xmlns:dsig="http://www.w3.org/2000/09/xmldsig#" xmlns:sl10="http://www.buergerkarte.at/namespaces/securitylayer/20020225#" xmlns:sl11="http://www.buergerkarte.at/namespaces/securitylayer/20020831#">
+<MOA-IDConfiguration xmlns="http://www.buergerkarte.at/namespaces/moaconfig#" xmlns:dsig="http://www.w3.org/2000/09/xmldsig#" xmlns:sl10="http://www.buergerkarte.at/namespaces/securitylayer/20020225#" xmlns:sl11="http://www.buergerkarte.at/namespaces/securitylayer/20020831#" xmlns:stork="urn:eu:stork:names:tc:STORK:1.0:assertion" xmlns:storkp="urn:eu:stork:names:tc:STORK:1.0:protocol">
<!-- Konfiguration fuer MOA-ID-AUTH -->
<AuthComponent>
<!-- Transformationen fuer die Anzeige des AUTH-Block im Secure Viewer -->
@@ -40,6 +40,39 @@
<!-- Wenn ihr MOA-ID Zertifikat diese Voraussetzung erfüllt, können Sie dieses hier angeben. -->
<!-- <ClientKeyStore password="Keystore Pass">file_to_clientkeystore</ClientKeyStore> -->
</ConnectionParameter>
+ <!-- Verwendung von STORK für die Authentifizierung von ausländischen Personen -->
+ <STORK>
+ <!-- Produktive C-PEPS -->
+ <C-PEPS countryCode="ES" URL="https://spanishpeps.mpr.es/PEPS/ColleagueRequest"/>
+ <C-PEPS countryCode="IT" URL="https://it-peps-stork.polito.it/PEPS/ColleagueRequest"/>
+ <C-PEPS countryCode="PT" URL="https://eu-id.cartaodecidadao.gov.pt/PEPS/ColleagueRequest"/>
+ <C-PEPS countryCode="SI" URL="https://peps.mju.gov.si/PEPS/ColleagueRequest">
+ <stork:RequestedAttribute Name="http://www.stork.gov.eu/1.0/fiscalNumber" isRequired="true" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri"/>
+ </C-PEPS>
+ <!-- Test C-PEPS -->
+ <!--
+ <C-PEPS countryCode="ES" URL="https://88.84.94.24/PEPS/ColleagueRequest"/>
+ <C-PEPS countryCode="IT" URL="https://it-peps-stork.polito.it/PEPS2/ColleagueRequest"/>
+ <C-PEPS countryCode="PT" URL="https://eu-id.teste.cartaodecidadao.gov.pt/PEPS/ColleagueRequest"/>
+ <C-PEPS countryCode="SI" URL="https://peps-test.mju.gov.si/PEPS/ColleagueRequest">
+ <stork:RequestedAttribute Name="http://www.stork.gov.eu/1.0/fiscalNumber" isRequired="true" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri"/>
+ </C-PEPS>
+ -->
+ <!-- Geben Sie hier den Schlüssel zum Signieren der STORK Authentifizierungsnachrichten an (Schlüssel vorerst auf Anfrage beim EGIZ erhältlich) -->
+ <SAMLSigningParameter>
+ <SignatureCreationParameter>
+ <KeyStore password="Keystore Pass">file_to_keystore</KeyStore>
+ <KeyName password="Keystore Name">signing_key_name</KeyName>
+ </SignatureCreationParameter>
+ <SignatureVerificationParameter>
+ <!-- Geben Sie hier das MOA-ID TrustProfil an, welches zur Signatur-Verifizierung von STORK Nachrichten verwendet werden soll -->
+ <!-- Profil für die Produktiven C-PEPS -->
+ <TrustProfileID>C-PEPS</TrustProfileID>
+ <!-- Profil für die Test C-PEPS -->
+ <!-- <TrustProfileID>C-PEPS-Test</TrustProfileID> -->
+ </SignatureVerificationParameter>
+ </SAMLSigningParameter>
+ </STORK>
</ForeignIdentities>
<!-- Einstellungen für den Zugriff auf das Online-Vollmachten Service -->
<!-- <OnlineMandates> -->
@@ -69,6 +102,35 @@
<!-- Unter https://vollmachten.stammzahlenregister.gv.at/mis/ finden Sie eine Liste der unterstützen Vollmachten-Profile.-->
<!-- <Profiles>Zustellung,Prokura,PostvollmachtAufBasisProkura,WKOVollmachtAufBasisProkura,ZVR,ZVRMitPostvollmacht,ERsB,ErsBMitPostvollmacht,PostvollmachtBilateral,GeneralvollmachtBilateral,WKOVollmachtBilateral</Profiles>-->
<!-- </Mandates>-->
+
+ <!-- STORK Konfiguration für zusätzliche Attribute, die bei einer STORK Anmeldung angefragt werden können -->
+ <!-- Defaultmäßig werden die folgenden Attribute abgefragt: eIdentifier, givenName, surname, dateOfBirth -->
+ <!-- Löschen Sie die jeweils nicht benötigten Attribute oder den gesamten <STORK>-Eintrag für den default -->
+ <!-- QualityAuthenticationAssuranceLevel dient nur zu Testzwecken, defaultmäßig wird QAA 4 verwendet -->
+ <!--
+ <STORK>
+ <stork:QualityAuthenticationAssuranceLevel>4</stork:QualityAuthenticationAssuranceLevel>
+ <storkp:RequestedAttributes>
+ <stork:RequestedAttribute Name="http://www.stork.gov.eu/1.0/inheritedFamilyName" isRequired="false" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri"/>
+ <stork:RequestedAttribute Name="http://www.stork.gov.eu/1.0/adoptedFamilyName" isRequired="false" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri"/>
+ <stork:RequestedAttribute Name="http://www.stork.gov.eu/1.0/gender" isRequired="false" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri"/>
+ <stork:RequestedAttribute Name="http://www.stork.gov.eu/1.0/countryCodeOfBirth" isRequired="false" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri"/>
+ <stork:RequestedAttribute Name="http://www.stork.gov.eu/1.0/nationalityCode" isRequired="false" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri"/>
+ <stork:RequestedAttribute Name="http://www.stork.gov.eu/1.0/maritalStatus" isRequired="false" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri"/>
+ <stork:RequestedAttribute Name="http://www.stork.gov.eu/1.0/textResidenceAddress" isRequired="false" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri"/>
+ <stork:RequestedAttribute Name="http://www.stork.gov.eu/1.0/canonicalResidenceAddress" isRequired="false" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri"/>
+ <stork:RequestedAttribute Name="http://www.stork.gov.eu/1.0/eMail" isRequired="false" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri"/>
+ <stork:RequestedAttribute Name="http://www.stork.gov.eu/1.0/title" isRequired="false" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri"/>
+ <stork:RequestedAttribute Name="http://www.stork.gov.eu/1.0/residencePermit" isRequired="false" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri"/>
+ <stork:RequestedAttribute Name="http://www.stork.gov.eu/1.0/pseudonym" isRequired="false" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri"/>
+ <stork:RequestedAttribute Name="http://www.stork.gov.eu/1.0/age" isRequired="false" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri"/>
+ <stork:RequestedAttribute Name="http://www.stork.gov.eu/1.0/citizenQAALevel" isRequired="false" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri"/>
+ <stork:RequestedAttribute Name="http://www.stork.gov.eu/1.0/isAgeOver" isRequired="false" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri">
+ <stork:AttributeValue>1</stork:AttributeValue>
+ </stork:RequestedAttribute>
+ </storkp:RequestedAttributes>
+ </STORK>
+ -->
</AuthComponent>
</OnlineApplication>
<!-- ChainingModes fuer die Zertifikatspfadueberpruefung der TLS-Zertifikate -->
diff --git a/id/server/data/deploy/conf/moa-id/SampleMOAIDConfigurationProxy.xml b/id/server/data/deploy/conf/moa-id/SampleMOAIDConfigurationProxy.xml
index 27bf6681c..f292a7c64 100644
--- a/id/server/data/deploy/conf/moa-id/SampleMOAIDConfigurationProxy.xml
+++ b/id/server/data/deploy/conf/moa-id/SampleMOAIDConfigurationProxy.xml
@@ -1,6 +1,6 @@
<?xml version="1.0" encoding="UTF-8"?>
<!-- Beispielkonfiguration fuer MOA-ID -->
-<MOA-IDConfiguration xmlns="http://www.buergerkarte.at/namespaces/moaconfig#" xmlns:dsig="http://www.w3.org/2000/09/xmldsig#" xmlns:sl10="http://www.buergerkarte.at/namespaces/securitylayer/20020225#" xmlns:sl11="http://www.buergerkarte.at/namespaces/securitylayer/20020831#">
+<MOA-IDConfiguration xmlns="http://www.buergerkarte.at/namespaces/moaconfig#" xmlns:dsig="http://www.w3.org/2000/09/xmldsig#" xmlns:sl10="http://www.buergerkarte.at/namespaces/securitylayer/20020225#" xmlns:sl11="http://www.buergerkarte.at/namespaces/securitylayer/20020831#" xmlns:stork="urn:eu:stork:names:tc:STORK:1.0:assertion" xmlns:storkp="urn:eu:stork:names:tc:STORK:1.0:protocol">
<!-- Konfiguration fuer MOA-ID-AUTH -->
<AuthComponent>
<!-- Transformationen fuer die Anzeige des AUTH-Block im Secure Viewer -->
@@ -41,6 +41,39 @@
<!-- Wenn ihr MOA-ID Zertifikat diese Voraussetzung erfüllt, können Sie dieses hier angeben. -->
<!-- <ClientKeyStore password="Keystore Pass">file_to_clientkeystore</ClientKeyStore> -->
</ConnectionParameter>
+ <!-- Verwendung von STORK für die Authentifizierung von ausländischen Personen -->
+ <STORK>
+ <!-- Produktive C-PEPS -->
+ <C-PEPS countryCode="ES" URL="https://spanishpeps.mpr.es/PEPS/ColleagueRequest"/>
+ <C-PEPS countryCode="IT" URL="https://it-peps-stork.polito.it/PEPS/ColleagueRequest"/>
+ <C-PEPS countryCode="PT" URL="https://eu-id.cartaodecidadao.gov.pt/PEPS/ColleagueRequest"/>
+ <C-PEPS countryCode="SI" URL="https://peps.mju.gov.si/PEPS/ColleagueRequest">
+ <stork:RequestedAttribute Name="http://www.stork.gov.eu/1.0/fiscalNumber" isRequired="true" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri"/>
+ </C-PEPS>
+ <!-- Test C-PEPS -->
+ <!--
+ <C-PEPS countryCode="ES" URL="https://88.84.94.24/PEPS/ColleagueRequest"/>
+ <C-PEPS countryCode="IT" URL="https://it-peps-stork.polito.it/PEPS2/ColleagueRequest"/>
+ <C-PEPS countryCode="PT" URL="https://eu-id.teste.cartaodecidadao.gov.pt/PEPS/ColleagueRequest"/>
+ <C-PEPS countryCode="SI" URL="https://peps-test.mju.gov.si/PEPS/ColleagueRequest">
+ <stork:RequestedAttribute Name="http://www.stork.gov.eu/1.0/fiscalNumber" isRequired="true" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri"/>
+ </C-PEPS>
+ -->
+ <!-- Geben Sie hier den Schlüssel zum Signieren der STORK Authentifizierungsnachrichten an (Schlüssel vorerst auf Anfrage beim EGIZ erhältlich) -->
+ <SAMLSigningParameter>
+ <SignatureCreationParameter>
+ <KeyStore password="Keystore Pass">file_to_keystore</KeyStore>
+ <KeyName password="Key Pass">signing_key_name</KeyName>
+ </SignatureCreationParameter>
+ <SignatureVerificationParameter>
+ <!-- Geben Sie hier das MOA-ID TrustProfil an, welches zur Signatur-Verifizierung von STORK Nachrichten verwendet werden soll -->
+ <!-- Profil für die Produktiven C-PEPS -->
+ <TrustProfileID>C-PEPS</TrustProfileID>
+ <!-- Profil für die Test C-PEPS -->
+ <!-- <TrustProfileID>C-PEPS-Test</TrustProfileID> -->
+ </SignatureVerificationParameter>
+ </SAMLSigningParameter>
+ </STORK>
</ForeignIdentities>
<!-- Einstellungen für den Zugriff auf das Online-Vollmachten Service -->
<!-- <OnlineMandates> -->
@@ -80,6 +113,35 @@
<!-- Unter https://vollmachten.stammzahlenregister.gv.at/mis/ finden Sie eine Liste der unterstützen Vollmachten-Profile.-->
<!-- <Profiles>Zustellung,Prokura,PostvollmachtAufBasisProkura,WKOVollmachtAufBasisProkura,ZVR,ZVRMitPostvollmacht,ERsB,ErsBMitPostvollmacht,PostvollmachtBilateral,GeneralvollmachtBilateral,WKOVollmachtBilateral</Profiles>-->
<!-- </Mandates>-->
+
+ <!-- STORK Konfiguration für zusätzliche Attribute, die bei einer STORK Anmeldung angefragt werden können -->
+ <!-- Defaultmäßig werden die folgenden Attribute abgefragt: eIdentifier, givenName, surname, dateOfBirth -->
+ <!-- Löschen Sie die jeweils nicht benötigten Attribute oder den gesamten <STORK>-Eintrag für den default -->
+ <!-- QualityAuthenticationAssuranceLevel dient nur zu Testzwecken, defaultmäßig wird QAA 4 verwendet -->
+ <!--
+ <STORK>
+ <stork:QualityAuthenticationAssuranceLevel>4</stork:QualityAuthenticationAssuranceLevel>
+ <storkp:RequestedAttributes>
+ <stork:RequestedAttribute Name="http://www.stork.gov.eu/1.0/inheritedFamilyName" isRequired="false" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri"/>
+ <stork:RequestedAttribute Name="http://www.stork.gov.eu/1.0/adoptedFamilyName" isRequired="false" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri"/>
+ <stork:RequestedAttribute Name="http://www.stork.gov.eu/1.0/gender" isRequired="false" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri"/>
+ <stork:RequestedAttribute Name="http://www.stork.gov.eu/1.0/countryCodeOfBirth" isRequired="false" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri"/>
+ <stork:RequestedAttribute Name="http://www.stork.gov.eu/1.0/nationalityCode" isRequired="false" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri"/>
+ <stork:RequestedAttribute Name="http://www.stork.gov.eu/1.0/maritalStatus" isRequired="false" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri"/>
+ <stork:RequestedAttribute Name="http://www.stork.gov.eu/1.0/textResidenceAddress" isRequired="false" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri"/>
+ <stork:RequestedAttribute Name="http://www.stork.gov.eu/1.0/canonicalResidenceAddress" isRequired="false" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri"/>
+ <stork:RequestedAttribute Name="http://www.stork.gov.eu/1.0/eMail" isRequired="false" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri"/>
+ <stork:RequestedAttribute Name="http://www.stork.gov.eu/1.0/title" isRequired="false" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri"/>
+ <stork:RequestedAttribute Name="http://www.stork.gov.eu/1.0/residencePermit" isRequired="false" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri"/>
+ <stork:RequestedAttribute Name="http://www.stork.gov.eu/1.0/pseudonym" isRequired="false" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri"/>
+ <stork:RequestedAttribute Name="http://www.stork.gov.eu/1.0/age" isRequired="false" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri"/>
+ <stork:RequestedAttribute Name="http://www.stork.gov.eu/1.0/citizenQAALevel" isRequired="false" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri"/>
+ <stork:RequestedAttribute Name="http://www.stork.gov.eu/1.0/isAgeOver" isRequired="false" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri">
+ <stork:AttributeValue>1</stork:AttributeValue>
+ </stork:RequestedAttribute>
+ </storkp:RequestedAttributes>
+ </STORK>
+ -->
</AuthComponent>
<!-- fuer MOA-ID-PROXY -->
<ProxyComponent configFileURL="oa/SampleOAConfiguration.xml" sessionTimeOut="600">
diff --git a/id/server/data/deploy/conf/moa-id/SampleMOAIDConfiguration_withTestBKs.xml b/id/server/data/deploy/conf/moa-id/SampleMOAIDConfiguration_withTestBKs.xml
index eefc7cf6a..b4735db0d 100644
--- a/id/server/data/deploy/conf/moa-id/SampleMOAIDConfiguration_withTestBKs.xml
+++ b/id/server/data/deploy/conf/moa-id/SampleMOAIDConfiguration_withTestBKs.xml
@@ -1,6 +1,6 @@
<?xml version="1.0" encoding="UTF-8"?>
<!-- Beispielkonfiguration fuer MOA-ID ohne Proxy -->
-<MOA-IDConfiguration xmlns="http://www.buergerkarte.at/namespaces/moaconfig#" xmlns:dsig="http://www.w3.org/2000/09/xmldsig#" xmlns:sl10="http://www.buergerkarte.at/namespaces/securitylayer/20020225#" xmlns:sl11="http://www.buergerkarte.at/namespaces/securitylayer/20020831#">
+<MOA-IDConfiguration xmlns="http://www.buergerkarte.at/namespaces/moaconfig#" xmlns:dsig="http://www.w3.org/2000/09/xmldsig#" xmlns:sl10="http://www.buergerkarte.at/namespaces/securitylayer/20020225#" xmlns:sl11="http://www.buergerkarte.at/namespaces/securitylayer/20020831#" xmlns:stork="urn:eu:stork:names:tc:STORK:1.0:assertion" xmlns:storkp="urn:eu:stork:names:tc:STORK:1.0:protocol">
<!-- Konfiguration fuer MOA-ID-AUTH -->
<AuthComponent>
<!-- Transformationen fuer die Anzeige des AUTH-Block im Secure Viewer -->
@@ -42,6 +42,39 @@
<!-- diese Voraussetzung erfüllt, können Sie dieses hier angeben. -->
<!-- <ClientKeyStore password="Keystore Pass">file_to_clientkeystore</ClientKeyStore> -->
</ConnectionParameter>
+ <!-- Verwendung von STORK für die Authentifizierung von ausländischen Personen -->
+ <STORK>
+ <!-- Produktive C-PEPS -->
+ <C-PEPS countryCode="ES" URL="https://spanishpeps.mpr.es/PEPS/ColleagueRequest"/>
+ <C-PEPS countryCode="IT" URL="https://it-peps-stork.polito.it/PEPS/ColleagueRequest"/>
+ <C-PEPS countryCode="PT" URL="https://eu-id.cartaodecidadao.gov.pt/PEPS/ColleagueRequest"/>
+ <C-PEPS countryCode="SI" URL="https://peps.mju.gov.si/PEPS/ColleagueRequest">
+ <stork:RequestedAttribute Name="http://www.stork.gov.eu/1.0/fiscalNumber" isRequired="true" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri"/>
+ </C-PEPS>
+ <!-- Test C-PEPS -->
+ <!--
+ <C-PEPS countryCode="ES" URL="https://88.84.94.24/PEPS/ColleagueRequest"/>
+ <C-PEPS countryCode="IT" URL="https://it-peps-stork.polito.it/PEPS2/ColleagueRequest"/>
+ <C-PEPS countryCode="PT" URL="https://eu-id.teste.cartaodecidadao.gov.pt/PEPS/ColleagueRequest"/>
+ <C-PEPS countryCode="SI" URL="https://peps-test.mju.gov.si/PEPS/ColleagueRequest">
+ <stork:RequestedAttribute Name="http://www.stork.gov.eu/1.0/fiscalNumber" isRequired="true" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri"/>
+ </C-PEPS>
+ -->
+ <!-- Geben Sie hier den Schlüssel zum Signieren der STORK Authentifizierungsnachrichten an (Schlüssel vorerst auf Anfrage beim EGIZ erhältlich) -->
+ <SAMLSigningParameter>
+ <SignatureCreationParameter>
+ <KeyStore password="Keystore Pass">file_to_keystore</KeyStore>
+ <KeyName password="Key Pass">signing_key_name</KeyName>
+ </SignatureCreationParameter>
+ <SignatureVerificationParameter>
+ <!-- Geben Sie hier das MOA-ID TrustProfil an, welches zur Signatur-Verifizierung von STORK Nachrichten verwendet werden soll -->
+ <!-- Profil für die Produktiven C-PEPS -->
+ <TrustProfileID>C-PEPS</TrustProfileID>
+ <!-- Profil für die Test C-PEPS -->
+ <!-- <TrustProfileID>C-PEPS-Test</TrustProfileID> -->
+ </SignatureVerificationParameter>
+ </SAMLSigningParameter>
+ </STORK>
</ForeignIdentities>
<!-- Einstellungen für den Zugriff auf das Online-Vollmachten Service -->
<!-- <OnlineMandates> -->
@@ -71,6 +104,35 @@
<!-- Unter https://vollmachten.stammzahlenregister.gv.at/mis/ finden Sie eine Liste der unterstützen Vollmachten-Profile.-->
<!--<Profiles>Zustellung,Prokura,PostvollmachtAufBasisProkura,WKOVollmachtAufBasisProkura,ZVR,ZVRMitPostvollmacht,ERsB,ErsBMitPostvollmacht,PostvollmachtBilateral,GeneralvollmachtBilateral,WKOVollmachtBilateral</Profiles>-->
<!--</Mandates> -->
+
+ <!-- STORK Konfiguration für zusätzliche Attribute, die bei einer STORK Anmeldung angefragt werden können -->
+ <!-- Defaultmäßig werden die folgenden Attribute abgefragt: eIdentifier, givenName, surname, dateOfBirth -->
+ <!-- Löschen Sie die jeweils nicht benötigten Attribute oder den gesamten <STORK>-Eintrag für den default -->
+ <!-- QualityAuthenticationAssuranceLevel dient nur zu Testzwecken, defaultmäßig wird QAA 4 verwendet -->
+ <!--
+ <STORK>
+ <stork:QualityAuthenticationAssuranceLevel>4</stork:QualityAuthenticationAssuranceLevel>
+ <storkp:RequestedAttributes>
+ <stork:RequestedAttribute Name="http://www.stork.gov.eu/1.0/inheritedFamilyName" isRequired="false" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri"/>
+ <stork:RequestedAttribute Name="http://www.stork.gov.eu/1.0/adoptedFamilyName" isRequired="false" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri"/>
+ <stork:RequestedAttribute Name="http://www.stork.gov.eu/1.0/gender" isRequired="false" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri"/>
+ <stork:RequestedAttribute Name="http://www.stork.gov.eu/1.0/countryCodeOfBirth" isRequired="false" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri"/>
+ <stork:RequestedAttribute Name="http://www.stork.gov.eu/1.0/nationalityCode" isRequired="false" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri"/>
+ <stork:RequestedAttribute Name="http://www.stork.gov.eu/1.0/maritalStatus" isRequired="false" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri"/>
+ <stork:RequestedAttribute Name="http://www.stork.gov.eu/1.0/textResidenceAddress" isRequired="false" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri"/>
+ <stork:RequestedAttribute Name="http://www.stork.gov.eu/1.0/canonicalResidenceAddress" isRequired="false" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri"/>
+ <stork:RequestedAttribute Name="http://www.stork.gov.eu/1.0/eMail" isRequired="false" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri"/>
+ <stork:RequestedAttribute Name="http://www.stork.gov.eu/1.0/title" isRequired="false" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri"/>
+ <stork:RequestedAttribute Name="http://www.stork.gov.eu/1.0/residencePermit" isRequired="false" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri"/>
+ <stork:RequestedAttribute Name="http://www.stork.gov.eu/1.0/pseudonym" isRequired="false" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri"/>
+ <stork:RequestedAttribute Name="http://www.stork.gov.eu/1.0/age" isRequired="false" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri"/>
+ <stork:RequestedAttribute Name="http://www.stork.gov.eu/1.0/citizenQAALevel" isRequired="false" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri"/>
+ <stork:RequestedAttribute Name="http://www.stork.gov.eu/1.0/isAgeOver" isRequired="false" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri">
+ <stork:AttributeValue>1</stork:AttributeValue>
+ </stork:RequestedAttribute>
+ </storkp:RequestedAttributes>
+ </STORK>
+ -->
</AuthComponent>
</OnlineApplication>
<!-- ChainingModes fuer die Zertifikatspfadueberpruefung der TLS-Zertifikate -->
diff --git a/id/server/data/deploy/conf/moa-id/SampleMOAIDConfiguration_withTestBKsProxy.xml b/id/server/data/deploy/conf/moa-id/SampleMOAIDConfiguration_withTestBKsProxy.xml
index f9e296c62..9c5223de5 100644
--- a/id/server/data/deploy/conf/moa-id/SampleMOAIDConfiguration_withTestBKsProxy.xml
+++ b/id/server/data/deploy/conf/moa-id/SampleMOAIDConfiguration_withTestBKsProxy.xml
@@ -1,6 +1,6 @@
<?xml version="1.0" encoding="UTF-8"?>
<!-- Beispielkonfiguration fuer MOA-ID -->
-<MOA-IDConfiguration xmlns="http://www.buergerkarte.at/namespaces/moaconfig#" xmlns:dsig="http://www.w3.org/2000/09/xmldsig#" xmlns:sl10="http://www.buergerkarte.at/namespaces/securitylayer/20020225#" xmlns:sl11="http://www.buergerkarte.at/namespaces/securitylayer/20020831#">
+<MOA-IDConfiguration xmlns="http://www.buergerkarte.at/namespaces/moaconfig#" xmlns:dsig="http://www.w3.org/2000/09/xmldsig#" xmlns:sl10="http://www.buergerkarte.at/namespaces/securitylayer/20020225#" xmlns:sl11="http://www.buergerkarte.at/namespaces/securitylayer/20020831#" xmlns:stork="urn:eu:stork:names:tc:STORK:1.0:assertion" xmlns:storkp="urn:eu:stork:names:tc:STORK:1.0:protocol">
<!-- Konfiguration fuer MOA-ID-AUTH -->
<AuthComponent>
<!-- Transformationen fuer die Anzeige des AUTH-Block im Secure Viewer -->
@@ -42,6 +42,39 @@
<!-- Wenn ihr MOA-ID Zertifikat diese Voraussetzung erfüllt, können Sie dieses hier angeben. -->
<!-- <ClientKeyStore password="Keystore Pass">file_to_clientkeystore</ClientKeyStore> -->
</ConnectionParameter>
+ <!-- Verwendung von STORK für die Authentifizierung von ausländischen Personen -->
+ <STORK>
+ <!-- Produktive C-PEPS -->
+ <C-PEPS countryCode="ES" URL="https://spanishpeps.mpr.es/PEPS/ColleagueRequest"/>
+ <C-PEPS countryCode="IT" URL="https://it-peps-stork.polito.it/PEPS/ColleagueRequest"/>
+ <C-PEPS countryCode="PT" URL="https://eu-id.cartaodecidadao.gov.pt/PEPS/ColleagueRequest"/>
+ <C-PEPS countryCode="SI" URL="https://peps.mju.gov.si/PEPS/ColleagueRequest">
+ <stork:RequestedAttribute Name="http://www.stork.gov.eu/1.0/fiscalNumber" isRequired="true" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri"/>
+ </C-PEPS>
+ <!-- Test C-PEPS -->
+ <!--
+ <C-PEPS countryCode="ES" URL="https://88.84.94.24/PEPS/ColleagueRequest"/>
+ <C-PEPS countryCode="IT" URL="https://it-peps-stork.polito.it/PEPS2/ColleagueRequest"/>
+ <C-PEPS countryCode="PT" URL="https://eu-id.teste.cartaodecidadao.gov.pt/PEPS/ColleagueRequest"/>
+ <C-PEPS countryCode="SI" URL="https://peps-test.mju.gov.si/PEPS/ColleagueRequest">
+ <stork:RequestedAttribute Name="http://www.stork.gov.eu/1.0/fiscalNumber" isRequired="true" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri"/>
+ </C-PEPS>
+ -->
+ <!-- Geben Sie hier den Schlüssel zum Signieren der STORK Authentifizierungsnachrichten an (Schlüssel vorerst auf Anfrage beim EGIZ erhältlich) -->
+ <SAMLSigningParameter>
+ <SignatureCreationParameter>
+ <KeyStore password="Keystore Pass">file_to_keystore</KeyStore>
+ <KeyName password="Key Pass">signing_key_name</KeyName>
+ </SignatureCreationParameter>
+ <SignatureVerificationParameter>
+ <!-- Geben Sie hier das MOA-ID TrustProfil an, welches zur Signatur-Verifizierung von STORK Nachrichten verwendet werden soll -->
+ <!-- Profil für die Produktiven C-PEPS -->
+ <TrustProfileID>C-PEPS</TrustProfileID>
+ <!-- Profil für die Test C-PEPS -->
+ <!-- <TrustProfileID>C-PEPS-Test</TrustProfileID> -->
+ </SignatureVerificationParameter>
+ </SAMLSigningParameter>
+ </STORK>
</ForeignIdentities>
<!-- Einstellungen für den Zugriff auf das Online-Vollmachten Service -->
<!-- <OnlineMandates> -->
@@ -81,6 +114,35 @@
<!-- Unter https://vollmachten.stammzahlenregister.gv.at/mis/ finden Sie eine Liste der unterstützen Vollmachten-Profile.-->
<!-- <Profiles>Zustellung,Prokura,PostvollmachtAufBasisProkura,WKOVollmachtAufBasisProkura,ZVR,ZVRMitPostvollmacht,ERsB,ErsBMitPostvollmacht,PostvollmachtBilateral,GeneralvollmachtBilateral,WKOVollmachtBilateral</Profiles>-->
<!-- </Mandates>-->
+
+ <!-- STORK Konfiguration für zusätzliche Attribute, die bei einer STORK Anmeldung angefragt werden können -->
+ <!-- Defaultmäßig werden die folgenden Attribute abgefragt: eIdentifier, givenName, surname, dateOfBirth -->
+ <!-- Löschen Sie die jeweils nicht benötigten Attribute oder den gesamten <STORK>-Eintrag für den default -->
+ <!-- QualityAuthenticationAssuranceLevel dient nur zu Testzwecken, defaultmäßig wird QAA 4 verwendet -->
+ <!--
+ <STORK>
+ <stork:QualityAuthenticationAssuranceLevel>4</stork:QualityAuthenticationAssuranceLevel>
+ <storkp:RequestedAttributes>
+ <stork:RequestedAttribute Name="http://www.stork.gov.eu/1.0/inheritedFamilyName" isRequired="false" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri"/>
+ <stork:RequestedAttribute Name="http://www.stork.gov.eu/1.0/adoptedFamilyName" isRequired="false" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri"/>
+ <stork:RequestedAttribute Name="http://www.stork.gov.eu/1.0/gender" isRequired="false" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri"/>
+ <stork:RequestedAttribute Name="http://www.stork.gov.eu/1.0/countryCodeOfBirth" isRequired="false" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri"/>
+ <stork:RequestedAttribute Name="http://www.stork.gov.eu/1.0/nationalityCode" isRequired="false" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri"/>
+ <stork:RequestedAttribute Name="http://www.stork.gov.eu/1.0/maritalStatus" isRequired="false" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri"/>
+ <stork:RequestedAttribute Name="http://www.stork.gov.eu/1.0/textResidenceAddress" isRequired="false" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri"/>
+ <stork:RequestedAttribute Name="http://www.stork.gov.eu/1.0/canonicalResidenceAddress" isRequired="false" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri"/>
+ <stork:RequestedAttribute Name="http://www.stork.gov.eu/1.0/eMail" isRequired="false" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri"/>
+ <stork:RequestedAttribute Name="http://www.stork.gov.eu/1.0/title" isRequired="false" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri"/>
+ <stork:RequestedAttribute Name="http://www.stork.gov.eu/1.0/residencePermit" isRequired="false" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri"/>
+ <stork:RequestedAttribute Name="http://www.stork.gov.eu/1.0/pseudonym" isRequired="false" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri"/>
+ <stork:RequestedAttribute Name="http://www.stork.gov.eu/1.0/age" isRequired="false" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri"/>
+ <stork:RequestedAttribute Name="http://www.stork.gov.eu/1.0/citizenQAALevel" isRequired="false" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri"/>
+ <stork:RequestedAttribute Name="http://www.stork.gov.eu/1.0/isAgeOver" isRequired="false" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri">
+ <stork:AttributeValue>1</stork:AttributeValue>
+ </stork:RequestedAttribute>
+ </storkp:RequestedAttributes>
+ </STORK>
+ -->
</AuthComponent>
<!-- fuer MOA-ID-PROXY -->
<ProxyComponent configFileURL="oa/SampleOAConfiguration.xml" sessionTimeOut="600">
diff --git a/id/server/data/deploy/conf/moa-id/SampleMOAWIDConfiguration.xml b/id/server/data/deploy/conf/moa-id/SampleMOAWIDConfiguration.xml
index f639af1b6..bf6a7b489 100644
--- a/id/server/data/deploy/conf/moa-id/SampleMOAWIDConfiguration.xml
+++ b/id/server/data/deploy/conf/moa-id/SampleMOAWIDConfiguration.xml
@@ -1,6 +1,6 @@
<?xml version="1.0" encoding="UTF-8"?>
<!-- Beispielkonfiguration fuer MOA-WID ohne Proxy -->
-<MOA-IDConfiguration xmlns="http://www.buergerkarte.at/namespaces/moaconfig#" xmlns:dsig="http://www.w3.org/2000/09/xmldsig#">
+<MOA-IDConfiguration xmlns="http://www.buergerkarte.at/namespaces/moaconfig#" xmlns:dsig="http://www.w3.org/2000/09/xmldsig#" xmlns:stork="urn:eu:stork:names:tc:STORK:1.0:assertion" xmlns:storkp="urn:eu:stork:names:tc:STORK:1.0:protocol">
<!-- Konfiguration fuer MOA-ID-AUTH -->
<AuthComponent>
<!-- Transformationen fuer die Anzeige des AUTH-Block im Secure Viewer -->
@@ -29,19 +29,7 @@
<VerifyTransformsInfoProfileID>MOAIDTransformAuthBlockTable_DE</VerifyTransformsInfoProfileID>
<!-- <VerifyTransformsInfoProfileID>MOAIDTransformAuthBlockTable_EN</VerifyTransformsInfoProfileID>-->
</VerifyAuthBlock>
- </MOA-SP>
- <!-- Einstellungen für den Zugriff auf das Stammzahlenregister-Gateway - für ausländische Personen -->
- <ForeignIdentities>
- <!-- Echtsystem (Eintragung ins ERnP nur mit Echtkarten gemäß E-Government Gleichwertigkeits Verordnung) -->
- <ConnectionParameter URL="https://gateway.stammzahlenregister.gv.at/services/IdentityLinkCreation">
- <!-- Testsystem (Eintragung ins ERnP - auch für Testkarten) -->
- <!--<ConnectionParameter URL="https://gateway.stammzahlenregister.gv.at:8443/services/IdentityLinkCreation">-->
- <!-- Geben Sie hier ihren Client Keystore für den Zugriff auf das Stammzahlenregister-Gateway an -->
- <!-- Voraussetzung: A-Trust oder A-CERT Zertifikat mit Verwaltungseigenschaft oder Dienstleistereigenschaft. -->
- <!-- Wenn ihr MOA-ID Zertifikat diese Voraussetzung erfüllt, können Sie dieses hier angeben. -->
- <!-- <ClientKeyStore password="Keystore Pass">file_to_clientkeystore</ClientKeyStore> -->
- </ConnectionParameter>
- </ForeignIdentities>
+ </MOA-SP>
</AuthComponent>
<!-- Eintragung fuer jede Online-Applikation -->
<!-- publicURLPrefix referenziert hier keine richtige Online Applikation; muss angepasst werden -->
@@ -52,7 +40,7 @@
<IdentificationNumber>
<!-- Beispiel Firmenbuchnummer -->
<pr:Firmenbuchnummer xmlns:pr="http://reference.e-government.gv.at/namespace/persondata/20020228#">468924i</pr:Firmenbuchnummer>
- </IdentificationNumber>
+ </IdentificationNumber>
</AuthComponent>
</OnlineApplication>
<!-- ChainingModes fuer die Zertifikatspfadueberpruefung der TLS-Zertifikate -->
diff --git a/id/server/data/deploy/conf/moa-id/SampleMOAWIDConfigurationProxy.xml b/id/server/data/deploy/conf/moa-id/SampleMOAWIDConfigurationProxy.xml
index a63eb8db9..f54f3df3e 100644
--- a/id/server/data/deploy/conf/moa-id/SampleMOAWIDConfigurationProxy.xml
+++ b/id/server/data/deploy/conf/moa-id/SampleMOAWIDConfigurationProxy.xml
@@ -1,6 +1,6 @@
<?xml version="1.0" encoding="UTF-8"?>
<!-- Beispielkonfiguration fuer MOA-WID -->
-<MOA-IDConfiguration xmlns="http://www.buergerkarte.at/namespaces/moaconfig#" xmlns:dsig="http://www.w3.org/2000/09/xmldsig#">
+<MOA-IDConfiguration xmlns="http://www.buergerkarte.at/namespaces/moaconfig#" xmlns:dsig="http://www.w3.org/2000/09/xmldsig#" xmlns:stork="urn:eu:stork:names:tc:STORK:1.0:assertion" xmlns:storkp="urn:eu:stork:names:tc:STORK:1.0:protocol">
<!-- Konfiguration fuer MOA-ID-AUTH -->
<AuthComponent>
<!-- Transformationen fuer die Anzeige des AUTH-Block im Secure Viewer -->
@@ -29,19 +29,7 @@
<VerifyTransformsInfoProfileID>MOAIDTransformAuthBlockTable_DE</VerifyTransformsInfoProfileID>
<!-- <VerifyTransformsInfoProfileID>MOAIDTransformAuthBlockTable_EN</VerifyTransformsInfoProfileID>-->
</VerifyAuthBlock>
- </MOA-SP>
- <!-- Einstellungen für den Zugriff auf das Stammzahlenregister-Gateway - für ausländische Personen -->
- <ForeignIdentities>
- <!-- Echtsystem (Eintragung ins ERnP nur mit Echtkarten gemäß E-Government Gleichwertigkeits Verordnung) -->
- <ConnectionParameter URL="https://gateway.stammzahlenregister.gv.at/services/IdentityLinkCreation">
- <!-- Testsystem (Eintragung ins ERnP - auch für Testkarten) -->
- <!--<ConnectionParameter URL="https://gateway.stammzahlenregister.gv.at:8443/services/IdentityLinkCreation">-->
- <!-- Geben Sie hier ihren Client Keystore für den Zugriff auf das Stammzahlenregister-Gateway an -->
- <!-- Voraussetzung: A-Trust Zertifikat mit Verwaltungseigenschaft. Wenn ihr MOA-ID Zertifikat -->
- <!-- diese Voraussetzung erfüllt, können Sie dieses hier angeben. -->
- <!-- <ClientKeyStore password="Keystore Pass">file_to_clientkeystore</ClientKeyStore> -->
- </ConnectionParameter>
- </ForeignIdentities>
+ </MOA-SP>
</AuthComponent>
<!-- Konfiguration fuer MOA-ID-PROXY -->
<ProxyComponent>
@@ -62,7 +50,7 @@
<IdentificationNumber>
<!-- Beispiel Firmenbuchnummer -->
<pr:Firmenbuchnummer xmlns:pr="http://reference.e-government.gv.at/namespace/persondata/20020228#">468924i</pr:Firmenbuchnummer>
- </IdentificationNumber>
+ </IdentificationNumber>
</AuthComponent>
<!-- fuer MOA-ID-PROXY -->
<ProxyComponent configFileURL="oa/SampleOAConfiguration.xml" sessionTimeOut="600">
diff --git a/id/server/data/deploy/conf/moa-id/SampleMOAWIDConfiguration_withTestBKs.xml b/id/server/data/deploy/conf/moa-id/SampleMOAWIDConfiguration_withTestBKs.xml
index 6d7e1d0d1..1472571fc 100644
--- a/id/server/data/deploy/conf/moa-id/SampleMOAWIDConfiguration_withTestBKs.xml
+++ b/id/server/data/deploy/conf/moa-id/SampleMOAWIDConfiguration_withTestBKs.xml
@@ -1,6 +1,6 @@
<?xml version="1.0" encoding="UTF-8"?>
<!-- Beispielkonfiguration fuer MOA-WID ohne Proxy -->
-<MOA-IDConfiguration xmlns="http://www.buergerkarte.at/namespaces/moaconfig#" xmlns:dsig="http://www.w3.org/2000/09/xmldsig#" xmlns:sl10="http://www.buergerkarte.at/namespaces/securitylayer/20020225#" xmlns:sl11="http://www.buergerkarte.at/namespaces/securitylayer/20020831#">
+<MOA-IDConfiguration xmlns="http://www.buergerkarte.at/namespaces/moaconfig#" xmlns:dsig="http://www.w3.org/2000/09/xmldsig#" xmlns:sl10="http://www.buergerkarte.at/namespaces/securitylayer/20020225#" xmlns:sl11="http://www.buergerkarte.at/namespaces/securitylayer/20020831#" xmlns:stork="urn:eu:stork:names:tc:STORK:1.0:assertion" xmlns:storkp="urn:eu:stork:names:tc:STORK:1.0:protocol">
<!-- Konfiguration fuer MOA-ID-AUTH -->
<AuthComponent>
<!-- Transformationen fuer die Anzeige des AUTH-Block im Secure Viewer -->
@@ -30,19 +30,7 @@
<VerifyTransformsInfoProfileID>MOAIDTransformAuthBlockTable_DE</VerifyTransformsInfoProfileID>
<!-- <VerifyTransformsInfoProfileID>MOAIDTransformAuthBlockTable_EN</VerifyTransformsInfoProfileID>-->
</VerifyAuthBlock>
- </MOA-SP>
- <!-- Einstellungen für den Zugriff auf das Stammzahlenregister-Gateway - für ausländische Personen -->
- <ForeignIdentities>
- <!-- Echtsystem (Eintragung ins ERnP nur mit Echtkarten gemäß E-Government Gleichwertigkeits Verordnung) -->
- <ConnectionParameter URL="https://gateway.stammzahlenregister.gv.at/services/IdentityLinkCreation">
- <!-- Testsystem (Eintragung ins ERnP - auch für Testkarten) -->
- <!--<ConnectionParameter URL="https://gateway.stammzahlenregister.gv.at:8443/services/IdentityLinkCreation">-->
- <!-- Geben Sie hier ihren Client Keystore für den Zugriff auf das Stammzahlenregister-Gateway an -->
- <!-- Voraussetzung: A-Trust Zertifikat mit Verwaltungseigenschaft. Wenn ihr MOA-ID Zertifikat -->
- <!-- diese Voraussetzung erfüllt, können Sie dieses hier angeben. -->
- <!-- <ClientKeyStore password="Keystore Pass">file_to_clientkeystore</ClientKeyStore> -->
- </ConnectionParameter>
- </ForeignIdentities>
+ </MOA-SP>
</AuthComponent>
<!-- Eintragung fuer jede Online-Applikation -->
<!-- publicURLPrefix referenziert hier keine richtige Online Applikation; muss angepasst werden -->
@@ -53,7 +41,7 @@
<IdentificationNumber>
<!-- Beispiel Firmenbuchnummer -->
<pr:Firmenbuchnummer xmlns:pr="http://reference.e-government.gv.at/namespace/persondata/20020228#">468924i</pr:Firmenbuchnummer>
- </IdentificationNumber>
+ </IdentificationNumber>
</AuthComponent>
</OnlineApplication>
<!-- ChainingModes fuer die Zertifikatspfadueberpruefung der TLS-Zertifikate -->
diff --git a/id/server/data/deploy/conf/moa-id/SampleMOAWIDConfiguration_withTestBKsProxy.xml b/id/server/data/deploy/conf/moa-id/SampleMOAWIDConfiguration_withTestBKsProxy.xml
index 6ce0f5d51..ea8260a91 100644
--- a/id/server/data/deploy/conf/moa-id/SampleMOAWIDConfiguration_withTestBKsProxy.xml
+++ b/id/server/data/deploy/conf/moa-id/SampleMOAWIDConfiguration_withTestBKsProxy.xml
@@ -1,6 +1,6 @@
<?xml version="1.0" encoding="UTF-8"?>
<!-- Beispielkonfiguration fuer MOA-WID -->
-<MOA-IDConfiguration xmlns="http://www.buergerkarte.at/namespaces/moaconfig#" xmlns:dsig="http://www.w3.org/2000/09/xmldsig#" xmlns:sl10="http://www.buergerkarte.at/namespaces/securitylayer/20020225#" xmlns:sl11="http://www.buergerkarte.at/namespaces/securitylayer/20020831#">
+<MOA-IDConfiguration xmlns="http://www.buergerkarte.at/namespaces/moaconfig#" xmlns:dsig="http://www.w3.org/2000/09/xmldsig#" xmlns:sl10="http://www.buergerkarte.at/namespaces/securitylayer/20020225#" xmlns:sl11="http://www.buergerkarte.at/namespaces/securitylayer/20020831#" xmlns:stork="urn:eu:stork:names:tc:STORK:1.0:assertion" xmlns:storkp="urn:eu:stork:names:tc:STORK:1.0:protocol">
<!-- Konfiguration fuer MOA-ID-AUTH -->
<AuthComponent>
<!-- Transformationen fuer die Anzeige des AUTH-Block im Secure Viewer -->
@@ -30,19 +30,7 @@
<VerifyTransformsInfoProfileID>MOAIDTransformAuthBlockTable_DE</VerifyTransformsInfoProfileID>
<!-- <VerifyTransformsInfoProfileID>MOAIDTransformAuthBlockTable_EN</VerifyTransformsInfoProfileID>-->
</VerifyAuthBlock>
- </MOA-SP>
- <!-- Einstellungen für den Zugriff auf das Stammzahlenregister-Gateway - für ausländische Personen -->
- <ForeignIdentities>
- <!-- Echtsystem (Eintragung ins ERnP nur mit Echtkarten gemäß E-Government Gleichwertigkeits Verordnung) -->
- <ConnectionParameter URL="https://gateway.stammzahlenregister.gv.at/services/IdentityLinkCreation">
- <!-- Testsystem (Eintragung ins ERnP - auch für Testkarten) -->
- <!--<ConnectionParameter URL="https://gateway.stammzahlenregister.gv.at:8443/services/IdentityLinkCreation">-->
- <!-- Geben Sie hier ihren Client Keystore für den Zugriff auf das Stammzahlenregister-Gateway an -->
- <!-- Voraussetzung: A-Trust Zertifikat mit Verwaltungseigenschaft. Wenn ihr MOA-ID Zertifikat -->
- <!-- diese Voraussetzung erfüllt, können Sie dieses hier angeben. -->
- <!-- <ClientKeyStore password="Keystore Pass">file_to_clientkeystore</ClientKeyStore> -->
- </ConnectionParameter>
- </ForeignIdentities>
+ </MOA-SP>
</AuthComponent>
<!-- Konfiguration fuer MOA-ID-PROXY -->
<ProxyComponent>
@@ -63,7 +51,7 @@
<IdentificationNumber>
<!-- Beispiel Firmenbuchnummer -->
<pr:Firmenbuchnummer xmlns:pr="http://reference.e-government.gv.at/namespace/persondata/20020228#">468924i</pr:Firmenbuchnummer>
- </IdentificationNumber>
+ </IdentificationNumber>
</AuthComponent>
<!-- fuer MOA-ID-PROXY -->
<ProxyComponent configFileURL="oa/SampleOAConfiguration.xml" sessionTimeOut="600">
diff --git a/id/server/data/deploy/conf/moa-id/log4j.properties b/id/server/data/deploy/conf/moa-id/log4j.properties
index 0f31f4891..5f44f06bc 100644
--- a/id/server/data/deploy/conf/moa-id/log4j.properties
+++ b/id/server/data/deploy/conf/moa-id/log4j.properties
@@ -8,6 +8,7 @@ log4j.logger.moa.spss.server=info
log4j.logger.iaik.server=info
log4j.logger.moa.id.auth=info
log4j.logger.moa.id.proxy=info
+log4j.logger.eu.stork=info
# configure the stdout appender
log4j.appender.stdout=org.apache.log4j.ConsoleAppender
diff --git a/id/server/data/deploy/conf/moa-spss/SampleMOASPSSConfiguration.xml b/id/server/data/deploy/conf/moa-spss/SampleMOASPSSConfiguration.xml
index dbf7cab1c..1352154c5 100644
--- a/id/server/data/deploy/conf/moa-spss/SampleMOASPSSConfiguration.xml
+++ b/id/server/data/deploy/conf/moa-spss/SampleMOASPSSConfiguration.xml
@@ -39,6 +39,14 @@
<cfg:Id>MOAIDBuergerkarteAuthentisierungsDatenMitTestkarten</cfg:Id>
<cfg:TrustAnchorsLocation>trustProfiles/MOAIDBuergerkarteAuthentisierungsDatenMitTestkarten</cfg:TrustAnchorsLocation>
</cfg:TrustProfile>
+ <cfg:TrustProfile>
+ <cfg:Id>C-PEPS-Test</cfg:Id>
+ <cfg:TrustAnchorsLocation>trustProfiles/C-PEPS-Test</cfg:TrustAnchorsLocation>
+ </cfg:TrustProfile>
+ <cfg:TrustProfile>
+ <cfg:Id>C-PEPS</cfg:Id>
+ <cfg:TrustAnchorsLocation>trustProfiles/C-PEPS</cfg:TrustAnchorsLocation>
+ </cfg:TrustProfile>
</cfg:PathValidation>
<cfg:RevocationChecking>
<cfg:EnableChecking>true</cfg:EnableChecking>
diff --git a/id/server/data/deploy/conf/moa-spss/trustProfiles/C-PEPS-Test/ES_C-PEPS_Test.cer b/id/server/data/deploy/conf/moa-spss/trustProfiles/C-PEPS-Test/ES_C-PEPS_Test.cer
new file mode 100644
index 000000000..10c4987ef
--- /dev/null
+++ b/id/server/data/deploy/conf/moa-spss/trustProfiles/C-PEPS-Test/ES_C-PEPS_Test.cer
@@ -0,0 +1,16 @@
+MIIDWDCCAkCgAwIBAAIETgGmXDANBgkqhkiG9w0BAQUFADBuMSYwJAYJKoZIhvcNAQkBFhdqYWxj
+YWxkZW1vcmFub0BpbmRyYS5lczELMAkGA1UEBhMCRVMxEDAOBgNVBAgMB0VzcGHDsWExDzANBgNV
+BAoTBm1wdC5lczEUMBIGA1UEAxMLODguODQuOTQuMjQwHhcNMTEwNjIyMDgyMjUyWhcNMTQwMzE4
+MDgyMjUyWjBuMSYwJAYJKoZIhvcNAQkBFhdqYWxjYWxkZW1vcmFub0BpbmRyYS5lczELMAkGA1UE
+BhMCRVMxEDAOBgNVBAgMB0VzcGHDsWExDzANBgNVBAoTBm1wdC5lczEUMBIGA1UEAxMLODguODQu
+OTQuMjQwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCSNeKJi+dOYTy4s/7aL1AXRBj0
+BlPRgHUYknGMU/Aog09AqKz5WZ95926NpufBHVZ5XVKW42Fxfrpk2fnSaAORrk6affYgdfm8HXcd
+dCD9i4yQkLADKpe3Gi29YeBUNC+j+E+iJaxP2whuXsLCpkYcmfbvx6yQkiPa3VFtw7omfEgGe1LQ
+9+ZvNh36Z895rUP/vgoOKi6AjXed4OgOmtyKx9k7AwnG2w040pt1I6LErlbmxoxtk0/11ecaEjzU
+RhxKdCXTuV9jSH7hsnbM9qehLnZSoZqdTYJgxVGyzqpo3SUta13oTn/8ugpRAneoC86m+AA0xmNn
+XZRY4pPgqLjxAgMBAAEwDQYJKoZIhvcNAQEFBQADggEBABwRU7MLJcbm51fPQHtT+mypYslA4xFy
+zve7SyC2zCowFVZhnIwW19Cd0izGjfKPZZYS28N5EHmIQgxSNgJZi6693HINr0K5NPZd/jWRK46I
+uLK7je/K3oDUHnQXJ9xDkgRSDPZj/Wf0ZN+CDEAadhKopF5aJi8QyoYIsPxzn0p8SSgy5UsuKko6
+ov12x3B9O9mwM9HprO8FqzXbKdTaBgrZWVYOHPlD+cl9xSdrcZH347iwI6xEMtkASpXmxN9xLueE
+jI4eTuH148+Pzyr4iNIvfRQLY9iNJSmjoTJm0oKdGzKN0orSw/Ni53vpInziuR2FjYtQ4Zpf2why
+Ht0CXp0= \ No newline at end of file
diff --git a/id/server/data/deploy/conf/moa-spss/trustProfiles/C-PEPS-Test/IT_C-PEPS_Test.cer b/id/server/data/deploy/conf/moa-spss/trustProfiles/C-PEPS-Test/IT_C-PEPS_Test.cer
new file mode 100644
index 000000000..925fedbc2
--- /dev/null
+++ b/id/server/data/deploy/conf/moa-spss/trustProfiles/C-PEPS-Test/IT_C-PEPS_Test.cer
@@ -0,0 +1,21 @@
+-----BEGIN CERTIFICATE-----
+MIIDcjCCAlqgAwIBAgIES8cgYjANBgkqhkiG9w0BAQUFADB7MSswKQYJKoZIhvcN
+AQkBFhx3ZWJtYXN0ZXJAc3R1ZGVudGkucG9saXRvLml0MQswCQYDVQQGEwJJVDEO
+MAwGA1UECgwFU1RPUksxDTALBgNVBAsMBFBFUFMxIDAeBgNVBAMMF2l0LXBlcHMt
+c3RvcmsucG9saXRvLml0MB4XDTEwMDQxNTE0MTkxNFoXDTM1MDQwOTE0MTkxNFow
+ezErMCkGCSqGSIb3DQEJARYcd2VibWFzdGVyQHN0dWRlbnRpLnBvbGl0by5pdDEL
+MAkGA1UEBhMCSVQxDjAMBgNVBAoMBVNUT1JLMQ0wCwYDVQQLDARQRVBTMSAwHgYD
+VQQDDBdpdC1wZXBzLXN0b3JrLnBvbGl0by5pdDCCASIwDQYJKoZIhvcNAQEBBQAD
+ggEPADCCAQoCggEBAMtNR5qqszWjwl8TlGpYUPrglCCrEZQSQYnekPcSLhumMxCv
+z0+pksnf/ArfSDisvzVNYSbpuEBr4o/LM3WahBMGJVJZJjXstNjePNETvfBbfEU+
++v27AabeZRK8KGizfry1q1tPuXRp/g+AfftZ/SBYe5CkdCUylnBItU22aEAHhGNT
+OkFebwWUxgWjy1mIjljnoish2y9UrWadvW+2rdkNT6m1WyG1aHy2K9rXldi82PGE
+WgCNNS+baj/2gVVAMo+iqZn8E/2n9Q0kSbJ60GTXWivWqdQbX3oJnS8t30Iha7Au
+zHmOvFbsi8LVA6Z4UfItgHrLxzO+U+x9ZSvA6TsCAwEAATANBgkqhkiG9w0BAQUF
+AAOCAQEAUPDg0VD4CG46bwYEbJ1H+5oDJibQ264JDq+E4z5YY2HLMf640ujKCz+o
+/33GIDyVrqjq8Zk1l0CSyLEW/49r87g4LunMVilty63aYRnj3+wWPNTbSTwfWXgu
+WcD00QnVoWparUnh75CfKUBm7lzn+q2WZPU18KpbXLw5E9rsRHnmaINqa9c5Fm6W
+VcP0qvrDizkEJ04gW3hadSKUEmHLNt1hnX1pnq7LJblb4AwLrpXNDfVZr8RdwRg7
+M5tBvGeKVRpniGILiND0UXkrKgkuWJkMzBiShg8YULtAaOC2D6lIkXAZnute6xaJ
+QNVdXrjW5oFUTw/YnHcg+bdCRlTCaA==
+-----END CERTIFICATE----- \ No newline at end of file
diff --git a/id/server/data/deploy/conf/moa-spss/trustProfiles/C-PEPS-Test/PT_C-PEPS_Test.cer b/id/server/data/deploy/conf/moa-spss/trustProfiles/C-PEPS-Test/PT_C-PEPS_Test.cer
new file mode 100644
index 000000000..7b625ea9f
--- /dev/null
+++ b/id/server/data/deploy/conf/moa-spss/trustProfiles/C-PEPS-Test/PT_C-PEPS_Test.cer
@@ -0,0 +1,32 @@
+-----BEGIN CERTIFICATE-----
+MIIFjTCCBHWgAwIBAgIEQm3h+zANBgkqhkiG9w0BAQUFADA+MQswCQYDVQQGEwJw
+dDEVMBMGA1UEChMMTVVMVElDRVJULUNBMRgwFgYDVQQDEw9NVUxUSUNFUlQtQ0Eg
+MDIwHhcNMTEwNzIxMTU0NjMxWhcNMTIwODE3MTU0MTE3WjCBwTELMAkGA1UEBhMC
+UFQxFTATBgNVBAoTDE1VTFRJQ0VSVC1DQTEWMBQGA1UECxMNQ0VSVElQT1IgLSBS
+QTESMBAGA1UECxMJQ29ycG9yYXRlMTMwMQYDVQQLEypBZ2VuY2lhIHBhcmEgYSBN
+b2Rlcm5pemFjYW8gQWRtaW5pc3RyYXRpdmExGDAWBgNVBAsTD1dlYiBBcHBsaWNh
+dGlvbjEgMB4GA1UEAxMXUEVQUyBQb3J0dWd1ZXMgZGUgVGVzdGUwgZ8wDQYJKoZI
+hvcNAQEBBQADgY0AMIGJAoGBALo91gnq+SQj8yPx8ssFEKuPvAfagO8f+EagEs+u
+XJhLx41GpFZesMuolxf86n3TdxJHcLSXI224HqZu3BtXExUiD1LCAvtGCjzOr6Rg
+oySwhIQrgMEsKRRpkQN0jQHIMze11EXqVAJ2+MDX9V4cABuIEd9LOOl0PcQmc7m8
+jcKXAgMBAAGjggKRMIICjTALBgNVHQ8EBAMCA/gwOAYIKwYBBQUHAQEELDAqMCgG
+CCsGAQUFBzABhhxodHRwOi8vb2NzcC5tdWx0aWNlcnQuY29tL2NhMIHgBgNVHSAE
+gdgwgdUwTQYJKwYBBAGwPAoCMEAwPgYIKwYBBQUHAgEWMmh0dHA6Ly93d3cubXVs
+dGljZXJ0LmNvbS9jcHMvbXVsdGljZXJ0LWNhLWNwcy5odG1sMIGDBgsrBgEEAbA8
+CgKIBjB0MHIGCCsGAQUFBwICMGYeZABoAHQAdABwADoALwAvAHcAdwB3AC4AbQB1
+AGwAdABpAGMAZQByAHQALgBjAG8AbQAvAGMAcAAvAG0AdQBsAHQAaQBjAGUAcgB0
+AC0AYwBhAC0AMQAwADMAMAAuAGgAdABtAGwwEQYJYIZIAYb4QgEBBAQDAgSwMIIB
+AQYDVR0fBIH5MIH2MIGaoIGXoIGUhi9odHRwOi8vd3d3Lm11bHRpY2VydC5jb20v
+Y2EvbXVsdGljZXJ0LWNhLTAyLmNybIZhbGRhcDovL2xkYXAubXVsdGljZXJ0LmNv
+bS9jbj1NVUxUSUNFUlQtQ0ElMjAwMixvPU1VTFRJQ0VSVC1DQSxjPVBUP2NlcnRp
+ZmljYXRlUmV2b2NhdGlvbkxpc3Q/YmFzZTBXoFWgU6RRME8xCzAJBgNVBAYTAnB0
+MRUwEwYDVQQKEwxNVUxUSUNFUlQtQ0ExGDAWBgNVBAMTD01VTFRJQ0VSVC1DQSAw
+MjEPMA0GA1UEAxMGQ1JMMjI4MB8GA1UdIwQYMBaAFB3DuYilGL5gpyymY8pmKvwM
+J8G9MB0GA1UdDgQWBBRH/+uES4Jsr1UV5WeSoN3v1vUaPDAJBgNVHRMEAjAAMA0G
+CSqGSIb3DQEBBQUAA4IBAQAOFAxM2U6HyZgWl5h6UB1MUUL4j9VTQQOs6nw4hm22
+QK3SF+DPL6oXS1j+RKDHYNlpAfQ5r5ObcaxhEkaXOUZJ4q/3z1qScMVaZ1fjU0FB
+hRyAUE2qfiHp/0Ql4V2IrQqcBZ+mEQD5DFwNgx/UDr22lO0idjHnmxRed83/Mrm0
+03v+2eAujlsE9NfayP8oo9HkYNh5KvFjveCpUNv4IW18xEJLNDFd3dUEeb9UO+Bv
+eEkrxmo6k/k7usuRUfGrXBaFuxcL71l3lFD4k66CB3m7atcbohmbiAYhfHnLegpR
+EVKVolR6O3ljt3ou+Y79oI4U7bhn0U256R9hoobnX9Un
+-----END CERTIFICATE----- \ No newline at end of file
diff --git a/id/server/data/deploy/conf/moa-spss/trustProfiles/C-PEPS-Test/SI_C-PEPS_Test.cer b/id/server/data/deploy/conf/moa-spss/trustProfiles/C-PEPS-Test/SI_C-PEPS_Test.cer
new file mode 100644
index 000000000..25fd95a59
--- /dev/null
+++ b/id/server/data/deploy/conf/moa-spss/trustProfiles/C-PEPS-Test/SI_C-PEPS_Test.cer
@@ -0,0 +1,31 @@
+-----BEGIN CERTIFICATE-----
+MIIFbDCCBFSgAwIBAgIEQLK59zANBgkqhkiG9w0BAQUFADA+MQswCQYDVQQGEwJz
+aTEbMBkGA1UEChMSc3RhdGUtaW5zdGl0dXRpb25zMRIwEAYDVQQLEwlzaXRlc3Qt
+Y2EwHhcNMTAwMzMwMTMwOTIzWhcNMTUwMzMwMTMzOTIzWjCBhjELMAkGA1UEBhMC
+c2kxGzAZBgNVBAoTEnN0YXRlLWluc3RpdHV0aW9uczESMBAGA1UECxMJU0lURVNU
+LUNBMRkwFwYDVQQLExBjZXJ0aWZpY2F0ZXMtd2ViMSswEwYDVQQDEwxURVNUIFBF
+UFMgU0kwFAYDVQQFEw0zMDAzMjAxMDAwMDAxMIIBIjANBgkqhkiG9w0BAQEFAAOC
+AQ8AMIIBCgKCAQEA4h6L9Pv1TK7fz5K6Uur0Rli6EKzZwTtv9xXhSt2xlI4wFWzz
+FiCy5/O/Q5GPRa10YoMc8s7WmMdM5yI/bU0BF2t5SYtEH7MwbGaFZFKJt17OtbpZ
+AaCSoh6fm1yO0HtVVkG9UdH4mswS3wHp/d1C91lQNba2enVc2p9Nd4gYop/zbroE
+toFeDyHxTl0mYN/cUHQFT4H24hzAfWXh2FOBfNSnvNl2HnPJOT6HnrUBsdyzkSzL
+N0Eis2R1G5+mQkzAwW6UOroojvMclEJK3z1oekj2OWj1FhalTNmA5D9dkDymTRn4
+o3BW2S7ovmWPmxYUW9s26bkPhz/CbCQwIF9yPQIDAQABo4ICJzCCAiMwDgYDVR0P
+AQH/BAQDAgWgMCsGA1UdEAQkMCKADzIwMTAwMzMwMTMwOTIzWoEPMjAxNTAzMzAx
+MzM5MjNaMEsGA1UdIAREMEIwNgYLKwYBBAGvWQIBAQIwJzAlBggrBgEFBQcCARYZ
+aHR0cDovL3d3dy5jYS5nb3Yuc2kvY3BzLzAIBgYEAIswAQIwGAYIKwYBBQUHAQME
+DDAKMAgGBgQAjkYBATAeBgNVHREEFzAVgRN0ZXN0LnNpLXBlcHNAZ292LnNpMIH2
+BgNVHR8Ege4wgeswVaBToFGkTzBNMQswCQYDVQQGEwJzaTEbMBkGA1UEChMSc3Rh
+dGUtaW5zdGl0dXRpb25zMRIwEAYDVQQLEwlzaXRlc3QtY2ExDTALBgNVBAMTBENS
+TDMwgZGggY6ggYuGWGxkYXA6Ly94NTAwLmdvdi5zaS9vdT1zaXRlc3QtY2Esbz1z
+dGF0ZS1pbnN0aXR1dGlvbnMsYz1zaT9jZXJ0aWZpY2F0ZVJldm9jYXRpb25MaXN0
+P2Jhc2WGL2h0dHA6Ly93d3cuc2lnZW4tY2Euc2kvY3JsL3NpdGVzdC9zaXRlc3Qt
+Y2EuY3JsMB8GA1UdIwQYMBaAFFRJB0aHzx2JncqucqeooKBptyHnMB0GA1UdDgQW
+BBQySemeDi10DbeTYj1tkGZ5Zo4mwjAJBgNVHRMEAjAAMBkGCSqGSIb2fQdBAAQM
+MAobBFY3LjEDAgOoMA0GCSqGSIb3DQEBBQUAA4IBAQASQ4l1Vd+MRDLFo2A6qYYW
+LVqTvtPLIk7v7Bswmq2SFAL2XmPoL5xbQFeDW+LiWhQBmrlgWyI7gbi/1/rs1E00
+Z4Skn8l97tuIyuxvCKTFhJDx9pzgUQGowoCYo9IzcMNQpxx6lkepreCDuc+e0fAb
+vTNGEpvQ7DkgrwJdcsUAElQ4OJ0ifELoah1DH8wpU31zr7D3YsizZgpu5TEIGP54
+AOhbFeZEmZlTU6gwNw4iTf6nVQkGaxsJt6gGGsyL8RUuvwpVRR3WmplCtjXryGCe
+4B/agAe3EKUh15IaPvWqdixSjySxjBI1bN8IEFHYPZmuwh7Y1FQuOYQGjuSLsJy9
+-----END CERTIFICATE----- \ No newline at end of file
diff --git a/id/server/data/deploy/conf/moa-spss/trustProfiles/C-PEPS/ES_C-PEPS.cer b/id/server/data/deploy/conf/moa-spss/trustProfiles/C-PEPS/ES_C-PEPS.cer
new file mode 100644
index 000000000..541d231c4
--- /dev/null
+++ b/id/server/data/deploy/conf/moa-spss/trustProfiles/C-PEPS/ES_C-PEPS.cer
@@ -0,0 +1,43 @@
+-----BEGIN CERTIFICATE-----
+MIIHrDCCBpSgAwIBAgIIZFwvd8biuV0wDQYJKoZIhvcNAQEFBQAwUjERMA8GA1UE
+AxMIQUNDVi1DQTIxDzANBgNVBAsTBlBLSUdWQTEfMB0GA1UEChMWR2VuZXJhbGl0
+YXQgVmFsZW5jaWFuYTELMAkGA1UEBhMCRVMwHhcNMTAwNTI3MTYxNTA2WhcNMTMw
+NTI2MTYyNTA2WjCBgTEaMBgGA1UEAwwRUGxhdGFmb3JtYSBAZmlybWExEjAQBgNV
+BAUTCVMyODExMDAxQzEbMBkGA1UECwwSc2VsbG8gZWxlY3Ryw7NuaWNvMSUwIwYD
+VQQKExxNaW5pc3RlcmlvIGRlIGxhIFByZXNpZGVuY2lhMQswCQYDVQQGEwJFUzCC
+ASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAM3IaIrzYOjbUYmS2nK7/GpD
+R6N3sVbBNxF5s/bCCQ44tL5MIz7I889GCMD8vrCd//5pAezPO8vZLpdh78QUZrCl
+k+E79ENYjVmjP4g0KlqlI0b5AOVc+dcE27/V6D6pCYDkVdn7puFDgzzSqksTNdL5
+uZZMM1L7Dkq0DfCjumYrfulp5i5PrYqrOh7wkXB1G+FGP0plN8at0tm5Q8EPXT7n
+/ogV9glWXG+vLkfIe2SKkdyU/08fecQH3f/jhrc5Bm0+uFvHP9DcS8usWpZojJWW
+iQb96B5bdPXqUsKnZVDj+b7HRkx3UjvvEipMV3Kr5E+E0sg1K4jLgj5+atyoRcEC
+AwEAAaOCBFQwggRQMAwGA1UdEwEB/wQCMAAwDgYDVR0PAQH/BAQDAgTwMB0GA1Ud
+JQQWMBQGCCsGAQUFBwMCBggrBgEFBQcDBDAdBgNVHQ4EFgQUhAkD/z9ux2qjm4l+
+FheI6+F3CfwwHwYDVR0jBBgwFoAUs3jtBaV5QTrC9MBSKP9jQz+/44EwggEyBgNV
+HREEggEpMIIBJYEWc29wb3J0ZS5hZmlybWE1QG1wci5lc6SCAQkwggEFMSEwHwYJ
+YIVUAQMFAgIBDBJzZWxsbyBlbGVjdHLDs25pY28xKzApBglghVQBAwUCAgITHE1p
+bmlzdGVyaW8gZGUgbGEgUHJlc2lkZW5jaWExGDAWBglghVQBAwUCAgMTCVMyODEx
+MDAxQzEPMA0GCWCFVAEDBQICBBMAMUQwQgYJYIVUAQMFAgIFDDVQbGF0YWZvcm1h
+IGRlIHZhbGlkYWNpw7NuIHkgZmlybWEgZWxlY3Ryw7NuaWNhIEBmaXJtYTEPMA0G
+CWCFVAEDBQICBhMAMQ8wDQYJYIVUAQMFAgIHEwAxDzANBglghVQBAwUCAggTADEP
+MA0GCWCFVAEDBQICCRMAMIIB8AYDVR0gBIIB5zCCAeMwggHfBgsrBgEEAb9VAxEC
+ADCCAc4wggGYBggrBgEFBQcCAjCCAYoeggGGAEMAZQByAHQAaQBmAGkAYwBhAGQA
+bwAgAHIAZQBjAG8AbgBvAGMAaQBkAG8AIABwAGEAcgBhACAAcwBlAGwAbABvACAA
+ZABlACAA8wByAGcAYQBuAG8AIABlAG4AIABzAG8AcABvAHIAdABlACAAcwBvAGYA
+dAB3AGEAcgBlACAAZQB4AHAAZQBkAGkAZABvACAAcABvAHIAIABsAGEAIABBAHUA
+dABvAHIAaQB0AGEAdAAgAGQAZQAgAEMAZQByAHQAaQBmAGkAYwBhAGMAaQDzACAA
+ZABlACAAbABhACAAQwBvAG0AdQBuAGkAdABhAHQAIABWAGEAbABlAG4AYwBpAGEA
+bgBhACAAKABQAGwALgAgAE0AYQBuAGkAcwBlAHMAIAAxAC4AIABDAEkARgAgAFMA
+NAA2ADEAMQAwADAAMQBBACkALgAgAEMAUABTACAAeQAgAEMAUAAgAGUAbgAgAGgA
+dAB0AHAAOgAvAC8AdwB3AHcALgBhAGMAYwB2AC4AZQBzMDAGCCsGAQUFBwIBFiRo
+dHRwOi8vd3d3LmFjY3YuZXMvbGVnaXNsYWNpb25fYy5odG0wOQYDVR0fBDIwMDAu
+oCygKoYoaHR0cDovL3d3dy5hY2N2LmVzL2dlc3RjZXJ0L2FjY3YtY2EyLmNybDAv
+BggrBgEFBQcBAQQjMCEwHwYIKwYBBQUHMAGGE2h0dHA6Ly9vY3NwLmFjY3YuZXMw
+OwYIKwYBBQUHAQMELzAtMBQGCCsGAQUFBwsCMAgGBgQAjkYBATAIBgYEAI5GAQEw
+CwYGBACORgEDAgEPMA0GCSqGSIb3DQEBBQUAA4IBAQCknVr82ZpMROTkrk/OwC7e
+fccNqbmKEwM4peAUG4tLWnYaDh2hav/3Y7auXkd2CW9XID6C/6E8EqG6wGNwplyq
+LyfrkYmbppJN2/LDr+ZHFoul030o/KzbVRrzZ5zAS5vUnOG42TzpP3sgtMV5V2vg
+V3ZygZbm55+2JDH1RBlCZuJzOPSwLk2rfGcMecHduUN8AxuLN52VKs1LMdmuPhe0
+ZvcVabvmmqzBJGRC8VJ0fwJKB/c6b4rl5WZTYUnQ7+SIoI/+RxJCITnO2SrxRh0Z
+rXLaE62aJ6W/Jnu+lfqIVoQSyauSlybpbL1iS/o0IFFbQvnY6RoCAOqsg3ee+4Om
+-----END CERTIFICATE----- \ No newline at end of file
diff --git a/id/server/data/deploy/conf/moa-spss/trustProfiles/C-PEPS/IT_C-PEPS.cer b/id/server/data/deploy/conf/moa-spss/trustProfiles/C-PEPS/IT_C-PEPS.cer
new file mode 100644
index 000000000..925fedbc2
--- /dev/null
+++ b/id/server/data/deploy/conf/moa-spss/trustProfiles/C-PEPS/IT_C-PEPS.cer
@@ -0,0 +1,21 @@
+-----BEGIN CERTIFICATE-----
+MIIDcjCCAlqgAwIBAgIES8cgYjANBgkqhkiG9w0BAQUFADB7MSswKQYJKoZIhvcN
+AQkBFhx3ZWJtYXN0ZXJAc3R1ZGVudGkucG9saXRvLml0MQswCQYDVQQGEwJJVDEO
+MAwGA1UECgwFU1RPUksxDTALBgNVBAsMBFBFUFMxIDAeBgNVBAMMF2l0LXBlcHMt
+c3RvcmsucG9saXRvLml0MB4XDTEwMDQxNTE0MTkxNFoXDTM1MDQwOTE0MTkxNFow
+ezErMCkGCSqGSIb3DQEJARYcd2VibWFzdGVyQHN0dWRlbnRpLnBvbGl0by5pdDEL
+MAkGA1UEBhMCSVQxDjAMBgNVBAoMBVNUT1JLMQ0wCwYDVQQLDARQRVBTMSAwHgYD
+VQQDDBdpdC1wZXBzLXN0b3JrLnBvbGl0by5pdDCCASIwDQYJKoZIhvcNAQEBBQAD
+ggEPADCCAQoCggEBAMtNR5qqszWjwl8TlGpYUPrglCCrEZQSQYnekPcSLhumMxCv
+z0+pksnf/ArfSDisvzVNYSbpuEBr4o/LM3WahBMGJVJZJjXstNjePNETvfBbfEU+
++v27AabeZRK8KGizfry1q1tPuXRp/g+AfftZ/SBYe5CkdCUylnBItU22aEAHhGNT
+OkFebwWUxgWjy1mIjljnoish2y9UrWadvW+2rdkNT6m1WyG1aHy2K9rXldi82PGE
+WgCNNS+baj/2gVVAMo+iqZn8E/2n9Q0kSbJ60GTXWivWqdQbX3oJnS8t30Iha7Au
+zHmOvFbsi8LVA6Z4UfItgHrLxzO+U+x9ZSvA6TsCAwEAATANBgkqhkiG9w0BAQUF
+AAOCAQEAUPDg0VD4CG46bwYEbJ1H+5oDJibQ264JDq+E4z5YY2HLMf640ujKCz+o
+/33GIDyVrqjq8Zk1l0CSyLEW/49r87g4LunMVilty63aYRnj3+wWPNTbSTwfWXgu
+WcD00QnVoWparUnh75CfKUBm7lzn+q2WZPU18KpbXLw5E9rsRHnmaINqa9c5Fm6W
+VcP0qvrDizkEJ04gW3hadSKUEmHLNt1hnX1pnq7LJblb4AwLrpXNDfVZr8RdwRg7
+M5tBvGeKVRpniGILiND0UXkrKgkuWJkMzBiShg8YULtAaOC2D6lIkXAZnute6xaJ
+QNVdXrjW5oFUTw/YnHcg+bdCRlTCaA==
+-----END CERTIFICATE----- \ No newline at end of file
diff --git a/id/server/data/deploy/conf/moa-spss/trustProfiles/C-PEPS/PT_C-PEPS.cer b/id/server/data/deploy/conf/moa-spss/trustProfiles/C-PEPS/PT_C-PEPS.cer
new file mode 100644
index 000000000..085416b7b
--- /dev/null
+++ b/id/server/data/deploy/conf/moa-spss/trustProfiles/C-PEPS/PT_C-PEPS.cer
@@ -0,0 +1,33 @@
+-----BEGIN CERTIFICATE-----
+MIIFojCCBIqgAwIBAgIEQmx+HTANBgkqhkiG9w0BAQUFADA+MQswCQYDVQQGEwJw
+dDEVMBMGA1UEChMMTVVMVElDRVJULUNBMRgwFgYDVQQDEw9NVUxUSUNFUlQtQ0Eg
+MDIwHhcNMTAwNTE3MTAyMjMyWhcNMTMwNTE3MTAyMzM4WjCB1jELMAkGA1UEBhMC
+UFQxFTATBgNVBAoTDE1VTFRJQ0VSVC1DQTEWMBQGA1UECxMNQ0VSVElQT1IgLSBS
+QTESMBAGA1UECxMJQ29ycG9yYXRlMT4wPAYDVQQLEzVBTUEgLSBBZ2VuY2lhIHBh
+cmEgYSBNb2Rlcm5pemFjYW8gQWRtaW5pc3RyYXRpdmEgSS5QLjEYMBYGA1UECxMP
+V2ViIEFwcGxpY2F0aW9uMSowKAYDVQQDEyFzYW1sLmV1LWlkLmNhcnRhb2RlY2lk
+YWRhby5nb3YucHQwgZ8wDQYJKoZIhvcNAQEBBQADgY0AMIGJAoGBAMe2B9O1xCJp
+CmT2/AuypD1q9kbwge1Y0VjY5FOkhYPfki/XuuFpEdUa7KrurbcoDuuAmgjIxCIn
+v8vYAK5axY8hlPg9fp+vtRlmo1it5Y9IGY2mMvtN6OwoBzJOqKJypNexyAgIIR/u
+PqhVZjQAwGkTe1JrcDswKOKGbv21M1+pAgMBAAGjggKRMIICjTALBgNVHQ8EBAMC
+A/gwOAYIKwYBBQUHAQEELDAqMCgGCCsGAQUFBzABgRxodHRwOi8vb2NzcC5tdWx0
+aWNlcnQuY29tL2NhMIHgBgNVHSAEgdgwgdUwTQYJKwYBBAGwPAoCMEAwPgYIKwYB
+BQUHAgEWMmh0dHA6Ly93d3cubXVsdGljZXJ0LmNvbS9jcHMvbXVsdGljZXJ0LWNh
+LWNwcy5odG1sMIGDBgsrBgEEAbA8CgKIBjB0MHIGCCsGAQUFBwICMGYeZABoAHQA
+dABwADoALwAvAHcAdwB3AC4AbQB1AGwAdABpAGMAZQByAHQALgBjAG8AbQAvAGMA
+cAAvAG0AdQBsAHQAaQBjAGUAcgB0AC0AYwBhAC0AMQAwADMAMAAuAGgAdABtAGww
+EQYJYIZIAYb4QgEBBAQDAgSwMIIBAQYDVR0fBIH5MIH2MIGaoIGXoIGUhi9odHRw
+Oi8vd3d3Lm11bHRpY2VydC5jb20vY2EvbXVsdGljZXJ0LWNhLTAyLmNybIZhbGRh
+cDovL2xkYXAubXVsdGljZXJ0LmNvbS9jbj1NVUxUSUNFUlQtQ0ElMjAwMixvPU1V
+TFRJQ0VSVC1DQSxjPVBUP2NlcnRpZmljYXRlUmV2b2NhdGlvbkxpc3Q/YmFzZTBX
+oFWgU6RRME8xCzAJBgNVBAYTAnB0MRUwEwYDVQQKEwxNVUxUSUNFUlQtQ0ExGDAW
+BgNVBAMTD01VTFRJQ0VSVC1DQSAwMjEPMA0GA1UEAxMGQ1JMMTczMB8GA1UdIwQY
+MBaAFB3DuYilGL5gpyymY8pmKvwMJ8G9MB0GA1UdDgQWBBT+DvK0cR8Qa3uUWWYV
+rUfVGZeUTDAJBgNVHRMEAjAAMA0GCSqGSIb3DQEBBQUAA4IBAQBiXYB/Nst7hDnV
+RS9D6VjifN1F+JaxtwSLZBoxkij2mi/1kXRugKjkpo6e8Kwb24Wv7G+/ZAFjm3zN
+WK9v0ziR192l+4lWke8wRVwHW4Ecsp3nOwOxCiCYkX4uVPDZQT5+cPeNYJbOwYyd
+4jbHTPrPT7T2CmtgdqOIu2Dc+1aHyg9ZnhCGgwEwDbvq+grUr9RcHqmWqfdR3Eou
+TvLugaM54N4Bur8rolFatHzETbKjvXfWzpHoTTFEekyHgQXWdnmVny8JajBFUmE5
+TkONB+V+Jj/R2YPfF++9tRKwc4ifNeduWzSD6ohx+OFimdx2gKHIdkkAMfK09z1M
+vz83eaDr
+-----END CERTIFICATE-----
diff --git a/id/server/data/deploy/conf/moa-spss/trustProfiles/C-PEPS/SI_C-PEPS.cer b/id/server/data/deploy/conf/moa-spss/trustProfiles/C-PEPS/SI_C-PEPS.cer
new file mode 100644
index 000000000..9c8e73b1c
--- /dev/null
+++ b/id/server/data/deploy/conf/moa-spss/trustProfiles/C-PEPS/SI_C-PEPS.cer
@@ -0,0 +1,31 @@
+-----BEGIN CERTIFICATE-----
+MIIFXDCCBESgAwIBAgIEOl3pnzANBgkqhkiG9w0BAQUFADA9MQswCQYDVQQGEwJz
+aTEbMBkGA1UEChMSc3RhdGUtaW5zdGl0dXRpb25zMREwDwYDVQQLEwhzaWdvdi1j
+YTAeFw0xMDA2MTAxMDUwMTVaFw0xNTA2MTAxMTIwMTVaMIGEMQswCQYDVQQGEwJz
+aTEbMBkGA1UEChMSc3RhdGUtaW5zdGl0dXRpb25zMRkwFwYDVQQLExB3ZWItY2Vy
+dGlmaWNhdGVzMRMwEQYDVQQLEwpHb3Zlcm5tZW50MSgwEAYDVQQDEwlQRVBTIFNB
+TUwwFAYDVQQFEw0xMjM1ODU3NTE4MDEzMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8A
+MIIBCgKCAQEAw9gh7flrQC1UUc0Dw1jFXQ5sDVwSjjO/QqUsvIysAGELNJTxs3/j
+vFOsokBOWlZEbocZXDqeLJtzO4zmpblc7c9okyZIi0sj+dEqKiMF7XbFfjo1NZ2c
+xJdQ4ENR1jLkiHSb5Z345dQ7VY6wju0ezMMA5O9cIywGWcSyH9h007tezhTWJeL5
+aN2gMvFs3tGx7Uv9JH9geIOopWlcQANSDkvAnCf/iu1YhbUmx+jYtcxlywtJ8Tri
+ON3GlFLr4ew4O8SrVxeQQ28yKKDEP/Y3399KWdQDwK/CeFy6flW3kYTiGDPnUH5T
+u9yEATomwnujhPHJZN6d46JFiTWFsll4aQIDAQABo4ICGjCCAhYwDgYDVR0PAQH/
+BAQDAgWgMCsGA1UdEAQkMCKADzIwMTAwNjEwMTA1MDE1WoEPMjAxNTA2MTAxMTIw
+MTVaMEoGA1UdIARDMEEwNQYKKwYBBAGvWQEBBTAnMCUGCCsGAQUFBwIBFhlodHRw
+Oi8vd3d3LmNhLmdvdi5zaS9jcHMvMAgGBgQAizABAjAYBggrBgEFBQcBAwQMMAow
+CAYGBACORgEBMBcGA1UdEQQQMA6BDHN0b3JrQGdvdi5zaTCB8QYDVR0fBIHpMIHm
+MFWgU6BRpE8wTTELMAkGA1UEBhMCc2kxGzAZBgNVBAoTEnN0YXRlLWluc3RpdHV0
+aW9uczERMA8GA1UECxMIc2lnb3YtY2ExDjAMBgNVBAMTBUNSTDI3MIGMoIGJoIGG
+hldsZGFwOi8veDUwMC5nb3Yuc2kvb3U9c2lnb3YtY2Esbz1zdGF0ZS1pbnN0aXR1
+dGlvbnMsYz1zaT9jZXJ0aWZpY2F0ZVJldm9jYXRpb25MaXN0P2Jhc2WGK2h0dHA6
+Ly93d3cuc2lnb3YtY2EuZ292LnNpL2NybC9zaWdvdi1jYS5jcmwwHwYDVR0jBBgw
+FoAUHvjUU2uzgwbpBAZXAvmlv8ZYPHIwHQYDVR0OBBYEFDY0NJgPdteoK8mw3FG7
+lde6PRboMAkGA1UdEwQCMAAwGQYJKoZIhvZ9B0EABAwwChsEVjcuMQMCA6gwDQYJ
+KoZIhvcNAQEFBQADggEBAInmtHMCOob3469jLaA/WvRXFUv0QelW4cS9Zr1QrZzW
+Wp1YUiwkWfILHkDJgvbo6qn8iUDyKSNPhgXFVKfWbBlbuUds9F2FCJ41g5n2jXZc
+Lz0IOpae4a9LHmNLdT0UKEGbUJ5a4wRaZEWLVfwrkN2GJPeWeeigbunYKtdVlceP
+4DZg8T1c/vpi8lrbTxSLUAzn0ie8FRod6k19y49QG5sudvwjeQgp309dUze0ULun
+YYTFkkc5d2uzqEa2WYcxHYz4+hKPHejbGGKC1OZz+zH7ZGGr0mtLYjSvXv+5VKTj
+85/a/sdD+vzNneKEGbLk7iupk0On5BIkJdWqnz/IeDk=
+-----END CERTIFICATE----- \ No newline at end of file
diff --git a/id/server/doc/moa_id/id-admin_2.htm b/id/server/doc/moa_id/id-admin_2.htm
index 8a217bfcc..c5ba8827b 100644
--- a/id/server/doc/moa_id/id-admin_2.htm
+++ b/id/server/doc/moa_id/id-admin_2.htm
@@ -519,6 +519,76 @@ Projekt <span style="font-size:48pt; ">moa</span>&#160;
<p><b>AuthComponent/ForeignIdentities</b> <br />
Ab Version 1.4.7 bietet MOA-ID die M&ouml;glichkeit der Nutzung von ausl&auml;ndischen Karten. Hierf&uuml;r ist ein Stammzahlenregister-Gateway n&ouml;tig, das einen entsprechenden Zugang zum Stammzahlenregister bereitstellt. Es ist hierzu ein entsprechender <a href="#ConnectionParameter"><tt>ConnectionParameter</tt></a> zu definieren, der die Zugangsdaten zum Gateway bereith&auml;lt (siehe <a href="#ConnectionParameter"><tt>ConnectionParameter</tt></a>). In der Default-Konfiguration ist der Zugang zum Stammzahlenregister-Gateway bereits aktiviert. Es muss nur noch das Client-Zertifikat f&uuml;r die SSL-Verbinung zum Gateway angegeben werden. Voraussetzung daf&uuml;r ist ein Zertifikat von A-Trust bzw. A-CERT mit Verwaltungseigenschaft oder Dienstleistereigenschaft. Wenn ihr MOA-ID Zertifikat diese Voraussetzung erf&uuml;llt, k&ouml;nnen Sie dieses hier angeben.<br />
</p>
+ <p><b>AuthComponent/ForeignIdentities/STORK</b> <br />
+ <p>Ab MOA Release 1.5.2 ist es auch m&ouml;glich, ausl&auml;ndische B&uuml;rger &uuml;ber <a href="http://eid-stork.eu/" target="_new">STORK</a> zu authentifizieren. Da auch f&uuml;r diese Art der Authentifizierung eine Kommunikation mit dem Stammzahlenregister-Gateway notwendig ist, gelten die zuvor angef&uuml;hrten Ausf&uuml;hrungen hinsichtlich <a href="#ConnectionParameter"><tt>ConnectionParameter</tt></a> auch f&uuml;r STORK. F&uuml;r eine STORK Authentifizierung sind jedoch noch weitere Konfigurationen notwendig. Folgende Eintr&auml;ge m&uuml;ssen f&uuml;r eine STORK Authentifizierung hier noch konfiguriert werden:
+ <ul>
+ <li>C-PEPS Informationen
+ <br />
+ </li>
+ <li>KeyStore zum SAML Signatur-Zertifikat
+ <br />
+ </li>
+ <li>MOA-SP TrustProfil zur SAML Signatur-Validierung
+ <br />
+ </li>
+ </ul>
+ </p>
+ <p><b>AuthComponent/ForeignIdentities/STORK/C-PEPS</b> <br />
+ Unter diesem Konfigurationselement k&ouml;nnen die Verbindungsparameter zu den jeweiligen C-PEPS (Citizen Country - PEPS) der europ&auml;ischen L&auml;nder, die auch STORK unterst&uuml;tzen, angegeben werden. F&uuml;r eine erfolgreiche C-PEPS Konfiguration muss der ISO-Country Code des jeweiligen Landes und die dazugeh&ouml;rige C-PEPS URL angegeben werden. In Ausnahmenf&auml;llen m&uuml;ssen bei einzelnen C-PEPS l&auml;nderspezifische Attribute abgefragt werden, dies funktioniert durch zus&auml;tzliche Angabe eines <tt>&lt;stork:RequestedAttribute&gt;</tt> Elements. Die C-PEPS Konfigurationen sind in den der MOA-Release beliegenden Beispielkonfigurationen bereits vorkonfiguriert. Sollte sich an diesen Konfigurationen etwas &auml;ndern, werden diese via JoinUp (<a href="https://joinup.ec.europa.eu/software/moa-idspss/home" target="_new">MOA@JoinUp</a>) bzw. MOA-Mailingliste ver&ouml;ffentlicht. Im Folgenden wird eine Beispielkonfiguration kurz veranschaulicht.
+ <pre>
+&lt;C-PEPS countryCode="PT" URL="https://eu-id.cartaodecidadao.gov.pt/PEPS/ColleagueRequest"/&gt;
+&lt;C-PEPS countryCode="SI" URL="https://peps.mju.gov.si/PEPS/ColleagueRequest"&gt;
+ &lt;stork:RequestedAttribute Name="http://www.stork.gov.eu/1.0/fiscalNumber" isRequired="true" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri"/&gt;
+&lt;/C-PEPS&gt;
+</pre>
+ Details zur Angabe von <tt>&lt;stork:RequestedAttribute&gt;</tt> bzw. welche Attribute von STORK &uuml;berhaupt unterst&uuml;tzt werden, wird in der Konfiguration zur Online Application angegeben (<a href="#OnlineApplication/AuthComponent/STORK">hier</a>).
+
+ <p><b>AuthComponent/ForeignIdentities/STORK/SAMLSigningParameter</b> <br />
+ Dieser Konfigurationseintrag enth&auml;lt Informationen dazu, mit welchem Zertifikat ausgehende STORK SAML Nachichten signiert werden und welches MOA-SP TrustProfil zur Signatur&uuml;berpr&uuml;fung von empfangenen STORK SAML Nachrichten herangezogen werden soll.
+ In der Konfiguration wird eine Unterscheidung zwischen Signaturerstellungs- und Signaturverifizierungsparameter getroffen:
+ <ul>
+ <li><tt>&lt;SignatureCreationParameter&gt;</tt>
+ <br />
+ </li>
+ <li><tt>&lt;SignatureVerificationParameter&gt;</tt>
+ <br />
+ </li>
+ </ul>
+ Der <tt>&lt;SignatureCreationParameter&gt;</tt> kapselt dabei Informationen, welche zum Signieren von ausgehenden STORK SAML Nachrichten ben&ouml;tigt werden. Im Wesentlichen sind das Informationen zu dem KeyStore, welcher das Schl&uuml;sselpaar zum Signieren ausgehender STORK SAML Nachrichten beinhaltet. Der entsprechende Konfigurationseintrag sieht wie folgt aus:
+<pre>
+&lt;SignatureCreationParameter&gt;
+ &lt;KeyStore password="Keystore Pass"&gt;file_to_keystore&lt;/KeyStore&gt;
+ &lt;KeyName password="Keystore Name"&gt;signing_key_name&lt;/KeyName&gt;
+&lt;/SignatureCreationParameter&gt;
+</pre>
+ Die folgenden Werte sind dabei anzugeben bzw. durch echte Werte auszutauschen:
+ <ul>
+ <li><tt>file_to_keystore</tt>: Relativer Pfad zum KeyStore (Java oder PKCS#12), welcher das Schl&uuml;sselpaar zum Signieren ausgehender STORK SAML Nachrichten speichert
+ <br />
+ </li>
+ <li><tt>Keystore Pass</tt>: Passwort zum angegebenen KeyStore
+ <br />
+ </li>
+ <li><tt>signing_key_name</tt>: Alias Name des Schl&uuml;ssels, welcher zum Signieren verwendet werden soll
+ <br />
+ </li>
+ <li><tt>Key Pass</tt>: Passwort zum angegebenen Schl&uuml;ssel
+ <br />
+ </li>
+ </ul>
+ Der <tt>&lt;SignatureCreationParameter&gt;</tt> kapselt dabei Informationen, die f&uuml;r eine Signaturpr&uuml;fung von eingehenden STORK SAML Nachrichten ben&ouml;tigt werden. Im Wesentlich ist das die Angabe des MOA-SP TrustProfils, welches die vertrauensw&uuml;rdigen Zertifikate der europ&auml;ischen C-PEPS enth&auml;lt. Der entsprechende Konfigurationseintrag sieht daher wie folgt aus:
+<pre>
+&lt;SignatureVerificationParameter&gt;
+ &lt;TrustProfileID&gt;C-PEPS&lt;/TrustProfileID&gt;
+&lt;/SignatureVerificationParameter&gt;
+</pre>
+Die folgenden Werte sind dabei anzugeben:
+ <ul>
+ <li><tt>TrustProfile</tt>: Dieser Eintrag gibt jenes TrustProfil von MOA-SP an, welches zur Signaturpr&uuml;fung von eingehenden STORK SAML Nachrichten herangezogen werden soll. Vorkonfiguriert sind die beiden TrustProfiles <tt>C-PEPS</tt> (Produktive C-PEPS Zertifikate) und <tt>C-PEPS-Test</tt> (Test C-PEPS Zertifikate). Sollte es auch hier zu &Auml;nderungen kommen, werden diese auch via JoinUp (<a href="https://joinup.ec.europa.eu/software/moa-idspss/home" target="_new">MOA@JoinUp</a>) bzw. MOA-Mailingliste ver&ouml;ffentlicht.
+ <br />
+ </li>
+ </ul>
+
<p><b><div id="AuthComponent_OnlineMandates">AuthComponent/OnlineMandates</div></b> <br />
Ab Version 1.5.0 bietet MOA-ID die M&ouml;glichkeit der Nutzung von Online-Vollmachten f&uuml;r Anwendungen aus dem &ouml;ffentlichen Bereich. Hierf&uuml;r ist ein Online-Vollmachten-Service n&ouml;tig. Es ist hierzu ein ensprechender <a href="#ConnectionParameter"><tt>ConnectionParameter</tt></a> zu definieren, der die Zugangsdaten zum Online-Vollmachten-Service bereith&auml;lt (siehe <a href="#ConnectionParameter"><tt>ConnectionParameter</tt></a>). In der Default-Konfiguration ist der Zugang zum Online-Vollmachten-Service bereits aktiviert. Es muss nur noch das Client-Zertifikat f&uuml;r die SSL-Verbinung zum Service angegeben werden. Voraussetzung daf&uuml;r ist ein Zertifikat von A-Trust bzw. A-CERT mit Verwaltungseigenschaft oder Dienstleistereigenschaft. Wenn ihr MOA-ID Zertifikat diese Voraussetzung erf&uuml;llt, k&ouml;nnen Sie dieses hier angeben.<br />
Hinweis: Um den Online-Vollmachten Modus f&uuml;r eine Online Applikation zu aktivieren, m&uuml;ssen Sie das Vollmachten Profil angeben - siehe <a href="#OnlineApplication/AuthComponent/Mandates">hier</a>.
@@ -923,11 +993,93 @@ Hinweis: Um den Online-Vollmachten Modus f&uuml;r eine Online Applikation zu akt
Mit Hilfe dieses Elements werden die Online-Vollmachten f&uuml;r die Online-Applikation aktiviert.
Als Kindelement muss <tt>Profiles</tt> angegeben werden. Dieses Element beinhaltet eine (Komma-separierte)
Liste von Vollmachten-Profilen, die festlegen mit welchen Vollmachtstypen man sich bei der Online-Applikation anmelden kann.
- Unter <a href="https://vollmachten.stammzahlenregister.gv.at/mis/" target="_blank">https://vollmachten.stammzahlenregister.gv.at/mis/</a> finden Sie eine Liste der unterstützen Vollmachten-Profile.<br/>
+ Unter <a href="https://vollmachten.stammzahlenregister.gv.at/mis/" target="_blank">https://vollmachten.stammzahlenregister.gv.at/mis/</a> finden Sie eine Liste der unterst&uuml;tzen Vollmachten-Profile.<br/>
Hinweis: Hierzu muss auch die Verbindung zum Online-Vollmachten Service konfiguriert werden - siehe <a href="#AuthComponent_OnlineMandates">hier</a>
</p>
</div>
+ <div id="OnlineApplication/AuthComponent/STORK" />
+ <p id="block"> <b>OnlineApplication/AuthComponent/STORK</b>
+ <br />
+ Innerhalb dieses Konfigurationsblocks kann angegeben werden, welche zus&auml;tzlichen Attribute (neben eIdentifier, givenName, surname und dateOfBirth, welche defaultm&auml;&szligig requested werden) im Rahmen einer STORK Anmeldung f&uuml;r diese Applikation vom B&uuml;rger abgefragt werden sollen. Au&szligerdem kann zu Testzwecken das ben&ouml;tigte Authentifzierungslevel (STORK QAALevel) vom defaultm&auml;&szligig h&ouml;chstem Level von 4 f&uuml;r diese Applikation verringert werden.
+ F&uuml;r ein anderes STORK QAALevel muss folgendes XML Element mit einem Wert zwischen 1 und 4 angegeben werden: <tt>&lt;stork:QualityAuthenticationAssuranceLevel&gt;</tt>.
+ <br />
+ Die zus&auml;tzlichen Attribute werden im Element <tt>&lt;storkp:RequestedAttributes&gt;</tt> gekapselt. Ein entsprechener Konfigurationseintrag k&ouml;nnte folgenderma&szligen aussehen:
+<pre>
+&lt;storkp:RequestedAttributes&gt;
+ &lt;stork:RequestedAttribute Name="http://www.stork.gov.eu/1.0/age" isRequired="false" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri"/&gt;
+ &lt;stork:RequestedAttribute Name="http://www.stork.gov.eu/1.0/eMail" isRequired="false" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri"/&gt;
+ &lt;stork:RequestedAttribute Name="http://www.stork.gov.eu/1.0/isAgeOver" isRequired="false" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri"&gt;
+ &lt;stork:AttributeValue&gt;1&lt;/stork:AttributeValue&gt;
+ &lt;/stork:RequestedAttribute&gt;
+&lt;/storkp:RequestedAttributes&gt;
+</pre>
+ Bei der Inkludierung von <tt>&lt;stork:RequestedAttribute&gt;</tt> Elementen sind folgende XML Attribute anzugeben:
+ <ul>
+ <li><tt>Name</tt>: Der Name des entsprechenden STORK Attributes.
+ <br />
+ </li>
+ <li><tt>isRequired</tt>: Gibt durch <tt>true</tt> oder <tt>false</tt> an, ob das angefragte Attribut f&uuml;r die Applikation verpflichtend oder nur optional ben&ouml;tigt wird.
+ <br />
+ </li>
+ <li><tt>NameFormat</tt>: Gibt das Format des Attributes an und MUSS den Wert <tt>urn:oasis:names:tc:SAML:2.0:attrname-format:uri</tt> beinhalten.
+ <br />
+ </li>
+ <li>Element <tt>&lt;stork:AttributeValue&gt;</tt>: Dieses Element ist optional und gibt einen Vergleichswert f&uuml;r ein abzufragendes Attribut an. Im Beispiel von <tt>isAgeOver</tt> wird in der Antwort retourniert, ob die authentifizierte Person &auml;lter als das geforderte angegebene Alter ist.
+ <br />
+ </li>
+ </ul>
+ Details zu den STORK Attributen k&ouml;nnen im <a href="../MOA_ID_1.5.2_Anhang.pdf" target="_new">Anhang zur MOA-ID Spezifikation</a> bzw. in der <a href="https://www.eid-stork.eu/index.php?option=com_processes&Itemid=&act=streamDocument&did=1880" target="_blank">STORK Spezifikation</a> gefunden werden.
+ Im Wesentlichen kann die folgende Menge an Attributen bzw. Teile daraus f&uuml;r eine Online Applikation angefragt werden:
+ <ul>
+ <li><tt>http://www.stork.gov.eu/1.0/inheritedFamilyName</tt>
+ <br />
+ </li>
+ <li><tt>http://www.stork.gov.eu/1.0/adoptedFamilyName</tt>
+ <br />
+ </li>
+ <li><tt>http://www.stork.gov.eu/1.0/gender</tt>
+ <br />
+ </li>
+ <li><tt>http://www.stork.gov.eu/1.0/countryCodeOfBirth</tt>
+ <br />
+ </li>
+ <li><tt>http://www.stork.gov.eu/1.0/nationalityCode</tt>
+ <br />
+ </li>
+ <li><tt>http://www.stork.gov.eu/1.0/maritalStatus</tt>
+ <br />
+ </li>
+ <li><tt>http://www.stork.gov.eu/1.0/textResidenceAddress</tt>
+ <br />
+ </li>
+ <li><tt>http://www.stork.gov.eu/1.0/canonicalResidenceAddress</tt>
+ <br />
+ </li>
+ <li><tt>http://www.stork.gov.eu/1.0/eMail</tt>
+ <br />
+ </li>
+ <li><tt>http://www.stork.gov.eu/1.0/title</tt>
+ <br />
+ </li>
+ <li><tt>http://www.stork.gov.eu/1.0/residencePermit</tt>
+ <br />
+ </li>
+ <li><tt>http://www.stork.gov.eu/1.0/pseudonym</tt>
+ <br />
+ </li>
+ <li><tt>http://www.stork.gov.eu/1.0/age</tt>
+ <br />
+ </li>
+ <li><tt>http://www.stork.gov.eu/1.0/citizenQAALevel</tt>
+ <br />
+ </li>
+ <li><tt>http://www.stork.gov.eu/1.0/isAgeOver</tt>
+ <br />
+ </li>
+ </p>
+ </ul>
+ </div>
<div id="OnlineApplication/ProxyComponent" />
<p id="block"> <b>OnlineApplication/ProxyComponent</b>
<br />
diff --git a/id/server/doc/moa_id/moa.htm b/id/server/doc/moa_id/moa.htm
index 09fb1c5b6..3284e19cc 100644
--- a/id/server/doc/moa_id/moa.htm
+++ b/id/server/doc/moa_id/moa.htm
@@ -230,6 +230,7 @@ an den Benutzer weitergeleitet und die Anfragen des Benutzers an die OA weiterge
<div id="block">
<p>Ab der MOA Release 1.4.7 ist es m&ouml;glich, dass sich auch ausl&auml;ndische B&uuml;rger mittels MOA-ID einloggen k&ouml;nnen. Hierzu wird eine Verbindung zu einem sogenannten Stammzahlenregister-Gateway aufgebaut, dass basierend auf den Zertifikatsdaten des ausl&auml;ndischen B&uuml;rgers eine Eintragung im Erg&auml;nzungsregister f&uuml;r nat&uuml;rliche Personen gem&auml;&szlig; E-Government Gesetz &sect;6(5) vornimmt. Somit ist es m&ouml;glich, dass eine Personenbindung ausgestellt werden kann, die in weitere Folge an MOA-ID weitergeleitet wird. </p>
<p>Der Zugang zu diesem Stammzahlenregister-Gateway ist &uuml;ber eine Client-Server Authentifizierung abgesichert. Als Client-Zertifikate werden Zertifikate der Firmen A-Trust bzw. A-CERT, die mit der Verwaltungs- oder Dienstleistereigenschaft versehen sind, akzeptiert. </p>
+ <p>Ab MOA Release 1.5.2 ist es auch m&ouml;glich, ausl&auml;ndische B&uuml;rger &uuml;ber <a href="http://eid-stork.eu/" target="_new">STORK</a> zu authentifizieren. Da auch f&uuml;r diese Art der Authentifizierung eine Kommunikation mit dem Stammzahlenregister-Gateway notwendig ist, gelten die zuvor angef&uuml;hrten Ausf&uuml;hrungen auch f&uuml;r STORK.</p>
</div>
<div id="subtitel">Online-Vollmachten</div>
diff --git a/id/server/idserverlib/.settings/org.eclipse.jdt.core.prefs b/id/server/idserverlib/.settings/org.eclipse.jdt.core.prefs
index 8bba65ebb..6d046587d 100644
--- a/id/server/idserverlib/.settings/org.eclipse.jdt.core.prefs
+++ b/id/server/idserverlib/.settings/org.eclipse.jdt.core.prefs
@@ -1,7 +1,7 @@
-#Thu Sep 20 14:35:41 CEST 2007
eclipse.preferences.version=1
-org.eclipse.jdt.core.compiler.codegen.targetPlatform=1.4
-org.eclipse.jdt.core.compiler.compliance=1.4
+org.eclipse.jdt.core.compiler.codegen.targetPlatform=1.5
+org.eclipse.jdt.core.compiler.compliance=1.5
org.eclipse.jdt.core.compiler.problem.assertIdentifier=warning
org.eclipse.jdt.core.compiler.problem.enumIdentifier=warning
-org.eclipse.jdt.core.compiler.source=1.4
+org.eclipse.jdt.core.compiler.problem.forbiddenReference=warning
+org.eclipse.jdt.core.compiler.source=1.5
diff --git a/id/server/idserverlib/.settings/org.eclipse.wst.common.component b/id/server/idserverlib/.settings/org.eclipse.wst.common.component
index 87b873d7b..a5eb3d4d8 100644
--- a/id/server/idserverlib/.settings/org.eclipse.wst.common.component
+++ b/id/server/idserverlib/.settings/org.eclipse.wst.common.component
@@ -1,7 +1,7 @@
-<?xml version="1.0" encoding="UTF-8"?>
-<project-modules id="moduleCoreId" project-version="1.5.0">
-<wb-module deploy-name="moa-id-lib">
-<wb-resource deploy-path="/" source-path="/src/main/java"/>
-<wb-resource deploy-path="/" source-path="/src/main/resources"/>
-</wb-module>
-</project-modules>
+<?xml version="1.0" encoding="UTF-8"?>
+<project-modules id="moduleCoreId" project-version="2.0">
+ <wb-module deploy-name="moa-id-lib">
+ <wb-resource deploy-path="/" source-path="src/main/java"/>
+ <wb-resource deploy-path="/" source-path="src/main/resources"/>
+ </wb-module>
+</project-modules> \ No newline at end of file
diff --git a/id/server/idserverlib/.settings/org.eclipse.wst.common.project.facet.core.xml b/id/server/idserverlib/.settings/org.eclipse.wst.common.project.facet.core.xml
index 30c02fe23..656f15b87 100644
--- a/id/server/idserverlib/.settings/org.eclipse.wst.common.project.facet.core.xml
+++ b/id/server/idserverlib/.settings/org.eclipse.wst.common.project.facet.core.xml
@@ -2,6 +2,6 @@
<faceted-project>
<fixed facet="jst.java"/>
<fixed facet="jst.utility"/>
- <installed facet="jst.java" version="1.4"/>
<installed facet="jst.utility" version="1.0"/>
-</faceted-project>
+ <installed facet="jst.java" version="5.0"/>
+</faceted-project> \ No newline at end of file
diff --git a/id/server/idserverlib/pom.xml b/id/server/idserverlib/pom.xml
index 24d9452c2..7fbde1c6a 100644
--- a/id/server/idserverlib/pom.xml
+++ b/id/server/idserverlib/pom.xml
@@ -131,10 +131,23 @@
<artifactId>commons-lang</artifactId>
<version>2.6</version>
</dependency>
+ <dependency>
+ <groupId>MOA.id</groupId>
+ <artifactId>stork-saml-engine</artifactId>
+ <version>1.5.2</version>
+ </dependency>
</dependencies>
<build>
<plugins>
+ <plugin>
+ <groupId>org.apache.maven.plugins</groupId>
+ <artifactId>maven-compiler-plugin</artifactId>
+ <configuration>
+ <source>1.5</source>
+ <target>1.5</target>
+ </configuration>
+ </plugin>
<plugin>
<groupId>org.apache.maven.plugins</groupId>
<artifactId>maven-jar-plugin</artifactId>
@@ -179,7 +192,7 @@
<link>http://java.sun.com/j2se/1.5.0/docs/api/</link>
<link>http://logging.apache.org/log4j/docs/api/</link>
</links>
- <target>1.4</target>
+ <target>1.5</target>
</configuration>
<executions>
<execution>
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/AuthenticationServer.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/AuthenticationServer.java
index a58f5fce2..a57ab5262 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/AuthenticationServer.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/AuthenticationServer.java
@@ -29,8 +29,12 @@ import iaik.x509.X509Certificate;
import java.io.ByteArrayInputStream;
import java.io.File;
import java.io.IOException;
+import java.io.InputStream;
import java.security.GeneralSecurityException;
import java.security.Principal;
+import java.security.cert.CertificateException;
+import java.security.cert.CertificateFactory;
+import java.util.ArrayList;
import java.util.Calendar;
import java.util.Date;
import java.util.HashMap;
@@ -41,18 +45,24 @@ import java.util.Map;
import java.util.Set;
import java.util.Vector;
+import javax.servlet.http.HttpServletRequest;
+import javax.servlet.http.HttpServletResponse;
+import javax.servlet.http.HttpSession;
import javax.xml.parsers.ParserConfigurationException;
import javax.xml.transform.TransformerException;
import org.apache.xpath.XPathAPI;
+import org.opensaml.saml2.metadata.RequestedAttribute;
+import org.opensaml.xml.util.Base64;
+import org.opensaml.xml.util.XMLHelper;
import org.w3c.dom.Document;
import org.w3c.dom.Element;
-import org.w3c.dom.Node;
import org.w3c.dom.NodeList;
import org.xml.sax.SAXException;
import at.gv.egovernment.moa.id.AuthenticationException;
import at.gv.egovernment.moa.id.BuildException;
+import at.gv.egovernment.moa.id.MOAIDException;
import at.gv.egovernment.moa.id.ParseException;
import at.gv.egovernment.moa.id.ServiceException;
import at.gv.egovernment.moa.id.auth.builder.AuthenticationBlockAssertionBuilder;
@@ -83,6 +93,9 @@ import at.gv.egovernment.moa.id.auth.parser.InfoboxReadResponseParser;
import at.gv.egovernment.moa.id.auth.parser.SAMLArtifactParser;
import at.gv.egovernment.moa.id.auth.parser.VerifyXMLSignatureResponseParser;
import at.gv.egovernment.moa.id.auth.servlet.AuthServlet;
+import at.gv.egovernment.moa.id.auth.servlet.PEPSConnectorServlet;
+import at.gv.egovernment.moa.id.auth.stork.STORKAuthnRequestProcessor;
+import at.gv.egovernment.moa.id.auth.stork.STORKException;
import at.gv.egovernment.moa.id.auth.validator.CreateXMLSignatureResponseValidator;
import at.gv.egovernment.moa.id.auth.validator.IdentityLinkValidator;
import at.gv.egovernment.moa.id.auth.validator.InfoboxValidator;
@@ -90,6 +103,9 @@ import at.gv.egovernment.moa.id.auth.validator.ValidateException;
import at.gv.egovernment.moa.id.auth.validator.VerifyXMLSignatureResponseValidator;
import at.gv.egovernment.moa.id.auth.validator.parep.ParepUtils;
import at.gv.egovernment.moa.id.auth.validator.parep.ParepValidator;
+import at.gv.egovernment.moa.id.auth.validator.parep.client.szrgw.CreateIdentityLinkResponse;
+import at.gv.egovernment.moa.id.auth.validator.parep.client.szrgw.SZRGWClient;
+import at.gv.egovernment.moa.id.auth.validator.parep.client.szrgw.SZRGWClientException;
import at.gv.egovernment.moa.id.auth.validator.parep.client.szrgw.SZRGWConstants;
import at.gv.egovernment.moa.id.config.ConfigurationException;
import at.gv.egovernment.moa.id.config.ConfigurationProvider;
@@ -98,6 +114,8 @@ import at.gv.egovernment.moa.id.config.auth.AuthConfigurationProvider;
import at.gv.egovernment.moa.id.config.auth.OAAuthParameter;
import at.gv.egovernment.moa.id.config.auth.VerifyInfoboxParameter;
import at.gv.egovernment.moa.id.config.auth.VerifyInfoboxParameters;
+import at.gv.egovernment.moa.id.config.stork.CPEPS;
+import at.gv.egovernment.moa.id.config.stork.STORKConfig;
import at.gv.egovernment.moa.id.data.AuthenticationData;
import at.gv.egovernment.moa.id.util.HTTPUtils;
import at.gv.egovernment.moa.id.util.MOAIDMessageProvider;
@@ -113,6 +131,15 @@ import at.gv.egovernment.moa.util.DOMUtils;
import at.gv.egovernment.moa.util.DateTimeUtils;
import at.gv.egovernment.moa.util.FileUtils;
import at.gv.egovernment.moa.util.StringUtils;
+import eu.stork.mw.messages.saml.STORKAuthnRequest;
+import eu.stork.vidp.messages.builder.STORKMessagesBuilder;
+import eu.stork.vidp.messages.common.STORKConstants;
+import eu.stork.vidp.messages.exception.SAMLException;
+import eu.stork.vidp.messages.exception.SAMLValidationException;
+import eu.stork.vidp.messages.stork.QualityAuthenticationAssuranceLevel;
+import eu.stork.vidp.messages.stork.RequestedAttributes;
+import eu.stork.vidp.messages.util.SAMLUtil;
+import eu.stork.vidp.messages.util.XMLUtil;
/**
* API for MOA ID Authentication Service.<br> {@link AuthenticationSession} is
@@ -543,16 +570,16 @@ public class AuthenticationServer implements MOAIDAuthConstants {
int b = xmlInfoboxReadResponse.indexOf(se);
if (b != -1) { // no identity link found
Logger
- .info("Es konnte keine Personenbindung auf der Karte gefunden werden. Versuche Anmeldung als ausländische eID.");
+ .info("Es konnte keine Personenbindung auf der Karte gefunden werden. Versuche Anmeldung als ausl�ndische eID.");
return null;
}
- // spezifikationsgemäßer (SL1.2) Errorcode
+ // spezifikationsgem��er (SL1.2) Errorcode
se = "ErrorCode>4002";
// b = xmlInfoboxReadResponse.contains(se);
b = xmlInfoboxReadResponse.indexOf(se);
if (b != -1) { // Unbekannter Infoboxbezeichner
Logger
- .info("Unbekannter Infoboxbezeichner. Versuche Anmeldung als ausländische eID.");
+ .info("Unbekannter Infoboxbezeichner. Versuche Anmeldung als ausl�ndische eID.");
return null;
}
@@ -1732,7 +1759,7 @@ public class AuthenticationServer implements MOAIDAuthConstants {
// builds authentication data and stores it together with a SAML
// artifact
AuthenticationData authData = buildAuthenticationData(session, vsresp,
- useUTC);
+ useUTC, false);
if (session.getUseMandate()) {
// mandate mode
@@ -2037,17 +2064,7 @@ public class AuthenticationServer implements MOAIDAuthConstants {
AuthenticationSession session = getSession(sessionID);
// AuthConfigurationProvider authConf =
// AuthConfigurationProvider.getInstance();
- try {
- String serializedAssertion = DOMUtils.serializeNode(session
- .getIdentityLink().getSamlAssertion());
- session.setAuthBlock(serializedAssertion);
- } catch (TransformerException e) {
- throw new ParseException("parser.04", new Object[] {
- REQ_VERIFY_AUTH_BLOCK, PARAM_XMLRESPONSE });
- } catch (IOException e) {
- throw new ParseException("parser.04", new Object[] {
- REQ_VERIFY_AUTH_BLOCK, PARAM_XMLRESPONSE });
- }
+
// post processing of the infoboxes
Iterator iter = session.getInfoboxValidatorIterator();
boolean formpending = false;
@@ -2097,7 +2114,7 @@ public class AuthenticationServer implements MOAIDAuthConstants {
boolean useCondition = oaParam.getUseCondition();
int conditionLength = oaParam.getConditionLength();
AuthenticationData authData = buildAuthenticationData(session, vsresp,
- useUTC);
+ useUTC, true);
String samlAssertion = new AuthenticationDataAssertionBuilder().build(
authData, session.getAssertionPrPerson(), session
@@ -2141,6 +2158,9 @@ public class AuthenticationServer implements MOAIDAuthConstants {
* authentication session
* @param verifyXMLSigResp
* VerifyXMLSignatureResponse from MOA-SP
+ * @param useUTC uses correct UTC time format
+ * @param useUTC indicates that authenticated citizen is a foreigner
+ * @param isForeigner indicates whether Austrian (false) or foreigner (true) authenticates
* @return AuthenticationData object
* @throws ConfigurationException
* while accessing configuration data
@@ -2149,7 +2169,7 @@ public class AuthenticationServer implements MOAIDAuthConstants {
*/
private AuthenticationData buildAuthenticationData(
AuthenticationSession session,
- VerifyXMLSignatureResponse verifyXMLSigResp, boolean useUTC)
+ VerifyXMLSignatureResponse verifyXMLSigResp, boolean useUTC, boolean isForeigner)
throws ConfigurationException, BuildException {
IdentityLink identityLink = session.getIdentityLink();
@@ -2196,21 +2216,44 @@ public class AuthenticationServer implements MOAIDAuthConstants {
}
}
authData.setSignerCertificate(signerCertificateBase64);
- if (businessService) {
- authData.setWBPK(identityLink.getIdentificationValue());
+ if(!isForeigner) {
+ //we have Austrian citizen
+ if (businessService) {
+ authData.setWBPK(identityLink.getIdentificationValue());
+ } else {
+ authData.setBPK(identityLink.getIdentificationValue());
+
+ // BZ.., calculation of bPK already before sending AUTHBlock
+ /*
+ * if(identityLink.getIdentificationType().equals(Constants.
+ * URN_PREFIX_BASEID)) { // only compute bPK if online
+ * application is a public service and we have the Stammzahl
+ * String bpkBase64 = new BPKBuilder().buildBPK(
+ * identityLink.getIdentificationValue(), session.getTarget());
+ * authData.setBPK(bpkBase64); }
+ */
+
+ }
} else {
- authData.setBPK(identityLink.getIdentificationValue());
-
- // BZ.., calculation of bPK already before sending AUTHBlock
- /*
- * if(identityLink.getIdentificationType().equals(Constants.
- * URN_PREFIX_BASEID)) { // only compute bPK if online
- * application is a public service and we have the Stammzahl
- * String bpkBase64 = new BPKBuilder().buildBPK(
- * identityLink.getIdentificationValue(), session.getTarget());
- * authData.setBPK(bpkBase64); }
- */
-
+ //we have foreigner, thus we have to calculate bPK and wbPK now (after receiving identity link from SZR-GW
+ if (businessService) {
+ //since we have foreigner, wbPK is not calculated in BKU
+ if(identityLink.getIdentificationType().equals(Constants.URN_PREFIX_BASEID)) {
+ String wbpkBase64 = new BPKBuilder().buildWBPK(identityLink.getIdentificationValue(), session.getDomainIdentifier());
+ authData.setWBPK(wbpkBase64);
+ }
+
+ } else {
+
+ if(identityLink.getIdentificationType().equals(Constants.URN_PREFIX_BASEID)) {
+ // only compute bPK if online application is a public service and we have the Stammzahl
+ String bpkBase64 = new BPKBuilder().buildBPK(identityLink.getIdentificationValue(), session.getTarget());
+ authData.setBPK(bpkBase64);
+ }
+
+
+ }
+
}
String ilAssertion = oaParam.getProvideIdentityLink() ? identityLink
.getSerializedSamlAssertion()
@@ -2227,8 +2270,7 @@ public class AuthenticationServer implements MOAIDAuthConstants {
session.setAssertionBusinessService(businessService);
session.setAssertionIlAssertion(ilAssertion);
session.setAssertionPrPerson(prPerson);
- session
- .setAssertionSignerCertificateBase64(signerCertificateBase64);
+ session.setAssertionSignerCertificateBase64(signerCertificateBase64);
return authData;
@@ -2482,4 +2524,288 @@ public class AuthenticationServer implements MOAIDAuthConstants {
return value;
}
+
+ /**
+ * Does the request to the SZR-GW
+ * @param signature XMLDSIG signature
+ * @return Identity link assertion
+ * @throws SZRGWClientException
+ */
+ public CreateIdentityLinkResponse getIdentityLink(String PEPSIdentifier, String PEPSFirstname, String PEPSFamilyname, String PEPSDateOfBirth, Element signature) throws SZRGWClientException {
+
+ SZRGWClient client = new SZRGWClient();
+
+ try {
+ AuthConfigurationProvider authConf = AuthConfigurationProvider.getInstance();
+ ConnectionParameter connectionParameters = authConf.getForeignIDConnectionParameter();
+
+ client.setAddress(connectionParameters.getUrl());
+ if (connectionParameters.getUrl().toLowerCase().startsWith("https:")) {
+ Logger.debug("Initialisiere SSL Verbindung");
+ try {
+ client.setSSLSocketFactory(SSLUtils.getSSLSocketFactory(AuthConfigurationProvider.getInstance(), connectionParameters));
+ } catch (IOException e) {
+ Logger.error("Could not initialize SSL Factory", e);
+ throw new SZRGWClientException("Could not initialize SSL Factory");
+ } catch (GeneralSecurityException e) {
+ Logger.error("Could not initialize SSL Factory", e);
+ throw new SZRGWClientException("Could not initialize SSL Factory");
+ } catch (PKIException e) {
+ Logger.error("Could not initialize SSL Factory", e);
+ throw new SZRGWClientException("Could not initialize SSL Factory");
+ }
+ }
+ Logger.info("Starte Kommunikation mit dem Stammzahlenregister Gateway(" + connectionParameters.getUrl() + ")...");
+ }
+ catch (ConfigurationException e) {
+ Logger.warn(e);
+ Logger.warn(MOAIDMessageProvider.getInstance().getMessage("config.12", null ));
+ }
+
+ // create request
+ CreateIdentityLinkResponse response = null;
+ Element request = null;
+ try {
+ Document doc = client.buildGetIdentityLinkRequest(PEPSIdentifier, PEPSFirstname, PEPSFamilyname, PEPSDateOfBirth, signature);
+ request = doc.getDocumentElement();
+
+ // send request
+ response = client.createIdentityLinkResponse(request);
+ } catch (SZRGWClientException e) {
+ // give him a second try - Nach dem Starten des Tomcat wird beim ersten Mal das Client-Zertifikat offenbar vom HTTPClient nicht mitgeschickt.
+ try {
+ response = client.createIdentityLinkResponse(request);
+ }
+ catch (SZRGWClientException e1) {
+ throw new SZRGWClientException(e1);
+ }
+ }
+
+
+ return response;
+
+ }
+
+ /**
+ * Starts a MOA-ID authentication process using STORK
+ * @param req HttpServletRequest
+ * @param resp HttpServletResponse
+ * @param ccc Citizen country code
+ * @param oaURL URL of the online application
+ * @param target Target parameter
+ * @param targetFriendlyName Friendly Name of Target
+ * @param authURL Authentication URL
+ * @param sourceID SourceID parameter
+ * @throws MOAIDException
+ * @throws AuthenticationException
+ * @throws WrongParametersException
+ * @throws ConfigurationException
+ */
+ public static void startSTORKAuthentication(
+ HttpServletRequest req,
+ HttpServletResponse resp,
+ String ccc,
+ String oaURL,
+ String target,
+ String targetFriendlyName,
+ String authURL,
+ String sourceID) throws MOAIDException, AuthenticationException, WrongParametersException, ConfigurationException {
+
+ //read configuration paramters of OA
+ OAAuthParameter oaParam = AuthConfigurationProvider.getInstance().getOnlineApplicationParameter(oaURL);
+ if (oaParam == null)
+ throw new AuthenticationException("auth.00", new Object[] { oaURL });
+
+ if (!oaParam.getBusinessService()) {
+ if (StringUtils.isEmpty(target))
+ throw new WrongParametersException("StartAuthentication", PARAM_TARGET, "auth.05");
+ } else {
+ target = null;
+ }
+
+ //create MOA session
+ AuthenticationSession moaSession = newSession();
+ Logger.info("MOASession " + moaSession.getSessionID() + " angelegt");
+ moaSession.setTarget(target);
+ moaSession.setTargetFriendlyName(targetFriendlyName);
+ moaSession.setOAURLRequested(oaURL);
+ moaSession.setPublicOAURLPrefix(oaParam.getPublicURLPrefix());
+ moaSession.setAuthURL(authURL);
+ moaSession.setBusinessService(oaParam.getBusinessService());
+ moaSession.setDomainIdentifier(oaParam.getIdentityLinkDomainIdentifier());
+ if (sourceID != null)
+ moaSession.setSourceID(sourceID);
+
+ //Start of STORK Processing
+ STORKConfig storkConfig = AuthConfigurationProvider.getInstance().getStorkConfig();
+
+ CPEPS cpeps = storkConfig.getCPEPS(ccc);
+
+ Logger.debug("Preparing to assemble STORK AuthnRequest witht the following values:");
+ String destination = cpeps.getPepsURL().toExternalForm();
+ Logger.debug("C-PEPS URL: " + destination);
+
+ String acsURL = HTTPUtils.getBaseURL(req) + PEPSConnectorServlet.PEPSCONNECTOR_SERVLET_URL_PATTERN;
+ Logger.debug("MOA Assertion Consumer URL (PEPSConnctor): " + acsURL);
+
+ String providerName= oaParam.getFriendlyName();
+ String issuerValue = HTTPUtils.getBaseURL(req);
+ Logger.debug("Issuer value: " + issuerValue);
+
+ QualityAuthenticationAssuranceLevel qaaLevel = STORKMessagesBuilder.buildQualityAuthenticationAssuranceLevel(oaParam.getQaaLevel().getValue());
+ Logger.debug("QAALevel: " + qaaLevel.getValue());
+
+ RequestedAttributes requestedAttributes;
+
+ requestedAttributes = oaParam.getRequestedAttributes();
+ requestedAttributes.detach();
+ List<RequestedAttribute> reqAttributeList = new ArrayList<RequestedAttribute>();
+ List<RequestedAttribute> oaReqAttributeList = new ArrayList<RequestedAttribute>(oaParam.getRequestedAttributes().getRequestedAttributes());
+ //check if country specific attributes must be additionally requested
+ if (!cpeps.getCountrySpecificRequestedAttributes().isEmpty()) {
+ //add country specific attributes to be requested (Hierarchy: default oa attributes > country specific attributes > oa specific attributes
+ Logger.debug("We have addtional country specific attributes to be requested from the C-PEPS of country: " + ccc);
+ Logger.debug("The following attributes are requested for this specific country:");
+ List<RequestedAttribute> countrySpecificReqAttributeList = new ArrayList<RequestedAttribute>(cpeps.getCountrySpecificRequestedAttributes());
+ for (RequestedAttribute csReqAttr : countrySpecificReqAttributeList) {
+ csReqAttr.detach();
+ if (!STORKConstants.DEFAULT_STORK_REQUESTED_ATTRIBUTE_SET.contains(csReqAttr.getName())) {
+ //this country specific attribute does not override default attribute
+ if (SAMLUtil.containsAttribute(oaReqAttributeList, csReqAttr.getName())) {
+ //the same attribute is requested for OA, applying hierachy
+ //remove oa attribute
+ oaReqAttributeList.remove(SAMLUtil.getAttribute(oaReqAttributeList, csReqAttr.getName()));
+ //add country specific attribute instead
+ Logger.debug("Requested Attribute (" + csReqAttr.getName() + ") is also requested by OA but we use Country Specific value instead");
+ }
+ oaReqAttributeList.add(csReqAttr);
+ Logger.debug("Country specific requested attribute: " + csReqAttr.getName() + ", isRequired: " + csReqAttr.isRequired());
+ } else {
+ Logger.debug("Country specific requested attribute: " + csReqAttr.getName() + ", isRequired: " + csReqAttr.isRequired() + " tries to overwrite default requested and required attributes, hence we skip it.");
+ }
+
+ }
+ reqAttributeList.addAll(oaReqAttributeList);
+ } else {
+ //no country specific requested attributes
+ reqAttributeList.addAll(oaReqAttributeList);
+ }
+
+ reqAttributeList = (List<RequestedAttribute>) SAMLUtil.releaseDOM(reqAttributeList);
+ requestedAttributes = STORKMessagesBuilder.buildRequestedAttributes(reqAttributeList);
+
+ if (Logger.isDebugEnabled()) {
+ Logger.debug("The following attributes are requested for this OA:");
+ for (RequestedAttribute logReqAttr : reqAttributeList) {
+ Logger.debug("OA specific requested attribute: " + logReqAttr.getName() + ", isRequired: " + logReqAttr.isRequired());
+
+ }
+ }
+
+ String spSector = StringUtils.isEmpty(target) ? "Business" : target;
+ String spInstitution = StringUtils.isEmpty(oaParam.getFriendlyName()) ? "UNKNOWN" : oaParam.getFriendlyName();
+ String spApplication = spInstitution;
+ String spCountry = "AT";
+
+ String textToBeSigned =
+ CreateXMLSignatureRequestBuilder.buildForeignIDTextToBeSigned("wie im Signaturzertifikat (as in my signature certificate)", oaParam, moaSession);
+
+ //generate AuthnRquest
+ STORKAuthnRequest storkAuthnRequest = STORKAuthnRequestProcessor.generateSTORKAuthnRequest(
+ destination,
+ acsURL,
+ providerName,
+ issuerValue,
+ qaaLevel,
+ requestedAttributes,
+ spSector,
+ spInstitution,
+ spApplication,
+ spCountry,
+ textToBeSigned,
+ "application/xhtml+xml");
+
+ Logger.debug("STORK AuthnRequest succesfully assembled.");
+
+ //sign AuthnRequest
+ String keyStorePath = storkConfig.getSignatureCreationParameter().getKeyStorePath();
+ String keyStorePassword = storkConfig.getSignatureCreationParameter().getKeyStorePassword();
+ String keyName = storkConfig.getSignatureCreationParameter().getKeyName();
+ String keyPassword = storkConfig.getSignatureCreationParameter().getKeyPassword();
+
+ Logger.debug("Starting signing process of STORK AuthnRequest.");
+ Logger.trace("Using the following Keystore and Key for that:");
+ Logger.trace("KeyStore: " + keyStorePath);
+ Logger.trace("KeyName: " + keyName);
+
+ try {
+ storkAuthnRequest = STORKAuthnRequestProcessor.signSTORKAuthnRequest(storkAuthnRequest, keyStorePath, keyStorePassword, keyName, keyPassword);
+ } catch (SAMLException e) {
+ Logger.error("Could not sign STORK SAML AuthnRequest.", e);
+ throw new MOAIDException("stork.00", null);
+ }
+
+ Logger.info("STORK AuthnRequest successfully signed!");
+
+ //validate AuthnRequest
+ try {
+ STORKAuthnRequestProcessor.validateSTORKAuthnRequest(storkAuthnRequest);
+ } catch (SAMLValidationException e) {
+ Logger.error("STORK SAML AuthnRequest not valid.", e);
+ throw new MOAIDException("stork.01", null);
+ }
+
+ Logger.debug("STORK AuthnRequest successfully internally validated.");
+
+ //send
+ moaSession.setStorkAuthnRequest(storkAuthnRequest);
+ HttpSession httpSession = req.getSession();
+ httpSession.setAttribute("MOA-Session-ID", moaSession.getSessionID());
+
+ Logger.debug("Preparing to send STORK AuthnRequest.");
+
+ try {
+ STORKAuthnRequestProcessor.sendSTORKAuthnRequest(req, resp, storkAuthnRequest);
+ } catch (Exception e) {
+ Logger.error("Error sending STORK SAML AuthnRequest.", e);
+ httpSession.invalidate();
+ throw new MOAIDException("stork.02", new Object[] { destination });
+ }
+
+ Logger.info("STORK AuthnRequest successfully sent to: " + storkAuthnRequest.getDestination());
+ Logger.debug("STORKAuthnRequest sent (pretty print): ");
+ Logger.debug(XMLHelper.prettyPrintXML(storkAuthnRequest.getDOM()));
+ Logger.trace("STORKAuthnRequest sent (original): ");
+ Logger.trace(XMLUtil.printXML(storkAuthnRequest.getDOM()));
+
+ }
+
+ /**
+ * Extracts an X509 Certificate out of an XML signagture element
+ * @param signedXML XML signature element
+ * @return X509Certificate
+ * @throws CertificateException
+ */
+ public static X509Certificate getCertificateFromXML(Element signedXML) throws CertificateException {
+
+ NodeList nList = signedXML.getElementsByTagNameNS(Constants.DSIG_NS_URI, "X509Certificate");
+
+ String base64CertString = XMLUtil.getFirstTextValueFromNodeList(nList);
+
+ if (StringUtils.isEmpty(base64CertString)) {
+ String msg = "XML does not contain a X509Certificate element.";
+ Logger.error(msg);
+ throw new CertificateException(msg);
+ }
+
+ InputStream is = new ByteArrayInputStream(Base64.decode(base64CertString));
+
+ CertificateFactory cf;
+ X509Certificate cert = null;
+ cf = CertificateFactory.getInstance("X.509");
+ cert = (X509Certificate)cf.generateCertificate(is);
+
+ return cert;
+ }
+
}
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/MOAIDAuthConstants.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/MOAIDAuthConstants.java
index f3be98ef0..7d5835f20 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/MOAIDAuthConstants.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/MOAIDAuthConstants.java
@@ -47,6 +47,8 @@ public interface MOAIDAuthConstants {
public static final String PARAM_SOURCEID = "sourceID";
/** servlet parameter &quot;BKUSelectionTemplate&quot; */
public static final String PARAM_BKUTEMPLATE = "BKUSelectionTemplate";
+ /** servlet parameter &quot;CCC (Citizen Country Code)&quot; */
+ public static final String PARAM_CCC = "CCC";
/** servlet parameter &quot;BKUSelectionTemplate&quot; */
public static final String PARAM_INPUT_PROCESSOR_SIGN_TEMPLATE = "InputProcessorSignTemplate";
/** default BKU URL */
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/BPKBuilder.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/BPKBuilder.java
index b6ba5871d..fa9789530 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/BPKBuilder.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/BPKBuilder.java
@@ -56,7 +56,7 @@ public class BPKBuilder {
target.length() == 0))
{
throw new BuildException("builder.00",
- new Object[] {"BPK", "Unvollständige Parameterangaben: identificationValue=" +
+ new Object[] {"BPK", "Unvollständige Parameterangaben: identificationValue=" +
identificationValue + ",target=" + target});
}
String basisbegriff = identificationValue + "+" + Constants.URN_PREFIX_CDID + "+" + target;
@@ -86,7 +86,7 @@ public class BPKBuilder {
registerAndOrdNr.length() == 0))
{
throw new BuildException("builder.00",
- new Object[] {"wbPK", "Unvollständige Parameterangaben: identificationValue=" +
+ new Object[] {"wbPK", "Unvollständige Parameterangaben: identificationValue=" +
identificationValue + ",Register+Registernummer=" + registerAndOrdNr});
}
String basisbegriff = identificationValue + "+" + Constants.URN_PREFIX_WBPK + "+" + registerAndOrdNr;
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/CreateXMLSignatureRequestBuilder.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/CreateXMLSignatureRequestBuilder.java
index 9c696f245..2da7db2b2 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/CreateXMLSignatureRequestBuilder.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/CreateXMLSignatureRequestBuilder.java
@@ -129,7 +129,31 @@ public class CreateXMLSignatureRequestBuilder implements Constants {
* @return String representation of <code>&lt;CreateXMLSignatureRequest&gt;</code>
*/
public String buildForeignID(String subject, OAAuthParameter oaParam, AuthenticationSession session) {
+
+ String request = "";
+ request += "<sl:CreateXMLSignatureRequest xmlns:sl=\"http://www.buergerkarte.at/namespaces/securitylayer/1.2#\">";
+ request += "<sl:KeyboxIdentifier>SecureSignatureKeypair</sl:KeyboxIdentifier>";
+ request += "<sl:DataObjectInfo Structure=\"enveloping\">";
+ request += "<sl:DataObject>";
+ request += "<sl:XMLContent>";
+
+ request += buildForeignIDTextToBeSigned(subject, oaParam, session);
+ request += "</sl:XMLContent>";
+ request += "</sl:DataObject>";
+ request += "<sl:TransformsInfo>";
+ request += "<sl:FinalDataMetaInfo>";
+ request += "<sl:MimeType>application/xhtml+xml</sl:MimeType>";
+ request += "</sl:FinalDataMetaInfo>";
+ request += "</sl:TransformsInfo>";
+ request += "</sl:DataObjectInfo>";
+ request += "</sl:CreateXMLSignatureRequest>";
+
+ return request;
+ }
+
+ public static String buildForeignIDTextToBeSigned(String subject, OAAuthParameter oaParam, AuthenticationSession session) {
+
String target = session.getTarget();
String sectorName = TargetToSectorNameMapper.getSectorNameViaTarget(target);
@@ -137,14 +161,9 @@ public class CreateXMLSignatureRequestBuilder implements Constants {
String date = DateTimeUtils.buildDate(cal);
String time = DateTimeUtils.buildTime(cal);
- String request = "";
- request += "<sl:CreateXMLSignatureRequest xmlns:sl=\"http://www.buergerkarte.at/namespaces/securitylayer/1.2#\">";
- request += "<sl:KeyboxIdentifier>SecureSignatureKeypair</sl:KeyboxIdentifier>";
- request += "<sl:DataObjectInfo Structure=\"enveloping\">";
- request += "<sl:DataObject>";
- request += "<sl:XMLContent>";
-
- request += "<html xmlns=\"http://www.w3.org/1999/xhtml\">";
+ String request = "";
+ request += "<html xmlns=\"http://www.w3.org/1999/xhtml\">"; //application/xhtml+xml text/html
+ //request += "<meta http-equiv=\"content-type\" content=\"application/xhtml+xml; charset=UTF-8\">";
request += "<head>";
request += "<title>Signatur der Anmeldedaten</title>";
request += "<style type=\"text/css\" media=\"screen\">";
@@ -263,17 +282,9 @@ public class CreateXMLSignatureRequestBuilder implements Constants {
request += "</body>";
request += "</html>";
-
- request += "</sl:XMLContent>";
- request += "</sl:DataObject>";
- request += "<sl:TransformsInfo>";
- request += "<sl:FinalDataMetaInfo>";
- request += "<sl:MimeType>application/xhtml+xml</sl:MimeType>";
- request += "</sl:FinalDataMetaInfo>";
- request += "</sl:TransformsInfo>";
- request += "</sl:DataObjectInfo>";
- request += "</sl:CreateXMLSignatureRequest>";
-
+
return request;
+
}
+
}
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/data/AuthenticationSession.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/data/AuthenticationSession.java
index 5a18b720b..e861c62fa 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/data/AuthenticationSession.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/data/AuthenticationSession.java
@@ -24,6 +24,8 @@
package at.gv.egovernment.moa.id.auth.data;
+
+
import iaik.x509.X509Certificate;
import java.util.ArrayList;
@@ -37,6 +39,7 @@ import at.gv.egovernment.moa.id.auth.validator.parep.ParepUtils;
import at.gv.egovernment.moa.id.data.AuthenticationData;
import at.gv.egovernment.moa.logging.Logger;
import at.gv.egovernment.moa.util.Constants;
+import eu.stork.mw.messages.saml.STORKAuthnRequest;
/**
* Session data to be stored between <code>AuthenticationServer</code> API calls.
@@ -204,7 +207,10 @@ public class AuthenticationSession {
*/
private String pushInfobox;
-
+ /**
+ * The STORK AuthRequest to be sent to the C-PEPS
+ */
+ private STORKAuthnRequest storkAuthnRequest;
/**
* Constructor for AuthenticationSession.
@@ -814,6 +820,23 @@ public class AuthenticationSession {
public void setMandateReferenceValue(String mandateReferenceValue) {
this.mandateReferenceValue = mandateReferenceValue;
}
+
+ /**
+ * Gets the STORK SAML AuthnRequest
+ * @return STORK SAML AuthnRequest
+ */
+ public STORKAuthnRequest getStorkAuthnRequest() {
+ return storkAuthnRequest;
+ }
+
+ /**
+ * Sets the STORK SAML AuthnRequest
+ * @param storkAuthnRequest STORK SAML AuthnRequest
+ */
+ public void setStorkAuthnRequest(STORKAuthnRequest storkAuthnRequest) {
+ this.storkAuthnRequest = storkAuthnRequest;
+ }
+
}
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/AuthServlet.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/AuthServlet.java
index a19618dc2..16041f8cb 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/AuthServlet.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/AuthServlet.java
@@ -46,10 +46,18 @@ import org.apache.commons.fileupload.FileUploadException;
import org.apache.commons.fileupload.disk.DiskFileItemFactory;
import org.apache.commons.fileupload.servlet.ServletFileUpload;
+import at.gv.egovernment.moa.id.AuthenticationException;
+import at.gv.egovernment.moa.id.auth.AuthenticationServer;
import at.gv.egovernment.moa.id.auth.MOAIDAuthConstants;
import at.gv.egovernment.moa.id.auth.WrongParametersException;
+import at.gv.egovernment.moa.id.auth.builder.DataURLBuilder;
+import at.gv.egovernment.moa.id.auth.data.AuthenticationSession;
+import at.gv.egovernment.moa.id.config.ConfigurationException;
+import at.gv.egovernment.moa.id.config.auth.AuthConfigurationProvider;
import at.gv.egovernment.moa.logging.Logger;
+import at.gv.egovernment.moa.util.BoolUtils;
import at.gv.egovernment.moa.util.URLDecoder;
+import at.gv.egovernment.moa.util.URLEncoder;
/**
* Base class for MOA-ID Auth Servlets, providing standard error handling
@@ -65,7 +73,16 @@ public class AuthServlet extends HttpServlet implements MOAIDAuthConstants {
*
*/
private static final long serialVersionUID = -6929905344382283738L;
+
+
+ @Override
+ protected void doGet(HttpServletRequest req, HttpServletResponse resp)
+ throws ServletException, IOException {
+ Logger.debug("GET " + this.getServletName());
+
+ this.setNoCachingHeadersInHttpRespone(req, resp);
+}
/**
* Handles an error. <br>>
* <ul>
@@ -260,4 +277,51 @@ public class AuthServlet extends HttpServlet implements MOAIDAuthConstants {
public void init(ServletConfig servletConfig) throws ServletException {
super.init(servletConfig);
}
+
+ /**
+ * Set response headers to avoid caching
+ * @param request HttpServletRequest
+ * @param response HttpServletResponse
+ */
+ protected void setNoCachingHeadersInHttpRespone(HttpServletRequest request, HttpServletResponse response) {
+ response.setHeader(MOAIDAuthConstants.HEADER_EXPIRES,MOAIDAuthConstants.HEADER_VALUE_EXPIRES);
+ response.setHeader(MOAIDAuthConstants.HEADER_PRAGMA,MOAIDAuthConstants.HEADER_VALUE_PRAGMA);
+ response.setHeader(MOAIDAuthConstants.HEADER_CACHE_CONTROL,MOAIDAuthConstants.HEADER_VALUE_CACHE_CONTROL);
+ response.addHeader(MOAIDAuthConstants.HEADER_CACHE_CONTROL,MOAIDAuthConstants.HEADER_VALUE_CACHE_CONTROL_IE);
+
+ }
+
+ /**
+ * Adds a parameter to a URL.
+ * @param url the URL
+ * @param paramname parameter name
+ * @param paramvalue parameter value
+ * @return the URL with parameter added
+ */
+ protected static String addURLParameter(String url, String paramname, String paramvalue) {
+ String param = paramname + "=" + paramvalue;
+ if (url.indexOf("?") < 0)
+ return url + "?" + param;
+ else
+ return url + "&" + param;
+ }
+
+ /**
+ * Checks if HTTP requests are allowed
+ * @param authURL requestURL
+ * @throws AuthenticationException if HTTP requests are not allowed
+ * @throws ConfigurationException
+ */
+ protected void checkIfHTTPisAllowed(String authURL) throws AuthenticationException, ConfigurationException {
+ // check if HTTP Connection may be allowed (through
+ // FRONTEND_SERVLETS_ENABLE_HTTP_CONNECTION_PROPERTY)
+ String boolStr = AuthConfigurationProvider.getInstance().getGenericConfigurationParameter(
+ AuthConfigurationProvider.FRONTEND_SERVLETS_ENABLE_HTTP_CONNECTION_PROPERTY);
+ if ((!authURL.startsWith("https:"))
+ && (false == BoolUtils.valueOf(boolStr)))
+ throw new AuthenticationException("auth.07",
+ new Object[] { authURL + "*" });
+
+ }
+
}
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/GetForeignIDServlet.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/GetForeignIDServlet.java
index 246a47699..bf7a0f714 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/GetForeignIDServlet.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/GetForeignIDServlet.java
@@ -24,19 +24,17 @@
package at.gv.egovernment.moa.id.auth.servlet;
-import iaik.pki.PKIException;
-
import java.io.IOException;
-import java.security.GeneralSecurityException;
+import java.security.cert.CertificateException;
import java.util.Map;
import javax.servlet.ServletException;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
+import javax.xml.transform.TransformerException;
import org.apache.commons.fileupload.FileUploadException;
import org.apache.commons.lang.StringEscapeUtils;
-import org.w3c.dom.Document;
import org.w3c.dom.Element;
import at.gv.egovernment.moa.id.MOAIDException;
@@ -50,15 +48,10 @@ import at.gv.egovernment.moa.id.auth.data.IdentityLink;
import at.gv.egovernment.moa.id.auth.parser.CreateXMLSignatureResponseParser;
import at.gv.egovernment.moa.id.auth.parser.IdentityLinkAssertionParser;
import at.gv.egovernment.moa.id.auth.validator.parep.client.szrgw.CreateIdentityLinkResponse;
-import at.gv.egovernment.moa.id.auth.validator.parep.client.szrgw.SZRGWClient;
import at.gv.egovernment.moa.id.auth.validator.parep.client.szrgw.SZRGWClientException;
-import at.gv.egovernment.moa.id.config.ConfigurationException;
-import at.gv.egovernment.moa.id.config.ConnectionParameter;
-import at.gv.egovernment.moa.id.config.auth.AuthConfigurationProvider;
-import at.gv.egovernment.moa.id.util.MOAIDMessageProvider;
import at.gv.egovernment.moa.id.util.ParamValidatorUtils;
-import at.gv.egovernment.moa.id.util.SSLUtils;
import at.gv.egovernment.moa.logging.Logger;
+import at.gv.egovernment.moa.util.DOMUtils;
import at.gv.egovernment.moa.util.URLEncoder;
/**
@@ -89,14 +82,7 @@ public class GetForeignIDServlet extends AuthServlet {
protected void doGet(HttpServletRequest req, HttpServletResponse resp)
throws ServletException, IOException {
- Logger.debug("GET GetForeignIDServlet");
-
- resp.setHeader(MOAIDAuthConstants.HEADER_EXPIRES,MOAIDAuthConstants.HEADER_VALUE_EXPIRES);
- resp.setHeader(MOAIDAuthConstants.HEADER_PRAGMA,MOAIDAuthConstants.HEADER_VALUE_PRAGMA);
- resp.setHeader(MOAIDAuthConstants.HEADER_CACHE_CONTROL,MOAIDAuthConstants.HEADER_VALUE_CACHE_CONTROL);
- resp.addHeader(MOAIDAuthConstants.HEADER_CACHE_CONTROL,MOAIDAuthConstants.HEADER_VALUE_CACHE_CONTROL_IE);
-
-
+ super.doGet(req, resp);
}
/**
@@ -160,10 +146,17 @@ public class GetForeignIDServlet extends AuthServlet {
CreateXMLSignatureResponse csresp =
new CreateXMLSignatureResponseParser(xmlCreateXMLSignatureResponse).parseResponseDsig();
- Element signature = csresp.getDsigSignature();
+ Element signature = csresp.getDsigSignature();
+
+ try {
+ session.setSignerCertificate(AuthenticationServer.getCertificateFromXML(signature));
+ } catch (CertificateException e) {
+ Logger.error("Could not extract certificate from CreateXMLSignatureResponse");
+ throw new MOAIDException("auth.14", null);
+ }
// make SZR request to the identity link
- CreateIdentityLinkResponse response = getIdentityLink(signature);
+ CreateIdentityLinkResponse response = AuthenticationServer.getInstance().getIdentityLink(null, null, null, null, signature);
if (response.isError()) {
@@ -173,28 +166,30 @@ public class GetForeignIDServlet extends AuthServlet {
Element samlAssertion = response.getAssertion();
-// try {
-// System.out.println(DOMUtils.serializeNode(samlAssertion));
-// } catch (TransformerException e) {
-// e.printStackTrace();
-// }
+ try {
+ System.out.println("PB: " + DOMUtils.serializeNode(samlAssertion));
+ } catch (TransformerException e) {
+ e.printStackTrace();
+ }
IdentityLinkAssertionParser ilParser = new IdentityLinkAssertionParser(samlAssertion);
IdentityLink identitylink = ilParser.parseIdentityLink();
session.setIdentityLink(identitylink);
String samlArtifactBase64 =
- AuthenticationServer.getInstance().getForeignAuthenticationData(sessionID);
- if (!samlArtifactBase64.equals("Redirect to Input Processor")) {
- redirectURL = session.getOAURLRequested();
- if (!session.getBusinessService()) {
- redirectURL = addURLParameter(redirectURL, PARAM_TARGET, URLEncoder.encode(session.getTarget(), "UTF-8"));
- }
- redirectURL = addURLParameter(redirectURL, PARAM_SAMLARTIFACT, URLEncoder.encode(samlArtifactBase64, "UTF-8"));
- redirectURL = resp.encodeRedirectURL(redirectURL);
- } else {
- redirectURL = new DataURLBuilder().buildDataURL(session.getAuthURL(), AuthenticationServer.REQ_PROCESS_VALIDATOR_INPUT, session.getSessionID());
+ AuthenticationServer.getInstance().getForeignAuthenticationData(sessionID);
+ if (!samlArtifactBase64.equals("Redirect to Input Processor")) {
+ redirectURL = session.getOAURLRequested();
+ if (!session.getBusinessService()) {
+ redirectURL = addURLParameter(redirectURL, PARAM_TARGET, URLEncoder.encode(session.getTarget(), "UTF-8"));
+ }
+ redirectURL = addURLParameter(redirectURL, PARAM_SAMLARTIFACT, URLEncoder.encode(samlArtifactBase64, "UTF-8"));
+ redirectURL = resp.encodeRedirectURL(redirectURL);
+
+ } else {
+ redirectURL = new DataURLBuilder().buildDataURL(session.getAuthURL(), AuthenticationServer.REQ_PROCESS_VALIDATOR_INPUT, session.getSessionID());
}
+
resp.setContentType("text/html");
resp.setStatus(302);
resp.addHeader("Location", redirectURL);
@@ -210,84 +205,12 @@ public class GetForeignIDServlet extends AuthServlet {
}
}
- /**
- * Adds a parameter to a URL.
- * @param url the URL
- * @param paramname parameter name
- * @param paramvalue parameter value
- * @return the URL with parameter added
- */
- private static String addURLParameter(String url, String paramname, String paramvalue) {
- String param = paramname + "=" + paramvalue;
- if (url.indexOf("?") < 0)
- return url + "?" + param;
- else
- return url + "&" + param;
- }
- /**
- * Does the request to the SZR-GW
- * @param signature XMLDSIG signature
- * @return Identity link assertion
- * @throws SZRGWClientException
- */
- private CreateIdentityLinkResponse getIdentityLink(Element signature) throws SZRGWClientException {
-
- SZRGWClient client = new SZRGWClient();
-
- try {
- AuthConfigurationProvider authConf = AuthConfigurationProvider.getInstance();
- ConnectionParameter connectionParameters = authConf.getForeignIDConnectionParameter();
-
- client.setAddress(connectionParameters.getUrl());
- if (connectionParameters.getUrl().toLowerCase().startsWith("https:")) {
- Logger.debug("Initialisiere SSL Verbindung");
- try {
- client.setSSLSocketFactory(SSLUtils.getSSLSocketFactory(AuthConfigurationProvider.getInstance(), connectionParameters));
- } catch (IOException e) {
- Logger.error("Could not initialize SSL Factory", e);
- throw new SZRGWClientException("Could not initialize SSL Factory");
- } catch (GeneralSecurityException e) {
- Logger.error("Could not initialize SSL Factory", e);
- throw new SZRGWClientException("Could not initialize SSL Factory");
- } catch (PKIException e) {
- Logger.error("Could not initialize SSL Factory", e);
- throw new SZRGWClientException("Could not initialize SSL Factory");
- }
- }
- Logger.info("Starte Kommunikation mit dem Stammzahlenregister Gateway(" + connectionParameters.getUrl() + ")...");
- }
- catch (ConfigurationException e) {
- Logger.warn(e);
- Logger.warn(MOAIDMessageProvider.getInstance().getMessage("config.12", null ));
- }
-
- // create request
- CreateIdentityLinkResponse response = null;
- Element request = null;
- try {
- Document doc = client.buildGetIdentityLinkRequest(null, null, null, null, signature);
- request = doc.getDocumentElement();
-
- // send request
- response = client.createIdentityLinkResponse(request);
- } catch (SZRGWClientException e) {
- // give him a second try - Nach dem Starten des Tomcat wird beim ersten Mal das Client-Zertifikat offenbar vom HTTPClient nicht mitgeschickt.
- try {
- response = client.createIdentityLinkResponse(request);
- }
- catch (SZRGWClientException e1) {
- throw new SZRGWClientException(e1);
- }
- }
-
-
- return response;
-
- }
+
+
/**
- * Builds the szrgw:GetIdentityLinkRequest für the SZR-GW
+ * Builds the szrgw:GetIdentityLinkRequest f�r the SZR-GW
* @param givenname
* @param familyname
* @param birthday
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/GetMISSessionIDServlet.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/GetMISSessionIDServlet.java
index 9d26ded8a..74b2f80b9 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/GetMISSessionIDServlet.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/GetMISSessionIDServlet.java
@@ -206,20 +206,6 @@ public class GetMISSessionIDServlet extends AuthServlet {
}
}
- /**
- * Adds a parameter to a URL.
- * @param url the URL
- * @param paramname parameter name
- * @param paramvalue parameter value
- * @return the URL with parameter added
- */
- private static String addURLParameter(String url, String paramname, String paramvalue) {
- String param = paramname + "=" + paramvalue;
- if (url.indexOf("?") < 0)
- return url + "?" + param;
- else
- return url + "&" + param;
- }
-
+
}
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/PEPSConnectorServlet.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/PEPSConnectorServlet.java
new file mode 100644
index 000000000..4ec894d47
--- /dev/null
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/PEPSConnectorServlet.java
@@ -0,0 +1,227 @@
+package at.gv.egovernment.moa.id.auth.servlet;
+
+import java.io.IOException;
+import java.util.List;
+
+import javax.servlet.ServletException;
+import javax.servlet.http.HttpServlet;
+import javax.servlet.http.HttpServletRequest;
+import javax.servlet.http.HttpServletResponse;
+import javax.servlet.http.HttpSession;
+
+import org.opensaml.saml2.core.Assertion;
+import org.opensaml.saml2.core.StatusCode;
+import org.opensaml.xml.util.XMLHelper;
+import org.w3c.dom.Element;
+
+import at.gv.egovernment.moa.id.AuthenticationException;
+import at.gv.egovernment.moa.id.MOAIDException;
+import at.gv.egovernment.moa.id.auth.AuthenticationServer;
+import at.gv.egovernment.moa.id.auth.builder.DataURLBuilder;
+import at.gv.egovernment.moa.id.auth.data.AuthenticationSession;
+import at.gv.egovernment.moa.id.auth.data.ExtendedSAMLAttribute;
+import at.gv.egovernment.moa.id.auth.data.IdentityLink;
+import at.gv.egovernment.moa.id.auth.stork.STORKException;
+import at.gv.egovernment.moa.id.auth.stork.STORKResponseProcessor;
+import at.gv.egovernment.moa.id.util.HTTPUtils;
+import at.gv.egovernment.moa.logging.Logger;
+import at.gv.egovernment.moa.util.DOMUtils;
+import at.gv.egovernment.moa.util.StringUtils;
+import at.gv.egovernment.moa.util.URLEncoder;
+import eu.stork.mw.messages.saml.STORKAuthnRequest;
+import eu.stork.mw.messages.saml.STORKResponse;
+import eu.stork.vidp.messages.util.XMLUtil;
+
+/**
+ * Endpoint for receiving STORK response messages
+ */
+public class PEPSConnectorServlet extends AuthServlet {
+ private static final long serialVersionUID = 1L;
+
+ public static final String PEPSCONNECTOR_SERVLET_URL_PATTERN = "/PEPSConnector";
+
+
+ /**
+ * @see HttpServlet#doGet(HttpServletRequest request, HttpServletResponse response)
+ */
+ protected void doGet(HttpServletRequest request, HttpServletResponse response) throws ServletException, IOException {
+ super.doGet(request, response);
+ }
+
+ /**
+ * Handles the reception of a STORK response message
+ * @see HttpServlet#doPost(HttpServletRequest request, HttpServletResponse response)
+ */
+ protected void doPost(HttpServletRequest request, HttpServletResponse response) throws ServletException, IOException {
+
+ try {
+
+ Logger.info("PEPSConnector Servlet invoked, expecting C-PEPS message.");
+ Logger.debug("This ACS endpoint is: " + HTTPUtils.getBaseURL(request));
+
+ super.setNoCachingHeadersInHttpRespone(request, response);
+ Logger.trace("No Caching headers set for HTTP response");
+
+ //check if https or only http
+ super.checkIfHTTPisAllowed(request.getRequestURL().toString());
+
+ Logger.debug("Trying to find MOA Session-ID");
+ HttpSession httpSession = request.getSession();
+ String moaSessionID = (String) httpSession.getAttribute("MOA-Session-ID");
+
+ if (StringUtils.isEmpty(moaSessionID)) {
+ //No authentication session has been started before
+ Logger.error("MOA-SessionID was not found, no previous AuthnRequest had been started");
+ throw new AuthenticationException("auth.02", new Object[] { moaSessionID });
+ } else {
+ //We know user and MOA takes over session handling, invalidate HttpSession
+ httpSession.invalidate();
+ }
+
+ Logger.info("Found MOA sessionID: " + moaSessionID);
+
+ Logger.debug("Beginning to extract SAMLResponse out of HTTP Request");
+
+ //extract STORK Response from HTTP Request
+ STORKResponse storkResponse = null;
+ try {
+ storkResponse = STORKResponseProcessor.receiveSTORKRepsonse(request, response);
+ } catch (STORKException e) {
+ Logger.error("Unable to retrieve STORK Response", e);
+ throw new MOAIDException("stork.04", null);
+ }
+
+ Logger.info("STORK SAML Response message succesfully extracted");
+ Logger.debug("STORK response (pretty print): ");
+ Logger.debug(XMLHelper.prettyPrintXML(storkResponse.getDOM()));
+ Logger.trace("STORK response (original): ");
+ Logger.trace(XMLUtil.printXML(storkResponse.getDOM()));
+
+ Logger.debug("Starting validation of SAML response");
+ //verify SAML response
+ try {
+ STORKResponseProcessor.verifySTORKResponse(storkResponse);
+ } catch (STORKException e) {
+ Logger.error("Failed to verify STORK SAML Response", e);
+ throw new MOAIDException("stork.05", null);
+ }
+
+ Logger.info("SAML response succesfully verified!");
+
+ String statusCodeValue = storkResponse.getStatus().getStatusCode().getValue();
+
+ if (!statusCodeValue.equals(StatusCode.SUCCESS_URI)) {
+ Logger.error("Received ErrorResponse from PEPS: " + statusCodeValue);
+ throw new MOAIDException("stork.06", new Object[] { statusCodeValue });
+ }
+
+ Logger.info("Got SAML response with authentication success message.");
+
+ //check if authentication request was created before
+ AuthenticationSession moaSession = AuthenticationServer.getSession(moaSessionID);
+
+ Logger.debug("MOA session is still valid");
+
+ STORKAuthnRequest storkAuthnRequest = moaSession.getStorkAuthnRequest();
+
+ if (storkAuthnRequest == null) {
+ Logger.error("Could not find any preceeding STORK AuthnRequest to this MOA session: " + moaSessionID);
+ throw new MOAIDException("stork.07", null);
+ }
+
+ Logger.debug("Found a preceeding STORK AuthnRequest to this MOA session: " + moaSessionID);
+
+ Logger.debug("Starting validation of SAML assertion");
+ //verify SAML assertion
+ Assertion storkAssertion = storkResponse.getAssertions().get(0);
+ try {
+ STORKResponseProcessor.verifySTORKAssertion(
+ storkAssertion, //assertion
+ request.getRemoteAddr(), //IP address of user
+ storkAuthnRequest.getID(), //ID of STORK AuthnRequest
+ request.getRequestURL().toString(), //destination
+ HTTPUtils.getBaseURL(request), //audience
+ storkAuthnRequest.getRequestedAttributes()); //Requested Attributes
+ } catch (STORKException e) {
+ Logger.error("Failed to verify STORK SAML Assertion", e);
+ throw new MOAIDException("stork.08", null);
+ }
+
+ Logger.info("SAML assertion succesfully verified!");
+
+ Logger.debug("Starting extraction of signedDoc attribute");
+ //extract signed doc element and citizen signature
+ Element citizenSignature = null;
+ try {
+
+ citizenSignature = STORKResponseProcessor.extractCitizenSignature(storkAssertion);
+ moaSession.setAuthBlock(DOMUtils.serializeNode(citizenSignature));
+ moaSession.setSignerCertificate(AuthenticationServer.getCertificateFromXML(citizenSignature));
+
+ } catch (Exception e) {
+ Logger.error("Could not extract citizen signature from C-PEPS", e);
+ throw new MOAIDException("stork.09", null);
+ }
+ Logger.debug("Foregin Citizen signature successfully extracted from STORK Assertion (signedDoc)");
+ Logger.debug("Citizen signature will be verified by SZR Gateway!");
+
+ Logger.debug("Starting connecting SZR Gateway");
+ //contact SZR Gateway
+ IdentityLink identityLink = null;
+ try {
+ identityLink = STORKResponseProcessor.connectToSZRGateway(citizenSignature, storkAssertion.getAttributeStatements().get(0).getAttributes());
+ } catch (STORKException e) {
+ Logger.error("Error connecting SZR Gateway", e);
+ throw new MOAIDException("stork.10", null);
+ }
+ Logger.debug("SZR communication was successfull");
+
+ if (identityLink == null) {
+ Logger.error("SZR Gateway did not return an identity link.");
+ throw new MOAIDException("stork.10", null);
+ }
+ Logger.info("Received Identity Link from SZR Gateway");
+ moaSession.setIdentityLink(identityLink);
+
+ Logger.debug("Adding addtional STORK attributes to MOA assertion");
+ //add other stork attributes to MOA assertion
+ List<ExtendedSAMLAttribute> moaExtendedSAMLAttibutes = STORKResponseProcessor.addAdditionalSTORKAttributes(storkAssertion.getAttributeStatements().get(0).getAttributes());
+ moaSession.setExtendedSAMLAttributesOA(moaExtendedSAMLAttibutes);
+
+ //We don't have BKUURL, setting from null to "Not applicable"
+ moaSession.setBkuURL("Not applicable (STORK Authentication)");
+
+ Logger.debug("Starting to assemble MOA assertion");
+ //produce MOA-Assertion and artifact
+ String samlArtifactBase64 =
+ AuthenticationServer.getInstance().getForeignAuthenticationData(moaSessionID);
+ Logger.info("MOA assertion assembled and SAML Artifact generated.");
+
+ //redirect
+ String redirectURL = null;
+ if (!samlArtifactBase64.equals("Redirect to Input Processor")) {
+ redirectURL = moaSession.getOAURLRequested();
+ if (!moaSession.getBusinessService()) {
+ redirectURL = addURLParameter(redirectURL, PARAM_TARGET, URLEncoder.encode(moaSession.getTarget(), "UTF-8"));
+ }
+ redirectURL = addURLParameter(redirectURL, PARAM_SAMLARTIFACT, URLEncoder.encode(samlArtifactBase64, "UTF-8"));
+ redirectURL = response.encodeRedirectURL(redirectURL);
+ } else {
+ redirectURL = new DataURLBuilder().buildDataURL(moaSession.getAuthURL(), AuthenticationServer.REQ_PROCESS_VALIDATOR_INPUT, moaSession.getSessionID());
+ }
+ response.setContentType("text/html");
+ response.setStatus(302);
+ response.addHeader("Location", redirectURL);
+ Logger.info("REDIRECT TO: " + redirectURL);
+
+
+
+ } catch (AuthenticationException e) {
+ handleError(null, e, request, response);
+ } catch (MOAIDException e) {
+ handleError(null, e, request, response);
+ }
+
+ }
+
+}
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/StartAuthenticationServlet.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/StartAuthenticationServlet.java
index 355e85ce5..012ed4c14 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/StartAuthenticationServlet.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/StartAuthenticationServlet.java
@@ -26,6 +26,7 @@ package at.gv.egovernment.moa.id.auth.servlet;
import java.io.IOException;
import java.io.PrintWriter;
+import java.util.List;
import javax.servlet.ServletConfig;
import javax.servlet.ServletException;
@@ -33,18 +34,29 @@ import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import org.apache.commons.lang.StringEscapeUtils;
+import org.opensaml.saml2.metadata.RequestedAttribute;
import at.gv.egovernment.moa.id.AuthenticationException;
import at.gv.egovernment.moa.id.MOAIDException;
import at.gv.egovernment.moa.id.auth.AuthenticationServer;
import at.gv.egovernment.moa.id.auth.MOAIDAuthInitializer;
import at.gv.egovernment.moa.id.auth.WrongParametersException;
+import at.gv.egovernment.moa.id.auth.stork.STORKAuthnRequestProcessor;
import at.gv.egovernment.moa.id.config.auth.AuthConfigurationProvider;
import at.gv.egovernment.moa.id.config.auth.OAAuthParameter;
+import at.gv.egovernment.moa.id.config.stork.CPEPS;
+import at.gv.egovernment.moa.id.config.stork.STORKConfig;
+import at.gv.egovernment.moa.id.util.HTTPUtils;
import at.gv.egovernment.moa.id.util.MOAIDMessageProvider;
import at.gv.egovernment.moa.id.util.ParamValidatorUtils;
import at.gv.egovernment.moa.logging.Logger;
import at.gv.egovernment.moa.util.StringUtils;
+import eu.stork.mw.messages.saml.STORKAuthnRequest;
+import eu.stork.vidp.messages.builder.STORKMessagesBuilder;
+import eu.stork.vidp.messages.exception.SAMLException;
+import eu.stork.vidp.messages.exception.SAMLValidationException;
+import eu.stork.vidp.messages.stork.QualityAuthenticationAssuranceLevel;
+import eu.stork.vidp.messages.stork.RequestedAttributes;
/**
* Servlet requested for starting a MOA ID authentication session.
@@ -77,7 +89,7 @@ public class StartAuthenticationServlet extends AuthServlet {
protected void doGet(HttpServletRequest req, HttpServletResponse resp)
throws ServletException, IOException {
- Logger.debug("GET StartAuthentication");
+ Logger.debug("GET StartAuthentication");
String authURL = req.getScheme() + "://" + req.getServerName();
if ((req.getScheme().equalsIgnoreCase("https") && req.getServerPort()!=443) || (req.getScheme().equalsIgnoreCase("http") && req.getServerPort()!=80)) {
authURL = authURL.concat(":" + req.getServerPort());
@@ -91,6 +103,7 @@ public class StartAuthenticationServlet extends AuthServlet {
String templateURL = req.getParameter(PARAM_TEMPLATE);
String sessionID = req.getParameter(PARAM_SESSIONID);
String useMandate = req.getParameter(PARAM_USEMANDATE);
+ String ccc = req.getParameter(PARAM_CCC);
// escape parameter strings
target = StringEscapeUtils.escapeHtml(target);
@@ -100,11 +113,9 @@ public class StartAuthenticationServlet extends AuthServlet {
templateURL = StringEscapeUtils.escapeHtml(templateURL);
sessionID = StringEscapeUtils.escapeHtml(sessionID);
useMandate = StringEscapeUtils.escapeHtml(useMandate);
+ ccc = StringEscapeUtils.escapeHtml(ccc);
- resp.setHeader(HEADER_EXPIRES,HEADER_VALUE_EXPIRES);
- resp.setHeader(HEADER_PRAGMA,HEADER_VALUE_PRAGMA);
- resp.setHeader(HEADER_CACHE_CONTROL,HEADER_VALUE_CACHE_CONTROL);
- resp.addHeader(HEADER_CACHE_CONTROL,HEADER_VALUE_CACHE_CONTROL_IE);
+ setNoCachingHeadersInHttpRespone(req, resp);
try {
@@ -121,35 +132,56 @@ public class StartAuthenticationServlet extends AuthServlet {
throw new WrongParametersException("StartAuthentication", PARAM_USEMANDATE, "auth.12");
if (!ParamValidatorUtils.isValidSourceID(sourceID))
throw new WrongParametersException("StartAuthentication", PARAM_SOURCEID, "auth.12");
+ if (!ParamValidatorUtils.isValidCCC(ccc))
+ throw new WrongParametersException("StartAuthentication", PARAM_CCC, "auth.12");
+
+
OAAuthParameter oaParam =
AuthConfigurationProvider.getInstance().getOnlineApplicationParameter(oaURL);
if (oaParam == null)
throw new AuthenticationException("auth.00", new Object[] { oaURL });
-
+
// get target and target friendly name from config
String targetConfig = oaParam.getTarget();
- String targetFriendlyNameConfig = oaParam.getTargetFriendlyName();
+ String targetFriendlyNameConfig = oaParam.getTargetFriendlyName();
+
+ String targetFriendlyName = null;
+
+ if (StringUtils.isEmpty(targetConfig)) {
+ // no target attribut is given in OA config
+ // target is used from request
+ // check parameter
+ if (!ParamValidatorUtils.isValidTarget(target))
+ throw new WrongParametersException("StartAuthentication", PARAM_TARGET, "auth.12");
+ } else {
+ // use target from config
+ target = targetConfig;
+ targetFriendlyName = targetFriendlyNameConfig;
+ }
+
+ STORKConfig storkConfig = AuthConfigurationProvider.getInstance().getStorkConfig();
- String getIdentityLinkForm = null;
- if (StringUtils.isEmpty(targetConfig)) {
- // no target attribut is given in OA config
- // target is used from request
- // check parameter
- if (!ParamValidatorUtils.isValidTarget(target))
- throw new WrongParametersException("StartAuthentication", PARAM_TARGET, "auth.12");
+ Logger.info("Starting authentication for a citizen of country: " + (StringUtils.isEmpty(ccc) ? "AT" : ccc));
+ // STORK or normal authentication
+ if (storkConfig.isSTORKAuthentication(ccc)) {
+ //STORK authentication
+ Logger.trace("Found C-PEPS configuration for citizen of country: " + ccc);
+ Logger.debug("Starting STORK authentication");
- getIdentityLinkForm = AuthenticationServer.getInstance().startAuthentication(authURL, target, null, oaURL, templateURL, bkuURL, useMandate, sessionID, req.getScheme(), sourceID);
- }
- else {
- // use target from config
- getIdentityLinkForm = AuthenticationServer.getInstance().startAuthentication(authURL, targetConfig, targetFriendlyNameConfig, oaURL, templateURL, bkuURL, useMandate, sessionID, req.getScheme(), sourceID);
+ AuthenticationServer.startSTORKAuthentication(req, resp, ccc, oaURL, target, targetFriendlyName, authURL, sourceID);
+
+ } else {
+ //normal MOA-ID authentication
+ Logger.debug("Starting normal MOA-ID authentication");
+
+ String getIdentityLinkForm = AuthenticationServer.getInstance().startAuthentication(authURL, target, targetFriendlyName, oaURL, templateURL, bkuURL, useMandate, sessionID, req.getScheme(), sourceID);
+
+ resp.setContentType("text/html;charset=UTF-8");
+ PrintWriter out = new PrintWriter(resp.getOutputStream());
+ out.print(getIdentityLinkForm);
+ out.flush();
}
-
- resp.setContentType("text/html;charset=UTF-8");
- PrintWriter out = new PrintWriter(resp.getOutputStream());
- out.print(getIdentityLinkForm);
- out.flush();
Logger.debug("Finished GET StartAuthentication");
}
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/VerifyAuthenticationBlockServlet.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/VerifyAuthenticationBlockServlet.java
index f15f839d7..fbf700365 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/VerifyAuthenticationBlockServlet.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/VerifyAuthenticationBlockServlet.java
@@ -326,19 +326,6 @@ public class VerifyAuthenticationBlockServlet extends AuthServlet {
// handleError(null, e, req, resp);
// }
// }
- /**
- * Adds a parameter to a URL.
- * @param url the URL
- * @param paramname parameter name
- * @param paramvalue parameter value
- * @return the URL with parameter added
- */
- private static String addURLParameter(String url, String paramname, String paramvalue) {
- String param = paramname + "=" + paramvalue;
- if (url.indexOf("?") < 0)
- return url + "?" + param;
- else
- return url + "&" + param;
- }
+
}
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/stork/AssertionVerifier.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/stork/AssertionVerifier.java
new file mode 100644
index 000000000..7ffe59fd9
--- /dev/null
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/stork/AssertionVerifier.java
@@ -0,0 +1,56 @@
+/*
+ * Copyright 2011 by Graz University of Technology, Austria
+ * The Austrian STORK Modules have been developed by the E-Government
+ * Innovation Center EGIZ, a joint initiative of the Federal Chancellery
+ * Austria and Graz University of Technology.
+ *
+ * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by
+ * the European Commission - subsequent versions of the EUPL (the "Licence");
+ * You may not use this work except in compliance with the Licence.
+ * You may obtain a copy of the Licence at:
+ * http://www.osor.eu/eupl/
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the Licence is distributed on an "AS IS" basis,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the Licence for the specific language governing permissions and
+ * limitations under the Licence.
+ *
+ * This product combines work with different licenses. See the "NOTICE" text
+ * file for details on the various modules and licenses.
+ * The "NOTICE" text file is part of the distribution. Any derivative works
+ * that you distribute must include a readable copy of the "NOTICE" text file.
+ */
+
+
+/**
+ *
+ */
+package at.gv.egovernment.moa.id.auth.stork;
+
+import java.util.List;
+
+import org.opensaml.saml2.core.Assertion;
+import org.opensaml.saml2.metadata.RequestedAttribute;
+
+/**
+ * Interface to be implemented for verifying SAML assertions
+ *
+ * @author bzwattendorfer
+ *
+ */
+public interface AssertionVerifier {
+
+ /**
+ * Verifies a given assertion
+ * @param assertion SAML assertion
+ * @param reqIPAddress IP address of the client
+ * @param authnRequestID ID of the corresponding authentication request for verification
+ * @param recipient recipient for verification
+ * @param audience audience for verification
+ * @param reqAttrList RequestedAttribute list for verification
+ * @throws SecurityException
+ */
+ public void verify(Assertion assertion, String reqIPAddress, String authnRequestID, String recipient, String audience, List<RequestedAttribute> reqAttrList) throws SecurityException;
+
+}
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/stork/CredentialProvider.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/stork/CredentialProvider.java
new file mode 100644
index 000000000..b95ab6218
--- /dev/null
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/stork/CredentialProvider.java
@@ -0,0 +1,50 @@
+/*
+ * Copyright 2011 by Graz University of Technology, Austria
+ * The Austrian STORK Modules have been developed by the E-Government
+ * Innovation Center EGIZ, a joint initiative of the Federal Chancellery
+ * Austria and Graz University of Technology.
+ *
+ * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by
+ * the European Commission - subsequent versions of the EUPL (the "Licence");
+ * You may not use this work except in compliance with the Licence.
+ * You may obtain a copy of the Licence at:
+ * http://www.osor.eu/eupl/
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the Licence is distributed on an "AS IS" basis,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the Licence for the specific language governing permissions and
+ * limitations under the Licence.
+ *
+ * This product combines work with different licenses. See the "NOTICE" text
+ * file for details on the various modules and licenses.
+ * The "NOTICE" text file is part of the distribution. Any derivative works
+ * that you distribute must include a readable copy of the "NOTICE" text file.
+ */
+
+
+/**
+ *
+ */
+package at.gv.egovernment.moa.id.auth.stork;
+
+import org.opensaml.xml.security.credential.Credential;
+
+import eu.stork.vidp.messages.exception.SAMLException;
+
+/**
+ * Interface supporting different kinds of Credentials
+ *
+ * @author bzwattendorfer
+ *
+ */
+public interface CredentialProvider {
+
+ /**
+ * Gets appropriate credentials
+ * @return Credential object
+ * @throws SAMLException
+ */
+ public Credential getCredential() throws SAMLException;
+
+}
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/stork/KeyStoreCredentialProvider.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/stork/KeyStoreCredentialProvider.java
new file mode 100644
index 000000000..467210b4d
--- /dev/null
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/stork/KeyStoreCredentialProvider.java
@@ -0,0 +1,126 @@
+/*
+ * Copyright 2011 by Graz University of Technology, Austria
+ * The Austrian STORK Modules have been developed by the E-Government
+ * Innovation Center EGIZ, a joint initiative of the Federal Chancellery
+ * Austria and Graz University of Technology.
+ *
+ * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by
+ * the European Commission - subsequent versions of the EUPL (the "Licence");
+ * You may not use this work except in compliance with the Licence.
+ * You may obtain a copy of the Licence at:
+ * http://www.osor.eu/eupl/
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the Licence is distributed on an "AS IS" basis,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the Licence for the specific language governing permissions and
+ * limitations under the Licence.
+ *
+ * This product combines work with different licenses. See the "NOTICE" text
+ * file for details on the various modules and licenses.
+ * The "NOTICE" text file is part of the distribution. Any derivative works
+ * that you distribute must include a readable copy of the "NOTICE" text file.
+ */
+
+
+package at.gv.egovernment.moa.id.auth.stork;
+
+import java.security.KeyStore;
+import java.security.PrivateKey;
+import java.security.cert.X509Certificate;
+
+import org.opensaml.xml.security.credential.Credential;
+import org.opensaml.xml.security.x509.BasicX509Credential;
+import org.slf4j.Logger;
+import org.slf4j.LoggerFactory;
+
+import at.gv.egovernment.moa.util.KeyStoreUtils;
+import at.gv.egovernment.moa.util.StringUtils;
+import eu.stork.vidp.messages.exception.SAMLException;
+
+/**
+ * Provides credentials from a KeyStore
+ * @author bzwattendorfer
+ *
+ */
+public class KeyStoreCredentialProvider implements CredentialProvider {
+
+ private final static Logger log = LoggerFactory.getLogger(KeyStoreCredentialProvider.class);
+
+ /** KeyStore Path */
+ private String keyStorePath;
+
+ /** KeyStore Password */
+ private String keyStorePassword;
+
+ /** Specific Key Name as Credential */
+ private String keyName;
+
+ /** Key password */
+ private String keyPassword;
+
+ /**
+ * Creates a KeyStoreCredentialProvider object
+ * @param keyStorePath KeyStore Path
+ * @param keyStorePassword KeyStore Password
+ * @param keyName KeyName of the key to be retrieved
+ * @param keyPassword Password for the Key
+ */
+ public KeyStoreCredentialProvider(String keyStorePath,
+ String keyStorePassword, String keyName, String keyPassword) {
+ super();
+ this.keyStorePath = keyStorePath;
+ this.keyStorePassword = keyStorePassword;
+ this.keyName = keyName;
+ this.keyPassword = keyPassword;
+ }
+
+
+ /**
+ * Gets the credential object from the KeyStore
+ */
+ public Credential getCredential() throws SAMLException {
+ log.trace("Retrieving credentials for signing SAML Response.");
+
+ if (StringUtils.isEmpty(this.keyStorePath))
+ throw new SAMLException("No keyStorePath specified");
+
+ //KeyStorePassword optional
+ //if (StringUtils.isEmpty(this.keyStorePassword))
+ // throw new SAMLException("No keyStorePassword specified");
+
+ if (StringUtils.isEmpty(this.keyName))
+ throw new SAMLException("No keyName specified");
+
+ //KeyStorePassword optional
+ //if (StringUtils.isEmpty(this.keyPassword))
+ // throw new SAMLException("No keyPassword specified");
+
+ KeyStore ks;
+ try {
+ ks = KeyStoreUtils.loadKeyStore(this.keyStorePath, this.keyStorePassword);
+ } catch (Exception e) {
+ log.error("Failed to load keystore information", e);
+ throw new SAMLException(e);
+ }
+
+ //return new KeyStoreX509CredentialAdapter(ks, keyName, keyPwd.toCharArray());
+ BasicX509Credential credential = null;
+ try {
+ java.security.cert.X509Certificate certificate = (X509Certificate) ks.getCertificate(this.keyName);
+ PrivateKey privateKey = (PrivateKey) ks.getKey(this.keyName, this.keyPassword.toCharArray());
+ credential = new BasicX509Credential();
+ credential.setEntityCertificate(certificate);
+ credential.setPrivateKey(privateKey);
+
+ } catch (Exception e) {
+ log.error("Error retrieving signing credentials.", e);
+ throw new SAMLException(e);
+ }
+
+ return credential;
+
+ }
+
+
+}
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/stork/PEPSConnectorAssertionVerifier.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/stork/PEPSConnectorAssertionVerifier.java
new file mode 100644
index 000000000..3048ccbee
--- /dev/null
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/stork/PEPSConnectorAssertionVerifier.java
@@ -0,0 +1,241 @@
+/*
+ * Copyright 2011 by Graz University of Technology, Austria
+ * The Austrian STORK Modules have been developed by the E-Government
+ * Innovation Center EGIZ, a joint initiative of the Federal Chancellery
+ * Austria and Graz University of Technology.
+ *
+ * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by
+ * the European Commission - subsequent versions of the EUPL (the "Licence");
+ * You may not use this work except in compliance with the Licence.
+ * You may obtain a copy of the Licence at:
+ * http://www.osor.eu/eupl/
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the Licence is distributed on an "AS IS" basis,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the Licence for the specific language governing permissions and
+ * limitations under the Licence.
+ *
+ * This product combines work with different licenses. See the "NOTICE" text
+ * file for details on the various modules and licenses.
+ * The "NOTICE" text file is part of the distribution. Any derivative works
+ * that you distribute must include a readable copy of the "NOTICE" text file.
+ */
+
+
+/**
+ *
+ */
+package at.gv.egovernment.moa.id.auth.stork;
+
+import java.util.List;
+
+import org.joda.time.DateTime;
+import org.opensaml.saml2.core.Assertion;
+import org.opensaml.saml2.core.Attribute;
+import org.opensaml.saml2.core.Audience;
+import org.opensaml.saml2.core.AudienceRestriction;
+import org.opensaml.saml2.core.Conditions;
+import org.opensaml.saml2.core.SubjectConfirmation;
+import org.opensaml.saml2.core.SubjectConfirmationData;
+import org.opensaml.saml2.metadata.RequestedAttribute;
+
+import at.gv.egovernment.moa.logging.Logger;
+import eu.stork.vidp.messages.saml.STORKAttribute;
+import eu.stork.vidp.messages.util.SAMLUtil;
+
+/**
+ * Verifies the SAML assertion according to the STORK specification
+ * @author bzwattendorfer
+ *
+ */
+public class PEPSConnectorAssertionVerifier implements AssertionVerifier {
+
+ private static final int CLOCK_SKEW_MINUTES = 5;
+
+ private static final boolean IS_USERS_CLIENT_IP_ADDRESS_TO_VERIFY = false;
+
+ /* (non-Javadoc)
+ * @see eu.stork.mw.peps.connector.validation.AssertionVerifier#verifyAssertion(org.opensaml.saml2.core.Assertion, java.lang.String, java.lang.String, java.lang.String)
+ */
+ public void verify(Assertion assertion, String reqIPAddress,
+ String authnRequestID, String recipient, String audience, List<RequestedAttribute> reqAttrList) throws SecurityException {
+
+ //SAML assertion need not to be signed, skipping signature validation
+
+ verifySubjectConfirmation(assertion, reqIPAddress, authnRequestID, recipient);
+
+ Logger.debug("SubjectConfirmationData successfully verified");
+
+ verifyConditions(assertion, audience);
+
+ Logger.debug("Conditions successfully verified");
+ }
+
+
+ private void verifySubjectConfirmation(Assertion assertion, String reqAddress, String requestID, String recipient) throws SecurityException {
+ for (SubjectConfirmation sc : assertion.getSubject().getSubjectConfirmations()) {
+ verifySubjectConfirmationData(sc.getSubjectConfirmationData(), reqAddress, requestID, recipient);
+ }
+
+ }
+
+ private void verifySubjectConfirmationData(SubjectConfirmationData scData, String reqAddress, String requestID, String recipient) throws SecurityException {
+ //NotBefore not allowed in SSO profile
+ verifyNotOnOrAfter(scData.getNotOnOrAfter());
+
+ Logger.trace("NotOnOrAfter successfully verified");
+
+ if(IS_USERS_CLIENT_IP_ADDRESS_TO_VERIFY) {
+ verifyClientAddress(scData, reqAddress);
+ Logger.trace("User's client IP address successfully verified.");
+ } else {
+ Logger.warn("User's client IP address will not be verified.");
+ }
+
+ verifyRecipient(scData, recipient);
+ Logger.trace("Recipient successfully verified");
+
+ verifyInResponseTo(scData, requestID);
+ Logger.trace("InResponseTo successfully verified");
+
+ }
+
+ private void verifyNotBefore(DateTime notBefore) throws SecurityException {
+ if (notBefore.minusMinutes(CLOCK_SKEW_MINUTES).isAfterNow()) {
+ String msg = "Subject/Assertion not yet valid, Timestamp: ";
+ Logger.error(msg + notBefore);
+ throw new SecurityException(msg);
+ }
+
+ Logger.trace("Subject/Assertion already valid, notBefore: " + notBefore);
+
+ }
+
+ private void verifyNotOnOrAfter(DateTime notOnOrAfter) throws SecurityException {
+ if (notOnOrAfter.plusMinutes(CLOCK_SKEW_MINUTES).isBeforeNow()) {
+ String msg = "Subject/Assertion no longer valid.";
+ Logger.error(msg);
+ throw new SecurityException(msg);
+ }
+
+ Logger.trace("Subject/Assertion still valid, notOnOrAfter: " + notOnOrAfter);
+ }
+
+ private void verifyClientAddress(SubjectConfirmationData scData, String reqAddress) throws SecurityException {
+ if (!reqAddress.equals(scData.getAddress())) {
+ String msg = "Response coming from wrong Client-Address";
+ Logger.error("Response coming from wrong Client-Address " + reqAddress + ", expected " + scData.getAddress());
+ throw new SecurityException(msg);
+ }
+
+ }
+
+ private void verifyInResponseTo(SubjectConfirmationData scData, String requestID) throws SecurityException {
+ if (!scData.getInResponseTo().equals(requestID)) {
+ String msg = "Assertion issued for wrong request";
+ Logger.error(msg);
+ throw new SecurityException(msg);
+ }
+ }
+
+ private void verifyRecipient(SubjectConfirmationData scData, String reqRecipient) throws SecurityException {
+ if (!scData.getRecipient().equals(reqRecipient)) {
+ String msg = "Assertion intended for another recipient";
+ Logger.error("Assertion intended for recipient " + scData.getRecipient() + "but expected " + reqRecipient);
+ throw new SecurityException(msg);
+ }
+
+ }
+
+ private void verifyAudience(AudienceRestriction audienceRestriction, String reqAudience) throws SecurityException {
+ for (Audience audience : audienceRestriction.getAudiences()) {
+ if (audience.getAudienceURI().equals(reqAudience))
+ return;
+ }
+ String msg = "Assertion sent to wrong audience";
+ Logger.error("Assertion intended for wrong audience, expected " + reqAudience);
+ throw new SecurityException(msg);
+ }
+
+ private void verifyOneTimeUse(String assertionID) {
+ //not necessarily required to check since notBefore and notOnOrAfter are verified
+ //check response Store for already existing assertion
+
+ }
+
+ private void verifyConditions(Assertion assertion, String reqAudience) throws SecurityException {
+ Conditions conditions = assertion.getConditions();
+
+ verifyNotBefore(conditions.getNotBefore());
+ Logger.trace("NotBefore successfully verified");
+
+ verifyNotOnOrAfter(conditions.getNotOnOrAfter());
+ Logger.trace("NotOnOrAfter successfully verified");
+
+ verifyAudience(conditions.getAudienceRestrictions().get(0), reqAudience);
+
+ Logger.trace("Audience successfully verified");
+
+ }
+
+ public static void validateRequiredAttributes(
+ List<RequestedAttribute> reqAttrList,
+ List<Attribute> attrList)
+ throws STORKException {
+
+ Logger.debug("Starting required attribute validation");
+
+ if (reqAttrList == null || reqAttrList.isEmpty()) {
+ Logger.error("Requested Attributes list is empty.");
+ throw new STORKException("No attributes have been requested");
+ }
+
+ if (attrList == null || attrList.isEmpty()) {
+ Logger.error("STORK AttributeStatement is empty.");
+ throw new STORKException("No attributes have been received");
+ }
+
+ Logger.trace("These attributes have been requested and received: ");
+ int count = 0;
+ for (RequestedAttribute reqAttr : reqAttrList) {
+ Logger.trace("Requested attribute: " + reqAttr.getName() + " isRequired: " + reqAttr.isRequired());
+ for(Attribute attr : attrList) {
+ if (verifyRequestedAttribute(reqAttr, attr))
+ count++;
+ }
+ }
+
+ int numRequiredReqAttr = getNumberOfRequiredAttributes(reqAttrList);
+ Logger.trace("Number of requested required attributes: " + numRequiredReqAttr);
+ Logger.trace("Number of received required attributes: " + count);
+
+ if (count != numRequiredReqAttr) {
+ Logger.error("Not all required attributes have been received");
+ throw new STORKException("Not all required attributes have been received");
+ }
+ Logger.debug("Received all required attributes!");
+
+ }
+
+ private static boolean verifyRequestedAttribute(RequestedAttribute reqAttr, Attribute attr) {
+
+ if ((reqAttr.getName()).equals(attr.getName())) {
+ if (reqAttr.isRequired() && SAMLUtil.getStatusFromAttribute(attr).equals(STORKAttribute.ALLOWED_ATTRIBUTE_STATUS_AVAIL)) {
+ Logger.trace("Received required attribute " + attr.getName() + " status: " + SAMLUtil.getStatusFromAttribute(attr));
+ return true;
+ }
+ }
+ return false;
+ }
+
+ private static int getNumberOfRequiredAttributes(List<RequestedAttribute> reqAttrList) {
+ int count = 0;
+ for (RequestedAttribute reqAttr : reqAttrList)
+ if (reqAttr.isRequired()) count++;
+
+ return count;
+ }
+
+
+}
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/stork/PEPSConnectorResponseVerifier.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/stork/PEPSConnectorResponseVerifier.java
new file mode 100644
index 000000000..2deeb2aae
--- /dev/null
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/stork/PEPSConnectorResponseVerifier.java
@@ -0,0 +1,153 @@
+/*
+ * Copyright 2011 by Graz University of Technology, Austria
+ * The Austrian STORK Modules have been developed by the E-Government
+ * Innovation Center EGIZ, a joint initiative of the Federal Chancellery
+ * Austria and Graz University of Technology.
+ *
+ * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by
+ * the European Commission - subsequent versions of the EUPL (the "Licence");
+ * You may not use this work except in compliance with the Licence.
+ * You may obtain a copy of the Licence at:
+ * http://www.osor.eu/eupl/
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the Licence is distributed on an "AS IS" basis,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the Licence for the specific language governing permissions and
+ * limitations under the Licence.
+ *
+ * This product combines work with different licenses. See the "NOTICE" text
+ * file for details on the various modules and licenses.
+ * The "NOTICE" text file is part of the distribution. Any derivative works
+ * that you distribute must include a readable copy of the "NOTICE" text file.
+ */
+
+
+/**
+ *
+ */
+package at.gv.egovernment.moa.id.auth.stork;
+
+
+import org.w3c.dom.Element;
+
+import at.gv.egovernment.moa.id.BuildException;
+import at.gv.egovernment.moa.id.ParseException;
+import at.gv.egovernment.moa.id.ServiceException;
+import at.gv.egovernment.moa.id.auth.AuthenticationServer;
+import at.gv.egovernment.moa.id.auth.builder.VerifyXMLSignatureRequestBuilder;
+import at.gv.egovernment.moa.id.auth.data.VerifyXMLSignatureResponse;
+import at.gv.egovernment.moa.id.auth.invoke.SignatureVerificationInvoker;
+import at.gv.egovernment.moa.id.auth.parser.VerifyXMLSignatureResponseParser;
+import at.gv.egovernment.moa.id.config.ConfigurationException;
+import at.gv.egovernment.moa.id.config.auth.AuthConfigurationProvider;
+import at.gv.egovernment.moa.logging.Logger;
+import at.gv.egovernment.moa.util.Constants;
+import eu.stork.mw.messages.saml.STORKResponse;
+import eu.stork.vidp.messages.exception.SAMLValidationException;
+import eu.stork.vidp.messages.util.SAMLUtil;
+import eu.stork.vidp.messages.util.XMLUtil;
+
+/**
+ * Verifies the SMAL response according to the STORK specification
+ * @author bzwattendorfer
+ *
+ */
+public class PEPSConnectorResponseVerifier implements ResponseVerifier {
+
+
+ /* (non-Javadoc)
+ * @see eu.stork.mw.peps.connector.validation.ResponseVerifier#verify(org.opensaml.saml2.core.Response)
+ */
+ public void verify(STORKResponse response) throws SecurityException {
+
+ verifySignature(response);
+ Logger.debug("Signature of SAML response valid.");
+
+ verifyStandardValidation(response);
+
+ Logger.debug("SAML response format valid.");
+
+ }
+
+
+ private void verifySignature(STORKResponse response) throws SecurityException {
+ //validate Signature
+ try {
+ if (response.isSigned()) {
+
+ String trustProfileID = AuthConfigurationProvider.getInstance().getStorkConfig().getSignatureVerificationParameter().getTrustProfileID();
+
+ Logger.debug("Invoking MOA-SP with TrustProfileID: " + trustProfileID);
+
+ // builds a <VerifyXMLSignatureRequest> for a call of MOA-SP
+ Element domVerifyXMLSignatureRequest = new VerifyXMLSignatureRequestBuilder()
+ .build(XMLUtil.printXML(response.getDOM()).getBytes(), trustProfileID);
+
+ Logger.trace("VerifyXMLSignatureRequest for MOA-SP succesfully built");
+
+ Logger.trace("Calling MOA-SP");
+ // invokes the call
+ Element domVerifyXMLSignatureResponse = new SignatureVerificationInvoker()
+ .verifyXMLSignature(domVerifyXMLSignatureRequest);
+
+ // parses the <VerifyXMLSignatureResponse>
+ VerifyXMLSignatureResponse verifyXMLSignatureResponse = new VerifyXMLSignatureResponseParser(
+ domVerifyXMLSignatureResponse).parseData();
+
+ Logger.trace("Received VerifyXMLSignatureResponse from MOA-SP");
+
+ if (verifyXMLSignatureResponse.getSignatureCheckCode() != 0) {
+ String msg = "Signature of SAMLResponse not valid";
+ Logger.error(msg);
+ throw new SecurityException(msg);
+ }
+
+ Logger.debug("Signature of SAML response successfully verified");
+
+ if (verifyXMLSignatureResponse.getCertificateCheckCode() != 0) {
+ String msg = "Certificate of SAMLResponse not valid";
+ Logger.error(msg);
+ throw new SecurityException(msg);
+ }
+
+ Logger.debug("Signing certificate of SAML response succesfully verified");
+
+ } else {
+ String msg = "SAML Response is not signed.";
+ throw new SecurityException(msg);
+ }
+
+ } catch (ConfigurationException e) {
+ String msg = "Unable to load STORK configuration for STORK SAML Response signature verification.";
+ Logger.error(msg, e);
+ throw new SecurityException(msg, e);
+ } catch (ParseException e) {
+ String msg = "Unable to parse VerifyXMLSignature Request or Response.";
+ Logger.error(msg, e);
+ throw new SecurityException(msg, e);
+ } catch (BuildException e) {
+ String msg = "Unable to parse VerifyXMLSignature Request or Response.";
+ Logger.error(msg, e);
+ throw new SecurityException(msg, e);
+ } catch (ServiceException e) {
+ String msg = "Unable to invoke MOA-SP.";
+ Logger.error(msg, e);
+ throw new SecurityException(msg, e);
+ }
+
+ }
+
+ private void verifyStandardValidation(STORKResponse response) throws SecurityException {
+ try {
+ SAMLUtil.verifySAMLObjectStandardValidation(response, "saml2-core-schema-and-stork-validator");
+ } catch (SAMLValidationException e) {
+ String msg ="SAML Response received not valid.";
+ throw new SecurityException(msg, e);
+ }
+
+ }
+
+
+
+}
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/stork/ResponseVerifier.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/stork/ResponseVerifier.java
new file mode 100644
index 000000000..848937824
--- /dev/null
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/stork/ResponseVerifier.java
@@ -0,0 +1,44 @@
+/*
+ * Copyright 2011 by Graz University of Technology, Austria
+ * The Austrian STORK Modules have been developed by the E-Government
+ * Innovation Center EGIZ, a joint initiative of the Federal Chancellery
+ * Austria and Graz University of Technology.
+ *
+ * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by
+ * the European Commission - subsequent versions of the EUPL (the "Licence");
+ * You may not use this work except in compliance with the Licence.
+ * You may obtain a copy of the Licence at:
+ * http://www.osor.eu/eupl/
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the Licence is distributed on an "AS IS" basis,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the Licence for the specific language governing permissions and
+ * limitations under the Licence.
+ *
+ * This product combines work with different licenses. See the "NOTICE" text
+ * file for details on the various modules and licenses.
+ * The "NOTICE" text file is part of the distribution. Any derivative works
+ * that you distribute must include a readable copy of the "NOTICE" text file.
+ */
+
+
+package at.gv.egovernment.moa.id.auth.stork;
+
+import eu.stork.mw.messages.saml.STORKResponse;
+
+/**
+ * Interface to be implemented for SAML response verification
+ * @author bzwattendorfer
+ *
+ */
+public interface ResponseVerifier {
+
+ /**
+ * Verifies a STORK response
+ * @param response STORK response
+ * @throws SecurityException
+ */
+ public void verify(STORKResponse response) throws SecurityException;
+
+}
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/stork/STORKAuthnRequestProcessor.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/stork/STORKAuthnRequestProcessor.java
new file mode 100644
index 000000000..ff30919bc
--- /dev/null
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/stork/STORKAuthnRequestProcessor.java
@@ -0,0 +1,170 @@
+/**
+ *
+ */
+package at.gv.egovernment.moa.id.auth.stork;
+
+import javax.servlet.http.HttpServletRequest;
+import javax.servlet.http.HttpServletResponse;
+
+import org.apache.commons.lang.StringEscapeUtils;
+import org.apache.commons.lang.StringUtils;
+import org.apache.velocity.app.VelocityEngine;
+import org.opensaml.common.binding.BasicSAMLMessageContext;
+import org.opensaml.saml2.binding.encoding.HTTPPostEncoder;
+import org.opensaml.saml2.metadata.AssertionConsumerService;
+import org.opensaml.saml2.metadata.Endpoint;
+import org.opensaml.saml2.metadata.RequestedAttribute;
+import org.opensaml.ws.transport.http.HTTPOutTransport;
+import org.opensaml.ws.transport.http.HttpServletResponseAdapter;
+import org.opensaml.xml.security.credential.Credential;
+
+import at.gv.egovernment.moa.id.auth.servlet.PEPSConnectorServlet;
+import at.gv.egovernment.moa.id.util.HTTPUtils;
+import at.gv.egovernment.moa.logging.Logger;
+import eu.stork.mw.messages.saml.STORKAuthnRequest;
+import eu.stork.vidp.messages.builder.STORKMessagesBuilder;
+import eu.stork.vidp.messages.exception.SAMLException;
+import eu.stork.vidp.messages.exception.SAMLValidationException;
+import eu.stork.vidp.messages.stork.QualityAuthenticationAssuranceLevel;
+import eu.stork.vidp.messages.stork.RequestedAttributes;
+import eu.stork.vidp.messages.util.SAMLUtil;
+
+/**
+ * Class handling all necessary functionality for STORK AuthnRequest processing
+ *
+ * @author bzwattendorfer
+ *
+ */
+public class STORKAuthnRequestProcessor {
+
+ /**
+ * Creates a STORK AuthnRequest
+ * @param destination Destination URL
+ * @param acsURL Assertion Consumer Service URL
+ * @param providerName SP Provider Name
+ * @param issuerValue Issuer Name
+ * @param qaaLevel STORK QAALevel to be requested
+ * @param requestedAttributes Requested Attributes to be requested
+ * @param spSector Sp Sector
+ * @param spInstitution SP Institution
+ * @param spApplication SP Application
+ * @param spCountry SP Country
+ * @param textToBeSigned text to be included in signedDoc element
+ * @param mimeType mimeType for the text to be signed in signedDoc
+ * @return STORK AuthnRequest
+ */
+ public static STORKAuthnRequest generateSTORKAuthnRequest(
+ String destination,
+ String acsURL,
+ String providerName,
+ String issuerValue,
+ QualityAuthenticationAssuranceLevel qaaLevel,
+ RequestedAttributes requestedAttributes,
+ String spSector,
+ String spInstitution,
+ String spApplication,
+ String spCountry,
+ String textToBeSigned,
+ String mimeType) {
+
+
+ STORKAuthnRequest storkAuthnRequest =
+ STORKMessagesBuilder.buildSTORKAuthnRequest(
+ destination,
+ acsURL,
+ providerName,
+ issuerValue,
+ qaaLevel,
+ requestedAttributes,
+ spSector,
+ spInstitution,
+ spApplication,
+ spCountry);
+
+ STORKMessagesBuilder.buildAndAddSignatureRequestToAuthnRequest(storkAuthnRequest, textToBeSigned, mimeType, true);
+
+ Logger.debug("Added signedDoc attribute to STORK AuthnRequest");
+
+ return storkAuthnRequest;
+
+ }
+
+ /**
+ * Signs a STORK AuthnRequest
+ * @param storkAuthnRequest STORK AuthRequest to sign
+ * @param keyStorePath KeyStorePath to the signing key
+ * @param keyStorePassword KeyStore Password
+ * @param keyName Signing key name
+ * @param keyPassword Signing key password
+ * @return Signed STORK AuthnRequest
+ * @throws SAMLException
+ */
+ public static STORKAuthnRequest signSTORKAuthnRequest(
+ STORKAuthnRequest storkAuthnRequest,
+ String keyStorePath,
+ String keyStorePassword,
+ String keyName,
+ String keyPassword) throws SAMLException {
+
+ Logger.trace("Building Credential Provider for signing process");
+
+ CredentialProvider credentialProvider = new KeyStoreCredentialProvider(keyStorePath, keyStorePassword, keyName, keyPassword);
+
+ Credential credential = credentialProvider.getCredential();
+
+ Logger.trace("Credentials found");
+
+ SAMLUtil.signSAMLObject(storkAuthnRequest, credential);
+
+ return storkAuthnRequest;
+ }
+
+ /**
+ * Validates a STORK AuthnRequest
+ * @param storkAuthnRequest STORK AuthnRequest to validate
+ * @throws SAMLValidationException
+ */
+ public static void validateSTORKAuthnRequest(STORKAuthnRequest storkAuthnRequest) throws SAMLValidationException {
+
+ SAMLUtil.verifySAMLObjectStandardValidation(storkAuthnRequest, "saml2-core-schema-and-stork-validator");
+
+ }
+
+ /**
+ * Sends a STORK AuthnRequest (Endpoint taken out of AuthnRequest)
+ * @param request HttpServletRequest
+ * @param response HttpServletResponse
+ * @param storkAuthnRequest STORK AuthnRequest to send
+ * @throws Exception
+ */
+ public static void sendSTORKAuthnRequest(HttpServletRequest request, HttpServletResponse response, STORKAuthnRequest storkAuthnRequest) throws Exception {
+
+ Logger.trace("Create endpoint...");
+ Endpoint endpoint = STORKMessagesBuilder.buildSAMLObject(AssertionConsumerService.DEFAULT_ELEMENT_NAME);
+ endpoint.setBinding("urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST");
+ endpoint.setLocation(storkAuthnRequest.getDestination());
+
+
+ Logger.trace("Prepare SAMLMessageContext...");
+ HTTPOutTransport outTransport = new HttpServletResponseAdapter(response, request.isSecure());
+ BasicSAMLMessageContext<?, STORKAuthnRequest, ?> samlMessageContext = new BasicSAMLMessageContext();
+ samlMessageContext.setOutboundMessageTransport(outTransport);
+ samlMessageContext.setPeerEntityEndpoint(endpoint);
+
+ Logger.trace("Set STORK SAML AuthnRequest to SAMLMessageContext...");
+ samlMessageContext.setOutboundSAMLMessage(storkAuthnRequest);
+
+ Logger.trace("Initialize VelocityEngine...");
+
+ VelocityEngine velocityEngine = VelocityProvider.getClassPathVelocityEngine();
+
+// HTTPPostEncoder encoder = new HTTPPostEncoder(velocityEngine, "/templates/saml2-post-binding.vm");
+ HTTPPostEncoder encoder = new HTTPPostEncoder(velocityEngine, "/saml2-post-binding-moa.vm");
+
+ Logger.trace("HTTP-Post encode SAMLMessageContext...");
+ encoder.encode(samlMessageContext);
+ }
+
+
+
+}
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/stork/STORKException.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/stork/STORKException.java
new file mode 100644
index 000000000..5b737603b
--- /dev/null
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/stork/STORKException.java
@@ -0,0 +1,42 @@
+/**
+ *
+ */
+package at.gv.egovernment.moa.id.auth.stork;
+
+
+/**
+ * Exception thrown if error occurs in STORK processing
+ * @author bzwattendorfer
+ *
+ */
+public class STORKException extends Exception{
+
+ /**
+ *
+ */
+ private static final long serialVersionUID = 1L;
+
+ public STORKException() {
+ super();
+
+ }
+
+ public STORKException(String message, Throwable cause) {
+ super(message, cause);
+
+ }
+
+ public STORKException(String message) {
+ super(message);
+
+ }
+
+ public STORKException(Throwable cause) {
+ super(cause);
+
+ }
+
+
+
+
+}
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/stork/STORKResponseProcessor.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/stork/STORKResponseProcessor.java
new file mode 100644
index 000000000..c98ca87b9
--- /dev/null
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/stork/STORKResponseProcessor.java
@@ -0,0 +1,405 @@
+/**
+ *
+ */
+package at.gv.egovernment.moa.id.auth.stork;
+
+import iaik.x509.X509Certificate;
+
+import java.io.ByteArrayInputStream;
+import java.io.IOException;
+import java.io.InputStream;
+import java.security.cert.CertificateException;
+import java.security.cert.CertificateFactory;
+import java.util.List;
+import java.util.Vector;
+
+import javax.servlet.http.HttpServletRequest;
+import javax.servlet.http.HttpServletResponse;
+import javax.xml.namespace.QName;
+import javax.xml.transform.TransformerException;
+
+import org.opensaml.common.binding.BasicSAMLMessageContext;
+import org.opensaml.saml2.binding.decoding.HTTPPostDecoder;
+import org.opensaml.saml2.core.Assertion;
+import org.opensaml.saml2.core.Attribute;
+import org.opensaml.saml2.metadata.RequestedAttribute;
+import org.opensaml.saml2.metadata.SurName;
+import org.opensaml.ws.transport.http.HTTPInTransport;
+import org.opensaml.ws.transport.http.HTTPOutTransport;
+import org.opensaml.ws.transport.http.HttpServletRequestAdapter;
+import org.opensaml.ws.transport.http.HttpServletResponseAdapter;
+import org.opensaml.xml.XMLObject;
+import org.opensaml.xml.schema.XSAny;
+import org.opensaml.xml.schema.XSString;
+import org.opensaml.xml.util.Base64;
+import org.opensaml.xml.util.XMLHelper;
+import org.w3c.dom.Element;
+import org.w3c.dom.NodeList;
+
+import at.gv.egovernment.moa.id.ParseException;
+import at.gv.egovernment.moa.id.auth.AuthenticationServer;
+import at.gv.egovernment.moa.id.auth.data.ExtendedSAMLAttribute;
+import at.gv.egovernment.moa.id.auth.data.ExtendedSAMLAttributeImpl;
+import at.gv.egovernment.moa.id.auth.data.IdentityLink;
+import at.gv.egovernment.moa.id.auth.parser.IdentityLinkAssertionParser;
+import at.gv.egovernment.moa.id.auth.validator.parep.client.szrgw.CreateIdentityLinkResponse;
+import at.gv.egovernment.moa.id.auth.validator.parep.client.szrgw.SZRGWClientException;
+import at.gv.egovernment.moa.logging.Logger;
+import at.gv.egovernment.moa.util.Constants;
+import at.gv.egovernment.moa.util.DOMUtils;
+import at.gv.egovernment.moa.util.DateTimeUtils;
+import at.gv.egovernment.moa.util.StringUtils;
+import eu.stork.mw.messages.saml.STORKResponse;
+import eu.stork.vidp.messages.common.STORKConstants;
+import eu.stork.vidp.messages.util.SAMLUtil;
+import eu.stork.vidp.messages.util.XMLUtil;
+
+/**
+ *
+ * Handles all functionality for the processing of a STORK response
+ * @author bzwattendorfer
+ *
+ */
+public class STORKResponseProcessor {
+
+ /** OASIS DSS Namespace */
+ public static final String OASIS_DSS_NS = "urn:oasis:names:tc:dss:1.0:core:schema";
+
+ /** OASIS DSS Success Message */
+ public static final String OASIS_DSS_SUCCESS_MSG = "urn:oasis:names:tc:dss:1.0:resultmajor:Success";
+
+ /**
+ * Extracts a STORK response from a HTTP message
+ * @param request HttpServletRequest
+ * @param response HttpServletResponse
+ * @return STORK Response
+ * @throws STORKException
+ */
+ public static STORKResponse receiveSTORKRepsonse(HttpServletRequest request, HttpServletResponse response) throws STORKException {
+
+ HTTPInTransport httpInTransport = new HttpServletRequestAdapter(request);
+ HTTPOutTransport httpOutTransport = new HttpServletResponseAdapter(response, request.isSecure());
+
+ httpInTransport.getPeerAddress();
+
+ String samlResponseString = request.getParameter("SAMLResponse");
+
+ if (StringUtils.isEmpty(samlResponseString)) {
+ Logger.error("SAMLResponse not found in request.");
+ throw new STORKException("SAMLResponse not found in request.");
+ }
+
+ BasicSAMLMessageContext samlMessageContext = new BasicSAMLMessageContext();
+
+ samlMessageContext.setInboundMessageTransport(httpInTransport);
+ samlMessageContext.setOutboundMessageTransport(httpOutTransport);
+
+ HTTPPostDecoder postDecoder = new HTTPPostDecoder();
+
+ try {
+ postDecoder.decode(samlMessageContext);
+ } catch (Exception e) {
+ Logger.error("Error decoding SAMLResponse message", e);
+ throw new STORKException("Error decoding SAMLResponse message", e);
+ }
+
+ if (!(samlMessageContext.getInboundSAMLMessage() instanceof STORKResponse)) {
+ Logger.error("Message received is not a SAMLResponse message");
+ throw new STORKException("Message received is not a SAMLResponse message");
+ }
+
+ STORKResponse samlResponse = (STORKResponse) samlMessageContext.getInboundSAMLMessage();
+
+ return samlResponse;
+ }
+
+ /**
+ * Verifies a STORK response according STORK specification
+ * @param storkResponse STORK Response to verify
+ * @throws STORKException if validation fails
+ */
+ public static void verifySTORKResponse(STORKResponse storkResponse) throws STORKException {
+
+ ResponseVerifier responseVerifier = new PEPSConnectorResponseVerifier();
+ try {
+ responseVerifier.verify(storkResponse);
+ } catch (SecurityException e) {
+ Logger.error("Error validating response message from PEPS.", e);
+ throw new STORKException("Error validating response message from PEPS.");
+ }
+
+ }
+
+ /**
+ * Verifies a STORK assertion
+ * @param assertion STORK assertion
+ * @param ipAddress Client IP address
+ * @param authnRequestID ID of the AuthnRequest
+ * @param recipient recipient for verification
+ * @param audience audience for verification
+ * @param reqAttributeList RequestedAttribute list for verification
+ * @throws STORKException
+ */
+ public static void verifySTORKAssertion(
+ Assertion assertion,
+ String ipAddress,
+ String authnRequestID,
+ String recipient,
+ String audience,
+ List<RequestedAttribute> reqAttributeList) throws STORKException {
+
+ //validate Assertion
+ AssertionVerifier assertionVerifier = new PEPSConnectorAssertionVerifier();
+ try {
+ assertionVerifier.verify(assertion, ipAddress, authnRequestID, recipient, audience, reqAttributeList);
+
+ //verify if all required attributes are present
+ PEPSConnectorAssertionVerifier.validateRequiredAttributes(reqAttributeList, assertion.getAttributeStatements().get(0).getAttributes());
+
+ } catch (SecurityException e) {
+ Logger.error("Error verifying assertion from PEPS", e);
+ throw new STORKException("Error validating assertion received from PEPS.");
+ }
+
+ }
+
+ /**
+ * Extracts the citizen signature from the signedDoc element present in the STORK assertion
+ * @param storkAssertion STORK assertion
+ * @return citizen signature as XML
+ * @throws STORKException
+ */
+ public static Element extractCitizenSignature(Assertion storkAssertion) throws STORKException {
+
+ Logger.debug("Processing DSS signature response from PEPS");
+
+ Element signatureResponse = getSignedDocAttributeValue(storkAssertion);
+
+ if (signatureResponse == null) {
+ String msg = "Could not find DSS signature response in SAML assertion";
+ Logger.error(msg);
+ throw new STORKException(msg);
+ }
+
+ Logger.debug("Found DSS signature in SAML assertion");
+
+ Logger.debug("DSS Signature creation response received from PEPS (pretty print):");
+ Logger.debug(XMLHelper.prettyPrintXML(signatureResponse));
+ Logger.trace("DSS Signature creation response received from PEPS (original):");
+ Logger.trace(XMLUtil.printXML(signatureResponse));
+
+ Element signature = getSignature(signatureResponse);
+
+ if (signature == null) {
+ String msg = "Could not find citizen signature in SAML assertion";
+ Logger.error(msg);
+ throw new STORKException(msg);
+ }
+
+ Logger.debug("Found foreign citizen signature in SAML assertion (pretty print):");
+ Logger.debug(XMLHelper.prettyPrintXML(signature));
+ Logger.trace("Found foreign citizen signature in SAML assertion (original):");
+ Logger.trace(XMLUtil.printXML(signature));
+
+ return signature;
+ }
+
+ /**
+ * Extracts the signedDoc attribute from a STORK assertion as XML
+ * @param storkAssertion STORK assertion
+ * @return Value of signedDoc attribute
+ * @throws STORKException
+ */
+ private static Element getSignedDocAttributeValue(Assertion storkAssertion) throws STORKException {
+
+ XMLObject xmlObj = SAMLUtil.getAttributeValue(storkAssertion.getAttributeStatements().get(0).getAttributes(), STORKConstants.STORK_ATTRIBUTE_SIGNEDDOC);
+
+
+ if (xmlObj instanceof XSAny)
+ return getSignedDocAttributeValueFromAny((XSAny) xmlObj);
+ else if (xmlObj instanceof XSString)
+ return getSignedDocAttributValueFromString((XSString) xmlObj);
+ else
+ return null;
+
+ }
+
+ /**
+ * Get signedDoc as XML if provided as anyType
+ * @param any AttributeValue as anyType
+ * @return signedDoc as XML
+ */
+ private static Element getSignedDocAttributeValueFromAny(XSAny any) {
+ if (!any.getUnknownXMLObjects(new QName(OASIS_DSS_NS, "SignResponse")).isEmpty()) {
+ XMLObject xmlObj = any.getUnknownXMLObjects(new QName(OASIS_DSS_NS, "SignResponse")).get(0);
+ return xmlObj.getDOM();
+ } else {
+ return null;
+ }
+ }
+
+ /**
+ * Get signedDoc as XML if provided as String
+ * @param string AttributeValue as String
+ * @return signedDoc as XML
+ * @throws STORKException
+ */
+ private static Element getSignedDocAttributValueFromString(XSString string) throws STORKException {
+ try {
+ return XMLUtil.stringToDOM(string.getValue());
+ } catch (Exception e) {
+ Logger.error("Error building DOM", e);
+ throw new STORKException(e);
+
+ }
+ }
+
+ /**
+ * Extracts the signature value out of a DSS response
+ * @param signatureResponse DSS signature response
+ * @return signature
+ * @throws STORKException
+ */
+ private static Element getSignature(Element signatureResponse) throws STORKException {
+
+ NodeList nList = signatureResponse.getElementsByTagNameNS(OASIS_DSS_NS, "ResultMajor");
+
+ String resultMajor = XMLUtil.getFirstTextValueFromNodeList(nList);
+
+ if (StringUtils.isEmpty(resultMajor)) {
+ String msg = "DSS response not correct, ResultMajor element missing.";
+ Logger.error(msg);
+ throw new STORKException(msg);
+ }
+
+ Logger.trace("ResultMajor of DSS response: " + resultMajor);
+
+ if (!OASIS_DSS_SUCCESS_MSG.equals(resultMajor)) {
+ String msg = "DSS response not correct, ResultMajor is " + resultMajor;
+ Logger.error(msg);
+ throw new STORKException(msg);
+ }
+
+ NodeList nList2 = signatureResponse.getElementsByTagNameNS(OASIS_DSS_NS, "Base64Signature");;
+
+ String base64SigString = XMLUtil.getFirstTextValueFromNodeList(nList2);
+
+ if (StringUtils.isEmpty(base64SigString)) {
+ String msg = "DSS response not correct, Base64Signature element missing.";
+ Logger.error(msg);
+ throw new STORKException(msg);
+ }
+
+ Logger.trace("Base64Signature element of DSS response: " + base64SigString);
+
+ String sigString = new String(Base64.decode(base64SigString));
+
+ try {
+ return XMLUtil.stringToDOM(sigString);
+ } catch (Exception e) {
+ String msg = "Unable to extract signature from DSS response";
+ Logger.error(msg);
+ throw new STORKException(msg);
+ }
+
+
+ }
+
+ /**
+ * Handels connection to SZR-GW and returns Identity Link on success
+ * @param citizenSignature Citizen signature
+ * @param attributeList Received attribute List in assertion
+ * @return Identity Link
+ * @throws STORKException
+ */
+ public static IdentityLink connectToSZRGateway(Element citizenSignature, List<Attribute> attributeList) throws STORKException {
+ Logger.trace("Calling SZR Gateway with the following attributes:");
+
+ String fiscalNumber = SAMLUtil.getAttributeStringValue(attributeList, STORKConstants.STORK_ATTRIBUTE_FISCALNUMBER);
+ Logger.trace(STORKConstants.STORK_ATTRIBUTE_FISCALNUMBER + " : " + fiscalNumber);
+
+ String givenName = SAMLUtil.getAttributeStringValue(attributeList, STORKConstants.STORK_ATTRIBUTE_GIVENNAME);
+ Logger.trace(STORKConstants.STORK_ATTRIBUTE_GIVENNAME+ " : " + givenName);
+
+ String lastName = SAMLUtil.getAttributeStringValue(attributeList, STORKConstants.STORK_ATTRIBUTE_SURNAME);
+ Logger.trace(STORKConstants.STORK_ATTRIBUTE_SURNAME+ " : " + lastName);
+
+ String dateOfBirth = SAMLUtil.getAttributeStringValue(attributeList, STORKConstants.STORK_ATTRIBUTE_DATEOFBIRTH);
+ Logger.trace(STORKConstants.STORK_ATTRIBUTE_DATEOFBIRTH + " : " + dateOfBirth);
+
+ if (!StringUtils.isEmpty(dateOfBirth)) {
+ dateOfBirth = DateTimeUtils.formatPEPSDateToMOADate(dateOfBirth);
+ }
+
+ CreateIdentityLinkResponse response;
+ IdentityLink identityLink = null;
+ try {
+ Logger.trace("Starting call...");
+ response = AuthenticationServer.getInstance().getIdentityLink(fiscalNumber, givenName, lastName, dateOfBirth, citizenSignature);
+ if (response.isError()) {
+ Logger.error("Receveid ErrorResponse from SZR Gateway.");
+ throw new SZRGWClientException(response.getError());
+ }
+ else {
+ Logger.trace("Receveid Success Response from SZR Gateway.");
+ Element samlAssertion = response.getAssertion();
+
+ IdentityLinkAssertionParser ilParser = new IdentityLinkAssertionParser(samlAssertion);
+ identityLink = ilParser.parseIdentityLink();
+
+
+ Logger.debug("Received Identity Link from SZR Gateway");
+ //TODO: is this ok?
+// if (StringUtils.isEmpty(identityLink.getDateOfBirth())) {
+// identityLink.setDateOfBirth("9999-12-31");
+// }
+
+ }
+ } catch (SZRGWClientException e) {
+ Logger.error("Error connecting SZR-Gateway: ", e);
+ throw new STORKException("Error connecting SZR-Gateway: ", e);
+ } catch (ParseException e) {
+ Logger.error("Error parsing IdentityLink received from SZR-Gateway: ", e);
+ throw new STORKException("Error parsing IdentityLink received from SZR-Gateway: ", e);
+ }
+
+ return identityLink;
+
+ }
+
+
+ /**
+ * Transforms additional STORK attributes to MOA Extended attributes
+ * @param storkAttributeList STORK attribute list
+ * @return
+ */
+ public static List<ExtendedSAMLAttribute> addAdditionalSTORKAttributes(List<Attribute> storkAttributeList) {
+ List<ExtendedSAMLAttribute> moaExtendedSAMLAttributeList = new Vector<ExtendedSAMLAttribute>();
+
+ Logger.trace("Adding the following attributes to MOA assertion: ");
+ int count = 0;
+ //only add attributes different than eIdentifier, given name, surname, dateOfBirth, signedDoc
+ for (Attribute attribute : storkAttributeList) {
+ //attribute is not in default returned attribute set
+ if (!STORKConstants.DEFAULT_STORK_RETURNED_ATTRIBUTE_SET.contains(attribute.getName())) {
+
+ String attributeValue = null;
+ if (!attribute.getAttributeValues().isEmpty()) {
+ //we have attribute value
+ attributeValue = SAMLUtil.getStringValueFromXMLObject(attribute.getAttributeValues().get(0));
+ }
+ ExtendedSAMLAttribute extendedSAMLAttribute =
+ new ExtendedSAMLAttributeImpl(attribute.getName(), attributeValue, Constants.STORK_NS_URI, 0);
+ moaExtendedSAMLAttributeList.add(extendedSAMLAttribute);
+ count++;
+ Logger.trace("Additional attribute: " + attribute.getName());
+ }
+ }
+
+
+ Logger.debug("Added " + count + " STORK attribute(s) to the MOA assertion.");
+
+ return moaExtendedSAMLAttributeList;
+ }
+
+}
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/stork/VelocityProvider.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/stork/VelocityProvider.java
new file mode 100644
index 000000000..29478718f
--- /dev/null
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/stork/VelocityProvider.java
@@ -0,0 +1,88 @@
+/*
+ * Copyright 2011 by Graz University of Technology, Austria
+ * The Austrian STORK Modules have been developed by the E-Government
+ * Innovation Center EGIZ, a joint initiative of the Federal Chancellery
+ * Austria and Graz University of Technology.
+ *
+ * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by
+ * the European Commission - subsequent versions of the EUPL (the "Licence");
+ * You may not use this work except in compliance with the Licence.
+ * You may obtain a copy of the Licence at:
+ * http://www.osor.eu/eupl/
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the Licence is distributed on an "AS IS" basis,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the Licence for the specific language governing permissions and
+ * limitations under the Licence.
+ *
+ * This product combines work with different licenses. See the "NOTICE" text
+ * file for details on the various modules and licenses.
+ * The "NOTICE" text file is part of the distribution. Any derivative works
+ * that you distribute must include a readable copy of the "NOTICE" text file.
+ */
+
+
+/**
+ *
+ */
+package at.gv.egovernment.moa.id.auth.stork;
+
+import org.apache.velocity.app.VelocityEngine;
+import org.apache.velocity.runtime.RuntimeConstants;
+
+/**
+ * Gets a Velocity Engine
+ *
+ * @author bzwattendorfer
+ *
+ */
+public class VelocityProvider {
+
+ /**
+ * Gets velocityEngine from Classpath
+ * @return VelocityEngine
+ * @throws Exception
+ */
+ public static VelocityEngine getClassPathVelocityEngine() throws Exception {
+ VelocityEngine velocityEngine = getBaseVelocityEngine();
+ velocityEngine.setProperty(RuntimeConstants.RESOURCE_LOADER, "classpath");
+ velocityEngine.setProperty("classpath.resource.loader.class",
+ "org.apache.velocity.runtime.resource.loader.ClasspathResourceLoader");
+
+ velocityEngine.init();
+
+ return velocityEngine;
+ }
+
+ /**
+ * Gets VelocityEngine from File
+ * @param rootPath File Path to template file
+ * @return VelocityEngine
+ * @throws Exception
+ */
+ public static VelocityEngine getFileVelocityEngine(String rootPath) throws Exception {
+ VelocityEngine velocityEngine = getBaseVelocityEngine();
+ velocityEngine.setProperty(RuntimeConstants.RESOURCE_LOADER, "file");
+ velocityEngine.setProperty("file.resource.loader.class",
+ "org.apache.velocity.runtime.resource.loader.FileResourceLoader");
+ velocityEngine.setProperty("file.resource.loader.path", rootPath);
+
+ velocityEngine.init();
+
+ return velocityEngine;
+ }
+
+ /**
+ * Gets a basic VelocityEngine
+ * @return VelocityEngine
+ */
+ private static VelocityEngine getBaseVelocityEngine() {
+ VelocityEngine velocityEngine = new VelocityEngine();
+ velocityEngine.setProperty(RuntimeConstants.ENCODING_DEFAULT, "UTF-8");
+ velocityEngine.setProperty(RuntimeConstants.OUTPUT_ENCODING, "UTF-8");
+
+ return velocityEngine;
+ }
+
+}
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/ConfigurationBuilder.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/ConfigurationBuilder.java
index c719484fa..13e7cb0f1 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/ConfigurationBuilder.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/ConfigurationBuilder.java
@@ -24,12 +24,13 @@
package at.gv.egovernment.moa.id.config;
-import iaik.ixsil.util.Utils;
import iaik.pki.pathvalidation.ChainingModes;
import iaik.utils.RFC2253NameParser;
import iaik.utils.RFC2253NameParserException;
import java.math.BigInteger;
+import java.net.MalformedURLException;
+import java.net.URL;
import java.security.Principal;
import java.util.ArrayList;
import java.util.HashMap;
@@ -39,20 +40,23 @@ import java.util.List;
import java.util.Map;
import java.util.Vector;
+import org.opensaml.saml2.metadata.RequestedAttribute;
+import org.opensaml.ws.message.encoder.MessageEncodingException;
import org.w3c.dom.Attr;
import org.w3c.dom.Element;
import org.w3c.dom.Node;
import org.w3c.dom.NodeList;
import org.w3c.dom.traversal.NodeIterator;
-import com.sun.xml.internal.fastinfoset.stax.events.Util;
-
import at.gv.egovernment.moa.id.auth.MOAIDAuthConstants;
import at.gv.egovernment.moa.id.auth.data.Schema;
import at.gv.egovernment.moa.id.auth.data.SchemaImpl;
import at.gv.egovernment.moa.id.config.auth.OAAuthParameter;
import at.gv.egovernment.moa.id.config.auth.VerifyInfoboxParameter;
import at.gv.egovernment.moa.id.config.auth.VerifyInfoboxParameters;
+import at.gv.egovernment.moa.id.config.stork.CPEPS;
+import at.gv.egovernment.moa.id.config.stork.SignatureCreationParameter;
+import at.gv.egovernment.moa.id.config.stork.SignatureVerificationParameter;
import at.gv.egovernment.moa.id.data.IssuerAndSerial;
import at.gv.egovernment.moa.id.util.MOAIDMessageProvider;
import at.gv.egovernment.moa.logging.Logger;
@@ -63,6 +67,12 @@ import at.gv.egovernment.moa.util.FileUtils;
import at.gv.egovernment.moa.util.StringUtils;
import at.gv.egovernment.moa.util.XPathException;
import at.gv.egovernment.moa.util.XPathUtils;
+import eu.stork.vidp.messages.builder.STORKMessagesBuilder;
+import eu.stork.vidp.messages.common.STORKConstants;
+import eu.stork.vidp.messages.stork.QualityAuthenticationAssuranceLevel;
+import eu.stork.vidp.messages.stork.RequestedAttributes;
+import eu.stork.vidp.messages.util.SAMLUtil;
+import eu.stork.vidp.messages.util.XMLUtil;
/**
* A class that builds configuration data from a DOM based representation.
@@ -80,6 +90,12 @@ public class ConfigurationBuilder {
protected static final String CONF = Constants.MOA_ID_CONFIG_PREFIX + ":";
/** an XPATH-Expression */
protected static final String DSIG = Constants.DSIG_PREFIX + ":";
+
+ /** an XPATH-Expression */
+ protected static final String STORK = Constants.STORK_PREFIX + ":";
+
+ /** an XPATH-Expression */
+ protected static final String STORKP= Constants.STORKP_PREFIX + ":";
//
// chaining mode constants appearing in the configuration file
@@ -220,8 +236,58 @@ public class ConfigurationBuilder {
protected static final String VERIFY_INFOBOXES_INFOBOX_XPATH = CONF + "Infobox";
+ /** STORK Config XPATH-Expression */
+ public static final String AUTH_FOREIGN_IDENTITIES_STORK_CPEPS =
+ ROOT + CONF + "AuthComponent/" + CONF + "ForeignIdentities/" + CONF + "STORK/" + CONF + "C-PEPS";
+
+ /** STORK Config AttributeName */
+ public static final String AUTH_FOREIGN_IDENTITIES_STORK_CPEPS_COUNTRY_CODE = "countryCode";
+
+ /** STORK Config AttributeName */
+ public static final String AUTH_FOREIGN_IDENTITIES_STORK_CPEPS_URL = "URL";
+
+ /** STORK Config XPATH-Expression */
+ public static final String AUTH_FOREIGN_IDENTITIES_STORK_SIGNATURE_CREATION_PARAMETER =
+ ROOT + CONF + "AuthComponent/" + CONF + "ForeignIdentities/" + CONF + "STORK/" + CONF + "SAMLSigningParameter/" +
+ CONF + "SignatureCreationParameter" ;
+
+ /** STORK Config XPATH-Expression */
+ public static final String AUTH_FOREIGN_IDENTITIES_STORK_CPEPS_REQUESTED_ATTRIBUTES =
+ STORK + "RequestedAttribute";
+
+ /** STORK Config XPATH-Expression */
+ public static final String AUTH_FOREIGN_IDENTITIES_STORK_SIGNATURE_VERIFICATION_PARAMETER =
+ ROOT + CONF + "AuthComponent/" + CONF + "ForeignIdentities/" + CONF + "STORK/" + CONF + "SAMLSigningParameter/" +
+ CONF + "SignatureVerificationParameter";
+
+ /** STORK Config XPATH-Expression */
+ public static final String AUTH_FOREIGN_IDENTITIES_STORK_KEYSTORE =
+ CONF + "KeyStore";
+
+ /** STORK Config XPATH-Expression */
+ public static final String AUTH_FOREIGN_IDENTITIES_STORK_KEYNAME =
+ CONF + "KeyName";
+
+ /** STORK Config XPATH-Expression */
+ public static final String AUTH_FOREIGN_IDENTITIES_STORK_KEYSTORE_PASSWORD =
+ CONF + "KeyStore/@password";
+
+ /** STORK Config XPATH-Expression */
+ public static final String AUTH_FOREIGN_IDENTITIES_STORK_KEYNAME_PASSWORD =
+ CONF + "KeyName/@password";
+
+ /** STORK Config XPATH-Expression */
+ public static final String AUTH_FOREIGN_IDENTITIES_STORK_TRUSTPROFILE_ID =
+ CONF + "TrustProfileID";
+ /** STORK Config XPATH-Expression */
+ public static final String OA_AUTH_COMPONENT_STORK_QAA =
+ CONF + "STORK/" + STORK + "QualityAuthenticationAssuranceLevel";
+ /** STORK Config XPATH-Expression */
+ public static final String OA_AUTH_COMPONENT_STORK_REQUESTED_ATTRIBUTE =
+ CONF + "STORK/" + STORKP + "RequestedAttributes/" + STORK + "RequestedAttribute";
+
/**
* main configuration file directory name used to configure MOA-ID
*/
@@ -615,6 +681,32 @@ public class ConfigurationBuilder {
oap.setMandateProfiles(profiles);
}
}
+
+ //add STORK Configuration specific to OA (RequestedAttributes, QAALevel)
+ QualityAuthenticationAssuranceLevel qaaLevel = buildOaSTORKQAALevel(authComponent);
+ if (qaaLevel != null) {
+ oap.setQaaLevel(qaaLevel);
+ Logger.debug("Using non-MOA-default STORK QAALevel for this OA " + "(" + oap.getPublicURLPrefix() + "): " + qaaLevel.getValue());
+ }
+
+ RequestedAttributes additionalRequestedAttributes = buildOaSTORKRequestedAttributes(authComponent);
+
+ if(!additionalRequestedAttributes.getRequestedAttributes().isEmpty()) {
+ //we have additional STORK attributes to request for this OA
+ Logger.debug("Using non-MOA-default STORK RequestedAttributes for this OA " + "(" + oap.getPublicURLPrefix() + "): ");
+ for (RequestedAttribute addReqAttr : additionalRequestedAttributes.getRequestedAttributes()) {
+ if (!SAMLUtil.containsAttribute(oap.getRequestedAttributes().getRequestedAttributes(),addReqAttr.getName())) {
+ addReqAttr.detach();
+ oap.getRequestedAttributes().getRequestedAttributes().add(addReqAttr);
+ Logger.debug("Requesting additional attribute: " + addReqAttr.getName() + ", isRequired: " + addReqAttr.isRequired());
+ }
+ }
+
+ } else {
+ //do nothing, only request default attributes
+ }
+
+
}
OA_set.add(oap);
}
@@ -633,7 +725,7 @@ public class ConfigurationBuilder {
*/
private int buildConditionLength(String length) {
- if (Util.isEmptyString(length))
+ if (StringUtils.isEmpty(length))
return -1;
else
return new Integer(length).intValue();
@@ -1035,6 +1127,228 @@ public class ConfigurationBuilder {
return new VerifyInfoboxParameters(defaultIdentifiers, infoboxParameters);
}
}
+
+ /**
+ * Creates a SignatureCreationParameter object from the MOA-ID configuration
+ * This configuration object contains KeyStore and Key data for signature creation (STORK SAML Signature Creation).
+ *
+ * @return KeyStore and Key data for signature creation (STORK SAML Signature Creation)
+ */
+ public SignatureCreationParameter buildSTORKSignatureCreationParameter() {
+
+ Logger.debug("Loading STORK signature creation parameters.");
+
+ Element signatureCreationParameterElement = (Element)XPathUtils.selectSingleNode(configElem_, AUTH_FOREIGN_IDENTITIES_STORK_SIGNATURE_CREATION_PARAMETER);
+ if (signatureCreationParameterElement == null) {
+ Logger.debug("No STORK signature parameters found, " + AUTH_FOREIGN_IDENTITIES_STORK_SIGNATURE_CREATION_PARAMETER + "is missing.");
+ return null;
+ }
+
+ SignatureCreationParameter signatureCreationParameter = new SignatureCreationParameter();
+
+ Element keyStoreElement = (Element)XPathUtils.selectSingleNode(signatureCreationParameterElement, AUTH_FOREIGN_IDENTITIES_STORK_KEYSTORE);
+ if (keyStoreElement==null) {
+ Logger.error(AUTH_FOREIGN_IDENTITIES_STORK_KEYSTORE + "is missing.");
+ return null;
+ }
+
+ Element keyNameElement = (Element)XPathUtils.selectSingleNode(signatureCreationParameterElement, AUTH_FOREIGN_IDENTITIES_STORK_KEYNAME);
+ if (keyNameElement==null) {
+ Logger.error(AUTH_FOREIGN_IDENTITIES_STORK_KEYNAME + "is missing.");
+ return null;
+ }
+
+ String keyStorePath = DOMUtils.getText(keyStoreElement);
+ if (StringUtils.isEmpty(keyStorePath)) {
+ Logger.error("No KeyStorePath for STORK SAML Signing Certificate provided!");
+ return null;
+ }
+ signatureCreationParameter.setKeyStorePath(FileUtils.makeAbsoluteURL(keyStorePath, rootConfigFileDir_));
+ Logger.trace("Found KeyStorePath for STORK SAML Signing Certificate: " + keyStorePath);
+
+ String keyStorePassword = XPathUtils.getAttributeValue(signatureCreationParameterElement, AUTH_FOREIGN_IDENTITIES_STORK_KEYSTORE_PASSWORD, "");
+ signatureCreationParameter.setKeyStorePassword(keyStorePassword);
+
+ String keyName = DOMUtils.getText(keyNameElement);
+ if (StringUtils.isEmpty(keyName)) {
+ Logger.warn(AUTH_FOREIGN_IDENTITIES_STORK_KEYSTORE_PASSWORD + "is missing.");
+ return null;
+ }
+ signatureCreationParameter.setKeyName(keyName);
+ Logger.trace("Found KeyName for STORK SAML Signing Certificate: " + keyName);
+
+ String keyPassword = XPathUtils.getAttributeValue(signatureCreationParameterElement, AUTH_FOREIGN_IDENTITIES_STORK_KEYNAME_PASSWORD, "");
+ signatureCreationParameter.setKeyPassword(keyPassword);
+
+ Logger.info("STORK signature creation parameters loaded.");
+
+ return signatureCreationParameter;
+
+ }
+
+ /**
+ * Creates a SignatureVerificationParameter object from the MOA-ID configuration
+ * This configuration object contains the TrustProfile to be used for signature verification (STORK SAML Signature Verification)
+ *
+ * @return TrustProfileID for signature verification (STORK SAML Signature Verification)
+ */
+ public SignatureVerificationParameter buildSTORKSignatureVerificationParameter() {
+
+ Logger.debug("Loading STORK signature verification parameters.");
+
+ Element signatureVerificationParameterElement = (Element)XPathUtils.selectSingleNode(configElem_, AUTH_FOREIGN_IDENTITIES_STORK_SIGNATURE_VERIFICATION_PARAMETER);
+ if (signatureVerificationParameterElement == null) {
+ Logger.debug("No STORK verification parameters found, " +AUTH_FOREIGN_IDENTITIES_STORK_SIGNATURE_VERIFICATION_PARAMETER + "is missing.");
+ return null;
+ }
+
+ SignatureVerificationParameter signatureVerificationParameter = new SignatureVerificationParameter();
+
+ String trustProfileID = XPathUtils.getElementValue(signatureVerificationParameterElement, AUTH_FOREIGN_IDENTITIES_STORK_TRUSTPROFILE_ID, null);
+ if (StringUtils.isEmpty(trustProfileID)) {
+ Logger.error(AUTH_FOREIGN_IDENTITIES_STORK_TRUSTPROFILE_ID + "is missing.");
+ return null;
+ }
+ Logger.trace("Using the following MOA-SP TrustProfile for STORK SAML signature verification: " + trustProfileID);
+ signatureVerificationParameter.setTrustProfileID(trustProfileID);
+
+ Logger.info("STORK signature verification parameters loaded.");
+
+ return signatureVerificationParameter;
+ }
+
+ /**
+ * Builds a C-PEPS object from configuration
+ * @param cpepsElement DOM Element of C-PEPS from configuration
+ * @return C-PEPS object
+ */
+ public CPEPS buildSTORKCpeps(Element cpepsElement) {
+
+ String countryCode = cpepsElement.getAttribute(AUTH_FOREIGN_IDENTITIES_STORK_CPEPS_COUNTRY_CODE);
+ String cpepsURLString = cpepsElement.getAttribute(AUTH_FOREIGN_IDENTITIES_STORK_CPEPS_URL);
+ if (StringUtils.isEmpty(countryCode)) {
+ Logger.error(AUTH_FOREIGN_IDENTITIES_STORK_CPEPS_COUNTRY_CODE + "is missing.");
+ return null;
+ }
+ if (StringUtils.isEmpty(cpepsURLString)) {
+ Logger.error(AUTH_FOREIGN_IDENTITIES_STORK_CPEPS_URL + "is missing.");
+ return null;
+ }
+
+ URL cpepsURL;
+ try {
+ cpepsURL = new URL(cpepsURLString);
+ } catch (MalformedURLException e) {
+ Logger.error("Provided CPEPS-URL (" + cpepsURLString + ") for country " + countryCode + " is not a URL", e);
+ return null;
+ }
+ CPEPS cpeps = new CPEPS(countryCode, cpepsURL);
+ Logger.debug("Adding C-PEPS for country: " + cpeps.getCountryCode() + ", URL: " + cpeps.getPepsURL());
+
+ Element reqAttributeElement;
+ NodeIterator reqAttributeIterator = XPathUtils.selectNodeIterator(cpepsElement, AUTH_FOREIGN_IDENTITIES_STORK_CPEPS_REQUESTED_ATTRIBUTES);
+
+ while ((reqAttributeElement = (Element) reqAttributeIterator.nextNode()) != null) {
+ RequestedAttribute requestedAttribute;
+ try {
+ requestedAttribute = (RequestedAttribute) SAMLUtil.unmarshallMessage(reqAttributeElement);
+ } catch (MessageEncodingException e) {
+ Logger.error("Provided RequestedAttributes for CPEPS from country " + countryCode + " is malformed.", e);
+ return null;
+ }
+ //only add if STORK attribute is correct
+ if (STORKConstants.FULL_STORK_ATTRIBUTE_SET.contains(requestedAttribute.getName())) {
+ cpeps.addCountrySpecificRequestedAttribute(requestedAttribute);
+ Logger.debug("Adding also country specific requested attribute for C-PEPS (" + countryCode + "): " + requestedAttribute.getName() + ", isRequired: " + requestedAttribute.isRequired());
+ } else {
+ Logger.warn("Skipping addition of requested STORK Attribute, attribute unknown : " + requestedAttribute.getName());
+ }
+
+ }
+
+ return cpeps;
+ }
+
+ /**
+ * Builds the supported C-PEPS Map from configuration
+ * @return Map of C-PEPS
+ */
+ public Map<String, CPEPS> buildSTORKcPEPSMap() {
+
+ Logger.debug("Loading STORK C-PEPS information");
+
+ Map<String, CPEPS> cpepsMap = new HashMap<String, CPEPS>();
+
+ NodeIterator cpepsIterator = XPathUtils.selectNodeIterator(configElem_, AUTH_FOREIGN_IDENTITIES_STORK_CPEPS);
+
+ Element cpepsElement;
+ CPEPS cpeps;
+
+ while ((cpepsElement = (Element) cpepsIterator.nextNode()) != null) {
+ cpeps = buildSTORKCpeps(cpepsElement);
+ if (cpeps != null) {
+ cpepsMap.put(cpeps.getCountryCode(), cpeps);
+ }
+ }
+
+ if(!cpepsMap.isEmpty()) {
+ Logger.info("STORK C-PEPS information loaded");
+ }
+
+ return cpepsMap;
+
+ }
+
+ /**
+ * Builds the required STORK QAALevel for this OA
+ * @param authComponentElement DOM Element of AuthComponent (from MOA configuration)
+ * @return STORK QAALevel for this OA
+ */
+ public QualityAuthenticationAssuranceLevel buildOaSTORKQAALevel(Element authComponentElement) {
+ Element qaaLevelElement = (Element)XPathUtils.selectSingleNode(authComponentElement, OA_AUTH_COMPONENT_STORK_QAA);
+
+ if (qaaLevelElement == null) return null;
+
+ try {
+ QualityAuthenticationAssuranceLevel qaaLevel = (QualityAuthenticationAssuranceLevel) SAMLUtil.unmarshallMessage(qaaLevelElement);
+ return qaaLevel;
+ } catch (MessageEncodingException e) {
+ Logger.error("Could not build STORK QAALevel, using default.");
+ return null;
+ }
+
+ }
+
+ /**
+ * Builds the Requested Attributes specific for an OA
+ * @param authComponentElement DOM Element of AuthComponent (from MOA configuration)
+ * @return STORK RequestedAttributes for this OA
+ */
+ public RequestedAttributes buildOaSTORKRequestedAttributes(Element authComponentElement) {
+ List<RequestedAttribute> reqAttributeList = new ArrayList<RequestedAttribute>();
+
+
+ Element reqAttributeElement;
+ NodeIterator reqAttributeIterator = XPathUtils.selectNodeIterator(authComponentElement, OA_AUTH_COMPONENT_STORK_REQUESTED_ATTRIBUTE);
+
+ while ((reqAttributeElement = (Element) reqAttributeIterator.nextNode()) != null) {
+ RequestedAttribute requestedAttribute;
+ try {
+ requestedAttribute = (RequestedAttribute) SAMLUtil.unmarshallMessage(reqAttributeElement);
+ } catch (MessageEncodingException e) {
+ Logger.error("Provided RequestedAttributes Online Application is malformed.", e);
+ return null;
+ }
+ //only add if STORK attribute is correct
+ if (STORKConstants.FULL_STORK_ATTRIBUTE_SET.contains(requestedAttribute.getName())) {
+ reqAttributeList.add(requestedAttribute);
+ } else {
+ Logger.warn("Skipping addition of requested STORK Attribute, attribute unknown : " + requestedAttribute.getName());
+ }
+ }
+
+ return STORKMessagesBuilder.buildRequestedAttributes(reqAttributeList);
+ }
/**
* Method warn.
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/auth/AuthConfigurationProvider.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/auth/AuthConfigurationProvider.java
index 04b92f209..b6ffb0c59 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/auth/AuthConfigurationProvider.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/auth/AuthConfigurationProvider.java
@@ -35,13 +35,17 @@ import java.util.List;
import org.w3c.dom.Element;
import org.w3c.dom.Node;
+import eu.stork.vidp.messages.common.STORKBootstrap;
+
import at.gv.egovernment.moa.id.config.ConfigurationBuilder;
import at.gv.egovernment.moa.id.config.ConfigurationException;
import at.gv.egovernment.moa.id.config.ConfigurationProvider;
import at.gv.egovernment.moa.id.config.ConnectionParameter;
+import at.gv.egovernment.moa.id.config.stork.STORKConfig;
import at.gv.egovernment.moa.logging.Logger;
import at.gv.egovernment.moa.util.DOMUtils;
import at.gv.egovernment.moa.util.FileUtils;
+import at.gv.egovernment.moa.util.StringUtils;
import at.gv.egovernment.moa.util.XPathUtils;
/**
@@ -183,6 +187,11 @@ public class AuthConfigurationProvider extends ConfigurationProvider {
*/
private List trustedBKUs;
+ /**
+ * Holds general information for STORK (e.g. C-PEPS connection parameter, SAML signing parameters, etc.)
+ */
+ private STORKConfig storkConfig;
+
/**
* Return the single instance of configuration data.
*
@@ -263,7 +272,12 @@ public class AuthConfigurationProvider extends ConfigurationProvider {
} catch (MalformedURLException t) {
throw new ConfigurationException("config.03", null, t);
}
-
+
+ //Initialize OpenSAML for STORK
+ Logger.trace("Starting initialization of OpenSAML...");
+ STORKBootstrap.bootstrap();
+ Logger.debug("OpenSAML successfully initialized");
+
// build the internal datastructures
builder = new ConfigurationBuilder(configElem, rootConfigFileDir);
bKUConnectionParameter = builder.buildAuthBKUConnectionParameter();
@@ -293,6 +307,7 @@ public class AuthConfigurationProvider extends ConfigurationProvider {
trustedCACertificates = builder.getTrustedCACertificates();
trustedCACertificates = FileUtils.makeAbsoluteURL(trustedCACertificates, rootConfigFileDir);
trustedBKUs = builder.getTrustedBKUs();
+ storkConfig = new STORKConfig(builder.buildSTORKSignatureCreationParameter(),builder.buildSTORKSignatureVerificationParameter(), builder.buildSTORKcPEPSMap());
} catch (Throwable t) {
throw new ConfigurationException("config.02", null, t);
@@ -370,6 +385,7 @@ public class AuthConfigurationProvider extends ConfigurationProvider {
}
return null;
}
+
/**
* Return a string with a url-reference to the VerifyAuthBlock trust
@@ -484,4 +500,14 @@ public class AuthConfigurationProvider extends ConfigurationProvider {
return defaultVerifyInfoboxParameters;
}
+ /**
+ * Retruns the STORK Configuration
+ * @return STORK Configuration
+ */
+ public STORKConfig getStorkConfig() {
+ return storkConfig;
+ }
+
+
+
} \ No newline at end of file
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/auth/OAAuthParameter.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/auth/OAAuthParameter.java
index 2959d9208..091a01bf7 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/auth/OAAuthParameter.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/auth/OAAuthParameter.java
@@ -24,7 +24,15 @@
package at.gv.egovernment.moa.id.config.auth;
+import java.util.ArrayList;
+
+import org.opensaml.saml2.metadata.RequestedAttribute;
+
import at.gv.egovernment.moa.id.config.OAParameter;
+import eu.stork.vidp.messages.builder.STORKMessagesBuilder;
+import eu.stork.vidp.messages.common.STORKConstants;
+import eu.stork.vidp.messages.stork.QualityAuthenticationAssuranceLevel;
+import eu.stork.vidp.messages.stork.RequestedAttributes;
/**
* Configuration parameters belonging to an online application,
@@ -117,12 +125,28 @@ public class OAAuthParameter extends OAParameter {
private String mandateProfiles;
/**
- * BZ
+ *
* Type for authentication number (e.g. Firmenbuchnummer)
*/
private String identityLinkDomainIdentifierType;
/**
+ * STORK QAA Level, Default = 4
+ */
+ private QualityAuthenticationAssuranceLevel qaaLevel = STORKMessagesBuilder.buildQualityAuthenticationAssuranceLevel(4);
+
+ /**
+ * STORK RequestedAttributes for Online Application
+ * Default RequestedAttributes are: eIdentifier, givenName, surname, dateOfBirth
+ */
+ private RequestedAttributes requestedAttributes = STORKMessagesBuilder.buildRequestedAttributes(
+ STORKMessagesBuilder.buildRequestedAttribute(STORKConstants.STORK_ATTRIBUTE_EIDENTIFIER, true, null),
+ STORKMessagesBuilder.buildRequestedAttribute(STORKConstants.STORK_ATTRIBUTE_GIVENNAME, true, null),
+ STORKMessagesBuilder.buildRequestedAttribute(STORKConstants.STORK_ATTRIBUTE_SURNAME, true, null),
+ STORKMessagesBuilder.buildRequestedAttribute(STORKConstants.STORK_ATTRIBUTE_DATEOFBIRTH, false, null));
+
+
+/**
* Returns <code>true</code> if the Security Layer version is version 1.2,
* otherwise <code>false</code>.
* @return <code>true</code> if the Security Layer version is version 1.2,
@@ -441,4 +465,38 @@ public class OAAuthParameter extends OAParameter {
return this.mandateProfiles;
}
+ /**
+ * Returns the defined STORK QAALevel
+ * @return STORK QAALevel
+ */
+ public QualityAuthenticationAssuranceLevel getQaaLevel() {
+ return qaaLevel;
+ }
+
+ /**
+ * Sets the STORK QAALevel
+ * @param qaaLevel
+ */
+ public void setQaaLevel(QualityAuthenticationAssuranceLevel qaaLevel) {
+ this.qaaLevel = qaaLevel;
+ }
+
+ /**
+ * Returns the desired STORK Requested Attributes
+ * @return STORK Requested Attributes
+ */
+ public RequestedAttributes getRequestedAttributes() {
+ return requestedAttributes;
+ }
+
+ /**
+ * Sets the desired STORK Requested Attributes
+ * @param requestedAttributes
+ */
+ public void setRequestedAttributes(RequestedAttributes requestedAttributes) {
+ this.requestedAttributes = requestedAttributes;
+ }
+
+
+
}
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/stork/CPEPS.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/stork/CPEPS.java
new file mode 100644
index 000000000..a5b160454
--- /dev/null
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/stork/CPEPS.java
@@ -0,0 +1,98 @@
+/**
+ *
+ */
+package at.gv.egovernment.moa.id.config.stork;
+
+import java.net.URL;
+import java.util.ArrayList;
+import java.util.List;
+
+import org.opensaml.saml2.metadata.RequestedAttribute;
+
+/**
+ * Encpasulates C-PEPS information according MOA configuration
+ *
+ * @author bzwattendorfer
+ *
+ */
+public class CPEPS {
+
+ /** Country Code of C-PEPS */
+ private String countryCode;
+
+ /** URL of C-PEPS */
+ private URL pepsURL;
+
+ /** Specific attributes to be requested for this C-PEPS */
+ private List<RequestedAttribute> countrySpecificRequestedAttributes = new ArrayList<RequestedAttribute>();
+
+ /**
+ * Constructs a C-PEPS
+ * @param countryCode ISO Country Code of C-PEPS
+ * @param pepsURL URL of C-PEPS
+ */
+ public CPEPS(String countryCode, URL pepsURL) {
+ super();
+ this.countryCode = countryCode;
+ this.pepsURL = pepsURL;
+ }
+
+ /**
+ * Gets the country code of this C-PEPS
+ * @return ISO country code
+ */
+ public String getCountryCode() {
+ return countryCode;
+ }
+
+ /**
+ * Sets the country code of this C-PEPS
+ * @param countryCode ISO country code
+ */
+ public void setCountryCode(String countryCode) {
+ this.countryCode = countryCode;
+ }
+
+ /**
+ * Gets the URL of this C-PEPS
+ * @return C-PEPS URL
+ */
+ public URL getPepsURL() {
+ return pepsURL;
+ }
+
+ /**
+ * Sets the C-PEPS URL
+ * @param pepsURL C-PEPS URL
+ */
+ public void setPepsURL(URL pepsURL) {
+ this.pepsURL = pepsURL;
+ }
+
+ /**
+ * Gets the country specific attributes of this C-PEPS
+ * @return List of country specific attributes
+ */
+ public List<RequestedAttribute> getCountrySpecificRequestedAttributes() {
+ return countrySpecificRequestedAttributes;
+ }
+
+ /**
+ * Sets the country specific attributes
+ * @param countrySpecificRequestedAttributes List of country specific requested attributes
+ */
+ public void setCountrySpecificRequestedAttributes(
+ List<RequestedAttribute> countrySpecificRequestedAttributes) {
+ this.countrySpecificRequestedAttributes = countrySpecificRequestedAttributes;
+ }
+
+ /**
+ * Adds a Requested attribute to the country specific attribute List
+ * @param countrySpecificRequestedAttribute Additional country specific requested attribute to add
+ */
+ public void addCountrySpecificRequestedAttribute(RequestedAttribute countrySpecificRequestedAttribute) {
+ this.countrySpecificRequestedAttributes.add(countrySpecificRequestedAttribute);
+ }
+
+
+}
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/stork/STORKConfig.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/stork/STORKConfig.java
new file mode 100644
index 000000000..485a44421
--- /dev/null
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/stork/STORKConfig.java
@@ -0,0 +1,90 @@
+/**
+ *
+ */
+package at.gv.egovernment.moa.id.config.stork;
+
+import java.util.HashMap;
+import java.util.Map;
+
+import at.gv.egovernment.moa.util.StringUtils;
+
+/**
+ * Encapsulates several STORK configuration parameters according MOA configuration
+ *
+ * @author bzwattendorfer
+ *
+ */
+public class STORKConfig {
+
+ /** STORK SAML signature creation parameters */
+ private SignatureCreationParameter signatureCreationParameter;
+
+ /** STORK SAML signature verification parameters */
+ private SignatureVerificationParameter signatureVerificationParameter;
+
+ /** Map of supported C-PEPSs */
+ private Map<String, CPEPS> cpepsMap = new HashMap<String, CPEPS>();
+
+
+ /**
+ * Constructs a STORK Config object
+ * @param signatureCreationParameter STORK SAML Signature creation parameters
+ * @param signatureVerificationParameter STORK SAML Signature verification parameters
+ * @param cpepsMap Map of supported C-PEPS
+ */
+ public STORKConfig(SignatureCreationParameter signatureCreationParameter,
+ SignatureVerificationParameter signatureVerificationParameter,
+ Map<String, CPEPS> cpepsMap) {
+ super();
+ this.signatureCreationParameter = signatureCreationParameter;
+ this.signatureVerificationParameter = signatureVerificationParameter;
+ this.cpepsMap = cpepsMap;
+ }
+
+ public SignatureCreationParameter getSignatureCreationParameter() {
+ return signatureCreationParameter;
+ }
+
+ public void setSignatureCreationParameter(
+ SignatureCreationParameter signatureCreationParameter) {
+ this.signatureCreationParameter = signatureCreationParameter;
+ }
+
+ public SignatureVerificationParameter getSignatureVerificationParameter() {
+ return signatureVerificationParameter;
+ }
+
+ public void setSignatureVerificationParameter(
+ SignatureVerificationParameter signatureVerificationParameter) {
+ this.signatureVerificationParameter = signatureVerificationParameter;
+ }
+
+ public Map<String, CPEPS> getCpepsMap() {
+ return cpepsMap;
+ }
+
+ public void setCpepsMap(Map<String, CPEPS> cpepsMap) {
+ this.cpepsMap = cpepsMap;
+ }
+
+ public boolean isSTORKAuthentication(String ccc) {
+
+ if (StringUtils.isEmpty(ccc) || this.cpepsMap.isEmpty())
+ return false;
+
+ if (this.cpepsMap.containsKey(ccc.toUpperCase()))
+ return true;
+ else
+ return false;
+
+ }
+
+ public CPEPS getCPEPS(String ccc) {
+ if (isSTORKAuthentication(ccc))
+ return this.cpepsMap.get(ccc);
+ else
+ return null;
+ }
+
+
+}
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/stork/SignatureCreationParameter.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/stork/SignatureCreationParameter.java
new file mode 100644
index 000000000..1f66b7752
--- /dev/null
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/stork/SignatureCreationParameter.java
@@ -0,0 +1,112 @@
+/*
+ * Copyright 2003 Federal Chancellery Austria
+ * MOA-ID has been developed in a cooperation between BRZ, the Federal
+ * Chancellery Austria - ICT staff unit, and Graz University of Technology.
+ *
+ * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by
+ * the European Commission - subsequent versions of the EUPL (the "Licence");
+ * You may not use this work except in compliance with the Licence.
+ * You may obtain a copy of the Licence at:
+ * http://www.osor.eu/eupl/
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the Licence is distributed on an "AS IS" basis,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the Licence for the specific language governing permissions and
+ * limitations under the Licence.
+ *
+ * This product combines work with different licenses. See the "NOTICE" text
+ * file for details on the various modules and licenses.
+ * The "NOTICE" text file is part of the distribution. Any derivative works
+ * that you distribute must include a readable copy of the "NOTICE" text file.
+ */
+
+package at.gv.egovernment.moa.id.config.stork;
+
+/**
+ * Encapsulates signature creation parameters according MOA configuration
+ *
+ * @author bzwattendorfer
+ *
+ */
+public class SignatureCreationParameter {
+
+ /** KeyStore Path */
+ private String keyStorePath;
+
+ /** KeyStore Password */
+ private String keyStorePassword;
+
+ /** Signing Key Name */
+ private String keyName;
+
+ /** Signing Key Password */
+ private String keyPassword;
+
+ /**
+ * Gets the KeyStore Path
+ * @return File Path to KeyStore
+ */
+ public String getKeyStorePath() {
+ return keyStorePath;
+ }
+
+ /**
+ * Sets the KeyStore Path
+ * @param keyStorePath Path to KeyStore
+ */
+ public void setKeyStorePath(String keyStorePath) {
+ this.keyStorePath = keyStorePath;
+ }
+
+ /**
+ * Gets the KeyStore Password
+ * @return Password to KeyStore
+ */
+ public String getKeyStorePassword() {
+ return keyStorePassword;
+ }
+
+ /**
+ * Sets the KeyStore Password
+ * @param keyStorePassword Password to KeyStore
+ */
+ public void setKeyStorePassword(String keyStorePassword) {
+ this.keyStorePassword = keyStorePassword;
+ }
+
+ /**
+ * Gets the Signing Key Name
+ * @return Siging Key Name
+ */
+ public String getKeyName() {
+ return keyName;
+ }
+
+ /**
+ * Sets the Signing Key Name
+ * @param keyName Signing Key Name
+ */
+ public void setKeyName(String keyName) {
+ this.keyName = keyName;
+ }
+
+ /**
+ * Gets the Signing Key Password
+ * @return Signing Key Password
+ */
+ public String getKeyPassword() {
+ return keyPassword;
+ }
+
+ /**
+ * Sets the Signing Key Password
+ * @param keyPassword Signing Key Password
+ */
+ public void setKeyPassword(String keyPassword) {
+ this.keyPassword = keyPassword;
+ }
+
+
+
+}
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/stork/SignatureVerificationParameter.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/stork/SignatureVerificationParameter.java
new file mode 100644
index 000000000..2d8402e4d
--- /dev/null
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/stork/SignatureVerificationParameter.java
@@ -0,0 +1,35 @@
+/**
+ *
+ */
+package at.gv.egovernment.moa.id.config.stork;
+
+/**
+ * Encapsulates Signature Verification data for STORK according MOA configuration
+ *
+ * @author bzwattendorfer
+ *
+ */
+public class SignatureVerificationParameter {
+
+ /** ID of the MOA-SP TrustProfile to be used for STORK SAML signature verification */
+ private String trustProfileID;
+
+ /**
+ * Gets the MOA-SP TrustProfileID
+ * @return TrustProfileID of MOA-SP for STORK signature verification
+ */
+ public String getTrustProfileID() {
+ return trustProfileID;
+ }
+
+ /**
+ * Sets the MOA-SP TrustProfileID
+ * @param trustProfileID TrustProfileID of MOA-SP for STORK signature verification
+ */
+ public void setTrustProfileID(String trustProfileID) {
+ this.trustProfileID = trustProfileID;
+ }
+
+
+
+}
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/util/HTTPUtils.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/util/HTTPUtils.java
index 7b29051f3..a148aa690 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/util/HTTPUtils.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/util/HTTPUtils.java
@@ -40,9 +40,13 @@ import java.io.Reader;
import java.net.HttpURLConnection;
import java.net.URL;
+import javax.servlet.http.HttpServletRequest;
+
import org.apache.regexp.RE;
import org.apache.regexp.RESyntaxException;
+import at.gv.egovernment.moa.util.StringUtils;
+
/**
*
* @author Rudolf Schamberger
@@ -88,5 +92,47 @@ public class HTTPUtils {
conn.disconnect();
return buffer.toString();
}
+
+ /**
+ * Helper method to retrieve server URL including context path
+ * @param request HttpServletRequest
+ * @return Server URL including context path (e.g. http://localhost:8443/moa-id-auth
+ */
+ public static String getBaseURL(HttpServletRequest request) {
+ StringBuffer buffer = new StringBuffer(getServerURL(request));
+
+ // add context path if available
+ String contextPath = request.getContextPath();
+ if (!StringUtils.isEmpty(contextPath)) {
+ buffer.append(contextPath);
+ }
+
+ return buffer.toString();
+ }
+
+ /**
+ * Helper method to retrieve server URL
+ * @param request HttpServletRequest
+ * @return Server URL (e.g. http://localhost:8443)
+ */
+ public static String getServerURL(HttpServletRequest request) {
+ StringBuffer buffer = new StringBuffer();
+
+ // get protocol
+ String protocol = request.getScheme();
+ buffer.append(protocol).append("://");
+
+ // server name
+ buffer.append(request.getServerName());
+
+ // add port if necessary
+ int port = request.getServerPort();
+ if ((protocol.equals("http") && port != 80) || (protocol.equals("https") && port != 443)) {
+ buffer.append(':');
+ buffer.append(port);
+ }
+
+ return buffer.toString();
+ }
}
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/util/ParamValidatorUtils.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/util/ParamValidatorUtils.java
index 790651adf..0862371dd 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/util/ParamValidatorUtils.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/util/ParamValidatorUtils.java
@@ -43,6 +43,7 @@ import org.xml.sax.SAXException;
import at.gv.egovernment.moa.id.config.ConfigurationException;
import at.gv.egovernment.moa.id.config.auth.AuthConfigurationProvider;
import at.gv.egovernment.moa.logging.Logger;
+import at.gv.egovernment.moa.util.StringUtils;
public class ParamValidatorUtils {
@@ -54,10 +55,10 @@ public class ParamValidatorUtils {
*/
public static boolean isValidTarget(String target) {
- Logger.debug("Überprüfe Parameter Target");
+ Logger.debug("�berpr�fe Parameter Target");
// if non parameter is given return true
- if (target == null) {
+ if (StringUtils.isEmpty(target)) {
Logger.debug("Parameter Target ist null");
return true;
}
@@ -67,27 +68,57 @@ public class ParamValidatorUtils {
Matcher matcher = pattern.matcher(target);
boolean b = matcher.matches();
if (b) {
- Logger.debug("Parameter Target erfolgreich überprüft");
+ Logger.debug("Parameter Target erfolgreich �berpr�ft");
return true;
}
else {
- Logger.error("Fehler Überprüfung Parameter Target. Target entspricht nicht den Kriterien (nur Zeichen a-z, A-Z und -, sowie 1-5 Zeichen lang)");
+ Logger.error("Fehler �berpr�fung Parameter Target. Target entspricht nicht den Kriterien (nur Zeichen a-z, A-Z und -, sowie 1-5 Zeichen lang)");
return false;
}
}
/**
+ * Checks if the given ccc parameter is valid
+ * @param ccc HTTP parameter from request
+ * @return true if ccc is valid
+ */
+ public static boolean isValidCCC(String ccc) {
+
+ Logger.debug("�berpr�fe Parameter CCC");
+
+ // if non parameter is given return true
+ if (StringUtils.isEmpty(ccc)) {
+ Logger.debug("Parameter CCC ist null");
+ return true;
+ }
+
+
+ Pattern pattern = Pattern.compile("[a-zA-Z]{2}");
+ Matcher matcher = pattern.matcher(ccc);
+ boolean b = matcher.matches();
+ if (b) {
+ Logger.debug("Parameter CCC erfolgreich �berpr�ft");
+ return true;
+ }
+ else {
+ Logger.error("Fehler �berpr�fung Parameter CCC. CCC entspricht nicht den Kriterien (nur Zeichen a-z, A-Z, sowie 2 Zeichen lang)");
+ return false;
+ }
+
+ }
+
+ /**
* Checks if the given target is valid
* @param sourceID HTTP parameter from request
* @return
*/
public static boolean isValidSourceID(String sourceID) {
- Logger.debug("Überprüfe Parameter sourceID");
+ Logger.debug("�berpr�fe Parameter sourceID");
// if non parameter is given return true
- if (sourceID == null) {
+ if (StringUtils.isEmpty(sourceID)) {
Logger.debug("Parameter Target ist null");
return true;
}
@@ -97,11 +128,11 @@ public class ParamValidatorUtils {
Matcher matcher = pattern.matcher(sourceID);
boolean b = matcher.matches();
if (b) {
- Logger.debug("Parameter sourceID erfolgreich überprüft");
+ Logger.debug("Parameter sourceID erfolgreich �berpr�ft");
return true;
}
else {
- Logger.error("Fehler Überprüfung Parameter sourceID. SourceID entspricht nicht den Kriterien (nur Zeichen a-z, A-Z, - und _, sowie 1-20 Zeichen lang)");
+ Logger.error("Fehler �berpr�fung Parameter sourceID. SourceID entspricht nicht den Kriterien (nur Zeichen a-z, A-Z, - und _, sowie 1-20 Zeichen lang)");
return false;
}
@@ -114,21 +145,21 @@ public class ParamValidatorUtils {
*/
public static boolean isValidUseMandate(String usemandate) {
- Logger.debug("Überprüfe Parameter useMandate");
+ Logger.debug("�berpr�fe Parameter useMandate");
// if non parameter is given return true
- if (usemandate== null) {
+ if (StringUtils.isEmpty(usemandate)) {
Logger.debug("Parameter useMandate ist null");
return true;
}
if (usemandate.compareToIgnoreCase("true") == 0 || usemandate.compareToIgnoreCase("false") == 0) {
- Logger.debug("Parameter useMandate erfolgreich überprüft");
+ Logger.debug("Parameter useMandate erfolgreich �berpr�ft");
return true;
}
else {
- Logger.error("Fehler Überprüfung Parameter useMandate. useMandate ist weder 'true' noch 'false')");
+ Logger.error("Fehler �berpr�fung Parameter useMandate. useMandate ist weder 'true' noch 'false')");
return false;
}
@@ -144,10 +175,10 @@ public class ParamValidatorUtils {
* @return
*/
public static boolean isValidBKUURI(String bkuURI) {
- Logger.debug("Überprüfe Parameter bkuURI");
+ Logger.debug("�berpr�fe Parameter bkuURI");
// if non parameter is given return true
- if (bkuURI == null) {
+ if (StringUtils.isEmpty(bkuURI)) {
Logger.debug("Parameter bkuURI ist null");
return true;
}
@@ -163,20 +194,20 @@ public class ParamValidatorUtils {
bkuURI.compareToIgnoreCase("http://localhost:3495/http-security-layer-request") == 0 ||
bkuURI.compareToIgnoreCase("http://127.0.0.1:3495/http-security-layer-request") == 0 ||
bkuURI.compareToIgnoreCase("https://127.0.0.1:3496/https-security-layer-request") == 0) {
- Logger.debug("Parameter bkuURI erfolgreich überprüft");
+ Logger.debug("Parameter bkuURI erfolgreich �berpr�ft");
return true;
}
else {
- Logger.debug("Parameter bkuURI ist keine lokale BKU. Überprüfe Liste der vertrauenswürdigen BKUs.");
+ Logger.debug("Parameter bkuURI ist keine lokale BKU. �berpr�fe Liste der vertrauensw�rdigen BKUs.");
AuthConfigurationProvider authConf = AuthConfigurationProvider.getInstance();
List trustedBKUs = authConf.getTrustedBKUs();
boolean b = trustedBKUs.contains(bkuURI);
if (b) {
- Logger.debug("Parameter bkuURI erfolgreich überprüft");
+ Logger.debug("Parameter bkuURI erfolgreich �berpr�ft");
return true;
}
else {
- Logger.error("Fehler Überprüfung Parameter bkuURI. bkuURI ist nicht auf Liste der vertrauenswürdigen BKUs (Konfigurationselement: MOA-IDConfiguration/TrustedBKUs)");
+ Logger.error("Fehler �berpr�fung Parameter bkuURI. bkuURI ist nicht auf Liste der vertrauensw�rdigen BKUs (Konfigurationselement: MOA-IDConfiguration/TrustedBKUs)");
return false;
}
}
@@ -184,16 +215,16 @@ public class ParamValidatorUtils {
}
else {
- Logger.error("Fehler Überprüfung Parameter bkuURI. bkuURI beginnt nicht mit http or https");
+ Logger.error("Fehler �berpr�fung Parameter bkuURI. bkuURI beginnt nicht mit http or https");
return false;
}
} catch (MalformedURLException e) {
- Logger.error("Fehler Überprüfung Parameter bkuURI", e);
+ Logger.error("Fehler �berpr�fung Parameter bkuURI", e);
return false;
} catch (ConfigurationException e) {
- Logger.error("Fehler Überprüfung Parameter bkuURI", e);
+ Logger.error("Fehler �berpr�fung Parameter bkuURI", e);
return false;
}
}
@@ -243,7 +274,7 @@ public class ParamValidatorUtils {
//
// System.out.println("ret: " + ret);
//
-// Logger.error("Fehler Überprüfung Parameter bkuURI. Antwortcode von BKU ist nicht 200.");
+// Logger.error("Fehler �berpr�fung Parameter bkuURI. Antwortcode von BKU ist nicht 200.");
// return false;
// }
//
@@ -257,26 +288,26 @@ public class ParamValidatorUtils {
//
//// NodeList l = doc.getElementsByTagNameNS(Constants.SL12_NS_URI, "ErrorResponse");
//// if (l.getLength() != 0) {
-//// Logger.error("Fehler Überprüfung Parameter bkuURI. ErrorResponse von BKU empfangen.");
+//// Logger.error("Fehler �berpr�fung Parameter bkuURI. ErrorResponse von BKU empfangen.");
//// return false;
//// }
//
-// Logger.debug("Parameter Template bkuURI erfolgreich überprüft");
+// Logger.debug("Parameter Template bkuURI erfolgreich �berpr�ft");
// return true;
//
//// } catch (SAXException e) {
-//// Logger.error("Fehler Überprüfung Parameter bkuURI.", e);
+//// Logger.error("Fehler �berpr�fung Parameter bkuURI.", e);
//// return false;
// } catch (IOException e) {
-// Logger.error("Fehler Überprüfung Parameter bkuURI.", e);
+// Logger.error("Fehler �berpr�fung Parameter bkuURI.", e);
// return false;
// } catch (ParserConfigurationException e) {
-// Logger.error("Fehler Überprüfung Parameter bkuURI.", e);
+// Logger.error("Fehler �berpr�fung Parameter bkuURI.", e);
// return false;
// }
// }
// else {
-// Logger.error("Fehler Überprüfung Parameter bkuURI. bkuURI ist null.");
+// Logger.error("Fehler �berpr�fung Parameter bkuURI. bkuURI ist null.");
// return false;
// }
//
@@ -313,10 +344,10 @@ public class ParamValidatorUtils {
*/
public static boolean isValidTemplate(HttpServletRequest req, String template) {
- Logger.debug("Überprüfe Parameter Template bzw. bkuSelectionTemplateURL");
+ Logger.debug("�berpr�fe Parameter Template bzw. bkuSelectionTemplateURL");
// if non parameter is given return true
- if (template == null) {
+ if (StringUtils.isEmpty(template)) {
Logger.debug("Parameter Template bzw. bkuSelectionTemplateURL ist null");
return true;
}
@@ -334,37 +365,37 @@ public class ParamValidatorUtils {
if (template.startsWith(httpName) || template.startsWith(httpsName)) {
new URL(template);
- Logger.debug("Parameter Template bzw. bkuSelectionTemplateURL erfolgreich überprüft");
+ Logger.debug("Parameter Template bzw. bkuSelectionTemplateURL erfolgreich �berpr�ft");
return true;
}
else {
- Logger.error("Fehler Überprüfung Parameter Template bzw. bkuSelectionTemplateURL. Parameter liegt nicht am gleichen Server wie die MOA-Instanz (" + req.getServerName() + ")");
+ Logger.error("Fehler �berpr�fung Parameter Template bzw. bkuSelectionTemplateURL. Parameter liegt nicht am gleichen Server wie die MOA-Instanz (" + req.getServerName() + ")");
return false;
}
}
else {
- Logger.error("Fehler Überprüfung Parameter Template bzw. bkuSelectionTemplateURL. Paramter beginnt nicht mit http oder https.");
+ Logger.error("Fehler �berpr�fung Parameter Template bzw. bkuSelectionTemplateURL. Paramter beginnt nicht mit http oder https.");
return false;
}
} catch (MalformedURLException e) {
- Logger.error("Fehler Überprüfung Parameter Template bzw. bkuSelectionTemplateURL.", e);
+ Logger.error("Fehler �berpr�fung Parameter Template bzw. bkuSelectionTemplateURL.", e);
return false;
}
}
/**
- * Checks if the given template is valid
+ * Checks if the given sessionID is valid
* @param target HTTP parameter from request
* @return
*/
public static boolean isValidSessionID(String sessionID) {
- Logger.debug("Überprüfe Parameter MOASessionId");
+ Logger.debug("�berpr�fe Parameter MOASessionId");
// if non parameter is given return true
- if (sessionID == null) {
+ if (StringUtils.isEmpty(sessionID)) {
Logger.debug("Parameter MOASessionId ist null");
return true;
}
@@ -374,11 +405,11 @@ public class ParamValidatorUtils {
Matcher matcher = pattern.matcher(sessionID);
boolean b = matcher.matches();
if (b) {
- Logger.debug("Parameter MOASessionId erfolgreich überprüft");
+ Logger.debug("Parameter MOASessionId erfolgreich �berpr�ft");
return true;
}
else {
- Logger.error("Fehler Überprüfung Parameter MOASessionId. MOASessionId entspricht nicht den Kriterien (nur Zeichen 0-9 und -)");
+ Logger.error("Fehler �berpr�fung Parameter MOASessionId. MOASessionId entspricht nicht den Kriterien (nur Zeichen 0-9 und -)");
return false;
}
@@ -394,9 +425,9 @@ public class ParamValidatorUtils {
* @return
*/
public static boolean isValidOA(String oa) {
- Logger.debug("Überprüfe Parameter oa");
+ Logger.debug("�berpr�fe Parameter oa");
// if non parameter is given return true
- if (oa == null) {
+ if (StringUtils.isEmpty(oa)) {
Logger.debug("Parameter oa ist null");
return true;
}
@@ -407,16 +438,16 @@ public class ParamValidatorUtils {
// check if template url starts with http or https
if (oa.startsWith("http") || oa.startsWith("https")) {
new URL(oa);
- Logger.debug("Parameter oa erfolgreich überprüft");
+ Logger.debug("Parameter oa erfolgreich �berpr�ft");
return true;
}
else {
- Logger.error("Fehler Überprüfung Parameter oa. oa beginnt nicht mit http or https");
+ Logger.error("Fehler �berpr�fung Parameter oa. oa beginnt nicht mit http or https");
return false;
}
} catch (MalformedURLException e) {
- Logger.error("Fehler Überprüfung Parameter oa", e);
+ Logger.error("Fehler �berpr�fung Parameter oa", e);
return false;
}
@@ -429,10 +460,10 @@ public class ParamValidatorUtils {
*/
public static boolean isValidSignUrl(String signurl) {
- Logger.debug("Überprüfe Parameter signurl");
+ Logger.debug("�berpr�fe Parameter signurl");
// if non parameter is given return true
- if (signurl == null) {
+ if (StringUtils.isEmpty(signurl)) {
Logger.debug("Parameter signurl ist null");
return true;
}
@@ -443,16 +474,16 @@ public class ParamValidatorUtils {
// check if signurl starts with http or https
if (signurl.startsWith("http") || signurl.startsWith("https")) {
new URL(signurl);
- Logger.debug("Parameter signurl erfolgreich überprüft");
+ Logger.debug("Parameter signurl erfolgreich �berpr�ft");
return true;
}
else {
- Logger.error("Fehler Überprüfung Parameter signurl. signurl beginnt nicht mit http or https");
+ Logger.error("Fehler �berpr�fung Parameter signurl. signurl beginnt nicht mit http or https");
return false;
}
} catch (MalformedURLException e) {
- Logger.error("Fehler Überprüfung Parameter signurl", e);
+ Logger.error("Fehler �berpr�fung Parameter signurl", e);
return false;
}
@@ -508,27 +539,27 @@ public class ParamValidatorUtils {
public static boolean isValidXMLDocument(String document) {
- if (document == null)
+ if (StringUtils.isEmpty(document))
return false;
- Logger.debug("Überprüfe Parameter XMLDocument");
+ Logger.debug("Überprüfe Parameter XMLDocument");
try {
DocumentBuilderFactory factory = DocumentBuilderFactory.newInstance();
DocumentBuilder builder = factory.newDocumentBuilder();
InputSource is = new InputSource(new StringReader(document));
builder.parse(is);
- Logger.debug("Parameter XMLDocument erfolgreich überprüft");
+ Logger.debug("Parameter XMLDocument erfolgreich überprüft");
return true;
} catch (ParserConfigurationException e) {
- Logger.error("Fehler Überprüfung Parameter XMLDocument", e);
+ Logger.error("Fehler Überprüfung Parameter XMLDocument", e);
return false;
} catch (SAXException e) {
- Logger.error("Fehler Überprüfung Parameter XMLDocument", e);
+ Logger.error("Fehler Überprüfung Parameter XMLDocument", e);
return false;
} catch (IOException e) {
- Logger.error("Fehler Überprüfung Parameter XMLDocument", e);
+ Logger.error("Fehler Überprüfung Parameter XMLDocument", e);
return false;
}
diff --git a/id/server/idserverlib/src/main/resources/resources/properties/id_messages_de.properties b/id/server/idserverlib/src/main/resources/resources/properties/id_messages_de.properties
index db6fbe990..8089b851c 100644
--- a/id/server/idserverlib/src/main/resources/resources/properties/id_messages_de.properties
+++ b/id/server/idserverlib/src/main/resources/resources/properties/id_messages_de.properties
@@ -173,3 +173,14 @@ validator.65=Es ist ein Fehler bei der Formulargenerierung für berufliche Partei
validator.66=Überprüfung der {0}-Infobox fehlgeschlagen: berufliche Parteienvetretung ist nicht konfiguriert.
ssl.01=Validierung des SSL-Server-Endzertifikates hat fehlgeschlagen
+
+stork.00=STORK SAML AuthnRequest konnte nicht signiert werden
+stork.01=STORK SAML AuthnRequest nicht gültig
+stork.02=STORK SAML AuthnRequest kann nicht an folgende URL geschickt werden: {0}
+stork.04=STORK SAML Response konnte nicht decodiert werden
+stork.05=STORK SAML Response Validierung fehlgeschlagen
+stork.06=STORK SAML Response enthält eine Fehlermeldung: {0}
+stork.07=Es existiert kein STORK AuthnRequest für diese STORK Response
+stork.08=STORK SAML Assertion Validierung fehlgeschlagen
+stork.09=Fehler beim Überprüfen der STORK BürgerInnen Signatur
+stork.10=Fehler in der Verbindung zum SZR-Gateway
diff --git a/id/server/pom.xml b/id/server/pom.xml
index 4590ae1d0..386f38ed6 100644
--- a/id/server/pom.xml
+++ b/id/server/pom.xml
@@ -18,6 +18,7 @@
<module>idserverlib</module>
<module>proxy</module>
<module>auth</module>
+ <module>stork-saml-engine</module>
</modules>
<properties>
diff --git a/id/server/proxy/.settings/org.eclipse.jdt.core.prefs b/id/server/proxy/.settings/org.eclipse.jdt.core.prefs
index d70bf9268..a519d2f62 100644
--- a/id/server/proxy/.settings/org.eclipse.jdt.core.prefs
+++ b/id/server/proxy/.settings/org.eclipse.jdt.core.prefs
@@ -1,5 +1,5 @@
-#Mon Aug 17 10:06:16 CEST 2009
eclipse.preferences.version=1
org.eclipse.jdt.core.compiler.codegen.targetPlatform=1.4
org.eclipse.jdt.core.compiler.compliance=1.4
+org.eclipse.jdt.core.compiler.problem.forbiddenReference=warning
org.eclipse.jdt.core.compiler.source=1.4
diff --git a/id/server/proxy/.settings/org.eclipse.wst.common.component b/id/server/proxy/.settings/org.eclipse.wst.common.component
index fad3275dd..dbb1dc825 100644
--- a/id/server/proxy/.settings/org.eclipse.wst.common.component
+++ b/id/server/proxy/.settings/org.eclipse.wst.common.component
@@ -1,17 +1,143 @@
<?xml version="1.0" encoding="UTF-8"?>
-<project-modules id="moduleCoreId" project-version="1.5.0">
- <wb-module deploy-name="moa-id-proxy">
- <wb-resource deploy-path="/" source-path="/src/main/webapp"/>
- <dependent-module deploy-path="/WEB-INF/lib" handle="module:/resource/moa-spss-lib/moa-spss-lib">
- <dependency-type>uses</dependency-type>
- </dependent-module>
- <dependent-module deploy-path="/WEB-INF/lib" handle="module:/resource/moa-common/moa-common">
- <dependency-type>uses</dependency-type>
- </dependent-module>
- <dependent-module deploy-path="/WEB-INF/lib" handle="module:/resource/moa-id-lib/moa-id-lib">
- <dependency-type>uses</dependency-type>
- </dependent-module>
- <property name="context-root" value="moa-id-proxy"/>
- <property name="java-output-path"/>
- </wb-module>
-</project-modules>
+<project-modules id="moduleCoreId" project-version="2.0">
+ <wb-module deploy-name="moa-id-proxy">
+ <property name="context-root" value="moa-id-proxy"/>
+ <wb-resource deploy-path="/" source-path="src/main/webapp"/>
+ <property name="java-output-path" value="/target/classes"/>
+ <dependent-module archiveName="axis-1.1.jar" deploy-path="/WEB-INF/lib" handle="module:/classpath/var/M2_REPO/axis/axis/1.1/axis-1.1.jar">
+ <dependency-type>uses</dependency-type>
+ </dependent-module>
+ <dependent-module archiveName="moa-spss-lib.jar" deploy-path="/WEB-INF/lib" handle="module:/resource/moa-spss-lib/moa-spss-lib">
+ <dependency-type>uses</dependency-type>
+ </dependent-module>
+ <dependent-module archiveName="axis-jaxrpc-1.4.jar" deploy-path="/WEB-INF/lib" handle="module:/classpath/var/M2_REPO/org/apache/axis/axis-jaxrpc/1.4/axis-jaxrpc-1.4.jar">
+ <dependency-type>uses</dependency-type>
+ </dependent-module>
+ <dependent-module archiveName="axis-saaj-1.4.jar" deploy-path="/WEB-INF/lib" handle="module:/classpath/var/M2_REPO/org/apache/axis/axis-saaj/1.4/axis-saaj-1.4.jar">
+ <dependency-type>uses</dependency-type>
+ </dependent-module>
+ <dependent-module archiveName="axis-wsdl4j-1.5.1.jar" deploy-path="/WEB-INF/lib" handle="module:/classpath/var/M2_REPO/axis/axis-wsdl4j/1.5.1/axis-wsdl4j-1.5.1.jar">
+ <dependency-type>uses</dependency-type>
+ </dependent-module>
+ <dependent-module archiveName="commons-discovery-0.2.jar" deploy-path="/WEB-INF/lib" handle="module:/classpath/var/M2_REPO/commons-discovery/commons-discovery/0.2/commons-discovery-0.2.jar">
+ <dependency-type>uses</dependency-type>
+ </dependent-module>
+ <dependent-module archiveName="commons-logging-1.0.4.jar" deploy-path="/WEB-INF/lib" handle="module:/classpath/var/M2_REPO/commons-logging/commons-logging/1.0.4/commons-logging-1.0.4.jar">
+ <dependency-type>uses</dependency-type>
+ </dependent-module>
+ <dependent-module archiveName="activation-1.1.jar" deploy-path="/WEB-INF/lib" handle="module:/classpath/var/M2_REPO/javax/activation/activation/1.1/activation-1.1.jar">
+ <dependency-type>uses</dependency-type>
+ </dependent-module>
+ <dependent-module archiveName="mail-1.4.jar" deploy-path="/WEB-INF/lib" handle="module:/classpath/var/M2_REPO/javax/mail/mail/1.4/mail-1.4.jar">
+ <dependency-type>uses</dependency-type>
+ </dependent-module>
+ <dependent-module archiveName="log4j-1.2.14.jar" deploy-path="/WEB-INF/lib" handle="module:/classpath/var/M2_REPO/log4j/log4j/1.2.14/log4j-1.2.14.jar">
+ <dependency-type>uses</dependency-type>
+ </dependent-module>
+ <dependent-module archiveName="postgresql-7.2.jar" deploy-path="/WEB-INF/lib" handle="module:/classpath/var/M2_REPO/postgresql/postgresql/7.2/postgresql-7.2.jar">
+ <dependency-type>uses</dependency-type>
+ </dependent-module>
+ <dependent-module archiveName="iaik_moa-1.32.jar" deploy-path="/WEB-INF/lib" handle="module:/classpath/var/M2_REPO/iaik/prod/iaik_moa/1.32/iaik_moa-1.32.jar">
+ <dependency-type>uses</dependency-type>
+ </dependent-module>
+ <dependent-module archiveName="iaik_ixsil-1.2.2.5.jar" deploy-path="/WEB-INF/lib" handle="module:/classpath/var/M2_REPO/iaik/prod/iaik_ixsil/1.2.2.5/iaik_ixsil-1.2.2.5.jar">
+ <dependency-type>uses</dependency-type>
+ </dependent-module>
+ <dependent-module archiveName="iaik_cms-4.1_MOA.jar" deploy-path="/WEB-INF/lib" handle="module:/classpath/var/M2_REPO/iaik/prod/iaik_cms/4.1_MOA/iaik_cms-4.1_MOA.jar">
+ <dependency-type>uses</dependency-type>
+ </dependent-module>
+ <dependent-module archiveName="moa-common.jar" deploy-path="/WEB-INF/lib" handle="module:/resource/moa-common/moa-common">
+ <dependency-type>uses</dependency-type>
+ </dependent-module>
+ <dependent-module archiveName="jaxen-1.0-FCS.jar" deploy-path="/WEB-INF/lib" handle="module:/classpath/var/M2_REPO/jaxen/jaxen/1.0-FCS/jaxen-1.0-FCS.jar">
+ <dependency-type>uses</dependency-type>
+ </dependent-module>
+ <dependent-module archiveName="saxpath-1.0-FCS.jar" deploy-path="/WEB-INF/lib" handle="module:/classpath/var/M2_REPO/saxpath/saxpath/1.0-FCS/saxpath-1.0-FCS.jar">
+ <dependency-type>uses</dependency-type>
+ </dependent-module>
+ <dependent-module archiveName="joda-time-1.6.2.jar" deploy-path="/WEB-INF/lib" handle="module:/classpath/var/M2_REPO/joda-time/joda-time/1.6.2/joda-time-1.6.2.jar">
+ <dependency-type>uses</dependency-type>
+ </dependent-module>
+ <dependent-module archiveName="moa-id-lib.jar" deploy-path="/WEB-INF/lib" handle="module:/resource/moa-id-lib/moa-id-lib">
+ <dependency-type>uses</dependency-type>
+ </dependent-module>
+ <dependent-module archiveName="commons-fileupload-1.1.1.jar" deploy-path="/WEB-INF/lib" handle="module:/classpath/var/M2_REPO/commons-fileupload/commons-fileupload/1.1.1/commons-fileupload-1.1.1.jar">
+ <dependency-type>uses</dependency-type>
+ </dependent-module>
+ <dependent-module archiveName="commons-io-1.1.jar" deploy-path="/WEB-INF/lib" handle="module:/classpath/var/M2_REPO/commons-io/commons-io/1.1/commons-io-1.1.jar">
+ <dependency-type>uses</dependency-type>
+ </dependent-module>
+ <dependent-module archiveName="commons-httpclient-3.1.jar" deploy-path="/WEB-INF/lib" handle="module:/classpath/var/M2_REPO/commons-httpclient/commons-httpclient/3.1/commons-httpclient-3.1.jar">
+ <dependency-type>uses</dependency-type>
+ </dependent-module>
+ <dependent-module archiveName="commons-codec-1.2.jar" deploy-path="/WEB-INF/lib" handle="module:/classpath/var/M2_REPO/commons-codec/commons-codec/1.2/commons-codec-1.2.jar">
+ <dependency-type>uses</dependency-type>
+ </dependent-module>
+ <dependent-module archiveName="dav4j-0.1.jar" deploy-path="/WEB-INF/lib" handle="module:/classpath/var/M2_REPO/dav4j/dav4j/0.1/dav4j-0.1.jar">
+ <dependency-type>uses</dependency-type>
+ </dependent-module>
+ <dependent-module archiveName="httpsclient-JSSE-1.0.jar" deploy-path="/WEB-INF/lib" handle="module:/classpath/var/M2_REPO/httpsclient/httpsclient/JSSE-1.0/httpsclient-JSSE-1.0.jar">
+ <dependency-type>uses</dependency-type>
+ </dependent-module>
+ <dependent-module archiveName="iaik_X509TrustManager-0.2.jar" deploy-path="/WEB-INF/lib" handle="module:/classpath/var/M2_REPO/iaik/prod/iaik_X509TrustManager/0.2/iaik_X509TrustManager-0.2.jar">
+ <dependency-type>uses</dependency-type>
+ </dependent-module>
+ <dependent-module archiveName="regexp-1.3.jar" deploy-path="/WEB-INF/lib" handle="module:/classpath/var/M2_REPO/regexp/regexp/1.3/regexp-1.3.jar">
+ <dependency-type>uses</dependency-type>
+ </dependent-module>
+ <dependent-module archiveName="commons-lang-2.6.jar" deploy-path="/WEB-INF/lib" handle="module:/classpath/var/M2_REPO/commons-lang/commons-lang/2.6/commons-lang-2.6.jar">
+ <dependency-type>uses</dependency-type>
+ </dependent-module>
+ <dependent-module archiveName="stork-saml-engine.jar" deploy-path="/WEB-INF/lib" handle="module:/resource/stork-saml-engine/stork-saml-engine">
+ <dependency-type>uses</dependency-type>
+ </dependent-module>
+ <dependent-module archiveName="opensaml-2.5.3.jar" deploy-path="/WEB-INF/lib" handle="module:/classpath/var/M2_REPO/org/opensaml/opensaml/2.5.3/opensaml-2.5.3.jar">
+ <dependency-type>uses</dependency-type>
+ </dependent-module>
+ <dependent-module archiveName="openws-1.4.4.jar" deploy-path="/WEB-INF/lib" handle="module:/classpath/var/M2_REPO/org/opensaml/openws/1.4.4/openws-1.4.4.jar">
+ <dependency-type>uses</dependency-type>
+ </dependent-module>
+ <dependent-module archiveName="xmltooling-1.3.4.jar" deploy-path="/WEB-INF/lib" handle="module:/classpath/var/M2_REPO/org/opensaml/xmltooling/1.3.4/xmltooling-1.3.4.jar">
+ <dependency-type>uses</dependency-type>
+ </dependent-module>
+ <dependent-module archiveName="bcprov-jdk15-1.46.jar" deploy-path="/WEB-INF/lib" handle="module:/classpath/var/M2_REPO/org/bouncycastle/bcprov-jdk15/1.46/bcprov-jdk15-1.46.jar">
+ <dependency-type>uses</dependency-type>
+ </dependent-module>
+ <dependent-module archiveName="not-yet-commons-ssl-0.3.9.jar" deploy-path="/WEB-INF/lib" handle="module:/classpath/var/M2_REPO/ca/juliusdavies/not-yet-commons-ssl/0.3.9/not-yet-commons-ssl-0.3.9.jar">
+ <dependency-type>uses</dependency-type>
+ </dependent-module>
+ <dependent-module archiveName="xmlsec-1.4.5.jar" deploy-path="/WEB-INF/lib" handle="module:/classpath/var/M2_REPO/org/apache/santuario/xmlsec/1.4.5/xmlsec-1.4.5.jar">
+ <dependency-type>uses</dependency-type>
+ </dependent-module>
+ <dependent-module archiveName="xml-apis-2.10.0.jar" deploy-path="/WEB-INF/lib" handle="module:/classpath/var/M2_REPO/org/apache/xerces/xml-apis/2.10.0/xml-apis-2.10.0.jar">
+ <dependency-type>uses</dependency-type>
+ </dependent-module>
+ <dependent-module archiveName="xercesImpl-2.10.0.jar" deploy-path="/WEB-INF/lib" handle="module:/classpath/var/M2_REPO/org/apache/xerces/xercesImpl/2.10.0/xercesImpl-2.10.0.jar">
+ <dependency-type>uses</dependency-type>
+ </dependent-module>
+ <dependent-module archiveName="serializer-2.10.0.jar" deploy-path="/WEB-INF/lib" handle="module:/classpath/var/M2_REPO/org/apache/xerces/serializer/2.10.0/serializer-2.10.0.jar">
+ <dependency-type>uses</dependency-type>
+ </dependent-module>
+ <dependent-module archiveName="xml-resolver-1.2.jar" deploy-path="/WEB-INF/lib" handle="module:/classpath/var/M2_REPO/xml-resolver/xml-resolver/1.2/xml-resolver-1.2.jar">
+ <dependency-type>uses</dependency-type>
+ </dependent-module>
+ <dependent-module archiveName="xalan-2.7.1.jar" deploy-path="/WEB-INF/lib" handle="module:/classpath/var/M2_REPO/xalan/xalan/2.7.1/xalan-2.7.1.jar">
+ <dependency-type>uses</dependency-type>
+ </dependent-module>
+ <dependent-module archiveName="slf4j-api-1.6.4.jar" deploy-path="/WEB-INF/lib" handle="module:/classpath/var/M2_REPO/org/slf4j/slf4j-api/1.6.4/slf4j-api-1.6.4.jar">
+ <dependency-type>uses</dependency-type>
+ </dependent-module>
+ <dependent-module archiveName="commons-collections-3.2.1.jar" deploy-path="/WEB-INF/lib" handle="module:/classpath/var/M2_REPO/commons-collections/commons-collections/3.2.1/commons-collections-3.2.1.jar">
+ <dependency-type>uses</dependency-type>
+ </dependent-module>
+ <dependent-module archiveName="velocity-1.5.jar" deploy-path="/WEB-INF/lib" handle="module:/classpath/var/M2_REPO/velocity/velocity/1.5/velocity-1.5.jar">
+ <dependency-type>uses</dependency-type>
+ </dependent-module>
+ <dependent-module archiveName="esapi-2.0.1.jar" deploy-path="/WEB-INF/lib" handle="module:/classpath/var/M2_REPO/org/owasp/esapi/esapi/2.0.1/esapi-2.0.1.jar">
+ <dependency-type>uses</dependency-type>
+ </dependent-module>
+ <dependent-module archiveName="slf4j-log4j12-1.6.4.jar" deploy-path="/WEB-INF/lib" handle="module:/classpath/var/M2_REPO/org/slf4j/slf4j-log4j12/1.6.4/slf4j-log4j12-1.6.4.jar">
+ <dependency-type>uses</dependency-type>
+ </dependent-module>
+ </wb-module>
+</project-modules> \ No newline at end of file
diff --git a/id/server/proxy/.settings/org.eclipse.wst.common.project.facet.core.xml b/id/server/proxy/.settings/org.eclipse.wst.common.project.facet.core.xml
index f30a1de6e..a801c94a0 100644
--- a/id/server/proxy/.settings/org.eclipse.wst.common.project.facet.core.xml
+++ b/id/server/proxy/.settings/org.eclipse.wst.common.project.facet.core.xml
@@ -1,5 +1,7 @@
<?xml version="1.0" encoding="UTF-8"?>
<faceted-project>
+ <fixed facet="jst.java"/>
+ <fixed facet="jst.web"/>
+ <installed facet="jst.web" version="2.4"/>
<installed facet="jst.java" version="1.4"/>
- <installed facet="jst.web" version="2.3"/>
-</faceted-project>
+</faceted-project> \ No newline at end of file
diff --git a/id/server/stork-saml-engine/pom.xml b/id/server/stork-saml-engine/pom.xml
new file mode 100644
index 000000000..e7fad768f
--- /dev/null
+++ b/id/server/stork-saml-engine/pom.xml
@@ -0,0 +1,93 @@
+<project xmlns="http://maven.apache.org/POM/4.0.0" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 http://maven.apache.org/maven-v4_0_0.xsd">
+ <modelVersion>4.0.0</modelVersion>
+ <parent>
+ <artifactId>moa-id</artifactId>
+ <groupId>MOA.id</groupId>
+ <version>1.5.2</version>
+ </parent>
+ <groupId>MOA.id</groupId>
+ <artifactId>stork-saml-engine</artifactId>
+ <version>1.5.2</version>
+ <name>STORK SAML Engine</name>
+ <description>SAML2 related stuff for STORK</description>
+
+ <build>
+
+<plugins>
+<plugin>
+<groupId>org.apache.maven.plugins</groupId>
+<artifactId>maven-compiler-plugin</artifactId>
+<configuration>
+<source>1.5</source>
+<target>1.5</target>
+</configuration>
+</plugin>
+</plugins>
+</build>
+
+ <dependencies>
+ <dependency>
+ <groupId>org.opensaml</groupId>
+ <artifactId>opensaml</artifactId>
+ <version>2.5.3</version>
+ <exclusions>
+ <exclusion>
+ <groupId>org.slf4j</groupId>
+ <artifactId>jcl-over-slf4j</artifactId>
+ </exclusion>
+ <exclusion>
+ <groupId>org.slf4j</groupId>
+ <artifactId>jul-to-slf4j</artifactId>
+ </exclusion>
+ <exclusion>
+ <groupId>org.slf4j</groupId>
+ <artifactId>log4j-over-slf4j</artifactId>
+ </exclusion>
+ </exclusions>
+ </dependency>
+ <dependency>
+ <groupId>org.opensaml</groupId>
+ <artifactId>xmltooling</artifactId>
+ <version>1.3.4</version>
+ <exclusions>
+ <exclusion>
+ <groupId>org.slf4j</groupId>
+ <artifactId>jcl-over-slf4j</artifactId>
+ </exclusion>
+ <exclusion>
+ <groupId>org.slf4j</groupId>
+ <artifactId>jul-to-slf4j</artifactId>
+ </exclusion>
+ <exclusion>
+ <groupId>org.slf4j</groupId>
+ <artifactId>log4j-over-slf4j</artifactId>
+ </exclusion>
+ </exclusions>
+ </dependency>
+ <dependency>
+ <groupId>org.opensaml</groupId>
+ <artifactId>openws</artifactId>
+ <version>1.4.4</version>
+ <exclusions>
+ <exclusion>
+ <groupId>org.slf4j</groupId>
+ <artifactId>jcl-over-slf4j</artifactId>
+ </exclusion>
+ <exclusion>
+ <groupId>org.slf4j</groupId>
+ <artifactId>jul-to-slf4j</artifactId>
+ </exclusion>
+ <exclusion>
+ <groupId>org.slf4j</groupId>
+ <artifactId>log4j-over-slf4j</artifactId>
+ </exclusion>
+ </exclusions>
+ </dependency>
+ <dependency>
+ <groupId>org.slf4j</groupId>
+ <artifactId>slf4j-log4j12</artifactId>
+ <version>1.6.4</version>
+ <scope>runtime</scope>
+ </dependency>
+ </dependencies>
+</project> \ No newline at end of file
diff --git a/id/server/stork-saml-engine/src/main/java/eu/stork/mw/messages/saml/STORKAuthnRequest.java b/id/server/stork-saml-engine/src/main/java/eu/stork/mw/messages/saml/STORKAuthnRequest.java
new file mode 100644
index 000000000..b84721ff5
--- /dev/null
+++ b/id/server/stork-saml-engine/src/main/java/eu/stork/mw/messages/saml/STORKAuthnRequest.java
@@ -0,0 +1,139 @@
+/*
+ * Copyright 2011 by Graz University of Technology, Austria
+ * The Austrian STORK Modules have been developed by the E-Government
+ * Innovation Center EGIZ, a joint initiative of the Federal Chancellery
+ * Austria and Graz University of Technology.
+ *
+ * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by
+ * the European Commission - subsequent versions of the EUPL (the "Licence");
+ * You may not use this work except in compliance with the Licence.
+ * You may obtain a copy of the Licence at:
+ * http://www.osor.eu/eupl/
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the Licence is distributed on an "AS IS" basis,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the Licence for the specific language governing permissions and
+ * limitations under the Licence.
+ *
+ * This product combines work with different licenses. See the "NOTICE" text
+ * file for details on the various modules and licenses.
+ * The "NOTICE" text file is part of the distribution. Any derivative works
+ * that you distribute must include a readable copy of the "NOTICE" text file.
+ */
+
+
+package eu.stork.mw.messages.saml;
+
+import java.security.cert.X509Certificate;
+import java.util.List;
+
+import org.opensaml.saml2.core.AuthnRequest;
+import org.opensaml.saml2.metadata.RequestedAttribute;
+import org.opensaml.xml.XMLObject;
+
+/**
+ * Interface extending a SAML AuthnRequest by additional attributes required by STORK
+ * @author bzwattendorfer
+ *
+ */
+public interface STORKAuthnRequest extends AuthnRequest {
+
+ /**
+ * Sets the ID of the requesting Service Provider
+ * @param spID ID of the Service Provider
+ */
+ public void setSPID(String spID);
+
+ /**
+ * Gets the ID of the Service Provider
+ * @return ID of the Service Provider
+ */
+ public String getSPID();
+
+ /**
+ * Sets the citizen country code
+ * @param citizenCountryCode citizen country code
+ */
+ public void setCitizenCountryCode(String citizenCountryCode);
+
+ /**
+ * Gets the citizen country code
+ * @return citizen country code
+ */
+ public String getCitizenCountryCode();
+
+ /**
+ * Sets the final redirect URL
+ * @param finalRedirectURL Final redirect URL
+ */
+ public void setFinalRedirectURL(String finalRedirectURL);
+
+ /**
+ * Gets the final redirect URL
+ * @return final redirect URL
+ */
+ public String getFinalRedirectURL();
+
+ /**
+ * Sets the signing certificate of the service provider
+ * @param signingCertificate Signing certificate of the SP
+ */
+ public void setSPCertSig(X509Certificate signingCertificate);
+
+ /**
+ * Gets the signing certificate of the service provider
+ * @return signing certificate of the service provider
+ */
+ public X509Certificate getSPCertSig();
+
+ /**
+ * Sets the encryption certificate of the service provider
+ * @param encryptionCertificate encryption certificate of the SP
+ */
+ public void setSPCertEnc(X509Certificate encryptionCertificate);
+
+ /**
+ * Gets the encryption certificate of the service provider
+ * @return encryption certificate of the SP
+ */
+ public X509Certificate getSPCertEnc();
+
+
+ /**
+ * Sets the original authentication request of the service provider
+ * @param spAuthRequest original SP authentication request
+ */
+ public void setOriginalSPAuthRequest(XMLObject spAuthRequest);
+
+ /**
+ * Gets the original authentication request of the service provider
+ * @return original SP authentication request
+ */
+ public XMLObject getOriginalSPAuthRequest();
+
+ /**
+ * Sets the requested STORK QAA level
+ * @param authLevel Requested STORK QAA level
+ */
+ public void setQAALevel(int authLevel);
+
+ /**
+ * Gets the requested STORK QAA level
+ * @return Requested STORK QAA level
+ */
+ public int getQAALevel();
+
+ /**
+ * Gets a list of requested attributes
+ * @return List containg all requested attributes
+ */
+ public List<RequestedAttribute> getRequestedAttributes();
+
+ /**
+ * Sets the requested attributes
+ * @param requestedAttributesList List containg all requested attributes
+ */
+ public void setRequestedAttributes(List<RequestedAttribute> requestedAttributesList);
+
+}
diff --git a/id/server/stork-saml-engine/src/main/java/eu/stork/mw/messages/saml/STORKResponse.java b/id/server/stork-saml-engine/src/main/java/eu/stork/mw/messages/saml/STORKResponse.java
new file mode 100644
index 000000000..28de6068b
--- /dev/null
+++ b/id/server/stork-saml-engine/src/main/java/eu/stork/mw/messages/saml/STORKResponse.java
@@ -0,0 +1,52 @@
+/*
+ * Copyright 2011 by Graz University of Technology, Austria
+ * The Austrian STORK Modules have been developed by the E-Government
+ * Innovation Center EGIZ, a joint initiative of the Federal Chancellery
+ * Austria and Graz University of Technology.
+ *
+ * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by
+ * the European Commission - subsequent versions of the EUPL (the "Licence");
+ * You may not use this work except in compliance with the Licence.
+ * You may obtain a copy of the Licence at:
+ * http://www.osor.eu/eupl/
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the Licence is distributed on an "AS IS" basis,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the Licence for the specific language governing permissions and
+ * limitations under the Licence.
+ *
+ * This product combines work with different licenses. See the "NOTICE" text
+ * file for details on the various modules and licenses.
+ * The "NOTICE" text file is part of the distribution. Any derivative works
+ * that you distribute must include a readable copy of the "NOTICE" text file.
+ */
+
+
+/**
+ *
+ */
+package eu.stork.mw.messages.saml;
+
+import org.opensaml.saml2.core.Response;
+
+/**
+ * Interface extending a SAML Response by attributes required by STORK
+ * @author bzwattendorfer
+ *
+ */
+public interface STORKResponse extends Response {
+
+ /**
+ * Sets the QAA level by which the user has been authenticated
+ * @param authLevel STORK QAA level used for authentication
+ */
+ public void setQAALevel(int authLevel);
+
+ /**
+ * Gets the QAA level by which the user has been authenticated
+ * @return STORK QAA level used for authentication
+ */
+ public int getQAALevel();
+
+}
diff --git a/id/server/stork-saml-engine/src/main/java/eu/stork/vidp/messages/builder/STORKMessagesBuilder.java b/id/server/stork-saml-engine/src/main/java/eu/stork/vidp/messages/builder/STORKMessagesBuilder.java
new file mode 100644
index 000000000..2f9a19620
--- /dev/null
+++ b/id/server/stork-saml-engine/src/main/java/eu/stork/vidp/messages/builder/STORKMessagesBuilder.java
@@ -0,0 +1,1367 @@
+/*
+ * Copyright 2011 by Graz University of Technology, Austria
+ * The Austrian STORK Modules have been developed by the E-Government
+ * Innovation Center EGIZ, a joint initiative of the Federal Chancellery
+ * Austria and Graz University of Technology.
+ *
+ * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by
+ * the European Commission - subsequent versions of the EUPL (the "Licence");
+ * You may not use this work except in compliance with the Licence.
+ * You may obtain a copy of the Licence at:
+ * http://www.osor.eu/eupl/
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the Licence is distributed on an "AS IS" basis,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the Licence for the specific language governing permissions and
+ * limitations under the Licence.
+ *
+ * This product combines work with different licenses. See the "NOTICE" text
+ * file for details on the various modules and licenses.
+ * The "NOTICE" text file is part of the distribution. Any derivative works
+ * that you distribute must include a readable copy of the "NOTICE" text file.
+ */
+
+
+/**
+ *
+ */
+package eu.stork.vidp.messages.builder;
+
+import java.security.NoSuchAlgorithmException;
+import java.security.cert.CertificateEncodingException;
+import java.security.cert.X509Certificate;
+import java.util.ArrayList;
+import java.util.List;
+
+import javax.xml.namespace.QName;
+
+import org.apache.commons.lang.StringUtils;
+import org.joda.time.DateTime;
+import org.opensaml.Configuration;
+import org.opensaml.common.IdentifierGenerator;
+import org.opensaml.common.SAMLObject;
+import org.opensaml.common.SAMLObjectBuilder;
+import org.opensaml.common.SAMLVersion;
+import org.opensaml.common.impl.SecureRandomIdentifierGenerator;
+import org.opensaml.common.xml.SAMLConstants;
+import org.opensaml.saml2.core.Assertion;
+import org.opensaml.saml2.core.Attribute;
+import org.opensaml.saml2.core.AttributeStatement;
+import org.opensaml.saml2.core.AttributeValue;
+import org.opensaml.saml2.core.Audience;
+import org.opensaml.saml2.core.AudienceRestriction;
+import org.opensaml.saml2.core.AuthnContext;
+import org.opensaml.saml2.core.AuthnStatement;
+import org.opensaml.saml2.core.Conditions;
+import org.opensaml.saml2.core.Issuer;
+import org.opensaml.saml2.core.NameID;
+import org.opensaml.saml2.core.OneTimeUse;
+import org.opensaml.saml2.core.Status;
+import org.opensaml.saml2.core.StatusCode;
+import org.opensaml.saml2.core.StatusDetail;
+import org.opensaml.saml2.core.StatusMessage;
+import org.opensaml.saml2.core.Subject;
+import org.opensaml.saml2.core.SubjectConfirmation;
+import org.opensaml.saml2.core.SubjectConfirmationData;
+import org.opensaml.saml2.core.SubjectLocality;
+import org.opensaml.saml2.metadata.RequestedAttribute;
+import org.opensaml.ws.soap.common.SOAPObject;
+import org.opensaml.ws.soap.common.SOAPObjectBuilder;
+import org.opensaml.xml.XMLObject;
+import org.opensaml.xml.XMLObjectBuilder;
+import org.opensaml.xml.schema.XSAny;
+import org.opensaml.xml.schema.XSString;
+import org.opensaml.xml.schema.impl.XSAnyBuilder;
+import org.opensaml.xml.schema.impl.XSStringBuilder;
+import org.opensaml.xml.signature.KeyInfo;
+import org.opensaml.xml.signature.X509Data;
+import org.opensaml.xml.util.Base64;
+import org.slf4j.Logger;
+import org.slf4j.LoggerFactory;
+
+import eu.stork.mw.messages.saml.STORKAuthnRequest;
+import eu.stork.mw.messages.saml.STORKResponse;
+import eu.stork.vidp.messages.common.STORKConstants;
+import eu.stork.vidp.messages.saml.STORKAttribute;
+import eu.stork.vidp.messages.saml.STORKAttributeValue;
+import eu.stork.vidp.messages.saml.STORKExtensions;
+import eu.stork.vidp.messages.saml.STORKRequestedAttribute;
+import eu.stork.vidp.messages.stork.AuthenticationAttributes;
+import eu.stork.vidp.messages.stork.CitizenCountryCode;
+import eu.stork.vidp.messages.stork.EIDCrossBorderShare;
+import eu.stork.vidp.messages.stork.EIDCrossSectorShare;
+import eu.stork.vidp.messages.stork.EIDSectorShare;
+import eu.stork.vidp.messages.stork.QualityAuthenticationAssuranceLevel;
+import eu.stork.vidp.messages.stork.RequestedAttributes;
+import eu.stork.vidp.messages.stork.SPAuthRequest;
+import eu.stork.vidp.messages.stork.SPCertEnc;
+import eu.stork.vidp.messages.stork.SPCertSig;
+import eu.stork.vidp.messages.stork.SPCertType;
+import eu.stork.vidp.messages.stork.SPID;
+import eu.stork.vidp.messages.stork.SPInformation;
+import eu.stork.vidp.messages.stork.SpApplication;
+import eu.stork.vidp.messages.stork.SpCountry;
+import eu.stork.vidp.messages.stork.SpInstitution;
+import eu.stork.vidp.messages.stork.SpSector;
+import eu.stork.vidp.messages.stork.VIDPAuthenticationAttributes;
+
+/**
+ * Class providing several methods for SAML Object generation
+ * @author bzwattendorfer
+ *
+ */
+public class STORKMessagesBuilder {
+
+ final static Logger log = LoggerFactory.getLogger(STORKMessagesBuilder.class);
+
+ /**
+ * Builds an arbitrary OpenSAML XML object
+ * @param <T> OpenSAML XMLObject
+ * @param objectQName QName of the XML element
+ * @return Builded OpenSAML XMLObject
+ */
+ @SuppressWarnings("unchecked")
+ public static <T extends XMLObject> T buildXMLObject(QName objectQName) {
+
+ try {
+ XMLObjectBuilder<T> builder = (XMLObjectBuilder<T>) Configuration.getBuilderFactory().getBuilder(objectQName);
+ return builder.buildObject(objectQName.getNamespaceURI(), objectQName.getLocalPart(), objectQName.getPrefix());
+ } catch (Exception e) {
+ log.error("Cannot build XML Object {}: {}", objectQName.getLocalPart(), e);
+ throw new RuntimeException(e);
+ }
+
+ }
+
+ /**
+ * Builds a SOAP object
+ * @param <T> SOAP Object or any extensions
+ * @param objectQName QName of the XML element
+ * @return SOAP Object or any extensions
+ */
+ @SuppressWarnings("unchecked")
+ public static <T extends SOAPObject> T buildSOAPObject(QName objectQName) {
+
+ try {
+ SOAPObjectBuilder<T> builder = (SOAPObjectBuilder<T>) Configuration.getBuilderFactory().getBuilder(objectQName);
+ return builder.buildObject();
+ } catch (Exception e) {
+ log.error("Cannot build SOAP Object {}: {}", objectQName.getLocalPart(), e);
+ throw new RuntimeException(e);
+ }
+
+ }
+
+ /**
+ * Builds an arbitrary OpenSAML SAML object
+ * @param <T> OpenSAML SAML Object
+ * @param objectQName QName of the SAML element
+ * @return Builded OpenSAML SAML Object
+ */
+ @SuppressWarnings("unchecked")
+ public static <T extends SAMLObject> T buildSAMLObject(QName objectQName) {
+
+ try {
+ SAMLObjectBuilder<T> builder = (SAMLObjectBuilder<T>) Configuration.getBuilderFactory().getBuilder(objectQName);
+ return builder.buildObject();
+ } catch (Exception e) {
+ log.error("Cannot build SAML Object {}: {}", objectQName.getLocalPart(), e);
+ throw new RuntimeException(e);
+ }
+
+ }
+
+
+
+ /**
+ * Builds SAML Issuer object
+ * @param issuerValue Value for the issuer element
+ * @return Issuer object
+ */
+ public static Issuer buildIssuer(String issuerValue) {
+ if (StringUtils.isEmpty(issuerValue))
+ return null;
+
+ Issuer issuer = buildXMLObject(Issuer.DEFAULT_ELEMENT_NAME);
+ issuer.setValue(issuerValue);
+ issuer.setFormat(Issuer.ENTITY);
+
+ return issuer;
+ }
+
+ /**
+ * Builds a QualityAuthenticationAssuranceLevel object
+ * @param qaaValue QAALevel (1 to 4)
+ * @return QualityAuthenticationAssuranceLevel object
+ */
+ public static QualityAuthenticationAssuranceLevel buildQualityAuthenticationAssuranceLevel(int qaaValue) {
+ if (qaaValue < 1 || qaaValue > 4) {
+ log.error("QAA Level must be between 1 and 4.");
+ return null;
+ }
+
+ QualityAuthenticationAssuranceLevel qaaLevel = buildXMLObject(QualityAuthenticationAssuranceLevel.DEFAULT_ELEMENT_NAME);
+ qaaLevel.setValue(qaaValue);
+ return qaaLevel;
+ }
+
+ /**
+ * Builds a STORK RequestedAttribute object
+ * @param name Name of the RequesteAttribute
+ * @param isRequired true or false if RequestedAttribute is required
+ * @param value Value of RequestedAttribute
+ * @return STORK RequestedAttribute object
+ */
+ public static RequestedAttribute buildRequestedAttribute(String name, boolean isRequired, String value) {
+
+ RequestedAttribute reqAttribute = buildXMLObject(STORKRequestedAttribute.DEFAULT_ELEMENT_NAME);
+ reqAttribute.setName(name);
+ reqAttribute.setNameFormat(STORKRequestedAttribute.URI_REFERENCE);
+ reqAttribute.setIsRequired(isRequired);
+
+ if (!StringUtils.isEmpty(value)) {
+ XSString stringValue = buildXSString(STORKAttributeValue.DEFAULT_ELEMENT_NAME);
+ stringValue.setValue(value);
+ reqAttribute.getAttributeValues().add(stringValue);
+ }
+
+ return reqAttribute;
+ }
+
+ /**
+ * Builds XML String type object with given QName
+ * @param qname QName for object to build
+ * @return XML object as String type
+ */
+ public static XSString buildXSString(QName qname) {
+ XSStringBuilder stringBuilder = (XSStringBuilder) Configuration.getBuilderFactory().getBuilder(XSString.TYPE_NAME);
+ return stringBuilder.buildObject(qname, XSString.TYPE_NAME);
+ }
+
+ /**
+ * Builds XML Any type object with given QName
+ * @param qname QName for object to build
+ * @return XML object as Any type
+ */
+ public static XSAny buildXSAny(QName qname) {
+ XSAnyBuilder anyBuilder = (XSAnyBuilder) Configuration.getBuilderFactory().getBuilder(XSAny.TYPE_NAME);
+ return anyBuilder.buildObject(qname, XSAny.TYPE_NAME);
+ }
+
+ /**
+ * Builds a List of RequestedAttribute
+ * @param requestedAttributeArguments RequestedAttributes
+ * @return List of RequestedAttribute
+ */
+ public static RequestedAttributes buildRequestedAttributes(RequestedAttribute... requestedAttributeArguments) {
+
+ if (requestedAttributeArguments == null)
+ return null;
+
+ RequestedAttributes reqAttributes = buildXMLObject(RequestedAttributes.DEFAULT_ELEMENT_NAME);
+
+ for (RequestedAttribute reqAttr : requestedAttributeArguments) {
+ reqAttributes.getRequestedAttributes().add(reqAttr);
+ }
+
+ return reqAttributes;
+ }
+
+ /**
+ * Builds RequestedAttributes object out of list of RequestedAttribute
+ * @param requestedAttributeList List of RequestedAttribute
+ * @return RequestedAttributes object
+ */
+ public static RequestedAttributes buildRequestedAttributes(List<RequestedAttribute> requestedAttributeList) {
+ if (requestedAttributeList == null)
+ return null;
+
+ RequestedAttributes reqAttributes = buildXMLObject(RequestedAttributes.DEFAULT_ELEMENT_NAME);
+ reqAttributes.getRequestedAttributes().addAll(requestedAttributeList);
+
+ return reqAttributes;
+ }
+
+ /**
+ * Builds a STORK CitizenCountryCode object
+ * @param ccc ISO country code
+ * @return CitizenCountryCode object
+ */
+ public static CitizenCountryCode buildCitizenCountryCode(String ccc) {
+ if (StringUtils.isEmpty(ccc)) {
+ log.error("CitizenCountryCode must have a value.");
+ return null;
+ }
+
+ CitizenCountryCode citizenCountryCode = buildXMLObject(CitizenCountryCode.DEFAULT_ELEMENT_NAME);
+ citizenCountryCode.setValue(ccc);
+
+ return citizenCountryCode;
+ }
+
+ /**
+ * Builds a SPID object
+ * @param spIDString String to be used as SPID
+ * @return SPID object
+ */
+ public static SPID buildSPID(String spIDString) {
+ if (StringUtils.isEmpty(spIDString)) {
+ log.error("SPID must have a value.");
+ return null;
+ }
+
+ SPID spID = buildXMLObject(SPID.DEFAULT_ELEMENT_NAME);
+ spID.setValue(spIDString);
+
+ return spID;
+ }
+
+ /**
+ * Builds SPCertType
+ * @param cert X509Certificate
+ * @return SPCertType
+ */
+ private static SPCertType buildSPCertType(X509Certificate cert) {
+ SPCertType spCertType = buildXMLObject(SPCertType.TYPE_NAME);
+ KeyInfo keyInfo = buildXMLObject(KeyInfo.DEFAULT_ELEMENT_NAME);
+ X509Data x509DataElem = buildXMLObject(X509Data.DEFAULT_ELEMENT_NAME);
+ org.opensaml.xml.signature.X509Certificate x509CertElem = buildXMLObject(org.opensaml.xml.signature.X509Certificate.DEFAULT_ELEMENT_NAME);
+
+ try {
+ x509CertElem.setValue(Base64.encodeBytes(cert.getEncoded()));
+ } catch (CertificateEncodingException e) {
+ log.error("Cannot encode certificate.", e);
+ throw new RuntimeException(e);
+ }
+
+ x509DataElem.getX509Certificates().add(x509CertElem);
+ keyInfo.getX509Datas().add(x509DataElem);
+ spCertType.setKeyInfo(keyInfo);
+ return spCertType;
+ }
+
+ /**
+ * Builds SPCertSig object
+ * @param cert X509Certificate
+ * @return SPCertSig
+ */
+ public static SPCertSig buildSPCertSig(X509Certificate cert) {
+ return (SPCertSig) buildSPCertType(cert);
+ }
+
+ /**
+ * Builds SPCertEnc object
+ * @param cert X509Certificate
+ * @return SPCertEnc
+ */
+ public static SPCertEnc buildSPCertEnc(X509Certificate cert) {
+ return (SPCertEnc) buildSPCertType(cert);
+ }
+
+ /**
+ * Builds SPAuthRequest object
+ * @param xmlObject Abritrary XML object
+ * @return SPAuthRequest
+ */
+ public static SPAuthRequest buildSPAuthRequest(XMLObject xmlObject) {
+ SPAuthRequest authRequest = buildXMLObject(SPAuthRequest.DEFAULT_ELEMENT_NAME);
+ authRequest.getUnknownXMLObjects().add(xmlObject);
+ return authRequest;
+ }
+
+ /**
+ * Builds SPInformation object
+ * @param spIDString SPID
+ * @param sigCert SP signature certificate
+ * @param encCert SP encryption certificate
+ * @param spAuthRequest Original SP AuthnRequest
+ * @return SPInformations
+ */
+ public static SPInformation buildSPInformation(String spIDString, X509Certificate sigCert, X509Certificate encCert, XMLObject spAuthRequest) {
+
+ SPInformation spInformation = buildXMLObject(SPInformation.DEFAULT_ELEMENT_NAME);
+
+ SPID spID = buildSPID(spIDString);
+ spInformation.setSPID(spID);
+
+ if (sigCert != null) {
+ SPCertSig spCertSig = buildSPCertSig(sigCert);
+ spInformation.setSPCertSig(spCertSig);
+ }
+
+ if (encCert != null) {
+ SPCertEnc spCertEnc = buildSPCertEnc(encCert);
+ spInformation.setSPCertEnc(spCertEnc);
+ }
+
+ if (spAuthRequest != null) {
+ SPAuthRequest spAuthRequestElem = buildSPAuthRequest(spAuthRequest);
+ spInformation.setSPAuthRequest(spAuthRequestElem);
+ }
+
+ return spInformation;
+
+ }
+
+ /**
+ * Builds VIDPAuthenticationAttributes objext
+ * @param ccc ISO citizen country code
+ * @param spIDString SPID
+ * @param sigCert SP signature certificate
+ * @param encCert SP encryption certificate
+ * @param spAuthRequest Original SP AuthnRequest
+ * @return VIDPAuthenticationAttributes
+ */
+ public static VIDPAuthenticationAttributes buildVIDPAuthenticationAttributes(String ccc, String spIDString, X509Certificate sigCert, X509Certificate encCert, XMLObject spAuthRequest) {
+ VIDPAuthenticationAttributes vidpAuthenticationAttributes = buildXMLObject(VIDPAuthenticationAttributes.DEFAULT_ELEMENT_NAME);
+
+ CitizenCountryCode citizenCountryCode = buildCitizenCountryCode(ccc);
+ SPInformation spInformation = buildSPInformation(spIDString, sigCert, encCert, spAuthRequest);
+
+ vidpAuthenticationAttributes.setCitizenCountryCode(citizenCountryCode);
+ vidpAuthenticationAttributes.setSPInformation(spInformation);
+
+ return vidpAuthenticationAttributes;
+ }
+
+ /**
+ * Builds AuthenticationAttributes object
+ * @param ccc ISO citizen country code
+ * @param spIDString SPID
+ * @param sigCert SP signature certificate
+ * @param encCert SP encryption certificate
+ * @param spAuthRequest Original SP AuthnRequest
+ * @return AuthenticationAttributes
+ */
+ public static AuthenticationAttributes buildAuthenticationAttributes(String ccc, String spIDString, X509Certificate sigCert, X509Certificate encCert, XMLObject spAuthRequest) {
+ AuthenticationAttributes authenticationAttributes = buildXMLObject(AuthenticationAttributes.DEFAULT_ELEMENT_NAME);
+
+ VIDPAuthenticationAttributes vidpAuthenticationAttributes = buildVIDPAuthenticationAttributes(ccc, spIDString, sigCert, encCert, spAuthRequest);
+
+ authenticationAttributes.setVIDPAuthenticationAttributes(vidpAuthenticationAttributes);
+ return authenticationAttributes;
+
+ }
+
+ /**
+ * Builds SpSector object
+ * @param spSector Value SPSector value
+ * @return SpSector
+ */
+ public static SpSector buildSpSector(String spSectorValue) {
+
+ SpSector spSector = buildXMLObject(SpSector.DEFAULT_ELEMENT_NAME);
+ spSector.setValue(spSectorValue);
+
+ return spSector;
+ }
+
+ /**
+ * Builds SpInstitution object
+ * @param spInstitutionValue Value for SpInstitution
+ * @return SpInstitution
+ */
+ public static SpInstitution buildSpInstitution(String spInstitutionValue) {
+
+ SpInstitution spInstitution = buildXMLObject(SpInstitution.DEFAULT_ELEMENT_NAME);
+ spInstitution.setValue(spInstitutionValue);
+
+ return spInstitution;
+ }
+
+
+ /**
+ * Builds SpApplication object
+ * @param spApplicationValue Value for SpApplication
+ * @return SpApplication
+ */
+ public static SpApplication buildSpApplication(String spApplicationValue) {
+
+ SpApplication spApplication = buildXMLObject(SpApplication.DEFAULT_ELEMENT_NAME);
+ spApplication.setValue(spApplicationValue);
+
+ return spApplication;
+ }
+
+ /**
+ * Builds SpCountry object
+ * @param spCountryValue ISO Code Value for SpCountry
+ * @return SpCountry
+ */
+ public static SpCountry buildSpCountry(String spCountryValue) {
+
+ SpCountry spCountry = buildXMLObject(SpCountry.DEFAULT_ELEMENT_NAME);
+ spCountry.setValue(spCountryValue);
+
+ return spCountry;
+ }
+
+ /**
+ * Generates secured randomized ID for SAML Messages
+ * @return secured randomized ID
+ */
+ public static String generateID() {
+ try {
+ IdentifierGenerator idGenerator = new SecureRandomIdentifierGenerator();
+ return idGenerator.generateIdentifier();
+ } catch (NoSuchAlgorithmException e) {
+ log.error("Cannot generate id", e);
+ throw new RuntimeException(e);
+
+ }
+
+ }
+
+ /**
+ * Builds STORKAuthnRequest object
+ * @param destination Endpoint for AuthnRequest
+ * @param acsURL Endpoint where STORK response wants to be received
+ * @param providerName Provider Name
+ * @param issuerValue Value for Issuer element
+ * @param qaaLevel STORK QAALevel
+ * @param requestedAttributes Attributes to be requested
+ * @param spSector SPSector
+ * @param spInstitution SPInstitution
+ * @param spApplication SPApplication
+ * @param spCountry SPCountry
+ * @return STORKAuthnRequest
+ */
+ public static STORKAuthnRequest buildSTORKAuthnRequest(
+ String destination,
+ String acsURL,
+ String providerName,
+ String issuerValue,
+ QualityAuthenticationAssuranceLevel qaaLevel,
+ RequestedAttributes requestedAttributes,
+ String spSector,
+ String spInstitution,
+ String spApplication,
+ String spCountry) {
+
+ //fixed values
+ String consent = STORKAuthnRequest.UNSPECIFIED_CONSENT;
+ boolean forceAuthn = true;
+ boolean isPassive = false;
+ String binding = SAMLConstants.SAML2_POST_BINDING_URI;
+ boolean eIDSectorShare = true;
+ boolean eIDCrossSectorShare = true;
+ boolean eIDCrossBorderShare = false;
+
+ STORKAuthnRequest authnRequest = buildXMLObject(STORKAuthnRequest.DEFAULT_ELEMENT_NAME);
+
+ authnRequest.setVersion(SAMLVersion.VERSION_20);
+ authnRequest.setID(generateID());
+ authnRequest.setIssueInstant(new DateTime());
+
+ authnRequest.setConsent(consent);
+ authnRequest.setForceAuthn(forceAuthn);
+ authnRequest.setIsPassive(isPassive);
+ authnRequest.setProtocolBinding(binding);
+
+ authnRequest.setDestination(destination);
+ authnRequest.setAssertionConsumerServiceURL(acsURL);
+ authnRequest.setProviderName(providerName);
+ authnRequest.setIssuer(buildIssuer(issuerValue));
+
+ STORKExtensions extensions = buildSTORKExtensions();
+
+ authnRequest.setQAALevel(qaaLevel.getValue());
+ extensions.setQAALevel(qaaLevel);
+
+ authnRequest.setRequestedAttributes(requestedAttributes.getRequestedAttributes());
+ extensions.setRequestedAttributes(requestedAttributes);
+
+ EIDSectorShare eidSectorShareObj = buildXMLObject(EIDSectorShare.DEFAULT_ELEMENT_NAME);
+ eidSectorShareObj.setValue(eIDSectorShare);
+
+ EIDCrossSectorShare eidCrossSectorShareObj = buildXMLObject(EIDCrossSectorShare.DEFAULT_ELEMENT_NAME);
+ eidCrossSectorShareObj.setValue(eIDCrossSectorShare);
+
+ EIDCrossBorderShare eidCrossBorderShareObj = buildXMLObject(EIDCrossBorderShare.DEFAULT_ELEMENT_NAME);
+ eidCrossBorderShareObj.setValue(eIDCrossBorderShare);
+
+ SpSector spSectorObj = buildSpSector(spSector);
+ SpInstitution spInstitutionObj = buildSpInstitution(spInstitution);
+ SpApplication spApplicationObj = buildSpApplication(spApplication);
+ SpCountry spCountryObj = buildSpCountry(spCountry);
+
+
+ extensions.getUnknownXMLObjects().add(qaaLevel);
+ extensions.getUnknownXMLObjects().add(spSectorObj);
+ extensions.getUnknownXMLObjects().add(spInstitutionObj);
+ extensions.getUnknownXMLObjects().add(spApplicationObj);
+ extensions.getUnknownXMLObjects().add(spCountryObj);
+ extensions.getUnknownXMLObjects().add(eidSectorShareObj);
+ extensions.getUnknownXMLObjects().add(eidCrossSectorShareObj);
+ extensions.getUnknownXMLObjects().add(eidCrossBorderShareObj);
+ extensions.getUnknownXMLObjects().add(requestedAttributes);
+
+ authnRequest.setExtensions(extensions);
+
+ return authnRequest;
+ }
+
+ /**
+ * Builds STORKAuthnRequest object
+ * @param destination Endpoint for AuthnRequest
+ * @param acsURL Endpoint where STORK response wants to be received
+ * @param providerName Provider Name
+ * @param issuerValue Value for Issuer element
+ * @param qaaLevel STORK QAALevel
+ * @param requestedAttributeList List of STORK attributes to be requested
+ * @param ccc ISO citizen country code
+ * @param spIDString SPID
+ * @param sigCert SP signature certificate
+ * @param encCert SP encryption certificate
+ * @param spAuthRequest Original SP AuthnRequest
+ * @param spSector SPSector
+ * @param spInstitution SPInstitution
+ * @param spApplication SPApplication
+ * @param spCountry SPCountry
+ * @return STORKAuthnRequest
+ */
+ public static STORKAuthnRequest buildSTORKAuthnRequest(
+ String destination,
+ String acsURL,
+ String providerName,
+ String issuerValue,
+ int qaaLevel,
+ List<RequestedAttribute> requestedAttributeList,
+ String ccc,
+ String spID,
+ X509Certificate sigCert,
+ X509Certificate encCert,
+ XMLObject spAuthRequest,
+ String spSector,
+ String spInstitution,
+ String spApplication,
+ String spCountry) {
+
+ //fixed values via config
+ String consent = STORKAuthnRequest.UNSPECIFIED_CONSENT;
+ boolean forceAuthn = true;
+ boolean isPassive = false;
+ String binding = SAMLConstants.SAML2_POST_BINDING_URI;
+ boolean eIDSectorShare = true;
+ boolean eIDCrossSectorShare = true;
+ boolean eIDCrossBorderShare = false;
+
+ return buildSTORKAuthnRequest(consent, forceAuthn, isPassive, binding, eIDSectorShare, eIDCrossSectorShare, eIDCrossBorderShare, destination, acsURL, providerName, issuerValue, qaaLevel, requestedAttributeList, ccc, spID, sigCert, encCert, spAuthRequest, spSector, spInstitution, spApplication, spCountry);
+
+ }
+
+ /**
+ * Builds STORKAuthnRequest object
+ * @param consent Consent for the request
+ * @param forceAuthn forceAuthn
+ * @param isPassive isPassive
+ * @param binding Binding the request is sent over
+ * @param eIDSectorShare Should eIdentifier be shared?
+ * @param eIDCrossSectorShare Should eIdentifier be shared across sectors?
+ * @param eIDCrossBorderShare Should eIdentifier be shared across borders?
+ * @param destination Endpoint for AuthnRequest
+ * @param acsURL Endpoint where STORK response wants to be received
+ * @param providerName Provider Name
+ * @param issuerValue Value for Issuer element
+ * @param qaaLevel STORK QAALevel
+ * @param requestedAttributeList List of STORK attributes to be requested
+ * @param ccc ISO citizen country code
+ * @param spIDString SPID
+ * @param sigCert SP signature certificate
+ * @param encCert SP encryption certificate
+ * @param spAuthRequest Original SP AuthnRequest
+ * @param spSector SPSector
+ * @param spInstitution SPInstitution
+ * @param spApplication SPApplication
+ * @param spCountry SPCountry
+ * @return STORKAuthnRequest
+ */
+ public static STORKAuthnRequest buildSTORKAuthnRequest(
+ String consent,
+ boolean forceAuthn,
+ boolean isPassive,
+ String binding,
+ boolean eIDSectorShare,
+ boolean eIDCrossSectorShare,
+ boolean eIDCrossBorderShare,
+ String destination,
+ String acsURL,
+ String providerName,
+ String issuerValue,
+ int qaaLevel,
+ List<RequestedAttribute> requestedAttributeList,
+ String ccc,
+ String spID,
+ X509Certificate sigCert,
+ X509Certificate encCert,
+ XMLObject spAuthRequest,
+ String spSector,
+ String spInstitution,
+ String spApplication,
+ String spCountry) {
+
+ STORKAuthnRequest authnRequest = buildXMLObject(STORKAuthnRequest.DEFAULT_ELEMENT_NAME);
+
+ authnRequest.setVersion(SAMLVersion.VERSION_20);
+ authnRequest.setID(generateID());
+ authnRequest.setIssueInstant(new DateTime());
+
+ authnRequest.setDestination(destination);
+ authnRequest.setAssertionConsumerServiceURL(acsURL);
+ authnRequest.setProviderName(providerName);
+ authnRequest.setIssuer(buildIssuer(issuerValue));
+ authnRequest.setQAALevel(qaaLevel);
+ authnRequest.setRequestedAttributes(requestedAttributeList);
+ authnRequest.setCitizenCountryCode(ccc);
+ authnRequest.setSPID(spID);
+ authnRequest.setSPCertSig(sigCert);
+ authnRequest.setSPCertEnc(encCert);
+ authnRequest.setOriginalSPAuthRequest(spAuthRequest);
+
+ authnRequest.setConsent(consent);
+ authnRequest.setForceAuthn(forceAuthn);
+ authnRequest.setIsPassive(isPassive);
+ authnRequest.setProtocolBinding(binding);
+
+ addSTORKExtensionsToAuthnRequest(authnRequest, qaaLevel, requestedAttributeList, ccc, spID, sigCert, encCert, spAuthRequest, eIDSectorShare, eIDCrossSectorShare, eIDCrossBorderShare, spSector, spInstitution, spApplication, spCountry);
+
+ return authnRequest;
+
+ }
+
+ /**
+ * Adds STORK Extensions to STORKAuthnRequest
+ * @param authnRequest
+ * @param qaaLevel STORK QAALevel
+ * @param requestedAttributeList List of STORK attributes to be requested
+ * @param ccc ISO citizen country code
+ * @param spIDString SPID
+ * @param sigCert SP signature certificate
+ * @param encCert SP encryption certificate
+ * @param spAuthRequest Original SP AuthnRequest
+ * @param spSector SPSector
+ * @param spInstitution SPInstitution
+ * @param spApplication SPApplication
+ * @param spCountry SPCountry
+ */
+ public static void addSTORKExtensionsToAuthnRequest(
+ STORKAuthnRequest authnRequest,
+ int qaaLevel,
+ List<RequestedAttribute> requestedAttributeList,
+ String ccc,
+ String spID,
+ X509Certificate sigCert,
+ X509Certificate encCert,
+ XMLObject spAuthRequest,
+ boolean eIDSectorShare,
+ boolean eIDCrossSectorShare,
+ boolean eIDCrossBorderShare,
+ String spSector,
+ String spInstitution,
+ String spApplication,
+ String spCountry) {
+
+ STORKExtensions extensions = buildSTORKExtensions();
+ authnRequest.setRequestedAttributes(requestedAttributeList);
+
+ QualityAuthenticationAssuranceLevel qaaLevelObj = buildQualityAuthenticationAssuranceLevel(qaaLevel);
+ RequestedAttributes requestedAttributesObj = buildRequestedAttributes(requestedAttributeList);
+ AuthenticationAttributes authenticationAttributesObj = buildAuthenticationAttributes(ccc, spID, sigCert, encCert, spAuthRequest);
+
+ EIDSectorShare eidSectorShareObj = buildXMLObject(EIDSectorShare.DEFAULT_ELEMENT_NAME);
+ eidSectorShareObj.setValue(eIDSectorShare);
+
+ EIDCrossSectorShare eidCrossSectorShareObj = buildXMLObject(EIDCrossSectorShare.DEFAULT_ELEMENT_NAME);
+ eidCrossSectorShareObj.setValue(eIDCrossSectorShare);
+
+ EIDCrossBorderShare eidCrossBorderShareObj = buildXMLObject(EIDCrossBorderShare.DEFAULT_ELEMENT_NAME);
+ eidCrossBorderShareObj.setValue(eIDCrossBorderShare);
+
+ SpSector spSectorObj = buildSpSector(spSector);
+ SpApplication spApplicationObj = buildSpApplication(spApplication);
+ SpCountry spCountryObj = buildSpCountry(spCountry);
+
+ extensions.setQAALevel(qaaLevelObj);
+ extensions.setRequestedAttributes(requestedAttributesObj);
+ extensions.setAuthenticationAttributes(authenticationAttributesObj);
+
+ extensions.getUnknownXMLObjects().add(qaaLevelObj);
+ extensions.getUnknownXMLObjects().add(spSectorObj);
+ extensions.getUnknownXMLObjects().add(spApplicationObj);
+ extensions.getUnknownXMLObjects().add(spCountryObj);
+ extensions.getUnknownXMLObjects().add(eidSectorShareObj);
+ extensions.getUnknownXMLObjects().add(eidCrossSectorShareObj);
+ extensions.getUnknownXMLObjects().add(eidCrossBorderShareObj);
+ extensions.getUnknownXMLObjects().add(requestedAttributesObj);
+ extensions.getUnknownXMLObjects().add(authenticationAttributesObj);
+
+ authnRequest.setExtensions(extensions);
+
+ }
+
+
+ /**
+ * Builds STORKExtensions object
+ * @return STORKExtensions
+ */
+ public static STORKExtensions buildSTORKExtensions() {
+ QName samlProtocolExtensions = new QName(SAMLConstants.SAML20P_NS, STORKExtensions.LOCAL_NAME, SAMLConstants.SAML20P_PREFIX);
+ return buildXMLObject(samlProtocolExtensions);
+ }
+
+ /**
+ * Builds STORKResponse
+ * @param destination Endpoint where the STORKResponse should be sent to
+ * @param inResponseTo ID of the corresponding AuthnRequest
+ * @param issuer Issuer value of the response
+ * @param status Status of the response (success, error, etc.)
+ * @param assertion SAML assertion to be included
+ * @return STORKResponse
+ */
+ public static STORKResponse buildSTORKResponse(
+ String destination,
+ String inResponseTo,
+ Issuer issuer,
+ Status status,
+ Assertion assertion) {
+
+ STORKResponse response = buildXMLObject(STORKResponse.DEFAULT_ELEMENT_NAME);
+
+ response.setDestination(destination);
+ response.setInResponseTo(inResponseTo);
+ response.setConsent(STORKResponse.OBTAINED_CONSENT);
+ response.setID(generateID());
+ response.setIssueInstant(new DateTime());
+ response.setVersion(SAMLVersion.VERSION_20);
+
+ response.setIssuer(issuer);
+ response.setStatus(status);
+ response.getAssertions().add(assertion);
+
+ return response;
+ }
+
+ /**
+ * Build STORKResponse
+ * @param destination Endpoint where the STORKResponse should be sent to
+ * @param inResponseTo ID of the corresponding AuthnRequest
+ * @param issuer Issuer value of the response
+ * @param status Status of the response (success, error, etc.)
+ * @param statusMessage Status message for the response
+ * @param assertion SAML assertion to be included
+ * @return STORKResponse
+ */
+ public static STORKResponse buildSTORKResponse(
+ String destination,
+ String inResponseTo,
+ String issuerString,
+ String statusCode,
+ String statusMessage,
+ Assertion assertion) {
+
+ Status status = buildStatus(statusCode, statusMessage);
+ Issuer issuer = buildIssuer(issuerString);
+
+ return buildSTORKResponse(destination, inResponseTo, issuer, status, assertion);
+ }
+
+
+ /**
+ * Builds a STORKResponse containing no assertion
+ * @param destination Endpoint where the STORKResponse should be sent to
+ * @param inResponseTo ID of the corresponding AuthnRequest
+ * @param issuer Issuer value of the response
+ * @param status Status of the response (success, error, etc.)
+ * @param statusMessage Status message for the response
+ * @return STORKResponse
+ */
+ public static STORKResponse buildSTORKErrorResponse(
+ String destination,
+ String inResponseTo,
+ String issuerString,
+ String statusCode,
+ String statusMessage) {
+
+ return buildSTORKResponse(destination, inResponseTo, issuerString, statusCode, statusMessage, null);
+ }
+
+ /**
+ * Builds Status object
+ * @param statusCodeValue StatusCode
+ * @param statusMessageValue StatusMessage
+ * @return Status
+ */
+ public static Status buildStatus(String statusCodeValue, String statusMessageValue) {
+ return buildStatus(statusCodeValue, statusMessageValue, null);
+ }
+
+ /**
+ * Builds Status object
+ * @param statusCodeValue StatusCode
+ * @param statusMessageValue StatusMessage
+ * @param detail Detail Message
+ * @return Status
+ */
+ public static Status buildStatus(String statusCodeValue, String statusMessageValue, XMLObject detail) {
+ StatusCode statusCode = buildXMLObject(StatusCode.DEFAULT_ELEMENT_NAME);
+ statusCode.setValue(statusCodeValue);
+
+ StatusMessage statusMessage = buildXMLObject(StatusMessage.DEFAULT_ELEMENT_NAME);
+ statusMessage.setMessage(statusMessageValue);
+
+ StatusDetail statusDetail = buildXMLObject(StatusDetail.DEFAULT_ELEMENT_NAME);
+ statusDetail.getUnknownXMLObjects().add(detail);
+
+ Status status = buildXMLObject(Status.DEFAULT_ELEMENT_NAME);
+ status.setStatusCode(statusCode);
+ status.setStatusMessage(statusMessage);
+
+ return status;
+
+ }
+
+ /**
+ * Builds Assertion
+ * @param issuer Issuer value for assertion
+ * @param subject Subject of assertion
+ * @param conditions Conditions of assertion
+ * @param authnStatement AuthnStatement
+ * @param attributeStatement AttributeAtatement
+ * @return Assertion
+ */
+ public static Assertion buildAssertion(Issuer issuer,
+ Subject subject,
+ Conditions conditions,
+ AuthnStatement authnStatement,
+ AttributeStatement attributeStatement) {
+ Assertion assertion = buildXMLObject(Assertion.DEFAULT_ELEMENT_NAME);
+
+ assertion.setID(generateID());
+ assertion.setVersion(SAMLVersion.VERSION_20);
+ assertion.setIssueInstant(new DateTime());
+
+ assertion.setIssuer(issuer);
+ assertion.setSubject(subject);
+ assertion.setConditions(conditions);
+ assertion.getAuthnStatements().add(authnStatement);
+ assertion.getAttributeStatements().add(attributeStatement);
+
+ return assertion;
+ }
+
+ /**
+ * Builds Assertion object
+ * @param issuerValue Value of the issuer
+ * @param nameQualifier nameQualifier
+ * @param spNameQualifier spNameQualifier
+ * @param spProviderID spProviderID
+ * @param ipAddress IP address of the client
+ * @param inResponseTo ID of the corresponding AuthnRequest
+ * @param notBefore Time before assertion is not valid
+ * @param notOnOrAfter Time after assertion is not valid
+ * @param recipient Recipient of the assertion
+ * @param attributeList Attributes to be included in the assertion
+ * @return Assertion
+ */
+ public static Assertion buildAssertion(
+ String issuerValue,
+ String nameQualifier,
+ String spNameQualifier,
+ String spProviderID,
+ String ipAddress,
+ String inResponseTo,
+ DateTime notBefore,
+ DateTime notOnOrAfter,
+ String recipient,
+ List<Attribute> attributeList) {
+
+ Issuer issuer = buildIssuer(issuerValue);
+ NameID nameID = buildNameID(NameID.UNSPECIFIED, nameQualifier, spNameQualifier, spProviderID, NameID.UNSPECIFIED);
+ SubjectConfirmationData scData = buildSubjectConfirmationData(ipAddress, inResponseTo, notOnOrAfter, recipient);
+ SubjectConfirmation subjectConfirmation = buildSubjectConfirmation(SubjectConfirmation.METHOD_BEARER, scData);
+ Subject subject = buildSubject(nameID, subjectConfirmation);
+
+ List<Audience> audienceList = buildAudienceList(recipient);
+ Conditions conditions = buildConditions(notBefore, notOnOrAfter, audienceList);
+ AuthnStatement authnStatement = buildAuthnStatement(ipAddress);
+ AttributeStatement attributeStatement = buildAttributeStatement(attributeList);
+
+ return buildAssertion(issuer, subject, conditions, authnStatement, attributeStatement);
+ }
+
+ /**
+ * Builds List of Audience objects
+ * @param audiences Audience strings
+ * @return List of Audience
+ */
+ public static List<Audience> buildAudienceList(String... audiences) {
+ List<Audience> audienceList = new ArrayList<Audience>();
+
+ for (String audienceString : audiences) {
+ Audience audience = buildXMLObject(Audience.DEFAULT_ELEMENT_NAME);
+ audience.setAudienceURI(audienceString);
+ audienceList.add(audience);
+ }
+
+ return audienceList;
+ }
+
+ /**
+ * Builds NameID object
+ * @param format Format of the NameID
+ * @param nameQualifier nameQualifier
+ * @param spNameQualifier spNameQualifier
+ * @param spProviderID spProviderID
+ * @param value Value of the NameID
+ * @return NameID
+ */
+ public static NameID buildNameID(String format,
+ String nameQualifier,
+ String spNameQualifier,
+ String spProviderID,
+ String value) {
+
+ NameID nameID = buildXMLObject(NameID.DEFAULT_ELEMENT_NAME);
+
+ nameID.setFormat(format);
+ nameID.setNameQualifier(nameQualifier);
+ nameID.setSPNameQualifier(spNameQualifier);
+ nameID.setSPProvidedID(spProviderID);
+ nameID.setValue(value);
+
+ return nameID;
+
+ }
+
+ /**
+ * Builds SubjectConfirmation object
+ * @param method Method of SubjectConfirmation
+ * @param scData SubjectConfirmationData
+ * @return SubjectConfirmation
+ */
+ public static SubjectConfirmation buildSubjectConfirmation(String method, SubjectConfirmationData scData) {
+
+ SubjectConfirmation subjectConfirmation = buildXMLObject(SubjectConfirmation.DEFAULT_ELEMENT_NAME);
+
+ subjectConfirmation.setMethod(method);
+ subjectConfirmation.setSubjectConfirmationData(scData);
+
+ return subjectConfirmation;
+ }
+
+ /**
+ * Builds SubjectConfirmationData object
+ * @param ipAddress IP address of the client
+ * @param inResponseTo ID of the corresponding AuthnRequest
+ * @param notOnOrAfter Time after subject is not valid
+ * @param recipient recipient of the assertion
+ * @return SubjectConfirmationData
+ */
+ public static SubjectConfirmationData buildSubjectConfirmationData(String ipAddress,
+ String inResponseTo,
+ DateTime notOnOrAfter,
+ String recipient) {
+
+ SubjectConfirmationData scData = buildXMLObject(SubjectConfirmationData.DEFAULT_ELEMENT_NAME);
+
+ scData.setAddress(ipAddress);
+ scData.setInResponseTo(inResponseTo);
+ scData.setNotOnOrAfter(notOnOrAfter);
+ scData.setRecipient(recipient);
+
+ return scData;
+
+ }
+
+ /**
+ * Builds Subject object
+ * @param nameID NameID object
+ * @param subjectConfirmation SubjectConfirmation
+ * @return Subject
+ */
+ public static Subject buildSubject(NameID nameID, SubjectConfirmation subjectConfirmation) {
+
+ Subject subject = buildXMLObject(Subject.DEFAULT_ELEMENT_NAME);
+ subject.setNameID(nameID);
+ subject.getSubjectConfirmations().add(subjectConfirmation);
+
+ return subject;
+ }
+
+ /**
+ * Build Conditions object
+ * @param notBefore Time before assertion is not valid
+ * @param notOnOrAfter Time after assertion is not valid
+ * @param audienceList List of audience
+ * @return Conditions
+ */
+ public static Conditions buildConditions(DateTime notBefore, DateTime notOnOrAfter, List<Audience> audienceList) {
+ Conditions conditions = buildXMLObject(Conditions.DEFAULT_ELEMENT_NAME);
+
+ conditions.setNotBefore(notBefore);
+ conditions.setNotOnOrAfter(notOnOrAfter);
+
+ AudienceRestriction audienceRestriction = buildXMLObject(AudienceRestriction.DEFAULT_ELEMENT_NAME);
+ audienceRestriction.getAudiences().addAll(audienceList);
+ conditions.getAudienceRestrictions().add(audienceRestriction);
+
+ OneTimeUse oneTimeUse = buildXMLObject(OneTimeUse.DEFAULT_ELEMENT_NAME);
+ conditions.getConditions().add(oneTimeUse);
+
+ return conditions;
+
+ }
+
+ /**
+ * Build AuthnStatement object
+ * @param authInstant Time instant of authentication
+ * @param subjectLocality subjectLocality
+ * @param authnContext AuthnContext used
+ * @return AuthnStatement
+ */
+ public static AuthnStatement buildAuthnStatement(DateTime authInstant, SubjectLocality subjectLocality, AuthnContext authnContext) {
+ AuthnStatement authnStatement = buildXMLObject(AuthnStatement.DEFAULT_ELEMENT_NAME);
+
+ authnStatement.setAuthnInstant(authInstant);
+ authnStatement.setSubjectLocality(subjectLocality);
+ authnStatement.setAuthnContext(authnContext);
+
+ return authnStatement;
+ }
+
+ /**
+ * Build AuthnStatement object
+ * @param ipAddress IP address of the client
+ * @return AuthnStatement
+ */
+ public static AuthnStatement buildAuthnStatement(String ipAddress) {
+ AuthnStatement authnStatement = buildXMLObject(AuthnStatement.DEFAULT_ELEMENT_NAME);
+
+ authnStatement.setAuthnInstant(new DateTime());
+
+ SubjectLocality subjectLocality = buildXMLObject(SubjectLocality.DEFAULT_ELEMENT_NAME);
+ subjectLocality.setAddress(ipAddress);
+ authnStatement.setSubjectLocality(subjectLocality);
+
+ AuthnContext authnContext = buildXMLObject(AuthnContext.DEFAULT_ELEMENT_NAME);
+ authnStatement.setAuthnContext(authnContext);
+
+ return authnStatement;
+ }
+
+ /**
+ * Builds AttributeStatement object
+ * @return AttributeStatement
+ */
+ public static AttributeStatement buildAttributeStatement() {
+ return buildXMLObject(AttributeStatement.DEFAULT_ELEMENT_NAME);
+ }
+
+ /**
+ * Builds AttributeStatement object
+ * @param attributeList List of attributes
+ * @return AttributeStatement
+ */
+ public static AttributeStatement buildAttributeStatement(List<Attribute> attributeList) {
+ AttributeStatement attributeStatement = buildXMLObject(AttributeStatement.DEFAULT_ELEMENT_NAME);
+ attributeStatement.getAttributes().addAll(attributeList);
+
+ return attributeStatement;
+ }
+
+ /**
+ * Builds STORK String Attribute
+ * @param name Attribute Name
+ * @param friendlyName friendlyName of Attribute
+ * @param value Value of Attribute
+ * @param status STORK status of attribute
+ * @return STORK String Attribute
+ */
+ public static Attribute buildSTORKStringAttribute(String name, String friendlyName, String value, String status) {
+ XSString xsString = buildXSString(AttributeValue.DEFAULT_ELEMENT_NAME);
+ xsString.setValue(value);
+
+ return buildAttribute(name, friendlyName, status, xsString);
+ }
+
+ /**
+ * Builds STORK XML Any Attribute
+ * @param name Attribute Name
+ * @param friendlyName friendlyName of Attribute
+ * @param value Value of Attribute
+ * @param status STORK status of attribute
+ * @return STORK XML Any Attribute
+ */
+ public static Attribute buildSTORKXMLAttribute(String name, String friendlyName, XMLObject value, String status) {
+ XSAny xsAny = buildXMLObject(AttributeValue.DEFAULT_ELEMENT_NAME);
+ xsAny.getUnknownXMLObjects().add(value);
+
+ return buildAttribute(name, friendlyName, status, xsAny);
+ }
+
+ /**
+ * Builds STORK Attribute
+ * @param name Attribute Name
+ * @param friendlyName friendlyName of Attribute
+ * @param status STORK status of Attribute
+ * @param attributeValue Value of the Attribute
+ * @return Attribute
+ */
+ public static Attribute buildAttribute(String name, String friendlyName, String status, XMLObject attributeValue) {
+ Attribute attribute = buildXMLObject(STORKAttribute.DEFAULT_ELEMENT_NAME);
+
+ attribute.setNameFormat(STORKAttribute.URI_REFERENCE);
+ attribute.setFriendlyName(friendlyName);
+ attribute.setName(name);
+ attribute.getUnknownAttributes().put(STORKAttribute.DEFAULT_STORK_ATTRIBUTE_QNAME, status);
+ attribute.getAttributeValues().add(attributeValue);
+
+ return attribute;
+ }
+
+ /**
+ * Builds STORK String Attribute
+ * @param name Attribute Name
+ * @param friendlyName friendlyName of Attribute
+ * @param status STORK status of Attribute
+ * @param attributeValue Value of the Attribute
+ * @return String Attribute
+ */
+ public static Attribute buildStringAttribute(String name, String friendlyName, String status, String attributeValue) {
+ Attribute attribute = buildXMLObject(STORKAttribute.DEFAULT_ELEMENT_NAME);
+
+ attribute.setNameFormat(STORKAttribute.URI_REFERENCE);
+ attribute.setFriendlyName(friendlyName);
+ attribute.setName(name);
+ attribute.getUnknownAttributes().put(STORKAttribute.DEFAULT_STORK_ATTRIBUTE_QNAME, status);
+
+ XSString xsString = buildXSString(AttributeValue.DEFAULT_ELEMENT_NAME);
+ xsString.setValue(attributeValue);
+ attribute.getAttributeValues().add(xsString);
+
+ return attribute;
+ }
+
+ /**
+ * Builds DSS signature request
+ * @param textToBeSigned Text to be included in the DSS request
+ * @param mimeType MimeType of the contents
+ * @return DSS signature request as String
+ */
+ public static String buildSignatureRequestString(String textToBeSigned, String mimeType) {
+ //MimeType=\"text/plain\"
+ //MimeType=\"application/xhtml+xml\"
+ String sigRequestString =
+ "<dss:SignRequest xmlns:dss=\"urn:oasis:names:tc:dss:1.0:core:schema\" " +
+ "RequestID=\"" + generateID() + "\">" +
+ "<dss:InputDocuments>" +
+ "<dss:Document>" +
+ "<dss:Base64Data MimeType=\"" + mimeType + "\">" + Base64.encodeBytes(textToBeSigned.getBytes()) + "</dss:Base64Data>" +
+ "</dss:Document>" +
+ "</dss:InputDocuments>" +
+ "</dss:SignRequest>";
+
+ return sigRequestString;
+
+ }
+
+ /**
+ * Builds STORK signedDoc RequestedAttribute
+ * @param textToBeSigned Text to be included in the DSS request
+ * @param mimeType MimeType of the contents
+ * @param isRequired true or false if signedDoc RequestedAttribute is required
+ * @return STORK signedDoc RequestedAttribute
+ */
+ public static RequestedAttribute buildSignatureRequestRequestedAttribute(String textToBeSigned, String mimeType, boolean isRequired) {
+ return buildRequestedAttribute(STORKConstants.STORK_ATTRIBUTE_SIGNEDDOC, isRequired, buildSignatureRequestString(textToBeSigned, mimeType));
+ }
+
+ /**
+ * Adds RequestedAttribute to STORKAuthnRequest
+ * @param authnRequest STORKAuthnRequest
+ * @param reqAttr RequestedAttribute
+ */
+ public static void addRequestedAttribute(STORKAuthnRequest authnRequest, RequestedAttribute reqAttr) {
+ if (authnRequest != null) {
+ RequestedAttributes requestedAttributes = (RequestedAttributes) authnRequest.getExtensions().getUnknownXMLObjects(RequestedAttributes.DEFAULT_ELEMENT_NAME).get(0);
+ requestedAttributes.getRequestedAttributes().add(reqAttr);
+ }
+ }
+
+ /**
+ * Adds several RequestedAttribute to STORKAuthnRequest
+ * @param authnRequest STORKAuthnRequest
+ * @param reqAttr RequestedAttribute
+ */
+ public static void addRequestedAttributes(STORKAuthnRequest authnRequest, RequestedAttribute... reqAttrs) {
+ for (RequestedAttribute reqAttr : reqAttrs) {
+ addRequestedAttribute(authnRequest, reqAttr);
+ }
+ }
+
+ /**
+ * Builds STORK signed doc attribute and adds it to STORKAuthnRequest
+ * @param authnRequest STORKAuthnRequest
+ * @param textToBeSigned Text to be included in the DSS request
+ * @param mimeType MimeType of the contents
+ * @param isRequired true or false if signedDoc RequestedAttribute is required
+ */
+ public static void buildAndAddSignatureRequestToAuthnRequest(STORKAuthnRequest authnRequest, String textToBeSigned, String mimeType, boolean isRequired) {
+ if (authnRequest != null && !StringUtils.isEmpty(textToBeSigned)) {
+ addRequestedAttribute(authnRequest, buildSignatureRequestRequestedAttribute(textToBeSigned, mimeType, isRequired));
+ }
+
+ }
+
+ /**
+ * Adds DSS siganture request as String to STORKAuthnRequest
+ * @param authnRequest STORKAuthnRequest
+ * @param dssSignatureRequest DSS signature request as String
+ * @param isRequired true or false if signedDoc RequestedAttribute is required
+ */
+ public static void addSignatureRequestToAuthnRequest(STORKAuthnRequest authnRequest, String dssSignatureRequest, boolean isRequired) {
+ if (authnRequest != null && !StringUtils.isEmpty(dssSignatureRequest)) {
+ addRequestedAttribute(authnRequest, buildRequestedAttribute(STORKConstants.STORK_ATTRIBUTE_SIGNEDDOC, isRequired, dssSignatureRequest));
+ }
+
+ }
+
+ /**
+ * Adds Attribute to an assertion
+ * @param assertion Assertion
+ * @param attr Attribute
+ */
+ public static void addAttribute(Assertion assertion, Attribute attr) {
+ if (assertion != null) {
+ if (!assertion.getAttributeStatements().isEmpty()) {
+ assertion.getAttributeStatements().get(0).getAttributes().add(attr);
+ }
+ }
+ }
+
+ /**
+ * Adds several Attribute to an assertion
+ * @param assertion Assertion
+ * @param attr Attribute
+ */
+ public static void addAttributes(Assertion assertion, Attribute... attrs) {
+ for (Attribute attr : attrs) {
+ addAttribute(assertion, attr);
+ }
+ }
+
+ /**
+ * Adds several Attribute to first assertion in STORK response
+ * @param response STORK response
+ * @param attrs Attribute
+ */
+ public static void addAttribute(STORKResponse response, Attribute... attrs) {
+ if (response != null) {
+ if (!response.getAssertions().isEmpty()) {
+ addAttributes(response.getAssertions().get(0), attrs);
+ }
+ }
+ }
+
+}
diff --git a/id/server/stork-saml-engine/src/main/java/eu/stork/vidp/messages/common/STORKBootstrap.java b/id/server/stork-saml-engine/src/main/java/eu/stork/vidp/messages/common/STORKBootstrap.java
new file mode 100644
index 000000000..80556cfa5
--- /dev/null
+++ b/id/server/stork-saml-engine/src/main/java/eu/stork/vidp/messages/common/STORKBootstrap.java
@@ -0,0 +1,73 @@
+/*
+ * Copyright 2011 by Graz University of Technology, Austria
+ * The Austrian STORK Modules have been developed by the E-Government
+ * Innovation Center EGIZ, a joint initiative of the Federal Chancellery
+ * Austria and Graz University of Technology.
+ *
+ * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by
+ * the European Commission - subsequent versions of the EUPL (the "Licence");
+ * You may not use this work except in compliance with the Licence.
+ * You may obtain a copy of the Licence at:
+ * http://www.osor.eu/eupl/
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the Licence is distributed on an "AS IS" basis,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the Licence for the specific language governing permissions and
+ * limitations under the Licence.
+ *
+ * This product combines work with different licenses. See the "NOTICE" text
+ * file for details on the various modules and licenses.
+ * The "NOTICE" text file is part of the distribution. Any derivative works
+ * that you distribute must include a readable copy of the "NOTICE" text file.
+ */
+
+
+package eu.stork.vidp.messages.common;
+
+import java.io.InputStream;
+
+import org.opensaml.DefaultBootstrap;
+import org.opensaml.common.xml.SAMLSchemaBuilder;
+import org.opensaml.xml.ConfigurationException;
+import org.opensaml.xml.XMLConfigurator;
+
+/**
+ * Class extending the default bootstrap mechanism of OpenSAML
+ * @author bzwattendorfer
+ *
+ */
+public class STORKBootstrap extends DefaultBootstrap {
+
+ /**
+ * Extends the default bootstrap mechanism of OpenSAML
+ * Adds STORK schemata and extension elements
+ * @throws ConfigurationException
+ */
+ public static synchronized void bootstrap() throws ConfigurationException {
+
+ SAMLSchemaBuilder.addExtensionSchema("stork-schema-assertion-1.0.xsd");
+ SAMLSchemaBuilder.addExtensionSchema("stork-schema-protocol-1.0.xsd");
+
+ DefaultBootstrap.bootstrap();
+
+ initStorkConfig("saml2-stork-config.xml");
+
+ }
+
+ /**
+ * Initializes OpenSAML with config
+ * @param xmlConfig XML Config for STORK and SAML2
+ * @throws ConfigurationException
+ */
+ private static void initStorkConfig(String xmlConfig) throws ConfigurationException {
+
+ XMLConfigurator configurator = new XMLConfigurator();
+
+ InputStream is = STORKBootstrap.class.getClassLoader().getResourceAsStream(xmlConfig);
+
+ configurator.load(is);
+ }
+
+
+}
diff --git a/id/server/stork-saml-engine/src/main/java/eu/stork/vidp/messages/common/STORKConstants.java b/id/server/stork-saml-engine/src/main/java/eu/stork/vidp/messages/common/STORKConstants.java
new file mode 100644
index 000000000..5a63e2dcd
--- /dev/null
+++ b/id/server/stork-saml-engine/src/main/java/eu/stork/vidp/messages/common/STORKConstants.java
@@ -0,0 +1,176 @@
+/*
+ * Copyright 2011 by Graz University of Technology, Austria
+ * The Austrian STORK Modules have been developed by the E-Government
+ * Innovation Center EGIZ, a joint initiative of the Federal Chancellery
+ * Austria and Graz University of Technology.
+ *
+ * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by
+ * the European Commission - subsequent versions of the EUPL (the "Licence");
+ * You may not use this work except in compliance with the Licence.
+ * You may obtain a copy of the Licence at:
+ * http://www.osor.eu/eupl/
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the Licence is distributed on an "AS IS" basis,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the Licence for the specific language governing permissions and
+ * limitations under the Licence.
+ *
+ * This product combines work with different licenses. See the "NOTICE" text
+ * file for details on the various modules and licenses.
+ * The "NOTICE" text file is part of the distribution. Any derivative works
+ * that you distribute must include a readable copy of the "NOTICE" text file.
+ */
+
+
+package eu.stork.vidp.messages.common;
+
+import java.util.Arrays;
+import java.util.HashSet;
+import java.util.Set;
+
+/**
+ * Interface encapuslating relevant STORK constants such as namespace, attribute names, etc.
+ * @author bzwattendorfer
+ *
+ */
+public interface STORKConstants {
+
+ /**
+ * STORK namespace
+ */
+ public static final String STORK10_NS = "urn:eu:stork:names:tc:STORK:1.0:assertion";
+
+ /**
+ * STORK namespace prefix
+ */
+ public static final String STORK10_PREFIX = "stork";
+
+ /**
+ * STORK protocol namespace
+ */
+ public static final String STORKP10_NS = "urn:eu:stork:names:tc:STORK:1.0:protocol";
+
+ /**
+ * STORK protocol namespace prefix
+ */
+ public static final String STORKP10_PREFIX = "storkp";
+
+ /**
+ * STORK attribute name prefix
+ */
+ final static String STORK_ATTRIBUTE_NAME_PREFIX = "http://www.stork.gov.eu/1.0/";
+
+ final static String STORK_ATTRIBUTE_NAME_SUFFIX_EIDENTIFIER = "eIdentifier";
+ final static String STORK_ATTRIBUTE_EIDENTIFIER = STORK_ATTRIBUTE_NAME_PREFIX + STORK_ATTRIBUTE_NAME_SUFFIX_EIDENTIFIER;
+
+ final static String STORK_ATTRIBUTE_NAME_SUFFIX_GIVENAME = "givenName";
+ final static String STORK_ATTRIBUTE_GIVENNAME = STORK_ATTRIBUTE_NAME_PREFIX + STORK_ATTRIBUTE_NAME_SUFFIX_GIVENAME;
+
+ final static String STORK_ATTRIBUTE_NAME_SUFFIX_SURNAME = "surname";
+ final static String STORK_ATTRIBUTE_SURNAME = STORK_ATTRIBUTE_NAME_PREFIX + STORK_ATTRIBUTE_NAME_SUFFIX_SURNAME;
+
+ final static String STORK_ATTRIBUTE_NAME_SUFFIX_INHERITED_FAMILYNAME = "inheritedFamilyName";
+ final static String STORK_ATTRIBUTE_INHERITED_FAMILYNAME = STORK_ATTRIBUTE_NAME_PREFIX + STORK_ATTRIBUTE_NAME_SUFFIX_INHERITED_FAMILYNAME;
+
+ final static String STORK_ATTRIBUTE_NAME_SUFFIX_ADOPTED_FAMILYNAME = "adoptedFamilyName";
+ final static String STORK_ATTRIBUTE_ADOPTED_FAMILYNAME = STORK_ATTRIBUTE_NAME_PREFIX + STORK_ATTRIBUTE_NAME_SUFFIX_ADOPTED_FAMILYNAME;
+
+ final static String STORK_ATTRIBUTE_NAME_SUFFIX_GENDER = "gender";
+ final static String STORK_ATTRIBUTE_GENDER = STORK_ATTRIBUTE_NAME_PREFIX + STORK_ATTRIBUTE_NAME_SUFFIX_GENDER;
+
+ final static String STORK_ATTRIBUTE_NAME_SUFFIX_DATEOFBIRTH = "dateOfBirth";
+ final static String STORK_ATTRIBUTE_DATEOFBIRTH = STORK_ATTRIBUTE_NAME_PREFIX + STORK_ATTRIBUTE_NAME_SUFFIX_DATEOFBIRTH;
+
+ final static String STORK_ATTRIBUTE_NAME_SUFFIX_COUNTRYOFBIRTH = "countryCodeOfBirth";
+ final static String STORK_ATTRIBUTE_COUNTRYCODEOFBIRTH = STORK_ATTRIBUTE_NAME_PREFIX + STORK_ATTRIBUTE_NAME_SUFFIX_COUNTRYOFBIRTH;
+
+ final static String STORK_ATTRIBUTE_NAME_SUFFIX_NATIONALITYCODE = "nationalityCode";
+ final static String STORK_ATTRIBUTE_NATIONALITYCODE = STORK_ATTRIBUTE_NAME_PREFIX + STORK_ATTRIBUTE_NAME_SUFFIX_NATIONALITYCODE;
+
+ final static String STORK_ATTRIBUTE_NAME_SUFFIX_MARTIALSTATUS = "maritalStatus";
+ final static String STORK_ATTRIBUTE_MARTIALSTATUS = STORK_ATTRIBUTE_NAME_PREFIX + STORK_ATTRIBUTE_NAME_SUFFIX_MARTIALSTATUS;
+
+ final static String STORK_ATTRIBUTE_NAME_SUFFIX_TEXT_RESIDENCE_ADDRESS = "textResidenceAddress";
+ final static String STORK_ATTRIBUTE_TEXT_RESIDENCE_ADDRESS = STORK_ATTRIBUTE_NAME_PREFIX + STORK_ATTRIBUTE_NAME_SUFFIX_TEXT_RESIDENCE_ADDRESS;
+
+ final static String STORK_ATTRIBUTE_NAME_SUFFIX_CANONICAL_RESIDENCE_ADDRESS = "canonicalResidenceAddress";
+ final static String STORK_ATTRIBUTE_TEXT_CANONICAL_ADDRESS = STORK_ATTRIBUTE_NAME_PREFIX + STORK_ATTRIBUTE_NAME_SUFFIX_CANONICAL_RESIDENCE_ADDRESS;
+
+ final static String STORK_ATTRIBUTE_NAME_SUFFIX_EMAIL = "eMail";
+ final static String STORK_ATTRIBUTE_EMAIL = STORK_ATTRIBUTE_NAME_PREFIX + STORK_ATTRIBUTE_NAME_SUFFIX_EMAIL;
+
+ final static String STORK_ATTRIBUTE_NAME_SUFFIX_TITLE = "title";
+ final static String STORK_ATTRIBUTE_TITLE = STORK_ATTRIBUTE_NAME_PREFIX + STORK_ATTRIBUTE_NAME_SUFFIX_TITLE;
+
+ final static String STORK_ATTRIBUTE_NAME_SUFFIX_RESIDENCE_PERMIT = "residencePermit";
+ final static String STORK_ATTRIBUTE_RESIDENCE_PERMIT = STORK_ATTRIBUTE_NAME_PREFIX + STORK_ATTRIBUTE_NAME_SUFFIX_RESIDENCE_PERMIT;
+
+ final static String STORK_ATTRIBUTE_NAME_SUFFIX_PSEUDONYM = "pseudonym";
+ final static String STORK_ATTRIBUTE_PSEUDONYM = STORK_ATTRIBUTE_NAME_PREFIX + STORK_ATTRIBUTE_NAME_SUFFIX_PSEUDONYM;
+
+ final static String STORK_ATTRIBUTE_NAME_SUFFIX_AGE = "age";
+ final static String STORK_ATTRIBUTE_AGE = STORK_ATTRIBUTE_NAME_PREFIX + STORK_ATTRIBUTE_NAME_SUFFIX_AGE;
+
+ final static String STORK_ATTRIBUTE_NAME_SUFFIX_ISAGEOVER = "isAgeOver";
+ final static String STORK_ATTRIBUTE_ISAGEOVER = STORK_ATTRIBUTE_NAME_PREFIX + STORK_ATTRIBUTE_NAME_SUFFIX_ISAGEOVER;
+
+ final static String STORK_ATTRIBUTE_NAME_SUFFIX_SIGNED_DOC = "signedDoc";
+ final static String STORK_ATTRIBUTE_SIGNEDDOC = STORK_ATTRIBUTE_NAME_PREFIX + STORK_ATTRIBUTE_NAME_SUFFIX_SIGNED_DOC;
+
+ final static String STORK_ATTRIBUTE_NAME_SUFFIX_FISCALNUMBER = "fiscalNumber";
+ final static String STORK_ATTRIBUTE_FISCALNUMBER = STORK_ATTRIBUTE_NAME_PREFIX + STORK_ATTRIBUTE_NAME_SUFFIX_FISCALNUMBER;
+
+ final static String STORK_ATTRIBUTE_NAME_SUFFIX_CITIZENQAALEVEL_OLD = "citizenQAAlevel";
+ final static String STORK_ATTRIBUTE_CITIZENQAALEVEL_OLD = STORK_ATTRIBUTE_NAME_PREFIX + STORK_ATTRIBUTE_NAME_SUFFIX_CITIZENQAALEVEL_OLD;
+
+ final static String STORK_ATTRIBUTE_NAME_SUFFIX_CITIZENQAALEVEL = "citizenQAALevel";
+ final static String STORK_ATTRIBUTE_CITIZENQAALEVEL = STORK_ATTRIBUTE_NAME_PREFIX + STORK_ATTRIBUTE_NAME_SUFFIX_CITIZENQAALEVEL;
+
+ /**
+ * Full Set of accepted STORK attributes
+ */
+ public final Set<String> FULL_STORK_ATTRIBUTE_SET = new HashSet<String>(Arrays.asList(new String[] {STORK_ATTRIBUTE_EIDENTIFIER,
+ STORK_ATTRIBUTE_GIVENNAME,
+ STORK_ATTRIBUTE_SURNAME,
+ STORK_ATTRIBUTE_INHERITED_FAMILYNAME,
+ STORK_ATTRIBUTE_ADOPTED_FAMILYNAME,
+ STORK_ATTRIBUTE_GENDER,
+ STORK_ATTRIBUTE_DATEOFBIRTH,
+ STORK_ATTRIBUTE_COUNTRYCODEOFBIRTH,
+ STORK_ATTRIBUTE_NATIONALITYCODE,
+ STORK_ATTRIBUTE_MARTIALSTATUS,
+ STORK_ATTRIBUTE_TEXT_RESIDENCE_ADDRESS,
+ STORK_ATTRIBUTE_TEXT_CANONICAL_ADDRESS,
+ STORK_ATTRIBUTE_TEXT_CANONICAL_ADDRESS,
+ STORK_ATTRIBUTE_EMAIL,
+ STORK_ATTRIBUTE_TITLE,
+ STORK_ATTRIBUTE_RESIDENCE_PERMIT,
+ STORK_ATTRIBUTE_PSEUDONYM,
+ STORK_ATTRIBUTE_AGE,
+ STORK_ATTRIBUTE_ISAGEOVER,
+ STORK_ATTRIBUTE_SIGNEDDOC,
+ STORK_ATTRIBUTE_FISCALNUMBER,
+ STORK_ATTRIBUTE_CITIZENQAALEVEL_OLD,
+ STORK_ATTRIBUTE_CITIZENQAALEVEL}));
+
+ /**
+ * Default set of STORK attributes to be requested (without signedDoc)
+ */
+ Set<String> DEFAULT_STORK_REQUESTED_ATTRIBUTE_SET = new HashSet<String>(Arrays.asList(new String[] {
+ STORK_ATTRIBUTE_EIDENTIFIER,
+ STORK_ATTRIBUTE_GIVENNAME,
+ STORK_ATTRIBUTE_SURNAME,
+ STORK_ATTRIBUTE_DATEOFBIRTH,}));
+
+ /**
+ * Default required set of returned STORK attributes
+ */
+ Set<String> DEFAULT_STORK_RETURNED_ATTRIBUTE_SET = new HashSet<String>(Arrays.asList(new String[] {
+ STORK_ATTRIBUTE_EIDENTIFIER,
+ STORK_ATTRIBUTE_GIVENNAME,
+ STORK_ATTRIBUTE_SURNAME,
+ STORK_ATTRIBUTE_DATEOFBIRTH,
+ STORK_ATTRIBUTE_SIGNEDDOC}));
+
+}
diff --git a/id/server/stork-saml-engine/src/main/java/eu/stork/vidp/messages/exception/SAMLException.java b/id/server/stork-saml-engine/src/main/java/eu/stork/vidp/messages/exception/SAMLException.java
new file mode 100644
index 000000000..33ee67313
--- /dev/null
+++ b/id/server/stork-saml-engine/src/main/java/eu/stork/vidp/messages/exception/SAMLException.java
@@ -0,0 +1,60 @@
+/*
+ * Copyright 2011 by Graz University of Technology, Austria
+ * The Austrian STORK Modules have been developed by the E-Government
+ * Innovation Center EGIZ, a joint initiative of the Federal Chancellery
+ * Austria and Graz University of Technology.
+ *
+ * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by
+ * the European Commission - subsequent versions of the EUPL (the "Licence");
+ * You may not use this work except in compliance with the Licence.
+ * You may obtain a copy of the Licence at:
+ * http://www.osor.eu/eupl/
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the Licence is distributed on an "AS IS" basis,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the Licence for the specific language governing permissions and
+ * limitations under the Licence.
+ *
+ * This product combines work with different licenses. See the "NOTICE" text
+ * file for details on the various modules and licenses.
+ * The "NOTICE" text file is part of the distribution. Any derivative works
+ * that you distribute must include a readable copy of the "NOTICE" text file.
+ */
+
+
+/**
+ *
+ */
+package eu.stork.vidp.messages.exception;
+
+/**
+ * Exception thrown if exception occurs in SAML message processing
+ * @author bzwattendorfer
+ *
+ */
+public class SAMLException extends Exception {
+
+ /** {@inheritDoc} */
+ public SAMLException() {
+ super();
+ }
+
+ /** {@inheritDoc} */
+ public SAMLException(String message, Throwable cause) {
+ super(message, cause);
+ }
+
+ /** {@inheritDoc} */
+ public SAMLException(String message) {
+ super(message);
+ }
+
+ /** {@inheritDoc} */
+ public SAMLException(Throwable cause) {
+ super(cause);
+ }
+
+
+
+}
diff --git a/id/server/stork-saml-engine/src/main/java/eu/stork/vidp/messages/exception/SAMLValidationException.java b/id/server/stork-saml-engine/src/main/java/eu/stork/vidp/messages/exception/SAMLValidationException.java
new file mode 100644
index 000000000..51520d968
--- /dev/null
+++ b/id/server/stork-saml-engine/src/main/java/eu/stork/vidp/messages/exception/SAMLValidationException.java
@@ -0,0 +1,60 @@
+/*
+ * Copyright 2011 by Graz University of Technology, Austria
+ * The Austrian STORK Modules have been developed by the E-Government
+ * Innovation Center EGIZ, a joint initiative of the Federal Chancellery
+ * Austria and Graz University of Technology.
+ *
+ * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by
+ * the European Commission - subsequent versions of the EUPL (the "Licence");
+ * You may not use this work except in compliance with the Licence.
+ * You may obtain a copy of the Licence at:
+ * http://www.osor.eu/eupl/
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the Licence is distributed on an "AS IS" basis,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the Licence for the specific language governing permissions and
+ * limitations under the Licence.
+ *
+ * This product combines work with different licenses. See the "NOTICE" text
+ * file for details on the various modules and licenses.
+ * The "NOTICE" text file is part of the distribution. Any derivative works
+ * that you distribute must include a readable copy of the "NOTICE" text file.
+ */
+
+
+package eu.stork.vidp.messages.exception;
+
+/**
+ * Exception thrown if error occurs in SAML message validation
+ * @author bzwattendorfer
+ *
+ */
+public class SAMLValidationException extends Exception {
+
+ private static final long serialVersionUID = 1L;
+
+ /** {@inheritDoc} */
+ public SAMLValidationException() {
+
+ super();
+ }
+
+ /** {@inheritDoc} */
+ public SAMLValidationException(String s) {
+
+ super(s);
+ }
+
+ /** {@inheritDoc} */
+ public SAMLValidationException(Exception e) {
+
+ super(e);
+ }
+
+ /** {@inheritDoc} */
+ public SAMLValidationException(String m, Exception e) {
+
+ super(m, e);
+ }
+}
diff --git a/id/server/stork-saml-engine/src/main/java/eu/stork/vidp/messages/saml/STORKAttribute.java b/id/server/stork-saml-engine/src/main/java/eu/stork/vidp/messages/saml/STORKAttribute.java
new file mode 100644
index 000000000..ec8232704
--- /dev/null
+++ b/id/server/stork-saml-engine/src/main/java/eu/stork/vidp/messages/saml/STORKAttribute.java
@@ -0,0 +1,65 @@
+/*
+ * Copyright 2011 by Graz University of Technology, Austria
+ * The Austrian STORK Modules have been developed by the E-Government
+ * Innovation Center EGIZ, a joint initiative of the Federal Chancellery
+ * Austria and Graz University of Technology.
+ *
+ * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by
+ * the European Commission - subsequent versions of the EUPL (the "Licence");
+ * You may not use this work except in compliance with the Licence.
+ * You may obtain a copy of the Licence at:
+ * http://www.osor.eu/eupl/
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the Licence is distributed on an "AS IS" basis,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the Licence for the specific language governing permissions and
+ * limitations under the Licence.
+ *
+ * This product combines work with different licenses. See the "NOTICE" text
+ * file for details on the various modules and licenses.
+ * The "NOTICE" text file is part of the distribution. Any derivative works
+ * that you distribute must include a readable copy of the "NOTICE" text file.
+ */
+
+
+/**
+ *
+ */
+package eu.stork.vidp.messages.saml;
+
+import javax.xml.namespace.QName;
+
+import org.opensaml.saml2.core.Attribute;
+
+import eu.stork.vidp.messages.common.STORKConstants;
+
+/**
+ * Interface extending original SAML Attribute for STORK with the XML attributeStatus attribute
+ * {@inheritDoc}
+ * @author bzwattendorfer
+ *
+ */
+public interface STORKAttribute extends Attribute {
+
+ public static final String STORK_ATTRIBUTE_STATUS_ATTTRIB_NAME = "AttributeStatus";
+
+ public static final QName DEFAULT_STORK_ATTRIBUTE_QNAME = new QName(STORKConstants.STORK10_NS, STORK_ATTRIBUTE_STATUS_ATTTRIB_NAME, STORKConstants.STORK10_PREFIX);
+
+ public static final String ALLOWED_ATTRIBUTE_STATUS_AVAIL = "Available";
+ public static final String ALLOWED_ATTRIBUTE_STATUS_NOT_AVAIL = "NotAvailable";
+ public static final String ALLOWED_ATTRIBUTE_STATUS_WITHHELD = "Withheld";
+
+ /**
+ * Sets the STORK attributeStatus
+ * @param attributeStatus
+ */
+ public void setAttributeStatus(String attributeStatus);
+
+ /**
+ * Gets the STORK attributeStatus
+ * @return
+ */
+ public String getAttributeStatus();
+
+}
diff --git a/id/server/stork-saml-engine/src/main/java/eu/stork/vidp/messages/saml/STORKAttributeValue.java b/id/server/stork-saml-engine/src/main/java/eu/stork/vidp/messages/saml/STORKAttributeValue.java
new file mode 100644
index 000000000..2d511d62a
--- /dev/null
+++ b/id/server/stork-saml-engine/src/main/java/eu/stork/vidp/messages/saml/STORKAttributeValue.java
@@ -0,0 +1,51 @@
+/*
+ * Copyright 2011 by Graz University of Technology, Austria
+ * The Austrian STORK Modules have been developed by the E-Government
+ * Innovation Center EGIZ, a joint initiative of the Federal Chancellery
+ * Austria and Graz University of Technology.
+ *
+ * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by
+ * the European Commission - subsequent versions of the EUPL (the "Licence");
+ * You may not use this work except in compliance with the Licence.
+ * You may obtain a copy of the Licence at:
+ * http://www.osor.eu/eupl/
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the Licence is distributed on an "AS IS" basis,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the Licence for the specific language governing permissions and
+ * limitations under the Licence.
+ *
+ * This product combines work with different licenses. See the "NOTICE" text
+ * file for details on the various modules and licenses.
+ * The "NOTICE" text file is part of the distribution. Any derivative works
+ * that you distribute must include a readable copy of the "NOTICE" text file.
+ */
+
+
+/**
+ *
+ */
+package eu.stork.vidp.messages.saml;
+
+import javax.xml.namespace.QName;
+
+import org.opensaml.saml2.core.AttributeValue;
+
+import eu.stork.vidp.messages.common.STORKConstants;
+
+/**
+ * {@inheritDoc}
+ * @author bzwattendorfer
+ *
+ */
+public interface STORKAttributeValue extends AttributeValue {
+
+ /** Element name, no namespace. */
+ public static final String DEFAULT_ELEMENT_LOCAL_NAME = "AttributeValue";
+
+ /** Default element name. */
+ public static final QName DEFAULT_ELEMENT_NAME = new QName(STORKConstants.STORK10_NS, DEFAULT_ELEMENT_LOCAL_NAME,
+ STORKConstants.STORK10_PREFIX);
+
+}
diff --git a/id/server/stork-saml-engine/src/main/java/eu/stork/vidp/messages/saml/STORKExtensions.java b/id/server/stork-saml-engine/src/main/java/eu/stork/vidp/messages/saml/STORKExtensions.java
new file mode 100644
index 000000000..b5e12ea75
--- /dev/null
+++ b/id/server/stork-saml-engine/src/main/java/eu/stork/vidp/messages/saml/STORKExtensions.java
@@ -0,0 +1,78 @@
+/*
+ * Copyright 2011 by Graz University of Technology, Austria
+ * The Austrian STORK Modules have been developed by the E-Government
+ * Innovation Center EGIZ, a joint initiative of the Federal Chancellery
+ * Austria and Graz University of Technology.
+ *
+ * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by
+ * the European Commission - subsequent versions of the EUPL (the "Licence");
+ * You may not use this work except in compliance with the Licence.
+ * You may obtain a copy of the Licence at:
+ * http://www.osor.eu/eupl/
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the Licence is distributed on an "AS IS" basis,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the Licence for the specific language governing permissions and
+ * limitations under the Licence.
+ *
+ * This product combines work with different licenses. See the "NOTICE" text
+ * file for details on the various modules and licenses.
+ * The "NOTICE" text file is part of the distribution. Any derivative works
+ * that you distribute must include a readable copy of the "NOTICE" text file.
+ */
+
+
+package eu.stork.vidp.messages.saml;
+
+import org.opensaml.saml2.common.Extensions;
+
+import eu.stork.vidp.messages.stork.AuthenticationAttributes;
+import eu.stork.vidp.messages.stork.QualityAuthenticationAssuranceLevel;
+import eu.stork.vidp.messages.stork.RequestedAttributes;
+
+/**
+ * Extends the SAML Extension element with STORK related functionality
+ * {@inheritDoc}
+ * @author bzwattendorfer
+ *
+ */
+public interface STORKExtensions extends Extensions {
+
+ /**
+ * Sets the QAALevel object
+ * @param authLevel QAALevel object
+ */
+ public void setQAALevel(QualityAuthenticationAssuranceLevel authLevel);
+
+ /**
+ * Gets the QAALevel object
+ * @return QAALevel object
+ */
+ public QualityAuthenticationAssuranceLevel getQAALevel();
+
+ /**
+ * Gets the RequestedAttributes object
+ * @return RequestedAttributes object
+ */
+ public RequestedAttributes getRequestedAttributes();
+
+ /**
+ * Sets RequestedAttributes
+ * @param requestedAttributes RequestedAttributes object
+ */
+ public void setRequestedAttributes(RequestedAttributes requestedAttributes);
+
+ /**
+ * Gets AuthenticationAttributes
+ * @return AuthenticationAttributes
+ */
+ public AuthenticationAttributes getAuthenticationAttributes();
+
+ /**
+ * Sets AuthenticationAttributes
+ * @param authenticationAttributes AuthenticationAttributes object
+ */
+ public void setAuthenticationAttributes(AuthenticationAttributes authenticationAttributes);
+
+}
diff --git a/id/server/stork-saml-engine/src/main/java/eu/stork/vidp/messages/saml/STORKRequestedAttribute.java b/id/server/stork-saml-engine/src/main/java/eu/stork/vidp/messages/saml/STORKRequestedAttribute.java
new file mode 100644
index 000000000..38149bea5
--- /dev/null
+++ b/id/server/stork-saml-engine/src/main/java/eu/stork/vidp/messages/saml/STORKRequestedAttribute.java
@@ -0,0 +1,53 @@
+/*
+ * Copyright 2011 by Graz University of Technology, Austria
+ * The Austrian STORK Modules have been developed by the E-Government
+ * Innovation Center EGIZ, a joint initiative of the Federal Chancellery
+ * Austria and Graz University of Technology.
+ *
+ * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by
+ * the European Commission - subsequent versions of the EUPL (the "Licence");
+ * You may not use this work except in compliance with the Licence.
+ * You may obtain a copy of the Licence at:
+ * http://www.osor.eu/eupl/
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the Licence is distributed on an "AS IS" basis,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the Licence for the specific language governing permissions and
+ * limitations under the Licence.
+ *
+ * This product combines work with different licenses. See the "NOTICE" text
+ * file for details on the various modules and licenses.
+ * The "NOTICE" text file is part of the distribution. Any derivative works
+ * that you distribute must include a readable copy of the "NOTICE" text file.
+ */
+
+
+/**
+ *
+ */
+package eu.stork.vidp.messages.saml;
+
+import javax.xml.namespace.QName;
+
+import org.opensaml.saml2.metadata.RequestedAttribute;
+
+import eu.stork.vidp.messages.common.STORKConstants;
+
+/**
+ * {@inheritDoc}
+ * @author bzwattendorfer
+ *
+ */
+public interface STORKRequestedAttribute extends RequestedAttribute {
+
+
+ /** Default element name */
+ public final static QName DEFAULT_ELEMENT_NAME = new QName(STORKConstants.STORK10_NS, DEFAULT_ELEMENT_LOCAL_NAME,
+ STORKConstants.STORK10_PREFIX);
+
+ /** QName of the XSI type */
+ public final static QName TYPE_NAME = new QName(STORKConstants.STORK10_NS, TYPE_LOCAL_NAME,
+ STORKConstants.STORK10_PREFIX);
+
+}
diff --git a/id/server/stork-saml-engine/src/main/java/eu/stork/vidp/messages/saml/impl/STORKAttributeBuilder.java b/id/server/stork-saml-engine/src/main/java/eu/stork/vidp/messages/saml/impl/STORKAttributeBuilder.java
new file mode 100644
index 000000000..413b5f6d7
--- /dev/null
+++ b/id/server/stork-saml-engine/src/main/java/eu/stork/vidp/messages/saml/impl/STORKAttributeBuilder.java
@@ -0,0 +1,60 @@
+/*
+ * Copyright 2011 by Graz University of Technology, Austria
+ * The Austrian STORK Modules have been developed by the E-Government
+ * Innovation Center EGIZ, a joint initiative of the Federal Chancellery
+ * Austria and Graz University of Technology.
+ *
+ * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by
+ * the European Commission - subsequent versions of the EUPL (the "Licence");
+ * You may not use this work except in compliance with the Licence.
+ * You may obtain a copy of the Licence at:
+ * http://www.osor.eu/eupl/
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the Licence is distributed on an "AS IS" basis,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the Licence for the specific language governing permissions and
+ * limitations under the Licence.
+ *
+ * This product combines work with different licenses. See the "NOTICE" text
+ * file for details on the various modules and licenses.
+ * The "NOTICE" text file is part of the distribution. Any derivative works
+ * that you distribute must include a readable copy of the "NOTICE" text file.
+ */
+
+
+/**
+ *
+ */
+package eu.stork.vidp.messages.saml.impl;
+
+import org.opensaml.common.xml.SAMLConstants;
+import org.opensaml.saml2.core.Attribute;
+import org.opensaml.saml2.core.impl.AttributeBuilder;
+
+import eu.stork.vidp.messages.saml.STORKAttribute;
+
+/**
+ * @author bzwattendorfer
+ *
+ */
+public class STORKAttributeBuilder extends AttributeBuilder {
+
+ /**
+ * Constructor.
+ */
+ public STORKAttributeBuilder() {
+
+ }
+
+ /** {@inheritDoc} */
+ public STORKAttribute buildObject() {
+ return buildObject(SAMLConstants.SAML20_NS, Attribute.DEFAULT_ELEMENT_LOCAL_NAME, SAMLConstants.SAML20_PREFIX);
+ }
+
+ /** {@inheritDoc} */
+ public STORKAttribute buildObject(String namespaceURI, String localName, String namespacePrefix) {
+ return new STORKAttributeImpl(namespaceURI, localName, namespacePrefix);
+ }
+
+}
diff --git a/id/server/stork-saml-engine/src/main/java/eu/stork/vidp/messages/saml/impl/STORKAttributeImpl.java b/id/server/stork-saml-engine/src/main/java/eu/stork/vidp/messages/saml/impl/STORKAttributeImpl.java
new file mode 100644
index 000000000..89ad90eae
--- /dev/null
+++ b/id/server/stork-saml-engine/src/main/java/eu/stork/vidp/messages/saml/impl/STORKAttributeImpl.java
@@ -0,0 +1,63 @@
+/*
+ * Copyright 2011 by Graz University of Technology, Austria
+ * The Austrian STORK Modules have been developed by the E-Government
+ * Innovation Center EGIZ, a joint initiative of the Federal Chancellery
+ * Austria and Graz University of Technology.
+ *
+ * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by
+ * the European Commission - subsequent versions of the EUPL (the "Licence");
+ * You may not use this work except in compliance with the Licence.
+ * You may obtain a copy of the Licence at:
+ * http://www.osor.eu/eupl/
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the Licence is distributed on an "AS IS" basis,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the Licence for the specific language governing permissions and
+ * limitations under the Licence.
+ *
+ * This product combines work with different licenses. See the "NOTICE" text
+ * file for details on the various modules and licenses.
+ * The "NOTICE" text file is part of the distribution. Any derivative works
+ * that you distribute must include a readable copy of the "NOTICE" text file.
+ */
+
+
+/**
+ *
+ */
+package eu.stork.vidp.messages.saml.impl;
+
+import org.opensaml.saml2.core.impl.AttributeImpl;
+
+import eu.stork.vidp.messages.saml.STORKAttribute;
+
+/**
+ * @author bzwattendorfer
+ *
+ */
+public class STORKAttributeImpl extends AttributeImpl implements STORKAttribute {
+
+ private String attributeStatus;
+
+ protected STORKAttributeImpl(String namespaceURI, String elementLocalName,
+ String namespacePrefix) {
+ super(namespaceURI, elementLocalName, namespacePrefix);
+ }
+
+ /* (non-Javadoc)
+ * @see eu.stork.mw.common.messages.saml.STORKAttribute#getAttributeStatus()
+ */
+ public String getAttributeStatus() {
+ return attributeStatus;
+ }
+
+ /* (non-Javadoc)
+ * @see eu.stork.mw.common.messages.saml.STORKAttribute#setAttributeStatus(java.lang.String)
+ */
+ public void setAttributeStatus(String attributeStatus) {
+ this.attributeStatus = attributeStatus;
+
+ }
+
+}
diff --git a/id/server/stork-saml-engine/src/main/java/eu/stork/vidp/messages/saml/impl/STORKAttributeMarshaller.java b/id/server/stork-saml-engine/src/main/java/eu/stork/vidp/messages/saml/impl/STORKAttributeMarshaller.java
new file mode 100644
index 000000000..ba8c2f1a3
--- /dev/null
+++ b/id/server/stork-saml-engine/src/main/java/eu/stork/vidp/messages/saml/impl/STORKAttributeMarshaller.java
@@ -0,0 +1,56 @@
+/*
+ * Copyright 2011 by Graz University of Technology, Austria
+ * The Austrian STORK Modules have been developed by the E-Government
+ * Innovation Center EGIZ, a joint initiative of the Federal Chancellery
+ * Austria and Graz University of Technology.
+ *
+ * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by
+ * the European Commission - subsequent versions of the EUPL (the "Licence");
+ * You may not use this work except in compliance with the Licence.
+ * You may obtain a copy of the Licence at:
+ * http://www.osor.eu/eupl/
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the Licence is distributed on an "AS IS" basis,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the Licence for the specific language governing permissions and
+ * limitations under the Licence.
+ *
+ * This product combines work with different licenses. See the "NOTICE" text
+ * file for details on the various modules and licenses.
+ * The "NOTICE" text file is part of the distribution. Any derivative works
+ * that you distribute must include a readable copy of the "NOTICE" text file.
+ */
+
+
+/**
+ *
+ */
+package eu.stork.vidp.messages.saml.impl;
+
+import org.opensaml.saml2.core.impl.AttributeMarshaller;
+import org.opensaml.xml.XMLObject;
+import org.opensaml.xml.io.MarshallingException;
+import org.w3c.dom.Element;
+
+import eu.stork.vidp.messages.common.STORKConstants;
+import eu.stork.vidp.messages.saml.STORKAttribute;
+
+/**
+ * @author bzwattendorfer
+ *
+ */
+public class STORKAttributeMarshaller extends AttributeMarshaller {
+
+ protected void marshallAttributes(XMLObject samlElement, Element domElement) throws MarshallingException {
+ STORKAttribute attribute = (STORKAttribute) samlElement;
+
+ if (attribute.getAttributeStatus() != null) {
+ domElement.setAttributeNS(STORKConstants.STORK10_NS, STORKAttribute.STORK_ATTRIBUTE_STATUS_ATTTRIB_NAME, attribute.getName());
+ }
+
+ super.marshallAttributes(samlElement, domElement);
+
+ }
+
+}
diff --git a/id/server/stork-saml-engine/src/main/java/eu/stork/vidp/messages/saml/impl/STORKAttributeUnmarshaller.java b/id/server/stork-saml-engine/src/main/java/eu/stork/vidp/messages/saml/impl/STORKAttributeUnmarshaller.java
new file mode 100644
index 000000000..5a74dab7d
--- /dev/null
+++ b/id/server/stork-saml-engine/src/main/java/eu/stork/vidp/messages/saml/impl/STORKAttributeUnmarshaller.java
@@ -0,0 +1,58 @@
+/*
+ * Copyright 2011 by Graz University of Technology, Austria
+ * The Austrian STORK Modules have been developed by the E-Government
+ * Innovation Center EGIZ, a joint initiative of the Federal Chancellery
+ * Austria and Graz University of Technology.
+ *
+ * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by
+ * the European Commission - subsequent versions of the EUPL (the "Licence");
+ * You may not use this work except in compliance with the Licence.
+ * You may obtain a copy of the Licence at:
+ * http://www.osor.eu/eupl/
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the Licence is distributed on an "AS IS" basis,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the Licence for the specific language governing permissions and
+ * limitations under the Licence.
+ *
+ * This product combines work with different licenses. See the "NOTICE" text
+ * file for details on the various modules and licenses.
+ * The "NOTICE" text file is part of the distribution. Any derivative works
+ * that you distribute must include a readable copy of the "NOTICE" text file.
+ */
+
+
+
+package eu.stork.vidp.messages.saml.impl;
+
+import javax.xml.namespace.QName;
+
+import org.opensaml.saml2.core.Attribute;
+import org.opensaml.saml2.core.impl.AttributeUnmarshaller;
+import org.opensaml.xml.XMLObject;
+import org.opensaml.xml.io.UnmarshallingException;
+import org.w3c.dom.Attr;
+
+import eu.stork.vidp.messages.saml.STORKAttribute;
+
+/**
+ * A thread-safe Unmarshaller for {@link org.opensaml.saml2.core.Attribute} objects.
+ */
+public class STORKAttributeUnmarshaller extends AttributeUnmarshaller {
+
+
+ protected void processAttribute(XMLObject samlObject, Attr attribute) throws UnmarshallingException {
+
+ if (samlObject instanceof STORKAttribute) {
+ STORKAttribute attrib = (STORKAttribute) samlObject;
+
+ if (attribute.getLocalName().equals(STORKAttribute.STORK_ATTRIBUTE_STATUS_ATTTRIB_NAME)) {
+ attrib.setAttributeStatus(attribute.getValue());
+ }
+ }
+
+ super.processAttribute(samlObject, attribute);
+ }
+
+} \ No newline at end of file
diff --git a/id/server/stork-saml-engine/src/main/java/eu/stork/vidp/messages/saml/impl/STORKAuthnRequestBuilder.java b/id/server/stork-saml-engine/src/main/java/eu/stork/vidp/messages/saml/impl/STORKAuthnRequestBuilder.java
new file mode 100644
index 000000000..8836b6c8e
--- /dev/null
+++ b/id/server/stork-saml-engine/src/main/java/eu/stork/vidp/messages/saml/impl/STORKAuthnRequestBuilder.java
@@ -0,0 +1,48 @@
+/*
+ * Copyright 2011 by Graz University of Technology, Austria
+ * The Austrian STORK Modules have been developed by the E-Government
+ * Innovation Center EGIZ, a joint initiative of the Federal Chancellery
+ * Austria and Graz University of Technology.
+ *
+ * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by
+ * the European Commission - subsequent versions of the EUPL (the "Licence");
+ * You may not use this work except in compliance with the Licence.
+ * You may obtain a copy of the Licence at:
+ * http://www.osor.eu/eupl/
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the Licence is distributed on an "AS IS" basis,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the Licence for the specific language governing permissions and
+ * limitations under the Licence.
+ *
+ * This product combines work with different licenses. See the "NOTICE" text
+ * file for details on the various modules and licenses.
+ * The "NOTICE" text file is part of the distribution. Any derivative works
+ * that you distribute must include a readable copy of the "NOTICE" text file.
+ */
+
+
+package eu.stork.vidp.messages.saml.impl;
+
+import org.opensaml.common.xml.SAMLConstants;
+import org.opensaml.saml2.core.AuthnRequest;
+import org.opensaml.saml2.core.impl.AuthnRequestBuilder;
+
+import eu.stork.mw.messages.saml.STORKAuthnRequest;
+
+public class STORKAuthnRequestBuilder extends AuthnRequestBuilder {
+
+ /** {@inheritDoc} */
+
+
+ public STORKAuthnRequest buildObject() {
+ return buildObject(SAMLConstants.SAML20P_NS, AuthnRequest.DEFAULT_ELEMENT_LOCAL_NAME, SAMLConstants.SAML20P_PREFIX);
+ }
+
+ /** {@inheritDoc} */
+ public STORKAuthnRequest buildObject(String namespaceURI, String localName, String namespacePrefix) {
+ return new STORKAuthnRequestImpl(namespaceURI, localName, namespacePrefix);
+ }
+
+}
diff --git a/id/server/stork-saml-engine/src/main/java/eu/stork/vidp/messages/saml/impl/STORKAuthnRequestImpl.java b/id/server/stork-saml-engine/src/main/java/eu/stork/vidp/messages/saml/impl/STORKAuthnRequestImpl.java
new file mode 100644
index 000000000..c9375ceb9
--- /dev/null
+++ b/id/server/stork-saml-engine/src/main/java/eu/stork/vidp/messages/saml/impl/STORKAuthnRequestImpl.java
@@ -0,0 +1,170 @@
+/*
+ * Copyright 2011 by Graz University of Technology, Austria
+ * The Austrian STORK Modules have been developed by the E-Government
+ * Innovation Center EGIZ, a joint initiative of the Federal Chancellery
+ * Austria and Graz University of Technology.
+ *
+ * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by
+ * the European Commission - subsequent versions of the EUPL (the "Licence");
+ * You may not use this work except in compliance with the Licence.
+ * You may obtain a copy of the Licence at:
+ * http://www.osor.eu/eupl/
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the Licence is distributed on an "AS IS" basis,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the Licence for the specific language governing permissions and
+ * limitations under the Licence.
+ *
+ * This product combines work with different licenses. See the "NOTICE" text
+ * file for details on the various modules and licenses.
+ * The "NOTICE" text file is part of the distribution. Any derivative works
+ * that you distribute must include a readable copy of the "NOTICE" text file.
+ */
+
+
+package eu.stork.vidp.messages.saml.impl;
+
+import java.security.cert.X509Certificate;
+import java.util.List;
+
+import org.opensaml.common.xml.SAMLConstants;
+import org.opensaml.saml2.core.impl.AuthnRequestImpl;
+import org.opensaml.saml2.metadata.RequestedAttribute;
+import org.opensaml.xml.XMLObject;
+
+import eu.stork.mw.messages.saml.STORKAuthnRequest;
+
+public class STORKAuthnRequestImpl extends AuthnRequestImpl implements STORKAuthnRequest {
+
+ private int qaaLevel;
+
+ private String ccc;
+
+ private String finalRedirectURL;
+
+ private String spID;
+
+ private XMLObject originalSPAuthRequest;
+
+ private X509Certificate spCertSig;
+
+ private X509Certificate spCertEnc;
+
+ //private XMLObjectChildrenList<RequestedAttribute> requestedAttributes;
+ private List<RequestedAttribute> requestedAttributes;
+
+ protected STORKAuthnRequestImpl(String namespaceURI, String elementLocalName,
+ String namespacePrefix) {
+ super(namespaceURI, elementLocalName, namespacePrefix);
+ //requestedAttributes = new IndexedXMLObjectChildrenList<RequestedAttribute>(this);
+ }
+
+ public STORKAuthnRequestImpl() {
+ super(SAMLConstants.SAML20P_NS, STORKAuthnRequest.DEFAULT_ELEMENT_LOCAL_NAME, SAMLConstants.SAML20P_PREFIX);
+ }
+
+
+
+ public int getQAALevel() {
+ return this.qaaLevel;
+ }
+
+ public void setQAALevel(int authLevel) {
+ this.qaaLevel = authLevel;
+
+ }
+
+ public String getCitizenCountryCode() {
+ return ccc;
+ }
+
+ public String getFinalRedirectURL() {
+ return finalRedirectURL;
+ }
+
+ public XMLObject getOriginalSPAuthRequest() {
+ return originalSPAuthRequest;
+ }
+
+ public X509Certificate getSPCertEnc() {
+ return spCertEnc;
+ }
+
+ public X509Certificate getSPCertSig() {
+ return spCertSig;
+ }
+
+ public String getSPID() {
+ return spID;
+ }
+
+ public void setCitizenCountryCode(String citizenCountryCode) {
+ this.ccc = citizenCountryCode;
+ }
+
+ public void setFinalRedirectURL(String finalRedirectURL) {
+ this.finalRedirectURL = finalRedirectURL;
+ }
+
+ public void setOriginalSPAuthRequest(XMLObject spAuthRequest) {
+ this.originalSPAuthRequest = spAuthRequest;
+ }
+
+ public void setSPCertEnc(X509Certificate encryptionCertificate) {
+ this.spCertEnc = encryptionCertificate;
+ }
+
+ public void setSPCertSig(X509Certificate signingCertificate) {
+ this.spCertSig = signingCertificate;
+ }
+
+ public void setSPID(String spID) {
+ this.spID = spID;
+ }
+
+ public List<RequestedAttribute> getRequestedAttributes() {
+// return (List<RequestedAttribute>) requestedAttributes.subList(new QName(STORKMessagesConstants.STORK10_NS, DEFAULT_ELEMENT_LOCAL_NAME, STORKMessagesConstants.STORK10_PREFIX));
+ return requestedAttributes;
+ }
+
+ public void setRequestedAttributes(List<RequestedAttribute> requestedAttributesList) {
+ // this.requestedAttributes = (XMLObjectChildrenList<RequestedAttribute>) requestedAttributesList;
+ this.requestedAttributes = requestedAttributesList;
+ }
+
+// public List<XMLObject> getOrderedChildren() {
+// ArrayList<XMLObject> children = new ArrayList<XMLObject>();
+//
+// if (super.getOrderedChildren() != null) {
+// children.addAll(super.getOrderedChildren());
+// }
+//
+// if (qaaLevel != 0 ) {
+// children.add(subject);
+// }
+//
+// if (nameIDPolicy != null) {
+// children.add(nameIDPolicy);
+// }
+//
+// if (conditions != null) {
+// children.add(conditions);
+// }
+//
+// if (requestedAuthnContext != null) {
+// children.add(requestedAuthnContext);
+// }
+//
+// if (scoping != null) {
+// children.add(scoping);
+// }
+//
+// if (children.size() == 0) {
+// return null;
+// }
+//
+// return Collections.unmodifiableList(children);
+// }
+
+}
diff --git a/id/server/stork-saml-engine/src/main/java/eu/stork/vidp/messages/saml/impl/STORKAuthnRequestMarshaller.java b/id/server/stork-saml-engine/src/main/java/eu/stork/vidp/messages/saml/impl/STORKAuthnRequestMarshaller.java
new file mode 100644
index 000000000..faad3a835
--- /dev/null
+++ b/id/server/stork-saml-engine/src/main/java/eu/stork/vidp/messages/saml/impl/STORKAuthnRequestMarshaller.java
@@ -0,0 +1,44 @@
+/*
+ * Copyright 2011 by Graz University of Technology, Austria
+ * The Austrian STORK Modules have been developed by the E-Government
+ * Innovation Center EGIZ, a joint initiative of the Federal Chancellery
+ * Austria and Graz University of Technology.
+ *
+ * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by
+ * the European Commission - subsequent versions of the EUPL (the "Licence");
+ * You may not use this work except in compliance with the Licence.
+ * You may obtain a copy of the Licence at:
+ * http://www.osor.eu/eupl/
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the Licence is distributed on an "AS IS" basis,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the Licence for the specific language governing permissions and
+ * limitations under the Licence.
+ *
+ * This product combines work with different licenses. See the "NOTICE" text
+ * file for details on the various modules and licenses.
+ * The "NOTICE" text file is part of the distribution. Any derivative works
+ * that you distribute must include a readable copy of the "NOTICE" text file.
+ */
+
+
+package eu.stork.vidp.messages.saml.impl;
+
+import org.opensaml.saml2.core.impl.AuthnRequestMarshaller;
+import org.opensaml.xml.XMLObject;
+import org.opensaml.xml.io.MarshallingException;
+import org.w3c.dom.Element;
+
+import eu.stork.mw.messages.saml.STORKAuthnRequest;
+
+public class STORKAuthnRequestMarshaller extends AuthnRequestMarshaller {
+
+ protected void marshallElementContent(XMLObject samlObject, Element domElement) throws MarshallingException {
+ STORKAuthnRequest req = (STORKAuthnRequest) samlObject;
+
+// if (sr.getQAA() != -1) {
+// //domElement.setAttributeNS(null, StatusResponseType.VERSION_ATTRIB_NAME, sr.getVersion().toString());
+// }
+ }
+}
diff --git a/id/server/stork-saml-engine/src/main/java/eu/stork/vidp/messages/saml/impl/STORKAuthnRequestUnmarshaller.java b/id/server/stork-saml-engine/src/main/java/eu/stork/vidp/messages/saml/impl/STORKAuthnRequestUnmarshaller.java
new file mode 100644
index 000000000..7924400fa
--- /dev/null
+++ b/id/server/stork-saml-engine/src/main/java/eu/stork/vidp/messages/saml/impl/STORKAuthnRequestUnmarshaller.java
@@ -0,0 +1,137 @@
+/*
+ * Copyright 2011 by Graz University of Technology, Austria
+ * The Austrian STORK Modules have been developed by the E-Government
+ * Innovation Center EGIZ, a joint initiative of the Federal Chancellery
+ * Austria and Graz University of Technology.
+ *
+ * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by
+ * the European Commission - subsequent versions of the EUPL (the "Licence");
+ * You may not use this work except in compliance with the Licence.
+ * You may obtain a copy of the Licence at:
+ * http://www.osor.eu/eupl/
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the Licence is distributed on an "AS IS" basis,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the Licence for the specific language governing permissions and
+ * limitations under the Licence.
+ *
+ * This product combines work with different licenses. See the "NOTICE" text
+ * file for details on the various modules and licenses.
+ * The "NOTICE" text file is part of the distribution. Any derivative works
+ * that you distribute must include a readable copy of the "NOTICE" text file.
+ */
+
+
+package eu.stork.vidp.messages.saml.impl;
+
+import java.io.ByteArrayInputStream;
+import java.io.InputStream;
+import java.security.cert.CertificateException;
+import java.security.cert.CertificateFactory;
+import java.security.cert.X509Certificate;
+
+import org.opensaml.saml2.core.impl.AuthnRequestUnmarshaller;
+import org.opensaml.xml.XMLObject;
+import org.opensaml.xml.io.UnmarshallingException;
+import org.opensaml.xml.signature.X509Data;
+import org.opensaml.xml.util.Base64;
+
+import eu.stork.mw.messages.saml.STORKAuthnRequest;
+import eu.stork.vidp.messages.saml.STORKExtensions;
+import eu.stork.vidp.messages.stork.SPCertEnc;
+import eu.stork.vidp.messages.stork.SPCertSig;
+import eu.stork.vidp.messages.stork.SPCertType;
+import eu.stork.vidp.messages.stork.SPInformation;
+import eu.stork.vidp.messages.stork.VIDPAuthenticationAttributes;
+
+public class STORKAuthnRequestUnmarshaller extends AuthnRequestUnmarshaller {
+
+ protected void processChildElement(XMLObject parentSAMLObject, XMLObject childSAMLObject)
+ throws UnmarshallingException {
+ STORKAuthnRequest req = (STORKAuthnRequest) parentSAMLObject;
+
+ if (childSAMLObject instanceof STORKExtensions) {
+ STORKExtensions ext = (STORKExtensions) childSAMLObject;
+ req.setExtensions(ext);
+
+ if (ext.getQAALevel() != null)
+ req.setQAALevel(ext.getQAALevel().getValue());
+
+ if (ext.getRequestedAttributes() != null) {
+ //List<RequestedAttribute> reqAttrList = new ArrayList<RequestedAttribute>();
+// for (RequestedAttribute reqAtt : ext.getRequestedAttributes().getRequestedAttributes()) {
+// req.getRequestedAttributes().add(reqAtt);
+// }
+ req.setRequestedAttributes(ext.getRequestedAttributes().getRequestedAttributes());
+
+ }
+
+ if (ext.getAuthenticationAttributes() != null) {
+ VIDPAuthenticationAttributes vidpAuthAttributes = ext.getAuthenticationAttributes().getVIDPAuthenticationAttributes();
+ if (vidpAuthAttributes != null) {
+ if (vidpAuthAttributes.getCitizenCountryCode() != null)
+ req.setCitizenCountryCode(vidpAuthAttributes.getCitizenCountryCode().getValue());
+
+ SPInformation spInformation = vidpAuthAttributes.getSPInformation();
+ if (spInformation != null) {
+ if (spInformation.getSPID() != null)
+ req.setSPID(spInformation.getSPID().getValue());
+
+ if (spInformation.getSPCertSig() != null) {
+ SPCertSig spCertSig = spInformation.getSPCertSig();
+ try {
+ req.setSPCertSig(getCertificateFromX509Data(spCertSig));
+ } catch (Exception e) {
+ throw new UnmarshallingException("Error reading SP signing certificate");
+ }
+ }
+
+ if (spInformation.getSPCertEnc() != null) {
+ SPCertEnc spCertEnc = spInformation.getSPCertEnc();
+ try {
+ req.setSPCertEnc(getCertificateFromX509Data(spCertEnc));
+ } catch (Exception e) {
+ throw new UnmarshallingException("Error reading SP encryption certificate");
+ }
+ }
+
+ if (spInformation.getSPAuthRequest() != null) {
+ req.setOriginalSPAuthRequest(spInformation.getSPAuthRequest());
+ }
+
+ }
+ }
+ }
+
+ } else {
+ super.processChildElement(parentSAMLObject, childSAMLObject);
+ }
+ }
+
+ private X509Certificate getCertificateFromX509Data(SPCertType spCert) throws CertificateException {
+ if (spCert.getKeyInfo() != null)
+ if (!spCert.getKeyInfo().getX509Datas().isEmpty()) {
+ X509Data samlX509Data = spCert.getKeyInfo().getX509Datas().get(0);
+
+ if (samlX509Data != null) {
+ if (!samlX509Data.getX509Certificates().isEmpty()) {
+ org.opensaml.xml.signature.X509Certificate samlX509Cert = samlX509Data.getX509Certificates().get(0);
+ if (samlX509Cert != null) {
+ if (samlX509Cert.getValue() != null && samlX509Cert.getValue().length() != 0) {
+ InputStream inStream = new ByteArrayInputStream( Base64.decode(samlX509Cert.getValue()));
+ CertificateFactory cf = CertificateFactory.getInstance("X.509");
+ X509Certificate cert = (X509Certificate)cf.generateCertificate(inStream);
+ return cert;
+ }
+
+ }
+
+ }
+ }
+ }
+
+ return null;
+ }
+
+}
diff --git a/id/server/stork-saml-engine/src/main/java/eu/stork/vidp/messages/saml/impl/STORKExtensionsBuilder.java b/id/server/stork-saml-engine/src/main/java/eu/stork/vidp/messages/saml/impl/STORKExtensionsBuilder.java
new file mode 100644
index 000000000..96004871c
--- /dev/null
+++ b/id/server/stork-saml-engine/src/main/java/eu/stork/vidp/messages/saml/impl/STORKExtensionsBuilder.java
@@ -0,0 +1,45 @@
+/*
+ * Copyright 2011 by Graz University of Technology, Austria
+ * The Austrian STORK Modules have been developed by the E-Government
+ * Innovation Center EGIZ, a joint initiative of the Federal Chancellery
+ * Austria and Graz University of Technology.
+ *
+ * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by
+ * the European Commission - subsequent versions of the EUPL (the "Licence");
+ * You may not use this work except in compliance with the Licence.
+ * You may obtain a copy of the Licence at:
+ * http://www.osor.eu/eupl/
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the Licence is distributed on an "AS IS" basis,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the Licence for the specific language governing permissions and
+ * limitations under the Licence.
+ *
+ * This product combines work with different licenses. See the "NOTICE" text
+ * file for details on the various modules and licenses.
+ * The "NOTICE" text file is part of the distribution. Any derivative works
+ * that you distribute must include a readable copy of the "NOTICE" text file.
+ */
+
+
+package eu.stork.vidp.messages.saml.impl;
+
+import org.opensaml.common.xml.SAMLConstants;
+import org.opensaml.saml2.common.impl.ExtensionsBuilder;
+import org.opensaml.saml2.core.Response;
+
+import eu.stork.vidp.messages.saml.STORKExtensions;
+
+public class STORKExtensionsBuilder extends ExtensionsBuilder {
+
+ public STORKExtensions buildObject() {
+ return buildObject(SAMLConstants.SAML20P_NS, Response.DEFAULT_ELEMENT_LOCAL_NAME, SAMLConstants.SAML20P_PREFIX);
+ }
+
+ /** {@inheritDoc} */
+ public STORKExtensions buildObject(String namespaceURI, String localName, String namespacePrefix) {
+ return new STORKExtensionsImpl(namespaceURI, localName, namespacePrefix);
+ }
+
+}
diff --git a/id/server/stork-saml-engine/src/main/java/eu/stork/vidp/messages/saml/impl/STORKExtensionsImpl.java b/id/server/stork-saml-engine/src/main/java/eu/stork/vidp/messages/saml/impl/STORKExtensionsImpl.java
new file mode 100644
index 000000000..5417481c7
--- /dev/null
+++ b/id/server/stork-saml-engine/src/main/java/eu/stork/vidp/messages/saml/impl/STORKExtensionsImpl.java
@@ -0,0 +1,74 @@
+/*
+ * Copyright 2011 by Graz University of Technology, Austria
+ * The Austrian STORK Modules have been developed by the E-Government
+ * Innovation Center EGIZ, a joint initiative of the Federal Chancellery
+ * Austria and Graz University of Technology.
+ *
+ * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by
+ * the European Commission - subsequent versions of the EUPL (the "Licence");
+ * You may not use this work except in compliance with the Licence.
+ * You may obtain a copy of the Licence at:
+ * http://www.osor.eu/eupl/
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the Licence is distributed on an "AS IS" basis,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the Licence for the specific language governing permissions and
+ * limitations under the Licence.
+ *
+ * This product combines work with different licenses. See the "NOTICE" text
+ * file for details on the various modules and licenses.
+ * The "NOTICE" text file is part of the distribution. Any derivative works
+ * that you distribute must include a readable copy of the "NOTICE" text file.
+ */
+
+
+package eu.stork.vidp.messages.saml.impl;
+
+import org.opensaml.saml2.common.impl.ExtensionsImpl;
+
+import eu.stork.vidp.messages.saml.STORKExtensions;
+import eu.stork.vidp.messages.stork.AuthenticationAttributes;
+import eu.stork.vidp.messages.stork.QualityAuthenticationAssuranceLevel;
+import eu.stork.vidp.messages.stork.RequestedAttributes;
+
+public class STORKExtensionsImpl extends ExtensionsImpl implements STORKExtensions {
+
+ private QualityAuthenticationAssuranceLevel qaaLevel;
+
+ private RequestedAttributes requestedAttributes;
+
+ private AuthenticationAttributes authenticationAttributes;
+
+ protected STORKExtensionsImpl(String namespaceURI, String elementLocalName,
+ String namespacePrefix) {
+ super(namespaceURI, elementLocalName, namespacePrefix);
+ }
+
+ public AuthenticationAttributes getAuthenticationAttributes() {
+ return authenticationAttributes;
+ }
+
+ public QualityAuthenticationAssuranceLevel getQAALevel() {
+ return qaaLevel;
+ }
+
+ public RequestedAttributes getRequestedAttributes() {
+ return requestedAttributes;
+ }
+
+ public void setAuthenticationAttributes(
+ AuthenticationAttributes authenticationAttributes) {
+ this.authenticationAttributes = authenticationAttributes;
+ }
+
+ public void setQAALevel(QualityAuthenticationAssuranceLevel authLevel) {
+ this.qaaLevel = authLevel;
+ }
+
+ public void setRequestedAttributes(RequestedAttributes requestedAttributes) {
+ this.requestedAttributes = requestedAttributes;
+ }
+
+
+}
diff --git a/id/server/stork-saml-engine/src/main/java/eu/stork/vidp/messages/saml/impl/STORKExtensionsMarshaller.java b/id/server/stork-saml-engine/src/main/java/eu/stork/vidp/messages/saml/impl/STORKExtensionsMarshaller.java
new file mode 100644
index 000000000..7aa86c2ed
--- /dev/null
+++ b/id/server/stork-saml-engine/src/main/java/eu/stork/vidp/messages/saml/impl/STORKExtensionsMarshaller.java
@@ -0,0 +1,32 @@
+/*
+ * Copyright 2011 by Graz University of Technology, Austria
+ * The Austrian STORK Modules have been developed by the E-Government
+ * Innovation Center EGIZ, a joint initiative of the Federal Chancellery
+ * Austria and Graz University of Technology.
+ *
+ * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by
+ * the European Commission - subsequent versions of the EUPL (the "Licence");
+ * You may not use this work except in compliance with the Licence.
+ * You may obtain a copy of the Licence at:
+ * http://www.osor.eu/eupl/
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the Licence is distributed on an "AS IS" basis,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the Licence for the specific language governing permissions and
+ * limitations under the Licence.
+ *
+ * This product combines work with different licenses. See the "NOTICE" text
+ * file for details on the various modules and licenses.
+ * The "NOTICE" text file is part of the distribution. Any derivative works
+ * that you distribute must include a readable copy of the "NOTICE" text file.
+ */
+
+
+package eu.stork.vidp.messages.saml.impl;
+
+import org.opensaml.saml2.common.impl.ExtensionsMarshaller;
+
+public class STORKExtensionsMarshaller extends ExtensionsMarshaller {
+
+}
diff --git a/id/server/stork-saml-engine/src/main/java/eu/stork/vidp/messages/saml/impl/STORKExtensionsUnmarshaller.java b/id/server/stork-saml-engine/src/main/java/eu/stork/vidp/messages/saml/impl/STORKExtensionsUnmarshaller.java
new file mode 100644
index 000000000..a701c9e6f
--- /dev/null
+++ b/id/server/stork-saml-engine/src/main/java/eu/stork/vidp/messages/saml/impl/STORKExtensionsUnmarshaller.java
@@ -0,0 +1,58 @@
+/*
+ * Copyright 2011 by Graz University of Technology, Austria
+ * The Austrian STORK Modules have been developed by the E-Government
+ * Innovation Center EGIZ, a joint initiative of the Federal Chancellery
+ * Austria and Graz University of Technology.
+ *
+ * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by
+ * the European Commission - subsequent versions of the EUPL (the "Licence");
+ * You may not use this work except in compliance with the Licence.
+ * You may obtain a copy of the Licence at:
+ * http://www.osor.eu/eupl/
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the Licence is distributed on an "AS IS" basis,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the Licence for the specific language governing permissions and
+ * limitations under the Licence.
+ *
+ * This product combines work with different licenses. See the "NOTICE" text
+ * file for details on the various modules and licenses.
+ * The "NOTICE" text file is part of the distribution. Any derivative works
+ * that you distribute must include a readable copy of the "NOTICE" text file.
+ */
+
+
+package eu.stork.vidp.messages.saml.impl;
+
+import org.opensaml.saml2.common.impl.ExtensionsUnmarshaller;
+import org.opensaml.xml.XMLObject;
+import org.opensaml.xml.io.UnmarshallingException;
+
+import eu.stork.vidp.messages.saml.STORKExtensions;
+import eu.stork.vidp.messages.stork.AuthenticationAttributes;
+import eu.stork.vidp.messages.stork.QualityAuthenticationAssuranceLevel;
+import eu.stork.vidp.messages.stork.RequestedAttributes;
+
+public class STORKExtensionsUnmarshaller extends ExtensionsUnmarshaller {
+
+ protected void processChildElement(XMLObject parentXMLObject, XMLObject childXMLObject)
+ throws UnmarshallingException {
+ STORKExtensions extensions = (STORKExtensions) parentXMLObject;
+
+ if (childXMLObject instanceof QualityAuthenticationAssuranceLevel) {
+ QualityAuthenticationAssuranceLevel qaa = (QualityAuthenticationAssuranceLevel) childXMLObject;
+ extensions.setQAALevel(qaa);
+ } if (childXMLObject instanceof RequestedAttributes) {
+ RequestedAttributes requestedAttributes = (RequestedAttributes) childXMLObject;
+ extensions.setRequestedAttributes(requestedAttributes);
+ } if (childXMLObject instanceof AuthenticationAttributes) {
+ AuthenticationAttributes authenticationAttributes = (AuthenticationAttributes) childXMLObject;
+ extensions.setAuthenticationAttributes(authenticationAttributes);
+ } else {
+ super.processChildElement(parentXMLObject, childXMLObject);
+ }
+
+}
+
+}
diff --git a/id/server/stork-saml-engine/src/main/java/eu/stork/vidp/messages/saml/impl/STORKRequestedAttributeBuilder.java b/id/server/stork-saml-engine/src/main/java/eu/stork/vidp/messages/saml/impl/STORKRequestedAttributeBuilder.java
new file mode 100644
index 000000000..1e23a9f2b
--- /dev/null
+++ b/id/server/stork-saml-engine/src/main/java/eu/stork/vidp/messages/saml/impl/STORKRequestedAttributeBuilder.java
@@ -0,0 +1,57 @@
+/*
+ * Copyright 2011 by Graz University of Technology, Austria
+ * The Austrian STORK Modules have been developed by the E-Government
+ * Innovation Center EGIZ, a joint initiative of the Federal Chancellery
+ * Austria and Graz University of Technology.
+ *
+ * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by
+ * the European Commission - subsequent versions of the EUPL (the "Licence");
+ * You may not use this work except in compliance with the Licence.
+ * You may obtain a copy of the Licence at:
+ * http://www.osor.eu/eupl/
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the Licence is distributed on an "AS IS" basis,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the Licence for the specific language governing permissions and
+ * limitations under the Licence.
+ *
+ * This product combines work with different licenses. See the "NOTICE" text
+ * file for details on the various modules and licenses.
+ * The "NOTICE" text file is part of the distribution. Any derivative works
+ * that you distribute must include a readable copy of the "NOTICE" text file.
+ */
+
+
+/**
+ *
+ */
+
+package eu.stork.vidp.messages.saml.impl;
+
+import org.opensaml.common.impl.AbstractSAMLObjectBuilder;
+import org.opensaml.saml2.metadata.RequestedAttribute;
+
+import eu.stork.vidp.messages.common.STORKConstants;
+import eu.stork.vidp.messages.saml.STORKRequestedAttribute;
+
+/**
+ * Builder for {@link org.opensaml.saml2.metadata.impl.RequestedAttributeImpl}.
+ */
+public class STORKRequestedAttributeBuilder extends AbstractSAMLObjectBuilder<RequestedAttribute> {
+
+ /** Constructor */
+ public STORKRequestedAttributeBuilder() {
+
+ }
+
+ /** {@inheritDoc} */
+ public STORKRequestedAttribute buildObject() {
+ return buildObject(STORKConstants.STORK10_NS, STORKRequestedAttribute.DEFAULT_ELEMENT_LOCAL_NAME, STORKConstants.STORK10_PREFIX);
+ }
+
+ /** {@inheritDoc} */
+ public STORKRequestedAttribute buildObject(String namespaceURI, String localName, String namespacePrefix) {
+ return new STORKRequestedAttributeImpl(namespaceURI, localName, namespacePrefix);
+ }
+} \ No newline at end of file
diff --git a/id/server/stork-saml-engine/src/main/java/eu/stork/vidp/messages/saml/impl/STORKRequestedAttributeImpl.java b/id/server/stork-saml-engine/src/main/java/eu/stork/vidp/messages/saml/impl/STORKRequestedAttributeImpl.java
new file mode 100644
index 000000000..e3921919a
--- /dev/null
+++ b/id/server/stork-saml-engine/src/main/java/eu/stork/vidp/messages/saml/impl/STORKRequestedAttributeImpl.java
@@ -0,0 +1,66 @@
+/*
+ * Copyright 2011 by Graz University of Technology, Austria
+ * The Austrian STORK Modules have been developed by the E-Government
+ * Innovation Center EGIZ, a joint initiative of the Federal Chancellery
+ * Austria and Graz University of Technology.
+ *
+ * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by
+ * the European Commission - subsequent versions of the EUPL (the "Licence");
+ * You may not use this work except in compliance with the Licence.
+ * You may obtain a copy of the Licence at:
+ * http://www.osor.eu/eupl/
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the Licence is distributed on an "AS IS" basis,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the Licence for the specific language governing permissions and
+ * limitations under the Licence.
+ *
+ * This product combines work with different licenses. See the "NOTICE" text
+ * file for details on the various modules and licenses.
+ * The "NOTICE" text file is part of the distribution. Any derivative works
+ * that you distribute must include a readable copy of the "NOTICE" text file.
+ */
+
+
+
+/**
+ *
+ */
+
+package eu.stork.vidp.messages.saml.impl;
+
+import java.util.ArrayList;
+import java.util.Collections;
+import java.util.List;
+
+import org.opensaml.saml2.metadata.impl.RequestedAttributeImpl;
+import org.opensaml.xml.XMLObject;
+
+import eu.stork.vidp.messages.saml.STORKRequestedAttribute;
+
+/**
+ * Concrete implementation of {@link org.opensaml.saml2.metadata.RequestedAttribute}
+ */
+public class STORKRequestedAttributeImpl extends RequestedAttributeImpl implements STORKRequestedAttribute {
+
+ /**
+ * Constructor
+ *
+ * @param namespaceURI
+ * @param elementLocalName
+ * @param namespacePrefix
+ */
+ protected STORKRequestedAttributeImpl(String namespaceURI, String elementLocalName, String namespacePrefix) {
+ super(namespaceURI, elementLocalName, namespacePrefix);
+ }
+
+ /** {@inheritDoc} */
+ public List<XMLObject> getOrderedChildren() {
+ ArrayList<XMLObject> children = new ArrayList<XMLObject>();
+
+ children.addAll(getAttributeValues());
+
+ return Collections.unmodifiableList(children);
+ }
+} \ No newline at end of file
diff --git a/id/server/stork-saml-engine/src/main/java/eu/stork/vidp/messages/saml/impl/STORKRequestedAttributeUnmarshaller.java b/id/server/stork-saml-engine/src/main/java/eu/stork/vidp/messages/saml/impl/STORKRequestedAttributeUnmarshaller.java
new file mode 100644
index 000000000..6b7771c72
--- /dev/null
+++ b/id/server/stork-saml-engine/src/main/java/eu/stork/vidp/messages/saml/impl/STORKRequestedAttributeUnmarshaller.java
@@ -0,0 +1,64 @@
+/*
+ * Copyright 2011 by Graz University of Technology, Austria
+ * The Austrian STORK Modules have been developed by the E-Government
+ * Innovation Center EGIZ, a joint initiative of the Federal Chancellery
+ * Austria and Graz University of Technology.
+ *
+ * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by
+ * the European Commission - subsequent versions of the EUPL (the "Licence");
+ * You may not use this work except in compliance with the Licence.
+ * You may obtain a copy of the Licence at:
+ * http://www.osor.eu/eupl/
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the Licence is distributed on an "AS IS" basis,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the Licence for the specific language governing permissions and
+ * limitations under the Licence.
+ *
+ * This product combines work with different licenses. See the "NOTICE" text
+ * file for details on the various modules and licenses.
+ * The "NOTICE" text file is part of the distribution. Any derivative works
+ * that you distribute must include a readable copy of the "NOTICE" text file.
+ */
+
+
+
+/**
+ *
+ */
+
+package eu.stork.vidp.messages.saml.impl;
+
+import javax.xml.namespace.QName;
+
+import org.opensaml.common.xml.SAMLConstants;
+import org.opensaml.saml2.core.Attribute;
+import org.opensaml.saml2.metadata.impl.RequestedAttributeUnmarshaller;
+import org.opensaml.xml.XMLObject;
+import org.opensaml.xml.io.UnmarshallingException;
+
+import eu.stork.vidp.messages.common.STORKConstants;
+
+
+/**
+ * A thread-safe Unmarshaller for {@link org.opensaml.saml2.metadata.RequestedAttribute} objects.
+ */
+public class STORKRequestedAttributeUnmarshaller extends RequestedAttributeUnmarshaller {
+
+ protected void processChildElement(XMLObject parentSAMLObject, XMLObject childSAMLObject)
+ throws UnmarshallingException {
+
+ Attribute attribute = (Attribute) parentSAMLObject;
+
+ QName childQName = childSAMLObject.getElementQName();
+ if (childQName.getLocalPart().equals("AttributeValue")
+ && childQName.getNamespaceURI().equals(STORKConstants.STORK10_NS)) {
+ attribute.getAttributeValues().add(childSAMLObject);
+ } else {
+ super.processChildElement(parentSAMLObject, childSAMLObject);
+ }
+}
+
+
+} \ No newline at end of file
diff --git a/id/server/stork-saml-engine/src/main/java/eu/stork/vidp/messages/saml/impl/STORKResponseBuilder.java b/id/server/stork-saml-engine/src/main/java/eu/stork/vidp/messages/saml/impl/STORKResponseBuilder.java
new file mode 100644
index 000000000..24cebaef7
--- /dev/null
+++ b/id/server/stork-saml-engine/src/main/java/eu/stork/vidp/messages/saml/impl/STORKResponseBuilder.java
@@ -0,0 +1,48 @@
+/*
+ * Copyright 2011 by Graz University of Technology, Austria
+ * The Austrian STORK Modules have been developed by the E-Government
+ * Innovation Center EGIZ, a joint initiative of the Federal Chancellery
+ * Austria and Graz University of Technology.
+ *
+ * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by
+ * the European Commission - subsequent versions of the EUPL (the "Licence");
+ * You may not use this work except in compliance with the Licence.
+ * You may obtain a copy of the Licence at:
+ * http://www.osor.eu/eupl/
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the Licence is distributed on an "AS IS" basis,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the Licence for the specific language governing permissions and
+ * limitations under the Licence.
+ *
+ * This product combines work with different licenses. See the "NOTICE" text
+ * file for details on the various modules and licenses.
+ * The "NOTICE" text file is part of the distribution. Any derivative works
+ * that you distribute must include a readable copy of the "NOTICE" text file.
+ */
+
+
+package eu.stork.vidp.messages.saml.impl;
+
+import org.opensaml.common.xml.SAMLConstants;
+import org.opensaml.saml2.core.Response;
+import org.opensaml.saml2.core.impl.ResponseBuilder;
+
+import eu.stork.mw.messages.saml.STORKResponse;
+
+public class STORKResponseBuilder extends ResponseBuilder {
+
+ /** {@inheritDoc} */
+
+
+ public STORKResponse buildObject() {
+ return buildObject(SAMLConstants.SAML20P_NS, Response.DEFAULT_ELEMENT_LOCAL_NAME, SAMLConstants.SAML20P_PREFIX);
+ }
+
+ /** {@inheritDoc} */
+ public STORKResponse buildObject(String namespaceURI, String localName, String namespacePrefix) {
+ return new STORKResponseImpl(namespaceURI, localName, namespacePrefix);
+ }
+
+}
diff --git a/id/server/stork-saml-engine/src/main/java/eu/stork/vidp/messages/saml/impl/STORKResponseImpl.java b/id/server/stork-saml-engine/src/main/java/eu/stork/vidp/messages/saml/impl/STORKResponseImpl.java
new file mode 100644
index 000000000..08b5dc9bc
--- /dev/null
+++ b/id/server/stork-saml-engine/src/main/java/eu/stork/vidp/messages/saml/impl/STORKResponseImpl.java
@@ -0,0 +1,59 @@
+/*
+ * Copyright 2011 by Graz University of Technology, Austria
+ * The Austrian STORK Modules have been developed by the E-Government
+ * Innovation Center EGIZ, a joint initiative of the Federal Chancellery
+ * Austria and Graz University of Technology.
+ *
+ * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by
+ * the European Commission - subsequent versions of the EUPL (the "Licence");
+ * You may not use this work except in compliance with the Licence.
+ * You may obtain a copy of the Licence at:
+ * http://www.osor.eu/eupl/
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the Licence is distributed on an "AS IS" basis,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the Licence for the specific language governing permissions and
+ * limitations under the Licence.
+ *
+ * This product combines work with different licenses. See the "NOTICE" text
+ * file for details on the various modules and licenses.
+ * The "NOTICE" text file is part of the distribution. Any derivative works
+ * that you distribute must include a readable copy of the "NOTICE" text file.
+ */
+
+
+package eu.stork.vidp.messages.saml.impl;
+
+import org.opensaml.common.xml.SAMLConstants;
+import org.opensaml.saml2.core.impl.ResponseImpl;
+
+import eu.stork.mw.messages.saml.STORKAuthnRequest;
+import eu.stork.mw.messages.saml.STORKResponse;
+
+public class STORKResponseImpl extends ResponseImpl implements STORKResponse {
+
+ private int qaaLevel;
+
+ protected STORKResponseImpl(String namespaceURI, String elementLocalName,
+ String namespacePrefix) {
+ super(namespaceURI, elementLocalName, namespacePrefix);
+ }
+
+
+
+ public STORKResponseImpl() {
+ super(SAMLConstants.SAML20P_NS, STORKResponse.DEFAULT_ELEMENT_LOCAL_NAME, SAMLConstants.SAML20P_PREFIX);
+ }
+
+
+ public int getQAALevel() {
+ return this.qaaLevel;
+ }
+
+ public void setQAALevel(int authLevel) {
+ this.qaaLevel = authLevel;
+
+ }
+
+}
diff --git a/id/server/stork-saml-engine/src/main/java/eu/stork/vidp/messages/saml/impl/STORKResponseMarshaller.java b/id/server/stork-saml-engine/src/main/java/eu/stork/vidp/messages/saml/impl/STORKResponseMarshaller.java
new file mode 100644
index 000000000..1a4654d01
--- /dev/null
+++ b/id/server/stork-saml-engine/src/main/java/eu/stork/vidp/messages/saml/impl/STORKResponseMarshaller.java
@@ -0,0 +1,44 @@
+/*
+ * Copyright 2011 by Graz University of Technology, Austria
+ * The Austrian STORK Modules have been developed by the E-Government
+ * Innovation Center EGIZ, a joint initiative of the Federal Chancellery
+ * Austria and Graz University of Technology.
+ *
+ * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by
+ * the European Commission - subsequent versions of the EUPL (the "Licence");
+ * You may not use this work except in compliance with the Licence.
+ * You may obtain a copy of the Licence at:
+ * http://www.osor.eu/eupl/
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the Licence is distributed on an "AS IS" basis,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the Licence for the specific language governing permissions and
+ * limitations under the Licence.
+ *
+ * This product combines work with different licenses. See the "NOTICE" text
+ * file for details on the various modules and licenses.
+ * The "NOTICE" text file is part of the distribution. Any derivative works
+ * that you distribute must include a readable copy of the "NOTICE" text file.
+ */
+
+
+package eu.stork.vidp.messages.saml.impl;
+
+import org.opensaml.saml2.core.impl.ResponseMarshaller;
+import org.opensaml.xml.XMLObject;
+import org.opensaml.xml.io.MarshallingException;
+import org.w3c.dom.Element;
+
+import eu.stork.mw.messages.saml.STORKResponse;
+
+public class STORKResponseMarshaller extends ResponseMarshaller {
+
+ protected void marshallElementContent(XMLObject samlObject, Element domElement) throws MarshallingException {
+ STORKResponse sr = (STORKResponse) samlObject;
+
+// if (sr.getQAA() != -1) {
+// //domElement.setAttributeNS(null, StatusResponseType.VERSION_ATTRIB_NAME, sr.getVersion().toString());
+// }
+ }
+}
diff --git a/id/server/stork-saml-engine/src/main/java/eu/stork/vidp/messages/saml/impl/STORKResponseUnmarshaller.java b/id/server/stork-saml-engine/src/main/java/eu/stork/vidp/messages/saml/impl/STORKResponseUnmarshaller.java
new file mode 100644
index 000000000..c2a7bcef9
--- /dev/null
+++ b/id/server/stork-saml-engine/src/main/java/eu/stork/vidp/messages/saml/impl/STORKResponseUnmarshaller.java
@@ -0,0 +1,51 @@
+/*
+ * Copyright 2011 by Graz University of Technology, Austria
+ * The Austrian STORK Modules have been developed by the E-Government
+ * Innovation Center EGIZ, a joint initiative of the Federal Chancellery
+ * Austria and Graz University of Technology.
+ *
+ * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by
+ * the European Commission - subsequent versions of the EUPL (the "Licence");
+ * You may not use this work except in compliance with the Licence.
+ * You may obtain a copy of the Licence at:
+ * http://www.osor.eu/eupl/
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the Licence is distributed on an "AS IS" basis,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the Licence for the specific language governing permissions and
+ * limitations under the Licence.
+ *
+ * This product combines work with different licenses. See the "NOTICE" text
+ * file for details on the various modules and licenses.
+ * The "NOTICE" text file is part of the distribution. Any derivative works
+ * that you distribute must include a readable copy of the "NOTICE" text file.
+ */
+
+
+package eu.stork.vidp.messages.saml.impl;
+
+import org.opensaml.saml2.core.impl.ResponseUnmarshaller;
+import org.opensaml.xml.XMLObject;
+import org.opensaml.xml.io.UnmarshallingException;
+
+import eu.stork.mw.messages.saml.STORKResponse;
+import eu.stork.vidp.messages.saml.STORKExtensions;
+
+public class STORKResponseUnmarshaller extends ResponseUnmarshaller {
+
+ protected void processChildElement(XMLObject parentSAMLObject, XMLObject childSAMLObject)
+ throws UnmarshallingException {
+ STORKResponse resp = (STORKResponse) parentSAMLObject;
+
+ if (childSAMLObject instanceof STORKExtensions) {
+ STORKExtensions ext = (STORKExtensions) childSAMLObject;
+
+ if (ext.getQAALevel() != null)
+ resp.setQAALevel(ext.getQAALevel().getValue());
+ } else {
+ super.processChildElement(parentSAMLObject, childSAMLObject);
+ }
+ }
+
+}
diff --git a/id/server/stork-saml-engine/src/main/java/eu/stork/vidp/messages/stork/AuthenticationAttributes.java b/id/server/stork-saml-engine/src/main/java/eu/stork/vidp/messages/stork/AuthenticationAttributes.java
new file mode 100644
index 000000000..73f9cd503
--- /dev/null
+++ b/id/server/stork-saml-engine/src/main/java/eu/stork/vidp/messages/stork/AuthenticationAttributes.java
@@ -0,0 +1,55 @@
+/*
+ * Copyright 2011 by Graz University of Technology, Austria
+ * The Austrian STORK Modules have been developed by the E-Government
+ * Innovation Center EGIZ, a joint initiative of the Federal Chancellery
+ * Austria and Graz University of Technology.
+ *
+ * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by
+ * the European Commission - subsequent versions of the EUPL (the "Licence");
+ * You may not use this work except in compliance with the Licence.
+ * You may obtain a copy of the Licence at:
+ * http://www.osor.eu/eupl/
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the Licence is distributed on an "AS IS" basis,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the Licence for the specific language governing permissions and
+ * limitations under the Licence.
+ *
+ * This product combines work with different licenses. See the "NOTICE" text
+ * file for details on the various modules and licenses.
+ * The "NOTICE" text file is part of the distribution. Any derivative works
+ * that you distribute must include a readable copy of the "NOTICE" text file.
+ */
+
+
+package eu.stork.vidp.messages.stork;
+
+import javax.xml.namespace.QName;
+
+import org.opensaml.xml.validation.ValidatingXMLObject;
+
+import eu.stork.vidp.messages.common.STORKConstants;
+
+public interface AuthenticationAttributes extends
+ ValidatingXMLObject {
+
+ /** Element local name. */
+ public static final String DEFAULT_ELEMENT_LOCAL_NAME = "AuthenticationAttributes";
+
+ /** Default element name. */
+ public static final QName DEFAULT_ELEMENT_NAME = new QName(STORKConstants.STORKP10_NS, DEFAULT_ELEMENT_LOCAL_NAME,
+ STORKConstants.STORKP10_PREFIX);
+
+ /** Local name of the XSI type. */
+ public static final String TYPE_LOCAL_NAME = "AuthenticationAttributesType";
+
+ /** QName of the XSI type. */
+ public static final QName TYPE_NAME = new QName(STORKConstants.STORKP10_NS, TYPE_LOCAL_NAME,
+ STORKConstants.STORKP10_PREFIX);
+
+ public void setVIDPAuthenticationAttributes(VIDPAuthenticationAttributes authenticationAttributes);
+
+ public VIDPAuthenticationAttributes getVIDPAuthenticationAttributes();
+
+}
diff --git a/id/server/stork-saml-engine/src/main/java/eu/stork/vidp/messages/stork/CitizenCountryCode.java b/id/server/stork-saml-engine/src/main/java/eu/stork/vidp/messages/stork/CitizenCountryCode.java
new file mode 100644
index 000000000..8c7847dd7
--- /dev/null
+++ b/id/server/stork-saml-engine/src/main/java/eu/stork/vidp/messages/stork/CitizenCountryCode.java
@@ -0,0 +1,48 @@
+/*
+ * Copyright 2011 by Graz University of Technology, Austria
+ * The Austrian STORK Modules have been developed by the E-Government
+ * Innovation Center EGIZ, a joint initiative of the Federal Chancellery
+ * Austria and Graz University of Technology.
+ *
+ * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by
+ * the European Commission - subsequent versions of the EUPL (the "Licence");
+ * You may not use this work except in compliance with the Licence.
+ * You may obtain a copy of the Licence at:
+ * http://www.osor.eu/eupl/
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the Licence is distributed on an "AS IS" basis,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the Licence for the specific language governing permissions and
+ * limitations under the Licence.
+ *
+ * This product combines work with different licenses. See the "NOTICE" text
+ * file for details on the various modules and licenses.
+ * The "NOTICE" text file is part of the distribution. Any derivative works
+ * that you distribute must include a readable copy of the "NOTICE" text file.
+ */
+
+
+package eu.stork.vidp.messages.stork;
+
+import javax.xml.namespace.QName;
+
+import org.opensaml.xml.validation.ValidatingXMLObject;
+
+import eu.stork.vidp.messages.common.STORKConstants;
+
+public interface CitizenCountryCode extends
+ ValidatingXMLObject {
+
+ /** Element local name. */
+ public static final String DEFAULT_ELEMENT_LOCAL_NAME = "CitizenCountryCode";
+
+ /** Default element name. */
+ public static final QName DEFAULT_ELEMENT_NAME = new QName(STORKConstants.STORKP10_NS, DEFAULT_ELEMENT_LOCAL_NAME,
+ STORKConstants.STORKP10_PREFIX);
+
+ public void setValue(String citizenCountryCode);
+
+ public String getValue();
+
+}
diff --git a/id/server/stork-saml-engine/src/main/java/eu/stork/vidp/messages/stork/EIDCrossBorderShare.java b/id/server/stork-saml-engine/src/main/java/eu/stork/vidp/messages/stork/EIDCrossBorderShare.java
new file mode 100644
index 000000000..c0f7cb291
--- /dev/null
+++ b/id/server/stork-saml-engine/src/main/java/eu/stork/vidp/messages/stork/EIDCrossBorderShare.java
@@ -0,0 +1,54 @@
+/*
+ * Copyright 2011 by Graz University of Technology, Austria
+ * The Austrian STORK Modules have been developed by the E-Government
+ * Innovation Center EGIZ, a joint initiative of the Federal Chancellery
+ * Austria and Graz University of Technology.
+ *
+ * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by
+ * the European Commission - subsequent versions of the EUPL (the "Licence");
+ * You may not use this work except in compliance with the Licence.
+ * You may obtain a copy of the Licence at:
+ * http://www.osor.eu/eupl/
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the Licence is distributed on an "AS IS" basis,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the Licence for the specific language governing permissions and
+ * limitations under the Licence.
+ *
+ * This product combines work with different licenses. See the "NOTICE" text
+ * file for details on the various modules and licenses.
+ * The "NOTICE" text file is part of the distribution. Any derivative works
+ * that you distribute must include a readable copy of the "NOTICE" text file.
+ */
+
+
+/**
+ *
+ */
+package eu.stork.vidp.messages.stork;
+
+import javax.xml.namespace.QName;
+
+import org.opensaml.xml.validation.ValidatingXMLObject;
+
+import eu.stork.vidp.messages.common.STORKConstants;
+
+/**
+ * @author bzwattendorfer
+ *
+ */
+public interface EIDCrossBorderShare extends ValidatingXMLObject {
+
+ /** Element local name. */
+ public static final String DEFAULT_ELEMENT_LOCAL_NAME = "eIDCrossBorderShare";
+
+ /** Default element name. */
+ public static final QName DEFAULT_ELEMENT_NAME = new QName(STORKConstants.STORKP10_NS, DEFAULT_ELEMENT_LOCAL_NAME,
+ STORKConstants.STORKP10_PREFIX);
+
+ public void setValue(boolean value);
+
+ public boolean getValue();
+
+}
diff --git a/id/server/stork-saml-engine/src/main/java/eu/stork/vidp/messages/stork/EIDCrossSectorShare.java b/id/server/stork-saml-engine/src/main/java/eu/stork/vidp/messages/stork/EIDCrossSectorShare.java
new file mode 100644
index 000000000..a04376fb2
--- /dev/null
+++ b/id/server/stork-saml-engine/src/main/java/eu/stork/vidp/messages/stork/EIDCrossSectorShare.java
@@ -0,0 +1,54 @@
+/*
+ * Copyright 2011 by Graz University of Technology, Austria
+ * The Austrian STORK Modules have been developed by the E-Government
+ * Innovation Center EGIZ, a joint initiative of the Federal Chancellery
+ * Austria and Graz University of Technology.
+ *
+ * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by
+ * the European Commission - subsequent versions of the EUPL (the "Licence");
+ * You may not use this work except in compliance with the Licence.
+ * You may obtain a copy of the Licence at:
+ * http://www.osor.eu/eupl/
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the Licence is distributed on an "AS IS" basis,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the Licence for the specific language governing permissions and
+ * limitations under the Licence.
+ *
+ * This product combines work with different licenses. See the "NOTICE" text
+ * file for details on the various modules and licenses.
+ * The "NOTICE" text file is part of the distribution. Any derivative works
+ * that you distribute must include a readable copy of the "NOTICE" text file.
+ */
+
+
+/**
+ *
+ */
+package eu.stork.vidp.messages.stork;
+
+import javax.xml.namespace.QName;
+
+import org.opensaml.xml.validation.ValidatingXMLObject;
+
+import eu.stork.vidp.messages.common.STORKConstants;
+
+/**
+ * @author bzwattendorfer
+ *
+ */
+public interface EIDCrossSectorShare extends ValidatingXMLObject {
+
+ /** Element local name. */
+ public static final String DEFAULT_ELEMENT_LOCAL_NAME = "eIDCrossSectorShare";
+
+ /** Default element name. */
+ public static final QName DEFAULT_ELEMENT_NAME = new QName(STORKConstants.STORKP10_NS, DEFAULT_ELEMENT_LOCAL_NAME,
+ STORKConstants.STORKP10_PREFIX);
+
+ public void setValue(boolean value);
+
+ public boolean getValue();
+
+}
diff --git a/id/server/stork-saml-engine/src/main/java/eu/stork/vidp/messages/stork/EIDSectorShare.java b/id/server/stork-saml-engine/src/main/java/eu/stork/vidp/messages/stork/EIDSectorShare.java
new file mode 100644
index 000000000..4fbd4a2d9
--- /dev/null
+++ b/id/server/stork-saml-engine/src/main/java/eu/stork/vidp/messages/stork/EIDSectorShare.java
@@ -0,0 +1,54 @@
+/*
+ * Copyright 2011 by Graz University of Technology, Austria
+ * The Austrian STORK Modules have been developed by the E-Government
+ * Innovation Center EGIZ, a joint initiative of the Federal Chancellery
+ * Austria and Graz University of Technology.
+ *
+ * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by
+ * the European Commission - subsequent versions of the EUPL (the "Licence");
+ * You may not use this work except in compliance with the Licence.
+ * You may obtain a copy of the Licence at:
+ * http://www.osor.eu/eupl/
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the Licence is distributed on an "AS IS" basis,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the Licence for the specific language governing permissions and
+ * limitations under the Licence.
+ *
+ * This product combines work with different licenses. See the "NOTICE" text
+ * file for details on the various modules and licenses.
+ * The "NOTICE" text file is part of the distribution. Any derivative works
+ * that you distribute must include a readable copy of the "NOTICE" text file.
+ */
+
+
+/**
+ *
+ */
+package eu.stork.vidp.messages.stork;
+
+import javax.xml.namespace.QName;
+
+import org.opensaml.xml.validation.ValidatingXMLObject;
+
+import eu.stork.vidp.messages.common.STORKConstants;
+
+/**
+ * @author bzwattendorfer
+ *
+ */
+public interface EIDSectorShare extends ValidatingXMLObject {
+
+ /** Element local name. */
+ public static final String DEFAULT_ELEMENT_LOCAL_NAME = "eIDSectorShare";
+
+ /** Default element name. */
+ public static final QName DEFAULT_ELEMENT_NAME = new QName(STORKConstants.STORKP10_NS, DEFAULT_ELEMENT_LOCAL_NAME,
+ STORKConstants.STORKP10_PREFIX);
+
+ public void setValue(boolean value);
+
+ public boolean getValue();
+
+}
diff --git a/id/server/stork-saml-engine/src/main/java/eu/stork/vidp/messages/stork/QualityAuthenticationAssuranceLevel.java b/id/server/stork-saml-engine/src/main/java/eu/stork/vidp/messages/stork/QualityAuthenticationAssuranceLevel.java
new file mode 100644
index 000000000..2869177b2
--- /dev/null
+++ b/id/server/stork-saml-engine/src/main/java/eu/stork/vidp/messages/stork/QualityAuthenticationAssuranceLevel.java
@@ -0,0 +1,48 @@
+/*
+ * Copyright 2011 by Graz University of Technology, Austria
+ * The Austrian STORK Modules have been developed by the E-Government
+ * Innovation Center EGIZ, a joint initiative of the Federal Chancellery
+ * Austria and Graz University of Technology.
+ *
+ * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by
+ * the European Commission - subsequent versions of the EUPL (the "Licence");
+ * You may not use this work except in compliance with the Licence.
+ * You may obtain a copy of the Licence at:
+ * http://www.osor.eu/eupl/
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the Licence is distributed on an "AS IS" basis,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the Licence for the specific language governing permissions and
+ * limitations under the Licence.
+ *
+ * This product combines work with different licenses. See the "NOTICE" text
+ * file for details on the various modules and licenses.
+ * The "NOTICE" text file is part of the distribution. Any derivative works
+ * that you distribute must include a readable copy of the "NOTICE" text file.
+ */
+
+
+package eu.stork.vidp.messages.stork;
+
+import javax.xml.namespace.QName;
+
+import org.opensaml.xml.validation.ValidatingXMLObject;
+
+import eu.stork.vidp.messages.common.STORKConstants;
+
+public interface QualityAuthenticationAssuranceLevel extends
+ ValidatingXMLObject {
+
+ /** Element local name. */
+ public static final String DEFAULT_ELEMENT_LOCAL_NAME = "QualityAuthenticationAssuranceLevel";
+
+ /** Default element name. */
+ public static final QName DEFAULT_ELEMENT_NAME = new QName(STORKConstants.STORK10_NS, DEFAULT_ELEMENT_LOCAL_NAME,
+ STORKConstants.STORK10_PREFIX);
+
+ public void setValue(int level);
+
+ public int getValue();
+
+}
diff --git a/id/server/stork-saml-engine/src/main/java/eu/stork/vidp/messages/stork/RequestedAttributes.java b/id/server/stork-saml-engine/src/main/java/eu/stork/vidp/messages/stork/RequestedAttributes.java
new file mode 100644
index 000000000..0dcb1964c
--- /dev/null
+++ b/id/server/stork-saml-engine/src/main/java/eu/stork/vidp/messages/stork/RequestedAttributes.java
@@ -0,0 +1,58 @@
+/*
+ * Copyright 2011 by Graz University of Technology, Austria
+ * The Austrian STORK Modules have been developed by the E-Government
+ * Innovation Center EGIZ, a joint initiative of the Federal Chancellery
+ * Austria and Graz University of Technology.
+ *
+ * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by
+ * the European Commission - subsequent versions of the EUPL (the "Licence");
+ * You may not use this work except in compliance with the Licence.
+ * You may obtain a copy of the Licence at:
+ * http://www.osor.eu/eupl/
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the Licence is distributed on an "AS IS" basis,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the Licence for the specific language governing permissions and
+ * limitations under the Licence.
+ *
+ * This product combines work with different licenses. See the "NOTICE" text
+ * file for details on the various modules and licenses.
+ * The "NOTICE" text file is part of the distribution. Any derivative works
+ * that you distribute must include a readable copy of the "NOTICE" text file.
+ */
+
+
+package eu.stork.vidp.messages.stork;
+
+import java.util.List;
+
+import javax.xml.namespace.QName;
+
+import org.opensaml.saml2.metadata.RequestedAttribute;
+import org.opensaml.xml.validation.ValidatingXMLObject;
+
+import eu.stork.vidp.messages.common.STORKConstants;
+
+public interface RequestedAttributes extends
+ ValidatingXMLObject {
+
+ /** Element local name. */
+ public static final String DEFAULT_ELEMENT_LOCAL_NAME = "RequestedAttributes";
+
+ /** Default element name. */
+ public static final QName DEFAULT_ELEMENT_NAME = new QName(STORKConstants.STORKP10_NS, DEFAULT_ELEMENT_LOCAL_NAME,
+ STORKConstants.STORKP10_PREFIX);
+
+ /** Local name of the XSI type. */
+ public static final String TYPE_LOCAL_NAME = "RequestedAttributesType";
+
+ /** QName of the XSI type. */
+ public static final QName TYPE_NAME = new QName(STORKConstants.STORKP10_NS, TYPE_LOCAL_NAME,
+ STORKConstants.STORKP10_PREFIX);
+
+ public void setRequestedAttributes(List<RequestedAttribute> requestedAttributes);
+
+ public List<RequestedAttribute> getRequestedAttributes();
+
+}
diff --git a/id/server/stork-saml-engine/src/main/java/eu/stork/vidp/messages/stork/SPAuthRequest.java b/id/server/stork-saml-engine/src/main/java/eu/stork/vidp/messages/stork/SPAuthRequest.java
new file mode 100644
index 000000000..8a5fd8644
--- /dev/null
+++ b/id/server/stork-saml-engine/src/main/java/eu/stork/vidp/messages/stork/SPAuthRequest.java
@@ -0,0 +1,46 @@
+/*
+ * Copyright 2011 by Graz University of Technology, Austria
+ * The Austrian STORK Modules have been developed by the E-Government
+ * Innovation Center EGIZ, a joint initiative of the Federal Chancellery
+ * Austria and Graz University of Technology.
+ *
+ * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by
+ * the European Commission - subsequent versions of the EUPL (the "Licence");
+ * You may not use this work except in compliance with the Licence.
+ * You may obtain a copy of the Licence at:
+ * http://www.osor.eu/eupl/
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the Licence is distributed on an "AS IS" basis,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the Licence for the specific language governing permissions and
+ * limitations under the Licence.
+ *
+ * This product combines work with different licenses. See the "NOTICE" text
+ * file for details on the various modules and licenses.
+ * The "NOTICE" text file is part of the distribution. Any derivative works
+ * that you distribute must include a readable copy of the "NOTICE" text file.
+ */
+
+package eu.stork.vidp.messages.stork;
+
+import javax.xml.namespace.QName;
+
+import org.opensaml.xml.ElementExtensibleXMLObject;
+import org.opensaml.xml.validation.ValidatingXMLObject;
+
+import eu.stork.vidp.messages.common.STORKConstants;
+
+/**
+ * SAML 2.0 Extensions
+ */
+public interface SPAuthRequest extends ValidatingXMLObject, ElementExtensibleXMLObject {
+
+ /** Local name, no namespace */
+ public final static String LOCAL_NAME = "SPAuthRequest";
+
+ /** Default element name. */
+ public static final QName DEFAULT_ELEMENT_NAME = new QName(STORKConstants.STORKP10_NS, LOCAL_NAME,
+ STORKConstants.STORKP10_PREFIX);
+
+}
diff --git a/id/server/stork-saml-engine/src/main/java/eu/stork/vidp/messages/stork/SPCertEnc.java b/id/server/stork-saml-engine/src/main/java/eu/stork/vidp/messages/stork/SPCertEnc.java
new file mode 100644
index 000000000..fd0ff31ae
--- /dev/null
+++ b/id/server/stork-saml-engine/src/main/java/eu/stork/vidp/messages/stork/SPCertEnc.java
@@ -0,0 +1,44 @@
+/*
+ * Copyright 2011 by Graz University of Technology, Austria
+ * The Austrian STORK Modules have been developed by the E-Government
+ * Innovation Center EGIZ, a joint initiative of the Federal Chancellery
+ * Austria and Graz University of Technology.
+ *
+ * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by
+ * the European Commission - subsequent versions of the EUPL (the "Licence");
+ * You may not use this work except in compliance with the Licence.
+ * You may obtain a copy of the Licence at:
+ * http://www.osor.eu/eupl/
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the Licence is distributed on an "AS IS" basis,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the Licence for the specific language governing permissions and
+ * limitations under the Licence.
+ *
+ * This product combines work with different licenses. See the "NOTICE" text
+ * file for details on the various modules and licenses.
+ * The "NOTICE" text file is part of the distribution. Any derivative works
+ * that you distribute must include a readable copy of the "NOTICE" text file.
+ */
+
+
+package eu.stork.vidp.messages.stork;
+
+import javax.xml.namespace.QName;
+
+import eu.stork.vidp.messages.common.STORKConstants;
+
+public interface SPCertEnc extends
+ SPCertType {
+
+ /** Element local name. */
+ public static final String DEFAULT_ELEMENT_LOCAL_NAME = "SPCertEnc";
+
+ /** Default element name. */
+ public static final QName DEFAULT_ELEMENT_NAME = new QName(STORKConstants.STORKP10_NS, DEFAULT_ELEMENT_LOCAL_NAME,
+ STORKConstants.STORKP10_PREFIX);
+
+
+
+}
diff --git a/id/server/stork-saml-engine/src/main/java/eu/stork/vidp/messages/stork/SPCertSig.java b/id/server/stork-saml-engine/src/main/java/eu/stork/vidp/messages/stork/SPCertSig.java
new file mode 100644
index 000000000..c54d23505
--- /dev/null
+++ b/id/server/stork-saml-engine/src/main/java/eu/stork/vidp/messages/stork/SPCertSig.java
@@ -0,0 +1,44 @@
+/*
+ * Copyright 2011 by Graz University of Technology, Austria
+ * The Austrian STORK Modules have been developed by the E-Government
+ * Innovation Center EGIZ, a joint initiative of the Federal Chancellery
+ * Austria and Graz University of Technology.
+ *
+ * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by
+ * the European Commission - subsequent versions of the EUPL (the "Licence");
+ * You may not use this work except in compliance with the Licence.
+ * You may obtain a copy of the Licence at:
+ * http://www.osor.eu/eupl/
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the Licence is distributed on an "AS IS" basis,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the Licence for the specific language governing permissions and
+ * limitations under the Licence.
+ *
+ * This product combines work with different licenses. See the "NOTICE" text
+ * file for details on the various modules and licenses.
+ * The "NOTICE" text file is part of the distribution. Any derivative works
+ * that you distribute must include a readable copy of the "NOTICE" text file.
+ */
+
+
+package eu.stork.vidp.messages.stork;
+
+import javax.xml.namespace.QName;
+
+import eu.stork.vidp.messages.common.STORKConstants;
+
+public interface SPCertSig extends
+ SPCertType {
+
+ /** Element local name. */
+ public static final String DEFAULT_ELEMENT_LOCAL_NAME = "SPCertSig";
+
+ /** Default element name. */
+ public static final QName DEFAULT_ELEMENT_NAME = new QName(STORKConstants.STORKP10_NS, DEFAULT_ELEMENT_LOCAL_NAME,
+ STORKConstants.STORKP10_PREFIX);
+
+
+
+}
diff --git a/id/server/stork-saml-engine/src/main/java/eu/stork/vidp/messages/stork/SPCertType.java b/id/server/stork-saml-engine/src/main/java/eu/stork/vidp/messages/stork/SPCertType.java
new file mode 100644
index 000000000..e24db06a7
--- /dev/null
+++ b/id/server/stork-saml-engine/src/main/java/eu/stork/vidp/messages/stork/SPCertType.java
@@ -0,0 +1,49 @@
+/*
+ * Copyright 2011 by Graz University of Technology, Austria
+ * The Austrian STORK Modules have been developed by the E-Government
+ * Innovation Center EGIZ, a joint initiative of the Federal Chancellery
+ * Austria and Graz University of Technology.
+ *
+ * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by
+ * the European Commission - subsequent versions of the EUPL (the "Licence");
+ * You may not use this work except in compliance with the Licence.
+ * You may obtain a copy of the Licence at:
+ * http://www.osor.eu/eupl/
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the Licence is distributed on an "AS IS" basis,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the Licence for the specific language governing permissions and
+ * limitations under the Licence.
+ *
+ * This product combines work with different licenses. See the "NOTICE" text
+ * file for details on the various modules and licenses.
+ * The "NOTICE" text file is part of the distribution. Any derivative works
+ * that you distribute must include a readable copy of the "NOTICE" text file.
+ */
+
+
+package eu.stork.vidp.messages.stork;
+
+import javax.xml.namespace.QName;
+
+import org.opensaml.xml.signature.KeyInfo;
+import org.opensaml.xml.validation.ValidatingXMLObject;
+
+import eu.stork.vidp.messages.common.STORKConstants;
+
+public interface SPCertType extends
+ ValidatingXMLObject {
+
+ /** Local name of the XSI type. */
+ public static final String TYPE_LOCAL_NAME = "SPCertType";
+
+ /** QName of the XSI type. */
+ public static final QName TYPE_NAME = new QName(STORKConstants.STORKP10_NS, TYPE_LOCAL_NAME,
+ STORKConstants.STORKP10_PREFIX);
+
+ public void setKeyInfo(KeyInfo keyInfo);
+
+ public KeyInfo getKeyInfo();
+
+}
diff --git a/id/server/stork-saml-engine/src/main/java/eu/stork/vidp/messages/stork/SPID.java b/id/server/stork-saml-engine/src/main/java/eu/stork/vidp/messages/stork/SPID.java
new file mode 100644
index 000000000..6c8122b88
--- /dev/null
+++ b/id/server/stork-saml-engine/src/main/java/eu/stork/vidp/messages/stork/SPID.java
@@ -0,0 +1,48 @@
+/*
+ * Copyright 2011 by Graz University of Technology, Austria
+ * The Austrian STORK Modules have been developed by the E-Government
+ * Innovation Center EGIZ, a joint initiative of the Federal Chancellery
+ * Austria and Graz University of Technology.
+ *
+ * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by
+ * the European Commission - subsequent versions of the EUPL (the "Licence");
+ * You may not use this work except in compliance with the Licence.
+ * You may obtain a copy of the Licence at:
+ * http://www.osor.eu/eupl/
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the Licence is distributed on an "AS IS" basis,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the Licence for the specific language governing permissions and
+ * limitations under the Licence.
+ *
+ * This product combines work with different licenses. See the "NOTICE" text
+ * file for details on the various modules and licenses.
+ * The "NOTICE" text file is part of the distribution. Any derivative works
+ * that you distribute must include a readable copy of the "NOTICE" text file.
+ */
+
+
+package eu.stork.vidp.messages.stork;
+
+import javax.xml.namespace.QName;
+
+import org.opensaml.xml.validation.ValidatingXMLObject;
+
+import eu.stork.vidp.messages.common.STORKConstants;
+
+public interface SPID extends
+ ValidatingXMLObject {
+
+ /** Element local name. */
+ public static final String DEFAULT_ELEMENT_LOCAL_NAME = "SPID";
+
+ /** Default element name. */
+ public static final QName DEFAULT_ELEMENT_NAME = new QName(STORKConstants.STORKP10_NS, DEFAULT_ELEMENT_LOCAL_NAME,
+ STORKConstants.STORKP10_PREFIX);
+
+ public void setValue(String spID);
+
+ public String getValue();
+
+}
diff --git a/id/server/stork-saml-engine/src/main/java/eu/stork/vidp/messages/stork/SPInformation.java b/id/server/stork-saml-engine/src/main/java/eu/stork/vidp/messages/stork/SPInformation.java
new file mode 100644
index 000000000..e0926cd65
--- /dev/null
+++ b/id/server/stork-saml-engine/src/main/java/eu/stork/vidp/messages/stork/SPInformation.java
@@ -0,0 +1,67 @@
+/*
+ * Copyright 2011 by Graz University of Technology, Austria
+ * The Austrian STORK Modules have been developed by the E-Government
+ * Innovation Center EGIZ, a joint initiative of the Federal Chancellery
+ * Austria and Graz University of Technology.
+ *
+ * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by
+ * the European Commission - subsequent versions of the EUPL (the "Licence");
+ * You may not use this work except in compliance with the Licence.
+ * You may obtain a copy of the Licence at:
+ * http://www.osor.eu/eupl/
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the Licence is distributed on an "AS IS" basis,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the Licence for the specific language governing permissions and
+ * limitations under the Licence.
+ *
+ * This product combines work with different licenses. See the "NOTICE" text
+ * file for details on the various modules and licenses.
+ * The "NOTICE" text file is part of the distribution. Any derivative works
+ * that you distribute must include a readable copy of the "NOTICE" text file.
+ */
+
+
+package eu.stork.vidp.messages.stork;
+
+import javax.xml.namespace.QName;
+
+import org.opensaml.xml.validation.ValidatingXMLObject;
+
+import eu.stork.vidp.messages.common.STORKConstants;
+
+public interface SPInformation extends
+ ValidatingXMLObject {
+
+ /** Element local name. */
+ public static final String DEFAULT_ELEMENT_LOCAL_NAME = "SPInformation";
+
+ /** Default element name. */
+ public static final QName DEFAULT_ELEMENT_NAME = new QName(STORKConstants.STORKP10_NS, DEFAULT_ELEMENT_LOCAL_NAME,
+ STORKConstants.STORKP10_PREFIX);
+
+ /** Local name of the XSI type. */
+ public static final String TYPE_LOCAL_NAME = "SPInformationType";
+
+ /** QName of the XSI type. */
+ public static final QName TYPE_NAME = new QName(STORKConstants.STORKP10_NS, TYPE_LOCAL_NAME,
+ STORKConstants.STORKP10_PREFIX);
+
+ public void setSPID(SPID spID);
+
+ public SPID getSPID();
+
+ public void setSPCertSig(SPCertSig spCertSig);
+
+ public SPCertSig getSPCertSig();
+
+ public void setSPCertEnc(SPCertEnc spCertEnc);
+
+ public SPCertEnc getSPCertEnc();
+
+ public void setSPAuthRequest(SPAuthRequest spAuthRequest);
+
+ public SPAuthRequest getSPAuthRequest();
+
+}
diff --git a/id/server/stork-saml-engine/src/main/java/eu/stork/vidp/messages/stork/SpApplication.java b/id/server/stork-saml-engine/src/main/java/eu/stork/vidp/messages/stork/SpApplication.java
new file mode 100644
index 000000000..c68a29297
--- /dev/null
+++ b/id/server/stork-saml-engine/src/main/java/eu/stork/vidp/messages/stork/SpApplication.java
@@ -0,0 +1,48 @@
+/*
+ * Copyright 2011 by Graz University of Technology, Austria
+ * The Austrian STORK Modules have been developed by the E-Government
+ * Innovation Center EGIZ, a joint initiative of the Federal Chancellery
+ * Austria and Graz University of Technology.
+ *
+ * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by
+ * the European Commission - subsequent versions of the EUPL (the "Licence");
+ * You may not use this work except in compliance with the Licence.
+ * You may obtain a copy of the Licence at:
+ * http://www.osor.eu/eupl/
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the Licence is distributed on an "AS IS" basis,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the Licence for the specific language governing permissions and
+ * limitations under the Licence.
+ *
+ * This product combines work with different licenses. See the "NOTICE" text
+ * file for details on the various modules and licenses.
+ * The "NOTICE" text file is part of the distribution. Any derivative works
+ * that you distribute must include a readable copy of the "NOTICE" text file.
+ */
+
+
+package eu.stork.vidp.messages.stork;
+
+import javax.xml.namespace.QName;
+
+import org.opensaml.xml.validation.ValidatingXMLObject;
+
+import eu.stork.vidp.messages.common.STORKConstants;
+
+public interface SpApplication extends
+ ValidatingXMLObject {
+
+ /** Element local name. */
+ public static final String DEFAULT_ELEMENT_LOCAL_NAME = "spApplication";
+
+ /** Default element name. */
+ public static final QName DEFAULT_ELEMENT_NAME = new QName(STORKConstants.STORK10_NS, DEFAULT_ELEMENT_LOCAL_NAME,
+ STORKConstants.STORK10_PREFIX);
+
+ public void setValue(String spApplication);
+
+ public String getValue();
+
+}
diff --git a/id/server/stork-saml-engine/src/main/java/eu/stork/vidp/messages/stork/SpCountry.java b/id/server/stork-saml-engine/src/main/java/eu/stork/vidp/messages/stork/SpCountry.java
new file mode 100644
index 000000000..d7708cb62
--- /dev/null
+++ b/id/server/stork-saml-engine/src/main/java/eu/stork/vidp/messages/stork/SpCountry.java
@@ -0,0 +1,48 @@
+/*
+ * Copyright 2011 by Graz University of Technology, Austria
+ * The Austrian STORK Modules have been developed by the E-Government
+ * Innovation Center EGIZ, a joint initiative of the Federal Chancellery
+ * Austria and Graz University of Technology.
+ *
+ * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by
+ * the European Commission - subsequent versions of the EUPL (the "Licence");
+ * You may not use this work except in compliance with the Licence.
+ * You may obtain a copy of the Licence at:
+ * http://www.osor.eu/eupl/
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the Licence is distributed on an "AS IS" basis,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the Licence for the specific language governing permissions and
+ * limitations under the Licence.
+ *
+ * This product combines work with different licenses. See the "NOTICE" text
+ * file for details on the various modules and licenses.
+ * The "NOTICE" text file is part of the distribution. Any derivative works
+ * that you distribute must include a readable copy of the "NOTICE" text file.
+ */
+
+
+package eu.stork.vidp.messages.stork;
+
+import javax.xml.namespace.QName;
+
+import org.opensaml.xml.validation.ValidatingXMLObject;
+
+import eu.stork.vidp.messages.common.STORKConstants;
+
+public interface SpCountry extends
+ ValidatingXMLObject {
+
+ /** Element local name. */
+ public static final String DEFAULT_ELEMENT_LOCAL_NAME = "spCountry";
+
+ /** Default element name. */
+ public static final QName DEFAULT_ELEMENT_NAME = new QName(STORKConstants.STORK10_NS, DEFAULT_ELEMENT_LOCAL_NAME,
+ STORKConstants.STORK10_PREFIX);
+
+ public void setValue(String spCountry);
+
+ public String getValue();
+
+}
diff --git a/id/server/stork-saml-engine/src/main/java/eu/stork/vidp/messages/stork/SpInstitution.java b/id/server/stork-saml-engine/src/main/java/eu/stork/vidp/messages/stork/SpInstitution.java
new file mode 100644
index 000000000..dddd9e599
--- /dev/null
+++ b/id/server/stork-saml-engine/src/main/java/eu/stork/vidp/messages/stork/SpInstitution.java
@@ -0,0 +1,48 @@
+/*
+ * Copyright 2011 by Graz University of Technology, Austria
+ * The Austrian STORK Modules have been developed by the E-Government
+ * Innovation Center EGIZ, a joint initiative of the Federal Chancellery
+ * Austria and Graz University of Technology.
+ *
+ * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by
+ * the European Commission - subsequent versions of the EUPL (the "Licence");
+ * You may not use this work except in compliance with the Licence.
+ * You may obtain a copy of the Licence at:
+ * http://www.osor.eu/eupl/
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the Licence is distributed on an "AS IS" basis,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the Licence for the specific language governing permissions and
+ * limitations under the Licence.
+ *
+ * This product combines work with different licenses. See the "NOTICE" text
+ * file for details on the various modules and licenses.
+ * The "NOTICE" text file is part of the distribution. Any derivative works
+ * that you distribute must include a readable copy of the "NOTICE" text file.
+ */
+
+
+package eu.stork.vidp.messages.stork;
+
+import javax.xml.namespace.QName;
+
+import org.opensaml.xml.validation.ValidatingXMLObject;
+
+import eu.stork.vidp.messages.common.STORKConstants;
+
+public interface SpInstitution extends
+ ValidatingXMLObject {
+
+ /** Element local name. */
+ public static final String DEFAULT_ELEMENT_LOCAL_NAME = "spInstitution";
+
+ /** Default element name. */
+ public static final QName DEFAULT_ELEMENT_NAME = new QName(STORKConstants.STORK10_NS, DEFAULT_ELEMENT_LOCAL_NAME,
+ STORKConstants.STORK10_PREFIX);
+
+ public void setValue(String spInstitution);
+
+ public String getValue();
+
+}
diff --git a/id/server/stork-saml-engine/src/main/java/eu/stork/vidp/messages/stork/SpSector.java b/id/server/stork-saml-engine/src/main/java/eu/stork/vidp/messages/stork/SpSector.java
new file mode 100644
index 000000000..f29bf02c8
--- /dev/null
+++ b/id/server/stork-saml-engine/src/main/java/eu/stork/vidp/messages/stork/SpSector.java
@@ -0,0 +1,48 @@
+/*
+ * Copyright 2011 by Graz University of Technology, Austria
+ * The Austrian STORK Modules have been developed by the E-Government
+ * Innovation Center EGIZ, a joint initiative of the Federal Chancellery
+ * Austria and Graz University of Technology.
+ *
+ * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by
+ * the European Commission - subsequent versions of the EUPL (the "Licence");
+ * You may not use this work except in compliance with the Licence.
+ * You may obtain a copy of the Licence at:
+ * http://www.osor.eu/eupl/
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the Licence is distributed on an "AS IS" basis,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the Licence for the specific language governing permissions and
+ * limitations under the Licence.
+ *
+ * This product combines work with different licenses. See the "NOTICE" text
+ * file for details on the various modules and licenses.
+ * The "NOTICE" text file is part of the distribution. Any derivative works
+ * that you distribute must include a readable copy of the "NOTICE" text file.
+ */
+
+
+package eu.stork.vidp.messages.stork;
+
+import javax.xml.namespace.QName;
+
+import org.opensaml.xml.validation.ValidatingXMLObject;
+
+import eu.stork.vidp.messages.common.STORKConstants;
+
+public interface SpSector extends
+ ValidatingXMLObject {
+
+ /** Element local name. */
+ public static final String DEFAULT_ELEMENT_LOCAL_NAME = "spSector";
+
+ /** Default element name. */
+ public static final QName DEFAULT_ELEMENT_NAME = new QName(STORKConstants.STORK10_NS, DEFAULT_ELEMENT_LOCAL_NAME,
+ STORKConstants.STORK10_PREFIX);
+
+ public void setValue(String spSector);
+
+ public String getValue();
+
+}
diff --git a/id/server/stork-saml-engine/src/main/java/eu/stork/vidp/messages/stork/VIDPAuthenticationAttributes.java b/id/server/stork-saml-engine/src/main/java/eu/stork/vidp/messages/stork/VIDPAuthenticationAttributes.java
new file mode 100644
index 000000000..89c4bec61
--- /dev/null
+++ b/id/server/stork-saml-engine/src/main/java/eu/stork/vidp/messages/stork/VIDPAuthenticationAttributes.java
@@ -0,0 +1,60 @@
+/*
+ * Copyright 2011 by Graz University of Technology, Austria
+ * The Austrian STORK Modules have been developed by the E-Government
+ * Innovation Center EGIZ, a joint initiative of the Federal Chancellery
+ * Austria and Graz University of Technology.
+ *
+ * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by
+ * the European Commission - subsequent versions of the EUPL (the "Licence");
+ * You may not use this work except in compliance with the Licence.
+ * You may obtain a copy of the Licence at:
+ * http://www.osor.eu/eupl/
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the Licence is distributed on an "AS IS" basis,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the Licence for the specific language governing permissions and
+ * limitations under the Licence.
+ *
+ * This product combines work with different licenses. See the "NOTICE" text
+ * file for details on the various modules and licenses.
+ * The "NOTICE" text file is part of the distribution. Any derivative works
+ * that you distribute must include a readable copy of the "NOTICE" text file.
+ */
+
+
+package eu.stork.vidp.messages.stork;
+
+import javax.xml.namespace.QName;
+
+import org.opensaml.xml.validation.ValidatingXMLObject;
+
+import eu.stork.vidp.messages.common.STORKConstants;
+
+public interface VIDPAuthenticationAttributes extends
+ ValidatingXMLObject {
+
+ /** Element local name. */
+ public static final String DEFAULT_ELEMENT_LOCAL_NAME = "VIDPAuthenticationAttributes";
+
+ /** Default element name. */
+ public static final QName DEFAULT_ELEMENT_NAME = new QName(STORKConstants.STORKP10_NS, DEFAULT_ELEMENT_LOCAL_NAME,
+ STORKConstants.STORKP10_PREFIX);
+
+ /** Local name of the XSI type. */
+ public static final String TYPE_LOCAL_NAME = "VIDPAuthenticationAttributesType";
+
+ /** QName of the XSI type. */
+ public static final QName TYPE_NAME = new QName(STORKConstants.STORKP10_NS, TYPE_LOCAL_NAME,
+ STORKConstants.STORKP10_PREFIX);
+
+ public void setCitizenCountryCode(CitizenCountryCode citizenCountryCode);
+
+ public CitizenCountryCode getCitizenCountryCode();
+
+ public void setSPInformation(SPInformation spInformation);
+
+ public SPInformation getSPInformation();
+
+
+}
diff --git a/id/server/stork-saml-engine/src/main/java/eu/stork/vidp/messages/stork/impl/AuthenticationAttributesBuilder.java b/id/server/stork-saml-engine/src/main/java/eu/stork/vidp/messages/stork/impl/AuthenticationAttributesBuilder.java
new file mode 100644
index 000000000..7fb418f74
--- /dev/null
+++ b/id/server/stork-saml-engine/src/main/java/eu/stork/vidp/messages/stork/impl/AuthenticationAttributesBuilder.java
@@ -0,0 +1,46 @@
+/*
+ * Copyright 2011 by Graz University of Technology, Austria
+ * The Austrian STORK Modules have been developed by the E-Government
+ * Innovation Center EGIZ, a joint initiative of the Federal Chancellery
+ * Austria and Graz University of Technology.
+ *
+ * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by
+ * the European Commission - subsequent versions of the EUPL (the "Licence");
+ * You may not use this work except in compliance with the Licence.
+ * You may obtain a copy of the Licence at:
+ * http://www.osor.eu/eupl/
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the Licence is distributed on an "AS IS" basis,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the Licence for the specific language governing permissions and
+ * limitations under the Licence.
+ *
+ * This product combines work with different licenses. See the "NOTICE" text
+ * file for details on the various modules and licenses.
+ * The "NOTICE" text file is part of the distribution. Any derivative works
+ * that you distribute must include a readable copy of the "NOTICE" text file.
+ */
+
+
+package eu.stork.vidp.messages.stork.impl;
+
+import org.opensaml.xml.AbstractXMLObjectBuilder;
+
+import eu.stork.vidp.messages.common.STORKConstants;
+import eu.stork.vidp.messages.stork.AuthenticationAttributes;
+
+public class AuthenticationAttributesBuilder extends
+ AbstractXMLObjectBuilder<AuthenticationAttributes> {
+
+ @Override
+ public AuthenticationAttributes buildObject(String namespaceURI, String localName,
+ String namespacePrefix) {
+ return new AuthenticationAttributesImpl(namespaceURI, localName, namespacePrefix);
+ }
+
+ public AuthenticationAttributes buildObject() {
+ return buildObject(STORKConstants.STORK10_NS, AuthenticationAttributes.DEFAULT_ELEMENT_LOCAL_NAME, STORKConstants.STORK10_PREFIX);
+ }
+
+}
diff --git a/id/server/stork-saml-engine/src/main/java/eu/stork/vidp/messages/stork/impl/AuthenticationAttributesImpl.java b/id/server/stork-saml-engine/src/main/java/eu/stork/vidp/messages/stork/impl/AuthenticationAttributesImpl.java
new file mode 100644
index 000000000..68e751fdc
--- /dev/null
+++ b/id/server/stork-saml-engine/src/main/java/eu/stork/vidp/messages/stork/impl/AuthenticationAttributesImpl.java
@@ -0,0 +1,74 @@
+/*
+ * Copyright 2011 by Graz University of Technology, Austria
+ * The Austrian STORK Modules have been developed by the E-Government
+ * Innovation Center EGIZ, a joint initiative of the Federal Chancellery
+ * Austria and Graz University of Technology.
+ *
+ * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by
+ * the European Commission - subsequent versions of the EUPL (the "Licence");
+ * You may not use this work except in compliance with the Licence.
+ * You may obtain a copy of the Licence at:
+ * http://www.osor.eu/eupl/
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the Licence is distributed on an "AS IS" basis,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the Licence for the specific language governing permissions and
+ * limitations under the Licence.
+ *
+ * This product combines work with different licenses. See the "NOTICE" text
+ * file for details on the various modules and licenses.
+ * The "NOTICE" text file is part of the distribution. Any derivative works
+ * that you distribute must include a readable copy of the "NOTICE" text file.
+ */
+
+
+package eu.stork.vidp.messages.stork.impl;
+
+import java.util.ArrayList;
+import java.util.Collections;
+import java.util.List;
+
+import org.opensaml.xml.XMLObject;
+import org.opensaml.xml.validation.AbstractValidatingXMLObject;
+
+import eu.stork.vidp.messages.stork.AuthenticationAttributes;
+import eu.stork.vidp.messages.stork.VIDPAuthenticationAttributes;
+
+public class AuthenticationAttributesImpl extends
+ AbstractValidatingXMLObject implements
+ AuthenticationAttributes {
+
+ private VIDPAuthenticationAttributes authenticationAttributes;
+
+
+ protected AuthenticationAttributesImpl(String namespaceURI,
+ String elementLocalName, String namespacePrefix) {
+ super(namespaceURI, elementLocalName, namespacePrefix);
+ }
+
+ public VIDPAuthenticationAttributes getVIDPAuthenticationAttributes() {
+ return authenticationAttributes;
+ }
+
+ public void setVIDPAuthenticationAttributes(
+ VIDPAuthenticationAttributes authenticationAttributes) {
+ this.authenticationAttributes = authenticationAttributes;
+ }
+
+
+ public List<XMLObject> getOrderedChildren() {
+ ArrayList<XMLObject> children = new ArrayList<XMLObject>();
+
+ if (authenticationAttributes != null) {
+ children.add(authenticationAttributes);
+ }
+
+ if (children.size() == 0) {
+ return null;
+ }
+
+ return Collections.unmodifiableList(children);
+ }
+
+}
diff --git a/id/server/stork-saml-engine/src/main/java/eu/stork/vidp/messages/stork/impl/AuthenticationAttributesMarshaller.java b/id/server/stork-saml-engine/src/main/java/eu/stork/vidp/messages/stork/impl/AuthenticationAttributesMarshaller.java
new file mode 100644
index 000000000..05f1f9aec
--- /dev/null
+++ b/id/server/stork-saml-engine/src/main/java/eu/stork/vidp/messages/stork/impl/AuthenticationAttributesMarshaller.java
@@ -0,0 +1,35 @@
+/*
+ * Copyright 2011 by Graz University of Technology, Austria
+ * The Austrian STORK Modules have been developed by the E-Government
+ * Innovation Center EGIZ, a joint initiative of the Federal Chancellery
+ * Austria and Graz University of Technology.
+ *
+ * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by
+ * the European Commission - subsequent versions of the EUPL (the "Licence");
+ * You may not use this work except in compliance with the Licence.
+ * You may obtain a copy of the Licence at:
+ * http://www.osor.eu/eupl/
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the Licence is distributed on an "AS IS" basis,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the Licence for the specific language governing permissions and
+ * limitations under the Licence.
+ *
+ * This product combines work with different licenses. See the "NOTICE" text
+ * file for details on the various modules and licenses.
+ * The "NOTICE" text file is part of the distribution. Any derivative works
+ * that you distribute must include a readable copy of the "NOTICE" text file.
+ */
+
+
+package eu.stork.vidp.messages.stork.impl;
+
+import org.opensaml.xml.io.BaseXMLObjectMarshaller;
+
+public class AuthenticationAttributesMarshaller extends
+ BaseXMLObjectMarshaller {
+
+
+
+}
diff --git a/id/server/stork-saml-engine/src/main/java/eu/stork/vidp/messages/stork/impl/AuthenticationAttributesUnmarshaller.java b/id/server/stork-saml-engine/src/main/java/eu/stork/vidp/messages/stork/impl/AuthenticationAttributesUnmarshaller.java
new file mode 100644
index 000000000..564d62383
--- /dev/null
+++ b/id/server/stork-saml-engine/src/main/java/eu/stork/vidp/messages/stork/impl/AuthenticationAttributesUnmarshaller.java
@@ -0,0 +1,52 @@
+/*
+ * Copyright 2011 by Graz University of Technology, Austria
+ * The Austrian STORK Modules have been developed by the E-Government
+ * Innovation Center EGIZ, a joint initiative of the Federal Chancellery
+ * Austria and Graz University of Technology.
+ *
+ * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by
+ * the European Commission - subsequent versions of the EUPL (the "Licence");
+ * You may not use this work except in compliance with the Licence.
+ * You may obtain a copy of the Licence at:
+ * http://www.osor.eu/eupl/
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the Licence is distributed on an "AS IS" basis,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the Licence for the specific language governing permissions and
+ * limitations under the Licence.
+ *
+ * This product combines work with different licenses. See the "NOTICE" text
+ * file for details on the various modules and licenses.
+ * The "NOTICE" text file is part of the distribution. Any derivative works
+ * that you distribute must include a readable copy of the "NOTICE" text file.
+ */
+
+
+package eu.stork.vidp.messages.stork.impl;
+
+import org.opensaml.xml.XMLObject;
+import org.opensaml.xml.io.BaseXMLObjectUnmarshaller;
+import org.opensaml.xml.io.UnmarshallingException;
+
+import eu.stork.vidp.messages.stork.AuthenticationAttributes;
+import eu.stork.vidp.messages.stork.VIDPAuthenticationAttributes;
+
+public class AuthenticationAttributesUnmarshaller extends
+ BaseXMLObjectUnmarshaller {
+
+ @Override
+ protected void processChildElement(XMLObject parentXMLObject,
+ XMLObject childXMLObject) throws UnmarshallingException {
+ AuthenticationAttributes attributes = (AuthenticationAttributes) parentXMLObject;
+
+ if (childXMLObject instanceof VIDPAuthenticationAttributes) {
+ attributes.setVIDPAuthenticationAttributes((VIDPAuthenticationAttributes) childXMLObject);
+ } else {
+ super.processChildElement(parentXMLObject, childXMLObject);
+ }
+ }
+
+
+
+}
diff --git a/id/server/stork-saml-engine/src/main/java/eu/stork/vidp/messages/stork/impl/CitizenCountryCodeBuilder.java b/id/server/stork-saml-engine/src/main/java/eu/stork/vidp/messages/stork/impl/CitizenCountryCodeBuilder.java
new file mode 100644
index 000000000..de380d780
--- /dev/null
+++ b/id/server/stork-saml-engine/src/main/java/eu/stork/vidp/messages/stork/impl/CitizenCountryCodeBuilder.java
@@ -0,0 +1,46 @@
+/*
+ * Copyright 2011 by Graz University of Technology, Austria
+ * The Austrian STORK Modules have been developed by the E-Government
+ * Innovation Center EGIZ, a joint initiative of the Federal Chancellery
+ * Austria and Graz University of Technology.
+ *
+ * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by
+ * the European Commission - subsequent versions of the EUPL (the "Licence");
+ * You may not use this work except in compliance with the Licence.
+ * You may obtain a copy of the Licence at:
+ * http://www.osor.eu/eupl/
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the Licence is distributed on an "AS IS" basis,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the Licence for the specific language governing permissions and
+ * limitations under the Licence.
+ *
+ * This product combines work with different licenses. See the "NOTICE" text
+ * file for details on the various modules and licenses.
+ * The "NOTICE" text file is part of the distribution. Any derivative works
+ * that you distribute must include a readable copy of the "NOTICE" text file.
+ */
+
+
+package eu.stork.vidp.messages.stork.impl;
+
+import org.opensaml.xml.AbstractXMLObjectBuilder;
+
+import eu.stork.vidp.messages.common.STORKConstants;
+import eu.stork.vidp.messages.stork.CitizenCountryCode;
+
+public class CitizenCountryCodeBuilder extends
+ AbstractXMLObjectBuilder<CitizenCountryCode> {
+
+ @Override
+ public CitizenCountryCode buildObject(String namespaceURI, String localName,
+ String namespacePrefix) {
+ return new CitizenCountryCodeImpl(namespaceURI, localName, namespacePrefix);
+ }
+
+ public CitizenCountryCode buildObject() {
+ return buildObject(STORKConstants.STORK10_NS, CitizenCountryCode.DEFAULT_ELEMENT_LOCAL_NAME, STORKConstants.STORK10_PREFIX);
+ }
+
+}
diff --git a/id/server/stork-saml-engine/src/main/java/eu/stork/vidp/messages/stork/impl/CitizenCountryCodeImpl.java b/id/server/stork-saml-engine/src/main/java/eu/stork/vidp/messages/stork/impl/CitizenCountryCodeImpl.java
new file mode 100644
index 000000000..3de591116
--- /dev/null
+++ b/id/server/stork-saml-engine/src/main/java/eu/stork/vidp/messages/stork/impl/CitizenCountryCodeImpl.java
@@ -0,0 +1,60 @@
+/*
+ * Copyright 2011 by Graz University of Technology, Austria
+ * The Austrian STORK Modules have been developed by the E-Government
+ * Innovation Center EGIZ, a joint initiative of the Federal Chancellery
+ * Austria and Graz University of Technology.
+ *
+ * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by
+ * the European Commission - subsequent versions of the EUPL (the "Licence");
+ * You may not use this work except in compliance with the Licence.
+ * You may obtain a copy of the Licence at:
+ * http://www.osor.eu/eupl/
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the Licence is distributed on an "AS IS" basis,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the Licence for the specific language governing permissions and
+ * limitations under the Licence.
+ *
+ * This product combines work with different licenses. See the "NOTICE" text
+ * file for details on the various modules and licenses.
+ * The "NOTICE" text file is part of the distribution. Any derivative works
+ * that you distribute must include a readable copy of the "NOTICE" text file.
+ */
+
+
+package eu.stork.vidp.messages.stork.impl;
+
+import java.util.Collections;
+import java.util.List;
+
+import org.opensaml.xml.XMLObject;
+import org.opensaml.xml.validation.AbstractValidatingXMLObject;
+
+import eu.stork.vidp.messages.stork.CitizenCountryCode;
+
+public class CitizenCountryCodeImpl extends
+ AbstractValidatingXMLObject implements
+ CitizenCountryCode {
+
+ private String citizenCountryCode;
+
+ protected CitizenCountryCodeImpl(String namespaceURI,
+ String elementLocalName, String namespacePrefix) {
+ super(namespaceURI, elementLocalName, namespacePrefix);
+ }
+
+ public String getValue() {
+ return citizenCountryCode;
+ }
+
+ public void setValue(String citizenCountryCode) {
+ this.citizenCountryCode = citizenCountryCode;
+ }
+
+ public List<XMLObject> getOrderedChildren() {
+ return Collections.emptyList();
+ }
+
+
+}
diff --git a/id/server/stork-saml-engine/src/main/java/eu/stork/vidp/messages/stork/impl/CitizenCountryCodeMarshaller.java b/id/server/stork-saml-engine/src/main/java/eu/stork/vidp/messages/stork/impl/CitizenCountryCodeMarshaller.java
new file mode 100644
index 000000000..8d47d6117
--- /dev/null
+++ b/id/server/stork-saml-engine/src/main/java/eu/stork/vidp/messages/stork/impl/CitizenCountryCodeMarshaller.java
@@ -0,0 +1,45 @@
+/*
+ * Copyright 2011 by Graz University of Technology, Austria
+ * The Austrian STORK Modules have been developed by the E-Government
+ * Innovation Center EGIZ, a joint initiative of the Federal Chancellery
+ * Austria and Graz University of Technology.
+ *
+ * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by
+ * the European Commission - subsequent versions of the EUPL (the "Licence");
+ * You may not use this work except in compliance with the Licence.
+ * You may obtain a copy of the Licence at:
+ * http://www.osor.eu/eupl/
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the Licence is distributed on an "AS IS" basis,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the Licence for the specific language governing permissions and
+ * limitations under the Licence.
+ *
+ * This product combines work with different licenses. See the "NOTICE" text
+ * file for details on the various modules and licenses.
+ * The "NOTICE" text file is part of the distribution. Any derivative works
+ * that you distribute must include a readable copy of the "NOTICE" text file.
+ */
+
+
+package eu.stork.vidp.messages.stork.impl;
+
+import org.opensaml.xml.XMLObject;
+import org.opensaml.xml.io.BaseXMLObjectMarshaller;
+import org.opensaml.xml.io.MarshallingException;
+import org.opensaml.xml.util.XMLHelper;
+import org.w3c.dom.Element;
+
+import eu.stork.vidp.messages.stork.CitizenCountryCode;
+
+public class CitizenCountryCodeMarshaller extends
+ BaseXMLObjectMarshaller {
+
+ /** {@inheritDoc} */
+ protected void marshallElementContent(XMLObject xmlObject, Element domElement) throws MarshallingException {
+ CitizenCountryCode ccc = (CitizenCountryCode) xmlObject;
+ XMLHelper.appendTextContent(domElement, ccc.getValue());
+ }
+
+}
diff --git a/id/server/stork-saml-engine/src/main/java/eu/stork/vidp/messages/stork/impl/CitizenCountryCodeUnmarshaller.java b/id/server/stork-saml-engine/src/main/java/eu/stork/vidp/messages/stork/impl/CitizenCountryCodeUnmarshaller.java
new file mode 100644
index 000000000..69bd4cdb1
--- /dev/null
+++ b/id/server/stork-saml-engine/src/main/java/eu/stork/vidp/messages/stork/impl/CitizenCountryCodeUnmarshaller.java
@@ -0,0 +1,45 @@
+/*
+ * Copyright 2011 by Graz University of Technology, Austria
+ * The Austrian STORK Modules have been developed by the E-Government
+ * Innovation Center EGIZ, a joint initiative of the Federal Chancellery
+ * Austria and Graz University of Technology.
+ *
+ * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by
+ * the European Commission - subsequent versions of the EUPL (the "Licence");
+ * You may not use this work except in compliance with the Licence.
+ * You may obtain a copy of the Licence at:
+ * http://www.osor.eu/eupl/
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the Licence is distributed on an "AS IS" basis,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the Licence for the specific language governing permissions and
+ * limitations under the Licence.
+ *
+ * This product combines work with different licenses. See the "NOTICE" text
+ * file for details on the various modules and licenses.
+ * The "NOTICE" text file is part of the distribution. Any derivative works
+ * that you distribute must include a readable copy of the "NOTICE" text file.
+ */
+
+
+package eu.stork.vidp.messages.stork.impl;
+
+import org.opensaml.xml.XMLObject;
+import org.opensaml.xml.io.BaseXMLObjectUnmarshaller;
+
+import eu.stork.vidp.messages.stork.CitizenCountryCode;
+
+public class CitizenCountryCodeUnmarshaller extends
+ BaseXMLObjectUnmarshaller {
+
+ @Override
+ protected void processElementContent(XMLObject xmlObject,
+ String elementContent) {
+ CitizenCountryCode ccc = (CitizenCountryCode) xmlObject;
+ ccc.setValue(elementContent);
+ }
+
+
+
+}
diff --git a/id/server/stork-saml-engine/src/main/java/eu/stork/vidp/messages/stork/impl/EIDCrossBorderShareBuilder.java b/id/server/stork-saml-engine/src/main/java/eu/stork/vidp/messages/stork/impl/EIDCrossBorderShareBuilder.java
new file mode 100644
index 000000000..d2b1bba08
--- /dev/null
+++ b/id/server/stork-saml-engine/src/main/java/eu/stork/vidp/messages/stork/impl/EIDCrossBorderShareBuilder.java
@@ -0,0 +1,46 @@
+/*
+ * Copyright 2011 by Graz University of Technology, Austria
+ * The Austrian STORK Modules have been developed by the E-Government
+ * Innovation Center EGIZ, a joint initiative of the Federal Chancellery
+ * Austria and Graz University of Technology.
+ *
+ * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by
+ * the European Commission - subsequent versions of the EUPL (the "Licence");
+ * You may not use this work except in compliance with the Licence.
+ * You may obtain a copy of the Licence at:
+ * http://www.osor.eu/eupl/
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the Licence is distributed on an "AS IS" basis,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the Licence for the specific language governing permissions and
+ * limitations under the Licence.
+ *
+ * This product combines work with different licenses. See the "NOTICE" text
+ * file for details on the various modules and licenses.
+ * The "NOTICE" text file is part of the distribution. Any derivative works
+ * that you distribute must include a readable copy of the "NOTICE" text file.
+ */
+
+
+package eu.stork.vidp.messages.stork.impl;
+
+import org.opensaml.xml.AbstractXMLObjectBuilder;
+
+import eu.stork.vidp.messages.common.STORKConstants;
+import eu.stork.vidp.messages.stork.EIDCrossBorderShare;
+
+public class EIDCrossBorderShareBuilder extends
+ AbstractXMLObjectBuilder<EIDCrossBorderShare> {
+
+ @Override
+ public EIDCrossBorderShare buildObject(String namespaceURI, String localName,
+ String namespacePrefix) {
+ return new EIDCrossBorderShareImpl(namespaceURI, localName, namespacePrefix);
+ }
+
+ public EIDCrossBorderShare buildObject() {
+ return buildObject(STORKConstants.STORKP10_NS, EIDCrossBorderShare.DEFAULT_ELEMENT_LOCAL_NAME, STORKConstants.STORKP10_PREFIX);
+ }
+
+}
diff --git a/id/server/stork-saml-engine/src/main/java/eu/stork/vidp/messages/stork/impl/EIDCrossBorderShareImpl.java b/id/server/stork-saml-engine/src/main/java/eu/stork/vidp/messages/stork/impl/EIDCrossBorderShareImpl.java
new file mode 100644
index 000000000..e5182aff1
--- /dev/null
+++ b/id/server/stork-saml-engine/src/main/java/eu/stork/vidp/messages/stork/impl/EIDCrossBorderShareImpl.java
@@ -0,0 +1,80 @@
+/*
+ * Copyright 2011 by Graz University of Technology, Austria
+ * The Austrian STORK Modules have been developed by the E-Government
+ * Innovation Center EGIZ, a joint initiative of the Federal Chancellery
+ * Austria and Graz University of Technology.
+ *
+ * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by
+ * the European Commission - subsequent versions of the EUPL (the "Licence");
+ * You may not use this work except in compliance with the Licence.
+ * You may obtain a copy of the Licence at:
+ * http://www.osor.eu/eupl/
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the Licence is distributed on an "AS IS" basis,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the Licence for the specific language governing permissions and
+ * limitations under the Licence.
+ *
+ * This product combines work with different licenses. See the "NOTICE" text
+ * file for details on the various modules and licenses.
+ * The "NOTICE" text file is part of the distribution. Any derivative works
+ * that you distribute must include a readable copy of the "NOTICE" text file.
+ */
+
+
+/**
+ *
+ */
+package eu.stork.vidp.messages.stork.impl;
+
+import java.util.Collections;
+import java.util.List;
+
+import org.opensaml.xml.XMLObject;
+import org.opensaml.xml.validation.AbstractValidatingXMLObject;
+
+import eu.stork.vidp.messages.stork.EIDCrossBorderShare;
+
+/**
+ * @author bzwattendorfer
+ *
+ */
+public class EIDCrossBorderShareImpl extends AbstractValidatingXMLObject implements
+ EIDCrossBorderShare {
+
+ private boolean value;
+
+ /**
+ * @param namespaceURI
+ * @param elementLocalName
+ * @param namespacePrefix
+ */
+ public EIDCrossBorderShareImpl(String namespaceURI, String elementLocalName,
+ String namespacePrefix) {
+ super(namespaceURI, elementLocalName, namespacePrefix);
+ }
+
+ /* (non-Javadoc)
+ * @see eu.stork.mw.common.messages.stork.EIDSectorShare#getValue()
+ */
+ public boolean getValue() {
+ return this.value;
+ }
+
+ /* (non-Javadoc)
+ * @see eu.stork.mw.common.messages.stork.EIDSectorShare#setValue(boolean)
+ */
+ public void setValue(boolean value) {
+ this.value = value;
+
+ }
+
+ /* (non-Javadoc)
+ * @see org.opensaml.xml.XMLObject#getOrderedChildren()
+ */
+ public List<XMLObject> getOrderedChildren() {
+ return Collections.emptyList();
+ }
+
+}
diff --git a/id/server/stork-saml-engine/src/main/java/eu/stork/vidp/messages/stork/impl/EIDCrossBorderShareMarshaller.java b/id/server/stork-saml-engine/src/main/java/eu/stork/vidp/messages/stork/impl/EIDCrossBorderShareMarshaller.java
new file mode 100644
index 000000000..1b98e8a2b
--- /dev/null
+++ b/id/server/stork-saml-engine/src/main/java/eu/stork/vidp/messages/stork/impl/EIDCrossBorderShareMarshaller.java
@@ -0,0 +1,45 @@
+/*
+ * Copyright 2011 by Graz University of Technology, Austria
+ * The Austrian STORK Modules have been developed by the E-Government
+ * Innovation Center EGIZ, a joint initiative of the Federal Chancellery
+ * Austria and Graz University of Technology.
+ *
+ * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by
+ * the European Commission - subsequent versions of the EUPL (the "Licence");
+ * You may not use this work except in compliance with the Licence.
+ * You may obtain a copy of the Licence at:
+ * http://www.osor.eu/eupl/
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the Licence is distributed on an "AS IS" basis,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the Licence for the specific language governing permissions and
+ * limitations under the Licence.
+ *
+ * This product combines work with different licenses. See the "NOTICE" text
+ * file for details on the various modules and licenses.
+ * The "NOTICE" text file is part of the distribution. Any derivative works
+ * that you distribute must include a readable copy of the "NOTICE" text file.
+ */
+
+
+package eu.stork.vidp.messages.stork.impl;
+
+import org.opensaml.xml.XMLObject;
+import org.opensaml.xml.io.BaseXMLObjectMarshaller;
+import org.opensaml.xml.io.MarshallingException;
+import org.opensaml.xml.util.XMLHelper;
+import org.w3c.dom.Element;
+
+import eu.stork.vidp.messages.stork.EIDCrossBorderShare;
+
+public class EIDCrossBorderShareMarshaller extends
+ BaseXMLObjectMarshaller {
+
+ /** {@inheritDoc} */
+ protected void marshallElementContent(XMLObject samlObject, Element domElement) throws MarshallingException {
+ EIDCrossBorderShare cbs = (EIDCrossBorderShare) samlObject;
+ XMLHelper.appendTextContent(domElement, String.valueOf(cbs.getValue()));
+ }
+
+}
diff --git a/id/server/stork-saml-engine/src/main/java/eu/stork/vidp/messages/stork/impl/EIDCrossBorderShareUnmarshaller.java b/id/server/stork-saml-engine/src/main/java/eu/stork/vidp/messages/stork/impl/EIDCrossBorderShareUnmarshaller.java
new file mode 100644
index 000000000..bb7b9d762
--- /dev/null
+++ b/id/server/stork-saml-engine/src/main/java/eu/stork/vidp/messages/stork/impl/EIDCrossBorderShareUnmarshaller.java
@@ -0,0 +1,45 @@
+/*
+ * Copyright 2011 by Graz University of Technology, Austria
+ * The Austrian STORK Modules have been developed by the E-Government
+ * Innovation Center EGIZ, a joint initiative of the Federal Chancellery
+ * Austria and Graz University of Technology.
+ *
+ * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by
+ * the European Commission - subsequent versions of the EUPL (the "Licence");
+ * You may not use this work except in compliance with the Licence.
+ * You may obtain a copy of the Licence at:
+ * http://www.osor.eu/eupl/
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the Licence is distributed on an "AS IS" basis,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the Licence for the specific language governing permissions and
+ * limitations under the Licence.
+ *
+ * This product combines work with different licenses. See the "NOTICE" text
+ * file for details on the various modules and licenses.
+ * The "NOTICE" text file is part of the distribution. Any derivative works
+ * that you distribute must include a readable copy of the "NOTICE" text file.
+ */
+
+
+package eu.stork.vidp.messages.stork.impl;
+
+import org.opensaml.xml.XMLObject;
+import org.opensaml.xml.io.BaseXMLObjectUnmarshaller;
+
+import eu.stork.vidp.messages.stork.EIDCrossBorderShare;
+
+public class EIDCrossBorderShareUnmarshaller extends
+ BaseXMLObjectUnmarshaller {
+
+ @Override
+ protected void processElementContent(XMLObject xmlObject,
+ String elementContent) {
+ EIDCrossBorderShare cbs = (EIDCrossBorderShare) xmlObject;
+ cbs.setValue(Boolean.parseBoolean(elementContent));
+ }
+
+
+
+}
diff --git a/id/server/stork-saml-engine/src/main/java/eu/stork/vidp/messages/stork/impl/EIDCrossSectorShareBuilder.java b/id/server/stork-saml-engine/src/main/java/eu/stork/vidp/messages/stork/impl/EIDCrossSectorShareBuilder.java
new file mode 100644
index 000000000..c02b11a7f
--- /dev/null
+++ b/id/server/stork-saml-engine/src/main/java/eu/stork/vidp/messages/stork/impl/EIDCrossSectorShareBuilder.java
@@ -0,0 +1,46 @@
+/*
+ * Copyright 2011 by Graz University of Technology, Austria
+ * The Austrian STORK Modules have been developed by the E-Government
+ * Innovation Center EGIZ, a joint initiative of the Federal Chancellery
+ * Austria and Graz University of Technology.
+ *
+ * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by
+ * the European Commission - subsequent versions of the EUPL (the "Licence");
+ * You may not use this work except in compliance with the Licence.
+ * You may obtain a copy of the Licence at:
+ * http://www.osor.eu/eupl/
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the Licence is distributed on an "AS IS" basis,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the Licence for the specific language governing permissions and
+ * limitations under the Licence.
+ *
+ * This product combines work with different licenses. See the "NOTICE" text
+ * file for details on the various modules and licenses.
+ * The "NOTICE" text file is part of the distribution. Any derivative works
+ * that you distribute must include a readable copy of the "NOTICE" text file.
+ */
+
+
+package eu.stork.vidp.messages.stork.impl;
+
+import org.opensaml.xml.AbstractXMLObjectBuilder;
+
+import eu.stork.vidp.messages.common.STORKConstants;
+import eu.stork.vidp.messages.stork.EIDCrossSectorShare;
+
+public class EIDCrossSectorShareBuilder extends
+ AbstractXMLObjectBuilder<EIDCrossSectorShare> {
+
+ @Override
+ public EIDCrossSectorShare buildObject(String namespaceURI, String localName,
+ String namespacePrefix) {
+ return new EIDCrossSectorShareImpl(namespaceURI, localName, namespacePrefix);
+ }
+
+ public EIDCrossSectorShare buildObject() {
+ return buildObject(STORKConstants.STORKP10_NS, EIDCrossSectorShare.DEFAULT_ELEMENT_LOCAL_NAME, STORKConstants.STORKP10_PREFIX);
+ }
+
+}
diff --git a/id/server/stork-saml-engine/src/main/java/eu/stork/vidp/messages/stork/impl/EIDCrossSectorShareImpl.java b/id/server/stork-saml-engine/src/main/java/eu/stork/vidp/messages/stork/impl/EIDCrossSectorShareImpl.java
new file mode 100644
index 000000000..b58ee4c4b
--- /dev/null
+++ b/id/server/stork-saml-engine/src/main/java/eu/stork/vidp/messages/stork/impl/EIDCrossSectorShareImpl.java
@@ -0,0 +1,80 @@
+/*
+ * Copyright 2011 by Graz University of Technology, Austria
+ * The Austrian STORK Modules have been developed by the E-Government
+ * Innovation Center EGIZ, a joint initiative of the Federal Chancellery
+ * Austria and Graz University of Technology.
+ *
+ * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by
+ * the European Commission - subsequent versions of the EUPL (the "Licence");
+ * You may not use this work except in compliance with the Licence.
+ * You may obtain a copy of the Licence at:
+ * http://www.osor.eu/eupl/
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the Licence is distributed on an "AS IS" basis,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the Licence for the specific language governing permissions and
+ * limitations under the Licence.
+ *
+ * This product combines work with different licenses. See the "NOTICE" text
+ * file for details on the various modules and licenses.
+ * The "NOTICE" text file is part of the distribution. Any derivative works
+ * that you distribute must include a readable copy of the "NOTICE" text file.
+ */
+
+
+/**
+ *
+ */
+package eu.stork.vidp.messages.stork.impl;
+
+import java.util.Collections;
+import java.util.List;
+
+import org.opensaml.xml.XMLObject;
+import org.opensaml.xml.validation.AbstractValidatingXMLObject;
+
+import eu.stork.vidp.messages.stork.EIDCrossSectorShare;
+
+/**
+ * @author bzwattendorfer
+ *
+ */
+public class EIDCrossSectorShareImpl extends AbstractValidatingXMLObject implements
+ EIDCrossSectorShare {
+
+ private boolean value;
+
+ /**
+ * @param namespaceURI
+ * @param elementLocalName
+ * @param namespacePrefix
+ */
+ public EIDCrossSectorShareImpl(String namespaceURI, String elementLocalName,
+ String namespacePrefix) {
+ super(namespaceURI, elementLocalName, namespacePrefix);
+ }
+
+ /* (non-Javadoc)
+ * @see eu.stork.mw.common.messages.stork.EIDSectorShare#getValue()
+ */
+ public boolean getValue() {
+ return this.value;
+ }
+
+ /* (non-Javadoc)
+ * @see eu.stork.mw.common.messages.stork.EIDSectorShare#setValue(boolean)
+ */
+ public void setValue(boolean value) {
+ this.value = value;
+
+ }
+
+ /* (non-Javadoc)
+ * @see org.opensaml.xml.XMLObject#getOrderedChildren()
+ */
+ public List<XMLObject> getOrderedChildren() {
+ return Collections.emptyList();
+ }
+
+}
diff --git a/id/server/stork-saml-engine/src/main/java/eu/stork/vidp/messages/stork/impl/EIDCrossSectorShareMarshaller.java b/id/server/stork-saml-engine/src/main/java/eu/stork/vidp/messages/stork/impl/EIDCrossSectorShareMarshaller.java
new file mode 100644
index 000000000..bcffdad4a
--- /dev/null
+++ b/id/server/stork-saml-engine/src/main/java/eu/stork/vidp/messages/stork/impl/EIDCrossSectorShareMarshaller.java
@@ -0,0 +1,45 @@
+/*
+ * Copyright 2011 by Graz University of Technology, Austria
+ * The Austrian STORK Modules have been developed by the E-Government
+ * Innovation Center EGIZ, a joint initiative of the Federal Chancellery
+ * Austria and Graz University of Technology.
+ *
+ * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by
+ * the European Commission - subsequent versions of the EUPL (the "Licence");
+ * You may not use this work except in compliance with the Licence.
+ * You may obtain a copy of the Licence at:
+ * http://www.osor.eu/eupl/
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the Licence is distributed on an "AS IS" basis,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the Licence for the specific language governing permissions and
+ * limitations under the Licence.
+ *
+ * This product combines work with different licenses. See the "NOTICE" text
+ * file for details on the various modules and licenses.
+ * The "NOTICE" text file is part of the distribution. Any derivative works
+ * that you distribute must include a readable copy of the "NOTICE" text file.
+ */
+
+
+package eu.stork.vidp.messages.stork.impl;
+
+import org.opensaml.xml.XMLObject;
+import org.opensaml.xml.io.BaseXMLObjectMarshaller;
+import org.opensaml.xml.io.MarshallingException;
+import org.opensaml.xml.util.XMLHelper;
+import org.w3c.dom.Element;
+
+import eu.stork.vidp.messages.stork.EIDCrossSectorShare;
+
+public class EIDCrossSectorShareMarshaller extends
+ BaseXMLObjectMarshaller {
+
+ /** {@inheritDoc} */
+ protected void marshallElementContent(XMLObject samlObject, Element domElement) throws MarshallingException {
+ EIDCrossSectorShare css = (EIDCrossSectorShare) samlObject;
+ XMLHelper.appendTextContent(domElement, String.valueOf(css.getValue()));
+ }
+
+}
diff --git a/id/server/stork-saml-engine/src/main/java/eu/stork/vidp/messages/stork/impl/EIDCrossSectorShareUnmarshaller.java b/id/server/stork-saml-engine/src/main/java/eu/stork/vidp/messages/stork/impl/EIDCrossSectorShareUnmarshaller.java
new file mode 100644
index 000000000..a249c4628
--- /dev/null
+++ b/id/server/stork-saml-engine/src/main/java/eu/stork/vidp/messages/stork/impl/EIDCrossSectorShareUnmarshaller.java
@@ -0,0 +1,45 @@
+/*
+ * Copyright 2011 by Graz University of Technology, Austria
+ * The Austrian STORK Modules have been developed by the E-Government
+ * Innovation Center EGIZ, a joint initiative of the Federal Chancellery
+ * Austria and Graz University of Technology.
+ *
+ * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by
+ * the European Commission - subsequent versions of the EUPL (the "Licence");
+ * You may not use this work except in compliance with the Licence.
+ * You may obtain a copy of the Licence at:
+ * http://www.osor.eu/eupl/
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the Licence is distributed on an "AS IS" basis,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the Licence for the specific language governing permissions and
+ * limitations under the Licence.
+ *
+ * This product combines work with different licenses. See the "NOTICE" text
+ * file for details on the various modules and licenses.
+ * The "NOTICE" text file is part of the distribution. Any derivative works
+ * that you distribute must include a readable copy of the "NOTICE" text file.
+ */
+
+
+package eu.stork.vidp.messages.stork.impl;
+
+import org.opensaml.xml.XMLObject;
+import org.opensaml.xml.io.BaseXMLObjectUnmarshaller;
+
+import eu.stork.vidp.messages.stork.EIDCrossSectorShare;
+
+public class EIDCrossSectorShareUnmarshaller extends
+ BaseXMLObjectUnmarshaller {
+
+ @Override
+ protected void processElementContent(XMLObject xmlObject,
+ String elementContent) {
+ EIDCrossSectorShare css = (EIDCrossSectorShare) xmlObject;
+ css.setValue(Boolean.parseBoolean(elementContent));
+ }
+
+
+
+}
diff --git a/id/server/stork-saml-engine/src/main/java/eu/stork/vidp/messages/stork/impl/EIDSectorShareBuilder.java b/id/server/stork-saml-engine/src/main/java/eu/stork/vidp/messages/stork/impl/EIDSectorShareBuilder.java
new file mode 100644
index 000000000..79e0d1122
--- /dev/null
+++ b/id/server/stork-saml-engine/src/main/java/eu/stork/vidp/messages/stork/impl/EIDSectorShareBuilder.java
@@ -0,0 +1,46 @@
+/*
+ * Copyright 2011 by Graz University of Technology, Austria
+ * The Austrian STORK Modules have been developed by the E-Government
+ * Innovation Center EGIZ, a joint initiative of the Federal Chancellery
+ * Austria and Graz University of Technology.
+ *
+ * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by
+ * the European Commission - subsequent versions of the EUPL (the "Licence");
+ * You may not use this work except in compliance with the Licence.
+ * You may obtain a copy of the Licence at:
+ * http://www.osor.eu/eupl/
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the Licence is distributed on an "AS IS" basis,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the Licence for the specific language governing permissions and
+ * limitations under the Licence.
+ *
+ * This product combines work with different licenses. See the "NOTICE" text
+ * file for details on the various modules and licenses.
+ * The "NOTICE" text file is part of the distribution. Any derivative works
+ * that you distribute must include a readable copy of the "NOTICE" text file.
+ */
+
+
+package eu.stork.vidp.messages.stork.impl;
+
+import org.opensaml.xml.AbstractXMLObjectBuilder;
+
+import eu.stork.vidp.messages.common.STORKConstants;
+import eu.stork.vidp.messages.stork.EIDSectorShare;
+
+public class EIDSectorShareBuilder extends
+ AbstractXMLObjectBuilder<EIDSectorShare> {
+
+ @Override
+ public EIDSectorShare buildObject(String namespaceURI, String localName,
+ String namespacePrefix) {
+ return new EIDSectorShareImpl(namespaceURI, localName, namespacePrefix);
+ }
+
+ public EIDSectorShare buildObject() {
+ return buildObject(STORKConstants.STORKP10_NS, EIDSectorShare.DEFAULT_ELEMENT_LOCAL_NAME, STORKConstants.STORKP10_PREFIX);
+ }
+
+}
diff --git a/id/server/stork-saml-engine/src/main/java/eu/stork/vidp/messages/stork/impl/EIDSectorShareImpl.java b/id/server/stork-saml-engine/src/main/java/eu/stork/vidp/messages/stork/impl/EIDSectorShareImpl.java
new file mode 100644
index 000000000..ae65ad36c
--- /dev/null
+++ b/id/server/stork-saml-engine/src/main/java/eu/stork/vidp/messages/stork/impl/EIDSectorShareImpl.java
@@ -0,0 +1,80 @@
+/*
+ * Copyright 2011 by Graz University of Technology, Austria
+ * The Austrian STORK Modules have been developed by the E-Government
+ * Innovation Center EGIZ, a joint initiative of the Federal Chancellery
+ * Austria and Graz University of Technology.
+ *
+ * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by
+ * the European Commission - subsequent versions of the EUPL (the "Licence");
+ * You may not use this work except in compliance with the Licence.
+ * You may obtain a copy of the Licence at:
+ * http://www.osor.eu/eupl/
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the Licence is distributed on an "AS IS" basis,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the Licence for the specific language governing permissions and
+ * limitations under the Licence.
+ *
+ * This product combines work with different licenses. See the "NOTICE" text
+ * file for details on the various modules and licenses.
+ * The "NOTICE" text file is part of the distribution. Any derivative works
+ * that you distribute must include a readable copy of the "NOTICE" text file.
+ */
+
+
+/**
+ *
+ */
+package eu.stork.vidp.messages.stork.impl;
+
+import java.util.Collections;
+import java.util.List;
+
+import org.opensaml.xml.XMLObject;
+import org.opensaml.xml.validation.AbstractValidatingXMLObject;
+
+import eu.stork.vidp.messages.stork.EIDSectorShare;
+
+/**
+ * @author bzwattendorfer
+ *
+ */
+public class EIDSectorShareImpl extends AbstractValidatingXMLObject implements
+ EIDSectorShare {
+
+ private boolean value;
+
+ /**
+ * @param namespaceURI
+ * @param elementLocalName
+ * @param namespacePrefix
+ */
+ public EIDSectorShareImpl(String namespaceURI, String elementLocalName,
+ String namespacePrefix) {
+ super(namespaceURI, elementLocalName, namespacePrefix);
+ }
+
+ /* (non-Javadoc)
+ * @see eu.stork.mw.common.messages.stork.EIDSectorShare#getValue()
+ */
+ public boolean getValue() {
+ return this.value;
+ }
+
+ /* (non-Javadoc)
+ * @see eu.stork.mw.common.messages.stork.EIDSectorShare#setValue(boolean)
+ */
+ public void setValue(boolean value) {
+ this.value = value;
+
+ }
+
+ /* (non-Javadoc)
+ * @see org.opensaml.xml.XMLObject#getOrderedChildren()
+ */
+ public List<XMLObject> getOrderedChildren() {
+ return Collections.emptyList();
+ }
+
+}
diff --git a/id/server/stork-saml-engine/src/main/java/eu/stork/vidp/messages/stork/impl/EIDSectorShareMarshaller.java b/id/server/stork-saml-engine/src/main/java/eu/stork/vidp/messages/stork/impl/EIDSectorShareMarshaller.java
new file mode 100644
index 000000000..ed18cfbd4
--- /dev/null
+++ b/id/server/stork-saml-engine/src/main/java/eu/stork/vidp/messages/stork/impl/EIDSectorShareMarshaller.java
@@ -0,0 +1,45 @@
+/*
+ * Copyright 2011 by Graz University of Technology, Austria
+ * The Austrian STORK Modules have been developed by the E-Government
+ * Innovation Center EGIZ, a joint initiative of the Federal Chancellery
+ * Austria and Graz University of Technology.
+ *
+ * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by
+ * the European Commission - subsequent versions of the EUPL (the "Licence");
+ * You may not use this work except in compliance with the Licence.
+ * You may obtain a copy of the Licence at:
+ * http://www.osor.eu/eupl/
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the Licence is distributed on an "AS IS" basis,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the Licence for the specific language governing permissions and
+ * limitations under the Licence.
+ *
+ * This product combines work with different licenses. See the "NOTICE" text
+ * file for details on the various modules and licenses.
+ * The "NOTICE" text file is part of the distribution. Any derivative works
+ * that you distribute must include a readable copy of the "NOTICE" text file.
+ */
+
+
+package eu.stork.vidp.messages.stork.impl;
+
+import org.opensaml.xml.XMLObject;
+import org.opensaml.xml.io.BaseXMLObjectMarshaller;
+import org.opensaml.xml.io.MarshallingException;
+import org.opensaml.xml.util.XMLHelper;
+import org.w3c.dom.Element;
+
+import eu.stork.vidp.messages.stork.EIDSectorShare;
+
+public class EIDSectorShareMarshaller extends
+ BaseXMLObjectMarshaller {
+
+ /** {@inheritDoc} */
+ protected void marshallElementContent(XMLObject samlObject, Element domElement) throws MarshallingException {
+ EIDSectorShare ss = (EIDSectorShare) samlObject;
+ XMLHelper.appendTextContent(domElement, String.valueOf(ss.getValue()));
+ }
+
+}
diff --git a/id/server/stork-saml-engine/src/main/java/eu/stork/vidp/messages/stork/impl/EIDSectorShareUnmarshaller.java b/id/server/stork-saml-engine/src/main/java/eu/stork/vidp/messages/stork/impl/EIDSectorShareUnmarshaller.java
new file mode 100644
index 000000000..6631e1ac2
--- /dev/null
+++ b/id/server/stork-saml-engine/src/main/java/eu/stork/vidp/messages/stork/impl/EIDSectorShareUnmarshaller.java
@@ -0,0 +1,45 @@
+/*
+ * Copyright 2011 by Graz University of Technology, Austria
+ * The Austrian STORK Modules have been developed by the E-Government
+ * Innovation Center EGIZ, a joint initiative of the Federal Chancellery
+ * Austria and Graz University of Technology.
+ *
+ * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by
+ * the European Commission - subsequent versions of the EUPL (the "Licence");
+ * You may not use this work except in compliance with the Licence.
+ * You may obtain a copy of the Licence at:
+ * http://www.osor.eu/eupl/
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the Licence is distributed on an "AS IS" basis,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the Licence for the specific language governing permissions and
+ * limitations under the Licence.
+ *
+ * This product combines work with different licenses. See the "NOTICE" text
+ * file for details on the various modules and licenses.
+ * The "NOTICE" text file is part of the distribution. Any derivative works
+ * that you distribute must include a readable copy of the "NOTICE" text file.
+ */
+
+
+package eu.stork.vidp.messages.stork.impl;
+
+import org.opensaml.xml.XMLObject;
+import org.opensaml.xml.io.BaseXMLObjectUnmarshaller;
+
+import eu.stork.vidp.messages.stork.EIDSectorShare;
+
+public class EIDSectorShareUnmarshaller extends
+ BaseXMLObjectUnmarshaller {
+
+ @Override
+ protected void processElementContent(XMLObject xmlObject,
+ String elementContent) {
+ EIDSectorShare ss = (EIDSectorShare) xmlObject;
+ ss.setValue(Boolean.parseBoolean(elementContent));
+ }
+
+
+
+}
diff --git a/id/server/stork-saml-engine/src/main/java/eu/stork/vidp/messages/stork/impl/QualityAuthenticationAssuranceLevelBuilder.java b/id/server/stork-saml-engine/src/main/java/eu/stork/vidp/messages/stork/impl/QualityAuthenticationAssuranceLevelBuilder.java
new file mode 100644
index 000000000..d536372e8
--- /dev/null
+++ b/id/server/stork-saml-engine/src/main/java/eu/stork/vidp/messages/stork/impl/QualityAuthenticationAssuranceLevelBuilder.java
@@ -0,0 +1,46 @@
+/*
+ * Copyright 2011 by Graz University of Technology, Austria
+ * The Austrian STORK Modules have been developed by the E-Government
+ * Innovation Center EGIZ, a joint initiative of the Federal Chancellery
+ * Austria and Graz University of Technology.
+ *
+ * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by
+ * the European Commission - subsequent versions of the EUPL (the "Licence");
+ * You may not use this work except in compliance with the Licence.
+ * You may obtain a copy of the Licence at:
+ * http://www.osor.eu/eupl/
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the Licence is distributed on an "AS IS" basis,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the Licence for the specific language governing permissions and
+ * limitations under the Licence.
+ *
+ * This product combines work with different licenses. See the "NOTICE" text
+ * file for details on the various modules and licenses.
+ * The "NOTICE" text file is part of the distribution. Any derivative works
+ * that you distribute must include a readable copy of the "NOTICE" text file.
+ */
+
+
+package eu.stork.vidp.messages.stork.impl;
+
+import org.opensaml.xml.AbstractXMLObjectBuilder;
+
+import eu.stork.vidp.messages.common.STORKConstants;
+import eu.stork.vidp.messages.stork.QualityAuthenticationAssuranceLevel;
+
+public class QualityAuthenticationAssuranceLevelBuilder extends
+ AbstractXMLObjectBuilder<QualityAuthenticationAssuranceLevel> {
+
+ @Override
+ public QualityAuthenticationAssuranceLevel buildObject(String namespaceURI, String localName,
+ String namespacePrefix) {
+ return new QualityAuthenticationAssuranceLevelImpl(namespaceURI, localName, namespacePrefix);
+ }
+
+ public QualityAuthenticationAssuranceLevel buildObject() {
+ return buildObject(STORKConstants.STORKP10_NS, QualityAuthenticationAssuranceLevel.DEFAULT_ELEMENT_LOCAL_NAME, STORKConstants.STORKP10_PREFIX);
+ }
+
+}
diff --git a/id/server/stork-saml-engine/src/main/java/eu/stork/vidp/messages/stork/impl/QualityAuthenticationAssuranceLevelImpl.java b/id/server/stork-saml-engine/src/main/java/eu/stork/vidp/messages/stork/impl/QualityAuthenticationAssuranceLevelImpl.java
new file mode 100644
index 000000000..69548c149
--- /dev/null
+++ b/id/server/stork-saml-engine/src/main/java/eu/stork/vidp/messages/stork/impl/QualityAuthenticationAssuranceLevelImpl.java
@@ -0,0 +1,60 @@
+/*
+ * Copyright 2011 by Graz University of Technology, Austria
+ * The Austrian STORK Modules have been developed by the E-Government
+ * Innovation Center EGIZ, a joint initiative of the Federal Chancellery
+ * Austria and Graz University of Technology.
+ *
+ * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by
+ * the European Commission - subsequent versions of the EUPL (the "Licence");
+ * You may not use this work except in compliance with the Licence.
+ * You may obtain a copy of the Licence at:
+ * http://www.osor.eu/eupl/
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the Licence is distributed on an "AS IS" basis,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the Licence for the specific language governing permissions and
+ * limitations under the Licence.
+ *
+ * This product combines work with different licenses. See the "NOTICE" text
+ * file for details on the various modules and licenses.
+ * The "NOTICE" text file is part of the distribution. Any derivative works
+ * that you distribute must include a readable copy of the "NOTICE" text file.
+ */
+
+
+package eu.stork.vidp.messages.stork.impl;
+
+import java.util.Collections;
+import java.util.List;
+
+import org.opensaml.xml.XMLObject;
+import org.opensaml.xml.validation.AbstractValidatingXMLObject;
+
+import eu.stork.vidp.messages.stork.QualityAuthenticationAssuranceLevel;
+
+public class QualityAuthenticationAssuranceLevelImpl extends
+ AbstractValidatingXMLObject implements
+ QualityAuthenticationAssuranceLevel {
+
+ private int qaaLevel;
+
+ protected QualityAuthenticationAssuranceLevelImpl(String namespaceURI,
+ String elementLocalName, String namespacePrefix) {
+ super(namespaceURI, elementLocalName, namespacePrefix);
+ }
+
+ public int getValue() {
+ return this.qaaLevel;
+ }
+
+ public void setValue(int level) {
+ this.qaaLevel = level;
+
+ }
+
+ public List<XMLObject> getOrderedChildren() {
+ return Collections.emptyList();
+ }
+
+}
diff --git a/id/server/stork-saml-engine/src/main/java/eu/stork/vidp/messages/stork/impl/QualityAuthenticationAssuranceLevelMarshaller.java b/id/server/stork-saml-engine/src/main/java/eu/stork/vidp/messages/stork/impl/QualityAuthenticationAssuranceLevelMarshaller.java
new file mode 100644
index 000000000..7f0d28895
--- /dev/null
+++ b/id/server/stork-saml-engine/src/main/java/eu/stork/vidp/messages/stork/impl/QualityAuthenticationAssuranceLevelMarshaller.java
@@ -0,0 +1,45 @@
+/*
+ * Copyright 2011 by Graz University of Technology, Austria
+ * The Austrian STORK Modules have been developed by the E-Government
+ * Innovation Center EGIZ, a joint initiative of the Federal Chancellery
+ * Austria and Graz University of Technology.
+ *
+ * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by
+ * the European Commission - subsequent versions of the EUPL (the "Licence");
+ * You may not use this work except in compliance with the Licence.
+ * You may obtain a copy of the Licence at:
+ * http://www.osor.eu/eupl/
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the Licence is distributed on an "AS IS" basis,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the Licence for the specific language governing permissions and
+ * limitations under the Licence.
+ *
+ * This product combines work with different licenses. See the "NOTICE" text
+ * file for details on the various modules and licenses.
+ * The "NOTICE" text file is part of the distribution. Any derivative works
+ * that you distribute must include a readable copy of the "NOTICE" text file.
+ */
+
+
+package eu.stork.vidp.messages.stork.impl;
+
+import org.opensaml.xml.XMLObject;
+import org.opensaml.xml.io.BaseXMLObjectMarshaller;
+import org.opensaml.xml.io.MarshallingException;
+import org.opensaml.xml.util.XMLHelper;
+import org.w3c.dom.Element;
+
+import eu.stork.vidp.messages.stork.QualityAuthenticationAssuranceLevel;
+
+public class QualityAuthenticationAssuranceLevelMarshaller extends
+ BaseXMLObjectMarshaller {
+
+ /** {@inheritDoc} */
+ protected void marshallElementContent(XMLObject samlObject, Element domElement) throws MarshallingException {
+ QualityAuthenticationAssuranceLevel qaa = (QualityAuthenticationAssuranceLevel) samlObject;
+ XMLHelper.appendTextContent(domElement, String.valueOf(qaa.getValue()));
+ }
+
+}
diff --git a/id/server/stork-saml-engine/src/main/java/eu/stork/vidp/messages/stork/impl/QualityAuthenticationAssuranceLevelUnmarshaller.java b/id/server/stork-saml-engine/src/main/java/eu/stork/vidp/messages/stork/impl/QualityAuthenticationAssuranceLevelUnmarshaller.java
new file mode 100644
index 000000000..f024261f8
--- /dev/null
+++ b/id/server/stork-saml-engine/src/main/java/eu/stork/vidp/messages/stork/impl/QualityAuthenticationAssuranceLevelUnmarshaller.java
@@ -0,0 +1,45 @@
+/*
+ * Copyright 2011 by Graz University of Technology, Austria
+ * The Austrian STORK Modules have been developed by the E-Government
+ * Innovation Center EGIZ, a joint initiative of the Federal Chancellery
+ * Austria and Graz University of Technology.
+ *
+ * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by
+ * the European Commission - subsequent versions of the EUPL (the "Licence");
+ * You may not use this work except in compliance with the Licence.
+ * You may obtain a copy of the Licence at:
+ * http://www.osor.eu/eupl/
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the Licence is distributed on an "AS IS" basis,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the Licence for the specific language governing permissions and
+ * limitations under the Licence.
+ *
+ * This product combines work with different licenses. See the "NOTICE" text
+ * file for details on the various modules and licenses.
+ * The "NOTICE" text file is part of the distribution. Any derivative works
+ * that you distribute must include a readable copy of the "NOTICE" text file.
+ */
+
+
+package eu.stork.vidp.messages.stork.impl;
+
+import org.opensaml.xml.XMLObject;
+import org.opensaml.xml.io.BaseXMLObjectUnmarshaller;
+
+import eu.stork.vidp.messages.stork.QualityAuthenticationAssuranceLevel;
+
+public class QualityAuthenticationAssuranceLevelUnmarshaller extends
+ BaseXMLObjectUnmarshaller {
+
+ @Override
+ protected void processElementContent(XMLObject xmlObject,
+ String elementContent) {
+ QualityAuthenticationAssuranceLevel qaa = (QualityAuthenticationAssuranceLevel) xmlObject;
+ qaa.setValue(Integer.parseInt(elementContent));
+ }
+
+
+
+}
diff --git a/id/server/stork-saml-engine/src/main/java/eu/stork/vidp/messages/stork/impl/RequestedAttributesBuilder.java b/id/server/stork-saml-engine/src/main/java/eu/stork/vidp/messages/stork/impl/RequestedAttributesBuilder.java
new file mode 100644
index 000000000..d1e80abbb
--- /dev/null
+++ b/id/server/stork-saml-engine/src/main/java/eu/stork/vidp/messages/stork/impl/RequestedAttributesBuilder.java
@@ -0,0 +1,58 @@
+/*
+ * Copyright 2011 by Graz University of Technology, Austria
+ * The Austrian STORK Modules have been developed by the E-Government
+ * Innovation Center EGIZ, a joint initiative of the Federal Chancellery
+ * Austria and Graz University of Technology.
+ *
+ * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by
+ * the European Commission - subsequent versions of the EUPL (the "Licence");
+ * You may not use this work except in compliance with the Licence.
+ * You may obtain a copy of the Licence at:
+ * http://www.osor.eu/eupl/
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the Licence is distributed on an "AS IS" basis,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the Licence for the specific language governing permissions and
+ * limitations under the Licence.
+ *
+ * This product combines work with different licenses. See the "NOTICE" text
+ * file for details on the various modules and licenses.
+ * The "NOTICE" text file is part of the distribution. Any derivative works
+ * that you distribute must include a readable copy of the "NOTICE" text file.
+ */
+
+
+
+/**
+ *
+ */
+
+package eu.stork.vidp.messages.stork.impl;
+
+import org.opensaml.xml.AbstractXMLObjectBuilder;
+
+import eu.stork.vidp.messages.common.STORKConstants;
+import eu.stork.vidp.messages.stork.RequestedAttributes;
+
+/**
+ * Builder for {@link org.opensaml.saml2.core.impl.AudienceRestrictionImpl} objects.
+ */
+public class RequestedAttributesBuilder extends AbstractXMLObjectBuilder<RequestedAttributes> {
+
+ /** Constructor. */
+ public RequestedAttributesBuilder() {
+
+ }
+
+ /** {@inheritDoc} */
+ public RequestedAttributes buildObject() {
+ return buildObject(STORKConstants.STORK10_NS, RequestedAttributes.DEFAULT_ELEMENT_LOCAL_NAME,
+ STORKConstants.STORK10_PREFIX);
+ }
+
+ /** {@inheritDoc} */
+ public RequestedAttributes buildObject(String namespaceURI, String localName, String namespacePrefix) {
+ return new RequestedAttributesImpl(namespaceURI, localName, namespacePrefix);
+ }
+} \ No newline at end of file
diff --git a/id/server/stork-saml-engine/src/main/java/eu/stork/vidp/messages/stork/impl/RequestedAttributesImpl.java b/id/server/stork-saml-engine/src/main/java/eu/stork/vidp/messages/stork/impl/RequestedAttributesImpl.java
new file mode 100644
index 000000000..cd2b4a490
--- /dev/null
+++ b/id/server/stork-saml-engine/src/main/java/eu/stork/vidp/messages/stork/impl/RequestedAttributesImpl.java
@@ -0,0 +1,88 @@
+/*
+ * Copyright 2011 by Graz University of Technology, Austria
+ * The Austrian STORK Modules have been developed by the E-Government
+ * Innovation Center EGIZ, a joint initiative of the Federal Chancellery
+ * Austria and Graz University of Technology.
+ *
+ * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by
+ * the European Commission - subsequent versions of the EUPL (the "Licence");
+ * You may not use this work except in compliance with the Licence.
+ * You may obtain a copy of the Licence at:
+ * http://www.osor.eu/eupl/
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the Licence is distributed on an "AS IS" basis,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the Licence for the specific language governing permissions and
+ * limitations under the Licence.
+ *
+ * This product combines work with different licenses. See the "NOTICE" text
+ * file for details on the various modules and licenses.
+ * The "NOTICE" text file is part of the distribution. Any derivative works
+ * that you distribute must include a readable copy of the "NOTICE" text file.
+ */
+
+
+
+/**
+ *
+ */
+
+package eu.stork.vidp.messages.stork.impl;
+
+import java.util.ArrayList;
+import java.util.Collections;
+import java.util.List;
+
+import org.opensaml.saml2.metadata.RequestedAttribute;
+import org.opensaml.xml.XMLObject;
+import org.opensaml.xml.util.XMLObjectChildrenList;
+import org.opensaml.xml.validation.AbstractValidatingXMLObject;
+
+import eu.stork.vidp.messages.stork.RequestedAttributes;
+
+/**
+ * Concrete implementation of {@link org.opensaml.saml2.core.AudienceRestriction}.
+ */
+public class RequestedAttributesImpl extends AbstractValidatingXMLObject implements RequestedAttributes {
+
+ /** List of the audiences. */
+ private XMLObjectChildrenList<RequestedAttribute> requestedAttributes;
+
+ /**
+ * Constructor.
+ *
+ * @param namespaceURI the namespace the element is in
+ * @param elementLocalName the local name of the XML element this Object represents
+ * @param namespacePrefix the prefix for the given namespace
+ */
+ protected RequestedAttributesImpl(String namespaceURI, String elementLocalName, String namespacePrefix) {
+ super(namespaceURI, elementLocalName, namespacePrefix);
+ requestedAttributes = new XMLObjectChildrenList<RequestedAttribute>(this);
+ }
+
+ /** {@inheritDoc} */
+ public List<RequestedAttribute> getRequestedAttributes() {
+ return requestedAttributes;
+ }
+
+
+ /** {@inheritDoc} */
+ public List<XMLObject> getOrderedChildren() {
+ ArrayList<XMLObject> children = new ArrayList<XMLObject>();
+
+ children.addAll(requestedAttributes);
+
+ return Collections.unmodifiableList(children);
+ }
+
+ public void setRequestedAttributes(
+ List<RequestedAttribute> requestedAttributes) {
+ this.requestedAttributes = (XMLObjectChildrenList<RequestedAttribute>) requestedAttributes;
+
+ }
+
+
+
+
+} \ No newline at end of file
diff --git a/id/server/stork-saml-engine/src/main/java/eu/stork/vidp/messages/stork/impl/RequestedAttributesMarshaller.java b/id/server/stork-saml-engine/src/main/java/eu/stork/vidp/messages/stork/impl/RequestedAttributesMarshaller.java
new file mode 100644
index 000000000..8716c45a5
--- /dev/null
+++ b/id/server/stork-saml-engine/src/main/java/eu/stork/vidp/messages/stork/impl/RequestedAttributesMarshaller.java
@@ -0,0 +1,40 @@
+/*
+ * Copyright 2011 by Graz University of Technology, Austria
+ * The Austrian STORK Modules have been developed by the E-Government
+ * Innovation Center EGIZ, a joint initiative of the Federal Chancellery
+ * Austria and Graz University of Technology.
+ *
+ * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by
+ * the European Commission - subsequent versions of the EUPL (the "Licence");
+ * You may not use this work except in compliance with the Licence.
+ * You may obtain a copy of the Licence at:
+ * http://www.osor.eu/eupl/
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the Licence is distributed on an "AS IS" basis,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the Licence for the specific language governing permissions and
+ * limitations under the Licence.
+ *
+ * This product combines work with different licenses. See the "NOTICE" text
+ * file for details on the various modules and licenses.
+ * The "NOTICE" text file is part of the distribution. Any derivative works
+ * that you distribute must include a readable copy of the "NOTICE" text file.
+ */
+
+
+
+/**
+ *
+ */
+
+package eu.stork.vidp.messages.stork.impl;
+
+import org.opensaml.xml.io.BaseXMLObjectMarshaller;
+
+/**
+ * A thread safe Marshaller for {@link org.opensaml.saml2.core.AudienceRestriction} objects.
+ */
+public class RequestedAttributesMarshaller extends BaseXMLObjectMarshaller {
+
+} \ No newline at end of file
diff --git a/id/server/stork-saml-engine/src/main/java/eu/stork/vidp/messages/stork/impl/RequestedAttributesUnmarshaller.java b/id/server/stork-saml-engine/src/main/java/eu/stork/vidp/messages/stork/impl/RequestedAttributesUnmarshaller.java
new file mode 100644
index 000000000..94e603bd9
--- /dev/null
+++ b/id/server/stork-saml-engine/src/main/java/eu/stork/vidp/messages/stork/impl/RequestedAttributesUnmarshaller.java
@@ -0,0 +1,55 @@
+/*
+ * Copyright 2011 by Graz University of Technology, Austria
+ * The Austrian STORK Modules have been developed by the E-Government
+ * Innovation Center EGIZ, a joint initiative of the Federal Chancellery
+ * Austria and Graz University of Technology.
+ *
+ * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by
+ * the European Commission - subsequent versions of the EUPL (the "Licence");
+ * You may not use this work except in compliance with the Licence.
+ * You may obtain a copy of the Licence at:
+ * http://www.osor.eu/eupl/
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the Licence is distributed on an "AS IS" basis,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the Licence for the specific language governing permissions and
+ * limitations under the Licence.
+ *
+ * This product combines work with different licenses. See the "NOTICE" text
+ * file for details on the various modules and licenses.
+ * The "NOTICE" text file is part of the distribution. Any derivative works
+ * that you distribute must include a readable copy of the "NOTICE" text file.
+ */
+
+
+
+/**
+ *
+ */
+
+package eu.stork.vidp.messages.stork.impl;
+
+import org.opensaml.saml2.metadata.RequestedAttribute;
+import org.opensaml.xml.XMLObject;
+import org.opensaml.xml.io.BaseXMLObjectUnmarshaller;
+import org.opensaml.xml.io.UnmarshallingException;
+
+import eu.stork.vidp.messages.stork.RequestedAttributes;
+
+/**
+ * A thread-safe Unmarshaller for {@link org.opensaml.saml2.core.AudienceRestriction} objects.
+ */
+public class RequestedAttributesUnmarshaller extends BaseXMLObjectUnmarshaller {
+
+ /** {@inheritDoc} */
+ protected void processChildElement(XMLObject parentObject, XMLObject childObject) throws UnmarshallingException {
+ RequestedAttributes requestedAttributes = (RequestedAttributes) parentObject;
+
+ if (childObject instanceof RequestedAttribute) {
+ requestedAttributes.getRequestedAttributes().add((RequestedAttribute) childObject);
+ } else {
+ super.processChildElement(parentObject, childObject);
+ }
+ }
+} \ No newline at end of file
diff --git a/id/server/stork-saml-engine/src/main/java/eu/stork/vidp/messages/stork/impl/SPAuthRequestBuilder.java b/id/server/stork-saml-engine/src/main/java/eu/stork/vidp/messages/stork/impl/SPAuthRequestBuilder.java
new file mode 100644
index 000000000..1febbf399
--- /dev/null
+++ b/id/server/stork-saml-engine/src/main/java/eu/stork/vidp/messages/stork/impl/SPAuthRequestBuilder.java
@@ -0,0 +1,50 @@
+/*
+ * Copyright 2011 by Graz University of Technology, Austria
+ * The Austrian STORK Modules have been developed by the E-Government
+ * Innovation Center EGIZ, a joint initiative of the Federal Chancellery
+ * Austria and Graz University of Technology.
+ *
+ * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by
+ * the European Commission - subsequent versions of the EUPL (the "Licence");
+ * You may not use this work except in compliance with the Licence.
+ * You may obtain a copy of the Licence at:
+ * http://www.osor.eu/eupl/
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the Licence is distributed on an "AS IS" basis,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the Licence for the specific language governing permissions and
+ * limitations under the Licence.
+ *
+ * This product combines work with different licenses. See the "NOTICE" text
+ * file for details on the various modules and licenses.
+ * The "NOTICE" text file is part of the distribution. Any derivative works
+ * that you distribute must include a readable copy of the "NOTICE" text file.
+ */
+
+package eu.stork.vidp.messages.stork.impl;
+
+import org.opensaml.xml.AbstractXMLObjectBuilder;
+
+import eu.stork.vidp.messages.common.STORKConstants;
+import eu.stork.vidp.messages.stork.SPAuthRequest;
+
+/**
+ * Builder of {@link org.opensaml.saml2.common.impl.ExtensionsImpl} objects.
+ */
+public class SPAuthRequestBuilder extends AbstractXMLObjectBuilder<SPAuthRequest> {
+
+ /**
+ * {@inheritDoc}
+ */
+ public SPAuthRequest buildObject() {
+ return buildObject(STORKConstants.STORK10_NS, SPAuthRequest.LOCAL_NAME, STORKConstants.STORK10_PREFIX);
+ }
+
+ /**
+ * {@inheritDoc}
+ */
+ public SPAuthRequest buildObject(String namespaceURI, String localName, String namespacePrefix) {
+ return new SPAuthRequestImpl(namespaceURI, localName, namespacePrefix);
+ }
+}
diff --git a/id/server/stork-saml-engine/src/main/java/eu/stork/vidp/messages/stork/impl/SPAuthRequestImpl.java b/id/server/stork-saml-engine/src/main/java/eu/stork/vidp/messages/stork/impl/SPAuthRequestImpl.java
new file mode 100644
index 000000000..9ea20b9cc
--- /dev/null
+++ b/id/server/stork-saml-engine/src/main/java/eu/stork/vidp/messages/stork/impl/SPAuthRequestImpl.java
@@ -0,0 +1,76 @@
+/*
+ * Copyright 2011 by Graz University of Technology, Austria
+ * The Austrian STORK Modules have been developed by the E-Government
+ * Innovation Center EGIZ, a joint initiative of the Federal Chancellery
+ * Austria and Graz University of Technology.
+ *
+ * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by
+ * the European Commission - subsequent versions of the EUPL (the "Licence");
+ * You may not use this work except in compliance with the Licence.
+ * You may obtain a copy of the Licence at:
+ * http://www.osor.eu/eupl/
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the Licence is distributed on an "AS IS" basis,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the Licence for the specific language governing permissions and
+ * limitations under the Licence.
+ *
+ * This product combines work with different licenses. See the "NOTICE" text
+ * file for details on the various modules and licenses.
+ * The "NOTICE" text file is part of the distribution. Any derivative works
+ * that you distribute must include a readable copy of the "NOTICE" text file.
+ */
+
+
+package eu.stork.vidp.messages.stork.impl;
+
+import java.util.Collections;
+import java.util.List;
+
+import javax.xml.namespace.QName;
+
+import org.opensaml.xml.XMLObject;
+import org.opensaml.xml.util.IndexedXMLObjectChildrenList;
+import org.opensaml.xml.validation.AbstractValidatingXMLObject;
+
+import eu.stork.vidp.messages.stork.SPAuthRequest;
+
+/**
+ *
+ */
+public class SPAuthRequestImpl extends AbstractValidatingXMLObject implements SPAuthRequest {
+
+ /** "any" children */
+ private final IndexedXMLObjectChildrenList<XMLObject> unknownChildren;
+
+ /**
+ * Constructor
+ *
+ * @param namespaceURI
+ * @param elementLocalName
+ * @param namespacePrefix
+ */
+ protected SPAuthRequestImpl(String namespaceURI, String elementLocalName, String namespacePrefix) {
+ super(namespaceURI, elementLocalName, namespacePrefix);
+ unknownChildren = new IndexedXMLObjectChildrenList<XMLObject>(this);
+ }
+
+ /**
+ * {@inheritDoc}
+ */
+ public List<XMLObject> getUnknownXMLObjects() {
+ return unknownChildren;
+ }
+
+ /** {@inheritDoc} */
+ @SuppressWarnings("unchecked")
+ public List<XMLObject> getUnknownXMLObjects(QName typeOrName) {
+ return (List<XMLObject>) unknownChildren.subList(typeOrName);
+ }
+
+ /** {@inheritDoc} */
+ public List<XMLObject> getOrderedChildren() {
+ return Collections.unmodifiableList(unknownChildren);
+ }
+} \ No newline at end of file
diff --git a/id/server/stork-saml-engine/src/main/java/eu/stork/vidp/messages/stork/impl/SPAuthRequestMarshaller.java b/id/server/stork-saml-engine/src/main/java/eu/stork/vidp/messages/stork/impl/SPAuthRequestMarshaller.java
new file mode 100644
index 000000000..feb730935
--- /dev/null
+++ b/id/server/stork-saml-engine/src/main/java/eu/stork/vidp/messages/stork/impl/SPAuthRequestMarshaller.java
@@ -0,0 +1,57 @@
+/*
+ * Copyright 2011 by Graz University of Technology, Austria
+ * The Austrian STORK Modules have been developed by the E-Government
+ * Innovation Center EGIZ, a joint initiative of the Federal Chancellery
+ * Austria and Graz University of Technology.
+ *
+ * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by
+ * the European Commission - subsequent versions of the EUPL (the "Licence");
+ * You may not use this work except in compliance with the Licence.
+ * You may obtain a copy of the Licence at:
+ * http://www.osor.eu/eupl/
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the Licence is distributed on an "AS IS" basis,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the Licence for the specific language governing permissions and
+ * limitations under the Licence.
+ *
+ * This product combines work with different licenses. See the "NOTICE" text
+ * file for details on the various modules and licenses.
+ * The "NOTICE" text file is part of the distribution. Any derivative works
+ * that you distribute must include a readable copy of the "NOTICE" text file.
+ */
+
+package eu.stork.vidp.messages.stork.impl;
+
+import org.opensaml.xml.XMLObject;
+import org.opensaml.xml.io.AbstractXMLObjectMarshaller;
+import org.opensaml.xml.io.MarshallingException;
+import org.w3c.dom.Element;
+
+/**
+ * A thread-safe Marshaller for {@link org.opensaml.saml2.common.Extensions} objects.
+ */
+public class SPAuthRequestMarshaller extends AbstractXMLObjectMarshaller {
+
+ /**
+ * Constructor
+ */
+ public SPAuthRequestMarshaller() {
+ super();
+ }
+
+ /**
+ * {@inheritDoc}
+ */
+ protected void marshallAttributes(XMLObject xmlObject, Element domElement) throws MarshallingException {
+ // no attributes
+ }
+
+ /**
+ * {@inheritDoc}
+ */
+ protected void marshallElementContent(XMLObject xmlObject, Element domElement) throws MarshallingException {
+ // no content
+ }
+}
diff --git a/id/server/stork-saml-engine/src/main/java/eu/stork/vidp/messages/stork/impl/SPAuthRequestUnmarshaller.java b/id/server/stork-saml-engine/src/main/java/eu/stork/vidp/messages/stork/impl/SPAuthRequestUnmarshaller.java
new file mode 100644
index 000000000..7d5be220d
--- /dev/null
+++ b/id/server/stork-saml-engine/src/main/java/eu/stork/vidp/messages/stork/impl/SPAuthRequestUnmarshaller.java
@@ -0,0 +1,70 @@
+/*
+ * Copyright 2011 by Graz University of Technology, Austria
+ * The Austrian STORK Modules have been developed by the E-Government
+ * Innovation Center EGIZ, a joint initiative of the Federal Chancellery
+ * Austria and Graz University of Technology.
+ *
+ * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by
+ * the European Commission - subsequent versions of the EUPL (the "Licence");
+ * You may not use this work except in compliance with the Licence.
+ * You may obtain a copy of the Licence at:
+ * http://www.osor.eu/eupl/
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the Licence is distributed on an "AS IS" basis,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the Licence for the specific language governing permissions and
+ * limitations under the Licence.
+ *
+ * This product combines work with different licenses. See the "NOTICE" text
+ * file for details on the various modules and licenses.
+ * The "NOTICE" text file is part of the distribution. Any derivative works
+ * that you distribute must include a readable copy of the "NOTICE" text file.
+ */
+
+package eu.stork.vidp.messages.stork.impl;
+
+import org.opensaml.common.impl.AbstractSAMLObjectUnmarshaller;
+import org.opensaml.xml.XMLObject;
+import org.opensaml.xml.io.AbstractXMLObjectUnmarshaller;
+import org.opensaml.xml.io.UnmarshallingException;
+import org.slf4j.Logger;
+import org.slf4j.LoggerFactory;
+import org.w3c.dom.Attr;
+
+import eu.stork.vidp.messages.stork.SPAuthRequest;
+
+public class SPAuthRequestUnmarshaller extends AbstractXMLObjectUnmarshaller {
+
+ /** Logger. */
+ private final Logger log = LoggerFactory.getLogger(AbstractSAMLObjectUnmarshaller.class);
+
+ /** Constructor. */
+ public SPAuthRequestUnmarshaller() {
+ super();
+ }
+
+ /**
+ * {@inheritDoc}
+ */
+ protected void processChildElement(XMLObject parentXMLObject, XMLObject childXMLObject)
+ throws UnmarshallingException {
+ SPAuthRequest spAuthRequest = (SPAuthRequest) parentXMLObject;
+
+ spAuthRequest.getUnknownXMLObjects().add(childXMLObject);
+ }
+
+ /**
+ * {@inheritDoc}
+ */
+ protected void processAttribute(XMLObject xmlObject, Attr attribute) throws UnmarshallingException {
+ log.debug("Ignorning unknown attribute {}", attribute.getLocalName());
+ }
+
+ /**
+ * {@inheritDoc}
+ */
+ protected void processElementContent(XMLObject xmlObject, String elementContent) {
+ log.debug("Ignoring element content {}", elementContent);
+ }
+}
diff --git a/id/server/stork-saml-engine/src/main/java/eu/stork/vidp/messages/stork/impl/SPCertEncBuilder.java b/id/server/stork-saml-engine/src/main/java/eu/stork/vidp/messages/stork/impl/SPCertEncBuilder.java
new file mode 100644
index 000000000..eb13ddf73
--- /dev/null
+++ b/id/server/stork-saml-engine/src/main/java/eu/stork/vidp/messages/stork/impl/SPCertEncBuilder.java
@@ -0,0 +1,46 @@
+/*
+ * Copyright 2011 by Graz University of Technology, Austria
+ * The Austrian STORK Modules have been developed by the E-Government
+ * Innovation Center EGIZ, a joint initiative of the Federal Chancellery
+ * Austria and Graz University of Technology.
+ *
+ * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by
+ * the European Commission - subsequent versions of the EUPL (the "Licence");
+ * You may not use this work except in compliance with the Licence.
+ * You may obtain a copy of the Licence at:
+ * http://www.osor.eu/eupl/
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the Licence is distributed on an "AS IS" basis,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the Licence for the specific language governing permissions and
+ * limitations under the Licence.
+ *
+ * This product combines work with different licenses. See the "NOTICE" text
+ * file for details on the various modules and licenses.
+ * The "NOTICE" text file is part of the distribution. Any derivative works
+ * that you distribute must include a readable copy of the "NOTICE" text file.
+ */
+
+
+package eu.stork.vidp.messages.stork.impl;
+
+import org.opensaml.xml.AbstractXMLObjectBuilder;
+
+import eu.stork.vidp.messages.common.STORKConstants;
+import eu.stork.vidp.messages.stork.SPCertEnc;
+
+public class SPCertEncBuilder extends
+ AbstractXMLObjectBuilder<SPCertEnc> {
+
+ @Override
+ public SPCertEnc buildObject(String namespaceURI, String localName,
+ String namespacePrefix) {
+ return new SPCertEncImpl(namespaceURI, localName, namespacePrefix);
+ }
+
+ public SPCertEnc buildObject() {
+ return buildObject(STORKConstants.STORK10_NS, SPCertEnc.DEFAULT_ELEMENT_LOCAL_NAME, STORKConstants.STORK10_PREFIX);
+ }
+
+}
diff --git a/id/server/stork-saml-engine/src/main/java/eu/stork/vidp/messages/stork/impl/SPCertEncImpl.java b/id/server/stork-saml-engine/src/main/java/eu/stork/vidp/messages/stork/impl/SPCertEncImpl.java
new file mode 100644
index 000000000..2ee08e1ec
--- /dev/null
+++ b/id/server/stork-saml-engine/src/main/java/eu/stork/vidp/messages/stork/impl/SPCertEncImpl.java
@@ -0,0 +1,39 @@
+/*
+ * Copyright 2011 by Graz University of Technology, Austria
+ * The Austrian STORK Modules have been developed by the E-Government
+ * Innovation Center EGIZ, a joint initiative of the Federal Chancellery
+ * Austria and Graz University of Technology.
+ *
+ * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by
+ * the European Commission - subsequent versions of the EUPL (the "Licence");
+ * You may not use this work except in compliance with the Licence.
+ * You may obtain a copy of the Licence at:
+ * http://www.osor.eu/eupl/
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the Licence is distributed on an "AS IS" basis,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the Licence for the specific language governing permissions and
+ * limitations under the Licence.
+ *
+ * This product combines work with different licenses. See the "NOTICE" text
+ * file for details on the various modules and licenses.
+ * The "NOTICE" text file is part of the distribution. Any derivative works
+ * that you distribute must include a readable copy of the "NOTICE" text file.
+ */
+
+
+package eu.stork.vidp.messages.stork.impl;
+
+import eu.stork.vidp.messages.stork.SPCertEnc;
+
+public class SPCertEncImpl extends
+ SPCertTypeImpl implements
+ SPCertEnc {
+
+ protected SPCertEncImpl(String namespaceURI,
+ String elementLocalName, String namespacePrefix) {
+ super(namespaceURI, elementLocalName, namespacePrefix);
+ }
+
+}
diff --git a/id/server/stork-saml-engine/src/main/java/eu/stork/vidp/messages/stork/impl/SPCertEncMarshaller.java b/id/server/stork-saml-engine/src/main/java/eu/stork/vidp/messages/stork/impl/SPCertEncMarshaller.java
new file mode 100644
index 000000000..091676959
--- /dev/null
+++ b/id/server/stork-saml-engine/src/main/java/eu/stork/vidp/messages/stork/impl/SPCertEncMarshaller.java
@@ -0,0 +1,34 @@
+/*
+ * Copyright 2011 by Graz University of Technology, Austria
+ * The Austrian STORK Modules have been developed by the E-Government
+ * Innovation Center EGIZ, a joint initiative of the Federal Chancellery
+ * Austria and Graz University of Technology.
+ *
+ * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by
+ * the European Commission - subsequent versions of the EUPL (the "Licence");
+ * You may not use this work except in compliance with the Licence.
+ * You may obtain a copy of the Licence at:
+ * http://www.osor.eu/eupl/
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the Licence is distributed on an "AS IS" basis,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the Licence for the specific language governing permissions and
+ * limitations under the Licence.
+ *
+ * This product combines work with different licenses. See the "NOTICE" text
+ * file for details on the various modules and licenses.
+ * The "NOTICE" text file is part of the distribution. Any derivative works
+ * that you distribute must include a readable copy of the "NOTICE" text file.
+ */
+
+
+package eu.stork.vidp.messages.stork.impl;
+
+
+public class SPCertEncMarshaller extends
+ SPCertTypeMarshaller {
+
+
+
+}
diff --git a/id/server/stork-saml-engine/src/main/java/eu/stork/vidp/messages/stork/impl/SPCertEncUnmarshaller.java b/id/server/stork-saml-engine/src/main/java/eu/stork/vidp/messages/stork/impl/SPCertEncUnmarshaller.java
new file mode 100644
index 000000000..3b6339609
--- /dev/null
+++ b/id/server/stork-saml-engine/src/main/java/eu/stork/vidp/messages/stork/impl/SPCertEncUnmarshaller.java
@@ -0,0 +1,33 @@
+/*
+ * Copyright 2011 by Graz University of Technology, Austria
+ * The Austrian STORK Modules have been developed by the E-Government
+ * Innovation Center EGIZ, a joint initiative of the Federal Chancellery
+ * Austria and Graz University of Technology.
+ *
+ * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by
+ * the European Commission - subsequent versions of the EUPL (the "Licence");
+ * You may not use this work except in compliance with the Licence.
+ * You may obtain a copy of the Licence at:
+ * http://www.osor.eu/eupl/
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the Licence is distributed on an "AS IS" basis,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the Licence for the specific language governing permissions and
+ * limitations under the Licence.
+ *
+ * This product combines work with different licenses. See the "NOTICE" text
+ * file for details on the various modules and licenses.
+ * The "NOTICE" text file is part of the distribution. Any derivative works
+ * that you distribute must include a readable copy of the "NOTICE" text file.
+ */
+
+
+package eu.stork.vidp.messages.stork.impl;
+
+
+public class SPCertEncUnmarshaller extends
+ SPCertTypeUnmarshaller {
+
+
+}
diff --git a/id/server/stork-saml-engine/src/main/java/eu/stork/vidp/messages/stork/impl/SPCertSigBuilder.java b/id/server/stork-saml-engine/src/main/java/eu/stork/vidp/messages/stork/impl/SPCertSigBuilder.java
new file mode 100644
index 000000000..5e75a0e2c
--- /dev/null
+++ b/id/server/stork-saml-engine/src/main/java/eu/stork/vidp/messages/stork/impl/SPCertSigBuilder.java
@@ -0,0 +1,46 @@
+/*
+ * Copyright 2011 by Graz University of Technology, Austria
+ * The Austrian STORK Modules have been developed by the E-Government
+ * Innovation Center EGIZ, a joint initiative of the Federal Chancellery
+ * Austria and Graz University of Technology.
+ *
+ * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by
+ * the European Commission - subsequent versions of the EUPL (the "Licence");
+ * You may not use this work except in compliance with the Licence.
+ * You may obtain a copy of the Licence at:
+ * http://www.osor.eu/eupl/
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the Licence is distributed on an "AS IS" basis,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the Licence for the specific language governing permissions and
+ * limitations under the Licence.
+ *
+ * This product combines work with different licenses. See the "NOTICE" text
+ * file for details on the various modules and licenses.
+ * The "NOTICE" text file is part of the distribution. Any derivative works
+ * that you distribute must include a readable copy of the "NOTICE" text file.
+ */
+
+
+package eu.stork.vidp.messages.stork.impl;
+
+import org.opensaml.xml.AbstractXMLObjectBuilder;
+
+import eu.stork.vidp.messages.common.STORKConstants;
+import eu.stork.vidp.messages.stork.SPCertSig;
+
+public class SPCertSigBuilder extends
+ AbstractXMLObjectBuilder<SPCertSig> {
+
+ @Override
+ public SPCertSig buildObject(String namespaceURI, String localName,
+ String namespacePrefix) {
+ return new SPCertSigImpl(namespaceURI, localName, namespacePrefix);
+ }
+
+ public SPCertSig buildObject() {
+ return buildObject(STORKConstants.STORK10_NS, SPCertSig.DEFAULT_ELEMENT_LOCAL_NAME, STORKConstants.STORK10_PREFIX);
+ }
+
+}
diff --git a/id/server/stork-saml-engine/src/main/java/eu/stork/vidp/messages/stork/impl/SPCertSigImpl.java b/id/server/stork-saml-engine/src/main/java/eu/stork/vidp/messages/stork/impl/SPCertSigImpl.java
new file mode 100644
index 000000000..f98e3ede3
--- /dev/null
+++ b/id/server/stork-saml-engine/src/main/java/eu/stork/vidp/messages/stork/impl/SPCertSigImpl.java
@@ -0,0 +1,39 @@
+/*
+ * Copyright 2011 by Graz University of Technology, Austria
+ * The Austrian STORK Modules have been developed by the E-Government
+ * Innovation Center EGIZ, a joint initiative of the Federal Chancellery
+ * Austria and Graz University of Technology.
+ *
+ * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by
+ * the European Commission - subsequent versions of the EUPL (the "Licence");
+ * You may not use this work except in compliance with the Licence.
+ * You may obtain a copy of the Licence at:
+ * http://www.osor.eu/eupl/
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the Licence is distributed on an "AS IS" basis,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the Licence for the specific language governing permissions and
+ * limitations under the Licence.
+ *
+ * This product combines work with different licenses. See the "NOTICE" text
+ * file for details on the various modules and licenses.
+ * The "NOTICE" text file is part of the distribution. Any derivative works
+ * that you distribute must include a readable copy of the "NOTICE" text file.
+ */
+
+
+package eu.stork.vidp.messages.stork.impl;
+
+import eu.stork.vidp.messages.stork.SPCertSig;
+
+public class SPCertSigImpl extends
+ SPCertTypeImpl implements
+ SPCertSig {
+
+ protected SPCertSigImpl(String namespaceURI,
+ String elementLocalName, String namespacePrefix) {
+ super(namespaceURI, elementLocalName, namespacePrefix);
+ }
+
+}
diff --git a/id/server/stork-saml-engine/src/main/java/eu/stork/vidp/messages/stork/impl/SPCertSigMarshaller.java b/id/server/stork-saml-engine/src/main/java/eu/stork/vidp/messages/stork/impl/SPCertSigMarshaller.java
new file mode 100644
index 000000000..e9f3d14da
--- /dev/null
+++ b/id/server/stork-saml-engine/src/main/java/eu/stork/vidp/messages/stork/impl/SPCertSigMarshaller.java
@@ -0,0 +1,34 @@
+/*
+ * Copyright 2011 by Graz University of Technology, Austria
+ * The Austrian STORK Modules have been developed by the E-Government
+ * Innovation Center EGIZ, a joint initiative of the Federal Chancellery
+ * Austria and Graz University of Technology.
+ *
+ * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by
+ * the European Commission - subsequent versions of the EUPL (the "Licence");
+ * You may not use this work except in compliance with the Licence.
+ * You may obtain a copy of the Licence at:
+ * http://www.osor.eu/eupl/
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the Licence is distributed on an "AS IS" basis,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the Licence for the specific language governing permissions and
+ * limitations under the Licence.
+ *
+ * This product combines work with different licenses. See the "NOTICE" text
+ * file for details on the various modules and licenses.
+ * The "NOTICE" text file is part of the distribution. Any derivative works
+ * that you distribute must include a readable copy of the "NOTICE" text file.
+ */
+
+
+package eu.stork.vidp.messages.stork.impl;
+
+
+public class SPCertSigMarshaller extends
+ SPCertTypeMarshaller {
+
+
+
+}
diff --git a/id/server/stork-saml-engine/src/main/java/eu/stork/vidp/messages/stork/impl/SPCertSigUnmarshaller.java b/id/server/stork-saml-engine/src/main/java/eu/stork/vidp/messages/stork/impl/SPCertSigUnmarshaller.java
new file mode 100644
index 000000000..d706223cb
--- /dev/null
+++ b/id/server/stork-saml-engine/src/main/java/eu/stork/vidp/messages/stork/impl/SPCertSigUnmarshaller.java
@@ -0,0 +1,33 @@
+/*
+ * Copyright 2011 by Graz University of Technology, Austria
+ * The Austrian STORK Modules have been developed by the E-Government
+ * Innovation Center EGIZ, a joint initiative of the Federal Chancellery
+ * Austria and Graz University of Technology.
+ *
+ * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by
+ * the European Commission - subsequent versions of the EUPL (the "Licence");
+ * You may not use this work except in compliance with the Licence.
+ * You may obtain a copy of the Licence at:
+ * http://www.osor.eu/eupl/
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the Licence is distributed on an "AS IS" basis,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the Licence for the specific language governing permissions and
+ * limitations under the Licence.
+ *
+ * This product combines work with different licenses. See the "NOTICE" text
+ * file for details on the various modules and licenses.
+ * The "NOTICE" text file is part of the distribution. Any derivative works
+ * that you distribute must include a readable copy of the "NOTICE" text file.
+ */
+
+
+package eu.stork.vidp.messages.stork.impl;
+
+
+public class SPCertSigUnmarshaller extends
+ SPCertTypeUnmarshaller {
+
+
+}
diff --git a/id/server/stork-saml-engine/src/main/java/eu/stork/vidp/messages/stork/impl/SPCertTypeImpl.java b/id/server/stork-saml-engine/src/main/java/eu/stork/vidp/messages/stork/impl/SPCertTypeImpl.java
new file mode 100644
index 000000000..a9a30dada
--- /dev/null
+++ b/id/server/stork-saml-engine/src/main/java/eu/stork/vidp/messages/stork/impl/SPCertTypeImpl.java
@@ -0,0 +1,72 @@
+/*
+ * Copyright 2011 by Graz University of Technology, Austria
+ * The Austrian STORK Modules have been developed by the E-Government
+ * Innovation Center EGIZ, a joint initiative of the Federal Chancellery
+ * Austria and Graz University of Technology.
+ *
+ * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by
+ * the European Commission - subsequent versions of the EUPL (the "Licence");
+ * You may not use this work except in compliance with the Licence.
+ * You may obtain a copy of the Licence at:
+ * http://www.osor.eu/eupl/
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the Licence is distributed on an "AS IS" basis,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the Licence for the specific language governing permissions and
+ * limitations under the Licence.
+ *
+ * This product combines work with different licenses. See the "NOTICE" text
+ * file for details on the various modules and licenses.
+ * The "NOTICE" text file is part of the distribution. Any derivative works
+ * that you distribute must include a readable copy of the "NOTICE" text file.
+ */
+
+
+package eu.stork.vidp.messages.stork.impl;
+
+import java.util.ArrayList;
+import java.util.Collections;
+import java.util.List;
+
+import org.opensaml.xml.XMLObject;
+import org.opensaml.xml.signature.KeyInfo;
+import org.opensaml.xml.validation.AbstractValidatingXMLObject;
+
+import eu.stork.vidp.messages.stork.SPCertType;
+
+public class SPCertTypeImpl extends
+ AbstractValidatingXMLObject implements
+ SPCertType {
+
+ private KeyInfo keyInfo;
+
+ protected SPCertTypeImpl(String namespaceURI,
+ String elementLocalName, String namespacePrefix) {
+ super(namespaceURI, elementLocalName, namespacePrefix);
+ }
+
+ public KeyInfo getKeyInfo() {
+ return keyInfo;
+ }
+
+ public void setKeyInfo(KeyInfo keyInfo) {
+ this.keyInfo = keyInfo;
+ }
+
+ public List<XMLObject> getOrderedChildren() {
+ ArrayList<XMLObject> children = new ArrayList<XMLObject>();
+
+ if (keyInfo != null) {
+ children.add(keyInfo);
+ }
+
+ if (children.size() == 0) {
+ return null;
+ }
+
+ return Collections.unmodifiableList(children);
+ }
+
+
+}
diff --git a/id/server/stork-saml-engine/src/main/java/eu/stork/vidp/messages/stork/impl/SPCertTypeMarshaller.java b/id/server/stork-saml-engine/src/main/java/eu/stork/vidp/messages/stork/impl/SPCertTypeMarshaller.java
new file mode 100644
index 000000000..0443a721a
--- /dev/null
+++ b/id/server/stork-saml-engine/src/main/java/eu/stork/vidp/messages/stork/impl/SPCertTypeMarshaller.java
@@ -0,0 +1,34 @@
+/*
+ * Copyright 2011 by Graz University of Technology, Austria
+ * The Austrian STORK Modules have been developed by the E-Government
+ * Innovation Center EGIZ, a joint initiative of the Federal Chancellery
+ * Austria and Graz University of Technology.
+ *
+ * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by
+ * the European Commission - subsequent versions of the EUPL (the "Licence");
+ * You may not use this work except in compliance with the Licence.
+ * You may obtain a copy of the Licence at:
+ * http://www.osor.eu/eupl/
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the Licence is distributed on an "AS IS" basis,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the Licence for the specific language governing permissions and
+ * limitations under the Licence.
+ *
+ * This product combines work with different licenses. See the "NOTICE" text
+ * file for details on the various modules and licenses.
+ * The "NOTICE" text file is part of the distribution. Any derivative works
+ * that you distribute must include a readable copy of the "NOTICE" text file.
+ */
+
+
+package eu.stork.vidp.messages.stork.impl;
+
+import org.opensaml.xml.io.BaseXMLObjectMarshaller;
+
+public class SPCertTypeMarshaller extends
+ BaseXMLObjectMarshaller {
+
+
+}
diff --git a/id/server/stork-saml-engine/src/main/java/eu/stork/vidp/messages/stork/impl/SPCertTypeUnmarshaller.java b/id/server/stork-saml-engine/src/main/java/eu/stork/vidp/messages/stork/impl/SPCertTypeUnmarshaller.java
new file mode 100644
index 000000000..e23ff6b54
--- /dev/null
+++ b/id/server/stork-saml-engine/src/main/java/eu/stork/vidp/messages/stork/impl/SPCertTypeUnmarshaller.java
@@ -0,0 +1,53 @@
+/*
+ * Copyright 2011 by Graz University of Technology, Austria
+ * The Austrian STORK Modules have been developed by the E-Government
+ * Innovation Center EGIZ, a joint initiative of the Federal Chancellery
+ * Austria and Graz University of Technology.
+ *
+ * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by
+ * the European Commission - subsequent versions of the EUPL (the "Licence");
+ * You may not use this work except in compliance with the Licence.
+ * You may obtain a copy of the Licence at:
+ * http://www.osor.eu/eupl/
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the Licence is distributed on an "AS IS" basis,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the Licence for the specific language governing permissions and
+ * limitations under the Licence.
+ *
+ * This product combines work with different licenses. See the "NOTICE" text
+ * file for details on the various modules and licenses.
+ * The "NOTICE" text file is part of the distribution. Any derivative works
+ * that you distribute must include a readable copy of the "NOTICE" text file.
+ */
+
+
+package eu.stork.vidp.messages.stork.impl;
+
+import org.opensaml.xml.XMLObject;
+import org.opensaml.xml.io.BaseXMLObjectUnmarshaller;
+import org.opensaml.xml.io.UnmarshallingException;
+import org.opensaml.xml.signature.KeyInfo;
+
+import eu.stork.vidp.messages.stork.SPCertType;
+
+public class SPCertTypeUnmarshaller extends
+ BaseXMLObjectUnmarshaller {
+
+
+ @Override
+ protected void processChildElement(XMLObject parentXMLObject,
+ XMLObject childXMLObject) throws UnmarshallingException {
+ SPCertType spCertType = (SPCertType) parentXMLObject;
+
+ if (childXMLObject instanceof KeyInfo) {
+ spCertType.setKeyInfo((KeyInfo) childXMLObject);
+ } else {
+ super.processChildElement(parentXMLObject, childXMLObject);
+ }
+ }
+
+
+
+}
diff --git a/id/server/stork-saml-engine/src/main/java/eu/stork/vidp/messages/stork/impl/SPIDBuilder.java b/id/server/stork-saml-engine/src/main/java/eu/stork/vidp/messages/stork/impl/SPIDBuilder.java
new file mode 100644
index 000000000..f892c88c3
--- /dev/null
+++ b/id/server/stork-saml-engine/src/main/java/eu/stork/vidp/messages/stork/impl/SPIDBuilder.java
@@ -0,0 +1,46 @@
+/*
+ * Copyright 2011 by Graz University of Technology, Austria
+ * The Austrian STORK Modules have been developed by the E-Government
+ * Innovation Center EGIZ, a joint initiative of the Federal Chancellery
+ * Austria and Graz University of Technology.
+ *
+ * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by
+ * the European Commission - subsequent versions of the EUPL (the "Licence");
+ * You may not use this work except in compliance with the Licence.
+ * You may obtain a copy of the Licence at:
+ * http://www.osor.eu/eupl/
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the Licence is distributed on an "AS IS" basis,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the Licence for the specific language governing permissions and
+ * limitations under the Licence.
+ *
+ * This product combines work with different licenses. See the "NOTICE" text
+ * file for details on the various modules and licenses.
+ * The "NOTICE" text file is part of the distribution. Any derivative works
+ * that you distribute must include a readable copy of the "NOTICE" text file.
+ */
+
+
+package eu.stork.vidp.messages.stork.impl;
+
+import org.opensaml.xml.AbstractXMLObjectBuilder;
+
+import eu.stork.vidp.messages.common.STORKConstants;
+import eu.stork.vidp.messages.stork.SPID;
+
+public class SPIDBuilder extends
+ AbstractXMLObjectBuilder<SPID> {
+
+ @Override
+ public SPID buildObject(String namespaceURI, String localName,
+ String namespacePrefix) {
+ return new SPIDImpl(namespaceURI, localName, namespacePrefix);
+ }
+
+ public SPID buildObject() {
+ return buildObject(STORKConstants.STORK10_NS, SPID.DEFAULT_ELEMENT_LOCAL_NAME, STORKConstants.STORK10_PREFIX);
+ }
+
+}
diff --git a/id/server/stork-saml-engine/src/main/java/eu/stork/vidp/messages/stork/impl/SPIDImpl.java b/id/server/stork-saml-engine/src/main/java/eu/stork/vidp/messages/stork/impl/SPIDImpl.java
new file mode 100644
index 000000000..34bde4caa
--- /dev/null
+++ b/id/server/stork-saml-engine/src/main/java/eu/stork/vidp/messages/stork/impl/SPIDImpl.java
@@ -0,0 +1,60 @@
+/*
+ * Copyright 2011 by Graz University of Technology, Austria
+ * The Austrian STORK Modules have been developed by the E-Government
+ * Innovation Center EGIZ, a joint initiative of the Federal Chancellery
+ * Austria and Graz University of Technology.
+ *
+ * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by
+ * the European Commission - subsequent versions of the EUPL (the "Licence");
+ * You may not use this work except in compliance with the Licence.
+ * You may obtain a copy of the Licence at:
+ * http://www.osor.eu/eupl/
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the Licence is distributed on an "AS IS" basis,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the Licence for the specific language governing permissions and
+ * limitations under the Licence.
+ *
+ * This product combines work with different licenses. See the "NOTICE" text
+ * file for details on the various modules and licenses.
+ * The "NOTICE" text file is part of the distribution. Any derivative works
+ * that you distribute must include a readable copy of the "NOTICE" text file.
+ */
+
+
+package eu.stork.vidp.messages.stork.impl;
+
+import java.util.Collections;
+import java.util.List;
+
+import org.opensaml.xml.XMLObject;
+import org.opensaml.xml.validation.AbstractValidatingXMLObject;
+
+import eu.stork.vidp.messages.stork.SPID;
+
+public class SPIDImpl extends
+ AbstractValidatingXMLObject implements
+ SPID {
+
+ private String spID;
+
+ protected SPIDImpl(String namespaceURI,
+ String elementLocalName, String namespacePrefix) {
+ super(namespaceURI, elementLocalName, namespacePrefix);
+ }
+
+ public String getValue() {
+ return spID;
+ }
+
+ public void setValue(String spID) {
+ this.spID = spID;
+ }
+
+ public List<XMLObject> getOrderedChildren() {
+ return Collections.emptyList();
+ }
+
+
+}
diff --git a/id/server/stork-saml-engine/src/main/java/eu/stork/vidp/messages/stork/impl/SPIDMarshaller.java b/id/server/stork-saml-engine/src/main/java/eu/stork/vidp/messages/stork/impl/SPIDMarshaller.java
new file mode 100644
index 000000000..8455d5033
--- /dev/null
+++ b/id/server/stork-saml-engine/src/main/java/eu/stork/vidp/messages/stork/impl/SPIDMarshaller.java
@@ -0,0 +1,45 @@
+/*
+ * Copyright 2011 by Graz University of Technology, Austria
+ * The Austrian STORK Modules have been developed by the E-Government
+ * Innovation Center EGIZ, a joint initiative of the Federal Chancellery
+ * Austria and Graz University of Technology.
+ *
+ * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by
+ * the European Commission - subsequent versions of the EUPL (the "Licence");
+ * You may not use this work except in compliance with the Licence.
+ * You may obtain a copy of the Licence at:
+ * http://www.osor.eu/eupl/
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the Licence is distributed on an "AS IS" basis,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the Licence for the specific language governing permissions and
+ * limitations under the Licence.
+ *
+ * This product combines work with different licenses. See the "NOTICE" text
+ * file for details on the various modules and licenses.
+ * The "NOTICE" text file is part of the distribution. Any derivative works
+ * that you distribute must include a readable copy of the "NOTICE" text file.
+ */
+
+
+package eu.stork.vidp.messages.stork.impl;
+
+import org.opensaml.xml.XMLObject;
+import org.opensaml.xml.io.BaseXMLObjectMarshaller;
+import org.opensaml.xml.io.MarshallingException;
+import org.opensaml.xml.util.XMLHelper;
+import org.w3c.dom.Element;
+
+import eu.stork.vidp.messages.stork.SPID;
+
+public class SPIDMarshaller extends
+ BaseXMLObjectMarshaller {
+
+ /** {@inheritDoc} */
+ protected void marshallElementContent(XMLObject xmlObject, Element domElement) throws MarshallingException {
+ SPID spID = (SPID) xmlObject;
+ XMLHelper.appendTextContent(domElement, spID.getValue());
+ }
+
+}
diff --git a/id/server/stork-saml-engine/src/main/java/eu/stork/vidp/messages/stork/impl/SPIDUnmarshaller.java b/id/server/stork-saml-engine/src/main/java/eu/stork/vidp/messages/stork/impl/SPIDUnmarshaller.java
new file mode 100644
index 000000000..f2eb1eb00
--- /dev/null
+++ b/id/server/stork-saml-engine/src/main/java/eu/stork/vidp/messages/stork/impl/SPIDUnmarshaller.java
@@ -0,0 +1,45 @@
+/*
+ * Copyright 2011 by Graz University of Technology, Austria
+ * The Austrian STORK Modules have been developed by the E-Government
+ * Innovation Center EGIZ, a joint initiative of the Federal Chancellery
+ * Austria and Graz University of Technology.
+ *
+ * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by
+ * the European Commission - subsequent versions of the EUPL (the "Licence");
+ * You may not use this work except in compliance with the Licence.
+ * You may obtain a copy of the Licence at:
+ * http://www.osor.eu/eupl/
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the Licence is distributed on an "AS IS" basis,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the Licence for the specific language governing permissions and
+ * limitations under the Licence.
+ *
+ * This product combines work with different licenses. See the "NOTICE" text
+ * file for details on the various modules and licenses.
+ * The "NOTICE" text file is part of the distribution. Any derivative works
+ * that you distribute must include a readable copy of the "NOTICE" text file.
+ */
+
+
+package eu.stork.vidp.messages.stork.impl;
+
+import org.opensaml.xml.XMLObject;
+import org.opensaml.xml.io.BaseXMLObjectUnmarshaller;
+
+import eu.stork.vidp.messages.stork.SPID;
+
+public class SPIDUnmarshaller extends
+ BaseXMLObjectUnmarshaller {
+
+ @Override
+ protected void processElementContent(XMLObject xmlObject,
+ String elementContent) {
+ SPID spID = (SPID) xmlObject;
+ spID.setValue(elementContent);
+ }
+
+
+
+}
diff --git a/id/server/stork-saml-engine/src/main/java/eu/stork/vidp/messages/stork/impl/SPInformationBuilder.java b/id/server/stork-saml-engine/src/main/java/eu/stork/vidp/messages/stork/impl/SPInformationBuilder.java
new file mode 100644
index 000000000..1bc9c6ae8
--- /dev/null
+++ b/id/server/stork-saml-engine/src/main/java/eu/stork/vidp/messages/stork/impl/SPInformationBuilder.java
@@ -0,0 +1,46 @@
+/*
+ * Copyright 2011 by Graz University of Technology, Austria
+ * The Austrian STORK Modules have been developed by the E-Government
+ * Innovation Center EGIZ, a joint initiative of the Federal Chancellery
+ * Austria and Graz University of Technology.
+ *
+ * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by
+ * the European Commission - subsequent versions of the EUPL (the "Licence");
+ * You may not use this work except in compliance with the Licence.
+ * You may obtain a copy of the Licence at:
+ * http://www.osor.eu/eupl/
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the Licence is distributed on an "AS IS" basis,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the Licence for the specific language governing permissions and
+ * limitations under the Licence.
+ *
+ * This product combines work with different licenses. See the "NOTICE" text
+ * file for details on the various modules and licenses.
+ * The "NOTICE" text file is part of the distribution. Any derivative works
+ * that you distribute must include a readable copy of the "NOTICE" text file.
+ */
+
+
+package eu.stork.vidp.messages.stork.impl;
+
+import org.opensaml.xml.AbstractXMLObjectBuilder;
+
+import eu.stork.vidp.messages.common.STORKConstants;
+import eu.stork.vidp.messages.stork.SPInformation;
+
+public class SPInformationBuilder extends
+ AbstractXMLObjectBuilder<SPInformation> {
+
+ @Override
+ public SPInformation buildObject(String namespaceURI, String localName,
+ String namespacePrefix) {
+ return new SPInformationImpl(namespaceURI, localName, namespacePrefix);
+ }
+
+ public SPInformation buildObject() {
+ return buildObject(STORKConstants.STORK10_NS, SPInformation.DEFAULT_ELEMENT_LOCAL_NAME, STORKConstants.STORK10_PREFIX);
+ }
+
+}
diff --git a/id/server/stork-saml-engine/src/main/java/eu/stork/vidp/messages/stork/impl/SPInformationImpl.java b/id/server/stork-saml-engine/src/main/java/eu/stork/vidp/messages/stork/impl/SPInformationImpl.java
new file mode 100644
index 000000000..e42c1cff5
--- /dev/null
+++ b/id/server/stork-saml-engine/src/main/java/eu/stork/vidp/messages/stork/impl/SPInformationImpl.java
@@ -0,0 +1,121 @@
+/*
+ * Copyright 2011 by Graz University of Technology, Austria
+ * The Austrian STORK Modules have been developed by the E-Government
+ * Innovation Center EGIZ, a joint initiative of the Federal Chancellery
+ * Austria and Graz University of Technology.
+ *
+ * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by
+ * the European Commission - subsequent versions of the EUPL (the "Licence");
+ * You may not use this work except in compliance with the Licence.
+ * You may obtain a copy of the Licence at:
+ * http://www.osor.eu/eupl/
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the Licence is distributed on an "AS IS" basis,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the Licence for the specific language governing permissions and
+ * limitations under the Licence.
+ *
+ * This product combines work with different licenses. See the "NOTICE" text
+ * file for details on the various modules and licenses.
+ * The "NOTICE" text file is part of the distribution. Any derivative works
+ * that you distribute must include a readable copy of the "NOTICE" text file.
+ */
+
+
+package eu.stork.vidp.messages.stork.impl;
+
+import java.util.ArrayList;
+import java.util.Collections;
+import java.util.List;
+
+import org.opensaml.xml.XMLObject;
+import org.opensaml.xml.validation.AbstractValidatingXMLObject;
+
+import eu.stork.vidp.messages.stork.SPAuthRequest;
+import eu.stork.vidp.messages.stork.SPCertEnc;
+import eu.stork.vidp.messages.stork.SPCertSig;
+import eu.stork.vidp.messages.stork.SPID;
+import eu.stork.vidp.messages.stork.SPInformation;
+
+public class SPInformationImpl extends
+ AbstractValidatingXMLObject implements
+ SPInformation {
+
+ private SPID spID;
+
+ private SPCertSig spCertSig;
+
+ private SPCertEnc spCertEnc;
+
+ private SPAuthRequest spAuthRequest;
+
+ protected SPInformationImpl(String namespaceURI,
+ String elementLocalName, String namespacePrefix) {
+ super(namespaceURI, elementLocalName, namespacePrefix);
+ }
+
+ public SPAuthRequest getSPAuthRequest() {
+ return spAuthRequest;
+ }
+
+ public SPCertEnc getSPCertEnc() {
+ return spCertEnc;
+ }
+
+ public SPCertSig getSPCertSig() {
+ return spCertSig;
+ }
+
+ public SPID getSPID() {
+ return spID;
+ }
+
+ public void setSPAuthRequest(SPAuthRequest spAuthRequest) {
+ this.spAuthRequest = spAuthRequest;
+ }
+
+ public void setSPCertEnc(SPCertEnc spCertEnc) {
+ this.spCertEnc = spCertEnc;
+ }
+
+ public void setSPCertSig(SPCertSig spCertSig) {
+ this.spCertSig = spCertSig;
+ }
+
+ public void setSPID(SPID spID) {
+ this.spID = spID;
+ }
+
+ public List<XMLObject> getOrderedChildren() {
+ ArrayList<XMLObject> children = new ArrayList<XMLObject>();
+
+ if (spID != null) {
+ children.add(spID);
+ }
+
+ if (spCertSig != null) {
+ children.add(spCertSig);
+ }
+
+ if (spCertEnc != null) {
+ children.add(spCertEnc);
+ }
+
+ if (spAuthRequest != null) {
+ children.add(spAuthRequest);
+ }
+
+ if (children.size() == 0) {
+ return null;
+ }
+
+ return Collections.unmodifiableList(children);
+ }
+
+
+
+
+
+
+}
diff --git a/id/server/stork-saml-engine/src/main/java/eu/stork/vidp/messages/stork/impl/SPInformationMarshaller.java b/id/server/stork-saml-engine/src/main/java/eu/stork/vidp/messages/stork/impl/SPInformationMarshaller.java
new file mode 100644
index 000000000..aea91af92
--- /dev/null
+++ b/id/server/stork-saml-engine/src/main/java/eu/stork/vidp/messages/stork/impl/SPInformationMarshaller.java
@@ -0,0 +1,35 @@
+/*
+ * Copyright 2011 by Graz University of Technology, Austria
+ * The Austrian STORK Modules have been developed by the E-Government
+ * Innovation Center EGIZ, a joint initiative of the Federal Chancellery
+ * Austria and Graz University of Technology.
+ *
+ * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by
+ * the European Commission - subsequent versions of the EUPL (the "Licence");
+ * You may not use this work except in compliance with the Licence.
+ * You may obtain a copy of the Licence at:
+ * http://www.osor.eu/eupl/
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the Licence is distributed on an "AS IS" basis,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the Licence for the specific language governing permissions and
+ * limitations under the Licence.
+ *
+ * This product combines work with different licenses. See the "NOTICE" text
+ * file for details on the various modules and licenses.
+ * The "NOTICE" text file is part of the distribution. Any derivative works
+ * that you distribute must include a readable copy of the "NOTICE" text file.
+ */
+
+
+package eu.stork.vidp.messages.stork.impl;
+
+import org.opensaml.xml.io.BaseXMLObjectMarshaller;
+
+public class SPInformationMarshaller extends
+ BaseXMLObjectMarshaller {
+
+
+
+}
diff --git a/id/server/stork-saml-engine/src/main/java/eu/stork/vidp/messages/stork/impl/SPInformationUnmarshaller.java b/id/server/stork-saml-engine/src/main/java/eu/stork/vidp/messages/stork/impl/SPInformationUnmarshaller.java
new file mode 100644
index 000000000..e7f9bd98e
--- /dev/null
+++ b/id/server/stork-saml-engine/src/main/java/eu/stork/vidp/messages/stork/impl/SPInformationUnmarshaller.java
@@ -0,0 +1,61 @@
+/*
+ * Copyright 2011 by Graz University of Technology, Austria
+ * The Austrian STORK Modules have been developed by the E-Government
+ * Innovation Center EGIZ, a joint initiative of the Federal Chancellery
+ * Austria and Graz University of Technology.
+ *
+ * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by
+ * the European Commission - subsequent versions of the EUPL (the "Licence");
+ * You may not use this work except in compliance with the Licence.
+ * You may obtain a copy of the Licence at:
+ * http://www.osor.eu/eupl/
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the Licence is distributed on an "AS IS" basis,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the Licence for the specific language governing permissions and
+ * limitations under the Licence.
+ *
+ * This product combines work with different licenses. See the "NOTICE" text
+ * file for details on the various modules and licenses.
+ * The "NOTICE" text file is part of the distribution. Any derivative works
+ * that you distribute must include a readable copy of the "NOTICE" text file.
+ */
+
+
+package eu.stork.vidp.messages.stork.impl;
+
+import org.opensaml.xml.XMLObject;
+import org.opensaml.xml.io.BaseXMLObjectUnmarshaller;
+import org.opensaml.xml.io.UnmarshallingException;
+
+import eu.stork.vidp.messages.stork.SPAuthRequest;
+import eu.stork.vidp.messages.stork.SPCertEnc;
+import eu.stork.vidp.messages.stork.SPCertSig;
+import eu.stork.vidp.messages.stork.SPID;
+import eu.stork.vidp.messages.stork.SPInformation;
+
+public class SPInformationUnmarshaller extends
+ BaseXMLObjectUnmarshaller {
+
+ @Override
+ protected void processChildElement(XMLObject parentXMLObject,
+ XMLObject childXMLObject) throws UnmarshallingException {
+ SPInformation spInformation = (SPInformation) parentXMLObject;
+
+ if (childXMLObject instanceof SPID) {
+ spInformation.setSPID((SPID) childXMLObject);
+ } else if (childXMLObject instanceof SPCertSig) {
+ spInformation.setSPCertSig((SPCertSig) childXMLObject);
+ } if (childXMLObject instanceof SPCertEnc) {
+ spInformation.setSPCertEnc((SPCertEnc) childXMLObject);
+ } if (childXMLObject instanceof SPAuthRequest) {
+ spInformation.setSPAuthRequest((SPAuthRequest) childXMLObject);
+ } else {
+ super.processChildElement(parentXMLObject, childXMLObject);
+ }
+ }
+
+
+
+}
diff --git a/id/server/stork-saml-engine/src/main/java/eu/stork/vidp/messages/stork/impl/SpApplicationBuilder.java b/id/server/stork-saml-engine/src/main/java/eu/stork/vidp/messages/stork/impl/SpApplicationBuilder.java
new file mode 100644
index 000000000..596d77908
--- /dev/null
+++ b/id/server/stork-saml-engine/src/main/java/eu/stork/vidp/messages/stork/impl/SpApplicationBuilder.java
@@ -0,0 +1,46 @@
+/*
+ * Copyright 2011 by Graz University of Technology, Austria
+ * The Austrian STORK Modules have been developed by the E-Government
+ * Innovation Center EGIZ, a joint initiative of the Federal Chancellery
+ * Austria and Graz University of Technology.
+ *
+ * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by
+ * the European Commission - subsequent versions of the EUPL (the "Licence");
+ * You may not use this work except in compliance with the Licence.
+ * You may obtain a copy of the Licence at:
+ * http://www.osor.eu/eupl/
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the Licence is distributed on an "AS IS" basis,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the Licence for the specific language governing permissions and
+ * limitations under the Licence.
+ *
+ * This product combines work with different licenses. See the "NOTICE" text
+ * file for details on the various modules and licenses.
+ * The "NOTICE" text file is part of the distribution. Any derivative works
+ * that you distribute must include a readable copy of the "NOTICE" text file.
+ */
+
+
+package eu.stork.vidp.messages.stork.impl;
+
+import org.opensaml.xml.AbstractXMLObjectBuilder;
+
+import eu.stork.vidp.messages.common.STORKConstants;
+import eu.stork.vidp.messages.stork.SpApplication;
+
+public class SpApplicationBuilder extends
+ AbstractXMLObjectBuilder<SpApplication> {
+
+ @Override
+ public SpApplication buildObject(String namespaceURI, String localName,
+ String namespacePrefix) {
+ return new SpApplicationImpl(namespaceURI, localName, namespacePrefix);
+ }
+
+ public SpApplication buildObject() {
+ return buildObject(STORKConstants.STORK10_NS, SpApplication.DEFAULT_ELEMENT_LOCAL_NAME, STORKConstants.STORK10_PREFIX);
+ }
+
+}
diff --git a/id/server/stork-saml-engine/src/main/java/eu/stork/vidp/messages/stork/impl/SpApplicationImpl.java b/id/server/stork-saml-engine/src/main/java/eu/stork/vidp/messages/stork/impl/SpApplicationImpl.java
new file mode 100644
index 000000000..d9c3b3ad2
--- /dev/null
+++ b/id/server/stork-saml-engine/src/main/java/eu/stork/vidp/messages/stork/impl/SpApplicationImpl.java
@@ -0,0 +1,60 @@
+/*
+ * Copyright 2011 by Graz University of Technology, Austria
+ * The Austrian STORK Modules have been developed by the E-Government
+ * Innovation Center EGIZ, a joint initiative of the Federal Chancellery
+ * Austria and Graz University of Technology.
+ *
+ * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by
+ * the European Commission - subsequent versions of the EUPL (the "Licence");
+ * You may not use this work except in compliance with the Licence.
+ * You may obtain a copy of the Licence at:
+ * http://www.osor.eu/eupl/
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the Licence is distributed on an "AS IS" basis,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the Licence for the specific language governing permissions and
+ * limitations under the Licence.
+ *
+ * This product combines work with different licenses. See the "NOTICE" text
+ * file for details on the various modules and licenses.
+ * The "NOTICE" text file is part of the distribution. Any derivative works
+ * that you distribute must include a readable copy of the "NOTICE" text file.
+ */
+
+
+package eu.stork.vidp.messages.stork.impl;
+
+import java.util.Collections;
+import java.util.List;
+
+import org.opensaml.xml.XMLObject;
+import org.opensaml.xml.validation.AbstractValidatingXMLObject;
+
+import eu.stork.vidp.messages.stork.SpApplication;
+
+public class SpApplicationImpl extends
+ AbstractValidatingXMLObject implements
+ SpApplication {
+
+ private String spApplication;
+
+ protected SpApplicationImpl(String namespaceURI,
+ String elementLocalName, String namespacePrefix) {
+ super(namespaceURI, elementLocalName, namespacePrefix);
+ }
+
+ public String getValue() {
+ return spApplication;
+ }
+
+ public void setValue(String spApplication) {
+ this.spApplication = spApplication;
+ }
+
+ public List<XMLObject> getOrderedChildren() {
+ return Collections.emptyList();
+ }
+
+
+}
diff --git a/id/server/stork-saml-engine/src/main/java/eu/stork/vidp/messages/stork/impl/SpApplicationMarshaller.java b/id/server/stork-saml-engine/src/main/java/eu/stork/vidp/messages/stork/impl/SpApplicationMarshaller.java
new file mode 100644
index 000000000..1b484e338
--- /dev/null
+++ b/id/server/stork-saml-engine/src/main/java/eu/stork/vidp/messages/stork/impl/SpApplicationMarshaller.java
@@ -0,0 +1,45 @@
+/*
+ * Copyright 2011 by Graz University of Technology, Austria
+ * The Austrian STORK Modules have been developed by the E-Government
+ * Innovation Center EGIZ, a joint initiative of the Federal Chancellery
+ * Austria and Graz University of Technology.
+ *
+ * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by
+ * the European Commission - subsequent versions of the EUPL (the "Licence");
+ * You may not use this work except in compliance with the Licence.
+ * You may obtain a copy of the Licence at:
+ * http://www.osor.eu/eupl/
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the Licence is distributed on an "AS IS" basis,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the Licence for the specific language governing permissions and
+ * limitations under the Licence.
+ *
+ * This product combines work with different licenses. See the "NOTICE" text
+ * file for details on the various modules and licenses.
+ * The "NOTICE" text file is part of the distribution. Any derivative works
+ * that you distribute must include a readable copy of the "NOTICE" text file.
+ */
+
+
+package eu.stork.vidp.messages.stork.impl;
+
+import org.opensaml.xml.XMLObject;
+import org.opensaml.xml.io.BaseXMLObjectMarshaller;
+import org.opensaml.xml.io.MarshallingException;
+import org.opensaml.xml.util.XMLHelper;
+import org.w3c.dom.Element;
+
+import eu.stork.vidp.messages.stork.SpApplication;
+
+public class SpApplicationMarshaller extends
+ BaseXMLObjectMarshaller {
+
+ /** {@inheritDoc} */
+ protected void marshallElementContent(XMLObject xmlObject, Element domElement) throws MarshallingException {
+ SpApplication spApplication = (SpApplication) xmlObject;
+ XMLHelper.appendTextContent(domElement, spApplication.getValue());
+ }
+
+}
diff --git a/id/server/stork-saml-engine/src/main/java/eu/stork/vidp/messages/stork/impl/SpApplicationUnmarshaller.java b/id/server/stork-saml-engine/src/main/java/eu/stork/vidp/messages/stork/impl/SpApplicationUnmarshaller.java
new file mode 100644
index 000000000..70aef824a
--- /dev/null
+++ b/id/server/stork-saml-engine/src/main/java/eu/stork/vidp/messages/stork/impl/SpApplicationUnmarshaller.java
@@ -0,0 +1,45 @@
+/*
+ * Copyright 2011 by Graz University of Technology, Austria
+ * The Austrian STORK Modules have been developed by the E-Government
+ * Innovation Center EGIZ, a joint initiative of the Federal Chancellery
+ * Austria and Graz University of Technology.
+ *
+ * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by
+ * the European Commission - subsequent versions of the EUPL (the "Licence");
+ * You may not use this work except in compliance with the Licence.
+ * You may obtain a copy of the Licence at:
+ * http://www.osor.eu/eupl/
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the Licence is distributed on an "AS IS" basis,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the Licence for the specific language governing permissions and
+ * limitations under the Licence.
+ *
+ * This product combines work with different licenses. See the "NOTICE" text
+ * file for details on the various modules and licenses.
+ * The "NOTICE" text file is part of the distribution. Any derivative works
+ * that you distribute must include a readable copy of the "NOTICE" text file.
+ */
+
+
+package eu.stork.vidp.messages.stork.impl;
+
+import org.opensaml.xml.XMLObject;
+import org.opensaml.xml.io.BaseXMLObjectUnmarshaller;
+
+import eu.stork.vidp.messages.stork.SpApplication;
+
+public class SpApplicationUnmarshaller extends
+ BaseXMLObjectUnmarshaller {
+
+ @Override
+ protected void processElementContent(XMLObject xmlObject,
+ String elementContent) {
+ SpApplication spSector = (SpApplication) xmlObject;
+ spSector.setValue(elementContent);
+ }
+
+
+
+}
diff --git a/id/server/stork-saml-engine/src/main/java/eu/stork/vidp/messages/stork/impl/SpCountryBuilder.java b/id/server/stork-saml-engine/src/main/java/eu/stork/vidp/messages/stork/impl/SpCountryBuilder.java
new file mode 100644
index 000000000..29c765128
--- /dev/null
+++ b/id/server/stork-saml-engine/src/main/java/eu/stork/vidp/messages/stork/impl/SpCountryBuilder.java
@@ -0,0 +1,46 @@
+/*
+ * Copyright 2011 by Graz University of Technology, Austria
+ * The Austrian STORK Modules have been developed by the E-Government
+ * Innovation Center EGIZ, a joint initiative of the Federal Chancellery
+ * Austria and Graz University of Technology.
+ *
+ * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by
+ * the European Commission - subsequent versions of the EUPL (the "Licence");
+ * You may not use this work except in compliance with the Licence.
+ * You may obtain a copy of the Licence at:
+ * http://www.osor.eu/eupl/
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the Licence is distributed on an "AS IS" basis,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the Licence for the specific language governing permissions and
+ * limitations under the Licence.
+ *
+ * This product combines work with different licenses. See the "NOTICE" text
+ * file for details on the various modules and licenses.
+ * The "NOTICE" text file is part of the distribution. Any derivative works
+ * that you distribute must include a readable copy of the "NOTICE" text file.
+ */
+
+
+package eu.stork.vidp.messages.stork.impl;
+
+import org.opensaml.xml.AbstractXMLObjectBuilder;
+
+import eu.stork.vidp.messages.common.STORKConstants;
+import eu.stork.vidp.messages.stork.SpCountry;
+
+public class SpCountryBuilder extends
+ AbstractXMLObjectBuilder<SpCountry> {
+
+ @Override
+ public SpCountry buildObject(String namespaceURI, String localName,
+ String namespacePrefix) {
+ return new SpCountryImpl(namespaceURI, localName, namespacePrefix);
+ }
+
+ public SpCountry buildObject() {
+ return buildObject(STORKConstants.STORK10_NS, SpCountry.DEFAULT_ELEMENT_LOCAL_NAME, STORKConstants.STORK10_PREFIX);
+ }
+
+}
diff --git a/id/server/stork-saml-engine/src/main/java/eu/stork/vidp/messages/stork/impl/SpCountryImpl.java b/id/server/stork-saml-engine/src/main/java/eu/stork/vidp/messages/stork/impl/SpCountryImpl.java
new file mode 100644
index 000000000..66e2e81a6
--- /dev/null
+++ b/id/server/stork-saml-engine/src/main/java/eu/stork/vidp/messages/stork/impl/SpCountryImpl.java
@@ -0,0 +1,60 @@
+/*
+ * Copyright 2011 by Graz University of Technology, Austria
+ * The Austrian STORK Modules have been developed by the E-Government
+ * Innovation Center EGIZ, a joint initiative of the Federal Chancellery
+ * Austria and Graz University of Technology.
+ *
+ * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by
+ * the European Commission - subsequent versions of the EUPL (the "Licence");
+ * You may not use this work except in compliance with the Licence.
+ * You may obtain a copy of the Licence at:
+ * http://www.osor.eu/eupl/
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the Licence is distributed on an "AS IS" basis,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the Licence for the specific language governing permissions and
+ * limitations under the Licence.
+ *
+ * This product combines work with different licenses. See the "NOTICE" text
+ * file for details on the various modules and licenses.
+ * The "NOTICE" text file is part of the distribution. Any derivative works
+ * that you distribute must include a readable copy of the "NOTICE" text file.
+ */
+
+
+package eu.stork.vidp.messages.stork.impl;
+
+import java.util.Collections;
+import java.util.List;
+
+import org.opensaml.xml.XMLObject;
+import org.opensaml.xml.validation.AbstractValidatingXMLObject;
+
+import eu.stork.vidp.messages.stork.SpCountry;
+
+public class SpCountryImpl extends
+ AbstractValidatingXMLObject implements
+ SpCountry {
+
+ private String spCountry;
+
+ protected SpCountryImpl(String namespaceURI,
+ String elementLocalName, String namespacePrefix) {
+ super(namespaceURI, elementLocalName, namespacePrefix);
+ }
+
+ public String getValue() {
+ return spCountry;
+ }
+
+ public void setValue(String spCountry) {
+ this.spCountry = spCountry;
+ }
+
+ public List<XMLObject> getOrderedChildren() {
+ return Collections.emptyList();
+ }
+
+
+}
diff --git a/id/server/stork-saml-engine/src/main/java/eu/stork/vidp/messages/stork/impl/SpCountryMarshaller.java b/id/server/stork-saml-engine/src/main/java/eu/stork/vidp/messages/stork/impl/SpCountryMarshaller.java
new file mode 100644
index 000000000..60a1f7838
--- /dev/null
+++ b/id/server/stork-saml-engine/src/main/java/eu/stork/vidp/messages/stork/impl/SpCountryMarshaller.java
@@ -0,0 +1,45 @@
+/*
+ * Copyright 2011 by Graz University of Technology, Austria
+ * The Austrian STORK Modules have been developed by the E-Government
+ * Innovation Center EGIZ, a joint initiative of the Federal Chancellery
+ * Austria and Graz University of Technology.
+ *
+ * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by
+ * the European Commission - subsequent versions of the EUPL (the "Licence");
+ * You may not use this work except in compliance with the Licence.
+ * You may obtain a copy of the Licence at:
+ * http://www.osor.eu/eupl/
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the Licence is distributed on an "AS IS" basis,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the Licence for the specific language governing permissions and
+ * limitations under the Licence.
+ *
+ * This product combines work with different licenses. See the "NOTICE" text
+ * file for details on the various modules and licenses.
+ * The "NOTICE" text file is part of the distribution. Any derivative works
+ * that you distribute must include a readable copy of the "NOTICE" text file.
+ */
+
+
+package eu.stork.vidp.messages.stork.impl;
+
+import org.opensaml.xml.XMLObject;
+import org.opensaml.xml.io.BaseXMLObjectMarshaller;
+import org.opensaml.xml.io.MarshallingException;
+import org.opensaml.xml.util.XMLHelper;
+import org.w3c.dom.Element;
+
+import eu.stork.vidp.messages.stork.SpCountry;
+
+public class SpCountryMarshaller extends
+ BaseXMLObjectMarshaller {
+
+ /** {@inheritDoc} */
+ protected void marshallElementContent(XMLObject xmlObject, Element domElement) throws MarshallingException {
+ SpCountry spCountry = (SpCountry) xmlObject;
+ XMLHelper.appendTextContent(domElement, spCountry.getValue());
+ }
+
+}
diff --git a/id/server/stork-saml-engine/src/main/java/eu/stork/vidp/messages/stork/impl/SpCountryUnmarshaller.java b/id/server/stork-saml-engine/src/main/java/eu/stork/vidp/messages/stork/impl/SpCountryUnmarshaller.java
new file mode 100644
index 000000000..66558248b
--- /dev/null
+++ b/id/server/stork-saml-engine/src/main/java/eu/stork/vidp/messages/stork/impl/SpCountryUnmarshaller.java
@@ -0,0 +1,45 @@
+/*
+ * Copyright 2011 by Graz University of Technology, Austria
+ * The Austrian STORK Modules have been developed by the E-Government
+ * Innovation Center EGIZ, a joint initiative of the Federal Chancellery
+ * Austria and Graz University of Technology.
+ *
+ * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by
+ * the European Commission - subsequent versions of the EUPL (the "Licence");
+ * You may not use this work except in compliance with the Licence.
+ * You may obtain a copy of the Licence at:
+ * http://www.osor.eu/eupl/
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the Licence is distributed on an "AS IS" basis,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the Licence for the specific language governing permissions and
+ * limitations under the Licence.
+ *
+ * This product combines work with different licenses. See the "NOTICE" text
+ * file for details on the various modules and licenses.
+ * The "NOTICE" text file is part of the distribution. Any derivative works
+ * that you distribute must include a readable copy of the "NOTICE" text file.
+ */
+
+
+package eu.stork.vidp.messages.stork.impl;
+
+import org.opensaml.xml.XMLObject;
+import org.opensaml.xml.io.BaseXMLObjectUnmarshaller;
+
+import eu.stork.vidp.messages.stork.SpCountry;
+
+public class SpCountryUnmarshaller extends
+ BaseXMLObjectUnmarshaller {
+
+ @Override
+ protected void processElementContent(XMLObject xmlObject,
+ String elementContent) {
+ SpCountry spCountry = (SpCountry) xmlObject;
+ spCountry.setValue(elementContent);
+ }
+
+
+
+}
diff --git a/id/server/stork-saml-engine/src/main/java/eu/stork/vidp/messages/stork/impl/SpInstitutionBuilder.java b/id/server/stork-saml-engine/src/main/java/eu/stork/vidp/messages/stork/impl/SpInstitutionBuilder.java
new file mode 100644
index 000000000..4ddc48d53
--- /dev/null
+++ b/id/server/stork-saml-engine/src/main/java/eu/stork/vidp/messages/stork/impl/SpInstitutionBuilder.java
@@ -0,0 +1,46 @@
+/*
+ * Copyright 2011 by Graz University of Technology, Austria
+ * The Austrian STORK Modules have been developed by the E-Government
+ * Innovation Center EGIZ, a joint initiative of the Federal Chancellery
+ * Austria and Graz University of Technology.
+ *
+ * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by
+ * the European Commission - subsequent versions of the EUPL (the "Licence");
+ * You may not use this work except in compliance with the Licence.
+ * You may obtain a copy of the Licence at:
+ * http://www.osor.eu/eupl/
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the Licence is distributed on an "AS IS" basis,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the Licence for the specific language governing permissions and
+ * limitations under the Licence.
+ *
+ * This product combines work with different licenses. See the "NOTICE" text
+ * file for details on the various modules and licenses.
+ * The "NOTICE" text file is part of the distribution. Any derivative works
+ * that you distribute must include a readable copy of the "NOTICE" text file.
+ */
+
+
+package eu.stork.vidp.messages.stork.impl;
+
+import org.opensaml.xml.AbstractXMLObjectBuilder;
+
+import eu.stork.vidp.messages.common.STORKConstants;
+import eu.stork.vidp.messages.stork.SpInstitution;
+
+public class SpInstitutionBuilder extends
+ AbstractXMLObjectBuilder<SpInstitution> {
+
+ @Override
+ public SpInstitution buildObject(String namespaceURI, String localName,
+ String namespacePrefix) {
+ return new SpInstitutionImpl(namespaceURI, localName, namespacePrefix);
+ }
+
+ public SpInstitution buildObject() {
+ return buildObject(STORKConstants.STORK10_NS, SpInstitution.DEFAULT_ELEMENT_LOCAL_NAME, STORKConstants.STORK10_PREFIX);
+ }
+
+}
diff --git a/id/server/stork-saml-engine/src/main/java/eu/stork/vidp/messages/stork/impl/SpInstitutionImpl.java b/id/server/stork-saml-engine/src/main/java/eu/stork/vidp/messages/stork/impl/SpInstitutionImpl.java
new file mode 100644
index 000000000..8d9753328
--- /dev/null
+++ b/id/server/stork-saml-engine/src/main/java/eu/stork/vidp/messages/stork/impl/SpInstitutionImpl.java
@@ -0,0 +1,60 @@
+/*
+ * Copyright 2011 by Graz University of Technology, Austria
+ * The Austrian STORK Modules have been developed by the E-Government
+ * Innovation Center EGIZ, a joint initiative of the Federal Chancellery
+ * Austria and Graz University of Technology.
+ *
+ * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by
+ * the European Commission - subsequent versions of the EUPL (the "Licence");
+ * You may not use this work except in compliance with the Licence.
+ * You may obtain a copy of the Licence at:
+ * http://www.osor.eu/eupl/
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the Licence is distributed on an "AS IS" basis,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the Licence for the specific language governing permissions and
+ * limitations under the Licence.
+ *
+ * This product combines work with different licenses. See the "NOTICE" text
+ * file for details on the various modules and licenses.
+ * The "NOTICE" text file is part of the distribution. Any derivative works
+ * that you distribute must include a readable copy of the "NOTICE" text file.
+ */
+
+
+package eu.stork.vidp.messages.stork.impl;
+
+import java.util.Collections;
+import java.util.List;
+
+import org.opensaml.xml.XMLObject;
+import org.opensaml.xml.validation.AbstractValidatingXMLObject;
+
+import eu.stork.vidp.messages.stork.SpInstitution;
+
+public class SpInstitutionImpl extends
+ AbstractValidatingXMLObject implements
+ SpInstitution {
+
+ private String spInstitution;
+
+ protected SpInstitutionImpl(String namespaceURI,
+ String elementLocalName, String namespacePrefix) {
+ super(namespaceURI, elementLocalName, namespacePrefix);
+ }
+
+ public String getValue() {
+ return spInstitution;
+ }
+
+ public void setValue(String spInstitution) {
+ this.spInstitution = spInstitution;
+ }
+
+ public List<XMLObject> getOrderedChildren() {
+ return Collections.emptyList();
+ }
+
+
+}
diff --git a/id/server/stork-saml-engine/src/main/java/eu/stork/vidp/messages/stork/impl/SpInstitutionMarshaller.java b/id/server/stork-saml-engine/src/main/java/eu/stork/vidp/messages/stork/impl/SpInstitutionMarshaller.java
new file mode 100644
index 000000000..ec150523d
--- /dev/null
+++ b/id/server/stork-saml-engine/src/main/java/eu/stork/vidp/messages/stork/impl/SpInstitutionMarshaller.java
@@ -0,0 +1,45 @@
+/*
+ * Copyright 2011 by Graz University of Technology, Austria
+ * The Austrian STORK Modules have been developed by the E-Government
+ * Innovation Center EGIZ, a joint initiative of the Federal Chancellery
+ * Austria and Graz University of Technology.
+ *
+ * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by
+ * the European Commission - subsequent versions of the EUPL (the "Licence");
+ * You may not use this work except in compliance with the Licence.
+ * You may obtain a copy of the Licence at:
+ * http://www.osor.eu/eupl/
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the Licence is distributed on an "AS IS" basis,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the Licence for the specific language governing permissions and
+ * limitations under the Licence.
+ *
+ * This product combines work with different licenses. See the "NOTICE" text
+ * file for details on the various modules and licenses.
+ * The "NOTICE" text file is part of the distribution. Any derivative works
+ * that you distribute must include a readable copy of the "NOTICE" text file.
+ */
+
+
+package eu.stork.vidp.messages.stork.impl;
+
+import org.opensaml.xml.XMLObject;
+import org.opensaml.xml.io.BaseXMLObjectMarshaller;
+import org.opensaml.xml.io.MarshallingException;
+import org.opensaml.xml.util.XMLHelper;
+import org.w3c.dom.Element;
+
+import eu.stork.vidp.messages.stork.SpInstitution;
+
+public class SpInstitutionMarshaller extends
+ BaseXMLObjectMarshaller {
+
+ /** {@inheritDoc} */
+ protected void marshallElementContent(XMLObject xmlObject, Element domElement) throws MarshallingException {
+ SpInstitution spInstitution = (SpInstitution) xmlObject;
+ XMLHelper.appendTextContent(domElement, spInstitution.getValue());
+ }
+
+}
diff --git a/id/server/stork-saml-engine/src/main/java/eu/stork/vidp/messages/stork/impl/SpInstitutionUnmarshaller.java b/id/server/stork-saml-engine/src/main/java/eu/stork/vidp/messages/stork/impl/SpInstitutionUnmarshaller.java
new file mode 100644
index 000000000..34fa89281
--- /dev/null
+++ b/id/server/stork-saml-engine/src/main/java/eu/stork/vidp/messages/stork/impl/SpInstitutionUnmarshaller.java
@@ -0,0 +1,45 @@
+/*
+ * Copyright 2011 by Graz University of Technology, Austria
+ * The Austrian STORK Modules have been developed by the E-Government
+ * Innovation Center EGIZ, a joint initiative of the Federal Chancellery
+ * Austria and Graz University of Technology.
+ *
+ * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by
+ * the European Commission - subsequent versions of the EUPL (the "Licence");
+ * You may not use this work except in compliance with the Licence.
+ * You may obtain a copy of the Licence at:
+ * http://www.osor.eu/eupl/
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the Licence is distributed on an "AS IS" basis,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the Licence for the specific language governing permissions and
+ * limitations under the Licence.
+ *
+ * This product combines work with different licenses. See the "NOTICE" text
+ * file for details on the various modules and licenses.
+ * The "NOTICE" text file is part of the distribution. Any derivative works
+ * that you distribute must include a readable copy of the "NOTICE" text file.
+ */
+
+
+package eu.stork.vidp.messages.stork.impl;
+
+import org.opensaml.xml.XMLObject;
+import org.opensaml.xml.io.BaseXMLObjectUnmarshaller;
+
+import eu.stork.vidp.messages.stork.SpInstitution;
+
+public class SpInstitutionUnmarshaller extends
+ BaseXMLObjectUnmarshaller {
+
+ @Override
+ protected void processElementContent(XMLObject xmlObject,
+ String elementContent) {
+ SpInstitution spInstitution = (SpInstitution) xmlObject;
+ spInstitution.setValue(elementContent);
+ }
+
+
+
+}
diff --git a/id/server/stork-saml-engine/src/main/java/eu/stork/vidp/messages/stork/impl/SpSectorBuilder.java b/id/server/stork-saml-engine/src/main/java/eu/stork/vidp/messages/stork/impl/SpSectorBuilder.java
new file mode 100644
index 000000000..08daa3c7b
--- /dev/null
+++ b/id/server/stork-saml-engine/src/main/java/eu/stork/vidp/messages/stork/impl/SpSectorBuilder.java
@@ -0,0 +1,47 @@
+/*
+ * Copyright 2011 by Graz University of Technology, Austria
+ * The Austrian STORK Modules have been developed by the E-Government
+ * Innovation Center EGIZ, a joint initiative of the Federal Chancellery
+ * Austria and Graz University of Technology.
+ *
+ * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by
+ * the European Commission - subsequent versions of the EUPL (the "Licence");
+ * You may not use this work except in compliance with the Licence.
+ * You may obtain a copy of the Licence at:
+ * http://www.osor.eu/eupl/
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the Licence is distributed on an "AS IS" basis,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the Licence for the specific language governing permissions and
+ * limitations under the Licence.
+ *
+ * This product combines work with different licenses. See the "NOTICE" text
+ * file for details on the various modules and licenses.
+ * The "NOTICE" text file is part of the distribution. Any derivative works
+ * that you distribute must include a readable copy of the "NOTICE" text file.
+ */
+
+
+package eu.stork.vidp.messages.stork.impl;
+
+import org.opensaml.xml.AbstractXMLObjectBuilder;
+
+import eu.stork.vidp.messages.common.STORKConstants;
+import eu.stork.vidp.messages.stork.CitizenCountryCode;
+import eu.stork.vidp.messages.stork.SpSector;
+
+public class SpSectorBuilder extends
+ AbstractXMLObjectBuilder<SpSector> {
+
+ @Override
+ public SpSector buildObject(String namespaceURI, String localName,
+ String namespacePrefix) {
+ return new SpSectorImpl(namespaceURI, localName, namespacePrefix);
+ }
+
+ public SpSector buildObject() {
+ return buildObject(STORKConstants.STORK10_NS, SpSector.DEFAULT_ELEMENT_LOCAL_NAME, STORKConstants.STORK10_PREFIX);
+ }
+
+}
diff --git a/id/server/stork-saml-engine/src/main/java/eu/stork/vidp/messages/stork/impl/SpSectorImpl.java b/id/server/stork-saml-engine/src/main/java/eu/stork/vidp/messages/stork/impl/SpSectorImpl.java
new file mode 100644
index 000000000..f52d2c83d
--- /dev/null
+++ b/id/server/stork-saml-engine/src/main/java/eu/stork/vidp/messages/stork/impl/SpSectorImpl.java
@@ -0,0 +1,60 @@
+/*
+ * Copyright 2011 by Graz University of Technology, Austria
+ * The Austrian STORK Modules have been developed by the E-Government
+ * Innovation Center EGIZ, a joint initiative of the Federal Chancellery
+ * Austria and Graz University of Technology.
+ *
+ * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by
+ * the European Commission - subsequent versions of the EUPL (the "Licence");
+ * You may not use this work except in compliance with the Licence.
+ * You may obtain a copy of the Licence at:
+ * http://www.osor.eu/eupl/
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the Licence is distributed on an "AS IS" basis,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the Licence for the specific language governing permissions and
+ * limitations under the Licence.
+ *
+ * This product combines work with different licenses. See the "NOTICE" text
+ * file for details on the various modules and licenses.
+ * The "NOTICE" text file is part of the distribution. Any derivative works
+ * that you distribute must include a readable copy of the "NOTICE" text file.
+ */
+
+
+package eu.stork.vidp.messages.stork.impl;
+
+import java.util.Collections;
+import java.util.List;
+
+import org.opensaml.xml.XMLObject;
+import org.opensaml.xml.validation.AbstractValidatingXMLObject;
+
+import eu.stork.vidp.messages.stork.SpSector;
+
+public class SpSectorImpl extends
+ AbstractValidatingXMLObject implements
+ SpSector {
+
+ private String spSector;
+
+ protected SpSectorImpl(String namespaceURI,
+ String elementLocalName, String namespacePrefix) {
+ super(namespaceURI, elementLocalName, namespacePrefix);
+ }
+
+ public String getValue() {
+ return spSector;
+ }
+
+ public void setValue(String spSector) {
+ this.spSector = spSector;
+ }
+
+ public List<XMLObject> getOrderedChildren() {
+ return Collections.emptyList();
+ }
+
+
+}
diff --git a/id/server/stork-saml-engine/src/main/java/eu/stork/vidp/messages/stork/impl/SpSectorMarshaller.java b/id/server/stork-saml-engine/src/main/java/eu/stork/vidp/messages/stork/impl/SpSectorMarshaller.java
new file mode 100644
index 000000000..78772c956
--- /dev/null
+++ b/id/server/stork-saml-engine/src/main/java/eu/stork/vidp/messages/stork/impl/SpSectorMarshaller.java
@@ -0,0 +1,45 @@
+/*
+ * Copyright 2011 by Graz University of Technology, Austria
+ * The Austrian STORK Modules have been developed by the E-Government
+ * Innovation Center EGIZ, a joint initiative of the Federal Chancellery
+ * Austria and Graz University of Technology.
+ *
+ * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by
+ * the European Commission - subsequent versions of the EUPL (the "Licence");
+ * You may not use this work except in compliance with the Licence.
+ * You may obtain a copy of the Licence at:
+ * http://www.osor.eu/eupl/
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the Licence is distributed on an "AS IS" basis,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the Licence for the specific language governing permissions and
+ * limitations under the Licence.
+ *
+ * This product combines work with different licenses. See the "NOTICE" text
+ * file for details on the various modules and licenses.
+ * The "NOTICE" text file is part of the distribution. Any derivative works
+ * that you distribute must include a readable copy of the "NOTICE" text file.
+ */
+
+
+package eu.stork.vidp.messages.stork.impl;
+
+import org.opensaml.xml.XMLObject;
+import org.opensaml.xml.io.BaseXMLObjectMarshaller;
+import org.opensaml.xml.io.MarshallingException;
+import org.opensaml.xml.util.XMLHelper;
+import org.w3c.dom.Element;
+
+import eu.stork.vidp.messages.stork.SpSector;
+
+public class SpSectorMarshaller extends
+ BaseXMLObjectMarshaller {
+
+ /** {@inheritDoc} */
+ protected void marshallElementContent(XMLObject xmlObject, Element domElement) throws MarshallingException {
+ SpSector spSector = (SpSector) xmlObject;
+ XMLHelper.appendTextContent(domElement, spSector.getValue());
+ }
+
+}
diff --git a/id/server/stork-saml-engine/src/main/java/eu/stork/vidp/messages/stork/impl/SpSectorUnmarshaller.java b/id/server/stork-saml-engine/src/main/java/eu/stork/vidp/messages/stork/impl/SpSectorUnmarshaller.java
new file mode 100644
index 000000000..ea65413a2
--- /dev/null
+++ b/id/server/stork-saml-engine/src/main/java/eu/stork/vidp/messages/stork/impl/SpSectorUnmarshaller.java
@@ -0,0 +1,45 @@
+/*
+ * Copyright 2011 by Graz University of Technology, Austria
+ * The Austrian STORK Modules have been developed by the E-Government
+ * Innovation Center EGIZ, a joint initiative of the Federal Chancellery
+ * Austria and Graz University of Technology.
+ *
+ * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by
+ * the European Commission - subsequent versions of the EUPL (the "Licence");
+ * You may not use this work except in compliance with the Licence.
+ * You may obtain a copy of the Licence at:
+ * http://www.osor.eu/eupl/
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the Licence is distributed on an "AS IS" basis,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the Licence for the specific language governing permissions and
+ * limitations under the Licence.
+ *
+ * This product combines work with different licenses. See the "NOTICE" text
+ * file for details on the various modules and licenses.
+ * The "NOTICE" text file is part of the distribution. Any derivative works
+ * that you distribute must include a readable copy of the "NOTICE" text file.
+ */
+
+
+package eu.stork.vidp.messages.stork.impl;
+
+import org.opensaml.xml.XMLObject;
+import org.opensaml.xml.io.BaseXMLObjectUnmarshaller;
+
+import eu.stork.vidp.messages.stork.SpSector;
+
+public class SpSectorUnmarshaller extends
+ BaseXMLObjectUnmarshaller {
+
+ @Override
+ protected void processElementContent(XMLObject xmlObject,
+ String elementContent) {
+ SpSector spSector = (SpSector) xmlObject;
+ spSector.setValue(elementContent);
+ }
+
+
+
+}
diff --git a/id/server/stork-saml-engine/src/main/java/eu/stork/vidp/messages/stork/impl/VIDPAuthenticationAttributesBuilder.java b/id/server/stork-saml-engine/src/main/java/eu/stork/vidp/messages/stork/impl/VIDPAuthenticationAttributesBuilder.java
new file mode 100644
index 000000000..a7827f652
--- /dev/null
+++ b/id/server/stork-saml-engine/src/main/java/eu/stork/vidp/messages/stork/impl/VIDPAuthenticationAttributesBuilder.java
@@ -0,0 +1,46 @@
+/*
+ * Copyright 2011 by Graz University of Technology, Austria
+ * The Austrian STORK Modules have been developed by the E-Government
+ * Innovation Center EGIZ, a joint initiative of the Federal Chancellery
+ * Austria and Graz University of Technology.
+ *
+ * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by
+ * the European Commission - subsequent versions of the EUPL (the "Licence");
+ * You may not use this work except in compliance with the Licence.
+ * You may obtain a copy of the Licence at:
+ * http://www.osor.eu/eupl/
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the Licence is distributed on an "AS IS" basis,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the Licence for the specific language governing permissions and
+ * limitations under the Licence.
+ *
+ * This product combines work with different licenses. See the "NOTICE" text
+ * file for details on the various modules and licenses.
+ * The "NOTICE" text file is part of the distribution. Any derivative works
+ * that you distribute must include a readable copy of the "NOTICE" text file.
+ */
+
+
+package eu.stork.vidp.messages.stork.impl;
+
+import org.opensaml.xml.AbstractXMLObjectBuilder;
+
+import eu.stork.vidp.messages.common.STORKConstants;
+import eu.stork.vidp.messages.stork.VIDPAuthenticationAttributes;
+
+public class VIDPAuthenticationAttributesBuilder extends
+ AbstractXMLObjectBuilder<VIDPAuthenticationAttributes> {
+
+ @Override
+ public VIDPAuthenticationAttributes buildObject(String namespaceURI, String localName,
+ String namespacePrefix) {
+ return new VIDPAuthenticationAttributesImpl(namespaceURI, localName, namespacePrefix);
+ }
+
+ public VIDPAuthenticationAttributes buildObject() {
+ return buildObject(STORKConstants.STORK10_NS, VIDPAuthenticationAttributes.DEFAULT_ELEMENT_LOCAL_NAME, STORKConstants.STORK10_PREFIX);
+ }
+
+}
diff --git a/id/server/stork-saml-engine/src/main/java/eu/stork/vidp/messages/stork/impl/VIDPAuthenticationAttributesImpl.java b/id/server/stork-saml-engine/src/main/java/eu/stork/vidp/messages/stork/impl/VIDPAuthenticationAttributesImpl.java
new file mode 100644
index 000000000..3c8d960db
--- /dev/null
+++ b/id/server/stork-saml-engine/src/main/java/eu/stork/vidp/messages/stork/impl/VIDPAuthenticationAttributesImpl.java
@@ -0,0 +1,91 @@
+/*
+ * Copyright 2011 by Graz University of Technology, Austria
+ * The Austrian STORK Modules have been developed by the E-Government
+ * Innovation Center EGIZ, a joint initiative of the Federal Chancellery
+ * Austria and Graz University of Technology.
+ *
+ * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by
+ * the European Commission - subsequent versions of the EUPL (the "Licence");
+ * You may not use this work except in compliance with the Licence.
+ * You may obtain a copy of the Licence at:
+ * http://www.osor.eu/eupl/
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the Licence is distributed on an "AS IS" basis,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the Licence for the specific language governing permissions and
+ * limitations under the Licence.
+ *
+ * This product combines work with different licenses. See the "NOTICE" text
+ * file for details on the various modules and licenses.
+ * The "NOTICE" text file is part of the distribution. Any derivative works
+ * that you distribute must include a readable copy of the "NOTICE" text file.
+ */
+
+
+package eu.stork.vidp.messages.stork.impl;
+
+import java.util.ArrayList;
+import java.util.Collections;
+import java.util.List;
+
+import org.opensaml.xml.XMLObject;
+import org.opensaml.xml.validation.AbstractValidatingXMLObject;
+
+import eu.stork.vidp.messages.stork.CitizenCountryCode;
+import eu.stork.vidp.messages.stork.SPInformation;
+import eu.stork.vidp.messages.stork.VIDPAuthenticationAttributes;
+
+public class VIDPAuthenticationAttributesImpl extends
+ AbstractValidatingXMLObject implements
+ VIDPAuthenticationAttributes {
+
+ private CitizenCountryCode citizenCountryCode;
+
+ private SPInformation spInformation;
+
+ protected VIDPAuthenticationAttributesImpl(String namespaceURI,
+ String elementLocalName, String namespacePrefix) {
+ super(namespaceURI, elementLocalName, namespacePrefix);
+ }
+
+ public CitizenCountryCode getCitizenCountryCode() {
+ return citizenCountryCode;
+ }
+
+
+ public SPInformation getSPInformation() {
+ return spInformation;
+ }
+
+ public void setCitizenCountryCode(CitizenCountryCode citizenCountryCode) {
+ this.citizenCountryCode = citizenCountryCode;
+ }
+
+
+ public void setSPInformation(SPInformation spInformation) {
+ this.spInformation = spInformation;
+ }
+
+ public List<XMLObject> getOrderedChildren() {
+ ArrayList<XMLObject> children = new ArrayList<XMLObject>();
+
+ if (citizenCountryCode != null) {
+ children.add(citizenCountryCode);
+ }
+
+
+ if (spInformation != null) {
+ children.add(spInformation);
+ }
+
+ if (children.size() == 0) {
+ return null;
+ }
+
+ return Collections.unmodifiableList(children);
+ }
+
+
+
+}
diff --git a/id/server/stork-saml-engine/src/main/java/eu/stork/vidp/messages/stork/impl/VIDPAuthenticationAttributesMarshaller.java b/id/server/stork-saml-engine/src/main/java/eu/stork/vidp/messages/stork/impl/VIDPAuthenticationAttributesMarshaller.java
new file mode 100644
index 000000000..f21b492a9
--- /dev/null
+++ b/id/server/stork-saml-engine/src/main/java/eu/stork/vidp/messages/stork/impl/VIDPAuthenticationAttributesMarshaller.java
@@ -0,0 +1,35 @@
+/*
+ * Copyright 2011 by Graz University of Technology, Austria
+ * The Austrian STORK Modules have been developed by the E-Government
+ * Innovation Center EGIZ, a joint initiative of the Federal Chancellery
+ * Austria and Graz University of Technology.
+ *
+ * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by
+ * the European Commission - subsequent versions of the EUPL (the "Licence");
+ * You may not use this work except in compliance with the Licence.
+ * You may obtain a copy of the Licence at:
+ * http://www.osor.eu/eupl/
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the Licence is distributed on an "AS IS" basis,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the Licence for the specific language governing permissions and
+ * limitations under the Licence.
+ *
+ * This product combines work with different licenses. See the "NOTICE" text
+ * file for details on the various modules and licenses.
+ * The "NOTICE" text file is part of the distribution. Any derivative works
+ * that you distribute must include a readable copy of the "NOTICE" text file.
+ */
+
+
+package eu.stork.vidp.messages.stork.impl;
+
+import org.opensaml.xml.io.BaseXMLObjectMarshaller;
+
+public class VIDPAuthenticationAttributesMarshaller extends
+ BaseXMLObjectMarshaller {
+
+
+
+}
diff --git a/id/server/stork-saml-engine/src/main/java/eu/stork/vidp/messages/stork/impl/VIDPAuthenticationAttributesUnmarshaller.java b/id/server/stork-saml-engine/src/main/java/eu/stork/vidp/messages/stork/impl/VIDPAuthenticationAttributesUnmarshaller.java
new file mode 100644
index 000000000..3b7a1b20e
--- /dev/null
+++ b/id/server/stork-saml-engine/src/main/java/eu/stork/vidp/messages/stork/impl/VIDPAuthenticationAttributesUnmarshaller.java
@@ -0,0 +1,55 @@
+/*
+ * Copyright 2011 by Graz University of Technology, Austria
+ * The Austrian STORK Modules have been developed by the E-Government
+ * Innovation Center EGIZ, a joint initiative of the Federal Chancellery
+ * Austria and Graz University of Technology.
+ *
+ * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by
+ * the European Commission - subsequent versions of the EUPL (the "Licence");
+ * You may not use this work except in compliance with the Licence.
+ * You may obtain a copy of the Licence at:
+ * http://www.osor.eu/eupl/
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the Licence is distributed on an "AS IS" basis,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the Licence for the specific language governing permissions and
+ * limitations under the Licence.
+ *
+ * This product combines work with different licenses. See the "NOTICE" text
+ * file for details on the various modules and licenses.
+ * The "NOTICE" text file is part of the distribution. Any derivative works
+ * that you distribute must include a readable copy of the "NOTICE" text file.
+ */
+
+
+package eu.stork.vidp.messages.stork.impl;
+
+import org.opensaml.xml.XMLObject;
+import org.opensaml.xml.io.BaseXMLObjectUnmarshaller;
+import org.opensaml.xml.io.UnmarshallingException;
+
+import eu.stork.vidp.messages.stork.CitizenCountryCode;
+import eu.stork.vidp.messages.stork.SPInformation;
+import eu.stork.vidp.messages.stork.VIDPAuthenticationAttributes;
+
+public class VIDPAuthenticationAttributesUnmarshaller extends
+ BaseXMLObjectUnmarshaller {
+
+ @Override
+ protected void processChildElement(XMLObject parentXMLObject,
+ XMLObject childXMLObject) throws UnmarshallingException {
+ VIDPAuthenticationAttributes attributes = (VIDPAuthenticationAttributes) parentXMLObject;
+
+ if (childXMLObject instanceof CitizenCountryCode) {
+ attributes.setCitizenCountryCode((CitizenCountryCode) childXMLObject);
+ } else if (childXMLObject instanceof SPInformation) {
+ attributes.setSPInformation((SPInformation) childXMLObject);
+ } else {
+ super.processChildElement(parentXMLObject, childXMLObject);
+ }
+ }
+
+
+
+}
diff --git a/id/server/stork-saml-engine/src/main/java/eu/stork/vidp/messages/util/SAMLUtil.java b/id/server/stork-saml-engine/src/main/java/eu/stork/vidp/messages/util/SAMLUtil.java
new file mode 100644
index 000000000..6a4ba1648
--- /dev/null
+++ b/id/server/stork-saml-engine/src/main/java/eu/stork/vidp/messages/util/SAMLUtil.java
@@ -0,0 +1,405 @@
+/*
+ * Copyright 2011 by Graz University of Technology, Austria
+ * The Austrian STORK Modules have been developed by the E-Government
+ * Innovation Center EGIZ, a joint initiative of the Federal Chancellery
+ * Austria and Graz University of Technology.
+ *
+ * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by
+ * the European Commission - subsequent versions of the EUPL (the "Licence");
+ * You may not use this work except in compliance with the Licence.
+ * You may obtain a copy of the Licence at:
+ * http://www.osor.eu/eupl/
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the Licence is distributed on an "AS IS" basis,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the Licence for the specific language governing permissions and
+ * limitations under the Licence.
+ *
+ * This product combines work with different licenses. See the "NOTICE" text
+ * file for details on the various modules and licenses.
+ * The "NOTICE" text file is part of the distribution. Any derivative works
+ * that you distribute must include a readable copy of the "NOTICE" text file.
+ */
+
+
+/**
+ *
+ */
+package eu.stork.vidp.messages.util;
+
+import java.util.ArrayList;
+import java.util.Iterator;
+import java.util.List;
+
+import org.opensaml.Configuration;
+import org.opensaml.common.SignableSAMLObject;
+import org.opensaml.saml2.core.Assertion;
+import org.opensaml.saml2.core.Attribute;
+import org.opensaml.saml2.core.AttributeStatement;
+import org.opensaml.saml2.metadata.RequestedAttribute;
+import org.opensaml.ws.message.encoder.MessageEncodingException;
+import org.opensaml.xml.XMLObject;
+import org.opensaml.xml.io.Marshaller;
+import org.opensaml.xml.io.MarshallingException;
+import org.opensaml.xml.io.Unmarshaller;
+import org.opensaml.xml.io.UnmarshallingException;
+import org.opensaml.xml.schema.XSAny;
+import org.opensaml.xml.schema.XSString;
+import org.opensaml.xml.security.SecurityException;
+import org.opensaml.xml.security.SecurityHelper;
+import org.opensaml.xml.security.credential.Credential;
+import org.opensaml.xml.signature.Signature;
+import org.opensaml.xml.signature.SignatureConstants;
+import org.opensaml.xml.signature.SignatureException;
+import org.opensaml.xml.signature.Signer;
+import org.opensaml.xml.validation.ValidationException;
+import org.opensaml.xml.validation.ValidatorSuite;
+import org.slf4j.Logger;
+import org.slf4j.LoggerFactory;
+import org.w3c.dom.Element;
+
+import eu.stork.vidp.messages.builder.STORKMessagesBuilder;
+import eu.stork.vidp.messages.exception.SAMLException;
+import eu.stork.vidp.messages.exception.SAMLValidationException;
+import eu.stork.vidp.messages.saml.STORKAttribute;
+
+/**
+ *
+ * Helper class for SAML message processing
+ * @author bzwattendorfer
+ *
+ */
+public class SAMLUtil {
+
+ private final static Logger log = LoggerFactory.getLogger(SAMLUtil.class);
+
+ /**
+ * Signs a SAML object
+ * @param samlObject SAML object to sign
+ * @param signingCredential Credentials to be used for signing
+ * @throws SAMLException
+ */
+ public static void signSAMLObject(SignableSAMLObject samlObject, Credential signingCredential) throws SAMLException {
+
+ log.trace("Signing " + samlObject.getElementQName());
+
+ Signature signature = STORKMessagesBuilder.buildXMLObject(Signature.DEFAULT_ELEMENT_NAME);
+
+ signature.setSigningCredential(signingCredential);
+
+ //TODO: Make signing algorithm configurable
+ signature.setSignatureAlgorithm(SignatureConstants.ALGO_ID_SIGNATURE_RSA_SHA1);
+ signature.setCanonicalizationAlgorithm(SignatureConstants.ALGO_ID_C14N_EXCL_OMIT_COMMENTS);
+
+ try {
+ //TODO SecurityConfiguration, default signature credentials
+ SecurityHelper.prepareSignatureParams(signature, signingCredential, null, null);
+ } catch (SecurityException e) {
+ throw new SAMLException("Error preparing signature for signing", e);
+ }
+
+ samlObject.setSignature(signature);
+
+ Marshaller assertionMarshaller = Configuration.getMarshallerFactory().getMarshaller(samlObject);
+ try {
+ assertionMarshaller.marshall(samlObject);
+ Signer.signObject(signature);
+ } catch (MarshallingException e) {
+ throw new SAMLException("Unable to marshall " + samlObject.getElementQName() + " for signing", e);
+ } catch (SignatureException e) {
+ throw new SAMLException("Unable to sign " + samlObject.getElementQName(), e);
+ }
+
+ }
+
+ /**
+ * Validated SAML object according the given validation config
+ * @param samlObject SAML object to validaate
+ * @param validatorSuiteConfig Validation config
+ * @throws SAMLValidationException
+ */
+ public static void verifySAMLObjectStandardValidation(SignableSAMLObject samlObject, String validatorSuiteConfig) throws SAMLValidationException {
+
+ ValidatorSuite validatorSuite = Configuration.getValidatorSuite(validatorSuiteConfig);
+ try {
+ validatorSuite.validate(samlObject);
+ } catch (ValidationException e) {
+ log.error(e.getMessage(), e);
+ throw new SAMLValidationException("Could not validate " + samlObject.getElementQName(), e);
+ }
+
+ }
+
+ /**
+ * Gets the STORK attribute status from a SAML attribute
+ * @param attribute SAML attribute
+ * @return STORK attribute status
+ */
+ public static String getStatusFromAttribute(Attribute attribute) {
+ return attribute.getUnknownAttributes().get(STORKAttribute.DEFAULT_STORK_ATTRIBUTE_QNAME);
+ }
+
+ /**
+ * Gets the XML value of an XML object as String
+ * @param xmlObj XML object
+ * @return XML value as String
+ */
+ public static String getStringValueFromXMLObject(XMLObject xmlObj) {
+ if (xmlObj instanceof XSString) {
+ return ((XSString) xmlObj).getValue();
+ } else if (xmlObj instanceof XSAny) {
+ return ((XSAny) xmlObj).getTextContent();
+ }
+ return null;
+ }
+
+ /**
+ * Gets the attribute value as String of an attribute whereas the attribute is in a given list
+ * @param attrList List of attributes
+ * @param name Name of the attribute where the value should be extracted
+ * @return attribute value as String
+ */
+ public static String getAttributeStringValue(List<? extends Attribute> attrList, String name) {
+ XMLObject xmlObj = getAttributeValue(attrList, name);
+ return getStringValueFromXMLObject(xmlObj);
+ }
+
+ /**
+ * Gets the attribute value as String of an attribute
+ * @param attribute Attribute
+ * @return attribute value as String
+ */
+ public static String getAttributeStringValue(Attribute attribute) {
+ return ((XSString) attribute.getAttributeValues().get(0)).getValue();
+ }
+
+ /**
+ * Gets the attribute value as anyType of an attribute
+ * @param attribute Attribute
+ * @return value as anyType
+ */
+ public static XSAny getAttributeXSAnyValue(Attribute attribute) {
+ return (XSAny) attribute.getAttributeValues().get(0);
+ }
+
+ /**
+ * Gets the attribute value as anyType of an attribute whereas the attribute is in a given list
+ * @param attrList List of attributes
+ * @param name Name of the attribute where the value should be extracted
+ * @return attribute value as anyType
+ */
+ public static XSAny getXSAnyAttributeValue(List<Attribute> attrList, String name) {
+ //XMLObject xmlObj = getAttributeValue(attrList, name);
+ return (XSAny) getAttributeValue(attrList, name);
+ }
+
+ /**
+ * Gets the attribute value as XMLObject of an attribute whereas the attribute is in a given list
+ * @param attrList List of attributes
+ * @param name Name of the attribute where the value should be extracted
+ * @return attribute value as XMLObject
+ */
+ public static XMLObject getAttributeValue(List<? extends Attribute> attrList, String name) {
+ Attribute attribute = getAttribute(attrList, name);
+ return (attribute != null && !attribute.getAttributeValues().isEmpty()) ? attribute.getAttributeValues().get(0) : null;
+ }
+
+ /**
+ * Gets the attribute specified by name out of a list
+ * @param attrList List of attributes
+ * @param name attribute name of the attribute to extract
+ * @return attribute
+ */
+ public static Attribute getAttribute(List<? extends Attribute> attrList, String name) {
+ for (Attribute attribute : attrList) {
+ if (attribute.getName().equals(name)) {
+ return attribute;
+ }
+ }
+
+ return null;
+ }
+
+ /**
+ * Gets the attribute specified by name out of a list and immediately removes it from the list
+ * @param attrList List of attributes
+ * @param name attribute name of the attribute to extract and remove
+ * @return attribute
+ */
+ public static String getAttributeStringValueAndRemove(List<? extends Attribute> attrList, String name) {
+
+ Attribute attribute = getAttribute(attrList, name);
+ String value = getAttributeStringValue(attrList, name);
+ attrList.remove(attribute);
+
+ return value;
+ }
+
+ /**
+ * Checks if an attribute with a given name is present in a SAML assertion
+ * @param storkAssertion STORK SAML assertion
+ * @param attributeName attribute name
+ * @return true if attribute is present
+ */
+ public static boolean containsAttribute(Assertion storkAssertion, String attributeName) {
+ AttributeStatement attrStatement = storkAssertion.getAttributeStatements().get(0);
+
+ for (Attribute attribute : attrStatement.getAttributes()) {
+ if (attribute.getName().equals(attributeName) && (SAMLUtil.getStatusFromAttribute(attribute) == null || SAMLUtil.getStatusFromAttribute(attribute).equals(STORKAttribute.ALLOWED_ATTRIBUTE_STATUS_AVAIL))) {
+ return true;
+ }
+ }
+
+ return false;
+ }
+
+ /**
+ * Checks if an attribute with a given name is present in a List of attributes
+ * @param attributeList List of attributes
+ * @param attributeName attribute name
+ * @return true if attribute is present
+ */
+ public static boolean containsAttribute(List<? extends Attribute> attributeList, String attributeName) {
+ for (Attribute attr : attributeList) {
+ if (attr.getName().equals(attributeName))
+ return true;
+ }
+ return false;
+ }
+
+ /**
+ * Remeoves attribute with a given name from an attribute list
+ * @param attributeList List of attributes
+ * @param attributeName name of the attribute to be removed from list
+ */
+ public static void removeAttribute(List<? extends Attribute> attributeList, String attributeName) {
+ if (containsAttribute(attributeList, attributeName)) {
+ attributeList.remove(getAttribute(attributeList, attributeName));
+ }
+ }
+
+ /**
+ * Gets the String value of an XML object (Only if XMLObject contains String)
+ * @param xmlObj XMLObject
+ * @return String value of XMLObject
+ */
+ public static String getXSStringValueFromXMLObject(XMLObject xmlObj) {
+ if (xmlObj instanceof XSString)
+ return ((XSString) xmlObj).getValue();
+
+ return null;
+ }
+
+
+ /**
+ * Marshalls an XMLObject to an XML element (DOM)
+ * @param message XMLObject
+ * @return DOM representation of XMLObject
+ */
+ public static Element marshallMessage(XMLObject message) {
+
+ try {
+ Marshaller marshaller = Configuration.getMarshallerFactory().getMarshaller(message);
+ if (marshaller == null) {
+ log.error("Unable to marshall message, no marshaller registered for message object: "
+ + message.getElementQName());
+ }
+ Element messageElem = marshaller.marshall(message);
+ return messageElem;
+ } catch (MarshallingException e) {
+ log.error("Encountered error marshalling message to its DOM representation", e);
+ throw new RuntimeException("Encountered error marshalling message into its DOM representation", e);
+ }
+ }
+
+ /**
+ * Unmarshalls a DOM XML element into an OpenSAML XMLObject
+ * @param element DOM element
+ * @return OpenSAML XMLObject
+ * @throws MessageEncodingException
+ */
+ public static XMLObject unmarshallMessage(Element element) throws MessageEncodingException {
+
+ try {
+ Unmarshaller unmarshaller = Configuration.getUnmarshallerFactory().getUnmarshaller(element);
+ if (unmarshaller == null) {
+ log.error("Unable to unmarshall element, no unmarshaller registered for message element: "
+ + element.getNodeName());
+ }
+
+ return unmarshaller.unmarshall(element);
+ } catch (UnmarshallingException e) {
+ log.error("Encountered error unmarshalling element to its XMLObject representation", e);
+ throw new MessageEncodingException("Encountered error unmarshalling element to its XMLObject representation", e);
+ }
+ }
+
+ /**
+ * Releases the DOM element from an XML document
+ * @param xmlObjList List of XMLObjects to release
+ * @return List of released XMLObjects
+ */
+ public static List<? extends XMLObject> releaseDOM(List<? extends XMLObject> xmlObjList) {
+
+ List<XMLObject> newXMLObjList = new ArrayList<XMLObject>();
+ Iterator<? extends XMLObject> it = xmlObjList.iterator();
+
+ while (it.hasNext()) {
+ XMLObject xmlObj = it.next();
+ xmlObj.detach();
+ newXMLObjList.add(xmlObj);
+ }
+
+ return newXMLObjList;
+
+ }
+
+ /**
+ * Makes a union of two RequestedAttribute lists (first list has priority and overrides attributes in the second list if equal)
+ * @param priorityList Priority list if attributes might be equal
+ * @param list low priority list
+ * @return Union of both lists
+ */
+ public static List<RequestedAttribute> buildRequestedAttributesUnion(List<RequestedAttribute> priorityList, List<RequestedAttribute> list) {
+ List<RequestedAttribute> reqAttrList = new ArrayList<RequestedAttribute>();
+
+ if (priorityList == null || list == null)
+ return reqAttrList;
+
+ if (priorityList == null || priorityList.isEmpty()) {
+ if (list == null || list.isEmpty()) {
+ return reqAttrList;
+ } else {
+ reqAttrList.addAll((List<RequestedAttribute>) releaseDOM(list));
+ return reqAttrList;
+ }
+ } else {
+ if (list == null || list.isEmpty()) {
+ reqAttrList.addAll((List<RequestedAttribute>) releaseDOM(priorityList));
+ return reqAttrList;
+ } else {
+ reqAttrList.addAll((List<RequestedAttribute>) releaseDOM(priorityList));
+ for (RequestedAttribute reqAttr : list) {
+ boolean found = false;
+ for (RequestedAttribute prioReqAttr : priorityList) {
+ if (!prioReqAttr.getName().equals(reqAttr.getName())) {
+ found = true;
+ }
+ }
+ if (!found) {
+ reqAttr.detach();
+ reqAttrList.add(reqAttr);
+ log.debug("Adding additional requested attribute: {} , isRequired: {}", reqAttr.getName(), reqAttr.isRequired());
+ }
+ }
+ }
+ }
+
+
+
+ return reqAttrList;
+ }
+
+
+}
diff --git a/id/server/stork-saml-engine/src/main/java/eu/stork/vidp/messages/util/XMLUtil.java b/id/server/stork-saml-engine/src/main/java/eu/stork/vidp/messages/util/XMLUtil.java
new file mode 100644
index 000000000..3ca38ec03
--- /dev/null
+++ b/id/server/stork-saml-engine/src/main/java/eu/stork/vidp/messages/util/XMLUtil.java
@@ -0,0 +1,143 @@
+/**
+ *
+ */
+package eu.stork.vidp.messages.util;
+
+import java.io.File;
+import java.io.IOException;
+import java.io.Reader;
+import java.io.StringReader;
+import java.io.StringWriter;
+
+import javax.xml.parsers.DocumentBuilder;
+import javax.xml.parsers.DocumentBuilderFactory;
+import javax.xml.parsers.ParserConfigurationException;
+import javax.xml.transform.OutputKeys;
+import javax.xml.transform.Result;
+import javax.xml.transform.Source;
+import javax.xml.transform.Transformer;
+import javax.xml.transform.TransformerException;
+import javax.xml.transform.TransformerFactory;
+import javax.xml.transform.dom.DOMSource;
+import javax.xml.transform.stream.StreamResult;
+
+import org.w3c.dom.Document;
+import org.w3c.dom.Element;
+import org.w3c.dom.Node;
+import org.w3c.dom.NodeList;
+import org.xml.sax.InputSource;
+import org.xml.sax.SAXException;
+
+/**
+ * Helper class for XML processing
+ * @author bzwattendorfer
+ *
+ */
+public class XMLUtil {
+
+ /**
+ * Transforms a string representation to a DOM representation
+ * @param xmlString XML as string
+ * @return DOM representation of String
+ * @throws ParserConfigurationException
+ * @throws SAXException
+ * @throws IOException
+ */
+ public static Element stringToDOM(String xmlString) throws ParserConfigurationException, SAXException, IOException {
+ DocumentBuilderFactory dbf = DocumentBuilderFactory.newInstance();
+ dbf.setNamespaceAware(true);
+
+ DocumentBuilder builder = dbf.newDocumentBuilder();
+
+ Reader reader = new StringReader(xmlString);
+ InputSource src = new InputSource(reader);
+ Document domDoc = builder.parse(src);
+ return domDoc.getDocumentElement();
+ }
+
+ /**
+ * Creates a new and empty XML document
+ * @return New XML document
+ * @throws ParserConfigurationException
+ */
+ public static Document createNewDocument() throws ParserConfigurationException {
+ DocumentBuilderFactory dbf = DocumentBuilderFactory.newInstance();
+ dbf.setNamespaceAware(true);
+
+ DocumentBuilder builder = dbf.newDocumentBuilder();
+ return builder.newDocument();
+ }
+
+ /**
+ * Transforms an XML to a String
+ * @param node XML node
+ * @return String represenation of XML
+ */
+ public static String printXML(Node node) {
+ TransformerFactory tfactory = TransformerFactory.newInstance();
+ Transformer serializer;
+ try {
+ serializer = tfactory.newTransformer();
+
+ serializer.setOutputProperty(OutputKeys.OMIT_XML_DECLARATION, "yes");
+ serializer.setOutputProperty(OutputKeys.ENCODING,"UTF-8");
+
+ StringWriter output = new StringWriter();
+ serializer.transform(new DOMSource(node), new StreamResult(output));
+ return output.toString();
+ } catch (TransformerException e) {
+
+ throw new RuntimeException(e);
+ }
+ }
+
+ /**
+ * Writes an XML element to a given file
+ * @param doc XML element
+ * @param filename Filename of the file where to write XML
+ */
+ public static void writeXmlFile(Element doc, String filename) {
+ try {
+
+ Source source = new DOMSource(doc);
+ File file = new File(filename);
+ Result result = new StreamResult(file);
+
+ Transformer xformer = TransformerFactory.newInstance().newTransformer();
+ xformer.transform(source, result);
+ } catch (Exception e) {
+ throw new RuntimeException(e);
+ }
+ }
+
+ /**
+ * Gets the first text value of a NodeList
+ * @param nList NodeList
+ * @return first text value of a NodeList
+ */
+ public static String getFirstTextValueFromNodeList(NodeList nList) {
+ if (nList != null && nList.getLength() != 0) {
+ return nList.item(0).getTextContent();
+ }
+ return null;
+ }
+
+ /**
+ * Gets the first element of a Node
+ * @param parent Node
+ * @return first element of a Node
+ */
+ public static Element getFirstElement(Node parent) {
+ Node n = parent.getFirstChild();
+ while (n != null && n.getNodeType() != Node.ELEMENT_NODE) {
+ n = n.getNextSibling();
+ }
+ if (n == null) {
+ return null;
+ }
+ return (Element)n;
+ }
+
+
+
+}
diff --git a/id/server/stork-saml-engine/src/main/java/eu/stork/vidp/messages/validation/StorkAssertionValidator.java b/id/server/stork-saml-engine/src/main/java/eu/stork/vidp/messages/validation/StorkAssertionValidator.java
new file mode 100644
index 000000000..c412ba6a0
--- /dev/null
+++ b/id/server/stork-saml-engine/src/main/java/eu/stork/vidp/messages/validation/StorkAssertionValidator.java
@@ -0,0 +1,91 @@
+/*
+ * Copyright 2011 by Graz University of Technology, Austria
+ * The Austrian STORK Modules have been developed by the E-Government
+ * Innovation Center EGIZ, a joint initiative of the Federal Chancellery
+ * Austria and Graz University of Technology.
+ *
+ * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by
+ * the European Commission - subsequent versions of the EUPL (the "Licence");
+ * You may not use this work except in compliance with the Licence.
+ * You may obtain a copy of the Licence at:
+ * http://www.osor.eu/eupl/
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the Licence is distributed on an "AS IS" basis,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the Licence for the specific language governing permissions and
+ * limitations under the Licence.
+ *
+ * This product combines work with different licenses. See the "NOTICE" text
+ * file for details on the various modules and licenses.
+ * The "NOTICE" text file is part of the distribution. Any derivative works
+ * that you distribute must include a readable copy of the "NOTICE" text file.
+ */
+
+
+package eu.stork.vidp.messages.validation;
+
+import org.opensaml.common.SAMLVersion;
+import org.opensaml.saml2.core.Assertion;
+import org.opensaml.saml2.core.validator.AssertionSchemaValidator;
+import org.opensaml.xml.validation.ValidationException;
+
+public class StorkAssertionValidator extends AssertionSchemaValidator {
+
+ /**
+ * Constructor
+ *
+ */
+ public StorkAssertionValidator() {
+
+ super();
+ }
+
+ @Override
+ public void validate(Assertion assertion) throws ValidationException {
+
+ super.validate(assertion);
+
+ if(assertion.getID() == null) {
+
+ throw new ValidationException("ID is required.");
+ }
+
+ if(assertion.getVersion() == null || !assertion.getVersion().equals(SAMLVersion.VERSION_20)) {
+
+ throw new ValidationException("Version of assertion not present or invalid.");
+ }
+
+ if(assertion.getIssueInstant() == null) {
+
+ throw new ValidationException("IssueInstant is required.");
+ }
+
+ if(assertion.getSubject() == null) {
+
+ throw new ValidationException("Subject is required.");
+ }
+
+ if(assertion.getConditions() == null) {
+
+ throw new ValidationException("Conditions is required.");
+ }
+
+ if(assertion.getAuthnStatements() == null ||
+ assertion.getAuthnStatements().size() != 1) {
+
+ throw new ValidationException("Incorrect number of AuthnStatements.");
+ }
+
+ if(assertion.getAttributeStatements() != null) {
+
+ if(assertion.getAttributeStatements().size() != 0 &&
+ assertion.getAttributeStatements().size() != 1) {
+
+ throw new ValidationException("Incorrect number of AttributeStatements.");
+ }
+ }
+
+ }
+
+}
diff --git a/id/server/stork-saml-engine/src/main/java/eu/stork/vidp/messages/validation/StorkAttributeValidator.java b/id/server/stork-saml-engine/src/main/java/eu/stork/vidp/messages/validation/StorkAttributeValidator.java
new file mode 100644
index 000000000..6e37725d1
--- /dev/null
+++ b/id/server/stork-saml-engine/src/main/java/eu/stork/vidp/messages/validation/StorkAttributeValidator.java
@@ -0,0 +1,204 @@
+/*
+ * Copyright 2011 by Graz University of Technology, Austria
+ * The Austrian STORK Modules have been developed by the E-Government
+ * Innovation Center EGIZ, a joint initiative of the Federal Chancellery
+ * Austria and Graz University of Technology.
+ *
+ * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by
+ * the European Commission - subsequent versions of the EUPL (the "Licence");
+ * You may not use this work except in compliance with the Licence.
+ * You may obtain a copy of the Licence at:
+ * http://www.osor.eu/eupl/
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the Licence is distributed on an "AS IS" basis,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the Licence for the specific language governing permissions and
+ * limitations under the Licence.
+ *
+ * This product combines work with different licenses. See the "NOTICE" text
+ * file for details on the various modules and licenses.
+ * The "NOTICE" text file is part of the distribution. Any derivative works
+ * that you distribute must include a readable copy of the "NOTICE" text file.
+ */
+
+
+package eu.stork.vidp.messages.validation;
+
+import java.util.regex.Pattern;
+
+import org.joda.time.format.DateTimeFormat;
+import org.joda.time.format.DateTimeFormatter;
+import org.opensaml.saml2.core.Attribute;
+import org.opensaml.saml2.core.validator.AttributeSchemaValidator;
+import org.opensaml.xml.XMLObject;
+import org.opensaml.xml.schema.XSString;
+import org.opensaml.xml.util.AttributeMap;
+import org.opensaml.xml.validation.ValidationException;
+
+import eu.stork.vidp.messages.common.STORKConstants;
+import eu.stork.vidp.messages.saml.STORKAttribute;
+
+public class StorkAttributeValidator extends AttributeSchemaValidator {
+
+ private static final String PATTERN_EIDENTIFIER = "^[A-Z]{2}/[A-Z]{2}/[A-Za-z0-9+/=\r\n]+$";
+ private static final String PATTERN_GENDER = "^[MF]{1}$";
+ private static final String PATTERN_COUNTRYCODEOFBIRTH = "^[A-Z]{2}|[A-Z]{4}$";
+ private static final String PATTERN_COUNTRYCODE = "^[A-Z]{2}$";
+ private static final String PATTERN_MARTIALSTATUS = "^[SMPDW]{1}$";
+ private static final String PATTERN_EMAIL = "^[-+.\\w]{1,64}@[-.\\w]{1,64}\\.[-.\\w]{2,6}$";
+ private static final String PATTERN_AGE = "^[0-9]{1,3}$";
+ private static final int MAX_AGE = 120;
+ private static final String PATTERN_ISAGEOVER = PATTERN_AGE;
+ private static final String PATTERN_CITIZENQAALEVEL = "^[1-4]{1}$";
+
+
+ /**
+ * Constructor
+ *
+ */
+ public StorkAttributeValidator() {
+
+ super();
+ }
+
+ @Override
+ public void validate(Attribute attr) throws ValidationException {
+
+ super.validate(attr);
+
+ if(attr.getName() == null) {
+
+ throw new ValidationException("Name is required.");
+ }
+
+ if(attr.getNameFormat() == null) {
+
+ throw new ValidationException("NameFormat is required.");
+ }
+
+
+ if(attr.getUnknownAttributes() != null) {
+
+ AttributeMap map = attr.getUnknownAttributes();
+
+ String value = map.get(STORKAttribute.DEFAULT_STORK_ATTRIBUTE_QNAME);
+
+ if (value == null || value.equals(STORKAttribute.ALLOWED_ATTRIBUTE_STATUS_AVAIL)) {
+ //if AttributeStatus not present, default is "Available" thus AttributeValue must be present
+ if (attr.getAttributeValues().isEmpty()) {
+ //isAgeOver can have no value
+ if (!attr.getName().equals(STORKConstants.STORK_ATTRIBUTE_ISAGEOVER)) {
+ throw new ValidationException("AttributeStatus indicates that attribute is available but no AttributeValue is present.");
+ }
+ }
+
+ //throw new ValidationException("AttributeStatus not present.");
+
+ } else if(!value.equals(STORKAttribute.ALLOWED_ATTRIBUTE_STATUS_AVAIL) &&
+ !value.equals(STORKAttribute.ALLOWED_ATTRIBUTE_STATUS_NOT_AVAIL) &&
+ !value.equals(STORKAttribute.ALLOWED_ATTRIBUTE_STATUS_WITHHELD)) {
+
+ throw new ValidationException("AttributeStatus is invalid.");
+ }
+
+ }
+
+ if (!attr.getAttributeValues().isEmpty()) {
+ //validate individual attributes if present
+ XMLObject attrValueObject = attr.getAttributeValues().get(0);
+
+ if (!(attrValueObject instanceof XSString)) {
+ //Only validate String attributes
+ return;
+ }
+
+ String value = ((XSString) attr.getAttributeValues().get(0)).getValue();
+ String attrName = attr.getName();
+
+ //only isAgeOver can be empty if provided
+ if (value == null) {
+ //only isAgeOver can be empty if provided
+ if (attrName.equals(STORKConstants.STORK_ATTRIBUTE_ISAGEOVER)) {
+ return;
+ } else {
+ throw new ValidationException("Provided AttributeValue is empty");
+ }
+ }
+
+ //validate eIdentifier
+ validateAttributeValueFormat(value, attrName, STORKConstants.STORK_ATTRIBUTE_EIDENTIFIER, PATTERN_EIDENTIFIER);
+
+ //validate gender
+ validateAttributeValueFormat(value, attrName, STORKConstants.STORK_ATTRIBUTE_GENDER, PATTERN_GENDER);
+
+ //validate dateOfBirth
+ if (attrName.equals(STORKConstants.STORK_ATTRIBUTE_DATEOFBIRTH)) {
+ verifyDate(value);
+ }
+
+ //validate countryCode of birth
+ validateAttributeValueFormat(value, attrName, STORKConstants.STORK_ATTRIBUTE_COUNTRYCODEOFBIRTH, PATTERN_COUNTRYCODEOFBIRTH);
+
+ //validate countryCode
+ validateAttributeValueFormat(value, attrName, STORKConstants.STORK_ATTRIBUTE_NATIONALITYCODE, PATTERN_COUNTRYCODE);
+
+ //validate martialStatus
+ validateAttributeValueFormat(value, attrName, STORKConstants.STORK_ATTRIBUTE_MARTIALSTATUS, PATTERN_MARTIALSTATUS);
+
+ //validate email
+ validateAttributeValueFormat(value, attrName, STORKConstants.STORK_ATTRIBUTE_EMAIL, PATTERN_EMAIL);
+
+ //validate age and isAgeOver
+ validateAttributeValueFormat(value, attrName, STORKConstants.STORK_ATTRIBUTE_AGE, PATTERN_AGE);
+ validateAttributeValueFormat(value, attrName, STORKConstants.STORK_ATTRIBUTE_ISAGEOVER, PATTERN_ISAGEOVER);
+ if (attr.getName().equals(STORKConstants.STORK_ATTRIBUTE_AGE) || attr.getName().equals(STORKConstants.STORK_ATTRIBUTE_ISAGEOVER)) {
+ if (Integer.valueOf(((XSString) attr.getAttributeValues().get(0)).getValue()) > MAX_AGE) {
+ throw new ValidationException("Maximum age reached");
+ }
+ }
+
+ validateAttributeValueFormat(value, attrName, STORKConstants.STORK_ATTRIBUTE_CITIZENQAALEVEL, PATTERN_CITIZENQAALEVEL);
+ }
+
+ }
+
+ private void validateAttributeValueFormat(String value, String currentAttrName, String attrNameToTest, String pattern) throws ValidationException {
+ if (currentAttrName.equals(attrNameToTest)) {
+ if (!Pattern.matches(pattern, value)) {
+ throw new ValidationException(attrNameToTest + " has incorrect format.");
+ }
+ }
+
+ }
+
+ private static void verifyDate(String pepsDate) throws ValidationException {
+ DateTimeFormatter fmt = null;
+
+ switch (pepsDate.length()) {
+ case 4:
+ fmt = DateTimeFormat.forPattern("yyyy");
+ break;
+ case 6:
+ fmt = DateTimeFormat.forPattern("yyyyMM");
+ break;
+ case 8:
+ fmt = DateTimeFormat.forPattern("yyyyMMdd");
+ break;
+ default:
+ throw new ValidationException("Date has wrong format");
+ }
+
+ try {
+ fmt.parseDateTime(pepsDate);
+ } catch (IllegalArgumentException e) {
+ throw new ValidationException("Date has wrong format");
+ }
+
+
+ }
+
+
+
+
+}
diff --git a/id/server/stork-saml-engine/src/main/java/eu/stork/vidp/messages/validation/StorkAudienceRestrictionValidator.java b/id/server/stork-saml-engine/src/main/java/eu/stork/vidp/messages/validation/StorkAudienceRestrictionValidator.java
new file mode 100644
index 000000000..a561d4c33
--- /dev/null
+++ b/id/server/stork-saml-engine/src/main/java/eu/stork/vidp/messages/validation/StorkAudienceRestrictionValidator.java
@@ -0,0 +1,56 @@
+/*
+ * Copyright 2011 by Graz University of Technology, Austria
+ * The Austrian STORK Modules have been developed by the E-Government
+ * Innovation Center EGIZ, a joint initiative of the Federal Chancellery
+ * Austria and Graz University of Technology.
+ *
+ * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by
+ * the European Commission - subsequent versions of the EUPL (the "Licence");
+ * You may not use this work except in compliance with the Licence.
+ * You may obtain a copy of the Licence at:
+ * http://www.osor.eu/eupl/
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the Licence is distributed on an "AS IS" basis,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the Licence for the specific language governing permissions and
+ * limitations under the Licence.
+ *
+ * This product combines work with different licenses. See the "NOTICE" text
+ * file for details on the various modules and licenses.
+ * The "NOTICE" text file is part of the distribution. Any derivative works
+ * that you distribute must include a readable copy of the "NOTICE" text file.
+ */
+
+
+package eu.stork.vidp.messages.validation;
+
+import org.opensaml.saml2.core.AudienceRestriction;
+import org.opensaml.saml2.core.validator.AudienceRestrictionSchemaValidator;
+import org.opensaml.xml.validation.ValidationException;
+
+public class StorkAudienceRestrictionValidator extends
+ AudienceRestrictionSchemaValidator {
+
+ /**
+ * Constructor
+ *
+ */
+ public StorkAudienceRestrictionValidator() {
+
+ super();
+ }
+
+ @Override
+ public void validate(AudienceRestriction res) throws ValidationException {
+
+ super.validate(res);
+
+ if(res.getAudiences() == null || res.getAudiences().size() < 1) {
+
+ throw new ValidationException("Audience is required.");
+ }
+
+ }
+
+}
diff --git a/id/server/stork-saml-engine/src/main/java/eu/stork/vidp/messages/validation/StorkAuthenticationAttributesValidator.java b/id/server/stork-saml-engine/src/main/java/eu/stork/vidp/messages/validation/StorkAuthenticationAttributesValidator.java
new file mode 100644
index 000000000..1997da7b6
--- /dev/null
+++ b/id/server/stork-saml-engine/src/main/java/eu/stork/vidp/messages/validation/StorkAuthenticationAttributesValidator.java
@@ -0,0 +1,57 @@
+/*
+ * Copyright 2011 by Graz University of Technology, Austria
+ * The Austrian STORK Modules have been developed by the E-Government
+ * Innovation Center EGIZ, a joint initiative of the Federal Chancellery
+ * Austria and Graz University of Technology.
+ *
+ * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by
+ * the European Commission - subsequent versions of the EUPL (the "Licence");
+ * You may not use this work except in compliance with the Licence.
+ * You may obtain a copy of the Licence at:
+ * http://www.osor.eu/eupl/
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the Licence is distributed on an "AS IS" basis,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the Licence for the specific language governing permissions and
+ * limitations under the Licence.
+ *
+ * This product combines work with different licenses. See the "NOTICE" text
+ * file for details on the various modules and licenses.
+ * The "NOTICE" text file is part of the distribution. Any derivative works
+ * that you distribute must include a readable copy of the "NOTICE" text file.
+ */
+
+
+package eu.stork.vidp.messages.validation;
+
+import java.util.List;
+
+import org.opensaml.xml.XMLObject;
+import org.opensaml.xml.validation.ValidationException;
+import org.opensaml.xml.validation.Validator;
+
+import eu.stork.vidp.messages.stork.AuthenticationAttributes;
+import eu.stork.vidp.messages.stork.VIDPAuthenticationAttributes;
+
+public class StorkAuthenticationAttributesValidator implements Validator<AuthenticationAttributes> {
+
+
+ public StorkAuthenticationAttributesValidator() {
+
+ }
+
+ public void validate(AuthenticationAttributes authenticationAttributes) throws ValidationException {
+
+ //check AuthenticationAttributes for VIDPs
+ VIDPAuthenticationAttributes vidpAuthenticationAttributes = authenticationAttributes.getVIDPAuthenticationAttributes();
+
+ if(vidpAuthenticationAttributes == null) {
+
+ throw new ValidationException("VIDPAuthenticationAttributes is required for sending requests to VIDPs.");
+ }
+
+
+ }
+
+}
diff --git a/id/server/stork-saml-engine/src/main/java/eu/stork/vidp/messages/validation/StorkAuthnRequestValidator.java b/id/server/stork-saml-engine/src/main/java/eu/stork/vidp/messages/validation/StorkAuthnRequestValidator.java
new file mode 100644
index 000000000..0e8722d55
--- /dev/null
+++ b/id/server/stork-saml-engine/src/main/java/eu/stork/vidp/messages/validation/StorkAuthnRequestValidator.java
@@ -0,0 +1,137 @@
+/*
+ * Copyright 2011 by Graz University of Technology, Austria
+ * The Austrian STORK Modules have been developed by the E-Government
+ * Innovation Center EGIZ, a joint initiative of the Federal Chancellery
+ * Austria and Graz University of Technology.
+ *
+ * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by
+ * the European Commission - subsequent versions of the EUPL (the "Licence");
+ * You may not use this work except in compliance with the Licence.
+ * You may obtain a copy of the Licence at:
+ * http://www.osor.eu/eupl/
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the Licence is distributed on an "AS IS" basis,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the Licence for the specific language governing permissions and
+ * limitations under the Licence.
+ *
+ * This product combines work with different licenses. See the "NOTICE" text
+ * file for details on the various modules and licenses.
+ * The "NOTICE" text file is part of the distribution. Any derivative works
+ * that you distribute must include a readable copy of the "NOTICE" text file.
+ */
+
+
+package eu.stork.vidp.messages.validation;
+
+import org.opensaml.common.SAMLVersion;
+import org.opensaml.saml2.core.AuthnRequest;
+import org.opensaml.saml2.core.validator.AuthnRequestSchemaValidator;
+import org.opensaml.xml.util.XMLHelper;
+import org.opensaml.xml.validation.ValidationException;
+
+import eu.stork.mw.messages.saml.STORKAuthnRequest;
+
+public class StorkAuthnRequestValidator extends AuthnRequestSchemaValidator {
+
+ private static final String ALLOWED_CONSENT = "urn:oasis:names:tc:SAML:2.0:consent:unspecified";
+ private static final String ALLOWED_PROTOCOL_BINDING_1 = "urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST";
+ private static final String ALLOWED_PROTOCOL_BINDING_2 = "urn:oasis:names:tc:SAML:2.0:bindings:SOAP";
+
+ private static final int MAX_SIZE = 131072;
+
+ /**
+ * Constructor
+ *
+ */
+ public StorkAuthnRequestValidator() {
+
+ super();
+ }
+
+ @Override
+ public void validate(AuthnRequest req) throws ValidationException {
+
+ if (XMLHelper.prettyPrintXML(req.getDOM()).getBytes().length > MAX_SIZE) {
+ throw new ValidationException("SAML AuthnRequest exceeds max size.");
+ }
+
+ super.validate(req);
+
+ STORKAuthnRequest request = (STORKAuthnRequest) req;
+
+ if (request.getID() == null) {
+
+ throw new ValidationException("ID is required.");
+ }
+
+ if (request.getVersion() == null) {
+
+ throw new ValidationException("Version is required.");
+ } else {
+
+ if (!request.getVersion().equals(SAMLVersion.VERSION_20)) {
+
+ throw new ValidationException("Version is invalid.");
+ }
+ }
+
+ if (request.getIssueInstant() == null) {
+
+ throw new ValidationException("IssueInstant is required.");
+ }
+
+ if (request.getConsent() != null) {
+
+ if (!request.getConsent().equals(ALLOWED_CONSENT)) {
+
+ throw new ValidationException("Consent is invalid.");
+ }
+ }
+
+ if (request.isForceAuthn() == null) {
+
+ throw new ValidationException("ForceAuthn is required.");
+ } else if (!request.isForceAuthn()) {
+
+ throw new ValidationException("ForceAuthn is invalid.");
+ }
+
+ if (request.isPassive() == null) {
+
+ throw new ValidationException("IsPassive is required.");
+ } else if (request.isPassive()) {
+
+ throw new ValidationException("IsPassive is invalid.");
+ }
+
+ if (request.getProtocolBinding() == null) {
+
+ throw new ValidationException("ProtocolBinding is required.");
+ } else {
+ if (!request.getProtocolBinding()
+ .equals(ALLOWED_PROTOCOL_BINDING_1)
+ && !request.getProtocolBinding().equals(
+ ALLOWED_PROTOCOL_BINDING_2)) {
+
+ throw new ValidationException("ProtocolBinding is invalid.");
+ }
+
+ }
+
+ if(request.getAssertionConsumerServiceURL() == null) {
+
+ throw new ValidationException("AssertionConsumerServiceURL is required.");
+ }
+
+ if(request.getProviderName() == null) {
+
+ throw new ValidationException("ProviderName is required.");
+ }
+
+
+
+ }
+
+}
diff --git a/id/server/stork-saml-engine/src/main/java/eu/stork/vidp/messages/validation/StorkAuthnStatementValidator.java b/id/server/stork-saml-engine/src/main/java/eu/stork/vidp/messages/validation/StorkAuthnStatementValidator.java
new file mode 100644
index 000000000..b25b5621f
--- /dev/null
+++ b/id/server/stork-saml-engine/src/main/java/eu/stork/vidp/messages/validation/StorkAuthnStatementValidator.java
@@ -0,0 +1,62 @@
+/*
+ * Copyright 2011 by Graz University of Technology, Austria
+ * The Austrian STORK Modules have been developed by the E-Government
+ * Innovation Center EGIZ, a joint initiative of the Federal Chancellery
+ * Austria and Graz University of Technology.
+ *
+ * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by
+ * the European Commission - subsequent versions of the EUPL (the "Licence");
+ * You may not use this work except in compliance with the Licence.
+ * You may obtain a copy of the Licence at:
+ * http://www.osor.eu/eupl/
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the Licence is distributed on an "AS IS" basis,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the Licence for the specific language governing permissions and
+ * limitations under the Licence.
+ *
+ * This product combines work with different licenses. See the "NOTICE" text
+ * file for details on the various modules and licenses.
+ * The "NOTICE" text file is part of the distribution. Any derivative works
+ * that you distribute must include a readable copy of the "NOTICE" text file.
+ */
+
+
+package eu.stork.vidp.messages.validation;
+
+import org.opensaml.saml2.core.AuthnStatement;
+import org.opensaml.saml2.core.validator.AuthnStatementSchemaValidator;
+import org.opensaml.xml.validation.ValidationException;
+
+public class StorkAuthnStatementValidator extends
+ AuthnStatementSchemaValidator {
+
+ /**
+ * Constructor
+ *
+ */
+ public StorkAuthnStatementValidator() {
+
+ super();
+ }
+
+ @Override
+ public void validate(AuthnStatement stmnt) throws ValidationException {
+
+ super.validate(stmnt);
+
+ if(stmnt.getAuthnInstant() == null) {
+
+ throw new ValidationException("AuthnInstant is required.");
+ }
+
+ if(stmnt.getSubjectLocality() == null) {
+
+ throw new ValidationException("SubjectLocality is required.");
+ }
+
+ }
+
+
+}
diff --git a/id/server/stork-saml-engine/src/main/java/eu/stork/vidp/messages/validation/StorkCitizenCountryCodeValidator.java b/id/server/stork-saml-engine/src/main/java/eu/stork/vidp/messages/validation/StorkCitizenCountryCodeValidator.java
new file mode 100644
index 000000000..15f8e2dd1
--- /dev/null
+++ b/id/server/stork-saml-engine/src/main/java/eu/stork/vidp/messages/validation/StorkCitizenCountryCodeValidator.java
@@ -0,0 +1,63 @@
+/*
+ * Copyright 2011 by Graz University of Technology, Austria
+ * The Austrian STORK Modules have been developed by the E-Government
+ * Innovation Center EGIZ, a joint initiative of the Federal Chancellery
+ * Austria and Graz University of Technology.
+ *
+ * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by
+ * the European Commission - subsequent versions of the EUPL (the "Licence");
+ * You may not use this work except in compliance with the Licence.
+ * You may obtain a copy of the Licence at:
+ * http://www.osor.eu/eupl/
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the Licence is distributed on an "AS IS" basis,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the Licence for the specific language governing permissions and
+ * limitations under the Licence.
+ *
+ * This product combines work with different licenses. See the "NOTICE" text
+ * file for details on the various modules and licenses.
+ * The "NOTICE" text file is part of the distribution. Any derivative works
+ * that you distribute must include a readable copy of the "NOTICE" text file.
+ */
+
+
+package eu.stork.vidp.messages.validation;
+
+import java.util.regex.Pattern;
+
+import org.opensaml.xml.validation.ValidationException;
+import org.opensaml.xml.validation.Validator;
+
+import eu.stork.vidp.messages.stork.CitizenCountryCode;
+
+public class StorkCitizenCountryCodeValidator implements
+ Validator<CitizenCountryCode> {
+
+ public static final String REGEX_PATTERN = "^[A-Za-z]{2}$";
+
+ public StorkCitizenCountryCodeValidator() {
+
+ }
+
+ public void validate(CitizenCountryCode ccc) throws ValidationException {
+
+ if(ccc == null) {
+
+ throw new ValidationException("CitizenCountryCode is required.");
+ }
+
+ if (ccc.getValue() == null) {
+ throw new ValidationException("CitizenCountryCode has no value");
+ }
+
+
+ if (!Pattern.matches(REGEX_PATTERN, ccc.getValue())) {
+ throw new ValidationException("CitizenCountryCode not valid: " + ccc.getValue());
+ }
+
+
+ }
+
+}
diff --git a/id/server/stork-saml-engine/src/main/java/eu/stork/vidp/messages/validation/StorkConditionsValidator.java b/id/server/stork-saml-engine/src/main/java/eu/stork/vidp/messages/validation/StorkConditionsValidator.java
new file mode 100644
index 000000000..81b7957fd
--- /dev/null
+++ b/id/server/stork-saml-engine/src/main/java/eu/stork/vidp/messages/validation/StorkConditionsValidator.java
@@ -0,0 +1,70 @@
+/*
+ * Copyright 2011 by Graz University of Technology, Austria
+ * The Austrian STORK Modules have been developed by the E-Government
+ * Innovation Center EGIZ, a joint initiative of the Federal Chancellery
+ * Austria and Graz University of Technology.
+ *
+ * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by
+ * the European Commission - subsequent versions of the EUPL (the "Licence");
+ * You may not use this work except in compliance with the Licence.
+ * You may obtain a copy of the Licence at:
+ * http://www.osor.eu/eupl/
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the Licence is distributed on an "AS IS" basis,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the Licence for the specific language governing permissions and
+ * limitations under the Licence.
+ *
+ * This product combines work with different licenses. See the "NOTICE" text
+ * file for details on the various modules and licenses.
+ * The "NOTICE" text file is part of the distribution. Any derivative works
+ * that you distribute must include a readable copy of the "NOTICE" text file.
+ */
+
+
+package eu.stork.vidp.messages.validation;
+
+import org.opensaml.saml2.core.Conditions;
+import org.opensaml.saml2.core.validator.ConditionsSpecValidator;
+import org.opensaml.xml.validation.ValidationException;
+
+public class StorkConditionsValidator extends ConditionsSpecValidator {
+
+ /**
+ * Constructor
+ *
+ */
+ public StorkConditionsValidator() {
+
+ super();
+ }
+
+ @Override
+ public void validate(Conditions conditions) throws ValidationException {
+
+ super.validate(conditions);
+
+ if(conditions.getNotBefore() == null) {
+
+ throw new ValidationException("NotBefore is required.");
+ }
+
+ if(conditions.getNotOnOrAfter() == null) {
+
+ throw new ValidationException("NotOnOrAfter is required.");
+ }
+
+ if(conditions.getAudienceRestrictions() == null || conditions.getAudienceRestrictions().size() < 1) {
+
+ throw new ValidationException("AudienceRestriction is required.");
+ }
+
+ if(conditions.getOneTimeUse() == null) {
+
+ throw new ValidationException("OneTimeUse is required.");
+ }
+
+ }
+
+}
diff --git a/id/server/stork-saml-engine/src/main/java/eu/stork/vidp/messages/validation/StorkEIDSectorShareValidator.java b/id/server/stork-saml-engine/src/main/java/eu/stork/vidp/messages/validation/StorkEIDSectorShareValidator.java
new file mode 100644
index 000000000..96555e660
--- /dev/null
+++ b/id/server/stork-saml-engine/src/main/java/eu/stork/vidp/messages/validation/StorkEIDSectorShareValidator.java
@@ -0,0 +1,51 @@
+/*
+ * Copyright 2011 by Graz University of Technology, Austria
+ * The Austrian STORK Modules have been developed by the E-Government
+ * Innovation Center EGIZ, a joint initiative of the Federal Chancellery
+ * Austria and Graz University of Technology.
+ *
+ * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by
+ * the European Commission - subsequent versions of the EUPL (the "Licence");
+ * You may not use this work except in compliance with the Licence.
+ * You may obtain a copy of the Licence at:
+ * http://www.osor.eu/eupl/
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the Licence is distributed on an "AS IS" basis,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the Licence for the specific language governing permissions and
+ * limitations under the Licence.
+ *
+ * This product combines work with different licenses. See the "NOTICE" text
+ * file for details on the various modules and licenses.
+ * The "NOTICE" text file is part of the distribution. Any derivative works
+ * that you distribute must include a readable copy of the "NOTICE" text file.
+ */
+
+
+/**
+ *
+ */
+package eu.stork.vidp.messages.validation;
+
+import org.opensaml.xml.validation.ValidationException;
+import org.opensaml.xml.validation.Validator;
+
+import eu.stork.vidp.messages.stork.EIDSectorShare;
+
+/**
+ * @author bzwattendorfer
+ *
+ */
+public class StorkEIDSectorShareValidator implements Validator<EIDSectorShare> {
+
+ public StorkEIDSectorShareValidator() {
+
+ }
+
+ public void validate(EIDSectorShare eidSectorShare) throws ValidationException {
+
+
+ }
+
+}
diff --git a/id/server/stork-saml-engine/src/main/java/eu/stork/vidp/messages/validation/StorkEncryptedAttributeValidator.java b/id/server/stork-saml-engine/src/main/java/eu/stork/vidp/messages/validation/StorkEncryptedAttributeValidator.java
new file mode 100644
index 000000000..48464b6ec
--- /dev/null
+++ b/id/server/stork-saml-engine/src/main/java/eu/stork/vidp/messages/validation/StorkEncryptedAttributeValidator.java
@@ -0,0 +1,50 @@
+/*
+ * Copyright 2011 by Graz University of Technology, Austria
+ * The Austrian STORK Modules have been developed by the E-Government
+ * Innovation Center EGIZ, a joint initiative of the Federal Chancellery
+ * Austria and Graz University of Technology.
+ *
+ * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by
+ * the European Commission - subsequent versions of the EUPL (the "Licence");
+ * You may not use this work except in compliance with the Licence.
+ * You may obtain a copy of the Licence at:
+ * http://www.osor.eu/eupl/
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the Licence is distributed on an "AS IS" basis,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the Licence for the specific language governing permissions and
+ * limitations under the Licence.
+ *
+ * This product combines work with different licenses. See the "NOTICE" text
+ * file for details on the various modules and licenses.
+ * The "NOTICE" text file is part of the distribution. Any derivative works
+ * that you distribute must include a readable copy of the "NOTICE" text file.
+ */
+
+
+package eu.stork.vidp.messages.validation;
+
+import org.opensaml.saml2.core.EncryptedAttribute;
+import org.opensaml.xml.validation.ValidationException;
+import org.opensaml.xml.validation.Validator;
+
+public class StorkEncryptedAttributeValidator implements
+ Validator<EncryptedAttribute> {
+
+ public StorkEncryptedAttributeValidator() {
+
+ }
+
+ public void validate(EncryptedAttribute encAttr) throws ValidationException {
+
+ if(encAttr.getEncryptedData() == null) {
+
+ throw new ValidationException("EncryptedData is required.");
+ }
+
+
+ }
+
+
+}
diff --git a/id/server/stork-saml-engine/src/main/java/eu/stork/vidp/messages/validation/StorkEncryptedIdValidator.java b/id/server/stork-saml-engine/src/main/java/eu/stork/vidp/messages/validation/StorkEncryptedIdValidator.java
new file mode 100644
index 000000000..79450b1dc
--- /dev/null
+++ b/id/server/stork-saml-engine/src/main/java/eu/stork/vidp/messages/validation/StorkEncryptedIdValidator.java
@@ -0,0 +1,51 @@
+/*
+ * Copyright 2011 by Graz University of Technology, Austria
+ * The Austrian STORK Modules have been developed by the E-Government
+ * Innovation Center EGIZ, a joint initiative of the Federal Chancellery
+ * Austria and Graz University of Technology.
+ *
+ * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by
+ * the European Commission - subsequent versions of the EUPL (the "Licence");
+ * You may not use this work except in compliance with the Licence.
+ * You may obtain a copy of the Licence at:
+ * http://www.osor.eu/eupl/
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the Licence is distributed on an "AS IS" basis,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the Licence for the specific language governing permissions and
+ * limitations under the Licence.
+ *
+ * This product combines work with different licenses. See the "NOTICE" text
+ * file for details on the various modules and licenses.
+ * The "NOTICE" text file is part of the distribution. Any derivative works
+ * that you distribute must include a readable copy of the "NOTICE" text file.
+ */
+
+
+package eu.stork.vidp.messages.validation;
+
+import org.opensaml.saml2.core.EncryptedID;
+import org.opensaml.xml.validation.ValidationException;
+import org.opensaml.xml.validation.Validator;
+
+public class StorkEncryptedIdValidator implements Validator<EncryptedID> {
+
+ /**
+ * Constructor
+ *
+ */
+ public StorkEncryptedIdValidator() {
+
+ }
+
+ public void validate(EncryptedID encId) throws ValidationException {
+
+ if(encId.getEncryptedData() == null) {
+
+ throw new ValidationException("EncryptedData is required.");
+ }
+
+ }
+
+}
diff --git a/id/server/stork-saml-engine/src/main/java/eu/stork/vidp/messages/validation/StorkExtensionsValidator.java b/id/server/stork-saml-engine/src/main/java/eu/stork/vidp/messages/validation/StorkExtensionsValidator.java
new file mode 100644
index 000000000..21b247071
--- /dev/null
+++ b/id/server/stork-saml-engine/src/main/java/eu/stork/vidp/messages/validation/StorkExtensionsValidator.java
@@ -0,0 +1,66 @@
+/*
+ * Copyright 2011 by Graz University of Technology, Austria
+ * The Austrian STORK Modules have been developed by the E-Government
+ * Innovation Center EGIZ, a joint initiative of the Federal Chancellery
+ * Austria and Graz University of Technology.
+ *
+ * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by
+ * the European Commission - subsequent versions of the EUPL (the "Licence");
+ * You may not use this work except in compliance with the Licence.
+ * You may obtain a copy of the Licence at:
+ * http://www.osor.eu/eupl/
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the Licence is distributed on an "AS IS" basis,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the Licence for the specific language governing permissions and
+ * limitations under the Licence.
+ *
+ * This product combines work with different licenses. See the "NOTICE" text
+ * file for details on the various modules and licenses.
+ * The "NOTICE" text file is part of the distribution. Any derivative works
+ * that you distribute must include a readable copy of the "NOTICE" text file.
+ */
+
+
+package eu.stork.vidp.messages.validation;
+
+import java.util.List;
+
+import org.opensaml.xml.XMLObject;
+import org.opensaml.xml.validation.ValidationException;
+import org.opensaml.xml.validation.Validator;
+
+import eu.stork.vidp.messages.saml.STORKExtensions;
+import eu.stork.vidp.messages.stork.AuthenticationAttributes;
+import eu.stork.vidp.messages.stork.QualityAuthenticationAssuranceLevel;
+
+public class StorkExtensionsValidator implements Validator<STORKExtensions> {
+
+
+ public StorkExtensionsValidator() {
+
+ }
+
+ public void validate(STORKExtensions ext) throws ValidationException {
+
+ // check QAALevel
+ List<XMLObject> qaaList = ext.getUnknownXMLObjects(QualityAuthenticationAssuranceLevel.DEFAULT_ELEMENT_NAME);
+
+ if(qaaList == null || qaaList.size() != 1) {
+
+ throw new ValidationException("QAALevel is required.");
+ }
+
+ //check AuthenticationAttributes for VIDPs
+// AuthenticationAttributes authenticationAttributes = ext.getAuthenticationAttributes();
+//
+// if(authenticationAttributes == null) {
+//
+// throw new ValidationException("AuthenticationAttributes is required for sending requests to VIDPs.");
+// }
+
+
+ }
+
+}
diff --git a/id/server/stork-saml-engine/src/main/java/eu/stork/vidp/messages/validation/StorkIssuerValidator.java b/id/server/stork-saml-engine/src/main/java/eu/stork/vidp/messages/validation/StorkIssuerValidator.java
new file mode 100644
index 000000000..df32ee6ad
--- /dev/null
+++ b/id/server/stork-saml-engine/src/main/java/eu/stork/vidp/messages/validation/StorkIssuerValidator.java
@@ -0,0 +1,61 @@
+/*
+ * Copyright 2011 by Graz University of Technology, Austria
+ * The Austrian STORK Modules have been developed by the E-Government
+ * Innovation Center EGIZ, a joint initiative of the Federal Chancellery
+ * Austria and Graz University of Technology.
+ *
+ * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by
+ * the European Commission - subsequent versions of the EUPL (the "Licence");
+ * You may not use this work except in compliance with the Licence.
+ * You may obtain a copy of the Licence at:
+ * http://www.osor.eu/eupl/
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the Licence is distributed on an "AS IS" basis,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the Licence for the specific language governing permissions and
+ * limitations under the Licence.
+ *
+ * This product combines work with different licenses. See the "NOTICE" text
+ * file for details on the various modules and licenses.
+ * The "NOTICE" text file is part of the distribution. Any derivative works
+ * that you distribute must include a readable copy of the "NOTICE" text file.
+ */
+
+
+package eu.stork.vidp.messages.validation;
+
+import org.opensaml.saml2.core.Issuer;
+import org.opensaml.saml2.core.validator.IssuerSchemaValidator;
+import org.opensaml.xml.validation.ValidationException;
+
+public class StorkIssuerValidator extends IssuerSchemaValidator {
+
+ private static final String FORMAT_ALLOWED_VALUE = "urn:oasis:names:tc:SAML:2.0:nameid-format:entity";
+
+ /**
+ * Constructor
+ *
+ */
+ public StorkIssuerValidator() {
+
+ super();
+ }
+
+ @Override
+ public void validate(Issuer issuer) throws ValidationException {
+
+ super.validate(issuer);
+
+ // format is optional
+ if(issuer.getFormat() != null) {
+
+ if(!issuer.getFormat().equals(FORMAT_ALLOWED_VALUE)) {
+
+ throw new ValidationException("Format has an invalid value.");
+ }
+ }
+
+ }
+
+}
diff --git a/id/server/stork-saml-engine/src/main/java/eu/stork/vidp/messages/validation/StorkNameIDValidator.java b/id/server/stork-saml-engine/src/main/java/eu/stork/vidp/messages/validation/StorkNameIDValidator.java
new file mode 100644
index 000000000..85fbeff17
--- /dev/null
+++ b/id/server/stork-saml-engine/src/main/java/eu/stork/vidp/messages/validation/StorkNameIDValidator.java
@@ -0,0 +1,67 @@
+/*
+ * Copyright 2011 by Graz University of Technology, Austria
+ * The Austrian STORK Modules have been developed by the E-Government
+ * Innovation Center EGIZ, a joint initiative of the Federal Chancellery
+ * Austria and Graz University of Technology.
+ *
+ * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by
+ * the European Commission - subsequent versions of the EUPL (the "Licence");
+ * You may not use this work except in compliance with the Licence.
+ * You may obtain a copy of the Licence at:
+ * http://www.osor.eu/eupl/
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the Licence is distributed on an "AS IS" basis,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the Licence for the specific language governing permissions and
+ * limitations under the Licence.
+ *
+ * This product combines work with different licenses. See the "NOTICE" text
+ * file for details on the various modules and licenses.
+ * The "NOTICE" text file is part of the distribution. Any derivative works
+ * that you distribute must include a readable copy of the "NOTICE" text file.
+ */
+
+
+package eu.stork.vidp.messages.validation;
+
+import org.opensaml.saml2.core.NameID;
+import org.opensaml.saml2.core.validator.NameIDSchemaValidator;
+import org.opensaml.xml.validation.ValidationException;
+
+public class StorkNameIDValidator extends NameIDSchemaValidator {
+
+ private static final String FORMAT_ALLOWED_VALUE = "urn:oasis:names:tc:SAML:1.1:nameid-format:unspecified";
+ private static final String FORMAT_ALLOWED_VALUE_OLD = "urn:oasis:names:tc:SAML:2.0:nameid-format:unspecified";
+
+ /**
+ * Constructor
+ *
+ */
+ public StorkNameIDValidator() {
+
+ super();
+ }
+
+ @Override
+ public void validate(NameID nameID) throws ValidationException {
+
+ super.validate(nameID);
+
+ if (nameID.getNameQualifier() == null) {
+
+ throw new ValidationException("NameQualifier is required.");
+ }
+
+ if (nameID.getFormat() == null) {
+
+ throw new ValidationException("Format is required.");
+
+ } else if(!(nameID.getFormat().equals(FORMAT_ALLOWED_VALUE) || nameID.getFormat().equals(FORMAT_ALLOWED_VALUE_OLD))) {
+
+ throw new ValidationException("Format is invalid.");
+ }
+
+ }
+
+}
diff --git a/id/server/stork-saml-engine/src/main/java/eu/stork/vidp/messages/validation/StorkNameIdPolicyValidator.java b/id/server/stork-saml-engine/src/main/java/eu/stork/vidp/messages/validation/StorkNameIdPolicyValidator.java
new file mode 100644
index 000000000..7d98b5e60
--- /dev/null
+++ b/id/server/stork-saml-engine/src/main/java/eu/stork/vidp/messages/validation/StorkNameIdPolicyValidator.java
@@ -0,0 +1,52 @@
+/*
+ * Copyright 2011 by Graz University of Technology, Austria
+ * The Austrian STORK Modules have been developed by the E-Government
+ * Innovation Center EGIZ, a joint initiative of the Federal Chancellery
+ * Austria and Graz University of Technology.
+ *
+ * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by
+ * the European Commission - subsequent versions of the EUPL (the "Licence");
+ * You may not use this work except in compliance with the Licence.
+ * You may obtain a copy of the Licence at:
+ * http://www.osor.eu/eupl/
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the Licence is distributed on an "AS IS" basis,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the Licence for the specific language governing permissions and
+ * limitations under the Licence.
+ *
+ * This product combines work with different licenses. See the "NOTICE" text
+ * file for details on the various modules and licenses.
+ * The "NOTICE" text file is part of the distribution. Any derivative works
+ * that you distribute must include a readable copy of the "NOTICE" text file.
+ */
+
+
+package eu.stork.vidp.messages.validation;
+
+import org.opensaml.saml2.core.NameIDPolicy;
+import org.opensaml.xml.validation.ValidationException;
+import org.opensaml.xml.validation.Validator;
+
+public class StorkNameIdPolicyValidator implements Validator<NameIDPolicy> {
+
+ public StorkNameIdPolicyValidator() {
+
+ }
+
+ public void validate(NameIDPolicy nameIDPolicy) throws ValidationException {
+
+
+ if(nameIDPolicy.getAllowCreate() != null) {
+
+ if(!nameIDPolicy.getAllowCreate()) {
+
+ throw new ValidationException("AllowCreate is invalid.");
+ }
+ }
+
+ }
+
+
+}
diff --git a/id/server/stork-saml-engine/src/main/java/eu/stork/vidp/messages/validation/StorkQualityAuthenticationAssuranceLevelValidator.java b/id/server/stork-saml-engine/src/main/java/eu/stork/vidp/messages/validation/StorkQualityAuthenticationAssuranceLevelValidator.java
new file mode 100644
index 000000000..5c23fe04b
--- /dev/null
+++ b/id/server/stork-saml-engine/src/main/java/eu/stork/vidp/messages/validation/StorkQualityAuthenticationAssuranceLevelValidator.java
@@ -0,0 +1,54 @@
+/*
+ * Copyright 2011 by Graz University of Technology, Austria
+ * The Austrian STORK Modules have been developed by the E-Government
+ * Innovation Center EGIZ, a joint initiative of the Federal Chancellery
+ * Austria and Graz University of Technology.
+ *
+ * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by
+ * the European Commission - subsequent versions of the EUPL (the "Licence");
+ * You may not use this work except in compliance with the Licence.
+ * You may obtain a copy of the Licence at:
+ * http://www.osor.eu/eupl/
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the Licence is distributed on an "AS IS" basis,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the Licence for the specific language governing permissions and
+ * limitations under the Licence.
+ *
+ * This product combines work with different licenses. See the "NOTICE" text
+ * file for details on the various modules and licenses.
+ * The "NOTICE" text file is part of the distribution. Any derivative works
+ * that you distribute must include a readable copy of the "NOTICE" text file.
+ */
+
+
+package eu.stork.vidp.messages.validation;
+
+import org.opensaml.xml.validation.ValidationException;
+import org.opensaml.xml.validation.Validator;
+
+import eu.stork.vidp.messages.stork.QualityAuthenticationAssuranceLevel;
+
+public class StorkQualityAuthenticationAssuranceLevelValidator implements
+ Validator<QualityAuthenticationAssuranceLevel> {
+
+
+ private static final int MIN_VAL = 1;
+ private static final int MAX_VAL = 4;
+
+ public StorkQualityAuthenticationAssuranceLevelValidator() {
+
+ }
+
+ public void validate(QualityAuthenticationAssuranceLevel qaaLevel)
+ throws ValidationException {
+
+ if(qaaLevel.getValue() < MIN_VAL || qaaLevel.getValue() > MAX_VAL) {
+
+ throw new ValidationException("QAALevel is invalid.");
+ }
+
+ }
+
+}
diff --git a/id/server/stork-saml-engine/src/main/java/eu/stork/vidp/messages/validation/StorkRequestedAttributeValidator.java b/id/server/stork-saml-engine/src/main/java/eu/stork/vidp/messages/validation/StorkRequestedAttributeValidator.java
new file mode 100644
index 000000000..b9b26a38a
--- /dev/null
+++ b/id/server/stork-saml-engine/src/main/java/eu/stork/vidp/messages/validation/StorkRequestedAttributeValidator.java
@@ -0,0 +1,92 @@
+/*
+ * Copyright 2011 by Graz University of Technology, Austria
+ * The Austrian STORK Modules have been developed by the E-Government
+ * Innovation Center EGIZ, a joint initiative of the Federal Chancellery
+ * Austria and Graz University of Technology.
+ *
+ * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by
+ * the European Commission - subsequent versions of the EUPL (the "Licence");
+ * You may not use this work except in compliance with the Licence.
+ * You may obtain a copy of the Licence at:
+ * http://www.osor.eu/eupl/
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the Licence is distributed on an "AS IS" basis,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the Licence for the specific language governing permissions and
+ * limitations under the Licence.
+ *
+ * This product combines work with different licenses. See the "NOTICE" text
+ * file for details on the various modules and licenses.
+ * The "NOTICE" text file is part of the distribution. Any derivative works
+ * that you distribute must include a readable copy of the "NOTICE" text file.
+ */
+
+
+package eu.stork.vidp.messages.validation;
+
+import java.util.regex.Pattern;
+
+import org.opensaml.saml2.metadata.RequestedAttribute;
+import org.opensaml.saml2.metadata.validator.RequestedAttributeSchemaValidator;
+import org.opensaml.xml.XMLObject;
+import org.opensaml.xml.schema.XSAny;
+import org.opensaml.xml.schema.XSString;
+import org.opensaml.xml.validation.ValidationException;
+
+import eu.stork.vidp.messages.common.STORKConstants;
+
+public class StorkRequestedAttributeValidator extends
+ RequestedAttributeSchemaValidator {
+
+ private static final String PATTERN_ISAGEOVER = "^[0-9]{1,3}$";
+
+ public StorkRequestedAttributeValidator() {
+
+ super();
+ }
+
+ @Override
+ public void validate(RequestedAttribute attr) throws ValidationException {
+
+ super.validate(attr);
+
+ if (attr.getName() == null) {
+
+ throw new ValidationException("Name is required.");
+ }
+
+ if (attr.getNameFormat() == null) {
+
+ throw new ValidationException("NameFormat is required.");
+ }
+
+ if (!STORKConstants.FULL_STORK_ATTRIBUTE_SET.contains(attr.getName()) && attr.isRequired()) {
+ throw new ValidationException("Unknown attribute " + attr.getName() + " requested mandatory.");
+ }
+
+ if (attr.getName().equals(STORKConstants.STORK_ATTRIBUTE_ISAGEOVER)) {
+ if (attr.getAttributeValues().isEmpty()) {
+ throw new ValidationException("isAgeOver requires attribute value");
+ }
+
+ XMLObject attrValueObject = attr.getAttributeValues().get(0);
+
+ if (attrValueObject instanceof XSString) {
+ if (!Pattern.matches(PATTERN_ISAGEOVER, ((XSString) attr.getAttributeValues().get(0)).getValue())) {
+ throw new ValidationException("Value for isAgeOver has incorrect format.");
+ }
+ } else if (attrValueObject instanceof XSAny) {
+ if (!Pattern.matches(PATTERN_ISAGEOVER, ((XSAny) attrValueObject).getTextContent())) {
+ throw new ValidationException("Value for isAgeOver has incorrect format.");
+ }
+
+ } else {
+ throw new ValidationException("Value for isAgeOver has incorrect format.");
+ }
+
+ }
+
+ }
+
+}
diff --git a/id/server/stork-saml-engine/src/main/java/eu/stork/vidp/messages/validation/StorkRequestedAttributesValidator.java b/id/server/stork-saml-engine/src/main/java/eu/stork/vidp/messages/validation/StorkRequestedAttributesValidator.java
new file mode 100644
index 000000000..0324079f3
--- /dev/null
+++ b/id/server/stork-saml-engine/src/main/java/eu/stork/vidp/messages/validation/StorkRequestedAttributesValidator.java
@@ -0,0 +1,45 @@
+/*
+ * Copyright 2011 by Graz University of Technology, Austria
+ * The Austrian STORK Modules have been developed by the E-Government
+ * Innovation Center EGIZ, a joint initiative of the Federal Chancellery
+ * Austria and Graz University of Technology.
+ *
+ * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by
+ * the European Commission - subsequent versions of the EUPL (the "Licence");
+ * You may not use this work except in compliance with the Licence.
+ * You may obtain a copy of the Licence at:
+ * http://www.osor.eu/eupl/
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the Licence is distributed on an "AS IS" basis,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the Licence for the specific language governing permissions and
+ * limitations under the Licence.
+ *
+ * This product combines work with different licenses. See the "NOTICE" text
+ * file for details on the various modules and licenses.
+ * The "NOTICE" text file is part of the distribution. Any derivative works
+ * that you distribute must include a readable copy of the "NOTICE" text file.
+ */
+
+
+package eu.stork.vidp.messages.validation;
+
+import org.opensaml.xml.validation.ValidationException;
+import org.opensaml.xml.validation.Validator;
+
+import eu.stork.vidp.messages.stork.RequestedAttributes;
+
+public class StorkRequestedAttributesValidator implements
+ Validator<RequestedAttributes> {
+
+ public StorkRequestedAttributesValidator() {
+
+ }
+
+ public void validate(RequestedAttributes attrs) throws ValidationException {
+
+ // empty so far
+ }
+
+}
diff --git a/id/server/stork-saml-engine/src/main/java/eu/stork/vidp/messages/validation/StorkResponseValidator.java b/id/server/stork-saml-engine/src/main/java/eu/stork/vidp/messages/validation/StorkResponseValidator.java
new file mode 100644
index 000000000..8028173fa
--- /dev/null
+++ b/id/server/stork-saml-engine/src/main/java/eu/stork/vidp/messages/validation/StorkResponseValidator.java
@@ -0,0 +1,137 @@
+/*
+ * Copyright 2011 by Graz University of Technology, Austria
+ * The Austrian STORK Modules have been developed by the E-Government
+ * Innovation Center EGIZ, a joint initiative of the Federal Chancellery
+ * Austria and Graz University of Technology.
+ *
+ * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by
+ * the European Commission - subsequent versions of the EUPL (the "Licence");
+ * You may not use this work except in compliance with the Licence.
+ * You may obtain a copy of the Licence at:
+ * http://www.osor.eu/eupl/
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the Licence is distributed on an "AS IS" basis,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the Licence for the specific language governing permissions and
+ * limitations under the Licence.
+ *
+ * This product combines work with different licenses. See the "NOTICE" text
+ * file for details on the various modules and licenses.
+ * The "NOTICE" text file is part of the distribution. Any derivative works
+ * that you distribute must include a readable copy of the "NOTICE" text file.
+ */
+
+
+package eu.stork.vidp.messages.validation;
+
+import org.opensaml.common.SAMLVersion;
+import org.opensaml.saml1.core.StatusCode;
+import org.opensaml.saml2.core.Response;
+import org.opensaml.saml2.core.validator.ResponseSchemaValidator;
+import org.opensaml.xml.util.XMLHelper;
+import org.opensaml.xml.validation.ValidationException;
+
+import eu.stork.mw.messages.saml.STORKResponse;
+
+public class StorkResponseValidator extends ResponseSchemaValidator {
+
+ private static final String CONSENT_ALLOWED_VALUE_1 = "urn:oasis:names:tc:SAML:2.0:consent:obtained";
+ private static final String CONSENT_ALLOWED_VALUE_2 = "urn:oasis:names:tc:SAML:2.0:consent:prior";
+ private static final String CONSENT_ALLOWED_VALUE_3 = "urn:oasis:names:tc:SAML:2.0:consent:curent-implicit";
+ private static final String CONSENT_ALLOWED_VALUE_4 = "urn:oasis:names:tc:SAML:2.0:consent:curent-explicit";
+ private static final String CONSENT_ALLOWED_VALUE_5 = "urn:oasis:names:tc:SAML:2.0:consent:unspecified";
+
+ private static final int MAX_SIZE = 131072;
+
+ /**
+ * Constructor
+ *
+ */
+ public StorkResponseValidator() {
+
+ super();
+ }
+
+ /** {@inheritDoc} */
+ public void validate(Response response) throws ValidationException {
+
+ if (XMLHelper.prettyPrintXML(response.getDOM()).getBytes().length > MAX_SIZE) {
+ throw new ValidationException("SAML Response exceeds max size.");
+ }
+
+ super.validate(response);
+
+ STORKResponse resp = (STORKResponse) response;
+
+ if (resp.getID() == null) {
+
+ throw new ValidationException("ID is required");
+ }
+
+ if (resp.getInResponseTo() == null) {
+
+ throw new ValidationException("InResponseTo is required");
+ }
+
+ if (resp.getVersion() == null) {
+
+ throw new ValidationException("Version is required.");
+ } else if(!resp.getVersion().equals(SAMLVersion.VERSION_20)) {
+
+ throw new ValidationException("Version is invalid.");
+ }
+
+ if (resp.getIssueInstant() == null) {
+
+ throw new ValidationException("IssueInstant is required");
+ }
+
+ if (resp.getDestination() == null) {
+
+ throw new ValidationException("Destination is required");
+ }
+
+ // Consent is optional
+ if (resp.getConsent() != null) {
+
+ String consent = resp.getConsent();
+
+ if (!consent.equals(CONSENT_ALLOWED_VALUE_1)
+ && !consent.equals(CONSENT_ALLOWED_VALUE_2)
+ && !consent.equals(CONSENT_ALLOWED_VALUE_3)
+ && !consent.equals(CONSENT_ALLOWED_VALUE_4)
+ && !consent.equals(CONSENT_ALLOWED_VALUE_5)) {
+
+ throw new ValidationException("Consent is invalid.");
+ }
+ }
+
+
+ if (resp.getIssuer() == null) {
+
+ throw new ValidationException("Issuer is required.");
+ }
+
+ if (resp.getStatus() == null) {
+
+ throw new ValidationException("Status is required.");
+ }
+
+
+ if(resp.getSignature() == null) {
+
+ throw new ValidationException("Signature is required.");
+ }
+
+
+ if (resp.getStatus().getStatusCode().getValue().equals(StatusCode.SUCCESS)) {
+ if (resp.getAssertions() == null || resp.getAssertions().size() == 0) {
+
+ throw new ValidationException("Assertion is required");
+ }
+ }
+
+ }
+
+}
diff --git a/id/server/stork-saml-engine/src/main/java/eu/stork/vidp/messages/validation/StorkSPIDValidator.java b/id/server/stork-saml-engine/src/main/java/eu/stork/vidp/messages/validation/StorkSPIDValidator.java
new file mode 100644
index 000000000..a42d7a453
--- /dev/null
+++ b/id/server/stork-saml-engine/src/main/java/eu/stork/vidp/messages/validation/StorkSPIDValidator.java
@@ -0,0 +1,64 @@
+/*
+ * Copyright 2011 by Graz University of Technology, Austria
+ * The Austrian STORK Modules have been developed by the E-Government
+ * Innovation Center EGIZ, a joint initiative of the Federal Chancellery
+ * Austria and Graz University of Technology.
+ *
+ * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by
+ * the European Commission - subsequent versions of the EUPL (the "Licence");
+ * You may not use this work except in compliance with the Licence.
+ * You may obtain a copy of the Licence at:
+ * http://www.osor.eu/eupl/
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the Licence is distributed on an "AS IS" basis,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the Licence for the specific language governing permissions and
+ * limitations under the Licence.
+ *
+ * This product combines work with different licenses. See the "NOTICE" text
+ * file for details on the various modules and licenses.
+ * The "NOTICE" text file is part of the distribution. Any derivative works
+ * that you distribute must include a readable copy of the "NOTICE" text file.
+ */
+
+
+package eu.stork.vidp.messages.validation;
+
+import org.opensaml.xml.validation.ValidationException;
+import org.opensaml.xml.validation.Validator;
+
+import eu.stork.vidp.messages.stork.SPID;
+
+public class StorkSPIDValidator implements Validator<SPID> {
+
+ public static final int MIN_SIZE = 1;
+ public static final int MAX_SIZE = 40;
+
+ public StorkSPIDValidator() {
+
+ }
+
+ public void validate(SPID spid) throws ValidationException {
+
+
+ if(spid == null) {
+
+ throw new ValidationException("SPID value is required.");
+ }
+
+ if(spid != null) {
+
+ if (spid.getValue() == null) {
+ throw new ValidationException("SPID has no value");
+ }
+
+ if (spid.getValue().length() <= MIN_SIZE || spid.getValue().length() > MAX_SIZE) {
+ throw new ValidationException("SPID has wrong size: " + spid.getValue().length());
+ }
+ }
+
+
+ }
+
+}
diff --git a/id/server/stork-saml-engine/src/main/java/eu/stork/vidp/messages/validation/StorkSPInformationValidator.java b/id/server/stork-saml-engine/src/main/java/eu/stork/vidp/messages/validation/StorkSPInformationValidator.java
new file mode 100644
index 000000000..9c54fd620
--- /dev/null
+++ b/id/server/stork-saml-engine/src/main/java/eu/stork/vidp/messages/validation/StorkSPInformationValidator.java
@@ -0,0 +1,49 @@
+/*
+ * Copyright 2011 by Graz University of Technology, Austria
+ * The Austrian STORK Modules have been developed by the E-Government
+ * Innovation Center EGIZ, a joint initiative of the Federal Chancellery
+ * Austria and Graz University of Technology.
+ *
+ * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by
+ * the European Commission - subsequent versions of the EUPL (the "Licence");
+ * You may not use this work except in compliance with the Licence.
+ * You may obtain a copy of the Licence at:
+ * http://www.osor.eu/eupl/
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the Licence is distributed on an "AS IS" basis,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the Licence for the specific language governing permissions and
+ * limitations under the Licence.
+ *
+ * This product combines work with different licenses. See the "NOTICE" text
+ * file for details on the various modules and licenses.
+ * The "NOTICE" text file is part of the distribution. Any derivative works
+ * that you distribute must include a readable copy of the "NOTICE" text file.
+ */
+
+
+package eu.stork.vidp.messages.validation;
+
+import org.opensaml.xml.validation.ValidationException;
+import org.opensaml.xml.validation.Validator;
+
+import eu.stork.vidp.messages.stork.SPInformation;
+
+public class StorkSPInformationValidator implements Validator<SPInformation> {
+
+ public StorkSPInformationValidator() {
+
+ }
+
+ public void validate(SPInformation spi) throws ValidationException {
+
+ if(spi.getSPID() == null) {
+
+ throw new ValidationException("SPID is required.");
+ }
+ }
+
+
+
+}
diff --git a/id/server/stork-saml-engine/src/main/java/eu/stork/vidp/messages/validation/StorkSpApplicationValidator.java b/id/server/stork-saml-engine/src/main/java/eu/stork/vidp/messages/validation/StorkSpApplicationValidator.java
new file mode 100644
index 000000000..08551e03e
--- /dev/null
+++ b/id/server/stork-saml-engine/src/main/java/eu/stork/vidp/messages/validation/StorkSpApplicationValidator.java
@@ -0,0 +1,63 @@
+/*
+ * Copyright 2011 by Graz University of Technology, Austria
+ * The Austrian STORK Modules have been developed by the E-Government
+ * Innovation Center EGIZ, a joint initiative of the Federal Chancellery
+ * Austria and Graz University of Technology.
+ *
+ * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by
+ * the European Commission - subsequent versions of the EUPL (the "Licence");
+ * You may not use this work except in compliance with the Licence.
+ * You may obtain a copy of the Licence at:
+ * http://www.osor.eu/eupl/
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the Licence is distributed on an "AS IS" basis,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the Licence for the specific language governing permissions and
+ * limitations under the Licence.
+ *
+ * This product combines work with different licenses. See the "NOTICE" text
+ * file for details on the various modules and licenses.
+ * The "NOTICE" text file is part of the distribution. Any derivative works
+ * that you distribute must include a readable copy of the "NOTICE" text file.
+ */
+
+
+package eu.stork.vidp.messages.validation;
+
+import org.opensaml.xml.validation.ValidationException;
+import org.opensaml.xml.validation.Validator;
+
+import eu.stork.vidp.messages.stork.SpApplication;
+
+public class StorkSpApplicationValidator implements
+ Validator<SpApplication> {
+
+ public static final int MIN_SIZE = 1;
+ public static final int MAX_SIZE = 100;
+ //public static final String REGEX_PATTERN = "^[a-zA-Z0-9]{1,30}$";
+
+ public StorkSpApplicationValidator() {
+
+ }
+
+ public void validate(SpApplication spApplication) throws ValidationException {
+
+ if(spApplication != null) {
+
+ if (spApplication.getValue() == null) {
+ throw new ValidationException("spApplication has no value");
+ }
+
+// if (!Pattern.matches(REGEX_PATTERN, spApplication.getValue())) {
+// throw new ValidationException("spApplication has wrong format: " + spApplication.getValue());
+// }
+
+ if (spApplication.getValue().length() < MIN_SIZE || spApplication.getValue().length() > MAX_SIZE) {
+ throw new ValidationException("spApplication has wrong size: " + spApplication.getValue().length());
+ }
+
+ }
+ }
+
+}
diff --git a/id/server/stork-saml-engine/src/main/java/eu/stork/vidp/messages/validation/StorkSpCountryValidator.java b/id/server/stork-saml-engine/src/main/java/eu/stork/vidp/messages/validation/StorkSpCountryValidator.java
new file mode 100644
index 000000000..e6ae0f1b7
--- /dev/null
+++ b/id/server/stork-saml-engine/src/main/java/eu/stork/vidp/messages/validation/StorkSpCountryValidator.java
@@ -0,0 +1,58 @@
+/*
+ * Copyright 2011 by Graz University of Technology, Austria
+ * The Austrian STORK Modules have been developed by the E-Government
+ * Innovation Center EGIZ, a joint initiative of the Federal Chancellery
+ * Austria and Graz University of Technology.
+ *
+ * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by
+ * the European Commission - subsequent versions of the EUPL (the "Licence");
+ * You may not use this work except in compliance with the Licence.
+ * You may obtain a copy of the Licence at:
+ * http://www.osor.eu/eupl/
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the Licence is distributed on an "AS IS" basis,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the Licence for the specific language governing permissions and
+ * limitations under the Licence.
+ *
+ * This product combines work with different licenses. See the "NOTICE" text
+ * file for details on the various modules and licenses.
+ * The "NOTICE" text file is part of the distribution. Any derivative works
+ * that you distribute must include a readable copy of the "NOTICE" text file.
+ */
+
+
+package eu.stork.vidp.messages.validation;
+
+import java.util.regex.Pattern;
+
+import org.opensaml.xml.validation.ValidationException;
+import org.opensaml.xml.validation.Validator;
+
+import eu.stork.vidp.messages.stork.SpCountry;
+
+public class StorkSpCountryValidator implements
+ Validator<SpCountry> {
+
+ public static final String REGEX_PATTERN = "^[A-Z]{2}$";
+
+ public StorkSpCountryValidator() {
+
+ }
+
+ public void validate(SpCountry spCountry) throws ValidationException {
+
+ if(spCountry != null) {
+
+ if (spCountry.getValue() == null) {
+ throw new ValidationException("spCountry has no value");
+ }
+
+ if (!Pattern.matches(REGEX_PATTERN, spCountry.getValue())) {
+ throw new ValidationException("spCountry not valid: " + spCountry.getValue());
+ }
+ }
+ }
+
+}
diff --git a/id/server/stork-saml-engine/src/main/java/eu/stork/vidp/messages/validation/StorkSpInstitutionValidator.java b/id/server/stork-saml-engine/src/main/java/eu/stork/vidp/messages/validation/StorkSpInstitutionValidator.java
new file mode 100644
index 000000000..9d50d9122
--- /dev/null
+++ b/id/server/stork-saml-engine/src/main/java/eu/stork/vidp/messages/validation/StorkSpInstitutionValidator.java
@@ -0,0 +1,62 @@
+/*
+ * Copyright 2011 by Graz University of Technology, Austria
+ * The Austrian STORK Modules have been developed by the E-Government
+ * Innovation Center EGIZ, a joint initiative of the Federal Chancellery
+ * Austria and Graz University of Technology.
+ *
+ * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by
+ * the European Commission - subsequent versions of the EUPL (the "Licence");
+ * You may not use this work except in compliance with the Licence.
+ * You may obtain a copy of the Licence at:
+ * http://www.osor.eu/eupl/
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the Licence is distributed on an "AS IS" basis,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the Licence for the specific language governing permissions and
+ * limitations under the Licence.
+ *
+ * This product combines work with different licenses. See the "NOTICE" text
+ * file for details on the various modules and licenses.
+ * The "NOTICE" text file is part of the distribution. Any derivative works
+ * that you distribute must include a readable copy of the "NOTICE" text file.
+ */
+
+
+package eu.stork.vidp.messages.validation;
+
+import org.opensaml.xml.validation.ValidationException;
+import org.opensaml.xml.validation.Validator;
+
+import eu.stork.vidp.messages.stork.SpInstitution;
+
+public class StorkSpInstitutionValidator implements
+ Validator<SpInstitution> {
+
+ public static final int MIN_SIZE = 1;
+ public static final int MAX_SIZE = 50;
+ //public static final String REGEX_PATTERN = "^[a-zA-Z0-9]{1,50}$";
+
+ public StorkSpInstitutionValidator() {
+
+ }
+
+ public void validate(SpInstitution spInstitution) throws ValidationException {
+
+ if(spInstitution != null) {
+
+ if (spInstitution.getValue() == null) {
+ throw new ValidationException("spInstitution has no value");
+ }
+
+// if (!Pattern.matches(REGEX_PATTERN, spApplication.getValue())) {
+// throw new ValidationException("spApplication has wrong format: " + spApplication.getValue());
+// }
+
+ if (spInstitution.getValue().length() < MIN_SIZE || spInstitution.getValue().length() > MAX_SIZE) {
+ throw new ValidationException("spInstitution has wrong size: " + spInstitution.getValue().length());
+ }
+ }
+ }
+
+}
diff --git a/id/server/stork-saml-engine/src/main/java/eu/stork/vidp/messages/validation/StorkSpSectorValidator.java b/id/server/stork-saml-engine/src/main/java/eu/stork/vidp/messages/validation/StorkSpSectorValidator.java
new file mode 100644
index 000000000..2cfaa7a4c
--- /dev/null
+++ b/id/server/stork-saml-engine/src/main/java/eu/stork/vidp/messages/validation/StorkSpSectorValidator.java
@@ -0,0 +1,65 @@
+/*
+ * Copyright 2011 by Graz University of Technology, Austria
+ * The Austrian STORK Modules have been developed by the E-Government
+ * Innovation Center EGIZ, a joint initiative of the Federal Chancellery
+ * Austria and Graz University of Technology.
+ *
+ * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by
+ * the European Commission - subsequent versions of the EUPL (the "Licence");
+ * You may not use this work except in compliance with the Licence.
+ * You may obtain a copy of the Licence at:
+ * http://www.osor.eu/eupl/
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the Licence is distributed on an "AS IS" basis,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the Licence for the specific language governing permissions and
+ * limitations under the Licence.
+ *
+ * This product combines work with different licenses. See the "NOTICE" text
+ * file for details on the various modules and licenses.
+ * The "NOTICE" text file is part of the distribution. Any derivative works
+ * that you distribute must include a readable copy of the "NOTICE" text file.
+ */
+
+
+package eu.stork.vidp.messages.validation;
+
+import java.util.regex.Pattern;
+
+import org.opensaml.xml.validation.ValidationException;
+import org.opensaml.xml.validation.Validator;
+
+import eu.stork.vidp.messages.stork.SpSector;
+
+public class StorkSpSectorValidator implements
+ Validator<SpSector> {
+
+ public static final int MIN_SIZE = 1;
+ public static final int MAX_SIZE = 20;
+ //public static final String REGEX_PATTERN = "^[a-zA-Z0-9]{1,30}$";
+
+ public StorkSpSectorValidator() {
+
+ }
+
+ public void validate(SpSector spSector) throws ValidationException {
+
+ if(spSector != null) {
+
+ if (spSector.getValue() == null) {
+ throw new ValidationException("spSector has no value");
+ }
+
+// if (!Pattern.matches(REGEX_PATTERN, spSector.getValue())) {
+// throw new ValidationException("spSector has wrong format: " + spSector.getValue());
+// }
+
+ if (spSector.getValue().length() < MIN_SIZE || spSector.getValue().length() > MAX_SIZE) {
+ throw new ValidationException("spApplication has wrong size: " + spSector.getValue().length());
+ }
+
+ }
+ }
+
+}
diff --git a/id/server/stork-saml-engine/src/main/java/eu/stork/vidp/messages/validation/StorkStatusCodeValidator.java b/id/server/stork-saml-engine/src/main/java/eu/stork/vidp/messages/validation/StorkStatusCodeValidator.java
new file mode 100644
index 000000000..3ee214c46
--- /dev/null
+++ b/id/server/stork-saml-engine/src/main/java/eu/stork/vidp/messages/validation/StorkStatusCodeValidator.java
@@ -0,0 +1,139 @@
+/*
+ * Copyright 2011 by Graz University of Technology, Austria
+ * The Austrian STORK Modules have been developed by the E-Government
+ * Innovation Center EGIZ, a joint initiative of the Federal Chancellery
+ * Austria and Graz University of Technology.
+ *
+ * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by
+ * the European Commission - subsequent versions of the EUPL (the "Licence");
+ * You may not use this work except in compliance with the Licence.
+ * You may obtain a copy of the Licence at:
+ * http://www.osor.eu/eupl/
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the Licence is distributed on an "AS IS" basis,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the Licence for the specific language governing permissions and
+ * limitations under the Licence.
+ *
+ * This product combines work with different licenses. See the "NOTICE" text
+ * file for details on the various modules and licenses.
+ * The "NOTICE" text file is part of the distribution. Any derivative works
+ * that you distribute must include a readable copy of the "NOTICE" text file.
+ */
+
+
+package eu.stork.vidp.messages.validation;
+
+import org.opensaml.saml2.core.Status;
+import org.opensaml.saml2.core.StatusCode;
+import org.opensaml.saml2.core.validator.StatusCodeSchemaValidator;
+import org.opensaml.xml.validation.ValidationException;
+
+public class StorkStatusCodeValidator extends StatusCodeSchemaValidator {
+
+ // supported values according to SAML v2.0 specification
+ private static String[] ALLOWED_FIRST_LEVEL_STATUS_CODE_VALUES = new String[] {
+ "urn:oasis:names:tc:SAML:2.0:status:Success",
+ "urn:oasis:names:tc:SAML:2.0:status:Requester",
+ "urn:oasis:names:tc:SAML:2.0:status:Responder",
+ "urn:oasis:names:tc:SAML:2.0:status:VersionMismatch"};
+
+ private static String[] ALLOWED_SECOND_LEVEL_STATUS_CODE_VALUES = new String[] {
+ "urn:oasis:names:tc:SAML:2.0:status:AuthnFailed",
+ "urn:oasis:names:tc:SAML:2.0:status:InvalidAttrNameOrValue",
+ "urn:oasis:names:tc:SAML:2.0:status:InvalidNameIDPolicy",
+ "urn:oasis:names:tc:SAML:2.0:status:NoAuthnContext",
+ "urn:oasis:names:tc:SAML:2.0:status:NoAvailableIDP",
+ "urn:oasis:names:tc:SAML:2.0:status:NoPassive",
+ "urn:oasis:names:tc:SAML:2.0:status:NoSupportedIDP",
+ "urn:oasis:names:tc:SAML:2.0:status:PartialLogout",
+ "urn:oasis:names:tc:SAML:2.0:status:ProxyCountExceeded",
+ "urn:oasis:names:tc:SAML:2.0:status:RequestDenied",
+ "urn:oasis:names:tc:SAML:2.0:status:RequestUnsupported",
+ "urn:oasis:names:tc:SAML:2.0:status:RequestVersionDeprecated",
+ "urn:oasis:names:tc:SAML:2.0:status:RequestVersionTooHigh",
+ "urn:oasis:names:tc:SAML:2.0:status:RequestVersionTooLow",
+ "urn:oasis:names:tc:SAML:2.0:status:ResourceNotRecognized",
+ "urn:oasis:names:tc:SAML:2.0:status:TooManyResponses",
+ "urn:oasis:names:tc:SAML:2.0:status:UnknownAttrProfile",
+ "urn:oasis:names:tc:SAML:2.0:status:UnknownPrincipal",
+ "urn:oasis:names:tc:SAML:2.0:status:UnsupportedBinding",
+ "http://www.stork.gov.eu/saml20/statusCodes/QAANotSupported"
+ };
+
+ /**
+ * Constructor
+ *
+ */
+ public StorkStatusCodeValidator() {
+
+ super();
+ }
+
+ @Override
+ public void validate(StatusCode statusCode) throws ValidationException {
+
+ super.validate(statusCode);
+
+
+ if(statusCode.getValue() == null) {
+
+ throw new ValidationException("StatusCode is required");
+ }
+
+ boolean valid = false;
+
+ if (statusCode.getParent() instanceof Status) {
+ //first level Status Codes
+
+ String value = statusCode.getValue();
+
+
+
+
+ for(String allowedVal : ALLOWED_FIRST_LEVEL_STATUS_CODE_VALUES) {
+
+ if(value.equals(allowedVal)) {
+
+ valid = true;
+ break;
+ }
+ }
+
+ if(!valid) {
+
+ throw new ValidationException("First Level StatusCode has an invalid value.");
+ }
+ } else {
+ //parent is status code
+ //second level Status Codes
+
+ if(statusCode != null) {
+
+ valid = false;
+
+ String subVal = statusCode.getValue();
+
+ for(String allowedVal : ALLOWED_SECOND_LEVEL_STATUS_CODE_VALUES) {
+
+ if(subVal.equals(allowedVal)) {
+
+ valid = true;
+ break;
+ }
+ }
+
+ if(!valid) {
+
+ throw new ValidationException("Second Level StatusCode has an invalid value.");
+ }
+
+ }
+
+ }
+ }
+
+
+
+}
diff --git a/id/server/stork-saml-engine/src/main/java/eu/stork/vidp/messages/validation/StorkStatusValidator.java b/id/server/stork-saml-engine/src/main/java/eu/stork/vidp/messages/validation/StorkStatusValidator.java
new file mode 100644
index 000000000..36d7ffab5
--- /dev/null
+++ b/id/server/stork-saml-engine/src/main/java/eu/stork/vidp/messages/validation/StorkStatusValidator.java
@@ -0,0 +1,55 @@
+/*
+ * Copyright 2011 by Graz University of Technology, Austria
+ * The Austrian STORK Modules have been developed by the E-Government
+ * Innovation Center EGIZ, a joint initiative of the Federal Chancellery
+ * Austria and Graz University of Technology.
+ *
+ * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by
+ * the European Commission - subsequent versions of the EUPL (the "Licence");
+ * You may not use this work except in compliance with the Licence.
+ * You may obtain a copy of the Licence at:
+ * http://www.osor.eu/eupl/
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the Licence is distributed on an "AS IS" basis,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the Licence for the specific language governing permissions and
+ * limitations under the Licence.
+ *
+ * This product combines work with different licenses. See the "NOTICE" text
+ * file for details on the various modules and licenses.
+ * The "NOTICE" text file is part of the distribution. Any derivative works
+ * that you distribute must include a readable copy of the "NOTICE" text file.
+ */
+
+
+package eu.stork.vidp.messages.validation;
+
+import org.opensaml.saml2.core.Status;
+import org.opensaml.saml2.core.validator.StatusSchemaValidator;
+import org.opensaml.xml.validation.ValidationException;
+
+public class StorkStatusValidator extends StatusSchemaValidator {
+
+ /**
+ * Constructor
+ *
+ */
+ public StorkStatusValidator() {
+
+ super();
+ }
+
+ @Override
+ public void validate(Status status) throws ValidationException {
+
+ super.validate(status);
+
+ if(status.getStatusCode() == null) {
+
+ throw new ValidationException("StatusCode is required.");
+ }
+
+ }
+
+}
diff --git a/id/server/stork-saml-engine/src/main/java/eu/stork/vidp/messages/validation/StorkSubjectConfirmationValidator.java b/id/server/stork-saml-engine/src/main/java/eu/stork/vidp/messages/validation/StorkSubjectConfirmationValidator.java
new file mode 100644
index 000000000..0f1fad295
--- /dev/null
+++ b/id/server/stork-saml-engine/src/main/java/eu/stork/vidp/messages/validation/StorkSubjectConfirmationValidator.java
@@ -0,0 +1,128 @@
+/*
+ * Copyright 2011 by Graz University of Technology, Austria
+ * The Austrian STORK Modules have been developed by the E-Government
+ * Innovation Center EGIZ, a joint initiative of the Federal Chancellery
+ * Austria and Graz University of Technology.
+ *
+ * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by
+ * the European Commission - subsequent versions of the EUPL (the "Licence");
+ * You may not use this work except in compliance with the Licence.
+ * You may obtain a copy of the Licence at:
+ * http://www.osor.eu/eupl/
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the Licence is distributed on an "AS IS" basis,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the Licence for the specific language governing permissions and
+ * limitations under the Licence.
+ *
+ * This product combines work with different licenses. See the "NOTICE" text
+ * file for details on the various modules and licenses.
+ * The "NOTICE" text file is part of the distribution. Any derivative works
+ * that you distribute must include a readable copy of the "NOTICE" text file.
+ */
+
+
+package eu.stork.vidp.messages.validation;
+
+import java.util.List;
+
+import javax.xml.namespace.QName;
+
+import org.opensaml.saml2.core.SubjectConfirmation;
+import org.opensaml.saml2.core.SubjectConfirmationData;
+import org.opensaml.saml2.core.validator.SubjectConfirmationSchemaValidator;
+import org.opensaml.xml.XMLObject;
+import org.opensaml.xml.signature.X509Data;
+import org.opensaml.xml.validation.ValidationException;
+
+public class StorkSubjectConfirmationValidator extends
+ SubjectConfirmationSchemaValidator {
+
+ private static final String ALLOWED_METHOD_1 = "urn:oasis:names:tc:SAML:2.0:cm:bearer";
+ private static final String ALLOWED_METHOD_2 = "oasis:names:tc:SAML:2.0:cm:holder-of-key";
+
+ /**
+ * Constructor
+ *
+ */
+ public StorkSubjectConfirmationValidator() {
+
+ super();
+ }
+
+ @Override
+ public void validate(SubjectConfirmation subjectConfirmation)
+ throws ValidationException {
+
+ super.validate(subjectConfirmation);
+
+ String method = subjectConfirmation.getMethod();
+
+ if (!(method.equals(ALLOWED_METHOD_1) || method.equals(ALLOWED_METHOD_2))) {
+ throw new ValidationException("Method is invalid.");
+ }
+
+ if (subjectConfirmation.getSubjectConfirmationData() == null) {
+ throw new ValidationException("SubjectConfirmationData required.");
+
+ }
+
+ SubjectConfirmationData confData = subjectConfirmation.getSubjectConfirmationData();
+
+
+ if (method.equals(ALLOWED_METHOD_1)) {
+ if (confData.getNotBefore() != null) {
+ throw new ValidationException("NotBefore in SubjectConfirmationData not allowed if confirmation method is \"bearer\".");
+ }
+
+ }
+
+ if (confData.getNotOnOrAfter() == null) {
+
+ throw new ValidationException("NotOnOrAfter is required.");
+ }
+
+ if (confData.getRecipient() == null) {
+
+ throw new ValidationException("Recipient is required.");
+ }
+
+ if (confData.getInResponseTo() == null) {
+
+ throw new ValidationException("InResponseTo is required.");
+ }
+
+ if(method.equals(ALLOWED_METHOD_2)) {
+
+ List<XMLObject> childrenKeyInfo = confData.getUnknownXMLObjects(new QName("KeyInfo"));
+
+ if(childrenKeyInfo.size() < 1) {
+
+ throw new ValidationException("KeyInfo is required.");
+ }
+
+ List<XMLObject> childrenKeyData = confData.getUnknownXMLObjects(new QName("X509Data"));
+
+ if(childrenKeyData.size() != 1) {
+
+ throw new ValidationException("Invalid number of X509Data elements.");
+ } else {
+
+ X509Data data = (X509Data)childrenKeyData.get(0);
+
+ if(data.getX509Certificates() == null || data.getX509Certificates().size() < 1 ) {
+
+ throw new ValidationException("X509Certificate is required.");
+ }
+
+ }
+
+ }
+
+
+
+ }
+
+
+}
diff --git a/id/server/stork-saml-engine/src/main/java/eu/stork/vidp/messages/validation/StorkSubjectLocalityValidator.java b/id/server/stork-saml-engine/src/main/java/eu/stork/vidp/messages/validation/StorkSubjectLocalityValidator.java
new file mode 100644
index 000000000..33c7b4478
--- /dev/null
+++ b/id/server/stork-saml-engine/src/main/java/eu/stork/vidp/messages/validation/StorkSubjectLocalityValidator.java
@@ -0,0 +1,47 @@
+/*
+ * Copyright 2011 by Graz University of Technology, Austria
+ * The Austrian STORK Modules have been developed by the E-Government
+ * Innovation Center EGIZ, a joint initiative of the Federal Chancellery
+ * Austria and Graz University of Technology.
+ *
+ * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by
+ * the European Commission - subsequent versions of the EUPL (the "Licence");
+ * You may not use this work except in compliance with the Licence.
+ * You may obtain a copy of the Licence at:
+ * http://www.osor.eu/eupl/
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the Licence is distributed on an "AS IS" basis,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the Licence for the specific language governing permissions and
+ * limitations under the Licence.
+ *
+ * This product combines work with different licenses. See the "NOTICE" text
+ * file for details on the various modules and licenses.
+ * The "NOTICE" text file is part of the distribution. Any derivative works
+ * that you distribute must include a readable copy of the "NOTICE" text file.
+ */
+
+
+package eu.stork.vidp.messages.validation;
+
+import org.opensaml.saml2.core.SubjectLocality;
+import org.opensaml.xml.validation.ValidationException;
+import org.opensaml.xml.validation.Validator;
+
+public class StorkSubjectLocalityValidator implements
+ Validator<SubjectLocality> {
+
+ public StorkSubjectLocalityValidator() {
+
+ }
+
+ public void validate(SubjectLocality sloc) throws ValidationException {
+
+ if (sloc.getAddress() == null) {
+
+ throw new ValidationException("Address is required.");
+ }
+ }
+
+}
diff --git a/id/server/stork-saml-engine/src/main/java/eu/stork/vidp/messages/validation/StorkSubjectValidator.java b/id/server/stork-saml-engine/src/main/java/eu/stork/vidp/messages/validation/StorkSubjectValidator.java
new file mode 100644
index 000000000..077b6294a
--- /dev/null
+++ b/id/server/stork-saml-engine/src/main/java/eu/stork/vidp/messages/validation/StorkSubjectValidator.java
@@ -0,0 +1,60 @@
+/*
+ * Copyright 2011 by Graz University of Technology, Austria
+ * The Austrian STORK Modules have been developed by the E-Government
+ * Innovation Center EGIZ, a joint initiative of the Federal Chancellery
+ * Austria and Graz University of Technology.
+ *
+ * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by
+ * the European Commission - subsequent versions of the EUPL (the "Licence");
+ * You may not use this work except in compliance with the Licence.
+ * You may obtain a copy of the Licence at:
+ * http://www.osor.eu/eupl/
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the Licence is distributed on an "AS IS" basis,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the Licence for the specific language governing permissions and
+ * limitations under the Licence.
+ *
+ * This product combines work with different licenses. See the "NOTICE" text
+ * file for details on the various modules and licenses.
+ * The "NOTICE" text file is part of the distribution. Any derivative works
+ * that you distribute must include a readable copy of the "NOTICE" text file.
+ */
+
+
+package eu.stork.vidp.messages.validation;
+
+import org.opensaml.saml2.core.Subject;
+import org.opensaml.saml2.core.validator.SubjectSchemaValidator;
+import org.opensaml.xml.validation.ValidationException;
+
+public class StorkSubjectValidator extends SubjectSchemaValidator {
+
+ /**
+ * Constructor
+ *
+ */
+ public StorkSubjectValidator() {
+
+ super();
+ }
+
+ @Override
+ public void validate(Subject subject) throws ValidationException {
+
+ super.validate(subject);
+
+ if(subject.getNameID() == null && subject.getEncryptedID() == null) {
+
+ throw new ValidationException("Neither NameID nor EncryptedID is provided.");
+ }
+
+ if(subject.getSubjectConfirmations() == null || subject.getSubjectConfirmations().size() < 1) {
+
+ throw new ValidationException("SubjectConfirmation is required.");
+ }
+
+ }
+
+}
diff --git a/id/server/stork-saml-engine/src/main/java/eu/stork/vidp/messages/validation/StorkVIDPAuthenticationAttributesValidator.java b/id/server/stork-saml-engine/src/main/java/eu/stork/vidp/messages/validation/StorkVIDPAuthenticationAttributesValidator.java
new file mode 100644
index 000000000..88ff7bed4
--- /dev/null
+++ b/id/server/stork-saml-engine/src/main/java/eu/stork/vidp/messages/validation/StorkVIDPAuthenticationAttributesValidator.java
@@ -0,0 +1,57 @@
+/*
+ * Copyright 2011 by Graz University of Technology, Austria
+ * The Austrian STORK Modules have been developed by the E-Government
+ * Innovation Center EGIZ, a joint initiative of the Federal Chancellery
+ * Austria and Graz University of Technology.
+ *
+ * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by
+ * the European Commission - subsequent versions of the EUPL (the "Licence");
+ * You may not use this work except in compliance with the Licence.
+ * You may obtain a copy of the Licence at:
+ * http://www.osor.eu/eupl/
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the Licence is distributed on an "AS IS" basis,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the Licence for the specific language governing permissions and
+ * limitations under the Licence.
+ *
+ * This product combines work with different licenses. See the "NOTICE" text
+ * file for details on the various modules and licenses.
+ * The "NOTICE" text file is part of the distribution. Any derivative works
+ * that you distribute must include a readable copy of the "NOTICE" text file.
+ */
+
+
+package eu.stork.vidp.messages.validation;
+
+import org.opensaml.xml.validation.ValidationException;
+import org.opensaml.xml.validation.Validator;
+
+import eu.stork.vidp.messages.stork.VIDPAuthenticationAttributes;
+
+public class StorkVIDPAuthenticationAttributesValidator implements
+ Validator<VIDPAuthenticationAttributes> {
+
+ public StorkVIDPAuthenticationAttributesValidator() {
+
+ }
+
+ public void validate(VIDPAuthenticationAttributes attr)
+ throws ValidationException {
+
+
+ if(attr.getCitizenCountryCode() == null) {
+
+ throw new ValidationException("CitizenCountryCode is required.");
+ }
+
+
+ if(attr.getSPInformation() == null) {
+
+ throw new ValidationException("SPInformation is required.");
+ }
+
+ }
+
+}
diff --git a/id/server/stork-saml-engine/src/main/resources/saml2-post-binding-moa.vm b/id/server/stork-saml-engine/src/main/resources/saml2-post-binding-moa.vm
new file mode 100644
index 000000000..cac0bda76
--- /dev/null
+++ b/id/server/stork-saml-engine/src/main/resources/saml2-post-binding-moa.vm
@@ -0,0 +1,38 @@
+##
+## Velocity Template for SAML 2 HTTP-POST binding
+##
+## Velocity context may contain the following properties
+## action - String - the action URL for the form
+## RelayState - String - the relay state for the message
+## SAMLRequest - String - the Base64 encoded SAML Request
+## SAMLResponse - String - the Base64 encoded SAML Response
+## Contains target attribute to delegate PEPS authentication out of iFrame
+
+<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en">
+
+ <body onload="document.forms[0].submit()">
+ <noscript>
+ <p>
+ <strong>Note:</strong> Since your browser does not support JavaScript,
+ you must press the Continue button once to proceed.
+ </p>
+ </noscript>
+
+ <form action="${action}" method="post" target="_parent">
+ <div>
+ #if($RelayState)<input type="hidden" name="RelayState" value="${RelayState}"/>#end
+
+ #if($SAMLRequest)<input type="hidden" name="SAMLRequest" value="${SAMLRequest}"/>#end
+
+ #if($SAMLResponse)<input type="hidden" name="SAMLResponse" value="${SAMLResponse}"/>#end
+
+ </div>
+ <noscript>
+ <div>
+ <input type="submit" value="Continue"/>
+ </div>
+ </noscript>
+ </form>
+
+ </body>
+</html> \ No newline at end of file
diff --git a/id/server/stork-saml-engine/src/main/resources/saml2-stork-config.xml b/id/server/stork-saml-engine/src/main/resources/saml2-stork-config.xml
new file mode 100644
index 000000000..988480f55
--- /dev/null
+++ b/id/server/stork-saml-engine/src/main/resources/saml2-stork-config.xml
@@ -0,0 +1,242 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<XMLTooling xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
+ xsi:schemaLocation="http://www.opensaml.org/xmltooling-config ../../src/schema/xmltooling-config.xsd"
+ xmlns:saml2p="urn:oasis:names:tc:SAML:2.0:protocol"
+ xmlns:saml2="urn:oasis:names:tc:SAML:2.0:assertion"
+ xmlns:stork="urn:eu:stork:names:tc:STORK:1.0:assertion"
+ xmlns:storkp="urn:eu:stork:names:tc:STORK:1.0:protocol"
+ xmlns:ds="http://www.w3.org/2000/09/xmldsig#"
+ xmlns:pr="http://reference.e-government.gv.at/namespace/persondata/20020228#"
+ xmlns:saml="urn:oasis:names:tc:SAML:1.0:assertion"
+ xmlns="http://www.opensaml.org/xmltooling-config">
+
+ <!-- SAML 2.0 Protocol Object providers -->
+ <ObjectProviders>
+
+
+ <!-- AuthnRequest provider -->
+ <ObjectProvider qualifiedName="saml2p:AuthnRequest">
+ <BuilderClass className="eu.stork.vidp.messages.saml.impl.STORKAuthnRequestBuilder" />
+ <MarshallingClass className="eu.stork.vidp.messages.saml.impl.STORKAuthnRequestMarshaller" />
+ <UnmarshallingClass className="eu.stork.vidp.messages.saml.impl.STORKAuthnRequestUnmarshaller" />
+ </ObjectProvider>
+
+ <!-- Response provider -->
+ <ObjectProvider qualifiedName="saml2p:Response">
+ <BuilderClass className="eu.stork.vidp.messages.saml.impl.STORKResponseBuilder" />
+ <MarshallingClass className="eu.stork.vidp.messages.saml.impl.STORKResponseMarshaller" />
+ <UnmarshallingClass className="eu.stork.vidp.messages.saml.impl.STORKResponseUnmarshaller" />
+ </ObjectProvider>
+
+ <ObjectProvider qualifiedName="saml2p:Extensions">
+ <BuilderClass className="eu.stork.vidp.messages.saml.impl.STORKExtensionsBuilder" />
+ <MarshallingClass className="eu.stork.vidp.messages.saml.impl.STORKExtensionsMarshaller" />
+ <UnmarshallingClass className="eu.stork.vidp.messages.saml.impl.STORKExtensionsUnmarshaller" />
+ </ObjectProvider>
+
+ <ObjectProvider qualifiedName="storkp:AuthenticationAttributes">
+ <BuilderClass className="eu.stork.vidp.messages.stork.impl.AuthenticationAttributesBuilder" />
+ <MarshallingClass className="eu.stork.vidp.messages.stork.impl.AuthenticationAttributesMarshaller" />
+ <UnmarshallingClass className="eu.stork.vidp.messages.stork.impl.AuthenticationAttributesUnmarshaller" />
+ </ObjectProvider>
+
+ <ObjectProvider qualifiedName="storkp:CitizenCountryCode">
+ <BuilderClass className="eu.stork.vidp.messages.stork.impl.CitizenCountryCodeBuilder" />
+ <MarshallingClass className="eu.stork.vidp.messages.stork.impl.CitizenCountryCodeMarshaller" />
+ <UnmarshallingClass className="eu.stork.vidp.messages.stork.impl.CitizenCountryCodeUnmarshaller" />
+ </ObjectProvider>
+
+ <ObjectProvider qualifiedName="storkp:SPAuthRequest">
+ <BuilderClass className="eu.stork.vidp.messages.stork.impl.SPAuthRequestBuilder" />
+ <MarshallingClass className="eu.stork.vidp.messages.stork.impl.SPAuthRequestMarshaller" />
+ <UnmarshallingClass className="eu.stork.vidp.messages.stork.impl.SPAuthRequestUnmarshaller" />
+ </ObjectProvider>
+
+ <ObjectProvider qualifiedName="storkp:SPCertEnc">
+ <BuilderClass className="eu.stork.vidp.messages.stork.impl.SPCertEncBuilder" />
+ <MarshallingClass className="eu.stork.vidp.messages.stork.impl.SPCertEncMarshaller" />
+ <UnmarshallingClass className="eu.stork.vidp.messages.stork.impl.SPCertEncUnmarshaller" />
+ </ObjectProvider>
+
+ <ObjectProvider qualifiedName="storkp:SPCertSig">
+ <BuilderClass className="eu.stork.vidp.messages.stork.impl.SPCertSigBuilder" />
+ <MarshallingClass className="eu.stork.vidp.messages.stork.impl.SPCertSigMarshaller" />
+ <UnmarshallingClass className="eu.stork.vidp.messages.stork.impl.SPCertSigUnmarshaller" />
+ </ObjectProvider>
+
+ <ObjectProvider qualifiedName="storkp:SPID">
+ <BuilderClass className="eu.stork.vidp.messages.stork.impl.SPIDBuilder" />
+ <MarshallingClass className="eu.stork.vidp.messages.stork.impl.SPIDMarshaller" />
+ <UnmarshallingClass className="eu.stork.vidp.messages.stork.impl.SPIDUnmarshaller" />
+ </ObjectProvider>
+
+ <ObjectProvider qualifiedName="storkp:SPInformation">
+ <BuilderClass className="eu.stork.vidp.messages.stork.impl.SPInformationBuilder" />
+ <MarshallingClass className="eu.stork.vidp.messages.stork.impl.SPInformationMarshaller" />
+ <UnmarshallingClass className="eu.stork.vidp.messages.stork.impl.SPInformationUnmarshaller" />
+ </ObjectProvider>
+
+ <ObjectProvider qualifiedName="storkp:VIDPAuthenticationAttributes">
+ <BuilderClass className="eu.stork.vidp.messages.stork.impl.VIDPAuthenticationAttributesBuilder" />
+ <MarshallingClass className="eu.stork.vidp.messages.stork.impl.VIDPAuthenticationAttributesMarshaller" />
+ <UnmarshallingClass className="eu.stork.vidp.messages.stork.impl.VIDPAuthenticationAttributesUnmarshaller" />
+ </ObjectProvider>
+
+ <ObjectProvider qualifiedName="stork:QualityAuthenticationAssuranceLevel">
+ <BuilderClass className="eu.stork.vidp.messages.stork.impl.QualityAuthenticationAssuranceLevelBuilder" />
+ <MarshallingClass className="eu.stork.vidp.messages.stork.impl.QualityAuthenticationAssuranceLevelMarshaller" />
+ <UnmarshallingClass className="eu.stork.vidp.messages.stork.impl.QualityAuthenticationAssuranceLevelUnmarshaller" />
+ </ObjectProvider>
+
+ <ObjectProvider qualifiedName="storkp:RequestedAttributes">
+ <BuilderClass className="eu.stork.vidp.messages.stork.impl.RequestedAttributesBuilder" />
+ <MarshallingClass className="eu.stork.vidp.messages.stork.impl.RequestedAttributesMarshaller" />
+ <UnmarshallingClass className="eu.stork.vidp.messages.stork.impl.RequestedAttributesUnmarshaller" />
+ </ObjectProvider>
+
+ <ObjectProvider qualifiedName="stork:RequestedAttribute">
+ <BuilderClass className="eu.stork.vidp.messages.saml.impl.STORKRequestedAttributeBuilder" />
+ <MarshallingClass className="org.opensaml.saml2.metadata.impl.RequestedAttributeMarshaller" />
+ <UnmarshallingClass className="eu.stork.vidp.messages.saml.impl.STORKRequestedAttributeUnmarshaller" />
+ </ObjectProvider>
+
+ <ObjectProvider qualifiedName="storkp:eIDSectorShare">
+ <BuilderClass className="eu.stork.vidp.messages.stork.impl.EIDSectorShareBuilder" />
+ <MarshallingClass className="eu.stork.vidp.messages.stork.impl.EIDSectorShareMarshaller" />
+ <UnmarshallingClass className="eu.stork.vidp.messages.stork.impl.EIDSectorShareUnmarshaller" />
+ </ObjectProvider>
+
+ <ObjectProvider qualifiedName="storkp:eIDCrossSectorShare">
+ <BuilderClass className="eu.stork.vidp.messages.stork.impl.EIDCrossSectorShareBuilder" />
+ <MarshallingClass className="eu.stork.vidp.messages.stork.impl.EIDCrossSectorShareMarshaller" />
+ <UnmarshallingClass className="eu.stork.vidp.messages.stork.impl.EIDCrossSectorShareUnmarshaller" />
+ </ObjectProvider>
+
+ <ObjectProvider qualifiedName="storkp:eIDCrossBorderShare">
+ <BuilderClass className="eu.stork.vidp.messages.stork.impl.EIDCrossBorderShareBuilder" />
+ <MarshallingClass className="eu.stork.vidp.messages.stork.impl.EIDCrossBorderShareMarshaller" />
+ <UnmarshallingClass className="eu.stork.vidp.messages.stork.impl.EIDCrossBorderShareUnmarshaller" />
+ </ObjectProvider>
+
+ <ObjectProvider qualifiedName="stork:spSector">
+ <BuilderClass className="eu.stork.vidp.messages.stork.impl.SpSectorBuilder" />
+ <MarshallingClass className="eu.stork.vidp.messages.stork.impl.SpSectorMarshaller" />
+ <UnmarshallingClass className="eu.stork.vidp.messages.stork.impl.SpSectorUnmarshaller" />
+ </ObjectProvider>
+
+ <ObjectProvider qualifiedName="stork:spApplication">
+ <BuilderClass className="eu.stork.vidp.messages.stork.impl.SpApplicationBuilder" />
+ <MarshallingClass className="eu.stork.vidp.messages.stork.impl.SpApplicationMarshaller" />
+ <UnmarshallingClass className="eu.stork.vidp.messages.stork.impl.SpApplicationUnmarshaller" />
+ </ObjectProvider>
+
+ <ObjectProvider qualifiedName="stork:spCountry">
+ <BuilderClass className="eu.stork.vidp.messages.stork.impl.SpCountryBuilder" />
+ <MarshallingClass className="eu.stork.vidp.messages.stork.impl.SpCountryMarshaller" />
+ <UnmarshallingClass className="eu.stork.vidp.messages.stork.impl.SpCountryUnmarshaller" />
+ </ObjectProvider>
+
+ <ObjectProvider qualifiedName="stork:spInstitution">
+ <BuilderClass className="eu.stork.vidp.messages.stork.impl.SpInstitutionBuilder" />
+ <MarshallingClass className="eu.stork.vidp.messages.stork.impl.SpInstitutionMarshaller" />
+ <UnmarshallingClass className="eu.stork.vidp.messages.stork.impl.SpInstitutionUnmarshaller" />
+ </ObjectProvider>
+
+ </ObjectProviders>
+
+ <!-- Validation rules for SAML 2.0 SAMLObjects -->
+ <ValidatorSuites>
+
+ <!-- SAML 2.0 Schema Validation Rules -->
+ <ValidatorSuite id="saml2-core-schema-and-stork-validator">
+ <Validator qualifiedName="saml2:Action" className="org.opensaml.saml2.core.validator.ActionSchemaValidator" />
+ <Validator qualifiedName="saml2p:Artifact" className="org.opensaml.saml2.core.validator.ArtifactSchemaValidator" />
+ <Validator qualifiedName="saml2p:ArtifactResolve" className="org.opensaml.saml2.core.validator.ArtifactResolveSchemaValidator" />
+ <Validator qualifiedName="saml2p:ArtifactResponse" className="org.opensaml.saml2.core.validator.ArtifactResponseSchemaValidator" />
+ <!-- Validator qualifiedName="saml2:Assertion" className="org.opensaml.saml2.core.validator.AssertionSchemaValidator" /-->
+ <Validator qualifiedName="saml2:AssertionIDRef" className="org.opensaml.saml2.core.validator.AssertionIDRefSchemaValidator" />
+ <Validator qualifiedName="saml2:AssertionIDRequest" className="org.opensaml.saml2.core.validator.AssertionIDRequestSchemaValidator" />
+ <Validator qualifiedName="saml2:AssertionURIRef" className="org.opensaml.saml2.core.validator.AssertionURIRefSchemaValidator" />
+ <!-- Validator qualifiedName="saml2:Attribute" className="org.opensaml.saml2.core.validator.AttributeSchemaValidator" /-->
+ <Validator qualifiedName="saml2p:AttributeQuery" className="org.opensaml.saml2.core.validator.AttributeQuerySchemaValidator" />
+ <Validator qualifiedName="saml2:AttributeStatement" className="org.opensaml.saml2.core.validator.AttributeStatementSchemaValidator" />
+ <Validator qualifiedName="saml2:Audience" className="org.opensaml.saml2.core.validator.AudienceSchemaValidator" />
+ <!-- Validator qualifiedName="saml2:AudienceRestriction" className="org.opensaml.saml2.core.validator.AudienceRestrictionSchemaValidator" /-->
+ <Validator qualifiedName="saml2:AuthenticatingAuthority" className="org.opensaml.saml2.core.validator.AuthenticatingAuthoritySchemaValidator" />
+ <Validator qualifiedName="saml2:AuthnContextClassRef" className="org.opensaml.saml2.core.validator.AuthnContextClassRefSchemaValidator" />
+ <Validator qualifiedName="saml2:AuthnContextDeclRef" className="org.opensaml.saml2.core.validator.AuthnContextDeclRefSchemaValidator" />
+ <Validator qualifiedName="saml2:AuthnContextDecl" className="org.opensaml.saml2.core.validator.AuthnContextDeclSchemaValidator" />
+ <Validator qualifiedName="saml2p:AuthnQuery" className="org.opensaml.saml2.core.validator.AuthnQuerySchemaValidator" />
+ <!-- Validator qualifiedName="saml2p:AuthnRequest" className="org.opensaml.saml2.core.validator.AuthnRequestSchemaValidator" /-->
+ <!-- Validator qualifiedName="saml2:AuthnStatement" className="org.opensaml.saml2.core.validator.AuthnStatementSchemaValidator" /-->
+ <Validator qualifiedName="saml2p:AuthzDecisionQuery" className="org.opensaml.saml2.core.validator.AuthzDecisionQuerySchemaValidator" />
+ <Validator qualifiedName="saml2:AuthzDecisionStatement" className="org.opensaml.saml2.core.validator.AuthzDecisionStatementSchemaValidator" />
+ <Validator qualifiedName="saml2:AuthnContextClassRef" className="org.opensaml.saml2.core.validator.AuthnContextClassRefSchemaValidator" />
+ <Validator qualifiedName="saml2:Evidence" className="org.opensaml.saml2.core.validator.EvidenceSchemaValidator" />
+ <Validator qualifiedName="saml2p:GetComplete" className="org.opensaml.saml2.core.validator.GetCompleteSchemaValidator" />
+ <Validator qualifiedName="saml2p:IDPEntry" className="org.opensaml.saml2.core.validator.IDPEntrySchemaValidator" />
+ <Validator qualifiedName="saml2p:IDPList" className="org.opensaml.saml2.core.validator.IDPListSchemaValidator" />
+ <!-- Validator qualifiedName="saml2:Issuer" className="org.opensaml.saml2.core.validator.IssuerSchemaValidator" /-->
+ <Validator qualifiedName="saml2p:LogoutRequest" className="org.opensaml.saml2.core.validator.LogoutRequestSchemaValidator" />
+ <Validator qualifiedName="saml2p:LogoutResponse" className="org.opensaml.saml2.core.validator.LogoutResponseSchemaValidator" />
+ <Validator qualifiedName="saml2p:ManageNameIDRequest" className="org.opensaml.saml2.core.validator.ManageNameIDRequestSchemaValidator" />
+ <Validator qualifiedName="saml2p:ManageNameIDResponse" className="org.opensaml.saml2.core.validator.ManageNameIDResponseSchemaValidator" />
+ <!-- Validator qualifiedName="saml2:NameID" className="org.opensaml.saml2.core.validator.NameIDSchemaValidator" /-->
+ <Validator qualifiedName="saml2p:NameIDMappingRequest" className="org.opensaml.saml2.core.validator.NameIDMappingRequestSchemaValidator" />
+ <Validator qualifiedName="saml2p:NameIDMappingResponse" className="org.opensaml.saml2.core.validator.NameIDMappingResponseSchemaValidator" />
+ <Validator qualifiedName="saml2p:NewID" className="org.opensaml.saml2.core.validator.NewIDSchemaValidator" />
+ <Validator qualifiedName="saml2p:RequestedAuthnContext" className="org.opensaml.saml2.core.validator.RequestedAuthnContextSchemaValidator" />
+ <Validator qualifiedName="saml2p:RequesterID" className="org.opensaml.saml2.core.validator.RequesterIDSchemaValidator" />
+ <!-- Validator qualifiedName="saml2p:Response" className="org.opensaml.saml2.core.validator.ResponseSchemaValidator" /-->
+ <Validator qualifiedName="saml2:SessionIndex" className="org.opensaml.saml2.core.validator.SessionIndexSchemaValidator" />
+ <!-- Validator qualifiedName="saml2p:Status" className="org.opensaml.saml2.core.validator.StatusSchemaValidator" /-->
+ <!-- Validator qualifiedName="saml2p:StatusCode" className="org.opensaml.saml2.core.validator.StatusCodeSchemaValidator" /-->
+ <Validator qualifiedName="saml2p:StatusMessage" className="org.opensaml.saml2.core.validator.StatusMessageSchemaValidator" />
+ <!-- Validator qualifiedName="saml2:Subject" className="org.opensaml.saml2.core.validator.SubjectSchemaValidator" /-->
+ <!-- Validator qualifiedName="saml2:SubjectConfirmation" className="org.opensaml.saml2.core.validator.SubjectConfirmationSchemaValidator" /-->
+ <Validator qualifiedName="saml2p:Response" className="eu.stork.vidp.messages.validation.StorkResponseValidator" />
+ <Validator qualifiedName="saml2:Issuer" className="eu.stork.vidp.messages.validation.StorkIssuerValidator" />
+ <Validator qualifiedName="saml2p:Status" className="eu.stork.vidp.messages.validation.StorkStatusValidator" />
+ <Validator qualifiedName="saml2p:StatusCode" className="eu.stork.vidp.messages.validation.StorkStatusCodeValidator" />
+ <Validator qualifiedName="saml2:Assertion" className="eu.stork.vidp.messages.validation.StorkAssertionValidator" />
+ <Validator qualifiedName="saml2:Subject" className="eu.stork.vidp.messages.validation.StorkSubjectValidator" />
+ <Validator qualifiedName="saml2:NameID" className="eu.stork.vidp.messages.validation.StorkNameIDValidator" />
+ <Validator qualifiedName="saml2:EncryptedID" className="eu.stork.vidp.messages.validation.StorkEncryptedIdValidator" />
+ <Validator qualifiedName="saml2:SubjectConfirmation" className="eu.stork.vidp.messages.validation.StorkSubjectConfirmationValidator" />
+ <Validator qualifiedName="saml2:AudienceRestriction" className="eu.stork.vidp.messages.validation.StorkAudienceRestrictionValidator" />
+ <Validator qualifiedName="saml2:Conditions" className="eu.stork.vidp.messages.validation.StorkConditionsValidator" />
+ <Validator qualifiedName="saml2:AuthnStatement" className="eu.stork.vidp.messages.validation.StorkAuthnStatementValidator" />
+ <Validator qualifiedName="saml2:SubjectLocality" className="eu.stork.vidp.messages.validation.StorkSubjectLocalityValidator" />
+ <Validator qualifiedName="saml2:Attribute" className="eu.stork.vidp.messages.validation.StorkAttributeValidator" />
+ <Validator qualifiedName="saml2:EncryptedAttribute" className="eu.stork.vidp.messages.validation.StorkEncryptedAttributeValidator" />
+ <Validator qualifiedName="saml2p:AuthnRequest" className="eu.stork.vidp.messages.validation.StorkAuthnRequestValidator" />
+ <Validator qualifiedName="storkp:AuthenticationAttributes" className="eu.stork.vidp.messages.validation.StorkAuthenticationAttributesValidator" />
+ <Validator qualifiedName="storkp:SPID" className="eu.stork.vidp.messages.validation.StorkSPIDValidator" />
+ <Validator qualifiedName="storkp:SPInformation" className="eu.stork.vidp.messages.validation.StorkSPInformationValidator" />
+ <!-- Validator qualifiedName="stork:FinalRedirectURL" className="eu.stork.vidp.messages.validation.StorkFinalRedirectURLValidator" /-->
+ <Validator qualifiedName="storkp:CitizenCountryCode" className="eu.stork.vidp.messages.validation.StorkCitizenCountryCodeValidator" />
+ <Validator qualifiedName="storkp:VIDPAuthenticationAttributes" className="eu.stork.vidp.messages.validation.StorkVIDPAuthenticationAttributesValidator" />
+ <Validator qualifiedName="stork:RequestedAttribute" className="eu.stork.vidp.messages.validation.StorkRequestedAttributeValidator" />
+ <Validator qualifiedName="storkp:RequestedAttributes" className="eu.stork.vidp.messages.validation.StorkRequestedAttributesValidator" />
+ <Validator qualifiedName="stork:QualityAuthenticationAssuranceLevel" className="eu.stork.vidp.messages.validation.StorkQualityAuthenticationAssuranceLevelValidator" />
+ <Validator qualifiedName="saml2p:Extensions" className="eu.stork.vidp.messages.validation.StorkExtensionsValidator" />
+ <Validator qualifiedName="saml2:NameIdPolicy" className="eu.stork.vidp.messages.validation.StorkNameIdPolicyValidator" />
+ <Validator qualifiedName="ds:Signature" className="org.opensaml.xml.signature.validator.SignatureSchemaValidator" />
+ <Validator qualifiedName="stork:spSector" className="eu.stork.vidp.messages.validation.StorkSpSectorValidator" />
+ <Validator qualifiedName="stork:spApplication" className="eu.stork.vidp.messages.validation.StorkSpApplicationValidator" />
+ <Validator qualifiedName="stork:spCountry" className="eu.stork.vidp.messages.validation.StorkSpCountryValidator" />
+ <Validator qualifiedName="stork:Institution" className="eu.stork.vidp.messages.validation.StorkSpInstitutionValidator" />
+
+
+ </ValidatorSuite>
+
+ <!-- SAML 2.0 Specification Validation Rules -->
+ <ValidatorSuite id="saml2-core-spec-validator">
+ <Validator qualifiedName="saml2:Assertion" className="org.opensaml.saml2.core.validator.AssertionSpecValidator" />
+ <Validator qualifiedName="saml2:Conditions" className="org.opensaml.saml2.core.validator.ConditionsSpecValidator" />
+ </ValidatorSuite>
+
+ </ValidatorSuites>
+
+
+ </XMLTooling> \ No newline at end of file